2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #define SCSI_DMA_BUF_SIZE 131072
41 #define SCSI_MAX_INQUIRY_LEN 256
43 #define SCSI_REQ_STATUS_RETRY 0x01
45 typedef struct SCSIDiskState SCSIDiskState;
47 typedef struct SCSIDiskReq {
49 /* ??? We should probably keep track of whether the data transfer is
50 a read or a write. Currently we rely on the host getting it right. */
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint32_t sector_count;
63 /* The qemu block layer uses a fixed 512 byte sector size.
64 This is the number of 512 byte blocks in a single scsi sector. */
72 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
77 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
78 r = DO_UPCAST(SCSIDiskReq, req, req);
79 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
83 static void scsi_remove_request(SCSIDiskReq *r)
85 qemu_vfree(r->iov.iov_base);
86 scsi_req_free(&r->req);
89 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
94 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
97 scsi_dev_set_sense(req->dev, sense_code);
100 /* Helper function for command completion. */
101 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
104 r->req.tag, status, sense);
105 scsi_req_set_status(&r->req, status, sense);
106 scsi_req_complete(&r->req);
107 scsi_remove_request(r);
110 /* Cancel a pending data transfer. */
111 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
115 DPRINTF("Cancel tag=0x%x\n", tag);
116 r = scsi_find_request(s, tag);
119 bdrv_aio_cancel(r->req.aiocb);
121 scsi_remove_request(r);
125 static void scsi_read_complete(void * opaque, int ret)
127 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
132 DPRINTF("IO error\n");
133 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
134 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
137 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
139 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
142 /* Read more data from scsi device into buffer. */
143 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
145 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
149 r = scsi_find_request(s, tag);
151 BADF("Bad read tag 0x%x\n", tag);
152 /* ??? This is the wrong error. */
153 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
156 if (r->sector_count == (uint32_t)-1) {
157 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
159 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
162 DPRINTF("Read sector_count=%d\n", r->sector_count);
163 if (r->sector_count == 0) {
164 scsi_command_complete(r, GOOD, NO_SENSE);
169 if (n > SCSI_DMA_BUF_SIZE / 512)
170 n = SCSI_DMA_BUF_SIZE / 512;
172 r->iov.iov_len = n * 512;
173 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
174 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
175 scsi_read_complete, r);
176 if (r->req.aiocb == NULL)
177 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
179 r->sector_count -= n;
182 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
185 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
187 if (action == BLOCK_ERR_IGNORE) {
188 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
192 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
193 || action == BLOCK_ERR_STOP_ANY) {
194 r->status |= SCSI_REQ_STATUS_RETRY;
195 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
198 scsi_command_complete(r, CHECK_CONDITION,
200 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
206 static void scsi_write_complete(void * opaque, int ret)
208 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
215 if (scsi_handle_write_error(r, -ret))
219 n = r->iov.iov_len / 512;
221 r->sector_count -= n;
222 if (r->sector_count == 0) {
223 scsi_command_complete(r, GOOD, NO_SENSE);
225 len = r->sector_count * 512;
226 if (len > SCSI_DMA_BUF_SIZE) {
227 len = SCSI_DMA_BUF_SIZE;
229 r->iov.iov_len = len;
230 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
231 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
235 static void scsi_write_request(SCSIDiskReq *r)
237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
240 n = r->iov.iov_len / 512;
242 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
243 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
244 scsi_write_complete, r);
245 if (r->req.aiocb == NULL)
246 scsi_command_complete(r, CHECK_CONDITION,
249 /* Invoke completion routine to fetch data from host. */
250 scsi_write_complete(r, 0);
254 /* Write data to a scsi device. Returns nonzero on failure.
255 The transfer may complete asynchronously. */
256 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
258 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
261 DPRINTF("Write data tag=0x%x\n", tag);
262 r = scsi_find_request(s, tag);
264 BADF("Bad write tag 0x%x\n", tag);
265 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
270 BADF("Data transfer already in progress\n");
272 scsi_write_request(r);
277 static void scsi_dma_restart_bh(void *opaque)
279 SCSIDiskState *s = opaque;
283 qemu_bh_delete(s->bh);
286 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
287 r = DO_UPCAST(SCSIDiskReq, req, req);
288 if (r->status & SCSI_REQ_STATUS_RETRY) {
289 r->status &= ~SCSI_REQ_STATUS_RETRY;
290 scsi_write_request(r);
295 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
297 SCSIDiskState *s = opaque;
303 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
304 qemu_bh_schedule(s->bh);
308 /* Return a pointer to the data buffer. */
309 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
311 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
314 r = scsi_find_request(s, tag);
316 BADF("Bad buffer tag 0x%x\n", tag);
319 return (uint8_t *)r->iov.iov_base;
322 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
324 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
327 if (req->cmd.buf[1] & 0x2) {
328 /* Command support data - optional, not implemented */
329 BADF("optional INQUIRY command support request not implemented\n");
333 if (req->cmd.buf[1] & 0x1) {
334 /* Vital product data */
335 uint8_t page_code = req->cmd.buf[2];
336 if (req->cmd.xfer < 4) {
337 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
338 "less than 4\n", page_code, req->cmd.xfer);
342 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
343 outbuf[buflen++] = 5;
345 outbuf[buflen++] = 0;
347 outbuf[buflen++] = page_code ; // this page
348 outbuf[buflen++] = 0x00;
351 case 0x00: /* Supported page codes, mandatory */
352 DPRINTF("Inquiry EVPD[Supported pages] "
353 "buffer size %zd\n", req->cmd.xfer);
354 outbuf[buflen++] = 4; // number of pages
355 outbuf[buflen++] = 0x00; // list of supported pages (this page)
356 outbuf[buflen++] = 0x80; // unit serial number
357 outbuf[buflen++] = 0x83; // device identification
358 outbuf[buflen++] = 0xb0; // block device characteristics
361 case 0x80: /* Device serial number, optional */
363 int l = strlen(s->serial);
365 if (l > req->cmd.xfer)
370 DPRINTF("Inquiry EVPD[Serial number] "
371 "buffer size %zd\n", req->cmd.xfer);
372 outbuf[buflen++] = l;
373 memcpy(outbuf+buflen, s->serial, l);
378 case 0x83: /* Device identification page, mandatory */
380 int max_len = 255 - 8;
381 int id_len = strlen(bdrv_get_device_name(s->bs));
383 if (id_len > max_len)
385 DPRINTF("Inquiry EVPD[Device identification] "
386 "buffer size %zd\n", req->cmd.xfer);
388 outbuf[buflen++] = 3 + id_len;
389 outbuf[buflen++] = 0x2; // ASCII
390 outbuf[buflen++] = 0; // not officially assigned
391 outbuf[buflen++] = 0; // reserved
392 outbuf[buflen++] = id_len; // length of data following
394 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
398 case 0xb0: /* block device characteristics */
400 unsigned int min_io_size =
401 s->qdev.conf.min_io_size / s->qdev.blocksize;
402 unsigned int opt_io_size =
403 s->qdev.conf.opt_io_size / s->qdev.blocksize;
405 /* required VPD size with unmap support */
406 outbuf[3] = buflen = 0x3c;
408 memset(outbuf + 4, 0, buflen - 4);
410 /* optimal transfer length granularity */
411 outbuf[6] = (min_io_size >> 8) & 0xff;
412 outbuf[7] = min_io_size & 0xff;
414 /* optimal transfer length */
415 outbuf[12] = (opt_io_size >> 24) & 0xff;
416 outbuf[13] = (opt_io_size >> 16) & 0xff;
417 outbuf[14] = (opt_io_size >> 8) & 0xff;
418 outbuf[15] = opt_io_size & 0xff;
422 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
423 "buffer size %zd\n", page_code, req->cmd.xfer);
430 /* Standard INQUIRY data */
431 if (req->cmd.buf[2] != 0) {
432 BADF("Error: Inquiry (STANDARD) page or code "
433 "is non-zero [%02X]\n", req->cmd.buf[2]);
438 if (req->cmd.xfer < 5) {
439 BADF("Error: Inquiry (STANDARD) buffer size %zd "
440 "is less than 5\n", req->cmd.xfer);
444 buflen = req->cmd.xfer;
445 if (buflen > SCSI_MAX_INQUIRY_LEN)
446 buflen = SCSI_MAX_INQUIRY_LEN;
448 memset(outbuf, 0, buflen);
450 if (req->lun || req->cmd.buf[1] >> 5) {
451 outbuf[0] = 0x7f; /* LUN not supported */
455 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
458 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
461 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
463 memcpy(&outbuf[8], "QEMU ", 8);
464 memset(&outbuf[32], 0, 4);
465 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
467 * We claim conformance to SPC-3, which is required for guests
468 * to ask for modern features like READ CAPACITY(16) or the
469 * block characteristics VPD page by default. Not all of SPC-3
470 * is actually implemented, but we're good enough.
473 outbuf[3] = 2; /* Format 2 */
476 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
478 /* If the allocation length of CDB is too small,
479 the additional length is not adjusted */
483 /* Sync data transfer and TCQ. */
484 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
488 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
490 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
491 BlockDriverState *bdrv = s->bs;
492 int cylinders, heads, secs;
495 case 4: /* Rigid disk device geometry page. */
498 /* if a geometry hint is available, use it */
499 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
500 p[2] = (cylinders >> 16) & 0xff;
501 p[3] = (cylinders >> 8) & 0xff;
502 p[4] = cylinders & 0xff;
504 /* Write precomp start cylinder, disabled */
505 p[6] = (cylinders >> 16) & 0xff;
506 p[7] = (cylinders >> 8) & 0xff;
507 p[8] = cylinders & 0xff;
508 /* Reduced current start cylinder, disabled */
509 p[9] = (cylinders >> 16) & 0xff;
510 p[10] = (cylinders >> 8) & 0xff;
511 p[11] = cylinders & 0xff;
512 /* Device step rate [ns], 200ns */
515 /* Landing zone cylinder */
519 /* Medium rotation rate [rpm], 5400 rpm */
520 p[20] = (5400 >> 8) & 0xff;
524 case 5: /* Flexible disk device geometry page. */
527 /* Transfer rate [kbit/s], 5Mbit/s */
530 /* if a geometry hint is available, use it */
531 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
534 p[6] = s->cluster_size * 2;
535 p[8] = (cylinders >> 8) & 0xff;
536 p[9] = cylinders & 0xff;
537 /* Write precomp start cylinder, disabled */
538 p[10] = (cylinders >> 8) & 0xff;
539 p[11] = cylinders & 0xff;
540 /* Reduced current start cylinder, disabled */
541 p[12] = (cylinders >> 8) & 0xff;
542 p[13] = cylinders & 0xff;
543 /* Device step rate [100us], 100us */
546 /* Device step pulse width [us], 1us */
548 /* Device head settle delay [100us], 100us */
551 /* Motor on delay [0.1s], 0.1s */
553 /* Motor off delay [0.1s], 0.1s */
555 /* Medium rotation rate [rpm], 5400 rpm */
556 p[28] = (5400 >> 8) & 0xff;
560 case 8: /* Caching page. */
563 if (bdrv_enable_write_cache(s->bs)) {
568 case 0x2a: /* CD Capabilities and Mechanical Status page. */
569 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
573 p[2] = 3; // CD-R & CD-RW read
574 p[3] = 0; // Writing not supported
575 p[4] = 0x7f; /* Audio, composite, digital out,
576 mode 2 form 1&2, multi session */
577 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
578 RW corrected, C2 errors, ISRC,
580 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
581 /* Locking supported, jumper present, eject, tray */
582 p[7] = 0; /* no volume & mute control, no
584 p[8] = (50 * 176) >> 8; // 50x read speed
585 p[9] = (50 * 176) & 0xff;
586 p[10] = 0 >> 8; // No volume
588 p[12] = 2048 >> 8; // 2M buffer
590 p[14] = (16 * 176) >> 8; // 16x read speed current
591 p[15] = (16 * 176) & 0xff;
592 p[18] = (16 * 176) >> 8; // 16x write speed
593 p[19] = (16 * 176) & 0xff;
594 p[20] = (16 * 176) >> 8; // 16x write speed current
595 p[21] = (16 * 176) & 0xff;
603 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
605 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
607 int page, dbd, buflen;
610 dbd = req->cmd.buf[1] & 0x8;
611 page = req->cmd.buf[2] & 0x3f;
612 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
613 memset(outbuf, 0, req->cmd.xfer);
616 p[1] = 0; /* Default media type. */
617 p[3] = 0; /* Block descriptor length. */
618 if (bdrv_is_read_only(s->bs)) {
619 p[2] = 0x80; /* Readonly. */
623 bdrv_get_geometry(s->bs, &nb_sectors);
624 if ((~dbd) & nb_sectors) {
625 outbuf[3] = 8; /* Block descriptor length */
626 nb_sectors /= s->cluster_size;
628 if (nb_sectors > 0xffffff)
629 nb_sectors = 0xffffff;
630 p[0] = 0; /* media density code */
631 p[1] = (nb_sectors >> 16) & 0xff;
632 p[2] = (nb_sectors >> 8) & 0xff;
633 p[3] = nb_sectors & 0xff;
634 p[4] = 0; /* reserved */
635 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
636 p[6] = s->cluster_size * 2;
646 p += mode_sense_page(req, page, p);
649 p += mode_sense_page(req, 0x08, p);
650 p += mode_sense_page(req, 0x2a, p);
655 outbuf[0] = buflen - 4;
656 if (buflen > req->cmd.xfer)
657 buflen = req->cmd.xfer;
661 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
664 int start_track, format, msf, toclen;
667 msf = req->cmd.buf[1] & 2;
668 format = req->cmd.buf[2] & 0xf;
669 start_track = req->cmd.buf[6];
670 bdrv_get_geometry(s->bs, &nb_sectors);
671 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
672 nb_sectors /= s->cluster_size;
675 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
678 /* multi session : only a single session defined */
680 memset(outbuf, 0, 12);
686 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
691 if (toclen > req->cmd.xfer)
692 toclen = req->cmd.xfer;
696 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
698 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
702 switch (req->cmd.buf[0]) {
703 case TEST_UNIT_READY:
704 if (!bdrv_is_inserted(s->bs))
708 if (req->cmd.xfer < 4)
709 goto illegal_request;
710 memset(outbuf, 0, 4);
712 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
713 memset(outbuf, 0, 18);
716 /* asc 0x3a, ascq 0: Medium not present */
722 outbuf[2] = req->dev->sense.key;
723 scsi_dev_clear_sense(req->dev);
726 buflen = scsi_disk_emulate_inquiry(req, outbuf);
728 goto illegal_request;
732 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
734 goto illegal_request;
737 buflen = scsi_disk_emulate_read_toc(req, outbuf);
739 goto illegal_request;
742 if (req->cmd.buf[1] & 1)
743 goto illegal_request;
746 if (req->cmd.buf[1] & 3)
747 goto illegal_request;
750 if (req->cmd.buf[1] & 1)
751 goto illegal_request;
754 if (req->cmd.buf[1] & 3)
755 goto illegal_request;
758 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
759 /* load/eject medium */
760 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
763 case ALLOW_MEDIUM_REMOVAL:
764 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
767 /* The normal LEN field for this command is zero. */
768 memset(outbuf, 0, 8);
769 bdrv_get_geometry(s->bs, &nb_sectors);
772 nb_sectors /= s->cluster_size;
773 /* Returned value is the address of the last sector. */
775 /* Remember the new size for read/write sanity checking. */
776 s->max_lba = nb_sectors;
777 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
778 if (nb_sectors > UINT32_MAX)
779 nb_sectors = UINT32_MAX;
780 outbuf[0] = (nb_sectors >> 24) & 0xff;
781 outbuf[1] = (nb_sectors >> 16) & 0xff;
782 outbuf[2] = (nb_sectors >> 8) & 0xff;
783 outbuf[3] = nb_sectors & 0xff;
786 outbuf[6] = s->cluster_size * 2;
790 case SYNCHRONIZE_CACHE:
793 case GET_CONFIGURATION:
794 memset(outbuf, 0, 8);
795 /* ??? This should probably return much more information. For now
796 just return the basic header indicating the CD-ROM profile. */
797 outbuf[7] = 8; // CD-ROM
800 case SERVICE_ACTION_IN:
801 /* Service Action In subcommands. */
802 if ((req->cmd.buf[1] & 31) == 0x10) {
803 DPRINTF("SAI READ CAPACITY(16)\n");
804 memset(outbuf, 0, req->cmd.xfer);
805 bdrv_get_geometry(s->bs, &nb_sectors);
808 nb_sectors /= s->cluster_size;
809 /* Returned value is the address of the last sector. */
811 /* Remember the new size for read/write sanity checking. */
812 s->max_lba = nb_sectors;
813 outbuf[0] = (nb_sectors >> 56) & 0xff;
814 outbuf[1] = (nb_sectors >> 48) & 0xff;
815 outbuf[2] = (nb_sectors >> 40) & 0xff;
816 outbuf[3] = (nb_sectors >> 32) & 0xff;
817 outbuf[4] = (nb_sectors >> 24) & 0xff;
818 outbuf[5] = (nb_sectors >> 16) & 0xff;
819 outbuf[6] = (nb_sectors >> 8) & 0xff;
820 outbuf[7] = nb_sectors & 0xff;
823 outbuf[10] = s->cluster_size * 2;
826 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
827 /* Protection, exponent and lowest lba field left blank. */
828 buflen = req->cmd.xfer;
831 DPRINTF("Unsupported Service Action In\n");
832 goto illegal_request;
834 if (req->cmd.xfer < 16)
835 goto illegal_request;
836 memset(outbuf, 0, 16);
843 goto illegal_request;
845 scsi_req_set_status(req, GOOD, NO_SENSE);
849 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
853 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
857 /* Execute a scsi command. Returns the length of the data expected by the
858 command. This will be Positive for data transfers from the device
859 (eg. disk reads), negative for transfers to the device (eg. disk writes),
860 and zero if the command does not transfer any data. */
862 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
863 uint8_t *buf, int lun)
865 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
876 r = scsi_find_request(s, tag);
878 BADF("Tag 0x%x already in use\n", tag);
879 scsi_cancel_io(d, tag);
881 /* ??? Tags are not unique for different luns. We only implement a
882 single lun, so this should not matter. */
883 r = scsi_new_request(d, tag, lun);
884 outbuf = (uint8_t *)r->iov.iov_base;
886 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
887 switch (command >> 5) {
889 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
890 (((uint64_t) buf[1] & 0x1f) << 16);
896 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
897 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
898 len = buf[8] | (buf[7] << 8);
902 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
903 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
904 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
905 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
906 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
910 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
911 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
912 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
916 BADF("Unsupported command length, command %x\n", command);
922 for (i = 1; i < cmdlen; i++) {
923 printf(" 0x%02x", buf[i]);
929 if (scsi_req_parse(&r->req, buf) != 0) {
930 BADF("Unsupported command length, command %x\n", command);
933 assert(r->req.cmd.len == cmdlen);
934 assert(r->req.cmd.lba == lba);
936 if (lun || buf[1] >> 5) {
937 /* Only LUN 0 supported. */
938 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
939 if (command != REQUEST_SENSE && command != INQUIRY)
943 case TEST_UNIT_READY:
953 case ALLOW_MEDIUM_REMOVAL:
955 case SYNCHRONIZE_CACHE:
957 case GET_CONFIGURATION:
958 case SERVICE_ACTION_IN:
961 rc = scsi_disk_emulate_command(&r->req, outbuf);
965 scsi_req_complete(&r->req);
966 scsi_remove_request(r);
974 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
975 if (lba > s->max_lba)
977 r->sector = lba * s->cluster_size;
978 r->sector_count = len * s->cluster_size;
984 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
985 if (lba > s->max_lba)
987 r->sector = lba * s->cluster_size;
988 r->sector_count = len * s->cluster_size;
992 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
994 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
997 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1000 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1001 scsi_command_complete(r, GOOD, NO_SENSE);
1003 len = r->sector_count * 512 + r->iov.iov_len;
1007 if (!r->sector_count)
1008 r->sector_count = -1;
1013 static void scsi_disk_purge_requests(SCSIDiskState *s)
1017 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1018 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1020 bdrv_aio_cancel(r->req.aiocb);
1022 scsi_remove_request(r);
1026 static void scsi_disk_reset(DeviceState *dev)
1028 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1029 uint64_t nb_sectors;
1031 scsi_disk_purge_requests(s);
1033 bdrv_get_geometry(s->bs, &nb_sectors);
1034 nb_sectors /= s->cluster_size;
1038 s->max_lba = nb_sectors;
1041 static void scsi_destroy(SCSIDevice *dev)
1043 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1045 scsi_disk_purge_requests(s);
1046 blockdev_mark_auto_del(s->qdev.conf.bs);
1049 static int scsi_disk_initfn(SCSIDevice *dev)
1051 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1055 if (!s->qdev.conf.bs) {
1056 error_report("scsi-disk: drive property not set");
1059 s->bs = s->qdev.conf.bs;
1060 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1062 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1063 error_report("Device needs media, but drive is empty");
1067 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1068 error_report("Device doesn't support drive option rerror");
1073 /* try to fall back to value set with legacy -drive serial=... */
1074 dinfo = drive_get_by_blockdev(s->bs);
1075 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1079 s->version = qemu_strdup(QEMU_VERSION);
1082 if (bdrv_is_sg(s->bs)) {
1083 error_report("scsi-disk: unwanted /dev/sg*");
1088 s->qdev.blocksize = 2048;
1090 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1092 s->cluster_size = s->qdev.blocksize / 512;
1094 s->qdev.type = TYPE_DISK;
1095 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1096 bdrv_set_removable(s->bs, is_cd);
1100 static SCSIDeviceInfo scsi_disk_info = {
1101 .qdev.name = "scsi-disk",
1102 .qdev.desc = "virtual scsi disk or cdrom",
1103 .qdev.size = sizeof(SCSIDiskState),
1104 .qdev.reset = scsi_disk_reset,
1105 .init = scsi_disk_initfn,
1106 .destroy = scsi_destroy,
1107 .send_command = scsi_send_command,
1108 .read_data = scsi_read_data,
1109 .write_data = scsi_write_data,
1110 .cancel_io = scsi_cancel_io,
1111 .get_buf = scsi_get_buf,
1112 .qdev.props = (Property[]) {
1113 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1114 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1115 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1116 DEFINE_PROP_END_OF_LIST(),
1120 static void scsi_disk_register_devices(void)
1122 scsi_qdev_register(&scsi_disk_info);
1124 device_init(scsi_disk_register_devices)
projects / qemu.git / blob