2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 #include "qemu-common.h"
11 #include "qemu-option.h"
12 #include "qemu-config.h"
24 #define DPRINTF(fmt, ...) \
25 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
27 #define DPRINTF(fmt, ...) do {} while(0)
31 #define MassStorageReset 0xff
32 #define GetMaxLun 0xfe
35 USB_MSDM_CBW, /* Command Block. */
36 USB_MSDM_DATAOUT, /* Transfer data to device. */
37 USB_MSDM_DATAIN, /* Transfer data from device. */
38 USB_MSDM_CSW /* Command Status. */
56 /* For async completion. */
85 static const USBDescStrings desc_strings = {
86 [STR_MANUFACTURER] = "QEMU " QEMU_VERSION,
87 [STR_PRODUCT] = "QEMU USB HARDDRIVE",
88 [STR_SERIALNUMBER] = "1",
89 [STR_CONFIG_FULL] = "Full speed config (usb 1.1)",
90 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
93 static const USBDescIface desc_iface_full = {
94 .bInterfaceNumber = 0,
96 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
97 .bInterfaceSubClass = 0x06, /* SCSI */
98 .bInterfaceProtocol = 0x50, /* Bulk */
99 .eps = (USBDescEndpoint[]) {
101 .bEndpointAddress = USB_DIR_IN | 0x01,
102 .bmAttributes = USB_ENDPOINT_XFER_BULK,
103 .wMaxPacketSize = 64,
105 .bEndpointAddress = USB_DIR_OUT | 0x02,
106 .bmAttributes = USB_ENDPOINT_XFER_BULK,
107 .wMaxPacketSize = 64,
112 static const USBDescDevice desc_device_full = {
114 .bMaxPacketSize0 = 8,
115 .bNumConfigurations = 1,
116 .confs = (USBDescConfig[]) {
119 .bConfigurationValue = 1,
120 .iConfiguration = STR_CONFIG_FULL,
121 .bmAttributes = 0xc0,
123 .ifs = &desc_iface_full,
128 static const USBDescIface desc_iface_high = {
129 .bInterfaceNumber = 0,
131 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
132 .bInterfaceSubClass = 0x06, /* SCSI */
133 .bInterfaceProtocol = 0x50, /* Bulk */
134 .eps = (USBDescEndpoint[]) {
136 .bEndpointAddress = USB_DIR_IN | 0x01,
137 .bmAttributes = USB_ENDPOINT_XFER_BULK,
138 .wMaxPacketSize = 512,
140 .bEndpointAddress = USB_DIR_OUT | 0x02,
141 .bmAttributes = USB_ENDPOINT_XFER_BULK,
142 .wMaxPacketSize = 512,
147 static const USBDescDevice desc_device_high = {
149 .bMaxPacketSize0 = 64,
150 .bNumConfigurations = 1,
151 .confs = (USBDescConfig[]) {
154 .bConfigurationValue = 1,
155 .iConfiguration = STR_CONFIG_HIGH,
156 .bmAttributes = 0xc0,
158 .ifs = &desc_iface_high,
163 static const USBDesc desc = {
168 .iManufacturer = STR_MANUFACTURER,
169 .iProduct = STR_PRODUCT,
170 .iSerialNumber = STR_SERIALNUMBER,
172 .full = &desc_device_full,
173 .high = &desc_device_high,
177 static void usb_msd_copy_data(MSDState *s)
181 if (len > s->scsi_len)
183 if (s->mode == USB_MSDM_DATAIN) {
184 memcpy(s->usb_buf, s->scsi_buf, len);
186 memcpy(s->scsi_buf, s->usb_buf, len);
193 if (s->scsi_len == 0 || s->data_len == 0) {
194 if (s->mode == USB_MSDM_DATAIN) {
195 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
196 } else if (s->mode == USB_MSDM_DATAOUT) {
197 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
202 static void usb_msd_send_status(MSDState *s, USBPacket *p)
204 struct usb_msd_csw csw;
207 csw.sig = cpu_to_le32(0x53425355);
208 csw.tag = cpu_to_le32(s->tag);
209 csw.residue = s->residue;
210 csw.status = s->result;
212 len = MIN(sizeof(csw), p->len);
213 memcpy(p->data, &csw, len);
216 static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
219 MSDState *s = DO_UPCAST(MSDState, dev.qdev, bus->qbus.parent);
220 USBPacket *p = s->packet;
223 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
225 if (reason == SCSI_REASON_DONE) {
226 DPRINTF("Command complete %d\n", arg);
227 s->residue = s->data_len;
228 s->result = arg != 0;
230 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
231 /* A deferred packet with no write data remaining must be
232 the status read packet. */
233 usb_msd_send_status(s, p);
234 s->mode = USB_MSDM_CBW;
237 s->data_len -= s->usb_len;
238 if (s->mode == USB_MSDM_DATAIN)
239 memset(s->usb_buf, 0, s->usb_len);
242 if (s->data_len == 0)
243 s->mode = USB_MSDM_CSW;
246 usb_packet_complete(&s->dev, p);
247 } else if (s->data_len == 0) {
248 s->mode = USB_MSDM_CSW;
253 s->scsi_buf = s->scsi_dev->info->get_buf(s->scsi_dev, tag);
255 usb_msd_copy_data(s);
256 if (s->packet && s->usb_len == 0) {
257 /* Set s->packet to NULL before calling usb_packet_complete
258 because another request may be issued before
259 usb_packet_complete returns. */
260 DPRINTF("Packet complete %p\n", p);
262 usb_packet_complete(&s->dev, p);
267 static void usb_msd_handle_reset(USBDevice *dev)
269 MSDState *s = (MSDState *)dev;
272 s->mode = USB_MSDM_CBW;
275 static int usb_msd_handle_control(USBDevice *dev, USBPacket *p,
276 int request, int value, int index, int length, uint8_t *data)
278 MSDState *s = (MSDState *)dev;
281 ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
288 case DeviceRequest | USB_REQ_GET_INTERFACE:
292 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
295 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
298 case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
301 /* Class specific requests. */
302 case ClassInterfaceOutRequest | MassStorageReset:
303 /* Reset state ready for the next CBW. */
304 s->mode = USB_MSDM_CBW;
307 case ClassInterfaceRequest | GetMaxLun:
318 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
320 MSDState *s = opaque;
321 s->scsi_dev->info->cancel_io(s->scsi_dev, s->tag);
326 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
328 MSDState *s = (MSDState *)dev;
330 struct usb_msd_cbw cbw;
331 uint8_t devep = p->devep;
332 uint8_t *data = p->data;
343 fprintf(stderr, "usb-msd: Bad CBW size");
346 memcpy(&cbw, data, 31);
347 if (le32_to_cpu(cbw.sig) != 0x43425355) {
348 fprintf(stderr, "usb-msd: Bad signature %08x\n",
349 le32_to_cpu(cbw.sig));
352 DPRINTF("Command on LUN %d\n", cbw.lun);
354 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
357 s->tag = le32_to_cpu(cbw.tag);
358 s->data_len = le32_to_cpu(cbw.data_len);
359 if (s->data_len == 0) {
360 s->mode = USB_MSDM_CSW;
361 } else if (cbw.flags & 0x80) {
362 s->mode = USB_MSDM_DATAIN;
364 s->mode = USB_MSDM_DATAOUT;
366 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
367 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
370 s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
371 /* ??? Should check that USB and SCSI data transfer
373 if (s->residue == 0) {
374 if (s->mode == USB_MSDM_DATAIN) {
375 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
376 } else if (s->mode == USB_MSDM_DATAOUT) {
377 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
383 case USB_MSDM_DATAOUT:
384 DPRINTF("Data out %d/%d\n", len, s->data_len);
385 if (len > s->data_len)
391 usb_msd_copy_data(s);
393 if (s->residue && s->usb_len) {
394 s->data_len -= s->usb_len;
395 if (s->data_len == 0)
396 s->mode = USB_MSDM_CSW;
400 DPRINTF("Deferring packet %p\n", p);
401 usb_defer_packet(p, usb_msd_cancel_io, s);
410 DPRINTF("Unexpected write (len %d)\n", len);
420 case USB_MSDM_DATAOUT:
421 if (s->data_len != 0 || len < 13)
423 /* Waiting for SCSI write to complete. */
424 usb_defer_packet(p, usb_msd_cancel_io, s);
430 DPRINTF("Command status %d tag 0x%x, len %d\n",
431 s->result, s->tag, len);
435 usb_msd_send_status(s, p);
436 s->mode = USB_MSDM_CBW;
440 case USB_MSDM_DATAIN:
441 DPRINTF("Data in %d/%d, scsi_len %d\n", len, s->data_len, s->scsi_len);
442 if (len > s->data_len)
447 usb_msd_copy_data(s);
449 if (s->residue && s->usb_len) {
450 s->data_len -= s->usb_len;
451 memset(s->usb_buf, 0, s->usb_len);
452 if (s->data_len == 0)
453 s->mode = USB_MSDM_CSW;
457 DPRINTF("Deferring packet %p\n", p);
458 usb_defer_packet(p, usb_msd_cancel_io, s);
467 DPRINTF("Unexpected read (len %d)\n", len);
473 DPRINTF("Bad token\n");
482 static void usb_msd_password_cb(void *opaque, int err)
484 MSDState *s = opaque;
487 usb_device_attach(&s->dev);
489 qdev_unplug(&s->dev.qdev);
492 static int usb_msd_initfn(USBDevice *dev)
494 MSDState *s = DO_UPCAST(MSDState, dev, dev);
495 BlockDriverState *bs = s->conf.bs;
499 error_report("usb-msd: drive property not set");
504 * Hack alert: this pretends to be a block device, but it's really
505 * a SCSI bus that can serve only a single device, which it
506 * creates automatically. But first it needs to detach from its
507 * blockdev, or else scsi_bus_legacy_add_drive() dies when it
510 * The hack is probably a bad idea.
512 bdrv_detach(bs, &s->dev.qdev);
515 dinfo = drive_get_by_blockdev(bs);
516 if (dinfo && dinfo->serial) {
517 usb_desc_set_string(dev, STR_SERIALNUMBER, dinfo->serial);
521 scsi_bus_new(&s->bus, &s->dev.qdev, 0, 1, usb_msd_command_complete);
522 s->scsi_dev = scsi_bus_legacy_add_drive(&s->bus, bs, 0, !!s->removable);
526 s->bus.qbus.allow_hotplug = 0;
527 usb_msd_handle_reset(dev);
529 if (bdrv_key_required(bs)) {
531 monitor_read_bdrv_key_start(cur_mon, bs, usb_msd_password_cb, s);
532 s->dev.auto_attach = 0;
538 add_boot_device_path(s->conf.bootindex, &dev->qdev, "/disk@0,0");
542 static USBDevice *usb_msd_init(const char *filename)
552 /* parse -usbdevice disk: syntax into drive opts */
553 snprintf(id, sizeof(id), "usb%d", nr++);
554 opts = qemu_opts_create(qemu_find_opts("drive"), id, 0);
556 p1 = strchr(filename, ':');
560 if (strstart(filename, "format=", &p2)) {
561 int len = MIN(p1 - p2, sizeof(fmt));
562 pstrcpy(fmt, len, p2);
563 qemu_opt_set(opts, "format", fmt);
564 } else if (*filename != ':') {
565 printf("unrecognized USB mass-storage option %s\n", filename);
571 printf("block device specification needed\n");
574 qemu_opt_set(opts, "file", filename);
575 qemu_opt_set(opts, "if", "none");
577 /* create host drive */
578 dinfo = drive_init(opts, 0);
584 /* create guest device */
585 dev = usb_create(NULL /* FIXME */, "usb-storage");
589 if (qdev_prop_set_drive(&dev->qdev, "drive", dinfo->bdrv) < 0) {
590 qdev_free(&dev->qdev);
593 if (qdev_init(&dev->qdev) < 0)
599 static struct USBDeviceInfo msd_info = {
600 .product_desc = "QEMU USB MSD",
601 .qdev.name = "usb-storage",
602 .qdev.fw_name = "storage",
603 .qdev.size = sizeof(MSDState),
605 .init = usb_msd_initfn,
606 .handle_packet = usb_generic_handle_packet,
607 .handle_attach = usb_desc_attach,
608 .handle_reset = usb_msd_handle_reset,
609 .handle_control = usb_msd_handle_control,
610 .handle_data = usb_msd_handle_data,
611 .usbdevice_name = "disk",
612 .usbdevice_init = usb_msd_init,
613 .qdev.props = (Property[]) {
614 DEFINE_BLOCK_PROPERTIES(MSDState, conf),
615 DEFINE_PROP_BIT("removable", MSDState, removable, 0, false),
616 DEFINE_PROP_END_OF_LIST(),
620 static void usb_msd_register_devices(void)
622 usb_qdev_register(&msd_info);
624 device_init(usb_msd_register_devices)
projects / qemu.git / blob