2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
16 #include <qemu-common.h>
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
24 #define DPRINTF(fmt, ...) do {} while(0)
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
30 #include "qemu-common.h"
33 #include "scsi-defs.h"
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
38 #define SCSI_REQ_STATUS_RETRY 0x01
40 typedef struct SCSIDiskState SCSIDiskState;
42 typedef struct SCSIDiskReq {
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
48 uint32_t sector_count;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
61 char drive_serial_str[21];
65 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
70 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
71 r = DO_UPCAST(SCSIDiskReq, req, req);
72 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
76 static void scsi_remove_request(SCSIDiskReq *r)
78 qemu_free(r->iov.iov_base);
79 scsi_req_free(&r->req);
82 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
84 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
87 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
90 scsi_dev_set_sense(req->dev, sense_code);
93 /* Helper function for command completion. */
94 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
96 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
97 r->req.tag, status, sense);
98 scsi_req_set_status(&r->req, status, sense);
99 scsi_req_complete(&r->req);
100 scsi_remove_request(r);
103 /* Cancel a pending data transfer. */
104 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
108 DPRINTF("Cancel tag=0x%x\n", tag);
109 r = scsi_find_request(s, tag);
112 bdrv_aio_cancel(r->req.aiocb);
114 scsi_remove_request(r);
118 static void scsi_read_complete(void * opaque, int ret)
120 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
123 DPRINTF("IO error\n");
124 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
125 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
128 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
133 /* Read more data from scsi device into buffer. */
134 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
136 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
140 r = scsi_find_request(s, tag);
142 BADF("Bad read tag 0x%x\n", tag);
143 /* ??? This is the wrong error. */
144 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
147 if (r->sector_count == (uint32_t)-1) {
148 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
150 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
153 DPRINTF("Read sector_count=%d\n", r->sector_count);
154 if (r->sector_count == 0) {
155 scsi_command_complete(r, GOOD, NO_SENSE);
160 if (n > SCSI_DMA_BUF_SIZE / 512)
161 n = SCSI_DMA_BUF_SIZE / 512;
163 r->iov.iov_len = n * 512;
164 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
165 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
166 scsi_read_complete, r);
167 if (r->req.aiocb == NULL)
168 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
170 r->sector_count -= n;
173 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176 BlockInterfaceErrorAction action = drive_get_onerror(s->qdev.dinfo->bdrv);
178 if (action == BLOCK_ERR_IGNORE)
181 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
182 || action == BLOCK_ERR_STOP_ANY) {
183 r->status |= SCSI_REQ_STATUS_RETRY;
186 scsi_command_complete(r, CHECK_CONDITION,
193 static void scsi_write_complete(void * opaque, int ret)
195 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
202 if (scsi_handle_write_error(r, -ret))
206 n = r->iov.iov_len / 512;
208 r->sector_count -= n;
209 if (r->sector_count == 0) {
210 scsi_command_complete(r, GOOD, NO_SENSE);
212 len = r->sector_count * 512;
213 if (len > SCSI_DMA_BUF_SIZE) {
214 len = SCSI_DMA_BUF_SIZE;
216 r->iov.iov_len = len;
217 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
218 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
222 static void scsi_write_request(SCSIDiskReq *r)
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
227 n = r->iov.iov_len / 512;
229 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
230 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
231 scsi_write_complete, r);
232 if (r->req.aiocb == NULL)
233 scsi_command_complete(r, CHECK_CONDITION,
236 /* Invoke completion routine to fetch data from host. */
237 scsi_write_complete(r, 0);
241 /* Write data to a scsi device. Returns nonzero on failure.
242 The transfer may complete asynchronously. */
243 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
257 BADF("Data transfer already in progress\n");
259 scsi_write_request(r);
264 static void scsi_dma_restart_bh(void *opaque)
266 SCSIDiskState *s = opaque;
270 qemu_bh_delete(s->bh);
273 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
274 r = DO_UPCAST(SCSIDiskReq, req, req);
275 if (r->status & SCSI_REQ_STATUS_RETRY) {
276 r->status &= ~SCSI_REQ_STATUS_RETRY;
277 scsi_write_request(r);
282 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
284 SCSIDiskState *s = opaque;
290 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
291 qemu_bh_schedule(s->bh);
295 /* Return a pointer to the data buffer. */
296 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
301 r = scsi_find_request(s, tag);
303 BADF("Bad buffer tag 0x%x\n", tag);
306 return (uint8_t *)r->iov.iov_base;
309 /* Execute a scsi command. Returns the length of the data expected by the
310 command. This will be Positive for data transfers from the device
311 (eg. disk reads), negative for transfers to the device (eg. disk writes),
312 and zero if the command does not transfer any data. */
314 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
315 uint8_t *buf, int lun)
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
328 r = scsi_find_request(s, tag);
330 BADF("Tag 0x%x already in use\n", tag);
331 scsi_cancel_io(d, tag);
333 /* ??? Tags are not unique for different luns. We only implement a
334 single lun, so this should not matter. */
335 r = scsi_new_request(d, tag, lun);
336 outbuf = (uint8_t *)r->iov.iov_base;
338 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
339 switch (command >> 5) {
341 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
342 (((uint64_t) buf[1] & 0x1f) << 16);
348 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
349 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
350 len = buf[8] | (buf[7] << 8);
354 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
355 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
356 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
357 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
358 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
362 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
363 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
364 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
368 BADF("Unsupported command length, command %x\n", command);
374 for (i = 1; i < cmdlen; i++) {
375 printf(" 0x%02x", buf[i]);
380 if (lun || buf[1] >> 5) {
381 /* Only LUN 0 supported. */
382 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
383 if (command != REQUEST_SENSE && command != INQUIRY)
387 case TEST_UNIT_READY:
388 DPRINTF("Test Unit Ready\n");
389 if (!bdrv_is_inserted(s->qdev.dinfo->bdrv))
393 DPRINTF("Request Sense (len %d)\n", len);
396 memset(outbuf, 0, 4);
398 if (s->qdev.sense.key == NOT_READY && len >= 18) {
399 memset(outbuf, 0, 18);
402 /* asc 0x3a, ascq 0: Medium not present */
408 outbuf[2] = s->qdev.sense.key;
409 scsi_dev_clear_sense(&s->qdev);
412 DPRINTF("Inquiry (len %d)\n", len);
414 /* Command support data - optional, not implemented */
415 BADF("optional INQUIRY command support request not implemented\n");
418 else if (buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = buf[2];
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
423 "less than 4\n", page_code, len);
430 /* Supported page codes, mandatory */
431 DPRINTF("Inquiry EVPD[Supported pages] "
432 "buffer size %d\n", len);
436 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
437 outbuf[r->iov.iov_len++] = 5;
439 outbuf[r->iov.iov_len++] = 0;
442 outbuf[r->iov.iov_len++] = 0x00; // this page
443 outbuf[r->iov.iov_len++] = 0x00;
444 outbuf[r->iov.iov_len++] = 3; // number of pages
445 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
446 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
447 outbuf[r->iov.iov_len++] = 0x83; // device identification
454 /* Device serial number, optional */
456 BADF("Error: EVPD[Serial number] Inquiry buffer "
457 "size %d too small, %d needed\n", len, 4);
461 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
462 l = MIN(len, strlen(s->drive_serial_str));
466 /* Supported page codes */
467 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
468 outbuf[r->iov.iov_len++] = 5;
470 outbuf[r->iov.iov_len++] = 0;
473 outbuf[r->iov.iov_len++] = 0x80; // this page
474 outbuf[r->iov.iov_len++] = 0x00;
475 outbuf[r->iov.iov_len++] = l;
476 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
483 /* Device identification page, mandatory */
484 int max_len = 255 - 8;
485 int id_len = strlen(bdrv_get_device_name(s->qdev.dinfo->bdrv));
486 if (id_len > max_len)
489 DPRINTF("Inquiry EVPD[Device identification] "
490 "buffer size %d\n", len);
492 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
493 outbuf[r->iov.iov_len++] = 5;
495 outbuf[r->iov.iov_len++] = 0;
498 outbuf[r->iov.iov_len++] = 0x83; // this page
499 outbuf[r->iov.iov_len++] = 0x00;
500 outbuf[r->iov.iov_len++] = 3 + id_len;
502 outbuf[r->iov.iov_len++] = 0x2; // ASCII
503 outbuf[r->iov.iov_len++] = 0; // not officially assigned
504 outbuf[r->iov.iov_len++] = 0; // reserved
505 outbuf[r->iov.iov_len++] = id_len; // length of data following
507 memcpy(&outbuf[r->iov.iov_len],
508 bdrv_get_device_name(s->qdev.dinfo->bdrv), id_len);
509 r->iov.iov_len += id_len;
513 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
514 "buffer size %d\n", page_code, len);
521 /* Standard INQUIRY data */
523 BADF("Error: Inquiry (STANDARD) page or code "
524 "is non-zero [%02X]\n", buf[2]);
530 BADF("Error: Inquiry (STANDARD) buffer size %d "
531 "is less than 5\n", len);
536 BADF("Error: Inquiry (STANDARD) buffer size %d "
537 "is less than 36 (TODO: only 5 required)\n", len);
541 if(len > SCSI_MAX_INQUIRY_LEN)
542 len = SCSI_MAX_INQUIRY_LEN;
544 memset(outbuf, 0, len);
546 if (lun || buf[1] >> 5) {
547 outbuf[0] = 0x7f; /* LUN not supported */
548 } else if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
551 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
554 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
556 memcpy(&outbuf[8], "QEMU ", 8);
557 memcpy(&outbuf[32], QEMU_VERSION, 4);
558 /* Identify device as SCSI-3 rev 1.
559 Some later commands are also implemented. */
561 outbuf[3] = 2; /* Format 2 */
562 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
563 /* Sync data transfer and TCQ. */
564 outbuf[7] = 0x10 | (r->req.bus->tcq ? 0x02 : 0);
565 r->iov.iov_len = len;
568 DPRINTF("Reserve(6)\n");
573 DPRINTF("Release(6)\n");
585 page = buf[2] & 0x3f;
586 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
589 outbuf[1] = 0; /* Default media type. */
590 outbuf[3] = 0; /* Block descriptor length. */
591 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM ||
592 bdrv_is_read_only(s->qdev.dinfo->bdrv)) {
593 outbuf[2] = 0x80; /* Readonly. */
596 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
597 if ((~dbd) & nb_sectors) {
598 nb_sectors /= s->cluster_size;
600 if (nb_sectors > 0xffffff)
601 nb_sectors = 0xffffff;
602 outbuf[3] = 8; /* Block descriptor length */
603 p[0] = 0; /* media density code */
604 p[1] = (nb_sectors >> 16) & 0xff;
605 p[2] = (nb_sectors >> 8) & 0xff;
606 p[3] = nb_sectors & 0xff;
607 p[4] = 0; /* reserved */
608 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
609 p[6] = s->cluster_size * 2;
615 int cylinders, heads, secs;
617 /* Rigid disk device geometry page. */
620 /* if a geometry hint is available, use it */
621 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
622 p[2] = (cylinders >> 16) & 0xff;
623 p[3] = (cylinders >> 8) & 0xff;
624 p[4] = cylinders & 0xff;
626 /* Write precomp start cylinder, disabled */
627 p[6] = (cylinders >> 16) & 0xff;
628 p[7] = (cylinders >> 8) & 0xff;
629 p[8] = cylinders & 0xff;
630 /* Reduced current start cylinder, disabled */
631 p[9] = (cylinders >> 16) & 0xff;
632 p[10] = (cylinders >> 8) & 0xff;
633 p[11] = cylinders & 0xff;
634 /* Device step rate [ns], 200ns */
637 /* Landing zone cylinder */
641 /* Medium rotation rate [rpm], 5400 rpm */
642 p[20] = (5400 >> 8) & 0xff;
645 } else if (page == 5) {
646 int cylinders, heads, secs;
648 /* Flexible disk device geometry page. */
651 /* Transfer rate [kbit/s], 5Mbit/s */
654 /* if a geometry hint is available, use it */
655 bdrv_get_geometry_hint(s->qdev.dinfo->bdrv, &cylinders, &heads, &secs);
658 p[6] = s->cluster_size * 2;
659 p[8] = (cylinders >> 8) & 0xff;
660 p[9] = cylinders & 0xff;
661 /* Write precomp start cylinder, disabled */
662 p[10] = (cylinders >> 8) & 0xff;
663 p[11] = cylinders & 0xff;
664 /* Reduced current start cylinder, disabled */
665 p[12] = (cylinders >> 8) & 0xff;
666 p[13] = cylinders & 0xff;
667 /* Device step rate [100us], 100us */
670 /* Device step pulse width [us], 1us */
672 /* Device head settle delay [100us], 100us */
675 /* Motor on delay [0.1s], 0.1s */
677 /* Motor off delay [0.1s], 0.1s */
679 /* Medium rotation rate [rpm], 5400 rpm */
680 p[28] = (5400 >> 8) & 0xff;
683 } else if ((page == 8 || page == 0x3f)) {
688 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
693 if ((page == 0x3f || page == 0x2a)
694 && (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM)) {
695 /* CD Capabilities and Mechanical Status page. */
698 p[2] = 3; // CD-R & CD-RW read
699 p[3] = 0; // Writing not supported
700 p[4] = 0x7f; /* Audio, composite, digital out,
701 mode 2 form 1&2, multi session */
702 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
703 RW corrected, C2 errors, ISRC,
705 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
706 /* Locking supported, jumper present, eject, tray */
707 p[7] = 0; /* no volume & mute control, no
709 p[8] = (50 * 176) >> 8; // 50x read speed
710 p[9] = (50 * 176) & 0xff;
711 p[10] = 0 >> 8; // No volume
713 p[12] = 2048 >> 8; // 2M buffer
715 p[14] = (16 * 176) >> 8; // 16x read speed current
716 p[15] = (16 * 176) & 0xff;
717 p[18] = (16 * 176) >> 8; // 16x write speed
718 p[19] = (16 * 176) & 0xff;
719 p[20] = (16 * 176) >> 8; // 16x write speed current
720 p[21] = (16 * 176) & 0xff;
723 r->iov.iov_len = p - outbuf;
724 outbuf[0] = r->iov.iov_len - 4;
725 if (r->iov.iov_len > len)
726 r->iov.iov_len = len;
730 DPRINTF("Start Stop Unit\n");
731 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM &&
733 /* load/eject medium */
734 bdrv_eject(s->qdev.dinfo->bdrv, !(buf[4] & 1));
736 case ALLOW_MEDIUM_REMOVAL:
737 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
738 bdrv_set_locked(s->qdev.dinfo->bdrv, buf[4] & 1);
741 DPRINTF("Read Capacity\n");
742 /* The normal LEN field for this command is zero. */
743 memset(outbuf, 0, 8);
744 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
745 nb_sectors /= s->cluster_size;
746 /* Returned value is the address of the last sector. */
749 /* Remember the new size for read/write sanity checking. */
750 s->max_lba = nb_sectors;
751 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
752 if (nb_sectors > UINT32_MAX)
753 nb_sectors = UINT32_MAX;
754 outbuf[0] = (nb_sectors >> 24) & 0xff;
755 outbuf[1] = (nb_sectors >> 16) & 0xff;
756 outbuf[2] = (nb_sectors >> 8) & 0xff;
757 outbuf[3] = nb_sectors & 0xff;
760 outbuf[6] = s->cluster_size * 2;
765 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
772 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
773 if (lba > s->max_lba)
775 r->sector = lba * s->cluster_size;
776 r->sector_count = len * s->cluster_size;
781 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
782 if (lba > s->max_lba)
784 r->sector = lba * s->cluster_size;
785 r->sector_count = len * s->cluster_size;
788 case SYNCHRONIZE_CACHE:
789 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
790 bdrv_flush(s->qdev.dinfo->bdrv);
794 int start_track, format, msf, toclen;
797 format = buf[2] & 0xf;
798 start_track = buf[6];
799 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
800 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
801 nb_sectors /= s->cluster_size;
804 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
807 /* multi session : only a single session defined */
809 memset(outbuf, 0, 12);
815 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
823 r->iov.iov_len = len;
827 DPRINTF("Read TOC error\n");
831 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
832 memset(outbuf, 0, 8);
833 /* ??? This should probably return much more information. For now
834 just return the basic header indicating the CD-ROM profile. */
835 outbuf[7] = 8; // CD-ROM
839 DPRINTF("Reserve(10)\n");
844 DPRINTF("Release(10)\n");
849 /* Service Action In subcommands. */
850 if ((buf[1] & 31) == 0x10) {
851 DPRINTF("SAI READ CAPACITY(16)\n");
852 memset(outbuf, 0, len);
853 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
854 nb_sectors /= s->cluster_size;
855 /* Returned value is the address of the last sector. */
858 /* Remember the new size for read/write sanity checking. */
859 s->max_lba = nb_sectors;
860 outbuf[0] = (nb_sectors >> 56) & 0xff;
861 outbuf[1] = (nb_sectors >> 48) & 0xff;
862 outbuf[2] = (nb_sectors >> 40) & 0xff;
863 outbuf[3] = (nb_sectors >> 32) & 0xff;
864 outbuf[4] = (nb_sectors >> 24) & 0xff;
865 outbuf[5] = (nb_sectors >> 16) & 0xff;
866 outbuf[6] = (nb_sectors >> 8) & 0xff;
867 outbuf[7] = nb_sectors & 0xff;
870 outbuf[10] = s->cluster_size * 2;
872 /* Protection, exponent and lowest lba field left blank. */
873 r->iov.iov_len = len;
875 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
880 DPRINTF("Unsupported Service Action In\n");
883 DPRINTF("Report LUNs (len %d)\n", len);
886 memset(outbuf, 0, 16);
891 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
894 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
896 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
899 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
902 if (r->sector_count == 0 && r->iov.iov_len == 0) {
903 scsi_command_complete(r, GOOD, NO_SENSE);
905 len = r->sector_count * 512 + r->iov.iov_len;
909 if (!r->sector_count)
910 r->sector_count = -1;
915 static void scsi_destroy(SCSIDevice *dev)
917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
920 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
921 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
922 scsi_remove_request(r);
924 drive_uninit(s->qdev.dinfo);
927 static int scsi_disk_initfn(SCSIDevice *dev)
929 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
932 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
933 qemu_error("scsi-disk: drive property not set\n");
937 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
942 s->qdev.blocksize = 512 * s->cluster_size;
943 s->qdev.type = TYPE_DISK;
944 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
945 nb_sectors /= s->cluster_size;
948 s->max_lba = nb_sectors;
949 strncpy(s->drive_serial_str, drive_get_serial(s->qdev.dinfo->bdrv),
950 sizeof(s->drive_serial_str));
951 if (strlen(s->drive_serial_str) == 0)
952 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
953 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
957 static SCSIDeviceInfo scsi_disk_info = {
958 .qdev.name = "scsi-disk",
959 .qdev.desc = "virtual scsi disk or cdrom",
960 .qdev.size = sizeof(SCSIDiskState),
961 .init = scsi_disk_initfn,
962 .destroy = scsi_destroy,
963 .send_command = scsi_send_command,
964 .read_data = scsi_read_data,
965 .write_data = scsi_write_data,
966 .cancel_io = scsi_cancel_io,
967 .get_buf = scsi_get_buf,
968 .qdev.props = (Property[]) {
969 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
970 DEFINE_PROP_END_OF_LIST(),
974 static void scsi_disk_register_devices(void)
976 scsi_qdev_register(&scsi_disk_info);
978 device_init(scsi_disk_register_devices)
projects / qemu.git / blob