2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licenced under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
22 #include <qemu-common.h>
27 #define DPRINTF(fmt, ...) \
28 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
30 #define DPRINTF(fmt, ...) do {} while(0)
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
36 #include "qemu-common.h"
39 #include "scsi-defs.h"
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
44 #define SCSI_REQ_STATUS_RETRY 0x01
46 typedef struct SCSIDiskState SCSIDiskState;
48 typedef struct SCSIDiskReq {
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
72 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
77 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
78 r = DO_UPCAST(SCSIDiskReq, req, req);
79 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
83 static void scsi_remove_request(SCSIDiskReq *r)
85 qemu_vfree(r->iov.iov_base);
86 scsi_req_free(&r->req);
89 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
94 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
97 scsi_dev_set_sense(req->dev, sense_code);
100 /* Helper function for command completion. */
101 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
104 r->req.tag, status, sense);
105 scsi_req_set_status(&r->req, status, sense);
106 scsi_req_complete(&r->req);
107 scsi_remove_request(r);
110 /* Cancel a pending data transfer. */
111 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
115 DPRINTF("Cancel tag=0x%x\n", tag);
116 r = scsi_find_request(s, tag);
119 bdrv_aio_cancel(r->req.aiocb);
121 scsi_remove_request(r);
125 static void scsi_read_complete(void * opaque, int ret)
127 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
130 DPRINTF("IO error\n");
131 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
132 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
135 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
137 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
140 /* Read more data from scsi device into buffer. */
141 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
143 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
147 r = scsi_find_request(s, tag);
149 BADF("Bad read tag 0x%x\n", tag);
150 /* ??? This is the wrong error. */
151 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
154 if (r->sector_count == (uint32_t)-1) {
155 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
157 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
160 DPRINTF("Read sector_count=%d\n", r->sector_count);
161 if (r->sector_count == 0) {
162 scsi_command_complete(r, GOOD, NO_SENSE);
167 if (n > SCSI_DMA_BUF_SIZE / 512)
168 n = SCSI_DMA_BUF_SIZE / 512;
170 r->iov.iov_len = n * 512;
171 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
172 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
173 scsi_read_complete, r);
174 if (r->req.aiocb == NULL)
175 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
177 r->sector_count -= n;
180 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
185 if (action == BLOCK_ERR_IGNORE) {
186 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
190 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
191 || action == BLOCK_ERR_STOP_ANY) {
192 r->status |= SCSI_REQ_STATUS_RETRY;
194 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
196 scsi_command_complete(r, CHECK_CONDITION,
198 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
204 static void scsi_write_complete(void * opaque, int ret)
206 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
213 if (scsi_handle_write_error(r, -ret))
217 n = r->iov.iov_len / 512;
219 r->sector_count -= n;
220 if (r->sector_count == 0) {
221 scsi_command_complete(r, GOOD, NO_SENSE);
223 len = r->sector_count * 512;
224 if (len > SCSI_DMA_BUF_SIZE) {
225 len = SCSI_DMA_BUF_SIZE;
227 r->iov.iov_len = len;
228 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
229 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
233 static void scsi_write_request(SCSIDiskReq *r)
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
238 n = r->iov.iov_len / 512;
240 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
241 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
242 scsi_write_complete, r);
243 if (r->req.aiocb == NULL)
244 scsi_command_complete(r, CHECK_CONDITION,
247 /* Invoke completion routine to fetch data from host. */
248 scsi_write_complete(r, 0);
252 /* Write data to a scsi device. Returns nonzero on failure.
253 The transfer may complete asynchronously. */
254 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
259 DPRINTF("Write data tag=0x%x\n", tag);
260 r = scsi_find_request(s, tag);
262 BADF("Bad write tag 0x%x\n", tag);
263 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
268 BADF("Data transfer already in progress\n");
270 scsi_write_request(r);
275 static void scsi_dma_restart_bh(void *opaque)
277 SCSIDiskState *s = opaque;
281 qemu_bh_delete(s->bh);
284 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
285 r = DO_UPCAST(SCSIDiskReq, req, req);
286 if (r->status & SCSI_REQ_STATUS_RETRY) {
287 r->status &= ~SCSI_REQ_STATUS_RETRY;
288 scsi_write_request(r);
293 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
295 SCSIDiskState *s = opaque;
301 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
302 qemu_bh_schedule(s->bh);
306 /* Return a pointer to the data buffer. */
307 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
309 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
312 r = scsi_find_request(s, tag);
314 BADF("Bad buffer tag 0x%x\n", tag);
317 return (uint8_t *)r->iov.iov_base;
320 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
325 if (req->cmd.buf[1] & 0x2) {
326 /* Command support data - optional, not implemented */
327 BADF("optional INQUIRY command support request not implemented\n");
331 if (req->cmd.buf[1] & 0x1) {
332 /* Vital product data */
333 uint8_t page_code = req->cmd.buf[2];
334 if (req->cmd.xfer < 4) {
335 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
336 "less than 4\n", page_code, req->cmd.xfer);
340 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
341 outbuf[buflen++] = 5;
343 outbuf[buflen++] = 0;
345 outbuf[buflen++] = page_code ; // this page
346 outbuf[buflen++] = 0x00;
349 case 0x00: /* Supported page codes, mandatory */
350 DPRINTF("Inquiry EVPD[Supported pages] "
351 "buffer size %zd\n", req->cmd.xfer);
352 outbuf[buflen++] = 4; // number of pages
353 outbuf[buflen++] = 0x00; // list of supported pages (this page)
354 outbuf[buflen++] = 0x80; // unit serial number
355 outbuf[buflen++] = 0x83; // device identification
356 outbuf[buflen++] = 0xb0; // block device characteristics
359 case 0x80: /* Device serial number, optional */
361 const char *serial = req->dev->conf.dinfo->serial ?
362 req->dev->conf.dinfo->serial : "0";
363 int l = strlen(serial);
365 if (l > req->cmd.xfer)
370 DPRINTF("Inquiry EVPD[Serial number] "
371 "buffer size %zd\n", req->cmd.xfer);
372 outbuf[buflen++] = l;
373 memcpy(outbuf+buflen, serial, l);
378 case 0x83: /* Device identification page, mandatory */
380 int max_len = 255 - 8;
381 int id_len = strlen(bdrv_get_device_name(s->bs));
383 if (id_len > max_len)
385 DPRINTF("Inquiry EVPD[Device identification] "
386 "buffer size %zd\n", req->cmd.xfer);
388 outbuf[buflen++] = 3 + id_len;
389 outbuf[buflen++] = 0x2; // ASCII
390 outbuf[buflen++] = 0; // not officially assigned
391 outbuf[buflen++] = 0; // reserved
392 outbuf[buflen++] = id_len; // length of data following
394 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
398 case 0xb0: /* block device characteristics */
400 unsigned int min_io_size = s->qdev.conf.min_io_size >> 9;
401 unsigned int opt_io_size = s->qdev.conf.opt_io_size >> 9;
403 /* required VPD size with unmap support */
404 outbuf[3] = buflen = 0x3c;
406 memset(outbuf + 4, 0, buflen - 4);
408 /* optimal transfer length granularity */
409 outbuf[6] = (min_io_size >> 8) & 0xff;
410 outbuf[7] = min_io_size & 0xff;
412 /* optimal transfer length */
413 outbuf[12] = (opt_io_size >> 24) & 0xff;
414 outbuf[13] = (opt_io_size >> 16) & 0xff;
415 outbuf[14] = (opt_io_size >> 8) & 0xff;
416 outbuf[15] = opt_io_size & 0xff;
420 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
421 "buffer size %zd\n", page_code, req->cmd.xfer);
428 /* Standard INQUIRY data */
429 if (req->cmd.buf[2] != 0) {
430 BADF("Error: Inquiry (STANDARD) page or code "
431 "is non-zero [%02X]\n", req->cmd.buf[2]);
436 if (req->cmd.xfer < 5) {
437 BADF("Error: Inquiry (STANDARD) buffer size %zd "
438 "is less than 5\n", req->cmd.xfer);
442 buflen = req->cmd.xfer;
443 if (buflen > SCSI_MAX_INQUIRY_LEN)
444 buflen = SCSI_MAX_INQUIRY_LEN;
446 memset(outbuf, 0, buflen);
448 if (req->lun || req->cmd.buf[1] >> 5) {
449 outbuf[0] = 0x7f; /* LUN not supported */
453 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
456 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
459 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
461 memcpy(&outbuf[8], "QEMU ", 8);
462 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
463 /* Identify device as SCSI-3 rev 1.
464 Some later commands are also implemented. */
466 outbuf[3] = 2; /* Format 2 */
469 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
471 /* If the allocation length of CDB is too small,
472 the additional length is not adjusted */
476 /* Sync data transfer and TCQ. */
477 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
481 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
483 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
484 BlockDriverState *bdrv = s->bs;
485 int cylinders, heads, secs;
488 case 4: /* Rigid disk device geometry page. */
491 /* if a geometry hint is available, use it */
492 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
493 p[2] = (cylinders >> 16) & 0xff;
494 p[3] = (cylinders >> 8) & 0xff;
495 p[4] = cylinders & 0xff;
497 /* Write precomp start cylinder, disabled */
498 p[6] = (cylinders >> 16) & 0xff;
499 p[7] = (cylinders >> 8) & 0xff;
500 p[8] = cylinders & 0xff;
501 /* Reduced current start cylinder, disabled */
502 p[9] = (cylinders >> 16) & 0xff;
503 p[10] = (cylinders >> 8) & 0xff;
504 p[11] = cylinders & 0xff;
505 /* Device step rate [ns], 200ns */
508 /* Landing zone cylinder */
512 /* Medium rotation rate [rpm], 5400 rpm */
513 p[20] = (5400 >> 8) & 0xff;
517 case 5: /* Flexible disk device geometry page. */
520 /* Transfer rate [kbit/s], 5Mbit/s */
523 /* if a geometry hint is available, use it */
524 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
527 p[6] = s->cluster_size * 2;
528 p[8] = (cylinders >> 8) & 0xff;
529 p[9] = cylinders & 0xff;
530 /* Write precomp start cylinder, disabled */
531 p[10] = (cylinders >> 8) & 0xff;
532 p[11] = cylinders & 0xff;
533 /* Reduced current start cylinder, disabled */
534 p[12] = (cylinders >> 8) & 0xff;
535 p[13] = cylinders & 0xff;
536 /* Device step rate [100us], 100us */
539 /* Device step pulse width [us], 1us */
541 /* Device head settle delay [100us], 100us */
544 /* Motor on delay [0.1s], 0.1s */
546 /* Motor off delay [0.1s], 0.1s */
548 /* Medium rotation rate [rpm], 5400 rpm */
549 p[28] = (5400 >> 8) & 0xff;
553 case 8: /* Caching page. */
556 if (bdrv_enable_write_cache(s->bs)) {
561 case 0x2a: /* CD Capabilities and Mechanical Status page. */
562 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
566 p[2] = 3; // CD-R & CD-RW read
567 p[3] = 0; // Writing not supported
568 p[4] = 0x7f; /* Audio, composite, digital out,
569 mode 2 form 1&2, multi session */
570 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
571 RW corrected, C2 errors, ISRC,
573 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
574 /* Locking supported, jumper present, eject, tray */
575 p[7] = 0; /* no volume & mute control, no
577 p[8] = (50 * 176) >> 8; // 50x read speed
578 p[9] = (50 * 176) & 0xff;
579 p[10] = 0 >> 8; // No volume
581 p[12] = 2048 >> 8; // 2M buffer
583 p[14] = (16 * 176) >> 8; // 16x read speed current
584 p[15] = (16 * 176) & 0xff;
585 p[18] = (16 * 176) >> 8; // 16x write speed
586 p[19] = (16 * 176) & 0xff;
587 p[20] = (16 * 176) >> 8; // 16x write speed current
588 p[21] = (16 * 176) & 0xff;
596 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
600 int page, dbd, buflen;
603 dbd = req->cmd.buf[1] & 0x8;
604 page = req->cmd.buf[2] & 0x3f;
605 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
606 memset(outbuf, 0, req->cmd.xfer);
609 p[1] = 0; /* Default media type. */
610 p[3] = 0; /* Block descriptor length. */
611 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM ||
612 bdrv_is_read_only(s->bs)) {
613 p[2] = 0x80; /* Readonly. */
617 bdrv_get_geometry(s->bs, &nb_sectors);
618 if ((~dbd) & nb_sectors) {
619 outbuf[3] = 8; /* Block descriptor length */
620 nb_sectors /= s->cluster_size;
622 if (nb_sectors > 0xffffff)
623 nb_sectors = 0xffffff;
624 p[0] = 0; /* media density code */
625 p[1] = (nb_sectors >> 16) & 0xff;
626 p[2] = (nb_sectors >> 8) & 0xff;
627 p[3] = nb_sectors & 0xff;
628 p[4] = 0; /* reserved */
629 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
630 p[6] = s->cluster_size * 2;
640 p += mode_sense_page(req, page, p);
643 p += mode_sense_page(req, 0x08, p);
644 p += mode_sense_page(req, 0x2a, p);
649 outbuf[0] = buflen - 4;
650 if (buflen > req->cmd.xfer)
651 buflen = req->cmd.xfer;
655 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
657 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
658 int start_track, format, msf, toclen;
661 msf = req->cmd.buf[1] & 2;
662 format = req->cmd.buf[2] & 0xf;
663 start_track = req->cmd.buf[6];
664 bdrv_get_geometry(s->bs, &nb_sectors);
665 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
666 nb_sectors /= s->cluster_size;
669 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
672 /* multi session : only a single session defined */
674 memset(outbuf, 0, 12);
680 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
685 if (toclen > req->cmd.xfer)
686 toclen = req->cmd.xfer;
690 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
692 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
696 switch (req->cmd.buf[0]) {
697 case TEST_UNIT_READY:
698 if (!bdrv_is_inserted(s->bs))
702 if (req->cmd.xfer < 4)
703 goto illegal_request;
704 memset(outbuf, 0, 4);
706 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
707 memset(outbuf, 0, 18);
710 /* asc 0x3a, ascq 0: Medium not present */
716 outbuf[2] = req->dev->sense.key;
717 scsi_dev_clear_sense(req->dev);
720 buflen = scsi_disk_emulate_inquiry(req, outbuf);
722 goto illegal_request;
726 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
728 goto illegal_request;
731 buflen = scsi_disk_emulate_read_toc(req, outbuf);
733 goto illegal_request;
736 if (req->cmd.buf[1] & 1)
737 goto illegal_request;
740 if (req->cmd.buf[1] & 3)
741 goto illegal_request;
744 if (req->cmd.buf[1] & 1)
745 goto illegal_request;
748 if (req->cmd.buf[1] & 3)
749 goto illegal_request;
752 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
753 /* load/eject medium */
754 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
757 case ALLOW_MEDIUM_REMOVAL:
758 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
761 /* The normal LEN field for this command is zero. */
762 memset(outbuf, 0, 8);
763 bdrv_get_geometry(s->bs, &nb_sectors);
766 nb_sectors /= s->cluster_size;
767 /* Returned value is the address of the last sector. */
769 /* Remember the new size for read/write sanity checking. */
770 s->max_lba = nb_sectors;
771 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
772 if (nb_sectors > UINT32_MAX)
773 nb_sectors = UINT32_MAX;
774 outbuf[0] = (nb_sectors >> 24) & 0xff;
775 outbuf[1] = (nb_sectors >> 16) & 0xff;
776 outbuf[2] = (nb_sectors >> 8) & 0xff;
777 outbuf[3] = nb_sectors & 0xff;
780 outbuf[6] = s->cluster_size * 2;
784 case SYNCHRONIZE_CACHE:
787 case GET_CONFIGURATION:
788 memset(outbuf, 0, 8);
789 /* ??? This should probably return much more information. For now
790 just return the basic header indicating the CD-ROM profile. */
791 outbuf[7] = 8; // CD-ROM
794 case SERVICE_ACTION_IN:
795 /* Service Action In subcommands. */
796 if ((req->cmd.buf[1] & 31) == 0x10) {
797 DPRINTF("SAI READ CAPACITY(16)\n");
798 memset(outbuf, 0, req->cmd.xfer);
799 bdrv_get_geometry(s->bs, &nb_sectors);
802 nb_sectors /= s->cluster_size;
803 /* Returned value is the address of the last sector. */
805 /* Remember the new size for read/write sanity checking. */
806 s->max_lba = nb_sectors;
807 outbuf[0] = (nb_sectors >> 56) & 0xff;
808 outbuf[1] = (nb_sectors >> 48) & 0xff;
809 outbuf[2] = (nb_sectors >> 40) & 0xff;
810 outbuf[3] = (nb_sectors >> 32) & 0xff;
811 outbuf[4] = (nb_sectors >> 24) & 0xff;
812 outbuf[5] = (nb_sectors >> 16) & 0xff;
813 outbuf[6] = (nb_sectors >> 8) & 0xff;
814 outbuf[7] = nb_sectors & 0xff;
817 outbuf[10] = s->cluster_size * 2;
820 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
821 /* Protection, exponent and lowest lba field left blank. */
822 buflen = req->cmd.xfer;
825 DPRINTF("Unsupported Service Action In\n");
826 goto illegal_request;
828 if (req->cmd.xfer < 16)
829 goto illegal_request;
830 memset(outbuf, 0, 16);
837 goto illegal_request;
839 scsi_req_set_status(req, GOOD, NO_SENSE);
843 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
847 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
851 /* Execute a scsi command. Returns the length of the data expected by the
852 command. This will be Positive for data transfers from the device
853 (eg. disk reads), negative for transfers to the device (eg. disk writes),
854 and zero if the command does not transfer any data. */
856 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
857 uint8_t *buf, int lun)
859 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
870 r = scsi_find_request(s, tag);
872 BADF("Tag 0x%x already in use\n", tag);
873 scsi_cancel_io(d, tag);
875 /* ??? Tags are not unique for different luns. We only implement a
876 single lun, so this should not matter. */
877 r = scsi_new_request(d, tag, lun);
878 outbuf = (uint8_t *)r->iov.iov_base;
880 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
881 switch (command >> 5) {
883 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
884 (((uint64_t) buf[1] & 0x1f) << 16);
890 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
891 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
892 len = buf[8] | (buf[7] << 8);
896 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
897 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
898 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
899 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
900 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
904 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
905 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
906 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
910 BADF("Unsupported command length, command %x\n", command);
916 for (i = 1; i < cmdlen; i++) {
917 printf(" 0x%02x", buf[i]);
923 if (scsi_req_parse(&r->req, buf) != 0) {
924 BADF("Unsupported command length, command %x\n", command);
927 assert(r->req.cmd.len == cmdlen);
928 assert(r->req.cmd.lba == lba);
930 if (lun || buf[1] >> 5) {
931 /* Only LUN 0 supported. */
932 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
933 if (command != REQUEST_SENSE && command != INQUIRY)
937 case TEST_UNIT_READY:
947 case ALLOW_MEDIUM_REMOVAL:
949 case SYNCHRONIZE_CACHE:
951 case GET_CONFIGURATION:
952 case SERVICE_ACTION_IN:
955 rc = scsi_disk_emulate_command(&r->req, outbuf);
959 scsi_req_complete(&r->req);
960 scsi_remove_request(r);
968 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
969 if (lba > s->max_lba)
971 r->sector = lba * s->cluster_size;
972 r->sector_count = len * s->cluster_size;
978 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
979 if (lba > s->max_lba)
981 r->sector = lba * s->cluster_size;
982 r->sector_count = len * s->cluster_size;
986 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
988 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
991 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
994 if (r->sector_count == 0 && r->iov.iov_len == 0) {
995 scsi_command_complete(r, GOOD, NO_SENSE);
997 len = r->sector_count * 512 + r->iov.iov_len;
1001 if (!r->sector_count)
1002 r->sector_count = -1;
1007 static void scsi_destroy(SCSIDevice *dev)
1009 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1012 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1013 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1014 scsi_remove_request(r);
1016 drive_uninit(s->qdev.conf.dinfo);
1019 static int scsi_disk_initfn(SCSIDevice *dev)
1021 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1022 uint64_t nb_sectors;
1024 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1025 qemu_error("scsi-disk: drive property not set\n");
1028 s->bs = s->qdev.conf.dinfo->bdrv;
1030 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1031 s->cluster_size = 4;
1033 s->cluster_size = 1;
1035 s->qdev.blocksize = 512 * s->cluster_size;
1036 s->qdev.type = TYPE_DISK;
1037 bdrv_get_geometry(s->bs, &nb_sectors);
1038 nb_sectors /= s->cluster_size;
1041 s->max_lba = nb_sectors;
1042 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1046 static SCSIDeviceInfo scsi_disk_info = {
1047 .qdev.name = "scsi-disk",
1048 .qdev.desc = "virtual scsi disk or cdrom",
1049 .qdev.size = sizeof(SCSIDiskState),
1050 .init = scsi_disk_initfn,
1051 .destroy = scsi_destroy,
1052 .send_command = scsi_send_command,
1053 .read_data = scsi_read_data,
1054 .write_data = scsi_write_data,
1055 .cancel_io = scsi_cancel_io,
1056 .get_buf = scsi_get_buf,
1057 .qdev.props = (Property[]) {
1058 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1059 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1060 DEFINE_PROP_END_OF_LIST(),
1064 static void scsi_disk_register_devices(void)
1066 scsi_qdev_register(&scsi_disk_info);
1068 device_init(scsi_disk_register_devices)
projects / qemu.git / blob