]> git.ipfire.org Git - thirdparty/qemu.git/blob - hw/scsi/scsi-disk.c
projects / thirdparty / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: introduce scsi_disk_req_check_error
[thirdparty/qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65 typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
69 bool (*need_fua_emulation)(SCSICommand *cmd);
70 } SCSIDiskClass;
71
72 typedef struct SCSIDiskReq {
73 SCSIRequest req;
74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
75 uint64_t sector;
76 uint32_t sector_count;
77 uint32_t buflen;
78 bool started;
79 bool need_fua_emulation;
80 struct iovec iov;
81 QEMUIOVector qiov;
82 BlockAcctCookie acct;
83 } SCSIDiskReq;
84
85 #define SCSI_DISK_F_REMOVABLE 0
86 #define SCSI_DISK_F_DPOFUA 1
87 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
88
89 typedef struct SCSIDiskState
90 {
91 SCSIDevice qdev;
92 uint32_t features;
93 bool media_changed;
94 bool media_event;
95 bool eject_request;
96 uint16_t port_index;
97 uint64_t max_unmap_size;
98 uint64_t max_io_size;
99 QEMUBH *bh;
100 char *version;
101 char *serial;
102 char *vendor;
103 char *product;
104 bool tray_open;
105 bool tray_locked;
106 } SCSIDiskState;
107
108 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
109
110 static void scsi_free_request(SCSIRequest *req)
111 {
112 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
113
114 qemu_vfree(r->iov.iov_base);
115 }
116
117 /* Helper function for command completion with sense. */
118 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
119 {
120 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
121 r->req.tag, sense.key, sense.asc, sense.ascq);
122 scsi_req_build_sense(&r->req, sense);
123 scsi_req_complete(&r->req, CHECK_CONDITION);
124 }
125
126 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
127 {
128 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
129
130 if (!r->iov.iov_base) {
131 r->buflen = size;
132 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
133 }
134 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
135 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
136 }
137
138 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
139 {
140 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
141
142 qemu_put_be64s(f, &r->sector);
143 qemu_put_be32s(f, &r->sector_count);
144 qemu_put_be32s(f, &r->buflen);
145 if (r->buflen) {
146 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
148 } else if (!req->retry) {
149 uint32_t len = r->iov.iov_len;
150 qemu_put_be32s(f, &len);
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 }
153 }
154 }
155
156 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
157 {
158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
159
160 qemu_get_be64s(f, &r->sector);
161 qemu_get_be32s(f, &r->sector_count);
162 qemu_get_be32s(f, &r->buflen);
163 if (r->buflen) {
164 scsi_init_iovec(r, r->buflen);
165 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
167 } else if (!r->req.retry) {
168 uint32_t len;
169 qemu_get_be32s(f, &len);
170 r->iov.iov_len = len;
171 assert(r->iov.iov_len <= r->buflen);
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 }
174 }
175
176 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
177 }
178
179 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
180 {
181 if (r->req.io_canceled) {
182 scsi_req_cancel_complete(&r->req);
183 return true;
184 }
185
186 if (ret < 0) {
187 return scsi_handle_rw_error(r, -ret, acct_failed);
188 }
189
190 return false;
191 }
192
193 static void scsi_aio_complete(void *opaque, int ret)
194 {
195 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
196 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
197
198 assert(r->req.aiocb != NULL);
199 r->req.aiocb = NULL;
200 if (scsi_disk_req_check_error(r, ret, true)) {
201 goto done;
202 }
203
204 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
205 scsi_req_complete(&r->req, GOOD);
206
207 done:
208 scsi_req_unref(&r->req);
209 }
210
211 static bool scsi_is_cmd_fua(SCSICommand *cmd)
212 {
213 switch (cmd->buf[0]) {
214 case READ_10:
215 case READ_12:
216 case READ_16:
217 case WRITE_10:
218 case WRITE_12:
219 case WRITE_16:
220 return (cmd->buf[1] & 8) != 0;
221
222 case VERIFY_10:
223 case VERIFY_12:
224 case VERIFY_16:
225 case WRITE_VERIFY_10:
226 case WRITE_VERIFY_12:
227 case WRITE_VERIFY_16:
228 return true;
229
230 case READ_6:
231 case WRITE_6:
232 default:
233 return false;
234 }
235 }
236
237 static void scsi_write_do_fua(SCSIDiskReq *r)
238 {
239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
240
241 assert(r->req.aiocb == NULL);
242 assert(!r->req.io_canceled);
243
244 if (r->need_fua_emulation) {
245 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
246 BLOCK_ACCT_FLUSH);
247 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
248 return;
249 }
250
251 scsi_req_complete(&r->req, GOOD);
252 scsi_req_unref(&r->req);
253 }
254
255 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
256 {
257 assert(r->req.aiocb == NULL);
258 if (scsi_disk_req_check_error(r, ret, false)) {
259 goto done;
260 }
261
262 r->sector += r->sector_count;
263 r->sector_count = 0;
264 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
265 scsi_write_do_fua(r);
266 return;
267 } else {
268 scsi_req_complete(&r->req, GOOD);
269 }
270
271 done:
272 scsi_req_unref(&r->req);
273 }
274
275 static void scsi_dma_complete(void *opaque, int ret)
276 {
277 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
278 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
279
280 assert(r->req.aiocb != NULL);
281 r->req.aiocb = NULL;
282
283 if (ret < 0) {
284 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
285 } else {
286 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
287 }
288 scsi_dma_complete_noio(r, ret);
289 }
290
291 static void scsi_read_complete(void * opaque, int ret)
292 {
293 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
294 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
295 int n;
296
297 assert(r->req.aiocb != NULL);
298 r->req.aiocb = NULL;
299 if (scsi_disk_req_check_error(r, ret, true)) {
300 goto done;
301 }
302
303 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
304 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
305
306 n = r->qiov.size / 512;
307 r->sector += n;
308 r->sector_count -= n;
309 scsi_req_data(&r->req, r->qiov.size);
310
311 done:
312 scsi_req_unref(&r->req);
313 }
314
315 /* Actually issue a read to the block device. */
316 static void scsi_do_read(SCSIDiskReq *r, int ret)
317 {
318 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
319 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
320
321 assert (r->req.aiocb == NULL);
322 if (scsi_disk_req_check_error(r, ret, false)) {
323 goto done;
324 }
325
326 /* The request is used as the AIO opaque value, so add a ref. */
327 scsi_req_ref(&r->req);
328
329 if (r->req.sg) {
330 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
331 r->req.resid -= r->req.sg->size;
332 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
333 r->req.sg, r->sector << BDRV_SECTOR_BITS,
334 sdc->dma_readv, r, scsi_dma_complete, r,
335 DMA_DIRECTION_FROM_DEVICE);
336 } else {
337 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
338 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
339 r->qiov.size, BLOCK_ACCT_READ);
340 r->req.aiocb = sdc->dma_readv(r->sector, &r->qiov,
341 scsi_read_complete, r, r);
342 }
343
344 done:
345 scsi_req_unref(&r->req);
346 }
347
348 static void scsi_do_read_cb(void *opaque, int ret)
349 {
350 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
351 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
352
353 assert (r->req.aiocb != NULL);
354 r->req.aiocb = NULL;
355
356 if (ret < 0) {
357 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
358 } else {
359 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
360 }
361 scsi_do_read(opaque, ret);
362 }
363
364 /* Read more data from scsi device into buffer. */
365 static void scsi_read_data(SCSIRequest *req)
366 {
367 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
369 bool first;
370
371 DPRINTF("Read sector_count=%d\n", r->sector_count);
372 if (r->sector_count == 0) {
373 /* This also clears the sense buffer for REQUEST SENSE. */
374 scsi_req_complete(&r->req, GOOD);
375 return;
376 }
377
378 /* No data transfer may already be in progress */
379 assert(r->req.aiocb == NULL);
380
381 /* The request is used as the AIO opaque value, so add a ref. */
382 scsi_req_ref(&r->req);
383 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
384 DPRINTF("Data transfer direction invalid\n");
385 scsi_read_complete(r, -EINVAL);
386 return;
387 }
388
389 if (s->tray_open) {
390 scsi_read_complete(r, -ENOMEDIUM);
391 return;
392 }
393
394 first = !r->started;
395 r->started = true;
396 if (first && r->need_fua_emulation) {
397 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
398 BLOCK_ACCT_FLUSH);
399 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
400 } else {
401 scsi_do_read(r, 0);
402 }
403 }
404
405 /*
406 * scsi_handle_rw_error has two return values. 0 means that the error
407 * must be ignored, 1 means that the error has been processed and the
408 * caller should not do anything else for this request. Note that
409 * scsi_handle_rw_error always manages its reference counts, independent
410 * of the return value.
411 */
412 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
413 {
414 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
415 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
416 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
417 is_read, error);
418
419 if (action == BLOCK_ERROR_ACTION_REPORT) {
420 if (acct_failed) {
421 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
422 }
423 switch (error) {
424 case ENOMEDIUM:
425 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
426 break;
427 case ENOMEM:
428 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
429 break;
430 case EINVAL:
431 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
432 break;
433 case ENOSPC:
434 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
435 break;
436 default:
437 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
438 break;
439 }
440 }
441 blk_error_action(s->qdev.conf.blk, action, is_read, error);
442 if (action == BLOCK_ERROR_ACTION_STOP) {
443 scsi_req_retry(&r->req);
444 }
445 return action != BLOCK_ERROR_ACTION_IGNORE;
446 }
447
448 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
449 {
450 uint32_t n;
451
452 assert (r->req.aiocb == NULL);
453 if (scsi_disk_req_check_error(r, ret, false)) {
454 goto done;
455 }
456
457 n = r->qiov.size / 512;
458 r->sector += n;
459 r->sector_count -= n;
460 if (r->sector_count == 0) {
461 scsi_write_do_fua(r);
462 return;
463 } else {
464 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
465 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
466 scsi_req_data(&r->req, r->qiov.size);
467 }
468
469 done:
470 scsi_req_unref(&r->req);
471 }
472
473 static void scsi_write_complete(void * opaque, int ret)
474 {
475 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
476 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
477
478 assert (r->req.aiocb != NULL);
479 r->req.aiocb = NULL;
480
481 if (ret < 0) {
482 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
483 } else {
484 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
485 }
486 scsi_write_complete_noio(r, ret);
487 }
488
489 static void scsi_write_data(SCSIRequest *req)
490 {
491 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
492 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
493 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
494
495 /* No data transfer may already be in progress */
496 assert(r->req.aiocb == NULL);
497
498 /* The request is used as the AIO opaque value, so add a ref. */
499 scsi_req_ref(&r->req);
500 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
501 DPRINTF("Data transfer direction invalid\n");
502 scsi_write_complete_noio(r, -EINVAL);
503 return;
504 }
505
506 if (!r->req.sg && !r->qiov.size) {
507 /* Called for the first time. Ask the driver to send us more data. */
508 r->started = true;
509 scsi_write_complete_noio(r, 0);
510 return;
511 }
512 if (s->tray_open) {
513 scsi_write_complete_noio(r, -ENOMEDIUM);
514 return;
515 }
516
517 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
518 r->req.cmd.buf[0] == VERIFY_16) {
519 if (r->req.sg) {
520 scsi_dma_complete_noio(r, 0);
521 } else {
522 scsi_write_complete_noio(r, 0);
523 }
524 return;
525 }
526
527 if (r->req.sg) {
528 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
529 r->req.resid -= r->req.sg->size;
530 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
531 r->req.sg, r->sector << BDRV_SECTOR_BITS,
532 sdc->dma_writev, r, scsi_dma_complete, r,
533 DMA_DIRECTION_TO_DEVICE);
534 } else {
535 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
536 r->qiov.size, BLOCK_ACCT_WRITE);
537 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
538 scsi_write_complete, r, r);
539 }
540 }
541
542 /* Return a pointer to the data buffer. */
543 static uint8_t *scsi_get_buf(SCSIRequest *req)
544 {
545 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
546
547 return (uint8_t *)r->iov.iov_base;
548 }
549
550 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
551 {
552 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
553 int buflen = 0;
554 int start;
555
556 if (req->cmd.buf[1] & 0x1) {
557 /* Vital product data */
558 uint8_t page_code = req->cmd.buf[2];
559
560 outbuf[buflen++] = s->qdev.type & 0x1f;
561 outbuf[buflen++] = page_code ; // this page
562 outbuf[buflen++] = 0x00;
563 outbuf[buflen++] = 0x00;
564 start = buflen;
565
566 switch (page_code) {
567 case 0x00: /* Supported page codes, mandatory */
568 {
569 DPRINTF("Inquiry EVPD[Supported pages] "
570 "buffer size %zd\n", req->cmd.xfer);
571 outbuf[buflen++] = 0x00; // list of supported pages (this page)
572 if (s->serial) {
573 outbuf[buflen++] = 0x80; // unit serial number
574 }
575 outbuf[buflen++] = 0x83; // device identification
576 if (s->qdev.type == TYPE_DISK) {
577 outbuf[buflen++] = 0xb0; // block limits
578 outbuf[buflen++] = 0xb2; // thin provisioning
579 }
580 break;
581 }
582 case 0x80: /* Device serial number, optional */
583 {
584 int l;
585
586 if (!s->serial) {
587 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
588 return -1;
589 }
590
591 l = strlen(s->serial);
592 if (l > 20) {
593 l = 20;
594 }
595
596 DPRINTF("Inquiry EVPD[Serial number] "
597 "buffer size %zd\n", req->cmd.xfer);
598 memcpy(outbuf+buflen, s->serial, l);
599 buflen += l;
600 break;
601 }
602
603 case 0x83: /* Device identification page, mandatory */
604 {
605 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
606 int max_len = s->serial ? 20 : 255 - 8;
607 int id_len = strlen(str);
608
609 if (id_len > max_len) {
610 id_len = max_len;
611 }
612 DPRINTF("Inquiry EVPD[Device identification] "
613 "buffer size %zd\n", req->cmd.xfer);
614
615 outbuf[buflen++] = 0x2; // ASCII
616 outbuf[buflen++] = 0; // not officially assigned
617 outbuf[buflen++] = 0; // reserved
618 outbuf[buflen++] = id_len; // length of data following
619 memcpy(outbuf+buflen, str, id_len);
620 buflen += id_len;
621
622 if (s->qdev.wwn) {
623 outbuf[buflen++] = 0x1; // Binary
624 outbuf[buflen++] = 0x3; // NAA
625 outbuf[buflen++] = 0; // reserved
626 outbuf[buflen++] = 8;
627 stq_be_p(&outbuf[buflen], s->qdev.wwn);
628 buflen += 8;
629 }
630
631 if (s->qdev.port_wwn) {
632 outbuf[buflen++] = 0x61; // SAS / Binary
633 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
634 outbuf[buflen++] = 0; // reserved
635 outbuf[buflen++] = 8;
636 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
637 buflen += 8;
638 }
639
640 if (s->port_index) {
641 outbuf[buflen++] = 0x61; // SAS / Binary
642 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
643 outbuf[buflen++] = 0; // reserved
644 outbuf[buflen++] = 4;
645 stw_be_p(&outbuf[buflen + 2], s->port_index);
646 buflen += 4;
647 }
648 break;
649 }
650 case 0xb0: /* block limits */
651 {
652 unsigned int unmap_sectors =
653 s->qdev.conf.discard_granularity / s->qdev.blocksize;
654 unsigned int min_io_size =
655 s->qdev.conf.min_io_size / s->qdev.blocksize;
656 unsigned int opt_io_size =
657 s->qdev.conf.opt_io_size / s->qdev.blocksize;
658 unsigned int max_unmap_sectors =
659 s->max_unmap_size / s->qdev.blocksize;
660 unsigned int max_io_sectors =
661 s->max_io_size / s->qdev.blocksize;
662
663 if (s->qdev.type == TYPE_ROM) {
664 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
665 page_code);
666 return -1;
667 }
668 /* required VPD size with unmap support */
669 buflen = 0x40;
670 memset(outbuf + 4, 0, buflen - 4);
671
672 outbuf[4] = 0x1; /* wsnz */
673
674 /* optimal transfer length granularity */
675 outbuf[6] = (min_io_size >> 8) & 0xff;
676 outbuf[7] = min_io_size & 0xff;
677
678 /* maximum transfer length */
679 outbuf[8] = (max_io_sectors >> 24) & 0xff;
680 outbuf[9] = (max_io_sectors >> 16) & 0xff;
681 outbuf[10] = (max_io_sectors >> 8) & 0xff;
682 outbuf[11] = max_io_sectors & 0xff;
683
684 /* optimal transfer length */
685 outbuf[12] = (opt_io_size >> 24) & 0xff;
686 outbuf[13] = (opt_io_size >> 16) & 0xff;
687 outbuf[14] = (opt_io_size >> 8) & 0xff;
688 outbuf[15] = opt_io_size & 0xff;
689
690 /* max unmap LBA count, default is 1GB */
691 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
692 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
693 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
694 outbuf[23] = max_unmap_sectors & 0xff;
695
696 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
697 outbuf[24] = 0;
698 outbuf[25] = 0;
699 outbuf[26] = 0;
700 outbuf[27] = 255;
701
702 /* optimal unmap granularity */
703 outbuf[28] = (unmap_sectors >> 24) & 0xff;
704 outbuf[29] = (unmap_sectors >> 16) & 0xff;
705 outbuf[30] = (unmap_sectors >> 8) & 0xff;
706 outbuf[31] = unmap_sectors & 0xff;
707
708 /* max write same size */
709 outbuf[36] = 0;
710 outbuf[37] = 0;
711 outbuf[38] = 0;
712 outbuf[39] = 0;
713
714 outbuf[40] = (max_io_sectors >> 24) & 0xff;
715 outbuf[41] = (max_io_sectors >> 16) & 0xff;
716 outbuf[42] = (max_io_sectors >> 8) & 0xff;
717 outbuf[43] = max_io_sectors & 0xff;
718 break;
719 }
720 case 0xb2: /* thin provisioning */
721 {
722 buflen = 8;
723 outbuf[4] = 0;
724 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
725 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
726 outbuf[7] = 0;
727 break;
728 }
729 default:
730 return -1;
731 }
732 /* done with EVPD */
733 assert(buflen - start <= 255);
734 outbuf[start - 1] = buflen - start;
735 return buflen;
736 }
737
738 /* Standard INQUIRY data */
739 if (req->cmd.buf[2] != 0) {
740 return -1;
741 }
742
743 /* PAGE CODE == 0 */
744 buflen = req->cmd.xfer;
745 if (buflen > SCSI_MAX_INQUIRY_LEN) {
746 buflen = SCSI_MAX_INQUIRY_LEN;
747 }
748
749 outbuf[0] = s->qdev.type & 0x1f;
750 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
751
752 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
753 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
754
755 memset(&outbuf[32], 0, 4);
756 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
757 /*
758 * We claim conformance to SPC-3, which is required for guests
759 * to ask for modern features like READ CAPACITY(16) or the
760 * block characteristics VPD page by default. Not all of SPC-3
761 * is actually implemented, but we're good enough.
762 */
763 outbuf[2] = 5;
764 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
765
766 if (buflen > 36) {
767 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
768 } else {
769 /* If the allocation length of CDB is too small,
770 the additional length is not adjusted */
771 outbuf[4] = 36 - 5;
772 }
773
774 /* Sync data transfer and TCQ. */
775 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
776 return buflen;
777 }
778
779 static inline bool media_is_dvd(SCSIDiskState *s)
780 {
781 uint64_t nb_sectors;
782 if (s->qdev.type != TYPE_ROM) {
783 return false;
784 }
785 if (!blk_is_inserted(s->qdev.conf.blk)) {
786 return false;
787 }
788 if (s->tray_open) {
789 return false;
790 }
791 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
792 return nb_sectors > CD_MAX_SECTORS;
793 }
794
795 static inline bool media_is_cd(SCSIDiskState *s)
796 {
797 uint64_t nb_sectors;
798 if (s->qdev.type != TYPE_ROM) {
799 return false;
800 }
801 if (!blk_is_inserted(s->qdev.conf.blk)) {
802 return false;
803 }
804 if (s->tray_open) {
805 return false;
806 }
807 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
808 return nb_sectors <= CD_MAX_SECTORS;
809 }
810
811 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
812 uint8_t *outbuf)
813 {
814 uint8_t type = r->req.cmd.buf[1] & 7;
815
816 if (s->qdev.type != TYPE_ROM) {
817 return -1;
818 }
819
820 /* Types 1/2 are only defined for Blu-Ray. */
821 if (type != 0) {
822 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
823 return -1;
824 }
825
826 memset(outbuf, 0, 34);
827 outbuf[1] = 32;
828 outbuf[2] = 0xe; /* last session complete, disc finalized */
829 outbuf[3] = 1; /* first track on disc */
830 outbuf[4] = 1; /* # of sessions */
831 outbuf[5] = 1; /* first track of last session */
832 outbuf[6] = 1; /* last track of last session */
833 outbuf[7] = 0x20; /* unrestricted use */
834 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
835 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
836 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
837 /* 24-31: disc bar code */
838 /* 32: disc application code */
839 /* 33: number of OPC tables */
840
841 return 34;
842 }
843
844 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
845 uint8_t *outbuf)
846 {
847 static const int rds_caps_size[5] = {
848 [0] = 2048 + 4,
849 [1] = 4 + 4,
850 [3] = 188 + 4,
851 [4] = 2048 + 4,
852 };
853
854 uint8_t media = r->req.cmd.buf[1];
855 uint8_t layer = r->req.cmd.buf[6];
856 uint8_t format = r->req.cmd.buf[7];
857 int size = -1;
858
859 if (s->qdev.type != TYPE_ROM) {
860 return -1;
861 }
862 if (media != 0) {
863 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
864 return -1;
865 }
866
867 if (format != 0xff) {
868 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
869 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
870 return -1;
871 }
872 if (media_is_cd(s)) {
873 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
874 return -1;
875 }
876 if (format >= ARRAY_SIZE(rds_caps_size)) {
877 return -1;
878 }
879 size = rds_caps_size[format];
880 memset(outbuf, 0, size);
881 }
882
883 switch (format) {
884 case 0x00: {
885 /* Physical format information */
886 uint64_t nb_sectors;
887 if (layer != 0) {
888 goto fail;
889 }
890 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
891
892 outbuf[4] = 1; /* DVD-ROM, part version 1 */
893 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
894 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
895 outbuf[7] = 0; /* default densities */
896
897 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
898 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
899 break;
900 }
901
902 case 0x01: /* DVD copyright information, all zeros */
903 break;
904
905 case 0x03: /* BCA information - invalid field for no BCA info */
906 return -1;
907
908 case 0x04: /* DVD disc manufacturing information, all zeros */
909 break;
910
911 case 0xff: { /* List capabilities */
912 int i;
913 size = 4;
914 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
915 if (!rds_caps_size[i]) {
916 continue;
917 }
918 outbuf[size] = i;
919 outbuf[size + 1] = 0x40; /* Not writable, readable */
920 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
921 size += 4;
922 }
923 break;
924 }
925
926 default:
927 return -1;
928 }
929
930 /* Size of buffer, not including 2 byte size field */
931 stw_be_p(outbuf, size - 2);
932 return size;
933
934 fail:
935 return -1;
936 }
937
938 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
939 {
940 uint8_t event_code, media_status;
941
942 media_status = 0;
943 if (s->tray_open) {
944 media_status = MS_TRAY_OPEN;
945 } else if (blk_is_inserted(s->qdev.conf.blk)) {
946 media_status = MS_MEDIA_PRESENT;
947 }
948
949 /* Event notification descriptor */
950 event_code = MEC_NO_CHANGE;
951 if (media_status != MS_TRAY_OPEN) {
952 if (s->media_event) {
953 event_code = MEC_NEW_MEDIA;
954 s->media_event = false;
955 } else if (s->eject_request) {
956 event_code = MEC_EJECT_REQUESTED;
957 s->eject_request = false;
958 }
959 }
960
961 outbuf[0] = event_code;
962 outbuf[1] = media_status;
963
964 /* These fields are reserved, just clear them. */
965 outbuf[2] = 0;
966 outbuf[3] = 0;
967 return 4;
968 }
969
970 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
971 uint8_t *outbuf)
972 {
973 int size;
974 uint8_t *buf = r->req.cmd.buf;
975 uint8_t notification_class_request = buf[4];
976 if (s->qdev.type != TYPE_ROM) {
977 return -1;
978 }
979 if ((buf[1] & 1) == 0) {
980 /* asynchronous */
981 return -1;
982 }
983
984 size = 4;
985 outbuf[0] = outbuf[1] = 0;
986 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
987 if (notification_class_request & (1 << GESN_MEDIA)) {
988 outbuf[2] = GESN_MEDIA;
989 size += scsi_event_status_media(s, &outbuf[size]);
990 } else {
991 outbuf[2] = 0x80;
992 }
993 stw_be_p(outbuf, size - 4);
994 return size;
995 }
996
997 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
998 {
999 int current;
1000
1001 if (s->qdev.type != TYPE_ROM) {
1002 return -1;
1003 }
1004
1005 if (media_is_dvd(s)) {
1006 current = MMC_PROFILE_DVD_ROM;
1007 } else if (media_is_cd(s)) {
1008 current = MMC_PROFILE_CD_ROM;
1009 } else {
1010 current = MMC_PROFILE_NONE;
1011 }
1012
1013 memset(outbuf, 0, 40);
1014 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1015 stw_be_p(&outbuf[6], current);
1016 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1017 outbuf[10] = 0x03; /* persistent, current */
1018 outbuf[11] = 8; /* two profiles */
1019 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1020 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1021 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1022 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1023 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1024 stw_be_p(&outbuf[20], 1);
1025 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1026 outbuf[23] = 8;
1027 stl_be_p(&outbuf[24], 1); /* SCSI */
1028 outbuf[28] = 1; /* DBE = 1, mandatory */
1029 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1030 stw_be_p(&outbuf[32], 3);
1031 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1032 outbuf[35] = 4;
1033 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1034 /* TODO: Random readable, CD read, DVD read, drive serial number,
1035 power management */
1036 return 40;
1037 }
1038
1039 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1040 {
1041 if (s->qdev.type != TYPE_ROM) {
1042 return -1;
1043 }
1044 memset(outbuf, 0, 8);
1045 outbuf[5] = 1; /* CD-ROM */
1046 return 8;
1047 }
1048
1049 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1050 int page_control)
1051 {
1052 static const int mode_sense_valid[0x3f] = {
1053 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1054 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1055 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1056 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1057 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1058 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1059 };
1060
1061 uint8_t *p = *p_outbuf + 2;
1062 int length;
1063
1064 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1065 return -1;
1066 }
1067
1068 /*
1069 * If Changeable Values are requested, a mask denoting those mode parameters
1070 * that are changeable shall be returned. As we currently don't support
1071 * parameter changes via MODE_SELECT all bits are returned set to zero.
1072 * The buffer was already menset to zero by the caller of this function.
1073 *
1074 * The offsets here are off by two compared to the descriptions in the
1075 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1076 * but it is done so that offsets are consistent within our implementation
1077 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1078 * 2-byte and 4-byte headers.
1079 */
1080 switch (page) {
1081 case MODE_PAGE_HD_GEOMETRY:
1082 length = 0x16;
1083 if (page_control == 1) { /* Changeable Values */
1084 break;
1085 }
1086 /* if a geometry hint is available, use it */
1087 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1088 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1089 p[2] = s->qdev.conf.cyls & 0xff;
1090 p[3] = s->qdev.conf.heads & 0xff;
1091 /* Write precomp start cylinder, disabled */
1092 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1093 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1094 p[6] = s->qdev.conf.cyls & 0xff;
1095 /* Reduced current start cylinder, disabled */
1096 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1097 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1098 p[9] = s->qdev.conf.cyls & 0xff;
1099 /* Device step rate [ns], 200ns */
1100 p[10] = 0;
1101 p[11] = 200;
1102 /* Landing zone cylinder */
1103 p[12] = 0xff;
1104 p[13] = 0xff;
1105 p[14] = 0xff;
1106 /* Medium rotation rate [rpm], 5400 rpm */
1107 p[18] = (5400 >> 8) & 0xff;
1108 p[19] = 5400 & 0xff;
1109 break;
1110
1111 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1112 length = 0x1e;
1113 if (page_control == 1) { /* Changeable Values */
1114 break;
1115 }
1116 /* Transfer rate [kbit/s], 5Mbit/s */
1117 p[0] = 5000 >> 8;
1118 p[1] = 5000 & 0xff;
1119 /* if a geometry hint is available, use it */
1120 p[2] = s->qdev.conf.heads & 0xff;
1121 p[3] = s->qdev.conf.secs & 0xff;
1122 p[4] = s->qdev.blocksize >> 8;
1123 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1124 p[7] = s->qdev.conf.cyls & 0xff;
1125 /* Write precomp start cylinder, disabled */
1126 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1127 p[9] = s->qdev.conf.cyls & 0xff;
1128 /* Reduced current start cylinder, disabled */
1129 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[11] = s->qdev.conf.cyls & 0xff;
1131 /* Device step rate [100us], 100us */
1132 p[12] = 0;
1133 p[13] = 1;
1134 /* Device step pulse width [us], 1us */
1135 p[14] = 1;
1136 /* Device head settle delay [100us], 100us */
1137 p[15] = 0;
1138 p[16] = 1;
1139 /* Motor on delay [0.1s], 0.1s */
1140 p[17] = 1;
1141 /* Motor off delay [0.1s], 0.1s */
1142 p[18] = 1;
1143 /* Medium rotation rate [rpm], 5400 rpm */
1144 p[26] = (5400 >> 8) & 0xff;
1145 p[27] = 5400 & 0xff;
1146 break;
1147
1148 case MODE_PAGE_CACHING:
1149 length = 0x12;
1150 if (page_control == 1 || /* Changeable Values */
1151 blk_enable_write_cache(s->qdev.conf.blk)) {
1152 p[0] = 4; /* WCE */
1153 }
1154 break;
1155
1156 case MODE_PAGE_R_W_ERROR:
1157 length = 10;
1158 if (page_control == 1) { /* Changeable Values */
1159 break;
1160 }
1161 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1162 if (s->qdev.type == TYPE_ROM) {
1163 p[1] = 0x20; /* Read Retry Count */
1164 }
1165 break;
1166
1167 case MODE_PAGE_AUDIO_CTL:
1168 length = 14;
1169 break;
1170
1171 case MODE_PAGE_CAPABILITIES:
1172 length = 0x14;
1173 if (page_control == 1) { /* Changeable Values */
1174 break;
1175 }
1176
1177 p[0] = 0x3b; /* CD-R & CD-RW read */
1178 p[1] = 0; /* Writing not supported */
1179 p[2] = 0x7f; /* Audio, composite, digital out,
1180 mode 2 form 1&2, multi session */
1181 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1182 RW corrected, C2 errors, ISRC,
1183 UPC, Bar code */
1184 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1185 /* Locking supported, jumper present, eject, tray */
1186 p[5] = 0; /* no volume & mute control, no
1187 changer */
1188 p[6] = (50 * 176) >> 8; /* 50x read speed */
1189 p[7] = (50 * 176) & 0xff;
1190 p[8] = 2 >> 8; /* Two volume levels */
1191 p[9] = 2 & 0xff;
1192 p[10] = 2048 >> 8; /* 2M buffer */
1193 p[11] = 2048 & 0xff;
1194 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1195 p[13] = (16 * 176) & 0xff;
1196 p[16] = (16 * 176) >> 8; /* 16x write speed */
1197 p[17] = (16 * 176) & 0xff;
1198 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1199 p[19] = (16 * 176) & 0xff;
1200 break;
1201
1202 default:
1203 return -1;
1204 }
1205
1206 assert(length < 256);
1207 (*p_outbuf)[0] = page;
1208 (*p_outbuf)[1] = length;
1209 *p_outbuf += length + 2;
1210 return length + 2;
1211 }
1212
1213 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1214 {
1215 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1216 uint64_t nb_sectors;
1217 bool dbd;
1218 int page, buflen, ret, page_control;
1219 uint8_t *p;
1220 uint8_t dev_specific_param;
1221
1222 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1223 page = r->req.cmd.buf[2] & 0x3f;
1224 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1225 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1226 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1227 memset(outbuf, 0, r->req.cmd.xfer);
1228 p = outbuf;
1229
1230 if (s->qdev.type == TYPE_DISK) {
1231 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1232 if (blk_is_read_only(s->qdev.conf.blk)) {
1233 dev_specific_param |= 0x80; /* Readonly. */
1234 }
1235 } else {
1236 /* MMC prescribes that CD/DVD drives have no block descriptors,
1237 * and defines no device-specific parameter. */
1238 dev_specific_param = 0x00;
1239 dbd = true;
1240 }
1241
1242 if (r->req.cmd.buf[0] == MODE_SENSE) {
1243 p[1] = 0; /* Default media type. */
1244 p[2] = dev_specific_param;
1245 p[3] = 0; /* Block descriptor length. */
1246 p += 4;
1247 } else { /* MODE_SENSE_10 */
1248 p[2] = 0; /* Default media type. */
1249 p[3] = dev_specific_param;
1250 p[6] = p[7] = 0; /* Block descriptor length. */
1251 p += 8;
1252 }
1253
1254 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1255 if (!dbd && nb_sectors) {
1256 if (r->req.cmd.buf[0] == MODE_SENSE) {
1257 outbuf[3] = 8; /* Block descriptor length */
1258 } else { /* MODE_SENSE_10 */
1259 outbuf[7] = 8; /* Block descriptor length */
1260 }
1261 nb_sectors /= (s->qdev.blocksize / 512);
1262 if (nb_sectors > 0xffffff) {
1263 nb_sectors = 0;
1264 }
1265 p[0] = 0; /* media density code */
1266 p[1] = (nb_sectors >> 16) & 0xff;
1267 p[2] = (nb_sectors >> 8) & 0xff;
1268 p[3] = nb_sectors & 0xff;
1269 p[4] = 0; /* reserved */
1270 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1271 p[6] = s->qdev.blocksize >> 8;
1272 p[7] = 0;
1273 p += 8;
1274 }
1275
1276 if (page_control == 3) {
1277 /* Saved Values */
1278 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1279 return -1;
1280 }
1281
1282 if (page == 0x3f) {
1283 for (page = 0; page <= 0x3e; page++) {
1284 mode_sense_page(s, page, &p, page_control);
1285 }
1286 } else {
1287 ret = mode_sense_page(s, page, &p, page_control);
1288 if (ret == -1) {
1289 return -1;
1290 }
1291 }
1292
1293 buflen = p - outbuf;
1294 /*
1295 * The mode data length field specifies the length in bytes of the
1296 * following data that is available to be transferred. The mode data
1297 * length does not include itself.
1298 */
1299 if (r->req.cmd.buf[0] == MODE_SENSE) {
1300 outbuf[0] = buflen - 1;
1301 } else { /* MODE_SENSE_10 */
1302 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1303 outbuf[1] = (buflen - 2) & 0xff;
1304 }
1305 return buflen;
1306 }
1307
1308 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1309 {
1310 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1311 int start_track, format, msf, toclen;
1312 uint64_t nb_sectors;
1313
1314 msf = req->cmd.buf[1] & 2;
1315 format = req->cmd.buf[2] & 0xf;
1316 start_track = req->cmd.buf[6];
1317 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1318 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1319 nb_sectors /= s->qdev.blocksize / 512;
1320 switch (format) {
1321 case 0:
1322 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1323 break;
1324 case 1:
1325 /* multi session : only a single session defined */
1326 toclen = 12;
1327 memset(outbuf, 0, 12);
1328 outbuf[1] = 0x0a;
1329 outbuf[2] = 0x01;
1330 outbuf[3] = 0x01;
1331 break;
1332 case 2:
1333 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1334 break;
1335 default:
1336 return -1;
1337 }
1338 return toclen;
1339 }
1340
1341 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1342 {
1343 SCSIRequest *req = &r->req;
1344 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1345 bool start = req->cmd.buf[4] & 1;
1346 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1347 int pwrcnd = req->cmd.buf[4] & 0xf0;
1348
1349 if (pwrcnd) {
1350 /* eject/load only happens for power condition == 0 */
1351 return 0;
1352 }
1353
1354 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1355 if (!start && !s->tray_open && s->tray_locked) {
1356 scsi_check_condition(r,
1357 blk_is_inserted(s->qdev.conf.blk)
1358 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1359 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1360 return -1;
1361 }
1362
1363 if (s->tray_open != !start) {
1364 blk_eject(s->qdev.conf.blk, !start);
1365 s->tray_open = !start;
1366 }
1367 }
1368 return 0;
1369 }
1370
1371 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1372 {
1373 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1374 int buflen = r->iov.iov_len;
1375
1376 if (buflen) {
1377 DPRINTF("Read buf_len=%d\n", buflen);
1378 r->iov.iov_len = 0;
1379 r->started = true;
1380 scsi_req_data(&r->req, buflen);
1381 return;
1382 }
1383
1384 /* This also clears the sense buffer for REQUEST SENSE. */
1385 scsi_req_complete(&r->req, GOOD);
1386 }
1387
1388 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1389 uint8_t *inbuf, int inlen)
1390 {
1391 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1392 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1393 uint8_t *p;
1394 int len, expected_len, changeable_len, i;
1395
1396 /* The input buffer does not include the page header, so it is
1397 * off by 2 bytes.
1398 */
1399 expected_len = inlen + 2;
1400 if (expected_len > SCSI_MAX_MODE_LEN) {
1401 return -1;
1402 }
1403
1404 p = mode_current;
1405 memset(mode_current, 0, inlen + 2);
1406 len = mode_sense_page(s, page, &p, 0);
1407 if (len < 0 || len != expected_len) {
1408 return -1;
1409 }
1410
1411 p = mode_changeable;
1412 memset(mode_changeable, 0, inlen + 2);
1413 changeable_len = mode_sense_page(s, page, &p, 1);
1414 assert(changeable_len == len);
1415
1416 /* Check that unchangeable bits are the same as what MODE SENSE
1417 * would return.
1418 */
1419 for (i = 2; i < len; i++) {
1420 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1421 return -1;
1422 }
1423 }
1424 return 0;
1425 }
1426
1427 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1428 {
1429 switch (page) {
1430 case MODE_PAGE_CACHING:
1431 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1432 break;
1433
1434 default:
1435 break;
1436 }
1437 }
1438
1439 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1440 {
1441 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1442
1443 while (len > 0) {
1444 int page, subpage, page_len;
1445
1446 /* Parse both possible formats for the mode page headers. */
1447 page = p[0] & 0x3f;
1448 if (p[0] & 0x40) {
1449 if (len < 4) {
1450 goto invalid_param_len;
1451 }
1452 subpage = p[1];
1453 page_len = lduw_be_p(&p[2]);
1454 p += 4;
1455 len -= 4;
1456 } else {
1457 if (len < 2) {
1458 goto invalid_param_len;
1459 }
1460 subpage = 0;
1461 page_len = p[1];
1462 p += 2;
1463 len -= 2;
1464 }
1465
1466 if (subpage) {
1467 goto invalid_param;
1468 }
1469 if (page_len > len) {
1470 goto invalid_param_len;
1471 }
1472
1473 if (!change) {
1474 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1475 goto invalid_param;
1476 }
1477 } else {
1478 scsi_disk_apply_mode_select(s, page, p);
1479 }
1480
1481 p += page_len;
1482 len -= page_len;
1483 }
1484 return 0;
1485
1486 invalid_param:
1487 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1488 return -1;
1489
1490 invalid_param_len:
1491 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1492 return -1;
1493 }
1494
1495 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1496 {
1497 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1498 uint8_t *p = inbuf;
1499 int cmd = r->req.cmd.buf[0];
1500 int len = r->req.cmd.xfer;
1501 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1502 int bd_len;
1503 int pass;
1504
1505 /* We only support PF=1, SP=0. */
1506 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1507 goto invalid_field;
1508 }
1509
1510 if (len < hdr_len) {
1511 goto invalid_param_len;
1512 }
1513
1514 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1515 len -= hdr_len;
1516 p += hdr_len;
1517 if (len < bd_len) {
1518 goto invalid_param_len;
1519 }
1520 if (bd_len != 0 && bd_len != 8) {
1521 goto invalid_param;
1522 }
1523
1524 len -= bd_len;
1525 p += bd_len;
1526
1527 /* Ensure no change is made if there is an error! */
1528 for (pass = 0; pass < 2; pass++) {
1529 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1530 assert(pass == 0);
1531 return;
1532 }
1533 }
1534 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1535 /* The request is used as the AIO opaque value, so add a ref. */
1536 scsi_req_ref(&r->req);
1537 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1538 BLOCK_ACCT_FLUSH);
1539 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1540 return;
1541 }
1542
1543 scsi_req_complete(&r->req, GOOD);
1544 return;
1545
1546 invalid_param:
1547 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1548 return;
1549
1550 invalid_param_len:
1551 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1552 return;
1553
1554 invalid_field:
1555 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1556 }
1557
1558 static inline bool check_lba_range(SCSIDiskState *s,
1559 uint64_t sector_num, uint32_t nb_sectors)
1560 {
1561 /*
1562 * The first line tests that no overflow happens when computing the last
1563 * sector. The second line tests that the last accessed sector is in
1564 * range.
1565 *
1566 * Careful, the computations should not underflow for nb_sectors == 0,
1567 * and a 0-block read to the first LBA beyond the end of device is
1568 * valid.
1569 */
1570 return (sector_num <= sector_num + nb_sectors &&
1571 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1572 }
1573
1574 typedef struct UnmapCBData {
1575 SCSIDiskReq *r;
1576 uint8_t *inbuf;
1577 int count;
1578 } UnmapCBData;
1579
1580 static void scsi_unmap_complete(void *opaque, int ret);
1581
1582 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1583 {
1584 SCSIDiskReq *r = data->r;
1585 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1586 uint64_t sector_num;
1587 uint32_t nb_sectors;
1588
1589 assert(r->req.aiocb == NULL);
1590 if (scsi_disk_req_check_error(r, ret, false)) {
1591 goto done;
1592 }
1593
1594 if (data->count > 0) {
1595 sector_num = ldq_be_p(&data->inbuf[0]);
1596 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1597 if (!check_lba_range(s, sector_num, nb_sectors)) {
1598 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1599 goto done;
1600 }
1601
1602 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1603 sector_num * (s->qdev.blocksize / 512),
1604 nb_sectors * (s->qdev.blocksize / 512),
1605 scsi_unmap_complete, data);
1606 data->count--;
1607 data->inbuf += 16;
1608 return;
1609 }
1610
1611 scsi_req_complete(&r->req, GOOD);
1612
1613 done:
1614 scsi_req_unref(&r->req);
1615 g_free(data);
1616 }
1617
1618 static void scsi_unmap_complete(void *opaque, int ret)
1619 {
1620 UnmapCBData *data = opaque;
1621 SCSIDiskReq *r = data->r;
1622
1623 assert(r->req.aiocb != NULL);
1624 r->req.aiocb = NULL;
1625
1626 scsi_unmap_complete_noio(data, ret);
1627 }
1628
1629 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1630 {
1631 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1632 uint8_t *p = inbuf;
1633 int len = r->req.cmd.xfer;
1634 UnmapCBData *data;
1635
1636 /* Reject ANCHOR=1. */
1637 if (r->req.cmd.buf[1] & 0x1) {
1638 goto invalid_field;
1639 }
1640
1641 if (len < 8) {
1642 goto invalid_param_len;
1643 }
1644 if (len < lduw_be_p(&p[0]) + 2) {
1645 goto invalid_param_len;
1646 }
1647 if (len < lduw_be_p(&p[2]) + 8) {
1648 goto invalid_param_len;
1649 }
1650 if (lduw_be_p(&p[2]) & 15) {
1651 goto invalid_param_len;
1652 }
1653
1654 if (blk_is_read_only(s->qdev.conf.blk)) {
1655 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1656 return;
1657 }
1658
1659 data = g_new0(UnmapCBData, 1);
1660 data->r = r;
1661 data->inbuf = &p[8];
1662 data->count = lduw_be_p(&p[2]) >> 4;
1663
1664 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1665 scsi_req_ref(&r->req);
1666 scsi_unmap_complete_noio(data, 0);
1667 return;
1668
1669 invalid_param_len:
1670 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1671 return;
1672
1673 invalid_field:
1674 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1675 }
1676
1677 typedef struct WriteSameCBData {
1678 SCSIDiskReq *r;
1679 int64_t sector;
1680 int nb_sectors;
1681 QEMUIOVector qiov;
1682 struct iovec iov;
1683 } WriteSameCBData;
1684
1685 static void scsi_write_same_complete(void *opaque, int ret)
1686 {
1687 WriteSameCBData *data = opaque;
1688 SCSIDiskReq *r = data->r;
1689 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1690
1691 assert(r->req.aiocb != NULL);
1692 r->req.aiocb = NULL;
1693 if (scsi_disk_req_check_error(r, ret, true)) {
1694 goto done;
1695 }
1696
1697 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1698
1699 data->nb_sectors -= data->iov.iov_len / 512;
1700 data->sector += data->iov.iov_len / 512;
1701 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1702 if (data->iov.iov_len) {
1703 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1704 data->iov.iov_len, BLOCK_ACCT_WRITE);
1705 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1706 * where final qiov may need smaller size */
1707 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1708 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1709 data->sector << BDRV_SECTOR_BITS,
1710 &data->qiov, 0,
1711 scsi_write_same_complete, data);
1712 return;
1713 }
1714
1715 scsi_req_complete(&r->req, GOOD);
1716
1717 done:
1718 scsi_req_unref(&r->req);
1719 qemu_vfree(data->iov.iov_base);
1720 g_free(data);
1721 }
1722
1723 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1724 {
1725 SCSIRequest *req = &r->req;
1726 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1727 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1728 WriteSameCBData *data;
1729 uint8_t *buf;
1730 int i;
1731
1732 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1733 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1734 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1735 return;
1736 }
1737
1738 if (blk_is_read_only(s->qdev.conf.blk)) {
1739 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1740 return;
1741 }
1742 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1743 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1744 return;
1745 }
1746
1747 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1748 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1749
1750 /* The request is used as the AIO opaque value, so add a ref. */
1751 scsi_req_ref(&r->req);
1752 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1753 nb_sectors * s->qdev.blocksize,
1754 BLOCK_ACCT_WRITE);
1755 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1756 r->req.cmd.lba * s->qdev.blocksize,
1757 nb_sectors * s->qdev.blocksize,
1758 flags, scsi_aio_complete, r);
1759 return;
1760 }
1761
1762 data = g_new0(WriteSameCBData, 1);
1763 data->r = r;
1764 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1765 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1766 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1767 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1768 data->iov.iov_len);
1769 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1770
1771 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1772 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1773 }
1774
1775 scsi_req_ref(&r->req);
1776 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1777 data->iov.iov_len, BLOCK_ACCT_WRITE);
1778 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1779 data->sector << BDRV_SECTOR_BITS,
1780 &data->qiov, 0,
1781 scsi_write_same_complete, data);
1782 }
1783
1784 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1785 {
1786 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1787
1788 if (r->iov.iov_len) {
1789 int buflen = r->iov.iov_len;
1790 DPRINTF("Write buf_len=%d\n", buflen);
1791 r->iov.iov_len = 0;
1792 scsi_req_data(&r->req, buflen);
1793 return;
1794 }
1795
1796 switch (req->cmd.buf[0]) {
1797 case MODE_SELECT:
1798 case MODE_SELECT_10:
1799 /* This also clears the sense buffer for REQUEST SENSE. */
1800 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1801 break;
1802
1803 case UNMAP:
1804 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1805 break;
1806
1807 case VERIFY_10:
1808 case VERIFY_12:
1809 case VERIFY_16:
1810 if (r->req.status == -1) {
1811 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1812 }
1813 break;
1814
1815 case WRITE_SAME_10:
1816 case WRITE_SAME_16:
1817 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1818 break;
1819
1820 default:
1821 abort();
1822 }
1823 }
1824
1825 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1826 {
1827 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1828 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1829 uint64_t nb_sectors;
1830 uint8_t *outbuf;
1831 int buflen;
1832
1833 switch (req->cmd.buf[0]) {
1834 case INQUIRY:
1835 case MODE_SENSE:
1836 case MODE_SENSE_10:
1837 case RESERVE:
1838 case RESERVE_10:
1839 case RELEASE:
1840 case RELEASE_10:
1841 case START_STOP:
1842 case ALLOW_MEDIUM_REMOVAL:
1843 case GET_CONFIGURATION:
1844 case GET_EVENT_STATUS_NOTIFICATION:
1845 case MECHANISM_STATUS:
1846 case REQUEST_SENSE:
1847 break;
1848
1849 default:
1850 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
1851 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1852 return 0;
1853 }
1854 break;
1855 }
1856
1857 /*
1858 * FIXME: we shouldn't return anything bigger than 4k, but the code
1859 * requires the buffer to be as big as req->cmd.xfer in several
1860 * places. So, do not allow CDBs with a very large ALLOCATION
1861 * LENGTH. The real fix would be to modify scsi_read_data and
1862 * dma_buf_read, so that they return data beyond the buflen
1863 * as all zeros.
1864 */
1865 if (req->cmd.xfer > 65536) {
1866 goto illegal_request;
1867 }
1868 r->buflen = MAX(4096, req->cmd.xfer);
1869
1870 if (!r->iov.iov_base) {
1871 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1872 }
1873
1874 buflen = req->cmd.xfer;
1875 outbuf = r->iov.iov_base;
1876 memset(outbuf, 0, r->buflen);
1877 switch (req->cmd.buf[0]) {
1878 case TEST_UNIT_READY:
1879 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
1880 break;
1881 case INQUIRY:
1882 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1883 if (buflen < 0) {
1884 goto illegal_request;
1885 }
1886 break;
1887 case MODE_SENSE:
1888 case MODE_SENSE_10:
1889 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1890 if (buflen < 0) {
1891 goto illegal_request;
1892 }
1893 break;
1894 case READ_TOC:
1895 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1896 if (buflen < 0) {
1897 goto illegal_request;
1898 }
1899 break;
1900 case RESERVE:
1901 if (req->cmd.buf[1] & 1) {
1902 goto illegal_request;
1903 }
1904 break;
1905 case RESERVE_10:
1906 if (req->cmd.buf[1] & 3) {
1907 goto illegal_request;
1908 }
1909 break;
1910 case RELEASE:
1911 if (req->cmd.buf[1] & 1) {
1912 goto illegal_request;
1913 }
1914 break;
1915 case RELEASE_10:
1916 if (req->cmd.buf[1] & 3) {
1917 goto illegal_request;
1918 }
1919 break;
1920 case START_STOP:
1921 if (scsi_disk_emulate_start_stop(r) < 0) {
1922 return 0;
1923 }
1924 break;
1925 case ALLOW_MEDIUM_REMOVAL:
1926 s->tray_locked = req->cmd.buf[4] & 1;
1927 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1928 break;
1929 case READ_CAPACITY_10:
1930 /* The normal LEN field for this command is zero. */
1931 memset(outbuf, 0, 8);
1932 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1933 if (!nb_sectors) {
1934 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1935 return 0;
1936 }
1937 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1938 goto illegal_request;
1939 }
1940 nb_sectors /= s->qdev.blocksize / 512;
1941 /* Returned value is the address of the last sector. */
1942 nb_sectors--;
1943 /* Remember the new size for read/write sanity checking. */
1944 s->qdev.max_lba = nb_sectors;
1945 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1946 if (nb_sectors > UINT32_MAX) {
1947 nb_sectors = UINT32_MAX;
1948 }
1949 outbuf[0] = (nb_sectors >> 24) & 0xff;
1950 outbuf[1] = (nb_sectors >> 16) & 0xff;
1951 outbuf[2] = (nb_sectors >> 8) & 0xff;
1952 outbuf[3] = nb_sectors & 0xff;
1953 outbuf[4] = 0;
1954 outbuf[5] = 0;
1955 outbuf[6] = s->qdev.blocksize >> 8;
1956 outbuf[7] = 0;
1957 break;
1958 case REQUEST_SENSE:
1959 /* Just return "NO SENSE". */
1960 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1961 (req->cmd.buf[1] & 1) == 0);
1962 if (buflen < 0) {
1963 goto illegal_request;
1964 }
1965 break;
1966 case MECHANISM_STATUS:
1967 buflen = scsi_emulate_mechanism_status(s, outbuf);
1968 if (buflen < 0) {
1969 goto illegal_request;
1970 }
1971 break;
1972 case GET_CONFIGURATION:
1973 buflen = scsi_get_configuration(s, outbuf);
1974 if (buflen < 0) {
1975 goto illegal_request;
1976 }
1977 break;
1978 case GET_EVENT_STATUS_NOTIFICATION:
1979 buflen = scsi_get_event_status_notification(s, r, outbuf);
1980 if (buflen < 0) {
1981 goto illegal_request;
1982 }
1983 break;
1984 case READ_DISC_INFORMATION:
1985 buflen = scsi_read_disc_information(s, r, outbuf);
1986 if (buflen < 0) {
1987 goto illegal_request;
1988 }
1989 break;
1990 case READ_DVD_STRUCTURE:
1991 buflen = scsi_read_dvd_structure(s, r, outbuf);
1992 if (buflen < 0) {
1993 goto illegal_request;
1994 }
1995 break;
1996 case SERVICE_ACTION_IN_16:
1997 /* Service Action In subcommands. */
1998 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1999 DPRINTF("SAI READ CAPACITY(16)\n");
2000 memset(outbuf, 0, req->cmd.xfer);
2001 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2002 if (!nb_sectors) {
2003 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2004 return 0;
2005 }
2006 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2007 goto illegal_request;
2008 }
2009 nb_sectors /= s->qdev.blocksize / 512;
2010 /* Returned value is the address of the last sector. */
2011 nb_sectors--;
2012 /* Remember the new size for read/write sanity checking. */
2013 s->qdev.max_lba = nb_sectors;
2014 outbuf[0] = (nb_sectors >> 56) & 0xff;
2015 outbuf[1] = (nb_sectors >> 48) & 0xff;
2016 outbuf[2] = (nb_sectors >> 40) & 0xff;
2017 outbuf[3] = (nb_sectors >> 32) & 0xff;
2018 outbuf[4] = (nb_sectors >> 24) & 0xff;
2019 outbuf[5] = (nb_sectors >> 16) & 0xff;
2020 outbuf[6] = (nb_sectors >> 8) & 0xff;
2021 outbuf[7] = nb_sectors & 0xff;
2022 outbuf[8] = 0;
2023 outbuf[9] = 0;
2024 outbuf[10] = s->qdev.blocksize >> 8;
2025 outbuf[11] = 0;
2026 outbuf[12] = 0;
2027 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2028
2029 /* set TPE bit if the format supports discard */
2030 if (s->qdev.conf.discard_granularity) {
2031 outbuf[14] = 0x80;
2032 }
2033
2034 /* Protection, exponent and lowest lba field left blank. */
2035 break;
2036 }
2037 DPRINTF("Unsupported Service Action In\n");
2038 goto illegal_request;
2039 case SYNCHRONIZE_CACHE:
2040 /* The request is used as the AIO opaque value, so add a ref. */
2041 scsi_req_ref(&r->req);
2042 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2043 BLOCK_ACCT_FLUSH);
2044 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2045 return 0;
2046 case SEEK_10:
2047 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2048 if (r->req.cmd.lba > s->qdev.max_lba) {
2049 goto illegal_lba;
2050 }
2051 break;
2052 case MODE_SELECT:
2053 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2054 break;
2055 case MODE_SELECT_10:
2056 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2057 break;
2058 case UNMAP:
2059 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2060 break;
2061 case VERIFY_10:
2062 case VERIFY_12:
2063 case VERIFY_16:
2064 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2065 if (req->cmd.buf[1] & 6) {
2066 goto illegal_request;
2067 }
2068 break;
2069 case WRITE_SAME_10:
2070 case WRITE_SAME_16:
2071 DPRINTF("WRITE SAME %d (len %lu)\n",
2072 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2073 (long)r->req.cmd.xfer);
2074 break;
2075 default:
2076 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2077 scsi_command_name(buf[0]));
2078 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2079 return 0;
2080 }
2081 assert(!r->req.aiocb);
2082 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2083 if (r->iov.iov_len == 0) {
2084 scsi_req_complete(&r->req, GOOD);
2085 }
2086 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2087 assert(r->iov.iov_len == req->cmd.xfer);
2088 return -r->iov.iov_len;
2089 } else {
2090 return r->iov.iov_len;
2091 }
2092
2093 illegal_request:
2094 if (r->req.status == -1) {
2095 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2096 }
2097 return 0;
2098
2099 illegal_lba:
2100 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2101 return 0;
2102 }
2103
2104 /* Execute a scsi command. Returns the length of the data expected by the
2105 command. This will be Positive for data transfers from the device
2106 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2107 and zero if the command does not transfer any data. */
2108
2109 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2110 {
2111 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2113 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2114 uint32_t len;
2115 uint8_t command;
2116
2117 command = buf[0];
2118
2119 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
2120 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2121 return 0;
2122 }
2123
2124 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2125 switch (command) {
2126 case READ_6:
2127 case READ_10:
2128 case READ_12:
2129 case READ_16:
2130 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2131 if (r->req.cmd.buf[1] & 0xe0) {
2132 goto illegal_request;
2133 }
2134 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2135 goto illegal_lba;
2136 }
2137 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2138 r->sector_count = len * (s->qdev.blocksize / 512);
2139 break;
2140 case WRITE_6:
2141 case WRITE_10:
2142 case WRITE_12:
2143 case WRITE_16:
2144 case WRITE_VERIFY_10:
2145 case WRITE_VERIFY_12:
2146 case WRITE_VERIFY_16:
2147 if (blk_is_read_only(s->qdev.conf.blk)) {
2148 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2149 return 0;
2150 }
2151 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2152 (command & 0xe) == 0xe ? "And Verify " : "",
2153 r->req.cmd.lba, len);
2154 if (r->req.cmd.buf[1] & 0xe0) {
2155 goto illegal_request;
2156 }
2157 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2158 goto illegal_lba;
2159 }
2160 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2161 r->sector_count = len * (s->qdev.blocksize / 512);
2162 break;
2163 default:
2164 abort();
2165 illegal_request:
2166 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2167 return 0;
2168 illegal_lba:
2169 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2170 return 0;
2171 }
2172 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2173 if (r->sector_count == 0) {
2174 scsi_req_complete(&r->req, GOOD);
2175 }
2176 assert(r->iov.iov_len == 0);
2177 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2178 return -r->sector_count * 512;
2179 } else {
2180 return r->sector_count * 512;
2181 }
2182 }
2183
2184 static void scsi_disk_reset(DeviceState *dev)
2185 {
2186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2187 uint64_t nb_sectors;
2188
2189 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2190
2191 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2192 nb_sectors /= s->qdev.blocksize / 512;
2193 if (nb_sectors) {
2194 nb_sectors--;
2195 }
2196 s->qdev.max_lba = nb_sectors;
2197 /* reset tray statuses */
2198 s->tray_locked = 0;
2199 s->tray_open = 0;
2200 }
2201
2202 static void scsi_disk_resize_cb(void *opaque)
2203 {
2204 SCSIDiskState *s = opaque;
2205
2206 /* SPC lists this sense code as available only for
2207 * direct-access devices.
2208 */
2209 if (s->qdev.type == TYPE_DISK) {
2210 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2211 }
2212 }
2213
2214 static void scsi_cd_change_media_cb(void *opaque, bool load)
2215 {
2216 SCSIDiskState *s = opaque;
2217
2218 /*
2219 * When a CD gets changed, we have to report an ejected state and
2220 * then a loaded state to guests so that they detect tray
2221 * open/close and media change events. Guests that do not use
2222 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2223 * states rely on this behavior.
2224 *
2225 * media_changed governs the state machine used for unit attention
2226 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2227 */
2228 s->media_changed = load;
2229 s->tray_open = !load;
2230 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2231 s->media_event = true;
2232 s->eject_request = false;
2233 }
2234
2235 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2236 {
2237 SCSIDiskState *s = opaque;
2238
2239 s->eject_request = true;
2240 if (force) {
2241 s->tray_locked = false;
2242 }
2243 }
2244
2245 static bool scsi_cd_is_tray_open(void *opaque)
2246 {
2247 return ((SCSIDiskState *)opaque)->tray_open;
2248 }
2249
2250 static bool scsi_cd_is_medium_locked(void *opaque)
2251 {
2252 return ((SCSIDiskState *)opaque)->tray_locked;
2253 }
2254
2255 static const BlockDevOps scsi_disk_removable_block_ops = {
2256 .change_media_cb = scsi_cd_change_media_cb,
2257 .eject_request_cb = scsi_cd_eject_request_cb,
2258 .is_tray_open = scsi_cd_is_tray_open,
2259 .is_medium_locked = scsi_cd_is_medium_locked,
2260
2261 .resize_cb = scsi_disk_resize_cb,
2262 };
2263
2264 static const BlockDevOps scsi_disk_block_ops = {
2265 .resize_cb = scsi_disk_resize_cb,
2266 };
2267
2268 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2269 {
2270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2271 if (s->media_changed) {
2272 s->media_changed = false;
2273 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2274 }
2275 }
2276
2277 static void scsi_realize(SCSIDevice *dev, Error **errp)
2278 {
2279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2280 Error *err = NULL;
2281
2282 if (!s->qdev.conf.blk) {
2283 error_setg(errp, "drive property not set");
2284 return;
2285 }
2286
2287 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2288 !blk_is_inserted(s->qdev.conf.blk)) {
2289 error_setg(errp, "Device needs media, but drive is empty");
2290 return;
2291 }
2292
2293 blkconf_serial(&s->qdev.conf, &s->serial);
2294 blkconf_blocksizes(&s->qdev.conf);
2295 if (dev->type == TYPE_DISK) {
2296 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2297 if (err) {
2298 error_propagate(errp, err);
2299 return;
2300 }
2301 }
2302
2303 if (s->qdev.conf.discard_granularity == -1) {
2304 s->qdev.conf.discard_granularity =
2305 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2306 }
2307
2308 if (!s->version) {
2309 s->version = g_strdup(qemu_hw_version());
2310 }
2311 if (!s->vendor) {
2312 s->vendor = g_strdup("QEMU");
2313 }
2314
2315 if (blk_is_sg(s->qdev.conf.blk)) {
2316 error_setg(errp, "unwanted /dev/sg*");
2317 return;
2318 }
2319
2320 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2321 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2322 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2323 } else {
2324 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2325 }
2326 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2327
2328 blk_iostatus_enable(s->qdev.conf.blk);
2329 }
2330
2331 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2332 {
2333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2334 /* can happen for devices without drive. The error message for missing
2335 * backend will be issued in scsi_realize
2336 */
2337 if (s->qdev.conf.blk) {
2338 blkconf_blocksizes(&s->qdev.conf);
2339 }
2340 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2341 s->qdev.type = TYPE_DISK;
2342 if (!s->product) {
2343 s->product = g_strdup("QEMU HARDDISK");
2344 }
2345 scsi_realize(&s->qdev, errp);
2346 }
2347
2348 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2349 {
2350 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2351 s->qdev.blocksize = 2048;
2352 s->qdev.type = TYPE_ROM;
2353 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2354 if (!s->product) {
2355 s->product = g_strdup("QEMU CD-ROM");
2356 }
2357 scsi_realize(&s->qdev, errp);
2358 }
2359
2360 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2361 {
2362 DriveInfo *dinfo;
2363 Error *local_err = NULL;
2364
2365 if (!dev->conf.blk) {
2366 scsi_realize(dev, &local_err);
2367 assert(local_err);
2368 error_propagate(errp, local_err);
2369 return;
2370 }
2371
2372 dinfo = blk_legacy_dinfo(dev->conf.blk);
2373 if (dinfo && dinfo->media_cd) {
2374 scsi_cd_realize(dev, errp);
2375 } else {
2376 scsi_hd_realize(dev, errp);
2377 }
2378 }
2379
2380 static const SCSIReqOps scsi_disk_emulate_reqops = {
2381 .size = sizeof(SCSIDiskReq),
2382 .free_req = scsi_free_request,
2383 .send_command = scsi_disk_emulate_command,
2384 .read_data = scsi_disk_emulate_read_data,
2385 .write_data = scsi_disk_emulate_write_data,
2386 .get_buf = scsi_get_buf,
2387 };
2388
2389 static const SCSIReqOps scsi_disk_dma_reqops = {
2390 .size = sizeof(SCSIDiskReq),
2391 .free_req = scsi_free_request,
2392 .send_command = scsi_disk_dma_command,
2393 .read_data = scsi_read_data,
2394 .write_data = scsi_write_data,
2395 .get_buf = scsi_get_buf,
2396 .load_request = scsi_disk_load_request,
2397 .save_request = scsi_disk_save_request,
2398 };
2399
2400 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2401 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2402 [INQUIRY] = &scsi_disk_emulate_reqops,
2403 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2404 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2405 [START_STOP] = &scsi_disk_emulate_reqops,
2406 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2407 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2408 [READ_TOC] = &scsi_disk_emulate_reqops,
2409 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2410 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2411 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2412 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2413 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2414 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2415 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2416 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2417 [SEEK_10] = &scsi_disk_emulate_reqops,
2418 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2419 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2420 [UNMAP] = &scsi_disk_emulate_reqops,
2421 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2422 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2423 [VERIFY_10] = &scsi_disk_emulate_reqops,
2424 [VERIFY_12] = &scsi_disk_emulate_reqops,
2425 [VERIFY_16] = &scsi_disk_emulate_reqops,
2426
2427 [READ_6] = &scsi_disk_dma_reqops,
2428 [READ_10] = &scsi_disk_dma_reqops,
2429 [READ_12] = &scsi_disk_dma_reqops,
2430 [READ_16] = &scsi_disk_dma_reqops,
2431 [WRITE_6] = &scsi_disk_dma_reqops,
2432 [WRITE_10] = &scsi_disk_dma_reqops,
2433 [WRITE_12] = &scsi_disk_dma_reqops,
2434 [WRITE_16] = &scsi_disk_dma_reqops,
2435 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2436 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2437 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2438 };
2439
2440 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2441 uint8_t *buf, void *hba_private)
2442 {
2443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2444 SCSIRequest *req;
2445 const SCSIReqOps *ops;
2446 uint8_t command;
2447
2448 command = buf[0];
2449 ops = scsi_disk_reqops_dispatch[command];
2450 if (!ops) {
2451 ops = &scsi_disk_emulate_reqops;
2452 }
2453 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2454
2455 #ifdef DEBUG_SCSI
2456 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2457 {
2458 int i;
2459 for (i = 1; i < scsi_cdb_length(buf); i++) {
2460 printf(" 0x%02x", buf[i]);
2461 }
2462 printf("\n");
2463 }
2464 #endif
2465
2466 return req;
2467 }
2468
2469 #ifdef __linux__
2470 static int get_device_type(SCSIDiskState *s)
2471 {
2472 uint8_t cmd[16];
2473 uint8_t buf[36];
2474 uint8_t sensebuf[8];
2475 sg_io_hdr_t io_header;
2476 int ret;
2477
2478 memset(cmd, 0, sizeof(cmd));
2479 memset(buf, 0, sizeof(buf));
2480 cmd[0] = INQUIRY;
2481 cmd[4] = sizeof(buf);
2482
2483 memset(&io_header, 0, sizeof(io_header));
2484 io_header.interface_id = 'S';
2485 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2486 io_header.dxfer_len = sizeof(buf);
2487 io_header.dxferp = buf;
2488 io_header.cmdp = cmd;
2489 io_header.cmd_len = sizeof(cmd);
2490 io_header.mx_sb_len = sizeof(sensebuf);
2491 io_header.sbp = sensebuf;
2492 io_header.timeout = 6000; /* XXX */
2493
2494 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2495 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2496 return -1;
2497 }
2498 s->qdev.type = buf[0];
2499 if (buf[1] & 0x80) {
2500 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2501 }
2502 return 0;
2503 }
2504
2505 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2506 {
2507 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2508 int sg_version;
2509 int rc;
2510
2511 if (!s->qdev.conf.blk) {
2512 error_setg(errp, "drive property not set");
2513 return;
2514 }
2515
2516 /* check we are using a driver managing SG_IO (version 3 and after) */
2517 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2518 if (rc < 0) {
2519 error_setg(errp, "cannot get SG_IO version number: %s. "
2520 "Is this a SCSI device?",
2521 strerror(-rc));
2522 return;
2523 }
2524 if (sg_version < 30000) {
2525 error_setg(errp, "scsi generic interface too old");
2526 return;
2527 }
2528
2529 /* get device type from INQUIRY data */
2530 rc = get_device_type(s);
2531 if (rc < 0) {
2532 error_setg(errp, "INQUIRY failed");
2533 return;
2534 }
2535
2536 /* Make a guess for the block size, we'll fix it when the guest sends.
2537 * READ CAPACITY. If they don't, they likely would assume these sizes
2538 * anyway. (TODO: check in /sys).
2539 */
2540 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2541 s->qdev.blocksize = 2048;
2542 } else {
2543 s->qdev.blocksize = 512;
2544 }
2545
2546 /* Makes the scsi-block device not removable by using HMP and QMP eject
2547 * command.
2548 */
2549 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2550
2551 scsi_realize(&s->qdev, errp);
2552 scsi_generic_read_device_identification(&s->qdev);
2553 }
2554
2555 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2556 {
2557 switch (buf[0]) {
2558 case READ_6:
2559 case READ_10:
2560 case READ_12:
2561 case READ_16:
2562 case VERIFY_10:
2563 case VERIFY_12:
2564 case VERIFY_16:
2565 case WRITE_6:
2566 case WRITE_10:
2567 case WRITE_12:
2568 case WRITE_16:
2569 case WRITE_VERIFY_10:
2570 case WRITE_VERIFY_12:
2571 case WRITE_VERIFY_16:
2572 /* If we are not using O_DIRECT, we might read stale data from the
2573 * host cache if writes were made using other commands than these
2574 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2575 * O_DIRECT everything must go through SG_IO.
2576 */
2577 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) {
2578 break;
2579 }
2580
2581 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2582 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2583 * And once you do these writes, reading from the block device is
2584 * unreliable, too. It is even possible that reads deliver random data
2585 * from the host page cache (this is probably a Linux bug).
2586 *
2587 * We might use scsi_disk_dma_reqops as long as no writing commands are
2588 * seen, but performance usually isn't paramount on optical media. So,
2589 * just make scsi-block operate the same as scsi-generic for them.
2590 */
2591 if (s->qdev.type != TYPE_ROM) {
2592 return false;
2593 }
2594 break;
2595
2596 default:
2597 break;
2598 }
2599
2600 return true;
2601 }
2602
2603
2604 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2605 uint32_t lun, uint8_t *buf,
2606 void *hba_private)
2607 {
2608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2609
2610 if (scsi_block_is_passthrough(s, buf)) {
2611 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2612 hba_private);
2613 } else {
2614 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2615 hba_private);
2616 }
2617 }
2618
2619 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2620 uint8_t *buf, void *hba_private)
2621 {
2622 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2623
2624 if (scsi_block_is_passthrough(s, buf)) {
2625 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2626 } else {
2627 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2628 }
2629 }
2630
2631 #endif
2632
2633 static
2634 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2635 BlockCompletionFunc *cb, void *cb_opaque,
2636 void *opaque)
2637 {
2638 SCSIDiskReq *r = opaque;
2639 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2640 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2641 }
2642
2643 static
2644 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2645 BlockCompletionFunc *cb, void *cb_opaque,
2646 void *opaque)
2647 {
2648 SCSIDiskReq *r = opaque;
2649 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2650 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2651 }
2652
2653 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2654 {
2655 DeviceClass *dc = DEVICE_CLASS(klass);
2656 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2657
2658 dc->fw_name = "disk";
2659 dc->reset = scsi_disk_reset;
2660 sdc->dma_readv = scsi_dma_readv;
2661 sdc->dma_writev = scsi_dma_writev;
2662 sdc->need_fua_emulation = scsi_is_cmd_fua;
2663 }
2664
2665 static const TypeInfo scsi_disk_base_info = {
2666 .name = TYPE_SCSI_DISK_BASE,
2667 .parent = TYPE_SCSI_DEVICE,
2668 .class_init = scsi_disk_base_class_initfn,
2669 .instance_size = sizeof(SCSIDiskState),
2670 .class_size = sizeof(SCSIDiskClass),
2671 };
2672
2673 #define DEFINE_SCSI_DISK_PROPERTIES() \
2674 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2675 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2676 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2677 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2678 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2679
2680 static Property scsi_hd_properties[] = {
2681 DEFINE_SCSI_DISK_PROPERTIES(),
2682 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2683 SCSI_DISK_F_REMOVABLE, false),
2684 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2685 SCSI_DISK_F_DPOFUA, false),
2686 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2687 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2688 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2689 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2690 DEFAULT_MAX_UNMAP_SIZE),
2691 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2692 DEFAULT_MAX_IO_SIZE),
2693 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2694 DEFINE_PROP_END_OF_LIST(),
2695 };
2696
2697 static const VMStateDescription vmstate_scsi_disk_state = {
2698 .name = "scsi-disk",
2699 .version_id = 1,
2700 .minimum_version_id = 1,
2701 .fields = (VMStateField[]) {
2702 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2703 VMSTATE_BOOL(media_changed, SCSIDiskState),
2704 VMSTATE_BOOL(media_event, SCSIDiskState),
2705 VMSTATE_BOOL(eject_request, SCSIDiskState),
2706 VMSTATE_BOOL(tray_open, SCSIDiskState),
2707 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2708 VMSTATE_END_OF_LIST()
2709 }
2710 };
2711
2712 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2713 {
2714 DeviceClass *dc = DEVICE_CLASS(klass);
2715 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2716
2717 sc->realize = scsi_hd_realize;
2718 sc->alloc_req = scsi_new_request;
2719 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2720 dc->desc = "virtual SCSI disk";
2721 dc->props = scsi_hd_properties;
2722 dc->vmsd = &vmstate_scsi_disk_state;
2723 }
2724
2725 static const TypeInfo scsi_hd_info = {
2726 .name = "scsi-hd",
2727 .parent = TYPE_SCSI_DISK_BASE,
2728 .class_init = scsi_hd_class_initfn,
2729 };
2730
2731 static Property scsi_cd_properties[] = {
2732 DEFINE_SCSI_DISK_PROPERTIES(),
2733 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2734 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2735 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2736 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2737 DEFAULT_MAX_IO_SIZE),
2738 DEFINE_PROP_END_OF_LIST(),
2739 };
2740
2741 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2742 {
2743 DeviceClass *dc = DEVICE_CLASS(klass);
2744 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2745
2746 sc->realize = scsi_cd_realize;
2747 sc->alloc_req = scsi_new_request;
2748 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2749 dc->desc = "virtual SCSI CD-ROM";
2750 dc->props = scsi_cd_properties;
2751 dc->vmsd = &vmstate_scsi_disk_state;
2752 }
2753
2754 static const TypeInfo scsi_cd_info = {
2755 .name = "scsi-cd",
2756 .parent = TYPE_SCSI_DISK_BASE,
2757 .class_init = scsi_cd_class_initfn,
2758 };
2759
2760 #ifdef __linux__
2761 static Property scsi_block_properties[] = {
2762 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2763 DEFINE_PROP_END_OF_LIST(),
2764 };
2765
2766 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2767 {
2768 DeviceClass *dc = DEVICE_CLASS(klass);
2769 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2770
2771 sc->realize = scsi_block_realize;
2772 sc->alloc_req = scsi_block_new_request;
2773 sc->parse_cdb = scsi_block_parse_cdb;
2774 dc->desc = "SCSI block device passthrough";
2775 dc->props = scsi_block_properties;
2776 dc->vmsd = &vmstate_scsi_disk_state;
2777 }
2778
2779 static const TypeInfo scsi_block_info = {
2780 .name = "scsi-block",
2781 .parent = TYPE_SCSI_DISK_BASE,
2782 .class_init = scsi_block_class_initfn,
2783 };
2784 #endif
2785
2786 static Property scsi_disk_properties[] = {
2787 DEFINE_SCSI_DISK_PROPERTIES(),
2788 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2789 SCSI_DISK_F_REMOVABLE, false),
2790 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2791 SCSI_DISK_F_DPOFUA, false),
2792 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2793 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2794 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2795 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2796 DEFAULT_MAX_UNMAP_SIZE),
2797 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2798 DEFAULT_MAX_IO_SIZE),
2799 DEFINE_PROP_END_OF_LIST(),
2800 };
2801
2802 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2803 {
2804 DeviceClass *dc = DEVICE_CLASS(klass);
2805 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2806
2807 sc->realize = scsi_disk_realize;
2808 sc->alloc_req = scsi_new_request;
2809 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2810 dc->fw_name = "disk";
2811 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2812 dc->reset = scsi_disk_reset;
2813 dc->props = scsi_disk_properties;
2814 dc->vmsd = &vmstate_scsi_disk_state;
2815 }
2816
2817 static const TypeInfo scsi_disk_info = {
2818 .name = "scsi-disk",
2819 .parent = TYPE_SCSI_DISK_BASE,
2820 .class_init = scsi_disk_class_initfn,
2821 };
2822
2823 static void scsi_disk_register_types(void)
2824 {
2825 type_register_static(&scsi_disk_base_info);
2826 type_register_static(&scsi_hd_info);
2827 type_register_static(&scsi_cd_info);
2828 #ifdef __linux__
2829 type_register_static(&scsi_block_info);
2830 #endif
2831 type_register_static(&scsi_disk_info);
2832 }
2833
2834 type_init(scsi_disk_register_types)
Mirror of https://git.qemu.org/git/qemu.git