]> git.ipfire.org Git - thirdparty/qemu.git/blob - hw/scsi/scsi-disk.c
projects / thirdparty / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-block: fix direction of BYTCHK test for VERIFY commands
[thirdparty/qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65 typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
69 bool (*need_fua_emulation)(SCSICommand *cmd);
70 } SCSIDiskClass;
71
72 typedef struct SCSIDiskReq {
73 SCSIRequest req;
74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
75 uint64_t sector;
76 uint32_t sector_count;
77 uint32_t buflen;
78 bool started;
79 bool need_fua_emulation;
80 struct iovec iov;
81 QEMUIOVector qiov;
82 BlockAcctCookie acct;
83 unsigned char *status;
84 } SCSIDiskReq;
85
86 #define SCSI_DISK_F_REMOVABLE 0
87 #define SCSI_DISK_F_DPOFUA 1
88 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
89
90 typedef struct SCSIDiskState
91 {
92 SCSIDevice qdev;
93 uint32_t features;
94 bool media_changed;
95 bool media_event;
96 bool eject_request;
97 uint16_t port_index;
98 uint64_t max_unmap_size;
99 uint64_t max_io_size;
100 QEMUBH *bh;
101 char *version;
102 char *serial;
103 char *vendor;
104 char *product;
105 bool tray_open;
106 bool tray_locked;
107 } SCSIDiskState;
108
109 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
110
111 static void scsi_free_request(SCSIRequest *req)
112 {
113 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
114
115 qemu_vfree(r->iov.iov_base);
116 }
117
118 /* Helper function for command completion with sense. */
119 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
120 {
121 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
122 r->req.tag, sense.key, sense.asc, sense.ascq);
123 scsi_req_build_sense(&r->req, sense);
124 scsi_req_complete(&r->req, CHECK_CONDITION);
125 }
126
127 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
128 {
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130
131 if (!r->iov.iov_base) {
132 r->buflen = size;
133 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
134 }
135 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
136 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
137 }
138
139 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
140 {
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_put_be64s(f, &r->sector);
144 qemu_put_be32s(f, &r->sector_count);
145 qemu_put_be32s(f, &r->buflen);
146 if (r->buflen) {
147 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
148 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
149 } else if (!req->retry) {
150 uint32_t len = r->iov.iov_len;
151 qemu_put_be32s(f, &len);
152 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 }
154 }
155 }
156
157 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
158 {
159 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
160
161 qemu_get_be64s(f, &r->sector);
162 qemu_get_be32s(f, &r->sector_count);
163 qemu_get_be32s(f, &r->buflen);
164 if (r->buflen) {
165 scsi_init_iovec(r, r->buflen);
166 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
168 } else if (!r->req.retry) {
169 uint32_t len;
170 qemu_get_be32s(f, &len);
171 r->iov.iov_len = len;
172 assert(r->iov.iov_len <= r->buflen);
173 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
174 }
175 }
176
177 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
178 }
179
180 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
181 {
182 if (r->req.io_canceled) {
183 scsi_req_cancel_complete(&r->req);
184 return true;
185 }
186
187 if (ret < 0) {
188 return scsi_handle_rw_error(r, -ret, acct_failed);
189 }
190
191 if (r->status && *r->status) {
192 if (acct_failed) {
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
195 }
196 scsi_req_complete(&r->req, *r->status);
197 return true;
198 }
199
200 return false;
201 }
202
203 static void scsi_aio_complete(void *opaque, int ret)
204 {
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
210 if (scsi_disk_req_check_error(r, ret, true)) {
211 goto done;
212 }
213
214 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
215 scsi_req_complete(&r->req, GOOD);
216
217 done:
218 scsi_req_unref(&r->req);
219 }
220
221 static bool scsi_is_cmd_fua(SCSICommand *cmd)
222 {
223 switch (cmd->buf[0]) {
224 case READ_10:
225 case READ_12:
226 case READ_16:
227 case WRITE_10:
228 case WRITE_12:
229 case WRITE_16:
230 return (cmd->buf[1] & 8) != 0;
231
232 case VERIFY_10:
233 case VERIFY_12:
234 case VERIFY_16:
235 case WRITE_VERIFY_10:
236 case WRITE_VERIFY_12:
237 case WRITE_VERIFY_16:
238 return true;
239
240 case READ_6:
241 case WRITE_6:
242 default:
243 return false;
244 }
245 }
246
247 static void scsi_write_do_fua(SCSIDiskReq *r)
248 {
249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250
251 assert(r->req.aiocb == NULL);
252 assert(!r->req.io_canceled);
253
254 if (r->need_fua_emulation) {
255 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
256 BLOCK_ACCT_FLUSH);
257 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
258 return;
259 }
260
261 scsi_req_complete(&r->req, GOOD);
262 scsi_req_unref(&r->req);
263 }
264
265 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
266 {
267 assert(r->req.aiocb == NULL);
268 if (scsi_disk_req_check_error(r, ret, false)) {
269 goto done;
270 }
271
272 r->sector += r->sector_count;
273 r->sector_count = 0;
274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
280
281 done:
282 scsi_req_unref(&r->req);
283 }
284
285 static void scsi_dma_complete(void *opaque, int ret)
286 {
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
289
290 assert(r->req.aiocb != NULL);
291 r->req.aiocb = NULL;
292
293 if (ret < 0) {
294 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
295 } else {
296 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
297 }
298 scsi_dma_complete_noio(r, ret);
299 }
300
301 static void scsi_read_complete(void * opaque, int ret)
302 {
303 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
305 int n;
306
307 assert(r->req.aiocb != NULL);
308 r->req.aiocb = NULL;
309 if (scsi_disk_req_check_error(r, ret, true)) {
310 goto done;
311 }
312
313 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
320
321 done:
322 scsi_req_unref(&r->req);
323 }
324
325 /* Actually issue a read to the block device. */
326 static void scsi_do_read(SCSIDiskReq *r, int ret)
327 {
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
329 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
330
331 assert (r->req.aiocb == NULL);
332 if (scsi_disk_req_check_error(r, ret, false)) {
333 goto done;
334 }
335
336 /* The request is used as the AIO opaque value, so add a ref. */
337 scsi_req_ref(&r->req);
338
339 if (r->req.sg) {
340 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
341 r->req.resid -= r->req.sg->size;
342 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
343 r->req.sg, r->sector << BDRV_SECTOR_BITS,
344 BDRV_SECTOR_SIZE,
345 sdc->dma_readv, r, scsi_dma_complete, r,
346 DMA_DIRECTION_FROM_DEVICE);
347 } else {
348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
349 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
350 r->qiov.size, BLOCK_ACCT_READ);
351 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
352 scsi_read_complete, r, r);
353 }
354
355 done:
356 scsi_req_unref(&r->req);
357 }
358
359 static void scsi_do_read_cb(void *opaque, int ret)
360 {
361 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
363
364 assert (r->req.aiocb != NULL);
365 r->req.aiocb = NULL;
366
367 if (ret < 0) {
368 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
369 } else {
370 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
371 }
372 scsi_do_read(opaque, ret);
373 }
374
375 /* Read more data from scsi device into buffer. */
376 static void scsi_read_data(SCSIRequest *req)
377 {
378 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
379 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380 bool first;
381
382 DPRINTF("Read sector_count=%d\n", r->sector_count);
383 if (r->sector_count == 0) {
384 /* This also clears the sense buffer for REQUEST SENSE. */
385 scsi_req_complete(&r->req, GOOD);
386 return;
387 }
388
389 /* No data transfer may already be in progress */
390 assert(r->req.aiocb == NULL);
391
392 /* The request is used as the AIO opaque value, so add a ref. */
393 scsi_req_ref(&r->req);
394 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
395 DPRINTF("Data transfer direction invalid\n");
396 scsi_read_complete(r, -EINVAL);
397 return;
398 }
399
400 if (!blk_is_available(req->dev->conf.blk)) {
401 scsi_read_complete(r, -ENOMEDIUM);
402 return;
403 }
404
405 first = !r->started;
406 r->started = true;
407 if (first && r->need_fua_emulation) {
408 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
409 BLOCK_ACCT_FLUSH);
410 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
411 } else {
412 scsi_do_read(r, 0);
413 }
414 }
415
416 /*
417 * scsi_handle_rw_error has two return values. 0 means that the error
418 * must be ignored, 1 means that the error has been processed and the
419 * caller should not do anything else for this request. Note that
420 * scsi_handle_rw_error always manages its reference counts, independent
421 * of the return value.
422 */
423 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
424 {
425 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
427 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
428 is_read, error);
429
430 if (action == BLOCK_ERROR_ACTION_REPORT) {
431 if (acct_failed) {
432 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
433 }
434 switch (error) {
435 case ENOMEDIUM:
436 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
437 break;
438 case ENOMEM:
439 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
440 break;
441 case EINVAL:
442 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
443 break;
444 case ENOSPC:
445 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
446 break;
447 default:
448 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
449 break;
450 }
451 }
452 blk_error_action(s->qdev.conf.blk, action, is_read, error);
453 if (action == BLOCK_ERROR_ACTION_STOP) {
454 scsi_req_retry(&r->req);
455 }
456 return action != BLOCK_ERROR_ACTION_IGNORE;
457 }
458
459 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
460 {
461 uint32_t n;
462
463 assert (r->req.aiocb == NULL);
464 if (scsi_disk_req_check_error(r, ret, false)) {
465 goto done;
466 }
467
468 n = r->qiov.size / 512;
469 r->sector += n;
470 r->sector_count -= n;
471 if (r->sector_count == 0) {
472 scsi_write_do_fua(r);
473 return;
474 } else {
475 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
476 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
477 scsi_req_data(&r->req, r->qiov.size);
478 }
479
480 done:
481 scsi_req_unref(&r->req);
482 }
483
484 static void scsi_write_complete(void * opaque, int ret)
485 {
486 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
487 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
488
489 assert (r->req.aiocb != NULL);
490 r->req.aiocb = NULL;
491
492 if (ret < 0) {
493 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
494 } else {
495 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
496 }
497 scsi_write_complete_noio(r, ret);
498 }
499
500 static void scsi_write_data(SCSIRequest *req)
501 {
502 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
504 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
505
506 /* No data transfer may already be in progress */
507 assert(r->req.aiocb == NULL);
508
509 /* The request is used as the AIO opaque value, so add a ref. */
510 scsi_req_ref(&r->req);
511 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
512 DPRINTF("Data transfer direction invalid\n");
513 scsi_write_complete_noio(r, -EINVAL);
514 return;
515 }
516
517 if (!r->req.sg && !r->qiov.size) {
518 /* Called for the first time. Ask the driver to send us more data. */
519 r->started = true;
520 scsi_write_complete_noio(r, 0);
521 return;
522 }
523 if (!blk_is_available(req->dev->conf.blk)) {
524 scsi_write_complete_noio(r, -ENOMEDIUM);
525 return;
526 }
527
528 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
529 r->req.cmd.buf[0] == VERIFY_16) {
530 if (r->req.sg) {
531 scsi_dma_complete_noio(r, 0);
532 } else {
533 scsi_write_complete_noio(r, 0);
534 }
535 return;
536 }
537
538 if (r->req.sg) {
539 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
540 r->req.resid -= r->req.sg->size;
541 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
542 r->req.sg, r->sector << BDRV_SECTOR_BITS,
543 BDRV_SECTOR_SIZE,
544 sdc->dma_writev, r, scsi_dma_complete, r,
545 DMA_DIRECTION_TO_DEVICE);
546 } else {
547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
548 r->qiov.size, BLOCK_ACCT_WRITE);
549 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
550 scsi_write_complete, r, r);
551 }
552 }
553
554 /* Return a pointer to the data buffer. */
555 static uint8_t *scsi_get_buf(SCSIRequest *req)
556 {
557 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
558
559 return (uint8_t *)r->iov.iov_base;
560 }
561
562 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
563 {
564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
565 int buflen = 0;
566 int start;
567
568 if (req->cmd.buf[1] & 0x1) {
569 /* Vital product data */
570 uint8_t page_code = req->cmd.buf[2];
571
572 outbuf[buflen++] = s->qdev.type & 0x1f;
573 outbuf[buflen++] = page_code ; // this page
574 outbuf[buflen++] = 0x00;
575 outbuf[buflen++] = 0x00;
576 start = buflen;
577
578 switch (page_code) {
579 case 0x00: /* Supported page codes, mandatory */
580 {
581 DPRINTF("Inquiry EVPD[Supported pages] "
582 "buffer size %zd\n", req->cmd.xfer);
583 outbuf[buflen++] = 0x00; // list of supported pages (this page)
584 if (s->serial) {
585 outbuf[buflen++] = 0x80; // unit serial number
586 }
587 outbuf[buflen++] = 0x83; // device identification
588 if (s->qdev.type == TYPE_DISK) {
589 outbuf[buflen++] = 0xb0; // block limits
590 outbuf[buflen++] = 0xb2; // thin provisioning
591 }
592 break;
593 }
594 case 0x80: /* Device serial number, optional */
595 {
596 int l;
597
598 if (!s->serial) {
599 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
600 return -1;
601 }
602
603 l = strlen(s->serial);
604 if (l > 36) {
605 l = 36;
606 }
607
608 DPRINTF("Inquiry EVPD[Serial number] "
609 "buffer size %zd\n", req->cmd.xfer);
610 memcpy(outbuf+buflen, s->serial, l);
611 buflen += l;
612 break;
613 }
614
615 case 0x83: /* Device identification page, mandatory */
616 {
617 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
618 int max_len = s->serial ? 20 : 255 - 8;
619 int id_len = strlen(str);
620
621 if (id_len > max_len) {
622 id_len = max_len;
623 }
624 DPRINTF("Inquiry EVPD[Device identification] "
625 "buffer size %zd\n", req->cmd.xfer);
626
627 outbuf[buflen++] = 0x2; // ASCII
628 outbuf[buflen++] = 0; // not officially assigned
629 outbuf[buflen++] = 0; // reserved
630 outbuf[buflen++] = id_len; // length of data following
631 memcpy(outbuf+buflen, str, id_len);
632 buflen += id_len;
633
634 if (s->qdev.wwn) {
635 outbuf[buflen++] = 0x1; // Binary
636 outbuf[buflen++] = 0x3; // NAA
637 outbuf[buflen++] = 0; // reserved
638 outbuf[buflen++] = 8;
639 stq_be_p(&outbuf[buflen], s->qdev.wwn);
640 buflen += 8;
641 }
642
643 if (s->qdev.port_wwn) {
644 outbuf[buflen++] = 0x61; // SAS / Binary
645 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
646 outbuf[buflen++] = 0; // reserved
647 outbuf[buflen++] = 8;
648 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
649 buflen += 8;
650 }
651
652 if (s->port_index) {
653 outbuf[buflen++] = 0x61; // SAS / Binary
654 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
655 outbuf[buflen++] = 0; // reserved
656 outbuf[buflen++] = 4;
657 stw_be_p(&outbuf[buflen + 2], s->port_index);
658 buflen += 4;
659 }
660 break;
661 }
662 case 0xb0: /* block limits */
663 {
664 unsigned int unmap_sectors =
665 s->qdev.conf.discard_granularity / s->qdev.blocksize;
666 unsigned int min_io_size =
667 s->qdev.conf.min_io_size / s->qdev.blocksize;
668 unsigned int opt_io_size =
669 s->qdev.conf.opt_io_size / s->qdev.blocksize;
670 unsigned int max_unmap_sectors =
671 s->max_unmap_size / s->qdev.blocksize;
672 unsigned int max_io_sectors =
673 s->max_io_size / s->qdev.blocksize;
674
675 if (s->qdev.type == TYPE_ROM) {
676 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
677 page_code);
678 return -1;
679 }
680 /* required VPD size with unmap support */
681 buflen = 0x40;
682 memset(outbuf + 4, 0, buflen - 4);
683
684 outbuf[4] = 0x1; /* wsnz */
685
686 /* optimal transfer length granularity */
687 outbuf[6] = (min_io_size >> 8) & 0xff;
688 outbuf[7] = min_io_size & 0xff;
689
690 /* maximum transfer length */
691 outbuf[8] = (max_io_sectors >> 24) & 0xff;
692 outbuf[9] = (max_io_sectors >> 16) & 0xff;
693 outbuf[10] = (max_io_sectors >> 8) & 0xff;
694 outbuf[11] = max_io_sectors & 0xff;
695
696 /* optimal transfer length */
697 outbuf[12] = (opt_io_size >> 24) & 0xff;
698 outbuf[13] = (opt_io_size >> 16) & 0xff;
699 outbuf[14] = (opt_io_size >> 8) & 0xff;
700 outbuf[15] = opt_io_size & 0xff;
701
702 /* max unmap LBA count, default is 1GB */
703 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
704 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
705 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
706 outbuf[23] = max_unmap_sectors & 0xff;
707
708 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
709 outbuf[24] = 0;
710 outbuf[25] = 0;
711 outbuf[26] = 0;
712 outbuf[27] = 255;
713
714 /* optimal unmap granularity */
715 outbuf[28] = (unmap_sectors >> 24) & 0xff;
716 outbuf[29] = (unmap_sectors >> 16) & 0xff;
717 outbuf[30] = (unmap_sectors >> 8) & 0xff;
718 outbuf[31] = unmap_sectors & 0xff;
719
720 /* max write same size */
721 outbuf[36] = 0;
722 outbuf[37] = 0;
723 outbuf[38] = 0;
724 outbuf[39] = 0;
725
726 outbuf[40] = (max_io_sectors >> 24) & 0xff;
727 outbuf[41] = (max_io_sectors >> 16) & 0xff;
728 outbuf[42] = (max_io_sectors >> 8) & 0xff;
729 outbuf[43] = max_io_sectors & 0xff;
730 break;
731 }
732 case 0xb2: /* thin provisioning */
733 {
734 buflen = 8;
735 outbuf[4] = 0;
736 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
737 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
738 outbuf[7] = 0;
739 break;
740 }
741 default:
742 return -1;
743 }
744 /* done with EVPD */
745 assert(buflen - start <= 255);
746 outbuf[start - 1] = buflen - start;
747 return buflen;
748 }
749
750 /* Standard INQUIRY data */
751 if (req->cmd.buf[2] != 0) {
752 return -1;
753 }
754
755 /* PAGE CODE == 0 */
756 buflen = req->cmd.xfer;
757 if (buflen > SCSI_MAX_INQUIRY_LEN) {
758 buflen = SCSI_MAX_INQUIRY_LEN;
759 }
760
761 outbuf[0] = s->qdev.type & 0x1f;
762 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
763
764 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
765 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
766
767 memset(&outbuf[32], 0, 4);
768 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
769 /*
770 * We claim conformance to SPC-3, which is required for guests
771 * to ask for modern features like READ CAPACITY(16) or the
772 * block characteristics VPD page by default. Not all of SPC-3
773 * is actually implemented, but we're good enough.
774 */
775 outbuf[2] = 5;
776 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
777
778 if (buflen > 36) {
779 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
780 } else {
781 /* If the allocation length of CDB is too small,
782 the additional length is not adjusted */
783 outbuf[4] = 36 - 5;
784 }
785
786 /* Sync data transfer and TCQ. */
787 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
788 return buflen;
789 }
790
791 static inline bool media_is_dvd(SCSIDiskState *s)
792 {
793 uint64_t nb_sectors;
794 if (s->qdev.type != TYPE_ROM) {
795 return false;
796 }
797 if (!blk_is_available(s->qdev.conf.blk)) {
798 return false;
799 }
800 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
801 return nb_sectors > CD_MAX_SECTORS;
802 }
803
804 static inline bool media_is_cd(SCSIDiskState *s)
805 {
806 uint64_t nb_sectors;
807 if (s->qdev.type != TYPE_ROM) {
808 return false;
809 }
810 if (!blk_is_available(s->qdev.conf.blk)) {
811 return false;
812 }
813 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
814 return nb_sectors <= CD_MAX_SECTORS;
815 }
816
817 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
818 uint8_t *outbuf)
819 {
820 uint8_t type = r->req.cmd.buf[1] & 7;
821
822 if (s->qdev.type != TYPE_ROM) {
823 return -1;
824 }
825
826 /* Types 1/2 are only defined for Blu-Ray. */
827 if (type != 0) {
828 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
829 return -1;
830 }
831
832 memset(outbuf, 0, 34);
833 outbuf[1] = 32;
834 outbuf[2] = 0xe; /* last session complete, disc finalized */
835 outbuf[3] = 1; /* first track on disc */
836 outbuf[4] = 1; /* # of sessions */
837 outbuf[5] = 1; /* first track of last session */
838 outbuf[6] = 1; /* last track of last session */
839 outbuf[7] = 0x20; /* unrestricted use */
840 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
841 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
842 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
843 /* 24-31: disc bar code */
844 /* 32: disc application code */
845 /* 33: number of OPC tables */
846
847 return 34;
848 }
849
850 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
851 uint8_t *outbuf)
852 {
853 static const int rds_caps_size[5] = {
854 [0] = 2048 + 4,
855 [1] = 4 + 4,
856 [3] = 188 + 4,
857 [4] = 2048 + 4,
858 };
859
860 uint8_t media = r->req.cmd.buf[1];
861 uint8_t layer = r->req.cmd.buf[6];
862 uint8_t format = r->req.cmd.buf[7];
863 int size = -1;
864
865 if (s->qdev.type != TYPE_ROM) {
866 return -1;
867 }
868 if (media != 0) {
869 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
870 return -1;
871 }
872
873 if (format != 0xff) {
874 if (!blk_is_available(s->qdev.conf.blk)) {
875 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
876 return -1;
877 }
878 if (media_is_cd(s)) {
879 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
880 return -1;
881 }
882 if (format >= ARRAY_SIZE(rds_caps_size)) {
883 return -1;
884 }
885 size = rds_caps_size[format];
886 memset(outbuf, 0, size);
887 }
888
889 switch (format) {
890 case 0x00: {
891 /* Physical format information */
892 uint64_t nb_sectors;
893 if (layer != 0) {
894 goto fail;
895 }
896 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
897
898 outbuf[4] = 1; /* DVD-ROM, part version 1 */
899 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
900 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
901 outbuf[7] = 0; /* default densities */
902
903 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
904 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
905 break;
906 }
907
908 case 0x01: /* DVD copyright information, all zeros */
909 break;
910
911 case 0x03: /* BCA information - invalid field for no BCA info */
912 return -1;
913
914 case 0x04: /* DVD disc manufacturing information, all zeros */
915 break;
916
917 case 0xff: { /* List capabilities */
918 int i;
919 size = 4;
920 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
921 if (!rds_caps_size[i]) {
922 continue;
923 }
924 outbuf[size] = i;
925 outbuf[size + 1] = 0x40; /* Not writable, readable */
926 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
927 size += 4;
928 }
929 break;
930 }
931
932 default:
933 return -1;
934 }
935
936 /* Size of buffer, not including 2 byte size field */
937 stw_be_p(outbuf, size - 2);
938 return size;
939
940 fail:
941 return -1;
942 }
943
944 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
945 {
946 uint8_t event_code, media_status;
947
948 media_status = 0;
949 if (s->tray_open) {
950 media_status = MS_TRAY_OPEN;
951 } else if (blk_is_inserted(s->qdev.conf.blk)) {
952 media_status = MS_MEDIA_PRESENT;
953 }
954
955 /* Event notification descriptor */
956 event_code = MEC_NO_CHANGE;
957 if (media_status != MS_TRAY_OPEN) {
958 if (s->media_event) {
959 event_code = MEC_NEW_MEDIA;
960 s->media_event = false;
961 } else if (s->eject_request) {
962 event_code = MEC_EJECT_REQUESTED;
963 s->eject_request = false;
964 }
965 }
966
967 outbuf[0] = event_code;
968 outbuf[1] = media_status;
969
970 /* These fields are reserved, just clear them. */
971 outbuf[2] = 0;
972 outbuf[3] = 0;
973 return 4;
974 }
975
976 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
977 uint8_t *outbuf)
978 {
979 int size;
980 uint8_t *buf = r->req.cmd.buf;
981 uint8_t notification_class_request = buf[4];
982 if (s->qdev.type != TYPE_ROM) {
983 return -1;
984 }
985 if ((buf[1] & 1) == 0) {
986 /* asynchronous */
987 return -1;
988 }
989
990 size = 4;
991 outbuf[0] = outbuf[1] = 0;
992 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
993 if (notification_class_request & (1 << GESN_MEDIA)) {
994 outbuf[2] = GESN_MEDIA;
995 size += scsi_event_status_media(s, &outbuf[size]);
996 } else {
997 outbuf[2] = 0x80;
998 }
999 stw_be_p(outbuf, size - 4);
1000 return size;
1001 }
1002
1003 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1004 {
1005 int current;
1006
1007 if (s->qdev.type != TYPE_ROM) {
1008 return -1;
1009 }
1010
1011 if (media_is_dvd(s)) {
1012 current = MMC_PROFILE_DVD_ROM;
1013 } else if (media_is_cd(s)) {
1014 current = MMC_PROFILE_CD_ROM;
1015 } else {
1016 current = MMC_PROFILE_NONE;
1017 }
1018
1019 memset(outbuf, 0, 40);
1020 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1021 stw_be_p(&outbuf[6], current);
1022 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1023 outbuf[10] = 0x03; /* persistent, current */
1024 outbuf[11] = 8; /* two profiles */
1025 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1026 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1027 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1028 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1029 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1030 stw_be_p(&outbuf[20], 1);
1031 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1032 outbuf[23] = 8;
1033 stl_be_p(&outbuf[24], 1); /* SCSI */
1034 outbuf[28] = 1; /* DBE = 1, mandatory */
1035 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1036 stw_be_p(&outbuf[32], 3);
1037 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1038 outbuf[35] = 4;
1039 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1040 /* TODO: Random readable, CD read, DVD read, drive serial number,
1041 power management */
1042 return 40;
1043 }
1044
1045 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1046 {
1047 if (s->qdev.type != TYPE_ROM) {
1048 return -1;
1049 }
1050 memset(outbuf, 0, 8);
1051 outbuf[5] = 1; /* CD-ROM */
1052 return 8;
1053 }
1054
1055 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1056 int page_control)
1057 {
1058 static const int mode_sense_valid[0x3f] = {
1059 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1060 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1061 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1062 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1063 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1064 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1065 };
1066
1067 uint8_t *p = *p_outbuf + 2;
1068 int length;
1069
1070 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1071 return -1;
1072 }
1073
1074 /*
1075 * If Changeable Values are requested, a mask denoting those mode parameters
1076 * that are changeable shall be returned. As we currently don't support
1077 * parameter changes via MODE_SELECT all bits are returned set to zero.
1078 * The buffer was already menset to zero by the caller of this function.
1079 *
1080 * The offsets here are off by two compared to the descriptions in the
1081 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1082 * but it is done so that offsets are consistent within our implementation
1083 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1084 * 2-byte and 4-byte headers.
1085 */
1086 switch (page) {
1087 case MODE_PAGE_HD_GEOMETRY:
1088 length = 0x16;
1089 if (page_control == 1) { /* Changeable Values */
1090 break;
1091 }
1092 /* if a geometry hint is available, use it */
1093 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1094 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1095 p[2] = s->qdev.conf.cyls & 0xff;
1096 p[3] = s->qdev.conf.heads & 0xff;
1097 /* Write precomp start cylinder, disabled */
1098 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1099 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1100 p[6] = s->qdev.conf.cyls & 0xff;
1101 /* Reduced current start cylinder, disabled */
1102 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1103 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1104 p[9] = s->qdev.conf.cyls & 0xff;
1105 /* Device step rate [ns], 200ns */
1106 p[10] = 0;
1107 p[11] = 200;
1108 /* Landing zone cylinder */
1109 p[12] = 0xff;
1110 p[13] = 0xff;
1111 p[14] = 0xff;
1112 /* Medium rotation rate [rpm], 5400 rpm */
1113 p[18] = (5400 >> 8) & 0xff;
1114 p[19] = 5400 & 0xff;
1115 break;
1116
1117 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1118 length = 0x1e;
1119 if (page_control == 1) { /* Changeable Values */
1120 break;
1121 }
1122 /* Transfer rate [kbit/s], 5Mbit/s */
1123 p[0] = 5000 >> 8;
1124 p[1] = 5000 & 0xff;
1125 /* if a geometry hint is available, use it */
1126 p[2] = s->qdev.conf.heads & 0xff;
1127 p[3] = s->qdev.conf.secs & 0xff;
1128 p[4] = s->qdev.blocksize >> 8;
1129 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[7] = s->qdev.conf.cyls & 0xff;
1131 /* Write precomp start cylinder, disabled */
1132 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1133 p[9] = s->qdev.conf.cyls & 0xff;
1134 /* Reduced current start cylinder, disabled */
1135 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1136 p[11] = s->qdev.conf.cyls & 0xff;
1137 /* Device step rate [100us], 100us */
1138 p[12] = 0;
1139 p[13] = 1;
1140 /* Device step pulse width [us], 1us */
1141 p[14] = 1;
1142 /* Device head settle delay [100us], 100us */
1143 p[15] = 0;
1144 p[16] = 1;
1145 /* Motor on delay [0.1s], 0.1s */
1146 p[17] = 1;
1147 /* Motor off delay [0.1s], 0.1s */
1148 p[18] = 1;
1149 /* Medium rotation rate [rpm], 5400 rpm */
1150 p[26] = (5400 >> 8) & 0xff;
1151 p[27] = 5400 & 0xff;
1152 break;
1153
1154 case MODE_PAGE_CACHING:
1155 length = 0x12;
1156 if (page_control == 1 || /* Changeable Values */
1157 blk_enable_write_cache(s->qdev.conf.blk)) {
1158 p[0] = 4; /* WCE */
1159 }
1160 break;
1161
1162 case MODE_PAGE_R_W_ERROR:
1163 length = 10;
1164 if (page_control == 1) { /* Changeable Values */
1165 break;
1166 }
1167 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1168 if (s->qdev.type == TYPE_ROM) {
1169 p[1] = 0x20; /* Read Retry Count */
1170 }
1171 break;
1172
1173 case MODE_PAGE_AUDIO_CTL:
1174 length = 14;
1175 break;
1176
1177 case MODE_PAGE_CAPABILITIES:
1178 length = 0x14;
1179 if (page_control == 1) { /* Changeable Values */
1180 break;
1181 }
1182
1183 p[0] = 0x3b; /* CD-R & CD-RW read */
1184 p[1] = 0; /* Writing not supported */
1185 p[2] = 0x7f; /* Audio, composite, digital out,
1186 mode 2 form 1&2, multi session */
1187 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1188 RW corrected, C2 errors, ISRC,
1189 UPC, Bar code */
1190 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1191 /* Locking supported, jumper present, eject, tray */
1192 p[5] = 0; /* no volume & mute control, no
1193 changer */
1194 p[6] = (50 * 176) >> 8; /* 50x read speed */
1195 p[7] = (50 * 176) & 0xff;
1196 p[8] = 2 >> 8; /* Two volume levels */
1197 p[9] = 2 & 0xff;
1198 p[10] = 2048 >> 8; /* 2M buffer */
1199 p[11] = 2048 & 0xff;
1200 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1201 p[13] = (16 * 176) & 0xff;
1202 p[16] = (16 * 176) >> 8; /* 16x write speed */
1203 p[17] = (16 * 176) & 0xff;
1204 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1205 p[19] = (16 * 176) & 0xff;
1206 break;
1207
1208 default:
1209 return -1;
1210 }
1211
1212 assert(length < 256);
1213 (*p_outbuf)[0] = page;
1214 (*p_outbuf)[1] = length;
1215 *p_outbuf += length + 2;
1216 return length + 2;
1217 }
1218
1219 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1220 {
1221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1222 uint64_t nb_sectors;
1223 bool dbd;
1224 int page, buflen, ret, page_control;
1225 uint8_t *p;
1226 uint8_t dev_specific_param;
1227
1228 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1229 page = r->req.cmd.buf[2] & 0x3f;
1230 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1231 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1232 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1233 memset(outbuf, 0, r->req.cmd.xfer);
1234 p = outbuf;
1235
1236 if (s->qdev.type == TYPE_DISK) {
1237 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1238 if (blk_is_read_only(s->qdev.conf.blk)) {
1239 dev_specific_param |= 0x80; /* Readonly. */
1240 }
1241 } else {
1242 /* MMC prescribes that CD/DVD drives have no block descriptors,
1243 * and defines no device-specific parameter. */
1244 dev_specific_param = 0x00;
1245 dbd = true;
1246 }
1247
1248 if (r->req.cmd.buf[0] == MODE_SENSE) {
1249 p[1] = 0; /* Default media type. */
1250 p[2] = dev_specific_param;
1251 p[3] = 0; /* Block descriptor length. */
1252 p += 4;
1253 } else { /* MODE_SENSE_10 */
1254 p[2] = 0; /* Default media type. */
1255 p[3] = dev_specific_param;
1256 p[6] = p[7] = 0; /* Block descriptor length. */
1257 p += 8;
1258 }
1259
1260 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1261 if (!dbd && nb_sectors) {
1262 if (r->req.cmd.buf[0] == MODE_SENSE) {
1263 outbuf[3] = 8; /* Block descriptor length */
1264 } else { /* MODE_SENSE_10 */
1265 outbuf[7] = 8; /* Block descriptor length */
1266 }
1267 nb_sectors /= (s->qdev.blocksize / 512);
1268 if (nb_sectors > 0xffffff) {
1269 nb_sectors = 0;
1270 }
1271 p[0] = 0; /* media density code */
1272 p[1] = (nb_sectors >> 16) & 0xff;
1273 p[2] = (nb_sectors >> 8) & 0xff;
1274 p[3] = nb_sectors & 0xff;
1275 p[4] = 0; /* reserved */
1276 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1277 p[6] = s->qdev.blocksize >> 8;
1278 p[7] = 0;
1279 p += 8;
1280 }
1281
1282 if (page_control == 3) {
1283 /* Saved Values */
1284 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1285 return -1;
1286 }
1287
1288 if (page == 0x3f) {
1289 for (page = 0; page <= 0x3e; page++) {
1290 mode_sense_page(s, page, &p, page_control);
1291 }
1292 } else {
1293 ret = mode_sense_page(s, page, &p, page_control);
1294 if (ret == -1) {
1295 return -1;
1296 }
1297 }
1298
1299 buflen = p - outbuf;
1300 /*
1301 * The mode data length field specifies the length in bytes of the
1302 * following data that is available to be transferred. The mode data
1303 * length does not include itself.
1304 */
1305 if (r->req.cmd.buf[0] == MODE_SENSE) {
1306 outbuf[0] = buflen - 1;
1307 } else { /* MODE_SENSE_10 */
1308 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1309 outbuf[1] = (buflen - 2) & 0xff;
1310 }
1311 return buflen;
1312 }
1313
1314 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1315 {
1316 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1317 int start_track, format, msf, toclen;
1318 uint64_t nb_sectors;
1319
1320 msf = req->cmd.buf[1] & 2;
1321 format = req->cmd.buf[2] & 0xf;
1322 start_track = req->cmd.buf[6];
1323 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1324 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1325 nb_sectors /= s->qdev.blocksize / 512;
1326 switch (format) {
1327 case 0:
1328 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1329 break;
1330 case 1:
1331 /* multi session : only a single session defined */
1332 toclen = 12;
1333 memset(outbuf, 0, 12);
1334 outbuf[1] = 0x0a;
1335 outbuf[2] = 0x01;
1336 outbuf[3] = 0x01;
1337 break;
1338 case 2:
1339 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1340 break;
1341 default:
1342 return -1;
1343 }
1344 return toclen;
1345 }
1346
1347 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1348 {
1349 SCSIRequest *req = &r->req;
1350 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1351 bool start = req->cmd.buf[4] & 1;
1352 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1353 int pwrcnd = req->cmd.buf[4] & 0xf0;
1354
1355 if (pwrcnd) {
1356 /* eject/load only happens for power condition == 0 */
1357 return 0;
1358 }
1359
1360 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1361 if (!start && !s->tray_open && s->tray_locked) {
1362 scsi_check_condition(r,
1363 blk_is_inserted(s->qdev.conf.blk)
1364 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1365 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1366 return -1;
1367 }
1368
1369 if (s->tray_open != !start) {
1370 blk_eject(s->qdev.conf.blk, !start);
1371 s->tray_open = !start;
1372 }
1373 }
1374 return 0;
1375 }
1376
1377 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1378 {
1379 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1380 int buflen = r->iov.iov_len;
1381
1382 if (buflen) {
1383 DPRINTF("Read buf_len=%d\n", buflen);
1384 r->iov.iov_len = 0;
1385 r->started = true;
1386 scsi_req_data(&r->req, buflen);
1387 return;
1388 }
1389
1390 /* This also clears the sense buffer for REQUEST SENSE. */
1391 scsi_req_complete(&r->req, GOOD);
1392 }
1393
1394 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1395 uint8_t *inbuf, int inlen)
1396 {
1397 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1398 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1399 uint8_t *p;
1400 int len, expected_len, changeable_len, i;
1401
1402 /* The input buffer does not include the page header, so it is
1403 * off by 2 bytes.
1404 */
1405 expected_len = inlen + 2;
1406 if (expected_len > SCSI_MAX_MODE_LEN) {
1407 return -1;
1408 }
1409
1410 p = mode_current;
1411 memset(mode_current, 0, inlen + 2);
1412 len = mode_sense_page(s, page, &p, 0);
1413 if (len < 0 || len != expected_len) {
1414 return -1;
1415 }
1416
1417 p = mode_changeable;
1418 memset(mode_changeable, 0, inlen + 2);
1419 changeable_len = mode_sense_page(s, page, &p, 1);
1420 assert(changeable_len == len);
1421
1422 /* Check that unchangeable bits are the same as what MODE SENSE
1423 * would return.
1424 */
1425 for (i = 2; i < len; i++) {
1426 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1427 return -1;
1428 }
1429 }
1430 return 0;
1431 }
1432
1433 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1434 {
1435 switch (page) {
1436 case MODE_PAGE_CACHING:
1437 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1438 break;
1439
1440 default:
1441 break;
1442 }
1443 }
1444
1445 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1446 {
1447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1448
1449 while (len > 0) {
1450 int page, subpage, page_len;
1451
1452 /* Parse both possible formats for the mode page headers. */
1453 page = p[0] & 0x3f;
1454 if (p[0] & 0x40) {
1455 if (len < 4) {
1456 goto invalid_param_len;
1457 }
1458 subpage = p[1];
1459 page_len = lduw_be_p(&p[2]);
1460 p += 4;
1461 len -= 4;
1462 } else {
1463 if (len < 2) {
1464 goto invalid_param_len;
1465 }
1466 subpage = 0;
1467 page_len = p[1];
1468 p += 2;
1469 len -= 2;
1470 }
1471
1472 if (subpage) {
1473 goto invalid_param;
1474 }
1475 if (page_len > len) {
1476 goto invalid_param_len;
1477 }
1478
1479 if (!change) {
1480 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1481 goto invalid_param;
1482 }
1483 } else {
1484 scsi_disk_apply_mode_select(s, page, p);
1485 }
1486
1487 p += page_len;
1488 len -= page_len;
1489 }
1490 return 0;
1491
1492 invalid_param:
1493 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1494 return -1;
1495
1496 invalid_param_len:
1497 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1498 return -1;
1499 }
1500
1501 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1502 {
1503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1504 uint8_t *p = inbuf;
1505 int cmd = r->req.cmd.buf[0];
1506 int len = r->req.cmd.xfer;
1507 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1508 int bd_len;
1509 int pass;
1510
1511 /* We only support PF=1, SP=0. */
1512 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1513 goto invalid_field;
1514 }
1515
1516 if (len < hdr_len) {
1517 goto invalid_param_len;
1518 }
1519
1520 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1521 len -= hdr_len;
1522 p += hdr_len;
1523 if (len < bd_len) {
1524 goto invalid_param_len;
1525 }
1526 if (bd_len != 0 && bd_len != 8) {
1527 goto invalid_param;
1528 }
1529
1530 len -= bd_len;
1531 p += bd_len;
1532
1533 /* Ensure no change is made if there is an error! */
1534 for (pass = 0; pass < 2; pass++) {
1535 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1536 assert(pass == 0);
1537 return;
1538 }
1539 }
1540 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1541 /* The request is used as the AIO opaque value, so add a ref. */
1542 scsi_req_ref(&r->req);
1543 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1544 BLOCK_ACCT_FLUSH);
1545 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1546 return;
1547 }
1548
1549 scsi_req_complete(&r->req, GOOD);
1550 return;
1551
1552 invalid_param:
1553 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1554 return;
1555
1556 invalid_param_len:
1557 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1558 return;
1559
1560 invalid_field:
1561 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1562 }
1563
1564 static inline bool check_lba_range(SCSIDiskState *s,
1565 uint64_t sector_num, uint32_t nb_sectors)
1566 {
1567 /*
1568 * The first line tests that no overflow happens when computing the last
1569 * sector. The second line tests that the last accessed sector is in
1570 * range.
1571 *
1572 * Careful, the computations should not underflow for nb_sectors == 0,
1573 * and a 0-block read to the first LBA beyond the end of device is
1574 * valid.
1575 */
1576 return (sector_num <= sector_num + nb_sectors &&
1577 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1578 }
1579
1580 typedef struct UnmapCBData {
1581 SCSIDiskReq *r;
1582 uint8_t *inbuf;
1583 int count;
1584 } UnmapCBData;
1585
1586 static void scsi_unmap_complete(void *opaque, int ret);
1587
1588 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1589 {
1590 SCSIDiskReq *r = data->r;
1591 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1592 uint64_t sector_num;
1593 uint32_t nb_sectors;
1594
1595 assert(r->req.aiocb == NULL);
1596 if (scsi_disk_req_check_error(r, ret, false)) {
1597 goto done;
1598 }
1599
1600 if (data->count > 0) {
1601 sector_num = ldq_be_p(&data->inbuf[0]);
1602 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1603 if (!check_lba_range(s, sector_num, nb_sectors)) {
1604 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1605 goto done;
1606 }
1607
1608 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1609 sector_num * s->qdev.blocksize,
1610 nb_sectors * s->qdev.blocksize,
1611 scsi_unmap_complete, data);
1612 data->count--;
1613 data->inbuf += 16;
1614 return;
1615 }
1616
1617 scsi_req_complete(&r->req, GOOD);
1618
1619 done:
1620 scsi_req_unref(&r->req);
1621 g_free(data);
1622 }
1623
1624 static void scsi_unmap_complete(void *opaque, int ret)
1625 {
1626 UnmapCBData *data = opaque;
1627 SCSIDiskReq *r = data->r;
1628
1629 assert(r->req.aiocb != NULL);
1630 r->req.aiocb = NULL;
1631
1632 scsi_unmap_complete_noio(data, ret);
1633 }
1634
1635 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1636 {
1637 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1638 uint8_t *p = inbuf;
1639 int len = r->req.cmd.xfer;
1640 UnmapCBData *data;
1641
1642 /* Reject ANCHOR=1. */
1643 if (r->req.cmd.buf[1] & 0x1) {
1644 goto invalid_field;
1645 }
1646
1647 if (len < 8) {
1648 goto invalid_param_len;
1649 }
1650 if (len < lduw_be_p(&p[0]) + 2) {
1651 goto invalid_param_len;
1652 }
1653 if (len < lduw_be_p(&p[2]) + 8) {
1654 goto invalid_param_len;
1655 }
1656 if (lduw_be_p(&p[2]) & 15) {
1657 goto invalid_param_len;
1658 }
1659
1660 if (blk_is_read_only(s->qdev.conf.blk)) {
1661 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1662 return;
1663 }
1664
1665 data = g_new0(UnmapCBData, 1);
1666 data->r = r;
1667 data->inbuf = &p[8];
1668 data->count = lduw_be_p(&p[2]) >> 4;
1669
1670 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1671 scsi_req_ref(&r->req);
1672 scsi_unmap_complete_noio(data, 0);
1673 return;
1674
1675 invalid_param_len:
1676 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1677 return;
1678
1679 invalid_field:
1680 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1681 }
1682
1683 typedef struct WriteSameCBData {
1684 SCSIDiskReq *r;
1685 int64_t sector;
1686 int nb_sectors;
1687 QEMUIOVector qiov;
1688 struct iovec iov;
1689 } WriteSameCBData;
1690
1691 static void scsi_write_same_complete(void *opaque, int ret)
1692 {
1693 WriteSameCBData *data = opaque;
1694 SCSIDiskReq *r = data->r;
1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1696
1697 assert(r->req.aiocb != NULL);
1698 r->req.aiocb = NULL;
1699 if (scsi_disk_req_check_error(r, ret, true)) {
1700 goto done;
1701 }
1702
1703 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1704
1705 data->nb_sectors -= data->iov.iov_len / 512;
1706 data->sector += data->iov.iov_len / 512;
1707 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1708 if (data->iov.iov_len) {
1709 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1710 data->iov.iov_len, BLOCK_ACCT_WRITE);
1711 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1712 * where final qiov may need smaller size */
1713 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1714 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1715 data->sector << BDRV_SECTOR_BITS,
1716 &data->qiov, 0,
1717 scsi_write_same_complete, data);
1718 return;
1719 }
1720
1721 scsi_req_complete(&r->req, GOOD);
1722
1723 done:
1724 scsi_req_unref(&r->req);
1725 qemu_vfree(data->iov.iov_base);
1726 g_free(data);
1727 }
1728
1729 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1730 {
1731 SCSIRequest *req = &r->req;
1732 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1733 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1734 WriteSameCBData *data;
1735 uint8_t *buf;
1736 int i;
1737
1738 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1739 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1740 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1741 return;
1742 }
1743
1744 if (blk_is_read_only(s->qdev.conf.blk)) {
1745 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1746 return;
1747 }
1748 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1749 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1750 return;
1751 }
1752
1753 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1754 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1755
1756 /* The request is used as the AIO opaque value, so add a ref. */
1757 scsi_req_ref(&r->req);
1758 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1759 nb_sectors * s->qdev.blocksize,
1760 BLOCK_ACCT_WRITE);
1761 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1762 r->req.cmd.lba * s->qdev.blocksize,
1763 nb_sectors * s->qdev.blocksize,
1764 flags, scsi_aio_complete, r);
1765 return;
1766 }
1767
1768 data = g_new0(WriteSameCBData, 1);
1769 data->r = r;
1770 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1771 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1772 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1773 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1774 data->iov.iov_len);
1775 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1776
1777 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1778 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1779 }
1780
1781 scsi_req_ref(&r->req);
1782 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1783 data->iov.iov_len, BLOCK_ACCT_WRITE);
1784 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1785 data->sector << BDRV_SECTOR_BITS,
1786 &data->qiov, 0,
1787 scsi_write_same_complete, data);
1788 }
1789
1790 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1791 {
1792 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1793
1794 if (r->iov.iov_len) {
1795 int buflen = r->iov.iov_len;
1796 DPRINTF("Write buf_len=%d\n", buflen);
1797 r->iov.iov_len = 0;
1798 scsi_req_data(&r->req, buflen);
1799 return;
1800 }
1801
1802 switch (req->cmd.buf[0]) {
1803 case MODE_SELECT:
1804 case MODE_SELECT_10:
1805 /* This also clears the sense buffer for REQUEST SENSE. */
1806 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1807 break;
1808
1809 case UNMAP:
1810 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1811 break;
1812
1813 case VERIFY_10:
1814 case VERIFY_12:
1815 case VERIFY_16:
1816 if (r->req.status == -1) {
1817 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1818 }
1819 break;
1820
1821 case WRITE_SAME_10:
1822 case WRITE_SAME_16:
1823 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1824 break;
1825
1826 default:
1827 abort();
1828 }
1829 }
1830
1831 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1832 {
1833 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1834 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1835 uint64_t nb_sectors;
1836 uint8_t *outbuf;
1837 int buflen;
1838
1839 switch (req->cmd.buf[0]) {
1840 case INQUIRY:
1841 case MODE_SENSE:
1842 case MODE_SENSE_10:
1843 case RESERVE:
1844 case RESERVE_10:
1845 case RELEASE:
1846 case RELEASE_10:
1847 case START_STOP:
1848 case ALLOW_MEDIUM_REMOVAL:
1849 case GET_CONFIGURATION:
1850 case GET_EVENT_STATUS_NOTIFICATION:
1851 case MECHANISM_STATUS:
1852 case REQUEST_SENSE:
1853 break;
1854
1855 default:
1856 if (!blk_is_available(s->qdev.conf.blk)) {
1857 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1858 return 0;
1859 }
1860 break;
1861 }
1862
1863 /*
1864 * FIXME: we shouldn't return anything bigger than 4k, but the code
1865 * requires the buffer to be as big as req->cmd.xfer in several
1866 * places. So, do not allow CDBs with a very large ALLOCATION
1867 * LENGTH. The real fix would be to modify scsi_read_data and
1868 * dma_buf_read, so that they return data beyond the buflen
1869 * as all zeros.
1870 */
1871 if (req->cmd.xfer > 65536) {
1872 goto illegal_request;
1873 }
1874 r->buflen = MAX(4096, req->cmd.xfer);
1875
1876 if (!r->iov.iov_base) {
1877 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1878 }
1879
1880 buflen = req->cmd.xfer;
1881 outbuf = r->iov.iov_base;
1882 memset(outbuf, 0, r->buflen);
1883 switch (req->cmd.buf[0]) {
1884 case TEST_UNIT_READY:
1885 assert(blk_is_available(s->qdev.conf.blk));
1886 break;
1887 case INQUIRY:
1888 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1889 if (buflen < 0) {
1890 goto illegal_request;
1891 }
1892 break;
1893 case MODE_SENSE:
1894 case MODE_SENSE_10:
1895 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1896 if (buflen < 0) {
1897 goto illegal_request;
1898 }
1899 break;
1900 case READ_TOC:
1901 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1902 if (buflen < 0) {
1903 goto illegal_request;
1904 }
1905 break;
1906 case RESERVE:
1907 if (req->cmd.buf[1] & 1) {
1908 goto illegal_request;
1909 }
1910 break;
1911 case RESERVE_10:
1912 if (req->cmd.buf[1] & 3) {
1913 goto illegal_request;
1914 }
1915 break;
1916 case RELEASE:
1917 if (req->cmd.buf[1] & 1) {
1918 goto illegal_request;
1919 }
1920 break;
1921 case RELEASE_10:
1922 if (req->cmd.buf[1] & 3) {
1923 goto illegal_request;
1924 }
1925 break;
1926 case START_STOP:
1927 if (scsi_disk_emulate_start_stop(r) < 0) {
1928 return 0;
1929 }
1930 break;
1931 case ALLOW_MEDIUM_REMOVAL:
1932 s->tray_locked = req->cmd.buf[4] & 1;
1933 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1934 break;
1935 case READ_CAPACITY_10:
1936 /* The normal LEN field for this command is zero. */
1937 memset(outbuf, 0, 8);
1938 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1939 if (!nb_sectors) {
1940 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1941 return 0;
1942 }
1943 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1944 goto illegal_request;
1945 }
1946 nb_sectors /= s->qdev.blocksize / 512;
1947 /* Returned value is the address of the last sector. */
1948 nb_sectors--;
1949 /* Remember the new size for read/write sanity checking. */
1950 s->qdev.max_lba = nb_sectors;
1951 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1952 if (nb_sectors > UINT32_MAX) {
1953 nb_sectors = UINT32_MAX;
1954 }
1955 outbuf[0] = (nb_sectors >> 24) & 0xff;
1956 outbuf[1] = (nb_sectors >> 16) & 0xff;
1957 outbuf[2] = (nb_sectors >> 8) & 0xff;
1958 outbuf[3] = nb_sectors & 0xff;
1959 outbuf[4] = 0;
1960 outbuf[5] = 0;
1961 outbuf[6] = s->qdev.blocksize >> 8;
1962 outbuf[7] = 0;
1963 break;
1964 case REQUEST_SENSE:
1965 /* Just return "NO SENSE". */
1966 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1967 (req->cmd.buf[1] & 1) == 0);
1968 if (buflen < 0) {
1969 goto illegal_request;
1970 }
1971 break;
1972 case MECHANISM_STATUS:
1973 buflen = scsi_emulate_mechanism_status(s, outbuf);
1974 if (buflen < 0) {
1975 goto illegal_request;
1976 }
1977 break;
1978 case GET_CONFIGURATION:
1979 buflen = scsi_get_configuration(s, outbuf);
1980 if (buflen < 0) {
1981 goto illegal_request;
1982 }
1983 break;
1984 case GET_EVENT_STATUS_NOTIFICATION:
1985 buflen = scsi_get_event_status_notification(s, r, outbuf);
1986 if (buflen < 0) {
1987 goto illegal_request;
1988 }
1989 break;
1990 case READ_DISC_INFORMATION:
1991 buflen = scsi_read_disc_information(s, r, outbuf);
1992 if (buflen < 0) {
1993 goto illegal_request;
1994 }
1995 break;
1996 case READ_DVD_STRUCTURE:
1997 buflen = scsi_read_dvd_structure(s, r, outbuf);
1998 if (buflen < 0) {
1999 goto illegal_request;
2000 }
2001 break;
2002 case SERVICE_ACTION_IN_16:
2003 /* Service Action In subcommands. */
2004 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2005 DPRINTF("SAI READ CAPACITY(16)\n");
2006 memset(outbuf, 0, req->cmd.xfer);
2007 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2008 if (!nb_sectors) {
2009 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2010 return 0;
2011 }
2012 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2013 goto illegal_request;
2014 }
2015 nb_sectors /= s->qdev.blocksize / 512;
2016 /* Returned value is the address of the last sector. */
2017 nb_sectors--;
2018 /* Remember the new size for read/write sanity checking. */
2019 s->qdev.max_lba = nb_sectors;
2020 outbuf[0] = (nb_sectors >> 56) & 0xff;
2021 outbuf[1] = (nb_sectors >> 48) & 0xff;
2022 outbuf[2] = (nb_sectors >> 40) & 0xff;
2023 outbuf[3] = (nb_sectors >> 32) & 0xff;
2024 outbuf[4] = (nb_sectors >> 24) & 0xff;
2025 outbuf[5] = (nb_sectors >> 16) & 0xff;
2026 outbuf[6] = (nb_sectors >> 8) & 0xff;
2027 outbuf[7] = nb_sectors & 0xff;
2028 outbuf[8] = 0;
2029 outbuf[9] = 0;
2030 outbuf[10] = s->qdev.blocksize >> 8;
2031 outbuf[11] = 0;
2032 outbuf[12] = 0;
2033 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2034
2035 /* set TPE bit if the format supports discard */
2036 if (s->qdev.conf.discard_granularity) {
2037 outbuf[14] = 0x80;
2038 }
2039
2040 /* Protection, exponent and lowest lba field left blank. */
2041 break;
2042 }
2043 DPRINTF("Unsupported Service Action In\n");
2044 goto illegal_request;
2045 case SYNCHRONIZE_CACHE:
2046 /* The request is used as the AIO opaque value, so add a ref. */
2047 scsi_req_ref(&r->req);
2048 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2049 BLOCK_ACCT_FLUSH);
2050 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2051 return 0;
2052 case SEEK_10:
2053 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2054 if (r->req.cmd.lba > s->qdev.max_lba) {
2055 goto illegal_lba;
2056 }
2057 break;
2058 case MODE_SELECT:
2059 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2060 break;
2061 case MODE_SELECT_10:
2062 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2063 break;
2064 case UNMAP:
2065 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2066 break;
2067 case VERIFY_10:
2068 case VERIFY_12:
2069 case VERIFY_16:
2070 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2071 if (req->cmd.buf[1] & 6) {
2072 goto illegal_request;
2073 }
2074 break;
2075 case WRITE_SAME_10:
2076 case WRITE_SAME_16:
2077 DPRINTF("WRITE SAME %d (len %lu)\n",
2078 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2079 (unsigned long)r->req.cmd.xfer);
2080 break;
2081 default:
2082 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2083 scsi_command_name(buf[0]));
2084 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2085 return 0;
2086 }
2087 assert(!r->req.aiocb);
2088 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2089 if (r->iov.iov_len == 0) {
2090 scsi_req_complete(&r->req, GOOD);
2091 }
2092 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2093 assert(r->iov.iov_len == req->cmd.xfer);
2094 return -r->iov.iov_len;
2095 } else {
2096 return r->iov.iov_len;
2097 }
2098
2099 illegal_request:
2100 if (r->req.status == -1) {
2101 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2102 }
2103 return 0;
2104
2105 illegal_lba:
2106 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2107 return 0;
2108 }
2109
2110 /* Execute a scsi command. Returns the length of the data expected by the
2111 command. This will be Positive for data transfers from the device
2112 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2113 and zero if the command does not transfer any data. */
2114
2115 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2116 {
2117 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2119 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2120 uint32_t len;
2121 uint8_t command;
2122
2123 command = buf[0];
2124
2125 if (!blk_is_available(s->qdev.conf.blk)) {
2126 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2127 return 0;
2128 }
2129
2130 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2131 switch (command) {
2132 case READ_6:
2133 case READ_10:
2134 case READ_12:
2135 case READ_16:
2136 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2137 if (r->req.cmd.buf[1] & 0xe0) {
2138 goto illegal_request;
2139 }
2140 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2141 goto illegal_lba;
2142 }
2143 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2144 r->sector_count = len * (s->qdev.blocksize / 512);
2145 break;
2146 case WRITE_6:
2147 case WRITE_10:
2148 case WRITE_12:
2149 case WRITE_16:
2150 case WRITE_VERIFY_10:
2151 case WRITE_VERIFY_12:
2152 case WRITE_VERIFY_16:
2153 if (blk_is_read_only(s->qdev.conf.blk)) {
2154 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2155 return 0;
2156 }
2157 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2158 (command & 0xe) == 0xe ? "And Verify " : "",
2159 r->req.cmd.lba, len);
2160 if (r->req.cmd.buf[1] & 0xe0) {
2161 goto illegal_request;
2162 }
2163 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2164 goto illegal_lba;
2165 }
2166 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2167 r->sector_count = len * (s->qdev.blocksize / 512);
2168 break;
2169 default:
2170 abort();
2171 illegal_request:
2172 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2173 return 0;
2174 illegal_lba:
2175 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2176 return 0;
2177 }
2178 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2179 if (r->sector_count == 0) {
2180 scsi_req_complete(&r->req, GOOD);
2181 }
2182 assert(r->iov.iov_len == 0);
2183 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2184 return -r->sector_count * 512;
2185 } else {
2186 return r->sector_count * 512;
2187 }
2188 }
2189
2190 static void scsi_disk_reset(DeviceState *dev)
2191 {
2192 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2193 uint64_t nb_sectors;
2194
2195 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2196
2197 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2198 nb_sectors /= s->qdev.blocksize / 512;
2199 if (nb_sectors) {
2200 nb_sectors--;
2201 }
2202 s->qdev.max_lba = nb_sectors;
2203 /* reset tray statuses */
2204 s->tray_locked = 0;
2205 s->tray_open = 0;
2206 }
2207
2208 static void scsi_disk_resize_cb(void *opaque)
2209 {
2210 SCSIDiskState *s = opaque;
2211
2212 /* SPC lists this sense code as available only for
2213 * direct-access devices.
2214 */
2215 if (s->qdev.type == TYPE_DISK) {
2216 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2217 }
2218 }
2219
2220 static void scsi_cd_change_media_cb(void *opaque, bool load)
2221 {
2222 SCSIDiskState *s = opaque;
2223
2224 /*
2225 * When a CD gets changed, we have to report an ejected state and
2226 * then a loaded state to guests so that they detect tray
2227 * open/close and media change events. Guests that do not use
2228 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2229 * states rely on this behavior.
2230 *
2231 * media_changed governs the state machine used for unit attention
2232 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2233 */
2234 s->media_changed = load;
2235 s->tray_open = !load;
2236 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2237 s->media_event = true;
2238 s->eject_request = false;
2239 }
2240
2241 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2242 {
2243 SCSIDiskState *s = opaque;
2244
2245 s->eject_request = true;
2246 if (force) {
2247 s->tray_locked = false;
2248 }
2249 }
2250
2251 static bool scsi_cd_is_tray_open(void *opaque)
2252 {
2253 return ((SCSIDiskState *)opaque)->tray_open;
2254 }
2255
2256 static bool scsi_cd_is_medium_locked(void *opaque)
2257 {
2258 return ((SCSIDiskState *)opaque)->tray_locked;
2259 }
2260
2261 static const BlockDevOps scsi_disk_removable_block_ops = {
2262 .change_media_cb = scsi_cd_change_media_cb,
2263 .eject_request_cb = scsi_cd_eject_request_cb,
2264 .is_tray_open = scsi_cd_is_tray_open,
2265 .is_medium_locked = scsi_cd_is_medium_locked,
2266
2267 .resize_cb = scsi_disk_resize_cb,
2268 };
2269
2270 static const BlockDevOps scsi_disk_block_ops = {
2271 .resize_cb = scsi_disk_resize_cb,
2272 };
2273
2274 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2275 {
2276 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2277 if (s->media_changed) {
2278 s->media_changed = false;
2279 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2280 }
2281 }
2282
2283 static void scsi_realize(SCSIDevice *dev, Error **errp)
2284 {
2285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2286 Error *err = NULL;
2287
2288 if (!s->qdev.conf.blk) {
2289 error_setg(errp, "drive property not set");
2290 return;
2291 }
2292
2293 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2294 !blk_is_inserted(s->qdev.conf.blk)) {
2295 error_setg(errp, "Device needs media, but drive is empty");
2296 return;
2297 }
2298
2299 blkconf_serial(&s->qdev.conf, &s->serial);
2300 blkconf_blocksizes(&s->qdev.conf);
2301 if (dev->type == TYPE_DISK) {
2302 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2303 if (err) {
2304 error_propagate(errp, err);
2305 return;
2306 }
2307 }
2308 blkconf_apply_backend_options(&dev->conf);
2309
2310 if (s->qdev.conf.discard_granularity == -1) {
2311 s->qdev.conf.discard_granularity =
2312 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2313 }
2314
2315 if (!s->version) {
2316 s->version = g_strdup(qemu_hw_version());
2317 }
2318 if (!s->vendor) {
2319 s->vendor = g_strdup("QEMU");
2320 }
2321
2322 if (blk_is_sg(s->qdev.conf.blk)) {
2323 error_setg(errp, "unwanted /dev/sg*");
2324 return;
2325 }
2326
2327 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2328 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2329 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2330 } else {
2331 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2332 }
2333 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2334
2335 blk_iostatus_enable(s->qdev.conf.blk);
2336 }
2337
2338 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2339 {
2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2341 /* can happen for devices without drive. The error message for missing
2342 * backend will be issued in scsi_realize
2343 */
2344 if (s->qdev.conf.blk) {
2345 blkconf_blocksizes(&s->qdev.conf);
2346 }
2347 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2348 s->qdev.type = TYPE_DISK;
2349 if (!s->product) {
2350 s->product = g_strdup("QEMU HARDDISK");
2351 }
2352 scsi_realize(&s->qdev, errp);
2353 }
2354
2355 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2356 {
2357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2358
2359 if (!dev->conf.blk) {
2360 dev->conf.blk = blk_new();
2361 }
2362
2363 s->qdev.blocksize = 2048;
2364 s->qdev.type = TYPE_ROM;
2365 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2366 if (!s->product) {
2367 s->product = g_strdup("QEMU CD-ROM");
2368 }
2369 scsi_realize(&s->qdev, errp);
2370 }
2371
2372 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2373 {
2374 DriveInfo *dinfo;
2375 Error *local_err = NULL;
2376
2377 if (!dev->conf.blk) {
2378 scsi_realize(dev, &local_err);
2379 assert(local_err);
2380 error_propagate(errp, local_err);
2381 return;
2382 }
2383
2384 dinfo = blk_legacy_dinfo(dev->conf.blk);
2385 if (dinfo && dinfo->media_cd) {
2386 scsi_cd_realize(dev, errp);
2387 } else {
2388 scsi_hd_realize(dev, errp);
2389 }
2390 }
2391
2392 static const SCSIReqOps scsi_disk_emulate_reqops = {
2393 .size = sizeof(SCSIDiskReq),
2394 .free_req = scsi_free_request,
2395 .send_command = scsi_disk_emulate_command,
2396 .read_data = scsi_disk_emulate_read_data,
2397 .write_data = scsi_disk_emulate_write_data,
2398 .get_buf = scsi_get_buf,
2399 };
2400
2401 static const SCSIReqOps scsi_disk_dma_reqops = {
2402 .size = sizeof(SCSIDiskReq),
2403 .free_req = scsi_free_request,
2404 .send_command = scsi_disk_dma_command,
2405 .read_data = scsi_read_data,
2406 .write_data = scsi_write_data,
2407 .get_buf = scsi_get_buf,
2408 .load_request = scsi_disk_load_request,
2409 .save_request = scsi_disk_save_request,
2410 };
2411
2412 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2413 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2414 [INQUIRY] = &scsi_disk_emulate_reqops,
2415 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2416 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2417 [START_STOP] = &scsi_disk_emulate_reqops,
2418 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2419 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2420 [READ_TOC] = &scsi_disk_emulate_reqops,
2421 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2422 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2423 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2424 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2425 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2426 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2427 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2428 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2429 [SEEK_10] = &scsi_disk_emulate_reqops,
2430 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2431 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2432 [UNMAP] = &scsi_disk_emulate_reqops,
2433 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2434 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2435 [VERIFY_10] = &scsi_disk_emulate_reqops,
2436 [VERIFY_12] = &scsi_disk_emulate_reqops,
2437 [VERIFY_16] = &scsi_disk_emulate_reqops,
2438
2439 [READ_6] = &scsi_disk_dma_reqops,
2440 [READ_10] = &scsi_disk_dma_reqops,
2441 [READ_12] = &scsi_disk_dma_reqops,
2442 [READ_16] = &scsi_disk_dma_reqops,
2443 [WRITE_6] = &scsi_disk_dma_reqops,
2444 [WRITE_10] = &scsi_disk_dma_reqops,
2445 [WRITE_12] = &scsi_disk_dma_reqops,
2446 [WRITE_16] = &scsi_disk_dma_reqops,
2447 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2448 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2449 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2450 };
2451
2452 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2453 uint8_t *buf, void *hba_private)
2454 {
2455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2456 SCSIRequest *req;
2457 const SCSIReqOps *ops;
2458 uint8_t command;
2459
2460 command = buf[0];
2461 ops = scsi_disk_reqops_dispatch[command];
2462 if (!ops) {
2463 ops = &scsi_disk_emulate_reqops;
2464 }
2465 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2466
2467 #ifdef DEBUG_SCSI
2468 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2469 {
2470 int i;
2471 for (i = 1; i < scsi_cdb_length(buf); i++) {
2472 printf(" 0x%02x", buf[i]);
2473 }
2474 printf("\n");
2475 }
2476 #endif
2477
2478 return req;
2479 }
2480
2481 #ifdef __linux__
2482 static int get_device_type(SCSIDiskState *s)
2483 {
2484 uint8_t cmd[16];
2485 uint8_t buf[36];
2486 uint8_t sensebuf[8];
2487 sg_io_hdr_t io_header;
2488 int ret;
2489
2490 memset(cmd, 0, sizeof(cmd));
2491 memset(buf, 0, sizeof(buf));
2492 cmd[0] = INQUIRY;
2493 cmd[4] = sizeof(buf);
2494
2495 memset(&io_header, 0, sizeof(io_header));
2496 io_header.interface_id = 'S';
2497 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2498 io_header.dxfer_len = sizeof(buf);
2499 io_header.dxferp = buf;
2500 io_header.cmdp = cmd;
2501 io_header.cmd_len = sizeof(cmd);
2502 io_header.mx_sb_len = sizeof(sensebuf);
2503 io_header.sbp = sensebuf;
2504 io_header.timeout = 6000; /* XXX */
2505
2506 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2507 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2508 return -1;
2509 }
2510 s->qdev.type = buf[0];
2511 if (buf[1] & 0x80) {
2512 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2513 }
2514 return 0;
2515 }
2516
2517 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2518 {
2519 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2520 int sg_version;
2521 int rc;
2522
2523 if (!s->qdev.conf.blk) {
2524 error_setg(errp, "drive property not set");
2525 return;
2526 }
2527
2528 /* check we are using a driver managing SG_IO (version 3 and after) */
2529 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2530 if (rc < 0) {
2531 error_setg(errp, "cannot get SG_IO version number: %s. "
2532 "Is this a SCSI device?",
2533 strerror(-rc));
2534 return;
2535 }
2536 if (sg_version < 30000) {
2537 error_setg(errp, "scsi generic interface too old");
2538 return;
2539 }
2540
2541 /* get device type from INQUIRY data */
2542 rc = get_device_type(s);
2543 if (rc < 0) {
2544 error_setg(errp, "INQUIRY failed");
2545 return;
2546 }
2547
2548 /* Make a guess for the block size, we'll fix it when the guest sends.
2549 * READ CAPACITY. If they don't, they likely would assume these sizes
2550 * anyway. (TODO: check in /sys).
2551 */
2552 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2553 s->qdev.blocksize = 2048;
2554 } else {
2555 s->qdev.blocksize = 512;
2556 }
2557
2558 /* Makes the scsi-block device not removable by using HMP and QMP eject
2559 * command.
2560 */
2561 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2562
2563 scsi_realize(&s->qdev, errp);
2564 scsi_generic_read_device_identification(&s->qdev);
2565 }
2566
2567 typedef struct SCSIBlockReq {
2568 SCSIDiskReq req;
2569 sg_io_hdr_t io_header;
2570
2571 /* Selected bytes of the original CDB, copied into our own CDB. */
2572 uint8_t cmd, cdb1, group_number;
2573
2574 /* CDB passed to SG_IO. */
2575 uint8_t cdb[16];
2576 } SCSIBlockReq;
2577
2578 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2579 int64_t offset, QEMUIOVector *iov,
2580 int direction,
2581 BlockCompletionFunc *cb, void *opaque)
2582 {
2583 sg_io_hdr_t *io_header = &req->io_header;
2584 SCSIDiskReq *r = &req->req;
2585 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2586 int nb_logical_blocks;
2587 uint64_t lba;
2588 BlockAIOCB *aiocb;
2589
2590 /* This is not supported yet. It can only happen if the guest does
2591 * reads and writes that are not aligned to one logical sectors
2592 * _and_ cover multiple MemoryRegions.
2593 */
2594 assert(offset % s->qdev.blocksize == 0);
2595 assert(iov->size % s->qdev.blocksize == 0);
2596
2597 io_header->interface_id = 'S';
2598
2599 /* The data transfer comes from the QEMUIOVector. */
2600 io_header->dxfer_direction = direction;
2601 io_header->dxfer_len = iov->size;
2602 io_header->dxferp = (void *)iov->iov;
2603 io_header->iovec_count = iov->niov;
2604 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2605
2606 /* Build a new CDB with the LBA and length patched in, in case
2607 * DMA helpers split the transfer in multiple segments. Do not
2608 * build a CDB smaller than what the guest wanted, and only build
2609 * a larger one if strictly necessary.
2610 */
2611 io_header->cmdp = req->cdb;
2612 lba = offset / s->qdev.blocksize;
2613 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2614
2615 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2616 /* 6-byte CDB */
2617 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2618 req->cdb[4] = nb_logical_blocks;
2619 req->cdb[5] = 0;
2620 io_header->cmd_len = 6;
2621 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2622 /* 10-byte CDB */
2623 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2624 req->cdb[1] = req->cdb1;
2625 stl_be_p(&req->cdb[2], lba);
2626 req->cdb[6] = req->group_number;
2627 stw_be_p(&req->cdb[7], nb_logical_blocks);
2628 req->cdb[9] = 0;
2629 io_header->cmd_len = 10;
2630 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2631 /* 12-byte CDB */
2632 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2633 req->cdb[1] = req->cdb1;
2634 stl_be_p(&req->cdb[2], lba);
2635 stl_be_p(&req->cdb[6], nb_logical_blocks);
2636 req->cdb[10] = req->group_number;
2637 req->cdb[11] = 0;
2638 io_header->cmd_len = 12;
2639 } else {
2640 /* 16-byte CDB */
2641 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2642 req->cdb[1] = req->cdb1;
2643 stq_be_p(&req->cdb[2], lba);
2644 stl_be_p(&req->cdb[10], nb_logical_blocks);
2645 req->cdb[14] = req->group_number;
2646 req->cdb[15] = 0;
2647 io_header->cmd_len = 16;
2648 }
2649
2650 /* The rest is as in scsi-generic.c. */
2651 io_header->mx_sb_len = sizeof(r->req.sense);
2652 io_header->sbp = r->req.sense;
2653 io_header->timeout = UINT_MAX;
2654 io_header->usr_ptr = r;
2655 io_header->flags |= SG_FLAG_DIRECT_IO;
2656
2657 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2658 assert(aiocb != NULL);
2659 return aiocb;
2660 }
2661
2662 static bool scsi_block_no_fua(SCSICommand *cmd)
2663 {
2664 return false;
2665 }
2666
2667 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2668 QEMUIOVector *iov,
2669 BlockCompletionFunc *cb, void *cb_opaque,
2670 void *opaque)
2671 {
2672 SCSIBlockReq *r = opaque;
2673 return scsi_block_do_sgio(r, offset, iov,
2674 SG_DXFER_FROM_DEV, cb, cb_opaque);
2675 }
2676
2677 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2678 QEMUIOVector *iov,
2679 BlockCompletionFunc *cb, void *cb_opaque,
2680 void *opaque)
2681 {
2682 SCSIBlockReq *r = opaque;
2683 return scsi_block_do_sgio(r, offset, iov,
2684 SG_DXFER_TO_DEV, cb, cb_opaque);
2685 }
2686
2687 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2688 {
2689 switch (buf[0]) {
2690 case VERIFY_10:
2691 case VERIFY_12:
2692 case VERIFY_16:
2693 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2694 * for the number of logical blocks specified in the length
2695 * field). For other modes, do not use scatter/gather operation.
2696 */
2697 if ((buf[1] & 6) == 2) {
2698 return false;
2699 }
2700 break;
2701
2702 case READ_6:
2703 case READ_10:
2704 case READ_12:
2705 case READ_16:
2706 case WRITE_6:
2707 case WRITE_10:
2708 case WRITE_12:
2709 case WRITE_16:
2710 case WRITE_VERIFY_10:
2711 case WRITE_VERIFY_12:
2712 case WRITE_VERIFY_16:
2713 /* MMC writing cannot be done via DMA helpers, because it sometimes
2714 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2715 * We might use scsi_disk_dma_reqops as long as no writing commands are
2716 * seen, but performance usually isn't paramount on optical media. So,
2717 * just make scsi-block operate the same as scsi-generic for them.
2718 */
2719 if (s->qdev.type != TYPE_ROM) {
2720 return false;
2721 }
2722 break;
2723
2724 default:
2725 break;
2726 }
2727
2728 return true;
2729 }
2730
2731
2732 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2733 {
2734 SCSIBlockReq *r = (SCSIBlockReq *)req;
2735 r->cmd = req->cmd.buf[0];
2736 switch (r->cmd >> 5) {
2737 case 0:
2738 /* 6-byte CDB. */
2739 r->cdb1 = r->group_number = 0;
2740 break;
2741 case 1:
2742 /* 10-byte CDB. */
2743 r->cdb1 = req->cmd.buf[1];
2744 r->group_number = req->cmd.buf[6];
2745 break;
2746 case 4:
2747 /* 12-byte CDB. */
2748 r->cdb1 = req->cmd.buf[1];
2749 r->group_number = req->cmd.buf[10];
2750 break;
2751 case 5:
2752 /* 16-byte CDB. */
2753 r->cdb1 = req->cmd.buf[1];
2754 r->group_number = req->cmd.buf[14];
2755 break;
2756 default:
2757 abort();
2758 }
2759
2760 if (r->cdb1 & 0xe0) {
2761 /* Protection information is not supported. */
2762 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2763 return 0;
2764 }
2765
2766 r->req.status = &r->io_header.status;
2767 return scsi_disk_dma_command(req, buf);
2768 }
2769
2770 static const SCSIReqOps scsi_block_dma_reqops = {
2771 .size = sizeof(SCSIBlockReq),
2772 .free_req = scsi_free_request,
2773 .send_command = scsi_block_dma_command,
2774 .read_data = scsi_read_data,
2775 .write_data = scsi_write_data,
2776 .get_buf = scsi_get_buf,
2777 .load_request = scsi_disk_load_request,
2778 .save_request = scsi_disk_save_request,
2779 };
2780
2781 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2782 uint32_t lun, uint8_t *buf,
2783 void *hba_private)
2784 {
2785 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2786
2787 if (scsi_block_is_passthrough(s, buf)) {
2788 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2789 hba_private);
2790 } else {
2791 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2792 hba_private);
2793 }
2794 }
2795
2796 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2797 uint8_t *buf, void *hba_private)
2798 {
2799 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2800
2801 if (scsi_block_is_passthrough(s, buf)) {
2802 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2803 } else {
2804 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2805 }
2806 }
2807
2808 #endif
2809
2810 static
2811 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2812 BlockCompletionFunc *cb, void *cb_opaque,
2813 void *opaque)
2814 {
2815 SCSIDiskReq *r = opaque;
2816 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2817 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2818 }
2819
2820 static
2821 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2822 BlockCompletionFunc *cb, void *cb_opaque,
2823 void *opaque)
2824 {
2825 SCSIDiskReq *r = opaque;
2826 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2827 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2828 }
2829
2830 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2831 {
2832 DeviceClass *dc = DEVICE_CLASS(klass);
2833 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2834
2835 dc->fw_name = "disk";
2836 dc->reset = scsi_disk_reset;
2837 sdc->dma_readv = scsi_dma_readv;
2838 sdc->dma_writev = scsi_dma_writev;
2839 sdc->need_fua_emulation = scsi_is_cmd_fua;
2840 }
2841
2842 static const TypeInfo scsi_disk_base_info = {
2843 .name = TYPE_SCSI_DISK_BASE,
2844 .parent = TYPE_SCSI_DEVICE,
2845 .class_init = scsi_disk_base_class_initfn,
2846 .instance_size = sizeof(SCSIDiskState),
2847 .class_size = sizeof(SCSIDiskClass),
2848 .abstract = true,
2849 };
2850
2851 #define DEFINE_SCSI_DISK_PROPERTIES() \
2852 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2853 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2854 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2855 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2856 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2857 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2858
2859 static Property scsi_hd_properties[] = {
2860 DEFINE_SCSI_DISK_PROPERTIES(),
2861 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2862 SCSI_DISK_F_REMOVABLE, false),
2863 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2864 SCSI_DISK_F_DPOFUA, false),
2865 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2866 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2867 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2868 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2869 DEFAULT_MAX_UNMAP_SIZE),
2870 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2871 DEFAULT_MAX_IO_SIZE),
2872 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2873 DEFINE_PROP_END_OF_LIST(),
2874 };
2875
2876 static const VMStateDescription vmstate_scsi_disk_state = {
2877 .name = "scsi-disk",
2878 .version_id = 1,
2879 .minimum_version_id = 1,
2880 .fields = (VMStateField[]) {
2881 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2882 VMSTATE_BOOL(media_changed, SCSIDiskState),
2883 VMSTATE_BOOL(media_event, SCSIDiskState),
2884 VMSTATE_BOOL(eject_request, SCSIDiskState),
2885 VMSTATE_BOOL(tray_open, SCSIDiskState),
2886 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2887 VMSTATE_END_OF_LIST()
2888 }
2889 };
2890
2891 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2892 {
2893 DeviceClass *dc = DEVICE_CLASS(klass);
2894 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2895
2896 sc->realize = scsi_hd_realize;
2897 sc->alloc_req = scsi_new_request;
2898 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2899 dc->desc = "virtual SCSI disk";
2900 dc->props = scsi_hd_properties;
2901 dc->vmsd = &vmstate_scsi_disk_state;
2902 }
2903
2904 static const TypeInfo scsi_hd_info = {
2905 .name = "scsi-hd",
2906 .parent = TYPE_SCSI_DISK_BASE,
2907 .class_init = scsi_hd_class_initfn,
2908 };
2909
2910 static Property scsi_cd_properties[] = {
2911 DEFINE_SCSI_DISK_PROPERTIES(),
2912 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2913 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2914 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2915 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2916 DEFAULT_MAX_IO_SIZE),
2917 DEFINE_PROP_END_OF_LIST(),
2918 };
2919
2920 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2921 {
2922 DeviceClass *dc = DEVICE_CLASS(klass);
2923 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2924
2925 sc->realize = scsi_cd_realize;
2926 sc->alloc_req = scsi_new_request;
2927 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2928 dc->desc = "virtual SCSI CD-ROM";
2929 dc->props = scsi_cd_properties;
2930 dc->vmsd = &vmstate_scsi_disk_state;
2931 }
2932
2933 static const TypeInfo scsi_cd_info = {
2934 .name = "scsi-cd",
2935 .parent = TYPE_SCSI_DISK_BASE,
2936 .class_init = scsi_cd_class_initfn,
2937 };
2938
2939 #ifdef __linux__
2940 static Property scsi_block_properties[] = {
2941 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2942 DEFINE_PROP_END_OF_LIST(),
2943 };
2944
2945 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2946 {
2947 DeviceClass *dc = DEVICE_CLASS(klass);
2948 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2949 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2950
2951 sc->realize = scsi_block_realize;
2952 sc->alloc_req = scsi_block_new_request;
2953 sc->parse_cdb = scsi_block_parse_cdb;
2954 sdc->dma_readv = scsi_block_dma_readv;
2955 sdc->dma_writev = scsi_block_dma_writev;
2956 sdc->need_fua_emulation = scsi_block_no_fua;
2957 dc->desc = "SCSI block device passthrough";
2958 dc->props = scsi_block_properties;
2959 dc->vmsd = &vmstate_scsi_disk_state;
2960 }
2961
2962 static const TypeInfo scsi_block_info = {
2963 .name = "scsi-block",
2964 .parent = TYPE_SCSI_DISK_BASE,
2965 .class_init = scsi_block_class_initfn,
2966 };
2967 #endif
2968
2969 static Property scsi_disk_properties[] = {
2970 DEFINE_SCSI_DISK_PROPERTIES(),
2971 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2972 SCSI_DISK_F_REMOVABLE, false),
2973 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2974 SCSI_DISK_F_DPOFUA, false),
2975 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2976 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2977 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2978 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2979 DEFAULT_MAX_UNMAP_SIZE),
2980 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2981 DEFAULT_MAX_IO_SIZE),
2982 DEFINE_PROP_END_OF_LIST(),
2983 };
2984
2985 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2986 {
2987 DeviceClass *dc = DEVICE_CLASS(klass);
2988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2989
2990 sc->realize = scsi_disk_realize;
2991 sc->alloc_req = scsi_new_request;
2992 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2993 dc->fw_name = "disk";
2994 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2995 dc->reset = scsi_disk_reset;
2996 dc->props = scsi_disk_properties;
2997 dc->vmsd = &vmstate_scsi_disk_state;
2998 }
2999
3000 static const TypeInfo scsi_disk_info = {
3001 .name = "scsi-disk",
3002 .parent = TYPE_SCSI_DISK_BASE,
3003 .class_init = scsi_disk_class_initfn,
3004 };
3005
3006 static void scsi_disk_register_types(void)
3007 {
3008 type_register_static(&scsi_disk_base_info);
3009 type_register_static(&scsi_hd_info);
3010 type_register_static(&scsi_cd_info);
3011 #ifdef __linux__
3012 type_register_static(&scsi_block_info);
3013 #endif
3014 type_register_static(&scsi_disk_info);
3015 }
3016
3017 type_init(scsi_disk_register_types)
Mirror of https://git.qemu.org/git/qemu.git