]> git.ipfire.org Git - thirdparty/qemu.git/blob - hw/scsi/scsi-disk.c
projects / thirdparty / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dma-helpers: change interface to byte-based
[thirdparty/qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 typedef struct SCSIDiskState SCSIDiskState;
57
58 typedef struct SCSIDiskReq {
59 SCSIRequest req;
60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
61 uint64_t sector;
62 uint32_t sector_count;
63 uint32_t buflen;
64 bool started;
65 struct iovec iov;
66 QEMUIOVector qiov;
67 BlockAcctCookie acct;
68 } SCSIDiskReq;
69
70 #define SCSI_DISK_F_REMOVABLE 0
71 #define SCSI_DISK_F_DPOFUA 1
72 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
73
74 struct SCSIDiskState
75 {
76 SCSIDevice qdev;
77 uint32_t features;
78 bool media_changed;
79 bool media_event;
80 bool eject_request;
81 uint16_t port_index;
82 uint64_t max_unmap_size;
83 uint64_t max_io_size;
84 QEMUBH *bh;
85 char *version;
86 char *serial;
87 char *vendor;
88 char *product;
89 bool tray_open;
90 bool tray_locked;
91 };
92
93 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
94
95 static void scsi_free_request(SCSIRequest *req)
96 {
97 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
98
99 qemu_vfree(r->iov.iov_base);
100 }
101
102 /* Helper function for command completion with sense. */
103 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
104 {
105 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
106 r->req.tag, sense.key, sense.asc, sense.ascq);
107 scsi_req_build_sense(&r->req, sense);
108 scsi_req_complete(&r->req, CHECK_CONDITION);
109 }
110
111 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
112 {
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
114
115 if (!r->iov.iov_base) {
116 r->buflen = size;
117 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
118 }
119 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
120 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
121 }
122
123 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
124 {
125 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
126
127 qemu_put_be64s(f, &r->sector);
128 qemu_put_be32s(f, &r->sector_count);
129 qemu_put_be32s(f, &r->buflen);
130 if (r->buflen) {
131 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
132 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
133 } else if (!req->retry) {
134 uint32_t len = r->iov.iov_len;
135 qemu_put_be32s(f, &len);
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138 }
139 }
140
141 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
142 {
143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
144
145 qemu_get_be64s(f, &r->sector);
146 qemu_get_be32s(f, &r->sector_count);
147 qemu_get_be32s(f, &r->buflen);
148 if (r->buflen) {
149 scsi_init_iovec(r, r->buflen);
150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
151 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 } else if (!r->req.retry) {
153 uint32_t len;
154 qemu_get_be32s(f, &len);
155 r->iov.iov_len = len;
156 assert(r->iov.iov_len <= r->buflen);
157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
159 }
160
161 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
162 }
163
164 static void scsi_aio_complete(void *opaque, int ret)
165 {
166 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
168
169 assert(r->req.aiocb != NULL);
170 r->req.aiocb = NULL;
171 if (r->req.io_canceled) {
172 scsi_req_cancel_complete(&r->req);
173 goto done;
174 }
175
176 if (ret < 0) {
177 if (scsi_handle_rw_error(r, -ret, true)) {
178 goto done;
179 }
180 }
181
182 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
183 scsi_req_complete(&r->req, GOOD);
184
185 done:
186 scsi_req_unref(&r->req);
187 }
188
189 static bool scsi_is_cmd_fua(SCSICommand *cmd)
190 {
191 switch (cmd->buf[0]) {
192 case READ_10:
193 case READ_12:
194 case READ_16:
195 case WRITE_10:
196 case WRITE_12:
197 case WRITE_16:
198 return (cmd->buf[1] & 8) != 0;
199
200 case VERIFY_10:
201 case VERIFY_12:
202 case VERIFY_16:
203 case WRITE_VERIFY_10:
204 case WRITE_VERIFY_12:
205 case WRITE_VERIFY_16:
206 return true;
207
208 case READ_6:
209 case WRITE_6:
210 default:
211 return false;
212 }
213 }
214
215 static void scsi_write_do_fua(SCSIDiskReq *r)
216 {
217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
218
219 assert(r->req.aiocb == NULL);
220
221 if (r->req.io_canceled) {
222 scsi_req_cancel_complete(&r->req);
223 goto done;
224 }
225
226 if (scsi_is_cmd_fua(&r->req.cmd)) {
227 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
228 BLOCK_ACCT_FLUSH);
229 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
230 return;
231 }
232
233 scsi_req_complete(&r->req, GOOD);
234
235 done:
236 scsi_req_unref(&r->req);
237 }
238
239 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
240 {
241 assert(r->req.aiocb == NULL);
242
243 if (r->req.io_canceled) {
244 scsi_req_cancel_complete(&r->req);
245 goto done;
246 }
247
248 if (ret < 0) {
249 if (scsi_handle_rw_error(r, -ret, false)) {
250 goto done;
251 }
252 }
253
254 r->sector += r->sector_count;
255 r->sector_count = 0;
256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 scsi_write_do_fua(r);
258 return;
259 } else {
260 scsi_req_complete(&r->req, GOOD);
261 }
262
263 done:
264 scsi_req_unref(&r->req);
265 }
266
267 static void scsi_dma_complete(void *opaque, int ret)
268 {
269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
271
272 assert(r->req.aiocb != NULL);
273 r->req.aiocb = NULL;
274
275 if (ret < 0) {
276 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
277 } else {
278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
279 }
280 scsi_dma_complete_noio(r, ret);
281 }
282
283 static void scsi_read_complete(void * opaque, int ret)
284 {
285 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
287 int n;
288
289 assert(r->req.aiocb != NULL);
290 r->req.aiocb = NULL;
291 if (r->req.io_canceled) {
292 scsi_req_cancel_complete(&r->req);
293 goto done;
294 }
295
296 if (ret < 0) {
297 if (scsi_handle_rw_error(r, -ret, true)) {
298 goto done;
299 }
300 }
301
302 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
303 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
304
305 n = r->qiov.size / 512;
306 r->sector += n;
307 r->sector_count -= n;
308 scsi_req_data(&r->req, r->qiov.size);
309
310 done:
311 scsi_req_unref(&r->req);
312 }
313
314 /* Actually issue a read to the block device. */
315 static void scsi_do_read(SCSIDiskReq *r, int ret)
316 {
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
318
319 assert (r->req.aiocb == NULL);
320
321 if (r->req.io_canceled) {
322 scsi_req_cancel_complete(&r->req);
323 goto done;
324 }
325
326 if (ret < 0) {
327 if (scsi_handle_rw_error(r, -ret, false)) {
328 goto done;
329 }
330 }
331
332 /* The request is used as the AIO opaque value, so add a ref. */
333 scsi_req_ref(&r->req);
334
335 if (r->req.sg) {
336 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
337 r->req.resid -= r->req.sg->size;
338 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg,
339 r->sector << BDRV_SECTOR_BITS,
340 scsi_dma_complete, r);
341 } else {
342 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
343 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
344 r->qiov.size, BLOCK_ACCT_READ);
345 r->req.aiocb = blk_aio_preadv(s->qdev.conf.blk,
346 r->sector << BDRV_SECTOR_BITS, &r->qiov,
347 0, scsi_read_complete, r);
348 }
349
350 done:
351 scsi_req_unref(&r->req);
352 }
353
354 static void scsi_do_read_cb(void *opaque, int ret)
355 {
356 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
358
359 assert (r->req.aiocb != NULL);
360 r->req.aiocb = NULL;
361
362 if (ret < 0) {
363 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
364 } else {
365 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
366 }
367 scsi_do_read(opaque, ret);
368 }
369
370 /* Read more data from scsi device into buffer. */
371 static void scsi_read_data(SCSIRequest *req)
372 {
373 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
375 bool first;
376
377 DPRINTF("Read sector_count=%d\n", r->sector_count);
378 if (r->sector_count == 0) {
379 /* This also clears the sense buffer for REQUEST SENSE. */
380 scsi_req_complete(&r->req, GOOD);
381 return;
382 }
383
384 /* No data transfer may already be in progress */
385 assert(r->req.aiocb == NULL);
386
387 /* The request is used as the AIO opaque value, so add a ref. */
388 scsi_req_ref(&r->req);
389 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
390 DPRINTF("Data transfer direction invalid\n");
391 scsi_read_complete(r, -EINVAL);
392 return;
393 }
394
395 if (s->tray_open) {
396 scsi_read_complete(r, -ENOMEDIUM);
397 return;
398 }
399
400 first = !r->started;
401 r->started = true;
402 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
403 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
404 BLOCK_ACCT_FLUSH);
405 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
406 } else {
407 scsi_do_read(r, 0);
408 }
409 }
410
411 /*
412 * scsi_handle_rw_error has two return values. 0 means that the error
413 * must be ignored, 1 means that the error has been processed and the
414 * caller should not do anything else for this request. Note that
415 * scsi_handle_rw_error always manages its reference counts, independent
416 * of the return value.
417 */
418 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
419 {
420 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
421 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
422 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
423 is_read, error);
424
425 if (action == BLOCK_ERROR_ACTION_REPORT) {
426 if (acct_failed) {
427 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
428 }
429 switch (error) {
430 case ENOMEDIUM:
431 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
432 break;
433 case ENOMEM:
434 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
435 break;
436 case EINVAL:
437 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
438 break;
439 case ENOSPC:
440 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
441 break;
442 default:
443 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
444 break;
445 }
446 }
447 blk_error_action(s->qdev.conf.blk, action, is_read, error);
448 if (action == BLOCK_ERROR_ACTION_STOP) {
449 scsi_req_retry(&r->req);
450 }
451 return action != BLOCK_ERROR_ACTION_IGNORE;
452 }
453
454 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
455 {
456 uint32_t n;
457
458 assert (r->req.aiocb == NULL);
459
460 if (r->req.io_canceled) {
461 scsi_req_cancel_complete(&r->req);
462 goto done;
463 }
464
465 if (ret < 0) {
466 if (scsi_handle_rw_error(r, -ret, false)) {
467 goto done;
468 }
469 }
470
471 n = r->qiov.size / 512;
472 r->sector += n;
473 r->sector_count -= n;
474 if (r->sector_count == 0) {
475 scsi_write_do_fua(r);
476 return;
477 } else {
478 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
479 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
480 scsi_req_data(&r->req, r->qiov.size);
481 }
482
483 done:
484 scsi_req_unref(&r->req);
485 }
486
487 static void scsi_write_complete(void * opaque, int ret)
488 {
489 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
490 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
491
492 assert (r->req.aiocb != NULL);
493 r->req.aiocb = NULL;
494
495 if (ret < 0) {
496 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
497 } else {
498 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
499 }
500 scsi_write_complete_noio(r, ret);
501 }
502
503 static void scsi_write_data(SCSIRequest *req)
504 {
505 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
507
508 /* No data transfer may already be in progress */
509 assert(r->req.aiocb == NULL);
510
511 /* The request is used as the AIO opaque value, so add a ref. */
512 scsi_req_ref(&r->req);
513 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
514 DPRINTF("Data transfer direction invalid\n");
515 scsi_write_complete_noio(r, -EINVAL);
516 return;
517 }
518
519 if (!r->req.sg && !r->qiov.size) {
520 /* Called for the first time. Ask the driver to send us more data. */
521 r->started = true;
522 scsi_write_complete_noio(r, 0);
523 return;
524 }
525 if (s->tray_open) {
526 scsi_write_complete_noio(r, -ENOMEDIUM);
527 return;
528 }
529
530 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
531 r->req.cmd.buf[0] == VERIFY_16) {
532 if (r->req.sg) {
533 scsi_dma_complete_noio(r, 0);
534 } else {
535 scsi_write_complete_noio(r, 0);
536 }
537 return;
538 }
539
540 if (r->req.sg) {
541 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
542 r->req.resid -= r->req.sg->size;
543 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg,
544 r->sector << BDRV_SECTOR_BITS,
545 scsi_dma_complete, r);
546 } else {
547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
548 r->qiov.size, BLOCK_ACCT_WRITE);
549 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
550 r->sector << BDRV_SECTOR_BITS, &r->qiov,
551 0, scsi_write_complete, r);
552 }
553 }
554
555 /* Return a pointer to the data buffer. */
556 static uint8_t *scsi_get_buf(SCSIRequest *req)
557 {
558 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
559
560 return (uint8_t *)r->iov.iov_base;
561 }
562
563 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
564 {
565 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
566 int buflen = 0;
567 int start;
568
569 if (req->cmd.buf[1] & 0x1) {
570 /* Vital product data */
571 uint8_t page_code = req->cmd.buf[2];
572
573 outbuf[buflen++] = s->qdev.type & 0x1f;
574 outbuf[buflen++] = page_code ; // this page
575 outbuf[buflen++] = 0x00;
576 outbuf[buflen++] = 0x00;
577 start = buflen;
578
579 switch (page_code) {
580 case 0x00: /* Supported page codes, mandatory */
581 {
582 DPRINTF("Inquiry EVPD[Supported pages] "
583 "buffer size %zd\n", req->cmd.xfer);
584 outbuf[buflen++] = 0x00; // list of supported pages (this page)
585 if (s->serial) {
586 outbuf[buflen++] = 0x80; // unit serial number
587 }
588 outbuf[buflen++] = 0x83; // device identification
589 if (s->qdev.type == TYPE_DISK) {
590 outbuf[buflen++] = 0xb0; // block limits
591 outbuf[buflen++] = 0xb2; // thin provisioning
592 }
593 break;
594 }
595 case 0x80: /* Device serial number, optional */
596 {
597 int l;
598
599 if (!s->serial) {
600 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
601 return -1;
602 }
603
604 l = strlen(s->serial);
605 if (l > 20) {
606 l = 20;
607 }
608
609 DPRINTF("Inquiry EVPD[Serial number] "
610 "buffer size %zd\n", req->cmd.xfer);
611 memcpy(outbuf+buflen, s->serial, l);
612 buflen += l;
613 break;
614 }
615
616 case 0x83: /* Device identification page, mandatory */
617 {
618 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
619 int max_len = s->serial ? 20 : 255 - 8;
620 int id_len = strlen(str);
621
622 if (id_len > max_len) {
623 id_len = max_len;
624 }
625 DPRINTF("Inquiry EVPD[Device identification] "
626 "buffer size %zd\n", req->cmd.xfer);
627
628 outbuf[buflen++] = 0x2; // ASCII
629 outbuf[buflen++] = 0; // not officially assigned
630 outbuf[buflen++] = 0; // reserved
631 outbuf[buflen++] = id_len; // length of data following
632 memcpy(outbuf+buflen, str, id_len);
633 buflen += id_len;
634
635 if (s->qdev.wwn) {
636 outbuf[buflen++] = 0x1; // Binary
637 outbuf[buflen++] = 0x3; // NAA
638 outbuf[buflen++] = 0; // reserved
639 outbuf[buflen++] = 8;
640 stq_be_p(&outbuf[buflen], s->qdev.wwn);
641 buflen += 8;
642 }
643
644 if (s->qdev.port_wwn) {
645 outbuf[buflen++] = 0x61; // SAS / Binary
646 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
647 outbuf[buflen++] = 0; // reserved
648 outbuf[buflen++] = 8;
649 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
650 buflen += 8;
651 }
652
653 if (s->port_index) {
654 outbuf[buflen++] = 0x61; // SAS / Binary
655 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
656 outbuf[buflen++] = 0; // reserved
657 outbuf[buflen++] = 4;
658 stw_be_p(&outbuf[buflen + 2], s->port_index);
659 buflen += 4;
660 }
661 break;
662 }
663 case 0xb0: /* block limits */
664 {
665 unsigned int unmap_sectors =
666 s->qdev.conf.discard_granularity / s->qdev.blocksize;
667 unsigned int min_io_size =
668 s->qdev.conf.min_io_size / s->qdev.blocksize;
669 unsigned int opt_io_size =
670 s->qdev.conf.opt_io_size / s->qdev.blocksize;
671 unsigned int max_unmap_sectors =
672 s->max_unmap_size / s->qdev.blocksize;
673 unsigned int max_io_sectors =
674 s->max_io_size / s->qdev.blocksize;
675
676 if (s->qdev.type == TYPE_ROM) {
677 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
678 page_code);
679 return -1;
680 }
681 /* required VPD size with unmap support */
682 buflen = 0x40;
683 memset(outbuf + 4, 0, buflen - 4);
684
685 outbuf[4] = 0x1; /* wsnz */
686
687 /* optimal transfer length granularity */
688 outbuf[6] = (min_io_size >> 8) & 0xff;
689 outbuf[7] = min_io_size & 0xff;
690
691 /* maximum transfer length */
692 outbuf[8] = (max_io_sectors >> 24) & 0xff;
693 outbuf[9] = (max_io_sectors >> 16) & 0xff;
694 outbuf[10] = (max_io_sectors >> 8) & 0xff;
695 outbuf[11] = max_io_sectors & 0xff;
696
697 /* optimal transfer length */
698 outbuf[12] = (opt_io_size >> 24) & 0xff;
699 outbuf[13] = (opt_io_size >> 16) & 0xff;
700 outbuf[14] = (opt_io_size >> 8) & 0xff;
701 outbuf[15] = opt_io_size & 0xff;
702
703 /* max unmap LBA count, default is 1GB */
704 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
705 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
706 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
707 outbuf[23] = max_unmap_sectors & 0xff;
708
709 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
710 outbuf[24] = 0;
711 outbuf[25] = 0;
712 outbuf[26] = 0;
713 outbuf[27] = 255;
714
715 /* optimal unmap granularity */
716 outbuf[28] = (unmap_sectors >> 24) & 0xff;
717 outbuf[29] = (unmap_sectors >> 16) & 0xff;
718 outbuf[30] = (unmap_sectors >> 8) & 0xff;
719 outbuf[31] = unmap_sectors & 0xff;
720
721 /* max write same size */
722 outbuf[36] = 0;
723 outbuf[37] = 0;
724 outbuf[38] = 0;
725 outbuf[39] = 0;
726
727 outbuf[40] = (max_io_sectors >> 24) & 0xff;
728 outbuf[41] = (max_io_sectors >> 16) & 0xff;
729 outbuf[42] = (max_io_sectors >> 8) & 0xff;
730 outbuf[43] = max_io_sectors & 0xff;
731 break;
732 }
733 case 0xb2: /* thin provisioning */
734 {
735 buflen = 8;
736 outbuf[4] = 0;
737 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
738 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
739 outbuf[7] = 0;
740 break;
741 }
742 default:
743 return -1;
744 }
745 /* done with EVPD */
746 assert(buflen - start <= 255);
747 outbuf[start - 1] = buflen - start;
748 return buflen;
749 }
750
751 /* Standard INQUIRY data */
752 if (req->cmd.buf[2] != 0) {
753 return -1;
754 }
755
756 /* PAGE CODE == 0 */
757 buflen = req->cmd.xfer;
758 if (buflen > SCSI_MAX_INQUIRY_LEN) {
759 buflen = SCSI_MAX_INQUIRY_LEN;
760 }
761
762 outbuf[0] = s->qdev.type & 0x1f;
763 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
764
765 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
766 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
767
768 memset(&outbuf[32], 0, 4);
769 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
770 /*
771 * We claim conformance to SPC-3, which is required for guests
772 * to ask for modern features like READ CAPACITY(16) or the
773 * block characteristics VPD page by default. Not all of SPC-3
774 * is actually implemented, but we're good enough.
775 */
776 outbuf[2] = 5;
777 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
778
779 if (buflen > 36) {
780 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
781 } else {
782 /* If the allocation length of CDB is too small,
783 the additional length is not adjusted */
784 outbuf[4] = 36 - 5;
785 }
786
787 /* Sync data transfer and TCQ. */
788 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
789 return buflen;
790 }
791
792 static inline bool media_is_dvd(SCSIDiskState *s)
793 {
794 uint64_t nb_sectors;
795 if (s->qdev.type != TYPE_ROM) {
796 return false;
797 }
798 if (!blk_is_inserted(s->qdev.conf.blk)) {
799 return false;
800 }
801 if (s->tray_open) {
802 return false;
803 }
804 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
805 return nb_sectors > CD_MAX_SECTORS;
806 }
807
808 static inline bool media_is_cd(SCSIDiskState *s)
809 {
810 uint64_t nb_sectors;
811 if (s->qdev.type != TYPE_ROM) {
812 return false;
813 }
814 if (!blk_is_inserted(s->qdev.conf.blk)) {
815 return false;
816 }
817 if (s->tray_open) {
818 return false;
819 }
820 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
821 return nb_sectors <= CD_MAX_SECTORS;
822 }
823
824 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
825 uint8_t *outbuf)
826 {
827 uint8_t type = r->req.cmd.buf[1] & 7;
828
829 if (s->qdev.type != TYPE_ROM) {
830 return -1;
831 }
832
833 /* Types 1/2 are only defined for Blu-Ray. */
834 if (type != 0) {
835 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
836 return -1;
837 }
838
839 memset(outbuf, 0, 34);
840 outbuf[1] = 32;
841 outbuf[2] = 0xe; /* last session complete, disc finalized */
842 outbuf[3] = 1; /* first track on disc */
843 outbuf[4] = 1; /* # of sessions */
844 outbuf[5] = 1; /* first track of last session */
845 outbuf[6] = 1; /* last track of last session */
846 outbuf[7] = 0x20; /* unrestricted use */
847 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
848 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
849 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
850 /* 24-31: disc bar code */
851 /* 32: disc application code */
852 /* 33: number of OPC tables */
853
854 return 34;
855 }
856
857 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
858 uint8_t *outbuf)
859 {
860 static const int rds_caps_size[5] = {
861 [0] = 2048 + 4,
862 [1] = 4 + 4,
863 [3] = 188 + 4,
864 [4] = 2048 + 4,
865 };
866
867 uint8_t media = r->req.cmd.buf[1];
868 uint8_t layer = r->req.cmd.buf[6];
869 uint8_t format = r->req.cmd.buf[7];
870 int size = -1;
871
872 if (s->qdev.type != TYPE_ROM) {
873 return -1;
874 }
875 if (media != 0) {
876 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
877 return -1;
878 }
879
880 if (format != 0xff) {
881 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
882 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
883 return -1;
884 }
885 if (media_is_cd(s)) {
886 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
887 return -1;
888 }
889 if (format >= ARRAY_SIZE(rds_caps_size)) {
890 return -1;
891 }
892 size = rds_caps_size[format];
893 memset(outbuf, 0, size);
894 }
895
896 switch (format) {
897 case 0x00: {
898 /* Physical format information */
899 uint64_t nb_sectors;
900 if (layer != 0) {
901 goto fail;
902 }
903 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
904
905 outbuf[4] = 1; /* DVD-ROM, part version 1 */
906 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
907 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
908 outbuf[7] = 0; /* default densities */
909
910 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
911 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
912 break;
913 }
914
915 case 0x01: /* DVD copyright information, all zeros */
916 break;
917
918 case 0x03: /* BCA information - invalid field for no BCA info */
919 return -1;
920
921 case 0x04: /* DVD disc manufacturing information, all zeros */
922 break;
923
924 case 0xff: { /* List capabilities */
925 int i;
926 size = 4;
927 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
928 if (!rds_caps_size[i]) {
929 continue;
930 }
931 outbuf[size] = i;
932 outbuf[size + 1] = 0x40; /* Not writable, readable */
933 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
934 size += 4;
935 }
936 break;
937 }
938
939 default:
940 return -1;
941 }
942
943 /* Size of buffer, not including 2 byte size field */
944 stw_be_p(outbuf, size - 2);
945 return size;
946
947 fail:
948 return -1;
949 }
950
951 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
952 {
953 uint8_t event_code, media_status;
954
955 media_status = 0;
956 if (s->tray_open) {
957 media_status = MS_TRAY_OPEN;
958 } else if (blk_is_inserted(s->qdev.conf.blk)) {
959 media_status = MS_MEDIA_PRESENT;
960 }
961
962 /* Event notification descriptor */
963 event_code = MEC_NO_CHANGE;
964 if (media_status != MS_TRAY_OPEN) {
965 if (s->media_event) {
966 event_code = MEC_NEW_MEDIA;
967 s->media_event = false;
968 } else if (s->eject_request) {
969 event_code = MEC_EJECT_REQUESTED;
970 s->eject_request = false;
971 }
972 }
973
974 outbuf[0] = event_code;
975 outbuf[1] = media_status;
976
977 /* These fields are reserved, just clear them. */
978 outbuf[2] = 0;
979 outbuf[3] = 0;
980 return 4;
981 }
982
983 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
984 uint8_t *outbuf)
985 {
986 int size;
987 uint8_t *buf = r->req.cmd.buf;
988 uint8_t notification_class_request = buf[4];
989 if (s->qdev.type != TYPE_ROM) {
990 return -1;
991 }
992 if ((buf[1] & 1) == 0) {
993 /* asynchronous */
994 return -1;
995 }
996
997 size = 4;
998 outbuf[0] = outbuf[1] = 0;
999 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1000 if (notification_class_request & (1 << GESN_MEDIA)) {
1001 outbuf[2] = GESN_MEDIA;
1002 size += scsi_event_status_media(s, &outbuf[size]);
1003 } else {
1004 outbuf[2] = 0x80;
1005 }
1006 stw_be_p(outbuf, size - 4);
1007 return size;
1008 }
1009
1010 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1011 {
1012 int current;
1013
1014 if (s->qdev.type != TYPE_ROM) {
1015 return -1;
1016 }
1017
1018 if (media_is_dvd(s)) {
1019 current = MMC_PROFILE_DVD_ROM;
1020 } else if (media_is_cd(s)) {
1021 current = MMC_PROFILE_CD_ROM;
1022 } else {
1023 current = MMC_PROFILE_NONE;
1024 }
1025
1026 memset(outbuf, 0, 40);
1027 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1028 stw_be_p(&outbuf[6], current);
1029 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1030 outbuf[10] = 0x03; /* persistent, current */
1031 outbuf[11] = 8; /* two profiles */
1032 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1033 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1034 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1035 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1036 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1037 stw_be_p(&outbuf[20], 1);
1038 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1039 outbuf[23] = 8;
1040 stl_be_p(&outbuf[24], 1); /* SCSI */
1041 outbuf[28] = 1; /* DBE = 1, mandatory */
1042 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1043 stw_be_p(&outbuf[32], 3);
1044 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1045 outbuf[35] = 4;
1046 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1047 /* TODO: Random readable, CD read, DVD read, drive serial number,
1048 power management */
1049 return 40;
1050 }
1051
1052 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1053 {
1054 if (s->qdev.type != TYPE_ROM) {
1055 return -1;
1056 }
1057 memset(outbuf, 0, 8);
1058 outbuf[5] = 1; /* CD-ROM */
1059 return 8;
1060 }
1061
1062 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1063 int page_control)
1064 {
1065 static const int mode_sense_valid[0x3f] = {
1066 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1067 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1068 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1069 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1070 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1071 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1072 };
1073
1074 uint8_t *p = *p_outbuf + 2;
1075 int length;
1076
1077 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1078 return -1;
1079 }
1080
1081 /*
1082 * If Changeable Values are requested, a mask denoting those mode parameters
1083 * that are changeable shall be returned. As we currently don't support
1084 * parameter changes via MODE_SELECT all bits are returned set to zero.
1085 * The buffer was already menset to zero by the caller of this function.
1086 *
1087 * The offsets here are off by two compared to the descriptions in the
1088 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1089 * but it is done so that offsets are consistent within our implementation
1090 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1091 * 2-byte and 4-byte headers.
1092 */
1093 switch (page) {
1094 case MODE_PAGE_HD_GEOMETRY:
1095 length = 0x16;
1096 if (page_control == 1) { /* Changeable Values */
1097 break;
1098 }
1099 /* if a geometry hint is available, use it */
1100 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1101 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1102 p[2] = s->qdev.conf.cyls & 0xff;
1103 p[3] = s->qdev.conf.heads & 0xff;
1104 /* Write precomp start cylinder, disabled */
1105 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1106 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1107 p[6] = s->qdev.conf.cyls & 0xff;
1108 /* Reduced current start cylinder, disabled */
1109 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1110 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1111 p[9] = s->qdev.conf.cyls & 0xff;
1112 /* Device step rate [ns], 200ns */
1113 p[10] = 0;
1114 p[11] = 200;
1115 /* Landing zone cylinder */
1116 p[12] = 0xff;
1117 p[13] = 0xff;
1118 p[14] = 0xff;
1119 /* Medium rotation rate [rpm], 5400 rpm */
1120 p[18] = (5400 >> 8) & 0xff;
1121 p[19] = 5400 & 0xff;
1122 break;
1123
1124 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1125 length = 0x1e;
1126 if (page_control == 1) { /* Changeable Values */
1127 break;
1128 }
1129 /* Transfer rate [kbit/s], 5Mbit/s */
1130 p[0] = 5000 >> 8;
1131 p[1] = 5000 & 0xff;
1132 /* if a geometry hint is available, use it */
1133 p[2] = s->qdev.conf.heads & 0xff;
1134 p[3] = s->qdev.conf.secs & 0xff;
1135 p[4] = s->qdev.blocksize >> 8;
1136 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1137 p[7] = s->qdev.conf.cyls & 0xff;
1138 /* Write precomp start cylinder, disabled */
1139 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1140 p[9] = s->qdev.conf.cyls & 0xff;
1141 /* Reduced current start cylinder, disabled */
1142 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1143 p[11] = s->qdev.conf.cyls & 0xff;
1144 /* Device step rate [100us], 100us */
1145 p[12] = 0;
1146 p[13] = 1;
1147 /* Device step pulse width [us], 1us */
1148 p[14] = 1;
1149 /* Device head settle delay [100us], 100us */
1150 p[15] = 0;
1151 p[16] = 1;
1152 /* Motor on delay [0.1s], 0.1s */
1153 p[17] = 1;
1154 /* Motor off delay [0.1s], 0.1s */
1155 p[18] = 1;
1156 /* Medium rotation rate [rpm], 5400 rpm */
1157 p[26] = (5400 >> 8) & 0xff;
1158 p[27] = 5400 & 0xff;
1159 break;
1160
1161 case MODE_PAGE_CACHING:
1162 length = 0x12;
1163 if (page_control == 1 || /* Changeable Values */
1164 blk_enable_write_cache(s->qdev.conf.blk)) {
1165 p[0] = 4; /* WCE */
1166 }
1167 break;
1168
1169 case MODE_PAGE_R_W_ERROR:
1170 length = 10;
1171 if (page_control == 1) { /* Changeable Values */
1172 break;
1173 }
1174 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1175 if (s->qdev.type == TYPE_ROM) {
1176 p[1] = 0x20; /* Read Retry Count */
1177 }
1178 break;
1179
1180 case MODE_PAGE_AUDIO_CTL:
1181 length = 14;
1182 break;
1183
1184 case MODE_PAGE_CAPABILITIES:
1185 length = 0x14;
1186 if (page_control == 1) { /* Changeable Values */
1187 break;
1188 }
1189
1190 p[0] = 0x3b; /* CD-R & CD-RW read */
1191 p[1] = 0; /* Writing not supported */
1192 p[2] = 0x7f; /* Audio, composite, digital out,
1193 mode 2 form 1&2, multi session */
1194 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1195 RW corrected, C2 errors, ISRC,
1196 UPC, Bar code */
1197 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1198 /* Locking supported, jumper present, eject, tray */
1199 p[5] = 0; /* no volume & mute control, no
1200 changer */
1201 p[6] = (50 * 176) >> 8; /* 50x read speed */
1202 p[7] = (50 * 176) & 0xff;
1203 p[8] = 2 >> 8; /* Two volume levels */
1204 p[9] = 2 & 0xff;
1205 p[10] = 2048 >> 8; /* 2M buffer */
1206 p[11] = 2048 & 0xff;
1207 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1208 p[13] = (16 * 176) & 0xff;
1209 p[16] = (16 * 176) >> 8; /* 16x write speed */
1210 p[17] = (16 * 176) & 0xff;
1211 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1212 p[19] = (16 * 176) & 0xff;
1213 break;
1214
1215 default:
1216 return -1;
1217 }
1218
1219 assert(length < 256);
1220 (*p_outbuf)[0] = page;
1221 (*p_outbuf)[1] = length;
1222 *p_outbuf += length + 2;
1223 return length + 2;
1224 }
1225
1226 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1227 {
1228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1229 uint64_t nb_sectors;
1230 bool dbd;
1231 int page, buflen, ret, page_control;
1232 uint8_t *p;
1233 uint8_t dev_specific_param;
1234
1235 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1236 page = r->req.cmd.buf[2] & 0x3f;
1237 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1238 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1239 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1240 memset(outbuf, 0, r->req.cmd.xfer);
1241 p = outbuf;
1242
1243 if (s->qdev.type == TYPE_DISK) {
1244 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1245 if (blk_is_read_only(s->qdev.conf.blk)) {
1246 dev_specific_param |= 0x80; /* Readonly. */
1247 }
1248 } else {
1249 /* MMC prescribes that CD/DVD drives have no block descriptors,
1250 * and defines no device-specific parameter. */
1251 dev_specific_param = 0x00;
1252 dbd = true;
1253 }
1254
1255 if (r->req.cmd.buf[0] == MODE_SENSE) {
1256 p[1] = 0; /* Default media type. */
1257 p[2] = dev_specific_param;
1258 p[3] = 0; /* Block descriptor length. */
1259 p += 4;
1260 } else { /* MODE_SENSE_10 */
1261 p[2] = 0; /* Default media type. */
1262 p[3] = dev_specific_param;
1263 p[6] = p[7] = 0; /* Block descriptor length. */
1264 p += 8;
1265 }
1266
1267 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1268 if (!dbd && nb_sectors) {
1269 if (r->req.cmd.buf[0] == MODE_SENSE) {
1270 outbuf[3] = 8; /* Block descriptor length */
1271 } else { /* MODE_SENSE_10 */
1272 outbuf[7] = 8; /* Block descriptor length */
1273 }
1274 nb_sectors /= (s->qdev.blocksize / 512);
1275 if (nb_sectors > 0xffffff) {
1276 nb_sectors = 0;
1277 }
1278 p[0] = 0; /* media density code */
1279 p[1] = (nb_sectors >> 16) & 0xff;
1280 p[2] = (nb_sectors >> 8) & 0xff;
1281 p[3] = nb_sectors & 0xff;
1282 p[4] = 0; /* reserved */
1283 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1284 p[6] = s->qdev.blocksize >> 8;
1285 p[7] = 0;
1286 p += 8;
1287 }
1288
1289 if (page_control == 3) {
1290 /* Saved Values */
1291 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1292 return -1;
1293 }
1294
1295 if (page == 0x3f) {
1296 for (page = 0; page <= 0x3e; page++) {
1297 mode_sense_page(s, page, &p, page_control);
1298 }
1299 } else {
1300 ret = mode_sense_page(s, page, &p, page_control);
1301 if (ret == -1) {
1302 return -1;
1303 }
1304 }
1305
1306 buflen = p - outbuf;
1307 /*
1308 * The mode data length field specifies the length in bytes of the
1309 * following data that is available to be transferred. The mode data
1310 * length does not include itself.
1311 */
1312 if (r->req.cmd.buf[0] == MODE_SENSE) {
1313 outbuf[0] = buflen - 1;
1314 } else { /* MODE_SENSE_10 */
1315 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1316 outbuf[1] = (buflen - 2) & 0xff;
1317 }
1318 return buflen;
1319 }
1320
1321 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1322 {
1323 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1324 int start_track, format, msf, toclen;
1325 uint64_t nb_sectors;
1326
1327 msf = req->cmd.buf[1] & 2;
1328 format = req->cmd.buf[2] & 0xf;
1329 start_track = req->cmd.buf[6];
1330 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1331 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1332 nb_sectors /= s->qdev.blocksize / 512;
1333 switch (format) {
1334 case 0:
1335 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1336 break;
1337 case 1:
1338 /* multi session : only a single session defined */
1339 toclen = 12;
1340 memset(outbuf, 0, 12);
1341 outbuf[1] = 0x0a;
1342 outbuf[2] = 0x01;
1343 outbuf[3] = 0x01;
1344 break;
1345 case 2:
1346 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1347 break;
1348 default:
1349 return -1;
1350 }
1351 return toclen;
1352 }
1353
1354 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1355 {
1356 SCSIRequest *req = &r->req;
1357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1358 bool start = req->cmd.buf[4] & 1;
1359 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1360 int pwrcnd = req->cmd.buf[4] & 0xf0;
1361
1362 if (pwrcnd) {
1363 /* eject/load only happens for power condition == 0 */
1364 return 0;
1365 }
1366
1367 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1368 if (!start && !s->tray_open && s->tray_locked) {
1369 scsi_check_condition(r,
1370 blk_is_inserted(s->qdev.conf.blk)
1371 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1372 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1373 return -1;
1374 }
1375
1376 if (s->tray_open != !start) {
1377 blk_eject(s->qdev.conf.blk, !start);
1378 s->tray_open = !start;
1379 }
1380 }
1381 return 0;
1382 }
1383
1384 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1385 {
1386 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1387 int buflen = r->iov.iov_len;
1388
1389 if (buflen) {
1390 DPRINTF("Read buf_len=%d\n", buflen);
1391 r->iov.iov_len = 0;
1392 r->started = true;
1393 scsi_req_data(&r->req, buflen);
1394 return;
1395 }
1396
1397 /* This also clears the sense buffer for REQUEST SENSE. */
1398 scsi_req_complete(&r->req, GOOD);
1399 }
1400
1401 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1402 uint8_t *inbuf, int inlen)
1403 {
1404 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1405 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1406 uint8_t *p;
1407 int len, expected_len, changeable_len, i;
1408
1409 /* The input buffer does not include the page header, so it is
1410 * off by 2 bytes.
1411 */
1412 expected_len = inlen + 2;
1413 if (expected_len > SCSI_MAX_MODE_LEN) {
1414 return -1;
1415 }
1416
1417 p = mode_current;
1418 memset(mode_current, 0, inlen + 2);
1419 len = mode_sense_page(s, page, &p, 0);
1420 if (len < 0 || len != expected_len) {
1421 return -1;
1422 }
1423
1424 p = mode_changeable;
1425 memset(mode_changeable, 0, inlen + 2);
1426 changeable_len = mode_sense_page(s, page, &p, 1);
1427 assert(changeable_len == len);
1428
1429 /* Check that unchangeable bits are the same as what MODE SENSE
1430 * would return.
1431 */
1432 for (i = 2; i < len; i++) {
1433 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1434 return -1;
1435 }
1436 }
1437 return 0;
1438 }
1439
1440 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1441 {
1442 switch (page) {
1443 case MODE_PAGE_CACHING:
1444 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1445 break;
1446
1447 default:
1448 break;
1449 }
1450 }
1451
1452 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1453 {
1454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1455
1456 while (len > 0) {
1457 int page, subpage, page_len;
1458
1459 /* Parse both possible formats for the mode page headers. */
1460 page = p[0] & 0x3f;
1461 if (p[0] & 0x40) {
1462 if (len < 4) {
1463 goto invalid_param_len;
1464 }
1465 subpage = p[1];
1466 page_len = lduw_be_p(&p[2]);
1467 p += 4;
1468 len -= 4;
1469 } else {
1470 if (len < 2) {
1471 goto invalid_param_len;
1472 }
1473 subpage = 0;
1474 page_len = p[1];
1475 p += 2;
1476 len -= 2;
1477 }
1478
1479 if (subpage) {
1480 goto invalid_param;
1481 }
1482 if (page_len > len) {
1483 goto invalid_param_len;
1484 }
1485
1486 if (!change) {
1487 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1488 goto invalid_param;
1489 }
1490 } else {
1491 scsi_disk_apply_mode_select(s, page, p);
1492 }
1493
1494 p += page_len;
1495 len -= page_len;
1496 }
1497 return 0;
1498
1499 invalid_param:
1500 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1501 return -1;
1502
1503 invalid_param_len:
1504 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1505 return -1;
1506 }
1507
1508 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1509 {
1510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1511 uint8_t *p = inbuf;
1512 int cmd = r->req.cmd.buf[0];
1513 int len = r->req.cmd.xfer;
1514 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1515 int bd_len;
1516 int pass;
1517
1518 /* We only support PF=1, SP=0. */
1519 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1520 goto invalid_field;
1521 }
1522
1523 if (len < hdr_len) {
1524 goto invalid_param_len;
1525 }
1526
1527 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1528 len -= hdr_len;
1529 p += hdr_len;
1530 if (len < bd_len) {
1531 goto invalid_param_len;
1532 }
1533 if (bd_len != 0 && bd_len != 8) {
1534 goto invalid_param;
1535 }
1536
1537 len -= bd_len;
1538 p += bd_len;
1539
1540 /* Ensure no change is made if there is an error! */
1541 for (pass = 0; pass < 2; pass++) {
1542 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1543 assert(pass == 0);
1544 return;
1545 }
1546 }
1547 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1548 /* The request is used as the AIO opaque value, so add a ref. */
1549 scsi_req_ref(&r->req);
1550 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1551 BLOCK_ACCT_FLUSH);
1552 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1553 return;
1554 }
1555
1556 scsi_req_complete(&r->req, GOOD);
1557 return;
1558
1559 invalid_param:
1560 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1561 return;
1562
1563 invalid_param_len:
1564 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1565 return;
1566
1567 invalid_field:
1568 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1569 }
1570
1571 static inline bool check_lba_range(SCSIDiskState *s,
1572 uint64_t sector_num, uint32_t nb_sectors)
1573 {
1574 /*
1575 * The first line tests that no overflow happens when computing the last
1576 * sector. The second line tests that the last accessed sector is in
1577 * range.
1578 *
1579 * Careful, the computations should not underflow for nb_sectors == 0,
1580 * and a 0-block read to the first LBA beyond the end of device is
1581 * valid.
1582 */
1583 return (sector_num <= sector_num + nb_sectors &&
1584 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1585 }
1586
1587 typedef struct UnmapCBData {
1588 SCSIDiskReq *r;
1589 uint8_t *inbuf;
1590 int count;
1591 } UnmapCBData;
1592
1593 static void scsi_unmap_complete(void *opaque, int ret);
1594
1595 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1596 {
1597 SCSIDiskReq *r = data->r;
1598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1599 uint64_t sector_num;
1600 uint32_t nb_sectors;
1601
1602 assert(r->req.aiocb == NULL);
1603
1604 if (r->req.io_canceled) {
1605 scsi_req_cancel_complete(&r->req);
1606 goto done;
1607 }
1608
1609 if (ret < 0) {
1610 if (scsi_handle_rw_error(r, -ret, false)) {
1611 goto done;
1612 }
1613 }
1614
1615 if (data->count > 0) {
1616 sector_num = ldq_be_p(&data->inbuf[0]);
1617 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1618 if (!check_lba_range(s, sector_num, nb_sectors)) {
1619 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1620 goto done;
1621 }
1622
1623 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1624 sector_num * (s->qdev.blocksize / 512),
1625 nb_sectors * (s->qdev.blocksize / 512),
1626 scsi_unmap_complete, data);
1627 data->count--;
1628 data->inbuf += 16;
1629 return;
1630 }
1631
1632 scsi_req_complete(&r->req, GOOD);
1633
1634 done:
1635 scsi_req_unref(&r->req);
1636 g_free(data);
1637 }
1638
1639 static void scsi_unmap_complete(void *opaque, int ret)
1640 {
1641 UnmapCBData *data = opaque;
1642 SCSIDiskReq *r = data->r;
1643
1644 assert(r->req.aiocb != NULL);
1645 r->req.aiocb = NULL;
1646
1647 scsi_unmap_complete_noio(data, ret);
1648 }
1649
1650 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1651 {
1652 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1653 uint8_t *p = inbuf;
1654 int len = r->req.cmd.xfer;
1655 UnmapCBData *data;
1656
1657 /* Reject ANCHOR=1. */
1658 if (r->req.cmd.buf[1] & 0x1) {
1659 goto invalid_field;
1660 }
1661
1662 if (len < 8) {
1663 goto invalid_param_len;
1664 }
1665 if (len < lduw_be_p(&p[0]) + 2) {
1666 goto invalid_param_len;
1667 }
1668 if (len < lduw_be_p(&p[2]) + 8) {
1669 goto invalid_param_len;
1670 }
1671 if (lduw_be_p(&p[2]) & 15) {
1672 goto invalid_param_len;
1673 }
1674
1675 if (blk_is_read_only(s->qdev.conf.blk)) {
1676 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1677 return;
1678 }
1679
1680 data = g_new0(UnmapCBData, 1);
1681 data->r = r;
1682 data->inbuf = &p[8];
1683 data->count = lduw_be_p(&p[2]) >> 4;
1684
1685 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1686 scsi_req_ref(&r->req);
1687 scsi_unmap_complete_noio(data, 0);
1688 return;
1689
1690 invalid_param_len:
1691 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1692 return;
1693
1694 invalid_field:
1695 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1696 }
1697
1698 typedef struct WriteSameCBData {
1699 SCSIDiskReq *r;
1700 int64_t sector;
1701 int nb_sectors;
1702 QEMUIOVector qiov;
1703 struct iovec iov;
1704 } WriteSameCBData;
1705
1706 static void scsi_write_same_complete(void *opaque, int ret)
1707 {
1708 WriteSameCBData *data = opaque;
1709 SCSIDiskReq *r = data->r;
1710 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1711
1712 assert(r->req.aiocb != NULL);
1713 r->req.aiocb = NULL;
1714 if (r->req.io_canceled) {
1715 scsi_req_cancel_complete(&r->req);
1716 goto done;
1717 }
1718
1719 if (ret < 0) {
1720 if (scsi_handle_rw_error(r, -ret, true)) {
1721 goto done;
1722 }
1723 }
1724
1725 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1726
1727 data->nb_sectors -= data->iov.iov_len / 512;
1728 data->sector += data->iov.iov_len / 512;
1729 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1730 if (data->iov.iov_len) {
1731 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1732 data->iov.iov_len, BLOCK_ACCT_WRITE);
1733 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1734 * where final qiov may need smaller size */
1735 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1736 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1737 data->sector << BDRV_SECTOR_BITS,
1738 &data->qiov, 0,
1739 scsi_write_same_complete, data);
1740 return;
1741 }
1742
1743 scsi_req_complete(&r->req, GOOD);
1744
1745 done:
1746 scsi_req_unref(&r->req);
1747 qemu_vfree(data->iov.iov_base);
1748 g_free(data);
1749 }
1750
1751 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1752 {
1753 SCSIRequest *req = &r->req;
1754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1755 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1756 WriteSameCBData *data;
1757 uint8_t *buf;
1758 int i;
1759
1760 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1761 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1762 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1763 return;
1764 }
1765
1766 if (blk_is_read_only(s->qdev.conf.blk)) {
1767 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1768 return;
1769 }
1770 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1771 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1772 return;
1773 }
1774
1775 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1776 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1777
1778 /* The request is used as the AIO opaque value, so add a ref. */
1779 scsi_req_ref(&r->req);
1780 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1781 nb_sectors * s->qdev.blocksize,
1782 BLOCK_ACCT_WRITE);
1783 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk,
1784 r->req.cmd.lba * s->qdev.blocksize,
1785 nb_sectors * s->qdev.blocksize,
1786 flags, scsi_aio_complete, r);
1787 return;
1788 }
1789
1790 data = g_new0(WriteSameCBData, 1);
1791 data->r = r;
1792 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1793 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1794 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1795 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1796 data->iov.iov_len);
1797 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1798
1799 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1800 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1801 }
1802
1803 scsi_req_ref(&r->req);
1804 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1805 data->iov.iov_len, BLOCK_ACCT_WRITE);
1806 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1807 data->sector << BDRV_SECTOR_BITS,
1808 &data->qiov, 0,
1809 scsi_write_same_complete, data);
1810 }
1811
1812 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1813 {
1814 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1815
1816 if (r->iov.iov_len) {
1817 int buflen = r->iov.iov_len;
1818 DPRINTF("Write buf_len=%d\n", buflen);
1819 r->iov.iov_len = 0;
1820 scsi_req_data(&r->req, buflen);
1821 return;
1822 }
1823
1824 switch (req->cmd.buf[0]) {
1825 case MODE_SELECT:
1826 case MODE_SELECT_10:
1827 /* This also clears the sense buffer for REQUEST SENSE. */
1828 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1829 break;
1830
1831 case UNMAP:
1832 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1833 break;
1834
1835 case VERIFY_10:
1836 case VERIFY_12:
1837 case VERIFY_16:
1838 if (r->req.status == -1) {
1839 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1840 }
1841 break;
1842
1843 case WRITE_SAME_10:
1844 case WRITE_SAME_16:
1845 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1846 break;
1847
1848 default:
1849 abort();
1850 }
1851 }
1852
1853 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1854 {
1855 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1856 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1857 uint64_t nb_sectors;
1858 uint8_t *outbuf;
1859 int buflen;
1860
1861 switch (req->cmd.buf[0]) {
1862 case INQUIRY:
1863 case MODE_SENSE:
1864 case MODE_SENSE_10:
1865 case RESERVE:
1866 case RESERVE_10:
1867 case RELEASE:
1868 case RELEASE_10:
1869 case START_STOP:
1870 case ALLOW_MEDIUM_REMOVAL:
1871 case GET_CONFIGURATION:
1872 case GET_EVENT_STATUS_NOTIFICATION:
1873 case MECHANISM_STATUS:
1874 case REQUEST_SENSE:
1875 break;
1876
1877 default:
1878 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
1879 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1880 return 0;
1881 }
1882 break;
1883 }
1884
1885 /*
1886 * FIXME: we shouldn't return anything bigger than 4k, but the code
1887 * requires the buffer to be as big as req->cmd.xfer in several
1888 * places. So, do not allow CDBs with a very large ALLOCATION
1889 * LENGTH. The real fix would be to modify scsi_read_data and
1890 * dma_buf_read, so that they return data beyond the buflen
1891 * as all zeros.
1892 */
1893 if (req->cmd.xfer > 65536) {
1894 goto illegal_request;
1895 }
1896 r->buflen = MAX(4096, req->cmd.xfer);
1897
1898 if (!r->iov.iov_base) {
1899 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1900 }
1901
1902 buflen = req->cmd.xfer;
1903 outbuf = r->iov.iov_base;
1904 memset(outbuf, 0, r->buflen);
1905 switch (req->cmd.buf[0]) {
1906 case TEST_UNIT_READY:
1907 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
1908 break;
1909 case INQUIRY:
1910 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1911 if (buflen < 0) {
1912 goto illegal_request;
1913 }
1914 break;
1915 case MODE_SENSE:
1916 case MODE_SENSE_10:
1917 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1918 if (buflen < 0) {
1919 goto illegal_request;
1920 }
1921 break;
1922 case READ_TOC:
1923 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1924 if (buflen < 0) {
1925 goto illegal_request;
1926 }
1927 break;
1928 case RESERVE:
1929 if (req->cmd.buf[1] & 1) {
1930 goto illegal_request;
1931 }
1932 break;
1933 case RESERVE_10:
1934 if (req->cmd.buf[1] & 3) {
1935 goto illegal_request;
1936 }
1937 break;
1938 case RELEASE:
1939 if (req->cmd.buf[1] & 1) {
1940 goto illegal_request;
1941 }
1942 break;
1943 case RELEASE_10:
1944 if (req->cmd.buf[1] & 3) {
1945 goto illegal_request;
1946 }
1947 break;
1948 case START_STOP:
1949 if (scsi_disk_emulate_start_stop(r) < 0) {
1950 return 0;
1951 }
1952 break;
1953 case ALLOW_MEDIUM_REMOVAL:
1954 s->tray_locked = req->cmd.buf[4] & 1;
1955 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1956 break;
1957 case READ_CAPACITY_10:
1958 /* The normal LEN field for this command is zero. */
1959 memset(outbuf, 0, 8);
1960 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1961 if (!nb_sectors) {
1962 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1963 return 0;
1964 }
1965 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1966 goto illegal_request;
1967 }
1968 nb_sectors /= s->qdev.blocksize / 512;
1969 /* Returned value is the address of the last sector. */
1970 nb_sectors--;
1971 /* Remember the new size for read/write sanity checking. */
1972 s->qdev.max_lba = nb_sectors;
1973 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1974 if (nb_sectors > UINT32_MAX) {
1975 nb_sectors = UINT32_MAX;
1976 }
1977 outbuf[0] = (nb_sectors >> 24) & 0xff;
1978 outbuf[1] = (nb_sectors >> 16) & 0xff;
1979 outbuf[2] = (nb_sectors >> 8) & 0xff;
1980 outbuf[3] = nb_sectors & 0xff;
1981 outbuf[4] = 0;
1982 outbuf[5] = 0;
1983 outbuf[6] = s->qdev.blocksize >> 8;
1984 outbuf[7] = 0;
1985 break;
1986 case REQUEST_SENSE:
1987 /* Just return "NO SENSE". */
1988 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1989 (req->cmd.buf[1] & 1) == 0);
1990 if (buflen < 0) {
1991 goto illegal_request;
1992 }
1993 break;
1994 case MECHANISM_STATUS:
1995 buflen = scsi_emulate_mechanism_status(s, outbuf);
1996 if (buflen < 0) {
1997 goto illegal_request;
1998 }
1999 break;
2000 case GET_CONFIGURATION:
2001 buflen = scsi_get_configuration(s, outbuf);
2002 if (buflen < 0) {
2003 goto illegal_request;
2004 }
2005 break;
2006 case GET_EVENT_STATUS_NOTIFICATION:
2007 buflen = scsi_get_event_status_notification(s, r, outbuf);
2008 if (buflen < 0) {
2009 goto illegal_request;
2010 }
2011 break;
2012 case READ_DISC_INFORMATION:
2013 buflen = scsi_read_disc_information(s, r, outbuf);
2014 if (buflen < 0) {
2015 goto illegal_request;
2016 }
2017 break;
2018 case READ_DVD_STRUCTURE:
2019 buflen = scsi_read_dvd_structure(s, r, outbuf);
2020 if (buflen < 0) {
2021 goto illegal_request;
2022 }
2023 break;
2024 case SERVICE_ACTION_IN_16:
2025 /* Service Action In subcommands. */
2026 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2027 DPRINTF("SAI READ CAPACITY(16)\n");
2028 memset(outbuf, 0, req->cmd.xfer);
2029 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2030 if (!nb_sectors) {
2031 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2032 return 0;
2033 }
2034 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2035 goto illegal_request;
2036 }
2037 nb_sectors /= s->qdev.blocksize / 512;
2038 /* Returned value is the address of the last sector. */
2039 nb_sectors--;
2040 /* Remember the new size for read/write sanity checking. */
2041 s->qdev.max_lba = nb_sectors;
2042 outbuf[0] = (nb_sectors >> 56) & 0xff;
2043 outbuf[1] = (nb_sectors >> 48) & 0xff;
2044 outbuf[2] = (nb_sectors >> 40) & 0xff;
2045 outbuf[3] = (nb_sectors >> 32) & 0xff;
2046 outbuf[4] = (nb_sectors >> 24) & 0xff;
2047 outbuf[5] = (nb_sectors >> 16) & 0xff;
2048 outbuf[6] = (nb_sectors >> 8) & 0xff;
2049 outbuf[7] = nb_sectors & 0xff;
2050 outbuf[8] = 0;
2051 outbuf[9] = 0;
2052 outbuf[10] = s->qdev.blocksize >> 8;
2053 outbuf[11] = 0;
2054 outbuf[12] = 0;
2055 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2056
2057 /* set TPE bit if the format supports discard */
2058 if (s->qdev.conf.discard_granularity) {
2059 outbuf[14] = 0x80;
2060 }
2061
2062 /* Protection, exponent and lowest lba field left blank. */
2063 break;
2064 }
2065 DPRINTF("Unsupported Service Action In\n");
2066 goto illegal_request;
2067 case SYNCHRONIZE_CACHE:
2068 /* The request is used as the AIO opaque value, so add a ref. */
2069 scsi_req_ref(&r->req);
2070 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2071 BLOCK_ACCT_FLUSH);
2072 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2073 return 0;
2074 case SEEK_10:
2075 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2076 if (r->req.cmd.lba > s->qdev.max_lba) {
2077 goto illegal_lba;
2078 }
2079 break;
2080 case MODE_SELECT:
2081 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2082 break;
2083 case MODE_SELECT_10:
2084 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2085 break;
2086 case UNMAP:
2087 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2088 break;
2089 case VERIFY_10:
2090 case VERIFY_12:
2091 case VERIFY_16:
2092 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2093 if (req->cmd.buf[1] & 6) {
2094 goto illegal_request;
2095 }
2096 break;
2097 case WRITE_SAME_10:
2098 case WRITE_SAME_16:
2099 DPRINTF("WRITE SAME %d (len %lu)\n",
2100 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2101 (long)r->req.cmd.xfer);
2102 break;
2103 default:
2104 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2105 scsi_command_name(buf[0]));
2106 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2107 return 0;
2108 }
2109 assert(!r->req.aiocb);
2110 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2111 if (r->iov.iov_len == 0) {
2112 scsi_req_complete(&r->req, GOOD);
2113 }
2114 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2115 assert(r->iov.iov_len == req->cmd.xfer);
2116 return -r->iov.iov_len;
2117 } else {
2118 return r->iov.iov_len;
2119 }
2120
2121 illegal_request:
2122 if (r->req.status == -1) {
2123 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2124 }
2125 return 0;
2126
2127 illegal_lba:
2128 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2129 return 0;
2130 }
2131
2132 /* Execute a scsi command. Returns the length of the data expected by the
2133 command. This will be Positive for data transfers from the device
2134 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2135 and zero if the command does not transfer any data. */
2136
2137 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2138 {
2139 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2141 uint32_t len;
2142 uint8_t command;
2143
2144 command = buf[0];
2145
2146 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
2147 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2148 return 0;
2149 }
2150
2151 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2152 switch (command) {
2153 case READ_6:
2154 case READ_10:
2155 case READ_12:
2156 case READ_16:
2157 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2158 if (r->req.cmd.buf[1] & 0xe0) {
2159 goto illegal_request;
2160 }
2161 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2162 goto illegal_lba;
2163 }
2164 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2165 r->sector_count = len * (s->qdev.blocksize / 512);
2166 break;
2167 case WRITE_6:
2168 case WRITE_10:
2169 case WRITE_12:
2170 case WRITE_16:
2171 case WRITE_VERIFY_10:
2172 case WRITE_VERIFY_12:
2173 case WRITE_VERIFY_16:
2174 if (blk_is_read_only(s->qdev.conf.blk)) {
2175 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2176 return 0;
2177 }
2178 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2179 (command & 0xe) == 0xe ? "And Verify " : "",
2180 r->req.cmd.lba, len);
2181 if (r->req.cmd.buf[1] & 0xe0) {
2182 goto illegal_request;
2183 }
2184 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2185 goto illegal_lba;
2186 }
2187 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2188 r->sector_count = len * (s->qdev.blocksize / 512);
2189 break;
2190 default:
2191 abort();
2192 illegal_request:
2193 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2194 return 0;
2195 illegal_lba:
2196 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2197 return 0;
2198 }
2199 if (r->sector_count == 0) {
2200 scsi_req_complete(&r->req, GOOD);
2201 }
2202 assert(r->iov.iov_len == 0);
2203 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2204 return -r->sector_count * 512;
2205 } else {
2206 return r->sector_count * 512;
2207 }
2208 }
2209
2210 static void scsi_disk_reset(DeviceState *dev)
2211 {
2212 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2213 uint64_t nb_sectors;
2214
2215 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2216
2217 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2218 nb_sectors /= s->qdev.blocksize / 512;
2219 if (nb_sectors) {
2220 nb_sectors--;
2221 }
2222 s->qdev.max_lba = nb_sectors;
2223 /* reset tray statuses */
2224 s->tray_locked = 0;
2225 s->tray_open = 0;
2226 }
2227
2228 static void scsi_disk_resize_cb(void *opaque)
2229 {
2230 SCSIDiskState *s = opaque;
2231
2232 /* SPC lists this sense code as available only for
2233 * direct-access devices.
2234 */
2235 if (s->qdev.type == TYPE_DISK) {
2236 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2237 }
2238 }
2239
2240 static void scsi_cd_change_media_cb(void *opaque, bool load)
2241 {
2242 SCSIDiskState *s = opaque;
2243
2244 /*
2245 * When a CD gets changed, we have to report an ejected state and
2246 * then a loaded state to guests so that they detect tray
2247 * open/close and media change events. Guests that do not use
2248 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2249 * states rely on this behavior.
2250 *
2251 * media_changed governs the state machine used for unit attention
2252 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2253 */
2254 s->media_changed = load;
2255 s->tray_open = !load;
2256 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2257 s->media_event = true;
2258 s->eject_request = false;
2259 }
2260
2261 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2262 {
2263 SCSIDiskState *s = opaque;
2264
2265 s->eject_request = true;
2266 if (force) {
2267 s->tray_locked = false;
2268 }
2269 }
2270
2271 static bool scsi_cd_is_tray_open(void *opaque)
2272 {
2273 return ((SCSIDiskState *)opaque)->tray_open;
2274 }
2275
2276 static bool scsi_cd_is_medium_locked(void *opaque)
2277 {
2278 return ((SCSIDiskState *)opaque)->tray_locked;
2279 }
2280
2281 static const BlockDevOps scsi_disk_removable_block_ops = {
2282 .change_media_cb = scsi_cd_change_media_cb,
2283 .eject_request_cb = scsi_cd_eject_request_cb,
2284 .is_tray_open = scsi_cd_is_tray_open,
2285 .is_medium_locked = scsi_cd_is_medium_locked,
2286
2287 .resize_cb = scsi_disk_resize_cb,
2288 };
2289
2290 static const BlockDevOps scsi_disk_block_ops = {
2291 .resize_cb = scsi_disk_resize_cb,
2292 };
2293
2294 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2295 {
2296 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2297 if (s->media_changed) {
2298 s->media_changed = false;
2299 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2300 }
2301 }
2302
2303 static void scsi_realize(SCSIDevice *dev, Error **errp)
2304 {
2305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2306 Error *err = NULL;
2307
2308 if (!s->qdev.conf.blk) {
2309 error_setg(errp, "drive property not set");
2310 return;
2311 }
2312
2313 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2314 !blk_is_inserted(s->qdev.conf.blk)) {
2315 error_setg(errp, "Device needs media, but drive is empty");
2316 return;
2317 }
2318
2319 blkconf_serial(&s->qdev.conf, &s->serial);
2320 blkconf_blocksizes(&s->qdev.conf);
2321 if (dev->type == TYPE_DISK) {
2322 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2323 if (err) {
2324 error_propagate(errp, err);
2325 return;
2326 }
2327 }
2328
2329 if (s->qdev.conf.discard_granularity == -1) {
2330 s->qdev.conf.discard_granularity =
2331 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2332 }
2333
2334 if (!s->version) {
2335 s->version = g_strdup(qemu_hw_version());
2336 }
2337 if (!s->vendor) {
2338 s->vendor = g_strdup("QEMU");
2339 }
2340
2341 if (blk_is_sg(s->qdev.conf.blk)) {
2342 error_setg(errp, "unwanted /dev/sg*");
2343 return;
2344 }
2345
2346 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2347 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2349 } else {
2350 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2351 }
2352 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2353
2354 blk_iostatus_enable(s->qdev.conf.blk);
2355 }
2356
2357 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2358 {
2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2360 /* can happen for devices without drive. The error message for missing
2361 * backend will be issued in scsi_realize
2362 */
2363 if (s->qdev.conf.blk) {
2364 blkconf_blocksizes(&s->qdev.conf);
2365 }
2366 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2367 s->qdev.type = TYPE_DISK;
2368 if (!s->product) {
2369 s->product = g_strdup("QEMU HARDDISK");
2370 }
2371 scsi_realize(&s->qdev, errp);
2372 }
2373
2374 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2375 {
2376 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2377 s->qdev.blocksize = 2048;
2378 s->qdev.type = TYPE_ROM;
2379 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2380 if (!s->product) {
2381 s->product = g_strdup("QEMU CD-ROM");
2382 }
2383 scsi_realize(&s->qdev, errp);
2384 }
2385
2386 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2387 {
2388 DriveInfo *dinfo;
2389 Error *local_err = NULL;
2390
2391 if (!dev->conf.blk) {
2392 scsi_realize(dev, &local_err);
2393 assert(local_err);
2394 error_propagate(errp, local_err);
2395 return;
2396 }
2397
2398 dinfo = blk_legacy_dinfo(dev->conf.blk);
2399 if (dinfo && dinfo->media_cd) {
2400 scsi_cd_realize(dev, errp);
2401 } else {
2402 scsi_hd_realize(dev, errp);
2403 }
2404 }
2405
2406 static const SCSIReqOps scsi_disk_emulate_reqops = {
2407 .size = sizeof(SCSIDiskReq),
2408 .free_req = scsi_free_request,
2409 .send_command = scsi_disk_emulate_command,
2410 .read_data = scsi_disk_emulate_read_data,
2411 .write_data = scsi_disk_emulate_write_data,
2412 .get_buf = scsi_get_buf,
2413 };
2414
2415 static const SCSIReqOps scsi_disk_dma_reqops = {
2416 .size = sizeof(SCSIDiskReq),
2417 .free_req = scsi_free_request,
2418 .send_command = scsi_disk_dma_command,
2419 .read_data = scsi_read_data,
2420 .write_data = scsi_write_data,
2421 .get_buf = scsi_get_buf,
2422 .load_request = scsi_disk_load_request,
2423 .save_request = scsi_disk_save_request,
2424 };
2425
2426 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2427 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2428 [INQUIRY] = &scsi_disk_emulate_reqops,
2429 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2430 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2431 [START_STOP] = &scsi_disk_emulate_reqops,
2432 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2433 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2434 [READ_TOC] = &scsi_disk_emulate_reqops,
2435 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2436 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2437 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2438 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2439 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2440 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2441 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2442 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2443 [SEEK_10] = &scsi_disk_emulate_reqops,
2444 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2445 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2446 [UNMAP] = &scsi_disk_emulate_reqops,
2447 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2448 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2449 [VERIFY_10] = &scsi_disk_emulate_reqops,
2450 [VERIFY_12] = &scsi_disk_emulate_reqops,
2451 [VERIFY_16] = &scsi_disk_emulate_reqops,
2452
2453 [READ_6] = &scsi_disk_dma_reqops,
2454 [READ_10] = &scsi_disk_dma_reqops,
2455 [READ_12] = &scsi_disk_dma_reqops,
2456 [READ_16] = &scsi_disk_dma_reqops,
2457 [WRITE_6] = &scsi_disk_dma_reqops,
2458 [WRITE_10] = &scsi_disk_dma_reqops,
2459 [WRITE_12] = &scsi_disk_dma_reqops,
2460 [WRITE_16] = &scsi_disk_dma_reqops,
2461 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2462 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2463 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2464 };
2465
2466 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2467 uint8_t *buf, void *hba_private)
2468 {
2469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2470 SCSIRequest *req;
2471 const SCSIReqOps *ops;
2472 uint8_t command;
2473
2474 command = buf[0];
2475 ops = scsi_disk_reqops_dispatch[command];
2476 if (!ops) {
2477 ops = &scsi_disk_emulate_reqops;
2478 }
2479 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2480
2481 #ifdef DEBUG_SCSI
2482 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2483 {
2484 int i;
2485 for (i = 1; i < scsi_cdb_length(buf); i++) {
2486 printf(" 0x%02x", buf[i]);
2487 }
2488 printf("\n");
2489 }
2490 #endif
2491
2492 return req;
2493 }
2494
2495 #ifdef __linux__
2496 static int get_device_type(SCSIDiskState *s)
2497 {
2498 uint8_t cmd[16];
2499 uint8_t buf[36];
2500 uint8_t sensebuf[8];
2501 sg_io_hdr_t io_header;
2502 int ret;
2503
2504 memset(cmd, 0, sizeof(cmd));
2505 memset(buf, 0, sizeof(buf));
2506 cmd[0] = INQUIRY;
2507 cmd[4] = sizeof(buf);
2508
2509 memset(&io_header, 0, sizeof(io_header));
2510 io_header.interface_id = 'S';
2511 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2512 io_header.dxfer_len = sizeof(buf);
2513 io_header.dxferp = buf;
2514 io_header.cmdp = cmd;
2515 io_header.cmd_len = sizeof(cmd);
2516 io_header.mx_sb_len = sizeof(sensebuf);
2517 io_header.sbp = sensebuf;
2518 io_header.timeout = 6000; /* XXX */
2519
2520 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2521 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2522 return -1;
2523 }
2524 s->qdev.type = buf[0];
2525 if (buf[1] & 0x80) {
2526 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2527 }
2528 return 0;
2529 }
2530
2531 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2532 {
2533 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2534 int sg_version;
2535 int rc;
2536
2537 if (!s->qdev.conf.blk) {
2538 error_setg(errp, "drive property not set");
2539 return;
2540 }
2541
2542 /* check we are using a driver managing SG_IO (version 3 and after) */
2543 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2544 if (rc < 0) {
2545 error_setg(errp, "cannot get SG_IO version number: %s. "
2546 "Is this a SCSI device?",
2547 strerror(-rc));
2548 return;
2549 }
2550 if (sg_version < 30000) {
2551 error_setg(errp, "scsi generic interface too old");
2552 return;
2553 }
2554
2555 /* get device type from INQUIRY data */
2556 rc = get_device_type(s);
2557 if (rc < 0) {
2558 error_setg(errp, "INQUIRY failed");
2559 return;
2560 }
2561
2562 /* Make a guess for the block size, we'll fix it when the guest sends.
2563 * READ CAPACITY. If they don't, they likely would assume these sizes
2564 * anyway. (TODO: check in /sys).
2565 */
2566 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2567 s->qdev.blocksize = 2048;
2568 } else {
2569 s->qdev.blocksize = 512;
2570 }
2571
2572 /* Makes the scsi-block device not removable by using HMP and QMP eject
2573 * command.
2574 */
2575 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2576
2577 scsi_realize(&s->qdev, errp);
2578 scsi_generic_read_device_identification(&s->qdev);
2579 }
2580
2581 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2582 {
2583 switch (buf[0]) {
2584 case READ_6:
2585 case READ_10:
2586 case READ_12:
2587 case READ_16:
2588 case VERIFY_10:
2589 case VERIFY_12:
2590 case VERIFY_16:
2591 case WRITE_6:
2592 case WRITE_10:
2593 case WRITE_12:
2594 case WRITE_16:
2595 case WRITE_VERIFY_10:
2596 case WRITE_VERIFY_12:
2597 case WRITE_VERIFY_16:
2598 /* If we are not using O_DIRECT, we might read stale data from the
2599 * host cache if writes were made using other commands than these
2600 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2601 * O_DIRECT everything must go through SG_IO.
2602 */
2603 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) {
2604 break;
2605 }
2606
2607 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2608 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2609 * And once you do these writes, reading from the block device is
2610 * unreliable, too. It is even possible that reads deliver random data
2611 * from the host page cache (this is probably a Linux bug).
2612 *
2613 * We might use scsi_disk_dma_reqops as long as no writing commands are
2614 * seen, but performance usually isn't paramount on optical media. So,
2615 * just make scsi-block operate the same as scsi-generic for them.
2616 */
2617 if (s->qdev.type != TYPE_ROM) {
2618 return false;
2619 }
2620 break;
2621
2622 default:
2623 break;
2624 }
2625
2626 return true;
2627 }
2628
2629
2630 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2631 uint32_t lun, uint8_t *buf,
2632 void *hba_private)
2633 {
2634 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2635
2636 if (scsi_block_is_passthrough(s, buf)) {
2637 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2638 hba_private);
2639 } else {
2640 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2641 hba_private);
2642 }
2643 }
2644
2645 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2646 uint8_t *buf, void *hba_private)
2647 {
2648 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2649
2650 if (scsi_block_is_passthrough(s, buf)) {
2651 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2652 } else {
2653 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2654 }
2655 }
2656
2657 #endif
2658
2659 #define DEFINE_SCSI_DISK_PROPERTIES() \
2660 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2661 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2662 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2663 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2664 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2665
2666 static Property scsi_hd_properties[] = {
2667 DEFINE_SCSI_DISK_PROPERTIES(),
2668 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2669 SCSI_DISK_F_REMOVABLE, false),
2670 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2671 SCSI_DISK_F_DPOFUA, false),
2672 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2673 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2674 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2675 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2676 DEFAULT_MAX_UNMAP_SIZE),
2677 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2678 DEFAULT_MAX_IO_SIZE),
2679 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2680 DEFINE_PROP_END_OF_LIST(),
2681 };
2682
2683 static const VMStateDescription vmstate_scsi_disk_state = {
2684 .name = "scsi-disk",
2685 .version_id = 1,
2686 .minimum_version_id = 1,
2687 .fields = (VMStateField[]) {
2688 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2689 VMSTATE_BOOL(media_changed, SCSIDiskState),
2690 VMSTATE_BOOL(media_event, SCSIDiskState),
2691 VMSTATE_BOOL(eject_request, SCSIDiskState),
2692 VMSTATE_BOOL(tray_open, SCSIDiskState),
2693 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2694 VMSTATE_END_OF_LIST()
2695 }
2696 };
2697
2698 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2699 {
2700 DeviceClass *dc = DEVICE_CLASS(klass);
2701 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2702
2703 sc->realize = scsi_hd_realize;
2704 sc->alloc_req = scsi_new_request;
2705 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2706 dc->fw_name = "disk";
2707 dc->desc = "virtual SCSI disk";
2708 dc->reset = scsi_disk_reset;
2709 dc->props = scsi_hd_properties;
2710 dc->vmsd = &vmstate_scsi_disk_state;
2711 }
2712
2713 static const TypeInfo scsi_hd_info = {
2714 .name = "scsi-hd",
2715 .parent = TYPE_SCSI_DEVICE,
2716 .instance_size = sizeof(SCSIDiskState),
2717 .class_init = scsi_hd_class_initfn,
2718 };
2719
2720 static Property scsi_cd_properties[] = {
2721 DEFINE_SCSI_DISK_PROPERTIES(),
2722 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2723 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2724 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2725 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2726 DEFAULT_MAX_IO_SIZE),
2727 DEFINE_PROP_END_OF_LIST(),
2728 };
2729
2730 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2731 {
2732 DeviceClass *dc = DEVICE_CLASS(klass);
2733 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2734
2735 sc->realize = scsi_cd_realize;
2736 sc->alloc_req = scsi_new_request;
2737 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2738 dc->fw_name = "disk";
2739 dc->desc = "virtual SCSI CD-ROM";
2740 dc->reset = scsi_disk_reset;
2741 dc->props = scsi_cd_properties;
2742 dc->vmsd = &vmstate_scsi_disk_state;
2743 }
2744
2745 static const TypeInfo scsi_cd_info = {
2746 .name = "scsi-cd",
2747 .parent = TYPE_SCSI_DEVICE,
2748 .instance_size = sizeof(SCSIDiskState),
2749 .class_init = scsi_cd_class_initfn,
2750 };
2751
2752 #ifdef __linux__
2753 static Property scsi_block_properties[] = {
2754 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2755 DEFINE_PROP_END_OF_LIST(),
2756 };
2757
2758 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2759 {
2760 DeviceClass *dc = DEVICE_CLASS(klass);
2761 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2762
2763 sc->realize = scsi_block_realize;
2764 sc->alloc_req = scsi_block_new_request;
2765 sc->parse_cdb = scsi_block_parse_cdb;
2766 dc->fw_name = "disk";
2767 dc->desc = "SCSI block device passthrough";
2768 dc->reset = scsi_disk_reset;
2769 dc->props = scsi_block_properties;
2770 dc->vmsd = &vmstate_scsi_disk_state;
2771 }
2772
2773 static const TypeInfo scsi_block_info = {
2774 .name = "scsi-block",
2775 .parent = TYPE_SCSI_DEVICE,
2776 .instance_size = sizeof(SCSIDiskState),
2777 .class_init = scsi_block_class_initfn,
2778 };
2779 #endif
2780
2781 static Property scsi_disk_properties[] = {
2782 DEFINE_SCSI_DISK_PROPERTIES(),
2783 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2784 SCSI_DISK_F_REMOVABLE, false),
2785 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2786 SCSI_DISK_F_DPOFUA, false),
2787 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2788 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2789 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2790 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2791 DEFAULT_MAX_UNMAP_SIZE),
2792 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2793 DEFAULT_MAX_IO_SIZE),
2794 DEFINE_PROP_END_OF_LIST(),
2795 };
2796
2797 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2798 {
2799 DeviceClass *dc = DEVICE_CLASS(klass);
2800 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2801
2802 sc->realize = scsi_disk_realize;
2803 sc->alloc_req = scsi_new_request;
2804 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2805 dc->fw_name = "disk";
2806 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2807 dc->reset = scsi_disk_reset;
2808 dc->props = scsi_disk_properties;
2809 dc->vmsd = &vmstate_scsi_disk_state;
2810 }
2811
2812 static const TypeInfo scsi_disk_info = {
2813 .name = "scsi-disk",
2814 .parent = TYPE_SCSI_DEVICE,
2815 .instance_size = sizeof(SCSIDiskState),
2816 .class_init = scsi_disk_class_initfn,
2817 };
2818
2819 static void scsi_disk_register_types(void)
2820 {
2821 type_register_static(&scsi_hd_info);
2822 type_register_static(&scsi_cd_info);
2823 #ifdef __linux__
2824 type_register_static(&scsi_block_info);
2825 #endif
2826 type_register_static(&scsi_disk_info);
2827 }
2828
2829 type_init(scsi_disk_register_types)
Mirror of https://git.qemu.org/git/qemu.git