]> git.ipfire.org Git - thirdparty/qemu.git/blob - hw/scsi/scsi-disk.c
projects / thirdparty / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20160915.0' into staging
[thirdparty/qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58 #define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60 #define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65 typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
69 bool (*need_fua_emulation)(SCSICommand *cmd);
70 } SCSIDiskClass;
71
72 typedef struct SCSIDiskReq {
73 SCSIRequest req;
74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
75 uint64_t sector;
76 uint32_t sector_count;
77 uint32_t buflen;
78 bool started;
79 bool need_fua_emulation;
80 struct iovec iov;
81 QEMUIOVector qiov;
82 BlockAcctCookie acct;
83 unsigned char *status;
84 } SCSIDiskReq;
85
86 #define SCSI_DISK_F_REMOVABLE 0
87 #define SCSI_DISK_F_DPOFUA 1
88 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
89
90 typedef struct SCSIDiskState
91 {
92 SCSIDevice qdev;
93 uint32_t features;
94 bool media_changed;
95 bool media_event;
96 bool eject_request;
97 uint16_t port_index;
98 uint64_t max_unmap_size;
99 uint64_t max_io_size;
100 QEMUBH *bh;
101 char *version;
102 char *serial;
103 char *vendor;
104 char *product;
105 bool tray_open;
106 bool tray_locked;
107 } SCSIDiskState;
108
109 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
110
111 static void scsi_free_request(SCSIRequest *req)
112 {
113 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
114
115 qemu_vfree(r->iov.iov_base);
116 }
117
118 /* Helper function for command completion with sense. */
119 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
120 {
121 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
122 r->req.tag, sense.key, sense.asc, sense.ascq);
123 scsi_req_build_sense(&r->req, sense);
124 scsi_req_complete(&r->req, CHECK_CONDITION);
125 }
126
127 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
128 {
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130
131 if (!r->iov.iov_base) {
132 r->buflen = size;
133 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
134 }
135 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
136 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
137 }
138
139 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
140 {
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_put_be64s(f, &r->sector);
144 qemu_put_be32s(f, &r->sector_count);
145 qemu_put_be32s(f, &r->buflen);
146 if (r->buflen) {
147 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
148 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
149 } else if (!req->retry) {
150 uint32_t len = r->iov.iov_len;
151 qemu_put_be32s(f, &len);
152 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 }
154 }
155 }
156
157 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
158 {
159 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
160
161 qemu_get_be64s(f, &r->sector);
162 qemu_get_be32s(f, &r->sector_count);
163 qemu_get_be32s(f, &r->buflen);
164 if (r->buflen) {
165 scsi_init_iovec(r, r->buflen);
166 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
168 } else if (!r->req.retry) {
169 uint32_t len;
170 qemu_get_be32s(f, &len);
171 r->iov.iov_len = len;
172 assert(r->iov.iov_len <= r->buflen);
173 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
174 }
175 }
176
177 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
178 }
179
180 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
181 {
182 if (r->req.io_canceled) {
183 scsi_req_cancel_complete(&r->req);
184 return true;
185 }
186
187 if (ret < 0) {
188 return scsi_handle_rw_error(r, -ret, acct_failed);
189 }
190
191 if (r->status && *r->status) {
192 if (acct_failed) {
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
195 }
196 scsi_req_complete(&r->req, *r->status);
197 return true;
198 }
199
200 return false;
201 }
202
203 static void scsi_aio_complete(void *opaque, int ret)
204 {
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
210 if (scsi_disk_req_check_error(r, ret, true)) {
211 goto done;
212 }
213
214 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
215 scsi_req_complete(&r->req, GOOD);
216
217 done:
218 scsi_req_unref(&r->req);
219 }
220
221 static bool scsi_is_cmd_fua(SCSICommand *cmd)
222 {
223 switch (cmd->buf[0]) {
224 case READ_10:
225 case READ_12:
226 case READ_16:
227 case WRITE_10:
228 case WRITE_12:
229 case WRITE_16:
230 return (cmd->buf[1] & 8) != 0;
231
232 case VERIFY_10:
233 case VERIFY_12:
234 case VERIFY_16:
235 case WRITE_VERIFY_10:
236 case WRITE_VERIFY_12:
237 case WRITE_VERIFY_16:
238 return true;
239
240 case READ_6:
241 case WRITE_6:
242 default:
243 return false;
244 }
245 }
246
247 static void scsi_write_do_fua(SCSIDiskReq *r)
248 {
249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250
251 assert(r->req.aiocb == NULL);
252 assert(!r->req.io_canceled);
253
254 if (r->need_fua_emulation) {
255 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
256 BLOCK_ACCT_FLUSH);
257 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
258 return;
259 }
260
261 scsi_req_complete(&r->req, GOOD);
262 scsi_req_unref(&r->req);
263 }
264
265 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
266 {
267 assert(r->req.aiocb == NULL);
268 if (scsi_disk_req_check_error(r, ret, false)) {
269 goto done;
270 }
271
272 r->sector += r->sector_count;
273 r->sector_count = 0;
274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
280
281 done:
282 scsi_req_unref(&r->req);
283 }
284
285 static void scsi_dma_complete(void *opaque, int ret)
286 {
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
289
290 assert(r->req.aiocb != NULL);
291 r->req.aiocb = NULL;
292
293 if (ret < 0) {
294 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
295 } else {
296 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
297 }
298 scsi_dma_complete_noio(r, ret);
299 }
300
301 static void scsi_read_complete(void * opaque, int ret)
302 {
303 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
305 int n;
306
307 assert(r->req.aiocb != NULL);
308 r->req.aiocb = NULL;
309 if (scsi_disk_req_check_error(r, ret, true)) {
310 goto done;
311 }
312
313 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
320
321 done:
322 scsi_req_unref(&r->req);
323 }
324
325 /* Actually issue a read to the block device. */
326 static void scsi_do_read(SCSIDiskReq *r, int ret)
327 {
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
329 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
330
331 assert (r->req.aiocb == NULL);
332 if (scsi_disk_req_check_error(r, ret, false)) {
333 goto done;
334 }
335
336 /* The request is used as the AIO opaque value, so add a ref. */
337 scsi_req_ref(&r->req);
338
339 if (r->req.sg) {
340 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
341 r->req.resid -= r->req.sg->size;
342 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
343 r->req.sg, r->sector << BDRV_SECTOR_BITS,
344 sdc->dma_readv, r, scsi_dma_complete, r,
345 DMA_DIRECTION_FROM_DEVICE);
346 } else {
347 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
348 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
349 r->qiov.size, BLOCK_ACCT_READ);
350 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
351 scsi_read_complete, r, r);
352 }
353
354 done:
355 scsi_req_unref(&r->req);
356 }
357
358 static void scsi_do_read_cb(void *opaque, int ret)
359 {
360 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
362
363 assert (r->req.aiocb != NULL);
364 r->req.aiocb = NULL;
365
366 if (ret < 0) {
367 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 } else {
369 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
370 }
371 scsi_do_read(opaque, ret);
372 }
373
374 /* Read more data from scsi device into buffer. */
375 static void scsi_read_data(SCSIRequest *req)
376 {
377 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
378 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
379 bool first;
380
381 DPRINTF("Read sector_count=%d\n", r->sector_count);
382 if (r->sector_count == 0) {
383 /* This also clears the sense buffer for REQUEST SENSE. */
384 scsi_req_complete(&r->req, GOOD);
385 return;
386 }
387
388 /* No data transfer may already be in progress */
389 assert(r->req.aiocb == NULL);
390
391 /* The request is used as the AIO opaque value, so add a ref. */
392 scsi_req_ref(&r->req);
393 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
394 DPRINTF("Data transfer direction invalid\n");
395 scsi_read_complete(r, -EINVAL);
396 return;
397 }
398
399 if (!blk_is_available(req->dev->conf.blk)) {
400 scsi_read_complete(r, -ENOMEDIUM);
401 return;
402 }
403
404 first = !r->started;
405 r->started = true;
406 if (first && r->need_fua_emulation) {
407 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
408 BLOCK_ACCT_FLUSH);
409 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
410 } else {
411 scsi_do_read(r, 0);
412 }
413 }
414
415 /*
416 * scsi_handle_rw_error has two return values. 0 means that the error
417 * must be ignored, 1 means that the error has been processed and the
418 * caller should not do anything else for this request. Note that
419 * scsi_handle_rw_error always manages its reference counts, independent
420 * of the return value.
421 */
422 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
423 {
424 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
425 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
426 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
427 is_read, error);
428
429 if (action == BLOCK_ERROR_ACTION_REPORT) {
430 if (acct_failed) {
431 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
432 }
433 switch (error) {
434 case ENOMEDIUM:
435 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
436 break;
437 case ENOMEM:
438 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
439 break;
440 case EINVAL:
441 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
442 break;
443 case ENOSPC:
444 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
445 break;
446 default:
447 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
448 break;
449 }
450 }
451 blk_error_action(s->qdev.conf.blk, action, is_read, error);
452 if (action == BLOCK_ERROR_ACTION_STOP) {
453 scsi_req_retry(&r->req);
454 }
455 return action != BLOCK_ERROR_ACTION_IGNORE;
456 }
457
458 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
459 {
460 uint32_t n;
461
462 assert (r->req.aiocb == NULL);
463 if (scsi_disk_req_check_error(r, ret, false)) {
464 goto done;
465 }
466
467 n = r->qiov.size / 512;
468 r->sector += n;
469 r->sector_count -= n;
470 if (r->sector_count == 0) {
471 scsi_write_do_fua(r);
472 return;
473 } else {
474 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
475 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
476 scsi_req_data(&r->req, r->qiov.size);
477 }
478
479 done:
480 scsi_req_unref(&r->req);
481 }
482
483 static void scsi_write_complete(void * opaque, int ret)
484 {
485 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
486 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
487
488 assert (r->req.aiocb != NULL);
489 r->req.aiocb = NULL;
490
491 if (ret < 0) {
492 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
493 } else {
494 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
495 }
496 scsi_write_complete_noio(r, ret);
497 }
498
499 static void scsi_write_data(SCSIRequest *req)
500 {
501 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
502 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
503 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
504
505 /* No data transfer may already be in progress */
506 assert(r->req.aiocb == NULL);
507
508 /* The request is used as the AIO opaque value, so add a ref. */
509 scsi_req_ref(&r->req);
510 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
511 DPRINTF("Data transfer direction invalid\n");
512 scsi_write_complete_noio(r, -EINVAL);
513 return;
514 }
515
516 if (!r->req.sg && !r->qiov.size) {
517 /* Called for the first time. Ask the driver to send us more data. */
518 r->started = true;
519 scsi_write_complete_noio(r, 0);
520 return;
521 }
522 if (!blk_is_available(req->dev->conf.blk)) {
523 scsi_write_complete_noio(r, -ENOMEDIUM);
524 return;
525 }
526
527 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
528 r->req.cmd.buf[0] == VERIFY_16) {
529 if (r->req.sg) {
530 scsi_dma_complete_noio(r, 0);
531 } else {
532 scsi_write_complete_noio(r, 0);
533 }
534 return;
535 }
536
537 if (r->req.sg) {
538 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
539 r->req.resid -= r->req.sg->size;
540 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
541 r->req.sg, r->sector << BDRV_SECTOR_BITS,
542 sdc->dma_writev, r, scsi_dma_complete, r,
543 DMA_DIRECTION_TO_DEVICE);
544 } else {
545 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
546 r->qiov.size, BLOCK_ACCT_WRITE);
547 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
548 scsi_write_complete, r, r);
549 }
550 }
551
552 /* Return a pointer to the data buffer. */
553 static uint8_t *scsi_get_buf(SCSIRequest *req)
554 {
555 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
556
557 return (uint8_t *)r->iov.iov_base;
558 }
559
560 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
561 {
562 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
563 int buflen = 0;
564 int start;
565
566 if (req->cmd.buf[1] & 0x1) {
567 /* Vital product data */
568 uint8_t page_code = req->cmd.buf[2];
569
570 outbuf[buflen++] = s->qdev.type & 0x1f;
571 outbuf[buflen++] = page_code ; // this page
572 outbuf[buflen++] = 0x00;
573 outbuf[buflen++] = 0x00;
574 start = buflen;
575
576 switch (page_code) {
577 case 0x00: /* Supported page codes, mandatory */
578 {
579 DPRINTF("Inquiry EVPD[Supported pages] "
580 "buffer size %zd\n", req->cmd.xfer);
581 outbuf[buflen++] = 0x00; // list of supported pages (this page)
582 if (s->serial) {
583 outbuf[buflen++] = 0x80; // unit serial number
584 }
585 outbuf[buflen++] = 0x83; // device identification
586 if (s->qdev.type == TYPE_DISK) {
587 outbuf[buflen++] = 0xb0; // block limits
588 outbuf[buflen++] = 0xb2; // thin provisioning
589 }
590 break;
591 }
592 case 0x80: /* Device serial number, optional */
593 {
594 int l;
595
596 if (!s->serial) {
597 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
598 return -1;
599 }
600
601 l = strlen(s->serial);
602 if (l > 36) {
603 l = 36;
604 }
605
606 DPRINTF("Inquiry EVPD[Serial number] "
607 "buffer size %zd\n", req->cmd.xfer);
608 memcpy(outbuf+buflen, s->serial, l);
609 buflen += l;
610 break;
611 }
612
613 case 0x83: /* Device identification page, mandatory */
614 {
615 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
616 int max_len = s->serial ? 20 : 255 - 8;
617 int id_len = strlen(str);
618
619 if (id_len > max_len) {
620 id_len = max_len;
621 }
622 DPRINTF("Inquiry EVPD[Device identification] "
623 "buffer size %zd\n", req->cmd.xfer);
624
625 outbuf[buflen++] = 0x2; // ASCII
626 outbuf[buflen++] = 0; // not officially assigned
627 outbuf[buflen++] = 0; // reserved
628 outbuf[buflen++] = id_len; // length of data following
629 memcpy(outbuf+buflen, str, id_len);
630 buflen += id_len;
631
632 if (s->qdev.wwn) {
633 outbuf[buflen++] = 0x1; // Binary
634 outbuf[buflen++] = 0x3; // NAA
635 outbuf[buflen++] = 0; // reserved
636 outbuf[buflen++] = 8;
637 stq_be_p(&outbuf[buflen], s->qdev.wwn);
638 buflen += 8;
639 }
640
641 if (s->qdev.port_wwn) {
642 outbuf[buflen++] = 0x61; // SAS / Binary
643 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
644 outbuf[buflen++] = 0; // reserved
645 outbuf[buflen++] = 8;
646 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
647 buflen += 8;
648 }
649
650 if (s->port_index) {
651 outbuf[buflen++] = 0x61; // SAS / Binary
652 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
653 outbuf[buflen++] = 0; // reserved
654 outbuf[buflen++] = 4;
655 stw_be_p(&outbuf[buflen + 2], s->port_index);
656 buflen += 4;
657 }
658 break;
659 }
660 case 0xb0: /* block limits */
661 {
662 unsigned int unmap_sectors =
663 s->qdev.conf.discard_granularity / s->qdev.blocksize;
664 unsigned int min_io_size =
665 s->qdev.conf.min_io_size / s->qdev.blocksize;
666 unsigned int opt_io_size =
667 s->qdev.conf.opt_io_size / s->qdev.blocksize;
668 unsigned int max_unmap_sectors =
669 s->max_unmap_size / s->qdev.blocksize;
670 unsigned int max_io_sectors =
671 s->max_io_size / s->qdev.blocksize;
672
673 if (s->qdev.type == TYPE_ROM) {
674 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
675 page_code);
676 return -1;
677 }
678 /* required VPD size with unmap support */
679 buflen = 0x40;
680 memset(outbuf + 4, 0, buflen - 4);
681
682 outbuf[4] = 0x1; /* wsnz */
683
684 /* optimal transfer length granularity */
685 outbuf[6] = (min_io_size >> 8) & 0xff;
686 outbuf[7] = min_io_size & 0xff;
687
688 /* maximum transfer length */
689 outbuf[8] = (max_io_sectors >> 24) & 0xff;
690 outbuf[9] = (max_io_sectors >> 16) & 0xff;
691 outbuf[10] = (max_io_sectors >> 8) & 0xff;
692 outbuf[11] = max_io_sectors & 0xff;
693
694 /* optimal transfer length */
695 outbuf[12] = (opt_io_size >> 24) & 0xff;
696 outbuf[13] = (opt_io_size >> 16) & 0xff;
697 outbuf[14] = (opt_io_size >> 8) & 0xff;
698 outbuf[15] = opt_io_size & 0xff;
699
700 /* max unmap LBA count, default is 1GB */
701 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
702 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
703 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
704 outbuf[23] = max_unmap_sectors & 0xff;
705
706 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
707 outbuf[24] = 0;
708 outbuf[25] = 0;
709 outbuf[26] = 0;
710 outbuf[27] = 255;
711
712 /* optimal unmap granularity */
713 outbuf[28] = (unmap_sectors >> 24) & 0xff;
714 outbuf[29] = (unmap_sectors >> 16) & 0xff;
715 outbuf[30] = (unmap_sectors >> 8) & 0xff;
716 outbuf[31] = unmap_sectors & 0xff;
717
718 /* max write same size */
719 outbuf[36] = 0;
720 outbuf[37] = 0;
721 outbuf[38] = 0;
722 outbuf[39] = 0;
723
724 outbuf[40] = (max_io_sectors >> 24) & 0xff;
725 outbuf[41] = (max_io_sectors >> 16) & 0xff;
726 outbuf[42] = (max_io_sectors >> 8) & 0xff;
727 outbuf[43] = max_io_sectors & 0xff;
728 break;
729 }
730 case 0xb2: /* thin provisioning */
731 {
732 buflen = 8;
733 outbuf[4] = 0;
734 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
735 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
736 outbuf[7] = 0;
737 break;
738 }
739 default:
740 return -1;
741 }
742 /* done with EVPD */
743 assert(buflen - start <= 255);
744 outbuf[start - 1] = buflen - start;
745 return buflen;
746 }
747
748 /* Standard INQUIRY data */
749 if (req->cmd.buf[2] != 0) {
750 return -1;
751 }
752
753 /* PAGE CODE == 0 */
754 buflen = req->cmd.xfer;
755 if (buflen > SCSI_MAX_INQUIRY_LEN) {
756 buflen = SCSI_MAX_INQUIRY_LEN;
757 }
758
759 outbuf[0] = s->qdev.type & 0x1f;
760 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
761
762 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
763 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
764
765 memset(&outbuf[32], 0, 4);
766 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
767 /*
768 * We claim conformance to SPC-3, which is required for guests
769 * to ask for modern features like READ CAPACITY(16) or the
770 * block characteristics VPD page by default. Not all of SPC-3
771 * is actually implemented, but we're good enough.
772 */
773 outbuf[2] = 5;
774 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
775
776 if (buflen > 36) {
777 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
778 } else {
779 /* If the allocation length of CDB is too small,
780 the additional length is not adjusted */
781 outbuf[4] = 36 - 5;
782 }
783
784 /* Sync data transfer and TCQ. */
785 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
786 return buflen;
787 }
788
789 static inline bool media_is_dvd(SCSIDiskState *s)
790 {
791 uint64_t nb_sectors;
792 if (s->qdev.type != TYPE_ROM) {
793 return false;
794 }
795 if (!blk_is_available(s->qdev.conf.blk)) {
796 return false;
797 }
798 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
799 return nb_sectors > CD_MAX_SECTORS;
800 }
801
802 static inline bool media_is_cd(SCSIDiskState *s)
803 {
804 uint64_t nb_sectors;
805 if (s->qdev.type != TYPE_ROM) {
806 return false;
807 }
808 if (!blk_is_available(s->qdev.conf.blk)) {
809 return false;
810 }
811 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
812 return nb_sectors <= CD_MAX_SECTORS;
813 }
814
815 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
816 uint8_t *outbuf)
817 {
818 uint8_t type = r->req.cmd.buf[1] & 7;
819
820 if (s->qdev.type != TYPE_ROM) {
821 return -1;
822 }
823
824 /* Types 1/2 are only defined for Blu-Ray. */
825 if (type != 0) {
826 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
827 return -1;
828 }
829
830 memset(outbuf, 0, 34);
831 outbuf[1] = 32;
832 outbuf[2] = 0xe; /* last session complete, disc finalized */
833 outbuf[3] = 1; /* first track on disc */
834 outbuf[4] = 1; /* # of sessions */
835 outbuf[5] = 1; /* first track of last session */
836 outbuf[6] = 1; /* last track of last session */
837 outbuf[7] = 0x20; /* unrestricted use */
838 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
839 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
840 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
841 /* 24-31: disc bar code */
842 /* 32: disc application code */
843 /* 33: number of OPC tables */
844
845 return 34;
846 }
847
848 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
849 uint8_t *outbuf)
850 {
851 static const int rds_caps_size[5] = {
852 [0] = 2048 + 4,
853 [1] = 4 + 4,
854 [3] = 188 + 4,
855 [4] = 2048 + 4,
856 };
857
858 uint8_t media = r->req.cmd.buf[1];
859 uint8_t layer = r->req.cmd.buf[6];
860 uint8_t format = r->req.cmd.buf[7];
861 int size = -1;
862
863 if (s->qdev.type != TYPE_ROM) {
864 return -1;
865 }
866 if (media != 0) {
867 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
868 return -1;
869 }
870
871 if (format != 0xff) {
872 if (!blk_is_available(s->qdev.conf.blk)) {
873 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
874 return -1;
875 }
876 if (media_is_cd(s)) {
877 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
878 return -1;
879 }
880 if (format >= ARRAY_SIZE(rds_caps_size)) {
881 return -1;
882 }
883 size = rds_caps_size[format];
884 memset(outbuf, 0, size);
885 }
886
887 switch (format) {
888 case 0x00: {
889 /* Physical format information */
890 uint64_t nb_sectors;
891 if (layer != 0) {
892 goto fail;
893 }
894 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
895
896 outbuf[4] = 1; /* DVD-ROM, part version 1 */
897 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
898 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
899 outbuf[7] = 0; /* default densities */
900
901 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
902 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
903 break;
904 }
905
906 case 0x01: /* DVD copyright information, all zeros */
907 break;
908
909 case 0x03: /* BCA information - invalid field for no BCA info */
910 return -1;
911
912 case 0x04: /* DVD disc manufacturing information, all zeros */
913 break;
914
915 case 0xff: { /* List capabilities */
916 int i;
917 size = 4;
918 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
919 if (!rds_caps_size[i]) {
920 continue;
921 }
922 outbuf[size] = i;
923 outbuf[size + 1] = 0x40; /* Not writable, readable */
924 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
925 size += 4;
926 }
927 break;
928 }
929
930 default:
931 return -1;
932 }
933
934 /* Size of buffer, not including 2 byte size field */
935 stw_be_p(outbuf, size - 2);
936 return size;
937
938 fail:
939 return -1;
940 }
941
942 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
943 {
944 uint8_t event_code, media_status;
945
946 media_status = 0;
947 if (s->tray_open) {
948 media_status = MS_TRAY_OPEN;
949 } else if (blk_is_inserted(s->qdev.conf.blk)) {
950 media_status = MS_MEDIA_PRESENT;
951 }
952
953 /* Event notification descriptor */
954 event_code = MEC_NO_CHANGE;
955 if (media_status != MS_TRAY_OPEN) {
956 if (s->media_event) {
957 event_code = MEC_NEW_MEDIA;
958 s->media_event = false;
959 } else if (s->eject_request) {
960 event_code = MEC_EJECT_REQUESTED;
961 s->eject_request = false;
962 }
963 }
964
965 outbuf[0] = event_code;
966 outbuf[1] = media_status;
967
968 /* These fields are reserved, just clear them. */
969 outbuf[2] = 0;
970 outbuf[3] = 0;
971 return 4;
972 }
973
974 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
975 uint8_t *outbuf)
976 {
977 int size;
978 uint8_t *buf = r->req.cmd.buf;
979 uint8_t notification_class_request = buf[4];
980 if (s->qdev.type != TYPE_ROM) {
981 return -1;
982 }
983 if ((buf[1] & 1) == 0) {
984 /* asynchronous */
985 return -1;
986 }
987
988 size = 4;
989 outbuf[0] = outbuf[1] = 0;
990 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
991 if (notification_class_request & (1 << GESN_MEDIA)) {
992 outbuf[2] = GESN_MEDIA;
993 size += scsi_event_status_media(s, &outbuf[size]);
994 } else {
995 outbuf[2] = 0x80;
996 }
997 stw_be_p(outbuf, size - 4);
998 return size;
999 }
1000
1001 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1002 {
1003 int current;
1004
1005 if (s->qdev.type != TYPE_ROM) {
1006 return -1;
1007 }
1008
1009 if (media_is_dvd(s)) {
1010 current = MMC_PROFILE_DVD_ROM;
1011 } else if (media_is_cd(s)) {
1012 current = MMC_PROFILE_CD_ROM;
1013 } else {
1014 current = MMC_PROFILE_NONE;
1015 }
1016
1017 memset(outbuf, 0, 40);
1018 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1019 stw_be_p(&outbuf[6], current);
1020 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1021 outbuf[10] = 0x03; /* persistent, current */
1022 outbuf[11] = 8; /* two profiles */
1023 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1024 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1025 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1026 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1027 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1028 stw_be_p(&outbuf[20], 1);
1029 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1030 outbuf[23] = 8;
1031 stl_be_p(&outbuf[24], 1); /* SCSI */
1032 outbuf[28] = 1; /* DBE = 1, mandatory */
1033 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1034 stw_be_p(&outbuf[32], 3);
1035 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1036 outbuf[35] = 4;
1037 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1038 /* TODO: Random readable, CD read, DVD read, drive serial number,
1039 power management */
1040 return 40;
1041 }
1042
1043 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1044 {
1045 if (s->qdev.type != TYPE_ROM) {
1046 return -1;
1047 }
1048 memset(outbuf, 0, 8);
1049 outbuf[5] = 1; /* CD-ROM */
1050 return 8;
1051 }
1052
1053 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1054 int page_control)
1055 {
1056 static const int mode_sense_valid[0x3f] = {
1057 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1058 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1059 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1060 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1061 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1062 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1063 };
1064
1065 uint8_t *p = *p_outbuf + 2;
1066 int length;
1067
1068 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1069 return -1;
1070 }
1071
1072 /*
1073 * If Changeable Values are requested, a mask denoting those mode parameters
1074 * that are changeable shall be returned. As we currently don't support
1075 * parameter changes via MODE_SELECT all bits are returned set to zero.
1076 * The buffer was already menset to zero by the caller of this function.
1077 *
1078 * The offsets here are off by two compared to the descriptions in the
1079 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1080 * but it is done so that offsets are consistent within our implementation
1081 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1082 * 2-byte and 4-byte headers.
1083 */
1084 switch (page) {
1085 case MODE_PAGE_HD_GEOMETRY:
1086 length = 0x16;
1087 if (page_control == 1) { /* Changeable Values */
1088 break;
1089 }
1090 /* if a geometry hint is available, use it */
1091 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1092 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1093 p[2] = s->qdev.conf.cyls & 0xff;
1094 p[3] = s->qdev.conf.heads & 0xff;
1095 /* Write precomp start cylinder, disabled */
1096 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1097 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1098 p[6] = s->qdev.conf.cyls & 0xff;
1099 /* Reduced current start cylinder, disabled */
1100 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1101 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1102 p[9] = s->qdev.conf.cyls & 0xff;
1103 /* Device step rate [ns], 200ns */
1104 p[10] = 0;
1105 p[11] = 200;
1106 /* Landing zone cylinder */
1107 p[12] = 0xff;
1108 p[13] = 0xff;
1109 p[14] = 0xff;
1110 /* Medium rotation rate [rpm], 5400 rpm */
1111 p[18] = (5400 >> 8) & 0xff;
1112 p[19] = 5400 & 0xff;
1113 break;
1114
1115 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1116 length = 0x1e;
1117 if (page_control == 1) { /* Changeable Values */
1118 break;
1119 }
1120 /* Transfer rate [kbit/s], 5Mbit/s */
1121 p[0] = 5000 >> 8;
1122 p[1] = 5000 & 0xff;
1123 /* if a geometry hint is available, use it */
1124 p[2] = s->qdev.conf.heads & 0xff;
1125 p[3] = s->qdev.conf.secs & 0xff;
1126 p[4] = s->qdev.blocksize >> 8;
1127 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1128 p[7] = s->qdev.conf.cyls & 0xff;
1129 /* Write precomp start cylinder, disabled */
1130 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1131 p[9] = s->qdev.conf.cyls & 0xff;
1132 /* Reduced current start cylinder, disabled */
1133 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1134 p[11] = s->qdev.conf.cyls & 0xff;
1135 /* Device step rate [100us], 100us */
1136 p[12] = 0;
1137 p[13] = 1;
1138 /* Device step pulse width [us], 1us */
1139 p[14] = 1;
1140 /* Device head settle delay [100us], 100us */
1141 p[15] = 0;
1142 p[16] = 1;
1143 /* Motor on delay [0.1s], 0.1s */
1144 p[17] = 1;
1145 /* Motor off delay [0.1s], 0.1s */
1146 p[18] = 1;
1147 /* Medium rotation rate [rpm], 5400 rpm */
1148 p[26] = (5400 >> 8) & 0xff;
1149 p[27] = 5400 & 0xff;
1150 break;
1151
1152 case MODE_PAGE_CACHING:
1153 length = 0x12;
1154 if (page_control == 1 || /* Changeable Values */
1155 blk_enable_write_cache(s->qdev.conf.blk)) {
1156 p[0] = 4; /* WCE */
1157 }
1158 break;
1159
1160 case MODE_PAGE_R_W_ERROR:
1161 length = 10;
1162 if (page_control == 1) { /* Changeable Values */
1163 break;
1164 }
1165 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1166 if (s->qdev.type == TYPE_ROM) {
1167 p[1] = 0x20; /* Read Retry Count */
1168 }
1169 break;
1170
1171 case MODE_PAGE_AUDIO_CTL:
1172 length = 14;
1173 break;
1174
1175 case MODE_PAGE_CAPABILITIES:
1176 length = 0x14;
1177 if (page_control == 1) { /* Changeable Values */
1178 break;
1179 }
1180
1181 p[0] = 0x3b; /* CD-R & CD-RW read */
1182 p[1] = 0; /* Writing not supported */
1183 p[2] = 0x7f; /* Audio, composite, digital out,
1184 mode 2 form 1&2, multi session */
1185 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1186 RW corrected, C2 errors, ISRC,
1187 UPC, Bar code */
1188 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1189 /* Locking supported, jumper present, eject, tray */
1190 p[5] = 0; /* no volume & mute control, no
1191 changer */
1192 p[6] = (50 * 176) >> 8; /* 50x read speed */
1193 p[7] = (50 * 176) & 0xff;
1194 p[8] = 2 >> 8; /* Two volume levels */
1195 p[9] = 2 & 0xff;
1196 p[10] = 2048 >> 8; /* 2M buffer */
1197 p[11] = 2048 & 0xff;
1198 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1199 p[13] = (16 * 176) & 0xff;
1200 p[16] = (16 * 176) >> 8; /* 16x write speed */
1201 p[17] = (16 * 176) & 0xff;
1202 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1203 p[19] = (16 * 176) & 0xff;
1204 break;
1205
1206 default:
1207 return -1;
1208 }
1209
1210 assert(length < 256);
1211 (*p_outbuf)[0] = page;
1212 (*p_outbuf)[1] = length;
1213 *p_outbuf += length + 2;
1214 return length + 2;
1215 }
1216
1217 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1218 {
1219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1220 uint64_t nb_sectors;
1221 bool dbd;
1222 int page, buflen, ret, page_control;
1223 uint8_t *p;
1224 uint8_t dev_specific_param;
1225
1226 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1227 page = r->req.cmd.buf[2] & 0x3f;
1228 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1229 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1230 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1231 memset(outbuf, 0, r->req.cmd.xfer);
1232 p = outbuf;
1233
1234 if (s->qdev.type == TYPE_DISK) {
1235 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1236 if (blk_is_read_only(s->qdev.conf.blk)) {
1237 dev_specific_param |= 0x80; /* Readonly. */
1238 }
1239 } else {
1240 /* MMC prescribes that CD/DVD drives have no block descriptors,
1241 * and defines no device-specific parameter. */
1242 dev_specific_param = 0x00;
1243 dbd = true;
1244 }
1245
1246 if (r->req.cmd.buf[0] == MODE_SENSE) {
1247 p[1] = 0; /* Default media type. */
1248 p[2] = dev_specific_param;
1249 p[3] = 0; /* Block descriptor length. */
1250 p += 4;
1251 } else { /* MODE_SENSE_10 */
1252 p[2] = 0; /* Default media type. */
1253 p[3] = dev_specific_param;
1254 p[6] = p[7] = 0; /* Block descriptor length. */
1255 p += 8;
1256 }
1257
1258 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1259 if (!dbd && nb_sectors) {
1260 if (r->req.cmd.buf[0] == MODE_SENSE) {
1261 outbuf[3] = 8; /* Block descriptor length */
1262 } else { /* MODE_SENSE_10 */
1263 outbuf[7] = 8; /* Block descriptor length */
1264 }
1265 nb_sectors /= (s->qdev.blocksize / 512);
1266 if (nb_sectors > 0xffffff) {
1267 nb_sectors = 0;
1268 }
1269 p[0] = 0; /* media density code */
1270 p[1] = (nb_sectors >> 16) & 0xff;
1271 p[2] = (nb_sectors >> 8) & 0xff;
1272 p[3] = nb_sectors & 0xff;
1273 p[4] = 0; /* reserved */
1274 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1275 p[6] = s->qdev.blocksize >> 8;
1276 p[7] = 0;
1277 p += 8;
1278 }
1279
1280 if (page_control == 3) {
1281 /* Saved Values */
1282 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1283 return -1;
1284 }
1285
1286 if (page == 0x3f) {
1287 for (page = 0; page <= 0x3e; page++) {
1288 mode_sense_page(s, page, &p, page_control);
1289 }
1290 } else {
1291 ret = mode_sense_page(s, page, &p, page_control);
1292 if (ret == -1) {
1293 return -1;
1294 }
1295 }
1296
1297 buflen = p - outbuf;
1298 /*
1299 * The mode data length field specifies the length in bytes of the
1300 * following data that is available to be transferred. The mode data
1301 * length does not include itself.
1302 */
1303 if (r->req.cmd.buf[0] == MODE_SENSE) {
1304 outbuf[0] = buflen - 1;
1305 } else { /* MODE_SENSE_10 */
1306 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1307 outbuf[1] = (buflen - 2) & 0xff;
1308 }
1309 return buflen;
1310 }
1311
1312 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1313 {
1314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1315 int start_track, format, msf, toclen;
1316 uint64_t nb_sectors;
1317
1318 msf = req->cmd.buf[1] & 2;
1319 format = req->cmd.buf[2] & 0xf;
1320 start_track = req->cmd.buf[6];
1321 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1322 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1323 nb_sectors /= s->qdev.blocksize / 512;
1324 switch (format) {
1325 case 0:
1326 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1327 break;
1328 case 1:
1329 /* multi session : only a single session defined */
1330 toclen = 12;
1331 memset(outbuf, 0, 12);
1332 outbuf[1] = 0x0a;
1333 outbuf[2] = 0x01;
1334 outbuf[3] = 0x01;
1335 break;
1336 case 2:
1337 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1338 break;
1339 default:
1340 return -1;
1341 }
1342 return toclen;
1343 }
1344
1345 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1346 {
1347 SCSIRequest *req = &r->req;
1348 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1349 bool start = req->cmd.buf[4] & 1;
1350 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1351 int pwrcnd = req->cmd.buf[4] & 0xf0;
1352
1353 if (pwrcnd) {
1354 /* eject/load only happens for power condition == 0 */
1355 return 0;
1356 }
1357
1358 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1359 if (!start && !s->tray_open && s->tray_locked) {
1360 scsi_check_condition(r,
1361 blk_is_inserted(s->qdev.conf.blk)
1362 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1363 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1364 return -1;
1365 }
1366
1367 if (s->tray_open != !start) {
1368 blk_eject(s->qdev.conf.blk, !start);
1369 s->tray_open = !start;
1370 }
1371 }
1372 return 0;
1373 }
1374
1375 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1376 {
1377 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1378 int buflen = r->iov.iov_len;
1379
1380 if (buflen) {
1381 DPRINTF("Read buf_len=%d\n", buflen);
1382 r->iov.iov_len = 0;
1383 r->started = true;
1384 scsi_req_data(&r->req, buflen);
1385 return;
1386 }
1387
1388 /* This also clears the sense buffer for REQUEST SENSE. */
1389 scsi_req_complete(&r->req, GOOD);
1390 }
1391
1392 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1393 uint8_t *inbuf, int inlen)
1394 {
1395 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1396 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1397 uint8_t *p;
1398 int len, expected_len, changeable_len, i;
1399
1400 /* The input buffer does not include the page header, so it is
1401 * off by 2 bytes.
1402 */
1403 expected_len = inlen + 2;
1404 if (expected_len > SCSI_MAX_MODE_LEN) {
1405 return -1;
1406 }
1407
1408 p = mode_current;
1409 memset(mode_current, 0, inlen + 2);
1410 len = mode_sense_page(s, page, &p, 0);
1411 if (len < 0 || len != expected_len) {
1412 return -1;
1413 }
1414
1415 p = mode_changeable;
1416 memset(mode_changeable, 0, inlen + 2);
1417 changeable_len = mode_sense_page(s, page, &p, 1);
1418 assert(changeable_len == len);
1419
1420 /* Check that unchangeable bits are the same as what MODE SENSE
1421 * would return.
1422 */
1423 for (i = 2; i < len; i++) {
1424 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1425 return -1;
1426 }
1427 }
1428 return 0;
1429 }
1430
1431 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1432 {
1433 switch (page) {
1434 case MODE_PAGE_CACHING:
1435 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1436 break;
1437
1438 default:
1439 break;
1440 }
1441 }
1442
1443 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1444 {
1445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1446
1447 while (len > 0) {
1448 int page, subpage, page_len;
1449
1450 /* Parse both possible formats for the mode page headers. */
1451 page = p[0] & 0x3f;
1452 if (p[0] & 0x40) {
1453 if (len < 4) {
1454 goto invalid_param_len;
1455 }
1456 subpage = p[1];
1457 page_len = lduw_be_p(&p[2]);
1458 p += 4;
1459 len -= 4;
1460 } else {
1461 if (len < 2) {
1462 goto invalid_param_len;
1463 }
1464 subpage = 0;
1465 page_len = p[1];
1466 p += 2;
1467 len -= 2;
1468 }
1469
1470 if (subpage) {
1471 goto invalid_param;
1472 }
1473 if (page_len > len) {
1474 goto invalid_param_len;
1475 }
1476
1477 if (!change) {
1478 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1479 goto invalid_param;
1480 }
1481 } else {
1482 scsi_disk_apply_mode_select(s, page, p);
1483 }
1484
1485 p += page_len;
1486 len -= page_len;
1487 }
1488 return 0;
1489
1490 invalid_param:
1491 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1492 return -1;
1493
1494 invalid_param_len:
1495 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1496 return -1;
1497 }
1498
1499 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1500 {
1501 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1502 uint8_t *p = inbuf;
1503 int cmd = r->req.cmd.buf[0];
1504 int len = r->req.cmd.xfer;
1505 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1506 int bd_len;
1507 int pass;
1508
1509 /* We only support PF=1, SP=0. */
1510 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1511 goto invalid_field;
1512 }
1513
1514 if (len < hdr_len) {
1515 goto invalid_param_len;
1516 }
1517
1518 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1519 len -= hdr_len;
1520 p += hdr_len;
1521 if (len < bd_len) {
1522 goto invalid_param_len;
1523 }
1524 if (bd_len != 0 && bd_len != 8) {
1525 goto invalid_param;
1526 }
1527
1528 len -= bd_len;
1529 p += bd_len;
1530
1531 /* Ensure no change is made if there is an error! */
1532 for (pass = 0; pass < 2; pass++) {
1533 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1534 assert(pass == 0);
1535 return;
1536 }
1537 }
1538 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1539 /* The request is used as the AIO opaque value, so add a ref. */
1540 scsi_req_ref(&r->req);
1541 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1542 BLOCK_ACCT_FLUSH);
1543 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1544 return;
1545 }
1546
1547 scsi_req_complete(&r->req, GOOD);
1548 return;
1549
1550 invalid_param:
1551 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1552 return;
1553
1554 invalid_param_len:
1555 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1556 return;
1557
1558 invalid_field:
1559 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1560 }
1561
1562 static inline bool check_lba_range(SCSIDiskState *s,
1563 uint64_t sector_num, uint32_t nb_sectors)
1564 {
1565 /*
1566 * The first line tests that no overflow happens when computing the last
1567 * sector. The second line tests that the last accessed sector is in
1568 * range.
1569 *
1570 * Careful, the computations should not underflow for nb_sectors == 0,
1571 * and a 0-block read to the first LBA beyond the end of device is
1572 * valid.
1573 */
1574 return (sector_num <= sector_num + nb_sectors &&
1575 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1576 }
1577
1578 typedef struct UnmapCBData {
1579 SCSIDiskReq *r;
1580 uint8_t *inbuf;
1581 int count;
1582 } UnmapCBData;
1583
1584 static void scsi_unmap_complete(void *opaque, int ret);
1585
1586 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1587 {
1588 SCSIDiskReq *r = data->r;
1589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1590 uint64_t sector_num;
1591 uint32_t nb_sectors;
1592
1593 assert(r->req.aiocb == NULL);
1594 if (scsi_disk_req_check_error(r, ret, false)) {
1595 goto done;
1596 }
1597
1598 if (data->count > 0) {
1599 sector_num = ldq_be_p(&data->inbuf[0]);
1600 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1601 if (!check_lba_range(s, sector_num, nb_sectors)) {
1602 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1603 goto done;
1604 }
1605
1606 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1607 sector_num * s->qdev.blocksize,
1608 nb_sectors * s->qdev.blocksize,
1609 scsi_unmap_complete, data);
1610 data->count--;
1611 data->inbuf += 16;
1612 return;
1613 }
1614
1615 scsi_req_complete(&r->req, GOOD);
1616
1617 done:
1618 scsi_req_unref(&r->req);
1619 g_free(data);
1620 }
1621
1622 static void scsi_unmap_complete(void *opaque, int ret)
1623 {
1624 UnmapCBData *data = opaque;
1625 SCSIDiskReq *r = data->r;
1626
1627 assert(r->req.aiocb != NULL);
1628 r->req.aiocb = NULL;
1629
1630 scsi_unmap_complete_noio(data, ret);
1631 }
1632
1633 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1634 {
1635 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1636 uint8_t *p = inbuf;
1637 int len = r->req.cmd.xfer;
1638 UnmapCBData *data;
1639
1640 /* Reject ANCHOR=1. */
1641 if (r->req.cmd.buf[1] & 0x1) {
1642 goto invalid_field;
1643 }
1644
1645 if (len < 8) {
1646 goto invalid_param_len;
1647 }
1648 if (len < lduw_be_p(&p[0]) + 2) {
1649 goto invalid_param_len;
1650 }
1651 if (len < lduw_be_p(&p[2]) + 8) {
1652 goto invalid_param_len;
1653 }
1654 if (lduw_be_p(&p[2]) & 15) {
1655 goto invalid_param_len;
1656 }
1657
1658 if (blk_is_read_only(s->qdev.conf.blk)) {
1659 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1660 return;
1661 }
1662
1663 data = g_new0(UnmapCBData, 1);
1664 data->r = r;
1665 data->inbuf = &p[8];
1666 data->count = lduw_be_p(&p[2]) >> 4;
1667
1668 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1669 scsi_req_ref(&r->req);
1670 scsi_unmap_complete_noio(data, 0);
1671 return;
1672
1673 invalid_param_len:
1674 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1675 return;
1676
1677 invalid_field:
1678 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1679 }
1680
1681 typedef struct WriteSameCBData {
1682 SCSIDiskReq *r;
1683 int64_t sector;
1684 int nb_sectors;
1685 QEMUIOVector qiov;
1686 struct iovec iov;
1687 } WriteSameCBData;
1688
1689 static void scsi_write_same_complete(void *opaque, int ret)
1690 {
1691 WriteSameCBData *data = opaque;
1692 SCSIDiskReq *r = data->r;
1693 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1694
1695 assert(r->req.aiocb != NULL);
1696 r->req.aiocb = NULL;
1697 if (scsi_disk_req_check_error(r, ret, true)) {
1698 goto done;
1699 }
1700
1701 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1702
1703 data->nb_sectors -= data->iov.iov_len / 512;
1704 data->sector += data->iov.iov_len / 512;
1705 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1706 if (data->iov.iov_len) {
1707 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1708 data->iov.iov_len, BLOCK_ACCT_WRITE);
1709 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1710 * where final qiov may need smaller size */
1711 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1712 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1713 data->sector << BDRV_SECTOR_BITS,
1714 &data->qiov, 0,
1715 scsi_write_same_complete, data);
1716 return;
1717 }
1718
1719 scsi_req_complete(&r->req, GOOD);
1720
1721 done:
1722 scsi_req_unref(&r->req);
1723 qemu_vfree(data->iov.iov_base);
1724 g_free(data);
1725 }
1726
1727 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1728 {
1729 SCSIRequest *req = &r->req;
1730 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1731 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1732 WriteSameCBData *data;
1733 uint8_t *buf;
1734 int i;
1735
1736 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1737 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1738 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1739 return;
1740 }
1741
1742 if (blk_is_read_only(s->qdev.conf.blk)) {
1743 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1744 return;
1745 }
1746 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1747 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1748 return;
1749 }
1750
1751 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1752 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1753
1754 /* The request is used as the AIO opaque value, so add a ref. */
1755 scsi_req_ref(&r->req);
1756 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1757 nb_sectors * s->qdev.blocksize,
1758 BLOCK_ACCT_WRITE);
1759 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1760 r->req.cmd.lba * s->qdev.blocksize,
1761 nb_sectors * s->qdev.blocksize,
1762 flags, scsi_aio_complete, r);
1763 return;
1764 }
1765
1766 data = g_new0(WriteSameCBData, 1);
1767 data->r = r;
1768 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1769 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1770 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1771 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1772 data->iov.iov_len);
1773 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1774
1775 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1776 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1777 }
1778
1779 scsi_req_ref(&r->req);
1780 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1781 data->iov.iov_len, BLOCK_ACCT_WRITE);
1782 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1783 data->sector << BDRV_SECTOR_BITS,
1784 &data->qiov, 0,
1785 scsi_write_same_complete, data);
1786 }
1787
1788 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1789 {
1790 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1791
1792 if (r->iov.iov_len) {
1793 int buflen = r->iov.iov_len;
1794 DPRINTF("Write buf_len=%d\n", buflen);
1795 r->iov.iov_len = 0;
1796 scsi_req_data(&r->req, buflen);
1797 return;
1798 }
1799
1800 switch (req->cmd.buf[0]) {
1801 case MODE_SELECT:
1802 case MODE_SELECT_10:
1803 /* This also clears the sense buffer for REQUEST SENSE. */
1804 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1805 break;
1806
1807 case UNMAP:
1808 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1809 break;
1810
1811 case VERIFY_10:
1812 case VERIFY_12:
1813 case VERIFY_16:
1814 if (r->req.status == -1) {
1815 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1816 }
1817 break;
1818
1819 case WRITE_SAME_10:
1820 case WRITE_SAME_16:
1821 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1822 break;
1823
1824 default:
1825 abort();
1826 }
1827 }
1828
1829 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1830 {
1831 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1832 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1833 uint64_t nb_sectors;
1834 uint8_t *outbuf;
1835 int buflen;
1836
1837 switch (req->cmd.buf[0]) {
1838 case INQUIRY:
1839 case MODE_SENSE:
1840 case MODE_SENSE_10:
1841 case RESERVE:
1842 case RESERVE_10:
1843 case RELEASE:
1844 case RELEASE_10:
1845 case START_STOP:
1846 case ALLOW_MEDIUM_REMOVAL:
1847 case GET_CONFIGURATION:
1848 case GET_EVENT_STATUS_NOTIFICATION:
1849 case MECHANISM_STATUS:
1850 case REQUEST_SENSE:
1851 break;
1852
1853 default:
1854 if (!blk_is_available(s->qdev.conf.blk)) {
1855 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1856 return 0;
1857 }
1858 break;
1859 }
1860
1861 /*
1862 * FIXME: we shouldn't return anything bigger than 4k, but the code
1863 * requires the buffer to be as big as req->cmd.xfer in several
1864 * places. So, do not allow CDBs with a very large ALLOCATION
1865 * LENGTH. The real fix would be to modify scsi_read_data and
1866 * dma_buf_read, so that they return data beyond the buflen
1867 * as all zeros.
1868 */
1869 if (req->cmd.xfer > 65536) {
1870 goto illegal_request;
1871 }
1872 r->buflen = MAX(4096, req->cmd.xfer);
1873
1874 if (!r->iov.iov_base) {
1875 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1876 }
1877
1878 buflen = req->cmd.xfer;
1879 outbuf = r->iov.iov_base;
1880 memset(outbuf, 0, r->buflen);
1881 switch (req->cmd.buf[0]) {
1882 case TEST_UNIT_READY:
1883 assert(blk_is_available(s->qdev.conf.blk));
1884 break;
1885 case INQUIRY:
1886 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1887 if (buflen < 0) {
1888 goto illegal_request;
1889 }
1890 break;
1891 case MODE_SENSE:
1892 case MODE_SENSE_10:
1893 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1894 if (buflen < 0) {
1895 goto illegal_request;
1896 }
1897 break;
1898 case READ_TOC:
1899 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1900 if (buflen < 0) {
1901 goto illegal_request;
1902 }
1903 break;
1904 case RESERVE:
1905 if (req->cmd.buf[1] & 1) {
1906 goto illegal_request;
1907 }
1908 break;
1909 case RESERVE_10:
1910 if (req->cmd.buf[1] & 3) {
1911 goto illegal_request;
1912 }
1913 break;
1914 case RELEASE:
1915 if (req->cmd.buf[1] & 1) {
1916 goto illegal_request;
1917 }
1918 break;
1919 case RELEASE_10:
1920 if (req->cmd.buf[1] & 3) {
1921 goto illegal_request;
1922 }
1923 break;
1924 case START_STOP:
1925 if (scsi_disk_emulate_start_stop(r) < 0) {
1926 return 0;
1927 }
1928 break;
1929 case ALLOW_MEDIUM_REMOVAL:
1930 s->tray_locked = req->cmd.buf[4] & 1;
1931 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1932 break;
1933 case READ_CAPACITY_10:
1934 /* The normal LEN field for this command is zero. */
1935 memset(outbuf, 0, 8);
1936 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1937 if (!nb_sectors) {
1938 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1939 return 0;
1940 }
1941 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1942 goto illegal_request;
1943 }
1944 nb_sectors /= s->qdev.blocksize / 512;
1945 /* Returned value is the address of the last sector. */
1946 nb_sectors--;
1947 /* Remember the new size for read/write sanity checking. */
1948 s->qdev.max_lba = nb_sectors;
1949 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1950 if (nb_sectors > UINT32_MAX) {
1951 nb_sectors = UINT32_MAX;
1952 }
1953 outbuf[0] = (nb_sectors >> 24) & 0xff;
1954 outbuf[1] = (nb_sectors >> 16) & 0xff;
1955 outbuf[2] = (nb_sectors >> 8) & 0xff;
1956 outbuf[3] = nb_sectors & 0xff;
1957 outbuf[4] = 0;
1958 outbuf[5] = 0;
1959 outbuf[6] = s->qdev.blocksize >> 8;
1960 outbuf[7] = 0;
1961 break;
1962 case REQUEST_SENSE:
1963 /* Just return "NO SENSE". */
1964 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1965 (req->cmd.buf[1] & 1) == 0);
1966 if (buflen < 0) {
1967 goto illegal_request;
1968 }
1969 break;
1970 case MECHANISM_STATUS:
1971 buflen = scsi_emulate_mechanism_status(s, outbuf);
1972 if (buflen < 0) {
1973 goto illegal_request;
1974 }
1975 break;
1976 case GET_CONFIGURATION:
1977 buflen = scsi_get_configuration(s, outbuf);
1978 if (buflen < 0) {
1979 goto illegal_request;
1980 }
1981 break;
1982 case GET_EVENT_STATUS_NOTIFICATION:
1983 buflen = scsi_get_event_status_notification(s, r, outbuf);
1984 if (buflen < 0) {
1985 goto illegal_request;
1986 }
1987 break;
1988 case READ_DISC_INFORMATION:
1989 buflen = scsi_read_disc_information(s, r, outbuf);
1990 if (buflen < 0) {
1991 goto illegal_request;
1992 }
1993 break;
1994 case READ_DVD_STRUCTURE:
1995 buflen = scsi_read_dvd_structure(s, r, outbuf);
1996 if (buflen < 0) {
1997 goto illegal_request;
1998 }
1999 break;
2000 case SERVICE_ACTION_IN_16:
2001 /* Service Action In subcommands. */
2002 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2003 DPRINTF("SAI READ CAPACITY(16)\n");
2004 memset(outbuf, 0, req->cmd.xfer);
2005 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2006 if (!nb_sectors) {
2007 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2008 return 0;
2009 }
2010 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2011 goto illegal_request;
2012 }
2013 nb_sectors /= s->qdev.blocksize / 512;
2014 /* Returned value is the address of the last sector. */
2015 nb_sectors--;
2016 /* Remember the new size for read/write sanity checking. */
2017 s->qdev.max_lba = nb_sectors;
2018 outbuf[0] = (nb_sectors >> 56) & 0xff;
2019 outbuf[1] = (nb_sectors >> 48) & 0xff;
2020 outbuf[2] = (nb_sectors >> 40) & 0xff;
2021 outbuf[3] = (nb_sectors >> 32) & 0xff;
2022 outbuf[4] = (nb_sectors >> 24) & 0xff;
2023 outbuf[5] = (nb_sectors >> 16) & 0xff;
2024 outbuf[6] = (nb_sectors >> 8) & 0xff;
2025 outbuf[7] = nb_sectors & 0xff;
2026 outbuf[8] = 0;
2027 outbuf[9] = 0;
2028 outbuf[10] = s->qdev.blocksize >> 8;
2029 outbuf[11] = 0;
2030 outbuf[12] = 0;
2031 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2032
2033 /* set TPE bit if the format supports discard */
2034 if (s->qdev.conf.discard_granularity) {
2035 outbuf[14] = 0x80;
2036 }
2037
2038 /* Protection, exponent and lowest lba field left blank. */
2039 break;
2040 }
2041 DPRINTF("Unsupported Service Action In\n");
2042 goto illegal_request;
2043 case SYNCHRONIZE_CACHE:
2044 /* The request is used as the AIO opaque value, so add a ref. */
2045 scsi_req_ref(&r->req);
2046 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2047 BLOCK_ACCT_FLUSH);
2048 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2049 return 0;
2050 case SEEK_10:
2051 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2052 if (r->req.cmd.lba > s->qdev.max_lba) {
2053 goto illegal_lba;
2054 }
2055 break;
2056 case MODE_SELECT:
2057 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2058 break;
2059 case MODE_SELECT_10:
2060 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2061 break;
2062 case UNMAP:
2063 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2064 break;
2065 case VERIFY_10:
2066 case VERIFY_12:
2067 case VERIFY_16:
2068 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2069 if (req->cmd.buf[1] & 6) {
2070 goto illegal_request;
2071 }
2072 break;
2073 case WRITE_SAME_10:
2074 case WRITE_SAME_16:
2075 DPRINTF("WRITE SAME %d (len %lu)\n",
2076 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2077 (unsigned long)r->req.cmd.xfer);
2078 break;
2079 default:
2080 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2081 scsi_command_name(buf[0]));
2082 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2083 return 0;
2084 }
2085 assert(!r->req.aiocb);
2086 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2087 if (r->iov.iov_len == 0) {
2088 scsi_req_complete(&r->req, GOOD);
2089 }
2090 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2091 assert(r->iov.iov_len == req->cmd.xfer);
2092 return -r->iov.iov_len;
2093 } else {
2094 return r->iov.iov_len;
2095 }
2096
2097 illegal_request:
2098 if (r->req.status == -1) {
2099 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2100 }
2101 return 0;
2102
2103 illegal_lba:
2104 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2105 return 0;
2106 }
2107
2108 /* Execute a scsi command. Returns the length of the data expected by the
2109 command. This will be Positive for data transfers from the device
2110 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2111 and zero if the command does not transfer any data. */
2112
2113 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2114 {
2115 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2117 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2118 uint32_t len;
2119 uint8_t command;
2120
2121 command = buf[0];
2122
2123 if (!blk_is_available(s->qdev.conf.blk)) {
2124 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2125 return 0;
2126 }
2127
2128 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2129 switch (command) {
2130 case READ_6:
2131 case READ_10:
2132 case READ_12:
2133 case READ_16:
2134 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2135 if (r->req.cmd.buf[1] & 0xe0) {
2136 goto illegal_request;
2137 }
2138 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2139 goto illegal_lba;
2140 }
2141 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2142 r->sector_count = len * (s->qdev.blocksize / 512);
2143 break;
2144 case WRITE_6:
2145 case WRITE_10:
2146 case WRITE_12:
2147 case WRITE_16:
2148 case WRITE_VERIFY_10:
2149 case WRITE_VERIFY_12:
2150 case WRITE_VERIFY_16:
2151 if (blk_is_read_only(s->qdev.conf.blk)) {
2152 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2153 return 0;
2154 }
2155 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2156 (command & 0xe) == 0xe ? "And Verify " : "",
2157 r->req.cmd.lba, len);
2158 if (r->req.cmd.buf[1] & 0xe0) {
2159 goto illegal_request;
2160 }
2161 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2162 goto illegal_lba;
2163 }
2164 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2165 r->sector_count = len * (s->qdev.blocksize / 512);
2166 break;
2167 default:
2168 abort();
2169 illegal_request:
2170 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2171 return 0;
2172 illegal_lba:
2173 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2174 return 0;
2175 }
2176 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2177 if (r->sector_count == 0) {
2178 scsi_req_complete(&r->req, GOOD);
2179 }
2180 assert(r->iov.iov_len == 0);
2181 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2182 return -r->sector_count * 512;
2183 } else {
2184 return r->sector_count * 512;
2185 }
2186 }
2187
2188 static void scsi_disk_reset(DeviceState *dev)
2189 {
2190 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2191 uint64_t nb_sectors;
2192
2193 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2194
2195 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2196 nb_sectors /= s->qdev.blocksize / 512;
2197 if (nb_sectors) {
2198 nb_sectors--;
2199 }
2200 s->qdev.max_lba = nb_sectors;
2201 /* reset tray statuses */
2202 s->tray_locked = 0;
2203 s->tray_open = 0;
2204 }
2205
2206 static void scsi_disk_resize_cb(void *opaque)
2207 {
2208 SCSIDiskState *s = opaque;
2209
2210 /* SPC lists this sense code as available only for
2211 * direct-access devices.
2212 */
2213 if (s->qdev.type == TYPE_DISK) {
2214 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2215 }
2216 }
2217
2218 static void scsi_cd_change_media_cb(void *opaque, bool load)
2219 {
2220 SCSIDiskState *s = opaque;
2221
2222 /*
2223 * When a CD gets changed, we have to report an ejected state and
2224 * then a loaded state to guests so that they detect tray
2225 * open/close and media change events. Guests that do not use
2226 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2227 * states rely on this behavior.
2228 *
2229 * media_changed governs the state machine used for unit attention
2230 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2231 */
2232 s->media_changed = load;
2233 s->tray_open = !load;
2234 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2235 s->media_event = true;
2236 s->eject_request = false;
2237 }
2238
2239 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2240 {
2241 SCSIDiskState *s = opaque;
2242
2243 s->eject_request = true;
2244 if (force) {
2245 s->tray_locked = false;
2246 }
2247 }
2248
2249 static bool scsi_cd_is_tray_open(void *opaque)
2250 {
2251 return ((SCSIDiskState *)opaque)->tray_open;
2252 }
2253
2254 static bool scsi_cd_is_medium_locked(void *opaque)
2255 {
2256 return ((SCSIDiskState *)opaque)->tray_locked;
2257 }
2258
2259 static const BlockDevOps scsi_disk_removable_block_ops = {
2260 .change_media_cb = scsi_cd_change_media_cb,
2261 .eject_request_cb = scsi_cd_eject_request_cb,
2262 .is_tray_open = scsi_cd_is_tray_open,
2263 .is_medium_locked = scsi_cd_is_medium_locked,
2264
2265 .resize_cb = scsi_disk_resize_cb,
2266 };
2267
2268 static const BlockDevOps scsi_disk_block_ops = {
2269 .resize_cb = scsi_disk_resize_cb,
2270 };
2271
2272 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2273 {
2274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2275 if (s->media_changed) {
2276 s->media_changed = false;
2277 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2278 }
2279 }
2280
2281 static void scsi_realize(SCSIDevice *dev, Error **errp)
2282 {
2283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2284 Error *err = NULL;
2285
2286 if (!s->qdev.conf.blk) {
2287 error_setg(errp, "drive property not set");
2288 return;
2289 }
2290
2291 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2292 !blk_is_inserted(s->qdev.conf.blk)) {
2293 error_setg(errp, "Device needs media, but drive is empty");
2294 return;
2295 }
2296
2297 blkconf_serial(&s->qdev.conf, &s->serial);
2298 blkconf_blocksizes(&s->qdev.conf);
2299 if (dev->type == TYPE_DISK) {
2300 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2301 if (err) {
2302 error_propagate(errp, err);
2303 return;
2304 }
2305 }
2306 blkconf_apply_backend_options(&dev->conf);
2307
2308 if (s->qdev.conf.discard_granularity == -1) {
2309 s->qdev.conf.discard_granularity =
2310 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2311 }
2312
2313 if (!s->version) {
2314 s->version = g_strdup(qemu_hw_version());
2315 }
2316 if (!s->vendor) {
2317 s->vendor = g_strdup("QEMU");
2318 }
2319
2320 if (blk_is_sg(s->qdev.conf.blk)) {
2321 error_setg(errp, "unwanted /dev/sg*");
2322 return;
2323 }
2324
2325 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2326 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2327 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2328 } else {
2329 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2330 }
2331 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2332
2333 blk_iostatus_enable(s->qdev.conf.blk);
2334 }
2335
2336 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2337 {
2338 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2339 /* can happen for devices without drive. The error message for missing
2340 * backend will be issued in scsi_realize
2341 */
2342 if (s->qdev.conf.blk) {
2343 blkconf_blocksizes(&s->qdev.conf);
2344 }
2345 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2346 s->qdev.type = TYPE_DISK;
2347 if (!s->product) {
2348 s->product = g_strdup("QEMU HARDDISK");
2349 }
2350 scsi_realize(&s->qdev, errp);
2351 }
2352
2353 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2354 {
2355 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2356
2357 if (!dev->conf.blk) {
2358 dev->conf.blk = blk_new();
2359 }
2360
2361 s->qdev.blocksize = 2048;
2362 s->qdev.type = TYPE_ROM;
2363 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2364 if (!s->product) {
2365 s->product = g_strdup("QEMU CD-ROM");
2366 }
2367 scsi_realize(&s->qdev, errp);
2368 }
2369
2370 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2371 {
2372 DriveInfo *dinfo;
2373 Error *local_err = NULL;
2374
2375 if (!dev->conf.blk) {
2376 scsi_realize(dev, &local_err);
2377 assert(local_err);
2378 error_propagate(errp, local_err);
2379 return;
2380 }
2381
2382 dinfo = blk_legacy_dinfo(dev->conf.blk);
2383 if (dinfo && dinfo->media_cd) {
2384 scsi_cd_realize(dev, errp);
2385 } else {
2386 scsi_hd_realize(dev, errp);
2387 }
2388 }
2389
2390 static const SCSIReqOps scsi_disk_emulate_reqops = {
2391 .size = sizeof(SCSIDiskReq),
2392 .free_req = scsi_free_request,
2393 .send_command = scsi_disk_emulate_command,
2394 .read_data = scsi_disk_emulate_read_data,
2395 .write_data = scsi_disk_emulate_write_data,
2396 .get_buf = scsi_get_buf,
2397 };
2398
2399 static const SCSIReqOps scsi_disk_dma_reqops = {
2400 .size = sizeof(SCSIDiskReq),
2401 .free_req = scsi_free_request,
2402 .send_command = scsi_disk_dma_command,
2403 .read_data = scsi_read_data,
2404 .write_data = scsi_write_data,
2405 .get_buf = scsi_get_buf,
2406 .load_request = scsi_disk_load_request,
2407 .save_request = scsi_disk_save_request,
2408 };
2409
2410 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2411 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2412 [INQUIRY] = &scsi_disk_emulate_reqops,
2413 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2414 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2415 [START_STOP] = &scsi_disk_emulate_reqops,
2416 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2417 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2418 [READ_TOC] = &scsi_disk_emulate_reqops,
2419 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2420 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2421 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2422 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2423 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2424 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2425 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2426 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2427 [SEEK_10] = &scsi_disk_emulate_reqops,
2428 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2429 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2430 [UNMAP] = &scsi_disk_emulate_reqops,
2431 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2432 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2433 [VERIFY_10] = &scsi_disk_emulate_reqops,
2434 [VERIFY_12] = &scsi_disk_emulate_reqops,
2435 [VERIFY_16] = &scsi_disk_emulate_reqops,
2436
2437 [READ_6] = &scsi_disk_dma_reqops,
2438 [READ_10] = &scsi_disk_dma_reqops,
2439 [READ_12] = &scsi_disk_dma_reqops,
2440 [READ_16] = &scsi_disk_dma_reqops,
2441 [WRITE_6] = &scsi_disk_dma_reqops,
2442 [WRITE_10] = &scsi_disk_dma_reqops,
2443 [WRITE_12] = &scsi_disk_dma_reqops,
2444 [WRITE_16] = &scsi_disk_dma_reqops,
2445 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2446 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2447 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2448 };
2449
2450 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2451 uint8_t *buf, void *hba_private)
2452 {
2453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2454 SCSIRequest *req;
2455 const SCSIReqOps *ops;
2456 uint8_t command;
2457
2458 command = buf[0];
2459 ops = scsi_disk_reqops_dispatch[command];
2460 if (!ops) {
2461 ops = &scsi_disk_emulate_reqops;
2462 }
2463 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2464
2465 #ifdef DEBUG_SCSI
2466 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2467 {
2468 int i;
2469 for (i = 1; i < scsi_cdb_length(buf); i++) {
2470 printf(" 0x%02x", buf[i]);
2471 }
2472 printf("\n");
2473 }
2474 #endif
2475
2476 return req;
2477 }
2478
2479 #ifdef __linux__
2480 static int get_device_type(SCSIDiskState *s)
2481 {
2482 uint8_t cmd[16];
2483 uint8_t buf[36];
2484 uint8_t sensebuf[8];
2485 sg_io_hdr_t io_header;
2486 int ret;
2487
2488 memset(cmd, 0, sizeof(cmd));
2489 memset(buf, 0, sizeof(buf));
2490 cmd[0] = INQUIRY;
2491 cmd[4] = sizeof(buf);
2492
2493 memset(&io_header, 0, sizeof(io_header));
2494 io_header.interface_id = 'S';
2495 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2496 io_header.dxfer_len = sizeof(buf);
2497 io_header.dxferp = buf;
2498 io_header.cmdp = cmd;
2499 io_header.cmd_len = sizeof(cmd);
2500 io_header.mx_sb_len = sizeof(sensebuf);
2501 io_header.sbp = sensebuf;
2502 io_header.timeout = 6000; /* XXX */
2503
2504 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2505 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2506 return -1;
2507 }
2508 s->qdev.type = buf[0];
2509 if (buf[1] & 0x80) {
2510 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2511 }
2512 return 0;
2513 }
2514
2515 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2516 {
2517 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2518 int sg_version;
2519 int rc;
2520
2521 if (!s->qdev.conf.blk) {
2522 error_setg(errp, "drive property not set");
2523 return;
2524 }
2525
2526 /* check we are using a driver managing SG_IO (version 3 and after) */
2527 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2528 if (rc < 0) {
2529 error_setg(errp, "cannot get SG_IO version number: %s. "
2530 "Is this a SCSI device?",
2531 strerror(-rc));
2532 return;
2533 }
2534 if (sg_version < 30000) {
2535 error_setg(errp, "scsi generic interface too old");
2536 return;
2537 }
2538
2539 /* get device type from INQUIRY data */
2540 rc = get_device_type(s);
2541 if (rc < 0) {
2542 error_setg(errp, "INQUIRY failed");
2543 return;
2544 }
2545
2546 /* Make a guess for the block size, we'll fix it when the guest sends.
2547 * READ CAPACITY. If they don't, they likely would assume these sizes
2548 * anyway. (TODO: check in /sys).
2549 */
2550 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2551 s->qdev.blocksize = 2048;
2552 } else {
2553 s->qdev.blocksize = 512;
2554 }
2555
2556 /* Makes the scsi-block device not removable by using HMP and QMP eject
2557 * command.
2558 */
2559 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2560
2561 scsi_realize(&s->qdev, errp);
2562 scsi_generic_read_device_identification(&s->qdev);
2563 }
2564
2565 typedef struct SCSIBlockReq {
2566 SCSIDiskReq req;
2567 sg_io_hdr_t io_header;
2568
2569 /* Selected bytes of the original CDB, copied into our own CDB. */
2570 uint8_t cmd, cdb1, group_number;
2571
2572 /* CDB passed to SG_IO. */
2573 uint8_t cdb[16];
2574 } SCSIBlockReq;
2575
2576 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2577 int64_t offset, QEMUIOVector *iov,
2578 int direction,
2579 BlockCompletionFunc *cb, void *opaque)
2580 {
2581 sg_io_hdr_t *io_header = &req->io_header;
2582 SCSIDiskReq *r = &req->req;
2583 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2584 int nb_logical_blocks;
2585 uint64_t lba;
2586 BlockAIOCB *aiocb;
2587
2588 /* This is not supported yet. It can only happen if the guest does
2589 * reads and writes that are not aligned to one logical sectors
2590 * _and_ cover multiple MemoryRegions.
2591 */
2592 assert(offset % s->qdev.blocksize == 0);
2593 assert(iov->size % s->qdev.blocksize == 0);
2594
2595 io_header->interface_id = 'S';
2596
2597 /* The data transfer comes from the QEMUIOVector. */
2598 io_header->dxfer_direction = direction;
2599 io_header->dxfer_len = iov->size;
2600 io_header->dxferp = (void *)iov->iov;
2601 io_header->iovec_count = iov->niov;
2602 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2603
2604 /* Build a new CDB with the LBA and length patched in, in case
2605 * DMA helpers split the transfer in multiple segments. Do not
2606 * build a CDB smaller than what the guest wanted, and only build
2607 * a larger one if strictly necessary.
2608 */
2609 io_header->cmdp = req->cdb;
2610 lba = offset / s->qdev.blocksize;
2611 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2612
2613 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2614 /* 6-byte CDB */
2615 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2616 req->cdb[4] = nb_logical_blocks;
2617 req->cdb[5] = 0;
2618 io_header->cmd_len = 6;
2619 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2620 /* 10-byte CDB */
2621 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2622 req->cdb[1] = req->cdb1;
2623 stl_be_p(&req->cdb[2], lba);
2624 req->cdb[6] = req->group_number;
2625 stw_be_p(&req->cdb[7], nb_logical_blocks);
2626 req->cdb[9] = 0;
2627 io_header->cmd_len = 10;
2628 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2629 /* 12-byte CDB */
2630 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2631 req->cdb[1] = req->cdb1;
2632 stl_be_p(&req->cdb[2], lba);
2633 stl_be_p(&req->cdb[6], nb_logical_blocks);
2634 req->cdb[10] = req->group_number;
2635 req->cdb[11] = 0;
2636 io_header->cmd_len = 12;
2637 } else {
2638 /* 16-byte CDB */
2639 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2640 req->cdb[1] = req->cdb1;
2641 stq_be_p(&req->cdb[2], lba);
2642 stl_be_p(&req->cdb[10], nb_logical_blocks);
2643 req->cdb[14] = req->group_number;
2644 req->cdb[15] = 0;
2645 io_header->cmd_len = 16;
2646 }
2647
2648 /* The rest is as in scsi-generic.c. */
2649 io_header->mx_sb_len = sizeof(r->req.sense);
2650 io_header->sbp = r->req.sense;
2651 io_header->timeout = UINT_MAX;
2652 io_header->usr_ptr = r;
2653 io_header->flags |= SG_FLAG_DIRECT_IO;
2654
2655 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2656 assert(aiocb != NULL);
2657 return aiocb;
2658 }
2659
2660 static bool scsi_block_no_fua(SCSICommand *cmd)
2661 {
2662 return false;
2663 }
2664
2665 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2666 QEMUIOVector *iov,
2667 BlockCompletionFunc *cb, void *cb_opaque,
2668 void *opaque)
2669 {
2670 SCSIBlockReq *r = opaque;
2671 return scsi_block_do_sgio(r, offset, iov,
2672 SG_DXFER_FROM_DEV, cb, cb_opaque);
2673 }
2674
2675 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2676 QEMUIOVector *iov,
2677 BlockCompletionFunc *cb, void *cb_opaque,
2678 void *opaque)
2679 {
2680 SCSIBlockReq *r = opaque;
2681 return scsi_block_do_sgio(r, offset, iov,
2682 SG_DXFER_TO_DEV, cb, cb_opaque);
2683 }
2684
2685 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2686 {
2687 switch (buf[0]) {
2688 case VERIFY_10:
2689 case VERIFY_12:
2690 case VERIFY_16:
2691 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2692 * for the number of logical blocks specified in the length
2693 * field). For other modes, do not use scatter/gather operation.
2694 */
2695 if ((buf[1] & 6) != 2) {
2696 return false;
2697 }
2698 break;
2699
2700 case READ_6:
2701 case READ_10:
2702 case READ_12:
2703 case READ_16:
2704 case WRITE_6:
2705 case WRITE_10:
2706 case WRITE_12:
2707 case WRITE_16:
2708 case WRITE_VERIFY_10:
2709 case WRITE_VERIFY_12:
2710 case WRITE_VERIFY_16:
2711 /* MMC writing cannot be done via DMA helpers, because it sometimes
2712 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2713 * We might use scsi_disk_dma_reqops as long as no writing commands are
2714 * seen, but performance usually isn't paramount on optical media. So,
2715 * just make scsi-block operate the same as scsi-generic for them.
2716 */
2717 if (s->qdev.type != TYPE_ROM) {
2718 return false;
2719 }
2720 break;
2721
2722 default:
2723 break;
2724 }
2725
2726 return true;
2727 }
2728
2729
2730 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2731 {
2732 SCSIBlockReq *r = (SCSIBlockReq *)req;
2733 r->cmd = req->cmd.buf[0];
2734 switch (r->cmd >> 5) {
2735 case 0:
2736 /* 6-byte CDB. */
2737 r->cdb1 = r->group_number = 0;
2738 break;
2739 case 1:
2740 /* 10-byte CDB. */
2741 r->cdb1 = req->cmd.buf[1];
2742 r->group_number = req->cmd.buf[6];
2743 break;
2744 case 4:
2745 /* 12-byte CDB. */
2746 r->cdb1 = req->cmd.buf[1];
2747 r->group_number = req->cmd.buf[10];
2748 break;
2749 case 5:
2750 /* 16-byte CDB. */
2751 r->cdb1 = req->cmd.buf[1];
2752 r->group_number = req->cmd.buf[14];
2753 break;
2754 default:
2755 abort();
2756 }
2757
2758 if (r->cdb1 & 0xe0) {
2759 /* Protection information is not supported. */
2760 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2761 return 0;
2762 }
2763
2764 r->req.status = &r->io_header.status;
2765 return scsi_disk_dma_command(req, buf);
2766 }
2767
2768 static const SCSIReqOps scsi_block_dma_reqops = {
2769 .size = sizeof(SCSIBlockReq),
2770 .free_req = scsi_free_request,
2771 .send_command = scsi_block_dma_command,
2772 .read_data = scsi_read_data,
2773 .write_data = scsi_write_data,
2774 .get_buf = scsi_get_buf,
2775 .load_request = scsi_disk_load_request,
2776 .save_request = scsi_disk_save_request,
2777 };
2778
2779 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2780 uint32_t lun, uint8_t *buf,
2781 void *hba_private)
2782 {
2783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2784
2785 if (scsi_block_is_passthrough(s, buf)) {
2786 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2787 hba_private);
2788 } else {
2789 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2790 hba_private);
2791 }
2792 }
2793
2794 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2795 uint8_t *buf, void *hba_private)
2796 {
2797 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2798
2799 if (scsi_block_is_passthrough(s, buf)) {
2800 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2801 } else {
2802 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2803 }
2804 }
2805
2806 #endif
2807
2808 static
2809 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2810 BlockCompletionFunc *cb, void *cb_opaque,
2811 void *opaque)
2812 {
2813 SCSIDiskReq *r = opaque;
2814 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2815 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2816 }
2817
2818 static
2819 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2820 BlockCompletionFunc *cb, void *cb_opaque,
2821 void *opaque)
2822 {
2823 SCSIDiskReq *r = opaque;
2824 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2825 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2826 }
2827
2828 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2829 {
2830 DeviceClass *dc = DEVICE_CLASS(klass);
2831 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2832
2833 dc->fw_name = "disk";
2834 dc->reset = scsi_disk_reset;
2835 sdc->dma_readv = scsi_dma_readv;
2836 sdc->dma_writev = scsi_dma_writev;
2837 sdc->need_fua_emulation = scsi_is_cmd_fua;
2838 }
2839
2840 static const TypeInfo scsi_disk_base_info = {
2841 .name = TYPE_SCSI_DISK_BASE,
2842 .parent = TYPE_SCSI_DEVICE,
2843 .class_init = scsi_disk_base_class_initfn,
2844 .instance_size = sizeof(SCSIDiskState),
2845 .class_size = sizeof(SCSIDiskClass),
2846 .abstract = true,
2847 };
2848
2849 #define DEFINE_SCSI_DISK_PROPERTIES() \
2850 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2851 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2852 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2853 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2854 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2855 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2856
2857 static Property scsi_hd_properties[] = {
2858 DEFINE_SCSI_DISK_PROPERTIES(),
2859 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2860 SCSI_DISK_F_REMOVABLE, false),
2861 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2862 SCSI_DISK_F_DPOFUA, false),
2863 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2864 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2865 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2866 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2867 DEFAULT_MAX_UNMAP_SIZE),
2868 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2869 DEFAULT_MAX_IO_SIZE),
2870 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2871 DEFINE_PROP_END_OF_LIST(),
2872 };
2873
2874 static const VMStateDescription vmstate_scsi_disk_state = {
2875 .name = "scsi-disk",
2876 .version_id = 1,
2877 .minimum_version_id = 1,
2878 .fields = (VMStateField[]) {
2879 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2880 VMSTATE_BOOL(media_changed, SCSIDiskState),
2881 VMSTATE_BOOL(media_event, SCSIDiskState),
2882 VMSTATE_BOOL(eject_request, SCSIDiskState),
2883 VMSTATE_BOOL(tray_open, SCSIDiskState),
2884 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2885 VMSTATE_END_OF_LIST()
2886 }
2887 };
2888
2889 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2890 {
2891 DeviceClass *dc = DEVICE_CLASS(klass);
2892 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2893
2894 sc->realize = scsi_hd_realize;
2895 sc->alloc_req = scsi_new_request;
2896 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2897 dc->desc = "virtual SCSI disk";
2898 dc->props = scsi_hd_properties;
2899 dc->vmsd = &vmstate_scsi_disk_state;
2900 }
2901
2902 static const TypeInfo scsi_hd_info = {
2903 .name = "scsi-hd",
2904 .parent = TYPE_SCSI_DISK_BASE,
2905 .class_init = scsi_hd_class_initfn,
2906 };
2907
2908 static Property scsi_cd_properties[] = {
2909 DEFINE_SCSI_DISK_PROPERTIES(),
2910 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2911 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2912 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2913 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2914 DEFAULT_MAX_IO_SIZE),
2915 DEFINE_PROP_END_OF_LIST(),
2916 };
2917
2918 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2919 {
2920 DeviceClass *dc = DEVICE_CLASS(klass);
2921 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2922
2923 sc->realize = scsi_cd_realize;
2924 sc->alloc_req = scsi_new_request;
2925 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2926 dc->desc = "virtual SCSI CD-ROM";
2927 dc->props = scsi_cd_properties;
2928 dc->vmsd = &vmstate_scsi_disk_state;
2929 }
2930
2931 static const TypeInfo scsi_cd_info = {
2932 .name = "scsi-cd",
2933 .parent = TYPE_SCSI_DISK_BASE,
2934 .class_init = scsi_cd_class_initfn,
2935 };
2936
2937 #ifdef __linux__
2938 static Property scsi_block_properties[] = {
2939 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2940 DEFINE_PROP_END_OF_LIST(),
2941 };
2942
2943 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2944 {
2945 DeviceClass *dc = DEVICE_CLASS(klass);
2946 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2947 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2948
2949 sc->realize = scsi_block_realize;
2950 sc->alloc_req = scsi_block_new_request;
2951 sc->parse_cdb = scsi_block_parse_cdb;
2952 sdc->dma_readv = scsi_block_dma_readv;
2953 sdc->dma_writev = scsi_block_dma_writev;
2954 sdc->need_fua_emulation = scsi_block_no_fua;
2955 dc->desc = "SCSI block device passthrough";
2956 dc->props = scsi_block_properties;
2957 dc->vmsd = &vmstate_scsi_disk_state;
2958 }
2959
2960 static const TypeInfo scsi_block_info = {
2961 .name = "scsi-block",
2962 .parent = TYPE_SCSI_DISK_BASE,
2963 .class_init = scsi_block_class_initfn,
2964 };
2965 #endif
2966
2967 static Property scsi_disk_properties[] = {
2968 DEFINE_SCSI_DISK_PROPERTIES(),
2969 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2970 SCSI_DISK_F_REMOVABLE, false),
2971 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2972 SCSI_DISK_F_DPOFUA, false),
2973 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2974 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2975 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2976 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2977 DEFAULT_MAX_UNMAP_SIZE),
2978 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2979 DEFAULT_MAX_IO_SIZE),
2980 DEFINE_PROP_END_OF_LIST(),
2981 };
2982
2983 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2984 {
2985 DeviceClass *dc = DEVICE_CLASS(klass);
2986 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2987
2988 sc->realize = scsi_disk_realize;
2989 sc->alloc_req = scsi_new_request;
2990 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2991 dc->fw_name = "disk";
2992 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2993 dc->reset = scsi_disk_reset;
2994 dc->props = scsi_disk_properties;
2995 dc->vmsd = &vmstate_scsi_disk_state;
2996 }
2997
2998 static const TypeInfo scsi_disk_info = {
2999 .name = "scsi-disk",
3000 .parent = TYPE_SCSI_DISK_BASE,
3001 .class_init = scsi_disk_class_initfn,
3002 };
3003
3004 static void scsi_disk_register_types(void)
3005 {
3006 type_register_static(&scsi_disk_base_info);
3007 type_register_static(&scsi_hd_info);
3008 type_register_static(&scsi_cd_info);
3009 #ifdef __linux__
3010 type_register_static(&scsi_block_info);
3011 #endif
3012 type_register_static(&scsi_disk_info);
3013 }
3014
3015 type_init(scsi_disk_register_types)
Mirror of https://git.qemu.org/git/qemu.git