Update OpenBIOS images
[qemu/agraf.git] / hw / scsi-disk.c
blob28e75bbf5bc73f3a629d4176f331474f6f5271f4
1 /*
2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
22 //#define DEBUG_SCSI
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
31 #include "qemu-common.h"
32 #include "qemu/error-report.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu/sysemu.h"
36 #include "sysemu/blockdev.h"
37 #include "hw/block-common.h"
38 #include "sysemu/dma.h"
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46 #define SCSI_MAX_MODE_LEN 256
48 typedef struct SCSIDiskState SCSIDiskState;
50 typedef struct SCSIDiskReq {
51 SCSIRequest req;
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 uint32_t buflen;
56 bool started;
57 struct iovec iov;
58 QEMUIOVector qiov;
59 BlockAcctCookie acct;
60 } SCSIDiskReq;
62 #define SCSI_DISK_F_REMOVABLE 0
63 #define SCSI_DISK_F_DPOFUA 1
65 struct SCSIDiskState
67 SCSIDevice qdev;
68 uint32_t features;
69 bool media_changed;
70 bool media_event;
71 bool eject_request;
72 uint64_t wwn;
73 QEMUBH *bh;
74 char *version;
75 char *serial;
76 char *vendor;
77 char *product;
78 bool tray_open;
79 bool tray_locked;
82 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
84 static void scsi_free_request(SCSIRequest *req)
86 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
88 qemu_vfree(r->iov.iov_base);
91 /* Helper function for command completion with sense. */
92 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
94 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
95 r->req.tag, sense.key, sense.asc, sense.ascq);
96 scsi_req_build_sense(&r->req, sense);
97 scsi_req_complete(&r->req, CHECK_CONDITION);
100 /* Cancel a pending data transfer. */
101 static void scsi_cancel_io(SCSIRequest *req)
103 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105 DPRINTF("Cancel tag=0x%x\n", req->tag);
106 if (r->req.aiocb) {
107 bdrv_aio_cancel(r->req.aiocb);
109 /* This reference was left in by scsi_*_data. We take ownership of
110 * it the moment scsi_req_cancel is called, independent of whether
111 * bdrv_aio_cancel completes the request or not. */
112 scsi_req_unref(&r->req);
114 r->req.aiocb = NULL;
117 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121 if (!r->iov.iov_base) {
122 r->buflen = size;
123 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
125 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
126 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
127 return r->qiov.size / 512;
130 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
132 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
134 qemu_put_be64s(f, &r->sector);
135 qemu_put_be32s(f, &r->sector_count);
136 qemu_put_be32s(f, &r->buflen);
137 if (r->buflen) {
138 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
139 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
140 } else if (!req->retry) {
141 uint32_t len = r->iov.iov_len;
142 qemu_put_be32s(f, &len);
143 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
148 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
150 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
152 qemu_get_be64s(f, &r->sector);
153 qemu_get_be32s(f, &r->sector_count);
154 qemu_get_be32s(f, &r->buflen);
155 if (r->buflen) {
156 scsi_init_iovec(r, r->buflen);
157 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
158 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
159 } else if (!r->req.retry) {
160 uint32_t len;
161 qemu_get_be32s(f, &len);
162 r->iov.iov_len = len;
163 assert(r->iov.iov_len <= r->buflen);
164 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
168 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171 static void scsi_aio_complete(void *opaque, int ret)
173 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176 assert(r->req.aiocb != NULL);
177 r->req.aiocb = NULL;
178 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
180 if (ret < 0) {
181 if (scsi_handle_rw_error(r, -ret)) {
182 goto done;
186 scsi_req_complete(&r->req, GOOD);
188 done:
189 if (!r->req.io_canceled) {
190 scsi_req_unref(&r->req);
194 static bool scsi_is_cmd_fua(SCSICommand *cmd)
196 switch (cmd->buf[0]) {
197 case READ_10:
198 case READ_12:
199 case READ_16:
200 case WRITE_10:
201 case WRITE_12:
202 case WRITE_16:
203 return (cmd->buf[1] & 8) != 0;
205 case VERIFY_10:
206 case VERIFY_12:
207 case VERIFY_16:
208 case WRITE_VERIFY_10:
209 case WRITE_VERIFY_12:
210 case WRITE_VERIFY_16:
211 return true;
213 case READ_6:
214 case WRITE_6:
215 default:
216 return false;
220 static void scsi_write_do_fua(SCSIDiskReq *r)
222 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
224 if (scsi_is_cmd_fua(&r->req.cmd)) {
225 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
226 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
227 return;
230 scsi_req_complete(&r->req, GOOD);
231 if (!r->req.io_canceled) {
232 scsi_req_unref(&r->req);
236 static void scsi_dma_complete(void *opaque, int ret)
238 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
241 assert(r->req.aiocb != NULL);
242 r->req.aiocb = NULL;
243 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
245 if (ret < 0) {
246 if (scsi_handle_rw_error(r, -ret)) {
247 goto done;
251 r->sector += r->sector_count;
252 r->sector_count = 0;
253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
260 done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
266 static void scsi_read_complete(void * opaque, int ret)
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 int n;
272 assert(r->req.aiocb != NULL);
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
276 if (ret < 0) {
277 if (scsi_handle_rw_error(r, -ret)) {
278 goto done;
282 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
284 n = r->qiov.size / 512;
285 r->sector += n;
286 r->sector_count -= n;
287 scsi_req_data(&r->req, r->qiov.size);
289 done:
290 if (!r->req.io_canceled) {
291 scsi_req_unref(&r->req);
295 /* Actually issue a read to the block device. */
296 static void scsi_do_read(void *opaque, int ret)
298 SCSIDiskReq *r = opaque;
299 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
300 uint32_t n;
302 if (r->req.aiocb != NULL) {
303 r->req.aiocb = NULL;
304 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
307 if (ret < 0) {
308 if (scsi_handle_rw_error(r, -ret)) {
309 goto done;
313 if (r->req.io_canceled) {
314 return;
317 /* The request is used as the AIO opaque value, so add a ref. */
318 scsi_req_ref(&r->req);
320 if (r->req.sg) {
321 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
322 r->req.resid -= r->req.sg->size;
323 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
324 scsi_dma_complete, r);
325 } else {
326 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
328 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
329 scsi_read_complete, r);
332 done:
333 if (!r->req.io_canceled) {
334 scsi_req_unref(&r->req);
338 /* Read more data from scsi device into buffer. */
339 static void scsi_read_data(SCSIRequest *req)
341 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
342 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
343 bool first;
345 DPRINTF("Read sector_count=%d\n", r->sector_count);
346 if (r->sector_count == 0) {
347 /* This also clears the sense buffer for REQUEST SENSE. */
348 scsi_req_complete(&r->req, GOOD);
349 return;
352 /* No data transfer may already be in progress */
353 assert(r->req.aiocb == NULL);
355 /* The request is used as the AIO opaque value, so add a ref. */
356 scsi_req_ref(&r->req);
357 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
358 DPRINTF("Data transfer direction invalid\n");
359 scsi_read_complete(r, -EINVAL);
360 return;
363 if (s->tray_open) {
364 scsi_read_complete(r, -ENOMEDIUM);
365 return;
368 first = !r->started;
369 r->started = true;
370 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
371 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
372 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
373 } else {
374 scsi_do_read(r, 0);
379 * scsi_handle_rw_error has two return values. 0 means that the error
380 * must be ignored, 1 means that the error has been processed and the
381 * caller should not do anything else for this request. Note that
382 * scsi_handle_rw_error always manages its reference counts, independent
383 * of the return value.
385 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
387 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
388 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
389 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
391 if (action == BDRV_ACTION_REPORT) {
392 switch (error) {
393 case ENOMEDIUM:
394 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
395 break;
396 case ENOMEM:
397 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
398 break;
399 case EINVAL:
400 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
401 break;
402 default:
403 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
404 break;
407 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
408 if (action == BDRV_ACTION_STOP) {
409 scsi_req_retry(&r->req);
411 return action != BDRV_ACTION_IGNORE;
414 static void scsi_write_complete(void * opaque, int ret)
416 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
417 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
418 uint32_t n;
420 if (r->req.aiocb != NULL) {
421 r->req.aiocb = NULL;
422 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
425 if (ret < 0) {
426 if (scsi_handle_rw_error(r, -ret)) {
427 goto done;
431 n = r->qiov.size / 512;
432 r->sector += n;
433 r->sector_count -= n;
434 if (r->sector_count == 0) {
435 scsi_write_do_fua(r);
436 return;
437 } else {
438 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
439 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
440 scsi_req_data(&r->req, r->qiov.size);
443 done:
444 if (!r->req.io_canceled) {
445 scsi_req_unref(&r->req);
449 static void scsi_write_data(SCSIRequest *req)
451 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
453 uint32_t n;
455 /* No data transfer may already be in progress */
456 assert(r->req.aiocb == NULL);
458 /* The request is used as the AIO opaque value, so add a ref. */
459 scsi_req_ref(&r->req);
460 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
461 DPRINTF("Data transfer direction invalid\n");
462 scsi_write_complete(r, -EINVAL);
463 return;
466 if (!r->req.sg && !r->qiov.size) {
467 /* Called for the first time. Ask the driver to send us more data. */
468 r->started = true;
469 scsi_write_complete(r, 0);
470 return;
472 if (s->tray_open) {
473 scsi_write_complete(r, -ENOMEDIUM);
474 return;
477 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
478 r->req.cmd.buf[0] == VERIFY_16) {
479 if (r->req.sg) {
480 scsi_dma_complete(r, 0);
481 } else {
482 scsi_write_complete(r, 0);
484 return;
487 if (r->req.sg) {
488 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
489 r->req.resid -= r->req.sg->size;
490 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
491 scsi_dma_complete, r);
492 } else {
493 n = r->qiov.size / 512;
494 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
495 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
496 scsi_write_complete, r);
500 /* Return a pointer to the data buffer. */
501 static uint8_t *scsi_get_buf(SCSIRequest *req)
503 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
505 return (uint8_t *)r->iov.iov_base;
508 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
511 int buflen = 0;
512 int start;
514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
518 outbuf[buflen++] = s->qdev.type & 0x1f;
519 outbuf[buflen++] = page_code ; // this page
520 outbuf[buflen++] = 0x00;
521 outbuf[buflen++] = 0x00;
522 start = buflen;
524 switch (page_code) {
525 case 0x00: /* Supported page codes, mandatory */
527 DPRINTF("Inquiry EVPD[Supported pages] "
528 "buffer size %zd\n", req->cmd.xfer);
529 outbuf[buflen++] = 0x00; // list of supported pages (this page)
530 if (s->serial) {
531 outbuf[buflen++] = 0x80; // unit serial number
533 outbuf[buflen++] = 0x83; // device identification
534 if (s->qdev.type == TYPE_DISK) {
535 outbuf[buflen++] = 0xb0; // block limits
536 outbuf[buflen++] = 0xb2; // thin provisioning
538 break;
540 case 0x80: /* Device serial number, optional */
542 int l;
544 if (!s->serial) {
545 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
546 return -1;
549 l = strlen(s->serial);
550 if (l > 20) {
551 l = 20;
554 DPRINTF("Inquiry EVPD[Serial number] "
555 "buffer size %zd\n", req->cmd.xfer);
556 memcpy(outbuf+buflen, s->serial, l);
557 buflen += l;
558 break;
561 case 0x83: /* Device identification page, mandatory */
563 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
564 int max_len = s->serial ? 20 : 255 - 8;
565 int id_len = strlen(str);
567 if (id_len > max_len) {
568 id_len = max_len;
570 DPRINTF("Inquiry EVPD[Device identification] "
571 "buffer size %zd\n", req->cmd.xfer);
573 outbuf[buflen++] = 0x2; // ASCII
574 outbuf[buflen++] = 0; // not officially assigned
575 outbuf[buflen++] = 0; // reserved
576 outbuf[buflen++] = id_len; // length of data following
577 memcpy(outbuf+buflen, str, id_len);
578 buflen += id_len;
580 if (s->wwn) {
581 outbuf[buflen++] = 0x1; // Binary
582 outbuf[buflen++] = 0x3; // NAA
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = 8;
585 stq_be_p(&outbuf[buflen], s->wwn);
586 buflen += 8;
588 break;
590 case 0xb0: /* block limits */
592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
599 if (s->qdev.type == TYPE_ROM) {
600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
601 page_code);
602 return -1;
604 /* required VPD size with unmap support */
605 buflen = 0x40;
606 memset(outbuf + 4, 0, buflen - 4);
608 /* optimal transfer length granularity */
609 outbuf[6] = (min_io_size >> 8) & 0xff;
610 outbuf[7] = min_io_size & 0xff;
612 /* optimal transfer length */
613 outbuf[12] = (opt_io_size >> 24) & 0xff;
614 outbuf[13] = (opt_io_size >> 16) & 0xff;
615 outbuf[14] = (opt_io_size >> 8) & 0xff;
616 outbuf[15] = opt_io_size & 0xff;
618 /* optimal unmap granularity */
619 outbuf[28] = (unmap_sectors >> 24) & 0xff;
620 outbuf[29] = (unmap_sectors >> 16) & 0xff;
621 outbuf[30] = (unmap_sectors >> 8) & 0xff;
622 outbuf[31] = unmap_sectors & 0xff;
623 break;
625 case 0xb2: /* thin provisioning */
627 buflen = 8;
628 outbuf[4] = 0;
629 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
630 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
631 outbuf[7] = 0;
632 break;
634 default:
635 return -1;
637 /* done with EVPD */
638 assert(buflen - start <= 255);
639 outbuf[start - 1] = buflen - start;
640 return buflen;
643 /* Standard INQUIRY data */
644 if (req->cmd.buf[2] != 0) {
645 return -1;
648 /* PAGE CODE == 0 */
649 buflen = req->cmd.xfer;
650 if (buflen > SCSI_MAX_INQUIRY_LEN) {
651 buflen = SCSI_MAX_INQUIRY_LEN;
654 outbuf[0] = s->qdev.type & 0x1f;
655 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
657 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
658 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
660 memset(&outbuf[32], 0, 4);
661 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
663 * We claim conformance to SPC-3, which is required for guests
664 * to ask for modern features like READ CAPACITY(16) or the
665 * block characteristics VPD page by default. Not all of SPC-3
666 * is actually implemented, but we're good enough.
668 outbuf[2] = 5;
669 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
671 if (buflen > 36) {
672 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
673 } else {
674 /* If the allocation length of CDB is too small,
675 the additional length is not adjusted */
676 outbuf[4] = 36 - 5;
679 /* Sync data transfer and TCQ. */
680 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
681 return buflen;
684 static inline bool media_is_dvd(SCSIDiskState *s)
686 uint64_t nb_sectors;
687 if (s->qdev.type != TYPE_ROM) {
688 return false;
690 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
691 return false;
693 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
694 return nb_sectors > CD_MAX_SECTORS;
697 static inline bool media_is_cd(SCSIDiskState *s)
699 uint64_t nb_sectors;
700 if (s->qdev.type != TYPE_ROM) {
701 return false;
703 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
704 return false;
706 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
707 return nb_sectors <= CD_MAX_SECTORS;
710 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
711 uint8_t *outbuf)
713 uint8_t type = r->req.cmd.buf[1] & 7;
715 if (s->qdev.type != TYPE_ROM) {
716 return -1;
719 /* Types 1/2 are only defined for Blu-Ray. */
720 if (type != 0) {
721 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
722 return -1;
725 memset(outbuf, 0, 34);
726 outbuf[1] = 32;
727 outbuf[2] = 0xe; /* last session complete, disc finalized */
728 outbuf[3] = 1; /* first track on disc */
729 outbuf[4] = 1; /* # of sessions */
730 outbuf[5] = 1; /* first track of last session */
731 outbuf[6] = 1; /* last track of last session */
732 outbuf[7] = 0x20; /* unrestricted use */
733 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
734 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
735 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
736 /* 24-31: disc bar code */
737 /* 32: disc application code */
738 /* 33: number of OPC tables */
740 return 34;
743 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
744 uint8_t *outbuf)
746 static const int rds_caps_size[5] = {
747 [0] = 2048 + 4,
748 [1] = 4 + 4,
749 [3] = 188 + 4,
750 [4] = 2048 + 4,
753 uint8_t media = r->req.cmd.buf[1];
754 uint8_t layer = r->req.cmd.buf[6];
755 uint8_t format = r->req.cmd.buf[7];
756 int size = -1;
758 if (s->qdev.type != TYPE_ROM) {
759 return -1;
761 if (media != 0) {
762 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
763 return -1;
766 if (format != 0xff) {
767 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
768 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
769 return -1;
771 if (media_is_cd(s)) {
772 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
773 return -1;
775 if (format >= ARRAY_SIZE(rds_caps_size)) {
776 return -1;
778 size = rds_caps_size[format];
779 memset(outbuf, 0, size);
782 switch (format) {
783 case 0x00: {
784 /* Physical format information */
785 uint64_t nb_sectors;
786 if (layer != 0) {
787 goto fail;
789 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
791 outbuf[4] = 1; /* DVD-ROM, part version 1 */
792 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
793 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
794 outbuf[7] = 0; /* default densities */
796 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
797 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
798 break;
801 case 0x01: /* DVD copyright information, all zeros */
802 break;
804 case 0x03: /* BCA information - invalid field for no BCA info */
805 return -1;
807 case 0x04: /* DVD disc manufacturing information, all zeros */
808 break;
810 case 0xff: { /* List capabilities */
811 int i;
812 size = 4;
813 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
814 if (!rds_caps_size[i]) {
815 continue;
817 outbuf[size] = i;
818 outbuf[size + 1] = 0x40; /* Not writable, readable */
819 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
820 size += 4;
822 break;
825 default:
826 return -1;
829 /* Size of buffer, not including 2 byte size field */
830 stw_be_p(outbuf, size - 2);
831 return size;
833 fail:
834 return -1;
837 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
839 uint8_t event_code, media_status;
841 media_status = 0;
842 if (s->tray_open) {
843 media_status = MS_TRAY_OPEN;
844 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
845 media_status = MS_MEDIA_PRESENT;
848 /* Event notification descriptor */
849 event_code = MEC_NO_CHANGE;
850 if (media_status != MS_TRAY_OPEN) {
851 if (s->media_event) {
852 event_code = MEC_NEW_MEDIA;
853 s->media_event = false;
854 } else if (s->eject_request) {
855 event_code = MEC_EJECT_REQUESTED;
856 s->eject_request = false;
860 outbuf[0] = event_code;
861 outbuf[1] = media_status;
863 /* These fields are reserved, just clear them. */
864 outbuf[2] = 0;
865 outbuf[3] = 0;
866 return 4;
869 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
870 uint8_t *outbuf)
872 int size;
873 uint8_t *buf = r->req.cmd.buf;
874 uint8_t notification_class_request = buf[4];
875 if (s->qdev.type != TYPE_ROM) {
876 return -1;
878 if ((buf[1] & 1) == 0) {
879 /* asynchronous */
880 return -1;
883 size = 4;
884 outbuf[0] = outbuf[1] = 0;
885 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
886 if (notification_class_request & (1 << GESN_MEDIA)) {
887 outbuf[2] = GESN_MEDIA;
888 size += scsi_event_status_media(s, &outbuf[size]);
889 } else {
890 outbuf[2] = 0x80;
892 stw_be_p(outbuf, size - 4);
893 return size;
896 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
898 int current;
900 if (s->qdev.type != TYPE_ROM) {
901 return -1;
903 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
904 memset(outbuf, 0, 40);
905 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
906 stw_be_p(&outbuf[6], current);
907 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
908 outbuf[10] = 0x03; /* persistent, current */
909 outbuf[11] = 8; /* two profiles */
910 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
911 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
912 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
913 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
914 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
915 stw_be_p(&outbuf[20], 1);
916 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
917 outbuf[23] = 8;
918 stl_be_p(&outbuf[24], 1); /* SCSI */
919 outbuf[28] = 1; /* DBE = 1, mandatory */
920 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
921 stw_be_p(&outbuf[32], 3);
922 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
923 outbuf[35] = 4;
924 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
925 /* TODO: Random readable, CD read, DVD read, drive serial number,
926 power management */
927 return 40;
930 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
932 if (s->qdev.type != TYPE_ROM) {
933 return -1;
935 memset(outbuf, 0, 8);
936 outbuf[5] = 1; /* CD-ROM */
937 return 8;
940 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
941 int page_control)
943 static const int mode_sense_valid[0x3f] = {
944 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
945 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
946 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
947 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
948 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
949 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
952 uint8_t *p = *p_outbuf + 2;
953 int length;
955 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
956 return -1;
960 * If Changeable Values are requested, a mask denoting those mode parameters
961 * that are changeable shall be returned. As we currently don't support
962 * parameter changes via MODE_SELECT all bits are returned set to zero.
963 * The buffer was already menset to zero by the caller of this function.
965 * The offsets here are off by two compared to the descriptions in the
966 * SCSI specs, because those include a 2-byte header. This is unfortunate,
967 * but it is done so that offsets are consistent within our implementation
968 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
969 * 2-byte and 4-byte headers.
971 switch (page) {
972 case MODE_PAGE_HD_GEOMETRY:
973 length = 0x16;
974 if (page_control == 1) { /* Changeable Values */
975 break;
977 /* if a geometry hint is available, use it */
978 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
979 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
980 p[2] = s->qdev.conf.cyls & 0xff;
981 p[3] = s->qdev.conf.heads & 0xff;
982 /* Write precomp start cylinder, disabled */
983 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
984 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
985 p[6] = s->qdev.conf.cyls & 0xff;
986 /* Reduced current start cylinder, disabled */
987 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
988 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
989 p[9] = s->qdev.conf.cyls & 0xff;
990 /* Device step rate [ns], 200ns */
991 p[10] = 0;
992 p[11] = 200;
993 /* Landing zone cylinder */
994 p[12] = 0xff;
995 p[13] = 0xff;
996 p[14] = 0xff;
997 /* Medium rotation rate [rpm], 5400 rpm */
998 p[18] = (5400 >> 8) & 0xff;
999 p[19] = 5400 & 0xff;
1000 break;
1002 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1003 length = 0x1e;
1004 if (page_control == 1) { /* Changeable Values */
1005 break;
1007 /* Transfer rate [kbit/s], 5Mbit/s */
1008 p[0] = 5000 >> 8;
1009 p[1] = 5000 & 0xff;
1010 /* if a geometry hint is available, use it */
1011 p[2] = s->qdev.conf.heads & 0xff;
1012 p[3] = s->qdev.conf.secs & 0xff;
1013 p[4] = s->qdev.blocksize >> 8;
1014 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1015 p[7] = s->qdev.conf.cyls & 0xff;
1016 /* Write precomp start cylinder, disabled */
1017 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1018 p[9] = s->qdev.conf.cyls & 0xff;
1019 /* Reduced current start cylinder, disabled */
1020 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1021 p[11] = s->qdev.conf.cyls & 0xff;
1022 /* Device step rate [100us], 100us */
1023 p[12] = 0;
1024 p[13] = 1;
1025 /* Device step pulse width [us], 1us */
1026 p[14] = 1;
1027 /* Device head settle delay [100us], 100us */
1028 p[15] = 0;
1029 p[16] = 1;
1030 /* Motor on delay [0.1s], 0.1s */
1031 p[17] = 1;
1032 /* Motor off delay [0.1s], 0.1s */
1033 p[18] = 1;
1034 /* Medium rotation rate [rpm], 5400 rpm */
1035 p[26] = (5400 >> 8) & 0xff;
1036 p[27] = 5400 & 0xff;
1037 break;
1039 case MODE_PAGE_CACHING:
1040 length = 0x12;
1041 if (page_control == 1 || /* Changeable Values */
1042 bdrv_enable_write_cache(s->qdev.conf.bs)) {
1043 p[0] = 4; /* WCE */
1045 break;
1047 case MODE_PAGE_R_W_ERROR:
1048 length = 10;
1049 if (page_control == 1) { /* Changeable Values */
1050 break;
1052 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1053 if (s->qdev.type == TYPE_ROM) {
1054 p[1] = 0x20; /* Read Retry Count */
1056 break;
1058 case MODE_PAGE_AUDIO_CTL:
1059 length = 14;
1060 break;
1062 case MODE_PAGE_CAPABILITIES:
1063 length = 0x14;
1064 if (page_control == 1) { /* Changeable Values */
1065 break;
1068 p[0] = 0x3b; /* CD-R & CD-RW read */
1069 p[1] = 0; /* Writing not supported */
1070 p[2] = 0x7f; /* Audio, composite, digital out,
1071 mode 2 form 1&2, multi session */
1072 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1073 RW corrected, C2 errors, ISRC,
1074 UPC, Bar code */
1075 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1076 /* Locking supported, jumper present, eject, tray */
1077 p[5] = 0; /* no volume & mute control, no
1078 changer */
1079 p[6] = (50 * 176) >> 8; /* 50x read speed */
1080 p[7] = (50 * 176) & 0xff;
1081 p[8] = 2 >> 8; /* Two volume levels */
1082 p[9] = 2 & 0xff;
1083 p[10] = 2048 >> 8; /* 2M buffer */
1084 p[11] = 2048 & 0xff;
1085 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1086 p[13] = (16 * 176) & 0xff;
1087 p[16] = (16 * 176) >> 8; /* 16x write speed */
1088 p[17] = (16 * 176) & 0xff;
1089 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1090 p[19] = (16 * 176) & 0xff;
1091 break;
1093 default:
1094 return -1;
1097 assert(length < 256);
1098 (*p_outbuf)[0] = page;
1099 (*p_outbuf)[1] = length;
1100 *p_outbuf += length + 2;
1101 return length + 2;
1104 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1107 uint64_t nb_sectors;
1108 bool dbd;
1109 int page, buflen, ret, page_control;
1110 uint8_t *p;
1111 uint8_t dev_specific_param;
1113 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1114 page = r->req.cmd.buf[2] & 0x3f;
1115 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1116 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1117 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1118 memset(outbuf, 0, r->req.cmd.xfer);
1119 p = outbuf;
1121 if (s->qdev.type == TYPE_DISK) {
1122 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1123 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1124 dev_specific_param |= 0x80; /* Readonly. */
1126 } else {
1127 /* MMC prescribes that CD/DVD drives have no block descriptors,
1128 * and defines no device-specific parameter. */
1129 dev_specific_param = 0x00;
1130 dbd = true;
1133 if (r->req.cmd.buf[0] == MODE_SENSE) {
1134 p[1] = 0; /* Default media type. */
1135 p[2] = dev_specific_param;
1136 p[3] = 0; /* Block descriptor length. */
1137 p += 4;
1138 } else { /* MODE_SENSE_10 */
1139 p[2] = 0; /* Default media type. */
1140 p[3] = dev_specific_param;
1141 p[6] = p[7] = 0; /* Block descriptor length. */
1142 p += 8;
1145 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1146 if (!dbd && nb_sectors) {
1147 if (r->req.cmd.buf[0] == MODE_SENSE) {
1148 outbuf[3] = 8; /* Block descriptor length */
1149 } else { /* MODE_SENSE_10 */
1150 outbuf[7] = 8; /* Block descriptor length */
1152 nb_sectors /= (s->qdev.blocksize / 512);
1153 if (nb_sectors > 0xffffff) {
1154 nb_sectors = 0;
1156 p[0] = 0; /* media density code */
1157 p[1] = (nb_sectors >> 16) & 0xff;
1158 p[2] = (nb_sectors >> 8) & 0xff;
1159 p[3] = nb_sectors & 0xff;
1160 p[4] = 0; /* reserved */
1161 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1162 p[6] = s->qdev.blocksize >> 8;
1163 p[7] = 0;
1164 p += 8;
1167 if (page_control == 3) {
1168 /* Saved Values */
1169 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1170 return -1;
1173 if (page == 0x3f) {
1174 for (page = 0; page <= 0x3e; page++) {
1175 mode_sense_page(s, page, &p, page_control);
1177 } else {
1178 ret = mode_sense_page(s, page, &p, page_control);
1179 if (ret == -1) {
1180 return -1;
1184 buflen = p - outbuf;
1186 * The mode data length field specifies the length in bytes of the
1187 * following data that is available to be transferred. The mode data
1188 * length does not include itself.
1190 if (r->req.cmd.buf[0] == MODE_SENSE) {
1191 outbuf[0] = buflen - 1;
1192 } else { /* MODE_SENSE_10 */
1193 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1194 outbuf[1] = (buflen - 2) & 0xff;
1196 return buflen;
1199 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1201 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1202 int start_track, format, msf, toclen;
1203 uint64_t nb_sectors;
1205 msf = req->cmd.buf[1] & 2;
1206 format = req->cmd.buf[2] & 0xf;
1207 start_track = req->cmd.buf[6];
1208 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1209 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1210 nb_sectors /= s->qdev.blocksize / 512;
1211 switch (format) {
1212 case 0:
1213 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1214 break;
1215 case 1:
1216 /* multi session : only a single session defined */
1217 toclen = 12;
1218 memset(outbuf, 0, 12);
1219 outbuf[1] = 0x0a;
1220 outbuf[2] = 0x01;
1221 outbuf[3] = 0x01;
1222 break;
1223 case 2:
1224 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1225 break;
1226 default:
1227 return -1;
1229 return toclen;
1232 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1234 SCSIRequest *req = &r->req;
1235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1236 bool start = req->cmd.buf[4] & 1;
1237 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1238 int pwrcnd = req->cmd.buf[4] & 0xf0;
1240 if (pwrcnd) {
1241 /* eject/load only happens for power condition == 0 */
1242 return 0;
1245 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1246 if (!start && !s->tray_open && s->tray_locked) {
1247 scsi_check_condition(r,
1248 bdrv_is_inserted(s->qdev.conf.bs)
1249 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1250 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1251 return -1;
1254 if (s->tray_open != !start) {
1255 bdrv_eject(s->qdev.conf.bs, !start);
1256 s->tray_open = !start;
1259 return 0;
1262 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1264 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1265 int buflen = r->iov.iov_len;
1267 if (buflen) {
1268 DPRINTF("Read buf_len=%d\n", buflen);
1269 r->iov.iov_len = 0;
1270 r->started = true;
1271 scsi_req_data(&r->req, buflen);
1272 return;
1275 /* This also clears the sense buffer for REQUEST SENSE. */
1276 scsi_req_complete(&r->req, GOOD);
1279 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1280 uint8_t *inbuf, int inlen)
1282 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1283 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1284 uint8_t *p;
1285 int len, expected_len, changeable_len, i;
1287 /* The input buffer does not include the page header, so it is
1288 * off by 2 bytes.
1290 expected_len = inlen + 2;
1291 if (expected_len > SCSI_MAX_MODE_LEN) {
1292 return -1;
1295 p = mode_current;
1296 memset(mode_current, 0, inlen + 2);
1297 len = mode_sense_page(s, page, &p, 0);
1298 if (len < 0 || len != expected_len) {
1299 return -1;
1302 p = mode_changeable;
1303 memset(mode_changeable, 0, inlen + 2);
1304 changeable_len = mode_sense_page(s, page, &p, 1);
1305 assert(changeable_len == len);
1307 /* Check that unchangeable bits are the same as what MODE SENSE
1308 * would return.
1310 for (i = 2; i < len; i++) {
1311 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1312 return -1;
1315 return 0;
1318 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1320 switch (page) {
1321 case MODE_PAGE_CACHING:
1322 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1323 break;
1325 default:
1326 break;
1330 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1334 while (len > 0) {
1335 int page, subpage, page_len;
1337 /* Parse both possible formats for the mode page headers. */
1338 page = p[0] & 0x3f;
1339 if (p[0] & 0x40) {
1340 if (len < 4) {
1341 goto invalid_param_len;
1343 subpage = p[1];
1344 page_len = lduw_be_p(&p[2]);
1345 p += 4;
1346 len -= 4;
1347 } else {
1348 if (len < 2) {
1349 goto invalid_param_len;
1351 subpage = 0;
1352 page_len = p[1];
1353 p += 2;
1354 len -= 2;
1357 if (subpage) {
1358 goto invalid_param;
1360 if (page_len > len) {
1361 goto invalid_param_len;
1364 if (!change) {
1365 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1366 goto invalid_param;
1368 } else {
1369 scsi_disk_apply_mode_select(s, page, p);
1372 p += page_len;
1373 len -= page_len;
1375 return 0;
1377 invalid_param:
1378 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1379 return -1;
1381 invalid_param_len:
1382 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1383 return -1;
1386 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1388 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1389 uint8_t *p = inbuf;
1390 int cmd = r->req.cmd.buf[0];
1391 int len = r->req.cmd.xfer;
1392 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1393 int bd_len;
1394 int pass;
1396 /* We only support PF=1, SP=0. */
1397 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1398 goto invalid_field;
1401 if (len < hdr_len) {
1402 goto invalid_param_len;
1405 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1406 len -= hdr_len;
1407 p += hdr_len;
1408 if (len < bd_len) {
1409 goto invalid_param_len;
1411 if (bd_len != 0 && bd_len != 8) {
1412 goto invalid_param;
1415 len -= bd_len;
1416 p += bd_len;
1418 /* Ensure no change is made if there is an error! */
1419 for (pass = 0; pass < 2; pass++) {
1420 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1421 assert(pass == 0);
1422 return;
1425 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1426 /* The request is used as the AIO opaque value, so add a ref. */
1427 scsi_req_ref(&r->req);
1428 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1429 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1430 return;
1433 scsi_req_complete(&r->req, GOOD);
1434 return;
1436 invalid_param:
1437 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1438 return;
1440 invalid_param_len:
1441 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1442 return;
1444 invalid_field:
1445 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1448 static inline bool check_lba_range(SCSIDiskState *s,
1449 uint64_t sector_num, uint32_t nb_sectors)
1452 * The first line tests that no overflow happens when computing the last
1453 * sector. The second line tests that the last accessed sector is in
1454 * range.
1456 * Careful, the computations should not underflow for nb_sectors == 0,
1457 * and a 0-block read to the first LBA beyond the end of device is
1458 * valid.
1460 return (sector_num <= sector_num + nb_sectors &&
1461 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1464 typedef struct UnmapCBData {
1465 SCSIDiskReq *r;
1466 uint8_t *inbuf;
1467 int count;
1468 } UnmapCBData;
1470 static void scsi_unmap_complete(void *opaque, int ret)
1472 UnmapCBData *data = opaque;
1473 SCSIDiskReq *r = data->r;
1474 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1475 uint64_t sector_num;
1476 uint32_t nb_sectors;
1478 r->req.aiocb = NULL;
1479 if (ret < 0) {
1480 if (scsi_handle_rw_error(r, -ret)) {
1481 goto done;
1485 if (data->count > 0 && !r->req.io_canceled) {
1486 sector_num = ldq_be_p(&data->inbuf[0]);
1487 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1488 if (!check_lba_range(s, sector_num, nb_sectors)) {
1489 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1490 goto done;
1493 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1494 sector_num * (s->qdev.blocksize / 512),
1495 nb_sectors * (s->qdev.blocksize / 512),
1496 scsi_unmap_complete, data);
1497 data->count--;
1498 data->inbuf += 16;
1499 return;
1502 done:
1503 if (data->count == 0) {
1504 scsi_req_complete(&r->req, GOOD);
1506 if (!r->req.io_canceled) {
1507 scsi_req_unref(&r->req);
1509 g_free(data);
1512 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1514 uint8_t *p = inbuf;
1515 int len = r->req.cmd.xfer;
1516 UnmapCBData *data;
1518 if (len < 8) {
1519 goto invalid_param_len;
1521 if (len < lduw_be_p(&p[0]) + 2) {
1522 goto invalid_param_len;
1524 if (len < lduw_be_p(&p[2]) + 8) {
1525 goto invalid_param_len;
1527 if (lduw_be_p(&p[2]) & 15) {
1528 goto invalid_param_len;
1531 data = g_new0(UnmapCBData, 1);
1532 data->r = r;
1533 data->inbuf = &p[8];
1534 data->count = lduw_be_p(&p[2]) >> 4;
1536 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1537 scsi_req_ref(&r->req);
1538 scsi_unmap_complete(data, 0);
1539 return;
1541 invalid_param_len:
1542 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1545 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1547 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1549 if (r->iov.iov_len) {
1550 int buflen = r->iov.iov_len;
1551 DPRINTF("Write buf_len=%d\n", buflen);
1552 r->iov.iov_len = 0;
1553 scsi_req_data(&r->req, buflen);
1554 return;
1557 switch (req->cmd.buf[0]) {
1558 case MODE_SELECT:
1559 case MODE_SELECT_10:
1560 /* This also clears the sense buffer for REQUEST SENSE. */
1561 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1562 break;
1564 case UNMAP:
1565 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1566 break;
1568 default:
1569 abort();
1573 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1575 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1576 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1577 uint64_t nb_sectors;
1578 uint8_t *outbuf;
1579 int buflen;
1581 switch (req->cmd.buf[0]) {
1582 case INQUIRY:
1583 case MODE_SENSE:
1584 case MODE_SENSE_10:
1585 case RESERVE:
1586 case RESERVE_10:
1587 case RELEASE:
1588 case RELEASE_10:
1589 case START_STOP:
1590 case ALLOW_MEDIUM_REMOVAL:
1591 case GET_CONFIGURATION:
1592 case GET_EVENT_STATUS_NOTIFICATION:
1593 case MECHANISM_STATUS:
1594 case REQUEST_SENSE:
1595 break;
1597 default:
1598 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1599 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1600 return 0;
1602 break;
1606 * FIXME: we shouldn't return anything bigger than 4k, but the code
1607 * requires the buffer to be as big as req->cmd.xfer in several
1608 * places. So, do not allow CDBs with a very large ALLOCATION
1609 * LENGTH. The real fix would be to modify scsi_read_data and
1610 * dma_buf_read, so that they return data beyond the buflen
1611 * as all zeros.
1613 if (req->cmd.xfer > 65536) {
1614 goto illegal_request;
1616 r->buflen = MAX(4096, req->cmd.xfer);
1618 if (!r->iov.iov_base) {
1619 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1622 buflen = req->cmd.xfer;
1623 outbuf = r->iov.iov_base;
1624 memset(outbuf, 0, r->buflen);
1625 switch (req->cmd.buf[0]) {
1626 case TEST_UNIT_READY:
1627 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1628 break;
1629 case INQUIRY:
1630 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1631 if (buflen < 0) {
1632 goto illegal_request;
1634 break;
1635 case MODE_SENSE:
1636 case MODE_SENSE_10:
1637 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1638 if (buflen < 0) {
1639 goto illegal_request;
1641 break;
1642 case READ_TOC:
1643 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1644 if (buflen < 0) {
1645 goto illegal_request;
1647 break;
1648 case RESERVE:
1649 if (req->cmd.buf[1] & 1) {
1650 goto illegal_request;
1652 break;
1653 case RESERVE_10:
1654 if (req->cmd.buf[1] & 3) {
1655 goto illegal_request;
1657 break;
1658 case RELEASE:
1659 if (req->cmd.buf[1] & 1) {
1660 goto illegal_request;
1662 break;
1663 case RELEASE_10:
1664 if (req->cmd.buf[1] & 3) {
1665 goto illegal_request;
1667 break;
1668 case START_STOP:
1669 if (scsi_disk_emulate_start_stop(r) < 0) {
1670 return 0;
1672 break;
1673 case ALLOW_MEDIUM_REMOVAL:
1674 s->tray_locked = req->cmd.buf[4] & 1;
1675 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1676 break;
1677 case READ_CAPACITY_10:
1678 /* The normal LEN field for this command is zero. */
1679 memset(outbuf, 0, 8);
1680 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1681 if (!nb_sectors) {
1682 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1683 return 0;
1685 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1686 goto illegal_request;
1688 nb_sectors /= s->qdev.blocksize / 512;
1689 /* Returned value is the address of the last sector. */
1690 nb_sectors--;
1691 /* Remember the new size for read/write sanity checking. */
1692 s->qdev.max_lba = nb_sectors;
1693 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1694 if (nb_sectors > UINT32_MAX) {
1695 nb_sectors = UINT32_MAX;
1697 outbuf[0] = (nb_sectors >> 24) & 0xff;
1698 outbuf[1] = (nb_sectors >> 16) & 0xff;
1699 outbuf[2] = (nb_sectors >> 8) & 0xff;
1700 outbuf[3] = nb_sectors & 0xff;
1701 outbuf[4] = 0;
1702 outbuf[5] = 0;
1703 outbuf[6] = s->qdev.blocksize >> 8;
1704 outbuf[7] = 0;
1705 break;
1706 case REQUEST_SENSE:
1707 /* Just return "NO SENSE". */
1708 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1709 (req->cmd.buf[1] & 1) == 0);
1710 if (buflen < 0) {
1711 goto illegal_request;
1713 break;
1714 case MECHANISM_STATUS:
1715 buflen = scsi_emulate_mechanism_status(s, outbuf);
1716 if (buflen < 0) {
1717 goto illegal_request;
1719 break;
1720 case GET_CONFIGURATION:
1721 buflen = scsi_get_configuration(s, outbuf);
1722 if (buflen < 0) {
1723 goto illegal_request;
1725 break;
1726 case GET_EVENT_STATUS_NOTIFICATION:
1727 buflen = scsi_get_event_status_notification(s, r, outbuf);
1728 if (buflen < 0) {
1729 goto illegal_request;
1731 break;
1732 case READ_DISC_INFORMATION:
1733 buflen = scsi_read_disc_information(s, r, outbuf);
1734 if (buflen < 0) {
1735 goto illegal_request;
1737 break;
1738 case READ_DVD_STRUCTURE:
1739 buflen = scsi_read_dvd_structure(s, r, outbuf);
1740 if (buflen < 0) {
1741 goto illegal_request;
1743 break;
1744 case SERVICE_ACTION_IN_16:
1745 /* Service Action In subcommands. */
1746 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1747 DPRINTF("SAI READ CAPACITY(16)\n");
1748 memset(outbuf, 0, req->cmd.xfer);
1749 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1750 if (!nb_sectors) {
1751 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1752 return 0;
1754 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1755 goto illegal_request;
1757 nb_sectors /= s->qdev.blocksize / 512;
1758 /* Returned value is the address of the last sector. */
1759 nb_sectors--;
1760 /* Remember the new size for read/write sanity checking. */
1761 s->qdev.max_lba = nb_sectors;
1762 outbuf[0] = (nb_sectors >> 56) & 0xff;
1763 outbuf[1] = (nb_sectors >> 48) & 0xff;
1764 outbuf[2] = (nb_sectors >> 40) & 0xff;
1765 outbuf[3] = (nb_sectors >> 32) & 0xff;
1766 outbuf[4] = (nb_sectors >> 24) & 0xff;
1767 outbuf[5] = (nb_sectors >> 16) & 0xff;
1768 outbuf[6] = (nb_sectors >> 8) & 0xff;
1769 outbuf[7] = nb_sectors & 0xff;
1770 outbuf[8] = 0;
1771 outbuf[9] = 0;
1772 outbuf[10] = s->qdev.blocksize >> 8;
1773 outbuf[11] = 0;
1774 outbuf[12] = 0;
1775 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1777 /* set TPE bit if the format supports discard */
1778 if (s->qdev.conf.discard_granularity) {
1779 outbuf[14] = 0x80;
1782 /* Protection, exponent and lowest lba field left blank. */
1783 break;
1785 DPRINTF("Unsupported Service Action In\n");
1786 goto illegal_request;
1787 case SYNCHRONIZE_CACHE:
1788 /* The request is used as the AIO opaque value, so add a ref. */
1789 scsi_req_ref(&r->req);
1790 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1791 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1792 return 0;
1793 case SEEK_10:
1794 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1795 if (r->req.cmd.lba > s->qdev.max_lba) {
1796 goto illegal_lba;
1798 break;
1799 case MODE_SELECT:
1800 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1801 break;
1802 case MODE_SELECT_10:
1803 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1804 break;
1805 case UNMAP:
1806 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1807 break;
1808 case WRITE_SAME_10:
1809 case WRITE_SAME_16:
1810 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
1811 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1812 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1813 return 0;
1815 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1816 goto illegal_lba;
1820 * We only support WRITE SAME with the unmap bit set for now.
1822 if (!(req->cmd.buf[1] & 0x8)) {
1823 goto illegal_request;
1826 /* The request is used as the AIO opaque value, so add a ref. */
1827 scsi_req_ref(&r->req);
1828 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1829 r->req.cmd.lba * (s->qdev.blocksize / 512),
1830 nb_sectors * (s->qdev.blocksize / 512),
1831 scsi_aio_complete, r);
1832 return 0;
1833 default:
1834 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1835 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1836 return 0;
1838 assert(!r->req.aiocb);
1839 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
1840 if (r->iov.iov_len == 0) {
1841 scsi_req_complete(&r->req, GOOD);
1843 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1844 assert(r->iov.iov_len == req->cmd.xfer);
1845 return -r->iov.iov_len;
1846 } else {
1847 return r->iov.iov_len;
1850 illegal_request:
1851 if (r->req.status == -1) {
1852 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1854 return 0;
1856 illegal_lba:
1857 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1858 return 0;
1861 /* Execute a scsi command. Returns the length of the data expected by the
1862 command. This will be Positive for data transfers from the device
1863 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1864 and zero if the command does not transfer any data. */
1866 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
1868 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1869 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1870 uint32_t len;
1871 uint8_t command;
1873 command = buf[0];
1875 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1876 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1877 return 0;
1880 len = scsi_data_cdb_length(r->req.cmd.buf);
1881 switch (command) {
1882 case READ_6:
1883 case READ_10:
1884 case READ_12:
1885 case READ_16:
1886 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
1887 if (r->req.cmd.buf[1] & 0xe0) {
1888 goto illegal_request;
1890 if (!check_lba_range(s, r->req.cmd.lba, len)) {
1891 goto illegal_lba;
1893 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1894 r->sector_count = len * (s->qdev.blocksize / 512);
1895 break;
1896 case WRITE_6:
1897 case WRITE_10:
1898 case WRITE_12:
1899 case WRITE_16:
1900 case WRITE_VERIFY_10:
1901 case WRITE_VERIFY_12:
1902 case WRITE_VERIFY_16:
1903 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1904 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1905 return 0;
1907 /* fallthrough */
1908 case VERIFY_10:
1909 case VERIFY_12:
1910 case VERIFY_16:
1911 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
1912 (command & 0xe) == 0xe ? "And Verify " : "",
1913 r->req.cmd.lba, len);
1914 if (r->req.cmd.buf[1] & 0xe0) {
1915 goto illegal_request;
1917 if (!check_lba_range(s, r->req.cmd.lba, len)) {
1918 goto illegal_lba;
1920 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1921 r->sector_count = len * (s->qdev.blocksize / 512);
1922 break;
1923 default:
1924 abort();
1925 illegal_request:
1926 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1927 return 0;
1928 illegal_lba:
1929 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1930 return 0;
1932 if (r->sector_count == 0) {
1933 scsi_req_complete(&r->req, GOOD);
1935 assert(r->iov.iov_len == 0);
1936 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1937 return -r->sector_count * 512;
1938 } else {
1939 return r->sector_count * 512;
1943 static void scsi_disk_reset(DeviceState *dev)
1945 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1946 uint64_t nb_sectors;
1948 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1950 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1951 nb_sectors /= s->qdev.blocksize / 512;
1952 if (nb_sectors) {
1953 nb_sectors--;
1955 s->qdev.max_lba = nb_sectors;
1958 static void scsi_destroy(SCSIDevice *dev)
1960 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1962 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1963 blockdev_mark_auto_del(s->qdev.conf.bs);
1966 static void scsi_disk_resize_cb(void *opaque)
1968 SCSIDiskState *s = opaque;
1970 /* SPC lists this sense code as available only for
1971 * direct-access devices.
1973 if (s->qdev.type == TYPE_DISK) {
1974 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
1978 static void scsi_cd_change_media_cb(void *opaque, bool load)
1980 SCSIDiskState *s = opaque;
1983 * When a CD gets changed, we have to report an ejected state and
1984 * then a loaded state to guests so that they detect tray
1985 * open/close and media change events. Guests that do not use
1986 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1987 * states rely on this behavior.
1989 * media_changed governs the state machine used for unit attention
1990 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1992 s->media_changed = load;
1993 s->tray_open = !load;
1994 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
1995 s->media_event = true;
1996 s->eject_request = false;
1999 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2001 SCSIDiskState *s = opaque;
2003 s->eject_request = true;
2004 if (force) {
2005 s->tray_locked = false;
2009 static bool scsi_cd_is_tray_open(void *opaque)
2011 return ((SCSIDiskState *)opaque)->tray_open;
2014 static bool scsi_cd_is_medium_locked(void *opaque)
2016 return ((SCSIDiskState *)opaque)->tray_locked;
2019 static const BlockDevOps scsi_disk_removable_block_ops = {
2020 .change_media_cb = scsi_cd_change_media_cb,
2021 .eject_request_cb = scsi_cd_eject_request_cb,
2022 .is_tray_open = scsi_cd_is_tray_open,
2023 .is_medium_locked = scsi_cd_is_medium_locked,
2025 .resize_cb = scsi_disk_resize_cb,
2028 static const BlockDevOps scsi_disk_block_ops = {
2029 .resize_cb = scsi_disk_resize_cb,
2032 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2034 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2035 if (s->media_changed) {
2036 s->media_changed = false;
2037 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2041 static int scsi_initfn(SCSIDevice *dev)
2043 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2045 if (!s->qdev.conf.bs) {
2046 error_report("drive property not set");
2047 return -1;
2050 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2051 !bdrv_is_inserted(s->qdev.conf.bs)) {
2052 error_report("Device needs media, but drive is empty");
2053 return -1;
2056 blkconf_serial(&s->qdev.conf, &s->serial);
2057 if (dev->type == TYPE_DISK
2058 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
2059 return -1;
2062 if (!s->version) {
2063 s->version = g_strdup(qemu_get_version());
2065 if (!s->vendor) {
2066 s->vendor = g_strdup("QEMU");
2069 if (bdrv_is_sg(s->qdev.conf.bs)) {
2070 error_report("unwanted /dev/sg*");
2071 return -1;
2074 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
2075 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2076 } else {
2077 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2079 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
2081 bdrv_iostatus_enable(s->qdev.conf.bs);
2082 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
2083 return 0;
2086 static int scsi_hd_initfn(SCSIDevice *dev)
2088 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2089 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2090 s->qdev.type = TYPE_DISK;
2091 if (!s->product) {
2092 s->product = g_strdup("QEMU HARDDISK");
2094 return scsi_initfn(&s->qdev);
2097 static int scsi_cd_initfn(SCSIDevice *dev)
2099 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2100 s->qdev.blocksize = 2048;
2101 s->qdev.type = TYPE_ROM;
2102 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2103 if (!s->product) {
2104 s->product = g_strdup("QEMU CD-ROM");
2106 return scsi_initfn(&s->qdev);
2109 static int scsi_disk_initfn(SCSIDevice *dev)
2111 DriveInfo *dinfo;
2113 if (!dev->conf.bs) {
2114 return scsi_initfn(dev); /* ... and die there */
2117 dinfo = drive_get_by_blockdev(dev->conf.bs);
2118 if (dinfo->media_cd) {
2119 return scsi_cd_initfn(dev);
2120 } else {
2121 return scsi_hd_initfn(dev);
2125 static const SCSIReqOps scsi_disk_emulate_reqops = {
2126 .size = sizeof(SCSIDiskReq),
2127 .free_req = scsi_free_request,
2128 .send_command = scsi_disk_emulate_command,
2129 .read_data = scsi_disk_emulate_read_data,
2130 .write_data = scsi_disk_emulate_write_data,
2131 .get_buf = scsi_get_buf,
2134 static const SCSIReqOps scsi_disk_dma_reqops = {
2135 .size = sizeof(SCSIDiskReq),
2136 .free_req = scsi_free_request,
2137 .send_command = scsi_disk_dma_command,
2138 .read_data = scsi_read_data,
2139 .write_data = scsi_write_data,
2140 .cancel_io = scsi_cancel_io,
2141 .get_buf = scsi_get_buf,
2142 .load_request = scsi_disk_load_request,
2143 .save_request = scsi_disk_save_request,
2146 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2147 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2148 [INQUIRY] = &scsi_disk_emulate_reqops,
2149 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2150 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2151 [START_STOP] = &scsi_disk_emulate_reqops,
2152 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2153 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2154 [READ_TOC] = &scsi_disk_emulate_reqops,
2155 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2156 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2157 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2158 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2159 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2160 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2161 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2162 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2163 [SEEK_10] = &scsi_disk_emulate_reqops,
2164 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2165 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2166 [UNMAP] = &scsi_disk_emulate_reqops,
2167 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2168 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2170 [READ_6] = &scsi_disk_dma_reqops,
2171 [READ_10] = &scsi_disk_dma_reqops,
2172 [READ_12] = &scsi_disk_dma_reqops,
2173 [READ_16] = &scsi_disk_dma_reqops,
2174 [VERIFY_10] = &scsi_disk_dma_reqops,
2175 [VERIFY_12] = &scsi_disk_dma_reqops,
2176 [VERIFY_16] = &scsi_disk_dma_reqops,
2177 [WRITE_6] = &scsi_disk_dma_reqops,
2178 [WRITE_10] = &scsi_disk_dma_reqops,
2179 [WRITE_12] = &scsi_disk_dma_reqops,
2180 [WRITE_16] = &scsi_disk_dma_reqops,
2181 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2182 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2183 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2186 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2187 uint8_t *buf, void *hba_private)
2189 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2190 SCSIRequest *req;
2191 const SCSIReqOps *ops;
2192 uint8_t command;
2194 command = buf[0];
2195 ops = scsi_disk_reqops_dispatch[command];
2196 if (!ops) {
2197 ops = &scsi_disk_emulate_reqops;
2199 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2201 #ifdef DEBUG_SCSI
2202 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2204 int i;
2205 for (i = 1; i < req->cmd.len; i++) {
2206 printf(" 0x%02x", buf[i]);
2208 printf("\n");
2210 #endif
2212 return req;
2215 #ifdef __linux__
2216 static int get_device_type(SCSIDiskState *s)
2218 BlockDriverState *bdrv = s->qdev.conf.bs;
2219 uint8_t cmd[16];
2220 uint8_t buf[36];
2221 uint8_t sensebuf[8];
2222 sg_io_hdr_t io_header;
2223 int ret;
2225 memset(cmd, 0, sizeof(cmd));
2226 memset(buf, 0, sizeof(buf));
2227 cmd[0] = INQUIRY;
2228 cmd[4] = sizeof(buf);
2230 memset(&io_header, 0, sizeof(io_header));
2231 io_header.interface_id = 'S';
2232 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2233 io_header.dxfer_len = sizeof(buf);
2234 io_header.dxferp = buf;
2235 io_header.cmdp = cmd;
2236 io_header.cmd_len = sizeof(cmd);
2237 io_header.mx_sb_len = sizeof(sensebuf);
2238 io_header.sbp = sensebuf;
2239 io_header.timeout = 6000; /* XXX */
2241 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2242 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2243 return -1;
2245 s->qdev.type = buf[0];
2246 if (buf[1] & 0x80) {
2247 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2249 return 0;
2252 static int scsi_block_initfn(SCSIDevice *dev)
2254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2255 int sg_version;
2256 int rc;
2258 if (!s->qdev.conf.bs) {
2259 error_report("scsi-block: drive property not set");
2260 return -1;
2263 /* check we are using a driver managing SG_IO (version 3 and after) */
2264 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2265 sg_version < 30000) {
2266 error_report("scsi-block: scsi generic interface too old");
2267 return -1;
2270 /* get device type from INQUIRY data */
2271 rc = get_device_type(s);
2272 if (rc < 0) {
2273 error_report("scsi-block: INQUIRY failed");
2274 return -1;
2277 /* Make a guess for the block size, we'll fix it when the guest sends.
2278 * READ CAPACITY. If they don't, they likely would assume these sizes
2279 * anyway. (TODO: check in /sys).
2281 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2282 s->qdev.blocksize = 2048;
2283 } else {
2284 s->qdev.blocksize = 512;
2286 return scsi_initfn(&s->qdev);
2289 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2290 uint32_t lun, uint8_t *buf,
2291 void *hba_private)
2293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2295 switch (buf[0]) {
2296 case READ_6:
2297 case READ_10:
2298 case READ_12:
2299 case READ_16:
2300 case VERIFY_10:
2301 case VERIFY_12:
2302 case VERIFY_16:
2303 case WRITE_6:
2304 case WRITE_10:
2305 case WRITE_12:
2306 case WRITE_16:
2307 case WRITE_VERIFY_10:
2308 case WRITE_VERIFY_12:
2309 case WRITE_VERIFY_16:
2310 /* If we are not using O_DIRECT, we might read stale data from the
2311 * host cache if writes were made using other commands than these
2312 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2313 * O_DIRECT everything must go through SG_IO.
2315 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
2316 break;
2319 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2320 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2321 * And once you do these writes, reading from the block device is
2322 * unreliable, too. It is even possible that reads deliver random data
2323 * from the host page cache (this is probably a Linux bug).
2325 * We might use scsi_disk_dma_reqops as long as no writing commands are
2326 * seen, but performance usually isn't paramount on optical media. So,
2327 * just make scsi-block operate the same as scsi-generic for them.
2329 if (s->qdev.type != TYPE_ROM) {
2330 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2331 hba_private);
2335 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2336 hba_private);
2338 #endif
2340 #define DEFINE_SCSI_DISK_PROPERTIES() \
2341 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2342 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2343 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2344 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2345 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2347 static Property scsi_hd_properties[] = {
2348 DEFINE_SCSI_DISK_PROPERTIES(),
2349 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2350 SCSI_DISK_F_REMOVABLE, false),
2351 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2352 SCSI_DISK_F_DPOFUA, false),
2353 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2354 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2355 DEFINE_PROP_END_OF_LIST(),
2358 static const VMStateDescription vmstate_scsi_disk_state = {
2359 .name = "scsi-disk",
2360 .version_id = 1,
2361 .minimum_version_id = 1,
2362 .minimum_version_id_old = 1,
2363 .fields = (VMStateField[]) {
2364 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2365 VMSTATE_BOOL(media_changed, SCSIDiskState),
2366 VMSTATE_BOOL(media_event, SCSIDiskState),
2367 VMSTATE_BOOL(eject_request, SCSIDiskState),
2368 VMSTATE_BOOL(tray_open, SCSIDiskState),
2369 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2370 VMSTATE_END_OF_LIST()
2374 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2376 DeviceClass *dc = DEVICE_CLASS(klass);
2377 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2379 sc->init = scsi_hd_initfn;
2380 sc->destroy = scsi_destroy;
2381 sc->alloc_req = scsi_new_request;
2382 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2383 dc->fw_name = "disk";
2384 dc->desc = "virtual SCSI disk";
2385 dc->reset = scsi_disk_reset;
2386 dc->props = scsi_hd_properties;
2387 dc->vmsd = &vmstate_scsi_disk_state;
2390 static const TypeInfo scsi_hd_info = {
2391 .name = "scsi-hd",
2392 .parent = TYPE_SCSI_DEVICE,
2393 .instance_size = sizeof(SCSIDiskState),
2394 .class_init = scsi_hd_class_initfn,
2397 static Property scsi_cd_properties[] = {
2398 DEFINE_SCSI_DISK_PROPERTIES(),
2399 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2400 DEFINE_PROP_END_OF_LIST(),
2403 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2405 DeviceClass *dc = DEVICE_CLASS(klass);
2406 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2408 sc->init = scsi_cd_initfn;
2409 sc->destroy = scsi_destroy;
2410 sc->alloc_req = scsi_new_request;
2411 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2412 dc->fw_name = "disk";
2413 dc->desc = "virtual SCSI CD-ROM";
2414 dc->reset = scsi_disk_reset;
2415 dc->props = scsi_cd_properties;
2416 dc->vmsd = &vmstate_scsi_disk_state;
2419 static const TypeInfo scsi_cd_info = {
2420 .name = "scsi-cd",
2421 .parent = TYPE_SCSI_DEVICE,
2422 .instance_size = sizeof(SCSIDiskState),
2423 .class_init = scsi_cd_class_initfn,
2426 #ifdef __linux__
2427 static Property scsi_block_properties[] = {
2428 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2429 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
2430 DEFINE_PROP_END_OF_LIST(),
2433 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2435 DeviceClass *dc = DEVICE_CLASS(klass);
2436 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2438 sc->init = scsi_block_initfn;
2439 sc->destroy = scsi_destroy;
2440 sc->alloc_req = scsi_block_new_request;
2441 dc->fw_name = "disk";
2442 dc->desc = "SCSI block device passthrough";
2443 dc->reset = scsi_disk_reset;
2444 dc->props = scsi_block_properties;
2445 dc->vmsd = &vmstate_scsi_disk_state;
2448 static const TypeInfo scsi_block_info = {
2449 .name = "scsi-block",
2450 .parent = TYPE_SCSI_DEVICE,
2451 .instance_size = sizeof(SCSIDiskState),
2452 .class_init = scsi_block_class_initfn,
2454 #endif
2456 static Property scsi_disk_properties[] = {
2457 DEFINE_SCSI_DISK_PROPERTIES(),
2458 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2459 SCSI_DISK_F_REMOVABLE, false),
2460 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2461 SCSI_DISK_F_DPOFUA, false),
2462 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2463 DEFINE_PROP_END_OF_LIST(),
2466 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2468 DeviceClass *dc = DEVICE_CLASS(klass);
2469 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2471 sc->init = scsi_disk_initfn;
2472 sc->destroy = scsi_destroy;
2473 sc->alloc_req = scsi_new_request;
2474 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2475 dc->fw_name = "disk";
2476 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2477 dc->reset = scsi_disk_reset;
2478 dc->props = scsi_disk_properties;
2479 dc->vmsd = &vmstate_scsi_disk_state;
2482 static const TypeInfo scsi_disk_info = {
2483 .name = "scsi-disk",
2484 .parent = TYPE_SCSI_DEVICE,
2485 .instance_size = sizeof(SCSIDiskState),
2486 .class_init = scsi_disk_class_initfn,
2489 static void scsi_disk_register_types(void)
2491 type_register_static(&scsi_hd_info);
2492 type_register_static(&scsi_cd_info);
2493 #ifdef __linux__
2494 type_register_static(&scsi_block_info);
2495 #endif
2496 type_register_static(&scsi_disk_info);
2499 type_init(scsi_disk_register_types)