search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hd-geometry: Move disk geometry guessing back from block.c
[qemu/agraf.git] / hw / scsi-disk.c
blob5339c2ef9dc9cb70fda1f8adaa7ac1de9b109ddf
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 bool tray_open;
76 bool tray_locked;
77 };
78
79 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
80
81 static void scsi_free_request(SCSIRequest *req)
82 {
83 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
84
85 if (r->iov.iov_base) {
86 qemu_vfree(r->iov.iov_base);
87 }
88 }
89
90 /* Helper function for command completion with sense. */
91 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
92 {
93 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
94 r->req.tag, sense.key, sense.asc, sense.ascq);
95 scsi_req_build_sense(&r->req, sense);
96 scsi_req_complete(&r->req, CHECK_CONDITION);
97 }
98
99 /* Cancel a pending data transfer. */
100 static void scsi_cancel_io(SCSIRequest *req)
101 {
102 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
103
104 DPRINTF("Cancel tag=0x%x\n", req->tag);
105 if (r->req.aiocb) {
106 bdrv_aio_cancel(r->req.aiocb);
107
108 /* This reference was left in by scsi_*_data. We take ownership of
109 * it the moment scsi_req_cancel is called, independent of whether
110 * bdrv_aio_cancel completes the request or not. */
111 scsi_req_unref(&r->req);
112 }
113 r->req.aiocb = NULL;
114 }
115
116 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
117 {
118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119
120 if (!r->iov.iov_base) {
121 r->buflen = size;
122 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
123 }
124 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
125 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
126 return r->qiov.size / 512;
127 }
128
129 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
130 {
131 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
132
133 qemu_put_be64s(f, &r->sector);
134 qemu_put_be32s(f, &r->sector_count);
135 qemu_put_be32s(f, &r->buflen);
136 if (r->buflen) {
137 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 } else if (!req->retry) {
140 uint32_t len = r->iov.iov_len;
141 qemu_put_be32s(f, &len);
142 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
143 }
144 }
145 }
146
147 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
148 {
149 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
150
151 qemu_get_be64s(f, &r->sector);
152 qemu_get_be32s(f, &r->sector_count);
153 qemu_get_be32s(f, &r->buflen);
154 if (r->buflen) {
155 scsi_init_iovec(r, r->buflen);
156 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 } else if (!r->req.retry) {
159 uint32_t len;
160 qemu_get_be32s(f, &len);
161 r->iov.iov_len = len;
162 assert(r->iov.iov_len <= r->buflen);
163 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
164 }
165 }
166
167 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
168 }
169
170 static void scsi_flush_complete(void * opaque, int ret)
171 {
172 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
173 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
174
175 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
176
177 if (ret < 0) {
178 if (scsi_handle_rw_error(r, -ret)) {
179 goto done;
180 }
181 }
182
183 scsi_req_complete(&r->req, GOOD);
184
185 done:
186 if (!r->req.io_canceled) {
187 scsi_req_unref(&r->req);
188 }
189 }
190
191 static bool scsi_is_cmd_fua(SCSICommand *cmd)
192 {
193 switch (cmd->buf[0]) {
194 case READ_10:
195 case READ_12:
196 case READ_16:
197 case WRITE_10:
198 case WRITE_12:
199 case WRITE_16:
200 return (cmd->buf[1] & 8) != 0;
201
202 case VERIFY_10:
203 case VERIFY_12:
204 case VERIFY_16:
205 case WRITE_VERIFY_10:
206 case WRITE_VERIFY_12:
207 case WRITE_VERIFY_16:
208 return true;
209
210 case READ_6:
211 case WRITE_6:
212 default:
213 return false;
214 }
215 }
216
217 static void scsi_write_do_fua(SCSIDiskReq *r)
218 {
219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
220
221 if (scsi_is_cmd_fua(&r->req.cmd)) {
222 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
223 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
224 return;
225 }
226
227 scsi_req_complete(&r->req, GOOD);
228 if (!r->req.io_canceled) {
229 scsi_req_unref(&r->req);
230 }
231 }
232
233 static void scsi_dma_complete(void *opaque, int ret)
234 {
235 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
236 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
237
238 if (r->req.aiocb != NULL) {
239 r->req.aiocb = NULL;
240 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
241 }
242
243 if (ret < 0) {
244 if (scsi_handle_rw_error(r, -ret)) {
245 goto done;
246 }
247 }
248
249 r->sector += r->sector_count;
250 r->sector_count = 0;
251 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
252 scsi_write_do_fua(r);
253 return;
254 } else {
255 scsi_req_complete(&r->req, GOOD);
256 }
257
258 done:
259 if (!r->req.io_canceled) {
260 scsi_req_unref(&r->req);
261 }
262 }
263
264 static void scsi_read_complete(void * opaque, int ret)
265 {
266 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
267 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
268 int n;
269
270 if (r->req.aiocb != NULL) {
271 r->req.aiocb = NULL;
272 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
273 }
274
275 if (ret < 0) {
276 if (scsi_handle_rw_error(r, -ret)) {
277 goto done;
278 }
279 }
280
281 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
282
283 n = r->qiov.size / 512;
284 r->sector += n;
285 r->sector_count -= n;
286 scsi_req_data(&r->req, r->qiov.size);
287
288 done:
289 if (!r->req.io_canceled) {
290 scsi_req_unref(&r->req);
291 }
292 }
293
294 /* Actually issue a read to the block device. */
295 static void scsi_do_read(void *opaque, int ret)
296 {
297 SCSIDiskReq *r = opaque;
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
299 uint32_t n;
300
301 if (r->req.aiocb != NULL) {
302 r->req.aiocb = NULL;
303 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
304 }
305
306 if (ret < 0) {
307 if (scsi_handle_rw_error(r, -ret)) {
308 goto done;
309 }
310 }
311
312 if (r->req.io_canceled) {
313 return;
314 }
315
316 /* The request is used as the AIO opaque value, so add a ref. */
317 scsi_req_ref(&r->req);
318
319 if (r->req.sg) {
320 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
321 r->req.resid -= r->req.sg->size;
322 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
323 scsi_dma_complete, r);
324 } else {
325 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
326 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
327 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
328 scsi_read_complete, r);
329 }
330
331 done:
332 if (!r->req.io_canceled) {
333 scsi_req_unref(&r->req);
334 }
335 }
336
337 /* Read more data from scsi device into buffer. */
338 static void scsi_read_data(SCSIRequest *req)
339 {
340 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
341 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
342 bool first;
343
344 if (r->sector_count == (uint32_t)-1) {
345 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
346 r->sector_count = 0;
347 r->started = true;
348 scsi_req_data(&r->req, r->iov.iov_len);
349 return;
350 }
351 DPRINTF("Read sector_count=%d\n", r->sector_count);
352 if (r->sector_count == 0) {
353 /* This also clears the sense buffer for REQUEST SENSE. */
354 scsi_req_complete(&r->req, GOOD);
355 return;
356 }
357
358 /* No data transfer may already be in progress */
359 assert(r->req.aiocb == NULL);
360
361 /* The request is used as the AIO opaque value, so add a ref. */
362 scsi_req_ref(&r->req);
363 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
364 DPRINTF("Data transfer direction invalid\n");
365 scsi_read_complete(r, -EINVAL);
366 return;
367 }
368
369 if (s->tray_open) {
370 scsi_read_complete(r, -ENOMEDIUM);
371 return;
372 }
373
374 first = !r->started;
375 r->started = true;
376 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
377 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
378 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
379 } else {
380 scsi_do_read(r, 0);
381 }
382 }
383
384 /*
385 * scsi_handle_rw_error has two return values. 0 means that the error
386 * must be ignored, 1 means that the error has been processed and the
387 * caller should not do anything else for this request. Note that
388 * scsi_handle_rw_error always manages its reference counts, independent
389 * of the return value.
390 */
391 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
392 {
393 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
396
397 if (action == BLOCK_ERR_IGNORE) {
398 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
399 return 0;
400 }
401
402 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
403 || action == BLOCK_ERR_STOP_ANY) {
404
405 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
406 vm_stop(RUN_STATE_IO_ERROR);
407 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
408 scsi_req_retry(&r->req);
409 } else {
410 switch (error) {
411 case ENOMEDIUM:
412 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
413 break;
414 case ENOMEM:
415 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
416 break;
417 case EINVAL:
418 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
419 break;
420 default:
421 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
422 break;
423 }
424 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
425 }
426 return 1;
427 }
428
429 static void scsi_write_complete(void * opaque, int ret)
430 {
431 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
433 uint32_t n;
434
435 if (r->req.aiocb != NULL) {
436 r->req.aiocb = NULL;
437 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
438 }
439
440 if (ret < 0) {
441 if (scsi_handle_rw_error(r, -ret)) {
442 goto done;
443 }
444 }
445
446 n = r->qiov.size / 512;
447 r->sector += n;
448 r->sector_count -= n;
449 if (r->sector_count == 0) {
450 scsi_write_do_fua(r);
451 return;
452 } else {
453 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
454 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
455 scsi_req_data(&r->req, r->qiov.size);
456 }
457
458 done:
459 if (!r->req.io_canceled) {
460 scsi_req_unref(&r->req);
461 }
462 }
463
464 static void scsi_write_data(SCSIRequest *req)
465 {
466 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
468 uint32_t n;
469
470 /* No data transfer may already be in progress */
471 assert(r->req.aiocb == NULL);
472
473 /* The request is used as the AIO opaque value, so add a ref. */
474 scsi_req_ref(&r->req);
475 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
476 DPRINTF("Data transfer direction invalid\n");
477 scsi_write_complete(r, -EINVAL);
478 return;
479 }
480
481 if (!r->req.sg && !r->qiov.size) {
482 /* Called for the first time. Ask the driver to send us more data. */
483 r->started = true;
484 scsi_write_complete(r, 0);
485 return;
486 }
487 if (s->tray_open) {
488 scsi_write_complete(r, -ENOMEDIUM);
489 return;
490 }
491
492 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
493 r->req.cmd.buf[0] == VERIFY_16) {
494 if (r->req.sg) {
495 scsi_dma_complete(r, 0);
496 } else {
497 scsi_write_complete(r, 0);
498 }
499 return;
500 }
501
502 if (r->req.sg) {
503 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
504 r->req.resid -= r->req.sg->size;
505 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
506 scsi_dma_complete, r);
507 } else {
508 n = r->qiov.size / 512;
509 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
510 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
511 scsi_write_complete, r);
512 }
513 }
514
515 /* Return a pointer to the data buffer. */
516 static uint8_t *scsi_get_buf(SCSIRequest *req)
517 {
518 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
519
520 return (uint8_t *)r->iov.iov_base;
521 }
522
523 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
524 {
525 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
526 int buflen = 0;
527 int start;
528
529 if (req->cmd.buf[1] & 0x1) {
530 /* Vital product data */
531 uint8_t page_code = req->cmd.buf[2];
532
533 outbuf[buflen++] = s->qdev.type & 0x1f;
534 outbuf[buflen++] = page_code ; // this page
535 outbuf[buflen++] = 0x00;
536 outbuf[buflen++] = 0x00;
537 start = buflen;
538
539 switch (page_code) {
540 case 0x00: /* Supported page codes, mandatory */
541 {
542 DPRINTF("Inquiry EVPD[Supported pages] "
543 "buffer size %zd\n", req->cmd.xfer);
544 outbuf[buflen++] = 0x00; // list of supported pages (this page)
545 if (s->serial) {
546 outbuf[buflen++] = 0x80; // unit serial number
547 }
548 outbuf[buflen++] = 0x83; // device identification
549 if (s->qdev.type == TYPE_DISK) {
550 outbuf[buflen++] = 0xb0; // block limits
551 outbuf[buflen++] = 0xb2; // thin provisioning
552 }
553 break;
554 }
555 case 0x80: /* Device serial number, optional */
556 {
557 int l;
558
559 if (!s->serial) {
560 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
561 return -1;
562 }
563
564 l = strlen(s->serial);
565 if (l > 20) {
566 l = 20;
567 }
568
569 DPRINTF("Inquiry EVPD[Serial number] "
570 "buffer size %zd\n", req->cmd.xfer);
571 memcpy(outbuf+buflen, s->serial, l);
572 buflen += l;
573 break;
574 }
575
576 case 0x83: /* Device identification page, mandatory */
577 {
578 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
579 int max_len = s->serial ? 20 : 255 - 8;
580 int id_len = strlen(str);
581
582 if (id_len > max_len) {
583 id_len = max_len;
584 }
585 DPRINTF("Inquiry EVPD[Device identification] "
586 "buffer size %zd\n", req->cmd.xfer);
587
588 outbuf[buflen++] = 0x2; // ASCII
589 outbuf[buflen++] = 0; // not officially assigned
590 outbuf[buflen++] = 0; // reserved
591 outbuf[buflen++] = id_len; // length of data following
592 memcpy(outbuf+buflen, str, id_len);
593 buflen += id_len;
594
595 if (s->wwn) {
596 outbuf[buflen++] = 0x1; // Binary
597 outbuf[buflen++] = 0x3; // NAA
598 outbuf[buflen++] = 0; // reserved
599 outbuf[buflen++] = 8;
600 stq_be_p(&outbuf[buflen], s->wwn);
601 buflen += 8;
602 }
603 break;
604 }
605 case 0xb0: /* block limits */
606 {
607 unsigned int unmap_sectors =
608 s->qdev.conf.discard_granularity / s->qdev.blocksize;
609 unsigned int min_io_size =
610 s->qdev.conf.min_io_size / s->qdev.blocksize;
611 unsigned int opt_io_size =
612 s->qdev.conf.opt_io_size / s->qdev.blocksize;
613
614 if (s->qdev.type == TYPE_ROM) {
615 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
616 page_code);
617 return -1;
618 }
619 /* required VPD size with unmap support */
620 buflen = 0x40;
621 memset(outbuf + 4, 0, buflen - 4);
622
623 /* optimal transfer length granularity */
624 outbuf[6] = (min_io_size >> 8) & 0xff;
625 outbuf[7] = min_io_size & 0xff;
626
627 /* optimal transfer length */
628 outbuf[12] = (opt_io_size >> 24) & 0xff;
629 outbuf[13] = (opt_io_size >> 16) & 0xff;
630 outbuf[14] = (opt_io_size >> 8) & 0xff;
631 outbuf[15] = opt_io_size & 0xff;
632
633 /* optimal unmap granularity */
634 outbuf[28] = (unmap_sectors >> 24) & 0xff;
635 outbuf[29] = (unmap_sectors >> 16) & 0xff;
636 outbuf[30] = (unmap_sectors >> 8) & 0xff;
637 outbuf[31] = unmap_sectors & 0xff;
638 break;
639 }
640 case 0xb2: /* thin provisioning */
641 {
642 buflen = 8;
643 outbuf[4] = 0;
644 outbuf[5] = 0x60; /* write_same 10/16 supported */
645 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
646 outbuf[7] = 0;
647 break;
648 }
649 default:
650 return -1;
651 }
652 /* done with EVPD */
653 assert(buflen - start <= 255);
654 outbuf[start - 1] = buflen - start;
655 return buflen;
656 }
657
658 /* Standard INQUIRY data */
659 if (req->cmd.buf[2] != 0) {
660 return -1;
661 }
662
663 /* PAGE CODE == 0 */
664 buflen = req->cmd.xfer;
665 if (buflen > SCSI_MAX_INQUIRY_LEN) {
666 buflen = SCSI_MAX_INQUIRY_LEN;
667 }
668 memset(outbuf, 0, buflen);
669
670 outbuf[0] = s->qdev.type & 0x1f;
671 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
672 if (s->qdev.type == TYPE_ROM) {
673 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
674 } else {
675 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
676 }
677 memcpy(&outbuf[8], "QEMU ", 8);
678 memset(&outbuf[32], 0, 4);
679 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
680 /*
681 * We claim conformance to SPC-3, which is required for guests
682 * to ask for modern features like READ CAPACITY(16) or the
683 * block characteristics VPD page by default. Not all of SPC-3
684 * is actually implemented, but we're good enough.
685 */
686 outbuf[2] = 5;
687 outbuf[3] = 2; /* Format 2 */
688
689 if (buflen > 36) {
690 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
691 } else {
692 /* If the allocation length of CDB is too small,
693 the additional length is not adjusted */
694 outbuf[4] = 36 - 5;
695 }
696
697 /* Sync data transfer and TCQ. */
698 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
699 return buflen;
700 }
701
702 static inline bool media_is_dvd(SCSIDiskState *s)
703 {
704 uint64_t nb_sectors;
705 if (s->qdev.type != TYPE_ROM) {
706 return false;
707 }
708 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
709 return false;
710 }
711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
712 return nb_sectors > CD_MAX_SECTORS;
713 }
714
715 static inline bool media_is_cd(SCSIDiskState *s)
716 {
717 uint64_t nb_sectors;
718 if (s->qdev.type != TYPE_ROM) {
719 return false;
720 }
721 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
722 return false;
723 }
724 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
725 return nb_sectors <= CD_MAX_SECTORS;
726 }
727
728 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
729 uint8_t *outbuf)
730 {
731 uint8_t type = r->req.cmd.buf[1] & 7;
732
733 if (s->qdev.type != TYPE_ROM) {
734 return -1;
735 }
736
737 /* Types 1/2 are only defined for Blu-Ray. */
738 if (type != 0) {
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
740 return -1;
741 }
742
743 memset(outbuf, 0, 34);
744 outbuf[1] = 32;
745 outbuf[2] = 0xe; /* last session complete, disc finalized */
746 outbuf[3] = 1; /* first track on disc */
747 outbuf[4] = 1; /* # of sessions */
748 outbuf[5] = 1; /* first track of last session */
749 outbuf[6] = 1; /* last track of last session */
750 outbuf[7] = 0x20; /* unrestricted use */
751 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
752 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
753 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
754 /* 24-31: disc bar code */
755 /* 32: disc application code */
756 /* 33: number of OPC tables */
757
758 return 34;
759 }
760
761 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
762 uint8_t *outbuf)
763 {
764 static const int rds_caps_size[5] = {
765 [0] = 2048 + 4,
766 [1] = 4 + 4,
767 [3] = 188 + 4,
768 [4] = 2048 + 4,
769 };
770
771 uint8_t media = r->req.cmd.buf[1];
772 uint8_t layer = r->req.cmd.buf[6];
773 uint8_t format = r->req.cmd.buf[7];
774 int size = -1;
775
776 if (s->qdev.type != TYPE_ROM) {
777 return -1;
778 }
779 if (media != 0) {
780 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
781 return -1;
782 }
783
784 if (format != 0xff) {
785 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
786 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
787 return -1;
788 }
789 if (media_is_cd(s)) {
790 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
791 return -1;
792 }
793 if (format >= ARRAY_SIZE(rds_caps_size)) {
794 return -1;
795 }
796 size = rds_caps_size[format];
797 memset(outbuf, 0, size);
798 }
799
800 switch (format) {
801 case 0x00: {
802 /* Physical format information */
803 uint64_t nb_sectors;
804 if (layer != 0) {
805 goto fail;
806 }
807 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
808
809 outbuf[4] = 1; /* DVD-ROM, part version 1 */
810 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
811 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
812 outbuf[7] = 0; /* default densities */
813
814 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
815 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
816 break;
817 }
818
819 case 0x01: /* DVD copyright information, all zeros */
820 break;
821
822 case 0x03: /* BCA information - invalid field for no BCA info */
823 return -1;
824
825 case 0x04: /* DVD disc manufacturing information, all zeros */
826 break;
827
828 case 0xff: { /* List capabilities */
829 int i;
830 size = 4;
831 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
832 if (!rds_caps_size[i]) {
833 continue;
834 }
835 outbuf[size] = i;
836 outbuf[size + 1] = 0x40; /* Not writable, readable */
837 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
838 size += 4;
839 }
840 break;
841 }
842
843 default:
844 return -1;
845 }
846
847 /* Size of buffer, not including 2 byte size field */
848 stw_be_p(outbuf, size - 2);
849 return size;
850
851 fail:
852 return -1;
853 }
854
855 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
856 {
857 uint8_t event_code, media_status;
858
859 media_status = 0;
860 if (s->tray_open) {
861 media_status = MS_TRAY_OPEN;
862 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
863 media_status = MS_MEDIA_PRESENT;
864 }
865
866 /* Event notification descriptor */
867 event_code = MEC_NO_CHANGE;
868 if (media_status != MS_TRAY_OPEN) {
869 if (s->media_event) {
870 event_code = MEC_NEW_MEDIA;
871 s->media_event = false;
872 } else if (s->eject_request) {
873 event_code = MEC_EJECT_REQUESTED;
874 s->eject_request = false;
875 }
876 }
877
878 outbuf[0] = event_code;
879 outbuf[1] = media_status;
880
881 /* These fields are reserved, just clear them. */
882 outbuf[2] = 0;
883 outbuf[3] = 0;
884 return 4;
885 }
886
887 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
888 uint8_t *outbuf)
889 {
890 int size;
891 uint8_t *buf = r->req.cmd.buf;
892 uint8_t notification_class_request = buf[4];
893 if (s->qdev.type != TYPE_ROM) {
894 return -1;
895 }
896 if ((buf[1] & 1) == 0) {
897 /* asynchronous */
898 return -1;
899 }
900
901 size = 4;
902 outbuf[0] = outbuf[1] = 0;
903 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
904 if (notification_class_request & (1 << GESN_MEDIA)) {
905 outbuf[2] = GESN_MEDIA;
906 size += scsi_event_status_media(s, &outbuf[size]);
907 } else {
908 outbuf[2] = 0x80;
909 }
910 stw_be_p(outbuf, size - 4);
911 return size;
912 }
913
914 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
915 {
916 int current;
917
918 if (s->qdev.type != TYPE_ROM) {
919 return -1;
920 }
921 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
922 memset(outbuf, 0, 40);
923 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
924 stw_be_p(&outbuf[6], current);
925 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
926 outbuf[10] = 0x03; /* persistent, current */
927 outbuf[11] = 8; /* two profiles */
928 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
929 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
930 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
931 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
932 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
933 stw_be_p(&outbuf[20], 1);
934 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
935 outbuf[23] = 8;
936 stl_be_p(&outbuf[24], 1); /* SCSI */
937 outbuf[28] = 1; /* DBE = 1, mandatory */
938 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
939 stw_be_p(&outbuf[32], 3);
940 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
941 outbuf[35] = 4;
942 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
943 /* TODO: Random readable, CD read, DVD read, drive serial number,
944 power management */
945 return 40;
946 }
947
948 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
949 {
950 if (s->qdev.type != TYPE_ROM) {
951 return -1;
952 }
953 memset(outbuf, 0, 8);
954 outbuf[5] = 1; /* CD-ROM */
955 return 8;
956 }
957
958 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
959 int page_control)
960 {
961 static const int mode_sense_valid[0x3f] = {
962 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
966 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
967 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
968 };
969
970 BlockDriverState *bdrv = s->qdev.conf.bs;
971 int cylinders, heads, secs;
972 uint8_t *p = *p_outbuf;
973
974 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
975 return -1;
976 }
977
978 p[0] = page;
979
980 /*
981 * If Changeable Values are requested, a mask denoting those mode parameters
982 * that are changeable shall be returned. As we currently don't support
983 * parameter changes via MODE_SELECT all bits are returned set to zero.
984 * The buffer was already menset to zero by the caller of this function.
985 */
986 switch (page) {
987 case MODE_PAGE_HD_GEOMETRY:
988 p[1] = 0x16;
989 if (page_control == 1) { /* Changeable Values */
990 break;
991 }
992 /* if a geometry hint is available, use it */
993 hd_geometry_guess(bdrv, &cylinders, &heads, &secs);
994 p[2] = (cylinders >> 16) & 0xff;
995 p[3] = (cylinders >> 8) & 0xff;
996 p[4] = cylinders & 0xff;
997 p[5] = heads & 0xff;
998 /* Write precomp start cylinder, disabled */
999 p[6] = (cylinders >> 16) & 0xff;
1000 p[7] = (cylinders >> 8) & 0xff;
1001 p[8] = cylinders & 0xff;
1002 /* Reduced current start cylinder, disabled */
1003 p[9] = (cylinders >> 16) & 0xff;
1004 p[10] = (cylinders >> 8) & 0xff;
1005 p[11] = cylinders & 0xff;
1006 /* Device step rate [ns], 200ns */
1007 p[12] = 0;
1008 p[13] = 200;
1009 /* Landing zone cylinder */
1010 p[14] = 0xff;
1011 p[15] = 0xff;
1012 p[16] = 0xff;
1013 /* Medium rotation rate [rpm], 5400 rpm */
1014 p[20] = (5400 >> 8) & 0xff;
1015 p[21] = 5400 & 0xff;
1016 break;
1017
1018 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1019 p[1] = 0x1e;
1020 if (page_control == 1) { /* Changeable Values */
1021 break;
1022 }
1023 /* Transfer rate [kbit/s], 5Mbit/s */
1024 p[2] = 5000 >> 8;
1025 p[3] = 5000 & 0xff;
1026 /* if a geometry hint is available, use it */
1027 hd_geometry_guess(bdrv, &cylinders, &heads, &secs);
1028 p[4] = heads & 0xff;
1029 p[5] = secs & 0xff;
1030 p[6] = s->qdev.blocksize >> 8;
1031 p[8] = (cylinders >> 8) & 0xff;
1032 p[9] = cylinders & 0xff;
1033 /* Write precomp start cylinder, disabled */
1034 p[10] = (cylinders >> 8) & 0xff;
1035 p[11] = cylinders & 0xff;
1036 /* Reduced current start cylinder, disabled */
1037 p[12] = (cylinders >> 8) & 0xff;
1038 p[13] = cylinders & 0xff;
1039 /* Device step rate [100us], 100us */
1040 p[14] = 0;
1041 p[15] = 1;
1042 /* Device step pulse width [us], 1us */
1043 p[16] = 1;
1044 /* Device head settle delay [100us], 100us */
1045 p[17] = 0;
1046 p[18] = 1;
1047 /* Motor on delay [0.1s], 0.1s */
1048 p[19] = 1;
1049 /* Motor off delay [0.1s], 0.1s */
1050 p[20] = 1;
1051 /* Medium rotation rate [rpm], 5400 rpm */
1052 p[28] = (5400 >> 8) & 0xff;
1053 p[29] = 5400 & 0xff;
1054 break;
1055
1056 case MODE_PAGE_CACHING:
1057 p[0] = 8;
1058 p[1] = 0x12;
1059 if (page_control == 1) { /* Changeable Values */
1060 break;
1061 }
1062 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1063 p[2] = 4; /* WCE */
1064 }
1065 break;
1066
1067 case MODE_PAGE_R_W_ERROR:
1068 p[1] = 10;
1069 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1070 if (s->qdev.type == TYPE_ROM) {
1071 p[3] = 0x20; /* Read Retry Count */
1072 }
1073 break;
1074
1075 case MODE_PAGE_AUDIO_CTL:
1076 p[1] = 14;
1077 break;
1078
1079 case MODE_PAGE_CAPABILITIES:
1080 p[1] = 0x14;
1081 if (page_control == 1) { /* Changeable Values */
1082 break;
1083 }
1084
1085 p[2] = 0x3b; /* CD-R & CD-RW read */
1086 p[3] = 0; /* Writing not supported */
1087 p[4] = 0x7f; /* Audio, composite, digital out,
1088 mode 2 form 1&2, multi session */
1089 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1090 RW corrected, C2 errors, ISRC,
1091 UPC, Bar code */
1092 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1093 /* Locking supported, jumper present, eject, tray */
1094 p[7] = 0; /* no volume & mute control, no
1095 changer */
1096 p[8] = (50 * 176) >> 8; /* 50x read speed */
1097 p[9] = (50 * 176) & 0xff;
1098 p[10] = 2 >> 8; /* Two volume levels */
1099 p[11] = 2 & 0xff;
1100 p[12] = 2048 >> 8; /* 2M buffer */
1101 p[13] = 2048 & 0xff;
1102 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1103 p[15] = (16 * 176) & 0xff;
1104 p[18] = (16 * 176) >> 8; /* 16x write speed */
1105 p[19] = (16 * 176) & 0xff;
1106 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1107 p[21] = (16 * 176) & 0xff;
1108 break;
1109
1110 default:
1111 return -1;
1112 }
1113
1114 *p_outbuf += p[1] + 2;
1115 return p[1] + 2;
1116 }
1117
1118 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1119 {
1120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1121 uint64_t nb_sectors;
1122 bool dbd;
1123 int page, buflen, ret, page_control;
1124 uint8_t *p;
1125 uint8_t dev_specific_param;
1126
1127 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1128 page = r->req.cmd.buf[2] & 0x3f;
1129 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1130 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1131 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1132 memset(outbuf, 0, r->req.cmd.xfer);
1133 p = outbuf;
1134
1135 if (s->qdev.type == TYPE_DISK) {
1136 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1137 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1138 dev_specific_param |= 0x80; /* Readonly. */
1139 }
1140 } else {
1141 /* MMC prescribes that CD/DVD drives have no block descriptors,
1142 * and defines no device-specific parameter. */
1143 dev_specific_param = 0x00;
1144 dbd = true;
1145 }
1146
1147 if (r->req.cmd.buf[0] == MODE_SENSE) {
1148 p[1] = 0; /* Default media type. */
1149 p[2] = dev_specific_param;
1150 p[3] = 0; /* Block descriptor length. */
1151 p += 4;
1152 } else { /* MODE_SENSE_10 */
1153 p[2] = 0; /* Default media type. */
1154 p[3] = dev_specific_param;
1155 p[6] = p[7] = 0; /* Block descriptor length. */
1156 p += 8;
1157 }
1158
1159 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1160 if (!dbd && nb_sectors) {
1161 if (r->req.cmd.buf[0] == MODE_SENSE) {
1162 outbuf[3] = 8; /* Block descriptor length */
1163 } else { /* MODE_SENSE_10 */
1164 outbuf[7] = 8; /* Block descriptor length */
1165 }
1166 nb_sectors /= (s->qdev.blocksize / 512);
1167 if (nb_sectors > 0xffffff) {
1168 nb_sectors = 0;
1169 }
1170 p[0] = 0; /* media density code */
1171 p[1] = (nb_sectors >> 16) & 0xff;
1172 p[2] = (nb_sectors >> 8) & 0xff;
1173 p[3] = nb_sectors & 0xff;
1174 p[4] = 0; /* reserved */
1175 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1176 p[6] = s->qdev.blocksize >> 8;
1177 p[7] = 0;
1178 p += 8;
1179 }
1180
1181 if (page_control == 3) {
1182 /* Saved Values */
1183 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1184 return -1;
1185 }
1186
1187 if (page == 0x3f) {
1188 for (page = 0; page <= 0x3e; page++) {
1189 mode_sense_page(s, page, &p, page_control);
1190 }
1191 } else {
1192 ret = mode_sense_page(s, page, &p, page_control);
1193 if (ret == -1) {
1194 return -1;
1195 }
1196 }
1197
1198 buflen = p - outbuf;
1199 /*
1200 * The mode data length field specifies the length in bytes of the
1201 * following data that is available to be transferred. The mode data
1202 * length does not include itself.
1203 */
1204 if (r->req.cmd.buf[0] == MODE_SENSE) {
1205 outbuf[0] = buflen - 1;
1206 } else { /* MODE_SENSE_10 */
1207 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1208 outbuf[1] = (buflen - 2) & 0xff;
1209 }
1210 return buflen;
1211 }
1212
1213 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1214 {
1215 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1216 int start_track, format, msf, toclen;
1217 uint64_t nb_sectors;
1218
1219 msf = req->cmd.buf[1] & 2;
1220 format = req->cmd.buf[2] & 0xf;
1221 start_track = req->cmd.buf[6];
1222 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1223 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1224 nb_sectors /= s->qdev.blocksize / 512;
1225 switch (format) {
1226 case 0:
1227 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1228 break;
1229 case 1:
1230 /* multi session : only a single session defined */
1231 toclen = 12;
1232 memset(outbuf, 0, 12);
1233 outbuf[1] = 0x0a;
1234 outbuf[2] = 0x01;
1235 outbuf[3] = 0x01;
1236 break;
1237 case 2:
1238 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1239 break;
1240 default:
1241 return -1;
1242 }
1243 return toclen;
1244 }
1245
1246 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1247 {
1248 SCSIRequest *req = &r->req;
1249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1250 bool start = req->cmd.buf[4] & 1;
1251 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1252
1253 if (s->qdev.type == TYPE_ROM && loej) {
1254 if (!start && !s->tray_open && s->tray_locked) {
1255 scsi_check_condition(r,
1256 bdrv_is_inserted(s->qdev.conf.bs)
1257 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1258 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1259 return -1;
1260 }
1261
1262 if (s->tray_open != !start) {
1263 bdrv_eject(s->qdev.conf.bs, !start);
1264 s->tray_open = !start;
1265 }
1266 }
1267 return 0;
1268 }
1269
1270 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1271 {
1272 SCSIRequest *req = &r->req;
1273 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1274 uint64_t nb_sectors;
1275 uint8_t *outbuf;
1276 int buflen = 0;
1277
1278 if (!r->iov.iov_base) {
1279 /*
1280 * FIXME: we shouldn't return anything bigger than 4k, but the code
1281 * requires the buffer to be as big as req->cmd.xfer in several
1282 * places. So, do not allow CDBs with a very large ALLOCATION
1283 * LENGTH. The real fix would be to modify scsi_read_data and
1284 * dma_buf_read, so that they return data beyond the buflen
1285 * as all zeros.
1286 */
1287 if (req->cmd.xfer > 65536) {
1288 goto illegal_request;
1289 }
1290 r->buflen = MAX(4096, req->cmd.xfer);
1291 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1292 }
1293
1294 outbuf = r->iov.iov_base;
1295 switch (req->cmd.buf[0]) {
1296 case TEST_UNIT_READY:
1297 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1298 break;
1299 case INQUIRY:
1300 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1301 if (buflen < 0) {
1302 goto illegal_request;
1303 }
1304 break;
1305 case MODE_SENSE:
1306 case MODE_SENSE_10:
1307 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1308 if (buflen < 0) {
1309 goto illegal_request;
1310 }
1311 break;
1312 case READ_TOC:
1313 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1314 if (buflen < 0) {
1315 goto illegal_request;
1316 }
1317 break;
1318 case RESERVE:
1319 if (req->cmd.buf[1] & 1) {
1320 goto illegal_request;
1321 }
1322 break;
1323 case RESERVE_10:
1324 if (req->cmd.buf[1] & 3) {
1325 goto illegal_request;
1326 }
1327 break;
1328 case RELEASE:
1329 if (req->cmd.buf[1] & 1) {
1330 goto illegal_request;
1331 }
1332 break;
1333 case RELEASE_10:
1334 if (req->cmd.buf[1] & 3) {
1335 goto illegal_request;
1336 }
1337 break;
1338 case START_STOP:
1339 if (scsi_disk_emulate_start_stop(r) < 0) {
1340 return -1;
1341 }
1342 break;
1343 case ALLOW_MEDIUM_REMOVAL:
1344 s->tray_locked = req->cmd.buf[4] & 1;
1345 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1346 break;
1347 case READ_CAPACITY_10:
1348 /* The normal LEN field for this command is zero. */
1349 memset(outbuf, 0, 8);
1350 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1351 if (!nb_sectors) {
1352 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1353 return -1;
1354 }
1355 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1356 goto illegal_request;
1357 }
1358 nb_sectors /= s->qdev.blocksize / 512;
1359 /* Returned value is the address of the last sector. */
1360 nb_sectors--;
1361 /* Remember the new size for read/write sanity checking. */
1362 s->qdev.max_lba = nb_sectors;
1363 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1364 if (nb_sectors > UINT32_MAX) {
1365 nb_sectors = UINT32_MAX;
1366 }
1367 outbuf[0] = (nb_sectors >> 24) & 0xff;
1368 outbuf[1] = (nb_sectors >> 16) & 0xff;
1369 outbuf[2] = (nb_sectors >> 8) & 0xff;
1370 outbuf[3] = nb_sectors & 0xff;
1371 outbuf[4] = 0;
1372 outbuf[5] = 0;
1373 outbuf[6] = s->qdev.blocksize >> 8;
1374 outbuf[7] = 0;
1375 buflen = 8;
1376 break;
1377 case REQUEST_SENSE:
1378 /* Just return "NO SENSE". */
1379 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1380 (req->cmd.buf[1] & 1) == 0);
1381 break;
1382 case MECHANISM_STATUS:
1383 buflen = scsi_emulate_mechanism_status(s, outbuf);
1384 if (buflen < 0) {
1385 goto illegal_request;
1386 }
1387 break;
1388 case GET_CONFIGURATION:
1389 buflen = scsi_get_configuration(s, outbuf);
1390 if (buflen < 0) {
1391 goto illegal_request;
1392 }
1393 break;
1394 case GET_EVENT_STATUS_NOTIFICATION:
1395 buflen = scsi_get_event_status_notification(s, r, outbuf);
1396 if (buflen < 0) {
1397 goto illegal_request;
1398 }
1399 break;
1400 case READ_DISC_INFORMATION:
1401 buflen = scsi_read_disc_information(s, r, outbuf);
1402 if (buflen < 0) {
1403 goto illegal_request;
1404 }
1405 break;
1406 case READ_DVD_STRUCTURE:
1407 buflen = scsi_read_dvd_structure(s, r, outbuf);
1408 if (buflen < 0) {
1409 goto illegal_request;
1410 }
1411 break;
1412 case SERVICE_ACTION_IN_16:
1413 /* Service Action In subcommands. */
1414 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1415 DPRINTF("SAI READ CAPACITY(16)\n");
1416 memset(outbuf, 0, req->cmd.xfer);
1417 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1418 if (!nb_sectors) {
1419 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1420 return -1;
1421 }
1422 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1423 goto illegal_request;
1424 }
1425 nb_sectors /= s->qdev.blocksize / 512;
1426 /* Returned value is the address of the last sector. */
1427 nb_sectors--;
1428 /* Remember the new size for read/write sanity checking. */
1429 s->qdev.max_lba = nb_sectors;
1430 outbuf[0] = (nb_sectors >> 56) & 0xff;
1431 outbuf[1] = (nb_sectors >> 48) & 0xff;
1432 outbuf[2] = (nb_sectors >> 40) & 0xff;
1433 outbuf[3] = (nb_sectors >> 32) & 0xff;
1434 outbuf[4] = (nb_sectors >> 24) & 0xff;
1435 outbuf[5] = (nb_sectors >> 16) & 0xff;
1436 outbuf[6] = (nb_sectors >> 8) & 0xff;
1437 outbuf[7] = nb_sectors & 0xff;
1438 outbuf[8] = 0;
1439 outbuf[9] = 0;
1440 outbuf[10] = s->qdev.blocksize >> 8;
1441 outbuf[11] = 0;
1442 outbuf[12] = 0;
1443 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1444
1445 /* set TPE bit if the format supports discard */
1446 if (s->qdev.conf.discard_granularity) {
1447 outbuf[14] = 0x80;
1448 }
1449
1450 /* Protection, exponent and lowest lba field left blank. */
1451 buflen = req->cmd.xfer;
1452 break;
1453 }
1454 DPRINTF("Unsupported Service Action In\n");
1455 goto illegal_request;
1456 default:
1457 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1458 return -1;
1459 }
1460 buflen = MIN(buflen, req->cmd.xfer);
1461 return buflen;
1462
1463 illegal_request:
1464 if (r->req.status == -1) {
1465 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1466 }
1467 return -1;
1468 }
1469
1470 /* Execute a scsi command. Returns the length of the data expected by the
1471 command. This will be Positive for data transfers from the device
1472 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1473 and zero if the command does not transfer any data. */
1474
1475 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1476 {
1477 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1478 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1479 int32_t len;
1480 uint8_t command;
1481 int rc;
1482
1483 command = buf[0];
1484 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1485
1486 #ifdef DEBUG_SCSI
1487 {
1488 int i;
1489 for (i = 1; i < r->req.cmd.len; i++) {
1490 printf(" 0x%02x", buf[i]);
1491 }
1492 printf("\n");
1493 }
1494 #endif
1495
1496 switch (command) {
1497 case INQUIRY:
1498 case MODE_SENSE:
1499 case MODE_SENSE_10:
1500 case RESERVE:
1501 case RESERVE_10:
1502 case RELEASE:
1503 case RELEASE_10:
1504 case START_STOP:
1505 case ALLOW_MEDIUM_REMOVAL:
1506 case GET_CONFIGURATION:
1507 case GET_EVENT_STATUS_NOTIFICATION:
1508 case MECHANISM_STATUS:
1509 case REQUEST_SENSE:
1510 break;
1511
1512 default:
1513 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1514 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1515 return 0;
1516 }
1517 break;
1518 }
1519
1520 switch (command) {
1521 case TEST_UNIT_READY:
1522 case INQUIRY:
1523 case MODE_SENSE:
1524 case MODE_SENSE_10:
1525 case RESERVE:
1526 case RESERVE_10:
1527 case RELEASE:
1528 case RELEASE_10:
1529 case START_STOP:
1530 case ALLOW_MEDIUM_REMOVAL:
1531 case READ_CAPACITY_10:
1532 case READ_TOC:
1533 case READ_DISC_INFORMATION:
1534 case READ_DVD_STRUCTURE:
1535 case GET_CONFIGURATION:
1536 case GET_EVENT_STATUS_NOTIFICATION:
1537 case MECHANISM_STATUS:
1538 case SERVICE_ACTION_IN_16:
1539 case REQUEST_SENSE:
1540 rc = scsi_disk_emulate_command(r);
1541 if (rc < 0) {
1542 return 0;
1543 }
1544
1545 r->iov.iov_len = rc;
1546 break;
1547 case SYNCHRONIZE_CACHE:
1548 /* The request is used as the AIO opaque value, so add a ref. */
1549 scsi_req_ref(&r->req);
1550 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1551 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1552 return 0;
1553 case READ_6:
1554 case READ_10:
1555 case READ_12:
1556 case READ_16:
1557 len = r->req.cmd.xfer / s->qdev.blocksize;
1558 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1559 if (r->req.cmd.lba > s->qdev.max_lba) {
1560 goto illegal_lba;
1561 }
1562 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1563 r->sector_count = len * (s->qdev.blocksize / 512);
1564 break;
1565 case VERIFY_10:
1566 case VERIFY_12:
1567 case VERIFY_16:
1568 case WRITE_6:
1569 case WRITE_10:
1570 case WRITE_12:
1571 case WRITE_16:
1572 case WRITE_VERIFY_10:
1573 case WRITE_VERIFY_12:
1574 case WRITE_VERIFY_16:
1575 len = r->req.cmd.xfer / s->qdev.blocksize;
1576 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1577 (command & 0xe) == 0xe ? "And Verify " : "",
1578 r->req.cmd.lba, len);
1579 if (r->req.cmd.lba > s->qdev.max_lba) {
1580 goto illegal_lba;
1581 }
1582 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1583 r->sector_count = len * (s->qdev.blocksize / 512);
1584 break;
1585 case MODE_SELECT:
1586 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1587 /* We don't support mode parameter changes.
1588 Allow the mode parameter header + block descriptors only. */
1589 if (r->req.cmd.xfer > 12) {
1590 goto fail;
1591 }
1592 break;
1593 case MODE_SELECT_10:
1594 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1595 /* We don't support mode parameter changes.
1596 Allow the mode parameter header + block descriptors only. */
1597 if (r->req.cmd.xfer > 16) {
1598 goto fail;
1599 }
1600 break;
1601 case SEEK_10:
1602 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1603 if (r->req.cmd.lba > s->qdev.max_lba) {
1604 goto illegal_lba;
1605 }
1606 break;
1607 case WRITE_SAME_10:
1608 len = lduw_be_p(&buf[7]);
1609 goto write_same;
1610 case WRITE_SAME_16:
1611 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1612 write_same:
1613
1614 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1615 r->req.cmd.lba, len);
1616
1617 if (r->req.cmd.lba > s->qdev.max_lba) {
1618 goto illegal_lba;
1619 }
1620
1621 /*
1622 * We only support WRITE SAME with the unmap bit set for now.
1623 */
1624 if (!(buf[1] & 0x8)) {
1625 goto fail;
1626 }
1627
1628 rc = bdrv_discard(s->qdev.conf.bs,
1629 r->req.cmd.lba * (s->qdev.blocksize / 512),
1630 len * (s->qdev.blocksize / 512));
1631 if (rc < 0) {
1632 /* XXX: better error code ?*/
1633 goto fail;
1634 }
1635
1636 break;
1637 default:
1638 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1639 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1640 return 0;
1641 fail:
1642 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1643 return 0;
1644 illegal_lba:
1645 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1646 return 0;
1647 }
1648 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1649 scsi_req_complete(&r->req, GOOD);
1650 }
1651 len = r->sector_count * 512 + r->iov.iov_len;
1652 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1653 return -len;
1654 } else {
1655 if (!r->sector_count) {
1656 r->sector_count = -1;
1657 }
1658 return len;
1659 }
1660 }
1661
1662 static void scsi_disk_reset(DeviceState *dev)
1663 {
1664 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1665 uint64_t nb_sectors;
1666
1667 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1668
1669 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1670 nb_sectors /= s->qdev.blocksize / 512;
1671 if (nb_sectors) {
1672 nb_sectors--;
1673 }
1674 s->qdev.max_lba = nb_sectors;
1675 }
1676
1677 static void scsi_destroy(SCSIDevice *dev)
1678 {
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1680
1681 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1682 blockdev_mark_auto_del(s->qdev.conf.bs);
1683 }
1684
1685 static void scsi_cd_change_media_cb(void *opaque, bool load)
1686 {
1687 SCSIDiskState *s = opaque;
1688
1689 /*
1690 * When a CD gets changed, we have to report an ejected state and
1691 * then a loaded state to guests so that they detect tray
1692 * open/close and media change events. Guests that do not use
1693 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1694 * states rely on this behavior.
1695 *
1696 * media_changed governs the state machine used for unit attention
1697 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1698 */
1699 s->media_changed = load;
1700 s->tray_open = !load;
1701 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1702 s->media_event = true;
1703 s->eject_request = false;
1704 }
1705
1706 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1707 {
1708 SCSIDiskState *s = opaque;
1709
1710 s->eject_request = true;
1711 if (force) {
1712 s->tray_locked = false;
1713 }
1714 }
1715
1716 static bool scsi_cd_is_tray_open(void *opaque)
1717 {
1718 return ((SCSIDiskState *)opaque)->tray_open;
1719 }
1720
1721 static bool scsi_cd_is_medium_locked(void *opaque)
1722 {
1723 return ((SCSIDiskState *)opaque)->tray_locked;
1724 }
1725
1726 static const BlockDevOps scsi_cd_block_ops = {
1727 .change_media_cb = scsi_cd_change_media_cb,
1728 .eject_request_cb = scsi_cd_eject_request_cb,
1729 .is_tray_open = scsi_cd_is_tray_open,
1730 .is_medium_locked = scsi_cd_is_medium_locked,
1731 };
1732
1733 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1734 {
1735 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1736 if (s->media_changed) {
1737 s->media_changed = false;
1738 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1739 }
1740 }
1741
1742 static int scsi_initfn(SCSIDevice *dev)
1743 {
1744 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1745 DriveInfo *dinfo;
1746
1747 if (!s->qdev.conf.bs) {
1748 error_report("drive property not set");
1749 return -1;
1750 }
1751
1752 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1753 !bdrv_is_inserted(s->qdev.conf.bs)) {
1754 error_report("Device needs media, but drive is empty");
1755 return -1;
1756 }
1757
1758 if (!s->serial) {
1759 /* try to fall back to value set with legacy -drive serial=... */
1760 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1761 if (*dinfo->serial) {
1762 s->serial = g_strdup(dinfo->serial);
1763 }
1764 }
1765
1766 if (!s->version) {
1767 s->version = g_strdup(qemu_get_version());
1768 }
1769
1770 if (bdrv_is_sg(s->qdev.conf.bs)) {
1771 error_report("unwanted /dev/sg*");
1772 return -1;
1773 }
1774
1775 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1776 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1777 }
1778 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1779
1780 bdrv_iostatus_enable(s->qdev.conf.bs);
1781 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1782 return 0;
1783 }
1784
1785 static int scsi_hd_initfn(SCSIDevice *dev)
1786 {
1787 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1788 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1789 s->qdev.type = TYPE_DISK;
1790 return scsi_initfn(&s->qdev);
1791 }
1792
1793 static int scsi_cd_initfn(SCSIDevice *dev)
1794 {
1795 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1796 s->qdev.blocksize = 2048;
1797 s->qdev.type = TYPE_ROM;
1798 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1799 return scsi_initfn(&s->qdev);
1800 }
1801
1802 static int scsi_disk_initfn(SCSIDevice *dev)
1803 {
1804 DriveInfo *dinfo;
1805
1806 if (!dev->conf.bs) {
1807 return scsi_initfn(dev); /* ... and die there */
1808 }
1809
1810 dinfo = drive_get_by_blockdev(dev->conf.bs);
1811 if (dinfo->media_cd) {
1812 return scsi_cd_initfn(dev);
1813 } else {
1814 return scsi_hd_initfn(dev);
1815 }
1816 }
1817
1818 static const SCSIReqOps scsi_disk_reqops = {
1819 .size = sizeof(SCSIDiskReq),
1820 .free_req = scsi_free_request,
1821 .send_command = scsi_send_command,
1822 .read_data = scsi_read_data,
1823 .write_data = scsi_write_data,
1824 .cancel_io = scsi_cancel_io,
1825 .get_buf = scsi_get_buf,
1826 .load_request = scsi_disk_load_request,
1827 .save_request = scsi_disk_save_request,
1828 };
1829
1830 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1831 uint8_t *buf, void *hba_private)
1832 {
1833 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1834 SCSIRequest *req;
1835
1836 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1837 return req;
1838 }
1839
1840 #ifdef __linux__
1841 static int get_device_type(SCSIDiskState *s)
1842 {
1843 BlockDriverState *bdrv = s->qdev.conf.bs;
1844 uint8_t cmd[16];
1845 uint8_t buf[36];
1846 uint8_t sensebuf[8];
1847 sg_io_hdr_t io_header;
1848 int ret;
1849
1850 memset(cmd, 0, sizeof(cmd));
1851 memset(buf, 0, sizeof(buf));
1852 cmd[0] = INQUIRY;
1853 cmd[4] = sizeof(buf);
1854
1855 memset(&io_header, 0, sizeof(io_header));
1856 io_header.interface_id = 'S';
1857 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1858 io_header.dxfer_len = sizeof(buf);
1859 io_header.dxferp = buf;
1860 io_header.cmdp = cmd;
1861 io_header.cmd_len = sizeof(cmd);
1862 io_header.mx_sb_len = sizeof(sensebuf);
1863 io_header.sbp = sensebuf;
1864 io_header.timeout = 6000; /* XXX */
1865
1866 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1867 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1868 return -1;
1869 }
1870 s->qdev.type = buf[0];
1871 if (buf[1] & 0x80) {
1872 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1873 }
1874 return 0;
1875 }
1876
1877 static int scsi_block_initfn(SCSIDevice *dev)
1878 {
1879 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1880 int sg_version;
1881 int rc;
1882
1883 if (!s->qdev.conf.bs) {
1884 error_report("scsi-block: drive property not set");
1885 return -1;
1886 }
1887
1888 /* check we are using a driver managing SG_IO (version 3 and after) */
1889 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1890 sg_version < 30000) {
1891 error_report("scsi-block: scsi generic interface too old");
1892 return -1;
1893 }
1894
1895 /* get device type from INQUIRY data */
1896 rc = get_device_type(s);
1897 if (rc < 0) {
1898 error_report("scsi-block: INQUIRY failed");
1899 return -1;
1900 }
1901
1902 /* Make a guess for the block size, we'll fix it when the guest sends.
1903 * READ CAPACITY. If they don't, they likely would assume these sizes
1904 * anyway. (TODO: check in /sys).
1905 */
1906 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1907 s->qdev.blocksize = 2048;
1908 } else {
1909 s->qdev.blocksize = 512;
1910 }
1911 return scsi_initfn(&s->qdev);
1912 }
1913
1914 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1915 uint32_t lun, uint8_t *buf,
1916 void *hba_private)
1917 {
1918 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1919
1920 switch (buf[0]) {
1921 case READ_6:
1922 case READ_10:
1923 case READ_12:
1924 case READ_16:
1925 case VERIFY_10:
1926 case VERIFY_12:
1927 case VERIFY_16:
1928 case WRITE_6:
1929 case WRITE_10:
1930 case WRITE_12:
1931 case WRITE_16:
1932 case WRITE_VERIFY_10:
1933 case WRITE_VERIFY_12:
1934 case WRITE_VERIFY_16:
1935 /* If we are not using O_DIRECT, we might read stale data from the
1936 * host cache if writes were made using other commands than these
1937 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1938 * O_DIRECT everything must go through SG_IO.
1939 */
1940 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1941 break;
1942 }
1943
1944 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1945 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1946 * And once you do these writes, reading from the block device is
1947 * unreliable, too. It is even possible that reads deliver random data
1948 * from the host page cache (this is probably a Linux bug).
1949 *
1950 * We might use scsi_disk_reqops as long as no writing commands are
1951 * seen, but performance usually isn't paramount on optical media. So,
1952 * just make scsi-block operate the same as scsi-generic for them.
1953 */
1954 if (s->qdev.type == TYPE_ROM) {
1955 break;
1956 }
1957 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1958 hba_private);
1959 }
1960
1961 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1962 hba_private);
1963 }
1964 #endif
1965
1966 #define DEFINE_SCSI_DISK_PROPERTIES() \
1967 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1968 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1969 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1970
1971 static Property scsi_hd_properties[] = {
1972 DEFINE_SCSI_DISK_PROPERTIES(),
1973 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1974 SCSI_DISK_F_REMOVABLE, false),
1975 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1976 SCSI_DISK_F_DPOFUA, false),
1977 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1978 DEFINE_PROP_END_OF_LIST(),
1979 };
1980
1981 static const VMStateDescription vmstate_scsi_disk_state = {
1982 .name = "scsi-disk",
1983 .version_id = 1,
1984 .minimum_version_id = 1,
1985 .minimum_version_id_old = 1,
1986 .fields = (VMStateField[]) {
1987 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1988 VMSTATE_BOOL(media_changed, SCSIDiskState),
1989 VMSTATE_BOOL(media_event, SCSIDiskState),
1990 VMSTATE_BOOL(eject_request, SCSIDiskState),
1991 VMSTATE_BOOL(tray_open, SCSIDiskState),
1992 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1993 VMSTATE_END_OF_LIST()
1994 }
1995 };
1996
1997 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1998 {
1999 DeviceClass *dc = DEVICE_CLASS(klass);
2000 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2001
2002 sc->init = scsi_hd_initfn;
2003 sc->destroy = scsi_destroy;
2004 sc->alloc_req = scsi_new_request;
2005 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2006 dc->fw_name = "disk";
2007 dc->desc = "virtual SCSI disk";
2008 dc->reset = scsi_disk_reset;
2009 dc->props = scsi_hd_properties;
2010 dc->vmsd = &vmstate_scsi_disk_state;
2011 }
2012
2013 static TypeInfo scsi_hd_info = {
2014 .name = "scsi-hd",
2015 .parent = TYPE_SCSI_DEVICE,
2016 .instance_size = sizeof(SCSIDiskState),
2017 .class_init = scsi_hd_class_initfn,
2018 };
2019
2020 static Property scsi_cd_properties[] = {
2021 DEFINE_SCSI_DISK_PROPERTIES(),
2022 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2023 DEFINE_PROP_END_OF_LIST(),
2024 };
2025
2026 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2027 {
2028 DeviceClass *dc = DEVICE_CLASS(klass);
2029 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2030
2031 sc->init = scsi_cd_initfn;
2032 sc->destroy = scsi_destroy;
2033 sc->alloc_req = scsi_new_request;
2034 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2035 dc->fw_name = "disk";
2036 dc->desc = "virtual SCSI CD-ROM";
2037 dc->reset = scsi_disk_reset;
2038 dc->props = scsi_cd_properties;
2039 dc->vmsd = &vmstate_scsi_disk_state;
2040 }
2041
2042 static TypeInfo scsi_cd_info = {
2043 .name = "scsi-cd",
2044 .parent = TYPE_SCSI_DEVICE,
2045 .instance_size = sizeof(SCSIDiskState),
2046 .class_init = scsi_cd_class_initfn,
2047 };
2048
2049 #ifdef __linux__
2050 static Property scsi_block_properties[] = {
2051 DEFINE_SCSI_DISK_PROPERTIES(),
2052 DEFINE_PROP_END_OF_LIST(),
2053 };
2054
2055 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2056 {
2057 DeviceClass *dc = DEVICE_CLASS(klass);
2058 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2059
2060 sc->init = scsi_block_initfn;
2061 sc->destroy = scsi_destroy;
2062 sc->alloc_req = scsi_block_new_request;
2063 dc->fw_name = "disk";
2064 dc->desc = "SCSI block device passthrough";
2065 dc->reset = scsi_disk_reset;
2066 dc->props = scsi_block_properties;
2067 dc->vmsd = &vmstate_scsi_disk_state;
2068 }
2069
2070 static TypeInfo scsi_block_info = {
2071 .name = "scsi-block",
2072 .parent = TYPE_SCSI_DEVICE,
2073 .instance_size = sizeof(SCSIDiskState),
2074 .class_init = scsi_block_class_initfn,
2075 };
2076 #endif
2077
2078 static Property scsi_disk_properties[] = {
2079 DEFINE_SCSI_DISK_PROPERTIES(),
2080 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2081 SCSI_DISK_F_REMOVABLE, false),
2082 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2083 SCSI_DISK_F_DPOFUA, false),
2084 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2085 DEFINE_PROP_END_OF_LIST(),
2086 };
2087
2088 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2089 {
2090 DeviceClass *dc = DEVICE_CLASS(klass);
2091 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2092
2093 sc->init = scsi_disk_initfn;
2094 sc->destroy = scsi_destroy;
2095 sc->alloc_req = scsi_new_request;
2096 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2097 dc->fw_name = "disk";
2098 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2099 dc->reset = scsi_disk_reset;
2100 dc->props = scsi_disk_properties;
2101 dc->vmsd = &vmstate_scsi_disk_state;
2102 }
2103
2104 static TypeInfo scsi_disk_info = {
2105 .name = "scsi-disk",
2106 .parent = TYPE_SCSI_DEVICE,
2107 .instance_size = sizeof(SCSIDiskState),
2108 .class_init = scsi_disk_class_initfn,
2109 };
2110
2111 static void scsi_disk_register_types(void)
2112 {
2113 type_register_static(&scsi_hd_info);
2114 type_register_static(&scsi_cd_info);
2115 #ifdef __linux__
2116 type_register_static(&scsi_block_info);
2117 #endif
2118 type_register_static(&scsi_disk_info);
2119 }
2120
2121 type_init(scsi_disk_register_types)
Qemu with PowerPC KVM improvements