search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: ignore 'vlan=' if specified with 'netdev='
[qemu/markmc.git] / hw / scsi-disk.c
bloba92b62f01b76c896f2cc68417af5ab01646afb53
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
38
39 #define STATUS_GOOD 0
40 #define STATUS_CHECK_CONDITION 2
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIRequest {
50 SCSIBus *bus;
51 SCSIDiskState *dev;
52 uint32_t tag;
53 /* ??? We should probably keep track of whether the data transfer is
54 a read or a write. Currently we rely on the host getting it right. */
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 BlockDriverAIOCB *aiocb;
61 struct SCSIRequest *next;
62 uint32_t status;
63 } SCSIRequest;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 DriveInfo *dinfo;
69 SCSIRequest *requests;
70 /* The qemu block layer uses a fixed 512 byte sector size.
71 This is the number of 512 byte blocks in a single scsi sector. */
72 int cluster_size;
73 uint64_t max_lba;
74 int sense;
75 char drive_serial_str[21];
76 QEMUBH *bh;
77 };
78
79 /* Global pool of SCSIRequest structures. */
80 static SCSIRequest *free_requests = NULL;
81
82 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag)
83 {
84 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
85 SCSIRequest *r;
86
87 if (free_requests) {
88 r = free_requests;
89 free_requests = r->next;
90 } else {
91 r = qemu_malloc(sizeof(SCSIRequest));
92 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
93 }
94 r->bus = scsi_bus_from_device(d);
95 r->dev = s;
96 r->tag = tag;
97 r->sector_count = 0;
98 r->iov.iov_len = 0;
99 r->aiocb = NULL;
100 r->status = 0;
101
102 r->next = s->requests;
103 s->requests = r;
104 return r;
105 }
106
107 static void scsi_remove_request(SCSIRequest *r)
108 {
109 SCSIRequest *last;
110 SCSIDiskState *s = r->dev;
111
112 if (s->requests == r) {
113 s->requests = r->next;
114 } else {
115 last = s->requests;
116 while (last && last->next != r)
117 last = last->next;
118 if (last) {
119 last->next = r->next;
120 } else {
121 BADF("Orphaned request\n");
122 }
123 }
124 r->next = free_requests;
125 free_requests = r;
126 }
127
128 static SCSIRequest *scsi_find_request(SCSIDiskState *s, uint32_t tag)
129 {
130 SCSIRequest *r;
131
132 r = s->requests;
133 while (r && r->tag != tag)
134 r = r->next;
135
136 return r;
137 }
138
139 /* Helper function for command completion. */
140 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
141 {
142 SCSIDiskState *s = r->dev;
143 uint32_t tag;
144 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
145 s->sense = sense;
146 tag = r->tag;
147 scsi_remove_request(r);
148 r->bus->complete(r->bus, SCSI_REASON_DONE, tag, status);
149 }
150
151 /* Cancel a pending data transfer. */
152 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
153 {
154 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
155 SCSIRequest *r;
156 DPRINTF("Cancel tag=0x%x\n", tag);
157 r = scsi_find_request(s, tag);
158 if (r) {
159 if (r->aiocb)
160 bdrv_aio_cancel(r->aiocb);
161 r->aiocb = NULL;
162 scsi_remove_request(r);
163 }
164 }
165
166 static void scsi_read_complete(void * opaque, int ret)
167 {
168 SCSIRequest *r = (SCSIRequest *)opaque;
169
170 if (ret) {
171 DPRINTF("IO error\n");
172 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
174 return;
175 }
176 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->tag, r->iov.iov_len);
177
178 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
179 }
180
181 /* Read more data from scsi device into buffer. */
182 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
183 {
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
185 SCSIRequest *r;
186 uint32_t n;
187
188 r = scsi_find_request(s, tag);
189 if (!r) {
190 BADF("Bad read tag 0x%x\n", tag);
191 /* ??? This is the wrong error. */
192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
193 return;
194 }
195 if (r->sector_count == (uint32_t)-1) {
196 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
197 r->sector_count = 0;
198 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
199 return;
200 }
201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
204 return;
205 }
206
207 n = r->sector_count;
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
210
211 r->iov.iov_len = n * 512;
212 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
213 r->aiocb = bdrv_aio_readv(s->dinfo->bdrv, r->sector, &r->qiov, n,
214 scsi_read_complete, r);
215 if (r->aiocb == NULL)
216 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
217 r->sector += n;
218 r->sector_count -= n;
219 }
220
221 static int scsi_handle_write_error(SCSIRequest *r, int error)
222 {
223 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->dinfo->bdrv);
224
225 if (action == BLOCK_ERR_IGNORE)
226 return 0;
227
228 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
229 || action == BLOCK_ERR_STOP_ANY) {
230 r->status |= SCSI_REQ_STATUS_RETRY;
231 vm_stop(0);
232 } else {
233 scsi_command_complete(r, STATUS_CHECK_CONDITION,
234 SENSE_HARDWARE_ERROR);
235 }
236
237 return 1;
238 }
239
240 static void scsi_write_complete(void * opaque, int ret)
241 {
242 SCSIRequest *r = (SCSIRequest *)opaque;
243 uint32_t len;
244 uint32_t n;
245
246 r->aiocb = NULL;
247
248 if (ret) {
249 if (scsi_handle_write_error(r, -ret))
250 return;
251 }
252
253 n = r->iov.iov_len / 512;
254 r->sector += n;
255 r->sector_count -= n;
256 if (r->sector_count == 0) {
257 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
258 } else {
259 len = r->sector_count * 512;
260 if (len > SCSI_DMA_BUF_SIZE) {
261 len = SCSI_DMA_BUF_SIZE;
262 }
263 r->iov.iov_len = len;
264 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
265 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, len);
266 }
267 }
268
269 static void scsi_write_request(SCSIRequest *r)
270 {
271 SCSIDiskState *s = r->dev;
272 uint32_t n;
273
274 n = r->iov.iov_len / 512;
275 if (n) {
276 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
277 r->aiocb = bdrv_aio_writev(s->dinfo->bdrv, r->sector, &r->qiov, n,
278 scsi_write_complete, r);
279 if (r->aiocb == NULL)
280 scsi_command_complete(r, STATUS_CHECK_CONDITION,
281 SENSE_HARDWARE_ERROR);
282 } else {
283 /* Invoke completion routine to fetch data from host. */
284 scsi_write_complete(r, 0);
285 }
286 }
287
288 /* Write data to a scsi device. Returns nonzero on failure.
289 The transfer may complete asynchronously. */
290 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
291 {
292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
293 SCSIRequest *r;
294
295 DPRINTF("Write data tag=0x%x\n", tag);
296 r = scsi_find_request(s, tag);
297 if (!r) {
298 BADF("Bad write tag 0x%x\n", tag);
299 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
300 return 1;
301 }
302
303 if (r->aiocb)
304 BADF("Data transfer already in progress\n");
305
306 scsi_write_request(r);
307
308 return 0;
309 }
310
311 static void scsi_dma_restart_bh(void *opaque)
312 {
313 SCSIDiskState *s = opaque;
314 SCSIRequest *r = s->requests;
315
316 qemu_bh_delete(s->bh);
317 s->bh = NULL;
318
319 while (r) {
320 if (r->status & SCSI_REQ_STATUS_RETRY) {
321 r->status &= ~SCSI_REQ_STATUS_RETRY;
322 scsi_write_request(r);
323 }
324 r = r->next;
325 }
326 }
327
328 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
329 {
330 SCSIDiskState *s = opaque;
331
332 if (!running)
333 return;
334
335 if (!s->bh) {
336 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
337 qemu_bh_schedule(s->bh);
338 }
339 }
340
341 /* Return a pointer to the data buffer. */
342 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
343 {
344 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
345 SCSIRequest *r;
346
347 r = scsi_find_request(s, tag);
348 if (!r) {
349 BADF("Bad buffer tag 0x%x\n", tag);
350 return NULL;
351 }
352 return (uint8_t *)r->iov.iov_base;
353 }
354
355 /* Execute a scsi command. Returns the length of the data expected by the
356 command. This will be Positive for data transfers from the device
357 (eg. disk reads), negative for transfers to the device (eg. disk writes),
358 and zero if the command does not transfer any data. */
359
360 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
361 uint8_t *buf, int lun)
362 {
363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
364 uint64_t nb_sectors;
365 uint64_t lba;
366 uint32_t len;
367 int cmdlen;
368 int is_write;
369 uint8_t command;
370 uint8_t *outbuf;
371 SCSIRequest *r;
372
373 command = buf[0];
374 r = scsi_find_request(s, tag);
375 if (r) {
376 BADF("Tag 0x%x already in use\n", tag);
377 scsi_cancel_io(d, tag);
378 }
379 /* ??? Tags are not unique for different luns. We only implement a
380 single lun, so this should not matter. */
381 r = scsi_new_request(d, tag);
382 outbuf = (uint8_t *)r->iov.iov_base;
383 is_write = 0;
384 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
385 switch (command >> 5) {
386 case 0:
387 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
388 (((uint64_t) buf[1] & 0x1f) << 16);
389 len = buf[4];
390 cmdlen = 6;
391 break;
392 case 1:
393 case 2:
394 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
395 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
396 len = buf[8] | (buf[7] << 8);
397 cmdlen = 10;
398 break;
399 case 4:
400 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
401 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
402 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
403 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
404 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
405 cmdlen = 16;
406 break;
407 case 5:
408 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
409 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
410 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
411 cmdlen = 12;
412 break;
413 default:
414 BADF("Unsupported command length, command %x\n", command);
415 goto fail;
416 }
417 #ifdef DEBUG_SCSI
418 {
419 int i;
420 for (i = 1; i < cmdlen; i++) {
421 printf(" 0x%02x", buf[i]);
422 }
423 printf("\n");
424 }
425 #endif
426 if (lun || buf[1] >> 5) {
427 /* Only LUN 0 supported. */
428 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
429 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
430 goto fail;
431 }
432 switch (command) {
433 case 0x0:
434 DPRINTF("Test Unit Ready\n");
435 if (!bdrv_is_inserted(s->dinfo->bdrv))
436 goto notready;
437 break;
438 case 0x03:
439 DPRINTF("Request Sense (len %d)\n", len);
440 if (len < 4)
441 goto fail;
442 memset(outbuf, 0, 4);
443 r->iov.iov_len = 4;
444 if (s->sense == SENSE_NOT_READY && len >= 18) {
445 memset(outbuf, 0, 18);
446 r->iov.iov_len = 18;
447 outbuf[7] = 10;
448 /* asc 0x3a, ascq 0: Medium not present */
449 outbuf[12] = 0x3a;
450 outbuf[13] = 0;
451 }
452 outbuf[0] = 0xf0;
453 outbuf[1] = 0;
454 outbuf[2] = s->sense;
455 break;
456 case 0x12:
457 DPRINTF("Inquiry (len %d)\n", len);
458 if (buf[1] & 0x2) {
459 /* Command support data - optional, not implemented */
460 BADF("optional INQUIRY command support request not implemented\n");
461 goto fail;
462 }
463 else if (buf[1] & 0x1) {
464 /* Vital product data */
465 uint8_t page_code = buf[2];
466 if (len < 4) {
467 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
468 "less than 4\n", page_code, len);
469 goto fail;
470 }
471
472 switch (page_code) {
473 case 0x00:
474 {
475 /* Supported page codes, mandatory */
476 DPRINTF("Inquiry EVPD[Supported pages] "
477 "buffer size %d\n", len);
478
479 r->iov.iov_len = 0;
480
481 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
482 outbuf[r->iov.iov_len++] = 5;
483 } else {
484 outbuf[r->iov.iov_len++] = 0;
485 }
486
487 outbuf[r->iov.iov_len++] = 0x00; // this page
488 outbuf[r->iov.iov_len++] = 0x00;
489 outbuf[r->iov.iov_len++] = 3; // number of pages
490 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
491 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
492 outbuf[r->iov.iov_len++] = 0x83; // device identification
493 }
494 break;
495 case 0x80:
496 {
497 int l;
498
499 /* Device serial number, optional */
500 if (len < 4) {
501 BADF("Error: EVPD[Serial number] Inquiry buffer "
502 "size %d too small, %d needed\n", len, 4);
503 goto fail;
504 }
505
506 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
507 l = MIN(len, strlen(s->drive_serial_str));
508
509 r->iov.iov_len = 0;
510
511 /* Supported page codes */
512 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
513 outbuf[r->iov.iov_len++] = 5;
514 } else {
515 outbuf[r->iov.iov_len++] = 0;
516 }
517
518 outbuf[r->iov.iov_len++] = 0x80; // this page
519 outbuf[r->iov.iov_len++] = 0x00;
520 outbuf[r->iov.iov_len++] = l;
521 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
522 r->iov.iov_len += l;
523 }
524
525 break;
526 case 0x83:
527 {
528 /* Device identification page, mandatory */
529 int max_len = 255 - 8;
530 int id_len = strlen(bdrv_get_device_name(s->dinfo->bdrv));
531 if (id_len > max_len)
532 id_len = max_len;
533
534 DPRINTF("Inquiry EVPD[Device identification] "
535 "buffer size %d\n", len);
536 r->iov.iov_len = 0;
537 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
538 outbuf[r->iov.iov_len++] = 5;
539 } else {
540 outbuf[r->iov.iov_len++] = 0;
541 }
542
543 outbuf[r->iov.iov_len++] = 0x83; // this page
544 outbuf[r->iov.iov_len++] = 0x00;
545 outbuf[r->iov.iov_len++] = 3 + id_len;
546
547 outbuf[r->iov.iov_len++] = 0x2; // ASCII
548 outbuf[r->iov.iov_len++] = 0; // not officially assigned
549 outbuf[r->iov.iov_len++] = 0; // reserved
550 outbuf[r->iov.iov_len++] = id_len; // length of data following
551
552 memcpy(&outbuf[r->iov.iov_len],
553 bdrv_get_device_name(s->dinfo->bdrv), id_len);
554 r->iov.iov_len += id_len;
555 }
556 break;
557 default:
558 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
559 "buffer size %d\n", page_code, len);
560 goto fail;
561 }
562 /* done with EVPD */
563 break;
564 }
565 else {
566 /* Standard INQUIRY data */
567 if (buf[2] != 0) {
568 BADF("Error: Inquiry (STANDARD) page or code "
569 "is non-zero [%02X]\n", buf[2]);
570 goto fail;
571 }
572
573 /* PAGE CODE == 0 */
574 if (len < 5) {
575 BADF("Error: Inquiry (STANDARD) buffer size %d "
576 "is less than 5\n", len);
577 goto fail;
578 }
579
580 if (len < 36) {
581 BADF("Error: Inquiry (STANDARD) buffer size %d "
582 "is less than 36 (TODO: only 5 required)\n", len);
583 }
584 }
585
586 if(len > SCSI_MAX_INQUIRY_LEN)
587 len = SCSI_MAX_INQUIRY_LEN;
588
589 memset(outbuf, 0, len);
590
591 if (lun || buf[1] >> 5) {
592 outbuf[0] = 0x7f; /* LUN not supported */
593 } else if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
594 outbuf[0] = 5;
595 outbuf[1] = 0x80;
596 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
597 } else {
598 outbuf[0] = 0;
599 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
600 }
601 memcpy(&outbuf[8], "QEMU ", 8);
602 memcpy(&outbuf[32], QEMU_VERSION, 4);
603 /* Identify device as SCSI-3 rev 1.
604 Some later commands are also implemented. */
605 outbuf[2] = 3;
606 outbuf[3] = 2; /* Format 2 */
607 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
608 /* Sync data transfer and TCQ. */
609 outbuf[7] = 0x10 | (r->bus->tcq ? 0x02 : 0);
610 r->iov.iov_len = len;
611 break;
612 case 0x16:
613 DPRINTF("Reserve(6)\n");
614 if (buf[1] & 1)
615 goto fail;
616 break;
617 case 0x17:
618 DPRINTF("Release(6)\n");
619 if (buf[1] & 1)
620 goto fail;
621 break;
622 case 0x1a:
623 case 0x5a:
624 {
625 uint8_t *p;
626 int page;
627 int dbd;
628
629 dbd = buf[1] & 0x8;
630 page = buf[2] & 0x3f;
631 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
632 p = outbuf;
633 memset(p, 0, 4);
634 outbuf[1] = 0; /* Default media type. */
635 outbuf[3] = 0; /* Block descriptor length. */
636 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM ||
637 bdrv_is_read_only(s->dinfo->bdrv)) {
638 outbuf[2] = 0x80; /* Readonly. */
639 }
640 p += 4;
641 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
642 if ((~dbd) & nb_sectors) {
643 nb_sectors /= s->cluster_size;
644 nb_sectors--;
645 if (nb_sectors > 0xffffff)
646 nb_sectors = 0xffffff;
647 outbuf[3] = 8; /* Block descriptor length */
648 p[0] = 0; /* media density code */
649 p[1] = (nb_sectors >> 16) & 0xff;
650 p[2] = (nb_sectors >> 8) & 0xff;
651 p[3] = nb_sectors & 0xff;
652 p[4] = 0; /* reserved */
653 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
654 p[6] = s->cluster_size * 2;
655 p[7] = 0;
656 p += 8;
657 }
658
659 if (page == 4) {
660 int cylinders, heads, secs;
661
662 /* Rigid disk device geometry page. */
663 p[0] = 4;
664 p[1] = 0x16;
665 /* if a geometry hint is available, use it */
666 bdrv_get_geometry_hint(s->dinfo->bdrv, &cylinders, &heads, &secs);
667 p[2] = (cylinders >> 16) & 0xff;
668 p[3] = (cylinders >> 8) & 0xff;
669 p[4] = cylinders & 0xff;
670 p[5] = heads & 0xff;
671 /* Write precomp start cylinder, disabled */
672 p[6] = (cylinders >> 16) & 0xff;
673 p[7] = (cylinders >> 8) & 0xff;
674 p[8] = cylinders & 0xff;
675 /* Reduced current start cylinder, disabled */
676 p[9] = (cylinders >> 16) & 0xff;
677 p[10] = (cylinders >> 8) & 0xff;
678 p[11] = cylinders & 0xff;
679 /* Device step rate [ns], 200ns */
680 p[12] = 0;
681 p[13] = 200;
682 /* Landing zone cylinder */
683 p[14] = 0xff;
684 p[15] = 0xff;
685 p[16] = 0xff;
686 /* Medium rotation rate [rpm], 5400 rpm */
687 p[20] = (5400 >> 8) & 0xff;
688 p[21] = 5400 & 0xff;
689 p += 0x16;
690 } else if (page == 5) {
691 int cylinders, heads, secs;
692
693 /* Flexible disk device geometry page. */
694 p[0] = 5;
695 p[1] = 0x1e;
696 /* Transfer rate [kbit/s], 5Mbit/s */
697 p[2] = 5000 >> 8;
698 p[3] = 5000 & 0xff;
699 /* if a geometry hint is available, use it */
700 bdrv_get_geometry_hint(s->dinfo->bdrv, &cylinders, &heads, &secs);
701 p[4] = heads & 0xff;
702 p[5] = secs & 0xff;
703 p[6] = s->cluster_size * 2;
704 p[8] = (cylinders >> 8) & 0xff;
705 p[9] = cylinders & 0xff;
706 /* Write precomp start cylinder, disabled */
707 p[10] = (cylinders >> 8) & 0xff;
708 p[11] = cylinders & 0xff;
709 /* Reduced current start cylinder, disabled */
710 p[12] = (cylinders >> 8) & 0xff;
711 p[13] = cylinders & 0xff;
712 /* Device step rate [100us], 100us */
713 p[14] = 0;
714 p[15] = 1;
715 /* Device step pulse width [us], 1us */
716 p[16] = 1;
717 /* Device head settle delay [100us], 100us */
718 p[17] = 0;
719 p[18] = 1;
720 /* Motor on delay [0.1s], 0.1s */
721 p[19] = 1;
722 /* Motor off delay [0.1s], 0.1s */
723 p[20] = 1;
724 /* Medium rotation rate [rpm], 5400 rpm */
725 p[28] = (5400 >> 8) & 0xff;
726 p[29] = 5400 & 0xff;
727 p += 0x1e;
728 } else if ((page == 8 || page == 0x3f)) {
729 /* Caching page. */
730 memset(p,0,20);
731 p[0] = 8;
732 p[1] = 0x12;
733 if (bdrv_enable_write_cache(s->dinfo->bdrv)) {
734 p[2] = 4; /* WCE */
735 }
736 p += 20;
737 }
738 if ((page == 0x3f || page == 0x2a)
739 && (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM)) {
740 /* CD Capabilities and Mechanical Status page. */
741 p[0] = 0x2a;
742 p[1] = 0x14;
743 p[2] = 3; // CD-R & CD-RW read
744 p[3] = 0; // Writing not supported
745 p[4] = 0x7f; /* Audio, composite, digital out,
746 mode 2 form 1&2, multi session */
747 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
748 RW corrected, C2 errors, ISRC,
749 UPC, Bar code */
750 p[6] = 0x2d | (bdrv_is_locked(s->dinfo->bdrv)? 2 : 0);
751 /* Locking supported, jumper present, eject, tray */
752 p[7] = 0; /* no volume & mute control, no
753 changer */
754 p[8] = (50 * 176) >> 8; // 50x read speed
755 p[9] = (50 * 176) & 0xff;
756 p[10] = 0 >> 8; // No volume
757 p[11] = 0 & 0xff;
758 p[12] = 2048 >> 8; // 2M buffer
759 p[13] = 2048 & 0xff;
760 p[14] = (16 * 176) >> 8; // 16x read speed current
761 p[15] = (16 * 176) & 0xff;
762 p[18] = (16 * 176) >> 8; // 16x write speed
763 p[19] = (16 * 176) & 0xff;
764 p[20] = (16 * 176) >> 8; // 16x write speed current
765 p[21] = (16 * 176) & 0xff;
766 p += 22;
767 }
768 r->iov.iov_len = p - outbuf;
769 outbuf[0] = r->iov.iov_len - 4;
770 if (r->iov.iov_len > len)
771 r->iov.iov_len = len;
772 }
773 break;
774 case 0x1b:
775 DPRINTF("Start Stop Unit\n");
776 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM &&
777 (buf[4] & 2))
778 /* load/eject medium */
779 bdrv_eject(s->dinfo->bdrv, !(buf[4] & 1));
780 break;
781 case 0x1e:
782 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
783 bdrv_set_locked(s->dinfo->bdrv, buf[4] & 1);
784 break;
785 case 0x25:
786 DPRINTF("Read Capacity\n");
787 /* The normal LEN field for this command is zero. */
788 memset(outbuf, 0, 8);
789 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
790 nb_sectors /= s->cluster_size;
791 /* Returned value is the address of the last sector. */
792 if (nb_sectors) {
793 nb_sectors--;
794 /* Remember the new size for read/write sanity checking. */
795 s->max_lba = nb_sectors;
796 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
797 if (nb_sectors > UINT32_MAX)
798 nb_sectors = UINT32_MAX;
799 outbuf[0] = (nb_sectors >> 24) & 0xff;
800 outbuf[1] = (nb_sectors >> 16) & 0xff;
801 outbuf[2] = (nb_sectors >> 8) & 0xff;
802 outbuf[3] = nb_sectors & 0xff;
803 outbuf[4] = 0;
804 outbuf[5] = 0;
805 outbuf[6] = s->cluster_size * 2;
806 outbuf[7] = 0;
807 r->iov.iov_len = 8;
808 } else {
809 notready:
810 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
811 return 0;
812 }
813 break;
814 case 0x08:
815 case 0x28:
816 case 0x88:
817 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
818 if (lba > s->max_lba)
819 goto illegal_lba;
820 r->sector = lba * s->cluster_size;
821 r->sector_count = len * s->cluster_size;
822 break;
823 case 0x0a:
824 case 0x2a:
825 case 0x8a:
826 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
827 if (lba > s->max_lba)
828 goto illegal_lba;
829 r->sector = lba * s->cluster_size;
830 r->sector_count = len * s->cluster_size;
831 is_write = 1;
832 break;
833 case 0x35:
834 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
835 bdrv_flush(s->dinfo->bdrv);
836 break;
837 case 0x43:
838 {
839 int start_track, format, msf, toclen;
840
841 msf = buf[1] & 2;
842 format = buf[2] & 0xf;
843 start_track = buf[6];
844 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
845 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
846 nb_sectors /= s->cluster_size;
847 switch(format) {
848 case 0:
849 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
850 break;
851 case 1:
852 /* multi session : only a single session defined */
853 toclen = 12;
854 memset(outbuf, 0, 12);
855 outbuf[1] = 0x0a;
856 outbuf[2] = 0x01;
857 outbuf[3] = 0x01;
858 break;
859 case 2:
860 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
861 break;
862 default:
863 goto error_cmd;
864 }
865 if (toclen > 0) {
866 if (len > toclen)
867 len = toclen;
868 r->iov.iov_len = len;
869 break;
870 }
871 error_cmd:
872 DPRINTF("Read TOC error\n");
873 goto fail;
874 }
875 case 0x46:
876 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
877 memset(outbuf, 0, 8);
878 /* ??? This should probably return much more information. For now
879 just return the basic header indicating the CD-ROM profile. */
880 outbuf[7] = 8; // CD-ROM
881 r->iov.iov_len = 8;
882 break;
883 case 0x56:
884 DPRINTF("Reserve(10)\n");
885 if (buf[1] & 3)
886 goto fail;
887 break;
888 case 0x57:
889 DPRINTF("Release(10)\n");
890 if (buf[1] & 3)
891 goto fail;
892 break;
893 case 0x9e:
894 /* Service Action In subcommands. */
895 if ((buf[1] & 31) == 0x10) {
896 DPRINTF("SAI READ CAPACITY(16)\n");
897 memset(outbuf, 0, len);
898 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
899 nb_sectors /= s->cluster_size;
900 /* Returned value is the address of the last sector. */
901 if (nb_sectors) {
902 nb_sectors--;
903 /* Remember the new size for read/write sanity checking. */
904 s->max_lba = nb_sectors;
905 outbuf[0] = (nb_sectors >> 56) & 0xff;
906 outbuf[1] = (nb_sectors >> 48) & 0xff;
907 outbuf[2] = (nb_sectors >> 40) & 0xff;
908 outbuf[3] = (nb_sectors >> 32) & 0xff;
909 outbuf[4] = (nb_sectors >> 24) & 0xff;
910 outbuf[5] = (nb_sectors >> 16) & 0xff;
911 outbuf[6] = (nb_sectors >> 8) & 0xff;
912 outbuf[7] = nb_sectors & 0xff;
913 outbuf[8] = 0;
914 outbuf[9] = 0;
915 outbuf[10] = s->cluster_size * 2;
916 outbuf[11] = 0;
917 /* Protection, exponent and lowest lba field left blank. */
918 r->iov.iov_len = len;
919 } else {
920 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
921 return 0;
922 }
923 break;
924 }
925 DPRINTF("Unsupported Service Action In\n");
926 goto fail;
927 case 0xa0:
928 DPRINTF("Report LUNs (len %d)\n", len);
929 if (len < 16)
930 goto fail;
931 memset(outbuf, 0, 16);
932 outbuf[3] = 8;
933 r->iov.iov_len = 16;
934 break;
935 case 0x2f:
936 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
937 break;
938 default:
939 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
940 fail:
941 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
942 return 0;
943 illegal_lba:
944 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
945 return 0;
946 }
947 if (r->sector_count == 0 && r->iov.iov_len == 0) {
948 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
949 }
950 len = r->sector_count * 512 + r->iov.iov_len;
951 if (is_write) {
952 return -len;
953 } else {
954 if (!r->sector_count)
955 r->sector_count = -1;
956 return len;
957 }
958 }
959
960 static void scsi_destroy(SCSIDevice *dev)
961 {
962 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
963
964 drive_uninit(s->dinfo);
965 }
966
967 static int scsi_disk_initfn(SCSIDevice *dev)
968 {
969 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
970 uint64_t nb_sectors;
971
972 if (!s->dinfo || !s->dinfo->bdrv) {
973 qemu_error("scsi-disk: drive property not set\n");
974 return -1;
975 }
976
977 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
978 s->cluster_size = 4;
979 } else {
980 s->cluster_size = 1;
981 }
982 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
983 nb_sectors /= s->cluster_size;
984 if (nb_sectors)
985 nb_sectors--;
986 s->max_lba = nb_sectors;
987 strncpy(s->drive_serial_str, drive_get_serial(s->dinfo->bdrv),
988 sizeof(s->drive_serial_str));
989 if (strlen(s->drive_serial_str) == 0)
990 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
991 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
992 return 0;
993 }
994
995 static SCSIDeviceInfo scsi_disk_info = {
996 .qdev.name = "scsi-disk",
997 .qdev.desc = "virtual scsi disk or cdrom",
998 .qdev.size = sizeof(SCSIDiskState),
999 .init = scsi_disk_initfn,
1000 .destroy = scsi_destroy,
1001 .send_command = scsi_send_command,
1002 .read_data = scsi_read_data,
1003 .write_data = scsi_write_data,
1004 .cancel_io = scsi_cancel_io,
1005 .get_buf = scsi_get_buf,
1006 .qdev.props = (Property[]) {
1007 DEFINE_PROP_DRIVE("drive", SCSIDiskState, dinfo),
1008 DEFINE_PROP_END_OF_LIST(),
1009 },
1010 };
1011
1012 static void scsi_disk_register_devices(void)
1013 {
1014 scsi_qdev_register(&scsi_disk_info);
1015 }
1016 device_init(scsi_disk_register_devices)
Mark McLoughlin's queue for qemu.git