search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qemu-log: fix x86 and user logging
[qemu/opensuse.git] / hw / scsi-disk.c
blob34336b1b582f0ddcbf2b7f1f07eac8bc7c674141
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "dma.h"
38
39 #ifdef __linux
40 #include <scsi/sg.h>
41 #endif
42
43 #define SCSI_DMA_BUF_SIZE 131072
44 #define SCSI_MAX_INQUIRY_LEN 256
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
51 uint64_t sector;
52 uint32_t sector_count;
53 uint32_t buflen;
54 bool started;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 BlockAcctCookie acct;
58 } SCSIDiskReq;
59
60 #define SCSI_DISK_F_REMOVABLE 0
61 #define SCSI_DISK_F_DPOFUA 1
62
63 struct SCSIDiskState
64 {
65 SCSIDevice qdev;
66 uint32_t features;
67 bool media_changed;
68 bool media_event;
69 bool eject_request;
70 uint64_t wwn;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79
80 static void scsi_free_request(SCSIRequest *req)
81 {
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
87 }
88
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 {
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
96 }
97
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
100 {
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = size;
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 {
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen) {
136 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
137 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
138 } else if (!req->retry) {
139 uint32_t len = r->iov.iov_len;
140 qemu_put_be32s(f, &len);
141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
142 }
143 }
144 }
145
146 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
147 {
148 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
149
150 qemu_get_be64s(f, &r->sector);
151 qemu_get_be32s(f, &r->sector_count);
152 qemu_get_be32s(f, &r->buflen);
153 if (r->buflen) {
154 scsi_init_iovec(r, r->buflen);
155 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
156 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
157 } else if (!r->req.retry) {
158 uint32_t len;
159 qemu_get_be32s(f, &len);
160 r->iov.iov_len = len;
161 assert(r->iov.iov_len <= r->buflen);
162 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
163 }
164 }
165
166 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
167 }
168
169 static void scsi_flush_complete(void * opaque, int ret)
170 {
171 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
172 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
173
174 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
175
176 if (ret < 0) {
177 if (scsi_handle_rw_error(r, -ret)) {
178 goto done;
179 }
180 }
181
182 scsi_req_complete(&r->req, GOOD);
183
184 done:
185 if (!r->req.io_canceled) {
186 scsi_req_unref(&r->req);
187 }
188 }
189
190 static bool scsi_is_cmd_fua(SCSICommand *cmd)
191 {
192 switch (cmd->buf[0]) {
193 case READ_10:
194 case READ_12:
195 case READ_16:
196 case WRITE_10:
197 case WRITE_12:
198 case WRITE_16:
199 return (cmd->buf[1] & 8) != 0;
200
201 case VERIFY_10:
202 case VERIFY_12:
203 case VERIFY_16:
204 case WRITE_VERIFY_10:
205 case WRITE_VERIFY_12:
206 case WRITE_VERIFY_16:
207 return true;
208
209 case READ_6:
210 case WRITE_6:
211 default:
212 return false;
213 }
214 }
215
216 static void scsi_write_do_fua(SCSIDiskReq *r)
217 {
218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
219
220 if (scsi_is_cmd_fua(&r->req.cmd)) {
221 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
222 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
223 return;
224 }
225
226 scsi_req_complete(&r->req, GOOD);
227 if (!r->req.io_canceled) {
228 scsi_req_unref(&r->req);
229 }
230 }
231
232 static void scsi_dma_complete(void *opaque, int ret)
233 {
234 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236
237 if (r->req.aiocb != NULL) {
238 r->req.aiocb = NULL;
239 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
240 }
241
242 if (ret < 0) {
243 if (scsi_handle_rw_error(r, -ret)) {
244 goto done;
245 }
246 }
247
248 r->sector += r->sector_count;
249 r->sector_count = 0;
250 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
251 scsi_write_do_fua(r);
252 return;
253 } else {
254 scsi_req_complete(&r->req, GOOD);
255 }
256
257 done:
258 if (!r->req.io_canceled) {
259 scsi_req_unref(&r->req);
260 }
261 }
262
263 static void scsi_read_complete(void * opaque, int ret)
264 {
265 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
266 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
267 int n;
268
269 if (r->req.aiocb != NULL) {
270 r->req.aiocb = NULL;
271 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
272 }
273
274 if (ret < 0) {
275 if (scsi_handle_rw_error(r, -ret)) {
276 goto done;
277 }
278 }
279
280 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
281
282 n = r->qiov.size / 512;
283 r->sector += n;
284 r->sector_count -= n;
285 scsi_req_data(&r->req, r->qiov.size);
286
287 done:
288 if (!r->req.io_canceled) {
289 scsi_req_unref(&r->req);
290 }
291 }
292
293 /* Actually issue a read to the block device. */
294 static void scsi_do_read(void *opaque, int ret)
295 {
296 SCSIDiskReq *r = opaque;
297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
298 uint32_t n;
299
300 if (r->req.aiocb != NULL) {
301 r->req.aiocb = NULL;
302 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
303 }
304
305 if (ret < 0) {
306 if (scsi_handle_rw_error(r, -ret)) {
307 goto done;
308 }
309 }
310
311 if (r->req.io_canceled) {
312 return;
313 }
314
315 /* The request is used as the AIO opaque value, so add a ref. */
316 scsi_req_ref(&r->req);
317
318 if (r->req.sg) {
319 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
320 r->req.resid -= r->req.sg->size;
321 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
322 scsi_dma_complete, r);
323 } else {
324 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
325 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
326 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
327 scsi_read_complete, r);
328 }
329
330 done:
331 if (!r->req.io_canceled) {
332 scsi_req_unref(&r->req);
333 }
334 }
335
336 /* Read more data from scsi device into buffer. */
337 static void scsi_read_data(SCSIRequest *req)
338 {
339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
341 bool first;
342
343 if (r->sector_count == (uint32_t)-1) {
344 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
345 r->sector_count = 0;
346 r->started = true;
347 scsi_req_data(&r->req, r->iov.iov_len);
348 return;
349 }
350 DPRINTF("Read sector_count=%d\n", r->sector_count);
351 if (r->sector_count == 0) {
352 /* This also clears the sense buffer for REQUEST SENSE. */
353 scsi_req_complete(&r->req, GOOD);
354 return;
355 }
356
357 /* No data transfer may already be in progress */
358 assert(r->req.aiocb == NULL);
359
360 /* The request is used as the AIO opaque value, so add a ref. */
361 scsi_req_ref(&r->req);
362 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
363 DPRINTF("Data transfer direction invalid\n");
364 scsi_read_complete(r, -EINVAL);
365 return;
366 }
367
368 if (s->tray_open) {
369 scsi_read_complete(r, -ENOMEDIUM);
370 return;
371 }
372
373 first = !r->started;
374 r->started = true;
375 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
376 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
377 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
378 } else {
379 scsi_do_read(r, 0);
380 }
381 }
382
383 /*
384 * scsi_handle_rw_error has two return values. 0 means that the error
385 * must be ignored, 1 means that the error has been processed and the
386 * caller should not do anything else for this request. Note that
387 * scsi_handle_rw_error always manages its reference counts, independent
388 * of the return value.
389 */
390 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
391 {
392 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
393 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
394 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
395
396 if (action == BLOCK_ERR_IGNORE) {
397 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
398 return 0;
399 }
400
401 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
402 || action == BLOCK_ERR_STOP_ANY) {
403
404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
405 vm_stop(RUN_STATE_IO_ERROR);
406 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
407 scsi_req_retry(&r->req);
408 } else {
409 switch (error) {
410 case ENOMEDIUM:
411 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
412 break;
413 case ENOMEM:
414 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
415 break;
416 case EINVAL:
417 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
418 break;
419 default:
420 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
421 break;
422 }
423 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
424 }
425 return 1;
426 }
427
428 static void scsi_write_complete(void * opaque, int ret)
429 {
430 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
431 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
432 uint32_t n;
433
434 if (r->req.aiocb != NULL) {
435 r->req.aiocb = NULL;
436 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
437 }
438
439 if (ret < 0) {
440 if (scsi_handle_rw_error(r, -ret)) {
441 goto done;
442 }
443 }
444
445 n = r->qiov.size / 512;
446 r->sector += n;
447 r->sector_count -= n;
448 if (r->sector_count == 0) {
449 scsi_write_do_fua(r);
450 return;
451 } else {
452 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
453 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
454 scsi_req_data(&r->req, r->qiov.size);
455 }
456
457 done:
458 if (!r->req.io_canceled) {
459 scsi_req_unref(&r->req);
460 }
461 }
462
463 static void scsi_write_data(SCSIRequest *req)
464 {
465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 uint32_t n;
468
469 /* No data transfer may already be in progress */
470 assert(r->req.aiocb == NULL);
471
472 /* The request is used as the AIO opaque value, so add a ref. */
473 scsi_req_ref(&r->req);
474 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
475 DPRINTF("Data transfer direction invalid\n");
476 scsi_write_complete(r, -EINVAL);
477 return;
478 }
479
480 if (!r->req.sg && !r->qiov.size) {
481 /* Called for the first time. Ask the driver to send us more data. */
482 r->started = true;
483 scsi_write_complete(r, 0);
484 return;
485 }
486 if (s->tray_open) {
487 scsi_write_complete(r, -ENOMEDIUM);
488 return;
489 }
490
491 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
492 r->req.cmd.buf[0] == VERIFY_16) {
493 if (r->req.sg) {
494 scsi_dma_complete(r, 0);
495 } else {
496 scsi_write_complete(r, 0);
497 }
498 return;
499 }
500
501 if (r->req.sg) {
502 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
503 r->req.resid -= r->req.sg->size;
504 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
505 scsi_dma_complete, r);
506 } else {
507 n = r->qiov.size / 512;
508 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
509 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
510 scsi_write_complete, r);
511 }
512 }
513
514 /* Return a pointer to the data buffer. */
515 static uint8_t *scsi_get_buf(SCSIRequest *req)
516 {
517 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
518
519 return (uint8_t *)r->iov.iov_base;
520 }
521
522 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
523 {
524 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
525 int buflen = 0;
526 int start;
527
528 if (req->cmd.buf[1] & 0x1) {
529 /* Vital product data */
530 uint8_t page_code = req->cmd.buf[2];
531
532 outbuf[buflen++] = s->qdev.type & 0x1f;
533 outbuf[buflen++] = page_code ; // this page
534 outbuf[buflen++] = 0x00;
535 outbuf[buflen++] = 0x00;
536 start = buflen;
537
538 switch (page_code) {
539 case 0x00: /* Supported page codes, mandatory */
540 {
541 DPRINTF("Inquiry EVPD[Supported pages] "
542 "buffer size %zd\n", req->cmd.xfer);
543 outbuf[buflen++] = 0x00; // list of supported pages (this page)
544 if (s->serial) {
545 outbuf[buflen++] = 0x80; // unit serial number
546 }
547 outbuf[buflen++] = 0x83; // device identification
548 if (s->qdev.type == TYPE_DISK) {
549 outbuf[buflen++] = 0xb0; // block limits
550 outbuf[buflen++] = 0xb2; // thin provisioning
551 }
552 break;
553 }
554 case 0x80: /* Device serial number, optional */
555 {
556 int l;
557
558 if (!s->serial) {
559 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
560 return -1;
561 }
562
563 l = strlen(s->serial);
564 if (l > 20) {
565 l = 20;
566 }
567
568 DPRINTF("Inquiry EVPD[Serial number] "
569 "buffer size %zd\n", req->cmd.xfer);
570 memcpy(outbuf+buflen, s->serial, l);
571 buflen += l;
572 break;
573 }
574
575 case 0x83: /* Device identification page, mandatory */
576 {
577 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
578 int max_len = s->serial ? 20 : 255 - 8;
579 int id_len = strlen(str);
580
581 if (id_len > max_len) {
582 id_len = max_len;
583 }
584 DPRINTF("Inquiry EVPD[Device identification] "
585 "buffer size %zd\n", req->cmd.xfer);
586
587 outbuf[buflen++] = 0x2; // ASCII
588 outbuf[buflen++] = 0; // not officially assigned
589 outbuf[buflen++] = 0; // reserved
590 outbuf[buflen++] = id_len; // length of data following
591 memcpy(outbuf+buflen, str, id_len);
592 buflen += id_len;
593
594 if (s->wwn) {
595 outbuf[buflen++] = 0x1; // Binary
596 outbuf[buflen++] = 0x3; // NAA
597 outbuf[buflen++] = 0; // reserved
598 outbuf[buflen++] = 8;
599 stq_be_p(&outbuf[buflen], s->wwn);
600 buflen += 8;
601 }
602 break;
603 }
604 case 0xb0: /* block limits */
605 {
606 unsigned int unmap_sectors =
607 s->qdev.conf.discard_granularity / s->qdev.blocksize;
608 unsigned int min_io_size =
609 s->qdev.conf.min_io_size / s->qdev.blocksize;
610 unsigned int opt_io_size =
611 s->qdev.conf.opt_io_size / s->qdev.blocksize;
612
613 if (s->qdev.type == TYPE_ROM) {
614 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
615 page_code);
616 return -1;
617 }
618 /* required VPD size with unmap support */
619 buflen = 0x40;
620 memset(outbuf + 4, 0, buflen - 4);
621
622 /* optimal transfer length granularity */
623 outbuf[6] = (min_io_size >> 8) & 0xff;
624 outbuf[7] = min_io_size & 0xff;
625
626 /* optimal transfer length */
627 outbuf[12] = (opt_io_size >> 24) & 0xff;
628 outbuf[13] = (opt_io_size >> 16) & 0xff;
629 outbuf[14] = (opt_io_size >> 8) & 0xff;
630 outbuf[15] = opt_io_size & 0xff;
631
632 /* optimal unmap granularity */
633 outbuf[28] = (unmap_sectors >> 24) & 0xff;
634 outbuf[29] = (unmap_sectors >> 16) & 0xff;
635 outbuf[30] = (unmap_sectors >> 8) & 0xff;
636 outbuf[31] = unmap_sectors & 0xff;
637 break;
638 }
639 case 0xb2: /* thin provisioning */
640 {
641 buflen = 8;
642 outbuf[4] = 0;
643 outbuf[5] = 0x60; /* write_same 10/16 supported */
644 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
645 outbuf[7] = 0;
646 break;
647 }
648 default:
649 return -1;
650 }
651 /* done with EVPD */
652 assert(buflen - start <= 255);
653 outbuf[start - 1] = buflen - start;
654 return buflen;
655 }
656
657 /* Standard INQUIRY data */
658 if (req->cmd.buf[2] != 0) {
659 return -1;
660 }
661
662 /* PAGE CODE == 0 */
663 buflen = req->cmd.xfer;
664 if (buflen > SCSI_MAX_INQUIRY_LEN) {
665 buflen = SCSI_MAX_INQUIRY_LEN;
666 }
667 memset(outbuf, 0, buflen);
668
669 outbuf[0] = s->qdev.type & 0x1f;
670 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
671 if (s->qdev.type == TYPE_ROM) {
672 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
673 } else {
674 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
675 }
676 memcpy(&outbuf[8], "QEMU ", 8);
677 memset(&outbuf[32], 0, 4);
678 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
679 /*
680 * We claim conformance to SPC-3, which is required for guests
681 * to ask for modern features like READ CAPACITY(16) or the
682 * block characteristics VPD page by default. Not all of SPC-3
683 * is actually implemented, but we're good enough.
684 */
685 outbuf[2] = 5;
686 outbuf[3] = 2; /* Format 2 */
687
688 if (buflen > 36) {
689 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
690 } else {
691 /* If the allocation length of CDB is too small,
692 the additional length is not adjusted */
693 outbuf[4] = 36 - 5;
694 }
695
696 /* Sync data transfer and TCQ. */
697 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
698 return buflen;
699 }
700
701 static inline bool media_is_dvd(SCSIDiskState *s)
702 {
703 uint64_t nb_sectors;
704 if (s->qdev.type != TYPE_ROM) {
705 return false;
706 }
707 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
708 return false;
709 }
710 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
711 return nb_sectors > CD_MAX_SECTORS;
712 }
713
714 static inline bool media_is_cd(SCSIDiskState *s)
715 {
716 uint64_t nb_sectors;
717 if (s->qdev.type != TYPE_ROM) {
718 return false;
719 }
720 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
721 return false;
722 }
723 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
724 return nb_sectors <= CD_MAX_SECTORS;
725 }
726
727 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
728 uint8_t *outbuf)
729 {
730 uint8_t type = r->req.cmd.buf[1] & 7;
731
732 if (s->qdev.type != TYPE_ROM) {
733 return -1;
734 }
735
736 /* Types 1/2 are only defined for Blu-Ray. */
737 if (type != 0) {
738 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
739 return -1;
740 }
741
742 memset(outbuf, 0, 34);
743 outbuf[1] = 32;
744 outbuf[2] = 0xe; /* last session complete, disc finalized */
745 outbuf[3] = 1; /* first track on disc */
746 outbuf[4] = 1; /* # of sessions */
747 outbuf[5] = 1; /* first track of last session */
748 outbuf[6] = 1; /* last track of last session */
749 outbuf[7] = 0x20; /* unrestricted use */
750 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
751 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
752 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
753 /* 24-31: disc bar code */
754 /* 32: disc application code */
755 /* 33: number of OPC tables */
756
757 return 34;
758 }
759
760 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
761 uint8_t *outbuf)
762 {
763 static const int rds_caps_size[5] = {
764 [0] = 2048 + 4,
765 [1] = 4 + 4,
766 [3] = 188 + 4,
767 [4] = 2048 + 4,
768 };
769
770 uint8_t media = r->req.cmd.buf[1];
771 uint8_t layer = r->req.cmd.buf[6];
772 uint8_t format = r->req.cmd.buf[7];
773 int size = -1;
774
775 if (s->qdev.type != TYPE_ROM) {
776 return -1;
777 }
778 if (media != 0) {
779 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
780 return -1;
781 }
782
783 if (format != 0xff) {
784 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
785 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
786 return -1;
787 }
788 if (media_is_cd(s)) {
789 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
790 return -1;
791 }
792 if (format >= ARRAY_SIZE(rds_caps_size)) {
793 return -1;
794 }
795 size = rds_caps_size[format];
796 memset(outbuf, 0, size);
797 }
798
799 switch (format) {
800 case 0x00: {
801 /* Physical format information */
802 uint64_t nb_sectors;
803 if (layer != 0) {
804 goto fail;
805 }
806 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
807
808 outbuf[4] = 1; /* DVD-ROM, part version 1 */
809 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
810 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
811 outbuf[7] = 0; /* default densities */
812
813 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
814 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
815 break;
816 }
817
818 case 0x01: /* DVD copyright information, all zeros */
819 break;
820
821 case 0x03: /* BCA information - invalid field for no BCA info */
822 return -1;
823
824 case 0x04: /* DVD disc manufacturing information, all zeros */
825 break;
826
827 case 0xff: { /* List capabilities */
828 int i;
829 size = 4;
830 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
831 if (!rds_caps_size[i]) {
832 continue;
833 }
834 outbuf[size] = i;
835 outbuf[size + 1] = 0x40; /* Not writable, readable */
836 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
837 size += 4;
838 }
839 break;
840 }
841
842 default:
843 return -1;
844 }
845
846 /* Size of buffer, not including 2 byte size field */
847 stw_be_p(outbuf, size - 2);
848 return size;
849
850 fail:
851 return -1;
852 }
853
854 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
855 {
856 uint8_t event_code, media_status;
857
858 media_status = 0;
859 if (s->tray_open) {
860 media_status = MS_TRAY_OPEN;
861 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
862 media_status = MS_MEDIA_PRESENT;
863 }
864
865 /* Event notification descriptor */
866 event_code = MEC_NO_CHANGE;
867 if (media_status != MS_TRAY_OPEN) {
868 if (s->media_event) {
869 event_code = MEC_NEW_MEDIA;
870 s->media_event = false;
871 } else if (s->eject_request) {
872 event_code = MEC_EJECT_REQUESTED;
873 s->eject_request = false;
874 }
875 }
876
877 outbuf[0] = event_code;
878 outbuf[1] = media_status;
879
880 /* These fields are reserved, just clear them. */
881 outbuf[2] = 0;
882 outbuf[3] = 0;
883 return 4;
884 }
885
886 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
887 uint8_t *outbuf)
888 {
889 int size;
890 uint8_t *buf = r->req.cmd.buf;
891 uint8_t notification_class_request = buf[4];
892 if (s->qdev.type != TYPE_ROM) {
893 return -1;
894 }
895 if ((buf[1] & 1) == 0) {
896 /* asynchronous */
897 return -1;
898 }
899
900 size = 4;
901 outbuf[0] = outbuf[1] = 0;
902 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
903 if (notification_class_request & (1 << GESN_MEDIA)) {
904 outbuf[2] = GESN_MEDIA;
905 size += scsi_event_status_media(s, &outbuf[size]);
906 } else {
907 outbuf[2] = 0x80;
908 }
909 stw_be_p(outbuf, size - 4);
910 return size;
911 }
912
913 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
914 {
915 int current;
916
917 if (s->qdev.type != TYPE_ROM) {
918 return -1;
919 }
920 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
921 memset(outbuf, 0, 40);
922 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
923 stw_be_p(&outbuf[6], current);
924 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
925 outbuf[10] = 0x03; /* persistent, current */
926 outbuf[11] = 8; /* two profiles */
927 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
928 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
929 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
930 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
931 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
932 stw_be_p(&outbuf[20], 1);
933 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
934 outbuf[23] = 8;
935 stl_be_p(&outbuf[24], 1); /* SCSI */
936 outbuf[28] = 1; /* DBE = 1, mandatory */
937 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
938 stw_be_p(&outbuf[32], 3);
939 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
940 outbuf[35] = 4;
941 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
942 /* TODO: Random readable, CD read, DVD read, drive serial number,
943 power management */
944 return 40;
945 }
946
947 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
948 {
949 if (s->qdev.type != TYPE_ROM) {
950 return -1;
951 }
952 memset(outbuf, 0, 8);
953 outbuf[5] = 1; /* CD-ROM */
954 return 8;
955 }
956
957 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
958 int page_control)
959 {
960 static const int mode_sense_valid[0x3f] = {
961 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
962 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
964 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
966 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
967 };
968
969 BlockDriverState *bdrv = s->qdev.conf.bs;
970 int cylinders, heads, secs;
971 uint8_t *p = *p_outbuf;
972
973 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
974 return -1;
975 }
976
977 p[0] = page;
978
979 /*
980 * If Changeable Values are requested, a mask denoting those mode parameters
981 * that are changeable shall be returned. As we currently don't support
982 * parameter changes via MODE_SELECT all bits are returned set to zero.
983 * The buffer was already menset to zero by the caller of this function.
984 */
985 switch (page) {
986 case MODE_PAGE_HD_GEOMETRY:
987 p[1] = 0x16;
988 if (page_control == 1) { /* Changeable Values */
989 break;
990 }
991 /* if a geometry hint is available, use it */
992 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
993 p[2] = (cylinders >> 16) & 0xff;
994 p[3] = (cylinders >> 8) & 0xff;
995 p[4] = cylinders & 0xff;
996 p[5] = heads & 0xff;
997 /* Write precomp start cylinder, disabled */
998 p[6] = (cylinders >> 16) & 0xff;
999 p[7] = (cylinders >> 8) & 0xff;
1000 p[8] = cylinders & 0xff;
1001 /* Reduced current start cylinder, disabled */
1002 p[9] = (cylinders >> 16) & 0xff;
1003 p[10] = (cylinders >> 8) & 0xff;
1004 p[11] = cylinders & 0xff;
1005 /* Device step rate [ns], 200ns */
1006 p[12] = 0;
1007 p[13] = 200;
1008 /* Landing zone cylinder */
1009 p[14] = 0xff;
1010 p[15] = 0xff;
1011 p[16] = 0xff;
1012 /* Medium rotation rate [rpm], 5400 rpm */
1013 p[20] = (5400 >> 8) & 0xff;
1014 p[21] = 5400 & 0xff;
1015 break;
1016
1017 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1018 p[1] = 0x1e;
1019 if (page_control == 1) { /* Changeable Values */
1020 break;
1021 }
1022 /* Transfer rate [kbit/s], 5Mbit/s */
1023 p[2] = 5000 >> 8;
1024 p[3] = 5000 & 0xff;
1025 /* if a geometry hint is available, use it */
1026 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
1027 p[4] = heads & 0xff;
1028 p[5] = secs & 0xff;
1029 p[6] = s->qdev.blocksize >> 8;
1030 p[8] = (cylinders >> 8) & 0xff;
1031 p[9] = cylinders & 0xff;
1032 /* Write precomp start cylinder, disabled */
1033 p[10] = (cylinders >> 8) & 0xff;
1034 p[11] = cylinders & 0xff;
1035 /* Reduced current start cylinder, disabled */
1036 p[12] = (cylinders >> 8) & 0xff;
1037 p[13] = cylinders & 0xff;
1038 /* Device step rate [100us], 100us */
1039 p[14] = 0;
1040 p[15] = 1;
1041 /* Device step pulse width [us], 1us */
1042 p[16] = 1;
1043 /* Device head settle delay [100us], 100us */
1044 p[17] = 0;
1045 p[18] = 1;
1046 /* Motor on delay [0.1s], 0.1s */
1047 p[19] = 1;
1048 /* Motor off delay [0.1s], 0.1s */
1049 p[20] = 1;
1050 /* Medium rotation rate [rpm], 5400 rpm */
1051 p[28] = (5400 >> 8) & 0xff;
1052 p[29] = 5400 & 0xff;
1053 break;
1054
1055 case MODE_PAGE_CACHING:
1056 p[0] = 8;
1057 p[1] = 0x12;
1058 if (page_control == 1) { /* Changeable Values */
1059 break;
1060 }
1061 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1062 p[2] = 4; /* WCE */
1063 }
1064 break;
1065
1066 case MODE_PAGE_R_W_ERROR:
1067 p[1] = 10;
1068 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1069 if (s->qdev.type == TYPE_ROM) {
1070 p[3] = 0x20; /* Read Retry Count */
1071 }
1072 break;
1073
1074 case MODE_PAGE_AUDIO_CTL:
1075 p[1] = 14;
1076 break;
1077
1078 case MODE_PAGE_CAPABILITIES:
1079 p[1] = 0x14;
1080 if (page_control == 1) { /* Changeable Values */
1081 break;
1082 }
1083
1084 p[2] = 0x3b; /* CD-R & CD-RW read */
1085 p[3] = 0; /* Writing not supported */
1086 p[4] = 0x7f; /* Audio, composite, digital out,
1087 mode 2 form 1&2, multi session */
1088 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1089 RW corrected, C2 errors, ISRC,
1090 UPC, Bar code */
1091 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1092 /* Locking supported, jumper present, eject, tray */
1093 p[7] = 0; /* no volume & mute control, no
1094 changer */
1095 p[8] = (50 * 176) >> 8; /* 50x read speed */
1096 p[9] = (50 * 176) & 0xff;
1097 p[10] = 2 >> 8; /* Two volume levels */
1098 p[11] = 2 & 0xff;
1099 p[12] = 2048 >> 8; /* 2M buffer */
1100 p[13] = 2048 & 0xff;
1101 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1102 p[15] = (16 * 176) & 0xff;
1103 p[18] = (16 * 176) >> 8; /* 16x write speed */
1104 p[19] = (16 * 176) & 0xff;
1105 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1106 p[21] = (16 * 176) & 0xff;
1107 break;
1108
1109 default:
1110 return -1;
1111 }
1112
1113 *p_outbuf += p[1] + 2;
1114 return p[1] + 2;
1115 }
1116
1117 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1118 {
1119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1120 uint64_t nb_sectors;
1121 bool dbd;
1122 int page, buflen, ret, page_control;
1123 uint8_t *p;
1124 uint8_t dev_specific_param;
1125
1126 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1127 page = r->req.cmd.buf[2] & 0x3f;
1128 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1129 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1130 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1131 memset(outbuf, 0, r->req.cmd.xfer);
1132 p = outbuf;
1133
1134 if (s->qdev.type == TYPE_DISK) {
1135 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1136 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1137 dev_specific_param |= 0x80; /* Readonly. */
1138 }
1139 } else {
1140 /* MMC prescribes that CD/DVD drives have no block descriptors,
1141 * and defines no device-specific parameter. */
1142 dev_specific_param = 0x00;
1143 dbd = true;
1144 }
1145
1146 if (r->req.cmd.buf[0] == MODE_SENSE) {
1147 p[1] = 0; /* Default media type. */
1148 p[2] = dev_specific_param;
1149 p[3] = 0; /* Block descriptor length. */
1150 p += 4;
1151 } else { /* MODE_SENSE_10 */
1152 p[2] = 0; /* Default media type. */
1153 p[3] = dev_specific_param;
1154 p[6] = p[7] = 0; /* Block descriptor length. */
1155 p += 8;
1156 }
1157
1158 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1159 if (!dbd && nb_sectors) {
1160 if (r->req.cmd.buf[0] == MODE_SENSE) {
1161 outbuf[3] = 8; /* Block descriptor length */
1162 } else { /* MODE_SENSE_10 */
1163 outbuf[7] = 8; /* Block descriptor length */
1164 }
1165 nb_sectors /= (s->qdev.blocksize / 512);
1166 if (nb_sectors > 0xffffff) {
1167 nb_sectors = 0;
1168 }
1169 p[0] = 0; /* media density code */
1170 p[1] = (nb_sectors >> 16) & 0xff;
1171 p[2] = (nb_sectors >> 8) & 0xff;
1172 p[3] = nb_sectors & 0xff;
1173 p[4] = 0; /* reserved */
1174 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1175 p[6] = s->qdev.blocksize >> 8;
1176 p[7] = 0;
1177 p += 8;
1178 }
1179
1180 if (page_control == 3) {
1181 /* Saved Values */
1182 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1183 return -1;
1184 }
1185
1186 if (page == 0x3f) {
1187 for (page = 0; page <= 0x3e; page++) {
1188 mode_sense_page(s, page, &p, page_control);
1189 }
1190 } else {
1191 ret = mode_sense_page(s, page, &p, page_control);
1192 if (ret == -1) {
1193 return -1;
1194 }
1195 }
1196
1197 buflen = p - outbuf;
1198 /*
1199 * The mode data length field specifies the length in bytes of the
1200 * following data that is available to be transferred. The mode data
1201 * length does not include itself.
1202 */
1203 if (r->req.cmd.buf[0] == MODE_SENSE) {
1204 outbuf[0] = buflen - 1;
1205 } else { /* MODE_SENSE_10 */
1206 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1207 outbuf[1] = (buflen - 2) & 0xff;
1208 }
1209 return buflen;
1210 }
1211
1212 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1213 {
1214 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1215 int start_track, format, msf, toclen;
1216 uint64_t nb_sectors;
1217
1218 msf = req->cmd.buf[1] & 2;
1219 format = req->cmd.buf[2] & 0xf;
1220 start_track = req->cmd.buf[6];
1221 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1222 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1223 nb_sectors /= s->qdev.blocksize / 512;
1224 switch (format) {
1225 case 0:
1226 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1227 break;
1228 case 1:
1229 /* multi session : only a single session defined */
1230 toclen = 12;
1231 memset(outbuf, 0, 12);
1232 outbuf[1] = 0x0a;
1233 outbuf[2] = 0x01;
1234 outbuf[3] = 0x01;
1235 break;
1236 case 2:
1237 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1238 break;
1239 default:
1240 return -1;
1241 }
1242 return toclen;
1243 }
1244
1245 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1246 {
1247 SCSIRequest *req = &r->req;
1248 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1249 bool start = req->cmd.buf[4] & 1;
1250 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1251
1252 if (s->qdev.type == TYPE_ROM && loej) {
1253 if (!start && !s->tray_open && s->tray_locked) {
1254 scsi_check_condition(r,
1255 bdrv_is_inserted(s->qdev.conf.bs)
1256 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1257 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1258 return -1;
1259 }
1260
1261 if (s->tray_open != !start) {
1262 bdrv_eject(s->qdev.conf.bs, !start);
1263 s->tray_open = !start;
1264 }
1265 }
1266 return 0;
1267 }
1268
1269 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1270 {
1271 SCSIRequest *req = &r->req;
1272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1273 uint64_t nb_sectors;
1274 uint8_t *outbuf;
1275 int buflen = 0;
1276
1277 if (!r->iov.iov_base) {
1278 /*
1279 * FIXME: we shouldn't return anything bigger than 4k, but the code
1280 * requires the buffer to be as big as req->cmd.xfer in several
1281 * places. So, do not allow CDBs with a very large ALLOCATION
1282 * LENGTH. The real fix would be to modify scsi_read_data and
1283 * dma_buf_read, so that they return data beyond the buflen
1284 * as all zeros.
1285 */
1286 if (req->cmd.xfer > 65536) {
1287 goto illegal_request;
1288 }
1289 r->buflen = MAX(4096, req->cmd.xfer);
1290 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1291 }
1292
1293 outbuf = r->iov.iov_base;
1294 switch (req->cmd.buf[0]) {
1295 case TEST_UNIT_READY:
1296 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1297 break;
1298 case INQUIRY:
1299 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1300 if (buflen < 0) {
1301 goto illegal_request;
1302 }
1303 break;
1304 case MODE_SENSE:
1305 case MODE_SENSE_10:
1306 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1307 if (buflen < 0) {
1308 goto illegal_request;
1309 }
1310 break;
1311 case READ_TOC:
1312 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1313 if (buflen < 0) {
1314 goto illegal_request;
1315 }
1316 break;
1317 case RESERVE:
1318 if (req->cmd.buf[1] & 1) {
1319 goto illegal_request;
1320 }
1321 break;
1322 case RESERVE_10:
1323 if (req->cmd.buf[1] & 3) {
1324 goto illegal_request;
1325 }
1326 break;
1327 case RELEASE:
1328 if (req->cmd.buf[1] & 1) {
1329 goto illegal_request;
1330 }
1331 break;
1332 case RELEASE_10:
1333 if (req->cmd.buf[1] & 3) {
1334 goto illegal_request;
1335 }
1336 break;
1337 case START_STOP:
1338 if (scsi_disk_emulate_start_stop(r) < 0) {
1339 return -1;
1340 }
1341 break;
1342 case ALLOW_MEDIUM_REMOVAL:
1343 s->tray_locked = req->cmd.buf[4] & 1;
1344 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1345 break;
1346 case READ_CAPACITY_10:
1347 /* The normal LEN field for this command is zero. */
1348 memset(outbuf, 0, 8);
1349 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1350 if (!nb_sectors) {
1351 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1352 return -1;
1353 }
1354 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1355 goto illegal_request;
1356 }
1357 nb_sectors /= s->qdev.blocksize / 512;
1358 /* Returned value is the address of the last sector. */
1359 nb_sectors--;
1360 /* Remember the new size for read/write sanity checking. */
1361 s->qdev.max_lba = nb_sectors;
1362 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1363 if (nb_sectors > UINT32_MAX) {
1364 nb_sectors = UINT32_MAX;
1365 }
1366 outbuf[0] = (nb_sectors >> 24) & 0xff;
1367 outbuf[1] = (nb_sectors >> 16) & 0xff;
1368 outbuf[2] = (nb_sectors >> 8) & 0xff;
1369 outbuf[3] = nb_sectors & 0xff;
1370 outbuf[4] = 0;
1371 outbuf[5] = 0;
1372 outbuf[6] = s->qdev.blocksize >> 8;
1373 outbuf[7] = 0;
1374 buflen = 8;
1375 break;
1376 case REQUEST_SENSE:
1377 /* Just return "NO SENSE". */
1378 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1379 (req->cmd.buf[1] & 1) == 0);
1380 break;
1381 case MECHANISM_STATUS:
1382 buflen = scsi_emulate_mechanism_status(s, outbuf);
1383 if (buflen < 0) {
1384 goto illegal_request;
1385 }
1386 break;
1387 case GET_CONFIGURATION:
1388 buflen = scsi_get_configuration(s, outbuf);
1389 if (buflen < 0) {
1390 goto illegal_request;
1391 }
1392 break;
1393 case GET_EVENT_STATUS_NOTIFICATION:
1394 buflen = scsi_get_event_status_notification(s, r, outbuf);
1395 if (buflen < 0) {
1396 goto illegal_request;
1397 }
1398 break;
1399 case READ_DISC_INFORMATION:
1400 buflen = scsi_read_disc_information(s, r, outbuf);
1401 if (buflen < 0) {
1402 goto illegal_request;
1403 }
1404 break;
1405 case READ_DVD_STRUCTURE:
1406 buflen = scsi_read_dvd_structure(s, r, outbuf);
1407 if (buflen < 0) {
1408 goto illegal_request;
1409 }
1410 break;
1411 case SERVICE_ACTION_IN_16:
1412 /* Service Action In subcommands. */
1413 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1414 DPRINTF("SAI READ CAPACITY(16)\n");
1415 memset(outbuf, 0, req->cmd.xfer);
1416 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1417 if (!nb_sectors) {
1418 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1419 return -1;
1420 }
1421 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1422 goto illegal_request;
1423 }
1424 nb_sectors /= s->qdev.blocksize / 512;
1425 /* Returned value is the address of the last sector. */
1426 nb_sectors--;
1427 /* Remember the new size for read/write sanity checking. */
1428 s->qdev.max_lba = nb_sectors;
1429 outbuf[0] = (nb_sectors >> 56) & 0xff;
1430 outbuf[1] = (nb_sectors >> 48) & 0xff;
1431 outbuf[2] = (nb_sectors >> 40) & 0xff;
1432 outbuf[3] = (nb_sectors >> 32) & 0xff;
1433 outbuf[4] = (nb_sectors >> 24) & 0xff;
1434 outbuf[5] = (nb_sectors >> 16) & 0xff;
1435 outbuf[6] = (nb_sectors >> 8) & 0xff;
1436 outbuf[7] = nb_sectors & 0xff;
1437 outbuf[8] = 0;
1438 outbuf[9] = 0;
1439 outbuf[10] = s->qdev.blocksize >> 8;
1440 outbuf[11] = 0;
1441 outbuf[12] = 0;
1442 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1443
1444 /* set TPE bit if the format supports discard */
1445 if (s->qdev.conf.discard_granularity) {
1446 outbuf[14] = 0x80;
1447 }
1448
1449 /* Protection, exponent and lowest lba field left blank. */
1450 buflen = req->cmd.xfer;
1451 break;
1452 }
1453 DPRINTF("Unsupported Service Action In\n");
1454 goto illegal_request;
1455 default:
1456 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1457 return -1;
1458 }
1459 buflen = MIN(buflen, req->cmd.xfer);
1460 return buflen;
1461
1462 illegal_request:
1463 if (r->req.status == -1) {
1464 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1465 }
1466 return -1;
1467 }
1468
1469 /* Execute a scsi command. Returns the length of the data expected by the
1470 command. This will be Positive for data transfers from the device
1471 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1472 and zero if the command does not transfer any data. */
1473
1474 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1475 {
1476 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1477 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1478 int32_t len;
1479 uint8_t command;
1480 int rc;
1481
1482 command = buf[0];
1483 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1484
1485 #ifdef DEBUG_SCSI
1486 {
1487 int i;
1488 for (i = 1; i < r->req.cmd.len; i++) {
1489 printf(" 0x%02x", buf[i]);
1490 }
1491 printf("\n");
1492 }
1493 #endif
1494
1495 switch (command) {
1496 case INQUIRY:
1497 case MODE_SENSE:
1498 case MODE_SENSE_10:
1499 case RESERVE:
1500 case RESERVE_10:
1501 case RELEASE:
1502 case RELEASE_10:
1503 case START_STOP:
1504 case ALLOW_MEDIUM_REMOVAL:
1505 case GET_CONFIGURATION:
1506 case GET_EVENT_STATUS_NOTIFICATION:
1507 case MECHANISM_STATUS:
1508 case REQUEST_SENSE:
1509 break;
1510
1511 default:
1512 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1513 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1514 return 0;
1515 }
1516 break;
1517 }
1518
1519 switch (command) {
1520 case TEST_UNIT_READY:
1521 case INQUIRY:
1522 case MODE_SENSE:
1523 case MODE_SENSE_10:
1524 case RESERVE:
1525 case RESERVE_10:
1526 case RELEASE:
1527 case RELEASE_10:
1528 case START_STOP:
1529 case ALLOW_MEDIUM_REMOVAL:
1530 case READ_CAPACITY_10:
1531 case READ_TOC:
1532 case READ_DISC_INFORMATION:
1533 case READ_DVD_STRUCTURE:
1534 case GET_CONFIGURATION:
1535 case GET_EVENT_STATUS_NOTIFICATION:
1536 case MECHANISM_STATUS:
1537 case SERVICE_ACTION_IN_16:
1538 case REQUEST_SENSE:
1539 rc = scsi_disk_emulate_command(r);
1540 if (rc < 0) {
1541 return 0;
1542 }
1543
1544 r->iov.iov_len = rc;
1545 break;
1546 case SYNCHRONIZE_CACHE:
1547 /* The request is used as the AIO opaque value, so add a ref. */
1548 scsi_req_ref(&r->req);
1549 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1550 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1551 return 0;
1552 case READ_6:
1553 case READ_10:
1554 case READ_12:
1555 case READ_16:
1556 len = r->req.cmd.xfer / s->qdev.blocksize;
1557 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1558 if (r->req.cmd.lba > s->qdev.max_lba) {
1559 goto illegal_lba;
1560 }
1561 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1562 r->sector_count = len * (s->qdev.blocksize / 512);
1563 break;
1564 case VERIFY_10:
1565 case VERIFY_12:
1566 case VERIFY_16:
1567 case WRITE_6:
1568 case WRITE_10:
1569 case WRITE_12:
1570 case WRITE_16:
1571 case WRITE_VERIFY_10:
1572 case WRITE_VERIFY_12:
1573 case WRITE_VERIFY_16:
1574 len = r->req.cmd.xfer / s->qdev.blocksize;
1575 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1576 (command & 0xe) == 0xe ? "And Verify " : "",
1577 r->req.cmd.lba, len);
1578 if (r->req.cmd.lba > s->qdev.max_lba) {
1579 goto illegal_lba;
1580 }
1581 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1582 r->sector_count = len * (s->qdev.blocksize / 512);
1583 break;
1584 case MODE_SELECT:
1585 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1586 /* We don't support mode parameter changes.
1587 Allow the mode parameter header + block descriptors only. */
1588 if (r->req.cmd.xfer > 12) {
1589 goto fail;
1590 }
1591 break;
1592 case MODE_SELECT_10:
1593 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1594 /* We don't support mode parameter changes.
1595 Allow the mode parameter header + block descriptors only. */
1596 if (r->req.cmd.xfer > 16) {
1597 goto fail;
1598 }
1599 break;
1600 case SEEK_10:
1601 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1602 if (r->req.cmd.lba > s->qdev.max_lba) {
1603 goto illegal_lba;
1604 }
1605 break;
1606 case WRITE_SAME_10:
1607 len = lduw_be_p(&buf[7]);
1608 goto write_same;
1609 case WRITE_SAME_16:
1610 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1611 write_same:
1612
1613 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1614 r->req.cmd.lba, len);
1615
1616 if (r->req.cmd.lba > s->qdev.max_lba) {
1617 goto illegal_lba;
1618 }
1619
1620 /*
1621 * We only support WRITE SAME with the unmap bit set for now.
1622 */
1623 if (!(buf[1] & 0x8)) {
1624 goto fail;
1625 }
1626
1627 rc = bdrv_discard(s->qdev.conf.bs,
1628 r->req.cmd.lba * (s->qdev.blocksize / 512),
1629 len * (s->qdev.blocksize / 512));
1630 if (rc < 0) {
1631 /* XXX: better error code ?*/
1632 goto fail;
1633 }
1634
1635 break;
1636 default:
1637 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1638 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1639 return 0;
1640 fail:
1641 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1642 return 0;
1643 illegal_lba:
1644 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1645 return 0;
1646 }
1647 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1648 scsi_req_complete(&r->req, GOOD);
1649 }
1650 len = r->sector_count * 512 + r->iov.iov_len;
1651 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1652 return -len;
1653 } else {
1654 if (!r->sector_count) {
1655 r->sector_count = -1;
1656 }
1657 return len;
1658 }
1659 }
1660
1661 static void scsi_disk_reset(DeviceState *dev)
1662 {
1663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1664 uint64_t nb_sectors;
1665
1666 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1667
1668 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1669 nb_sectors /= s->qdev.blocksize / 512;
1670 if (nb_sectors) {
1671 nb_sectors--;
1672 }
1673 s->qdev.max_lba = nb_sectors;
1674 }
1675
1676 static void scsi_destroy(SCSIDevice *dev)
1677 {
1678 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1679
1680 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1681 blockdev_mark_auto_del(s->qdev.conf.bs);
1682 }
1683
1684 static void scsi_cd_change_media_cb(void *opaque, bool load)
1685 {
1686 SCSIDiskState *s = opaque;
1687
1688 /*
1689 * When a CD gets changed, we have to report an ejected state and
1690 * then a loaded state to guests so that they detect tray
1691 * open/close and media change events. Guests that do not use
1692 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1693 * states rely on this behavior.
1694 *
1695 * media_changed governs the state machine used for unit attention
1696 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1697 */
1698 s->media_changed = load;
1699 s->tray_open = !load;
1700 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1701 s->media_event = true;
1702 s->eject_request = false;
1703 }
1704
1705 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1706 {
1707 SCSIDiskState *s = opaque;
1708
1709 s->eject_request = true;
1710 if (force) {
1711 s->tray_locked = false;
1712 }
1713 }
1714
1715 static bool scsi_cd_is_tray_open(void *opaque)
1716 {
1717 return ((SCSIDiskState *)opaque)->tray_open;
1718 }
1719
1720 static bool scsi_cd_is_medium_locked(void *opaque)
1721 {
1722 return ((SCSIDiskState *)opaque)->tray_locked;
1723 }
1724
1725 static const BlockDevOps scsi_cd_block_ops = {
1726 .change_media_cb = scsi_cd_change_media_cb,
1727 .eject_request_cb = scsi_cd_eject_request_cb,
1728 .is_tray_open = scsi_cd_is_tray_open,
1729 .is_medium_locked = scsi_cd_is_medium_locked,
1730 };
1731
1732 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1733 {
1734 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1735 if (s->media_changed) {
1736 s->media_changed = false;
1737 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1738 }
1739 }
1740
1741 static int scsi_initfn(SCSIDevice *dev)
1742 {
1743 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1744 DriveInfo *dinfo;
1745
1746 if (!s->qdev.conf.bs) {
1747 error_report("drive property not set");
1748 return -1;
1749 }
1750
1751 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1752 !bdrv_is_inserted(s->qdev.conf.bs)) {
1753 error_report("Device needs media, but drive is empty");
1754 return -1;
1755 }
1756
1757 if (!s->serial) {
1758 /* try to fall back to value set with legacy -drive serial=... */
1759 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1760 if (*dinfo->serial) {
1761 s->serial = g_strdup(dinfo->serial);
1762 }
1763 }
1764
1765 if (!s->version) {
1766 s->version = g_strdup(qemu_get_version());
1767 }
1768
1769 if (bdrv_is_sg(s->qdev.conf.bs)) {
1770 error_report("unwanted /dev/sg*");
1771 return -1;
1772 }
1773
1774 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1775 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1776 }
1777 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1778
1779 bdrv_iostatus_enable(s->qdev.conf.bs);
1780 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1781 return 0;
1782 }
1783
1784 static int scsi_hd_initfn(SCSIDevice *dev)
1785 {
1786 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1787 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1788 s->qdev.type = TYPE_DISK;
1789 return scsi_initfn(&s->qdev);
1790 }
1791
1792 static int scsi_cd_initfn(SCSIDevice *dev)
1793 {
1794 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1795 s->qdev.blocksize = 2048;
1796 s->qdev.type = TYPE_ROM;
1797 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1798 return scsi_initfn(&s->qdev);
1799 }
1800
1801 static int scsi_disk_initfn(SCSIDevice *dev)
1802 {
1803 DriveInfo *dinfo;
1804
1805 if (!dev->conf.bs) {
1806 return scsi_initfn(dev); /* ... and die there */
1807 }
1808
1809 dinfo = drive_get_by_blockdev(dev->conf.bs);
1810 if (dinfo->media_cd) {
1811 return scsi_cd_initfn(dev);
1812 } else {
1813 return scsi_hd_initfn(dev);
1814 }
1815 }
1816
1817 static const SCSIReqOps scsi_disk_reqops = {
1818 .size = sizeof(SCSIDiskReq),
1819 .free_req = scsi_free_request,
1820 .send_command = scsi_send_command,
1821 .read_data = scsi_read_data,
1822 .write_data = scsi_write_data,
1823 .cancel_io = scsi_cancel_io,
1824 .get_buf = scsi_get_buf,
1825 .load_request = scsi_disk_load_request,
1826 .save_request = scsi_disk_save_request,
1827 };
1828
1829 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1830 uint8_t *buf, void *hba_private)
1831 {
1832 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1833 SCSIRequest *req;
1834
1835 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1836 return req;
1837 }
1838
1839 #ifdef __linux__
1840 static int get_device_type(SCSIDiskState *s)
1841 {
1842 BlockDriverState *bdrv = s->qdev.conf.bs;
1843 uint8_t cmd[16];
1844 uint8_t buf[36];
1845 uint8_t sensebuf[8];
1846 sg_io_hdr_t io_header;
1847 int ret;
1848
1849 memset(cmd, 0, sizeof(cmd));
1850 memset(buf, 0, sizeof(buf));
1851 cmd[0] = INQUIRY;
1852 cmd[4] = sizeof(buf);
1853
1854 memset(&io_header, 0, sizeof(io_header));
1855 io_header.interface_id = 'S';
1856 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1857 io_header.dxfer_len = sizeof(buf);
1858 io_header.dxferp = buf;
1859 io_header.cmdp = cmd;
1860 io_header.cmd_len = sizeof(cmd);
1861 io_header.mx_sb_len = sizeof(sensebuf);
1862 io_header.sbp = sensebuf;
1863 io_header.timeout = 6000; /* XXX */
1864
1865 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1866 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1867 return -1;
1868 }
1869 s->qdev.type = buf[0];
1870 if (buf[1] & 0x80) {
1871 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1872 }
1873 return 0;
1874 }
1875
1876 static int scsi_block_initfn(SCSIDevice *dev)
1877 {
1878 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1879 int sg_version;
1880 int rc;
1881
1882 if (!s->qdev.conf.bs) {
1883 error_report("scsi-block: drive property not set");
1884 return -1;
1885 }
1886
1887 /* check we are using a driver managing SG_IO (version 3 and after) */
1888 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1889 sg_version < 30000) {
1890 error_report("scsi-block: scsi generic interface too old");
1891 return -1;
1892 }
1893
1894 /* get device type from INQUIRY data */
1895 rc = get_device_type(s);
1896 if (rc < 0) {
1897 error_report("scsi-block: INQUIRY failed");
1898 return -1;
1899 }
1900
1901 /* Make a guess for the block size, we'll fix it when the guest sends.
1902 * READ CAPACITY. If they don't, they likely would assume these sizes
1903 * anyway. (TODO: check in /sys).
1904 */
1905 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1906 s->qdev.blocksize = 2048;
1907 } else {
1908 s->qdev.blocksize = 512;
1909 }
1910 return scsi_initfn(&s->qdev);
1911 }
1912
1913 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1914 uint32_t lun, uint8_t *buf,
1915 void *hba_private)
1916 {
1917 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1918
1919 switch (buf[0]) {
1920 case READ_6:
1921 case READ_10:
1922 case READ_12:
1923 case READ_16:
1924 case VERIFY_10:
1925 case VERIFY_12:
1926 case VERIFY_16:
1927 case WRITE_6:
1928 case WRITE_10:
1929 case WRITE_12:
1930 case WRITE_16:
1931 case WRITE_VERIFY_10:
1932 case WRITE_VERIFY_12:
1933 case WRITE_VERIFY_16:
1934 /* If we are not using O_DIRECT, we might read stale data from the
1935 * host cache if writes were made using other commands than these
1936 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1937 * O_DIRECT everything must go through SG_IO.
1938 */
1939 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1940 break;
1941 }
1942
1943 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1944 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1945 * And once you do these writes, reading from the block device is
1946 * unreliable, too. It is even possible that reads deliver random data
1947 * from the host page cache (this is probably a Linux bug).
1948 *
1949 * We might use scsi_disk_reqops as long as no writing commands are
1950 * seen, but performance usually isn't paramount on optical media. So,
1951 * just make scsi-block operate the same as scsi-generic for them.
1952 */
1953 if (s->qdev.type == TYPE_ROM) {
1954 break;
1955 }
1956 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1957 hba_private);
1958 }
1959
1960 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1961 hba_private);
1962 }
1963 #endif
1964
1965 #define DEFINE_SCSI_DISK_PROPERTIES() \
1966 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1967 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1968 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1969
1970 static Property scsi_hd_properties[] = {
1971 DEFINE_SCSI_DISK_PROPERTIES(),
1972 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1973 SCSI_DISK_F_REMOVABLE, false),
1974 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1975 SCSI_DISK_F_DPOFUA, false),
1976 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1977 DEFINE_PROP_END_OF_LIST(),
1978 };
1979
1980 static const VMStateDescription vmstate_scsi_disk_state = {
1981 .name = "scsi-disk",
1982 .version_id = 1,
1983 .minimum_version_id = 1,
1984 .minimum_version_id_old = 1,
1985 .fields = (VMStateField[]) {
1986 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1987 VMSTATE_BOOL(media_changed, SCSIDiskState),
1988 VMSTATE_BOOL(media_event, SCSIDiskState),
1989 VMSTATE_BOOL(eject_request, SCSIDiskState),
1990 VMSTATE_BOOL(tray_open, SCSIDiskState),
1991 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1992 VMSTATE_END_OF_LIST()
1993 }
1994 };
1995
1996 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1997 {
1998 DeviceClass *dc = DEVICE_CLASS(klass);
1999 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2000
2001 sc->init = scsi_hd_initfn;
2002 sc->destroy = scsi_destroy;
2003 sc->alloc_req = scsi_new_request;
2004 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2005 dc->fw_name = "disk";
2006 dc->desc = "virtual SCSI disk";
2007 dc->reset = scsi_disk_reset;
2008 dc->props = scsi_hd_properties;
2009 dc->vmsd = &vmstate_scsi_disk_state;
2010 }
2011
2012 static TypeInfo scsi_hd_info = {
2013 .name = "scsi-hd",
2014 .parent = TYPE_SCSI_DEVICE,
2015 .instance_size = sizeof(SCSIDiskState),
2016 .class_init = scsi_hd_class_initfn,
2017 };
2018
2019 static Property scsi_cd_properties[] = {
2020 DEFINE_SCSI_DISK_PROPERTIES(),
2021 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2022 DEFINE_PROP_END_OF_LIST(),
2023 };
2024
2025 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2026 {
2027 DeviceClass *dc = DEVICE_CLASS(klass);
2028 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2029
2030 sc->init = scsi_cd_initfn;
2031 sc->destroy = scsi_destroy;
2032 sc->alloc_req = scsi_new_request;
2033 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2034 dc->fw_name = "disk";
2035 dc->desc = "virtual SCSI CD-ROM";
2036 dc->reset = scsi_disk_reset;
2037 dc->props = scsi_cd_properties;
2038 dc->vmsd = &vmstate_scsi_disk_state;
2039 }
2040
2041 static TypeInfo scsi_cd_info = {
2042 .name = "scsi-cd",
2043 .parent = TYPE_SCSI_DEVICE,
2044 .instance_size = sizeof(SCSIDiskState),
2045 .class_init = scsi_cd_class_initfn,
2046 };
2047
2048 #ifdef __linux__
2049 static Property scsi_block_properties[] = {
2050 DEFINE_SCSI_DISK_PROPERTIES(),
2051 DEFINE_PROP_END_OF_LIST(),
2052 };
2053
2054 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2055 {
2056 DeviceClass *dc = DEVICE_CLASS(klass);
2057 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2058
2059 sc->init = scsi_block_initfn;
2060 sc->destroy = scsi_destroy;
2061 sc->alloc_req = scsi_block_new_request;
2062 dc->fw_name = "disk";
2063 dc->desc = "SCSI block device passthrough";
2064 dc->reset = scsi_disk_reset;
2065 dc->props = scsi_block_properties;
2066 dc->vmsd = &vmstate_scsi_disk_state;
2067 }
2068
2069 static TypeInfo scsi_block_info = {
2070 .name = "scsi-block",
2071 .parent = TYPE_SCSI_DEVICE,
2072 .instance_size = sizeof(SCSIDiskState),
2073 .class_init = scsi_block_class_initfn,
2074 };
2075 #endif
2076
2077 static Property scsi_disk_properties[] = {
2078 DEFINE_SCSI_DISK_PROPERTIES(),
2079 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2080 SCSI_DISK_F_REMOVABLE, false),
2081 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2082 SCSI_DISK_F_DPOFUA, false),
2083 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2084 DEFINE_PROP_END_OF_LIST(),
2085 };
2086
2087 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2088 {
2089 DeviceClass *dc = DEVICE_CLASS(klass);
2090 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2091
2092 sc->init = scsi_disk_initfn;
2093 sc->destroy = scsi_destroy;
2094 sc->alloc_req = scsi_new_request;
2095 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2096 dc->fw_name = "disk";
2097 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2098 dc->reset = scsi_disk_reset;
2099 dc->props = scsi_disk_properties;
2100 dc->vmsd = &vmstate_scsi_disk_state;
2101 }
2102
2103 static TypeInfo scsi_disk_info = {
2104 .name = "scsi-disk",
2105 .parent = TYPE_SCSI_DEVICE,
2106 .instance_size = sizeof(SCSIDiskState),
2107 .class_init = scsi_disk_class_initfn,
2108 };
2109
2110 static void scsi_disk_register_types(void)
2111 {
2112 type_register_static(&scsi_hd_info);
2113 type_register_static(&scsi_cd_info);
2114 #ifdef __linux__
2115 type_register_static(&scsi_block_info);
2116 #endif
2117 type_register_static(&scsi_disk_info);
2118 }
2119
2120 type_init(scsi_disk_register_types)
Patch queue for openSUSE QEMU