1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "sysemu/dma.h" 39 40 #ifdef __linux 41 #include <scsi/sg.h> 42 #endif 43 44 #define SCSI_WRITE_SAME_MAX 524288 45 #define SCSI_DMA_BUF_SIZE 131072 46 #define SCSI_MAX_INQUIRY_LEN 256 47 #define SCSI_MAX_MODE_LEN 256 48 49 #define DEFAULT_DISCARD_GRANULARITY 4096 50 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 51 52 typedef struct SCSIDiskState SCSIDiskState; 53 54 typedef struct SCSIDiskReq { 55 SCSIRequest req; 56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 57 uint64_t sector; 58 uint32_t sector_count; 59 uint32_t buflen; 60 bool started; 61 struct iovec iov; 62 QEMUIOVector qiov; 63 BlockAcctCookie acct; 64 } SCSIDiskReq; 65 66 #define SCSI_DISK_F_REMOVABLE 0 67 #define SCSI_DISK_F_DPOFUA 1 68 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 69 70 struct SCSIDiskState 71 { 72 SCSIDevice qdev; 73 uint32_t features; 74 bool media_changed; 75 bool media_event; 76 bool eject_request; 77 uint64_t wwn; 78 uint64_t port_wwn; 79 uint16_t port_index; 80 uint64_t max_unmap_size; 81 QEMUBH *bh; 82 char *version; 83 char *serial; 84 char *vendor; 85 char *product; 86 bool tray_open; 87 bool tray_locked; 88 }; 89 90 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 91 92 static void scsi_free_request(SCSIRequest *req) 93 { 94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 95 96 qemu_vfree(r->iov.iov_base); 97 } 98 99 /* Helper function for command completion with sense. */ 100 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 101 { 102 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 103 r->req.tag, sense.key, sense.asc, sense.ascq); 104 scsi_req_build_sense(&r->req, sense); 105 scsi_req_complete(&r->req, CHECK_CONDITION); 106 } 107 108 /* Cancel a pending data transfer. */ 109 static void scsi_cancel_io(SCSIRequest *req) 110 { 111 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 112 113 DPRINTF("Cancel tag=0x%x\n", req->tag); 114 if (r->req.aiocb) { 115 bdrv_aio_cancel(r->req.aiocb); 116 117 /* This reference was left in by scsi_*_data. We take ownership of 118 * it the moment scsi_req_cancel is called, independent of whether 119 * bdrv_aio_cancel completes the request or not. */ 120 scsi_req_unref(&r->req); 121 } 122 r->req.aiocb = NULL; 123 } 124 125 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 126 { 127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 128 129 if (!r->iov.iov_base) { 130 r->buflen = size; 131 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 132 } 133 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 134 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 135 return r->qiov.size / 512; 136 } 137 138 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 139 { 140 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 141 142 qemu_put_be64s(f, &r->sector); 143 qemu_put_be32s(f, &r->sector_count); 144 qemu_put_be32s(f, &r->buflen); 145 if (r->buflen) { 146 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 148 } else if (!req->retry) { 149 uint32_t len = r->iov.iov_len; 150 qemu_put_be32s(f, &len); 151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } 153 } 154 } 155 156 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 157 { 158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 159 160 qemu_get_be64s(f, &r->sector); 161 qemu_get_be32s(f, &r->sector_count); 162 qemu_get_be32s(f, &r->buflen); 163 if (r->buflen) { 164 scsi_init_iovec(r, r->buflen); 165 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 167 } else if (!r->req.retry) { 168 uint32_t len; 169 qemu_get_be32s(f, &len); 170 r->iov.iov_len = len; 171 assert(r->iov.iov_len <= r->buflen); 172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 173 } 174 } 175 176 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 177 } 178 179 static void scsi_aio_complete(void *opaque, int ret) 180 { 181 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 183 184 assert(r->req.aiocb != NULL); 185 r->req.aiocb = NULL; 186 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 187 if (r->req.io_canceled) { 188 goto done; 189 } 190 191 if (ret < 0) { 192 if (scsi_handle_rw_error(r, -ret)) { 193 goto done; 194 } 195 } 196 197 scsi_req_complete(&r->req, GOOD); 198 199 done: 200 if (!r->req.io_canceled) { 201 scsi_req_unref(&r->req); 202 } 203 } 204 205 static bool scsi_is_cmd_fua(SCSICommand *cmd) 206 { 207 switch (cmd->buf[0]) { 208 case READ_10: 209 case READ_12: 210 case READ_16: 211 case WRITE_10: 212 case WRITE_12: 213 case WRITE_16: 214 return (cmd->buf[1] & 8) != 0; 215 216 case VERIFY_10: 217 case VERIFY_12: 218 case VERIFY_16: 219 case WRITE_VERIFY_10: 220 case WRITE_VERIFY_12: 221 case WRITE_VERIFY_16: 222 return true; 223 224 case READ_6: 225 case WRITE_6: 226 default: 227 return false; 228 } 229 } 230 231 static void scsi_write_do_fua(SCSIDiskReq *r) 232 { 233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 234 235 if (r->req.io_canceled) { 236 goto done; 237 } 238 239 if (scsi_is_cmd_fua(&r->req.cmd)) { 240 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 241 BLOCK_ACCT_FLUSH); 242 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 243 return; 244 } 245 246 scsi_req_complete(&r->req, GOOD); 247 248 done: 249 if (!r->req.io_canceled) { 250 scsi_req_unref(&r->req); 251 } 252 } 253 254 static void scsi_dma_complete_noio(void *opaque, int ret) 255 { 256 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 257 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 258 259 if (r->req.aiocb != NULL) { 260 r->req.aiocb = NULL; 261 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 262 } 263 if (r->req.io_canceled) { 264 goto done; 265 } 266 267 if (ret < 0) { 268 if (scsi_handle_rw_error(r, -ret)) { 269 goto done; 270 } 271 } 272 273 r->sector += r->sector_count; 274 r->sector_count = 0; 275 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 276 scsi_write_do_fua(r); 277 return; 278 } else { 279 scsi_req_complete(&r->req, GOOD); 280 } 281 282 done: 283 if (!r->req.io_canceled) { 284 scsi_req_unref(&r->req); 285 } 286 } 287 288 static void scsi_dma_complete(void *opaque, int ret) 289 { 290 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 291 292 assert(r->req.aiocb != NULL); 293 scsi_dma_complete_noio(opaque, ret); 294 } 295 296 static void scsi_read_complete(void * opaque, int ret) 297 { 298 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 299 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 300 int n; 301 302 assert(r->req.aiocb != NULL); 303 r->req.aiocb = NULL; 304 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 305 if (r->req.io_canceled) { 306 goto done; 307 } 308 309 if (ret < 0) { 310 if (scsi_handle_rw_error(r, -ret)) { 311 goto done; 312 } 313 } 314 315 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 316 317 n = r->qiov.size / 512; 318 r->sector += n; 319 r->sector_count -= n; 320 scsi_req_data(&r->req, r->qiov.size); 321 322 done: 323 if (!r->req.io_canceled) { 324 scsi_req_unref(&r->req); 325 } 326 } 327 328 /* Actually issue a read to the block device. */ 329 static void scsi_do_read(void *opaque, int ret) 330 { 331 SCSIDiskReq *r = opaque; 332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 333 uint32_t n; 334 335 if (r->req.aiocb != NULL) { 336 r->req.aiocb = NULL; 337 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 338 } 339 if (r->req.io_canceled) { 340 goto done; 341 } 342 343 if (ret < 0) { 344 if (scsi_handle_rw_error(r, -ret)) { 345 goto done; 346 } 347 } 348 349 /* The request is used as the AIO opaque value, so add a ref. */ 350 scsi_req_ref(&r->req); 351 352 if (r->req.sg) { 353 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BLOCK_ACCT_READ); 354 r->req.resid -= r->req.sg->size; 355 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, 356 scsi_dma_complete, r); 357 } else { 358 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 359 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 360 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 361 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, 362 scsi_read_complete, r); 363 } 364 365 done: 366 if (!r->req.io_canceled) { 367 scsi_req_unref(&r->req); 368 } 369 } 370 371 /* Read more data from scsi device into buffer. */ 372 static void scsi_read_data(SCSIRequest *req) 373 { 374 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 375 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 376 bool first; 377 378 DPRINTF("Read sector_count=%d\n", r->sector_count); 379 if (r->sector_count == 0) { 380 /* This also clears the sense buffer for REQUEST SENSE. */ 381 scsi_req_complete(&r->req, GOOD); 382 return; 383 } 384 385 /* No data transfer may already be in progress */ 386 assert(r->req.aiocb == NULL); 387 388 /* The request is used as the AIO opaque value, so add a ref. */ 389 scsi_req_ref(&r->req); 390 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 391 DPRINTF("Data transfer direction invalid\n"); 392 scsi_read_complete(r, -EINVAL); 393 return; 394 } 395 396 if (s->tray_open) { 397 scsi_read_complete(r, -ENOMEDIUM); 398 return; 399 } 400 401 first = !r->started; 402 r->started = true; 403 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 404 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 405 BLOCK_ACCT_FLUSH); 406 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r); 407 } else { 408 scsi_do_read(r, 0); 409 } 410 } 411 412 /* 413 * scsi_handle_rw_error has two return values. 0 means that the error 414 * must be ignored, 1 means that the error has been processed and the 415 * caller should not do anything else for this request. Note that 416 * scsi_handle_rw_error always manages its reference counts, independent 417 * of the return value. 418 */ 419 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 420 { 421 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 422 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 423 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error); 424 425 if (action == BLOCK_ERROR_ACTION_REPORT) { 426 switch (error) { 427 case ENOMEDIUM: 428 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 429 break; 430 case ENOMEM: 431 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 432 break; 433 case EINVAL: 434 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 435 break; 436 case ENOSPC: 437 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 438 break; 439 default: 440 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 441 break; 442 } 443 } 444 bdrv_error_action(s->qdev.conf.bs, action, is_read, error); 445 if (action == BLOCK_ERROR_ACTION_STOP) { 446 scsi_req_retry(&r->req); 447 } 448 return action != BLOCK_ERROR_ACTION_IGNORE; 449 } 450 451 static void scsi_write_complete(void * opaque, int ret) 452 { 453 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 455 uint32_t n; 456 457 if (r->req.aiocb != NULL) { 458 r->req.aiocb = NULL; 459 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 460 } 461 if (r->req.io_canceled) { 462 goto done; 463 } 464 465 if (ret < 0) { 466 if (scsi_handle_rw_error(r, -ret)) { 467 goto done; 468 } 469 } 470 471 n = r->qiov.size / 512; 472 r->sector += n; 473 r->sector_count -= n; 474 if (r->sector_count == 0) { 475 scsi_write_do_fua(r); 476 return; 477 } else { 478 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 479 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 480 scsi_req_data(&r->req, r->qiov.size); 481 } 482 483 done: 484 if (!r->req.io_canceled) { 485 scsi_req_unref(&r->req); 486 } 487 } 488 489 static void scsi_write_data(SCSIRequest *req) 490 { 491 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 492 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 493 uint32_t n; 494 495 /* No data transfer may already be in progress */ 496 assert(r->req.aiocb == NULL); 497 498 /* The request is used as the AIO opaque value, so add a ref. */ 499 scsi_req_ref(&r->req); 500 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 501 DPRINTF("Data transfer direction invalid\n"); 502 scsi_write_complete(r, -EINVAL); 503 return; 504 } 505 506 if (!r->req.sg && !r->qiov.size) { 507 /* Called for the first time. Ask the driver to send us more data. */ 508 r->started = true; 509 scsi_write_complete(r, 0); 510 return; 511 } 512 if (s->tray_open) { 513 scsi_write_complete(r, -ENOMEDIUM); 514 return; 515 } 516 517 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 518 r->req.cmd.buf[0] == VERIFY_16) { 519 if (r->req.sg) { 520 scsi_dma_complete_noio(r, 0); 521 } else { 522 scsi_write_complete(r, 0); 523 } 524 return; 525 } 526 527 if (r->req.sg) { 528 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 529 r->req.resid -= r->req.sg->size; 530 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, 531 scsi_dma_complete, r); 532 } else { 533 n = r->qiov.size / 512; 534 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 535 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 536 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, 537 scsi_write_complete, r); 538 } 539 } 540 541 /* Return a pointer to the data buffer. */ 542 static uint8_t *scsi_get_buf(SCSIRequest *req) 543 { 544 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 545 546 return (uint8_t *)r->iov.iov_base; 547 } 548 549 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 550 { 551 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 552 int buflen = 0; 553 int start; 554 555 if (req->cmd.buf[1] & 0x1) { 556 /* Vital product data */ 557 uint8_t page_code = req->cmd.buf[2]; 558 559 outbuf[buflen++] = s->qdev.type & 0x1f; 560 outbuf[buflen++] = page_code ; // this page 561 outbuf[buflen++] = 0x00; 562 outbuf[buflen++] = 0x00; 563 start = buflen; 564 565 switch (page_code) { 566 case 0x00: /* Supported page codes, mandatory */ 567 { 568 DPRINTF("Inquiry EVPD[Supported pages] " 569 "buffer size %zd\n", req->cmd.xfer); 570 outbuf[buflen++] = 0x00; // list of supported pages (this page) 571 if (s->serial) { 572 outbuf[buflen++] = 0x80; // unit serial number 573 } 574 outbuf[buflen++] = 0x83; // device identification 575 if (s->qdev.type == TYPE_DISK) { 576 outbuf[buflen++] = 0xb0; // block limits 577 outbuf[buflen++] = 0xb2; // thin provisioning 578 } 579 break; 580 } 581 case 0x80: /* Device serial number, optional */ 582 { 583 int l; 584 585 if (!s->serial) { 586 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 587 return -1; 588 } 589 590 l = strlen(s->serial); 591 if (l > 20) { 592 l = 20; 593 } 594 595 DPRINTF("Inquiry EVPD[Serial number] " 596 "buffer size %zd\n", req->cmd.xfer); 597 memcpy(outbuf+buflen, s->serial, l); 598 buflen += l; 599 break; 600 } 601 602 case 0x83: /* Device identification page, mandatory */ 603 { 604 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs); 605 int max_len = s->serial ? 20 : 255 - 8; 606 int id_len = strlen(str); 607 608 if (id_len > max_len) { 609 id_len = max_len; 610 } 611 DPRINTF("Inquiry EVPD[Device identification] " 612 "buffer size %zd\n", req->cmd.xfer); 613 614 outbuf[buflen++] = 0x2; // ASCII 615 outbuf[buflen++] = 0; // not officially assigned 616 outbuf[buflen++] = 0; // reserved 617 outbuf[buflen++] = id_len; // length of data following 618 memcpy(outbuf+buflen, str, id_len); 619 buflen += id_len; 620 621 if (s->wwn) { 622 outbuf[buflen++] = 0x1; // Binary 623 outbuf[buflen++] = 0x3; // NAA 624 outbuf[buflen++] = 0; // reserved 625 outbuf[buflen++] = 8; 626 stq_be_p(&outbuf[buflen], s->wwn); 627 buflen += 8; 628 } 629 630 if (s->port_wwn) { 631 outbuf[buflen++] = 0x61; // SAS / Binary 632 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 633 outbuf[buflen++] = 0; // reserved 634 outbuf[buflen++] = 8; 635 stq_be_p(&outbuf[buflen], s->port_wwn); 636 buflen += 8; 637 } 638 639 if (s->port_index) { 640 outbuf[buflen++] = 0x61; // SAS / Binary 641 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 642 outbuf[buflen++] = 0; // reserved 643 outbuf[buflen++] = 4; 644 stw_be_p(&outbuf[buflen + 2], s->port_index); 645 buflen += 4; 646 } 647 break; 648 } 649 case 0xb0: /* block limits */ 650 { 651 unsigned int unmap_sectors = 652 s->qdev.conf.discard_granularity / s->qdev.blocksize; 653 unsigned int min_io_size = 654 s->qdev.conf.min_io_size / s->qdev.blocksize; 655 unsigned int opt_io_size = 656 s->qdev.conf.opt_io_size / s->qdev.blocksize; 657 unsigned int max_unmap_sectors = 658 s->max_unmap_size / s->qdev.blocksize; 659 660 if (s->qdev.type == TYPE_ROM) { 661 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 662 page_code); 663 return -1; 664 } 665 /* required VPD size with unmap support */ 666 buflen = 0x40; 667 memset(outbuf + 4, 0, buflen - 4); 668 669 outbuf[4] = 0x1; /* wsnz */ 670 671 /* optimal transfer length granularity */ 672 outbuf[6] = (min_io_size >> 8) & 0xff; 673 outbuf[7] = min_io_size & 0xff; 674 675 /* optimal transfer length */ 676 outbuf[12] = (opt_io_size >> 24) & 0xff; 677 outbuf[13] = (opt_io_size >> 16) & 0xff; 678 outbuf[14] = (opt_io_size >> 8) & 0xff; 679 outbuf[15] = opt_io_size & 0xff; 680 681 /* max unmap LBA count, default is 1GB */ 682 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 683 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 684 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 685 outbuf[23] = max_unmap_sectors & 0xff; 686 687 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 688 outbuf[24] = 0; 689 outbuf[25] = 0; 690 outbuf[26] = 0; 691 outbuf[27] = 255; 692 693 /* optimal unmap granularity */ 694 outbuf[28] = (unmap_sectors >> 24) & 0xff; 695 outbuf[29] = (unmap_sectors >> 16) & 0xff; 696 outbuf[30] = (unmap_sectors >> 8) & 0xff; 697 outbuf[31] = unmap_sectors & 0xff; 698 break; 699 } 700 case 0xb2: /* thin provisioning */ 701 { 702 buflen = 8; 703 outbuf[4] = 0; 704 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 705 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 706 outbuf[7] = 0; 707 break; 708 } 709 default: 710 return -1; 711 } 712 /* done with EVPD */ 713 assert(buflen - start <= 255); 714 outbuf[start - 1] = buflen - start; 715 return buflen; 716 } 717 718 /* Standard INQUIRY data */ 719 if (req->cmd.buf[2] != 0) { 720 return -1; 721 } 722 723 /* PAGE CODE == 0 */ 724 buflen = req->cmd.xfer; 725 if (buflen > SCSI_MAX_INQUIRY_LEN) { 726 buflen = SCSI_MAX_INQUIRY_LEN; 727 } 728 729 outbuf[0] = s->qdev.type & 0x1f; 730 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 731 732 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 733 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 734 735 memset(&outbuf[32], 0, 4); 736 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 737 /* 738 * We claim conformance to SPC-3, which is required for guests 739 * to ask for modern features like READ CAPACITY(16) or the 740 * block characteristics VPD page by default. Not all of SPC-3 741 * is actually implemented, but we're good enough. 742 */ 743 outbuf[2] = 5; 744 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 745 746 if (buflen > 36) { 747 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 748 } else { 749 /* If the allocation length of CDB is too small, 750 the additional length is not adjusted */ 751 outbuf[4] = 36 - 5; 752 } 753 754 /* Sync data transfer and TCQ. */ 755 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 756 return buflen; 757 } 758 759 static inline bool media_is_dvd(SCSIDiskState *s) 760 { 761 uint64_t nb_sectors; 762 if (s->qdev.type != TYPE_ROM) { 763 return false; 764 } 765 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 766 return false; 767 } 768 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 769 return nb_sectors > CD_MAX_SECTORS; 770 } 771 772 static inline bool media_is_cd(SCSIDiskState *s) 773 { 774 uint64_t nb_sectors; 775 if (s->qdev.type != TYPE_ROM) { 776 return false; 777 } 778 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 779 return false; 780 } 781 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 782 return nb_sectors <= CD_MAX_SECTORS; 783 } 784 785 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 786 uint8_t *outbuf) 787 { 788 uint8_t type = r->req.cmd.buf[1] & 7; 789 790 if (s->qdev.type != TYPE_ROM) { 791 return -1; 792 } 793 794 /* Types 1/2 are only defined for Blu-Ray. */ 795 if (type != 0) { 796 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 797 return -1; 798 } 799 800 memset(outbuf, 0, 34); 801 outbuf[1] = 32; 802 outbuf[2] = 0xe; /* last session complete, disc finalized */ 803 outbuf[3] = 1; /* first track on disc */ 804 outbuf[4] = 1; /* # of sessions */ 805 outbuf[5] = 1; /* first track of last session */ 806 outbuf[6] = 1; /* last track of last session */ 807 outbuf[7] = 0x20; /* unrestricted use */ 808 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 809 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 810 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 811 /* 24-31: disc bar code */ 812 /* 32: disc application code */ 813 /* 33: number of OPC tables */ 814 815 return 34; 816 } 817 818 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 819 uint8_t *outbuf) 820 { 821 static const int rds_caps_size[5] = { 822 [0] = 2048 + 4, 823 [1] = 4 + 4, 824 [3] = 188 + 4, 825 [4] = 2048 + 4, 826 }; 827 828 uint8_t media = r->req.cmd.buf[1]; 829 uint8_t layer = r->req.cmd.buf[6]; 830 uint8_t format = r->req.cmd.buf[7]; 831 int size = -1; 832 833 if (s->qdev.type != TYPE_ROM) { 834 return -1; 835 } 836 if (media != 0) { 837 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 838 return -1; 839 } 840 841 if (format != 0xff) { 842 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 843 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 844 return -1; 845 } 846 if (media_is_cd(s)) { 847 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 848 return -1; 849 } 850 if (format >= ARRAY_SIZE(rds_caps_size)) { 851 return -1; 852 } 853 size = rds_caps_size[format]; 854 memset(outbuf, 0, size); 855 } 856 857 switch (format) { 858 case 0x00: { 859 /* Physical format information */ 860 uint64_t nb_sectors; 861 if (layer != 0) { 862 goto fail; 863 } 864 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 865 866 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 867 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 868 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 869 outbuf[7] = 0; /* default densities */ 870 871 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 872 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 873 break; 874 } 875 876 case 0x01: /* DVD copyright information, all zeros */ 877 break; 878 879 case 0x03: /* BCA information - invalid field for no BCA info */ 880 return -1; 881 882 case 0x04: /* DVD disc manufacturing information, all zeros */ 883 break; 884 885 case 0xff: { /* List capabilities */ 886 int i; 887 size = 4; 888 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 889 if (!rds_caps_size[i]) { 890 continue; 891 } 892 outbuf[size] = i; 893 outbuf[size + 1] = 0x40; /* Not writable, readable */ 894 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 895 size += 4; 896 } 897 break; 898 } 899 900 default: 901 return -1; 902 } 903 904 /* Size of buffer, not including 2 byte size field */ 905 stw_be_p(outbuf, size - 2); 906 return size; 907 908 fail: 909 return -1; 910 } 911 912 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 913 { 914 uint8_t event_code, media_status; 915 916 media_status = 0; 917 if (s->tray_open) { 918 media_status = MS_TRAY_OPEN; 919 } else if (bdrv_is_inserted(s->qdev.conf.bs)) { 920 media_status = MS_MEDIA_PRESENT; 921 } 922 923 /* Event notification descriptor */ 924 event_code = MEC_NO_CHANGE; 925 if (media_status != MS_TRAY_OPEN) { 926 if (s->media_event) { 927 event_code = MEC_NEW_MEDIA; 928 s->media_event = false; 929 } else if (s->eject_request) { 930 event_code = MEC_EJECT_REQUESTED; 931 s->eject_request = false; 932 } 933 } 934 935 outbuf[0] = event_code; 936 outbuf[1] = media_status; 937 938 /* These fields are reserved, just clear them. */ 939 outbuf[2] = 0; 940 outbuf[3] = 0; 941 return 4; 942 } 943 944 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 945 uint8_t *outbuf) 946 { 947 int size; 948 uint8_t *buf = r->req.cmd.buf; 949 uint8_t notification_class_request = buf[4]; 950 if (s->qdev.type != TYPE_ROM) { 951 return -1; 952 } 953 if ((buf[1] & 1) == 0) { 954 /* asynchronous */ 955 return -1; 956 } 957 958 size = 4; 959 outbuf[0] = outbuf[1] = 0; 960 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 961 if (notification_class_request & (1 << GESN_MEDIA)) { 962 outbuf[2] = GESN_MEDIA; 963 size += scsi_event_status_media(s, &outbuf[size]); 964 } else { 965 outbuf[2] = 0x80; 966 } 967 stw_be_p(outbuf, size - 4); 968 return size; 969 } 970 971 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 972 { 973 int current; 974 975 if (s->qdev.type != TYPE_ROM) { 976 return -1; 977 } 978 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 979 memset(outbuf, 0, 40); 980 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 981 stw_be_p(&outbuf[6], current); 982 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 983 outbuf[10] = 0x03; /* persistent, current */ 984 outbuf[11] = 8; /* two profiles */ 985 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 986 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 987 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 988 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 989 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 990 stw_be_p(&outbuf[20], 1); 991 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 992 outbuf[23] = 8; 993 stl_be_p(&outbuf[24], 1); /* SCSI */ 994 outbuf[28] = 1; /* DBE = 1, mandatory */ 995 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 996 stw_be_p(&outbuf[32], 3); 997 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 998 outbuf[35] = 4; 999 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1000 /* TODO: Random readable, CD read, DVD read, drive serial number, 1001 power management */ 1002 return 40; 1003 } 1004 1005 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1006 { 1007 if (s->qdev.type != TYPE_ROM) { 1008 return -1; 1009 } 1010 memset(outbuf, 0, 8); 1011 outbuf[5] = 1; /* CD-ROM */ 1012 return 8; 1013 } 1014 1015 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1016 int page_control) 1017 { 1018 static const int mode_sense_valid[0x3f] = { 1019 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1020 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1021 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1022 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1023 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1024 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1025 }; 1026 1027 uint8_t *p = *p_outbuf + 2; 1028 int length; 1029 1030 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1031 return -1; 1032 } 1033 1034 /* 1035 * If Changeable Values are requested, a mask denoting those mode parameters 1036 * that are changeable shall be returned. As we currently don't support 1037 * parameter changes via MODE_SELECT all bits are returned set to zero. 1038 * The buffer was already menset to zero by the caller of this function. 1039 * 1040 * The offsets here are off by two compared to the descriptions in the 1041 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1042 * but it is done so that offsets are consistent within our implementation 1043 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1044 * 2-byte and 4-byte headers. 1045 */ 1046 switch (page) { 1047 case MODE_PAGE_HD_GEOMETRY: 1048 length = 0x16; 1049 if (page_control == 1) { /* Changeable Values */ 1050 break; 1051 } 1052 /* if a geometry hint is available, use it */ 1053 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1054 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1055 p[2] = s->qdev.conf.cyls & 0xff; 1056 p[3] = s->qdev.conf.heads & 0xff; 1057 /* Write precomp start cylinder, disabled */ 1058 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1059 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1060 p[6] = s->qdev.conf.cyls & 0xff; 1061 /* Reduced current start cylinder, disabled */ 1062 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1063 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1064 p[9] = s->qdev.conf.cyls & 0xff; 1065 /* Device step rate [ns], 200ns */ 1066 p[10] = 0; 1067 p[11] = 200; 1068 /* Landing zone cylinder */ 1069 p[12] = 0xff; 1070 p[13] = 0xff; 1071 p[14] = 0xff; 1072 /* Medium rotation rate [rpm], 5400 rpm */ 1073 p[18] = (5400 >> 8) & 0xff; 1074 p[19] = 5400 & 0xff; 1075 break; 1076 1077 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1078 length = 0x1e; 1079 if (page_control == 1) { /* Changeable Values */ 1080 break; 1081 } 1082 /* Transfer rate [kbit/s], 5Mbit/s */ 1083 p[0] = 5000 >> 8; 1084 p[1] = 5000 & 0xff; 1085 /* if a geometry hint is available, use it */ 1086 p[2] = s->qdev.conf.heads & 0xff; 1087 p[3] = s->qdev.conf.secs & 0xff; 1088 p[4] = s->qdev.blocksize >> 8; 1089 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1090 p[7] = s->qdev.conf.cyls & 0xff; 1091 /* Write precomp start cylinder, disabled */ 1092 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1093 p[9] = s->qdev.conf.cyls & 0xff; 1094 /* Reduced current start cylinder, disabled */ 1095 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1096 p[11] = s->qdev.conf.cyls & 0xff; 1097 /* Device step rate [100us], 100us */ 1098 p[12] = 0; 1099 p[13] = 1; 1100 /* Device step pulse width [us], 1us */ 1101 p[14] = 1; 1102 /* Device head settle delay [100us], 100us */ 1103 p[15] = 0; 1104 p[16] = 1; 1105 /* Motor on delay [0.1s], 0.1s */ 1106 p[17] = 1; 1107 /* Motor off delay [0.1s], 0.1s */ 1108 p[18] = 1; 1109 /* Medium rotation rate [rpm], 5400 rpm */ 1110 p[26] = (5400 >> 8) & 0xff; 1111 p[27] = 5400 & 0xff; 1112 break; 1113 1114 case MODE_PAGE_CACHING: 1115 length = 0x12; 1116 if (page_control == 1 || /* Changeable Values */ 1117 bdrv_enable_write_cache(s->qdev.conf.bs)) { 1118 p[0] = 4; /* WCE */ 1119 } 1120 break; 1121 1122 case MODE_PAGE_R_W_ERROR: 1123 length = 10; 1124 if (page_control == 1) { /* Changeable Values */ 1125 break; 1126 } 1127 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1128 if (s->qdev.type == TYPE_ROM) { 1129 p[1] = 0x20; /* Read Retry Count */ 1130 } 1131 break; 1132 1133 case MODE_PAGE_AUDIO_CTL: 1134 length = 14; 1135 break; 1136 1137 case MODE_PAGE_CAPABILITIES: 1138 length = 0x14; 1139 if (page_control == 1) { /* Changeable Values */ 1140 break; 1141 } 1142 1143 p[0] = 0x3b; /* CD-R & CD-RW read */ 1144 p[1] = 0; /* Writing not supported */ 1145 p[2] = 0x7f; /* Audio, composite, digital out, 1146 mode 2 form 1&2, multi session */ 1147 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1148 RW corrected, C2 errors, ISRC, 1149 UPC, Bar code */ 1150 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1151 /* Locking supported, jumper present, eject, tray */ 1152 p[5] = 0; /* no volume & mute control, no 1153 changer */ 1154 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1155 p[7] = (50 * 176) & 0xff; 1156 p[8] = 2 >> 8; /* Two volume levels */ 1157 p[9] = 2 & 0xff; 1158 p[10] = 2048 >> 8; /* 2M buffer */ 1159 p[11] = 2048 & 0xff; 1160 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1161 p[13] = (16 * 176) & 0xff; 1162 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1163 p[17] = (16 * 176) & 0xff; 1164 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1165 p[19] = (16 * 176) & 0xff; 1166 break; 1167 1168 default: 1169 return -1; 1170 } 1171 1172 assert(length < 256); 1173 (*p_outbuf)[0] = page; 1174 (*p_outbuf)[1] = length; 1175 *p_outbuf += length + 2; 1176 return length + 2; 1177 } 1178 1179 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1180 { 1181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1182 uint64_t nb_sectors; 1183 bool dbd; 1184 int page, buflen, ret, page_control; 1185 uint8_t *p; 1186 uint8_t dev_specific_param; 1187 1188 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1189 page = r->req.cmd.buf[2] & 0x3f; 1190 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1191 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1192 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1193 memset(outbuf, 0, r->req.cmd.xfer); 1194 p = outbuf; 1195 1196 if (s->qdev.type == TYPE_DISK) { 1197 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1198 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1199 dev_specific_param |= 0x80; /* Readonly. */ 1200 } 1201 } else { 1202 /* MMC prescribes that CD/DVD drives have no block descriptors, 1203 * and defines no device-specific parameter. */ 1204 dev_specific_param = 0x00; 1205 dbd = true; 1206 } 1207 1208 if (r->req.cmd.buf[0] == MODE_SENSE) { 1209 p[1] = 0; /* Default media type. */ 1210 p[2] = dev_specific_param; 1211 p[3] = 0; /* Block descriptor length. */ 1212 p += 4; 1213 } else { /* MODE_SENSE_10 */ 1214 p[2] = 0; /* Default media type. */ 1215 p[3] = dev_specific_param; 1216 p[6] = p[7] = 0; /* Block descriptor length. */ 1217 p += 8; 1218 } 1219 1220 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1221 if (!dbd && nb_sectors) { 1222 if (r->req.cmd.buf[0] == MODE_SENSE) { 1223 outbuf[3] = 8; /* Block descriptor length */ 1224 } else { /* MODE_SENSE_10 */ 1225 outbuf[7] = 8; /* Block descriptor length */ 1226 } 1227 nb_sectors /= (s->qdev.blocksize / 512); 1228 if (nb_sectors > 0xffffff) { 1229 nb_sectors = 0; 1230 } 1231 p[0] = 0; /* media density code */ 1232 p[1] = (nb_sectors >> 16) & 0xff; 1233 p[2] = (nb_sectors >> 8) & 0xff; 1234 p[3] = nb_sectors & 0xff; 1235 p[4] = 0; /* reserved */ 1236 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1237 p[6] = s->qdev.blocksize >> 8; 1238 p[7] = 0; 1239 p += 8; 1240 } 1241 1242 if (page_control == 3) { 1243 /* Saved Values */ 1244 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1245 return -1; 1246 } 1247 1248 if (page == 0x3f) { 1249 for (page = 0; page <= 0x3e; page++) { 1250 mode_sense_page(s, page, &p, page_control); 1251 } 1252 } else { 1253 ret = mode_sense_page(s, page, &p, page_control); 1254 if (ret == -1) { 1255 return -1; 1256 } 1257 } 1258 1259 buflen = p - outbuf; 1260 /* 1261 * The mode data length field specifies the length in bytes of the 1262 * following data that is available to be transferred. The mode data 1263 * length does not include itself. 1264 */ 1265 if (r->req.cmd.buf[0] == MODE_SENSE) { 1266 outbuf[0] = buflen - 1; 1267 } else { /* MODE_SENSE_10 */ 1268 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1269 outbuf[1] = (buflen - 2) & 0xff; 1270 } 1271 return buflen; 1272 } 1273 1274 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1275 { 1276 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1277 int start_track, format, msf, toclen; 1278 uint64_t nb_sectors; 1279 1280 msf = req->cmd.buf[1] & 2; 1281 format = req->cmd.buf[2] & 0xf; 1282 start_track = req->cmd.buf[6]; 1283 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1284 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1285 nb_sectors /= s->qdev.blocksize / 512; 1286 switch (format) { 1287 case 0: 1288 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1289 break; 1290 case 1: 1291 /* multi session : only a single session defined */ 1292 toclen = 12; 1293 memset(outbuf, 0, 12); 1294 outbuf[1] = 0x0a; 1295 outbuf[2] = 0x01; 1296 outbuf[3] = 0x01; 1297 break; 1298 case 2: 1299 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1300 break; 1301 default: 1302 return -1; 1303 } 1304 return toclen; 1305 } 1306 1307 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1308 { 1309 SCSIRequest *req = &r->req; 1310 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1311 bool start = req->cmd.buf[4] & 1; 1312 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1313 int pwrcnd = req->cmd.buf[4] & 0xf0; 1314 1315 if (pwrcnd) { 1316 /* eject/load only happens for power condition == 0 */ 1317 return 0; 1318 } 1319 1320 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1321 if (!start && !s->tray_open && s->tray_locked) { 1322 scsi_check_condition(r, 1323 bdrv_is_inserted(s->qdev.conf.bs) 1324 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1325 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1326 return -1; 1327 } 1328 1329 if (s->tray_open != !start) { 1330 bdrv_eject(s->qdev.conf.bs, !start); 1331 s->tray_open = !start; 1332 } 1333 } 1334 return 0; 1335 } 1336 1337 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1338 { 1339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1340 int buflen = r->iov.iov_len; 1341 1342 if (buflen) { 1343 DPRINTF("Read buf_len=%d\n", buflen); 1344 r->iov.iov_len = 0; 1345 r->started = true; 1346 scsi_req_data(&r->req, buflen); 1347 return; 1348 } 1349 1350 /* This also clears the sense buffer for REQUEST SENSE. */ 1351 scsi_req_complete(&r->req, GOOD); 1352 } 1353 1354 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1355 uint8_t *inbuf, int inlen) 1356 { 1357 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1358 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1359 uint8_t *p; 1360 int len, expected_len, changeable_len, i; 1361 1362 /* The input buffer does not include the page header, so it is 1363 * off by 2 bytes. 1364 */ 1365 expected_len = inlen + 2; 1366 if (expected_len > SCSI_MAX_MODE_LEN) { 1367 return -1; 1368 } 1369 1370 p = mode_current; 1371 memset(mode_current, 0, inlen + 2); 1372 len = mode_sense_page(s, page, &p, 0); 1373 if (len < 0 || len != expected_len) { 1374 return -1; 1375 } 1376 1377 p = mode_changeable; 1378 memset(mode_changeable, 0, inlen + 2); 1379 changeable_len = mode_sense_page(s, page, &p, 1); 1380 assert(changeable_len == len); 1381 1382 /* Check that unchangeable bits are the same as what MODE SENSE 1383 * would return. 1384 */ 1385 for (i = 2; i < len; i++) { 1386 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1387 return -1; 1388 } 1389 } 1390 return 0; 1391 } 1392 1393 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1394 { 1395 switch (page) { 1396 case MODE_PAGE_CACHING: 1397 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0); 1398 break; 1399 1400 default: 1401 break; 1402 } 1403 } 1404 1405 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1406 { 1407 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1408 1409 while (len > 0) { 1410 int page, subpage, page_len; 1411 1412 /* Parse both possible formats for the mode page headers. */ 1413 page = p[0] & 0x3f; 1414 if (p[0] & 0x40) { 1415 if (len < 4) { 1416 goto invalid_param_len; 1417 } 1418 subpage = p[1]; 1419 page_len = lduw_be_p(&p[2]); 1420 p += 4; 1421 len -= 4; 1422 } else { 1423 if (len < 2) { 1424 goto invalid_param_len; 1425 } 1426 subpage = 0; 1427 page_len = p[1]; 1428 p += 2; 1429 len -= 2; 1430 } 1431 1432 if (subpage) { 1433 goto invalid_param; 1434 } 1435 if (page_len > len) { 1436 goto invalid_param_len; 1437 } 1438 1439 if (!change) { 1440 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1441 goto invalid_param; 1442 } 1443 } else { 1444 scsi_disk_apply_mode_select(s, page, p); 1445 } 1446 1447 p += page_len; 1448 len -= page_len; 1449 } 1450 return 0; 1451 1452 invalid_param: 1453 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1454 return -1; 1455 1456 invalid_param_len: 1457 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1458 return -1; 1459 } 1460 1461 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1462 { 1463 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1464 uint8_t *p = inbuf; 1465 int cmd = r->req.cmd.buf[0]; 1466 int len = r->req.cmd.xfer; 1467 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1468 int bd_len; 1469 int pass; 1470 1471 /* We only support PF=1, SP=0. */ 1472 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1473 goto invalid_field; 1474 } 1475 1476 if (len < hdr_len) { 1477 goto invalid_param_len; 1478 } 1479 1480 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1481 len -= hdr_len; 1482 p += hdr_len; 1483 if (len < bd_len) { 1484 goto invalid_param_len; 1485 } 1486 if (bd_len != 0 && bd_len != 8) { 1487 goto invalid_param; 1488 } 1489 1490 len -= bd_len; 1491 p += bd_len; 1492 1493 /* Ensure no change is made if there is an error! */ 1494 for (pass = 0; pass < 2; pass++) { 1495 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1496 assert(pass == 0); 1497 return; 1498 } 1499 } 1500 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) { 1501 /* The request is used as the AIO opaque value, so add a ref. */ 1502 scsi_req_ref(&r->req); 1503 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 1504 BLOCK_ACCT_FLUSH); 1505 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1506 return; 1507 } 1508 1509 scsi_req_complete(&r->req, GOOD); 1510 return; 1511 1512 invalid_param: 1513 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1514 return; 1515 1516 invalid_param_len: 1517 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1518 return; 1519 1520 invalid_field: 1521 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1522 } 1523 1524 static inline bool check_lba_range(SCSIDiskState *s, 1525 uint64_t sector_num, uint32_t nb_sectors) 1526 { 1527 /* 1528 * The first line tests that no overflow happens when computing the last 1529 * sector. The second line tests that the last accessed sector is in 1530 * range. 1531 * 1532 * Careful, the computations should not underflow for nb_sectors == 0, 1533 * and a 0-block read to the first LBA beyond the end of device is 1534 * valid. 1535 */ 1536 return (sector_num <= sector_num + nb_sectors && 1537 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1538 } 1539 1540 typedef struct UnmapCBData { 1541 SCSIDiskReq *r; 1542 uint8_t *inbuf; 1543 int count; 1544 } UnmapCBData; 1545 1546 static void scsi_unmap_complete(void *opaque, int ret) 1547 { 1548 UnmapCBData *data = opaque; 1549 SCSIDiskReq *r = data->r; 1550 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1551 uint64_t sector_num; 1552 uint32_t nb_sectors; 1553 1554 r->req.aiocb = NULL; 1555 if (r->req.io_canceled) { 1556 goto done; 1557 } 1558 1559 if (ret < 0) { 1560 if (scsi_handle_rw_error(r, -ret)) { 1561 goto done; 1562 } 1563 } 1564 1565 if (data->count > 0) { 1566 sector_num = ldq_be_p(&data->inbuf[0]); 1567 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1568 if (!check_lba_range(s, sector_num, nb_sectors)) { 1569 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1570 goto done; 1571 } 1572 1573 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1574 sector_num * (s->qdev.blocksize / 512), 1575 nb_sectors * (s->qdev.blocksize / 512), 1576 scsi_unmap_complete, data); 1577 data->count--; 1578 data->inbuf += 16; 1579 return; 1580 } 1581 1582 scsi_req_complete(&r->req, GOOD); 1583 1584 done: 1585 if (!r->req.io_canceled) { 1586 scsi_req_unref(&r->req); 1587 } 1588 g_free(data); 1589 } 1590 1591 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1592 { 1593 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1594 uint8_t *p = inbuf; 1595 int len = r->req.cmd.xfer; 1596 UnmapCBData *data; 1597 1598 /* Reject ANCHOR=1. */ 1599 if (r->req.cmd.buf[1] & 0x1) { 1600 goto invalid_field; 1601 } 1602 1603 if (len < 8) { 1604 goto invalid_param_len; 1605 } 1606 if (len < lduw_be_p(&p[0]) + 2) { 1607 goto invalid_param_len; 1608 } 1609 if (len < lduw_be_p(&p[2]) + 8) { 1610 goto invalid_param_len; 1611 } 1612 if (lduw_be_p(&p[2]) & 15) { 1613 goto invalid_param_len; 1614 } 1615 1616 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1617 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1618 return; 1619 } 1620 1621 data = g_new0(UnmapCBData, 1); 1622 data->r = r; 1623 data->inbuf = &p[8]; 1624 data->count = lduw_be_p(&p[2]) >> 4; 1625 1626 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1627 scsi_req_ref(&r->req); 1628 scsi_unmap_complete(data, 0); 1629 return; 1630 1631 invalid_param_len: 1632 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1633 return; 1634 1635 invalid_field: 1636 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1637 } 1638 1639 typedef struct WriteSameCBData { 1640 SCSIDiskReq *r; 1641 int64_t sector; 1642 int nb_sectors; 1643 QEMUIOVector qiov; 1644 struct iovec iov; 1645 } WriteSameCBData; 1646 1647 static void scsi_write_same_complete(void *opaque, int ret) 1648 { 1649 WriteSameCBData *data = opaque; 1650 SCSIDiskReq *r = data->r; 1651 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1652 1653 assert(r->req.aiocb != NULL); 1654 r->req.aiocb = NULL; 1655 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 1656 if (r->req.io_canceled) { 1657 goto done; 1658 } 1659 1660 if (ret < 0) { 1661 if (scsi_handle_rw_error(r, -ret)) { 1662 goto done; 1663 } 1664 } 1665 1666 data->nb_sectors -= data->iov.iov_len / 512; 1667 data->sector += data->iov.iov_len / 512; 1668 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1669 if (data->iov.iov_len) { 1670 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1671 data->iov.iov_len, BLOCK_ACCT_WRITE); 1672 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1673 &data->qiov, data->iov.iov_len / 512, 1674 scsi_write_same_complete, data); 1675 return; 1676 } 1677 1678 scsi_req_complete(&r->req, GOOD); 1679 1680 done: 1681 if (!r->req.io_canceled) { 1682 scsi_req_unref(&r->req); 1683 } 1684 qemu_vfree(data->iov.iov_base); 1685 g_free(data); 1686 } 1687 1688 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1689 { 1690 SCSIRequest *req = &r->req; 1691 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1692 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); 1693 WriteSameCBData *data; 1694 uint8_t *buf; 1695 int i; 1696 1697 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1698 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1699 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1700 return; 1701 } 1702 1703 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1704 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1705 return; 1706 } 1707 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1708 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1709 return; 1710 } 1711 1712 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1713 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1714 1715 /* The request is used as the AIO opaque value, so add a ref. */ 1716 scsi_req_ref(&r->req); 1717 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1718 nb_sectors * s->qdev.blocksize, 1719 BLOCK_ACCT_WRITE); 1720 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs, 1721 r->req.cmd.lba * (s->qdev.blocksize / 512), 1722 nb_sectors * (s->qdev.blocksize / 512), 1723 flags, scsi_aio_complete, r); 1724 return; 1725 } 1726 1727 data = g_new0(WriteSameCBData, 1); 1728 data->r = r; 1729 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1730 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1731 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1732 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len); 1733 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1734 1735 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1736 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1737 } 1738 1739 scsi_req_ref(&r->req); 1740 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1741 data->iov.iov_len, BLOCK_ACCT_WRITE); 1742 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1743 &data->qiov, data->iov.iov_len / 512, 1744 scsi_write_same_complete, data); 1745 } 1746 1747 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1748 { 1749 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1750 1751 if (r->iov.iov_len) { 1752 int buflen = r->iov.iov_len; 1753 DPRINTF("Write buf_len=%d\n", buflen); 1754 r->iov.iov_len = 0; 1755 scsi_req_data(&r->req, buflen); 1756 return; 1757 } 1758 1759 switch (req->cmd.buf[0]) { 1760 case MODE_SELECT: 1761 case MODE_SELECT_10: 1762 /* This also clears the sense buffer for REQUEST SENSE. */ 1763 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1764 break; 1765 1766 case UNMAP: 1767 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1768 break; 1769 1770 case VERIFY_10: 1771 case VERIFY_12: 1772 case VERIFY_16: 1773 if (r->req.status == -1) { 1774 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1775 } 1776 break; 1777 1778 case WRITE_SAME_10: 1779 case WRITE_SAME_16: 1780 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1781 break; 1782 1783 default: 1784 abort(); 1785 } 1786 } 1787 1788 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1789 { 1790 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1791 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1792 uint64_t nb_sectors; 1793 uint8_t *outbuf; 1794 int buflen; 1795 1796 switch (req->cmd.buf[0]) { 1797 case INQUIRY: 1798 case MODE_SENSE: 1799 case MODE_SENSE_10: 1800 case RESERVE: 1801 case RESERVE_10: 1802 case RELEASE: 1803 case RELEASE_10: 1804 case START_STOP: 1805 case ALLOW_MEDIUM_REMOVAL: 1806 case GET_CONFIGURATION: 1807 case GET_EVENT_STATUS_NOTIFICATION: 1808 case MECHANISM_STATUS: 1809 case REQUEST_SENSE: 1810 break; 1811 1812 default: 1813 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1814 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1815 return 0; 1816 } 1817 break; 1818 } 1819 1820 /* 1821 * FIXME: we shouldn't return anything bigger than 4k, but the code 1822 * requires the buffer to be as big as req->cmd.xfer in several 1823 * places. So, do not allow CDBs with a very large ALLOCATION 1824 * LENGTH. The real fix would be to modify scsi_read_data and 1825 * dma_buf_read, so that they return data beyond the buflen 1826 * as all zeros. 1827 */ 1828 if (req->cmd.xfer > 65536) { 1829 goto illegal_request; 1830 } 1831 r->buflen = MAX(4096, req->cmd.xfer); 1832 1833 if (!r->iov.iov_base) { 1834 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 1835 } 1836 1837 buflen = req->cmd.xfer; 1838 outbuf = r->iov.iov_base; 1839 memset(outbuf, 0, r->buflen); 1840 switch (req->cmd.buf[0]) { 1841 case TEST_UNIT_READY: 1842 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs)); 1843 break; 1844 case INQUIRY: 1845 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1846 if (buflen < 0) { 1847 goto illegal_request; 1848 } 1849 break; 1850 case MODE_SENSE: 1851 case MODE_SENSE_10: 1852 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1853 if (buflen < 0) { 1854 goto illegal_request; 1855 } 1856 break; 1857 case READ_TOC: 1858 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1859 if (buflen < 0) { 1860 goto illegal_request; 1861 } 1862 break; 1863 case RESERVE: 1864 if (req->cmd.buf[1] & 1) { 1865 goto illegal_request; 1866 } 1867 break; 1868 case RESERVE_10: 1869 if (req->cmd.buf[1] & 3) { 1870 goto illegal_request; 1871 } 1872 break; 1873 case RELEASE: 1874 if (req->cmd.buf[1] & 1) { 1875 goto illegal_request; 1876 } 1877 break; 1878 case RELEASE_10: 1879 if (req->cmd.buf[1] & 3) { 1880 goto illegal_request; 1881 } 1882 break; 1883 case START_STOP: 1884 if (scsi_disk_emulate_start_stop(r) < 0) { 1885 return 0; 1886 } 1887 break; 1888 case ALLOW_MEDIUM_REMOVAL: 1889 s->tray_locked = req->cmd.buf[4] & 1; 1890 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1); 1891 break; 1892 case READ_CAPACITY_10: 1893 /* The normal LEN field for this command is zero. */ 1894 memset(outbuf, 0, 8); 1895 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1896 if (!nb_sectors) { 1897 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1898 return 0; 1899 } 1900 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1901 goto illegal_request; 1902 } 1903 nb_sectors /= s->qdev.blocksize / 512; 1904 /* Returned value is the address of the last sector. */ 1905 nb_sectors--; 1906 /* Remember the new size for read/write sanity checking. */ 1907 s->qdev.max_lba = nb_sectors; 1908 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1909 if (nb_sectors > UINT32_MAX) { 1910 nb_sectors = UINT32_MAX; 1911 } 1912 outbuf[0] = (nb_sectors >> 24) & 0xff; 1913 outbuf[1] = (nb_sectors >> 16) & 0xff; 1914 outbuf[2] = (nb_sectors >> 8) & 0xff; 1915 outbuf[3] = nb_sectors & 0xff; 1916 outbuf[4] = 0; 1917 outbuf[5] = 0; 1918 outbuf[6] = s->qdev.blocksize >> 8; 1919 outbuf[7] = 0; 1920 break; 1921 case REQUEST_SENSE: 1922 /* Just return "NO SENSE". */ 1923 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1924 (req->cmd.buf[1] & 1) == 0); 1925 if (buflen < 0) { 1926 goto illegal_request; 1927 } 1928 break; 1929 case MECHANISM_STATUS: 1930 buflen = scsi_emulate_mechanism_status(s, outbuf); 1931 if (buflen < 0) { 1932 goto illegal_request; 1933 } 1934 break; 1935 case GET_CONFIGURATION: 1936 buflen = scsi_get_configuration(s, outbuf); 1937 if (buflen < 0) { 1938 goto illegal_request; 1939 } 1940 break; 1941 case GET_EVENT_STATUS_NOTIFICATION: 1942 buflen = scsi_get_event_status_notification(s, r, outbuf); 1943 if (buflen < 0) { 1944 goto illegal_request; 1945 } 1946 break; 1947 case READ_DISC_INFORMATION: 1948 buflen = scsi_read_disc_information(s, r, outbuf); 1949 if (buflen < 0) { 1950 goto illegal_request; 1951 } 1952 break; 1953 case READ_DVD_STRUCTURE: 1954 buflen = scsi_read_dvd_structure(s, r, outbuf); 1955 if (buflen < 0) { 1956 goto illegal_request; 1957 } 1958 break; 1959 case SERVICE_ACTION_IN_16: 1960 /* Service Action In subcommands. */ 1961 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1962 DPRINTF("SAI READ CAPACITY(16)\n"); 1963 memset(outbuf, 0, req->cmd.xfer); 1964 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1965 if (!nb_sectors) { 1966 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1967 return 0; 1968 } 1969 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1970 goto illegal_request; 1971 } 1972 nb_sectors /= s->qdev.blocksize / 512; 1973 /* Returned value is the address of the last sector. */ 1974 nb_sectors--; 1975 /* Remember the new size for read/write sanity checking. */ 1976 s->qdev.max_lba = nb_sectors; 1977 outbuf[0] = (nb_sectors >> 56) & 0xff; 1978 outbuf[1] = (nb_sectors >> 48) & 0xff; 1979 outbuf[2] = (nb_sectors >> 40) & 0xff; 1980 outbuf[3] = (nb_sectors >> 32) & 0xff; 1981 outbuf[4] = (nb_sectors >> 24) & 0xff; 1982 outbuf[5] = (nb_sectors >> 16) & 0xff; 1983 outbuf[6] = (nb_sectors >> 8) & 0xff; 1984 outbuf[7] = nb_sectors & 0xff; 1985 outbuf[8] = 0; 1986 outbuf[9] = 0; 1987 outbuf[10] = s->qdev.blocksize >> 8; 1988 outbuf[11] = 0; 1989 outbuf[12] = 0; 1990 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1991 1992 /* set TPE bit if the format supports discard */ 1993 if (s->qdev.conf.discard_granularity) { 1994 outbuf[14] = 0x80; 1995 } 1996 1997 /* Protection, exponent and lowest lba field left blank. */ 1998 break; 1999 } 2000 DPRINTF("Unsupported Service Action In\n"); 2001 goto illegal_request; 2002 case SYNCHRONIZE_CACHE: 2003 /* The request is used as the AIO opaque value, so add a ref. */ 2004 scsi_req_ref(&r->req); 2005 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 2006 BLOCK_ACCT_FLUSH); 2007 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 2008 return 0; 2009 case SEEK_10: 2010 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2011 if (r->req.cmd.lba > s->qdev.max_lba) { 2012 goto illegal_lba; 2013 } 2014 break; 2015 case MODE_SELECT: 2016 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2017 break; 2018 case MODE_SELECT_10: 2019 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2020 break; 2021 case UNMAP: 2022 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2023 break; 2024 case VERIFY_10: 2025 case VERIFY_12: 2026 case VERIFY_16: 2027 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2028 if (req->cmd.buf[1] & 6) { 2029 goto illegal_request; 2030 } 2031 break; 2032 case WRITE_SAME_10: 2033 case WRITE_SAME_16: 2034 DPRINTF("WRITE SAME %d (len %lu)\n", 2035 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2036 (long)r->req.cmd.xfer); 2037 break; 2038 default: 2039 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2040 scsi_command_name(buf[0])); 2041 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2042 return 0; 2043 } 2044 assert(!r->req.aiocb); 2045 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2046 if (r->iov.iov_len == 0) { 2047 scsi_req_complete(&r->req, GOOD); 2048 } 2049 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2050 assert(r->iov.iov_len == req->cmd.xfer); 2051 return -r->iov.iov_len; 2052 } else { 2053 return r->iov.iov_len; 2054 } 2055 2056 illegal_request: 2057 if (r->req.status == -1) { 2058 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2059 } 2060 return 0; 2061 2062 illegal_lba: 2063 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2064 return 0; 2065 } 2066 2067 /* Execute a scsi command. Returns the length of the data expected by the 2068 command. This will be Positive for data transfers from the device 2069 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2070 and zero if the command does not transfer any data. */ 2071 2072 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2073 { 2074 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2075 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2076 uint32_t len; 2077 uint8_t command; 2078 2079 command = buf[0]; 2080 2081 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 2082 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2083 return 0; 2084 } 2085 2086 len = scsi_data_cdb_length(r->req.cmd.buf); 2087 switch (command) { 2088 case READ_6: 2089 case READ_10: 2090 case READ_12: 2091 case READ_16: 2092 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2093 if (r->req.cmd.buf[1] & 0xe0) { 2094 goto illegal_request; 2095 } 2096 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2097 goto illegal_lba; 2098 } 2099 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2100 r->sector_count = len * (s->qdev.blocksize / 512); 2101 break; 2102 case WRITE_6: 2103 case WRITE_10: 2104 case WRITE_12: 2105 case WRITE_16: 2106 case WRITE_VERIFY_10: 2107 case WRITE_VERIFY_12: 2108 case WRITE_VERIFY_16: 2109 if (bdrv_is_read_only(s->qdev.conf.bs)) { 2110 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2111 return 0; 2112 } 2113 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2114 (command & 0xe) == 0xe ? "And Verify " : "", 2115 r->req.cmd.lba, len); 2116 if (r->req.cmd.buf[1] & 0xe0) { 2117 goto illegal_request; 2118 } 2119 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2120 goto illegal_lba; 2121 } 2122 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2123 r->sector_count = len * (s->qdev.blocksize / 512); 2124 break; 2125 default: 2126 abort(); 2127 illegal_request: 2128 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2129 return 0; 2130 illegal_lba: 2131 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2132 return 0; 2133 } 2134 if (r->sector_count == 0) { 2135 scsi_req_complete(&r->req, GOOD); 2136 } 2137 assert(r->iov.iov_len == 0); 2138 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2139 return -r->sector_count * 512; 2140 } else { 2141 return r->sector_count * 512; 2142 } 2143 } 2144 2145 static void scsi_disk_reset(DeviceState *dev) 2146 { 2147 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2148 uint64_t nb_sectors; 2149 2150 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2151 2152 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 2153 nb_sectors /= s->qdev.blocksize / 512; 2154 if (nb_sectors) { 2155 nb_sectors--; 2156 } 2157 s->qdev.max_lba = nb_sectors; 2158 /* reset tray statuses */ 2159 s->tray_locked = 0; 2160 s->tray_open = 0; 2161 } 2162 2163 static void scsi_unrealize(SCSIDevice *dev, Error **errp) 2164 { 2165 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2166 2167 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE)); 2168 blockdev_mark_auto_del(s->qdev.conf.bs); 2169 } 2170 2171 static void scsi_disk_resize_cb(void *opaque) 2172 { 2173 SCSIDiskState *s = opaque; 2174 2175 /* SPC lists this sense code as available only for 2176 * direct-access devices. 2177 */ 2178 if (s->qdev.type == TYPE_DISK) { 2179 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2180 } 2181 } 2182 2183 static void scsi_cd_change_media_cb(void *opaque, bool load) 2184 { 2185 SCSIDiskState *s = opaque; 2186 2187 /* 2188 * When a CD gets changed, we have to report an ejected state and 2189 * then a loaded state to guests so that they detect tray 2190 * open/close and media change events. Guests that do not use 2191 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2192 * states rely on this behavior. 2193 * 2194 * media_changed governs the state machine used for unit attention 2195 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2196 */ 2197 s->media_changed = load; 2198 s->tray_open = !load; 2199 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2200 s->media_event = true; 2201 s->eject_request = false; 2202 } 2203 2204 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2205 { 2206 SCSIDiskState *s = opaque; 2207 2208 s->eject_request = true; 2209 if (force) { 2210 s->tray_locked = false; 2211 } 2212 } 2213 2214 static bool scsi_cd_is_tray_open(void *opaque) 2215 { 2216 return ((SCSIDiskState *)opaque)->tray_open; 2217 } 2218 2219 static bool scsi_cd_is_medium_locked(void *opaque) 2220 { 2221 return ((SCSIDiskState *)opaque)->tray_locked; 2222 } 2223 2224 static const BlockDevOps scsi_disk_removable_block_ops = { 2225 .change_media_cb = scsi_cd_change_media_cb, 2226 .eject_request_cb = scsi_cd_eject_request_cb, 2227 .is_tray_open = scsi_cd_is_tray_open, 2228 .is_medium_locked = scsi_cd_is_medium_locked, 2229 2230 .resize_cb = scsi_disk_resize_cb, 2231 }; 2232 2233 static const BlockDevOps scsi_disk_block_ops = { 2234 .resize_cb = scsi_disk_resize_cb, 2235 }; 2236 2237 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2238 { 2239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2240 if (s->media_changed) { 2241 s->media_changed = false; 2242 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2243 } 2244 } 2245 2246 static void scsi_realize(SCSIDevice *dev, Error **errp) 2247 { 2248 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2249 Error *err = NULL; 2250 2251 if (!s->qdev.conf.bs) { 2252 error_setg(errp, "drive property not set"); 2253 return; 2254 } 2255 2256 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2257 !bdrv_is_inserted(s->qdev.conf.bs)) { 2258 error_setg(errp, "Device needs media, but drive is empty"); 2259 return; 2260 } 2261 2262 blkconf_serial(&s->qdev.conf, &s->serial); 2263 if (dev->type == TYPE_DISK) { 2264 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2265 if (err) { 2266 error_propagate(errp, err); 2267 return; 2268 } 2269 } 2270 2271 if (s->qdev.conf.discard_granularity == -1) { 2272 s->qdev.conf.discard_granularity = 2273 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2274 } 2275 2276 if (!s->version) { 2277 s->version = g_strdup(qemu_get_version()); 2278 } 2279 if (!s->vendor) { 2280 s->vendor = g_strdup("QEMU"); 2281 } 2282 2283 if (bdrv_is_sg(s->qdev.conf.bs)) { 2284 error_setg(errp, "unwanted /dev/sg*"); 2285 return; 2286 } 2287 2288 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2289 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2290 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s); 2291 } else { 2292 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s); 2293 } 2294 bdrv_set_guest_block_size(s->qdev.conf.bs, s->qdev.blocksize); 2295 2296 bdrv_iostatus_enable(s->qdev.conf.bs); 2297 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL); 2298 } 2299 2300 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2301 { 2302 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2303 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2304 s->qdev.type = TYPE_DISK; 2305 if (!s->product) { 2306 s->product = g_strdup("QEMU HARDDISK"); 2307 } 2308 scsi_realize(&s->qdev, errp); 2309 } 2310 2311 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2312 { 2313 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2314 s->qdev.blocksize = 2048; 2315 s->qdev.type = TYPE_ROM; 2316 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2317 if (!s->product) { 2318 s->product = g_strdup("QEMU CD-ROM"); 2319 } 2320 scsi_realize(&s->qdev, errp); 2321 } 2322 2323 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2324 { 2325 DriveInfo *dinfo; 2326 Error *local_err = NULL; 2327 2328 if (!dev->conf.bs) { 2329 scsi_realize(dev, &local_err); 2330 assert(local_err); 2331 error_propagate(errp, local_err); 2332 return; 2333 } 2334 2335 dinfo = drive_get_by_blockdev(dev->conf.bs); 2336 if (dinfo->media_cd) { 2337 scsi_cd_realize(dev, errp); 2338 } else { 2339 scsi_hd_realize(dev, errp); 2340 } 2341 } 2342 2343 static const SCSIReqOps scsi_disk_emulate_reqops = { 2344 .size = sizeof(SCSIDiskReq), 2345 .free_req = scsi_free_request, 2346 .send_command = scsi_disk_emulate_command, 2347 .read_data = scsi_disk_emulate_read_data, 2348 .write_data = scsi_disk_emulate_write_data, 2349 .cancel_io = scsi_cancel_io, 2350 .get_buf = scsi_get_buf, 2351 }; 2352 2353 static const SCSIReqOps scsi_disk_dma_reqops = { 2354 .size = sizeof(SCSIDiskReq), 2355 .free_req = scsi_free_request, 2356 .send_command = scsi_disk_dma_command, 2357 .read_data = scsi_read_data, 2358 .write_data = scsi_write_data, 2359 .cancel_io = scsi_cancel_io, 2360 .get_buf = scsi_get_buf, 2361 .load_request = scsi_disk_load_request, 2362 .save_request = scsi_disk_save_request, 2363 }; 2364 2365 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2366 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2367 [INQUIRY] = &scsi_disk_emulate_reqops, 2368 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2369 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2370 [START_STOP] = &scsi_disk_emulate_reqops, 2371 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2372 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2373 [READ_TOC] = &scsi_disk_emulate_reqops, 2374 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2375 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2376 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2377 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2378 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2379 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2380 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2381 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2382 [SEEK_10] = &scsi_disk_emulate_reqops, 2383 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2384 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2385 [UNMAP] = &scsi_disk_emulate_reqops, 2386 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2387 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2388 [VERIFY_10] = &scsi_disk_emulate_reqops, 2389 [VERIFY_12] = &scsi_disk_emulate_reqops, 2390 [VERIFY_16] = &scsi_disk_emulate_reqops, 2391 2392 [READ_6] = &scsi_disk_dma_reqops, 2393 [READ_10] = &scsi_disk_dma_reqops, 2394 [READ_12] = &scsi_disk_dma_reqops, 2395 [READ_16] = &scsi_disk_dma_reqops, 2396 [WRITE_6] = &scsi_disk_dma_reqops, 2397 [WRITE_10] = &scsi_disk_dma_reqops, 2398 [WRITE_12] = &scsi_disk_dma_reqops, 2399 [WRITE_16] = &scsi_disk_dma_reqops, 2400 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2401 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2402 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2403 }; 2404 2405 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2406 uint8_t *buf, void *hba_private) 2407 { 2408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2409 SCSIRequest *req; 2410 const SCSIReqOps *ops; 2411 uint8_t command; 2412 2413 command = buf[0]; 2414 ops = scsi_disk_reqops_dispatch[command]; 2415 if (!ops) { 2416 ops = &scsi_disk_emulate_reqops; 2417 } 2418 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2419 2420 #ifdef DEBUG_SCSI 2421 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2422 { 2423 int i; 2424 for (i = 1; i < req->cmd.len; i++) { 2425 printf(" 0x%02x", buf[i]); 2426 } 2427 printf("\n"); 2428 } 2429 #endif 2430 2431 return req; 2432 } 2433 2434 #ifdef __linux__ 2435 static int get_device_type(SCSIDiskState *s) 2436 { 2437 BlockDriverState *bdrv = s->qdev.conf.bs; 2438 uint8_t cmd[16]; 2439 uint8_t buf[36]; 2440 uint8_t sensebuf[8]; 2441 sg_io_hdr_t io_header; 2442 int ret; 2443 2444 memset(cmd, 0, sizeof(cmd)); 2445 memset(buf, 0, sizeof(buf)); 2446 cmd[0] = INQUIRY; 2447 cmd[4] = sizeof(buf); 2448 2449 memset(&io_header, 0, sizeof(io_header)); 2450 io_header.interface_id = 'S'; 2451 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2452 io_header.dxfer_len = sizeof(buf); 2453 io_header.dxferp = buf; 2454 io_header.cmdp = cmd; 2455 io_header.cmd_len = sizeof(cmd); 2456 io_header.mx_sb_len = sizeof(sensebuf); 2457 io_header.sbp = sensebuf; 2458 io_header.timeout = 6000; /* XXX */ 2459 2460 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 2461 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2462 return -1; 2463 } 2464 s->qdev.type = buf[0]; 2465 if (buf[1] & 0x80) { 2466 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2467 } 2468 return 0; 2469 } 2470 2471 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2472 { 2473 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2474 int sg_version; 2475 int rc; 2476 2477 if (!s->qdev.conf.bs) { 2478 error_setg(errp, "drive property not set"); 2479 return; 2480 } 2481 2482 /* check we are using a driver managing SG_IO (version 3 and after) */ 2483 rc = bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version); 2484 if (rc < 0) { 2485 error_setg(errp, "cannot get SG_IO version number: %s. " 2486 "Is this a SCSI device?", 2487 strerror(-rc)); 2488 return; 2489 } 2490 if (sg_version < 30000) { 2491 error_setg(errp, "scsi generic interface too old"); 2492 return; 2493 } 2494 2495 /* get device type from INQUIRY data */ 2496 rc = get_device_type(s); 2497 if (rc < 0) { 2498 error_setg(errp, "INQUIRY failed"); 2499 return; 2500 } 2501 2502 /* Make a guess for the block size, we'll fix it when the guest sends. 2503 * READ CAPACITY. If they don't, they likely would assume these sizes 2504 * anyway. (TODO: check in /sys). 2505 */ 2506 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2507 s->qdev.blocksize = 2048; 2508 } else { 2509 s->qdev.blocksize = 512; 2510 } 2511 2512 /* Makes the scsi-block device not removable by using HMP and QMP eject 2513 * command. 2514 */ 2515 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2516 2517 scsi_realize(&s->qdev, errp); 2518 } 2519 2520 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2521 { 2522 switch (buf[0]) { 2523 case READ_6: 2524 case READ_10: 2525 case READ_12: 2526 case READ_16: 2527 case VERIFY_10: 2528 case VERIFY_12: 2529 case VERIFY_16: 2530 case WRITE_6: 2531 case WRITE_10: 2532 case WRITE_12: 2533 case WRITE_16: 2534 case WRITE_VERIFY_10: 2535 case WRITE_VERIFY_12: 2536 case WRITE_VERIFY_16: 2537 /* If we are not using O_DIRECT, we might read stale data from the 2538 * host cache if writes were made using other commands than these 2539 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2540 * O_DIRECT everything must go through SG_IO. 2541 */ 2542 if (!(bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE)) { 2543 break; 2544 } 2545 2546 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2547 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2548 * And once you do these writes, reading from the block device is 2549 * unreliable, too. It is even possible that reads deliver random data 2550 * from the host page cache (this is probably a Linux bug). 2551 * 2552 * We might use scsi_disk_dma_reqops as long as no writing commands are 2553 * seen, but performance usually isn't paramount on optical media. So, 2554 * just make scsi-block operate the same as scsi-generic for them. 2555 */ 2556 if (s->qdev.type != TYPE_ROM) { 2557 return false; 2558 } 2559 break; 2560 2561 default: 2562 break; 2563 } 2564 2565 return true; 2566 } 2567 2568 2569 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2570 uint32_t lun, uint8_t *buf, 2571 void *hba_private) 2572 { 2573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2574 2575 if (scsi_block_is_passthrough(s, buf)) { 2576 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2577 hba_private); 2578 } else { 2579 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2580 hba_private); 2581 } 2582 } 2583 2584 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2585 uint8_t *buf, void *hba_private) 2586 { 2587 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2588 2589 if (scsi_block_is_passthrough(s, buf)) { 2590 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2591 } else { 2592 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2593 } 2594 } 2595 2596 #endif 2597 2598 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2599 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2600 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2601 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2602 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2603 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2604 2605 static Property scsi_hd_properties[] = { 2606 DEFINE_SCSI_DISK_PROPERTIES(), 2607 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2608 SCSI_DISK_F_REMOVABLE, false), 2609 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2610 SCSI_DISK_F_DPOFUA, false), 2611 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2612 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2613 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2614 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2615 DEFAULT_MAX_UNMAP_SIZE), 2616 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2617 DEFINE_PROP_END_OF_LIST(), 2618 }; 2619 2620 static const VMStateDescription vmstate_scsi_disk_state = { 2621 .name = "scsi-disk", 2622 .version_id = 1, 2623 .minimum_version_id = 1, 2624 .fields = (VMStateField[]) { 2625 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2626 VMSTATE_BOOL(media_changed, SCSIDiskState), 2627 VMSTATE_BOOL(media_event, SCSIDiskState), 2628 VMSTATE_BOOL(eject_request, SCSIDiskState), 2629 VMSTATE_BOOL(tray_open, SCSIDiskState), 2630 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2631 VMSTATE_END_OF_LIST() 2632 } 2633 }; 2634 2635 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2636 { 2637 DeviceClass *dc = DEVICE_CLASS(klass); 2638 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2639 2640 sc->realize = scsi_hd_realize; 2641 sc->unrealize = scsi_unrealize; 2642 sc->alloc_req = scsi_new_request; 2643 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2644 dc->fw_name = "disk"; 2645 dc->desc = "virtual SCSI disk"; 2646 dc->reset = scsi_disk_reset; 2647 dc->props = scsi_hd_properties; 2648 dc->vmsd = &vmstate_scsi_disk_state; 2649 } 2650 2651 static const TypeInfo scsi_hd_info = { 2652 .name = "scsi-hd", 2653 .parent = TYPE_SCSI_DEVICE, 2654 .instance_size = sizeof(SCSIDiskState), 2655 .class_init = scsi_hd_class_initfn, 2656 }; 2657 2658 static Property scsi_cd_properties[] = { 2659 DEFINE_SCSI_DISK_PROPERTIES(), 2660 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2661 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2662 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2663 DEFINE_PROP_END_OF_LIST(), 2664 }; 2665 2666 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2667 { 2668 DeviceClass *dc = DEVICE_CLASS(klass); 2669 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2670 2671 sc->realize = scsi_cd_realize; 2672 sc->unrealize = scsi_unrealize; 2673 sc->alloc_req = scsi_new_request; 2674 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2675 dc->fw_name = "disk"; 2676 dc->desc = "virtual SCSI CD-ROM"; 2677 dc->reset = scsi_disk_reset; 2678 dc->props = scsi_cd_properties; 2679 dc->vmsd = &vmstate_scsi_disk_state; 2680 } 2681 2682 static const TypeInfo scsi_cd_info = { 2683 .name = "scsi-cd", 2684 .parent = TYPE_SCSI_DEVICE, 2685 .instance_size = sizeof(SCSIDiskState), 2686 .class_init = scsi_cd_class_initfn, 2687 }; 2688 2689 #ifdef __linux__ 2690 static Property scsi_block_properties[] = { 2691 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), 2692 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1), 2693 DEFINE_PROP_END_OF_LIST(), 2694 }; 2695 2696 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2697 { 2698 DeviceClass *dc = DEVICE_CLASS(klass); 2699 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2700 2701 sc->realize = scsi_block_realize; 2702 sc->unrealize = scsi_unrealize; 2703 sc->alloc_req = scsi_block_new_request; 2704 sc->parse_cdb = scsi_block_parse_cdb; 2705 dc->fw_name = "disk"; 2706 dc->desc = "SCSI block device passthrough"; 2707 dc->reset = scsi_disk_reset; 2708 dc->props = scsi_block_properties; 2709 dc->vmsd = &vmstate_scsi_disk_state; 2710 } 2711 2712 static const TypeInfo scsi_block_info = { 2713 .name = "scsi-block", 2714 .parent = TYPE_SCSI_DEVICE, 2715 .instance_size = sizeof(SCSIDiskState), 2716 .class_init = scsi_block_class_initfn, 2717 }; 2718 #endif 2719 2720 static Property scsi_disk_properties[] = { 2721 DEFINE_SCSI_DISK_PROPERTIES(), 2722 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2723 SCSI_DISK_F_REMOVABLE, false), 2724 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2725 SCSI_DISK_F_DPOFUA, false), 2726 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2727 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2728 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2729 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2730 DEFAULT_MAX_UNMAP_SIZE), 2731 DEFINE_PROP_END_OF_LIST(), 2732 }; 2733 2734 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2735 { 2736 DeviceClass *dc = DEVICE_CLASS(klass); 2737 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2738 2739 sc->realize = scsi_disk_realize; 2740 sc->unrealize = scsi_unrealize; 2741 sc->alloc_req = scsi_new_request; 2742 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2743 dc->fw_name = "disk"; 2744 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2745 dc->reset = scsi_disk_reset; 2746 dc->props = scsi_disk_properties; 2747 dc->vmsd = &vmstate_scsi_disk_state; 2748 } 2749 2750 static const TypeInfo scsi_disk_info = { 2751 .name = "scsi-disk", 2752 .parent = TYPE_SCSI_DEVICE, 2753 .instance_size = sizeof(SCSIDiskState), 2754 .class_init = scsi_disk_class_initfn, 2755 }; 2756 2757 static void scsi_disk_register_types(void) 2758 { 2759 type_register_static(&scsi_hd_info); 2760 type_register_static(&scsi_cd_info); 2761 #ifdef __linux__ 2762 type_register_static(&scsi_block_info); 2763 #endif 2764 type_register_static(&scsi_disk_info); 2765 } 2766 2767 type_init(scsi_disk_register_types) 2768