1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "hw/scsi/scsi.h" 29 #include "migration/qemu-file-types.h" 30 #include "migration/vmstate.h" 31 #include "hw/scsi/emulation.h" 32 #include "scsi/constants.h" 33 #include "sysemu/block-backend.h" 34 #include "sysemu/blockdev.h" 35 #include "hw/block/block.h" 36 #include "hw/qdev-properties.h" 37 #include "sysemu/dma.h" 38 #include "sysemu/sysemu.h" 39 #include "qemu/cutils.h" 40 #include "trace.h" 41 #include "qom/object.h" 42 43 #ifdef __linux 44 #include <scsi/sg.h> 45 #endif 46 47 #define SCSI_WRITE_SAME_MAX (512 * KiB) 48 #define SCSI_DMA_BUF_SIZE (128 * KiB) 49 #define SCSI_MAX_INQUIRY_LEN 256 50 #define SCSI_MAX_MODE_LEN 256 51 52 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 53 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 55 56 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 57 58 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 59 60 struct SCSIDiskClass { 61 SCSIDeviceClass parent_class; 62 DMAIOFunc *dma_readv; 63 DMAIOFunc *dma_writev; 64 bool (*need_fua_emulation)(SCSICommand *cmd); 65 void (*update_sense)(SCSIRequest *r); 66 }; 67 68 typedef struct SCSIDiskReq { 69 SCSIRequest req; 70 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 71 uint64_t sector; 72 uint32_t sector_count; 73 uint32_t buflen; 74 bool started; 75 bool need_fua_emulation; 76 struct iovec iov; 77 QEMUIOVector qiov; 78 BlockAcctCookie acct; 79 unsigned char *status; 80 } SCSIDiskReq; 81 82 #define SCSI_DISK_F_REMOVABLE 0 83 #define SCSI_DISK_F_DPOFUA 1 84 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 85 86 struct SCSIDiskState { 87 SCSIDevice qdev; 88 uint32_t features; 89 bool media_changed; 90 bool media_event; 91 bool eject_request; 92 uint16_t port_index; 93 uint64_t max_unmap_size; 94 uint64_t max_io_size; 95 QEMUBH *bh; 96 char *version; 97 char *serial; 98 char *vendor; 99 char *product; 100 char *device_id; 101 bool tray_open; 102 bool tray_locked; 103 /* 104 * 0x0000 - rotation rate not reported 105 * 0x0001 - non-rotating medium (SSD) 106 * 0x0002-0x0400 - reserved 107 * 0x0401-0xffe - rotations per minute 108 * 0xffff - reserved 109 */ 110 uint16_t rotation_rate; 111 }; 112 113 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 114 115 static void scsi_free_request(SCSIRequest *req) 116 { 117 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 118 119 qemu_vfree(r->iov.iov_base); 120 } 121 122 /* Helper function for command completion with sense. */ 123 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 124 { 125 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 126 sense.ascq); 127 scsi_req_build_sense(&r->req, sense); 128 scsi_req_complete(&r->req, CHECK_CONDITION); 129 } 130 131 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 132 { 133 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 134 135 if (!r->iov.iov_base) { 136 r->buflen = size; 137 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 138 } 139 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 140 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 141 } 142 143 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 144 { 145 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 146 147 qemu_put_be64s(f, &r->sector); 148 qemu_put_be32s(f, &r->sector_count); 149 qemu_put_be32s(f, &r->buflen); 150 if (r->buflen) { 151 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 152 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 153 } else if (!req->retry) { 154 uint32_t len = r->iov.iov_len; 155 qemu_put_be32s(f, &len); 156 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 157 } 158 } 159 } 160 161 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 162 { 163 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 164 165 qemu_get_be64s(f, &r->sector); 166 qemu_get_be32s(f, &r->sector_count); 167 qemu_get_be32s(f, &r->buflen); 168 if (r->buflen) { 169 scsi_init_iovec(r, r->buflen); 170 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 171 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 172 } else if (!r->req.retry) { 173 uint32_t len; 174 qemu_get_be32s(f, &len); 175 r->iov.iov_len = len; 176 assert(r->iov.iov_len <= r->buflen); 177 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 178 } 179 } 180 181 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 182 } 183 184 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 185 { 186 if (r->req.io_canceled) { 187 scsi_req_cancel_complete(&r->req); 188 return true; 189 } 190 191 if (ret < 0 || (r->status && *r->status)) { 192 return scsi_handle_rw_error(r, -ret, acct_failed); 193 } 194 195 return false; 196 } 197 198 static void scsi_aio_complete(void *opaque, int ret) 199 { 200 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 201 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 202 203 assert(r->req.aiocb != NULL); 204 r->req.aiocb = NULL; 205 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 206 if (scsi_disk_req_check_error(r, ret, true)) { 207 goto done; 208 } 209 210 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 211 scsi_req_complete(&r->req, GOOD); 212 213 done: 214 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 215 scsi_req_unref(&r->req); 216 } 217 218 static bool scsi_is_cmd_fua(SCSICommand *cmd) 219 { 220 switch (cmd->buf[0]) { 221 case READ_10: 222 case READ_12: 223 case READ_16: 224 case WRITE_10: 225 case WRITE_12: 226 case WRITE_16: 227 return (cmd->buf[1] & 8) != 0; 228 229 case VERIFY_10: 230 case VERIFY_12: 231 case VERIFY_16: 232 case WRITE_VERIFY_10: 233 case WRITE_VERIFY_12: 234 case WRITE_VERIFY_16: 235 return true; 236 237 case READ_6: 238 case WRITE_6: 239 default: 240 return false; 241 } 242 } 243 244 static void scsi_write_do_fua(SCSIDiskReq *r) 245 { 246 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 247 248 assert(r->req.aiocb == NULL); 249 assert(!r->req.io_canceled); 250 251 if (r->need_fua_emulation) { 252 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 253 BLOCK_ACCT_FLUSH); 254 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 255 return; 256 } 257 258 scsi_req_complete(&r->req, GOOD); 259 scsi_req_unref(&r->req); 260 } 261 262 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 263 { 264 assert(r->req.aiocb == NULL); 265 if (scsi_disk_req_check_error(r, ret, false)) { 266 goto done; 267 } 268 269 r->sector += r->sector_count; 270 r->sector_count = 0; 271 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 272 scsi_write_do_fua(r); 273 return; 274 } else { 275 scsi_req_complete(&r->req, GOOD); 276 } 277 278 done: 279 scsi_req_unref(&r->req); 280 } 281 282 static void scsi_dma_complete(void *opaque, int ret) 283 { 284 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 286 287 assert(r->req.aiocb != NULL); 288 r->req.aiocb = NULL; 289 290 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 291 if (ret < 0) { 292 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 293 } else { 294 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 295 } 296 scsi_dma_complete_noio(r, ret); 297 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 298 } 299 300 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 301 { 302 uint32_t n; 303 304 assert(r->req.aiocb == NULL); 305 if (scsi_disk_req_check_error(r, ret, false)) { 306 goto done; 307 } 308 309 n = r->qiov.size / BDRV_SECTOR_SIZE; 310 r->sector += n; 311 r->sector_count -= n; 312 scsi_req_data(&r->req, r->qiov.size); 313 314 done: 315 scsi_req_unref(&r->req); 316 } 317 318 static void scsi_read_complete(void *opaque, int ret) 319 { 320 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 322 323 assert(r->req.aiocb != NULL); 324 r->req.aiocb = NULL; 325 326 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 327 if (ret < 0) { 328 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 329 } else { 330 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 331 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 332 } 333 scsi_read_complete_noio(r, ret); 334 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 335 } 336 337 /* Actually issue a read to the block device. */ 338 static void scsi_do_read(SCSIDiskReq *r, int ret) 339 { 340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 341 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 342 343 assert (r->req.aiocb == NULL); 344 if (scsi_disk_req_check_error(r, ret, false)) { 345 goto done; 346 } 347 348 /* The request is used as the AIO opaque value, so add a ref. */ 349 scsi_req_ref(&r->req); 350 351 if (r->req.sg) { 352 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 353 r->req.resid -= r->req.sg->size; 354 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 355 r->req.sg, r->sector << BDRV_SECTOR_BITS, 356 BDRV_SECTOR_SIZE, 357 sdc->dma_readv, r, scsi_dma_complete, r, 358 DMA_DIRECTION_FROM_DEVICE); 359 } else { 360 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 361 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 362 r->qiov.size, BLOCK_ACCT_READ); 363 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 364 scsi_read_complete, r, r); 365 } 366 367 done: 368 scsi_req_unref(&r->req); 369 } 370 371 static void scsi_do_read_cb(void *opaque, int ret) 372 { 373 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 375 376 assert (r->req.aiocb != NULL); 377 r->req.aiocb = NULL; 378 379 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 380 if (ret < 0) { 381 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 382 } else { 383 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 384 } 385 scsi_do_read(opaque, ret); 386 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 387 } 388 389 /* Read more data from scsi device into buffer. */ 390 static void scsi_read_data(SCSIRequest *req) 391 { 392 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 393 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 394 bool first; 395 396 trace_scsi_disk_read_data_count(r->sector_count); 397 if (r->sector_count == 0) { 398 /* This also clears the sense buffer for REQUEST SENSE. */ 399 scsi_req_complete(&r->req, GOOD); 400 return; 401 } 402 403 /* No data transfer may already be in progress */ 404 assert(r->req.aiocb == NULL); 405 406 /* The request is used as the AIO opaque value, so add a ref. */ 407 scsi_req_ref(&r->req); 408 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 409 trace_scsi_disk_read_data_invalid(); 410 scsi_read_complete_noio(r, -EINVAL); 411 return; 412 } 413 414 if (!blk_is_available(req->dev->conf.blk)) { 415 scsi_read_complete_noio(r, -ENOMEDIUM); 416 return; 417 } 418 419 first = !r->started; 420 r->started = true; 421 if (first && r->need_fua_emulation) { 422 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 423 BLOCK_ACCT_FLUSH); 424 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 425 } else { 426 scsi_do_read(r, 0); 427 } 428 } 429 430 /* 431 * scsi_handle_rw_error has two return values. False means that the error 432 * must be ignored, true means that the error has been processed and the 433 * caller should not do anything else for this request. Note that 434 * scsi_handle_rw_error always manages its reference counts, independent 435 * of the return value. 436 */ 437 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 438 { 439 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 440 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 441 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 442 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 443 is_read, error); 444 445 if (action == BLOCK_ERROR_ACTION_REPORT) { 446 if (acct_failed) { 447 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 448 } 449 switch (error) { 450 case 0: 451 /* A passthrough command has run and has produced sense data; check 452 * whether the error has to be handled by the guest or should rather 453 * pause the host. 454 */ 455 assert(r->status && *r->status); 456 if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 457 /* These errors are handled by guest. */ 458 sdc->update_sense(&r->req); 459 scsi_req_complete(&r->req, *r->status); 460 return true; 461 } 462 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 463 break; 464 case ENOMEDIUM: 465 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 466 break; 467 case ENOMEM: 468 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 469 break; 470 case EINVAL: 471 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 472 break; 473 case ENOSPC: 474 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 475 break; 476 default: 477 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 478 break; 479 } 480 } 481 482 blk_error_action(s->qdev.conf.blk, action, is_read, error); 483 if (action == BLOCK_ERROR_ACTION_IGNORE) { 484 scsi_req_complete(&r->req, 0); 485 return true; 486 } 487 488 if (action == BLOCK_ERROR_ACTION_STOP) { 489 scsi_req_retry(&r->req); 490 } 491 return true; 492 } 493 494 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 495 { 496 uint32_t n; 497 498 assert (r->req.aiocb == NULL); 499 if (scsi_disk_req_check_error(r, ret, false)) { 500 goto done; 501 } 502 503 n = r->qiov.size / BDRV_SECTOR_SIZE; 504 r->sector += n; 505 r->sector_count -= n; 506 if (r->sector_count == 0) { 507 scsi_write_do_fua(r); 508 return; 509 } else { 510 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 511 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 512 scsi_req_data(&r->req, r->qiov.size); 513 } 514 515 done: 516 scsi_req_unref(&r->req); 517 } 518 519 static void scsi_write_complete(void * opaque, int ret) 520 { 521 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 522 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 523 524 assert (r->req.aiocb != NULL); 525 r->req.aiocb = NULL; 526 527 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 528 if (ret < 0) { 529 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 530 } else { 531 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 532 } 533 scsi_write_complete_noio(r, ret); 534 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 535 } 536 537 static void scsi_write_data(SCSIRequest *req) 538 { 539 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 540 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 541 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 542 543 /* No data transfer may already be in progress */ 544 assert(r->req.aiocb == NULL); 545 546 /* The request is used as the AIO opaque value, so add a ref. */ 547 scsi_req_ref(&r->req); 548 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 549 trace_scsi_disk_write_data_invalid(); 550 scsi_write_complete_noio(r, -EINVAL); 551 return; 552 } 553 554 if (!r->req.sg && !r->qiov.size) { 555 /* Called for the first time. Ask the driver to send us more data. */ 556 r->started = true; 557 scsi_write_complete_noio(r, 0); 558 return; 559 } 560 if (!blk_is_available(req->dev->conf.blk)) { 561 scsi_write_complete_noio(r, -ENOMEDIUM); 562 return; 563 } 564 565 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 566 r->req.cmd.buf[0] == VERIFY_16) { 567 if (r->req.sg) { 568 scsi_dma_complete_noio(r, 0); 569 } else { 570 scsi_write_complete_noio(r, 0); 571 } 572 return; 573 } 574 575 if (r->req.sg) { 576 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 577 r->req.resid -= r->req.sg->size; 578 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 579 r->req.sg, r->sector << BDRV_SECTOR_BITS, 580 BDRV_SECTOR_SIZE, 581 sdc->dma_writev, r, scsi_dma_complete, r, 582 DMA_DIRECTION_TO_DEVICE); 583 } else { 584 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 585 r->qiov.size, BLOCK_ACCT_WRITE); 586 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 587 scsi_write_complete, r, r); 588 } 589 } 590 591 /* Return a pointer to the data buffer. */ 592 static uint8_t *scsi_get_buf(SCSIRequest *req) 593 { 594 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 595 596 return (uint8_t *)r->iov.iov_base; 597 } 598 599 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 600 { 601 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 602 uint8_t page_code = req->cmd.buf[2]; 603 int start, buflen = 0; 604 605 outbuf[buflen++] = s->qdev.type & 0x1f; 606 outbuf[buflen++] = page_code; 607 outbuf[buflen++] = 0x00; 608 outbuf[buflen++] = 0x00; 609 start = buflen; 610 611 switch (page_code) { 612 case 0x00: /* Supported page codes, mandatory */ 613 { 614 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 615 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 616 if (s->serial) { 617 outbuf[buflen++] = 0x80; /* unit serial number */ 618 } 619 outbuf[buflen++] = 0x83; /* device identification */ 620 if (s->qdev.type == TYPE_DISK) { 621 outbuf[buflen++] = 0xb0; /* block limits */ 622 outbuf[buflen++] = 0xb1; /* block device characteristics */ 623 outbuf[buflen++] = 0xb2; /* thin provisioning */ 624 } 625 break; 626 } 627 case 0x80: /* Device serial number, optional */ 628 { 629 int l; 630 631 if (!s->serial) { 632 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 633 return -1; 634 } 635 636 l = strlen(s->serial); 637 if (l > 36) { 638 l = 36; 639 } 640 641 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 642 memcpy(outbuf + buflen, s->serial, l); 643 buflen += l; 644 break; 645 } 646 647 case 0x83: /* Device identification page, mandatory */ 648 { 649 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 650 651 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 652 653 if (id_len) { 654 outbuf[buflen++] = 0x2; /* ASCII */ 655 outbuf[buflen++] = 0; /* not officially assigned */ 656 outbuf[buflen++] = 0; /* reserved */ 657 outbuf[buflen++] = id_len; /* length of data following */ 658 memcpy(outbuf + buflen, s->device_id, id_len); 659 buflen += id_len; 660 } 661 662 if (s->qdev.wwn) { 663 outbuf[buflen++] = 0x1; /* Binary */ 664 outbuf[buflen++] = 0x3; /* NAA */ 665 outbuf[buflen++] = 0; /* reserved */ 666 outbuf[buflen++] = 8; 667 stq_be_p(&outbuf[buflen], s->qdev.wwn); 668 buflen += 8; 669 } 670 671 if (s->qdev.port_wwn) { 672 outbuf[buflen++] = 0x61; /* SAS / Binary */ 673 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 674 outbuf[buflen++] = 0; /* reserved */ 675 outbuf[buflen++] = 8; 676 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 677 buflen += 8; 678 } 679 680 if (s->port_index) { 681 outbuf[buflen++] = 0x61; /* SAS / Binary */ 682 683 /* PIV/Target port/relative target port */ 684 outbuf[buflen++] = 0x94; 685 686 outbuf[buflen++] = 0; /* reserved */ 687 outbuf[buflen++] = 4; 688 stw_be_p(&outbuf[buflen + 2], s->port_index); 689 buflen += 4; 690 } 691 break; 692 } 693 case 0xb0: /* block limits */ 694 { 695 SCSIBlockLimits bl = {}; 696 697 if (s->qdev.type == TYPE_ROM) { 698 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 699 return -1; 700 } 701 bl.wsnz = 1; 702 bl.unmap_sectors = 703 s->qdev.conf.discard_granularity / s->qdev.blocksize; 704 bl.min_io_size = 705 s->qdev.conf.min_io_size / s->qdev.blocksize; 706 bl.opt_io_size = 707 s->qdev.conf.opt_io_size / s->qdev.blocksize; 708 bl.max_unmap_sectors = 709 s->max_unmap_size / s->qdev.blocksize; 710 bl.max_io_sectors = 711 s->max_io_size / s->qdev.blocksize; 712 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 713 bl.max_unmap_descr = 255; 714 715 if (s->qdev.type == TYPE_DISK) { 716 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 717 int max_io_sectors_blk = 718 max_transfer_blk / s->qdev.blocksize; 719 720 bl.max_io_sectors = 721 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 722 } 723 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 724 break; 725 } 726 case 0xb1: /* block device characteristics */ 727 { 728 buflen = 0x40; 729 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 730 outbuf[5] = s->rotation_rate & 0xff; 731 outbuf[6] = 0; /* PRODUCT TYPE */ 732 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 733 outbuf[8] = 0; /* VBULS */ 734 break; 735 } 736 case 0xb2: /* thin provisioning */ 737 { 738 buflen = 8; 739 outbuf[4] = 0; 740 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 741 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 742 outbuf[7] = 0; 743 break; 744 } 745 default: 746 return -1; 747 } 748 /* done with EVPD */ 749 assert(buflen - start <= 255); 750 outbuf[start - 1] = buflen - start; 751 return buflen; 752 } 753 754 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 755 { 756 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 757 int buflen = 0; 758 759 if (req->cmd.buf[1] & 0x1) { 760 /* Vital product data */ 761 return scsi_disk_emulate_vpd_page(req, outbuf); 762 } 763 764 /* Standard INQUIRY data */ 765 if (req->cmd.buf[2] != 0) { 766 return -1; 767 } 768 769 /* PAGE CODE == 0 */ 770 buflen = req->cmd.xfer; 771 if (buflen > SCSI_MAX_INQUIRY_LEN) { 772 buflen = SCSI_MAX_INQUIRY_LEN; 773 } 774 775 outbuf[0] = s->qdev.type & 0x1f; 776 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 777 778 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 779 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 780 781 memset(&outbuf[32], 0, 4); 782 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 783 /* 784 * We claim conformance to SPC-3, which is required for guests 785 * to ask for modern features like READ CAPACITY(16) or the 786 * block characteristics VPD page by default. Not all of SPC-3 787 * is actually implemented, but we're good enough. 788 */ 789 outbuf[2] = s->qdev.default_scsi_version; 790 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 791 792 if (buflen > 36) { 793 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 794 } else { 795 /* If the allocation length of CDB is too small, 796 the additional length is not adjusted */ 797 outbuf[4] = 36 - 5; 798 } 799 800 /* Sync data transfer and TCQ. */ 801 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 802 return buflen; 803 } 804 805 static inline bool media_is_dvd(SCSIDiskState *s) 806 { 807 uint64_t nb_sectors; 808 if (s->qdev.type != TYPE_ROM) { 809 return false; 810 } 811 if (!blk_is_available(s->qdev.conf.blk)) { 812 return false; 813 } 814 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 815 return nb_sectors > CD_MAX_SECTORS; 816 } 817 818 static inline bool media_is_cd(SCSIDiskState *s) 819 { 820 uint64_t nb_sectors; 821 if (s->qdev.type != TYPE_ROM) { 822 return false; 823 } 824 if (!blk_is_available(s->qdev.conf.blk)) { 825 return false; 826 } 827 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 828 return nb_sectors <= CD_MAX_SECTORS; 829 } 830 831 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 832 uint8_t *outbuf) 833 { 834 uint8_t type = r->req.cmd.buf[1] & 7; 835 836 if (s->qdev.type != TYPE_ROM) { 837 return -1; 838 } 839 840 /* Types 1/2 are only defined for Blu-Ray. */ 841 if (type != 0) { 842 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 843 return -1; 844 } 845 846 memset(outbuf, 0, 34); 847 outbuf[1] = 32; 848 outbuf[2] = 0xe; /* last session complete, disc finalized */ 849 outbuf[3] = 1; /* first track on disc */ 850 outbuf[4] = 1; /* # of sessions */ 851 outbuf[5] = 1; /* first track of last session */ 852 outbuf[6] = 1; /* last track of last session */ 853 outbuf[7] = 0x20; /* unrestricted use */ 854 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 855 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 856 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 857 /* 24-31: disc bar code */ 858 /* 32: disc application code */ 859 /* 33: number of OPC tables */ 860 861 return 34; 862 } 863 864 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 865 uint8_t *outbuf) 866 { 867 static const int rds_caps_size[5] = { 868 [0] = 2048 + 4, 869 [1] = 4 + 4, 870 [3] = 188 + 4, 871 [4] = 2048 + 4, 872 }; 873 874 uint8_t media = r->req.cmd.buf[1]; 875 uint8_t layer = r->req.cmd.buf[6]; 876 uint8_t format = r->req.cmd.buf[7]; 877 int size = -1; 878 879 if (s->qdev.type != TYPE_ROM) { 880 return -1; 881 } 882 if (media != 0) { 883 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 884 return -1; 885 } 886 887 if (format != 0xff) { 888 if (!blk_is_available(s->qdev.conf.blk)) { 889 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 890 return -1; 891 } 892 if (media_is_cd(s)) { 893 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 894 return -1; 895 } 896 if (format >= ARRAY_SIZE(rds_caps_size)) { 897 return -1; 898 } 899 size = rds_caps_size[format]; 900 memset(outbuf, 0, size); 901 } 902 903 switch (format) { 904 case 0x00: { 905 /* Physical format information */ 906 uint64_t nb_sectors; 907 if (layer != 0) { 908 goto fail; 909 } 910 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 911 912 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 913 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 914 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 915 outbuf[7] = 0; /* default densities */ 916 917 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 918 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 919 break; 920 } 921 922 case 0x01: /* DVD copyright information, all zeros */ 923 break; 924 925 case 0x03: /* BCA information - invalid field for no BCA info */ 926 return -1; 927 928 case 0x04: /* DVD disc manufacturing information, all zeros */ 929 break; 930 931 case 0xff: { /* List capabilities */ 932 int i; 933 size = 4; 934 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 935 if (!rds_caps_size[i]) { 936 continue; 937 } 938 outbuf[size] = i; 939 outbuf[size + 1] = 0x40; /* Not writable, readable */ 940 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 941 size += 4; 942 } 943 break; 944 } 945 946 default: 947 return -1; 948 } 949 950 /* Size of buffer, not including 2 byte size field */ 951 stw_be_p(outbuf, size - 2); 952 return size; 953 954 fail: 955 return -1; 956 } 957 958 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 959 { 960 uint8_t event_code, media_status; 961 962 media_status = 0; 963 if (s->tray_open) { 964 media_status = MS_TRAY_OPEN; 965 } else if (blk_is_inserted(s->qdev.conf.blk)) { 966 media_status = MS_MEDIA_PRESENT; 967 } 968 969 /* Event notification descriptor */ 970 event_code = MEC_NO_CHANGE; 971 if (media_status != MS_TRAY_OPEN) { 972 if (s->media_event) { 973 event_code = MEC_NEW_MEDIA; 974 s->media_event = false; 975 } else if (s->eject_request) { 976 event_code = MEC_EJECT_REQUESTED; 977 s->eject_request = false; 978 } 979 } 980 981 outbuf[0] = event_code; 982 outbuf[1] = media_status; 983 984 /* These fields are reserved, just clear them. */ 985 outbuf[2] = 0; 986 outbuf[3] = 0; 987 return 4; 988 } 989 990 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 991 uint8_t *outbuf) 992 { 993 int size; 994 uint8_t *buf = r->req.cmd.buf; 995 uint8_t notification_class_request = buf[4]; 996 if (s->qdev.type != TYPE_ROM) { 997 return -1; 998 } 999 if ((buf[1] & 1) == 0) { 1000 /* asynchronous */ 1001 return -1; 1002 } 1003 1004 size = 4; 1005 outbuf[0] = outbuf[1] = 0; 1006 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1007 if (notification_class_request & (1 << GESN_MEDIA)) { 1008 outbuf[2] = GESN_MEDIA; 1009 size += scsi_event_status_media(s, &outbuf[size]); 1010 } else { 1011 outbuf[2] = 0x80; 1012 } 1013 stw_be_p(outbuf, size - 4); 1014 return size; 1015 } 1016 1017 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1018 { 1019 int current; 1020 1021 if (s->qdev.type != TYPE_ROM) { 1022 return -1; 1023 } 1024 1025 if (media_is_dvd(s)) { 1026 current = MMC_PROFILE_DVD_ROM; 1027 } else if (media_is_cd(s)) { 1028 current = MMC_PROFILE_CD_ROM; 1029 } else { 1030 current = MMC_PROFILE_NONE; 1031 } 1032 1033 memset(outbuf, 0, 40); 1034 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1035 stw_be_p(&outbuf[6], current); 1036 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1037 outbuf[10] = 0x03; /* persistent, current */ 1038 outbuf[11] = 8; /* two profiles */ 1039 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1040 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1041 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1042 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1043 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1044 stw_be_p(&outbuf[20], 1); 1045 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1046 outbuf[23] = 8; 1047 stl_be_p(&outbuf[24], 1); /* SCSI */ 1048 outbuf[28] = 1; /* DBE = 1, mandatory */ 1049 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1050 stw_be_p(&outbuf[32], 3); 1051 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1052 outbuf[35] = 4; 1053 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1054 /* TODO: Random readable, CD read, DVD read, drive serial number, 1055 power management */ 1056 return 40; 1057 } 1058 1059 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1060 { 1061 if (s->qdev.type != TYPE_ROM) { 1062 return -1; 1063 } 1064 memset(outbuf, 0, 8); 1065 outbuf[5] = 1; /* CD-ROM */ 1066 return 8; 1067 } 1068 1069 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1070 int page_control) 1071 { 1072 static const int mode_sense_valid[0x3f] = { 1073 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1074 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1075 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1076 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1077 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1078 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1079 }; 1080 1081 uint8_t *p = *p_outbuf + 2; 1082 int length; 1083 1084 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1085 return -1; 1086 } 1087 1088 /* 1089 * If Changeable Values are requested, a mask denoting those mode parameters 1090 * that are changeable shall be returned. As we currently don't support 1091 * parameter changes via MODE_SELECT all bits are returned set to zero. 1092 * The buffer was already menset to zero by the caller of this function. 1093 * 1094 * The offsets here are off by two compared to the descriptions in the 1095 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1096 * but it is done so that offsets are consistent within our implementation 1097 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1098 * 2-byte and 4-byte headers. 1099 */ 1100 switch (page) { 1101 case MODE_PAGE_HD_GEOMETRY: 1102 length = 0x16; 1103 if (page_control == 1) { /* Changeable Values */ 1104 break; 1105 } 1106 /* if a geometry hint is available, use it */ 1107 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1108 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1109 p[2] = s->qdev.conf.cyls & 0xff; 1110 p[3] = s->qdev.conf.heads & 0xff; 1111 /* Write precomp start cylinder, disabled */ 1112 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1113 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1114 p[6] = s->qdev.conf.cyls & 0xff; 1115 /* Reduced current start cylinder, disabled */ 1116 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1117 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1118 p[9] = s->qdev.conf.cyls & 0xff; 1119 /* Device step rate [ns], 200ns */ 1120 p[10] = 0; 1121 p[11] = 200; 1122 /* Landing zone cylinder */ 1123 p[12] = 0xff; 1124 p[13] = 0xff; 1125 p[14] = 0xff; 1126 /* Medium rotation rate [rpm], 5400 rpm */ 1127 p[18] = (5400 >> 8) & 0xff; 1128 p[19] = 5400 & 0xff; 1129 break; 1130 1131 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1132 length = 0x1e; 1133 if (page_control == 1) { /* Changeable Values */ 1134 break; 1135 } 1136 /* Transfer rate [kbit/s], 5Mbit/s */ 1137 p[0] = 5000 >> 8; 1138 p[1] = 5000 & 0xff; 1139 /* if a geometry hint is available, use it */ 1140 p[2] = s->qdev.conf.heads & 0xff; 1141 p[3] = s->qdev.conf.secs & 0xff; 1142 p[4] = s->qdev.blocksize >> 8; 1143 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1144 p[7] = s->qdev.conf.cyls & 0xff; 1145 /* Write precomp start cylinder, disabled */ 1146 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1147 p[9] = s->qdev.conf.cyls & 0xff; 1148 /* Reduced current start cylinder, disabled */ 1149 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1150 p[11] = s->qdev.conf.cyls & 0xff; 1151 /* Device step rate [100us], 100us */ 1152 p[12] = 0; 1153 p[13] = 1; 1154 /* Device step pulse width [us], 1us */ 1155 p[14] = 1; 1156 /* Device head settle delay [100us], 100us */ 1157 p[15] = 0; 1158 p[16] = 1; 1159 /* Motor on delay [0.1s], 0.1s */ 1160 p[17] = 1; 1161 /* Motor off delay [0.1s], 0.1s */ 1162 p[18] = 1; 1163 /* Medium rotation rate [rpm], 5400 rpm */ 1164 p[26] = (5400 >> 8) & 0xff; 1165 p[27] = 5400 & 0xff; 1166 break; 1167 1168 case MODE_PAGE_CACHING: 1169 length = 0x12; 1170 if (page_control == 1 || /* Changeable Values */ 1171 blk_enable_write_cache(s->qdev.conf.blk)) { 1172 p[0] = 4; /* WCE */ 1173 } 1174 break; 1175 1176 case MODE_PAGE_R_W_ERROR: 1177 length = 10; 1178 if (page_control == 1) { /* Changeable Values */ 1179 break; 1180 } 1181 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1182 if (s->qdev.type == TYPE_ROM) { 1183 p[1] = 0x20; /* Read Retry Count */ 1184 } 1185 break; 1186 1187 case MODE_PAGE_AUDIO_CTL: 1188 length = 14; 1189 break; 1190 1191 case MODE_PAGE_CAPABILITIES: 1192 length = 0x14; 1193 if (page_control == 1) { /* Changeable Values */ 1194 break; 1195 } 1196 1197 p[0] = 0x3b; /* CD-R & CD-RW read */ 1198 p[1] = 0; /* Writing not supported */ 1199 p[2] = 0x7f; /* Audio, composite, digital out, 1200 mode 2 form 1&2, multi session */ 1201 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1202 RW corrected, C2 errors, ISRC, 1203 UPC, Bar code */ 1204 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1205 /* Locking supported, jumper present, eject, tray */ 1206 p[5] = 0; /* no volume & mute control, no 1207 changer */ 1208 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1209 p[7] = (50 * 176) & 0xff; 1210 p[8] = 2 >> 8; /* Two volume levels */ 1211 p[9] = 2 & 0xff; 1212 p[10] = 2048 >> 8; /* 2M buffer */ 1213 p[11] = 2048 & 0xff; 1214 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1215 p[13] = (16 * 176) & 0xff; 1216 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1217 p[17] = (16 * 176) & 0xff; 1218 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1219 p[19] = (16 * 176) & 0xff; 1220 break; 1221 1222 default: 1223 return -1; 1224 } 1225 1226 assert(length < 256); 1227 (*p_outbuf)[0] = page; 1228 (*p_outbuf)[1] = length; 1229 *p_outbuf += length + 2; 1230 return length + 2; 1231 } 1232 1233 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1234 { 1235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1236 uint64_t nb_sectors; 1237 bool dbd; 1238 int page, buflen, ret, page_control; 1239 uint8_t *p; 1240 uint8_t dev_specific_param; 1241 1242 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1243 page = r->req.cmd.buf[2] & 0x3f; 1244 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1245 1246 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1247 10, page, r->req.cmd.xfer, page_control); 1248 memset(outbuf, 0, r->req.cmd.xfer); 1249 p = outbuf; 1250 1251 if (s->qdev.type == TYPE_DISK) { 1252 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1253 if (blk_is_read_only(s->qdev.conf.blk)) { 1254 dev_specific_param |= 0x80; /* Readonly. */ 1255 } 1256 } else { 1257 /* MMC prescribes that CD/DVD drives have no block descriptors, 1258 * and defines no device-specific parameter. */ 1259 dev_specific_param = 0x00; 1260 dbd = true; 1261 } 1262 1263 if (r->req.cmd.buf[0] == MODE_SENSE) { 1264 p[1] = 0; /* Default media type. */ 1265 p[2] = dev_specific_param; 1266 p[3] = 0; /* Block descriptor length. */ 1267 p += 4; 1268 } else { /* MODE_SENSE_10 */ 1269 p[2] = 0; /* Default media type. */ 1270 p[3] = dev_specific_param; 1271 p[6] = p[7] = 0; /* Block descriptor length. */ 1272 p += 8; 1273 } 1274 1275 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1276 if (!dbd && nb_sectors) { 1277 if (r->req.cmd.buf[0] == MODE_SENSE) { 1278 outbuf[3] = 8; /* Block descriptor length */ 1279 } else { /* MODE_SENSE_10 */ 1280 outbuf[7] = 8; /* Block descriptor length */ 1281 } 1282 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1283 if (nb_sectors > 0xffffff) { 1284 nb_sectors = 0; 1285 } 1286 p[0] = 0; /* media density code */ 1287 p[1] = (nb_sectors >> 16) & 0xff; 1288 p[2] = (nb_sectors >> 8) & 0xff; 1289 p[3] = nb_sectors & 0xff; 1290 p[4] = 0; /* reserved */ 1291 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1292 p[6] = s->qdev.blocksize >> 8; 1293 p[7] = 0; 1294 p += 8; 1295 } 1296 1297 if (page_control == 3) { 1298 /* Saved Values */ 1299 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1300 return -1; 1301 } 1302 1303 if (page == 0x3f) { 1304 for (page = 0; page <= 0x3e; page++) { 1305 mode_sense_page(s, page, &p, page_control); 1306 } 1307 } else { 1308 ret = mode_sense_page(s, page, &p, page_control); 1309 if (ret == -1) { 1310 return -1; 1311 } 1312 } 1313 1314 buflen = p - outbuf; 1315 /* 1316 * The mode data length field specifies the length in bytes of the 1317 * following data that is available to be transferred. The mode data 1318 * length does not include itself. 1319 */ 1320 if (r->req.cmd.buf[0] == MODE_SENSE) { 1321 outbuf[0] = buflen - 1; 1322 } else { /* MODE_SENSE_10 */ 1323 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1324 outbuf[1] = (buflen - 2) & 0xff; 1325 } 1326 return buflen; 1327 } 1328 1329 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1330 { 1331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1332 int start_track, format, msf, toclen; 1333 uint64_t nb_sectors; 1334 1335 msf = req->cmd.buf[1] & 2; 1336 format = req->cmd.buf[2] & 0xf; 1337 start_track = req->cmd.buf[6]; 1338 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1339 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1340 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1341 switch (format) { 1342 case 0: 1343 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1344 break; 1345 case 1: 1346 /* multi session : only a single session defined */ 1347 toclen = 12; 1348 memset(outbuf, 0, 12); 1349 outbuf[1] = 0x0a; 1350 outbuf[2] = 0x01; 1351 outbuf[3] = 0x01; 1352 break; 1353 case 2: 1354 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1355 break; 1356 default: 1357 return -1; 1358 } 1359 return toclen; 1360 } 1361 1362 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1363 { 1364 SCSIRequest *req = &r->req; 1365 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1366 bool start = req->cmd.buf[4] & 1; 1367 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1368 int pwrcnd = req->cmd.buf[4] & 0xf0; 1369 1370 if (pwrcnd) { 1371 /* eject/load only happens for power condition == 0 */ 1372 return 0; 1373 } 1374 1375 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1376 if (!start && !s->tray_open && s->tray_locked) { 1377 scsi_check_condition(r, 1378 blk_is_inserted(s->qdev.conf.blk) 1379 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1380 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1381 return -1; 1382 } 1383 1384 if (s->tray_open != !start) { 1385 blk_eject(s->qdev.conf.blk, !start); 1386 s->tray_open = !start; 1387 } 1388 } 1389 return 0; 1390 } 1391 1392 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1393 { 1394 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1395 int buflen = r->iov.iov_len; 1396 1397 if (buflen) { 1398 trace_scsi_disk_emulate_read_data(buflen); 1399 r->iov.iov_len = 0; 1400 r->started = true; 1401 scsi_req_data(&r->req, buflen); 1402 return; 1403 } 1404 1405 /* This also clears the sense buffer for REQUEST SENSE. */ 1406 scsi_req_complete(&r->req, GOOD); 1407 } 1408 1409 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1410 uint8_t *inbuf, int inlen) 1411 { 1412 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1413 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1414 uint8_t *p; 1415 int len, expected_len, changeable_len, i; 1416 1417 /* The input buffer does not include the page header, so it is 1418 * off by 2 bytes. 1419 */ 1420 expected_len = inlen + 2; 1421 if (expected_len > SCSI_MAX_MODE_LEN) { 1422 return -1; 1423 } 1424 1425 p = mode_current; 1426 memset(mode_current, 0, inlen + 2); 1427 len = mode_sense_page(s, page, &p, 0); 1428 if (len < 0 || len != expected_len) { 1429 return -1; 1430 } 1431 1432 p = mode_changeable; 1433 memset(mode_changeable, 0, inlen + 2); 1434 changeable_len = mode_sense_page(s, page, &p, 1); 1435 assert(changeable_len == len); 1436 1437 /* Check that unchangeable bits are the same as what MODE SENSE 1438 * would return. 1439 */ 1440 for (i = 2; i < len; i++) { 1441 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1442 return -1; 1443 } 1444 } 1445 return 0; 1446 } 1447 1448 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1449 { 1450 switch (page) { 1451 case MODE_PAGE_CACHING: 1452 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1453 break; 1454 1455 default: 1456 break; 1457 } 1458 } 1459 1460 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1461 { 1462 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1463 1464 while (len > 0) { 1465 int page, subpage, page_len; 1466 1467 /* Parse both possible formats for the mode page headers. */ 1468 page = p[0] & 0x3f; 1469 if (p[0] & 0x40) { 1470 if (len < 4) { 1471 goto invalid_param_len; 1472 } 1473 subpage = p[1]; 1474 page_len = lduw_be_p(&p[2]); 1475 p += 4; 1476 len -= 4; 1477 } else { 1478 if (len < 2) { 1479 goto invalid_param_len; 1480 } 1481 subpage = 0; 1482 page_len = p[1]; 1483 p += 2; 1484 len -= 2; 1485 } 1486 1487 if (subpage) { 1488 goto invalid_param; 1489 } 1490 if (page_len > len) { 1491 goto invalid_param_len; 1492 } 1493 1494 if (!change) { 1495 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1496 goto invalid_param; 1497 } 1498 } else { 1499 scsi_disk_apply_mode_select(s, page, p); 1500 } 1501 1502 p += page_len; 1503 len -= page_len; 1504 } 1505 return 0; 1506 1507 invalid_param: 1508 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1509 return -1; 1510 1511 invalid_param_len: 1512 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1513 return -1; 1514 } 1515 1516 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1517 { 1518 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1519 uint8_t *p = inbuf; 1520 int cmd = r->req.cmd.buf[0]; 1521 int len = r->req.cmd.xfer; 1522 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1523 int bd_len; 1524 int pass; 1525 1526 /* We only support PF=1, SP=0. */ 1527 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1528 goto invalid_field; 1529 } 1530 1531 if (len < hdr_len) { 1532 goto invalid_param_len; 1533 } 1534 1535 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1536 len -= hdr_len; 1537 p += hdr_len; 1538 if (len < bd_len) { 1539 goto invalid_param_len; 1540 } 1541 if (bd_len != 0 && bd_len != 8) { 1542 goto invalid_param; 1543 } 1544 1545 len -= bd_len; 1546 p += bd_len; 1547 1548 /* Ensure no change is made if there is an error! */ 1549 for (pass = 0; pass < 2; pass++) { 1550 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1551 assert(pass == 0); 1552 return; 1553 } 1554 } 1555 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1556 /* The request is used as the AIO opaque value, so add a ref. */ 1557 scsi_req_ref(&r->req); 1558 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1559 BLOCK_ACCT_FLUSH); 1560 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1561 return; 1562 } 1563 1564 scsi_req_complete(&r->req, GOOD); 1565 return; 1566 1567 invalid_param: 1568 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1569 return; 1570 1571 invalid_param_len: 1572 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1573 return; 1574 1575 invalid_field: 1576 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1577 } 1578 1579 static inline bool check_lba_range(SCSIDiskState *s, 1580 uint64_t sector_num, uint32_t nb_sectors) 1581 { 1582 /* 1583 * The first line tests that no overflow happens when computing the last 1584 * sector. The second line tests that the last accessed sector is in 1585 * range. 1586 * 1587 * Careful, the computations should not underflow for nb_sectors == 0, 1588 * and a 0-block read to the first LBA beyond the end of device is 1589 * valid. 1590 */ 1591 return (sector_num <= sector_num + nb_sectors && 1592 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1593 } 1594 1595 typedef struct UnmapCBData { 1596 SCSIDiskReq *r; 1597 uint8_t *inbuf; 1598 int count; 1599 } UnmapCBData; 1600 1601 static void scsi_unmap_complete(void *opaque, int ret); 1602 1603 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1604 { 1605 SCSIDiskReq *r = data->r; 1606 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1607 1608 assert(r->req.aiocb == NULL); 1609 1610 if (data->count > 0) { 1611 r->sector = ldq_be_p(&data->inbuf[0]) 1612 * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1613 r->sector_count = (ldl_be_p(&data->inbuf[8]) & 0xffffffffULL) 1614 * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1615 if (!check_lba_range(s, r->sector, r->sector_count)) { 1616 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1617 BLOCK_ACCT_UNMAP); 1618 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1619 goto done; 1620 } 1621 1622 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1623 r->sector_count * BDRV_SECTOR_SIZE, 1624 BLOCK_ACCT_UNMAP); 1625 1626 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1627 r->sector * BDRV_SECTOR_SIZE, 1628 r->sector_count * BDRV_SECTOR_SIZE, 1629 scsi_unmap_complete, data); 1630 data->count--; 1631 data->inbuf += 16; 1632 return; 1633 } 1634 1635 scsi_req_complete(&r->req, GOOD); 1636 1637 done: 1638 scsi_req_unref(&r->req); 1639 g_free(data); 1640 } 1641 1642 static void scsi_unmap_complete(void *opaque, int ret) 1643 { 1644 UnmapCBData *data = opaque; 1645 SCSIDiskReq *r = data->r; 1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1647 1648 assert(r->req.aiocb != NULL); 1649 r->req.aiocb = NULL; 1650 1651 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1652 if (scsi_disk_req_check_error(r, ret, true)) { 1653 scsi_req_unref(&r->req); 1654 g_free(data); 1655 } else { 1656 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1657 scsi_unmap_complete_noio(data, ret); 1658 } 1659 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1660 } 1661 1662 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1663 { 1664 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1665 uint8_t *p = inbuf; 1666 int len = r->req.cmd.xfer; 1667 UnmapCBData *data; 1668 1669 /* Reject ANCHOR=1. */ 1670 if (r->req.cmd.buf[1] & 0x1) { 1671 goto invalid_field; 1672 } 1673 1674 if (len < 8) { 1675 goto invalid_param_len; 1676 } 1677 if (len < lduw_be_p(&p[0]) + 2) { 1678 goto invalid_param_len; 1679 } 1680 if (len < lduw_be_p(&p[2]) + 8) { 1681 goto invalid_param_len; 1682 } 1683 if (lduw_be_p(&p[2]) & 15) { 1684 goto invalid_param_len; 1685 } 1686 1687 if (blk_is_read_only(s->qdev.conf.blk)) { 1688 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1689 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1690 return; 1691 } 1692 1693 data = g_new0(UnmapCBData, 1); 1694 data->r = r; 1695 data->inbuf = &p[8]; 1696 data->count = lduw_be_p(&p[2]) >> 4; 1697 1698 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1699 scsi_req_ref(&r->req); 1700 scsi_unmap_complete_noio(data, 0); 1701 return; 1702 1703 invalid_param_len: 1704 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1705 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1706 return; 1707 1708 invalid_field: 1709 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1710 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1711 } 1712 1713 typedef struct WriteSameCBData { 1714 SCSIDiskReq *r; 1715 int64_t sector; 1716 int nb_sectors; 1717 QEMUIOVector qiov; 1718 struct iovec iov; 1719 } WriteSameCBData; 1720 1721 static void scsi_write_same_complete(void *opaque, int ret) 1722 { 1723 WriteSameCBData *data = opaque; 1724 SCSIDiskReq *r = data->r; 1725 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1726 1727 assert(r->req.aiocb != NULL); 1728 r->req.aiocb = NULL; 1729 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1730 if (scsi_disk_req_check_error(r, ret, true)) { 1731 goto done; 1732 } 1733 1734 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1735 1736 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1737 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1738 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1739 data->iov.iov_len); 1740 if (data->iov.iov_len) { 1741 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1742 data->iov.iov_len, BLOCK_ACCT_WRITE); 1743 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1744 * where final qiov may need smaller size */ 1745 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1746 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1747 data->sector << BDRV_SECTOR_BITS, 1748 &data->qiov, 0, 1749 scsi_write_same_complete, data); 1750 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1751 return; 1752 } 1753 1754 scsi_req_complete(&r->req, GOOD); 1755 1756 done: 1757 scsi_req_unref(&r->req); 1758 qemu_vfree(data->iov.iov_base); 1759 g_free(data); 1760 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1761 } 1762 1763 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1764 { 1765 SCSIRequest *req = &r->req; 1766 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1767 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1768 WriteSameCBData *data; 1769 uint8_t *buf; 1770 int i; 1771 1772 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1773 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1774 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1775 return; 1776 } 1777 1778 if (blk_is_read_only(s->qdev.conf.blk)) { 1779 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1780 return; 1781 } 1782 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1783 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1784 return; 1785 } 1786 1787 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1788 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1789 1790 /* The request is used as the AIO opaque value, so add a ref. */ 1791 scsi_req_ref(&r->req); 1792 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1793 nb_sectors * s->qdev.blocksize, 1794 BLOCK_ACCT_WRITE); 1795 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1796 r->req.cmd.lba * s->qdev.blocksize, 1797 nb_sectors * s->qdev.blocksize, 1798 flags, scsi_aio_complete, r); 1799 return; 1800 } 1801 1802 data = g_new0(WriteSameCBData, 1); 1803 data->r = r; 1804 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1805 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1806 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1807 SCSI_WRITE_SAME_MAX); 1808 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1809 data->iov.iov_len); 1810 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1811 1812 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1813 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1814 } 1815 1816 scsi_req_ref(&r->req); 1817 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1818 data->iov.iov_len, BLOCK_ACCT_WRITE); 1819 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1820 data->sector << BDRV_SECTOR_BITS, 1821 &data->qiov, 0, 1822 scsi_write_same_complete, data); 1823 } 1824 1825 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1826 { 1827 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1828 1829 if (r->iov.iov_len) { 1830 int buflen = r->iov.iov_len; 1831 trace_scsi_disk_emulate_write_data(buflen); 1832 r->iov.iov_len = 0; 1833 scsi_req_data(&r->req, buflen); 1834 return; 1835 } 1836 1837 switch (req->cmd.buf[0]) { 1838 case MODE_SELECT: 1839 case MODE_SELECT_10: 1840 /* This also clears the sense buffer for REQUEST SENSE. */ 1841 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1842 break; 1843 1844 case UNMAP: 1845 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1846 break; 1847 1848 case VERIFY_10: 1849 case VERIFY_12: 1850 case VERIFY_16: 1851 if (r->req.status == -1) { 1852 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1853 } 1854 break; 1855 1856 case WRITE_SAME_10: 1857 case WRITE_SAME_16: 1858 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1859 break; 1860 1861 default: 1862 abort(); 1863 } 1864 } 1865 1866 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1867 { 1868 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1869 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1870 uint64_t nb_sectors; 1871 uint8_t *outbuf; 1872 int buflen; 1873 1874 switch (req->cmd.buf[0]) { 1875 case INQUIRY: 1876 case MODE_SENSE: 1877 case MODE_SENSE_10: 1878 case RESERVE: 1879 case RESERVE_10: 1880 case RELEASE: 1881 case RELEASE_10: 1882 case START_STOP: 1883 case ALLOW_MEDIUM_REMOVAL: 1884 case GET_CONFIGURATION: 1885 case GET_EVENT_STATUS_NOTIFICATION: 1886 case MECHANISM_STATUS: 1887 case REQUEST_SENSE: 1888 break; 1889 1890 default: 1891 if (!blk_is_available(s->qdev.conf.blk)) { 1892 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1893 return 0; 1894 } 1895 break; 1896 } 1897 1898 /* 1899 * FIXME: we shouldn't return anything bigger than 4k, but the code 1900 * requires the buffer to be as big as req->cmd.xfer in several 1901 * places. So, do not allow CDBs with a very large ALLOCATION 1902 * LENGTH. The real fix would be to modify scsi_read_data and 1903 * dma_buf_read, so that they return data beyond the buflen 1904 * as all zeros. 1905 */ 1906 if (req->cmd.xfer > 65536) { 1907 goto illegal_request; 1908 } 1909 r->buflen = MAX(4096, req->cmd.xfer); 1910 1911 if (!r->iov.iov_base) { 1912 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1913 } 1914 1915 outbuf = r->iov.iov_base; 1916 memset(outbuf, 0, r->buflen); 1917 switch (req->cmd.buf[0]) { 1918 case TEST_UNIT_READY: 1919 assert(blk_is_available(s->qdev.conf.blk)); 1920 break; 1921 case INQUIRY: 1922 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1923 if (buflen < 0) { 1924 goto illegal_request; 1925 } 1926 break; 1927 case MODE_SENSE: 1928 case MODE_SENSE_10: 1929 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1930 if (buflen < 0) { 1931 goto illegal_request; 1932 } 1933 break; 1934 case READ_TOC: 1935 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1936 if (buflen < 0) { 1937 goto illegal_request; 1938 } 1939 break; 1940 case RESERVE: 1941 if (req->cmd.buf[1] & 1) { 1942 goto illegal_request; 1943 } 1944 break; 1945 case RESERVE_10: 1946 if (req->cmd.buf[1] & 3) { 1947 goto illegal_request; 1948 } 1949 break; 1950 case RELEASE: 1951 if (req->cmd.buf[1] & 1) { 1952 goto illegal_request; 1953 } 1954 break; 1955 case RELEASE_10: 1956 if (req->cmd.buf[1] & 3) { 1957 goto illegal_request; 1958 } 1959 break; 1960 case START_STOP: 1961 if (scsi_disk_emulate_start_stop(r) < 0) { 1962 return 0; 1963 } 1964 break; 1965 case ALLOW_MEDIUM_REMOVAL: 1966 s->tray_locked = req->cmd.buf[4] & 1; 1967 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1968 break; 1969 case READ_CAPACITY_10: 1970 /* The normal LEN field for this command is zero. */ 1971 memset(outbuf, 0, 8); 1972 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1973 if (!nb_sectors) { 1974 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1975 return 0; 1976 } 1977 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1978 goto illegal_request; 1979 } 1980 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1981 /* Returned value is the address of the last sector. */ 1982 nb_sectors--; 1983 /* Remember the new size for read/write sanity checking. */ 1984 s->qdev.max_lba = nb_sectors; 1985 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1986 if (nb_sectors > UINT32_MAX) { 1987 nb_sectors = UINT32_MAX; 1988 } 1989 outbuf[0] = (nb_sectors >> 24) & 0xff; 1990 outbuf[1] = (nb_sectors >> 16) & 0xff; 1991 outbuf[2] = (nb_sectors >> 8) & 0xff; 1992 outbuf[3] = nb_sectors & 0xff; 1993 outbuf[4] = 0; 1994 outbuf[5] = 0; 1995 outbuf[6] = s->qdev.blocksize >> 8; 1996 outbuf[7] = 0; 1997 break; 1998 case REQUEST_SENSE: 1999 /* Just return "NO SENSE". */ 2000 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2001 (req->cmd.buf[1] & 1) == 0); 2002 if (buflen < 0) { 2003 goto illegal_request; 2004 } 2005 break; 2006 case MECHANISM_STATUS: 2007 buflen = scsi_emulate_mechanism_status(s, outbuf); 2008 if (buflen < 0) { 2009 goto illegal_request; 2010 } 2011 break; 2012 case GET_CONFIGURATION: 2013 buflen = scsi_get_configuration(s, outbuf); 2014 if (buflen < 0) { 2015 goto illegal_request; 2016 } 2017 break; 2018 case GET_EVENT_STATUS_NOTIFICATION: 2019 buflen = scsi_get_event_status_notification(s, r, outbuf); 2020 if (buflen < 0) { 2021 goto illegal_request; 2022 } 2023 break; 2024 case READ_DISC_INFORMATION: 2025 buflen = scsi_read_disc_information(s, r, outbuf); 2026 if (buflen < 0) { 2027 goto illegal_request; 2028 } 2029 break; 2030 case READ_DVD_STRUCTURE: 2031 buflen = scsi_read_dvd_structure(s, r, outbuf); 2032 if (buflen < 0) { 2033 goto illegal_request; 2034 } 2035 break; 2036 case SERVICE_ACTION_IN_16: 2037 /* Service Action In subcommands. */ 2038 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2039 trace_scsi_disk_emulate_command_SAI_16(); 2040 memset(outbuf, 0, req->cmd.xfer); 2041 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2042 if (!nb_sectors) { 2043 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2044 return 0; 2045 } 2046 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2047 goto illegal_request; 2048 } 2049 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2050 /* Returned value is the address of the last sector. */ 2051 nb_sectors--; 2052 /* Remember the new size for read/write sanity checking. */ 2053 s->qdev.max_lba = nb_sectors; 2054 outbuf[0] = (nb_sectors >> 56) & 0xff; 2055 outbuf[1] = (nb_sectors >> 48) & 0xff; 2056 outbuf[2] = (nb_sectors >> 40) & 0xff; 2057 outbuf[3] = (nb_sectors >> 32) & 0xff; 2058 outbuf[4] = (nb_sectors >> 24) & 0xff; 2059 outbuf[5] = (nb_sectors >> 16) & 0xff; 2060 outbuf[6] = (nb_sectors >> 8) & 0xff; 2061 outbuf[7] = nb_sectors & 0xff; 2062 outbuf[8] = 0; 2063 outbuf[9] = 0; 2064 outbuf[10] = s->qdev.blocksize >> 8; 2065 outbuf[11] = 0; 2066 outbuf[12] = 0; 2067 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2068 2069 /* set TPE bit if the format supports discard */ 2070 if (s->qdev.conf.discard_granularity) { 2071 outbuf[14] = 0x80; 2072 } 2073 2074 /* Protection, exponent and lowest lba field left blank. */ 2075 break; 2076 } 2077 trace_scsi_disk_emulate_command_SAI_unsupported(); 2078 goto illegal_request; 2079 case SYNCHRONIZE_CACHE: 2080 /* The request is used as the AIO opaque value, so add a ref. */ 2081 scsi_req_ref(&r->req); 2082 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2083 BLOCK_ACCT_FLUSH); 2084 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2085 return 0; 2086 case SEEK_10: 2087 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2088 if (r->req.cmd.lba > s->qdev.max_lba) { 2089 goto illegal_lba; 2090 } 2091 break; 2092 case MODE_SELECT: 2093 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2094 break; 2095 case MODE_SELECT_10: 2096 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2097 break; 2098 case UNMAP: 2099 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2100 break; 2101 case VERIFY_10: 2102 case VERIFY_12: 2103 case VERIFY_16: 2104 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2105 if (req->cmd.buf[1] & 6) { 2106 goto illegal_request; 2107 } 2108 break; 2109 case WRITE_SAME_10: 2110 case WRITE_SAME_16: 2111 trace_scsi_disk_emulate_command_WRITE_SAME( 2112 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2113 break; 2114 default: 2115 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2116 scsi_command_name(buf[0])); 2117 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2118 return 0; 2119 } 2120 assert(!r->req.aiocb); 2121 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2122 if (r->iov.iov_len == 0) { 2123 scsi_req_complete(&r->req, GOOD); 2124 } 2125 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2126 assert(r->iov.iov_len == req->cmd.xfer); 2127 return -r->iov.iov_len; 2128 } else { 2129 return r->iov.iov_len; 2130 } 2131 2132 illegal_request: 2133 if (r->req.status == -1) { 2134 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2135 } 2136 return 0; 2137 2138 illegal_lba: 2139 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2140 return 0; 2141 } 2142 2143 /* Execute a scsi command. Returns the length of the data expected by the 2144 command. This will be Positive for data transfers from the device 2145 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2146 and zero if the command does not transfer any data. */ 2147 2148 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2149 { 2150 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2151 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2152 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2153 uint32_t len; 2154 uint8_t command; 2155 2156 command = buf[0]; 2157 2158 if (!blk_is_available(s->qdev.conf.blk)) { 2159 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2160 return 0; 2161 } 2162 2163 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2164 switch (command) { 2165 case READ_6: 2166 case READ_10: 2167 case READ_12: 2168 case READ_16: 2169 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2170 /* Protection information is not supported. For SCSI versions 2 and 2171 * older (as determined by snooping the guest's INQUIRY commands), 2172 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2173 */ 2174 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2175 goto illegal_request; 2176 } 2177 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2178 goto illegal_lba; 2179 } 2180 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2181 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2182 break; 2183 case WRITE_6: 2184 case WRITE_10: 2185 case WRITE_12: 2186 case WRITE_16: 2187 case WRITE_VERIFY_10: 2188 case WRITE_VERIFY_12: 2189 case WRITE_VERIFY_16: 2190 if (blk_is_read_only(s->qdev.conf.blk)) { 2191 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2192 return 0; 2193 } 2194 trace_scsi_disk_dma_command_WRITE( 2195 (command & 0xe) == 0xe ? "And Verify " : "", 2196 r->req.cmd.lba, len); 2197 /* fall through */ 2198 case VERIFY_10: 2199 case VERIFY_12: 2200 case VERIFY_16: 2201 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2202 * As far as DMA is concerned, we can treat it the same as a write; 2203 * scsi_block_do_sgio will send VERIFY commands. 2204 */ 2205 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2206 goto illegal_request; 2207 } 2208 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2209 goto illegal_lba; 2210 } 2211 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2212 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2213 break; 2214 default: 2215 abort(); 2216 illegal_request: 2217 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2218 return 0; 2219 illegal_lba: 2220 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2221 return 0; 2222 } 2223 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2224 if (r->sector_count == 0) { 2225 scsi_req_complete(&r->req, GOOD); 2226 } 2227 assert(r->iov.iov_len == 0); 2228 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2229 return -r->sector_count * BDRV_SECTOR_SIZE; 2230 } else { 2231 return r->sector_count * BDRV_SECTOR_SIZE; 2232 } 2233 } 2234 2235 static void scsi_disk_reset(DeviceState *dev) 2236 { 2237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2238 uint64_t nb_sectors; 2239 2240 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2241 2242 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2243 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2244 if (nb_sectors) { 2245 nb_sectors--; 2246 } 2247 s->qdev.max_lba = nb_sectors; 2248 /* reset tray statuses */ 2249 s->tray_locked = 0; 2250 s->tray_open = 0; 2251 2252 s->qdev.scsi_version = s->qdev.default_scsi_version; 2253 } 2254 2255 static void scsi_disk_resize_cb(void *opaque) 2256 { 2257 SCSIDiskState *s = opaque; 2258 2259 /* SPC lists this sense code as available only for 2260 * direct-access devices. 2261 */ 2262 if (s->qdev.type == TYPE_DISK) { 2263 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2264 } 2265 } 2266 2267 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2268 { 2269 SCSIDiskState *s = opaque; 2270 2271 /* 2272 * When a CD gets changed, we have to report an ejected state and 2273 * then a loaded state to guests so that they detect tray 2274 * open/close and media change events. Guests that do not use 2275 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2276 * states rely on this behavior. 2277 * 2278 * media_changed governs the state machine used for unit attention 2279 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2280 */ 2281 s->media_changed = load; 2282 s->tray_open = !load; 2283 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2284 s->media_event = true; 2285 s->eject_request = false; 2286 } 2287 2288 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2289 { 2290 SCSIDiskState *s = opaque; 2291 2292 s->eject_request = true; 2293 if (force) { 2294 s->tray_locked = false; 2295 } 2296 } 2297 2298 static bool scsi_cd_is_tray_open(void *opaque) 2299 { 2300 return ((SCSIDiskState *)opaque)->tray_open; 2301 } 2302 2303 static bool scsi_cd_is_medium_locked(void *opaque) 2304 { 2305 return ((SCSIDiskState *)opaque)->tray_locked; 2306 } 2307 2308 static const BlockDevOps scsi_disk_removable_block_ops = { 2309 .change_media_cb = scsi_cd_change_media_cb, 2310 .eject_request_cb = scsi_cd_eject_request_cb, 2311 .is_tray_open = scsi_cd_is_tray_open, 2312 .is_medium_locked = scsi_cd_is_medium_locked, 2313 2314 .resize_cb = scsi_disk_resize_cb, 2315 }; 2316 2317 static const BlockDevOps scsi_disk_block_ops = { 2318 .resize_cb = scsi_disk_resize_cb, 2319 }; 2320 2321 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2322 { 2323 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2324 if (s->media_changed) { 2325 s->media_changed = false; 2326 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2327 } 2328 } 2329 2330 static void scsi_realize(SCSIDevice *dev, Error **errp) 2331 { 2332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2333 bool read_only; 2334 2335 if (!s->qdev.conf.blk) { 2336 error_setg(errp, "drive property not set"); 2337 return; 2338 } 2339 2340 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2341 !blk_is_inserted(s->qdev.conf.blk)) { 2342 error_setg(errp, "Device needs media, but drive is empty"); 2343 return; 2344 } 2345 2346 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2347 return; 2348 } 2349 2350 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2351 !s->qdev.hba_supports_iothread) 2352 { 2353 error_setg(errp, "HBA does not support iothreads"); 2354 return; 2355 } 2356 2357 if (dev->type == TYPE_DISK) { 2358 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2359 return; 2360 } 2361 } 2362 2363 read_only = blk_is_read_only(s->qdev.conf.blk); 2364 if (dev->type == TYPE_ROM) { 2365 read_only = true; 2366 } 2367 2368 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2369 dev->type == TYPE_DISK, errp)) { 2370 return; 2371 } 2372 2373 if (s->qdev.conf.discard_granularity == -1) { 2374 s->qdev.conf.discard_granularity = 2375 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2376 } 2377 2378 if (!s->version) { 2379 s->version = g_strdup(qemu_hw_version()); 2380 } 2381 if (!s->vendor) { 2382 s->vendor = g_strdup("QEMU"); 2383 } 2384 if (!s->device_id) { 2385 if (s->serial) { 2386 s->device_id = g_strdup_printf("%.20s", s->serial); 2387 } else { 2388 const char *str = blk_name(s->qdev.conf.blk); 2389 if (str && *str) { 2390 s->device_id = g_strdup(str); 2391 } 2392 } 2393 } 2394 2395 if (blk_is_sg(s->qdev.conf.blk)) { 2396 error_setg(errp, "unwanted /dev/sg*"); 2397 return; 2398 } 2399 2400 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2401 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2402 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2403 } else { 2404 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2405 } 2406 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2407 2408 blk_iostatus_enable(s->qdev.conf.blk); 2409 2410 add_boot_device_lchs(&dev->qdev, NULL, 2411 dev->conf.lcyls, 2412 dev->conf.lheads, 2413 dev->conf.lsecs); 2414 } 2415 2416 static void scsi_unrealize(SCSIDevice *dev) 2417 { 2418 del_boot_device_lchs(&dev->qdev, NULL); 2419 } 2420 2421 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2422 { 2423 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2424 AioContext *ctx = NULL; 2425 /* can happen for devices without drive. The error message for missing 2426 * backend will be issued in scsi_realize 2427 */ 2428 if (s->qdev.conf.blk) { 2429 ctx = blk_get_aio_context(s->qdev.conf.blk); 2430 aio_context_acquire(ctx); 2431 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2432 goto out; 2433 } 2434 } 2435 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2436 s->qdev.type = TYPE_DISK; 2437 if (!s->product) { 2438 s->product = g_strdup("QEMU HARDDISK"); 2439 } 2440 scsi_realize(&s->qdev, errp); 2441 out: 2442 if (ctx) { 2443 aio_context_release(ctx); 2444 } 2445 } 2446 2447 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2448 { 2449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2450 AioContext *ctx; 2451 int ret; 2452 2453 if (!dev->conf.blk) { 2454 /* Anonymous BlockBackend for an empty drive. As we put it into 2455 * dev->conf, qdev takes care of detaching on unplug. */ 2456 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2457 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2458 assert(ret == 0); 2459 } 2460 2461 ctx = blk_get_aio_context(dev->conf.blk); 2462 aio_context_acquire(ctx); 2463 s->qdev.blocksize = 2048; 2464 s->qdev.type = TYPE_ROM; 2465 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2466 if (!s->product) { 2467 s->product = g_strdup("QEMU CD-ROM"); 2468 } 2469 scsi_realize(&s->qdev, errp); 2470 aio_context_release(ctx); 2471 } 2472 2473 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2474 { 2475 DriveInfo *dinfo; 2476 Error *local_err = NULL; 2477 2478 warn_report("'scsi-disk' is deprecated, " 2479 "please use 'scsi-hd' or 'scsi-cd' instead"); 2480 2481 if (!dev->conf.blk) { 2482 scsi_realize(dev, &local_err); 2483 assert(local_err); 2484 error_propagate(errp, local_err); 2485 return; 2486 } 2487 2488 dinfo = blk_legacy_dinfo(dev->conf.blk); 2489 if (dinfo && dinfo->media_cd) { 2490 scsi_cd_realize(dev, errp); 2491 } else { 2492 scsi_hd_realize(dev, errp); 2493 } 2494 } 2495 2496 static const SCSIReqOps scsi_disk_emulate_reqops = { 2497 .size = sizeof(SCSIDiskReq), 2498 .free_req = scsi_free_request, 2499 .send_command = scsi_disk_emulate_command, 2500 .read_data = scsi_disk_emulate_read_data, 2501 .write_data = scsi_disk_emulate_write_data, 2502 .get_buf = scsi_get_buf, 2503 }; 2504 2505 static const SCSIReqOps scsi_disk_dma_reqops = { 2506 .size = sizeof(SCSIDiskReq), 2507 .free_req = scsi_free_request, 2508 .send_command = scsi_disk_dma_command, 2509 .read_data = scsi_read_data, 2510 .write_data = scsi_write_data, 2511 .get_buf = scsi_get_buf, 2512 .load_request = scsi_disk_load_request, 2513 .save_request = scsi_disk_save_request, 2514 }; 2515 2516 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2517 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2518 [INQUIRY] = &scsi_disk_emulate_reqops, 2519 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2520 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2521 [START_STOP] = &scsi_disk_emulate_reqops, 2522 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2523 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2524 [READ_TOC] = &scsi_disk_emulate_reqops, 2525 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2526 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2527 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2528 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2529 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2530 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2531 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2532 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2533 [SEEK_10] = &scsi_disk_emulate_reqops, 2534 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2535 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2536 [UNMAP] = &scsi_disk_emulate_reqops, 2537 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2538 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2539 [VERIFY_10] = &scsi_disk_emulate_reqops, 2540 [VERIFY_12] = &scsi_disk_emulate_reqops, 2541 [VERIFY_16] = &scsi_disk_emulate_reqops, 2542 2543 [READ_6] = &scsi_disk_dma_reqops, 2544 [READ_10] = &scsi_disk_dma_reqops, 2545 [READ_12] = &scsi_disk_dma_reqops, 2546 [READ_16] = &scsi_disk_dma_reqops, 2547 [WRITE_6] = &scsi_disk_dma_reqops, 2548 [WRITE_10] = &scsi_disk_dma_reqops, 2549 [WRITE_12] = &scsi_disk_dma_reqops, 2550 [WRITE_16] = &scsi_disk_dma_reqops, 2551 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2552 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2553 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2554 }; 2555 2556 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2557 { 2558 int i; 2559 int len = scsi_cdb_length(buf); 2560 char *line_buffer, *p; 2561 2562 line_buffer = g_malloc(len * 5 + 1); 2563 2564 for (i = 0, p = line_buffer; i < len; i++) { 2565 p += sprintf(p, " 0x%02x", buf[i]); 2566 } 2567 trace_scsi_disk_new_request(lun, tag, line_buffer); 2568 2569 g_free(line_buffer); 2570 } 2571 2572 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2573 uint8_t *buf, void *hba_private) 2574 { 2575 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2576 SCSIRequest *req; 2577 const SCSIReqOps *ops; 2578 uint8_t command; 2579 2580 command = buf[0]; 2581 ops = scsi_disk_reqops_dispatch[command]; 2582 if (!ops) { 2583 ops = &scsi_disk_emulate_reqops; 2584 } 2585 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2586 2587 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2588 scsi_disk_new_request_dump(lun, tag, buf); 2589 } 2590 2591 return req; 2592 } 2593 2594 #ifdef __linux__ 2595 static int get_device_type(SCSIDiskState *s) 2596 { 2597 uint8_t cmd[16]; 2598 uint8_t buf[36]; 2599 int ret; 2600 2601 memset(cmd, 0, sizeof(cmd)); 2602 memset(buf, 0, sizeof(buf)); 2603 cmd[0] = INQUIRY; 2604 cmd[4] = sizeof(buf); 2605 2606 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2607 buf, sizeof(buf)); 2608 if (ret < 0) { 2609 return -1; 2610 } 2611 s->qdev.type = buf[0]; 2612 if (buf[1] & 0x80) { 2613 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2614 } 2615 return 0; 2616 } 2617 2618 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2619 { 2620 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2621 AioContext *ctx; 2622 int sg_version; 2623 int rc; 2624 2625 if (!s->qdev.conf.blk) { 2626 error_setg(errp, "drive property not set"); 2627 return; 2628 } 2629 2630 if (s->rotation_rate) { 2631 error_report_once("rotation_rate is specified for scsi-block but is " 2632 "not implemented. This option is deprecated and will " 2633 "be removed in a future version"); 2634 } 2635 2636 ctx = blk_get_aio_context(s->qdev.conf.blk); 2637 aio_context_acquire(ctx); 2638 2639 /* check we are using a driver managing SG_IO (version 3 and after) */ 2640 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2641 if (rc < 0) { 2642 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2643 if (rc != -EPERM) { 2644 error_append_hint(errp, "Is this a SCSI device?\n"); 2645 } 2646 goto out; 2647 } 2648 if (sg_version < 30000) { 2649 error_setg(errp, "scsi generic interface too old"); 2650 goto out; 2651 } 2652 2653 /* get device type from INQUIRY data */ 2654 rc = get_device_type(s); 2655 if (rc < 0) { 2656 error_setg(errp, "INQUIRY failed"); 2657 goto out; 2658 } 2659 2660 /* Make a guess for the block size, we'll fix it when the guest sends. 2661 * READ CAPACITY. If they don't, they likely would assume these sizes 2662 * anyway. (TODO: check in /sys). 2663 */ 2664 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2665 s->qdev.blocksize = 2048; 2666 } else { 2667 s->qdev.blocksize = 512; 2668 } 2669 2670 /* Makes the scsi-block device not removable by using HMP and QMP eject 2671 * command. 2672 */ 2673 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2674 2675 scsi_realize(&s->qdev, errp); 2676 scsi_generic_read_device_inquiry(&s->qdev); 2677 2678 out: 2679 aio_context_release(ctx); 2680 } 2681 2682 typedef struct SCSIBlockReq { 2683 SCSIDiskReq req; 2684 sg_io_hdr_t io_header; 2685 2686 /* Selected bytes of the original CDB, copied into our own CDB. */ 2687 uint8_t cmd, cdb1, group_number; 2688 2689 /* CDB passed to SG_IO. */ 2690 uint8_t cdb[16]; 2691 } SCSIBlockReq; 2692 2693 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2694 int64_t offset, QEMUIOVector *iov, 2695 int direction, 2696 BlockCompletionFunc *cb, void *opaque) 2697 { 2698 sg_io_hdr_t *io_header = &req->io_header; 2699 SCSIDiskReq *r = &req->req; 2700 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2701 int nb_logical_blocks; 2702 uint64_t lba; 2703 BlockAIOCB *aiocb; 2704 2705 /* This is not supported yet. It can only happen if the guest does 2706 * reads and writes that are not aligned to one logical sectors 2707 * _and_ cover multiple MemoryRegions. 2708 */ 2709 assert(offset % s->qdev.blocksize == 0); 2710 assert(iov->size % s->qdev.blocksize == 0); 2711 2712 io_header->interface_id = 'S'; 2713 2714 /* The data transfer comes from the QEMUIOVector. */ 2715 io_header->dxfer_direction = direction; 2716 io_header->dxfer_len = iov->size; 2717 io_header->dxferp = (void *)iov->iov; 2718 io_header->iovec_count = iov->niov; 2719 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2720 2721 /* Build a new CDB with the LBA and length patched in, in case 2722 * DMA helpers split the transfer in multiple segments. Do not 2723 * build a CDB smaller than what the guest wanted, and only build 2724 * a larger one if strictly necessary. 2725 */ 2726 io_header->cmdp = req->cdb; 2727 lba = offset / s->qdev.blocksize; 2728 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2729 2730 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2731 /* 6-byte CDB */ 2732 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2733 req->cdb[4] = nb_logical_blocks; 2734 req->cdb[5] = 0; 2735 io_header->cmd_len = 6; 2736 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2737 /* 10-byte CDB */ 2738 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2739 req->cdb[1] = req->cdb1; 2740 stl_be_p(&req->cdb[2], lba); 2741 req->cdb[6] = req->group_number; 2742 stw_be_p(&req->cdb[7], nb_logical_blocks); 2743 req->cdb[9] = 0; 2744 io_header->cmd_len = 10; 2745 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2746 /* 12-byte CDB */ 2747 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2748 req->cdb[1] = req->cdb1; 2749 stl_be_p(&req->cdb[2], lba); 2750 stl_be_p(&req->cdb[6], nb_logical_blocks); 2751 req->cdb[10] = req->group_number; 2752 req->cdb[11] = 0; 2753 io_header->cmd_len = 12; 2754 } else { 2755 /* 16-byte CDB */ 2756 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2757 req->cdb[1] = req->cdb1; 2758 stq_be_p(&req->cdb[2], lba); 2759 stl_be_p(&req->cdb[10], nb_logical_blocks); 2760 req->cdb[14] = req->group_number; 2761 req->cdb[15] = 0; 2762 io_header->cmd_len = 16; 2763 } 2764 2765 /* The rest is as in scsi-generic.c. */ 2766 io_header->mx_sb_len = sizeof(r->req.sense); 2767 io_header->sbp = r->req.sense; 2768 io_header->timeout = UINT_MAX; 2769 io_header->usr_ptr = r; 2770 io_header->flags |= SG_FLAG_DIRECT_IO; 2771 2772 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque); 2773 assert(aiocb != NULL); 2774 return aiocb; 2775 } 2776 2777 static bool scsi_block_no_fua(SCSICommand *cmd) 2778 { 2779 return false; 2780 } 2781 2782 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2783 QEMUIOVector *iov, 2784 BlockCompletionFunc *cb, void *cb_opaque, 2785 void *opaque) 2786 { 2787 SCSIBlockReq *r = opaque; 2788 return scsi_block_do_sgio(r, offset, iov, 2789 SG_DXFER_FROM_DEV, cb, cb_opaque); 2790 } 2791 2792 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2793 QEMUIOVector *iov, 2794 BlockCompletionFunc *cb, void *cb_opaque, 2795 void *opaque) 2796 { 2797 SCSIBlockReq *r = opaque; 2798 return scsi_block_do_sgio(r, offset, iov, 2799 SG_DXFER_TO_DEV, cb, cb_opaque); 2800 } 2801 2802 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2803 { 2804 switch (buf[0]) { 2805 case VERIFY_10: 2806 case VERIFY_12: 2807 case VERIFY_16: 2808 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2809 * for the number of logical blocks specified in the length 2810 * field). For other modes, do not use scatter/gather operation. 2811 */ 2812 if ((buf[1] & 6) == 2) { 2813 return false; 2814 } 2815 break; 2816 2817 case READ_6: 2818 case READ_10: 2819 case READ_12: 2820 case READ_16: 2821 case WRITE_6: 2822 case WRITE_10: 2823 case WRITE_12: 2824 case WRITE_16: 2825 case WRITE_VERIFY_10: 2826 case WRITE_VERIFY_12: 2827 case WRITE_VERIFY_16: 2828 /* MMC writing cannot be done via DMA helpers, because it sometimes 2829 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2830 * We might use scsi_block_dma_reqops as long as no writing commands are 2831 * seen, but performance usually isn't paramount on optical media. So, 2832 * just make scsi-block operate the same as scsi-generic for them. 2833 */ 2834 if (s->qdev.type != TYPE_ROM) { 2835 return false; 2836 } 2837 break; 2838 2839 default: 2840 break; 2841 } 2842 2843 return true; 2844 } 2845 2846 2847 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2848 { 2849 SCSIBlockReq *r = (SCSIBlockReq *)req; 2850 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2851 2852 r->cmd = req->cmd.buf[0]; 2853 switch (r->cmd >> 5) { 2854 case 0: 2855 /* 6-byte CDB. */ 2856 r->cdb1 = r->group_number = 0; 2857 break; 2858 case 1: 2859 /* 10-byte CDB. */ 2860 r->cdb1 = req->cmd.buf[1]; 2861 r->group_number = req->cmd.buf[6]; 2862 break; 2863 case 4: 2864 /* 12-byte CDB. */ 2865 r->cdb1 = req->cmd.buf[1]; 2866 r->group_number = req->cmd.buf[10]; 2867 break; 2868 case 5: 2869 /* 16-byte CDB. */ 2870 r->cdb1 = req->cmd.buf[1]; 2871 r->group_number = req->cmd.buf[14]; 2872 break; 2873 default: 2874 abort(); 2875 } 2876 2877 /* Protection information is not supported. For SCSI versions 2 and 2878 * older (as determined by snooping the guest's INQUIRY commands), 2879 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2880 */ 2881 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 2882 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 2883 return 0; 2884 } 2885 2886 r->req.status = &r->io_header.status; 2887 return scsi_disk_dma_command(req, buf); 2888 } 2889 2890 static const SCSIReqOps scsi_block_dma_reqops = { 2891 .size = sizeof(SCSIBlockReq), 2892 .free_req = scsi_free_request, 2893 .send_command = scsi_block_dma_command, 2894 .read_data = scsi_read_data, 2895 .write_data = scsi_write_data, 2896 .get_buf = scsi_get_buf, 2897 .load_request = scsi_disk_load_request, 2898 .save_request = scsi_disk_save_request, 2899 }; 2900 2901 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2902 uint32_t lun, uint8_t *buf, 2903 void *hba_private) 2904 { 2905 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2906 2907 if (scsi_block_is_passthrough(s, buf)) { 2908 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2909 hba_private); 2910 } else { 2911 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 2912 hba_private); 2913 } 2914 } 2915 2916 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2917 uint8_t *buf, void *hba_private) 2918 { 2919 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2920 2921 if (scsi_block_is_passthrough(s, buf)) { 2922 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2923 } else { 2924 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2925 } 2926 } 2927 2928 static void scsi_block_update_sense(SCSIRequest *req) 2929 { 2930 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2931 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 2932 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 2933 } 2934 #endif 2935 2936 static 2937 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 2938 BlockCompletionFunc *cb, void *cb_opaque, 2939 void *opaque) 2940 { 2941 SCSIDiskReq *r = opaque; 2942 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2943 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2944 } 2945 2946 static 2947 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 2948 BlockCompletionFunc *cb, void *cb_opaque, 2949 void *opaque) 2950 { 2951 SCSIDiskReq *r = opaque; 2952 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2953 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2954 } 2955 2956 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 2957 { 2958 DeviceClass *dc = DEVICE_CLASS(klass); 2959 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 2960 2961 dc->fw_name = "disk"; 2962 dc->reset = scsi_disk_reset; 2963 sdc->dma_readv = scsi_dma_readv; 2964 sdc->dma_writev = scsi_dma_writev; 2965 sdc->need_fua_emulation = scsi_is_cmd_fua; 2966 } 2967 2968 static const TypeInfo scsi_disk_base_info = { 2969 .name = TYPE_SCSI_DISK_BASE, 2970 .parent = TYPE_SCSI_DEVICE, 2971 .class_init = scsi_disk_base_class_initfn, 2972 .instance_size = sizeof(SCSIDiskState), 2973 .class_size = sizeof(SCSIDiskClass), 2974 .abstract = true, 2975 }; 2976 2977 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2978 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 2979 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 2980 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 2981 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2982 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2983 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2984 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 2985 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 2986 2987 2988 static Property scsi_hd_properties[] = { 2989 DEFINE_SCSI_DISK_PROPERTIES(), 2990 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2991 SCSI_DISK_F_REMOVABLE, false), 2992 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2993 SCSI_DISK_F_DPOFUA, false), 2994 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2995 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2996 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2997 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2998 DEFAULT_MAX_UNMAP_SIZE), 2999 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3000 DEFAULT_MAX_IO_SIZE), 3001 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3002 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3003 5), 3004 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3005 DEFINE_PROP_END_OF_LIST(), 3006 }; 3007 3008 static const VMStateDescription vmstate_scsi_disk_state = { 3009 .name = "scsi-disk", 3010 .version_id = 1, 3011 .minimum_version_id = 1, 3012 .fields = (VMStateField[]) { 3013 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3014 VMSTATE_BOOL(media_changed, SCSIDiskState), 3015 VMSTATE_BOOL(media_event, SCSIDiskState), 3016 VMSTATE_BOOL(eject_request, SCSIDiskState), 3017 VMSTATE_BOOL(tray_open, SCSIDiskState), 3018 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3019 VMSTATE_END_OF_LIST() 3020 } 3021 }; 3022 3023 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3024 { 3025 DeviceClass *dc = DEVICE_CLASS(klass); 3026 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3027 3028 sc->realize = scsi_hd_realize; 3029 sc->unrealize = scsi_unrealize; 3030 sc->alloc_req = scsi_new_request; 3031 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3032 dc->desc = "virtual SCSI disk"; 3033 device_class_set_props(dc, scsi_hd_properties); 3034 dc->vmsd = &vmstate_scsi_disk_state; 3035 } 3036 3037 static const TypeInfo scsi_hd_info = { 3038 .name = "scsi-hd", 3039 .parent = TYPE_SCSI_DISK_BASE, 3040 .class_init = scsi_hd_class_initfn, 3041 }; 3042 3043 static Property scsi_cd_properties[] = { 3044 DEFINE_SCSI_DISK_PROPERTIES(), 3045 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3046 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3047 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3048 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3049 DEFAULT_MAX_IO_SIZE), 3050 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3051 5), 3052 DEFINE_PROP_END_OF_LIST(), 3053 }; 3054 3055 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3056 { 3057 DeviceClass *dc = DEVICE_CLASS(klass); 3058 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3059 3060 sc->realize = scsi_cd_realize; 3061 sc->alloc_req = scsi_new_request; 3062 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3063 dc->desc = "virtual SCSI CD-ROM"; 3064 device_class_set_props(dc, scsi_cd_properties); 3065 dc->vmsd = &vmstate_scsi_disk_state; 3066 } 3067 3068 static const TypeInfo scsi_cd_info = { 3069 .name = "scsi-cd", 3070 .parent = TYPE_SCSI_DISK_BASE, 3071 .class_init = scsi_cd_class_initfn, 3072 }; 3073 3074 #ifdef __linux__ 3075 static Property scsi_block_properties[] = { 3076 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3077 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3078 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3079 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3080 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3081 DEFAULT_MAX_UNMAP_SIZE), 3082 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3083 DEFAULT_MAX_IO_SIZE), 3084 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3085 -1), 3086 DEFINE_PROP_END_OF_LIST(), 3087 }; 3088 3089 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3090 { 3091 DeviceClass *dc = DEVICE_CLASS(klass); 3092 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3093 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3094 3095 sc->realize = scsi_block_realize; 3096 sc->alloc_req = scsi_block_new_request; 3097 sc->parse_cdb = scsi_block_parse_cdb; 3098 sdc->dma_readv = scsi_block_dma_readv; 3099 sdc->dma_writev = scsi_block_dma_writev; 3100 sdc->update_sense = scsi_block_update_sense; 3101 sdc->need_fua_emulation = scsi_block_no_fua; 3102 dc->desc = "SCSI block device passthrough"; 3103 device_class_set_props(dc, scsi_block_properties); 3104 dc->vmsd = &vmstate_scsi_disk_state; 3105 } 3106 3107 static const TypeInfo scsi_block_info = { 3108 .name = "scsi-block", 3109 .parent = TYPE_SCSI_DISK_BASE, 3110 .class_init = scsi_block_class_initfn, 3111 }; 3112 #endif 3113 3114 static Property scsi_disk_properties[] = { 3115 DEFINE_SCSI_DISK_PROPERTIES(), 3116 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3117 SCSI_DISK_F_REMOVABLE, false), 3118 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3119 SCSI_DISK_F_DPOFUA, false), 3120 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3121 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3122 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3123 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3124 DEFAULT_MAX_UNMAP_SIZE), 3125 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3126 DEFAULT_MAX_IO_SIZE), 3127 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3128 5), 3129 DEFINE_PROP_END_OF_LIST(), 3130 }; 3131 3132 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 3133 { 3134 DeviceClass *dc = DEVICE_CLASS(klass); 3135 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3136 3137 sc->realize = scsi_disk_realize; 3138 sc->alloc_req = scsi_new_request; 3139 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3140 dc->fw_name = "disk"; 3141 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 3142 dc->reset = scsi_disk_reset; 3143 device_class_set_props(dc, scsi_disk_properties); 3144 dc->vmsd = &vmstate_scsi_disk_state; 3145 } 3146 3147 static const TypeInfo scsi_disk_info = { 3148 .name = "scsi-disk", 3149 .parent = TYPE_SCSI_DISK_BASE, 3150 .class_init = scsi_disk_class_initfn, 3151 }; 3152 3153 static void scsi_disk_register_types(void) 3154 { 3155 type_register_static(&scsi_disk_base_info); 3156 type_register_static(&scsi_hd_info); 3157 type_register_static(&scsi_cd_info); 3158 #ifdef __linux__ 3159 type_register_static(&scsi_block_info); 3160 #endif 3161 type_register_static(&scsi_disk_info); 3162 } 3163 3164 type_init(scsi_disk_register_types) 3165