1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "qemu/hw-version.h" 29 #include "qemu/memalign.h" 30 #include "hw/scsi/scsi.h" 31 #include "migration/qemu-file-types.h" 32 #include "migration/vmstate.h" 33 #include "hw/scsi/emulation.h" 34 #include "scsi/constants.h" 35 #include "sysemu/block-backend.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "hw/qdev-properties.h" 39 #include "hw/qdev-properties-system.h" 40 #include "sysemu/dma.h" 41 #include "sysemu/sysemu.h" 42 #include "qemu/cutils.h" 43 #include "trace.h" 44 #include "qom/object.h" 45 46 #ifdef __linux 47 #include <scsi/sg.h> 48 #endif 49 50 #define SCSI_WRITE_SAME_MAX (512 * KiB) 51 #define SCSI_DMA_BUF_SIZE (128 * KiB) 52 #define SCSI_MAX_INQUIRY_LEN 256 53 #define SCSI_MAX_MODE_LEN 256 54 55 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 56 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 57 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 58 59 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 60 61 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 62 63 struct SCSIDiskClass { 64 SCSIDeviceClass parent_class; 65 DMAIOFunc *dma_readv; 66 DMAIOFunc *dma_writev; 67 bool (*need_fua_emulation)(SCSICommand *cmd); 68 void (*update_sense)(SCSIRequest *r); 69 }; 70 71 typedef struct SCSIDiskReq { 72 SCSIRequest req; 73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 74 uint64_t sector; 75 uint32_t sector_count; 76 uint32_t buflen; 77 bool started; 78 bool need_fua_emulation; 79 struct iovec iov; 80 QEMUIOVector qiov; 81 BlockAcctCookie acct; 82 } SCSIDiskReq; 83 84 #define SCSI_DISK_F_REMOVABLE 0 85 #define SCSI_DISK_F_DPOFUA 1 86 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 87 88 struct SCSIDiskState { 89 SCSIDevice qdev; 90 uint32_t features; 91 bool media_changed; 92 bool media_event; 93 bool eject_request; 94 uint16_t port_index; 95 uint64_t max_unmap_size; 96 uint64_t max_io_size; 97 uint32_t quirks; 98 QEMUBH *bh; 99 char *version; 100 char *serial; 101 char *vendor; 102 char *product; 103 char *device_id; 104 bool tray_open; 105 bool tray_locked; 106 /* 107 * 0x0000 - rotation rate not reported 108 * 0x0001 - non-rotating medium (SSD) 109 * 0x0002-0x0400 - reserved 110 * 0x0401-0xffe - rotations per minute 111 * 0xffff - reserved 112 */ 113 uint16_t rotation_rate; 114 }; 115 116 static void scsi_free_request(SCSIRequest *req) 117 { 118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 119 120 qemu_vfree(r->iov.iov_base); 121 } 122 123 /* Helper function for command completion with sense. */ 124 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 125 { 126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 127 sense.ascq); 128 scsi_req_build_sense(&r->req, sense); 129 scsi_req_complete(&r->req, CHECK_CONDITION); 130 } 131 132 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 133 { 134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 135 136 if (!r->iov.iov_base) { 137 r->buflen = size; 138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 139 } 140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 141 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 142 } 143 144 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 145 { 146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 147 148 qemu_put_be64s(f, &r->sector); 149 qemu_put_be32s(f, &r->sector_count); 150 qemu_put_be32s(f, &r->buflen); 151 if (r->buflen) { 152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 154 } else if (!req->retry) { 155 uint32_t len = r->iov.iov_len; 156 qemu_put_be32s(f, &len); 157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 } 161 162 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 163 { 164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 165 166 qemu_get_be64s(f, &r->sector); 167 qemu_get_be32s(f, &r->sector_count); 168 qemu_get_be32s(f, &r->buflen); 169 if (r->buflen) { 170 scsi_init_iovec(r, r->buflen); 171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 173 } else if (!r->req.retry) { 174 uint32_t len; 175 qemu_get_be32s(f, &len); 176 r->iov.iov_len = len; 177 assert(r->iov.iov_len <= r->buflen); 178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 179 } 180 } 181 182 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 183 } 184 185 /* 186 * scsi_handle_rw_error has two return values. False means that the error 187 * must be ignored, true means that the error has been processed and the 188 * caller should not do anything else for this request. Note that 189 * scsi_handle_rw_error always manages its reference counts, independent 190 * of the return value. 191 */ 192 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) 193 { 194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 197 SCSISense sense = SENSE_CODE(NO_SENSE); 198 int error = 0; 199 bool req_has_sense = false; 200 BlockErrorAction action; 201 int status; 202 203 if (ret < 0) { 204 status = scsi_sense_from_errno(-ret, &sense); 205 error = -ret; 206 } else { 207 /* A passthrough command has completed with nonzero status. */ 208 status = ret; 209 if (status == CHECK_CONDITION) { 210 req_has_sense = true; 211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 212 } else { 213 error = EINVAL; 214 } 215 } 216 217 /* 218 * Check whether the error has to be handled by the guest or should 219 * rather follow the rerror=/werror= settings. Guest-handled errors 220 * are usually retried immediately, so do not post them to QMP and 221 * do not account them as failed I/O. 222 */ 223 if (req_has_sense && 224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 225 action = BLOCK_ERROR_ACTION_REPORT; 226 acct_failed = false; 227 } else { 228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error); 229 blk_error_action(s->qdev.conf.blk, action, is_read, error); 230 } 231 232 switch (action) { 233 case BLOCK_ERROR_ACTION_REPORT: 234 if (acct_failed) { 235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 236 } 237 if (req_has_sense) { 238 sdc->update_sense(&r->req); 239 } else if (status == CHECK_CONDITION) { 240 scsi_req_build_sense(&r->req, sense); 241 } 242 scsi_req_complete(&r->req, status); 243 return true; 244 245 case BLOCK_ERROR_ACTION_IGNORE: 246 return false; 247 248 case BLOCK_ERROR_ACTION_STOP: 249 scsi_req_retry(&r->req); 250 return true; 251 252 default: 253 g_assert_not_reached(); 254 } 255 } 256 257 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 258 { 259 if (r->req.io_canceled) { 260 scsi_req_cancel_complete(&r->req); 261 return true; 262 } 263 264 if (ret < 0) { 265 return scsi_handle_rw_error(r, ret, acct_failed); 266 } 267 268 return false; 269 } 270 271 static void scsi_aio_complete(void *opaque, int ret) 272 { 273 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 275 276 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 277 278 assert(r->req.aiocb != NULL); 279 r->req.aiocb = NULL; 280 281 if (scsi_disk_req_check_error(r, ret, true)) { 282 goto done; 283 } 284 285 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 286 scsi_req_complete(&r->req, GOOD); 287 288 done: 289 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 290 scsi_req_unref(&r->req); 291 } 292 293 static bool scsi_is_cmd_fua(SCSICommand *cmd) 294 { 295 switch (cmd->buf[0]) { 296 case READ_10: 297 case READ_12: 298 case READ_16: 299 case WRITE_10: 300 case WRITE_12: 301 case WRITE_16: 302 return (cmd->buf[1] & 8) != 0; 303 304 case VERIFY_10: 305 case VERIFY_12: 306 case VERIFY_16: 307 case WRITE_VERIFY_10: 308 case WRITE_VERIFY_12: 309 case WRITE_VERIFY_16: 310 return true; 311 312 case READ_6: 313 case WRITE_6: 314 default: 315 return false; 316 } 317 } 318 319 static void scsi_write_do_fua(SCSIDiskReq *r) 320 { 321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 322 323 assert(r->req.aiocb == NULL); 324 assert(!r->req.io_canceled); 325 326 if (r->need_fua_emulation) { 327 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 328 BLOCK_ACCT_FLUSH); 329 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 330 return; 331 } 332 333 scsi_req_complete(&r->req, GOOD); 334 scsi_req_unref(&r->req); 335 } 336 337 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 338 { 339 assert(r->req.aiocb == NULL); 340 if (scsi_disk_req_check_error(r, ret, false)) { 341 goto done; 342 } 343 344 r->sector += r->sector_count; 345 r->sector_count = 0; 346 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 347 scsi_write_do_fua(r); 348 return; 349 } else { 350 scsi_req_complete(&r->req, GOOD); 351 } 352 353 done: 354 scsi_req_unref(&r->req); 355 } 356 357 /* Called with AioContext lock held */ 358 static void scsi_dma_complete(void *opaque, int ret) 359 { 360 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 362 363 assert(r->req.aiocb != NULL); 364 r->req.aiocb = NULL; 365 366 if (ret < 0) { 367 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 368 } else { 369 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 370 } 371 scsi_dma_complete_noio(r, ret); 372 } 373 374 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 375 { 376 uint32_t n; 377 378 assert(r->req.aiocb == NULL); 379 if (scsi_disk_req_check_error(r, ret, false)) { 380 goto done; 381 } 382 383 n = r->qiov.size / BDRV_SECTOR_SIZE; 384 r->sector += n; 385 r->sector_count -= n; 386 scsi_req_data(&r->req, r->qiov.size); 387 388 done: 389 scsi_req_unref(&r->req); 390 } 391 392 static void scsi_read_complete(void *opaque, int ret) 393 { 394 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 395 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 396 397 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 398 399 assert(r->req.aiocb != NULL); 400 r->req.aiocb = NULL; 401 402 if (ret < 0) { 403 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 404 } else { 405 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 406 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 407 } 408 scsi_read_complete_noio(r, ret); 409 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 410 } 411 412 /* Actually issue a read to the block device. */ 413 static void scsi_do_read(SCSIDiskReq *r, int ret) 414 { 415 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 416 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 417 418 assert (r->req.aiocb == NULL); 419 if (scsi_disk_req_check_error(r, ret, false)) { 420 goto done; 421 } 422 423 /* The request is used as the AIO opaque value, so add a ref. */ 424 scsi_req_ref(&r->req); 425 426 if (r->req.sg) { 427 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 428 r->req.residual -= r->req.sg->size; 429 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 430 r->req.sg, r->sector << BDRV_SECTOR_BITS, 431 BDRV_SECTOR_SIZE, 432 sdc->dma_readv, r, scsi_dma_complete, r, 433 DMA_DIRECTION_FROM_DEVICE); 434 } else { 435 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 436 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 437 r->qiov.size, BLOCK_ACCT_READ); 438 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 439 scsi_read_complete, r, r); 440 } 441 442 done: 443 scsi_req_unref(&r->req); 444 } 445 446 static void scsi_do_read_cb(void *opaque, int ret) 447 { 448 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 450 451 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 452 453 assert (r->req.aiocb != NULL); 454 r->req.aiocb = NULL; 455 456 if (ret < 0) { 457 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 458 } else { 459 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 460 } 461 scsi_do_read(opaque, ret); 462 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 463 } 464 465 /* Read more data from scsi device into buffer. */ 466 static void scsi_read_data(SCSIRequest *req) 467 { 468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 470 bool first; 471 472 trace_scsi_disk_read_data_count(r->sector_count); 473 if (r->sector_count == 0) { 474 /* This also clears the sense buffer for REQUEST SENSE. */ 475 scsi_req_complete(&r->req, GOOD); 476 return; 477 } 478 479 /* No data transfer may already be in progress */ 480 assert(r->req.aiocb == NULL); 481 482 /* The request is used as the AIO opaque value, so add a ref. */ 483 scsi_req_ref(&r->req); 484 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 485 trace_scsi_disk_read_data_invalid(); 486 scsi_read_complete_noio(r, -EINVAL); 487 return; 488 } 489 490 if (!blk_is_available(req->dev->conf.blk)) { 491 scsi_read_complete_noio(r, -ENOMEDIUM); 492 return; 493 } 494 495 first = !r->started; 496 r->started = true; 497 if (first && r->need_fua_emulation) { 498 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 499 BLOCK_ACCT_FLUSH); 500 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 501 } else { 502 scsi_do_read(r, 0); 503 } 504 } 505 506 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 507 { 508 uint32_t n; 509 510 assert (r->req.aiocb == NULL); 511 if (scsi_disk_req_check_error(r, ret, false)) { 512 goto done; 513 } 514 515 n = r->qiov.size / BDRV_SECTOR_SIZE; 516 r->sector += n; 517 r->sector_count -= n; 518 if (r->sector_count == 0) { 519 scsi_write_do_fua(r); 520 return; 521 } else { 522 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 523 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 524 scsi_req_data(&r->req, r->qiov.size); 525 } 526 527 done: 528 scsi_req_unref(&r->req); 529 } 530 531 static void scsi_write_complete(void * opaque, int ret) 532 { 533 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 535 536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 537 538 assert (r->req.aiocb != NULL); 539 r->req.aiocb = NULL; 540 541 if (ret < 0) { 542 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 543 } else { 544 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 545 } 546 scsi_write_complete_noio(r, ret); 547 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 548 } 549 550 static void scsi_write_data(SCSIRequest *req) 551 { 552 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 553 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 554 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 555 556 /* No data transfer may already be in progress */ 557 assert(r->req.aiocb == NULL); 558 559 /* The request is used as the AIO opaque value, so add a ref. */ 560 scsi_req_ref(&r->req); 561 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 562 trace_scsi_disk_write_data_invalid(); 563 scsi_write_complete_noio(r, -EINVAL); 564 return; 565 } 566 567 if (!r->req.sg && !r->qiov.size) { 568 /* Called for the first time. Ask the driver to send us more data. */ 569 r->started = true; 570 scsi_write_complete_noio(r, 0); 571 return; 572 } 573 if (!blk_is_available(req->dev->conf.blk)) { 574 scsi_write_complete_noio(r, -ENOMEDIUM); 575 return; 576 } 577 578 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 579 r->req.cmd.buf[0] == VERIFY_16) { 580 if (r->req.sg) { 581 scsi_dma_complete_noio(r, 0); 582 } else { 583 scsi_write_complete_noio(r, 0); 584 } 585 return; 586 } 587 588 if (r->req.sg) { 589 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 590 r->req.residual -= r->req.sg->size; 591 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 592 r->req.sg, r->sector << BDRV_SECTOR_BITS, 593 BDRV_SECTOR_SIZE, 594 sdc->dma_writev, r, scsi_dma_complete, r, 595 DMA_DIRECTION_TO_DEVICE); 596 } else { 597 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 598 r->qiov.size, BLOCK_ACCT_WRITE); 599 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 600 scsi_write_complete, r, r); 601 } 602 } 603 604 /* Return a pointer to the data buffer. */ 605 static uint8_t *scsi_get_buf(SCSIRequest *req) 606 { 607 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 608 609 return (uint8_t *)r->iov.iov_base; 610 } 611 612 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 613 { 614 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 615 uint8_t page_code = req->cmd.buf[2]; 616 int start, buflen = 0; 617 618 outbuf[buflen++] = s->qdev.type & 0x1f; 619 outbuf[buflen++] = page_code; 620 outbuf[buflen++] = 0x00; 621 outbuf[buflen++] = 0x00; 622 start = buflen; 623 624 switch (page_code) { 625 case 0x00: /* Supported page codes, mandatory */ 626 { 627 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 628 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 629 if (s->serial) { 630 outbuf[buflen++] = 0x80; /* unit serial number */ 631 } 632 outbuf[buflen++] = 0x83; /* device identification */ 633 if (s->qdev.type == TYPE_DISK) { 634 outbuf[buflen++] = 0xb0; /* block limits */ 635 outbuf[buflen++] = 0xb1; /* block device characteristics */ 636 outbuf[buflen++] = 0xb2; /* thin provisioning */ 637 } 638 break; 639 } 640 case 0x80: /* Device serial number, optional */ 641 { 642 int l; 643 644 if (!s->serial) { 645 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 646 return -1; 647 } 648 649 l = strlen(s->serial); 650 if (l > 36) { 651 l = 36; 652 } 653 654 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 655 memcpy(outbuf + buflen, s->serial, l); 656 buflen += l; 657 break; 658 } 659 660 case 0x83: /* Device identification page, mandatory */ 661 { 662 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 663 664 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 665 666 if (id_len) { 667 outbuf[buflen++] = 0x2; /* ASCII */ 668 outbuf[buflen++] = 0; /* not officially assigned */ 669 outbuf[buflen++] = 0; /* reserved */ 670 outbuf[buflen++] = id_len; /* length of data following */ 671 memcpy(outbuf + buflen, s->device_id, id_len); 672 buflen += id_len; 673 } 674 675 if (s->qdev.wwn) { 676 outbuf[buflen++] = 0x1; /* Binary */ 677 outbuf[buflen++] = 0x3; /* NAA */ 678 outbuf[buflen++] = 0; /* reserved */ 679 outbuf[buflen++] = 8; 680 stq_be_p(&outbuf[buflen], s->qdev.wwn); 681 buflen += 8; 682 } 683 684 if (s->qdev.port_wwn) { 685 outbuf[buflen++] = 0x61; /* SAS / Binary */ 686 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 687 outbuf[buflen++] = 0; /* reserved */ 688 outbuf[buflen++] = 8; 689 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 690 buflen += 8; 691 } 692 693 if (s->port_index) { 694 outbuf[buflen++] = 0x61; /* SAS / Binary */ 695 696 /* PIV/Target port/relative target port */ 697 outbuf[buflen++] = 0x94; 698 699 outbuf[buflen++] = 0; /* reserved */ 700 outbuf[buflen++] = 4; 701 stw_be_p(&outbuf[buflen + 2], s->port_index); 702 buflen += 4; 703 } 704 break; 705 } 706 case 0xb0: /* block limits */ 707 { 708 SCSIBlockLimits bl = {}; 709 710 if (s->qdev.type == TYPE_ROM) { 711 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 712 return -1; 713 } 714 bl.wsnz = 1; 715 bl.unmap_sectors = 716 s->qdev.conf.discard_granularity / s->qdev.blocksize; 717 bl.min_io_size = 718 s->qdev.conf.min_io_size / s->qdev.blocksize; 719 bl.opt_io_size = 720 s->qdev.conf.opt_io_size / s->qdev.blocksize; 721 bl.max_unmap_sectors = 722 s->max_unmap_size / s->qdev.blocksize; 723 bl.max_io_sectors = 724 s->max_io_size / s->qdev.blocksize; 725 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 726 bl.max_unmap_descr = 255; 727 728 if (s->qdev.type == TYPE_DISK) { 729 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 730 int max_io_sectors_blk = 731 max_transfer_blk / s->qdev.blocksize; 732 733 bl.max_io_sectors = 734 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 735 } 736 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 737 break; 738 } 739 case 0xb1: /* block device characteristics */ 740 { 741 buflen = 0x40; 742 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 743 outbuf[5] = s->rotation_rate & 0xff; 744 outbuf[6] = 0; /* PRODUCT TYPE */ 745 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 746 outbuf[8] = 0; /* VBULS */ 747 break; 748 } 749 case 0xb2: /* thin provisioning */ 750 { 751 buflen = 8; 752 outbuf[4] = 0; 753 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 754 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 755 outbuf[7] = 0; 756 break; 757 } 758 default: 759 return -1; 760 } 761 /* done with EVPD */ 762 assert(buflen - start <= 255); 763 outbuf[start - 1] = buflen - start; 764 return buflen; 765 } 766 767 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 768 { 769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 770 int buflen = 0; 771 772 if (req->cmd.buf[1] & 0x1) { 773 /* Vital product data */ 774 return scsi_disk_emulate_vpd_page(req, outbuf); 775 } 776 777 /* Standard INQUIRY data */ 778 if (req->cmd.buf[2] != 0) { 779 return -1; 780 } 781 782 /* PAGE CODE == 0 */ 783 buflen = req->cmd.xfer; 784 if (buflen > SCSI_MAX_INQUIRY_LEN) { 785 buflen = SCSI_MAX_INQUIRY_LEN; 786 } 787 788 outbuf[0] = s->qdev.type & 0x1f; 789 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 790 791 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 792 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 793 794 memset(&outbuf[32], 0, 4); 795 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 796 /* 797 * We claim conformance to SPC-3, which is required for guests 798 * to ask for modern features like READ CAPACITY(16) or the 799 * block characteristics VPD page by default. Not all of SPC-3 800 * is actually implemented, but we're good enough. 801 */ 802 outbuf[2] = s->qdev.default_scsi_version; 803 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 804 805 if (buflen > 36) { 806 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 807 } else { 808 /* If the allocation length of CDB is too small, 809 the additional length is not adjusted */ 810 outbuf[4] = 36 - 5; 811 } 812 813 /* Sync data transfer and TCQ. */ 814 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 815 return buflen; 816 } 817 818 static inline bool media_is_dvd(SCSIDiskState *s) 819 { 820 uint64_t nb_sectors; 821 if (s->qdev.type != TYPE_ROM) { 822 return false; 823 } 824 if (!blk_is_available(s->qdev.conf.blk)) { 825 return false; 826 } 827 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 828 return nb_sectors > CD_MAX_SECTORS; 829 } 830 831 static inline bool media_is_cd(SCSIDiskState *s) 832 { 833 uint64_t nb_sectors; 834 if (s->qdev.type != TYPE_ROM) { 835 return false; 836 } 837 if (!blk_is_available(s->qdev.conf.blk)) { 838 return false; 839 } 840 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 841 return nb_sectors <= CD_MAX_SECTORS; 842 } 843 844 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 845 uint8_t *outbuf) 846 { 847 uint8_t type = r->req.cmd.buf[1] & 7; 848 849 if (s->qdev.type != TYPE_ROM) { 850 return -1; 851 } 852 853 /* Types 1/2 are only defined for Blu-Ray. */ 854 if (type != 0) { 855 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 856 return -1; 857 } 858 859 memset(outbuf, 0, 34); 860 outbuf[1] = 32; 861 outbuf[2] = 0xe; /* last session complete, disc finalized */ 862 outbuf[3] = 1; /* first track on disc */ 863 outbuf[4] = 1; /* # of sessions */ 864 outbuf[5] = 1; /* first track of last session */ 865 outbuf[6] = 1; /* last track of last session */ 866 outbuf[7] = 0x20; /* unrestricted use */ 867 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 868 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 869 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 870 /* 24-31: disc bar code */ 871 /* 32: disc application code */ 872 /* 33: number of OPC tables */ 873 874 return 34; 875 } 876 877 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 878 uint8_t *outbuf) 879 { 880 static const int rds_caps_size[5] = { 881 [0] = 2048 + 4, 882 [1] = 4 + 4, 883 [3] = 188 + 4, 884 [4] = 2048 + 4, 885 }; 886 887 uint8_t media = r->req.cmd.buf[1]; 888 uint8_t layer = r->req.cmd.buf[6]; 889 uint8_t format = r->req.cmd.buf[7]; 890 int size = -1; 891 892 if (s->qdev.type != TYPE_ROM) { 893 return -1; 894 } 895 if (media != 0) { 896 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 897 return -1; 898 } 899 900 if (format != 0xff) { 901 if (!blk_is_available(s->qdev.conf.blk)) { 902 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 903 return -1; 904 } 905 if (media_is_cd(s)) { 906 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 907 return -1; 908 } 909 if (format >= ARRAY_SIZE(rds_caps_size)) { 910 return -1; 911 } 912 size = rds_caps_size[format]; 913 memset(outbuf, 0, size); 914 } 915 916 switch (format) { 917 case 0x00: { 918 /* Physical format information */ 919 uint64_t nb_sectors; 920 if (layer != 0) { 921 goto fail; 922 } 923 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 924 925 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 926 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 927 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 928 outbuf[7] = 0; /* default densities */ 929 930 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 931 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 932 break; 933 } 934 935 case 0x01: /* DVD copyright information, all zeros */ 936 break; 937 938 case 0x03: /* BCA information - invalid field for no BCA info */ 939 return -1; 940 941 case 0x04: /* DVD disc manufacturing information, all zeros */ 942 break; 943 944 case 0xff: { /* List capabilities */ 945 int i; 946 size = 4; 947 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 948 if (!rds_caps_size[i]) { 949 continue; 950 } 951 outbuf[size] = i; 952 outbuf[size + 1] = 0x40; /* Not writable, readable */ 953 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 954 size += 4; 955 } 956 break; 957 } 958 959 default: 960 return -1; 961 } 962 963 /* Size of buffer, not including 2 byte size field */ 964 stw_be_p(outbuf, size - 2); 965 return size; 966 967 fail: 968 return -1; 969 } 970 971 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 972 { 973 uint8_t event_code, media_status; 974 975 media_status = 0; 976 if (s->tray_open) { 977 media_status = MS_TRAY_OPEN; 978 } else if (blk_is_inserted(s->qdev.conf.blk)) { 979 media_status = MS_MEDIA_PRESENT; 980 } 981 982 /* Event notification descriptor */ 983 event_code = MEC_NO_CHANGE; 984 if (media_status != MS_TRAY_OPEN) { 985 if (s->media_event) { 986 event_code = MEC_NEW_MEDIA; 987 s->media_event = false; 988 } else if (s->eject_request) { 989 event_code = MEC_EJECT_REQUESTED; 990 s->eject_request = false; 991 } 992 } 993 994 outbuf[0] = event_code; 995 outbuf[1] = media_status; 996 997 /* These fields are reserved, just clear them. */ 998 outbuf[2] = 0; 999 outbuf[3] = 0; 1000 return 4; 1001 } 1002 1003 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 1004 uint8_t *outbuf) 1005 { 1006 int size; 1007 uint8_t *buf = r->req.cmd.buf; 1008 uint8_t notification_class_request = buf[4]; 1009 if (s->qdev.type != TYPE_ROM) { 1010 return -1; 1011 } 1012 if ((buf[1] & 1) == 0) { 1013 /* asynchronous */ 1014 return -1; 1015 } 1016 1017 size = 4; 1018 outbuf[0] = outbuf[1] = 0; 1019 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1020 if (notification_class_request & (1 << GESN_MEDIA)) { 1021 outbuf[2] = GESN_MEDIA; 1022 size += scsi_event_status_media(s, &outbuf[size]); 1023 } else { 1024 outbuf[2] = 0x80; 1025 } 1026 stw_be_p(outbuf, size - 4); 1027 return size; 1028 } 1029 1030 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1031 { 1032 int current; 1033 1034 if (s->qdev.type != TYPE_ROM) { 1035 return -1; 1036 } 1037 1038 if (media_is_dvd(s)) { 1039 current = MMC_PROFILE_DVD_ROM; 1040 } else if (media_is_cd(s)) { 1041 current = MMC_PROFILE_CD_ROM; 1042 } else { 1043 current = MMC_PROFILE_NONE; 1044 } 1045 1046 memset(outbuf, 0, 40); 1047 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1048 stw_be_p(&outbuf[6], current); 1049 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1050 outbuf[10] = 0x03; /* persistent, current */ 1051 outbuf[11] = 8; /* two profiles */ 1052 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1053 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1054 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1055 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1056 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1057 stw_be_p(&outbuf[20], 1); 1058 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1059 outbuf[23] = 8; 1060 stl_be_p(&outbuf[24], 1); /* SCSI */ 1061 outbuf[28] = 1; /* DBE = 1, mandatory */ 1062 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1063 stw_be_p(&outbuf[32], 3); 1064 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1065 outbuf[35] = 4; 1066 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1067 /* TODO: Random readable, CD read, DVD read, drive serial number, 1068 power management */ 1069 return 40; 1070 } 1071 1072 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1073 { 1074 if (s->qdev.type != TYPE_ROM) { 1075 return -1; 1076 } 1077 memset(outbuf, 0, 8); 1078 outbuf[5] = 1; /* CD-ROM */ 1079 return 8; 1080 } 1081 1082 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1083 int page_control) 1084 { 1085 static const int mode_sense_valid[0x3f] = { 1086 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1087 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1088 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1089 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1090 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1091 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1092 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1093 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM), 1094 }; 1095 1096 uint8_t *p = *p_outbuf + 2; 1097 int length; 1098 1099 assert(page < ARRAY_SIZE(mode_sense_valid)); 1100 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1101 return -1; 1102 } 1103 1104 /* 1105 * If Changeable Values are requested, a mask denoting those mode parameters 1106 * that are changeable shall be returned. As we currently don't support 1107 * parameter changes via MODE_SELECT all bits are returned set to zero. 1108 * The buffer was already menset to zero by the caller of this function. 1109 * 1110 * The offsets here are off by two compared to the descriptions in the 1111 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1112 * but it is done so that offsets are consistent within our implementation 1113 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1114 * 2-byte and 4-byte headers. 1115 */ 1116 switch (page) { 1117 case MODE_PAGE_HD_GEOMETRY: 1118 length = 0x16; 1119 if (page_control == 1) { /* Changeable Values */ 1120 break; 1121 } 1122 /* if a geometry hint is available, use it */ 1123 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1124 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1125 p[2] = s->qdev.conf.cyls & 0xff; 1126 p[3] = s->qdev.conf.heads & 0xff; 1127 /* Write precomp start cylinder, disabled */ 1128 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1129 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1130 p[6] = s->qdev.conf.cyls & 0xff; 1131 /* Reduced current start cylinder, disabled */ 1132 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1133 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1134 p[9] = s->qdev.conf.cyls & 0xff; 1135 /* Device step rate [ns], 200ns */ 1136 p[10] = 0; 1137 p[11] = 200; 1138 /* Landing zone cylinder */ 1139 p[12] = 0xff; 1140 p[13] = 0xff; 1141 p[14] = 0xff; 1142 /* Medium rotation rate [rpm], 5400 rpm */ 1143 p[18] = (5400 >> 8) & 0xff; 1144 p[19] = 5400 & 0xff; 1145 break; 1146 1147 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1148 length = 0x1e; 1149 if (page_control == 1) { /* Changeable Values */ 1150 break; 1151 } 1152 /* Transfer rate [kbit/s], 5Mbit/s */ 1153 p[0] = 5000 >> 8; 1154 p[1] = 5000 & 0xff; 1155 /* if a geometry hint is available, use it */ 1156 p[2] = s->qdev.conf.heads & 0xff; 1157 p[3] = s->qdev.conf.secs & 0xff; 1158 p[4] = s->qdev.blocksize >> 8; 1159 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1160 p[7] = s->qdev.conf.cyls & 0xff; 1161 /* Write precomp start cylinder, disabled */ 1162 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1163 p[9] = s->qdev.conf.cyls & 0xff; 1164 /* Reduced current start cylinder, disabled */ 1165 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1166 p[11] = s->qdev.conf.cyls & 0xff; 1167 /* Device step rate [100us], 100us */ 1168 p[12] = 0; 1169 p[13] = 1; 1170 /* Device step pulse width [us], 1us */ 1171 p[14] = 1; 1172 /* Device head settle delay [100us], 100us */ 1173 p[15] = 0; 1174 p[16] = 1; 1175 /* Motor on delay [0.1s], 0.1s */ 1176 p[17] = 1; 1177 /* Motor off delay [0.1s], 0.1s */ 1178 p[18] = 1; 1179 /* Medium rotation rate [rpm], 5400 rpm */ 1180 p[26] = (5400 >> 8) & 0xff; 1181 p[27] = 5400 & 0xff; 1182 break; 1183 1184 case MODE_PAGE_CACHING: 1185 length = 0x12; 1186 if (page_control == 1 || /* Changeable Values */ 1187 blk_enable_write_cache(s->qdev.conf.blk)) { 1188 p[0] = 4; /* WCE */ 1189 } 1190 break; 1191 1192 case MODE_PAGE_R_W_ERROR: 1193 length = 10; 1194 if (page_control == 1) { /* Changeable Values */ 1195 if (s->qdev.type == TYPE_ROM) { 1196 /* Automatic Write Reallocation Enabled */ 1197 p[0] = 0x80; 1198 } 1199 break; 1200 } 1201 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1202 if (s->qdev.type == TYPE_ROM) { 1203 p[1] = 0x20; /* Read Retry Count */ 1204 } 1205 break; 1206 1207 case MODE_PAGE_AUDIO_CTL: 1208 length = 14; 1209 break; 1210 1211 case MODE_PAGE_CAPABILITIES: 1212 length = 0x14; 1213 if (page_control == 1) { /* Changeable Values */ 1214 break; 1215 } 1216 1217 p[0] = 0x3b; /* CD-R & CD-RW read */ 1218 p[1] = 0; /* Writing not supported */ 1219 p[2] = 0x7f; /* Audio, composite, digital out, 1220 mode 2 form 1&2, multi session */ 1221 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1222 RW corrected, C2 errors, ISRC, 1223 UPC, Bar code */ 1224 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1225 /* Locking supported, jumper present, eject, tray */ 1226 p[5] = 0; /* no volume & mute control, no 1227 changer */ 1228 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1229 p[7] = (50 * 176) & 0xff; 1230 p[8] = 2 >> 8; /* Two volume levels */ 1231 p[9] = 2 & 0xff; 1232 p[10] = 2048 >> 8; /* 2M buffer */ 1233 p[11] = 2048 & 0xff; 1234 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1235 p[13] = (16 * 176) & 0xff; 1236 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1237 p[17] = (16 * 176) & 0xff; 1238 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1239 p[19] = (16 * 176) & 0xff; 1240 break; 1241 1242 case MODE_PAGE_APPLE_VENDOR: 1243 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) { 1244 length = 0x1e; 1245 if (page_control == 1) { /* Changeable Values */ 1246 break; 1247 } 1248 1249 memset(p, 0, length); 1250 strcpy((char *)p + 8, "APPLE COMPUTER, INC "); 1251 break; 1252 } else { 1253 return -1; 1254 } 1255 1256 case MODE_PAGE_VENDOR_SPECIFIC: 1257 if (s->qdev.type == TYPE_DISK && (s->quirks & 1258 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1259 length = 0x2; 1260 if (page_control == 1) { /* Changeable Values */ 1261 p[0] = 0xff; 1262 p[1] = 0xff; 1263 break; 1264 } 1265 p[0] = 0; 1266 p[1] = 0; 1267 break; 1268 } else { 1269 return -1; 1270 } 1271 1272 default: 1273 return -1; 1274 } 1275 1276 assert(length < 256); 1277 (*p_outbuf)[0] = page; 1278 (*p_outbuf)[1] = length; 1279 *p_outbuf += length + 2; 1280 return length + 2; 1281 } 1282 1283 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1284 { 1285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1286 uint64_t nb_sectors; 1287 bool dbd; 1288 int page, buflen, ret, page_control; 1289 uint8_t *p; 1290 uint8_t dev_specific_param; 1291 1292 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1293 page = r->req.cmd.buf[2] & 0x3f; 1294 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1295 1296 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1297 10, page, r->req.cmd.xfer, page_control); 1298 memset(outbuf, 0, r->req.cmd.xfer); 1299 p = outbuf; 1300 1301 if (s->qdev.type == TYPE_DISK) { 1302 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1303 if (!blk_is_writable(s->qdev.conf.blk)) { 1304 dev_specific_param |= 0x80; /* Readonly. */ 1305 } 1306 } else { 1307 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) { 1308 /* Use DBD from the request... */ 1309 dev_specific_param = 0x00; 1310 1311 /* 1312 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR 1313 * which should never return a block descriptor even though DBD is 1314 * not set, otherwise CDROM detection fails in MacOS 1315 */ 1316 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) && 1317 page == MODE_PAGE_APPLE_VENDOR) { 1318 dbd = true; 1319 } 1320 } else { 1321 /* 1322 * MMC prescribes that CD/DVD drives have no block descriptors, 1323 * and defines no device-specific parameter. 1324 */ 1325 dev_specific_param = 0x00; 1326 dbd = true; 1327 } 1328 } 1329 1330 if (r->req.cmd.buf[0] == MODE_SENSE) { 1331 p[1] = 0; /* Default media type. */ 1332 p[2] = dev_specific_param; 1333 p[3] = 0; /* Block descriptor length. */ 1334 p += 4; 1335 } else { /* MODE_SENSE_10 */ 1336 p[2] = 0; /* Default media type. */ 1337 p[3] = dev_specific_param; 1338 p[6] = p[7] = 0; /* Block descriptor length. */ 1339 p += 8; 1340 } 1341 1342 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1343 if (!dbd && nb_sectors) { 1344 if (r->req.cmd.buf[0] == MODE_SENSE) { 1345 outbuf[3] = 8; /* Block descriptor length */ 1346 } else { /* MODE_SENSE_10 */ 1347 outbuf[7] = 8; /* Block descriptor length */ 1348 } 1349 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1350 if (nb_sectors > 0xffffff) { 1351 nb_sectors = 0; 1352 } 1353 p[0] = 0; /* media density code */ 1354 p[1] = (nb_sectors >> 16) & 0xff; 1355 p[2] = (nb_sectors >> 8) & 0xff; 1356 p[3] = nb_sectors & 0xff; 1357 p[4] = 0; /* reserved */ 1358 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1359 p[6] = s->qdev.blocksize >> 8; 1360 p[7] = 0; 1361 p += 8; 1362 } 1363 1364 if (page_control == 3) { 1365 /* Saved Values */ 1366 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1367 return -1; 1368 } 1369 1370 if (page == 0x3f) { 1371 for (page = 0; page <= 0x3e; page++) { 1372 mode_sense_page(s, page, &p, page_control); 1373 } 1374 } else { 1375 ret = mode_sense_page(s, page, &p, page_control); 1376 if (ret == -1) { 1377 return -1; 1378 } 1379 } 1380 1381 buflen = p - outbuf; 1382 /* 1383 * The mode data length field specifies the length in bytes of the 1384 * following data that is available to be transferred. The mode data 1385 * length does not include itself. 1386 */ 1387 if (r->req.cmd.buf[0] == MODE_SENSE) { 1388 outbuf[0] = buflen - 1; 1389 } else { /* MODE_SENSE_10 */ 1390 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1391 outbuf[1] = (buflen - 2) & 0xff; 1392 } 1393 return buflen; 1394 } 1395 1396 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1397 { 1398 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1399 int start_track, format, msf, toclen; 1400 uint64_t nb_sectors; 1401 1402 msf = req->cmd.buf[1] & 2; 1403 format = req->cmd.buf[2] & 0xf; 1404 start_track = req->cmd.buf[6]; 1405 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1406 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1407 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1408 switch (format) { 1409 case 0: 1410 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1411 break; 1412 case 1: 1413 /* multi session : only a single session defined */ 1414 toclen = 12; 1415 memset(outbuf, 0, 12); 1416 outbuf[1] = 0x0a; 1417 outbuf[2] = 0x01; 1418 outbuf[3] = 0x01; 1419 break; 1420 case 2: 1421 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1422 break; 1423 default: 1424 return -1; 1425 } 1426 return toclen; 1427 } 1428 1429 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1430 { 1431 SCSIRequest *req = &r->req; 1432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1433 bool start = req->cmd.buf[4] & 1; 1434 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1435 int pwrcnd = req->cmd.buf[4] & 0xf0; 1436 1437 if (pwrcnd) { 1438 /* eject/load only happens for power condition == 0 */ 1439 return 0; 1440 } 1441 1442 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1443 if (!start && !s->tray_open && s->tray_locked) { 1444 scsi_check_condition(r, 1445 blk_is_inserted(s->qdev.conf.blk) 1446 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1447 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1448 return -1; 1449 } 1450 1451 if (s->tray_open != !start) { 1452 blk_eject(s->qdev.conf.blk, !start); 1453 s->tray_open = !start; 1454 } 1455 } 1456 return 0; 1457 } 1458 1459 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1460 { 1461 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1462 int buflen = r->iov.iov_len; 1463 1464 if (buflen) { 1465 trace_scsi_disk_emulate_read_data(buflen); 1466 r->iov.iov_len = 0; 1467 r->started = true; 1468 scsi_req_data(&r->req, buflen); 1469 return; 1470 } 1471 1472 /* This also clears the sense buffer for REQUEST SENSE. */ 1473 scsi_req_complete(&r->req, GOOD); 1474 } 1475 1476 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1477 uint8_t *inbuf, int inlen) 1478 { 1479 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1480 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1481 uint8_t *p; 1482 int len, expected_len, changeable_len, i; 1483 1484 /* The input buffer does not include the page header, so it is 1485 * off by 2 bytes. 1486 */ 1487 expected_len = inlen + 2; 1488 if (expected_len > SCSI_MAX_MODE_LEN) { 1489 return -1; 1490 } 1491 1492 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ 1493 if (page == MODE_PAGE_ALLS) { 1494 return -1; 1495 } 1496 1497 p = mode_current; 1498 memset(mode_current, 0, inlen + 2); 1499 len = mode_sense_page(s, page, &p, 0); 1500 if (len < 0 || len != expected_len) { 1501 return -1; 1502 } 1503 1504 p = mode_changeable; 1505 memset(mode_changeable, 0, inlen + 2); 1506 changeable_len = mode_sense_page(s, page, &p, 1); 1507 assert(changeable_len == len); 1508 1509 /* Check that unchangeable bits are the same as what MODE SENSE 1510 * would return. 1511 */ 1512 for (i = 2; i < len; i++) { 1513 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1514 return -1; 1515 } 1516 } 1517 return 0; 1518 } 1519 1520 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1521 { 1522 switch (page) { 1523 case MODE_PAGE_CACHING: 1524 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1525 break; 1526 1527 default: 1528 break; 1529 } 1530 } 1531 1532 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1533 { 1534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1535 1536 while (len > 0) { 1537 int page, subpage, page_len; 1538 1539 /* Parse both possible formats for the mode page headers. */ 1540 page = p[0] & 0x3f; 1541 if (p[0] & 0x40) { 1542 if (len < 4) { 1543 goto invalid_param_len; 1544 } 1545 subpage = p[1]; 1546 page_len = lduw_be_p(&p[2]); 1547 p += 4; 1548 len -= 4; 1549 } else { 1550 if (len < 2) { 1551 goto invalid_param_len; 1552 } 1553 subpage = 0; 1554 page_len = p[1]; 1555 p += 2; 1556 len -= 2; 1557 } 1558 1559 if (subpage) { 1560 goto invalid_param; 1561 } 1562 if (page_len > len) { 1563 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) { 1564 goto invalid_param_len; 1565 } 1566 trace_scsi_disk_mode_select_page_truncated(page, page_len, len); 1567 } 1568 1569 if (!change) { 1570 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1571 goto invalid_param; 1572 } 1573 } else { 1574 scsi_disk_apply_mode_select(s, page, p); 1575 } 1576 1577 p += page_len; 1578 len -= page_len; 1579 } 1580 return 0; 1581 1582 invalid_param: 1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1584 return -1; 1585 1586 invalid_param_len: 1587 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1588 return -1; 1589 } 1590 1591 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1592 { 1593 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1594 uint8_t *p = inbuf; 1595 int cmd = r->req.cmd.buf[0]; 1596 int len = r->req.cmd.xfer; 1597 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1598 int bd_len, bs; 1599 int pass; 1600 1601 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1602 if (!(s->quirks & 1603 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1604 /* We only support PF=1, SP=0. */ 1605 goto invalid_field; 1606 } 1607 } 1608 1609 if (len < hdr_len) { 1610 goto invalid_param_len; 1611 } 1612 1613 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1614 len -= hdr_len; 1615 p += hdr_len; 1616 if (len < bd_len) { 1617 goto invalid_param_len; 1618 } 1619 if (bd_len != 0 && bd_len != 8) { 1620 goto invalid_param; 1621 } 1622 1623 /* Allow changing the block size */ 1624 if (bd_len) { 1625 bs = p[5] << 16 | p[6] << 8 | p[7]; 1626 1627 /* 1628 * Since the existing code only checks/updates bits 8-15 of the block 1629 * size, restrict ourselves to the same requirement for now to ensure 1630 * that a block size set by a block descriptor and then read back by 1631 * a subsequent SCSI command will be the same. Also disallow a block 1632 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. 1633 */ 1634 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { 1635 s->qdev.blocksize = bs; 1636 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); 1637 } 1638 } 1639 1640 len -= bd_len; 1641 p += bd_len; 1642 1643 /* Ensure no change is made if there is an error! */ 1644 for (pass = 0; pass < 2; pass++) { 1645 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1646 assert(pass == 0); 1647 return; 1648 } 1649 } 1650 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1651 /* The request is used as the AIO opaque value, so add a ref. */ 1652 scsi_req_ref(&r->req); 1653 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1654 BLOCK_ACCT_FLUSH); 1655 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1656 return; 1657 } 1658 1659 scsi_req_complete(&r->req, GOOD); 1660 return; 1661 1662 invalid_param: 1663 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1664 return; 1665 1666 invalid_param_len: 1667 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1668 return; 1669 1670 invalid_field: 1671 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1672 } 1673 1674 /* sector_num and nb_sectors expected to be in qdev blocksize */ 1675 static inline bool check_lba_range(SCSIDiskState *s, 1676 uint64_t sector_num, uint32_t nb_sectors) 1677 { 1678 /* 1679 * The first line tests that no overflow happens when computing the last 1680 * sector. The second line tests that the last accessed sector is in 1681 * range. 1682 * 1683 * Careful, the computations should not underflow for nb_sectors == 0, 1684 * and a 0-block read to the first LBA beyond the end of device is 1685 * valid. 1686 */ 1687 return (sector_num <= sector_num + nb_sectors && 1688 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1689 } 1690 1691 typedef struct UnmapCBData { 1692 SCSIDiskReq *r; 1693 uint8_t *inbuf; 1694 int count; 1695 } UnmapCBData; 1696 1697 static void scsi_unmap_complete(void *opaque, int ret); 1698 1699 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1700 { 1701 SCSIDiskReq *r = data->r; 1702 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1703 1704 assert(r->req.aiocb == NULL); 1705 1706 if (data->count > 0) { 1707 uint64_t sector_num = ldq_be_p(&data->inbuf[0]); 1708 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1709 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1710 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1711 1712 if (!check_lba_range(s, sector_num, nb_sectors)) { 1713 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1714 BLOCK_ACCT_UNMAP); 1715 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1716 goto done; 1717 } 1718 1719 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1720 r->sector_count * BDRV_SECTOR_SIZE, 1721 BLOCK_ACCT_UNMAP); 1722 1723 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1724 r->sector * BDRV_SECTOR_SIZE, 1725 r->sector_count * BDRV_SECTOR_SIZE, 1726 scsi_unmap_complete, data); 1727 data->count--; 1728 data->inbuf += 16; 1729 return; 1730 } 1731 1732 scsi_req_complete(&r->req, GOOD); 1733 1734 done: 1735 scsi_req_unref(&r->req); 1736 g_free(data); 1737 } 1738 1739 static void scsi_unmap_complete(void *opaque, int ret) 1740 { 1741 UnmapCBData *data = opaque; 1742 SCSIDiskReq *r = data->r; 1743 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1744 1745 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1746 1747 assert(r->req.aiocb != NULL); 1748 r->req.aiocb = NULL; 1749 1750 if (scsi_disk_req_check_error(r, ret, true)) { 1751 scsi_req_unref(&r->req); 1752 g_free(data); 1753 } else { 1754 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1755 scsi_unmap_complete_noio(data, ret); 1756 } 1757 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1758 } 1759 1760 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1761 { 1762 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1763 uint8_t *p = inbuf; 1764 int len = r->req.cmd.xfer; 1765 UnmapCBData *data; 1766 1767 /* Reject ANCHOR=1. */ 1768 if (r->req.cmd.buf[1] & 0x1) { 1769 goto invalid_field; 1770 } 1771 1772 if (len < 8) { 1773 goto invalid_param_len; 1774 } 1775 if (len < lduw_be_p(&p[0]) + 2) { 1776 goto invalid_param_len; 1777 } 1778 if (len < lduw_be_p(&p[2]) + 8) { 1779 goto invalid_param_len; 1780 } 1781 if (lduw_be_p(&p[2]) & 15) { 1782 goto invalid_param_len; 1783 } 1784 1785 if (!blk_is_writable(s->qdev.conf.blk)) { 1786 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1787 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1788 return; 1789 } 1790 1791 data = g_new0(UnmapCBData, 1); 1792 data->r = r; 1793 data->inbuf = &p[8]; 1794 data->count = lduw_be_p(&p[2]) >> 4; 1795 1796 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1797 scsi_req_ref(&r->req); 1798 scsi_unmap_complete_noio(data, 0); 1799 return; 1800 1801 invalid_param_len: 1802 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1803 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1804 return; 1805 1806 invalid_field: 1807 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1808 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1809 } 1810 1811 typedef struct WriteSameCBData { 1812 SCSIDiskReq *r; 1813 int64_t sector; 1814 int nb_sectors; 1815 QEMUIOVector qiov; 1816 struct iovec iov; 1817 } WriteSameCBData; 1818 1819 static void scsi_write_same_complete(void *opaque, int ret) 1820 { 1821 WriteSameCBData *data = opaque; 1822 SCSIDiskReq *r = data->r; 1823 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1824 1825 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1826 1827 assert(r->req.aiocb != NULL); 1828 r->req.aiocb = NULL; 1829 1830 if (scsi_disk_req_check_error(r, ret, true)) { 1831 goto done; 1832 } 1833 1834 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1835 1836 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1837 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1838 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1839 data->iov.iov_len); 1840 if (data->iov.iov_len) { 1841 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1842 data->iov.iov_len, BLOCK_ACCT_WRITE); 1843 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1844 * where final qiov may need smaller size */ 1845 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1846 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1847 data->sector << BDRV_SECTOR_BITS, 1848 &data->qiov, 0, 1849 scsi_write_same_complete, data); 1850 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1851 return; 1852 } 1853 1854 scsi_req_complete(&r->req, GOOD); 1855 1856 done: 1857 scsi_req_unref(&r->req); 1858 qemu_vfree(data->iov.iov_base); 1859 g_free(data); 1860 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1861 } 1862 1863 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1864 { 1865 SCSIRequest *req = &r->req; 1866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1867 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1868 WriteSameCBData *data; 1869 uint8_t *buf; 1870 int i, l; 1871 1872 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1873 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1874 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1875 return; 1876 } 1877 1878 if (!blk_is_writable(s->qdev.conf.blk)) { 1879 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1880 return; 1881 } 1882 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1883 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1884 return; 1885 } 1886 1887 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1888 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1889 1890 /* The request is used as the AIO opaque value, so add a ref. */ 1891 scsi_req_ref(&r->req); 1892 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1893 nb_sectors * s->qdev.blocksize, 1894 BLOCK_ACCT_WRITE); 1895 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1896 r->req.cmd.lba * s->qdev.blocksize, 1897 nb_sectors * s->qdev.blocksize, 1898 flags, scsi_aio_complete, r); 1899 return; 1900 } 1901 1902 data = g_new0(WriteSameCBData, 1); 1903 data->r = r; 1904 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1905 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1906 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1907 SCSI_WRITE_SAME_MAX); 1908 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1909 data->iov.iov_len); 1910 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1911 1912 for (i = 0; i < data->iov.iov_len; i += l) { 1913 l = MIN(s->qdev.blocksize, data->iov.iov_len - i); 1914 memcpy(&buf[i], inbuf, l); 1915 } 1916 1917 scsi_req_ref(&r->req); 1918 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1919 data->iov.iov_len, BLOCK_ACCT_WRITE); 1920 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1921 data->sector << BDRV_SECTOR_BITS, 1922 &data->qiov, 0, 1923 scsi_write_same_complete, data); 1924 } 1925 1926 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1927 { 1928 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1929 1930 if (r->iov.iov_len) { 1931 int buflen = r->iov.iov_len; 1932 trace_scsi_disk_emulate_write_data(buflen); 1933 r->iov.iov_len = 0; 1934 scsi_req_data(&r->req, buflen); 1935 return; 1936 } 1937 1938 switch (req->cmd.buf[0]) { 1939 case MODE_SELECT: 1940 case MODE_SELECT_10: 1941 /* This also clears the sense buffer for REQUEST SENSE. */ 1942 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1943 break; 1944 1945 case UNMAP: 1946 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1947 break; 1948 1949 case VERIFY_10: 1950 case VERIFY_12: 1951 case VERIFY_16: 1952 if (r->req.status == -1) { 1953 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1954 } 1955 break; 1956 1957 case WRITE_SAME_10: 1958 case WRITE_SAME_16: 1959 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1960 break; 1961 1962 case FORMAT_UNIT: 1963 scsi_req_complete(&r->req, GOOD); 1964 break; 1965 1966 default: 1967 abort(); 1968 } 1969 } 1970 1971 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1972 { 1973 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1974 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1975 uint64_t nb_sectors; 1976 uint8_t *outbuf; 1977 int buflen; 1978 1979 switch (req->cmd.buf[0]) { 1980 case INQUIRY: 1981 case MODE_SENSE: 1982 case MODE_SENSE_10: 1983 case RESERVE: 1984 case RESERVE_10: 1985 case RELEASE: 1986 case RELEASE_10: 1987 case START_STOP: 1988 case ALLOW_MEDIUM_REMOVAL: 1989 case GET_CONFIGURATION: 1990 case GET_EVENT_STATUS_NOTIFICATION: 1991 case MECHANISM_STATUS: 1992 case REQUEST_SENSE: 1993 break; 1994 1995 default: 1996 if (!blk_is_available(s->qdev.conf.blk)) { 1997 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1998 return 0; 1999 } 2000 break; 2001 } 2002 2003 /* 2004 * FIXME: we shouldn't return anything bigger than 4k, but the code 2005 * requires the buffer to be as big as req->cmd.xfer in several 2006 * places. So, do not allow CDBs with a very large ALLOCATION 2007 * LENGTH. The real fix would be to modify scsi_read_data and 2008 * dma_buf_read, so that they return data beyond the buflen 2009 * as all zeros. 2010 */ 2011 if (req->cmd.xfer > 65536) { 2012 goto illegal_request; 2013 } 2014 r->buflen = MAX(4096, req->cmd.xfer); 2015 2016 if (!r->iov.iov_base) { 2017 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 2018 } 2019 2020 outbuf = r->iov.iov_base; 2021 memset(outbuf, 0, r->buflen); 2022 switch (req->cmd.buf[0]) { 2023 case TEST_UNIT_READY: 2024 assert(blk_is_available(s->qdev.conf.blk)); 2025 break; 2026 case INQUIRY: 2027 buflen = scsi_disk_emulate_inquiry(req, outbuf); 2028 if (buflen < 0) { 2029 goto illegal_request; 2030 } 2031 break; 2032 case MODE_SENSE: 2033 case MODE_SENSE_10: 2034 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 2035 if (buflen < 0) { 2036 goto illegal_request; 2037 } 2038 break; 2039 case READ_TOC: 2040 buflen = scsi_disk_emulate_read_toc(req, outbuf); 2041 if (buflen < 0) { 2042 goto illegal_request; 2043 } 2044 break; 2045 case RESERVE: 2046 if (req->cmd.buf[1] & 1) { 2047 goto illegal_request; 2048 } 2049 break; 2050 case RESERVE_10: 2051 if (req->cmd.buf[1] & 3) { 2052 goto illegal_request; 2053 } 2054 break; 2055 case RELEASE: 2056 if (req->cmd.buf[1] & 1) { 2057 goto illegal_request; 2058 } 2059 break; 2060 case RELEASE_10: 2061 if (req->cmd.buf[1] & 3) { 2062 goto illegal_request; 2063 } 2064 break; 2065 case START_STOP: 2066 if (scsi_disk_emulate_start_stop(r) < 0) { 2067 return 0; 2068 } 2069 break; 2070 case ALLOW_MEDIUM_REMOVAL: 2071 s->tray_locked = req->cmd.buf[4] & 1; 2072 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 2073 break; 2074 case READ_CAPACITY_10: 2075 /* The normal LEN field for this command is zero. */ 2076 memset(outbuf, 0, 8); 2077 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2078 if (!nb_sectors) { 2079 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2080 return 0; 2081 } 2082 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 2083 goto illegal_request; 2084 } 2085 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2086 /* Returned value is the address of the last sector. */ 2087 nb_sectors--; 2088 /* Remember the new size for read/write sanity checking. */ 2089 s->qdev.max_lba = nb_sectors; 2090 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 2091 if (nb_sectors > UINT32_MAX) { 2092 nb_sectors = UINT32_MAX; 2093 } 2094 outbuf[0] = (nb_sectors >> 24) & 0xff; 2095 outbuf[1] = (nb_sectors >> 16) & 0xff; 2096 outbuf[2] = (nb_sectors >> 8) & 0xff; 2097 outbuf[3] = nb_sectors & 0xff; 2098 outbuf[4] = 0; 2099 outbuf[5] = 0; 2100 outbuf[6] = s->qdev.blocksize >> 8; 2101 outbuf[7] = 0; 2102 break; 2103 case REQUEST_SENSE: 2104 /* Just return "NO SENSE". */ 2105 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2106 (req->cmd.buf[1] & 1) == 0); 2107 if (buflen < 0) { 2108 goto illegal_request; 2109 } 2110 break; 2111 case MECHANISM_STATUS: 2112 buflen = scsi_emulate_mechanism_status(s, outbuf); 2113 if (buflen < 0) { 2114 goto illegal_request; 2115 } 2116 break; 2117 case GET_CONFIGURATION: 2118 buflen = scsi_get_configuration(s, outbuf); 2119 if (buflen < 0) { 2120 goto illegal_request; 2121 } 2122 break; 2123 case GET_EVENT_STATUS_NOTIFICATION: 2124 buflen = scsi_get_event_status_notification(s, r, outbuf); 2125 if (buflen < 0) { 2126 goto illegal_request; 2127 } 2128 break; 2129 case READ_DISC_INFORMATION: 2130 buflen = scsi_read_disc_information(s, r, outbuf); 2131 if (buflen < 0) { 2132 goto illegal_request; 2133 } 2134 break; 2135 case READ_DVD_STRUCTURE: 2136 buflen = scsi_read_dvd_structure(s, r, outbuf); 2137 if (buflen < 0) { 2138 goto illegal_request; 2139 } 2140 break; 2141 case SERVICE_ACTION_IN_16: 2142 /* Service Action In subcommands. */ 2143 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2144 trace_scsi_disk_emulate_command_SAI_16(); 2145 memset(outbuf, 0, req->cmd.xfer); 2146 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2147 if (!nb_sectors) { 2148 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2149 return 0; 2150 } 2151 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2152 goto illegal_request; 2153 } 2154 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2155 /* Returned value is the address of the last sector. */ 2156 nb_sectors--; 2157 /* Remember the new size for read/write sanity checking. */ 2158 s->qdev.max_lba = nb_sectors; 2159 outbuf[0] = (nb_sectors >> 56) & 0xff; 2160 outbuf[1] = (nb_sectors >> 48) & 0xff; 2161 outbuf[2] = (nb_sectors >> 40) & 0xff; 2162 outbuf[3] = (nb_sectors >> 32) & 0xff; 2163 outbuf[4] = (nb_sectors >> 24) & 0xff; 2164 outbuf[5] = (nb_sectors >> 16) & 0xff; 2165 outbuf[6] = (nb_sectors >> 8) & 0xff; 2166 outbuf[7] = nb_sectors & 0xff; 2167 outbuf[8] = 0; 2168 outbuf[9] = 0; 2169 outbuf[10] = s->qdev.blocksize >> 8; 2170 outbuf[11] = 0; 2171 outbuf[12] = 0; 2172 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2173 2174 /* set TPE bit if the format supports discard */ 2175 if (s->qdev.conf.discard_granularity) { 2176 outbuf[14] = 0x80; 2177 } 2178 2179 /* Protection, exponent and lowest lba field left blank. */ 2180 break; 2181 } 2182 trace_scsi_disk_emulate_command_SAI_unsupported(); 2183 goto illegal_request; 2184 case SYNCHRONIZE_CACHE: 2185 /* The request is used as the AIO opaque value, so add a ref. */ 2186 scsi_req_ref(&r->req); 2187 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2188 BLOCK_ACCT_FLUSH); 2189 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2190 return 0; 2191 case SEEK_10: 2192 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2193 if (r->req.cmd.lba > s->qdev.max_lba) { 2194 goto illegal_lba; 2195 } 2196 break; 2197 case MODE_SELECT: 2198 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2199 break; 2200 case MODE_SELECT_10: 2201 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2202 break; 2203 case UNMAP: 2204 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2205 break; 2206 case VERIFY_10: 2207 case VERIFY_12: 2208 case VERIFY_16: 2209 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2210 if (req->cmd.buf[1] & 6) { 2211 goto illegal_request; 2212 } 2213 break; 2214 case WRITE_SAME_10: 2215 case WRITE_SAME_16: 2216 trace_scsi_disk_emulate_command_WRITE_SAME( 2217 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2218 break; 2219 case FORMAT_UNIT: 2220 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer); 2221 break; 2222 default: 2223 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2224 scsi_command_name(buf[0])); 2225 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2226 return 0; 2227 } 2228 assert(!r->req.aiocb); 2229 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2230 if (r->iov.iov_len == 0) { 2231 scsi_req_complete(&r->req, GOOD); 2232 } 2233 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2234 assert(r->iov.iov_len == req->cmd.xfer); 2235 return -r->iov.iov_len; 2236 } else { 2237 return r->iov.iov_len; 2238 } 2239 2240 illegal_request: 2241 if (r->req.status == -1) { 2242 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2243 } 2244 return 0; 2245 2246 illegal_lba: 2247 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2248 return 0; 2249 } 2250 2251 /* Execute a scsi command. Returns the length of the data expected by the 2252 command. This will be Positive for data transfers from the device 2253 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2254 and zero if the command does not transfer any data. */ 2255 2256 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2257 { 2258 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2259 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2260 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2261 uint32_t len; 2262 uint8_t command; 2263 2264 command = buf[0]; 2265 2266 if (!blk_is_available(s->qdev.conf.blk)) { 2267 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2268 return 0; 2269 } 2270 2271 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2272 switch (command) { 2273 case READ_6: 2274 case READ_10: 2275 case READ_12: 2276 case READ_16: 2277 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2278 /* Protection information is not supported. For SCSI versions 2 and 2279 * older (as determined by snooping the guest's INQUIRY commands), 2280 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2281 */ 2282 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2283 goto illegal_request; 2284 } 2285 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2286 goto illegal_lba; 2287 } 2288 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2289 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2290 break; 2291 case WRITE_6: 2292 case WRITE_10: 2293 case WRITE_12: 2294 case WRITE_16: 2295 case WRITE_VERIFY_10: 2296 case WRITE_VERIFY_12: 2297 case WRITE_VERIFY_16: 2298 if (!blk_is_writable(s->qdev.conf.blk)) { 2299 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2300 return 0; 2301 } 2302 trace_scsi_disk_dma_command_WRITE( 2303 (command & 0xe) == 0xe ? "And Verify " : "", 2304 r->req.cmd.lba, len); 2305 /* fall through */ 2306 case VERIFY_10: 2307 case VERIFY_12: 2308 case VERIFY_16: 2309 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2310 * As far as DMA is concerned, we can treat it the same as a write; 2311 * scsi_block_do_sgio will send VERIFY commands. 2312 */ 2313 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2314 goto illegal_request; 2315 } 2316 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2317 goto illegal_lba; 2318 } 2319 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2320 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2321 break; 2322 default: 2323 abort(); 2324 illegal_request: 2325 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2326 return 0; 2327 illegal_lba: 2328 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2329 return 0; 2330 } 2331 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2332 if (r->sector_count == 0) { 2333 scsi_req_complete(&r->req, GOOD); 2334 } 2335 assert(r->iov.iov_len == 0); 2336 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2337 return -r->sector_count * BDRV_SECTOR_SIZE; 2338 } else { 2339 return r->sector_count * BDRV_SECTOR_SIZE; 2340 } 2341 } 2342 2343 static void scsi_disk_reset(DeviceState *dev) 2344 { 2345 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2346 uint64_t nb_sectors; 2347 AioContext *ctx; 2348 2349 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2350 2351 ctx = blk_get_aio_context(s->qdev.conf.blk); 2352 aio_context_acquire(ctx); 2353 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2354 aio_context_release(ctx); 2355 2356 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2357 if (nb_sectors) { 2358 nb_sectors--; 2359 } 2360 s->qdev.max_lba = nb_sectors; 2361 /* reset tray statuses */ 2362 s->tray_locked = 0; 2363 s->tray_open = 0; 2364 2365 s->qdev.scsi_version = s->qdev.default_scsi_version; 2366 } 2367 2368 static void scsi_disk_drained_begin(void *opaque) 2369 { 2370 SCSIDiskState *s = opaque; 2371 2372 scsi_device_drained_begin(&s->qdev); 2373 } 2374 2375 static void scsi_disk_drained_end(void *opaque) 2376 { 2377 SCSIDiskState *s = opaque; 2378 2379 scsi_device_drained_end(&s->qdev); 2380 } 2381 2382 static void scsi_disk_resize_cb(void *opaque) 2383 { 2384 SCSIDiskState *s = opaque; 2385 2386 /* SPC lists this sense code as available only for 2387 * direct-access devices. 2388 */ 2389 if (s->qdev.type == TYPE_DISK) { 2390 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2391 } 2392 } 2393 2394 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2395 { 2396 SCSIDiskState *s = opaque; 2397 2398 /* 2399 * When a CD gets changed, we have to report an ejected state and 2400 * then a loaded state to guests so that they detect tray 2401 * open/close and media change events. Guests that do not use 2402 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2403 * states rely on this behavior. 2404 * 2405 * media_changed governs the state machine used for unit attention 2406 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2407 */ 2408 s->media_changed = load; 2409 s->tray_open = !load; 2410 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2411 s->media_event = true; 2412 s->eject_request = false; 2413 } 2414 2415 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2416 { 2417 SCSIDiskState *s = opaque; 2418 2419 s->eject_request = true; 2420 if (force) { 2421 s->tray_locked = false; 2422 } 2423 } 2424 2425 static bool scsi_cd_is_tray_open(void *opaque) 2426 { 2427 return ((SCSIDiskState *)opaque)->tray_open; 2428 } 2429 2430 static bool scsi_cd_is_medium_locked(void *opaque) 2431 { 2432 return ((SCSIDiskState *)opaque)->tray_locked; 2433 } 2434 2435 static const BlockDevOps scsi_disk_removable_block_ops = { 2436 .change_media_cb = scsi_cd_change_media_cb, 2437 .drained_begin = scsi_disk_drained_begin, 2438 .drained_end = scsi_disk_drained_end, 2439 .eject_request_cb = scsi_cd_eject_request_cb, 2440 .is_medium_locked = scsi_cd_is_medium_locked, 2441 .is_tray_open = scsi_cd_is_tray_open, 2442 .resize_cb = scsi_disk_resize_cb, 2443 }; 2444 2445 static const BlockDevOps scsi_disk_block_ops = { 2446 .drained_begin = scsi_disk_drained_begin, 2447 .drained_end = scsi_disk_drained_end, 2448 .resize_cb = scsi_disk_resize_cb, 2449 }; 2450 2451 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2452 { 2453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2454 if (s->media_changed) { 2455 s->media_changed = false; 2456 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2457 } 2458 } 2459 2460 static void scsi_realize(SCSIDevice *dev, Error **errp) 2461 { 2462 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2463 bool read_only; 2464 2465 if (!s->qdev.conf.blk) { 2466 error_setg(errp, "drive property not set"); 2467 return; 2468 } 2469 2470 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2471 !blk_is_inserted(s->qdev.conf.blk)) { 2472 error_setg(errp, "Device needs media, but drive is empty"); 2473 return; 2474 } 2475 2476 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2477 return; 2478 } 2479 2480 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2481 !s->qdev.hba_supports_iothread) 2482 { 2483 error_setg(errp, "HBA does not support iothreads"); 2484 return; 2485 } 2486 2487 if (dev->type == TYPE_DISK) { 2488 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2489 return; 2490 } 2491 } 2492 2493 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2494 if (dev->type == TYPE_ROM) { 2495 read_only = true; 2496 } 2497 2498 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2499 dev->type == TYPE_DISK, errp)) { 2500 return; 2501 } 2502 2503 if (s->qdev.conf.discard_granularity == -1) { 2504 s->qdev.conf.discard_granularity = 2505 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2506 } 2507 2508 if (!s->version) { 2509 s->version = g_strdup(qemu_hw_version()); 2510 } 2511 if (!s->vendor) { 2512 s->vendor = g_strdup("QEMU"); 2513 } 2514 if (!s->device_id) { 2515 if (s->serial) { 2516 s->device_id = g_strdup_printf("%.20s", s->serial); 2517 } else { 2518 const char *str = blk_name(s->qdev.conf.blk); 2519 if (str && *str) { 2520 s->device_id = g_strdup(str); 2521 } 2522 } 2523 } 2524 2525 if (blk_is_sg(s->qdev.conf.blk)) { 2526 error_setg(errp, "unwanted /dev/sg*"); 2527 return; 2528 } 2529 2530 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2531 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2532 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2533 } else { 2534 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2535 } 2536 2537 blk_iostatus_enable(s->qdev.conf.blk); 2538 2539 add_boot_device_lchs(&dev->qdev, NULL, 2540 dev->conf.lcyls, 2541 dev->conf.lheads, 2542 dev->conf.lsecs); 2543 } 2544 2545 static void scsi_unrealize(SCSIDevice *dev) 2546 { 2547 del_boot_device_lchs(&dev->qdev, NULL); 2548 } 2549 2550 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2551 { 2552 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2553 AioContext *ctx = NULL; 2554 /* can happen for devices without drive. The error message for missing 2555 * backend will be issued in scsi_realize 2556 */ 2557 if (s->qdev.conf.blk) { 2558 ctx = blk_get_aio_context(s->qdev.conf.blk); 2559 aio_context_acquire(ctx); 2560 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2561 goto out; 2562 } 2563 } 2564 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2565 s->qdev.type = TYPE_DISK; 2566 if (!s->product) { 2567 s->product = g_strdup("QEMU HARDDISK"); 2568 } 2569 scsi_realize(&s->qdev, errp); 2570 out: 2571 if (ctx) { 2572 aio_context_release(ctx); 2573 } 2574 } 2575 2576 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2577 { 2578 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2579 AioContext *ctx; 2580 int ret; 2581 uint32_t blocksize = 2048; 2582 2583 if (!dev->conf.blk) { 2584 /* Anonymous BlockBackend for an empty drive. As we put it into 2585 * dev->conf, qdev takes care of detaching on unplug. */ 2586 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2587 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2588 assert(ret == 0); 2589 } 2590 2591 if (dev->conf.physical_block_size != 0) { 2592 blocksize = dev->conf.physical_block_size; 2593 } 2594 2595 ctx = blk_get_aio_context(dev->conf.blk); 2596 aio_context_acquire(ctx); 2597 s->qdev.blocksize = blocksize; 2598 s->qdev.type = TYPE_ROM; 2599 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2600 if (!s->product) { 2601 s->product = g_strdup("QEMU CD-ROM"); 2602 } 2603 scsi_realize(&s->qdev, errp); 2604 aio_context_release(ctx); 2605 } 2606 2607 2608 static const SCSIReqOps scsi_disk_emulate_reqops = { 2609 .size = sizeof(SCSIDiskReq), 2610 .free_req = scsi_free_request, 2611 .send_command = scsi_disk_emulate_command, 2612 .read_data = scsi_disk_emulate_read_data, 2613 .write_data = scsi_disk_emulate_write_data, 2614 .get_buf = scsi_get_buf, 2615 }; 2616 2617 static const SCSIReqOps scsi_disk_dma_reqops = { 2618 .size = sizeof(SCSIDiskReq), 2619 .free_req = scsi_free_request, 2620 .send_command = scsi_disk_dma_command, 2621 .read_data = scsi_read_data, 2622 .write_data = scsi_write_data, 2623 .get_buf = scsi_get_buf, 2624 .load_request = scsi_disk_load_request, 2625 .save_request = scsi_disk_save_request, 2626 }; 2627 2628 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2629 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2630 [INQUIRY] = &scsi_disk_emulate_reqops, 2631 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2632 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2633 [START_STOP] = &scsi_disk_emulate_reqops, 2634 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2635 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2636 [READ_TOC] = &scsi_disk_emulate_reqops, 2637 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2638 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2639 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2640 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2641 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2642 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2643 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2644 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2645 [SEEK_10] = &scsi_disk_emulate_reqops, 2646 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2647 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2648 [UNMAP] = &scsi_disk_emulate_reqops, 2649 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2650 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2651 [VERIFY_10] = &scsi_disk_emulate_reqops, 2652 [VERIFY_12] = &scsi_disk_emulate_reqops, 2653 [VERIFY_16] = &scsi_disk_emulate_reqops, 2654 [FORMAT_UNIT] = &scsi_disk_emulate_reqops, 2655 2656 [READ_6] = &scsi_disk_dma_reqops, 2657 [READ_10] = &scsi_disk_dma_reqops, 2658 [READ_12] = &scsi_disk_dma_reqops, 2659 [READ_16] = &scsi_disk_dma_reqops, 2660 [WRITE_6] = &scsi_disk_dma_reqops, 2661 [WRITE_10] = &scsi_disk_dma_reqops, 2662 [WRITE_12] = &scsi_disk_dma_reqops, 2663 [WRITE_16] = &scsi_disk_dma_reqops, 2664 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2665 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2666 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2667 }; 2668 2669 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2670 { 2671 int i; 2672 int len = scsi_cdb_length(buf); 2673 char *line_buffer, *p; 2674 2675 assert(len > 0 && len <= 16); 2676 line_buffer = g_malloc(len * 5 + 1); 2677 2678 for (i = 0, p = line_buffer; i < len; i++) { 2679 p += sprintf(p, " 0x%02x", buf[i]); 2680 } 2681 trace_scsi_disk_new_request(lun, tag, line_buffer); 2682 2683 g_free(line_buffer); 2684 } 2685 2686 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2687 uint8_t *buf, void *hba_private) 2688 { 2689 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2690 SCSIRequest *req; 2691 const SCSIReqOps *ops; 2692 uint8_t command; 2693 2694 command = buf[0]; 2695 ops = scsi_disk_reqops_dispatch[command]; 2696 if (!ops) { 2697 ops = &scsi_disk_emulate_reqops; 2698 } 2699 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2700 2701 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2702 scsi_disk_new_request_dump(lun, tag, buf); 2703 } 2704 2705 return req; 2706 } 2707 2708 #ifdef __linux__ 2709 static int get_device_type(SCSIDiskState *s) 2710 { 2711 uint8_t cmd[16]; 2712 uint8_t buf[36]; 2713 int ret; 2714 2715 memset(cmd, 0, sizeof(cmd)); 2716 memset(buf, 0, sizeof(buf)); 2717 cmd[0] = INQUIRY; 2718 cmd[4] = sizeof(buf); 2719 2720 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2721 buf, sizeof(buf), s->qdev.io_timeout); 2722 if (ret < 0) { 2723 return -1; 2724 } 2725 s->qdev.type = buf[0]; 2726 if (buf[1] & 0x80) { 2727 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2728 } 2729 return 0; 2730 } 2731 2732 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2733 { 2734 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2735 AioContext *ctx; 2736 int sg_version; 2737 int rc; 2738 2739 if (!s->qdev.conf.blk) { 2740 error_setg(errp, "drive property not set"); 2741 return; 2742 } 2743 2744 if (s->rotation_rate) { 2745 error_report_once("rotation_rate is specified for scsi-block but is " 2746 "not implemented. This option is deprecated and will " 2747 "be removed in a future version"); 2748 } 2749 2750 ctx = blk_get_aio_context(s->qdev.conf.blk); 2751 aio_context_acquire(ctx); 2752 2753 /* check we are using a driver managing SG_IO (version 3 and after) */ 2754 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2755 if (rc < 0) { 2756 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2757 if (rc != -EPERM) { 2758 error_append_hint(errp, "Is this a SCSI device?\n"); 2759 } 2760 goto out; 2761 } 2762 if (sg_version < 30000) { 2763 error_setg(errp, "scsi generic interface too old"); 2764 goto out; 2765 } 2766 2767 /* get device type from INQUIRY data */ 2768 rc = get_device_type(s); 2769 if (rc < 0) { 2770 error_setg(errp, "INQUIRY failed"); 2771 goto out; 2772 } 2773 2774 /* Make a guess for the block size, we'll fix it when the guest sends. 2775 * READ CAPACITY. If they don't, they likely would assume these sizes 2776 * anyway. (TODO: check in /sys). 2777 */ 2778 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2779 s->qdev.blocksize = 2048; 2780 } else { 2781 s->qdev.blocksize = 512; 2782 } 2783 2784 /* Makes the scsi-block device not removable by using HMP and QMP eject 2785 * command. 2786 */ 2787 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2788 2789 scsi_realize(&s->qdev, errp); 2790 scsi_generic_read_device_inquiry(&s->qdev); 2791 2792 out: 2793 aio_context_release(ctx); 2794 } 2795 2796 typedef struct SCSIBlockReq { 2797 SCSIDiskReq req; 2798 sg_io_hdr_t io_header; 2799 2800 /* Selected bytes of the original CDB, copied into our own CDB. */ 2801 uint8_t cmd, cdb1, group_number; 2802 2803 /* CDB passed to SG_IO. */ 2804 uint8_t cdb[16]; 2805 BlockCompletionFunc *cb; 2806 void *cb_opaque; 2807 } SCSIBlockReq; 2808 2809 static void scsi_block_sgio_complete(void *opaque, int ret) 2810 { 2811 SCSIBlockReq *req = (SCSIBlockReq *)opaque; 2812 SCSIDiskReq *r = &req->req; 2813 SCSIDevice *s = r->req.dev; 2814 sg_io_hdr_t *io_hdr = &req->io_header; 2815 2816 if (ret == 0) { 2817 if (io_hdr->host_status != SCSI_HOST_OK) { 2818 scsi_req_complete_failed(&r->req, io_hdr->host_status); 2819 scsi_req_unref(&r->req); 2820 return; 2821 } 2822 2823 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) { 2824 ret = BUSY; 2825 } else { 2826 ret = io_hdr->status; 2827 } 2828 2829 if (ret > 0) { 2830 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 2831 if (scsi_handle_rw_error(r, ret, true)) { 2832 aio_context_release(blk_get_aio_context(s->conf.blk)); 2833 scsi_req_unref(&r->req); 2834 return; 2835 } 2836 aio_context_release(blk_get_aio_context(s->conf.blk)); 2837 2838 /* Ignore error. */ 2839 ret = 0; 2840 } 2841 } 2842 2843 req->cb(req->cb_opaque, ret); 2844 } 2845 2846 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2847 int64_t offset, QEMUIOVector *iov, 2848 int direction, 2849 BlockCompletionFunc *cb, void *opaque) 2850 { 2851 sg_io_hdr_t *io_header = &req->io_header; 2852 SCSIDiskReq *r = &req->req; 2853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2854 int nb_logical_blocks; 2855 uint64_t lba; 2856 BlockAIOCB *aiocb; 2857 2858 /* This is not supported yet. It can only happen if the guest does 2859 * reads and writes that are not aligned to one logical sectors 2860 * _and_ cover multiple MemoryRegions. 2861 */ 2862 assert(offset % s->qdev.blocksize == 0); 2863 assert(iov->size % s->qdev.blocksize == 0); 2864 2865 io_header->interface_id = 'S'; 2866 2867 /* The data transfer comes from the QEMUIOVector. */ 2868 io_header->dxfer_direction = direction; 2869 io_header->dxfer_len = iov->size; 2870 io_header->dxferp = (void *)iov->iov; 2871 io_header->iovec_count = iov->niov; 2872 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2873 2874 /* Build a new CDB with the LBA and length patched in, in case 2875 * DMA helpers split the transfer in multiple segments. Do not 2876 * build a CDB smaller than what the guest wanted, and only build 2877 * a larger one if strictly necessary. 2878 */ 2879 io_header->cmdp = req->cdb; 2880 lba = offset / s->qdev.blocksize; 2881 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2882 2883 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2884 /* 6-byte CDB */ 2885 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2886 req->cdb[4] = nb_logical_blocks; 2887 req->cdb[5] = 0; 2888 io_header->cmd_len = 6; 2889 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2890 /* 10-byte CDB */ 2891 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2892 req->cdb[1] = req->cdb1; 2893 stl_be_p(&req->cdb[2], lba); 2894 req->cdb[6] = req->group_number; 2895 stw_be_p(&req->cdb[7], nb_logical_blocks); 2896 req->cdb[9] = 0; 2897 io_header->cmd_len = 10; 2898 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2899 /* 12-byte CDB */ 2900 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2901 req->cdb[1] = req->cdb1; 2902 stl_be_p(&req->cdb[2], lba); 2903 stl_be_p(&req->cdb[6], nb_logical_blocks); 2904 req->cdb[10] = req->group_number; 2905 req->cdb[11] = 0; 2906 io_header->cmd_len = 12; 2907 } else { 2908 /* 16-byte CDB */ 2909 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2910 req->cdb[1] = req->cdb1; 2911 stq_be_p(&req->cdb[2], lba); 2912 stl_be_p(&req->cdb[10], nb_logical_blocks); 2913 req->cdb[14] = req->group_number; 2914 req->cdb[15] = 0; 2915 io_header->cmd_len = 16; 2916 } 2917 2918 /* The rest is as in scsi-generic.c. */ 2919 io_header->mx_sb_len = sizeof(r->req.sense); 2920 io_header->sbp = r->req.sense; 2921 io_header->timeout = s->qdev.io_timeout * 1000; 2922 io_header->usr_ptr = r; 2923 io_header->flags |= SG_FLAG_DIRECT_IO; 2924 req->cb = cb; 2925 req->cb_opaque = opaque; 2926 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2927 nb_logical_blocks, io_header->timeout); 2928 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req); 2929 assert(aiocb != NULL); 2930 return aiocb; 2931 } 2932 2933 static bool scsi_block_no_fua(SCSICommand *cmd) 2934 { 2935 return false; 2936 } 2937 2938 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2939 QEMUIOVector *iov, 2940 BlockCompletionFunc *cb, void *cb_opaque, 2941 void *opaque) 2942 { 2943 SCSIBlockReq *r = opaque; 2944 return scsi_block_do_sgio(r, offset, iov, 2945 SG_DXFER_FROM_DEV, cb, cb_opaque); 2946 } 2947 2948 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2949 QEMUIOVector *iov, 2950 BlockCompletionFunc *cb, void *cb_opaque, 2951 void *opaque) 2952 { 2953 SCSIBlockReq *r = opaque; 2954 return scsi_block_do_sgio(r, offset, iov, 2955 SG_DXFER_TO_DEV, cb, cb_opaque); 2956 } 2957 2958 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2959 { 2960 switch (buf[0]) { 2961 case VERIFY_10: 2962 case VERIFY_12: 2963 case VERIFY_16: 2964 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2965 * for the number of logical blocks specified in the length 2966 * field). For other modes, do not use scatter/gather operation. 2967 */ 2968 if ((buf[1] & 6) == 2) { 2969 return false; 2970 } 2971 break; 2972 2973 case READ_6: 2974 case READ_10: 2975 case READ_12: 2976 case READ_16: 2977 case WRITE_6: 2978 case WRITE_10: 2979 case WRITE_12: 2980 case WRITE_16: 2981 case WRITE_VERIFY_10: 2982 case WRITE_VERIFY_12: 2983 case WRITE_VERIFY_16: 2984 /* MMC writing cannot be done via DMA helpers, because it sometimes 2985 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2986 * We might use scsi_block_dma_reqops as long as no writing commands are 2987 * seen, but performance usually isn't paramount on optical media. So, 2988 * just make scsi-block operate the same as scsi-generic for them. 2989 */ 2990 if (s->qdev.type != TYPE_ROM) { 2991 return false; 2992 } 2993 break; 2994 2995 default: 2996 break; 2997 } 2998 2999 return true; 3000 } 3001 3002 3003 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 3004 { 3005 SCSIBlockReq *r = (SCSIBlockReq *)req; 3006 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 3007 3008 r->cmd = req->cmd.buf[0]; 3009 switch (r->cmd >> 5) { 3010 case 0: 3011 /* 6-byte CDB. */ 3012 r->cdb1 = r->group_number = 0; 3013 break; 3014 case 1: 3015 /* 10-byte CDB. */ 3016 r->cdb1 = req->cmd.buf[1]; 3017 r->group_number = req->cmd.buf[6]; 3018 break; 3019 case 4: 3020 /* 12-byte CDB. */ 3021 r->cdb1 = req->cmd.buf[1]; 3022 r->group_number = req->cmd.buf[10]; 3023 break; 3024 case 5: 3025 /* 16-byte CDB. */ 3026 r->cdb1 = req->cmd.buf[1]; 3027 r->group_number = req->cmd.buf[14]; 3028 break; 3029 default: 3030 abort(); 3031 } 3032 3033 /* Protection information is not supported. For SCSI versions 2 and 3034 * older (as determined by snooping the guest's INQUIRY commands), 3035 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 3036 */ 3037 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 3038 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 3039 return 0; 3040 } 3041 3042 return scsi_disk_dma_command(req, buf); 3043 } 3044 3045 static const SCSIReqOps scsi_block_dma_reqops = { 3046 .size = sizeof(SCSIBlockReq), 3047 .free_req = scsi_free_request, 3048 .send_command = scsi_block_dma_command, 3049 .read_data = scsi_read_data, 3050 .write_data = scsi_write_data, 3051 .get_buf = scsi_get_buf, 3052 .load_request = scsi_disk_load_request, 3053 .save_request = scsi_disk_save_request, 3054 }; 3055 3056 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 3057 uint32_t lun, uint8_t *buf, 3058 void *hba_private) 3059 { 3060 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3061 3062 if (scsi_block_is_passthrough(s, buf)) { 3063 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 3064 hba_private); 3065 } else { 3066 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 3067 hba_private); 3068 } 3069 } 3070 3071 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 3072 uint8_t *buf, size_t buf_len, 3073 void *hba_private) 3074 { 3075 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3076 3077 if (scsi_block_is_passthrough(s, buf)) { 3078 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private); 3079 } else { 3080 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len); 3081 } 3082 } 3083 3084 static void scsi_block_update_sense(SCSIRequest *req) 3085 { 3086 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 3087 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 3088 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 3089 } 3090 #endif 3091 3092 static 3093 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 3094 BlockCompletionFunc *cb, void *cb_opaque, 3095 void *opaque) 3096 { 3097 SCSIDiskReq *r = opaque; 3098 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3099 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3100 } 3101 3102 static 3103 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 3104 BlockCompletionFunc *cb, void *cb_opaque, 3105 void *opaque) 3106 { 3107 SCSIDiskReq *r = opaque; 3108 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3109 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3110 } 3111 3112 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 3113 { 3114 DeviceClass *dc = DEVICE_CLASS(klass); 3115 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3116 3117 dc->fw_name = "disk"; 3118 dc->reset = scsi_disk_reset; 3119 sdc->dma_readv = scsi_dma_readv; 3120 sdc->dma_writev = scsi_dma_writev; 3121 sdc->need_fua_emulation = scsi_is_cmd_fua; 3122 } 3123 3124 static const TypeInfo scsi_disk_base_info = { 3125 .name = TYPE_SCSI_DISK_BASE, 3126 .parent = TYPE_SCSI_DEVICE, 3127 .class_init = scsi_disk_base_class_initfn, 3128 .instance_size = sizeof(SCSIDiskState), 3129 .class_size = sizeof(SCSIDiskClass), 3130 .abstract = true, 3131 }; 3132 3133 #define DEFINE_SCSI_DISK_PROPERTIES() \ 3134 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 3135 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 3136 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3137 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 3138 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 3139 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 3140 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 3141 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 3142 3143 3144 static Property scsi_hd_properties[] = { 3145 DEFINE_SCSI_DISK_PROPERTIES(), 3146 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3147 SCSI_DISK_F_REMOVABLE, false), 3148 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3149 SCSI_DISK_F_DPOFUA, false), 3150 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3151 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3152 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3153 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3154 DEFAULT_MAX_UNMAP_SIZE), 3155 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3156 DEFAULT_MAX_IO_SIZE), 3157 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3158 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3159 5), 3160 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3161 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3162 0), 3163 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3164 DEFINE_PROP_END_OF_LIST(), 3165 }; 3166 3167 static const VMStateDescription vmstate_scsi_disk_state = { 3168 .name = "scsi-disk", 3169 .version_id = 1, 3170 .minimum_version_id = 1, 3171 .fields = (VMStateField[]) { 3172 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3173 VMSTATE_BOOL(media_changed, SCSIDiskState), 3174 VMSTATE_BOOL(media_event, SCSIDiskState), 3175 VMSTATE_BOOL(eject_request, SCSIDiskState), 3176 VMSTATE_BOOL(tray_open, SCSIDiskState), 3177 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3178 VMSTATE_END_OF_LIST() 3179 } 3180 }; 3181 3182 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3183 { 3184 DeviceClass *dc = DEVICE_CLASS(klass); 3185 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3186 3187 sc->realize = scsi_hd_realize; 3188 sc->unrealize = scsi_unrealize; 3189 sc->alloc_req = scsi_new_request; 3190 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3191 dc->desc = "virtual SCSI disk"; 3192 device_class_set_props(dc, scsi_hd_properties); 3193 dc->vmsd = &vmstate_scsi_disk_state; 3194 } 3195 3196 static const TypeInfo scsi_hd_info = { 3197 .name = "scsi-hd", 3198 .parent = TYPE_SCSI_DISK_BASE, 3199 .class_init = scsi_hd_class_initfn, 3200 }; 3201 3202 static Property scsi_cd_properties[] = { 3203 DEFINE_SCSI_DISK_PROPERTIES(), 3204 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3205 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3206 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3207 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3208 DEFAULT_MAX_IO_SIZE), 3209 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3210 5), 3211 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks, 3212 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0), 3213 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks, 3214 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0), 3215 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3216 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3217 0), 3218 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks, 3219 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0), 3220 DEFINE_PROP_END_OF_LIST(), 3221 }; 3222 3223 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3224 { 3225 DeviceClass *dc = DEVICE_CLASS(klass); 3226 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3227 3228 sc->realize = scsi_cd_realize; 3229 sc->alloc_req = scsi_new_request; 3230 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3231 dc->desc = "virtual SCSI CD-ROM"; 3232 device_class_set_props(dc, scsi_cd_properties); 3233 dc->vmsd = &vmstate_scsi_disk_state; 3234 } 3235 3236 static const TypeInfo scsi_cd_info = { 3237 .name = "scsi-cd", 3238 .parent = TYPE_SCSI_DISK_BASE, 3239 .class_init = scsi_cd_class_initfn, 3240 }; 3241 3242 #ifdef __linux__ 3243 static Property scsi_block_properties[] = { 3244 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3245 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3246 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3247 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3248 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3249 DEFAULT_MAX_UNMAP_SIZE), 3250 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3251 DEFAULT_MAX_IO_SIZE), 3252 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3253 -1), 3254 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3255 DEFAULT_IO_TIMEOUT), 3256 DEFINE_PROP_END_OF_LIST(), 3257 }; 3258 3259 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3260 { 3261 DeviceClass *dc = DEVICE_CLASS(klass); 3262 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3263 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3264 3265 sc->realize = scsi_block_realize; 3266 sc->alloc_req = scsi_block_new_request; 3267 sc->parse_cdb = scsi_block_parse_cdb; 3268 sdc->dma_readv = scsi_block_dma_readv; 3269 sdc->dma_writev = scsi_block_dma_writev; 3270 sdc->update_sense = scsi_block_update_sense; 3271 sdc->need_fua_emulation = scsi_block_no_fua; 3272 dc->desc = "SCSI block device passthrough"; 3273 device_class_set_props(dc, scsi_block_properties); 3274 dc->vmsd = &vmstate_scsi_disk_state; 3275 } 3276 3277 static const TypeInfo scsi_block_info = { 3278 .name = "scsi-block", 3279 .parent = TYPE_SCSI_DISK_BASE, 3280 .class_init = scsi_block_class_initfn, 3281 }; 3282 #endif 3283 3284 static void scsi_disk_register_types(void) 3285 { 3286 type_register_static(&scsi_disk_base_info); 3287 type_register_static(&scsi_hd_info); 3288 type_register_static(&scsi_cd_info); 3289 #ifdef __linux__ 3290 type_register_static(&scsi_block_info); 3291 #endif 3292 } 3293 3294 type_init(scsi_disk_register_types) 3295