1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "qemu/hw-version.h" 29 #include "qemu/memalign.h" 30 #include "hw/scsi/scsi.h" 31 #include "migration/qemu-file-types.h" 32 #include "migration/vmstate.h" 33 #include "hw/scsi/emulation.h" 34 #include "scsi/constants.h" 35 #include "sysemu/block-backend.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "hw/qdev-properties.h" 39 #include "hw/qdev-properties-system.h" 40 #include "sysemu/dma.h" 41 #include "sysemu/sysemu.h" 42 #include "qemu/cutils.h" 43 #include "trace.h" 44 #include "qom/object.h" 45 46 #ifdef __linux 47 #include <scsi/sg.h> 48 #endif 49 50 #define SCSI_WRITE_SAME_MAX (512 * KiB) 51 #define SCSI_DMA_BUF_SIZE (128 * KiB) 52 #define SCSI_MAX_INQUIRY_LEN 256 53 #define SCSI_MAX_MODE_LEN 256 54 55 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 56 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 57 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 58 59 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 60 61 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 62 63 struct SCSIDiskClass { 64 SCSIDeviceClass parent_class; 65 DMAIOFunc *dma_readv; 66 DMAIOFunc *dma_writev; 67 bool (*need_fua_emulation)(SCSICommand *cmd); 68 void (*update_sense)(SCSIRequest *r); 69 }; 70 71 typedef struct SCSIDiskReq { 72 SCSIRequest req; 73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 74 uint64_t sector; 75 uint32_t sector_count; 76 uint32_t buflen; 77 bool started; 78 bool need_fua_emulation; 79 struct iovec iov; 80 QEMUIOVector qiov; 81 BlockAcctCookie acct; 82 } SCSIDiskReq; 83 84 #define SCSI_DISK_F_REMOVABLE 0 85 #define SCSI_DISK_F_DPOFUA 1 86 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 87 88 struct SCSIDiskState { 89 SCSIDevice qdev; 90 uint32_t features; 91 bool media_changed; 92 bool media_event; 93 bool eject_request; 94 uint16_t port_index; 95 uint64_t max_unmap_size; 96 uint64_t max_io_size; 97 uint32_t quirks; 98 QEMUBH *bh; 99 char *version; 100 char *serial; 101 char *vendor; 102 char *product; 103 char *device_id; 104 bool tray_open; 105 bool tray_locked; 106 /* 107 * 0x0000 - rotation rate not reported 108 * 0x0001 - non-rotating medium (SSD) 109 * 0x0002-0x0400 - reserved 110 * 0x0401-0xffe - rotations per minute 111 * 0xffff - reserved 112 */ 113 uint16_t rotation_rate; 114 }; 115 116 static void scsi_free_request(SCSIRequest *req) 117 { 118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 119 120 qemu_vfree(r->iov.iov_base); 121 } 122 123 /* Helper function for command completion with sense. */ 124 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 125 { 126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 127 sense.ascq); 128 scsi_req_build_sense(&r->req, sense); 129 scsi_req_complete(&r->req, CHECK_CONDITION); 130 } 131 132 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 133 { 134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 135 136 if (!r->iov.iov_base) { 137 r->buflen = size; 138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 139 } 140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 141 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 142 } 143 144 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 145 { 146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 147 148 qemu_put_be64s(f, &r->sector); 149 qemu_put_be32s(f, &r->sector_count); 150 qemu_put_be32s(f, &r->buflen); 151 if (r->buflen) { 152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 154 } else if (!req->retry) { 155 uint32_t len = r->iov.iov_len; 156 qemu_put_be32s(f, &len); 157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 } 161 162 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 163 { 164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 165 166 qemu_get_be64s(f, &r->sector); 167 qemu_get_be32s(f, &r->sector_count); 168 qemu_get_be32s(f, &r->buflen); 169 if (r->buflen) { 170 scsi_init_iovec(r, r->buflen); 171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 173 } else if (!r->req.retry) { 174 uint32_t len; 175 qemu_get_be32s(f, &len); 176 r->iov.iov_len = len; 177 assert(r->iov.iov_len <= r->buflen); 178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 179 } 180 } 181 182 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 183 } 184 185 /* 186 * scsi_handle_rw_error has two return values. False means that the error 187 * must be ignored, true means that the error has been processed and the 188 * caller should not do anything else for this request. Note that 189 * scsi_handle_rw_error always manages its reference counts, independent 190 * of the return value. 191 */ 192 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) 193 { 194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 197 SCSISense sense = SENSE_CODE(NO_SENSE); 198 int error = 0; 199 bool req_has_sense = false; 200 BlockErrorAction action; 201 int status; 202 203 if (ret < 0) { 204 status = scsi_sense_from_errno(-ret, &sense); 205 error = -ret; 206 } else { 207 /* A passthrough command has completed with nonzero status. */ 208 status = ret; 209 if (status == CHECK_CONDITION) { 210 req_has_sense = true; 211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 212 } else { 213 error = EINVAL; 214 } 215 } 216 217 /* 218 * Check whether the error has to be handled by the guest or should 219 * rather follow the rerror=/werror= settings. Guest-handled errors 220 * are usually retried immediately, so do not post them to QMP and 221 * do not account them as failed I/O. 222 */ 223 if (req_has_sense && 224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 225 action = BLOCK_ERROR_ACTION_REPORT; 226 acct_failed = false; 227 } else { 228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error); 229 blk_error_action(s->qdev.conf.blk, action, is_read, error); 230 } 231 232 switch (action) { 233 case BLOCK_ERROR_ACTION_REPORT: 234 if (acct_failed) { 235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 236 } 237 if (req_has_sense) { 238 sdc->update_sense(&r->req); 239 } else if (status == CHECK_CONDITION) { 240 scsi_req_build_sense(&r->req, sense); 241 } 242 scsi_req_complete(&r->req, status); 243 return true; 244 245 case BLOCK_ERROR_ACTION_IGNORE: 246 return false; 247 248 case BLOCK_ERROR_ACTION_STOP: 249 scsi_req_retry(&r->req); 250 return true; 251 252 default: 253 g_assert_not_reached(); 254 } 255 } 256 257 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 258 { 259 if (r->req.io_canceled) { 260 scsi_req_cancel_complete(&r->req); 261 return true; 262 } 263 264 if (ret < 0) { 265 return scsi_handle_rw_error(r, ret, acct_failed); 266 } 267 268 return false; 269 } 270 271 static void scsi_aio_complete(void *opaque, int ret) 272 { 273 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 275 276 /* The request must only run in the BlockBackend's AioContext */ 277 assert(blk_get_aio_context(s->qdev.conf.blk) == 278 qemu_get_current_aio_context()); 279 280 assert(r->req.aiocb != NULL); 281 r->req.aiocb = NULL; 282 283 if (scsi_disk_req_check_error(r, ret, true)) { 284 goto done; 285 } 286 287 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 288 scsi_req_complete(&r->req, GOOD); 289 290 done: 291 scsi_req_unref(&r->req); 292 } 293 294 static bool scsi_is_cmd_fua(SCSICommand *cmd) 295 { 296 switch (cmd->buf[0]) { 297 case READ_10: 298 case READ_12: 299 case READ_16: 300 case WRITE_10: 301 case WRITE_12: 302 case WRITE_16: 303 return (cmd->buf[1] & 8) != 0; 304 305 case VERIFY_10: 306 case VERIFY_12: 307 case VERIFY_16: 308 case WRITE_VERIFY_10: 309 case WRITE_VERIFY_12: 310 case WRITE_VERIFY_16: 311 return true; 312 313 case READ_6: 314 case WRITE_6: 315 default: 316 return false; 317 } 318 } 319 320 static void scsi_write_do_fua(SCSIDiskReq *r) 321 { 322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 323 324 assert(r->req.aiocb == NULL); 325 assert(!r->req.io_canceled); 326 327 if (r->need_fua_emulation) { 328 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 329 BLOCK_ACCT_FLUSH); 330 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 331 return; 332 } 333 334 scsi_req_complete(&r->req, GOOD); 335 scsi_req_unref(&r->req); 336 } 337 338 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 339 { 340 assert(r->req.aiocb == NULL); 341 if (scsi_disk_req_check_error(r, ret, false)) { 342 goto done; 343 } 344 345 r->sector += r->sector_count; 346 r->sector_count = 0; 347 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 348 scsi_write_do_fua(r); 349 return; 350 } else { 351 scsi_req_complete(&r->req, GOOD); 352 } 353 354 done: 355 scsi_req_unref(&r->req); 356 } 357 358 /* Called with AioContext lock held */ 359 static void scsi_dma_complete(void *opaque, int ret) 360 { 361 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 363 364 assert(r->req.aiocb != NULL); 365 r->req.aiocb = NULL; 366 367 if (ret < 0) { 368 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 369 } else { 370 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 371 } 372 scsi_dma_complete_noio(r, ret); 373 } 374 375 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 376 { 377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 378 uint32_t n; 379 380 /* The request must only run in the BlockBackend's AioContext */ 381 assert(blk_get_aio_context(s->qdev.conf.blk) == 382 qemu_get_current_aio_context()); 383 384 assert(r->req.aiocb == NULL); 385 if (scsi_disk_req_check_error(r, ret, false)) { 386 goto done; 387 } 388 389 n = r->qiov.size / BDRV_SECTOR_SIZE; 390 r->sector += n; 391 r->sector_count -= n; 392 scsi_req_data(&r->req, r->qiov.size); 393 394 done: 395 scsi_req_unref(&r->req); 396 } 397 398 static void scsi_read_complete(void *opaque, int ret) 399 { 400 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 401 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 402 403 assert(r->req.aiocb != NULL); 404 r->req.aiocb = NULL; 405 406 if (ret < 0) { 407 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 408 } else { 409 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 410 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 411 } 412 scsi_read_complete_noio(r, ret); 413 } 414 415 /* Actually issue a read to the block device. */ 416 static void scsi_do_read(SCSIDiskReq *r, int ret) 417 { 418 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 419 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 420 421 assert (r->req.aiocb == NULL); 422 if (scsi_disk_req_check_error(r, ret, false)) { 423 goto done; 424 } 425 426 /* The request is used as the AIO opaque value, so add a ref. */ 427 scsi_req_ref(&r->req); 428 429 if (r->req.sg) { 430 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 431 r->req.residual -= r->req.sg->size; 432 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 433 r->req.sg, r->sector << BDRV_SECTOR_BITS, 434 BDRV_SECTOR_SIZE, 435 sdc->dma_readv, r, scsi_dma_complete, r, 436 DMA_DIRECTION_FROM_DEVICE); 437 } else { 438 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 439 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 440 r->qiov.size, BLOCK_ACCT_READ); 441 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 442 scsi_read_complete, r, r); 443 } 444 445 done: 446 scsi_req_unref(&r->req); 447 } 448 449 static void scsi_do_read_cb(void *opaque, int ret) 450 { 451 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 453 454 assert (r->req.aiocb != NULL); 455 r->req.aiocb = NULL; 456 457 if (ret < 0) { 458 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 459 } else { 460 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 461 } 462 scsi_do_read(opaque, ret); 463 } 464 465 /* Read more data from scsi device into buffer. */ 466 static void scsi_read_data(SCSIRequest *req) 467 { 468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 470 bool first; 471 472 trace_scsi_disk_read_data_count(r->sector_count); 473 if (r->sector_count == 0) { 474 /* This also clears the sense buffer for REQUEST SENSE. */ 475 scsi_req_complete(&r->req, GOOD); 476 return; 477 } 478 479 /* No data transfer may already be in progress */ 480 assert(r->req.aiocb == NULL); 481 482 /* The request is used as the AIO opaque value, so add a ref. */ 483 scsi_req_ref(&r->req); 484 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 485 trace_scsi_disk_read_data_invalid(); 486 scsi_read_complete_noio(r, -EINVAL); 487 return; 488 } 489 490 if (!blk_is_available(req->dev->conf.blk)) { 491 scsi_read_complete_noio(r, -ENOMEDIUM); 492 return; 493 } 494 495 first = !r->started; 496 r->started = true; 497 if (first && r->need_fua_emulation) { 498 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 499 BLOCK_ACCT_FLUSH); 500 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 501 } else { 502 scsi_do_read(r, 0); 503 } 504 } 505 506 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 507 { 508 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 509 uint32_t n; 510 511 /* The request must only run in the BlockBackend's AioContext */ 512 assert(blk_get_aio_context(s->qdev.conf.blk) == 513 qemu_get_current_aio_context()); 514 515 assert (r->req.aiocb == NULL); 516 if (scsi_disk_req_check_error(r, ret, false)) { 517 goto done; 518 } 519 520 n = r->qiov.size / BDRV_SECTOR_SIZE; 521 r->sector += n; 522 r->sector_count -= n; 523 if (r->sector_count == 0) { 524 scsi_write_do_fua(r); 525 return; 526 } else { 527 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 528 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 529 scsi_req_data(&r->req, r->qiov.size); 530 } 531 532 done: 533 scsi_req_unref(&r->req); 534 } 535 536 static void scsi_write_complete(void * opaque, int ret) 537 { 538 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 540 541 assert (r->req.aiocb != NULL); 542 r->req.aiocb = NULL; 543 544 if (ret < 0) { 545 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 546 } else { 547 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 548 } 549 scsi_write_complete_noio(r, ret); 550 } 551 552 static void scsi_write_data(SCSIRequest *req) 553 { 554 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 555 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 556 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 557 558 /* No data transfer may already be in progress */ 559 assert(r->req.aiocb == NULL); 560 561 /* The request is used as the AIO opaque value, so add a ref. */ 562 scsi_req_ref(&r->req); 563 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 564 trace_scsi_disk_write_data_invalid(); 565 scsi_write_complete_noio(r, -EINVAL); 566 return; 567 } 568 569 if (!r->req.sg && !r->qiov.size) { 570 /* Called for the first time. Ask the driver to send us more data. */ 571 r->started = true; 572 scsi_write_complete_noio(r, 0); 573 return; 574 } 575 if (!blk_is_available(req->dev->conf.blk)) { 576 scsi_write_complete_noio(r, -ENOMEDIUM); 577 return; 578 } 579 580 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 581 r->req.cmd.buf[0] == VERIFY_16) { 582 if (r->req.sg) { 583 scsi_dma_complete_noio(r, 0); 584 } else { 585 scsi_write_complete_noio(r, 0); 586 } 587 return; 588 } 589 590 if (r->req.sg) { 591 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 592 r->req.residual -= r->req.sg->size; 593 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 594 r->req.sg, r->sector << BDRV_SECTOR_BITS, 595 BDRV_SECTOR_SIZE, 596 sdc->dma_writev, r, scsi_dma_complete, r, 597 DMA_DIRECTION_TO_DEVICE); 598 } else { 599 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 600 r->qiov.size, BLOCK_ACCT_WRITE); 601 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 602 scsi_write_complete, r, r); 603 } 604 } 605 606 /* Return a pointer to the data buffer. */ 607 static uint8_t *scsi_get_buf(SCSIRequest *req) 608 { 609 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 610 611 return (uint8_t *)r->iov.iov_base; 612 } 613 614 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 615 { 616 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 617 uint8_t page_code = req->cmd.buf[2]; 618 int start, buflen = 0; 619 620 outbuf[buflen++] = s->qdev.type & 0x1f; 621 outbuf[buflen++] = page_code; 622 outbuf[buflen++] = 0x00; 623 outbuf[buflen++] = 0x00; 624 start = buflen; 625 626 switch (page_code) { 627 case 0x00: /* Supported page codes, mandatory */ 628 { 629 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 630 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 631 if (s->serial) { 632 outbuf[buflen++] = 0x80; /* unit serial number */ 633 } 634 outbuf[buflen++] = 0x83; /* device identification */ 635 if (s->qdev.type == TYPE_DISK) { 636 outbuf[buflen++] = 0xb0; /* block limits */ 637 outbuf[buflen++] = 0xb1; /* block device characteristics */ 638 outbuf[buflen++] = 0xb2; /* thin provisioning */ 639 } 640 break; 641 } 642 case 0x80: /* Device serial number, optional */ 643 { 644 int l; 645 646 if (!s->serial) { 647 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 648 return -1; 649 } 650 651 l = strlen(s->serial); 652 if (l > 36) { 653 l = 36; 654 } 655 656 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 657 memcpy(outbuf + buflen, s->serial, l); 658 buflen += l; 659 break; 660 } 661 662 case 0x83: /* Device identification page, mandatory */ 663 { 664 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 665 666 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 667 668 if (id_len) { 669 outbuf[buflen++] = 0x2; /* ASCII */ 670 outbuf[buflen++] = 0; /* not officially assigned */ 671 outbuf[buflen++] = 0; /* reserved */ 672 outbuf[buflen++] = id_len; /* length of data following */ 673 memcpy(outbuf + buflen, s->device_id, id_len); 674 buflen += id_len; 675 } 676 677 if (s->qdev.wwn) { 678 outbuf[buflen++] = 0x1; /* Binary */ 679 outbuf[buflen++] = 0x3; /* NAA */ 680 outbuf[buflen++] = 0; /* reserved */ 681 outbuf[buflen++] = 8; 682 stq_be_p(&outbuf[buflen], s->qdev.wwn); 683 buflen += 8; 684 } 685 686 if (s->qdev.port_wwn) { 687 outbuf[buflen++] = 0x61; /* SAS / Binary */ 688 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 689 outbuf[buflen++] = 0; /* reserved */ 690 outbuf[buflen++] = 8; 691 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 692 buflen += 8; 693 } 694 695 if (s->port_index) { 696 outbuf[buflen++] = 0x61; /* SAS / Binary */ 697 698 /* PIV/Target port/relative target port */ 699 outbuf[buflen++] = 0x94; 700 701 outbuf[buflen++] = 0; /* reserved */ 702 outbuf[buflen++] = 4; 703 stw_be_p(&outbuf[buflen + 2], s->port_index); 704 buflen += 4; 705 } 706 break; 707 } 708 case 0xb0: /* block limits */ 709 { 710 SCSIBlockLimits bl = {}; 711 712 if (s->qdev.type == TYPE_ROM) { 713 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 714 return -1; 715 } 716 bl.wsnz = 1; 717 bl.unmap_sectors = 718 s->qdev.conf.discard_granularity / s->qdev.blocksize; 719 bl.min_io_size = 720 s->qdev.conf.min_io_size / s->qdev.blocksize; 721 bl.opt_io_size = 722 s->qdev.conf.opt_io_size / s->qdev.blocksize; 723 bl.max_unmap_sectors = 724 s->max_unmap_size / s->qdev.blocksize; 725 bl.max_io_sectors = 726 s->max_io_size / s->qdev.blocksize; 727 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 728 bl.max_unmap_descr = 255; 729 730 if (s->qdev.type == TYPE_DISK) { 731 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 732 int max_io_sectors_blk = 733 max_transfer_blk / s->qdev.blocksize; 734 735 bl.max_io_sectors = 736 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 737 } 738 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 739 break; 740 } 741 case 0xb1: /* block device characteristics */ 742 { 743 buflen = 0x40; 744 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 745 outbuf[5] = s->rotation_rate & 0xff; 746 outbuf[6] = 0; /* PRODUCT TYPE */ 747 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 748 outbuf[8] = 0; /* VBULS */ 749 break; 750 } 751 case 0xb2: /* thin provisioning */ 752 { 753 buflen = 8; 754 outbuf[4] = 0; 755 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 756 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 757 outbuf[7] = 0; 758 break; 759 } 760 default: 761 return -1; 762 } 763 /* done with EVPD */ 764 assert(buflen - start <= 255); 765 outbuf[start - 1] = buflen - start; 766 return buflen; 767 } 768 769 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 770 { 771 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 772 int buflen = 0; 773 774 if (req->cmd.buf[1] & 0x1) { 775 /* Vital product data */ 776 return scsi_disk_emulate_vpd_page(req, outbuf); 777 } 778 779 /* Standard INQUIRY data */ 780 if (req->cmd.buf[2] != 0) { 781 return -1; 782 } 783 784 /* PAGE CODE == 0 */ 785 buflen = req->cmd.xfer; 786 if (buflen > SCSI_MAX_INQUIRY_LEN) { 787 buflen = SCSI_MAX_INQUIRY_LEN; 788 } 789 790 outbuf[0] = s->qdev.type & 0x1f; 791 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 792 793 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 794 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 795 796 memset(&outbuf[32], 0, 4); 797 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 798 /* 799 * We claim conformance to SPC-3, which is required for guests 800 * to ask for modern features like READ CAPACITY(16) or the 801 * block characteristics VPD page by default. Not all of SPC-3 802 * is actually implemented, but we're good enough. 803 */ 804 outbuf[2] = s->qdev.default_scsi_version; 805 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 806 807 if (buflen > 36) { 808 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 809 } else { 810 /* If the allocation length of CDB is too small, 811 the additional length is not adjusted */ 812 outbuf[4] = 36 - 5; 813 } 814 815 /* Sync data transfer and TCQ. */ 816 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 817 return buflen; 818 } 819 820 static inline bool media_is_dvd(SCSIDiskState *s) 821 { 822 uint64_t nb_sectors; 823 if (s->qdev.type != TYPE_ROM) { 824 return false; 825 } 826 if (!blk_is_available(s->qdev.conf.blk)) { 827 return false; 828 } 829 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 830 return nb_sectors > CD_MAX_SECTORS; 831 } 832 833 static inline bool media_is_cd(SCSIDiskState *s) 834 { 835 uint64_t nb_sectors; 836 if (s->qdev.type != TYPE_ROM) { 837 return false; 838 } 839 if (!blk_is_available(s->qdev.conf.blk)) { 840 return false; 841 } 842 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 843 return nb_sectors <= CD_MAX_SECTORS; 844 } 845 846 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 847 uint8_t *outbuf) 848 { 849 uint8_t type = r->req.cmd.buf[1] & 7; 850 851 if (s->qdev.type != TYPE_ROM) { 852 return -1; 853 } 854 855 /* Types 1/2 are only defined for Blu-Ray. */ 856 if (type != 0) { 857 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 858 return -1; 859 } 860 861 memset(outbuf, 0, 34); 862 outbuf[1] = 32; 863 outbuf[2] = 0xe; /* last session complete, disc finalized */ 864 outbuf[3] = 1; /* first track on disc */ 865 outbuf[4] = 1; /* # of sessions */ 866 outbuf[5] = 1; /* first track of last session */ 867 outbuf[6] = 1; /* last track of last session */ 868 outbuf[7] = 0x20; /* unrestricted use */ 869 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 870 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 871 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 872 /* 24-31: disc bar code */ 873 /* 32: disc application code */ 874 /* 33: number of OPC tables */ 875 876 return 34; 877 } 878 879 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 880 uint8_t *outbuf) 881 { 882 static const int rds_caps_size[5] = { 883 [0] = 2048 + 4, 884 [1] = 4 + 4, 885 [3] = 188 + 4, 886 [4] = 2048 + 4, 887 }; 888 889 uint8_t media = r->req.cmd.buf[1]; 890 uint8_t layer = r->req.cmd.buf[6]; 891 uint8_t format = r->req.cmd.buf[7]; 892 int size = -1; 893 894 if (s->qdev.type != TYPE_ROM) { 895 return -1; 896 } 897 if (media != 0) { 898 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 899 return -1; 900 } 901 902 if (format != 0xff) { 903 if (!blk_is_available(s->qdev.conf.blk)) { 904 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 905 return -1; 906 } 907 if (media_is_cd(s)) { 908 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 909 return -1; 910 } 911 if (format >= ARRAY_SIZE(rds_caps_size)) { 912 return -1; 913 } 914 size = rds_caps_size[format]; 915 memset(outbuf, 0, size); 916 } 917 918 switch (format) { 919 case 0x00: { 920 /* Physical format information */ 921 uint64_t nb_sectors; 922 if (layer != 0) { 923 goto fail; 924 } 925 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 926 927 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 928 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 929 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 930 outbuf[7] = 0; /* default densities */ 931 932 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 933 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 934 break; 935 } 936 937 case 0x01: /* DVD copyright information, all zeros */ 938 break; 939 940 case 0x03: /* BCA information - invalid field for no BCA info */ 941 return -1; 942 943 case 0x04: /* DVD disc manufacturing information, all zeros */ 944 break; 945 946 case 0xff: { /* List capabilities */ 947 int i; 948 size = 4; 949 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 950 if (!rds_caps_size[i]) { 951 continue; 952 } 953 outbuf[size] = i; 954 outbuf[size + 1] = 0x40; /* Not writable, readable */ 955 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 956 size += 4; 957 } 958 break; 959 } 960 961 default: 962 return -1; 963 } 964 965 /* Size of buffer, not including 2 byte size field */ 966 stw_be_p(outbuf, size - 2); 967 return size; 968 969 fail: 970 return -1; 971 } 972 973 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 974 { 975 uint8_t event_code, media_status; 976 977 media_status = 0; 978 if (s->tray_open) { 979 media_status = MS_TRAY_OPEN; 980 } else if (blk_is_inserted(s->qdev.conf.blk)) { 981 media_status = MS_MEDIA_PRESENT; 982 } 983 984 /* Event notification descriptor */ 985 event_code = MEC_NO_CHANGE; 986 if (media_status != MS_TRAY_OPEN) { 987 if (s->media_event) { 988 event_code = MEC_NEW_MEDIA; 989 s->media_event = false; 990 } else if (s->eject_request) { 991 event_code = MEC_EJECT_REQUESTED; 992 s->eject_request = false; 993 } 994 } 995 996 outbuf[0] = event_code; 997 outbuf[1] = media_status; 998 999 /* These fields are reserved, just clear them. */ 1000 outbuf[2] = 0; 1001 outbuf[3] = 0; 1002 return 4; 1003 } 1004 1005 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 1006 uint8_t *outbuf) 1007 { 1008 int size; 1009 uint8_t *buf = r->req.cmd.buf; 1010 uint8_t notification_class_request = buf[4]; 1011 if (s->qdev.type != TYPE_ROM) { 1012 return -1; 1013 } 1014 if ((buf[1] & 1) == 0) { 1015 /* asynchronous */ 1016 return -1; 1017 } 1018 1019 size = 4; 1020 outbuf[0] = outbuf[1] = 0; 1021 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1022 if (notification_class_request & (1 << GESN_MEDIA)) { 1023 outbuf[2] = GESN_MEDIA; 1024 size += scsi_event_status_media(s, &outbuf[size]); 1025 } else { 1026 outbuf[2] = 0x80; 1027 } 1028 stw_be_p(outbuf, size - 4); 1029 return size; 1030 } 1031 1032 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1033 { 1034 int current; 1035 1036 if (s->qdev.type != TYPE_ROM) { 1037 return -1; 1038 } 1039 1040 if (media_is_dvd(s)) { 1041 current = MMC_PROFILE_DVD_ROM; 1042 } else if (media_is_cd(s)) { 1043 current = MMC_PROFILE_CD_ROM; 1044 } else { 1045 current = MMC_PROFILE_NONE; 1046 } 1047 1048 memset(outbuf, 0, 40); 1049 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1050 stw_be_p(&outbuf[6], current); 1051 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1052 outbuf[10] = 0x03; /* persistent, current */ 1053 outbuf[11] = 8; /* two profiles */ 1054 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1055 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1056 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1057 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1058 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1059 stw_be_p(&outbuf[20], 1); 1060 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1061 outbuf[23] = 8; 1062 stl_be_p(&outbuf[24], 1); /* SCSI */ 1063 outbuf[28] = 1; /* DBE = 1, mandatory */ 1064 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1065 stw_be_p(&outbuf[32], 3); 1066 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1067 outbuf[35] = 4; 1068 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1069 /* TODO: Random readable, CD read, DVD read, drive serial number, 1070 power management */ 1071 return 40; 1072 } 1073 1074 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1075 { 1076 if (s->qdev.type != TYPE_ROM) { 1077 return -1; 1078 } 1079 memset(outbuf, 0, 8); 1080 outbuf[5] = 1; /* CD-ROM */ 1081 return 8; 1082 } 1083 1084 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1085 int page_control) 1086 { 1087 static const int mode_sense_valid[0x3f] = { 1088 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1089 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1090 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1091 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1092 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1093 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1094 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1095 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM), 1096 }; 1097 1098 uint8_t *p = *p_outbuf + 2; 1099 int length; 1100 1101 assert(page < ARRAY_SIZE(mode_sense_valid)); 1102 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1103 return -1; 1104 } 1105 1106 /* 1107 * If Changeable Values are requested, a mask denoting those mode parameters 1108 * that are changeable shall be returned. As we currently don't support 1109 * parameter changes via MODE_SELECT all bits are returned set to zero. 1110 * The buffer was already menset to zero by the caller of this function. 1111 * 1112 * The offsets here are off by two compared to the descriptions in the 1113 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1114 * but it is done so that offsets are consistent within our implementation 1115 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1116 * 2-byte and 4-byte headers. 1117 */ 1118 switch (page) { 1119 case MODE_PAGE_HD_GEOMETRY: 1120 length = 0x16; 1121 if (page_control == 1) { /* Changeable Values */ 1122 break; 1123 } 1124 /* if a geometry hint is available, use it */ 1125 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1126 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1127 p[2] = s->qdev.conf.cyls & 0xff; 1128 p[3] = s->qdev.conf.heads & 0xff; 1129 /* Write precomp start cylinder, disabled */ 1130 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1131 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1132 p[6] = s->qdev.conf.cyls & 0xff; 1133 /* Reduced current start cylinder, disabled */ 1134 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1135 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1136 p[9] = s->qdev.conf.cyls & 0xff; 1137 /* Device step rate [ns], 200ns */ 1138 p[10] = 0; 1139 p[11] = 200; 1140 /* Landing zone cylinder */ 1141 p[12] = 0xff; 1142 p[13] = 0xff; 1143 p[14] = 0xff; 1144 /* Medium rotation rate [rpm], 5400 rpm */ 1145 p[18] = (5400 >> 8) & 0xff; 1146 p[19] = 5400 & 0xff; 1147 break; 1148 1149 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1150 length = 0x1e; 1151 if (page_control == 1) { /* Changeable Values */ 1152 break; 1153 } 1154 /* Transfer rate [kbit/s], 5Mbit/s */ 1155 p[0] = 5000 >> 8; 1156 p[1] = 5000 & 0xff; 1157 /* if a geometry hint is available, use it */ 1158 p[2] = s->qdev.conf.heads & 0xff; 1159 p[3] = s->qdev.conf.secs & 0xff; 1160 p[4] = s->qdev.blocksize >> 8; 1161 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1162 p[7] = s->qdev.conf.cyls & 0xff; 1163 /* Write precomp start cylinder, disabled */ 1164 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1165 p[9] = s->qdev.conf.cyls & 0xff; 1166 /* Reduced current start cylinder, disabled */ 1167 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1168 p[11] = s->qdev.conf.cyls & 0xff; 1169 /* Device step rate [100us], 100us */ 1170 p[12] = 0; 1171 p[13] = 1; 1172 /* Device step pulse width [us], 1us */ 1173 p[14] = 1; 1174 /* Device head settle delay [100us], 100us */ 1175 p[15] = 0; 1176 p[16] = 1; 1177 /* Motor on delay [0.1s], 0.1s */ 1178 p[17] = 1; 1179 /* Motor off delay [0.1s], 0.1s */ 1180 p[18] = 1; 1181 /* Medium rotation rate [rpm], 5400 rpm */ 1182 p[26] = (5400 >> 8) & 0xff; 1183 p[27] = 5400 & 0xff; 1184 break; 1185 1186 case MODE_PAGE_CACHING: 1187 length = 0x12; 1188 if (page_control == 1 || /* Changeable Values */ 1189 blk_enable_write_cache(s->qdev.conf.blk)) { 1190 p[0] = 4; /* WCE */ 1191 } 1192 break; 1193 1194 case MODE_PAGE_R_W_ERROR: 1195 length = 10; 1196 if (page_control == 1) { /* Changeable Values */ 1197 if (s->qdev.type == TYPE_ROM) { 1198 /* Automatic Write Reallocation Enabled */ 1199 p[0] = 0x80; 1200 } 1201 break; 1202 } 1203 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1204 if (s->qdev.type == TYPE_ROM) { 1205 p[1] = 0x20; /* Read Retry Count */ 1206 } 1207 break; 1208 1209 case MODE_PAGE_AUDIO_CTL: 1210 length = 14; 1211 break; 1212 1213 case MODE_PAGE_CAPABILITIES: 1214 length = 0x14; 1215 if (page_control == 1) { /* Changeable Values */ 1216 break; 1217 } 1218 1219 p[0] = 0x3b; /* CD-R & CD-RW read */ 1220 p[1] = 0; /* Writing not supported */ 1221 p[2] = 0x7f; /* Audio, composite, digital out, 1222 mode 2 form 1&2, multi session */ 1223 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1224 RW corrected, C2 errors, ISRC, 1225 UPC, Bar code */ 1226 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1227 /* Locking supported, jumper present, eject, tray */ 1228 p[5] = 0; /* no volume & mute control, no 1229 changer */ 1230 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1231 p[7] = (50 * 176) & 0xff; 1232 p[8] = 2 >> 8; /* Two volume levels */ 1233 p[9] = 2 & 0xff; 1234 p[10] = 2048 >> 8; /* 2M buffer */ 1235 p[11] = 2048 & 0xff; 1236 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1237 p[13] = (16 * 176) & 0xff; 1238 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1239 p[17] = (16 * 176) & 0xff; 1240 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1241 p[19] = (16 * 176) & 0xff; 1242 break; 1243 1244 case MODE_PAGE_APPLE_VENDOR: 1245 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) { 1246 length = 0x1e; 1247 if (page_control == 1) { /* Changeable Values */ 1248 break; 1249 } 1250 1251 memset(p, 0, length); 1252 strcpy((char *)p + 8, "APPLE COMPUTER, INC "); 1253 break; 1254 } else { 1255 return -1; 1256 } 1257 1258 case MODE_PAGE_VENDOR_SPECIFIC: 1259 if (s->qdev.type == TYPE_DISK && (s->quirks & 1260 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1261 length = 0x2; 1262 if (page_control == 1) { /* Changeable Values */ 1263 p[0] = 0xff; 1264 p[1] = 0xff; 1265 break; 1266 } 1267 p[0] = 0; 1268 p[1] = 0; 1269 break; 1270 } else { 1271 return -1; 1272 } 1273 1274 default: 1275 return -1; 1276 } 1277 1278 assert(length < 256); 1279 (*p_outbuf)[0] = page; 1280 (*p_outbuf)[1] = length; 1281 *p_outbuf += length + 2; 1282 return length + 2; 1283 } 1284 1285 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1286 { 1287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1288 uint64_t nb_sectors; 1289 bool dbd; 1290 int page, buflen, ret, page_control; 1291 uint8_t *p; 1292 uint8_t dev_specific_param; 1293 1294 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1295 page = r->req.cmd.buf[2] & 0x3f; 1296 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1297 1298 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1299 10, page, r->req.cmd.xfer, page_control); 1300 memset(outbuf, 0, r->req.cmd.xfer); 1301 p = outbuf; 1302 1303 if (s->qdev.type == TYPE_DISK) { 1304 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1305 if (!blk_is_writable(s->qdev.conf.blk)) { 1306 dev_specific_param |= 0x80; /* Readonly. */ 1307 } 1308 } else { 1309 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) { 1310 /* Use DBD from the request... */ 1311 dev_specific_param = 0x00; 1312 1313 /* 1314 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR 1315 * which should never return a block descriptor even though DBD is 1316 * not set, otherwise CDROM detection fails in MacOS 1317 */ 1318 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) && 1319 page == MODE_PAGE_APPLE_VENDOR) { 1320 dbd = true; 1321 } 1322 } else { 1323 /* 1324 * MMC prescribes that CD/DVD drives have no block descriptors, 1325 * and defines no device-specific parameter. 1326 */ 1327 dev_specific_param = 0x00; 1328 dbd = true; 1329 } 1330 } 1331 1332 if (r->req.cmd.buf[0] == MODE_SENSE) { 1333 p[1] = 0; /* Default media type. */ 1334 p[2] = dev_specific_param; 1335 p[3] = 0; /* Block descriptor length. */ 1336 p += 4; 1337 } else { /* MODE_SENSE_10 */ 1338 p[2] = 0; /* Default media type. */ 1339 p[3] = dev_specific_param; 1340 p[6] = p[7] = 0; /* Block descriptor length. */ 1341 p += 8; 1342 } 1343 1344 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1345 if (!dbd && nb_sectors) { 1346 if (r->req.cmd.buf[0] == MODE_SENSE) { 1347 outbuf[3] = 8; /* Block descriptor length */ 1348 } else { /* MODE_SENSE_10 */ 1349 outbuf[7] = 8; /* Block descriptor length */ 1350 } 1351 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1352 if (nb_sectors > 0xffffff) { 1353 nb_sectors = 0; 1354 } 1355 p[0] = 0; /* media density code */ 1356 p[1] = (nb_sectors >> 16) & 0xff; 1357 p[2] = (nb_sectors >> 8) & 0xff; 1358 p[3] = nb_sectors & 0xff; 1359 p[4] = 0; /* reserved */ 1360 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1361 p[6] = s->qdev.blocksize >> 8; 1362 p[7] = 0; 1363 p += 8; 1364 } 1365 1366 if (page_control == 3) { 1367 /* Saved Values */ 1368 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1369 return -1; 1370 } 1371 1372 if (page == 0x3f) { 1373 for (page = 0; page <= 0x3e; page++) { 1374 mode_sense_page(s, page, &p, page_control); 1375 } 1376 } else { 1377 ret = mode_sense_page(s, page, &p, page_control); 1378 if (ret == -1) { 1379 return -1; 1380 } 1381 } 1382 1383 buflen = p - outbuf; 1384 /* 1385 * The mode data length field specifies the length in bytes of the 1386 * following data that is available to be transferred. The mode data 1387 * length does not include itself. 1388 */ 1389 if (r->req.cmd.buf[0] == MODE_SENSE) { 1390 outbuf[0] = buflen - 1; 1391 } else { /* MODE_SENSE_10 */ 1392 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1393 outbuf[1] = (buflen - 2) & 0xff; 1394 } 1395 return buflen; 1396 } 1397 1398 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1399 { 1400 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1401 int start_track, format, msf, toclen; 1402 uint64_t nb_sectors; 1403 1404 msf = req->cmd.buf[1] & 2; 1405 format = req->cmd.buf[2] & 0xf; 1406 start_track = req->cmd.buf[6]; 1407 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1408 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1409 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1410 switch (format) { 1411 case 0: 1412 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1413 break; 1414 case 1: 1415 /* multi session : only a single session defined */ 1416 toclen = 12; 1417 memset(outbuf, 0, 12); 1418 outbuf[1] = 0x0a; 1419 outbuf[2] = 0x01; 1420 outbuf[3] = 0x01; 1421 break; 1422 case 2: 1423 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1424 break; 1425 default: 1426 return -1; 1427 } 1428 return toclen; 1429 } 1430 1431 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1432 { 1433 SCSIRequest *req = &r->req; 1434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1435 bool start = req->cmd.buf[4] & 1; 1436 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1437 int pwrcnd = req->cmd.buf[4] & 0xf0; 1438 1439 if (pwrcnd) { 1440 /* eject/load only happens for power condition == 0 */ 1441 return 0; 1442 } 1443 1444 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1445 if (!start && !s->tray_open && s->tray_locked) { 1446 scsi_check_condition(r, 1447 blk_is_inserted(s->qdev.conf.blk) 1448 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1449 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1450 return -1; 1451 } 1452 1453 if (s->tray_open != !start) { 1454 blk_eject(s->qdev.conf.blk, !start); 1455 s->tray_open = !start; 1456 } 1457 } 1458 return 0; 1459 } 1460 1461 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1462 { 1463 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1464 int buflen = r->iov.iov_len; 1465 1466 if (buflen) { 1467 trace_scsi_disk_emulate_read_data(buflen); 1468 r->iov.iov_len = 0; 1469 r->started = true; 1470 scsi_req_data(&r->req, buflen); 1471 return; 1472 } 1473 1474 /* This also clears the sense buffer for REQUEST SENSE. */ 1475 scsi_req_complete(&r->req, GOOD); 1476 } 1477 1478 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1479 uint8_t *inbuf, int inlen) 1480 { 1481 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1482 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1483 uint8_t *p; 1484 int len, expected_len, changeable_len, i; 1485 1486 /* The input buffer does not include the page header, so it is 1487 * off by 2 bytes. 1488 */ 1489 expected_len = inlen + 2; 1490 if (expected_len > SCSI_MAX_MODE_LEN) { 1491 return -1; 1492 } 1493 1494 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ 1495 if (page == MODE_PAGE_ALLS) { 1496 return -1; 1497 } 1498 1499 p = mode_current; 1500 memset(mode_current, 0, inlen + 2); 1501 len = mode_sense_page(s, page, &p, 0); 1502 if (len < 0 || len != expected_len) { 1503 return -1; 1504 } 1505 1506 p = mode_changeable; 1507 memset(mode_changeable, 0, inlen + 2); 1508 changeable_len = mode_sense_page(s, page, &p, 1); 1509 assert(changeable_len == len); 1510 1511 /* Check that unchangeable bits are the same as what MODE SENSE 1512 * would return. 1513 */ 1514 for (i = 2; i < len; i++) { 1515 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1516 return -1; 1517 } 1518 } 1519 return 0; 1520 } 1521 1522 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1523 { 1524 switch (page) { 1525 case MODE_PAGE_CACHING: 1526 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1527 break; 1528 1529 default: 1530 break; 1531 } 1532 } 1533 1534 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1535 { 1536 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1537 1538 while (len > 0) { 1539 int page, subpage, page_len; 1540 1541 /* Parse both possible formats for the mode page headers. */ 1542 page = p[0] & 0x3f; 1543 if (p[0] & 0x40) { 1544 if (len < 4) { 1545 goto invalid_param_len; 1546 } 1547 subpage = p[1]; 1548 page_len = lduw_be_p(&p[2]); 1549 p += 4; 1550 len -= 4; 1551 } else { 1552 if (len < 2) { 1553 goto invalid_param_len; 1554 } 1555 subpage = 0; 1556 page_len = p[1]; 1557 p += 2; 1558 len -= 2; 1559 } 1560 1561 if (subpage) { 1562 goto invalid_param; 1563 } 1564 if (page_len > len) { 1565 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) { 1566 goto invalid_param_len; 1567 } 1568 trace_scsi_disk_mode_select_page_truncated(page, page_len, len); 1569 } 1570 1571 if (!change) { 1572 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1573 goto invalid_param; 1574 } 1575 } else { 1576 scsi_disk_apply_mode_select(s, page, p); 1577 } 1578 1579 p += page_len; 1580 len -= page_len; 1581 } 1582 return 0; 1583 1584 invalid_param: 1585 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1586 return -1; 1587 1588 invalid_param_len: 1589 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1590 return -1; 1591 } 1592 1593 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1594 { 1595 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1596 uint8_t *p = inbuf; 1597 int cmd = r->req.cmd.buf[0]; 1598 int len = r->req.cmd.xfer; 1599 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1600 int bd_len, bs; 1601 int pass; 1602 1603 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1604 if (!(s->quirks & 1605 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1606 /* We only support PF=1, SP=0. */ 1607 goto invalid_field; 1608 } 1609 } 1610 1611 if (len < hdr_len) { 1612 goto invalid_param_len; 1613 } 1614 1615 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1616 len -= hdr_len; 1617 p += hdr_len; 1618 if (len < bd_len) { 1619 goto invalid_param_len; 1620 } 1621 if (bd_len != 0 && bd_len != 8) { 1622 goto invalid_param; 1623 } 1624 1625 /* Allow changing the block size */ 1626 if (bd_len) { 1627 bs = p[5] << 16 | p[6] << 8 | p[7]; 1628 1629 /* 1630 * Since the existing code only checks/updates bits 8-15 of the block 1631 * size, restrict ourselves to the same requirement for now to ensure 1632 * that a block size set by a block descriptor and then read back by 1633 * a subsequent SCSI command will be the same. Also disallow a block 1634 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. 1635 */ 1636 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { 1637 s->qdev.blocksize = bs; 1638 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); 1639 } 1640 } 1641 1642 len -= bd_len; 1643 p += bd_len; 1644 1645 /* Ensure no change is made if there is an error! */ 1646 for (pass = 0; pass < 2; pass++) { 1647 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1648 assert(pass == 0); 1649 return; 1650 } 1651 } 1652 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1653 /* The request is used as the AIO opaque value, so add a ref. */ 1654 scsi_req_ref(&r->req); 1655 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1656 BLOCK_ACCT_FLUSH); 1657 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1658 return; 1659 } 1660 1661 scsi_req_complete(&r->req, GOOD); 1662 return; 1663 1664 invalid_param: 1665 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1666 return; 1667 1668 invalid_param_len: 1669 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1670 return; 1671 1672 invalid_field: 1673 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1674 } 1675 1676 /* sector_num and nb_sectors expected to be in qdev blocksize */ 1677 static inline bool check_lba_range(SCSIDiskState *s, 1678 uint64_t sector_num, uint32_t nb_sectors) 1679 { 1680 /* 1681 * The first line tests that no overflow happens when computing the last 1682 * sector. The second line tests that the last accessed sector is in 1683 * range. 1684 * 1685 * Careful, the computations should not underflow for nb_sectors == 0, 1686 * and a 0-block read to the first LBA beyond the end of device is 1687 * valid. 1688 */ 1689 return (sector_num <= sector_num + nb_sectors && 1690 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1691 } 1692 1693 typedef struct UnmapCBData { 1694 SCSIDiskReq *r; 1695 uint8_t *inbuf; 1696 int count; 1697 } UnmapCBData; 1698 1699 static void scsi_unmap_complete(void *opaque, int ret); 1700 1701 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1702 { 1703 SCSIDiskReq *r = data->r; 1704 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1705 1706 assert(r->req.aiocb == NULL); 1707 1708 if (data->count > 0) { 1709 uint64_t sector_num = ldq_be_p(&data->inbuf[0]); 1710 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1711 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1712 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1713 1714 if (!check_lba_range(s, sector_num, nb_sectors)) { 1715 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1716 BLOCK_ACCT_UNMAP); 1717 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1718 goto done; 1719 } 1720 1721 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1722 r->sector_count * BDRV_SECTOR_SIZE, 1723 BLOCK_ACCT_UNMAP); 1724 1725 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1726 r->sector * BDRV_SECTOR_SIZE, 1727 r->sector_count * BDRV_SECTOR_SIZE, 1728 scsi_unmap_complete, data); 1729 data->count--; 1730 data->inbuf += 16; 1731 return; 1732 } 1733 1734 scsi_req_complete(&r->req, GOOD); 1735 1736 done: 1737 scsi_req_unref(&r->req); 1738 g_free(data); 1739 } 1740 1741 static void scsi_unmap_complete(void *opaque, int ret) 1742 { 1743 UnmapCBData *data = opaque; 1744 SCSIDiskReq *r = data->r; 1745 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1746 1747 assert(r->req.aiocb != NULL); 1748 r->req.aiocb = NULL; 1749 1750 if (scsi_disk_req_check_error(r, ret, true)) { 1751 scsi_req_unref(&r->req); 1752 g_free(data); 1753 } else { 1754 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1755 scsi_unmap_complete_noio(data, ret); 1756 } 1757 } 1758 1759 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1760 { 1761 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1762 uint8_t *p = inbuf; 1763 int len = r->req.cmd.xfer; 1764 UnmapCBData *data; 1765 1766 /* Reject ANCHOR=1. */ 1767 if (r->req.cmd.buf[1] & 0x1) { 1768 goto invalid_field; 1769 } 1770 1771 if (len < 8) { 1772 goto invalid_param_len; 1773 } 1774 if (len < lduw_be_p(&p[0]) + 2) { 1775 goto invalid_param_len; 1776 } 1777 if (len < lduw_be_p(&p[2]) + 8) { 1778 goto invalid_param_len; 1779 } 1780 if (lduw_be_p(&p[2]) & 15) { 1781 goto invalid_param_len; 1782 } 1783 1784 if (!blk_is_writable(s->qdev.conf.blk)) { 1785 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1786 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1787 return; 1788 } 1789 1790 data = g_new0(UnmapCBData, 1); 1791 data->r = r; 1792 data->inbuf = &p[8]; 1793 data->count = lduw_be_p(&p[2]) >> 4; 1794 1795 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1796 scsi_req_ref(&r->req); 1797 scsi_unmap_complete_noio(data, 0); 1798 return; 1799 1800 invalid_param_len: 1801 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1802 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1803 return; 1804 1805 invalid_field: 1806 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1807 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1808 } 1809 1810 typedef struct WriteSameCBData { 1811 SCSIDiskReq *r; 1812 int64_t sector; 1813 int nb_sectors; 1814 QEMUIOVector qiov; 1815 struct iovec iov; 1816 } WriteSameCBData; 1817 1818 static void scsi_write_same_complete(void *opaque, int ret) 1819 { 1820 WriteSameCBData *data = opaque; 1821 SCSIDiskReq *r = data->r; 1822 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1823 1824 assert(r->req.aiocb != NULL); 1825 r->req.aiocb = NULL; 1826 1827 if (scsi_disk_req_check_error(r, ret, true)) { 1828 goto done; 1829 } 1830 1831 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1832 1833 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1834 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1835 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1836 data->iov.iov_len); 1837 if (data->iov.iov_len) { 1838 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1839 data->iov.iov_len, BLOCK_ACCT_WRITE); 1840 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1841 * where final qiov may need smaller size */ 1842 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1843 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1844 data->sector << BDRV_SECTOR_BITS, 1845 &data->qiov, 0, 1846 scsi_write_same_complete, data); 1847 return; 1848 } 1849 1850 scsi_req_complete(&r->req, GOOD); 1851 1852 done: 1853 scsi_req_unref(&r->req); 1854 qemu_vfree(data->iov.iov_base); 1855 g_free(data); 1856 } 1857 1858 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1859 { 1860 SCSIRequest *req = &r->req; 1861 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1862 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1863 WriteSameCBData *data; 1864 uint8_t *buf; 1865 int i, l; 1866 1867 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1868 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1869 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1870 return; 1871 } 1872 1873 if (!blk_is_writable(s->qdev.conf.blk)) { 1874 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1875 return; 1876 } 1877 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1878 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1879 return; 1880 } 1881 1882 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1883 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1884 1885 /* The request is used as the AIO opaque value, so add a ref. */ 1886 scsi_req_ref(&r->req); 1887 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1888 nb_sectors * s->qdev.blocksize, 1889 BLOCK_ACCT_WRITE); 1890 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1891 r->req.cmd.lba * s->qdev.blocksize, 1892 nb_sectors * s->qdev.blocksize, 1893 flags, scsi_aio_complete, r); 1894 return; 1895 } 1896 1897 data = g_new0(WriteSameCBData, 1); 1898 data->r = r; 1899 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1900 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1901 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1902 SCSI_WRITE_SAME_MAX); 1903 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1904 data->iov.iov_len); 1905 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1906 1907 for (i = 0; i < data->iov.iov_len; i += l) { 1908 l = MIN(s->qdev.blocksize, data->iov.iov_len - i); 1909 memcpy(&buf[i], inbuf, l); 1910 } 1911 1912 scsi_req_ref(&r->req); 1913 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1914 data->iov.iov_len, BLOCK_ACCT_WRITE); 1915 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1916 data->sector << BDRV_SECTOR_BITS, 1917 &data->qiov, 0, 1918 scsi_write_same_complete, data); 1919 } 1920 1921 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1922 { 1923 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1924 1925 if (r->iov.iov_len) { 1926 int buflen = r->iov.iov_len; 1927 trace_scsi_disk_emulate_write_data(buflen); 1928 r->iov.iov_len = 0; 1929 scsi_req_data(&r->req, buflen); 1930 return; 1931 } 1932 1933 switch (req->cmd.buf[0]) { 1934 case MODE_SELECT: 1935 case MODE_SELECT_10: 1936 /* This also clears the sense buffer for REQUEST SENSE. */ 1937 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1938 break; 1939 1940 case UNMAP: 1941 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1942 break; 1943 1944 case VERIFY_10: 1945 case VERIFY_12: 1946 case VERIFY_16: 1947 if (r->req.status == -1) { 1948 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1949 } 1950 break; 1951 1952 case WRITE_SAME_10: 1953 case WRITE_SAME_16: 1954 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1955 break; 1956 1957 case FORMAT_UNIT: 1958 scsi_req_complete(&r->req, GOOD); 1959 break; 1960 1961 default: 1962 abort(); 1963 } 1964 } 1965 1966 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1967 { 1968 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1969 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1970 uint64_t nb_sectors; 1971 uint8_t *outbuf; 1972 int buflen; 1973 1974 switch (req->cmd.buf[0]) { 1975 case INQUIRY: 1976 case MODE_SENSE: 1977 case MODE_SENSE_10: 1978 case RESERVE: 1979 case RESERVE_10: 1980 case RELEASE: 1981 case RELEASE_10: 1982 case START_STOP: 1983 case ALLOW_MEDIUM_REMOVAL: 1984 case GET_CONFIGURATION: 1985 case GET_EVENT_STATUS_NOTIFICATION: 1986 case MECHANISM_STATUS: 1987 case REQUEST_SENSE: 1988 break; 1989 1990 default: 1991 if (!blk_is_available(s->qdev.conf.blk)) { 1992 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1993 return 0; 1994 } 1995 break; 1996 } 1997 1998 /* 1999 * FIXME: we shouldn't return anything bigger than 4k, but the code 2000 * requires the buffer to be as big as req->cmd.xfer in several 2001 * places. So, do not allow CDBs with a very large ALLOCATION 2002 * LENGTH. The real fix would be to modify scsi_read_data and 2003 * dma_buf_read, so that they return data beyond the buflen 2004 * as all zeros. 2005 */ 2006 if (req->cmd.xfer > 65536) { 2007 goto illegal_request; 2008 } 2009 r->buflen = MAX(4096, req->cmd.xfer); 2010 2011 if (!r->iov.iov_base) { 2012 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 2013 } 2014 2015 outbuf = r->iov.iov_base; 2016 memset(outbuf, 0, r->buflen); 2017 switch (req->cmd.buf[0]) { 2018 case TEST_UNIT_READY: 2019 assert(blk_is_available(s->qdev.conf.blk)); 2020 break; 2021 case INQUIRY: 2022 buflen = scsi_disk_emulate_inquiry(req, outbuf); 2023 if (buflen < 0) { 2024 goto illegal_request; 2025 } 2026 break; 2027 case MODE_SENSE: 2028 case MODE_SENSE_10: 2029 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 2030 if (buflen < 0) { 2031 goto illegal_request; 2032 } 2033 break; 2034 case READ_TOC: 2035 buflen = scsi_disk_emulate_read_toc(req, outbuf); 2036 if (buflen < 0) { 2037 goto illegal_request; 2038 } 2039 break; 2040 case RESERVE: 2041 if (req->cmd.buf[1] & 1) { 2042 goto illegal_request; 2043 } 2044 break; 2045 case RESERVE_10: 2046 if (req->cmd.buf[1] & 3) { 2047 goto illegal_request; 2048 } 2049 break; 2050 case RELEASE: 2051 if (req->cmd.buf[1] & 1) { 2052 goto illegal_request; 2053 } 2054 break; 2055 case RELEASE_10: 2056 if (req->cmd.buf[1] & 3) { 2057 goto illegal_request; 2058 } 2059 break; 2060 case START_STOP: 2061 if (scsi_disk_emulate_start_stop(r) < 0) { 2062 return 0; 2063 } 2064 break; 2065 case ALLOW_MEDIUM_REMOVAL: 2066 s->tray_locked = req->cmd.buf[4] & 1; 2067 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 2068 break; 2069 case READ_CAPACITY_10: 2070 /* The normal LEN field for this command is zero. */ 2071 memset(outbuf, 0, 8); 2072 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2073 if (!nb_sectors) { 2074 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2075 return 0; 2076 } 2077 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 2078 goto illegal_request; 2079 } 2080 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2081 /* Returned value is the address of the last sector. */ 2082 nb_sectors--; 2083 /* Remember the new size for read/write sanity checking. */ 2084 s->qdev.max_lba = nb_sectors; 2085 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 2086 if (nb_sectors > UINT32_MAX) { 2087 nb_sectors = UINT32_MAX; 2088 } 2089 outbuf[0] = (nb_sectors >> 24) & 0xff; 2090 outbuf[1] = (nb_sectors >> 16) & 0xff; 2091 outbuf[2] = (nb_sectors >> 8) & 0xff; 2092 outbuf[3] = nb_sectors & 0xff; 2093 outbuf[4] = 0; 2094 outbuf[5] = 0; 2095 outbuf[6] = s->qdev.blocksize >> 8; 2096 outbuf[7] = 0; 2097 break; 2098 case REQUEST_SENSE: 2099 /* Just return "NO SENSE". */ 2100 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2101 (req->cmd.buf[1] & 1) == 0); 2102 if (buflen < 0) { 2103 goto illegal_request; 2104 } 2105 break; 2106 case MECHANISM_STATUS: 2107 buflen = scsi_emulate_mechanism_status(s, outbuf); 2108 if (buflen < 0) { 2109 goto illegal_request; 2110 } 2111 break; 2112 case GET_CONFIGURATION: 2113 buflen = scsi_get_configuration(s, outbuf); 2114 if (buflen < 0) { 2115 goto illegal_request; 2116 } 2117 break; 2118 case GET_EVENT_STATUS_NOTIFICATION: 2119 buflen = scsi_get_event_status_notification(s, r, outbuf); 2120 if (buflen < 0) { 2121 goto illegal_request; 2122 } 2123 break; 2124 case READ_DISC_INFORMATION: 2125 buflen = scsi_read_disc_information(s, r, outbuf); 2126 if (buflen < 0) { 2127 goto illegal_request; 2128 } 2129 break; 2130 case READ_DVD_STRUCTURE: 2131 buflen = scsi_read_dvd_structure(s, r, outbuf); 2132 if (buflen < 0) { 2133 goto illegal_request; 2134 } 2135 break; 2136 case SERVICE_ACTION_IN_16: 2137 /* Service Action In subcommands. */ 2138 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2139 trace_scsi_disk_emulate_command_SAI_16(); 2140 memset(outbuf, 0, req->cmd.xfer); 2141 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2142 if (!nb_sectors) { 2143 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2144 return 0; 2145 } 2146 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2147 goto illegal_request; 2148 } 2149 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2150 /* Returned value is the address of the last sector. */ 2151 nb_sectors--; 2152 /* Remember the new size for read/write sanity checking. */ 2153 s->qdev.max_lba = nb_sectors; 2154 outbuf[0] = (nb_sectors >> 56) & 0xff; 2155 outbuf[1] = (nb_sectors >> 48) & 0xff; 2156 outbuf[2] = (nb_sectors >> 40) & 0xff; 2157 outbuf[3] = (nb_sectors >> 32) & 0xff; 2158 outbuf[4] = (nb_sectors >> 24) & 0xff; 2159 outbuf[5] = (nb_sectors >> 16) & 0xff; 2160 outbuf[6] = (nb_sectors >> 8) & 0xff; 2161 outbuf[7] = nb_sectors & 0xff; 2162 outbuf[8] = 0; 2163 outbuf[9] = 0; 2164 outbuf[10] = s->qdev.blocksize >> 8; 2165 outbuf[11] = 0; 2166 outbuf[12] = 0; 2167 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2168 2169 /* set TPE bit if the format supports discard */ 2170 if (s->qdev.conf.discard_granularity) { 2171 outbuf[14] = 0x80; 2172 } 2173 2174 /* Protection, exponent and lowest lba field left blank. */ 2175 break; 2176 } 2177 trace_scsi_disk_emulate_command_SAI_unsupported(); 2178 goto illegal_request; 2179 case SYNCHRONIZE_CACHE: 2180 /* The request is used as the AIO opaque value, so add a ref. */ 2181 scsi_req_ref(&r->req); 2182 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2183 BLOCK_ACCT_FLUSH); 2184 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2185 return 0; 2186 case SEEK_10: 2187 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2188 if (r->req.cmd.lba > s->qdev.max_lba) { 2189 goto illegal_lba; 2190 } 2191 break; 2192 case MODE_SELECT: 2193 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2194 break; 2195 case MODE_SELECT_10: 2196 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2197 break; 2198 case UNMAP: 2199 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2200 break; 2201 case VERIFY_10: 2202 case VERIFY_12: 2203 case VERIFY_16: 2204 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2205 if (req->cmd.buf[1] & 6) { 2206 goto illegal_request; 2207 } 2208 break; 2209 case WRITE_SAME_10: 2210 case WRITE_SAME_16: 2211 trace_scsi_disk_emulate_command_WRITE_SAME( 2212 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2213 break; 2214 case FORMAT_UNIT: 2215 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer); 2216 break; 2217 default: 2218 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2219 scsi_command_name(buf[0])); 2220 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2221 return 0; 2222 } 2223 assert(!r->req.aiocb); 2224 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2225 if (r->iov.iov_len == 0) { 2226 scsi_req_complete(&r->req, GOOD); 2227 } 2228 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2229 assert(r->iov.iov_len == req->cmd.xfer); 2230 return -r->iov.iov_len; 2231 } else { 2232 return r->iov.iov_len; 2233 } 2234 2235 illegal_request: 2236 if (r->req.status == -1) { 2237 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2238 } 2239 return 0; 2240 2241 illegal_lba: 2242 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2243 return 0; 2244 } 2245 2246 /* Execute a scsi command. Returns the length of the data expected by the 2247 command. This will be Positive for data transfers from the device 2248 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2249 and zero if the command does not transfer any data. */ 2250 2251 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2252 { 2253 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2255 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2256 uint32_t len; 2257 uint8_t command; 2258 2259 command = buf[0]; 2260 2261 if (!blk_is_available(s->qdev.conf.blk)) { 2262 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2263 return 0; 2264 } 2265 2266 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2267 switch (command) { 2268 case READ_6: 2269 case READ_10: 2270 case READ_12: 2271 case READ_16: 2272 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2273 /* Protection information is not supported. For SCSI versions 2 and 2274 * older (as determined by snooping the guest's INQUIRY commands), 2275 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2276 */ 2277 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2278 goto illegal_request; 2279 } 2280 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2281 goto illegal_lba; 2282 } 2283 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2284 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2285 break; 2286 case WRITE_6: 2287 case WRITE_10: 2288 case WRITE_12: 2289 case WRITE_16: 2290 case WRITE_VERIFY_10: 2291 case WRITE_VERIFY_12: 2292 case WRITE_VERIFY_16: 2293 if (!blk_is_writable(s->qdev.conf.blk)) { 2294 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2295 return 0; 2296 } 2297 trace_scsi_disk_dma_command_WRITE( 2298 (command & 0xe) == 0xe ? "And Verify " : "", 2299 r->req.cmd.lba, len); 2300 /* fall through */ 2301 case VERIFY_10: 2302 case VERIFY_12: 2303 case VERIFY_16: 2304 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2305 * As far as DMA is concerned, we can treat it the same as a write; 2306 * scsi_block_do_sgio will send VERIFY commands. 2307 */ 2308 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2309 goto illegal_request; 2310 } 2311 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2312 goto illegal_lba; 2313 } 2314 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2315 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2316 break; 2317 default: 2318 abort(); 2319 illegal_request: 2320 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2321 return 0; 2322 illegal_lba: 2323 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2324 return 0; 2325 } 2326 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2327 if (r->sector_count == 0) { 2328 scsi_req_complete(&r->req, GOOD); 2329 } 2330 assert(r->iov.iov_len == 0); 2331 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2332 return -r->sector_count * BDRV_SECTOR_SIZE; 2333 } else { 2334 return r->sector_count * BDRV_SECTOR_SIZE; 2335 } 2336 } 2337 2338 static void scsi_disk_reset(DeviceState *dev) 2339 { 2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2341 uint64_t nb_sectors; 2342 AioContext *ctx; 2343 2344 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2345 2346 ctx = blk_get_aio_context(s->qdev.conf.blk); 2347 aio_context_acquire(ctx); 2348 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2349 aio_context_release(ctx); 2350 2351 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2352 if (nb_sectors) { 2353 nb_sectors--; 2354 } 2355 s->qdev.max_lba = nb_sectors; 2356 /* reset tray statuses */ 2357 s->tray_locked = 0; 2358 s->tray_open = 0; 2359 2360 s->qdev.scsi_version = s->qdev.default_scsi_version; 2361 } 2362 2363 static void scsi_disk_drained_begin(void *opaque) 2364 { 2365 SCSIDiskState *s = opaque; 2366 2367 scsi_device_drained_begin(&s->qdev); 2368 } 2369 2370 static void scsi_disk_drained_end(void *opaque) 2371 { 2372 SCSIDiskState *s = opaque; 2373 2374 scsi_device_drained_end(&s->qdev); 2375 } 2376 2377 static void scsi_disk_resize_cb(void *opaque) 2378 { 2379 SCSIDiskState *s = opaque; 2380 2381 /* SPC lists this sense code as available only for 2382 * direct-access devices. 2383 */ 2384 if (s->qdev.type == TYPE_DISK) { 2385 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2386 } 2387 } 2388 2389 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2390 { 2391 SCSIDiskState *s = opaque; 2392 2393 /* 2394 * When a CD gets changed, we have to report an ejected state and 2395 * then a loaded state to guests so that they detect tray 2396 * open/close and media change events. Guests that do not use 2397 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2398 * states rely on this behavior. 2399 * 2400 * media_changed governs the state machine used for unit attention 2401 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2402 */ 2403 s->media_changed = load; 2404 s->tray_open = !load; 2405 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2406 s->media_event = true; 2407 s->eject_request = false; 2408 } 2409 2410 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2411 { 2412 SCSIDiskState *s = opaque; 2413 2414 s->eject_request = true; 2415 if (force) { 2416 s->tray_locked = false; 2417 } 2418 } 2419 2420 static bool scsi_cd_is_tray_open(void *opaque) 2421 { 2422 return ((SCSIDiskState *)opaque)->tray_open; 2423 } 2424 2425 static bool scsi_cd_is_medium_locked(void *opaque) 2426 { 2427 return ((SCSIDiskState *)opaque)->tray_locked; 2428 } 2429 2430 static const BlockDevOps scsi_disk_removable_block_ops = { 2431 .change_media_cb = scsi_cd_change_media_cb, 2432 .drained_begin = scsi_disk_drained_begin, 2433 .drained_end = scsi_disk_drained_end, 2434 .eject_request_cb = scsi_cd_eject_request_cb, 2435 .is_medium_locked = scsi_cd_is_medium_locked, 2436 .is_tray_open = scsi_cd_is_tray_open, 2437 .resize_cb = scsi_disk_resize_cb, 2438 }; 2439 2440 static const BlockDevOps scsi_disk_block_ops = { 2441 .drained_begin = scsi_disk_drained_begin, 2442 .drained_end = scsi_disk_drained_end, 2443 .resize_cb = scsi_disk_resize_cb, 2444 }; 2445 2446 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2447 { 2448 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2449 if (s->media_changed) { 2450 s->media_changed = false; 2451 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2452 } 2453 } 2454 2455 static void scsi_realize(SCSIDevice *dev, Error **errp) 2456 { 2457 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2458 bool read_only; 2459 2460 if (!s->qdev.conf.blk) { 2461 error_setg(errp, "drive property not set"); 2462 return; 2463 } 2464 2465 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2466 !blk_is_inserted(s->qdev.conf.blk)) { 2467 error_setg(errp, "Device needs media, but drive is empty"); 2468 return; 2469 } 2470 2471 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2472 return; 2473 } 2474 2475 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2476 !s->qdev.hba_supports_iothread) 2477 { 2478 error_setg(errp, "HBA does not support iothreads"); 2479 return; 2480 } 2481 2482 if (dev->type == TYPE_DISK) { 2483 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2484 return; 2485 } 2486 } 2487 2488 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2489 if (dev->type == TYPE_ROM) { 2490 read_only = true; 2491 } 2492 2493 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2494 dev->type == TYPE_DISK, errp)) { 2495 return; 2496 } 2497 2498 if (s->qdev.conf.discard_granularity == -1) { 2499 s->qdev.conf.discard_granularity = 2500 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2501 } 2502 2503 if (!s->version) { 2504 s->version = g_strdup(qemu_hw_version()); 2505 } 2506 if (!s->vendor) { 2507 s->vendor = g_strdup("QEMU"); 2508 } 2509 if (!s->device_id) { 2510 if (s->serial) { 2511 s->device_id = g_strdup_printf("%.20s", s->serial); 2512 } else { 2513 const char *str = blk_name(s->qdev.conf.blk); 2514 if (str && *str) { 2515 s->device_id = g_strdup(str); 2516 } 2517 } 2518 } 2519 2520 if (blk_is_sg(s->qdev.conf.blk)) { 2521 error_setg(errp, "unwanted /dev/sg*"); 2522 return; 2523 } 2524 2525 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2526 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2527 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2528 } else { 2529 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2530 } 2531 2532 blk_iostatus_enable(s->qdev.conf.blk); 2533 2534 add_boot_device_lchs(&dev->qdev, NULL, 2535 dev->conf.lcyls, 2536 dev->conf.lheads, 2537 dev->conf.lsecs); 2538 } 2539 2540 static void scsi_unrealize(SCSIDevice *dev) 2541 { 2542 del_boot_device_lchs(&dev->qdev, NULL); 2543 } 2544 2545 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2546 { 2547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2548 AioContext *ctx = NULL; 2549 /* can happen for devices without drive. The error message for missing 2550 * backend will be issued in scsi_realize 2551 */ 2552 if (s->qdev.conf.blk) { 2553 ctx = blk_get_aio_context(s->qdev.conf.blk); 2554 aio_context_acquire(ctx); 2555 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2556 goto out; 2557 } 2558 } 2559 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2560 s->qdev.type = TYPE_DISK; 2561 if (!s->product) { 2562 s->product = g_strdup("QEMU HARDDISK"); 2563 } 2564 scsi_realize(&s->qdev, errp); 2565 out: 2566 if (ctx) { 2567 aio_context_release(ctx); 2568 } 2569 } 2570 2571 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2572 { 2573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2574 AioContext *ctx; 2575 int ret; 2576 uint32_t blocksize = 2048; 2577 2578 if (!dev->conf.blk) { 2579 /* Anonymous BlockBackend for an empty drive. As we put it into 2580 * dev->conf, qdev takes care of detaching on unplug. */ 2581 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2582 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2583 assert(ret == 0); 2584 } 2585 2586 if (dev->conf.physical_block_size != 0) { 2587 blocksize = dev->conf.physical_block_size; 2588 } 2589 2590 ctx = blk_get_aio_context(dev->conf.blk); 2591 aio_context_acquire(ctx); 2592 s->qdev.blocksize = blocksize; 2593 s->qdev.type = TYPE_ROM; 2594 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2595 if (!s->product) { 2596 s->product = g_strdup("QEMU CD-ROM"); 2597 } 2598 scsi_realize(&s->qdev, errp); 2599 aio_context_release(ctx); 2600 } 2601 2602 2603 static const SCSIReqOps scsi_disk_emulate_reqops = { 2604 .size = sizeof(SCSIDiskReq), 2605 .free_req = scsi_free_request, 2606 .send_command = scsi_disk_emulate_command, 2607 .read_data = scsi_disk_emulate_read_data, 2608 .write_data = scsi_disk_emulate_write_data, 2609 .get_buf = scsi_get_buf, 2610 }; 2611 2612 static const SCSIReqOps scsi_disk_dma_reqops = { 2613 .size = sizeof(SCSIDiskReq), 2614 .free_req = scsi_free_request, 2615 .send_command = scsi_disk_dma_command, 2616 .read_data = scsi_read_data, 2617 .write_data = scsi_write_data, 2618 .get_buf = scsi_get_buf, 2619 .load_request = scsi_disk_load_request, 2620 .save_request = scsi_disk_save_request, 2621 }; 2622 2623 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2624 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2625 [INQUIRY] = &scsi_disk_emulate_reqops, 2626 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2627 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2628 [START_STOP] = &scsi_disk_emulate_reqops, 2629 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2630 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2631 [READ_TOC] = &scsi_disk_emulate_reqops, 2632 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2633 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2634 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2635 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2636 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2637 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2638 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2639 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2640 [SEEK_10] = &scsi_disk_emulate_reqops, 2641 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2642 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2643 [UNMAP] = &scsi_disk_emulate_reqops, 2644 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2645 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2646 [VERIFY_10] = &scsi_disk_emulate_reqops, 2647 [VERIFY_12] = &scsi_disk_emulate_reqops, 2648 [VERIFY_16] = &scsi_disk_emulate_reqops, 2649 [FORMAT_UNIT] = &scsi_disk_emulate_reqops, 2650 2651 [READ_6] = &scsi_disk_dma_reqops, 2652 [READ_10] = &scsi_disk_dma_reqops, 2653 [READ_12] = &scsi_disk_dma_reqops, 2654 [READ_16] = &scsi_disk_dma_reqops, 2655 [WRITE_6] = &scsi_disk_dma_reqops, 2656 [WRITE_10] = &scsi_disk_dma_reqops, 2657 [WRITE_12] = &scsi_disk_dma_reqops, 2658 [WRITE_16] = &scsi_disk_dma_reqops, 2659 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2660 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2661 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2662 }; 2663 2664 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2665 { 2666 int i; 2667 int len = scsi_cdb_length(buf); 2668 char *line_buffer, *p; 2669 2670 assert(len > 0 && len <= 16); 2671 line_buffer = g_malloc(len * 5 + 1); 2672 2673 for (i = 0, p = line_buffer; i < len; i++) { 2674 p += sprintf(p, " 0x%02x", buf[i]); 2675 } 2676 trace_scsi_disk_new_request(lun, tag, line_buffer); 2677 2678 g_free(line_buffer); 2679 } 2680 2681 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2682 uint8_t *buf, void *hba_private) 2683 { 2684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2685 SCSIRequest *req; 2686 const SCSIReqOps *ops; 2687 uint8_t command; 2688 2689 command = buf[0]; 2690 ops = scsi_disk_reqops_dispatch[command]; 2691 if (!ops) { 2692 ops = &scsi_disk_emulate_reqops; 2693 } 2694 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2695 2696 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2697 scsi_disk_new_request_dump(lun, tag, buf); 2698 } 2699 2700 return req; 2701 } 2702 2703 #ifdef __linux__ 2704 static int get_device_type(SCSIDiskState *s) 2705 { 2706 uint8_t cmd[16]; 2707 uint8_t buf[36]; 2708 int ret; 2709 2710 memset(cmd, 0, sizeof(cmd)); 2711 memset(buf, 0, sizeof(buf)); 2712 cmd[0] = INQUIRY; 2713 cmd[4] = sizeof(buf); 2714 2715 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2716 buf, sizeof(buf), s->qdev.io_timeout); 2717 if (ret < 0) { 2718 return -1; 2719 } 2720 s->qdev.type = buf[0]; 2721 if (buf[1] & 0x80) { 2722 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2723 } 2724 return 0; 2725 } 2726 2727 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2728 { 2729 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2730 AioContext *ctx; 2731 int sg_version; 2732 int rc; 2733 2734 if (!s->qdev.conf.blk) { 2735 error_setg(errp, "drive property not set"); 2736 return; 2737 } 2738 2739 if (s->rotation_rate) { 2740 error_report_once("rotation_rate is specified for scsi-block but is " 2741 "not implemented. This option is deprecated and will " 2742 "be removed in a future version"); 2743 } 2744 2745 ctx = blk_get_aio_context(s->qdev.conf.blk); 2746 aio_context_acquire(ctx); 2747 2748 /* check we are using a driver managing SG_IO (version 3 and after) */ 2749 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2750 if (rc < 0) { 2751 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2752 if (rc != -EPERM) { 2753 error_append_hint(errp, "Is this a SCSI device?\n"); 2754 } 2755 goto out; 2756 } 2757 if (sg_version < 30000) { 2758 error_setg(errp, "scsi generic interface too old"); 2759 goto out; 2760 } 2761 2762 /* get device type from INQUIRY data */ 2763 rc = get_device_type(s); 2764 if (rc < 0) { 2765 error_setg(errp, "INQUIRY failed"); 2766 goto out; 2767 } 2768 2769 /* Make a guess for the block size, we'll fix it when the guest sends. 2770 * READ CAPACITY. If they don't, they likely would assume these sizes 2771 * anyway. (TODO: check in /sys). 2772 */ 2773 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2774 s->qdev.blocksize = 2048; 2775 } else { 2776 s->qdev.blocksize = 512; 2777 } 2778 2779 /* Makes the scsi-block device not removable by using HMP and QMP eject 2780 * command. 2781 */ 2782 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2783 2784 scsi_realize(&s->qdev, errp); 2785 scsi_generic_read_device_inquiry(&s->qdev); 2786 2787 out: 2788 aio_context_release(ctx); 2789 } 2790 2791 typedef struct SCSIBlockReq { 2792 SCSIDiskReq req; 2793 sg_io_hdr_t io_header; 2794 2795 /* Selected bytes of the original CDB, copied into our own CDB. */ 2796 uint8_t cmd, cdb1, group_number; 2797 2798 /* CDB passed to SG_IO. */ 2799 uint8_t cdb[16]; 2800 BlockCompletionFunc *cb; 2801 void *cb_opaque; 2802 } SCSIBlockReq; 2803 2804 static void scsi_block_sgio_complete(void *opaque, int ret) 2805 { 2806 SCSIBlockReq *req = (SCSIBlockReq *)opaque; 2807 SCSIDiskReq *r = &req->req; 2808 sg_io_hdr_t *io_hdr = &req->io_header; 2809 2810 if (ret == 0) { 2811 if (io_hdr->host_status != SCSI_HOST_OK) { 2812 scsi_req_complete_failed(&r->req, io_hdr->host_status); 2813 scsi_req_unref(&r->req); 2814 return; 2815 } 2816 2817 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) { 2818 ret = BUSY; 2819 } else { 2820 ret = io_hdr->status; 2821 } 2822 2823 if (ret > 0) { 2824 if (scsi_handle_rw_error(r, ret, true)) { 2825 scsi_req_unref(&r->req); 2826 return; 2827 } 2828 2829 /* Ignore error. */ 2830 ret = 0; 2831 } 2832 } 2833 2834 req->cb(req->cb_opaque, ret); 2835 } 2836 2837 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2838 int64_t offset, QEMUIOVector *iov, 2839 int direction, 2840 BlockCompletionFunc *cb, void *opaque) 2841 { 2842 sg_io_hdr_t *io_header = &req->io_header; 2843 SCSIDiskReq *r = &req->req; 2844 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2845 int nb_logical_blocks; 2846 uint64_t lba; 2847 BlockAIOCB *aiocb; 2848 2849 /* This is not supported yet. It can only happen if the guest does 2850 * reads and writes that are not aligned to one logical sectors 2851 * _and_ cover multiple MemoryRegions. 2852 */ 2853 assert(offset % s->qdev.blocksize == 0); 2854 assert(iov->size % s->qdev.blocksize == 0); 2855 2856 io_header->interface_id = 'S'; 2857 2858 /* The data transfer comes from the QEMUIOVector. */ 2859 io_header->dxfer_direction = direction; 2860 io_header->dxfer_len = iov->size; 2861 io_header->dxferp = (void *)iov->iov; 2862 io_header->iovec_count = iov->niov; 2863 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2864 2865 /* Build a new CDB with the LBA and length patched in, in case 2866 * DMA helpers split the transfer in multiple segments. Do not 2867 * build a CDB smaller than what the guest wanted, and only build 2868 * a larger one if strictly necessary. 2869 */ 2870 io_header->cmdp = req->cdb; 2871 lba = offset / s->qdev.blocksize; 2872 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2873 2874 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2875 /* 6-byte CDB */ 2876 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2877 req->cdb[4] = nb_logical_blocks; 2878 req->cdb[5] = 0; 2879 io_header->cmd_len = 6; 2880 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2881 /* 10-byte CDB */ 2882 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2883 req->cdb[1] = req->cdb1; 2884 stl_be_p(&req->cdb[2], lba); 2885 req->cdb[6] = req->group_number; 2886 stw_be_p(&req->cdb[7], nb_logical_blocks); 2887 req->cdb[9] = 0; 2888 io_header->cmd_len = 10; 2889 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2890 /* 12-byte CDB */ 2891 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2892 req->cdb[1] = req->cdb1; 2893 stl_be_p(&req->cdb[2], lba); 2894 stl_be_p(&req->cdb[6], nb_logical_blocks); 2895 req->cdb[10] = req->group_number; 2896 req->cdb[11] = 0; 2897 io_header->cmd_len = 12; 2898 } else { 2899 /* 16-byte CDB */ 2900 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2901 req->cdb[1] = req->cdb1; 2902 stq_be_p(&req->cdb[2], lba); 2903 stl_be_p(&req->cdb[10], nb_logical_blocks); 2904 req->cdb[14] = req->group_number; 2905 req->cdb[15] = 0; 2906 io_header->cmd_len = 16; 2907 } 2908 2909 /* The rest is as in scsi-generic.c. */ 2910 io_header->mx_sb_len = sizeof(r->req.sense); 2911 io_header->sbp = r->req.sense; 2912 io_header->timeout = s->qdev.io_timeout * 1000; 2913 io_header->usr_ptr = r; 2914 io_header->flags |= SG_FLAG_DIRECT_IO; 2915 req->cb = cb; 2916 req->cb_opaque = opaque; 2917 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2918 nb_logical_blocks, io_header->timeout); 2919 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req); 2920 assert(aiocb != NULL); 2921 return aiocb; 2922 } 2923 2924 static bool scsi_block_no_fua(SCSICommand *cmd) 2925 { 2926 return false; 2927 } 2928 2929 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2930 QEMUIOVector *iov, 2931 BlockCompletionFunc *cb, void *cb_opaque, 2932 void *opaque) 2933 { 2934 SCSIBlockReq *r = opaque; 2935 return scsi_block_do_sgio(r, offset, iov, 2936 SG_DXFER_FROM_DEV, cb, cb_opaque); 2937 } 2938 2939 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2940 QEMUIOVector *iov, 2941 BlockCompletionFunc *cb, void *cb_opaque, 2942 void *opaque) 2943 { 2944 SCSIBlockReq *r = opaque; 2945 return scsi_block_do_sgio(r, offset, iov, 2946 SG_DXFER_TO_DEV, cb, cb_opaque); 2947 } 2948 2949 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2950 { 2951 switch (buf[0]) { 2952 case VERIFY_10: 2953 case VERIFY_12: 2954 case VERIFY_16: 2955 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2956 * for the number of logical blocks specified in the length 2957 * field). For other modes, do not use scatter/gather operation. 2958 */ 2959 if ((buf[1] & 6) == 2) { 2960 return false; 2961 } 2962 break; 2963 2964 case READ_6: 2965 case READ_10: 2966 case READ_12: 2967 case READ_16: 2968 case WRITE_6: 2969 case WRITE_10: 2970 case WRITE_12: 2971 case WRITE_16: 2972 case WRITE_VERIFY_10: 2973 case WRITE_VERIFY_12: 2974 case WRITE_VERIFY_16: 2975 /* MMC writing cannot be done via DMA helpers, because it sometimes 2976 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2977 * We might use scsi_block_dma_reqops as long as no writing commands are 2978 * seen, but performance usually isn't paramount on optical media. So, 2979 * just make scsi-block operate the same as scsi-generic for them. 2980 */ 2981 if (s->qdev.type != TYPE_ROM) { 2982 return false; 2983 } 2984 break; 2985 2986 default: 2987 break; 2988 } 2989 2990 return true; 2991 } 2992 2993 2994 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2995 { 2996 SCSIBlockReq *r = (SCSIBlockReq *)req; 2997 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2998 2999 r->cmd = req->cmd.buf[0]; 3000 switch (r->cmd >> 5) { 3001 case 0: 3002 /* 6-byte CDB. */ 3003 r->cdb1 = r->group_number = 0; 3004 break; 3005 case 1: 3006 /* 10-byte CDB. */ 3007 r->cdb1 = req->cmd.buf[1]; 3008 r->group_number = req->cmd.buf[6]; 3009 break; 3010 case 4: 3011 /* 12-byte CDB. */ 3012 r->cdb1 = req->cmd.buf[1]; 3013 r->group_number = req->cmd.buf[10]; 3014 break; 3015 case 5: 3016 /* 16-byte CDB. */ 3017 r->cdb1 = req->cmd.buf[1]; 3018 r->group_number = req->cmd.buf[14]; 3019 break; 3020 default: 3021 abort(); 3022 } 3023 3024 /* Protection information is not supported. For SCSI versions 2 and 3025 * older (as determined by snooping the guest's INQUIRY commands), 3026 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 3027 */ 3028 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 3029 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 3030 return 0; 3031 } 3032 3033 return scsi_disk_dma_command(req, buf); 3034 } 3035 3036 static const SCSIReqOps scsi_block_dma_reqops = { 3037 .size = sizeof(SCSIBlockReq), 3038 .free_req = scsi_free_request, 3039 .send_command = scsi_block_dma_command, 3040 .read_data = scsi_read_data, 3041 .write_data = scsi_write_data, 3042 .get_buf = scsi_get_buf, 3043 .load_request = scsi_disk_load_request, 3044 .save_request = scsi_disk_save_request, 3045 }; 3046 3047 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 3048 uint32_t lun, uint8_t *buf, 3049 void *hba_private) 3050 { 3051 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3052 3053 if (scsi_block_is_passthrough(s, buf)) { 3054 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 3055 hba_private); 3056 } else { 3057 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 3058 hba_private); 3059 } 3060 } 3061 3062 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 3063 uint8_t *buf, size_t buf_len, 3064 void *hba_private) 3065 { 3066 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3067 3068 if (scsi_block_is_passthrough(s, buf)) { 3069 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private); 3070 } else { 3071 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len); 3072 } 3073 } 3074 3075 static void scsi_block_update_sense(SCSIRequest *req) 3076 { 3077 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 3078 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 3079 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 3080 } 3081 #endif 3082 3083 static 3084 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 3085 BlockCompletionFunc *cb, void *cb_opaque, 3086 void *opaque) 3087 { 3088 SCSIDiskReq *r = opaque; 3089 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3090 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3091 } 3092 3093 static 3094 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 3095 BlockCompletionFunc *cb, void *cb_opaque, 3096 void *opaque) 3097 { 3098 SCSIDiskReq *r = opaque; 3099 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3100 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3101 } 3102 3103 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 3104 { 3105 DeviceClass *dc = DEVICE_CLASS(klass); 3106 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3107 3108 dc->fw_name = "disk"; 3109 dc->reset = scsi_disk_reset; 3110 sdc->dma_readv = scsi_dma_readv; 3111 sdc->dma_writev = scsi_dma_writev; 3112 sdc->need_fua_emulation = scsi_is_cmd_fua; 3113 } 3114 3115 static const TypeInfo scsi_disk_base_info = { 3116 .name = TYPE_SCSI_DISK_BASE, 3117 .parent = TYPE_SCSI_DEVICE, 3118 .class_init = scsi_disk_base_class_initfn, 3119 .instance_size = sizeof(SCSIDiskState), 3120 .class_size = sizeof(SCSIDiskClass), 3121 .abstract = true, 3122 }; 3123 3124 #define DEFINE_SCSI_DISK_PROPERTIES() \ 3125 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 3126 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 3127 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3128 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 3129 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 3130 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 3131 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 3132 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 3133 3134 3135 static Property scsi_hd_properties[] = { 3136 DEFINE_SCSI_DISK_PROPERTIES(), 3137 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3138 SCSI_DISK_F_REMOVABLE, false), 3139 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3140 SCSI_DISK_F_DPOFUA, false), 3141 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3142 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3143 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3144 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3145 DEFAULT_MAX_UNMAP_SIZE), 3146 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3147 DEFAULT_MAX_IO_SIZE), 3148 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3149 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3150 5), 3151 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3152 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3153 0), 3154 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3155 DEFINE_PROP_END_OF_LIST(), 3156 }; 3157 3158 static const VMStateDescription vmstate_scsi_disk_state = { 3159 .name = "scsi-disk", 3160 .version_id = 1, 3161 .minimum_version_id = 1, 3162 .fields = (VMStateField[]) { 3163 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3164 VMSTATE_BOOL(media_changed, SCSIDiskState), 3165 VMSTATE_BOOL(media_event, SCSIDiskState), 3166 VMSTATE_BOOL(eject_request, SCSIDiskState), 3167 VMSTATE_BOOL(tray_open, SCSIDiskState), 3168 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3169 VMSTATE_END_OF_LIST() 3170 } 3171 }; 3172 3173 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3174 { 3175 DeviceClass *dc = DEVICE_CLASS(klass); 3176 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3177 3178 sc->realize = scsi_hd_realize; 3179 sc->unrealize = scsi_unrealize; 3180 sc->alloc_req = scsi_new_request; 3181 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3182 dc->desc = "virtual SCSI disk"; 3183 device_class_set_props(dc, scsi_hd_properties); 3184 dc->vmsd = &vmstate_scsi_disk_state; 3185 } 3186 3187 static const TypeInfo scsi_hd_info = { 3188 .name = "scsi-hd", 3189 .parent = TYPE_SCSI_DISK_BASE, 3190 .class_init = scsi_hd_class_initfn, 3191 }; 3192 3193 static Property scsi_cd_properties[] = { 3194 DEFINE_SCSI_DISK_PROPERTIES(), 3195 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3196 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3197 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3198 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3199 DEFAULT_MAX_IO_SIZE), 3200 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3201 5), 3202 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks, 3203 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0), 3204 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks, 3205 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0), 3206 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3207 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3208 0), 3209 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks, 3210 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0), 3211 DEFINE_PROP_END_OF_LIST(), 3212 }; 3213 3214 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3215 { 3216 DeviceClass *dc = DEVICE_CLASS(klass); 3217 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3218 3219 sc->realize = scsi_cd_realize; 3220 sc->alloc_req = scsi_new_request; 3221 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3222 dc->desc = "virtual SCSI CD-ROM"; 3223 device_class_set_props(dc, scsi_cd_properties); 3224 dc->vmsd = &vmstate_scsi_disk_state; 3225 } 3226 3227 static const TypeInfo scsi_cd_info = { 3228 .name = "scsi-cd", 3229 .parent = TYPE_SCSI_DISK_BASE, 3230 .class_init = scsi_cd_class_initfn, 3231 }; 3232 3233 #ifdef __linux__ 3234 static Property scsi_block_properties[] = { 3235 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3236 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3237 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3238 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3239 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3240 DEFAULT_MAX_UNMAP_SIZE), 3241 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3242 DEFAULT_MAX_IO_SIZE), 3243 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3244 -1), 3245 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3246 DEFAULT_IO_TIMEOUT), 3247 DEFINE_PROP_END_OF_LIST(), 3248 }; 3249 3250 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3251 { 3252 DeviceClass *dc = DEVICE_CLASS(klass); 3253 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3254 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3255 3256 sc->realize = scsi_block_realize; 3257 sc->alloc_req = scsi_block_new_request; 3258 sc->parse_cdb = scsi_block_parse_cdb; 3259 sdc->dma_readv = scsi_block_dma_readv; 3260 sdc->dma_writev = scsi_block_dma_writev; 3261 sdc->update_sense = scsi_block_update_sense; 3262 sdc->need_fua_emulation = scsi_block_no_fua; 3263 dc->desc = "SCSI block device passthrough"; 3264 device_class_set_props(dc, scsi_block_properties); 3265 dc->vmsd = &vmstate_scsi_disk_state; 3266 } 3267 3268 static const TypeInfo scsi_block_info = { 3269 .name = "scsi-block", 3270 .parent = TYPE_SCSI_DISK_BASE, 3271 .class_init = scsi_block_class_initfn, 3272 }; 3273 #endif 3274 3275 static void scsi_disk_register_types(void) 3276 { 3277 type_register_static(&scsi_disk_base_info); 3278 type_register_static(&scsi_hd_info); 3279 type_register_static(&scsi_cd_info); 3280 #ifdef __linux__ 3281 type_register_static(&scsi_block_info); 3282 #endif 3283 } 3284 3285 type_init(scsi_disk_register_types) 3286