1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "hw/scsi/scsi.h" 29 #include "migration/qemu-file-types.h" 30 #include "migration/vmstate.h" 31 #include "hw/scsi/emulation.h" 32 #include "scsi/constants.h" 33 #include "sysemu/block-backend.h" 34 #include "sysemu/blockdev.h" 35 #include "hw/block/block.h" 36 #include "hw/qdev-properties.h" 37 #include "hw/qdev-properties-system.h" 38 #include "sysemu/dma.h" 39 #include "sysemu/sysemu.h" 40 #include "qemu/cutils.h" 41 #include "trace.h" 42 #include "qom/object.h" 43 44 #ifdef __linux 45 #include <scsi/sg.h> 46 #endif 47 48 #define SCSI_WRITE_SAME_MAX (512 * KiB) 49 #define SCSI_DMA_BUF_SIZE (128 * KiB) 50 #define SCSI_MAX_INQUIRY_LEN 256 51 #define SCSI_MAX_MODE_LEN 256 52 53 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 54 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 55 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 56 57 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 58 59 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 60 61 struct SCSIDiskClass { 62 SCSIDeviceClass parent_class; 63 DMAIOFunc *dma_readv; 64 DMAIOFunc *dma_writev; 65 bool (*need_fua_emulation)(SCSICommand *cmd); 66 void (*update_sense)(SCSIRequest *r); 67 }; 68 69 typedef struct SCSIDiskReq { 70 SCSIRequest req; 71 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 72 uint64_t sector; 73 uint32_t sector_count; 74 uint32_t buflen; 75 bool started; 76 bool need_fua_emulation; 77 struct iovec iov; 78 QEMUIOVector qiov; 79 BlockAcctCookie acct; 80 unsigned char *status; 81 } SCSIDiskReq; 82 83 #define SCSI_DISK_F_REMOVABLE 0 84 #define SCSI_DISK_F_DPOFUA 1 85 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 86 87 struct SCSIDiskState { 88 SCSIDevice qdev; 89 uint32_t features; 90 bool media_changed; 91 bool media_event; 92 bool eject_request; 93 uint16_t port_index; 94 uint64_t max_unmap_size; 95 uint64_t max_io_size; 96 QEMUBH *bh; 97 char *version; 98 char *serial; 99 char *vendor; 100 char *product; 101 char *device_id; 102 bool tray_open; 103 bool tray_locked; 104 /* 105 * 0x0000 - rotation rate not reported 106 * 0x0001 - non-rotating medium (SSD) 107 * 0x0002-0x0400 - reserved 108 * 0x0401-0xffe - rotations per minute 109 * 0xffff - reserved 110 */ 111 uint16_t rotation_rate; 112 }; 113 114 static void scsi_free_request(SCSIRequest *req) 115 { 116 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 117 118 qemu_vfree(r->iov.iov_base); 119 } 120 121 /* Helper function for command completion with sense. */ 122 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 123 { 124 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 125 sense.ascq); 126 scsi_req_build_sense(&r->req, sense); 127 scsi_req_complete(&r->req, CHECK_CONDITION); 128 } 129 130 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 131 { 132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 133 134 if (!r->iov.iov_base) { 135 r->buflen = size; 136 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 137 } 138 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 139 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 140 } 141 142 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 143 { 144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 145 146 qemu_put_be64s(f, &r->sector); 147 qemu_put_be32s(f, &r->sector_count); 148 qemu_put_be32s(f, &r->buflen); 149 if (r->buflen) { 150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } else if (!req->retry) { 153 uint32_t len = r->iov.iov_len; 154 qemu_put_be32s(f, &len); 155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 156 } 157 } 158 } 159 160 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 161 { 162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 163 164 qemu_get_be64s(f, &r->sector); 165 qemu_get_be32s(f, &r->sector_count); 166 qemu_get_be32s(f, &r->buflen); 167 if (r->buflen) { 168 scsi_init_iovec(r, r->buflen); 169 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 171 } else if (!r->req.retry) { 172 uint32_t len; 173 qemu_get_be32s(f, &len); 174 r->iov.iov_len = len; 175 assert(r->iov.iov_len <= r->buflen); 176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 177 } 178 } 179 180 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 181 } 182 183 /* 184 * scsi_handle_rw_error has two return values. False means that the error 185 * must be ignored, true means that the error has been processed and the 186 * caller should not do anything else for this request. Note that 187 * scsi_handle_rw_error always manages its reference counts, independent 188 * of the return value. 189 */ 190 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 191 { 192 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 194 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 195 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 196 is_read, error); 197 SCSISense sense; 198 199 if (action == BLOCK_ERROR_ACTION_REPORT) { 200 if (acct_failed) { 201 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 202 } 203 if (error == 0) { 204 /* A passthrough command has run and has produced sense data; check 205 * whether the error has to be handled by the guest or should rather 206 * pause the host. 207 */ 208 assert(r->status && *r->status); 209 if (scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 210 /* These errors are handled by guest. */ 211 sdc->update_sense(&r->req); 212 scsi_req_complete(&r->req, *r->status); 213 return true; 214 } 215 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 216 } else { 217 int status = scsi_sense_from_errno(error, &sense); 218 if (status == CHECK_CONDITION) { 219 scsi_req_build_sense(&r->req, sense); 220 } 221 scsi_req_complete(&r->req, status); 222 } 223 } 224 225 blk_error_action(s->qdev.conf.blk, action, is_read, error); 226 if (action == BLOCK_ERROR_ACTION_IGNORE) { 227 return false; 228 } 229 230 if (action == BLOCK_ERROR_ACTION_STOP) { 231 scsi_req_retry(&r->req); 232 } 233 return true; 234 } 235 236 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 237 { 238 if (r->req.io_canceled) { 239 scsi_req_cancel_complete(&r->req); 240 return true; 241 } 242 243 if (ret < 0 || (r->status && *r->status)) { 244 return scsi_handle_rw_error(r, -ret, acct_failed); 245 } 246 247 return false; 248 } 249 250 static void scsi_aio_complete(void *opaque, int ret) 251 { 252 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 253 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 254 255 assert(r->req.aiocb != NULL); 256 r->req.aiocb = NULL; 257 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 258 if (scsi_disk_req_check_error(r, ret, true)) { 259 goto done; 260 } 261 262 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 263 scsi_req_complete(&r->req, GOOD); 264 265 done: 266 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 267 scsi_req_unref(&r->req); 268 } 269 270 static bool scsi_is_cmd_fua(SCSICommand *cmd) 271 { 272 switch (cmd->buf[0]) { 273 case READ_10: 274 case READ_12: 275 case READ_16: 276 case WRITE_10: 277 case WRITE_12: 278 case WRITE_16: 279 return (cmd->buf[1] & 8) != 0; 280 281 case VERIFY_10: 282 case VERIFY_12: 283 case VERIFY_16: 284 case WRITE_VERIFY_10: 285 case WRITE_VERIFY_12: 286 case WRITE_VERIFY_16: 287 return true; 288 289 case READ_6: 290 case WRITE_6: 291 default: 292 return false; 293 } 294 } 295 296 static void scsi_write_do_fua(SCSIDiskReq *r) 297 { 298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 299 300 assert(r->req.aiocb == NULL); 301 assert(!r->req.io_canceled); 302 303 if (r->need_fua_emulation) { 304 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 305 BLOCK_ACCT_FLUSH); 306 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 307 return; 308 } 309 310 scsi_req_complete(&r->req, GOOD); 311 scsi_req_unref(&r->req); 312 } 313 314 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 315 { 316 assert(r->req.aiocb == NULL); 317 if (scsi_disk_req_check_error(r, ret, false)) { 318 goto done; 319 } 320 321 r->sector += r->sector_count; 322 r->sector_count = 0; 323 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 324 scsi_write_do_fua(r); 325 return; 326 } else { 327 scsi_req_complete(&r->req, GOOD); 328 } 329 330 done: 331 scsi_req_unref(&r->req); 332 } 333 334 static void scsi_dma_complete(void *opaque, int ret) 335 { 336 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 337 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 338 339 assert(r->req.aiocb != NULL); 340 r->req.aiocb = NULL; 341 342 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 343 if (ret < 0) { 344 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 345 } else { 346 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 347 } 348 scsi_dma_complete_noio(r, ret); 349 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 350 } 351 352 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 353 { 354 uint32_t n; 355 356 assert(r->req.aiocb == NULL); 357 if (scsi_disk_req_check_error(r, ret, false)) { 358 goto done; 359 } 360 361 n = r->qiov.size / BDRV_SECTOR_SIZE; 362 r->sector += n; 363 r->sector_count -= n; 364 scsi_req_data(&r->req, r->qiov.size); 365 366 done: 367 scsi_req_unref(&r->req); 368 } 369 370 static void scsi_read_complete(void *opaque, int ret) 371 { 372 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 374 375 assert(r->req.aiocb != NULL); 376 r->req.aiocb = NULL; 377 378 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 379 if (ret < 0) { 380 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 381 } else { 382 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 383 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 384 } 385 scsi_read_complete_noio(r, ret); 386 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 387 } 388 389 /* Actually issue a read to the block device. */ 390 static void scsi_do_read(SCSIDiskReq *r, int ret) 391 { 392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 393 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 394 395 assert (r->req.aiocb == NULL); 396 if (scsi_disk_req_check_error(r, ret, false)) { 397 goto done; 398 } 399 400 /* The request is used as the AIO opaque value, so add a ref. */ 401 scsi_req_ref(&r->req); 402 403 if (r->req.sg) { 404 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 405 r->req.resid -= r->req.sg->size; 406 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 407 r->req.sg, r->sector << BDRV_SECTOR_BITS, 408 BDRV_SECTOR_SIZE, 409 sdc->dma_readv, r, scsi_dma_complete, r, 410 DMA_DIRECTION_FROM_DEVICE); 411 } else { 412 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 413 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 414 r->qiov.size, BLOCK_ACCT_READ); 415 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 416 scsi_read_complete, r, r); 417 } 418 419 done: 420 scsi_req_unref(&r->req); 421 } 422 423 static void scsi_do_read_cb(void *opaque, int ret) 424 { 425 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 427 428 assert (r->req.aiocb != NULL); 429 r->req.aiocb = NULL; 430 431 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 432 if (ret < 0) { 433 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 434 } else { 435 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 436 } 437 scsi_do_read(opaque, ret); 438 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 439 } 440 441 /* Read more data from scsi device into buffer. */ 442 static void scsi_read_data(SCSIRequest *req) 443 { 444 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 446 bool first; 447 448 trace_scsi_disk_read_data_count(r->sector_count); 449 if (r->sector_count == 0) { 450 /* This also clears the sense buffer for REQUEST SENSE. */ 451 scsi_req_complete(&r->req, GOOD); 452 return; 453 } 454 455 /* No data transfer may already be in progress */ 456 assert(r->req.aiocb == NULL); 457 458 /* The request is used as the AIO opaque value, so add a ref. */ 459 scsi_req_ref(&r->req); 460 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 461 trace_scsi_disk_read_data_invalid(); 462 scsi_read_complete_noio(r, -EINVAL); 463 return; 464 } 465 466 if (!blk_is_available(req->dev->conf.blk)) { 467 scsi_read_complete_noio(r, -ENOMEDIUM); 468 return; 469 } 470 471 first = !r->started; 472 r->started = true; 473 if (first && r->need_fua_emulation) { 474 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 475 BLOCK_ACCT_FLUSH); 476 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 477 } else { 478 scsi_do_read(r, 0); 479 } 480 } 481 482 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 483 { 484 uint32_t n; 485 486 assert (r->req.aiocb == NULL); 487 if (scsi_disk_req_check_error(r, ret, false)) { 488 goto done; 489 } 490 491 n = r->qiov.size / BDRV_SECTOR_SIZE; 492 r->sector += n; 493 r->sector_count -= n; 494 if (r->sector_count == 0) { 495 scsi_write_do_fua(r); 496 return; 497 } else { 498 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 499 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 500 scsi_req_data(&r->req, r->qiov.size); 501 } 502 503 done: 504 scsi_req_unref(&r->req); 505 } 506 507 static void scsi_write_complete(void * opaque, int ret) 508 { 509 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 511 512 assert (r->req.aiocb != NULL); 513 r->req.aiocb = NULL; 514 515 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 516 if (ret < 0) { 517 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 518 } else { 519 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 520 } 521 scsi_write_complete_noio(r, ret); 522 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 523 } 524 525 static void scsi_write_data(SCSIRequest *req) 526 { 527 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 528 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 529 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 530 531 /* No data transfer may already be in progress */ 532 assert(r->req.aiocb == NULL); 533 534 /* The request is used as the AIO opaque value, so add a ref. */ 535 scsi_req_ref(&r->req); 536 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 537 trace_scsi_disk_write_data_invalid(); 538 scsi_write_complete_noio(r, -EINVAL); 539 return; 540 } 541 542 if (!r->req.sg && !r->qiov.size) { 543 /* Called for the first time. Ask the driver to send us more data. */ 544 r->started = true; 545 scsi_write_complete_noio(r, 0); 546 return; 547 } 548 if (!blk_is_available(req->dev->conf.blk)) { 549 scsi_write_complete_noio(r, -ENOMEDIUM); 550 return; 551 } 552 553 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 554 r->req.cmd.buf[0] == VERIFY_16) { 555 if (r->req.sg) { 556 scsi_dma_complete_noio(r, 0); 557 } else { 558 scsi_write_complete_noio(r, 0); 559 } 560 return; 561 } 562 563 if (r->req.sg) { 564 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 565 r->req.resid -= r->req.sg->size; 566 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 567 r->req.sg, r->sector << BDRV_SECTOR_BITS, 568 BDRV_SECTOR_SIZE, 569 sdc->dma_writev, r, scsi_dma_complete, r, 570 DMA_DIRECTION_TO_DEVICE); 571 } else { 572 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 573 r->qiov.size, BLOCK_ACCT_WRITE); 574 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 575 scsi_write_complete, r, r); 576 } 577 } 578 579 /* Return a pointer to the data buffer. */ 580 static uint8_t *scsi_get_buf(SCSIRequest *req) 581 { 582 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 583 584 return (uint8_t *)r->iov.iov_base; 585 } 586 587 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 588 { 589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 590 uint8_t page_code = req->cmd.buf[2]; 591 int start, buflen = 0; 592 593 outbuf[buflen++] = s->qdev.type & 0x1f; 594 outbuf[buflen++] = page_code; 595 outbuf[buflen++] = 0x00; 596 outbuf[buflen++] = 0x00; 597 start = buflen; 598 599 switch (page_code) { 600 case 0x00: /* Supported page codes, mandatory */ 601 { 602 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 603 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 604 if (s->serial) { 605 outbuf[buflen++] = 0x80; /* unit serial number */ 606 } 607 outbuf[buflen++] = 0x83; /* device identification */ 608 if (s->qdev.type == TYPE_DISK) { 609 outbuf[buflen++] = 0xb0; /* block limits */ 610 outbuf[buflen++] = 0xb1; /* block device characteristics */ 611 outbuf[buflen++] = 0xb2; /* thin provisioning */ 612 } 613 break; 614 } 615 case 0x80: /* Device serial number, optional */ 616 { 617 int l; 618 619 if (!s->serial) { 620 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 621 return -1; 622 } 623 624 l = strlen(s->serial); 625 if (l > 36) { 626 l = 36; 627 } 628 629 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 630 memcpy(outbuf + buflen, s->serial, l); 631 buflen += l; 632 break; 633 } 634 635 case 0x83: /* Device identification page, mandatory */ 636 { 637 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 638 639 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 640 641 if (id_len) { 642 outbuf[buflen++] = 0x2; /* ASCII */ 643 outbuf[buflen++] = 0; /* not officially assigned */ 644 outbuf[buflen++] = 0; /* reserved */ 645 outbuf[buflen++] = id_len; /* length of data following */ 646 memcpy(outbuf + buflen, s->device_id, id_len); 647 buflen += id_len; 648 } 649 650 if (s->qdev.wwn) { 651 outbuf[buflen++] = 0x1; /* Binary */ 652 outbuf[buflen++] = 0x3; /* NAA */ 653 outbuf[buflen++] = 0; /* reserved */ 654 outbuf[buflen++] = 8; 655 stq_be_p(&outbuf[buflen], s->qdev.wwn); 656 buflen += 8; 657 } 658 659 if (s->qdev.port_wwn) { 660 outbuf[buflen++] = 0x61; /* SAS / Binary */ 661 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 662 outbuf[buflen++] = 0; /* reserved */ 663 outbuf[buflen++] = 8; 664 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 665 buflen += 8; 666 } 667 668 if (s->port_index) { 669 outbuf[buflen++] = 0x61; /* SAS / Binary */ 670 671 /* PIV/Target port/relative target port */ 672 outbuf[buflen++] = 0x94; 673 674 outbuf[buflen++] = 0; /* reserved */ 675 outbuf[buflen++] = 4; 676 stw_be_p(&outbuf[buflen + 2], s->port_index); 677 buflen += 4; 678 } 679 break; 680 } 681 case 0xb0: /* block limits */ 682 { 683 SCSIBlockLimits bl = {}; 684 685 if (s->qdev.type == TYPE_ROM) { 686 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 687 return -1; 688 } 689 bl.wsnz = 1; 690 bl.unmap_sectors = 691 s->qdev.conf.discard_granularity / s->qdev.blocksize; 692 bl.min_io_size = 693 s->qdev.conf.min_io_size / s->qdev.blocksize; 694 bl.opt_io_size = 695 s->qdev.conf.opt_io_size / s->qdev.blocksize; 696 bl.max_unmap_sectors = 697 s->max_unmap_size / s->qdev.blocksize; 698 bl.max_io_sectors = 699 s->max_io_size / s->qdev.blocksize; 700 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 701 bl.max_unmap_descr = 255; 702 703 if (s->qdev.type == TYPE_DISK) { 704 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 705 int max_io_sectors_blk = 706 max_transfer_blk / s->qdev.blocksize; 707 708 bl.max_io_sectors = 709 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 710 } 711 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 712 break; 713 } 714 case 0xb1: /* block device characteristics */ 715 { 716 buflen = 0x40; 717 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 718 outbuf[5] = s->rotation_rate & 0xff; 719 outbuf[6] = 0; /* PRODUCT TYPE */ 720 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 721 outbuf[8] = 0; /* VBULS */ 722 break; 723 } 724 case 0xb2: /* thin provisioning */ 725 { 726 buflen = 8; 727 outbuf[4] = 0; 728 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 729 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 730 outbuf[7] = 0; 731 break; 732 } 733 default: 734 return -1; 735 } 736 /* done with EVPD */ 737 assert(buflen - start <= 255); 738 outbuf[start - 1] = buflen - start; 739 return buflen; 740 } 741 742 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 743 { 744 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 745 int buflen = 0; 746 747 if (req->cmd.buf[1] & 0x1) { 748 /* Vital product data */ 749 return scsi_disk_emulate_vpd_page(req, outbuf); 750 } 751 752 /* Standard INQUIRY data */ 753 if (req->cmd.buf[2] != 0) { 754 return -1; 755 } 756 757 /* PAGE CODE == 0 */ 758 buflen = req->cmd.xfer; 759 if (buflen > SCSI_MAX_INQUIRY_LEN) { 760 buflen = SCSI_MAX_INQUIRY_LEN; 761 } 762 763 outbuf[0] = s->qdev.type & 0x1f; 764 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 765 766 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 767 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 768 769 memset(&outbuf[32], 0, 4); 770 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 771 /* 772 * We claim conformance to SPC-3, which is required for guests 773 * to ask for modern features like READ CAPACITY(16) or the 774 * block characteristics VPD page by default. Not all of SPC-3 775 * is actually implemented, but we're good enough. 776 */ 777 outbuf[2] = s->qdev.default_scsi_version; 778 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 779 780 if (buflen > 36) { 781 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 782 } else { 783 /* If the allocation length of CDB is too small, 784 the additional length is not adjusted */ 785 outbuf[4] = 36 - 5; 786 } 787 788 /* Sync data transfer and TCQ. */ 789 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 790 return buflen; 791 } 792 793 static inline bool media_is_dvd(SCSIDiskState *s) 794 { 795 uint64_t nb_sectors; 796 if (s->qdev.type != TYPE_ROM) { 797 return false; 798 } 799 if (!blk_is_available(s->qdev.conf.blk)) { 800 return false; 801 } 802 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 803 return nb_sectors > CD_MAX_SECTORS; 804 } 805 806 static inline bool media_is_cd(SCSIDiskState *s) 807 { 808 uint64_t nb_sectors; 809 if (s->qdev.type != TYPE_ROM) { 810 return false; 811 } 812 if (!blk_is_available(s->qdev.conf.blk)) { 813 return false; 814 } 815 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 816 return nb_sectors <= CD_MAX_SECTORS; 817 } 818 819 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 820 uint8_t *outbuf) 821 { 822 uint8_t type = r->req.cmd.buf[1] & 7; 823 824 if (s->qdev.type != TYPE_ROM) { 825 return -1; 826 } 827 828 /* Types 1/2 are only defined for Blu-Ray. */ 829 if (type != 0) { 830 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 831 return -1; 832 } 833 834 memset(outbuf, 0, 34); 835 outbuf[1] = 32; 836 outbuf[2] = 0xe; /* last session complete, disc finalized */ 837 outbuf[3] = 1; /* first track on disc */ 838 outbuf[4] = 1; /* # of sessions */ 839 outbuf[5] = 1; /* first track of last session */ 840 outbuf[6] = 1; /* last track of last session */ 841 outbuf[7] = 0x20; /* unrestricted use */ 842 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 843 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 844 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 845 /* 24-31: disc bar code */ 846 /* 32: disc application code */ 847 /* 33: number of OPC tables */ 848 849 return 34; 850 } 851 852 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 853 uint8_t *outbuf) 854 { 855 static const int rds_caps_size[5] = { 856 [0] = 2048 + 4, 857 [1] = 4 + 4, 858 [3] = 188 + 4, 859 [4] = 2048 + 4, 860 }; 861 862 uint8_t media = r->req.cmd.buf[1]; 863 uint8_t layer = r->req.cmd.buf[6]; 864 uint8_t format = r->req.cmd.buf[7]; 865 int size = -1; 866 867 if (s->qdev.type != TYPE_ROM) { 868 return -1; 869 } 870 if (media != 0) { 871 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 872 return -1; 873 } 874 875 if (format != 0xff) { 876 if (!blk_is_available(s->qdev.conf.blk)) { 877 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 878 return -1; 879 } 880 if (media_is_cd(s)) { 881 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 882 return -1; 883 } 884 if (format >= ARRAY_SIZE(rds_caps_size)) { 885 return -1; 886 } 887 size = rds_caps_size[format]; 888 memset(outbuf, 0, size); 889 } 890 891 switch (format) { 892 case 0x00: { 893 /* Physical format information */ 894 uint64_t nb_sectors; 895 if (layer != 0) { 896 goto fail; 897 } 898 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 899 900 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 901 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 902 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 903 outbuf[7] = 0; /* default densities */ 904 905 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 906 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 907 break; 908 } 909 910 case 0x01: /* DVD copyright information, all zeros */ 911 break; 912 913 case 0x03: /* BCA information - invalid field for no BCA info */ 914 return -1; 915 916 case 0x04: /* DVD disc manufacturing information, all zeros */ 917 break; 918 919 case 0xff: { /* List capabilities */ 920 int i; 921 size = 4; 922 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 923 if (!rds_caps_size[i]) { 924 continue; 925 } 926 outbuf[size] = i; 927 outbuf[size + 1] = 0x40; /* Not writable, readable */ 928 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 929 size += 4; 930 } 931 break; 932 } 933 934 default: 935 return -1; 936 } 937 938 /* Size of buffer, not including 2 byte size field */ 939 stw_be_p(outbuf, size - 2); 940 return size; 941 942 fail: 943 return -1; 944 } 945 946 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 947 { 948 uint8_t event_code, media_status; 949 950 media_status = 0; 951 if (s->tray_open) { 952 media_status = MS_TRAY_OPEN; 953 } else if (blk_is_inserted(s->qdev.conf.blk)) { 954 media_status = MS_MEDIA_PRESENT; 955 } 956 957 /* Event notification descriptor */ 958 event_code = MEC_NO_CHANGE; 959 if (media_status != MS_TRAY_OPEN) { 960 if (s->media_event) { 961 event_code = MEC_NEW_MEDIA; 962 s->media_event = false; 963 } else if (s->eject_request) { 964 event_code = MEC_EJECT_REQUESTED; 965 s->eject_request = false; 966 } 967 } 968 969 outbuf[0] = event_code; 970 outbuf[1] = media_status; 971 972 /* These fields are reserved, just clear them. */ 973 outbuf[2] = 0; 974 outbuf[3] = 0; 975 return 4; 976 } 977 978 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 979 uint8_t *outbuf) 980 { 981 int size; 982 uint8_t *buf = r->req.cmd.buf; 983 uint8_t notification_class_request = buf[4]; 984 if (s->qdev.type != TYPE_ROM) { 985 return -1; 986 } 987 if ((buf[1] & 1) == 0) { 988 /* asynchronous */ 989 return -1; 990 } 991 992 size = 4; 993 outbuf[0] = outbuf[1] = 0; 994 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 995 if (notification_class_request & (1 << GESN_MEDIA)) { 996 outbuf[2] = GESN_MEDIA; 997 size += scsi_event_status_media(s, &outbuf[size]); 998 } else { 999 outbuf[2] = 0x80; 1000 } 1001 stw_be_p(outbuf, size - 4); 1002 return size; 1003 } 1004 1005 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1006 { 1007 int current; 1008 1009 if (s->qdev.type != TYPE_ROM) { 1010 return -1; 1011 } 1012 1013 if (media_is_dvd(s)) { 1014 current = MMC_PROFILE_DVD_ROM; 1015 } else if (media_is_cd(s)) { 1016 current = MMC_PROFILE_CD_ROM; 1017 } else { 1018 current = MMC_PROFILE_NONE; 1019 } 1020 1021 memset(outbuf, 0, 40); 1022 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1023 stw_be_p(&outbuf[6], current); 1024 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1025 outbuf[10] = 0x03; /* persistent, current */ 1026 outbuf[11] = 8; /* two profiles */ 1027 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1028 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1029 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1030 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1031 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1032 stw_be_p(&outbuf[20], 1); 1033 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1034 outbuf[23] = 8; 1035 stl_be_p(&outbuf[24], 1); /* SCSI */ 1036 outbuf[28] = 1; /* DBE = 1, mandatory */ 1037 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1038 stw_be_p(&outbuf[32], 3); 1039 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1040 outbuf[35] = 4; 1041 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1042 /* TODO: Random readable, CD read, DVD read, drive serial number, 1043 power management */ 1044 return 40; 1045 } 1046 1047 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1048 { 1049 if (s->qdev.type != TYPE_ROM) { 1050 return -1; 1051 } 1052 memset(outbuf, 0, 8); 1053 outbuf[5] = 1; /* CD-ROM */ 1054 return 8; 1055 } 1056 1057 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1058 int page_control) 1059 { 1060 static const int mode_sense_valid[0x3f] = { 1061 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1062 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1063 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1064 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1065 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1066 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1067 }; 1068 1069 uint8_t *p = *p_outbuf + 2; 1070 int length; 1071 1072 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1073 return -1; 1074 } 1075 1076 /* 1077 * If Changeable Values are requested, a mask denoting those mode parameters 1078 * that are changeable shall be returned. As we currently don't support 1079 * parameter changes via MODE_SELECT all bits are returned set to zero. 1080 * The buffer was already menset to zero by the caller of this function. 1081 * 1082 * The offsets here are off by two compared to the descriptions in the 1083 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1084 * but it is done so that offsets are consistent within our implementation 1085 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1086 * 2-byte and 4-byte headers. 1087 */ 1088 switch (page) { 1089 case MODE_PAGE_HD_GEOMETRY: 1090 length = 0x16; 1091 if (page_control == 1) { /* Changeable Values */ 1092 break; 1093 } 1094 /* if a geometry hint is available, use it */ 1095 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1096 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1097 p[2] = s->qdev.conf.cyls & 0xff; 1098 p[3] = s->qdev.conf.heads & 0xff; 1099 /* Write precomp start cylinder, disabled */ 1100 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1101 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1102 p[6] = s->qdev.conf.cyls & 0xff; 1103 /* Reduced current start cylinder, disabled */ 1104 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1105 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1106 p[9] = s->qdev.conf.cyls & 0xff; 1107 /* Device step rate [ns], 200ns */ 1108 p[10] = 0; 1109 p[11] = 200; 1110 /* Landing zone cylinder */ 1111 p[12] = 0xff; 1112 p[13] = 0xff; 1113 p[14] = 0xff; 1114 /* Medium rotation rate [rpm], 5400 rpm */ 1115 p[18] = (5400 >> 8) & 0xff; 1116 p[19] = 5400 & 0xff; 1117 break; 1118 1119 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1120 length = 0x1e; 1121 if (page_control == 1) { /* Changeable Values */ 1122 break; 1123 } 1124 /* Transfer rate [kbit/s], 5Mbit/s */ 1125 p[0] = 5000 >> 8; 1126 p[1] = 5000 & 0xff; 1127 /* if a geometry hint is available, use it */ 1128 p[2] = s->qdev.conf.heads & 0xff; 1129 p[3] = s->qdev.conf.secs & 0xff; 1130 p[4] = s->qdev.blocksize >> 8; 1131 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1132 p[7] = s->qdev.conf.cyls & 0xff; 1133 /* Write precomp start cylinder, disabled */ 1134 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1135 p[9] = s->qdev.conf.cyls & 0xff; 1136 /* Reduced current start cylinder, disabled */ 1137 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1138 p[11] = s->qdev.conf.cyls & 0xff; 1139 /* Device step rate [100us], 100us */ 1140 p[12] = 0; 1141 p[13] = 1; 1142 /* Device step pulse width [us], 1us */ 1143 p[14] = 1; 1144 /* Device head settle delay [100us], 100us */ 1145 p[15] = 0; 1146 p[16] = 1; 1147 /* Motor on delay [0.1s], 0.1s */ 1148 p[17] = 1; 1149 /* Motor off delay [0.1s], 0.1s */ 1150 p[18] = 1; 1151 /* Medium rotation rate [rpm], 5400 rpm */ 1152 p[26] = (5400 >> 8) & 0xff; 1153 p[27] = 5400 & 0xff; 1154 break; 1155 1156 case MODE_PAGE_CACHING: 1157 length = 0x12; 1158 if (page_control == 1 || /* Changeable Values */ 1159 blk_enable_write_cache(s->qdev.conf.blk)) { 1160 p[0] = 4; /* WCE */ 1161 } 1162 break; 1163 1164 case MODE_PAGE_R_W_ERROR: 1165 length = 10; 1166 if (page_control == 1) { /* Changeable Values */ 1167 break; 1168 } 1169 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1170 if (s->qdev.type == TYPE_ROM) { 1171 p[1] = 0x20; /* Read Retry Count */ 1172 } 1173 break; 1174 1175 case MODE_PAGE_AUDIO_CTL: 1176 length = 14; 1177 break; 1178 1179 case MODE_PAGE_CAPABILITIES: 1180 length = 0x14; 1181 if (page_control == 1) { /* Changeable Values */ 1182 break; 1183 } 1184 1185 p[0] = 0x3b; /* CD-R & CD-RW read */ 1186 p[1] = 0; /* Writing not supported */ 1187 p[2] = 0x7f; /* Audio, composite, digital out, 1188 mode 2 form 1&2, multi session */ 1189 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1190 RW corrected, C2 errors, ISRC, 1191 UPC, Bar code */ 1192 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1193 /* Locking supported, jumper present, eject, tray */ 1194 p[5] = 0; /* no volume & mute control, no 1195 changer */ 1196 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1197 p[7] = (50 * 176) & 0xff; 1198 p[8] = 2 >> 8; /* Two volume levels */ 1199 p[9] = 2 & 0xff; 1200 p[10] = 2048 >> 8; /* 2M buffer */ 1201 p[11] = 2048 & 0xff; 1202 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1203 p[13] = (16 * 176) & 0xff; 1204 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1205 p[17] = (16 * 176) & 0xff; 1206 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1207 p[19] = (16 * 176) & 0xff; 1208 break; 1209 1210 default: 1211 return -1; 1212 } 1213 1214 assert(length < 256); 1215 (*p_outbuf)[0] = page; 1216 (*p_outbuf)[1] = length; 1217 *p_outbuf += length + 2; 1218 return length + 2; 1219 } 1220 1221 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1222 { 1223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1224 uint64_t nb_sectors; 1225 bool dbd; 1226 int page, buflen, ret, page_control; 1227 uint8_t *p; 1228 uint8_t dev_specific_param; 1229 1230 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1231 page = r->req.cmd.buf[2] & 0x3f; 1232 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1233 1234 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1235 10, page, r->req.cmd.xfer, page_control); 1236 memset(outbuf, 0, r->req.cmd.xfer); 1237 p = outbuf; 1238 1239 if (s->qdev.type == TYPE_DISK) { 1240 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1241 if (!blk_is_writable(s->qdev.conf.blk)) { 1242 dev_specific_param |= 0x80; /* Readonly. */ 1243 } 1244 } else { 1245 /* MMC prescribes that CD/DVD drives have no block descriptors, 1246 * and defines no device-specific parameter. */ 1247 dev_specific_param = 0x00; 1248 dbd = true; 1249 } 1250 1251 if (r->req.cmd.buf[0] == MODE_SENSE) { 1252 p[1] = 0; /* Default media type. */ 1253 p[2] = dev_specific_param; 1254 p[3] = 0; /* Block descriptor length. */ 1255 p += 4; 1256 } else { /* MODE_SENSE_10 */ 1257 p[2] = 0; /* Default media type. */ 1258 p[3] = dev_specific_param; 1259 p[6] = p[7] = 0; /* Block descriptor length. */ 1260 p += 8; 1261 } 1262 1263 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1264 if (!dbd && nb_sectors) { 1265 if (r->req.cmd.buf[0] == MODE_SENSE) { 1266 outbuf[3] = 8; /* Block descriptor length */ 1267 } else { /* MODE_SENSE_10 */ 1268 outbuf[7] = 8; /* Block descriptor length */ 1269 } 1270 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1271 if (nb_sectors > 0xffffff) { 1272 nb_sectors = 0; 1273 } 1274 p[0] = 0; /* media density code */ 1275 p[1] = (nb_sectors >> 16) & 0xff; 1276 p[2] = (nb_sectors >> 8) & 0xff; 1277 p[3] = nb_sectors & 0xff; 1278 p[4] = 0; /* reserved */ 1279 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1280 p[6] = s->qdev.blocksize >> 8; 1281 p[7] = 0; 1282 p += 8; 1283 } 1284 1285 if (page_control == 3) { 1286 /* Saved Values */ 1287 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1288 return -1; 1289 } 1290 1291 if (page == 0x3f) { 1292 for (page = 0; page <= 0x3e; page++) { 1293 mode_sense_page(s, page, &p, page_control); 1294 } 1295 } else { 1296 ret = mode_sense_page(s, page, &p, page_control); 1297 if (ret == -1) { 1298 return -1; 1299 } 1300 } 1301 1302 buflen = p - outbuf; 1303 /* 1304 * The mode data length field specifies the length in bytes of the 1305 * following data that is available to be transferred. The mode data 1306 * length does not include itself. 1307 */ 1308 if (r->req.cmd.buf[0] == MODE_SENSE) { 1309 outbuf[0] = buflen - 1; 1310 } else { /* MODE_SENSE_10 */ 1311 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1312 outbuf[1] = (buflen - 2) & 0xff; 1313 } 1314 return buflen; 1315 } 1316 1317 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1318 { 1319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1320 int start_track, format, msf, toclen; 1321 uint64_t nb_sectors; 1322 1323 msf = req->cmd.buf[1] & 2; 1324 format = req->cmd.buf[2] & 0xf; 1325 start_track = req->cmd.buf[6]; 1326 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1327 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1328 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1329 switch (format) { 1330 case 0: 1331 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1332 break; 1333 case 1: 1334 /* multi session : only a single session defined */ 1335 toclen = 12; 1336 memset(outbuf, 0, 12); 1337 outbuf[1] = 0x0a; 1338 outbuf[2] = 0x01; 1339 outbuf[3] = 0x01; 1340 break; 1341 case 2: 1342 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1343 break; 1344 default: 1345 return -1; 1346 } 1347 return toclen; 1348 } 1349 1350 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1351 { 1352 SCSIRequest *req = &r->req; 1353 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1354 bool start = req->cmd.buf[4] & 1; 1355 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1356 int pwrcnd = req->cmd.buf[4] & 0xf0; 1357 1358 if (pwrcnd) { 1359 /* eject/load only happens for power condition == 0 */ 1360 return 0; 1361 } 1362 1363 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1364 if (!start && !s->tray_open && s->tray_locked) { 1365 scsi_check_condition(r, 1366 blk_is_inserted(s->qdev.conf.blk) 1367 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1368 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1369 return -1; 1370 } 1371 1372 if (s->tray_open != !start) { 1373 blk_eject(s->qdev.conf.blk, !start); 1374 s->tray_open = !start; 1375 } 1376 } 1377 return 0; 1378 } 1379 1380 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1381 { 1382 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1383 int buflen = r->iov.iov_len; 1384 1385 if (buflen) { 1386 trace_scsi_disk_emulate_read_data(buflen); 1387 r->iov.iov_len = 0; 1388 r->started = true; 1389 scsi_req_data(&r->req, buflen); 1390 return; 1391 } 1392 1393 /* This also clears the sense buffer for REQUEST SENSE. */ 1394 scsi_req_complete(&r->req, GOOD); 1395 } 1396 1397 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1398 uint8_t *inbuf, int inlen) 1399 { 1400 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1401 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1402 uint8_t *p; 1403 int len, expected_len, changeable_len, i; 1404 1405 /* The input buffer does not include the page header, so it is 1406 * off by 2 bytes. 1407 */ 1408 expected_len = inlen + 2; 1409 if (expected_len > SCSI_MAX_MODE_LEN) { 1410 return -1; 1411 } 1412 1413 p = mode_current; 1414 memset(mode_current, 0, inlen + 2); 1415 len = mode_sense_page(s, page, &p, 0); 1416 if (len < 0 || len != expected_len) { 1417 return -1; 1418 } 1419 1420 p = mode_changeable; 1421 memset(mode_changeable, 0, inlen + 2); 1422 changeable_len = mode_sense_page(s, page, &p, 1); 1423 assert(changeable_len == len); 1424 1425 /* Check that unchangeable bits are the same as what MODE SENSE 1426 * would return. 1427 */ 1428 for (i = 2; i < len; i++) { 1429 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1430 return -1; 1431 } 1432 } 1433 return 0; 1434 } 1435 1436 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1437 { 1438 switch (page) { 1439 case MODE_PAGE_CACHING: 1440 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1441 break; 1442 1443 default: 1444 break; 1445 } 1446 } 1447 1448 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1449 { 1450 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1451 1452 while (len > 0) { 1453 int page, subpage, page_len; 1454 1455 /* Parse both possible formats for the mode page headers. */ 1456 page = p[0] & 0x3f; 1457 if (p[0] & 0x40) { 1458 if (len < 4) { 1459 goto invalid_param_len; 1460 } 1461 subpage = p[1]; 1462 page_len = lduw_be_p(&p[2]); 1463 p += 4; 1464 len -= 4; 1465 } else { 1466 if (len < 2) { 1467 goto invalid_param_len; 1468 } 1469 subpage = 0; 1470 page_len = p[1]; 1471 p += 2; 1472 len -= 2; 1473 } 1474 1475 if (subpage) { 1476 goto invalid_param; 1477 } 1478 if (page_len > len) { 1479 goto invalid_param_len; 1480 } 1481 1482 if (!change) { 1483 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1484 goto invalid_param; 1485 } 1486 } else { 1487 scsi_disk_apply_mode_select(s, page, p); 1488 } 1489 1490 p += page_len; 1491 len -= page_len; 1492 } 1493 return 0; 1494 1495 invalid_param: 1496 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1497 return -1; 1498 1499 invalid_param_len: 1500 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1501 return -1; 1502 } 1503 1504 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1505 { 1506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1507 uint8_t *p = inbuf; 1508 int cmd = r->req.cmd.buf[0]; 1509 int len = r->req.cmd.xfer; 1510 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1511 int bd_len; 1512 int pass; 1513 1514 /* We only support PF=1, SP=0. */ 1515 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1516 goto invalid_field; 1517 } 1518 1519 if (len < hdr_len) { 1520 goto invalid_param_len; 1521 } 1522 1523 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1524 len -= hdr_len; 1525 p += hdr_len; 1526 if (len < bd_len) { 1527 goto invalid_param_len; 1528 } 1529 if (bd_len != 0 && bd_len != 8) { 1530 goto invalid_param; 1531 } 1532 1533 len -= bd_len; 1534 p += bd_len; 1535 1536 /* Ensure no change is made if there is an error! */ 1537 for (pass = 0; pass < 2; pass++) { 1538 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1539 assert(pass == 0); 1540 return; 1541 } 1542 } 1543 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1544 /* The request is used as the AIO opaque value, so add a ref. */ 1545 scsi_req_ref(&r->req); 1546 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1547 BLOCK_ACCT_FLUSH); 1548 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1549 return; 1550 } 1551 1552 scsi_req_complete(&r->req, GOOD); 1553 return; 1554 1555 invalid_param: 1556 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1557 return; 1558 1559 invalid_param_len: 1560 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1561 return; 1562 1563 invalid_field: 1564 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1565 } 1566 1567 static inline bool check_lba_range(SCSIDiskState *s, 1568 uint64_t sector_num, uint32_t nb_sectors) 1569 { 1570 /* 1571 * The first line tests that no overflow happens when computing the last 1572 * sector. The second line tests that the last accessed sector is in 1573 * range. 1574 * 1575 * Careful, the computations should not underflow for nb_sectors == 0, 1576 * and a 0-block read to the first LBA beyond the end of device is 1577 * valid. 1578 */ 1579 return (sector_num <= sector_num + nb_sectors && 1580 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1581 } 1582 1583 typedef struct UnmapCBData { 1584 SCSIDiskReq *r; 1585 uint8_t *inbuf; 1586 int count; 1587 } UnmapCBData; 1588 1589 static void scsi_unmap_complete(void *opaque, int ret); 1590 1591 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1592 { 1593 SCSIDiskReq *r = data->r; 1594 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1595 1596 assert(r->req.aiocb == NULL); 1597 1598 if (data->count > 0) { 1599 r->sector = ldq_be_p(&data->inbuf[0]) 1600 * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1601 r->sector_count = (ldl_be_p(&data->inbuf[8]) & 0xffffffffULL) 1602 * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1603 if (!check_lba_range(s, r->sector, r->sector_count)) { 1604 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1605 BLOCK_ACCT_UNMAP); 1606 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1607 goto done; 1608 } 1609 1610 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1611 r->sector_count * BDRV_SECTOR_SIZE, 1612 BLOCK_ACCT_UNMAP); 1613 1614 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1615 r->sector * BDRV_SECTOR_SIZE, 1616 r->sector_count * BDRV_SECTOR_SIZE, 1617 scsi_unmap_complete, data); 1618 data->count--; 1619 data->inbuf += 16; 1620 return; 1621 } 1622 1623 scsi_req_complete(&r->req, GOOD); 1624 1625 done: 1626 scsi_req_unref(&r->req); 1627 g_free(data); 1628 } 1629 1630 static void scsi_unmap_complete(void *opaque, int ret) 1631 { 1632 UnmapCBData *data = opaque; 1633 SCSIDiskReq *r = data->r; 1634 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1635 1636 assert(r->req.aiocb != NULL); 1637 r->req.aiocb = NULL; 1638 1639 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1640 if (scsi_disk_req_check_error(r, ret, true)) { 1641 scsi_req_unref(&r->req); 1642 g_free(data); 1643 } else { 1644 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1645 scsi_unmap_complete_noio(data, ret); 1646 } 1647 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1648 } 1649 1650 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1651 { 1652 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1653 uint8_t *p = inbuf; 1654 int len = r->req.cmd.xfer; 1655 UnmapCBData *data; 1656 1657 /* Reject ANCHOR=1. */ 1658 if (r->req.cmd.buf[1] & 0x1) { 1659 goto invalid_field; 1660 } 1661 1662 if (len < 8) { 1663 goto invalid_param_len; 1664 } 1665 if (len < lduw_be_p(&p[0]) + 2) { 1666 goto invalid_param_len; 1667 } 1668 if (len < lduw_be_p(&p[2]) + 8) { 1669 goto invalid_param_len; 1670 } 1671 if (lduw_be_p(&p[2]) & 15) { 1672 goto invalid_param_len; 1673 } 1674 1675 if (!blk_is_writable(s->qdev.conf.blk)) { 1676 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1677 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1678 return; 1679 } 1680 1681 data = g_new0(UnmapCBData, 1); 1682 data->r = r; 1683 data->inbuf = &p[8]; 1684 data->count = lduw_be_p(&p[2]) >> 4; 1685 1686 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1687 scsi_req_ref(&r->req); 1688 scsi_unmap_complete_noio(data, 0); 1689 return; 1690 1691 invalid_param_len: 1692 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1693 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1694 return; 1695 1696 invalid_field: 1697 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1698 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1699 } 1700 1701 typedef struct WriteSameCBData { 1702 SCSIDiskReq *r; 1703 int64_t sector; 1704 int nb_sectors; 1705 QEMUIOVector qiov; 1706 struct iovec iov; 1707 } WriteSameCBData; 1708 1709 static void scsi_write_same_complete(void *opaque, int ret) 1710 { 1711 WriteSameCBData *data = opaque; 1712 SCSIDiskReq *r = data->r; 1713 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1714 1715 assert(r->req.aiocb != NULL); 1716 r->req.aiocb = NULL; 1717 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1718 if (scsi_disk_req_check_error(r, ret, true)) { 1719 goto done; 1720 } 1721 1722 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1723 1724 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1725 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1726 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1727 data->iov.iov_len); 1728 if (data->iov.iov_len) { 1729 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1730 data->iov.iov_len, BLOCK_ACCT_WRITE); 1731 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1732 * where final qiov may need smaller size */ 1733 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1734 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1735 data->sector << BDRV_SECTOR_BITS, 1736 &data->qiov, 0, 1737 scsi_write_same_complete, data); 1738 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1739 return; 1740 } 1741 1742 scsi_req_complete(&r->req, GOOD); 1743 1744 done: 1745 scsi_req_unref(&r->req); 1746 qemu_vfree(data->iov.iov_base); 1747 g_free(data); 1748 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1749 } 1750 1751 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1752 { 1753 SCSIRequest *req = &r->req; 1754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1755 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1756 WriteSameCBData *data; 1757 uint8_t *buf; 1758 int i; 1759 1760 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1761 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1762 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1763 return; 1764 } 1765 1766 if (!blk_is_writable(s->qdev.conf.blk)) { 1767 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1768 return; 1769 } 1770 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1771 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1772 return; 1773 } 1774 1775 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1776 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1777 1778 /* The request is used as the AIO opaque value, so add a ref. */ 1779 scsi_req_ref(&r->req); 1780 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1781 nb_sectors * s->qdev.blocksize, 1782 BLOCK_ACCT_WRITE); 1783 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1784 r->req.cmd.lba * s->qdev.blocksize, 1785 nb_sectors * s->qdev.blocksize, 1786 flags, scsi_aio_complete, r); 1787 return; 1788 } 1789 1790 data = g_new0(WriteSameCBData, 1); 1791 data->r = r; 1792 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1793 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1794 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1795 SCSI_WRITE_SAME_MAX); 1796 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1797 data->iov.iov_len); 1798 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1799 1800 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1801 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1802 } 1803 1804 scsi_req_ref(&r->req); 1805 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1806 data->iov.iov_len, BLOCK_ACCT_WRITE); 1807 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1808 data->sector << BDRV_SECTOR_BITS, 1809 &data->qiov, 0, 1810 scsi_write_same_complete, data); 1811 } 1812 1813 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1814 { 1815 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1816 1817 if (r->iov.iov_len) { 1818 int buflen = r->iov.iov_len; 1819 trace_scsi_disk_emulate_write_data(buflen); 1820 r->iov.iov_len = 0; 1821 scsi_req_data(&r->req, buflen); 1822 return; 1823 } 1824 1825 switch (req->cmd.buf[0]) { 1826 case MODE_SELECT: 1827 case MODE_SELECT_10: 1828 /* This also clears the sense buffer for REQUEST SENSE. */ 1829 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1830 break; 1831 1832 case UNMAP: 1833 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1834 break; 1835 1836 case VERIFY_10: 1837 case VERIFY_12: 1838 case VERIFY_16: 1839 if (r->req.status == -1) { 1840 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1841 } 1842 break; 1843 1844 case WRITE_SAME_10: 1845 case WRITE_SAME_16: 1846 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1847 break; 1848 1849 default: 1850 abort(); 1851 } 1852 } 1853 1854 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1855 { 1856 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1857 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1858 uint64_t nb_sectors; 1859 uint8_t *outbuf; 1860 int buflen; 1861 1862 switch (req->cmd.buf[0]) { 1863 case INQUIRY: 1864 case MODE_SENSE: 1865 case MODE_SENSE_10: 1866 case RESERVE: 1867 case RESERVE_10: 1868 case RELEASE: 1869 case RELEASE_10: 1870 case START_STOP: 1871 case ALLOW_MEDIUM_REMOVAL: 1872 case GET_CONFIGURATION: 1873 case GET_EVENT_STATUS_NOTIFICATION: 1874 case MECHANISM_STATUS: 1875 case REQUEST_SENSE: 1876 break; 1877 1878 default: 1879 if (!blk_is_available(s->qdev.conf.blk)) { 1880 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1881 return 0; 1882 } 1883 break; 1884 } 1885 1886 /* 1887 * FIXME: we shouldn't return anything bigger than 4k, but the code 1888 * requires the buffer to be as big as req->cmd.xfer in several 1889 * places. So, do not allow CDBs with a very large ALLOCATION 1890 * LENGTH. The real fix would be to modify scsi_read_data and 1891 * dma_buf_read, so that they return data beyond the buflen 1892 * as all zeros. 1893 */ 1894 if (req->cmd.xfer > 65536) { 1895 goto illegal_request; 1896 } 1897 r->buflen = MAX(4096, req->cmd.xfer); 1898 1899 if (!r->iov.iov_base) { 1900 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1901 } 1902 1903 outbuf = r->iov.iov_base; 1904 memset(outbuf, 0, r->buflen); 1905 switch (req->cmd.buf[0]) { 1906 case TEST_UNIT_READY: 1907 assert(blk_is_available(s->qdev.conf.blk)); 1908 break; 1909 case INQUIRY: 1910 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1911 if (buflen < 0) { 1912 goto illegal_request; 1913 } 1914 break; 1915 case MODE_SENSE: 1916 case MODE_SENSE_10: 1917 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1918 if (buflen < 0) { 1919 goto illegal_request; 1920 } 1921 break; 1922 case READ_TOC: 1923 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1924 if (buflen < 0) { 1925 goto illegal_request; 1926 } 1927 break; 1928 case RESERVE: 1929 if (req->cmd.buf[1] & 1) { 1930 goto illegal_request; 1931 } 1932 break; 1933 case RESERVE_10: 1934 if (req->cmd.buf[1] & 3) { 1935 goto illegal_request; 1936 } 1937 break; 1938 case RELEASE: 1939 if (req->cmd.buf[1] & 1) { 1940 goto illegal_request; 1941 } 1942 break; 1943 case RELEASE_10: 1944 if (req->cmd.buf[1] & 3) { 1945 goto illegal_request; 1946 } 1947 break; 1948 case START_STOP: 1949 if (scsi_disk_emulate_start_stop(r) < 0) { 1950 return 0; 1951 } 1952 break; 1953 case ALLOW_MEDIUM_REMOVAL: 1954 s->tray_locked = req->cmd.buf[4] & 1; 1955 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1956 break; 1957 case READ_CAPACITY_10: 1958 /* The normal LEN field for this command is zero. */ 1959 memset(outbuf, 0, 8); 1960 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1961 if (!nb_sectors) { 1962 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1963 return 0; 1964 } 1965 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1966 goto illegal_request; 1967 } 1968 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1969 /* Returned value is the address of the last sector. */ 1970 nb_sectors--; 1971 /* Remember the new size for read/write sanity checking. */ 1972 s->qdev.max_lba = nb_sectors; 1973 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1974 if (nb_sectors > UINT32_MAX) { 1975 nb_sectors = UINT32_MAX; 1976 } 1977 outbuf[0] = (nb_sectors >> 24) & 0xff; 1978 outbuf[1] = (nb_sectors >> 16) & 0xff; 1979 outbuf[2] = (nb_sectors >> 8) & 0xff; 1980 outbuf[3] = nb_sectors & 0xff; 1981 outbuf[4] = 0; 1982 outbuf[5] = 0; 1983 outbuf[6] = s->qdev.blocksize >> 8; 1984 outbuf[7] = 0; 1985 break; 1986 case REQUEST_SENSE: 1987 /* Just return "NO SENSE". */ 1988 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 1989 (req->cmd.buf[1] & 1) == 0); 1990 if (buflen < 0) { 1991 goto illegal_request; 1992 } 1993 break; 1994 case MECHANISM_STATUS: 1995 buflen = scsi_emulate_mechanism_status(s, outbuf); 1996 if (buflen < 0) { 1997 goto illegal_request; 1998 } 1999 break; 2000 case GET_CONFIGURATION: 2001 buflen = scsi_get_configuration(s, outbuf); 2002 if (buflen < 0) { 2003 goto illegal_request; 2004 } 2005 break; 2006 case GET_EVENT_STATUS_NOTIFICATION: 2007 buflen = scsi_get_event_status_notification(s, r, outbuf); 2008 if (buflen < 0) { 2009 goto illegal_request; 2010 } 2011 break; 2012 case READ_DISC_INFORMATION: 2013 buflen = scsi_read_disc_information(s, r, outbuf); 2014 if (buflen < 0) { 2015 goto illegal_request; 2016 } 2017 break; 2018 case READ_DVD_STRUCTURE: 2019 buflen = scsi_read_dvd_structure(s, r, outbuf); 2020 if (buflen < 0) { 2021 goto illegal_request; 2022 } 2023 break; 2024 case SERVICE_ACTION_IN_16: 2025 /* Service Action In subcommands. */ 2026 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2027 trace_scsi_disk_emulate_command_SAI_16(); 2028 memset(outbuf, 0, req->cmd.xfer); 2029 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2030 if (!nb_sectors) { 2031 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2032 return 0; 2033 } 2034 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2035 goto illegal_request; 2036 } 2037 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2038 /* Returned value is the address of the last sector. */ 2039 nb_sectors--; 2040 /* Remember the new size for read/write sanity checking. */ 2041 s->qdev.max_lba = nb_sectors; 2042 outbuf[0] = (nb_sectors >> 56) & 0xff; 2043 outbuf[1] = (nb_sectors >> 48) & 0xff; 2044 outbuf[2] = (nb_sectors >> 40) & 0xff; 2045 outbuf[3] = (nb_sectors >> 32) & 0xff; 2046 outbuf[4] = (nb_sectors >> 24) & 0xff; 2047 outbuf[5] = (nb_sectors >> 16) & 0xff; 2048 outbuf[6] = (nb_sectors >> 8) & 0xff; 2049 outbuf[7] = nb_sectors & 0xff; 2050 outbuf[8] = 0; 2051 outbuf[9] = 0; 2052 outbuf[10] = s->qdev.blocksize >> 8; 2053 outbuf[11] = 0; 2054 outbuf[12] = 0; 2055 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2056 2057 /* set TPE bit if the format supports discard */ 2058 if (s->qdev.conf.discard_granularity) { 2059 outbuf[14] = 0x80; 2060 } 2061 2062 /* Protection, exponent and lowest lba field left blank. */ 2063 break; 2064 } 2065 trace_scsi_disk_emulate_command_SAI_unsupported(); 2066 goto illegal_request; 2067 case SYNCHRONIZE_CACHE: 2068 /* The request is used as the AIO opaque value, so add a ref. */ 2069 scsi_req_ref(&r->req); 2070 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2071 BLOCK_ACCT_FLUSH); 2072 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2073 return 0; 2074 case SEEK_10: 2075 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2076 if (r->req.cmd.lba > s->qdev.max_lba) { 2077 goto illegal_lba; 2078 } 2079 break; 2080 case MODE_SELECT: 2081 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2082 break; 2083 case MODE_SELECT_10: 2084 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2085 break; 2086 case UNMAP: 2087 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2088 break; 2089 case VERIFY_10: 2090 case VERIFY_12: 2091 case VERIFY_16: 2092 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2093 if (req->cmd.buf[1] & 6) { 2094 goto illegal_request; 2095 } 2096 break; 2097 case WRITE_SAME_10: 2098 case WRITE_SAME_16: 2099 trace_scsi_disk_emulate_command_WRITE_SAME( 2100 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2101 break; 2102 default: 2103 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2104 scsi_command_name(buf[0])); 2105 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2106 return 0; 2107 } 2108 assert(!r->req.aiocb); 2109 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2110 if (r->iov.iov_len == 0) { 2111 scsi_req_complete(&r->req, GOOD); 2112 } 2113 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2114 assert(r->iov.iov_len == req->cmd.xfer); 2115 return -r->iov.iov_len; 2116 } else { 2117 return r->iov.iov_len; 2118 } 2119 2120 illegal_request: 2121 if (r->req.status == -1) { 2122 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2123 } 2124 return 0; 2125 2126 illegal_lba: 2127 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2128 return 0; 2129 } 2130 2131 /* Execute a scsi command. Returns the length of the data expected by the 2132 command. This will be Positive for data transfers from the device 2133 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2134 and zero if the command does not transfer any data. */ 2135 2136 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2137 { 2138 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2140 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2141 uint32_t len; 2142 uint8_t command; 2143 2144 command = buf[0]; 2145 2146 if (!blk_is_available(s->qdev.conf.blk)) { 2147 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2148 return 0; 2149 } 2150 2151 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2152 switch (command) { 2153 case READ_6: 2154 case READ_10: 2155 case READ_12: 2156 case READ_16: 2157 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2158 /* Protection information is not supported. For SCSI versions 2 and 2159 * older (as determined by snooping the guest's INQUIRY commands), 2160 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2161 */ 2162 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2163 goto illegal_request; 2164 } 2165 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2166 goto illegal_lba; 2167 } 2168 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2169 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2170 break; 2171 case WRITE_6: 2172 case WRITE_10: 2173 case WRITE_12: 2174 case WRITE_16: 2175 case WRITE_VERIFY_10: 2176 case WRITE_VERIFY_12: 2177 case WRITE_VERIFY_16: 2178 if (!blk_is_writable(s->qdev.conf.blk)) { 2179 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2180 return 0; 2181 } 2182 trace_scsi_disk_dma_command_WRITE( 2183 (command & 0xe) == 0xe ? "And Verify " : "", 2184 r->req.cmd.lba, len); 2185 /* fall through */ 2186 case VERIFY_10: 2187 case VERIFY_12: 2188 case VERIFY_16: 2189 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2190 * As far as DMA is concerned, we can treat it the same as a write; 2191 * scsi_block_do_sgio will send VERIFY commands. 2192 */ 2193 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2194 goto illegal_request; 2195 } 2196 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2197 goto illegal_lba; 2198 } 2199 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2200 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2201 break; 2202 default: 2203 abort(); 2204 illegal_request: 2205 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2206 return 0; 2207 illegal_lba: 2208 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2209 return 0; 2210 } 2211 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2212 if (r->sector_count == 0) { 2213 scsi_req_complete(&r->req, GOOD); 2214 } 2215 assert(r->iov.iov_len == 0); 2216 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2217 return -r->sector_count * BDRV_SECTOR_SIZE; 2218 } else { 2219 return r->sector_count * BDRV_SECTOR_SIZE; 2220 } 2221 } 2222 2223 static void scsi_disk_reset(DeviceState *dev) 2224 { 2225 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2226 uint64_t nb_sectors; 2227 2228 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2229 2230 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2231 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2232 if (nb_sectors) { 2233 nb_sectors--; 2234 } 2235 s->qdev.max_lba = nb_sectors; 2236 /* reset tray statuses */ 2237 s->tray_locked = 0; 2238 s->tray_open = 0; 2239 2240 s->qdev.scsi_version = s->qdev.default_scsi_version; 2241 } 2242 2243 static void scsi_disk_resize_cb(void *opaque) 2244 { 2245 SCSIDiskState *s = opaque; 2246 2247 /* SPC lists this sense code as available only for 2248 * direct-access devices. 2249 */ 2250 if (s->qdev.type == TYPE_DISK) { 2251 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2252 } 2253 } 2254 2255 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2256 { 2257 SCSIDiskState *s = opaque; 2258 2259 /* 2260 * When a CD gets changed, we have to report an ejected state and 2261 * then a loaded state to guests so that they detect tray 2262 * open/close and media change events. Guests that do not use 2263 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2264 * states rely on this behavior. 2265 * 2266 * media_changed governs the state machine used for unit attention 2267 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2268 */ 2269 s->media_changed = load; 2270 s->tray_open = !load; 2271 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2272 s->media_event = true; 2273 s->eject_request = false; 2274 } 2275 2276 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2277 { 2278 SCSIDiskState *s = opaque; 2279 2280 s->eject_request = true; 2281 if (force) { 2282 s->tray_locked = false; 2283 } 2284 } 2285 2286 static bool scsi_cd_is_tray_open(void *opaque) 2287 { 2288 return ((SCSIDiskState *)opaque)->tray_open; 2289 } 2290 2291 static bool scsi_cd_is_medium_locked(void *opaque) 2292 { 2293 return ((SCSIDiskState *)opaque)->tray_locked; 2294 } 2295 2296 static const BlockDevOps scsi_disk_removable_block_ops = { 2297 .change_media_cb = scsi_cd_change_media_cb, 2298 .eject_request_cb = scsi_cd_eject_request_cb, 2299 .is_tray_open = scsi_cd_is_tray_open, 2300 .is_medium_locked = scsi_cd_is_medium_locked, 2301 2302 .resize_cb = scsi_disk_resize_cb, 2303 }; 2304 2305 static const BlockDevOps scsi_disk_block_ops = { 2306 .resize_cb = scsi_disk_resize_cb, 2307 }; 2308 2309 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2310 { 2311 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2312 if (s->media_changed) { 2313 s->media_changed = false; 2314 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2315 } 2316 } 2317 2318 static void scsi_realize(SCSIDevice *dev, Error **errp) 2319 { 2320 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2321 bool read_only; 2322 2323 if (!s->qdev.conf.blk) { 2324 error_setg(errp, "drive property not set"); 2325 return; 2326 } 2327 2328 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2329 !blk_is_inserted(s->qdev.conf.blk)) { 2330 error_setg(errp, "Device needs media, but drive is empty"); 2331 return; 2332 } 2333 2334 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2335 return; 2336 } 2337 2338 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2339 !s->qdev.hba_supports_iothread) 2340 { 2341 error_setg(errp, "HBA does not support iothreads"); 2342 return; 2343 } 2344 2345 if (dev->type == TYPE_DISK) { 2346 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2347 return; 2348 } 2349 } 2350 2351 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2352 if (dev->type == TYPE_ROM) { 2353 read_only = true; 2354 } 2355 2356 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2357 dev->type == TYPE_DISK, errp)) { 2358 return; 2359 } 2360 2361 if (s->qdev.conf.discard_granularity == -1) { 2362 s->qdev.conf.discard_granularity = 2363 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2364 } 2365 2366 if (!s->version) { 2367 s->version = g_strdup(qemu_hw_version()); 2368 } 2369 if (!s->vendor) { 2370 s->vendor = g_strdup("QEMU"); 2371 } 2372 if (!s->device_id) { 2373 if (s->serial) { 2374 s->device_id = g_strdup_printf("%.20s", s->serial); 2375 } else { 2376 const char *str = blk_name(s->qdev.conf.blk); 2377 if (str && *str) { 2378 s->device_id = g_strdup(str); 2379 } 2380 } 2381 } 2382 2383 if (blk_is_sg(s->qdev.conf.blk)) { 2384 error_setg(errp, "unwanted /dev/sg*"); 2385 return; 2386 } 2387 2388 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2389 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2390 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2391 } else { 2392 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2393 } 2394 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2395 2396 blk_iostatus_enable(s->qdev.conf.blk); 2397 2398 add_boot_device_lchs(&dev->qdev, NULL, 2399 dev->conf.lcyls, 2400 dev->conf.lheads, 2401 dev->conf.lsecs); 2402 } 2403 2404 static void scsi_unrealize(SCSIDevice *dev) 2405 { 2406 del_boot_device_lchs(&dev->qdev, NULL); 2407 } 2408 2409 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2410 { 2411 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2412 AioContext *ctx = NULL; 2413 /* can happen for devices without drive. The error message for missing 2414 * backend will be issued in scsi_realize 2415 */ 2416 if (s->qdev.conf.blk) { 2417 ctx = blk_get_aio_context(s->qdev.conf.blk); 2418 aio_context_acquire(ctx); 2419 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2420 goto out; 2421 } 2422 } 2423 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2424 s->qdev.type = TYPE_DISK; 2425 if (!s->product) { 2426 s->product = g_strdup("QEMU HARDDISK"); 2427 } 2428 scsi_realize(&s->qdev, errp); 2429 out: 2430 if (ctx) { 2431 aio_context_release(ctx); 2432 } 2433 } 2434 2435 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2436 { 2437 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2438 AioContext *ctx; 2439 int ret; 2440 2441 if (!dev->conf.blk) { 2442 /* Anonymous BlockBackend for an empty drive. As we put it into 2443 * dev->conf, qdev takes care of detaching on unplug. */ 2444 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2445 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2446 assert(ret == 0); 2447 } 2448 2449 ctx = blk_get_aio_context(dev->conf.blk); 2450 aio_context_acquire(ctx); 2451 s->qdev.blocksize = 2048; 2452 s->qdev.type = TYPE_ROM; 2453 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2454 if (!s->product) { 2455 s->product = g_strdup("QEMU CD-ROM"); 2456 } 2457 scsi_realize(&s->qdev, errp); 2458 aio_context_release(ctx); 2459 } 2460 2461 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2462 { 2463 DriveInfo *dinfo; 2464 Error *local_err = NULL; 2465 2466 warn_report("'scsi-disk' is deprecated, " 2467 "please use 'scsi-hd' or 'scsi-cd' instead"); 2468 2469 if (!dev->conf.blk) { 2470 scsi_realize(dev, &local_err); 2471 assert(local_err); 2472 error_propagate(errp, local_err); 2473 return; 2474 } 2475 2476 dinfo = blk_legacy_dinfo(dev->conf.blk); 2477 if (dinfo && dinfo->media_cd) { 2478 scsi_cd_realize(dev, errp); 2479 } else { 2480 scsi_hd_realize(dev, errp); 2481 } 2482 } 2483 2484 static const SCSIReqOps scsi_disk_emulate_reqops = { 2485 .size = sizeof(SCSIDiskReq), 2486 .free_req = scsi_free_request, 2487 .send_command = scsi_disk_emulate_command, 2488 .read_data = scsi_disk_emulate_read_data, 2489 .write_data = scsi_disk_emulate_write_data, 2490 .get_buf = scsi_get_buf, 2491 }; 2492 2493 static const SCSIReqOps scsi_disk_dma_reqops = { 2494 .size = sizeof(SCSIDiskReq), 2495 .free_req = scsi_free_request, 2496 .send_command = scsi_disk_dma_command, 2497 .read_data = scsi_read_data, 2498 .write_data = scsi_write_data, 2499 .get_buf = scsi_get_buf, 2500 .load_request = scsi_disk_load_request, 2501 .save_request = scsi_disk_save_request, 2502 }; 2503 2504 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2505 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2506 [INQUIRY] = &scsi_disk_emulate_reqops, 2507 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2508 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2509 [START_STOP] = &scsi_disk_emulate_reqops, 2510 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2511 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2512 [READ_TOC] = &scsi_disk_emulate_reqops, 2513 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2514 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2515 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2516 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2517 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2518 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2519 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2520 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2521 [SEEK_10] = &scsi_disk_emulate_reqops, 2522 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2523 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2524 [UNMAP] = &scsi_disk_emulate_reqops, 2525 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2526 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2527 [VERIFY_10] = &scsi_disk_emulate_reqops, 2528 [VERIFY_12] = &scsi_disk_emulate_reqops, 2529 [VERIFY_16] = &scsi_disk_emulate_reqops, 2530 2531 [READ_6] = &scsi_disk_dma_reqops, 2532 [READ_10] = &scsi_disk_dma_reqops, 2533 [READ_12] = &scsi_disk_dma_reqops, 2534 [READ_16] = &scsi_disk_dma_reqops, 2535 [WRITE_6] = &scsi_disk_dma_reqops, 2536 [WRITE_10] = &scsi_disk_dma_reqops, 2537 [WRITE_12] = &scsi_disk_dma_reqops, 2538 [WRITE_16] = &scsi_disk_dma_reqops, 2539 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2540 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2541 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2542 }; 2543 2544 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2545 { 2546 int i; 2547 int len = scsi_cdb_length(buf); 2548 char *line_buffer, *p; 2549 2550 line_buffer = g_malloc(len * 5 + 1); 2551 2552 for (i = 0, p = line_buffer; i < len; i++) { 2553 p += sprintf(p, " 0x%02x", buf[i]); 2554 } 2555 trace_scsi_disk_new_request(lun, tag, line_buffer); 2556 2557 g_free(line_buffer); 2558 } 2559 2560 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2561 uint8_t *buf, void *hba_private) 2562 { 2563 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2564 SCSIRequest *req; 2565 const SCSIReqOps *ops; 2566 uint8_t command; 2567 2568 command = buf[0]; 2569 ops = scsi_disk_reqops_dispatch[command]; 2570 if (!ops) { 2571 ops = &scsi_disk_emulate_reqops; 2572 } 2573 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2574 2575 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2576 scsi_disk_new_request_dump(lun, tag, buf); 2577 } 2578 2579 return req; 2580 } 2581 2582 #ifdef __linux__ 2583 static int get_device_type(SCSIDiskState *s) 2584 { 2585 uint8_t cmd[16]; 2586 uint8_t buf[36]; 2587 int ret; 2588 2589 memset(cmd, 0, sizeof(cmd)); 2590 memset(buf, 0, sizeof(buf)); 2591 cmd[0] = INQUIRY; 2592 cmd[4] = sizeof(buf); 2593 2594 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2595 buf, sizeof(buf), s->qdev.io_timeout); 2596 if (ret < 0) { 2597 return -1; 2598 } 2599 s->qdev.type = buf[0]; 2600 if (buf[1] & 0x80) { 2601 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2602 } 2603 return 0; 2604 } 2605 2606 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2607 { 2608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2609 AioContext *ctx; 2610 int sg_version; 2611 int rc; 2612 2613 if (!s->qdev.conf.blk) { 2614 error_setg(errp, "drive property not set"); 2615 return; 2616 } 2617 2618 if (s->rotation_rate) { 2619 error_report_once("rotation_rate is specified for scsi-block but is " 2620 "not implemented. This option is deprecated and will " 2621 "be removed in a future version"); 2622 } 2623 2624 ctx = blk_get_aio_context(s->qdev.conf.blk); 2625 aio_context_acquire(ctx); 2626 2627 /* check we are using a driver managing SG_IO (version 3 and after) */ 2628 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2629 if (rc < 0) { 2630 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2631 if (rc != -EPERM) { 2632 error_append_hint(errp, "Is this a SCSI device?\n"); 2633 } 2634 goto out; 2635 } 2636 if (sg_version < 30000) { 2637 error_setg(errp, "scsi generic interface too old"); 2638 goto out; 2639 } 2640 2641 /* get device type from INQUIRY data */ 2642 rc = get_device_type(s); 2643 if (rc < 0) { 2644 error_setg(errp, "INQUIRY failed"); 2645 goto out; 2646 } 2647 2648 /* Make a guess for the block size, we'll fix it when the guest sends. 2649 * READ CAPACITY. If they don't, they likely would assume these sizes 2650 * anyway. (TODO: check in /sys). 2651 */ 2652 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2653 s->qdev.blocksize = 2048; 2654 } else { 2655 s->qdev.blocksize = 512; 2656 } 2657 2658 /* Makes the scsi-block device not removable by using HMP and QMP eject 2659 * command. 2660 */ 2661 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2662 2663 scsi_realize(&s->qdev, errp); 2664 scsi_generic_read_device_inquiry(&s->qdev); 2665 2666 out: 2667 aio_context_release(ctx); 2668 } 2669 2670 typedef struct SCSIBlockReq { 2671 SCSIDiskReq req; 2672 sg_io_hdr_t io_header; 2673 2674 /* Selected bytes of the original CDB, copied into our own CDB. */ 2675 uint8_t cmd, cdb1, group_number; 2676 2677 /* CDB passed to SG_IO. */ 2678 uint8_t cdb[16]; 2679 } SCSIBlockReq; 2680 2681 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2682 int64_t offset, QEMUIOVector *iov, 2683 int direction, 2684 BlockCompletionFunc *cb, void *opaque) 2685 { 2686 sg_io_hdr_t *io_header = &req->io_header; 2687 SCSIDiskReq *r = &req->req; 2688 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2689 int nb_logical_blocks; 2690 uint64_t lba; 2691 BlockAIOCB *aiocb; 2692 2693 /* This is not supported yet. It can only happen if the guest does 2694 * reads and writes that are not aligned to one logical sectors 2695 * _and_ cover multiple MemoryRegions. 2696 */ 2697 assert(offset % s->qdev.blocksize == 0); 2698 assert(iov->size % s->qdev.blocksize == 0); 2699 2700 io_header->interface_id = 'S'; 2701 2702 /* The data transfer comes from the QEMUIOVector. */ 2703 io_header->dxfer_direction = direction; 2704 io_header->dxfer_len = iov->size; 2705 io_header->dxferp = (void *)iov->iov; 2706 io_header->iovec_count = iov->niov; 2707 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2708 2709 /* Build a new CDB with the LBA and length patched in, in case 2710 * DMA helpers split the transfer in multiple segments. Do not 2711 * build a CDB smaller than what the guest wanted, and only build 2712 * a larger one if strictly necessary. 2713 */ 2714 io_header->cmdp = req->cdb; 2715 lba = offset / s->qdev.blocksize; 2716 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2717 2718 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2719 /* 6-byte CDB */ 2720 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2721 req->cdb[4] = nb_logical_blocks; 2722 req->cdb[5] = 0; 2723 io_header->cmd_len = 6; 2724 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2725 /* 10-byte CDB */ 2726 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2727 req->cdb[1] = req->cdb1; 2728 stl_be_p(&req->cdb[2], lba); 2729 req->cdb[6] = req->group_number; 2730 stw_be_p(&req->cdb[7], nb_logical_blocks); 2731 req->cdb[9] = 0; 2732 io_header->cmd_len = 10; 2733 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2734 /* 12-byte CDB */ 2735 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2736 req->cdb[1] = req->cdb1; 2737 stl_be_p(&req->cdb[2], lba); 2738 stl_be_p(&req->cdb[6], nb_logical_blocks); 2739 req->cdb[10] = req->group_number; 2740 req->cdb[11] = 0; 2741 io_header->cmd_len = 12; 2742 } else { 2743 /* 16-byte CDB */ 2744 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2745 req->cdb[1] = req->cdb1; 2746 stq_be_p(&req->cdb[2], lba); 2747 stl_be_p(&req->cdb[10], nb_logical_blocks); 2748 req->cdb[14] = req->group_number; 2749 req->cdb[15] = 0; 2750 io_header->cmd_len = 16; 2751 } 2752 2753 /* The rest is as in scsi-generic.c. */ 2754 io_header->mx_sb_len = sizeof(r->req.sense); 2755 io_header->sbp = r->req.sense; 2756 io_header->timeout = s->qdev.io_timeout * 1000; 2757 io_header->usr_ptr = r; 2758 io_header->flags |= SG_FLAG_DIRECT_IO; 2759 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2760 nb_logical_blocks, io_header->timeout); 2761 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque); 2762 assert(aiocb != NULL); 2763 return aiocb; 2764 } 2765 2766 static bool scsi_block_no_fua(SCSICommand *cmd) 2767 { 2768 return false; 2769 } 2770 2771 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2772 QEMUIOVector *iov, 2773 BlockCompletionFunc *cb, void *cb_opaque, 2774 void *opaque) 2775 { 2776 SCSIBlockReq *r = opaque; 2777 return scsi_block_do_sgio(r, offset, iov, 2778 SG_DXFER_FROM_DEV, cb, cb_opaque); 2779 } 2780 2781 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2782 QEMUIOVector *iov, 2783 BlockCompletionFunc *cb, void *cb_opaque, 2784 void *opaque) 2785 { 2786 SCSIBlockReq *r = opaque; 2787 return scsi_block_do_sgio(r, offset, iov, 2788 SG_DXFER_TO_DEV, cb, cb_opaque); 2789 } 2790 2791 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2792 { 2793 switch (buf[0]) { 2794 case VERIFY_10: 2795 case VERIFY_12: 2796 case VERIFY_16: 2797 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2798 * for the number of logical blocks specified in the length 2799 * field). For other modes, do not use scatter/gather operation. 2800 */ 2801 if ((buf[1] & 6) == 2) { 2802 return false; 2803 } 2804 break; 2805 2806 case READ_6: 2807 case READ_10: 2808 case READ_12: 2809 case READ_16: 2810 case WRITE_6: 2811 case WRITE_10: 2812 case WRITE_12: 2813 case WRITE_16: 2814 case WRITE_VERIFY_10: 2815 case WRITE_VERIFY_12: 2816 case WRITE_VERIFY_16: 2817 /* MMC writing cannot be done via DMA helpers, because it sometimes 2818 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2819 * We might use scsi_block_dma_reqops as long as no writing commands are 2820 * seen, but performance usually isn't paramount on optical media. So, 2821 * just make scsi-block operate the same as scsi-generic for them. 2822 */ 2823 if (s->qdev.type != TYPE_ROM) { 2824 return false; 2825 } 2826 break; 2827 2828 default: 2829 break; 2830 } 2831 2832 return true; 2833 } 2834 2835 2836 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2837 { 2838 SCSIBlockReq *r = (SCSIBlockReq *)req; 2839 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2840 2841 r->cmd = req->cmd.buf[0]; 2842 switch (r->cmd >> 5) { 2843 case 0: 2844 /* 6-byte CDB. */ 2845 r->cdb1 = r->group_number = 0; 2846 break; 2847 case 1: 2848 /* 10-byte CDB. */ 2849 r->cdb1 = req->cmd.buf[1]; 2850 r->group_number = req->cmd.buf[6]; 2851 break; 2852 case 4: 2853 /* 12-byte CDB. */ 2854 r->cdb1 = req->cmd.buf[1]; 2855 r->group_number = req->cmd.buf[10]; 2856 break; 2857 case 5: 2858 /* 16-byte CDB. */ 2859 r->cdb1 = req->cmd.buf[1]; 2860 r->group_number = req->cmd.buf[14]; 2861 break; 2862 default: 2863 abort(); 2864 } 2865 2866 /* Protection information is not supported. For SCSI versions 2 and 2867 * older (as determined by snooping the guest's INQUIRY commands), 2868 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2869 */ 2870 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 2871 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 2872 return 0; 2873 } 2874 2875 r->req.status = &r->io_header.status; 2876 return scsi_disk_dma_command(req, buf); 2877 } 2878 2879 static const SCSIReqOps scsi_block_dma_reqops = { 2880 .size = sizeof(SCSIBlockReq), 2881 .free_req = scsi_free_request, 2882 .send_command = scsi_block_dma_command, 2883 .read_data = scsi_read_data, 2884 .write_data = scsi_write_data, 2885 .get_buf = scsi_get_buf, 2886 .load_request = scsi_disk_load_request, 2887 .save_request = scsi_disk_save_request, 2888 }; 2889 2890 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2891 uint32_t lun, uint8_t *buf, 2892 void *hba_private) 2893 { 2894 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2895 2896 if (scsi_block_is_passthrough(s, buf)) { 2897 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2898 hba_private); 2899 } else { 2900 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 2901 hba_private); 2902 } 2903 } 2904 2905 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2906 uint8_t *buf, void *hba_private) 2907 { 2908 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2909 2910 if (scsi_block_is_passthrough(s, buf)) { 2911 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2912 } else { 2913 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2914 } 2915 } 2916 2917 static void scsi_block_update_sense(SCSIRequest *req) 2918 { 2919 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2920 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 2921 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 2922 } 2923 #endif 2924 2925 static 2926 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 2927 BlockCompletionFunc *cb, void *cb_opaque, 2928 void *opaque) 2929 { 2930 SCSIDiskReq *r = opaque; 2931 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2932 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2933 } 2934 2935 static 2936 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 2937 BlockCompletionFunc *cb, void *cb_opaque, 2938 void *opaque) 2939 { 2940 SCSIDiskReq *r = opaque; 2941 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2942 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2943 } 2944 2945 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 2946 { 2947 DeviceClass *dc = DEVICE_CLASS(klass); 2948 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 2949 2950 dc->fw_name = "disk"; 2951 dc->reset = scsi_disk_reset; 2952 sdc->dma_readv = scsi_dma_readv; 2953 sdc->dma_writev = scsi_dma_writev; 2954 sdc->need_fua_emulation = scsi_is_cmd_fua; 2955 } 2956 2957 static const TypeInfo scsi_disk_base_info = { 2958 .name = TYPE_SCSI_DISK_BASE, 2959 .parent = TYPE_SCSI_DEVICE, 2960 .class_init = scsi_disk_base_class_initfn, 2961 .instance_size = sizeof(SCSIDiskState), 2962 .class_size = sizeof(SCSIDiskClass), 2963 .abstract = true, 2964 }; 2965 2966 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2967 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 2968 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 2969 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 2970 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2971 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2972 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2973 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 2974 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 2975 2976 2977 static Property scsi_hd_properties[] = { 2978 DEFINE_SCSI_DISK_PROPERTIES(), 2979 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2980 SCSI_DISK_F_REMOVABLE, false), 2981 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2982 SCSI_DISK_F_DPOFUA, false), 2983 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2984 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2985 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2986 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2987 DEFAULT_MAX_UNMAP_SIZE), 2988 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2989 DEFAULT_MAX_IO_SIZE), 2990 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 2991 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 2992 5), 2993 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2994 DEFINE_PROP_END_OF_LIST(), 2995 }; 2996 2997 static const VMStateDescription vmstate_scsi_disk_state = { 2998 .name = "scsi-disk", 2999 .version_id = 1, 3000 .minimum_version_id = 1, 3001 .fields = (VMStateField[]) { 3002 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3003 VMSTATE_BOOL(media_changed, SCSIDiskState), 3004 VMSTATE_BOOL(media_event, SCSIDiskState), 3005 VMSTATE_BOOL(eject_request, SCSIDiskState), 3006 VMSTATE_BOOL(tray_open, SCSIDiskState), 3007 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3008 VMSTATE_END_OF_LIST() 3009 } 3010 }; 3011 3012 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3013 { 3014 DeviceClass *dc = DEVICE_CLASS(klass); 3015 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3016 3017 sc->realize = scsi_hd_realize; 3018 sc->unrealize = scsi_unrealize; 3019 sc->alloc_req = scsi_new_request; 3020 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3021 dc->desc = "virtual SCSI disk"; 3022 device_class_set_props(dc, scsi_hd_properties); 3023 dc->vmsd = &vmstate_scsi_disk_state; 3024 } 3025 3026 static const TypeInfo scsi_hd_info = { 3027 .name = "scsi-hd", 3028 .parent = TYPE_SCSI_DISK_BASE, 3029 .class_init = scsi_hd_class_initfn, 3030 }; 3031 3032 static Property scsi_cd_properties[] = { 3033 DEFINE_SCSI_DISK_PROPERTIES(), 3034 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3035 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3036 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3037 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3038 DEFAULT_MAX_IO_SIZE), 3039 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3040 5), 3041 DEFINE_PROP_END_OF_LIST(), 3042 }; 3043 3044 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3045 { 3046 DeviceClass *dc = DEVICE_CLASS(klass); 3047 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3048 3049 sc->realize = scsi_cd_realize; 3050 sc->alloc_req = scsi_new_request; 3051 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3052 dc->desc = "virtual SCSI CD-ROM"; 3053 device_class_set_props(dc, scsi_cd_properties); 3054 dc->vmsd = &vmstate_scsi_disk_state; 3055 } 3056 3057 static const TypeInfo scsi_cd_info = { 3058 .name = "scsi-cd", 3059 .parent = TYPE_SCSI_DISK_BASE, 3060 .class_init = scsi_cd_class_initfn, 3061 }; 3062 3063 #ifdef __linux__ 3064 static Property scsi_block_properties[] = { 3065 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3066 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3067 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3068 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3069 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3070 DEFAULT_MAX_UNMAP_SIZE), 3071 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3072 DEFAULT_MAX_IO_SIZE), 3073 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3074 -1), 3075 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3076 DEFAULT_IO_TIMEOUT), 3077 DEFINE_PROP_END_OF_LIST(), 3078 }; 3079 3080 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3081 { 3082 DeviceClass *dc = DEVICE_CLASS(klass); 3083 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3084 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3085 3086 sc->realize = scsi_block_realize; 3087 sc->alloc_req = scsi_block_new_request; 3088 sc->parse_cdb = scsi_block_parse_cdb; 3089 sdc->dma_readv = scsi_block_dma_readv; 3090 sdc->dma_writev = scsi_block_dma_writev; 3091 sdc->update_sense = scsi_block_update_sense; 3092 sdc->need_fua_emulation = scsi_block_no_fua; 3093 dc->desc = "SCSI block device passthrough"; 3094 device_class_set_props(dc, scsi_block_properties); 3095 dc->vmsd = &vmstate_scsi_disk_state; 3096 } 3097 3098 static const TypeInfo scsi_block_info = { 3099 .name = "scsi-block", 3100 .parent = TYPE_SCSI_DISK_BASE, 3101 .class_init = scsi_block_class_initfn, 3102 }; 3103 #endif 3104 3105 static Property scsi_disk_properties[] = { 3106 DEFINE_SCSI_DISK_PROPERTIES(), 3107 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3108 SCSI_DISK_F_REMOVABLE, false), 3109 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3110 SCSI_DISK_F_DPOFUA, false), 3111 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3112 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3113 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3114 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3115 DEFAULT_MAX_UNMAP_SIZE), 3116 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3117 DEFAULT_MAX_IO_SIZE), 3118 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3119 5), 3120 DEFINE_PROP_END_OF_LIST(), 3121 }; 3122 3123 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 3124 { 3125 DeviceClass *dc = DEVICE_CLASS(klass); 3126 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3127 3128 sc->realize = scsi_disk_realize; 3129 sc->alloc_req = scsi_new_request; 3130 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3131 dc->fw_name = "disk"; 3132 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 3133 dc->reset = scsi_disk_reset; 3134 device_class_set_props(dc, scsi_disk_properties); 3135 dc->vmsd = &vmstate_scsi_disk_state; 3136 } 3137 3138 static const TypeInfo scsi_disk_info = { 3139 .name = "scsi-disk", 3140 .parent = TYPE_SCSI_DISK_BASE, 3141 .class_init = scsi_disk_class_initfn, 3142 }; 3143 3144 static void scsi_disk_register_types(void) 3145 { 3146 type_register_static(&scsi_disk_base_info); 3147 type_register_static(&scsi_hd_info); 3148 type_register_static(&scsi_cd_info); 3149 #ifdef __linux__ 3150 type_register_static(&scsi_block_info); 3151 #endif 3152 type_register_static(&scsi_disk_info); 3153 } 3154 3155 type_init(scsi_disk_register_types) 3156