1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu/osdep.h" 32 #include "qapi/error.h" 33 #include "qemu/error-report.h" 34 #include "hw/scsi/scsi.h" 35 #include "block/scsi.h" 36 #include "sysemu/sysemu.h" 37 #include "sysemu/block-backend.h" 38 #include "sysemu/blockdev.h" 39 #include "hw/block/block.h" 40 #include "sysemu/dma.h" 41 #include "qemu/cutils.h" 42 43 #ifdef __linux 44 #include <scsi/sg.h> 45 #endif 46 47 #define SCSI_WRITE_SAME_MAX 524288 48 #define SCSI_DMA_BUF_SIZE 131072 49 #define SCSI_MAX_INQUIRY_LEN 256 50 #define SCSI_MAX_MODE_LEN 256 51 52 #define DEFAULT_DISCARD_GRANULARITY 4096 53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 55 56 typedef struct SCSIDiskState SCSIDiskState; 57 58 typedef struct SCSIDiskReq { 59 SCSIRequest req; 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 61 uint64_t sector; 62 uint32_t sector_count; 63 uint32_t buflen; 64 bool started; 65 struct iovec iov; 66 QEMUIOVector qiov; 67 BlockAcctCookie acct; 68 } SCSIDiskReq; 69 70 #define SCSI_DISK_F_REMOVABLE 0 71 #define SCSI_DISK_F_DPOFUA 1 72 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 73 74 struct SCSIDiskState 75 { 76 SCSIDevice qdev; 77 uint32_t features; 78 bool media_changed; 79 bool media_event; 80 bool eject_request; 81 uint16_t port_index; 82 uint64_t max_unmap_size; 83 uint64_t max_io_size; 84 QEMUBH *bh; 85 char *version; 86 char *serial; 87 char *vendor; 88 char *product; 89 bool tray_open; 90 bool tray_locked; 91 }; 92 93 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 94 95 static void scsi_free_request(SCSIRequest *req) 96 { 97 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 98 99 qemu_vfree(r->iov.iov_base); 100 } 101 102 /* Helper function for command completion with sense. */ 103 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 104 { 105 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 106 r->req.tag, sense.key, sense.asc, sense.ascq); 107 scsi_req_build_sense(&r->req, sense); 108 scsi_req_complete(&r->req, CHECK_CONDITION); 109 } 110 111 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 112 { 113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 114 115 if (!r->iov.iov_base) { 116 r->buflen = size; 117 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 118 } 119 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 120 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 121 } 122 123 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 124 { 125 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 126 127 qemu_put_be64s(f, &r->sector); 128 qemu_put_be32s(f, &r->sector_count); 129 qemu_put_be32s(f, &r->buflen); 130 if (r->buflen) { 131 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 132 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 133 } else if (!req->retry) { 134 uint32_t len = r->iov.iov_len; 135 qemu_put_be32s(f, &len); 136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 137 } 138 } 139 } 140 141 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 142 { 143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 144 145 qemu_get_be64s(f, &r->sector); 146 qemu_get_be32s(f, &r->sector_count); 147 qemu_get_be32s(f, &r->buflen); 148 if (r->buflen) { 149 scsi_init_iovec(r, r->buflen); 150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 151 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } else if (!r->req.retry) { 153 uint32_t len; 154 qemu_get_be32s(f, &len); 155 r->iov.iov_len = len; 156 assert(r->iov.iov_len <= r->buflen); 157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 161 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 162 } 163 164 static void scsi_aio_complete(void *opaque, int ret) 165 { 166 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 168 169 assert(r->req.aiocb != NULL); 170 r->req.aiocb = NULL; 171 if (r->req.io_canceled) { 172 scsi_req_cancel_complete(&r->req); 173 goto done; 174 } 175 176 if (ret < 0) { 177 if (scsi_handle_rw_error(r, -ret, true)) { 178 goto done; 179 } 180 } 181 182 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 183 scsi_req_complete(&r->req, GOOD); 184 185 done: 186 scsi_req_unref(&r->req); 187 } 188 189 static bool scsi_is_cmd_fua(SCSICommand *cmd) 190 { 191 switch (cmd->buf[0]) { 192 case READ_10: 193 case READ_12: 194 case READ_16: 195 case WRITE_10: 196 case WRITE_12: 197 case WRITE_16: 198 return (cmd->buf[1] & 8) != 0; 199 200 case VERIFY_10: 201 case VERIFY_12: 202 case VERIFY_16: 203 case WRITE_VERIFY_10: 204 case WRITE_VERIFY_12: 205 case WRITE_VERIFY_16: 206 return true; 207 208 case READ_6: 209 case WRITE_6: 210 default: 211 return false; 212 } 213 } 214 215 static void scsi_write_do_fua(SCSIDiskReq *r) 216 { 217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 218 219 assert(r->req.aiocb == NULL); 220 221 if (r->req.io_canceled) { 222 scsi_req_cancel_complete(&r->req); 223 goto done; 224 } 225 226 if (scsi_is_cmd_fua(&r->req.cmd)) { 227 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 228 BLOCK_ACCT_FLUSH); 229 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 230 return; 231 } 232 233 scsi_req_complete(&r->req, GOOD); 234 235 done: 236 scsi_req_unref(&r->req); 237 } 238 239 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 240 { 241 assert(r->req.aiocb == NULL); 242 243 if (r->req.io_canceled) { 244 scsi_req_cancel_complete(&r->req); 245 goto done; 246 } 247 248 if (ret < 0) { 249 if (scsi_handle_rw_error(r, -ret, false)) { 250 goto done; 251 } 252 } 253 254 r->sector += r->sector_count; 255 r->sector_count = 0; 256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 257 scsi_write_do_fua(r); 258 return; 259 } else { 260 scsi_req_complete(&r->req, GOOD); 261 } 262 263 done: 264 scsi_req_unref(&r->req); 265 } 266 267 static void scsi_dma_complete(void *opaque, int ret) 268 { 269 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 271 272 assert(r->req.aiocb != NULL); 273 r->req.aiocb = NULL; 274 275 if (ret < 0) { 276 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 277 } else { 278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 279 } 280 scsi_dma_complete_noio(r, ret); 281 } 282 283 static void scsi_read_complete(void * opaque, int ret) 284 { 285 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 287 int n; 288 289 assert(r->req.aiocb != NULL); 290 r->req.aiocb = NULL; 291 if (r->req.io_canceled) { 292 scsi_req_cancel_complete(&r->req); 293 goto done; 294 } 295 296 if (ret < 0) { 297 if (scsi_handle_rw_error(r, -ret, true)) { 298 goto done; 299 } 300 } 301 302 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 303 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 304 305 n = r->qiov.size / 512; 306 r->sector += n; 307 r->sector_count -= n; 308 scsi_req_data(&r->req, r->qiov.size); 309 310 done: 311 scsi_req_unref(&r->req); 312 } 313 314 /* Actually issue a read to the block device. */ 315 static void scsi_do_read(SCSIDiskReq *r, int ret) 316 { 317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 318 319 assert (r->req.aiocb == NULL); 320 321 if (r->req.io_canceled) { 322 scsi_req_cancel_complete(&r->req); 323 goto done; 324 } 325 326 if (ret < 0) { 327 if (scsi_handle_rw_error(r, -ret, false)) { 328 goto done; 329 } 330 } 331 332 /* The request is used as the AIO opaque value, so add a ref. */ 333 scsi_req_ref(&r->req); 334 335 if (r->req.sg) { 336 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 337 r->req.resid -= r->req.sg->size; 338 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector, 339 scsi_dma_complete, r); 340 } else { 341 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 342 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 343 r->qiov.size, BLOCK_ACCT_READ); 344 r->req.aiocb = blk_aio_preadv(s->qdev.conf.blk, 345 r->sector << BDRV_SECTOR_BITS, &r->qiov, 346 0, scsi_read_complete, r); 347 } 348 349 done: 350 scsi_req_unref(&r->req); 351 } 352 353 static void scsi_do_read_cb(void *opaque, int ret) 354 { 355 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 357 358 assert (r->req.aiocb != NULL); 359 r->req.aiocb = NULL; 360 361 if (ret < 0) { 362 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 363 } else { 364 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 365 } 366 scsi_do_read(opaque, ret); 367 } 368 369 /* Read more data from scsi device into buffer. */ 370 static void scsi_read_data(SCSIRequest *req) 371 { 372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 374 bool first; 375 376 DPRINTF("Read sector_count=%d\n", r->sector_count); 377 if (r->sector_count == 0) { 378 /* This also clears the sense buffer for REQUEST SENSE. */ 379 scsi_req_complete(&r->req, GOOD); 380 return; 381 } 382 383 /* No data transfer may already be in progress */ 384 assert(r->req.aiocb == NULL); 385 386 /* The request is used as the AIO opaque value, so add a ref. */ 387 scsi_req_ref(&r->req); 388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 389 DPRINTF("Data transfer direction invalid\n"); 390 scsi_read_complete(r, -EINVAL); 391 return; 392 } 393 394 if (s->tray_open) { 395 scsi_read_complete(r, -ENOMEDIUM); 396 return; 397 } 398 399 first = !r->started; 400 r->started = true; 401 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 402 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 403 BLOCK_ACCT_FLUSH); 404 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 405 } else { 406 scsi_do_read(r, 0); 407 } 408 } 409 410 /* 411 * scsi_handle_rw_error has two return values. 0 means that the error 412 * must be ignored, 1 means that the error has been processed and the 413 * caller should not do anything else for this request. Note that 414 * scsi_handle_rw_error always manages its reference counts, independent 415 * of the return value. 416 */ 417 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 418 { 419 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 421 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 422 is_read, error); 423 424 if (action == BLOCK_ERROR_ACTION_REPORT) { 425 if (acct_failed) { 426 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 427 } 428 switch (error) { 429 case ENOMEDIUM: 430 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 431 break; 432 case ENOMEM: 433 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 434 break; 435 case EINVAL: 436 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 437 break; 438 case ENOSPC: 439 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 440 break; 441 default: 442 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 443 break; 444 } 445 } 446 blk_error_action(s->qdev.conf.blk, action, is_read, error); 447 if (action == BLOCK_ERROR_ACTION_STOP) { 448 scsi_req_retry(&r->req); 449 } 450 return action != BLOCK_ERROR_ACTION_IGNORE; 451 } 452 453 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 454 { 455 uint32_t n; 456 457 assert (r->req.aiocb == NULL); 458 459 if (r->req.io_canceled) { 460 scsi_req_cancel_complete(&r->req); 461 goto done; 462 } 463 464 if (ret < 0) { 465 if (scsi_handle_rw_error(r, -ret, false)) { 466 goto done; 467 } 468 } 469 470 n = r->qiov.size / 512; 471 r->sector += n; 472 r->sector_count -= n; 473 if (r->sector_count == 0) { 474 scsi_write_do_fua(r); 475 return; 476 } else { 477 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 478 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 479 scsi_req_data(&r->req, r->qiov.size); 480 } 481 482 done: 483 scsi_req_unref(&r->req); 484 } 485 486 static void scsi_write_complete(void * opaque, int ret) 487 { 488 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 490 491 assert (r->req.aiocb != NULL); 492 r->req.aiocb = NULL; 493 494 if (ret < 0) { 495 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 496 } else { 497 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 498 } 499 scsi_write_complete_noio(r, ret); 500 } 501 502 static void scsi_write_data(SCSIRequest *req) 503 { 504 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 506 507 /* No data transfer may already be in progress */ 508 assert(r->req.aiocb == NULL); 509 510 /* The request is used as the AIO opaque value, so add a ref. */ 511 scsi_req_ref(&r->req); 512 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 513 DPRINTF("Data transfer direction invalid\n"); 514 scsi_write_complete_noio(r, -EINVAL); 515 return; 516 } 517 518 if (!r->req.sg && !r->qiov.size) { 519 /* Called for the first time. Ask the driver to send us more data. */ 520 r->started = true; 521 scsi_write_complete_noio(r, 0); 522 return; 523 } 524 if (s->tray_open) { 525 scsi_write_complete_noio(r, -ENOMEDIUM); 526 return; 527 } 528 529 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 530 r->req.cmd.buf[0] == VERIFY_16) { 531 if (r->req.sg) { 532 scsi_dma_complete_noio(r, 0); 533 } else { 534 scsi_write_complete_noio(r, 0); 535 } 536 return; 537 } 538 539 if (r->req.sg) { 540 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 541 r->req.resid -= r->req.sg->size; 542 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector, 543 scsi_dma_complete, r); 544 } else { 545 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 546 r->qiov.size, BLOCK_ACCT_WRITE); 547 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 548 r->sector << BDRV_SECTOR_BITS, &r->qiov, 549 0, scsi_write_complete, r); 550 } 551 } 552 553 /* Return a pointer to the data buffer. */ 554 static uint8_t *scsi_get_buf(SCSIRequest *req) 555 { 556 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 557 558 return (uint8_t *)r->iov.iov_base; 559 } 560 561 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 562 { 563 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 564 int buflen = 0; 565 int start; 566 567 if (req->cmd.buf[1] & 0x1) { 568 /* Vital product data */ 569 uint8_t page_code = req->cmd.buf[2]; 570 571 outbuf[buflen++] = s->qdev.type & 0x1f; 572 outbuf[buflen++] = page_code ; // this page 573 outbuf[buflen++] = 0x00; 574 outbuf[buflen++] = 0x00; 575 start = buflen; 576 577 switch (page_code) { 578 case 0x00: /* Supported page codes, mandatory */ 579 { 580 DPRINTF("Inquiry EVPD[Supported pages] " 581 "buffer size %zd\n", req->cmd.xfer); 582 outbuf[buflen++] = 0x00; // list of supported pages (this page) 583 if (s->serial) { 584 outbuf[buflen++] = 0x80; // unit serial number 585 } 586 outbuf[buflen++] = 0x83; // device identification 587 if (s->qdev.type == TYPE_DISK) { 588 outbuf[buflen++] = 0xb0; // block limits 589 outbuf[buflen++] = 0xb2; // thin provisioning 590 } 591 break; 592 } 593 case 0x80: /* Device serial number, optional */ 594 { 595 int l; 596 597 if (!s->serial) { 598 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 599 return -1; 600 } 601 602 l = strlen(s->serial); 603 if (l > 20) { 604 l = 20; 605 } 606 607 DPRINTF("Inquiry EVPD[Serial number] " 608 "buffer size %zd\n", req->cmd.xfer); 609 memcpy(outbuf+buflen, s->serial, l); 610 buflen += l; 611 break; 612 } 613 614 case 0x83: /* Device identification page, mandatory */ 615 { 616 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 617 int max_len = s->serial ? 20 : 255 - 8; 618 int id_len = strlen(str); 619 620 if (id_len > max_len) { 621 id_len = max_len; 622 } 623 DPRINTF("Inquiry EVPD[Device identification] " 624 "buffer size %zd\n", req->cmd.xfer); 625 626 outbuf[buflen++] = 0x2; // ASCII 627 outbuf[buflen++] = 0; // not officially assigned 628 outbuf[buflen++] = 0; // reserved 629 outbuf[buflen++] = id_len; // length of data following 630 memcpy(outbuf+buflen, str, id_len); 631 buflen += id_len; 632 633 if (s->qdev.wwn) { 634 outbuf[buflen++] = 0x1; // Binary 635 outbuf[buflen++] = 0x3; // NAA 636 outbuf[buflen++] = 0; // reserved 637 outbuf[buflen++] = 8; 638 stq_be_p(&outbuf[buflen], s->qdev.wwn); 639 buflen += 8; 640 } 641 642 if (s->qdev.port_wwn) { 643 outbuf[buflen++] = 0x61; // SAS / Binary 644 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 645 outbuf[buflen++] = 0; // reserved 646 outbuf[buflen++] = 8; 647 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 648 buflen += 8; 649 } 650 651 if (s->port_index) { 652 outbuf[buflen++] = 0x61; // SAS / Binary 653 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 654 outbuf[buflen++] = 0; // reserved 655 outbuf[buflen++] = 4; 656 stw_be_p(&outbuf[buflen + 2], s->port_index); 657 buflen += 4; 658 } 659 break; 660 } 661 case 0xb0: /* block limits */ 662 { 663 unsigned int unmap_sectors = 664 s->qdev.conf.discard_granularity / s->qdev.blocksize; 665 unsigned int min_io_size = 666 s->qdev.conf.min_io_size / s->qdev.blocksize; 667 unsigned int opt_io_size = 668 s->qdev.conf.opt_io_size / s->qdev.blocksize; 669 unsigned int max_unmap_sectors = 670 s->max_unmap_size / s->qdev.blocksize; 671 unsigned int max_io_sectors = 672 s->max_io_size / s->qdev.blocksize; 673 674 if (s->qdev.type == TYPE_ROM) { 675 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 676 page_code); 677 return -1; 678 } 679 /* required VPD size with unmap support */ 680 buflen = 0x40; 681 memset(outbuf + 4, 0, buflen - 4); 682 683 outbuf[4] = 0x1; /* wsnz */ 684 685 /* optimal transfer length granularity */ 686 outbuf[6] = (min_io_size >> 8) & 0xff; 687 outbuf[7] = min_io_size & 0xff; 688 689 /* maximum transfer length */ 690 outbuf[8] = (max_io_sectors >> 24) & 0xff; 691 outbuf[9] = (max_io_sectors >> 16) & 0xff; 692 outbuf[10] = (max_io_sectors >> 8) & 0xff; 693 outbuf[11] = max_io_sectors & 0xff; 694 695 /* optimal transfer length */ 696 outbuf[12] = (opt_io_size >> 24) & 0xff; 697 outbuf[13] = (opt_io_size >> 16) & 0xff; 698 outbuf[14] = (opt_io_size >> 8) & 0xff; 699 outbuf[15] = opt_io_size & 0xff; 700 701 /* max unmap LBA count, default is 1GB */ 702 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 703 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 704 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 705 outbuf[23] = max_unmap_sectors & 0xff; 706 707 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 708 outbuf[24] = 0; 709 outbuf[25] = 0; 710 outbuf[26] = 0; 711 outbuf[27] = 255; 712 713 /* optimal unmap granularity */ 714 outbuf[28] = (unmap_sectors >> 24) & 0xff; 715 outbuf[29] = (unmap_sectors >> 16) & 0xff; 716 outbuf[30] = (unmap_sectors >> 8) & 0xff; 717 outbuf[31] = unmap_sectors & 0xff; 718 719 /* max write same size */ 720 outbuf[36] = 0; 721 outbuf[37] = 0; 722 outbuf[38] = 0; 723 outbuf[39] = 0; 724 725 outbuf[40] = (max_io_sectors >> 24) & 0xff; 726 outbuf[41] = (max_io_sectors >> 16) & 0xff; 727 outbuf[42] = (max_io_sectors >> 8) & 0xff; 728 outbuf[43] = max_io_sectors & 0xff; 729 break; 730 } 731 case 0xb2: /* thin provisioning */ 732 { 733 buflen = 8; 734 outbuf[4] = 0; 735 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 736 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 737 outbuf[7] = 0; 738 break; 739 } 740 default: 741 return -1; 742 } 743 /* done with EVPD */ 744 assert(buflen - start <= 255); 745 outbuf[start - 1] = buflen - start; 746 return buflen; 747 } 748 749 /* Standard INQUIRY data */ 750 if (req->cmd.buf[2] != 0) { 751 return -1; 752 } 753 754 /* PAGE CODE == 0 */ 755 buflen = req->cmd.xfer; 756 if (buflen > SCSI_MAX_INQUIRY_LEN) { 757 buflen = SCSI_MAX_INQUIRY_LEN; 758 } 759 760 outbuf[0] = s->qdev.type & 0x1f; 761 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 762 763 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 764 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 765 766 memset(&outbuf[32], 0, 4); 767 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 768 /* 769 * We claim conformance to SPC-3, which is required for guests 770 * to ask for modern features like READ CAPACITY(16) or the 771 * block characteristics VPD page by default. Not all of SPC-3 772 * is actually implemented, but we're good enough. 773 */ 774 outbuf[2] = 5; 775 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 776 777 if (buflen > 36) { 778 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 779 } else { 780 /* If the allocation length of CDB is too small, 781 the additional length is not adjusted */ 782 outbuf[4] = 36 - 5; 783 } 784 785 /* Sync data transfer and TCQ. */ 786 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 787 return buflen; 788 } 789 790 static inline bool media_is_dvd(SCSIDiskState *s) 791 { 792 uint64_t nb_sectors; 793 if (s->qdev.type != TYPE_ROM) { 794 return false; 795 } 796 if (!blk_is_inserted(s->qdev.conf.blk)) { 797 return false; 798 } 799 if (s->tray_open) { 800 return false; 801 } 802 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 803 return nb_sectors > CD_MAX_SECTORS; 804 } 805 806 static inline bool media_is_cd(SCSIDiskState *s) 807 { 808 uint64_t nb_sectors; 809 if (s->qdev.type != TYPE_ROM) { 810 return false; 811 } 812 if (!blk_is_inserted(s->qdev.conf.blk)) { 813 return false; 814 } 815 if (s->tray_open) { 816 return false; 817 } 818 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 819 return nb_sectors <= CD_MAX_SECTORS; 820 } 821 822 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 823 uint8_t *outbuf) 824 { 825 uint8_t type = r->req.cmd.buf[1] & 7; 826 827 if (s->qdev.type != TYPE_ROM) { 828 return -1; 829 } 830 831 /* Types 1/2 are only defined for Blu-Ray. */ 832 if (type != 0) { 833 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 834 return -1; 835 } 836 837 memset(outbuf, 0, 34); 838 outbuf[1] = 32; 839 outbuf[2] = 0xe; /* last session complete, disc finalized */ 840 outbuf[3] = 1; /* first track on disc */ 841 outbuf[4] = 1; /* # of sessions */ 842 outbuf[5] = 1; /* first track of last session */ 843 outbuf[6] = 1; /* last track of last session */ 844 outbuf[7] = 0x20; /* unrestricted use */ 845 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 846 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 847 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 848 /* 24-31: disc bar code */ 849 /* 32: disc application code */ 850 /* 33: number of OPC tables */ 851 852 return 34; 853 } 854 855 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 856 uint8_t *outbuf) 857 { 858 static const int rds_caps_size[5] = { 859 [0] = 2048 + 4, 860 [1] = 4 + 4, 861 [3] = 188 + 4, 862 [4] = 2048 + 4, 863 }; 864 865 uint8_t media = r->req.cmd.buf[1]; 866 uint8_t layer = r->req.cmd.buf[6]; 867 uint8_t format = r->req.cmd.buf[7]; 868 int size = -1; 869 870 if (s->qdev.type != TYPE_ROM) { 871 return -1; 872 } 873 if (media != 0) { 874 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 875 return -1; 876 } 877 878 if (format != 0xff) { 879 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 880 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 881 return -1; 882 } 883 if (media_is_cd(s)) { 884 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 885 return -1; 886 } 887 if (format >= ARRAY_SIZE(rds_caps_size)) { 888 return -1; 889 } 890 size = rds_caps_size[format]; 891 memset(outbuf, 0, size); 892 } 893 894 switch (format) { 895 case 0x00: { 896 /* Physical format information */ 897 uint64_t nb_sectors; 898 if (layer != 0) { 899 goto fail; 900 } 901 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 902 903 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 904 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 905 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 906 outbuf[7] = 0; /* default densities */ 907 908 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 909 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 910 break; 911 } 912 913 case 0x01: /* DVD copyright information, all zeros */ 914 break; 915 916 case 0x03: /* BCA information - invalid field for no BCA info */ 917 return -1; 918 919 case 0x04: /* DVD disc manufacturing information, all zeros */ 920 break; 921 922 case 0xff: { /* List capabilities */ 923 int i; 924 size = 4; 925 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 926 if (!rds_caps_size[i]) { 927 continue; 928 } 929 outbuf[size] = i; 930 outbuf[size + 1] = 0x40; /* Not writable, readable */ 931 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 932 size += 4; 933 } 934 break; 935 } 936 937 default: 938 return -1; 939 } 940 941 /* Size of buffer, not including 2 byte size field */ 942 stw_be_p(outbuf, size - 2); 943 return size; 944 945 fail: 946 return -1; 947 } 948 949 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 950 { 951 uint8_t event_code, media_status; 952 953 media_status = 0; 954 if (s->tray_open) { 955 media_status = MS_TRAY_OPEN; 956 } else if (blk_is_inserted(s->qdev.conf.blk)) { 957 media_status = MS_MEDIA_PRESENT; 958 } 959 960 /* Event notification descriptor */ 961 event_code = MEC_NO_CHANGE; 962 if (media_status != MS_TRAY_OPEN) { 963 if (s->media_event) { 964 event_code = MEC_NEW_MEDIA; 965 s->media_event = false; 966 } else if (s->eject_request) { 967 event_code = MEC_EJECT_REQUESTED; 968 s->eject_request = false; 969 } 970 } 971 972 outbuf[0] = event_code; 973 outbuf[1] = media_status; 974 975 /* These fields are reserved, just clear them. */ 976 outbuf[2] = 0; 977 outbuf[3] = 0; 978 return 4; 979 } 980 981 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 982 uint8_t *outbuf) 983 { 984 int size; 985 uint8_t *buf = r->req.cmd.buf; 986 uint8_t notification_class_request = buf[4]; 987 if (s->qdev.type != TYPE_ROM) { 988 return -1; 989 } 990 if ((buf[1] & 1) == 0) { 991 /* asynchronous */ 992 return -1; 993 } 994 995 size = 4; 996 outbuf[0] = outbuf[1] = 0; 997 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 998 if (notification_class_request & (1 << GESN_MEDIA)) { 999 outbuf[2] = GESN_MEDIA; 1000 size += scsi_event_status_media(s, &outbuf[size]); 1001 } else { 1002 outbuf[2] = 0x80; 1003 } 1004 stw_be_p(outbuf, size - 4); 1005 return size; 1006 } 1007 1008 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1009 { 1010 int current; 1011 1012 if (s->qdev.type != TYPE_ROM) { 1013 return -1; 1014 } 1015 1016 if (media_is_dvd(s)) { 1017 current = MMC_PROFILE_DVD_ROM; 1018 } else if (media_is_cd(s)) { 1019 current = MMC_PROFILE_CD_ROM; 1020 } else { 1021 current = MMC_PROFILE_NONE; 1022 } 1023 1024 memset(outbuf, 0, 40); 1025 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1026 stw_be_p(&outbuf[6], current); 1027 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1028 outbuf[10] = 0x03; /* persistent, current */ 1029 outbuf[11] = 8; /* two profiles */ 1030 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1031 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1032 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1033 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1034 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1035 stw_be_p(&outbuf[20], 1); 1036 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1037 outbuf[23] = 8; 1038 stl_be_p(&outbuf[24], 1); /* SCSI */ 1039 outbuf[28] = 1; /* DBE = 1, mandatory */ 1040 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1041 stw_be_p(&outbuf[32], 3); 1042 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1043 outbuf[35] = 4; 1044 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1045 /* TODO: Random readable, CD read, DVD read, drive serial number, 1046 power management */ 1047 return 40; 1048 } 1049 1050 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1051 { 1052 if (s->qdev.type != TYPE_ROM) { 1053 return -1; 1054 } 1055 memset(outbuf, 0, 8); 1056 outbuf[5] = 1; /* CD-ROM */ 1057 return 8; 1058 } 1059 1060 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1061 int page_control) 1062 { 1063 static const int mode_sense_valid[0x3f] = { 1064 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1065 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1066 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1067 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1068 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1069 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1070 }; 1071 1072 uint8_t *p = *p_outbuf + 2; 1073 int length; 1074 1075 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1076 return -1; 1077 } 1078 1079 /* 1080 * If Changeable Values are requested, a mask denoting those mode parameters 1081 * that are changeable shall be returned. As we currently don't support 1082 * parameter changes via MODE_SELECT all bits are returned set to zero. 1083 * The buffer was already menset to zero by the caller of this function. 1084 * 1085 * The offsets here are off by two compared to the descriptions in the 1086 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1087 * but it is done so that offsets are consistent within our implementation 1088 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1089 * 2-byte and 4-byte headers. 1090 */ 1091 switch (page) { 1092 case MODE_PAGE_HD_GEOMETRY: 1093 length = 0x16; 1094 if (page_control == 1) { /* Changeable Values */ 1095 break; 1096 } 1097 /* if a geometry hint is available, use it */ 1098 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1099 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1100 p[2] = s->qdev.conf.cyls & 0xff; 1101 p[3] = s->qdev.conf.heads & 0xff; 1102 /* Write precomp start cylinder, disabled */ 1103 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1104 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1105 p[6] = s->qdev.conf.cyls & 0xff; 1106 /* Reduced current start cylinder, disabled */ 1107 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1108 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1109 p[9] = s->qdev.conf.cyls & 0xff; 1110 /* Device step rate [ns], 200ns */ 1111 p[10] = 0; 1112 p[11] = 200; 1113 /* Landing zone cylinder */ 1114 p[12] = 0xff; 1115 p[13] = 0xff; 1116 p[14] = 0xff; 1117 /* Medium rotation rate [rpm], 5400 rpm */ 1118 p[18] = (5400 >> 8) & 0xff; 1119 p[19] = 5400 & 0xff; 1120 break; 1121 1122 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1123 length = 0x1e; 1124 if (page_control == 1) { /* Changeable Values */ 1125 break; 1126 } 1127 /* Transfer rate [kbit/s], 5Mbit/s */ 1128 p[0] = 5000 >> 8; 1129 p[1] = 5000 & 0xff; 1130 /* if a geometry hint is available, use it */ 1131 p[2] = s->qdev.conf.heads & 0xff; 1132 p[3] = s->qdev.conf.secs & 0xff; 1133 p[4] = s->qdev.blocksize >> 8; 1134 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1135 p[7] = s->qdev.conf.cyls & 0xff; 1136 /* Write precomp start cylinder, disabled */ 1137 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1138 p[9] = s->qdev.conf.cyls & 0xff; 1139 /* Reduced current start cylinder, disabled */ 1140 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1141 p[11] = s->qdev.conf.cyls & 0xff; 1142 /* Device step rate [100us], 100us */ 1143 p[12] = 0; 1144 p[13] = 1; 1145 /* Device step pulse width [us], 1us */ 1146 p[14] = 1; 1147 /* Device head settle delay [100us], 100us */ 1148 p[15] = 0; 1149 p[16] = 1; 1150 /* Motor on delay [0.1s], 0.1s */ 1151 p[17] = 1; 1152 /* Motor off delay [0.1s], 0.1s */ 1153 p[18] = 1; 1154 /* Medium rotation rate [rpm], 5400 rpm */ 1155 p[26] = (5400 >> 8) & 0xff; 1156 p[27] = 5400 & 0xff; 1157 break; 1158 1159 case MODE_PAGE_CACHING: 1160 length = 0x12; 1161 if (page_control == 1 || /* Changeable Values */ 1162 blk_enable_write_cache(s->qdev.conf.blk)) { 1163 p[0] = 4; /* WCE */ 1164 } 1165 break; 1166 1167 case MODE_PAGE_R_W_ERROR: 1168 length = 10; 1169 if (page_control == 1) { /* Changeable Values */ 1170 break; 1171 } 1172 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1173 if (s->qdev.type == TYPE_ROM) { 1174 p[1] = 0x20; /* Read Retry Count */ 1175 } 1176 break; 1177 1178 case MODE_PAGE_AUDIO_CTL: 1179 length = 14; 1180 break; 1181 1182 case MODE_PAGE_CAPABILITIES: 1183 length = 0x14; 1184 if (page_control == 1) { /* Changeable Values */ 1185 break; 1186 } 1187 1188 p[0] = 0x3b; /* CD-R & CD-RW read */ 1189 p[1] = 0; /* Writing not supported */ 1190 p[2] = 0x7f; /* Audio, composite, digital out, 1191 mode 2 form 1&2, multi session */ 1192 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1193 RW corrected, C2 errors, ISRC, 1194 UPC, Bar code */ 1195 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1196 /* Locking supported, jumper present, eject, tray */ 1197 p[5] = 0; /* no volume & mute control, no 1198 changer */ 1199 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1200 p[7] = (50 * 176) & 0xff; 1201 p[8] = 2 >> 8; /* Two volume levels */ 1202 p[9] = 2 & 0xff; 1203 p[10] = 2048 >> 8; /* 2M buffer */ 1204 p[11] = 2048 & 0xff; 1205 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1206 p[13] = (16 * 176) & 0xff; 1207 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1208 p[17] = (16 * 176) & 0xff; 1209 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1210 p[19] = (16 * 176) & 0xff; 1211 break; 1212 1213 default: 1214 return -1; 1215 } 1216 1217 assert(length < 256); 1218 (*p_outbuf)[0] = page; 1219 (*p_outbuf)[1] = length; 1220 *p_outbuf += length + 2; 1221 return length + 2; 1222 } 1223 1224 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1225 { 1226 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1227 uint64_t nb_sectors; 1228 bool dbd; 1229 int page, buflen, ret, page_control; 1230 uint8_t *p; 1231 uint8_t dev_specific_param; 1232 1233 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1234 page = r->req.cmd.buf[2] & 0x3f; 1235 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1236 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1237 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1238 memset(outbuf, 0, r->req.cmd.xfer); 1239 p = outbuf; 1240 1241 if (s->qdev.type == TYPE_DISK) { 1242 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1243 if (blk_is_read_only(s->qdev.conf.blk)) { 1244 dev_specific_param |= 0x80; /* Readonly. */ 1245 } 1246 } else { 1247 /* MMC prescribes that CD/DVD drives have no block descriptors, 1248 * and defines no device-specific parameter. */ 1249 dev_specific_param = 0x00; 1250 dbd = true; 1251 } 1252 1253 if (r->req.cmd.buf[0] == MODE_SENSE) { 1254 p[1] = 0; /* Default media type. */ 1255 p[2] = dev_specific_param; 1256 p[3] = 0; /* Block descriptor length. */ 1257 p += 4; 1258 } else { /* MODE_SENSE_10 */ 1259 p[2] = 0; /* Default media type. */ 1260 p[3] = dev_specific_param; 1261 p[6] = p[7] = 0; /* Block descriptor length. */ 1262 p += 8; 1263 } 1264 1265 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1266 if (!dbd && nb_sectors) { 1267 if (r->req.cmd.buf[0] == MODE_SENSE) { 1268 outbuf[3] = 8; /* Block descriptor length */ 1269 } else { /* MODE_SENSE_10 */ 1270 outbuf[7] = 8; /* Block descriptor length */ 1271 } 1272 nb_sectors /= (s->qdev.blocksize / 512); 1273 if (nb_sectors > 0xffffff) { 1274 nb_sectors = 0; 1275 } 1276 p[0] = 0; /* media density code */ 1277 p[1] = (nb_sectors >> 16) & 0xff; 1278 p[2] = (nb_sectors >> 8) & 0xff; 1279 p[3] = nb_sectors & 0xff; 1280 p[4] = 0; /* reserved */ 1281 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1282 p[6] = s->qdev.blocksize >> 8; 1283 p[7] = 0; 1284 p += 8; 1285 } 1286 1287 if (page_control == 3) { 1288 /* Saved Values */ 1289 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1290 return -1; 1291 } 1292 1293 if (page == 0x3f) { 1294 for (page = 0; page <= 0x3e; page++) { 1295 mode_sense_page(s, page, &p, page_control); 1296 } 1297 } else { 1298 ret = mode_sense_page(s, page, &p, page_control); 1299 if (ret == -1) { 1300 return -1; 1301 } 1302 } 1303 1304 buflen = p - outbuf; 1305 /* 1306 * The mode data length field specifies the length in bytes of the 1307 * following data that is available to be transferred. The mode data 1308 * length does not include itself. 1309 */ 1310 if (r->req.cmd.buf[0] == MODE_SENSE) { 1311 outbuf[0] = buflen - 1; 1312 } else { /* MODE_SENSE_10 */ 1313 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1314 outbuf[1] = (buflen - 2) & 0xff; 1315 } 1316 return buflen; 1317 } 1318 1319 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1320 { 1321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1322 int start_track, format, msf, toclen; 1323 uint64_t nb_sectors; 1324 1325 msf = req->cmd.buf[1] & 2; 1326 format = req->cmd.buf[2] & 0xf; 1327 start_track = req->cmd.buf[6]; 1328 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1329 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1330 nb_sectors /= s->qdev.blocksize / 512; 1331 switch (format) { 1332 case 0: 1333 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1334 break; 1335 case 1: 1336 /* multi session : only a single session defined */ 1337 toclen = 12; 1338 memset(outbuf, 0, 12); 1339 outbuf[1] = 0x0a; 1340 outbuf[2] = 0x01; 1341 outbuf[3] = 0x01; 1342 break; 1343 case 2: 1344 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1345 break; 1346 default: 1347 return -1; 1348 } 1349 return toclen; 1350 } 1351 1352 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1353 { 1354 SCSIRequest *req = &r->req; 1355 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1356 bool start = req->cmd.buf[4] & 1; 1357 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1358 int pwrcnd = req->cmd.buf[4] & 0xf0; 1359 1360 if (pwrcnd) { 1361 /* eject/load only happens for power condition == 0 */ 1362 return 0; 1363 } 1364 1365 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1366 if (!start && !s->tray_open && s->tray_locked) { 1367 scsi_check_condition(r, 1368 blk_is_inserted(s->qdev.conf.blk) 1369 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1370 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1371 return -1; 1372 } 1373 1374 if (s->tray_open != !start) { 1375 blk_eject(s->qdev.conf.blk, !start); 1376 s->tray_open = !start; 1377 } 1378 } 1379 return 0; 1380 } 1381 1382 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1383 { 1384 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1385 int buflen = r->iov.iov_len; 1386 1387 if (buflen) { 1388 DPRINTF("Read buf_len=%d\n", buflen); 1389 r->iov.iov_len = 0; 1390 r->started = true; 1391 scsi_req_data(&r->req, buflen); 1392 return; 1393 } 1394 1395 /* This also clears the sense buffer for REQUEST SENSE. */ 1396 scsi_req_complete(&r->req, GOOD); 1397 } 1398 1399 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1400 uint8_t *inbuf, int inlen) 1401 { 1402 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1403 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1404 uint8_t *p; 1405 int len, expected_len, changeable_len, i; 1406 1407 /* The input buffer does not include the page header, so it is 1408 * off by 2 bytes. 1409 */ 1410 expected_len = inlen + 2; 1411 if (expected_len > SCSI_MAX_MODE_LEN) { 1412 return -1; 1413 } 1414 1415 p = mode_current; 1416 memset(mode_current, 0, inlen + 2); 1417 len = mode_sense_page(s, page, &p, 0); 1418 if (len < 0 || len != expected_len) { 1419 return -1; 1420 } 1421 1422 p = mode_changeable; 1423 memset(mode_changeable, 0, inlen + 2); 1424 changeable_len = mode_sense_page(s, page, &p, 1); 1425 assert(changeable_len == len); 1426 1427 /* Check that unchangeable bits are the same as what MODE SENSE 1428 * would return. 1429 */ 1430 for (i = 2; i < len; i++) { 1431 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1432 return -1; 1433 } 1434 } 1435 return 0; 1436 } 1437 1438 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1439 { 1440 switch (page) { 1441 case MODE_PAGE_CACHING: 1442 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1443 break; 1444 1445 default: 1446 break; 1447 } 1448 } 1449 1450 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1451 { 1452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1453 1454 while (len > 0) { 1455 int page, subpage, page_len; 1456 1457 /* Parse both possible formats for the mode page headers. */ 1458 page = p[0] & 0x3f; 1459 if (p[0] & 0x40) { 1460 if (len < 4) { 1461 goto invalid_param_len; 1462 } 1463 subpage = p[1]; 1464 page_len = lduw_be_p(&p[2]); 1465 p += 4; 1466 len -= 4; 1467 } else { 1468 if (len < 2) { 1469 goto invalid_param_len; 1470 } 1471 subpage = 0; 1472 page_len = p[1]; 1473 p += 2; 1474 len -= 2; 1475 } 1476 1477 if (subpage) { 1478 goto invalid_param; 1479 } 1480 if (page_len > len) { 1481 goto invalid_param_len; 1482 } 1483 1484 if (!change) { 1485 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1486 goto invalid_param; 1487 } 1488 } else { 1489 scsi_disk_apply_mode_select(s, page, p); 1490 } 1491 1492 p += page_len; 1493 len -= page_len; 1494 } 1495 return 0; 1496 1497 invalid_param: 1498 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1499 return -1; 1500 1501 invalid_param_len: 1502 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1503 return -1; 1504 } 1505 1506 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1507 { 1508 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1509 uint8_t *p = inbuf; 1510 int cmd = r->req.cmd.buf[0]; 1511 int len = r->req.cmd.xfer; 1512 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1513 int bd_len; 1514 int pass; 1515 1516 /* We only support PF=1, SP=0. */ 1517 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1518 goto invalid_field; 1519 } 1520 1521 if (len < hdr_len) { 1522 goto invalid_param_len; 1523 } 1524 1525 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1526 len -= hdr_len; 1527 p += hdr_len; 1528 if (len < bd_len) { 1529 goto invalid_param_len; 1530 } 1531 if (bd_len != 0 && bd_len != 8) { 1532 goto invalid_param; 1533 } 1534 1535 len -= bd_len; 1536 p += bd_len; 1537 1538 /* Ensure no change is made if there is an error! */ 1539 for (pass = 0; pass < 2; pass++) { 1540 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1541 assert(pass == 0); 1542 return; 1543 } 1544 } 1545 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1546 /* The request is used as the AIO opaque value, so add a ref. */ 1547 scsi_req_ref(&r->req); 1548 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1549 BLOCK_ACCT_FLUSH); 1550 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1551 return; 1552 } 1553 1554 scsi_req_complete(&r->req, GOOD); 1555 return; 1556 1557 invalid_param: 1558 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1559 return; 1560 1561 invalid_param_len: 1562 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1563 return; 1564 1565 invalid_field: 1566 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1567 } 1568 1569 static inline bool check_lba_range(SCSIDiskState *s, 1570 uint64_t sector_num, uint32_t nb_sectors) 1571 { 1572 /* 1573 * The first line tests that no overflow happens when computing the last 1574 * sector. The second line tests that the last accessed sector is in 1575 * range. 1576 * 1577 * Careful, the computations should not underflow for nb_sectors == 0, 1578 * and a 0-block read to the first LBA beyond the end of device is 1579 * valid. 1580 */ 1581 return (sector_num <= sector_num + nb_sectors && 1582 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1583 } 1584 1585 typedef struct UnmapCBData { 1586 SCSIDiskReq *r; 1587 uint8_t *inbuf; 1588 int count; 1589 } UnmapCBData; 1590 1591 static void scsi_unmap_complete(void *opaque, int ret); 1592 1593 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1594 { 1595 SCSIDiskReq *r = data->r; 1596 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1597 uint64_t sector_num; 1598 uint32_t nb_sectors; 1599 1600 assert(r->req.aiocb == NULL); 1601 1602 if (r->req.io_canceled) { 1603 scsi_req_cancel_complete(&r->req); 1604 goto done; 1605 } 1606 1607 if (ret < 0) { 1608 if (scsi_handle_rw_error(r, -ret, false)) { 1609 goto done; 1610 } 1611 } 1612 1613 if (data->count > 0) { 1614 sector_num = ldq_be_p(&data->inbuf[0]); 1615 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1616 if (!check_lba_range(s, sector_num, nb_sectors)) { 1617 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1618 goto done; 1619 } 1620 1621 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1622 sector_num * (s->qdev.blocksize / 512), 1623 nb_sectors * (s->qdev.blocksize / 512), 1624 scsi_unmap_complete, data); 1625 data->count--; 1626 data->inbuf += 16; 1627 return; 1628 } 1629 1630 scsi_req_complete(&r->req, GOOD); 1631 1632 done: 1633 scsi_req_unref(&r->req); 1634 g_free(data); 1635 } 1636 1637 static void scsi_unmap_complete(void *opaque, int ret) 1638 { 1639 UnmapCBData *data = opaque; 1640 SCSIDiskReq *r = data->r; 1641 1642 assert(r->req.aiocb != NULL); 1643 r->req.aiocb = NULL; 1644 1645 scsi_unmap_complete_noio(data, ret); 1646 } 1647 1648 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1649 { 1650 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1651 uint8_t *p = inbuf; 1652 int len = r->req.cmd.xfer; 1653 UnmapCBData *data; 1654 1655 /* Reject ANCHOR=1. */ 1656 if (r->req.cmd.buf[1] & 0x1) { 1657 goto invalid_field; 1658 } 1659 1660 if (len < 8) { 1661 goto invalid_param_len; 1662 } 1663 if (len < lduw_be_p(&p[0]) + 2) { 1664 goto invalid_param_len; 1665 } 1666 if (len < lduw_be_p(&p[2]) + 8) { 1667 goto invalid_param_len; 1668 } 1669 if (lduw_be_p(&p[2]) & 15) { 1670 goto invalid_param_len; 1671 } 1672 1673 if (blk_is_read_only(s->qdev.conf.blk)) { 1674 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1675 return; 1676 } 1677 1678 data = g_new0(UnmapCBData, 1); 1679 data->r = r; 1680 data->inbuf = &p[8]; 1681 data->count = lduw_be_p(&p[2]) >> 4; 1682 1683 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1684 scsi_req_ref(&r->req); 1685 scsi_unmap_complete_noio(data, 0); 1686 return; 1687 1688 invalid_param_len: 1689 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1690 return; 1691 1692 invalid_field: 1693 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1694 } 1695 1696 typedef struct WriteSameCBData { 1697 SCSIDiskReq *r; 1698 int64_t sector; 1699 int nb_sectors; 1700 QEMUIOVector qiov; 1701 struct iovec iov; 1702 } WriteSameCBData; 1703 1704 static void scsi_write_same_complete(void *opaque, int ret) 1705 { 1706 WriteSameCBData *data = opaque; 1707 SCSIDiskReq *r = data->r; 1708 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1709 1710 assert(r->req.aiocb != NULL); 1711 r->req.aiocb = NULL; 1712 if (r->req.io_canceled) { 1713 scsi_req_cancel_complete(&r->req); 1714 goto done; 1715 } 1716 1717 if (ret < 0) { 1718 if (scsi_handle_rw_error(r, -ret, true)) { 1719 goto done; 1720 } 1721 } 1722 1723 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1724 1725 data->nb_sectors -= data->iov.iov_len / 512; 1726 data->sector += data->iov.iov_len / 512; 1727 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1728 if (data->iov.iov_len) { 1729 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1730 data->iov.iov_len, BLOCK_ACCT_WRITE); 1731 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1732 * where final qiov may need smaller size */ 1733 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1734 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1735 data->sector << BDRV_SECTOR_BITS, 1736 &data->qiov, 0, 1737 scsi_write_same_complete, data); 1738 return; 1739 } 1740 1741 scsi_req_complete(&r->req, GOOD); 1742 1743 done: 1744 scsi_req_unref(&r->req); 1745 qemu_vfree(data->iov.iov_base); 1746 g_free(data); 1747 } 1748 1749 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1750 { 1751 SCSIRequest *req = &r->req; 1752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1753 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1754 WriteSameCBData *data; 1755 uint8_t *buf; 1756 int i; 1757 1758 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1759 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1760 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1761 return; 1762 } 1763 1764 if (blk_is_read_only(s->qdev.conf.blk)) { 1765 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1766 return; 1767 } 1768 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1769 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1770 return; 1771 } 1772 1773 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1774 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1775 1776 /* The request is used as the AIO opaque value, so add a ref. */ 1777 scsi_req_ref(&r->req); 1778 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1779 nb_sectors * s->qdev.blocksize, 1780 BLOCK_ACCT_WRITE); 1781 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk, 1782 r->req.cmd.lba * s->qdev.blocksize, 1783 nb_sectors * s->qdev.blocksize, 1784 flags, scsi_aio_complete, r); 1785 return; 1786 } 1787 1788 data = g_new0(WriteSameCBData, 1); 1789 data->r = r; 1790 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1791 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1792 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1793 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1794 data->iov.iov_len); 1795 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1796 1797 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1798 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1799 } 1800 1801 scsi_req_ref(&r->req); 1802 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1803 data->iov.iov_len, BLOCK_ACCT_WRITE); 1804 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1805 data->sector << BDRV_SECTOR_BITS, 1806 &data->qiov, 0, 1807 scsi_write_same_complete, data); 1808 } 1809 1810 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1811 { 1812 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1813 1814 if (r->iov.iov_len) { 1815 int buflen = r->iov.iov_len; 1816 DPRINTF("Write buf_len=%d\n", buflen); 1817 r->iov.iov_len = 0; 1818 scsi_req_data(&r->req, buflen); 1819 return; 1820 } 1821 1822 switch (req->cmd.buf[0]) { 1823 case MODE_SELECT: 1824 case MODE_SELECT_10: 1825 /* This also clears the sense buffer for REQUEST SENSE. */ 1826 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1827 break; 1828 1829 case UNMAP: 1830 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1831 break; 1832 1833 case VERIFY_10: 1834 case VERIFY_12: 1835 case VERIFY_16: 1836 if (r->req.status == -1) { 1837 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1838 } 1839 break; 1840 1841 case WRITE_SAME_10: 1842 case WRITE_SAME_16: 1843 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1844 break; 1845 1846 default: 1847 abort(); 1848 } 1849 } 1850 1851 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1852 { 1853 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1854 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1855 uint64_t nb_sectors; 1856 uint8_t *outbuf; 1857 int buflen; 1858 1859 switch (req->cmd.buf[0]) { 1860 case INQUIRY: 1861 case MODE_SENSE: 1862 case MODE_SENSE_10: 1863 case RESERVE: 1864 case RESERVE_10: 1865 case RELEASE: 1866 case RELEASE_10: 1867 case START_STOP: 1868 case ALLOW_MEDIUM_REMOVAL: 1869 case GET_CONFIGURATION: 1870 case GET_EVENT_STATUS_NOTIFICATION: 1871 case MECHANISM_STATUS: 1872 case REQUEST_SENSE: 1873 break; 1874 1875 default: 1876 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1877 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1878 return 0; 1879 } 1880 break; 1881 } 1882 1883 /* 1884 * FIXME: we shouldn't return anything bigger than 4k, but the code 1885 * requires the buffer to be as big as req->cmd.xfer in several 1886 * places. So, do not allow CDBs with a very large ALLOCATION 1887 * LENGTH. The real fix would be to modify scsi_read_data and 1888 * dma_buf_read, so that they return data beyond the buflen 1889 * as all zeros. 1890 */ 1891 if (req->cmd.xfer > 65536) { 1892 goto illegal_request; 1893 } 1894 r->buflen = MAX(4096, req->cmd.xfer); 1895 1896 if (!r->iov.iov_base) { 1897 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1898 } 1899 1900 buflen = req->cmd.xfer; 1901 outbuf = r->iov.iov_base; 1902 memset(outbuf, 0, r->buflen); 1903 switch (req->cmd.buf[0]) { 1904 case TEST_UNIT_READY: 1905 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1906 break; 1907 case INQUIRY: 1908 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1909 if (buflen < 0) { 1910 goto illegal_request; 1911 } 1912 break; 1913 case MODE_SENSE: 1914 case MODE_SENSE_10: 1915 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1916 if (buflen < 0) { 1917 goto illegal_request; 1918 } 1919 break; 1920 case READ_TOC: 1921 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1922 if (buflen < 0) { 1923 goto illegal_request; 1924 } 1925 break; 1926 case RESERVE: 1927 if (req->cmd.buf[1] & 1) { 1928 goto illegal_request; 1929 } 1930 break; 1931 case RESERVE_10: 1932 if (req->cmd.buf[1] & 3) { 1933 goto illegal_request; 1934 } 1935 break; 1936 case RELEASE: 1937 if (req->cmd.buf[1] & 1) { 1938 goto illegal_request; 1939 } 1940 break; 1941 case RELEASE_10: 1942 if (req->cmd.buf[1] & 3) { 1943 goto illegal_request; 1944 } 1945 break; 1946 case START_STOP: 1947 if (scsi_disk_emulate_start_stop(r) < 0) { 1948 return 0; 1949 } 1950 break; 1951 case ALLOW_MEDIUM_REMOVAL: 1952 s->tray_locked = req->cmd.buf[4] & 1; 1953 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1954 break; 1955 case READ_CAPACITY_10: 1956 /* The normal LEN field for this command is zero. */ 1957 memset(outbuf, 0, 8); 1958 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1959 if (!nb_sectors) { 1960 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1961 return 0; 1962 } 1963 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1964 goto illegal_request; 1965 } 1966 nb_sectors /= s->qdev.blocksize / 512; 1967 /* Returned value is the address of the last sector. */ 1968 nb_sectors--; 1969 /* Remember the new size for read/write sanity checking. */ 1970 s->qdev.max_lba = nb_sectors; 1971 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1972 if (nb_sectors > UINT32_MAX) { 1973 nb_sectors = UINT32_MAX; 1974 } 1975 outbuf[0] = (nb_sectors >> 24) & 0xff; 1976 outbuf[1] = (nb_sectors >> 16) & 0xff; 1977 outbuf[2] = (nb_sectors >> 8) & 0xff; 1978 outbuf[3] = nb_sectors & 0xff; 1979 outbuf[4] = 0; 1980 outbuf[5] = 0; 1981 outbuf[6] = s->qdev.blocksize >> 8; 1982 outbuf[7] = 0; 1983 break; 1984 case REQUEST_SENSE: 1985 /* Just return "NO SENSE". */ 1986 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1987 (req->cmd.buf[1] & 1) == 0); 1988 if (buflen < 0) { 1989 goto illegal_request; 1990 } 1991 break; 1992 case MECHANISM_STATUS: 1993 buflen = scsi_emulate_mechanism_status(s, outbuf); 1994 if (buflen < 0) { 1995 goto illegal_request; 1996 } 1997 break; 1998 case GET_CONFIGURATION: 1999 buflen = scsi_get_configuration(s, outbuf); 2000 if (buflen < 0) { 2001 goto illegal_request; 2002 } 2003 break; 2004 case GET_EVENT_STATUS_NOTIFICATION: 2005 buflen = scsi_get_event_status_notification(s, r, outbuf); 2006 if (buflen < 0) { 2007 goto illegal_request; 2008 } 2009 break; 2010 case READ_DISC_INFORMATION: 2011 buflen = scsi_read_disc_information(s, r, outbuf); 2012 if (buflen < 0) { 2013 goto illegal_request; 2014 } 2015 break; 2016 case READ_DVD_STRUCTURE: 2017 buflen = scsi_read_dvd_structure(s, r, outbuf); 2018 if (buflen < 0) { 2019 goto illegal_request; 2020 } 2021 break; 2022 case SERVICE_ACTION_IN_16: 2023 /* Service Action In subcommands. */ 2024 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2025 DPRINTF("SAI READ CAPACITY(16)\n"); 2026 memset(outbuf, 0, req->cmd.xfer); 2027 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2028 if (!nb_sectors) { 2029 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2030 return 0; 2031 } 2032 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2033 goto illegal_request; 2034 } 2035 nb_sectors /= s->qdev.blocksize / 512; 2036 /* Returned value is the address of the last sector. */ 2037 nb_sectors--; 2038 /* Remember the new size for read/write sanity checking. */ 2039 s->qdev.max_lba = nb_sectors; 2040 outbuf[0] = (nb_sectors >> 56) & 0xff; 2041 outbuf[1] = (nb_sectors >> 48) & 0xff; 2042 outbuf[2] = (nb_sectors >> 40) & 0xff; 2043 outbuf[3] = (nb_sectors >> 32) & 0xff; 2044 outbuf[4] = (nb_sectors >> 24) & 0xff; 2045 outbuf[5] = (nb_sectors >> 16) & 0xff; 2046 outbuf[6] = (nb_sectors >> 8) & 0xff; 2047 outbuf[7] = nb_sectors & 0xff; 2048 outbuf[8] = 0; 2049 outbuf[9] = 0; 2050 outbuf[10] = s->qdev.blocksize >> 8; 2051 outbuf[11] = 0; 2052 outbuf[12] = 0; 2053 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2054 2055 /* set TPE bit if the format supports discard */ 2056 if (s->qdev.conf.discard_granularity) { 2057 outbuf[14] = 0x80; 2058 } 2059 2060 /* Protection, exponent and lowest lba field left blank. */ 2061 break; 2062 } 2063 DPRINTF("Unsupported Service Action In\n"); 2064 goto illegal_request; 2065 case SYNCHRONIZE_CACHE: 2066 /* The request is used as the AIO opaque value, so add a ref. */ 2067 scsi_req_ref(&r->req); 2068 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2069 BLOCK_ACCT_FLUSH); 2070 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2071 return 0; 2072 case SEEK_10: 2073 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2074 if (r->req.cmd.lba > s->qdev.max_lba) { 2075 goto illegal_lba; 2076 } 2077 break; 2078 case MODE_SELECT: 2079 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2080 break; 2081 case MODE_SELECT_10: 2082 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2083 break; 2084 case UNMAP: 2085 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2086 break; 2087 case VERIFY_10: 2088 case VERIFY_12: 2089 case VERIFY_16: 2090 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2091 if (req->cmd.buf[1] & 6) { 2092 goto illegal_request; 2093 } 2094 break; 2095 case WRITE_SAME_10: 2096 case WRITE_SAME_16: 2097 DPRINTF("WRITE SAME %d (len %lu)\n", 2098 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2099 (long)r->req.cmd.xfer); 2100 break; 2101 default: 2102 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2103 scsi_command_name(buf[0])); 2104 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2105 return 0; 2106 } 2107 assert(!r->req.aiocb); 2108 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2109 if (r->iov.iov_len == 0) { 2110 scsi_req_complete(&r->req, GOOD); 2111 } 2112 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2113 assert(r->iov.iov_len == req->cmd.xfer); 2114 return -r->iov.iov_len; 2115 } else { 2116 return r->iov.iov_len; 2117 } 2118 2119 illegal_request: 2120 if (r->req.status == -1) { 2121 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2122 } 2123 return 0; 2124 2125 illegal_lba: 2126 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2127 return 0; 2128 } 2129 2130 /* Execute a scsi command. Returns the length of the data expected by the 2131 command. This will be Positive for data transfers from the device 2132 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2133 and zero if the command does not transfer any data. */ 2134 2135 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2136 { 2137 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2139 uint32_t len; 2140 uint8_t command; 2141 2142 command = buf[0]; 2143 2144 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2145 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2146 return 0; 2147 } 2148 2149 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2150 switch (command) { 2151 case READ_6: 2152 case READ_10: 2153 case READ_12: 2154 case READ_16: 2155 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2156 if (r->req.cmd.buf[1] & 0xe0) { 2157 goto illegal_request; 2158 } 2159 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2160 goto illegal_lba; 2161 } 2162 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2163 r->sector_count = len * (s->qdev.blocksize / 512); 2164 break; 2165 case WRITE_6: 2166 case WRITE_10: 2167 case WRITE_12: 2168 case WRITE_16: 2169 case WRITE_VERIFY_10: 2170 case WRITE_VERIFY_12: 2171 case WRITE_VERIFY_16: 2172 if (blk_is_read_only(s->qdev.conf.blk)) { 2173 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2174 return 0; 2175 } 2176 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2177 (command & 0xe) == 0xe ? "And Verify " : "", 2178 r->req.cmd.lba, len); 2179 if (r->req.cmd.buf[1] & 0xe0) { 2180 goto illegal_request; 2181 } 2182 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2183 goto illegal_lba; 2184 } 2185 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2186 r->sector_count = len * (s->qdev.blocksize / 512); 2187 break; 2188 default: 2189 abort(); 2190 illegal_request: 2191 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2192 return 0; 2193 illegal_lba: 2194 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2195 return 0; 2196 } 2197 if (r->sector_count == 0) { 2198 scsi_req_complete(&r->req, GOOD); 2199 } 2200 assert(r->iov.iov_len == 0); 2201 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2202 return -r->sector_count * 512; 2203 } else { 2204 return r->sector_count * 512; 2205 } 2206 } 2207 2208 static void scsi_disk_reset(DeviceState *dev) 2209 { 2210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2211 uint64_t nb_sectors; 2212 2213 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2214 2215 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2216 nb_sectors /= s->qdev.blocksize / 512; 2217 if (nb_sectors) { 2218 nb_sectors--; 2219 } 2220 s->qdev.max_lba = nb_sectors; 2221 /* reset tray statuses */ 2222 s->tray_locked = 0; 2223 s->tray_open = 0; 2224 } 2225 2226 static void scsi_disk_resize_cb(void *opaque) 2227 { 2228 SCSIDiskState *s = opaque; 2229 2230 /* SPC lists this sense code as available only for 2231 * direct-access devices. 2232 */ 2233 if (s->qdev.type == TYPE_DISK) { 2234 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2235 } 2236 } 2237 2238 static void scsi_cd_change_media_cb(void *opaque, bool load) 2239 { 2240 SCSIDiskState *s = opaque; 2241 2242 /* 2243 * When a CD gets changed, we have to report an ejected state and 2244 * then a loaded state to guests so that they detect tray 2245 * open/close and media change events. Guests that do not use 2246 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2247 * states rely on this behavior. 2248 * 2249 * media_changed governs the state machine used for unit attention 2250 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2251 */ 2252 s->media_changed = load; 2253 s->tray_open = !load; 2254 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2255 s->media_event = true; 2256 s->eject_request = false; 2257 } 2258 2259 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2260 { 2261 SCSIDiskState *s = opaque; 2262 2263 s->eject_request = true; 2264 if (force) { 2265 s->tray_locked = false; 2266 } 2267 } 2268 2269 static bool scsi_cd_is_tray_open(void *opaque) 2270 { 2271 return ((SCSIDiskState *)opaque)->tray_open; 2272 } 2273 2274 static bool scsi_cd_is_medium_locked(void *opaque) 2275 { 2276 return ((SCSIDiskState *)opaque)->tray_locked; 2277 } 2278 2279 static const BlockDevOps scsi_disk_removable_block_ops = { 2280 .change_media_cb = scsi_cd_change_media_cb, 2281 .eject_request_cb = scsi_cd_eject_request_cb, 2282 .is_tray_open = scsi_cd_is_tray_open, 2283 .is_medium_locked = scsi_cd_is_medium_locked, 2284 2285 .resize_cb = scsi_disk_resize_cb, 2286 }; 2287 2288 static const BlockDevOps scsi_disk_block_ops = { 2289 .resize_cb = scsi_disk_resize_cb, 2290 }; 2291 2292 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2293 { 2294 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2295 if (s->media_changed) { 2296 s->media_changed = false; 2297 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2298 } 2299 } 2300 2301 static void scsi_realize(SCSIDevice *dev, Error **errp) 2302 { 2303 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2304 Error *err = NULL; 2305 2306 if (!s->qdev.conf.blk) { 2307 error_setg(errp, "drive property not set"); 2308 return; 2309 } 2310 2311 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2312 !blk_is_inserted(s->qdev.conf.blk)) { 2313 error_setg(errp, "Device needs media, but drive is empty"); 2314 return; 2315 } 2316 2317 blkconf_serial(&s->qdev.conf, &s->serial); 2318 blkconf_blocksizes(&s->qdev.conf); 2319 if (dev->type == TYPE_DISK) { 2320 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2321 if (err) { 2322 error_propagate(errp, err); 2323 return; 2324 } 2325 } 2326 2327 if (s->qdev.conf.discard_granularity == -1) { 2328 s->qdev.conf.discard_granularity = 2329 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2330 } 2331 2332 if (!s->version) { 2333 s->version = g_strdup(qemu_hw_version()); 2334 } 2335 if (!s->vendor) { 2336 s->vendor = g_strdup("QEMU"); 2337 } 2338 2339 if (blk_is_sg(s->qdev.conf.blk)) { 2340 error_setg(errp, "unwanted /dev/sg*"); 2341 return; 2342 } 2343 2344 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2345 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2346 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2347 } else { 2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2349 } 2350 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2351 2352 blk_iostatus_enable(s->qdev.conf.blk); 2353 } 2354 2355 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2356 { 2357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2358 /* can happen for devices without drive. The error message for missing 2359 * backend will be issued in scsi_realize 2360 */ 2361 if (s->qdev.conf.blk) { 2362 blkconf_blocksizes(&s->qdev.conf); 2363 } 2364 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2365 s->qdev.type = TYPE_DISK; 2366 if (!s->product) { 2367 s->product = g_strdup("QEMU HARDDISK"); 2368 } 2369 scsi_realize(&s->qdev, errp); 2370 } 2371 2372 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2373 { 2374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2375 s->qdev.blocksize = 2048; 2376 s->qdev.type = TYPE_ROM; 2377 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2378 if (!s->product) { 2379 s->product = g_strdup("QEMU CD-ROM"); 2380 } 2381 scsi_realize(&s->qdev, errp); 2382 } 2383 2384 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2385 { 2386 DriveInfo *dinfo; 2387 Error *local_err = NULL; 2388 2389 if (!dev->conf.blk) { 2390 scsi_realize(dev, &local_err); 2391 assert(local_err); 2392 error_propagate(errp, local_err); 2393 return; 2394 } 2395 2396 dinfo = blk_legacy_dinfo(dev->conf.blk); 2397 if (dinfo && dinfo->media_cd) { 2398 scsi_cd_realize(dev, errp); 2399 } else { 2400 scsi_hd_realize(dev, errp); 2401 } 2402 } 2403 2404 static const SCSIReqOps scsi_disk_emulate_reqops = { 2405 .size = sizeof(SCSIDiskReq), 2406 .free_req = scsi_free_request, 2407 .send_command = scsi_disk_emulate_command, 2408 .read_data = scsi_disk_emulate_read_data, 2409 .write_data = scsi_disk_emulate_write_data, 2410 .get_buf = scsi_get_buf, 2411 }; 2412 2413 static const SCSIReqOps scsi_disk_dma_reqops = { 2414 .size = sizeof(SCSIDiskReq), 2415 .free_req = scsi_free_request, 2416 .send_command = scsi_disk_dma_command, 2417 .read_data = scsi_read_data, 2418 .write_data = scsi_write_data, 2419 .get_buf = scsi_get_buf, 2420 .load_request = scsi_disk_load_request, 2421 .save_request = scsi_disk_save_request, 2422 }; 2423 2424 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2425 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2426 [INQUIRY] = &scsi_disk_emulate_reqops, 2427 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2428 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2429 [START_STOP] = &scsi_disk_emulate_reqops, 2430 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2431 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2432 [READ_TOC] = &scsi_disk_emulate_reqops, 2433 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2434 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2435 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2436 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2437 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2438 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2439 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2440 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2441 [SEEK_10] = &scsi_disk_emulate_reqops, 2442 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2443 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2444 [UNMAP] = &scsi_disk_emulate_reqops, 2445 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2446 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2447 [VERIFY_10] = &scsi_disk_emulate_reqops, 2448 [VERIFY_12] = &scsi_disk_emulate_reqops, 2449 [VERIFY_16] = &scsi_disk_emulate_reqops, 2450 2451 [READ_6] = &scsi_disk_dma_reqops, 2452 [READ_10] = &scsi_disk_dma_reqops, 2453 [READ_12] = &scsi_disk_dma_reqops, 2454 [READ_16] = &scsi_disk_dma_reqops, 2455 [WRITE_6] = &scsi_disk_dma_reqops, 2456 [WRITE_10] = &scsi_disk_dma_reqops, 2457 [WRITE_12] = &scsi_disk_dma_reqops, 2458 [WRITE_16] = &scsi_disk_dma_reqops, 2459 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2460 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2461 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2462 }; 2463 2464 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2465 uint8_t *buf, void *hba_private) 2466 { 2467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2468 SCSIRequest *req; 2469 const SCSIReqOps *ops; 2470 uint8_t command; 2471 2472 command = buf[0]; 2473 ops = scsi_disk_reqops_dispatch[command]; 2474 if (!ops) { 2475 ops = &scsi_disk_emulate_reqops; 2476 } 2477 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2478 2479 #ifdef DEBUG_SCSI 2480 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2481 { 2482 int i; 2483 for (i = 1; i < scsi_cdb_length(buf); i++) { 2484 printf(" 0x%02x", buf[i]); 2485 } 2486 printf("\n"); 2487 } 2488 #endif 2489 2490 return req; 2491 } 2492 2493 #ifdef __linux__ 2494 static int get_device_type(SCSIDiskState *s) 2495 { 2496 uint8_t cmd[16]; 2497 uint8_t buf[36]; 2498 uint8_t sensebuf[8]; 2499 sg_io_hdr_t io_header; 2500 int ret; 2501 2502 memset(cmd, 0, sizeof(cmd)); 2503 memset(buf, 0, sizeof(buf)); 2504 cmd[0] = INQUIRY; 2505 cmd[4] = sizeof(buf); 2506 2507 memset(&io_header, 0, sizeof(io_header)); 2508 io_header.interface_id = 'S'; 2509 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2510 io_header.dxfer_len = sizeof(buf); 2511 io_header.dxferp = buf; 2512 io_header.cmdp = cmd; 2513 io_header.cmd_len = sizeof(cmd); 2514 io_header.mx_sb_len = sizeof(sensebuf); 2515 io_header.sbp = sensebuf; 2516 io_header.timeout = 6000; /* XXX */ 2517 2518 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2519 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2520 return -1; 2521 } 2522 s->qdev.type = buf[0]; 2523 if (buf[1] & 0x80) { 2524 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2525 } 2526 return 0; 2527 } 2528 2529 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2530 { 2531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2532 int sg_version; 2533 int rc; 2534 2535 if (!s->qdev.conf.blk) { 2536 error_setg(errp, "drive property not set"); 2537 return; 2538 } 2539 2540 /* check we are using a driver managing SG_IO (version 3 and after) */ 2541 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2542 if (rc < 0) { 2543 error_setg(errp, "cannot get SG_IO version number: %s. " 2544 "Is this a SCSI device?", 2545 strerror(-rc)); 2546 return; 2547 } 2548 if (sg_version < 30000) { 2549 error_setg(errp, "scsi generic interface too old"); 2550 return; 2551 } 2552 2553 /* get device type from INQUIRY data */ 2554 rc = get_device_type(s); 2555 if (rc < 0) { 2556 error_setg(errp, "INQUIRY failed"); 2557 return; 2558 } 2559 2560 /* Make a guess for the block size, we'll fix it when the guest sends. 2561 * READ CAPACITY. If they don't, they likely would assume these sizes 2562 * anyway. (TODO: check in /sys). 2563 */ 2564 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2565 s->qdev.blocksize = 2048; 2566 } else { 2567 s->qdev.blocksize = 512; 2568 } 2569 2570 /* Makes the scsi-block device not removable by using HMP and QMP eject 2571 * command. 2572 */ 2573 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2574 2575 scsi_realize(&s->qdev, errp); 2576 scsi_generic_read_device_identification(&s->qdev); 2577 } 2578 2579 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2580 { 2581 switch (buf[0]) { 2582 case READ_6: 2583 case READ_10: 2584 case READ_12: 2585 case READ_16: 2586 case VERIFY_10: 2587 case VERIFY_12: 2588 case VERIFY_16: 2589 case WRITE_6: 2590 case WRITE_10: 2591 case WRITE_12: 2592 case WRITE_16: 2593 case WRITE_VERIFY_10: 2594 case WRITE_VERIFY_12: 2595 case WRITE_VERIFY_16: 2596 /* If we are not using O_DIRECT, we might read stale data from the 2597 * host cache if writes were made using other commands than these 2598 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2599 * O_DIRECT everything must go through SG_IO. 2600 */ 2601 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2602 break; 2603 } 2604 2605 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2606 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2607 * And once you do these writes, reading from the block device is 2608 * unreliable, too. It is even possible that reads deliver random data 2609 * from the host page cache (this is probably a Linux bug). 2610 * 2611 * We might use scsi_disk_dma_reqops as long as no writing commands are 2612 * seen, but performance usually isn't paramount on optical media. So, 2613 * just make scsi-block operate the same as scsi-generic for them. 2614 */ 2615 if (s->qdev.type != TYPE_ROM) { 2616 return false; 2617 } 2618 break; 2619 2620 default: 2621 break; 2622 } 2623 2624 return true; 2625 } 2626 2627 2628 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2629 uint32_t lun, uint8_t *buf, 2630 void *hba_private) 2631 { 2632 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2633 2634 if (scsi_block_is_passthrough(s, buf)) { 2635 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2636 hba_private); 2637 } else { 2638 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2639 hba_private); 2640 } 2641 } 2642 2643 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2644 uint8_t *buf, void *hba_private) 2645 { 2646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2647 2648 if (scsi_block_is_passthrough(s, buf)) { 2649 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2650 } else { 2651 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2652 } 2653 } 2654 2655 #endif 2656 2657 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2658 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2659 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2660 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2661 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2662 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2663 2664 static Property scsi_hd_properties[] = { 2665 DEFINE_SCSI_DISK_PROPERTIES(), 2666 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2667 SCSI_DISK_F_REMOVABLE, false), 2668 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2669 SCSI_DISK_F_DPOFUA, false), 2670 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2671 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2672 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2673 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2674 DEFAULT_MAX_UNMAP_SIZE), 2675 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2676 DEFAULT_MAX_IO_SIZE), 2677 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2678 DEFINE_PROP_END_OF_LIST(), 2679 }; 2680 2681 static const VMStateDescription vmstate_scsi_disk_state = { 2682 .name = "scsi-disk", 2683 .version_id = 1, 2684 .minimum_version_id = 1, 2685 .fields = (VMStateField[]) { 2686 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2687 VMSTATE_BOOL(media_changed, SCSIDiskState), 2688 VMSTATE_BOOL(media_event, SCSIDiskState), 2689 VMSTATE_BOOL(eject_request, SCSIDiskState), 2690 VMSTATE_BOOL(tray_open, SCSIDiskState), 2691 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2692 VMSTATE_END_OF_LIST() 2693 } 2694 }; 2695 2696 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2697 { 2698 DeviceClass *dc = DEVICE_CLASS(klass); 2699 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2700 2701 sc->realize = scsi_hd_realize; 2702 sc->alloc_req = scsi_new_request; 2703 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2704 dc->fw_name = "disk"; 2705 dc->desc = "virtual SCSI disk"; 2706 dc->reset = scsi_disk_reset; 2707 dc->props = scsi_hd_properties; 2708 dc->vmsd = &vmstate_scsi_disk_state; 2709 } 2710 2711 static const TypeInfo scsi_hd_info = { 2712 .name = "scsi-hd", 2713 .parent = TYPE_SCSI_DEVICE, 2714 .instance_size = sizeof(SCSIDiskState), 2715 .class_init = scsi_hd_class_initfn, 2716 }; 2717 2718 static Property scsi_cd_properties[] = { 2719 DEFINE_SCSI_DISK_PROPERTIES(), 2720 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2721 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2722 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2723 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2724 DEFAULT_MAX_IO_SIZE), 2725 DEFINE_PROP_END_OF_LIST(), 2726 }; 2727 2728 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2729 { 2730 DeviceClass *dc = DEVICE_CLASS(klass); 2731 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2732 2733 sc->realize = scsi_cd_realize; 2734 sc->alloc_req = scsi_new_request; 2735 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2736 dc->fw_name = "disk"; 2737 dc->desc = "virtual SCSI CD-ROM"; 2738 dc->reset = scsi_disk_reset; 2739 dc->props = scsi_cd_properties; 2740 dc->vmsd = &vmstate_scsi_disk_state; 2741 } 2742 2743 static const TypeInfo scsi_cd_info = { 2744 .name = "scsi-cd", 2745 .parent = TYPE_SCSI_DEVICE, 2746 .instance_size = sizeof(SCSIDiskState), 2747 .class_init = scsi_cd_class_initfn, 2748 }; 2749 2750 #ifdef __linux__ 2751 static Property scsi_block_properties[] = { 2752 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2753 DEFINE_PROP_END_OF_LIST(), 2754 }; 2755 2756 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2757 { 2758 DeviceClass *dc = DEVICE_CLASS(klass); 2759 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2760 2761 sc->realize = scsi_block_realize; 2762 sc->alloc_req = scsi_block_new_request; 2763 sc->parse_cdb = scsi_block_parse_cdb; 2764 dc->fw_name = "disk"; 2765 dc->desc = "SCSI block device passthrough"; 2766 dc->reset = scsi_disk_reset; 2767 dc->props = scsi_block_properties; 2768 dc->vmsd = &vmstate_scsi_disk_state; 2769 } 2770 2771 static const TypeInfo scsi_block_info = { 2772 .name = "scsi-block", 2773 .parent = TYPE_SCSI_DEVICE, 2774 .instance_size = sizeof(SCSIDiskState), 2775 .class_init = scsi_block_class_initfn, 2776 }; 2777 #endif 2778 2779 static Property scsi_disk_properties[] = { 2780 DEFINE_SCSI_DISK_PROPERTIES(), 2781 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2782 SCSI_DISK_F_REMOVABLE, false), 2783 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2784 SCSI_DISK_F_DPOFUA, false), 2785 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2786 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2787 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2788 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2789 DEFAULT_MAX_UNMAP_SIZE), 2790 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2791 DEFAULT_MAX_IO_SIZE), 2792 DEFINE_PROP_END_OF_LIST(), 2793 }; 2794 2795 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2796 { 2797 DeviceClass *dc = DEVICE_CLASS(klass); 2798 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2799 2800 sc->realize = scsi_disk_realize; 2801 sc->alloc_req = scsi_new_request; 2802 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2803 dc->fw_name = "disk"; 2804 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2805 dc->reset = scsi_disk_reset; 2806 dc->props = scsi_disk_properties; 2807 dc->vmsd = &vmstate_scsi_disk_state; 2808 } 2809 2810 static const TypeInfo scsi_disk_info = { 2811 .name = "scsi-disk", 2812 .parent = TYPE_SCSI_DEVICE, 2813 .instance_size = sizeof(SCSIDiskState), 2814 .class_init = scsi_disk_class_initfn, 2815 }; 2816 2817 static void scsi_disk_register_types(void) 2818 { 2819 type_register_static(&scsi_hd_info); 2820 type_register_static(&scsi_cd_info); 2821 #ifdef __linux__ 2822 type_register_static(&scsi_block_info); 2823 #endif 2824 type_register_static(&scsi_disk_info); 2825 } 2826 2827 type_init(scsi_disk_register_types) 2828