1 /* 2 * Generic SCSI Device support 3 * 4 * Copyright (c) 2007 Bull S.A.S. 5 * Based on code by Paul Brook 6 * Based on code by Fabrice Bellard 7 * 8 * Written by Laurent Vivier <Laurent.Vivier@bull.net> 9 * 10 * This code is licensed under the LGPL. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qapi/error.h" 16 #include "qemu-common.h" 17 #include "qemu/error-report.h" 18 #include "hw/scsi/scsi.h" 19 #include "sysemu/block-backend.h" 20 #include "sysemu/blockdev.h" 21 22 #ifdef __linux__ 23 24 //#define DEBUG_SCSI 25 26 #ifdef DEBUG_SCSI 27 #define DPRINTF(fmt, ...) \ 28 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 29 #else 30 #define DPRINTF(fmt, ...) do {} while(0) 31 #endif 32 33 #define BADF(fmt, ...) \ 34 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 35 36 #include <scsi/sg.h> 37 #include "block/scsi.h" 38 39 #define SG_ERR_DRIVER_TIMEOUT 0x06 40 #define SG_ERR_DRIVER_SENSE 0x08 41 42 #define SG_ERR_DID_OK 0x00 43 #define SG_ERR_DID_NO_CONNECT 0x01 44 #define SG_ERR_DID_BUS_BUSY 0x02 45 #define SG_ERR_DID_TIME_OUT 0x03 46 47 #ifndef MAX_UINT 48 #define MAX_UINT ((unsigned int)-1) 49 #endif 50 51 typedef struct SCSIGenericReq { 52 SCSIRequest req; 53 uint8_t *buf; 54 int buflen; 55 int len; 56 sg_io_hdr_t io_header; 57 } SCSIGenericReq; 58 59 static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req) 60 { 61 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 62 63 qemu_put_sbe32s(f, &r->buflen); 64 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 65 assert(!r->req.sg); 66 qemu_put_buffer(f, r->buf, r->req.cmd.xfer); 67 } 68 } 69 70 static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req) 71 { 72 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 73 74 qemu_get_sbe32s(f, &r->buflen); 75 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 76 assert(!r->req.sg); 77 qemu_get_buffer(f, r->buf, r->req.cmd.xfer); 78 } 79 } 80 81 static void scsi_free_request(SCSIRequest *req) 82 { 83 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 84 85 g_free(r->buf); 86 } 87 88 /* Helper function for command completion. */ 89 static void scsi_command_complete_noio(SCSIGenericReq *r, int ret) 90 { 91 int status; 92 93 assert(r->req.aiocb == NULL); 94 95 if (r->req.io_canceled) { 96 scsi_req_cancel_complete(&r->req); 97 goto done; 98 } 99 if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 100 r->req.sense_len = r->io_header.sb_len_wr; 101 } 102 103 if (ret != 0) { 104 switch (ret) { 105 case -EDOM: 106 status = TASK_SET_FULL; 107 break; 108 case -ENOMEM: 109 status = CHECK_CONDITION; 110 scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE)); 111 break; 112 default: 113 status = CHECK_CONDITION; 114 scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR)); 115 break; 116 } 117 } else { 118 if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT || 119 r->io_header.host_status == SG_ERR_DID_BUS_BUSY || 120 r->io_header.host_status == SG_ERR_DID_TIME_OUT || 121 (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) { 122 status = BUSY; 123 BADF("Driver Timeout\n"); 124 } else if (r->io_header.host_status) { 125 status = CHECK_CONDITION; 126 scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS)); 127 } else if (r->io_header.status) { 128 status = r->io_header.status; 129 } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 130 status = CHECK_CONDITION; 131 } else { 132 status = GOOD; 133 } 134 } 135 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n", 136 r, r->req.tag, status); 137 138 scsi_req_complete(&r->req, status); 139 done: 140 scsi_req_unref(&r->req); 141 } 142 143 static void scsi_command_complete(void *opaque, int ret) 144 { 145 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 146 147 assert(r->req.aiocb != NULL); 148 r->req.aiocb = NULL; 149 scsi_command_complete_noio(r, ret); 150 } 151 152 static int execute_command(BlockBackend *blk, 153 SCSIGenericReq *r, int direction, 154 BlockCompletionFunc *complete) 155 { 156 r->io_header.interface_id = 'S'; 157 r->io_header.dxfer_direction = direction; 158 r->io_header.dxferp = r->buf; 159 r->io_header.dxfer_len = r->buflen; 160 r->io_header.cmdp = r->req.cmd.buf; 161 r->io_header.cmd_len = r->req.cmd.len; 162 r->io_header.mx_sb_len = sizeof(r->req.sense); 163 r->io_header.sbp = r->req.sense; 164 r->io_header.timeout = MAX_UINT; 165 r->io_header.usr_ptr = r; 166 r->io_header.flags |= SG_FLAG_DIRECT_IO; 167 168 r->req.aiocb = blk_aio_ioctl(blk, SG_IO, &r->io_header, complete, r); 169 if (r->req.aiocb == NULL) { 170 return -EIO; 171 } 172 173 return 0; 174 } 175 176 static void scsi_read_complete(void * opaque, int ret) 177 { 178 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 179 SCSIDevice *s = r->req.dev; 180 int len; 181 182 assert(r->req.aiocb != NULL); 183 r->req.aiocb = NULL; 184 185 if (ret || r->req.io_canceled) { 186 scsi_command_complete_noio(r, ret); 187 return; 188 } 189 190 len = r->io_header.dxfer_len - r->io_header.resid; 191 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len); 192 193 r->len = -1; 194 if (len == 0) { 195 scsi_command_complete_noio(r, 0); 196 return; 197 } 198 199 /* Snoop READ CAPACITY output to set the blocksize. */ 200 if (r->req.cmd.buf[0] == READ_CAPACITY_10 && 201 (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) { 202 s->blocksize = ldl_be_p(&r->buf[4]); 203 s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL; 204 } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 && 205 (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 206 s->blocksize = ldl_be_p(&r->buf[8]); 207 s->max_lba = ldq_be_p(&r->buf[0]); 208 } 209 blk_set_guest_block_size(s->conf.blk, s->blocksize); 210 211 /* Patch MODE SENSE device specific parameters if the BDS is opened 212 * readonly. 213 */ 214 if ((s->type == TYPE_DISK || s->type == TYPE_TAPE) && 215 blk_is_read_only(s->conf.blk) && 216 (r->req.cmd.buf[0] == MODE_SENSE || 217 r->req.cmd.buf[0] == MODE_SENSE_10) && 218 (r->req.cmd.buf[1] & 0x8) == 0) { 219 if (r->req.cmd.buf[0] == MODE_SENSE) { 220 r->buf[2] |= 0x80; 221 } else { 222 r->buf[3] |= 0x80; 223 } 224 } 225 if (s->type == TYPE_DISK && 226 r->req.cmd.buf[0] == INQUIRY && 227 r->req.cmd.buf[2] == 0xb0) { 228 uint32_t max_transfer = 229 blk_get_max_transfer(s->conf.blk) / s->blocksize; 230 231 assert(max_transfer); 232 stl_be_p(&r->buf[8], max_transfer); 233 /* Also take care of the opt xfer len. */ 234 if (ldl_be_p(&r->buf[12]) > max_transfer) { 235 stl_be_p(&r->buf[12], max_transfer); 236 } 237 } 238 scsi_req_data(&r->req, len); 239 scsi_req_unref(&r->req); 240 } 241 242 /* Read more data from scsi device into buffer. */ 243 static void scsi_read_data(SCSIRequest *req) 244 { 245 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 246 SCSIDevice *s = r->req.dev; 247 int ret; 248 249 DPRINTF("scsi_read_data tag=0x%x\n", req->tag); 250 251 /* The request is used as the AIO opaque value, so add a ref. */ 252 scsi_req_ref(&r->req); 253 if (r->len == -1) { 254 scsi_command_complete_noio(r, 0); 255 return; 256 } 257 258 ret = execute_command(s->conf.blk, r, SG_DXFER_FROM_DEV, 259 scsi_read_complete); 260 if (ret < 0) { 261 scsi_command_complete_noio(r, ret); 262 } 263 } 264 265 static void scsi_write_complete(void * opaque, int ret) 266 { 267 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 268 SCSIDevice *s = r->req.dev; 269 270 DPRINTF("scsi_write_complete() ret = %d\n", ret); 271 272 assert(r->req.aiocb != NULL); 273 r->req.aiocb = NULL; 274 275 if (ret || r->req.io_canceled) { 276 scsi_command_complete_noio(r, ret); 277 return; 278 } 279 280 if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 && 281 s->type == TYPE_TAPE) { 282 s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11]; 283 DPRINTF("block size %d\n", s->blocksize); 284 } 285 286 scsi_command_complete_noio(r, ret); 287 } 288 289 /* Write data to a scsi device. Returns nonzero on failure. 290 The transfer may complete asynchronously. */ 291 static void scsi_write_data(SCSIRequest *req) 292 { 293 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 294 SCSIDevice *s = r->req.dev; 295 int ret; 296 297 DPRINTF("scsi_write_data tag=0x%x\n", req->tag); 298 if (r->len == 0) { 299 r->len = r->buflen; 300 scsi_req_data(&r->req, r->len); 301 return; 302 } 303 304 /* The request is used as the AIO opaque value, so add a ref. */ 305 scsi_req_ref(&r->req); 306 ret = execute_command(s->conf.blk, r, SG_DXFER_TO_DEV, scsi_write_complete); 307 if (ret < 0) { 308 scsi_command_complete_noio(r, ret); 309 } 310 } 311 312 /* Return a pointer to the data buffer. */ 313 static uint8_t *scsi_get_buf(SCSIRequest *req) 314 { 315 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 316 317 return r->buf; 318 } 319 320 /* Execute a scsi command. Returns the length of the data expected by the 321 command. This will be Positive for data transfers from the device 322 (eg. disk reads), negative for transfers to the device (eg. disk writes), 323 and zero if the command does not transfer any data. */ 324 325 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd) 326 { 327 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 328 SCSIDevice *s = r->req.dev; 329 int ret; 330 331 #ifdef DEBUG_SCSI 332 DPRINTF("Command: data=0x%02x", cmd[0]); 333 { 334 int i; 335 for (i = 1; i < r->req.cmd.len; i++) { 336 printf(" 0x%02x", cmd[i]); 337 } 338 printf("\n"); 339 } 340 #endif 341 342 if (r->req.cmd.xfer == 0) { 343 g_free(r->buf); 344 r->buflen = 0; 345 r->buf = NULL; 346 /* The request is used as the AIO opaque value, so add a ref. */ 347 scsi_req_ref(&r->req); 348 ret = execute_command(s->conf.blk, r, SG_DXFER_NONE, 349 scsi_command_complete); 350 if (ret < 0) { 351 scsi_command_complete_noio(r, ret); 352 return 0; 353 } 354 return 0; 355 } 356 357 if (r->buflen != r->req.cmd.xfer) { 358 g_free(r->buf); 359 r->buf = g_malloc(r->req.cmd.xfer); 360 r->buflen = r->req.cmd.xfer; 361 } 362 363 memset(r->buf, 0, r->buflen); 364 r->len = r->req.cmd.xfer; 365 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 366 r->len = 0; 367 return -r->req.cmd.xfer; 368 } else { 369 return r->req.cmd.xfer; 370 } 371 } 372 373 static int read_naa_id(const uint8_t *p, uint64_t *p_wwn) 374 { 375 int i; 376 377 if ((p[1] & 0xF) == 3) { 378 /* NAA designator type */ 379 if (p[3] != 8) { 380 return -EINVAL; 381 } 382 *p_wwn = ldq_be_p(p + 4); 383 return 0; 384 } 385 386 if ((p[1] & 0xF) == 8) { 387 /* SCSI name string designator type */ 388 if (p[3] < 20 || memcmp(&p[4], "naa.", 4)) { 389 return -EINVAL; 390 } 391 if (p[3] > 20 && p[24] != ',') { 392 return -EINVAL; 393 } 394 *p_wwn = 0; 395 for (i = 8; i < 24; i++) { 396 char c = toupper(p[i]); 397 c -= (c >= '0' && c <= '9' ? '0' : 'A' - 10); 398 *p_wwn = (*p_wwn << 4) | c; 399 } 400 return 0; 401 } 402 403 return -EINVAL; 404 } 405 406 void scsi_generic_read_device_identification(SCSIDevice *s) 407 { 408 uint8_t cmd[6]; 409 uint8_t buf[250]; 410 uint8_t sensebuf[8]; 411 sg_io_hdr_t io_header; 412 int ret; 413 int i, len; 414 415 memset(cmd, 0, sizeof(cmd)); 416 memset(buf, 0, sizeof(buf)); 417 cmd[0] = INQUIRY; 418 cmd[1] = 1; 419 cmd[2] = 0x83; 420 cmd[4] = sizeof(buf); 421 422 memset(&io_header, 0, sizeof(io_header)); 423 io_header.interface_id = 'S'; 424 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 425 io_header.dxfer_len = sizeof(buf); 426 io_header.dxferp = buf; 427 io_header.cmdp = cmd; 428 io_header.cmd_len = sizeof(cmd); 429 io_header.mx_sb_len = sizeof(sensebuf); 430 io_header.sbp = sensebuf; 431 io_header.timeout = 6000; /* XXX */ 432 433 ret = blk_ioctl(s->conf.blk, SG_IO, &io_header); 434 if (ret < 0 || io_header.driver_status || io_header.host_status) { 435 return; 436 } 437 438 len = MIN((buf[2] << 8) | buf[3], sizeof(buf) - 4); 439 for (i = 0; i + 3 <= len; ) { 440 const uint8_t *p = &buf[i + 4]; 441 uint64_t wwn; 442 443 if (i + (p[3] + 4) > len) { 444 break; 445 } 446 447 if ((p[1] & 0x10) == 0) { 448 /* Associated with the logical unit */ 449 if (read_naa_id(p, &wwn) == 0) { 450 s->wwn = wwn; 451 } 452 } else if ((p[1] & 0x10) == 0x10) { 453 /* Associated with the target port */ 454 if (read_naa_id(p, &wwn) == 0) { 455 s->port_wwn = wwn; 456 } 457 } 458 459 i += p[3] + 4; 460 } 461 } 462 463 static int get_stream_blocksize(BlockBackend *blk) 464 { 465 uint8_t cmd[6]; 466 uint8_t buf[12]; 467 uint8_t sensebuf[8]; 468 sg_io_hdr_t io_header; 469 int ret; 470 471 memset(cmd, 0, sizeof(cmd)); 472 memset(buf, 0, sizeof(buf)); 473 cmd[0] = MODE_SENSE; 474 cmd[4] = sizeof(buf); 475 476 memset(&io_header, 0, sizeof(io_header)); 477 io_header.interface_id = 'S'; 478 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 479 io_header.dxfer_len = sizeof(buf); 480 io_header.dxferp = buf; 481 io_header.cmdp = cmd; 482 io_header.cmd_len = sizeof(cmd); 483 io_header.mx_sb_len = sizeof(sensebuf); 484 io_header.sbp = sensebuf; 485 io_header.timeout = 6000; /* XXX */ 486 487 ret = blk_ioctl(blk, SG_IO, &io_header); 488 if (ret < 0 || io_header.driver_status || io_header.host_status) { 489 return -1; 490 } 491 return (buf[9] << 16) | (buf[10] << 8) | buf[11]; 492 } 493 494 static void scsi_generic_reset(DeviceState *dev) 495 { 496 SCSIDevice *s = SCSI_DEVICE(dev); 497 498 scsi_device_purge_requests(s, SENSE_CODE(RESET)); 499 } 500 501 static void scsi_generic_realize(SCSIDevice *s, Error **errp) 502 { 503 int rc; 504 int sg_version; 505 struct sg_scsi_id scsiid; 506 507 if (!s->conf.blk) { 508 error_setg(errp, "drive property not set"); 509 return; 510 } 511 512 if (blk_get_on_error(s->conf.blk, 0) != BLOCKDEV_ON_ERROR_ENOSPC) { 513 error_setg(errp, "Device doesn't support drive option werror"); 514 return; 515 } 516 if (blk_get_on_error(s->conf.blk, 1) != BLOCKDEV_ON_ERROR_REPORT) { 517 error_setg(errp, "Device doesn't support drive option rerror"); 518 return; 519 } 520 521 /* check we are using a driver managing SG_IO (version 3 and after */ 522 rc = blk_ioctl(s->conf.blk, SG_GET_VERSION_NUM, &sg_version); 523 if (rc < 0) { 524 error_setg(errp, "cannot get SG_IO version number: %s. " 525 "Is this a SCSI device?", 526 strerror(-rc)); 527 return; 528 } 529 if (sg_version < 30000) { 530 error_setg(errp, "scsi generic interface too old"); 531 return; 532 } 533 534 /* get LUN of the /dev/sg? */ 535 if (blk_ioctl(s->conf.blk, SG_GET_SCSI_ID, &scsiid)) { 536 error_setg(errp, "SG_GET_SCSI_ID ioctl failed"); 537 return; 538 } 539 540 /* define device state */ 541 s->type = scsiid.scsi_type; 542 DPRINTF("device type %d\n", s->type); 543 544 switch (s->type) { 545 case TYPE_TAPE: 546 s->blocksize = get_stream_blocksize(s->conf.blk); 547 if (s->blocksize == -1) { 548 s->blocksize = 0; 549 } 550 break; 551 552 /* Make a guess for block devices, we'll fix it when the guest sends. 553 * READ CAPACITY. If they don't, they likely would assume these sizes 554 * anyway. (TODO: they could also send MODE SENSE). 555 */ 556 case TYPE_ROM: 557 case TYPE_WORM: 558 s->blocksize = 2048; 559 break; 560 default: 561 s->blocksize = 512; 562 break; 563 } 564 565 DPRINTF("block size %d\n", s->blocksize); 566 567 scsi_generic_read_device_identification(s); 568 } 569 570 const SCSIReqOps scsi_generic_req_ops = { 571 .size = sizeof(SCSIGenericReq), 572 .free_req = scsi_free_request, 573 .send_command = scsi_send_command, 574 .read_data = scsi_read_data, 575 .write_data = scsi_write_data, 576 .get_buf = scsi_get_buf, 577 .load_request = scsi_generic_load_request, 578 .save_request = scsi_generic_save_request, 579 }; 580 581 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 582 uint8_t *buf, void *hba_private) 583 { 584 return scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private); 585 } 586 587 static Property scsi_generic_properties[] = { 588 DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.blk), 589 DEFINE_PROP_END_OF_LIST(), 590 }; 591 592 static int scsi_generic_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, 593 uint8_t *buf, void *hba_private) 594 { 595 return scsi_bus_parse_cdb(dev, cmd, buf, hba_private); 596 } 597 598 static void scsi_generic_class_initfn(ObjectClass *klass, void *data) 599 { 600 DeviceClass *dc = DEVICE_CLASS(klass); 601 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 602 603 sc->realize = scsi_generic_realize; 604 sc->alloc_req = scsi_new_request; 605 sc->parse_cdb = scsi_generic_parse_cdb; 606 dc->fw_name = "disk"; 607 dc->desc = "pass through generic scsi device (/dev/sg*)"; 608 dc->reset = scsi_generic_reset; 609 dc->props = scsi_generic_properties; 610 dc->vmsd = &vmstate_scsi_device; 611 } 612 613 static const TypeInfo scsi_generic_info = { 614 .name = "scsi-generic", 615 .parent = TYPE_SCSI_DEVICE, 616 .instance_size = sizeof(SCSIDevice), 617 .class_init = scsi_generic_class_initfn, 618 }; 619 620 static void scsi_generic_register_types(void) 621 { 622 type_register_static(&scsi_generic_info); 623 } 624 625 type_init(scsi_generic_register_types) 626 627 #endif /* __linux__ */ 628