1 /* 2 * Generic SCSI Device support 3 * 4 * Copyright (c) 2007 Bull S.A.S. 5 * Based on code by Paul Brook 6 * Based on code by Fabrice Bellard 7 * 8 * Written by Laurent Vivier <Laurent.Vivier@bull.net> 9 * 10 * This code is licensed under the LGPL. 11 * 12 */ 13 14 #include "qemu-common.h" 15 #include "qemu/error-report.h" 16 #include "hw/scsi/scsi.h" 17 #include "sysemu/blockdev.h" 18 19 #ifdef __linux__ 20 21 //#define DEBUG_SCSI 22 23 #ifdef DEBUG_SCSI 24 #define DPRINTF(fmt, ...) \ 25 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 26 #else 27 #define DPRINTF(fmt, ...) do {} while(0) 28 #endif 29 30 #define BADF(fmt, ...) \ 31 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 32 33 #include <stdio.h> 34 #include <sys/types.h> 35 #include <sys/stat.h> 36 #include <unistd.h> 37 #include <scsi/sg.h> 38 #include "block/scsi.h" 39 40 #define SG_ERR_DRIVER_TIMEOUT 0x06 41 #define SG_ERR_DRIVER_SENSE 0x08 42 43 #define SG_ERR_DID_OK 0x00 44 #define SG_ERR_DID_NO_CONNECT 0x01 45 #define SG_ERR_DID_BUS_BUSY 0x02 46 #define SG_ERR_DID_TIME_OUT 0x03 47 48 #ifndef MAX_UINT 49 #define MAX_UINT ((unsigned int)-1) 50 #endif 51 52 typedef struct SCSIGenericReq { 53 SCSIRequest req; 54 uint8_t *buf; 55 int buflen; 56 int len; 57 sg_io_hdr_t io_header; 58 } SCSIGenericReq; 59 60 static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req) 61 { 62 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 63 64 qemu_put_sbe32s(f, &r->buflen); 65 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 66 assert(!r->req.sg); 67 qemu_put_buffer(f, r->buf, r->req.cmd.xfer); 68 } 69 } 70 71 static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req) 72 { 73 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 74 75 qemu_get_sbe32s(f, &r->buflen); 76 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 77 assert(!r->req.sg); 78 qemu_get_buffer(f, r->buf, r->req.cmd.xfer); 79 } 80 } 81 82 static void scsi_free_request(SCSIRequest *req) 83 { 84 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 85 86 g_free(r->buf); 87 } 88 89 /* Helper function for command completion. */ 90 static void scsi_command_complete(void *opaque, int ret) 91 { 92 int status; 93 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 94 95 r->req.aiocb = NULL; 96 if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 97 r->req.sense_len = r->io_header.sb_len_wr; 98 } 99 100 if (ret != 0) { 101 switch (ret) { 102 case -EDOM: 103 status = TASK_SET_FULL; 104 break; 105 case -ENOMEM: 106 status = CHECK_CONDITION; 107 scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE)); 108 break; 109 default: 110 status = CHECK_CONDITION; 111 scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR)); 112 break; 113 } 114 } else { 115 if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT || 116 r->io_header.host_status == SG_ERR_DID_BUS_BUSY || 117 r->io_header.host_status == SG_ERR_DID_TIME_OUT || 118 (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) { 119 status = BUSY; 120 BADF("Driver Timeout\n"); 121 } else if (r->io_header.host_status) { 122 status = CHECK_CONDITION; 123 scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS)); 124 } else if (r->io_header.status) { 125 status = r->io_header.status; 126 } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 127 status = CHECK_CONDITION; 128 } else { 129 status = GOOD; 130 } 131 } 132 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n", 133 r, r->req.tag, status); 134 135 scsi_req_complete(&r->req, status); 136 if (!r->req.io_canceled) { 137 scsi_req_unref(&r->req); 138 } 139 } 140 141 /* Cancel a pending data transfer. */ 142 static void scsi_cancel_io(SCSIRequest *req) 143 { 144 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 145 146 DPRINTF("Cancel tag=0x%x\n", req->tag); 147 if (r->req.aiocb) { 148 bdrv_aio_cancel(r->req.aiocb); 149 150 /* This reference was left in by scsi_*_data. We take ownership of 151 * it independent of whether bdrv_aio_cancel completes the request 152 * or not. */ 153 scsi_req_unref(&r->req); 154 } 155 r->req.aiocb = NULL; 156 } 157 158 static int execute_command(BlockDriverState *bdrv, 159 SCSIGenericReq *r, int direction, 160 BlockDriverCompletionFunc *complete) 161 { 162 r->io_header.interface_id = 'S'; 163 r->io_header.dxfer_direction = direction; 164 r->io_header.dxferp = r->buf; 165 r->io_header.dxfer_len = r->buflen; 166 r->io_header.cmdp = r->req.cmd.buf; 167 r->io_header.cmd_len = r->req.cmd.len; 168 r->io_header.mx_sb_len = sizeof(r->req.sense); 169 r->io_header.sbp = r->req.sense; 170 r->io_header.timeout = MAX_UINT; 171 r->io_header.usr_ptr = r; 172 r->io_header.flags |= SG_FLAG_DIRECT_IO; 173 174 r->req.aiocb = bdrv_aio_ioctl(bdrv, SG_IO, &r->io_header, complete, r); 175 if (r->req.aiocb == NULL) { 176 return -EIO; 177 } 178 179 return 0; 180 } 181 182 static void scsi_read_complete(void * opaque, int ret) 183 { 184 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 185 SCSIDevice *s = r->req.dev; 186 int len; 187 188 r->req.aiocb = NULL; 189 if (ret) { 190 DPRINTF("IO error ret %d\n", ret); 191 scsi_command_complete(r, ret); 192 return; 193 } 194 len = r->io_header.dxfer_len - r->io_header.resid; 195 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len); 196 197 r->len = -1; 198 if (len == 0) { 199 scsi_command_complete(r, 0); 200 } else { 201 /* Snoop READ CAPACITY output to set the blocksize. */ 202 if (r->req.cmd.buf[0] == READ_CAPACITY_10 && 203 (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) { 204 s->blocksize = ldl_be_p(&r->buf[4]); 205 s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL; 206 } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 && 207 (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 208 s->blocksize = ldl_be_p(&r->buf[8]); 209 s->max_lba = ldq_be_p(&r->buf[0]); 210 } 211 bdrv_set_guest_block_size(s->conf.bs, s->blocksize); 212 213 scsi_req_data(&r->req, len); 214 if (!r->req.io_canceled) { 215 scsi_req_unref(&r->req); 216 } 217 } 218 } 219 220 /* Read more data from scsi device into buffer. */ 221 static void scsi_read_data(SCSIRequest *req) 222 { 223 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 224 SCSIDevice *s = r->req.dev; 225 int ret; 226 227 DPRINTF("scsi_read_data 0x%x\n", req->tag); 228 229 /* The request is used as the AIO opaque value, so add a ref. */ 230 scsi_req_ref(&r->req); 231 if (r->len == -1) { 232 scsi_command_complete(r, 0); 233 return; 234 } 235 236 ret = execute_command(s->conf.bs, r, SG_DXFER_FROM_DEV, scsi_read_complete); 237 if (ret < 0) { 238 scsi_command_complete(r, ret); 239 } 240 } 241 242 static void scsi_write_complete(void * opaque, int ret) 243 { 244 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 245 SCSIDevice *s = r->req.dev; 246 247 DPRINTF("scsi_write_complete() ret = %d\n", ret); 248 r->req.aiocb = NULL; 249 if (ret) { 250 DPRINTF("IO error\n"); 251 scsi_command_complete(r, ret); 252 return; 253 } 254 255 if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 && 256 s->type == TYPE_TAPE) { 257 s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11]; 258 DPRINTF("block size %d\n", s->blocksize); 259 } 260 261 scsi_command_complete(r, ret); 262 } 263 264 /* Write data to a scsi device. Returns nonzero on failure. 265 The transfer may complete asynchronously. */ 266 static void scsi_write_data(SCSIRequest *req) 267 { 268 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 269 SCSIDevice *s = r->req.dev; 270 int ret; 271 272 DPRINTF("scsi_write_data 0x%x\n", req->tag); 273 if (r->len == 0) { 274 r->len = r->buflen; 275 scsi_req_data(&r->req, r->len); 276 return; 277 } 278 279 /* The request is used as the AIO opaque value, so add a ref. */ 280 scsi_req_ref(&r->req); 281 ret = execute_command(s->conf.bs, r, SG_DXFER_TO_DEV, scsi_write_complete); 282 if (ret < 0) { 283 scsi_command_complete(r, ret); 284 } 285 } 286 287 /* Return a pointer to the data buffer. */ 288 static uint8_t *scsi_get_buf(SCSIRequest *req) 289 { 290 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 291 292 return r->buf; 293 } 294 295 /* Execute a scsi command. Returns the length of the data expected by the 296 command. This will be Positive for data transfers from the device 297 (eg. disk reads), negative for transfers to the device (eg. disk writes), 298 and zero if the command does not transfer any data. */ 299 300 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd) 301 { 302 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 303 SCSIDevice *s = r->req.dev; 304 int ret; 305 306 DPRINTF("Command: lun=%d tag=0x%x len %zd data=0x%02x", lun, tag, 307 r->req.cmd.xfer, cmd[0]); 308 309 #ifdef DEBUG_SCSI 310 { 311 int i; 312 for (i = 1; i < r->req.cmd.len; i++) { 313 printf(" 0x%02x", cmd[i]); 314 } 315 printf("\n"); 316 } 317 #endif 318 319 if (r->req.cmd.xfer == 0) { 320 if (r->buf != NULL) 321 g_free(r->buf); 322 r->buflen = 0; 323 r->buf = NULL; 324 /* The request is used as the AIO opaque value, so add a ref. */ 325 scsi_req_ref(&r->req); 326 ret = execute_command(s->conf.bs, r, SG_DXFER_NONE, scsi_command_complete); 327 if (ret < 0) { 328 scsi_command_complete(r, ret); 329 return 0; 330 } 331 return 0; 332 } 333 334 if (r->buflen != r->req.cmd.xfer) { 335 if (r->buf != NULL) 336 g_free(r->buf); 337 r->buf = g_malloc(r->req.cmd.xfer); 338 r->buflen = r->req.cmd.xfer; 339 } 340 341 memset(r->buf, 0, r->buflen); 342 r->len = r->req.cmd.xfer; 343 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 344 r->len = 0; 345 return -r->req.cmd.xfer; 346 } else { 347 return r->req.cmd.xfer; 348 } 349 } 350 351 static int get_stream_blocksize(BlockDriverState *bdrv) 352 { 353 uint8_t cmd[6]; 354 uint8_t buf[12]; 355 uint8_t sensebuf[8]; 356 sg_io_hdr_t io_header; 357 int ret; 358 359 memset(cmd, 0, sizeof(cmd)); 360 memset(buf, 0, sizeof(buf)); 361 cmd[0] = MODE_SENSE; 362 cmd[4] = sizeof(buf); 363 364 memset(&io_header, 0, sizeof(io_header)); 365 io_header.interface_id = 'S'; 366 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 367 io_header.dxfer_len = sizeof(buf); 368 io_header.dxferp = buf; 369 io_header.cmdp = cmd; 370 io_header.cmd_len = sizeof(cmd); 371 io_header.mx_sb_len = sizeof(sensebuf); 372 io_header.sbp = sensebuf; 373 io_header.timeout = 6000; /* XXX */ 374 375 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 376 if (ret < 0 || io_header.driver_status || io_header.host_status) { 377 return -1; 378 } 379 return (buf[9] << 16) | (buf[10] << 8) | buf[11]; 380 } 381 382 static void scsi_generic_reset(DeviceState *dev) 383 { 384 SCSIDevice *s = SCSI_DEVICE(dev); 385 386 scsi_device_purge_requests(s, SENSE_CODE(RESET)); 387 } 388 389 static void scsi_destroy(SCSIDevice *s) 390 { 391 scsi_device_purge_requests(s, SENSE_CODE(NO_SENSE)); 392 blockdev_mark_auto_del(s->conf.bs); 393 } 394 395 static int scsi_generic_initfn(SCSIDevice *s) 396 { 397 int rc; 398 int sg_version; 399 struct sg_scsi_id scsiid; 400 401 if (!s->conf.bs) { 402 error_report("drive property not set"); 403 return -1; 404 } 405 406 if (bdrv_get_on_error(s->conf.bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) { 407 error_report("Device doesn't support drive option werror"); 408 return -1; 409 } 410 if (bdrv_get_on_error(s->conf.bs, 1) != BLOCKDEV_ON_ERROR_REPORT) { 411 error_report("Device doesn't support drive option rerror"); 412 return -1; 413 } 414 415 /* check we are using a driver managing SG_IO (version 3 and after */ 416 rc = bdrv_ioctl(s->conf.bs, SG_GET_VERSION_NUM, &sg_version); 417 if (rc < 0) { 418 error_report("cannot get SG_IO version number: %s. " 419 "Is this a SCSI device?", 420 strerror(-rc)); 421 return -1; 422 } 423 if (sg_version < 30000) { 424 error_report("scsi generic interface too old"); 425 return -1; 426 } 427 428 /* get LUN of the /dev/sg? */ 429 if (bdrv_ioctl(s->conf.bs, SG_GET_SCSI_ID, &scsiid)) { 430 error_report("SG_GET_SCSI_ID ioctl failed"); 431 return -1; 432 } 433 434 /* define device state */ 435 s->type = scsiid.scsi_type; 436 DPRINTF("device type %d\n", s->type); 437 if (s->type == TYPE_DISK || s->type == TYPE_ROM) { 438 add_boot_device_path(s->conf.bootindex, &s->qdev, NULL); 439 } 440 441 switch (s->type) { 442 case TYPE_TAPE: 443 s->blocksize = get_stream_blocksize(s->conf.bs); 444 if (s->blocksize == -1) { 445 s->blocksize = 0; 446 } 447 break; 448 449 /* Make a guess for block devices, we'll fix it when the guest sends. 450 * READ CAPACITY. If they don't, they likely would assume these sizes 451 * anyway. (TODO: they could also send MODE SENSE). 452 */ 453 case TYPE_ROM: 454 case TYPE_WORM: 455 s->blocksize = 2048; 456 break; 457 default: 458 s->blocksize = 512; 459 break; 460 } 461 462 DPRINTF("block size %d\n", s->blocksize); 463 return 0; 464 } 465 466 const SCSIReqOps scsi_generic_req_ops = { 467 .size = sizeof(SCSIGenericReq), 468 .free_req = scsi_free_request, 469 .send_command = scsi_send_command, 470 .read_data = scsi_read_data, 471 .write_data = scsi_write_data, 472 .cancel_io = scsi_cancel_io, 473 .get_buf = scsi_get_buf, 474 .load_request = scsi_generic_load_request, 475 .save_request = scsi_generic_save_request, 476 }; 477 478 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 479 uint8_t *buf, void *hba_private) 480 { 481 SCSIRequest *req; 482 483 req = scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private); 484 return req; 485 } 486 487 static Property scsi_generic_properties[] = { 488 DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.bs), 489 DEFINE_PROP_INT32("bootindex", SCSIDevice, conf.bootindex, -1), 490 DEFINE_PROP_END_OF_LIST(), 491 }; 492 493 static int scsi_generic_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, 494 uint8_t *buf, void *hba_private) 495 { 496 return scsi_bus_parse_cdb(dev, cmd, buf, hba_private); 497 } 498 499 static void scsi_generic_class_initfn(ObjectClass *klass, void *data) 500 { 501 DeviceClass *dc = DEVICE_CLASS(klass); 502 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 503 504 sc->init = scsi_generic_initfn; 505 sc->destroy = scsi_destroy; 506 sc->alloc_req = scsi_new_request; 507 sc->parse_cdb = scsi_generic_parse_cdb; 508 dc->fw_name = "disk"; 509 dc->desc = "pass through generic scsi device (/dev/sg*)"; 510 dc->reset = scsi_generic_reset; 511 dc->props = scsi_generic_properties; 512 dc->vmsd = &vmstate_scsi_device; 513 } 514 515 static const TypeInfo scsi_generic_info = { 516 .name = "scsi-generic", 517 .parent = TYPE_SCSI_DEVICE, 518 .instance_size = sizeof(SCSIDevice), 519 .class_init = scsi_generic_class_initfn, 520 }; 521 522 static void scsi_generic_register_types(void) 523 { 524 type_register_static(&scsi_generic_info); 525 } 526 527 type_init(scsi_generic_register_types) 528 529 #endif /* __linux__ */ 530