1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "qemu/hw-version.h"
29 #include "qemu/memalign.h"
30 #include "hw/scsi/scsi.h"
31 #include "migration/qemu-file-types.h"
32 #include "migration/vmstate.h"
33 #include "hw/scsi/emulation.h"
34 #include "scsi/constants.h"
35 #include "system/arch_init.h"
36 #include "system/block-backend.h"
37 #include "system/blockdev.h"
38 #include "hw/block/block.h"
39 #include "hw/qdev-properties.h"
40 #include "hw/qdev-properties-system.h"
41 #include "system/dma.h"
42 #include "system/system.h"
43 #include "qemu/cutils.h"
44 #include "trace.h"
45 #include "qom/object.h"
46
47 #ifdef __linux
48 #include <scsi/sg.h>
49 #endif
50
51 #define SCSI_WRITE_SAME_MAX (512 * KiB)
52 #define SCSI_DMA_BUF_SIZE (128 * KiB)
53 #define SCSI_MAX_INQUIRY_LEN 256
54 #define SCSI_MAX_MODE_LEN 256
55
56 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
57 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
58 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
59
60 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
61
62 #define MAX_SERIAL_LEN 36
63 #define MAX_SERIAL_LEN_FOR_DEVID 20
64
65 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
66
67 struct SCSIDiskClass {
68 SCSIDeviceClass parent_class;
69 /*
70 * Callbacks receive ret == 0 for success. Errors are represented either as
71 * negative errno values, or as positive SAM status codes. For host_status
72 * errors, the function passes ret == -ENODEV and sets the host_status field
73 * of the SCSIRequest.
74 */
75 DMAIOFunc *dma_readv;
76 DMAIOFunc *dma_writev;
77 bool (*need_fua_emulation)(SCSICommand *cmd);
78 void (*update_sense)(SCSIRequest *r);
79 };
80
81 typedef struct SCSIDiskReq {
82 SCSIRequest req;
83 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
84 uint64_t sector;
85 uint32_t sector_count;
86 uint32_t buflen;
87 bool started;
88 bool need_fua_emulation;
89 struct iovec iov;
90 QEMUIOVector qiov;
91 BlockAcctCookie acct;
92 } SCSIDiskReq;
93
94 #define SCSI_DISK_F_REMOVABLE 0
95 #define SCSI_DISK_F_DPOFUA 1
96 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
97
98 struct SCSIDiskState {
99 SCSIDevice qdev;
100 uint32_t features;
101 bool media_changed;
102 bool media_event;
103 bool eject_request;
104 uint16_t port_index;
105 uint64_t max_unmap_size;
106 uint64_t max_io_size;
107 uint32_t quirks;
108 char *version;
109 char *serial;
110 char *vendor;
111 char *product;
112 char *device_id;
113 char *loadparm; /* only for s390x */
114 bool tray_open;
115 bool tray_locked;
116 /*
117 * 0x0000 - rotation rate not reported
118 * 0x0001 - non-rotating medium (SSD)
119 * 0x0002-0x0400 - reserved
120 * 0x0401-0xffe - rotations per minute
121 * 0xffff - reserved
122 */
123 uint16_t rotation_rate;
124 bool migrate_emulated_scsi_request;
125 };
126
scsi_free_request(SCSIRequest * req)127 static void scsi_free_request(SCSIRequest *req)
128 {
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_vfree(r->iov.iov_base);
132 }
133
134 /* Helper function for command completion with sense. */
scsi_check_condition(SCSIDiskReq * r,SCSISense sense)135 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
136 {
137 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
138 sense.ascq);
139 scsi_req_build_sense(&r->req, sense);
140 scsi_req_complete(&r->req, CHECK_CONDITION);
141 }
142
scsi_init_iovec(SCSIDiskReq * r,size_t size)143 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
144 {
145 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
146
147 if (!r->iov.iov_base) {
148 r->buflen = size;
149 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
150 }
151 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
152 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
153 }
154
scsi_disk_save_request(QEMUFile * f,SCSIRequest * req)155 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
156 {
157 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
158
159 qemu_put_be64s(f, &r->sector);
160 qemu_put_be32s(f, &r->sector_count);
161 qemu_put_be32s(f, &r->buflen);
162 if (r->buflen) {
163 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
164 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
165 } else if (!req->retry) {
166 uint32_t len = r->iov.iov_len;
167 qemu_put_be32s(f, &len);
168 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
169 }
170 }
171 }
172
scsi_disk_emulate_save_request(QEMUFile * f,SCSIRequest * req)173 static void scsi_disk_emulate_save_request(QEMUFile *f, SCSIRequest *req)
174 {
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
176
177 if (s->migrate_emulated_scsi_request) {
178 scsi_disk_save_request(f, req);
179 }
180 }
181
scsi_disk_load_request(QEMUFile * f,SCSIRequest * req)182 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
183 {
184 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
185
186 qemu_get_be64s(f, &r->sector);
187 qemu_get_be32s(f, &r->sector_count);
188 qemu_get_be32s(f, &r->buflen);
189 if (r->buflen) {
190 scsi_init_iovec(r, r->buflen);
191 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
192 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
193 } else if (!r->req.retry) {
194 uint32_t len;
195 qemu_get_be32s(f, &len);
196 r->iov.iov_len = len;
197 assert(r->iov.iov_len <= r->buflen);
198 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
199 }
200 }
201
202 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
203 }
204
scsi_disk_emulate_load_request(QEMUFile * f,SCSIRequest * req)205 static void scsi_disk_emulate_load_request(QEMUFile *f, SCSIRequest *req)
206 {
207 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
208
209 if (s->migrate_emulated_scsi_request) {
210 scsi_disk_load_request(f, req);
211 }
212 }
213
214 /*
215 * scsi_handle_rw_error has two return values. False means that the error
216 * must be ignored, true means that the error has been processed and the
217 * caller should not do anything else for this request. Note that
218 * scsi_handle_rw_error always manages its reference counts, independent
219 * of the return value.
220 */
scsi_handle_rw_error(SCSIDiskReq * r,int ret,bool acct_failed)221 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
222 {
223 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
226 SCSISense sense = SENSE_CODE(NO_SENSE);
227 int16_t host_status;
228 int error;
229 bool req_has_sense = false;
230 BlockErrorAction action;
231 int status;
232
233 /*
234 * host_status should only be set for SG_IO requests that came back with a
235 * host_status error in scsi_block_sgio_complete(). This error path passes
236 * -ENODEV as the return value.
237 *
238 * Reset host_status in the request because we may still want to complete
239 * the request successfully with the 'stop' or 'ignore' error policy.
240 */
241 host_status = r->req.host_status;
242 if (host_status != -1) {
243 assert(ret == -ENODEV);
244 r->req.host_status = -1;
245 }
246
247 if (ret < 0) {
248 status = scsi_sense_from_errno(-ret, &sense);
249 error = -ret;
250 } else {
251 /* A passthrough command has completed with nonzero status. */
252 status = ret;
253 switch (status) {
254 case CHECK_CONDITION:
255 req_has_sense = true;
256 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
257 break;
258 case RESERVATION_CONFLICT:
259 /*
260 * Don't apply the error policy, always report to the guest.
261 *
262 * This is a passthrough code path, so it's not a backend error, but
263 * a response to an invalid guest request.
264 *
265 * Windows Failover Cluster validation intentionally sends invalid
266 * requests to verify that reservations work as intended. It is
267 * crucial that it sees the resulting errors.
268 *
269 * Treating a reservation conflict as a guest-side error is obvious
270 * when a pr-manager is in use. Without one, the situation is less
271 * clear, but there might be nothing that can be fixed on the host
272 * (like in the above example), and we don't want to be stuck in a
273 * loop where resuming the VM and retrying the request immediately
274 * stops it again. So always reporting is still the safer option in
275 * this case, too.
276 */
277 error = 0;
278 break;
279 default:
280 error = EINVAL;
281 break;
282 }
283 }
284
285 /*
286 * Check whether the error has to be handled by the guest or should
287 * rather follow the rerror=/werror= settings. Guest-handled errors
288 * are usually retried immediately, so do not post them to QMP and
289 * do not account them as failed I/O.
290 */
291 if (!error || (req_has_sense &&
292 scsi_sense_buf_is_guest_recoverable(r->req.sense,
293 sizeof(r->req.sense)))) {
294 action = BLOCK_ERROR_ACTION_REPORT;
295 acct_failed = false;
296 } else {
297 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
298 blk_error_action(s->qdev.conf.blk, action, is_read, error);
299 }
300
301 switch (action) {
302 case BLOCK_ERROR_ACTION_REPORT:
303 if (acct_failed) {
304 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
305 }
306 if (host_status != -1) {
307 scsi_req_complete_failed(&r->req, host_status);
308 return true;
309 }
310 if (req_has_sense) {
311 sdc->update_sense(&r->req);
312 } else if (status == CHECK_CONDITION) {
313 scsi_req_build_sense(&r->req, sense);
314 }
315 scsi_req_complete(&r->req, status);
316 return true;
317
318 case BLOCK_ERROR_ACTION_IGNORE:
319 return false;
320
321 case BLOCK_ERROR_ACTION_STOP:
322 scsi_req_retry(&r->req);
323 return true;
324
325 default:
326 g_assert_not_reached();
327 }
328 }
329
scsi_disk_req_check_error(SCSIDiskReq * r,int ret,bool acct_failed)330 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
331 {
332 if (r->req.io_canceled) {
333 scsi_req_cancel_complete(&r->req);
334 return true;
335 }
336
337 if (ret != 0) {
338 return scsi_handle_rw_error(r, ret, acct_failed);
339 }
340
341 return false;
342 }
343
scsi_aio_complete(void * opaque,int ret)344 static void scsi_aio_complete(void *opaque, int ret)
345 {
346 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
347 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
348
349 /* The request must run in its AioContext */
350 assert(r->req.ctx == qemu_get_current_aio_context());
351
352 assert(r->req.aiocb != NULL);
353 r->req.aiocb = NULL;
354
355 if (scsi_disk_req_check_error(r, ret, true)) {
356 goto done;
357 }
358
359 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
360 scsi_req_complete(&r->req, GOOD);
361
362 done:
363 scsi_req_unref(&r->req);
364 }
365
scsi_is_cmd_fua(SCSICommand * cmd)366 static bool scsi_is_cmd_fua(SCSICommand *cmd)
367 {
368 switch (cmd->buf[0]) {
369 case READ_10:
370 case READ_12:
371 case READ_16:
372 case WRITE_10:
373 case WRITE_12:
374 case WRITE_16:
375 return (cmd->buf[1] & 8) != 0;
376
377 case VERIFY_10:
378 case VERIFY_12:
379 case VERIFY_16:
380 case WRITE_VERIFY_10:
381 case WRITE_VERIFY_12:
382 case WRITE_VERIFY_16:
383 return true;
384
385 case READ_6:
386 case WRITE_6:
387 default:
388 return false;
389 }
390 }
391
scsi_write_do_fua(SCSIDiskReq * r)392 static void scsi_write_do_fua(SCSIDiskReq *r)
393 {
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395
396 assert(r->req.aiocb == NULL);
397 assert(!r->req.io_canceled);
398
399 if (r->need_fua_emulation) {
400 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
401 BLOCK_ACCT_FLUSH);
402 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
403 return;
404 }
405
406 scsi_req_complete(&r->req, GOOD);
407 scsi_req_unref(&r->req);
408 }
409
scsi_dma_complete_noio(SCSIDiskReq * r,int ret)410 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
411 {
412 assert(r->req.aiocb == NULL);
413 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
414 goto done;
415 }
416
417 r->sector += r->sector_count;
418 r->sector_count = 0;
419 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
420 scsi_write_do_fua(r);
421 return;
422 } else {
423 scsi_req_complete(&r->req, GOOD);
424 }
425
426 done:
427 scsi_req_unref(&r->req);
428 }
429
scsi_dma_complete(void * opaque,int ret)430 static void scsi_dma_complete(void *opaque, int ret)
431 {
432 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
434
435 assert(r->req.aiocb != NULL);
436 r->req.aiocb = NULL;
437
438 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
439 if (ret < 0) {
440 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
441 } else if (ret == 0) {
442 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
443 }
444 scsi_dma_complete_noio(r, ret);
445 }
446
scsi_read_complete_noio(SCSIDiskReq * r,int ret)447 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
448 {
449 uint32_t n;
450
451 /* The request must run in its AioContext */
452 assert(r->req.ctx == qemu_get_current_aio_context());
453
454 assert(r->req.aiocb == NULL);
455 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
456 goto done;
457 }
458
459 n = r->qiov.size / BDRV_SECTOR_SIZE;
460 r->sector += n;
461 r->sector_count -= n;
462 scsi_req_data(&r->req, r->qiov.size);
463
464 done:
465 scsi_req_unref(&r->req);
466 }
467
scsi_read_complete(void * opaque,int ret)468 static void scsi_read_complete(void *opaque, int ret)
469 {
470 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
471 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
472
473 assert(r->req.aiocb != NULL);
474 r->req.aiocb = NULL;
475
476 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
477 if (ret < 0) {
478 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
479 } else if (ret == 0) {
480 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
481 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
482 }
483 scsi_read_complete_noio(r, ret);
484 }
485
486 /* Actually issue a read to the block device. */
scsi_do_read(SCSIDiskReq * r,int ret)487 static void scsi_do_read(SCSIDiskReq *r, int ret)
488 {
489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
490 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
491
492 assert (r->req.aiocb == NULL);
493 if (scsi_disk_req_check_error(r, ret, false)) {
494 goto done;
495 }
496
497 /* The request is used as the AIO opaque value, so add a ref. */
498 scsi_req_ref(&r->req);
499
500 if (r->req.sg) {
501 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
502 r->req.residual -= r->req.sg->size;
503 r->req.aiocb = dma_blk_io(r->req.sg, r->sector << BDRV_SECTOR_BITS,
504 BDRV_SECTOR_SIZE,
505 sdc->dma_readv, r, scsi_dma_complete, r,
506 DMA_DIRECTION_FROM_DEVICE);
507 } else {
508 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
509 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
510 r->qiov.size, BLOCK_ACCT_READ);
511 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
512 scsi_read_complete, r, r);
513 }
514
515 done:
516 scsi_req_unref(&r->req);
517 }
518
scsi_do_read_cb(void * opaque,int ret)519 static void scsi_do_read_cb(void *opaque, int ret)
520 {
521 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
522 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
523
524 assert (r->req.aiocb != NULL);
525 r->req.aiocb = NULL;
526
527 if (ret < 0) {
528 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
529 } else {
530 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
531 }
532 scsi_do_read(opaque, ret);
533 }
534
535 /* Read more data from scsi device into buffer. */
scsi_read_data(SCSIRequest * req)536 static void scsi_read_data(SCSIRequest *req)
537 {
538 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
540 bool first;
541
542 trace_scsi_disk_read_data_count(r->sector_count);
543 if (r->sector_count == 0) {
544 /* This also clears the sense buffer for REQUEST SENSE. */
545 scsi_req_complete(&r->req, GOOD);
546 return;
547 }
548
549 /* No data transfer may already be in progress */
550 assert(r->req.aiocb == NULL);
551
552 /* The request is used as the AIO opaque value, so add a ref. */
553 scsi_req_ref(&r->req);
554 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
555 trace_scsi_disk_read_data_invalid();
556 scsi_read_complete_noio(r, -EINVAL);
557 return;
558 }
559
560 if (!blk_is_available(req->dev->conf.blk)) {
561 scsi_read_complete_noio(r, -ENOMEDIUM);
562 return;
563 }
564
565 first = !r->started;
566 r->started = true;
567 if (first && r->need_fua_emulation) {
568 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
569 BLOCK_ACCT_FLUSH);
570 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
571 } else {
572 scsi_do_read(r, 0);
573 }
574 }
575
scsi_write_complete_noio(SCSIDiskReq * r,int ret)576 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
577 {
578 uint32_t n;
579
580 /* The request must run in its AioContext */
581 assert(r->req.ctx == qemu_get_current_aio_context());
582
583 assert (r->req.aiocb == NULL);
584 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
585 goto done;
586 }
587
588 n = r->qiov.size / BDRV_SECTOR_SIZE;
589 r->sector += n;
590 r->sector_count -= n;
591 if (r->sector_count == 0) {
592 scsi_write_do_fua(r);
593 return;
594 } else {
595 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
596 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
597 scsi_req_data(&r->req, r->qiov.size);
598 }
599
600 done:
601 scsi_req_unref(&r->req);
602 }
603
scsi_write_complete(void * opaque,int ret)604 static void scsi_write_complete(void * opaque, int ret)
605 {
606 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
608
609 assert (r->req.aiocb != NULL);
610 r->req.aiocb = NULL;
611
612 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
613 if (ret < 0) {
614 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
615 } else if (ret == 0) {
616 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
617 }
618 scsi_write_complete_noio(r, ret);
619 }
620
scsi_write_data(SCSIRequest * req)621 static void scsi_write_data(SCSIRequest *req)
622 {
623 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
624 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
625 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
626
627 /* No data transfer may already be in progress */
628 assert(r->req.aiocb == NULL);
629
630 /* The request is used as the AIO opaque value, so add a ref. */
631 scsi_req_ref(&r->req);
632 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
633 trace_scsi_disk_write_data_invalid();
634 scsi_write_complete_noio(r, -EINVAL);
635 return;
636 }
637
638 if (!r->req.sg && !r->qiov.size) {
639 /* Called for the first time. Ask the driver to send us more data. */
640 r->started = true;
641 scsi_write_complete_noio(r, 0);
642 return;
643 }
644 if (!blk_is_available(req->dev->conf.blk)) {
645 scsi_write_complete_noio(r, -ENOMEDIUM);
646 return;
647 }
648
649 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
650 r->req.cmd.buf[0] == VERIFY_16) {
651 if (r->req.sg) {
652 scsi_dma_complete_noio(r, 0);
653 } else {
654 scsi_write_complete_noio(r, 0);
655 }
656 return;
657 }
658
659 if (r->req.sg) {
660 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
661 r->req.residual -= r->req.sg->size;
662 r->req.aiocb = dma_blk_io(r->req.sg, r->sector << BDRV_SECTOR_BITS,
663 BDRV_SECTOR_SIZE,
664 sdc->dma_writev, r, scsi_dma_complete, r,
665 DMA_DIRECTION_TO_DEVICE);
666 } else {
667 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
668 r->qiov.size, BLOCK_ACCT_WRITE);
669 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
670 scsi_write_complete, r, r);
671 }
672 }
673
674 /* Return a pointer to the data buffer. */
scsi_get_buf(SCSIRequest * req)675 static uint8_t *scsi_get_buf(SCSIRequest *req)
676 {
677 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
678
679 return (uint8_t *)r->iov.iov_base;
680 }
681
scsi_disk_emulate_vpd_page(SCSIRequest * req,uint8_t * outbuf)682 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
683 {
684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
685 uint8_t page_code = req->cmd.buf[2];
686 int start, buflen = 0;
687
688 outbuf[buflen++] = s->qdev.type & 0x1f;
689 outbuf[buflen++] = page_code;
690 outbuf[buflen++] = 0x00;
691 outbuf[buflen++] = 0x00;
692 start = buflen;
693
694 switch (page_code) {
695 case 0x00: /* Supported page codes, mandatory */
696 {
697 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
698 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
699 if (s->serial) {
700 outbuf[buflen++] = 0x80; /* unit serial number */
701 }
702 outbuf[buflen++] = 0x83; /* device identification */
703 if (s->qdev.type == TYPE_DISK) {
704 outbuf[buflen++] = 0xb0; /* block limits */
705 outbuf[buflen++] = 0xb1; /* block device characteristics */
706 outbuf[buflen++] = 0xb2; /* thin provisioning */
707 }
708 break;
709 }
710 case 0x80: /* Device serial number, optional */
711 {
712 int l;
713
714 if (!s->serial) {
715 trace_scsi_disk_emulate_vpd_page_80_not_supported();
716 return -1;
717 }
718
719 l = strlen(s->serial);
720 if (l > MAX_SERIAL_LEN) {
721 l = MAX_SERIAL_LEN;
722 }
723
724 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
725 memcpy(outbuf + buflen, s->serial, l);
726 buflen += l;
727 break;
728 }
729
730 case 0x83: /* Device identification page, mandatory */
731 {
732 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
733
734 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
735
736 if (id_len) {
737 outbuf[buflen++] = 0x2; /* ASCII */
738 outbuf[buflen++] = 0; /* not officially assigned */
739 outbuf[buflen++] = 0; /* reserved */
740 outbuf[buflen++] = id_len; /* length of data following */
741 memcpy(outbuf + buflen, s->device_id, id_len);
742 buflen += id_len;
743 }
744
745 if (s->qdev.wwn) {
746 outbuf[buflen++] = 0x1; /* Binary */
747 outbuf[buflen++] = 0x3; /* NAA */
748 outbuf[buflen++] = 0; /* reserved */
749 outbuf[buflen++] = 8;
750 stq_be_p(&outbuf[buflen], s->qdev.wwn);
751 buflen += 8;
752 }
753
754 if (s->qdev.port_wwn) {
755 outbuf[buflen++] = 0x61; /* SAS / Binary */
756 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
757 outbuf[buflen++] = 0; /* reserved */
758 outbuf[buflen++] = 8;
759 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
760 buflen += 8;
761 }
762
763 if (s->port_index) {
764 outbuf[buflen++] = 0x61; /* SAS / Binary */
765
766 /* PIV/Target port/relative target port */
767 outbuf[buflen++] = 0x94;
768
769 outbuf[buflen++] = 0; /* reserved */
770 outbuf[buflen++] = 4;
771 stw_be_p(&outbuf[buflen + 2], s->port_index);
772 buflen += 4;
773 }
774 break;
775 }
776 case 0xb0: /* block limits */
777 {
778 SCSIBlockLimits bl = {};
779
780 if (s->qdev.type == TYPE_ROM) {
781 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
782 return -1;
783 }
784 bl.wsnz = 1;
785 bl.unmap_sectors =
786 s->qdev.conf.discard_granularity / s->qdev.blocksize;
787 bl.min_io_size =
788 s->qdev.conf.min_io_size / s->qdev.blocksize;
789 bl.opt_io_size =
790 s->qdev.conf.opt_io_size / s->qdev.blocksize;
791 bl.max_unmap_sectors =
792 s->max_unmap_size / s->qdev.blocksize;
793 bl.max_io_sectors =
794 s->max_io_size / s->qdev.blocksize;
795 /* 255 descriptors fit in 4 KiB with an 8-byte header */
796 bl.max_unmap_descr = 255;
797
798 if (s->qdev.type == TYPE_DISK) {
799 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
800 int max_io_sectors_blk =
801 max_transfer_blk / s->qdev.blocksize;
802
803 bl.max_io_sectors =
804 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
805 }
806 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
807 break;
808 }
809 case 0xb1: /* block device characteristics */
810 {
811 buflen = 0x40;
812 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
813 outbuf[5] = s->rotation_rate & 0xff;
814 outbuf[6] = 0; /* PRODUCT TYPE */
815 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
816 outbuf[8] = 0; /* VBULS */
817 break;
818 }
819 case 0xb2: /* thin provisioning */
820 {
821 buflen = 8;
822 outbuf[4] = 0;
823 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
824 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
825 outbuf[7] = 0;
826 break;
827 }
828 default:
829 return -1;
830 }
831 /* done with EVPD */
832 assert(buflen - start <= 255);
833 outbuf[start - 1] = buflen - start;
834 return buflen;
835 }
836
scsi_disk_emulate_inquiry(SCSIRequest * req,uint8_t * outbuf)837 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
838 {
839 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
840 int buflen = 0;
841
842 if (req->cmd.buf[1] & 0x1) {
843 /* Vital product data */
844 return scsi_disk_emulate_vpd_page(req, outbuf);
845 }
846
847 /* Standard INQUIRY data */
848 if (req->cmd.buf[2] != 0) {
849 return -1;
850 }
851
852 /* PAGE CODE == 0 */
853 buflen = req->cmd.xfer;
854 if (buflen > SCSI_MAX_INQUIRY_LEN) {
855 buflen = SCSI_MAX_INQUIRY_LEN;
856 }
857
858 outbuf[0] = s->qdev.type & 0x1f;
859 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
860
861 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
862 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
863
864 memset(&outbuf[32], 0, 4);
865 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
866 /*
867 * We claim conformance to SPC-3, which is required for guests
868 * to ask for modern features like READ CAPACITY(16) or the
869 * block characteristics VPD page by default. Not all of SPC-3
870 * is actually implemented, but we're good enough.
871 */
872 outbuf[2] = s->qdev.default_scsi_version;
873 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
874
875 if (buflen > 36) {
876 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
877 } else {
878 /* If the allocation length of CDB is too small,
879 the additional length is not adjusted */
880 outbuf[4] = 36 - 5;
881 }
882
883 /* Sync data transfer and TCQ. */
884 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
885 return buflen;
886 }
887
media_is_dvd(SCSIDiskState * s)888 static inline bool media_is_dvd(SCSIDiskState *s)
889 {
890 uint64_t nb_sectors;
891 if (s->qdev.type != TYPE_ROM) {
892 return false;
893 }
894 if (!blk_is_available(s->qdev.conf.blk)) {
895 return false;
896 }
897 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
898 return nb_sectors > CD_MAX_SECTORS;
899 }
900
media_is_cd(SCSIDiskState * s)901 static inline bool media_is_cd(SCSIDiskState *s)
902 {
903 uint64_t nb_sectors;
904 if (s->qdev.type != TYPE_ROM) {
905 return false;
906 }
907 if (!blk_is_available(s->qdev.conf.blk)) {
908 return false;
909 }
910 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
911 return nb_sectors <= CD_MAX_SECTORS;
912 }
913
scsi_read_disc_information(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)914 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
915 uint8_t *outbuf)
916 {
917 uint8_t type = r->req.cmd.buf[1] & 7;
918
919 if (s->qdev.type != TYPE_ROM) {
920 return -1;
921 }
922
923 /* Types 1/2 are only defined for Blu-Ray. */
924 if (type != 0) {
925 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
926 return -1;
927 }
928
929 memset(outbuf, 0, 34);
930 outbuf[1] = 32;
931 outbuf[2] = 0xe; /* last session complete, disc finalized */
932 outbuf[3] = 1; /* first track on disc */
933 outbuf[4] = 1; /* # of sessions */
934 outbuf[5] = 1; /* first track of last session */
935 outbuf[6] = 1; /* last track of last session */
936 outbuf[7] = 0x20; /* unrestricted use */
937 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
938 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
939 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
940 /* 24-31: disc bar code */
941 /* 32: disc application code */
942 /* 33: number of OPC tables */
943
944 return 34;
945 }
946
scsi_read_dvd_structure(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)947 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
948 uint8_t *outbuf)
949 {
950 static const int rds_caps_size[5] = {
951 [0] = 2048 + 4,
952 [1] = 4 + 4,
953 [3] = 188 + 4,
954 [4] = 2048 + 4,
955 };
956
957 uint8_t media = r->req.cmd.buf[1];
958 uint8_t layer = r->req.cmd.buf[6];
959 uint8_t format = r->req.cmd.buf[7];
960 int size = -1;
961
962 if (s->qdev.type != TYPE_ROM) {
963 return -1;
964 }
965 if (media != 0) {
966 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
967 return -1;
968 }
969
970 if (format != 0xff) {
971 if (!blk_is_available(s->qdev.conf.blk)) {
972 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
973 return -1;
974 }
975 if (media_is_cd(s)) {
976 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
977 return -1;
978 }
979 if (format >= ARRAY_SIZE(rds_caps_size)) {
980 return -1;
981 }
982 size = rds_caps_size[format];
983 memset(outbuf, 0, size);
984 }
985
986 switch (format) {
987 case 0x00: {
988 /* Physical format information */
989 uint64_t nb_sectors;
990 if (layer != 0) {
991 goto fail;
992 }
993 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
994
995 outbuf[4] = 1; /* DVD-ROM, part version 1 */
996 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
997 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
998 outbuf[7] = 0; /* default densities */
999
1000 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
1001 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
1002 break;
1003 }
1004
1005 case 0x01: /* DVD copyright information, all zeros */
1006 break;
1007
1008 case 0x03: /* BCA information - invalid field for no BCA info */
1009 return -1;
1010
1011 case 0x04: /* DVD disc manufacturing information, all zeros */
1012 break;
1013
1014 case 0xff: { /* List capabilities */
1015 int i;
1016 size = 4;
1017 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
1018 if (!rds_caps_size[i]) {
1019 continue;
1020 }
1021 outbuf[size] = i;
1022 outbuf[size + 1] = 0x40; /* Not writable, readable */
1023 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
1024 size += 4;
1025 }
1026 break;
1027 }
1028
1029 default:
1030 return -1;
1031 }
1032
1033 /* Size of buffer, not including 2 byte size field */
1034 stw_be_p(outbuf, size - 2);
1035 return size;
1036
1037 fail:
1038 return -1;
1039 }
1040
scsi_event_status_media(SCSIDiskState * s,uint8_t * outbuf)1041 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
1042 {
1043 uint8_t event_code, media_status;
1044
1045 media_status = 0;
1046 if (s->tray_open) {
1047 media_status = MS_TRAY_OPEN;
1048 } else if (blk_is_inserted(s->qdev.conf.blk)) {
1049 media_status = MS_MEDIA_PRESENT;
1050 }
1051
1052 /* Event notification descriptor */
1053 event_code = MEC_NO_CHANGE;
1054 if (media_status != MS_TRAY_OPEN) {
1055 if (s->media_event) {
1056 event_code = MEC_NEW_MEDIA;
1057 s->media_event = false;
1058 } else if (s->eject_request) {
1059 event_code = MEC_EJECT_REQUESTED;
1060 s->eject_request = false;
1061 }
1062 }
1063
1064 outbuf[0] = event_code;
1065 outbuf[1] = media_status;
1066
1067 /* These fields are reserved, just clear them. */
1068 outbuf[2] = 0;
1069 outbuf[3] = 0;
1070 return 4;
1071 }
1072
scsi_get_event_status_notification(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)1073 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1074 uint8_t *outbuf)
1075 {
1076 int size;
1077 uint8_t *buf = r->req.cmd.buf;
1078 uint8_t notification_class_request = buf[4];
1079 if (s->qdev.type != TYPE_ROM) {
1080 return -1;
1081 }
1082 if ((buf[1] & 1) == 0) {
1083 /* asynchronous */
1084 return -1;
1085 }
1086
1087 size = 4;
1088 outbuf[0] = outbuf[1] = 0;
1089 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1090 if (notification_class_request & (1 << GESN_MEDIA)) {
1091 outbuf[2] = GESN_MEDIA;
1092 size += scsi_event_status_media(s, &outbuf[size]);
1093 } else {
1094 outbuf[2] = 0x80;
1095 }
1096 stw_be_p(outbuf, size - 4);
1097 return size;
1098 }
1099
scsi_get_configuration(SCSIDiskState * s,uint8_t * outbuf)1100 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1101 {
1102 int current;
1103
1104 if (s->qdev.type != TYPE_ROM) {
1105 return -1;
1106 }
1107
1108 if (media_is_dvd(s)) {
1109 current = MMC_PROFILE_DVD_ROM;
1110 } else if (media_is_cd(s)) {
1111 current = MMC_PROFILE_CD_ROM;
1112 } else {
1113 current = MMC_PROFILE_NONE;
1114 }
1115
1116 memset(outbuf, 0, 40);
1117 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1118 stw_be_p(&outbuf[6], current);
1119 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1120 outbuf[10] = 0x03; /* persistent, current */
1121 outbuf[11] = 8; /* two profiles */
1122 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1123 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1124 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1125 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1126 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1127 stw_be_p(&outbuf[20], 1);
1128 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1129 outbuf[23] = 8;
1130 stl_be_p(&outbuf[24], 1); /* SCSI */
1131 outbuf[28] = 1; /* DBE = 1, mandatory */
1132 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1133 stw_be_p(&outbuf[32], 3);
1134 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1135 outbuf[35] = 4;
1136 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1137 /* TODO: Random readable, CD read, DVD read, drive serial number,
1138 power management */
1139 return 40;
1140 }
1141
scsi_emulate_mechanism_status(SCSIDiskState * s,uint8_t * outbuf)1142 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1143 {
1144 if (s->qdev.type != TYPE_ROM) {
1145 return -1;
1146 }
1147 memset(outbuf, 0, 8);
1148 outbuf[5] = 1; /* CD-ROM */
1149 return 8;
1150 }
1151
mode_sense_page(SCSIDiskState * s,int page,uint8_t ** p_outbuf,int page_control)1152 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1153 int page_control)
1154 {
1155 static const int mode_sense_valid[0x3f] = {
1156 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1157 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1158 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1159 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1160 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1161 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1162 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1163 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
1164 };
1165
1166 uint8_t *p = *p_outbuf + 2;
1167 int length;
1168
1169 assert(page < ARRAY_SIZE(mode_sense_valid));
1170 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1171 return -1;
1172 }
1173
1174 /*
1175 * If Changeable Values are requested, a mask denoting those mode parameters
1176 * that are changeable shall be returned. As we currently don't support
1177 * parameter changes via MODE_SELECT all bits are returned set to zero.
1178 * The buffer was already menset to zero by the caller of this function.
1179 *
1180 * The offsets here are off by two compared to the descriptions in the
1181 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1182 * but it is done so that offsets are consistent within our implementation
1183 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1184 * 2-byte and 4-byte headers.
1185 */
1186 switch (page) {
1187 case MODE_PAGE_HD_GEOMETRY:
1188 length = 0x16;
1189 if (page_control == 1) { /* Changeable Values */
1190 break;
1191 }
1192 /* if a geometry hint is available, use it */
1193 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1194 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1195 p[2] = s->qdev.conf.cyls & 0xff;
1196 p[3] = s->qdev.conf.heads & 0xff;
1197 /* Write precomp start cylinder, disabled */
1198 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1199 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1200 p[6] = s->qdev.conf.cyls & 0xff;
1201 /* Reduced current start cylinder, disabled */
1202 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1203 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1204 p[9] = s->qdev.conf.cyls & 0xff;
1205 /* Device step rate [ns], 200ns */
1206 p[10] = 0;
1207 p[11] = 200;
1208 /* Landing zone cylinder */
1209 p[12] = 0xff;
1210 p[13] = 0xff;
1211 p[14] = 0xff;
1212 /* Medium rotation rate [rpm], 5400 rpm */
1213 p[18] = (5400 >> 8) & 0xff;
1214 p[19] = 5400 & 0xff;
1215 break;
1216
1217 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1218 length = 0x1e;
1219 if (page_control == 1) { /* Changeable Values */
1220 break;
1221 }
1222 /* Transfer rate [kbit/s], 5Mbit/s */
1223 p[0] = 5000 >> 8;
1224 p[1] = 5000 & 0xff;
1225 /* if a geometry hint is available, use it */
1226 p[2] = s->qdev.conf.heads & 0xff;
1227 p[3] = s->qdev.conf.secs & 0xff;
1228 p[4] = s->qdev.blocksize >> 8;
1229 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1230 p[7] = s->qdev.conf.cyls & 0xff;
1231 /* Write precomp start cylinder, disabled */
1232 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1233 p[9] = s->qdev.conf.cyls & 0xff;
1234 /* Reduced current start cylinder, disabled */
1235 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1236 p[11] = s->qdev.conf.cyls & 0xff;
1237 /* Device step rate [100us], 100us */
1238 p[12] = 0;
1239 p[13] = 1;
1240 /* Device step pulse width [us], 1us */
1241 p[14] = 1;
1242 /* Device head settle delay [100us], 100us */
1243 p[15] = 0;
1244 p[16] = 1;
1245 /* Motor on delay [0.1s], 0.1s */
1246 p[17] = 1;
1247 /* Motor off delay [0.1s], 0.1s */
1248 p[18] = 1;
1249 /* Medium rotation rate [rpm], 5400 rpm */
1250 p[26] = (5400 >> 8) & 0xff;
1251 p[27] = 5400 & 0xff;
1252 break;
1253
1254 case MODE_PAGE_CACHING:
1255 length = 0x12;
1256 if (page_control == 1 || /* Changeable Values */
1257 blk_enable_write_cache(s->qdev.conf.blk)) {
1258 p[0] = 4; /* WCE */
1259 }
1260 break;
1261
1262 case MODE_PAGE_R_W_ERROR:
1263 length = 10;
1264 if (page_control == 1) { /* Changeable Values */
1265 if (s->qdev.type == TYPE_ROM) {
1266 /* Automatic Write Reallocation Enabled */
1267 p[0] = 0x80;
1268 }
1269 break;
1270 }
1271 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1272 if (s->qdev.type == TYPE_ROM) {
1273 p[1] = 0x20; /* Read Retry Count */
1274 }
1275 break;
1276
1277 case MODE_PAGE_AUDIO_CTL:
1278 length = 14;
1279 break;
1280
1281 case MODE_PAGE_CAPABILITIES:
1282 length = 0x14;
1283 if (page_control == 1) { /* Changeable Values */
1284 break;
1285 }
1286
1287 p[0] = 0x3b; /* CD-R & CD-RW read */
1288 p[1] = 0; /* Writing not supported */
1289 p[2] = 0x7f; /* Audio, composite, digital out,
1290 mode 2 form 1&2, multi session */
1291 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1292 RW corrected, C2 errors, ISRC,
1293 UPC, Bar code */
1294 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1295 /* Locking supported, jumper present, eject, tray */
1296 p[5] = 0; /* no volume & mute control, no
1297 changer */
1298 p[6] = (50 * 176) >> 8; /* 50x read speed */
1299 p[7] = (50 * 176) & 0xff;
1300 p[8] = 2 >> 8; /* Two volume levels */
1301 p[9] = 2 & 0xff;
1302 p[10] = 2048 >> 8; /* 2M buffer */
1303 p[11] = 2048 & 0xff;
1304 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1305 p[13] = (16 * 176) & 0xff;
1306 p[16] = (16 * 176) >> 8; /* 16x write speed */
1307 p[17] = (16 * 176) & 0xff;
1308 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1309 p[19] = (16 * 176) & 0xff;
1310 break;
1311
1312 case MODE_PAGE_APPLE_VENDOR:
1313 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1314 length = 0x1e;
1315 if (page_control == 1) { /* Changeable Values */
1316 break;
1317 }
1318
1319 memset(p, 0, length);
1320 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1321 break;
1322 } else {
1323 return -1;
1324 }
1325
1326 case MODE_PAGE_VENDOR_SPECIFIC:
1327 if (s->qdev.type == TYPE_DISK && (s->quirks &
1328 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1329 length = 0x2;
1330 if (page_control == 1) { /* Changeable Values */
1331 p[0] = 0xff;
1332 p[1] = 0xff;
1333 break;
1334 }
1335 p[0] = 0;
1336 p[1] = 0;
1337 break;
1338 } else {
1339 return -1;
1340 }
1341
1342 default:
1343 return -1;
1344 }
1345
1346 assert(length < 256);
1347 (*p_outbuf)[0] = page;
1348 (*p_outbuf)[1] = length;
1349 *p_outbuf += length + 2;
1350 return length + 2;
1351 }
1352
scsi_disk_emulate_mode_sense(SCSIDiskReq * r,uint8_t * outbuf)1353 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1354 {
1355 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1356 uint64_t nb_sectors;
1357 bool dbd;
1358 int page, buflen, ret, page_control;
1359 uint8_t *p;
1360 uint8_t dev_specific_param;
1361
1362 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1363 page = r->req.cmd.buf[2] & 0x3f;
1364 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1365
1366 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1367 10, page, r->req.cmd.xfer, page_control);
1368 memset(outbuf, 0, r->req.cmd.xfer);
1369 p = outbuf;
1370
1371 if (s->qdev.type == TYPE_DISK) {
1372 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1373 if (!blk_is_writable(s->qdev.conf.blk)) {
1374 dev_specific_param |= 0x80; /* Readonly. */
1375 }
1376 } else {
1377 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1378 /* Use DBD from the request... */
1379 dev_specific_param = 0x00;
1380
1381 /*
1382 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR
1383 * which should never return a block descriptor even though DBD is
1384 * not set, otherwise CDROM detection fails in MacOS
1385 */
1386 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1387 page == MODE_PAGE_APPLE_VENDOR) {
1388 dbd = true;
1389 }
1390 } else {
1391 /*
1392 * MMC prescribes that CD/DVD drives have no block descriptors,
1393 * and defines no device-specific parameter.
1394 */
1395 dev_specific_param = 0x00;
1396 dbd = true;
1397 }
1398 }
1399
1400 if (r->req.cmd.buf[0] == MODE_SENSE) {
1401 p[1] = 0; /* Default media type. */
1402 p[2] = dev_specific_param;
1403 p[3] = 0; /* Block descriptor length. */
1404 p += 4;
1405 } else { /* MODE_SENSE_10 */
1406 p[2] = 0; /* Default media type. */
1407 p[3] = dev_specific_param;
1408 p[6] = p[7] = 0; /* Block descriptor length. */
1409 p += 8;
1410 }
1411
1412 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1413 if (!dbd && nb_sectors) {
1414 if (r->req.cmd.buf[0] == MODE_SENSE) {
1415 outbuf[3] = 8; /* Block descriptor length */
1416 } else { /* MODE_SENSE_10 */
1417 outbuf[7] = 8; /* Block descriptor length */
1418 }
1419 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1420 if (nb_sectors > 0xffffff) {
1421 nb_sectors = 0;
1422 }
1423 p[0] = 0; /* media density code */
1424 p[1] = (nb_sectors >> 16) & 0xff;
1425 p[2] = (nb_sectors >> 8) & 0xff;
1426 p[3] = nb_sectors & 0xff;
1427 p[4] = 0; /* reserved */
1428 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1429 p[6] = s->qdev.blocksize >> 8;
1430 p[7] = 0;
1431 p += 8;
1432 }
1433
1434 if (page_control == 3) {
1435 /* Saved Values */
1436 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1437 return -1;
1438 }
1439
1440 if (page == 0x3f) {
1441 for (page = 0; page <= 0x3e; page++) {
1442 mode_sense_page(s, page, &p, page_control);
1443 }
1444 } else {
1445 ret = mode_sense_page(s, page, &p, page_control);
1446 if (ret == -1) {
1447 return -1;
1448 }
1449 }
1450
1451 buflen = p - outbuf;
1452 /*
1453 * The mode data length field specifies the length in bytes of the
1454 * following data that is available to be transferred. The mode data
1455 * length does not include itself.
1456 */
1457 if (r->req.cmd.buf[0] == MODE_SENSE) {
1458 outbuf[0] = buflen - 1;
1459 } else { /* MODE_SENSE_10 */
1460 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1461 outbuf[1] = (buflen - 2) & 0xff;
1462 }
1463 return buflen;
1464 }
1465
scsi_disk_emulate_read_toc(SCSIRequest * req,uint8_t * outbuf)1466 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1467 {
1468 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1469 int start_track, format, msf, toclen;
1470 uint64_t nb_sectors;
1471
1472 msf = req->cmd.buf[1] & 2;
1473 format = req->cmd.buf[2] & 0xf;
1474 start_track = req->cmd.buf[6];
1475 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1476 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1477 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1478 switch (format) {
1479 case 0:
1480 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1481 break;
1482 case 1:
1483 /* multi session : only a single session defined */
1484 toclen = 12;
1485 memset(outbuf, 0, 12);
1486 outbuf[1] = 0x0a;
1487 outbuf[2] = 0x01;
1488 outbuf[3] = 0x01;
1489 break;
1490 case 2:
1491 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1492 break;
1493 default:
1494 return -1;
1495 }
1496 return toclen;
1497 }
1498
scsi_disk_emulate_start_stop(SCSIDiskReq * r)1499 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1500 {
1501 SCSIRequest *req = &r->req;
1502 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1503 bool start = req->cmd.buf[4] & 1;
1504 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1505 int pwrcnd = req->cmd.buf[4] & 0xf0;
1506
1507 if (pwrcnd) {
1508 /* eject/load only happens for power condition == 0 */
1509 return 0;
1510 }
1511
1512 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1513 if (!start && !s->tray_open && s->tray_locked) {
1514 scsi_check_condition(r,
1515 blk_is_inserted(s->qdev.conf.blk)
1516 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1517 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1518 return -1;
1519 }
1520
1521 if (s->tray_open != !start) {
1522 blk_eject(s->qdev.conf.blk, !start);
1523 s->tray_open = !start;
1524 }
1525 }
1526 return 0;
1527 }
1528
scsi_disk_emulate_read_data(SCSIRequest * req)1529 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1530 {
1531 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1532 int buflen = r->iov.iov_len;
1533
1534 if (buflen) {
1535 trace_scsi_disk_emulate_read_data(buflen);
1536 r->iov.iov_len = 0;
1537 r->started = true;
1538 scsi_req_data(&r->req, buflen);
1539 return;
1540 }
1541
1542 /* This also clears the sense buffer for REQUEST SENSE. */
1543 scsi_req_complete(&r->req, GOOD);
1544 }
1545
scsi_disk_check_mode_select(SCSIDiskState * s,int page,uint8_t * inbuf,int inlen)1546 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1547 uint8_t *inbuf, int inlen)
1548 {
1549 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1550 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1551 uint8_t *p;
1552 int len, expected_len, changeable_len, i;
1553
1554 /* The input buffer does not include the page header, so it is
1555 * off by 2 bytes.
1556 */
1557 expected_len = inlen + 2;
1558 if (expected_len > SCSI_MAX_MODE_LEN) {
1559 return -1;
1560 }
1561
1562 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1563 if (page == MODE_PAGE_ALLS) {
1564 return -1;
1565 }
1566
1567 p = mode_current;
1568 memset(mode_current, 0, inlen + 2);
1569 len = mode_sense_page(s, page, &p, 0);
1570 if (len < 0 || len != expected_len) {
1571 return -1;
1572 }
1573
1574 p = mode_changeable;
1575 memset(mode_changeable, 0, inlen + 2);
1576 changeable_len = mode_sense_page(s, page, &p, 1);
1577 assert(changeable_len == len);
1578
1579 /* Check that unchangeable bits are the same as what MODE SENSE
1580 * would return.
1581 */
1582 for (i = 2; i < len; i++) {
1583 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1584 return -1;
1585 }
1586 }
1587 return 0;
1588 }
1589
scsi_disk_apply_mode_select(SCSIDiskState * s,int page,uint8_t * p)1590 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1591 {
1592 switch (page) {
1593 case MODE_PAGE_CACHING:
1594 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1595 break;
1596
1597 default:
1598 break;
1599 }
1600 }
1601
mode_select_pages(SCSIDiskReq * r,uint8_t * p,int len,bool change)1602 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1603 {
1604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1605
1606 while (len > 0) {
1607 int page, subpage, page_len;
1608
1609 /* Parse both possible formats for the mode page headers. */
1610 page = p[0] & 0x3f;
1611 if (p[0] & 0x40) {
1612 if (len < 4) {
1613 goto invalid_param_len;
1614 }
1615 subpage = p[1];
1616 page_len = lduw_be_p(&p[2]);
1617 p += 4;
1618 len -= 4;
1619 } else {
1620 if (len < 2) {
1621 goto invalid_param_len;
1622 }
1623 subpage = 0;
1624 page_len = p[1];
1625 p += 2;
1626 len -= 2;
1627 }
1628
1629 if (subpage) {
1630 goto invalid_param;
1631 }
1632 if (page_len > len) {
1633 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1634 goto invalid_param_len;
1635 }
1636 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
1637 }
1638
1639 if (!change) {
1640 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1641 goto invalid_param;
1642 }
1643 } else {
1644 scsi_disk_apply_mode_select(s, page, p);
1645 }
1646
1647 p += page_len;
1648 len -= page_len;
1649 }
1650 return 0;
1651
1652 invalid_param:
1653 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1654 return -1;
1655
1656 invalid_param_len:
1657 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1658 return -1;
1659 }
1660
scsi_disk_emulate_mode_select(SCSIDiskReq * r,uint8_t * inbuf)1661 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1662 {
1663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1664 uint8_t *p = inbuf;
1665 int cmd = r->req.cmd.buf[0];
1666 int len = r->req.cmd.xfer;
1667 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1668 int bd_len, bs;
1669 int pass;
1670
1671 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1672 if (!(s->quirks &
1673 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1674 /* We only support PF=1, SP=0. */
1675 goto invalid_field;
1676 }
1677 }
1678
1679 if (len < hdr_len) {
1680 goto invalid_param_len;
1681 }
1682
1683 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1684 len -= hdr_len;
1685 p += hdr_len;
1686 if (len < bd_len) {
1687 goto invalid_param_len;
1688 }
1689 if (bd_len != 0 && bd_len != 8) {
1690 goto invalid_param;
1691 }
1692
1693 /* Allow changing the block size */
1694 if (bd_len) {
1695 bs = p[5] << 16 | p[6] << 8 | p[7];
1696
1697 /*
1698 * Since the existing code only checks/updates bits 8-15 of the block
1699 * size, restrict ourselves to the same requirement for now to ensure
1700 * that a block size set by a block descriptor and then read back by
1701 * a subsequent SCSI command will be the same. Also disallow a block
1702 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE.
1703 */
1704 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) {
1705 s->qdev.blocksize = bs;
1706 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1707 }
1708 }
1709
1710 len -= bd_len;
1711 p += bd_len;
1712
1713 /* Ensure no change is made if there is an error! */
1714 for (pass = 0; pass < 2; pass++) {
1715 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1716 assert(pass == 0);
1717 return;
1718 }
1719 }
1720 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1721 /* The request is used as the AIO opaque value, so add a ref. */
1722 scsi_req_ref(&r->req);
1723 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1724 BLOCK_ACCT_FLUSH);
1725 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1726 return;
1727 }
1728
1729 scsi_req_complete(&r->req, GOOD);
1730 return;
1731
1732 invalid_param:
1733 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1734 return;
1735
1736 invalid_param_len:
1737 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1738 return;
1739
1740 invalid_field:
1741 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1742 }
1743
1744 /* sector_num and nb_sectors expected to be in qdev blocksize */
check_lba_range(SCSIDiskState * s,uint64_t sector_num,uint32_t nb_sectors)1745 static inline bool check_lba_range(SCSIDiskState *s,
1746 uint64_t sector_num, uint32_t nb_sectors)
1747 {
1748 /*
1749 * The first line tests that no overflow happens when computing the last
1750 * sector. The second line tests that the last accessed sector is in
1751 * range.
1752 *
1753 * Careful, the computations should not underflow for nb_sectors == 0,
1754 * and a 0-block read to the first LBA beyond the end of device is
1755 * valid.
1756 */
1757 return (sector_num <= sector_num + nb_sectors &&
1758 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1759 }
1760
1761 typedef struct UnmapCBData {
1762 SCSIDiskReq *r;
1763 uint8_t *inbuf;
1764 int count;
1765 } UnmapCBData;
1766
1767 static void scsi_unmap_complete(void *opaque, int ret);
1768
scsi_unmap_complete_noio(UnmapCBData * data,int ret)1769 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1770 {
1771 SCSIDiskReq *r = data->r;
1772 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1773
1774 assert(r->req.aiocb == NULL);
1775
1776 if (data->count > 0) {
1777 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1778 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1779 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1780 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1781
1782 if (!check_lba_range(s, sector_num, nb_sectors)) {
1783 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1784 BLOCK_ACCT_UNMAP);
1785 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1786 goto done;
1787 }
1788
1789 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1790 r->sector_count * BDRV_SECTOR_SIZE,
1791 BLOCK_ACCT_UNMAP);
1792
1793 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1794 r->sector * BDRV_SECTOR_SIZE,
1795 r->sector_count * BDRV_SECTOR_SIZE,
1796 scsi_unmap_complete, data);
1797 data->count--;
1798 data->inbuf += 16;
1799 return;
1800 }
1801
1802 scsi_req_complete(&r->req, GOOD);
1803
1804 done:
1805 scsi_req_unref(&r->req);
1806 g_free(data);
1807 }
1808
scsi_unmap_complete(void * opaque,int ret)1809 static void scsi_unmap_complete(void *opaque, int ret)
1810 {
1811 UnmapCBData *data = opaque;
1812 SCSIDiskReq *r = data->r;
1813 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1814
1815 assert(r->req.aiocb != NULL);
1816 r->req.aiocb = NULL;
1817
1818 if (scsi_disk_req_check_error(r, ret, true)) {
1819 scsi_req_unref(&r->req);
1820 g_free(data);
1821 } else {
1822 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1823 scsi_unmap_complete_noio(data, ret);
1824 }
1825 }
1826
scsi_disk_emulate_unmap(SCSIDiskReq * r,uint8_t * inbuf)1827 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1828 {
1829 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1830 uint8_t *p = inbuf;
1831 int len = r->req.cmd.xfer;
1832 UnmapCBData *data;
1833
1834 /* Reject ANCHOR=1. */
1835 if (r->req.cmd.buf[1] & 0x1) {
1836 goto invalid_field;
1837 }
1838
1839 if (len < 8) {
1840 goto invalid_param_len;
1841 }
1842 if (len < lduw_be_p(&p[0]) + 2) {
1843 goto invalid_param_len;
1844 }
1845 if (len < lduw_be_p(&p[2]) + 8) {
1846 goto invalid_param_len;
1847 }
1848 if (lduw_be_p(&p[2]) & 15) {
1849 goto invalid_param_len;
1850 }
1851
1852 if (!blk_is_writable(s->qdev.conf.blk)) {
1853 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1854 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1855 return;
1856 }
1857
1858 data = g_new0(UnmapCBData, 1);
1859 data->r = r;
1860 data->inbuf = &p[8];
1861 data->count = lduw_be_p(&p[2]) >> 4;
1862
1863 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1864 scsi_req_ref(&r->req);
1865 scsi_unmap_complete_noio(data, 0);
1866 return;
1867
1868 invalid_param_len:
1869 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1870 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1871 return;
1872
1873 invalid_field:
1874 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1875 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1876 }
1877
1878 typedef struct WriteSameCBData {
1879 SCSIDiskReq *r;
1880 int64_t sector;
1881 int nb_sectors;
1882 QEMUIOVector qiov;
1883 struct iovec iov;
1884 } WriteSameCBData;
1885
scsi_write_same_complete(void * opaque,int ret)1886 static void scsi_write_same_complete(void *opaque, int ret)
1887 {
1888 WriteSameCBData *data = opaque;
1889 SCSIDiskReq *r = data->r;
1890 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1891
1892 assert(r->req.aiocb != NULL);
1893 r->req.aiocb = NULL;
1894
1895 if (scsi_disk_req_check_error(r, ret, true)) {
1896 goto done;
1897 }
1898
1899 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1900
1901 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1902 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1903 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1904 data->iov.iov_len);
1905 if (data->iov.iov_len) {
1906 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1907 data->iov.iov_len, BLOCK_ACCT_WRITE);
1908 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1909 * where final qiov may need smaller size */
1910 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1911 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1912 data->sector << BDRV_SECTOR_BITS,
1913 &data->qiov, 0,
1914 scsi_write_same_complete, data);
1915 return;
1916 }
1917
1918 scsi_req_complete(&r->req, GOOD);
1919
1920 done:
1921 scsi_req_unref(&r->req);
1922 qemu_vfree(data->iov.iov_base);
1923 g_free(data);
1924 }
1925
scsi_disk_emulate_write_same(SCSIDiskReq * r,uint8_t * inbuf)1926 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1927 {
1928 SCSIRequest *req = &r->req;
1929 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1930 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1931 WriteSameCBData *data;
1932 uint8_t *buf;
1933 int i, l;
1934
1935 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1936 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1937 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1938 return;
1939 }
1940
1941 if (!blk_is_writable(s->qdev.conf.blk)) {
1942 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1943 return;
1944 }
1945 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1946 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1947 return;
1948 }
1949
1950 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1951 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1952
1953 /* The request is used as the AIO opaque value, so add a ref. */
1954 scsi_req_ref(&r->req);
1955 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1956 nb_sectors * s->qdev.blocksize,
1957 BLOCK_ACCT_WRITE);
1958 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1959 r->req.cmd.lba * s->qdev.blocksize,
1960 nb_sectors * s->qdev.blocksize,
1961 flags, scsi_aio_complete, r);
1962 return;
1963 }
1964
1965 data = g_new0(WriteSameCBData, 1);
1966 data->r = r;
1967 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1968 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1969 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1970 SCSI_WRITE_SAME_MAX);
1971 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1972 data->iov.iov_len);
1973 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1974
1975 for (i = 0; i < data->iov.iov_len; i += l) {
1976 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1977 memcpy(&buf[i], inbuf, l);
1978 }
1979
1980 scsi_req_ref(&r->req);
1981 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1982 data->iov.iov_len, BLOCK_ACCT_WRITE);
1983 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1984 data->sector << BDRV_SECTOR_BITS,
1985 &data->qiov, 0,
1986 scsi_write_same_complete, data);
1987 }
1988
scsi_disk_emulate_write_data(SCSIRequest * req)1989 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1990 {
1991 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1992
1993 if (r->iov.iov_len) {
1994 int buflen = r->iov.iov_len;
1995 trace_scsi_disk_emulate_write_data(buflen);
1996 r->iov.iov_len = 0;
1997 scsi_req_data(&r->req, buflen);
1998 return;
1999 }
2000
2001 switch (req->cmd.buf[0]) {
2002 case MODE_SELECT:
2003 case MODE_SELECT_10:
2004 /* This also clears the sense buffer for REQUEST SENSE. */
2005 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
2006 break;
2007
2008 case UNMAP:
2009 scsi_disk_emulate_unmap(r, r->iov.iov_base);
2010 break;
2011
2012 case VERIFY_10:
2013 case VERIFY_12:
2014 case VERIFY_16:
2015 if (r->req.status == -1) {
2016 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2017 }
2018 break;
2019
2020 case WRITE_SAME_10:
2021 case WRITE_SAME_16:
2022 scsi_disk_emulate_write_same(r, r->iov.iov_base);
2023 break;
2024
2025 case FORMAT_UNIT:
2026 scsi_req_complete(&r->req, GOOD);
2027 break;
2028
2029 default:
2030 abort();
2031 }
2032 }
2033
scsi_disk_emulate_command(SCSIRequest * req,uint8_t * buf)2034 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
2035 {
2036 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2037 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2038 uint64_t nb_sectors;
2039 uint8_t *outbuf;
2040 int buflen;
2041
2042 switch (req->cmd.buf[0]) {
2043 case INQUIRY:
2044 case MODE_SENSE:
2045 case MODE_SENSE_10:
2046 case RESERVE:
2047 case RESERVE_10:
2048 case RELEASE:
2049 case RELEASE_10:
2050 case START_STOP:
2051 case ALLOW_MEDIUM_REMOVAL:
2052 case GET_CONFIGURATION:
2053 case GET_EVENT_STATUS_NOTIFICATION:
2054 case MECHANISM_STATUS:
2055 case REQUEST_SENSE:
2056 break;
2057
2058 default:
2059 if (!blk_is_available(s->qdev.conf.blk)) {
2060 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2061 return 0;
2062 }
2063 break;
2064 }
2065
2066 /*
2067 * FIXME: we shouldn't return anything bigger than 4k, but the code
2068 * requires the buffer to be as big as req->cmd.xfer in several
2069 * places. So, do not allow CDBs with a very large ALLOCATION
2070 * LENGTH. The real fix would be to modify scsi_read_data and
2071 * dma_buf_read, so that they return data beyond the buflen
2072 * as all zeros.
2073 */
2074 if (req->cmd.xfer > 65536) {
2075 goto illegal_request;
2076 }
2077 r->buflen = MAX(4096, req->cmd.xfer);
2078
2079 if (!r->iov.iov_base) {
2080 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
2081 }
2082
2083 outbuf = r->iov.iov_base;
2084 memset(outbuf, 0, r->buflen);
2085 switch (req->cmd.buf[0]) {
2086 case TEST_UNIT_READY:
2087 assert(blk_is_available(s->qdev.conf.blk));
2088 break;
2089 case INQUIRY:
2090 buflen = scsi_disk_emulate_inquiry(req, outbuf);
2091 if (buflen < 0) {
2092 goto illegal_request;
2093 }
2094 break;
2095 case MODE_SENSE:
2096 case MODE_SENSE_10:
2097 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
2098 if (buflen < 0) {
2099 goto illegal_request;
2100 }
2101 break;
2102 case READ_TOC:
2103 buflen = scsi_disk_emulate_read_toc(req, outbuf);
2104 if (buflen < 0) {
2105 goto illegal_request;
2106 }
2107 break;
2108 case RESERVE:
2109 if (req->cmd.buf[1] & 1) {
2110 goto illegal_request;
2111 }
2112 break;
2113 case RESERVE_10:
2114 if (req->cmd.buf[1] & 3) {
2115 goto illegal_request;
2116 }
2117 break;
2118 case RELEASE:
2119 if (req->cmd.buf[1] & 1) {
2120 goto illegal_request;
2121 }
2122 break;
2123 case RELEASE_10:
2124 if (req->cmd.buf[1] & 3) {
2125 goto illegal_request;
2126 }
2127 break;
2128 case START_STOP:
2129 if (scsi_disk_emulate_start_stop(r) < 0) {
2130 return 0;
2131 }
2132 break;
2133 case ALLOW_MEDIUM_REMOVAL:
2134 s->tray_locked = req->cmd.buf[4] & 1;
2135 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
2136 break;
2137 case READ_CAPACITY_10:
2138 /* The normal LEN field for this command is zero. */
2139 memset(outbuf, 0, 8);
2140 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2141 if (!nb_sectors) {
2142 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2143 return 0;
2144 }
2145 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2146 goto illegal_request;
2147 }
2148 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2149 /* Returned value is the address of the last sector. */
2150 nb_sectors--;
2151 /* Remember the new size for read/write sanity checking. */
2152 s->qdev.max_lba = nb_sectors;
2153 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
2154 if (nb_sectors > UINT32_MAX) {
2155 nb_sectors = UINT32_MAX;
2156 }
2157 outbuf[0] = (nb_sectors >> 24) & 0xff;
2158 outbuf[1] = (nb_sectors >> 16) & 0xff;
2159 outbuf[2] = (nb_sectors >> 8) & 0xff;
2160 outbuf[3] = nb_sectors & 0xff;
2161 outbuf[4] = 0;
2162 outbuf[5] = 0;
2163 outbuf[6] = s->qdev.blocksize >> 8;
2164 outbuf[7] = 0;
2165 break;
2166 case REQUEST_SENSE:
2167 /* Just return "NO SENSE". */
2168 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2169 (req->cmd.buf[1] & 1) == 0);
2170 if (buflen < 0) {
2171 goto illegal_request;
2172 }
2173 break;
2174 case MECHANISM_STATUS:
2175 buflen = scsi_emulate_mechanism_status(s, outbuf);
2176 if (buflen < 0) {
2177 goto illegal_request;
2178 }
2179 break;
2180 case GET_CONFIGURATION:
2181 buflen = scsi_get_configuration(s, outbuf);
2182 if (buflen < 0) {
2183 goto illegal_request;
2184 }
2185 break;
2186 case GET_EVENT_STATUS_NOTIFICATION:
2187 buflen = scsi_get_event_status_notification(s, r, outbuf);
2188 if (buflen < 0) {
2189 goto illegal_request;
2190 }
2191 break;
2192 case READ_DISC_INFORMATION:
2193 buflen = scsi_read_disc_information(s, r, outbuf);
2194 if (buflen < 0) {
2195 goto illegal_request;
2196 }
2197 break;
2198 case READ_DVD_STRUCTURE:
2199 buflen = scsi_read_dvd_structure(s, r, outbuf);
2200 if (buflen < 0) {
2201 goto illegal_request;
2202 }
2203 break;
2204 case SERVICE_ACTION_IN_16:
2205 /* Service Action In subcommands. */
2206 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2207 trace_scsi_disk_emulate_command_SAI_16();
2208 memset(outbuf, 0, req->cmd.xfer);
2209 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2210 if (!nb_sectors) {
2211 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2212 return 0;
2213 }
2214 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2215 goto illegal_request;
2216 }
2217 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2218 /* Returned value is the address of the last sector. */
2219 nb_sectors--;
2220 /* Remember the new size for read/write sanity checking. */
2221 s->qdev.max_lba = nb_sectors;
2222 outbuf[0] = (nb_sectors >> 56) & 0xff;
2223 outbuf[1] = (nb_sectors >> 48) & 0xff;
2224 outbuf[2] = (nb_sectors >> 40) & 0xff;
2225 outbuf[3] = (nb_sectors >> 32) & 0xff;
2226 outbuf[4] = (nb_sectors >> 24) & 0xff;
2227 outbuf[5] = (nb_sectors >> 16) & 0xff;
2228 outbuf[6] = (nb_sectors >> 8) & 0xff;
2229 outbuf[7] = nb_sectors & 0xff;
2230 outbuf[8] = 0;
2231 outbuf[9] = 0;
2232 outbuf[10] = s->qdev.blocksize >> 8;
2233 outbuf[11] = 0;
2234 outbuf[12] = 0;
2235 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2236
2237 /* set TPE bit if the format supports discard */
2238 if (s->qdev.conf.discard_granularity) {
2239 outbuf[14] = 0x80;
2240 }
2241
2242 /* Protection, exponent and lowest lba field left blank. */
2243 break;
2244 }
2245 trace_scsi_disk_emulate_command_SAI_unsupported();
2246 goto illegal_request;
2247 case SYNCHRONIZE_CACHE:
2248 /* The request is used as the AIO opaque value, so add a ref. */
2249 scsi_req_ref(&r->req);
2250 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2251 BLOCK_ACCT_FLUSH);
2252 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2253 return 0;
2254 case SEEK_10:
2255 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2256 if (r->req.cmd.lba > s->qdev.max_lba) {
2257 goto illegal_lba;
2258 }
2259 break;
2260 case MODE_SELECT:
2261 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2262 break;
2263 case MODE_SELECT_10:
2264 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2265 break;
2266 case UNMAP:
2267 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2268 break;
2269 case VERIFY_10:
2270 case VERIFY_12:
2271 case VERIFY_16:
2272 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2273 if (req->cmd.buf[1] & 6) {
2274 goto illegal_request;
2275 }
2276 break;
2277 case WRITE_SAME_10:
2278 case WRITE_SAME_16:
2279 trace_scsi_disk_emulate_command_WRITE_SAME(
2280 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2281 break;
2282 case FORMAT_UNIT:
2283 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2284 break;
2285 default:
2286 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2287 scsi_command_name(buf[0]));
2288 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2289 return 0;
2290 }
2291 assert(!r->req.aiocb);
2292 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2293 if (r->iov.iov_len == 0) {
2294 scsi_req_complete(&r->req, GOOD);
2295 }
2296 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2297 assert(r->iov.iov_len == req->cmd.xfer);
2298 return -r->iov.iov_len;
2299 } else {
2300 return r->iov.iov_len;
2301 }
2302
2303 illegal_request:
2304 if (r->req.status == -1) {
2305 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2306 }
2307 return 0;
2308
2309 illegal_lba:
2310 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2311 return 0;
2312 }
2313
2314 /* Execute a scsi command. Returns the length of the data expected by the
2315 command. This will be Positive for data transfers from the device
2316 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2317 and zero if the command does not transfer any data. */
2318
scsi_disk_dma_command(SCSIRequest * req,uint8_t * buf)2319 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2320 {
2321 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2323 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2324 uint32_t len;
2325 uint8_t command;
2326
2327 command = buf[0];
2328
2329 if (!blk_is_available(s->qdev.conf.blk)) {
2330 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2331 return 0;
2332 }
2333
2334 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2335 switch (command) {
2336 case READ_6:
2337 case READ_10:
2338 case READ_12:
2339 case READ_16:
2340 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2341 /* Protection information is not supported. For SCSI versions 2 and
2342 * older (as determined by snooping the guest's INQUIRY commands),
2343 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2344 */
2345 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2346 goto illegal_request;
2347 }
2348 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2349 goto illegal_lba;
2350 }
2351 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2352 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2353 break;
2354 case WRITE_6:
2355 case WRITE_10:
2356 case WRITE_12:
2357 case WRITE_16:
2358 case WRITE_VERIFY_10:
2359 case WRITE_VERIFY_12:
2360 case WRITE_VERIFY_16:
2361 if (!blk_is_writable(s->qdev.conf.blk)) {
2362 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2363 return 0;
2364 }
2365 trace_scsi_disk_dma_command_WRITE(
2366 (command & 0xe) == 0xe ? "And Verify " : "",
2367 r->req.cmd.lba, len);
2368 /* fall through */
2369 case VERIFY_10:
2370 case VERIFY_12:
2371 case VERIFY_16:
2372 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2373 * As far as DMA is concerned, we can treat it the same as a write;
2374 * scsi_block_do_sgio will send VERIFY commands.
2375 */
2376 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2377 goto illegal_request;
2378 }
2379 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2380 goto illegal_lba;
2381 }
2382 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2383 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2384 break;
2385 default:
2386 abort();
2387 illegal_request:
2388 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2389 return 0;
2390 illegal_lba:
2391 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2392 return 0;
2393 }
2394 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2395 if (r->sector_count == 0) {
2396 scsi_req_complete(&r->req, GOOD);
2397 }
2398 assert(r->iov.iov_len == 0);
2399 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2400 return -r->sector_count * BDRV_SECTOR_SIZE;
2401 } else {
2402 return r->sector_count * BDRV_SECTOR_SIZE;
2403 }
2404 }
2405
scsi_disk_reset(DeviceState * dev)2406 static void scsi_disk_reset(DeviceState *dev)
2407 {
2408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2409 uint64_t nb_sectors;
2410
2411 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2412
2413 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2414
2415 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2416 if (nb_sectors) {
2417 nb_sectors--;
2418 }
2419 s->qdev.max_lba = nb_sectors;
2420 /* reset tray statuses */
2421 s->tray_locked = 0;
2422 s->tray_open = 0;
2423
2424 s->qdev.scsi_version = s->qdev.default_scsi_version;
2425 }
2426
scsi_disk_drained_begin(void * opaque)2427 static void scsi_disk_drained_begin(void *opaque)
2428 {
2429 SCSIDiskState *s = opaque;
2430
2431 scsi_device_drained_begin(&s->qdev);
2432 }
2433
scsi_disk_drained_end(void * opaque)2434 static void scsi_disk_drained_end(void *opaque)
2435 {
2436 SCSIDiskState *s = opaque;
2437
2438 scsi_device_drained_end(&s->qdev);
2439 }
2440
scsi_disk_resize_cb(void * opaque)2441 static void scsi_disk_resize_cb(void *opaque)
2442 {
2443 SCSIDiskState *s = opaque;
2444
2445 /* SPC lists this sense code as available only for
2446 * direct-access devices.
2447 */
2448 if (s->qdev.type == TYPE_DISK) {
2449 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2450 }
2451 }
2452
scsi_cd_change_media_cb(void * opaque,bool load,Error ** errp)2453 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2454 {
2455 SCSIDiskState *s = opaque;
2456
2457 /*
2458 * When a CD gets changed, we have to report an ejected state and
2459 * then a loaded state to guests so that they detect tray
2460 * open/close and media change events. Guests that do not use
2461 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2462 * states rely on this behavior.
2463 *
2464 * media_changed governs the state machine used for unit attention
2465 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2466 */
2467 s->media_changed = load;
2468 s->tray_open = !load;
2469 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2470 s->media_event = true;
2471 s->eject_request = false;
2472 }
2473
scsi_cd_eject_request_cb(void * opaque,bool force)2474 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2475 {
2476 SCSIDiskState *s = opaque;
2477
2478 s->eject_request = true;
2479 if (force) {
2480 s->tray_locked = false;
2481 }
2482 }
2483
scsi_cd_is_tray_open(void * opaque)2484 static bool scsi_cd_is_tray_open(void *opaque)
2485 {
2486 return ((SCSIDiskState *)opaque)->tray_open;
2487 }
2488
scsi_cd_is_medium_locked(void * opaque)2489 static bool scsi_cd_is_medium_locked(void *opaque)
2490 {
2491 return ((SCSIDiskState *)opaque)->tray_locked;
2492 }
2493
2494 static const BlockDevOps scsi_disk_removable_block_ops = {
2495 .change_media_cb = scsi_cd_change_media_cb,
2496 .drained_begin = scsi_disk_drained_begin,
2497 .drained_end = scsi_disk_drained_end,
2498 .eject_request_cb = scsi_cd_eject_request_cb,
2499 .is_medium_locked = scsi_cd_is_medium_locked,
2500 .is_tray_open = scsi_cd_is_tray_open,
2501 .resize_cb = scsi_disk_resize_cb,
2502 };
2503
2504 static const BlockDevOps scsi_disk_block_ops = {
2505 .drained_begin = scsi_disk_drained_begin,
2506 .drained_end = scsi_disk_drained_end,
2507 .resize_cb = scsi_disk_resize_cb,
2508 };
2509
scsi_disk_unit_attention_reported(SCSIDevice * dev)2510 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2511 {
2512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2513 if (s->media_changed) {
2514 s->media_changed = false;
2515 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2516 }
2517 }
2518
scsi_realize(SCSIDevice * dev,Error ** errp)2519 static void scsi_realize(SCSIDevice *dev, Error **errp)
2520 {
2521 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2522 bool read_only;
2523
2524 if (!s->qdev.conf.blk) {
2525 error_setg(errp, "drive property not set");
2526 return;
2527 }
2528
2529 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2530 !blk_is_inserted(s->qdev.conf.blk)) {
2531 error_setg(errp, "Device needs media, but drive is empty");
2532 return;
2533 }
2534
2535 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2536 return;
2537 }
2538
2539 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2540 !s->qdev.hba_supports_iothread)
2541 {
2542 error_setg(errp, "HBA does not support iothreads");
2543 return;
2544 }
2545
2546 if (dev->type == TYPE_DISK) {
2547 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2548 return;
2549 }
2550 }
2551
2552 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2553 if (dev->type == TYPE_ROM) {
2554 read_only = true;
2555 }
2556
2557 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2558 dev->type == TYPE_DISK, errp)) {
2559 return;
2560 }
2561
2562 if (s->qdev.conf.discard_granularity == -1) {
2563 s->qdev.conf.discard_granularity =
2564 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2565 }
2566
2567 if (!s->version) {
2568 s->version = g_strdup(qemu_hw_version());
2569 }
2570 if (!s->vendor) {
2571 s->vendor = g_strdup("QEMU");
2572 }
2573 if (s->serial && strlen(s->serial) > MAX_SERIAL_LEN) {
2574 error_setg(errp, "The serial number can't be longer than %d characters",
2575 MAX_SERIAL_LEN);
2576 return;
2577 }
2578 if (!s->device_id) {
2579 if (s->serial) {
2580 if (strlen(s->serial) > MAX_SERIAL_LEN_FOR_DEVID) {
2581 error_setg(errp, "The serial number can't be longer than %d "
2582 "characters when it is also used as the default for "
2583 "device_id", MAX_SERIAL_LEN_FOR_DEVID);
2584 return;
2585 }
2586 s->device_id = g_strdup(s->serial);
2587 } else {
2588 const char *str = blk_name(s->qdev.conf.blk);
2589 if (str && *str) {
2590 s->device_id = g_strdup(str);
2591 }
2592 }
2593 }
2594
2595 if (blk_is_sg(s->qdev.conf.blk)) {
2596 error_setg(errp, "unwanted /dev/sg*");
2597 return;
2598 }
2599
2600 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2601 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2602 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2603 } else {
2604 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2605 }
2606
2607 blk_iostatus_enable(s->qdev.conf.blk);
2608
2609 add_boot_device_lchs(&dev->qdev, NULL,
2610 dev->conf.lcyls,
2611 dev->conf.lheads,
2612 dev->conf.lsecs);
2613 }
2614
scsi_unrealize(SCSIDevice * dev)2615 static void scsi_unrealize(SCSIDevice *dev)
2616 {
2617 del_boot_device_lchs(&dev->qdev, NULL);
2618 }
2619
scsi_hd_realize(SCSIDevice * dev,Error ** errp)2620 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2621 {
2622 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2623
2624 /* can happen for devices without drive. The error message for missing
2625 * backend will be issued in scsi_realize
2626 */
2627 if (s->qdev.conf.blk) {
2628 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2629 return;
2630 }
2631 }
2632 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2633 s->qdev.type = TYPE_DISK;
2634 if (!s->product) {
2635 s->product = g_strdup("QEMU HARDDISK");
2636 }
2637 scsi_realize(&s->qdev, errp);
2638 }
2639
scsi_cd_realize(SCSIDevice * dev,Error ** errp)2640 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2641 {
2642 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2643 int ret;
2644 uint32_t blocksize = 2048;
2645
2646 if (!dev->conf.blk) {
2647 /* Anonymous BlockBackend for an empty drive. As we put it into
2648 * dev->conf, qdev takes care of detaching on unplug. */
2649 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2650 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2651 assert(ret == 0);
2652 }
2653
2654 if (dev->conf.physical_block_size != 0) {
2655 blocksize = dev->conf.physical_block_size;
2656 }
2657
2658 s->qdev.blocksize = blocksize;
2659 s->qdev.type = TYPE_ROM;
2660 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2661 if (!s->product) {
2662 s->product = g_strdup("QEMU CD-ROM");
2663 }
2664 scsi_realize(&s->qdev, errp);
2665 }
2666
2667
2668 static const SCSIReqOps scsi_disk_emulate_reqops = {
2669 .size = sizeof(SCSIDiskReq),
2670 .free_req = scsi_free_request,
2671 .send_command = scsi_disk_emulate_command,
2672 .read_data = scsi_disk_emulate_read_data,
2673 .write_data = scsi_disk_emulate_write_data,
2674 .get_buf = scsi_get_buf,
2675 .load_request = scsi_disk_emulate_load_request,
2676 .save_request = scsi_disk_emulate_save_request,
2677 };
2678
2679 static const SCSIReqOps scsi_disk_dma_reqops = {
2680 .size = sizeof(SCSIDiskReq),
2681 .free_req = scsi_free_request,
2682 .send_command = scsi_disk_dma_command,
2683 .read_data = scsi_read_data,
2684 .write_data = scsi_write_data,
2685 .get_buf = scsi_get_buf,
2686 .load_request = scsi_disk_load_request,
2687 .save_request = scsi_disk_save_request,
2688 };
2689
2690 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2691 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2692 [INQUIRY] = &scsi_disk_emulate_reqops,
2693 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2694 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2695 [START_STOP] = &scsi_disk_emulate_reqops,
2696 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2697 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2698 [READ_TOC] = &scsi_disk_emulate_reqops,
2699 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2700 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2701 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2702 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2703 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2704 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2705 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2706 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2707 [SEEK_10] = &scsi_disk_emulate_reqops,
2708 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2709 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2710 [UNMAP] = &scsi_disk_emulate_reqops,
2711 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2712 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2713 [VERIFY_10] = &scsi_disk_emulate_reqops,
2714 [VERIFY_12] = &scsi_disk_emulate_reqops,
2715 [VERIFY_16] = &scsi_disk_emulate_reqops,
2716 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
2717
2718 [READ_6] = &scsi_disk_dma_reqops,
2719 [READ_10] = &scsi_disk_dma_reqops,
2720 [READ_12] = &scsi_disk_dma_reqops,
2721 [READ_16] = &scsi_disk_dma_reqops,
2722 [WRITE_6] = &scsi_disk_dma_reqops,
2723 [WRITE_10] = &scsi_disk_dma_reqops,
2724 [WRITE_12] = &scsi_disk_dma_reqops,
2725 [WRITE_16] = &scsi_disk_dma_reqops,
2726 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2727 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2728 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2729 };
2730
scsi_disk_new_request_dump(uint32_t lun,uint32_t tag,uint8_t * buf)2731 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2732 {
2733 int len = scsi_cdb_length(buf);
2734 g_autoptr(GString) str = NULL;
2735
2736 assert(len > 0 && len <= 16);
2737 str = qemu_hexdump_line(NULL, buf, len, 1, 0);
2738 trace_scsi_disk_new_request(lun, tag, str->str);
2739 }
2740
scsi_new_request(SCSIDevice * d,uint32_t tag,uint32_t lun,uint8_t * buf,void * hba_private)2741 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2742 uint8_t *buf, void *hba_private)
2743 {
2744 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2745 SCSIRequest *req;
2746 const SCSIReqOps *ops;
2747 uint8_t command;
2748
2749 command = buf[0];
2750 ops = scsi_disk_reqops_dispatch[command];
2751 if (!ops) {
2752 ops = &scsi_disk_emulate_reqops;
2753 }
2754 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2755
2756 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2757 scsi_disk_new_request_dump(lun, tag, buf);
2758 }
2759
2760 return req;
2761 }
2762
2763 #ifdef __linux__
get_device_type(SCSIDiskState * s)2764 static int get_device_type(SCSIDiskState *s)
2765 {
2766 uint8_t cmd[16];
2767 uint8_t buf[36];
2768 int ret;
2769
2770 memset(cmd, 0, sizeof(cmd));
2771 memset(buf, 0, sizeof(buf));
2772 cmd[0] = INQUIRY;
2773 cmd[4] = sizeof(buf);
2774
2775 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2776 buf, sizeof(buf), s->qdev.io_timeout);
2777 if (ret < 0) {
2778 return -1;
2779 }
2780 s->qdev.type = buf[0];
2781 if (buf[1] & 0x80) {
2782 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2783 }
2784 return 0;
2785 }
2786
scsi_block_realize(SCSIDevice * dev,Error ** errp)2787 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2788 {
2789 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2790 int sg_version;
2791 int rc;
2792
2793 if (!s->qdev.conf.blk) {
2794 error_setg(errp, "drive property not set");
2795 return;
2796 }
2797
2798 if (s->rotation_rate) {
2799 error_report_once("rotation_rate is specified for scsi-block but is "
2800 "not implemented. This option is deprecated and will "
2801 "be removed in a future version");
2802 }
2803
2804 /* check we are using a driver managing SG_IO (version 3 and after) */
2805 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2806 if (rc < 0) {
2807 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2808 if (rc != -EPERM) {
2809 error_append_hint(errp, "Is this a SCSI device?\n");
2810 }
2811 return;
2812 }
2813 if (sg_version < 30000) {
2814 error_setg(errp, "scsi generic interface too old");
2815 return;
2816 }
2817
2818 /* get device type from INQUIRY data */
2819 rc = get_device_type(s);
2820 if (rc < 0) {
2821 error_setg(errp, "INQUIRY failed");
2822 return;
2823 }
2824
2825 /* Make a guess for the block size, we'll fix it when the guest sends.
2826 * READ CAPACITY. If they don't, they likely would assume these sizes
2827 * anyway. (TODO: check in /sys).
2828 */
2829 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2830 s->qdev.blocksize = 2048;
2831 } else {
2832 s->qdev.blocksize = 512;
2833 }
2834
2835 /* Makes the scsi-block device not removable by using HMP and QMP eject
2836 * command.
2837 */
2838 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2839
2840 scsi_realize(&s->qdev, errp);
2841 scsi_generic_read_device_inquiry(&s->qdev);
2842 }
2843
2844 typedef struct SCSIBlockReq {
2845 SCSIDiskReq req;
2846 sg_io_hdr_t io_header;
2847
2848 /* Selected bytes of the original CDB, copied into our own CDB. */
2849 uint8_t cmd, cdb1, group_number;
2850
2851 /* CDB passed to SG_IO. */
2852 uint8_t cdb[16];
2853 BlockCompletionFunc *cb;
2854 void *cb_opaque;
2855 } SCSIBlockReq;
2856
scsi_block_sgio_complete(void * opaque,int ret)2857 static void scsi_block_sgio_complete(void *opaque, int ret)
2858 {
2859 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2860 SCSIDiskReq *r = &req->req;
2861 sg_io_hdr_t *io_hdr = &req->io_header;
2862
2863 if (ret == 0) {
2864 if (io_hdr->host_status != SCSI_HOST_OK) {
2865 r->req.host_status = io_hdr->host_status;
2866 ret = -ENODEV;
2867 } else if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2868 ret = BUSY;
2869 } else {
2870 ret = io_hdr->status;
2871 }
2872 }
2873
2874 req->cb(req->cb_opaque, ret);
2875 }
2876
scsi_block_do_sgio(SCSIBlockReq * req,int64_t offset,QEMUIOVector * iov,int direction,BlockCompletionFunc * cb,void * opaque)2877 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2878 int64_t offset, QEMUIOVector *iov,
2879 int direction,
2880 BlockCompletionFunc *cb, void *opaque)
2881 {
2882 sg_io_hdr_t *io_header = &req->io_header;
2883 SCSIDiskReq *r = &req->req;
2884 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2885 int nb_logical_blocks;
2886 uint64_t lba;
2887 BlockAIOCB *aiocb;
2888
2889 /* This is not supported yet. It can only happen if the guest does
2890 * reads and writes that are not aligned to one logical sectors
2891 * _and_ cover multiple MemoryRegions.
2892 */
2893 assert(offset % s->qdev.blocksize == 0);
2894 assert(iov->size % s->qdev.blocksize == 0);
2895
2896 io_header->interface_id = 'S';
2897
2898 /* The data transfer comes from the QEMUIOVector. */
2899 io_header->dxfer_direction = direction;
2900 io_header->dxfer_len = iov->size;
2901 io_header->dxferp = (void *)iov->iov;
2902 io_header->iovec_count = iov->niov;
2903 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2904
2905 /* Build a new CDB with the LBA and length patched in, in case
2906 * DMA helpers split the transfer in multiple segments. Do not
2907 * build a CDB smaller than what the guest wanted, and only build
2908 * a larger one if strictly necessary.
2909 */
2910 io_header->cmdp = req->cdb;
2911 lba = offset / s->qdev.blocksize;
2912 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2913
2914 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2915 /* 6-byte CDB */
2916 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2917 req->cdb[4] = nb_logical_blocks;
2918 req->cdb[5] = 0;
2919 io_header->cmd_len = 6;
2920 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2921 /* 10-byte CDB */
2922 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2923 req->cdb[1] = req->cdb1;
2924 stl_be_p(&req->cdb[2], lba);
2925 req->cdb[6] = req->group_number;
2926 stw_be_p(&req->cdb[7], nb_logical_blocks);
2927 req->cdb[9] = 0;
2928 io_header->cmd_len = 10;
2929 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2930 /* 12-byte CDB */
2931 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2932 req->cdb[1] = req->cdb1;
2933 stl_be_p(&req->cdb[2], lba);
2934 stl_be_p(&req->cdb[6], nb_logical_blocks);
2935 req->cdb[10] = req->group_number;
2936 req->cdb[11] = 0;
2937 io_header->cmd_len = 12;
2938 } else {
2939 /* 16-byte CDB */
2940 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2941 req->cdb[1] = req->cdb1;
2942 stq_be_p(&req->cdb[2], lba);
2943 stl_be_p(&req->cdb[10], nb_logical_blocks);
2944 req->cdb[14] = req->group_number;
2945 req->cdb[15] = 0;
2946 io_header->cmd_len = 16;
2947 }
2948
2949 /* The rest is as in scsi-generic.c. */
2950 io_header->mx_sb_len = sizeof(r->req.sense);
2951 io_header->sbp = r->req.sense;
2952 io_header->timeout = s->qdev.io_timeout * 1000;
2953 io_header->usr_ptr = r;
2954 io_header->flags |= SG_FLAG_DIRECT_IO;
2955 req->cb = cb;
2956 req->cb_opaque = opaque;
2957 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2958 nb_logical_blocks, io_header->timeout);
2959 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2960 assert(aiocb != NULL);
2961 return aiocb;
2962 }
2963
scsi_block_no_fua(SCSICommand * cmd)2964 static bool scsi_block_no_fua(SCSICommand *cmd)
2965 {
2966 return false;
2967 }
2968
scsi_block_dma_readv(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)2969 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2970 QEMUIOVector *iov,
2971 BlockCompletionFunc *cb, void *cb_opaque,
2972 void *opaque)
2973 {
2974 SCSIBlockReq *r = opaque;
2975 return scsi_block_do_sgio(r, offset, iov,
2976 SG_DXFER_FROM_DEV, cb, cb_opaque);
2977 }
2978
scsi_block_dma_writev(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)2979 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2980 QEMUIOVector *iov,
2981 BlockCompletionFunc *cb, void *cb_opaque,
2982 void *opaque)
2983 {
2984 SCSIBlockReq *r = opaque;
2985 return scsi_block_do_sgio(r, offset, iov,
2986 SG_DXFER_TO_DEV, cb, cb_opaque);
2987 }
2988
scsi_block_is_passthrough(SCSIDiskState * s,uint8_t * buf)2989 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2990 {
2991 switch (buf[0]) {
2992 case VERIFY_10:
2993 case VERIFY_12:
2994 case VERIFY_16:
2995 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2996 * for the number of logical blocks specified in the length
2997 * field). For other modes, do not use scatter/gather operation.
2998 */
2999 if ((buf[1] & 6) == 2) {
3000 return false;
3001 }
3002 break;
3003
3004 case READ_6:
3005 case READ_10:
3006 case READ_12:
3007 case READ_16:
3008 case WRITE_6:
3009 case WRITE_10:
3010 case WRITE_12:
3011 case WRITE_16:
3012 case WRITE_VERIFY_10:
3013 case WRITE_VERIFY_12:
3014 case WRITE_VERIFY_16:
3015 /* MMC writing cannot be done via DMA helpers, because it sometimes
3016 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
3017 * We might use scsi_block_dma_reqops as long as no writing commands are
3018 * seen, but performance usually isn't paramount on optical media. So,
3019 * just make scsi-block operate the same as scsi-generic for them.
3020 */
3021 if (s->qdev.type != TYPE_ROM) {
3022 return false;
3023 }
3024 break;
3025
3026 default:
3027 break;
3028 }
3029
3030 return true;
3031 }
3032
3033
scsi_block_dma_command(SCSIRequest * req,uint8_t * buf)3034 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
3035 {
3036 SCSIBlockReq *r = (SCSIBlockReq *)req;
3037 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
3038
3039 r->cmd = req->cmd.buf[0];
3040 switch (r->cmd >> 5) {
3041 case 0:
3042 /* 6-byte CDB. */
3043 r->cdb1 = r->group_number = 0;
3044 break;
3045 case 1:
3046 /* 10-byte CDB. */
3047 r->cdb1 = req->cmd.buf[1];
3048 r->group_number = req->cmd.buf[6];
3049 break;
3050 case 4:
3051 /* 12-byte CDB. */
3052 r->cdb1 = req->cmd.buf[1];
3053 r->group_number = req->cmd.buf[10];
3054 break;
3055 case 5:
3056 /* 16-byte CDB. */
3057 r->cdb1 = req->cmd.buf[1];
3058 r->group_number = req->cmd.buf[14];
3059 break;
3060 default:
3061 abort();
3062 }
3063
3064 /* Protection information is not supported. For SCSI versions 2 and
3065 * older (as determined by snooping the guest's INQUIRY commands),
3066 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
3067 */
3068 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
3069 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3070 return 0;
3071 }
3072
3073 return scsi_disk_dma_command(req, buf);
3074 }
3075
3076 static const SCSIReqOps scsi_block_dma_reqops = {
3077 .size = sizeof(SCSIBlockReq),
3078 .free_req = scsi_free_request,
3079 .send_command = scsi_block_dma_command,
3080 .read_data = scsi_read_data,
3081 .write_data = scsi_write_data,
3082 .get_buf = scsi_get_buf,
3083 .load_request = scsi_disk_load_request,
3084 .save_request = scsi_disk_save_request,
3085 };
3086
scsi_block_new_request(SCSIDevice * d,uint32_t tag,uint32_t lun,uint8_t * buf,void * hba_private)3087 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3088 uint32_t lun, uint8_t *buf,
3089 void *hba_private)
3090 {
3091 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3092
3093 if (scsi_block_is_passthrough(s, buf)) {
3094 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3095 hba_private);
3096 } else {
3097 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
3098 hba_private);
3099 }
3100 }
3101
scsi_block_parse_cdb(SCSIDevice * d,SCSICommand * cmd,uint8_t * buf,size_t buf_len,void * hba_private)3102 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
3103 uint8_t *buf, size_t buf_len,
3104 void *hba_private)
3105 {
3106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3107
3108 if (scsi_block_is_passthrough(s, buf)) {
3109 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3110 } else {
3111 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3112 }
3113 }
3114
scsi_block_update_sense(SCSIRequest * req)3115 static void scsi_block_update_sense(SCSIRequest *req)
3116 {
3117 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3118 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3119 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3120 }
3121 #endif
3122
3123 static
scsi_dma_readv(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)3124 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3125 BlockCompletionFunc *cb, void *cb_opaque,
3126 void *opaque)
3127 {
3128 SCSIDiskReq *r = opaque;
3129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3130 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3131 }
3132
3133 static
scsi_dma_writev(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)3134 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3135 BlockCompletionFunc *cb, void *cb_opaque,
3136 void *opaque)
3137 {
3138 SCSIDiskReq *r = opaque;
3139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3140 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3141 }
3142
scsi_property_get_loadparm(Object * obj,Error ** errp)3143 static char *scsi_property_get_loadparm(Object *obj, Error **errp)
3144 {
3145 return g_strdup(SCSI_DISK_BASE(obj)->loadparm);
3146 }
3147
scsi_property_set_loadparm(Object * obj,const char * value,Error ** errp)3148 static void scsi_property_set_loadparm(Object *obj, const char *value,
3149 Error **errp)
3150 {
3151 void *lp_str;
3152
3153 if (object_property_get_int(obj, "bootindex", NULL) < 0) {
3154 error_setg(errp, "'loadparm' is only valid for boot devices");
3155 return;
3156 }
3157
3158 lp_str = g_malloc0(strlen(value) + 1);
3159 if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
3160 g_free(lp_str);
3161 return;
3162 }
3163 SCSI_DISK_BASE(obj)->loadparm = lp_str;
3164 }
3165
scsi_property_add_specifics(DeviceClass * dc)3166 static void scsi_property_add_specifics(DeviceClass *dc)
3167 {
3168 ObjectClass *oc = OBJECT_CLASS(dc);
3169
3170 /* The loadparm property is only supported on s390x */
3171 if (qemu_arch_available(QEMU_ARCH_S390X)) {
3172 object_class_property_add_str(oc, "loadparm",
3173 scsi_property_get_loadparm,
3174 scsi_property_set_loadparm);
3175 object_class_property_set_description(oc, "loadparm",
3176 "load parameter (s390x only)");
3177 }
3178 }
3179
scsi_disk_base_class_initfn(ObjectClass * klass,void * data)3180 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
3181 {
3182 DeviceClass *dc = DEVICE_CLASS(klass);
3183 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3184
3185 dc->fw_name = "disk";
3186 device_class_set_legacy_reset(dc, scsi_disk_reset);
3187 sdc->dma_readv = scsi_dma_readv;
3188 sdc->dma_writev = scsi_dma_writev;
3189 sdc->need_fua_emulation = scsi_is_cmd_fua;
3190 }
3191
3192 static const TypeInfo scsi_disk_base_info = {
3193 .name = TYPE_SCSI_DISK_BASE,
3194 .parent = TYPE_SCSI_DEVICE,
3195 .class_init = scsi_disk_base_class_initfn,
3196 .instance_size = sizeof(SCSIDiskState),
3197 .class_size = sizeof(SCSIDiskClass),
3198 .abstract = true,
3199 };
3200
3201 #define DEFINE_SCSI_DISK_PROPERTIES() \
3202 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3203 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3204 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3205 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3206 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3207 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3208 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3209 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id), \
3210 DEFINE_PROP_BOOL("migrate-emulated-scsi-request", SCSIDiskState, migrate_emulated_scsi_request, true)
3211
3212
3213 static const Property scsi_hd_properties[] = {
3214 DEFINE_SCSI_DISK_PROPERTIES(),
3215 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3216 SCSI_DISK_F_REMOVABLE, false),
3217 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3218 SCSI_DISK_F_DPOFUA, false),
3219 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3220 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3221 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3222 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3223 DEFAULT_MAX_UNMAP_SIZE),
3224 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3225 DEFAULT_MAX_IO_SIZE),
3226 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3227 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3228 5),
3229 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3230 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3231 0),
3232 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3233 };
3234
3235 static const VMStateDescription vmstate_scsi_disk_state = {
3236 .name = "scsi-disk",
3237 .version_id = 1,
3238 .minimum_version_id = 1,
3239 .fields = (const VMStateField[]) {
3240 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3241 VMSTATE_BOOL(media_changed, SCSIDiskState),
3242 VMSTATE_BOOL(media_event, SCSIDiskState),
3243 VMSTATE_BOOL(eject_request, SCSIDiskState),
3244 VMSTATE_BOOL(tray_open, SCSIDiskState),
3245 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3246 VMSTATE_END_OF_LIST()
3247 }
3248 };
3249
scsi_hd_class_initfn(ObjectClass * klass,void * data)3250 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3251 {
3252 DeviceClass *dc = DEVICE_CLASS(klass);
3253 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3254
3255 sc->realize = scsi_hd_realize;
3256 sc->unrealize = scsi_unrealize;
3257 sc->alloc_req = scsi_new_request;
3258 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3259 dc->desc = "virtual SCSI disk";
3260 device_class_set_props(dc, scsi_hd_properties);
3261 dc->vmsd = &vmstate_scsi_disk_state;
3262
3263 scsi_property_add_specifics(dc);
3264 }
3265
3266 static const TypeInfo scsi_hd_info = {
3267 .name = "scsi-hd",
3268 .parent = TYPE_SCSI_DISK_BASE,
3269 .class_init = scsi_hd_class_initfn,
3270 };
3271
3272 static const Property scsi_cd_properties[] = {
3273 DEFINE_SCSI_DISK_PROPERTIES(),
3274 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3275 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3276 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3277 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3278 DEFAULT_MAX_IO_SIZE),
3279 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3280 5),
3281 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3282 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
3283 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3284 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
3285 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3286 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3287 0),
3288 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3289 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
3290 };
3291
scsi_cd_class_initfn(ObjectClass * klass,void * data)3292 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3293 {
3294 DeviceClass *dc = DEVICE_CLASS(klass);
3295 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3296
3297 sc->realize = scsi_cd_realize;
3298 sc->alloc_req = scsi_new_request;
3299 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3300 dc->desc = "virtual SCSI CD-ROM";
3301 device_class_set_props(dc, scsi_cd_properties);
3302 dc->vmsd = &vmstate_scsi_disk_state;
3303
3304 scsi_property_add_specifics(dc);
3305 }
3306
3307 static const TypeInfo scsi_cd_info = {
3308 .name = "scsi-cd",
3309 .parent = TYPE_SCSI_DISK_BASE,
3310 .class_init = scsi_cd_class_initfn,
3311 };
3312
3313 #ifdef __linux__
3314 static const Property scsi_block_properties[] = {
3315 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3316 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3317 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3318 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3319 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3320 DEFAULT_MAX_UNMAP_SIZE),
3321 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3322 DEFAULT_MAX_IO_SIZE),
3323 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3324 -1),
3325 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3326 DEFAULT_IO_TIMEOUT),
3327 };
3328
scsi_block_class_initfn(ObjectClass * klass,void * data)3329 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3330 {
3331 DeviceClass *dc = DEVICE_CLASS(klass);
3332 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3333 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3334
3335 sc->realize = scsi_block_realize;
3336 sc->alloc_req = scsi_block_new_request;
3337 sc->parse_cdb = scsi_block_parse_cdb;
3338 sdc->dma_readv = scsi_block_dma_readv;
3339 sdc->dma_writev = scsi_block_dma_writev;
3340 sdc->update_sense = scsi_block_update_sense;
3341 sdc->need_fua_emulation = scsi_block_no_fua;
3342 dc->desc = "SCSI block device passthrough";
3343 device_class_set_props(dc, scsi_block_properties);
3344 dc->vmsd = &vmstate_scsi_disk_state;
3345 }
3346
3347 static const TypeInfo scsi_block_info = {
3348 .name = "scsi-block",
3349 .parent = TYPE_SCSI_DISK_BASE,
3350 .class_init = scsi_block_class_initfn,
3351 };
3352 #endif
3353
scsi_disk_register_types(void)3354 static void scsi_disk_register_types(void)
3355 {
3356 type_register_static(&scsi_disk_base_info);
3357 type_register_static(&scsi_hd_info);
3358 type_register_static(&scsi_cd_info);
3359 #ifdef __linux__
3360 type_register_static(&scsi_block_info);
3361 #endif
3362 }
3363
3364 type_init(scsi_disk_register_types)
3365