1 #include "hw/hw.h" 2 #include "qemu/error-report.h" 3 #include "hw/scsi/scsi.h" 4 #include "block/scsi.h" 5 #include "hw/qdev.h" 6 #include "sysemu/blockdev.h" 7 #include "trace.h" 8 #include "sysemu/dma.h" 9 10 static char *scsibus_get_dev_path(DeviceState *dev); 11 static char *scsibus_get_fw_dev_path(DeviceState *dev); 12 static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf); 13 static void scsi_req_dequeue(SCSIRequest *req); 14 15 static Property scsi_props[] = { 16 DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0), 17 DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1), 18 DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1), 19 DEFINE_PROP_END_OF_LIST(), 20 }; 21 22 static void scsi_bus_class_init(ObjectClass *klass, void *data) 23 { 24 BusClass *k = BUS_CLASS(klass); 25 26 k->get_dev_path = scsibus_get_dev_path; 27 k->get_fw_dev_path = scsibus_get_fw_dev_path; 28 } 29 30 static const TypeInfo scsi_bus_info = { 31 .name = TYPE_SCSI_BUS, 32 .parent = TYPE_BUS, 33 .instance_size = sizeof(SCSIBus), 34 .class_init = scsi_bus_class_init, 35 }; 36 static int next_scsi_bus; 37 38 static int scsi_device_init(SCSIDevice *s) 39 { 40 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 41 if (sc->init) { 42 return sc->init(s); 43 } 44 return 0; 45 } 46 47 static void scsi_device_destroy(SCSIDevice *s) 48 { 49 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 50 if (sc->destroy) { 51 sc->destroy(s); 52 } 53 } 54 55 static SCSIRequest *scsi_device_alloc_req(SCSIDevice *s, uint32_t tag, uint32_t lun, 56 uint8_t *buf, void *hba_private) 57 { 58 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 59 if (sc->alloc_req) { 60 return sc->alloc_req(s, tag, lun, buf, hba_private); 61 } 62 63 return NULL; 64 } 65 66 static void scsi_device_unit_attention_reported(SCSIDevice *s) 67 { 68 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 69 if (sc->unit_attention_reported) { 70 sc->unit_attention_reported(s); 71 } 72 } 73 74 /* Create a scsi bus, and attach devices to it. */ 75 void scsi_bus_new(SCSIBus *bus, DeviceState *host, const SCSIBusInfo *info) 76 { 77 qbus_create_inplace(&bus->qbus, TYPE_SCSI_BUS, host, NULL); 78 bus->busnr = next_scsi_bus++; 79 bus->info = info; 80 bus->qbus.allow_hotplug = 1; 81 } 82 83 static void scsi_dma_restart_bh(void *opaque) 84 { 85 SCSIDevice *s = opaque; 86 SCSIRequest *req, *next; 87 88 qemu_bh_delete(s->bh); 89 s->bh = NULL; 90 91 QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) { 92 scsi_req_ref(req); 93 if (req->retry) { 94 req->retry = false; 95 switch (req->cmd.mode) { 96 case SCSI_XFER_FROM_DEV: 97 case SCSI_XFER_TO_DEV: 98 scsi_req_continue(req); 99 break; 100 case SCSI_XFER_NONE: 101 assert(!req->sg); 102 scsi_req_dequeue(req); 103 scsi_req_enqueue(req); 104 break; 105 } 106 } 107 scsi_req_unref(req); 108 } 109 } 110 111 void scsi_req_retry(SCSIRequest *req) 112 { 113 /* No need to save a reference, because scsi_dma_restart_bh just 114 * looks at the request list. */ 115 req->retry = true; 116 } 117 118 static void scsi_dma_restart_cb(void *opaque, int running, RunState state) 119 { 120 SCSIDevice *s = opaque; 121 122 if (!running) { 123 return; 124 } 125 if (!s->bh) { 126 s->bh = qemu_bh_new(scsi_dma_restart_bh, s); 127 qemu_bh_schedule(s->bh); 128 } 129 } 130 131 static int scsi_qdev_init(DeviceState *qdev) 132 { 133 SCSIDevice *dev = SCSI_DEVICE(qdev); 134 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 135 SCSIDevice *d; 136 int rc = -1; 137 138 if (dev->channel > bus->info->max_channel) { 139 error_report("bad scsi channel id: %d", dev->channel); 140 goto err; 141 } 142 if (dev->id != -1 && dev->id > bus->info->max_target) { 143 error_report("bad scsi device id: %d", dev->id); 144 goto err; 145 } 146 if (dev->lun != -1 && dev->lun > bus->info->max_lun) { 147 error_report("bad scsi device lun: %d", dev->lun); 148 goto err; 149 } 150 151 if (dev->id == -1) { 152 int id = -1; 153 if (dev->lun == -1) { 154 dev->lun = 0; 155 } 156 do { 157 d = scsi_device_find(bus, dev->channel, ++id, dev->lun); 158 } while (d && d->lun == dev->lun && id < bus->info->max_target); 159 if (d && d->lun == dev->lun) { 160 error_report("no free target"); 161 goto err; 162 } 163 dev->id = id; 164 } else if (dev->lun == -1) { 165 int lun = -1; 166 do { 167 d = scsi_device_find(bus, dev->channel, dev->id, ++lun); 168 } while (d && d->lun == lun && lun < bus->info->max_lun); 169 if (d && d->lun == lun) { 170 error_report("no free lun"); 171 goto err; 172 } 173 dev->lun = lun; 174 } else { 175 d = scsi_device_find(bus, dev->channel, dev->id, dev->lun); 176 assert(d); 177 if (d->lun == dev->lun && dev != d) { 178 qdev_free(&d->qdev); 179 } 180 } 181 182 QTAILQ_INIT(&dev->requests); 183 rc = scsi_device_init(dev); 184 if (rc == 0) { 185 dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb, 186 dev); 187 } 188 189 if (bus->info->hotplug) { 190 bus->info->hotplug(bus, dev); 191 } 192 193 err: 194 return rc; 195 } 196 197 static int scsi_qdev_exit(DeviceState *qdev) 198 { 199 SCSIDevice *dev = SCSI_DEVICE(qdev); 200 201 if (dev->vmsentry) { 202 qemu_del_vm_change_state_handler(dev->vmsentry); 203 } 204 scsi_device_destroy(dev); 205 return 0; 206 } 207 208 /* handle legacy '-drive if=scsi,...' cmd line args */ 209 SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv, 210 int unit, bool removable, int bootindex, 211 const char *serial) 212 { 213 const char *driver; 214 DeviceState *dev; 215 216 driver = bdrv_is_sg(bdrv) ? "scsi-generic" : "scsi-disk"; 217 dev = qdev_create(&bus->qbus, driver); 218 qdev_prop_set_uint32(dev, "scsi-id", unit); 219 if (bootindex >= 0) { 220 qdev_prop_set_int32(dev, "bootindex", bootindex); 221 } 222 if (object_property_find(OBJECT(dev), "removable", NULL)) { 223 qdev_prop_set_bit(dev, "removable", removable); 224 } 225 if (serial) { 226 qdev_prop_set_string(dev, "serial", serial); 227 } 228 if (qdev_prop_set_drive(dev, "drive", bdrv) < 0) { 229 qdev_free(dev); 230 return NULL; 231 } 232 if (qdev_init(dev) < 0) 233 return NULL; 234 return SCSI_DEVICE(dev); 235 } 236 237 int scsi_bus_legacy_handle_cmdline(SCSIBus *bus) 238 { 239 Location loc; 240 DriveInfo *dinfo; 241 int res = 0, unit; 242 243 loc_push_none(&loc); 244 for (unit = 0; unit <= bus->info->max_target; unit++) { 245 dinfo = drive_get(IF_SCSI, bus->busnr, unit); 246 if (dinfo == NULL) { 247 continue; 248 } 249 qemu_opts_loc_restore(dinfo->opts); 250 if (!scsi_bus_legacy_add_drive(bus, dinfo->bdrv, unit, false, -1, NULL)) { 251 res = -1; 252 break; 253 } 254 } 255 loc_pop(&loc); 256 return res; 257 } 258 259 static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf) 260 { 261 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD)); 262 scsi_req_complete(req, CHECK_CONDITION); 263 return 0; 264 } 265 266 static const struct SCSIReqOps reqops_invalid_field = { 267 .size = sizeof(SCSIRequest), 268 .send_command = scsi_invalid_field 269 }; 270 271 /* SCSIReqOps implementation for invalid commands. */ 272 273 static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf) 274 { 275 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE)); 276 scsi_req_complete(req, CHECK_CONDITION); 277 return 0; 278 } 279 280 static const struct SCSIReqOps reqops_invalid_opcode = { 281 .size = sizeof(SCSIRequest), 282 .send_command = scsi_invalid_command 283 }; 284 285 /* SCSIReqOps implementation for unit attention conditions. */ 286 287 static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf) 288 { 289 if (req->dev->unit_attention.key == UNIT_ATTENTION) { 290 scsi_req_build_sense(req, req->dev->unit_attention); 291 } else if (req->bus->unit_attention.key == UNIT_ATTENTION) { 292 scsi_req_build_sense(req, req->bus->unit_attention); 293 } 294 scsi_req_complete(req, CHECK_CONDITION); 295 return 0; 296 } 297 298 static const struct SCSIReqOps reqops_unit_attention = { 299 .size = sizeof(SCSIRequest), 300 .send_command = scsi_unit_attention 301 }; 302 303 /* SCSIReqOps implementation for REPORT LUNS and for commands sent to 304 an invalid LUN. */ 305 306 typedef struct SCSITargetReq SCSITargetReq; 307 308 struct SCSITargetReq { 309 SCSIRequest req; 310 int len; 311 uint8_t buf[2056]; 312 }; 313 314 static void store_lun(uint8_t *outbuf, int lun) 315 { 316 if (lun < 256) { 317 outbuf[1] = lun; 318 return; 319 } 320 outbuf[1] = (lun & 255); 321 outbuf[0] = (lun >> 8) | 0x40; 322 } 323 324 static bool scsi_target_emulate_report_luns(SCSITargetReq *r) 325 { 326 BusChild *kid; 327 int i, len, n; 328 int channel, id; 329 bool found_lun0; 330 331 if (r->req.cmd.xfer < 16) { 332 return false; 333 } 334 if (r->req.cmd.buf[2] > 2) { 335 return false; 336 } 337 channel = r->req.dev->channel; 338 id = r->req.dev->id; 339 found_lun0 = false; 340 n = 0; 341 QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) { 342 DeviceState *qdev = kid->child; 343 SCSIDevice *dev = SCSI_DEVICE(qdev); 344 345 if (dev->channel == channel && dev->id == id) { 346 if (dev->lun == 0) { 347 found_lun0 = true; 348 } 349 n += 8; 350 } 351 } 352 if (!found_lun0) { 353 n += 8; 354 } 355 len = MIN(n + 8, r->req.cmd.xfer & ~7); 356 if (len > sizeof(r->buf)) { 357 /* TODO: > 256 LUNs? */ 358 return false; 359 } 360 361 memset(r->buf, 0, len); 362 stl_be_p(&r->buf, n); 363 i = found_lun0 ? 8 : 16; 364 QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) { 365 DeviceState *qdev = kid->child; 366 SCSIDevice *dev = SCSI_DEVICE(qdev); 367 368 if (dev->channel == channel && dev->id == id) { 369 store_lun(&r->buf[i], dev->lun); 370 i += 8; 371 } 372 } 373 assert(i == n + 8); 374 r->len = len; 375 return true; 376 } 377 378 static bool scsi_target_emulate_inquiry(SCSITargetReq *r) 379 { 380 assert(r->req.dev->lun != r->req.lun); 381 if (r->req.cmd.buf[1] & 0x2) { 382 /* Command support data - optional, not implemented */ 383 return false; 384 } 385 386 if (r->req.cmd.buf[1] & 0x1) { 387 /* Vital product data */ 388 uint8_t page_code = r->req.cmd.buf[2]; 389 r->buf[r->len++] = page_code ; /* this page */ 390 r->buf[r->len++] = 0x00; 391 392 switch (page_code) { 393 case 0x00: /* Supported page codes, mandatory */ 394 { 395 int pages; 396 pages = r->len++; 397 r->buf[r->len++] = 0x00; /* list of supported pages (this page) */ 398 r->buf[pages] = r->len - pages - 1; /* number of pages */ 399 break; 400 } 401 default: 402 return false; 403 } 404 /* done with EVPD */ 405 assert(r->len < sizeof(r->buf)); 406 r->len = MIN(r->req.cmd.xfer, r->len); 407 return true; 408 } 409 410 /* Standard INQUIRY data */ 411 if (r->req.cmd.buf[2] != 0) { 412 return false; 413 } 414 415 /* PAGE CODE == 0 */ 416 r->len = MIN(r->req.cmd.xfer, 36); 417 memset(r->buf, 0, r->len); 418 if (r->req.lun != 0) { 419 r->buf[0] = TYPE_NO_LUN; 420 } else { 421 r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE; 422 r->buf[2] = 5; /* Version */ 423 r->buf[3] = 2 | 0x10; /* HiSup, response data format */ 424 r->buf[4] = r->len - 5; /* Additional Length = (Len - 1) - 4 */ 425 r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0); /* Sync, TCQ. */ 426 memcpy(&r->buf[8], "QEMU ", 8); 427 memcpy(&r->buf[16], "QEMU TARGET ", 16); 428 pstrcpy((char *) &r->buf[32], 4, qemu_get_version()); 429 } 430 return true; 431 } 432 433 static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf) 434 { 435 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 436 437 switch (buf[0]) { 438 case REPORT_LUNS: 439 if (!scsi_target_emulate_report_luns(r)) { 440 goto illegal_request; 441 } 442 break; 443 case INQUIRY: 444 if (!scsi_target_emulate_inquiry(r)) { 445 goto illegal_request; 446 } 447 break; 448 case REQUEST_SENSE: 449 r->len = scsi_device_get_sense(r->req.dev, r->buf, 450 MIN(req->cmd.xfer, sizeof r->buf), 451 (req->cmd.buf[1] & 1) == 0); 452 if (r->req.dev->sense_is_ua) { 453 scsi_device_unit_attention_reported(req->dev); 454 r->req.dev->sense_len = 0; 455 r->req.dev->sense_is_ua = false; 456 } 457 break; 458 default: 459 scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED)); 460 scsi_req_complete(req, CHECK_CONDITION); 461 return 0; 462 illegal_request: 463 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD)); 464 scsi_req_complete(req, CHECK_CONDITION); 465 return 0; 466 } 467 468 if (!r->len) { 469 scsi_req_complete(req, GOOD); 470 } 471 return r->len; 472 } 473 474 static void scsi_target_read_data(SCSIRequest *req) 475 { 476 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 477 uint32_t n; 478 479 n = r->len; 480 if (n > 0) { 481 r->len = 0; 482 scsi_req_data(&r->req, n); 483 } else { 484 scsi_req_complete(&r->req, GOOD); 485 } 486 } 487 488 static uint8_t *scsi_target_get_buf(SCSIRequest *req) 489 { 490 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 491 492 return r->buf; 493 } 494 495 static const struct SCSIReqOps reqops_target_command = { 496 .size = sizeof(SCSITargetReq), 497 .send_command = scsi_target_send_command, 498 .read_data = scsi_target_read_data, 499 .get_buf = scsi_target_get_buf, 500 }; 501 502 503 SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d, 504 uint32_t tag, uint32_t lun, void *hba_private) 505 { 506 SCSIRequest *req; 507 508 req = g_malloc0(reqops->size); 509 req->refcount = 1; 510 req->bus = scsi_bus_from_device(d); 511 req->dev = d; 512 req->tag = tag; 513 req->lun = lun; 514 req->hba_private = hba_private; 515 req->status = -1; 516 req->sense_len = 0; 517 req->ops = reqops; 518 trace_scsi_req_alloc(req->dev->id, req->lun, req->tag); 519 return req; 520 } 521 522 SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun, 523 uint8_t *buf, void *hba_private) 524 { 525 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus); 526 SCSIRequest *req; 527 SCSICommand cmd; 528 529 if (scsi_req_parse(&cmd, d, buf) != 0) { 530 trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]); 531 req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private); 532 } else { 533 trace_scsi_req_parsed(d->id, lun, tag, buf[0], 534 cmd.mode, cmd.xfer); 535 if (cmd.lba != -1) { 536 trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0], 537 cmd.lba); 538 } 539 540 if (cmd.xfer > INT32_MAX) { 541 req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private); 542 } else if ((d->unit_attention.key == UNIT_ATTENTION || 543 bus->unit_attention.key == UNIT_ATTENTION) && 544 (buf[0] != INQUIRY && 545 buf[0] != REPORT_LUNS && 546 buf[0] != GET_CONFIGURATION && 547 buf[0] != GET_EVENT_STATUS_NOTIFICATION && 548 549 /* 550 * If we already have a pending unit attention condition, 551 * report this one before triggering another one. 552 */ 553 !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) { 554 req = scsi_req_alloc(&reqops_unit_attention, d, tag, lun, 555 hba_private); 556 } else if (lun != d->lun || 557 buf[0] == REPORT_LUNS || 558 (buf[0] == REQUEST_SENSE && d->sense_len)) { 559 req = scsi_req_alloc(&reqops_target_command, d, tag, lun, 560 hba_private); 561 } else { 562 req = scsi_device_alloc_req(d, tag, lun, buf, hba_private); 563 } 564 } 565 566 req->cmd = cmd; 567 req->resid = req->cmd.xfer; 568 569 switch (buf[0]) { 570 case INQUIRY: 571 trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]); 572 break; 573 case TEST_UNIT_READY: 574 trace_scsi_test_unit_ready(d->id, lun, tag); 575 break; 576 case REPORT_LUNS: 577 trace_scsi_report_luns(d->id, lun, tag); 578 break; 579 case REQUEST_SENSE: 580 trace_scsi_request_sense(d->id, lun, tag); 581 break; 582 default: 583 break; 584 } 585 586 return req; 587 } 588 589 uint8_t *scsi_req_get_buf(SCSIRequest *req) 590 { 591 return req->ops->get_buf(req); 592 } 593 594 static void scsi_clear_unit_attention(SCSIRequest *req) 595 { 596 SCSISense *ua; 597 if (req->dev->unit_attention.key != UNIT_ATTENTION && 598 req->bus->unit_attention.key != UNIT_ATTENTION) { 599 return; 600 } 601 602 /* 603 * If an INQUIRY command enters the enabled command state, 604 * the device server shall [not] clear any unit attention condition; 605 * See also MMC-6, paragraphs 6.5 and 6.6.2. 606 */ 607 if (req->cmd.buf[0] == INQUIRY || 608 req->cmd.buf[0] == GET_CONFIGURATION || 609 req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) { 610 return; 611 } 612 613 if (req->dev->unit_attention.key == UNIT_ATTENTION) { 614 ua = &req->dev->unit_attention; 615 } else { 616 ua = &req->bus->unit_attention; 617 } 618 619 /* 620 * If a REPORT LUNS command enters the enabled command state, [...] 621 * the device server shall clear any pending unit attention condition 622 * with an additional sense code of REPORTED LUNS DATA HAS CHANGED. 623 */ 624 if (req->cmd.buf[0] == REPORT_LUNS && 625 !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc && 626 ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) { 627 return; 628 } 629 630 *ua = SENSE_CODE(NO_SENSE); 631 } 632 633 int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len) 634 { 635 int ret; 636 637 assert(len >= 14); 638 if (!req->sense_len) { 639 return 0; 640 } 641 642 ret = scsi_build_sense(req->sense, req->sense_len, buf, len, true); 643 644 /* 645 * FIXME: clearing unit attention conditions upon autosense should be done 646 * only if the UA_INTLCK_CTRL field in the Control mode page is set to 00b 647 * (SAM-5, 5.14). 648 * 649 * We assume UA_INTLCK_CTRL to be 00b for HBAs that support autosense, and 650 * 10b for HBAs that do not support it (do not call scsi_req_get_sense). 651 * Here we handle unit attention clearing for UA_INTLCK_CTRL == 00b. 652 */ 653 if (req->dev->sense_is_ua) { 654 scsi_device_unit_attention_reported(req->dev); 655 req->dev->sense_len = 0; 656 req->dev->sense_is_ua = false; 657 } 658 return ret; 659 } 660 661 int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed) 662 { 663 return scsi_build_sense(dev->sense, dev->sense_len, buf, len, fixed); 664 } 665 666 void scsi_req_build_sense(SCSIRequest *req, SCSISense sense) 667 { 668 trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag, 669 sense.key, sense.asc, sense.ascq); 670 memset(req->sense, 0, 18); 671 req->sense[0] = 0x70; 672 req->sense[2] = sense.key; 673 req->sense[7] = 10; 674 req->sense[12] = sense.asc; 675 req->sense[13] = sense.ascq; 676 req->sense_len = 18; 677 } 678 679 static void scsi_req_enqueue_internal(SCSIRequest *req) 680 { 681 assert(!req->enqueued); 682 scsi_req_ref(req); 683 if (req->bus->info->get_sg_list) { 684 req->sg = req->bus->info->get_sg_list(req); 685 } else { 686 req->sg = NULL; 687 } 688 req->enqueued = true; 689 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next); 690 } 691 692 int32_t scsi_req_enqueue(SCSIRequest *req) 693 { 694 int32_t rc; 695 696 assert(!req->retry); 697 scsi_req_enqueue_internal(req); 698 scsi_req_ref(req); 699 rc = req->ops->send_command(req, req->cmd.buf); 700 scsi_req_unref(req); 701 return rc; 702 } 703 704 static void scsi_req_dequeue(SCSIRequest *req) 705 { 706 trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag); 707 req->retry = false; 708 if (req->enqueued) { 709 QTAILQ_REMOVE(&req->dev->requests, req, next); 710 req->enqueued = false; 711 scsi_req_unref(req); 712 } 713 } 714 715 static int scsi_get_performance_length(int num_desc, int type, int data_type) 716 { 717 /* MMC-6, paragraph 6.7. */ 718 switch (type) { 719 case 0: 720 if ((data_type & 3) == 0) { 721 /* Each descriptor is as in Table 295 - Nominal performance. */ 722 return 16 * num_desc + 8; 723 } else { 724 /* Each descriptor is as in Table 296 - Exceptions. */ 725 return 6 * num_desc + 8; 726 } 727 case 1: 728 case 4: 729 case 5: 730 return 8 * num_desc + 8; 731 case 2: 732 return 2048 * num_desc + 8; 733 case 3: 734 return 16 * num_desc + 8; 735 default: 736 return 8; 737 } 738 } 739 740 static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf) 741 { 742 int byte_block = (buf[2] >> 2) & 0x1; 743 int type = (buf[2] >> 4) & 0x1; 744 int xfer_unit; 745 746 if (byte_block) { 747 if (type) { 748 xfer_unit = dev->blocksize; 749 } else { 750 xfer_unit = 512; 751 } 752 } else { 753 xfer_unit = 1; 754 } 755 756 return xfer_unit; 757 } 758 759 static int ata_passthrough_12_xfer_size(SCSIDevice *dev, uint8_t *buf) 760 { 761 int length = buf[2] & 0x3; 762 int xfer; 763 int unit = ata_passthrough_xfer_unit(dev, buf); 764 765 switch (length) { 766 case 0: 767 case 3: /* USB-specific. */ 768 default: 769 xfer = 0; 770 break; 771 case 1: 772 xfer = buf[3]; 773 break; 774 case 2: 775 xfer = buf[4]; 776 break; 777 } 778 779 return xfer * unit; 780 } 781 782 static int ata_passthrough_16_xfer_size(SCSIDevice *dev, uint8_t *buf) 783 { 784 int extend = buf[1] & 0x1; 785 int length = buf[2] & 0x3; 786 int xfer; 787 int unit = ata_passthrough_xfer_unit(dev, buf); 788 789 switch (length) { 790 case 0: 791 case 3: /* USB-specific. */ 792 default: 793 xfer = 0; 794 break; 795 case 1: 796 xfer = buf[4]; 797 xfer |= (extend ? buf[3] << 8 : 0); 798 break; 799 case 2: 800 xfer = buf[6]; 801 xfer |= (extend ? buf[5] << 8 : 0); 802 break; 803 } 804 805 return xfer * unit; 806 } 807 808 uint32_t scsi_data_cdb_length(uint8_t *buf) 809 { 810 if ((buf[0] >> 5) == 0 && buf[4] == 0) { 811 return 256; 812 } else { 813 return scsi_cdb_length(buf); 814 } 815 } 816 817 uint32_t scsi_cdb_length(uint8_t *buf) 818 { 819 switch (buf[0] >> 5) { 820 case 0: 821 return buf[4]; 822 break; 823 case 1: 824 case 2: 825 return lduw_be_p(&buf[7]); 826 break; 827 case 4: 828 return ldl_be_p(&buf[10]) & 0xffffffffULL; 829 break; 830 case 5: 831 return ldl_be_p(&buf[6]) & 0xffffffffULL; 832 break; 833 default: 834 return -1; 835 } 836 } 837 838 static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 839 { 840 cmd->xfer = scsi_cdb_length(buf); 841 switch (buf[0]) { 842 case TEST_UNIT_READY: 843 case REWIND: 844 case START_STOP: 845 case SET_CAPACITY: 846 case WRITE_FILEMARKS: 847 case WRITE_FILEMARKS_16: 848 case SPACE: 849 case RESERVE: 850 case RELEASE: 851 case ERASE: 852 case ALLOW_MEDIUM_REMOVAL: 853 case VERIFY_10: 854 case SEEK_10: 855 case SYNCHRONIZE_CACHE: 856 case SYNCHRONIZE_CACHE_16: 857 case LOCATE_16: 858 case LOCK_UNLOCK_CACHE: 859 case SET_CD_SPEED: 860 case SET_LIMITS: 861 case WRITE_LONG_10: 862 case UPDATE_BLOCK: 863 case RESERVE_TRACK: 864 case SET_READ_AHEAD: 865 case PRE_FETCH: 866 case PRE_FETCH_16: 867 case ALLOW_OVERWRITE: 868 cmd->xfer = 0; 869 break; 870 case MODE_SENSE: 871 break; 872 case WRITE_SAME_10: 873 case WRITE_SAME_16: 874 cmd->xfer = dev->blocksize; 875 break; 876 case READ_CAPACITY_10: 877 cmd->xfer = 8; 878 break; 879 case READ_BLOCK_LIMITS: 880 cmd->xfer = 6; 881 break; 882 case SEND_VOLUME_TAG: 883 /* GPCMD_SET_STREAMING from multimedia commands. */ 884 if (dev->type == TYPE_ROM) { 885 cmd->xfer = buf[10] | (buf[9] << 8); 886 } else { 887 cmd->xfer = buf[9] | (buf[8] << 8); 888 } 889 break; 890 case WRITE_6: 891 /* length 0 means 256 blocks */ 892 if (cmd->xfer == 0) { 893 cmd->xfer = 256; 894 } 895 case WRITE_10: 896 case WRITE_VERIFY_10: 897 case WRITE_12: 898 case WRITE_VERIFY_12: 899 case WRITE_16: 900 case WRITE_VERIFY_16: 901 cmd->xfer *= dev->blocksize; 902 break; 903 case READ_6: 904 case READ_REVERSE: 905 /* length 0 means 256 blocks */ 906 if (cmd->xfer == 0) { 907 cmd->xfer = 256; 908 } 909 case READ_10: 910 case RECOVER_BUFFERED_DATA: 911 case READ_12: 912 case READ_16: 913 cmd->xfer *= dev->blocksize; 914 break; 915 case FORMAT_UNIT: 916 /* MMC mandates the parameter list to be 12-bytes long. Parameters 917 * for block devices are restricted to the header right now. */ 918 if (dev->type == TYPE_ROM && (buf[1] & 16)) { 919 cmd->xfer = 12; 920 } else { 921 cmd->xfer = (buf[1] & 16) == 0 ? 0 : (buf[1] & 32 ? 8 : 4); 922 } 923 break; 924 case INQUIRY: 925 case RECEIVE_DIAGNOSTIC: 926 case SEND_DIAGNOSTIC: 927 cmd->xfer = buf[4] | (buf[3] << 8); 928 break; 929 case READ_CD: 930 case READ_BUFFER: 931 case WRITE_BUFFER: 932 case SEND_CUE_SHEET: 933 cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16); 934 break; 935 case PERSISTENT_RESERVE_OUT: 936 cmd->xfer = ldl_be_p(&buf[5]) & 0xffffffffULL; 937 break; 938 case ERASE_12: 939 if (dev->type == TYPE_ROM) { 940 /* MMC command GET PERFORMANCE. */ 941 cmd->xfer = scsi_get_performance_length(buf[9] | (buf[8] << 8), 942 buf[10], buf[1] & 0x1f); 943 } 944 break; 945 case MECHANISM_STATUS: 946 case READ_DVD_STRUCTURE: 947 case SEND_DVD_STRUCTURE: 948 case MAINTENANCE_OUT: 949 case MAINTENANCE_IN: 950 if (dev->type == TYPE_ROM) { 951 /* GPCMD_REPORT_KEY and GPCMD_SEND_KEY from multi media commands */ 952 cmd->xfer = buf[9] | (buf[8] << 8); 953 } 954 break; 955 case ATA_PASSTHROUGH_12: 956 if (dev->type == TYPE_ROM) { 957 /* BLANK command of MMC */ 958 cmd->xfer = 0; 959 } else { 960 cmd->xfer = ata_passthrough_12_xfer_size(dev, buf); 961 } 962 break; 963 case ATA_PASSTHROUGH_16: 964 cmd->xfer = ata_passthrough_16_xfer_size(dev, buf); 965 break; 966 } 967 return 0; 968 } 969 970 static int scsi_req_stream_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 971 { 972 switch (buf[0]) { 973 /* stream commands */ 974 case ERASE_12: 975 case ERASE_16: 976 cmd->xfer = 0; 977 break; 978 case READ_6: 979 case READ_REVERSE: 980 case RECOVER_BUFFERED_DATA: 981 case WRITE_6: 982 cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16); 983 if (buf[1] & 0x01) { /* fixed */ 984 cmd->xfer *= dev->blocksize; 985 } 986 break; 987 case READ_16: 988 case READ_REVERSE_16: 989 case VERIFY_16: 990 case WRITE_16: 991 cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16); 992 if (buf[1] & 0x01) { /* fixed */ 993 cmd->xfer *= dev->blocksize; 994 } 995 break; 996 case REWIND: 997 case LOAD_UNLOAD: 998 cmd->xfer = 0; 999 break; 1000 case SPACE_16: 1001 cmd->xfer = buf[13] | (buf[12] << 8); 1002 break; 1003 case READ_POSITION: 1004 switch (buf[1] & 0x1f) /* operation code */ { 1005 case SHORT_FORM_BLOCK_ID: 1006 case SHORT_FORM_VENDOR_SPECIFIC: 1007 cmd->xfer = 20; 1008 break; 1009 case LONG_FORM: 1010 cmd->xfer = 32; 1011 break; 1012 case EXTENDED_FORM: 1013 cmd->xfer = buf[8] | (buf[7] << 8); 1014 break; 1015 default: 1016 return -1; 1017 } 1018 1019 break; 1020 case FORMAT_UNIT: 1021 cmd->xfer = buf[4] | (buf[3] << 8); 1022 break; 1023 /* generic commands */ 1024 default: 1025 return scsi_req_length(cmd, dev, buf); 1026 } 1027 return 0; 1028 } 1029 1030 static int scsi_req_medium_changer_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1031 { 1032 switch (buf[0]) { 1033 /* medium changer commands */ 1034 case EXCHANGE_MEDIUM: 1035 case INITIALIZE_ELEMENT_STATUS: 1036 case INITIALIZE_ELEMENT_STATUS_WITH_RANGE: 1037 case MOVE_MEDIUM: 1038 case POSITION_TO_ELEMENT: 1039 cmd->xfer = 0; 1040 break; 1041 case READ_ELEMENT_STATUS: 1042 cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16); 1043 break; 1044 1045 /* generic commands */ 1046 default: 1047 return scsi_req_length(cmd, dev, buf); 1048 } 1049 return 0; 1050 } 1051 1052 1053 static void scsi_cmd_xfer_mode(SCSICommand *cmd) 1054 { 1055 if (!cmd->xfer) { 1056 cmd->mode = SCSI_XFER_NONE; 1057 return; 1058 } 1059 switch (cmd->buf[0]) { 1060 case WRITE_6: 1061 case WRITE_10: 1062 case WRITE_VERIFY_10: 1063 case WRITE_12: 1064 case WRITE_VERIFY_12: 1065 case WRITE_16: 1066 case WRITE_VERIFY_16: 1067 case COPY: 1068 case COPY_VERIFY: 1069 case COMPARE: 1070 case CHANGE_DEFINITION: 1071 case LOG_SELECT: 1072 case MODE_SELECT: 1073 case MODE_SELECT_10: 1074 case SEND_DIAGNOSTIC: 1075 case WRITE_BUFFER: 1076 case FORMAT_UNIT: 1077 case REASSIGN_BLOCKS: 1078 case SEARCH_EQUAL: 1079 case SEARCH_HIGH: 1080 case SEARCH_LOW: 1081 case UPDATE_BLOCK: 1082 case WRITE_LONG_10: 1083 case WRITE_SAME_10: 1084 case WRITE_SAME_16: 1085 case UNMAP: 1086 case SEARCH_HIGH_12: 1087 case SEARCH_EQUAL_12: 1088 case SEARCH_LOW_12: 1089 case MEDIUM_SCAN: 1090 case SEND_VOLUME_TAG: 1091 case SEND_CUE_SHEET: 1092 case SEND_DVD_STRUCTURE: 1093 case PERSISTENT_RESERVE_OUT: 1094 case MAINTENANCE_OUT: 1095 cmd->mode = SCSI_XFER_TO_DEV; 1096 break; 1097 case ATA_PASSTHROUGH_12: 1098 case ATA_PASSTHROUGH_16: 1099 /* T_DIR */ 1100 cmd->mode = (cmd->buf[2] & 0x8) ? 1101 SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV; 1102 break; 1103 default: 1104 cmd->mode = SCSI_XFER_FROM_DEV; 1105 break; 1106 } 1107 } 1108 1109 static uint64_t scsi_cmd_lba(SCSICommand *cmd) 1110 { 1111 uint8_t *buf = cmd->buf; 1112 uint64_t lba; 1113 1114 switch (buf[0] >> 5) { 1115 case 0: 1116 lba = ldl_be_p(&buf[0]) & 0x1fffff; 1117 break; 1118 case 1: 1119 case 2: 1120 case 5: 1121 lba = ldl_be_p(&buf[2]) & 0xffffffffULL; 1122 break; 1123 case 4: 1124 lba = ldq_be_p(&buf[2]); 1125 break; 1126 default: 1127 lba = -1; 1128 1129 } 1130 return lba; 1131 } 1132 1133 int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1134 { 1135 int rc; 1136 1137 switch (buf[0] >> 5) { 1138 case 0: 1139 cmd->len = 6; 1140 break; 1141 case 1: 1142 case 2: 1143 cmd->len = 10; 1144 break; 1145 case 4: 1146 cmd->len = 16; 1147 break; 1148 case 5: 1149 cmd->len = 12; 1150 break; 1151 default: 1152 return -1; 1153 } 1154 1155 switch (dev->type) { 1156 case TYPE_TAPE: 1157 rc = scsi_req_stream_length(cmd, dev, buf); 1158 break; 1159 case TYPE_MEDIUM_CHANGER: 1160 rc = scsi_req_medium_changer_length(cmd, dev, buf); 1161 break; 1162 default: 1163 rc = scsi_req_length(cmd, dev, buf); 1164 break; 1165 } 1166 1167 if (rc != 0) 1168 return rc; 1169 1170 memcpy(cmd->buf, buf, cmd->len); 1171 scsi_cmd_xfer_mode(cmd); 1172 cmd->lba = scsi_cmd_lba(cmd); 1173 return 0; 1174 } 1175 1176 void scsi_device_report_change(SCSIDevice *dev, SCSISense sense) 1177 { 1178 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 1179 1180 scsi_device_set_ua(dev, sense); 1181 if (bus->info->change) { 1182 bus->info->change(bus, dev, sense); 1183 } 1184 } 1185 1186 /* 1187 * Predefined sense codes 1188 */ 1189 1190 /* No sense data available */ 1191 const struct SCSISense sense_code_NO_SENSE = { 1192 .key = NO_SENSE , .asc = 0x00 , .ascq = 0x00 1193 }; 1194 1195 /* LUN not ready, Manual intervention required */ 1196 const struct SCSISense sense_code_LUN_NOT_READY = { 1197 .key = NOT_READY, .asc = 0x04, .ascq = 0x03 1198 }; 1199 1200 /* LUN not ready, Medium not present */ 1201 const struct SCSISense sense_code_NO_MEDIUM = { 1202 .key = NOT_READY, .asc = 0x3a, .ascq = 0x00 1203 }; 1204 1205 /* LUN not ready, medium removal prevented */ 1206 const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED = { 1207 .key = NOT_READY, .asc = 0x53, .ascq = 0x02 1208 }; 1209 1210 /* Hardware error, internal target failure */ 1211 const struct SCSISense sense_code_TARGET_FAILURE = { 1212 .key = HARDWARE_ERROR, .asc = 0x44, .ascq = 0x00 1213 }; 1214 1215 /* Illegal request, invalid command operation code */ 1216 const struct SCSISense sense_code_INVALID_OPCODE = { 1217 .key = ILLEGAL_REQUEST, .asc = 0x20, .ascq = 0x00 1218 }; 1219 1220 /* Illegal request, LBA out of range */ 1221 const struct SCSISense sense_code_LBA_OUT_OF_RANGE = { 1222 .key = ILLEGAL_REQUEST, .asc = 0x21, .ascq = 0x00 1223 }; 1224 1225 /* Illegal request, Invalid field in CDB */ 1226 const struct SCSISense sense_code_INVALID_FIELD = { 1227 .key = ILLEGAL_REQUEST, .asc = 0x24, .ascq = 0x00 1228 }; 1229 1230 /* Illegal request, Invalid field in parameter list */ 1231 const struct SCSISense sense_code_INVALID_PARAM = { 1232 .key = ILLEGAL_REQUEST, .asc = 0x26, .ascq = 0x00 1233 }; 1234 1235 /* Illegal request, Parameter list length error */ 1236 const struct SCSISense sense_code_INVALID_PARAM_LEN = { 1237 .key = ILLEGAL_REQUEST, .asc = 0x1a, .ascq = 0x00 1238 }; 1239 1240 /* Illegal request, LUN not supported */ 1241 const struct SCSISense sense_code_LUN_NOT_SUPPORTED = { 1242 .key = ILLEGAL_REQUEST, .asc = 0x25, .ascq = 0x00 1243 }; 1244 1245 /* Illegal request, Saving parameters not supported */ 1246 const struct SCSISense sense_code_SAVING_PARAMS_NOT_SUPPORTED = { 1247 .key = ILLEGAL_REQUEST, .asc = 0x39, .ascq = 0x00 1248 }; 1249 1250 /* Illegal request, Incompatible medium installed */ 1251 const struct SCSISense sense_code_INCOMPATIBLE_FORMAT = { 1252 .key = ILLEGAL_REQUEST, .asc = 0x30, .ascq = 0x00 1253 }; 1254 1255 /* Illegal request, medium removal prevented */ 1256 const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED = { 1257 .key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x02 1258 }; 1259 1260 /* Command aborted, I/O process terminated */ 1261 const struct SCSISense sense_code_IO_ERROR = { 1262 .key = ABORTED_COMMAND, .asc = 0x00, .ascq = 0x06 1263 }; 1264 1265 /* Command aborted, I_T Nexus loss occurred */ 1266 const struct SCSISense sense_code_I_T_NEXUS_LOSS = { 1267 .key = ABORTED_COMMAND, .asc = 0x29, .ascq = 0x07 1268 }; 1269 1270 /* Command aborted, Logical Unit failure */ 1271 const struct SCSISense sense_code_LUN_FAILURE = { 1272 .key = ABORTED_COMMAND, .asc = 0x3e, .ascq = 0x01 1273 }; 1274 1275 /* Unit attention, Capacity data has changed */ 1276 const struct SCSISense sense_code_CAPACITY_CHANGED = { 1277 .key = UNIT_ATTENTION, .asc = 0x2a, .ascq = 0x09 1278 }; 1279 1280 /* Unit attention, Power on, reset or bus device reset occurred */ 1281 const struct SCSISense sense_code_RESET = { 1282 .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x00 1283 }; 1284 1285 /* Unit attention, No medium */ 1286 const struct SCSISense sense_code_UNIT_ATTENTION_NO_MEDIUM = { 1287 .key = UNIT_ATTENTION, .asc = 0x3a, .ascq = 0x00 1288 }; 1289 1290 /* Unit attention, Medium may have changed */ 1291 const struct SCSISense sense_code_MEDIUM_CHANGED = { 1292 .key = UNIT_ATTENTION, .asc = 0x28, .ascq = 0x00 1293 }; 1294 1295 /* Unit attention, Reported LUNs data has changed */ 1296 const struct SCSISense sense_code_REPORTED_LUNS_CHANGED = { 1297 .key = UNIT_ATTENTION, .asc = 0x3f, .ascq = 0x0e 1298 }; 1299 1300 /* Unit attention, Device internal reset */ 1301 const struct SCSISense sense_code_DEVICE_INTERNAL_RESET = { 1302 .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x04 1303 }; 1304 1305 /* Data Protection, Write Protected */ 1306 const struct SCSISense sense_code_WRITE_PROTECTED = { 1307 .key = DATA_PROTECT, .asc = 0x27, .ascq = 0x00 1308 }; 1309 1310 /* 1311 * scsi_build_sense 1312 * 1313 * Convert between fixed and descriptor sense buffers 1314 */ 1315 int scsi_build_sense(uint8_t *in_buf, int in_len, 1316 uint8_t *buf, int len, bool fixed) 1317 { 1318 bool fixed_in; 1319 SCSISense sense; 1320 if (!fixed && len < 8) { 1321 return 0; 1322 } 1323 1324 if (in_len == 0) { 1325 sense.key = NO_SENSE; 1326 sense.asc = 0; 1327 sense.ascq = 0; 1328 } else { 1329 fixed_in = (in_buf[0] & 2) == 0; 1330 1331 if (fixed == fixed_in) { 1332 memcpy(buf, in_buf, MIN(len, in_len)); 1333 return MIN(len, in_len); 1334 } 1335 1336 if (fixed_in) { 1337 sense.key = in_buf[2]; 1338 sense.asc = in_buf[12]; 1339 sense.ascq = in_buf[13]; 1340 } else { 1341 sense.key = in_buf[1]; 1342 sense.asc = in_buf[2]; 1343 sense.ascq = in_buf[3]; 1344 } 1345 } 1346 1347 memset(buf, 0, len); 1348 if (fixed) { 1349 /* Return fixed format sense buffer */ 1350 buf[0] = 0x70; 1351 buf[2] = sense.key; 1352 buf[7] = 10; 1353 buf[12] = sense.asc; 1354 buf[13] = sense.ascq; 1355 return MIN(len, 18); 1356 } else { 1357 /* Return descriptor format sense buffer */ 1358 buf[0] = 0x72; 1359 buf[1] = sense.key; 1360 buf[2] = sense.asc; 1361 buf[3] = sense.ascq; 1362 return 8; 1363 } 1364 } 1365 1366 static const char *scsi_command_name(uint8_t cmd) 1367 { 1368 static const char *names[] = { 1369 [ TEST_UNIT_READY ] = "TEST_UNIT_READY", 1370 [ REWIND ] = "REWIND", 1371 [ REQUEST_SENSE ] = "REQUEST_SENSE", 1372 [ FORMAT_UNIT ] = "FORMAT_UNIT", 1373 [ READ_BLOCK_LIMITS ] = "READ_BLOCK_LIMITS", 1374 [ REASSIGN_BLOCKS ] = "REASSIGN_BLOCKS/INITIALIZE ELEMENT STATUS", 1375 /* LOAD_UNLOAD and INITIALIZE_ELEMENT_STATUS use the same operation code */ 1376 [ READ_6 ] = "READ_6", 1377 [ WRITE_6 ] = "WRITE_6", 1378 [ SET_CAPACITY ] = "SET_CAPACITY", 1379 [ READ_REVERSE ] = "READ_REVERSE", 1380 [ WRITE_FILEMARKS ] = "WRITE_FILEMARKS", 1381 [ SPACE ] = "SPACE", 1382 [ INQUIRY ] = "INQUIRY", 1383 [ RECOVER_BUFFERED_DATA ] = "RECOVER_BUFFERED_DATA", 1384 [ MAINTENANCE_IN ] = "MAINTENANCE_IN", 1385 [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT", 1386 [ MODE_SELECT ] = "MODE_SELECT", 1387 [ RESERVE ] = "RESERVE", 1388 [ RELEASE ] = "RELEASE", 1389 [ COPY ] = "COPY", 1390 [ ERASE ] = "ERASE", 1391 [ MODE_SENSE ] = "MODE_SENSE", 1392 [ START_STOP ] = "START_STOP/LOAD_UNLOAD", 1393 /* LOAD_UNLOAD and START_STOP use the same operation code */ 1394 [ RECEIVE_DIAGNOSTIC ] = "RECEIVE_DIAGNOSTIC", 1395 [ SEND_DIAGNOSTIC ] = "SEND_DIAGNOSTIC", 1396 [ ALLOW_MEDIUM_REMOVAL ] = "ALLOW_MEDIUM_REMOVAL", 1397 [ READ_CAPACITY_10 ] = "READ_CAPACITY_10", 1398 [ READ_10 ] = "READ_10", 1399 [ WRITE_10 ] = "WRITE_10", 1400 [ SEEK_10 ] = "SEEK_10/POSITION_TO_ELEMENT", 1401 /* SEEK_10 and POSITION_TO_ELEMENT use the same operation code */ 1402 [ WRITE_VERIFY_10 ] = "WRITE_VERIFY_10", 1403 [ VERIFY_10 ] = "VERIFY_10", 1404 [ SEARCH_HIGH ] = "SEARCH_HIGH", 1405 [ SEARCH_EQUAL ] = "SEARCH_EQUAL", 1406 [ SEARCH_LOW ] = "SEARCH_LOW", 1407 [ SET_LIMITS ] = "SET_LIMITS", 1408 [ PRE_FETCH ] = "PRE_FETCH/READ_POSITION", 1409 /* READ_POSITION and PRE_FETCH use the same operation code */ 1410 [ SYNCHRONIZE_CACHE ] = "SYNCHRONIZE_CACHE", 1411 [ LOCK_UNLOCK_CACHE ] = "LOCK_UNLOCK_CACHE", 1412 [ READ_DEFECT_DATA ] = "READ_DEFECT_DATA/INITIALIZE_ELEMENT_STATUS_WITH_RANGE", 1413 /* READ_DEFECT_DATA and INITIALIZE_ELEMENT_STATUS_WITH_RANGE use the same operation code */ 1414 [ MEDIUM_SCAN ] = "MEDIUM_SCAN", 1415 [ COMPARE ] = "COMPARE", 1416 [ COPY_VERIFY ] = "COPY_VERIFY", 1417 [ WRITE_BUFFER ] = "WRITE_BUFFER", 1418 [ READ_BUFFER ] = "READ_BUFFER", 1419 [ UPDATE_BLOCK ] = "UPDATE_BLOCK", 1420 [ READ_LONG_10 ] = "READ_LONG_10", 1421 [ WRITE_LONG_10 ] = "WRITE_LONG_10", 1422 [ CHANGE_DEFINITION ] = "CHANGE_DEFINITION", 1423 [ WRITE_SAME_10 ] = "WRITE_SAME_10", 1424 [ UNMAP ] = "UNMAP", 1425 [ READ_TOC ] = "READ_TOC", 1426 [ REPORT_DENSITY_SUPPORT ] = "REPORT_DENSITY_SUPPORT", 1427 [ SANITIZE ] = "SANITIZE", 1428 [ GET_CONFIGURATION ] = "GET_CONFIGURATION", 1429 [ LOG_SELECT ] = "LOG_SELECT", 1430 [ LOG_SENSE ] = "LOG_SENSE", 1431 [ MODE_SELECT_10 ] = "MODE_SELECT_10", 1432 [ RESERVE_10 ] = "RESERVE_10", 1433 [ RELEASE_10 ] = "RELEASE_10", 1434 [ MODE_SENSE_10 ] = "MODE_SENSE_10", 1435 [ PERSISTENT_RESERVE_IN ] = "PERSISTENT_RESERVE_IN", 1436 [ PERSISTENT_RESERVE_OUT ] = "PERSISTENT_RESERVE_OUT", 1437 [ WRITE_FILEMARKS_16 ] = "WRITE_FILEMARKS_16", 1438 [ EXTENDED_COPY ] = "EXTENDED_COPY", 1439 [ ATA_PASSTHROUGH_16 ] = "ATA_PASSTHROUGH_16", 1440 [ ACCESS_CONTROL_IN ] = "ACCESS_CONTROL_IN", 1441 [ ACCESS_CONTROL_OUT ] = "ACCESS_CONTROL_OUT", 1442 [ READ_16 ] = "READ_16", 1443 [ COMPARE_AND_WRITE ] = "COMPARE_AND_WRITE", 1444 [ WRITE_16 ] = "WRITE_16", 1445 [ WRITE_VERIFY_16 ] = "WRITE_VERIFY_16", 1446 [ VERIFY_16 ] = "VERIFY_16", 1447 [ PRE_FETCH_16 ] = "PRE_FETCH_16", 1448 [ SYNCHRONIZE_CACHE_16 ] = "SPACE_16/SYNCHRONIZE_CACHE_16", 1449 /* SPACE_16 and SYNCHRONIZE_CACHE_16 use the same operation code */ 1450 [ LOCATE_16 ] = "LOCATE_16", 1451 [ WRITE_SAME_16 ] = "ERASE_16/WRITE_SAME_16", 1452 /* ERASE_16 and WRITE_SAME_16 use the same operation code */ 1453 [ SERVICE_ACTION_IN_16 ] = "SERVICE_ACTION_IN_16", 1454 [ WRITE_LONG_16 ] = "WRITE_LONG_16", 1455 [ REPORT_LUNS ] = "REPORT_LUNS", 1456 [ ATA_PASSTHROUGH_12 ] = "BLANK/ATA_PASSTHROUGH_12", 1457 [ MOVE_MEDIUM ] = "MOVE_MEDIUM", 1458 [ EXCHANGE_MEDIUM ] = "EXCHANGE MEDIUM", 1459 [ READ_12 ] = "READ_12", 1460 [ WRITE_12 ] = "WRITE_12", 1461 [ ERASE_12 ] = "ERASE_12/GET_PERFORMANCE", 1462 /* ERASE_12 and GET_PERFORMANCE use the same operation code */ 1463 [ SERVICE_ACTION_IN_12 ] = "SERVICE_ACTION_IN_12", 1464 [ WRITE_VERIFY_12 ] = "WRITE_VERIFY_12", 1465 [ VERIFY_12 ] = "VERIFY_12", 1466 [ SEARCH_HIGH_12 ] = "SEARCH_HIGH_12", 1467 [ SEARCH_EQUAL_12 ] = "SEARCH_EQUAL_12", 1468 [ SEARCH_LOW_12 ] = "SEARCH_LOW_12", 1469 [ READ_ELEMENT_STATUS ] = "READ_ELEMENT_STATUS", 1470 [ SEND_VOLUME_TAG ] = "SEND_VOLUME_TAG/SET_STREAMING", 1471 /* SEND_VOLUME_TAG and SET_STREAMING use the same operation code */ 1472 [ READ_CD ] = "READ_CD", 1473 [ READ_DEFECT_DATA_12 ] = "READ_DEFECT_DATA_12", 1474 [ READ_DVD_STRUCTURE ] = "READ_DVD_STRUCTURE", 1475 [ RESERVE_TRACK ] = "RESERVE_TRACK", 1476 [ SEND_CUE_SHEET ] = "SEND_CUE_SHEET", 1477 [ SEND_DVD_STRUCTURE ] = "SEND_DVD_STRUCTURE", 1478 [ SET_CD_SPEED ] = "SET_CD_SPEED", 1479 [ SET_READ_AHEAD ] = "SET_READ_AHEAD", 1480 [ ALLOW_OVERWRITE ] = "ALLOW_OVERWRITE", 1481 [ MECHANISM_STATUS ] = "MECHANISM_STATUS", 1482 }; 1483 1484 if (cmd >= ARRAY_SIZE(names) || names[cmd] == NULL) 1485 return "*UNKNOWN*"; 1486 return names[cmd]; 1487 } 1488 1489 SCSIRequest *scsi_req_ref(SCSIRequest *req) 1490 { 1491 assert(req->refcount > 0); 1492 req->refcount++; 1493 return req; 1494 } 1495 1496 void scsi_req_unref(SCSIRequest *req) 1497 { 1498 assert(req->refcount > 0); 1499 if (--req->refcount == 0) { 1500 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, req->dev->qdev.parent_bus); 1501 if (bus->info->free_request && req->hba_private) { 1502 bus->info->free_request(bus, req->hba_private); 1503 } 1504 if (req->ops->free_req) { 1505 req->ops->free_req(req); 1506 } 1507 g_free(req); 1508 } 1509 } 1510 1511 /* Tell the device that we finished processing this chunk of I/O. It 1512 will start the next chunk or complete the command. */ 1513 void scsi_req_continue(SCSIRequest *req) 1514 { 1515 if (req->io_canceled) { 1516 trace_scsi_req_continue_canceled(req->dev->id, req->lun, req->tag); 1517 return; 1518 } 1519 trace_scsi_req_continue(req->dev->id, req->lun, req->tag); 1520 if (req->cmd.mode == SCSI_XFER_TO_DEV) { 1521 req->ops->write_data(req); 1522 } else { 1523 req->ops->read_data(req); 1524 } 1525 } 1526 1527 /* Called by the devices when data is ready for the HBA. The HBA should 1528 start a DMA operation to read or fill the device's data buffer. 1529 Once it completes, calling scsi_req_continue will restart I/O. */ 1530 void scsi_req_data(SCSIRequest *req, int len) 1531 { 1532 uint8_t *buf; 1533 if (req->io_canceled) { 1534 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len); 1535 return; 1536 } 1537 trace_scsi_req_data(req->dev->id, req->lun, req->tag, len); 1538 assert(req->cmd.mode != SCSI_XFER_NONE); 1539 if (!req->sg) { 1540 req->resid -= len; 1541 req->bus->info->transfer_data(req, len); 1542 return; 1543 } 1544 1545 /* If the device calls scsi_req_data and the HBA specified a 1546 * scatter/gather list, the transfer has to happen in a single 1547 * step. */ 1548 assert(!req->dma_started); 1549 req->dma_started = true; 1550 1551 buf = scsi_req_get_buf(req); 1552 if (req->cmd.mode == SCSI_XFER_FROM_DEV) { 1553 req->resid = dma_buf_read(buf, len, req->sg); 1554 } else { 1555 req->resid = dma_buf_write(buf, len, req->sg); 1556 } 1557 scsi_req_continue(req); 1558 } 1559 1560 void scsi_req_print(SCSIRequest *req) 1561 { 1562 FILE *fp = stderr; 1563 int i; 1564 1565 fprintf(fp, "[%s id=%d] %s", 1566 req->dev->qdev.parent_bus->name, 1567 req->dev->id, 1568 scsi_command_name(req->cmd.buf[0])); 1569 for (i = 1; i < req->cmd.len; i++) { 1570 fprintf(fp, " 0x%02x", req->cmd.buf[i]); 1571 } 1572 switch (req->cmd.mode) { 1573 case SCSI_XFER_NONE: 1574 fprintf(fp, " - none\n"); 1575 break; 1576 case SCSI_XFER_FROM_DEV: 1577 fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer); 1578 break; 1579 case SCSI_XFER_TO_DEV: 1580 fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer); 1581 break; 1582 default: 1583 fprintf(fp, " - Oops\n"); 1584 break; 1585 } 1586 } 1587 1588 void scsi_req_complete(SCSIRequest *req, int status) 1589 { 1590 assert(req->status == -1); 1591 req->status = status; 1592 1593 assert(req->sense_len <= sizeof(req->sense)); 1594 if (status == GOOD) { 1595 req->sense_len = 0; 1596 } 1597 1598 if (req->sense_len) { 1599 memcpy(req->dev->sense, req->sense, req->sense_len); 1600 req->dev->sense_len = req->sense_len; 1601 req->dev->sense_is_ua = (req->ops == &reqops_unit_attention); 1602 } else { 1603 req->dev->sense_len = 0; 1604 req->dev->sense_is_ua = false; 1605 } 1606 1607 /* 1608 * Unit attention state is now stored in the device's sense buffer 1609 * if the HBA didn't do autosense. Clear the pending unit attention 1610 * flags. 1611 */ 1612 scsi_clear_unit_attention(req); 1613 1614 scsi_req_ref(req); 1615 scsi_req_dequeue(req); 1616 req->bus->info->complete(req, req->status, req->resid); 1617 scsi_req_unref(req); 1618 } 1619 1620 void scsi_req_cancel(SCSIRequest *req) 1621 { 1622 trace_scsi_req_cancel(req->dev->id, req->lun, req->tag); 1623 if (!req->enqueued) { 1624 return; 1625 } 1626 scsi_req_ref(req); 1627 scsi_req_dequeue(req); 1628 req->io_canceled = true; 1629 if (req->ops->cancel_io) { 1630 req->ops->cancel_io(req); 1631 } 1632 if (req->bus->info->cancel) { 1633 req->bus->info->cancel(req); 1634 } 1635 scsi_req_unref(req); 1636 } 1637 1638 void scsi_req_abort(SCSIRequest *req, int status) 1639 { 1640 if (!req->enqueued) { 1641 return; 1642 } 1643 scsi_req_ref(req); 1644 scsi_req_dequeue(req); 1645 req->io_canceled = true; 1646 if (req->ops->cancel_io) { 1647 req->ops->cancel_io(req); 1648 } 1649 scsi_req_complete(req, status); 1650 scsi_req_unref(req); 1651 } 1652 1653 static int scsi_ua_precedence(SCSISense sense) 1654 { 1655 if (sense.key != UNIT_ATTENTION) { 1656 return INT_MAX; 1657 } 1658 if (sense.asc == 0x29 && sense.ascq == 0x04) { 1659 /* DEVICE INTERNAL RESET goes with POWER ON OCCURRED */ 1660 return 1; 1661 } else if (sense.asc == 0x3F && sense.ascq == 0x01) { 1662 /* MICROCODE HAS BEEN CHANGED goes with SCSI BUS RESET OCCURRED */ 1663 return 2; 1664 } else if (sense.asc == 0x29 && (sense.ascq == 0x05 || sense.ascq == 0x06)) { 1665 /* These two go with "all others". */ 1666 ; 1667 } else if (sense.asc == 0x29 && sense.ascq <= 0x07) { 1668 /* POWER ON, RESET OR BUS DEVICE RESET OCCURRED = 0 1669 * POWER ON OCCURRED = 1 1670 * SCSI BUS RESET OCCURRED = 2 1671 * BUS DEVICE RESET FUNCTION OCCURRED = 3 1672 * I_T NEXUS LOSS OCCURRED = 7 1673 */ 1674 return sense.ascq; 1675 } else if (sense.asc == 0x2F && sense.ascq == 0x01) { 1676 /* COMMANDS CLEARED BY POWER LOSS NOTIFICATION */ 1677 return 8; 1678 } 1679 return (sense.asc << 8) | sense.ascq; 1680 } 1681 1682 void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense) 1683 { 1684 int prec1, prec2; 1685 if (sense.key != UNIT_ATTENTION) { 1686 return; 1687 } 1688 trace_scsi_device_set_ua(sdev->id, sdev->lun, sense.key, 1689 sense.asc, sense.ascq); 1690 1691 /* 1692 * Override a pre-existing unit attention condition, except for a more 1693 * important reset condition. 1694 */ 1695 prec1 = scsi_ua_precedence(sdev->unit_attention); 1696 prec2 = scsi_ua_precedence(sense); 1697 if (prec2 < prec1) { 1698 sdev->unit_attention = sense; 1699 } 1700 } 1701 1702 void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense) 1703 { 1704 SCSIRequest *req; 1705 1706 while (!QTAILQ_EMPTY(&sdev->requests)) { 1707 req = QTAILQ_FIRST(&sdev->requests); 1708 scsi_req_cancel(req); 1709 } 1710 1711 scsi_device_set_ua(sdev, sense); 1712 } 1713 1714 static char *scsibus_get_dev_path(DeviceState *dev) 1715 { 1716 SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev); 1717 DeviceState *hba = dev->parent_bus->parent; 1718 char *id; 1719 char *path; 1720 1721 id = qdev_get_dev_path(hba); 1722 if (id) { 1723 path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun); 1724 } else { 1725 path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun); 1726 } 1727 g_free(id); 1728 return path; 1729 } 1730 1731 static char *scsibus_get_fw_dev_path(DeviceState *dev) 1732 { 1733 SCSIDevice *d = SCSI_DEVICE(dev); 1734 return g_strdup_printf("channel@%x/%s@%x,%x", d->channel, 1735 qdev_fw_name(dev), d->id, d->lun); 1736 } 1737 1738 SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun) 1739 { 1740 BusChild *kid; 1741 SCSIDevice *target_dev = NULL; 1742 1743 QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, ChildrenHead, sibling) { 1744 DeviceState *qdev = kid->child; 1745 SCSIDevice *dev = SCSI_DEVICE(qdev); 1746 1747 if (dev->channel == channel && dev->id == id) { 1748 if (dev->lun == lun) { 1749 return dev; 1750 } 1751 target_dev = dev; 1752 } 1753 } 1754 return target_dev; 1755 } 1756 1757 /* SCSI request list. For simplicity, pv points to the whole device */ 1758 1759 static void put_scsi_requests(QEMUFile *f, void *pv, size_t size) 1760 { 1761 SCSIDevice *s = pv; 1762 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); 1763 SCSIRequest *req; 1764 1765 QTAILQ_FOREACH(req, &s->requests, next) { 1766 assert(!req->io_canceled); 1767 assert(req->status == -1); 1768 assert(req->enqueued); 1769 1770 qemu_put_sbyte(f, req->retry ? 1 : 2); 1771 qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf)); 1772 qemu_put_be32s(f, &req->tag); 1773 qemu_put_be32s(f, &req->lun); 1774 if (bus->info->save_request) { 1775 bus->info->save_request(f, req); 1776 } 1777 if (req->ops->save_request) { 1778 req->ops->save_request(f, req); 1779 } 1780 } 1781 qemu_put_sbyte(f, 0); 1782 } 1783 1784 static int get_scsi_requests(QEMUFile *f, void *pv, size_t size) 1785 { 1786 SCSIDevice *s = pv; 1787 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); 1788 int8_t sbyte; 1789 1790 while ((sbyte = qemu_get_sbyte(f)) > 0) { 1791 uint8_t buf[SCSI_CMD_BUF_SIZE]; 1792 uint32_t tag; 1793 uint32_t lun; 1794 SCSIRequest *req; 1795 1796 qemu_get_buffer(f, buf, sizeof(buf)); 1797 qemu_get_be32s(f, &tag); 1798 qemu_get_be32s(f, &lun); 1799 req = scsi_req_new(s, tag, lun, buf, NULL); 1800 req->retry = (sbyte == 1); 1801 if (bus->info->load_request) { 1802 req->hba_private = bus->info->load_request(f, req); 1803 } 1804 if (req->ops->load_request) { 1805 req->ops->load_request(f, req); 1806 } 1807 1808 /* Just restart it later. */ 1809 scsi_req_enqueue_internal(req); 1810 1811 /* At this point, the request will be kept alive by the reference 1812 * added by scsi_req_enqueue_internal, so we can release our reference. 1813 * The HBA of course will add its own reference in the load_request 1814 * callback if it needs to hold on the SCSIRequest. 1815 */ 1816 scsi_req_unref(req); 1817 } 1818 1819 return 0; 1820 } 1821 1822 static int scsi_qdev_unplug(DeviceState *qdev) 1823 { 1824 SCSIDevice *dev = SCSI_DEVICE(qdev); 1825 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 1826 1827 if (bus->info->hot_unplug) { 1828 bus->info->hot_unplug(bus, dev); 1829 } 1830 return qdev_simple_unplug_cb(qdev); 1831 } 1832 1833 static const VMStateInfo vmstate_info_scsi_requests = { 1834 .name = "scsi-requests", 1835 .get = get_scsi_requests, 1836 .put = put_scsi_requests, 1837 }; 1838 1839 const VMStateDescription vmstate_scsi_device = { 1840 .name = "SCSIDevice", 1841 .version_id = 1, 1842 .minimum_version_id = 1, 1843 .minimum_version_id_old = 1, 1844 .fields = (VMStateField[]) { 1845 VMSTATE_UINT8(unit_attention.key, SCSIDevice), 1846 VMSTATE_UINT8(unit_attention.asc, SCSIDevice), 1847 VMSTATE_UINT8(unit_attention.ascq, SCSIDevice), 1848 VMSTATE_BOOL(sense_is_ua, SCSIDevice), 1849 VMSTATE_UINT8_ARRAY(sense, SCSIDevice, SCSI_SENSE_BUF_SIZE), 1850 VMSTATE_UINT32(sense_len, SCSIDevice), 1851 { 1852 .name = "requests", 1853 .version_id = 0, 1854 .field_exists = NULL, 1855 .size = 0, /* ouch */ 1856 .info = &vmstate_info_scsi_requests, 1857 .flags = VMS_SINGLE, 1858 .offset = 0, 1859 }, 1860 VMSTATE_END_OF_LIST() 1861 } 1862 }; 1863 1864 static void scsi_device_class_init(ObjectClass *klass, void *data) 1865 { 1866 DeviceClass *k = DEVICE_CLASS(klass); 1867 k->bus_type = TYPE_SCSI_BUS; 1868 k->init = scsi_qdev_init; 1869 k->unplug = scsi_qdev_unplug; 1870 k->exit = scsi_qdev_exit; 1871 k->props = scsi_props; 1872 } 1873 1874 static const TypeInfo scsi_device_type_info = { 1875 .name = TYPE_SCSI_DEVICE, 1876 .parent = TYPE_DEVICE, 1877 .instance_size = sizeof(SCSIDevice), 1878 .abstract = true, 1879 .class_size = sizeof(SCSIDeviceClass), 1880 .class_init = scsi_device_class_init, 1881 }; 1882 1883 static void scsi_register_types(void) 1884 { 1885 type_register_static(&scsi_bus_info); 1886 type_register_static(&scsi_device_type_info); 1887 } 1888 1889 type_init(scsi_register_types) 1890