1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/block-backend.h" 37 #include "sysemu/blockdev.h" 38 #include "hw/block/block.h" 39 #include "sysemu/dma.h" 40 41 #ifdef __linux 42 #include <scsi/sg.h> 43 #endif 44 45 #define SCSI_WRITE_SAME_MAX 524288 46 #define SCSI_DMA_BUF_SIZE 131072 47 #define SCSI_MAX_INQUIRY_LEN 256 48 #define SCSI_MAX_MODE_LEN 256 49 50 #define DEFAULT_DISCARD_GRANULARITY 4096 51 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 52 53 typedef struct SCSIDiskState SCSIDiskState; 54 55 typedef struct SCSIDiskReq { 56 SCSIRequest req; 57 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 58 uint64_t sector; 59 uint32_t sector_count; 60 uint32_t buflen; 61 bool started; 62 struct iovec iov; 63 QEMUIOVector qiov; 64 BlockAcctCookie acct; 65 } SCSIDiskReq; 66 67 #define SCSI_DISK_F_REMOVABLE 0 68 #define SCSI_DISK_F_DPOFUA 1 69 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 70 71 struct SCSIDiskState 72 { 73 SCSIDevice qdev; 74 uint32_t features; 75 bool media_changed; 76 bool media_event; 77 bool eject_request; 78 uint64_t wwn; 79 uint64_t port_wwn; 80 uint16_t port_index; 81 uint64_t max_unmap_size; 82 QEMUBH *bh; 83 char *version; 84 char *serial; 85 char *vendor; 86 char *product; 87 bool tray_open; 88 bool tray_locked; 89 }; 90 91 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 92 93 static void scsi_free_request(SCSIRequest *req) 94 { 95 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 96 97 qemu_vfree(r->iov.iov_base); 98 } 99 100 /* Helper function for command completion with sense. */ 101 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 102 { 103 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 104 r->req.tag, sense.key, sense.asc, sense.ascq); 105 scsi_req_build_sense(&r->req, sense); 106 scsi_req_complete(&r->req, CHECK_CONDITION); 107 } 108 109 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 110 { 111 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 112 113 if (!r->iov.iov_base) { 114 r->buflen = size; 115 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 116 } 117 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 118 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 119 return r->qiov.size / 512; 120 } 121 122 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 123 { 124 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 125 126 qemu_put_be64s(f, &r->sector); 127 qemu_put_be32s(f, &r->sector_count); 128 qemu_put_be32s(f, &r->buflen); 129 if (r->buflen) { 130 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 131 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 132 } else if (!req->retry) { 133 uint32_t len = r->iov.iov_len; 134 qemu_put_be32s(f, &len); 135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 136 } 137 } 138 } 139 140 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 141 { 142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 143 144 qemu_get_be64s(f, &r->sector); 145 qemu_get_be32s(f, &r->sector_count); 146 qemu_get_be32s(f, &r->buflen); 147 if (r->buflen) { 148 scsi_init_iovec(r, r->buflen); 149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 151 } else if (!r->req.retry) { 152 uint32_t len; 153 qemu_get_be32s(f, &len); 154 r->iov.iov_len = len; 155 assert(r->iov.iov_len <= r->buflen); 156 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 157 } 158 } 159 160 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 161 } 162 163 static void scsi_aio_complete(void *opaque, int ret) 164 { 165 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 166 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 167 168 assert(r->req.aiocb != NULL); 169 r->req.aiocb = NULL; 170 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 171 if (r->req.io_canceled) { 172 scsi_req_cancel_complete(&r->req); 173 goto done; 174 } 175 176 if (ret < 0) { 177 if (scsi_handle_rw_error(r, -ret)) { 178 goto done; 179 } 180 } 181 182 scsi_req_complete(&r->req, GOOD); 183 184 done: 185 scsi_req_unref(&r->req); 186 } 187 188 static bool scsi_is_cmd_fua(SCSICommand *cmd) 189 { 190 switch (cmd->buf[0]) { 191 case READ_10: 192 case READ_12: 193 case READ_16: 194 case WRITE_10: 195 case WRITE_12: 196 case WRITE_16: 197 return (cmd->buf[1] & 8) != 0; 198 199 case VERIFY_10: 200 case VERIFY_12: 201 case VERIFY_16: 202 case WRITE_VERIFY_10: 203 case WRITE_VERIFY_12: 204 case WRITE_VERIFY_16: 205 return true; 206 207 case READ_6: 208 case WRITE_6: 209 default: 210 return false; 211 } 212 } 213 214 static void scsi_write_do_fua(SCSIDiskReq *r) 215 { 216 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 217 218 if (r->req.io_canceled) { 219 scsi_req_cancel_complete(&r->req); 220 goto done; 221 } 222 223 if (scsi_is_cmd_fua(&r->req.cmd)) { 224 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 225 BLOCK_ACCT_FLUSH); 226 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 227 return; 228 } 229 230 scsi_req_complete(&r->req, GOOD); 231 232 done: 233 scsi_req_unref(&r->req); 234 } 235 236 static void scsi_dma_complete_noio(void *opaque, int ret) 237 { 238 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 240 241 if (r->req.aiocb != NULL) { 242 r->req.aiocb = NULL; 243 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 244 } 245 if (r->req.io_canceled) { 246 scsi_req_cancel_complete(&r->req); 247 goto done; 248 } 249 250 if (ret < 0) { 251 if (scsi_handle_rw_error(r, -ret)) { 252 goto done; 253 } 254 } 255 256 r->sector += r->sector_count; 257 r->sector_count = 0; 258 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 259 scsi_write_do_fua(r); 260 return; 261 } else { 262 scsi_req_complete(&r->req, GOOD); 263 } 264 265 done: 266 scsi_req_unref(&r->req); 267 } 268 269 static void scsi_dma_complete(void *opaque, int ret) 270 { 271 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 272 273 assert(r->req.aiocb != NULL); 274 scsi_dma_complete_noio(opaque, ret); 275 } 276 277 static void scsi_read_complete(void * opaque, int ret) 278 { 279 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 280 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 281 int n; 282 283 assert(r->req.aiocb != NULL); 284 r->req.aiocb = NULL; 285 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 286 if (r->req.io_canceled) { 287 scsi_req_cancel_complete(&r->req); 288 goto done; 289 } 290 291 if (ret < 0) { 292 if (scsi_handle_rw_error(r, -ret)) { 293 goto done; 294 } 295 } 296 297 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 298 299 n = r->qiov.size / 512; 300 r->sector += n; 301 r->sector_count -= n; 302 scsi_req_data(&r->req, r->qiov.size); 303 304 done: 305 scsi_req_unref(&r->req); 306 } 307 308 /* Actually issue a read to the block device. */ 309 static void scsi_do_read(void *opaque, int ret) 310 { 311 SCSIDiskReq *r = opaque; 312 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 313 uint32_t n; 314 315 if (r->req.aiocb != NULL) { 316 r->req.aiocb = NULL; 317 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 318 } 319 if (r->req.io_canceled) { 320 scsi_req_cancel_complete(&r->req); 321 goto done; 322 } 323 324 if (ret < 0) { 325 if (scsi_handle_rw_error(r, -ret)) { 326 goto done; 327 } 328 } 329 330 /* The request is used as the AIO opaque value, so add a ref. */ 331 scsi_req_ref(&r->req); 332 333 if (r->req.sg) { 334 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 335 r->req.resid -= r->req.sg->size; 336 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector, 337 scsi_dma_complete, r); 338 } else { 339 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 340 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 341 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 342 r->req.aiocb = blk_aio_readv(s->qdev.conf.blk, r->sector, &r->qiov, n, 343 scsi_read_complete, r); 344 } 345 346 done: 347 scsi_req_unref(&r->req); 348 } 349 350 /* Read more data from scsi device into buffer. */ 351 static void scsi_read_data(SCSIRequest *req) 352 { 353 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 354 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 355 bool first; 356 357 DPRINTF("Read sector_count=%d\n", r->sector_count); 358 if (r->sector_count == 0) { 359 /* This also clears the sense buffer for REQUEST SENSE. */ 360 scsi_req_complete(&r->req, GOOD); 361 return; 362 } 363 364 /* No data transfer may already be in progress */ 365 assert(r->req.aiocb == NULL); 366 367 /* The request is used as the AIO opaque value, so add a ref. */ 368 scsi_req_ref(&r->req); 369 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 370 DPRINTF("Data transfer direction invalid\n"); 371 scsi_read_complete(r, -EINVAL); 372 return; 373 } 374 375 if (s->tray_open) { 376 scsi_read_complete(r, -ENOMEDIUM); 377 return; 378 } 379 380 first = !r->started; 381 r->started = true; 382 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 383 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 384 BLOCK_ACCT_FLUSH); 385 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read, r); 386 } else { 387 scsi_do_read(r, 0); 388 } 389 } 390 391 /* 392 * scsi_handle_rw_error has two return values. 0 means that the error 393 * must be ignored, 1 means that the error has been processed and the 394 * caller should not do anything else for this request. Note that 395 * scsi_handle_rw_error always manages its reference counts, independent 396 * of the return value. 397 */ 398 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 399 { 400 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 401 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 402 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 403 is_read, error); 404 405 if (action == BLOCK_ERROR_ACTION_REPORT) { 406 switch (error) { 407 case ENOMEDIUM: 408 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 409 break; 410 case ENOMEM: 411 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 412 break; 413 case EINVAL: 414 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 415 break; 416 case ENOSPC: 417 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 418 break; 419 default: 420 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 421 break; 422 } 423 } 424 blk_error_action(s->qdev.conf.blk, action, is_read, error); 425 if (action == BLOCK_ERROR_ACTION_STOP) { 426 scsi_req_retry(&r->req); 427 } 428 return action != BLOCK_ERROR_ACTION_IGNORE; 429 } 430 431 static void scsi_write_complete(void * opaque, int ret) 432 { 433 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 435 uint32_t n; 436 437 if (r->req.aiocb != NULL) { 438 r->req.aiocb = NULL; 439 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 440 } 441 if (r->req.io_canceled) { 442 scsi_req_cancel_complete(&r->req); 443 goto done; 444 } 445 446 if (ret < 0) { 447 if (scsi_handle_rw_error(r, -ret)) { 448 goto done; 449 } 450 } 451 452 n = r->qiov.size / 512; 453 r->sector += n; 454 r->sector_count -= n; 455 if (r->sector_count == 0) { 456 scsi_write_do_fua(r); 457 return; 458 } else { 459 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 460 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 461 scsi_req_data(&r->req, r->qiov.size); 462 } 463 464 done: 465 scsi_req_unref(&r->req); 466 } 467 468 static void scsi_write_data(SCSIRequest *req) 469 { 470 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 471 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 472 uint32_t n; 473 474 /* No data transfer may already be in progress */ 475 assert(r->req.aiocb == NULL); 476 477 /* The request is used as the AIO opaque value, so add a ref. */ 478 scsi_req_ref(&r->req); 479 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 480 DPRINTF("Data transfer direction invalid\n"); 481 scsi_write_complete(r, -EINVAL); 482 return; 483 } 484 485 if (!r->req.sg && !r->qiov.size) { 486 /* Called for the first time. Ask the driver to send us more data. */ 487 r->started = true; 488 scsi_write_complete(r, 0); 489 return; 490 } 491 if (s->tray_open) { 492 scsi_write_complete(r, -ENOMEDIUM); 493 return; 494 } 495 496 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 497 r->req.cmd.buf[0] == VERIFY_16) { 498 if (r->req.sg) { 499 scsi_dma_complete_noio(r, 0); 500 } else { 501 scsi_write_complete(r, 0); 502 } 503 return; 504 } 505 506 if (r->req.sg) { 507 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 508 r->req.resid -= r->req.sg->size; 509 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector, 510 scsi_dma_complete, r); 511 } else { 512 n = r->qiov.size / 512; 513 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 514 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 515 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, r->sector, &r->qiov, n, 516 scsi_write_complete, r); 517 } 518 } 519 520 /* Return a pointer to the data buffer. */ 521 static uint8_t *scsi_get_buf(SCSIRequest *req) 522 { 523 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 524 525 return (uint8_t *)r->iov.iov_base; 526 } 527 528 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 529 { 530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 531 int buflen = 0; 532 int start; 533 534 if (req->cmd.buf[1] & 0x1) { 535 /* Vital product data */ 536 uint8_t page_code = req->cmd.buf[2]; 537 538 outbuf[buflen++] = s->qdev.type & 0x1f; 539 outbuf[buflen++] = page_code ; // this page 540 outbuf[buflen++] = 0x00; 541 outbuf[buflen++] = 0x00; 542 start = buflen; 543 544 switch (page_code) { 545 case 0x00: /* Supported page codes, mandatory */ 546 { 547 DPRINTF("Inquiry EVPD[Supported pages] " 548 "buffer size %zd\n", req->cmd.xfer); 549 outbuf[buflen++] = 0x00; // list of supported pages (this page) 550 if (s->serial) { 551 outbuf[buflen++] = 0x80; // unit serial number 552 } 553 outbuf[buflen++] = 0x83; // device identification 554 if (s->qdev.type == TYPE_DISK) { 555 outbuf[buflen++] = 0xb0; // block limits 556 outbuf[buflen++] = 0xb2; // thin provisioning 557 } 558 break; 559 } 560 case 0x80: /* Device serial number, optional */ 561 { 562 int l; 563 564 if (!s->serial) { 565 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 566 return -1; 567 } 568 569 l = strlen(s->serial); 570 if (l > 20) { 571 l = 20; 572 } 573 574 DPRINTF("Inquiry EVPD[Serial number] " 575 "buffer size %zd\n", req->cmd.xfer); 576 memcpy(outbuf+buflen, s->serial, l); 577 buflen += l; 578 break; 579 } 580 581 case 0x83: /* Device identification page, mandatory */ 582 { 583 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 584 int max_len = s->serial ? 20 : 255 - 8; 585 int id_len = strlen(str); 586 587 if (id_len > max_len) { 588 id_len = max_len; 589 } 590 DPRINTF("Inquiry EVPD[Device identification] " 591 "buffer size %zd\n", req->cmd.xfer); 592 593 outbuf[buflen++] = 0x2; // ASCII 594 outbuf[buflen++] = 0; // not officially assigned 595 outbuf[buflen++] = 0; // reserved 596 outbuf[buflen++] = id_len; // length of data following 597 memcpy(outbuf+buflen, str, id_len); 598 buflen += id_len; 599 600 if (s->wwn) { 601 outbuf[buflen++] = 0x1; // Binary 602 outbuf[buflen++] = 0x3; // NAA 603 outbuf[buflen++] = 0; // reserved 604 outbuf[buflen++] = 8; 605 stq_be_p(&outbuf[buflen], s->wwn); 606 buflen += 8; 607 } 608 609 if (s->port_wwn) { 610 outbuf[buflen++] = 0x61; // SAS / Binary 611 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 612 outbuf[buflen++] = 0; // reserved 613 outbuf[buflen++] = 8; 614 stq_be_p(&outbuf[buflen], s->port_wwn); 615 buflen += 8; 616 } 617 618 if (s->port_index) { 619 outbuf[buflen++] = 0x61; // SAS / Binary 620 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 621 outbuf[buflen++] = 0; // reserved 622 outbuf[buflen++] = 4; 623 stw_be_p(&outbuf[buflen + 2], s->port_index); 624 buflen += 4; 625 } 626 break; 627 } 628 case 0xb0: /* block limits */ 629 { 630 unsigned int unmap_sectors = 631 s->qdev.conf.discard_granularity / s->qdev.blocksize; 632 unsigned int min_io_size = 633 s->qdev.conf.min_io_size / s->qdev.blocksize; 634 unsigned int opt_io_size = 635 s->qdev.conf.opt_io_size / s->qdev.blocksize; 636 unsigned int max_unmap_sectors = 637 s->max_unmap_size / s->qdev.blocksize; 638 639 if (s->qdev.type == TYPE_ROM) { 640 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 641 page_code); 642 return -1; 643 } 644 /* required VPD size with unmap support */ 645 buflen = 0x40; 646 memset(outbuf + 4, 0, buflen - 4); 647 648 outbuf[4] = 0x1; /* wsnz */ 649 650 /* optimal transfer length granularity */ 651 outbuf[6] = (min_io_size >> 8) & 0xff; 652 outbuf[7] = min_io_size & 0xff; 653 654 /* optimal transfer length */ 655 outbuf[12] = (opt_io_size >> 24) & 0xff; 656 outbuf[13] = (opt_io_size >> 16) & 0xff; 657 outbuf[14] = (opt_io_size >> 8) & 0xff; 658 outbuf[15] = opt_io_size & 0xff; 659 660 /* max unmap LBA count, default is 1GB */ 661 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 662 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 663 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 664 outbuf[23] = max_unmap_sectors & 0xff; 665 666 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 667 outbuf[24] = 0; 668 outbuf[25] = 0; 669 outbuf[26] = 0; 670 outbuf[27] = 255; 671 672 /* optimal unmap granularity */ 673 outbuf[28] = (unmap_sectors >> 24) & 0xff; 674 outbuf[29] = (unmap_sectors >> 16) & 0xff; 675 outbuf[30] = (unmap_sectors >> 8) & 0xff; 676 outbuf[31] = unmap_sectors & 0xff; 677 break; 678 } 679 case 0xb2: /* thin provisioning */ 680 { 681 buflen = 8; 682 outbuf[4] = 0; 683 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 684 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 685 outbuf[7] = 0; 686 break; 687 } 688 default: 689 return -1; 690 } 691 /* done with EVPD */ 692 assert(buflen - start <= 255); 693 outbuf[start - 1] = buflen - start; 694 return buflen; 695 } 696 697 /* Standard INQUIRY data */ 698 if (req->cmd.buf[2] != 0) { 699 return -1; 700 } 701 702 /* PAGE CODE == 0 */ 703 buflen = req->cmd.xfer; 704 if (buflen > SCSI_MAX_INQUIRY_LEN) { 705 buflen = SCSI_MAX_INQUIRY_LEN; 706 } 707 708 outbuf[0] = s->qdev.type & 0x1f; 709 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 710 711 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 712 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 713 714 memset(&outbuf[32], 0, 4); 715 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 716 /* 717 * We claim conformance to SPC-3, which is required for guests 718 * to ask for modern features like READ CAPACITY(16) or the 719 * block characteristics VPD page by default. Not all of SPC-3 720 * is actually implemented, but we're good enough. 721 */ 722 outbuf[2] = 5; 723 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 724 725 if (buflen > 36) { 726 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 727 } else { 728 /* If the allocation length of CDB is too small, 729 the additional length is not adjusted */ 730 outbuf[4] = 36 - 5; 731 } 732 733 /* Sync data transfer and TCQ. */ 734 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 735 return buflen; 736 } 737 738 static inline bool media_is_dvd(SCSIDiskState *s) 739 { 740 uint64_t nb_sectors; 741 if (s->qdev.type != TYPE_ROM) { 742 return false; 743 } 744 if (!blk_is_inserted(s->qdev.conf.blk)) { 745 return false; 746 } 747 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 748 return nb_sectors > CD_MAX_SECTORS; 749 } 750 751 static inline bool media_is_cd(SCSIDiskState *s) 752 { 753 uint64_t nb_sectors; 754 if (s->qdev.type != TYPE_ROM) { 755 return false; 756 } 757 if (!blk_is_inserted(s->qdev.conf.blk)) { 758 return false; 759 } 760 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 761 return nb_sectors <= CD_MAX_SECTORS; 762 } 763 764 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 765 uint8_t *outbuf) 766 { 767 uint8_t type = r->req.cmd.buf[1] & 7; 768 769 if (s->qdev.type != TYPE_ROM) { 770 return -1; 771 } 772 773 /* Types 1/2 are only defined for Blu-Ray. */ 774 if (type != 0) { 775 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 776 return -1; 777 } 778 779 memset(outbuf, 0, 34); 780 outbuf[1] = 32; 781 outbuf[2] = 0xe; /* last session complete, disc finalized */ 782 outbuf[3] = 1; /* first track on disc */ 783 outbuf[4] = 1; /* # of sessions */ 784 outbuf[5] = 1; /* first track of last session */ 785 outbuf[6] = 1; /* last track of last session */ 786 outbuf[7] = 0x20; /* unrestricted use */ 787 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 788 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 789 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 790 /* 24-31: disc bar code */ 791 /* 32: disc application code */ 792 /* 33: number of OPC tables */ 793 794 return 34; 795 } 796 797 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 798 uint8_t *outbuf) 799 { 800 static const int rds_caps_size[5] = { 801 [0] = 2048 + 4, 802 [1] = 4 + 4, 803 [3] = 188 + 4, 804 [4] = 2048 + 4, 805 }; 806 807 uint8_t media = r->req.cmd.buf[1]; 808 uint8_t layer = r->req.cmd.buf[6]; 809 uint8_t format = r->req.cmd.buf[7]; 810 int size = -1; 811 812 if (s->qdev.type != TYPE_ROM) { 813 return -1; 814 } 815 if (media != 0) { 816 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 817 return -1; 818 } 819 820 if (format != 0xff) { 821 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 822 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 823 return -1; 824 } 825 if (media_is_cd(s)) { 826 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 827 return -1; 828 } 829 if (format >= ARRAY_SIZE(rds_caps_size)) { 830 return -1; 831 } 832 size = rds_caps_size[format]; 833 memset(outbuf, 0, size); 834 } 835 836 switch (format) { 837 case 0x00: { 838 /* Physical format information */ 839 uint64_t nb_sectors; 840 if (layer != 0) { 841 goto fail; 842 } 843 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 844 845 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 846 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 847 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 848 outbuf[7] = 0; /* default densities */ 849 850 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 851 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 852 break; 853 } 854 855 case 0x01: /* DVD copyright information, all zeros */ 856 break; 857 858 case 0x03: /* BCA information - invalid field for no BCA info */ 859 return -1; 860 861 case 0x04: /* DVD disc manufacturing information, all zeros */ 862 break; 863 864 case 0xff: { /* List capabilities */ 865 int i; 866 size = 4; 867 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 868 if (!rds_caps_size[i]) { 869 continue; 870 } 871 outbuf[size] = i; 872 outbuf[size + 1] = 0x40; /* Not writable, readable */ 873 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 874 size += 4; 875 } 876 break; 877 } 878 879 default: 880 return -1; 881 } 882 883 /* Size of buffer, not including 2 byte size field */ 884 stw_be_p(outbuf, size - 2); 885 return size; 886 887 fail: 888 return -1; 889 } 890 891 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 892 { 893 uint8_t event_code, media_status; 894 895 media_status = 0; 896 if (s->tray_open) { 897 media_status = MS_TRAY_OPEN; 898 } else if (blk_is_inserted(s->qdev.conf.blk)) { 899 media_status = MS_MEDIA_PRESENT; 900 } 901 902 /* Event notification descriptor */ 903 event_code = MEC_NO_CHANGE; 904 if (media_status != MS_TRAY_OPEN) { 905 if (s->media_event) { 906 event_code = MEC_NEW_MEDIA; 907 s->media_event = false; 908 } else if (s->eject_request) { 909 event_code = MEC_EJECT_REQUESTED; 910 s->eject_request = false; 911 } 912 } 913 914 outbuf[0] = event_code; 915 outbuf[1] = media_status; 916 917 /* These fields are reserved, just clear them. */ 918 outbuf[2] = 0; 919 outbuf[3] = 0; 920 return 4; 921 } 922 923 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 924 uint8_t *outbuf) 925 { 926 int size; 927 uint8_t *buf = r->req.cmd.buf; 928 uint8_t notification_class_request = buf[4]; 929 if (s->qdev.type != TYPE_ROM) { 930 return -1; 931 } 932 if ((buf[1] & 1) == 0) { 933 /* asynchronous */ 934 return -1; 935 } 936 937 size = 4; 938 outbuf[0] = outbuf[1] = 0; 939 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 940 if (notification_class_request & (1 << GESN_MEDIA)) { 941 outbuf[2] = GESN_MEDIA; 942 size += scsi_event_status_media(s, &outbuf[size]); 943 } else { 944 outbuf[2] = 0x80; 945 } 946 stw_be_p(outbuf, size - 4); 947 return size; 948 } 949 950 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 951 { 952 int current; 953 954 if (s->qdev.type != TYPE_ROM) { 955 return -1; 956 } 957 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 958 memset(outbuf, 0, 40); 959 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 960 stw_be_p(&outbuf[6], current); 961 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 962 outbuf[10] = 0x03; /* persistent, current */ 963 outbuf[11] = 8; /* two profiles */ 964 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 965 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 966 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 967 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 968 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 969 stw_be_p(&outbuf[20], 1); 970 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 971 outbuf[23] = 8; 972 stl_be_p(&outbuf[24], 1); /* SCSI */ 973 outbuf[28] = 1; /* DBE = 1, mandatory */ 974 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 975 stw_be_p(&outbuf[32], 3); 976 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 977 outbuf[35] = 4; 978 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 979 /* TODO: Random readable, CD read, DVD read, drive serial number, 980 power management */ 981 return 40; 982 } 983 984 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 985 { 986 if (s->qdev.type != TYPE_ROM) { 987 return -1; 988 } 989 memset(outbuf, 0, 8); 990 outbuf[5] = 1; /* CD-ROM */ 991 return 8; 992 } 993 994 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 995 int page_control) 996 { 997 static const int mode_sense_valid[0x3f] = { 998 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 999 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1000 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1001 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1002 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1003 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1004 }; 1005 1006 uint8_t *p = *p_outbuf + 2; 1007 int length; 1008 1009 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1010 return -1; 1011 } 1012 1013 /* 1014 * If Changeable Values are requested, a mask denoting those mode parameters 1015 * that are changeable shall be returned. As we currently don't support 1016 * parameter changes via MODE_SELECT all bits are returned set to zero. 1017 * The buffer was already menset to zero by the caller of this function. 1018 * 1019 * The offsets here are off by two compared to the descriptions in the 1020 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1021 * but it is done so that offsets are consistent within our implementation 1022 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1023 * 2-byte and 4-byte headers. 1024 */ 1025 switch (page) { 1026 case MODE_PAGE_HD_GEOMETRY: 1027 length = 0x16; 1028 if (page_control == 1) { /* Changeable Values */ 1029 break; 1030 } 1031 /* if a geometry hint is available, use it */ 1032 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1033 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1034 p[2] = s->qdev.conf.cyls & 0xff; 1035 p[3] = s->qdev.conf.heads & 0xff; 1036 /* Write precomp start cylinder, disabled */ 1037 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1038 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1039 p[6] = s->qdev.conf.cyls & 0xff; 1040 /* Reduced current start cylinder, disabled */ 1041 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1042 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1043 p[9] = s->qdev.conf.cyls & 0xff; 1044 /* Device step rate [ns], 200ns */ 1045 p[10] = 0; 1046 p[11] = 200; 1047 /* Landing zone cylinder */ 1048 p[12] = 0xff; 1049 p[13] = 0xff; 1050 p[14] = 0xff; 1051 /* Medium rotation rate [rpm], 5400 rpm */ 1052 p[18] = (5400 >> 8) & 0xff; 1053 p[19] = 5400 & 0xff; 1054 break; 1055 1056 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1057 length = 0x1e; 1058 if (page_control == 1) { /* Changeable Values */ 1059 break; 1060 } 1061 /* Transfer rate [kbit/s], 5Mbit/s */ 1062 p[0] = 5000 >> 8; 1063 p[1] = 5000 & 0xff; 1064 /* if a geometry hint is available, use it */ 1065 p[2] = s->qdev.conf.heads & 0xff; 1066 p[3] = s->qdev.conf.secs & 0xff; 1067 p[4] = s->qdev.blocksize >> 8; 1068 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1069 p[7] = s->qdev.conf.cyls & 0xff; 1070 /* Write precomp start cylinder, disabled */ 1071 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1072 p[9] = s->qdev.conf.cyls & 0xff; 1073 /* Reduced current start cylinder, disabled */ 1074 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1075 p[11] = s->qdev.conf.cyls & 0xff; 1076 /* Device step rate [100us], 100us */ 1077 p[12] = 0; 1078 p[13] = 1; 1079 /* Device step pulse width [us], 1us */ 1080 p[14] = 1; 1081 /* Device head settle delay [100us], 100us */ 1082 p[15] = 0; 1083 p[16] = 1; 1084 /* Motor on delay [0.1s], 0.1s */ 1085 p[17] = 1; 1086 /* Motor off delay [0.1s], 0.1s */ 1087 p[18] = 1; 1088 /* Medium rotation rate [rpm], 5400 rpm */ 1089 p[26] = (5400 >> 8) & 0xff; 1090 p[27] = 5400 & 0xff; 1091 break; 1092 1093 case MODE_PAGE_CACHING: 1094 length = 0x12; 1095 if (page_control == 1 || /* Changeable Values */ 1096 blk_enable_write_cache(s->qdev.conf.blk)) { 1097 p[0] = 4; /* WCE */ 1098 } 1099 break; 1100 1101 case MODE_PAGE_R_W_ERROR: 1102 length = 10; 1103 if (page_control == 1) { /* Changeable Values */ 1104 break; 1105 } 1106 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1107 if (s->qdev.type == TYPE_ROM) { 1108 p[1] = 0x20; /* Read Retry Count */ 1109 } 1110 break; 1111 1112 case MODE_PAGE_AUDIO_CTL: 1113 length = 14; 1114 break; 1115 1116 case MODE_PAGE_CAPABILITIES: 1117 length = 0x14; 1118 if (page_control == 1) { /* Changeable Values */ 1119 break; 1120 } 1121 1122 p[0] = 0x3b; /* CD-R & CD-RW read */ 1123 p[1] = 0; /* Writing not supported */ 1124 p[2] = 0x7f; /* Audio, composite, digital out, 1125 mode 2 form 1&2, multi session */ 1126 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1127 RW corrected, C2 errors, ISRC, 1128 UPC, Bar code */ 1129 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1130 /* Locking supported, jumper present, eject, tray */ 1131 p[5] = 0; /* no volume & mute control, no 1132 changer */ 1133 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1134 p[7] = (50 * 176) & 0xff; 1135 p[8] = 2 >> 8; /* Two volume levels */ 1136 p[9] = 2 & 0xff; 1137 p[10] = 2048 >> 8; /* 2M buffer */ 1138 p[11] = 2048 & 0xff; 1139 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1140 p[13] = (16 * 176) & 0xff; 1141 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1142 p[17] = (16 * 176) & 0xff; 1143 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1144 p[19] = (16 * 176) & 0xff; 1145 break; 1146 1147 default: 1148 return -1; 1149 } 1150 1151 assert(length < 256); 1152 (*p_outbuf)[0] = page; 1153 (*p_outbuf)[1] = length; 1154 *p_outbuf += length + 2; 1155 return length + 2; 1156 } 1157 1158 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1159 { 1160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1161 uint64_t nb_sectors; 1162 bool dbd; 1163 int page, buflen, ret, page_control; 1164 uint8_t *p; 1165 uint8_t dev_specific_param; 1166 1167 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1168 page = r->req.cmd.buf[2] & 0x3f; 1169 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1170 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1171 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1172 memset(outbuf, 0, r->req.cmd.xfer); 1173 p = outbuf; 1174 1175 if (s->qdev.type == TYPE_DISK) { 1176 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1177 if (blk_is_read_only(s->qdev.conf.blk)) { 1178 dev_specific_param |= 0x80; /* Readonly. */ 1179 } 1180 } else { 1181 /* MMC prescribes that CD/DVD drives have no block descriptors, 1182 * and defines no device-specific parameter. */ 1183 dev_specific_param = 0x00; 1184 dbd = true; 1185 } 1186 1187 if (r->req.cmd.buf[0] == MODE_SENSE) { 1188 p[1] = 0; /* Default media type. */ 1189 p[2] = dev_specific_param; 1190 p[3] = 0; /* Block descriptor length. */ 1191 p += 4; 1192 } else { /* MODE_SENSE_10 */ 1193 p[2] = 0; /* Default media type. */ 1194 p[3] = dev_specific_param; 1195 p[6] = p[7] = 0; /* Block descriptor length. */ 1196 p += 8; 1197 } 1198 1199 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1200 if (!dbd && nb_sectors) { 1201 if (r->req.cmd.buf[0] == MODE_SENSE) { 1202 outbuf[3] = 8; /* Block descriptor length */ 1203 } else { /* MODE_SENSE_10 */ 1204 outbuf[7] = 8; /* Block descriptor length */ 1205 } 1206 nb_sectors /= (s->qdev.blocksize / 512); 1207 if (nb_sectors > 0xffffff) { 1208 nb_sectors = 0; 1209 } 1210 p[0] = 0; /* media density code */ 1211 p[1] = (nb_sectors >> 16) & 0xff; 1212 p[2] = (nb_sectors >> 8) & 0xff; 1213 p[3] = nb_sectors & 0xff; 1214 p[4] = 0; /* reserved */ 1215 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1216 p[6] = s->qdev.blocksize >> 8; 1217 p[7] = 0; 1218 p += 8; 1219 } 1220 1221 if (page_control == 3) { 1222 /* Saved Values */ 1223 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1224 return -1; 1225 } 1226 1227 if (page == 0x3f) { 1228 for (page = 0; page <= 0x3e; page++) { 1229 mode_sense_page(s, page, &p, page_control); 1230 } 1231 } else { 1232 ret = mode_sense_page(s, page, &p, page_control); 1233 if (ret == -1) { 1234 return -1; 1235 } 1236 } 1237 1238 buflen = p - outbuf; 1239 /* 1240 * The mode data length field specifies the length in bytes of the 1241 * following data that is available to be transferred. The mode data 1242 * length does not include itself. 1243 */ 1244 if (r->req.cmd.buf[0] == MODE_SENSE) { 1245 outbuf[0] = buflen - 1; 1246 } else { /* MODE_SENSE_10 */ 1247 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1248 outbuf[1] = (buflen - 2) & 0xff; 1249 } 1250 return buflen; 1251 } 1252 1253 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1254 { 1255 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1256 int start_track, format, msf, toclen; 1257 uint64_t nb_sectors; 1258 1259 msf = req->cmd.buf[1] & 2; 1260 format = req->cmd.buf[2] & 0xf; 1261 start_track = req->cmd.buf[6]; 1262 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1263 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1264 nb_sectors /= s->qdev.blocksize / 512; 1265 switch (format) { 1266 case 0: 1267 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1268 break; 1269 case 1: 1270 /* multi session : only a single session defined */ 1271 toclen = 12; 1272 memset(outbuf, 0, 12); 1273 outbuf[1] = 0x0a; 1274 outbuf[2] = 0x01; 1275 outbuf[3] = 0x01; 1276 break; 1277 case 2: 1278 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1279 break; 1280 default: 1281 return -1; 1282 } 1283 return toclen; 1284 } 1285 1286 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1287 { 1288 SCSIRequest *req = &r->req; 1289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1290 bool start = req->cmd.buf[4] & 1; 1291 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1292 int pwrcnd = req->cmd.buf[4] & 0xf0; 1293 1294 if (pwrcnd) { 1295 /* eject/load only happens for power condition == 0 */ 1296 return 0; 1297 } 1298 1299 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1300 if (!start && !s->tray_open && s->tray_locked) { 1301 scsi_check_condition(r, 1302 blk_is_inserted(s->qdev.conf.blk) 1303 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1304 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1305 return -1; 1306 } 1307 1308 if (s->tray_open != !start) { 1309 blk_eject(s->qdev.conf.blk, !start); 1310 s->tray_open = !start; 1311 } 1312 } 1313 return 0; 1314 } 1315 1316 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1317 { 1318 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1319 int buflen = r->iov.iov_len; 1320 1321 if (buflen) { 1322 DPRINTF("Read buf_len=%d\n", buflen); 1323 r->iov.iov_len = 0; 1324 r->started = true; 1325 scsi_req_data(&r->req, buflen); 1326 return; 1327 } 1328 1329 /* This also clears the sense buffer for REQUEST SENSE. */ 1330 scsi_req_complete(&r->req, GOOD); 1331 } 1332 1333 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1334 uint8_t *inbuf, int inlen) 1335 { 1336 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1337 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1338 uint8_t *p; 1339 int len, expected_len, changeable_len, i; 1340 1341 /* The input buffer does not include the page header, so it is 1342 * off by 2 bytes. 1343 */ 1344 expected_len = inlen + 2; 1345 if (expected_len > SCSI_MAX_MODE_LEN) { 1346 return -1; 1347 } 1348 1349 p = mode_current; 1350 memset(mode_current, 0, inlen + 2); 1351 len = mode_sense_page(s, page, &p, 0); 1352 if (len < 0 || len != expected_len) { 1353 return -1; 1354 } 1355 1356 p = mode_changeable; 1357 memset(mode_changeable, 0, inlen + 2); 1358 changeable_len = mode_sense_page(s, page, &p, 1); 1359 assert(changeable_len == len); 1360 1361 /* Check that unchangeable bits are the same as what MODE SENSE 1362 * would return. 1363 */ 1364 for (i = 2; i < len; i++) { 1365 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1366 return -1; 1367 } 1368 } 1369 return 0; 1370 } 1371 1372 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1373 { 1374 switch (page) { 1375 case MODE_PAGE_CACHING: 1376 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1377 break; 1378 1379 default: 1380 break; 1381 } 1382 } 1383 1384 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1385 { 1386 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1387 1388 while (len > 0) { 1389 int page, subpage, page_len; 1390 1391 /* Parse both possible formats for the mode page headers. */ 1392 page = p[0] & 0x3f; 1393 if (p[0] & 0x40) { 1394 if (len < 4) { 1395 goto invalid_param_len; 1396 } 1397 subpage = p[1]; 1398 page_len = lduw_be_p(&p[2]); 1399 p += 4; 1400 len -= 4; 1401 } else { 1402 if (len < 2) { 1403 goto invalid_param_len; 1404 } 1405 subpage = 0; 1406 page_len = p[1]; 1407 p += 2; 1408 len -= 2; 1409 } 1410 1411 if (subpage) { 1412 goto invalid_param; 1413 } 1414 if (page_len > len) { 1415 goto invalid_param_len; 1416 } 1417 1418 if (!change) { 1419 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1420 goto invalid_param; 1421 } 1422 } else { 1423 scsi_disk_apply_mode_select(s, page, p); 1424 } 1425 1426 p += page_len; 1427 len -= page_len; 1428 } 1429 return 0; 1430 1431 invalid_param: 1432 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1433 return -1; 1434 1435 invalid_param_len: 1436 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1437 return -1; 1438 } 1439 1440 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1441 { 1442 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1443 uint8_t *p = inbuf; 1444 int cmd = r->req.cmd.buf[0]; 1445 int len = r->req.cmd.xfer; 1446 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1447 int bd_len; 1448 int pass; 1449 1450 /* We only support PF=1, SP=0. */ 1451 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1452 goto invalid_field; 1453 } 1454 1455 if (len < hdr_len) { 1456 goto invalid_param_len; 1457 } 1458 1459 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1460 len -= hdr_len; 1461 p += hdr_len; 1462 if (len < bd_len) { 1463 goto invalid_param_len; 1464 } 1465 if (bd_len != 0 && bd_len != 8) { 1466 goto invalid_param; 1467 } 1468 1469 len -= bd_len; 1470 p += bd_len; 1471 1472 /* Ensure no change is made if there is an error! */ 1473 for (pass = 0; pass < 2; pass++) { 1474 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1475 assert(pass == 0); 1476 return; 1477 } 1478 } 1479 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1480 /* The request is used as the AIO opaque value, so add a ref. */ 1481 scsi_req_ref(&r->req); 1482 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1483 BLOCK_ACCT_FLUSH); 1484 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1485 return; 1486 } 1487 1488 scsi_req_complete(&r->req, GOOD); 1489 return; 1490 1491 invalid_param: 1492 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1493 return; 1494 1495 invalid_param_len: 1496 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1497 return; 1498 1499 invalid_field: 1500 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1501 } 1502 1503 static inline bool check_lba_range(SCSIDiskState *s, 1504 uint64_t sector_num, uint32_t nb_sectors) 1505 { 1506 /* 1507 * The first line tests that no overflow happens when computing the last 1508 * sector. The second line tests that the last accessed sector is in 1509 * range. 1510 * 1511 * Careful, the computations should not underflow for nb_sectors == 0, 1512 * and a 0-block read to the first LBA beyond the end of device is 1513 * valid. 1514 */ 1515 return (sector_num <= sector_num + nb_sectors && 1516 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1517 } 1518 1519 typedef struct UnmapCBData { 1520 SCSIDiskReq *r; 1521 uint8_t *inbuf; 1522 int count; 1523 } UnmapCBData; 1524 1525 static void scsi_unmap_complete(void *opaque, int ret) 1526 { 1527 UnmapCBData *data = opaque; 1528 SCSIDiskReq *r = data->r; 1529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1530 uint64_t sector_num; 1531 uint32_t nb_sectors; 1532 1533 r->req.aiocb = NULL; 1534 if (r->req.io_canceled) { 1535 scsi_req_cancel_complete(&r->req); 1536 goto done; 1537 } 1538 1539 if (ret < 0) { 1540 if (scsi_handle_rw_error(r, -ret)) { 1541 goto done; 1542 } 1543 } 1544 1545 if (data->count > 0) { 1546 sector_num = ldq_be_p(&data->inbuf[0]); 1547 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1548 if (!check_lba_range(s, sector_num, nb_sectors)) { 1549 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1550 goto done; 1551 } 1552 1553 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1554 sector_num * (s->qdev.blocksize / 512), 1555 nb_sectors * (s->qdev.blocksize / 512), 1556 scsi_unmap_complete, data); 1557 data->count--; 1558 data->inbuf += 16; 1559 return; 1560 } 1561 1562 scsi_req_complete(&r->req, GOOD); 1563 1564 done: 1565 scsi_req_unref(&r->req); 1566 g_free(data); 1567 } 1568 1569 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1570 { 1571 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1572 uint8_t *p = inbuf; 1573 int len = r->req.cmd.xfer; 1574 UnmapCBData *data; 1575 1576 /* Reject ANCHOR=1. */ 1577 if (r->req.cmd.buf[1] & 0x1) { 1578 goto invalid_field; 1579 } 1580 1581 if (len < 8) { 1582 goto invalid_param_len; 1583 } 1584 if (len < lduw_be_p(&p[0]) + 2) { 1585 goto invalid_param_len; 1586 } 1587 if (len < lduw_be_p(&p[2]) + 8) { 1588 goto invalid_param_len; 1589 } 1590 if (lduw_be_p(&p[2]) & 15) { 1591 goto invalid_param_len; 1592 } 1593 1594 if (blk_is_read_only(s->qdev.conf.blk)) { 1595 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1596 return; 1597 } 1598 1599 data = g_new0(UnmapCBData, 1); 1600 data->r = r; 1601 data->inbuf = &p[8]; 1602 data->count = lduw_be_p(&p[2]) >> 4; 1603 1604 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1605 scsi_req_ref(&r->req); 1606 scsi_unmap_complete(data, 0); 1607 return; 1608 1609 invalid_param_len: 1610 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1611 return; 1612 1613 invalid_field: 1614 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1615 } 1616 1617 typedef struct WriteSameCBData { 1618 SCSIDiskReq *r; 1619 int64_t sector; 1620 int nb_sectors; 1621 QEMUIOVector qiov; 1622 struct iovec iov; 1623 } WriteSameCBData; 1624 1625 static void scsi_write_same_complete(void *opaque, int ret) 1626 { 1627 WriteSameCBData *data = opaque; 1628 SCSIDiskReq *r = data->r; 1629 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1630 1631 assert(r->req.aiocb != NULL); 1632 r->req.aiocb = NULL; 1633 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1634 if (r->req.io_canceled) { 1635 scsi_req_cancel_complete(&r->req); 1636 goto done; 1637 } 1638 1639 if (ret < 0) { 1640 if (scsi_handle_rw_error(r, -ret)) { 1641 goto done; 1642 } 1643 } 1644 1645 data->nb_sectors -= data->iov.iov_len / 512; 1646 data->sector += data->iov.iov_len / 512; 1647 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1648 if (data->iov.iov_len) { 1649 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1650 data->iov.iov_len, BLOCK_ACCT_WRITE); 1651 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1652 &data->qiov, data->iov.iov_len / 512, 1653 scsi_write_same_complete, data); 1654 return; 1655 } 1656 1657 scsi_req_complete(&r->req, GOOD); 1658 1659 done: 1660 scsi_req_unref(&r->req); 1661 qemu_vfree(data->iov.iov_base); 1662 g_free(data); 1663 } 1664 1665 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1666 { 1667 SCSIRequest *req = &r->req; 1668 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1669 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1670 WriteSameCBData *data; 1671 uint8_t *buf; 1672 int i; 1673 1674 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1675 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1676 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1677 return; 1678 } 1679 1680 if (blk_is_read_only(s->qdev.conf.blk)) { 1681 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1682 return; 1683 } 1684 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1685 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1686 return; 1687 } 1688 1689 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1690 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1691 1692 /* The request is used as the AIO opaque value, so add a ref. */ 1693 scsi_req_ref(&r->req); 1694 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1695 nb_sectors * s->qdev.blocksize, 1696 BLOCK_ACCT_WRITE); 1697 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk, 1698 r->req.cmd.lba * (s->qdev.blocksize / 512), 1699 nb_sectors * (s->qdev.blocksize / 512), 1700 flags, scsi_aio_complete, r); 1701 return; 1702 } 1703 1704 data = g_new0(WriteSameCBData, 1); 1705 data->r = r; 1706 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1707 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1708 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1709 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1710 data->iov.iov_len); 1711 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1712 1713 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1714 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1715 } 1716 1717 scsi_req_ref(&r->req); 1718 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1719 data->iov.iov_len, BLOCK_ACCT_WRITE); 1720 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1721 &data->qiov, data->iov.iov_len / 512, 1722 scsi_write_same_complete, data); 1723 } 1724 1725 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1726 { 1727 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1728 1729 if (r->iov.iov_len) { 1730 int buflen = r->iov.iov_len; 1731 DPRINTF("Write buf_len=%d\n", buflen); 1732 r->iov.iov_len = 0; 1733 scsi_req_data(&r->req, buflen); 1734 return; 1735 } 1736 1737 switch (req->cmd.buf[0]) { 1738 case MODE_SELECT: 1739 case MODE_SELECT_10: 1740 /* This also clears the sense buffer for REQUEST SENSE. */ 1741 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1742 break; 1743 1744 case UNMAP: 1745 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1746 break; 1747 1748 case VERIFY_10: 1749 case VERIFY_12: 1750 case VERIFY_16: 1751 if (r->req.status == -1) { 1752 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1753 } 1754 break; 1755 1756 case WRITE_SAME_10: 1757 case WRITE_SAME_16: 1758 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1759 break; 1760 1761 default: 1762 abort(); 1763 } 1764 } 1765 1766 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1767 { 1768 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1770 uint64_t nb_sectors; 1771 uint8_t *outbuf; 1772 int buflen; 1773 1774 switch (req->cmd.buf[0]) { 1775 case INQUIRY: 1776 case MODE_SENSE: 1777 case MODE_SENSE_10: 1778 case RESERVE: 1779 case RESERVE_10: 1780 case RELEASE: 1781 case RELEASE_10: 1782 case START_STOP: 1783 case ALLOW_MEDIUM_REMOVAL: 1784 case GET_CONFIGURATION: 1785 case GET_EVENT_STATUS_NOTIFICATION: 1786 case MECHANISM_STATUS: 1787 case REQUEST_SENSE: 1788 break; 1789 1790 default: 1791 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1792 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1793 return 0; 1794 } 1795 break; 1796 } 1797 1798 /* 1799 * FIXME: we shouldn't return anything bigger than 4k, but the code 1800 * requires the buffer to be as big as req->cmd.xfer in several 1801 * places. So, do not allow CDBs with a very large ALLOCATION 1802 * LENGTH. The real fix would be to modify scsi_read_data and 1803 * dma_buf_read, so that they return data beyond the buflen 1804 * as all zeros. 1805 */ 1806 if (req->cmd.xfer > 65536) { 1807 goto illegal_request; 1808 } 1809 r->buflen = MAX(4096, req->cmd.xfer); 1810 1811 if (!r->iov.iov_base) { 1812 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1813 } 1814 1815 buflen = req->cmd.xfer; 1816 outbuf = r->iov.iov_base; 1817 memset(outbuf, 0, r->buflen); 1818 switch (req->cmd.buf[0]) { 1819 case TEST_UNIT_READY: 1820 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1821 break; 1822 case INQUIRY: 1823 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1824 if (buflen < 0) { 1825 goto illegal_request; 1826 } 1827 break; 1828 case MODE_SENSE: 1829 case MODE_SENSE_10: 1830 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1831 if (buflen < 0) { 1832 goto illegal_request; 1833 } 1834 break; 1835 case READ_TOC: 1836 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1837 if (buflen < 0) { 1838 goto illegal_request; 1839 } 1840 break; 1841 case RESERVE: 1842 if (req->cmd.buf[1] & 1) { 1843 goto illegal_request; 1844 } 1845 break; 1846 case RESERVE_10: 1847 if (req->cmd.buf[1] & 3) { 1848 goto illegal_request; 1849 } 1850 break; 1851 case RELEASE: 1852 if (req->cmd.buf[1] & 1) { 1853 goto illegal_request; 1854 } 1855 break; 1856 case RELEASE_10: 1857 if (req->cmd.buf[1] & 3) { 1858 goto illegal_request; 1859 } 1860 break; 1861 case START_STOP: 1862 if (scsi_disk_emulate_start_stop(r) < 0) { 1863 return 0; 1864 } 1865 break; 1866 case ALLOW_MEDIUM_REMOVAL: 1867 s->tray_locked = req->cmd.buf[4] & 1; 1868 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1869 break; 1870 case READ_CAPACITY_10: 1871 /* The normal LEN field for this command is zero. */ 1872 memset(outbuf, 0, 8); 1873 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1874 if (!nb_sectors) { 1875 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1876 return 0; 1877 } 1878 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1879 goto illegal_request; 1880 } 1881 nb_sectors /= s->qdev.blocksize / 512; 1882 /* Returned value is the address of the last sector. */ 1883 nb_sectors--; 1884 /* Remember the new size for read/write sanity checking. */ 1885 s->qdev.max_lba = nb_sectors; 1886 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1887 if (nb_sectors > UINT32_MAX) { 1888 nb_sectors = UINT32_MAX; 1889 } 1890 outbuf[0] = (nb_sectors >> 24) & 0xff; 1891 outbuf[1] = (nb_sectors >> 16) & 0xff; 1892 outbuf[2] = (nb_sectors >> 8) & 0xff; 1893 outbuf[3] = nb_sectors & 0xff; 1894 outbuf[4] = 0; 1895 outbuf[5] = 0; 1896 outbuf[6] = s->qdev.blocksize >> 8; 1897 outbuf[7] = 0; 1898 break; 1899 case REQUEST_SENSE: 1900 /* Just return "NO SENSE". */ 1901 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1902 (req->cmd.buf[1] & 1) == 0); 1903 if (buflen < 0) { 1904 goto illegal_request; 1905 } 1906 break; 1907 case MECHANISM_STATUS: 1908 buflen = scsi_emulate_mechanism_status(s, outbuf); 1909 if (buflen < 0) { 1910 goto illegal_request; 1911 } 1912 break; 1913 case GET_CONFIGURATION: 1914 buflen = scsi_get_configuration(s, outbuf); 1915 if (buflen < 0) { 1916 goto illegal_request; 1917 } 1918 break; 1919 case GET_EVENT_STATUS_NOTIFICATION: 1920 buflen = scsi_get_event_status_notification(s, r, outbuf); 1921 if (buflen < 0) { 1922 goto illegal_request; 1923 } 1924 break; 1925 case READ_DISC_INFORMATION: 1926 buflen = scsi_read_disc_information(s, r, outbuf); 1927 if (buflen < 0) { 1928 goto illegal_request; 1929 } 1930 break; 1931 case READ_DVD_STRUCTURE: 1932 buflen = scsi_read_dvd_structure(s, r, outbuf); 1933 if (buflen < 0) { 1934 goto illegal_request; 1935 } 1936 break; 1937 case SERVICE_ACTION_IN_16: 1938 /* Service Action In subcommands. */ 1939 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1940 DPRINTF("SAI READ CAPACITY(16)\n"); 1941 memset(outbuf, 0, req->cmd.xfer); 1942 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1943 if (!nb_sectors) { 1944 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1945 return 0; 1946 } 1947 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1948 goto illegal_request; 1949 } 1950 nb_sectors /= s->qdev.blocksize / 512; 1951 /* Returned value is the address of the last sector. */ 1952 nb_sectors--; 1953 /* Remember the new size for read/write sanity checking. */ 1954 s->qdev.max_lba = nb_sectors; 1955 outbuf[0] = (nb_sectors >> 56) & 0xff; 1956 outbuf[1] = (nb_sectors >> 48) & 0xff; 1957 outbuf[2] = (nb_sectors >> 40) & 0xff; 1958 outbuf[3] = (nb_sectors >> 32) & 0xff; 1959 outbuf[4] = (nb_sectors >> 24) & 0xff; 1960 outbuf[5] = (nb_sectors >> 16) & 0xff; 1961 outbuf[6] = (nb_sectors >> 8) & 0xff; 1962 outbuf[7] = nb_sectors & 0xff; 1963 outbuf[8] = 0; 1964 outbuf[9] = 0; 1965 outbuf[10] = s->qdev.blocksize >> 8; 1966 outbuf[11] = 0; 1967 outbuf[12] = 0; 1968 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1969 1970 /* set TPE bit if the format supports discard */ 1971 if (s->qdev.conf.discard_granularity) { 1972 outbuf[14] = 0x80; 1973 } 1974 1975 /* Protection, exponent and lowest lba field left blank. */ 1976 break; 1977 } 1978 DPRINTF("Unsupported Service Action In\n"); 1979 goto illegal_request; 1980 case SYNCHRONIZE_CACHE: 1981 /* The request is used as the AIO opaque value, so add a ref. */ 1982 scsi_req_ref(&r->req); 1983 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1984 BLOCK_ACCT_FLUSH); 1985 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1986 return 0; 1987 case SEEK_10: 1988 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 1989 if (r->req.cmd.lba > s->qdev.max_lba) { 1990 goto illegal_lba; 1991 } 1992 break; 1993 case MODE_SELECT: 1994 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 1995 break; 1996 case MODE_SELECT_10: 1997 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 1998 break; 1999 case UNMAP: 2000 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2001 break; 2002 case VERIFY_10: 2003 case VERIFY_12: 2004 case VERIFY_16: 2005 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2006 if (req->cmd.buf[1] & 6) { 2007 goto illegal_request; 2008 } 2009 break; 2010 case WRITE_SAME_10: 2011 case WRITE_SAME_16: 2012 DPRINTF("WRITE SAME %d (len %lu)\n", 2013 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2014 (long)r->req.cmd.xfer); 2015 break; 2016 default: 2017 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2018 scsi_command_name(buf[0])); 2019 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2020 return 0; 2021 } 2022 assert(!r->req.aiocb); 2023 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2024 if (r->iov.iov_len == 0) { 2025 scsi_req_complete(&r->req, GOOD); 2026 } 2027 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2028 assert(r->iov.iov_len == req->cmd.xfer); 2029 return -r->iov.iov_len; 2030 } else { 2031 return r->iov.iov_len; 2032 } 2033 2034 illegal_request: 2035 if (r->req.status == -1) { 2036 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2037 } 2038 return 0; 2039 2040 illegal_lba: 2041 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2042 return 0; 2043 } 2044 2045 /* Execute a scsi command. Returns the length of the data expected by the 2046 command. This will be Positive for data transfers from the device 2047 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2048 and zero if the command does not transfer any data. */ 2049 2050 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2051 { 2052 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2053 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2054 uint32_t len; 2055 uint8_t command; 2056 2057 command = buf[0]; 2058 2059 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2060 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2061 return 0; 2062 } 2063 2064 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2065 switch (command) { 2066 case READ_6: 2067 case READ_10: 2068 case READ_12: 2069 case READ_16: 2070 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2071 if (r->req.cmd.buf[1] & 0xe0) { 2072 goto illegal_request; 2073 } 2074 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2075 goto illegal_lba; 2076 } 2077 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2078 r->sector_count = len * (s->qdev.blocksize / 512); 2079 break; 2080 case WRITE_6: 2081 case WRITE_10: 2082 case WRITE_12: 2083 case WRITE_16: 2084 case WRITE_VERIFY_10: 2085 case WRITE_VERIFY_12: 2086 case WRITE_VERIFY_16: 2087 if (blk_is_read_only(s->qdev.conf.blk)) { 2088 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2089 return 0; 2090 } 2091 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2092 (command & 0xe) == 0xe ? "And Verify " : "", 2093 r->req.cmd.lba, len); 2094 if (r->req.cmd.buf[1] & 0xe0) { 2095 goto illegal_request; 2096 } 2097 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2098 goto illegal_lba; 2099 } 2100 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2101 r->sector_count = len * (s->qdev.blocksize / 512); 2102 break; 2103 default: 2104 abort(); 2105 illegal_request: 2106 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2107 return 0; 2108 illegal_lba: 2109 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2110 return 0; 2111 } 2112 if (r->sector_count == 0) { 2113 scsi_req_complete(&r->req, GOOD); 2114 } 2115 assert(r->iov.iov_len == 0); 2116 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2117 return -r->sector_count * 512; 2118 } else { 2119 return r->sector_count * 512; 2120 } 2121 } 2122 2123 static void scsi_disk_reset(DeviceState *dev) 2124 { 2125 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2126 uint64_t nb_sectors; 2127 2128 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2129 2130 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2131 nb_sectors /= s->qdev.blocksize / 512; 2132 if (nb_sectors) { 2133 nb_sectors--; 2134 } 2135 s->qdev.max_lba = nb_sectors; 2136 /* reset tray statuses */ 2137 s->tray_locked = 0; 2138 s->tray_open = 0; 2139 } 2140 2141 static void scsi_disk_resize_cb(void *opaque) 2142 { 2143 SCSIDiskState *s = opaque; 2144 2145 /* SPC lists this sense code as available only for 2146 * direct-access devices. 2147 */ 2148 if (s->qdev.type == TYPE_DISK) { 2149 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2150 } 2151 } 2152 2153 static void scsi_cd_change_media_cb(void *opaque, bool load) 2154 { 2155 SCSIDiskState *s = opaque; 2156 2157 /* 2158 * When a CD gets changed, we have to report an ejected state and 2159 * then a loaded state to guests so that they detect tray 2160 * open/close and media change events. Guests that do not use 2161 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2162 * states rely on this behavior. 2163 * 2164 * media_changed governs the state machine used for unit attention 2165 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2166 */ 2167 s->media_changed = load; 2168 s->tray_open = !load; 2169 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2170 s->media_event = true; 2171 s->eject_request = false; 2172 } 2173 2174 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2175 { 2176 SCSIDiskState *s = opaque; 2177 2178 s->eject_request = true; 2179 if (force) { 2180 s->tray_locked = false; 2181 } 2182 } 2183 2184 static bool scsi_cd_is_tray_open(void *opaque) 2185 { 2186 return ((SCSIDiskState *)opaque)->tray_open; 2187 } 2188 2189 static bool scsi_cd_is_medium_locked(void *opaque) 2190 { 2191 return ((SCSIDiskState *)opaque)->tray_locked; 2192 } 2193 2194 static const BlockDevOps scsi_disk_removable_block_ops = { 2195 .change_media_cb = scsi_cd_change_media_cb, 2196 .eject_request_cb = scsi_cd_eject_request_cb, 2197 .is_tray_open = scsi_cd_is_tray_open, 2198 .is_medium_locked = scsi_cd_is_medium_locked, 2199 2200 .resize_cb = scsi_disk_resize_cb, 2201 }; 2202 2203 static const BlockDevOps scsi_disk_block_ops = { 2204 .resize_cb = scsi_disk_resize_cb, 2205 }; 2206 2207 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2208 { 2209 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2210 if (s->media_changed) { 2211 s->media_changed = false; 2212 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2213 } 2214 } 2215 2216 static void scsi_realize(SCSIDevice *dev, Error **errp) 2217 { 2218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2219 Error *err = NULL; 2220 2221 if (!s->qdev.conf.blk) { 2222 error_setg(errp, "drive property not set"); 2223 return; 2224 } 2225 2226 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2227 !blk_is_inserted(s->qdev.conf.blk)) { 2228 error_setg(errp, "Device needs media, but drive is empty"); 2229 return; 2230 } 2231 2232 blkconf_serial(&s->qdev.conf, &s->serial); 2233 if (dev->type == TYPE_DISK) { 2234 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2235 if (err) { 2236 error_propagate(errp, err); 2237 return; 2238 } 2239 } 2240 2241 if (s->qdev.conf.discard_granularity == -1) { 2242 s->qdev.conf.discard_granularity = 2243 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2244 } 2245 2246 if (!s->version) { 2247 s->version = g_strdup(qemu_get_version()); 2248 } 2249 if (!s->vendor) { 2250 s->vendor = g_strdup("QEMU"); 2251 } 2252 2253 if (blk_is_sg(s->qdev.conf.blk)) { 2254 error_setg(errp, "unwanted /dev/sg*"); 2255 return; 2256 } 2257 2258 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2259 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2260 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2261 } else { 2262 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2263 } 2264 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2265 2266 blk_iostatus_enable(s->qdev.conf.blk); 2267 } 2268 2269 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2270 { 2271 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2272 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2273 s->qdev.type = TYPE_DISK; 2274 if (!s->product) { 2275 s->product = g_strdup("QEMU HARDDISK"); 2276 } 2277 scsi_realize(&s->qdev, errp); 2278 } 2279 2280 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2281 { 2282 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2283 s->qdev.blocksize = 2048; 2284 s->qdev.type = TYPE_ROM; 2285 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2286 if (!s->product) { 2287 s->product = g_strdup("QEMU CD-ROM"); 2288 } 2289 scsi_realize(&s->qdev, errp); 2290 } 2291 2292 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2293 { 2294 DriveInfo *dinfo; 2295 Error *local_err = NULL; 2296 2297 if (!dev->conf.blk) { 2298 scsi_realize(dev, &local_err); 2299 assert(local_err); 2300 error_propagate(errp, local_err); 2301 return; 2302 } 2303 2304 dinfo = blk_legacy_dinfo(dev->conf.blk); 2305 if (dinfo && dinfo->media_cd) { 2306 scsi_cd_realize(dev, errp); 2307 } else { 2308 scsi_hd_realize(dev, errp); 2309 } 2310 } 2311 2312 static const SCSIReqOps scsi_disk_emulate_reqops = { 2313 .size = sizeof(SCSIDiskReq), 2314 .free_req = scsi_free_request, 2315 .send_command = scsi_disk_emulate_command, 2316 .read_data = scsi_disk_emulate_read_data, 2317 .write_data = scsi_disk_emulate_write_data, 2318 .get_buf = scsi_get_buf, 2319 }; 2320 2321 static const SCSIReqOps scsi_disk_dma_reqops = { 2322 .size = sizeof(SCSIDiskReq), 2323 .free_req = scsi_free_request, 2324 .send_command = scsi_disk_dma_command, 2325 .read_data = scsi_read_data, 2326 .write_data = scsi_write_data, 2327 .get_buf = scsi_get_buf, 2328 .load_request = scsi_disk_load_request, 2329 .save_request = scsi_disk_save_request, 2330 }; 2331 2332 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2333 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2334 [INQUIRY] = &scsi_disk_emulate_reqops, 2335 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2336 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2337 [START_STOP] = &scsi_disk_emulate_reqops, 2338 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2339 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2340 [READ_TOC] = &scsi_disk_emulate_reqops, 2341 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2342 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2343 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2344 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2345 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2346 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2347 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2348 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2349 [SEEK_10] = &scsi_disk_emulate_reqops, 2350 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2351 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2352 [UNMAP] = &scsi_disk_emulate_reqops, 2353 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2354 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2355 [VERIFY_10] = &scsi_disk_emulate_reqops, 2356 [VERIFY_12] = &scsi_disk_emulate_reqops, 2357 [VERIFY_16] = &scsi_disk_emulate_reqops, 2358 2359 [READ_6] = &scsi_disk_dma_reqops, 2360 [READ_10] = &scsi_disk_dma_reqops, 2361 [READ_12] = &scsi_disk_dma_reqops, 2362 [READ_16] = &scsi_disk_dma_reqops, 2363 [WRITE_6] = &scsi_disk_dma_reqops, 2364 [WRITE_10] = &scsi_disk_dma_reqops, 2365 [WRITE_12] = &scsi_disk_dma_reqops, 2366 [WRITE_16] = &scsi_disk_dma_reqops, 2367 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2368 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2369 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2370 }; 2371 2372 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2373 uint8_t *buf, void *hba_private) 2374 { 2375 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2376 SCSIRequest *req; 2377 const SCSIReqOps *ops; 2378 uint8_t command; 2379 2380 command = buf[0]; 2381 ops = scsi_disk_reqops_dispatch[command]; 2382 if (!ops) { 2383 ops = &scsi_disk_emulate_reqops; 2384 } 2385 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2386 2387 #ifdef DEBUG_SCSI 2388 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2389 { 2390 int i; 2391 for (i = 1; i < scsi_cdb_length(buf); i++) { 2392 printf(" 0x%02x", buf[i]); 2393 } 2394 printf("\n"); 2395 } 2396 #endif 2397 2398 return req; 2399 } 2400 2401 #ifdef __linux__ 2402 static int get_device_type(SCSIDiskState *s) 2403 { 2404 uint8_t cmd[16]; 2405 uint8_t buf[36]; 2406 uint8_t sensebuf[8]; 2407 sg_io_hdr_t io_header; 2408 int ret; 2409 2410 memset(cmd, 0, sizeof(cmd)); 2411 memset(buf, 0, sizeof(buf)); 2412 cmd[0] = INQUIRY; 2413 cmd[4] = sizeof(buf); 2414 2415 memset(&io_header, 0, sizeof(io_header)); 2416 io_header.interface_id = 'S'; 2417 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2418 io_header.dxfer_len = sizeof(buf); 2419 io_header.dxferp = buf; 2420 io_header.cmdp = cmd; 2421 io_header.cmd_len = sizeof(cmd); 2422 io_header.mx_sb_len = sizeof(sensebuf); 2423 io_header.sbp = sensebuf; 2424 io_header.timeout = 6000; /* XXX */ 2425 2426 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2427 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2428 return -1; 2429 } 2430 s->qdev.type = buf[0]; 2431 if (buf[1] & 0x80) { 2432 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2433 } 2434 return 0; 2435 } 2436 2437 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2438 { 2439 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2440 int sg_version; 2441 int rc; 2442 2443 if (!s->qdev.conf.blk) { 2444 error_setg(errp, "drive property not set"); 2445 return; 2446 } 2447 2448 /* check we are using a driver managing SG_IO (version 3 and after) */ 2449 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2450 if (rc < 0) { 2451 error_setg(errp, "cannot get SG_IO version number: %s. " 2452 "Is this a SCSI device?", 2453 strerror(-rc)); 2454 return; 2455 } 2456 if (sg_version < 30000) { 2457 error_setg(errp, "scsi generic interface too old"); 2458 return; 2459 } 2460 2461 /* get device type from INQUIRY data */ 2462 rc = get_device_type(s); 2463 if (rc < 0) { 2464 error_setg(errp, "INQUIRY failed"); 2465 return; 2466 } 2467 2468 /* Make a guess for the block size, we'll fix it when the guest sends. 2469 * READ CAPACITY. If they don't, they likely would assume these sizes 2470 * anyway. (TODO: check in /sys). 2471 */ 2472 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2473 s->qdev.blocksize = 2048; 2474 } else { 2475 s->qdev.blocksize = 512; 2476 } 2477 2478 /* Makes the scsi-block device not removable by using HMP and QMP eject 2479 * command. 2480 */ 2481 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2482 2483 scsi_realize(&s->qdev, errp); 2484 } 2485 2486 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2487 { 2488 switch (buf[0]) { 2489 case READ_6: 2490 case READ_10: 2491 case READ_12: 2492 case READ_16: 2493 case VERIFY_10: 2494 case VERIFY_12: 2495 case VERIFY_16: 2496 case WRITE_6: 2497 case WRITE_10: 2498 case WRITE_12: 2499 case WRITE_16: 2500 case WRITE_VERIFY_10: 2501 case WRITE_VERIFY_12: 2502 case WRITE_VERIFY_16: 2503 /* If we are not using O_DIRECT, we might read stale data from the 2504 * host cache if writes were made using other commands than these 2505 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2506 * O_DIRECT everything must go through SG_IO. 2507 */ 2508 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2509 break; 2510 } 2511 2512 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2513 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2514 * And once you do these writes, reading from the block device is 2515 * unreliable, too. It is even possible that reads deliver random data 2516 * from the host page cache (this is probably a Linux bug). 2517 * 2518 * We might use scsi_disk_dma_reqops as long as no writing commands are 2519 * seen, but performance usually isn't paramount on optical media. So, 2520 * just make scsi-block operate the same as scsi-generic for them. 2521 */ 2522 if (s->qdev.type != TYPE_ROM) { 2523 return false; 2524 } 2525 break; 2526 2527 default: 2528 break; 2529 } 2530 2531 return true; 2532 } 2533 2534 2535 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2536 uint32_t lun, uint8_t *buf, 2537 void *hba_private) 2538 { 2539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2540 2541 if (scsi_block_is_passthrough(s, buf)) { 2542 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2543 hba_private); 2544 } else { 2545 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2546 hba_private); 2547 } 2548 } 2549 2550 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2551 uint8_t *buf, void *hba_private) 2552 { 2553 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2554 2555 if (scsi_block_is_passthrough(s, buf)) { 2556 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2557 } else { 2558 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2559 } 2560 } 2561 2562 #endif 2563 2564 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2565 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2566 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2567 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2568 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2569 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2570 2571 static Property scsi_hd_properties[] = { 2572 DEFINE_SCSI_DISK_PROPERTIES(), 2573 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2574 SCSI_DISK_F_REMOVABLE, false), 2575 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2576 SCSI_DISK_F_DPOFUA, false), 2577 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2578 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2579 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2580 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2581 DEFAULT_MAX_UNMAP_SIZE), 2582 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2583 DEFINE_PROP_END_OF_LIST(), 2584 }; 2585 2586 static const VMStateDescription vmstate_scsi_disk_state = { 2587 .name = "scsi-disk", 2588 .version_id = 1, 2589 .minimum_version_id = 1, 2590 .fields = (VMStateField[]) { 2591 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2592 VMSTATE_BOOL(media_changed, SCSIDiskState), 2593 VMSTATE_BOOL(media_event, SCSIDiskState), 2594 VMSTATE_BOOL(eject_request, SCSIDiskState), 2595 VMSTATE_BOOL(tray_open, SCSIDiskState), 2596 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2597 VMSTATE_END_OF_LIST() 2598 } 2599 }; 2600 2601 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2602 { 2603 DeviceClass *dc = DEVICE_CLASS(klass); 2604 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2605 2606 sc->realize = scsi_hd_realize; 2607 sc->alloc_req = scsi_new_request; 2608 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2609 dc->fw_name = "disk"; 2610 dc->desc = "virtual SCSI disk"; 2611 dc->reset = scsi_disk_reset; 2612 dc->props = scsi_hd_properties; 2613 dc->vmsd = &vmstate_scsi_disk_state; 2614 } 2615 2616 static const TypeInfo scsi_hd_info = { 2617 .name = "scsi-hd", 2618 .parent = TYPE_SCSI_DEVICE, 2619 .instance_size = sizeof(SCSIDiskState), 2620 .class_init = scsi_hd_class_initfn, 2621 }; 2622 2623 static Property scsi_cd_properties[] = { 2624 DEFINE_SCSI_DISK_PROPERTIES(), 2625 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2626 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2627 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2628 DEFINE_PROP_END_OF_LIST(), 2629 }; 2630 2631 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2632 { 2633 DeviceClass *dc = DEVICE_CLASS(klass); 2634 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2635 2636 sc->realize = scsi_cd_realize; 2637 sc->alloc_req = scsi_new_request; 2638 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2639 dc->fw_name = "disk"; 2640 dc->desc = "virtual SCSI CD-ROM"; 2641 dc->reset = scsi_disk_reset; 2642 dc->props = scsi_cd_properties; 2643 dc->vmsd = &vmstate_scsi_disk_state; 2644 } 2645 2646 static const TypeInfo scsi_cd_info = { 2647 .name = "scsi-cd", 2648 .parent = TYPE_SCSI_DEVICE, 2649 .instance_size = sizeof(SCSIDiskState), 2650 .class_init = scsi_cd_class_initfn, 2651 }; 2652 2653 #ifdef __linux__ 2654 static Property scsi_block_properties[] = { 2655 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2656 DEFINE_PROP_END_OF_LIST(), 2657 }; 2658 2659 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2660 { 2661 DeviceClass *dc = DEVICE_CLASS(klass); 2662 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2663 2664 sc->realize = scsi_block_realize; 2665 sc->alloc_req = scsi_block_new_request; 2666 sc->parse_cdb = scsi_block_parse_cdb; 2667 dc->fw_name = "disk"; 2668 dc->desc = "SCSI block device passthrough"; 2669 dc->reset = scsi_disk_reset; 2670 dc->props = scsi_block_properties; 2671 dc->vmsd = &vmstate_scsi_disk_state; 2672 } 2673 2674 static const TypeInfo scsi_block_info = { 2675 .name = "scsi-block", 2676 .parent = TYPE_SCSI_DEVICE, 2677 .instance_size = sizeof(SCSIDiskState), 2678 .class_init = scsi_block_class_initfn, 2679 }; 2680 #endif 2681 2682 static Property scsi_disk_properties[] = { 2683 DEFINE_SCSI_DISK_PROPERTIES(), 2684 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2685 SCSI_DISK_F_REMOVABLE, false), 2686 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2687 SCSI_DISK_F_DPOFUA, false), 2688 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2689 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2690 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2691 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2692 DEFAULT_MAX_UNMAP_SIZE), 2693 DEFINE_PROP_END_OF_LIST(), 2694 }; 2695 2696 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2697 { 2698 DeviceClass *dc = DEVICE_CLASS(klass); 2699 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2700 2701 sc->realize = scsi_disk_realize; 2702 sc->alloc_req = scsi_new_request; 2703 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2704 dc->fw_name = "disk"; 2705 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2706 dc->reset = scsi_disk_reset; 2707 dc->props = scsi_disk_properties; 2708 dc->vmsd = &vmstate_scsi_disk_state; 2709 } 2710 2711 static const TypeInfo scsi_disk_info = { 2712 .name = "scsi-disk", 2713 .parent = TYPE_SCSI_DEVICE, 2714 .instance_size = sizeof(SCSIDiskState), 2715 .class_init = scsi_disk_class_initfn, 2716 }; 2717 2718 static void scsi_disk_register_types(void) 2719 { 2720 type_register_static(&scsi_hd_info); 2721 type_register_static(&scsi_cd_info); 2722 #ifdef __linux__ 2723 type_register_static(&scsi_block_info); 2724 #endif 2725 type_register_static(&scsi_disk_info); 2726 } 2727 2728 type_init(scsi_disk_register_types) 2729