1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "sysemu/dma.h" 39 40 #ifdef __linux 41 #include <scsi/sg.h> 42 #endif 43 44 #define SCSI_DMA_BUF_SIZE 131072 45 #define SCSI_MAX_INQUIRY_LEN 256 46 #define SCSI_MAX_MODE_LEN 256 47 48 #define DEFAULT_DISCARD_GRANULARITY 4096 49 50 typedef struct SCSIDiskState SCSIDiskState; 51 52 typedef struct SCSIDiskReq { 53 SCSIRequest req; 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 55 uint64_t sector; 56 uint32_t sector_count; 57 uint32_t buflen; 58 bool started; 59 struct iovec iov; 60 QEMUIOVector qiov; 61 BlockAcctCookie acct; 62 } SCSIDiskReq; 63 64 #define SCSI_DISK_F_REMOVABLE 0 65 #define SCSI_DISK_F_DPOFUA 1 66 67 struct SCSIDiskState 68 { 69 SCSIDevice qdev; 70 uint32_t features; 71 bool media_changed; 72 bool media_event; 73 bool eject_request; 74 uint64_t wwn; 75 QEMUBH *bh; 76 char *version; 77 char *serial; 78 char *vendor; 79 char *product; 80 bool tray_open; 81 bool tray_locked; 82 }; 83 84 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 85 86 static void scsi_free_request(SCSIRequest *req) 87 { 88 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 89 90 qemu_vfree(r->iov.iov_base); 91 } 92 93 /* Helper function for command completion with sense. */ 94 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 95 { 96 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 97 r->req.tag, sense.key, sense.asc, sense.ascq); 98 scsi_req_build_sense(&r->req, sense); 99 scsi_req_complete(&r->req, CHECK_CONDITION); 100 } 101 102 /* Cancel a pending data transfer. */ 103 static void scsi_cancel_io(SCSIRequest *req) 104 { 105 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 106 107 DPRINTF("Cancel tag=0x%x\n", req->tag); 108 if (r->req.aiocb) { 109 bdrv_aio_cancel(r->req.aiocb); 110 111 /* This reference was left in by scsi_*_data. We take ownership of 112 * it the moment scsi_req_cancel is called, independent of whether 113 * bdrv_aio_cancel completes the request or not. */ 114 scsi_req_unref(&r->req); 115 } 116 r->req.aiocb = NULL; 117 } 118 119 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 120 { 121 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 122 123 if (!r->iov.iov_base) { 124 r->buflen = size; 125 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 126 } 127 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 128 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 129 return r->qiov.size / 512; 130 } 131 132 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 133 { 134 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 135 136 qemu_put_be64s(f, &r->sector); 137 qemu_put_be32s(f, &r->sector_count); 138 qemu_put_be32s(f, &r->buflen); 139 if (r->buflen) { 140 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 142 } else if (!req->retry) { 143 uint32_t len = r->iov.iov_len; 144 qemu_put_be32s(f, &len); 145 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 146 } 147 } 148 } 149 150 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 151 { 152 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 153 154 qemu_get_be64s(f, &r->sector); 155 qemu_get_be32s(f, &r->sector_count); 156 qemu_get_be32s(f, &r->buflen); 157 if (r->buflen) { 158 scsi_init_iovec(r, r->buflen); 159 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 160 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 161 } else if (!r->req.retry) { 162 uint32_t len; 163 qemu_get_be32s(f, &len); 164 r->iov.iov_len = len; 165 assert(r->iov.iov_len <= r->buflen); 166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 167 } 168 } 169 170 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 171 } 172 173 static void scsi_aio_complete(void *opaque, int ret) 174 { 175 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 177 178 assert(r->req.aiocb != NULL); 179 r->req.aiocb = NULL; 180 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 181 if (r->req.io_canceled) { 182 goto done; 183 } 184 185 if (ret < 0) { 186 if (scsi_handle_rw_error(r, -ret)) { 187 goto done; 188 } 189 } 190 191 scsi_req_complete(&r->req, GOOD); 192 193 done: 194 if (!r->req.io_canceled) { 195 scsi_req_unref(&r->req); 196 } 197 } 198 199 static bool scsi_is_cmd_fua(SCSICommand *cmd) 200 { 201 switch (cmd->buf[0]) { 202 case READ_10: 203 case READ_12: 204 case READ_16: 205 case WRITE_10: 206 case WRITE_12: 207 case WRITE_16: 208 return (cmd->buf[1] & 8) != 0; 209 210 case VERIFY_10: 211 case VERIFY_12: 212 case VERIFY_16: 213 case WRITE_VERIFY_10: 214 case WRITE_VERIFY_12: 215 case WRITE_VERIFY_16: 216 return true; 217 218 case READ_6: 219 case WRITE_6: 220 default: 221 return false; 222 } 223 } 224 225 static void scsi_write_do_fua(SCSIDiskReq *r) 226 { 227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 228 229 if (r->req.io_canceled) { 230 goto done; 231 } 232 233 if (scsi_is_cmd_fua(&r->req.cmd)) { 234 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 235 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 236 return; 237 } 238 239 scsi_req_complete(&r->req, GOOD); 240 241 done: 242 if (!r->req.io_canceled) { 243 scsi_req_unref(&r->req); 244 } 245 } 246 247 static void scsi_dma_complete_noio(void *opaque, int ret) 248 { 249 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 250 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 251 252 if (r->req.aiocb != NULL) { 253 r->req.aiocb = NULL; 254 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 255 } 256 if (r->req.io_canceled) { 257 goto done; 258 } 259 260 if (ret < 0) { 261 if (scsi_handle_rw_error(r, -ret)) { 262 goto done; 263 } 264 } 265 266 r->sector += r->sector_count; 267 r->sector_count = 0; 268 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 269 scsi_write_do_fua(r); 270 return; 271 } else { 272 scsi_req_complete(&r->req, GOOD); 273 } 274 275 done: 276 if (!r->req.io_canceled) { 277 scsi_req_unref(&r->req); 278 } 279 } 280 281 static void scsi_dma_complete(void *opaque, int ret) 282 { 283 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 284 285 assert(r->req.aiocb != NULL); 286 scsi_dma_complete_noio(opaque, ret); 287 } 288 289 static void scsi_read_complete(void * opaque, int ret) 290 { 291 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 293 int n; 294 295 assert(r->req.aiocb != NULL); 296 r->req.aiocb = NULL; 297 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 298 if (r->req.io_canceled) { 299 goto done; 300 } 301 302 if (ret < 0) { 303 if (scsi_handle_rw_error(r, -ret)) { 304 goto done; 305 } 306 } 307 308 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 309 310 n = r->qiov.size / 512; 311 r->sector += n; 312 r->sector_count -= n; 313 scsi_req_data(&r->req, r->qiov.size); 314 315 done: 316 if (!r->req.io_canceled) { 317 scsi_req_unref(&r->req); 318 } 319 } 320 321 /* Actually issue a read to the block device. */ 322 static void scsi_do_read(void *opaque, int ret) 323 { 324 SCSIDiskReq *r = opaque; 325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 326 uint32_t n; 327 328 if (r->req.aiocb != NULL) { 329 r->req.aiocb = NULL; 330 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 331 } 332 if (r->req.io_canceled) { 333 goto done; 334 } 335 336 if (ret < 0) { 337 if (scsi_handle_rw_error(r, -ret)) { 338 goto done; 339 } 340 } 341 342 /* The request is used as the AIO opaque value, so add a ref. */ 343 scsi_req_ref(&r->req); 344 345 if (r->req.sg) { 346 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ); 347 r->req.resid -= r->req.sg->size; 348 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, 349 scsi_dma_complete, r); 350 } else { 351 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 352 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); 353 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, 354 scsi_read_complete, r); 355 } 356 357 done: 358 if (!r->req.io_canceled) { 359 scsi_req_unref(&r->req); 360 } 361 } 362 363 /* Read more data from scsi device into buffer. */ 364 static void scsi_read_data(SCSIRequest *req) 365 { 366 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 368 bool first; 369 370 DPRINTF("Read sector_count=%d\n", r->sector_count); 371 if (r->sector_count == 0) { 372 /* This also clears the sense buffer for REQUEST SENSE. */ 373 scsi_req_complete(&r->req, GOOD); 374 return; 375 } 376 377 /* No data transfer may already be in progress */ 378 assert(r->req.aiocb == NULL); 379 380 /* The request is used as the AIO opaque value, so add a ref. */ 381 scsi_req_ref(&r->req); 382 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 383 DPRINTF("Data transfer direction invalid\n"); 384 scsi_read_complete(r, -EINVAL); 385 return; 386 } 387 388 if (s->tray_open) { 389 scsi_read_complete(r, -ENOMEDIUM); 390 return; 391 } 392 393 first = !r->started; 394 r->started = true; 395 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 396 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 397 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r); 398 } else { 399 scsi_do_read(r, 0); 400 } 401 } 402 403 /* 404 * scsi_handle_rw_error has two return values. 0 means that the error 405 * must be ignored, 1 means that the error has been processed and the 406 * caller should not do anything else for this request. Note that 407 * scsi_handle_rw_error always manages its reference counts, independent 408 * of the return value. 409 */ 410 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 411 { 412 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 414 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error); 415 416 if (action == BDRV_ACTION_REPORT) { 417 switch (error) { 418 case ENOMEDIUM: 419 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 420 break; 421 case ENOMEM: 422 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 423 break; 424 case EINVAL: 425 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 426 break; 427 default: 428 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 429 break; 430 } 431 } 432 bdrv_error_action(s->qdev.conf.bs, action, is_read, error); 433 if (action == BDRV_ACTION_STOP) { 434 scsi_req_retry(&r->req); 435 } 436 return action != BDRV_ACTION_IGNORE; 437 } 438 439 static void scsi_write_complete(void * opaque, int ret) 440 { 441 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 442 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 443 uint32_t n; 444 445 if (r->req.aiocb != NULL) { 446 r->req.aiocb = NULL; 447 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 448 } 449 if (r->req.io_canceled) { 450 goto done; 451 } 452 453 if (ret < 0) { 454 if (scsi_handle_rw_error(r, -ret)) { 455 goto done; 456 } 457 } 458 459 n = r->qiov.size / 512; 460 r->sector += n; 461 r->sector_count -= n; 462 if (r->sector_count == 0) { 463 scsi_write_do_fua(r); 464 return; 465 } else { 466 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 467 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 468 scsi_req_data(&r->req, r->qiov.size); 469 } 470 471 done: 472 if (!r->req.io_canceled) { 473 scsi_req_unref(&r->req); 474 } 475 } 476 477 static void scsi_write_data(SCSIRequest *req) 478 { 479 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 480 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 481 uint32_t n; 482 483 /* No data transfer may already be in progress */ 484 assert(r->req.aiocb == NULL); 485 486 /* The request is used as the AIO opaque value, so add a ref. */ 487 scsi_req_ref(&r->req); 488 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 489 DPRINTF("Data transfer direction invalid\n"); 490 scsi_write_complete(r, -EINVAL); 491 return; 492 } 493 494 if (!r->req.sg && !r->qiov.size) { 495 /* Called for the first time. Ask the driver to send us more data. */ 496 r->started = true; 497 scsi_write_complete(r, 0); 498 return; 499 } 500 if (s->tray_open) { 501 scsi_write_complete(r, -ENOMEDIUM); 502 return; 503 } 504 505 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 506 r->req.cmd.buf[0] == VERIFY_16) { 507 if (r->req.sg) { 508 scsi_dma_complete_noio(r, 0); 509 } else { 510 scsi_write_complete(r, 0); 511 } 512 return; 513 } 514 515 if (r->req.sg) { 516 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE); 517 r->req.resid -= r->req.sg->size; 518 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, 519 scsi_dma_complete, r); 520 } else { 521 n = r->qiov.size / 512; 522 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE); 523 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, 524 scsi_write_complete, r); 525 } 526 } 527 528 /* Return a pointer to the data buffer. */ 529 static uint8_t *scsi_get_buf(SCSIRequest *req) 530 { 531 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 532 533 return (uint8_t *)r->iov.iov_base; 534 } 535 536 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 537 { 538 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 539 int buflen = 0; 540 int start; 541 542 if (req->cmd.buf[1] & 0x1) { 543 /* Vital product data */ 544 uint8_t page_code = req->cmd.buf[2]; 545 546 outbuf[buflen++] = s->qdev.type & 0x1f; 547 outbuf[buflen++] = page_code ; // this page 548 outbuf[buflen++] = 0x00; 549 outbuf[buflen++] = 0x00; 550 start = buflen; 551 552 switch (page_code) { 553 case 0x00: /* Supported page codes, mandatory */ 554 { 555 DPRINTF("Inquiry EVPD[Supported pages] " 556 "buffer size %zd\n", req->cmd.xfer); 557 outbuf[buflen++] = 0x00; // list of supported pages (this page) 558 if (s->serial) { 559 outbuf[buflen++] = 0x80; // unit serial number 560 } 561 outbuf[buflen++] = 0x83; // device identification 562 if (s->qdev.type == TYPE_DISK) { 563 outbuf[buflen++] = 0xb0; // block limits 564 outbuf[buflen++] = 0xb2; // thin provisioning 565 } 566 break; 567 } 568 case 0x80: /* Device serial number, optional */ 569 { 570 int l; 571 572 if (!s->serial) { 573 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 574 return -1; 575 } 576 577 l = strlen(s->serial); 578 if (l > 20) { 579 l = 20; 580 } 581 582 DPRINTF("Inquiry EVPD[Serial number] " 583 "buffer size %zd\n", req->cmd.xfer); 584 memcpy(outbuf+buflen, s->serial, l); 585 buflen += l; 586 break; 587 } 588 589 case 0x83: /* Device identification page, mandatory */ 590 { 591 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs); 592 int max_len = s->serial ? 20 : 255 - 8; 593 int id_len = strlen(str); 594 595 if (id_len > max_len) { 596 id_len = max_len; 597 } 598 DPRINTF("Inquiry EVPD[Device identification] " 599 "buffer size %zd\n", req->cmd.xfer); 600 601 outbuf[buflen++] = 0x2; // ASCII 602 outbuf[buflen++] = 0; // not officially assigned 603 outbuf[buflen++] = 0; // reserved 604 outbuf[buflen++] = id_len; // length of data following 605 memcpy(outbuf+buflen, str, id_len); 606 buflen += id_len; 607 608 if (s->wwn) { 609 outbuf[buflen++] = 0x1; // Binary 610 outbuf[buflen++] = 0x3; // NAA 611 outbuf[buflen++] = 0; // reserved 612 outbuf[buflen++] = 8; 613 stq_be_p(&outbuf[buflen], s->wwn); 614 buflen += 8; 615 } 616 break; 617 } 618 case 0xb0: /* block limits */ 619 { 620 unsigned int unmap_sectors = 621 s->qdev.conf.discard_granularity / s->qdev.blocksize; 622 unsigned int min_io_size = 623 s->qdev.conf.min_io_size / s->qdev.blocksize; 624 unsigned int opt_io_size = 625 s->qdev.conf.opt_io_size / s->qdev.blocksize; 626 627 if (s->qdev.type == TYPE_ROM) { 628 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 629 page_code); 630 return -1; 631 } 632 /* required VPD size with unmap support */ 633 buflen = 0x40; 634 memset(outbuf + 4, 0, buflen - 4); 635 636 /* optimal transfer length granularity */ 637 outbuf[6] = (min_io_size >> 8) & 0xff; 638 outbuf[7] = min_io_size & 0xff; 639 640 /* optimal transfer length */ 641 outbuf[12] = (opt_io_size >> 24) & 0xff; 642 outbuf[13] = (opt_io_size >> 16) & 0xff; 643 outbuf[14] = (opt_io_size >> 8) & 0xff; 644 outbuf[15] = opt_io_size & 0xff; 645 646 /* optimal unmap granularity */ 647 outbuf[28] = (unmap_sectors >> 24) & 0xff; 648 outbuf[29] = (unmap_sectors >> 16) & 0xff; 649 outbuf[30] = (unmap_sectors >> 8) & 0xff; 650 outbuf[31] = unmap_sectors & 0xff; 651 break; 652 } 653 case 0xb2: /* thin provisioning */ 654 { 655 buflen = 8; 656 outbuf[4] = 0; 657 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 658 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 659 outbuf[7] = 0; 660 break; 661 } 662 default: 663 return -1; 664 } 665 /* done with EVPD */ 666 assert(buflen - start <= 255); 667 outbuf[start - 1] = buflen - start; 668 return buflen; 669 } 670 671 /* Standard INQUIRY data */ 672 if (req->cmd.buf[2] != 0) { 673 return -1; 674 } 675 676 /* PAGE CODE == 0 */ 677 buflen = req->cmd.xfer; 678 if (buflen > SCSI_MAX_INQUIRY_LEN) { 679 buflen = SCSI_MAX_INQUIRY_LEN; 680 } 681 682 outbuf[0] = s->qdev.type & 0x1f; 683 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 684 685 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 686 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 687 688 memset(&outbuf[32], 0, 4); 689 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 690 /* 691 * We claim conformance to SPC-3, which is required for guests 692 * to ask for modern features like READ CAPACITY(16) or the 693 * block characteristics VPD page by default. Not all of SPC-3 694 * is actually implemented, but we're good enough. 695 */ 696 outbuf[2] = 5; 697 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 698 699 if (buflen > 36) { 700 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 701 } else { 702 /* If the allocation length of CDB is too small, 703 the additional length is not adjusted */ 704 outbuf[4] = 36 - 5; 705 } 706 707 /* Sync data transfer and TCQ. */ 708 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 709 return buflen; 710 } 711 712 static inline bool media_is_dvd(SCSIDiskState *s) 713 { 714 uint64_t nb_sectors; 715 if (s->qdev.type != TYPE_ROM) { 716 return false; 717 } 718 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 719 return false; 720 } 721 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 722 return nb_sectors > CD_MAX_SECTORS; 723 } 724 725 static inline bool media_is_cd(SCSIDiskState *s) 726 { 727 uint64_t nb_sectors; 728 if (s->qdev.type != TYPE_ROM) { 729 return false; 730 } 731 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 732 return false; 733 } 734 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 735 return nb_sectors <= CD_MAX_SECTORS; 736 } 737 738 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 739 uint8_t *outbuf) 740 { 741 uint8_t type = r->req.cmd.buf[1] & 7; 742 743 if (s->qdev.type != TYPE_ROM) { 744 return -1; 745 } 746 747 /* Types 1/2 are only defined for Blu-Ray. */ 748 if (type != 0) { 749 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 750 return -1; 751 } 752 753 memset(outbuf, 0, 34); 754 outbuf[1] = 32; 755 outbuf[2] = 0xe; /* last session complete, disc finalized */ 756 outbuf[3] = 1; /* first track on disc */ 757 outbuf[4] = 1; /* # of sessions */ 758 outbuf[5] = 1; /* first track of last session */ 759 outbuf[6] = 1; /* last track of last session */ 760 outbuf[7] = 0x20; /* unrestricted use */ 761 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 762 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 763 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 764 /* 24-31: disc bar code */ 765 /* 32: disc application code */ 766 /* 33: number of OPC tables */ 767 768 return 34; 769 } 770 771 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 772 uint8_t *outbuf) 773 { 774 static const int rds_caps_size[5] = { 775 [0] = 2048 + 4, 776 [1] = 4 + 4, 777 [3] = 188 + 4, 778 [4] = 2048 + 4, 779 }; 780 781 uint8_t media = r->req.cmd.buf[1]; 782 uint8_t layer = r->req.cmd.buf[6]; 783 uint8_t format = r->req.cmd.buf[7]; 784 int size = -1; 785 786 if (s->qdev.type != TYPE_ROM) { 787 return -1; 788 } 789 if (media != 0) { 790 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 791 return -1; 792 } 793 794 if (format != 0xff) { 795 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 796 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 797 return -1; 798 } 799 if (media_is_cd(s)) { 800 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 801 return -1; 802 } 803 if (format >= ARRAY_SIZE(rds_caps_size)) { 804 return -1; 805 } 806 size = rds_caps_size[format]; 807 memset(outbuf, 0, size); 808 } 809 810 switch (format) { 811 case 0x00: { 812 /* Physical format information */ 813 uint64_t nb_sectors; 814 if (layer != 0) { 815 goto fail; 816 } 817 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 818 819 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 820 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 821 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 822 outbuf[7] = 0; /* default densities */ 823 824 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 825 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 826 break; 827 } 828 829 case 0x01: /* DVD copyright information, all zeros */ 830 break; 831 832 case 0x03: /* BCA information - invalid field for no BCA info */ 833 return -1; 834 835 case 0x04: /* DVD disc manufacturing information, all zeros */ 836 break; 837 838 case 0xff: { /* List capabilities */ 839 int i; 840 size = 4; 841 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 842 if (!rds_caps_size[i]) { 843 continue; 844 } 845 outbuf[size] = i; 846 outbuf[size + 1] = 0x40; /* Not writable, readable */ 847 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 848 size += 4; 849 } 850 break; 851 } 852 853 default: 854 return -1; 855 } 856 857 /* Size of buffer, not including 2 byte size field */ 858 stw_be_p(outbuf, size - 2); 859 return size; 860 861 fail: 862 return -1; 863 } 864 865 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 866 { 867 uint8_t event_code, media_status; 868 869 media_status = 0; 870 if (s->tray_open) { 871 media_status = MS_TRAY_OPEN; 872 } else if (bdrv_is_inserted(s->qdev.conf.bs)) { 873 media_status = MS_MEDIA_PRESENT; 874 } 875 876 /* Event notification descriptor */ 877 event_code = MEC_NO_CHANGE; 878 if (media_status != MS_TRAY_OPEN) { 879 if (s->media_event) { 880 event_code = MEC_NEW_MEDIA; 881 s->media_event = false; 882 } else if (s->eject_request) { 883 event_code = MEC_EJECT_REQUESTED; 884 s->eject_request = false; 885 } 886 } 887 888 outbuf[0] = event_code; 889 outbuf[1] = media_status; 890 891 /* These fields are reserved, just clear them. */ 892 outbuf[2] = 0; 893 outbuf[3] = 0; 894 return 4; 895 } 896 897 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 898 uint8_t *outbuf) 899 { 900 int size; 901 uint8_t *buf = r->req.cmd.buf; 902 uint8_t notification_class_request = buf[4]; 903 if (s->qdev.type != TYPE_ROM) { 904 return -1; 905 } 906 if ((buf[1] & 1) == 0) { 907 /* asynchronous */ 908 return -1; 909 } 910 911 size = 4; 912 outbuf[0] = outbuf[1] = 0; 913 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 914 if (notification_class_request & (1 << GESN_MEDIA)) { 915 outbuf[2] = GESN_MEDIA; 916 size += scsi_event_status_media(s, &outbuf[size]); 917 } else { 918 outbuf[2] = 0x80; 919 } 920 stw_be_p(outbuf, size - 4); 921 return size; 922 } 923 924 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 925 { 926 int current; 927 928 if (s->qdev.type != TYPE_ROM) { 929 return -1; 930 } 931 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 932 memset(outbuf, 0, 40); 933 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 934 stw_be_p(&outbuf[6], current); 935 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 936 outbuf[10] = 0x03; /* persistent, current */ 937 outbuf[11] = 8; /* two profiles */ 938 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 939 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 940 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 941 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 942 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 943 stw_be_p(&outbuf[20], 1); 944 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 945 outbuf[23] = 8; 946 stl_be_p(&outbuf[24], 1); /* SCSI */ 947 outbuf[28] = 1; /* DBE = 1, mandatory */ 948 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 949 stw_be_p(&outbuf[32], 3); 950 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 951 outbuf[35] = 4; 952 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 953 /* TODO: Random readable, CD read, DVD read, drive serial number, 954 power management */ 955 return 40; 956 } 957 958 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 959 { 960 if (s->qdev.type != TYPE_ROM) { 961 return -1; 962 } 963 memset(outbuf, 0, 8); 964 outbuf[5] = 1; /* CD-ROM */ 965 return 8; 966 } 967 968 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 969 int page_control) 970 { 971 static const int mode_sense_valid[0x3f] = { 972 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 973 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 974 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 975 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 976 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 977 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 978 }; 979 980 uint8_t *p = *p_outbuf + 2; 981 int length; 982 983 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 984 return -1; 985 } 986 987 /* 988 * If Changeable Values are requested, a mask denoting those mode parameters 989 * that are changeable shall be returned. As we currently don't support 990 * parameter changes via MODE_SELECT all bits are returned set to zero. 991 * The buffer was already menset to zero by the caller of this function. 992 * 993 * The offsets here are off by two compared to the descriptions in the 994 * SCSI specs, because those include a 2-byte header. This is unfortunate, 995 * but it is done so that offsets are consistent within our implementation 996 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 997 * 2-byte and 4-byte headers. 998 */ 999 switch (page) { 1000 case MODE_PAGE_HD_GEOMETRY: 1001 length = 0x16; 1002 if (page_control == 1) { /* Changeable Values */ 1003 break; 1004 } 1005 /* if a geometry hint is available, use it */ 1006 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1007 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1008 p[2] = s->qdev.conf.cyls & 0xff; 1009 p[3] = s->qdev.conf.heads & 0xff; 1010 /* Write precomp start cylinder, disabled */ 1011 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1012 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1013 p[6] = s->qdev.conf.cyls & 0xff; 1014 /* Reduced current start cylinder, disabled */ 1015 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1016 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1017 p[9] = s->qdev.conf.cyls & 0xff; 1018 /* Device step rate [ns], 200ns */ 1019 p[10] = 0; 1020 p[11] = 200; 1021 /* Landing zone cylinder */ 1022 p[12] = 0xff; 1023 p[13] = 0xff; 1024 p[14] = 0xff; 1025 /* Medium rotation rate [rpm], 5400 rpm */ 1026 p[18] = (5400 >> 8) & 0xff; 1027 p[19] = 5400 & 0xff; 1028 break; 1029 1030 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1031 length = 0x1e; 1032 if (page_control == 1) { /* Changeable Values */ 1033 break; 1034 } 1035 /* Transfer rate [kbit/s], 5Mbit/s */ 1036 p[0] = 5000 >> 8; 1037 p[1] = 5000 & 0xff; 1038 /* if a geometry hint is available, use it */ 1039 p[2] = s->qdev.conf.heads & 0xff; 1040 p[3] = s->qdev.conf.secs & 0xff; 1041 p[4] = s->qdev.blocksize >> 8; 1042 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1043 p[7] = s->qdev.conf.cyls & 0xff; 1044 /* Write precomp start cylinder, disabled */ 1045 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1046 p[9] = s->qdev.conf.cyls & 0xff; 1047 /* Reduced current start cylinder, disabled */ 1048 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1049 p[11] = s->qdev.conf.cyls & 0xff; 1050 /* Device step rate [100us], 100us */ 1051 p[12] = 0; 1052 p[13] = 1; 1053 /* Device step pulse width [us], 1us */ 1054 p[14] = 1; 1055 /* Device head settle delay [100us], 100us */ 1056 p[15] = 0; 1057 p[16] = 1; 1058 /* Motor on delay [0.1s], 0.1s */ 1059 p[17] = 1; 1060 /* Motor off delay [0.1s], 0.1s */ 1061 p[18] = 1; 1062 /* Medium rotation rate [rpm], 5400 rpm */ 1063 p[26] = (5400 >> 8) & 0xff; 1064 p[27] = 5400 & 0xff; 1065 break; 1066 1067 case MODE_PAGE_CACHING: 1068 length = 0x12; 1069 if (page_control == 1 || /* Changeable Values */ 1070 bdrv_enable_write_cache(s->qdev.conf.bs)) { 1071 p[0] = 4; /* WCE */ 1072 } 1073 break; 1074 1075 case MODE_PAGE_R_W_ERROR: 1076 length = 10; 1077 if (page_control == 1) { /* Changeable Values */ 1078 break; 1079 } 1080 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1081 if (s->qdev.type == TYPE_ROM) { 1082 p[1] = 0x20; /* Read Retry Count */ 1083 } 1084 break; 1085 1086 case MODE_PAGE_AUDIO_CTL: 1087 length = 14; 1088 break; 1089 1090 case MODE_PAGE_CAPABILITIES: 1091 length = 0x14; 1092 if (page_control == 1) { /* Changeable Values */ 1093 break; 1094 } 1095 1096 p[0] = 0x3b; /* CD-R & CD-RW read */ 1097 p[1] = 0; /* Writing not supported */ 1098 p[2] = 0x7f; /* Audio, composite, digital out, 1099 mode 2 form 1&2, multi session */ 1100 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1101 RW corrected, C2 errors, ISRC, 1102 UPC, Bar code */ 1103 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1104 /* Locking supported, jumper present, eject, tray */ 1105 p[5] = 0; /* no volume & mute control, no 1106 changer */ 1107 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1108 p[7] = (50 * 176) & 0xff; 1109 p[8] = 2 >> 8; /* Two volume levels */ 1110 p[9] = 2 & 0xff; 1111 p[10] = 2048 >> 8; /* 2M buffer */ 1112 p[11] = 2048 & 0xff; 1113 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1114 p[13] = (16 * 176) & 0xff; 1115 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1116 p[17] = (16 * 176) & 0xff; 1117 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1118 p[19] = (16 * 176) & 0xff; 1119 break; 1120 1121 default: 1122 return -1; 1123 } 1124 1125 assert(length < 256); 1126 (*p_outbuf)[0] = page; 1127 (*p_outbuf)[1] = length; 1128 *p_outbuf += length + 2; 1129 return length + 2; 1130 } 1131 1132 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1133 { 1134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1135 uint64_t nb_sectors; 1136 bool dbd; 1137 int page, buflen, ret, page_control; 1138 uint8_t *p; 1139 uint8_t dev_specific_param; 1140 1141 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1142 page = r->req.cmd.buf[2] & 0x3f; 1143 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1144 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1145 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1146 memset(outbuf, 0, r->req.cmd.xfer); 1147 p = outbuf; 1148 1149 if (s->qdev.type == TYPE_DISK) { 1150 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1151 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1152 dev_specific_param |= 0x80; /* Readonly. */ 1153 } 1154 } else { 1155 /* MMC prescribes that CD/DVD drives have no block descriptors, 1156 * and defines no device-specific parameter. */ 1157 dev_specific_param = 0x00; 1158 dbd = true; 1159 } 1160 1161 if (r->req.cmd.buf[0] == MODE_SENSE) { 1162 p[1] = 0; /* Default media type. */ 1163 p[2] = dev_specific_param; 1164 p[3] = 0; /* Block descriptor length. */ 1165 p += 4; 1166 } else { /* MODE_SENSE_10 */ 1167 p[2] = 0; /* Default media type. */ 1168 p[3] = dev_specific_param; 1169 p[6] = p[7] = 0; /* Block descriptor length. */ 1170 p += 8; 1171 } 1172 1173 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1174 if (!dbd && nb_sectors) { 1175 if (r->req.cmd.buf[0] == MODE_SENSE) { 1176 outbuf[3] = 8; /* Block descriptor length */ 1177 } else { /* MODE_SENSE_10 */ 1178 outbuf[7] = 8; /* Block descriptor length */ 1179 } 1180 nb_sectors /= (s->qdev.blocksize / 512); 1181 if (nb_sectors > 0xffffff) { 1182 nb_sectors = 0; 1183 } 1184 p[0] = 0; /* media density code */ 1185 p[1] = (nb_sectors >> 16) & 0xff; 1186 p[2] = (nb_sectors >> 8) & 0xff; 1187 p[3] = nb_sectors & 0xff; 1188 p[4] = 0; /* reserved */ 1189 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1190 p[6] = s->qdev.blocksize >> 8; 1191 p[7] = 0; 1192 p += 8; 1193 } 1194 1195 if (page_control == 3) { 1196 /* Saved Values */ 1197 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1198 return -1; 1199 } 1200 1201 if (page == 0x3f) { 1202 for (page = 0; page <= 0x3e; page++) { 1203 mode_sense_page(s, page, &p, page_control); 1204 } 1205 } else { 1206 ret = mode_sense_page(s, page, &p, page_control); 1207 if (ret == -1) { 1208 return -1; 1209 } 1210 } 1211 1212 buflen = p - outbuf; 1213 /* 1214 * The mode data length field specifies the length in bytes of the 1215 * following data that is available to be transferred. The mode data 1216 * length does not include itself. 1217 */ 1218 if (r->req.cmd.buf[0] == MODE_SENSE) { 1219 outbuf[0] = buflen - 1; 1220 } else { /* MODE_SENSE_10 */ 1221 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1222 outbuf[1] = (buflen - 2) & 0xff; 1223 } 1224 return buflen; 1225 } 1226 1227 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1228 { 1229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1230 int start_track, format, msf, toclen; 1231 uint64_t nb_sectors; 1232 1233 msf = req->cmd.buf[1] & 2; 1234 format = req->cmd.buf[2] & 0xf; 1235 start_track = req->cmd.buf[6]; 1236 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1237 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1238 nb_sectors /= s->qdev.blocksize / 512; 1239 switch (format) { 1240 case 0: 1241 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1242 break; 1243 case 1: 1244 /* multi session : only a single session defined */ 1245 toclen = 12; 1246 memset(outbuf, 0, 12); 1247 outbuf[1] = 0x0a; 1248 outbuf[2] = 0x01; 1249 outbuf[3] = 0x01; 1250 break; 1251 case 2: 1252 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1253 break; 1254 default: 1255 return -1; 1256 } 1257 return toclen; 1258 } 1259 1260 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1261 { 1262 SCSIRequest *req = &r->req; 1263 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1264 bool start = req->cmd.buf[4] & 1; 1265 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1266 int pwrcnd = req->cmd.buf[4] & 0xf0; 1267 1268 if (pwrcnd) { 1269 /* eject/load only happens for power condition == 0 */ 1270 return 0; 1271 } 1272 1273 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1274 if (!start && !s->tray_open && s->tray_locked) { 1275 scsi_check_condition(r, 1276 bdrv_is_inserted(s->qdev.conf.bs) 1277 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1278 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1279 return -1; 1280 } 1281 1282 if (s->tray_open != !start) { 1283 bdrv_eject(s->qdev.conf.bs, !start); 1284 s->tray_open = !start; 1285 } 1286 } 1287 return 0; 1288 } 1289 1290 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1291 { 1292 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1293 int buflen = r->iov.iov_len; 1294 1295 if (buflen) { 1296 DPRINTF("Read buf_len=%d\n", buflen); 1297 r->iov.iov_len = 0; 1298 r->started = true; 1299 scsi_req_data(&r->req, buflen); 1300 return; 1301 } 1302 1303 /* This also clears the sense buffer for REQUEST SENSE. */ 1304 scsi_req_complete(&r->req, GOOD); 1305 } 1306 1307 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1308 uint8_t *inbuf, int inlen) 1309 { 1310 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1311 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1312 uint8_t *p; 1313 int len, expected_len, changeable_len, i; 1314 1315 /* The input buffer does not include the page header, so it is 1316 * off by 2 bytes. 1317 */ 1318 expected_len = inlen + 2; 1319 if (expected_len > SCSI_MAX_MODE_LEN) { 1320 return -1; 1321 } 1322 1323 p = mode_current; 1324 memset(mode_current, 0, inlen + 2); 1325 len = mode_sense_page(s, page, &p, 0); 1326 if (len < 0 || len != expected_len) { 1327 return -1; 1328 } 1329 1330 p = mode_changeable; 1331 memset(mode_changeable, 0, inlen + 2); 1332 changeable_len = mode_sense_page(s, page, &p, 1); 1333 assert(changeable_len == len); 1334 1335 /* Check that unchangeable bits are the same as what MODE SENSE 1336 * would return. 1337 */ 1338 for (i = 2; i < len; i++) { 1339 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1340 return -1; 1341 } 1342 } 1343 return 0; 1344 } 1345 1346 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1347 { 1348 switch (page) { 1349 case MODE_PAGE_CACHING: 1350 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0); 1351 break; 1352 1353 default: 1354 break; 1355 } 1356 } 1357 1358 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1359 { 1360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1361 1362 while (len > 0) { 1363 int page, subpage, page_len; 1364 1365 /* Parse both possible formats for the mode page headers. */ 1366 page = p[0] & 0x3f; 1367 if (p[0] & 0x40) { 1368 if (len < 4) { 1369 goto invalid_param_len; 1370 } 1371 subpage = p[1]; 1372 page_len = lduw_be_p(&p[2]); 1373 p += 4; 1374 len -= 4; 1375 } else { 1376 if (len < 2) { 1377 goto invalid_param_len; 1378 } 1379 subpage = 0; 1380 page_len = p[1]; 1381 p += 2; 1382 len -= 2; 1383 } 1384 1385 if (subpage) { 1386 goto invalid_param; 1387 } 1388 if (page_len > len) { 1389 goto invalid_param_len; 1390 } 1391 1392 if (!change) { 1393 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1394 goto invalid_param; 1395 } 1396 } else { 1397 scsi_disk_apply_mode_select(s, page, p); 1398 } 1399 1400 p += page_len; 1401 len -= page_len; 1402 } 1403 return 0; 1404 1405 invalid_param: 1406 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1407 return -1; 1408 1409 invalid_param_len: 1410 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1411 return -1; 1412 } 1413 1414 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1415 { 1416 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1417 uint8_t *p = inbuf; 1418 int cmd = r->req.cmd.buf[0]; 1419 int len = r->req.cmd.xfer; 1420 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1421 int bd_len; 1422 int pass; 1423 1424 /* We only support PF=1, SP=0. */ 1425 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1426 goto invalid_field; 1427 } 1428 1429 if (len < hdr_len) { 1430 goto invalid_param_len; 1431 } 1432 1433 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1434 len -= hdr_len; 1435 p += hdr_len; 1436 if (len < bd_len) { 1437 goto invalid_param_len; 1438 } 1439 if (bd_len != 0 && bd_len != 8) { 1440 goto invalid_param; 1441 } 1442 1443 len -= bd_len; 1444 p += bd_len; 1445 1446 /* Ensure no change is made if there is an error! */ 1447 for (pass = 0; pass < 2; pass++) { 1448 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1449 assert(pass == 0); 1450 return; 1451 } 1452 } 1453 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) { 1454 /* The request is used as the AIO opaque value, so add a ref. */ 1455 scsi_req_ref(&r->req); 1456 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1457 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1458 return; 1459 } 1460 1461 scsi_req_complete(&r->req, GOOD); 1462 return; 1463 1464 invalid_param: 1465 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1466 return; 1467 1468 invalid_param_len: 1469 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1470 return; 1471 1472 invalid_field: 1473 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1474 } 1475 1476 static inline bool check_lba_range(SCSIDiskState *s, 1477 uint64_t sector_num, uint32_t nb_sectors) 1478 { 1479 /* 1480 * The first line tests that no overflow happens when computing the last 1481 * sector. The second line tests that the last accessed sector is in 1482 * range. 1483 * 1484 * Careful, the computations should not underflow for nb_sectors == 0, 1485 * and a 0-block read to the first LBA beyond the end of device is 1486 * valid. 1487 */ 1488 return (sector_num <= sector_num + nb_sectors && 1489 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1490 } 1491 1492 typedef struct UnmapCBData { 1493 SCSIDiskReq *r; 1494 uint8_t *inbuf; 1495 int count; 1496 } UnmapCBData; 1497 1498 static void scsi_unmap_complete(void *opaque, int ret) 1499 { 1500 UnmapCBData *data = opaque; 1501 SCSIDiskReq *r = data->r; 1502 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1503 uint64_t sector_num; 1504 uint32_t nb_sectors; 1505 1506 r->req.aiocb = NULL; 1507 if (r->req.io_canceled) { 1508 goto done; 1509 } 1510 1511 if (ret < 0) { 1512 if (scsi_handle_rw_error(r, -ret)) { 1513 goto done; 1514 } 1515 } 1516 1517 if (data->count > 0) { 1518 sector_num = ldq_be_p(&data->inbuf[0]); 1519 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1520 if (!check_lba_range(s, sector_num, nb_sectors)) { 1521 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1522 goto done; 1523 } 1524 1525 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1526 sector_num * (s->qdev.blocksize / 512), 1527 nb_sectors * (s->qdev.blocksize / 512), 1528 scsi_unmap_complete, data); 1529 data->count--; 1530 data->inbuf += 16; 1531 return; 1532 } 1533 1534 scsi_req_complete(&r->req, GOOD); 1535 1536 done: 1537 if (!r->req.io_canceled) { 1538 scsi_req_unref(&r->req); 1539 } 1540 g_free(data); 1541 } 1542 1543 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1544 { 1545 uint8_t *p = inbuf; 1546 int len = r->req.cmd.xfer; 1547 UnmapCBData *data; 1548 1549 if (len < 8) { 1550 goto invalid_param_len; 1551 } 1552 if (len < lduw_be_p(&p[0]) + 2) { 1553 goto invalid_param_len; 1554 } 1555 if (len < lduw_be_p(&p[2]) + 8) { 1556 goto invalid_param_len; 1557 } 1558 if (lduw_be_p(&p[2]) & 15) { 1559 goto invalid_param_len; 1560 } 1561 1562 data = g_new0(UnmapCBData, 1); 1563 data->r = r; 1564 data->inbuf = &p[8]; 1565 data->count = lduw_be_p(&p[2]) >> 4; 1566 1567 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1568 scsi_req_ref(&r->req); 1569 scsi_unmap_complete(data, 0); 1570 return; 1571 1572 invalid_param_len: 1573 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1574 } 1575 1576 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1577 { 1578 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1579 1580 if (r->iov.iov_len) { 1581 int buflen = r->iov.iov_len; 1582 DPRINTF("Write buf_len=%d\n", buflen); 1583 r->iov.iov_len = 0; 1584 scsi_req_data(&r->req, buflen); 1585 return; 1586 } 1587 1588 switch (req->cmd.buf[0]) { 1589 case MODE_SELECT: 1590 case MODE_SELECT_10: 1591 /* This also clears the sense buffer for REQUEST SENSE. */ 1592 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1593 break; 1594 1595 case UNMAP: 1596 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1597 break; 1598 1599 default: 1600 abort(); 1601 } 1602 } 1603 1604 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1605 { 1606 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1608 uint64_t nb_sectors; 1609 uint8_t *outbuf; 1610 int buflen; 1611 1612 switch (req->cmd.buf[0]) { 1613 case INQUIRY: 1614 case MODE_SENSE: 1615 case MODE_SENSE_10: 1616 case RESERVE: 1617 case RESERVE_10: 1618 case RELEASE: 1619 case RELEASE_10: 1620 case START_STOP: 1621 case ALLOW_MEDIUM_REMOVAL: 1622 case GET_CONFIGURATION: 1623 case GET_EVENT_STATUS_NOTIFICATION: 1624 case MECHANISM_STATUS: 1625 case REQUEST_SENSE: 1626 break; 1627 1628 default: 1629 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1630 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1631 return 0; 1632 } 1633 break; 1634 } 1635 1636 /* 1637 * FIXME: we shouldn't return anything bigger than 4k, but the code 1638 * requires the buffer to be as big as req->cmd.xfer in several 1639 * places. So, do not allow CDBs with a very large ALLOCATION 1640 * LENGTH. The real fix would be to modify scsi_read_data and 1641 * dma_buf_read, so that they return data beyond the buflen 1642 * as all zeros. 1643 */ 1644 if (req->cmd.xfer > 65536) { 1645 goto illegal_request; 1646 } 1647 r->buflen = MAX(4096, req->cmd.xfer); 1648 1649 if (!r->iov.iov_base) { 1650 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 1651 } 1652 1653 buflen = req->cmd.xfer; 1654 outbuf = r->iov.iov_base; 1655 memset(outbuf, 0, r->buflen); 1656 switch (req->cmd.buf[0]) { 1657 case TEST_UNIT_READY: 1658 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs)); 1659 break; 1660 case INQUIRY: 1661 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1662 if (buflen < 0) { 1663 goto illegal_request; 1664 } 1665 break; 1666 case MODE_SENSE: 1667 case MODE_SENSE_10: 1668 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1669 if (buflen < 0) { 1670 goto illegal_request; 1671 } 1672 break; 1673 case READ_TOC: 1674 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1675 if (buflen < 0) { 1676 goto illegal_request; 1677 } 1678 break; 1679 case RESERVE: 1680 if (req->cmd.buf[1] & 1) { 1681 goto illegal_request; 1682 } 1683 break; 1684 case RESERVE_10: 1685 if (req->cmd.buf[1] & 3) { 1686 goto illegal_request; 1687 } 1688 break; 1689 case RELEASE: 1690 if (req->cmd.buf[1] & 1) { 1691 goto illegal_request; 1692 } 1693 break; 1694 case RELEASE_10: 1695 if (req->cmd.buf[1] & 3) { 1696 goto illegal_request; 1697 } 1698 break; 1699 case START_STOP: 1700 if (scsi_disk_emulate_start_stop(r) < 0) { 1701 return 0; 1702 } 1703 break; 1704 case ALLOW_MEDIUM_REMOVAL: 1705 s->tray_locked = req->cmd.buf[4] & 1; 1706 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1); 1707 break; 1708 case READ_CAPACITY_10: 1709 /* The normal LEN field for this command is zero. */ 1710 memset(outbuf, 0, 8); 1711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1712 if (!nb_sectors) { 1713 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1714 return 0; 1715 } 1716 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1717 goto illegal_request; 1718 } 1719 nb_sectors /= s->qdev.blocksize / 512; 1720 /* Returned value is the address of the last sector. */ 1721 nb_sectors--; 1722 /* Remember the new size for read/write sanity checking. */ 1723 s->qdev.max_lba = nb_sectors; 1724 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1725 if (nb_sectors > UINT32_MAX) { 1726 nb_sectors = UINT32_MAX; 1727 } 1728 outbuf[0] = (nb_sectors >> 24) & 0xff; 1729 outbuf[1] = (nb_sectors >> 16) & 0xff; 1730 outbuf[2] = (nb_sectors >> 8) & 0xff; 1731 outbuf[3] = nb_sectors & 0xff; 1732 outbuf[4] = 0; 1733 outbuf[5] = 0; 1734 outbuf[6] = s->qdev.blocksize >> 8; 1735 outbuf[7] = 0; 1736 break; 1737 case REQUEST_SENSE: 1738 /* Just return "NO SENSE". */ 1739 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1740 (req->cmd.buf[1] & 1) == 0); 1741 if (buflen < 0) { 1742 goto illegal_request; 1743 } 1744 break; 1745 case MECHANISM_STATUS: 1746 buflen = scsi_emulate_mechanism_status(s, outbuf); 1747 if (buflen < 0) { 1748 goto illegal_request; 1749 } 1750 break; 1751 case GET_CONFIGURATION: 1752 buflen = scsi_get_configuration(s, outbuf); 1753 if (buflen < 0) { 1754 goto illegal_request; 1755 } 1756 break; 1757 case GET_EVENT_STATUS_NOTIFICATION: 1758 buflen = scsi_get_event_status_notification(s, r, outbuf); 1759 if (buflen < 0) { 1760 goto illegal_request; 1761 } 1762 break; 1763 case READ_DISC_INFORMATION: 1764 buflen = scsi_read_disc_information(s, r, outbuf); 1765 if (buflen < 0) { 1766 goto illegal_request; 1767 } 1768 break; 1769 case READ_DVD_STRUCTURE: 1770 buflen = scsi_read_dvd_structure(s, r, outbuf); 1771 if (buflen < 0) { 1772 goto illegal_request; 1773 } 1774 break; 1775 case SERVICE_ACTION_IN_16: 1776 /* Service Action In subcommands. */ 1777 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1778 DPRINTF("SAI READ CAPACITY(16)\n"); 1779 memset(outbuf, 0, req->cmd.xfer); 1780 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1781 if (!nb_sectors) { 1782 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1783 return 0; 1784 } 1785 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1786 goto illegal_request; 1787 } 1788 nb_sectors /= s->qdev.blocksize / 512; 1789 /* Returned value is the address of the last sector. */ 1790 nb_sectors--; 1791 /* Remember the new size for read/write sanity checking. */ 1792 s->qdev.max_lba = nb_sectors; 1793 outbuf[0] = (nb_sectors >> 56) & 0xff; 1794 outbuf[1] = (nb_sectors >> 48) & 0xff; 1795 outbuf[2] = (nb_sectors >> 40) & 0xff; 1796 outbuf[3] = (nb_sectors >> 32) & 0xff; 1797 outbuf[4] = (nb_sectors >> 24) & 0xff; 1798 outbuf[5] = (nb_sectors >> 16) & 0xff; 1799 outbuf[6] = (nb_sectors >> 8) & 0xff; 1800 outbuf[7] = nb_sectors & 0xff; 1801 outbuf[8] = 0; 1802 outbuf[9] = 0; 1803 outbuf[10] = s->qdev.blocksize >> 8; 1804 outbuf[11] = 0; 1805 outbuf[12] = 0; 1806 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1807 1808 /* set TPE bit if the format supports discard */ 1809 if (s->qdev.conf.discard_granularity) { 1810 outbuf[14] = 0x80; 1811 } 1812 1813 /* Protection, exponent and lowest lba field left blank. */ 1814 break; 1815 } 1816 DPRINTF("Unsupported Service Action In\n"); 1817 goto illegal_request; 1818 case SYNCHRONIZE_CACHE: 1819 /* The request is used as the AIO opaque value, so add a ref. */ 1820 scsi_req_ref(&r->req); 1821 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1822 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1823 return 0; 1824 case SEEK_10: 1825 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 1826 if (r->req.cmd.lba > s->qdev.max_lba) { 1827 goto illegal_lba; 1828 } 1829 break; 1830 case MODE_SELECT: 1831 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 1832 break; 1833 case MODE_SELECT_10: 1834 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 1835 break; 1836 case UNMAP: 1837 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 1838 break; 1839 case WRITE_SAME_10: 1840 case WRITE_SAME_16: 1841 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); 1842 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1843 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1844 return 0; 1845 } 1846 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1847 goto illegal_lba; 1848 } 1849 1850 /* 1851 * We only support WRITE SAME with the unmap bit set for now. 1852 */ 1853 if (!(req->cmd.buf[1] & 0x8)) { 1854 goto illegal_request; 1855 } 1856 1857 /* The request is used as the AIO opaque value, so add a ref. */ 1858 scsi_req_ref(&r->req); 1859 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1860 r->req.cmd.lba * (s->qdev.blocksize / 512), 1861 nb_sectors * (s->qdev.blocksize / 512), 1862 scsi_aio_complete, r); 1863 return 0; 1864 default: 1865 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]); 1866 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 1867 return 0; 1868 } 1869 assert(!r->req.aiocb); 1870 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 1871 if (r->iov.iov_len == 0) { 1872 scsi_req_complete(&r->req, GOOD); 1873 } 1874 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 1875 assert(r->iov.iov_len == req->cmd.xfer); 1876 return -r->iov.iov_len; 1877 } else { 1878 return r->iov.iov_len; 1879 } 1880 1881 illegal_request: 1882 if (r->req.status == -1) { 1883 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1884 } 1885 return 0; 1886 1887 illegal_lba: 1888 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1889 return 0; 1890 } 1891 1892 /* Execute a scsi command. Returns the length of the data expected by the 1893 command. This will be Positive for data transfers from the device 1894 (eg. disk reads), negative for transfers to the device (eg. disk writes), 1895 and zero if the command does not transfer any data. */ 1896 1897 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 1898 { 1899 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1900 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1901 uint32_t len; 1902 uint8_t command; 1903 1904 command = buf[0]; 1905 1906 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1907 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1908 return 0; 1909 } 1910 1911 len = scsi_data_cdb_length(r->req.cmd.buf); 1912 switch (command) { 1913 case READ_6: 1914 case READ_10: 1915 case READ_12: 1916 case READ_16: 1917 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 1918 if (r->req.cmd.buf[1] & 0xe0) { 1919 goto illegal_request; 1920 } 1921 if (!check_lba_range(s, r->req.cmd.lba, len)) { 1922 goto illegal_lba; 1923 } 1924 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1925 r->sector_count = len * (s->qdev.blocksize / 512); 1926 break; 1927 case WRITE_6: 1928 case WRITE_10: 1929 case WRITE_12: 1930 case WRITE_16: 1931 case WRITE_VERIFY_10: 1932 case WRITE_VERIFY_12: 1933 case WRITE_VERIFY_16: 1934 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1935 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1936 return 0; 1937 } 1938 /* fallthrough */ 1939 case VERIFY_10: 1940 case VERIFY_12: 1941 case VERIFY_16: 1942 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 1943 (command & 0xe) == 0xe ? "And Verify " : "", 1944 r->req.cmd.lba, len); 1945 if (r->req.cmd.buf[1] & 0xe0) { 1946 goto illegal_request; 1947 } 1948 if (!check_lba_range(s, r->req.cmd.lba, len)) { 1949 goto illegal_lba; 1950 } 1951 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1952 r->sector_count = len * (s->qdev.blocksize / 512); 1953 break; 1954 default: 1955 abort(); 1956 illegal_request: 1957 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1958 return 0; 1959 illegal_lba: 1960 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1961 return 0; 1962 } 1963 if (r->sector_count == 0) { 1964 scsi_req_complete(&r->req, GOOD); 1965 } 1966 assert(r->iov.iov_len == 0); 1967 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 1968 return -r->sector_count * 512; 1969 } else { 1970 return r->sector_count * 512; 1971 } 1972 } 1973 1974 static void scsi_disk_reset(DeviceState *dev) 1975 { 1976 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 1977 uint64_t nb_sectors; 1978 1979 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 1980 1981 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1982 nb_sectors /= s->qdev.blocksize / 512; 1983 if (nb_sectors) { 1984 nb_sectors--; 1985 } 1986 s->qdev.max_lba = nb_sectors; 1987 } 1988 1989 static void scsi_destroy(SCSIDevice *dev) 1990 { 1991 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 1992 1993 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE)); 1994 blockdev_mark_auto_del(s->qdev.conf.bs); 1995 } 1996 1997 static void scsi_disk_resize_cb(void *opaque) 1998 { 1999 SCSIDiskState *s = opaque; 2000 2001 /* SPC lists this sense code as available only for 2002 * direct-access devices. 2003 */ 2004 if (s->qdev.type == TYPE_DISK) { 2005 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2006 } 2007 } 2008 2009 static void scsi_cd_change_media_cb(void *opaque, bool load) 2010 { 2011 SCSIDiskState *s = opaque; 2012 2013 /* 2014 * When a CD gets changed, we have to report an ejected state and 2015 * then a loaded state to guests so that they detect tray 2016 * open/close and media change events. Guests that do not use 2017 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2018 * states rely on this behavior. 2019 * 2020 * media_changed governs the state machine used for unit attention 2021 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2022 */ 2023 s->media_changed = load; 2024 s->tray_open = !load; 2025 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2026 s->media_event = true; 2027 s->eject_request = false; 2028 } 2029 2030 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2031 { 2032 SCSIDiskState *s = opaque; 2033 2034 s->eject_request = true; 2035 if (force) { 2036 s->tray_locked = false; 2037 } 2038 } 2039 2040 static bool scsi_cd_is_tray_open(void *opaque) 2041 { 2042 return ((SCSIDiskState *)opaque)->tray_open; 2043 } 2044 2045 static bool scsi_cd_is_medium_locked(void *opaque) 2046 { 2047 return ((SCSIDiskState *)opaque)->tray_locked; 2048 } 2049 2050 static const BlockDevOps scsi_disk_removable_block_ops = { 2051 .change_media_cb = scsi_cd_change_media_cb, 2052 .eject_request_cb = scsi_cd_eject_request_cb, 2053 .is_tray_open = scsi_cd_is_tray_open, 2054 .is_medium_locked = scsi_cd_is_medium_locked, 2055 2056 .resize_cb = scsi_disk_resize_cb, 2057 }; 2058 2059 static const BlockDevOps scsi_disk_block_ops = { 2060 .resize_cb = scsi_disk_resize_cb, 2061 }; 2062 2063 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2064 { 2065 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2066 if (s->media_changed) { 2067 s->media_changed = false; 2068 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2069 } 2070 } 2071 2072 static int scsi_initfn(SCSIDevice *dev) 2073 { 2074 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2075 2076 if (!s->qdev.conf.bs) { 2077 error_report("drive property not set"); 2078 return -1; 2079 } 2080 2081 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2082 !bdrv_is_inserted(s->qdev.conf.bs)) { 2083 error_report("Device needs media, but drive is empty"); 2084 return -1; 2085 } 2086 2087 blkconf_serial(&s->qdev.conf, &s->serial); 2088 if (dev->type == TYPE_DISK 2089 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) { 2090 return -1; 2091 } 2092 2093 if (s->qdev.conf.discard_granularity == -1) { 2094 s->qdev.conf.discard_granularity = 2095 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2096 } 2097 2098 if (!s->version) { 2099 s->version = g_strdup(qemu_get_version()); 2100 } 2101 if (!s->vendor) { 2102 s->vendor = g_strdup("QEMU"); 2103 } 2104 2105 if (bdrv_is_sg(s->qdev.conf.bs)) { 2106 error_report("unwanted /dev/sg*"); 2107 return -1; 2108 } 2109 2110 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) { 2111 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s); 2112 } else { 2113 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s); 2114 } 2115 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize); 2116 2117 bdrv_iostatus_enable(s->qdev.conf.bs); 2118 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL); 2119 return 0; 2120 } 2121 2122 static int scsi_hd_initfn(SCSIDevice *dev) 2123 { 2124 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2125 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2126 s->qdev.type = TYPE_DISK; 2127 if (!s->product) { 2128 s->product = g_strdup("QEMU HARDDISK"); 2129 } 2130 return scsi_initfn(&s->qdev); 2131 } 2132 2133 static int scsi_cd_initfn(SCSIDevice *dev) 2134 { 2135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2136 s->qdev.blocksize = 2048; 2137 s->qdev.type = TYPE_ROM; 2138 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2139 if (!s->product) { 2140 s->product = g_strdup("QEMU CD-ROM"); 2141 } 2142 return scsi_initfn(&s->qdev); 2143 } 2144 2145 static int scsi_disk_initfn(SCSIDevice *dev) 2146 { 2147 DriveInfo *dinfo; 2148 2149 if (!dev->conf.bs) { 2150 return scsi_initfn(dev); /* ... and die there */ 2151 } 2152 2153 dinfo = drive_get_by_blockdev(dev->conf.bs); 2154 if (dinfo->media_cd) { 2155 return scsi_cd_initfn(dev); 2156 } else { 2157 return scsi_hd_initfn(dev); 2158 } 2159 } 2160 2161 static const SCSIReqOps scsi_disk_emulate_reqops = { 2162 .size = sizeof(SCSIDiskReq), 2163 .free_req = scsi_free_request, 2164 .send_command = scsi_disk_emulate_command, 2165 .read_data = scsi_disk_emulate_read_data, 2166 .write_data = scsi_disk_emulate_write_data, 2167 .get_buf = scsi_get_buf, 2168 }; 2169 2170 static const SCSIReqOps scsi_disk_dma_reqops = { 2171 .size = sizeof(SCSIDiskReq), 2172 .free_req = scsi_free_request, 2173 .send_command = scsi_disk_dma_command, 2174 .read_data = scsi_read_data, 2175 .write_data = scsi_write_data, 2176 .cancel_io = scsi_cancel_io, 2177 .get_buf = scsi_get_buf, 2178 .load_request = scsi_disk_load_request, 2179 .save_request = scsi_disk_save_request, 2180 }; 2181 2182 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2183 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2184 [INQUIRY] = &scsi_disk_emulate_reqops, 2185 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2186 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2187 [START_STOP] = &scsi_disk_emulate_reqops, 2188 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2189 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2190 [READ_TOC] = &scsi_disk_emulate_reqops, 2191 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2192 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2193 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2194 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2195 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2196 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2197 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2198 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2199 [SEEK_10] = &scsi_disk_emulate_reqops, 2200 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2201 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2202 [UNMAP] = &scsi_disk_emulate_reqops, 2203 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2204 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2205 2206 [READ_6] = &scsi_disk_dma_reqops, 2207 [READ_10] = &scsi_disk_dma_reqops, 2208 [READ_12] = &scsi_disk_dma_reqops, 2209 [READ_16] = &scsi_disk_dma_reqops, 2210 [VERIFY_10] = &scsi_disk_dma_reqops, 2211 [VERIFY_12] = &scsi_disk_dma_reqops, 2212 [VERIFY_16] = &scsi_disk_dma_reqops, 2213 [WRITE_6] = &scsi_disk_dma_reqops, 2214 [WRITE_10] = &scsi_disk_dma_reqops, 2215 [WRITE_12] = &scsi_disk_dma_reqops, 2216 [WRITE_16] = &scsi_disk_dma_reqops, 2217 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2218 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2219 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2220 }; 2221 2222 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2223 uint8_t *buf, void *hba_private) 2224 { 2225 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2226 SCSIRequest *req; 2227 const SCSIReqOps *ops; 2228 uint8_t command; 2229 2230 command = buf[0]; 2231 ops = scsi_disk_reqops_dispatch[command]; 2232 if (!ops) { 2233 ops = &scsi_disk_emulate_reqops; 2234 } 2235 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2236 2237 #ifdef DEBUG_SCSI 2238 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2239 { 2240 int i; 2241 for (i = 1; i < req->cmd.len; i++) { 2242 printf(" 0x%02x", buf[i]); 2243 } 2244 printf("\n"); 2245 } 2246 #endif 2247 2248 return req; 2249 } 2250 2251 #ifdef __linux__ 2252 static int get_device_type(SCSIDiskState *s) 2253 { 2254 BlockDriverState *bdrv = s->qdev.conf.bs; 2255 uint8_t cmd[16]; 2256 uint8_t buf[36]; 2257 uint8_t sensebuf[8]; 2258 sg_io_hdr_t io_header; 2259 int ret; 2260 2261 memset(cmd, 0, sizeof(cmd)); 2262 memset(buf, 0, sizeof(buf)); 2263 cmd[0] = INQUIRY; 2264 cmd[4] = sizeof(buf); 2265 2266 memset(&io_header, 0, sizeof(io_header)); 2267 io_header.interface_id = 'S'; 2268 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2269 io_header.dxfer_len = sizeof(buf); 2270 io_header.dxferp = buf; 2271 io_header.cmdp = cmd; 2272 io_header.cmd_len = sizeof(cmd); 2273 io_header.mx_sb_len = sizeof(sensebuf); 2274 io_header.sbp = sensebuf; 2275 io_header.timeout = 6000; /* XXX */ 2276 2277 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 2278 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2279 return -1; 2280 } 2281 s->qdev.type = buf[0]; 2282 if (buf[1] & 0x80) { 2283 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2284 } 2285 return 0; 2286 } 2287 2288 static int scsi_block_initfn(SCSIDevice *dev) 2289 { 2290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2291 int sg_version; 2292 int rc; 2293 2294 if (!s->qdev.conf.bs) { 2295 error_report("scsi-block: drive property not set"); 2296 return -1; 2297 } 2298 2299 /* check we are using a driver managing SG_IO (version 3 and after) */ 2300 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 || 2301 sg_version < 30000) { 2302 error_report("scsi-block: scsi generic interface too old"); 2303 return -1; 2304 } 2305 2306 /* get device type from INQUIRY data */ 2307 rc = get_device_type(s); 2308 if (rc < 0) { 2309 error_report("scsi-block: INQUIRY failed"); 2310 return -1; 2311 } 2312 2313 /* Make a guess for the block size, we'll fix it when the guest sends. 2314 * READ CAPACITY. If they don't, they likely would assume these sizes 2315 * anyway. (TODO: check in /sys). 2316 */ 2317 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2318 s->qdev.blocksize = 2048; 2319 } else { 2320 s->qdev.blocksize = 512; 2321 } 2322 return scsi_initfn(&s->qdev); 2323 } 2324 2325 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2326 uint32_t lun, uint8_t *buf, 2327 void *hba_private) 2328 { 2329 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2330 2331 switch (buf[0]) { 2332 case READ_6: 2333 case READ_10: 2334 case READ_12: 2335 case READ_16: 2336 case VERIFY_10: 2337 case VERIFY_12: 2338 case VERIFY_16: 2339 case WRITE_6: 2340 case WRITE_10: 2341 case WRITE_12: 2342 case WRITE_16: 2343 case WRITE_VERIFY_10: 2344 case WRITE_VERIFY_12: 2345 case WRITE_VERIFY_16: 2346 /* If we are not using O_DIRECT, we might read stale data from the 2347 * host cache if writes were made using other commands than these 2348 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2349 * O_DIRECT everything must go through SG_IO. 2350 */ 2351 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) { 2352 break; 2353 } 2354 2355 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2356 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2357 * And once you do these writes, reading from the block device is 2358 * unreliable, too. It is even possible that reads deliver random data 2359 * from the host page cache (this is probably a Linux bug). 2360 * 2361 * We might use scsi_disk_dma_reqops as long as no writing commands are 2362 * seen, but performance usually isn't paramount on optical media. So, 2363 * just make scsi-block operate the same as scsi-generic for them. 2364 */ 2365 if (s->qdev.type != TYPE_ROM) { 2366 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2367 hba_private); 2368 } 2369 } 2370 2371 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2372 hba_private); 2373 } 2374 #endif 2375 2376 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2377 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2378 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2379 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2380 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2381 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2382 2383 static Property scsi_hd_properties[] = { 2384 DEFINE_SCSI_DISK_PROPERTIES(), 2385 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2386 SCSI_DISK_F_REMOVABLE, false), 2387 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2388 SCSI_DISK_F_DPOFUA, false), 2389 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2390 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2391 DEFINE_PROP_END_OF_LIST(), 2392 }; 2393 2394 static const VMStateDescription vmstate_scsi_disk_state = { 2395 .name = "scsi-disk", 2396 .version_id = 1, 2397 .minimum_version_id = 1, 2398 .minimum_version_id_old = 1, 2399 .fields = (VMStateField[]) { 2400 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2401 VMSTATE_BOOL(media_changed, SCSIDiskState), 2402 VMSTATE_BOOL(media_event, SCSIDiskState), 2403 VMSTATE_BOOL(eject_request, SCSIDiskState), 2404 VMSTATE_BOOL(tray_open, SCSIDiskState), 2405 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2406 VMSTATE_END_OF_LIST() 2407 } 2408 }; 2409 2410 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2411 { 2412 DeviceClass *dc = DEVICE_CLASS(klass); 2413 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2414 2415 sc->init = scsi_hd_initfn; 2416 sc->destroy = scsi_destroy; 2417 sc->alloc_req = scsi_new_request; 2418 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2419 dc->fw_name = "disk"; 2420 dc->desc = "virtual SCSI disk"; 2421 dc->reset = scsi_disk_reset; 2422 dc->props = scsi_hd_properties; 2423 dc->vmsd = &vmstate_scsi_disk_state; 2424 } 2425 2426 static const TypeInfo scsi_hd_info = { 2427 .name = "scsi-hd", 2428 .parent = TYPE_SCSI_DEVICE, 2429 .instance_size = sizeof(SCSIDiskState), 2430 .class_init = scsi_hd_class_initfn, 2431 }; 2432 2433 static Property scsi_cd_properties[] = { 2434 DEFINE_SCSI_DISK_PROPERTIES(), 2435 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2436 DEFINE_PROP_END_OF_LIST(), 2437 }; 2438 2439 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2440 { 2441 DeviceClass *dc = DEVICE_CLASS(klass); 2442 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2443 2444 sc->init = scsi_cd_initfn; 2445 sc->destroy = scsi_destroy; 2446 sc->alloc_req = scsi_new_request; 2447 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2448 dc->fw_name = "disk"; 2449 dc->desc = "virtual SCSI CD-ROM"; 2450 dc->reset = scsi_disk_reset; 2451 dc->props = scsi_cd_properties; 2452 dc->vmsd = &vmstate_scsi_disk_state; 2453 } 2454 2455 static const TypeInfo scsi_cd_info = { 2456 .name = "scsi-cd", 2457 .parent = TYPE_SCSI_DEVICE, 2458 .instance_size = sizeof(SCSIDiskState), 2459 .class_init = scsi_cd_class_initfn, 2460 }; 2461 2462 #ifdef __linux__ 2463 static Property scsi_block_properties[] = { 2464 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), 2465 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1), 2466 DEFINE_PROP_END_OF_LIST(), 2467 }; 2468 2469 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2470 { 2471 DeviceClass *dc = DEVICE_CLASS(klass); 2472 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2473 2474 sc->init = scsi_block_initfn; 2475 sc->destroy = scsi_destroy; 2476 sc->alloc_req = scsi_block_new_request; 2477 dc->fw_name = "disk"; 2478 dc->desc = "SCSI block device passthrough"; 2479 dc->reset = scsi_disk_reset; 2480 dc->props = scsi_block_properties; 2481 dc->vmsd = &vmstate_scsi_disk_state; 2482 } 2483 2484 static const TypeInfo scsi_block_info = { 2485 .name = "scsi-block", 2486 .parent = TYPE_SCSI_DEVICE, 2487 .instance_size = sizeof(SCSIDiskState), 2488 .class_init = scsi_block_class_initfn, 2489 }; 2490 #endif 2491 2492 static Property scsi_disk_properties[] = { 2493 DEFINE_SCSI_DISK_PROPERTIES(), 2494 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2495 SCSI_DISK_F_REMOVABLE, false), 2496 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2497 SCSI_DISK_F_DPOFUA, false), 2498 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2499 DEFINE_PROP_END_OF_LIST(), 2500 }; 2501 2502 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2503 { 2504 DeviceClass *dc = DEVICE_CLASS(klass); 2505 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2506 2507 sc->init = scsi_disk_initfn; 2508 sc->destroy = scsi_destroy; 2509 sc->alloc_req = scsi_new_request; 2510 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2511 dc->fw_name = "disk"; 2512 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2513 dc->reset = scsi_disk_reset; 2514 dc->props = scsi_disk_properties; 2515 dc->vmsd = &vmstate_scsi_disk_state; 2516 } 2517 2518 static const TypeInfo scsi_disk_info = { 2519 .name = "scsi-disk", 2520 .parent = TYPE_SCSI_DEVICE, 2521 .instance_size = sizeof(SCSIDiskState), 2522 .class_init = scsi_disk_class_initfn, 2523 }; 2524 2525 static void scsi_disk_register_types(void) 2526 { 2527 type_register_static(&scsi_hd_info); 2528 type_register_static(&scsi_cd_info); 2529 #ifdef __linux__ 2530 type_register_static(&scsi_block_info); 2531 #endif 2532 type_register_static(&scsi_disk_info); 2533 } 2534 2535 type_init(scsi_disk_register_types) 2536