1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "qemu/hw-version.h" 29 #include "qemu/memalign.h" 30 #include "hw/scsi/scsi.h" 31 #include "migration/qemu-file-types.h" 32 #include "migration/vmstate.h" 33 #include "hw/scsi/emulation.h" 34 #include "scsi/constants.h" 35 #include "sysemu/block-backend.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "hw/qdev-properties.h" 39 #include "hw/qdev-properties-system.h" 40 #include "sysemu/dma.h" 41 #include "sysemu/sysemu.h" 42 #include "qemu/cutils.h" 43 #include "trace.h" 44 #include "qom/object.h" 45 46 #ifdef __linux 47 #include <scsi/sg.h> 48 #endif 49 50 #define SCSI_WRITE_SAME_MAX (512 * KiB) 51 #define SCSI_DMA_BUF_SIZE (128 * KiB) 52 #define SCSI_MAX_INQUIRY_LEN 256 53 #define SCSI_MAX_MODE_LEN 256 54 55 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 56 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 57 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 58 59 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 60 61 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 62 63 struct SCSIDiskClass { 64 SCSIDeviceClass parent_class; 65 DMAIOFunc *dma_readv; 66 DMAIOFunc *dma_writev; 67 bool (*need_fua_emulation)(SCSICommand *cmd); 68 void (*update_sense)(SCSIRequest *r); 69 }; 70 71 typedef struct SCSIDiskReq { 72 SCSIRequest req; 73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 74 uint64_t sector; 75 uint32_t sector_count; 76 uint32_t buflen; 77 bool started; 78 bool need_fua_emulation; 79 struct iovec iov; 80 QEMUIOVector qiov; 81 BlockAcctCookie acct; 82 } SCSIDiskReq; 83 84 #define SCSI_DISK_F_REMOVABLE 0 85 #define SCSI_DISK_F_DPOFUA 1 86 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 87 88 struct SCSIDiskState { 89 SCSIDevice qdev; 90 uint32_t features; 91 bool media_changed; 92 bool media_event; 93 bool eject_request; 94 uint16_t port_index; 95 uint64_t max_unmap_size; 96 uint64_t max_io_size; 97 uint32_t quirks; 98 QEMUBH *bh; 99 char *version; 100 char *serial; 101 char *vendor; 102 char *product; 103 char *device_id; 104 bool tray_open; 105 bool tray_locked; 106 /* 107 * 0x0000 - rotation rate not reported 108 * 0x0001 - non-rotating medium (SSD) 109 * 0x0002-0x0400 - reserved 110 * 0x0401-0xffe - rotations per minute 111 * 0xffff - reserved 112 */ 113 uint16_t rotation_rate; 114 }; 115 116 static void scsi_free_request(SCSIRequest *req) 117 { 118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 119 120 qemu_vfree(r->iov.iov_base); 121 } 122 123 /* Helper function for command completion with sense. */ 124 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 125 { 126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 127 sense.ascq); 128 scsi_req_build_sense(&r->req, sense); 129 scsi_req_complete(&r->req, CHECK_CONDITION); 130 } 131 132 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 133 { 134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 135 136 if (!r->iov.iov_base) { 137 r->buflen = size; 138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 139 } 140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 141 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 142 } 143 144 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 145 { 146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 147 148 qemu_put_be64s(f, &r->sector); 149 qemu_put_be32s(f, &r->sector_count); 150 qemu_put_be32s(f, &r->buflen); 151 if (r->buflen) { 152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 154 } else if (!req->retry) { 155 uint32_t len = r->iov.iov_len; 156 qemu_put_be32s(f, &len); 157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 } 161 162 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 163 { 164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 165 166 qemu_get_be64s(f, &r->sector); 167 qemu_get_be32s(f, &r->sector_count); 168 qemu_get_be32s(f, &r->buflen); 169 if (r->buflen) { 170 scsi_init_iovec(r, r->buflen); 171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 173 } else if (!r->req.retry) { 174 uint32_t len; 175 qemu_get_be32s(f, &len); 176 r->iov.iov_len = len; 177 assert(r->iov.iov_len <= r->buflen); 178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 179 } 180 } 181 182 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 183 } 184 185 /* 186 * scsi_handle_rw_error has two return values. False means that the error 187 * must be ignored, true means that the error has been processed and the 188 * caller should not do anything else for this request. Note that 189 * scsi_handle_rw_error always manages its reference counts, independent 190 * of the return value. 191 */ 192 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) 193 { 194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 197 SCSISense sense = SENSE_CODE(NO_SENSE); 198 int error = 0; 199 bool req_has_sense = false; 200 BlockErrorAction action; 201 int status; 202 203 if (ret < 0) { 204 status = scsi_sense_from_errno(-ret, &sense); 205 error = -ret; 206 } else { 207 /* A passthrough command has completed with nonzero status. */ 208 status = ret; 209 if (status == CHECK_CONDITION) { 210 req_has_sense = true; 211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 212 } else { 213 error = EINVAL; 214 } 215 } 216 217 /* 218 * Check whether the error has to be handled by the guest or should 219 * rather follow the rerror=/werror= settings. Guest-handled errors 220 * are usually retried immediately, so do not post them to QMP and 221 * do not account them as failed I/O. 222 */ 223 if (req_has_sense && 224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 225 action = BLOCK_ERROR_ACTION_REPORT; 226 acct_failed = false; 227 } else { 228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error); 229 blk_error_action(s->qdev.conf.blk, action, is_read, error); 230 } 231 232 switch (action) { 233 case BLOCK_ERROR_ACTION_REPORT: 234 if (acct_failed) { 235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 236 } 237 if (req_has_sense) { 238 sdc->update_sense(&r->req); 239 } else if (status == CHECK_CONDITION) { 240 scsi_req_build_sense(&r->req, sense); 241 } 242 scsi_req_complete(&r->req, status); 243 return true; 244 245 case BLOCK_ERROR_ACTION_IGNORE: 246 return false; 247 248 case BLOCK_ERROR_ACTION_STOP: 249 scsi_req_retry(&r->req); 250 return true; 251 252 default: 253 g_assert_not_reached(); 254 } 255 } 256 257 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 258 { 259 if (r->req.io_canceled) { 260 scsi_req_cancel_complete(&r->req); 261 return true; 262 } 263 264 if (ret < 0) { 265 return scsi_handle_rw_error(r, ret, acct_failed); 266 } 267 268 return false; 269 } 270 271 static void scsi_aio_complete(void *opaque, int ret) 272 { 273 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 275 276 assert(r->req.aiocb != NULL); 277 r->req.aiocb = NULL; 278 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 279 if (scsi_disk_req_check_error(r, ret, true)) { 280 goto done; 281 } 282 283 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 284 scsi_req_complete(&r->req, GOOD); 285 286 done: 287 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 288 scsi_req_unref(&r->req); 289 } 290 291 static bool scsi_is_cmd_fua(SCSICommand *cmd) 292 { 293 switch (cmd->buf[0]) { 294 case READ_10: 295 case READ_12: 296 case READ_16: 297 case WRITE_10: 298 case WRITE_12: 299 case WRITE_16: 300 return (cmd->buf[1] & 8) != 0; 301 302 case VERIFY_10: 303 case VERIFY_12: 304 case VERIFY_16: 305 case WRITE_VERIFY_10: 306 case WRITE_VERIFY_12: 307 case WRITE_VERIFY_16: 308 return true; 309 310 case READ_6: 311 case WRITE_6: 312 default: 313 return false; 314 } 315 } 316 317 static void scsi_write_do_fua(SCSIDiskReq *r) 318 { 319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 320 321 assert(r->req.aiocb == NULL); 322 assert(!r->req.io_canceled); 323 324 if (r->need_fua_emulation) { 325 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 326 BLOCK_ACCT_FLUSH); 327 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 328 return; 329 } 330 331 scsi_req_complete(&r->req, GOOD); 332 scsi_req_unref(&r->req); 333 } 334 335 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 336 { 337 assert(r->req.aiocb == NULL); 338 if (scsi_disk_req_check_error(r, ret, false)) { 339 goto done; 340 } 341 342 r->sector += r->sector_count; 343 r->sector_count = 0; 344 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 345 scsi_write_do_fua(r); 346 return; 347 } else { 348 scsi_req_complete(&r->req, GOOD); 349 } 350 351 done: 352 scsi_req_unref(&r->req); 353 } 354 355 static void scsi_dma_complete(void *opaque, int ret) 356 { 357 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 359 360 assert(r->req.aiocb != NULL); 361 r->req.aiocb = NULL; 362 363 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 364 if (ret < 0) { 365 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 366 } else { 367 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 368 } 369 scsi_dma_complete_noio(r, ret); 370 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 371 } 372 373 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 374 { 375 uint32_t n; 376 377 assert(r->req.aiocb == NULL); 378 if (scsi_disk_req_check_error(r, ret, false)) { 379 goto done; 380 } 381 382 n = r->qiov.size / BDRV_SECTOR_SIZE; 383 r->sector += n; 384 r->sector_count -= n; 385 scsi_req_data(&r->req, r->qiov.size); 386 387 done: 388 scsi_req_unref(&r->req); 389 } 390 391 static void scsi_read_complete(void *opaque, int ret) 392 { 393 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 395 396 assert(r->req.aiocb != NULL); 397 r->req.aiocb = NULL; 398 399 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 400 if (ret < 0) { 401 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 402 } else { 403 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 404 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 405 } 406 scsi_read_complete_noio(r, ret); 407 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 408 } 409 410 /* Actually issue a read to the block device. */ 411 static void scsi_do_read(SCSIDiskReq *r, int ret) 412 { 413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 414 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 415 416 assert (r->req.aiocb == NULL); 417 if (scsi_disk_req_check_error(r, ret, false)) { 418 goto done; 419 } 420 421 /* The request is used as the AIO opaque value, so add a ref. */ 422 scsi_req_ref(&r->req); 423 424 if (r->req.sg) { 425 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 426 r->req.residual -= r->req.sg->size; 427 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 428 r->req.sg, r->sector << BDRV_SECTOR_BITS, 429 BDRV_SECTOR_SIZE, 430 sdc->dma_readv, r, scsi_dma_complete, r, 431 DMA_DIRECTION_FROM_DEVICE); 432 } else { 433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 434 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 435 r->qiov.size, BLOCK_ACCT_READ); 436 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 437 scsi_read_complete, r, r); 438 } 439 440 done: 441 scsi_req_unref(&r->req); 442 } 443 444 static void scsi_do_read_cb(void *opaque, int ret) 445 { 446 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 448 449 assert (r->req.aiocb != NULL); 450 r->req.aiocb = NULL; 451 452 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 453 if (ret < 0) { 454 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 455 } else { 456 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 457 } 458 scsi_do_read(opaque, ret); 459 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 460 } 461 462 /* Read more data from scsi device into buffer. */ 463 static void scsi_read_data(SCSIRequest *req) 464 { 465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 467 bool first; 468 469 trace_scsi_disk_read_data_count(r->sector_count); 470 if (r->sector_count == 0) { 471 /* This also clears the sense buffer for REQUEST SENSE. */ 472 scsi_req_complete(&r->req, GOOD); 473 return; 474 } 475 476 /* No data transfer may already be in progress */ 477 assert(r->req.aiocb == NULL); 478 479 /* The request is used as the AIO opaque value, so add a ref. */ 480 scsi_req_ref(&r->req); 481 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 482 trace_scsi_disk_read_data_invalid(); 483 scsi_read_complete_noio(r, -EINVAL); 484 return; 485 } 486 487 if (!blk_is_available(req->dev->conf.blk)) { 488 scsi_read_complete_noio(r, -ENOMEDIUM); 489 return; 490 } 491 492 first = !r->started; 493 r->started = true; 494 if (first && r->need_fua_emulation) { 495 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 496 BLOCK_ACCT_FLUSH); 497 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 498 } else { 499 scsi_do_read(r, 0); 500 } 501 } 502 503 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 504 { 505 uint32_t n; 506 507 assert (r->req.aiocb == NULL); 508 if (scsi_disk_req_check_error(r, ret, false)) { 509 goto done; 510 } 511 512 n = r->qiov.size / BDRV_SECTOR_SIZE; 513 r->sector += n; 514 r->sector_count -= n; 515 if (r->sector_count == 0) { 516 scsi_write_do_fua(r); 517 return; 518 } else { 519 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 520 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 521 scsi_req_data(&r->req, r->qiov.size); 522 } 523 524 done: 525 scsi_req_unref(&r->req); 526 } 527 528 static void scsi_write_complete(void * opaque, int ret) 529 { 530 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 532 533 assert (r->req.aiocb != NULL); 534 r->req.aiocb = NULL; 535 536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 537 if (ret < 0) { 538 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 539 } else { 540 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 541 } 542 scsi_write_complete_noio(r, ret); 543 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 544 } 545 546 static void scsi_write_data(SCSIRequest *req) 547 { 548 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 549 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 550 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 551 552 /* No data transfer may already be in progress */ 553 assert(r->req.aiocb == NULL); 554 555 /* The request is used as the AIO opaque value, so add a ref. */ 556 scsi_req_ref(&r->req); 557 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 558 trace_scsi_disk_write_data_invalid(); 559 scsi_write_complete_noio(r, -EINVAL); 560 return; 561 } 562 563 if (!r->req.sg && !r->qiov.size) { 564 /* Called for the first time. Ask the driver to send us more data. */ 565 r->started = true; 566 scsi_write_complete_noio(r, 0); 567 return; 568 } 569 if (!blk_is_available(req->dev->conf.blk)) { 570 scsi_write_complete_noio(r, -ENOMEDIUM); 571 return; 572 } 573 574 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 575 r->req.cmd.buf[0] == VERIFY_16) { 576 if (r->req.sg) { 577 scsi_dma_complete_noio(r, 0); 578 } else { 579 scsi_write_complete_noio(r, 0); 580 } 581 return; 582 } 583 584 if (r->req.sg) { 585 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 586 r->req.residual -= r->req.sg->size; 587 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 588 r->req.sg, r->sector << BDRV_SECTOR_BITS, 589 BDRV_SECTOR_SIZE, 590 sdc->dma_writev, r, scsi_dma_complete, r, 591 DMA_DIRECTION_TO_DEVICE); 592 } else { 593 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 594 r->qiov.size, BLOCK_ACCT_WRITE); 595 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 596 scsi_write_complete, r, r); 597 } 598 } 599 600 /* Return a pointer to the data buffer. */ 601 static uint8_t *scsi_get_buf(SCSIRequest *req) 602 { 603 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 604 605 return (uint8_t *)r->iov.iov_base; 606 } 607 608 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 609 { 610 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 611 uint8_t page_code = req->cmd.buf[2]; 612 int start, buflen = 0; 613 614 outbuf[buflen++] = s->qdev.type & 0x1f; 615 outbuf[buflen++] = page_code; 616 outbuf[buflen++] = 0x00; 617 outbuf[buflen++] = 0x00; 618 start = buflen; 619 620 switch (page_code) { 621 case 0x00: /* Supported page codes, mandatory */ 622 { 623 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 624 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 625 if (s->serial) { 626 outbuf[buflen++] = 0x80; /* unit serial number */ 627 } 628 outbuf[buflen++] = 0x83; /* device identification */ 629 if (s->qdev.type == TYPE_DISK) { 630 outbuf[buflen++] = 0xb0; /* block limits */ 631 outbuf[buflen++] = 0xb1; /* block device characteristics */ 632 outbuf[buflen++] = 0xb2; /* thin provisioning */ 633 } 634 break; 635 } 636 case 0x80: /* Device serial number, optional */ 637 { 638 int l; 639 640 if (!s->serial) { 641 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 642 return -1; 643 } 644 645 l = strlen(s->serial); 646 if (l > 36) { 647 l = 36; 648 } 649 650 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 651 memcpy(outbuf + buflen, s->serial, l); 652 buflen += l; 653 break; 654 } 655 656 case 0x83: /* Device identification page, mandatory */ 657 { 658 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 659 660 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 661 662 if (id_len) { 663 outbuf[buflen++] = 0x2; /* ASCII */ 664 outbuf[buflen++] = 0; /* not officially assigned */ 665 outbuf[buflen++] = 0; /* reserved */ 666 outbuf[buflen++] = id_len; /* length of data following */ 667 memcpy(outbuf + buflen, s->device_id, id_len); 668 buflen += id_len; 669 } 670 671 if (s->qdev.wwn) { 672 outbuf[buflen++] = 0x1; /* Binary */ 673 outbuf[buflen++] = 0x3; /* NAA */ 674 outbuf[buflen++] = 0; /* reserved */ 675 outbuf[buflen++] = 8; 676 stq_be_p(&outbuf[buflen], s->qdev.wwn); 677 buflen += 8; 678 } 679 680 if (s->qdev.port_wwn) { 681 outbuf[buflen++] = 0x61; /* SAS / Binary */ 682 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 683 outbuf[buflen++] = 0; /* reserved */ 684 outbuf[buflen++] = 8; 685 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 686 buflen += 8; 687 } 688 689 if (s->port_index) { 690 outbuf[buflen++] = 0x61; /* SAS / Binary */ 691 692 /* PIV/Target port/relative target port */ 693 outbuf[buflen++] = 0x94; 694 695 outbuf[buflen++] = 0; /* reserved */ 696 outbuf[buflen++] = 4; 697 stw_be_p(&outbuf[buflen + 2], s->port_index); 698 buflen += 4; 699 } 700 break; 701 } 702 case 0xb0: /* block limits */ 703 { 704 SCSIBlockLimits bl = {}; 705 706 if (s->qdev.type == TYPE_ROM) { 707 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 708 return -1; 709 } 710 bl.wsnz = 1; 711 bl.unmap_sectors = 712 s->qdev.conf.discard_granularity / s->qdev.blocksize; 713 bl.min_io_size = 714 s->qdev.conf.min_io_size / s->qdev.blocksize; 715 bl.opt_io_size = 716 s->qdev.conf.opt_io_size / s->qdev.blocksize; 717 bl.max_unmap_sectors = 718 s->max_unmap_size / s->qdev.blocksize; 719 bl.max_io_sectors = 720 s->max_io_size / s->qdev.blocksize; 721 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 722 bl.max_unmap_descr = 255; 723 724 if (s->qdev.type == TYPE_DISK) { 725 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 726 int max_io_sectors_blk = 727 max_transfer_blk / s->qdev.blocksize; 728 729 bl.max_io_sectors = 730 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 731 } 732 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 733 break; 734 } 735 case 0xb1: /* block device characteristics */ 736 { 737 buflen = 0x40; 738 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 739 outbuf[5] = s->rotation_rate & 0xff; 740 outbuf[6] = 0; /* PRODUCT TYPE */ 741 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 742 outbuf[8] = 0; /* VBULS */ 743 break; 744 } 745 case 0xb2: /* thin provisioning */ 746 { 747 buflen = 8; 748 outbuf[4] = 0; 749 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 750 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 751 outbuf[7] = 0; 752 break; 753 } 754 default: 755 return -1; 756 } 757 /* done with EVPD */ 758 assert(buflen - start <= 255); 759 outbuf[start - 1] = buflen - start; 760 return buflen; 761 } 762 763 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 764 { 765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 766 int buflen = 0; 767 768 if (req->cmd.buf[1] & 0x1) { 769 /* Vital product data */ 770 return scsi_disk_emulate_vpd_page(req, outbuf); 771 } 772 773 /* Standard INQUIRY data */ 774 if (req->cmd.buf[2] != 0) { 775 return -1; 776 } 777 778 /* PAGE CODE == 0 */ 779 buflen = req->cmd.xfer; 780 if (buflen > SCSI_MAX_INQUIRY_LEN) { 781 buflen = SCSI_MAX_INQUIRY_LEN; 782 } 783 784 outbuf[0] = s->qdev.type & 0x1f; 785 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 786 787 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 788 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 789 790 memset(&outbuf[32], 0, 4); 791 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 792 /* 793 * We claim conformance to SPC-3, which is required for guests 794 * to ask for modern features like READ CAPACITY(16) or the 795 * block characteristics VPD page by default. Not all of SPC-3 796 * is actually implemented, but we're good enough. 797 */ 798 outbuf[2] = s->qdev.default_scsi_version; 799 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 800 801 if (buflen > 36) { 802 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 803 } else { 804 /* If the allocation length of CDB is too small, 805 the additional length is not adjusted */ 806 outbuf[4] = 36 - 5; 807 } 808 809 /* Sync data transfer and TCQ. */ 810 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 811 return buflen; 812 } 813 814 static inline bool media_is_dvd(SCSIDiskState *s) 815 { 816 uint64_t nb_sectors; 817 if (s->qdev.type != TYPE_ROM) { 818 return false; 819 } 820 if (!blk_is_available(s->qdev.conf.blk)) { 821 return false; 822 } 823 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 824 return nb_sectors > CD_MAX_SECTORS; 825 } 826 827 static inline bool media_is_cd(SCSIDiskState *s) 828 { 829 uint64_t nb_sectors; 830 if (s->qdev.type != TYPE_ROM) { 831 return false; 832 } 833 if (!blk_is_available(s->qdev.conf.blk)) { 834 return false; 835 } 836 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 837 return nb_sectors <= CD_MAX_SECTORS; 838 } 839 840 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 841 uint8_t *outbuf) 842 { 843 uint8_t type = r->req.cmd.buf[1] & 7; 844 845 if (s->qdev.type != TYPE_ROM) { 846 return -1; 847 } 848 849 /* Types 1/2 are only defined for Blu-Ray. */ 850 if (type != 0) { 851 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 852 return -1; 853 } 854 855 memset(outbuf, 0, 34); 856 outbuf[1] = 32; 857 outbuf[2] = 0xe; /* last session complete, disc finalized */ 858 outbuf[3] = 1; /* first track on disc */ 859 outbuf[4] = 1; /* # of sessions */ 860 outbuf[5] = 1; /* first track of last session */ 861 outbuf[6] = 1; /* last track of last session */ 862 outbuf[7] = 0x20; /* unrestricted use */ 863 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 864 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 865 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 866 /* 24-31: disc bar code */ 867 /* 32: disc application code */ 868 /* 33: number of OPC tables */ 869 870 return 34; 871 } 872 873 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 874 uint8_t *outbuf) 875 { 876 static const int rds_caps_size[5] = { 877 [0] = 2048 + 4, 878 [1] = 4 + 4, 879 [3] = 188 + 4, 880 [4] = 2048 + 4, 881 }; 882 883 uint8_t media = r->req.cmd.buf[1]; 884 uint8_t layer = r->req.cmd.buf[6]; 885 uint8_t format = r->req.cmd.buf[7]; 886 int size = -1; 887 888 if (s->qdev.type != TYPE_ROM) { 889 return -1; 890 } 891 if (media != 0) { 892 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 893 return -1; 894 } 895 896 if (format != 0xff) { 897 if (!blk_is_available(s->qdev.conf.blk)) { 898 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 899 return -1; 900 } 901 if (media_is_cd(s)) { 902 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 903 return -1; 904 } 905 if (format >= ARRAY_SIZE(rds_caps_size)) { 906 return -1; 907 } 908 size = rds_caps_size[format]; 909 memset(outbuf, 0, size); 910 } 911 912 switch (format) { 913 case 0x00: { 914 /* Physical format information */ 915 uint64_t nb_sectors; 916 if (layer != 0) { 917 goto fail; 918 } 919 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 920 921 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 922 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 923 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 924 outbuf[7] = 0; /* default densities */ 925 926 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 927 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 928 break; 929 } 930 931 case 0x01: /* DVD copyright information, all zeros */ 932 break; 933 934 case 0x03: /* BCA information - invalid field for no BCA info */ 935 return -1; 936 937 case 0x04: /* DVD disc manufacturing information, all zeros */ 938 break; 939 940 case 0xff: { /* List capabilities */ 941 int i; 942 size = 4; 943 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 944 if (!rds_caps_size[i]) { 945 continue; 946 } 947 outbuf[size] = i; 948 outbuf[size + 1] = 0x40; /* Not writable, readable */ 949 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 950 size += 4; 951 } 952 break; 953 } 954 955 default: 956 return -1; 957 } 958 959 /* Size of buffer, not including 2 byte size field */ 960 stw_be_p(outbuf, size - 2); 961 return size; 962 963 fail: 964 return -1; 965 } 966 967 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 968 { 969 uint8_t event_code, media_status; 970 971 media_status = 0; 972 if (s->tray_open) { 973 media_status = MS_TRAY_OPEN; 974 } else if (blk_is_inserted(s->qdev.conf.blk)) { 975 media_status = MS_MEDIA_PRESENT; 976 } 977 978 /* Event notification descriptor */ 979 event_code = MEC_NO_CHANGE; 980 if (media_status != MS_TRAY_OPEN) { 981 if (s->media_event) { 982 event_code = MEC_NEW_MEDIA; 983 s->media_event = false; 984 } else if (s->eject_request) { 985 event_code = MEC_EJECT_REQUESTED; 986 s->eject_request = false; 987 } 988 } 989 990 outbuf[0] = event_code; 991 outbuf[1] = media_status; 992 993 /* These fields are reserved, just clear them. */ 994 outbuf[2] = 0; 995 outbuf[3] = 0; 996 return 4; 997 } 998 999 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 1000 uint8_t *outbuf) 1001 { 1002 int size; 1003 uint8_t *buf = r->req.cmd.buf; 1004 uint8_t notification_class_request = buf[4]; 1005 if (s->qdev.type != TYPE_ROM) { 1006 return -1; 1007 } 1008 if ((buf[1] & 1) == 0) { 1009 /* asynchronous */ 1010 return -1; 1011 } 1012 1013 size = 4; 1014 outbuf[0] = outbuf[1] = 0; 1015 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1016 if (notification_class_request & (1 << GESN_MEDIA)) { 1017 outbuf[2] = GESN_MEDIA; 1018 size += scsi_event_status_media(s, &outbuf[size]); 1019 } else { 1020 outbuf[2] = 0x80; 1021 } 1022 stw_be_p(outbuf, size - 4); 1023 return size; 1024 } 1025 1026 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1027 { 1028 int current; 1029 1030 if (s->qdev.type != TYPE_ROM) { 1031 return -1; 1032 } 1033 1034 if (media_is_dvd(s)) { 1035 current = MMC_PROFILE_DVD_ROM; 1036 } else if (media_is_cd(s)) { 1037 current = MMC_PROFILE_CD_ROM; 1038 } else { 1039 current = MMC_PROFILE_NONE; 1040 } 1041 1042 memset(outbuf, 0, 40); 1043 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1044 stw_be_p(&outbuf[6], current); 1045 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1046 outbuf[10] = 0x03; /* persistent, current */ 1047 outbuf[11] = 8; /* two profiles */ 1048 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1049 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1050 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1051 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1052 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1053 stw_be_p(&outbuf[20], 1); 1054 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1055 outbuf[23] = 8; 1056 stl_be_p(&outbuf[24], 1); /* SCSI */ 1057 outbuf[28] = 1; /* DBE = 1, mandatory */ 1058 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1059 stw_be_p(&outbuf[32], 3); 1060 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1061 outbuf[35] = 4; 1062 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1063 /* TODO: Random readable, CD read, DVD read, drive serial number, 1064 power management */ 1065 return 40; 1066 } 1067 1068 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1069 { 1070 if (s->qdev.type != TYPE_ROM) { 1071 return -1; 1072 } 1073 memset(outbuf, 0, 8); 1074 outbuf[5] = 1; /* CD-ROM */ 1075 return 8; 1076 } 1077 1078 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1079 int page_control) 1080 { 1081 static const int mode_sense_valid[0x3f] = { 1082 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1083 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1084 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1085 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1086 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1087 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1088 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1089 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM), 1090 }; 1091 1092 uint8_t *p = *p_outbuf + 2; 1093 int length; 1094 1095 assert(page < ARRAY_SIZE(mode_sense_valid)); 1096 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1097 return -1; 1098 } 1099 1100 /* 1101 * If Changeable Values are requested, a mask denoting those mode parameters 1102 * that are changeable shall be returned. As we currently don't support 1103 * parameter changes via MODE_SELECT all bits are returned set to zero. 1104 * The buffer was already menset to zero by the caller of this function. 1105 * 1106 * The offsets here are off by two compared to the descriptions in the 1107 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1108 * but it is done so that offsets are consistent within our implementation 1109 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1110 * 2-byte and 4-byte headers. 1111 */ 1112 switch (page) { 1113 case MODE_PAGE_HD_GEOMETRY: 1114 length = 0x16; 1115 if (page_control == 1) { /* Changeable Values */ 1116 break; 1117 } 1118 /* if a geometry hint is available, use it */ 1119 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1120 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1121 p[2] = s->qdev.conf.cyls & 0xff; 1122 p[3] = s->qdev.conf.heads & 0xff; 1123 /* Write precomp start cylinder, disabled */ 1124 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1125 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1126 p[6] = s->qdev.conf.cyls & 0xff; 1127 /* Reduced current start cylinder, disabled */ 1128 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1129 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1130 p[9] = s->qdev.conf.cyls & 0xff; 1131 /* Device step rate [ns], 200ns */ 1132 p[10] = 0; 1133 p[11] = 200; 1134 /* Landing zone cylinder */ 1135 p[12] = 0xff; 1136 p[13] = 0xff; 1137 p[14] = 0xff; 1138 /* Medium rotation rate [rpm], 5400 rpm */ 1139 p[18] = (5400 >> 8) & 0xff; 1140 p[19] = 5400 & 0xff; 1141 break; 1142 1143 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1144 length = 0x1e; 1145 if (page_control == 1) { /* Changeable Values */ 1146 break; 1147 } 1148 /* Transfer rate [kbit/s], 5Mbit/s */ 1149 p[0] = 5000 >> 8; 1150 p[1] = 5000 & 0xff; 1151 /* if a geometry hint is available, use it */ 1152 p[2] = s->qdev.conf.heads & 0xff; 1153 p[3] = s->qdev.conf.secs & 0xff; 1154 p[4] = s->qdev.blocksize >> 8; 1155 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1156 p[7] = s->qdev.conf.cyls & 0xff; 1157 /* Write precomp start cylinder, disabled */ 1158 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1159 p[9] = s->qdev.conf.cyls & 0xff; 1160 /* Reduced current start cylinder, disabled */ 1161 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1162 p[11] = s->qdev.conf.cyls & 0xff; 1163 /* Device step rate [100us], 100us */ 1164 p[12] = 0; 1165 p[13] = 1; 1166 /* Device step pulse width [us], 1us */ 1167 p[14] = 1; 1168 /* Device head settle delay [100us], 100us */ 1169 p[15] = 0; 1170 p[16] = 1; 1171 /* Motor on delay [0.1s], 0.1s */ 1172 p[17] = 1; 1173 /* Motor off delay [0.1s], 0.1s */ 1174 p[18] = 1; 1175 /* Medium rotation rate [rpm], 5400 rpm */ 1176 p[26] = (5400 >> 8) & 0xff; 1177 p[27] = 5400 & 0xff; 1178 break; 1179 1180 case MODE_PAGE_CACHING: 1181 length = 0x12; 1182 if (page_control == 1 || /* Changeable Values */ 1183 blk_enable_write_cache(s->qdev.conf.blk)) { 1184 p[0] = 4; /* WCE */ 1185 } 1186 break; 1187 1188 case MODE_PAGE_R_W_ERROR: 1189 length = 10; 1190 if (page_control == 1) { /* Changeable Values */ 1191 if (s->qdev.type == TYPE_ROM) { 1192 /* Automatic Write Reallocation Enabled */ 1193 p[0] = 0x80; 1194 } 1195 break; 1196 } 1197 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1198 if (s->qdev.type == TYPE_ROM) { 1199 p[1] = 0x20; /* Read Retry Count */ 1200 } 1201 break; 1202 1203 case MODE_PAGE_AUDIO_CTL: 1204 length = 14; 1205 break; 1206 1207 case MODE_PAGE_CAPABILITIES: 1208 length = 0x14; 1209 if (page_control == 1) { /* Changeable Values */ 1210 break; 1211 } 1212 1213 p[0] = 0x3b; /* CD-R & CD-RW read */ 1214 p[1] = 0; /* Writing not supported */ 1215 p[2] = 0x7f; /* Audio, composite, digital out, 1216 mode 2 form 1&2, multi session */ 1217 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1218 RW corrected, C2 errors, ISRC, 1219 UPC, Bar code */ 1220 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1221 /* Locking supported, jumper present, eject, tray */ 1222 p[5] = 0; /* no volume & mute control, no 1223 changer */ 1224 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1225 p[7] = (50 * 176) & 0xff; 1226 p[8] = 2 >> 8; /* Two volume levels */ 1227 p[9] = 2 & 0xff; 1228 p[10] = 2048 >> 8; /* 2M buffer */ 1229 p[11] = 2048 & 0xff; 1230 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1231 p[13] = (16 * 176) & 0xff; 1232 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1233 p[17] = (16 * 176) & 0xff; 1234 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1235 p[19] = (16 * 176) & 0xff; 1236 break; 1237 1238 case MODE_PAGE_APPLE_VENDOR: 1239 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) { 1240 length = 0x1e; 1241 if (page_control == 1) { /* Changeable Values */ 1242 break; 1243 } 1244 1245 memset(p, 0, length); 1246 strcpy((char *)p + 8, "APPLE COMPUTER, INC "); 1247 break; 1248 } else { 1249 return -1; 1250 } 1251 1252 case MODE_PAGE_VENDOR_SPECIFIC: 1253 if (s->qdev.type == TYPE_DISK && (s->quirks & 1254 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1255 length = 0x2; 1256 if (page_control == 1) { /* Changeable Values */ 1257 p[0] = 0xff; 1258 p[1] = 0xff; 1259 break; 1260 } 1261 p[0] = 0; 1262 p[1] = 0; 1263 break; 1264 } else { 1265 return -1; 1266 } 1267 1268 default: 1269 return -1; 1270 } 1271 1272 assert(length < 256); 1273 (*p_outbuf)[0] = page; 1274 (*p_outbuf)[1] = length; 1275 *p_outbuf += length + 2; 1276 return length + 2; 1277 } 1278 1279 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1280 { 1281 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1282 uint64_t nb_sectors; 1283 bool dbd; 1284 int page, buflen, ret, page_control; 1285 uint8_t *p; 1286 uint8_t dev_specific_param; 1287 1288 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1289 page = r->req.cmd.buf[2] & 0x3f; 1290 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1291 1292 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1293 10, page, r->req.cmd.xfer, page_control); 1294 memset(outbuf, 0, r->req.cmd.xfer); 1295 p = outbuf; 1296 1297 if (s->qdev.type == TYPE_DISK) { 1298 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1299 if (!blk_is_writable(s->qdev.conf.blk)) { 1300 dev_specific_param |= 0x80; /* Readonly. */ 1301 } 1302 } else { 1303 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) { 1304 /* Use DBD from the request... */ 1305 dev_specific_param = 0x00; 1306 1307 /* 1308 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR 1309 * which should never return a block descriptor even though DBD is 1310 * not set, otherwise CDROM detection fails in MacOS 1311 */ 1312 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) && 1313 page == MODE_PAGE_APPLE_VENDOR) { 1314 dbd = true; 1315 } 1316 } else { 1317 /* 1318 * MMC prescribes that CD/DVD drives have no block descriptors, 1319 * and defines no device-specific parameter. 1320 */ 1321 dev_specific_param = 0x00; 1322 dbd = true; 1323 } 1324 } 1325 1326 if (r->req.cmd.buf[0] == MODE_SENSE) { 1327 p[1] = 0; /* Default media type. */ 1328 p[2] = dev_specific_param; 1329 p[3] = 0; /* Block descriptor length. */ 1330 p += 4; 1331 } else { /* MODE_SENSE_10 */ 1332 p[2] = 0; /* Default media type. */ 1333 p[3] = dev_specific_param; 1334 p[6] = p[7] = 0; /* Block descriptor length. */ 1335 p += 8; 1336 } 1337 1338 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1339 if (!dbd && nb_sectors) { 1340 if (r->req.cmd.buf[0] == MODE_SENSE) { 1341 outbuf[3] = 8; /* Block descriptor length */ 1342 } else { /* MODE_SENSE_10 */ 1343 outbuf[7] = 8; /* Block descriptor length */ 1344 } 1345 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1346 if (nb_sectors > 0xffffff) { 1347 nb_sectors = 0; 1348 } 1349 p[0] = 0; /* media density code */ 1350 p[1] = (nb_sectors >> 16) & 0xff; 1351 p[2] = (nb_sectors >> 8) & 0xff; 1352 p[3] = nb_sectors & 0xff; 1353 p[4] = 0; /* reserved */ 1354 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1355 p[6] = s->qdev.blocksize >> 8; 1356 p[7] = 0; 1357 p += 8; 1358 } 1359 1360 if (page_control == 3) { 1361 /* Saved Values */ 1362 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1363 return -1; 1364 } 1365 1366 if (page == 0x3f) { 1367 for (page = 0; page <= 0x3e; page++) { 1368 mode_sense_page(s, page, &p, page_control); 1369 } 1370 } else { 1371 ret = mode_sense_page(s, page, &p, page_control); 1372 if (ret == -1) { 1373 return -1; 1374 } 1375 } 1376 1377 buflen = p - outbuf; 1378 /* 1379 * The mode data length field specifies the length in bytes of the 1380 * following data that is available to be transferred. The mode data 1381 * length does not include itself. 1382 */ 1383 if (r->req.cmd.buf[0] == MODE_SENSE) { 1384 outbuf[0] = buflen - 1; 1385 } else { /* MODE_SENSE_10 */ 1386 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1387 outbuf[1] = (buflen - 2) & 0xff; 1388 } 1389 return buflen; 1390 } 1391 1392 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1393 { 1394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1395 int start_track, format, msf, toclen; 1396 uint64_t nb_sectors; 1397 1398 msf = req->cmd.buf[1] & 2; 1399 format = req->cmd.buf[2] & 0xf; 1400 start_track = req->cmd.buf[6]; 1401 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1402 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1403 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1404 switch (format) { 1405 case 0: 1406 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1407 break; 1408 case 1: 1409 /* multi session : only a single session defined */ 1410 toclen = 12; 1411 memset(outbuf, 0, 12); 1412 outbuf[1] = 0x0a; 1413 outbuf[2] = 0x01; 1414 outbuf[3] = 0x01; 1415 break; 1416 case 2: 1417 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1418 break; 1419 default: 1420 return -1; 1421 } 1422 return toclen; 1423 } 1424 1425 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1426 { 1427 SCSIRequest *req = &r->req; 1428 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1429 bool start = req->cmd.buf[4] & 1; 1430 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1431 int pwrcnd = req->cmd.buf[4] & 0xf0; 1432 1433 if (pwrcnd) { 1434 /* eject/load only happens for power condition == 0 */ 1435 return 0; 1436 } 1437 1438 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1439 if (!start && !s->tray_open && s->tray_locked) { 1440 scsi_check_condition(r, 1441 blk_is_inserted(s->qdev.conf.blk) 1442 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1443 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1444 return -1; 1445 } 1446 1447 if (s->tray_open != !start) { 1448 blk_eject(s->qdev.conf.blk, !start); 1449 s->tray_open = !start; 1450 } 1451 } 1452 return 0; 1453 } 1454 1455 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1456 { 1457 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1458 int buflen = r->iov.iov_len; 1459 1460 if (buflen) { 1461 trace_scsi_disk_emulate_read_data(buflen); 1462 r->iov.iov_len = 0; 1463 r->started = true; 1464 scsi_req_data(&r->req, buflen); 1465 return; 1466 } 1467 1468 /* This also clears the sense buffer for REQUEST SENSE. */ 1469 scsi_req_complete(&r->req, GOOD); 1470 } 1471 1472 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1473 uint8_t *inbuf, int inlen) 1474 { 1475 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1476 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1477 uint8_t *p; 1478 int len, expected_len, changeable_len, i; 1479 1480 /* The input buffer does not include the page header, so it is 1481 * off by 2 bytes. 1482 */ 1483 expected_len = inlen + 2; 1484 if (expected_len > SCSI_MAX_MODE_LEN) { 1485 return -1; 1486 } 1487 1488 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ 1489 if (page == MODE_PAGE_ALLS) { 1490 return -1; 1491 } 1492 1493 p = mode_current; 1494 memset(mode_current, 0, inlen + 2); 1495 len = mode_sense_page(s, page, &p, 0); 1496 if (len < 0 || len != expected_len) { 1497 return -1; 1498 } 1499 1500 p = mode_changeable; 1501 memset(mode_changeable, 0, inlen + 2); 1502 changeable_len = mode_sense_page(s, page, &p, 1); 1503 assert(changeable_len == len); 1504 1505 /* Check that unchangeable bits are the same as what MODE SENSE 1506 * would return. 1507 */ 1508 for (i = 2; i < len; i++) { 1509 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1510 return -1; 1511 } 1512 } 1513 return 0; 1514 } 1515 1516 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1517 { 1518 switch (page) { 1519 case MODE_PAGE_CACHING: 1520 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1521 break; 1522 1523 default: 1524 break; 1525 } 1526 } 1527 1528 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1529 { 1530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1531 1532 while (len > 0) { 1533 int page, subpage, page_len; 1534 1535 /* Parse both possible formats for the mode page headers. */ 1536 page = p[0] & 0x3f; 1537 if (p[0] & 0x40) { 1538 if (len < 4) { 1539 goto invalid_param_len; 1540 } 1541 subpage = p[1]; 1542 page_len = lduw_be_p(&p[2]); 1543 p += 4; 1544 len -= 4; 1545 } else { 1546 if (len < 2) { 1547 goto invalid_param_len; 1548 } 1549 subpage = 0; 1550 page_len = p[1]; 1551 p += 2; 1552 len -= 2; 1553 } 1554 1555 if (subpage) { 1556 goto invalid_param; 1557 } 1558 if (page_len > len) { 1559 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) { 1560 goto invalid_param_len; 1561 } 1562 trace_scsi_disk_mode_select_page_truncated(page, page_len, len); 1563 } 1564 1565 if (!change) { 1566 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1567 goto invalid_param; 1568 } 1569 } else { 1570 scsi_disk_apply_mode_select(s, page, p); 1571 } 1572 1573 p += page_len; 1574 len -= page_len; 1575 } 1576 return 0; 1577 1578 invalid_param: 1579 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1580 return -1; 1581 1582 invalid_param_len: 1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1584 return -1; 1585 } 1586 1587 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1588 { 1589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1590 uint8_t *p = inbuf; 1591 int cmd = r->req.cmd.buf[0]; 1592 int len = r->req.cmd.xfer; 1593 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1594 int bd_len; 1595 int pass; 1596 1597 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1598 if (!(s->quirks & 1599 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1600 /* We only support PF=1, SP=0. */ 1601 goto invalid_field; 1602 } 1603 } 1604 1605 if (len < hdr_len) { 1606 goto invalid_param_len; 1607 } 1608 1609 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1610 len -= hdr_len; 1611 p += hdr_len; 1612 if (len < bd_len) { 1613 goto invalid_param_len; 1614 } 1615 if (bd_len != 0 && bd_len != 8) { 1616 goto invalid_param; 1617 } 1618 1619 /* Allow changing the block size */ 1620 if (bd_len && p[6] != (s->qdev.blocksize >> 8)) { 1621 s->qdev.blocksize = p[6] << 8; 1622 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); 1623 } 1624 1625 len -= bd_len; 1626 p += bd_len; 1627 1628 /* Ensure no change is made if there is an error! */ 1629 for (pass = 0; pass < 2; pass++) { 1630 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1631 assert(pass == 0); 1632 return; 1633 } 1634 } 1635 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1636 /* The request is used as the AIO opaque value, so add a ref. */ 1637 scsi_req_ref(&r->req); 1638 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1639 BLOCK_ACCT_FLUSH); 1640 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1641 return; 1642 } 1643 1644 scsi_req_complete(&r->req, GOOD); 1645 return; 1646 1647 invalid_param: 1648 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1649 return; 1650 1651 invalid_param_len: 1652 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1653 return; 1654 1655 invalid_field: 1656 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1657 } 1658 1659 /* sector_num and nb_sectors expected to be in qdev blocksize */ 1660 static inline bool check_lba_range(SCSIDiskState *s, 1661 uint64_t sector_num, uint32_t nb_sectors) 1662 { 1663 /* 1664 * The first line tests that no overflow happens when computing the last 1665 * sector. The second line tests that the last accessed sector is in 1666 * range. 1667 * 1668 * Careful, the computations should not underflow for nb_sectors == 0, 1669 * and a 0-block read to the first LBA beyond the end of device is 1670 * valid. 1671 */ 1672 return (sector_num <= sector_num + nb_sectors && 1673 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1674 } 1675 1676 typedef struct UnmapCBData { 1677 SCSIDiskReq *r; 1678 uint8_t *inbuf; 1679 int count; 1680 } UnmapCBData; 1681 1682 static void scsi_unmap_complete(void *opaque, int ret); 1683 1684 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1685 { 1686 SCSIDiskReq *r = data->r; 1687 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1688 1689 assert(r->req.aiocb == NULL); 1690 1691 if (data->count > 0) { 1692 uint64_t sector_num = ldq_be_p(&data->inbuf[0]); 1693 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1694 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1695 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1696 1697 if (!check_lba_range(s, sector_num, nb_sectors)) { 1698 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1699 BLOCK_ACCT_UNMAP); 1700 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1701 goto done; 1702 } 1703 1704 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1705 r->sector_count * BDRV_SECTOR_SIZE, 1706 BLOCK_ACCT_UNMAP); 1707 1708 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1709 r->sector * BDRV_SECTOR_SIZE, 1710 r->sector_count * BDRV_SECTOR_SIZE, 1711 scsi_unmap_complete, data); 1712 data->count--; 1713 data->inbuf += 16; 1714 return; 1715 } 1716 1717 scsi_req_complete(&r->req, GOOD); 1718 1719 done: 1720 scsi_req_unref(&r->req); 1721 g_free(data); 1722 } 1723 1724 static void scsi_unmap_complete(void *opaque, int ret) 1725 { 1726 UnmapCBData *data = opaque; 1727 SCSIDiskReq *r = data->r; 1728 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1729 1730 assert(r->req.aiocb != NULL); 1731 r->req.aiocb = NULL; 1732 1733 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1734 if (scsi_disk_req_check_error(r, ret, true)) { 1735 scsi_req_unref(&r->req); 1736 g_free(data); 1737 } else { 1738 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1739 scsi_unmap_complete_noio(data, ret); 1740 } 1741 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1742 } 1743 1744 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1745 { 1746 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1747 uint8_t *p = inbuf; 1748 int len = r->req.cmd.xfer; 1749 UnmapCBData *data; 1750 1751 /* Reject ANCHOR=1. */ 1752 if (r->req.cmd.buf[1] & 0x1) { 1753 goto invalid_field; 1754 } 1755 1756 if (len < 8) { 1757 goto invalid_param_len; 1758 } 1759 if (len < lduw_be_p(&p[0]) + 2) { 1760 goto invalid_param_len; 1761 } 1762 if (len < lduw_be_p(&p[2]) + 8) { 1763 goto invalid_param_len; 1764 } 1765 if (lduw_be_p(&p[2]) & 15) { 1766 goto invalid_param_len; 1767 } 1768 1769 if (!blk_is_writable(s->qdev.conf.blk)) { 1770 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1771 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1772 return; 1773 } 1774 1775 data = g_new0(UnmapCBData, 1); 1776 data->r = r; 1777 data->inbuf = &p[8]; 1778 data->count = lduw_be_p(&p[2]) >> 4; 1779 1780 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1781 scsi_req_ref(&r->req); 1782 scsi_unmap_complete_noio(data, 0); 1783 return; 1784 1785 invalid_param_len: 1786 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1787 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1788 return; 1789 1790 invalid_field: 1791 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1792 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1793 } 1794 1795 typedef struct WriteSameCBData { 1796 SCSIDiskReq *r; 1797 int64_t sector; 1798 int nb_sectors; 1799 QEMUIOVector qiov; 1800 struct iovec iov; 1801 } WriteSameCBData; 1802 1803 static void scsi_write_same_complete(void *opaque, int ret) 1804 { 1805 WriteSameCBData *data = opaque; 1806 SCSIDiskReq *r = data->r; 1807 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1808 1809 assert(r->req.aiocb != NULL); 1810 r->req.aiocb = NULL; 1811 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1812 if (scsi_disk_req_check_error(r, ret, true)) { 1813 goto done; 1814 } 1815 1816 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1817 1818 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1819 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1820 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1821 data->iov.iov_len); 1822 if (data->iov.iov_len) { 1823 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1824 data->iov.iov_len, BLOCK_ACCT_WRITE); 1825 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1826 * where final qiov may need smaller size */ 1827 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1828 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1829 data->sector << BDRV_SECTOR_BITS, 1830 &data->qiov, 0, 1831 scsi_write_same_complete, data); 1832 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1833 return; 1834 } 1835 1836 scsi_req_complete(&r->req, GOOD); 1837 1838 done: 1839 scsi_req_unref(&r->req); 1840 qemu_vfree(data->iov.iov_base); 1841 g_free(data); 1842 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1843 } 1844 1845 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1846 { 1847 SCSIRequest *req = &r->req; 1848 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1849 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1850 WriteSameCBData *data; 1851 uint8_t *buf; 1852 int i; 1853 1854 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1855 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1856 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1857 return; 1858 } 1859 1860 if (!blk_is_writable(s->qdev.conf.blk)) { 1861 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1862 return; 1863 } 1864 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1865 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1866 return; 1867 } 1868 1869 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1870 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1871 1872 /* The request is used as the AIO opaque value, so add a ref. */ 1873 scsi_req_ref(&r->req); 1874 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1875 nb_sectors * s->qdev.blocksize, 1876 BLOCK_ACCT_WRITE); 1877 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1878 r->req.cmd.lba * s->qdev.blocksize, 1879 nb_sectors * s->qdev.blocksize, 1880 flags, scsi_aio_complete, r); 1881 return; 1882 } 1883 1884 data = g_new0(WriteSameCBData, 1); 1885 data->r = r; 1886 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1887 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1888 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1889 SCSI_WRITE_SAME_MAX); 1890 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1891 data->iov.iov_len); 1892 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1893 1894 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1895 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1896 } 1897 1898 scsi_req_ref(&r->req); 1899 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1900 data->iov.iov_len, BLOCK_ACCT_WRITE); 1901 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1902 data->sector << BDRV_SECTOR_BITS, 1903 &data->qiov, 0, 1904 scsi_write_same_complete, data); 1905 } 1906 1907 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1908 { 1909 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1910 1911 if (r->iov.iov_len) { 1912 int buflen = r->iov.iov_len; 1913 trace_scsi_disk_emulate_write_data(buflen); 1914 r->iov.iov_len = 0; 1915 scsi_req_data(&r->req, buflen); 1916 return; 1917 } 1918 1919 switch (req->cmd.buf[0]) { 1920 case MODE_SELECT: 1921 case MODE_SELECT_10: 1922 /* This also clears the sense buffer for REQUEST SENSE. */ 1923 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1924 break; 1925 1926 case UNMAP: 1927 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1928 break; 1929 1930 case VERIFY_10: 1931 case VERIFY_12: 1932 case VERIFY_16: 1933 if (r->req.status == -1) { 1934 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1935 } 1936 break; 1937 1938 case WRITE_SAME_10: 1939 case WRITE_SAME_16: 1940 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1941 break; 1942 1943 default: 1944 abort(); 1945 } 1946 } 1947 1948 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1949 { 1950 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1951 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1952 uint64_t nb_sectors; 1953 uint8_t *outbuf; 1954 int buflen; 1955 1956 switch (req->cmd.buf[0]) { 1957 case INQUIRY: 1958 case MODE_SENSE: 1959 case MODE_SENSE_10: 1960 case RESERVE: 1961 case RESERVE_10: 1962 case RELEASE: 1963 case RELEASE_10: 1964 case START_STOP: 1965 case ALLOW_MEDIUM_REMOVAL: 1966 case GET_CONFIGURATION: 1967 case GET_EVENT_STATUS_NOTIFICATION: 1968 case MECHANISM_STATUS: 1969 case REQUEST_SENSE: 1970 break; 1971 1972 default: 1973 if (!blk_is_available(s->qdev.conf.blk)) { 1974 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1975 return 0; 1976 } 1977 break; 1978 } 1979 1980 /* 1981 * FIXME: we shouldn't return anything bigger than 4k, but the code 1982 * requires the buffer to be as big as req->cmd.xfer in several 1983 * places. So, do not allow CDBs with a very large ALLOCATION 1984 * LENGTH. The real fix would be to modify scsi_read_data and 1985 * dma_buf_read, so that they return data beyond the buflen 1986 * as all zeros. 1987 */ 1988 if (req->cmd.xfer > 65536) { 1989 goto illegal_request; 1990 } 1991 r->buflen = MAX(4096, req->cmd.xfer); 1992 1993 if (!r->iov.iov_base) { 1994 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1995 } 1996 1997 outbuf = r->iov.iov_base; 1998 memset(outbuf, 0, r->buflen); 1999 switch (req->cmd.buf[0]) { 2000 case TEST_UNIT_READY: 2001 assert(blk_is_available(s->qdev.conf.blk)); 2002 break; 2003 case INQUIRY: 2004 buflen = scsi_disk_emulate_inquiry(req, outbuf); 2005 if (buflen < 0) { 2006 goto illegal_request; 2007 } 2008 break; 2009 case MODE_SENSE: 2010 case MODE_SENSE_10: 2011 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 2012 if (buflen < 0) { 2013 goto illegal_request; 2014 } 2015 break; 2016 case READ_TOC: 2017 buflen = scsi_disk_emulate_read_toc(req, outbuf); 2018 if (buflen < 0) { 2019 goto illegal_request; 2020 } 2021 break; 2022 case RESERVE: 2023 if (req->cmd.buf[1] & 1) { 2024 goto illegal_request; 2025 } 2026 break; 2027 case RESERVE_10: 2028 if (req->cmd.buf[1] & 3) { 2029 goto illegal_request; 2030 } 2031 break; 2032 case RELEASE: 2033 if (req->cmd.buf[1] & 1) { 2034 goto illegal_request; 2035 } 2036 break; 2037 case RELEASE_10: 2038 if (req->cmd.buf[1] & 3) { 2039 goto illegal_request; 2040 } 2041 break; 2042 case START_STOP: 2043 if (scsi_disk_emulate_start_stop(r) < 0) { 2044 return 0; 2045 } 2046 break; 2047 case ALLOW_MEDIUM_REMOVAL: 2048 s->tray_locked = req->cmd.buf[4] & 1; 2049 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 2050 break; 2051 case READ_CAPACITY_10: 2052 /* The normal LEN field for this command is zero. */ 2053 memset(outbuf, 0, 8); 2054 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2055 if (!nb_sectors) { 2056 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2057 return 0; 2058 } 2059 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 2060 goto illegal_request; 2061 } 2062 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2063 /* Returned value is the address of the last sector. */ 2064 nb_sectors--; 2065 /* Remember the new size for read/write sanity checking. */ 2066 s->qdev.max_lba = nb_sectors; 2067 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 2068 if (nb_sectors > UINT32_MAX) { 2069 nb_sectors = UINT32_MAX; 2070 } 2071 outbuf[0] = (nb_sectors >> 24) & 0xff; 2072 outbuf[1] = (nb_sectors >> 16) & 0xff; 2073 outbuf[2] = (nb_sectors >> 8) & 0xff; 2074 outbuf[3] = nb_sectors & 0xff; 2075 outbuf[4] = 0; 2076 outbuf[5] = 0; 2077 outbuf[6] = s->qdev.blocksize >> 8; 2078 outbuf[7] = 0; 2079 break; 2080 case REQUEST_SENSE: 2081 /* Just return "NO SENSE". */ 2082 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2083 (req->cmd.buf[1] & 1) == 0); 2084 if (buflen < 0) { 2085 goto illegal_request; 2086 } 2087 break; 2088 case MECHANISM_STATUS: 2089 buflen = scsi_emulate_mechanism_status(s, outbuf); 2090 if (buflen < 0) { 2091 goto illegal_request; 2092 } 2093 break; 2094 case GET_CONFIGURATION: 2095 buflen = scsi_get_configuration(s, outbuf); 2096 if (buflen < 0) { 2097 goto illegal_request; 2098 } 2099 break; 2100 case GET_EVENT_STATUS_NOTIFICATION: 2101 buflen = scsi_get_event_status_notification(s, r, outbuf); 2102 if (buflen < 0) { 2103 goto illegal_request; 2104 } 2105 break; 2106 case READ_DISC_INFORMATION: 2107 buflen = scsi_read_disc_information(s, r, outbuf); 2108 if (buflen < 0) { 2109 goto illegal_request; 2110 } 2111 break; 2112 case READ_DVD_STRUCTURE: 2113 buflen = scsi_read_dvd_structure(s, r, outbuf); 2114 if (buflen < 0) { 2115 goto illegal_request; 2116 } 2117 break; 2118 case SERVICE_ACTION_IN_16: 2119 /* Service Action In subcommands. */ 2120 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2121 trace_scsi_disk_emulate_command_SAI_16(); 2122 memset(outbuf, 0, req->cmd.xfer); 2123 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2124 if (!nb_sectors) { 2125 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2126 return 0; 2127 } 2128 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2129 goto illegal_request; 2130 } 2131 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2132 /* Returned value is the address of the last sector. */ 2133 nb_sectors--; 2134 /* Remember the new size for read/write sanity checking. */ 2135 s->qdev.max_lba = nb_sectors; 2136 outbuf[0] = (nb_sectors >> 56) & 0xff; 2137 outbuf[1] = (nb_sectors >> 48) & 0xff; 2138 outbuf[2] = (nb_sectors >> 40) & 0xff; 2139 outbuf[3] = (nb_sectors >> 32) & 0xff; 2140 outbuf[4] = (nb_sectors >> 24) & 0xff; 2141 outbuf[5] = (nb_sectors >> 16) & 0xff; 2142 outbuf[6] = (nb_sectors >> 8) & 0xff; 2143 outbuf[7] = nb_sectors & 0xff; 2144 outbuf[8] = 0; 2145 outbuf[9] = 0; 2146 outbuf[10] = s->qdev.blocksize >> 8; 2147 outbuf[11] = 0; 2148 outbuf[12] = 0; 2149 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2150 2151 /* set TPE bit if the format supports discard */ 2152 if (s->qdev.conf.discard_granularity) { 2153 outbuf[14] = 0x80; 2154 } 2155 2156 /* Protection, exponent and lowest lba field left blank. */ 2157 break; 2158 } 2159 trace_scsi_disk_emulate_command_SAI_unsupported(); 2160 goto illegal_request; 2161 case SYNCHRONIZE_CACHE: 2162 /* The request is used as the AIO opaque value, so add a ref. */ 2163 scsi_req_ref(&r->req); 2164 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2165 BLOCK_ACCT_FLUSH); 2166 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2167 return 0; 2168 case SEEK_10: 2169 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2170 if (r->req.cmd.lba > s->qdev.max_lba) { 2171 goto illegal_lba; 2172 } 2173 break; 2174 case MODE_SELECT: 2175 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2176 break; 2177 case MODE_SELECT_10: 2178 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2179 break; 2180 case UNMAP: 2181 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2182 break; 2183 case VERIFY_10: 2184 case VERIFY_12: 2185 case VERIFY_16: 2186 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2187 if (req->cmd.buf[1] & 6) { 2188 goto illegal_request; 2189 } 2190 break; 2191 case WRITE_SAME_10: 2192 case WRITE_SAME_16: 2193 trace_scsi_disk_emulate_command_WRITE_SAME( 2194 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2195 break; 2196 case FORMAT_UNIT: 2197 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer); 2198 break; 2199 default: 2200 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2201 scsi_command_name(buf[0])); 2202 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2203 return 0; 2204 } 2205 assert(!r->req.aiocb); 2206 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2207 if (r->iov.iov_len == 0) { 2208 scsi_req_complete(&r->req, GOOD); 2209 } 2210 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2211 assert(r->iov.iov_len == req->cmd.xfer); 2212 return -r->iov.iov_len; 2213 } else { 2214 return r->iov.iov_len; 2215 } 2216 2217 illegal_request: 2218 if (r->req.status == -1) { 2219 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2220 } 2221 return 0; 2222 2223 illegal_lba: 2224 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2225 return 0; 2226 } 2227 2228 /* Execute a scsi command. Returns the length of the data expected by the 2229 command. This will be Positive for data transfers from the device 2230 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2231 and zero if the command does not transfer any data. */ 2232 2233 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2234 { 2235 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2236 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2237 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2238 uint32_t len; 2239 uint8_t command; 2240 2241 command = buf[0]; 2242 2243 if (!blk_is_available(s->qdev.conf.blk)) { 2244 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2245 return 0; 2246 } 2247 2248 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2249 switch (command) { 2250 case READ_6: 2251 case READ_10: 2252 case READ_12: 2253 case READ_16: 2254 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2255 /* Protection information is not supported. For SCSI versions 2 and 2256 * older (as determined by snooping the guest's INQUIRY commands), 2257 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2258 */ 2259 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2260 goto illegal_request; 2261 } 2262 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2263 goto illegal_lba; 2264 } 2265 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2266 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2267 break; 2268 case WRITE_6: 2269 case WRITE_10: 2270 case WRITE_12: 2271 case WRITE_16: 2272 case WRITE_VERIFY_10: 2273 case WRITE_VERIFY_12: 2274 case WRITE_VERIFY_16: 2275 if (!blk_is_writable(s->qdev.conf.blk)) { 2276 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2277 return 0; 2278 } 2279 trace_scsi_disk_dma_command_WRITE( 2280 (command & 0xe) == 0xe ? "And Verify " : "", 2281 r->req.cmd.lba, len); 2282 /* fall through */ 2283 case VERIFY_10: 2284 case VERIFY_12: 2285 case VERIFY_16: 2286 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2287 * As far as DMA is concerned, we can treat it the same as a write; 2288 * scsi_block_do_sgio will send VERIFY commands. 2289 */ 2290 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2291 goto illegal_request; 2292 } 2293 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2294 goto illegal_lba; 2295 } 2296 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2297 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2298 break; 2299 default: 2300 abort(); 2301 illegal_request: 2302 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2303 return 0; 2304 illegal_lba: 2305 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2306 return 0; 2307 } 2308 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2309 if (r->sector_count == 0) { 2310 scsi_req_complete(&r->req, GOOD); 2311 } 2312 assert(r->iov.iov_len == 0); 2313 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2314 return -r->sector_count * BDRV_SECTOR_SIZE; 2315 } else { 2316 return r->sector_count * BDRV_SECTOR_SIZE; 2317 } 2318 } 2319 2320 static void scsi_disk_reset(DeviceState *dev) 2321 { 2322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2323 uint64_t nb_sectors; 2324 2325 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2326 2327 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2328 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2329 if (nb_sectors) { 2330 nb_sectors--; 2331 } 2332 s->qdev.max_lba = nb_sectors; 2333 /* reset tray statuses */ 2334 s->tray_locked = 0; 2335 s->tray_open = 0; 2336 2337 s->qdev.scsi_version = s->qdev.default_scsi_version; 2338 } 2339 2340 static void scsi_disk_resize_cb(void *opaque) 2341 { 2342 SCSIDiskState *s = opaque; 2343 2344 /* SPC lists this sense code as available only for 2345 * direct-access devices. 2346 */ 2347 if (s->qdev.type == TYPE_DISK) { 2348 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2349 } 2350 } 2351 2352 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2353 { 2354 SCSIDiskState *s = opaque; 2355 2356 /* 2357 * When a CD gets changed, we have to report an ejected state and 2358 * then a loaded state to guests so that they detect tray 2359 * open/close and media change events. Guests that do not use 2360 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2361 * states rely on this behavior. 2362 * 2363 * media_changed governs the state machine used for unit attention 2364 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2365 */ 2366 s->media_changed = load; 2367 s->tray_open = !load; 2368 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2369 s->media_event = true; 2370 s->eject_request = false; 2371 } 2372 2373 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2374 { 2375 SCSIDiskState *s = opaque; 2376 2377 s->eject_request = true; 2378 if (force) { 2379 s->tray_locked = false; 2380 } 2381 } 2382 2383 static bool scsi_cd_is_tray_open(void *opaque) 2384 { 2385 return ((SCSIDiskState *)opaque)->tray_open; 2386 } 2387 2388 static bool scsi_cd_is_medium_locked(void *opaque) 2389 { 2390 return ((SCSIDiskState *)opaque)->tray_locked; 2391 } 2392 2393 static const BlockDevOps scsi_disk_removable_block_ops = { 2394 .change_media_cb = scsi_cd_change_media_cb, 2395 .eject_request_cb = scsi_cd_eject_request_cb, 2396 .is_tray_open = scsi_cd_is_tray_open, 2397 .is_medium_locked = scsi_cd_is_medium_locked, 2398 2399 .resize_cb = scsi_disk_resize_cb, 2400 }; 2401 2402 static const BlockDevOps scsi_disk_block_ops = { 2403 .resize_cb = scsi_disk_resize_cb, 2404 }; 2405 2406 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2407 { 2408 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2409 if (s->media_changed) { 2410 s->media_changed = false; 2411 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2412 } 2413 } 2414 2415 static void scsi_realize(SCSIDevice *dev, Error **errp) 2416 { 2417 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2418 bool read_only; 2419 2420 if (!s->qdev.conf.blk) { 2421 error_setg(errp, "drive property not set"); 2422 return; 2423 } 2424 2425 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2426 !blk_is_inserted(s->qdev.conf.blk)) { 2427 error_setg(errp, "Device needs media, but drive is empty"); 2428 return; 2429 } 2430 2431 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2432 return; 2433 } 2434 2435 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2436 !s->qdev.hba_supports_iothread) 2437 { 2438 error_setg(errp, "HBA does not support iothreads"); 2439 return; 2440 } 2441 2442 if (dev->type == TYPE_DISK) { 2443 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2444 return; 2445 } 2446 } 2447 2448 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2449 if (dev->type == TYPE_ROM) { 2450 read_only = true; 2451 } 2452 2453 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2454 dev->type == TYPE_DISK, errp)) { 2455 return; 2456 } 2457 2458 if (s->qdev.conf.discard_granularity == -1) { 2459 s->qdev.conf.discard_granularity = 2460 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2461 } 2462 2463 if (!s->version) { 2464 s->version = g_strdup(qemu_hw_version()); 2465 } 2466 if (!s->vendor) { 2467 s->vendor = g_strdup("QEMU"); 2468 } 2469 if (!s->device_id) { 2470 if (s->serial) { 2471 s->device_id = g_strdup_printf("%.20s", s->serial); 2472 } else { 2473 const char *str = blk_name(s->qdev.conf.blk); 2474 if (str && *str) { 2475 s->device_id = g_strdup(str); 2476 } 2477 } 2478 } 2479 2480 if (blk_is_sg(s->qdev.conf.blk)) { 2481 error_setg(errp, "unwanted /dev/sg*"); 2482 return; 2483 } 2484 2485 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2486 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2487 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2488 } else { 2489 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2490 } 2491 2492 blk_iostatus_enable(s->qdev.conf.blk); 2493 2494 add_boot_device_lchs(&dev->qdev, NULL, 2495 dev->conf.lcyls, 2496 dev->conf.lheads, 2497 dev->conf.lsecs); 2498 } 2499 2500 static void scsi_unrealize(SCSIDevice *dev) 2501 { 2502 del_boot_device_lchs(&dev->qdev, NULL); 2503 } 2504 2505 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2506 { 2507 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2508 AioContext *ctx = NULL; 2509 /* can happen for devices without drive. The error message for missing 2510 * backend will be issued in scsi_realize 2511 */ 2512 if (s->qdev.conf.blk) { 2513 ctx = blk_get_aio_context(s->qdev.conf.blk); 2514 aio_context_acquire(ctx); 2515 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2516 goto out; 2517 } 2518 } 2519 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2520 s->qdev.type = TYPE_DISK; 2521 if (!s->product) { 2522 s->product = g_strdup("QEMU HARDDISK"); 2523 } 2524 scsi_realize(&s->qdev, errp); 2525 out: 2526 if (ctx) { 2527 aio_context_release(ctx); 2528 } 2529 } 2530 2531 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2532 { 2533 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2534 AioContext *ctx; 2535 int ret; 2536 2537 if (!dev->conf.blk) { 2538 /* Anonymous BlockBackend for an empty drive. As we put it into 2539 * dev->conf, qdev takes care of detaching on unplug. */ 2540 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2541 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2542 assert(ret == 0); 2543 } 2544 2545 ctx = blk_get_aio_context(dev->conf.blk); 2546 aio_context_acquire(ctx); 2547 s->qdev.blocksize = 2048; 2548 s->qdev.type = TYPE_ROM; 2549 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2550 if (!s->product) { 2551 s->product = g_strdup("QEMU CD-ROM"); 2552 } 2553 scsi_realize(&s->qdev, errp); 2554 aio_context_release(ctx); 2555 } 2556 2557 2558 static const SCSIReqOps scsi_disk_emulate_reqops = { 2559 .size = sizeof(SCSIDiskReq), 2560 .free_req = scsi_free_request, 2561 .send_command = scsi_disk_emulate_command, 2562 .read_data = scsi_disk_emulate_read_data, 2563 .write_data = scsi_disk_emulate_write_data, 2564 .get_buf = scsi_get_buf, 2565 }; 2566 2567 static const SCSIReqOps scsi_disk_dma_reqops = { 2568 .size = sizeof(SCSIDiskReq), 2569 .free_req = scsi_free_request, 2570 .send_command = scsi_disk_dma_command, 2571 .read_data = scsi_read_data, 2572 .write_data = scsi_write_data, 2573 .get_buf = scsi_get_buf, 2574 .load_request = scsi_disk_load_request, 2575 .save_request = scsi_disk_save_request, 2576 }; 2577 2578 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2579 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2580 [INQUIRY] = &scsi_disk_emulate_reqops, 2581 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2582 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2583 [START_STOP] = &scsi_disk_emulate_reqops, 2584 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2585 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2586 [READ_TOC] = &scsi_disk_emulate_reqops, 2587 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2588 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2589 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2590 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2591 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2592 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2593 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2594 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2595 [SEEK_10] = &scsi_disk_emulate_reqops, 2596 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2597 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2598 [UNMAP] = &scsi_disk_emulate_reqops, 2599 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2600 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2601 [VERIFY_10] = &scsi_disk_emulate_reqops, 2602 [VERIFY_12] = &scsi_disk_emulate_reqops, 2603 [VERIFY_16] = &scsi_disk_emulate_reqops, 2604 [FORMAT_UNIT] = &scsi_disk_emulate_reqops, 2605 2606 [READ_6] = &scsi_disk_dma_reqops, 2607 [READ_10] = &scsi_disk_dma_reqops, 2608 [READ_12] = &scsi_disk_dma_reqops, 2609 [READ_16] = &scsi_disk_dma_reqops, 2610 [WRITE_6] = &scsi_disk_dma_reqops, 2611 [WRITE_10] = &scsi_disk_dma_reqops, 2612 [WRITE_12] = &scsi_disk_dma_reqops, 2613 [WRITE_16] = &scsi_disk_dma_reqops, 2614 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2615 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2616 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2617 }; 2618 2619 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2620 { 2621 int i; 2622 int len = scsi_cdb_length(buf); 2623 char *line_buffer, *p; 2624 2625 assert(len > 0 && len <= 16); 2626 line_buffer = g_malloc(len * 5 + 1); 2627 2628 for (i = 0, p = line_buffer; i < len; i++) { 2629 p += sprintf(p, " 0x%02x", buf[i]); 2630 } 2631 trace_scsi_disk_new_request(lun, tag, line_buffer); 2632 2633 g_free(line_buffer); 2634 } 2635 2636 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2637 uint8_t *buf, void *hba_private) 2638 { 2639 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2640 SCSIRequest *req; 2641 const SCSIReqOps *ops; 2642 uint8_t command; 2643 2644 command = buf[0]; 2645 ops = scsi_disk_reqops_dispatch[command]; 2646 if (!ops) { 2647 ops = &scsi_disk_emulate_reqops; 2648 } 2649 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2650 2651 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2652 scsi_disk_new_request_dump(lun, tag, buf); 2653 } 2654 2655 return req; 2656 } 2657 2658 #ifdef __linux__ 2659 static int get_device_type(SCSIDiskState *s) 2660 { 2661 uint8_t cmd[16]; 2662 uint8_t buf[36]; 2663 int ret; 2664 2665 memset(cmd, 0, sizeof(cmd)); 2666 memset(buf, 0, sizeof(buf)); 2667 cmd[0] = INQUIRY; 2668 cmd[4] = sizeof(buf); 2669 2670 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2671 buf, sizeof(buf), s->qdev.io_timeout); 2672 if (ret < 0) { 2673 return -1; 2674 } 2675 s->qdev.type = buf[0]; 2676 if (buf[1] & 0x80) { 2677 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2678 } 2679 return 0; 2680 } 2681 2682 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2683 { 2684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2685 AioContext *ctx; 2686 int sg_version; 2687 int rc; 2688 2689 if (!s->qdev.conf.blk) { 2690 error_setg(errp, "drive property not set"); 2691 return; 2692 } 2693 2694 if (s->rotation_rate) { 2695 error_report_once("rotation_rate is specified for scsi-block but is " 2696 "not implemented. This option is deprecated and will " 2697 "be removed in a future version"); 2698 } 2699 2700 ctx = blk_get_aio_context(s->qdev.conf.blk); 2701 aio_context_acquire(ctx); 2702 2703 /* check we are using a driver managing SG_IO (version 3 and after) */ 2704 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2705 if (rc < 0) { 2706 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2707 if (rc != -EPERM) { 2708 error_append_hint(errp, "Is this a SCSI device?\n"); 2709 } 2710 goto out; 2711 } 2712 if (sg_version < 30000) { 2713 error_setg(errp, "scsi generic interface too old"); 2714 goto out; 2715 } 2716 2717 /* get device type from INQUIRY data */ 2718 rc = get_device_type(s); 2719 if (rc < 0) { 2720 error_setg(errp, "INQUIRY failed"); 2721 goto out; 2722 } 2723 2724 /* Make a guess for the block size, we'll fix it when the guest sends. 2725 * READ CAPACITY. If they don't, they likely would assume these sizes 2726 * anyway. (TODO: check in /sys). 2727 */ 2728 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2729 s->qdev.blocksize = 2048; 2730 } else { 2731 s->qdev.blocksize = 512; 2732 } 2733 2734 /* Makes the scsi-block device not removable by using HMP and QMP eject 2735 * command. 2736 */ 2737 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2738 2739 scsi_realize(&s->qdev, errp); 2740 scsi_generic_read_device_inquiry(&s->qdev); 2741 2742 out: 2743 aio_context_release(ctx); 2744 } 2745 2746 typedef struct SCSIBlockReq { 2747 SCSIDiskReq req; 2748 sg_io_hdr_t io_header; 2749 2750 /* Selected bytes of the original CDB, copied into our own CDB. */ 2751 uint8_t cmd, cdb1, group_number; 2752 2753 /* CDB passed to SG_IO. */ 2754 uint8_t cdb[16]; 2755 BlockCompletionFunc *cb; 2756 void *cb_opaque; 2757 } SCSIBlockReq; 2758 2759 static void scsi_block_sgio_complete(void *opaque, int ret) 2760 { 2761 SCSIBlockReq *req = (SCSIBlockReq *)opaque; 2762 SCSIDiskReq *r = &req->req; 2763 SCSIDevice *s = r->req.dev; 2764 sg_io_hdr_t *io_hdr = &req->io_header; 2765 2766 if (ret == 0) { 2767 if (io_hdr->host_status != SCSI_HOST_OK) { 2768 scsi_req_complete_failed(&r->req, io_hdr->host_status); 2769 scsi_req_unref(&r->req); 2770 return; 2771 } 2772 2773 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) { 2774 ret = BUSY; 2775 } else { 2776 ret = io_hdr->status; 2777 } 2778 2779 if (ret > 0) { 2780 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 2781 if (scsi_handle_rw_error(r, ret, true)) { 2782 aio_context_release(blk_get_aio_context(s->conf.blk)); 2783 scsi_req_unref(&r->req); 2784 return; 2785 } 2786 aio_context_release(blk_get_aio_context(s->conf.blk)); 2787 2788 /* Ignore error. */ 2789 ret = 0; 2790 } 2791 } 2792 2793 req->cb(req->cb_opaque, ret); 2794 } 2795 2796 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2797 int64_t offset, QEMUIOVector *iov, 2798 int direction, 2799 BlockCompletionFunc *cb, void *opaque) 2800 { 2801 sg_io_hdr_t *io_header = &req->io_header; 2802 SCSIDiskReq *r = &req->req; 2803 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2804 int nb_logical_blocks; 2805 uint64_t lba; 2806 BlockAIOCB *aiocb; 2807 2808 /* This is not supported yet. It can only happen if the guest does 2809 * reads and writes that are not aligned to one logical sectors 2810 * _and_ cover multiple MemoryRegions. 2811 */ 2812 assert(offset % s->qdev.blocksize == 0); 2813 assert(iov->size % s->qdev.blocksize == 0); 2814 2815 io_header->interface_id = 'S'; 2816 2817 /* The data transfer comes from the QEMUIOVector. */ 2818 io_header->dxfer_direction = direction; 2819 io_header->dxfer_len = iov->size; 2820 io_header->dxferp = (void *)iov->iov; 2821 io_header->iovec_count = iov->niov; 2822 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2823 2824 /* Build a new CDB with the LBA and length patched in, in case 2825 * DMA helpers split the transfer in multiple segments. Do not 2826 * build a CDB smaller than what the guest wanted, and only build 2827 * a larger one if strictly necessary. 2828 */ 2829 io_header->cmdp = req->cdb; 2830 lba = offset / s->qdev.blocksize; 2831 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2832 2833 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2834 /* 6-byte CDB */ 2835 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2836 req->cdb[4] = nb_logical_blocks; 2837 req->cdb[5] = 0; 2838 io_header->cmd_len = 6; 2839 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2840 /* 10-byte CDB */ 2841 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2842 req->cdb[1] = req->cdb1; 2843 stl_be_p(&req->cdb[2], lba); 2844 req->cdb[6] = req->group_number; 2845 stw_be_p(&req->cdb[7], nb_logical_blocks); 2846 req->cdb[9] = 0; 2847 io_header->cmd_len = 10; 2848 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2849 /* 12-byte CDB */ 2850 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2851 req->cdb[1] = req->cdb1; 2852 stl_be_p(&req->cdb[2], lba); 2853 stl_be_p(&req->cdb[6], nb_logical_blocks); 2854 req->cdb[10] = req->group_number; 2855 req->cdb[11] = 0; 2856 io_header->cmd_len = 12; 2857 } else { 2858 /* 16-byte CDB */ 2859 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2860 req->cdb[1] = req->cdb1; 2861 stq_be_p(&req->cdb[2], lba); 2862 stl_be_p(&req->cdb[10], nb_logical_blocks); 2863 req->cdb[14] = req->group_number; 2864 req->cdb[15] = 0; 2865 io_header->cmd_len = 16; 2866 } 2867 2868 /* The rest is as in scsi-generic.c. */ 2869 io_header->mx_sb_len = sizeof(r->req.sense); 2870 io_header->sbp = r->req.sense; 2871 io_header->timeout = s->qdev.io_timeout * 1000; 2872 io_header->usr_ptr = r; 2873 io_header->flags |= SG_FLAG_DIRECT_IO; 2874 req->cb = cb; 2875 req->cb_opaque = opaque; 2876 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2877 nb_logical_blocks, io_header->timeout); 2878 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req); 2879 assert(aiocb != NULL); 2880 return aiocb; 2881 } 2882 2883 static bool scsi_block_no_fua(SCSICommand *cmd) 2884 { 2885 return false; 2886 } 2887 2888 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2889 QEMUIOVector *iov, 2890 BlockCompletionFunc *cb, void *cb_opaque, 2891 void *opaque) 2892 { 2893 SCSIBlockReq *r = opaque; 2894 return scsi_block_do_sgio(r, offset, iov, 2895 SG_DXFER_FROM_DEV, cb, cb_opaque); 2896 } 2897 2898 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2899 QEMUIOVector *iov, 2900 BlockCompletionFunc *cb, void *cb_opaque, 2901 void *opaque) 2902 { 2903 SCSIBlockReq *r = opaque; 2904 return scsi_block_do_sgio(r, offset, iov, 2905 SG_DXFER_TO_DEV, cb, cb_opaque); 2906 } 2907 2908 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2909 { 2910 switch (buf[0]) { 2911 case VERIFY_10: 2912 case VERIFY_12: 2913 case VERIFY_16: 2914 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2915 * for the number of logical blocks specified in the length 2916 * field). For other modes, do not use scatter/gather operation. 2917 */ 2918 if ((buf[1] & 6) == 2) { 2919 return false; 2920 } 2921 break; 2922 2923 case READ_6: 2924 case READ_10: 2925 case READ_12: 2926 case READ_16: 2927 case WRITE_6: 2928 case WRITE_10: 2929 case WRITE_12: 2930 case WRITE_16: 2931 case WRITE_VERIFY_10: 2932 case WRITE_VERIFY_12: 2933 case WRITE_VERIFY_16: 2934 /* MMC writing cannot be done via DMA helpers, because it sometimes 2935 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2936 * We might use scsi_block_dma_reqops as long as no writing commands are 2937 * seen, but performance usually isn't paramount on optical media. So, 2938 * just make scsi-block operate the same as scsi-generic for them. 2939 */ 2940 if (s->qdev.type != TYPE_ROM) { 2941 return false; 2942 } 2943 break; 2944 2945 default: 2946 break; 2947 } 2948 2949 return true; 2950 } 2951 2952 2953 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2954 { 2955 SCSIBlockReq *r = (SCSIBlockReq *)req; 2956 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2957 2958 r->cmd = req->cmd.buf[0]; 2959 switch (r->cmd >> 5) { 2960 case 0: 2961 /* 6-byte CDB. */ 2962 r->cdb1 = r->group_number = 0; 2963 break; 2964 case 1: 2965 /* 10-byte CDB. */ 2966 r->cdb1 = req->cmd.buf[1]; 2967 r->group_number = req->cmd.buf[6]; 2968 break; 2969 case 4: 2970 /* 12-byte CDB. */ 2971 r->cdb1 = req->cmd.buf[1]; 2972 r->group_number = req->cmd.buf[10]; 2973 break; 2974 case 5: 2975 /* 16-byte CDB. */ 2976 r->cdb1 = req->cmd.buf[1]; 2977 r->group_number = req->cmd.buf[14]; 2978 break; 2979 default: 2980 abort(); 2981 } 2982 2983 /* Protection information is not supported. For SCSI versions 2 and 2984 * older (as determined by snooping the guest's INQUIRY commands), 2985 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2986 */ 2987 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 2988 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 2989 return 0; 2990 } 2991 2992 return scsi_disk_dma_command(req, buf); 2993 } 2994 2995 static const SCSIReqOps scsi_block_dma_reqops = { 2996 .size = sizeof(SCSIBlockReq), 2997 .free_req = scsi_free_request, 2998 .send_command = scsi_block_dma_command, 2999 .read_data = scsi_read_data, 3000 .write_data = scsi_write_data, 3001 .get_buf = scsi_get_buf, 3002 .load_request = scsi_disk_load_request, 3003 .save_request = scsi_disk_save_request, 3004 }; 3005 3006 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 3007 uint32_t lun, uint8_t *buf, 3008 void *hba_private) 3009 { 3010 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3011 3012 if (scsi_block_is_passthrough(s, buf)) { 3013 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 3014 hba_private); 3015 } else { 3016 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 3017 hba_private); 3018 } 3019 } 3020 3021 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 3022 uint8_t *buf, void *hba_private) 3023 { 3024 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3025 3026 if (scsi_block_is_passthrough(s, buf)) { 3027 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 3028 } else { 3029 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 3030 } 3031 } 3032 3033 static void scsi_block_update_sense(SCSIRequest *req) 3034 { 3035 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 3036 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 3037 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 3038 } 3039 #endif 3040 3041 static 3042 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 3043 BlockCompletionFunc *cb, void *cb_opaque, 3044 void *opaque) 3045 { 3046 SCSIDiskReq *r = opaque; 3047 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3048 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3049 } 3050 3051 static 3052 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 3053 BlockCompletionFunc *cb, void *cb_opaque, 3054 void *opaque) 3055 { 3056 SCSIDiskReq *r = opaque; 3057 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3058 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3059 } 3060 3061 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 3062 { 3063 DeviceClass *dc = DEVICE_CLASS(klass); 3064 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3065 3066 dc->fw_name = "disk"; 3067 dc->reset = scsi_disk_reset; 3068 sdc->dma_readv = scsi_dma_readv; 3069 sdc->dma_writev = scsi_dma_writev; 3070 sdc->need_fua_emulation = scsi_is_cmd_fua; 3071 } 3072 3073 static const TypeInfo scsi_disk_base_info = { 3074 .name = TYPE_SCSI_DISK_BASE, 3075 .parent = TYPE_SCSI_DEVICE, 3076 .class_init = scsi_disk_base_class_initfn, 3077 .instance_size = sizeof(SCSIDiskState), 3078 .class_size = sizeof(SCSIDiskClass), 3079 .abstract = true, 3080 }; 3081 3082 #define DEFINE_SCSI_DISK_PROPERTIES() \ 3083 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 3084 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 3085 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3086 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 3087 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 3088 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 3089 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 3090 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 3091 3092 3093 static Property scsi_hd_properties[] = { 3094 DEFINE_SCSI_DISK_PROPERTIES(), 3095 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3096 SCSI_DISK_F_REMOVABLE, false), 3097 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3098 SCSI_DISK_F_DPOFUA, false), 3099 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3100 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3101 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3102 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3103 DEFAULT_MAX_UNMAP_SIZE), 3104 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3105 DEFAULT_MAX_IO_SIZE), 3106 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3107 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3108 5), 3109 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3110 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3111 0), 3112 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3113 DEFINE_PROP_END_OF_LIST(), 3114 }; 3115 3116 static const VMStateDescription vmstate_scsi_disk_state = { 3117 .name = "scsi-disk", 3118 .version_id = 1, 3119 .minimum_version_id = 1, 3120 .fields = (VMStateField[]) { 3121 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3122 VMSTATE_BOOL(media_changed, SCSIDiskState), 3123 VMSTATE_BOOL(media_event, SCSIDiskState), 3124 VMSTATE_BOOL(eject_request, SCSIDiskState), 3125 VMSTATE_BOOL(tray_open, SCSIDiskState), 3126 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3127 VMSTATE_END_OF_LIST() 3128 } 3129 }; 3130 3131 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3132 { 3133 DeviceClass *dc = DEVICE_CLASS(klass); 3134 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3135 3136 sc->realize = scsi_hd_realize; 3137 sc->unrealize = scsi_unrealize; 3138 sc->alloc_req = scsi_new_request; 3139 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3140 dc->desc = "virtual SCSI disk"; 3141 device_class_set_props(dc, scsi_hd_properties); 3142 dc->vmsd = &vmstate_scsi_disk_state; 3143 } 3144 3145 static const TypeInfo scsi_hd_info = { 3146 .name = "scsi-hd", 3147 .parent = TYPE_SCSI_DISK_BASE, 3148 .class_init = scsi_hd_class_initfn, 3149 }; 3150 3151 static Property scsi_cd_properties[] = { 3152 DEFINE_SCSI_DISK_PROPERTIES(), 3153 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3154 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3155 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3156 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3157 DEFAULT_MAX_IO_SIZE), 3158 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3159 5), 3160 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks, 3161 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0), 3162 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks, 3163 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0), 3164 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3165 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3166 0), 3167 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks, 3168 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0), 3169 DEFINE_PROP_END_OF_LIST(), 3170 }; 3171 3172 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3173 { 3174 DeviceClass *dc = DEVICE_CLASS(klass); 3175 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3176 3177 sc->realize = scsi_cd_realize; 3178 sc->alloc_req = scsi_new_request; 3179 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3180 dc->desc = "virtual SCSI CD-ROM"; 3181 device_class_set_props(dc, scsi_cd_properties); 3182 dc->vmsd = &vmstate_scsi_disk_state; 3183 } 3184 3185 static const TypeInfo scsi_cd_info = { 3186 .name = "scsi-cd", 3187 .parent = TYPE_SCSI_DISK_BASE, 3188 .class_init = scsi_cd_class_initfn, 3189 }; 3190 3191 #ifdef __linux__ 3192 static Property scsi_block_properties[] = { 3193 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3194 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3195 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3196 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3197 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3198 DEFAULT_MAX_UNMAP_SIZE), 3199 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3200 DEFAULT_MAX_IO_SIZE), 3201 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3202 -1), 3203 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3204 DEFAULT_IO_TIMEOUT), 3205 DEFINE_PROP_END_OF_LIST(), 3206 }; 3207 3208 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3209 { 3210 DeviceClass *dc = DEVICE_CLASS(klass); 3211 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3212 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3213 3214 sc->realize = scsi_block_realize; 3215 sc->alloc_req = scsi_block_new_request; 3216 sc->parse_cdb = scsi_block_parse_cdb; 3217 sdc->dma_readv = scsi_block_dma_readv; 3218 sdc->dma_writev = scsi_block_dma_writev; 3219 sdc->update_sense = scsi_block_update_sense; 3220 sdc->need_fua_emulation = scsi_block_no_fua; 3221 dc->desc = "SCSI block device passthrough"; 3222 device_class_set_props(dc, scsi_block_properties); 3223 dc->vmsd = &vmstate_scsi_disk_state; 3224 } 3225 3226 static const TypeInfo scsi_block_info = { 3227 .name = "scsi-block", 3228 .parent = TYPE_SCSI_DISK_BASE, 3229 .class_init = scsi_block_class_initfn, 3230 }; 3231 #endif 3232 3233 static void scsi_disk_register_types(void) 3234 { 3235 type_register_static(&scsi_disk_base_info); 3236 type_register_static(&scsi_hd_info); 3237 type_register_static(&scsi_cd_info); 3238 #ifdef __linux__ 3239 type_register_static(&scsi_block_info); 3240 #endif 3241 } 3242 3243 type_init(scsi_disk_register_types) 3244