1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "sysemu/dma.h" 39 40 #ifdef __linux 41 #include <scsi/sg.h> 42 #endif 43 44 #define SCSI_WRITE_SAME_MAX 524288 45 #define SCSI_DMA_BUF_SIZE 131072 46 #define SCSI_MAX_INQUIRY_LEN 256 47 #define SCSI_MAX_MODE_LEN 256 48 49 #define DEFAULT_DISCARD_GRANULARITY 4096 50 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 51 52 typedef struct SCSIDiskState SCSIDiskState; 53 54 typedef struct SCSIDiskReq { 55 SCSIRequest req; 56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 57 uint64_t sector; 58 uint32_t sector_count; 59 uint32_t buflen; 60 bool started; 61 struct iovec iov; 62 QEMUIOVector qiov; 63 BlockAcctCookie acct; 64 } SCSIDiskReq; 65 66 #define SCSI_DISK_F_REMOVABLE 0 67 #define SCSI_DISK_F_DPOFUA 1 68 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 69 70 struct SCSIDiskState 71 { 72 SCSIDevice qdev; 73 uint32_t features; 74 bool media_changed; 75 bool media_event; 76 bool eject_request; 77 uint64_t wwn; 78 uint64_t port_wwn; 79 uint16_t port_index; 80 uint64_t max_unmap_size; 81 QEMUBH *bh; 82 char *version; 83 char *serial; 84 char *vendor; 85 char *product; 86 bool tray_open; 87 bool tray_locked; 88 }; 89 90 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 91 92 static void scsi_free_request(SCSIRequest *req) 93 { 94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 95 96 qemu_vfree(r->iov.iov_base); 97 } 98 99 /* Helper function for command completion with sense. */ 100 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 101 { 102 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 103 r->req.tag, sense.key, sense.asc, sense.ascq); 104 scsi_req_build_sense(&r->req, sense); 105 scsi_req_complete(&r->req, CHECK_CONDITION); 106 } 107 108 /* Cancel a pending data transfer. */ 109 static void scsi_cancel_io(SCSIRequest *req) 110 { 111 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 112 113 DPRINTF("Cancel tag=0x%x\n", req->tag); 114 if (r->req.aiocb) { 115 bdrv_aio_cancel(r->req.aiocb); 116 117 /* This reference was left in by scsi_*_data. We take ownership of 118 * it the moment scsi_req_cancel is called, independent of whether 119 * bdrv_aio_cancel completes the request or not. */ 120 scsi_req_unref(&r->req); 121 } 122 r->req.aiocb = NULL; 123 } 124 125 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 126 { 127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 128 129 if (!r->iov.iov_base) { 130 r->buflen = size; 131 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 132 } 133 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 134 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 135 return r->qiov.size / 512; 136 } 137 138 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 139 { 140 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 141 142 qemu_put_be64s(f, &r->sector); 143 qemu_put_be32s(f, &r->sector_count); 144 qemu_put_be32s(f, &r->buflen); 145 if (r->buflen) { 146 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 148 } else if (!req->retry) { 149 uint32_t len = r->iov.iov_len; 150 qemu_put_be32s(f, &len); 151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } 153 } 154 } 155 156 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 157 { 158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 159 160 qemu_get_be64s(f, &r->sector); 161 qemu_get_be32s(f, &r->sector_count); 162 qemu_get_be32s(f, &r->buflen); 163 if (r->buflen) { 164 scsi_init_iovec(r, r->buflen); 165 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 167 } else if (!r->req.retry) { 168 uint32_t len; 169 qemu_get_be32s(f, &len); 170 r->iov.iov_len = len; 171 assert(r->iov.iov_len <= r->buflen); 172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 173 } 174 } 175 176 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 177 } 178 179 static void scsi_aio_complete(void *opaque, int ret) 180 { 181 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 183 184 assert(r->req.aiocb != NULL); 185 r->req.aiocb = NULL; 186 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 187 if (r->req.io_canceled) { 188 goto done; 189 } 190 191 if (ret < 0) { 192 if (scsi_handle_rw_error(r, -ret)) { 193 goto done; 194 } 195 } 196 197 scsi_req_complete(&r->req, GOOD); 198 199 done: 200 if (!r->req.io_canceled) { 201 scsi_req_unref(&r->req); 202 } 203 } 204 205 static bool scsi_is_cmd_fua(SCSICommand *cmd) 206 { 207 switch (cmd->buf[0]) { 208 case READ_10: 209 case READ_12: 210 case READ_16: 211 case WRITE_10: 212 case WRITE_12: 213 case WRITE_16: 214 return (cmd->buf[1] & 8) != 0; 215 216 case VERIFY_10: 217 case VERIFY_12: 218 case VERIFY_16: 219 case WRITE_VERIFY_10: 220 case WRITE_VERIFY_12: 221 case WRITE_VERIFY_16: 222 return true; 223 224 case READ_6: 225 case WRITE_6: 226 default: 227 return false; 228 } 229 } 230 231 static void scsi_write_do_fua(SCSIDiskReq *r) 232 { 233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 234 235 if (r->req.io_canceled) { 236 goto done; 237 } 238 239 if (scsi_is_cmd_fua(&r->req.cmd)) { 240 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 241 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 242 return; 243 } 244 245 scsi_req_complete(&r->req, GOOD); 246 247 done: 248 if (!r->req.io_canceled) { 249 scsi_req_unref(&r->req); 250 } 251 } 252 253 static void scsi_dma_complete_noio(void *opaque, int ret) 254 { 255 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 257 258 if (r->req.aiocb != NULL) { 259 r->req.aiocb = NULL; 260 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 261 } 262 if (r->req.io_canceled) { 263 goto done; 264 } 265 266 if (ret < 0) { 267 if (scsi_handle_rw_error(r, -ret)) { 268 goto done; 269 } 270 } 271 272 r->sector += r->sector_count; 273 r->sector_count = 0; 274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 275 scsi_write_do_fua(r); 276 return; 277 } else { 278 scsi_req_complete(&r->req, GOOD); 279 } 280 281 done: 282 if (!r->req.io_canceled) { 283 scsi_req_unref(&r->req); 284 } 285 } 286 287 static void scsi_dma_complete(void *opaque, int ret) 288 { 289 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 290 291 assert(r->req.aiocb != NULL); 292 scsi_dma_complete_noio(opaque, ret); 293 } 294 295 static void scsi_read_complete(void * opaque, int ret) 296 { 297 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 299 int n; 300 301 assert(r->req.aiocb != NULL); 302 r->req.aiocb = NULL; 303 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 304 if (r->req.io_canceled) { 305 goto done; 306 } 307 308 if (ret < 0) { 309 if (scsi_handle_rw_error(r, -ret)) { 310 goto done; 311 } 312 } 313 314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 315 316 n = r->qiov.size / 512; 317 r->sector += n; 318 r->sector_count -= n; 319 scsi_req_data(&r->req, r->qiov.size); 320 321 done: 322 if (!r->req.io_canceled) { 323 scsi_req_unref(&r->req); 324 } 325 } 326 327 /* Actually issue a read to the block device. */ 328 static void scsi_do_read(void *opaque, int ret) 329 { 330 SCSIDiskReq *r = opaque; 331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 332 uint32_t n; 333 334 if (r->req.aiocb != NULL) { 335 r->req.aiocb = NULL; 336 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 337 } 338 if (r->req.io_canceled) { 339 goto done; 340 } 341 342 if (ret < 0) { 343 if (scsi_handle_rw_error(r, -ret)) { 344 goto done; 345 } 346 } 347 348 /* The request is used as the AIO opaque value, so add a ref. */ 349 scsi_req_ref(&r->req); 350 351 if (r->req.sg) { 352 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ); 353 r->req.resid -= r->req.sg->size; 354 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, 355 scsi_dma_complete, r); 356 } else { 357 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 358 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); 359 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, 360 scsi_read_complete, r); 361 } 362 363 done: 364 if (!r->req.io_canceled) { 365 scsi_req_unref(&r->req); 366 } 367 } 368 369 /* Read more data from scsi device into buffer. */ 370 static void scsi_read_data(SCSIRequest *req) 371 { 372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 374 bool first; 375 376 DPRINTF("Read sector_count=%d\n", r->sector_count); 377 if (r->sector_count == 0) { 378 /* This also clears the sense buffer for REQUEST SENSE. */ 379 scsi_req_complete(&r->req, GOOD); 380 return; 381 } 382 383 /* No data transfer may already be in progress */ 384 assert(r->req.aiocb == NULL); 385 386 /* The request is used as the AIO opaque value, so add a ref. */ 387 scsi_req_ref(&r->req); 388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 389 DPRINTF("Data transfer direction invalid\n"); 390 scsi_read_complete(r, -EINVAL); 391 return; 392 } 393 394 if (s->tray_open) { 395 scsi_read_complete(r, -ENOMEDIUM); 396 return; 397 } 398 399 first = !r->started; 400 r->started = true; 401 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 402 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 403 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r); 404 } else { 405 scsi_do_read(r, 0); 406 } 407 } 408 409 /* 410 * scsi_handle_rw_error has two return values. 0 means that the error 411 * must be ignored, 1 means that the error has been processed and the 412 * caller should not do anything else for this request. Note that 413 * scsi_handle_rw_error always manages its reference counts, independent 414 * of the return value. 415 */ 416 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 417 { 418 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 420 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error); 421 422 if (action == BLOCK_ERROR_ACTION_REPORT) { 423 switch (error) { 424 case ENOMEDIUM: 425 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 426 break; 427 case ENOMEM: 428 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 429 break; 430 case EINVAL: 431 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 432 break; 433 case ENOSPC: 434 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 435 break; 436 default: 437 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 438 break; 439 } 440 } 441 bdrv_error_action(s->qdev.conf.bs, action, is_read, error); 442 if (action == BLOCK_ERROR_ACTION_STOP) { 443 scsi_req_retry(&r->req); 444 } 445 return action != BLOCK_ERROR_ACTION_IGNORE; 446 } 447 448 static void scsi_write_complete(void * opaque, int ret) 449 { 450 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 451 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 452 uint32_t n; 453 454 if (r->req.aiocb != NULL) { 455 r->req.aiocb = NULL; 456 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 457 } 458 if (r->req.io_canceled) { 459 goto done; 460 } 461 462 if (ret < 0) { 463 if (scsi_handle_rw_error(r, -ret)) { 464 goto done; 465 } 466 } 467 468 n = r->qiov.size / 512; 469 r->sector += n; 470 r->sector_count -= n; 471 if (r->sector_count == 0) { 472 scsi_write_do_fua(r); 473 return; 474 } else { 475 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 476 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 477 scsi_req_data(&r->req, r->qiov.size); 478 } 479 480 done: 481 if (!r->req.io_canceled) { 482 scsi_req_unref(&r->req); 483 } 484 } 485 486 static void scsi_write_data(SCSIRequest *req) 487 { 488 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 490 uint32_t n; 491 492 /* No data transfer may already be in progress */ 493 assert(r->req.aiocb == NULL); 494 495 /* The request is used as the AIO opaque value, so add a ref. */ 496 scsi_req_ref(&r->req); 497 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 498 DPRINTF("Data transfer direction invalid\n"); 499 scsi_write_complete(r, -EINVAL); 500 return; 501 } 502 503 if (!r->req.sg && !r->qiov.size) { 504 /* Called for the first time. Ask the driver to send us more data. */ 505 r->started = true; 506 scsi_write_complete(r, 0); 507 return; 508 } 509 if (s->tray_open) { 510 scsi_write_complete(r, -ENOMEDIUM); 511 return; 512 } 513 514 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 515 r->req.cmd.buf[0] == VERIFY_16) { 516 if (r->req.sg) { 517 scsi_dma_complete_noio(r, 0); 518 } else { 519 scsi_write_complete(r, 0); 520 } 521 return; 522 } 523 524 if (r->req.sg) { 525 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE); 526 r->req.resid -= r->req.sg->size; 527 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, 528 scsi_dma_complete, r); 529 } else { 530 n = r->qiov.size / 512; 531 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE); 532 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, 533 scsi_write_complete, r); 534 } 535 } 536 537 /* Return a pointer to the data buffer. */ 538 static uint8_t *scsi_get_buf(SCSIRequest *req) 539 { 540 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 541 542 return (uint8_t *)r->iov.iov_base; 543 } 544 545 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 546 { 547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 548 int buflen = 0; 549 int start; 550 551 if (req->cmd.buf[1] & 0x1) { 552 /* Vital product data */ 553 uint8_t page_code = req->cmd.buf[2]; 554 555 outbuf[buflen++] = s->qdev.type & 0x1f; 556 outbuf[buflen++] = page_code ; // this page 557 outbuf[buflen++] = 0x00; 558 outbuf[buflen++] = 0x00; 559 start = buflen; 560 561 switch (page_code) { 562 case 0x00: /* Supported page codes, mandatory */ 563 { 564 DPRINTF("Inquiry EVPD[Supported pages] " 565 "buffer size %zd\n", req->cmd.xfer); 566 outbuf[buflen++] = 0x00; // list of supported pages (this page) 567 if (s->serial) { 568 outbuf[buflen++] = 0x80; // unit serial number 569 } 570 outbuf[buflen++] = 0x83; // device identification 571 if (s->qdev.type == TYPE_DISK) { 572 outbuf[buflen++] = 0xb0; // block limits 573 outbuf[buflen++] = 0xb2; // thin provisioning 574 } 575 break; 576 } 577 case 0x80: /* Device serial number, optional */ 578 { 579 int l; 580 581 if (!s->serial) { 582 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 583 return -1; 584 } 585 586 l = strlen(s->serial); 587 if (l > 20) { 588 l = 20; 589 } 590 591 DPRINTF("Inquiry EVPD[Serial number] " 592 "buffer size %zd\n", req->cmd.xfer); 593 memcpy(outbuf+buflen, s->serial, l); 594 buflen += l; 595 break; 596 } 597 598 case 0x83: /* Device identification page, mandatory */ 599 { 600 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs); 601 int max_len = s->serial ? 20 : 255 - 8; 602 int id_len = strlen(str); 603 604 if (id_len > max_len) { 605 id_len = max_len; 606 } 607 DPRINTF("Inquiry EVPD[Device identification] " 608 "buffer size %zd\n", req->cmd.xfer); 609 610 outbuf[buflen++] = 0x2; // ASCII 611 outbuf[buflen++] = 0; // not officially assigned 612 outbuf[buflen++] = 0; // reserved 613 outbuf[buflen++] = id_len; // length of data following 614 memcpy(outbuf+buflen, str, id_len); 615 buflen += id_len; 616 617 if (s->wwn) { 618 outbuf[buflen++] = 0x1; // Binary 619 outbuf[buflen++] = 0x3; // NAA 620 outbuf[buflen++] = 0; // reserved 621 outbuf[buflen++] = 8; 622 stq_be_p(&outbuf[buflen], s->wwn); 623 buflen += 8; 624 } 625 626 if (s->port_wwn) { 627 outbuf[buflen++] = 0x61; // SAS / Binary 628 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 629 outbuf[buflen++] = 0; // reserved 630 outbuf[buflen++] = 8; 631 stq_be_p(&outbuf[buflen], s->port_wwn); 632 buflen += 8; 633 } 634 635 if (s->port_index) { 636 outbuf[buflen++] = 0x61; // SAS / Binary 637 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 638 outbuf[buflen++] = 0; // reserved 639 outbuf[buflen++] = 4; 640 stw_be_p(&outbuf[buflen + 2], s->port_index); 641 buflen += 4; 642 } 643 break; 644 } 645 case 0xb0: /* block limits */ 646 { 647 unsigned int unmap_sectors = 648 s->qdev.conf.discard_granularity / s->qdev.blocksize; 649 unsigned int min_io_size = 650 s->qdev.conf.min_io_size / s->qdev.blocksize; 651 unsigned int opt_io_size = 652 s->qdev.conf.opt_io_size / s->qdev.blocksize; 653 unsigned int max_unmap_sectors = 654 s->max_unmap_size / s->qdev.blocksize; 655 656 if (s->qdev.type == TYPE_ROM) { 657 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 658 page_code); 659 return -1; 660 } 661 /* required VPD size with unmap support */ 662 buflen = 0x40; 663 memset(outbuf + 4, 0, buflen - 4); 664 665 outbuf[4] = 0x1; /* wsnz */ 666 667 /* optimal transfer length granularity */ 668 outbuf[6] = (min_io_size >> 8) & 0xff; 669 outbuf[7] = min_io_size & 0xff; 670 671 /* optimal transfer length */ 672 outbuf[12] = (opt_io_size >> 24) & 0xff; 673 outbuf[13] = (opt_io_size >> 16) & 0xff; 674 outbuf[14] = (opt_io_size >> 8) & 0xff; 675 outbuf[15] = opt_io_size & 0xff; 676 677 /* max unmap LBA count, default is 1GB */ 678 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 679 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 680 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 681 outbuf[23] = max_unmap_sectors & 0xff; 682 683 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 684 outbuf[24] = 0; 685 outbuf[25] = 0; 686 outbuf[26] = 0; 687 outbuf[27] = 255; 688 689 /* optimal unmap granularity */ 690 outbuf[28] = (unmap_sectors >> 24) & 0xff; 691 outbuf[29] = (unmap_sectors >> 16) & 0xff; 692 outbuf[30] = (unmap_sectors >> 8) & 0xff; 693 outbuf[31] = unmap_sectors & 0xff; 694 break; 695 } 696 case 0xb2: /* thin provisioning */ 697 { 698 buflen = 8; 699 outbuf[4] = 0; 700 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 701 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 702 outbuf[7] = 0; 703 break; 704 } 705 default: 706 return -1; 707 } 708 /* done with EVPD */ 709 assert(buflen - start <= 255); 710 outbuf[start - 1] = buflen - start; 711 return buflen; 712 } 713 714 /* Standard INQUIRY data */ 715 if (req->cmd.buf[2] != 0) { 716 return -1; 717 } 718 719 /* PAGE CODE == 0 */ 720 buflen = req->cmd.xfer; 721 if (buflen > SCSI_MAX_INQUIRY_LEN) { 722 buflen = SCSI_MAX_INQUIRY_LEN; 723 } 724 725 outbuf[0] = s->qdev.type & 0x1f; 726 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 727 728 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 729 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 730 731 memset(&outbuf[32], 0, 4); 732 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 733 /* 734 * We claim conformance to SPC-3, which is required for guests 735 * to ask for modern features like READ CAPACITY(16) or the 736 * block characteristics VPD page by default. Not all of SPC-3 737 * is actually implemented, but we're good enough. 738 */ 739 outbuf[2] = 5; 740 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 741 742 if (buflen > 36) { 743 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 744 } else { 745 /* If the allocation length of CDB is too small, 746 the additional length is not adjusted */ 747 outbuf[4] = 36 - 5; 748 } 749 750 /* Sync data transfer and TCQ. */ 751 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 752 return buflen; 753 } 754 755 static inline bool media_is_dvd(SCSIDiskState *s) 756 { 757 uint64_t nb_sectors; 758 if (s->qdev.type != TYPE_ROM) { 759 return false; 760 } 761 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 762 return false; 763 } 764 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 765 return nb_sectors > CD_MAX_SECTORS; 766 } 767 768 static inline bool media_is_cd(SCSIDiskState *s) 769 { 770 uint64_t nb_sectors; 771 if (s->qdev.type != TYPE_ROM) { 772 return false; 773 } 774 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 775 return false; 776 } 777 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 778 return nb_sectors <= CD_MAX_SECTORS; 779 } 780 781 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 782 uint8_t *outbuf) 783 { 784 uint8_t type = r->req.cmd.buf[1] & 7; 785 786 if (s->qdev.type != TYPE_ROM) { 787 return -1; 788 } 789 790 /* Types 1/2 are only defined for Blu-Ray. */ 791 if (type != 0) { 792 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 793 return -1; 794 } 795 796 memset(outbuf, 0, 34); 797 outbuf[1] = 32; 798 outbuf[2] = 0xe; /* last session complete, disc finalized */ 799 outbuf[3] = 1; /* first track on disc */ 800 outbuf[4] = 1; /* # of sessions */ 801 outbuf[5] = 1; /* first track of last session */ 802 outbuf[6] = 1; /* last track of last session */ 803 outbuf[7] = 0x20; /* unrestricted use */ 804 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 805 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 806 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 807 /* 24-31: disc bar code */ 808 /* 32: disc application code */ 809 /* 33: number of OPC tables */ 810 811 return 34; 812 } 813 814 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 815 uint8_t *outbuf) 816 { 817 static const int rds_caps_size[5] = { 818 [0] = 2048 + 4, 819 [1] = 4 + 4, 820 [3] = 188 + 4, 821 [4] = 2048 + 4, 822 }; 823 824 uint8_t media = r->req.cmd.buf[1]; 825 uint8_t layer = r->req.cmd.buf[6]; 826 uint8_t format = r->req.cmd.buf[7]; 827 int size = -1; 828 829 if (s->qdev.type != TYPE_ROM) { 830 return -1; 831 } 832 if (media != 0) { 833 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 834 return -1; 835 } 836 837 if (format != 0xff) { 838 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 839 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 840 return -1; 841 } 842 if (media_is_cd(s)) { 843 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 844 return -1; 845 } 846 if (format >= ARRAY_SIZE(rds_caps_size)) { 847 return -1; 848 } 849 size = rds_caps_size[format]; 850 memset(outbuf, 0, size); 851 } 852 853 switch (format) { 854 case 0x00: { 855 /* Physical format information */ 856 uint64_t nb_sectors; 857 if (layer != 0) { 858 goto fail; 859 } 860 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 861 862 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 863 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 864 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 865 outbuf[7] = 0; /* default densities */ 866 867 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 868 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 869 break; 870 } 871 872 case 0x01: /* DVD copyright information, all zeros */ 873 break; 874 875 case 0x03: /* BCA information - invalid field for no BCA info */ 876 return -1; 877 878 case 0x04: /* DVD disc manufacturing information, all zeros */ 879 break; 880 881 case 0xff: { /* List capabilities */ 882 int i; 883 size = 4; 884 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 885 if (!rds_caps_size[i]) { 886 continue; 887 } 888 outbuf[size] = i; 889 outbuf[size + 1] = 0x40; /* Not writable, readable */ 890 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 891 size += 4; 892 } 893 break; 894 } 895 896 default: 897 return -1; 898 } 899 900 /* Size of buffer, not including 2 byte size field */ 901 stw_be_p(outbuf, size - 2); 902 return size; 903 904 fail: 905 return -1; 906 } 907 908 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 909 { 910 uint8_t event_code, media_status; 911 912 media_status = 0; 913 if (s->tray_open) { 914 media_status = MS_TRAY_OPEN; 915 } else if (bdrv_is_inserted(s->qdev.conf.bs)) { 916 media_status = MS_MEDIA_PRESENT; 917 } 918 919 /* Event notification descriptor */ 920 event_code = MEC_NO_CHANGE; 921 if (media_status != MS_TRAY_OPEN) { 922 if (s->media_event) { 923 event_code = MEC_NEW_MEDIA; 924 s->media_event = false; 925 } else if (s->eject_request) { 926 event_code = MEC_EJECT_REQUESTED; 927 s->eject_request = false; 928 } 929 } 930 931 outbuf[0] = event_code; 932 outbuf[1] = media_status; 933 934 /* These fields are reserved, just clear them. */ 935 outbuf[2] = 0; 936 outbuf[3] = 0; 937 return 4; 938 } 939 940 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 941 uint8_t *outbuf) 942 { 943 int size; 944 uint8_t *buf = r->req.cmd.buf; 945 uint8_t notification_class_request = buf[4]; 946 if (s->qdev.type != TYPE_ROM) { 947 return -1; 948 } 949 if ((buf[1] & 1) == 0) { 950 /* asynchronous */ 951 return -1; 952 } 953 954 size = 4; 955 outbuf[0] = outbuf[1] = 0; 956 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 957 if (notification_class_request & (1 << GESN_MEDIA)) { 958 outbuf[2] = GESN_MEDIA; 959 size += scsi_event_status_media(s, &outbuf[size]); 960 } else { 961 outbuf[2] = 0x80; 962 } 963 stw_be_p(outbuf, size - 4); 964 return size; 965 } 966 967 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 968 { 969 int current; 970 971 if (s->qdev.type != TYPE_ROM) { 972 return -1; 973 } 974 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 975 memset(outbuf, 0, 40); 976 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 977 stw_be_p(&outbuf[6], current); 978 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 979 outbuf[10] = 0x03; /* persistent, current */ 980 outbuf[11] = 8; /* two profiles */ 981 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 982 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 983 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 984 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 985 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 986 stw_be_p(&outbuf[20], 1); 987 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 988 outbuf[23] = 8; 989 stl_be_p(&outbuf[24], 1); /* SCSI */ 990 outbuf[28] = 1; /* DBE = 1, mandatory */ 991 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 992 stw_be_p(&outbuf[32], 3); 993 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 994 outbuf[35] = 4; 995 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 996 /* TODO: Random readable, CD read, DVD read, drive serial number, 997 power management */ 998 return 40; 999 } 1000 1001 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1002 { 1003 if (s->qdev.type != TYPE_ROM) { 1004 return -1; 1005 } 1006 memset(outbuf, 0, 8); 1007 outbuf[5] = 1; /* CD-ROM */ 1008 return 8; 1009 } 1010 1011 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1012 int page_control) 1013 { 1014 static const int mode_sense_valid[0x3f] = { 1015 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1016 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1017 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1018 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1019 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1020 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1021 }; 1022 1023 uint8_t *p = *p_outbuf + 2; 1024 int length; 1025 1026 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1027 return -1; 1028 } 1029 1030 /* 1031 * If Changeable Values are requested, a mask denoting those mode parameters 1032 * that are changeable shall be returned. As we currently don't support 1033 * parameter changes via MODE_SELECT all bits are returned set to zero. 1034 * The buffer was already menset to zero by the caller of this function. 1035 * 1036 * The offsets here are off by two compared to the descriptions in the 1037 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1038 * but it is done so that offsets are consistent within our implementation 1039 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1040 * 2-byte and 4-byte headers. 1041 */ 1042 switch (page) { 1043 case MODE_PAGE_HD_GEOMETRY: 1044 length = 0x16; 1045 if (page_control == 1) { /* Changeable Values */ 1046 break; 1047 } 1048 /* if a geometry hint is available, use it */ 1049 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1050 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1051 p[2] = s->qdev.conf.cyls & 0xff; 1052 p[3] = s->qdev.conf.heads & 0xff; 1053 /* Write precomp start cylinder, disabled */ 1054 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1055 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1056 p[6] = s->qdev.conf.cyls & 0xff; 1057 /* Reduced current start cylinder, disabled */ 1058 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1059 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1060 p[9] = s->qdev.conf.cyls & 0xff; 1061 /* Device step rate [ns], 200ns */ 1062 p[10] = 0; 1063 p[11] = 200; 1064 /* Landing zone cylinder */ 1065 p[12] = 0xff; 1066 p[13] = 0xff; 1067 p[14] = 0xff; 1068 /* Medium rotation rate [rpm], 5400 rpm */ 1069 p[18] = (5400 >> 8) & 0xff; 1070 p[19] = 5400 & 0xff; 1071 break; 1072 1073 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1074 length = 0x1e; 1075 if (page_control == 1) { /* Changeable Values */ 1076 break; 1077 } 1078 /* Transfer rate [kbit/s], 5Mbit/s */ 1079 p[0] = 5000 >> 8; 1080 p[1] = 5000 & 0xff; 1081 /* if a geometry hint is available, use it */ 1082 p[2] = s->qdev.conf.heads & 0xff; 1083 p[3] = s->qdev.conf.secs & 0xff; 1084 p[4] = s->qdev.blocksize >> 8; 1085 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1086 p[7] = s->qdev.conf.cyls & 0xff; 1087 /* Write precomp start cylinder, disabled */ 1088 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1089 p[9] = s->qdev.conf.cyls & 0xff; 1090 /* Reduced current start cylinder, disabled */ 1091 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1092 p[11] = s->qdev.conf.cyls & 0xff; 1093 /* Device step rate [100us], 100us */ 1094 p[12] = 0; 1095 p[13] = 1; 1096 /* Device step pulse width [us], 1us */ 1097 p[14] = 1; 1098 /* Device head settle delay [100us], 100us */ 1099 p[15] = 0; 1100 p[16] = 1; 1101 /* Motor on delay [0.1s], 0.1s */ 1102 p[17] = 1; 1103 /* Motor off delay [0.1s], 0.1s */ 1104 p[18] = 1; 1105 /* Medium rotation rate [rpm], 5400 rpm */ 1106 p[26] = (5400 >> 8) & 0xff; 1107 p[27] = 5400 & 0xff; 1108 break; 1109 1110 case MODE_PAGE_CACHING: 1111 length = 0x12; 1112 if (page_control == 1 || /* Changeable Values */ 1113 bdrv_enable_write_cache(s->qdev.conf.bs)) { 1114 p[0] = 4; /* WCE */ 1115 } 1116 break; 1117 1118 case MODE_PAGE_R_W_ERROR: 1119 length = 10; 1120 if (page_control == 1) { /* Changeable Values */ 1121 break; 1122 } 1123 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1124 if (s->qdev.type == TYPE_ROM) { 1125 p[1] = 0x20; /* Read Retry Count */ 1126 } 1127 break; 1128 1129 case MODE_PAGE_AUDIO_CTL: 1130 length = 14; 1131 break; 1132 1133 case MODE_PAGE_CAPABILITIES: 1134 length = 0x14; 1135 if (page_control == 1) { /* Changeable Values */ 1136 break; 1137 } 1138 1139 p[0] = 0x3b; /* CD-R & CD-RW read */ 1140 p[1] = 0; /* Writing not supported */ 1141 p[2] = 0x7f; /* Audio, composite, digital out, 1142 mode 2 form 1&2, multi session */ 1143 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1144 RW corrected, C2 errors, ISRC, 1145 UPC, Bar code */ 1146 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1147 /* Locking supported, jumper present, eject, tray */ 1148 p[5] = 0; /* no volume & mute control, no 1149 changer */ 1150 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1151 p[7] = (50 * 176) & 0xff; 1152 p[8] = 2 >> 8; /* Two volume levels */ 1153 p[9] = 2 & 0xff; 1154 p[10] = 2048 >> 8; /* 2M buffer */ 1155 p[11] = 2048 & 0xff; 1156 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1157 p[13] = (16 * 176) & 0xff; 1158 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1159 p[17] = (16 * 176) & 0xff; 1160 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1161 p[19] = (16 * 176) & 0xff; 1162 break; 1163 1164 default: 1165 return -1; 1166 } 1167 1168 assert(length < 256); 1169 (*p_outbuf)[0] = page; 1170 (*p_outbuf)[1] = length; 1171 *p_outbuf += length + 2; 1172 return length + 2; 1173 } 1174 1175 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1176 { 1177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1178 uint64_t nb_sectors; 1179 bool dbd; 1180 int page, buflen, ret, page_control; 1181 uint8_t *p; 1182 uint8_t dev_specific_param; 1183 1184 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1185 page = r->req.cmd.buf[2] & 0x3f; 1186 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1187 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1188 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1189 memset(outbuf, 0, r->req.cmd.xfer); 1190 p = outbuf; 1191 1192 if (s->qdev.type == TYPE_DISK) { 1193 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1194 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1195 dev_specific_param |= 0x80; /* Readonly. */ 1196 } 1197 } else { 1198 /* MMC prescribes that CD/DVD drives have no block descriptors, 1199 * and defines no device-specific parameter. */ 1200 dev_specific_param = 0x00; 1201 dbd = true; 1202 } 1203 1204 if (r->req.cmd.buf[0] == MODE_SENSE) { 1205 p[1] = 0; /* Default media type. */ 1206 p[2] = dev_specific_param; 1207 p[3] = 0; /* Block descriptor length. */ 1208 p += 4; 1209 } else { /* MODE_SENSE_10 */ 1210 p[2] = 0; /* Default media type. */ 1211 p[3] = dev_specific_param; 1212 p[6] = p[7] = 0; /* Block descriptor length. */ 1213 p += 8; 1214 } 1215 1216 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1217 if (!dbd && nb_sectors) { 1218 if (r->req.cmd.buf[0] == MODE_SENSE) { 1219 outbuf[3] = 8; /* Block descriptor length */ 1220 } else { /* MODE_SENSE_10 */ 1221 outbuf[7] = 8; /* Block descriptor length */ 1222 } 1223 nb_sectors /= (s->qdev.blocksize / 512); 1224 if (nb_sectors > 0xffffff) { 1225 nb_sectors = 0; 1226 } 1227 p[0] = 0; /* media density code */ 1228 p[1] = (nb_sectors >> 16) & 0xff; 1229 p[2] = (nb_sectors >> 8) & 0xff; 1230 p[3] = nb_sectors & 0xff; 1231 p[4] = 0; /* reserved */ 1232 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1233 p[6] = s->qdev.blocksize >> 8; 1234 p[7] = 0; 1235 p += 8; 1236 } 1237 1238 if (page_control == 3) { 1239 /* Saved Values */ 1240 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1241 return -1; 1242 } 1243 1244 if (page == 0x3f) { 1245 for (page = 0; page <= 0x3e; page++) { 1246 mode_sense_page(s, page, &p, page_control); 1247 } 1248 } else { 1249 ret = mode_sense_page(s, page, &p, page_control); 1250 if (ret == -1) { 1251 return -1; 1252 } 1253 } 1254 1255 buflen = p - outbuf; 1256 /* 1257 * The mode data length field specifies the length in bytes of the 1258 * following data that is available to be transferred. The mode data 1259 * length does not include itself. 1260 */ 1261 if (r->req.cmd.buf[0] == MODE_SENSE) { 1262 outbuf[0] = buflen - 1; 1263 } else { /* MODE_SENSE_10 */ 1264 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1265 outbuf[1] = (buflen - 2) & 0xff; 1266 } 1267 return buflen; 1268 } 1269 1270 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1271 { 1272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1273 int start_track, format, msf, toclen; 1274 uint64_t nb_sectors; 1275 1276 msf = req->cmd.buf[1] & 2; 1277 format = req->cmd.buf[2] & 0xf; 1278 start_track = req->cmd.buf[6]; 1279 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1280 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1281 nb_sectors /= s->qdev.blocksize / 512; 1282 switch (format) { 1283 case 0: 1284 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1285 break; 1286 case 1: 1287 /* multi session : only a single session defined */ 1288 toclen = 12; 1289 memset(outbuf, 0, 12); 1290 outbuf[1] = 0x0a; 1291 outbuf[2] = 0x01; 1292 outbuf[3] = 0x01; 1293 break; 1294 case 2: 1295 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1296 break; 1297 default: 1298 return -1; 1299 } 1300 return toclen; 1301 } 1302 1303 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1304 { 1305 SCSIRequest *req = &r->req; 1306 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1307 bool start = req->cmd.buf[4] & 1; 1308 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1309 int pwrcnd = req->cmd.buf[4] & 0xf0; 1310 1311 if (pwrcnd) { 1312 /* eject/load only happens for power condition == 0 */ 1313 return 0; 1314 } 1315 1316 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1317 if (!start && !s->tray_open && s->tray_locked) { 1318 scsi_check_condition(r, 1319 bdrv_is_inserted(s->qdev.conf.bs) 1320 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1321 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1322 return -1; 1323 } 1324 1325 if (s->tray_open != !start) { 1326 bdrv_eject(s->qdev.conf.bs, !start); 1327 s->tray_open = !start; 1328 } 1329 } 1330 return 0; 1331 } 1332 1333 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1334 { 1335 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1336 int buflen = r->iov.iov_len; 1337 1338 if (buflen) { 1339 DPRINTF("Read buf_len=%d\n", buflen); 1340 r->iov.iov_len = 0; 1341 r->started = true; 1342 scsi_req_data(&r->req, buflen); 1343 return; 1344 } 1345 1346 /* This also clears the sense buffer for REQUEST SENSE. */ 1347 scsi_req_complete(&r->req, GOOD); 1348 } 1349 1350 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1351 uint8_t *inbuf, int inlen) 1352 { 1353 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1354 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1355 uint8_t *p; 1356 int len, expected_len, changeable_len, i; 1357 1358 /* The input buffer does not include the page header, so it is 1359 * off by 2 bytes. 1360 */ 1361 expected_len = inlen + 2; 1362 if (expected_len > SCSI_MAX_MODE_LEN) { 1363 return -1; 1364 } 1365 1366 p = mode_current; 1367 memset(mode_current, 0, inlen + 2); 1368 len = mode_sense_page(s, page, &p, 0); 1369 if (len < 0 || len != expected_len) { 1370 return -1; 1371 } 1372 1373 p = mode_changeable; 1374 memset(mode_changeable, 0, inlen + 2); 1375 changeable_len = mode_sense_page(s, page, &p, 1); 1376 assert(changeable_len == len); 1377 1378 /* Check that unchangeable bits are the same as what MODE SENSE 1379 * would return. 1380 */ 1381 for (i = 2; i < len; i++) { 1382 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1383 return -1; 1384 } 1385 } 1386 return 0; 1387 } 1388 1389 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1390 { 1391 switch (page) { 1392 case MODE_PAGE_CACHING: 1393 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0); 1394 break; 1395 1396 default: 1397 break; 1398 } 1399 } 1400 1401 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1402 { 1403 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1404 1405 while (len > 0) { 1406 int page, subpage, page_len; 1407 1408 /* Parse both possible formats for the mode page headers. */ 1409 page = p[0] & 0x3f; 1410 if (p[0] & 0x40) { 1411 if (len < 4) { 1412 goto invalid_param_len; 1413 } 1414 subpage = p[1]; 1415 page_len = lduw_be_p(&p[2]); 1416 p += 4; 1417 len -= 4; 1418 } else { 1419 if (len < 2) { 1420 goto invalid_param_len; 1421 } 1422 subpage = 0; 1423 page_len = p[1]; 1424 p += 2; 1425 len -= 2; 1426 } 1427 1428 if (subpage) { 1429 goto invalid_param; 1430 } 1431 if (page_len > len) { 1432 goto invalid_param_len; 1433 } 1434 1435 if (!change) { 1436 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1437 goto invalid_param; 1438 } 1439 } else { 1440 scsi_disk_apply_mode_select(s, page, p); 1441 } 1442 1443 p += page_len; 1444 len -= page_len; 1445 } 1446 return 0; 1447 1448 invalid_param: 1449 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1450 return -1; 1451 1452 invalid_param_len: 1453 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1454 return -1; 1455 } 1456 1457 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1458 { 1459 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1460 uint8_t *p = inbuf; 1461 int cmd = r->req.cmd.buf[0]; 1462 int len = r->req.cmd.xfer; 1463 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1464 int bd_len; 1465 int pass; 1466 1467 /* We only support PF=1, SP=0. */ 1468 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1469 goto invalid_field; 1470 } 1471 1472 if (len < hdr_len) { 1473 goto invalid_param_len; 1474 } 1475 1476 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1477 len -= hdr_len; 1478 p += hdr_len; 1479 if (len < bd_len) { 1480 goto invalid_param_len; 1481 } 1482 if (bd_len != 0 && bd_len != 8) { 1483 goto invalid_param; 1484 } 1485 1486 len -= bd_len; 1487 p += bd_len; 1488 1489 /* Ensure no change is made if there is an error! */ 1490 for (pass = 0; pass < 2; pass++) { 1491 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1492 assert(pass == 0); 1493 return; 1494 } 1495 } 1496 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) { 1497 /* The request is used as the AIO opaque value, so add a ref. */ 1498 scsi_req_ref(&r->req); 1499 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1500 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1501 return; 1502 } 1503 1504 scsi_req_complete(&r->req, GOOD); 1505 return; 1506 1507 invalid_param: 1508 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1509 return; 1510 1511 invalid_param_len: 1512 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1513 return; 1514 1515 invalid_field: 1516 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1517 } 1518 1519 static inline bool check_lba_range(SCSIDiskState *s, 1520 uint64_t sector_num, uint32_t nb_sectors) 1521 { 1522 /* 1523 * The first line tests that no overflow happens when computing the last 1524 * sector. The second line tests that the last accessed sector is in 1525 * range. 1526 * 1527 * Careful, the computations should not underflow for nb_sectors == 0, 1528 * and a 0-block read to the first LBA beyond the end of device is 1529 * valid. 1530 */ 1531 return (sector_num <= sector_num + nb_sectors && 1532 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1533 } 1534 1535 typedef struct UnmapCBData { 1536 SCSIDiskReq *r; 1537 uint8_t *inbuf; 1538 int count; 1539 } UnmapCBData; 1540 1541 static void scsi_unmap_complete(void *opaque, int ret) 1542 { 1543 UnmapCBData *data = opaque; 1544 SCSIDiskReq *r = data->r; 1545 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1546 uint64_t sector_num; 1547 uint32_t nb_sectors; 1548 1549 r->req.aiocb = NULL; 1550 if (r->req.io_canceled) { 1551 goto done; 1552 } 1553 1554 if (ret < 0) { 1555 if (scsi_handle_rw_error(r, -ret)) { 1556 goto done; 1557 } 1558 } 1559 1560 if (data->count > 0) { 1561 sector_num = ldq_be_p(&data->inbuf[0]); 1562 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1563 if (!check_lba_range(s, sector_num, nb_sectors)) { 1564 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1565 goto done; 1566 } 1567 1568 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1569 sector_num * (s->qdev.blocksize / 512), 1570 nb_sectors * (s->qdev.blocksize / 512), 1571 scsi_unmap_complete, data); 1572 data->count--; 1573 data->inbuf += 16; 1574 return; 1575 } 1576 1577 scsi_req_complete(&r->req, GOOD); 1578 1579 done: 1580 if (!r->req.io_canceled) { 1581 scsi_req_unref(&r->req); 1582 } 1583 g_free(data); 1584 } 1585 1586 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1587 { 1588 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1589 uint8_t *p = inbuf; 1590 int len = r->req.cmd.xfer; 1591 UnmapCBData *data; 1592 1593 /* Reject ANCHOR=1. */ 1594 if (r->req.cmd.buf[1] & 0x1) { 1595 goto invalid_field; 1596 } 1597 1598 if (len < 8) { 1599 goto invalid_param_len; 1600 } 1601 if (len < lduw_be_p(&p[0]) + 2) { 1602 goto invalid_param_len; 1603 } 1604 if (len < lduw_be_p(&p[2]) + 8) { 1605 goto invalid_param_len; 1606 } 1607 if (lduw_be_p(&p[2]) & 15) { 1608 goto invalid_param_len; 1609 } 1610 1611 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1612 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1613 return; 1614 } 1615 1616 data = g_new0(UnmapCBData, 1); 1617 data->r = r; 1618 data->inbuf = &p[8]; 1619 data->count = lduw_be_p(&p[2]) >> 4; 1620 1621 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1622 scsi_req_ref(&r->req); 1623 scsi_unmap_complete(data, 0); 1624 return; 1625 1626 invalid_param_len: 1627 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1628 return; 1629 1630 invalid_field: 1631 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1632 } 1633 1634 typedef struct WriteSameCBData { 1635 SCSIDiskReq *r; 1636 int64_t sector; 1637 int nb_sectors; 1638 QEMUIOVector qiov; 1639 struct iovec iov; 1640 } WriteSameCBData; 1641 1642 static void scsi_write_same_complete(void *opaque, int ret) 1643 { 1644 WriteSameCBData *data = opaque; 1645 SCSIDiskReq *r = data->r; 1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1647 1648 assert(r->req.aiocb != NULL); 1649 r->req.aiocb = NULL; 1650 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 1651 if (r->req.io_canceled) { 1652 goto done; 1653 } 1654 1655 if (ret < 0) { 1656 if (scsi_handle_rw_error(r, -ret)) { 1657 goto done; 1658 } 1659 } 1660 1661 data->nb_sectors -= data->iov.iov_len / 512; 1662 data->sector += data->iov.iov_len / 512; 1663 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1664 if (data->iov.iov_len) { 1665 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); 1666 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1667 &data->qiov, data->iov.iov_len / 512, 1668 scsi_write_same_complete, data); 1669 return; 1670 } 1671 1672 scsi_req_complete(&r->req, GOOD); 1673 1674 done: 1675 if (!r->req.io_canceled) { 1676 scsi_req_unref(&r->req); 1677 } 1678 qemu_vfree(data->iov.iov_base); 1679 g_free(data); 1680 } 1681 1682 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1683 { 1684 SCSIRequest *req = &r->req; 1685 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1686 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); 1687 WriteSameCBData *data; 1688 uint8_t *buf; 1689 int i; 1690 1691 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1692 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1693 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1694 return; 1695 } 1696 1697 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1698 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1699 return; 1700 } 1701 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1702 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1703 return; 1704 } 1705 1706 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1707 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1708 1709 /* The request is used as the AIO opaque value, so add a ref. */ 1710 scsi_req_ref(&r->req); 1711 bdrv_acct_start(s->qdev.conf.bs, &r->acct, nb_sectors * s->qdev.blocksize, 1712 BDRV_ACCT_WRITE); 1713 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs, 1714 r->req.cmd.lba * (s->qdev.blocksize / 512), 1715 nb_sectors * (s->qdev.blocksize / 512), 1716 flags, scsi_aio_complete, r); 1717 return; 1718 } 1719 1720 data = g_new0(WriteSameCBData, 1); 1721 data->r = r; 1722 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1723 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1724 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1725 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len); 1726 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1727 1728 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1729 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1730 } 1731 1732 scsi_req_ref(&r->req); 1733 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); 1734 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1735 &data->qiov, data->iov.iov_len / 512, 1736 scsi_write_same_complete, data); 1737 } 1738 1739 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1740 { 1741 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1742 1743 if (r->iov.iov_len) { 1744 int buflen = r->iov.iov_len; 1745 DPRINTF("Write buf_len=%d\n", buflen); 1746 r->iov.iov_len = 0; 1747 scsi_req_data(&r->req, buflen); 1748 return; 1749 } 1750 1751 switch (req->cmd.buf[0]) { 1752 case MODE_SELECT: 1753 case MODE_SELECT_10: 1754 /* This also clears the sense buffer for REQUEST SENSE. */ 1755 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1756 break; 1757 1758 case UNMAP: 1759 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1760 break; 1761 1762 case VERIFY_10: 1763 case VERIFY_12: 1764 case VERIFY_16: 1765 if (r->req.status == -1) { 1766 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1767 } 1768 break; 1769 1770 case WRITE_SAME_10: 1771 case WRITE_SAME_16: 1772 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1773 break; 1774 1775 default: 1776 abort(); 1777 } 1778 } 1779 1780 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1781 { 1782 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1784 uint64_t nb_sectors; 1785 uint8_t *outbuf; 1786 int buflen; 1787 1788 switch (req->cmd.buf[0]) { 1789 case INQUIRY: 1790 case MODE_SENSE: 1791 case MODE_SENSE_10: 1792 case RESERVE: 1793 case RESERVE_10: 1794 case RELEASE: 1795 case RELEASE_10: 1796 case START_STOP: 1797 case ALLOW_MEDIUM_REMOVAL: 1798 case GET_CONFIGURATION: 1799 case GET_EVENT_STATUS_NOTIFICATION: 1800 case MECHANISM_STATUS: 1801 case REQUEST_SENSE: 1802 break; 1803 1804 default: 1805 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1806 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1807 return 0; 1808 } 1809 break; 1810 } 1811 1812 /* 1813 * FIXME: we shouldn't return anything bigger than 4k, but the code 1814 * requires the buffer to be as big as req->cmd.xfer in several 1815 * places. So, do not allow CDBs with a very large ALLOCATION 1816 * LENGTH. The real fix would be to modify scsi_read_data and 1817 * dma_buf_read, so that they return data beyond the buflen 1818 * as all zeros. 1819 */ 1820 if (req->cmd.xfer > 65536) { 1821 goto illegal_request; 1822 } 1823 r->buflen = MAX(4096, req->cmd.xfer); 1824 1825 if (!r->iov.iov_base) { 1826 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 1827 } 1828 1829 buflen = req->cmd.xfer; 1830 outbuf = r->iov.iov_base; 1831 memset(outbuf, 0, r->buflen); 1832 switch (req->cmd.buf[0]) { 1833 case TEST_UNIT_READY: 1834 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs)); 1835 break; 1836 case INQUIRY: 1837 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1838 if (buflen < 0) { 1839 goto illegal_request; 1840 } 1841 break; 1842 case MODE_SENSE: 1843 case MODE_SENSE_10: 1844 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1845 if (buflen < 0) { 1846 goto illegal_request; 1847 } 1848 break; 1849 case READ_TOC: 1850 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1851 if (buflen < 0) { 1852 goto illegal_request; 1853 } 1854 break; 1855 case RESERVE: 1856 if (req->cmd.buf[1] & 1) { 1857 goto illegal_request; 1858 } 1859 break; 1860 case RESERVE_10: 1861 if (req->cmd.buf[1] & 3) { 1862 goto illegal_request; 1863 } 1864 break; 1865 case RELEASE: 1866 if (req->cmd.buf[1] & 1) { 1867 goto illegal_request; 1868 } 1869 break; 1870 case RELEASE_10: 1871 if (req->cmd.buf[1] & 3) { 1872 goto illegal_request; 1873 } 1874 break; 1875 case START_STOP: 1876 if (scsi_disk_emulate_start_stop(r) < 0) { 1877 return 0; 1878 } 1879 break; 1880 case ALLOW_MEDIUM_REMOVAL: 1881 s->tray_locked = req->cmd.buf[4] & 1; 1882 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1); 1883 break; 1884 case READ_CAPACITY_10: 1885 /* The normal LEN field for this command is zero. */ 1886 memset(outbuf, 0, 8); 1887 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1888 if (!nb_sectors) { 1889 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1890 return 0; 1891 } 1892 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1893 goto illegal_request; 1894 } 1895 nb_sectors /= s->qdev.blocksize / 512; 1896 /* Returned value is the address of the last sector. */ 1897 nb_sectors--; 1898 /* Remember the new size for read/write sanity checking. */ 1899 s->qdev.max_lba = nb_sectors; 1900 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1901 if (nb_sectors > UINT32_MAX) { 1902 nb_sectors = UINT32_MAX; 1903 } 1904 outbuf[0] = (nb_sectors >> 24) & 0xff; 1905 outbuf[1] = (nb_sectors >> 16) & 0xff; 1906 outbuf[2] = (nb_sectors >> 8) & 0xff; 1907 outbuf[3] = nb_sectors & 0xff; 1908 outbuf[4] = 0; 1909 outbuf[5] = 0; 1910 outbuf[6] = s->qdev.blocksize >> 8; 1911 outbuf[7] = 0; 1912 break; 1913 case REQUEST_SENSE: 1914 /* Just return "NO SENSE". */ 1915 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1916 (req->cmd.buf[1] & 1) == 0); 1917 if (buflen < 0) { 1918 goto illegal_request; 1919 } 1920 break; 1921 case MECHANISM_STATUS: 1922 buflen = scsi_emulate_mechanism_status(s, outbuf); 1923 if (buflen < 0) { 1924 goto illegal_request; 1925 } 1926 break; 1927 case GET_CONFIGURATION: 1928 buflen = scsi_get_configuration(s, outbuf); 1929 if (buflen < 0) { 1930 goto illegal_request; 1931 } 1932 break; 1933 case GET_EVENT_STATUS_NOTIFICATION: 1934 buflen = scsi_get_event_status_notification(s, r, outbuf); 1935 if (buflen < 0) { 1936 goto illegal_request; 1937 } 1938 break; 1939 case READ_DISC_INFORMATION: 1940 buflen = scsi_read_disc_information(s, r, outbuf); 1941 if (buflen < 0) { 1942 goto illegal_request; 1943 } 1944 break; 1945 case READ_DVD_STRUCTURE: 1946 buflen = scsi_read_dvd_structure(s, r, outbuf); 1947 if (buflen < 0) { 1948 goto illegal_request; 1949 } 1950 break; 1951 case SERVICE_ACTION_IN_16: 1952 /* Service Action In subcommands. */ 1953 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1954 DPRINTF("SAI READ CAPACITY(16)\n"); 1955 memset(outbuf, 0, req->cmd.xfer); 1956 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1957 if (!nb_sectors) { 1958 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1959 return 0; 1960 } 1961 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1962 goto illegal_request; 1963 } 1964 nb_sectors /= s->qdev.blocksize / 512; 1965 /* Returned value is the address of the last sector. */ 1966 nb_sectors--; 1967 /* Remember the new size for read/write sanity checking. */ 1968 s->qdev.max_lba = nb_sectors; 1969 outbuf[0] = (nb_sectors >> 56) & 0xff; 1970 outbuf[1] = (nb_sectors >> 48) & 0xff; 1971 outbuf[2] = (nb_sectors >> 40) & 0xff; 1972 outbuf[3] = (nb_sectors >> 32) & 0xff; 1973 outbuf[4] = (nb_sectors >> 24) & 0xff; 1974 outbuf[5] = (nb_sectors >> 16) & 0xff; 1975 outbuf[6] = (nb_sectors >> 8) & 0xff; 1976 outbuf[7] = nb_sectors & 0xff; 1977 outbuf[8] = 0; 1978 outbuf[9] = 0; 1979 outbuf[10] = s->qdev.blocksize >> 8; 1980 outbuf[11] = 0; 1981 outbuf[12] = 0; 1982 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1983 1984 /* set TPE bit if the format supports discard */ 1985 if (s->qdev.conf.discard_granularity) { 1986 outbuf[14] = 0x80; 1987 } 1988 1989 /* Protection, exponent and lowest lba field left blank. */ 1990 break; 1991 } 1992 DPRINTF("Unsupported Service Action In\n"); 1993 goto illegal_request; 1994 case SYNCHRONIZE_CACHE: 1995 /* The request is used as the AIO opaque value, so add a ref. */ 1996 scsi_req_ref(&r->req); 1997 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1998 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1999 return 0; 2000 case SEEK_10: 2001 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2002 if (r->req.cmd.lba > s->qdev.max_lba) { 2003 goto illegal_lba; 2004 } 2005 break; 2006 case MODE_SELECT: 2007 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2008 break; 2009 case MODE_SELECT_10: 2010 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2011 break; 2012 case UNMAP: 2013 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2014 break; 2015 case VERIFY_10: 2016 case VERIFY_12: 2017 case VERIFY_16: 2018 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2019 if (req->cmd.buf[1] & 6) { 2020 goto illegal_request; 2021 } 2022 break; 2023 case WRITE_SAME_10: 2024 case WRITE_SAME_16: 2025 DPRINTF("WRITE SAME %d (len %lu)\n", 2026 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2027 (long)r->req.cmd.xfer); 2028 break; 2029 default: 2030 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2031 scsi_command_name(buf[0])); 2032 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2033 return 0; 2034 } 2035 assert(!r->req.aiocb); 2036 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2037 if (r->iov.iov_len == 0) { 2038 scsi_req_complete(&r->req, GOOD); 2039 } 2040 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2041 assert(r->iov.iov_len == req->cmd.xfer); 2042 return -r->iov.iov_len; 2043 } else { 2044 return r->iov.iov_len; 2045 } 2046 2047 illegal_request: 2048 if (r->req.status == -1) { 2049 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2050 } 2051 return 0; 2052 2053 illegal_lba: 2054 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2055 return 0; 2056 } 2057 2058 /* Execute a scsi command. Returns the length of the data expected by the 2059 command. This will be Positive for data transfers from the device 2060 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2061 and zero if the command does not transfer any data. */ 2062 2063 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2064 { 2065 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2066 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2067 uint32_t len; 2068 uint8_t command; 2069 2070 command = buf[0]; 2071 2072 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 2073 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2074 return 0; 2075 } 2076 2077 len = scsi_data_cdb_length(r->req.cmd.buf); 2078 switch (command) { 2079 case READ_6: 2080 case READ_10: 2081 case READ_12: 2082 case READ_16: 2083 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2084 if (r->req.cmd.buf[1] & 0xe0) { 2085 goto illegal_request; 2086 } 2087 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2088 goto illegal_lba; 2089 } 2090 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2091 r->sector_count = len * (s->qdev.blocksize / 512); 2092 break; 2093 case WRITE_6: 2094 case WRITE_10: 2095 case WRITE_12: 2096 case WRITE_16: 2097 case WRITE_VERIFY_10: 2098 case WRITE_VERIFY_12: 2099 case WRITE_VERIFY_16: 2100 if (bdrv_is_read_only(s->qdev.conf.bs)) { 2101 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2102 return 0; 2103 } 2104 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2105 (command & 0xe) == 0xe ? "And Verify " : "", 2106 r->req.cmd.lba, len); 2107 if (r->req.cmd.buf[1] & 0xe0) { 2108 goto illegal_request; 2109 } 2110 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2111 goto illegal_lba; 2112 } 2113 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2114 r->sector_count = len * (s->qdev.blocksize / 512); 2115 break; 2116 default: 2117 abort(); 2118 illegal_request: 2119 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2120 return 0; 2121 illegal_lba: 2122 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2123 return 0; 2124 } 2125 if (r->sector_count == 0) { 2126 scsi_req_complete(&r->req, GOOD); 2127 } 2128 assert(r->iov.iov_len == 0); 2129 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2130 return -r->sector_count * 512; 2131 } else { 2132 return r->sector_count * 512; 2133 } 2134 } 2135 2136 static void scsi_disk_reset(DeviceState *dev) 2137 { 2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2139 uint64_t nb_sectors; 2140 2141 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2142 2143 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 2144 nb_sectors /= s->qdev.blocksize / 512; 2145 if (nb_sectors) { 2146 nb_sectors--; 2147 } 2148 s->qdev.max_lba = nb_sectors; 2149 /* reset tray statuses */ 2150 s->tray_locked = 0; 2151 s->tray_open = 0; 2152 } 2153 2154 static void scsi_unrealize(SCSIDevice *dev, Error **errp) 2155 { 2156 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2157 2158 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE)); 2159 blockdev_mark_auto_del(s->qdev.conf.bs); 2160 } 2161 2162 static void scsi_disk_resize_cb(void *opaque) 2163 { 2164 SCSIDiskState *s = opaque; 2165 2166 /* SPC lists this sense code as available only for 2167 * direct-access devices. 2168 */ 2169 if (s->qdev.type == TYPE_DISK) { 2170 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2171 } 2172 } 2173 2174 static void scsi_cd_change_media_cb(void *opaque, bool load) 2175 { 2176 SCSIDiskState *s = opaque; 2177 2178 /* 2179 * When a CD gets changed, we have to report an ejected state and 2180 * then a loaded state to guests so that they detect tray 2181 * open/close and media change events. Guests that do not use 2182 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2183 * states rely on this behavior. 2184 * 2185 * media_changed governs the state machine used for unit attention 2186 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2187 */ 2188 s->media_changed = load; 2189 s->tray_open = !load; 2190 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2191 s->media_event = true; 2192 s->eject_request = false; 2193 } 2194 2195 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2196 { 2197 SCSIDiskState *s = opaque; 2198 2199 s->eject_request = true; 2200 if (force) { 2201 s->tray_locked = false; 2202 } 2203 } 2204 2205 static bool scsi_cd_is_tray_open(void *opaque) 2206 { 2207 return ((SCSIDiskState *)opaque)->tray_open; 2208 } 2209 2210 static bool scsi_cd_is_medium_locked(void *opaque) 2211 { 2212 return ((SCSIDiskState *)opaque)->tray_locked; 2213 } 2214 2215 static const BlockDevOps scsi_disk_removable_block_ops = { 2216 .change_media_cb = scsi_cd_change_media_cb, 2217 .eject_request_cb = scsi_cd_eject_request_cb, 2218 .is_tray_open = scsi_cd_is_tray_open, 2219 .is_medium_locked = scsi_cd_is_medium_locked, 2220 2221 .resize_cb = scsi_disk_resize_cb, 2222 }; 2223 2224 static const BlockDevOps scsi_disk_block_ops = { 2225 .resize_cb = scsi_disk_resize_cb, 2226 }; 2227 2228 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2229 { 2230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2231 if (s->media_changed) { 2232 s->media_changed = false; 2233 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2234 } 2235 } 2236 2237 static void scsi_realize(SCSIDevice *dev, Error **errp) 2238 { 2239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2240 Error *err = NULL; 2241 2242 if (!s->qdev.conf.bs) { 2243 error_setg(errp, "drive property not set"); 2244 return; 2245 } 2246 2247 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2248 !bdrv_is_inserted(s->qdev.conf.bs)) { 2249 error_setg(errp, "Device needs media, but drive is empty"); 2250 return; 2251 } 2252 2253 blkconf_serial(&s->qdev.conf, &s->serial); 2254 if (dev->type == TYPE_DISK) { 2255 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2256 if (err) { 2257 error_propagate(errp, err); 2258 return; 2259 } 2260 } 2261 2262 if (s->qdev.conf.discard_granularity == -1) { 2263 s->qdev.conf.discard_granularity = 2264 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2265 } 2266 2267 if (!s->version) { 2268 s->version = g_strdup(qemu_get_version()); 2269 } 2270 if (!s->vendor) { 2271 s->vendor = g_strdup("QEMU"); 2272 } 2273 2274 if (bdrv_is_sg(s->qdev.conf.bs)) { 2275 error_setg(errp, "unwanted /dev/sg*"); 2276 return; 2277 } 2278 2279 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2280 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2281 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s); 2282 } else { 2283 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s); 2284 } 2285 bdrv_set_guest_block_size(s->qdev.conf.bs, s->qdev.blocksize); 2286 2287 bdrv_iostatus_enable(s->qdev.conf.bs); 2288 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL); 2289 } 2290 2291 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2292 { 2293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2294 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2295 s->qdev.type = TYPE_DISK; 2296 if (!s->product) { 2297 s->product = g_strdup("QEMU HARDDISK"); 2298 } 2299 scsi_realize(&s->qdev, errp); 2300 } 2301 2302 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2303 { 2304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2305 s->qdev.blocksize = 2048; 2306 s->qdev.type = TYPE_ROM; 2307 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2308 if (!s->product) { 2309 s->product = g_strdup("QEMU CD-ROM"); 2310 } 2311 scsi_realize(&s->qdev, errp); 2312 } 2313 2314 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2315 { 2316 DriveInfo *dinfo; 2317 Error *local_err = NULL; 2318 2319 if (!dev->conf.bs) { 2320 scsi_realize(dev, &local_err); 2321 assert(local_err); 2322 error_propagate(errp, local_err); 2323 return; 2324 } 2325 2326 dinfo = drive_get_by_blockdev(dev->conf.bs); 2327 if (dinfo->media_cd) { 2328 scsi_cd_realize(dev, errp); 2329 } else { 2330 scsi_hd_realize(dev, errp); 2331 } 2332 } 2333 2334 static const SCSIReqOps scsi_disk_emulate_reqops = { 2335 .size = sizeof(SCSIDiskReq), 2336 .free_req = scsi_free_request, 2337 .send_command = scsi_disk_emulate_command, 2338 .read_data = scsi_disk_emulate_read_data, 2339 .write_data = scsi_disk_emulate_write_data, 2340 .cancel_io = scsi_cancel_io, 2341 .get_buf = scsi_get_buf, 2342 }; 2343 2344 static const SCSIReqOps scsi_disk_dma_reqops = { 2345 .size = sizeof(SCSIDiskReq), 2346 .free_req = scsi_free_request, 2347 .send_command = scsi_disk_dma_command, 2348 .read_data = scsi_read_data, 2349 .write_data = scsi_write_data, 2350 .cancel_io = scsi_cancel_io, 2351 .get_buf = scsi_get_buf, 2352 .load_request = scsi_disk_load_request, 2353 .save_request = scsi_disk_save_request, 2354 }; 2355 2356 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2357 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2358 [INQUIRY] = &scsi_disk_emulate_reqops, 2359 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2360 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2361 [START_STOP] = &scsi_disk_emulate_reqops, 2362 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2363 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2364 [READ_TOC] = &scsi_disk_emulate_reqops, 2365 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2366 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2367 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2368 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2369 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2370 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2371 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2372 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2373 [SEEK_10] = &scsi_disk_emulate_reqops, 2374 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2375 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2376 [UNMAP] = &scsi_disk_emulate_reqops, 2377 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2378 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2379 [VERIFY_10] = &scsi_disk_emulate_reqops, 2380 [VERIFY_12] = &scsi_disk_emulate_reqops, 2381 [VERIFY_16] = &scsi_disk_emulate_reqops, 2382 2383 [READ_6] = &scsi_disk_dma_reqops, 2384 [READ_10] = &scsi_disk_dma_reqops, 2385 [READ_12] = &scsi_disk_dma_reqops, 2386 [READ_16] = &scsi_disk_dma_reqops, 2387 [WRITE_6] = &scsi_disk_dma_reqops, 2388 [WRITE_10] = &scsi_disk_dma_reqops, 2389 [WRITE_12] = &scsi_disk_dma_reqops, 2390 [WRITE_16] = &scsi_disk_dma_reqops, 2391 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2392 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2393 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2394 }; 2395 2396 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2397 uint8_t *buf, void *hba_private) 2398 { 2399 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2400 SCSIRequest *req; 2401 const SCSIReqOps *ops; 2402 uint8_t command; 2403 2404 command = buf[0]; 2405 ops = scsi_disk_reqops_dispatch[command]; 2406 if (!ops) { 2407 ops = &scsi_disk_emulate_reqops; 2408 } 2409 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2410 2411 #ifdef DEBUG_SCSI 2412 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2413 { 2414 int i; 2415 for (i = 1; i < req->cmd.len; i++) { 2416 printf(" 0x%02x", buf[i]); 2417 } 2418 printf("\n"); 2419 } 2420 #endif 2421 2422 return req; 2423 } 2424 2425 #ifdef __linux__ 2426 static int get_device_type(SCSIDiskState *s) 2427 { 2428 BlockDriverState *bdrv = s->qdev.conf.bs; 2429 uint8_t cmd[16]; 2430 uint8_t buf[36]; 2431 uint8_t sensebuf[8]; 2432 sg_io_hdr_t io_header; 2433 int ret; 2434 2435 memset(cmd, 0, sizeof(cmd)); 2436 memset(buf, 0, sizeof(buf)); 2437 cmd[0] = INQUIRY; 2438 cmd[4] = sizeof(buf); 2439 2440 memset(&io_header, 0, sizeof(io_header)); 2441 io_header.interface_id = 'S'; 2442 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2443 io_header.dxfer_len = sizeof(buf); 2444 io_header.dxferp = buf; 2445 io_header.cmdp = cmd; 2446 io_header.cmd_len = sizeof(cmd); 2447 io_header.mx_sb_len = sizeof(sensebuf); 2448 io_header.sbp = sensebuf; 2449 io_header.timeout = 6000; /* XXX */ 2450 2451 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 2452 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2453 return -1; 2454 } 2455 s->qdev.type = buf[0]; 2456 if (buf[1] & 0x80) { 2457 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2458 } 2459 return 0; 2460 } 2461 2462 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2463 { 2464 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2465 int sg_version; 2466 int rc; 2467 2468 if (!s->qdev.conf.bs) { 2469 error_setg(errp, "drive property not set"); 2470 return; 2471 } 2472 2473 /* check we are using a driver managing SG_IO (version 3 and after) */ 2474 rc = bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version); 2475 if (rc < 0) { 2476 error_setg(errp, "cannot get SG_IO version number: %s. " 2477 "Is this a SCSI device?", 2478 strerror(-rc)); 2479 return; 2480 } 2481 if (sg_version < 30000) { 2482 error_setg(errp, "scsi generic interface too old"); 2483 return; 2484 } 2485 2486 /* get device type from INQUIRY data */ 2487 rc = get_device_type(s); 2488 if (rc < 0) { 2489 error_setg(errp, "INQUIRY failed"); 2490 return; 2491 } 2492 2493 /* Make a guess for the block size, we'll fix it when the guest sends. 2494 * READ CAPACITY. If they don't, they likely would assume these sizes 2495 * anyway. (TODO: check in /sys). 2496 */ 2497 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2498 s->qdev.blocksize = 2048; 2499 } else { 2500 s->qdev.blocksize = 512; 2501 } 2502 2503 /* Makes the scsi-block device not removable by using HMP and QMP eject 2504 * command. 2505 */ 2506 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2507 2508 scsi_realize(&s->qdev, errp); 2509 } 2510 2511 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2512 { 2513 switch (buf[0]) { 2514 case READ_6: 2515 case READ_10: 2516 case READ_12: 2517 case READ_16: 2518 case VERIFY_10: 2519 case VERIFY_12: 2520 case VERIFY_16: 2521 case WRITE_6: 2522 case WRITE_10: 2523 case WRITE_12: 2524 case WRITE_16: 2525 case WRITE_VERIFY_10: 2526 case WRITE_VERIFY_12: 2527 case WRITE_VERIFY_16: 2528 /* If we are not using O_DIRECT, we might read stale data from the 2529 * host cache if writes were made using other commands than these 2530 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2531 * O_DIRECT everything must go through SG_IO. 2532 */ 2533 if (!(bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE)) { 2534 break; 2535 } 2536 2537 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2538 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2539 * And once you do these writes, reading from the block device is 2540 * unreliable, too. It is even possible that reads deliver random data 2541 * from the host page cache (this is probably a Linux bug). 2542 * 2543 * We might use scsi_disk_dma_reqops as long as no writing commands are 2544 * seen, but performance usually isn't paramount on optical media. So, 2545 * just make scsi-block operate the same as scsi-generic for them. 2546 */ 2547 if (s->qdev.type != TYPE_ROM) { 2548 return false; 2549 } 2550 break; 2551 2552 default: 2553 break; 2554 } 2555 2556 return true; 2557 } 2558 2559 2560 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2561 uint32_t lun, uint8_t *buf, 2562 void *hba_private) 2563 { 2564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2565 2566 if (scsi_block_is_passthrough(s, buf)) { 2567 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2568 hba_private); 2569 } else { 2570 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2571 hba_private); 2572 } 2573 } 2574 2575 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2576 uint8_t *buf, void *hba_private) 2577 { 2578 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2579 2580 if (scsi_block_is_passthrough(s, buf)) { 2581 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2582 } else { 2583 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2584 } 2585 } 2586 2587 #endif 2588 2589 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2590 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2591 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2592 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2593 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2594 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2595 2596 static Property scsi_hd_properties[] = { 2597 DEFINE_SCSI_DISK_PROPERTIES(), 2598 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2599 SCSI_DISK_F_REMOVABLE, false), 2600 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2601 SCSI_DISK_F_DPOFUA, false), 2602 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2603 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2604 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2605 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2606 DEFAULT_MAX_UNMAP_SIZE), 2607 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2608 DEFINE_PROP_END_OF_LIST(), 2609 }; 2610 2611 static const VMStateDescription vmstate_scsi_disk_state = { 2612 .name = "scsi-disk", 2613 .version_id = 1, 2614 .minimum_version_id = 1, 2615 .fields = (VMStateField[]) { 2616 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2617 VMSTATE_BOOL(media_changed, SCSIDiskState), 2618 VMSTATE_BOOL(media_event, SCSIDiskState), 2619 VMSTATE_BOOL(eject_request, SCSIDiskState), 2620 VMSTATE_BOOL(tray_open, SCSIDiskState), 2621 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2622 VMSTATE_END_OF_LIST() 2623 } 2624 }; 2625 2626 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2627 { 2628 DeviceClass *dc = DEVICE_CLASS(klass); 2629 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2630 2631 sc->realize = scsi_hd_realize; 2632 sc->unrealize = scsi_unrealize; 2633 sc->alloc_req = scsi_new_request; 2634 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2635 dc->fw_name = "disk"; 2636 dc->desc = "virtual SCSI disk"; 2637 dc->reset = scsi_disk_reset; 2638 dc->props = scsi_hd_properties; 2639 dc->vmsd = &vmstate_scsi_disk_state; 2640 } 2641 2642 static const TypeInfo scsi_hd_info = { 2643 .name = "scsi-hd", 2644 .parent = TYPE_SCSI_DEVICE, 2645 .instance_size = sizeof(SCSIDiskState), 2646 .class_init = scsi_hd_class_initfn, 2647 }; 2648 2649 static Property scsi_cd_properties[] = { 2650 DEFINE_SCSI_DISK_PROPERTIES(), 2651 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2652 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2653 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2654 DEFINE_PROP_END_OF_LIST(), 2655 }; 2656 2657 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2658 { 2659 DeviceClass *dc = DEVICE_CLASS(klass); 2660 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2661 2662 sc->realize = scsi_cd_realize; 2663 sc->unrealize = scsi_unrealize; 2664 sc->alloc_req = scsi_new_request; 2665 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2666 dc->fw_name = "disk"; 2667 dc->desc = "virtual SCSI CD-ROM"; 2668 dc->reset = scsi_disk_reset; 2669 dc->props = scsi_cd_properties; 2670 dc->vmsd = &vmstate_scsi_disk_state; 2671 } 2672 2673 static const TypeInfo scsi_cd_info = { 2674 .name = "scsi-cd", 2675 .parent = TYPE_SCSI_DEVICE, 2676 .instance_size = sizeof(SCSIDiskState), 2677 .class_init = scsi_cd_class_initfn, 2678 }; 2679 2680 #ifdef __linux__ 2681 static Property scsi_block_properties[] = { 2682 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), 2683 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1), 2684 DEFINE_PROP_END_OF_LIST(), 2685 }; 2686 2687 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2688 { 2689 DeviceClass *dc = DEVICE_CLASS(klass); 2690 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2691 2692 sc->realize = scsi_block_realize; 2693 sc->unrealize = scsi_unrealize; 2694 sc->alloc_req = scsi_block_new_request; 2695 sc->parse_cdb = scsi_block_parse_cdb; 2696 dc->fw_name = "disk"; 2697 dc->desc = "SCSI block device passthrough"; 2698 dc->reset = scsi_disk_reset; 2699 dc->props = scsi_block_properties; 2700 dc->vmsd = &vmstate_scsi_disk_state; 2701 } 2702 2703 static const TypeInfo scsi_block_info = { 2704 .name = "scsi-block", 2705 .parent = TYPE_SCSI_DEVICE, 2706 .instance_size = sizeof(SCSIDiskState), 2707 .class_init = scsi_block_class_initfn, 2708 }; 2709 #endif 2710 2711 static Property scsi_disk_properties[] = { 2712 DEFINE_SCSI_DISK_PROPERTIES(), 2713 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2714 SCSI_DISK_F_REMOVABLE, false), 2715 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2716 SCSI_DISK_F_DPOFUA, false), 2717 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2718 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2719 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2720 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2721 DEFAULT_MAX_UNMAP_SIZE), 2722 DEFINE_PROP_END_OF_LIST(), 2723 }; 2724 2725 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2726 { 2727 DeviceClass *dc = DEVICE_CLASS(klass); 2728 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2729 2730 sc->realize = scsi_disk_realize; 2731 sc->unrealize = scsi_unrealize; 2732 sc->alloc_req = scsi_new_request; 2733 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2734 dc->fw_name = "disk"; 2735 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2736 dc->reset = scsi_disk_reset; 2737 dc->props = scsi_disk_properties; 2738 dc->vmsd = &vmstate_scsi_disk_state; 2739 } 2740 2741 static const TypeInfo scsi_disk_info = { 2742 .name = "scsi-disk", 2743 .parent = TYPE_SCSI_DEVICE, 2744 .instance_size = sizeof(SCSIDiskState), 2745 .class_init = scsi_disk_class_initfn, 2746 }; 2747 2748 static void scsi_disk_register_types(void) 2749 { 2750 type_register_static(&scsi_hd_info); 2751 type_register_static(&scsi_cd_info); 2752 #ifdef __linux__ 2753 type_register_static(&scsi_block_info); 2754 #endif 2755 type_register_static(&scsi_disk_info); 2756 } 2757 2758 type_init(scsi_disk_register_types) 2759