1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "sysemu/dma.h" 39 40 #ifdef __linux 41 #include <scsi/sg.h> 42 #endif 43 44 #define SCSI_WRITE_SAME_MAX 524288 45 #define SCSI_DMA_BUF_SIZE 131072 46 #define SCSI_MAX_INQUIRY_LEN 256 47 #define SCSI_MAX_MODE_LEN 256 48 49 #define DEFAULT_DISCARD_GRANULARITY 4096 50 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 51 52 typedef struct SCSIDiskState SCSIDiskState; 53 54 typedef struct SCSIDiskReq { 55 SCSIRequest req; 56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 57 uint64_t sector; 58 uint32_t sector_count; 59 uint32_t buflen; 60 bool started; 61 struct iovec iov; 62 QEMUIOVector qiov; 63 BlockAcctCookie acct; 64 } SCSIDiskReq; 65 66 #define SCSI_DISK_F_REMOVABLE 0 67 #define SCSI_DISK_F_DPOFUA 1 68 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 69 70 struct SCSIDiskState 71 { 72 SCSIDevice qdev; 73 uint32_t features; 74 bool media_changed; 75 bool media_event; 76 bool eject_request; 77 uint64_t wwn; 78 uint64_t port_wwn; 79 uint16_t port_index; 80 uint64_t max_unmap_size; 81 QEMUBH *bh; 82 char *version; 83 char *serial; 84 char *vendor; 85 char *product; 86 bool tray_open; 87 bool tray_locked; 88 }; 89 90 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 91 92 static void scsi_free_request(SCSIRequest *req) 93 { 94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 95 96 qemu_vfree(r->iov.iov_base); 97 } 98 99 /* Helper function for command completion with sense. */ 100 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 101 { 102 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 103 r->req.tag, sense.key, sense.asc, sense.ascq); 104 scsi_req_build_sense(&r->req, sense); 105 scsi_req_complete(&r->req, CHECK_CONDITION); 106 } 107 108 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 109 { 110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 111 112 if (!r->iov.iov_base) { 113 r->buflen = size; 114 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 115 } 116 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 117 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 118 return r->qiov.size / 512; 119 } 120 121 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 122 { 123 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 124 125 qemu_put_be64s(f, &r->sector); 126 qemu_put_be32s(f, &r->sector_count); 127 qemu_put_be32s(f, &r->buflen); 128 if (r->buflen) { 129 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 130 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 131 } else if (!req->retry) { 132 uint32_t len = r->iov.iov_len; 133 qemu_put_be32s(f, &len); 134 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 135 } 136 } 137 } 138 139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 140 { 141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 142 143 qemu_get_be64s(f, &r->sector); 144 qemu_get_be32s(f, &r->sector_count); 145 qemu_get_be32s(f, &r->buflen); 146 if (r->buflen) { 147 scsi_init_iovec(r, r->buflen); 148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 150 } else if (!r->req.retry) { 151 uint32_t len; 152 qemu_get_be32s(f, &len); 153 r->iov.iov_len = len; 154 assert(r->iov.iov_len <= r->buflen); 155 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 156 } 157 } 158 159 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 160 } 161 162 static void scsi_aio_complete(void *opaque, int ret) 163 { 164 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 165 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 166 167 assert(r->req.aiocb != NULL); 168 r->req.aiocb = NULL; 169 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 170 if (r->req.io_canceled) { 171 scsi_req_cancel_complete(&r->req); 172 goto done; 173 } 174 175 if (ret < 0) { 176 if (scsi_handle_rw_error(r, -ret)) { 177 goto done; 178 } 179 } 180 181 scsi_req_complete(&r->req, GOOD); 182 183 done: 184 scsi_req_unref(&r->req); 185 } 186 187 static bool scsi_is_cmd_fua(SCSICommand *cmd) 188 { 189 switch (cmd->buf[0]) { 190 case READ_10: 191 case READ_12: 192 case READ_16: 193 case WRITE_10: 194 case WRITE_12: 195 case WRITE_16: 196 return (cmd->buf[1] & 8) != 0; 197 198 case VERIFY_10: 199 case VERIFY_12: 200 case VERIFY_16: 201 case WRITE_VERIFY_10: 202 case WRITE_VERIFY_12: 203 case WRITE_VERIFY_16: 204 return true; 205 206 case READ_6: 207 case WRITE_6: 208 default: 209 return false; 210 } 211 } 212 213 static void scsi_write_do_fua(SCSIDiskReq *r) 214 { 215 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 216 217 if (r->req.io_canceled) { 218 scsi_req_cancel_complete(&r->req); 219 goto done; 220 } 221 222 if (scsi_is_cmd_fua(&r->req.cmd)) { 223 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 224 BLOCK_ACCT_FLUSH); 225 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 226 return; 227 } 228 229 scsi_req_complete(&r->req, GOOD); 230 231 done: 232 scsi_req_unref(&r->req); 233 } 234 235 static void scsi_dma_complete_noio(void *opaque, int ret) 236 { 237 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 239 240 if (r->req.aiocb != NULL) { 241 r->req.aiocb = NULL; 242 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 243 } 244 if (r->req.io_canceled) { 245 scsi_req_cancel_complete(&r->req); 246 goto done; 247 } 248 249 if (ret < 0) { 250 if (scsi_handle_rw_error(r, -ret)) { 251 goto done; 252 } 253 } 254 255 r->sector += r->sector_count; 256 r->sector_count = 0; 257 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 258 scsi_write_do_fua(r); 259 return; 260 } else { 261 scsi_req_complete(&r->req, GOOD); 262 } 263 264 done: 265 scsi_req_unref(&r->req); 266 } 267 268 static void scsi_dma_complete(void *opaque, int ret) 269 { 270 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 271 272 assert(r->req.aiocb != NULL); 273 scsi_dma_complete_noio(opaque, ret); 274 } 275 276 static void scsi_read_complete(void * opaque, int ret) 277 { 278 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 280 int n; 281 282 assert(r->req.aiocb != NULL); 283 r->req.aiocb = NULL; 284 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 285 if (r->req.io_canceled) { 286 scsi_req_cancel_complete(&r->req); 287 goto done; 288 } 289 290 if (ret < 0) { 291 if (scsi_handle_rw_error(r, -ret)) { 292 goto done; 293 } 294 } 295 296 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 297 298 n = r->qiov.size / 512; 299 r->sector += n; 300 r->sector_count -= n; 301 scsi_req_data(&r->req, r->qiov.size); 302 303 done: 304 scsi_req_unref(&r->req); 305 } 306 307 /* Actually issue a read to the block device. */ 308 static void scsi_do_read(void *opaque, int ret) 309 { 310 SCSIDiskReq *r = opaque; 311 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 312 uint32_t n; 313 314 if (r->req.aiocb != NULL) { 315 r->req.aiocb = NULL; 316 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 317 } 318 if (r->req.io_canceled) { 319 scsi_req_cancel_complete(&r->req); 320 goto done; 321 } 322 323 if (ret < 0) { 324 if (scsi_handle_rw_error(r, -ret)) { 325 goto done; 326 } 327 } 328 329 /* The request is used as the AIO opaque value, so add a ref. */ 330 scsi_req_ref(&r->req); 331 332 if (r->req.sg) { 333 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BLOCK_ACCT_READ); 334 r->req.resid -= r->req.sg->size; 335 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, 336 scsi_dma_complete, r); 337 } else { 338 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 339 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 340 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 341 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, 342 scsi_read_complete, r); 343 } 344 345 done: 346 scsi_req_unref(&r->req); 347 } 348 349 /* Read more data from scsi device into buffer. */ 350 static void scsi_read_data(SCSIRequest *req) 351 { 352 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 353 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 354 bool first; 355 356 DPRINTF("Read sector_count=%d\n", r->sector_count); 357 if (r->sector_count == 0) { 358 /* This also clears the sense buffer for REQUEST SENSE. */ 359 scsi_req_complete(&r->req, GOOD); 360 return; 361 } 362 363 /* No data transfer may already be in progress */ 364 assert(r->req.aiocb == NULL); 365 366 /* The request is used as the AIO opaque value, so add a ref. */ 367 scsi_req_ref(&r->req); 368 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 369 DPRINTF("Data transfer direction invalid\n"); 370 scsi_read_complete(r, -EINVAL); 371 return; 372 } 373 374 if (s->tray_open) { 375 scsi_read_complete(r, -ENOMEDIUM); 376 return; 377 } 378 379 first = !r->started; 380 r->started = true; 381 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 382 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 383 BLOCK_ACCT_FLUSH); 384 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r); 385 } else { 386 scsi_do_read(r, 0); 387 } 388 } 389 390 /* 391 * scsi_handle_rw_error has two return values. 0 means that the error 392 * must be ignored, 1 means that the error has been processed and the 393 * caller should not do anything else for this request. Note that 394 * scsi_handle_rw_error always manages its reference counts, independent 395 * of the return value. 396 */ 397 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 398 { 399 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 400 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 401 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error); 402 403 if (action == BLOCK_ERROR_ACTION_REPORT) { 404 switch (error) { 405 case ENOMEDIUM: 406 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 407 break; 408 case ENOMEM: 409 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 410 break; 411 case EINVAL: 412 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 413 break; 414 case ENOSPC: 415 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 416 break; 417 default: 418 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 419 break; 420 } 421 } 422 bdrv_error_action(s->qdev.conf.bs, action, is_read, error); 423 if (action == BLOCK_ERROR_ACTION_STOP) { 424 scsi_req_retry(&r->req); 425 } 426 return action != BLOCK_ERROR_ACTION_IGNORE; 427 } 428 429 static void scsi_write_complete(void * opaque, int ret) 430 { 431 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 433 uint32_t n; 434 435 if (r->req.aiocb != NULL) { 436 r->req.aiocb = NULL; 437 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 438 } 439 if (r->req.io_canceled) { 440 scsi_req_cancel_complete(&r->req); 441 goto done; 442 } 443 444 if (ret < 0) { 445 if (scsi_handle_rw_error(r, -ret)) { 446 goto done; 447 } 448 } 449 450 n = r->qiov.size / 512; 451 r->sector += n; 452 r->sector_count -= n; 453 if (r->sector_count == 0) { 454 scsi_write_do_fua(r); 455 return; 456 } else { 457 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 458 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 459 scsi_req_data(&r->req, r->qiov.size); 460 } 461 462 done: 463 scsi_req_unref(&r->req); 464 } 465 466 static void scsi_write_data(SCSIRequest *req) 467 { 468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 470 uint32_t n; 471 472 /* No data transfer may already be in progress */ 473 assert(r->req.aiocb == NULL); 474 475 /* The request is used as the AIO opaque value, so add a ref. */ 476 scsi_req_ref(&r->req); 477 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 478 DPRINTF("Data transfer direction invalid\n"); 479 scsi_write_complete(r, -EINVAL); 480 return; 481 } 482 483 if (!r->req.sg && !r->qiov.size) { 484 /* Called for the first time. Ask the driver to send us more data. */ 485 r->started = true; 486 scsi_write_complete(r, 0); 487 return; 488 } 489 if (s->tray_open) { 490 scsi_write_complete(r, -ENOMEDIUM); 491 return; 492 } 493 494 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 495 r->req.cmd.buf[0] == VERIFY_16) { 496 if (r->req.sg) { 497 scsi_dma_complete_noio(r, 0); 498 } else { 499 scsi_write_complete(r, 0); 500 } 501 return; 502 } 503 504 if (r->req.sg) { 505 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 506 r->req.resid -= r->req.sg->size; 507 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, 508 scsi_dma_complete, r); 509 } else { 510 n = r->qiov.size / 512; 511 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 512 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 513 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, 514 scsi_write_complete, r); 515 } 516 } 517 518 /* Return a pointer to the data buffer. */ 519 static uint8_t *scsi_get_buf(SCSIRequest *req) 520 { 521 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 522 523 return (uint8_t *)r->iov.iov_base; 524 } 525 526 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 527 { 528 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 529 int buflen = 0; 530 int start; 531 532 if (req->cmd.buf[1] & 0x1) { 533 /* Vital product data */ 534 uint8_t page_code = req->cmd.buf[2]; 535 536 outbuf[buflen++] = s->qdev.type & 0x1f; 537 outbuf[buflen++] = page_code ; // this page 538 outbuf[buflen++] = 0x00; 539 outbuf[buflen++] = 0x00; 540 start = buflen; 541 542 switch (page_code) { 543 case 0x00: /* Supported page codes, mandatory */ 544 { 545 DPRINTF("Inquiry EVPD[Supported pages] " 546 "buffer size %zd\n", req->cmd.xfer); 547 outbuf[buflen++] = 0x00; // list of supported pages (this page) 548 if (s->serial) { 549 outbuf[buflen++] = 0x80; // unit serial number 550 } 551 outbuf[buflen++] = 0x83; // device identification 552 if (s->qdev.type == TYPE_DISK) { 553 outbuf[buflen++] = 0xb0; // block limits 554 outbuf[buflen++] = 0xb2; // thin provisioning 555 } 556 break; 557 } 558 case 0x80: /* Device serial number, optional */ 559 { 560 int l; 561 562 if (!s->serial) { 563 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 564 return -1; 565 } 566 567 l = strlen(s->serial); 568 if (l > 20) { 569 l = 20; 570 } 571 572 DPRINTF("Inquiry EVPD[Serial number] " 573 "buffer size %zd\n", req->cmd.xfer); 574 memcpy(outbuf+buflen, s->serial, l); 575 buflen += l; 576 break; 577 } 578 579 case 0x83: /* Device identification page, mandatory */ 580 { 581 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs); 582 int max_len = s->serial ? 20 : 255 - 8; 583 int id_len = strlen(str); 584 585 if (id_len > max_len) { 586 id_len = max_len; 587 } 588 DPRINTF("Inquiry EVPD[Device identification] " 589 "buffer size %zd\n", req->cmd.xfer); 590 591 outbuf[buflen++] = 0x2; // ASCII 592 outbuf[buflen++] = 0; // not officially assigned 593 outbuf[buflen++] = 0; // reserved 594 outbuf[buflen++] = id_len; // length of data following 595 memcpy(outbuf+buflen, str, id_len); 596 buflen += id_len; 597 598 if (s->wwn) { 599 outbuf[buflen++] = 0x1; // Binary 600 outbuf[buflen++] = 0x3; // NAA 601 outbuf[buflen++] = 0; // reserved 602 outbuf[buflen++] = 8; 603 stq_be_p(&outbuf[buflen], s->wwn); 604 buflen += 8; 605 } 606 607 if (s->port_wwn) { 608 outbuf[buflen++] = 0x61; // SAS / Binary 609 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 610 outbuf[buflen++] = 0; // reserved 611 outbuf[buflen++] = 8; 612 stq_be_p(&outbuf[buflen], s->port_wwn); 613 buflen += 8; 614 } 615 616 if (s->port_index) { 617 outbuf[buflen++] = 0x61; // SAS / Binary 618 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 619 outbuf[buflen++] = 0; // reserved 620 outbuf[buflen++] = 4; 621 stw_be_p(&outbuf[buflen + 2], s->port_index); 622 buflen += 4; 623 } 624 break; 625 } 626 case 0xb0: /* block limits */ 627 { 628 unsigned int unmap_sectors = 629 s->qdev.conf.discard_granularity / s->qdev.blocksize; 630 unsigned int min_io_size = 631 s->qdev.conf.min_io_size / s->qdev.blocksize; 632 unsigned int opt_io_size = 633 s->qdev.conf.opt_io_size / s->qdev.blocksize; 634 unsigned int max_unmap_sectors = 635 s->max_unmap_size / s->qdev.blocksize; 636 637 if (s->qdev.type == TYPE_ROM) { 638 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 639 page_code); 640 return -1; 641 } 642 /* required VPD size with unmap support */ 643 buflen = 0x40; 644 memset(outbuf + 4, 0, buflen - 4); 645 646 outbuf[4] = 0x1; /* wsnz */ 647 648 /* optimal transfer length granularity */ 649 outbuf[6] = (min_io_size >> 8) & 0xff; 650 outbuf[7] = min_io_size & 0xff; 651 652 /* optimal transfer length */ 653 outbuf[12] = (opt_io_size >> 24) & 0xff; 654 outbuf[13] = (opt_io_size >> 16) & 0xff; 655 outbuf[14] = (opt_io_size >> 8) & 0xff; 656 outbuf[15] = opt_io_size & 0xff; 657 658 /* max unmap LBA count, default is 1GB */ 659 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 660 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 661 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 662 outbuf[23] = max_unmap_sectors & 0xff; 663 664 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 665 outbuf[24] = 0; 666 outbuf[25] = 0; 667 outbuf[26] = 0; 668 outbuf[27] = 255; 669 670 /* optimal unmap granularity */ 671 outbuf[28] = (unmap_sectors >> 24) & 0xff; 672 outbuf[29] = (unmap_sectors >> 16) & 0xff; 673 outbuf[30] = (unmap_sectors >> 8) & 0xff; 674 outbuf[31] = unmap_sectors & 0xff; 675 break; 676 } 677 case 0xb2: /* thin provisioning */ 678 { 679 buflen = 8; 680 outbuf[4] = 0; 681 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 682 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 683 outbuf[7] = 0; 684 break; 685 } 686 default: 687 return -1; 688 } 689 /* done with EVPD */ 690 assert(buflen - start <= 255); 691 outbuf[start - 1] = buflen - start; 692 return buflen; 693 } 694 695 /* Standard INQUIRY data */ 696 if (req->cmd.buf[2] != 0) { 697 return -1; 698 } 699 700 /* PAGE CODE == 0 */ 701 buflen = req->cmd.xfer; 702 if (buflen > SCSI_MAX_INQUIRY_LEN) { 703 buflen = SCSI_MAX_INQUIRY_LEN; 704 } 705 706 outbuf[0] = s->qdev.type & 0x1f; 707 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 708 709 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 710 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 711 712 memset(&outbuf[32], 0, 4); 713 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 714 /* 715 * We claim conformance to SPC-3, which is required for guests 716 * to ask for modern features like READ CAPACITY(16) or the 717 * block characteristics VPD page by default. Not all of SPC-3 718 * is actually implemented, but we're good enough. 719 */ 720 outbuf[2] = 5; 721 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 722 723 if (buflen > 36) { 724 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 725 } else { 726 /* If the allocation length of CDB is too small, 727 the additional length is not adjusted */ 728 outbuf[4] = 36 - 5; 729 } 730 731 /* Sync data transfer and TCQ. */ 732 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 733 return buflen; 734 } 735 736 static inline bool media_is_dvd(SCSIDiskState *s) 737 { 738 uint64_t nb_sectors; 739 if (s->qdev.type != TYPE_ROM) { 740 return false; 741 } 742 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 743 return false; 744 } 745 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 746 return nb_sectors > CD_MAX_SECTORS; 747 } 748 749 static inline bool media_is_cd(SCSIDiskState *s) 750 { 751 uint64_t nb_sectors; 752 if (s->qdev.type != TYPE_ROM) { 753 return false; 754 } 755 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 756 return false; 757 } 758 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 759 return nb_sectors <= CD_MAX_SECTORS; 760 } 761 762 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 763 uint8_t *outbuf) 764 { 765 uint8_t type = r->req.cmd.buf[1] & 7; 766 767 if (s->qdev.type != TYPE_ROM) { 768 return -1; 769 } 770 771 /* Types 1/2 are only defined for Blu-Ray. */ 772 if (type != 0) { 773 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 774 return -1; 775 } 776 777 memset(outbuf, 0, 34); 778 outbuf[1] = 32; 779 outbuf[2] = 0xe; /* last session complete, disc finalized */ 780 outbuf[3] = 1; /* first track on disc */ 781 outbuf[4] = 1; /* # of sessions */ 782 outbuf[5] = 1; /* first track of last session */ 783 outbuf[6] = 1; /* last track of last session */ 784 outbuf[7] = 0x20; /* unrestricted use */ 785 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 786 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 787 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 788 /* 24-31: disc bar code */ 789 /* 32: disc application code */ 790 /* 33: number of OPC tables */ 791 792 return 34; 793 } 794 795 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 796 uint8_t *outbuf) 797 { 798 static const int rds_caps_size[5] = { 799 [0] = 2048 + 4, 800 [1] = 4 + 4, 801 [3] = 188 + 4, 802 [4] = 2048 + 4, 803 }; 804 805 uint8_t media = r->req.cmd.buf[1]; 806 uint8_t layer = r->req.cmd.buf[6]; 807 uint8_t format = r->req.cmd.buf[7]; 808 int size = -1; 809 810 if (s->qdev.type != TYPE_ROM) { 811 return -1; 812 } 813 if (media != 0) { 814 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 815 return -1; 816 } 817 818 if (format != 0xff) { 819 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 820 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 821 return -1; 822 } 823 if (media_is_cd(s)) { 824 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 825 return -1; 826 } 827 if (format >= ARRAY_SIZE(rds_caps_size)) { 828 return -1; 829 } 830 size = rds_caps_size[format]; 831 memset(outbuf, 0, size); 832 } 833 834 switch (format) { 835 case 0x00: { 836 /* Physical format information */ 837 uint64_t nb_sectors; 838 if (layer != 0) { 839 goto fail; 840 } 841 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 842 843 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 844 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 845 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 846 outbuf[7] = 0; /* default densities */ 847 848 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 849 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 850 break; 851 } 852 853 case 0x01: /* DVD copyright information, all zeros */ 854 break; 855 856 case 0x03: /* BCA information - invalid field for no BCA info */ 857 return -1; 858 859 case 0x04: /* DVD disc manufacturing information, all zeros */ 860 break; 861 862 case 0xff: { /* List capabilities */ 863 int i; 864 size = 4; 865 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 866 if (!rds_caps_size[i]) { 867 continue; 868 } 869 outbuf[size] = i; 870 outbuf[size + 1] = 0x40; /* Not writable, readable */ 871 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 872 size += 4; 873 } 874 break; 875 } 876 877 default: 878 return -1; 879 } 880 881 /* Size of buffer, not including 2 byte size field */ 882 stw_be_p(outbuf, size - 2); 883 return size; 884 885 fail: 886 return -1; 887 } 888 889 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 890 { 891 uint8_t event_code, media_status; 892 893 media_status = 0; 894 if (s->tray_open) { 895 media_status = MS_TRAY_OPEN; 896 } else if (bdrv_is_inserted(s->qdev.conf.bs)) { 897 media_status = MS_MEDIA_PRESENT; 898 } 899 900 /* Event notification descriptor */ 901 event_code = MEC_NO_CHANGE; 902 if (media_status != MS_TRAY_OPEN) { 903 if (s->media_event) { 904 event_code = MEC_NEW_MEDIA; 905 s->media_event = false; 906 } else if (s->eject_request) { 907 event_code = MEC_EJECT_REQUESTED; 908 s->eject_request = false; 909 } 910 } 911 912 outbuf[0] = event_code; 913 outbuf[1] = media_status; 914 915 /* These fields are reserved, just clear them. */ 916 outbuf[2] = 0; 917 outbuf[3] = 0; 918 return 4; 919 } 920 921 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 922 uint8_t *outbuf) 923 { 924 int size; 925 uint8_t *buf = r->req.cmd.buf; 926 uint8_t notification_class_request = buf[4]; 927 if (s->qdev.type != TYPE_ROM) { 928 return -1; 929 } 930 if ((buf[1] & 1) == 0) { 931 /* asynchronous */ 932 return -1; 933 } 934 935 size = 4; 936 outbuf[0] = outbuf[1] = 0; 937 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 938 if (notification_class_request & (1 << GESN_MEDIA)) { 939 outbuf[2] = GESN_MEDIA; 940 size += scsi_event_status_media(s, &outbuf[size]); 941 } else { 942 outbuf[2] = 0x80; 943 } 944 stw_be_p(outbuf, size - 4); 945 return size; 946 } 947 948 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 949 { 950 int current; 951 952 if (s->qdev.type != TYPE_ROM) { 953 return -1; 954 } 955 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 956 memset(outbuf, 0, 40); 957 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 958 stw_be_p(&outbuf[6], current); 959 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 960 outbuf[10] = 0x03; /* persistent, current */ 961 outbuf[11] = 8; /* two profiles */ 962 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 963 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 964 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 965 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 966 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 967 stw_be_p(&outbuf[20], 1); 968 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 969 outbuf[23] = 8; 970 stl_be_p(&outbuf[24], 1); /* SCSI */ 971 outbuf[28] = 1; /* DBE = 1, mandatory */ 972 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 973 stw_be_p(&outbuf[32], 3); 974 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 975 outbuf[35] = 4; 976 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 977 /* TODO: Random readable, CD read, DVD read, drive serial number, 978 power management */ 979 return 40; 980 } 981 982 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 983 { 984 if (s->qdev.type != TYPE_ROM) { 985 return -1; 986 } 987 memset(outbuf, 0, 8); 988 outbuf[5] = 1; /* CD-ROM */ 989 return 8; 990 } 991 992 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 993 int page_control) 994 { 995 static const int mode_sense_valid[0x3f] = { 996 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 997 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 998 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 999 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1000 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1001 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1002 }; 1003 1004 uint8_t *p = *p_outbuf + 2; 1005 int length; 1006 1007 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1008 return -1; 1009 } 1010 1011 /* 1012 * If Changeable Values are requested, a mask denoting those mode parameters 1013 * that are changeable shall be returned. As we currently don't support 1014 * parameter changes via MODE_SELECT all bits are returned set to zero. 1015 * The buffer was already menset to zero by the caller of this function. 1016 * 1017 * The offsets here are off by two compared to the descriptions in the 1018 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1019 * but it is done so that offsets are consistent within our implementation 1020 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1021 * 2-byte and 4-byte headers. 1022 */ 1023 switch (page) { 1024 case MODE_PAGE_HD_GEOMETRY: 1025 length = 0x16; 1026 if (page_control == 1) { /* Changeable Values */ 1027 break; 1028 } 1029 /* if a geometry hint is available, use it */ 1030 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1031 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1032 p[2] = s->qdev.conf.cyls & 0xff; 1033 p[3] = s->qdev.conf.heads & 0xff; 1034 /* Write precomp start cylinder, disabled */ 1035 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1036 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1037 p[6] = s->qdev.conf.cyls & 0xff; 1038 /* Reduced current start cylinder, disabled */ 1039 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1040 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1041 p[9] = s->qdev.conf.cyls & 0xff; 1042 /* Device step rate [ns], 200ns */ 1043 p[10] = 0; 1044 p[11] = 200; 1045 /* Landing zone cylinder */ 1046 p[12] = 0xff; 1047 p[13] = 0xff; 1048 p[14] = 0xff; 1049 /* Medium rotation rate [rpm], 5400 rpm */ 1050 p[18] = (5400 >> 8) & 0xff; 1051 p[19] = 5400 & 0xff; 1052 break; 1053 1054 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1055 length = 0x1e; 1056 if (page_control == 1) { /* Changeable Values */ 1057 break; 1058 } 1059 /* Transfer rate [kbit/s], 5Mbit/s */ 1060 p[0] = 5000 >> 8; 1061 p[1] = 5000 & 0xff; 1062 /* if a geometry hint is available, use it */ 1063 p[2] = s->qdev.conf.heads & 0xff; 1064 p[3] = s->qdev.conf.secs & 0xff; 1065 p[4] = s->qdev.blocksize >> 8; 1066 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1067 p[7] = s->qdev.conf.cyls & 0xff; 1068 /* Write precomp start cylinder, disabled */ 1069 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1070 p[9] = s->qdev.conf.cyls & 0xff; 1071 /* Reduced current start cylinder, disabled */ 1072 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1073 p[11] = s->qdev.conf.cyls & 0xff; 1074 /* Device step rate [100us], 100us */ 1075 p[12] = 0; 1076 p[13] = 1; 1077 /* Device step pulse width [us], 1us */ 1078 p[14] = 1; 1079 /* Device head settle delay [100us], 100us */ 1080 p[15] = 0; 1081 p[16] = 1; 1082 /* Motor on delay [0.1s], 0.1s */ 1083 p[17] = 1; 1084 /* Motor off delay [0.1s], 0.1s */ 1085 p[18] = 1; 1086 /* Medium rotation rate [rpm], 5400 rpm */ 1087 p[26] = (5400 >> 8) & 0xff; 1088 p[27] = 5400 & 0xff; 1089 break; 1090 1091 case MODE_PAGE_CACHING: 1092 length = 0x12; 1093 if (page_control == 1 || /* Changeable Values */ 1094 bdrv_enable_write_cache(s->qdev.conf.bs)) { 1095 p[0] = 4; /* WCE */ 1096 } 1097 break; 1098 1099 case MODE_PAGE_R_W_ERROR: 1100 length = 10; 1101 if (page_control == 1) { /* Changeable Values */ 1102 break; 1103 } 1104 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1105 if (s->qdev.type == TYPE_ROM) { 1106 p[1] = 0x20; /* Read Retry Count */ 1107 } 1108 break; 1109 1110 case MODE_PAGE_AUDIO_CTL: 1111 length = 14; 1112 break; 1113 1114 case MODE_PAGE_CAPABILITIES: 1115 length = 0x14; 1116 if (page_control == 1) { /* Changeable Values */ 1117 break; 1118 } 1119 1120 p[0] = 0x3b; /* CD-R & CD-RW read */ 1121 p[1] = 0; /* Writing not supported */ 1122 p[2] = 0x7f; /* Audio, composite, digital out, 1123 mode 2 form 1&2, multi session */ 1124 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1125 RW corrected, C2 errors, ISRC, 1126 UPC, Bar code */ 1127 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1128 /* Locking supported, jumper present, eject, tray */ 1129 p[5] = 0; /* no volume & mute control, no 1130 changer */ 1131 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1132 p[7] = (50 * 176) & 0xff; 1133 p[8] = 2 >> 8; /* Two volume levels */ 1134 p[9] = 2 & 0xff; 1135 p[10] = 2048 >> 8; /* 2M buffer */ 1136 p[11] = 2048 & 0xff; 1137 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1138 p[13] = (16 * 176) & 0xff; 1139 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1140 p[17] = (16 * 176) & 0xff; 1141 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1142 p[19] = (16 * 176) & 0xff; 1143 break; 1144 1145 default: 1146 return -1; 1147 } 1148 1149 assert(length < 256); 1150 (*p_outbuf)[0] = page; 1151 (*p_outbuf)[1] = length; 1152 *p_outbuf += length + 2; 1153 return length + 2; 1154 } 1155 1156 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1157 { 1158 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1159 uint64_t nb_sectors; 1160 bool dbd; 1161 int page, buflen, ret, page_control; 1162 uint8_t *p; 1163 uint8_t dev_specific_param; 1164 1165 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1166 page = r->req.cmd.buf[2] & 0x3f; 1167 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1168 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1169 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1170 memset(outbuf, 0, r->req.cmd.xfer); 1171 p = outbuf; 1172 1173 if (s->qdev.type == TYPE_DISK) { 1174 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1175 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1176 dev_specific_param |= 0x80; /* Readonly. */ 1177 } 1178 } else { 1179 /* MMC prescribes that CD/DVD drives have no block descriptors, 1180 * and defines no device-specific parameter. */ 1181 dev_specific_param = 0x00; 1182 dbd = true; 1183 } 1184 1185 if (r->req.cmd.buf[0] == MODE_SENSE) { 1186 p[1] = 0; /* Default media type. */ 1187 p[2] = dev_specific_param; 1188 p[3] = 0; /* Block descriptor length. */ 1189 p += 4; 1190 } else { /* MODE_SENSE_10 */ 1191 p[2] = 0; /* Default media type. */ 1192 p[3] = dev_specific_param; 1193 p[6] = p[7] = 0; /* Block descriptor length. */ 1194 p += 8; 1195 } 1196 1197 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1198 if (!dbd && nb_sectors) { 1199 if (r->req.cmd.buf[0] == MODE_SENSE) { 1200 outbuf[3] = 8; /* Block descriptor length */ 1201 } else { /* MODE_SENSE_10 */ 1202 outbuf[7] = 8; /* Block descriptor length */ 1203 } 1204 nb_sectors /= (s->qdev.blocksize / 512); 1205 if (nb_sectors > 0xffffff) { 1206 nb_sectors = 0; 1207 } 1208 p[0] = 0; /* media density code */ 1209 p[1] = (nb_sectors >> 16) & 0xff; 1210 p[2] = (nb_sectors >> 8) & 0xff; 1211 p[3] = nb_sectors & 0xff; 1212 p[4] = 0; /* reserved */ 1213 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1214 p[6] = s->qdev.blocksize >> 8; 1215 p[7] = 0; 1216 p += 8; 1217 } 1218 1219 if (page_control == 3) { 1220 /* Saved Values */ 1221 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1222 return -1; 1223 } 1224 1225 if (page == 0x3f) { 1226 for (page = 0; page <= 0x3e; page++) { 1227 mode_sense_page(s, page, &p, page_control); 1228 } 1229 } else { 1230 ret = mode_sense_page(s, page, &p, page_control); 1231 if (ret == -1) { 1232 return -1; 1233 } 1234 } 1235 1236 buflen = p - outbuf; 1237 /* 1238 * The mode data length field specifies the length in bytes of the 1239 * following data that is available to be transferred. The mode data 1240 * length does not include itself. 1241 */ 1242 if (r->req.cmd.buf[0] == MODE_SENSE) { 1243 outbuf[0] = buflen - 1; 1244 } else { /* MODE_SENSE_10 */ 1245 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1246 outbuf[1] = (buflen - 2) & 0xff; 1247 } 1248 return buflen; 1249 } 1250 1251 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1252 { 1253 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1254 int start_track, format, msf, toclen; 1255 uint64_t nb_sectors; 1256 1257 msf = req->cmd.buf[1] & 2; 1258 format = req->cmd.buf[2] & 0xf; 1259 start_track = req->cmd.buf[6]; 1260 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1261 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1262 nb_sectors /= s->qdev.blocksize / 512; 1263 switch (format) { 1264 case 0: 1265 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1266 break; 1267 case 1: 1268 /* multi session : only a single session defined */ 1269 toclen = 12; 1270 memset(outbuf, 0, 12); 1271 outbuf[1] = 0x0a; 1272 outbuf[2] = 0x01; 1273 outbuf[3] = 0x01; 1274 break; 1275 case 2: 1276 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1277 break; 1278 default: 1279 return -1; 1280 } 1281 return toclen; 1282 } 1283 1284 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1285 { 1286 SCSIRequest *req = &r->req; 1287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1288 bool start = req->cmd.buf[4] & 1; 1289 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1290 int pwrcnd = req->cmd.buf[4] & 0xf0; 1291 1292 if (pwrcnd) { 1293 /* eject/load only happens for power condition == 0 */ 1294 return 0; 1295 } 1296 1297 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1298 if (!start && !s->tray_open && s->tray_locked) { 1299 scsi_check_condition(r, 1300 bdrv_is_inserted(s->qdev.conf.bs) 1301 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1302 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1303 return -1; 1304 } 1305 1306 if (s->tray_open != !start) { 1307 bdrv_eject(s->qdev.conf.bs, !start); 1308 s->tray_open = !start; 1309 } 1310 } 1311 return 0; 1312 } 1313 1314 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1315 { 1316 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1317 int buflen = r->iov.iov_len; 1318 1319 if (buflen) { 1320 DPRINTF("Read buf_len=%d\n", buflen); 1321 r->iov.iov_len = 0; 1322 r->started = true; 1323 scsi_req_data(&r->req, buflen); 1324 return; 1325 } 1326 1327 /* This also clears the sense buffer for REQUEST SENSE. */ 1328 scsi_req_complete(&r->req, GOOD); 1329 } 1330 1331 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1332 uint8_t *inbuf, int inlen) 1333 { 1334 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1335 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1336 uint8_t *p; 1337 int len, expected_len, changeable_len, i; 1338 1339 /* The input buffer does not include the page header, so it is 1340 * off by 2 bytes. 1341 */ 1342 expected_len = inlen + 2; 1343 if (expected_len > SCSI_MAX_MODE_LEN) { 1344 return -1; 1345 } 1346 1347 p = mode_current; 1348 memset(mode_current, 0, inlen + 2); 1349 len = mode_sense_page(s, page, &p, 0); 1350 if (len < 0 || len != expected_len) { 1351 return -1; 1352 } 1353 1354 p = mode_changeable; 1355 memset(mode_changeable, 0, inlen + 2); 1356 changeable_len = mode_sense_page(s, page, &p, 1); 1357 assert(changeable_len == len); 1358 1359 /* Check that unchangeable bits are the same as what MODE SENSE 1360 * would return. 1361 */ 1362 for (i = 2; i < len; i++) { 1363 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1364 return -1; 1365 } 1366 } 1367 return 0; 1368 } 1369 1370 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1371 { 1372 switch (page) { 1373 case MODE_PAGE_CACHING: 1374 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0); 1375 break; 1376 1377 default: 1378 break; 1379 } 1380 } 1381 1382 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1383 { 1384 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1385 1386 while (len > 0) { 1387 int page, subpage, page_len; 1388 1389 /* Parse both possible formats for the mode page headers. */ 1390 page = p[0] & 0x3f; 1391 if (p[0] & 0x40) { 1392 if (len < 4) { 1393 goto invalid_param_len; 1394 } 1395 subpage = p[1]; 1396 page_len = lduw_be_p(&p[2]); 1397 p += 4; 1398 len -= 4; 1399 } else { 1400 if (len < 2) { 1401 goto invalid_param_len; 1402 } 1403 subpage = 0; 1404 page_len = p[1]; 1405 p += 2; 1406 len -= 2; 1407 } 1408 1409 if (subpage) { 1410 goto invalid_param; 1411 } 1412 if (page_len > len) { 1413 goto invalid_param_len; 1414 } 1415 1416 if (!change) { 1417 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1418 goto invalid_param; 1419 } 1420 } else { 1421 scsi_disk_apply_mode_select(s, page, p); 1422 } 1423 1424 p += page_len; 1425 len -= page_len; 1426 } 1427 return 0; 1428 1429 invalid_param: 1430 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1431 return -1; 1432 1433 invalid_param_len: 1434 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1435 return -1; 1436 } 1437 1438 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1439 { 1440 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1441 uint8_t *p = inbuf; 1442 int cmd = r->req.cmd.buf[0]; 1443 int len = r->req.cmd.xfer; 1444 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1445 int bd_len; 1446 int pass; 1447 1448 /* We only support PF=1, SP=0. */ 1449 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1450 goto invalid_field; 1451 } 1452 1453 if (len < hdr_len) { 1454 goto invalid_param_len; 1455 } 1456 1457 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1458 len -= hdr_len; 1459 p += hdr_len; 1460 if (len < bd_len) { 1461 goto invalid_param_len; 1462 } 1463 if (bd_len != 0 && bd_len != 8) { 1464 goto invalid_param; 1465 } 1466 1467 len -= bd_len; 1468 p += bd_len; 1469 1470 /* Ensure no change is made if there is an error! */ 1471 for (pass = 0; pass < 2; pass++) { 1472 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1473 assert(pass == 0); 1474 return; 1475 } 1476 } 1477 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) { 1478 /* The request is used as the AIO opaque value, so add a ref. */ 1479 scsi_req_ref(&r->req); 1480 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 1481 BLOCK_ACCT_FLUSH); 1482 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1483 return; 1484 } 1485 1486 scsi_req_complete(&r->req, GOOD); 1487 return; 1488 1489 invalid_param: 1490 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1491 return; 1492 1493 invalid_param_len: 1494 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1495 return; 1496 1497 invalid_field: 1498 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1499 } 1500 1501 static inline bool check_lba_range(SCSIDiskState *s, 1502 uint64_t sector_num, uint32_t nb_sectors) 1503 { 1504 /* 1505 * The first line tests that no overflow happens when computing the last 1506 * sector. The second line tests that the last accessed sector is in 1507 * range. 1508 * 1509 * Careful, the computations should not underflow for nb_sectors == 0, 1510 * and a 0-block read to the first LBA beyond the end of device is 1511 * valid. 1512 */ 1513 return (sector_num <= sector_num + nb_sectors && 1514 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1515 } 1516 1517 typedef struct UnmapCBData { 1518 SCSIDiskReq *r; 1519 uint8_t *inbuf; 1520 int count; 1521 } UnmapCBData; 1522 1523 static void scsi_unmap_complete(void *opaque, int ret) 1524 { 1525 UnmapCBData *data = opaque; 1526 SCSIDiskReq *r = data->r; 1527 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1528 uint64_t sector_num; 1529 uint32_t nb_sectors; 1530 1531 r->req.aiocb = NULL; 1532 if (r->req.io_canceled) { 1533 scsi_req_cancel_complete(&r->req); 1534 goto done; 1535 } 1536 1537 if (ret < 0) { 1538 if (scsi_handle_rw_error(r, -ret)) { 1539 goto done; 1540 } 1541 } 1542 1543 if (data->count > 0) { 1544 sector_num = ldq_be_p(&data->inbuf[0]); 1545 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1546 if (!check_lba_range(s, sector_num, nb_sectors)) { 1547 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1548 goto done; 1549 } 1550 1551 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1552 sector_num * (s->qdev.blocksize / 512), 1553 nb_sectors * (s->qdev.blocksize / 512), 1554 scsi_unmap_complete, data); 1555 data->count--; 1556 data->inbuf += 16; 1557 return; 1558 } 1559 1560 scsi_req_complete(&r->req, GOOD); 1561 1562 done: 1563 scsi_req_unref(&r->req); 1564 g_free(data); 1565 } 1566 1567 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1568 { 1569 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1570 uint8_t *p = inbuf; 1571 int len = r->req.cmd.xfer; 1572 UnmapCBData *data; 1573 1574 /* Reject ANCHOR=1. */ 1575 if (r->req.cmd.buf[1] & 0x1) { 1576 goto invalid_field; 1577 } 1578 1579 if (len < 8) { 1580 goto invalid_param_len; 1581 } 1582 if (len < lduw_be_p(&p[0]) + 2) { 1583 goto invalid_param_len; 1584 } 1585 if (len < lduw_be_p(&p[2]) + 8) { 1586 goto invalid_param_len; 1587 } 1588 if (lduw_be_p(&p[2]) & 15) { 1589 goto invalid_param_len; 1590 } 1591 1592 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1593 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1594 return; 1595 } 1596 1597 data = g_new0(UnmapCBData, 1); 1598 data->r = r; 1599 data->inbuf = &p[8]; 1600 data->count = lduw_be_p(&p[2]) >> 4; 1601 1602 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1603 scsi_req_ref(&r->req); 1604 scsi_unmap_complete(data, 0); 1605 return; 1606 1607 invalid_param_len: 1608 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1609 return; 1610 1611 invalid_field: 1612 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1613 } 1614 1615 typedef struct WriteSameCBData { 1616 SCSIDiskReq *r; 1617 int64_t sector; 1618 int nb_sectors; 1619 QEMUIOVector qiov; 1620 struct iovec iov; 1621 } WriteSameCBData; 1622 1623 static void scsi_write_same_complete(void *opaque, int ret) 1624 { 1625 WriteSameCBData *data = opaque; 1626 SCSIDiskReq *r = data->r; 1627 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1628 1629 assert(r->req.aiocb != NULL); 1630 r->req.aiocb = NULL; 1631 block_acct_done(bdrv_get_stats(s->qdev.conf.bs), &r->acct); 1632 if (r->req.io_canceled) { 1633 scsi_req_cancel_complete(&r->req); 1634 goto done; 1635 } 1636 1637 if (ret < 0) { 1638 if (scsi_handle_rw_error(r, -ret)) { 1639 goto done; 1640 } 1641 } 1642 1643 data->nb_sectors -= data->iov.iov_len / 512; 1644 data->sector += data->iov.iov_len / 512; 1645 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1646 if (data->iov.iov_len) { 1647 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1648 data->iov.iov_len, BLOCK_ACCT_WRITE); 1649 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1650 &data->qiov, data->iov.iov_len / 512, 1651 scsi_write_same_complete, data); 1652 return; 1653 } 1654 1655 scsi_req_complete(&r->req, GOOD); 1656 1657 done: 1658 scsi_req_unref(&r->req); 1659 qemu_vfree(data->iov.iov_base); 1660 g_free(data); 1661 } 1662 1663 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1664 { 1665 SCSIRequest *req = &r->req; 1666 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1667 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); 1668 WriteSameCBData *data; 1669 uint8_t *buf; 1670 int i; 1671 1672 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1673 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1674 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1675 return; 1676 } 1677 1678 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1679 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1680 return; 1681 } 1682 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1683 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1684 return; 1685 } 1686 1687 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1688 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1689 1690 /* The request is used as the AIO opaque value, so add a ref. */ 1691 scsi_req_ref(&r->req); 1692 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1693 nb_sectors * s->qdev.blocksize, 1694 BLOCK_ACCT_WRITE); 1695 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs, 1696 r->req.cmd.lba * (s->qdev.blocksize / 512), 1697 nb_sectors * (s->qdev.blocksize / 512), 1698 flags, scsi_aio_complete, r); 1699 return; 1700 } 1701 1702 data = g_new0(WriteSameCBData, 1); 1703 data->r = r; 1704 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1705 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1706 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1707 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len); 1708 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1709 1710 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1711 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1712 } 1713 1714 scsi_req_ref(&r->req); 1715 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 1716 data->iov.iov_len, BLOCK_ACCT_WRITE); 1717 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1718 &data->qiov, data->iov.iov_len / 512, 1719 scsi_write_same_complete, data); 1720 } 1721 1722 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1723 { 1724 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1725 1726 if (r->iov.iov_len) { 1727 int buflen = r->iov.iov_len; 1728 DPRINTF("Write buf_len=%d\n", buflen); 1729 r->iov.iov_len = 0; 1730 scsi_req_data(&r->req, buflen); 1731 return; 1732 } 1733 1734 switch (req->cmd.buf[0]) { 1735 case MODE_SELECT: 1736 case MODE_SELECT_10: 1737 /* This also clears the sense buffer for REQUEST SENSE. */ 1738 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1739 break; 1740 1741 case UNMAP: 1742 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1743 break; 1744 1745 case VERIFY_10: 1746 case VERIFY_12: 1747 case VERIFY_16: 1748 if (r->req.status == -1) { 1749 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1750 } 1751 break; 1752 1753 case WRITE_SAME_10: 1754 case WRITE_SAME_16: 1755 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1756 break; 1757 1758 default: 1759 abort(); 1760 } 1761 } 1762 1763 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1764 { 1765 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1766 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1767 uint64_t nb_sectors; 1768 uint8_t *outbuf; 1769 int buflen; 1770 1771 switch (req->cmd.buf[0]) { 1772 case INQUIRY: 1773 case MODE_SENSE: 1774 case MODE_SENSE_10: 1775 case RESERVE: 1776 case RESERVE_10: 1777 case RELEASE: 1778 case RELEASE_10: 1779 case START_STOP: 1780 case ALLOW_MEDIUM_REMOVAL: 1781 case GET_CONFIGURATION: 1782 case GET_EVENT_STATUS_NOTIFICATION: 1783 case MECHANISM_STATUS: 1784 case REQUEST_SENSE: 1785 break; 1786 1787 default: 1788 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1789 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1790 return 0; 1791 } 1792 break; 1793 } 1794 1795 /* 1796 * FIXME: we shouldn't return anything bigger than 4k, but the code 1797 * requires the buffer to be as big as req->cmd.xfer in several 1798 * places. So, do not allow CDBs with a very large ALLOCATION 1799 * LENGTH. The real fix would be to modify scsi_read_data and 1800 * dma_buf_read, so that they return data beyond the buflen 1801 * as all zeros. 1802 */ 1803 if (req->cmd.xfer > 65536) { 1804 goto illegal_request; 1805 } 1806 r->buflen = MAX(4096, req->cmd.xfer); 1807 1808 if (!r->iov.iov_base) { 1809 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 1810 } 1811 1812 buflen = req->cmd.xfer; 1813 outbuf = r->iov.iov_base; 1814 memset(outbuf, 0, r->buflen); 1815 switch (req->cmd.buf[0]) { 1816 case TEST_UNIT_READY: 1817 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs)); 1818 break; 1819 case INQUIRY: 1820 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1821 if (buflen < 0) { 1822 goto illegal_request; 1823 } 1824 break; 1825 case MODE_SENSE: 1826 case MODE_SENSE_10: 1827 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1828 if (buflen < 0) { 1829 goto illegal_request; 1830 } 1831 break; 1832 case READ_TOC: 1833 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1834 if (buflen < 0) { 1835 goto illegal_request; 1836 } 1837 break; 1838 case RESERVE: 1839 if (req->cmd.buf[1] & 1) { 1840 goto illegal_request; 1841 } 1842 break; 1843 case RESERVE_10: 1844 if (req->cmd.buf[1] & 3) { 1845 goto illegal_request; 1846 } 1847 break; 1848 case RELEASE: 1849 if (req->cmd.buf[1] & 1) { 1850 goto illegal_request; 1851 } 1852 break; 1853 case RELEASE_10: 1854 if (req->cmd.buf[1] & 3) { 1855 goto illegal_request; 1856 } 1857 break; 1858 case START_STOP: 1859 if (scsi_disk_emulate_start_stop(r) < 0) { 1860 return 0; 1861 } 1862 break; 1863 case ALLOW_MEDIUM_REMOVAL: 1864 s->tray_locked = req->cmd.buf[4] & 1; 1865 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1); 1866 break; 1867 case READ_CAPACITY_10: 1868 /* The normal LEN field for this command is zero. */ 1869 memset(outbuf, 0, 8); 1870 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1871 if (!nb_sectors) { 1872 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1873 return 0; 1874 } 1875 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1876 goto illegal_request; 1877 } 1878 nb_sectors /= s->qdev.blocksize / 512; 1879 /* Returned value is the address of the last sector. */ 1880 nb_sectors--; 1881 /* Remember the new size for read/write sanity checking. */ 1882 s->qdev.max_lba = nb_sectors; 1883 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1884 if (nb_sectors > UINT32_MAX) { 1885 nb_sectors = UINT32_MAX; 1886 } 1887 outbuf[0] = (nb_sectors >> 24) & 0xff; 1888 outbuf[1] = (nb_sectors >> 16) & 0xff; 1889 outbuf[2] = (nb_sectors >> 8) & 0xff; 1890 outbuf[3] = nb_sectors & 0xff; 1891 outbuf[4] = 0; 1892 outbuf[5] = 0; 1893 outbuf[6] = s->qdev.blocksize >> 8; 1894 outbuf[7] = 0; 1895 break; 1896 case REQUEST_SENSE: 1897 /* Just return "NO SENSE". */ 1898 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1899 (req->cmd.buf[1] & 1) == 0); 1900 if (buflen < 0) { 1901 goto illegal_request; 1902 } 1903 break; 1904 case MECHANISM_STATUS: 1905 buflen = scsi_emulate_mechanism_status(s, outbuf); 1906 if (buflen < 0) { 1907 goto illegal_request; 1908 } 1909 break; 1910 case GET_CONFIGURATION: 1911 buflen = scsi_get_configuration(s, outbuf); 1912 if (buflen < 0) { 1913 goto illegal_request; 1914 } 1915 break; 1916 case GET_EVENT_STATUS_NOTIFICATION: 1917 buflen = scsi_get_event_status_notification(s, r, outbuf); 1918 if (buflen < 0) { 1919 goto illegal_request; 1920 } 1921 break; 1922 case READ_DISC_INFORMATION: 1923 buflen = scsi_read_disc_information(s, r, outbuf); 1924 if (buflen < 0) { 1925 goto illegal_request; 1926 } 1927 break; 1928 case READ_DVD_STRUCTURE: 1929 buflen = scsi_read_dvd_structure(s, r, outbuf); 1930 if (buflen < 0) { 1931 goto illegal_request; 1932 } 1933 break; 1934 case SERVICE_ACTION_IN_16: 1935 /* Service Action In subcommands. */ 1936 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1937 DPRINTF("SAI READ CAPACITY(16)\n"); 1938 memset(outbuf, 0, req->cmd.xfer); 1939 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1940 if (!nb_sectors) { 1941 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1942 return 0; 1943 } 1944 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1945 goto illegal_request; 1946 } 1947 nb_sectors /= s->qdev.blocksize / 512; 1948 /* Returned value is the address of the last sector. */ 1949 nb_sectors--; 1950 /* Remember the new size for read/write sanity checking. */ 1951 s->qdev.max_lba = nb_sectors; 1952 outbuf[0] = (nb_sectors >> 56) & 0xff; 1953 outbuf[1] = (nb_sectors >> 48) & 0xff; 1954 outbuf[2] = (nb_sectors >> 40) & 0xff; 1955 outbuf[3] = (nb_sectors >> 32) & 0xff; 1956 outbuf[4] = (nb_sectors >> 24) & 0xff; 1957 outbuf[5] = (nb_sectors >> 16) & 0xff; 1958 outbuf[6] = (nb_sectors >> 8) & 0xff; 1959 outbuf[7] = nb_sectors & 0xff; 1960 outbuf[8] = 0; 1961 outbuf[9] = 0; 1962 outbuf[10] = s->qdev.blocksize >> 8; 1963 outbuf[11] = 0; 1964 outbuf[12] = 0; 1965 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1966 1967 /* set TPE bit if the format supports discard */ 1968 if (s->qdev.conf.discard_granularity) { 1969 outbuf[14] = 0x80; 1970 } 1971 1972 /* Protection, exponent and lowest lba field left blank. */ 1973 break; 1974 } 1975 DPRINTF("Unsupported Service Action In\n"); 1976 goto illegal_request; 1977 case SYNCHRONIZE_CACHE: 1978 /* The request is used as the AIO opaque value, so add a ref. */ 1979 scsi_req_ref(&r->req); 1980 block_acct_start(bdrv_get_stats(s->qdev.conf.bs), &r->acct, 0, 1981 BLOCK_ACCT_FLUSH); 1982 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1983 return 0; 1984 case SEEK_10: 1985 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 1986 if (r->req.cmd.lba > s->qdev.max_lba) { 1987 goto illegal_lba; 1988 } 1989 break; 1990 case MODE_SELECT: 1991 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 1992 break; 1993 case MODE_SELECT_10: 1994 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 1995 break; 1996 case UNMAP: 1997 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 1998 break; 1999 case VERIFY_10: 2000 case VERIFY_12: 2001 case VERIFY_16: 2002 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2003 if (req->cmd.buf[1] & 6) { 2004 goto illegal_request; 2005 } 2006 break; 2007 case WRITE_SAME_10: 2008 case WRITE_SAME_16: 2009 DPRINTF("WRITE SAME %d (len %lu)\n", 2010 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2011 (long)r->req.cmd.xfer); 2012 break; 2013 default: 2014 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2015 scsi_command_name(buf[0])); 2016 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2017 return 0; 2018 } 2019 assert(!r->req.aiocb); 2020 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2021 if (r->iov.iov_len == 0) { 2022 scsi_req_complete(&r->req, GOOD); 2023 } 2024 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2025 assert(r->iov.iov_len == req->cmd.xfer); 2026 return -r->iov.iov_len; 2027 } else { 2028 return r->iov.iov_len; 2029 } 2030 2031 illegal_request: 2032 if (r->req.status == -1) { 2033 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2034 } 2035 return 0; 2036 2037 illegal_lba: 2038 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2039 return 0; 2040 } 2041 2042 /* Execute a scsi command. Returns the length of the data expected by the 2043 command. This will be Positive for data transfers from the device 2044 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2045 and zero if the command does not transfer any data. */ 2046 2047 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2048 { 2049 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2050 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2051 uint32_t len; 2052 uint8_t command; 2053 2054 command = buf[0]; 2055 2056 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 2057 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2058 return 0; 2059 } 2060 2061 len = scsi_data_cdb_length(r->req.cmd.buf); 2062 switch (command) { 2063 case READ_6: 2064 case READ_10: 2065 case READ_12: 2066 case READ_16: 2067 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2068 if (r->req.cmd.buf[1] & 0xe0) { 2069 goto illegal_request; 2070 } 2071 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2072 goto illegal_lba; 2073 } 2074 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2075 r->sector_count = len * (s->qdev.blocksize / 512); 2076 break; 2077 case WRITE_6: 2078 case WRITE_10: 2079 case WRITE_12: 2080 case WRITE_16: 2081 case WRITE_VERIFY_10: 2082 case WRITE_VERIFY_12: 2083 case WRITE_VERIFY_16: 2084 if (bdrv_is_read_only(s->qdev.conf.bs)) { 2085 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2086 return 0; 2087 } 2088 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2089 (command & 0xe) == 0xe ? "And Verify " : "", 2090 r->req.cmd.lba, len); 2091 if (r->req.cmd.buf[1] & 0xe0) { 2092 goto illegal_request; 2093 } 2094 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2095 goto illegal_lba; 2096 } 2097 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2098 r->sector_count = len * (s->qdev.blocksize / 512); 2099 break; 2100 default: 2101 abort(); 2102 illegal_request: 2103 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2104 return 0; 2105 illegal_lba: 2106 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2107 return 0; 2108 } 2109 if (r->sector_count == 0) { 2110 scsi_req_complete(&r->req, GOOD); 2111 } 2112 assert(r->iov.iov_len == 0); 2113 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2114 return -r->sector_count * 512; 2115 } else { 2116 return r->sector_count * 512; 2117 } 2118 } 2119 2120 static void scsi_disk_reset(DeviceState *dev) 2121 { 2122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2123 uint64_t nb_sectors; 2124 2125 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2126 2127 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 2128 nb_sectors /= s->qdev.blocksize / 512; 2129 if (nb_sectors) { 2130 nb_sectors--; 2131 } 2132 s->qdev.max_lba = nb_sectors; 2133 /* reset tray statuses */ 2134 s->tray_locked = 0; 2135 s->tray_open = 0; 2136 } 2137 2138 static void scsi_unrealize(SCSIDevice *dev, Error **errp) 2139 { 2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2141 2142 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE)); 2143 blockdev_mark_auto_del(s->qdev.conf.bs); 2144 } 2145 2146 static void scsi_disk_resize_cb(void *opaque) 2147 { 2148 SCSIDiskState *s = opaque; 2149 2150 /* SPC lists this sense code as available only for 2151 * direct-access devices. 2152 */ 2153 if (s->qdev.type == TYPE_DISK) { 2154 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2155 } 2156 } 2157 2158 static void scsi_cd_change_media_cb(void *opaque, bool load) 2159 { 2160 SCSIDiskState *s = opaque; 2161 2162 /* 2163 * When a CD gets changed, we have to report an ejected state and 2164 * then a loaded state to guests so that they detect tray 2165 * open/close and media change events. Guests that do not use 2166 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2167 * states rely on this behavior. 2168 * 2169 * media_changed governs the state machine used for unit attention 2170 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2171 */ 2172 s->media_changed = load; 2173 s->tray_open = !load; 2174 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2175 s->media_event = true; 2176 s->eject_request = false; 2177 } 2178 2179 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2180 { 2181 SCSIDiskState *s = opaque; 2182 2183 s->eject_request = true; 2184 if (force) { 2185 s->tray_locked = false; 2186 } 2187 } 2188 2189 static bool scsi_cd_is_tray_open(void *opaque) 2190 { 2191 return ((SCSIDiskState *)opaque)->tray_open; 2192 } 2193 2194 static bool scsi_cd_is_medium_locked(void *opaque) 2195 { 2196 return ((SCSIDiskState *)opaque)->tray_locked; 2197 } 2198 2199 static const BlockDevOps scsi_disk_removable_block_ops = { 2200 .change_media_cb = scsi_cd_change_media_cb, 2201 .eject_request_cb = scsi_cd_eject_request_cb, 2202 .is_tray_open = scsi_cd_is_tray_open, 2203 .is_medium_locked = scsi_cd_is_medium_locked, 2204 2205 .resize_cb = scsi_disk_resize_cb, 2206 }; 2207 2208 static const BlockDevOps scsi_disk_block_ops = { 2209 .resize_cb = scsi_disk_resize_cb, 2210 }; 2211 2212 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2213 { 2214 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2215 if (s->media_changed) { 2216 s->media_changed = false; 2217 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2218 } 2219 } 2220 2221 static void scsi_realize(SCSIDevice *dev, Error **errp) 2222 { 2223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2224 Error *err = NULL; 2225 2226 if (!s->qdev.conf.bs) { 2227 error_setg(errp, "drive property not set"); 2228 return; 2229 } 2230 2231 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2232 !bdrv_is_inserted(s->qdev.conf.bs)) { 2233 error_setg(errp, "Device needs media, but drive is empty"); 2234 return; 2235 } 2236 2237 blkconf_serial(&s->qdev.conf, &s->serial); 2238 if (dev->type == TYPE_DISK) { 2239 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2240 if (err) { 2241 error_propagate(errp, err); 2242 return; 2243 } 2244 } 2245 2246 if (s->qdev.conf.discard_granularity == -1) { 2247 s->qdev.conf.discard_granularity = 2248 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2249 } 2250 2251 if (!s->version) { 2252 s->version = g_strdup(qemu_get_version()); 2253 } 2254 if (!s->vendor) { 2255 s->vendor = g_strdup("QEMU"); 2256 } 2257 2258 if (bdrv_is_sg(s->qdev.conf.bs)) { 2259 error_setg(errp, "unwanted /dev/sg*"); 2260 return; 2261 } 2262 2263 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2264 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2265 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s); 2266 } else { 2267 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s); 2268 } 2269 bdrv_set_guest_block_size(s->qdev.conf.bs, s->qdev.blocksize); 2270 2271 bdrv_iostatus_enable(s->qdev.conf.bs); 2272 } 2273 2274 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2275 { 2276 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2277 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2278 s->qdev.type = TYPE_DISK; 2279 if (!s->product) { 2280 s->product = g_strdup("QEMU HARDDISK"); 2281 } 2282 scsi_realize(&s->qdev, errp); 2283 } 2284 2285 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2286 { 2287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2288 s->qdev.blocksize = 2048; 2289 s->qdev.type = TYPE_ROM; 2290 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2291 if (!s->product) { 2292 s->product = g_strdup("QEMU CD-ROM"); 2293 } 2294 scsi_realize(&s->qdev, errp); 2295 } 2296 2297 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2298 { 2299 DriveInfo *dinfo; 2300 Error *local_err = NULL; 2301 2302 if (!dev->conf.bs) { 2303 scsi_realize(dev, &local_err); 2304 assert(local_err); 2305 error_propagate(errp, local_err); 2306 return; 2307 } 2308 2309 dinfo = drive_get_by_blockdev(dev->conf.bs); 2310 if (dinfo->media_cd) { 2311 scsi_cd_realize(dev, errp); 2312 } else { 2313 scsi_hd_realize(dev, errp); 2314 } 2315 } 2316 2317 static const SCSIReqOps scsi_disk_emulate_reqops = { 2318 .size = sizeof(SCSIDiskReq), 2319 .free_req = scsi_free_request, 2320 .send_command = scsi_disk_emulate_command, 2321 .read_data = scsi_disk_emulate_read_data, 2322 .write_data = scsi_disk_emulate_write_data, 2323 .get_buf = scsi_get_buf, 2324 }; 2325 2326 static const SCSIReqOps scsi_disk_dma_reqops = { 2327 .size = sizeof(SCSIDiskReq), 2328 .free_req = scsi_free_request, 2329 .send_command = scsi_disk_dma_command, 2330 .read_data = scsi_read_data, 2331 .write_data = scsi_write_data, 2332 .get_buf = scsi_get_buf, 2333 .load_request = scsi_disk_load_request, 2334 .save_request = scsi_disk_save_request, 2335 }; 2336 2337 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2338 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2339 [INQUIRY] = &scsi_disk_emulate_reqops, 2340 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2341 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2342 [START_STOP] = &scsi_disk_emulate_reqops, 2343 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2344 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2345 [READ_TOC] = &scsi_disk_emulate_reqops, 2346 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2347 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2348 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2349 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2350 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2351 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2352 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2353 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2354 [SEEK_10] = &scsi_disk_emulate_reqops, 2355 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2356 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2357 [UNMAP] = &scsi_disk_emulate_reqops, 2358 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2359 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2360 [VERIFY_10] = &scsi_disk_emulate_reqops, 2361 [VERIFY_12] = &scsi_disk_emulate_reqops, 2362 [VERIFY_16] = &scsi_disk_emulate_reqops, 2363 2364 [READ_6] = &scsi_disk_dma_reqops, 2365 [READ_10] = &scsi_disk_dma_reqops, 2366 [READ_12] = &scsi_disk_dma_reqops, 2367 [READ_16] = &scsi_disk_dma_reqops, 2368 [WRITE_6] = &scsi_disk_dma_reqops, 2369 [WRITE_10] = &scsi_disk_dma_reqops, 2370 [WRITE_12] = &scsi_disk_dma_reqops, 2371 [WRITE_16] = &scsi_disk_dma_reqops, 2372 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2373 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2374 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2375 }; 2376 2377 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2378 uint8_t *buf, void *hba_private) 2379 { 2380 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2381 SCSIRequest *req; 2382 const SCSIReqOps *ops; 2383 uint8_t command; 2384 2385 command = buf[0]; 2386 ops = scsi_disk_reqops_dispatch[command]; 2387 if (!ops) { 2388 ops = &scsi_disk_emulate_reqops; 2389 } 2390 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2391 2392 #ifdef DEBUG_SCSI 2393 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2394 { 2395 int i; 2396 for (i = 1; i < req->cmd.len; i++) { 2397 printf(" 0x%02x", buf[i]); 2398 } 2399 printf("\n"); 2400 } 2401 #endif 2402 2403 return req; 2404 } 2405 2406 #ifdef __linux__ 2407 static int get_device_type(SCSIDiskState *s) 2408 { 2409 BlockDriverState *bdrv = s->qdev.conf.bs; 2410 uint8_t cmd[16]; 2411 uint8_t buf[36]; 2412 uint8_t sensebuf[8]; 2413 sg_io_hdr_t io_header; 2414 int ret; 2415 2416 memset(cmd, 0, sizeof(cmd)); 2417 memset(buf, 0, sizeof(buf)); 2418 cmd[0] = INQUIRY; 2419 cmd[4] = sizeof(buf); 2420 2421 memset(&io_header, 0, sizeof(io_header)); 2422 io_header.interface_id = 'S'; 2423 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2424 io_header.dxfer_len = sizeof(buf); 2425 io_header.dxferp = buf; 2426 io_header.cmdp = cmd; 2427 io_header.cmd_len = sizeof(cmd); 2428 io_header.mx_sb_len = sizeof(sensebuf); 2429 io_header.sbp = sensebuf; 2430 io_header.timeout = 6000; /* XXX */ 2431 2432 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 2433 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2434 return -1; 2435 } 2436 s->qdev.type = buf[0]; 2437 if (buf[1] & 0x80) { 2438 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2439 } 2440 return 0; 2441 } 2442 2443 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2444 { 2445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2446 int sg_version; 2447 int rc; 2448 2449 if (!s->qdev.conf.bs) { 2450 error_setg(errp, "drive property not set"); 2451 return; 2452 } 2453 2454 /* check we are using a driver managing SG_IO (version 3 and after) */ 2455 rc = bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version); 2456 if (rc < 0) { 2457 error_setg(errp, "cannot get SG_IO version number: %s. " 2458 "Is this a SCSI device?", 2459 strerror(-rc)); 2460 return; 2461 } 2462 if (sg_version < 30000) { 2463 error_setg(errp, "scsi generic interface too old"); 2464 return; 2465 } 2466 2467 /* get device type from INQUIRY data */ 2468 rc = get_device_type(s); 2469 if (rc < 0) { 2470 error_setg(errp, "INQUIRY failed"); 2471 return; 2472 } 2473 2474 /* Make a guess for the block size, we'll fix it when the guest sends. 2475 * READ CAPACITY. If they don't, they likely would assume these sizes 2476 * anyway. (TODO: check in /sys). 2477 */ 2478 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2479 s->qdev.blocksize = 2048; 2480 } else { 2481 s->qdev.blocksize = 512; 2482 } 2483 2484 /* Makes the scsi-block device not removable by using HMP and QMP eject 2485 * command. 2486 */ 2487 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2488 2489 scsi_realize(&s->qdev, errp); 2490 } 2491 2492 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2493 { 2494 switch (buf[0]) { 2495 case READ_6: 2496 case READ_10: 2497 case READ_12: 2498 case READ_16: 2499 case VERIFY_10: 2500 case VERIFY_12: 2501 case VERIFY_16: 2502 case WRITE_6: 2503 case WRITE_10: 2504 case WRITE_12: 2505 case WRITE_16: 2506 case WRITE_VERIFY_10: 2507 case WRITE_VERIFY_12: 2508 case WRITE_VERIFY_16: 2509 /* If we are not using O_DIRECT, we might read stale data from the 2510 * host cache if writes were made using other commands than these 2511 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2512 * O_DIRECT everything must go through SG_IO. 2513 */ 2514 if (!(bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE)) { 2515 break; 2516 } 2517 2518 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2519 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2520 * And once you do these writes, reading from the block device is 2521 * unreliable, too. It is even possible that reads deliver random data 2522 * from the host page cache (this is probably a Linux bug). 2523 * 2524 * We might use scsi_disk_dma_reqops as long as no writing commands are 2525 * seen, but performance usually isn't paramount on optical media. So, 2526 * just make scsi-block operate the same as scsi-generic for them. 2527 */ 2528 if (s->qdev.type != TYPE_ROM) { 2529 return false; 2530 } 2531 break; 2532 2533 default: 2534 break; 2535 } 2536 2537 return true; 2538 } 2539 2540 2541 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2542 uint32_t lun, uint8_t *buf, 2543 void *hba_private) 2544 { 2545 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2546 2547 if (scsi_block_is_passthrough(s, buf)) { 2548 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2549 hba_private); 2550 } else { 2551 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2552 hba_private); 2553 } 2554 } 2555 2556 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2557 uint8_t *buf, void *hba_private) 2558 { 2559 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2560 2561 if (scsi_block_is_passthrough(s, buf)) { 2562 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2563 } else { 2564 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2565 } 2566 } 2567 2568 #endif 2569 2570 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2571 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2572 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2573 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2574 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2575 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2576 2577 static Property scsi_hd_properties[] = { 2578 DEFINE_SCSI_DISK_PROPERTIES(), 2579 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2580 SCSI_DISK_F_REMOVABLE, false), 2581 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2582 SCSI_DISK_F_DPOFUA, false), 2583 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2584 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2585 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2586 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2587 DEFAULT_MAX_UNMAP_SIZE), 2588 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2589 DEFINE_PROP_END_OF_LIST(), 2590 }; 2591 2592 static const VMStateDescription vmstate_scsi_disk_state = { 2593 .name = "scsi-disk", 2594 .version_id = 1, 2595 .minimum_version_id = 1, 2596 .fields = (VMStateField[]) { 2597 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2598 VMSTATE_BOOL(media_changed, SCSIDiskState), 2599 VMSTATE_BOOL(media_event, SCSIDiskState), 2600 VMSTATE_BOOL(eject_request, SCSIDiskState), 2601 VMSTATE_BOOL(tray_open, SCSIDiskState), 2602 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2603 VMSTATE_END_OF_LIST() 2604 } 2605 }; 2606 2607 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2608 { 2609 DeviceClass *dc = DEVICE_CLASS(klass); 2610 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2611 2612 sc->realize = scsi_hd_realize; 2613 sc->unrealize = scsi_unrealize; 2614 sc->alloc_req = scsi_new_request; 2615 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2616 dc->fw_name = "disk"; 2617 dc->desc = "virtual SCSI disk"; 2618 dc->reset = scsi_disk_reset; 2619 dc->props = scsi_hd_properties; 2620 dc->vmsd = &vmstate_scsi_disk_state; 2621 } 2622 2623 static const TypeInfo scsi_hd_info = { 2624 .name = "scsi-hd", 2625 .parent = TYPE_SCSI_DEVICE, 2626 .instance_size = sizeof(SCSIDiskState), 2627 .class_init = scsi_hd_class_initfn, 2628 }; 2629 2630 static Property scsi_cd_properties[] = { 2631 DEFINE_SCSI_DISK_PROPERTIES(), 2632 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2633 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2634 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2635 DEFINE_PROP_END_OF_LIST(), 2636 }; 2637 2638 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2639 { 2640 DeviceClass *dc = DEVICE_CLASS(klass); 2641 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2642 2643 sc->realize = scsi_cd_realize; 2644 sc->unrealize = scsi_unrealize; 2645 sc->alloc_req = scsi_new_request; 2646 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2647 dc->fw_name = "disk"; 2648 dc->desc = "virtual SCSI CD-ROM"; 2649 dc->reset = scsi_disk_reset; 2650 dc->props = scsi_cd_properties; 2651 dc->vmsd = &vmstate_scsi_disk_state; 2652 } 2653 2654 static const TypeInfo scsi_cd_info = { 2655 .name = "scsi-cd", 2656 .parent = TYPE_SCSI_DEVICE, 2657 .instance_size = sizeof(SCSIDiskState), 2658 .class_init = scsi_cd_class_initfn, 2659 }; 2660 2661 #ifdef __linux__ 2662 static Property scsi_block_properties[] = { 2663 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), 2664 DEFINE_PROP_END_OF_LIST(), 2665 }; 2666 2667 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2668 { 2669 DeviceClass *dc = DEVICE_CLASS(klass); 2670 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2671 2672 sc->realize = scsi_block_realize; 2673 sc->unrealize = scsi_unrealize; 2674 sc->alloc_req = scsi_block_new_request; 2675 sc->parse_cdb = scsi_block_parse_cdb; 2676 dc->fw_name = "disk"; 2677 dc->desc = "SCSI block device passthrough"; 2678 dc->reset = scsi_disk_reset; 2679 dc->props = scsi_block_properties; 2680 dc->vmsd = &vmstate_scsi_disk_state; 2681 } 2682 2683 static const TypeInfo scsi_block_info = { 2684 .name = "scsi-block", 2685 .parent = TYPE_SCSI_DEVICE, 2686 .instance_size = sizeof(SCSIDiskState), 2687 .class_init = scsi_block_class_initfn, 2688 }; 2689 #endif 2690 2691 static Property scsi_disk_properties[] = { 2692 DEFINE_SCSI_DISK_PROPERTIES(), 2693 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2694 SCSI_DISK_F_REMOVABLE, false), 2695 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2696 SCSI_DISK_F_DPOFUA, false), 2697 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2698 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2699 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2700 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2701 DEFAULT_MAX_UNMAP_SIZE), 2702 DEFINE_PROP_END_OF_LIST(), 2703 }; 2704 2705 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2706 { 2707 DeviceClass *dc = DEVICE_CLASS(klass); 2708 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2709 2710 sc->realize = scsi_disk_realize; 2711 sc->unrealize = scsi_unrealize; 2712 sc->alloc_req = scsi_new_request; 2713 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2714 dc->fw_name = "disk"; 2715 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2716 dc->reset = scsi_disk_reset; 2717 dc->props = scsi_disk_properties; 2718 dc->vmsd = &vmstate_scsi_disk_state; 2719 } 2720 2721 static const TypeInfo scsi_disk_info = { 2722 .name = "scsi-disk", 2723 .parent = TYPE_SCSI_DEVICE, 2724 .instance_size = sizeof(SCSIDiskState), 2725 .class_init = scsi_disk_class_initfn, 2726 }; 2727 2728 static void scsi_disk_register_types(void) 2729 { 2730 type_register_static(&scsi_hd_info); 2731 type_register_static(&scsi_cd_info); 2732 #ifdef __linux__ 2733 type_register_static(&scsi_block_info); 2734 #endif 2735 type_register_static(&scsi_disk_info); 2736 } 2737 2738 type_init(scsi_disk_register_types) 2739