1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu/osdep.h" 32 #include "qemu-common.h" 33 #include "qemu/error-report.h" 34 #include "hw/scsi/scsi.h" 35 #include "block/scsi.h" 36 #include "sysemu/sysemu.h" 37 #include "sysemu/block-backend.h" 38 #include "sysemu/blockdev.h" 39 #include "hw/block/block.h" 40 #include "sysemu/dma.h" 41 42 #ifdef __linux 43 #include <scsi/sg.h> 44 #endif 45 46 #define SCSI_WRITE_SAME_MAX 524288 47 #define SCSI_DMA_BUF_SIZE 131072 48 #define SCSI_MAX_INQUIRY_LEN 256 49 #define SCSI_MAX_MODE_LEN 256 50 51 #define DEFAULT_DISCARD_GRANULARITY 4096 52 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 53 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 54 55 typedef struct SCSIDiskState SCSIDiskState; 56 57 typedef struct SCSIDiskReq { 58 SCSIRequest req; 59 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 60 uint64_t sector; 61 uint32_t sector_count; 62 uint32_t buflen; 63 bool started; 64 struct iovec iov; 65 QEMUIOVector qiov; 66 BlockAcctCookie acct; 67 } SCSIDiskReq; 68 69 #define SCSI_DISK_F_REMOVABLE 0 70 #define SCSI_DISK_F_DPOFUA 1 71 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 72 73 struct SCSIDiskState 74 { 75 SCSIDevice qdev; 76 uint32_t features; 77 bool media_changed; 78 bool media_event; 79 bool eject_request; 80 uint64_t wwn; 81 uint64_t port_wwn; 82 uint16_t port_index; 83 uint64_t max_unmap_size; 84 uint64_t max_io_size; 85 QEMUBH *bh; 86 char *version; 87 char *serial; 88 char *vendor; 89 char *product; 90 bool tray_open; 91 bool tray_locked; 92 }; 93 94 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 95 96 static void scsi_free_request(SCSIRequest *req) 97 { 98 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 99 100 qemu_vfree(r->iov.iov_base); 101 } 102 103 /* Helper function for command completion with sense. */ 104 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 105 { 106 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 107 r->req.tag, sense.key, sense.asc, sense.ascq); 108 scsi_req_build_sense(&r->req, sense); 109 scsi_req_complete(&r->req, CHECK_CONDITION); 110 } 111 112 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 113 { 114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 115 116 if (!r->iov.iov_base) { 117 r->buflen = size; 118 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 119 } 120 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 121 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 122 return r->qiov.size / 512; 123 } 124 125 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 126 { 127 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 128 129 qemu_put_be64s(f, &r->sector); 130 qemu_put_be32s(f, &r->sector_count); 131 qemu_put_be32s(f, &r->buflen); 132 if (r->buflen) { 133 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 134 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 135 } else if (!req->retry) { 136 uint32_t len = r->iov.iov_len; 137 qemu_put_be32s(f, &len); 138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 139 } 140 } 141 } 142 143 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 144 { 145 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 146 147 qemu_get_be64s(f, &r->sector); 148 qemu_get_be32s(f, &r->sector_count); 149 qemu_get_be32s(f, &r->buflen); 150 if (r->buflen) { 151 scsi_init_iovec(r, r->buflen); 152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 153 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 154 } else if (!r->req.retry) { 155 uint32_t len; 156 qemu_get_be32s(f, &len); 157 r->iov.iov_len = len; 158 assert(r->iov.iov_len <= r->buflen); 159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 160 } 161 } 162 163 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 164 } 165 166 static void scsi_aio_complete(void *opaque, int ret) 167 { 168 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 169 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 170 171 assert(r->req.aiocb != NULL); 172 r->req.aiocb = NULL; 173 if (r->req.io_canceled) { 174 scsi_req_cancel_complete(&r->req); 175 goto done; 176 } 177 178 if (ret < 0) { 179 if (scsi_handle_rw_error(r, -ret, true)) { 180 goto done; 181 } 182 } 183 184 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 185 scsi_req_complete(&r->req, GOOD); 186 187 done: 188 scsi_req_unref(&r->req); 189 } 190 191 static bool scsi_is_cmd_fua(SCSICommand *cmd) 192 { 193 switch (cmd->buf[0]) { 194 case READ_10: 195 case READ_12: 196 case READ_16: 197 case WRITE_10: 198 case WRITE_12: 199 case WRITE_16: 200 return (cmd->buf[1] & 8) != 0; 201 202 case VERIFY_10: 203 case VERIFY_12: 204 case VERIFY_16: 205 case WRITE_VERIFY_10: 206 case WRITE_VERIFY_12: 207 case WRITE_VERIFY_16: 208 return true; 209 210 case READ_6: 211 case WRITE_6: 212 default: 213 return false; 214 } 215 } 216 217 static void scsi_write_do_fua(SCSIDiskReq *r) 218 { 219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 220 221 assert(r->req.aiocb == NULL); 222 223 if (r->req.io_canceled) { 224 scsi_req_cancel_complete(&r->req); 225 goto done; 226 } 227 228 if (scsi_is_cmd_fua(&r->req.cmd)) { 229 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 230 BLOCK_ACCT_FLUSH); 231 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 232 return; 233 } 234 235 scsi_req_complete(&r->req, GOOD); 236 237 done: 238 scsi_req_unref(&r->req); 239 } 240 241 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 242 { 243 assert(r->req.aiocb == NULL); 244 245 if (r->req.io_canceled) { 246 scsi_req_cancel_complete(&r->req); 247 goto done; 248 } 249 250 if (ret < 0) { 251 if (scsi_handle_rw_error(r, -ret, false)) { 252 goto done; 253 } 254 } 255 256 r->sector += r->sector_count; 257 r->sector_count = 0; 258 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 259 scsi_write_do_fua(r); 260 return; 261 } else { 262 scsi_req_complete(&r->req, GOOD); 263 } 264 265 done: 266 scsi_req_unref(&r->req); 267 } 268 269 static void scsi_dma_complete(void *opaque, int ret) 270 { 271 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 273 274 assert(r->req.aiocb != NULL); 275 r->req.aiocb = NULL; 276 277 if (ret < 0) { 278 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 279 } else { 280 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 281 } 282 scsi_dma_complete_noio(r, ret); 283 } 284 285 static void scsi_read_complete(void * opaque, int ret) 286 { 287 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 289 int n; 290 291 assert(r->req.aiocb != NULL); 292 r->req.aiocb = NULL; 293 if (r->req.io_canceled) { 294 scsi_req_cancel_complete(&r->req); 295 goto done; 296 } 297 298 if (ret < 0) { 299 if (scsi_handle_rw_error(r, -ret, true)) { 300 goto done; 301 } 302 } 303 304 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 305 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 306 307 n = r->qiov.size / 512; 308 r->sector += n; 309 r->sector_count -= n; 310 scsi_req_data(&r->req, r->qiov.size); 311 312 done: 313 scsi_req_unref(&r->req); 314 } 315 316 /* Actually issue a read to the block device. */ 317 static void scsi_do_read(SCSIDiskReq *r, int ret) 318 { 319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 320 uint32_t n; 321 322 assert (r->req.aiocb == NULL); 323 324 if (r->req.io_canceled) { 325 scsi_req_cancel_complete(&r->req); 326 goto done; 327 } 328 329 if (ret < 0) { 330 if (scsi_handle_rw_error(r, -ret, false)) { 331 goto done; 332 } 333 } 334 335 /* The request is used as the AIO opaque value, so add a ref. */ 336 scsi_req_ref(&r->req); 337 338 if (r->req.sg) { 339 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 340 r->req.resid -= r->req.sg->size; 341 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector, 342 scsi_dma_complete, r); 343 } else { 344 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 345 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 346 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 347 r->req.aiocb = blk_aio_readv(s->qdev.conf.blk, r->sector, &r->qiov, n, 348 scsi_read_complete, r); 349 } 350 351 done: 352 scsi_req_unref(&r->req); 353 } 354 355 static void scsi_do_read_cb(void *opaque, int ret) 356 { 357 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 359 360 assert (r->req.aiocb != NULL); 361 r->req.aiocb = NULL; 362 363 if (ret < 0) { 364 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 365 } else { 366 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 367 } 368 scsi_do_read(opaque, ret); 369 } 370 371 /* Read more data from scsi device into buffer. */ 372 static void scsi_read_data(SCSIRequest *req) 373 { 374 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 375 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 376 bool first; 377 378 DPRINTF("Read sector_count=%d\n", r->sector_count); 379 if (r->sector_count == 0) { 380 /* This also clears the sense buffer for REQUEST SENSE. */ 381 scsi_req_complete(&r->req, GOOD); 382 return; 383 } 384 385 /* No data transfer may already be in progress */ 386 assert(r->req.aiocb == NULL); 387 388 /* The request is used as the AIO opaque value, so add a ref. */ 389 scsi_req_ref(&r->req); 390 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 391 DPRINTF("Data transfer direction invalid\n"); 392 scsi_read_complete(r, -EINVAL); 393 return; 394 } 395 396 if (s->tray_open) { 397 scsi_read_complete(r, -ENOMEDIUM); 398 return; 399 } 400 401 first = !r->started; 402 r->started = true; 403 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 404 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 405 BLOCK_ACCT_FLUSH); 406 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 407 } else { 408 scsi_do_read(r, 0); 409 } 410 } 411 412 /* 413 * scsi_handle_rw_error has two return values. 0 means that the error 414 * must be ignored, 1 means that the error has been processed and the 415 * caller should not do anything else for this request. Note that 416 * scsi_handle_rw_error always manages its reference counts, independent 417 * of the return value. 418 */ 419 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 420 { 421 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 422 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 423 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 424 is_read, error); 425 426 if (action == BLOCK_ERROR_ACTION_REPORT) { 427 if (acct_failed) { 428 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 429 } 430 switch (error) { 431 case ENOMEDIUM: 432 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 433 break; 434 case ENOMEM: 435 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 436 break; 437 case EINVAL: 438 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 439 break; 440 case ENOSPC: 441 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 442 break; 443 default: 444 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 445 break; 446 } 447 } 448 blk_error_action(s->qdev.conf.blk, action, is_read, error); 449 if (action == BLOCK_ERROR_ACTION_STOP) { 450 scsi_req_retry(&r->req); 451 } 452 return action != BLOCK_ERROR_ACTION_IGNORE; 453 } 454 455 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 456 { 457 uint32_t n; 458 459 assert (r->req.aiocb == NULL); 460 461 if (r->req.io_canceled) { 462 scsi_req_cancel_complete(&r->req); 463 goto done; 464 } 465 466 if (ret < 0) { 467 if (scsi_handle_rw_error(r, -ret, false)) { 468 goto done; 469 } 470 } 471 472 n = r->qiov.size / 512; 473 r->sector += n; 474 r->sector_count -= n; 475 if (r->sector_count == 0) { 476 scsi_write_do_fua(r); 477 return; 478 } else { 479 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 480 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 481 scsi_req_data(&r->req, r->qiov.size); 482 } 483 484 done: 485 scsi_req_unref(&r->req); 486 } 487 488 static void scsi_write_complete(void * opaque, int ret) 489 { 490 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 491 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 492 493 assert (r->req.aiocb != NULL); 494 r->req.aiocb = NULL; 495 496 if (ret < 0) { 497 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 498 } else { 499 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 500 } 501 scsi_write_complete_noio(r, ret); 502 } 503 504 static void scsi_write_data(SCSIRequest *req) 505 { 506 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 507 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 508 uint32_t n; 509 510 /* No data transfer may already be in progress */ 511 assert(r->req.aiocb == NULL); 512 513 /* The request is used as the AIO opaque value, so add a ref. */ 514 scsi_req_ref(&r->req); 515 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 516 DPRINTF("Data transfer direction invalid\n"); 517 scsi_write_complete_noio(r, -EINVAL); 518 return; 519 } 520 521 if (!r->req.sg && !r->qiov.size) { 522 /* Called for the first time. Ask the driver to send us more data. */ 523 r->started = true; 524 scsi_write_complete_noio(r, 0); 525 return; 526 } 527 if (s->tray_open) { 528 scsi_write_complete_noio(r, -ENOMEDIUM); 529 return; 530 } 531 532 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 533 r->req.cmd.buf[0] == VERIFY_16) { 534 if (r->req.sg) { 535 scsi_dma_complete_noio(r, 0); 536 } else { 537 scsi_write_complete_noio(r, 0); 538 } 539 return; 540 } 541 542 if (r->req.sg) { 543 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 544 r->req.resid -= r->req.sg->size; 545 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector, 546 scsi_dma_complete, r); 547 } else { 548 n = r->qiov.size / 512; 549 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 550 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 551 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, r->sector, &r->qiov, n, 552 scsi_write_complete, r); 553 } 554 } 555 556 /* Return a pointer to the data buffer. */ 557 static uint8_t *scsi_get_buf(SCSIRequest *req) 558 { 559 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 560 561 return (uint8_t *)r->iov.iov_base; 562 } 563 564 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 565 { 566 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 567 int buflen = 0; 568 int start; 569 570 if (req->cmd.buf[1] & 0x1) { 571 /* Vital product data */ 572 uint8_t page_code = req->cmd.buf[2]; 573 574 outbuf[buflen++] = s->qdev.type & 0x1f; 575 outbuf[buflen++] = page_code ; // this page 576 outbuf[buflen++] = 0x00; 577 outbuf[buflen++] = 0x00; 578 start = buflen; 579 580 switch (page_code) { 581 case 0x00: /* Supported page codes, mandatory */ 582 { 583 DPRINTF("Inquiry EVPD[Supported pages] " 584 "buffer size %zd\n", req->cmd.xfer); 585 outbuf[buflen++] = 0x00; // list of supported pages (this page) 586 if (s->serial) { 587 outbuf[buflen++] = 0x80; // unit serial number 588 } 589 outbuf[buflen++] = 0x83; // device identification 590 if (s->qdev.type == TYPE_DISK) { 591 outbuf[buflen++] = 0xb0; // block limits 592 outbuf[buflen++] = 0xb2; // thin provisioning 593 } 594 break; 595 } 596 case 0x80: /* Device serial number, optional */ 597 { 598 int l; 599 600 if (!s->serial) { 601 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 602 return -1; 603 } 604 605 l = strlen(s->serial); 606 if (l > 20) { 607 l = 20; 608 } 609 610 DPRINTF("Inquiry EVPD[Serial number] " 611 "buffer size %zd\n", req->cmd.xfer); 612 memcpy(outbuf+buflen, s->serial, l); 613 buflen += l; 614 break; 615 } 616 617 case 0x83: /* Device identification page, mandatory */ 618 { 619 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 620 int max_len = s->serial ? 20 : 255 - 8; 621 int id_len = strlen(str); 622 623 if (id_len > max_len) { 624 id_len = max_len; 625 } 626 DPRINTF("Inquiry EVPD[Device identification] " 627 "buffer size %zd\n", req->cmd.xfer); 628 629 outbuf[buflen++] = 0x2; // ASCII 630 outbuf[buflen++] = 0; // not officially assigned 631 outbuf[buflen++] = 0; // reserved 632 outbuf[buflen++] = id_len; // length of data following 633 memcpy(outbuf+buflen, str, id_len); 634 buflen += id_len; 635 636 if (s->wwn) { 637 outbuf[buflen++] = 0x1; // Binary 638 outbuf[buflen++] = 0x3; // NAA 639 outbuf[buflen++] = 0; // reserved 640 outbuf[buflen++] = 8; 641 stq_be_p(&outbuf[buflen], s->wwn); 642 buflen += 8; 643 } 644 645 if (s->port_wwn) { 646 outbuf[buflen++] = 0x61; // SAS / Binary 647 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 648 outbuf[buflen++] = 0; // reserved 649 outbuf[buflen++] = 8; 650 stq_be_p(&outbuf[buflen], s->port_wwn); 651 buflen += 8; 652 } 653 654 if (s->port_index) { 655 outbuf[buflen++] = 0x61; // SAS / Binary 656 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 657 outbuf[buflen++] = 0; // reserved 658 outbuf[buflen++] = 4; 659 stw_be_p(&outbuf[buflen + 2], s->port_index); 660 buflen += 4; 661 } 662 break; 663 } 664 case 0xb0: /* block limits */ 665 { 666 unsigned int unmap_sectors = 667 s->qdev.conf.discard_granularity / s->qdev.blocksize; 668 unsigned int min_io_size = 669 s->qdev.conf.min_io_size / s->qdev.blocksize; 670 unsigned int opt_io_size = 671 s->qdev.conf.opt_io_size / s->qdev.blocksize; 672 unsigned int max_unmap_sectors = 673 s->max_unmap_size / s->qdev.blocksize; 674 unsigned int max_io_sectors = 675 s->max_io_size / s->qdev.blocksize; 676 677 if (s->qdev.type == TYPE_ROM) { 678 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 679 page_code); 680 return -1; 681 } 682 /* required VPD size with unmap support */ 683 buflen = 0x40; 684 memset(outbuf + 4, 0, buflen - 4); 685 686 outbuf[4] = 0x1; /* wsnz */ 687 688 /* optimal transfer length granularity */ 689 outbuf[6] = (min_io_size >> 8) & 0xff; 690 outbuf[7] = min_io_size & 0xff; 691 692 /* maximum transfer length */ 693 outbuf[8] = (max_io_sectors >> 24) & 0xff; 694 outbuf[9] = (max_io_sectors >> 16) & 0xff; 695 outbuf[10] = (max_io_sectors >> 8) & 0xff; 696 outbuf[11] = max_io_sectors & 0xff; 697 698 /* optimal transfer length */ 699 outbuf[12] = (opt_io_size >> 24) & 0xff; 700 outbuf[13] = (opt_io_size >> 16) & 0xff; 701 outbuf[14] = (opt_io_size >> 8) & 0xff; 702 outbuf[15] = opt_io_size & 0xff; 703 704 /* max unmap LBA count, default is 1GB */ 705 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 706 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 707 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 708 outbuf[23] = max_unmap_sectors & 0xff; 709 710 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 711 outbuf[24] = 0; 712 outbuf[25] = 0; 713 outbuf[26] = 0; 714 outbuf[27] = 255; 715 716 /* optimal unmap granularity */ 717 outbuf[28] = (unmap_sectors >> 24) & 0xff; 718 outbuf[29] = (unmap_sectors >> 16) & 0xff; 719 outbuf[30] = (unmap_sectors >> 8) & 0xff; 720 outbuf[31] = unmap_sectors & 0xff; 721 722 /* max write same size */ 723 outbuf[36] = 0; 724 outbuf[37] = 0; 725 outbuf[38] = 0; 726 outbuf[39] = 0; 727 728 outbuf[40] = (max_io_sectors >> 24) & 0xff; 729 outbuf[41] = (max_io_sectors >> 16) & 0xff; 730 outbuf[42] = (max_io_sectors >> 8) & 0xff; 731 outbuf[43] = max_io_sectors & 0xff; 732 break; 733 } 734 case 0xb2: /* thin provisioning */ 735 { 736 buflen = 8; 737 outbuf[4] = 0; 738 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 739 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 740 outbuf[7] = 0; 741 break; 742 } 743 default: 744 return -1; 745 } 746 /* done with EVPD */ 747 assert(buflen - start <= 255); 748 outbuf[start - 1] = buflen - start; 749 return buflen; 750 } 751 752 /* Standard INQUIRY data */ 753 if (req->cmd.buf[2] != 0) { 754 return -1; 755 } 756 757 /* PAGE CODE == 0 */ 758 buflen = req->cmd.xfer; 759 if (buflen > SCSI_MAX_INQUIRY_LEN) { 760 buflen = SCSI_MAX_INQUIRY_LEN; 761 } 762 763 outbuf[0] = s->qdev.type & 0x1f; 764 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 765 766 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 767 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 768 769 memset(&outbuf[32], 0, 4); 770 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 771 /* 772 * We claim conformance to SPC-3, which is required for guests 773 * to ask for modern features like READ CAPACITY(16) or the 774 * block characteristics VPD page by default. Not all of SPC-3 775 * is actually implemented, but we're good enough. 776 */ 777 outbuf[2] = 5; 778 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 779 780 if (buflen > 36) { 781 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 782 } else { 783 /* If the allocation length of CDB is too small, 784 the additional length is not adjusted */ 785 outbuf[4] = 36 - 5; 786 } 787 788 /* Sync data transfer and TCQ. */ 789 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 790 return buflen; 791 } 792 793 static inline bool media_is_dvd(SCSIDiskState *s) 794 { 795 uint64_t nb_sectors; 796 if (s->qdev.type != TYPE_ROM) { 797 return false; 798 } 799 if (!blk_is_inserted(s->qdev.conf.blk)) { 800 return false; 801 } 802 if (s->tray_open) { 803 return false; 804 } 805 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 806 return nb_sectors > CD_MAX_SECTORS; 807 } 808 809 static inline bool media_is_cd(SCSIDiskState *s) 810 { 811 uint64_t nb_sectors; 812 if (s->qdev.type != TYPE_ROM) { 813 return false; 814 } 815 if (!blk_is_inserted(s->qdev.conf.blk)) { 816 return false; 817 } 818 if (s->tray_open) { 819 return false; 820 } 821 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 822 return nb_sectors <= CD_MAX_SECTORS; 823 } 824 825 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 826 uint8_t *outbuf) 827 { 828 uint8_t type = r->req.cmd.buf[1] & 7; 829 830 if (s->qdev.type != TYPE_ROM) { 831 return -1; 832 } 833 834 /* Types 1/2 are only defined for Blu-Ray. */ 835 if (type != 0) { 836 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 837 return -1; 838 } 839 840 memset(outbuf, 0, 34); 841 outbuf[1] = 32; 842 outbuf[2] = 0xe; /* last session complete, disc finalized */ 843 outbuf[3] = 1; /* first track on disc */ 844 outbuf[4] = 1; /* # of sessions */ 845 outbuf[5] = 1; /* first track of last session */ 846 outbuf[6] = 1; /* last track of last session */ 847 outbuf[7] = 0x20; /* unrestricted use */ 848 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 849 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 850 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 851 /* 24-31: disc bar code */ 852 /* 32: disc application code */ 853 /* 33: number of OPC tables */ 854 855 return 34; 856 } 857 858 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 859 uint8_t *outbuf) 860 { 861 static const int rds_caps_size[5] = { 862 [0] = 2048 + 4, 863 [1] = 4 + 4, 864 [3] = 188 + 4, 865 [4] = 2048 + 4, 866 }; 867 868 uint8_t media = r->req.cmd.buf[1]; 869 uint8_t layer = r->req.cmd.buf[6]; 870 uint8_t format = r->req.cmd.buf[7]; 871 int size = -1; 872 873 if (s->qdev.type != TYPE_ROM) { 874 return -1; 875 } 876 if (media != 0) { 877 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 878 return -1; 879 } 880 881 if (format != 0xff) { 882 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 883 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 884 return -1; 885 } 886 if (media_is_cd(s)) { 887 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 888 return -1; 889 } 890 if (format >= ARRAY_SIZE(rds_caps_size)) { 891 return -1; 892 } 893 size = rds_caps_size[format]; 894 memset(outbuf, 0, size); 895 } 896 897 switch (format) { 898 case 0x00: { 899 /* Physical format information */ 900 uint64_t nb_sectors; 901 if (layer != 0) { 902 goto fail; 903 } 904 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 905 906 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 907 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 908 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 909 outbuf[7] = 0; /* default densities */ 910 911 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 912 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 913 break; 914 } 915 916 case 0x01: /* DVD copyright information, all zeros */ 917 break; 918 919 case 0x03: /* BCA information - invalid field for no BCA info */ 920 return -1; 921 922 case 0x04: /* DVD disc manufacturing information, all zeros */ 923 break; 924 925 case 0xff: { /* List capabilities */ 926 int i; 927 size = 4; 928 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 929 if (!rds_caps_size[i]) { 930 continue; 931 } 932 outbuf[size] = i; 933 outbuf[size + 1] = 0x40; /* Not writable, readable */ 934 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 935 size += 4; 936 } 937 break; 938 } 939 940 default: 941 return -1; 942 } 943 944 /* Size of buffer, not including 2 byte size field */ 945 stw_be_p(outbuf, size - 2); 946 return size; 947 948 fail: 949 return -1; 950 } 951 952 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 953 { 954 uint8_t event_code, media_status; 955 956 media_status = 0; 957 if (s->tray_open) { 958 media_status = MS_TRAY_OPEN; 959 } else if (blk_is_inserted(s->qdev.conf.blk)) { 960 media_status = MS_MEDIA_PRESENT; 961 } 962 963 /* Event notification descriptor */ 964 event_code = MEC_NO_CHANGE; 965 if (media_status != MS_TRAY_OPEN) { 966 if (s->media_event) { 967 event_code = MEC_NEW_MEDIA; 968 s->media_event = false; 969 } else if (s->eject_request) { 970 event_code = MEC_EJECT_REQUESTED; 971 s->eject_request = false; 972 } 973 } 974 975 outbuf[0] = event_code; 976 outbuf[1] = media_status; 977 978 /* These fields are reserved, just clear them. */ 979 outbuf[2] = 0; 980 outbuf[3] = 0; 981 return 4; 982 } 983 984 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 985 uint8_t *outbuf) 986 { 987 int size; 988 uint8_t *buf = r->req.cmd.buf; 989 uint8_t notification_class_request = buf[4]; 990 if (s->qdev.type != TYPE_ROM) { 991 return -1; 992 } 993 if ((buf[1] & 1) == 0) { 994 /* asynchronous */ 995 return -1; 996 } 997 998 size = 4; 999 outbuf[0] = outbuf[1] = 0; 1000 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1001 if (notification_class_request & (1 << GESN_MEDIA)) { 1002 outbuf[2] = GESN_MEDIA; 1003 size += scsi_event_status_media(s, &outbuf[size]); 1004 } else { 1005 outbuf[2] = 0x80; 1006 } 1007 stw_be_p(outbuf, size - 4); 1008 return size; 1009 } 1010 1011 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1012 { 1013 int current; 1014 1015 if (s->qdev.type != TYPE_ROM) { 1016 return -1; 1017 } 1018 1019 if (media_is_dvd(s)) { 1020 current = MMC_PROFILE_DVD_ROM; 1021 } else if (media_is_cd(s)) { 1022 current = MMC_PROFILE_CD_ROM; 1023 } else { 1024 current = MMC_PROFILE_NONE; 1025 } 1026 1027 memset(outbuf, 0, 40); 1028 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1029 stw_be_p(&outbuf[6], current); 1030 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1031 outbuf[10] = 0x03; /* persistent, current */ 1032 outbuf[11] = 8; /* two profiles */ 1033 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1034 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1035 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1036 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1037 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1038 stw_be_p(&outbuf[20], 1); 1039 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1040 outbuf[23] = 8; 1041 stl_be_p(&outbuf[24], 1); /* SCSI */ 1042 outbuf[28] = 1; /* DBE = 1, mandatory */ 1043 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1044 stw_be_p(&outbuf[32], 3); 1045 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1046 outbuf[35] = 4; 1047 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1048 /* TODO: Random readable, CD read, DVD read, drive serial number, 1049 power management */ 1050 return 40; 1051 } 1052 1053 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1054 { 1055 if (s->qdev.type != TYPE_ROM) { 1056 return -1; 1057 } 1058 memset(outbuf, 0, 8); 1059 outbuf[5] = 1; /* CD-ROM */ 1060 return 8; 1061 } 1062 1063 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1064 int page_control) 1065 { 1066 static const int mode_sense_valid[0x3f] = { 1067 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1068 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1069 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1070 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1071 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1072 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1073 }; 1074 1075 uint8_t *p = *p_outbuf + 2; 1076 int length; 1077 1078 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1079 return -1; 1080 } 1081 1082 /* 1083 * If Changeable Values are requested, a mask denoting those mode parameters 1084 * that are changeable shall be returned. As we currently don't support 1085 * parameter changes via MODE_SELECT all bits are returned set to zero. 1086 * The buffer was already menset to zero by the caller of this function. 1087 * 1088 * The offsets here are off by two compared to the descriptions in the 1089 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1090 * but it is done so that offsets are consistent within our implementation 1091 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1092 * 2-byte and 4-byte headers. 1093 */ 1094 switch (page) { 1095 case MODE_PAGE_HD_GEOMETRY: 1096 length = 0x16; 1097 if (page_control == 1) { /* Changeable Values */ 1098 break; 1099 } 1100 /* if a geometry hint is available, use it */ 1101 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1102 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1103 p[2] = s->qdev.conf.cyls & 0xff; 1104 p[3] = s->qdev.conf.heads & 0xff; 1105 /* Write precomp start cylinder, disabled */ 1106 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1107 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1108 p[6] = s->qdev.conf.cyls & 0xff; 1109 /* Reduced current start cylinder, disabled */ 1110 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1111 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1112 p[9] = s->qdev.conf.cyls & 0xff; 1113 /* Device step rate [ns], 200ns */ 1114 p[10] = 0; 1115 p[11] = 200; 1116 /* Landing zone cylinder */ 1117 p[12] = 0xff; 1118 p[13] = 0xff; 1119 p[14] = 0xff; 1120 /* Medium rotation rate [rpm], 5400 rpm */ 1121 p[18] = (5400 >> 8) & 0xff; 1122 p[19] = 5400 & 0xff; 1123 break; 1124 1125 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1126 length = 0x1e; 1127 if (page_control == 1) { /* Changeable Values */ 1128 break; 1129 } 1130 /* Transfer rate [kbit/s], 5Mbit/s */ 1131 p[0] = 5000 >> 8; 1132 p[1] = 5000 & 0xff; 1133 /* if a geometry hint is available, use it */ 1134 p[2] = s->qdev.conf.heads & 0xff; 1135 p[3] = s->qdev.conf.secs & 0xff; 1136 p[4] = s->qdev.blocksize >> 8; 1137 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1138 p[7] = s->qdev.conf.cyls & 0xff; 1139 /* Write precomp start cylinder, disabled */ 1140 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1141 p[9] = s->qdev.conf.cyls & 0xff; 1142 /* Reduced current start cylinder, disabled */ 1143 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1144 p[11] = s->qdev.conf.cyls & 0xff; 1145 /* Device step rate [100us], 100us */ 1146 p[12] = 0; 1147 p[13] = 1; 1148 /* Device step pulse width [us], 1us */ 1149 p[14] = 1; 1150 /* Device head settle delay [100us], 100us */ 1151 p[15] = 0; 1152 p[16] = 1; 1153 /* Motor on delay [0.1s], 0.1s */ 1154 p[17] = 1; 1155 /* Motor off delay [0.1s], 0.1s */ 1156 p[18] = 1; 1157 /* Medium rotation rate [rpm], 5400 rpm */ 1158 p[26] = (5400 >> 8) & 0xff; 1159 p[27] = 5400 & 0xff; 1160 break; 1161 1162 case MODE_PAGE_CACHING: 1163 length = 0x12; 1164 if (page_control == 1 || /* Changeable Values */ 1165 blk_enable_write_cache(s->qdev.conf.blk)) { 1166 p[0] = 4; /* WCE */ 1167 } 1168 break; 1169 1170 case MODE_PAGE_R_W_ERROR: 1171 length = 10; 1172 if (page_control == 1) { /* Changeable Values */ 1173 break; 1174 } 1175 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1176 if (s->qdev.type == TYPE_ROM) { 1177 p[1] = 0x20; /* Read Retry Count */ 1178 } 1179 break; 1180 1181 case MODE_PAGE_AUDIO_CTL: 1182 length = 14; 1183 break; 1184 1185 case MODE_PAGE_CAPABILITIES: 1186 length = 0x14; 1187 if (page_control == 1) { /* Changeable Values */ 1188 break; 1189 } 1190 1191 p[0] = 0x3b; /* CD-R & CD-RW read */ 1192 p[1] = 0; /* Writing not supported */ 1193 p[2] = 0x7f; /* Audio, composite, digital out, 1194 mode 2 form 1&2, multi session */ 1195 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1196 RW corrected, C2 errors, ISRC, 1197 UPC, Bar code */ 1198 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1199 /* Locking supported, jumper present, eject, tray */ 1200 p[5] = 0; /* no volume & mute control, no 1201 changer */ 1202 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1203 p[7] = (50 * 176) & 0xff; 1204 p[8] = 2 >> 8; /* Two volume levels */ 1205 p[9] = 2 & 0xff; 1206 p[10] = 2048 >> 8; /* 2M buffer */ 1207 p[11] = 2048 & 0xff; 1208 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1209 p[13] = (16 * 176) & 0xff; 1210 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1211 p[17] = (16 * 176) & 0xff; 1212 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1213 p[19] = (16 * 176) & 0xff; 1214 break; 1215 1216 default: 1217 return -1; 1218 } 1219 1220 assert(length < 256); 1221 (*p_outbuf)[0] = page; 1222 (*p_outbuf)[1] = length; 1223 *p_outbuf += length + 2; 1224 return length + 2; 1225 } 1226 1227 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1228 { 1229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1230 uint64_t nb_sectors; 1231 bool dbd; 1232 int page, buflen, ret, page_control; 1233 uint8_t *p; 1234 uint8_t dev_specific_param; 1235 1236 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1237 page = r->req.cmd.buf[2] & 0x3f; 1238 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1239 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1240 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1241 memset(outbuf, 0, r->req.cmd.xfer); 1242 p = outbuf; 1243 1244 if (s->qdev.type == TYPE_DISK) { 1245 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1246 if (blk_is_read_only(s->qdev.conf.blk)) { 1247 dev_specific_param |= 0x80; /* Readonly. */ 1248 } 1249 } else { 1250 /* MMC prescribes that CD/DVD drives have no block descriptors, 1251 * and defines no device-specific parameter. */ 1252 dev_specific_param = 0x00; 1253 dbd = true; 1254 } 1255 1256 if (r->req.cmd.buf[0] == MODE_SENSE) { 1257 p[1] = 0; /* Default media type. */ 1258 p[2] = dev_specific_param; 1259 p[3] = 0; /* Block descriptor length. */ 1260 p += 4; 1261 } else { /* MODE_SENSE_10 */ 1262 p[2] = 0; /* Default media type. */ 1263 p[3] = dev_specific_param; 1264 p[6] = p[7] = 0; /* Block descriptor length. */ 1265 p += 8; 1266 } 1267 1268 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1269 if (!dbd && nb_sectors) { 1270 if (r->req.cmd.buf[0] == MODE_SENSE) { 1271 outbuf[3] = 8; /* Block descriptor length */ 1272 } else { /* MODE_SENSE_10 */ 1273 outbuf[7] = 8; /* Block descriptor length */ 1274 } 1275 nb_sectors /= (s->qdev.blocksize / 512); 1276 if (nb_sectors > 0xffffff) { 1277 nb_sectors = 0; 1278 } 1279 p[0] = 0; /* media density code */ 1280 p[1] = (nb_sectors >> 16) & 0xff; 1281 p[2] = (nb_sectors >> 8) & 0xff; 1282 p[3] = nb_sectors & 0xff; 1283 p[4] = 0; /* reserved */ 1284 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1285 p[6] = s->qdev.blocksize >> 8; 1286 p[7] = 0; 1287 p += 8; 1288 } 1289 1290 if (page_control == 3) { 1291 /* Saved Values */ 1292 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1293 return -1; 1294 } 1295 1296 if (page == 0x3f) { 1297 for (page = 0; page <= 0x3e; page++) { 1298 mode_sense_page(s, page, &p, page_control); 1299 } 1300 } else { 1301 ret = mode_sense_page(s, page, &p, page_control); 1302 if (ret == -1) { 1303 return -1; 1304 } 1305 } 1306 1307 buflen = p - outbuf; 1308 /* 1309 * The mode data length field specifies the length in bytes of the 1310 * following data that is available to be transferred. The mode data 1311 * length does not include itself. 1312 */ 1313 if (r->req.cmd.buf[0] == MODE_SENSE) { 1314 outbuf[0] = buflen - 1; 1315 } else { /* MODE_SENSE_10 */ 1316 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1317 outbuf[1] = (buflen - 2) & 0xff; 1318 } 1319 return buflen; 1320 } 1321 1322 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1323 { 1324 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1325 int start_track, format, msf, toclen; 1326 uint64_t nb_sectors; 1327 1328 msf = req->cmd.buf[1] & 2; 1329 format = req->cmd.buf[2] & 0xf; 1330 start_track = req->cmd.buf[6]; 1331 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1332 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1333 nb_sectors /= s->qdev.blocksize / 512; 1334 switch (format) { 1335 case 0: 1336 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1337 break; 1338 case 1: 1339 /* multi session : only a single session defined */ 1340 toclen = 12; 1341 memset(outbuf, 0, 12); 1342 outbuf[1] = 0x0a; 1343 outbuf[2] = 0x01; 1344 outbuf[3] = 0x01; 1345 break; 1346 case 2: 1347 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1348 break; 1349 default: 1350 return -1; 1351 } 1352 return toclen; 1353 } 1354 1355 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1356 { 1357 SCSIRequest *req = &r->req; 1358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1359 bool start = req->cmd.buf[4] & 1; 1360 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1361 int pwrcnd = req->cmd.buf[4] & 0xf0; 1362 1363 if (pwrcnd) { 1364 /* eject/load only happens for power condition == 0 */ 1365 return 0; 1366 } 1367 1368 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1369 if (!start && !s->tray_open && s->tray_locked) { 1370 scsi_check_condition(r, 1371 blk_is_inserted(s->qdev.conf.blk) 1372 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1373 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1374 return -1; 1375 } 1376 1377 if (s->tray_open != !start) { 1378 blk_eject(s->qdev.conf.blk, !start); 1379 s->tray_open = !start; 1380 } 1381 } 1382 return 0; 1383 } 1384 1385 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1386 { 1387 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1388 int buflen = r->iov.iov_len; 1389 1390 if (buflen) { 1391 DPRINTF("Read buf_len=%d\n", buflen); 1392 r->iov.iov_len = 0; 1393 r->started = true; 1394 scsi_req_data(&r->req, buflen); 1395 return; 1396 } 1397 1398 /* This also clears the sense buffer for REQUEST SENSE. */ 1399 scsi_req_complete(&r->req, GOOD); 1400 } 1401 1402 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1403 uint8_t *inbuf, int inlen) 1404 { 1405 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1406 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1407 uint8_t *p; 1408 int len, expected_len, changeable_len, i; 1409 1410 /* The input buffer does not include the page header, so it is 1411 * off by 2 bytes. 1412 */ 1413 expected_len = inlen + 2; 1414 if (expected_len > SCSI_MAX_MODE_LEN) { 1415 return -1; 1416 } 1417 1418 p = mode_current; 1419 memset(mode_current, 0, inlen + 2); 1420 len = mode_sense_page(s, page, &p, 0); 1421 if (len < 0 || len != expected_len) { 1422 return -1; 1423 } 1424 1425 p = mode_changeable; 1426 memset(mode_changeable, 0, inlen + 2); 1427 changeable_len = mode_sense_page(s, page, &p, 1); 1428 assert(changeable_len == len); 1429 1430 /* Check that unchangeable bits are the same as what MODE SENSE 1431 * would return. 1432 */ 1433 for (i = 2; i < len; i++) { 1434 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1435 return -1; 1436 } 1437 } 1438 return 0; 1439 } 1440 1441 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1442 { 1443 switch (page) { 1444 case MODE_PAGE_CACHING: 1445 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1446 break; 1447 1448 default: 1449 break; 1450 } 1451 } 1452 1453 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1454 { 1455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1456 1457 while (len > 0) { 1458 int page, subpage, page_len; 1459 1460 /* Parse both possible formats for the mode page headers. */ 1461 page = p[0] & 0x3f; 1462 if (p[0] & 0x40) { 1463 if (len < 4) { 1464 goto invalid_param_len; 1465 } 1466 subpage = p[1]; 1467 page_len = lduw_be_p(&p[2]); 1468 p += 4; 1469 len -= 4; 1470 } else { 1471 if (len < 2) { 1472 goto invalid_param_len; 1473 } 1474 subpage = 0; 1475 page_len = p[1]; 1476 p += 2; 1477 len -= 2; 1478 } 1479 1480 if (subpage) { 1481 goto invalid_param; 1482 } 1483 if (page_len > len) { 1484 goto invalid_param_len; 1485 } 1486 1487 if (!change) { 1488 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1489 goto invalid_param; 1490 } 1491 } else { 1492 scsi_disk_apply_mode_select(s, page, p); 1493 } 1494 1495 p += page_len; 1496 len -= page_len; 1497 } 1498 return 0; 1499 1500 invalid_param: 1501 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1502 return -1; 1503 1504 invalid_param_len: 1505 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1506 return -1; 1507 } 1508 1509 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1510 { 1511 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1512 uint8_t *p = inbuf; 1513 int cmd = r->req.cmd.buf[0]; 1514 int len = r->req.cmd.xfer; 1515 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1516 int bd_len; 1517 int pass; 1518 1519 /* We only support PF=1, SP=0. */ 1520 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1521 goto invalid_field; 1522 } 1523 1524 if (len < hdr_len) { 1525 goto invalid_param_len; 1526 } 1527 1528 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1529 len -= hdr_len; 1530 p += hdr_len; 1531 if (len < bd_len) { 1532 goto invalid_param_len; 1533 } 1534 if (bd_len != 0 && bd_len != 8) { 1535 goto invalid_param; 1536 } 1537 1538 len -= bd_len; 1539 p += bd_len; 1540 1541 /* Ensure no change is made if there is an error! */ 1542 for (pass = 0; pass < 2; pass++) { 1543 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1544 assert(pass == 0); 1545 return; 1546 } 1547 } 1548 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1549 /* The request is used as the AIO opaque value, so add a ref. */ 1550 scsi_req_ref(&r->req); 1551 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1552 BLOCK_ACCT_FLUSH); 1553 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1554 return; 1555 } 1556 1557 scsi_req_complete(&r->req, GOOD); 1558 return; 1559 1560 invalid_param: 1561 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1562 return; 1563 1564 invalid_param_len: 1565 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1566 return; 1567 1568 invalid_field: 1569 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1570 } 1571 1572 static inline bool check_lba_range(SCSIDiskState *s, 1573 uint64_t sector_num, uint32_t nb_sectors) 1574 { 1575 /* 1576 * The first line tests that no overflow happens when computing the last 1577 * sector. The second line tests that the last accessed sector is in 1578 * range. 1579 * 1580 * Careful, the computations should not underflow for nb_sectors == 0, 1581 * and a 0-block read to the first LBA beyond the end of device is 1582 * valid. 1583 */ 1584 return (sector_num <= sector_num + nb_sectors && 1585 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1586 } 1587 1588 typedef struct UnmapCBData { 1589 SCSIDiskReq *r; 1590 uint8_t *inbuf; 1591 int count; 1592 } UnmapCBData; 1593 1594 static void scsi_unmap_complete(void *opaque, int ret); 1595 1596 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1597 { 1598 SCSIDiskReq *r = data->r; 1599 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1600 uint64_t sector_num; 1601 uint32_t nb_sectors; 1602 1603 assert(r->req.aiocb == NULL); 1604 1605 if (r->req.io_canceled) { 1606 scsi_req_cancel_complete(&r->req); 1607 goto done; 1608 } 1609 1610 if (ret < 0) { 1611 if (scsi_handle_rw_error(r, -ret, false)) { 1612 goto done; 1613 } 1614 } 1615 1616 if (data->count > 0) { 1617 sector_num = ldq_be_p(&data->inbuf[0]); 1618 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1619 if (!check_lba_range(s, sector_num, nb_sectors)) { 1620 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1621 goto done; 1622 } 1623 1624 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1625 sector_num * (s->qdev.blocksize / 512), 1626 nb_sectors * (s->qdev.blocksize / 512), 1627 scsi_unmap_complete, data); 1628 data->count--; 1629 data->inbuf += 16; 1630 return; 1631 } 1632 1633 scsi_req_complete(&r->req, GOOD); 1634 1635 done: 1636 scsi_req_unref(&r->req); 1637 g_free(data); 1638 } 1639 1640 static void scsi_unmap_complete(void *opaque, int ret) 1641 { 1642 UnmapCBData *data = opaque; 1643 SCSIDiskReq *r = data->r; 1644 1645 assert(r->req.aiocb != NULL); 1646 r->req.aiocb = NULL; 1647 1648 scsi_unmap_complete_noio(data, ret); 1649 } 1650 1651 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1652 { 1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1654 uint8_t *p = inbuf; 1655 int len = r->req.cmd.xfer; 1656 UnmapCBData *data; 1657 1658 /* Reject ANCHOR=1. */ 1659 if (r->req.cmd.buf[1] & 0x1) { 1660 goto invalid_field; 1661 } 1662 1663 if (len < 8) { 1664 goto invalid_param_len; 1665 } 1666 if (len < lduw_be_p(&p[0]) + 2) { 1667 goto invalid_param_len; 1668 } 1669 if (len < lduw_be_p(&p[2]) + 8) { 1670 goto invalid_param_len; 1671 } 1672 if (lduw_be_p(&p[2]) & 15) { 1673 goto invalid_param_len; 1674 } 1675 1676 if (blk_is_read_only(s->qdev.conf.blk)) { 1677 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1678 return; 1679 } 1680 1681 data = g_new0(UnmapCBData, 1); 1682 data->r = r; 1683 data->inbuf = &p[8]; 1684 data->count = lduw_be_p(&p[2]) >> 4; 1685 1686 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1687 scsi_req_ref(&r->req); 1688 scsi_unmap_complete_noio(data, 0); 1689 return; 1690 1691 invalid_param_len: 1692 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1693 return; 1694 1695 invalid_field: 1696 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1697 } 1698 1699 typedef struct WriteSameCBData { 1700 SCSIDiskReq *r; 1701 int64_t sector; 1702 int nb_sectors; 1703 QEMUIOVector qiov; 1704 struct iovec iov; 1705 } WriteSameCBData; 1706 1707 static void scsi_write_same_complete(void *opaque, int ret) 1708 { 1709 WriteSameCBData *data = opaque; 1710 SCSIDiskReq *r = data->r; 1711 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1712 1713 assert(r->req.aiocb != NULL); 1714 r->req.aiocb = NULL; 1715 if (r->req.io_canceled) { 1716 scsi_req_cancel_complete(&r->req); 1717 goto done; 1718 } 1719 1720 if (ret < 0) { 1721 if (scsi_handle_rw_error(r, -ret, true)) { 1722 goto done; 1723 } 1724 } 1725 1726 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1727 1728 data->nb_sectors -= data->iov.iov_len / 512; 1729 data->sector += data->iov.iov_len / 512; 1730 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1731 if (data->iov.iov_len) { 1732 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1733 data->iov.iov_len, BLOCK_ACCT_WRITE); 1734 /* blk_aio_write doesn't like the qiov size being different from 1735 * nb_sectors, make sure they match. 1736 */ 1737 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1738 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1739 &data->qiov, data->iov.iov_len / 512, 1740 scsi_write_same_complete, data); 1741 return; 1742 } 1743 1744 scsi_req_complete(&r->req, GOOD); 1745 1746 done: 1747 scsi_req_unref(&r->req); 1748 qemu_vfree(data->iov.iov_base); 1749 g_free(data); 1750 } 1751 1752 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1753 { 1754 SCSIRequest *req = &r->req; 1755 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1756 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1757 WriteSameCBData *data; 1758 uint8_t *buf; 1759 int i; 1760 1761 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1762 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1763 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1764 return; 1765 } 1766 1767 if (blk_is_read_only(s->qdev.conf.blk)) { 1768 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1769 return; 1770 } 1771 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1772 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1773 return; 1774 } 1775 1776 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1777 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1778 1779 /* The request is used as the AIO opaque value, so add a ref. */ 1780 scsi_req_ref(&r->req); 1781 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1782 nb_sectors * s->qdev.blocksize, 1783 BLOCK_ACCT_WRITE); 1784 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk, 1785 r->req.cmd.lba * (s->qdev.blocksize / 512), 1786 nb_sectors * (s->qdev.blocksize / 512), 1787 flags, scsi_aio_complete, r); 1788 return; 1789 } 1790 1791 data = g_new0(WriteSameCBData, 1); 1792 data->r = r; 1793 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1794 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1795 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1796 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1797 data->iov.iov_len); 1798 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1799 1800 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1801 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1802 } 1803 1804 scsi_req_ref(&r->req); 1805 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1806 data->iov.iov_len, BLOCK_ACCT_WRITE); 1807 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1808 &data->qiov, data->iov.iov_len / 512, 1809 scsi_write_same_complete, data); 1810 } 1811 1812 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1813 { 1814 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1815 1816 if (r->iov.iov_len) { 1817 int buflen = r->iov.iov_len; 1818 DPRINTF("Write buf_len=%d\n", buflen); 1819 r->iov.iov_len = 0; 1820 scsi_req_data(&r->req, buflen); 1821 return; 1822 } 1823 1824 switch (req->cmd.buf[0]) { 1825 case MODE_SELECT: 1826 case MODE_SELECT_10: 1827 /* This also clears the sense buffer for REQUEST SENSE. */ 1828 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1829 break; 1830 1831 case UNMAP: 1832 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1833 break; 1834 1835 case VERIFY_10: 1836 case VERIFY_12: 1837 case VERIFY_16: 1838 if (r->req.status == -1) { 1839 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1840 } 1841 break; 1842 1843 case WRITE_SAME_10: 1844 case WRITE_SAME_16: 1845 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1846 break; 1847 1848 default: 1849 abort(); 1850 } 1851 } 1852 1853 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1854 { 1855 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1856 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1857 uint64_t nb_sectors; 1858 uint8_t *outbuf; 1859 int buflen; 1860 1861 switch (req->cmd.buf[0]) { 1862 case INQUIRY: 1863 case MODE_SENSE: 1864 case MODE_SENSE_10: 1865 case RESERVE: 1866 case RESERVE_10: 1867 case RELEASE: 1868 case RELEASE_10: 1869 case START_STOP: 1870 case ALLOW_MEDIUM_REMOVAL: 1871 case GET_CONFIGURATION: 1872 case GET_EVENT_STATUS_NOTIFICATION: 1873 case MECHANISM_STATUS: 1874 case REQUEST_SENSE: 1875 break; 1876 1877 default: 1878 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1879 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1880 return 0; 1881 } 1882 break; 1883 } 1884 1885 /* 1886 * FIXME: we shouldn't return anything bigger than 4k, but the code 1887 * requires the buffer to be as big as req->cmd.xfer in several 1888 * places. So, do not allow CDBs with a very large ALLOCATION 1889 * LENGTH. The real fix would be to modify scsi_read_data and 1890 * dma_buf_read, so that they return data beyond the buflen 1891 * as all zeros. 1892 */ 1893 if (req->cmd.xfer > 65536) { 1894 goto illegal_request; 1895 } 1896 r->buflen = MAX(4096, req->cmd.xfer); 1897 1898 if (!r->iov.iov_base) { 1899 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1900 } 1901 1902 buflen = req->cmd.xfer; 1903 outbuf = r->iov.iov_base; 1904 memset(outbuf, 0, r->buflen); 1905 switch (req->cmd.buf[0]) { 1906 case TEST_UNIT_READY: 1907 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1908 break; 1909 case INQUIRY: 1910 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1911 if (buflen < 0) { 1912 goto illegal_request; 1913 } 1914 break; 1915 case MODE_SENSE: 1916 case MODE_SENSE_10: 1917 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1918 if (buflen < 0) { 1919 goto illegal_request; 1920 } 1921 break; 1922 case READ_TOC: 1923 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1924 if (buflen < 0) { 1925 goto illegal_request; 1926 } 1927 break; 1928 case RESERVE: 1929 if (req->cmd.buf[1] & 1) { 1930 goto illegal_request; 1931 } 1932 break; 1933 case RESERVE_10: 1934 if (req->cmd.buf[1] & 3) { 1935 goto illegal_request; 1936 } 1937 break; 1938 case RELEASE: 1939 if (req->cmd.buf[1] & 1) { 1940 goto illegal_request; 1941 } 1942 break; 1943 case RELEASE_10: 1944 if (req->cmd.buf[1] & 3) { 1945 goto illegal_request; 1946 } 1947 break; 1948 case START_STOP: 1949 if (scsi_disk_emulate_start_stop(r) < 0) { 1950 return 0; 1951 } 1952 break; 1953 case ALLOW_MEDIUM_REMOVAL: 1954 s->tray_locked = req->cmd.buf[4] & 1; 1955 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1956 break; 1957 case READ_CAPACITY_10: 1958 /* The normal LEN field for this command is zero. */ 1959 memset(outbuf, 0, 8); 1960 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1961 if (!nb_sectors) { 1962 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1963 return 0; 1964 } 1965 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1966 goto illegal_request; 1967 } 1968 nb_sectors /= s->qdev.blocksize / 512; 1969 /* Returned value is the address of the last sector. */ 1970 nb_sectors--; 1971 /* Remember the new size for read/write sanity checking. */ 1972 s->qdev.max_lba = nb_sectors; 1973 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1974 if (nb_sectors > UINT32_MAX) { 1975 nb_sectors = UINT32_MAX; 1976 } 1977 outbuf[0] = (nb_sectors >> 24) & 0xff; 1978 outbuf[1] = (nb_sectors >> 16) & 0xff; 1979 outbuf[2] = (nb_sectors >> 8) & 0xff; 1980 outbuf[3] = nb_sectors & 0xff; 1981 outbuf[4] = 0; 1982 outbuf[5] = 0; 1983 outbuf[6] = s->qdev.blocksize >> 8; 1984 outbuf[7] = 0; 1985 break; 1986 case REQUEST_SENSE: 1987 /* Just return "NO SENSE". */ 1988 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1989 (req->cmd.buf[1] & 1) == 0); 1990 if (buflen < 0) { 1991 goto illegal_request; 1992 } 1993 break; 1994 case MECHANISM_STATUS: 1995 buflen = scsi_emulate_mechanism_status(s, outbuf); 1996 if (buflen < 0) { 1997 goto illegal_request; 1998 } 1999 break; 2000 case GET_CONFIGURATION: 2001 buflen = scsi_get_configuration(s, outbuf); 2002 if (buflen < 0) { 2003 goto illegal_request; 2004 } 2005 break; 2006 case GET_EVENT_STATUS_NOTIFICATION: 2007 buflen = scsi_get_event_status_notification(s, r, outbuf); 2008 if (buflen < 0) { 2009 goto illegal_request; 2010 } 2011 break; 2012 case READ_DISC_INFORMATION: 2013 buflen = scsi_read_disc_information(s, r, outbuf); 2014 if (buflen < 0) { 2015 goto illegal_request; 2016 } 2017 break; 2018 case READ_DVD_STRUCTURE: 2019 buflen = scsi_read_dvd_structure(s, r, outbuf); 2020 if (buflen < 0) { 2021 goto illegal_request; 2022 } 2023 break; 2024 case SERVICE_ACTION_IN_16: 2025 /* Service Action In subcommands. */ 2026 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2027 DPRINTF("SAI READ CAPACITY(16)\n"); 2028 memset(outbuf, 0, req->cmd.xfer); 2029 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2030 if (!nb_sectors) { 2031 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2032 return 0; 2033 } 2034 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2035 goto illegal_request; 2036 } 2037 nb_sectors /= s->qdev.blocksize / 512; 2038 /* Returned value is the address of the last sector. */ 2039 nb_sectors--; 2040 /* Remember the new size for read/write sanity checking. */ 2041 s->qdev.max_lba = nb_sectors; 2042 outbuf[0] = (nb_sectors >> 56) & 0xff; 2043 outbuf[1] = (nb_sectors >> 48) & 0xff; 2044 outbuf[2] = (nb_sectors >> 40) & 0xff; 2045 outbuf[3] = (nb_sectors >> 32) & 0xff; 2046 outbuf[4] = (nb_sectors >> 24) & 0xff; 2047 outbuf[5] = (nb_sectors >> 16) & 0xff; 2048 outbuf[6] = (nb_sectors >> 8) & 0xff; 2049 outbuf[7] = nb_sectors & 0xff; 2050 outbuf[8] = 0; 2051 outbuf[9] = 0; 2052 outbuf[10] = s->qdev.blocksize >> 8; 2053 outbuf[11] = 0; 2054 outbuf[12] = 0; 2055 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2056 2057 /* set TPE bit if the format supports discard */ 2058 if (s->qdev.conf.discard_granularity) { 2059 outbuf[14] = 0x80; 2060 } 2061 2062 /* Protection, exponent and lowest lba field left blank. */ 2063 break; 2064 } 2065 DPRINTF("Unsupported Service Action In\n"); 2066 goto illegal_request; 2067 case SYNCHRONIZE_CACHE: 2068 /* The request is used as the AIO opaque value, so add a ref. */ 2069 scsi_req_ref(&r->req); 2070 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2071 BLOCK_ACCT_FLUSH); 2072 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2073 return 0; 2074 case SEEK_10: 2075 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2076 if (r->req.cmd.lba > s->qdev.max_lba) { 2077 goto illegal_lba; 2078 } 2079 break; 2080 case MODE_SELECT: 2081 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2082 break; 2083 case MODE_SELECT_10: 2084 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2085 break; 2086 case UNMAP: 2087 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2088 break; 2089 case VERIFY_10: 2090 case VERIFY_12: 2091 case VERIFY_16: 2092 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2093 if (req->cmd.buf[1] & 6) { 2094 goto illegal_request; 2095 } 2096 break; 2097 case WRITE_SAME_10: 2098 case WRITE_SAME_16: 2099 DPRINTF("WRITE SAME %d (len %lu)\n", 2100 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2101 (long)r->req.cmd.xfer); 2102 break; 2103 default: 2104 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2105 scsi_command_name(buf[0])); 2106 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2107 return 0; 2108 } 2109 assert(!r->req.aiocb); 2110 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2111 if (r->iov.iov_len == 0) { 2112 scsi_req_complete(&r->req, GOOD); 2113 } 2114 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2115 assert(r->iov.iov_len == req->cmd.xfer); 2116 return -r->iov.iov_len; 2117 } else { 2118 return r->iov.iov_len; 2119 } 2120 2121 illegal_request: 2122 if (r->req.status == -1) { 2123 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2124 } 2125 return 0; 2126 2127 illegal_lba: 2128 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2129 return 0; 2130 } 2131 2132 /* Execute a scsi command. Returns the length of the data expected by the 2133 command. This will be Positive for data transfers from the device 2134 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2135 and zero if the command does not transfer any data. */ 2136 2137 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2138 { 2139 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2141 uint32_t len; 2142 uint8_t command; 2143 2144 command = buf[0]; 2145 2146 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2147 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2148 return 0; 2149 } 2150 2151 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2152 switch (command) { 2153 case READ_6: 2154 case READ_10: 2155 case READ_12: 2156 case READ_16: 2157 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2158 if (r->req.cmd.buf[1] & 0xe0) { 2159 goto illegal_request; 2160 } 2161 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2162 goto illegal_lba; 2163 } 2164 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2165 r->sector_count = len * (s->qdev.blocksize / 512); 2166 break; 2167 case WRITE_6: 2168 case WRITE_10: 2169 case WRITE_12: 2170 case WRITE_16: 2171 case WRITE_VERIFY_10: 2172 case WRITE_VERIFY_12: 2173 case WRITE_VERIFY_16: 2174 if (blk_is_read_only(s->qdev.conf.blk)) { 2175 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2176 return 0; 2177 } 2178 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2179 (command & 0xe) == 0xe ? "And Verify " : "", 2180 r->req.cmd.lba, len); 2181 if (r->req.cmd.buf[1] & 0xe0) { 2182 goto illegal_request; 2183 } 2184 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2185 goto illegal_lba; 2186 } 2187 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2188 r->sector_count = len * (s->qdev.blocksize / 512); 2189 break; 2190 default: 2191 abort(); 2192 illegal_request: 2193 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2194 return 0; 2195 illegal_lba: 2196 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2197 return 0; 2198 } 2199 if (r->sector_count == 0) { 2200 scsi_req_complete(&r->req, GOOD); 2201 } 2202 assert(r->iov.iov_len == 0); 2203 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2204 return -r->sector_count * 512; 2205 } else { 2206 return r->sector_count * 512; 2207 } 2208 } 2209 2210 static void scsi_disk_reset(DeviceState *dev) 2211 { 2212 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2213 uint64_t nb_sectors; 2214 2215 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2216 2217 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2218 nb_sectors /= s->qdev.blocksize / 512; 2219 if (nb_sectors) { 2220 nb_sectors--; 2221 } 2222 s->qdev.max_lba = nb_sectors; 2223 /* reset tray statuses */ 2224 s->tray_locked = 0; 2225 s->tray_open = 0; 2226 } 2227 2228 static void scsi_disk_resize_cb(void *opaque) 2229 { 2230 SCSIDiskState *s = opaque; 2231 2232 /* SPC lists this sense code as available only for 2233 * direct-access devices. 2234 */ 2235 if (s->qdev.type == TYPE_DISK) { 2236 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2237 } 2238 } 2239 2240 static void scsi_cd_change_media_cb(void *opaque, bool load) 2241 { 2242 SCSIDiskState *s = opaque; 2243 2244 /* 2245 * When a CD gets changed, we have to report an ejected state and 2246 * then a loaded state to guests so that they detect tray 2247 * open/close and media change events. Guests that do not use 2248 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2249 * states rely on this behavior. 2250 * 2251 * media_changed governs the state machine used for unit attention 2252 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2253 */ 2254 s->media_changed = load; 2255 s->tray_open = !load; 2256 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2257 s->media_event = true; 2258 s->eject_request = false; 2259 } 2260 2261 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2262 { 2263 SCSIDiskState *s = opaque; 2264 2265 s->eject_request = true; 2266 if (force) { 2267 s->tray_locked = false; 2268 } 2269 } 2270 2271 static bool scsi_cd_is_tray_open(void *opaque) 2272 { 2273 return ((SCSIDiskState *)opaque)->tray_open; 2274 } 2275 2276 static bool scsi_cd_is_medium_locked(void *opaque) 2277 { 2278 return ((SCSIDiskState *)opaque)->tray_locked; 2279 } 2280 2281 static const BlockDevOps scsi_disk_removable_block_ops = { 2282 .change_media_cb = scsi_cd_change_media_cb, 2283 .eject_request_cb = scsi_cd_eject_request_cb, 2284 .is_tray_open = scsi_cd_is_tray_open, 2285 .is_medium_locked = scsi_cd_is_medium_locked, 2286 2287 .resize_cb = scsi_disk_resize_cb, 2288 }; 2289 2290 static const BlockDevOps scsi_disk_block_ops = { 2291 .resize_cb = scsi_disk_resize_cb, 2292 }; 2293 2294 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2295 { 2296 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2297 if (s->media_changed) { 2298 s->media_changed = false; 2299 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2300 } 2301 } 2302 2303 static void scsi_realize(SCSIDevice *dev, Error **errp) 2304 { 2305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2306 Error *err = NULL; 2307 2308 if (!s->qdev.conf.blk) { 2309 error_setg(errp, "drive property not set"); 2310 return; 2311 } 2312 2313 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2314 !blk_is_inserted(s->qdev.conf.blk)) { 2315 error_setg(errp, "Device needs media, but drive is empty"); 2316 return; 2317 } 2318 2319 blkconf_serial(&s->qdev.conf, &s->serial); 2320 blkconf_blocksizes(&s->qdev.conf); 2321 if (dev->type == TYPE_DISK) { 2322 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2323 if (err) { 2324 error_propagate(errp, err); 2325 return; 2326 } 2327 } 2328 2329 if (s->qdev.conf.discard_granularity == -1) { 2330 s->qdev.conf.discard_granularity = 2331 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2332 } 2333 2334 if (!s->version) { 2335 s->version = g_strdup(qemu_hw_version()); 2336 } 2337 if (!s->vendor) { 2338 s->vendor = g_strdup("QEMU"); 2339 } 2340 2341 if (blk_is_sg(s->qdev.conf.blk)) { 2342 error_setg(errp, "unwanted /dev/sg*"); 2343 return; 2344 } 2345 2346 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2347 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2349 } else { 2350 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2351 } 2352 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2353 2354 blk_iostatus_enable(s->qdev.conf.blk); 2355 } 2356 2357 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2358 { 2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2360 /* can happen for devices without drive. The error message for missing 2361 * backend will be issued in scsi_realize 2362 */ 2363 if (s->qdev.conf.blk) { 2364 blkconf_blocksizes(&s->qdev.conf); 2365 } 2366 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2367 s->qdev.type = TYPE_DISK; 2368 if (!s->product) { 2369 s->product = g_strdup("QEMU HARDDISK"); 2370 } 2371 scsi_realize(&s->qdev, errp); 2372 } 2373 2374 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2375 { 2376 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2377 s->qdev.blocksize = 2048; 2378 s->qdev.type = TYPE_ROM; 2379 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2380 if (!s->product) { 2381 s->product = g_strdup("QEMU CD-ROM"); 2382 } 2383 scsi_realize(&s->qdev, errp); 2384 } 2385 2386 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2387 { 2388 DriveInfo *dinfo; 2389 Error *local_err = NULL; 2390 2391 if (!dev->conf.blk) { 2392 scsi_realize(dev, &local_err); 2393 assert(local_err); 2394 error_propagate(errp, local_err); 2395 return; 2396 } 2397 2398 dinfo = blk_legacy_dinfo(dev->conf.blk); 2399 if (dinfo && dinfo->media_cd) { 2400 scsi_cd_realize(dev, errp); 2401 } else { 2402 scsi_hd_realize(dev, errp); 2403 } 2404 } 2405 2406 static const SCSIReqOps scsi_disk_emulate_reqops = { 2407 .size = sizeof(SCSIDiskReq), 2408 .free_req = scsi_free_request, 2409 .send_command = scsi_disk_emulate_command, 2410 .read_data = scsi_disk_emulate_read_data, 2411 .write_data = scsi_disk_emulate_write_data, 2412 .get_buf = scsi_get_buf, 2413 }; 2414 2415 static const SCSIReqOps scsi_disk_dma_reqops = { 2416 .size = sizeof(SCSIDiskReq), 2417 .free_req = scsi_free_request, 2418 .send_command = scsi_disk_dma_command, 2419 .read_data = scsi_read_data, 2420 .write_data = scsi_write_data, 2421 .get_buf = scsi_get_buf, 2422 .load_request = scsi_disk_load_request, 2423 .save_request = scsi_disk_save_request, 2424 }; 2425 2426 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2427 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2428 [INQUIRY] = &scsi_disk_emulate_reqops, 2429 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2430 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2431 [START_STOP] = &scsi_disk_emulate_reqops, 2432 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2433 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2434 [READ_TOC] = &scsi_disk_emulate_reqops, 2435 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2436 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2437 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2438 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2439 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2440 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2441 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2442 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2443 [SEEK_10] = &scsi_disk_emulate_reqops, 2444 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2445 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2446 [UNMAP] = &scsi_disk_emulate_reqops, 2447 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2448 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2449 [VERIFY_10] = &scsi_disk_emulate_reqops, 2450 [VERIFY_12] = &scsi_disk_emulate_reqops, 2451 [VERIFY_16] = &scsi_disk_emulate_reqops, 2452 2453 [READ_6] = &scsi_disk_dma_reqops, 2454 [READ_10] = &scsi_disk_dma_reqops, 2455 [READ_12] = &scsi_disk_dma_reqops, 2456 [READ_16] = &scsi_disk_dma_reqops, 2457 [WRITE_6] = &scsi_disk_dma_reqops, 2458 [WRITE_10] = &scsi_disk_dma_reqops, 2459 [WRITE_12] = &scsi_disk_dma_reqops, 2460 [WRITE_16] = &scsi_disk_dma_reqops, 2461 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2462 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2463 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2464 }; 2465 2466 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2467 uint8_t *buf, void *hba_private) 2468 { 2469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2470 SCSIRequest *req; 2471 const SCSIReqOps *ops; 2472 uint8_t command; 2473 2474 command = buf[0]; 2475 ops = scsi_disk_reqops_dispatch[command]; 2476 if (!ops) { 2477 ops = &scsi_disk_emulate_reqops; 2478 } 2479 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2480 2481 #ifdef DEBUG_SCSI 2482 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2483 { 2484 int i; 2485 for (i = 1; i < scsi_cdb_length(buf); i++) { 2486 printf(" 0x%02x", buf[i]); 2487 } 2488 printf("\n"); 2489 } 2490 #endif 2491 2492 return req; 2493 } 2494 2495 #ifdef __linux__ 2496 static int get_device_type(SCSIDiskState *s) 2497 { 2498 uint8_t cmd[16]; 2499 uint8_t buf[36]; 2500 uint8_t sensebuf[8]; 2501 sg_io_hdr_t io_header; 2502 int ret; 2503 2504 memset(cmd, 0, sizeof(cmd)); 2505 memset(buf, 0, sizeof(buf)); 2506 cmd[0] = INQUIRY; 2507 cmd[4] = sizeof(buf); 2508 2509 memset(&io_header, 0, sizeof(io_header)); 2510 io_header.interface_id = 'S'; 2511 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2512 io_header.dxfer_len = sizeof(buf); 2513 io_header.dxferp = buf; 2514 io_header.cmdp = cmd; 2515 io_header.cmd_len = sizeof(cmd); 2516 io_header.mx_sb_len = sizeof(sensebuf); 2517 io_header.sbp = sensebuf; 2518 io_header.timeout = 6000; /* XXX */ 2519 2520 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2521 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2522 return -1; 2523 } 2524 s->qdev.type = buf[0]; 2525 if (buf[1] & 0x80) { 2526 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2527 } 2528 return 0; 2529 } 2530 2531 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2532 { 2533 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2534 int sg_version; 2535 int rc; 2536 2537 if (!s->qdev.conf.blk) { 2538 error_setg(errp, "drive property not set"); 2539 return; 2540 } 2541 2542 /* check we are using a driver managing SG_IO (version 3 and after) */ 2543 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2544 if (rc < 0) { 2545 error_setg(errp, "cannot get SG_IO version number: %s. " 2546 "Is this a SCSI device?", 2547 strerror(-rc)); 2548 return; 2549 } 2550 if (sg_version < 30000) { 2551 error_setg(errp, "scsi generic interface too old"); 2552 return; 2553 } 2554 2555 /* get device type from INQUIRY data */ 2556 rc = get_device_type(s); 2557 if (rc < 0) { 2558 error_setg(errp, "INQUIRY failed"); 2559 return; 2560 } 2561 2562 /* Make a guess for the block size, we'll fix it when the guest sends. 2563 * READ CAPACITY. If they don't, they likely would assume these sizes 2564 * anyway. (TODO: check in /sys). 2565 */ 2566 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2567 s->qdev.blocksize = 2048; 2568 } else { 2569 s->qdev.blocksize = 512; 2570 } 2571 2572 /* Makes the scsi-block device not removable by using HMP and QMP eject 2573 * command. 2574 */ 2575 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2576 2577 scsi_realize(&s->qdev, errp); 2578 } 2579 2580 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2581 { 2582 switch (buf[0]) { 2583 case READ_6: 2584 case READ_10: 2585 case READ_12: 2586 case READ_16: 2587 case VERIFY_10: 2588 case VERIFY_12: 2589 case VERIFY_16: 2590 case WRITE_6: 2591 case WRITE_10: 2592 case WRITE_12: 2593 case WRITE_16: 2594 case WRITE_VERIFY_10: 2595 case WRITE_VERIFY_12: 2596 case WRITE_VERIFY_16: 2597 /* If we are not using O_DIRECT, we might read stale data from the 2598 * host cache if writes were made using other commands than these 2599 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2600 * O_DIRECT everything must go through SG_IO. 2601 */ 2602 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2603 break; 2604 } 2605 2606 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2607 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2608 * And once you do these writes, reading from the block device is 2609 * unreliable, too. It is even possible that reads deliver random data 2610 * from the host page cache (this is probably a Linux bug). 2611 * 2612 * We might use scsi_disk_dma_reqops as long as no writing commands are 2613 * seen, but performance usually isn't paramount on optical media. So, 2614 * just make scsi-block operate the same as scsi-generic for them. 2615 */ 2616 if (s->qdev.type != TYPE_ROM) { 2617 return false; 2618 } 2619 break; 2620 2621 default: 2622 break; 2623 } 2624 2625 return true; 2626 } 2627 2628 2629 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2630 uint32_t lun, uint8_t *buf, 2631 void *hba_private) 2632 { 2633 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2634 2635 if (scsi_block_is_passthrough(s, buf)) { 2636 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2637 hba_private); 2638 } else { 2639 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2640 hba_private); 2641 } 2642 } 2643 2644 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2645 uint8_t *buf, void *hba_private) 2646 { 2647 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2648 2649 if (scsi_block_is_passthrough(s, buf)) { 2650 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2651 } else { 2652 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2653 } 2654 } 2655 2656 #endif 2657 2658 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2659 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2660 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2661 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2662 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2663 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2664 2665 static Property scsi_hd_properties[] = { 2666 DEFINE_SCSI_DISK_PROPERTIES(), 2667 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2668 SCSI_DISK_F_REMOVABLE, false), 2669 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2670 SCSI_DISK_F_DPOFUA, false), 2671 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2672 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2673 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2674 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2675 DEFAULT_MAX_UNMAP_SIZE), 2676 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2677 DEFAULT_MAX_IO_SIZE), 2678 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2679 DEFINE_PROP_END_OF_LIST(), 2680 }; 2681 2682 static const VMStateDescription vmstate_scsi_disk_state = { 2683 .name = "scsi-disk", 2684 .version_id = 1, 2685 .minimum_version_id = 1, 2686 .fields = (VMStateField[]) { 2687 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2688 VMSTATE_BOOL(media_changed, SCSIDiskState), 2689 VMSTATE_BOOL(media_event, SCSIDiskState), 2690 VMSTATE_BOOL(eject_request, SCSIDiskState), 2691 VMSTATE_BOOL(tray_open, SCSIDiskState), 2692 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2693 VMSTATE_END_OF_LIST() 2694 } 2695 }; 2696 2697 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2698 { 2699 DeviceClass *dc = DEVICE_CLASS(klass); 2700 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2701 2702 sc->realize = scsi_hd_realize; 2703 sc->alloc_req = scsi_new_request; 2704 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2705 dc->fw_name = "disk"; 2706 dc->desc = "virtual SCSI disk"; 2707 dc->reset = scsi_disk_reset; 2708 dc->props = scsi_hd_properties; 2709 dc->vmsd = &vmstate_scsi_disk_state; 2710 } 2711 2712 static const TypeInfo scsi_hd_info = { 2713 .name = "scsi-hd", 2714 .parent = TYPE_SCSI_DEVICE, 2715 .instance_size = sizeof(SCSIDiskState), 2716 .class_init = scsi_hd_class_initfn, 2717 }; 2718 2719 static Property scsi_cd_properties[] = { 2720 DEFINE_SCSI_DISK_PROPERTIES(), 2721 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2722 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2723 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2724 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2725 DEFAULT_MAX_IO_SIZE), 2726 DEFINE_PROP_END_OF_LIST(), 2727 }; 2728 2729 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2730 { 2731 DeviceClass *dc = DEVICE_CLASS(klass); 2732 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2733 2734 sc->realize = scsi_cd_realize; 2735 sc->alloc_req = scsi_new_request; 2736 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2737 dc->fw_name = "disk"; 2738 dc->desc = "virtual SCSI CD-ROM"; 2739 dc->reset = scsi_disk_reset; 2740 dc->props = scsi_cd_properties; 2741 dc->vmsd = &vmstate_scsi_disk_state; 2742 } 2743 2744 static const TypeInfo scsi_cd_info = { 2745 .name = "scsi-cd", 2746 .parent = TYPE_SCSI_DEVICE, 2747 .instance_size = sizeof(SCSIDiskState), 2748 .class_init = scsi_cd_class_initfn, 2749 }; 2750 2751 #ifdef __linux__ 2752 static Property scsi_block_properties[] = { 2753 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2754 DEFINE_PROP_END_OF_LIST(), 2755 }; 2756 2757 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2758 { 2759 DeviceClass *dc = DEVICE_CLASS(klass); 2760 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2761 2762 sc->realize = scsi_block_realize; 2763 sc->alloc_req = scsi_block_new_request; 2764 sc->parse_cdb = scsi_block_parse_cdb; 2765 dc->fw_name = "disk"; 2766 dc->desc = "SCSI block device passthrough"; 2767 dc->reset = scsi_disk_reset; 2768 dc->props = scsi_block_properties; 2769 dc->vmsd = &vmstate_scsi_disk_state; 2770 } 2771 2772 static const TypeInfo scsi_block_info = { 2773 .name = "scsi-block", 2774 .parent = TYPE_SCSI_DEVICE, 2775 .instance_size = sizeof(SCSIDiskState), 2776 .class_init = scsi_block_class_initfn, 2777 }; 2778 #endif 2779 2780 static Property scsi_disk_properties[] = { 2781 DEFINE_SCSI_DISK_PROPERTIES(), 2782 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2783 SCSI_DISK_F_REMOVABLE, false), 2784 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2785 SCSI_DISK_F_DPOFUA, false), 2786 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2787 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2788 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2789 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2790 DEFAULT_MAX_UNMAP_SIZE), 2791 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2792 DEFAULT_MAX_IO_SIZE), 2793 DEFINE_PROP_END_OF_LIST(), 2794 }; 2795 2796 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2797 { 2798 DeviceClass *dc = DEVICE_CLASS(klass); 2799 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2800 2801 sc->realize = scsi_disk_realize; 2802 sc->alloc_req = scsi_new_request; 2803 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2804 dc->fw_name = "disk"; 2805 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2806 dc->reset = scsi_disk_reset; 2807 dc->props = scsi_disk_properties; 2808 dc->vmsd = &vmstate_scsi_disk_state; 2809 } 2810 2811 static const TypeInfo scsi_disk_info = { 2812 .name = "scsi-disk", 2813 .parent = TYPE_SCSI_DEVICE, 2814 .instance_size = sizeof(SCSIDiskState), 2815 .class_init = scsi_disk_class_initfn, 2816 }; 2817 2818 static void scsi_disk_register_types(void) 2819 { 2820 type_register_static(&scsi_hd_info); 2821 type_register_static(&scsi_cd_info); 2822 #ifdef __linux__ 2823 type_register_static(&scsi_block_info); 2824 #endif 2825 type_register_static(&scsi_disk_info); 2826 } 2827 2828 type_init(scsi_disk_register_types) 2829