1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "hw/scsi/scsi.h" 27 #include "hw/scsi/emulation.h" 28 #include "scsi/constants.h" 29 #include "sysemu/sysemu.h" 30 #include "sysemu/block-backend.h" 31 #include "sysemu/blockdev.h" 32 #include "hw/block/block.h" 33 #include "sysemu/dma.h" 34 #include "qemu/cutils.h" 35 #include "trace.h" 36 37 #ifdef __linux 38 #include <scsi/sg.h> 39 #endif 40 41 #define SCSI_WRITE_SAME_MAX (512 * KiB) 42 #define SCSI_DMA_BUF_SIZE (128 * KiB) 43 #define SCSI_MAX_INQUIRY_LEN 256 44 #define SCSI_MAX_MODE_LEN 256 45 46 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 47 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 48 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 49 50 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 51 52 #define SCSI_DISK_BASE(obj) \ 53 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE) 54 #define SCSI_DISK_BASE_CLASS(klass) \ 55 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE) 56 #define SCSI_DISK_BASE_GET_CLASS(obj) \ 57 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE) 58 59 typedef struct SCSIDiskClass { 60 SCSIDeviceClass parent_class; 61 DMAIOFunc *dma_readv; 62 DMAIOFunc *dma_writev; 63 bool (*need_fua_emulation)(SCSICommand *cmd); 64 } SCSIDiskClass; 65 66 typedef struct SCSIDiskReq { 67 SCSIRequest req; 68 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 69 uint64_t sector; 70 uint32_t sector_count; 71 uint32_t buflen; 72 bool started; 73 bool need_fua_emulation; 74 struct iovec iov; 75 QEMUIOVector qiov; 76 BlockAcctCookie acct; 77 unsigned char *status; 78 } SCSIDiskReq; 79 80 #define SCSI_DISK_F_REMOVABLE 0 81 #define SCSI_DISK_F_DPOFUA 1 82 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 83 84 typedef struct SCSIDiskState 85 { 86 SCSIDevice qdev; 87 uint32_t features; 88 bool media_changed; 89 bool media_event; 90 bool eject_request; 91 uint16_t port_index; 92 uint64_t max_unmap_size; 93 uint64_t max_io_size; 94 QEMUBH *bh; 95 char *version; 96 char *serial; 97 char *vendor; 98 char *product; 99 char *device_id; 100 bool tray_open; 101 bool tray_locked; 102 /* 103 * 0x0000 - rotation rate not reported 104 * 0x0001 - non-rotating medium (SSD) 105 * 0x0002-0x0400 - reserved 106 * 0x0401-0xffe - rotations per minute 107 * 0xffff - reserved 108 */ 109 uint16_t rotation_rate; 110 } SCSIDiskState; 111 112 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 113 114 static void scsi_free_request(SCSIRequest *req) 115 { 116 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 117 118 qemu_vfree(r->iov.iov_base); 119 } 120 121 /* Helper function for command completion with sense. */ 122 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 123 { 124 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 125 sense.ascq); 126 scsi_req_build_sense(&r->req, sense); 127 scsi_req_complete(&r->req, CHECK_CONDITION); 128 } 129 130 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 131 { 132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 133 134 if (!r->iov.iov_base) { 135 r->buflen = size; 136 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 137 } 138 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 139 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 140 } 141 142 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 143 { 144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 145 146 qemu_put_be64s(f, &r->sector); 147 qemu_put_be32s(f, &r->sector_count); 148 qemu_put_be32s(f, &r->buflen); 149 if (r->buflen) { 150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } else if (!req->retry) { 153 uint32_t len = r->iov.iov_len; 154 qemu_put_be32s(f, &len); 155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 156 } 157 } 158 } 159 160 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 161 { 162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 163 164 qemu_get_be64s(f, &r->sector); 165 qemu_get_be32s(f, &r->sector_count); 166 qemu_get_be32s(f, &r->buflen); 167 if (r->buflen) { 168 scsi_init_iovec(r, r->buflen); 169 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 171 } else if (!r->req.retry) { 172 uint32_t len; 173 qemu_get_be32s(f, &len); 174 r->iov.iov_len = len; 175 assert(r->iov.iov_len <= r->buflen); 176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 177 } 178 } 179 180 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 181 } 182 183 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 184 { 185 if (r->req.io_canceled) { 186 scsi_req_cancel_complete(&r->req); 187 return true; 188 } 189 190 if (ret < 0 || (r->status && *r->status)) { 191 return scsi_handle_rw_error(r, -ret, acct_failed); 192 } 193 194 return false; 195 } 196 197 static void scsi_aio_complete(void *opaque, int ret) 198 { 199 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 200 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 201 202 assert(r->req.aiocb != NULL); 203 r->req.aiocb = NULL; 204 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 205 if (scsi_disk_req_check_error(r, ret, true)) { 206 goto done; 207 } 208 209 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 210 scsi_req_complete(&r->req, GOOD); 211 212 done: 213 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 214 scsi_req_unref(&r->req); 215 } 216 217 static bool scsi_is_cmd_fua(SCSICommand *cmd) 218 { 219 switch (cmd->buf[0]) { 220 case READ_10: 221 case READ_12: 222 case READ_16: 223 case WRITE_10: 224 case WRITE_12: 225 case WRITE_16: 226 return (cmd->buf[1] & 8) != 0; 227 228 case VERIFY_10: 229 case VERIFY_12: 230 case VERIFY_16: 231 case WRITE_VERIFY_10: 232 case WRITE_VERIFY_12: 233 case WRITE_VERIFY_16: 234 return true; 235 236 case READ_6: 237 case WRITE_6: 238 default: 239 return false; 240 } 241 } 242 243 static void scsi_write_do_fua(SCSIDiskReq *r) 244 { 245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 246 247 assert(r->req.aiocb == NULL); 248 assert(!r->req.io_canceled); 249 250 if (r->need_fua_emulation) { 251 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 252 BLOCK_ACCT_FLUSH); 253 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 254 return; 255 } 256 257 scsi_req_complete(&r->req, GOOD); 258 scsi_req_unref(&r->req); 259 } 260 261 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 262 { 263 assert(r->req.aiocb == NULL); 264 if (scsi_disk_req_check_error(r, ret, false)) { 265 goto done; 266 } 267 268 r->sector += r->sector_count; 269 r->sector_count = 0; 270 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 271 scsi_write_do_fua(r); 272 return; 273 } else { 274 scsi_req_complete(&r->req, GOOD); 275 } 276 277 done: 278 scsi_req_unref(&r->req); 279 } 280 281 static void scsi_dma_complete(void *opaque, int ret) 282 { 283 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 284 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 285 286 assert(r->req.aiocb != NULL); 287 r->req.aiocb = NULL; 288 289 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 290 if (ret < 0) { 291 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 292 } else { 293 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 294 } 295 scsi_dma_complete_noio(r, ret); 296 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 297 } 298 299 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 300 { 301 uint32_t n; 302 303 assert(r->req.aiocb == NULL); 304 if (scsi_disk_req_check_error(r, ret, false)) { 305 goto done; 306 } 307 308 n = r->qiov.size / 512; 309 r->sector += n; 310 r->sector_count -= n; 311 scsi_req_data(&r->req, r->qiov.size); 312 313 done: 314 scsi_req_unref(&r->req); 315 } 316 317 static void scsi_read_complete(void *opaque, int ret) 318 { 319 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 320 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 321 322 assert(r->req.aiocb != NULL); 323 r->req.aiocb = NULL; 324 325 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 326 if (ret < 0) { 327 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 328 } else { 329 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 330 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 331 } 332 scsi_read_complete_noio(r, ret); 333 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 334 } 335 336 /* Actually issue a read to the block device. */ 337 static void scsi_do_read(SCSIDiskReq *r, int ret) 338 { 339 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 340 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 341 342 assert (r->req.aiocb == NULL); 343 if (scsi_disk_req_check_error(r, ret, false)) { 344 goto done; 345 } 346 347 /* The request is used as the AIO opaque value, so add a ref. */ 348 scsi_req_ref(&r->req); 349 350 if (r->req.sg) { 351 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 352 r->req.resid -= r->req.sg->size; 353 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 354 r->req.sg, r->sector << BDRV_SECTOR_BITS, 355 BDRV_SECTOR_SIZE, 356 sdc->dma_readv, r, scsi_dma_complete, r, 357 DMA_DIRECTION_FROM_DEVICE); 358 } else { 359 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 360 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 361 r->qiov.size, BLOCK_ACCT_READ); 362 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 363 scsi_read_complete, r, r); 364 } 365 366 done: 367 scsi_req_unref(&r->req); 368 } 369 370 static void scsi_do_read_cb(void *opaque, int ret) 371 { 372 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 374 375 assert (r->req.aiocb != NULL); 376 r->req.aiocb = NULL; 377 378 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 379 if (ret < 0) { 380 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 381 } else { 382 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 383 } 384 scsi_do_read(opaque, ret); 385 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 386 } 387 388 /* Read more data from scsi device into buffer. */ 389 static void scsi_read_data(SCSIRequest *req) 390 { 391 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 393 bool first; 394 395 trace_scsi_disk_read_data_count(r->sector_count); 396 if (r->sector_count == 0) { 397 /* This also clears the sense buffer for REQUEST SENSE. */ 398 scsi_req_complete(&r->req, GOOD); 399 return; 400 } 401 402 /* No data transfer may already be in progress */ 403 assert(r->req.aiocb == NULL); 404 405 /* The request is used as the AIO opaque value, so add a ref. */ 406 scsi_req_ref(&r->req); 407 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 408 trace_scsi_disk_read_data_invalid(); 409 scsi_read_complete_noio(r, -EINVAL); 410 return; 411 } 412 413 if (!blk_is_available(req->dev->conf.blk)) { 414 scsi_read_complete_noio(r, -ENOMEDIUM); 415 return; 416 } 417 418 first = !r->started; 419 r->started = true; 420 if (first && r->need_fua_emulation) { 421 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 422 BLOCK_ACCT_FLUSH); 423 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 424 } else { 425 scsi_do_read(r, 0); 426 } 427 } 428 429 /* 430 * scsi_handle_rw_error has two return values. False means that the error 431 * must be ignored, true means that the error has been processed and the 432 * caller should not do anything else for this request. Note that 433 * scsi_handle_rw_error always manages its reference counts, independent 434 * of the return value. 435 */ 436 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 437 { 438 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 439 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 440 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 441 is_read, error); 442 443 if (action == BLOCK_ERROR_ACTION_REPORT) { 444 if (acct_failed) { 445 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 446 } 447 switch (error) { 448 case 0: 449 /* A passthrough command has run and has produced sense data; check 450 * whether the error has to be handled by the guest or should rather 451 * pause the host. 452 */ 453 assert(r->status && *r->status); 454 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 455 if (error == ECANCELED || error == EAGAIN || error == ENOTCONN || 456 error == 0) { 457 /* These errors are handled by guest. */ 458 scsi_req_complete(&r->req, *r->status); 459 return true; 460 } 461 break; 462 case ENOMEDIUM: 463 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 464 break; 465 case ENOMEM: 466 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 467 break; 468 case EINVAL: 469 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 470 break; 471 case ENOSPC: 472 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 473 break; 474 default: 475 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 476 break; 477 } 478 } 479 480 blk_error_action(s->qdev.conf.blk, action, is_read, error); 481 if (action == BLOCK_ERROR_ACTION_IGNORE) { 482 scsi_req_complete(&r->req, 0); 483 return true; 484 } 485 486 if (action == BLOCK_ERROR_ACTION_STOP) { 487 scsi_req_retry(&r->req); 488 } 489 return true; 490 } 491 492 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 493 { 494 uint32_t n; 495 496 assert (r->req.aiocb == NULL); 497 if (scsi_disk_req_check_error(r, ret, false)) { 498 goto done; 499 } 500 501 n = r->qiov.size / 512; 502 r->sector += n; 503 r->sector_count -= n; 504 if (r->sector_count == 0) { 505 scsi_write_do_fua(r); 506 return; 507 } else { 508 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 509 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 510 scsi_req_data(&r->req, r->qiov.size); 511 } 512 513 done: 514 scsi_req_unref(&r->req); 515 } 516 517 static void scsi_write_complete(void * opaque, int ret) 518 { 519 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 520 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 521 522 assert (r->req.aiocb != NULL); 523 r->req.aiocb = NULL; 524 525 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 526 if (ret < 0) { 527 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 528 } else { 529 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 530 } 531 scsi_write_complete_noio(r, ret); 532 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 533 } 534 535 static void scsi_write_data(SCSIRequest *req) 536 { 537 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 538 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 539 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 540 541 /* No data transfer may already be in progress */ 542 assert(r->req.aiocb == NULL); 543 544 /* The request is used as the AIO opaque value, so add a ref. */ 545 scsi_req_ref(&r->req); 546 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 547 trace_scsi_disk_write_data_invalid(); 548 scsi_write_complete_noio(r, -EINVAL); 549 return; 550 } 551 552 if (!r->req.sg && !r->qiov.size) { 553 /* Called for the first time. Ask the driver to send us more data. */ 554 r->started = true; 555 scsi_write_complete_noio(r, 0); 556 return; 557 } 558 if (!blk_is_available(req->dev->conf.blk)) { 559 scsi_write_complete_noio(r, -ENOMEDIUM); 560 return; 561 } 562 563 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 564 r->req.cmd.buf[0] == VERIFY_16) { 565 if (r->req.sg) { 566 scsi_dma_complete_noio(r, 0); 567 } else { 568 scsi_write_complete_noio(r, 0); 569 } 570 return; 571 } 572 573 if (r->req.sg) { 574 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 575 r->req.resid -= r->req.sg->size; 576 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 577 r->req.sg, r->sector << BDRV_SECTOR_BITS, 578 BDRV_SECTOR_SIZE, 579 sdc->dma_writev, r, scsi_dma_complete, r, 580 DMA_DIRECTION_TO_DEVICE); 581 } else { 582 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 583 r->qiov.size, BLOCK_ACCT_WRITE); 584 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 585 scsi_write_complete, r, r); 586 } 587 } 588 589 /* Return a pointer to the data buffer. */ 590 static uint8_t *scsi_get_buf(SCSIRequest *req) 591 { 592 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 593 594 return (uint8_t *)r->iov.iov_base; 595 } 596 597 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 598 { 599 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 600 uint8_t page_code = req->cmd.buf[2]; 601 int start, buflen = 0; 602 603 outbuf[buflen++] = s->qdev.type & 0x1f; 604 outbuf[buflen++] = page_code; 605 outbuf[buflen++] = 0x00; 606 outbuf[buflen++] = 0x00; 607 start = buflen; 608 609 switch (page_code) { 610 case 0x00: /* Supported page codes, mandatory */ 611 { 612 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 613 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 614 if (s->serial) { 615 outbuf[buflen++] = 0x80; /* unit serial number */ 616 } 617 outbuf[buflen++] = 0x83; /* device identification */ 618 if (s->qdev.type == TYPE_DISK) { 619 outbuf[buflen++] = 0xb0; /* block limits */ 620 outbuf[buflen++] = 0xb1; /* block device characteristics */ 621 outbuf[buflen++] = 0xb2; /* thin provisioning */ 622 } 623 break; 624 } 625 case 0x80: /* Device serial number, optional */ 626 { 627 int l; 628 629 if (!s->serial) { 630 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 631 return -1; 632 } 633 634 l = strlen(s->serial); 635 if (l > 36) { 636 l = 36; 637 } 638 639 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 640 memcpy(outbuf + buflen, s->serial, l); 641 buflen += l; 642 break; 643 } 644 645 case 0x83: /* Device identification page, mandatory */ 646 { 647 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 648 649 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 650 651 if (id_len) { 652 outbuf[buflen++] = 0x2; /* ASCII */ 653 outbuf[buflen++] = 0; /* not officially assigned */ 654 outbuf[buflen++] = 0; /* reserved */ 655 outbuf[buflen++] = id_len; /* length of data following */ 656 memcpy(outbuf + buflen, s->device_id, id_len); 657 buflen += id_len; 658 } 659 660 if (s->qdev.wwn) { 661 outbuf[buflen++] = 0x1; /* Binary */ 662 outbuf[buflen++] = 0x3; /* NAA */ 663 outbuf[buflen++] = 0; /* reserved */ 664 outbuf[buflen++] = 8; 665 stq_be_p(&outbuf[buflen], s->qdev.wwn); 666 buflen += 8; 667 } 668 669 if (s->qdev.port_wwn) { 670 outbuf[buflen++] = 0x61; /* SAS / Binary */ 671 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 672 outbuf[buflen++] = 0; /* reserved */ 673 outbuf[buflen++] = 8; 674 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 675 buflen += 8; 676 } 677 678 if (s->port_index) { 679 outbuf[buflen++] = 0x61; /* SAS / Binary */ 680 681 /* PIV/Target port/relative target port */ 682 outbuf[buflen++] = 0x94; 683 684 outbuf[buflen++] = 0; /* reserved */ 685 outbuf[buflen++] = 4; 686 stw_be_p(&outbuf[buflen + 2], s->port_index); 687 buflen += 4; 688 } 689 break; 690 } 691 case 0xb0: /* block limits */ 692 { 693 SCSIBlockLimits bl = {}; 694 695 if (s->qdev.type == TYPE_ROM) { 696 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 697 return -1; 698 } 699 bl.wsnz = 1; 700 bl.unmap_sectors = 701 s->qdev.conf.discard_granularity / s->qdev.blocksize; 702 bl.min_io_size = 703 s->qdev.conf.min_io_size / s->qdev.blocksize; 704 bl.opt_io_size = 705 s->qdev.conf.opt_io_size / s->qdev.blocksize; 706 bl.max_unmap_sectors = 707 s->max_unmap_size / s->qdev.blocksize; 708 bl.max_io_sectors = 709 s->max_io_size / s->qdev.blocksize; 710 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 711 bl.max_unmap_descr = 255; 712 713 if (s->qdev.type == TYPE_DISK) { 714 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 715 int max_io_sectors_blk = 716 max_transfer_blk / s->qdev.blocksize; 717 718 bl.max_io_sectors = 719 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 720 } 721 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 722 break; 723 } 724 case 0xb1: /* block device characteristics */ 725 { 726 buflen = 0x40; 727 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 728 outbuf[5] = s->rotation_rate & 0xff; 729 outbuf[6] = 0; /* PRODUCT TYPE */ 730 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 731 outbuf[8] = 0; /* VBULS */ 732 break; 733 } 734 case 0xb2: /* thin provisioning */ 735 { 736 buflen = 8; 737 outbuf[4] = 0; 738 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 739 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 740 outbuf[7] = 0; 741 break; 742 } 743 default: 744 return -1; 745 } 746 /* done with EVPD */ 747 assert(buflen - start <= 255); 748 outbuf[start - 1] = buflen - start; 749 return buflen; 750 } 751 752 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 753 { 754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 755 int buflen = 0; 756 757 if (req->cmd.buf[1] & 0x1) { 758 /* Vital product data */ 759 return scsi_disk_emulate_vpd_page(req, outbuf); 760 } 761 762 /* Standard INQUIRY data */ 763 if (req->cmd.buf[2] != 0) { 764 return -1; 765 } 766 767 /* PAGE CODE == 0 */ 768 buflen = req->cmd.xfer; 769 if (buflen > SCSI_MAX_INQUIRY_LEN) { 770 buflen = SCSI_MAX_INQUIRY_LEN; 771 } 772 773 outbuf[0] = s->qdev.type & 0x1f; 774 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 775 776 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 777 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 778 779 memset(&outbuf[32], 0, 4); 780 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 781 /* 782 * We claim conformance to SPC-3, which is required for guests 783 * to ask for modern features like READ CAPACITY(16) or the 784 * block characteristics VPD page by default. Not all of SPC-3 785 * is actually implemented, but we're good enough. 786 */ 787 outbuf[2] = s->qdev.default_scsi_version; 788 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 789 790 if (buflen > 36) { 791 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 792 } else { 793 /* If the allocation length of CDB is too small, 794 the additional length is not adjusted */ 795 outbuf[4] = 36 - 5; 796 } 797 798 /* Sync data transfer and TCQ. */ 799 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 800 return buflen; 801 } 802 803 static inline bool media_is_dvd(SCSIDiskState *s) 804 { 805 uint64_t nb_sectors; 806 if (s->qdev.type != TYPE_ROM) { 807 return false; 808 } 809 if (!blk_is_available(s->qdev.conf.blk)) { 810 return false; 811 } 812 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 813 return nb_sectors > CD_MAX_SECTORS; 814 } 815 816 static inline bool media_is_cd(SCSIDiskState *s) 817 { 818 uint64_t nb_sectors; 819 if (s->qdev.type != TYPE_ROM) { 820 return false; 821 } 822 if (!blk_is_available(s->qdev.conf.blk)) { 823 return false; 824 } 825 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 826 return nb_sectors <= CD_MAX_SECTORS; 827 } 828 829 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 830 uint8_t *outbuf) 831 { 832 uint8_t type = r->req.cmd.buf[1] & 7; 833 834 if (s->qdev.type != TYPE_ROM) { 835 return -1; 836 } 837 838 /* Types 1/2 are only defined for Blu-Ray. */ 839 if (type != 0) { 840 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 841 return -1; 842 } 843 844 memset(outbuf, 0, 34); 845 outbuf[1] = 32; 846 outbuf[2] = 0xe; /* last session complete, disc finalized */ 847 outbuf[3] = 1; /* first track on disc */ 848 outbuf[4] = 1; /* # of sessions */ 849 outbuf[5] = 1; /* first track of last session */ 850 outbuf[6] = 1; /* last track of last session */ 851 outbuf[7] = 0x20; /* unrestricted use */ 852 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 853 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 854 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 855 /* 24-31: disc bar code */ 856 /* 32: disc application code */ 857 /* 33: number of OPC tables */ 858 859 return 34; 860 } 861 862 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 863 uint8_t *outbuf) 864 { 865 static const int rds_caps_size[5] = { 866 [0] = 2048 + 4, 867 [1] = 4 + 4, 868 [3] = 188 + 4, 869 [4] = 2048 + 4, 870 }; 871 872 uint8_t media = r->req.cmd.buf[1]; 873 uint8_t layer = r->req.cmd.buf[6]; 874 uint8_t format = r->req.cmd.buf[7]; 875 int size = -1; 876 877 if (s->qdev.type != TYPE_ROM) { 878 return -1; 879 } 880 if (media != 0) { 881 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 882 return -1; 883 } 884 885 if (format != 0xff) { 886 if (!blk_is_available(s->qdev.conf.blk)) { 887 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 888 return -1; 889 } 890 if (media_is_cd(s)) { 891 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 892 return -1; 893 } 894 if (format >= ARRAY_SIZE(rds_caps_size)) { 895 return -1; 896 } 897 size = rds_caps_size[format]; 898 memset(outbuf, 0, size); 899 } 900 901 switch (format) { 902 case 0x00: { 903 /* Physical format information */ 904 uint64_t nb_sectors; 905 if (layer != 0) { 906 goto fail; 907 } 908 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 909 910 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 911 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 912 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 913 outbuf[7] = 0; /* default densities */ 914 915 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 916 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 917 break; 918 } 919 920 case 0x01: /* DVD copyright information, all zeros */ 921 break; 922 923 case 0x03: /* BCA information - invalid field for no BCA info */ 924 return -1; 925 926 case 0x04: /* DVD disc manufacturing information, all zeros */ 927 break; 928 929 case 0xff: { /* List capabilities */ 930 int i; 931 size = 4; 932 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 933 if (!rds_caps_size[i]) { 934 continue; 935 } 936 outbuf[size] = i; 937 outbuf[size + 1] = 0x40; /* Not writable, readable */ 938 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 939 size += 4; 940 } 941 break; 942 } 943 944 default: 945 return -1; 946 } 947 948 /* Size of buffer, not including 2 byte size field */ 949 stw_be_p(outbuf, size - 2); 950 return size; 951 952 fail: 953 return -1; 954 } 955 956 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 957 { 958 uint8_t event_code, media_status; 959 960 media_status = 0; 961 if (s->tray_open) { 962 media_status = MS_TRAY_OPEN; 963 } else if (blk_is_inserted(s->qdev.conf.blk)) { 964 media_status = MS_MEDIA_PRESENT; 965 } 966 967 /* Event notification descriptor */ 968 event_code = MEC_NO_CHANGE; 969 if (media_status != MS_TRAY_OPEN) { 970 if (s->media_event) { 971 event_code = MEC_NEW_MEDIA; 972 s->media_event = false; 973 } else if (s->eject_request) { 974 event_code = MEC_EJECT_REQUESTED; 975 s->eject_request = false; 976 } 977 } 978 979 outbuf[0] = event_code; 980 outbuf[1] = media_status; 981 982 /* These fields are reserved, just clear them. */ 983 outbuf[2] = 0; 984 outbuf[3] = 0; 985 return 4; 986 } 987 988 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 989 uint8_t *outbuf) 990 { 991 int size; 992 uint8_t *buf = r->req.cmd.buf; 993 uint8_t notification_class_request = buf[4]; 994 if (s->qdev.type != TYPE_ROM) { 995 return -1; 996 } 997 if ((buf[1] & 1) == 0) { 998 /* asynchronous */ 999 return -1; 1000 } 1001 1002 size = 4; 1003 outbuf[0] = outbuf[1] = 0; 1004 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1005 if (notification_class_request & (1 << GESN_MEDIA)) { 1006 outbuf[2] = GESN_MEDIA; 1007 size += scsi_event_status_media(s, &outbuf[size]); 1008 } else { 1009 outbuf[2] = 0x80; 1010 } 1011 stw_be_p(outbuf, size - 4); 1012 return size; 1013 } 1014 1015 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1016 { 1017 int current; 1018 1019 if (s->qdev.type != TYPE_ROM) { 1020 return -1; 1021 } 1022 1023 if (media_is_dvd(s)) { 1024 current = MMC_PROFILE_DVD_ROM; 1025 } else if (media_is_cd(s)) { 1026 current = MMC_PROFILE_CD_ROM; 1027 } else { 1028 current = MMC_PROFILE_NONE; 1029 } 1030 1031 memset(outbuf, 0, 40); 1032 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1033 stw_be_p(&outbuf[6], current); 1034 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1035 outbuf[10] = 0x03; /* persistent, current */ 1036 outbuf[11] = 8; /* two profiles */ 1037 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1038 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1039 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1040 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1041 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1042 stw_be_p(&outbuf[20], 1); 1043 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1044 outbuf[23] = 8; 1045 stl_be_p(&outbuf[24], 1); /* SCSI */ 1046 outbuf[28] = 1; /* DBE = 1, mandatory */ 1047 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1048 stw_be_p(&outbuf[32], 3); 1049 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1050 outbuf[35] = 4; 1051 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1052 /* TODO: Random readable, CD read, DVD read, drive serial number, 1053 power management */ 1054 return 40; 1055 } 1056 1057 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1058 { 1059 if (s->qdev.type != TYPE_ROM) { 1060 return -1; 1061 } 1062 memset(outbuf, 0, 8); 1063 outbuf[5] = 1; /* CD-ROM */ 1064 return 8; 1065 } 1066 1067 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1068 int page_control) 1069 { 1070 static const int mode_sense_valid[0x3f] = { 1071 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1072 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1073 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1074 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1075 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1076 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1077 }; 1078 1079 uint8_t *p = *p_outbuf + 2; 1080 int length; 1081 1082 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1083 return -1; 1084 } 1085 1086 /* 1087 * If Changeable Values are requested, a mask denoting those mode parameters 1088 * that are changeable shall be returned. As we currently don't support 1089 * parameter changes via MODE_SELECT all bits are returned set to zero. 1090 * The buffer was already menset to zero by the caller of this function. 1091 * 1092 * The offsets here are off by two compared to the descriptions in the 1093 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1094 * but it is done so that offsets are consistent within our implementation 1095 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1096 * 2-byte and 4-byte headers. 1097 */ 1098 switch (page) { 1099 case MODE_PAGE_HD_GEOMETRY: 1100 length = 0x16; 1101 if (page_control == 1) { /* Changeable Values */ 1102 break; 1103 } 1104 /* if a geometry hint is available, use it */ 1105 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1106 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1107 p[2] = s->qdev.conf.cyls & 0xff; 1108 p[3] = s->qdev.conf.heads & 0xff; 1109 /* Write precomp start cylinder, disabled */ 1110 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1111 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1112 p[6] = s->qdev.conf.cyls & 0xff; 1113 /* Reduced current start cylinder, disabled */ 1114 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1115 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1116 p[9] = s->qdev.conf.cyls & 0xff; 1117 /* Device step rate [ns], 200ns */ 1118 p[10] = 0; 1119 p[11] = 200; 1120 /* Landing zone cylinder */ 1121 p[12] = 0xff; 1122 p[13] = 0xff; 1123 p[14] = 0xff; 1124 /* Medium rotation rate [rpm], 5400 rpm */ 1125 p[18] = (5400 >> 8) & 0xff; 1126 p[19] = 5400 & 0xff; 1127 break; 1128 1129 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1130 length = 0x1e; 1131 if (page_control == 1) { /* Changeable Values */ 1132 break; 1133 } 1134 /* Transfer rate [kbit/s], 5Mbit/s */ 1135 p[0] = 5000 >> 8; 1136 p[1] = 5000 & 0xff; 1137 /* if a geometry hint is available, use it */ 1138 p[2] = s->qdev.conf.heads & 0xff; 1139 p[3] = s->qdev.conf.secs & 0xff; 1140 p[4] = s->qdev.blocksize >> 8; 1141 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1142 p[7] = s->qdev.conf.cyls & 0xff; 1143 /* Write precomp start cylinder, disabled */ 1144 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1145 p[9] = s->qdev.conf.cyls & 0xff; 1146 /* Reduced current start cylinder, disabled */ 1147 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1148 p[11] = s->qdev.conf.cyls & 0xff; 1149 /* Device step rate [100us], 100us */ 1150 p[12] = 0; 1151 p[13] = 1; 1152 /* Device step pulse width [us], 1us */ 1153 p[14] = 1; 1154 /* Device head settle delay [100us], 100us */ 1155 p[15] = 0; 1156 p[16] = 1; 1157 /* Motor on delay [0.1s], 0.1s */ 1158 p[17] = 1; 1159 /* Motor off delay [0.1s], 0.1s */ 1160 p[18] = 1; 1161 /* Medium rotation rate [rpm], 5400 rpm */ 1162 p[26] = (5400 >> 8) & 0xff; 1163 p[27] = 5400 & 0xff; 1164 break; 1165 1166 case MODE_PAGE_CACHING: 1167 length = 0x12; 1168 if (page_control == 1 || /* Changeable Values */ 1169 blk_enable_write_cache(s->qdev.conf.blk)) { 1170 p[0] = 4; /* WCE */ 1171 } 1172 break; 1173 1174 case MODE_PAGE_R_W_ERROR: 1175 length = 10; 1176 if (page_control == 1) { /* Changeable Values */ 1177 break; 1178 } 1179 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1180 if (s->qdev.type == TYPE_ROM) { 1181 p[1] = 0x20; /* Read Retry Count */ 1182 } 1183 break; 1184 1185 case MODE_PAGE_AUDIO_CTL: 1186 length = 14; 1187 break; 1188 1189 case MODE_PAGE_CAPABILITIES: 1190 length = 0x14; 1191 if (page_control == 1) { /* Changeable Values */ 1192 break; 1193 } 1194 1195 p[0] = 0x3b; /* CD-R & CD-RW read */ 1196 p[1] = 0; /* Writing not supported */ 1197 p[2] = 0x7f; /* Audio, composite, digital out, 1198 mode 2 form 1&2, multi session */ 1199 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1200 RW corrected, C2 errors, ISRC, 1201 UPC, Bar code */ 1202 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1203 /* Locking supported, jumper present, eject, tray */ 1204 p[5] = 0; /* no volume & mute control, no 1205 changer */ 1206 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1207 p[7] = (50 * 176) & 0xff; 1208 p[8] = 2 >> 8; /* Two volume levels */ 1209 p[9] = 2 & 0xff; 1210 p[10] = 2048 >> 8; /* 2M buffer */ 1211 p[11] = 2048 & 0xff; 1212 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1213 p[13] = (16 * 176) & 0xff; 1214 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1215 p[17] = (16 * 176) & 0xff; 1216 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1217 p[19] = (16 * 176) & 0xff; 1218 break; 1219 1220 default: 1221 return -1; 1222 } 1223 1224 assert(length < 256); 1225 (*p_outbuf)[0] = page; 1226 (*p_outbuf)[1] = length; 1227 *p_outbuf += length + 2; 1228 return length + 2; 1229 } 1230 1231 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1232 { 1233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1234 uint64_t nb_sectors; 1235 bool dbd; 1236 int page, buflen, ret, page_control; 1237 uint8_t *p; 1238 uint8_t dev_specific_param; 1239 1240 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1241 page = r->req.cmd.buf[2] & 0x3f; 1242 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1243 1244 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1245 10, page, r->req.cmd.xfer, page_control); 1246 memset(outbuf, 0, r->req.cmd.xfer); 1247 p = outbuf; 1248 1249 if (s->qdev.type == TYPE_DISK) { 1250 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1251 if (blk_is_read_only(s->qdev.conf.blk)) { 1252 dev_specific_param |= 0x80; /* Readonly. */ 1253 } 1254 } else { 1255 /* MMC prescribes that CD/DVD drives have no block descriptors, 1256 * and defines no device-specific parameter. */ 1257 dev_specific_param = 0x00; 1258 dbd = true; 1259 } 1260 1261 if (r->req.cmd.buf[0] == MODE_SENSE) { 1262 p[1] = 0; /* Default media type. */ 1263 p[2] = dev_specific_param; 1264 p[3] = 0; /* Block descriptor length. */ 1265 p += 4; 1266 } else { /* MODE_SENSE_10 */ 1267 p[2] = 0; /* Default media type. */ 1268 p[3] = dev_specific_param; 1269 p[6] = p[7] = 0; /* Block descriptor length. */ 1270 p += 8; 1271 } 1272 1273 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1274 if (!dbd && nb_sectors) { 1275 if (r->req.cmd.buf[0] == MODE_SENSE) { 1276 outbuf[3] = 8; /* Block descriptor length */ 1277 } else { /* MODE_SENSE_10 */ 1278 outbuf[7] = 8; /* Block descriptor length */ 1279 } 1280 nb_sectors /= (s->qdev.blocksize / 512); 1281 if (nb_sectors > 0xffffff) { 1282 nb_sectors = 0; 1283 } 1284 p[0] = 0; /* media density code */ 1285 p[1] = (nb_sectors >> 16) & 0xff; 1286 p[2] = (nb_sectors >> 8) & 0xff; 1287 p[3] = nb_sectors & 0xff; 1288 p[4] = 0; /* reserved */ 1289 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1290 p[6] = s->qdev.blocksize >> 8; 1291 p[7] = 0; 1292 p += 8; 1293 } 1294 1295 if (page_control == 3) { 1296 /* Saved Values */ 1297 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1298 return -1; 1299 } 1300 1301 if (page == 0x3f) { 1302 for (page = 0; page <= 0x3e; page++) { 1303 mode_sense_page(s, page, &p, page_control); 1304 } 1305 } else { 1306 ret = mode_sense_page(s, page, &p, page_control); 1307 if (ret == -1) { 1308 return -1; 1309 } 1310 } 1311 1312 buflen = p - outbuf; 1313 /* 1314 * The mode data length field specifies the length in bytes of the 1315 * following data that is available to be transferred. The mode data 1316 * length does not include itself. 1317 */ 1318 if (r->req.cmd.buf[0] == MODE_SENSE) { 1319 outbuf[0] = buflen - 1; 1320 } else { /* MODE_SENSE_10 */ 1321 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1322 outbuf[1] = (buflen - 2) & 0xff; 1323 } 1324 return buflen; 1325 } 1326 1327 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1328 { 1329 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1330 int start_track, format, msf, toclen; 1331 uint64_t nb_sectors; 1332 1333 msf = req->cmd.buf[1] & 2; 1334 format = req->cmd.buf[2] & 0xf; 1335 start_track = req->cmd.buf[6]; 1336 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1337 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1338 nb_sectors /= s->qdev.blocksize / 512; 1339 switch (format) { 1340 case 0: 1341 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1342 break; 1343 case 1: 1344 /* multi session : only a single session defined */ 1345 toclen = 12; 1346 memset(outbuf, 0, 12); 1347 outbuf[1] = 0x0a; 1348 outbuf[2] = 0x01; 1349 outbuf[3] = 0x01; 1350 break; 1351 case 2: 1352 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1353 break; 1354 default: 1355 return -1; 1356 } 1357 return toclen; 1358 } 1359 1360 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1361 { 1362 SCSIRequest *req = &r->req; 1363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1364 bool start = req->cmd.buf[4] & 1; 1365 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1366 int pwrcnd = req->cmd.buf[4] & 0xf0; 1367 1368 if (pwrcnd) { 1369 /* eject/load only happens for power condition == 0 */ 1370 return 0; 1371 } 1372 1373 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1374 if (!start && !s->tray_open && s->tray_locked) { 1375 scsi_check_condition(r, 1376 blk_is_inserted(s->qdev.conf.blk) 1377 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1378 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1379 return -1; 1380 } 1381 1382 if (s->tray_open != !start) { 1383 blk_eject(s->qdev.conf.blk, !start); 1384 s->tray_open = !start; 1385 } 1386 } 1387 return 0; 1388 } 1389 1390 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1391 { 1392 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1393 int buflen = r->iov.iov_len; 1394 1395 if (buflen) { 1396 trace_scsi_disk_emulate_read_data(buflen); 1397 r->iov.iov_len = 0; 1398 r->started = true; 1399 scsi_req_data(&r->req, buflen); 1400 return; 1401 } 1402 1403 /* This also clears the sense buffer for REQUEST SENSE. */ 1404 scsi_req_complete(&r->req, GOOD); 1405 } 1406 1407 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1408 uint8_t *inbuf, int inlen) 1409 { 1410 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1411 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1412 uint8_t *p; 1413 int len, expected_len, changeable_len, i; 1414 1415 /* The input buffer does not include the page header, so it is 1416 * off by 2 bytes. 1417 */ 1418 expected_len = inlen + 2; 1419 if (expected_len > SCSI_MAX_MODE_LEN) { 1420 return -1; 1421 } 1422 1423 p = mode_current; 1424 memset(mode_current, 0, inlen + 2); 1425 len = mode_sense_page(s, page, &p, 0); 1426 if (len < 0 || len != expected_len) { 1427 return -1; 1428 } 1429 1430 p = mode_changeable; 1431 memset(mode_changeable, 0, inlen + 2); 1432 changeable_len = mode_sense_page(s, page, &p, 1); 1433 assert(changeable_len == len); 1434 1435 /* Check that unchangeable bits are the same as what MODE SENSE 1436 * would return. 1437 */ 1438 for (i = 2; i < len; i++) { 1439 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1440 return -1; 1441 } 1442 } 1443 return 0; 1444 } 1445 1446 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1447 { 1448 switch (page) { 1449 case MODE_PAGE_CACHING: 1450 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1451 break; 1452 1453 default: 1454 break; 1455 } 1456 } 1457 1458 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1459 { 1460 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1461 1462 while (len > 0) { 1463 int page, subpage, page_len; 1464 1465 /* Parse both possible formats for the mode page headers. */ 1466 page = p[0] & 0x3f; 1467 if (p[0] & 0x40) { 1468 if (len < 4) { 1469 goto invalid_param_len; 1470 } 1471 subpage = p[1]; 1472 page_len = lduw_be_p(&p[2]); 1473 p += 4; 1474 len -= 4; 1475 } else { 1476 if (len < 2) { 1477 goto invalid_param_len; 1478 } 1479 subpage = 0; 1480 page_len = p[1]; 1481 p += 2; 1482 len -= 2; 1483 } 1484 1485 if (subpage) { 1486 goto invalid_param; 1487 } 1488 if (page_len > len) { 1489 goto invalid_param_len; 1490 } 1491 1492 if (!change) { 1493 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1494 goto invalid_param; 1495 } 1496 } else { 1497 scsi_disk_apply_mode_select(s, page, p); 1498 } 1499 1500 p += page_len; 1501 len -= page_len; 1502 } 1503 return 0; 1504 1505 invalid_param: 1506 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1507 return -1; 1508 1509 invalid_param_len: 1510 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1511 return -1; 1512 } 1513 1514 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1515 { 1516 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1517 uint8_t *p = inbuf; 1518 int cmd = r->req.cmd.buf[0]; 1519 int len = r->req.cmd.xfer; 1520 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1521 int bd_len; 1522 int pass; 1523 1524 /* We only support PF=1, SP=0. */ 1525 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1526 goto invalid_field; 1527 } 1528 1529 if (len < hdr_len) { 1530 goto invalid_param_len; 1531 } 1532 1533 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1534 len -= hdr_len; 1535 p += hdr_len; 1536 if (len < bd_len) { 1537 goto invalid_param_len; 1538 } 1539 if (bd_len != 0 && bd_len != 8) { 1540 goto invalid_param; 1541 } 1542 1543 len -= bd_len; 1544 p += bd_len; 1545 1546 /* Ensure no change is made if there is an error! */ 1547 for (pass = 0; pass < 2; pass++) { 1548 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1549 assert(pass == 0); 1550 return; 1551 } 1552 } 1553 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1554 /* The request is used as the AIO opaque value, so add a ref. */ 1555 scsi_req_ref(&r->req); 1556 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1557 BLOCK_ACCT_FLUSH); 1558 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1559 return; 1560 } 1561 1562 scsi_req_complete(&r->req, GOOD); 1563 return; 1564 1565 invalid_param: 1566 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1567 return; 1568 1569 invalid_param_len: 1570 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1571 return; 1572 1573 invalid_field: 1574 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1575 } 1576 1577 static inline bool check_lba_range(SCSIDiskState *s, 1578 uint64_t sector_num, uint32_t nb_sectors) 1579 { 1580 /* 1581 * The first line tests that no overflow happens when computing the last 1582 * sector. The second line tests that the last accessed sector is in 1583 * range. 1584 * 1585 * Careful, the computations should not underflow for nb_sectors == 0, 1586 * and a 0-block read to the first LBA beyond the end of device is 1587 * valid. 1588 */ 1589 return (sector_num <= sector_num + nb_sectors && 1590 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1591 } 1592 1593 typedef struct UnmapCBData { 1594 SCSIDiskReq *r; 1595 uint8_t *inbuf; 1596 int count; 1597 } UnmapCBData; 1598 1599 static void scsi_unmap_complete(void *opaque, int ret); 1600 1601 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1602 { 1603 SCSIDiskReq *r = data->r; 1604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1605 uint64_t sector_num; 1606 uint32_t nb_sectors; 1607 1608 assert(r->req.aiocb == NULL); 1609 if (scsi_disk_req_check_error(r, ret, false)) { 1610 goto done; 1611 } 1612 1613 if (data->count > 0) { 1614 sector_num = ldq_be_p(&data->inbuf[0]); 1615 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1616 if (!check_lba_range(s, sector_num, nb_sectors)) { 1617 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1618 goto done; 1619 } 1620 1621 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1622 sector_num * s->qdev.blocksize, 1623 nb_sectors * s->qdev.blocksize, 1624 scsi_unmap_complete, data); 1625 data->count--; 1626 data->inbuf += 16; 1627 return; 1628 } 1629 1630 scsi_req_complete(&r->req, GOOD); 1631 1632 done: 1633 scsi_req_unref(&r->req); 1634 g_free(data); 1635 } 1636 1637 static void scsi_unmap_complete(void *opaque, int ret) 1638 { 1639 UnmapCBData *data = opaque; 1640 SCSIDiskReq *r = data->r; 1641 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1642 1643 assert(r->req.aiocb != NULL); 1644 r->req.aiocb = NULL; 1645 1646 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1647 scsi_unmap_complete_noio(data, ret); 1648 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1649 } 1650 1651 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1652 { 1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1654 uint8_t *p = inbuf; 1655 int len = r->req.cmd.xfer; 1656 UnmapCBData *data; 1657 1658 /* Reject ANCHOR=1. */ 1659 if (r->req.cmd.buf[1] & 0x1) { 1660 goto invalid_field; 1661 } 1662 1663 if (len < 8) { 1664 goto invalid_param_len; 1665 } 1666 if (len < lduw_be_p(&p[0]) + 2) { 1667 goto invalid_param_len; 1668 } 1669 if (len < lduw_be_p(&p[2]) + 8) { 1670 goto invalid_param_len; 1671 } 1672 if (lduw_be_p(&p[2]) & 15) { 1673 goto invalid_param_len; 1674 } 1675 1676 if (blk_is_read_only(s->qdev.conf.blk)) { 1677 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1678 return; 1679 } 1680 1681 data = g_new0(UnmapCBData, 1); 1682 data->r = r; 1683 data->inbuf = &p[8]; 1684 data->count = lduw_be_p(&p[2]) >> 4; 1685 1686 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1687 scsi_req_ref(&r->req); 1688 scsi_unmap_complete_noio(data, 0); 1689 return; 1690 1691 invalid_param_len: 1692 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1693 return; 1694 1695 invalid_field: 1696 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1697 } 1698 1699 typedef struct WriteSameCBData { 1700 SCSIDiskReq *r; 1701 int64_t sector; 1702 int nb_sectors; 1703 QEMUIOVector qiov; 1704 struct iovec iov; 1705 } WriteSameCBData; 1706 1707 static void scsi_write_same_complete(void *opaque, int ret) 1708 { 1709 WriteSameCBData *data = opaque; 1710 SCSIDiskReq *r = data->r; 1711 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1712 1713 assert(r->req.aiocb != NULL); 1714 r->req.aiocb = NULL; 1715 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1716 if (scsi_disk_req_check_error(r, ret, true)) { 1717 goto done; 1718 } 1719 1720 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1721 1722 data->nb_sectors -= data->iov.iov_len / 512; 1723 data->sector += data->iov.iov_len / 512; 1724 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1725 if (data->iov.iov_len) { 1726 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1727 data->iov.iov_len, BLOCK_ACCT_WRITE); 1728 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1729 * where final qiov may need smaller size */ 1730 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1731 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1732 data->sector << BDRV_SECTOR_BITS, 1733 &data->qiov, 0, 1734 scsi_write_same_complete, data); 1735 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1736 return; 1737 } 1738 1739 scsi_req_complete(&r->req, GOOD); 1740 1741 done: 1742 scsi_req_unref(&r->req); 1743 qemu_vfree(data->iov.iov_base); 1744 g_free(data); 1745 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1746 } 1747 1748 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1749 { 1750 SCSIRequest *req = &r->req; 1751 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1752 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1753 WriteSameCBData *data; 1754 uint8_t *buf; 1755 int i; 1756 1757 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1758 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1759 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1760 return; 1761 } 1762 1763 if (blk_is_read_only(s->qdev.conf.blk)) { 1764 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1765 return; 1766 } 1767 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1768 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1769 return; 1770 } 1771 1772 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1773 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1774 1775 /* The request is used as the AIO opaque value, so add a ref. */ 1776 scsi_req_ref(&r->req); 1777 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1778 nb_sectors * s->qdev.blocksize, 1779 BLOCK_ACCT_WRITE); 1780 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1781 r->req.cmd.lba * s->qdev.blocksize, 1782 nb_sectors * s->qdev.blocksize, 1783 flags, scsi_aio_complete, r); 1784 return; 1785 } 1786 1787 data = g_new0(WriteSameCBData, 1); 1788 data->r = r; 1789 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1790 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1791 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1792 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1793 data->iov.iov_len); 1794 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1795 1796 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1797 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1798 } 1799 1800 scsi_req_ref(&r->req); 1801 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1802 data->iov.iov_len, BLOCK_ACCT_WRITE); 1803 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1804 data->sector << BDRV_SECTOR_BITS, 1805 &data->qiov, 0, 1806 scsi_write_same_complete, data); 1807 } 1808 1809 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1810 { 1811 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1812 1813 if (r->iov.iov_len) { 1814 int buflen = r->iov.iov_len; 1815 trace_scsi_disk_emulate_write_data(buflen); 1816 r->iov.iov_len = 0; 1817 scsi_req_data(&r->req, buflen); 1818 return; 1819 } 1820 1821 switch (req->cmd.buf[0]) { 1822 case MODE_SELECT: 1823 case MODE_SELECT_10: 1824 /* This also clears the sense buffer for REQUEST SENSE. */ 1825 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1826 break; 1827 1828 case UNMAP: 1829 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1830 break; 1831 1832 case VERIFY_10: 1833 case VERIFY_12: 1834 case VERIFY_16: 1835 if (r->req.status == -1) { 1836 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1837 } 1838 break; 1839 1840 case WRITE_SAME_10: 1841 case WRITE_SAME_16: 1842 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1843 break; 1844 1845 default: 1846 abort(); 1847 } 1848 } 1849 1850 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1851 { 1852 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1854 uint64_t nb_sectors; 1855 uint8_t *outbuf; 1856 int buflen; 1857 1858 switch (req->cmd.buf[0]) { 1859 case INQUIRY: 1860 case MODE_SENSE: 1861 case MODE_SENSE_10: 1862 case RESERVE: 1863 case RESERVE_10: 1864 case RELEASE: 1865 case RELEASE_10: 1866 case START_STOP: 1867 case ALLOW_MEDIUM_REMOVAL: 1868 case GET_CONFIGURATION: 1869 case GET_EVENT_STATUS_NOTIFICATION: 1870 case MECHANISM_STATUS: 1871 case REQUEST_SENSE: 1872 break; 1873 1874 default: 1875 if (!blk_is_available(s->qdev.conf.blk)) { 1876 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1877 return 0; 1878 } 1879 break; 1880 } 1881 1882 /* 1883 * FIXME: we shouldn't return anything bigger than 4k, but the code 1884 * requires the buffer to be as big as req->cmd.xfer in several 1885 * places. So, do not allow CDBs with a very large ALLOCATION 1886 * LENGTH. The real fix would be to modify scsi_read_data and 1887 * dma_buf_read, so that they return data beyond the buflen 1888 * as all zeros. 1889 */ 1890 if (req->cmd.xfer > 65536) { 1891 goto illegal_request; 1892 } 1893 r->buflen = MAX(4096, req->cmd.xfer); 1894 1895 if (!r->iov.iov_base) { 1896 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1897 } 1898 1899 buflen = req->cmd.xfer; 1900 outbuf = r->iov.iov_base; 1901 memset(outbuf, 0, r->buflen); 1902 switch (req->cmd.buf[0]) { 1903 case TEST_UNIT_READY: 1904 assert(blk_is_available(s->qdev.conf.blk)); 1905 break; 1906 case INQUIRY: 1907 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1908 if (buflen < 0) { 1909 goto illegal_request; 1910 } 1911 break; 1912 case MODE_SENSE: 1913 case MODE_SENSE_10: 1914 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1915 if (buflen < 0) { 1916 goto illegal_request; 1917 } 1918 break; 1919 case READ_TOC: 1920 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1921 if (buflen < 0) { 1922 goto illegal_request; 1923 } 1924 break; 1925 case RESERVE: 1926 if (req->cmd.buf[1] & 1) { 1927 goto illegal_request; 1928 } 1929 break; 1930 case RESERVE_10: 1931 if (req->cmd.buf[1] & 3) { 1932 goto illegal_request; 1933 } 1934 break; 1935 case RELEASE: 1936 if (req->cmd.buf[1] & 1) { 1937 goto illegal_request; 1938 } 1939 break; 1940 case RELEASE_10: 1941 if (req->cmd.buf[1] & 3) { 1942 goto illegal_request; 1943 } 1944 break; 1945 case START_STOP: 1946 if (scsi_disk_emulate_start_stop(r) < 0) { 1947 return 0; 1948 } 1949 break; 1950 case ALLOW_MEDIUM_REMOVAL: 1951 s->tray_locked = req->cmd.buf[4] & 1; 1952 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1953 break; 1954 case READ_CAPACITY_10: 1955 /* The normal LEN field for this command is zero. */ 1956 memset(outbuf, 0, 8); 1957 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1958 if (!nb_sectors) { 1959 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1960 return 0; 1961 } 1962 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1963 goto illegal_request; 1964 } 1965 nb_sectors /= s->qdev.blocksize / 512; 1966 /* Returned value is the address of the last sector. */ 1967 nb_sectors--; 1968 /* Remember the new size for read/write sanity checking. */ 1969 s->qdev.max_lba = nb_sectors; 1970 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1971 if (nb_sectors > UINT32_MAX) { 1972 nb_sectors = UINT32_MAX; 1973 } 1974 outbuf[0] = (nb_sectors >> 24) & 0xff; 1975 outbuf[1] = (nb_sectors >> 16) & 0xff; 1976 outbuf[2] = (nb_sectors >> 8) & 0xff; 1977 outbuf[3] = nb_sectors & 0xff; 1978 outbuf[4] = 0; 1979 outbuf[5] = 0; 1980 outbuf[6] = s->qdev.blocksize >> 8; 1981 outbuf[7] = 0; 1982 break; 1983 case REQUEST_SENSE: 1984 /* Just return "NO SENSE". */ 1985 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 1986 (req->cmd.buf[1] & 1) == 0); 1987 if (buflen < 0) { 1988 goto illegal_request; 1989 } 1990 break; 1991 case MECHANISM_STATUS: 1992 buflen = scsi_emulate_mechanism_status(s, outbuf); 1993 if (buflen < 0) { 1994 goto illegal_request; 1995 } 1996 break; 1997 case GET_CONFIGURATION: 1998 buflen = scsi_get_configuration(s, outbuf); 1999 if (buflen < 0) { 2000 goto illegal_request; 2001 } 2002 break; 2003 case GET_EVENT_STATUS_NOTIFICATION: 2004 buflen = scsi_get_event_status_notification(s, r, outbuf); 2005 if (buflen < 0) { 2006 goto illegal_request; 2007 } 2008 break; 2009 case READ_DISC_INFORMATION: 2010 buflen = scsi_read_disc_information(s, r, outbuf); 2011 if (buflen < 0) { 2012 goto illegal_request; 2013 } 2014 break; 2015 case READ_DVD_STRUCTURE: 2016 buflen = scsi_read_dvd_structure(s, r, outbuf); 2017 if (buflen < 0) { 2018 goto illegal_request; 2019 } 2020 break; 2021 case SERVICE_ACTION_IN_16: 2022 /* Service Action In subcommands. */ 2023 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2024 trace_scsi_disk_emulate_command_SAI_16(); 2025 memset(outbuf, 0, req->cmd.xfer); 2026 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2027 if (!nb_sectors) { 2028 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2029 return 0; 2030 } 2031 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2032 goto illegal_request; 2033 } 2034 nb_sectors /= s->qdev.blocksize / 512; 2035 /* Returned value is the address of the last sector. */ 2036 nb_sectors--; 2037 /* Remember the new size for read/write sanity checking. */ 2038 s->qdev.max_lba = nb_sectors; 2039 outbuf[0] = (nb_sectors >> 56) & 0xff; 2040 outbuf[1] = (nb_sectors >> 48) & 0xff; 2041 outbuf[2] = (nb_sectors >> 40) & 0xff; 2042 outbuf[3] = (nb_sectors >> 32) & 0xff; 2043 outbuf[4] = (nb_sectors >> 24) & 0xff; 2044 outbuf[5] = (nb_sectors >> 16) & 0xff; 2045 outbuf[6] = (nb_sectors >> 8) & 0xff; 2046 outbuf[7] = nb_sectors & 0xff; 2047 outbuf[8] = 0; 2048 outbuf[9] = 0; 2049 outbuf[10] = s->qdev.blocksize >> 8; 2050 outbuf[11] = 0; 2051 outbuf[12] = 0; 2052 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2053 2054 /* set TPE bit if the format supports discard */ 2055 if (s->qdev.conf.discard_granularity) { 2056 outbuf[14] = 0x80; 2057 } 2058 2059 /* Protection, exponent and lowest lba field left blank. */ 2060 break; 2061 } 2062 trace_scsi_disk_emulate_command_SAI_unsupported(); 2063 goto illegal_request; 2064 case SYNCHRONIZE_CACHE: 2065 /* The request is used as the AIO opaque value, so add a ref. */ 2066 scsi_req_ref(&r->req); 2067 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2068 BLOCK_ACCT_FLUSH); 2069 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2070 return 0; 2071 case SEEK_10: 2072 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2073 if (r->req.cmd.lba > s->qdev.max_lba) { 2074 goto illegal_lba; 2075 } 2076 break; 2077 case MODE_SELECT: 2078 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2079 break; 2080 case MODE_SELECT_10: 2081 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2082 break; 2083 case UNMAP: 2084 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2085 break; 2086 case VERIFY_10: 2087 case VERIFY_12: 2088 case VERIFY_16: 2089 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2090 if (req->cmd.buf[1] & 6) { 2091 goto illegal_request; 2092 } 2093 break; 2094 case WRITE_SAME_10: 2095 case WRITE_SAME_16: 2096 trace_scsi_disk_emulate_command_WRITE_SAME( 2097 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2098 break; 2099 default: 2100 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2101 scsi_command_name(buf[0])); 2102 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2103 return 0; 2104 } 2105 assert(!r->req.aiocb); 2106 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2107 if (r->iov.iov_len == 0) { 2108 scsi_req_complete(&r->req, GOOD); 2109 } 2110 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2111 assert(r->iov.iov_len == req->cmd.xfer); 2112 return -r->iov.iov_len; 2113 } else { 2114 return r->iov.iov_len; 2115 } 2116 2117 illegal_request: 2118 if (r->req.status == -1) { 2119 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2120 } 2121 return 0; 2122 2123 illegal_lba: 2124 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2125 return 0; 2126 } 2127 2128 /* Execute a scsi command. Returns the length of the data expected by the 2129 command. This will be Positive for data transfers from the device 2130 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2131 and zero if the command does not transfer any data. */ 2132 2133 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2134 { 2135 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2136 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2137 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2138 uint32_t len; 2139 uint8_t command; 2140 2141 command = buf[0]; 2142 2143 if (!blk_is_available(s->qdev.conf.blk)) { 2144 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2145 return 0; 2146 } 2147 2148 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2149 switch (command) { 2150 case READ_6: 2151 case READ_10: 2152 case READ_12: 2153 case READ_16: 2154 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2155 /* Protection information is not supported. For SCSI versions 2 and 2156 * older (as determined by snooping the guest's INQUIRY commands), 2157 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2158 */ 2159 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2160 goto illegal_request; 2161 } 2162 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2163 goto illegal_lba; 2164 } 2165 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2166 r->sector_count = len * (s->qdev.blocksize / 512); 2167 break; 2168 case WRITE_6: 2169 case WRITE_10: 2170 case WRITE_12: 2171 case WRITE_16: 2172 case WRITE_VERIFY_10: 2173 case WRITE_VERIFY_12: 2174 case WRITE_VERIFY_16: 2175 if (blk_is_read_only(s->qdev.conf.blk)) { 2176 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2177 return 0; 2178 } 2179 trace_scsi_disk_dma_command_WRITE( 2180 (command & 0xe) == 0xe ? "And Verify " : "", 2181 r->req.cmd.lba, len); 2182 /* fall through */ 2183 case VERIFY_10: 2184 case VERIFY_12: 2185 case VERIFY_16: 2186 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2187 * As far as DMA is concerned, we can treat it the same as a write; 2188 * scsi_block_do_sgio will send VERIFY commands. 2189 */ 2190 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2191 goto illegal_request; 2192 } 2193 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2194 goto illegal_lba; 2195 } 2196 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2197 r->sector_count = len * (s->qdev.blocksize / 512); 2198 break; 2199 default: 2200 abort(); 2201 illegal_request: 2202 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2203 return 0; 2204 illegal_lba: 2205 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2206 return 0; 2207 } 2208 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2209 if (r->sector_count == 0) { 2210 scsi_req_complete(&r->req, GOOD); 2211 } 2212 assert(r->iov.iov_len == 0); 2213 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2214 return -r->sector_count * 512; 2215 } else { 2216 return r->sector_count * 512; 2217 } 2218 } 2219 2220 static void scsi_disk_reset(DeviceState *dev) 2221 { 2222 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2223 uint64_t nb_sectors; 2224 2225 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2226 2227 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2228 nb_sectors /= s->qdev.blocksize / 512; 2229 if (nb_sectors) { 2230 nb_sectors--; 2231 } 2232 s->qdev.max_lba = nb_sectors; 2233 /* reset tray statuses */ 2234 s->tray_locked = 0; 2235 s->tray_open = 0; 2236 2237 s->qdev.scsi_version = s->qdev.default_scsi_version; 2238 } 2239 2240 static void scsi_disk_resize_cb(void *opaque) 2241 { 2242 SCSIDiskState *s = opaque; 2243 2244 /* SPC lists this sense code as available only for 2245 * direct-access devices. 2246 */ 2247 if (s->qdev.type == TYPE_DISK) { 2248 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2249 } 2250 } 2251 2252 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2253 { 2254 SCSIDiskState *s = opaque; 2255 2256 /* 2257 * When a CD gets changed, we have to report an ejected state and 2258 * then a loaded state to guests so that they detect tray 2259 * open/close and media change events. Guests that do not use 2260 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2261 * states rely on this behavior. 2262 * 2263 * media_changed governs the state machine used for unit attention 2264 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2265 */ 2266 s->media_changed = load; 2267 s->tray_open = !load; 2268 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2269 s->media_event = true; 2270 s->eject_request = false; 2271 } 2272 2273 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2274 { 2275 SCSIDiskState *s = opaque; 2276 2277 s->eject_request = true; 2278 if (force) { 2279 s->tray_locked = false; 2280 } 2281 } 2282 2283 static bool scsi_cd_is_tray_open(void *opaque) 2284 { 2285 return ((SCSIDiskState *)opaque)->tray_open; 2286 } 2287 2288 static bool scsi_cd_is_medium_locked(void *opaque) 2289 { 2290 return ((SCSIDiskState *)opaque)->tray_locked; 2291 } 2292 2293 static const BlockDevOps scsi_disk_removable_block_ops = { 2294 .change_media_cb = scsi_cd_change_media_cb, 2295 .eject_request_cb = scsi_cd_eject_request_cb, 2296 .is_tray_open = scsi_cd_is_tray_open, 2297 .is_medium_locked = scsi_cd_is_medium_locked, 2298 2299 .resize_cb = scsi_disk_resize_cb, 2300 }; 2301 2302 static const BlockDevOps scsi_disk_block_ops = { 2303 .resize_cb = scsi_disk_resize_cb, 2304 }; 2305 2306 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2307 { 2308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2309 if (s->media_changed) { 2310 s->media_changed = false; 2311 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2312 } 2313 } 2314 2315 static void scsi_realize(SCSIDevice *dev, Error **errp) 2316 { 2317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2318 2319 if (!s->qdev.conf.blk) { 2320 error_setg(errp, "drive property not set"); 2321 return; 2322 } 2323 2324 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2325 !blk_is_inserted(s->qdev.conf.blk)) { 2326 error_setg(errp, "Device needs media, but drive is empty"); 2327 return; 2328 } 2329 2330 blkconf_blocksizes(&s->qdev.conf); 2331 2332 if (s->qdev.conf.logical_block_size > 2333 s->qdev.conf.physical_block_size) { 2334 error_setg(errp, 2335 "logical_block_size > physical_block_size not supported"); 2336 return; 2337 } 2338 2339 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2340 !s->qdev.hba_supports_iothread) 2341 { 2342 error_setg(errp, "HBA does not support iothreads"); 2343 return; 2344 } 2345 2346 if (dev->type == TYPE_DISK) { 2347 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2348 return; 2349 } 2350 } 2351 if (!blkconf_apply_backend_options(&dev->conf, 2352 blk_is_read_only(s->qdev.conf.blk), 2353 dev->type == TYPE_DISK, errp)) { 2354 return; 2355 } 2356 2357 if (s->qdev.conf.discard_granularity == -1) { 2358 s->qdev.conf.discard_granularity = 2359 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2360 } 2361 2362 if (!s->version) { 2363 s->version = g_strdup(qemu_hw_version()); 2364 } 2365 if (!s->vendor) { 2366 s->vendor = g_strdup("QEMU"); 2367 } 2368 if (!s->device_id) { 2369 if (s->serial) { 2370 s->device_id = g_strdup_printf("%.20s", s->serial); 2371 } else { 2372 const char *str = blk_name(s->qdev.conf.blk); 2373 if (str && *str) { 2374 s->device_id = g_strdup(str); 2375 } 2376 } 2377 } 2378 2379 if (blk_is_sg(s->qdev.conf.blk)) { 2380 error_setg(errp, "unwanted /dev/sg*"); 2381 return; 2382 } 2383 2384 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2385 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2386 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2387 } else { 2388 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2389 } 2390 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2391 2392 blk_iostatus_enable(s->qdev.conf.blk); 2393 } 2394 2395 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2396 { 2397 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2398 AioContext *ctx = NULL; 2399 /* can happen for devices without drive. The error message for missing 2400 * backend will be issued in scsi_realize 2401 */ 2402 if (s->qdev.conf.blk) { 2403 ctx = blk_get_aio_context(s->qdev.conf.blk); 2404 aio_context_acquire(ctx); 2405 blkconf_blocksizes(&s->qdev.conf); 2406 } 2407 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2408 s->qdev.type = TYPE_DISK; 2409 if (!s->product) { 2410 s->product = g_strdup("QEMU HARDDISK"); 2411 } 2412 scsi_realize(&s->qdev, errp); 2413 if (ctx) { 2414 aio_context_release(ctx); 2415 } 2416 } 2417 2418 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2419 { 2420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2421 AioContext *ctx; 2422 int ret; 2423 2424 if (!dev->conf.blk) { 2425 /* Anonymous BlockBackend for an empty drive. As we put it into 2426 * dev->conf, qdev takes care of detaching on unplug. */ 2427 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2428 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2429 assert(ret == 0); 2430 } 2431 2432 ctx = blk_get_aio_context(dev->conf.blk); 2433 aio_context_acquire(ctx); 2434 s->qdev.blocksize = 2048; 2435 s->qdev.type = TYPE_ROM; 2436 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2437 if (!s->product) { 2438 s->product = g_strdup("QEMU CD-ROM"); 2439 } 2440 scsi_realize(&s->qdev, errp); 2441 aio_context_release(ctx); 2442 } 2443 2444 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2445 { 2446 DriveInfo *dinfo; 2447 Error *local_err = NULL; 2448 2449 if (!dev->conf.blk) { 2450 scsi_realize(dev, &local_err); 2451 assert(local_err); 2452 error_propagate(errp, local_err); 2453 return; 2454 } 2455 2456 dinfo = blk_legacy_dinfo(dev->conf.blk); 2457 if (dinfo && dinfo->media_cd) { 2458 scsi_cd_realize(dev, errp); 2459 } else { 2460 scsi_hd_realize(dev, errp); 2461 } 2462 } 2463 2464 static const SCSIReqOps scsi_disk_emulate_reqops = { 2465 .size = sizeof(SCSIDiskReq), 2466 .free_req = scsi_free_request, 2467 .send_command = scsi_disk_emulate_command, 2468 .read_data = scsi_disk_emulate_read_data, 2469 .write_data = scsi_disk_emulate_write_data, 2470 .get_buf = scsi_get_buf, 2471 }; 2472 2473 static const SCSIReqOps scsi_disk_dma_reqops = { 2474 .size = sizeof(SCSIDiskReq), 2475 .free_req = scsi_free_request, 2476 .send_command = scsi_disk_dma_command, 2477 .read_data = scsi_read_data, 2478 .write_data = scsi_write_data, 2479 .get_buf = scsi_get_buf, 2480 .load_request = scsi_disk_load_request, 2481 .save_request = scsi_disk_save_request, 2482 }; 2483 2484 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2485 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2486 [INQUIRY] = &scsi_disk_emulate_reqops, 2487 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2488 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2489 [START_STOP] = &scsi_disk_emulate_reqops, 2490 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2491 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2492 [READ_TOC] = &scsi_disk_emulate_reqops, 2493 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2494 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2495 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2496 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2497 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2498 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2499 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2500 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2501 [SEEK_10] = &scsi_disk_emulate_reqops, 2502 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2503 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2504 [UNMAP] = &scsi_disk_emulate_reqops, 2505 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2506 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2507 [VERIFY_10] = &scsi_disk_emulate_reqops, 2508 [VERIFY_12] = &scsi_disk_emulate_reqops, 2509 [VERIFY_16] = &scsi_disk_emulate_reqops, 2510 2511 [READ_6] = &scsi_disk_dma_reqops, 2512 [READ_10] = &scsi_disk_dma_reqops, 2513 [READ_12] = &scsi_disk_dma_reqops, 2514 [READ_16] = &scsi_disk_dma_reqops, 2515 [WRITE_6] = &scsi_disk_dma_reqops, 2516 [WRITE_10] = &scsi_disk_dma_reqops, 2517 [WRITE_12] = &scsi_disk_dma_reqops, 2518 [WRITE_16] = &scsi_disk_dma_reqops, 2519 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2520 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2521 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2522 }; 2523 2524 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2525 { 2526 int i; 2527 int len = scsi_cdb_length(buf); 2528 char *line_buffer, *p; 2529 2530 line_buffer = g_malloc(len * 5 + 1); 2531 2532 for (i = 0, p = line_buffer; i < len; i++) { 2533 p += sprintf(p, " 0x%02x", buf[i]); 2534 } 2535 trace_scsi_disk_new_request(lun, tag, line_buffer); 2536 2537 g_free(line_buffer); 2538 } 2539 2540 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2541 uint8_t *buf, void *hba_private) 2542 { 2543 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2544 SCSIRequest *req; 2545 const SCSIReqOps *ops; 2546 uint8_t command; 2547 2548 command = buf[0]; 2549 ops = scsi_disk_reqops_dispatch[command]; 2550 if (!ops) { 2551 ops = &scsi_disk_emulate_reqops; 2552 } 2553 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2554 2555 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2556 scsi_disk_new_request_dump(lun, tag, buf); 2557 } 2558 2559 return req; 2560 } 2561 2562 #ifdef __linux__ 2563 static int get_device_type(SCSIDiskState *s) 2564 { 2565 uint8_t cmd[16]; 2566 uint8_t buf[36]; 2567 int ret; 2568 2569 memset(cmd, 0, sizeof(cmd)); 2570 memset(buf, 0, sizeof(buf)); 2571 cmd[0] = INQUIRY; 2572 cmd[4] = sizeof(buf); 2573 2574 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2575 buf, sizeof(buf)); 2576 if (ret < 0) { 2577 return -1; 2578 } 2579 s->qdev.type = buf[0]; 2580 if (buf[1] & 0x80) { 2581 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2582 } 2583 return 0; 2584 } 2585 2586 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2587 { 2588 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2589 AioContext *ctx; 2590 int sg_version; 2591 int rc; 2592 2593 if (!s->qdev.conf.blk) { 2594 error_setg(errp, "drive property not set"); 2595 return; 2596 } 2597 2598 if (s->rotation_rate) { 2599 error_report_once("rotation_rate is specified for scsi-block but is " 2600 "not implemented. This option is deprecated and will " 2601 "be removed in a future version"); 2602 } 2603 2604 ctx = blk_get_aio_context(s->qdev.conf.blk); 2605 aio_context_acquire(ctx); 2606 2607 /* check we are using a driver managing SG_IO (version 3 and after) */ 2608 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2609 if (rc < 0) { 2610 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2611 if (rc != -EPERM) { 2612 error_append_hint(errp, "Is this a SCSI device?\n"); 2613 } 2614 goto out; 2615 } 2616 if (sg_version < 30000) { 2617 error_setg(errp, "scsi generic interface too old"); 2618 goto out; 2619 } 2620 2621 /* get device type from INQUIRY data */ 2622 rc = get_device_type(s); 2623 if (rc < 0) { 2624 error_setg(errp, "INQUIRY failed"); 2625 goto out; 2626 } 2627 2628 /* Make a guess for the block size, we'll fix it when the guest sends. 2629 * READ CAPACITY. If they don't, they likely would assume these sizes 2630 * anyway. (TODO: check in /sys). 2631 */ 2632 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2633 s->qdev.blocksize = 2048; 2634 } else { 2635 s->qdev.blocksize = 512; 2636 } 2637 2638 /* Makes the scsi-block device not removable by using HMP and QMP eject 2639 * command. 2640 */ 2641 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2642 2643 scsi_realize(&s->qdev, errp); 2644 scsi_generic_read_device_inquiry(&s->qdev); 2645 2646 out: 2647 aio_context_release(ctx); 2648 } 2649 2650 typedef struct SCSIBlockReq { 2651 SCSIDiskReq req; 2652 sg_io_hdr_t io_header; 2653 2654 /* Selected bytes of the original CDB, copied into our own CDB. */ 2655 uint8_t cmd, cdb1, group_number; 2656 2657 /* CDB passed to SG_IO. */ 2658 uint8_t cdb[16]; 2659 } SCSIBlockReq; 2660 2661 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2662 int64_t offset, QEMUIOVector *iov, 2663 int direction, 2664 BlockCompletionFunc *cb, void *opaque) 2665 { 2666 sg_io_hdr_t *io_header = &req->io_header; 2667 SCSIDiskReq *r = &req->req; 2668 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2669 int nb_logical_blocks; 2670 uint64_t lba; 2671 BlockAIOCB *aiocb; 2672 2673 /* This is not supported yet. It can only happen if the guest does 2674 * reads and writes that are not aligned to one logical sectors 2675 * _and_ cover multiple MemoryRegions. 2676 */ 2677 assert(offset % s->qdev.blocksize == 0); 2678 assert(iov->size % s->qdev.blocksize == 0); 2679 2680 io_header->interface_id = 'S'; 2681 2682 /* The data transfer comes from the QEMUIOVector. */ 2683 io_header->dxfer_direction = direction; 2684 io_header->dxfer_len = iov->size; 2685 io_header->dxferp = (void *)iov->iov; 2686 io_header->iovec_count = iov->niov; 2687 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2688 2689 /* Build a new CDB with the LBA and length patched in, in case 2690 * DMA helpers split the transfer in multiple segments. Do not 2691 * build a CDB smaller than what the guest wanted, and only build 2692 * a larger one if strictly necessary. 2693 */ 2694 io_header->cmdp = req->cdb; 2695 lba = offset / s->qdev.blocksize; 2696 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2697 2698 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2699 /* 6-byte CDB */ 2700 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2701 req->cdb[4] = nb_logical_blocks; 2702 req->cdb[5] = 0; 2703 io_header->cmd_len = 6; 2704 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2705 /* 10-byte CDB */ 2706 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2707 req->cdb[1] = req->cdb1; 2708 stl_be_p(&req->cdb[2], lba); 2709 req->cdb[6] = req->group_number; 2710 stw_be_p(&req->cdb[7], nb_logical_blocks); 2711 req->cdb[9] = 0; 2712 io_header->cmd_len = 10; 2713 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2714 /* 12-byte CDB */ 2715 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2716 req->cdb[1] = req->cdb1; 2717 stl_be_p(&req->cdb[2], lba); 2718 stl_be_p(&req->cdb[6], nb_logical_blocks); 2719 req->cdb[10] = req->group_number; 2720 req->cdb[11] = 0; 2721 io_header->cmd_len = 12; 2722 } else { 2723 /* 16-byte CDB */ 2724 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2725 req->cdb[1] = req->cdb1; 2726 stq_be_p(&req->cdb[2], lba); 2727 stl_be_p(&req->cdb[10], nb_logical_blocks); 2728 req->cdb[14] = req->group_number; 2729 req->cdb[15] = 0; 2730 io_header->cmd_len = 16; 2731 } 2732 2733 /* The rest is as in scsi-generic.c. */ 2734 io_header->mx_sb_len = sizeof(r->req.sense); 2735 io_header->sbp = r->req.sense; 2736 io_header->timeout = UINT_MAX; 2737 io_header->usr_ptr = r; 2738 io_header->flags |= SG_FLAG_DIRECT_IO; 2739 2740 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque); 2741 assert(aiocb != NULL); 2742 return aiocb; 2743 } 2744 2745 static bool scsi_block_no_fua(SCSICommand *cmd) 2746 { 2747 return false; 2748 } 2749 2750 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2751 QEMUIOVector *iov, 2752 BlockCompletionFunc *cb, void *cb_opaque, 2753 void *opaque) 2754 { 2755 SCSIBlockReq *r = opaque; 2756 return scsi_block_do_sgio(r, offset, iov, 2757 SG_DXFER_FROM_DEV, cb, cb_opaque); 2758 } 2759 2760 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2761 QEMUIOVector *iov, 2762 BlockCompletionFunc *cb, void *cb_opaque, 2763 void *opaque) 2764 { 2765 SCSIBlockReq *r = opaque; 2766 return scsi_block_do_sgio(r, offset, iov, 2767 SG_DXFER_TO_DEV, cb, cb_opaque); 2768 } 2769 2770 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2771 { 2772 switch (buf[0]) { 2773 case VERIFY_10: 2774 case VERIFY_12: 2775 case VERIFY_16: 2776 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2777 * for the number of logical blocks specified in the length 2778 * field). For other modes, do not use scatter/gather operation. 2779 */ 2780 if ((buf[1] & 6) == 2) { 2781 return false; 2782 } 2783 break; 2784 2785 case READ_6: 2786 case READ_10: 2787 case READ_12: 2788 case READ_16: 2789 case WRITE_6: 2790 case WRITE_10: 2791 case WRITE_12: 2792 case WRITE_16: 2793 case WRITE_VERIFY_10: 2794 case WRITE_VERIFY_12: 2795 case WRITE_VERIFY_16: 2796 /* MMC writing cannot be done via DMA helpers, because it sometimes 2797 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2798 * We might use scsi_block_dma_reqops as long as no writing commands are 2799 * seen, but performance usually isn't paramount on optical media. So, 2800 * just make scsi-block operate the same as scsi-generic for them. 2801 */ 2802 if (s->qdev.type != TYPE_ROM) { 2803 return false; 2804 } 2805 break; 2806 2807 default: 2808 break; 2809 } 2810 2811 return true; 2812 } 2813 2814 2815 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2816 { 2817 SCSIBlockReq *r = (SCSIBlockReq *)req; 2818 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2819 2820 r->cmd = req->cmd.buf[0]; 2821 switch (r->cmd >> 5) { 2822 case 0: 2823 /* 6-byte CDB. */ 2824 r->cdb1 = r->group_number = 0; 2825 break; 2826 case 1: 2827 /* 10-byte CDB. */ 2828 r->cdb1 = req->cmd.buf[1]; 2829 r->group_number = req->cmd.buf[6]; 2830 break; 2831 case 4: 2832 /* 12-byte CDB. */ 2833 r->cdb1 = req->cmd.buf[1]; 2834 r->group_number = req->cmd.buf[10]; 2835 break; 2836 case 5: 2837 /* 16-byte CDB. */ 2838 r->cdb1 = req->cmd.buf[1]; 2839 r->group_number = req->cmd.buf[14]; 2840 break; 2841 default: 2842 abort(); 2843 } 2844 2845 /* Protection information is not supported. For SCSI versions 2 and 2846 * older (as determined by snooping the guest's INQUIRY commands), 2847 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2848 */ 2849 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 2850 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 2851 return 0; 2852 } 2853 2854 r->req.status = &r->io_header.status; 2855 return scsi_disk_dma_command(req, buf); 2856 } 2857 2858 static const SCSIReqOps scsi_block_dma_reqops = { 2859 .size = sizeof(SCSIBlockReq), 2860 .free_req = scsi_free_request, 2861 .send_command = scsi_block_dma_command, 2862 .read_data = scsi_read_data, 2863 .write_data = scsi_write_data, 2864 .get_buf = scsi_get_buf, 2865 .load_request = scsi_disk_load_request, 2866 .save_request = scsi_disk_save_request, 2867 }; 2868 2869 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2870 uint32_t lun, uint8_t *buf, 2871 void *hba_private) 2872 { 2873 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2874 2875 if (scsi_block_is_passthrough(s, buf)) { 2876 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2877 hba_private); 2878 } else { 2879 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 2880 hba_private); 2881 } 2882 } 2883 2884 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2885 uint8_t *buf, void *hba_private) 2886 { 2887 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2888 2889 if (scsi_block_is_passthrough(s, buf)) { 2890 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2891 } else { 2892 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2893 } 2894 } 2895 2896 #endif 2897 2898 static 2899 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 2900 BlockCompletionFunc *cb, void *cb_opaque, 2901 void *opaque) 2902 { 2903 SCSIDiskReq *r = opaque; 2904 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2905 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2906 } 2907 2908 static 2909 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 2910 BlockCompletionFunc *cb, void *cb_opaque, 2911 void *opaque) 2912 { 2913 SCSIDiskReq *r = opaque; 2914 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2915 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2916 } 2917 2918 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 2919 { 2920 DeviceClass *dc = DEVICE_CLASS(klass); 2921 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 2922 2923 dc->fw_name = "disk"; 2924 dc->reset = scsi_disk_reset; 2925 sdc->dma_readv = scsi_dma_readv; 2926 sdc->dma_writev = scsi_dma_writev; 2927 sdc->need_fua_emulation = scsi_is_cmd_fua; 2928 } 2929 2930 static const TypeInfo scsi_disk_base_info = { 2931 .name = TYPE_SCSI_DISK_BASE, 2932 .parent = TYPE_SCSI_DEVICE, 2933 .class_init = scsi_disk_base_class_initfn, 2934 .instance_size = sizeof(SCSIDiskState), 2935 .class_size = sizeof(SCSIDiskClass), 2936 .abstract = true, 2937 }; 2938 2939 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2940 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 2941 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 2942 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 2943 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2944 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2945 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2946 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 2947 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 2948 2949 2950 static Property scsi_hd_properties[] = { 2951 DEFINE_SCSI_DISK_PROPERTIES(), 2952 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2953 SCSI_DISK_F_REMOVABLE, false), 2954 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2955 SCSI_DISK_F_DPOFUA, false), 2956 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2957 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2958 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2959 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2960 DEFAULT_MAX_UNMAP_SIZE), 2961 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2962 DEFAULT_MAX_IO_SIZE), 2963 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 2964 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 2965 5), 2966 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2967 DEFINE_PROP_END_OF_LIST(), 2968 }; 2969 2970 static const VMStateDescription vmstate_scsi_disk_state = { 2971 .name = "scsi-disk", 2972 .version_id = 1, 2973 .minimum_version_id = 1, 2974 .fields = (VMStateField[]) { 2975 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2976 VMSTATE_BOOL(media_changed, SCSIDiskState), 2977 VMSTATE_BOOL(media_event, SCSIDiskState), 2978 VMSTATE_BOOL(eject_request, SCSIDiskState), 2979 VMSTATE_BOOL(tray_open, SCSIDiskState), 2980 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2981 VMSTATE_END_OF_LIST() 2982 } 2983 }; 2984 2985 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2986 { 2987 DeviceClass *dc = DEVICE_CLASS(klass); 2988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2989 2990 sc->realize = scsi_hd_realize; 2991 sc->alloc_req = scsi_new_request; 2992 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2993 dc->desc = "virtual SCSI disk"; 2994 dc->props = scsi_hd_properties; 2995 dc->vmsd = &vmstate_scsi_disk_state; 2996 } 2997 2998 static const TypeInfo scsi_hd_info = { 2999 .name = "scsi-hd", 3000 .parent = TYPE_SCSI_DISK_BASE, 3001 .class_init = scsi_hd_class_initfn, 3002 }; 3003 3004 static Property scsi_cd_properties[] = { 3005 DEFINE_SCSI_DISK_PROPERTIES(), 3006 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3007 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3008 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3009 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3010 DEFAULT_MAX_IO_SIZE), 3011 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3012 5), 3013 DEFINE_PROP_END_OF_LIST(), 3014 }; 3015 3016 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3017 { 3018 DeviceClass *dc = DEVICE_CLASS(klass); 3019 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3020 3021 sc->realize = scsi_cd_realize; 3022 sc->alloc_req = scsi_new_request; 3023 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3024 dc->desc = "virtual SCSI CD-ROM"; 3025 dc->props = scsi_cd_properties; 3026 dc->vmsd = &vmstate_scsi_disk_state; 3027 } 3028 3029 static const TypeInfo scsi_cd_info = { 3030 .name = "scsi-cd", 3031 .parent = TYPE_SCSI_DISK_BASE, 3032 .class_init = scsi_cd_class_initfn, 3033 }; 3034 3035 #ifdef __linux__ 3036 static Property scsi_block_properties[] = { 3037 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3038 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3039 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3040 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3041 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3042 DEFAULT_MAX_UNMAP_SIZE), 3043 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3044 DEFAULT_MAX_IO_SIZE), 3045 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3046 -1), 3047 DEFINE_PROP_END_OF_LIST(), 3048 }; 3049 3050 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3051 { 3052 DeviceClass *dc = DEVICE_CLASS(klass); 3053 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3054 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3055 3056 sc->realize = scsi_block_realize; 3057 sc->alloc_req = scsi_block_new_request; 3058 sc->parse_cdb = scsi_block_parse_cdb; 3059 sdc->dma_readv = scsi_block_dma_readv; 3060 sdc->dma_writev = scsi_block_dma_writev; 3061 sdc->need_fua_emulation = scsi_block_no_fua; 3062 dc->desc = "SCSI block device passthrough"; 3063 dc->props = scsi_block_properties; 3064 dc->vmsd = &vmstate_scsi_disk_state; 3065 } 3066 3067 static const TypeInfo scsi_block_info = { 3068 .name = "scsi-block", 3069 .parent = TYPE_SCSI_DISK_BASE, 3070 .class_init = scsi_block_class_initfn, 3071 }; 3072 #endif 3073 3074 static Property scsi_disk_properties[] = { 3075 DEFINE_SCSI_DISK_PROPERTIES(), 3076 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3077 SCSI_DISK_F_REMOVABLE, false), 3078 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3079 SCSI_DISK_F_DPOFUA, false), 3080 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3081 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3082 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3083 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3084 DEFAULT_MAX_UNMAP_SIZE), 3085 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3086 DEFAULT_MAX_IO_SIZE), 3087 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3088 5), 3089 DEFINE_PROP_END_OF_LIST(), 3090 }; 3091 3092 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 3093 { 3094 DeviceClass *dc = DEVICE_CLASS(klass); 3095 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3096 3097 sc->realize = scsi_disk_realize; 3098 sc->alloc_req = scsi_new_request; 3099 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3100 dc->fw_name = "disk"; 3101 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 3102 dc->reset = scsi_disk_reset; 3103 dc->props = scsi_disk_properties; 3104 dc->vmsd = &vmstate_scsi_disk_state; 3105 } 3106 3107 static const TypeInfo scsi_disk_info = { 3108 .name = "scsi-disk", 3109 .parent = TYPE_SCSI_DISK_BASE, 3110 .class_init = scsi_disk_class_initfn, 3111 }; 3112 3113 static void scsi_disk_register_types(void) 3114 { 3115 type_register_static(&scsi_disk_base_info); 3116 type_register_static(&scsi_hd_info); 3117 type_register_static(&scsi_cd_info); 3118 #ifdef __linux__ 3119 type_register_static(&scsi_block_info); 3120 #endif 3121 type_register_static(&scsi_disk_info); 3122 } 3123 3124 type_init(scsi_disk_register_types) 3125