1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/block-backend.h" 37 #include "sysemu/blockdev.h" 38 #include "hw/block/block.h" 39 #include "sysemu/dma.h" 40 41 #ifdef __linux 42 #include <scsi/sg.h> 43 #endif 44 45 #define SCSI_WRITE_SAME_MAX 524288 46 #define SCSI_DMA_BUF_SIZE 131072 47 #define SCSI_MAX_INQUIRY_LEN 256 48 #define SCSI_MAX_MODE_LEN 256 49 50 #define DEFAULT_DISCARD_GRANULARITY 4096 51 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 52 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 53 54 typedef struct SCSIDiskState SCSIDiskState; 55 56 typedef struct SCSIDiskReq { 57 SCSIRequest req; 58 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 59 uint64_t sector; 60 uint32_t sector_count; 61 uint32_t buflen; 62 bool started; 63 struct iovec iov; 64 QEMUIOVector qiov; 65 BlockAcctCookie acct; 66 } SCSIDiskReq; 67 68 #define SCSI_DISK_F_REMOVABLE 0 69 #define SCSI_DISK_F_DPOFUA 1 70 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 71 72 struct SCSIDiskState 73 { 74 SCSIDevice qdev; 75 uint32_t features; 76 bool media_changed; 77 bool media_event; 78 bool eject_request; 79 uint64_t wwn; 80 uint64_t port_wwn; 81 uint16_t port_index; 82 uint64_t max_unmap_size; 83 uint64_t max_io_size; 84 QEMUBH *bh; 85 char *version; 86 char *serial; 87 char *vendor; 88 char *product; 89 bool tray_open; 90 bool tray_locked; 91 }; 92 93 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 94 95 static void scsi_free_request(SCSIRequest *req) 96 { 97 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 98 99 qemu_vfree(r->iov.iov_base); 100 } 101 102 /* Helper function for command completion with sense. */ 103 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 104 { 105 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 106 r->req.tag, sense.key, sense.asc, sense.ascq); 107 scsi_req_build_sense(&r->req, sense); 108 scsi_req_complete(&r->req, CHECK_CONDITION); 109 } 110 111 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 112 { 113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 114 115 if (!r->iov.iov_base) { 116 r->buflen = size; 117 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 118 } 119 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 120 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 121 return r->qiov.size / 512; 122 } 123 124 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 125 { 126 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 127 128 qemu_put_be64s(f, &r->sector); 129 qemu_put_be32s(f, &r->sector_count); 130 qemu_put_be32s(f, &r->buflen); 131 if (r->buflen) { 132 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 133 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 134 } else if (!req->retry) { 135 uint32_t len = r->iov.iov_len; 136 qemu_put_be32s(f, &len); 137 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 138 } 139 } 140 } 141 142 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 143 { 144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 145 146 qemu_get_be64s(f, &r->sector); 147 qemu_get_be32s(f, &r->sector_count); 148 qemu_get_be32s(f, &r->buflen); 149 if (r->buflen) { 150 scsi_init_iovec(r, r->buflen); 151 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 152 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 153 } else if (!r->req.retry) { 154 uint32_t len; 155 qemu_get_be32s(f, &len); 156 r->iov.iov_len = len; 157 assert(r->iov.iov_len <= r->buflen); 158 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 159 } 160 } 161 162 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 163 } 164 165 static void scsi_aio_complete(void *opaque, int ret) 166 { 167 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 168 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 169 170 assert(r->req.aiocb != NULL); 171 r->req.aiocb = NULL; 172 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 173 if (r->req.io_canceled) { 174 scsi_req_cancel_complete(&r->req); 175 goto done; 176 } 177 178 if (ret < 0) { 179 if (scsi_handle_rw_error(r, -ret)) { 180 goto done; 181 } 182 } 183 184 scsi_req_complete(&r->req, GOOD); 185 186 done: 187 scsi_req_unref(&r->req); 188 } 189 190 static bool scsi_is_cmd_fua(SCSICommand *cmd) 191 { 192 switch (cmd->buf[0]) { 193 case READ_10: 194 case READ_12: 195 case READ_16: 196 case WRITE_10: 197 case WRITE_12: 198 case WRITE_16: 199 return (cmd->buf[1] & 8) != 0; 200 201 case VERIFY_10: 202 case VERIFY_12: 203 case VERIFY_16: 204 case WRITE_VERIFY_10: 205 case WRITE_VERIFY_12: 206 case WRITE_VERIFY_16: 207 return true; 208 209 case READ_6: 210 case WRITE_6: 211 default: 212 return false; 213 } 214 } 215 216 static void scsi_write_do_fua(SCSIDiskReq *r) 217 { 218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 219 220 assert(r->req.aiocb == NULL); 221 222 if (r->req.io_canceled) { 223 scsi_req_cancel_complete(&r->req); 224 goto done; 225 } 226 227 if (scsi_is_cmd_fua(&r->req.cmd)) { 228 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 229 BLOCK_ACCT_FLUSH); 230 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 231 return; 232 } 233 234 scsi_req_complete(&r->req, GOOD); 235 236 done: 237 scsi_req_unref(&r->req); 238 } 239 240 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 241 { 242 assert(r->req.aiocb == NULL); 243 244 if (r->req.io_canceled) { 245 scsi_req_cancel_complete(&r->req); 246 goto done; 247 } 248 249 if (ret < 0) { 250 if (scsi_handle_rw_error(r, -ret)) { 251 goto done; 252 } 253 } 254 255 r->sector += r->sector_count; 256 r->sector_count = 0; 257 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 258 scsi_write_do_fua(r); 259 return; 260 } else { 261 scsi_req_complete(&r->req, GOOD); 262 } 263 264 done: 265 scsi_req_unref(&r->req); 266 } 267 268 static void scsi_dma_complete(void *opaque, int ret) 269 { 270 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 271 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 272 273 assert(r->req.aiocb != NULL); 274 r->req.aiocb = NULL; 275 276 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 277 scsi_dma_complete_noio(r, ret); 278 } 279 280 static void scsi_read_complete(void * opaque, int ret) 281 { 282 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 284 int n; 285 286 assert(r->req.aiocb != NULL); 287 r->req.aiocb = NULL; 288 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 289 if (r->req.io_canceled) { 290 scsi_req_cancel_complete(&r->req); 291 goto done; 292 } 293 294 if (ret < 0) { 295 if (scsi_handle_rw_error(r, -ret)) { 296 goto done; 297 } 298 } 299 300 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 301 302 n = r->qiov.size / 512; 303 r->sector += n; 304 r->sector_count -= n; 305 scsi_req_data(&r->req, r->qiov.size); 306 307 done: 308 scsi_req_unref(&r->req); 309 } 310 311 /* Actually issue a read to the block device. */ 312 static void scsi_do_read(SCSIDiskReq *r, int ret) 313 { 314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 315 uint32_t n; 316 317 assert (r->req.aiocb == NULL); 318 319 if (r->req.io_canceled) { 320 scsi_req_cancel_complete(&r->req); 321 goto done; 322 } 323 324 if (ret < 0) { 325 if (scsi_handle_rw_error(r, -ret)) { 326 goto done; 327 } 328 } 329 330 /* The request is used as the AIO opaque value, so add a ref. */ 331 scsi_req_ref(&r->req); 332 333 if (r->req.sg) { 334 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 335 r->req.resid -= r->req.sg->size; 336 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector, 337 scsi_dma_complete, r); 338 } else { 339 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 340 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 341 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 342 r->req.aiocb = blk_aio_readv(s->qdev.conf.blk, r->sector, &r->qiov, n, 343 scsi_read_complete, r); 344 } 345 346 done: 347 scsi_req_unref(&r->req); 348 } 349 350 static void scsi_do_read_cb(void *opaque, int ret) 351 { 352 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 353 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 354 355 assert (r->req.aiocb != NULL); 356 r->req.aiocb = NULL; 357 358 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 359 scsi_do_read(opaque, ret); 360 } 361 362 /* Read more data from scsi device into buffer. */ 363 static void scsi_read_data(SCSIRequest *req) 364 { 365 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 366 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 367 bool first; 368 369 DPRINTF("Read sector_count=%d\n", r->sector_count); 370 if (r->sector_count == 0) { 371 /* This also clears the sense buffer for REQUEST SENSE. */ 372 scsi_req_complete(&r->req, GOOD); 373 return; 374 } 375 376 /* No data transfer may already be in progress */ 377 assert(r->req.aiocb == NULL); 378 379 /* The request is used as the AIO opaque value, so add a ref. */ 380 scsi_req_ref(&r->req); 381 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 382 DPRINTF("Data transfer direction invalid\n"); 383 scsi_read_complete(r, -EINVAL); 384 return; 385 } 386 387 if (s->tray_open) { 388 scsi_read_complete(r, -ENOMEDIUM); 389 return; 390 } 391 392 first = !r->started; 393 r->started = true; 394 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 395 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 396 BLOCK_ACCT_FLUSH); 397 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 398 } else { 399 scsi_do_read(r, 0); 400 } 401 } 402 403 /* 404 * scsi_handle_rw_error has two return values. 0 means that the error 405 * must be ignored, 1 means that the error has been processed and the 406 * caller should not do anything else for this request. Note that 407 * scsi_handle_rw_error always manages its reference counts, independent 408 * of the return value. 409 */ 410 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 411 { 412 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 414 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 415 is_read, error); 416 417 if (action == BLOCK_ERROR_ACTION_REPORT) { 418 switch (error) { 419 case ENOMEDIUM: 420 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 421 break; 422 case ENOMEM: 423 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 424 break; 425 case EINVAL: 426 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 427 break; 428 case ENOSPC: 429 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 430 break; 431 default: 432 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 433 break; 434 } 435 } 436 blk_error_action(s->qdev.conf.blk, action, is_read, error); 437 if (action == BLOCK_ERROR_ACTION_STOP) { 438 scsi_req_retry(&r->req); 439 } 440 return action != BLOCK_ERROR_ACTION_IGNORE; 441 } 442 443 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 444 { 445 uint32_t n; 446 447 assert (r->req.aiocb == NULL); 448 449 if (r->req.io_canceled) { 450 scsi_req_cancel_complete(&r->req); 451 goto done; 452 } 453 454 if (ret < 0) { 455 if (scsi_handle_rw_error(r, -ret)) { 456 goto done; 457 } 458 } 459 460 n = r->qiov.size / 512; 461 r->sector += n; 462 r->sector_count -= n; 463 if (r->sector_count == 0) { 464 scsi_write_do_fua(r); 465 return; 466 } else { 467 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 468 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 469 scsi_req_data(&r->req, r->qiov.size); 470 } 471 472 done: 473 scsi_req_unref(&r->req); 474 } 475 476 static void scsi_write_complete(void * opaque, int ret) 477 { 478 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 479 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 480 481 assert (r->req.aiocb != NULL); 482 r->req.aiocb = NULL; 483 484 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 485 scsi_write_complete_noio(r, ret); 486 } 487 488 static void scsi_write_data(SCSIRequest *req) 489 { 490 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 491 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 492 uint32_t n; 493 494 /* No data transfer may already be in progress */ 495 assert(r->req.aiocb == NULL); 496 497 /* The request is used as the AIO opaque value, so add a ref. */ 498 scsi_req_ref(&r->req); 499 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 500 DPRINTF("Data transfer direction invalid\n"); 501 scsi_write_complete_noio(r, -EINVAL); 502 return; 503 } 504 505 if (!r->req.sg && !r->qiov.size) { 506 /* Called for the first time. Ask the driver to send us more data. */ 507 r->started = true; 508 scsi_write_complete_noio(r, 0); 509 return; 510 } 511 if (s->tray_open) { 512 scsi_write_complete_noio(r, -ENOMEDIUM); 513 return; 514 } 515 516 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 517 r->req.cmd.buf[0] == VERIFY_16) { 518 if (r->req.sg) { 519 scsi_dma_complete_noio(r, 0); 520 } else { 521 scsi_write_complete_noio(r, 0); 522 } 523 return; 524 } 525 526 if (r->req.sg) { 527 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 528 r->req.resid -= r->req.sg->size; 529 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector, 530 scsi_dma_complete, r); 531 } else { 532 n = r->qiov.size / 512; 533 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 534 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 535 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, r->sector, &r->qiov, n, 536 scsi_write_complete, r); 537 } 538 } 539 540 /* Return a pointer to the data buffer. */ 541 static uint8_t *scsi_get_buf(SCSIRequest *req) 542 { 543 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 544 545 return (uint8_t *)r->iov.iov_base; 546 } 547 548 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 549 { 550 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 551 int buflen = 0; 552 int start; 553 554 if (req->cmd.buf[1] & 0x1) { 555 /* Vital product data */ 556 uint8_t page_code = req->cmd.buf[2]; 557 558 outbuf[buflen++] = s->qdev.type & 0x1f; 559 outbuf[buflen++] = page_code ; // this page 560 outbuf[buflen++] = 0x00; 561 outbuf[buflen++] = 0x00; 562 start = buflen; 563 564 switch (page_code) { 565 case 0x00: /* Supported page codes, mandatory */ 566 { 567 DPRINTF("Inquiry EVPD[Supported pages] " 568 "buffer size %zd\n", req->cmd.xfer); 569 outbuf[buflen++] = 0x00; // list of supported pages (this page) 570 if (s->serial) { 571 outbuf[buflen++] = 0x80; // unit serial number 572 } 573 outbuf[buflen++] = 0x83; // device identification 574 if (s->qdev.type == TYPE_DISK) { 575 outbuf[buflen++] = 0xb0; // block limits 576 outbuf[buflen++] = 0xb2; // thin provisioning 577 } 578 break; 579 } 580 case 0x80: /* Device serial number, optional */ 581 { 582 int l; 583 584 if (!s->serial) { 585 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 586 return -1; 587 } 588 589 l = strlen(s->serial); 590 if (l > 20) { 591 l = 20; 592 } 593 594 DPRINTF("Inquiry EVPD[Serial number] " 595 "buffer size %zd\n", req->cmd.xfer); 596 memcpy(outbuf+buflen, s->serial, l); 597 buflen += l; 598 break; 599 } 600 601 case 0x83: /* Device identification page, mandatory */ 602 { 603 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 604 int max_len = s->serial ? 20 : 255 - 8; 605 int id_len = strlen(str); 606 607 if (id_len > max_len) { 608 id_len = max_len; 609 } 610 DPRINTF("Inquiry EVPD[Device identification] " 611 "buffer size %zd\n", req->cmd.xfer); 612 613 outbuf[buflen++] = 0x2; // ASCII 614 outbuf[buflen++] = 0; // not officially assigned 615 outbuf[buflen++] = 0; // reserved 616 outbuf[buflen++] = id_len; // length of data following 617 memcpy(outbuf+buflen, str, id_len); 618 buflen += id_len; 619 620 if (s->wwn) { 621 outbuf[buflen++] = 0x1; // Binary 622 outbuf[buflen++] = 0x3; // NAA 623 outbuf[buflen++] = 0; // reserved 624 outbuf[buflen++] = 8; 625 stq_be_p(&outbuf[buflen], s->wwn); 626 buflen += 8; 627 } 628 629 if (s->port_wwn) { 630 outbuf[buflen++] = 0x61; // SAS / Binary 631 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 632 outbuf[buflen++] = 0; // reserved 633 outbuf[buflen++] = 8; 634 stq_be_p(&outbuf[buflen], s->port_wwn); 635 buflen += 8; 636 } 637 638 if (s->port_index) { 639 outbuf[buflen++] = 0x61; // SAS / Binary 640 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 641 outbuf[buflen++] = 0; // reserved 642 outbuf[buflen++] = 4; 643 stw_be_p(&outbuf[buflen + 2], s->port_index); 644 buflen += 4; 645 } 646 break; 647 } 648 case 0xb0: /* block limits */ 649 { 650 unsigned int unmap_sectors = 651 s->qdev.conf.discard_granularity / s->qdev.blocksize; 652 unsigned int min_io_size = 653 s->qdev.conf.min_io_size / s->qdev.blocksize; 654 unsigned int opt_io_size = 655 s->qdev.conf.opt_io_size / s->qdev.blocksize; 656 unsigned int max_unmap_sectors = 657 s->max_unmap_size / s->qdev.blocksize; 658 unsigned int max_io_sectors = 659 s->max_io_size / s->qdev.blocksize; 660 661 if (s->qdev.type == TYPE_ROM) { 662 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 663 page_code); 664 return -1; 665 } 666 /* required VPD size with unmap support */ 667 buflen = 0x40; 668 memset(outbuf + 4, 0, buflen - 4); 669 670 outbuf[4] = 0x1; /* wsnz */ 671 672 /* optimal transfer length granularity */ 673 outbuf[6] = (min_io_size >> 8) & 0xff; 674 outbuf[7] = min_io_size & 0xff; 675 676 /* maximum transfer length */ 677 outbuf[8] = (max_io_sectors >> 24) & 0xff; 678 outbuf[9] = (max_io_sectors >> 16) & 0xff; 679 outbuf[10] = (max_io_sectors >> 8) & 0xff; 680 outbuf[11] = max_io_sectors & 0xff; 681 682 /* optimal transfer length */ 683 outbuf[12] = (opt_io_size >> 24) & 0xff; 684 outbuf[13] = (opt_io_size >> 16) & 0xff; 685 outbuf[14] = (opt_io_size >> 8) & 0xff; 686 outbuf[15] = opt_io_size & 0xff; 687 688 /* max unmap LBA count, default is 1GB */ 689 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 690 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 691 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 692 outbuf[23] = max_unmap_sectors & 0xff; 693 694 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 695 outbuf[24] = 0; 696 outbuf[25] = 0; 697 outbuf[26] = 0; 698 outbuf[27] = 255; 699 700 /* optimal unmap granularity */ 701 outbuf[28] = (unmap_sectors >> 24) & 0xff; 702 outbuf[29] = (unmap_sectors >> 16) & 0xff; 703 outbuf[30] = (unmap_sectors >> 8) & 0xff; 704 outbuf[31] = unmap_sectors & 0xff; 705 706 /* max write same size */ 707 outbuf[36] = 0; 708 outbuf[37] = 0; 709 outbuf[38] = 0; 710 outbuf[39] = 0; 711 712 outbuf[40] = (max_io_sectors >> 24) & 0xff; 713 outbuf[41] = (max_io_sectors >> 16) & 0xff; 714 outbuf[42] = (max_io_sectors >> 8) & 0xff; 715 outbuf[43] = max_io_sectors & 0xff; 716 break; 717 } 718 case 0xb2: /* thin provisioning */ 719 { 720 buflen = 8; 721 outbuf[4] = 0; 722 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 723 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 724 outbuf[7] = 0; 725 break; 726 } 727 default: 728 return -1; 729 } 730 /* done with EVPD */ 731 assert(buflen - start <= 255); 732 outbuf[start - 1] = buflen - start; 733 return buflen; 734 } 735 736 /* Standard INQUIRY data */ 737 if (req->cmd.buf[2] != 0) { 738 return -1; 739 } 740 741 /* PAGE CODE == 0 */ 742 buflen = req->cmd.xfer; 743 if (buflen > SCSI_MAX_INQUIRY_LEN) { 744 buflen = SCSI_MAX_INQUIRY_LEN; 745 } 746 747 outbuf[0] = s->qdev.type & 0x1f; 748 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 749 750 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 751 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 752 753 memset(&outbuf[32], 0, 4); 754 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 755 /* 756 * We claim conformance to SPC-3, which is required for guests 757 * to ask for modern features like READ CAPACITY(16) or the 758 * block characteristics VPD page by default. Not all of SPC-3 759 * is actually implemented, but we're good enough. 760 */ 761 outbuf[2] = 5; 762 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 763 764 if (buflen > 36) { 765 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 766 } else { 767 /* If the allocation length of CDB is too small, 768 the additional length is not adjusted */ 769 outbuf[4] = 36 - 5; 770 } 771 772 /* Sync data transfer and TCQ. */ 773 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 774 return buflen; 775 } 776 777 static inline bool media_is_dvd(SCSIDiskState *s) 778 { 779 uint64_t nb_sectors; 780 if (s->qdev.type != TYPE_ROM) { 781 return false; 782 } 783 if (!blk_is_inserted(s->qdev.conf.blk)) { 784 return false; 785 } 786 if (s->tray_open) { 787 return false; 788 } 789 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 790 return nb_sectors > CD_MAX_SECTORS; 791 } 792 793 static inline bool media_is_cd(SCSIDiskState *s) 794 { 795 uint64_t nb_sectors; 796 if (s->qdev.type != TYPE_ROM) { 797 return false; 798 } 799 if (!blk_is_inserted(s->qdev.conf.blk)) { 800 return false; 801 } 802 if (s->tray_open) { 803 return false; 804 } 805 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 806 return nb_sectors <= CD_MAX_SECTORS; 807 } 808 809 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 810 uint8_t *outbuf) 811 { 812 uint8_t type = r->req.cmd.buf[1] & 7; 813 814 if (s->qdev.type != TYPE_ROM) { 815 return -1; 816 } 817 818 /* Types 1/2 are only defined for Blu-Ray. */ 819 if (type != 0) { 820 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 821 return -1; 822 } 823 824 memset(outbuf, 0, 34); 825 outbuf[1] = 32; 826 outbuf[2] = 0xe; /* last session complete, disc finalized */ 827 outbuf[3] = 1; /* first track on disc */ 828 outbuf[4] = 1; /* # of sessions */ 829 outbuf[5] = 1; /* first track of last session */ 830 outbuf[6] = 1; /* last track of last session */ 831 outbuf[7] = 0x20; /* unrestricted use */ 832 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 833 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 834 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 835 /* 24-31: disc bar code */ 836 /* 32: disc application code */ 837 /* 33: number of OPC tables */ 838 839 return 34; 840 } 841 842 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 843 uint8_t *outbuf) 844 { 845 static const int rds_caps_size[5] = { 846 [0] = 2048 + 4, 847 [1] = 4 + 4, 848 [3] = 188 + 4, 849 [4] = 2048 + 4, 850 }; 851 852 uint8_t media = r->req.cmd.buf[1]; 853 uint8_t layer = r->req.cmd.buf[6]; 854 uint8_t format = r->req.cmd.buf[7]; 855 int size = -1; 856 857 if (s->qdev.type != TYPE_ROM) { 858 return -1; 859 } 860 if (media != 0) { 861 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 862 return -1; 863 } 864 865 if (format != 0xff) { 866 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 867 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 868 return -1; 869 } 870 if (media_is_cd(s)) { 871 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 872 return -1; 873 } 874 if (format >= ARRAY_SIZE(rds_caps_size)) { 875 return -1; 876 } 877 size = rds_caps_size[format]; 878 memset(outbuf, 0, size); 879 } 880 881 switch (format) { 882 case 0x00: { 883 /* Physical format information */ 884 uint64_t nb_sectors; 885 if (layer != 0) { 886 goto fail; 887 } 888 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 889 890 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 891 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 892 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 893 outbuf[7] = 0; /* default densities */ 894 895 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 896 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 897 break; 898 } 899 900 case 0x01: /* DVD copyright information, all zeros */ 901 break; 902 903 case 0x03: /* BCA information - invalid field for no BCA info */ 904 return -1; 905 906 case 0x04: /* DVD disc manufacturing information, all zeros */ 907 break; 908 909 case 0xff: { /* List capabilities */ 910 int i; 911 size = 4; 912 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 913 if (!rds_caps_size[i]) { 914 continue; 915 } 916 outbuf[size] = i; 917 outbuf[size + 1] = 0x40; /* Not writable, readable */ 918 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 919 size += 4; 920 } 921 break; 922 } 923 924 default: 925 return -1; 926 } 927 928 /* Size of buffer, not including 2 byte size field */ 929 stw_be_p(outbuf, size - 2); 930 return size; 931 932 fail: 933 return -1; 934 } 935 936 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 937 { 938 uint8_t event_code, media_status; 939 940 media_status = 0; 941 if (s->tray_open) { 942 media_status = MS_TRAY_OPEN; 943 } else if (blk_is_inserted(s->qdev.conf.blk)) { 944 media_status = MS_MEDIA_PRESENT; 945 } 946 947 /* Event notification descriptor */ 948 event_code = MEC_NO_CHANGE; 949 if (media_status != MS_TRAY_OPEN) { 950 if (s->media_event) { 951 event_code = MEC_NEW_MEDIA; 952 s->media_event = false; 953 } else if (s->eject_request) { 954 event_code = MEC_EJECT_REQUESTED; 955 s->eject_request = false; 956 } 957 } 958 959 outbuf[0] = event_code; 960 outbuf[1] = media_status; 961 962 /* These fields are reserved, just clear them. */ 963 outbuf[2] = 0; 964 outbuf[3] = 0; 965 return 4; 966 } 967 968 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 969 uint8_t *outbuf) 970 { 971 int size; 972 uint8_t *buf = r->req.cmd.buf; 973 uint8_t notification_class_request = buf[4]; 974 if (s->qdev.type != TYPE_ROM) { 975 return -1; 976 } 977 if ((buf[1] & 1) == 0) { 978 /* asynchronous */ 979 return -1; 980 } 981 982 size = 4; 983 outbuf[0] = outbuf[1] = 0; 984 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 985 if (notification_class_request & (1 << GESN_MEDIA)) { 986 outbuf[2] = GESN_MEDIA; 987 size += scsi_event_status_media(s, &outbuf[size]); 988 } else { 989 outbuf[2] = 0x80; 990 } 991 stw_be_p(outbuf, size - 4); 992 return size; 993 } 994 995 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 996 { 997 int current; 998 999 if (s->qdev.type != TYPE_ROM) { 1000 return -1; 1001 } 1002 1003 if (media_is_dvd(s)) { 1004 current = MMC_PROFILE_DVD_ROM; 1005 } else if (media_is_cd(s)) { 1006 current = MMC_PROFILE_CD_ROM; 1007 } else { 1008 current = MMC_PROFILE_NONE; 1009 } 1010 1011 memset(outbuf, 0, 40); 1012 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1013 stw_be_p(&outbuf[6], current); 1014 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1015 outbuf[10] = 0x03; /* persistent, current */ 1016 outbuf[11] = 8; /* two profiles */ 1017 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1018 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1019 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1020 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1021 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1022 stw_be_p(&outbuf[20], 1); 1023 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1024 outbuf[23] = 8; 1025 stl_be_p(&outbuf[24], 1); /* SCSI */ 1026 outbuf[28] = 1; /* DBE = 1, mandatory */ 1027 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1028 stw_be_p(&outbuf[32], 3); 1029 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1030 outbuf[35] = 4; 1031 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1032 /* TODO: Random readable, CD read, DVD read, drive serial number, 1033 power management */ 1034 return 40; 1035 } 1036 1037 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1038 { 1039 if (s->qdev.type != TYPE_ROM) { 1040 return -1; 1041 } 1042 memset(outbuf, 0, 8); 1043 outbuf[5] = 1; /* CD-ROM */ 1044 return 8; 1045 } 1046 1047 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1048 int page_control) 1049 { 1050 static const int mode_sense_valid[0x3f] = { 1051 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1052 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1053 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1054 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1055 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1056 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1057 }; 1058 1059 uint8_t *p = *p_outbuf + 2; 1060 int length; 1061 1062 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1063 return -1; 1064 } 1065 1066 /* 1067 * If Changeable Values are requested, a mask denoting those mode parameters 1068 * that are changeable shall be returned. As we currently don't support 1069 * parameter changes via MODE_SELECT all bits are returned set to zero. 1070 * The buffer was already menset to zero by the caller of this function. 1071 * 1072 * The offsets here are off by two compared to the descriptions in the 1073 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1074 * but it is done so that offsets are consistent within our implementation 1075 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1076 * 2-byte and 4-byte headers. 1077 */ 1078 switch (page) { 1079 case MODE_PAGE_HD_GEOMETRY: 1080 length = 0x16; 1081 if (page_control == 1) { /* Changeable Values */ 1082 break; 1083 } 1084 /* if a geometry hint is available, use it */ 1085 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1086 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1087 p[2] = s->qdev.conf.cyls & 0xff; 1088 p[3] = s->qdev.conf.heads & 0xff; 1089 /* Write precomp start cylinder, disabled */ 1090 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1091 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1092 p[6] = s->qdev.conf.cyls & 0xff; 1093 /* Reduced current start cylinder, disabled */ 1094 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1095 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1096 p[9] = s->qdev.conf.cyls & 0xff; 1097 /* Device step rate [ns], 200ns */ 1098 p[10] = 0; 1099 p[11] = 200; 1100 /* Landing zone cylinder */ 1101 p[12] = 0xff; 1102 p[13] = 0xff; 1103 p[14] = 0xff; 1104 /* Medium rotation rate [rpm], 5400 rpm */ 1105 p[18] = (5400 >> 8) & 0xff; 1106 p[19] = 5400 & 0xff; 1107 break; 1108 1109 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1110 length = 0x1e; 1111 if (page_control == 1) { /* Changeable Values */ 1112 break; 1113 } 1114 /* Transfer rate [kbit/s], 5Mbit/s */ 1115 p[0] = 5000 >> 8; 1116 p[1] = 5000 & 0xff; 1117 /* if a geometry hint is available, use it */ 1118 p[2] = s->qdev.conf.heads & 0xff; 1119 p[3] = s->qdev.conf.secs & 0xff; 1120 p[4] = s->qdev.blocksize >> 8; 1121 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1122 p[7] = s->qdev.conf.cyls & 0xff; 1123 /* Write precomp start cylinder, disabled */ 1124 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1125 p[9] = s->qdev.conf.cyls & 0xff; 1126 /* Reduced current start cylinder, disabled */ 1127 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1128 p[11] = s->qdev.conf.cyls & 0xff; 1129 /* Device step rate [100us], 100us */ 1130 p[12] = 0; 1131 p[13] = 1; 1132 /* Device step pulse width [us], 1us */ 1133 p[14] = 1; 1134 /* Device head settle delay [100us], 100us */ 1135 p[15] = 0; 1136 p[16] = 1; 1137 /* Motor on delay [0.1s], 0.1s */ 1138 p[17] = 1; 1139 /* Motor off delay [0.1s], 0.1s */ 1140 p[18] = 1; 1141 /* Medium rotation rate [rpm], 5400 rpm */ 1142 p[26] = (5400 >> 8) & 0xff; 1143 p[27] = 5400 & 0xff; 1144 break; 1145 1146 case MODE_PAGE_CACHING: 1147 length = 0x12; 1148 if (page_control == 1 || /* Changeable Values */ 1149 blk_enable_write_cache(s->qdev.conf.blk)) { 1150 p[0] = 4; /* WCE */ 1151 } 1152 break; 1153 1154 case MODE_PAGE_R_W_ERROR: 1155 length = 10; 1156 if (page_control == 1) { /* Changeable Values */ 1157 break; 1158 } 1159 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1160 if (s->qdev.type == TYPE_ROM) { 1161 p[1] = 0x20; /* Read Retry Count */ 1162 } 1163 break; 1164 1165 case MODE_PAGE_AUDIO_CTL: 1166 length = 14; 1167 break; 1168 1169 case MODE_PAGE_CAPABILITIES: 1170 length = 0x14; 1171 if (page_control == 1) { /* Changeable Values */ 1172 break; 1173 } 1174 1175 p[0] = 0x3b; /* CD-R & CD-RW read */ 1176 p[1] = 0; /* Writing not supported */ 1177 p[2] = 0x7f; /* Audio, composite, digital out, 1178 mode 2 form 1&2, multi session */ 1179 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1180 RW corrected, C2 errors, ISRC, 1181 UPC, Bar code */ 1182 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1183 /* Locking supported, jumper present, eject, tray */ 1184 p[5] = 0; /* no volume & mute control, no 1185 changer */ 1186 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1187 p[7] = (50 * 176) & 0xff; 1188 p[8] = 2 >> 8; /* Two volume levels */ 1189 p[9] = 2 & 0xff; 1190 p[10] = 2048 >> 8; /* 2M buffer */ 1191 p[11] = 2048 & 0xff; 1192 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1193 p[13] = (16 * 176) & 0xff; 1194 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1195 p[17] = (16 * 176) & 0xff; 1196 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1197 p[19] = (16 * 176) & 0xff; 1198 break; 1199 1200 default: 1201 return -1; 1202 } 1203 1204 assert(length < 256); 1205 (*p_outbuf)[0] = page; 1206 (*p_outbuf)[1] = length; 1207 *p_outbuf += length + 2; 1208 return length + 2; 1209 } 1210 1211 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1212 { 1213 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1214 uint64_t nb_sectors; 1215 bool dbd; 1216 int page, buflen, ret, page_control; 1217 uint8_t *p; 1218 uint8_t dev_specific_param; 1219 1220 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1221 page = r->req.cmd.buf[2] & 0x3f; 1222 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1223 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1224 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1225 memset(outbuf, 0, r->req.cmd.xfer); 1226 p = outbuf; 1227 1228 if (s->qdev.type == TYPE_DISK) { 1229 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1230 if (blk_is_read_only(s->qdev.conf.blk)) { 1231 dev_specific_param |= 0x80; /* Readonly. */ 1232 } 1233 } else { 1234 /* MMC prescribes that CD/DVD drives have no block descriptors, 1235 * and defines no device-specific parameter. */ 1236 dev_specific_param = 0x00; 1237 dbd = true; 1238 } 1239 1240 if (r->req.cmd.buf[0] == MODE_SENSE) { 1241 p[1] = 0; /* Default media type. */ 1242 p[2] = dev_specific_param; 1243 p[3] = 0; /* Block descriptor length. */ 1244 p += 4; 1245 } else { /* MODE_SENSE_10 */ 1246 p[2] = 0; /* Default media type. */ 1247 p[3] = dev_specific_param; 1248 p[6] = p[7] = 0; /* Block descriptor length. */ 1249 p += 8; 1250 } 1251 1252 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1253 if (!dbd && nb_sectors) { 1254 if (r->req.cmd.buf[0] == MODE_SENSE) { 1255 outbuf[3] = 8; /* Block descriptor length */ 1256 } else { /* MODE_SENSE_10 */ 1257 outbuf[7] = 8; /* Block descriptor length */ 1258 } 1259 nb_sectors /= (s->qdev.blocksize / 512); 1260 if (nb_sectors > 0xffffff) { 1261 nb_sectors = 0; 1262 } 1263 p[0] = 0; /* media density code */ 1264 p[1] = (nb_sectors >> 16) & 0xff; 1265 p[2] = (nb_sectors >> 8) & 0xff; 1266 p[3] = nb_sectors & 0xff; 1267 p[4] = 0; /* reserved */ 1268 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1269 p[6] = s->qdev.blocksize >> 8; 1270 p[7] = 0; 1271 p += 8; 1272 } 1273 1274 if (page_control == 3) { 1275 /* Saved Values */ 1276 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1277 return -1; 1278 } 1279 1280 if (page == 0x3f) { 1281 for (page = 0; page <= 0x3e; page++) { 1282 mode_sense_page(s, page, &p, page_control); 1283 } 1284 } else { 1285 ret = mode_sense_page(s, page, &p, page_control); 1286 if (ret == -1) { 1287 return -1; 1288 } 1289 } 1290 1291 buflen = p - outbuf; 1292 /* 1293 * The mode data length field specifies the length in bytes of the 1294 * following data that is available to be transferred. The mode data 1295 * length does not include itself. 1296 */ 1297 if (r->req.cmd.buf[0] == MODE_SENSE) { 1298 outbuf[0] = buflen - 1; 1299 } else { /* MODE_SENSE_10 */ 1300 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1301 outbuf[1] = (buflen - 2) & 0xff; 1302 } 1303 return buflen; 1304 } 1305 1306 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1307 { 1308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1309 int start_track, format, msf, toclen; 1310 uint64_t nb_sectors; 1311 1312 msf = req->cmd.buf[1] & 2; 1313 format = req->cmd.buf[2] & 0xf; 1314 start_track = req->cmd.buf[6]; 1315 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1316 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1317 nb_sectors /= s->qdev.blocksize / 512; 1318 switch (format) { 1319 case 0: 1320 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1321 break; 1322 case 1: 1323 /* multi session : only a single session defined */ 1324 toclen = 12; 1325 memset(outbuf, 0, 12); 1326 outbuf[1] = 0x0a; 1327 outbuf[2] = 0x01; 1328 outbuf[3] = 0x01; 1329 break; 1330 case 2: 1331 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1332 break; 1333 default: 1334 return -1; 1335 } 1336 return toclen; 1337 } 1338 1339 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1340 { 1341 SCSIRequest *req = &r->req; 1342 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1343 bool start = req->cmd.buf[4] & 1; 1344 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1345 int pwrcnd = req->cmd.buf[4] & 0xf0; 1346 1347 if (pwrcnd) { 1348 /* eject/load only happens for power condition == 0 */ 1349 return 0; 1350 } 1351 1352 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1353 if (!start && !s->tray_open && s->tray_locked) { 1354 scsi_check_condition(r, 1355 blk_is_inserted(s->qdev.conf.blk) 1356 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1357 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1358 return -1; 1359 } 1360 1361 if (s->tray_open != !start) { 1362 blk_eject(s->qdev.conf.blk, !start); 1363 s->tray_open = !start; 1364 } 1365 } 1366 return 0; 1367 } 1368 1369 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1370 { 1371 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1372 int buflen = r->iov.iov_len; 1373 1374 if (buflen) { 1375 DPRINTF("Read buf_len=%d\n", buflen); 1376 r->iov.iov_len = 0; 1377 r->started = true; 1378 scsi_req_data(&r->req, buflen); 1379 return; 1380 } 1381 1382 /* This also clears the sense buffer for REQUEST SENSE. */ 1383 scsi_req_complete(&r->req, GOOD); 1384 } 1385 1386 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1387 uint8_t *inbuf, int inlen) 1388 { 1389 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1390 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1391 uint8_t *p; 1392 int len, expected_len, changeable_len, i; 1393 1394 /* The input buffer does not include the page header, so it is 1395 * off by 2 bytes. 1396 */ 1397 expected_len = inlen + 2; 1398 if (expected_len > SCSI_MAX_MODE_LEN) { 1399 return -1; 1400 } 1401 1402 p = mode_current; 1403 memset(mode_current, 0, inlen + 2); 1404 len = mode_sense_page(s, page, &p, 0); 1405 if (len < 0 || len != expected_len) { 1406 return -1; 1407 } 1408 1409 p = mode_changeable; 1410 memset(mode_changeable, 0, inlen + 2); 1411 changeable_len = mode_sense_page(s, page, &p, 1); 1412 assert(changeable_len == len); 1413 1414 /* Check that unchangeable bits are the same as what MODE SENSE 1415 * would return. 1416 */ 1417 for (i = 2; i < len; i++) { 1418 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1419 return -1; 1420 } 1421 } 1422 return 0; 1423 } 1424 1425 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1426 { 1427 switch (page) { 1428 case MODE_PAGE_CACHING: 1429 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1430 break; 1431 1432 default: 1433 break; 1434 } 1435 } 1436 1437 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1438 { 1439 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1440 1441 while (len > 0) { 1442 int page, subpage, page_len; 1443 1444 /* Parse both possible formats for the mode page headers. */ 1445 page = p[0] & 0x3f; 1446 if (p[0] & 0x40) { 1447 if (len < 4) { 1448 goto invalid_param_len; 1449 } 1450 subpage = p[1]; 1451 page_len = lduw_be_p(&p[2]); 1452 p += 4; 1453 len -= 4; 1454 } else { 1455 if (len < 2) { 1456 goto invalid_param_len; 1457 } 1458 subpage = 0; 1459 page_len = p[1]; 1460 p += 2; 1461 len -= 2; 1462 } 1463 1464 if (subpage) { 1465 goto invalid_param; 1466 } 1467 if (page_len > len) { 1468 goto invalid_param_len; 1469 } 1470 1471 if (!change) { 1472 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1473 goto invalid_param; 1474 } 1475 } else { 1476 scsi_disk_apply_mode_select(s, page, p); 1477 } 1478 1479 p += page_len; 1480 len -= page_len; 1481 } 1482 return 0; 1483 1484 invalid_param: 1485 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1486 return -1; 1487 1488 invalid_param_len: 1489 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1490 return -1; 1491 } 1492 1493 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1494 { 1495 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1496 uint8_t *p = inbuf; 1497 int cmd = r->req.cmd.buf[0]; 1498 int len = r->req.cmd.xfer; 1499 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1500 int bd_len; 1501 int pass; 1502 1503 /* We only support PF=1, SP=0. */ 1504 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1505 goto invalid_field; 1506 } 1507 1508 if (len < hdr_len) { 1509 goto invalid_param_len; 1510 } 1511 1512 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1513 len -= hdr_len; 1514 p += hdr_len; 1515 if (len < bd_len) { 1516 goto invalid_param_len; 1517 } 1518 if (bd_len != 0 && bd_len != 8) { 1519 goto invalid_param; 1520 } 1521 1522 len -= bd_len; 1523 p += bd_len; 1524 1525 /* Ensure no change is made if there is an error! */ 1526 for (pass = 0; pass < 2; pass++) { 1527 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1528 assert(pass == 0); 1529 return; 1530 } 1531 } 1532 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1533 /* The request is used as the AIO opaque value, so add a ref. */ 1534 scsi_req_ref(&r->req); 1535 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1536 BLOCK_ACCT_FLUSH); 1537 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1538 return; 1539 } 1540 1541 scsi_req_complete(&r->req, GOOD); 1542 return; 1543 1544 invalid_param: 1545 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1546 return; 1547 1548 invalid_param_len: 1549 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1550 return; 1551 1552 invalid_field: 1553 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1554 } 1555 1556 static inline bool check_lba_range(SCSIDiskState *s, 1557 uint64_t sector_num, uint32_t nb_sectors) 1558 { 1559 /* 1560 * The first line tests that no overflow happens when computing the last 1561 * sector. The second line tests that the last accessed sector is in 1562 * range. 1563 * 1564 * Careful, the computations should not underflow for nb_sectors == 0, 1565 * and a 0-block read to the first LBA beyond the end of device is 1566 * valid. 1567 */ 1568 return (sector_num <= sector_num + nb_sectors && 1569 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1570 } 1571 1572 typedef struct UnmapCBData { 1573 SCSIDiskReq *r; 1574 uint8_t *inbuf; 1575 int count; 1576 } UnmapCBData; 1577 1578 static void scsi_unmap_complete(void *opaque, int ret); 1579 1580 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1581 { 1582 SCSIDiskReq *r = data->r; 1583 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1584 uint64_t sector_num; 1585 uint32_t nb_sectors; 1586 1587 assert(r->req.aiocb == NULL); 1588 1589 if (r->req.io_canceled) { 1590 scsi_req_cancel_complete(&r->req); 1591 goto done; 1592 } 1593 1594 if (ret < 0) { 1595 if (scsi_handle_rw_error(r, -ret)) { 1596 goto done; 1597 } 1598 } 1599 1600 if (data->count > 0) { 1601 sector_num = ldq_be_p(&data->inbuf[0]); 1602 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1603 if (!check_lba_range(s, sector_num, nb_sectors)) { 1604 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1605 goto done; 1606 } 1607 1608 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1609 sector_num * (s->qdev.blocksize / 512), 1610 nb_sectors * (s->qdev.blocksize / 512), 1611 scsi_unmap_complete, data); 1612 data->count--; 1613 data->inbuf += 16; 1614 return; 1615 } 1616 1617 scsi_req_complete(&r->req, GOOD); 1618 1619 done: 1620 scsi_req_unref(&r->req); 1621 g_free(data); 1622 } 1623 1624 static void scsi_unmap_complete(void *opaque, int ret) 1625 { 1626 UnmapCBData *data = opaque; 1627 SCSIDiskReq *r = data->r; 1628 1629 assert(r->req.aiocb != NULL); 1630 r->req.aiocb = NULL; 1631 1632 scsi_unmap_complete_noio(data, ret); 1633 } 1634 1635 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1636 { 1637 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1638 uint8_t *p = inbuf; 1639 int len = r->req.cmd.xfer; 1640 UnmapCBData *data; 1641 1642 /* Reject ANCHOR=1. */ 1643 if (r->req.cmd.buf[1] & 0x1) { 1644 goto invalid_field; 1645 } 1646 1647 if (len < 8) { 1648 goto invalid_param_len; 1649 } 1650 if (len < lduw_be_p(&p[0]) + 2) { 1651 goto invalid_param_len; 1652 } 1653 if (len < lduw_be_p(&p[2]) + 8) { 1654 goto invalid_param_len; 1655 } 1656 if (lduw_be_p(&p[2]) & 15) { 1657 goto invalid_param_len; 1658 } 1659 1660 if (blk_is_read_only(s->qdev.conf.blk)) { 1661 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1662 return; 1663 } 1664 1665 data = g_new0(UnmapCBData, 1); 1666 data->r = r; 1667 data->inbuf = &p[8]; 1668 data->count = lduw_be_p(&p[2]) >> 4; 1669 1670 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1671 scsi_req_ref(&r->req); 1672 scsi_unmap_complete_noio(data, 0); 1673 return; 1674 1675 invalid_param_len: 1676 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1677 return; 1678 1679 invalid_field: 1680 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1681 } 1682 1683 typedef struct WriteSameCBData { 1684 SCSIDiskReq *r; 1685 int64_t sector; 1686 int nb_sectors; 1687 QEMUIOVector qiov; 1688 struct iovec iov; 1689 } WriteSameCBData; 1690 1691 static void scsi_write_same_complete(void *opaque, int ret) 1692 { 1693 WriteSameCBData *data = opaque; 1694 SCSIDiskReq *r = data->r; 1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1696 1697 assert(r->req.aiocb != NULL); 1698 r->req.aiocb = NULL; 1699 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1700 if (r->req.io_canceled) { 1701 scsi_req_cancel_complete(&r->req); 1702 goto done; 1703 } 1704 1705 if (ret < 0) { 1706 if (scsi_handle_rw_error(r, -ret)) { 1707 goto done; 1708 } 1709 } 1710 1711 data->nb_sectors -= data->iov.iov_len / 512; 1712 data->sector += data->iov.iov_len / 512; 1713 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1714 if (data->iov.iov_len) { 1715 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1716 data->iov.iov_len, BLOCK_ACCT_WRITE); 1717 /* blk_aio_write doesn't like the qiov size being different from 1718 * nb_sectors, make sure they match. 1719 */ 1720 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1721 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1722 &data->qiov, data->iov.iov_len / 512, 1723 scsi_write_same_complete, data); 1724 return; 1725 } 1726 1727 scsi_req_complete(&r->req, GOOD); 1728 1729 done: 1730 scsi_req_unref(&r->req); 1731 qemu_vfree(data->iov.iov_base); 1732 g_free(data); 1733 } 1734 1735 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1736 { 1737 SCSIRequest *req = &r->req; 1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1739 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1740 WriteSameCBData *data; 1741 uint8_t *buf; 1742 int i; 1743 1744 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1745 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1746 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1747 return; 1748 } 1749 1750 if (blk_is_read_only(s->qdev.conf.blk)) { 1751 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1752 return; 1753 } 1754 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1755 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1756 return; 1757 } 1758 1759 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1760 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1761 1762 /* The request is used as the AIO opaque value, so add a ref. */ 1763 scsi_req_ref(&r->req); 1764 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1765 nb_sectors * s->qdev.blocksize, 1766 BLOCK_ACCT_WRITE); 1767 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk, 1768 r->req.cmd.lba * (s->qdev.blocksize / 512), 1769 nb_sectors * (s->qdev.blocksize / 512), 1770 flags, scsi_aio_complete, r); 1771 return; 1772 } 1773 1774 data = g_new0(WriteSameCBData, 1); 1775 data->r = r; 1776 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1777 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1778 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1779 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1780 data->iov.iov_len); 1781 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1782 1783 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1784 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1785 } 1786 1787 scsi_req_ref(&r->req); 1788 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1789 data->iov.iov_len, BLOCK_ACCT_WRITE); 1790 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1791 &data->qiov, data->iov.iov_len / 512, 1792 scsi_write_same_complete, data); 1793 } 1794 1795 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1796 { 1797 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1798 1799 if (r->iov.iov_len) { 1800 int buflen = r->iov.iov_len; 1801 DPRINTF("Write buf_len=%d\n", buflen); 1802 r->iov.iov_len = 0; 1803 scsi_req_data(&r->req, buflen); 1804 return; 1805 } 1806 1807 switch (req->cmd.buf[0]) { 1808 case MODE_SELECT: 1809 case MODE_SELECT_10: 1810 /* This also clears the sense buffer for REQUEST SENSE. */ 1811 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1812 break; 1813 1814 case UNMAP: 1815 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1816 break; 1817 1818 case VERIFY_10: 1819 case VERIFY_12: 1820 case VERIFY_16: 1821 if (r->req.status == -1) { 1822 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1823 } 1824 break; 1825 1826 case WRITE_SAME_10: 1827 case WRITE_SAME_16: 1828 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1829 break; 1830 1831 default: 1832 abort(); 1833 } 1834 } 1835 1836 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1837 { 1838 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1839 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1840 uint64_t nb_sectors; 1841 uint8_t *outbuf; 1842 int buflen; 1843 1844 switch (req->cmd.buf[0]) { 1845 case INQUIRY: 1846 case MODE_SENSE: 1847 case MODE_SENSE_10: 1848 case RESERVE: 1849 case RESERVE_10: 1850 case RELEASE: 1851 case RELEASE_10: 1852 case START_STOP: 1853 case ALLOW_MEDIUM_REMOVAL: 1854 case GET_CONFIGURATION: 1855 case GET_EVENT_STATUS_NOTIFICATION: 1856 case MECHANISM_STATUS: 1857 case REQUEST_SENSE: 1858 break; 1859 1860 default: 1861 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1862 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1863 return 0; 1864 } 1865 break; 1866 } 1867 1868 /* 1869 * FIXME: we shouldn't return anything bigger than 4k, but the code 1870 * requires the buffer to be as big as req->cmd.xfer in several 1871 * places. So, do not allow CDBs with a very large ALLOCATION 1872 * LENGTH. The real fix would be to modify scsi_read_data and 1873 * dma_buf_read, so that they return data beyond the buflen 1874 * as all zeros. 1875 */ 1876 if (req->cmd.xfer > 65536) { 1877 goto illegal_request; 1878 } 1879 r->buflen = MAX(4096, req->cmd.xfer); 1880 1881 if (!r->iov.iov_base) { 1882 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1883 } 1884 1885 buflen = req->cmd.xfer; 1886 outbuf = r->iov.iov_base; 1887 memset(outbuf, 0, r->buflen); 1888 switch (req->cmd.buf[0]) { 1889 case TEST_UNIT_READY: 1890 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1891 break; 1892 case INQUIRY: 1893 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1894 if (buflen < 0) { 1895 goto illegal_request; 1896 } 1897 break; 1898 case MODE_SENSE: 1899 case MODE_SENSE_10: 1900 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1901 if (buflen < 0) { 1902 goto illegal_request; 1903 } 1904 break; 1905 case READ_TOC: 1906 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1907 if (buflen < 0) { 1908 goto illegal_request; 1909 } 1910 break; 1911 case RESERVE: 1912 if (req->cmd.buf[1] & 1) { 1913 goto illegal_request; 1914 } 1915 break; 1916 case RESERVE_10: 1917 if (req->cmd.buf[1] & 3) { 1918 goto illegal_request; 1919 } 1920 break; 1921 case RELEASE: 1922 if (req->cmd.buf[1] & 1) { 1923 goto illegal_request; 1924 } 1925 break; 1926 case RELEASE_10: 1927 if (req->cmd.buf[1] & 3) { 1928 goto illegal_request; 1929 } 1930 break; 1931 case START_STOP: 1932 if (scsi_disk_emulate_start_stop(r) < 0) { 1933 return 0; 1934 } 1935 break; 1936 case ALLOW_MEDIUM_REMOVAL: 1937 s->tray_locked = req->cmd.buf[4] & 1; 1938 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1939 break; 1940 case READ_CAPACITY_10: 1941 /* The normal LEN field for this command is zero. */ 1942 memset(outbuf, 0, 8); 1943 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1944 if (!nb_sectors) { 1945 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1946 return 0; 1947 } 1948 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1949 goto illegal_request; 1950 } 1951 nb_sectors /= s->qdev.blocksize / 512; 1952 /* Returned value is the address of the last sector. */ 1953 nb_sectors--; 1954 /* Remember the new size for read/write sanity checking. */ 1955 s->qdev.max_lba = nb_sectors; 1956 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1957 if (nb_sectors > UINT32_MAX) { 1958 nb_sectors = UINT32_MAX; 1959 } 1960 outbuf[0] = (nb_sectors >> 24) & 0xff; 1961 outbuf[1] = (nb_sectors >> 16) & 0xff; 1962 outbuf[2] = (nb_sectors >> 8) & 0xff; 1963 outbuf[3] = nb_sectors & 0xff; 1964 outbuf[4] = 0; 1965 outbuf[5] = 0; 1966 outbuf[6] = s->qdev.blocksize >> 8; 1967 outbuf[7] = 0; 1968 break; 1969 case REQUEST_SENSE: 1970 /* Just return "NO SENSE". */ 1971 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1972 (req->cmd.buf[1] & 1) == 0); 1973 if (buflen < 0) { 1974 goto illegal_request; 1975 } 1976 break; 1977 case MECHANISM_STATUS: 1978 buflen = scsi_emulate_mechanism_status(s, outbuf); 1979 if (buflen < 0) { 1980 goto illegal_request; 1981 } 1982 break; 1983 case GET_CONFIGURATION: 1984 buflen = scsi_get_configuration(s, outbuf); 1985 if (buflen < 0) { 1986 goto illegal_request; 1987 } 1988 break; 1989 case GET_EVENT_STATUS_NOTIFICATION: 1990 buflen = scsi_get_event_status_notification(s, r, outbuf); 1991 if (buflen < 0) { 1992 goto illegal_request; 1993 } 1994 break; 1995 case READ_DISC_INFORMATION: 1996 buflen = scsi_read_disc_information(s, r, outbuf); 1997 if (buflen < 0) { 1998 goto illegal_request; 1999 } 2000 break; 2001 case READ_DVD_STRUCTURE: 2002 buflen = scsi_read_dvd_structure(s, r, outbuf); 2003 if (buflen < 0) { 2004 goto illegal_request; 2005 } 2006 break; 2007 case SERVICE_ACTION_IN_16: 2008 /* Service Action In subcommands. */ 2009 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2010 DPRINTF("SAI READ CAPACITY(16)\n"); 2011 memset(outbuf, 0, req->cmd.xfer); 2012 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2013 if (!nb_sectors) { 2014 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2015 return 0; 2016 } 2017 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2018 goto illegal_request; 2019 } 2020 nb_sectors /= s->qdev.blocksize / 512; 2021 /* Returned value is the address of the last sector. */ 2022 nb_sectors--; 2023 /* Remember the new size for read/write sanity checking. */ 2024 s->qdev.max_lba = nb_sectors; 2025 outbuf[0] = (nb_sectors >> 56) & 0xff; 2026 outbuf[1] = (nb_sectors >> 48) & 0xff; 2027 outbuf[2] = (nb_sectors >> 40) & 0xff; 2028 outbuf[3] = (nb_sectors >> 32) & 0xff; 2029 outbuf[4] = (nb_sectors >> 24) & 0xff; 2030 outbuf[5] = (nb_sectors >> 16) & 0xff; 2031 outbuf[6] = (nb_sectors >> 8) & 0xff; 2032 outbuf[7] = nb_sectors & 0xff; 2033 outbuf[8] = 0; 2034 outbuf[9] = 0; 2035 outbuf[10] = s->qdev.blocksize >> 8; 2036 outbuf[11] = 0; 2037 outbuf[12] = 0; 2038 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2039 2040 /* set TPE bit if the format supports discard */ 2041 if (s->qdev.conf.discard_granularity) { 2042 outbuf[14] = 0x80; 2043 } 2044 2045 /* Protection, exponent and lowest lba field left blank. */ 2046 break; 2047 } 2048 DPRINTF("Unsupported Service Action In\n"); 2049 goto illegal_request; 2050 case SYNCHRONIZE_CACHE: 2051 /* The request is used as the AIO opaque value, so add a ref. */ 2052 scsi_req_ref(&r->req); 2053 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2054 BLOCK_ACCT_FLUSH); 2055 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2056 return 0; 2057 case SEEK_10: 2058 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2059 if (r->req.cmd.lba > s->qdev.max_lba) { 2060 goto illegal_lba; 2061 } 2062 break; 2063 case MODE_SELECT: 2064 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2065 break; 2066 case MODE_SELECT_10: 2067 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2068 break; 2069 case UNMAP: 2070 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2071 break; 2072 case VERIFY_10: 2073 case VERIFY_12: 2074 case VERIFY_16: 2075 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2076 if (req->cmd.buf[1] & 6) { 2077 goto illegal_request; 2078 } 2079 break; 2080 case WRITE_SAME_10: 2081 case WRITE_SAME_16: 2082 DPRINTF("WRITE SAME %d (len %lu)\n", 2083 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2084 (long)r->req.cmd.xfer); 2085 break; 2086 default: 2087 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2088 scsi_command_name(buf[0])); 2089 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2090 return 0; 2091 } 2092 assert(!r->req.aiocb); 2093 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2094 if (r->iov.iov_len == 0) { 2095 scsi_req_complete(&r->req, GOOD); 2096 } 2097 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2098 assert(r->iov.iov_len == req->cmd.xfer); 2099 return -r->iov.iov_len; 2100 } else { 2101 return r->iov.iov_len; 2102 } 2103 2104 illegal_request: 2105 if (r->req.status == -1) { 2106 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2107 } 2108 return 0; 2109 2110 illegal_lba: 2111 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2112 return 0; 2113 } 2114 2115 /* Execute a scsi command. Returns the length of the data expected by the 2116 command. This will be Positive for data transfers from the device 2117 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2118 and zero if the command does not transfer any data. */ 2119 2120 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2121 { 2122 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2123 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2124 uint32_t len; 2125 uint8_t command; 2126 2127 command = buf[0]; 2128 2129 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2130 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2131 return 0; 2132 } 2133 2134 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2135 switch (command) { 2136 case READ_6: 2137 case READ_10: 2138 case READ_12: 2139 case READ_16: 2140 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2141 if (r->req.cmd.buf[1] & 0xe0) { 2142 goto illegal_request; 2143 } 2144 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2145 goto illegal_lba; 2146 } 2147 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2148 r->sector_count = len * (s->qdev.blocksize / 512); 2149 break; 2150 case WRITE_6: 2151 case WRITE_10: 2152 case WRITE_12: 2153 case WRITE_16: 2154 case WRITE_VERIFY_10: 2155 case WRITE_VERIFY_12: 2156 case WRITE_VERIFY_16: 2157 if (blk_is_read_only(s->qdev.conf.blk)) { 2158 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2159 return 0; 2160 } 2161 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2162 (command & 0xe) == 0xe ? "And Verify " : "", 2163 r->req.cmd.lba, len); 2164 if (r->req.cmd.buf[1] & 0xe0) { 2165 goto illegal_request; 2166 } 2167 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2168 goto illegal_lba; 2169 } 2170 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2171 r->sector_count = len * (s->qdev.blocksize / 512); 2172 break; 2173 default: 2174 abort(); 2175 illegal_request: 2176 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2177 return 0; 2178 illegal_lba: 2179 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2180 return 0; 2181 } 2182 if (r->sector_count == 0) { 2183 scsi_req_complete(&r->req, GOOD); 2184 } 2185 assert(r->iov.iov_len == 0); 2186 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2187 return -r->sector_count * 512; 2188 } else { 2189 return r->sector_count * 512; 2190 } 2191 } 2192 2193 static void scsi_disk_reset(DeviceState *dev) 2194 { 2195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2196 uint64_t nb_sectors; 2197 2198 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2199 2200 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2201 nb_sectors /= s->qdev.blocksize / 512; 2202 if (nb_sectors) { 2203 nb_sectors--; 2204 } 2205 s->qdev.max_lba = nb_sectors; 2206 /* reset tray statuses */ 2207 s->tray_locked = 0; 2208 s->tray_open = 0; 2209 } 2210 2211 static void scsi_disk_resize_cb(void *opaque) 2212 { 2213 SCSIDiskState *s = opaque; 2214 2215 /* SPC lists this sense code as available only for 2216 * direct-access devices. 2217 */ 2218 if (s->qdev.type == TYPE_DISK) { 2219 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2220 } 2221 } 2222 2223 static void scsi_cd_change_media_cb(void *opaque, bool load) 2224 { 2225 SCSIDiskState *s = opaque; 2226 2227 /* 2228 * When a CD gets changed, we have to report an ejected state and 2229 * then a loaded state to guests so that they detect tray 2230 * open/close and media change events. Guests that do not use 2231 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2232 * states rely on this behavior. 2233 * 2234 * media_changed governs the state machine used for unit attention 2235 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2236 */ 2237 s->media_changed = load; 2238 s->tray_open = !load; 2239 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2240 s->media_event = true; 2241 s->eject_request = false; 2242 } 2243 2244 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2245 { 2246 SCSIDiskState *s = opaque; 2247 2248 s->eject_request = true; 2249 if (force) { 2250 s->tray_locked = false; 2251 } 2252 } 2253 2254 static bool scsi_cd_is_tray_open(void *opaque) 2255 { 2256 return ((SCSIDiskState *)opaque)->tray_open; 2257 } 2258 2259 static bool scsi_cd_is_medium_locked(void *opaque) 2260 { 2261 return ((SCSIDiskState *)opaque)->tray_locked; 2262 } 2263 2264 static const BlockDevOps scsi_disk_removable_block_ops = { 2265 .change_media_cb = scsi_cd_change_media_cb, 2266 .eject_request_cb = scsi_cd_eject_request_cb, 2267 .is_tray_open = scsi_cd_is_tray_open, 2268 .is_medium_locked = scsi_cd_is_medium_locked, 2269 2270 .resize_cb = scsi_disk_resize_cb, 2271 }; 2272 2273 static const BlockDevOps scsi_disk_block_ops = { 2274 .resize_cb = scsi_disk_resize_cb, 2275 }; 2276 2277 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2278 { 2279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2280 if (s->media_changed) { 2281 s->media_changed = false; 2282 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2283 } 2284 } 2285 2286 static void scsi_realize(SCSIDevice *dev, Error **errp) 2287 { 2288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2289 Error *err = NULL; 2290 2291 if (!s->qdev.conf.blk) { 2292 error_setg(errp, "drive property not set"); 2293 return; 2294 } 2295 2296 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2297 !blk_is_inserted(s->qdev.conf.blk)) { 2298 error_setg(errp, "Device needs media, but drive is empty"); 2299 return; 2300 } 2301 2302 blkconf_serial(&s->qdev.conf, &s->serial); 2303 blkconf_blocksizes(&s->qdev.conf); 2304 if (dev->type == TYPE_DISK) { 2305 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2306 if (err) { 2307 error_propagate(errp, err); 2308 return; 2309 } 2310 } 2311 2312 if (s->qdev.conf.discard_granularity == -1) { 2313 s->qdev.conf.discard_granularity = 2314 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2315 } 2316 2317 if (!s->version) { 2318 s->version = g_strdup(qemu_get_version()); 2319 } 2320 if (!s->vendor) { 2321 s->vendor = g_strdup("QEMU"); 2322 } 2323 2324 if (blk_is_sg(s->qdev.conf.blk)) { 2325 error_setg(errp, "unwanted /dev/sg*"); 2326 return; 2327 } 2328 2329 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2330 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2331 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2332 } else { 2333 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2334 } 2335 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2336 2337 blk_iostatus_enable(s->qdev.conf.blk); 2338 } 2339 2340 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2341 { 2342 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2343 /* can happen for devices without drive. The error message for missing 2344 * backend will be issued in scsi_realize 2345 */ 2346 if (s->qdev.conf.blk) { 2347 blkconf_blocksizes(&s->qdev.conf); 2348 } 2349 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2350 s->qdev.type = TYPE_DISK; 2351 if (!s->product) { 2352 s->product = g_strdup("QEMU HARDDISK"); 2353 } 2354 scsi_realize(&s->qdev, errp); 2355 } 2356 2357 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2358 { 2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2360 s->qdev.blocksize = 2048; 2361 s->qdev.type = TYPE_ROM; 2362 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2363 if (!s->product) { 2364 s->product = g_strdup("QEMU CD-ROM"); 2365 } 2366 scsi_realize(&s->qdev, errp); 2367 } 2368 2369 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2370 { 2371 DriveInfo *dinfo; 2372 Error *local_err = NULL; 2373 2374 if (!dev->conf.blk) { 2375 scsi_realize(dev, &local_err); 2376 assert(local_err); 2377 error_propagate(errp, local_err); 2378 return; 2379 } 2380 2381 dinfo = blk_legacy_dinfo(dev->conf.blk); 2382 if (dinfo && dinfo->media_cd) { 2383 scsi_cd_realize(dev, errp); 2384 } else { 2385 scsi_hd_realize(dev, errp); 2386 } 2387 } 2388 2389 static const SCSIReqOps scsi_disk_emulate_reqops = { 2390 .size = sizeof(SCSIDiskReq), 2391 .free_req = scsi_free_request, 2392 .send_command = scsi_disk_emulate_command, 2393 .read_data = scsi_disk_emulate_read_data, 2394 .write_data = scsi_disk_emulate_write_data, 2395 .get_buf = scsi_get_buf, 2396 }; 2397 2398 static const SCSIReqOps scsi_disk_dma_reqops = { 2399 .size = sizeof(SCSIDiskReq), 2400 .free_req = scsi_free_request, 2401 .send_command = scsi_disk_dma_command, 2402 .read_data = scsi_read_data, 2403 .write_data = scsi_write_data, 2404 .get_buf = scsi_get_buf, 2405 .load_request = scsi_disk_load_request, 2406 .save_request = scsi_disk_save_request, 2407 }; 2408 2409 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2410 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2411 [INQUIRY] = &scsi_disk_emulate_reqops, 2412 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2413 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2414 [START_STOP] = &scsi_disk_emulate_reqops, 2415 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2416 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2417 [READ_TOC] = &scsi_disk_emulate_reqops, 2418 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2419 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2420 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2421 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2422 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2423 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2424 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2425 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2426 [SEEK_10] = &scsi_disk_emulate_reqops, 2427 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2428 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2429 [UNMAP] = &scsi_disk_emulate_reqops, 2430 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2431 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2432 [VERIFY_10] = &scsi_disk_emulate_reqops, 2433 [VERIFY_12] = &scsi_disk_emulate_reqops, 2434 [VERIFY_16] = &scsi_disk_emulate_reqops, 2435 2436 [READ_6] = &scsi_disk_dma_reqops, 2437 [READ_10] = &scsi_disk_dma_reqops, 2438 [READ_12] = &scsi_disk_dma_reqops, 2439 [READ_16] = &scsi_disk_dma_reqops, 2440 [WRITE_6] = &scsi_disk_dma_reqops, 2441 [WRITE_10] = &scsi_disk_dma_reqops, 2442 [WRITE_12] = &scsi_disk_dma_reqops, 2443 [WRITE_16] = &scsi_disk_dma_reqops, 2444 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2445 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2446 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2447 }; 2448 2449 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2450 uint8_t *buf, void *hba_private) 2451 { 2452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2453 SCSIRequest *req; 2454 const SCSIReqOps *ops; 2455 uint8_t command; 2456 2457 command = buf[0]; 2458 ops = scsi_disk_reqops_dispatch[command]; 2459 if (!ops) { 2460 ops = &scsi_disk_emulate_reqops; 2461 } 2462 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2463 2464 #ifdef DEBUG_SCSI 2465 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2466 { 2467 int i; 2468 for (i = 1; i < scsi_cdb_length(buf); i++) { 2469 printf(" 0x%02x", buf[i]); 2470 } 2471 printf("\n"); 2472 } 2473 #endif 2474 2475 return req; 2476 } 2477 2478 #ifdef __linux__ 2479 static int get_device_type(SCSIDiskState *s) 2480 { 2481 uint8_t cmd[16]; 2482 uint8_t buf[36]; 2483 uint8_t sensebuf[8]; 2484 sg_io_hdr_t io_header; 2485 int ret; 2486 2487 memset(cmd, 0, sizeof(cmd)); 2488 memset(buf, 0, sizeof(buf)); 2489 cmd[0] = INQUIRY; 2490 cmd[4] = sizeof(buf); 2491 2492 memset(&io_header, 0, sizeof(io_header)); 2493 io_header.interface_id = 'S'; 2494 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2495 io_header.dxfer_len = sizeof(buf); 2496 io_header.dxferp = buf; 2497 io_header.cmdp = cmd; 2498 io_header.cmd_len = sizeof(cmd); 2499 io_header.mx_sb_len = sizeof(sensebuf); 2500 io_header.sbp = sensebuf; 2501 io_header.timeout = 6000; /* XXX */ 2502 2503 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2504 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2505 return -1; 2506 } 2507 s->qdev.type = buf[0]; 2508 if (buf[1] & 0x80) { 2509 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2510 } 2511 return 0; 2512 } 2513 2514 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2515 { 2516 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2517 int sg_version; 2518 int rc; 2519 2520 if (!s->qdev.conf.blk) { 2521 error_setg(errp, "drive property not set"); 2522 return; 2523 } 2524 2525 /* check we are using a driver managing SG_IO (version 3 and after) */ 2526 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2527 if (rc < 0) { 2528 error_setg(errp, "cannot get SG_IO version number: %s. " 2529 "Is this a SCSI device?", 2530 strerror(-rc)); 2531 return; 2532 } 2533 if (sg_version < 30000) { 2534 error_setg(errp, "scsi generic interface too old"); 2535 return; 2536 } 2537 2538 /* get device type from INQUIRY data */ 2539 rc = get_device_type(s); 2540 if (rc < 0) { 2541 error_setg(errp, "INQUIRY failed"); 2542 return; 2543 } 2544 2545 /* Make a guess for the block size, we'll fix it when the guest sends. 2546 * READ CAPACITY. If they don't, they likely would assume these sizes 2547 * anyway. (TODO: check in /sys). 2548 */ 2549 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2550 s->qdev.blocksize = 2048; 2551 } else { 2552 s->qdev.blocksize = 512; 2553 } 2554 2555 /* Makes the scsi-block device not removable by using HMP and QMP eject 2556 * command. 2557 */ 2558 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2559 2560 scsi_realize(&s->qdev, errp); 2561 } 2562 2563 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2564 { 2565 switch (buf[0]) { 2566 case READ_6: 2567 case READ_10: 2568 case READ_12: 2569 case READ_16: 2570 case VERIFY_10: 2571 case VERIFY_12: 2572 case VERIFY_16: 2573 case WRITE_6: 2574 case WRITE_10: 2575 case WRITE_12: 2576 case WRITE_16: 2577 case WRITE_VERIFY_10: 2578 case WRITE_VERIFY_12: 2579 case WRITE_VERIFY_16: 2580 /* If we are not using O_DIRECT, we might read stale data from the 2581 * host cache if writes were made using other commands than these 2582 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2583 * O_DIRECT everything must go through SG_IO. 2584 */ 2585 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2586 break; 2587 } 2588 2589 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2590 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2591 * And once you do these writes, reading from the block device is 2592 * unreliable, too. It is even possible that reads deliver random data 2593 * from the host page cache (this is probably a Linux bug). 2594 * 2595 * We might use scsi_disk_dma_reqops as long as no writing commands are 2596 * seen, but performance usually isn't paramount on optical media. So, 2597 * just make scsi-block operate the same as scsi-generic for them. 2598 */ 2599 if (s->qdev.type != TYPE_ROM) { 2600 return false; 2601 } 2602 break; 2603 2604 default: 2605 break; 2606 } 2607 2608 return true; 2609 } 2610 2611 2612 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2613 uint32_t lun, uint8_t *buf, 2614 void *hba_private) 2615 { 2616 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2617 2618 if (scsi_block_is_passthrough(s, buf)) { 2619 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2620 hba_private); 2621 } else { 2622 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2623 hba_private); 2624 } 2625 } 2626 2627 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2628 uint8_t *buf, void *hba_private) 2629 { 2630 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2631 2632 if (scsi_block_is_passthrough(s, buf)) { 2633 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2634 } else { 2635 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2636 } 2637 } 2638 2639 #endif 2640 2641 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2642 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2643 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2644 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2645 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2646 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2647 2648 static Property scsi_hd_properties[] = { 2649 DEFINE_SCSI_DISK_PROPERTIES(), 2650 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2651 SCSI_DISK_F_REMOVABLE, false), 2652 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2653 SCSI_DISK_F_DPOFUA, false), 2654 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2655 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2656 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2657 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2658 DEFAULT_MAX_UNMAP_SIZE), 2659 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2660 DEFAULT_MAX_IO_SIZE), 2661 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2662 DEFINE_PROP_END_OF_LIST(), 2663 }; 2664 2665 static const VMStateDescription vmstate_scsi_disk_state = { 2666 .name = "scsi-disk", 2667 .version_id = 1, 2668 .minimum_version_id = 1, 2669 .fields = (VMStateField[]) { 2670 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2671 VMSTATE_BOOL(media_changed, SCSIDiskState), 2672 VMSTATE_BOOL(media_event, SCSIDiskState), 2673 VMSTATE_BOOL(eject_request, SCSIDiskState), 2674 VMSTATE_BOOL(tray_open, SCSIDiskState), 2675 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2676 VMSTATE_END_OF_LIST() 2677 } 2678 }; 2679 2680 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2681 { 2682 DeviceClass *dc = DEVICE_CLASS(klass); 2683 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2684 2685 sc->realize = scsi_hd_realize; 2686 sc->alloc_req = scsi_new_request; 2687 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2688 dc->fw_name = "disk"; 2689 dc->desc = "virtual SCSI disk"; 2690 dc->reset = scsi_disk_reset; 2691 dc->props = scsi_hd_properties; 2692 dc->vmsd = &vmstate_scsi_disk_state; 2693 } 2694 2695 static const TypeInfo scsi_hd_info = { 2696 .name = "scsi-hd", 2697 .parent = TYPE_SCSI_DEVICE, 2698 .instance_size = sizeof(SCSIDiskState), 2699 .class_init = scsi_hd_class_initfn, 2700 }; 2701 2702 static Property scsi_cd_properties[] = { 2703 DEFINE_SCSI_DISK_PROPERTIES(), 2704 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2705 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2706 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2707 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2708 DEFAULT_MAX_IO_SIZE), 2709 DEFINE_PROP_END_OF_LIST(), 2710 }; 2711 2712 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2713 { 2714 DeviceClass *dc = DEVICE_CLASS(klass); 2715 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2716 2717 sc->realize = scsi_cd_realize; 2718 sc->alloc_req = scsi_new_request; 2719 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2720 dc->fw_name = "disk"; 2721 dc->desc = "virtual SCSI CD-ROM"; 2722 dc->reset = scsi_disk_reset; 2723 dc->props = scsi_cd_properties; 2724 dc->vmsd = &vmstate_scsi_disk_state; 2725 } 2726 2727 static const TypeInfo scsi_cd_info = { 2728 .name = "scsi-cd", 2729 .parent = TYPE_SCSI_DEVICE, 2730 .instance_size = sizeof(SCSIDiskState), 2731 .class_init = scsi_cd_class_initfn, 2732 }; 2733 2734 #ifdef __linux__ 2735 static Property scsi_block_properties[] = { 2736 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2737 DEFINE_PROP_END_OF_LIST(), 2738 }; 2739 2740 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2741 { 2742 DeviceClass *dc = DEVICE_CLASS(klass); 2743 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2744 2745 sc->realize = scsi_block_realize; 2746 sc->alloc_req = scsi_block_new_request; 2747 sc->parse_cdb = scsi_block_parse_cdb; 2748 dc->fw_name = "disk"; 2749 dc->desc = "SCSI block device passthrough"; 2750 dc->reset = scsi_disk_reset; 2751 dc->props = scsi_block_properties; 2752 dc->vmsd = &vmstate_scsi_disk_state; 2753 } 2754 2755 static const TypeInfo scsi_block_info = { 2756 .name = "scsi-block", 2757 .parent = TYPE_SCSI_DEVICE, 2758 .instance_size = sizeof(SCSIDiskState), 2759 .class_init = scsi_block_class_initfn, 2760 }; 2761 #endif 2762 2763 static Property scsi_disk_properties[] = { 2764 DEFINE_SCSI_DISK_PROPERTIES(), 2765 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2766 SCSI_DISK_F_REMOVABLE, false), 2767 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2768 SCSI_DISK_F_DPOFUA, false), 2769 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0), 2770 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0), 2771 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2772 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2773 DEFAULT_MAX_UNMAP_SIZE), 2774 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2775 DEFAULT_MAX_IO_SIZE), 2776 DEFINE_PROP_END_OF_LIST(), 2777 }; 2778 2779 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2780 { 2781 DeviceClass *dc = DEVICE_CLASS(klass); 2782 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2783 2784 sc->realize = scsi_disk_realize; 2785 sc->alloc_req = scsi_new_request; 2786 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2787 dc->fw_name = "disk"; 2788 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2789 dc->reset = scsi_disk_reset; 2790 dc->props = scsi_disk_properties; 2791 dc->vmsd = &vmstate_scsi_disk_state; 2792 } 2793 2794 static const TypeInfo scsi_disk_info = { 2795 .name = "scsi-disk", 2796 .parent = TYPE_SCSI_DEVICE, 2797 .instance_size = sizeof(SCSIDiskState), 2798 .class_init = scsi_disk_class_initfn, 2799 }; 2800 2801 static void scsi_disk_register_types(void) 2802 { 2803 type_register_static(&scsi_hd_info); 2804 type_register_static(&scsi_cd_info); 2805 #ifdef __linux__ 2806 type_register_static(&scsi_block_info); 2807 #endif 2808 type_register_static(&scsi_disk_info); 2809 } 2810 2811 type_init(scsi_disk_register_types) 2812