1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu/osdep.h" 32 #include "qemu-common.h" 33 #include "qemu/error-report.h" 34 #include "hw/scsi/scsi.h" 35 #include "block/scsi.h" 36 #include "sysemu/sysemu.h" 37 #include "sysemu/block-backend.h" 38 #include "sysemu/blockdev.h" 39 #include "hw/block/block.h" 40 #include "sysemu/dma.h" 41 42 #ifdef __linux 43 #include <scsi/sg.h> 44 #endif 45 46 #define SCSI_WRITE_SAME_MAX 524288 47 #define SCSI_DMA_BUF_SIZE 131072 48 #define SCSI_MAX_INQUIRY_LEN 256 49 #define SCSI_MAX_MODE_LEN 256 50 51 #define DEFAULT_DISCARD_GRANULARITY 4096 52 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 53 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 54 55 typedef struct SCSIDiskState SCSIDiskState; 56 57 typedef struct SCSIDiskReq { 58 SCSIRequest req; 59 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 60 uint64_t sector; 61 uint32_t sector_count; 62 uint32_t buflen; 63 bool started; 64 struct iovec iov; 65 QEMUIOVector qiov; 66 BlockAcctCookie acct; 67 } SCSIDiskReq; 68 69 #define SCSI_DISK_F_REMOVABLE 0 70 #define SCSI_DISK_F_DPOFUA 1 71 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 72 73 struct SCSIDiskState 74 { 75 SCSIDevice qdev; 76 uint32_t features; 77 bool media_changed; 78 bool media_event; 79 bool eject_request; 80 uint16_t port_index; 81 uint64_t max_unmap_size; 82 uint64_t max_io_size; 83 QEMUBH *bh; 84 char *version; 85 char *serial; 86 char *vendor; 87 char *product; 88 bool tray_open; 89 bool tray_locked; 90 }; 91 92 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 93 94 static void scsi_free_request(SCSIRequest *req) 95 { 96 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 97 98 qemu_vfree(r->iov.iov_base); 99 } 100 101 /* Helper function for command completion with sense. */ 102 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 103 { 104 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 105 r->req.tag, sense.key, sense.asc, sense.ascq); 106 scsi_req_build_sense(&r->req, sense); 107 scsi_req_complete(&r->req, CHECK_CONDITION); 108 } 109 110 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 111 { 112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 113 114 if (!r->iov.iov_base) { 115 r->buflen = size; 116 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 117 } 118 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 119 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 120 return r->qiov.size / 512; 121 } 122 123 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 124 { 125 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 126 127 qemu_put_be64s(f, &r->sector); 128 qemu_put_be32s(f, &r->sector_count); 129 qemu_put_be32s(f, &r->buflen); 130 if (r->buflen) { 131 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 132 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 133 } else if (!req->retry) { 134 uint32_t len = r->iov.iov_len; 135 qemu_put_be32s(f, &len); 136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 137 } 138 } 139 } 140 141 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 142 { 143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 144 145 qemu_get_be64s(f, &r->sector); 146 qemu_get_be32s(f, &r->sector_count); 147 qemu_get_be32s(f, &r->buflen); 148 if (r->buflen) { 149 scsi_init_iovec(r, r->buflen); 150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 151 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } else if (!r->req.retry) { 153 uint32_t len; 154 qemu_get_be32s(f, &len); 155 r->iov.iov_len = len; 156 assert(r->iov.iov_len <= r->buflen); 157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 161 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 162 } 163 164 static void scsi_aio_complete(void *opaque, int ret) 165 { 166 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 168 169 assert(r->req.aiocb != NULL); 170 r->req.aiocb = NULL; 171 if (r->req.io_canceled) { 172 scsi_req_cancel_complete(&r->req); 173 goto done; 174 } 175 176 if (ret < 0) { 177 if (scsi_handle_rw_error(r, -ret, true)) { 178 goto done; 179 } 180 } 181 182 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 183 scsi_req_complete(&r->req, GOOD); 184 185 done: 186 scsi_req_unref(&r->req); 187 } 188 189 static bool scsi_is_cmd_fua(SCSICommand *cmd) 190 { 191 switch (cmd->buf[0]) { 192 case READ_10: 193 case READ_12: 194 case READ_16: 195 case WRITE_10: 196 case WRITE_12: 197 case WRITE_16: 198 return (cmd->buf[1] & 8) != 0; 199 200 case VERIFY_10: 201 case VERIFY_12: 202 case VERIFY_16: 203 case WRITE_VERIFY_10: 204 case WRITE_VERIFY_12: 205 case WRITE_VERIFY_16: 206 return true; 207 208 case READ_6: 209 case WRITE_6: 210 default: 211 return false; 212 } 213 } 214 215 static void scsi_write_do_fua(SCSIDiskReq *r) 216 { 217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 218 219 assert(r->req.aiocb == NULL); 220 221 if (r->req.io_canceled) { 222 scsi_req_cancel_complete(&r->req); 223 goto done; 224 } 225 226 if (scsi_is_cmd_fua(&r->req.cmd)) { 227 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 228 BLOCK_ACCT_FLUSH); 229 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 230 return; 231 } 232 233 scsi_req_complete(&r->req, GOOD); 234 235 done: 236 scsi_req_unref(&r->req); 237 } 238 239 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 240 { 241 assert(r->req.aiocb == NULL); 242 243 if (r->req.io_canceled) { 244 scsi_req_cancel_complete(&r->req); 245 goto done; 246 } 247 248 if (ret < 0) { 249 if (scsi_handle_rw_error(r, -ret, false)) { 250 goto done; 251 } 252 } 253 254 r->sector += r->sector_count; 255 r->sector_count = 0; 256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 257 scsi_write_do_fua(r); 258 return; 259 } else { 260 scsi_req_complete(&r->req, GOOD); 261 } 262 263 done: 264 scsi_req_unref(&r->req); 265 } 266 267 static void scsi_dma_complete(void *opaque, int ret) 268 { 269 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 271 272 assert(r->req.aiocb != NULL); 273 r->req.aiocb = NULL; 274 275 if (ret < 0) { 276 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 277 } else { 278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 279 } 280 scsi_dma_complete_noio(r, ret); 281 } 282 283 static void scsi_read_complete(void * opaque, int ret) 284 { 285 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 287 int n; 288 289 assert(r->req.aiocb != NULL); 290 r->req.aiocb = NULL; 291 if (r->req.io_canceled) { 292 scsi_req_cancel_complete(&r->req); 293 goto done; 294 } 295 296 if (ret < 0) { 297 if (scsi_handle_rw_error(r, -ret, true)) { 298 goto done; 299 } 300 } 301 302 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 303 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 304 305 n = r->qiov.size / 512; 306 r->sector += n; 307 r->sector_count -= n; 308 scsi_req_data(&r->req, r->qiov.size); 309 310 done: 311 scsi_req_unref(&r->req); 312 } 313 314 /* Actually issue a read to the block device. */ 315 static void scsi_do_read(SCSIDiskReq *r, int ret) 316 { 317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 318 uint32_t n; 319 320 assert (r->req.aiocb == NULL); 321 322 if (r->req.io_canceled) { 323 scsi_req_cancel_complete(&r->req); 324 goto done; 325 } 326 327 if (ret < 0) { 328 if (scsi_handle_rw_error(r, -ret, false)) { 329 goto done; 330 } 331 } 332 333 /* The request is used as the AIO opaque value, so add a ref. */ 334 scsi_req_ref(&r->req); 335 336 if (r->req.sg) { 337 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 338 r->req.resid -= r->req.sg->size; 339 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector, 340 scsi_dma_complete, r); 341 } else { 342 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 343 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 344 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ); 345 r->req.aiocb = blk_aio_readv(s->qdev.conf.blk, r->sector, &r->qiov, n, 346 scsi_read_complete, r); 347 } 348 349 done: 350 scsi_req_unref(&r->req); 351 } 352 353 static void scsi_do_read_cb(void *opaque, int ret) 354 { 355 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 357 358 assert (r->req.aiocb != NULL); 359 r->req.aiocb = NULL; 360 361 if (ret < 0) { 362 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 363 } else { 364 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 365 } 366 scsi_do_read(opaque, ret); 367 } 368 369 /* Read more data from scsi device into buffer. */ 370 static void scsi_read_data(SCSIRequest *req) 371 { 372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 374 bool first; 375 376 DPRINTF("Read sector_count=%d\n", r->sector_count); 377 if (r->sector_count == 0) { 378 /* This also clears the sense buffer for REQUEST SENSE. */ 379 scsi_req_complete(&r->req, GOOD); 380 return; 381 } 382 383 /* No data transfer may already be in progress */ 384 assert(r->req.aiocb == NULL); 385 386 /* The request is used as the AIO opaque value, so add a ref. */ 387 scsi_req_ref(&r->req); 388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 389 DPRINTF("Data transfer direction invalid\n"); 390 scsi_read_complete(r, -EINVAL); 391 return; 392 } 393 394 if (s->tray_open) { 395 scsi_read_complete(r, -ENOMEDIUM); 396 return; 397 } 398 399 first = !r->started; 400 r->started = true; 401 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 402 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 403 BLOCK_ACCT_FLUSH); 404 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 405 } else { 406 scsi_do_read(r, 0); 407 } 408 } 409 410 /* 411 * scsi_handle_rw_error has two return values. 0 means that the error 412 * must be ignored, 1 means that the error has been processed and the 413 * caller should not do anything else for this request. Note that 414 * scsi_handle_rw_error always manages its reference counts, independent 415 * of the return value. 416 */ 417 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 418 { 419 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 421 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 422 is_read, error); 423 424 if (action == BLOCK_ERROR_ACTION_REPORT) { 425 if (acct_failed) { 426 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 427 } 428 switch (error) { 429 case ENOMEDIUM: 430 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 431 break; 432 case ENOMEM: 433 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 434 break; 435 case EINVAL: 436 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 437 break; 438 case ENOSPC: 439 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 440 break; 441 default: 442 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 443 break; 444 } 445 } 446 blk_error_action(s->qdev.conf.blk, action, is_read, error); 447 if (action == BLOCK_ERROR_ACTION_STOP) { 448 scsi_req_retry(&r->req); 449 } 450 return action != BLOCK_ERROR_ACTION_IGNORE; 451 } 452 453 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 454 { 455 uint32_t n; 456 457 assert (r->req.aiocb == NULL); 458 459 if (r->req.io_canceled) { 460 scsi_req_cancel_complete(&r->req); 461 goto done; 462 } 463 464 if (ret < 0) { 465 if (scsi_handle_rw_error(r, -ret, false)) { 466 goto done; 467 } 468 } 469 470 n = r->qiov.size / 512; 471 r->sector += n; 472 r->sector_count -= n; 473 if (r->sector_count == 0) { 474 scsi_write_do_fua(r); 475 return; 476 } else { 477 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 478 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 479 scsi_req_data(&r->req, r->qiov.size); 480 } 481 482 done: 483 scsi_req_unref(&r->req); 484 } 485 486 static void scsi_write_complete(void * opaque, int ret) 487 { 488 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 490 491 assert (r->req.aiocb != NULL); 492 r->req.aiocb = NULL; 493 494 if (ret < 0) { 495 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 496 } else { 497 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 498 } 499 scsi_write_complete_noio(r, ret); 500 } 501 502 static void scsi_write_data(SCSIRequest *req) 503 { 504 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 506 uint32_t n; 507 508 /* No data transfer may already be in progress */ 509 assert(r->req.aiocb == NULL); 510 511 /* The request is used as the AIO opaque value, so add a ref. */ 512 scsi_req_ref(&r->req); 513 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 514 DPRINTF("Data transfer direction invalid\n"); 515 scsi_write_complete_noio(r, -EINVAL); 516 return; 517 } 518 519 if (!r->req.sg && !r->qiov.size) { 520 /* Called for the first time. Ask the driver to send us more data. */ 521 r->started = true; 522 scsi_write_complete_noio(r, 0); 523 return; 524 } 525 if (s->tray_open) { 526 scsi_write_complete_noio(r, -ENOMEDIUM); 527 return; 528 } 529 530 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 531 r->req.cmd.buf[0] == VERIFY_16) { 532 if (r->req.sg) { 533 scsi_dma_complete_noio(r, 0); 534 } else { 535 scsi_write_complete_noio(r, 0); 536 } 537 return; 538 } 539 540 if (r->req.sg) { 541 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 542 r->req.resid -= r->req.sg->size; 543 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector, 544 scsi_dma_complete, r); 545 } else { 546 n = r->qiov.size / 512; 547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 548 n * BDRV_SECTOR_SIZE, BLOCK_ACCT_WRITE); 549 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, r->sector, &r->qiov, n, 550 scsi_write_complete, r); 551 } 552 } 553 554 /* Return a pointer to the data buffer. */ 555 static uint8_t *scsi_get_buf(SCSIRequest *req) 556 { 557 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 558 559 return (uint8_t *)r->iov.iov_base; 560 } 561 562 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 563 { 564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 565 int buflen = 0; 566 int start; 567 568 if (req->cmd.buf[1] & 0x1) { 569 /* Vital product data */ 570 uint8_t page_code = req->cmd.buf[2]; 571 572 outbuf[buflen++] = s->qdev.type & 0x1f; 573 outbuf[buflen++] = page_code ; // this page 574 outbuf[buflen++] = 0x00; 575 outbuf[buflen++] = 0x00; 576 start = buflen; 577 578 switch (page_code) { 579 case 0x00: /* Supported page codes, mandatory */ 580 { 581 DPRINTF("Inquiry EVPD[Supported pages] " 582 "buffer size %zd\n", req->cmd.xfer); 583 outbuf[buflen++] = 0x00; // list of supported pages (this page) 584 if (s->serial) { 585 outbuf[buflen++] = 0x80; // unit serial number 586 } 587 outbuf[buflen++] = 0x83; // device identification 588 if (s->qdev.type == TYPE_DISK) { 589 outbuf[buflen++] = 0xb0; // block limits 590 outbuf[buflen++] = 0xb2; // thin provisioning 591 } 592 break; 593 } 594 case 0x80: /* Device serial number, optional */ 595 { 596 int l; 597 598 if (!s->serial) { 599 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 600 return -1; 601 } 602 603 l = strlen(s->serial); 604 if (l > 20) { 605 l = 20; 606 } 607 608 DPRINTF("Inquiry EVPD[Serial number] " 609 "buffer size %zd\n", req->cmd.xfer); 610 memcpy(outbuf+buflen, s->serial, l); 611 buflen += l; 612 break; 613 } 614 615 case 0x83: /* Device identification page, mandatory */ 616 { 617 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 618 int max_len = s->serial ? 20 : 255 - 8; 619 int id_len = strlen(str); 620 621 if (id_len > max_len) { 622 id_len = max_len; 623 } 624 DPRINTF("Inquiry EVPD[Device identification] " 625 "buffer size %zd\n", req->cmd.xfer); 626 627 outbuf[buflen++] = 0x2; // ASCII 628 outbuf[buflen++] = 0; // not officially assigned 629 outbuf[buflen++] = 0; // reserved 630 outbuf[buflen++] = id_len; // length of data following 631 memcpy(outbuf+buflen, str, id_len); 632 buflen += id_len; 633 634 if (s->qdev.wwn) { 635 outbuf[buflen++] = 0x1; // Binary 636 outbuf[buflen++] = 0x3; // NAA 637 outbuf[buflen++] = 0; // reserved 638 outbuf[buflen++] = 8; 639 stq_be_p(&outbuf[buflen], s->qdev.wwn); 640 buflen += 8; 641 } 642 643 if (s->qdev.port_wwn) { 644 outbuf[buflen++] = 0x61; // SAS / Binary 645 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 646 outbuf[buflen++] = 0; // reserved 647 outbuf[buflen++] = 8; 648 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 649 buflen += 8; 650 } 651 652 if (s->port_index) { 653 outbuf[buflen++] = 0x61; // SAS / Binary 654 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 655 outbuf[buflen++] = 0; // reserved 656 outbuf[buflen++] = 4; 657 stw_be_p(&outbuf[buflen + 2], s->port_index); 658 buflen += 4; 659 } 660 break; 661 } 662 case 0xb0: /* block limits */ 663 { 664 unsigned int unmap_sectors = 665 s->qdev.conf.discard_granularity / s->qdev.blocksize; 666 unsigned int min_io_size = 667 s->qdev.conf.min_io_size / s->qdev.blocksize; 668 unsigned int opt_io_size = 669 s->qdev.conf.opt_io_size / s->qdev.blocksize; 670 unsigned int max_unmap_sectors = 671 s->max_unmap_size / s->qdev.blocksize; 672 unsigned int max_io_sectors = 673 s->max_io_size / s->qdev.blocksize; 674 675 if (s->qdev.type == TYPE_ROM) { 676 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 677 page_code); 678 return -1; 679 } 680 /* required VPD size with unmap support */ 681 buflen = 0x40; 682 memset(outbuf + 4, 0, buflen - 4); 683 684 outbuf[4] = 0x1; /* wsnz */ 685 686 /* optimal transfer length granularity */ 687 outbuf[6] = (min_io_size >> 8) & 0xff; 688 outbuf[7] = min_io_size & 0xff; 689 690 /* maximum transfer length */ 691 outbuf[8] = (max_io_sectors >> 24) & 0xff; 692 outbuf[9] = (max_io_sectors >> 16) & 0xff; 693 outbuf[10] = (max_io_sectors >> 8) & 0xff; 694 outbuf[11] = max_io_sectors & 0xff; 695 696 /* optimal transfer length */ 697 outbuf[12] = (opt_io_size >> 24) & 0xff; 698 outbuf[13] = (opt_io_size >> 16) & 0xff; 699 outbuf[14] = (opt_io_size >> 8) & 0xff; 700 outbuf[15] = opt_io_size & 0xff; 701 702 /* max unmap LBA count, default is 1GB */ 703 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 704 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 705 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 706 outbuf[23] = max_unmap_sectors & 0xff; 707 708 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 709 outbuf[24] = 0; 710 outbuf[25] = 0; 711 outbuf[26] = 0; 712 outbuf[27] = 255; 713 714 /* optimal unmap granularity */ 715 outbuf[28] = (unmap_sectors >> 24) & 0xff; 716 outbuf[29] = (unmap_sectors >> 16) & 0xff; 717 outbuf[30] = (unmap_sectors >> 8) & 0xff; 718 outbuf[31] = unmap_sectors & 0xff; 719 720 /* max write same size */ 721 outbuf[36] = 0; 722 outbuf[37] = 0; 723 outbuf[38] = 0; 724 outbuf[39] = 0; 725 726 outbuf[40] = (max_io_sectors >> 24) & 0xff; 727 outbuf[41] = (max_io_sectors >> 16) & 0xff; 728 outbuf[42] = (max_io_sectors >> 8) & 0xff; 729 outbuf[43] = max_io_sectors & 0xff; 730 break; 731 } 732 case 0xb2: /* thin provisioning */ 733 { 734 buflen = 8; 735 outbuf[4] = 0; 736 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 737 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 738 outbuf[7] = 0; 739 break; 740 } 741 default: 742 return -1; 743 } 744 /* done with EVPD */ 745 assert(buflen - start <= 255); 746 outbuf[start - 1] = buflen - start; 747 return buflen; 748 } 749 750 /* Standard INQUIRY data */ 751 if (req->cmd.buf[2] != 0) { 752 return -1; 753 } 754 755 /* PAGE CODE == 0 */ 756 buflen = req->cmd.xfer; 757 if (buflen > SCSI_MAX_INQUIRY_LEN) { 758 buflen = SCSI_MAX_INQUIRY_LEN; 759 } 760 761 outbuf[0] = s->qdev.type & 0x1f; 762 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 763 764 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 765 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 766 767 memset(&outbuf[32], 0, 4); 768 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 769 /* 770 * We claim conformance to SPC-3, which is required for guests 771 * to ask for modern features like READ CAPACITY(16) or the 772 * block characteristics VPD page by default. Not all of SPC-3 773 * is actually implemented, but we're good enough. 774 */ 775 outbuf[2] = 5; 776 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 777 778 if (buflen > 36) { 779 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 780 } else { 781 /* If the allocation length of CDB is too small, 782 the additional length is not adjusted */ 783 outbuf[4] = 36 - 5; 784 } 785 786 /* Sync data transfer and TCQ. */ 787 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 788 return buflen; 789 } 790 791 static inline bool media_is_dvd(SCSIDiskState *s) 792 { 793 uint64_t nb_sectors; 794 if (s->qdev.type != TYPE_ROM) { 795 return false; 796 } 797 if (!blk_is_inserted(s->qdev.conf.blk)) { 798 return false; 799 } 800 if (s->tray_open) { 801 return false; 802 } 803 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 804 return nb_sectors > CD_MAX_SECTORS; 805 } 806 807 static inline bool media_is_cd(SCSIDiskState *s) 808 { 809 uint64_t nb_sectors; 810 if (s->qdev.type != TYPE_ROM) { 811 return false; 812 } 813 if (!blk_is_inserted(s->qdev.conf.blk)) { 814 return false; 815 } 816 if (s->tray_open) { 817 return false; 818 } 819 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 820 return nb_sectors <= CD_MAX_SECTORS; 821 } 822 823 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 824 uint8_t *outbuf) 825 { 826 uint8_t type = r->req.cmd.buf[1] & 7; 827 828 if (s->qdev.type != TYPE_ROM) { 829 return -1; 830 } 831 832 /* Types 1/2 are only defined for Blu-Ray. */ 833 if (type != 0) { 834 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 835 return -1; 836 } 837 838 memset(outbuf, 0, 34); 839 outbuf[1] = 32; 840 outbuf[2] = 0xe; /* last session complete, disc finalized */ 841 outbuf[3] = 1; /* first track on disc */ 842 outbuf[4] = 1; /* # of sessions */ 843 outbuf[5] = 1; /* first track of last session */ 844 outbuf[6] = 1; /* last track of last session */ 845 outbuf[7] = 0x20; /* unrestricted use */ 846 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 847 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 848 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 849 /* 24-31: disc bar code */ 850 /* 32: disc application code */ 851 /* 33: number of OPC tables */ 852 853 return 34; 854 } 855 856 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 857 uint8_t *outbuf) 858 { 859 static const int rds_caps_size[5] = { 860 [0] = 2048 + 4, 861 [1] = 4 + 4, 862 [3] = 188 + 4, 863 [4] = 2048 + 4, 864 }; 865 866 uint8_t media = r->req.cmd.buf[1]; 867 uint8_t layer = r->req.cmd.buf[6]; 868 uint8_t format = r->req.cmd.buf[7]; 869 int size = -1; 870 871 if (s->qdev.type != TYPE_ROM) { 872 return -1; 873 } 874 if (media != 0) { 875 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 876 return -1; 877 } 878 879 if (format != 0xff) { 880 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 881 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 882 return -1; 883 } 884 if (media_is_cd(s)) { 885 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 886 return -1; 887 } 888 if (format >= ARRAY_SIZE(rds_caps_size)) { 889 return -1; 890 } 891 size = rds_caps_size[format]; 892 memset(outbuf, 0, size); 893 } 894 895 switch (format) { 896 case 0x00: { 897 /* Physical format information */ 898 uint64_t nb_sectors; 899 if (layer != 0) { 900 goto fail; 901 } 902 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 903 904 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 905 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 906 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 907 outbuf[7] = 0; /* default densities */ 908 909 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 910 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 911 break; 912 } 913 914 case 0x01: /* DVD copyright information, all zeros */ 915 break; 916 917 case 0x03: /* BCA information - invalid field for no BCA info */ 918 return -1; 919 920 case 0x04: /* DVD disc manufacturing information, all zeros */ 921 break; 922 923 case 0xff: { /* List capabilities */ 924 int i; 925 size = 4; 926 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 927 if (!rds_caps_size[i]) { 928 continue; 929 } 930 outbuf[size] = i; 931 outbuf[size + 1] = 0x40; /* Not writable, readable */ 932 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 933 size += 4; 934 } 935 break; 936 } 937 938 default: 939 return -1; 940 } 941 942 /* Size of buffer, not including 2 byte size field */ 943 stw_be_p(outbuf, size - 2); 944 return size; 945 946 fail: 947 return -1; 948 } 949 950 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 951 { 952 uint8_t event_code, media_status; 953 954 media_status = 0; 955 if (s->tray_open) { 956 media_status = MS_TRAY_OPEN; 957 } else if (blk_is_inserted(s->qdev.conf.blk)) { 958 media_status = MS_MEDIA_PRESENT; 959 } 960 961 /* Event notification descriptor */ 962 event_code = MEC_NO_CHANGE; 963 if (media_status != MS_TRAY_OPEN) { 964 if (s->media_event) { 965 event_code = MEC_NEW_MEDIA; 966 s->media_event = false; 967 } else if (s->eject_request) { 968 event_code = MEC_EJECT_REQUESTED; 969 s->eject_request = false; 970 } 971 } 972 973 outbuf[0] = event_code; 974 outbuf[1] = media_status; 975 976 /* These fields are reserved, just clear them. */ 977 outbuf[2] = 0; 978 outbuf[3] = 0; 979 return 4; 980 } 981 982 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 983 uint8_t *outbuf) 984 { 985 int size; 986 uint8_t *buf = r->req.cmd.buf; 987 uint8_t notification_class_request = buf[4]; 988 if (s->qdev.type != TYPE_ROM) { 989 return -1; 990 } 991 if ((buf[1] & 1) == 0) { 992 /* asynchronous */ 993 return -1; 994 } 995 996 size = 4; 997 outbuf[0] = outbuf[1] = 0; 998 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 999 if (notification_class_request & (1 << GESN_MEDIA)) { 1000 outbuf[2] = GESN_MEDIA; 1001 size += scsi_event_status_media(s, &outbuf[size]); 1002 } else { 1003 outbuf[2] = 0x80; 1004 } 1005 stw_be_p(outbuf, size - 4); 1006 return size; 1007 } 1008 1009 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1010 { 1011 int current; 1012 1013 if (s->qdev.type != TYPE_ROM) { 1014 return -1; 1015 } 1016 1017 if (media_is_dvd(s)) { 1018 current = MMC_PROFILE_DVD_ROM; 1019 } else if (media_is_cd(s)) { 1020 current = MMC_PROFILE_CD_ROM; 1021 } else { 1022 current = MMC_PROFILE_NONE; 1023 } 1024 1025 memset(outbuf, 0, 40); 1026 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1027 stw_be_p(&outbuf[6], current); 1028 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1029 outbuf[10] = 0x03; /* persistent, current */ 1030 outbuf[11] = 8; /* two profiles */ 1031 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1032 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1033 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1034 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1035 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1036 stw_be_p(&outbuf[20], 1); 1037 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1038 outbuf[23] = 8; 1039 stl_be_p(&outbuf[24], 1); /* SCSI */ 1040 outbuf[28] = 1; /* DBE = 1, mandatory */ 1041 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1042 stw_be_p(&outbuf[32], 3); 1043 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1044 outbuf[35] = 4; 1045 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1046 /* TODO: Random readable, CD read, DVD read, drive serial number, 1047 power management */ 1048 return 40; 1049 } 1050 1051 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1052 { 1053 if (s->qdev.type != TYPE_ROM) { 1054 return -1; 1055 } 1056 memset(outbuf, 0, 8); 1057 outbuf[5] = 1; /* CD-ROM */ 1058 return 8; 1059 } 1060 1061 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1062 int page_control) 1063 { 1064 static const int mode_sense_valid[0x3f] = { 1065 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1066 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1067 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1068 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1069 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1070 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1071 }; 1072 1073 uint8_t *p = *p_outbuf + 2; 1074 int length; 1075 1076 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1077 return -1; 1078 } 1079 1080 /* 1081 * If Changeable Values are requested, a mask denoting those mode parameters 1082 * that are changeable shall be returned. As we currently don't support 1083 * parameter changes via MODE_SELECT all bits are returned set to zero. 1084 * The buffer was already menset to zero by the caller of this function. 1085 * 1086 * The offsets here are off by two compared to the descriptions in the 1087 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1088 * but it is done so that offsets are consistent within our implementation 1089 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1090 * 2-byte and 4-byte headers. 1091 */ 1092 switch (page) { 1093 case MODE_PAGE_HD_GEOMETRY: 1094 length = 0x16; 1095 if (page_control == 1) { /* Changeable Values */ 1096 break; 1097 } 1098 /* if a geometry hint is available, use it */ 1099 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1100 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1101 p[2] = s->qdev.conf.cyls & 0xff; 1102 p[3] = s->qdev.conf.heads & 0xff; 1103 /* Write precomp start cylinder, disabled */ 1104 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1105 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1106 p[6] = s->qdev.conf.cyls & 0xff; 1107 /* Reduced current start cylinder, disabled */ 1108 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1109 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1110 p[9] = s->qdev.conf.cyls & 0xff; 1111 /* Device step rate [ns], 200ns */ 1112 p[10] = 0; 1113 p[11] = 200; 1114 /* Landing zone cylinder */ 1115 p[12] = 0xff; 1116 p[13] = 0xff; 1117 p[14] = 0xff; 1118 /* Medium rotation rate [rpm], 5400 rpm */ 1119 p[18] = (5400 >> 8) & 0xff; 1120 p[19] = 5400 & 0xff; 1121 break; 1122 1123 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1124 length = 0x1e; 1125 if (page_control == 1) { /* Changeable Values */ 1126 break; 1127 } 1128 /* Transfer rate [kbit/s], 5Mbit/s */ 1129 p[0] = 5000 >> 8; 1130 p[1] = 5000 & 0xff; 1131 /* if a geometry hint is available, use it */ 1132 p[2] = s->qdev.conf.heads & 0xff; 1133 p[3] = s->qdev.conf.secs & 0xff; 1134 p[4] = s->qdev.blocksize >> 8; 1135 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1136 p[7] = s->qdev.conf.cyls & 0xff; 1137 /* Write precomp start cylinder, disabled */ 1138 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1139 p[9] = s->qdev.conf.cyls & 0xff; 1140 /* Reduced current start cylinder, disabled */ 1141 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1142 p[11] = s->qdev.conf.cyls & 0xff; 1143 /* Device step rate [100us], 100us */ 1144 p[12] = 0; 1145 p[13] = 1; 1146 /* Device step pulse width [us], 1us */ 1147 p[14] = 1; 1148 /* Device head settle delay [100us], 100us */ 1149 p[15] = 0; 1150 p[16] = 1; 1151 /* Motor on delay [0.1s], 0.1s */ 1152 p[17] = 1; 1153 /* Motor off delay [0.1s], 0.1s */ 1154 p[18] = 1; 1155 /* Medium rotation rate [rpm], 5400 rpm */ 1156 p[26] = (5400 >> 8) & 0xff; 1157 p[27] = 5400 & 0xff; 1158 break; 1159 1160 case MODE_PAGE_CACHING: 1161 length = 0x12; 1162 if (page_control == 1 || /* Changeable Values */ 1163 blk_enable_write_cache(s->qdev.conf.blk)) { 1164 p[0] = 4; /* WCE */ 1165 } 1166 break; 1167 1168 case MODE_PAGE_R_W_ERROR: 1169 length = 10; 1170 if (page_control == 1) { /* Changeable Values */ 1171 break; 1172 } 1173 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1174 if (s->qdev.type == TYPE_ROM) { 1175 p[1] = 0x20; /* Read Retry Count */ 1176 } 1177 break; 1178 1179 case MODE_PAGE_AUDIO_CTL: 1180 length = 14; 1181 break; 1182 1183 case MODE_PAGE_CAPABILITIES: 1184 length = 0x14; 1185 if (page_control == 1) { /* Changeable Values */ 1186 break; 1187 } 1188 1189 p[0] = 0x3b; /* CD-R & CD-RW read */ 1190 p[1] = 0; /* Writing not supported */ 1191 p[2] = 0x7f; /* Audio, composite, digital out, 1192 mode 2 form 1&2, multi session */ 1193 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1194 RW corrected, C2 errors, ISRC, 1195 UPC, Bar code */ 1196 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1197 /* Locking supported, jumper present, eject, tray */ 1198 p[5] = 0; /* no volume & mute control, no 1199 changer */ 1200 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1201 p[7] = (50 * 176) & 0xff; 1202 p[8] = 2 >> 8; /* Two volume levels */ 1203 p[9] = 2 & 0xff; 1204 p[10] = 2048 >> 8; /* 2M buffer */ 1205 p[11] = 2048 & 0xff; 1206 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1207 p[13] = (16 * 176) & 0xff; 1208 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1209 p[17] = (16 * 176) & 0xff; 1210 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1211 p[19] = (16 * 176) & 0xff; 1212 break; 1213 1214 default: 1215 return -1; 1216 } 1217 1218 assert(length < 256); 1219 (*p_outbuf)[0] = page; 1220 (*p_outbuf)[1] = length; 1221 *p_outbuf += length + 2; 1222 return length + 2; 1223 } 1224 1225 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1226 { 1227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1228 uint64_t nb_sectors; 1229 bool dbd; 1230 int page, buflen, ret, page_control; 1231 uint8_t *p; 1232 uint8_t dev_specific_param; 1233 1234 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1235 page = r->req.cmd.buf[2] & 0x3f; 1236 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1237 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1238 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1239 memset(outbuf, 0, r->req.cmd.xfer); 1240 p = outbuf; 1241 1242 if (s->qdev.type == TYPE_DISK) { 1243 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1244 if (blk_is_read_only(s->qdev.conf.blk)) { 1245 dev_specific_param |= 0x80; /* Readonly. */ 1246 } 1247 } else { 1248 /* MMC prescribes that CD/DVD drives have no block descriptors, 1249 * and defines no device-specific parameter. */ 1250 dev_specific_param = 0x00; 1251 dbd = true; 1252 } 1253 1254 if (r->req.cmd.buf[0] == MODE_SENSE) { 1255 p[1] = 0; /* Default media type. */ 1256 p[2] = dev_specific_param; 1257 p[3] = 0; /* Block descriptor length. */ 1258 p += 4; 1259 } else { /* MODE_SENSE_10 */ 1260 p[2] = 0; /* Default media type. */ 1261 p[3] = dev_specific_param; 1262 p[6] = p[7] = 0; /* Block descriptor length. */ 1263 p += 8; 1264 } 1265 1266 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1267 if (!dbd && nb_sectors) { 1268 if (r->req.cmd.buf[0] == MODE_SENSE) { 1269 outbuf[3] = 8; /* Block descriptor length */ 1270 } else { /* MODE_SENSE_10 */ 1271 outbuf[7] = 8; /* Block descriptor length */ 1272 } 1273 nb_sectors /= (s->qdev.blocksize / 512); 1274 if (nb_sectors > 0xffffff) { 1275 nb_sectors = 0; 1276 } 1277 p[0] = 0; /* media density code */ 1278 p[1] = (nb_sectors >> 16) & 0xff; 1279 p[2] = (nb_sectors >> 8) & 0xff; 1280 p[3] = nb_sectors & 0xff; 1281 p[4] = 0; /* reserved */ 1282 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1283 p[6] = s->qdev.blocksize >> 8; 1284 p[7] = 0; 1285 p += 8; 1286 } 1287 1288 if (page_control == 3) { 1289 /* Saved Values */ 1290 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1291 return -1; 1292 } 1293 1294 if (page == 0x3f) { 1295 for (page = 0; page <= 0x3e; page++) { 1296 mode_sense_page(s, page, &p, page_control); 1297 } 1298 } else { 1299 ret = mode_sense_page(s, page, &p, page_control); 1300 if (ret == -1) { 1301 return -1; 1302 } 1303 } 1304 1305 buflen = p - outbuf; 1306 /* 1307 * The mode data length field specifies the length in bytes of the 1308 * following data that is available to be transferred. The mode data 1309 * length does not include itself. 1310 */ 1311 if (r->req.cmd.buf[0] == MODE_SENSE) { 1312 outbuf[0] = buflen - 1; 1313 } else { /* MODE_SENSE_10 */ 1314 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1315 outbuf[1] = (buflen - 2) & 0xff; 1316 } 1317 return buflen; 1318 } 1319 1320 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1321 { 1322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1323 int start_track, format, msf, toclen; 1324 uint64_t nb_sectors; 1325 1326 msf = req->cmd.buf[1] & 2; 1327 format = req->cmd.buf[2] & 0xf; 1328 start_track = req->cmd.buf[6]; 1329 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1330 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1331 nb_sectors /= s->qdev.blocksize / 512; 1332 switch (format) { 1333 case 0: 1334 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1335 break; 1336 case 1: 1337 /* multi session : only a single session defined */ 1338 toclen = 12; 1339 memset(outbuf, 0, 12); 1340 outbuf[1] = 0x0a; 1341 outbuf[2] = 0x01; 1342 outbuf[3] = 0x01; 1343 break; 1344 case 2: 1345 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1346 break; 1347 default: 1348 return -1; 1349 } 1350 return toclen; 1351 } 1352 1353 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1354 { 1355 SCSIRequest *req = &r->req; 1356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1357 bool start = req->cmd.buf[4] & 1; 1358 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1359 int pwrcnd = req->cmd.buf[4] & 0xf0; 1360 1361 if (pwrcnd) { 1362 /* eject/load only happens for power condition == 0 */ 1363 return 0; 1364 } 1365 1366 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1367 if (!start && !s->tray_open && s->tray_locked) { 1368 scsi_check_condition(r, 1369 blk_is_inserted(s->qdev.conf.blk) 1370 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1371 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1372 return -1; 1373 } 1374 1375 if (s->tray_open != !start) { 1376 blk_eject(s->qdev.conf.blk, !start); 1377 s->tray_open = !start; 1378 } 1379 } 1380 return 0; 1381 } 1382 1383 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1384 { 1385 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1386 int buflen = r->iov.iov_len; 1387 1388 if (buflen) { 1389 DPRINTF("Read buf_len=%d\n", buflen); 1390 r->iov.iov_len = 0; 1391 r->started = true; 1392 scsi_req_data(&r->req, buflen); 1393 return; 1394 } 1395 1396 /* This also clears the sense buffer for REQUEST SENSE. */ 1397 scsi_req_complete(&r->req, GOOD); 1398 } 1399 1400 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1401 uint8_t *inbuf, int inlen) 1402 { 1403 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1404 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1405 uint8_t *p; 1406 int len, expected_len, changeable_len, i; 1407 1408 /* The input buffer does not include the page header, so it is 1409 * off by 2 bytes. 1410 */ 1411 expected_len = inlen + 2; 1412 if (expected_len > SCSI_MAX_MODE_LEN) { 1413 return -1; 1414 } 1415 1416 p = mode_current; 1417 memset(mode_current, 0, inlen + 2); 1418 len = mode_sense_page(s, page, &p, 0); 1419 if (len < 0 || len != expected_len) { 1420 return -1; 1421 } 1422 1423 p = mode_changeable; 1424 memset(mode_changeable, 0, inlen + 2); 1425 changeable_len = mode_sense_page(s, page, &p, 1); 1426 assert(changeable_len == len); 1427 1428 /* Check that unchangeable bits are the same as what MODE SENSE 1429 * would return. 1430 */ 1431 for (i = 2; i < len; i++) { 1432 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1433 return -1; 1434 } 1435 } 1436 return 0; 1437 } 1438 1439 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1440 { 1441 switch (page) { 1442 case MODE_PAGE_CACHING: 1443 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1444 break; 1445 1446 default: 1447 break; 1448 } 1449 } 1450 1451 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1452 { 1453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1454 1455 while (len > 0) { 1456 int page, subpage, page_len; 1457 1458 /* Parse both possible formats for the mode page headers. */ 1459 page = p[0] & 0x3f; 1460 if (p[0] & 0x40) { 1461 if (len < 4) { 1462 goto invalid_param_len; 1463 } 1464 subpage = p[1]; 1465 page_len = lduw_be_p(&p[2]); 1466 p += 4; 1467 len -= 4; 1468 } else { 1469 if (len < 2) { 1470 goto invalid_param_len; 1471 } 1472 subpage = 0; 1473 page_len = p[1]; 1474 p += 2; 1475 len -= 2; 1476 } 1477 1478 if (subpage) { 1479 goto invalid_param; 1480 } 1481 if (page_len > len) { 1482 goto invalid_param_len; 1483 } 1484 1485 if (!change) { 1486 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1487 goto invalid_param; 1488 } 1489 } else { 1490 scsi_disk_apply_mode_select(s, page, p); 1491 } 1492 1493 p += page_len; 1494 len -= page_len; 1495 } 1496 return 0; 1497 1498 invalid_param: 1499 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1500 return -1; 1501 1502 invalid_param_len: 1503 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1504 return -1; 1505 } 1506 1507 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1508 { 1509 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1510 uint8_t *p = inbuf; 1511 int cmd = r->req.cmd.buf[0]; 1512 int len = r->req.cmd.xfer; 1513 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1514 int bd_len; 1515 int pass; 1516 1517 /* We only support PF=1, SP=0. */ 1518 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1519 goto invalid_field; 1520 } 1521 1522 if (len < hdr_len) { 1523 goto invalid_param_len; 1524 } 1525 1526 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1527 len -= hdr_len; 1528 p += hdr_len; 1529 if (len < bd_len) { 1530 goto invalid_param_len; 1531 } 1532 if (bd_len != 0 && bd_len != 8) { 1533 goto invalid_param; 1534 } 1535 1536 len -= bd_len; 1537 p += bd_len; 1538 1539 /* Ensure no change is made if there is an error! */ 1540 for (pass = 0; pass < 2; pass++) { 1541 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1542 assert(pass == 0); 1543 return; 1544 } 1545 } 1546 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1547 /* The request is used as the AIO opaque value, so add a ref. */ 1548 scsi_req_ref(&r->req); 1549 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1550 BLOCK_ACCT_FLUSH); 1551 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1552 return; 1553 } 1554 1555 scsi_req_complete(&r->req, GOOD); 1556 return; 1557 1558 invalid_param: 1559 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1560 return; 1561 1562 invalid_param_len: 1563 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1564 return; 1565 1566 invalid_field: 1567 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1568 } 1569 1570 static inline bool check_lba_range(SCSIDiskState *s, 1571 uint64_t sector_num, uint32_t nb_sectors) 1572 { 1573 /* 1574 * The first line tests that no overflow happens when computing the last 1575 * sector. The second line tests that the last accessed sector is in 1576 * range. 1577 * 1578 * Careful, the computations should not underflow for nb_sectors == 0, 1579 * and a 0-block read to the first LBA beyond the end of device is 1580 * valid. 1581 */ 1582 return (sector_num <= sector_num + nb_sectors && 1583 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1584 } 1585 1586 typedef struct UnmapCBData { 1587 SCSIDiskReq *r; 1588 uint8_t *inbuf; 1589 int count; 1590 } UnmapCBData; 1591 1592 static void scsi_unmap_complete(void *opaque, int ret); 1593 1594 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1595 { 1596 SCSIDiskReq *r = data->r; 1597 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1598 uint64_t sector_num; 1599 uint32_t nb_sectors; 1600 1601 assert(r->req.aiocb == NULL); 1602 1603 if (r->req.io_canceled) { 1604 scsi_req_cancel_complete(&r->req); 1605 goto done; 1606 } 1607 1608 if (ret < 0) { 1609 if (scsi_handle_rw_error(r, -ret, false)) { 1610 goto done; 1611 } 1612 } 1613 1614 if (data->count > 0) { 1615 sector_num = ldq_be_p(&data->inbuf[0]); 1616 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1617 if (!check_lba_range(s, sector_num, nb_sectors)) { 1618 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1619 goto done; 1620 } 1621 1622 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1623 sector_num * (s->qdev.blocksize / 512), 1624 nb_sectors * (s->qdev.blocksize / 512), 1625 scsi_unmap_complete, data); 1626 data->count--; 1627 data->inbuf += 16; 1628 return; 1629 } 1630 1631 scsi_req_complete(&r->req, GOOD); 1632 1633 done: 1634 scsi_req_unref(&r->req); 1635 g_free(data); 1636 } 1637 1638 static void scsi_unmap_complete(void *opaque, int ret) 1639 { 1640 UnmapCBData *data = opaque; 1641 SCSIDiskReq *r = data->r; 1642 1643 assert(r->req.aiocb != NULL); 1644 r->req.aiocb = NULL; 1645 1646 scsi_unmap_complete_noio(data, ret); 1647 } 1648 1649 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1650 { 1651 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1652 uint8_t *p = inbuf; 1653 int len = r->req.cmd.xfer; 1654 UnmapCBData *data; 1655 1656 /* Reject ANCHOR=1. */ 1657 if (r->req.cmd.buf[1] & 0x1) { 1658 goto invalid_field; 1659 } 1660 1661 if (len < 8) { 1662 goto invalid_param_len; 1663 } 1664 if (len < lduw_be_p(&p[0]) + 2) { 1665 goto invalid_param_len; 1666 } 1667 if (len < lduw_be_p(&p[2]) + 8) { 1668 goto invalid_param_len; 1669 } 1670 if (lduw_be_p(&p[2]) & 15) { 1671 goto invalid_param_len; 1672 } 1673 1674 if (blk_is_read_only(s->qdev.conf.blk)) { 1675 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1676 return; 1677 } 1678 1679 data = g_new0(UnmapCBData, 1); 1680 data->r = r; 1681 data->inbuf = &p[8]; 1682 data->count = lduw_be_p(&p[2]) >> 4; 1683 1684 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1685 scsi_req_ref(&r->req); 1686 scsi_unmap_complete_noio(data, 0); 1687 return; 1688 1689 invalid_param_len: 1690 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1691 return; 1692 1693 invalid_field: 1694 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1695 } 1696 1697 typedef struct WriteSameCBData { 1698 SCSIDiskReq *r; 1699 int64_t sector; 1700 int nb_sectors; 1701 QEMUIOVector qiov; 1702 struct iovec iov; 1703 } WriteSameCBData; 1704 1705 static void scsi_write_same_complete(void *opaque, int ret) 1706 { 1707 WriteSameCBData *data = opaque; 1708 SCSIDiskReq *r = data->r; 1709 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1710 1711 assert(r->req.aiocb != NULL); 1712 r->req.aiocb = NULL; 1713 if (r->req.io_canceled) { 1714 scsi_req_cancel_complete(&r->req); 1715 goto done; 1716 } 1717 1718 if (ret < 0) { 1719 if (scsi_handle_rw_error(r, -ret, true)) { 1720 goto done; 1721 } 1722 } 1723 1724 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1725 1726 data->nb_sectors -= data->iov.iov_len / 512; 1727 data->sector += data->iov.iov_len / 512; 1728 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1729 if (data->iov.iov_len) { 1730 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1731 data->iov.iov_len, BLOCK_ACCT_WRITE); 1732 /* blk_aio_write doesn't like the qiov size being different from 1733 * nb_sectors, make sure they match. 1734 */ 1735 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1736 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1737 &data->qiov, data->iov.iov_len / 512, 1738 scsi_write_same_complete, data); 1739 return; 1740 } 1741 1742 scsi_req_complete(&r->req, GOOD); 1743 1744 done: 1745 scsi_req_unref(&r->req); 1746 qemu_vfree(data->iov.iov_base); 1747 g_free(data); 1748 } 1749 1750 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1751 { 1752 SCSIRequest *req = &r->req; 1753 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1754 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1755 WriteSameCBData *data; 1756 uint8_t *buf; 1757 int i; 1758 1759 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1760 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1761 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1762 return; 1763 } 1764 1765 if (blk_is_read_only(s->qdev.conf.blk)) { 1766 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1767 return; 1768 } 1769 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1770 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1771 return; 1772 } 1773 1774 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1775 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1776 1777 /* The request is used as the AIO opaque value, so add a ref. */ 1778 scsi_req_ref(&r->req); 1779 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1780 nb_sectors * s->qdev.blocksize, 1781 BLOCK_ACCT_WRITE); 1782 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk, 1783 r->req.cmd.lba * (s->qdev.blocksize / 512), 1784 nb_sectors * (s->qdev.blocksize / 512), 1785 flags, scsi_aio_complete, r); 1786 return; 1787 } 1788 1789 data = g_new0(WriteSameCBData, 1); 1790 data->r = r; 1791 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1792 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1793 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1794 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1795 data->iov.iov_len); 1796 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1797 1798 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1799 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1800 } 1801 1802 scsi_req_ref(&r->req); 1803 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1804 data->iov.iov_len, BLOCK_ACCT_WRITE); 1805 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector, 1806 &data->qiov, data->iov.iov_len / 512, 1807 scsi_write_same_complete, data); 1808 } 1809 1810 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1811 { 1812 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1813 1814 if (r->iov.iov_len) { 1815 int buflen = r->iov.iov_len; 1816 DPRINTF("Write buf_len=%d\n", buflen); 1817 r->iov.iov_len = 0; 1818 scsi_req_data(&r->req, buflen); 1819 return; 1820 } 1821 1822 switch (req->cmd.buf[0]) { 1823 case MODE_SELECT: 1824 case MODE_SELECT_10: 1825 /* This also clears the sense buffer for REQUEST SENSE. */ 1826 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1827 break; 1828 1829 case UNMAP: 1830 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1831 break; 1832 1833 case VERIFY_10: 1834 case VERIFY_12: 1835 case VERIFY_16: 1836 if (r->req.status == -1) { 1837 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1838 } 1839 break; 1840 1841 case WRITE_SAME_10: 1842 case WRITE_SAME_16: 1843 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1844 break; 1845 1846 default: 1847 abort(); 1848 } 1849 } 1850 1851 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1852 { 1853 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1854 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1855 uint64_t nb_sectors; 1856 uint8_t *outbuf; 1857 int buflen; 1858 1859 switch (req->cmd.buf[0]) { 1860 case INQUIRY: 1861 case MODE_SENSE: 1862 case MODE_SENSE_10: 1863 case RESERVE: 1864 case RESERVE_10: 1865 case RELEASE: 1866 case RELEASE_10: 1867 case START_STOP: 1868 case ALLOW_MEDIUM_REMOVAL: 1869 case GET_CONFIGURATION: 1870 case GET_EVENT_STATUS_NOTIFICATION: 1871 case MECHANISM_STATUS: 1872 case REQUEST_SENSE: 1873 break; 1874 1875 default: 1876 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1877 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1878 return 0; 1879 } 1880 break; 1881 } 1882 1883 /* 1884 * FIXME: we shouldn't return anything bigger than 4k, but the code 1885 * requires the buffer to be as big as req->cmd.xfer in several 1886 * places. So, do not allow CDBs with a very large ALLOCATION 1887 * LENGTH. The real fix would be to modify scsi_read_data and 1888 * dma_buf_read, so that they return data beyond the buflen 1889 * as all zeros. 1890 */ 1891 if (req->cmd.xfer > 65536) { 1892 goto illegal_request; 1893 } 1894 r->buflen = MAX(4096, req->cmd.xfer); 1895 1896 if (!r->iov.iov_base) { 1897 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1898 } 1899 1900 buflen = req->cmd.xfer; 1901 outbuf = r->iov.iov_base; 1902 memset(outbuf, 0, r->buflen); 1903 switch (req->cmd.buf[0]) { 1904 case TEST_UNIT_READY: 1905 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1906 break; 1907 case INQUIRY: 1908 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1909 if (buflen < 0) { 1910 goto illegal_request; 1911 } 1912 break; 1913 case MODE_SENSE: 1914 case MODE_SENSE_10: 1915 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1916 if (buflen < 0) { 1917 goto illegal_request; 1918 } 1919 break; 1920 case READ_TOC: 1921 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1922 if (buflen < 0) { 1923 goto illegal_request; 1924 } 1925 break; 1926 case RESERVE: 1927 if (req->cmd.buf[1] & 1) { 1928 goto illegal_request; 1929 } 1930 break; 1931 case RESERVE_10: 1932 if (req->cmd.buf[1] & 3) { 1933 goto illegal_request; 1934 } 1935 break; 1936 case RELEASE: 1937 if (req->cmd.buf[1] & 1) { 1938 goto illegal_request; 1939 } 1940 break; 1941 case RELEASE_10: 1942 if (req->cmd.buf[1] & 3) { 1943 goto illegal_request; 1944 } 1945 break; 1946 case START_STOP: 1947 if (scsi_disk_emulate_start_stop(r) < 0) { 1948 return 0; 1949 } 1950 break; 1951 case ALLOW_MEDIUM_REMOVAL: 1952 s->tray_locked = req->cmd.buf[4] & 1; 1953 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1954 break; 1955 case READ_CAPACITY_10: 1956 /* The normal LEN field for this command is zero. */ 1957 memset(outbuf, 0, 8); 1958 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1959 if (!nb_sectors) { 1960 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1961 return 0; 1962 } 1963 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1964 goto illegal_request; 1965 } 1966 nb_sectors /= s->qdev.blocksize / 512; 1967 /* Returned value is the address of the last sector. */ 1968 nb_sectors--; 1969 /* Remember the new size for read/write sanity checking. */ 1970 s->qdev.max_lba = nb_sectors; 1971 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1972 if (nb_sectors > UINT32_MAX) { 1973 nb_sectors = UINT32_MAX; 1974 } 1975 outbuf[0] = (nb_sectors >> 24) & 0xff; 1976 outbuf[1] = (nb_sectors >> 16) & 0xff; 1977 outbuf[2] = (nb_sectors >> 8) & 0xff; 1978 outbuf[3] = nb_sectors & 0xff; 1979 outbuf[4] = 0; 1980 outbuf[5] = 0; 1981 outbuf[6] = s->qdev.blocksize >> 8; 1982 outbuf[7] = 0; 1983 break; 1984 case REQUEST_SENSE: 1985 /* Just return "NO SENSE". */ 1986 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1987 (req->cmd.buf[1] & 1) == 0); 1988 if (buflen < 0) { 1989 goto illegal_request; 1990 } 1991 break; 1992 case MECHANISM_STATUS: 1993 buflen = scsi_emulate_mechanism_status(s, outbuf); 1994 if (buflen < 0) { 1995 goto illegal_request; 1996 } 1997 break; 1998 case GET_CONFIGURATION: 1999 buflen = scsi_get_configuration(s, outbuf); 2000 if (buflen < 0) { 2001 goto illegal_request; 2002 } 2003 break; 2004 case GET_EVENT_STATUS_NOTIFICATION: 2005 buflen = scsi_get_event_status_notification(s, r, outbuf); 2006 if (buflen < 0) { 2007 goto illegal_request; 2008 } 2009 break; 2010 case READ_DISC_INFORMATION: 2011 buflen = scsi_read_disc_information(s, r, outbuf); 2012 if (buflen < 0) { 2013 goto illegal_request; 2014 } 2015 break; 2016 case READ_DVD_STRUCTURE: 2017 buflen = scsi_read_dvd_structure(s, r, outbuf); 2018 if (buflen < 0) { 2019 goto illegal_request; 2020 } 2021 break; 2022 case SERVICE_ACTION_IN_16: 2023 /* Service Action In subcommands. */ 2024 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2025 DPRINTF("SAI READ CAPACITY(16)\n"); 2026 memset(outbuf, 0, req->cmd.xfer); 2027 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2028 if (!nb_sectors) { 2029 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2030 return 0; 2031 } 2032 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2033 goto illegal_request; 2034 } 2035 nb_sectors /= s->qdev.blocksize / 512; 2036 /* Returned value is the address of the last sector. */ 2037 nb_sectors--; 2038 /* Remember the new size for read/write sanity checking. */ 2039 s->qdev.max_lba = nb_sectors; 2040 outbuf[0] = (nb_sectors >> 56) & 0xff; 2041 outbuf[1] = (nb_sectors >> 48) & 0xff; 2042 outbuf[2] = (nb_sectors >> 40) & 0xff; 2043 outbuf[3] = (nb_sectors >> 32) & 0xff; 2044 outbuf[4] = (nb_sectors >> 24) & 0xff; 2045 outbuf[5] = (nb_sectors >> 16) & 0xff; 2046 outbuf[6] = (nb_sectors >> 8) & 0xff; 2047 outbuf[7] = nb_sectors & 0xff; 2048 outbuf[8] = 0; 2049 outbuf[9] = 0; 2050 outbuf[10] = s->qdev.blocksize >> 8; 2051 outbuf[11] = 0; 2052 outbuf[12] = 0; 2053 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2054 2055 /* set TPE bit if the format supports discard */ 2056 if (s->qdev.conf.discard_granularity) { 2057 outbuf[14] = 0x80; 2058 } 2059 2060 /* Protection, exponent and lowest lba field left blank. */ 2061 break; 2062 } 2063 DPRINTF("Unsupported Service Action In\n"); 2064 goto illegal_request; 2065 case SYNCHRONIZE_CACHE: 2066 /* The request is used as the AIO opaque value, so add a ref. */ 2067 scsi_req_ref(&r->req); 2068 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2069 BLOCK_ACCT_FLUSH); 2070 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2071 return 0; 2072 case SEEK_10: 2073 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2074 if (r->req.cmd.lba > s->qdev.max_lba) { 2075 goto illegal_lba; 2076 } 2077 break; 2078 case MODE_SELECT: 2079 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2080 break; 2081 case MODE_SELECT_10: 2082 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2083 break; 2084 case UNMAP: 2085 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2086 break; 2087 case VERIFY_10: 2088 case VERIFY_12: 2089 case VERIFY_16: 2090 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2091 if (req->cmd.buf[1] & 6) { 2092 goto illegal_request; 2093 } 2094 break; 2095 case WRITE_SAME_10: 2096 case WRITE_SAME_16: 2097 DPRINTF("WRITE SAME %d (len %lu)\n", 2098 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2099 (long)r->req.cmd.xfer); 2100 break; 2101 default: 2102 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2103 scsi_command_name(buf[0])); 2104 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2105 return 0; 2106 } 2107 assert(!r->req.aiocb); 2108 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2109 if (r->iov.iov_len == 0) { 2110 scsi_req_complete(&r->req, GOOD); 2111 } 2112 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2113 assert(r->iov.iov_len == req->cmd.xfer); 2114 return -r->iov.iov_len; 2115 } else { 2116 return r->iov.iov_len; 2117 } 2118 2119 illegal_request: 2120 if (r->req.status == -1) { 2121 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2122 } 2123 return 0; 2124 2125 illegal_lba: 2126 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2127 return 0; 2128 } 2129 2130 /* Execute a scsi command. Returns the length of the data expected by the 2131 command. This will be Positive for data transfers from the device 2132 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2133 and zero if the command does not transfer any data. */ 2134 2135 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2136 { 2137 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2139 uint32_t len; 2140 uint8_t command; 2141 2142 command = buf[0]; 2143 2144 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2145 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2146 return 0; 2147 } 2148 2149 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2150 switch (command) { 2151 case READ_6: 2152 case READ_10: 2153 case READ_12: 2154 case READ_16: 2155 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2156 if (r->req.cmd.buf[1] & 0xe0) { 2157 goto illegal_request; 2158 } 2159 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2160 goto illegal_lba; 2161 } 2162 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2163 r->sector_count = len * (s->qdev.blocksize / 512); 2164 break; 2165 case WRITE_6: 2166 case WRITE_10: 2167 case WRITE_12: 2168 case WRITE_16: 2169 case WRITE_VERIFY_10: 2170 case WRITE_VERIFY_12: 2171 case WRITE_VERIFY_16: 2172 if (blk_is_read_only(s->qdev.conf.blk)) { 2173 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2174 return 0; 2175 } 2176 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2177 (command & 0xe) == 0xe ? "And Verify " : "", 2178 r->req.cmd.lba, len); 2179 if (r->req.cmd.buf[1] & 0xe0) { 2180 goto illegal_request; 2181 } 2182 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2183 goto illegal_lba; 2184 } 2185 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2186 r->sector_count = len * (s->qdev.blocksize / 512); 2187 break; 2188 default: 2189 abort(); 2190 illegal_request: 2191 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2192 return 0; 2193 illegal_lba: 2194 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2195 return 0; 2196 } 2197 if (r->sector_count == 0) { 2198 scsi_req_complete(&r->req, GOOD); 2199 } 2200 assert(r->iov.iov_len == 0); 2201 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2202 return -r->sector_count * 512; 2203 } else { 2204 return r->sector_count * 512; 2205 } 2206 } 2207 2208 static void scsi_disk_reset(DeviceState *dev) 2209 { 2210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2211 uint64_t nb_sectors; 2212 2213 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2214 2215 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2216 nb_sectors /= s->qdev.blocksize / 512; 2217 if (nb_sectors) { 2218 nb_sectors--; 2219 } 2220 s->qdev.max_lba = nb_sectors; 2221 /* reset tray statuses */ 2222 s->tray_locked = 0; 2223 s->tray_open = 0; 2224 } 2225 2226 static void scsi_disk_resize_cb(void *opaque) 2227 { 2228 SCSIDiskState *s = opaque; 2229 2230 /* SPC lists this sense code as available only for 2231 * direct-access devices. 2232 */ 2233 if (s->qdev.type == TYPE_DISK) { 2234 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2235 } 2236 } 2237 2238 static void scsi_cd_change_media_cb(void *opaque, bool load) 2239 { 2240 SCSIDiskState *s = opaque; 2241 2242 /* 2243 * When a CD gets changed, we have to report an ejected state and 2244 * then a loaded state to guests so that they detect tray 2245 * open/close and media change events. Guests that do not use 2246 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2247 * states rely on this behavior. 2248 * 2249 * media_changed governs the state machine used for unit attention 2250 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2251 */ 2252 s->media_changed = load; 2253 s->tray_open = !load; 2254 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2255 s->media_event = true; 2256 s->eject_request = false; 2257 } 2258 2259 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2260 { 2261 SCSIDiskState *s = opaque; 2262 2263 s->eject_request = true; 2264 if (force) { 2265 s->tray_locked = false; 2266 } 2267 } 2268 2269 static bool scsi_cd_is_tray_open(void *opaque) 2270 { 2271 return ((SCSIDiskState *)opaque)->tray_open; 2272 } 2273 2274 static bool scsi_cd_is_medium_locked(void *opaque) 2275 { 2276 return ((SCSIDiskState *)opaque)->tray_locked; 2277 } 2278 2279 static const BlockDevOps scsi_disk_removable_block_ops = { 2280 .change_media_cb = scsi_cd_change_media_cb, 2281 .eject_request_cb = scsi_cd_eject_request_cb, 2282 .is_tray_open = scsi_cd_is_tray_open, 2283 .is_medium_locked = scsi_cd_is_medium_locked, 2284 2285 .resize_cb = scsi_disk_resize_cb, 2286 }; 2287 2288 static const BlockDevOps scsi_disk_block_ops = { 2289 .resize_cb = scsi_disk_resize_cb, 2290 }; 2291 2292 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2293 { 2294 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2295 if (s->media_changed) { 2296 s->media_changed = false; 2297 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2298 } 2299 } 2300 2301 static void scsi_realize(SCSIDevice *dev, Error **errp) 2302 { 2303 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2304 Error *err = NULL; 2305 2306 if (!s->qdev.conf.blk) { 2307 error_setg(errp, "drive property not set"); 2308 return; 2309 } 2310 2311 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2312 !blk_is_inserted(s->qdev.conf.blk)) { 2313 error_setg(errp, "Device needs media, but drive is empty"); 2314 return; 2315 } 2316 2317 blkconf_serial(&s->qdev.conf, &s->serial); 2318 blkconf_blocksizes(&s->qdev.conf); 2319 if (dev->type == TYPE_DISK) { 2320 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2321 if (err) { 2322 error_propagate(errp, err); 2323 return; 2324 } 2325 } 2326 2327 if (s->qdev.conf.discard_granularity == -1) { 2328 s->qdev.conf.discard_granularity = 2329 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2330 } 2331 2332 if (!s->version) { 2333 s->version = g_strdup(qemu_hw_version()); 2334 } 2335 if (!s->vendor) { 2336 s->vendor = g_strdup("QEMU"); 2337 } 2338 2339 if (blk_is_sg(s->qdev.conf.blk)) { 2340 error_setg(errp, "unwanted /dev/sg*"); 2341 return; 2342 } 2343 2344 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2345 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2346 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2347 } else { 2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2349 } 2350 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2351 2352 blk_iostatus_enable(s->qdev.conf.blk); 2353 } 2354 2355 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2356 { 2357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2358 /* can happen for devices without drive. The error message for missing 2359 * backend will be issued in scsi_realize 2360 */ 2361 if (s->qdev.conf.blk) { 2362 blkconf_blocksizes(&s->qdev.conf); 2363 } 2364 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2365 s->qdev.type = TYPE_DISK; 2366 if (!s->product) { 2367 s->product = g_strdup("QEMU HARDDISK"); 2368 } 2369 scsi_realize(&s->qdev, errp); 2370 } 2371 2372 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2373 { 2374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2375 s->qdev.blocksize = 2048; 2376 s->qdev.type = TYPE_ROM; 2377 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2378 if (!s->product) { 2379 s->product = g_strdup("QEMU CD-ROM"); 2380 } 2381 scsi_realize(&s->qdev, errp); 2382 } 2383 2384 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2385 { 2386 DriveInfo *dinfo; 2387 Error *local_err = NULL; 2388 2389 if (!dev->conf.blk) { 2390 scsi_realize(dev, &local_err); 2391 assert(local_err); 2392 error_propagate(errp, local_err); 2393 return; 2394 } 2395 2396 dinfo = blk_legacy_dinfo(dev->conf.blk); 2397 if (dinfo && dinfo->media_cd) { 2398 scsi_cd_realize(dev, errp); 2399 } else { 2400 scsi_hd_realize(dev, errp); 2401 } 2402 } 2403 2404 static const SCSIReqOps scsi_disk_emulate_reqops = { 2405 .size = sizeof(SCSIDiskReq), 2406 .free_req = scsi_free_request, 2407 .send_command = scsi_disk_emulate_command, 2408 .read_data = scsi_disk_emulate_read_data, 2409 .write_data = scsi_disk_emulate_write_data, 2410 .get_buf = scsi_get_buf, 2411 }; 2412 2413 static const SCSIReqOps scsi_disk_dma_reqops = { 2414 .size = sizeof(SCSIDiskReq), 2415 .free_req = scsi_free_request, 2416 .send_command = scsi_disk_dma_command, 2417 .read_data = scsi_read_data, 2418 .write_data = scsi_write_data, 2419 .get_buf = scsi_get_buf, 2420 .load_request = scsi_disk_load_request, 2421 .save_request = scsi_disk_save_request, 2422 }; 2423 2424 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2425 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2426 [INQUIRY] = &scsi_disk_emulate_reqops, 2427 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2428 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2429 [START_STOP] = &scsi_disk_emulate_reqops, 2430 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2431 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2432 [READ_TOC] = &scsi_disk_emulate_reqops, 2433 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2434 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2435 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2436 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2437 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2438 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2439 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2440 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2441 [SEEK_10] = &scsi_disk_emulate_reqops, 2442 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2443 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2444 [UNMAP] = &scsi_disk_emulate_reqops, 2445 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2446 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2447 [VERIFY_10] = &scsi_disk_emulate_reqops, 2448 [VERIFY_12] = &scsi_disk_emulate_reqops, 2449 [VERIFY_16] = &scsi_disk_emulate_reqops, 2450 2451 [READ_6] = &scsi_disk_dma_reqops, 2452 [READ_10] = &scsi_disk_dma_reqops, 2453 [READ_12] = &scsi_disk_dma_reqops, 2454 [READ_16] = &scsi_disk_dma_reqops, 2455 [WRITE_6] = &scsi_disk_dma_reqops, 2456 [WRITE_10] = &scsi_disk_dma_reqops, 2457 [WRITE_12] = &scsi_disk_dma_reqops, 2458 [WRITE_16] = &scsi_disk_dma_reqops, 2459 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2460 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2461 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2462 }; 2463 2464 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2465 uint8_t *buf, void *hba_private) 2466 { 2467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2468 SCSIRequest *req; 2469 const SCSIReqOps *ops; 2470 uint8_t command; 2471 2472 command = buf[0]; 2473 ops = scsi_disk_reqops_dispatch[command]; 2474 if (!ops) { 2475 ops = &scsi_disk_emulate_reqops; 2476 } 2477 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2478 2479 #ifdef DEBUG_SCSI 2480 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2481 { 2482 int i; 2483 for (i = 1; i < scsi_cdb_length(buf); i++) { 2484 printf(" 0x%02x", buf[i]); 2485 } 2486 printf("\n"); 2487 } 2488 #endif 2489 2490 return req; 2491 } 2492 2493 #ifdef __linux__ 2494 static int get_device_type(SCSIDiskState *s) 2495 { 2496 uint8_t cmd[16]; 2497 uint8_t buf[36]; 2498 uint8_t sensebuf[8]; 2499 sg_io_hdr_t io_header; 2500 int ret; 2501 2502 memset(cmd, 0, sizeof(cmd)); 2503 memset(buf, 0, sizeof(buf)); 2504 cmd[0] = INQUIRY; 2505 cmd[4] = sizeof(buf); 2506 2507 memset(&io_header, 0, sizeof(io_header)); 2508 io_header.interface_id = 'S'; 2509 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2510 io_header.dxfer_len = sizeof(buf); 2511 io_header.dxferp = buf; 2512 io_header.cmdp = cmd; 2513 io_header.cmd_len = sizeof(cmd); 2514 io_header.mx_sb_len = sizeof(sensebuf); 2515 io_header.sbp = sensebuf; 2516 io_header.timeout = 6000; /* XXX */ 2517 2518 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2519 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2520 return -1; 2521 } 2522 s->qdev.type = buf[0]; 2523 if (buf[1] & 0x80) { 2524 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2525 } 2526 return 0; 2527 } 2528 2529 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2530 { 2531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2532 int sg_version; 2533 int rc; 2534 2535 if (!s->qdev.conf.blk) { 2536 error_setg(errp, "drive property not set"); 2537 return; 2538 } 2539 2540 /* check we are using a driver managing SG_IO (version 3 and after) */ 2541 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2542 if (rc < 0) { 2543 error_setg(errp, "cannot get SG_IO version number: %s. " 2544 "Is this a SCSI device?", 2545 strerror(-rc)); 2546 return; 2547 } 2548 if (sg_version < 30000) { 2549 error_setg(errp, "scsi generic interface too old"); 2550 return; 2551 } 2552 2553 /* get device type from INQUIRY data */ 2554 rc = get_device_type(s); 2555 if (rc < 0) { 2556 error_setg(errp, "INQUIRY failed"); 2557 return; 2558 } 2559 2560 /* Make a guess for the block size, we'll fix it when the guest sends. 2561 * READ CAPACITY. If they don't, they likely would assume these sizes 2562 * anyway. (TODO: check in /sys). 2563 */ 2564 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2565 s->qdev.blocksize = 2048; 2566 } else { 2567 s->qdev.blocksize = 512; 2568 } 2569 2570 /* Makes the scsi-block device not removable by using HMP and QMP eject 2571 * command. 2572 */ 2573 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2574 2575 scsi_realize(&s->qdev, errp); 2576 scsi_generic_read_device_identification(&s->qdev); 2577 } 2578 2579 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2580 { 2581 switch (buf[0]) { 2582 case READ_6: 2583 case READ_10: 2584 case READ_12: 2585 case READ_16: 2586 case VERIFY_10: 2587 case VERIFY_12: 2588 case VERIFY_16: 2589 case WRITE_6: 2590 case WRITE_10: 2591 case WRITE_12: 2592 case WRITE_16: 2593 case WRITE_VERIFY_10: 2594 case WRITE_VERIFY_12: 2595 case WRITE_VERIFY_16: 2596 /* If we are not using O_DIRECT, we might read stale data from the 2597 * host cache if writes were made using other commands than these 2598 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2599 * O_DIRECT everything must go through SG_IO. 2600 */ 2601 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2602 break; 2603 } 2604 2605 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2606 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2607 * And once you do these writes, reading from the block device is 2608 * unreliable, too. It is even possible that reads deliver random data 2609 * from the host page cache (this is probably a Linux bug). 2610 * 2611 * We might use scsi_disk_dma_reqops as long as no writing commands are 2612 * seen, but performance usually isn't paramount on optical media. So, 2613 * just make scsi-block operate the same as scsi-generic for them. 2614 */ 2615 if (s->qdev.type != TYPE_ROM) { 2616 return false; 2617 } 2618 break; 2619 2620 default: 2621 break; 2622 } 2623 2624 return true; 2625 } 2626 2627 2628 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2629 uint32_t lun, uint8_t *buf, 2630 void *hba_private) 2631 { 2632 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2633 2634 if (scsi_block_is_passthrough(s, buf)) { 2635 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2636 hba_private); 2637 } else { 2638 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2639 hba_private); 2640 } 2641 } 2642 2643 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2644 uint8_t *buf, void *hba_private) 2645 { 2646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2647 2648 if (scsi_block_is_passthrough(s, buf)) { 2649 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2650 } else { 2651 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2652 } 2653 } 2654 2655 #endif 2656 2657 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2658 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2659 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2660 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2661 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2662 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2663 2664 static Property scsi_hd_properties[] = { 2665 DEFINE_SCSI_DISK_PROPERTIES(), 2666 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2667 SCSI_DISK_F_REMOVABLE, false), 2668 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2669 SCSI_DISK_F_DPOFUA, false), 2670 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2671 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2672 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2673 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2674 DEFAULT_MAX_UNMAP_SIZE), 2675 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2676 DEFAULT_MAX_IO_SIZE), 2677 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2678 DEFINE_PROP_END_OF_LIST(), 2679 }; 2680 2681 static const VMStateDescription vmstate_scsi_disk_state = { 2682 .name = "scsi-disk", 2683 .version_id = 1, 2684 .minimum_version_id = 1, 2685 .fields = (VMStateField[]) { 2686 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2687 VMSTATE_BOOL(media_changed, SCSIDiskState), 2688 VMSTATE_BOOL(media_event, SCSIDiskState), 2689 VMSTATE_BOOL(eject_request, SCSIDiskState), 2690 VMSTATE_BOOL(tray_open, SCSIDiskState), 2691 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2692 VMSTATE_END_OF_LIST() 2693 } 2694 }; 2695 2696 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2697 { 2698 DeviceClass *dc = DEVICE_CLASS(klass); 2699 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2700 2701 sc->realize = scsi_hd_realize; 2702 sc->alloc_req = scsi_new_request; 2703 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2704 dc->fw_name = "disk"; 2705 dc->desc = "virtual SCSI disk"; 2706 dc->reset = scsi_disk_reset; 2707 dc->props = scsi_hd_properties; 2708 dc->vmsd = &vmstate_scsi_disk_state; 2709 } 2710 2711 static const TypeInfo scsi_hd_info = { 2712 .name = "scsi-hd", 2713 .parent = TYPE_SCSI_DEVICE, 2714 .instance_size = sizeof(SCSIDiskState), 2715 .class_init = scsi_hd_class_initfn, 2716 }; 2717 2718 static Property scsi_cd_properties[] = { 2719 DEFINE_SCSI_DISK_PROPERTIES(), 2720 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2721 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2722 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2723 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2724 DEFAULT_MAX_IO_SIZE), 2725 DEFINE_PROP_END_OF_LIST(), 2726 }; 2727 2728 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2729 { 2730 DeviceClass *dc = DEVICE_CLASS(klass); 2731 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2732 2733 sc->realize = scsi_cd_realize; 2734 sc->alloc_req = scsi_new_request; 2735 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2736 dc->fw_name = "disk"; 2737 dc->desc = "virtual SCSI CD-ROM"; 2738 dc->reset = scsi_disk_reset; 2739 dc->props = scsi_cd_properties; 2740 dc->vmsd = &vmstate_scsi_disk_state; 2741 } 2742 2743 static const TypeInfo scsi_cd_info = { 2744 .name = "scsi-cd", 2745 .parent = TYPE_SCSI_DEVICE, 2746 .instance_size = sizeof(SCSIDiskState), 2747 .class_init = scsi_cd_class_initfn, 2748 }; 2749 2750 #ifdef __linux__ 2751 static Property scsi_block_properties[] = { 2752 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2753 DEFINE_PROP_END_OF_LIST(), 2754 }; 2755 2756 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2757 { 2758 DeviceClass *dc = DEVICE_CLASS(klass); 2759 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2760 2761 sc->realize = scsi_block_realize; 2762 sc->alloc_req = scsi_block_new_request; 2763 sc->parse_cdb = scsi_block_parse_cdb; 2764 dc->fw_name = "disk"; 2765 dc->desc = "SCSI block device passthrough"; 2766 dc->reset = scsi_disk_reset; 2767 dc->props = scsi_block_properties; 2768 dc->vmsd = &vmstate_scsi_disk_state; 2769 } 2770 2771 static const TypeInfo scsi_block_info = { 2772 .name = "scsi-block", 2773 .parent = TYPE_SCSI_DEVICE, 2774 .instance_size = sizeof(SCSIDiskState), 2775 .class_init = scsi_block_class_initfn, 2776 }; 2777 #endif 2778 2779 static Property scsi_disk_properties[] = { 2780 DEFINE_SCSI_DISK_PROPERTIES(), 2781 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2782 SCSI_DISK_F_REMOVABLE, false), 2783 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2784 SCSI_DISK_F_DPOFUA, false), 2785 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2786 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2787 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2788 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2789 DEFAULT_MAX_UNMAP_SIZE), 2790 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2791 DEFAULT_MAX_IO_SIZE), 2792 DEFINE_PROP_END_OF_LIST(), 2793 }; 2794 2795 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2796 { 2797 DeviceClass *dc = DEVICE_CLASS(klass); 2798 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2799 2800 sc->realize = scsi_disk_realize; 2801 sc->alloc_req = scsi_new_request; 2802 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2803 dc->fw_name = "disk"; 2804 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2805 dc->reset = scsi_disk_reset; 2806 dc->props = scsi_disk_properties; 2807 dc->vmsd = &vmstate_scsi_disk_state; 2808 } 2809 2810 static const TypeInfo scsi_disk_info = { 2811 .name = "scsi-disk", 2812 .parent = TYPE_SCSI_DEVICE, 2813 .instance_size = sizeof(SCSIDiskState), 2814 .class_init = scsi_disk_class_initfn, 2815 }; 2816 2817 static void scsi_disk_register_types(void) 2818 { 2819 type_register_static(&scsi_hd_info); 2820 type_register_static(&scsi_cd_info); 2821 #ifdef __linux__ 2822 type_register_static(&scsi_block_info); 2823 #endif 2824 type_register_static(&scsi_disk_info); 2825 } 2826 2827 type_init(scsi_disk_register_types) 2828