1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/units.h" 24 #include "qapi/error.h" 25 #include "qemu/error-report.h" 26 #include "qemu/main-loop.h" 27 #include "qemu/module.h" 28 #include "qemu/hw-version.h" 29 #include "qemu/memalign.h" 30 #include "hw/scsi/scsi.h" 31 #include "migration/qemu-file-types.h" 32 #include "migration/vmstate.h" 33 #include "hw/scsi/emulation.h" 34 #include "scsi/constants.h" 35 #include "sysemu/block-backend.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "hw/qdev-properties.h" 39 #include "hw/qdev-properties-system.h" 40 #include "sysemu/dma.h" 41 #include "sysemu/sysemu.h" 42 #include "qemu/cutils.h" 43 #include "trace.h" 44 #include "qom/object.h" 45 46 #ifdef __linux 47 #include <scsi/sg.h> 48 #endif 49 50 #define SCSI_WRITE_SAME_MAX (512 * KiB) 51 #define SCSI_DMA_BUF_SIZE (128 * KiB) 52 #define SCSI_MAX_INQUIRY_LEN 256 53 #define SCSI_MAX_MODE_LEN 256 54 55 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 56 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 57 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 58 59 #define TYPE_SCSI_DISK_BASE "scsi-disk-base" 60 61 #define MAX_SERIAL_LEN 36 62 #define MAX_SERIAL_LEN_FOR_DEVID 20 63 64 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 65 66 struct SCSIDiskClass { 67 SCSIDeviceClass parent_class; 68 DMAIOFunc *dma_readv; 69 DMAIOFunc *dma_writev; 70 bool (*need_fua_emulation)(SCSICommand *cmd); 71 void (*update_sense)(SCSIRequest *r); 72 }; 73 74 typedef struct SCSIDiskReq { 75 SCSIRequest req; 76 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 77 uint64_t sector; 78 uint32_t sector_count; 79 uint32_t buflen; 80 bool started; 81 bool need_fua_emulation; 82 struct iovec iov; 83 QEMUIOVector qiov; 84 BlockAcctCookie acct; 85 } SCSIDiskReq; 86 87 #define SCSI_DISK_F_REMOVABLE 0 88 #define SCSI_DISK_F_DPOFUA 1 89 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 90 91 struct SCSIDiskState { 92 SCSIDevice qdev; 93 uint32_t features; 94 bool media_changed; 95 bool media_event; 96 bool eject_request; 97 uint16_t port_index; 98 uint64_t max_unmap_size; 99 uint64_t max_io_size; 100 uint32_t quirks; 101 QEMUBH *bh; 102 char *version; 103 char *serial; 104 char *vendor; 105 char *product; 106 char *device_id; 107 bool tray_open; 108 bool tray_locked; 109 /* 110 * 0x0000 - rotation rate not reported 111 * 0x0001 - non-rotating medium (SSD) 112 * 0x0002-0x0400 - reserved 113 * 0x0401-0xffe - rotations per minute 114 * 0xffff - reserved 115 */ 116 uint16_t rotation_rate; 117 }; 118 119 static void scsi_free_request(SCSIRequest *req) 120 { 121 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 122 123 qemu_vfree(r->iov.iov_base); 124 } 125 126 /* Helper function for command completion with sense. */ 127 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 128 { 129 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 130 sense.ascq); 131 scsi_req_build_sense(&r->req, sense); 132 scsi_req_complete(&r->req, CHECK_CONDITION); 133 } 134 135 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 136 { 137 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 138 139 if (!r->iov.iov_base) { 140 r->buflen = size; 141 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 142 } 143 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 144 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 145 } 146 147 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 148 { 149 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 150 151 qemu_put_be64s(f, &r->sector); 152 qemu_put_be32s(f, &r->sector_count); 153 qemu_put_be32s(f, &r->buflen); 154 if (r->buflen) { 155 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 156 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 157 } else if (!req->retry) { 158 uint32_t len = r->iov.iov_len; 159 qemu_put_be32s(f, &len); 160 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 161 } 162 } 163 } 164 165 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 166 { 167 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 168 169 qemu_get_be64s(f, &r->sector); 170 qemu_get_be32s(f, &r->sector_count); 171 qemu_get_be32s(f, &r->buflen); 172 if (r->buflen) { 173 scsi_init_iovec(r, r->buflen); 174 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 175 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 176 } else if (!r->req.retry) { 177 uint32_t len; 178 qemu_get_be32s(f, &len); 179 r->iov.iov_len = len; 180 assert(r->iov.iov_len <= r->buflen); 181 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 182 } 183 } 184 185 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 186 } 187 188 /* 189 * scsi_handle_rw_error has two return values. False means that the error 190 * must be ignored, true means that the error has been processed and the 191 * caller should not do anything else for this request. Note that 192 * scsi_handle_rw_error always manages its reference counts, independent 193 * of the return value. 194 */ 195 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) 196 { 197 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 198 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 199 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 200 SCSISense sense = SENSE_CODE(NO_SENSE); 201 int error = 0; 202 bool req_has_sense = false; 203 BlockErrorAction action; 204 int status; 205 206 if (ret < 0) { 207 status = scsi_sense_from_errno(-ret, &sense); 208 error = -ret; 209 } else { 210 /* A passthrough command has completed with nonzero status. */ 211 status = ret; 212 if (status == CHECK_CONDITION) { 213 req_has_sense = true; 214 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 215 } else { 216 error = EINVAL; 217 } 218 } 219 220 /* 221 * Check whether the error has to be handled by the guest or should 222 * rather follow the rerror=/werror= settings. Guest-handled errors 223 * are usually retried immediately, so do not post them to QMP and 224 * do not account them as failed I/O. 225 */ 226 if (req_has_sense && 227 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 228 action = BLOCK_ERROR_ACTION_REPORT; 229 acct_failed = false; 230 } else { 231 action = blk_get_error_action(s->qdev.conf.blk, is_read, error); 232 blk_error_action(s->qdev.conf.blk, action, is_read, error); 233 } 234 235 switch (action) { 236 case BLOCK_ERROR_ACTION_REPORT: 237 if (acct_failed) { 238 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 239 } 240 if (req_has_sense) { 241 sdc->update_sense(&r->req); 242 } else if (status == CHECK_CONDITION) { 243 scsi_req_build_sense(&r->req, sense); 244 } 245 scsi_req_complete(&r->req, status); 246 return true; 247 248 case BLOCK_ERROR_ACTION_IGNORE: 249 return false; 250 251 case BLOCK_ERROR_ACTION_STOP: 252 scsi_req_retry(&r->req); 253 return true; 254 255 default: 256 g_assert_not_reached(); 257 } 258 } 259 260 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 261 { 262 if (r->req.io_canceled) { 263 scsi_req_cancel_complete(&r->req); 264 return true; 265 } 266 267 if (ret < 0) { 268 return scsi_handle_rw_error(r, ret, acct_failed); 269 } 270 271 return false; 272 } 273 274 static void scsi_aio_complete(void *opaque, int ret) 275 { 276 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 277 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 278 279 /* The request must only run in the BlockBackend's AioContext */ 280 assert(blk_get_aio_context(s->qdev.conf.blk) == 281 qemu_get_current_aio_context()); 282 283 assert(r->req.aiocb != NULL); 284 r->req.aiocb = NULL; 285 286 if (scsi_disk_req_check_error(r, ret, true)) { 287 goto done; 288 } 289 290 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 291 scsi_req_complete(&r->req, GOOD); 292 293 done: 294 scsi_req_unref(&r->req); 295 } 296 297 static bool scsi_is_cmd_fua(SCSICommand *cmd) 298 { 299 switch (cmd->buf[0]) { 300 case READ_10: 301 case READ_12: 302 case READ_16: 303 case WRITE_10: 304 case WRITE_12: 305 case WRITE_16: 306 return (cmd->buf[1] & 8) != 0; 307 308 case VERIFY_10: 309 case VERIFY_12: 310 case VERIFY_16: 311 case WRITE_VERIFY_10: 312 case WRITE_VERIFY_12: 313 case WRITE_VERIFY_16: 314 return true; 315 316 case READ_6: 317 case WRITE_6: 318 default: 319 return false; 320 } 321 } 322 323 static void scsi_write_do_fua(SCSIDiskReq *r) 324 { 325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 326 327 assert(r->req.aiocb == NULL); 328 assert(!r->req.io_canceled); 329 330 if (r->need_fua_emulation) { 331 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 332 BLOCK_ACCT_FLUSH); 333 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 334 return; 335 } 336 337 scsi_req_complete(&r->req, GOOD); 338 scsi_req_unref(&r->req); 339 } 340 341 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 342 { 343 assert(r->req.aiocb == NULL); 344 if (scsi_disk_req_check_error(r, ret, false)) { 345 goto done; 346 } 347 348 r->sector += r->sector_count; 349 r->sector_count = 0; 350 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 351 scsi_write_do_fua(r); 352 return; 353 } else { 354 scsi_req_complete(&r->req, GOOD); 355 } 356 357 done: 358 scsi_req_unref(&r->req); 359 } 360 361 static void scsi_dma_complete(void *opaque, int ret) 362 { 363 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 364 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 365 366 assert(r->req.aiocb != NULL); 367 r->req.aiocb = NULL; 368 369 if (ret < 0) { 370 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 371 } else { 372 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 373 } 374 scsi_dma_complete_noio(r, ret); 375 } 376 377 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 378 { 379 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 380 uint32_t n; 381 382 /* The request must only run in the BlockBackend's AioContext */ 383 assert(blk_get_aio_context(s->qdev.conf.blk) == 384 qemu_get_current_aio_context()); 385 386 assert(r->req.aiocb == NULL); 387 if (scsi_disk_req_check_error(r, ret, false)) { 388 goto done; 389 } 390 391 n = r->qiov.size / BDRV_SECTOR_SIZE; 392 r->sector += n; 393 r->sector_count -= n; 394 scsi_req_data(&r->req, r->qiov.size); 395 396 done: 397 scsi_req_unref(&r->req); 398 } 399 400 static void scsi_read_complete(void *opaque, int ret) 401 { 402 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 403 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 404 405 assert(r->req.aiocb != NULL); 406 r->req.aiocb = NULL; 407 408 if (ret < 0) { 409 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 410 } else { 411 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 412 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 413 } 414 scsi_read_complete_noio(r, ret); 415 } 416 417 /* Actually issue a read to the block device. */ 418 static void scsi_do_read(SCSIDiskReq *r, int ret) 419 { 420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 421 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 422 423 assert (r->req.aiocb == NULL); 424 if (scsi_disk_req_check_error(r, ret, false)) { 425 goto done; 426 } 427 428 /* The request is used as the AIO opaque value, so add a ref. */ 429 scsi_req_ref(&r->req); 430 431 if (r->req.sg) { 432 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 433 r->req.residual -= r->req.sg->size; 434 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 435 r->req.sg, r->sector << BDRV_SECTOR_BITS, 436 BDRV_SECTOR_SIZE, 437 sdc->dma_readv, r, scsi_dma_complete, r, 438 DMA_DIRECTION_FROM_DEVICE); 439 } else { 440 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 441 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 442 r->qiov.size, BLOCK_ACCT_READ); 443 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 444 scsi_read_complete, r, r); 445 } 446 447 done: 448 scsi_req_unref(&r->req); 449 } 450 451 static void scsi_do_read_cb(void *opaque, int ret) 452 { 453 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 455 456 assert (r->req.aiocb != NULL); 457 r->req.aiocb = NULL; 458 459 if (ret < 0) { 460 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 461 } else { 462 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 463 } 464 scsi_do_read(opaque, ret); 465 } 466 467 /* Read more data from scsi device into buffer. */ 468 static void scsi_read_data(SCSIRequest *req) 469 { 470 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 471 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 472 bool first; 473 474 trace_scsi_disk_read_data_count(r->sector_count); 475 if (r->sector_count == 0) { 476 /* This also clears the sense buffer for REQUEST SENSE. */ 477 scsi_req_complete(&r->req, GOOD); 478 return; 479 } 480 481 /* No data transfer may already be in progress */ 482 assert(r->req.aiocb == NULL); 483 484 /* The request is used as the AIO opaque value, so add a ref. */ 485 scsi_req_ref(&r->req); 486 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 487 trace_scsi_disk_read_data_invalid(); 488 scsi_read_complete_noio(r, -EINVAL); 489 return; 490 } 491 492 if (!blk_is_available(req->dev->conf.blk)) { 493 scsi_read_complete_noio(r, -ENOMEDIUM); 494 return; 495 } 496 497 first = !r->started; 498 r->started = true; 499 if (first && r->need_fua_emulation) { 500 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 501 BLOCK_ACCT_FLUSH); 502 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 503 } else { 504 scsi_do_read(r, 0); 505 } 506 } 507 508 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 509 { 510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 511 uint32_t n; 512 513 /* The request must only run in the BlockBackend's AioContext */ 514 assert(blk_get_aio_context(s->qdev.conf.blk) == 515 qemu_get_current_aio_context()); 516 517 assert (r->req.aiocb == NULL); 518 if (scsi_disk_req_check_error(r, ret, false)) { 519 goto done; 520 } 521 522 n = r->qiov.size / BDRV_SECTOR_SIZE; 523 r->sector += n; 524 r->sector_count -= n; 525 if (r->sector_count == 0) { 526 scsi_write_do_fua(r); 527 return; 528 } else { 529 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 530 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 531 scsi_req_data(&r->req, r->qiov.size); 532 } 533 534 done: 535 scsi_req_unref(&r->req); 536 } 537 538 static void scsi_write_complete(void * opaque, int ret) 539 { 540 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 541 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 542 543 assert (r->req.aiocb != NULL); 544 r->req.aiocb = NULL; 545 546 if (ret < 0) { 547 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 548 } else { 549 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 550 } 551 scsi_write_complete_noio(r, ret); 552 } 553 554 static void scsi_write_data(SCSIRequest *req) 555 { 556 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 557 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 558 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 559 560 /* No data transfer may already be in progress */ 561 assert(r->req.aiocb == NULL); 562 563 /* The request is used as the AIO opaque value, so add a ref. */ 564 scsi_req_ref(&r->req); 565 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 566 trace_scsi_disk_write_data_invalid(); 567 scsi_write_complete_noio(r, -EINVAL); 568 return; 569 } 570 571 if (!r->req.sg && !r->qiov.size) { 572 /* Called for the first time. Ask the driver to send us more data. */ 573 r->started = true; 574 scsi_write_complete_noio(r, 0); 575 return; 576 } 577 if (!blk_is_available(req->dev->conf.blk)) { 578 scsi_write_complete_noio(r, -ENOMEDIUM); 579 return; 580 } 581 582 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 583 r->req.cmd.buf[0] == VERIFY_16) { 584 if (r->req.sg) { 585 scsi_dma_complete_noio(r, 0); 586 } else { 587 scsi_write_complete_noio(r, 0); 588 } 589 return; 590 } 591 592 if (r->req.sg) { 593 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 594 r->req.residual -= r->req.sg->size; 595 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 596 r->req.sg, r->sector << BDRV_SECTOR_BITS, 597 BDRV_SECTOR_SIZE, 598 sdc->dma_writev, r, scsi_dma_complete, r, 599 DMA_DIRECTION_TO_DEVICE); 600 } else { 601 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 602 r->qiov.size, BLOCK_ACCT_WRITE); 603 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 604 scsi_write_complete, r, r); 605 } 606 } 607 608 /* Return a pointer to the data buffer. */ 609 static uint8_t *scsi_get_buf(SCSIRequest *req) 610 { 611 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 612 613 return (uint8_t *)r->iov.iov_base; 614 } 615 616 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 617 { 618 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 619 uint8_t page_code = req->cmd.buf[2]; 620 int start, buflen = 0; 621 622 outbuf[buflen++] = s->qdev.type & 0x1f; 623 outbuf[buflen++] = page_code; 624 outbuf[buflen++] = 0x00; 625 outbuf[buflen++] = 0x00; 626 start = buflen; 627 628 switch (page_code) { 629 case 0x00: /* Supported page codes, mandatory */ 630 { 631 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 632 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 633 if (s->serial) { 634 outbuf[buflen++] = 0x80; /* unit serial number */ 635 } 636 outbuf[buflen++] = 0x83; /* device identification */ 637 if (s->qdev.type == TYPE_DISK) { 638 outbuf[buflen++] = 0xb0; /* block limits */ 639 outbuf[buflen++] = 0xb1; /* block device characteristics */ 640 outbuf[buflen++] = 0xb2; /* thin provisioning */ 641 } 642 break; 643 } 644 case 0x80: /* Device serial number, optional */ 645 { 646 int l; 647 648 if (!s->serial) { 649 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 650 return -1; 651 } 652 653 l = strlen(s->serial); 654 if (l > MAX_SERIAL_LEN) { 655 l = MAX_SERIAL_LEN; 656 } 657 658 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 659 memcpy(outbuf + buflen, s->serial, l); 660 buflen += l; 661 break; 662 } 663 664 case 0x83: /* Device identification page, mandatory */ 665 { 666 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 667 668 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 669 670 if (id_len) { 671 outbuf[buflen++] = 0x2; /* ASCII */ 672 outbuf[buflen++] = 0; /* not officially assigned */ 673 outbuf[buflen++] = 0; /* reserved */ 674 outbuf[buflen++] = id_len; /* length of data following */ 675 memcpy(outbuf + buflen, s->device_id, id_len); 676 buflen += id_len; 677 } 678 679 if (s->qdev.wwn) { 680 outbuf[buflen++] = 0x1; /* Binary */ 681 outbuf[buflen++] = 0x3; /* NAA */ 682 outbuf[buflen++] = 0; /* reserved */ 683 outbuf[buflen++] = 8; 684 stq_be_p(&outbuf[buflen], s->qdev.wwn); 685 buflen += 8; 686 } 687 688 if (s->qdev.port_wwn) { 689 outbuf[buflen++] = 0x61; /* SAS / Binary */ 690 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 691 outbuf[buflen++] = 0; /* reserved */ 692 outbuf[buflen++] = 8; 693 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 694 buflen += 8; 695 } 696 697 if (s->port_index) { 698 outbuf[buflen++] = 0x61; /* SAS / Binary */ 699 700 /* PIV/Target port/relative target port */ 701 outbuf[buflen++] = 0x94; 702 703 outbuf[buflen++] = 0; /* reserved */ 704 outbuf[buflen++] = 4; 705 stw_be_p(&outbuf[buflen + 2], s->port_index); 706 buflen += 4; 707 } 708 break; 709 } 710 case 0xb0: /* block limits */ 711 { 712 SCSIBlockLimits bl = {}; 713 714 if (s->qdev.type == TYPE_ROM) { 715 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 716 return -1; 717 } 718 bl.wsnz = 1; 719 bl.unmap_sectors = 720 s->qdev.conf.discard_granularity / s->qdev.blocksize; 721 bl.min_io_size = 722 s->qdev.conf.min_io_size / s->qdev.blocksize; 723 bl.opt_io_size = 724 s->qdev.conf.opt_io_size / s->qdev.blocksize; 725 bl.max_unmap_sectors = 726 s->max_unmap_size / s->qdev.blocksize; 727 bl.max_io_sectors = 728 s->max_io_size / s->qdev.blocksize; 729 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 730 bl.max_unmap_descr = 255; 731 732 if (s->qdev.type == TYPE_DISK) { 733 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 734 int max_io_sectors_blk = 735 max_transfer_blk / s->qdev.blocksize; 736 737 bl.max_io_sectors = 738 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 739 } 740 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 741 break; 742 } 743 case 0xb1: /* block device characteristics */ 744 { 745 buflen = 0x40; 746 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 747 outbuf[5] = s->rotation_rate & 0xff; 748 outbuf[6] = 0; /* PRODUCT TYPE */ 749 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 750 outbuf[8] = 0; /* VBULS */ 751 break; 752 } 753 case 0xb2: /* thin provisioning */ 754 { 755 buflen = 8; 756 outbuf[4] = 0; 757 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 758 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 759 outbuf[7] = 0; 760 break; 761 } 762 default: 763 return -1; 764 } 765 /* done with EVPD */ 766 assert(buflen - start <= 255); 767 outbuf[start - 1] = buflen - start; 768 return buflen; 769 } 770 771 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 772 { 773 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 774 int buflen = 0; 775 776 if (req->cmd.buf[1] & 0x1) { 777 /* Vital product data */ 778 return scsi_disk_emulate_vpd_page(req, outbuf); 779 } 780 781 /* Standard INQUIRY data */ 782 if (req->cmd.buf[2] != 0) { 783 return -1; 784 } 785 786 /* PAGE CODE == 0 */ 787 buflen = req->cmd.xfer; 788 if (buflen > SCSI_MAX_INQUIRY_LEN) { 789 buflen = SCSI_MAX_INQUIRY_LEN; 790 } 791 792 outbuf[0] = s->qdev.type & 0x1f; 793 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 794 795 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 796 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 797 798 memset(&outbuf[32], 0, 4); 799 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 800 /* 801 * We claim conformance to SPC-3, which is required for guests 802 * to ask for modern features like READ CAPACITY(16) or the 803 * block characteristics VPD page by default. Not all of SPC-3 804 * is actually implemented, but we're good enough. 805 */ 806 outbuf[2] = s->qdev.default_scsi_version; 807 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 808 809 if (buflen > 36) { 810 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 811 } else { 812 /* If the allocation length of CDB is too small, 813 the additional length is not adjusted */ 814 outbuf[4] = 36 - 5; 815 } 816 817 /* Sync data transfer and TCQ. */ 818 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 819 return buflen; 820 } 821 822 static inline bool media_is_dvd(SCSIDiskState *s) 823 { 824 uint64_t nb_sectors; 825 if (s->qdev.type != TYPE_ROM) { 826 return false; 827 } 828 if (!blk_is_available(s->qdev.conf.blk)) { 829 return false; 830 } 831 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 832 return nb_sectors > CD_MAX_SECTORS; 833 } 834 835 static inline bool media_is_cd(SCSIDiskState *s) 836 { 837 uint64_t nb_sectors; 838 if (s->qdev.type != TYPE_ROM) { 839 return false; 840 } 841 if (!blk_is_available(s->qdev.conf.blk)) { 842 return false; 843 } 844 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 845 return nb_sectors <= CD_MAX_SECTORS; 846 } 847 848 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 849 uint8_t *outbuf) 850 { 851 uint8_t type = r->req.cmd.buf[1] & 7; 852 853 if (s->qdev.type != TYPE_ROM) { 854 return -1; 855 } 856 857 /* Types 1/2 are only defined for Blu-Ray. */ 858 if (type != 0) { 859 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 860 return -1; 861 } 862 863 memset(outbuf, 0, 34); 864 outbuf[1] = 32; 865 outbuf[2] = 0xe; /* last session complete, disc finalized */ 866 outbuf[3] = 1; /* first track on disc */ 867 outbuf[4] = 1; /* # of sessions */ 868 outbuf[5] = 1; /* first track of last session */ 869 outbuf[6] = 1; /* last track of last session */ 870 outbuf[7] = 0x20; /* unrestricted use */ 871 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 872 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 873 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 874 /* 24-31: disc bar code */ 875 /* 32: disc application code */ 876 /* 33: number of OPC tables */ 877 878 return 34; 879 } 880 881 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 882 uint8_t *outbuf) 883 { 884 static const int rds_caps_size[5] = { 885 [0] = 2048 + 4, 886 [1] = 4 + 4, 887 [3] = 188 + 4, 888 [4] = 2048 + 4, 889 }; 890 891 uint8_t media = r->req.cmd.buf[1]; 892 uint8_t layer = r->req.cmd.buf[6]; 893 uint8_t format = r->req.cmd.buf[7]; 894 int size = -1; 895 896 if (s->qdev.type != TYPE_ROM) { 897 return -1; 898 } 899 if (media != 0) { 900 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 901 return -1; 902 } 903 904 if (format != 0xff) { 905 if (!blk_is_available(s->qdev.conf.blk)) { 906 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 907 return -1; 908 } 909 if (media_is_cd(s)) { 910 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 911 return -1; 912 } 913 if (format >= ARRAY_SIZE(rds_caps_size)) { 914 return -1; 915 } 916 size = rds_caps_size[format]; 917 memset(outbuf, 0, size); 918 } 919 920 switch (format) { 921 case 0x00: { 922 /* Physical format information */ 923 uint64_t nb_sectors; 924 if (layer != 0) { 925 goto fail; 926 } 927 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 928 929 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 930 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 931 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 932 outbuf[7] = 0; /* default densities */ 933 934 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 935 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 936 break; 937 } 938 939 case 0x01: /* DVD copyright information, all zeros */ 940 break; 941 942 case 0x03: /* BCA information - invalid field for no BCA info */ 943 return -1; 944 945 case 0x04: /* DVD disc manufacturing information, all zeros */ 946 break; 947 948 case 0xff: { /* List capabilities */ 949 int i; 950 size = 4; 951 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 952 if (!rds_caps_size[i]) { 953 continue; 954 } 955 outbuf[size] = i; 956 outbuf[size + 1] = 0x40; /* Not writable, readable */ 957 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 958 size += 4; 959 } 960 break; 961 } 962 963 default: 964 return -1; 965 } 966 967 /* Size of buffer, not including 2 byte size field */ 968 stw_be_p(outbuf, size - 2); 969 return size; 970 971 fail: 972 return -1; 973 } 974 975 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 976 { 977 uint8_t event_code, media_status; 978 979 media_status = 0; 980 if (s->tray_open) { 981 media_status = MS_TRAY_OPEN; 982 } else if (blk_is_inserted(s->qdev.conf.blk)) { 983 media_status = MS_MEDIA_PRESENT; 984 } 985 986 /* Event notification descriptor */ 987 event_code = MEC_NO_CHANGE; 988 if (media_status != MS_TRAY_OPEN) { 989 if (s->media_event) { 990 event_code = MEC_NEW_MEDIA; 991 s->media_event = false; 992 } else if (s->eject_request) { 993 event_code = MEC_EJECT_REQUESTED; 994 s->eject_request = false; 995 } 996 } 997 998 outbuf[0] = event_code; 999 outbuf[1] = media_status; 1000 1001 /* These fields are reserved, just clear them. */ 1002 outbuf[2] = 0; 1003 outbuf[3] = 0; 1004 return 4; 1005 } 1006 1007 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 1008 uint8_t *outbuf) 1009 { 1010 int size; 1011 uint8_t *buf = r->req.cmd.buf; 1012 uint8_t notification_class_request = buf[4]; 1013 if (s->qdev.type != TYPE_ROM) { 1014 return -1; 1015 } 1016 if ((buf[1] & 1) == 0) { 1017 /* asynchronous */ 1018 return -1; 1019 } 1020 1021 size = 4; 1022 outbuf[0] = outbuf[1] = 0; 1023 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1024 if (notification_class_request & (1 << GESN_MEDIA)) { 1025 outbuf[2] = GESN_MEDIA; 1026 size += scsi_event_status_media(s, &outbuf[size]); 1027 } else { 1028 outbuf[2] = 0x80; 1029 } 1030 stw_be_p(outbuf, size - 4); 1031 return size; 1032 } 1033 1034 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1035 { 1036 int current; 1037 1038 if (s->qdev.type != TYPE_ROM) { 1039 return -1; 1040 } 1041 1042 if (media_is_dvd(s)) { 1043 current = MMC_PROFILE_DVD_ROM; 1044 } else if (media_is_cd(s)) { 1045 current = MMC_PROFILE_CD_ROM; 1046 } else { 1047 current = MMC_PROFILE_NONE; 1048 } 1049 1050 memset(outbuf, 0, 40); 1051 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1052 stw_be_p(&outbuf[6], current); 1053 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1054 outbuf[10] = 0x03; /* persistent, current */ 1055 outbuf[11] = 8; /* two profiles */ 1056 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1057 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1058 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1059 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1060 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1061 stw_be_p(&outbuf[20], 1); 1062 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1063 outbuf[23] = 8; 1064 stl_be_p(&outbuf[24], 1); /* SCSI */ 1065 outbuf[28] = 1; /* DBE = 1, mandatory */ 1066 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1067 stw_be_p(&outbuf[32], 3); 1068 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1069 outbuf[35] = 4; 1070 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1071 /* TODO: Random readable, CD read, DVD read, drive serial number, 1072 power management */ 1073 return 40; 1074 } 1075 1076 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1077 { 1078 if (s->qdev.type != TYPE_ROM) { 1079 return -1; 1080 } 1081 memset(outbuf, 0, 8); 1082 outbuf[5] = 1; /* CD-ROM */ 1083 return 8; 1084 } 1085 1086 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1087 int page_control) 1088 { 1089 static const int mode_sense_valid[0x3f] = { 1090 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1091 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1092 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1093 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1094 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1095 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1096 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1097 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM), 1098 }; 1099 1100 uint8_t *p = *p_outbuf + 2; 1101 int length; 1102 1103 assert(page < ARRAY_SIZE(mode_sense_valid)); 1104 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1105 return -1; 1106 } 1107 1108 /* 1109 * If Changeable Values are requested, a mask denoting those mode parameters 1110 * that are changeable shall be returned. As we currently don't support 1111 * parameter changes via MODE_SELECT all bits are returned set to zero. 1112 * The buffer was already menset to zero by the caller of this function. 1113 * 1114 * The offsets here are off by two compared to the descriptions in the 1115 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1116 * but it is done so that offsets are consistent within our implementation 1117 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1118 * 2-byte and 4-byte headers. 1119 */ 1120 switch (page) { 1121 case MODE_PAGE_HD_GEOMETRY: 1122 length = 0x16; 1123 if (page_control == 1) { /* Changeable Values */ 1124 break; 1125 } 1126 /* if a geometry hint is available, use it */ 1127 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1128 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1129 p[2] = s->qdev.conf.cyls & 0xff; 1130 p[3] = s->qdev.conf.heads & 0xff; 1131 /* Write precomp start cylinder, disabled */ 1132 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1133 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1134 p[6] = s->qdev.conf.cyls & 0xff; 1135 /* Reduced current start cylinder, disabled */ 1136 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1137 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1138 p[9] = s->qdev.conf.cyls & 0xff; 1139 /* Device step rate [ns], 200ns */ 1140 p[10] = 0; 1141 p[11] = 200; 1142 /* Landing zone cylinder */ 1143 p[12] = 0xff; 1144 p[13] = 0xff; 1145 p[14] = 0xff; 1146 /* Medium rotation rate [rpm], 5400 rpm */ 1147 p[18] = (5400 >> 8) & 0xff; 1148 p[19] = 5400 & 0xff; 1149 break; 1150 1151 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1152 length = 0x1e; 1153 if (page_control == 1) { /* Changeable Values */ 1154 break; 1155 } 1156 /* Transfer rate [kbit/s], 5Mbit/s */ 1157 p[0] = 5000 >> 8; 1158 p[1] = 5000 & 0xff; 1159 /* if a geometry hint is available, use it */ 1160 p[2] = s->qdev.conf.heads & 0xff; 1161 p[3] = s->qdev.conf.secs & 0xff; 1162 p[4] = s->qdev.blocksize >> 8; 1163 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1164 p[7] = s->qdev.conf.cyls & 0xff; 1165 /* Write precomp start cylinder, disabled */ 1166 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1167 p[9] = s->qdev.conf.cyls & 0xff; 1168 /* Reduced current start cylinder, disabled */ 1169 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1170 p[11] = s->qdev.conf.cyls & 0xff; 1171 /* Device step rate [100us], 100us */ 1172 p[12] = 0; 1173 p[13] = 1; 1174 /* Device step pulse width [us], 1us */ 1175 p[14] = 1; 1176 /* Device head settle delay [100us], 100us */ 1177 p[15] = 0; 1178 p[16] = 1; 1179 /* Motor on delay [0.1s], 0.1s */ 1180 p[17] = 1; 1181 /* Motor off delay [0.1s], 0.1s */ 1182 p[18] = 1; 1183 /* Medium rotation rate [rpm], 5400 rpm */ 1184 p[26] = (5400 >> 8) & 0xff; 1185 p[27] = 5400 & 0xff; 1186 break; 1187 1188 case MODE_PAGE_CACHING: 1189 length = 0x12; 1190 if (page_control == 1 || /* Changeable Values */ 1191 blk_enable_write_cache(s->qdev.conf.blk)) { 1192 p[0] = 4; /* WCE */ 1193 } 1194 break; 1195 1196 case MODE_PAGE_R_W_ERROR: 1197 length = 10; 1198 if (page_control == 1) { /* Changeable Values */ 1199 if (s->qdev.type == TYPE_ROM) { 1200 /* Automatic Write Reallocation Enabled */ 1201 p[0] = 0x80; 1202 } 1203 break; 1204 } 1205 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1206 if (s->qdev.type == TYPE_ROM) { 1207 p[1] = 0x20; /* Read Retry Count */ 1208 } 1209 break; 1210 1211 case MODE_PAGE_AUDIO_CTL: 1212 length = 14; 1213 break; 1214 1215 case MODE_PAGE_CAPABILITIES: 1216 length = 0x14; 1217 if (page_control == 1) { /* Changeable Values */ 1218 break; 1219 } 1220 1221 p[0] = 0x3b; /* CD-R & CD-RW read */ 1222 p[1] = 0; /* Writing not supported */ 1223 p[2] = 0x7f; /* Audio, composite, digital out, 1224 mode 2 form 1&2, multi session */ 1225 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1226 RW corrected, C2 errors, ISRC, 1227 UPC, Bar code */ 1228 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1229 /* Locking supported, jumper present, eject, tray */ 1230 p[5] = 0; /* no volume & mute control, no 1231 changer */ 1232 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1233 p[7] = (50 * 176) & 0xff; 1234 p[8] = 2 >> 8; /* Two volume levels */ 1235 p[9] = 2 & 0xff; 1236 p[10] = 2048 >> 8; /* 2M buffer */ 1237 p[11] = 2048 & 0xff; 1238 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1239 p[13] = (16 * 176) & 0xff; 1240 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1241 p[17] = (16 * 176) & 0xff; 1242 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1243 p[19] = (16 * 176) & 0xff; 1244 break; 1245 1246 case MODE_PAGE_APPLE_VENDOR: 1247 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) { 1248 length = 0x1e; 1249 if (page_control == 1) { /* Changeable Values */ 1250 break; 1251 } 1252 1253 memset(p, 0, length); 1254 strcpy((char *)p + 8, "APPLE COMPUTER, INC "); 1255 break; 1256 } else { 1257 return -1; 1258 } 1259 1260 case MODE_PAGE_VENDOR_SPECIFIC: 1261 if (s->qdev.type == TYPE_DISK && (s->quirks & 1262 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1263 length = 0x2; 1264 if (page_control == 1) { /* Changeable Values */ 1265 p[0] = 0xff; 1266 p[1] = 0xff; 1267 break; 1268 } 1269 p[0] = 0; 1270 p[1] = 0; 1271 break; 1272 } else { 1273 return -1; 1274 } 1275 1276 default: 1277 return -1; 1278 } 1279 1280 assert(length < 256); 1281 (*p_outbuf)[0] = page; 1282 (*p_outbuf)[1] = length; 1283 *p_outbuf += length + 2; 1284 return length + 2; 1285 } 1286 1287 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1288 { 1289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1290 uint64_t nb_sectors; 1291 bool dbd; 1292 int page, buflen, ret, page_control; 1293 uint8_t *p; 1294 uint8_t dev_specific_param; 1295 1296 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1297 page = r->req.cmd.buf[2] & 0x3f; 1298 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1299 1300 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1301 10, page, r->req.cmd.xfer, page_control); 1302 memset(outbuf, 0, r->req.cmd.xfer); 1303 p = outbuf; 1304 1305 if (s->qdev.type == TYPE_DISK) { 1306 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1307 if (!blk_is_writable(s->qdev.conf.blk)) { 1308 dev_specific_param |= 0x80; /* Readonly. */ 1309 } 1310 } else { 1311 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) { 1312 /* Use DBD from the request... */ 1313 dev_specific_param = 0x00; 1314 1315 /* 1316 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR 1317 * which should never return a block descriptor even though DBD is 1318 * not set, otherwise CDROM detection fails in MacOS 1319 */ 1320 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) && 1321 page == MODE_PAGE_APPLE_VENDOR) { 1322 dbd = true; 1323 } 1324 } else { 1325 /* 1326 * MMC prescribes that CD/DVD drives have no block descriptors, 1327 * and defines no device-specific parameter. 1328 */ 1329 dev_specific_param = 0x00; 1330 dbd = true; 1331 } 1332 } 1333 1334 if (r->req.cmd.buf[0] == MODE_SENSE) { 1335 p[1] = 0; /* Default media type. */ 1336 p[2] = dev_specific_param; 1337 p[3] = 0; /* Block descriptor length. */ 1338 p += 4; 1339 } else { /* MODE_SENSE_10 */ 1340 p[2] = 0; /* Default media type. */ 1341 p[3] = dev_specific_param; 1342 p[6] = p[7] = 0; /* Block descriptor length. */ 1343 p += 8; 1344 } 1345 1346 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1347 if (!dbd && nb_sectors) { 1348 if (r->req.cmd.buf[0] == MODE_SENSE) { 1349 outbuf[3] = 8; /* Block descriptor length */ 1350 } else { /* MODE_SENSE_10 */ 1351 outbuf[7] = 8; /* Block descriptor length */ 1352 } 1353 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1354 if (nb_sectors > 0xffffff) { 1355 nb_sectors = 0; 1356 } 1357 p[0] = 0; /* media density code */ 1358 p[1] = (nb_sectors >> 16) & 0xff; 1359 p[2] = (nb_sectors >> 8) & 0xff; 1360 p[3] = nb_sectors & 0xff; 1361 p[4] = 0; /* reserved */ 1362 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1363 p[6] = s->qdev.blocksize >> 8; 1364 p[7] = 0; 1365 p += 8; 1366 } 1367 1368 if (page_control == 3) { 1369 /* Saved Values */ 1370 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1371 return -1; 1372 } 1373 1374 if (page == 0x3f) { 1375 for (page = 0; page <= 0x3e; page++) { 1376 mode_sense_page(s, page, &p, page_control); 1377 } 1378 } else { 1379 ret = mode_sense_page(s, page, &p, page_control); 1380 if (ret == -1) { 1381 return -1; 1382 } 1383 } 1384 1385 buflen = p - outbuf; 1386 /* 1387 * The mode data length field specifies the length in bytes of the 1388 * following data that is available to be transferred. The mode data 1389 * length does not include itself. 1390 */ 1391 if (r->req.cmd.buf[0] == MODE_SENSE) { 1392 outbuf[0] = buflen - 1; 1393 } else { /* MODE_SENSE_10 */ 1394 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1395 outbuf[1] = (buflen - 2) & 0xff; 1396 } 1397 return buflen; 1398 } 1399 1400 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1401 { 1402 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1403 int start_track, format, msf, toclen; 1404 uint64_t nb_sectors; 1405 1406 msf = req->cmd.buf[1] & 2; 1407 format = req->cmd.buf[2] & 0xf; 1408 start_track = req->cmd.buf[6]; 1409 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1410 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1411 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1412 switch (format) { 1413 case 0: 1414 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1415 break; 1416 case 1: 1417 /* multi session : only a single session defined */ 1418 toclen = 12; 1419 memset(outbuf, 0, 12); 1420 outbuf[1] = 0x0a; 1421 outbuf[2] = 0x01; 1422 outbuf[3] = 0x01; 1423 break; 1424 case 2: 1425 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1426 break; 1427 default: 1428 return -1; 1429 } 1430 return toclen; 1431 } 1432 1433 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1434 { 1435 SCSIRequest *req = &r->req; 1436 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1437 bool start = req->cmd.buf[4] & 1; 1438 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1439 int pwrcnd = req->cmd.buf[4] & 0xf0; 1440 1441 if (pwrcnd) { 1442 /* eject/load only happens for power condition == 0 */ 1443 return 0; 1444 } 1445 1446 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1447 if (!start && !s->tray_open && s->tray_locked) { 1448 scsi_check_condition(r, 1449 blk_is_inserted(s->qdev.conf.blk) 1450 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1451 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1452 return -1; 1453 } 1454 1455 if (s->tray_open != !start) { 1456 blk_eject(s->qdev.conf.blk, !start); 1457 s->tray_open = !start; 1458 } 1459 } 1460 return 0; 1461 } 1462 1463 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1464 { 1465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1466 int buflen = r->iov.iov_len; 1467 1468 if (buflen) { 1469 trace_scsi_disk_emulate_read_data(buflen); 1470 r->iov.iov_len = 0; 1471 r->started = true; 1472 scsi_req_data(&r->req, buflen); 1473 return; 1474 } 1475 1476 /* This also clears the sense buffer for REQUEST SENSE. */ 1477 scsi_req_complete(&r->req, GOOD); 1478 } 1479 1480 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1481 uint8_t *inbuf, int inlen) 1482 { 1483 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1484 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1485 uint8_t *p; 1486 int len, expected_len, changeable_len, i; 1487 1488 /* The input buffer does not include the page header, so it is 1489 * off by 2 bytes. 1490 */ 1491 expected_len = inlen + 2; 1492 if (expected_len > SCSI_MAX_MODE_LEN) { 1493 return -1; 1494 } 1495 1496 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ 1497 if (page == MODE_PAGE_ALLS) { 1498 return -1; 1499 } 1500 1501 p = mode_current; 1502 memset(mode_current, 0, inlen + 2); 1503 len = mode_sense_page(s, page, &p, 0); 1504 if (len < 0 || len != expected_len) { 1505 return -1; 1506 } 1507 1508 p = mode_changeable; 1509 memset(mode_changeable, 0, inlen + 2); 1510 changeable_len = mode_sense_page(s, page, &p, 1); 1511 assert(changeable_len == len); 1512 1513 /* Check that unchangeable bits are the same as what MODE SENSE 1514 * would return. 1515 */ 1516 for (i = 2; i < len; i++) { 1517 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1518 return -1; 1519 } 1520 } 1521 return 0; 1522 } 1523 1524 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1525 { 1526 switch (page) { 1527 case MODE_PAGE_CACHING: 1528 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1529 break; 1530 1531 default: 1532 break; 1533 } 1534 } 1535 1536 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1537 { 1538 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1539 1540 while (len > 0) { 1541 int page, subpage, page_len; 1542 1543 /* Parse both possible formats for the mode page headers. */ 1544 page = p[0] & 0x3f; 1545 if (p[0] & 0x40) { 1546 if (len < 4) { 1547 goto invalid_param_len; 1548 } 1549 subpage = p[1]; 1550 page_len = lduw_be_p(&p[2]); 1551 p += 4; 1552 len -= 4; 1553 } else { 1554 if (len < 2) { 1555 goto invalid_param_len; 1556 } 1557 subpage = 0; 1558 page_len = p[1]; 1559 p += 2; 1560 len -= 2; 1561 } 1562 1563 if (subpage) { 1564 goto invalid_param; 1565 } 1566 if (page_len > len) { 1567 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) { 1568 goto invalid_param_len; 1569 } 1570 trace_scsi_disk_mode_select_page_truncated(page, page_len, len); 1571 } 1572 1573 if (!change) { 1574 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1575 goto invalid_param; 1576 } 1577 } else { 1578 scsi_disk_apply_mode_select(s, page, p); 1579 } 1580 1581 p += page_len; 1582 len -= page_len; 1583 } 1584 return 0; 1585 1586 invalid_param: 1587 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1588 return -1; 1589 1590 invalid_param_len: 1591 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1592 return -1; 1593 } 1594 1595 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1596 { 1597 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1598 uint8_t *p = inbuf; 1599 int cmd = r->req.cmd.buf[0]; 1600 int len = r->req.cmd.xfer; 1601 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1602 int bd_len, bs; 1603 int pass; 1604 1605 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1606 if (!(s->quirks & 1607 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) { 1608 /* We only support PF=1, SP=0. */ 1609 goto invalid_field; 1610 } 1611 } 1612 1613 if (len < hdr_len) { 1614 goto invalid_param_len; 1615 } 1616 1617 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1618 len -= hdr_len; 1619 p += hdr_len; 1620 if (len < bd_len) { 1621 goto invalid_param_len; 1622 } 1623 if (bd_len != 0 && bd_len != 8) { 1624 goto invalid_param; 1625 } 1626 1627 /* Allow changing the block size */ 1628 if (bd_len) { 1629 bs = p[5] << 16 | p[6] << 8 | p[7]; 1630 1631 /* 1632 * Since the existing code only checks/updates bits 8-15 of the block 1633 * size, restrict ourselves to the same requirement for now to ensure 1634 * that a block size set by a block descriptor and then read back by 1635 * a subsequent SCSI command will be the same. Also disallow a block 1636 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE. 1637 */ 1638 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) { 1639 s->qdev.blocksize = bs; 1640 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize); 1641 } 1642 } 1643 1644 len -= bd_len; 1645 p += bd_len; 1646 1647 /* Ensure no change is made if there is an error! */ 1648 for (pass = 0; pass < 2; pass++) { 1649 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1650 assert(pass == 0); 1651 return; 1652 } 1653 } 1654 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1655 /* The request is used as the AIO opaque value, so add a ref. */ 1656 scsi_req_ref(&r->req); 1657 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1658 BLOCK_ACCT_FLUSH); 1659 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1660 return; 1661 } 1662 1663 scsi_req_complete(&r->req, GOOD); 1664 return; 1665 1666 invalid_param: 1667 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1668 return; 1669 1670 invalid_param_len: 1671 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1672 return; 1673 1674 invalid_field: 1675 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1676 } 1677 1678 /* sector_num and nb_sectors expected to be in qdev blocksize */ 1679 static inline bool check_lba_range(SCSIDiskState *s, 1680 uint64_t sector_num, uint32_t nb_sectors) 1681 { 1682 /* 1683 * The first line tests that no overflow happens when computing the last 1684 * sector. The second line tests that the last accessed sector is in 1685 * range. 1686 * 1687 * Careful, the computations should not underflow for nb_sectors == 0, 1688 * and a 0-block read to the first LBA beyond the end of device is 1689 * valid. 1690 */ 1691 return (sector_num <= sector_num + nb_sectors && 1692 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1693 } 1694 1695 typedef struct UnmapCBData { 1696 SCSIDiskReq *r; 1697 uint8_t *inbuf; 1698 int count; 1699 } UnmapCBData; 1700 1701 static void scsi_unmap_complete(void *opaque, int ret); 1702 1703 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1704 { 1705 SCSIDiskReq *r = data->r; 1706 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1707 1708 assert(r->req.aiocb == NULL); 1709 1710 if (data->count > 0) { 1711 uint64_t sector_num = ldq_be_p(&data->inbuf[0]); 1712 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1713 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1714 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1715 1716 if (!check_lba_range(s, sector_num, nb_sectors)) { 1717 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1718 BLOCK_ACCT_UNMAP); 1719 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1720 goto done; 1721 } 1722 1723 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1724 r->sector_count * BDRV_SECTOR_SIZE, 1725 BLOCK_ACCT_UNMAP); 1726 1727 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1728 r->sector * BDRV_SECTOR_SIZE, 1729 r->sector_count * BDRV_SECTOR_SIZE, 1730 scsi_unmap_complete, data); 1731 data->count--; 1732 data->inbuf += 16; 1733 return; 1734 } 1735 1736 scsi_req_complete(&r->req, GOOD); 1737 1738 done: 1739 scsi_req_unref(&r->req); 1740 g_free(data); 1741 } 1742 1743 static void scsi_unmap_complete(void *opaque, int ret) 1744 { 1745 UnmapCBData *data = opaque; 1746 SCSIDiskReq *r = data->r; 1747 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1748 1749 assert(r->req.aiocb != NULL); 1750 r->req.aiocb = NULL; 1751 1752 if (scsi_disk_req_check_error(r, ret, true)) { 1753 scsi_req_unref(&r->req); 1754 g_free(data); 1755 } else { 1756 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1757 scsi_unmap_complete_noio(data, ret); 1758 } 1759 } 1760 1761 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1762 { 1763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1764 uint8_t *p = inbuf; 1765 int len = r->req.cmd.xfer; 1766 UnmapCBData *data; 1767 1768 /* Reject ANCHOR=1. */ 1769 if (r->req.cmd.buf[1] & 0x1) { 1770 goto invalid_field; 1771 } 1772 1773 if (len < 8) { 1774 goto invalid_param_len; 1775 } 1776 if (len < lduw_be_p(&p[0]) + 2) { 1777 goto invalid_param_len; 1778 } 1779 if (len < lduw_be_p(&p[2]) + 8) { 1780 goto invalid_param_len; 1781 } 1782 if (lduw_be_p(&p[2]) & 15) { 1783 goto invalid_param_len; 1784 } 1785 1786 if (!blk_is_writable(s->qdev.conf.blk)) { 1787 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1788 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1789 return; 1790 } 1791 1792 data = g_new0(UnmapCBData, 1); 1793 data->r = r; 1794 data->inbuf = &p[8]; 1795 data->count = lduw_be_p(&p[2]) >> 4; 1796 1797 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1798 scsi_req_ref(&r->req); 1799 scsi_unmap_complete_noio(data, 0); 1800 return; 1801 1802 invalid_param_len: 1803 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1804 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1805 return; 1806 1807 invalid_field: 1808 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1809 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1810 } 1811 1812 typedef struct WriteSameCBData { 1813 SCSIDiskReq *r; 1814 int64_t sector; 1815 int nb_sectors; 1816 QEMUIOVector qiov; 1817 struct iovec iov; 1818 } WriteSameCBData; 1819 1820 static void scsi_write_same_complete(void *opaque, int ret) 1821 { 1822 WriteSameCBData *data = opaque; 1823 SCSIDiskReq *r = data->r; 1824 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1825 1826 assert(r->req.aiocb != NULL); 1827 r->req.aiocb = NULL; 1828 1829 if (scsi_disk_req_check_error(r, ret, true)) { 1830 goto done; 1831 } 1832 1833 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1834 1835 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1836 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1837 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1838 data->iov.iov_len); 1839 if (data->iov.iov_len) { 1840 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1841 data->iov.iov_len, BLOCK_ACCT_WRITE); 1842 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1843 * where final qiov may need smaller size */ 1844 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1845 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1846 data->sector << BDRV_SECTOR_BITS, 1847 &data->qiov, 0, 1848 scsi_write_same_complete, data); 1849 return; 1850 } 1851 1852 scsi_req_complete(&r->req, GOOD); 1853 1854 done: 1855 scsi_req_unref(&r->req); 1856 qemu_vfree(data->iov.iov_base); 1857 g_free(data); 1858 } 1859 1860 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1861 { 1862 SCSIRequest *req = &r->req; 1863 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1864 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1865 WriteSameCBData *data; 1866 uint8_t *buf; 1867 int i, l; 1868 1869 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1870 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1871 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1872 return; 1873 } 1874 1875 if (!blk_is_writable(s->qdev.conf.blk)) { 1876 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1877 return; 1878 } 1879 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1880 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1881 return; 1882 } 1883 1884 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1885 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1886 1887 /* The request is used as the AIO opaque value, so add a ref. */ 1888 scsi_req_ref(&r->req); 1889 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1890 nb_sectors * s->qdev.blocksize, 1891 BLOCK_ACCT_WRITE); 1892 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1893 r->req.cmd.lba * s->qdev.blocksize, 1894 nb_sectors * s->qdev.blocksize, 1895 flags, scsi_aio_complete, r); 1896 return; 1897 } 1898 1899 data = g_new0(WriteSameCBData, 1); 1900 data->r = r; 1901 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1902 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1903 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1904 SCSI_WRITE_SAME_MAX); 1905 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1906 data->iov.iov_len); 1907 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1908 1909 for (i = 0; i < data->iov.iov_len; i += l) { 1910 l = MIN(s->qdev.blocksize, data->iov.iov_len - i); 1911 memcpy(&buf[i], inbuf, l); 1912 } 1913 1914 scsi_req_ref(&r->req); 1915 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1916 data->iov.iov_len, BLOCK_ACCT_WRITE); 1917 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1918 data->sector << BDRV_SECTOR_BITS, 1919 &data->qiov, 0, 1920 scsi_write_same_complete, data); 1921 } 1922 1923 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1924 { 1925 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1926 1927 if (r->iov.iov_len) { 1928 int buflen = r->iov.iov_len; 1929 trace_scsi_disk_emulate_write_data(buflen); 1930 r->iov.iov_len = 0; 1931 scsi_req_data(&r->req, buflen); 1932 return; 1933 } 1934 1935 switch (req->cmd.buf[0]) { 1936 case MODE_SELECT: 1937 case MODE_SELECT_10: 1938 /* This also clears the sense buffer for REQUEST SENSE. */ 1939 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1940 break; 1941 1942 case UNMAP: 1943 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1944 break; 1945 1946 case VERIFY_10: 1947 case VERIFY_12: 1948 case VERIFY_16: 1949 if (r->req.status == -1) { 1950 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1951 } 1952 break; 1953 1954 case WRITE_SAME_10: 1955 case WRITE_SAME_16: 1956 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1957 break; 1958 1959 case FORMAT_UNIT: 1960 scsi_req_complete(&r->req, GOOD); 1961 break; 1962 1963 default: 1964 abort(); 1965 } 1966 } 1967 1968 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1969 { 1970 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1971 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1972 uint64_t nb_sectors; 1973 uint8_t *outbuf; 1974 int buflen; 1975 1976 switch (req->cmd.buf[0]) { 1977 case INQUIRY: 1978 case MODE_SENSE: 1979 case MODE_SENSE_10: 1980 case RESERVE: 1981 case RESERVE_10: 1982 case RELEASE: 1983 case RELEASE_10: 1984 case START_STOP: 1985 case ALLOW_MEDIUM_REMOVAL: 1986 case GET_CONFIGURATION: 1987 case GET_EVENT_STATUS_NOTIFICATION: 1988 case MECHANISM_STATUS: 1989 case REQUEST_SENSE: 1990 break; 1991 1992 default: 1993 if (!blk_is_available(s->qdev.conf.blk)) { 1994 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1995 return 0; 1996 } 1997 break; 1998 } 1999 2000 /* 2001 * FIXME: we shouldn't return anything bigger than 4k, but the code 2002 * requires the buffer to be as big as req->cmd.xfer in several 2003 * places. So, do not allow CDBs with a very large ALLOCATION 2004 * LENGTH. The real fix would be to modify scsi_read_data and 2005 * dma_buf_read, so that they return data beyond the buflen 2006 * as all zeros. 2007 */ 2008 if (req->cmd.xfer > 65536) { 2009 goto illegal_request; 2010 } 2011 r->buflen = MAX(4096, req->cmd.xfer); 2012 2013 if (!r->iov.iov_base) { 2014 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 2015 } 2016 2017 outbuf = r->iov.iov_base; 2018 memset(outbuf, 0, r->buflen); 2019 switch (req->cmd.buf[0]) { 2020 case TEST_UNIT_READY: 2021 assert(blk_is_available(s->qdev.conf.blk)); 2022 break; 2023 case INQUIRY: 2024 buflen = scsi_disk_emulate_inquiry(req, outbuf); 2025 if (buflen < 0) { 2026 goto illegal_request; 2027 } 2028 break; 2029 case MODE_SENSE: 2030 case MODE_SENSE_10: 2031 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 2032 if (buflen < 0) { 2033 goto illegal_request; 2034 } 2035 break; 2036 case READ_TOC: 2037 buflen = scsi_disk_emulate_read_toc(req, outbuf); 2038 if (buflen < 0) { 2039 goto illegal_request; 2040 } 2041 break; 2042 case RESERVE: 2043 if (req->cmd.buf[1] & 1) { 2044 goto illegal_request; 2045 } 2046 break; 2047 case RESERVE_10: 2048 if (req->cmd.buf[1] & 3) { 2049 goto illegal_request; 2050 } 2051 break; 2052 case RELEASE: 2053 if (req->cmd.buf[1] & 1) { 2054 goto illegal_request; 2055 } 2056 break; 2057 case RELEASE_10: 2058 if (req->cmd.buf[1] & 3) { 2059 goto illegal_request; 2060 } 2061 break; 2062 case START_STOP: 2063 if (scsi_disk_emulate_start_stop(r) < 0) { 2064 return 0; 2065 } 2066 break; 2067 case ALLOW_MEDIUM_REMOVAL: 2068 s->tray_locked = req->cmd.buf[4] & 1; 2069 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 2070 break; 2071 case READ_CAPACITY_10: 2072 /* The normal LEN field for this command is zero. */ 2073 memset(outbuf, 0, 8); 2074 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2075 if (!nb_sectors) { 2076 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2077 return 0; 2078 } 2079 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 2080 goto illegal_request; 2081 } 2082 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2083 /* Returned value is the address of the last sector. */ 2084 nb_sectors--; 2085 /* Remember the new size for read/write sanity checking. */ 2086 s->qdev.max_lba = nb_sectors; 2087 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 2088 if (nb_sectors > UINT32_MAX) { 2089 nb_sectors = UINT32_MAX; 2090 } 2091 outbuf[0] = (nb_sectors >> 24) & 0xff; 2092 outbuf[1] = (nb_sectors >> 16) & 0xff; 2093 outbuf[2] = (nb_sectors >> 8) & 0xff; 2094 outbuf[3] = nb_sectors & 0xff; 2095 outbuf[4] = 0; 2096 outbuf[5] = 0; 2097 outbuf[6] = s->qdev.blocksize >> 8; 2098 outbuf[7] = 0; 2099 break; 2100 case REQUEST_SENSE: 2101 /* Just return "NO SENSE". */ 2102 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2103 (req->cmd.buf[1] & 1) == 0); 2104 if (buflen < 0) { 2105 goto illegal_request; 2106 } 2107 break; 2108 case MECHANISM_STATUS: 2109 buflen = scsi_emulate_mechanism_status(s, outbuf); 2110 if (buflen < 0) { 2111 goto illegal_request; 2112 } 2113 break; 2114 case GET_CONFIGURATION: 2115 buflen = scsi_get_configuration(s, outbuf); 2116 if (buflen < 0) { 2117 goto illegal_request; 2118 } 2119 break; 2120 case GET_EVENT_STATUS_NOTIFICATION: 2121 buflen = scsi_get_event_status_notification(s, r, outbuf); 2122 if (buflen < 0) { 2123 goto illegal_request; 2124 } 2125 break; 2126 case READ_DISC_INFORMATION: 2127 buflen = scsi_read_disc_information(s, r, outbuf); 2128 if (buflen < 0) { 2129 goto illegal_request; 2130 } 2131 break; 2132 case READ_DVD_STRUCTURE: 2133 buflen = scsi_read_dvd_structure(s, r, outbuf); 2134 if (buflen < 0) { 2135 goto illegal_request; 2136 } 2137 break; 2138 case SERVICE_ACTION_IN_16: 2139 /* Service Action In subcommands. */ 2140 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2141 trace_scsi_disk_emulate_command_SAI_16(); 2142 memset(outbuf, 0, req->cmd.xfer); 2143 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2144 if (!nb_sectors) { 2145 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2146 return 0; 2147 } 2148 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2149 goto illegal_request; 2150 } 2151 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2152 /* Returned value is the address of the last sector. */ 2153 nb_sectors--; 2154 /* Remember the new size for read/write sanity checking. */ 2155 s->qdev.max_lba = nb_sectors; 2156 outbuf[0] = (nb_sectors >> 56) & 0xff; 2157 outbuf[1] = (nb_sectors >> 48) & 0xff; 2158 outbuf[2] = (nb_sectors >> 40) & 0xff; 2159 outbuf[3] = (nb_sectors >> 32) & 0xff; 2160 outbuf[4] = (nb_sectors >> 24) & 0xff; 2161 outbuf[5] = (nb_sectors >> 16) & 0xff; 2162 outbuf[6] = (nb_sectors >> 8) & 0xff; 2163 outbuf[7] = nb_sectors & 0xff; 2164 outbuf[8] = 0; 2165 outbuf[9] = 0; 2166 outbuf[10] = s->qdev.blocksize >> 8; 2167 outbuf[11] = 0; 2168 outbuf[12] = 0; 2169 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2170 2171 /* set TPE bit if the format supports discard */ 2172 if (s->qdev.conf.discard_granularity) { 2173 outbuf[14] = 0x80; 2174 } 2175 2176 /* Protection, exponent and lowest lba field left blank. */ 2177 break; 2178 } 2179 trace_scsi_disk_emulate_command_SAI_unsupported(); 2180 goto illegal_request; 2181 case SYNCHRONIZE_CACHE: 2182 /* The request is used as the AIO opaque value, so add a ref. */ 2183 scsi_req_ref(&r->req); 2184 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2185 BLOCK_ACCT_FLUSH); 2186 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2187 return 0; 2188 case SEEK_10: 2189 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2190 if (r->req.cmd.lba > s->qdev.max_lba) { 2191 goto illegal_lba; 2192 } 2193 break; 2194 case MODE_SELECT: 2195 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2196 break; 2197 case MODE_SELECT_10: 2198 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2199 break; 2200 case UNMAP: 2201 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2202 break; 2203 case VERIFY_10: 2204 case VERIFY_12: 2205 case VERIFY_16: 2206 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2207 if (req->cmd.buf[1] & 6) { 2208 goto illegal_request; 2209 } 2210 break; 2211 case WRITE_SAME_10: 2212 case WRITE_SAME_16: 2213 trace_scsi_disk_emulate_command_WRITE_SAME( 2214 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2215 break; 2216 case FORMAT_UNIT: 2217 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer); 2218 break; 2219 default: 2220 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2221 scsi_command_name(buf[0])); 2222 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2223 return 0; 2224 } 2225 assert(!r->req.aiocb); 2226 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2227 if (r->iov.iov_len == 0) { 2228 scsi_req_complete(&r->req, GOOD); 2229 } 2230 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2231 assert(r->iov.iov_len == req->cmd.xfer); 2232 return -r->iov.iov_len; 2233 } else { 2234 return r->iov.iov_len; 2235 } 2236 2237 illegal_request: 2238 if (r->req.status == -1) { 2239 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2240 } 2241 return 0; 2242 2243 illegal_lba: 2244 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2245 return 0; 2246 } 2247 2248 /* Execute a scsi command. Returns the length of the data expected by the 2249 command. This will be Positive for data transfers from the device 2250 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2251 and zero if the command does not transfer any data. */ 2252 2253 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2254 { 2255 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2257 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2258 uint32_t len; 2259 uint8_t command; 2260 2261 command = buf[0]; 2262 2263 if (!blk_is_available(s->qdev.conf.blk)) { 2264 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2265 return 0; 2266 } 2267 2268 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2269 switch (command) { 2270 case READ_6: 2271 case READ_10: 2272 case READ_12: 2273 case READ_16: 2274 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2275 /* Protection information is not supported. For SCSI versions 2 and 2276 * older (as determined by snooping the guest's INQUIRY commands), 2277 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2278 */ 2279 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2280 goto illegal_request; 2281 } 2282 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2283 goto illegal_lba; 2284 } 2285 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2286 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2287 break; 2288 case WRITE_6: 2289 case WRITE_10: 2290 case WRITE_12: 2291 case WRITE_16: 2292 case WRITE_VERIFY_10: 2293 case WRITE_VERIFY_12: 2294 case WRITE_VERIFY_16: 2295 if (!blk_is_writable(s->qdev.conf.blk)) { 2296 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2297 return 0; 2298 } 2299 trace_scsi_disk_dma_command_WRITE( 2300 (command & 0xe) == 0xe ? "And Verify " : "", 2301 r->req.cmd.lba, len); 2302 /* fall through */ 2303 case VERIFY_10: 2304 case VERIFY_12: 2305 case VERIFY_16: 2306 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2307 * As far as DMA is concerned, we can treat it the same as a write; 2308 * scsi_block_do_sgio will send VERIFY commands. 2309 */ 2310 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2311 goto illegal_request; 2312 } 2313 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2314 goto illegal_lba; 2315 } 2316 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2317 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2318 break; 2319 default: 2320 abort(); 2321 illegal_request: 2322 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2323 return 0; 2324 illegal_lba: 2325 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2326 return 0; 2327 } 2328 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2329 if (r->sector_count == 0) { 2330 scsi_req_complete(&r->req, GOOD); 2331 } 2332 assert(r->iov.iov_len == 0); 2333 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2334 return -r->sector_count * BDRV_SECTOR_SIZE; 2335 } else { 2336 return r->sector_count * BDRV_SECTOR_SIZE; 2337 } 2338 } 2339 2340 static void scsi_disk_reset(DeviceState *dev) 2341 { 2342 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2343 uint64_t nb_sectors; 2344 2345 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2346 2347 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2348 2349 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2350 if (nb_sectors) { 2351 nb_sectors--; 2352 } 2353 s->qdev.max_lba = nb_sectors; 2354 /* reset tray statuses */ 2355 s->tray_locked = 0; 2356 s->tray_open = 0; 2357 2358 s->qdev.scsi_version = s->qdev.default_scsi_version; 2359 } 2360 2361 static void scsi_disk_drained_begin(void *opaque) 2362 { 2363 SCSIDiskState *s = opaque; 2364 2365 scsi_device_drained_begin(&s->qdev); 2366 } 2367 2368 static void scsi_disk_drained_end(void *opaque) 2369 { 2370 SCSIDiskState *s = opaque; 2371 2372 scsi_device_drained_end(&s->qdev); 2373 } 2374 2375 static void scsi_disk_resize_cb(void *opaque) 2376 { 2377 SCSIDiskState *s = opaque; 2378 2379 /* SPC lists this sense code as available only for 2380 * direct-access devices. 2381 */ 2382 if (s->qdev.type == TYPE_DISK) { 2383 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2384 } 2385 } 2386 2387 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2388 { 2389 SCSIDiskState *s = opaque; 2390 2391 /* 2392 * When a CD gets changed, we have to report an ejected state and 2393 * then a loaded state to guests so that they detect tray 2394 * open/close and media change events. Guests that do not use 2395 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2396 * states rely on this behavior. 2397 * 2398 * media_changed governs the state machine used for unit attention 2399 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2400 */ 2401 s->media_changed = load; 2402 s->tray_open = !load; 2403 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2404 s->media_event = true; 2405 s->eject_request = false; 2406 } 2407 2408 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2409 { 2410 SCSIDiskState *s = opaque; 2411 2412 s->eject_request = true; 2413 if (force) { 2414 s->tray_locked = false; 2415 } 2416 } 2417 2418 static bool scsi_cd_is_tray_open(void *opaque) 2419 { 2420 return ((SCSIDiskState *)opaque)->tray_open; 2421 } 2422 2423 static bool scsi_cd_is_medium_locked(void *opaque) 2424 { 2425 return ((SCSIDiskState *)opaque)->tray_locked; 2426 } 2427 2428 static const BlockDevOps scsi_disk_removable_block_ops = { 2429 .change_media_cb = scsi_cd_change_media_cb, 2430 .drained_begin = scsi_disk_drained_begin, 2431 .drained_end = scsi_disk_drained_end, 2432 .eject_request_cb = scsi_cd_eject_request_cb, 2433 .is_medium_locked = scsi_cd_is_medium_locked, 2434 .is_tray_open = scsi_cd_is_tray_open, 2435 .resize_cb = scsi_disk_resize_cb, 2436 }; 2437 2438 static const BlockDevOps scsi_disk_block_ops = { 2439 .drained_begin = scsi_disk_drained_begin, 2440 .drained_end = scsi_disk_drained_end, 2441 .resize_cb = scsi_disk_resize_cb, 2442 }; 2443 2444 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2445 { 2446 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2447 if (s->media_changed) { 2448 s->media_changed = false; 2449 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2450 } 2451 } 2452 2453 static void scsi_realize(SCSIDevice *dev, Error **errp) 2454 { 2455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2456 bool read_only; 2457 2458 if (!s->qdev.conf.blk) { 2459 error_setg(errp, "drive property not set"); 2460 return; 2461 } 2462 2463 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2464 !blk_is_inserted(s->qdev.conf.blk)) { 2465 error_setg(errp, "Device needs media, but drive is empty"); 2466 return; 2467 } 2468 2469 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2470 return; 2471 } 2472 2473 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2474 !s->qdev.hba_supports_iothread) 2475 { 2476 error_setg(errp, "HBA does not support iothreads"); 2477 return; 2478 } 2479 2480 if (dev->type == TYPE_DISK) { 2481 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2482 return; 2483 } 2484 } 2485 2486 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2487 if (dev->type == TYPE_ROM) { 2488 read_only = true; 2489 } 2490 2491 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2492 dev->type == TYPE_DISK, errp)) { 2493 return; 2494 } 2495 2496 if (s->qdev.conf.discard_granularity == -1) { 2497 s->qdev.conf.discard_granularity = 2498 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2499 } 2500 2501 if (!s->version) { 2502 s->version = g_strdup(qemu_hw_version()); 2503 } 2504 if (!s->vendor) { 2505 s->vendor = g_strdup("QEMU"); 2506 } 2507 if (s->serial && strlen(s->serial) > MAX_SERIAL_LEN) { 2508 error_setg(errp, "The serial number can't be longer than %d characters", 2509 MAX_SERIAL_LEN); 2510 return; 2511 } 2512 if (!s->device_id) { 2513 if (s->serial) { 2514 if (strlen(s->serial) > MAX_SERIAL_LEN_FOR_DEVID) { 2515 error_setg(errp, "The serial number can't be longer than %d " 2516 "characters when it is also used as the default for " 2517 "device_id", MAX_SERIAL_LEN_FOR_DEVID); 2518 return; 2519 } 2520 s->device_id = g_strdup(s->serial); 2521 } else { 2522 const char *str = blk_name(s->qdev.conf.blk); 2523 if (str && *str) { 2524 s->device_id = g_strdup(str); 2525 } 2526 } 2527 } 2528 2529 if (blk_is_sg(s->qdev.conf.blk)) { 2530 error_setg(errp, "unwanted /dev/sg*"); 2531 return; 2532 } 2533 2534 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2535 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2536 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2537 } else { 2538 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2539 } 2540 2541 blk_iostatus_enable(s->qdev.conf.blk); 2542 2543 add_boot_device_lchs(&dev->qdev, NULL, 2544 dev->conf.lcyls, 2545 dev->conf.lheads, 2546 dev->conf.lsecs); 2547 } 2548 2549 static void scsi_unrealize(SCSIDevice *dev) 2550 { 2551 del_boot_device_lchs(&dev->qdev, NULL); 2552 } 2553 2554 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2555 { 2556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2557 2558 /* can happen for devices without drive. The error message for missing 2559 * backend will be issued in scsi_realize 2560 */ 2561 if (s->qdev.conf.blk) { 2562 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2563 return; 2564 } 2565 } 2566 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2567 s->qdev.type = TYPE_DISK; 2568 if (!s->product) { 2569 s->product = g_strdup("QEMU HARDDISK"); 2570 } 2571 scsi_realize(&s->qdev, errp); 2572 } 2573 2574 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2575 { 2576 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2577 int ret; 2578 uint32_t blocksize = 2048; 2579 2580 if (!dev->conf.blk) { 2581 /* Anonymous BlockBackend for an empty drive. As we put it into 2582 * dev->conf, qdev takes care of detaching on unplug. */ 2583 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2584 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2585 assert(ret == 0); 2586 } 2587 2588 if (dev->conf.physical_block_size != 0) { 2589 blocksize = dev->conf.physical_block_size; 2590 } 2591 2592 s->qdev.blocksize = blocksize; 2593 s->qdev.type = TYPE_ROM; 2594 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2595 if (!s->product) { 2596 s->product = g_strdup("QEMU CD-ROM"); 2597 } 2598 scsi_realize(&s->qdev, errp); 2599 } 2600 2601 2602 static const SCSIReqOps scsi_disk_emulate_reqops = { 2603 .size = sizeof(SCSIDiskReq), 2604 .free_req = scsi_free_request, 2605 .send_command = scsi_disk_emulate_command, 2606 .read_data = scsi_disk_emulate_read_data, 2607 .write_data = scsi_disk_emulate_write_data, 2608 .get_buf = scsi_get_buf, 2609 }; 2610 2611 static const SCSIReqOps scsi_disk_dma_reqops = { 2612 .size = sizeof(SCSIDiskReq), 2613 .free_req = scsi_free_request, 2614 .send_command = scsi_disk_dma_command, 2615 .read_data = scsi_read_data, 2616 .write_data = scsi_write_data, 2617 .get_buf = scsi_get_buf, 2618 .load_request = scsi_disk_load_request, 2619 .save_request = scsi_disk_save_request, 2620 }; 2621 2622 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2623 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2624 [INQUIRY] = &scsi_disk_emulate_reqops, 2625 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2626 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2627 [START_STOP] = &scsi_disk_emulate_reqops, 2628 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2629 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2630 [READ_TOC] = &scsi_disk_emulate_reqops, 2631 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2632 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2633 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2634 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2635 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2636 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2637 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2638 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2639 [SEEK_10] = &scsi_disk_emulate_reqops, 2640 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2641 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2642 [UNMAP] = &scsi_disk_emulate_reqops, 2643 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2644 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2645 [VERIFY_10] = &scsi_disk_emulate_reqops, 2646 [VERIFY_12] = &scsi_disk_emulate_reqops, 2647 [VERIFY_16] = &scsi_disk_emulate_reqops, 2648 [FORMAT_UNIT] = &scsi_disk_emulate_reqops, 2649 2650 [READ_6] = &scsi_disk_dma_reqops, 2651 [READ_10] = &scsi_disk_dma_reqops, 2652 [READ_12] = &scsi_disk_dma_reqops, 2653 [READ_16] = &scsi_disk_dma_reqops, 2654 [WRITE_6] = &scsi_disk_dma_reqops, 2655 [WRITE_10] = &scsi_disk_dma_reqops, 2656 [WRITE_12] = &scsi_disk_dma_reqops, 2657 [WRITE_16] = &scsi_disk_dma_reqops, 2658 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2659 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2660 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2661 }; 2662 2663 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2664 { 2665 int len = scsi_cdb_length(buf); 2666 g_autoptr(GString) str = NULL; 2667 2668 assert(len > 0 && len <= 16); 2669 str = qemu_hexdump_line(NULL, buf, len, 1, 0); 2670 trace_scsi_disk_new_request(lun, tag, str->str); 2671 } 2672 2673 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2674 uint8_t *buf, void *hba_private) 2675 { 2676 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2677 SCSIRequest *req; 2678 const SCSIReqOps *ops; 2679 uint8_t command; 2680 2681 command = buf[0]; 2682 ops = scsi_disk_reqops_dispatch[command]; 2683 if (!ops) { 2684 ops = &scsi_disk_emulate_reqops; 2685 } 2686 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2687 2688 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2689 scsi_disk_new_request_dump(lun, tag, buf); 2690 } 2691 2692 return req; 2693 } 2694 2695 #ifdef __linux__ 2696 static int get_device_type(SCSIDiskState *s) 2697 { 2698 uint8_t cmd[16]; 2699 uint8_t buf[36]; 2700 int ret; 2701 2702 memset(cmd, 0, sizeof(cmd)); 2703 memset(buf, 0, sizeof(buf)); 2704 cmd[0] = INQUIRY; 2705 cmd[4] = sizeof(buf); 2706 2707 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2708 buf, sizeof(buf), s->qdev.io_timeout); 2709 if (ret < 0) { 2710 return -1; 2711 } 2712 s->qdev.type = buf[0]; 2713 if (buf[1] & 0x80) { 2714 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2715 } 2716 return 0; 2717 } 2718 2719 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2720 { 2721 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2722 int sg_version; 2723 int rc; 2724 2725 if (!s->qdev.conf.blk) { 2726 error_setg(errp, "drive property not set"); 2727 return; 2728 } 2729 2730 if (s->rotation_rate) { 2731 error_report_once("rotation_rate is specified for scsi-block but is " 2732 "not implemented. This option is deprecated and will " 2733 "be removed in a future version"); 2734 } 2735 2736 /* check we are using a driver managing SG_IO (version 3 and after) */ 2737 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2738 if (rc < 0) { 2739 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2740 if (rc != -EPERM) { 2741 error_append_hint(errp, "Is this a SCSI device?\n"); 2742 } 2743 return; 2744 } 2745 if (sg_version < 30000) { 2746 error_setg(errp, "scsi generic interface too old"); 2747 return; 2748 } 2749 2750 /* get device type from INQUIRY data */ 2751 rc = get_device_type(s); 2752 if (rc < 0) { 2753 error_setg(errp, "INQUIRY failed"); 2754 return; 2755 } 2756 2757 /* Make a guess for the block size, we'll fix it when the guest sends. 2758 * READ CAPACITY. If they don't, they likely would assume these sizes 2759 * anyway. (TODO: check in /sys). 2760 */ 2761 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2762 s->qdev.blocksize = 2048; 2763 } else { 2764 s->qdev.blocksize = 512; 2765 } 2766 2767 /* Makes the scsi-block device not removable by using HMP and QMP eject 2768 * command. 2769 */ 2770 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2771 2772 scsi_realize(&s->qdev, errp); 2773 scsi_generic_read_device_inquiry(&s->qdev); 2774 } 2775 2776 typedef struct SCSIBlockReq { 2777 SCSIDiskReq req; 2778 sg_io_hdr_t io_header; 2779 2780 /* Selected bytes of the original CDB, copied into our own CDB. */ 2781 uint8_t cmd, cdb1, group_number; 2782 2783 /* CDB passed to SG_IO. */ 2784 uint8_t cdb[16]; 2785 BlockCompletionFunc *cb; 2786 void *cb_opaque; 2787 } SCSIBlockReq; 2788 2789 static void scsi_block_sgio_complete(void *opaque, int ret) 2790 { 2791 SCSIBlockReq *req = (SCSIBlockReq *)opaque; 2792 SCSIDiskReq *r = &req->req; 2793 sg_io_hdr_t *io_hdr = &req->io_header; 2794 2795 if (ret == 0) { 2796 if (io_hdr->host_status != SCSI_HOST_OK) { 2797 scsi_req_complete_failed(&r->req, io_hdr->host_status); 2798 scsi_req_unref(&r->req); 2799 return; 2800 } 2801 2802 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) { 2803 ret = BUSY; 2804 } else { 2805 ret = io_hdr->status; 2806 } 2807 2808 if (ret > 0) { 2809 if (scsi_handle_rw_error(r, ret, true)) { 2810 scsi_req_unref(&r->req); 2811 return; 2812 } 2813 2814 /* Ignore error. */ 2815 ret = 0; 2816 } 2817 } 2818 2819 req->cb(req->cb_opaque, ret); 2820 } 2821 2822 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2823 int64_t offset, QEMUIOVector *iov, 2824 int direction, 2825 BlockCompletionFunc *cb, void *opaque) 2826 { 2827 sg_io_hdr_t *io_header = &req->io_header; 2828 SCSIDiskReq *r = &req->req; 2829 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2830 int nb_logical_blocks; 2831 uint64_t lba; 2832 BlockAIOCB *aiocb; 2833 2834 /* This is not supported yet. It can only happen if the guest does 2835 * reads and writes that are not aligned to one logical sectors 2836 * _and_ cover multiple MemoryRegions. 2837 */ 2838 assert(offset % s->qdev.blocksize == 0); 2839 assert(iov->size % s->qdev.blocksize == 0); 2840 2841 io_header->interface_id = 'S'; 2842 2843 /* The data transfer comes from the QEMUIOVector. */ 2844 io_header->dxfer_direction = direction; 2845 io_header->dxfer_len = iov->size; 2846 io_header->dxferp = (void *)iov->iov; 2847 io_header->iovec_count = iov->niov; 2848 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2849 2850 /* Build a new CDB with the LBA and length patched in, in case 2851 * DMA helpers split the transfer in multiple segments. Do not 2852 * build a CDB smaller than what the guest wanted, and only build 2853 * a larger one if strictly necessary. 2854 */ 2855 io_header->cmdp = req->cdb; 2856 lba = offset / s->qdev.blocksize; 2857 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2858 2859 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2860 /* 6-byte CDB */ 2861 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2862 req->cdb[4] = nb_logical_blocks; 2863 req->cdb[5] = 0; 2864 io_header->cmd_len = 6; 2865 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2866 /* 10-byte CDB */ 2867 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2868 req->cdb[1] = req->cdb1; 2869 stl_be_p(&req->cdb[2], lba); 2870 req->cdb[6] = req->group_number; 2871 stw_be_p(&req->cdb[7], nb_logical_blocks); 2872 req->cdb[9] = 0; 2873 io_header->cmd_len = 10; 2874 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2875 /* 12-byte CDB */ 2876 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2877 req->cdb[1] = req->cdb1; 2878 stl_be_p(&req->cdb[2], lba); 2879 stl_be_p(&req->cdb[6], nb_logical_blocks); 2880 req->cdb[10] = req->group_number; 2881 req->cdb[11] = 0; 2882 io_header->cmd_len = 12; 2883 } else { 2884 /* 16-byte CDB */ 2885 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2886 req->cdb[1] = req->cdb1; 2887 stq_be_p(&req->cdb[2], lba); 2888 stl_be_p(&req->cdb[10], nb_logical_blocks); 2889 req->cdb[14] = req->group_number; 2890 req->cdb[15] = 0; 2891 io_header->cmd_len = 16; 2892 } 2893 2894 /* The rest is as in scsi-generic.c. */ 2895 io_header->mx_sb_len = sizeof(r->req.sense); 2896 io_header->sbp = r->req.sense; 2897 io_header->timeout = s->qdev.io_timeout * 1000; 2898 io_header->usr_ptr = r; 2899 io_header->flags |= SG_FLAG_DIRECT_IO; 2900 req->cb = cb; 2901 req->cb_opaque = opaque; 2902 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2903 nb_logical_blocks, io_header->timeout); 2904 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req); 2905 assert(aiocb != NULL); 2906 return aiocb; 2907 } 2908 2909 static bool scsi_block_no_fua(SCSICommand *cmd) 2910 { 2911 return false; 2912 } 2913 2914 static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2915 QEMUIOVector *iov, 2916 BlockCompletionFunc *cb, void *cb_opaque, 2917 void *opaque) 2918 { 2919 SCSIBlockReq *r = opaque; 2920 return scsi_block_do_sgio(r, offset, iov, 2921 SG_DXFER_FROM_DEV, cb, cb_opaque); 2922 } 2923 2924 static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2925 QEMUIOVector *iov, 2926 BlockCompletionFunc *cb, void *cb_opaque, 2927 void *opaque) 2928 { 2929 SCSIBlockReq *r = opaque; 2930 return scsi_block_do_sgio(r, offset, iov, 2931 SG_DXFER_TO_DEV, cb, cb_opaque); 2932 } 2933 2934 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2935 { 2936 switch (buf[0]) { 2937 case VERIFY_10: 2938 case VERIFY_12: 2939 case VERIFY_16: 2940 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2941 * for the number of logical blocks specified in the length 2942 * field). For other modes, do not use scatter/gather operation. 2943 */ 2944 if ((buf[1] & 6) == 2) { 2945 return false; 2946 } 2947 break; 2948 2949 case READ_6: 2950 case READ_10: 2951 case READ_12: 2952 case READ_16: 2953 case WRITE_6: 2954 case WRITE_10: 2955 case WRITE_12: 2956 case WRITE_16: 2957 case WRITE_VERIFY_10: 2958 case WRITE_VERIFY_12: 2959 case WRITE_VERIFY_16: 2960 /* MMC writing cannot be done via DMA helpers, because it sometimes 2961 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2962 * We might use scsi_block_dma_reqops as long as no writing commands are 2963 * seen, but performance usually isn't paramount on optical media. So, 2964 * just make scsi-block operate the same as scsi-generic for them. 2965 */ 2966 if (s->qdev.type != TYPE_ROM) { 2967 return false; 2968 } 2969 break; 2970 2971 default: 2972 break; 2973 } 2974 2975 return true; 2976 } 2977 2978 2979 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2980 { 2981 SCSIBlockReq *r = (SCSIBlockReq *)req; 2982 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2983 2984 r->cmd = req->cmd.buf[0]; 2985 switch (r->cmd >> 5) { 2986 case 0: 2987 /* 6-byte CDB. */ 2988 r->cdb1 = r->group_number = 0; 2989 break; 2990 case 1: 2991 /* 10-byte CDB. */ 2992 r->cdb1 = req->cmd.buf[1]; 2993 r->group_number = req->cmd.buf[6]; 2994 break; 2995 case 4: 2996 /* 12-byte CDB. */ 2997 r->cdb1 = req->cmd.buf[1]; 2998 r->group_number = req->cmd.buf[10]; 2999 break; 3000 case 5: 3001 /* 16-byte CDB. */ 3002 r->cdb1 = req->cmd.buf[1]; 3003 r->group_number = req->cmd.buf[14]; 3004 break; 3005 default: 3006 abort(); 3007 } 3008 3009 /* Protection information is not supported. For SCSI versions 2 and 3010 * older (as determined by snooping the guest's INQUIRY commands), 3011 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 3012 */ 3013 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 3014 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 3015 return 0; 3016 } 3017 3018 return scsi_disk_dma_command(req, buf); 3019 } 3020 3021 static const SCSIReqOps scsi_block_dma_reqops = { 3022 .size = sizeof(SCSIBlockReq), 3023 .free_req = scsi_free_request, 3024 .send_command = scsi_block_dma_command, 3025 .read_data = scsi_read_data, 3026 .write_data = scsi_write_data, 3027 .get_buf = scsi_get_buf, 3028 .load_request = scsi_disk_load_request, 3029 .save_request = scsi_disk_save_request, 3030 }; 3031 3032 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 3033 uint32_t lun, uint8_t *buf, 3034 void *hba_private) 3035 { 3036 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3037 3038 if (scsi_block_is_passthrough(s, buf)) { 3039 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 3040 hba_private); 3041 } else { 3042 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 3043 hba_private); 3044 } 3045 } 3046 3047 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 3048 uint8_t *buf, size_t buf_len, 3049 void *hba_private) 3050 { 3051 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 3052 3053 if (scsi_block_is_passthrough(s, buf)) { 3054 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private); 3055 } else { 3056 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len); 3057 } 3058 } 3059 3060 static void scsi_block_update_sense(SCSIRequest *req) 3061 { 3062 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 3063 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 3064 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 3065 } 3066 #endif 3067 3068 static 3069 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 3070 BlockCompletionFunc *cb, void *cb_opaque, 3071 void *opaque) 3072 { 3073 SCSIDiskReq *r = opaque; 3074 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3075 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3076 } 3077 3078 static 3079 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 3080 BlockCompletionFunc *cb, void *cb_opaque, 3081 void *opaque) 3082 { 3083 SCSIDiskReq *r = opaque; 3084 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 3085 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 3086 } 3087 3088 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 3089 { 3090 DeviceClass *dc = DEVICE_CLASS(klass); 3091 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3092 3093 dc->fw_name = "disk"; 3094 dc->reset = scsi_disk_reset; 3095 sdc->dma_readv = scsi_dma_readv; 3096 sdc->dma_writev = scsi_dma_writev; 3097 sdc->need_fua_emulation = scsi_is_cmd_fua; 3098 } 3099 3100 static const TypeInfo scsi_disk_base_info = { 3101 .name = TYPE_SCSI_DISK_BASE, 3102 .parent = TYPE_SCSI_DEVICE, 3103 .class_init = scsi_disk_base_class_initfn, 3104 .instance_size = sizeof(SCSIDiskState), 3105 .class_size = sizeof(SCSIDiskClass), 3106 .abstract = true, 3107 }; 3108 3109 #define DEFINE_SCSI_DISK_PROPERTIES() \ 3110 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 3111 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 3112 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3113 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 3114 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 3115 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 3116 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 3117 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 3118 3119 3120 static Property scsi_hd_properties[] = { 3121 DEFINE_SCSI_DISK_PROPERTIES(), 3122 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3123 SCSI_DISK_F_REMOVABLE, false), 3124 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3125 SCSI_DISK_F_DPOFUA, false), 3126 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3127 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3128 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3129 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3130 DEFAULT_MAX_UNMAP_SIZE), 3131 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3132 DEFAULT_MAX_IO_SIZE), 3133 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3134 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3135 5), 3136 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3137 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3138 0), 3139 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3140 DEFINE_PROP_END_OF_LIST(), 3141 }; 3142 3143 static const VMStateDescription vmstate_scsi_disk_state = { 3144 .name = "scsi-disk", 3145 .version_id = 1, 3146 .minimum_version_id = 1, 3147 .fields = (const VMStateField[]) { 3148 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3149 VMSTATE_BOOL(media_changed, SCSIDiskState), 3150 VMSTATE_BOOL(media_event, SCSIDiskState), 3151 VMSTATE_BOOL(eject_request, SCSIDiskState), 3152 VMSTATE_BOOL(tray_open, SCSIDiskState), 3153 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3154 VMSTATE_END_OF_LIST() 3155 } 3156 }; 3157 3158 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3159 { 3160 DeviceClass *dc = DEVICE_CLASS(klass); 3161 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3162 3163 sc->realize = scsi_hd_realize; 3164 sc->unrealize = scsi_unrealize; 3165 sc->alloc_req = scsi_new_request; 3166 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3167 dc->desc = "virtual SCSI disk"; 3168 device_class_set_props(dc, scsi_hd_properties); 3169 dc->vmsd = &vmstate_scsi_disk_state; 3170 } 3171 3172 static const TypeInfo scsi_hd_info = { 3173 .name = "scsi-hd", 3174 .parent = TYPE_SCSI_DISK_BASE, 3175 .class_init = scsi_hd_class_initfn, 3176 }; 3177 3178 static Property scsi_cd_properties[] = { 3179 DEFINE_SCSI_DISK_PROPERTIES(), 3180 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3181 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3182 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3183 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3184 DEFAULT_MAX_IO_SIZE), 3185 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3186 5), 3187 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks, 3188 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0), 3189 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks, 3190 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0), 3191 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState, 3192 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE, 3193 0), 3194 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks, 3195 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0), 3196 DEFINE_PROP_END_OF_LIST(), 3197 }; 3198 3199 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3200 { 3201 DeviceClass *dc = DEVICE_CLASS(klass); 3202 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3203 3204 sc->realize = scsi_cd_realize; 3205 sc->alloc_req = scsi_new_request; 3206 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3207 dc->desc = "virtual SCSI CD-ROM"; 3208 device_class_set_props(dc, scsi_cd_properties); 3209 dc->vmsd = &vmstate_scsi_disk_state; 3210 } 3211 3212 static const TypeInfo scsi_cd_info = { 3213 .name = "scsi-cd", 3214 .parent = TYPE_SCSI_DISK_BASE, 3215 .class_init = scsi_cd_class_initfn, 3216 }; 3217 3218 #ifdef __linux__ 3219 static Property scsi_block_properties[] = { 3220 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3221 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3222 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3223 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3224 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3225 DEFAULT_MAX_UNMAP_SIZE), 3226 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3227 DEFAULT_MAX_IO_SIZE), 3228 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3229 -1), 3230 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3231 DEFAULT_IO_TIMEOUT), 3232 DEFINE_PROP_END_OF_LIST(), 3233 }; 3234 3235 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3236 { 3237 DeviceClass *dc = DEVICE_CLASS(klass); 3238 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3239 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3240 3241 sc->realize = scsi_block_realize; 3242 sc->alloc_req = scsi_block_new_request; 3243 sc->parse_cdb = scsi_block_parse_cdb; 3244 sdc->dma_readv = scsi_block_dma_readv; 3245 sdc->dma_writev = scsi_block_dma_writev; 3246 sdc->update_sense = scsi_block_update_sense; 3247 sdc->need_fua_emulation = scsi_block_no_fua; 3248 dc->desc = "SCSI block device passthrough"; 3249 device_class_set_props(dc, scsi_block_properties); 3250 dc->vmsd = &vmstate_scsi_disk_state; 3251 } 3252 3253 static const TypeInfo scsi_block_info = { 3254 .name = "scsi-block", 3255 .parent = TYPE_SCSI_DISK_BASE, 3256 .class_init = scsi_block_class_initfn, 3257 }; 3258 #endif 3259 3260 static void scsi_disk_register_types(void) 3261 { 3262 type_register_static(&scsi_disk_base_info); 3263 type_register_static(&scsi_hd_info); 3264 type_register_static(&scsi_cd_info); 3265 #ifdef __linux__ 3266 type_register_static(&scsi_block_info); 3267 #endif 3268 } 3269 3270 type_init(scsi_disk_register_types) 3271