1 /* 2 * Generic SCSI Device support 3 * 4 * Copyright (c) 2007 Bull S.A.S. 5 * Based on code by Paul Brook 6 * Based on code by Fabrice Bellard 7 * 8 * Written by Laurent Vivier <Laurent.Vivier@bull.net> 9 * 10 * This code is licensed under the LGPL. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qapi/error.h" 16 #include "qemu-common.h" 17 #include "qemu/error-report.h" 18 #include "hw/scsi/scsi.h" 19 #include "sysemu/block-backend.h" 20 #include "sysemu/blockdev.h" 21 22 #ifdef __linux__ 23 24 //#define DEBUG_SCSI 25 26 #ifdef DEBUG_SCSI 27 #define DPRINTF(fmt, ...) \ 28 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 29 #else 30 #define DPRINTF(fmt, ...) do {} while(0) 31 #endif 32 33 #define BADF(fmt, ...) \ 34 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 35 36 #include <scsi/sg.h> 37 #include "block/scsi.h" 38 39 #define SG_ERR_DRIVER_TIMEOUT 0x06 40 #define SG_ERR_DRIVER_SENSE 0x08 41 42 #define SG_ERR_DID_OK 0x00 43 #define SG_ERR_DID_NO_CONNECT 0x01 44 #define SG_ERR_DID_BUS_BUSY 0x02 45 #define SG_ERR_DID_TIME_OUT 0x03 46 47 #ifndef MAX_UINT 48 #define MAX_UINT ((unsigned int)-1) 49 #endif 50 51 typedef struct SCSIGenericReq { 52 SCSIRequest req; 53 uint8_t *buf; 54 int buflen; 55 int len; 56 sg_io_hdr_t io_header; 57 } SCSIGenericReq; 58 59 static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req) 60 { 61 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 62 63 qemu_put_sbe32s(f, &r->buflen); 64 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 65 assert(!r->req.sg); 66 qemu_put_buffer(f, r->buf, r->req.cmd.xfer); 67 } 68 } 69 70 static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req) 71 { 72 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 73 74 qemu_get_sbe32s(f, &r->buflen); 75 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 76 assert(!r->req.sg); 77 qemu_get_buffer(f, r->buf, r->req.cmd.xfer); 78 } 79 } 80 81 static void scsi_free_request(SCSIRequest *req) 82 { 83 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 84 85 g_free(r->buf); 86 } 87 88 /* Helper function for command completion. */ 89 static void scsi_command_complete_noio(SCSIGenericReq *r, int ret) 90 { 91 int status; 92 93 assert(r->req.aiocb == NULL); 94 95 if (r->req.io_canceled) { 96 scsi_req_cancel_complete(&r->req); 97 goto done; 98 } 99 if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 100 r->req.sense_len = r->io_header.sb_len_wr; 101 } 102 103 if (ret != 0) { 104 switch (ret) { 105 case -EDOM: 106 status = TASK_SET_FULL; 107 break; 108 case -ENOMEM: 109 status = CHECK_CONDITION; 110 scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE)); 111 break; 112 default: 113 status = CHECK_CONDITION; 114 scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR)); 115 break; 116 } 117 } else { 118 if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT || 119 r->io_header.host_status == SG_ERR_DID_BUS_BUSY || 120 r->io_header.host_status == SG_ERR_DID_TIME_OUT || 121 (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) { 122 status = BUSY; 123 BADF("Driver Timeout\n"); 124 } else if (r->io_header.host_status) { 125 status = CHECK_CONDITION; 126 scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS)); 127 } else if (r->io_header.status) { 128 status = r->io_header.status; 129 } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 130 status = CHECK_CONDITION; 131 } else { 132 status = GOOD; 133 } 134 } 135 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n", 136 r, r->req.tag, status); 137 138 scsi_req_complete(&r->req, status); 139 done: 140 scsi_req_unref(&r->req); 141 } 142 143 static void scsi_command_complete(void *opaque, int ret) 144 { 145 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 146 SCSIDevice *s = r->req.dev; 147 148 assert(r->req.aiocb != NULL); 149 r->req.aiocb = NULL; 150 151 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 152 scsi_command_complete_noio(r, ret); 153 aio_context_release(blk_get_aio_context(s->conf.blk)); 154 } 155 156 static int execute_command(BlockBackend *blk, 157 SCSIGenericReq *r, int direction, 158 BlockCompletionFunc *complete) 159 { 160 r->io_header.interface_id = 'S'; 161 r->io_header.dxfer_direction = direction; 162 r->io_header.dxferp = r->buf; 163 r->io_header.dxfer_len = r->buflen; 164 r->io_header.cmdp = r->req.cmd.buf; 165 r->io_header.cmd_len = r->req.cmd.len; 166 r->io_header.mx_sb_len = sizeof(r->req.sense); 167 r->io_header.sbp = r->req.sense; 168 r->io_header.timeout = MAX_UINT; 169 r->io_header.usr_ptr = r; 170 r->io_header.flags |= SG_FLAG_DIRECT_IO; 171 172 r->req.aiocb = blk_aio_ioctl(blk, SG_IO, &r->io_header, complete, r); 173 if (r->req.aiocb == NULL) { 174 return -EIO; 175 } 176 177 return 0; 178 } 179 180 static void scsi_read_complete(void * opaque, int ret) 181 { 182 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 183 SCSIDevice *s = r->req.dev; 184 int len; 185 186 assert(r->req.aiocb != NULL); 187 r->req.aiocb = NULL; 188 189 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 190 191 if (ret || r->req.io_canceled) { 192 scsi_command_complete_noio(r, ret); 193 goto done; 194 } 195 196 len = r->io_header.dxfer_len - r->io_header.resid; 197 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len); 198 199 r->len = -1; 200 if (len == 0) { 201 scsi_command_complete_noio(r, 0); 202 goto done; 203 } 204 205 /* Snoop READ CAPACITY output to set the blocksize. */ 206 if (r->req.cmd.buf[0] == READ_CAPACITY_10 && 207 (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) { 208 s->blocksize = ldl_be_p(&r->buf[4]); 209 s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL; 210 } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 && 211 (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 212 s->blocksize = ldl_be_p(&r->buf[8]); 213 s->max_lba = ldq_be_p(&r->buf[0]); 214 } 215 blk_set_guest_block_size(s->conf.blk, s->blocksize); 216 217 /* Patch MODE SENSE device specific parameters if the BDS is opened 218 * readonly. 219 */ 220 if ((s->type == TYPE_DISK || s->type == TYPE_TAPE) && 221 blk_is_read_only(s->conf.blk) && 222 (r->req.cmd.buf[0] == MODE_SENSE || 223 r->req.cmd.buf[0] == MODE_SENSE_10) && 224 (r->req.cmd.buf[1] & 0x8) == 0) { 225 if (r->req.cmd.buf[0] == MODE_SENSE) { 226 r->buf[2] |= 0x80; 227 } else { 228 r->buf[3] |= 0x80; 229 } 230 } 231 if (s->type == TYPE_DISK && 232 r->req.cmd.buf[0] == INQUIRY && 233 r->req.cmd.buf[2] == 0xb0) { 234 uint32_t max_transfer = 235 blk_get_max_transfer(s->conf.blk) / s->blocksize; 236 237 assert(max_transfer); 238 stl_be_p(&r->buf[8], max_transfer); 239 /* Also take care of the opt xfer len. */ 240 if (ldl_be_p(&r->buf[12]) > max_transfer) { 241 stl_be_p(&r->buf[12], max_transfer); 242 } 243 } 244 scsi_req_data(&r->req, len); 245 scsi_req_unref(&r->req); 246 247 done: 248 aio_context_release(blk_get_aio_context(s->conf.blk)); 249 } 250 251 /* Read more data from scsi device into buffer. */ 252 static void scsi_read_data(SCSIRequest *req) 253 { 254 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 255 SCSIDevice *s = r->req.dev; 256 int ret; 257 258 DPRINTF("scsi_read_data tag=0x%x\n", req->tag); 259 260 /* The request is used as the AIO opaque value, so add a ref. */ 261 scsi_req_ref(&r->req); 262 if (r->len == -1) { 263 scsi_command_complete_noio(r, 0); 264 return; 265 } 266 267 ret = execute_command(s->conf.blk, r, SG_DXFER_FROM_DEV, 268 scsi_read_complete); 269 if (ret < 0) { 270 scsi_command_complete_noio(r, ret); 271 } 272 } 273 274 static void scsi_write_complete(void * opaque, int ret) 275 { 276 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 277 SCSIDevice *s = r->req.dev; 278 279 DPRINTF("scsi_write_complete() ret = %d\n", ret); 280 281 assert(r->req.aiocb != NULL); 282 r->req.aiocb = NULL; 283 284 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 285 286 if (ret || r->req.io_canceled) { 287 scsi_command_complete_noio(r, ret); 288 goto done; 289 } 290 291 if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 && 292 s->type == TYPE_TAPE) { 293 s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11]; 294 DPRINTF("block size %d\n", s->blocksize); 295 } 296 297 scsi_command_complete_noio(r, ret); 298 299 done: 300 aio_context_release(blk_get_aio_context(s->conf.blk)); 301 } 302 303 /* Write data to a scsi device. Returns nonzero on failure. 304 The transfer may complete asynchronously. */ 305 static void scsi_write_data(SCSIRequest *req) 306 { 307 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 308 SCSIDevice *s = r->req.dev; 309 int ret; 310 311 DPRINTF("scsi_write_data tag=0x%x\n", req->tag); 312 if (r->len == 0) { 313 r->len = r->buflen; 314 scsi_req_data(&r->req, r->len); 315 return; 316 } 317 318 /* The request is used as the AIO opaque value, so add a ref. */ 319 scsi_req_ref(&r->req); 320 ret = execute_command(s->conf.blk, r, SG_DXFER_TO_DEV, scsi_write_complete); 321 if (ret < 0) { 322 scsi_command_complete_noio(r, ret); 323 } 324 } 325 326 /* Return a pointer to the data buffer. */ 327 static uint8_t *scsi_get_buf(SCSIRequest *req) 328 { 329 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 330 331 return r->buf; 332 } 333 334 /* Execute a scsi command. Returns the length of the data expected by the 335 command. This will be Positive for data transfers from the device 336 (eg. disk reads), negative for transfers to the device (eg. disk writes), 337 and zero if the command does not transfer any data. */ 338 339 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd) 340 { 341 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 342 SCSIDevice *s = r->req.dev; 343 int ret; 344 345 #ifdef DEBUG_SCSI 346 DPRINTF("Command: data=0x%02x", cmd[0]); 347 { 348 int i; 349 for (i = 1; i < r->req.cmd.len; i++) { 350 printf(" 0x%02x", cmd[i]); 351 } 352 printf("\n"); 353 } 354 #endif 355 356 if (r->req.cmd.xfer == 0) { 357 g_free(r->buf); 358 r->buflen = 0; 359 r->buf = NULL; 360 /* The request is used as the AIO opaque value, so add a ref. */ 361 scsi_req_ref(&r->req); 362 ret = execute_command(s->conf.blk, r, SG_DXFER_NONE, 363 scsi_command_complete); 364 if (ret < 0) { 365 scsi_command_complete_noio(r, ret); 366 return 0; 367 } 368 return 0; 369 } 370 371 if (r->buflen != r->req.cmd.xfer) { 372 g_free(r->buf); 373 r->buf = g_malloc(r->req.cmd.xfer); 374 r->buflen = r->req.cmd.xfer; 375 } 376 377 memset(r->buf, 0, r->buflen); 378 r->len = r->req.cmd.xfer; 379 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 380 r->len = 0; 381 return -r->req.cmd.xfer; 382 } else { 383 return r->req.cmd.xfer; 384 } 385 } 386 387 static int read_naa_id(const uint8_t *p, uint64_t *p_wwn) 388 { 389 int i; 390 391 if ((p[1] & 0xF) == 3) { 392 /* NAA designator type */ 393 if (p[3] != 8) { 394 return -EINVAL; 395 } 396 *p_wwn = ldq_be_p(p + 4); 397 return 0; 398 } 399 400 if ((p[1] & 0xF) == 8) { 401 /* SCSI name string designator type */ 402 if (p[3] < 20 || memcmp(&p[4], "naa.", 4)) { 403 return -EINVAL; 404 } 405 if (p[3] > 20 && p[24] != ',') { 406 return -EINVAL; 407 } 408 *p_wwn = 0; 409 for (i = 8; i < 24; i++) { 410 char c = toupper(p[i]); 411 c -= (c >= '0' && c <= '9' ? '0' : 'A' - 10); 412 *p_wwn = (*p_wwn << 4) | c; 413 } 414 return 0; 415 } 416 417 return -EINVAL; 418 } 419 420 void scsi_generic_read_device_identification(SCSIDevice *s) 421 { 422 uint8_t cmd[6]; 423 uint8_t buf[250]; 424 uint8_t sensebuf[8]; 425 sg_io_hdr_t io_header; 426 int ret; 427 int i, len; 428 429 memset(cmd, 0, sizeof(cmd)); 430 memset(buf, 0, sizeof(buf)); 431 cmd[0] = INQUIRY; 432 cmd[1] = 1; 433 cmd[2] = 0x83; 434 cmd[4] = sizeof(buf); 435 436 memset(&io_header, 0, sizeof(io_header)); 437 io_header.interface_id = 'S'; 438 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 439 io_header.dxfer_len = sizeof(buf); 440 io_header.dxferp = buf; 441 io_header.cmdp = cmd; 442 io_header.cmd_len = sizeof(cmd); 443 io_header.mx_sb_len = sizeof(sensebuf); 444 io_header.sbp = sensebuf; 445 io_header.timeout = 6000; /* XXX */ 446 447 ret = blk_ioctl(s->conf.blk, SG_IO, &io_header); 448 if (ret < 0 || io_header.driver_status || io_header.host_status) { 449 return; 450 } 451 452 len = MIN((buf[2] << 8) | buf[3], sizeof(buf) - 4); 453 for (i = 0; i + 3 <= len; ) { 454 const uint8_t *p = &buf[i + 4]; 455 uint64_t wwn; 456 457 if (i + (p[3] + 4) > len) { 458 break; 459 } 460 461 if ((p[1] & 0x10) == 0) { 462 /* Associated with the logical unit */ 463 if (read_naa_id(p, &wwn) == 0) { 464 s->wwn = wwn; 465 } 466 } else if ((p[1] & 0x10) == 0x10) { 467 /* Associated with the target port */ 468 if (read_naa_id(p, &wwn) == 0) { 469 s->port_wwn = wwn; 470 } 471 } 472 473 i += p[3] + 4; 474 } 475 } 476 477 static int get_stream_blocksize(BlockBackend *blk) 478 { 479 uint8_t cmd[6]; 480 uint8_t buf[12]; 481 uint8_t sensebuf[8]; 482 sg_io_hdr_t io_header; 483 int ret; 484 485 memset(cmd, 0, sizeof(cmd)); 486 memset(buf, 0, sizeof(buf)); 487 cmd[0] = MODE_SENSE; 488 cmd[4] = sizeof(buf); 489 490 memset(&io_header, 0, sizeof(io_header)); 491 io_header.interface_id = 'S'; 492 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 493 io_header.dxfer_len = sizeof(buf); 494 io_header.dxferp = buf; 495 io_header.cmdp = cmd; 496 io_header.cmd_len = sizeof(cmd); 497 io_header.mx_sb_len = sizeof(sensebuf); 498 io_header.sbp = sensebuf; 499 io_header.timeout = 6000; /* XXX */ 500 501 ret = blk_ioctl(blk, SG_IO, &io_header); 502 if (ret < 0 || io_header.driver_status || io_header.host_status) { 503 return -1; 504 } 505 return (buf[9] << 16) | (buf[10] << 8) | buf[11]; 506 } 507 508 static void scsi_generic_reset(DeviceState *dev) 509 { 510 SCSIDevice *s = SCSI_DEVICE(dev); 511 512 scsi_device_purge_requests(s, SENSE_CODE(RESET)); 513 } 514 515 static void scsi_generic_realize(SCSIDevice *s, Error **errp) 516 { 517 int rc; 518 int sg_version; 519 struct sg_scsi_id scsiid; 520 521 if (!s->conf.blk) { 522 error_setg(errp, "drive property not set"); 523 return; 524 } 525 526 if (blk_get_on_error(s->conf.blk, 0) != BLOCKDEV_ON_ERROR_ENOSPC) { 527 error_setg(errp, "Device doesn't support drive option werror"); 528 return; 529 } 530 if (blk_get_on_error(s->conf.blk, 1) != BLOCKDEV_ON_ERROR_REPORT) { 531 error_setg(errp, "Device doesn't support drive option rerror"); 532 return; 533 } 534 535 /* check we are using a driver managing SG_IO (version 3 and after */ 536 rc = blk_ioctl(s->conf.blk, SG_GET_VERSION_NUM, &sg_version); 537 if (rc < 0) { 538 error_setg(errp, "cannot get SG_IO version number: %s. " 539 "Is this a SCSI device?", 540 strerror(-rc)); 541 return; 542 } 543 if (sg_version < 30000) { 544 error_setg(errp, "scsi generic interface too old"); 545 return; 546 } 547 548 /* get LUN of the /dev/sg? */ 549 if (blk_ioctl(s->conf.blk, SG_GET_SCSI_ID, &scsiid)) { 550 error_setg(errp, "SG_GET_SCSI_ID ioctl failed"); 551 return; 552 } 553 554 /* define device state */ 555 s->type = scsiid.scsi_type; 556 DPRINTF("device type %d\n", s->type); 557 558 switch (s->type) { 559 case TYPE_TAPE: 560 s->blocksize = get_stream_blocksize(s->conf.blk); 561 if (s->blocksize == -1) { 562 s->blocksize = 0; 563 } 564 break; 565 566 /* Make a guess for block devices, we'll fix it when the guest sends. 567 * READ CAPACITY. If they don't, they likely would assume these sizes 568 * anyway. (TODO: they could also send MODE SENSE). 569 */ 570 case TYPE_ROM: 571 case TYPE_WORM: 572 s->blocksize = 2048; 573 break; 574 default: 575 s->blocksize = 512; 576 break; 577 } 578 579 DPRINTF("block size %d\n", s->blocksize); 580 581 scsi_generic_read_device_identification(s); 582 } 583 584 const SCSIReqOps scsi_generic_req_ops = { 585 .size = sizeof(SCSIGenericReq), 586 .free_req = scsi_free_request, 587 .send_command = scsi_send_command, 588 .read_data = scsi_read_data, 589 .write_data = scsi_write_data, 590 .get_buf = scsi_get_buf, 591 .load_request = scsi_generic_load_request, 592 .save_request = scsi_generic_save_request, 593 }; 594 595 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 596 uint8_t *buf, void *hba_private) 597 { 598 return scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private); 599 } 600 601 static Property scsi_generic_properties[] = { 602 DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.blk), 603 DEFINE_PROP_END_OF_LIST(), 604 }; 605 606 static int scsi_generic_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, 607 uint8_t *buf, void *hba_private) 608 { 609 return scsi_bus_parse_cdb(dev, cmd, buf, hba_private); 610 } 611 612 static void scsi_generic_class_initfn(ObjectClass *klass, void *data) 613 { 614 DeviceClass *dc = DEVICE_CLASS(klass); 615 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 616 617 sc->realize = scsi_generic_realize; 618 sc->alloc_req = scsi_new_request; 619 sc->parse_cdb = scsi_generic_parse_cdb; 620 dc->fw_name = "disk"; 621 dc->desc = "pass through generic scsi device (/dev/sg*)"; 622 dc->reset = scsi_generic_reset; 623 dc->props = scsi_generic_properties; 624 dc->vmsd = &vmstate_scsi_device; 625 } 626 627 static const TypeInfo scsi_generic_info = { 628 .name = "scsi-generic", 629 .parent = TYPE_SCSI_DEVICE, 630 .instance_size = sizeof(SCSIDevice), 631 .class_init = scsi_generic_class_initfn, 632 }; 633 634 static void scsi_generic_register_types(void) 635 { 636 type_register_static(&scsi_generic_info); 637 } 638 639 type_init(scsi_generic_register_types) 640 641 #endif /* __linux__ */ 642