xref: /openbmc/qemu/hw/scsi/scsi-generic.c (revision 587adaca)
1 /*
2  * Generic SCSI Device support
3  *
4  * Copyright (c) 2007 Bull S.A.S.
5  * Based on code by Paul Brook
6  * Based on code by Fabrice Bellard
7  *
8  * Written by Laurent Vivier <Laurent.Vivier@bull.net>
9  *
10  * This code is licensed under the LGPL.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "qemu/ctype.h"
17 #include "qemu/error-report.h"
18 #include "qemu/module.h"
19 #include "hw/scsi/scsi.h"
20 #include "migration/qemu-file-types.h"
21 #include "hw/qdev-properties.h"
22 #include "hw/qdev-properties-system.h"
23 #include "hw/scsi/emulation.h"
24 #include "sysemu/block-backend.h"
25 #include "trace.h"
26 
27 #ifdef __linux__
28 
29 #include <scsi/sg.h>
30 #include "scsi/constants.h"
31 
32 #ifndef MAX_UINT
33 #define MAX_UINT ((unsigned int)-1)
34 #endif
35 
36 typedef struct SCSIGenericReq {
37     SCSIRequest req;
38     uint8_t *buf;
39     int buflen;
40     int len;
41     sg_io_hdr_t io_header;
42 } SCSIGenericReq;
43 
44 static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req)
45 {
46     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
47 
48     qemu_put_sbe32s(f, &r->buflen);
49     if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
50         assert(!r->req.sg);
51         qemu_put_buffer(f, r->buf, r->req.cmd.xfer);
52     }
53 }
54 
55 static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req)
56 {
57     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
58 
59     qemu_get_sbe32s(f, &r->buflen);
60     if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
61         assert(!r->req.sg);
62         qemu_get_buffer(f, r->buf, r->req.cmd.xfer);
63     }
64 }
65 
66 static void scsi_free_request(SCSIRequest *req)
67 {
68     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
69 
70     g_free(r->buf);
71 }
72 
73 /* Helper function for command completion.  */
74 static void scsi_command_complete_noio(SCSIGenericReq *r, int ret)
75 {
76     int status;
77     SCSISense sense;
78     sg_io_hdr_t *io_hdr = &r->io_header;
79 
80     assert(r->req.aiocb == NULL);
81 
82     if (r->req.io_canceled) {
83         scsi_req_cancel_complete(&r->req);
84         goto done;
85     }
86     if (ret < 0) {
87         status = scsi_sense_from_errno(-ret, &sense);
88         if (status == CHECK_CONDITION) {
89             scsi_req_build_sense(&r->req, sense);
90         }
91     } else if (io_hdr->host_status != SCSI_HOST_OK) {
92         scsi_req_complete_failed(&r->req, io_hdr->host_status);
93         goto done;
94     } else if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
95         status = BUSY;
96     } else {
97         status = io_hdr->status;
98         if (io_hdr->driver_status & SG_ERR_DRIVER_SENSE) {
99             r->req.sense_len = io_hdr->sb_len_wr;
100         }
101     }
102     trace_scsi_generic_command_complete_noio(r, r->req.tag, status);
103 
104     scsi_req_complete(&r->req, status);
105 done:
106     scsi_req_unref(&r->req);
107 }
108 
109 static void scsi_command_complete(void *opaque, int ret)
110 {
111     SCSIGenericReq *r = (SCSIGenericReq *)opaque;
112     SCSIDevice *s = r->req.dev;
113 
114     assert(r->req.aiocb != NULL);
115     r->req.aiocb = NULL;
116 
117     aio_context_acquire(blk_get_aio_context(s->conf.blk));
118     scsi_command_complete_noio(r, ret);
119     aio_context_release(blk_get_aio_context(s->conf.blk));
120 }
121 
122 static int execute_command(BlockBackend *blk,
123                            SCSIGenericReq *r, int direction,
124                            BlockCompletionFunc *complete)
125 {
126     SCSIDevice *s = r->req.dev;
127 
128     r->io_header.interface_id = 'S';
129     r->io_header.dxfer_direction = direction;
130     r->io_header.dxferp = r->buf;
131     r->io_header.dxfer_len = r->buflen;
132     r->io_header.cmdp = r->req.cmd.buf;
133     r->io_header.cmd_len = r->req.cmd.len;
134     r->io_header.mx_sb_len = sizeof(r->req.sense);
135     r->io_header.sbp = r->req.sense;
136     r->io_header.timeout = s->io_timeout * 1000;
137     r->io_header.usr_ptr = r;
138     r->io_header.flags |= SG_FLAG_DIRECT_IO;
139 
140     trace_scsi_generic_aio_sgio_command(r->req.tag, r->req.cmd.buf[0],
141                                         r->io_header.timeout);
142     r->req.aiocb = blk_aio_ioctl(blk, SG_IO, &r->io_header, complete, r);
143     if (r->req.aiocb == NULL) {
144         return -EIO;
145     }
146 
147     return 0;
148 }
149 
150 static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len)
151 {
152     uint8_t page, page_idx;
153 
154     /*
155      *  EVPD set to zero returns the standard INQUIRY data.
156      *
157      *  Check if scsi_version is unset (-1) to avoid re-defining it
158      *  each time an INQUIRY with standard data is received.
159      *  scsi_version is initialized with -1 in scsi_generic_reset
160      *  and scsi_disk_reset, making sure that we'll set the
161      *  scsi_version after a reset. If the version field of the
162      *  INQUIRY response somehow changes after a guest reboot,
163      *  we'll be able to keep track of it.
164      *
165      *  On SCSI-2 and older, first 3 bits of byte 2 is the
166      *  ANSI-approved version, while on later versions the
167      *  whole byte 2 contains the version. Check if we're dealing
168      *  with a newer version and, in that case, assign the
169      *  whole byte.
170      */
171     if (s->scsi_version == -1 && !(r->req.cmd.buf[1] & 0x01)) {
172         s->scsi_version = r->buf[2] & 0x07;
173         if (s->scsi_version > 2) {
174             s->scsi_version = r->buf[2];
175         }
176     }
177 
178     if ((s->type == TYPE_DISK || s->type == TYPE_ZBC) &&
179         (r->req.cmd.buf[1] & 0x01)) {
180         page = r->req.cmd.buf[2];
181         if (page == 0xb0) {
182             uint32_t max_transfer =
183                 blk_get_max_transfer(s->conf.blk) / s->blocksize;
184 
185             assert(max_transfer);
186             stl_be_p(&r->buf[8], max_transfer);
187             /* Also take care of the opt xfer len. */
188             stl_be_p(&r->buf[12],
189                     MIN_NON_ZERO(max_transfer, ldl_be_p(&r->buf[12])));
190         } else if (s->needs_vpd_bl_emulation && page == 0x00 && r->buflen >= 4) {
191             /*
192              * Now we're capable of supplying the VPD Block Limits
193              * response if the hardware can't. Add it in the INQUIRY
194              * Supported VPD pages response in case we are using the
195              * emulation for this device.
196              *
197              * This way, the guest kernel will be aware of the support
198              * and will use it to proper setup the SCSI device.
199              *
200              * VPD page numbers must be sorted, so insert 0xb0 at the
201              * right place with an in-place insert.  When the while loop
202              * begins the device response is at r[0] to r[page_idx - 1].
203              */
204             page_idx = lduw_be_p(r->buf + 2) + 4;
205             page_idx = MIN(page_idx, r->buflen);
206             while (page_idx > 4 && r->buf[page_idx - 1] >= 0xb0) {
207                 if (page_idx < r->buflen) {
208                     r->buf[page_idx] = r->buf[page_idx - 1];
209                 }
210                 page_idx--;
211             }
212             if (page_idx < r->buflen) {
213                 r->buf[page_idx] = 0xb0;
214             }
215             stw_be_p(r->buf + 2, lduw_be_p(r->buf + 2) + 1);
216 
217             if (len < r->buflen) {
218                 len++;
219             }
220         }
221     }
222     return len;
223 }
224 
225 static int scsi_generic_emulate_block_limits(SCSIGenericReq *r, SCSIDevice *s)
226 {
227     int len;
228     uint8_t buf[64];
229 
230     SCSIBlockLimits bl = {
231         .max_io_sectors = blk_get_max_transfer(s->conf.blk) / s->blocksize
232     };
233 
234     memset(r->buf, 0, r->buflen);
235     stb_p(buf, s->type);
236     stb_p(buf + 1, 0xb0);
237     len = scsi_emulate_block_limits(buf + 4, &bl);
238     assert(len <= sizeof(buf) - 4);
239     stw_be_p(buf + 2, len);
240 
241     memcpy(r->buf, buf, MIN(r->buflen, len + 4));
242 
243     r->io_header.sb_len_wr = 0;
244 
245     /*
246     * We have valid contents in the reply buffer but the
247     * io_header can report a sense error coming from
248     * the hardware in scsi_command_complete_noio. Clean
249     * up the io_header to avoid reporting it.
250     */
251     r->io_header.driver_status = 0;
252     r->io_header.status = 0;
253 
254     return r->buflen;
255 }
256 
257 static void scsi_read_complete(void * opaque, int ret)
258 {
259     SCSIGenericReq *r = (SCSIGenericReq *)opaque;
260     SCSIDevice *s = r->req.dev;
261     int len;
262 
263     assert(r->req.aiocb != NULL);
264     r->req.aiocb = NULL;
265 
266     aio_context_acquire(blk_get_aio_context(s->conf.blk));
267 
268     if (ret || r->req.io_canceled) {
269         scsi_command_complete_noio(r, ret);
270         goto done;
271     }
272 
273     len = r->io_header.dxfer_len - r->io_header.resid;
274     trace_scsi_generic_read_complete(r->req.tag, len);
275 
276     r->len = -1;
277 
278     if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) {
279         SCSISense sense =
280             scsi_parse_sense_buf(r->req.sense, r->io_header.sb_len_wr);
281 
282         /*
283          * Check if this is a VPD Block Limits request that
284          * resulted in sense error but would need emulation.
285          * In this case, emulate a valid VPD response.
286          */
287         if (sense.key == ILLEGAL_REQUEST &&
288             s->needs_vpd_bl_emulation &&
289             r->req.cmd.buf[0] == INQUIRY &&
290             (r->req.cmd.buf[1] & 0x01) &&
291             r->req.cmd.buf[2] == 0xb0) {
292             len = scsi_generic_emulate_block_limits(r, s);
293             /*
294              * It's okay to jup to req_complete: no need to
295              * let scsi_handle_inquiry_reply handle an
296              * INQUIRY VPD BL request we created manually.
297              */
298         }
299         if (sense.key) {
300             goto req_complete;
301         }
302     }
303 
304     if (r->io_header.host_status != SCSI_HOST_OK ||
305         (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT) ||
306         r->io_header.status != GOOD ||
307         len == 0) {
308         scsi_command_complete_noio(r, 0);
309         goto done;
310     }
311 
312     /* Snoop READ CAPACITY output to set the blocksize.  */
313     if (r->req.cmd.buf[0] == READ_CAPACITY_10 &&
314         (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) {
315         s->blocksize = ldl_be_p(&r->buf[4]);
316         s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL;
317     } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&
318                (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
319         s->blocksize = ldl_be_p(&r->buf[8]);
320         s->max_lba = ldq_be_p(&r->buf[0]);
321     }
322     blk_set_guest_block_size(s->conf.blk, s->blocksize);
323 
324     /*
325      * Patch MODE SENSE device specific parameters if the BDS is opened
326      * readonly.
327      */
328     if ((s->type == TYPE_DISK || s->type == TYPE_TAPE || s->type == TYPE_ZBC) &&
329         !blk_is_writable(s->conf.blk) &&
330         (r->req.cmd.buf[0] == MODE_SENSE ||
331          r->req.cmd.buf[0] == MODE_SENSE_10) &&
332         (r->req.cmd.buf[1] & 0x8) == 0) {
333         if (r->req.cmd.buf[0] == MODE_SENSE) {
334             r->buf[2] |= 0x80;
335         } else  {
336             r->buf[3] |= 0x80;
337         }
338     }
339     if (r->req.cmd.buf[0] == INQUIRY) {
340         len = scsi_handle_inquiry_reply(r, s, len);
341     }
342 
343 req_complete:
344     scsi_req_data(&r->req, len);
345     scsi_req_unref(&r->req);
346 
347 done:
348     aio_context_release(blk_get_aio_context(s->conf.blk));
349 }
350 
351 /* Read more data from scsi device into buffer.  */
352 static void scsi_read_data(SCSIRequest *req)
353 {
354     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
355     SCSIDevice *s = r->req.dev;
356     int ret;
357 
358     trace_scsi_generic_read_data(req->tag);
359 
360     /* The request is used as the AIO opaque value, so add a ref.  */
361     scsi_req_ref(&r->req);
362     if (r->len == -1) {
363         scsi_command_complete_noio(r, 0);
364         return;
365     }
366 
367     ret = execute_command(s->conf.blk, r, SG_DXFER_FROM_DEV,
368                           scsi_read_complete);
369     if (ret < 0) {
370         scsi_command_complete_noio(r, ret);
371     }
372 }
373 
374 static void scsi_write_complete(void * opaque, int ret)
375 {
376     SCSIGenericReq *r = (SCSIGenericReq *)opaque;
377     SCSIDevice *s = r->req.dev;
378 
379     trace_scsi_generic_write_complete(ret);
380 
381     assert(r->req.aiocb != NULL);
382     r->req.aiocb = NULL;
383 
384     aio_context_acquire(blk_get_aio_context(s->conf.blk));
385 
386     if (ret || r->req.io_canceled) {
387         scsi_command_complete_noio(r, ret);
388         goto done;
389     }
390 
391     if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 &&
392         s->type == TYPE_TAPE) {
393         s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11];
394         trace_scsi_generic_write_complete_blocksize(s->blocksize);
395     }
396 
397     scsi_command_complete_noio(r, ret);
398 
399 done:
400     aio_context_release(blk_get_aio_context(s->conf.blk));
401 }
402 
403 /* Write data to a scsi device.  Returns nonzero on failure.
404    The transfer may complete asynchronously.  */
405 static void scsi_write_data(SCSIRequest *req)
406 {
407     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
408     SCSIDevice *s = r->req.dev;
409     int ret;
410 
411     trace_scsi_generic_write_data(req->tag);
412     if (r->len == 0) {
413         r->len = r->buflen;
414         scsi_req_data(&r->req, r->len);
415         return;
416     }
417 
418     /* The request is used as the AIO opaque value, so add a ref.  */
419     scsi_req_ref(&r->req);
420     ret = execute_command(s->conf.blk, r, SG_DXFER_TO_DEV, scsi_write_complete);
421     if (ret < 0) {
422         scsi_command_complete_noio(r, ret);
423     }
424 }
425 
426 /* Return a pointer to the data buffer.  */
427 static uint8_t *scsi_get_buf(SCSIRequest *req)
428 {
429     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
430 
431     return r->buf;
432 }
433 
434 static void scsi_generic_command_dump(uint8_t *cmd, int len)
435 {
436     int i;
437     char *line_buffer, *p;
438 
439     line_buffer = g_malloc(len * 5 + 1);
440 
441     for (i = 0, p = line_buffer; i < len; i++) {
442         p += sprintf(p, " 0x%02x", cmd[i]);
443     }
444     trace_scsi_generic_send_command(line_buffer);
445 
446     g_free(line_buffer);
447 }
448 
449 /* Execute a scsi command.  Returns the length of the data expected by the
450    command.  This will be Positive for data transfers from the device
451    (eg. disk reads), negative for transfers to the device (eg. disk writes),
452    and zero if the command does not transfer any data.  */
453 
454 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd)
455 {
456     SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
457     SCSIDevice *s = r->req.dev;
458     int ret;
459 
460     if (trace_event_get_state_backends(TRACE_SCSI_GENERIC_SEND_COMMAND)) {
461         scsi_generic_command_dump(cmd, r->req.cmd.len);
462     }
463 
464     if (r->req.cmd.xfer == 0) {
465         g_free(r->buf);
466         r->buflen = 0;
467         r->buf = NULL;
468         /* The request is used as the AIO opaque value, so add a ref.  */
469         scsi_req_ref(&r->req);
470         ret = execute_command(s->conf.blk, r, SG_DXFER_NONE,
471                               scsi_command_complete);
472         if (ret < 0) {
473             scsi_command_complete_noio(r, ret);
474             return 0;
475         }
476         return 0;
477     }
478 
479     if (r->buflen != r->req.cmd.xfer) {
480         g_free(r->buf);
481         r->buf = g_malloc(r->req.cmd.xfer);
482         r->buflen = r->req.cmd.xfer;
483     }
484 
485     memset(r->buf, 0, r->buflen);
486     r->len = r->req.cmd.xfer;
487     if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
488         r->len = 0;
489         return -r->req.cmd.xfer;
490     } else {
491         return r->req.cmd.xfer;
492     }
493 }
494 
495 static int read_naa_id(const uint8_t *p, uint64_t *p_wwn)
496 {
497     int i;
498 
499     if ((p[1] & 0xF) == 3) {
500         /* NAA designator type */
501         if (p[3] != 8) {
502             return -EINVAL;
503         }
504         *p_wwn = ldq_be_p(p + 4);
505         return 0;
506     }
507 
508     if ((p[1] & 0xF) == 8) {
509         /* SCSI name string designator type */
510         if (p[3] < 20 || memcmp(&p[4], "naa.", 4)) {
511             return -EINVAL;
512         }
513         if (p[3] > 20 && p[24] != ',') {
514             return -EINVAL;
515         }
516         *p_wwn = 0;
517         for (i = 8; i < 24; i++) {
518             char c = qemu_toupper(p[i]);
519             c -= (c >= '0' && c <= '9' ? '0' : 'A' - 10);
520             *p_wwn = (*p_wwn << 4) | c;
521         }
522         return 0;
523     }
524 
525     return -EINVAL;
526 }
527 
528 int scsi_SG_IO_FROM_DEV(BlockBackend *blk, uint8_t *cmd, uint8_t cmd_size,
529                         uint8_t *buf, uint8_t buf_size, uint32_t timeout)
530 {
531     sg_io_hdr_t io_header;
532     uint8_t sensebuf[8];
533     int ret;
534 
535     memset(&io_header, 0, sizeof(io_header));
536     io_header.interface_id = 'S';
537     io_header.dxfer_direction = SG_DXFER_FROM_DEV;
538     io_header.dxfer_len = buf_size;
539     io_header.dxferp = buf;
540     io_header.cmdp = cmd;
541     io_header.cmd_len = cmd_size;
542     io_header.mx_sb_len = sizeof(sensebuf);
543     io_header.sbp = sensebuf;
544     io_header.timeout = timeout * 1000;
545 
546     trace_scsi_generic_ioctl_sgio_command(cmd[0], io_header.timeout);
547     ret = blk_ioctl(blk, SG_IO, &io_header);
548     if (ret < 0 || io_header.status ||
549         io_header.driver_status || io_header.host_status) {
550         trace_scsi_generic_ioctl_sgio_done(cmd[0], ret, io_header.status,
551                                            io_header.host_status);
552         return -1;
553     }
554     return 0;
555 }
556 
557 /*
558  * Executes an INQUIRY request with EVPD set to retrieve the
559  * available VPD pages of the device. If the device does
560  * not support the Block Limits page (page 0xb0), set
561  * the needs_vpd_bl_emulation flag for future use.
562  */
563 static void scsi_generic_set_vpd_bl_emulation(SCSIDevice *s)
564 {
565     uint8_t cmd[6];
566     uint8_t buf[250];
567     uint8_t page_len;
568     int ret, i;
569 
570     memset(cmd, 0, sizeof(cmd));
571     memset(buf, 0, sizeof(buf));
572     cmd[0] = INQUIRY;
573     cmd[1] = 1;
574     cmd[2] = 0x00;
575     cmd[4] = sizeof(buf);
576 
577     ret = scsi_SG_IO_FROM_DEV(s->conf.blk, cmd, sizeof(cmd),
578                               buf, sizeof(buf), s->io_timeout);
579     if (ret < 0) {
580         /*
581          * Do not assume anything if we can't retrieve the
582          * INQUIRY response to assert the VPD Block Limits
583          * support.
584          */
585         s->needs_vpd_bl_emulation = false;
586         return;
587     }
588 
589     page_len = buf[3];
590     for (i = 4; i < MIN(sizeof(buf), page_len + 4); i++) {
591         if (buf[i] == 0xb0) {
592             s->needs_vpd_bl_emulation = false;
593             return;
594         }
595     }
596     s->needs_vpd_bl_emulation = true;
597 }
598 
599 static void scsi_generic_read_device_identification(SCSIDevice *s)
600 {
601     uint8_t cmd[6];
602     uint8_t buf[250];
603     int ret;
604     int i, len;
605 
606     memset(cmd, 0, sizeof(cmd));
607     memset(buf, 0, sizeof(buf));
608     cmd[0] = INQUIRY;
609     cmd[1] = 1;
610     cmd[2] = 0x83;
611     cmd[4] = sizeof(buf);
612 
613     ret = scsi_SG_IO_FROM_DEV(s->conf.blk, cmd, sizeof(cmd),
614                               buf, sizeof(buf), s->io_timeout);
615     if (ret < 0) {
616         return;
617     }
618 
619     len = MIN((buf[2] << 8) | buf[3], sizeof(buf) - 4);
620     for (i = 0; i + 3 <= len; ) {
621         const uint8_t *p = &buf[i + 4];
622         uint64_t wwn;
623 
624         if (i + (p[3] + 4) > len) {
625             break;
626         }
627 
628         if ((p[1] & 0x10) == 0) {
629             /* Associated with the logical unit */
630             if (read_naa_id(p, &wwn) == 0) {
631                 s->wwn = wwn;
632             }
633         } else if ((p[1] & 0x10) == 0x10) {
634             /* Associated with the target port */
635             if (read_naa_id(p, &wwn) == 0) {
636                 s->port_wwn = wwn;
637             }
638         }
639 
640         i += p[3] + 4;
641     }
642 }
643 
644 void scsi_generic_read_device_inquiry(SCSIDevice *s)
645 {
646     scsi_generic_read_device_identification(s);
647     if (s->type == TYPE_DISK || s->type == TYPE_ZBC) {
648         scsi_generic_set_vpd_bl_emulation(s);
649     } else {
650         s->needs_vpd_bl_emulation = false;
651     }
652 }
653 
654 static int get_stream_blocksize(BlockBackend *blk)
655 {
656     uint8_t cmd[6];
657     uint8_t buf[12];
658     int ret;
659 
660     memset(cmd, 0, sizeof(cmd));
661     memset(buf, 0, sizeof(buf));
662     cmd[0] = MODE_SENSE;
663     cmd[4] = sizeof(buf);
664 
665     ret = scsi_SG_IO_FROM_DEV(blk, cmd, sizeof(cmd), buf, sizeof(buf), 6);
666     if (ret < 0) {
667         return -1;
668     }
669 
670     return (buf[9] << 16) | (buf[10] << 8) | buf[11];
671 }
672 
673 static void scsi_generic_reset(DeviceState *dev)
674 {
675     SCSIDevice *s = SCSI_DEVICE(dev);
676 
677     s->scsi_version = s->default_scsi_version;
678     scsi_device_purge_requests(s, SENSE_CODE(RESET));
679 }
680 
681 static void scsi_generic_realize(SCSIDevice *s, Error **errp)
682 {
683     int rc;
684     int sg_version;
685     struct sg_scsi_id scsiid;
686 
687     if (!s->conf.blk) {
688         error_setg(errp, "drive property not set");
689         return;
690     }
691 
692     if (blk_get_on_error(s->conf.blk, 0) != BLOCKDEV_ON_ERROR_ENOSPC &&
693         blk_get_on_error(s->conf.blk, 0) != BLOCKDEV_ON_ERROR_REPORT) {
694         error_setg(errp, "Device doesn't support drive option werror");
695         return;
696     }
697     if (blk_get_on_error(s->conf.blk, 1) != BLOCKDEV_ON_ERROR_REPORT) {
698         error_setg(errp, "Device doesn't support drive option rerror");
699         return;
700     }
701 
702     /* check we are using a driver managing SG_IO (version 3 and after */
703     rc = blk_ioctl(s->conf.blk, SG_GET_VERSION_NUM, &sg_version);
704     if (rc < 0) {
705         error_setg_errno(errp, -rc, "cannot get SG_IO version number");
706         if (rc != -EPERM) {
707             error_append_hint(errp, "Is this a SCSI device?\n");
708         }
709         return;
710     }
711     if (sg_version < 30000) {
712         error_setg(errp, "scsi generic interface too old");
713         return;
714     }
715 
716     /* get LUN of the /dev/sg? */
717     if (blk_ioctl(s->conf.blk, SG_GET_SCSI_ID, &scsiid)) {
718         error_setg(errp, "SG_GET_SCSI_ID ioctl failed");
719         return;
720     }
721     if (!blkconf_apply_backend_options(&s->conf,
722                                        !blk_supports_write_perm(s->conf.blk),
723                                        true, errp)) {
724         return;
725     }
726 
727     /* define device state */
728     s->type = scsiid.scsi_type;
729     trace_scsi_generic_realize_type(s->type);
730 
731     switch (s->type) {
732     case TYPE_TAPE:
733         s->blocksize = get_stream_blocksize(s->conf.blk);
734         if (s->blocksize == -1) {
735             s->blocksize = 0;
736         }
737         break;
738 
739         /* Make a guess for block devices, we'll fix it when the guest sends.
740          * READ CAPACITY.  If they don't, they likely would assume these sizes
741          * anyway. (TODO: they could also send MODE SENSE).
742          */
743     case TYPE_ROM:
744     case TYPE_WORM:
745         s->blocksize = 2048;
746         break;
747     default:
748         s->blocksize = 512;
749         break;
750     }
751 
752     trace_scsi_generic_realize_blocksize(s->blocksize);
753 
754     /* Only used by scsi-block, but initialize it nevertheless to be clean.  */
755     s->default_scsi_version = -1;
756     s->io_timeout = DEFAULT_IO_TIMEOUT;
757     scsi_generic_read_device_inquiry(s);
758 }
759 
760 const SCSIReqOps scsi_generic_req_ops = {
761     .size         = sizeof(SCSIGenericReq),
762     .free_req     = scsi_free_request,
763     .send_command = scsi_send_command,
764     .read_data    = scsi_read_data,
765     .write_data   = scsi_write_data,
766     .get_buf      = scsi_get_buf,
767     .load_request = scsi_generic_load_request,
768     .save_request = scsi_generic_save_request,
769 };
770 
771 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
772                                      uint8_t *buf, void *hba_private)
773 {
774     return scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private);
775 }
776 
777 static Property scsi_generic_properties[] = {
778     DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.blk),
779     DEFINE_PROP_BOOL("share-rw", SCSIDevice, conf.share_rw, false),
780     DEFINE_PROP_UINT32("io_timeout", SCSIDevice, io_timeout,
781                        DEFAULT_IO_TIMEOUT),
782     DEFINE_PROP_END_OF_LIST(),
783 };
784 
785 static int scsi_generic_parse_cdb(SCSIDevice *dev, SCSICommand *cmd,
786                                   uint8_t *buf, void *hba_private)
787 {
788     return scsi_bus_parse_cdb(dev, cmd, buf, hba_private);
789 }
790 
791 static void scsi_generic_class_initfn(ObjectClass *klass, void *data)
792 {
793     DeviceClass *dc = DEVICE_CLASS(klass);
794     SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
795 
796     sc->realize      = scsi_generic_realize;
797     sc->alloc_req    = scsi_new_request;
798     sc->parse_cdb    = scsi_generic_parse_cdb;
799     dc->fw_name = "disk";
800     dc->desc = "pass through generic scsi device (/dev/sg*)";
801     dc->reset = scsi_generic_reset;
802     device_class_set_props(dc, scsi_generic_properties);
803     dc->vmsd  = &vmstate_scsi_device;
804 }
805 
806 static const TypeInfo scsi_generic_info = {
807     .name          = "scsi-generic",
808     .parent        = TYPE_SCSI_DEVICE,
809     .instance_size = sizeof(SCSIDevice),
810     .class_init    = scsi_generic_class_initfn,
811 };
812 
813 static void scsi_generic_register_types(void)
814 {
815     type_register_static(&scsi_generic_info);
816 }
817 
818 type_init(scsi_generic_register_types)
819 
820 #endif /* __linux__ */
821