1 /* 2 * Generic SCSI Device support 3 * 4 * Copyright (c) 2007 Bull S.A.S. 5 * Based on code by Paul Brook 6 * Based on code by Fabrice Bellard 7 * 8 * Written by Laurent Vivier <Laurent.Vivier@bull.net> 9 * 10 * This code is licensed under the LGPL. 11 * 12 */ 13 14 #include "qemu-common.h" 15 #include "qemu/error-report.h" 16 #include "hw/scsi/scsi.h" 17 #include "sysemu/blockdev.h" 18 19 #ifdef __linux__ 20 21 //#define DEBUG_SCSI 22 23 #ifdef DEBUG_SCSI 24 #define DPRINTF(fmt, ...) \ 25 do { printf("scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 26 #else 27 #define DPRINTF(fmt, ...) do {} while(0) 28 #endif 29 30 #define BADF(fmt, ...) \ 31 do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0) 32 33 #include <stdio.h> 34 #include <sys/types.h> 35 #include <sys/stat.h> 36 #include <unistd.h> 37 #include <scsi/sg.h> 38 #include "block/scsi.h" 39 40 #define SCSI_SENSE_BUF_SIZE 96 41 42 #define SG_ERR_DRIVER_TIMEOUT 0x06 43 #define SG_ERR_DRIVER_SENSE 0x08 44 45 #define SG_ERR_DID_OK 0x00 46 #define SG_ERR_DID_NO_CONNECT 0x01 47 #define SG_ERR_DID_BUS_BUSY 0x02 48 #define SG_ERR_DID_TIME_OUT 0x03 49 50 #ifndef MAX_UINT 51 #define MAX_UINT ((unsigned int)-1) 52 #endif 53 54 typedef struct SCSIGenericReq { 55 SCSIRequest req; 56 uint8_t *buf; 57 int buflen; 58 int len; 59 sg_io_hdr_t io_header; 60 } SCSIGenericReq; 61 62 static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req) 63 { 64 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 65 66 qemu_put_sbe32s(f, &r->buflen); 67 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 68 assert(!r->req.sg); 69 qemu_put_buffer(f, r->buf, r->req.cmd.xfer); 70 } 71 } 72 73 static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req) 74 { 75 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 76 77 qemu_get_sbe32s(f, &r->buflen); 78 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { 79 assert(!r->req.sg); 80 qemu_get_buffer(f, r->buf, r->req.cmd.xfer); 81 } 82 } 83 84 static void scsi_free_request(SCSIRequest *req) 85 { 86 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 87 88 g_free(r->buf); 89 } 90 91 /* Helper function for command completion. */ 92 static void scsi_command_complete(void *opaque, int ret) 93 { 94 int status; 95 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 96 97 r->req.aiocb = NULL; 98 if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 99 r->req.sense_len = r->io_header.sb_len_wr; 100 } 101 102 if (ret != 0) { 103 switch (ret) { 104 case -EDOM: 105 status = TASK_SET_FULL; 106 break; 107 case -ENOMEM: 108 status = CHECK_CONDITION; 109 scsi_req_build_sense(&r->req, SENSE_CODE(TARGET_FAILURE)); 110 break; 111 default: 112 status = CHECK_CONDITION; 113 scsi_req_build_sense(&r->req, SENSE_CODE(IO_ERROR)); 114 break; 115 } 116 } else { 117 if (r->io_header.host_status == SG_ERR_DID_NO_CONNECT || 118 r->io_header.host_status == SG_ERR_DID_BUS_BUSY || 119 r->io_header.host_status == SG_ERR_DID_TIME_OUT || 120 (r->io_header.driver_status & SG_ERR_DRIVER_TIMEOUT)) { 121 status = BUSY; 122 BADF("Driver Timeout\n"); 123 } else if (r->io_header.host_status) { 124 status = CHECK_CONDITION; 125 scsi_req_build_sense(&r->req, SENSE_CODE(I_T_NEXUS_LOSS)); 126 } else if (r->io_header.status) { 127 status = r->io_header.status; 128 } else if (r->io_header.driver_status & SG_ERR_DRIVER_SENSE) { 129 status = CHECK_CONDITION; 130 } else { 131 status = GOOD; 132 } 133 } 134 DPRINTF("Command complete 0x%p tag=0x%x status=%d\n", 135 r, r->req.tag, status); 136 137 scsi_req_complete(&r->req, status); 138 if (!r->req.io_canceled) { 139 scsi_req_unref(&r->req); 140 } 141 } 142 143 /* Cancel a pending data transfer. */ 144 static void scsi_cancel_io(SCSIRequest *req) 145 { 146 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 147 148 DPRINTF("Cancel tag=0x%x\n", req->tag); 149 if (r->req.aiocb) { 150 bdrv_aio_cancel(r->req.aiocb); 151 152 /* This reference was left in by scsi_*_data. We take ownership of 153 * it independent of whether bdrv_aio_cancel completes the request 154 * or not. */ 155 scsi_req_unref(&r->req); 156 } 157 r->req.aiocb = NULL; 158 } 159 160 static int execute_command(BlockDriverState *bdrv, 161 SCSIGenericReq *r, int direction, 162 BlockDriverCompletionFunc *complete) 163 { 164 r->io_header.interface_id = 'S'; 165 r->io_header.dxfer_direction = direction; 166 r->io_header.dxferp = r->buf; 167 r->io_header.dxfer_len = r->buflen; 168 r->io_header.cmdp = r->req.cmd.buf; 169 r->io_header.cmd_len = r->req.cmd.len; 170 r->io_header.mx_sb_len = sizeof(r->req.sense); 171 r->io_header.sbp = r->req.sense; 172 r->io_header.timeout = MAX_UINT; 173 r->io_header.usr_ptr = r; 174 r->io_header.flags |= SG_FLAG_DIRECT_IO; 175 176 r->req.aiocb = bdrv_aio_ioctl(bdrv, SG_IO, &r->io_header, complete, r); 177 if (r->req.aiocb == NULL) { 178 return -EIO; 179 } 180 181 return 0; 182 } 183 184 static void scsi_read_complete(void * opaque, int ret) 185 { 186 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 187 SCSIDevice *s = r->req.dev; 188 int len; 189 190 r->req.aiocb = NULL; 191 if (ret) { 192 DPRINTF("IO error ret %d\n", ret); 193 scsi_command_complete(r, ret); 194 return; 195 } 196 len = r->io_header.dxfer_len - r->io_header.resid; 197 DPRINTF("Data ready tag=0x%x len=%d\n", r->req.tag, len); 198 199 r->len = -1; 200 if (len == 0) { 201 scsi_command_complete(r, 0); 202 } else { 203 /* Snoop READ CAPACITY output to set the blocksize. */ 204 if (r->req.cmd.buf[0] == READ_CAPACITY_10 && 205 (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) { 206 s->blocksize = ldl_be_p(&r->buf[4]); 207 s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL; 208 } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 && 209 (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 210 s->blocksize = ldl_be_p(&r->buf[8]); 211 s->max_lba = ldq_be_p(&r->buf[0]); 212 } 213 bdrv_set_buffer_alignment(s->conf.bs, s->blocksize); 214 215 scsi_req_data(&r->req, len); 216 if (!r->req.io_canceled) { 217 scsi_req_unref(&r->req); 218 } 219 } 220 } 221 222 /* Read more data from scsi device into buffer. */ 223 static void scsi_read_data(SCSIRequest *req) 224 { 225 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 226 SCSIDevice *s = r->req.dev; 227 int ret; 228 229 DPRINTF("scsi_read_data 0x%x\n", req->tag); 230 231 /* The request is used as the AIO opaque value, so add a ref. */ 232 scsi_req_ref(&r->req); 233 if (r->len == -1) { 234 scsi_command_complete(r, 0); 235 return; 236 } 237 238 ret = execute_command(s->conf.bs, r, SG_DXFER_FROM_DEV, scsi_read_complete); 239 if (ret < 0) { 240 scsi_command_complete(r, ret); 241 } 242 } 243 244 static void scsi_write_complete(void * opaque, int ret) 245 { 246 SCSIGenericReq *r = (SCSIGenericReq *)opaque; 247 SCSIDevice *s = r->req.dev; 248 249 DPRINTF("scsi_write_complete() ret = %d\n", ret); 250 r->req.aiocb = NULL; 251 if (ret) { 252 DPRINTF("IO error\n"); 253 scsi_command_complete(r, ret); 254 return; 255 } 256 257 if (r->req.cmd.buf[0] == MODE_SELECT && r->req.cmd.buf[4] == 12 && 258 s->type == TYPE_TAPE) { 259 s->blocksize = (r->buf[9] << 16) | (r->buf[10] << 8) | r->buf[11]; 260 DPRINTF("block size %d\n", s->blocksize); 261 } 262 263 scsi_command_complete(r, ret); 264 } 265 266 /* Write data to a scsi device. Returns nonzero on failure. 267 The transfer may complete asynchronously. */ 268 static void scsi_write_data(SCSIRequest *req) 269 { 270 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 271 SCSIDevice *s = r->req.dev; 272 int ret; 273 274 DPRINTF("scsi_write_data 0x%x\n", req->tag); 275 if (r->len == 0) { 276 r->len = r->buflen; 277 scsi_req_data(&r->req, r->len); 278 return; 279 } 280 281 /* The request is used as the AIO opaque value, so add a ref. */ 282 scsi_req_ref(&r->req); 283 ret = execute_command(s->conf.bs, r, SG_DXFER_TO_DEV, scsi_write_complete); 284 if (ret < 0) { 285 scsi_command_complete(r, ret); 286 } 287 } 288 289 /* Return a pointer to the data buffer. */ 290 static uint8_t *scsi_get_buf(SCSIRequest *req) 291 { 292 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 293 294 return r->buf; 295 } 296 297 /* Execute a scsi command. Returns the length of the data expected by the 298 command. This will be Positive for data transfers from the device 299 (eg. disk reads), negative for transfers to the device (eg. disk writes), 300 and zero if the command does not transfer any data. */ 301 302 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *cmd) 303 { 304 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); 305 SCSIDevice *s = r->req.dev; 306 int ret; 307 308 DPRINTF("Command: lun=%d tag=0x%x len %zd data=0x%02x", lun, tag, 309 r->req.cmd.xfer, cmd[0]); 310 311 #ifdef DEBUG_SCSI 312 { 313 int i; 314 for (i = 1; i < r->req.cmd.len; i++) { 315 printf(" 0x%02x", cmd[i]); 316 } 317 printf("\n"); 318 } 319 #endif 320 321 if (r->req.cmd.xfer == 0) { 322 if (r->buf != NULL) 323 g_free(r->buf); 324 r->buflen = 0; 325 r->buf = NULL; 326 /* The request is used as the AIO opaque value, so add a ref. */ 327 scsi_req_ref(&r->req); 328 ret = execute_command(s->conf.bs, r, SG_DXFER_NONE, scsi_command_complete); 329 if (ret < 0) { 330 scsi_command_complete(r, ret); 331 return 0; 332 } 333 return 0; 334 } 335 336 if (r->buflen != r->req.cmd.xfer) { 337 if (r->buf != NULL) 338 g_free(r->buf); 339 r->buf = g_malloc(r->req.cmd.xfer); 340 r->buflen = r->req.cmd.xfer; 341 } 342 343 memset(r->buf, 0, r->buflen); 344 r->len = r->req.cmd.xfer; 345 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 346 r->len = 0; 347 return -r->req.cmd.xfer; 348 } else { 349 return r->req.cmd.xfer; 350 } 351 } 352 353 static int get_stream_blocksize(BlockDriverState *bdrv) 354 { 355 uint8_t cmd[6]; 356 uint8_t buf[12]; 357 uint8_t sensebuf[8]; 358 sg_io_hdr_t io_header; 359 int ret; 360 361 memset(cmd, 0, sizeof(cmd)); 362 memset(buf, 0, sizeof(buf)); 363 cmd[0] = MODE_SENSE; 364 cmd[4] = sizeof(buf); 365 366 memset(&io_header, 0, sizeof(io_header)); 367 io_header.interface_id = 'S'; 368 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 369 io_header.dxfer_len = sizeof(buf); 370 io_header.dxferp = buf; 371 io_header.cmdp = cmd; 372 io_header.cmd_len = sizeof(cmd); 373 io_header.mx_sb_len = sizeof(sensebuf); 374 io_header.sbp = sensebuf; 375 io_header.timeout = 6000; /* XXX */ 376 377 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 378 if (ret < 0 || io_header.driver_status || io_header.host_status) { 379 return -1; 380 } 381 return (buf[9] << 16) | (buf[10] << 8) | buf[11]; 382 } 383 384 static void scsi_generic_reset(DeviceState *dev) 385 { 386 SCSIDevice *s = SCSI_DEVICE(dev); 387 388 scsi_device_purge_requests(s, SENSE_CODE(RESET)); 389 } 390 391 static void scsi_destroy(SCSIDevice *s) 392 { 393 scsi_device_purge_requests(s, SENSE_CODE(NO_SENSE)); 394 blockdev_mark_auto_del(s->conf.bs); 395 } 396 397 static int scsi_generic_initfn(SCSIDevice *s) 398 { 399 int sg_version; 400 struct sg_scsi_id scsiid; 401 402 if (!s->conf.bs) { 403 error_report("drive property not set"); 404 return -1; 405 } 406 407 if (bdrv_get_on_error(s->conf.bs, 0) != BLOCKDEV_ON_ERROR_ENOSPC) { 408 error_report("Device doesn't support drive option werror"); 409 return -1; 410 } 411 if (bdrv_get_on_error(s->conf.bs, 1) != BLOCKDEV_ON_ERROR_REPORT) { 412 error_report("Device doesn't support drive option rerror"); 413 return -1; 414 } 415 416 /* check we are using a driver managing SG_IO (version 3 and after */ 417 if (bdrv_ioctl(s->conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0) { 418 error_report("scsi generic interface not supported"); 419 return -1; 420 } 421 if (sg_version < 30000) { 422 error_report("scsi generic interface too old"); 423 return -1; 424 } 425 426 /* get LUN of the /dev/sg? */ 427 if (bdrv_ioctl(s->conf.bs, SG_GET_SCSI_ID, &scsiid)) { 428 error_report("SG_GET_SCSI_ID ioctl failed"); 429 return -1; 430 } 431 432 /* define device state */ 433 s->type = scsiid.scsi_type; 434 DPRINTF("device type %d\n", s->type); 435 if (s->type == TYPE_DISK || s->type == TYPE_ROM) { 436 add_boot_device_path(s->conf.bootindex, &s->qdev, NULL); 437 } 438 439 switch (s->type) { 440 case TYPE_TAPE: 441 s->blocksize = get_stream_blocksize(s->conf.bs); 442 if (s->blocksize == -1) { 443 s->blocksize = 0; 444 } 445 break; 446 447 /* Make a guess for block devices, we'll fix it when the guest sends. 448 * READ CAPACITY. If they don't, they likely would assume these sizes 449 * anyway. (TODO: they could also send MODE SENSE). 450 */ 451 case TYPE_ROM: 452 case TYPE_WORM: 453 s->blocksize = 2048; 454 break; 455 default: 456 s->blocksize = 512; 457 break; 458 } 459 460 DPRINTF("block size %d\n", s->blocksize); 461 return 0; 462 } 463 464 const SCSIReqOps scsi_generic_req_ops = { 465 .size = sizeof(SCSIGenericReq), 466 .free_req = scsi_free_request, 467 .send_command = scsi_send_command, 468 .read_data = scsi_read_data, 469 .write_data = scsi_write_data, 470 .cancel_io = scsi_cancel_io, 471 .get_buf = scsi_get_buf, 472 .load_request = scsi_generic_load_request, 473 .save_request = scsi_generic_save_request, 474 }; 475 476 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 477 uint8_t *buf, void *hba_private) 478 { 479 SCSIRequest *req; 480 481 req = scsi_req_alloc(&scsi_generic_req_ops, d, tag, lun, hba_private); 482 return req; 483 } 484 485 static Property scsi_generic_properties[] = { 486 DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.bs), 487 DEFINE_PROP_INT32("bootindex", SCSIDevice, conf.bootindex, -1), 488 DEFINE_PROP_END_OF_LIST(), 489 }; 490 491 static void scsi_generic_class_initfn(ObjectClass *klass, void *data) 492 { 493 DeviceClass *dc = DEVICE_CLASS(klass); 494 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 495 496 sc->init = scsi_generic_initfn; 497 sc->destroy = scsi_destroy; 498 sc->alloc_req = scsi_new_request; 499 dc->fw_name = "disk"; 500 dc->desc = "pass through generic scsi device (/dev/sg*)"; 501 dc->reset = scsi_generic_reset; 502 dc->props = scsi_generic_properties; 503 dc->vmsd = &vmstate_scsi_device; 504 } 505 506 static const TypeInfo scsi_generic_info = { 507 .name = "scsi-generic", 508 .parent = TYPE_SCSI_DEVICE, 509 .instance_size = sizeof(SCSIDevice), 510 .class_init = scsi_generic_class_initfn, 511 }; 512 513 static void scsi_generic_register_types(void) 514 { 515 type_register_static(&scsi_generic_info); 516 } 517 518 type_init(scsi_generic_register_types) 519 520 #endif /* __linux__ */ 521