1 /* 2 * UAS (USB Attached SCSI) emulation 3 * 4 * Copyright Red Hat, Inc. 2012 5 * 6 * Author: Gerd Hoffmann <kraxel@redhat.com> 7 * 8 * This work is licensed under the terms of the GNU GPL, version 2 or later. 9 * See the COPYING file in the top-level directory. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "qemu/option.h" 14 #include "qemu/config-file.h" 15 #include "trace.h" 16 #include "qemu/error-report.h" 17 #include "qemu/module.h" 18 19 #include "hw/usb.h" 20 #include "desc.h" 21 #include "hw/scsi/scsi.h" 22 #include "scsi/constants.h" 23 24 /* --------------------------------------------------------------------- */ 25 26 #define UAS_UI_COMMAND 0x01 27 #define UAS_UI_SENSE 0x03 28 #define UAS_UI_RESPONSE 0x04 29 #define UAS_UI_TASK_MGMT 0x05 30 #define UAS_UI_READ_READY 0x06 31 #define UAS_UI_WRITE_READY 0x07 32 33 #define UAS_RC_TMF_COMPLETE 0x00 34 #define UAS_RC_INVALID_INFO_UNIT 0x02 35 #define UAS_RC_TMF_NOT_SUPPORTED 0x04 36 #define UAS_RC_TMF_FAILED 0x05 37 #define UAS_RC_TMF_SUCCEEDED 0x08 38 #define UAS_RC_INCORRECT_LUN 0x09 39 #define UAS_RC_OVERLAPPED_TAG 0x0a 40 41 #define UAS_TMF_ABORT_TASK 0x01 42 #define UAS_TMF_ABORT_TASK_SET 0x02 43 #define UAS_TMF_CLEAR_TASK_SET 0x04 44 #define UAS_TMF_LOGICAL_UNIT_RESET 0x08 45 #define UAS_TMF_I_T_NEXUS_RESET 0x10 46 #define UAS_TMF_CLEAR_ACA 0x40 47 #define UAS_TMF_QUERY_TASK 0x80 48 #define UAS_TMF_QUERY_TASK_SET 0x81 49 #define UAS_TMF_QUERY_ASYNC_EVENT 0x82 50 51 #define UAS_PIPE_ID_COMMAND 0x01 52 #define UAS_PIPE_ID_STATUS 0x02 53 #define UAS_PIPE_ID_DATA_IN 0x03 54 #define UAS_PIPE_ID_DATA_OUT 0x04 55 56 typedef struct { 57 uint8_t id; 58 uint8_t reserved; 59 uint16_t tag; 60 } QEMU_PACKED uas_iu_header; 61 62 typedef struct { 63 uint8_t prio_taskattr; /* 6:3 priority, 2:0 task attribute */ 64 uint8_t reserved_1; 65 uint8_t add_cdb_length; /* 7:2 additional adb length (dwords) */ 66 uint8_t reserved_2; 67 uint64_t lun; 68 uint8_t cdb[16]; 69 uint8_t add_cdb[]; 70 } QEMU_PACKED uas_iu_command; 71 72 typedef struct { 73 uint16_t status_qualifier; 74 uint8_t status; 75 uint8_t reserved[7]; 76 uint16_t sense_length; 77 uint8_t sense_data[18]; 78 } QEMU_PACKED uas_iu_sense; 79 80 typedef struct { 81 uint8_t add_response_info[3]; 82 uint8_t response_code; 83 } QEMU_PACKED uas_iu_response; 84 85 typedef struct { 86 uint8_t function; 87 uint8_t reserved; 88 uint16_t task_tag; 89 uint64_t lun; 90 } QEMU_PACKED uas_iu_task_mgmt; 91 92 typedef struct { 93 uas_iu_header hdr; 94 union { 95 uas_iu_command command; 96 uas_iu_sense sense; 97 uas_iu_task_mgmt task; 98 uas_iu_response response; 99 }; 100 } QEMU_PACKED uas_iu; 101 102 /* --------------------------------------------------------------------- */ 103 104 #define UAS_STREAM_BM_ATTR 4 105 #define UAS_MAX_STREAMS (1 << UAS_STREAM_BM_ATTR) 106 107 typedef struct UASDevice UASDevice; 108 typedef struct UASRequest UASRequest; 109 typedef struct UASStatus UASStatus; 110 111 struct UASDevice { 112 USBDevice dev; 113 SCSIBus bus; 114 QEMUBH *status_bh; 115 QTAILQ_HEAD(, UASStatus) results; 116 QTAILQ_HEAD(, UASRequest) requests; 117 118 /* properties */ 119 uint32_t requestlog; 120 121 /* usb 2.0 only */ 122 USBPacket *status2; 123 UASRequest *datain2; 124 UASRequest *dataout2; 125 126 /* usb 3.0 only */ 127 USBPacket *data3[UAS_MAX_STREAMS + 1]; 128 USBPacket *status3[UAS_MAX_STREAMS + 1]; 129 }; 130 131 #define TYPE_USB_UAS "usb-uas" 132 #define USB_UAS(obj) OBJECT_CHECK(UASDevice, (obj), TYPE_USB_UAS) 133 134 struct UASRequest { 135 uint16_t tag; 136 uint64_t lun; 137 UASDevice *uas; 138 SCSIDevice *dev; 139 SCSIRequest *req; 140 USBPacket *data; 141 bool data_async; 142 bool active; 143 bool complete; 144 uint32_t buf_off; 145 uint32_t buf_size; 146 uint32_t data_off; 147 uint32_t data_size; 148 QTAILQ_ENTRY(UASRequest) next; 149 }; 150 151 struct UASStatus { 152 uint32_t stream; 153 uas_iu status; 154 uint32_t length; 155 QTAILQ_ENTRY(UASStatus) next; 156 }; 157 158 /* --------------------------------------------------------------------- */ 159 160 enum { 161 STR_MANUFACTURER = 1, 162 STR_PRODUCT, 163 STR_SERIALNUMBER, 164 STR_CONFIG_HIGH, 165 STR_CONFIG_SUPER, 166 }; 167 168 static const USBDescStrings desc_strings = { 169 [STR_MANUFACTURER] = "QEMU", 170 [STR_PRODUCT] = "USB Attached SCSI HBA", 171 [STR_SERIALNUMBER] = "27842", 172 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)", 173 [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)", 174 }; 175 176 static const USBDescIface desc_iface_high = { 177 .bInterfaceNumber = 0, 178 .bNumEndpoints = 4, 179 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 180 .bInterfaceSubClass = 0x06, /* SCSI */ 181 .bInterfaceProtocol = 0x62, /* UAS */ 182 .eps = (USBDescEndpoint[]) { 183 { 184 .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_COMMAND, 185 .bmAttributes = USB_ENDPOINT_XFER_BULK, 186 .wMaxPacketSize = 512, 187 .extra = (uint8_t[]) { 188 0x04, /* u8 bLength */ 189 0x24, /* u8 bDescriptorType */ 190 UAS_PIPE_ID_COMMAND, 191 0x00, /* u8 bReserved */ 192 }, 193 },{ 194 .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_STATUS, 195 .bmAttributes = USB_ENDPOINT_XFER_BULK, 196 .wMaxPacketSize = 512, 197 .extra = (uint8_t[]) { 198 0x04, /* u8 bLength */ 199 0x24, /* u8 bDescriptorType */ 200 UAS_PIPE_ID_STATUS, 201 0x00, /* u8 bReserved */ 202 }, 203 },{ 204 .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_DATA_IN, 205 .bmAttributes = USB_ENDPOINT_XFER_BULK, 206 .wMaxPacketSize = 512, 207 .extra = (uint8_t[]) { 208 0x04, /* u8 bLength */ 209 0x24, /* u8 bDescriptorType */ 210 UAS_PIPE_ID_DATA_IN, 211 0x00, /* u8 bReserved */ 212 }, 213 },{ 214 .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_DATA_OUT, 215 .bmAttributes = USB_ENDPOINT_XFER_BULK, 216 .wMaxPacketSize = 512, 217 .extra = (uint8_t[]) { 218 0x04, /* u8 bLength */ 219 0x24, /* u8 bDescriptorType */ 220 UAS_PIPE_ID_DATA_OUT, 221 0x00, /* u8 bReserved */ 222 }, 223 }, 224 } 225 }; 226 227 static const USBDescIface desc_iface_super = { 228 .bInterfaceNumber = 0, 229 .bNumEndpoints = 4, 230 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 231 .bInterfaceSubClass = 0x06, /* SCSI */ 232 .bInterfaceProtocol = 0x62, /* UAS */ 233 .eps = (USBDescEndpoint[]) { 234 { 235 .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_COMMAND, 236 .bmAttributes = USB_ENDPOINT_XFER_BULK, 237 .wMaxPacketSize = 1024, 238 .bMaxBurst = 15, 239 .extra = (uint8_t[]) { 240 0x04, /* u8 bLength */ 241 0x24, /* u8 bDescriptorType */ 242 UAS_PIPE_ID_COMMAND, 243 0x00, /* u8 bReserved */ 244 }, 245 },{ 246 .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_STATUS, 247 .bmAttributes = USB_ENDPOINT_XFER_BULK, 248 .wMaxPacketSize = 1024, 249 .bMaxBurst = 15, 250 .bmAttributes_super = UAS_STREAM_BM_ATTR, 251 .extra = (uint8_t[]) { 252 0x04, /* u8 bLength */ 253 0x24, /* u8 bDescriptorType */ 254 UAS_PIPE_ID_STATUS, 255 0x00, /* u8 bReserved */ 256 }, 257 },{ 258 .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_DATA_IN, 259 .bmAttributes = USB_ENDPOINT_XFER_BULK, 260 .wMaxPacketSize = 1024, 261 .bMaxBurst = 15, 262 .bmAttributes_super = UAS_STREAM_BM_ATTR, 263 .extra = (uint8_t[]) { 264 0x04, /* u8 bLength */ 265 0x24, /* u8 bDescriptorType */ 266 UAS_PIPE_ID_DATA_IN, 267 0x00, /* u8 bReserved */ 268 }, 269 },{ 270 .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_DATA_OUT, 271 .bmAttributes = USB_ENDPOINT_XFER_BULK, 272 .wMaxPacketSize = 1024, 273 .bMaxBurst = 15, 274 .bmAttributes_super = UAS_STREAM_BM_ATTR, 275 .extra = (uint8_t[]) { 276 0x04, /* u8 bLength */ 277 0x24, /* u8 bDescriptorType */ 278 UAS_PIPE_ID_DATA_OUT, 279 0x00, /* u8 bReserved */ 280 }, 281 }, 282 } 283 }; 284 285 static const USBDescDevice desc_device_high = { 286 .bcdUSB = 0x0200, 287 .bMaxPacketSize0 = 64, 288 .bNumConfigurations = 1, 289 .confs = (USBDescConfig[]) { 290 { 291 .bNumInterfaces = 1, 292 .bConfigurationValue = 1, 293 .iConfiguration = STR_CONFIG_HIGH, 294 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_SELFPOWER, 295 .nif = 1, 296 .ifs = &desc_iface_high, 297 }, 298 }, 299 }; 300 301 static const USBDescDevice desc_device_super = { 302 .bcdUSB = 0x0300, 303 .bMaxPacketSize0 = 64, 304 .bNumConfigurations = 1, 305 .confs = (USBDescConfig[]) { 306 { 307 .bNumInterfaces = 1, 308 .bConfigurationValue = 1, 309 .iConfiguration = STR_CONFIG_SUPER, 310 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_SELFPOWER, 311 .nif = 1, 312 .ifs = &desc_iface_super, 313 }, 314 }, 315 }; 316 317 static const USBDesc desc = { 318 .id = { 319 .idVendor = 0x46f4, /* CRC16() of "QEMU" */ 320 .idProduct = 0x0003, 321 .bcdDevice = 0, 322 .iManufacturer = STR_MANUFACTURER, 323 .iProduct = STR_PRODUCT, 324 .iSerialNumber = STR_SERIALNUMBER, 325 }, 326 .high = &desc_device_high, 327 .super = &desc_device_super, 328 .str = desc_strings, 329 }; 330 331 /* --------------------------------------------------------------------- */ 332 333 static bool uas_using_streams(UASDevice *uas) 334 { 335 return uas->dev.speed == USB_SPEED_SUPER; 336 } 337 338 /* --------------------------------------------------------------------- */ 339 340 static UASStatus *usb_uas_alloc_status(UASDevice *uas, uint8_t id, uint16_t tag) 341 { 342 UASStatus *st = g_new0(UASStatus, 1); 343 344 st->status.hdr.id = id; 345 st->status.hdr.tag = cpu_to_be16(tag); 346 st->length = sizeof(uas_iu_header); 347 if (uas_using_streams(uas)) { 348 st->stream = tag; 349 } 350 return st; 351 } 352 353 static void usb_uas_send_status_bh(void *opaque) 354 { 355 UASDevice *uas = opaque; 356 UASStatus *st; 357 USBPacket *p; 358 359 while ((st = QTAILQ_FIRST(&uas->results)) != NULL) { 360 if (uas_using_streams(uas)) { 361 p = uas->status3[st->stream]; 362 uas->status3[st->stream] = NULL; 363 } else { 364 p = uas->status2; 365 uas->status2 = NULL; 366 } 367 if (p == NULL) { 368 break; 369 } 370 371 usb_packet_copy(p, &st->status, st->length); 372 QTAILQ_REMOVE(&uas->results, st, next); 373 g_free(st); 374 375 p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */ 376 usb_packet_complete(&uas->dev, p); 377 } 378 } 379 380 static void usb_uas_queue_status(UASDevice *uas, UASStatus *st, int length) 381 { 382 USBPacket *p = uas_using_streams(uas) ? 383 uas->status3[st->stream] : uas->status2; 384 385 st->length += length; 386 QTAILQ_INSERT_TAIL(&uas->results, st, next); 387 if (p) { 388 /* 389 * Just schedule bh make sure any in-flight data transaction 390 * is finished before completing (sending) the status packet. 391 */ 392 qemu_bh_schedule(uas->status_bh); 393 } else { 394 USBEndpoint *ep = usb_ep_get(&uas->dev, USB_TOKEN_IN, 395 UAS_PIPE_ID_STATUS); 396 usb_wakeup(ep, st->stream); 397 } 398 } 399 400 static void usb_uas_queue_response(UASDevice *uas, uint16_t tag, uint8_t code) 401 { 402 UASStatus *st = usb_uas_alloc_status(uas, UAS_UI_RESPONSE, tag); 403 404 trace_usb_uas_response(uas->dev.addr, tag, code); 405 st->status.response.response_code = code; 406 usb_uas_queue_status(uas, st, sizeof(uas_iu_response)); 407 } 408 409 static void usb_uas_queue_sense(UASRequest *req, uint8_t status) 410 { 411 UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_SENSE, req->tag); 412 int len, slen = 0; 413 414 trace_usb_uas_sense(req->uas->dev.addr, req->tag, status); 415 st->status.sense.status = status; 416 st->status.sense.status_qualifier = cpu_to_be16(0); 417 if (status != GOOD) { 418 slen = scsi_req_get_sense(req->req, st->status.sense.sense_data, 419 sizeof(st->status.sense.sense_data)); 420 st->status.sense.sense_length = cpu_to_be16(slen); 421 } 422 len = sizeof(uas_iu_sense) - sizeof(st->status.sense.sense_data) + slen; 423 usb_uas_queue_status(req->uas, st, len); 424 } 425 426 static void usb_uas_queue_fake_sense(UASDevice *uas, uint16_t tag, 427 struct SCSISense sense) 428 { 429 UASStatus *st = usb_uas_alloc_status(uas, UAS_UI_SENSE, tag); 430 int len, slen = 0; 431 432 st->status.sense.status = CHECK_CONDITION; 433 st->status.sense.status_qualifier = cpu_to_be16(0); 434 st->status.sense.sense_data[0] = 0x70; 435 st->status.sense.sense_data[2] = sense.key; 436 st->status.sense.sense_data[7] = 10; 437 st->status.sense.sense_data[12] = sense.asc; 438 st->status.sense.sense_data[13] = sense.ascq; 439 slen = 18; 440 len = sizeof(uas_iu_sense) - sizeof(st->status.sense.sense_data) + slen; 441 usb_uas_queue_status(uas, st, len); 442 } 443 444 static void usb_uas_queue_read_ready(UASRequest *req) 445 { 446 UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_READ_READY, 447 req->tag); 448 449 trace_usb_uas_read_ready(req->uas->dev.addr, req->tag); 450 usb_uas_queue_status(req->uas, st, 0); 451 } 452 453 static void usb_uas_queue_write_ready(UASRequest *req) 454 { 455 UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_WRITE_READY, 456 req->tag); 457 458 trace_usb_uas_write_ready(req->uas->dev.addr, req->tag); 459 usb_uas_queue_status(req->uas, st, 0); 460 } 461 462 /* --------------------------------------------------------------------- */ 463 464 static int usb_uas_get_lun(uint64_t lun64) 465 { 466 return (lun64 >> 48) & 0xff; 467 } 468 469 static SCSIDevice *usb_uas_get_dev(UASDevice *uas, uint64_t lun64) 470 { 471 if ((lun64 >> 56) != 0x00) { 472 return NULL; 473 } 474 return scsi_device_find(&uas->bus, 0, 0, usb_uas_get_lun(lun64)); 475 } 476 477 static void usb_uas_complete_data_packet(UASRequest *req) 478 { 479 USBPacket *p; 480 481 if (!req->data_async) { 482 return; 483 } 484 p = req->data; 485 req->data = NULL; 486 req->data_async = false; 487 p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */ 488 usb_packet_complete(&req->uas->dev, p); 489 } 490 491 static void usb_uas_copy_data(UASRequest *req) 492 { 493 uint32_t length; 494 495 length = MIN(req->buf_size - req->buf_off, 496 req->data->iov.size - req->data->actual_length); 497 trace_usb_uas_xfer_data(req->uas->dev.addr, req->tag, length, 498 req->data->actual_length, req->data->iov.size, 499 req->buf_off, req->buf_size); 500 usb_packet_copy(req->data, scsi_req_get_buf(req->req) + req->buf_off, 501 length); 502 req->buf_off += length; 503 req->data_off += length; 504 505 if (req->data->actual_length == req->data->iov.size) { 506 usb_uas_complete_data_packet(req); 507 } 508 if (req->buf_size && req->buf_off == req->buf_size) { 509 req->buf_off = 0; 510 req->buf_size = 0; 511 scsi_req_continue(req->req); 512 } 513 } 514 515 static void usb_uas_start_next_transfer(UASDevice *uas) 516 { 517 UASRequest *req; 518 519 if (uas_using_streams(uas)) { 520 return; 521 } 522 523 QTAILQ_FOREACH(req, &uas->requests, next) { 524 if (req->active || req->complete) { 525 continue; 526 } 527 if (req->req->cmd.mode == SCSI_XFER_FROM_DEV && uas->datain2 == NULL) { 528 uas->datain2 = req; 529 usb_uas_queue_read_ready(req); 530 req->active = true; 531 return; 532 } 533 if (req->req->cmd.mode == SCSI_XFER_TO_DEV && uas->dataout2 == NULL) { 534 uas->dataout2 = req; 535 usb_uas_queue_write_ready(req); 536 req->active = true; 537 return; 538 } 539 } 540 } 541 542 static UASRequest *usb_uas_alloc_request(UASDevice *uas, uas_iu *iu) 543 { 544 UASRequest *req; 545 546 req = g_new0(UASRequest, 1); 547 req->uas = uas; 548 req->tag = be16_to_cpu(iu->hdr.tag); 549 req->lun = be64_to_cpu(iu->command.lun); 550 req->dev = usb_uas_get_dev(req->uas, req->lun); 551 return req; 552 } 553 554 static void usb_uas_scsi_free_request(SCSIBus *bus, void *priv) 555 { 556 UASRequest *req = priv; 557 UASDevice *uas = req->uas; 558 559 if (req == uas->datain2) { 560 uas->datain2 = NULL; 561 } 562 if (req == uas->dataout2) { 563 uas->dataout2 = NULL; 564 } 565 QTAILQ_REMOVE(&uas->requests, req, next); 566 g_free(req); 567 usb_uas_start_next_transfer(uas); 568 } 569 570 static UASRequest *usb_uas_find_request(UASDevice *uas, uint16_t tag) 571 { 572 UASRequest *req; 573 574 QTAILQ_FOREACH(req, &uas->requests, next) { 575 if (req->tag == tag) { 576 return req; 577 } 578 } 579 return NULL; 580 } 581 582 static void usb_uas_scsi_transfer_data(SCSIRequest *r, uint32_t len) 583 { 584 UASRequest *req = r->hba_private; 585 586 trace_usb_uas_scsi_data(req->uas->dev.addr, req->tag, len); 587 req->buf_off = 0; 588 req->buf_size = len; 589 if (req->data) { 590 usb_uas_copy_data(req); 591 } else { 592 usb_uas_start_next_transfer(req->uas); 593 } 594 } 595 596 static void usb_uas_scsi_command_complete(SCSIRequest *r, 597 uint32_t status, size_t resid) 598 { 599 UASRequest *req = r->hba_private; 600 601 trace_usb_uas_scsi_complete(req->uas->dev.addr, req->tag, status, resid); 602 req->complete = true; 603 if (req->data) { 604 usb_uas_complete_data_packet(req); 605 } 606 usb_uas_queue_sense(req, status); 607 scsi_req_unref(req->req); 608 } 609 610 static void usb_uas_scsi_request_cancelled(SCSIRequest *r) 611 { 612 UASRequest *req = r->hba_private; 613 614 /* FIXME: queue notification to status pipe? */ 615 scsi_req_unref(req->req); 616 } 617 618 static const struct SCSIBusInfo usb_uas_scsi_info = { 619 .tcq = true, 620 .max_target = 0, 621 .max_lun = 255, 622 623 .transfer_data = usb_uas_scsi_transfer_data, 624 .complete = usb_uas_scsi_command_complete, 625 .cancel = usb_uas_scsi_request_cancelled, 626 .free_request = usb_uas_scsi_free_request, 627 }; 628 629 /* --------------------------------------------------------------------- */ 630 631 static void usb_uas_handle_reset(USBDevice *dev) 632 { 633 UASDevice *uas = USB_UAS(dev); 634 UASRequest *req, *nreq; 635 UASStatus *st, *nst; 636 637 trace_usb_uas_reset(dev->addr); 638 QTAILQ_FOREACH_SAFE(req, &uas->requests, next, nreq) { 639 scsi_req_cancel(req->req); 640 } 641 QTAILQ_FOREACH_SAFE(st, &uas->results, next, nst) { 642 QTAILQ_REMOVE(&uas->results, st, next); 643 g_free(st); 644 } 645 } 646 647 static void usb_uas_handle_control(USBDevice *dev, USBPacket *p, 648 int request, int value, int index, int length, uint8_t *data) 649 { 650 int ret; 651 652 ret = usb_desc_handle_control(dev, p, request, value, index, length, data); 653 if (ret >= 0) { 654 return; 655 } 656 error_report("%s: unhandled control request (req 0x%x, val 0x%x, idx 0x%x", 657 __func__, request, value, index); 658 p->status = USB_RET_STALL; 659 } 660 661 static void usb_uas_cancel_io(USBDevice *dev, USBPacket *p) 662 { 663 UASDevice *uas = USB_UAS(dev); 664 UASRequest *req, *nreq; 665 int i; 666 667 if (uas->status2 == p) { 668 uas->status2 = NULL; 669 qemu_bh_cancel(uas->status_bh); 670 return; 671 } 672 if (uas_using_streams(uas)) { 673 for (i = 0; i <= UAS_MAX_STREAMS; i++) { 674 if (uas->status3[i] == p) { 675 uas->status3[i] = NULL; 676 return; 677 } 678 if (uas->data3[i] == p) { 679 uas->data3[i] = NULL; 680 return; 681 } 682 } 683 } 684 QTAILQ_FOREACH_SAFE(req, &uas->requests, next, nreq) { 685 if (req->data == p) { 686 req->data = NULL; 687 return; 688 } 689 } 690 assert(!"canceled usb packet not found"); 691 } 692 693 static void usb_uas_command(UASDevice *uas, uas_iu *iu) 694 { 695 UASRequest *req; 696 uint32_t len; 697 uint16_t tag = be16_to_cpu(iu->hdr.tag); 698 699 if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) { 700 goto invalid_tag; 701 } 702 req = usb_uas_find_request(uas, tag); 703 if (req) { 704 goto overlapped_tag; 705 } 706 req = usb_uas_alloc_request(uas, iu); 707 if (req->dev == NULL) { 708 goto bad_target; 709 } 710 711 trace_usb_uas_command(uas->dev.addr, req->tag, 712 usb_uas_get_lun(req->lun), 713 req->lun >> 32, req->lun & 0xffffffff); 714 QTAILQ_INSERT_TAIL(&uas->requests, req, next); 715 if (uas_using_streams(uas) && uas->data3[req->tag] != NULL) { 716 req->data = uas->data3[req->tag]; 717 req->data_async = true; 718 uas->data3[req->tag] = NULL; 719 } 720 721 req->req = scsi_req_new(req->dev, req->tag, 722 usb_uas_get_lun(req->lun), 723 iu->command.cdb, req); 724 if (uas->requestlog) { 725 scsi_req_print(req->req); 726 } 727 len = scsi_req_enqueue(req->req); 728 if (len) { 729 req->data_size = len; 730 scsi_req_continue(req->req); 731 } 732 return; 733 734 invalid_tag: 735 usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_TAG); 736 return; 737 738 overlapped_tag: 739 usb_uas_queue_fake_sense(uas, tag, sense_code_OVERLAPPED_COMMANDS); 740 return; 741 742 bad_target: 743 usb_uas_queue_fake_sense(uas, tag, sense_code_LUN_NOT_SUPPORTED); 744 g_free(req); 745 } 746 747 static void usb_uas_task(UASDevice *uas, uas_iu *iu) 748 { 749 uint16_t tag = be16_to_cpu(iu->hdr.tag); 750 uint64_t lun64 = be64_to_cpu(iu->task.lun); 751 SCSIDevice *dev = usb_uas_get_dev(uas, lun64); 752 int lun = usb_uas_get_lun(lun64); 753 UASRequest *req; 754 uint16_t task_tag; 755 756 if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) { 757 goto invalid_tag; 758 } 759 req = usb_uas_find_request(uas, be16_to_cpu(iu->hdr.tag)); 760 if (req) { 761 goto overlapped_tag; 762 } 763 if (dev == NULL) { 764 goto incorrect_lun; 765 } 766 767 switch (iu->task.function) { 768 case UAS_TMF_ABORT_TASK: 769 task_tag = be16_to_cpu(iu->task.task_tag); 770 trace_usb_uas_tmf_abort_task(uas->dev.addr, tag, task_tag); 771 req = usb_uas_find_request(uas, task_tag); 772 if (req && req->dev == dev) { 773 scsi_req_cancel(req->req); 774 } 775 usb_uas_queue_response(uas, tag, UAS_RC_TMF_COMPLETE); 776 break; 777 778 case UAS_TMF_LOGICAL_UNIT_RESET: 779 trace_usb_uas_tmf_logical_unit_reset(uas->dev.addr, tag, lun); 780 qdev_reset_all(&dev->qdev); 781 usb_uas_queue_response(uas, tag, UAS_RC_TMF_COMPLETE); 782 break; 783 784 default: 785 trace_usb_uas_tmf_unsupported(uas->dev.addr, tag, iu->task.function); 786 usb_uas_queue_response(uas, tag, UAS_RC_TMF_NOT_SUPPORTED); 787 break; 788 } 789 return; 790 791 invalid_tag: 792 usb_uas_queue_response(uas, tag, UAS_RC_INVALID_INFO_UNIT); 793 return; 794 795 overlapped_tag: 796 usb_uas_queue_response(uas, req->tag, UAS_RC_OVERLAPPED_TAG); 797 return; 798 799 incorrect_lun: 800 usb_uas_queue_response(uas, tag, UAS_RC_INCORRECT_LUN); 801 } 802 803 static void usb_uas_handle_data(USBDevice *dev, USBPacket *p) 804 { 805 UASDevice *uas = USB_UAS(dev); 806 uas_iu iu; 807 UASStatus *st; 808 UASRequest *req; 809 int length; 810 811 switch (p->ep->nr) { 812 case UAS_PIPE_ID_COMMAND: 813 length = MIN(sizeof(iu), p->iov.size); 814 usb_packet_copy(p, &iu, length); 815 switch (iu.hdr.id) { 816 case UAS_UI_COMMAND: 817 usb_uas_command(uas, &iu); 818 break; 819 case UAS_UI_TASK_MGMT: 820 usb_uas_task(uas, &iu); 821 break; 822 default: 823 error_report("%s: unknown command iu: id 0x%x", 824 __func__, iu.hdr.id); 825 p->status = USB_RET_STALL; 826 break; 827 } 828 break; 829 case UAS_PIPE_ID_STATUS: 830 if (p->stream) { 831 QTAILQ_FOREACH(st, &uas->results, next) { 832 if (st->stream == p->stream) { 833 break; 834 } 835 } 836 if (st == NULL) { 837 assert(uas->status3[p->stream] == NULL); 838 uas->status3[p->stream] = p; 839 p->status = USB_RET_ASYNC; 840 break; 841 } 842 } else { 843 st = QTAILQ_FIRST(&uas->results); 844 if (st == NULL) { 845 assert(uas->status2 == NULL); 846 uas->status2 = p; 847 p->status = USB_RET_ASYNC; 848 break; 849 } 850 } 851 usb_packet_copy(p, &st->status, st->length); 852 QTAILQ_REMOVE(&uas->results, st, next); 853 g_free(st); 854 break; 855 case UAS_PIPE_ID_DATA_IN: 856 case UAS_PIPE_ID_DATA_OUT: 857 if (p->stream) { 858 req = usb_uas_find_request(uas, p->stream); 859 } else { 860 req = (p->ep->nr == UAS_PIPE_ID_DATA_IN) 861 ? uas->datain2 : uas->dataout2; 862 } 863 if (req == NULL) { 864 if (p->stream) { 865 assert(uas->data3[p->stream] == NULL); 866 uas->data3[p->stream] = p; 867 p->status = USB_RET_ASYNC; 868 break; 869 } else { 870 error_report("%s: no inflight request", __func__); 871 p->status = USB_RET_STALL; 872 break; 873 } 874 } 875 scsi_req_ref(req->req); 876 req->data = p; 877 usb_uas_copy_data(req); 878 if (p->actual_length == p->iov.size || req->complete) { 879 req->data = NULL; 880 } else { 881 req->data_async = true; 882 p->status = USB_RET_ASYNC; 883 } 884 scsi_req_unref(req->req); 885 usb_uas_start_next_transfer(uas); 886 break; 887 default: 888 error_report("%s: invalid endpoint %d", __func__, p->ep->nr); 889 p->status = USB_RET_STALL; 890 break; 891 } 892 } 893 894 static void usb_uas_unrealize(USBDevice *dev, Error **errp) 895 { 896 UASDevice *uas = USB_UAS(dev); 897 898 qemu_bh_delete(uas->status_bh); 899 } 900 901 static void usb_uas_realize(USBDevice *dev, Error **errp) 902 { 903 UASDevice *uas = USB_UAS(dev); 904 DeviceState *d = DEVICE(dev); 905 906 usb_desc_create_serial(dev); 907 usb_desc_init(dev); 908 if (d->hotplugged) { 909 uas->dev.auto_attach = 0; 910 } 911 912 QTAILQ_INIT(&uas->results); 913 QTAILQ_INIT(&uas->requests); 914 uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas); 915 916 scsi_bus_new(&uas->bus, sizeof(uas->bus), DEVICE(dev), 917 &usb_uas_scsi_info, NULL); 918 } 919 920 static const VMStateDescription vmstate_usb_uas = { 921 .name = "usb-uas", 922 .unmigratable = 1, 923 .fields = (VMStateField[]) { 924 VMSTATE_USB_DEVICE(dev, UASDevice), 925 VMSTATE_END_OF_LIST() 926 } 927 }; 928 929 static Property uas_properties[] = { 930 DEFINE_PROP_UINT32("log-scsi-req", UASDevice, requestlog, 0), 931 DEFINE_PROP_END_OF_LIST(), 932 }; 933 934 static void usb_uas_class_initfn(ObjectClass *klass, void *data) 935 { 936 DeviceClass *dc = DEVICE_CLASS(klass); 937 USBDeviceClass *uc = USB_DEVICE_CLASS(klass); 938 939 uc->realize = usb_uas_realize; 940 uc->product_desc = desc_strings[STR_PRODUCT]; 941 uc->usb_desc = &desc; 942 uc->cancel_packet = usb_uas_cancel_io; 943 uc->handle_attach = usb_desc_attach; 944 uc->handle_reset = usb_uas_handle_reset; 945 uc->handle_control = usb_uas_handle_control; 946 uc->handle_data = usb_uas_handle_data; 947 uc->unrealize = usb_uas_unrealize; 948 uc->attached_settable = true; 949 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 950 dc->fw_name = "storage"; 951 dc->vmsd = &vmstate_usb_uas; 952 dc->props = uas_properties; 953 } 954 955 static const TypeInfo uas_info = { 956 .name = TYPE_USB_UAS, 957 .parent = TYPE_USB_DEVICE, 958 .instance_size = sizeof(UASDevice), 959 .class_init = usb_uas_class_initfn, 960 }; 961 962 static void usb_uas_register_types(void) 963 { 964 type_register_static(&uas_info); 965 } 966 967 type_init(usb_uas_register_types) 968