1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#ifdef DEBUG_SCSI
25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27#else
28#define DPRINTF(fmt, ...) do {} while(0)
29#endif
30
31#include "qemu/osdep.h"
32#include "qapi/error.h"
33#include "qemu/error-report.h"
34#include "hw/scsi/scsi.h"
35#include "scsi/constants.h"
36#include "sysemu/sysemu.h"
37#include "sysemu/block-backend.h"
38#include "sysemu/blockdev.h"
39#include "hw/block/block.h"
40#include "sysemu/dma.h"
41#include "qemu/cutils.h"
42
43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
47#define SCSI_WRITE_SAME_MAX 524288
48#define SCSI_DMA_BUF_SIZE 131072
49#define SCSI_MAX_INQUIRY_LEN 256
50#define SCSI_MAX_MODE_LEN 256
51
52#define DEFAULT_DISCARD_GRANULARITY 4096
53#define DEFAULT_MAX_UNMAP_SIZE (1 << 30)
54#define DEFAULT_MAX_IO_SIZE INT_MAX
55
56#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
58#define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60#define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62#define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
69 bool (*need_fua_emulation)(SCSICommand *cmd);
70} SCSIDiskClass;
71
72typedef struct SCSIDiskReq {
73 SCSIRequest req;
74
75 uint64_t sector;
76 uint32_t sector_count;
77 uint32_t buflen;
78 bool started;
79 bool need_fua_emulation;
80 struct iovec iov;
81 QEMUIOVector qiov;
82 BlockAcctCookie acct;
83 unsigned char *status;
84} SCSIDiskReq;
85
86#define SCSI_DISK_F_REMOVABLE 0
87#define SCSI_DISK_F_DPOFUA 1
88#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
89
90typedef struct SCSIDiskState
91{
92 SCSIDevice qdev;
93 uint32_t features;
94 bool media_changed;
95 bool media_event;
96 bool eject_request;
97 uint16_t port_index;
98 uint64_t max_unmap_size;
99 uint64_t max_io_size;
100 QEMUBH *bh;
101 char *version;
102 char *serial;
103 char *vendor;
104 char *product;
105 bool tray_open;
106 bool tray_locked;
107
108
109
110
111
112
113
114 uint16_t rotation_rate;
115} SCSIDiskState;
116
117static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
118
119static void scsi_free_request(SCSIRequest *req)
120{
121 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
122
123 qemu_vfree(r->iov.iov_base);
124}
125
126
127static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
128{
129 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
130 r->req.tag, sense.key, sense.asc, sense.ascq);
131 scsi_req_build_sense(&r->req, sense);
132 scsi_req_complete(&r->req, CHECK_CONDITION);
133}
134
135static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
136{
137 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
138
139 if (!r->iov.iov_base) {
140 r->buflen = size;
141 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
142 }
143 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
144 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
145}
146
147static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
148{
149 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
150
151 qemu_put_be64s(f, &r->sector);
152 qemu_put_be32s(f, &r->sector_count);
153 qemu_put_be32s(f, &r->buflen);
154 if (r->buflen) {
155 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
156 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
157 } else if (!req->retry) {
158 uint32_t len = r->iov.iov_len;
159 qemu_put_be32s(f, &len);
160 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
161 }
162 }
163}
164
165static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
166{
167 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
168
169 qemu_get_be64s(f, &r->sector);
170 qemu_get_be32s(f, &r->sector_count);
171 qemu_get_be32s(f, &r->buflen);
172 if (r->buflen) {
173 scsi_init_iovec(r, r->buflen);
174 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
175 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
176 } else if (!r->req.retry) {
177 uint32_t len;
178 qemu_get_be32s(f, &len);
179 r->iov.iov_len = len;
180 assert(r->iov.iov_len <= r->buflen);
181 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
182 }
183 }
184
185 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
186}
187
188static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
189{
190 if (r->req.io_canceled) {
191 scsi_req_cancel_complete(&r->req);
192 return true;
193 }
194
195 if (ret < 0 || (r->status && *r->status)) {
196 return scsi_handle_rw_error(r, -ret, acct_failed);
197 }
198
199 return false;
200}
201
202static void scsi_aio_complete(void *opaque, int ret)
203{
204 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
205 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
206
207 assert(r->req.aiocb != NULL);
208 r->req.aiocb = NULL;
209 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
210 if (scsi_disk_req_check_error(r, ret, true)) {
211 goto done;
212 }
213
214 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
215 scsi_req_complete(&r->req, GOOD);
216
217done:
218 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
219 scsi_req_unref(&r->req);
220}
221
222static bool scsi_is_cmd_fua(SCSICommand *cmd)
223{
224 switch (cmd->buf[0]) {
225 case READ_10:
226 case READ_12:
227 case READ_16:
228 case WRITE_10:
229 case WRITE_12:
230 case WRITE_16:
231 return (cmd->buf[1] & 8) != 0;
232
233 case VERIFY_10:
234 case VERIFY_12:
235 case VERIFY_16:
236 case WRITE_VERIFY_10:
237 case WRITE_VERIFY_12:
238 case WRITE_VERIFY_16:
239 return true;
240
241 case READ_6:
242 case WRITE_6:
243 default:
244 return false;
245 }
246}
247
248static void scsi_write_do_fua(SCSIDiskReq *r)
249{
250 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
251
252 assert(r->req.aiocb == NULL);
253 assert(!r->req.io_canceled);
254
255 if (r->need_fua_emulation) {
256 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
257 BLOCK_ACCT_FLUSH);
258 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
259 return;
260 }
261
262 scsi_req_complete(&r->req, GOOD);
263 scsi_req_unref(&r->req);
264}
265
266static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
267{
268 assert(r->req.aiocb == NULL);
269 if (scsi_disk_req_check_error(r, ret, false)) {
270 goto done;
271 }
272
273 r->sector += r->sector_count;
274 r->sector_count = 0;
275 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
276 scsi_write_do_fua(r);
277 return;
278 } else {
279 scsi_req_complete(&r->req, GOOD);
280 }
281
282done:
283 scsi_req_unref(&r->req);
284}
285
286static void scsi_dma_complete(void *opaque, int ret)
287{
288 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
290
291 assert(r->req.aiocb != NULL);
292 r->req.aiocb = NULL;
293
294 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
295 if (ret < 0) {
296 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
297 } else {
298 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
299 }
300 scsi_dma_complete_noio(r, ret);
301 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
302}
303
304static void scsi_read_complete(void * opaque, int ret)
305{
306 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
307 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
308 int n;
309
310 assert(r->req.aiocb != NULL);
311 r->req.aiocb = NULL;
312 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
313 if (scsi_disk_req_check_error(r, ret, true)) {
314 goto done;
315 }
316
317 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
318 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
319
320 n = r->qiov.size / 512;
321 r->sector += n;
322 r->sector_count -= n;
323 scsi_req_data(&r->req, r->qiov.size);
324
325done:
326 scsi_req_unref(&r->req);
327 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
328}
329
330
331static void scsi_do_read(SCSIDiskReq *r, int ret)
332{
333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
334 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
335
336 assert (r->req.aiocb == NULL);
337 if (scsi_disk_req_check_error(r, ret, false)) {
338 goto done;
339 }
340
341
342 scsi_req_ref(&r->req);
343
344 if (r->req.sg) {
345 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
346 r->req.resid -= r->req.sg->size;
347 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
348 r->req.sg, r->sector << BDRV_SECTOR_BITS,
349 BDRV_SECTOR_SIZE,
350 sdc->dma_readv, r, scsi_dma_complete, r,
351 DMA_DIRECTION_FROM_DEVICE);
352 } else {
353 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
354 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
355 r->qiov.size, BLOCK_ACCT_READ);
356 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
357 scsi_read_complete, r, r);
358 }
359
360done:
361 scsi_req_unref(&r->req);
362}
363
364static void scsi_do_read_cb(void *opaque, int ret)
365{
366 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
368
369 assert (r->req.aiocb != NULL);
370 r->req.aiocb = NULL;
371
372 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
373 if (ret < 0) {
374 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
375 } else {
376 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
377 }
378 scsi_do_read(opaque, ret);
379 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
380}
381
382
383static void scsi_read_data(SCSIRequest *req)
384{
385 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
386 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
387 bool first;
388
389 DPRINTF("Read sector_count=%d\n", r->sector_count);
390 if (r->sector_count == 0) {
391
392 scsi_req_complete(&r->req, GOOD);
393 return;
394 }
395
396
397 assert(r->req.aiocb == NULL);
398
399
400 scsi_req_ref(&r->req);
401 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
402 DPRINTF("Data transfer direction invalid\n");
403 scsi_read_complete(r, -EINVAL);
404 return;
405 }
406
407 if (!blk_is_available(req->dev->conf.blk)) {
408 scsi_read_complete(r, -ENOMEDIUM);
409 return;
410 }
411
412 first = !r->started;
413 r->started = true;
414 if (first && r->need_fua_emulation) {
415 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
416 BLOCK_ACCT_FLUSH);
417 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
418 } else {
419 scsi_do_read(r, 0);
420 }
421}
422
423
424
425
426
427
428
429
430static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
431{
432 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
434 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
435 is_read, error);
436
437 if (action == BLOCK_ERROR_ACTION_REPORT) {
438 if (acct_failed) {
439 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
440 }
441 switch (error) {
442 case 0:
443
444 assert(r->status && *r->status);
445 scsi_req_complete(&r->req, *r->status);
446 break;
447 case ENOMEDIUM:
448 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
449 break;
450 case ENOMEM:
451 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
452 break;
453 case EINVAL:
454 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
455 break;
456 case ENOSPC:
457 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
458 break;
459 default:
460 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
461 break;
462 }
463 }
464 if (!error) {
465 assert(r->status && *r->status);
466 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
467
468 if (error == ECANCELED || error == EAGAIN || error == ENOTCONN ||
469 error == 0) {
470
471 scsi_req_complete(&r->req, *r->status);
472 return true;
473 }
474 }
475
476 blk_error_action(s->qdev.conf.blk, action, is_read, error);
477 if (action == BLOCK_ERROR_ACTION_STOP) {
478 scsi_req_retry(&r->req);
479 }
480 return action != BLOCK_ERROR_ACTION_IGNORE;
481}
482
483static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
484{
485 uint32_t n;
486
487 assert (r->req.aiocb == NULL);
488 if (scsi_disk_req_check_error(r, ret, false)) {
489 goto done;
490 }
491
492 n = r->qiov.size / 512;
493 r->sector += n;
494 r->sector_count -= n;
495 if (r->sector_count == 0) {
496 scsi_write_do_fua(r);
497 return;
498 } else {
499 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
500 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
501 scsi_req_data(&r->req, r->qiov.size);
502 }
503
504done:
505 scsi_req_unref(&r->req);
506}
507
508static void scsi_write_complete(void * opaque, int ret)
509{
510 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
511 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
512
513 assert (r->req.aiocb != NULL);
514 r->req.aiocb = NULL;
515
516 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
517 if (ret < 0) {
518 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
519 } else {
520 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
521 }
522 scsi_write_complete_noio(r, ret);
523 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
524}
525
526static void scsi_write_data(SCSIRequest *req)
527{
528 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
530 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
531
532
533 assert(r->req.aiocb == NULL);
534
535
536 scsi_req_ref(&r->req);
537 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
538 DPRINTF("Data transfer direction invalid\n");
539 scsi_write_complete_noio(r, -EINVAL);
540 return;
541 }
542
543 if (!r->req.sg && !r->qiov.size) {
544
545 r->started = true;
546 scsi_write_complete_noio(r, 0);
547 return;
548 }
549 if (!blk_is_available(req->dev->conf.blk)) {
550 scsi_write_complete_noio(r, -ENOMEDIUM);
551 return;
552 }
553
554 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
555 r->req.cmd.buf[0] == VERIFY_16) {
556 if (r->req.sg) {
557 scsi_dma_complete_noio(r, 0);
558 } else {
559 scsi_write_complete_noio(r, 0);
560 }
561 return;
562 }
563
564 if (r->req.sg) {
565 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
566 r->req.resid -= r->req.sg->size;
567 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
568 r->req.sg, r->sector << BDRV_SECTOR_BITS,
569 BDRV_SECTOR_SIZE,
570 sdc->dma_writev, r, scsi_dma_complete, r,
571 DMA_DIRECTION_TO_DEVICE);
572 } else {
573 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
574 r->qiov.size, BLOCK_ACCT_WRITE);
575 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
576 scsi_write_complete, r, r);
577 }
578}
579
580
581static uint8_t *scsi_get_buf(SCSIRequest *req)
582{
583 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
584
585 return (uint8_t *)r->iov.iov_base;
586}
587
588static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
589{
590 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
591 int buflen = 0;
592 int start;
593
594 if (req->cmd.buf[1] & 0x1) {
595
596 uint8_t page_code = req->cmd.buf[2];
597
598 outbuf[buflen++] = s->qdev.type & 0x1f;
599 outbuf[buflen++] = page_code ;
600 outbuf[buflen++] = 0x00;
601 outbuf[buflen++] = 0x00;
602 start = buflen;
603
604 switch (page_code) {
605 case 0x00:
606 {
607 DPRINTF("Inquiry EVPD[Supported pages] "
608 "buffer size %zd\n", req->cmd.xfer);
609 outbuf[buflen++] = 0x00;
610 if (s->serial) {
611 outbuf[buflen++] = 0x80;
612 }
613 outbuf[buflen++] = 0x83;
614 if (s->qdev.type == TYPE_DISK) {
615 outbuf[buflen++] = 0xb0;
616 outbuf[buflen++] = 0xb1;
617 outbuf[buflen++] = 0xb2;
618 }
619 break;
620 }
621 case 0x80:
622 {
623 int l;
624
625 if (!s->serial) {
626 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
627 return -1;
628 }
629
630 l = strlen(s->serial);
631 if (l > 36) {
632 l = 36;
633 }
634
635 DPRINTF("Inquiry EVPD[Serial number] "
636 "buffer size %zd\n", req->cmd.xfer);
637 memcpy(outbuf+buflen, s->serial, l);
638 buflen += l;
639 break;
640 }
641
642 case 0x83:
643 {
644 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
645 int max_len = s->serial ? 20 : 255 - 8;
646 int id_len = strlen(str);
647
648 if (id_len > max_len) {
649 id_len = max_len;
650 }
651 DPRINTF("Inquiry EVPD[Device identification] "
652 "buffer size %zd\n", req->cmd.xfer);
653
654 outbuf[buflen++] = 0x2;
655 outbuf[buflen++] = 0;
656 outbuf[buflen++] = 0;
657 outbuf[buflen++] = id_len;
658 memcpy(outbuf+buflen, str, id_len);
659 buflen += id_len;
660
661 if (s->qdev.wwn) {
662 outbuf[buflen++] = 0x1;
663 outbuf[buflen++] = 0x3;
664 outbuf[buflen++] = 0;
665 outbuf[buflen++] = 8;
666 stq_be_p(&outbuf[buflen], s->qdev.wwn);
667 buflen += 8;
668 }
669
670 if (s->qdev.port_wwn) {
671 outbuf[buflen++] = 0x61;
672 outbuf[buflen++] = 0x93;
673 outbuf[buflen++] = 0;
674 outbuf[buflen++] = 8;
675 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
676 buflen += 8;
677 }
678
679 if (s->port_index) {
680 outbuf[buflen++] = 0x61;
681 outbuf[buflen++] = 0x94;
682 outbuf[buflen++] = 0;
683 outbuf[buflen++] = 4;
684 stw_be_p(&outbuf[buflen + 2], s->port_index);
685 buflen += 4;
686 }
687 break;
688 }
689 case 0xb0:
690 {
691 unsigned int unmap_sectors =
692 s->qdev.conf.discard_granularity / s->qdev.blocksize;
693 unsigned int min_io_size =
694 s->qdev.conf.min_io_size / s->qdev.blocksize;
695 unsigned int opt_io_size =
696 s->qdev.conf.opt_io_size / s->qdev.blocksize;
697 unsigned int max_unmap_sectors =
698 s->max_unmap_size / s->qdev.blocksize;
699 unsigned int max_io_sectors =
700 s->max_io_size / s->qdev.blocksize;
701
702 if (s->qdev.type == TYPE_ROM) {
703 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
704 page_code);
705 return -1;
706 }
707
708 buflen = 0x40;
709 memset(outbuf + 4, 0, buflen - 4);
710
711 outbuf[4] = 0x1;
712
713
714 outbuf[6] = (min_io_size >> 8) & 0xff;
715 outbuf[7] = min_io_size & 0xff;
716
717
718 outbuf[8] = (max_io_sectors >> 24) & 0xff;
719 outbuf[9] = (max_io_sectors >> 16) & 0xff;
720 outbuf[10] = (max_io_sectors >> 8) & 0xff;
721 outbuf[11] = max_io_sectors & 0xff;
722
723
724 outbuf[12] = (opt_io_size >> 24) & 0xff;
725 outbuf[13] = (opt_io_size >> 16) & 0xff;
726 outbuf[14] = (opt_io_size >> 8) & 0xff;
727 outbuf[15] = opt_io_size & 0xff;
728
729
730 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
731 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
732 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
733 outbuf[23] = max_unmap_sectors & 0xff;
734
735
736 outbuf[24] = 0;
737 outbuf[25] = 0;
738 outbuf[26] = 0;
739 outbuf[27] = 255;
740
741
742 outbuf[28] = (unmap_sectors >> 24) & 0xff;
743 outbuf[29] = (unmap_sectors >> 16) & 0xff;
744 outbuf[30] = (unmap_sectors >> 8) & 0xff;
745 outbuf[31] = unmap_sectors & 0xff;
746
747
748 outbuf[36] = 0;
749 outbuf[37] = 0;
750 outbuf[38] = 0;
751 outbuf[39] = 0;
752
753 outbuf[40] = (max_io_sectors >> 24) & 0xff;
754 outbuf[41] = (max_io_sectors >> 16) & 0xff;
755 outbuf[42] = (max_io_sectors >> 8) & 0xff;
756 outbuf[43] = max_io_sectors & 0xff;
757 break;
758 }
759 case 0xb1:
760 {
761 buflen = 8;
762 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
763 outbuf[5] = s->rotation_rate & 0xff;
764 outbuf[6] = 0;
765 outbuf[7] = 0;
766 break;
767 }
768 case 0xb2:
769 {
770 buflen = 8;
771 outbuf[4] = 0;
772 outbuf[5] = 0xe0;
773 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
774 outbuf[7] = 0;
775 break;
776 }
777 default:
778 return -1;
779 }
780
781 assert(buflen - start <= 255);
782 outbuf[start - 1] = buflen - start;
783 return buflen;
784 }
785
786
787 if (req->cmd.buf[2] != 0) {
788 return -1;
789 }
790
791
792 buflen = req->cmd.xfer;
793 if (buflen > SCSI_MAX_INQUIRY_LEN) {
794 buflen = SCSI_MAX_INQUIRY_LEN;
795 }
796
797 outbuf[0] = s->qdev.type & 0x1f;
798 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
799
800 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
801 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
802
803 memset(&outbuf[32], 0, 4);
804 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
805
806
807
808
809
810
811 outbuf[2] = 5;
812 outbuf[3] = 2 | 0x10;
813
814 if (buflen > 36) {
815 outbuf[4] = buflen - 5;
816 } else {
817
818
819 outbuf[4] = 36 - 5;
820 }
821
822
823 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
824 return buflen;
825}
826
827static inline bool media_is_dvd(SCSIDiskState *s)
828{
829 uint64_t nb_sectors;
830 if (s->qdev.type != TYPE_ROM) {
831 return false;
832 }
833 if (!blk_is_available(s->qdev.conf.blk)) {
834 return false;
835 }
836 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
837 return nb_sectors > CD_MAX_SECTORS;
838}
839
840static inline bool media_is_cd(SCSIDiskState *s)
841{
842 uint64_t nb_sectors;
843 if (s->qdev.type != TYPE_ROM) {
844 return false;
845 }
846 if (!blk_is_available(s->qdev.conf.blk)) {
847 return false;
848 }
849 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
850 return nb_sectors <= CD_MAX_SECTORS;
851}
852
853static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
854 uint8_t *outbuf)
855{
856 uint8_t type = r->req.cmd.buf[1] & 7;
857
858 if (s->qdev.type != TYPE_ROM) {
859 return -1;
860 }
861
862
863 if (type != 0) {
864 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
865 return -1;
866 }
867
868 memset(outbuf, 0, 34);
869 outbuf[1] = 32;
870 outbuf[2] = 0xe;
871 outbuf[3] = 1;
872 outbuf[4] = 1;
873 outbuf[5] = 1;
874 outbuf[6] = 1;
875 outbuf[7] = 0x20;
876 outbuf[8] = 0x00;
877
878
879
880
881
882
883 return 34;
884}
885
886static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
887 uint8_t *outbuf)
888{
889 static const int rds_caps_size[5] = {
890 [0] = 2048 + 4,
891 [1] = 4 + 4,
892 [3] = 188 + 4,
893 [4] = 2048 + 4,
894 };
895
896 uint8_t media = r->req.cmd.buf[1];
897 uint8_t layer = r->req.cmd.buf[6];
898 uint8_t format = r->req.cmd.buf[7];
899 int size = -1;
900
901 if (s->qdev.type != TYPE_ROM) {
902 return -1;
903 }
904 if (media != 0) {
905 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
906 return -1;
907 }
908
909 if (format != 0xff) {
910 if (!blk_is_available(s->qdev.conf.blk)) {
911 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
912 return -1;
913 }
914 if (media_is_cd(s)) {
915 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
916 return -1;
917 }
918 if (format >= ARRAY_SIZE(rds_caps_size)) {
919 return -1;
920 }
921 size = rds_caps_size[format];
922 memset(outbuf, 0, size);
923 }
924
925 switch (format) {
926 case 0x00: {
927
928 uint64_t nb_sectors;
929 if (layer != 0) {
930 goto fail;
931 }
932 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
933
934 outbuf[4] = 1;
935 outbuf[5] = 0xf;
936 outbuf[6] = 1;
937 outbuf[7] = 0;
938
939 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1);
940 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1);
941 break;
942 }
943
944 case 0x01:
945 break;
946
947 case 0x03:
948 return -1;
949
950 case 0x04:
951 break;
952
953 case 0xff: {
954 int i;
955 size = 4;
956 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
957 if (!rds_caps_size[i]) {
958 continue;
959 }
960 outbuf[size] = i;
961 outbuf[size + 1] = 0x40;
962 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
963 size += 4;
964 }
965 break;
966 }
967
968 default:
969 return -1;
970 }
971
972
973 stw_be_p(outbuf, size - 2);
974 return size;
975
976fail:
977 return -1;
978}
979
980static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
981{
982 uint8_t event_code, media_status;
983
984 media_status = 0;
985 if (s->tray_open) {
986 media_status = MS_TRAY_OPEN;
987 } else if (blk_is_inserted(s->qdev.conf.blk)) {
988 media_status = MS_MEDIA_PRESENT;
989 }
990
991
992 event_code = MEC_NO_CHANGE;
993 if (media_status != MS_TRAY_OPEN) {
994 if (s->media_event) {
995 event_code = MEC_NEW_MEDIA;
996 s->media_event = false;
997 } else if (s->eject_request) {
998 event_code = MEC_EJECT_REQUESTED;
999 s->eject_request = false;
1000 }
1001 }
1002
1003 outbuf[0] = event_code;
1004 outbuf[1] = media_status;
1005
1006
1007 outbuf[2] = 0;
1008 outbuf[3] = 0;
1009 return 4;
1010}
1011
1012static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1013 uint8_t *outbuf)
1014{
1015 int size;
1016 uint8_t *buf = r->req.cmd.buf;
1017 uint8_t notification_class_request = buf[4];
1018 if (s->qdev.type != TYPE_ROM) {
1019 return -1;
1020 }
1021 if ((buf[1] & 1) == 0) {
1022
1023 return -1;
1024 }
1025
1026 size = 4;
1027 outbuf[0] = outbuf[1] = 0;
1028 outbuf[3] = 1 << GESN_MEDIA;
1029 if (notification_class_request & (1 << GESN_MEDIA)) {
1030 outbuf[2] = GESN_MEDIA;
1031 size += scsi_event_status_media(s, &outbuf[size]);
1032 } else {
1033 outbuf[2] = 0x80;
1034 }
1035 stw_be_p(outbuf, size - 4);
1036 return size;
1037}
1038
1039static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1040{
1041 int current;
1042
1043 if (s->qdev.type != TYPE_ROM) {
1044 return -1;
1045 }
1046
1047 if (media_is_dvd(s)) {
1048 current = MMC_PROFILE_DVD_ROM;
1049 } else if (media_is_cd(s)) {
1050 current = MMC_PROFILE_CD_ROM;
1051 } else {
1052 current = MMC_PROFILE_NONE;
1053 }
1054
1055 memset(outbuf, 0, 40);
1056 stl_be_p(&outbuf[0], 36);
1057 stw_be_p(&outbuf[6], current);
1058
1059 outbuf[10] = 0x03;
1060 outbuf[11] = 8;
1061 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1062 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1063 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1064 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1065
1066 stw_be_p(&outbuf[20], 1);
1067 outbuf[22] = 0x08 | 0x03;
1068 outbuf[23] = 8;
1069 stl_be_p(&outbuf[24], 1);
1070 outbuf[28] = 1;
1071
1072 stw_be_p(&outbuf[32], 3);
1073 outbuf[34] = 0x08 | 0x03;
1074 outbuf[35] = 4;
1075 outbuf[36] = 0x39;
1076
1077
1078 return 40;
1079}
1080
1081static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1082{
1083 if (s->qdev.type != TYPE_ROM) {
1084 return -1;
1085 }
1086 memset(outbuf, 0, 8);
1087 outbuf[5] = 1;
1088 return 8;
1089}
1090
1091static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1092 int page_control)
1093{
1094 static const int mode_sense_valid[0x3f] = {
1095 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1096 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1097 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1098 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1099 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1100 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1101 };
1102
1103 uint8_t *p = *p_outbuf + 2;
1104 int length;
1105
1106 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1107 return -1;
1108 }
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122 switch (page) {
1123 case MODE_PAGE_HD_GEOMETRY:
1124 length = 0x16;
1125 if (page_control == 1) {
1126 break;
1127 }
1128
1129 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1130 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1131 p[2] = s->qdev.conf.cyls & 0xff;
1132 p[3] = s->qdev.conf.heads & 0xff;
1133
1134 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1135 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1136 p[6] = s->qdev.conf.cyls & 0xff;
1137
1138 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1139 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1140 p[9] = s->qdev.conf.cyls & 0xff;
1141
1142 p[10] = 0;
1143 p[11] = 200;
1144
1145 p[12] = 0xff;
1146 p[13] = 0xff;
1147 p[14] = 0xff;
1148
1149 p[18] = (5400 >> 8) & 0xff;
1150 p[19] = 5400 & 0xff;
1151 break;
1152
1153 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1154 length = 0x1e;
1155 if (page_control == 1) {
1156 break;
1157 }
1158
1159 p[0] = 5000 >> 8;
1160 p[1] = 5000 & 0xff;
1161
1162 p[2] = s->qdev.conf.heads & 0xff;
1163 p[3] = s->qdev.conf.secs & 0xff;
1164 p[4] = s->qdev.blocksize >> 8;
1165 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1166 p[7] = s->qdev.conf.cyls & 0xff;
1167
1168 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1169 p[9] = s->qdev.conf.cyls & 0xff;
1170
1171 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1172 p[11] = s->qdev.conf.cyls & 0xff;
1173
1174 p[12] = 0;
1175 p[13] = 1;
1176
1177 p[14] = 1;
1178
1179 p[15] = 0;
1180 p[16] = 1;
1181
1182 p[17] = 1;
1183
1184 p[18] = 1;
1185
1186 p[26] = (5400 >> 8) & 0xff;
1187 p[27] = 5400 & 0xff;
1188 break;
1189
1190 case MODE_PAGE_CACHING:
1191 length = 0x12;
1192 if (page_control == 1 ||
1193 blk_enable_write_cache(s->qdev.conf.blk)) {
1194 p[0] = 4;
1195 }
1196 break;
1197
1198 case MODE_PAGE_R_W_ERROR:
1199 length = 10;
1200 if (page_control == 1) {
1201 break;
1202 }
1203 p[0] = 0x80;
1204 if (s->qdev.type == TYPE_ROM) {
1205 p[1] = 0x20;
1206 }
1207 break;
1208
1209 case MODE_PAGE_AUDIO_CTL:
1210 length = 14;
1211 break;
1212
1213 case MODE_PAGE_CAPABILITIES:
1214 length = 0x14;
1215 if (page_control == 1) {
1216 break;
1217 }
1218
1219 p[0] = 0x3b;
1220 p[1] = 0;
1221 p[2] = 0x7f;
1222
1223 p[3] = 0xff;
1224
1225
1226 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1227
1228 p[5] = 0;
1229
1230 p[6] = (50 * 176) >> 8;
1231 p[7] = (50 * 176) & 0xff;
1232 p[8] = 2 >> 8;
1233 p[9] = 2 & 0xff;
1234 p[10] = 2048 >> 8;
1235 p[11] = 2048 & 0xff;
1236 p[12] = (16 * 176) >> 8;
1237 p[13] = (16 * 176) & 0xff;
1238 p[16] = (16 * 176) >> 8;
1239 p[17] = (16 * 176) & 0xff;
1240 p[18] = (16 * 176) >> 8;
1241 p[19] = (16 * 176) & 0xff;
1242 break;
1243
1244 default:
1245 return -1;
1246 }
1247
1248 assert(length < 256);
1249 (*p_outbuf)[0] = page;
1250 (*p_outbuf)[1] = length;
1251 *p_outbuf += length + 2;
1252 return length + 2;
1253}
1254
1255static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1256{
1257 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1258 uint64_t nb_sectors;
1259 bool dbd;
1260 int page, buflen, ret, page_control;
1261 uint8_t *p;
1262 uint8_t dev_specific_param;
1263
1264 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1265 page = r->req.cmd.buf[2] & 0x3f;
1266 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1267 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1268 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1269 memset(outbuf, 0, r->req.cmd.xfer);
1270 p = outbuf;
1271
1272 if (s->qdev.type == TYPE_DISK) {
1273 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1274 if (blk_is_read_only(s->qdev.conf.blk)) {
1275 dev_specific_param |= 0x80;
1276 }
1277 } else {
1278
1279
1280 dev_specific_param = 0x00;
1281 dbd = true;
1282 }
1283
1284 if (r->req.cmd.buf[0] == MODE_SENSE) {
1285 p[1] = 0;
1286 p[2] = dev_specific_param;
1287 p[3] = 0;
1288 p += 4;
1289 } else {
1290 p[2] = 0;
1291 p[3] = dev_specific_param;
1292 p[6] = p[7] = 0;
1293 p += 8;
1294 }
1295
1296 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1297 if (!dbd && nb_sectors) {
1298 if (r->req.cmd.buf[0] == MODE_SENSE) {
1299 outbuf[3] = 8;
1300 } else {
1301 outbuf[7] = 8;
1302 }
1303 nb_sectors /= (s->qdev.blocksize / 512);
1304 if (nb_sectors > 0xffffff) {
1305 nb_sectors = 0;
1306 }
1307 p[0] = 0;
1308 p[1] = (nb_sectors >> 16) & 0xff;
1309 p[2] = (nb_sectors >> 8) & 0xff;
1310 p[3] = nb_sectors & 0xff;
1311 p[4] = 0;
1312 p[5] = 0;
1313 p[6] = s->qdev.blocksize >> 8;
1314 p[7] = 0;
1315 p += 8;
1316 }
1317
1318 if (page_control == 3) {
1319
1320 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1321 return -1;
1322 }
1323
1324 if (page == 0x3f) {
1325 for (page = 0; page <= 0x3e; page++) {
1326 mode_sense_page(s, page, &p, page_control);
1327 }
1328 } else {
1329 ret = mode_sense_page(s, page, &p, page_control);
1330 if (ret == -1) {
1331 return -1;
1332 }
1333 }
1334
1335 buflen = p - outbuf;
1336
1337
1338
1339
1340
1341 if (r->req.cmd.buf[0] == MODE_SENSE) {
1342 outbuf[0] = buflen - 1;
1343 } else {
1344 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1345 outbuf[1] = (buflen - 2) & 0xff;
1346 }
1347 return buflen;
1348}
1349
1350static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1351{
1352 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1353 int start_track, format, msf, toclen;
1354 uint64_t nb_sectors;
1355
1356 msf = req->cmd.buf[1] & 2;
1357 format = req->cmd.buf[2] & 0xf;
1358 start_track = req->cmd.buf[6];
1359 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1360 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1361 nb_sectors /= s->qdev.blocksize / 512;
1362 switch (format) {
1363 case 0:
1364 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1365 break;
1366 case 1:
1367
1368 toclen = 12;
1369 memset(outbuf, 0, 12);
1370 outbuf[1] = 0x0a;
1371 outbuf[2] = 0x01;
1372 outbuf[3] = 0x01;
1373 break;
1374 case 2:
1375 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1376 break;
1377 default:
1378 return -1;
1379 }
1380 return toclen;
1381}
1382
1383static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1384{
1385 SCSIRequest *req = &r->req;
1386 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1387 bool start = req->cmd.buf[4] & 1;
1388 bool loej = req->cmd.buf[4] & 2;
1389 int pwrcnd = req->cmd.buf[4] & 0xf0;
1390
1391 if (pwrcnd) {
1392
1393 return 0;
1394 }
1395
1396 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1397 if (!start && !s->tray_open && s->tray_locked) {
1398 scsi_check_condition(r,
1399 blk_is_inserted(s->qdev.conf.blk)
1400 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1401 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1402 return -1;
1403 }
1404
1405 if (s->tray_open != !start) {
1406 blk_eject(s->qdev.conf.blk, !start);
1407 s->tray_open = !start;
1408 }
1409 }
1410 return 0;
1411}
1412
1413static void scsi_disk_emulate_read_data(SCSIRequest *req)
1414{
1415 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1416 int buflen = r->iov.iov_len;
1417
1418 if (buflen) {
1419 DPRINTF("Read buf_len=%d\n", buflen);
1420 r->iov.iov_len = 0;
1421 r->started = true;
1422 scsi_req_data(&r->req, buflen);
1423 return;
1424 }
1425
1426
1427 scsi_req_complete(&r->req, GOOD);
1428}
1429
1430static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1431 uint8_t *inbuf, int inlen)
1432{
1433 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1434 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1435 uint8_t *p;
1436 int len, expected_len, changeable_len, i;
1437
1438
1439
1440
1441 expected_len = inlen + 2;
1442 if (expected_len > SCSI_MAX_MODE_LEN) {
1443 return -1;
1444 }
1445
1446 p = mode_current;
1447 memset(mode_current, 0, inlen + 2);
1448 len = mode_sense_page(s, page, &p, 0);
1449 if (len < 0 || len != expected_len) {
1450 return -1;
1451 }
1452
1453 p = mode_changeable;
1454 memset(mode_changeable, 0, inlen + 2);
1455 changeable_len = mode_sense_page(s, page, &p, 1);
1456 assert(changeable_len == len);
1457
1458
1459
1460
1461 for (i = 2; i < len; i++) {
1462 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1463 return -1;
1464 }
1465 }
1466 return 0;
1467}
1468
1469static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1470{
1471 switch (page) {
1472 case MODE_PAGE_CACHING:
1473 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1474 break;
1475
1476 default:
1477 break;
1478 }
1479}
1480
1481static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1482{
1483 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1484
1485 while (len > 0) {
1486 int page, subpage, page_len;
1487
1488
1489 page = p[0] & 0x3f;
1490 if (p[0] & 0x40) {
1491 if (len < 4) {
1492 goto invalid_param_len;
1493 }
1494 subpage = p[1];
1495 page_len = lduw_be_p(&p[2]);
1496 p += 4;
1497 len -= 4;
1498 } else {
1499 if (len < 2) {
1500 goto invalid_param_len;
1501 }
1502 subpage = 0;
1503 page_len = p[1];
1504 p += 2;
1505 len -= 2;
1506 }
1507
1508 if (subpage) {
1509 goto invalid_param;
1510 }
1511 if (page_len > len) {
1512 goto invalid_param_len;
1513 }
1514
1515 if (!change) {
1516 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1517 goto invalid_param;
1518 }
1519 } else {
1520 scsi_disk_apply_mode_select(s, page, p);
1521 }
1522
1523 p += page_len;
1524 len -= page_len;
1525 }
1526 return 0;
1527
1528invalid_param:
1529 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1530 return -1;
1531
1532invalid_param_len:
1533 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1534 return -1;
1535}
1536
1537static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1538{
1539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1540 uint8_t *p = inbuf;
1541 int cmd = r->req.cmd.buf[0];
1542 int len = r->req.cmd.xfer;
1543 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1544 int bd_len;
1545 int pass;
1546
1547
1548 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1549 goto invalid_field;
1550 }
1551
1552 if (len < hdr_len) {
1553 goto invalid_param_len;
1554 }
1555
1556 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1557 len -= hdr_len;
1558 p += hdr_len;
1559 if (len < bd_len) {
1560 goto invalid_param_len;
1561 }
1562 if (bd_len != 0 && bd_len != 8) {
1563 goto invalid_param;
1564 }
1565
1566 len -= bd_len;
1567 p += bd_len;
1568
1569
1570 for (pass = 0; pass < 2; pass++) {
1571 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1572 assert(pass == 0);
1573 return;
1574 }
1575 }
1576 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1577
1578 scsi_req_ref(&r->req);
1579 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1580 BLOCK_ACCT_FLUSH);
1581 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1582 return;
1583 }
1584
1585 scsi_req_complete(&r->req, GOOD);
1586 return;
1587
1588invalid_param:
1589 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1590 return;
1591
1592invalid_param_len:
1593 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1594 return;
1595
1596invalid_field:
1597 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1598}
1599
1600static inline bool check_lba_range(SCSIDiskState *s,
1601 uint64_t sector_num, uint32_t nb_sectors)
1602{
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612 return (sector_num <= sector_num + nb_sectors &&
1613 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1614}
1615
1616typedef struct UnmapCBData {
1617 SCSIDiskReq *r;
1618 uint8_t *inbuf;
1619 int count;
1620} UnmapCBData;
1621
1622static void scsi_unmap_complete(void *opaque, int ret);
1623
1624static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1625{
1626 SCSIDiskReq *r = data->r;
1627 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1628 uint64_t sector_num;
1629 uint32_t nb_sectors;
1630
1631 assert(r->req.aiocb == NULL);
1632 if (scsi_disk_req_check_error(r, ret, false)) {
1633 goto done;
1634 }
1635
1636 if (data->count > 0) {
1637 sector_num = ldq_be_p(&data->inbuf[0]);
1638 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1639 if (!check_lba_range(s, sector_num, nb_sectors)) {
1640 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1641 goto done;
1642 }
1643
1644 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1645 sector_num * s->qdev.blocksize,
1646 nb_sectors * s->qdev.blocksize,
1647 scsi_unmap_complete, data);
1648 data->count--;
1649 data->inbuf += 16;
1650 return;
1651 }
1652
1653 scsi_req_complete(&r->req, GOOD);
1654
1655done:
1656 scsi_req_unref(&r->req);
1657 g_free(data);
1658}
1659
1660static void scsi_unmap_complete(void *opaque, int ret)
1661{
1662 UnmapCBData *data = opaque;
1663 SCSIDiskReq *r = data->r;
1664 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1665
1666 assert(r->req.aiocb != NULL);
1667 r->req.aiocb = NULL;
1668
1669 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1670 scsi_unmap_complete_noio(data, ret);
1671 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1672}
1673
1674static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1675{
1676 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1677 uint8_t *p = inbuf;
1678 int len = r->req.cmd.xfer;
1679 UnmapCBData *data;
1680
1681
1682 if (r->req.cmd.buf[1] & 0x1) {
1683 goto invalid_field;
1684 }
1685
1686 if (len < 8) {
1687 goto invalid_param_len;
1688 }
1689 if (len < lduw_be_p(&p[0]) + 2) {
1690 goto invalid_param_len;
1691 }
1692 if (len < lduw_be_p(&p[2]) + 8) {
1693 goto invalid_param_len;
1694 }
1695 if (lduw_be_p(&p[2]) & 15) {
1696 goto invalid_param_len;
1697 }
1698
1699 if (blk_is_read_only(s->qdev.conf.blk)) {
1700 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1701 return;
1702 }
1703
1704 data = g_new0(UnmapCBData, 1);
1705 data->r = r;
1706 data->inbuf = &p[8];
1707 data->count = lduw_be_p(&p[2]) >> 4;
1708
1709
1710 scsi_req_ref(&r->req);
1711 scsi_unmap_complete_noio(data, 0);
1712 return;
1713
1714invalid_param_len:
1715 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1716 return;
1717
1718invalid_field:
1719 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1720}
1721
1722typedef struct WriteSameCBData {
1723 SCSIDiskReq *r;
1724 int64_t sector;
1725 int nb_sectors;
1726 QEMUIOVector qiov;
1727 struct iovec iov;
1728} WriteSameCBData;
1729
1730static void scsi_write_same_complete(void *opaque, int ret)
1731{
1732 WriteSameCBData *data = opaque;
1733 SCSIDiskReq *r = data->r;
1734 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1735
1736 assert(r->req.aiocb != NULL);
1737 r->req.aiocb = NULL;
1738 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1739 if (scsi_disk_req_check_error(r, ret, true)) {
1740 goto done;
1741 }
1742
1743 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1744
1745 data->nb_sectors -= data->iov.iov_len / 512;
1746 data->sector += data->iov.iov_len / 512;
1747 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1748 if (data->iov.iov_len) {
1749 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1750 data->iov.iov_len, BLOCK_ACCT_WRITE);
1751
1752
1753 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1754 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1755 data->sector << BDRV_SECTOR_BITS,
1756 &data->qiov, 0,
1757 scsi_write_same_complete, data);
1758 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1759 return;
1760 }
1761
1762 scsi_req_complete(&r->req, GOOD);
1763
1764done:
1765 scsi_req_unref(&r->req);
1766 qemu_vfree(data->iov.iov_base);
1767 g_free(data);
1768 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1769}
1770
1771static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1772{
1773 SCSIRequest *req = &r->req;
1774 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1775 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1776 WriteSameCBData *data;
1777 uint8_t *buf;
1778 int i;
1779
1780
1781 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1782 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1783 return;
1784 }
1785
1786 if (blk_is_read_only(s->qdev.conf.blk)) {
1787 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1788 return;
1789 }
1790 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1791 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1792 return;
1793 }
1794
1795 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1796 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1797
1798
1799 scsi_req_ref(&r->req);
1800 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1801 nb_sectors * s->qdev.blocksize,
1802 BLOCK_ACCT_WRITE);
1803 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1804 r->req.cmd.lba * s->qdev.blocksize,
1805 nb_sectors * s->qdev.blocksize,
1806 flags, scsi_aio_complete, r);
1807 return;
1808 }
1809
1810 data = g_new0(WriteSameCBData, 1);
1811 data->r = r;
1812 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1813 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1814 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1815 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1816 data->iov.iov_len);
1817 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1818
1819 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1820 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1821 }
1822
1823 scsi_req_ref(&r->req);
1824 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1825 data->iov.iov_len, BLOCK_ACCT_WRITE);
1826 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1827 data->sector << BDRV_SECTOR_BITS,
1828 &data->qiov, 0,
1829 scsi_write_same_complete, data);
1830}
1831
1832static void scsi_disk_emulate_write_data(SCSIRequest *req)
1833{
1834 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1835
1836 if (r->iov.iov_len) {
1837 int buflen = r->iov.iov_len;
1838 DPRINTF("Write buf_len=%d\n", buflen);
1839 r->iov.iov_len = 0;
1840 scsi_req_data(&r->req, buflen);
1841 return;
1842 }
1843
1844 switch (req->cmd.buf[0]) {
1845 case MODE_SELECT:
1846 case MODE_SELECT_10:
1847
1848 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1849 break;
1850
1851 case UNMAP:
1852 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1853 break;
1854
1855 case VERIFY_10:
1856 case VERIFY_12:
1857 case VERIFY_16:
1858 if (r->req.status == -1) {
1859 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1860 }
1861 break;
1862
1863 case WRITE_SAME_10:
1864 case WRITE_SAME_16:
1865 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1866 break;
1867
1868 default:
1869 abort();
1870 }
1871}
1872
1873static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1874{
1875 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1876 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1877 uint64_t nb_sectors;
1878 uint8_t *outbuf;
1879 int buflen;
1880
1881 switch (req->cmd.buf[0]) {
1882 case INQUIRY:
1883 case MODE_SENSE:
1884 case MODE_SENSE_10:
1885 case RESERVE:
1886 case RESERVE_10:
1887 case RELEASE:
1888 case RELEASE_10:
1889 case START_STOP:
1890 case ALLOW_MEDIUM_REMOVAL:
1891 case GET_CONFIGURATION:
1892 case GET_EVENT_STATUS_NOTIFICATION:
1893 case MECHANISM_STATUS:
1894 case REQUEST_SENSE:
1895 break;
1896
1897 default:
1898 if (!blk_is_available(s->qdev.conf.blk)) {
1899 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1900 return 0;
1901 }
1902 break;
1903 }
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913 if (req->cmd.xfer > 65536) {
1914 goto illegal_request;
1915 }
1916 r->buflen = MAX(4096, req->cmd.xfer);
1917
1918 if (!r->iov.iov_base) {
1919 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1920 }
1921
1922 buflen = req->cmd.xfer;
1923 outbuf = r->iov.iov_base;
1924 memset(outbuf, 0, r->buflen);
1925 switch (req->cmd.buf[0]) {
1926 case TEST_UNIT_READY:
1927 assert(blk_is_available(s->qdev.conf.blk));
1928 break;
1929 case INQUIRY:
1930 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1931 if (buflen < 0) {
1932 goto illegal_request;
1933 }
1934 break;
1935 case MODE_SENSE:
1936 case MODE_SENSE_10:
1937 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1938 if (buflen < 0) {
1939 goto illegal_request;
1940 }
1941 break;
1942 case READ_TOC:
1943 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1944 if (buflen < 0) {
1945 goto illegal_request;
1946 }
1947 break;
1948 case RESERVE:
1949 if (req->cmd.buf[1] & 1) {
1950 goto illegal_request;
1951 }
1952 break;
1953 case RESERVE_10:
1954 if (req->cmd.buf[1] & 3) {
1955 goto illegal_request;
1956 }
1957 break;
1958 case RELEASE:
1959 if (req->cmd.buf[1] & 1) {
1960 goto illegal_request;
1961 }
1962 break;
1963 case RELEASE_10:
1964 if (req->cmd.buf[1] & 3) {
1965 goto illegal_request;
1966 }
1967 break;
1968 case START_STOP:
1969 if (scsi_disk_emulate_start_stop(r) < 0) {
1970 return 0;
1971 }
1972 break;
1973 case ALLOW_MEDIUM_REMOVAL:
1974 s->tray_locked = req->cmd.buf[4] & 1;
1975 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1976 break;
1977 case READ_CAPACITY_10:
1978
1979 memset(outbuf, 0, 8);
1980 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1981 if (!nb_sectors) {
1982 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1983 return 0;
1984 }
1985 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1986 goto illegal_request;
1987 }
1988 nb_sectors /= s->qdev.blocksize / 512;
1989
1990 nb_sectors--;
1991
1992 s->qdev.max_lba = nb_sectors;
1993
1994 if (nb_sectors > UINT32_MAX) {
1995 nb_sectors = UINT32_MAX;
1996 }
1997 outbuf[0] = (nb_sectors >> 24) & 0xff;
1998 outbuf[1] = (nb_sectors >> 16) & 0xff;
1999 outbuf[2] = (nb_sectors >> 8) & 0xff;
2000 outbuf[3] = nb_sectors & 0xff;
2001 outbuf[4] = 0;
2002 outbuf[5] = 0;
2003 outbuf[6] = s->qdev.blocksize >> 8;
2004 outbuf[7] = 0;
2005 break;
2006 case REQUEST_SENSE:
2007
2008 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2009 (req->cmd.buf[1] & 1) == 0);
2010 if (buflen < 0) {
2011 goto illegal_request;
2012 }
2013 break;
2014 case MECHANISM_STATUS:
2015 buflen = scsi_emulate_mechanism_status(s, outbuf);
2016 if (buflen < 0) {
2017 goto illegal_request;
2018 }
2019 break;
2020 case GET_CONFIGURATION:
2021 buflen = scsi_get_configuration(s, outbuf);
2022 if (buflen < 0) {
2023 goto illegal_request;
2024 }
2025 break;
2026 case GET_EVENT_STATUS_NOTIFICATION:
2027 buflen = scsi_get_event_status_notification(s, r, outbuf);
2028 if (buflen < 0) {
2029 goto illegal_request;
2030 }
2031 break;
2032 case READ_DISC_INFORMATION:
2033 buflen = scsi_read_disc_information(s, r, outbuf);
2034 if (buflen < 0) {
2035 goto illegal_request;
2036 }
2037 break;
2038 case READ_DVD_STRUCTURE:
2039 buflen = scsi_read_dvd_structure(s, r, outbuf);
2040 if (buflen < 0) {
2041 goto illegal_request;
2042 }
2043 break;
2044 case SERVICE_ACTION_IN_16:
2045
2046 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2047 DPRINTF("SAI READ CAPACITY(16)\n");
2048 memset(outbuf, 0, req->cmd.xfer);
2049 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2050 if (!nb_sectors) {
2051 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2052 return 0;
2053 }
2054 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2055 goto illegal_request;
2056 }
2057 nb_sectors /= s->qdev.blocksize / 512;
2058
2059 nb_sectors--;
2060
2061 s->qdev.max_lba = nb_sectors;
2062 outbuf[0] = (nb_sectors >> 56) & 0xff;
2063 outbuf[1] = (nb_sectors >> 48) & 0xff;
2064 outbuf[2] = (nb_sectors >> 40) & 0xff;
2065 outbuf[3] = (nb_sectors >> 32) & 0xff;
2066 outbuf[4] = (nb_sectors >> 24) & 0xff;
2067 outbuf[5] = (nb_sectors >> 16) & 0xff;
2068 outbuf[6] = (nb_sectors >> 8) & 0xff;
2069 outbuf[7] = nb_sectors & 0xff;
2070 outbuf[8] = 0;
2071 outbuf[9] = 0;
2072 outbuf[10] = s->qdev.blocksize >> 8;
2073 outbuf[11] = 0;
2074 outbuf[12] = 0;
2075 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2076
2077
2078 if (s->qdev.conf.discard_granularity) {
2079 outbuf[14] = 0x80;
2080 }
2081
2082
2083 break;
2084 }
2085 DPRINTF("Unsupported Service Action In\n");
2086 goto illegal_request;
2087 case SYNCHRONIZE_CACHE:
2088
2089 scsi_req_ref(&r->req);
2090 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2091 BLOCK_ACCT_FLUSH);
2092 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2093 return 0;
2094 case SEEK_10:
2095 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2096 if (r->req.cmd.lba > s->qdev.max_lba) {
2097 goto illegal_lba;
2098 }
2099 break;
2100 case MODE_SELECT:
2101 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2102 break;
2103 case MODE_SELECT_10:
2104 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2105 break;
2106 case UNMAP:
2107 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2108 break;
2109 case VERIFY_10:
2110 case VERIFY_12:
2111 case VERIFY_16:
2112 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2113 if (req->cmd.buf[1] & 6) {
2114 goto illegal_request;
2115 }
2116 break;
2117 case WRITE_SAME_10:
2118 case WRITE_SAME_16:
2119 DPRINTF("WRITE SAME %d (len %lu)\n",
2120 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2121 (unsigned long)r->req.cmd.xfer);
2122 break;
2123 default:
2124 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2125 scsi_command_name(buf[0]));
2126 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2127 return 0;
2128 }
2129 assert(!r->req.aiocb);
2130 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2131 if (r->iov.iov_len == 0) {
2132 scsi_req_complete(&r->req, GOOD);
2133 }
2134 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2135 assert(r->iov.iov_len == req->cmd.xfer);
2136 return -r->iov.iov_len;
2137 } else {
2138 return r->iov.iov_len;
2139 }
2140
2141illegal_request:
2142 if (r->req.status == -1) {
2143 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2144 }
2145 return 0;
2146
2147illegal_lba:
2148 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2149 return 0;
2150}
2151
2152
2153
2154
2155
2156
2157static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2158{
2159 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2161 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2162 uint32_t len;
2163 uint8_t command;
2164
2165 command = buf[0];
2166
2167 if (!blk_is_available(s->qdev.conf.blk)) {
2168 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2169 return 0;
2170 }
2171
2172 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2173 switch (command) {
2174 case READ_6:
2175 case READ_10:
2176 case READ_12:
2177 case READ_16:
2178 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2179 if (r->req.cmd.buf[1] & 0xe0) {
2180 goto illegal_request;
2181 }
2182 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2183 goto illegal_lba;
2184 }
2185 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2186 r->sector_count = len * (s->qdev.blocksize / 512);
2187 break;
2188 case WRITE_6:
2189 case WRITE_10:
2190 case WRITE_12:
2191 case WRITE_16:
2192 case WRITE_VERIFY_10:
2193 case WRITE_VERIFY_12:
2194 case WRITE_VERIFY_16:
2195 if (blk_is_read_only(s->qdev.conf.blk)) {
2196 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2197 return 0;
2198 }
2199 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2200 (command & 0xe) == 0xe ? "And Verify " : "",
2201 r->req.cmd.lba, len);
2202
2203 case VERIFY_10:
2204 case VERIFY_12:
2205 case VERIFY_16:
2206
2207
2208
2209
2210 if (r->req.cmd.buf[1] & 0xe0) {
2211 goto illegal_request;
2212 }
2213 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2214 goto illegal_lba;
2215 }
2216 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2217 r->sector_count = len * (s->qdev.blocksize / 512);
2218 break;
2219 default:
2220 abort();
2221 illegal_request:
2222 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2223 return 0;
2224 illegal_lba:
2225 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2226 return 0;
2227 }
2228 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2229 if (r->sector_count == 0) {
2230 scsi_req_complete(&r->req, GOOD);
2231 }
2232 assert(r->iov.iov_len == 0);
2233 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2234 return -r->sector_count * 512;
2235 } else {
2236 return r->sector_count * 512;
2237 }
2238}
2239
2240static void scsi_disk_reset(DeviceState *dev)
2241{
2242 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2243 uint64_t nb_sectors;
2244
2245 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2246
2247 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2248 nb_sectors /= s->qdev.blocksize / 512;
2249 if (nb_sectors) {
2250 nb_sectors--;
2251 }
2252 s->qdev.max_lba = nb_sectors;
2253
2254 s->tray_locked = 0;
2255 s->tray_open = 0;
2256}
2257
2258static void scsi_disk_resize_cb(void *opaque)
2259{
2260 SCSIDiskState *s = opaque;
2261
2262
2263
2264
2265 if (s->qdev.type == TYPE_DISK) {
2266 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2267 }
2268}
2269
2270static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2271{
2272 SCSIDiskState *s = opaque;
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284 s->media_changed = load;
2285 s->tray_open = !load;
2286 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2287 s->media_event = true;
2288 s->eject_request = false;
2289}
2290
2291static void scsi_cd_eject_request_cb(void *opaque, bool force)
2292{
2293 SCSIDiskState *s = opaque;
2294
2295 s->eject_request = true;
2296 if (force) {
2297 s->tray_locked = false;
2298 }
2299}
2300
2301static bool scsi_cd_is_tray_open(void *opaque)
2302{
2303 return ((SCSIDiskState *)opaque)->tray_open;
2304}
2305
2306static bool scsi_cd_is_medium_locked(void *opaque)
2307{
2308 return ((SCSIDiskState *)opaque)->tray_locked;
2309}
2310
2311static const BlockDevOps scsi_disk_removable_block_ops = {
2312 .change_media_cb = scsi_cd_change_media_cb,
2313 .eject_request_cb = scsi_cd_eject_request_cb,
2314 .is_tray_open = scsi_cd_is_tray_open,
2315 .is_medium_locked = scsi_cd_is_medium_locked,
2316
2317 .resize_cb = scsi_disk_resize_cb,
2318};
2319
2320static const BlockDevOps scsi_disk_block_ops = {
2321 .resize_cb = scsi_disk_resize_cb,
2322};
2323
2324static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2325{
2326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2327 if (s->media_changed) {
2328 s->media_changed = false;
2329 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2330 }
2331}
2332
2333static void scsi_realize(SCSIDevice *dev, Error **errp)
2334{
2335 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2336 Error *err = NULL;
2337
2338 if (!s->qdev.conf.blk) {
2339 error_setg(errp, "drive property not set");
2340 return;
2341 }
2342
2343 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2344 !blk_is_inserted(s->qdev.conf.blk)) {
2345 error_setg(errp, "Device needs media, but drive is empty");
2346 return;
2347 }
2348
2349 blkconf_serial(&s->qdev.conf, &s->serial);
2350 blkconf_blocksizes(&s->qdev.conf);
2351
2352 if (s->qdev.conf.logical_block_size >
2353 s->qdev.conf.physical_block_size) {
2354 error_setg(errp,
2355 "logical_block_size > physical_block_size not supported");
2356 return;
2357 }
2358
2359 if (dev->type == TYPE_DISK) {
2360 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2361 if (err) {
2362 error_propagate(errp, err);
2363 return;
2364 }
2365 }
2366 blkconf_apply_backend_options(&dev->conf,
2367 blk_is_read_only(s->qdev.conf.blk),
2368 dev->type == TYPE_DISK, &err);
2369 if (err) {
2370 error_propagate(errp, err);
2371 return;
2372 }
2373
2374 if (s->qdev.conf.discard_granularity == -1) {
2375 s->qdev.conf.discard_granularity =
2376 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2377 }
2378
2379 if (!s->version) {
2380 s->version = g_strdup(qemu_hw_version());
2381 }
2382 if (!s->vendor) {
2383 s->vendor = g_strdup("QEMU");
2384 }
2385
2386 if (blk_is_sg(s->qdev.conf.blk)) {
2387 error_setg(errp, "unwanted /dev/sg*");
2388 return;
2389 }
2390
2391 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2392 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2393 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2394 } else {
2395 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2396 }
2397 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2398
2399 blk_iostatus_enable(s->qdev.conf.blk);
2400}
2401
2402static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2403{
2404 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2405
2406
2407
2408 if (s->qdev.conf.blk) {
2409 blkconf_blocksizes(&s->qdev.conf);
2410 }
2411 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2412 s->qdev.type = TYPE_DISK;
2413 if (!s->product) {
2414 s->product = g_strdup("QEMU HARDDISK");
2415 }
2416 scsi_realize(&s->qdev, errp);
2417}
2418
2419static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2420{
2421 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2422 int ret;
2423
2424 if (!dev->conf.blk) {
2425
2426
2427 dev->conf.blk = blk_new(0, BLK_PERM_ALL);
2428 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2429 assert(ret == 0);
2430 }
2431
2432 s->qdev.blocksize = 2048;
2433 s->qdev.type = TYPE_ROM;
2434 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2435 if (!s->product) {
2436 s->product = g_strdup("QEMU CD-ROM");
2437 }
2438 scsi_realize(&s->qdev, errp);
2439}
2440
2441static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2442{
2443 DriveInfo *dinfo;
2444 Error *local_err = NULL;
2445
2446 if (!dev->conf.blk) {
2447 scsi_realize(dev, &local_err);
2448 assert(local_err);
2449 error_propagate(errp, local_err);
2450 return;
2451 }
2452
2453 dinfo = blk_legacy_dinfo(dev->conf.blk);
2454 if (dinfo && dinfo->media_cd) {
2455 scsi_cd_realize(dev, errp);
2456 } else {
2457 scsi_hd_realize(dev, errp);
2458 }
2459}
2460
2461static const SCSIReqOps scsi_disk_emulate_reqops = {
2462 .size = sizeof(SCSIDiskReq),
2463 .free_req = scsi_free_request,
2464 .send_command = scsi_disk_emulate_command,
2465 .read_data = scsi_disk_emulate_read_data,
2466 .write_data = scsi_disk_emulate_write_data,
2467 .get_buf = scsi_get_buf,
2468};
2469
2470static const SCSIReqOps scsi_disk_dma_reqops = {
2471 .size = sizeof(SCSIDiskReq),
2472 .free_req = scsi_free_request,
2473 .send_command = scsi_disk_dma_command,
2474 .read_data = scsi_read_data,
2475 .write_data = scsi_write_data,
2476 .get_buf = scsi_get_buf,
2477 .load_request = scsi_disk_load_request,
2478 .save_request = scsi_disk_save_request,
2479};
2480
2481static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2482 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2483 [INQUIRY] = &scsi_disk_emulate_reqops,
2484 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2485 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2486 [START_STOP] = &scsi_disk_emulate_reqops,
2487 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2488 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2489 [READ_TOC] = &scsi_disk_emulate_reqops,
2490 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2491 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2492 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2493 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2494 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2495 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2496 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2497 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2498 [SEEK_10] = &scsi_disk_emulate_reqops,
2499 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2500 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2501 [UNMAP] = &scsi_disk_emulate_reqops,
2502 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2503 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2504 [VERIFY_10] = &scsi_disk_emulate_reqops,
2505 [VERIFY_12] = &scsi_disk_emulate_reqops,
2506 [VERIFY_16] = &scsi_disk_emulate_reqops,
2507
2508 [READ_6] = &scsi_disk_dma_reqops,
2509 [READ_10] = &scsi_disk_dma_reqops,
2510 [READ_12] = &scsi_disk_dma_reqops,
2511 [READ_16] = &scsi_disk_dma_reqops,
2512 [WRITE_6] = &scsi_disk_dma_reqops,
2513 [WRITE_10] = &scsi_disk_dma_reqops,
2514 [WRITE_12] = &scsi_disk_dma_reqops,
2515 [WRITE_16] = &scsi_disk_dma_reqops,
2516 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2517 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2518 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2519};
2520
2521static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2522 uint8_t *buf, void *hba_private)
2523{
2524 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2525 SCSIRequest *req;
2526 const SCSIReqOps *ops;
2527 uint8_t command;
2528
2529 command = buf[0];
2530 ops = scsi_disk_reqops_dispatch[command];
2531 if (!ops) {
2532 ops = &scsi_disk_emulate_reqops;
2533 }
2534 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2535
2536#ifdef DEBUG_SCSI
2537 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2538 {
2539 int i;
2540 for (i = 1; i < scsi_cdb_length(buf); i++) {
2541 printf(" 0x%02x", buf[i]);
2542 }
2543 printf("\n");
2544 }
2545#endif
2546
2547 return req;
2548}
2549
2550#ifdef __linux__
2551static int get_device_type(SCSIDiskState *s)
2552{
2553 uint8_t cmd[16];
2554 uint8_t buf[36];
2555 uint8_t sensebuf[8];
2556 sg_io_hdr_t io_header;
2557 int ret;
2558
2559 memset(cmd, 0, sizeof(cmd));
2560 memset(buf, 0, sizeof(buf));
2561 cmd[0] = INQUIRY;
2562 cmd[4] = sizeof(buf);
2563
2564 memset(&io_header, 0, sizeof(io_header));
2565 io_header.interface_id = 'S';
2566 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2567 io_header.dxfer_len = sizeof(buf);
2568 io_header.dxferp = buf;
2569 io_header.cmdp = cmd;
2570 io_header.cmd_len = sizeof(cmd);
2571 io_header.mx_sb_len = sizeof(sensebuf);
2572 io_header.sbp = sensebuf;
2573 io_header.timeout = 6000;
2574
2575 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2576 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2577 return -1;
2578 }
2579 s->qdev.type = buf[0];
2580 if (buf[1] & 0x80) {
2581 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2582 }
2583 return 0;
2584}
2585
2586static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2587{
2588 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2589 int sg_version;
2590 int rc;
2591
2592 if (!s->qdev.conf.blk) {
2593 error_setg(errp, "drive property not set");
2594 return;
2595 }
2596
2597
2598 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2599 if (rc < 0) {
2600 error_setg(errp, "cannot get SG_IO version number: %s. "
2601 "Is this a SCSI device?",
2602 strerror(-rc));
2603 return;
2604 }
2605 if (sg_version < 30000) {
2606 error_setg(errp, "scsi generic interface too old");
2607 return;
2608 }
2609
2610
2611 rc = get_device_type(s);
2612 if (rc < 0) {
2613 error_setg(errp, "INQUIRY failed");
2614 return;
2615 }
2616
2617
2618
2619
2620
2621 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2622 s->qdev.blocksize = 2048;
2623 } else {
2624 s->qdev.blocksize = 512;
2625 }
2626
2627
2628
2629
2630 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2631
2632 scsi_realize(&s->qdev, errp);
2633 scsi_generic_read_device_identification(&s->qdev);
2634}
2635
2636typedef struct SCSIBlockReq {
2637 SCSIDiskReq req;
2638 sg_io_hdr_t io_header;
2639
2640
2641 uint8_t cmd, cdb1, group_number;
2642
2643
2644 uint8_t cdb[16];
2645} SCSIBlockReq;
2646
2647static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2648 int64_t offset, QEMUIOVector *iov,
2649 int direction,
2650 BlockCompletionFunc *cb, void *opaque)
2651{
2652 sg_io_hdr_t *io_header = &req->io_header;
2653 SCSIDiskReq *r = &req->req;
2654 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2655 int nb_logical_blocks;
2656 uint64_t lba;
2657 BlockAIOCB *aiocb;
2658
2659
2660
2661
2662
2663 assert(offset % s->qdev.blocksize == 0);
2664 assert(iov->size % s->qdev.blocksize == 0);
2665
2666 io_header->interface_id = 'S';
2667
2668
2669 io_header->dxfer_direction = direction;
2670 io_header->dxfer_len = iov->size;
2671 io_header->dxferp = (void *)iov->iov;
2672 io_header->iovec_count = iov->niov;
2673 assert(io_header->iovec_count == iov->niov);
2674
2675
2676
2677
2678
2679
2680 io_header->cmdp = req->cdb;
2681 lba = offset / s->qdev.blocksize;
2682 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2683
2684 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2685
2686 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2687 req->cdb[4] = nb_logical_blocks;
2688 req->cdb[5] = 0;
2689 io_header->cmd_len = 6;
2690 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2691
2692 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2693 req->cdb[1] = req->cdb1;
2694 stl_be_p(&req->cdb[2], lba);
2695 req->cdb[6] = req->group_number;
2696 stw_be_p(&req->cdb[7], nb_logical_blocks);
2697 req->cdb[9] = 0;
2698 io_header->cmd_len = 10;
2699 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2700
2701 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2702 req->cdb[1] = req->cdb1;
2703 stl_be_p(&req->cdb[2], lba);
2704 stl_be_p(&req->cdb[6], nb_logical_blocks);
2705 req->cdb[10] = req->group_number;
2706 req->cdb[11] = 0;
2707 io_header->cmd_len = 12;
2708 } else {
2709
2710 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2711 req->cdb[1] = req->cdb1;
2712 stq_be_p(&req->cdb[2], lba);
2713 stl_be_p(&req->cdb[10], nb_logical_blocks);
2714 req->cdb[14] = req->group_number;
2715 req->cdb[15] = 0;
2716 io_header->cmd_len = 16;
2717 }
2718
2719
2720 io_header->mx_sb_len = sizeof(r->req.sense);
2721 io_header->sbp = r->req.sense;
2722 io_header->timeout = UINT_MAX;
2723 io_header->usr_ptr = r;
2724 io_header->flags |= SG_FLAG_DIRECT_IO;
2725
2726 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2727 assert(aiocb != NULL);
2728 return aiocb;
2729}
2730
2731static bool scsi_block_no_fua(SCSICommand *cmd)
2732{
2733 return false;
2734}
2735
2736static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2737 QEMUIOVector *iov,
2738 BlockCompletionFunc *cb, void *cb_opaque,
2739 void *opaque)
2740{
2741 SCSIBlockReq *r = opaque;
2742 return scsi_block_do_sgio(r, offset, iov,
2743 SG_DXFER_FROM_DEV, cb, cb_opaque);
2744}
2745
2746static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2747 QEMUIOVector *iov,
2748 BlockCompletionFunc *cb, void *cb_opaque,
2749 void *opaque)
2750{
2751 SCSIBlockReq *r = opaque;
2752 return scsi_block_do_sgio(r, offset, iov,
2753 SG_DXFER_TO_DEV, cb, cb_opaque);
2754}
2755
2756static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2757{
2758 switch (buf[0]) {
2759 case VERIFY_10:
2760 case VERIFY_12:
2761 case VERIFY_16:
2762
2763
2764
2765
2766 if ((buf[1] & 6) == 2) {
2767 return false;
2768 }
2769 break;
2770
2771 case READ_6:
2772 case READ_10:
2773 case READ_12:
2774 case READ_16:
2775 case WRITE_6:
2776 case WRITE_10:
2777 case WRITE_12:
2778 case WRITE_16:
2779 case WRITE_VERIFY_10:
2780 case WRITE_VERIFY_12:
2781 case WRITE_VERIFY_16:
2782
2783
2784
2785
2786
2787
2788 if (s->qdev.type != TYPE_ROM) {
2789 return false;
2790 }
2791 break;
2792
2793 default:
2794 break;
2795 }
2796
2797 return true;
2798}
2799
2800
2801static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2802{
2803 SCSIBlockReq *r = (SCSIBlockReq *)req;
2804 r->cmd = req->cmd.buf[0];
2805 switch (r->cmd >> 5) {
2806 case 0:
2807
2808 r->cdb1 = r->group_number = 0;
2809 break;
2810 case 1:
2811
2812 r->cdb1 = req->cmd.buf[1];
2813 r->group_number = req->cmd.buf[6];
2814 break;
2815 case 4:
2816
2817 r->cdb1 = req->cmd.buf[1];
2818 r->group_number = req->cmd.buf[10];
2819 break;
2820 case 5:
2821
2822 r->cdb1 = req->cmd.buf[1];
2823 r->group_number = req->cmd.buf[14];
2824 break;
2825 default:
2826 abort();
2827 }
2828
2829 if (r->cdb1 & 0xe0) {
2830
2831 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2832 return 0;
2833 }
2834
2835 r->req.status = &r->io_header.status;
2836 return scsi_disk_dma_command(req, buf);
2837}
2838
2839static const SCSIReqOps scsi_block_dma_reqops = {
2840 .size = sizeof(SCSIBlockReq),
2841 .free_req = scsi_free_request,
2842 .send_command = scsi_block_dma_command,
2843 .read_data = scsi_read_data,
2844 .write_data = scsi_write_data,
2845 .get_buf = scsi_get_buf,
2846 .load_request = scsi_disk_load_request,
2847 .save_request = scsi_disk_save_request,
2848};
2849
2850static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2851 uint32_t lun, uint8_t *buf,
2852 void *hba_private)
2853{
2854 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2855
2856 if (scsi_block_is_passthrough(s, buf)) {
2857 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2858 hba_private);
2859 } else {
2860 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2861 hba_private);
2862 }
2863}
2864
2865static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2866 uint8_t *buf, void *hba_private)
2867{
2868 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2869
2870 if (scsi_block_is_passthrough(s, buf)) {
2871 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2872 } else {
2873 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2874 }
2875}
2876
2877#endif
2878
2879static
2880BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2881 BlockCompletionFunc *cb, void *cb_opaque,
2882 void *opaque)
2883{
2884 SCSIDiskReq *r = opaque;
2885 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2886 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2887}
2888
2889static
2890BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2891 BlockCompletionFunc *cb, void *cb_opaque,
2892 void *opaque)
2893{
2894 SCSIDiskReq *r = opaque;
2895 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2896 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2897}
2898
2899static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2900{
2901 DeviceClass *dc = DEVICE_CLASS(klass);
2902 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2903
2904 dc->fw_name = "disk";
2905 dc->reset = scsi_disk_reset;
2906 sdc->dma_readv = scsi_dma_readv;
2907 sdc->dma_writev = scsi_dma_writev;
2908 sdc->need_fua_emulation = scsi_is_cmd_fua;
2909}
2910
2911static const TypeInfo scsi_disk_base_info = {
2912 .name = TYPE_SCSI_DISK_BASE,
2913 .parent = TYPE_SCSI_DEVICE,
2914 .class_init = scsi_disk_base_class_initfn,
2915 .instance_size = sizeof(SCSIDiskState),
2916 .class_size = sizeof(SCSIDiskClass),
2917 .abstract = true,
2918};
2919
2920#define DEFINE_SCSI_DISK_PROPERTIES() \
2921 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2922 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2923 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2924 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2925 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2926 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2927
2928static Property scsi_hd_properties[] = {
2929 DEFINE_SCSI_DISK_PROPERTIES(),
2930 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2931 SCSI_DISK_F_REMOVABLE, false),
2932 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2933 SCSI_DISK_F_DPOFUA, false),
2934 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2935 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2936 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2937 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2938 DEFAULT_MAX_UNMAP_SIZE),
2939 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2940 DEFAULT_MAX_IO_SIZE),
2941 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2942 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2943 DEFINE_PROP_END_OF_LIST(),
2944};
2945
2946static const VMStateDescription vmstate_scsi_disk_state = {
2947 .name = "scsi-disk",
2948 .version_id = 1,
2949 .minimum_version_id = 1,
2950 .fields = (VMStateField[]) {
2951 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2952 VMSTATE_BOOL(media_changed, SCSIDiskState),
2953 VMSTATE_BOOL(media_event, SCSIDiskState),
2954 VMSTATE_BOOL(eject_request, SCSIDiskState),
2955 VMSTATE_BOOL(tray_open, SCSIDiskState),
2956 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2957 VMSTATE_END_OF_LIST()
2958 }
2959};
2960
2961static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2962{
2963 DeviceClass *dc = DEVICE_CLASS(klass);
2964 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2965
2966 sc->realize = scsi_hd_realize;
2967 sc->alloc_req = scsi_new_request;
2968 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2969 dc->desc = "virtual SCSI disk";
2970 dc->props = scsi_hd_properties;
2971 dc->vmsd = &vmstate_scsi_disk_state;
2972}
2973
2974static const TypeInfo scsi_hd_info = {
2975 .name = "scsi-hd",
2976 .parent = TYPE_SCSI_DISK_BASE,
2977 .class_init = scsi_hd_class_initfn,
2978};
2979
2980static Property scsi_cd_properties[] = {
2981 DEFINE_SCSI_DISK_PROPERTIES(),
2982 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2983 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2984 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2985 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2986 DEFAULT_MAX_IO_SIZE),
2987 DEFINE_PROP_END_OF_LIST(),
2988};
2989
2990static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2991{
2992 DeviceClass *dc = DEVICE_CLASS(klass);
2993 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2994
2995 sc->realize = scsi_cd_realize;
2996 sc->alloc_req = scsi_new_request;
2997 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2998 dc->desc = "virtual SCSI CD-ROM";
2999 dc->props = scsi_cd_properties;
3000 dc->vmsd = &vmstate_scsi_disk_state;
3001}
3002
3003static const TypeInfo scsi_cd_info = {
3004 .name = "scsi-cd",
3005 .parent = TYPE_SCSI_DISK_BASE,
3006 .class_init = scsi_cd_class_initfn,
3007};
3008
3009#ifdef __linux__
3010static Property scsi_block_properties[] = {
3011 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3012 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3013 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3014 DEFINE_PROP_END_OF_LIST(),
3015};
3016
3017static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3018{
3019 DeviceClass *dc = DEVICE_CLASS(klass);
3020 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3021 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3022
3023 sc->realize = scsi_block_realize;
3024 sc->alloc_req = scsi_block_new_request;
3025 sc->parse_cdb = scsi_block_parse_cdb;
3026 sdc->dma_readv = scsi_block_dma_readv;
3027 sdc->dma_writev = scsi_block_dma_writev;
3028 sdc->need_fua_emulation = scsi_block_no_fua;
3029 dc->desc = "SCSI block device passthrough";
3030 dc->props = scsi_block_properties;
3031 dc->vmsd = &vmstate_scsi_disk_state;
3032}
3033
3034static const TypeInfo scsi_block_info = {
3035 .name = "scsi-block",
3036 .parent = TYPE_SCSI_DISK_BASE,
3037 .class_init = scsi_block_class_initfn,
3038};
3039#endif
3040
3041static Property scsi_disk_properties[] = {
3042 DEFINE_SCSI_DISK_PROPERTIES(),
3043 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3044 SCSI_DISK_F_REMOVABLE, false),
3045 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3046 SCSI_DISK_F_DPOFUA, false),
3047 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3048 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3049 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3050 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3051 DEFAULT_MAX_UNMAP_SIZE),
3052 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3053 DEFAULT_MAX_IO_SIZE),
3054 DEFINE_PROP_END_OF_LIST(),
3055};
3056
3057static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3058{
3059 DeviceClass *dc = DEVICE_CLASS(klass);
3060 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3061
3062 sc->realize = scsi_disk_realize;
3063 sc->alloc_req = scsi_new_request;
3064 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3065 dc->fw_name = "disk";
3066 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3067 dc->reset = scsi_disk_reset;
3068 dc->props = scsi_disk_properties;
3069 dc->vmsd = &vmstate_scsi_disk_state;
3070}
3071
3072static const TypeInfo scsi_disk_info = {
3073 .name = "scsi-disk",
3074 .parent = TYPE_SCSI_DISK_BASE,
3075 .class_init = scsi_disk_class_initfn,
3076};
3077
3078static void scsi_disk_register_types(void)
3079{
3080 type_register_static(&scsi_disk_base_info);
3081 type_register_static(&scsi_hd_info);
3082 type_register_static(&scsi_cd_info);
3083#ifdef __linux__
3084 type_register_static(&scsi_block_info);
3085#endif
3086 type_register_static(&scsi_disk_info);
3087}
3088
3089type_init(scsi_disk_register_types)
3090
