1#include "qemu/osdep.h"
2#include "hw/hw.h"
3#include "qapi/error.h"
4#include "qemu/error-report.h"
5#include "hw/scsi/scsi.h"
6#include "scsi/constants.h"
7#include "hw/qdev.h"
8#include "sysemu/block-backend.h"
9#include "sysemu/blockdev.h"
10#include "trace.h"
11#include "sysemu/dma.h"
12#include "qemu/cutils.h"
13
14static char *scsibus_get_dev_path(DeviceState *dev);
15static char *scsibus_get_fw_dev_path(DeviceState *dev);
16static void scsi_req_dequeue(SCSIRequest *req);
17static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len);
18static void scsi_target_free_buf(SCSIRequest *req);
19
20static Property scsi_props[] = {
21 DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
22 DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
23 DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
24 DEFINE_PROP_END_OF_LIST(),
25};
26
27static void scsi_bus_class_init(ObjectClass *klass, void *data)
28{
29 BusClass *k = BUS_CLASS(klass);
30 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
31
32 k->get_dev_path = scsibus_get_dev_path;
33 k->get_fw_dev_path = scsibus_get_fw_dev_path;
34 hc->unplug = qdev_simple_device_unplug_cb;
35}
36
37static const TypeInfo scsi_bus_info = {
38 .name = TYPE_SCSI_BUS,
39 .parent = TYPE_BUS,
40 .instance_size = sizeof(SCSIBus),
41 .class_init = scsi_bus_class_init,
42 .interfaces = (InterfaceInfo[]) {
43 { TYPE_HOTPLUG_HANDLER },
44 { }
45 }
46};
47static int next_scsi_bus;
48
49static void scsi_device_realize(SCSIDevice *s, Error **errp)
50{
51 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
52 if (sc->realize) {
53 sc->realize(s, errp);
54 }
55}
56
57int scsi_bus_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf,
58 void *hba_private)
59{
60 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
61 int rc;
62
63 assert(cmd->len == 0);
64 rc = scsi_req_parse_cdb(dev, cmd, buf);
65 if (bus->info->parse_cdb) {
66 rc = bus->info->parse_cdb(dev, cmd, buf, hba_private);
67 }
68 return rc;
69}
70
71static SCSIRequest *scsi_device_alloc_req(SCSIDevice *s, uint32_t tag, uint32_t lun,
72 uint8_t *buf, void *hba_private)
73{
74 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
75 if (sc->alloc_req) {
76 return sc->alloc_req(s, tag, lun, buf, hba_private);
77 }
78
79 return NULL;
80}
81
82void scsi_device_unit_attention_reported(SCSIDevice *s)
83{
84 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s);
85 if (sc->unit_attention_reported) {
86 sc->unit_attention_reported(s);
87 }
88}
89
90
91void scsi_bus_new(SCSIBus *bus, size_t bus_size, DeviceState *host,
92 const SCSIBusInfo *info, const char *bus_name)
93{
94 qbus_create_inplace(bus, bus_size, TYPE_SCSI_BUS, host, bus_name);
95 bus->busnr = next_scsi_bus++;
96 bus->info = info;
97 qbus_set_bus_hotplug_handler(BUS(bus), &error_abort);
98}
99
100static void scsi_dma_restart_bh(void *opaque)
101{
102 SCSIDevice *s = opaque;
103 SCSIRequest *req, *next;
104
105 qemu_bh_delete(s->bh);
106 s->bh = NULL;
107
108 aio_context_acquire(blk_get_aio_context(s->conf.blk));
109 QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) {
110 scsi_req_ref(req);
111 if (req->retry) {
112 req->retry = false;
113 switch (req->cmd.mode) {
114 case SCSI_XFER_FROM_DEV:
115 case SCSI_XFER_TO_DEV:
116 scsi_req_continue(req);
117 break;
118 case SCSI_XFER_NONE:
119 scsi_req_dequeue(req);
120 scsi_req_enqueue(req);
121 break;
122 }
123 }
124 scsi_req_unref(req);
125 }
126 aio_context_release(blk_get_aio_context(s->conf.blk));
127}
128
129void scsi_req_retry(SCSIRequest *req)
130{
131
132
133 req->retry = true;
134}
135
136static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
137{
138 SCSIDevice *s = opaque;
139
140 if (!running) {
141 return;
142 }
143 if (!s->bh) {
144 AioContext *ctx = blk_get_aio_context(s->conf.blk);
145 s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s);
146 qemu_bh_schedule(s->bh);
147 }
148}
149
150static void scsi_qdev_realize(DeviceState *qdev, Error **errp)
151{
152 SCSIDevice *dev = SCSI_DEVICE(qdev);
153 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
154 SCSIDevice *d;
155 Error *local_err = NULL;
156
157 if (dev->channel > bus->info->max_channel) {
158 error_setg(errp, "bad scsi channel id: %d", dev->channel);
159 return;
160 }
161 if (dev->id != -1 && dev->id > bus->info->max_target) {
162 error_setg(errp, "bad scsi device id: %d", dev->id);
163 return;
164 }
165 if (dev->lun != -1 && dev->lun > bus->info->max_lun) {
166 error_setg(errp, "bad scsi device lun: %d", dev->lun);
167 return;
168 }
169
170 if (dev->id == -1) {
171 int id = -1;
172 if (dev->lun == -1) {
173 dev->lun = 0;
174 }
175 do {
176 d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
177 } while (d && d->lun == dev->lun && id < bus->info->max_target);
178 if (d && d->lun == dev->lun) {
179 error_setg(errp, "no free target");
180 return;
181 }
182 dev->id = id;
183 } else if (dev->lun == -1) {
184 int lun = -1;
185 do {
186 d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
187 } while (d && d->lun == lun && lun < bus->info->max_lun);
188 if (d && d->lun == lun) {
189 error_setg(errp, "no free lun");
190 return;
191 }
192 dev->lun = lun;
193 } else {
194 d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
195 assert(d);
196 if (d->lun == dev->lun && dev != d) {
197 error_setg(errp, "lun already used by '%s'", d->qdev.id);
198 return;
199 }
200 }
201
202 QTAILQ_INIT(&dev->requests);
203 scsi_device_realize(dev, &local_err);
204 if (local_err) {
205 error_propagate(errp, local_err);
206 return;
207 }
208 dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb,
209 dev);
210}
211
212static void scsi_qdev_unrealize(DeviceState *qdev, Error **errp)
213{
214 SCSIDevice *dev = SCSI_DEVICE(qdev);
215
216 if (dev->vmsentry) {
217 qemu_del_vm_change_state_handler(dev->vmsentry);
218 }
219
220 scsi_device_purge_requests(dev, SENSE_CODE(NO_SENSE));
221 blockdev_mark_auto_del(dev->conf.blk);
222}
223
224
225SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
226 int unit, bool removable, int bootindex,
227 bool share_rw,
228 const char *serial, Error **errp)
229{
230 const char *driver;
231 char *name;
232 DeviceState *dev;
233 Error *err = NULL;
234
235 driver = blk_is_sg(blk) ? "scsi-generic" : "scsi-disk";
236 dev = qdev_create(&bus->qbus, driver);
237 name = g_strdup_printf("legacy[%d]", unit);
238 object_property_add_child(OBJECT(bus), name, OBJECT(dev), NULL);
239 g_free(name);
240
241 qdev_prop_set_uint32(dev, "scsi-id", unit);
242 if (bootindex >= 0) {
243 object_property_set_int(OBJECT(dev), bootindex, "bootindex",
244 &error_abort);
245 }
246 if (object_property_find(OBJECT(dev), "removable", NULL)) {
247 qdev_prop_set_bit(dev, "removable", removable);
248 }
249 if (serial && object_property_find(OBJECT(dev), "serial", NULL)) {
250 qdev_prop_set_string(dev, "serial", serial);
251 }
252 qdev_prop_set_drive(dev, "drive", blk, &err);
253 if (err) {
254 error_propagate(errp, err);
255 object_unparent(OBJECT(dev));
256 return NULL;
257 }
258 object_property_set_bool(OBJECT(dev), share_rw, "share-rw", &err);
259 if (err != NULL) {
260 error_propagate(errp, err);
261 object_unparent(OBJECT(dev));
262 return NULL;
263 }
264 object_property_set_bool(OBJECT(dev), true, "realized", &err);
265 if (err != NULL) {
266 error_propagate(errp, err);
267 object_unparent(OBJECT(dev));
268 return NULL;
269 }
270 return SCSI_DEVICE(dev);
271}
272
273void scsi_bus_legacy_handle_cmdline(SCSIBus *bus, bool deprecated)
274{
275 Location loc;
276 DriveInfo *dinfo;
277 int unit;
278
279 loc_push_none(&loc);
280 for (unit = 0; unit <= bus->info->max_target; unit++) {
281 dinfo = drive_get(IF_SCSI, bus->busnr, unit);
282 if (dinfo == NULL) {
283 continue;
284 }
285 qemu_opts_loc_restore(dinfo->opts);
286 if (deprecated) {
287
288 if (blk_get_attached_dev(blk_by_legacy_dinfo(dinfo))) {
289 continue;
290 }
291 if (!dinfo->is_default) {
292 warn_report("bus=%d,unit=%d is deprecated with this"
293 " machine type",
294 bus->busnr, unit);
295 }
296 }
297 scsi_bus_legacy_add_drive(bus, blk_by_legacy_dinfo(dinfo),
298 unit, false, -1, false, NULL, &error_fatal);
299 }
300 loc_pop(&loc);
301}
302
303static bool is_scsi_hba_with_legacy_magic(Object *obj)
304{
305 static const char *magic[] = {
306 "am53c974", "dc390", "esp", "lsi53c810", "lsi53c895a",
307 "megasas", "megasas-gen2", "mptsas1068", "spapr-vscsi",
308 "virtio-scsi-device",
309 NULL
310 };
311 const char *typename = object_get_typename(obj);
312 int i;
313
314 for (i = 0; magic[i]; i++)
315 if (!strcmp(typename, magic[i])) {
316 return true;
317 }
318
319 return false;
320}
321
322static int scsi_legacy_handle_cmdline_cb(Object *obj, void *opaque)
323{
324 SCSIBus *bus = (SCSIBus *)object_dynamic_cast(obj, TYPE_SCSI_BUS);
325
326 if (bus && is_scsi_hba_with_legacy_magic(OBJECT(bus->qbus.parent))) {
327 scsi_bus_legacy_handle_cmdline(bus, true);
328 }
329
330 return 0;
331}
332
333void scsi_legacy_handle_cmdline(void)
334{
335 object_child_foreach_recursive(object_get_root(),
336 scsi_legacy_handle_cmdline_cb, NULL);
337}
338
339static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf)
340{
341 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
342 scsi_req_complete(req, CHECK_CONDITION);
343 return 0;
344}
345
346static const struct SCSIReqOps reqops_invalid_field = {
347 .size = sizeof(SCSIRequest),
348 .send_command = scsi_invalid_field
349};
350
351
352
353static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf)
354{
355 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE));
356 scsi_req_complete(req, CHECK_CONDITION);
357 return 0;
358}
359
360static const struct SCSIReqOps reqops_invalid_opcode = {
361 .size = sizeof(SCSIRequest),
362 .send_command = scsi_invalid_command
363};
364
365
366
367static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf)
368{
369 if (req->dev->unit_attention.key == UNIT_ATTENTION) {
370 scsi_req_build_sense(req, req->dev->unit_attention);
371 } else if (req->bus->unit_attention.key == UNIT_ATTENTION) {
372 scsi_req_build_sense(req, req->bus->unit_attention);
373 }
374 scsi_req_complete(req, CHECK_CONDITION);
375 return 0;
376}
377
378static const struct SCSIReqOps reqops_unit_attention = {
379 .size = sizeof(SCSIRequest),
380 .send_command = scsi_unit_attention
381};
382
383
384
385
386typedef struct SCSITargetReq SCSITargetReq;
387
388struct SCSITargetReq {
389 SCSIRequest req;
390 int len;
391 uint8_t *buf;
392 int buf_len;
393};
394
395static void store_lun(uint8_t *outbuf, int lun)
396{
397 if (lun < 256) {
398 outbuf[1] = lun;
399 return;
400 }
401 outbuf[1] = (lun & 255);
402 outbuf[0] = (lun >> 8) | 0x40;
403}
404
405static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
406{
407 BusChild *kid;
408 int i, len, n;
409 int channel, id;
410 bool found_lun0;
411
412 if (r->req.cmd.xfer < 16) {
413 return false;
414 }
415 if (r->req.cmd.buf[2] > 2) {
416 return false;
417 }
418 channel = r->req.dev->channel;
419 id = r->req.dev->id;
420 found_lun0 = false;
421 n = 0;
422 QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
423 DeviceState *qdev = kid->child;
424 SCSIDevice *dev = SCSI_DEVICE(qdev);
425
426 if (dev->channel == channel && dev->id == id) {
427 if (dev->lun == 0) {
428 found_lun0 = true;
429 }
430 n += 8;
431 }
432 }
433 if (!found_lun0) {
434 n += 8;
435 }
436
437 scsi_target_alloc_buf(&r->req, n + 8);
438
439 len = MIN(n + 8, r->req.cmd.xfer & ~7);
440 memset(r->buf, 0, len);
441 stl_be_p(&r->buf[0], n);
442 i = found_lun0 ? 8 : 16;
443 QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
444 DeviceState *qdev = kid->child;
445 SCSIDevice *dev = SCSI_DEVICE(qdev);
446
447 if (dev->channel == channel && dev->id == id) {
448 store_lun(&r->buf[i], dev->lun);
449 i += 8;
450 }
451 }
452 assert(i == n + 8);
453 r->len = len;
454 return true;
455}
456
457static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
458{
459 assert(r->req.dev->lun != r->req.lun);
460
461 scsi_target_alloc_buf(&r->req, SCSI_INQUIRY_LEN);
462
463 if (r->req.cmd.buf[1] & 0x2) {
464
465 return false;
466 }
467
468 if (r->req.cmd.buf[1] & 0x1) {
469
470 uint8_t page_code = r->req.cmd.buf[2];
471 r->buf[r->len++] = page_code ;
472 r->buf[r->len++] = 0x00;
473
474 switch (page_code) {
475 case 0x00:
476 {
477 int pages;
478 pages = r->len++;
479 r->buf[r->len++] = 0x00;
480 r->buf[pages] = r->len - pages - 1;
481 break;
482 }
483 default:
484 return false;
485 }
486
487 assert(r->len < r->buf_len);
488 r->len = MIN(r->req.cmd.xfer, r->len);
489 return true;
490 }
491
492
493 if (r->req.cmd.buf[2] != 0) {
494 return false;
495 }
496
497
498 r->len = MIN(r->req.cmd.xfer, SCSI_INQUIRY_LEN);
499 memset(r->buf, 0, r->len);
500 if (r->req.lun != 0) {
501 r->buf[0] = TYPE_NO_LUN;
502 } else {
503 r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE;
504 r->buf[2] = 5;
505 r->buf[3] = 2 | 0x10;
506 r->buf[4] = r->len - 5;
507 r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0);
508 memcpy(&r->buf[8], "QEMU ", 8);
509 memcpy(&r->buf[16], "QEMU TARGET ", 16);
510 pstrcpy((char *) &r->buf[32], 4, qemu_hw_version());
511 }
512 return true;
513}
514
515static size_t scsi_sense_len(SCSIRequest *req)
516{
517 if (req->dev->type == TYPE_SCANNER)
518 return SCSI_SENSE_LEN_SCANNER;
519 else
520 return SCSI_SENSE_LEN;
521}
522
523static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
524{
525 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
526 int fixed_sense = (req->cmd.buf[1] & 1) == 0;
527
528 if (req->lun != 0 &&
529 buf[0] != INQUIRY && buf[0] != REQUEST_SENSE) {
530 scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));
531 scsi_req_complete(req, CHECK_CONDITION);
532 return 0;
533 }
534 switch (buf[0]) {
535 case REPORT_LUNS:
536 if (!scsi_target_emulate_report_luns(r)) {
537 goto illegal_request;
538 }
539 break;
540 case INQUIRY:
541 if (!scsi_target_emulate_inquiry(r)) {
542 goto illegal_request;
543 }
544 break;
545 case REQUEST_SENSE:
546 scsi_target_alloc_buf(&r->req, scsi_sense_len(req));
547 if (req->lun != 0) {
548 const struct SCSISense sense = SENSE_CODE(LUN_NOT_SUPPORTED);
549
550 if (fixed_sense) {
551 r->buf[0] = 0x70;
552 r->buf[2] = sense.key;
553 r->buf[10] = 10;
554 r->buf[12] = sense.asc;
555 r->buf[13] = sense.ascq;
556 r->len = MIN(req->cmd.xfer, SCSI_SENSE_LEN);
557 } else {
558 r->buf[0] = 0x72;
559 r->buf[1] = sense.key;
560 r->buf[2] = sense.asc;
561 r->buf[3] = sense.ascq;
562 r->len = 8;
563 }
564 } else {
565 r->len = scsi_device_get_sense(r->req.dev, r->buf,
566 MIN(req->cmd.xfer, r->buf_len),
567 fixed_sense);
568 }
569 if (r->req.dev->sense_is_ua) {
570 scsi_device_unit_attention_reported(req->dev);
571 r->req.dev->sense_len = 0;
572 r->req.dev->sense_is_ua = false;
573 }
574 break;
575 case TEST_UNIT_READY:
576 break;
577 default:
578 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE));
579 scsi_req_complete(req, CHECK_CONDITION);
580 return 0;
581 illegal_request:
582 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));
583 scsi_req_complete(req, CHECK_CONDITION);
584 return 0;
585 }
586
587 if (!r->len) {
588 scsi_req_complete(req, GOOD);
589 }
590 return r->len;
591}
592
593static void scsi_target_read_data(SCSIRequest *req)
594{
595 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
596 uint32_t n;
597
598 n = r->len;
599 if (n > 0) {
600 r->len = 0;
601 scsi_req_data(&r->req, n);
602 } else {
603 scsi_req_complete(&r->req, GOOD);
604 }
605}
606
607static uint8_t *scsi_target_get_buf(SCSIRequest *req)
608{
609 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
610
611 return r->buf;
612}
613
614static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len)
615{
616 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
617
618 r->buf = g_malloc(len);
619 r->buf_len = len;
620
621 return r->buf;
622}
623
624static void scsi_target_free_buf(SCSIRequest *req)
625{
626 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
627
628 g_free(r->buf);
629}
630
631static const struct SCSIReqOps reqops_target_command = {
632 .size = sizeof(SCSITargetReq),
633 .send_command = scsi_target_send_command,
634 .read_data = scsi_target_read_data,
635 .get_buf = scsi_target_get_buf,
636 .free_req = scsi_target_free_buf,
637};
638
639
640SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d,
641 uint32_t tag, uint32_t lun, void *hba_private)
642{
643 SCSIRequest *req;
644 SCSIBus *bus = scsi_bus_from_device(d);
645 BusState *qbus = BUS(bus);
646 const int memset_off = offsetof(SCSIRequest, sense)
647 + sizeof(req->sense);
648
649 req = g_malloc(reqops->size);
650 memset((uint8_t *)req + memset_off, 0, reqops->size - memset_off);
651 req->refcount = 1;
652 req->bus = bus;
653 req->dev = d;
654 req->tag = tag;
655 req->lun = lun;
656 req->hba_private = hba_private;
657 req->status = -1;
658 req->ops = reqops;
659 object_ref(OBJECT(d));
660 object_ref(OBJECT(qbus->parent));
661 notifier_list_init(&req->cancel_notifiers);
662 trace_scsi_req_alloc(req->dev->id, req->lun, req->tag);
663 return req;
664}
665
666SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
667 uint8_t *buf, void *hba_private)
668{
669 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus);
670 const SCSIReqOps *ops;
671 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(d);
672 SCSIRequest *req;
673 SCSICommand cmd = { .len = 0 };
674 int ret;
675
676 if ((d->unit_attention.key == UNIT_ATTENTION ||
677 bus->unit_attention.key == UNIT_ATTENTION) &&
678 (buf[0] != INQUIRY &&
679 buf[0] != REPORT_LUNS &&
680 buf[0] != GET_CONFIGURATION &&
681 buf[0] != GET_EVENT_STATUS_NOTIFICATION &&
682
683
684
685
686
687 !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) {
688 ops = &reqops_unit_attention;
689 } else if (lun != d->lun ||
690 buf[0] == REPORT_LUNS ||
691 (buf[0] == REQUEST_SENSE && d->sense_len)) {
692 ops = &reqops_target_command;
693 } else {
694 ops = NULL;
695 }
696
697 if (ops != NULL || !sc->parse_cdb) {
698 ret = scsi_req_parse_cdb(d, &cmd, buf);
699 } else {
700 ret = sc->parse_cdb(d, &cmd, buf, hba_private);
701 }
702
703 if (ret != 0) {
704 trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]);
705 req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private);
706 } else {
707 assert(cmd.len != 0);
708 trace_scsi_req_parsed(d->id, lun, tag, buf[0],
709 cmd.mode, cmd.xfer);
710 if (cmd.lba != -1) {
711 trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
712 cmd.lba);
713 }
714
715 if (cmd.xfer > INT32_MAX) {
716 req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private);
717 } else if (ops) {
718 req = scsi_req_alloc(ops, d, tag, lun, hba_private);
719 } else {
720 req = scsi_device_alloc_req(d, tag, lun, buf, hba_private);
721 }
722 }
723
724 req->cmd = cmd;
725 req->resid = req->cmd.xfer;
726
727 switch (buf[0]) {
728 case INQUIRY:
729 trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]);
730 break;
731 case TEST_UNIT_READY:
732 trace_scsi_test_unit_ready(d->id, lun, tag);
733 break;
734 case REPORT_LUNS:
735 trace_scsi_report_luns(d->id, lun, tag);
736 break;
737 case REQUEST_SENSE:
738 trace_scsi_request_sense(d->id, lun, tag);
739 break;
740 default:
741 break;
742 }
743
744 return req;
745}
746
747uint8_t *scsi_req_get_buf(SCSIRequest *req)
748{
749 return req->ops->get_buf(req);
750}
751
752static void scsi_clear_unit_attention(SCSIRequest *req)
753{
754 SCSISense *ua;
755 if (req->dev->unit_attention.key != UNIT_ATTENTION &&
756 req->bus->unit_attention.key != UNIT_ATTENTION) {
757 return;
758 }
759
760
761
762
763
764
765 if (req->cmd.buf[0] == INQUIRY ||
766 req->cmd.buf[0] == GET_CONFIGURATION ||
767 req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) {
768 return;
769 }
770
771 if (req->dev->unit_attention.key == UNIT_ATTENTION) {
772 ua = &req->dev->unit_attention;
773 } else {
774 ua = &req->bus->unit_attention;
775 }
776
777
778
779
780
781
782 if (req->cmd.buf[0] == REPORT_LUNS &&
783 !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc &&
784 ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) {
785 return;
786 }
787
788 *ua = SENSE_CODE(NO_SENSE);
789}
790
791int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len)
792{
793 int ret;
794
795 assert(len >= 14);
796 if (!req->sense_len) {
797 return 0;
798 }
799
800 ret = scsi_convert_sense(req->sense, req->sense_len, buf, len, true);
801
802
803
804
805
806
807
808
809
810
811 if (req->dev->sense_is_ua) {
812 scsi_device_unit_attention_reported(req->dev);
813 req->dev->sense_len = 0;
814 req->dev->sense_is_ua = false;
815 }
816 return ret;
817}
818
819int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed)
820{
821 return scsi_convert_sense(dev->sense, dev->sense_len, buf, len, fixed);
822}
823
824void scsi_req_build_sense(SCSIRequest *req, SCSISense sense)
825{
826 trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag,
827 sense.key, sense.asc, sense.ascq);
828 req->sense_len = scsi_build_sense(req->sense, sense);
829}
830
831static void scsi_req_enqueue_internal(SCSIRequest *req)
832{
833 assert(!req->enqueued);
834 scsi_req_ref(req);
835 if (req->bus->info->get_sg_list) {
836 req->sg = req->bus->info->get_sg_list(req);
837 } else {
838 req->sg = NULL;
839 }
840 req->enqueued = true;
841 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
842}
843
844int32_t scsi_req_enqueue(SCSIRequest *req)
845{
846 int32_t rc;
847
848 assert(!req->retry);
849 scsi_req_enqueue_internal(req);
850 scsi_req_ref(req);
851 rc = req->ops->send_command(req, req->cmd.buf);
852 scsi_req_unref(req);
853 return rc;
854}
855
856static void scsi_req_dequeue(SCSIRequest *req)
857{
858 trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag);
859 req->retry = false;
860 if (req->enqueued) {
861 QTAILQ_REMOVE(&req->dev->requests, req, next);
862 req->enqueued = false;
863 scsi_req_unref(req);
864 }
865}
866
867static int scsi_get_performance_length(int num_desc, int type, int data_type)
868{
869
870 switch (type) {
871 case 0:
872 if ((data_type & 3) == 0) {
873
874 return 16 * num_desc + 8;
875 } else {
876
877 return 6 * num_desc + 8;
878 }
879 case 1:
880 case 4:
881 case 5:
882 return 8 * num_desc + 8;
883 case 2:
884 return 2048 * num_desc + 8;
885 case 3:
886 return 16 * num_desc + 8;
887 default:
888 return 8;
889 }
890}
891
892static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf)
893{
894 int byte_block = (buf[2] >> 2) & 0x1;
895 int type = (buf[2] >> 4) & 0x1;
896 int xfer_unit;
897
898 if (byte_block) {
899 if (type) {
900 xfer_unit = dev->blocksize;
901 } else {
902 xfer_unit = 512;
903 }
904 } else {
905 xfer_unit = 1;
906 }
907
908 return xfer_unit;
909}
910
911static int ata_passthrough_12_xfer(SCSIDevice *dev, uint8_t *buf)
912{
913 int length = buf[2] & 0x3;
914 int xfer;
915 int unit = ata_passthrough_xfer_unit(dev, buf);
916
917 switch (length) {
918 case 0:
919 case 3:
920 default:
921 xfer = 0;
922 break;
923 case 1:
924 xfer = buf[3];
925 break;
926 case 2:
927 xfer = buf[4];
928 break;
929 }
930
931 return xfer * unit;
932}
933
934static int ata_passthrough_16_xfer(SCSIDevice *dev, uint8_t *buf)
935{
936 int extend = buf[1] & 0x1;
937 int length = buf[2] & 0x3;
938 int xfer;
939 int unit = ata_passthrough_xfer_unit(dev, buf);
940
941 switch (length) {
942 case 0:
943 case 3:
944 default:
945 xfer = 0;
946 break;
947 case 1:
948 xfer = buf[4];
949 xfer |= (extend ? buf[3] << 8 : 0);
950 break;
951 case 2:
952 xfer = buf[6];
953 xfer |= (extend ? buf[5] << 8 : 0);
954 break;
955 }
956
957 return xfer * unit;
958}
959
960static int scsi_req_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
961{
962 cmd->xfer = scsi_cdb_xfer(buf);
963 switch (buf[0]) {
964 case TEST_UNIT_READY:
965 case REWIND:
966 case START_STOP:
967 case SET_CAPACITY:
968 case WRITE_FILEMARKS:
969 case WRITE_FILEMARKS_16:
970 case SPACE:
971 case RESERVE:
972 case RELEASE:
973 case ERASE:
974 case ALLOW_MEDIUM_REMOVAL:
975 case SEEK_10:
976 case SYNCHRONIZE_CACHE:
977 case SYNCHRONIZE_CACHE_16:
978 case LOCATE_16:
979 case LOCK_UNLOCK_CACHE:
980 case SET_CD_SPEED:
981 case SET_LIMITS:
982 case WRITE_LONG_10:
983 case UPDATE_BLOCK:
984 case RESERVE_TRACK:
985 case SET_READ_AHEAD:
986 case PRE_FETCH:
987 case PRE_FETCH_16:
988 case ALLOW_OVERWRITE:
989 cmd->xfer = 0;
990 break;
991 case VERIFY_10:
992 case VERIFY_12:
993 case VERIFY_16:
994 if ((buf[1] & 2) == 0) {
995 cmd->xfer = 0;
996 } else if ((buf[1] & 4) != 0) {
997 cmd->xfer = 1;
998 }
999 cmd->xfer *= dev->blocksize;
1000 break;
1001 case MODE_SENSE:
1002 break;
1003 case WRITE_SAME_10:
1004 case WRITE_SAME_16:
1005 cmd->xfer = dev->blocksize;
1006 break;
1007 case READ_CAPACITY_10:
1008 cmd->xfer = 8;
1009 break;
1010 case READ_BLOCK_LIMITS:
1011 cmd->xfer = 6;
1012 break;
1013 case SEND_VOLUME_TAG:
1014
1015 if (dev->type == TYPE_ROM) {
1016 cmd->xfer = buf[10] | (buf[9] << 8);
1017 } else {
1018 cmd->xfer = buf[9] | (buf[8] << 8);
1019 }
1020 break;
1021 case WRITE_6:
1022
1023 if (cmd->xfer == 0) {
1024 cmd->xfer = 256;
1025 }
1026
1027 case WRITE_10:
1028 case WRITE_VERIFY_10:
1029 case WRITE_12:
1030 case WRITE_VERIFY_12:
1031 case WRITE_16:
1032 case WRITE_VERIFY_16:
1033 cmd->xfer *= dev->blocksize;
1034 break;
1035 case READ_6:
1036 case READ_REVERSE:
1037
1038 if (cmd->xfer == 0) {
1039 cmd->xfer = 256;
1040 }
1041
1042 case READ_10:
1043 case READ_12:
1044 case READ_16:
1045 cmd->xfer *= dev->blocksize;
1046 break;
1047 case FORMAT_UNIT:
1048
1049
1050 if (dev->type == TYPE_ROM && (buf[1] & 16)) {
1051 cmd->xfer = 12;
1052 } else {
1053 cmd->xfer = (buf[1] & 16) == 0 ? 0 : (buf[1] & 32 ? 8 : 4);
1054 }
1055 break;
1056 case INQUIRY:
1057 case RECEIVE_DIAGNOSTIC:
1058 case SEND_DIAGNOSTIC:
1059 cmd->xfer = buf[4] | (buf[3] << 8);
1060 break;
1061 case READ_CD:
1062 case READ_BUFFER:
1063 case WRITE_BUFFER:
1064 case SEND_CUE_SHEET:
1065 cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16);
1066 break;
1067 case PERSISTENT_RESERVE_OUT:
1068 cmd->xfer = ldl_be_p(&buf[5]) & 0xffffffffULL;
1069 break;
1070 case ERASE_12:
1071 if (dev->type == TYPE_ROM) {
1072
1073 cmd->xfer = scsi_get_performance_length(buf[9] | (buf[8] << 8),
1074 buf[10], buf[1] & 0x1f);
1075 }
1076 break;
1077 case MECHANISM_STATUS:
1078 case READ_DVD_STRUCTURE:
1079 case SEND_DVD_STRUCTURE:
1080 case MAINTENANCE_OUT:
1081 case MAINTENANCE_IN:
1082 if (dev->type == TYPE_ROM) {
1083
1084 cmd->xfer = buf[9] | (buf[8] << 8);
1085 }
1086 break;
1087 case ATA_PASSTHROUGH_12:
1088 if (dev->type == TYPE_ROM) {
1089
1090 cmd->xfer = 0;
1091 } else {
1092 cmd->xfer = ata_passthrough_12_xfer(dev, buf);
1093 }
1094 break;
1095 case ATA_PASSTHROUGH_16:
1096 cmd->xfer = ata_passthrough_16_xfer(dev, buf);
1097 break;
1098 }
1099 return 0;
1100}
1101
1102static int scsi_req_stream_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
1103{
1104 switch (buf[0]) {
1105
1106 case ERASE_12:
1107 case ERASE_16:
1108 cmd->xfer = 0;
1109 break;
1110 case READ_6:
1111 case READ_REVERSE:
1112 case RECOVER_BUFFERED_DATA:
1113 case WRITE_6:
1114 cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16);
1115 if (buf[1] & 0x01) {
1116 cmd->xfer *= dev->blocksize;
1117 }
1118 break;
1119 case READ_16:
1120 case READ_REVERSE_16:
1121 case VERIFY_16:
1122 case WRITE_16:
1123 cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16);
1124 if (buf[1] & 0x01) {
1125 cmd->xfer *= dev->blocksize;
1126 }
1127 break;
1128 case REWIND:
1129 case LOAD_UNLOAD:
1130 cmd->xfer = 0;
1131 break;
1132 case SPACE_16:
1133 cmd->xfer = buf[13] | (buf[12] << 8);
1134 break;
1135 case READ_POSITION:
1136 switch (buf[1] & 0x1f) {
1137 case SHORT_FORM_BLOCK_ID:
1138 case SHORT_FORM_VENDOR_SPECIFIC:
1139 cmd->xfer = 20;
1140 break;
1141 case LONG_FORM:
1142 cmd->xfer = 32;
1143 break;
1144 case EXTENDED_FORM:
1145 cmd->xfer = buf[8] | (buf[7] << 8);
1146 break;
1147 default:
1148 return -1;
1149 }
1150
1151 break;
1152 case FORMAT_UNIT:
1153 cmd->xfer = buf[4] | (buf[3] << 8);
1154 break;
1155
1156 default:
1157 return scsi_req_xfer(cmd, dev, buf);
1158 }
1159 return 0;
1160}
1161
1162static int scsi_req_medium_changer_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
1163{
1164 switch (buf[0]) {
1165
1166 case EXCHANGE_MEDIUM:
1167 case INITIALIZE_ELEMENT_STATUS:
1168 case INITIALIZE_ELEMENT_STATUS_WITH_RANGE:
1169 case MOVE_MEDIUM:
1170 case POSITION_TO_ELEMENT:
1171 cmd->xfer = 0;
1172 break;
1173 case READ_ELEMENT_STATUS:
1174 cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16);
1175 break;
1176
1177
1178 default:
1179 return scsi_req_xfer(cmd, dev, buf);
1180 }
1181 return 0;
1182}
1183
1184static int scsi_req_scanner_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
1185{
1186 switch (buf[0]) {
1187
1188 case OBJECT_POSITION:
1189 cmd->xfer = 0;
1190 break;
1191 case SCAN:
1192 cmd->xfer = buf[4];
1193 break;
1194 case READ_10:
1195 case SEND:
1196 case GET_WINDOW:
1197 case SET_WINDOW:
1198 cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16);
1199 break;
1200 default:
1201
1202 return scsi_req_xfer(cmd, dev, buf);
1203 }
1204
1205 return 0;
1206}
1207
1208static void scsi_cmd_xfer_mode(SCSICommand *cmd)
1209{
1210 if (!cmd->xfer) {
1211 cmd->mode = SCSI_XFER_NONE;
1212 return;
1213 }
1214 switch (cmd->buf[0]) {
1215 case WRITE_6:
1216 case WRITE_10:
1217 case WRITE_VERIFY_10:
1218 case WRITE_12:
1219 case WRITE_VERIFY_12:
1220 case WRITE_16:
1221 case WRITE_VERIFY_16:
1222 case VERIFY_10:
1223 case VERIFY_12:
1224 case VERIFY_16:
1225 case COPY:
1226 case COPY_VERIFY:
1227 case COMPARE:
1228 case CHANGE_DEFINITION:
1229 case LOG_SELECT:
1230 case MODE_SELECT:
1231 case MODE_SELECT_10:
1232 case SEND_DIAGNOSTIC:
1233 case WRITE_BUFFER:
1234 case FORMAT_UNIT:
1235 case REASSIGN_BLOCKS:
1236 case SEARCH_EQUAL:
1237 case SEARCH_HIGH:
1238 case SEARCH_LOW:
1239 case UPDATE_BLOCK:
1240 case WRITE_LONG_10:
1241 case WRITE_SAME_10:
1242 case WRITE_SAME_16:
1243 case UNMAP:
1244 case SEARCH_HIGH_12:
1245 case SEARCH_EQUAL_12:
1246 case SEARCH_LOW_12:
1247 case MEDIUM_SCAN:
1248 case SEND_VOLUME_TAG:
1249 case SEND_CUE_SHEET:
1250 case SEND_DVD_STRUCTURE:
1251 case PERSISTENT_RESERVE_OUT:
1252 case MAINTENANCE_OUT:
1253 case SET_WINDOW:
1254 case SCAN:
1255
1256
1257
1258 cmd->mode = SCSI_XFER_TO_DEV;
1259 break;
1260 case ATA_PASSTHROUGH_12:
1261 case ATA_PASSTHROUGH_16:
1262
1263 cmd->mode = (cmd->buf[2] & 0x8) ?
1264 SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV;
1265 break;
1266 default:
1267 cmd->mode = SCSI_XFER_FROM_DEV;
1268 break;
1269 }
1270}
1271
1272int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf)
1273{
1274 int rc;
1275 int len;
1276
1277 cmd->lba = -1;
1278 len = scsi_cdb_length(buf);
1279 if (len < 0) {
1280 return -1;
1281 }
1282
1283 cmd->len = len;
1284 switch (dev->type) {
1285 case TYPE_TAPE:
1286 rc = scsi_req_stream_xfer(cmd, dev, buf);
1287 break;
1288 case TYPE_MEDIUM_CHANGER:
1289 rc = scsi_req_medium_changer_xfer(cmd, dev, buf);
1290 break;
1291 case TYPE_SCANNER:
1292 rc = scsi_req_scanner_length(cmd, dev, buf);
1293 break;
1294 default:
1295 rc = scsi_req_xfer(cmd, dev, buf);
1296 break;
1297 }
1298
1299 if (rc != 0)
1300 return rc;
1301
1302 memcpy(cmd->buf, buf, cmd->len);
1303 scsi_cmd_xfer_mode(cmd);
1304 cmd->lba = scsi_cmd_lba(cmd);
1305 return 0;
1306}
1307
1308void scsi_device_report_change(SCSIDevice *dev, SCSISense sense)
1309{
1310 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
1311
1312 scsi_device_set_ua(dev, sense);
1313 if (bus->info->change) {
1314 bus->info->change(bus, dev, sense);
1315 }
1316}
1317
1318SCSIRequest *scsi_req_ref(SCSIRequest *req)
1319{
1320 assert(req->refcount > 0);
1321 req->refcount++;
1322 return req;
1323}
1324
1325void scsi_req_unref(SCSIRequest *req)
1326{
1327 assert(req->refcount > 0);
1328 if (--req->refcount == 0) {
1329 BusState *qbus = req->dev->qdev.parent_bus;
1330 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, qbus);
1331
1332 if (bus->info->free_request && req->hba_private) {
1333 bus->info->free_request(bus, req->hba_private);
1334 }
1335 if (req->ops->free_req) {
1336 req->ops->free_req(req);
1337 }
1338 object_unref(OBJECT(req->dev));
1339 object_unref(OBJECT(qbus->parent));
1340 g_free(req);
1341 }
1342}
1343
1344
1345
1346void scsi_req_continue(SCSIRequest *req)
1347{
1348 if (req->io_canceled) {
1349 trace_scsi_req_continue_canceled(req->dev->id, req->lun, req->tag);
1350 return;
1351 }
1352 trace_scsi_req_continue(req->dev->id, req->lun, req->tag);
1353 if (req->cmd.mode == SCSI_XFER_TO_DEV) {
1354 req->ops->write_data(req);
1355 } else {
1356 req->ops->read_data(req);
1357 }
1358}
1359
1360
1361
1362
1363void scsi_req_data(SCSIRequest *req, int len)
1364{
1365 uint8_t *buf;
1366 if (req->io_canceled) {
1367 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
1368 return;
1369 }
1370 trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
1371 assert(req->cmd.mode != SCSI_XFER_NONE);
1372 if (!req->sg) {
1373 req->resid -= len;
1374 req->bus->info->transfer_data(req, len);
1375 return;
1376 }
1377
1378
1379
1380
1381 assert(!req->dma_started);
1382 req->dma_started = true;
1383
1384 buf = scsi_req_get_buf(req);
1385 if (req->cmd.mode == SCSI_XFER_FROM_DEV) {
1386 req->resid = dma_buf_read(buf, len, req->sg);
1387 } else {
1388 req->resid = dma_buf_write(buf, len, req->sg);
1389 }
1390 scsi_req_continue(req);
1391}
1392
1393void scsi_req_print(SCSIRequest *req)
1394{
1395 FILE *fp = stderr;
1396 int i;
1397
1398 fprintf(fp, "[%s id=%d] %s",
1399 req->dev->qdev.parent_bus->name,
1400 req->dev->id,
1401 scsi_command_name(req->cmd.buf[0]));
1402 for (i = 1; i < req->cmd.len; i++) {
1403 fprintf(fp, " 0x%02x", req->cmd.buf[i]);
1404 }
1405 switch (req->cmd.mode) {
1406 case SCSI_XFER_NONE:
1407 fprintf(fp, " - none\n");
1408 break;
1409 case SCSI_XFER_FROM_DEV:
1410 fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer);
1411 break;
1412 case SCSI_XFER_TO_DEV:
1413 fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer);
1414 break;
1415 default:
1416 fprintf(fp, " - Oops\n");
1417 break;
1418 }
1419}
1420
1421void scsi_req_complete(SCSIRequest *req, int status)
1422{
1423 assert(req->status == -1);
1424 req->status = status;
1425
1426 assert(req->sense_len <= sizeof(req->sense));
1427 if (status == GOOD) {
1428 req->sense_len = 0;
1429 }
1430
1431 if (req->sense_len) {
1432 memcpy(req->dev->sense, req->sense, req->sense_len);
1433 req->dev->sense_len = req->sense_len;
1434 req->dev->sense_is_ua = (req->ops == &reqops_unit_attention);
1435 } else {
1436 req->dev->sense_len = 0;
1437 req->dev->sense_is_ua = false;
1438 }
1439
1440
1441
1442
1443
1444
1445 scsi_clear_unit_attention(req);
1446
1447 scsi_req_ref(req);
1448 scsi_req_dequeue(req);
1449 req->bus->info->complete(req, req->status, req->resid);
1450
1451
1452 notifier_list_notify(&req->cancel_notifiers, req);
1453 scsi_req_unref(req);
1454}
1455
1456
1457void scsi_req_cancel_complete(SCSIRequest *req)
1458{
1459 assert(req->io_canceled);
1460 if (req->bus->info->cancel) {
1461 req->bus->info->cancel(req);
1462 }
1463 notifier_list_notify(&req->cancel_notifiers, req);
1464 scsi_req_unref(req);
1465}
1466
1467
1468
1469
1470
1471void scsi_req_cancel_async(SCSIRequest *req, Notifier *notifier)
1472{
1473 trace_scsi_req_cancel(req->dev->id, req->lun, req->tag);
1474 if (notifier) {
1475 notifier_list_add(&req->cancel_notifiers, notifier);
1476 }
1477 if (req->io_canceled) {
1478
1479
1480
1481
1482 assert(req->aiocb);
1483 return;
1484 }
1485
1486 scsi_req_ref(req);
1487 scsi_req_dequeue(req);
1488 req->io_canceled = true;
1489 if (req->aiocb) {
1490 blk_aio_cancel_async(req->aiocb);
1491 } else {
1492 scsi_req_cancel_complete(req);
1493 }
1494}
1495
1496void scsi_req_cancel(SCSIRequest *req)
1497{
1498 trace_scsi_req_cancel(req->dev->id, req->lun, req->tag);
1499 if (!req->enqueued) {
1500 return;
1501 }
1502 assert(!req->io_canceled);
1503
1504 scsi_req_ref(req);
1505 scsi_req_dequeue(req);
1506 req->io_canceled = true;
1507 if (req->aiocb) {
1508 blk_aio_cancel(req->aiocb);
1509 } else {
1510 scsi_req_cancel_complete(req);
1511 }
1512}
1513
1514static int scsi_ua_precedence(SCSISense sense)
1515{
1516 if (sense.key != UNIT_ATTENTION) {
1517 return INT_MAX;
1518 }
1519 if (sense.asc == 0x29 && sense.ascq == 0x04) {
1520
1521 return 1;
1522 } else if (sense.asc == 0x3F && sense.ascq == 0x01) {
1523
1524 return 2;
1525 } else if (sense.asc == 0x29 && (sense.ascq == 0x05 || sense.ascq == 0x06)) {
1526
1527 ;
1528 } else if (sense.asc == 0x29 && sense.ascq <= 0x07) {
1529
1530
1531
1532
1533
1534
1535 return sense.ascq;
1536 } else if (sense.asc == 0x2F && sense.ascq == 0x01) {
1537
1538 return 8;
1539 }
1540 return (sense.asc << 8) | sense.ascq;
1541}
1542
1543void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense)
1544{
1545 int prec1, prec2;
1546 if (sense.key != UNIT_ATTENTION) {
1547 return;
1548 }
1549 trace_scsi_device_set_ua(sdev->id, sdev->lun, sense.key,
1550 sense.asc, sense.ascq);
1551
1552
1553
1554
1555
1556 prec1 = scsi_ua_precedence(sdev->unit_attention);
1557 prec2 = scsi_ua_precedence(sense);
1558 if (prec2 < prec1) {
1559 sdev->unit_attention = sense;
1560 }
1561}
1562
1563void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense)
1564{
1565 SCSIRequest *req;
1566
1567 aio_context_acquire(blk_get_aio_context(sdev->conf.blk));
1568 while (!QTAILQ_EMPTY(&sdev->requests)) {
1569 req = QTAILQ_FIRST(&sdev->requests);
1570 scsi_req_cancel_async(req, NULL);
1571 }
1572 blk_drain(sdev->conf.blk);
1573 aio_context_release(blk_get_aio_context(sdev->conf.blk));
1574 scsi_device_set_ua(sdev, sense);
1575}
1576
1577static char *scsibus_get_dev_path(DeviceState *dev)
1578{
1579 SCSIDevice *d = SCSI_DEVICE(dev);
1580 DeviceState *hba = dev->parent_bus->parent;
1581 char *id;
1582 char *path;
1583
1584 id = qdev_get_dev_path(hba);
1585 if (id) {
1586 path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
1587 } else {
1588 path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
1589 }
1590 g_free(id);
1591 return path;
1592}
1593
1594static char *scsibus_get_fw_dev_path(DeviceState *dev)
1595{
1596 SCSIDevice *d = SCSI_DEVICE(dev);
1597 return g_strdup_printf("channel@%x/%s@%x,%x", d->channel,
1598 qdev_fw_name(dev), d->id, d->lun);
1599}
1600
1601SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
1602{
1603 BusChild *kid;
1604 SCSIDevice *target_dev = NULL;
1605
1606 QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, ChildrenHead, sibling) {
1607 DeviceState *qdev = kid->child;
1608 SCSIDevice *dev = SCSI_DEVICE(qdev);
1609
1610 if (dev->channel == channel && dev->id == id) {
1611 if (dev->lun == lun) {
1612 return dev;
1613 }
1614 target_dev = dev;
1615 }
1616 }
1617 return target_dev;
1618}
1619
1620
1621
1622static int put_scsi_requests(QEMUFile *f, void *pv, size_t size,
1623 VMStateField *field, QJSON *vmdesc)
1624{
1625 SCSIDevice *s = pv;
1626 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
1627 SCSIRequest *req;
1628
1629 QTAILQ_FOREACH(req, &s->requests, next) {
1630 assert(!req->io_canceled);
1631 assert(req->status == -1);
1632 assert(req->enqueued);
1633
1634 qemu_put_sbyte(f, req->retry ? 1 : 2);
1635 qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf));
1636 qemu_put_be32s(f, &req->tag);
1637 qemu_put_be32s(f, &req->lun);
1638 if (bus->info->save_request) {
1639 bus->info->save_request(f, req);
1640 }
1641 if (req->ops->save_request) {
1642 req->ops->save_request(f, req);
1643 }
1644 }
1645 qemu_put_sbyte(f, 0);
1646
1647 return 0;
1648}
1649
1650static int get_scsi_requests(QEMUFile *f, void *pv, size_t size,
1651 VMStateField *field)
1652{
1653 SCSIDevice *s = pv;
1654 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
1655 int8_t sbyte;
1656
1657 while ((sbyte = qemu_get_sbyte(f)) > 0) {
1658 uint8_t buf[SCSI_CMD_BUF_SIZE];
1659 uint32_t tag;
1660 uint32_t lun;
1661 SCSIRequest *req;
1662
1663 qemu_get_buffer(f, buf, sizeof(buf));
1664 qemu_get_be32s(f, &tag);
1665 qemu_get_be32s(f, &lun);
1666 req = scsi_req_new(s, tag, lun, buf, NULL);
1667 req->retry = (sbyte == 1);
1668 if (bus->info->load_request) {
1669 req->hba_private = bus->info->load_request(f, req);
1670 }
1671 if (req->ops->load_request) {
1672 req->ops->load_request(f, req);
1673 }
1674
1675
1676 scsi_req_enqueue_internal(req);
1677
1678
1679
1680
1681
1682
1683 scsi_req_unref(req);
1684 }
1685
1686 return 0;
1687}
1688
1689static const VMStateInfo vmstate_info_scsi_requests = {
1690 .name = "scsi-requests",
1691 .get = get_scsi_requests,
1692 .put = put_scsi_requests,
1693};
1694
1695static bool scsi_sense_state_needed(void *opaque)
1696{
1697 SCSIDevice *s = opaque;
1698
1699 return s->sense_len > SCSI_SENSE_BUF_SIZE_OLD;
1700}
1701
1702static const VMStateDescription vmstate_scsi_sense_state = {
1703 .name = "SCSIDevice/sense",
1704 .version_id = 1,
1705 .minimum_version_id = 1,
1706 .needed = scsi_sense_state_needed,
1707 .fields = (VMStateField[]) {
1708 VMSTATE_UINT8_SUB_ARRAY(sense, SCSIDevice,
1709 SCSI_SENSE_BUF_SIZE_OLD,
1710 SCSI_SENSE_BUF_SIZE - SCSI_SENSE_BUF_SIZE_OLD),
1711 VMSTATE_END_OF_LIST()
1712 }
1713};
1714
1715const VMStateDescription vmstate_scsi_device = {
1716 .name = "SCSIDevice",
1717 .version_id = 1,
1718 .minimum_version_id = 1,
1719 .fields = (VMStateField[]) {
1720 VMSTATE_UINT8(unit_attention.key, SCSIDevice),
1721 VMSTATE_UINT8(unit_attention.asc, SCSIDevice),
1722 VMSTATE_UINT8(unit_attention.ascq, SCSIDevice),
1723 VMSTATE_BOOL(sense_is_ua, SCSIDevice),
1724 VMSTATE_UINT8_SUB_ARRAY(sense, SCSIDevice, 0, SCSI_SENSE_BUF_SIZE_OLD),
1725 VMSTATE_UINT32(sense_len, SCSIDevice),
1726 {
1727 .name = "requests",
1728 .version_id = 0,
1729 .field_exists = NULL,
1730 .size = 0,
1731 .info = &vmstate_info_scsi_requests,
1732 .flags = VMS_SINGLE,
1733 .offset = 0,
1734 },
1735 VMSTATE_END_OF_LIST()
1736 },
1737 .subsections = (const VMStateDescription*[]) {
1738 &vmstate_scsi_sense_state,
1739 NULL
1740 }
1741};
1742
1743static void scsi_device_class_init(ObjectClass *klass, void *data)
1744{
1745 DeviceClass *k = DEVICE_CLASS(klass);
1746 set_bit(DEVICE_CATEGORY_STORAGE, k->categories);
1747 k->bus_type = TYPE_SCSI_BUS;
1748 k->realize = scsi_qdev_realize;
1749 k->unrealize = scsi_qdev_unrealize;
1750 k->props = scsi_props;
1751}
1752
1753static void scsi_dev_instance_init(Object *obj)
1754{
1755 DeviceState *dev = DEVICE(obj);
1756 SCSIDevice *s = SCSI_DEVICE(dev);
1757
1758 device_add_bootindex_property(obj, &s->conf.bootindex,
1759 "bootindex", NULL,
1760 &s->qdev, NULL);
1761}
1762
1763static const TypeInfo scsi_device_type_info = {
1764 .name = TYPE_SCSI_DEVICE,
1765 .parent = TYPE_DEVICE,
1766 .instance_size = sizeof(SCSIDevice),
1767 .abstract = true,
1768 .class_size = sizeof(SCSIDeviceClass),
1769 .class_init = scsi_device_class_init,
1770 .instance_init = scsi_dev_instance_init,
1771};
1772
1773static void scsi_register_types(void)
1774{
1775 type_register_static(&scsi_bus_info);
1776 type_register_static(&scsi_device_type_info);
1777}
1778
1779type_init(scsi_register_types)
1780
