1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#include "qemu/osdep.h"
23#include "qemu/units.h"
24#include "qapi/error.h"
25#include "qemu/error-report.h"
26#include "qemu/main-loop.h"
27#include "qemu/module.h"
28#include "qemu/hw-version.h"
29#include "qemu/memalign.h"
30#include "hw/scsi/scsi.h"
31#include "migration/qemu-file-types.h"
32#include "migration/vmstate.h"
33#include "hw/scsi/emulation.h"
34#include "scsi/constants.h"
35#include "sysemu/block-backend.h"
36#include "sysemu/blockdev.h"
37#include "hw/block/block.h"
38#include "hw/qdev-properties.h"
39#include "hw/qdev-properties-system.h"
40#include "sysemu/dma.h"
41#include "sysemu/sysemu.h"
42#include "qemu/cutils.h"
43#include "trace.h"
44#include "qom/object.h"
45
46#ifdef __linux
47#include <scsi/sg.h>
48#endif
49
50#define SCSI_WRITE_SAME_MAX (512 * KiB)
51#define SCSI_DMA_BUF_SIZE (128 * KiB)
52#define SCSI_MAX_INQUIRY_LEN 256
53#define SCSI_MAX_MODE_LEN 256
54
55#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
56#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
57#define DEFAULT_MAX_IO_SIZE INT_MAX
58
59#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
60
61OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
62
63struct SCSIDiskClass {
64 SCSIDeviceClass parent_class;
65 DMAIOFunc *dma_readv;
66 DMAIOFunc *dma_writev;
67 bool (*need_fua_emulation)(SCSICommand *cmd);
68 void (*update_sense)(SCSIRequest *r);
69};
70
71typedef struct SCSIDiskReq {
72 SCSIRequest req;
73
74 uint64_t sector;
75 uint32_t sector_count;
76 uint32_t buflen;
77 bool started;
78 bool need_fua_emulation;
79 struct iovec iov;
80 QEMUIOVector qiov;
81 BlockAcctCookie acct;
82} SCSIDiskReq;
83
84#define SCSI_DISK_F_REMOVABLE 0
85#define SCSI_DISK_F_DPOFUA 1
86#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
87
88struct SCSIDiskState {
89 SCSIDevice qdev;
90 uint32_t features;
91 bool media_changed;
92 bool media_event;
93 bool eject_request;
94 uint16_t port_index;
95 uint64_t max_unmap_size;
96 uint64_t max_io_size;
97 uint32_t quirks;
98 QEMUBH *bh;
99 char *version;
100 char *serial;
101 char *vendor;
102 char *product;
103 char *device_id;
104 bool tray_open;
105 bool tray_locked;
106
107
108
109
110
111
112
113 uint16_t rotation_rate;
114};
115
116static void scsi_free_request(SCSIRequest *req)
117{
118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
119
120 qemu_vfree(r->iov.iov_base);
121}
122
123
124static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
125{
126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
127 sense.ascq);
128 scsi_req_build_sense(&r->req, sense);
129 scsi_req_complete(&r->req, CHECK_CONDITION);
130}
131
132static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
133{
134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
135
136 if (!r->iov.iov_base) {
137 r->buflen = size;
138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
139 }
140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
141 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
142}
143
144static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
145{
146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
147
148 qemu_put_be64s(f, &r->sector);
149 qemu_put_be32s(f, &r->sector_count);
150 qemu_put_be32s(f, &r->buflen);
151 if (r->buflen) {
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 } else if (!req->retry) {
155 uint32_t len = r->iov.iov_len;
156 qemu_put_be32s(f, &len);
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
159 }
160}
161
162static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
163{
164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
165
166 qemu_get_be64s(f, &r->sector);
167 qemu_get_be32s(f, &r->sector_count);
168 qemu_get_be32s(f, &r->buflen);
169 if (r->buflen) {
170 scsi_init_iovec(r, r->buflen);
171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 } else if (!r->req.retry) {
174 uint32_t len;
175 qemu_get_be32s(f, &len);
176 r->iov.iov_len = len;
177 assert(r->iov.iov_len <= r->buflen);
178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
179 }
180 }
181
182 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
183}
184
185
186
187
188
189
190
191
192static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
193{
194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
197 SCSISense sense = SENSE_CODE(NO_SENSE);
198 int error = 0;
199 bool req_has_sense = false;
200 BlockErrorAction action;
201 int status;
202
203 if (ret < 0) {
204 status = scsi_sense_from_errno(-ret, &sense);
205 error = -ret;
206 } else {
207
208 status = ret;
209 if (status == CHECK_CONDITION) {
210 req_has_sense = true;
211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
212 } else {
213 error = EINVAL;
214 }
215 }
216
217
218
219
220
221
222
223 if (req_has_sense &&
224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
225 action = BLOCK_ERROR_ACTION_REPORT;
226 acct_failed = false;
227 } else {
228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
229 blk_error_action(s->qdev.conf.blk, action, is_read, error);
230 }
231
232 switch (action) {
233 case BLOCK_ERROR_ACTION_REPORT:
234 if (acct_failed) {
235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
236 }
237 if (req_has_sense) {
238 sdc->update_sense(&r->req);
239 } else if (status == CHECK_CONDITION) {
240 scsi_req_build_sense(&r->req, sense);
241 }
242 scsi_req_complete(&r->req, status);
243 return true;
244
245 case BLOCK_ERROR_ACTION_IGNORE:
246 return false;
247
248 case BLOCK_ERROR_ACTION_STOP:
249 scsi_req_retry(&r->req);
250 return true;
251
252 default:
253 g_assert_not_reached();
254 }
255}
256
257static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
258{
259 if (r->req.io_canceled) {
260 scsi_req_cancel_complete(&r->req);
261 return true;
262 }
263
264 if (ret < 0) {
265 return scsi_handle_rw_error(r, ret, acct_failed);
266 }
267
268 return false;
269}
270
271static void scsi_aio_complete(void *opaque, int ret)
272{
273 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
275
276 assert(r->req.aiocb != NULL);
277 r->req.aiocb = NULL;
278 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
279 if (scsi_disk_req_check_error(r, ret, true)) {
280 goto done;
281 }
282
283 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
284 scsi_req_complete(&r->req, GOOD);
285
286done:
287 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
288 scsi_req_unref(&r->req);
289}
290
291static bool scsi_is_cmd_fua(SCSICommand *cmd)
292{
293 switch (cmd->buf[0]) {
294 case READ_10:
295 case READ_12:
296 case READ_16:
297 case WRITE_10:
298 case WRITE_12:
299 case WRITE_16:
300 return (cmd->buf[1] & 8) != 0;
301
302 case VERIFY_10:
303 case VERIFY_12:
304 case VERIFY_16:
305 case WRITE_VERIFY_10:
306 case WRITE_VERIFY_12:
307 case WRITE_VERIFY_16:
308 return true;
309
310 case READ_6:
311 case WRITE_6:
312 default:
313 return false;
314 }
315}
316
317static void scsi_write_do_fua(SCSIDiskReq *r)
318{
319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
320
321 assert(r->req.aiocb == NULL);
322 assert(!r->req.io_canceled);
323
324 if (r->need_fua_emulation) {
325 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
326 BLOCK_ACCT_FLUSH);
327 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
328 return;
329 }
330
331 scsi_req_complete(&r->req, GOOD);
332 scsi_req_unref(&r->req);
333}
334
335static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
336{
337 assert(r->req.aiocb == NULL);
338 if (scsi_disk_req_check_error(r, ret, false)) {
339 goto done;
340 }
341
342 r->sector += r->sector_count;
343 r->sector_count = 0;
344 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
345 scsi_write_do_fua(r);
346 return;
347 } else {
348 scsi_req_complete(&r->req, GOOD);
349 }
350
351done:
352 scsi_req_unref(&r->req);
353}
354
355static void scsi_dma_complete(void *opaque, int ret)
356{
357 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
359
360 assert(r->req.aiocb != NULL);
361 r->req.aiocb = NULL;
362
363 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
364 if (ret < 0) {
365 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
366 } else {
367 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 }
369 scsi_dma_complete_noio(r, ret);
370 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
371}
372
373static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
374{
375 uint32_t n;
376
377 assert(r->req.aiocb == NULL);
378 if (scsi_disk_req_check_error(r, ret, false)) {
379 goto done;
380 }
381
382 n = r->qiov.size / BDRV_SECTOR_SIZE;
383 r->sector += n;
384 r->sector_count -= n;
385 scsi_req_data(&r->req, r->qiov.size);
386
387done:
388 scsi_req_unref(&r->req);
389}
390
391static void scsi_read_complete(void *opaque, int ret)
392{
393 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395
396 assert(r->req.aiocb != NULL);
397 r->req.aiocb = NULL;
398
399 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
400 if (ret < 0) {
401 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
402 } else {
403 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
404 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
405 }
406 scsi_read_complete_noio(r, ret);
407 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
408}
409
410
411static void scsi_do_read(SCSIDiskReq *r, int ret)
412{
413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
414 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
415
416 assert (r->req.aiocb == NULL);
417 if (scsi_disk_req_check_error(r, ret, false)) {
418 goto done;
419 }
420
421
422 scsi_req_ref(&r->req);
423
424 if (r->req.sg) {
425 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
426 r->req.residual -= r->req.sg->size;
427 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
428 r->req.sg, r->sector << BDRV_SECTOR_BITS,
429 BDRV_SECTOR_SIZE,
430 sdc->dma_readv, r, scsi_dma_complete, r,
431 DMA_DIRECTION_FROM_DEVICE);
432 } else {
433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
434 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
435 r->qiov.size, BLOCK_ACCT_READ);
436 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
437 scsi_read_complete, r, r);
438 }
439
440done:
441 scsi_req_unref(&r->req);
442}
443
444static void scsi_do_read_cb(void *opaque, int ret)
445{
446 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
448
449 assert (r->req.aiocb != NULL);
450 r->req.aiocb = NULL;
451
452 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
453 if (ret < 0) {
454 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
455 } else {
456 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
457 }
458 scsi_do_read(opaque, ret);
459 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
460}
461
462
463static void scsi_read_data(SCSIRequest *req)
464{
465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 bool first;
468
469 trace_scsi_disk_read_data_count(r->sector_count);
470 if (r->sector_count == 0) {
471
472 scsi_req_complete(&r->req, GOOD);
473 return;
474 }
475
476
477 assert(r->req.aiocb == NULL);
478
479
480 scsi_req_ref(&r->req);
481 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
482 trace_scsi_disk_read_data_invalid();
483 scsi_read_complete_noio(r, -EINVAL);
484 return;
485 }
486
487 if (!blk_is_available(req->dev->conf.blk)) {
488 scsi_read_complete_noio(r, -ENOMEDIUM);
489 return;
490 }
491
492 first = !r->started;
493 r->started = true;
494 if (first && r->need_fua_emulation) {
495 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
496 BLOCK_ACCT_FLUSH);
497 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
498 } else {
499 scsi_do_read(r, 0);
500 }
501}
502
503static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
504{
505 uint32_t n;
506
507 assert (r->req.aiocb == NULL);
508 if (scsi_disk_req_check_error(r, ret, false)) {
509 goto done;
510 }
511
512 n = r->qiov.size / BDRV_SECTOR_SIZE;
513 r->sector += n;
514 r->sector_count -= n;
515 if (r->sector_count == 0) {
516 scsi_write_do_fua(r);
517 return;
518 } else {
519 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
520 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
521 scsi_req_data(&r->req, r->qiov.size);
522 }
523
524done:
525 scsi_req_unref(&r->req);
526}
527
528static void scsi_write_complete(void * opaque, int ret)
529{
530 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
532
533 assert (r->req.aiocb != NULL);
534 r->req.aiocb = NULL;
535
536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
537 if (ret < 0) {
538 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
539 } else {
540 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
541 }
542 scsi_write_complete_noio(r, ret);
543 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
544}
545
546static void scsi_write_data(SCSIRequest *req)
547{
548 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
549 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
550 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
551
552
553 assert(r->req.aiocb == NULL);
554
555
556 scsi_req_ref(&r->req);
557 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
558 trace_scsi_disk_write_data_invalid();
559 scsi_write_complete_noio(r, -EINVAL);
560 return;
561 }
562
563 if (!r->req.sg && !r->qiov.size) {
564
565 r->started = true;
566 scsi_write_complete_noio(r, 0);
567 return;
568 }
569 if (!blk_is_available(req->dev->conf.blk)) {
570 scsi_write_complete_noio(r, -ENOMEDIUM);
571 return;
572 }
573
574 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
575 r->req.cmd.buf[0] == VERIFY_16) {
576 if (r->req.sg) {
577 scsi_dma_complete_noio(r, 0);
578 } else {
579 scsi_write_complete_noio(r, 0);
580 }
581 return;
582 }
583
584 if (r->req.sg) {
585 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
586 r->req.residual -= r->req.sg->size;
587 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
588 r->req.sg, r->sector << BDRV_SECTOR_BITS,
589 BDRV_SECTOR_SIZE,
590 sdc->dma_writev, r, scsi_dma_complete, r,
591 DMA_DIRECTION_TO_DEVICE);
592 } else {
593 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
594 r->qiov.size, BLOCK_ACCT_WRITE);
595 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
596 scsi_write_complete, r, r);
597 }
598}
599
600
601static uint8_t *scsi_get_buf(SCSIRequest *req)
602{
603 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
604
605 return (uint8_t *)r->iov.iov_base;
606}
607
608static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
609{
610 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
611 uint8_t page_code = req->cmd.buf[2];
612 int start, buflen = 0;
613
614 outbuf[buflen++] = s->qdev.type & 0x1f;
615 outbuf[buflen++] = page_code;
616 outbuf[buflen++] = 0x00;
617 outbuf[buflen++] = 0x00;
618 start = buflen;
619
620 switch (page_code) {
621 case 0x00:
622 {
623 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
624 outbuf[buflen++] = 0x00;
625 if (s->serial) {
626 outbuf[buflen++] = 0x80;
627 }
628 outbuf[buflen++] = 0x83;
629 if (s->qdev.type == TYPE_DISK) {
630 outbuf[buflen++] = 0xb0;
631 outbuf[buflen++] = 0xb1;
632 outbuf[buflen++] = 0xb2;
633 }
634 break;
635 }
636 case 0x80:
637 {
638 int l;
639
640 if (!s->serial) {
641 trace_scsi_disk_emulate_vpd_page_80_not_supported();
642 return -1;
643 }
644
645 l = strlen(s->serial);
646 if (l > 36) {
647 l = 36;
648 }
649
650 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
651 memcpy(outbuf + buflen, s->serial, l);
652 buflen += l;
653 break;
654 }
655
656 case 0x83:
657 {
658 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
659
660 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
661
662 if (id_len) {
663 outbuf[buflen++] = 0x2;
664 outbuf[buflen++] = 0;
665 outbuf[buflen++] = 0;
666 outbuf[buflen++] = id_len;
667 memcpy(outbuf + buflen, s->device_id, id_len);
668 buflen += id_len;
669 }
670
671 if (s->qdev.wwn) {
672 outbuf[buflen++] = 0x1;
673 outbuf[buflen++] = 0x3;
674 outbuf[buflen++] = 0;
675 outbuf[buflen++] = 8;
676 stq_be_p(&outbuf[buflen], s->qdev.wwn);
677 buflen += 8;
678 }
679
680 if (s->qdev.port_wwn) {
681 outbuf[buflen++] = 0x61;
682 outbuf[buflen++] = 0x93;
683 outbuf[buflen++] = 0;
684 outbuf[buflen++] = 8;
685 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
686 buflen += 8;
687 }
688
689 if (s->port_index) {
690 outbuf[buflen++] = 0x61;
691
692
693 outbuf[buflen++] = 0x94;
694
695 outbuf[buflen++] = 0;
696 outbuf[buflen++] = 4;
697 stw_be_p(&outbuf[buflen + 2], s->port_index);
698 buflen += 4;
699 }
700 break;
701 }
702 case 0xb0:
703 {
704 SCSIBlockLimits bl = {};
705
706 if (s->qdev.type == TYPE_ROM) {
707 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
708 return -1;
709 }
710 bl.wsnz = 1;
711 bl.unmap_sectors =
712 s->qdev.conf.discard_granularity / s->qdev.blocksize;
713 bl.min_io_size =
714 s->qdev.conf.min_io_size / s->qdev.blocksize;
715 bl.opt_io_size =
716 s->qdev.conf.opt_io_size / s->qdev.blocksize;
717 bl.max_unmap_sectors =
718 s->max_unmap_size / s->qdev.blocksize;
719 bl.max_io_sectors =
720 s->max_io_size / s->qdev.blocksize;
721
722 bl.max_unmap_descr = 255;
723
724 if (s->qdev.type == TYPE_DISK) {
725 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
726 int max_io_sectors_blk =
727 max_transfer_blk / s->qdev.blocksize;
728
729 bl.max_io_sectors =
730 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
731 }
732 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
733 break;
734 }
735 case 0xb1:
736 {
737 buflen = 0x40;
738 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
739 outbuf[5] = s->rotation_rate & 0xff;
740 outbuf[6] = 0;
741 outbuf[7] = 0;
742 outbuf[8] = 0;
743 break;
744 }
745 case 0xb2:
746 {
747 buflen = 8;
748 outbuf[4] = 0;
749 outbuf[5] = 0xe0;
750 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
751 outbuf[7] = 0;
752 break;
753 }
754 default:
755 return -1;
756 }
757
758 assert(buflen - start <= 255);
759 outbuf[start - 1] = buflen - start;
760 return buflen;
761}
762
763static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
764{
765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
766 int buflen = 0;
767
768 if (req->cmd.buf[1] & 0x1) {
769
770 return scsi_disk_emulate_vpd_page(req, outbuf);
771 }
772
773
774 if (req->cmd.buf[2] != 0) {
775 return -1;
776 }
777
778
779 buflen = req->cmd.xfer;
780 if (buflen > SCSI_MAX_INQUIRY_LEN) {
781 buflen = SCSI_MAX_INQUIRY_LEN;
782 }
783
784 outbuf[0] = s->qdev.type & 0x1f;
785 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
786
787 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
788 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
789
790 memset(&outbuf[32], 0, 4);
791 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
792
793
794
795
796
797
798 outbuf[2] = s->qdev.default_scsi_version;
799 outbuf[3] = 2 | 0x10;
800
801 if (buflen > 36) {
802 outbuf[4] = buflen - 5;
803 } else {
804
805
806 outbuf[4] = 36 - 5;
807 }
808
809
810 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
811 return buflen;
812}
813
814static inline bool media_is_dvd(SCSIDiskState *s)
815{
816 uint64_t nb_sectors;
817 if (s->qdev.type != TYPE_ROM) {
818 return false;
819 }
820 if (!blk_is_available(s->qdev.conf.blk)) {
821 return false;
822 }
823 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
824 return nb_sectors > CD_MAX_SECTORS;
825}
826
827static inline bool media_is_cd(SCSIDiskState *s)
828{
829 uint64_t nb_sectors;
830 if (s->qdev.type != TYPE_ROM) {
831 return false;
832 }
833 if (!blk_is_available(s->qdev.conf.blk)) {
834 return false;
835 }
836 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
837 return nb_sectors <= CD_MAX_SECTORS;
838}
839
840static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
841 uint8_t *outbuf)
842{
843 uint8_t type = r->req.cmd.buf[1] & 7;
844
845 if (s->qdev.type != TYPE_ROM) {
846 return -1;
847 }
848
849
850 if (type != 0) {
851 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
852 return -1;
853 }
854
855 memset(outbuf, 0, 34);
856 outbuf[1] = 32;
857 outbuf[2] = 0xe;
858 outbuf[3] = 1;
859 outbuf[4] = 1;
860 outbuf[5] = 1;
861 outbuf[6] = 1;
862 outbuf[7] = 0x20;
863 outbuf[8] = 0x00;
864
865
866
867
868
869
870 return 34;
871}
872
873static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
874 uint8_t *outbuf)
875{
876 static const int rds_caps_size[5] = {
877 [0] = 2048 + 4,
878 [1] = 4 + 4,
879 [3] = 188 + 4,
880 [4] = 2048 + 4,
881 };
882
883 uint8_t media = r->req.cmd.buf[1];
884 uint8_t layer = r->req.cmd.buf[6];
885 uint8_t format = r->req.cmd.buf[7];
886 int size = -1;
887
888 if (s->qdev.type != TYPE_ROM) {
889 return -1;
890 }
891 if (media != 0) {
892 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
893 return -1;
894 }
895
896 if (format != 0xff) {
897 if (!blk_is_available(s->qdev.conf.blk)) {
898 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
899 return -1;
900 }
901 if (media_is_cd(s)) {
902 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
903 return -1;
904 }
905 if (format >= ARRAY_SIZE(rds_caps_size)) {
906 return -1;
907 }
908 size = rds_caps_size[format];
909 memset(outbuf, 0, size);
910 }
911
912 switch (format) {
913 case 0x00: {
914
915 uint64_t nb_sectors;
916 if (layer != 0) {
917 goto fail;
918 }
919 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
920
921 outbuf[4] = 1;
922 outbuf[5] = 0xf;
923 outbuf[6] = 1;
924 outbuf[7] = 0;
925
926 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1);
927 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1);
928 break;
929 }
930
931 case 0x01:
932 break;
933
934 case 0x03:
935 return -1;
936
937 case 0x04:
938 break;
939
940 case 0xff: {
941 int i;
942 size = 4;
943 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
944 if (!rds_caps_size[i]) {
945 continue;
946 }
947 outbuf[size] = i;
948 outbuf[size + 1] = 0x40;
949 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
950 size += 4;
951 }
952 break;
953 }
954
955 default:
956 return -1;
957 }
958
959
960 stw_be_p(outbuf, size - 2);
961 return size;
962
963fail:
964 return -1;
965}
966
967static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
968{
969 uint8_t event_code, media_status;
970
971 media_status = 0;
972 if (s->tray_open) {
973 media_status = MS_TRAY_OPEN;
974 } else if (blk_is_inserted(s->qdev.conf.blk)) {
975 media_status = MS_MEDIA_PRESENT;
976 }
977
978
979 event_code = MEC_NO_CHANGE;
980 if (media_status != MS_TRAY_OPEN) {
981 if (s->media_event) {
982 event_code = MEC_NEW_MEDIA;
983 s->media_event = false;
984 } else if (s->eject_request) {
985 event_code = MEC_EJECT_REQUESTED;
986 s->eject_request = false;
987 }
988 }
989
990 outbuf[0] = event_code;
991 outbuf[1] = media_status;
992
993
994 outbuf[2] = 0;
995 outbuf[3] = 0;
996 return 4;
997}
998
999static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1000 uint8_t *outbuf)
1001{
1002 int size;
1003 uint8_t *buf = r->req.cmd.buf;
1004 uint8_t notification_class_request = buf[4];
1005 if (s->qdev.type != TYPE_ROM) {
1006 return -1;
1007 }
1008 if ((buf[1] & 1) == 0) {
1009
1010 return -1;
1011 }
1012
1013 size = 4;
1014 outbuf[0] = outbuf[1] = 0;
1015 outbuf[3] = 1 << GESN_MEDIA;
1016 if (notification_class_request & (1 << GESN_MEDIA)) {
1017 outbuf[2] = GESN_MEDIA;
1018 size += scsi_event_status_media(s, &outbuf[size]);
1019 } else {
1020 outbuf[2] = 0x80;
1021 }
1022 stw_be_p(outbuf, size - 4);
1023 return size;
1024}
1025
1026static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1027{
1028 int current;
1029
1030 if (s->qdev.type != TYPE_ROM) {
1031 return -1;
1032 }
1033
1034 if (media_is_dvd(s)) {
1035 current = MMC_PROFILE_DVD_ROM;
1036 } else if (media_is_cd(s)) {
1037 current = MMC_PROFILE_CD_ROM;
1038 } else {
1039 current = MMC_PROFILE_NONE;
1040 }
1041
1042 memset(outbuf, 0, 40);
1043 stl_be_p(&outbuf[0], 36);
1044 stw_be_p(&outbuf[6], current);
1045
1046 outbuf[10] = 0x03;
1047 outbuf[11] = 8;
1048 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1049 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1050 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1051 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1052
1053 stw_be_p(&outbuf[20], 1);
1054 outbuf[22] = 0x08 | 0x03;
1055 outbuf[23] = 8;
1056 stl_be_p(&outbuf[24], 1);
1057 outbuf[28] = 1;
1058
1059 stw_be_p(&outbuf[32], 3);
1060 outbuf[34] = 0x08 | 0x03;
1061 outbuf[35] = 4;
1062 outbuf[36] = 0x39;
1063
1064
1065 return 40;
1066}
1067
1068static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1069{
1070 if (s->qdev.type != TYPE_ROM) {
1071 return -1;
1072 }
1073 memset(outbuf, 0, 8);
1074 outbuf[5] = 1;
1075 return 8;
1076}
1077
1078static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1079 int page_control)
1080{
1081 static const int mode_sense_valid[0x3f] = {
1082 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1083 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1084 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1085 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1086 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1087 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1088 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1089 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
1090 };
1091
1092 uint8_t *p = *p_outbuf + 2;
1093 int length;
1094
1095 assert(page < ARRAY_SIZE(mode_sense_valid));
1096 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1097 return -1;
1098 }
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112 switch (page) {
1113 case MODE_PAGE_HD_GEOMETRY:
1114 length = 0x16;
1115 if (page_control == 1) {
1116 break;
1117 }
1118
1119 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1120 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1121 p[2] = s->qdev.conf.cyls & 0xff;
1122 p[3] = s->qdev.conf.heads & 0xff;
1123
1124 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1125 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1126 p[6] = s->qdev.conf.cyls & 0xff;
1127
1128 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1129 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[9] = s->qdev.conf.cyls & 0xff;
1131
1132 p[10] = 0;
1133 p[11] = 200;
1134
1135 p[12] = 0xff;
1136 p[13] = 0xff;
1137 p[14] = 0xff;
1138
1139 p[18] = (5400 >> 8) & 0xff;
1140 p[19] = 5400 & 0xff;
1141 break;
1142
1143 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1144 length = 0x1e;
1145 if (page_control == 1) {
1146 break;
1147 }
1148
1149 p[0] = 5000 >> 8;
1150 p[1] = 5000 & 0xff;
1151
1152 p[2] = s->qdev.conf.heads & 0xff;
1153 p[3] = s->qdev.conf.secs & 0xff;
1154 p[4] = s->qdev.blocksize >> 8;
1155 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1156 p[7] = s->qdev.conf.cyls & 0xff;
1157
1158 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1159 p[9] = s->qdev.conf.cyls & 0xff;
1160
1161 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1162 p[11] = s->qdev.conf.cyls & 0xff;
1163
1164 p[12] = 0;
1165 p[13] = 1;
1166
1167 p[14] = 1;
1168
1169 p[15] = 0;
1170 p[16] = 1;
1171
1172 p[17] = 1;
1173
1174 p[18] = 1;
1175
1176 p[26] = (5400 >> 8) & 0xff;
1177 p[27] = 5400 & 0xff;
1178 break;
1179
1180 case MODE_PAGE_CACHING:
1181 length = 0x12;
1182 if (page_control == 1 ||
1183 blk_enable_write_cache(s->qdev.conf.blk)) {
1184 p[0] = 4;
1185 }
1186 break;
1187
1188 case MODE_PAGE_R_W_ERROR:
1189 length = 10;
1190 if (page_control == 1) {
1191 if (s->qdev.type == TYPE_ROM) {
1192
1193 p[0] = 0x80;
1194 }
1195 break;
1196 }
1197 p[0] = 0x80;
1198 if (s->qdev.type == TYPE_ROM) {
1199 p[1] = 0x20;
1200 }
1201 break;
1202
1203 case MODE_PAGE_AUDIO_CTL:
1204 length = 14;
1205 break;
1206
1207 case MODE_PAGE_CAPABILITIES:
1208 length = 0x14;
1209 if (page_control == 1) {
1210 break;
1211 }
1212
1213 p[0] = 0x3b;
1214 p[1] = 0;
1215 p[2] = 0x7f;
1216
1217 p[3] = 0xff;
1218
1219
1220 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1221
1222 p[5] = 0;
1223
1224 p[6] = (50 * 176) >> 8;
1225 p[7] = (50 * 176) & 0xff;
1226 p[8] = 2 >> 8;
1227 p[9] = 2 & 0xff;
1228 p[10] = 2048 >> 8;
1229 p[11] = 2048 & 0xff;
1230 p[12] = (16 * 176) >> 8;
1231 p[13] = (16 * 176) & 0xff;
1232 p[16] = (16 * 176) >> 8;
1233 p[17] = (16 * 176) & 0xff;
1234 p[18] = (16 * 176) >> 8;
1235 p[19] = (16 * 176) & 0xff;
1236 break;
1237
1238 case MODE_PAGE_APPLE_VENDOR:
1239 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1240 length = 0x1e;
1241 if (page_control == 1) {
1242 break;
1243 }
1244
1245 memset(p, 0, length);
1246 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1247 break;
1248 } else {
1249 return -1;
1250 }
1251
1252 case MODE_PAGE_VENDOR_SPECIFIC:
1253 if (s->qdev.type == TYPE_DISK && (s->quirks &
1254 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1255 length = 0x2;
1256 if (page_control == 1) {
1257 p[0] = 0xff;
1258 p[1] = 0xff;
1259 break;
1260 }
1261 p[0] = 0;
1262 p[1] = 0;
1263 break;
1264 } else {
1265 return -1;
1266 }
1267
1268 default:
1269 return -1;
1270 }
1271
1272 assert(length < 256);
1273 (*p_outbuf)[0] = page;
1274 (*p_outbuf)[1] = length;
1275 *p_outbuf += length + 2;
1276 return length + 2;
1277}
1278
1279static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1280{
1281 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1282 uint64_t nb_sectors;
1283 bool dbd;
1284 int page, buflen, ret, page_control;
1285 uint8_t *p;
1286 uint8_t dev_specific_param;
1287
1288 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1289 page = r->req.cmd.buf[2] & 0x3f;
1290 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1291
1292 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1293 10, page, r->req.cmd.xfer, page_control);
1294 memset(outbuf, 0, r->req.cmd.xfer);
1295 p = outbuf;
1296
1297 if (s->qdev.type == TYPE_DISK) {
1298 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1299 if (!blk_is_writable(s->qdev.conf.blk)) {
1300 dev_specific_param |= 0x80;
1301 }
1302 } else {
1303 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1304
1305 dev_specific_param = 0x00;
1306
1307
1308
1309
1310
1311
1312 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1313 page == MODE_PAGE_APPLE_VENDOR) {
1314 dbd = true;
1315 }
1316 } else {
1317
1318
1319
1320
1321 dev_specific_param = 0x00;
1322 dbd = true;
1323 }
1324 }
1325
1326 if (r->req.cmd.buf[0] == MODE_SENSE) {
1327 p[1] = 0;
1328 p[2] = dev_specific_param;
1329 p[3] = 0;
1330 p += 4;
1331 } else {
1332 p[2] = 0;
1333 p[3] = dev_specific_param;
1334 p[6] = p[7] = 0;
1335 p += 8;
1336 }
1337
1338 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1339 if (!dbd && nb_sectors) {
1340 if (r->req.cmd.buf[0] == MODE_SENSE) {
1341 outbuf[3] = 8;
1342 } else {
1343 outbuf[7] = 8;
1344 }
1345 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1346 if (nb_sectors > 0xffffff) {
1347 nb_sectors = 0;
1348 }
1349 p[0] = 0;
1350 p[1] = (nb_sectors >> 16) & 0xff;
1351 p[2] = (nb_sectors >> 8) & 0xff;
1352 p[3] = nb_sectors & 0xff;
1353 p[4] = 0;
1354 p[5] = 0;
1355 p[6] = s->qdev.blocksize >> 8;
1356 p[7] = 0;
1357 p += 8;
1358 }
1359
1360 if (page_control == 3) {
1361
1362 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1363 return -1;
1364 }
1365
1366 if (page == 0x3f) {
1367 for (page = 0; page <= 0x3e; page++) {
1368 mode_sense_page(s, page, &p, page_control);
1369 }
1370 } else {
1371 ret = mode_sense_page(s, page, &p, page_control);
1372 if (ret == -1) {
1373 return -1;
1374 }
1375 }
1376
1377 buflen = p - outbuf;
1378
1379
1380
1381
1382
1383 if (r->req.cmd.buf[0] == MODE_SENSE) {
1384 outbuf[0] = buflen - 1;
1385 } else {
1386 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1387 outbuf[1] = (buflen - 2) & 0xff;
1388 }
1389 return buflen;
1390}
1391
1392static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1393{
1394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1395 int start_track, format, msf, toclen;
1396 uint64_t nb_sectors;
1397
1398 msf = req->cmd.buf[1] & 2;
1399 format = req->cmd.buf[2] & 0xf;
1400 start_track = req->cmd.buf[6];
1401 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1402 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1403 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1404 switch (format) {
1405 case 0:
1406 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1407 break;
1408 case 1:
1409
1410 toclen = 12;
1411 memset(outbuf, 0, 12);
1412 outbuf[1] = 0x0a;
1413 outbuf[2] = 0x01;
1414 outbuf[3] = 0x01;
1415 break;
1416 case 2:
1417 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1418 break;
1419 default:
1420 return -1;
1421 }
1422 return toclen;
1423}
1424
1425static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1426{
1427 SCSIRequest *req = &r->req;
1428 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1429 bool start = req->cmd.buf[4] & 1;
1430 bool loej = req->cmd.buf[4] & 2;
1431 int pwrcnd = req->cmd.buf[4] & 0xf0;
1432
1433 if (pwrcnd) {
1434
1435 return 0;
1436 }
1437
1438 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1439 if (!start && !s->tray_open && s->tray_locked) {
1440 scsi_check_condition(r,
1441 blk_is_inserted(s->qdev.conf.blk)
1442 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1443 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1444 return -1;
1445 }
1446
1447 if (s->tray_open != !start) {
1448 blk_eject(s->qdev.conf.blk, !start);
1449 s->tray_open = !start;
1450 }
1451 }
1452 return 0;
1453}
1454
1455static void scsi_disk_emulate_read_data(SCSIRequest *req)
1456{
1457 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1458 int buflen = r->iov.iov_len;
1459
1460 if (buflen) {
1461 trace_scsi_disk_emulate_read_data(buflen);
1462 r->iov.iov_len = 0;
1463 r->started = true;
1464 scsi_req_data(&r->req, buflen);
1465 return;
1466 }
1467
1468
1469 scsi_req_complete(&r->req, GOOD);
1470}
1471
1472static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1473 uint8_t *inbuf, int inlen)
1474{
1475 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1476 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1477 uint8_t *p;
1478 int len, expected_len, changeable_len, i;
1479
1480
1481
1482
1483 expected_len = inlen + 2;
1484 if (expected_len > SCSI_MAX_MODE_LEN) {
1485 return -1;
1486 }
1487
1488
1489 if (page == MODE_PAGE_ALLS) {
1490 return -1;
1491 }
1492
1493 p = mode_current;
1494 memset(mode_current, 0, inlen + 2);
1495 len = mode_sense_page(s, page, &p, 0);
1496 if (len < 0 || len != expected_len) {
1497 return -1;
1498 }
1499
1500 p = mode_changeable;
1501 memset(mode_changeable, 0, inlen + 2);
1502 changeable_len = mode_sense_page(s, page, &p, 1);
1503 assert(changeable_len == len);
1504
1505
1506
1507
1508 for (i = 2; i < len; i++) {
1509 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1510 return -1;
1511 }
1512 }
1513 return 0;
1514}
1515
1516static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1517{
1518 switch (page) {
1519 case MODE_PAGE_CACHING:
1520 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1521 break;
1522
1523 default:
1524 break;
1525 }
1526}
1527
1528static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1529{
1530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1531
1532 while (len > 0) {
1533 int page, subpage, page_len;
1534
1535
1536 page = p[0] & 0x3f;
1537 if (p[0] & 0x40) {
1538 if (len < 4) {
1539 goto invalid_param_len;
1540 }
1541 subpage = p[1];
1542 page_len = lduw_be_p(&p[2]);
1543 p += 4;
1544 len -= 4;
1545 } else {
1546 if (len < 2) {
1547 goto invalid_param_len;
1548 }
1549 subpage = 0;
1550 page_len = p[1];
1551 p += 2;
1552 len -= 2;
1553 }
1554
1555 if (subpage) {
1556 goto invalid_param;
1557 }
1558 if (page_len > len) {
1559 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1560 goto invalid_param_len;
1561 }
1562 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
1563 }
1564
1565 if (!change) {
1566 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1567 goto invalid_param;
1568 }
1569 } else {
1570 scsi_disk_apply_mode_select(s, page, p);
1571 }
1572
1573 p += page_len;
1574 len -= page_len;
1575 }
1576 return 0;
1577
1578invalid_param:
1579 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1580 return -1;
1581
1582invalid_param_len:
1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1584 return -1;
1585}
1586
1587static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1588{
1589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1590 uint8_t *p = inbuf;
1591 int cmd = r->req.cmd.buf[0];
1592 int len = r->req.cmd.xfer;
1593 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1594 int bd_len, bs;
1595 int pass;
1596
1597 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1598 if (!(s->quirks &
1599 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1600
1601 goto invalid_field;
1602 }
1603 }
1604
1605 if (len < hdr_len) {
1606 goto invalid_param_len;
1607 }
1608
1609 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1610 len -= hdr_len;
1611 p += hdr_len;
1612 if (len < bd_len) {
1613 goto invalid_param_len;
1614 }
1615 if (bd_len != 0 && bd_len != 8) {
1616 goto invalid_param;
1617 }
1618
1619
1620 if (bd_len) {
1621 bs = p[5] << 16 | p[6] << 8 | p[7];
1622
1623
1624
1625
1626
1627
1628
1629 if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) {
1630 s->qdev.blocksize = bs;
1631 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1632 }
1633 }
1634
1635 len -= bd_len;
1636 p += bd_len;
1637
1638
1639 for (pass = 0; pass < 2; pass++) {
1640 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1641 assert(pass == 0);
1642 return;
1643 }
1644 }
1645 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1646
1647 scsi_req_ref(&r->req);
1648 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1649 BLOCK_ACCT_FLUSH);
1650 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1651 return;
1652 }
1653
1654 scsi_req_complete(&r->req, GOOD);
1655 return;
1656
1657invalid_param:
1658 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1659 return;
1660
1661invalid_param_len:
1662 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1663 return;
1664
1665invalid_field:
1666 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1667}
1668
1669
1670static inline bool check_lba_range(SCSIDiskState *s,
1671 uint64_t sector_num, uint32_t nb_sectors)
1672{
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682 return (sector_num <= sector_num + nb_sectors &&
1683 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1684}
1685
1686typedef struct UnmapCBData {
1687 SCSIDiskReq *r;
1688 uint8_t *inbuf;
1689 int count;
1690} UnmapCBData;
1691
1692static void scsi_unmap_complete(void *opaque, int ret);
1693
1694static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1695{
1696 SCSIDiskReq *r = data->r;
1697 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1698
1699 assert(r->req.aiocb == NULL);
1700
1701 if (data->count > 0) {
1702 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1703 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1704 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1705 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1706
1707 if (!check_lba_range(s, sector_num, nb_sectors)) {
1708 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1709 BLOCK_ACCT_UNMAP);
1710 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1711 goto done;
1712 }
1713
1714 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1715 r->sector_count * BDRV_SECTOR_SIZE,
1716 BLOCK_ACCT_UNMAP);
1717
1718 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1719 r->sector * BDRV_SECTOR_SIZE,
1720 r->sector_count * BDRV_SECTOR_SIZE,
1721 scsi_unmap_complete, data);
1722 data->count--;
1723 data->inbuf += 16;
1724 return;
1725 }
1726
1727 scsi_req_complete(&r->req, GOOD);
1728
1729done:
1730 scsi_req_unref(&r->req);
1731 g_free(data);
1732}
1733
1734static void scsi_unmap_complete(void *opaque, int ret)
1735{
1736 UnmapCBData *data = opaque;
1737 SCSIDiskReq *r = data->r;
1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1739
1740 assert(r->req.aiocb != NULL);
1741 r->req.aiocb = NULL;
1742
1743 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1744 if (scsi_disk_req_check_error(r, ret, true)) {
1745 scsi_req_unref(&r->req);
1746 g_free(data);
1747 } else {
1748 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1749 scsi_unmap_complete_noio(data, ret);
1750 }
1751 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1752}
1753
1754static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1755{
1756 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1757 uint8_t *p = inbuf;
1758 int len = r->req.cmd.xfer;
1759 UnmapCBData *data;
1760
1761
1762 if (r->req.cmd.buf[1] & 0x1) {
1763 goto invalid_field;
1764 }
1765
1766 if (len < 8) {
1767 goto invalid_param_len;
1768 }
1769 if (len < lduw_be_p(&p[0]) + 2) {
1770 goto invalid_param_len;
1771 }
1772 if (len < lduw_be_p(&p[2]) + 8) {
1773 goto invalid_param_len;
1774 }
1775 if (lduw_be_p(&p[2]) & 15) {
1776 goto invalid_param_len;
1777 }
1778
1779 if (!blk_is_writable(s->qdev.conf.blk)) {
1780 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1781 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1782 return;
1783 }
1784
1785 data = g_new0(UnmapCBData, 1);
1786 data->r = r;
1787 data->inbuf = &p[8];
1788 data->count = lduw_be_p(&p[2]) >> 4;
1789
1790
1791 scsi_req_ref(&r->req);
1792 scsi_unmap_complete_noio(data, 0);
1793 return;
1794
1795invalid_param_len:
1796 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1797 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1798 return;
1799
1800invalid_field:
1801 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1802 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1803}
1804
1805typedef struct WriteSameCBData {
1806 SCSIDiskReq *r;
1807 int64_t sector;
1808 int nb_sectors;
1809 QEMUIOVector qiov;
1810 struct iovec iov;
1811} WriteSameCBData;
1812
1813static void scsi_write_same_complete(void *opaque, int ret)
1814{
1815 WriteSameCBData *data = opaque;
1816 SCSIDiskReq *r = data->r;
1817 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1818
1819 assert(r->req.aiocb != NULL);
1820 r->req.aiocb = NULL;
1821 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1822 if (scsi_disk_req_check_error(r, ret, true)) {
1823 goto done;
1824 }
1825
1826 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1827
1828 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1829 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1830 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1831 data->iov.iov_len);
1832 if (data->iov.iov_len) {
1833 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1834 data->iov.iov_len, BLOCK_ACCT_WRITE);
1835
1836
1837 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1838 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1839 data->sector << BDRV_SECTOR_BITS,
1840 &data->qiov, 0,
1841 scsi_write_same_complete, data);
1842 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1843 return;
1844 }
1845
1846 scsi_req_complete(&r->req, GOOD);
1847
1848done:
1849 scsi_req_unref(&r->req);
1850 qemu_vfree(data->iov.iov_base);
1851 g_free(data);
1852 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1853}
1854
1855static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1856{
1857 SCSIRequest *req = &r->req;
1858 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1859 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1860 WriteSameCBData *data;
1861 uint8_t *buf;
1862 int i, l;
1863
1864
1865 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1866 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1867 return;
1868 }
1869
1870 if (!blk_is_writable(s->qdev.conf.blk)) {
1871 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1872 return;
1873 }
1874 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1875 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1876 return;
1877 }
1878
1879 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1880 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1881
1882
1883 scsi_req_ref(&r->req);
1884 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1885 nb_sectors * s->qdev.blocksize,
1886 BLOCK_ACCT_WRITE);
1887 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1888 r->req.cmd.lba * s->qdev.blocksize,
1889 nb_sectors * s->qdev.blocksize,
1890 flags, scsi_aio_complete, r);
1891 return;
1892 }
1893
1894 data = g_new0(WriteSameCBData, 1);
1895 data->r = r;
1896 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1897 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1898 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1899 SCSI_WRITE_SAME_MAX);
1900 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1901 data->iov.iov_len);
1902 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1903
1904 for (i = 0; i < data->iov.iov_len; i += l) {
1905 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1906 memcpy(&buf[i], inbuf, l);
1907 }
1908
1909 scsi_req_ref(&r->req);
1910 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1911 data->iov.iov_len, BLOCK_ACCT_WRITE);
1912 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1913 data->sector << BDRV_SECTOR_BITS,
1914 &data->qiov, 0,
1915 scsi_write_same_complete, data);
1916}
1917
1918static void scsi_disk_emulate_write_data(SCSIRequest *req)
1919{
1920 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1921
1922 if (r->iov.iov_len) {
1923 int buflen = r->iov.iov_len;
1924 trace_scsi_disk_emulate_write_data(buflen);
1925 r->iov.iov_len = 0;
1926 scsi_req_data(&r->req, buflen);
1927 return;
1928 }
1929
1930 switch (req->cmd.buf[0]) {
1931 case MODE_SELECT:
1932 case MODE_SELECT_10:
1933
1934 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1935 break;
1936
1937 case UNMAP:
1938 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1939 break;
1940
1941 case VERIFY_10:
1942 case VERIFY_12:
1943 case VERIFY_16:
1944 if (r->req.status == -1) {
1945 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1946 }
1947 break;
1948
1949 case WRITE_SAME_10:
1950 case WRITE_SAME_16:
1951 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1952 break;
1953
1954 default:
1955 abort();
1956 }
1957}
1958
1959static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1960{
1961 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1962 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1963 uint64_t nb_sectors;
1964 uint8_t *outbuf;
1965 int buflen;
1966
1967 switch (req->cmd.buf[0]) {
1968 case INQUIRY:
1969 case MODE_SENSE:
1970 case MODE_SENSE_10:
1971 case RESERVE:
1972 case RESERVE_10:
1973 case RELEASE:
1974 case RELEASE_10:
1975 case START_STOP:
1976 case ALLOW_MEDIUM_REMOVAL:
1977 case GET_CONFIGURATION:
1978 case GET_EVENT_STATUS_NOTIFICATION:
1979 case MECHANISM_STATUS:
1980 case REQUEST_SENSE:
1981 break;
1982
1983 default:
1984 if (!blk_is_available(s->qdev.conf.blk)) {
1985 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1986 return 0;
1987 }
1988 break;
1989 }
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999 if (req->cmd.xfer > 65536) {
2000 goto illegal_request;
2001 }
2002 r->buflen = MAX(4096, req->cmd.xfer);
2003
2004 if (!r->iov.iov_base) {
2005 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
2006 }
2007
2008 outbuf = r->iov.iov_base;
2009 memset(outbuf, 0, r->buflen);
2010 switch (req->cmd.buf[0]) {
2011 case TEST_UNIT_READY:
2012 assert(blk_is_available(s->qdev.conf.blk));
2013 break;
2014 case INQUIRY:
2015 buflen = scsi_disk_emulate_inquiry(req, outbuf);
2016 if (buflen < 0) {
2017 goto illegal_request;
2018 }
2019 break;
2020 case MODE_SENSE:
2021 case MODE_SENSE_10:
2022 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case READ_TOC:
2028 buflen = scsi_disk_emulate_read_toc(req, outbuf);
2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case RESERVE:
2034 if (req->cmd.buf[1] & 1) {
2035 goto illegal_request;
2036 }
2037 break;
2038 case RESERVE_10:
2039 if (req->cmd.buf[1] & 3) {
2040 goto illegal_request;
2041 }
2042 break;
2043 case RELEASE:
2044 if (req->cmd.buf[1] & 1) {
2045 goto illegal_request;
2046 }
2047 break;
2048 case RELEASE_10:
2049 if (req->cmd.buf[1] & 3) {
2050 goto illegal_request;
2051 }
2052 break;
2053 case START_STOP:
2054 if (scsi_disk_emulate_start_stop(r) < 0) {
2055 return 0;
2056 }
2057 break;
2058 case ALLOW_MEDIUM_REMOVAL:
2059 s->tray_locked = req->cmd.buf[4] & 1;
2060 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
2061 break;
2062 case READ_CAPACITY_10:
2063
2064 memset(outbuf, 0, 8);
2065 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2066 if (!nb_sectors) {
2067 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2068 return 0;
2069 }
2070 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2071 goto illegal_request;
2072 }
2073 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2074
2075 nb_sectors--;
2076
2077 s->qdev.max_lba = nb_sectors;
2078
2079 if (nb_sectors > UINT32_MAX) {
2080 nb_sectors = UINT32_MAX;
2081 }
2082 outbuf[0] = (nb_sectors >> 24) & 0xff;
2083 outbuf[1] = (nb_sectors >> 16) & 0xff;
2084 outbuf[2] = (nb_sectors >> 8) & 0xff;
2085 outbuf[3] = nb_sectors & 0xff;
2086 outbuf[4] = 0;
2087 outbuf[5] = 0;
2088 outbuf[6] = s->qdev.blocksize >> 8;
2089 outbuf[7] = 0;
2090 break;
2091 case REQUEST_SENSE:
2092
2093 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2094 (req->cmd.buf[1] & 1) == 0);
2095 if (buflen < 0) {
2096 goto illegal_request;
2097 }
2098 break;
2099 case MECHANISM_STATUS:
2100 buflen = scsi_emulate_mechanism_status(s, outbuf);
2101 if (buflen < 0) {
2102 goto illegal_request;
2103 }
2104 break;
2105 case GET_CONFIGURATION:
2106 buflen = scsi_get_configuration(s, outbuf);
2107 if (buflen < 0) {
2108 goto illegal_request;
2109 }
2110 break;
2111 case GET_EVENT_STATUS_NOTIFICATION:
2112 buflen = scsi_get_event_status_notification(s, r, outbuf);
2113 if (buflen < 0) {
2114 goto illegal_request;
2115 }
2116 break;
2117 case READ_DISC_INFORMATION:
2118 buflen = scsi_read_disc_information(s, r, outbuf);
2119 if (buflen < 0) {
2120 goto illegal_request;
2121 }
2122 break;
2123 case READ_DVD_STRUCTURE:
2124 buflen = scsi_read_dvd_structure(s, r, outbuf);
2125 if (buflen < 0) {
2126 goto illegal_request;
2127 }
2128 break;
2129 case SERVICE_ACTION_IN_16:
2130
2131 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2132 trace_scsi_disk_emulate_command_SAI_16();
2133 memset(outbuf, 0, req->cmd.xfer);
2134 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2135 if (!nb_sectors) {
2136 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2137 return 0;
2138 }
2139 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2140 goto illegal_request;
2141 }
2142 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2143
2144 nb_sectors--;
2145
2146 s->qdev.max_lba = nb_sectors;
2147 outbuf[0] = (nb_sectors >> 56) & 0xff;
2148 outbuf[1] = (nb_sectors >> 48) & 0xff;
2149 outbuf[2] = (nb_sectors >> 40) & 0xff;
2150 outbuf[3] = (nb_sectors >> 32) & 0xff;
2151 outbuf[4] = (nb_sectors >> 24) & 0xff;
2152 outbuf[5] = (nb_sectors >> 16) & 0xff;
2153 outbuf[6] = (nb_sectors >> 8) & 0xff;
2154 outbuf[7] = nb_sectors & 0xff;
2155 outbuf[8] = 0;
2156 outbuf[9] = 0;
2157 outbuf[10] = s->qdev.blocksize >> 8;
2158 outbuf[11] = 0;
2159 outbuf[12] = 0;
2160 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2161
2162
2163 if (s->qdev.conf.discard_granularity) {
2164 outbuf[14] = 0x80;
2165 }
2166
2167
2168 break;
2169 }
2170 trace_scsi_disk_emulate_command_SAI_unsupported();
2171 goto illegal_request;
2172 case SYNCHRONIZE_CACHE:
2173
2174 scsi_req_ref(&r->req);
2175 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2176 BLOCK_ACCT_FLUSH);
2177 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2178 return 0;
2179 case SEEK_10:
2180 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2181 if (r->req.cmd.lba > s->qdev.max_lba) {
2182 goto illegal_lba;
2183 }
2184 break;
2185 case MODE_SELECT:
2186 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2187 break;
2188 case MODE_SELECT_10:
2189 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2190 break;
2191 case UNMAP:
2192 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2193 break;
2194 case VERIFY_10:
2195 case VERIFY_12:
2196 case VERIFY_16:
2197 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2198 if (req->cmd.buf[1] & 6) {
2199 goto illegal_request;
2200 }
2201 break;
2202 case WRITE_SAME_10:
2203 case WRITE_SAME_16:
2204 trace_scsi_disk_emulate_command_WRITE_SAME(
2205 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2206 break;
2207 case FORMAT_UNIT:
2208 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2209 break;
2210 default:
2211 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2212 scsi_command_name(buf[0]));
2213 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2214 return 0;
2215 }
2216 assert(!r->req.aiocb);
2217 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2218 if (r->iov.iov_len == 0) {
2219 scsi_req_complete(&r->req, GOOD);
2220 }
2221 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2222 assert(r->iov.iov_len == req->cmd.xfer);
2223 return -r->iov.iov_len;
2224 } else {
2225 return r->iov.iov_len;
2226 }
2227
2228illegal_request:
2229 if (r->req.status == -1) {
2230 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2231 }
2232 return 0;
2233
2234illegal_lba:
2235 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2236 return 0;
2237}
2238
2239
2240
2241
2242
2243
2244static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2245{
2246 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2247 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2248 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2249 uint32_t len;
2250 uint8_t command;
2251
2252 command = buf[0];
2253
2254 if (!blk_is_available(s->qdev.conf.blk)) {
2255 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2256 return 0;
2257 }
2258
2259 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2260 switch (command) {
2261 case READ_6:
2262 case READ_10:
2263 case READ_12:
2264 case READ_16:
2265 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2266
2267
2268
2269
2270 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2271 goto illegal_request;
2272 }
2273 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2274 goto illegal_lba;
2275 }
2276 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2277 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2278 break;
2279 case WRITE_6:
2280 case WRITE_10:
2281 case WRITE_12:
2282 case WRITE_16:
2283 case WRITE_VERIFY_10:
2284 case WRITE_VERIFY_12:
2285 case WRITE_VERIFY_16:
2286 if (!blk_is_writable(s->qdev.conf.blk)) {
2287 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2288 return 0;
2289 }
2290 trace_scsi_disk_dma_command_WRITE(
2291 (command & 0xe) == 0xe ? "And Verify " : "",
2292 r->req.cmd.lba, len);
2293
2294 case VERIFY_10:
2295 case VERIFY_12:
2296 case VERIFY_16:
2297
2298
2299
2300
2301 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2302 goto illegal_request;
2303 }
2304 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2305 goto illegal_lba;
2306 }
2307 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2308 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2309 break;
2310 default:
2311 abort();
2312 illegal_request:
2313 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2314 return 0;
2315 illegal_lba:
2316 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2317 return 0;
2318 }
2319 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2320 if (r->sector_count == 0) {
2321 scsi_req_complete(&r->req, GOOD);
2322 }
2323 assert(r->iov.iov_len == 0);
2324 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2325 return -r->sector_count * BDRV_SECTOR_SIZE;
2326 } else {
2327 return r->sector_count * BDRV_SECTOR_SIZE;
2328 }
2329}
2330
2331static void scsi_disk_reset(DeviceState *dev)
2332{
2333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2334 uint64_t nb_sectors;
2335
2336 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2337
2338 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2339 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2340 if (nb_sectors) {
2341 nb_sectors--;
2342 }
2343 s->qdev.max_lba = nb_sectors;
2344
2345 s->tray_locked = 0;
2346 s->tray_open = 0;
2347
2348 s->qdev.scsi_version = s->qdev.default_scsi_version;
2349}
2350
2351static void scsi_disk_resize_cb(void *opaque)
2352{
2353 SCSIDiskState *s = opaque;
2354
2355
2356
2357
2358 if (s->qdev.type == TYPE_DISK) {
2359 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2360 }
2361}
2362
2363static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2364{
2365 SCSIDiskState *s = opaque;
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377 s->media_changed = load;
2378 s->tray_open = !load;
2379 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2380 s->media_event = true;
2381 s->eject_request = false;
2382}
2383
2384static void scsi_cd_eject_request_cb(void *opaque, bool force)
2385{
2386 SCSIDiskState *s = opaque;
2387
2388 s->eject_request = true;
2389 if (force) {
2390 s->tray_locked = false;
2391 }
2392}
2393
2394static bool scsi_cd_is_tray_open(void *opaque)
2395{
2396 return ((SCSIDiskState *)opaque)->tray_open;
2397}
2398
2399static bool scsi_cd_is_medium_locked(void *opaque)
2400{
2401 return ((SCSIDiskState *)opaque)->tray_locked;
2402}
2403
2404static const BlockDevOps scsi_disk_removable_block_ops = {
2405 .change_media_cb = scsi_cd_change_media_cb,
2406 .eject_request_cb = scsi_cd_eject_request_cb,
2407 .is_tray_open = scsi_cd_is_tray_open,
2408 .is_medium_locked = scsi_cd_is_medium_locked,
2409
2410 .resize_cb = scsi_disk_resize_cb,
2411};
2412
2413static const BlockDevOps scsi_disk_block_ops = {
2414 .resize_cb = scsi_disk_resize_cb,
2415};
2416
2417static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2418{
2419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2420 if (s->media_changed) {
2421 s->media_changed = false;
2422 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2423 }
2424}
2425
2426static void scsi_realize(SCSIDevice *dev, Error **errp)
2427{
2428 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2429 bool read_only;
2430
2431 if (!s->qdev.conf.blk) {
2432 error_setg(errp, "drive property not set");
2433 return;
2434 }
2435
2436 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2437 !blk_is_inserted(s->qdev.conf.blk)) {
2438 error_setg(errp, "Device needs media, but drive is empty");
2439 return;
2440 }
2441
2442 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2443 return;
2444 }
2445
2446 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2447 !s->qdev.hba_supports_iothread)
2448 {
2449 error_setg(errp, "HBA does not support iothreads");
2450 return;
2451 }
2452
2453 if (dev->type == TYPE_DISK) {
2454 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2455 return;
2456 }
2457 }
2458
2459 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2460 if (dev->type == TYPE_ROM) {
2461 read_only = true;
2462 }
2463
2464 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2465 dev->type == TYPE_DISK, errp)) {
2466 return;
2467 }
2468
2469 if (s->qdev.conf.discard_granularity == -1) {
2470 s->qdev.conf.discard_granularity =
2471 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2472 }
2473
2474 if (!s->version) {
2475 s->version = g_strdup(qemu_hw_version());
2476 }
2477 if (!s->vendor) {
2478 s->vendor = g_strdup("QEMU");
2479 }
2480 if (!s->device_id) {
2481 if (s->serial) {
2482 s->device_id = g_strdup_printf("%.20s", s->serial);
2483 } else {
2484 const char *str = blk_name(s->qdev.conf.blk);
2485 if (str && *str) {
2486 s->device_id = g_strdup(str);
2487 }
2488 }
2489 }
2490
2491 if (blk_is_sg(s->qdev.conf.blk)) {
2492 error_setg(errp, "unwanted /dev/sg*");
2493 return;
2494 }
2495
2496 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2497 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2498 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2499 } else {
2500 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2501 }
2502
2503 blk_iostatus_enable(s->qdev.conf.blk);
2504
2505 add_boot_device_lchs(&dev->qdev, NULL,
2506 dev->conf.lcyls,
2507 dev->conf.lheads,
2508 dev->conf.lsecs);
2509}
2510
2511static void scsi_unrealize(SCSIDevice *dev)
2512{
2513 del_boot_device_lchs(&dev->qdev, NULL);
2514}
2515
2516static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2517{
2518 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2519 AioContext *ctx = NULL;
2520
2521
2522
2523 if (s->qdev.conf.blk) {
2524 ctx = blk_get_aio_context(s->qdev.conf.blk);
2525 aio_context_acquire(ctx);
2526 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2527 goto out;
2528 }
2529 }
2530 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2531 s->qdev.type = TYPE_DISK;
2532 if (!s->product) {
2533 s->product = g_strdup("QEMU HARDDISK");
2534 }
2535 scsi_realize(&s->qdev, errp);
2536out:
2537 if (ctx) {
2538 aio_context_release(ctx);
2539 }
2540}
2541
2542static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2543{
2544 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2545 AioContext *ctx;
2546 int ret;
2547 uint32_t blocksize = 2048;
2548
2549 if (!dev->conf.blk) {
2550
2551
2552 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2553 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2554 assert(ret == 0);
2555 }
2556
2557 if (dev->conf.physical_block_size != 0) {
2558 blocksize = dev->conf.physical_block_size;
2559 }
2560
2561 ctx = blk_get_aio_context(dev->conf.blk);
2562 aio_context_acquire(ctx);
2563 s->qdev.blocksize = blocksize;
2564 s->qdev.type = TYPE_ROM;
2565 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2566 if (!s->product) {
2567 s->product = g_strdup("QEMU CD-ROM");
2568 }
2569 scsi_realize(&s->qdev, errp);
2570 aio_context_release(ctx);
2571}
2572
2573
2574static const SCSIReqOps scsi_disk_emulate_reqops = {
2575 .size = sizeof(SCSIDiskReq),
2576 .free_req = scsi_free_request,
2577 .send_command = scsi_disk_emulate_command,
2578 .read_data = scsi_disk_emulate_read_data,
2579 .write_data = scsi_disk_emulate_write_data,
2580 .get_buf = scsi_get_buf,
2581};
2582
2583static const SCSIReqOps scsi_disk_dma_reqops = {
2584 .size = sizeof(SCSIDiskReq),
2585 .free_req = scsi_free_request,
2586 .send_command = scsi_disk_dma_command,
2587 .read_data = scsi_read_data,
2588 .write_data = scsi_write_data,
2589 .get_buf = scsi_get_buf,
2590 .load_request = scsi_disk_load_request,
2591 .save_request = scsi_disk_save_request,
2592};
2593
2594static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2595 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2596 [INQUIRY] = &scsi_disk_emulate_reqops,
2597 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2598 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2599 [START_STOP] = &scsi_disk_emulate_reqops,
2600 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2601 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2602 [READ_TOC] = &scsi_disk_emulate_reqops,
2603 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2604 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2605 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2606 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2607 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2608 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2609 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2610 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2611 [SEEK_10] = &scsi_disk_emulate_reqops,
2612 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2613 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2614 [UNMAP] = &scsi_disk_emulate_reqops,
2615 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2616 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2617 [VERIFY_10] = &scsi_disk_emulate_reqops,
2618 [VERIFY_12] = &scsi_disk_emulate_reqops,
2619 [VERIFY_16] = &scsi_disk_emulate_reqops,
2620 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
2621
2622 [READ_6] = &scsi_disk_dma_reqops,
2623 [READ_10] = &scsi_disk_dma_reqops,
2624 [READ_12] = &scsi_disk_dma_reqops,
2625 [READ_16] = &scsi_disk_dma_reqops,
2626 [WRITE_6] = &scsi_disk_dma_reqops,
2627 [WRITE_10] = &scsi_disk_dma_reqops,
2628 [WRITE_12] = &scsi_disk_dma_reqops,
2629 [WRITE_16] = &scsi_disk_dma_reqops,
2630 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2631 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2632 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2633};
2634
2635static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2636{
2637 int i;
2638 int len = scsi_cdb_length(buf);
2639 char *line_buffer, *p;
2640
2641 assert(len > 0 && len <= 16);
2642 line_buffer = g_malloc(len * 5 + 1);
2643
2644 for (i = 0, p = line_buffer; i < len; i++) {
2645 p += sprintf(p, " 0x%02x", buf[i]);
2646 }
2647 trace_scsi_disk_new_request(lun, tag, line_buffer);
2648
2649 g_free(line_buffer);
2650}
2651
2652static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2653 uint8_t *buf, void *hba_private)
2654{
2655 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2656 SCSIRequest *req;
2657 const SCSIReqOps *ops;
2658 uint8_t command;
2659
2660 command = buf[0];
2661 ops = scsi_disk_reqops_dispatch[command];
2662 if (!ops) {
2663 ops = &scsi_disk_emulate_reqops;
2664 }
2665 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2666
2667 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2668 scsi_disk_new_request_dump(lun, tag, buf);
2669 }
2670
2671 return req;
2672}
2673
2674#ifdef __linux__
2675static int get_device_type(SCSIDiskState *s)
2676{
2677 uint8_t cmd[16];
2678 uint8_t buf[36];
2679 int ret;
2680
2681 memset(cmd, 0, sizeof(cmd));
2682 memset(buf, 0, sizeof(buf));
2683 cmd[0] = INQUIRY;
2684 cmd[4] = sizeof(buf);
2685
2686 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2687 buf, sizeof(buf), s->qdev.io_timeout);
2688 if (ret < 0) {
2689 return -1;
2690 }
2691 s->qdev.type = buf[0];
2692 if (buf[1] & 0x80) {
2693 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2694 }
2695 return 0;
2696}
2697
2698static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2699{
2700 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2701 AioContext *ctx;
2702 int sg_version;
2703 int rc;
2704
2705 if (!s->qdev.conf.blk) {
2706 error_setg(errp, "drive property not set");
2707 return;
2708 }
2709
2710 if (s->rotation_rate) {
2711 error_report_once("rotation_rate is specified for scsi-block but is "
2712 "not implemented. This option is deprecated and will "
2713 "be removed in a future version");
2714 }
2715
2716 ctx = blk_get_aio_context(s->qdev.conf.blk);
2717 aio_context_acquire(ctx);
2718
2719
2720 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2721 if (rc < 0) {
2722 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2723 if (rc != -EPERM) {
2724 error_append_hint(errp, "Is this a SCSI device?\n");
2725 }
2726 goto out;
2727 }
2728 if (sg_version < 30000) {
2729 error_setg(errp, "scsi generic interface too old");
2730 goto out;
2731 }
2732
2733
2734 rc = get_device_type(s);
2735 if (rc < 0) {
2736 error_setg(errp, "INQUIRY failed");
2737 goto out;
2738 }
2739
2740
2741
2742
2743
2744 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2745 s->qdev.blocksize = 2048;
2746 } else {
2747 s->qdev.blocksize = 512;
2748 }
2749
2750
2751
2752
2753 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2754
2755 scsi_realize(&s->qdev, errp);
2756 scsi_generic_read_device_inquiry(&s->qdev);
2757
2758out:
2759 aio_context_release(ctx);
2760}
2761
2762typedef struct SCSIBlockReq {
2763 SCSIDiskReq req;
2764 sg_io_hdr_t io_header;
2765
2766
2767 uint8_t cmd, cdb1, group_number;
2768
2769
2770 uint8_t cdb[16];
2771 BlockCompletionFunc *cb;
2772 void *cb_opaque;
2773} SCSIBlockReq;
2774
2775static void scsi_block_sgio_complete(void *opaque, int ret)
2776{
2777 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2778 SCSIDiskReq *r = &req->req;
2779 SCSIDevice *s = r->req.dev;
2780 sg_io_hdr_t *io_hdr = &req->io_header;
2781
2782 if (ret == 0) {
2783 if (io_hdr->host_status != SCSI_HOST_OK) {
2784 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2785 scsi_req_unref(&r->req);
2786 return;
2787 }
2788
2789 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2790 ret = BUSY;
2791 } else {
2792 ret = io_hdr->status;
2793 }
2794
2795 if (ret > 0) {
2796 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2797 if (scsi_handle_rw_error(r, ret, true)) {
2798 aio_context_release(blk_get_aio_context(s->conf.blk));
2799 scsi_req_unref(&r->req);
2800 return;
2801 }
2802 aio_context_release(blk_get_aio_context(s->conf.blk));
2803
2804
2805 ret = 0;
2806 }
2807 }
2808
2809 req->cb(req->cb_opaque, ret);
2810}
2811
2812static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2813 int64_t offset, QEMUIOVector *iov,
2814 int direction,
2815 BlockCompletionFunc *cb, void *opaque)
2816{
2817 sg_io_hdr_t *io_header = &req->io_header;
2818 SCSIDiskReq *r = &req->req;
2819 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2820 int nb_logical_blocks;
2821 uint64_t lba;
2822 BlockAIOCB *aiocb;
2823
2824
2825
2826
2827
2828 assert(offset % s->qdev.blocksize == 0);
2829 assert(iov->size % s->qdev.blocksize == 0);
2830
2831 io_header->interface_id = 'S';
2832
2833
2834 io_header->dxfer_direction = direction;
2835 io_header->dxfer_len = iov->size;
2836 io_header->dxferp = (void *)iov->iov;
2837 io_header->iovec_count = iov->niov;
2838 assert(io_header->iovec_count == iov->niov);
2839
2840
2841
2842
2843
2844
2845 io_header->cmdp = req->cdb;
2846 lba = offset / s->qdev.blocksize;
2847 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2848
2849 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2850
2851 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2852 req->cdb[4] = nb_logical_blocks;
2853 req->cdb[5] = 0;
2854 io_header->cmd_len = 6;
2855 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2856
2857 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2858 req->cdb[1] = req->cdb1;
2859 stl_be_p(&req->cdb[2], lba);
2860 req->cdb[6] = req->group_number;
2861 stw_be_p(&req->cdb[7], nb_logical_blocks);
2862 req->cdb[9] = 0;
2863 io_header->cmd_len = 10;
2864 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2865
2866 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2867 req->cdb[1] = req->cdb1;
2868 stl_be_p(&req->cdb[2], lba);
2869 stl_be_p(&req->cdb[6], nb_logical_blocks);
2870 req->cdb[10] = req->group_number;
2871 req->cdb[11] = 0;
2872 io_header->cmd_len = 12;
2873 } else {
2874
2875 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2876 req->cdb[1] = req->cdb1;
2877 stq_be_p(&req->cdb[2], lba);
2878 stl_be_p(&req->cdb[10], nb_logical_blocks);
2879 req->cdb[14] = req->group_number;
2880 req->cdb[15] = 0;
2881 io_header->cmd_len = 16;
2882 }
2883
2884
2885 io_header->mx_sb_len = sizeof(r->req.sense);
2886 io_header->sbp = r->req.sense;
2887 io_header->timeout = s->qdev.io_timeout * 1000;
2888 io_header->usr_ptr = r;
2889 io_header->flags |= SG_FLAG_DIRECT_IO;
2890 req->cb = cb;
2891 req->cb_opaque = opaque;
2892 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2893 nb_logical_blocks, io_header->timeout);
2894 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2895 assert(aiocb != NULL);
2896 return aiocb;
2897}
2898
2899static bool scsi_block_no_fua(SCSICommand *cmd)
2900{
2901 return false;
2902}
2903
2904static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2905 QEMUIOVector *iov,
2906 BlockCompletionFunc *cb, void *cb_opaque,
2907 void *opaque)
2908{
2909 SCSIBlockReq *r = opaque;
2910 return scsi_block_do_sgio(r, offset, iov,
2911 SG_DXFER_FROM_DEV, cb, cb_opaque);
2912}
2913
2914static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2915 QEMUIOVector *iov,
2916 BlockCompletionFunc *cb, void *cb_opaque,
2917 void *opaque)
2918{
2919 SCSIBlockReq *r = opaque;
2920 return scsi_block_do_sgio(r, offset, iov,
2921 SG_DXFER_TO_DEV, cb, cb_opaque);
2922}
2923
2924static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2925{
2926 switch (buf[0]) {
2927 case VERIFY_10:
2928 case VERIFY_12:
2929 case VERIFY_16:
2930
2931
2932
2933
2934 if ((buf[1] & 6) == 2) {
2935 return false;
2936 }
2937 break;
2938
2939 case READ_6:
2940 case READ_10:
2941 case READ_12:
2942 case READ_16:
2943 case WRITE_6:
2944 case WRITE_10:
2945 case WRITE_12:
2946 case WRITE_16:
2947 case WRITE_VERIFY_10:
2948 case WRITE_VERIFY_12:
2949 case WRITE_VERIFY_16:
2950
2951
2952
2953
2954
2955
2956 if (s->qdev.type != TYPE_ROM) {
2957 return false;
2958 }
2959 break;
2960
2961 default:
2962 break;
2963 }
2964
2965 return true;
2966}
2967
2968
2969static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2970{
2971 SCSIBlockReq *r = (SCSIBlockReq *)req;
2972 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2973
2974 r->cmd = req->cmd.buf[0];
2975 switch (r->cmd >> 5) {
2976 case 0:
2977
2978 r->cdb1 = r->group_number = 0;
2979 break;
2980 case 1:
2981
2982 r->cdb1 = req->cmd.buf[1];
2983 r->group_number = req->cmd.buf[6];
2984 break;
2985 case 4:
2986
2987 r->cdb1 = req->cmd.buf[1];
2988 r->group_number = req->cmd.buf[10];
2989 break;
2990 case 5:
2991
2992 r->cdb1 = req->cmd.buf[1];
2993 r->group_number = req->cmd.buf[14];
2994 break;
2995 default:
2996 abort();
2997 }
2998
2999
3000
3001
3002
3003 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
3004 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3005 return 0;
3006 }
3007
3008 return scsi_disk_dma_command(req, buf);
3009}
3010
3011static const SCSIReqOps scsi_block_dma_reqops = {
3012 .size = sizeof(SCSIBlockReq),
3013 .free_req = scsi_free_request,
3014 .send_command = scsi_block_dma_command,
3015 .read_data = scsi_read_data,
3016 .write_data = scsi_write_data,
3017 .get_buf = scsi_get_buf,
3018 .load_request = scsi_disk_load_request,
3019 .save_request = scsi_disk_save_request,
3020};
3021
3022static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3023 uint32_t lun, uint8_t *buf,
3024 void *hba_private)
3025{
3026 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3027
3028 if (scsi_block_is_passthrough(s, buf)) {
3029 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3030 hba_private);
3031 } else {
3032 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
3033 hba_private);
3034 }
3035}
3036
3037static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
3038 uint8_t *buf, size_t buf_len,
3039 void *hba_private)
3040{
3041 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3042
3043 if (scsi_block_is_passthrough(s, buf)) {
3044 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3045 } else {
3046 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3047 }
3048}
3049
3050static void scsi_block_update_sense(SCSIRequest *req)
3051{
3052 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3053 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3054 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3055}
3056#endif
3057
3058static
3059BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3060 BlockCompletionFunc *cb, void *cb_opaque,
3061 void *opaque)
3062{
3063 SCSIDiskReq *r = opaque;
3064 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3065 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3066}
3067
3068static
3069BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3070 BlockCompletionFunc *cb, void *cb_opaque,
3071 void *opaque)
3072{
3073 SCSIDiskReq *r = opaque;
3074 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3075 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3076}
3077
3078static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
3079{
3080 DeviceClass *dc = DEVICE_CLASS(klass);
3081 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3082
3083 dc->fw_name = "disk";
3084 dc->reset = scsi_disk_reset;
3085 sdc->dma_readv = scsi_dma_readv;
3086 sdc->dma_writev = scsi_dma_writev;
3087 sdc->need_fua_emulation = scsi_is_cmd_fua;
3088}
3089
3090static const TypeInfo scsi_disk_base_info = {
3091 .name = TYPE_SCSI_DISK_BASE,
3092 .parent = TYPE_SCSI_DEVICE,
3093 .class_init = scsi_disk_base_class_initfn,
3094 .instance_size = sizeof(SCSIDiskState),
3095 .class_size = sizeof(SCSIDiskClass),
3096 .abstract = true,
3097};
3098
3099#define DEFINE_SCSI_DISK_PROPERTIES() \
3100 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3101 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3102 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3103 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3104 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3105 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3106 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3107 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3108
3109
3110static Property scsi_hd_properties[] = {
3111 DEFINE_SCSI_DISK_PROPERTIES(),
3112 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3113 SCSI_DISK_F_REMOVABLE, false),
3114 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3115 SCSI_DISK_F_DPOFUA, false),
3116 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3117 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3118 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3119 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3120 DEFAULT_MAX_UNMAP_SIZE),
3121 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3122 DEFAULT_MAX_IO_SIZE),
3123 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3124 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3125 5),
3126 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3127 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3128 0),
3129 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3130 DEFINE_PROP_END_OF_LIST(),
3131};
3132
3133static const VMStateDescription vmstate_scsi_disk_state = {
3134 .name = "scsi-disk",
3135 .version_id = 1,
3136 .minimum_version_id = 1,
3137 .fields = (VMStateField[]) {
3138 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3139 VMSTATE_BOOL(media_changed, SCSIDiskState),
3140 VMSTATE_BOOL(media_event, SCSIDiskState),
3141 VMSTATE_BOOL(eject_request, SCSIDiskState),
3142 VMSTATE_BOOL(tray_open, SCSIDiskState),
3143 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3144 VMSTATE_END_OF_LIST()
3145 }
3146};
3147
3148static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3149{
3150 DeviceClass *dc = DEVICE_CLASS(klass);
3151 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3152
3153 sc->realize = scsi_hd_realize;
3154 sc->unrealize = scsi_unrealize;
3155 sc->alloc_req = scsi_new_request;
3156 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3157 dc->desc = "virtual SCSI disk";
3158 device_class_set_props(dc, scsi_hd_properties);
3159 dc->vmsd = &vmstate_scsi_disk_state;
3160}
3161
3162static const TypeInfo scsi_hd_info = {
3163 .name = "scsi-hd",
3164 .parent = TYPE_SCSI_DISK_BASE,
3165 .class_init = scsi_hd_class_initfn,
3166};
3167
3168static Property scsi_cd_properties[] = {
3169 DEFINE_SCSI_DISK_PROPERTIES(),
3170 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3171 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3172 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3173 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3174 DEFAULT_MAX_IO_SIZE),
3175 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3176 5),
3177 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3178 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
3179 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3180 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
3181 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3182 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3183 0),
3184 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3185 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
3186 DEFINE_PROP_END_OF_LIST(),
3187};
3188
3189static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3190{
3191 DeviceClass *dc = DEVICE_CLASS(klass);
3192 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3193
3194 sc->realize = scsi_cd_realize;
3195 sc->alloc_req = scsi_new_request;
3196 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3197 dc->desc = "virtual SCSI CD-ROM";
3198 device_class_set_props(dc, scsi_cd_properties);
3199 dc->vmsd = &vmstate_scsi_disk_state;
3200}
3201
3202static const TypeInfo scsi_cd_info = {
3203 .name = "scsi-cd",
3204 .parent = TYPE_SCSI_DISK_BASE,
3205 .class_init = scsi_cd_class_initfn,
3206};
3207
3208#ifdef __linux__
3209static Property scsi_block_properties[] = {
3210 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3211 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3212 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3213 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3214 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3215 DEFAULT_MAX_UNMAP_SIZE),
3216 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3217 DEFAULT_MAX_IO_SIZE),
3218 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3219 -1),
3220 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3221 DEFAULT_IO_TIMEOUT),
3222 DEFINE_PROP_END_OF_LIST(),
3223};
3224
3225static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3226{
3227 DeviceClass *dc = DEVICE_CLASS(klass);
3228 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3229 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3230
3231 sc->realize = scsi_block_realize;
3232 sc->alloc_req = scsi_block_new_request;
3233 sc->parse_cdb = scsi_block_parse_cdb;
3234 sdc->dma_readv = scsi_block_dma_readv;
3235 sdc->dma_writev = scsi_block_dma_writev;
3236 sdc->update_sense = scsi_block_update_sense;
3237 sdc->need_fua_emulation = scsi_block_no_fua;
3238 dc->desc = "SCSI block device passthrough";
3239 device_class_set_props(dc, scsi_block_properties);
3240 dc->vmsd = &vmstate_scsi_disk_state;
3241}
3242
3243static const TypeInfo scsi_block_info = {
3244 .name = "scsi-block",
3245 .parent = TYPE_SCSI_DISK_BASE,
3246 .class_init = scsi_block_class_initfn,
3247};
3248#endif
3249
3250static void scsi_disk_register_types(void)
3251{
3252 type_register_static(&scsi_disk_base_info);
3253 type_register_static(&scsi_hd_info);
3254 type_register_static(&scsi_cd_info);
3255#ifdef __linux__
3256 type_register_static(&scsi_block_info);
3257#endif
3258}
3259
3260type_init(scsi_disk_register_types)
3261
