1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#include "qemu/osdep.h"
23#include "qemu/units.h"
24#include "qapi/error.h"
25#include "qemu/error-report.h"
26#include "qemu/main-loop.h"
27#include "qemu/module.h"
28#include "qemu/hw-version.h"
29#include "qemu/memalign.h"
30#include "hw/scsi/scsi.h"
31#include "migration/qemu-file-types.h"
32#include "migration/vmstate.h"
33#include "hw/scsi/emulation.h"
34#include "scsi/constants.h"
35#include "sysemu/block-backend.h"
36#include "sysemu/blockdev.h"
37#include "hw/block/block.h"
38#include "hw/qdev-properties.h"
39#include "hw/qdev-properties-system.h"
40#include "sysemu/dma.h"
41#include "sysemu/sysemu.h"
42#include "qemu/cutils.h"
43#include "trace.h"
44#include "qom/object.h"
45
46#ifdef __linux
47#include <scsi/sg.h>
48#endif
49
50#define SCSI_WRITE_SAME_MAX (512 * KiB)
51#define SCSI_DMA_BUF_SIZE (128 * KiB)
52#define SCSI_MAX_INQUIRY_LEN 256
53#define SCSI_MAX_MODE_LEN 256
54
55#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
56#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
57#define DEFAULT_MAX_IO_SIZE INT_MAX
58
59#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
60
61OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
62
63struct SCSIDiskClass {
64 SCSIDeviceClass parent_class;
65 DMAIOFunc *dma_readv;
66 DMAIOFunc *dma_writev;
67 bool (*need_fua_emulation)(SCSICommand *cmd);
68 void (*update_sense)(SCSIRequest *r);
69};
70
71typedef struct SCSIDiskReq {
72 SCSIRequest req;
73
74 uint64_t sector;
75 uint32_t sector_count;
76 uint32_t buflen;
77 bool started;
78 bool need_fua_emulation;
79 struct iovec iov;
80 QEMUIOVector qiov;
81 BlockAcctCookie acct;
82} SCSIDiskReq;
83
84#define SCSI_DISK_F_REMOVABLE 0
85#define SCSI_DISK_F_DPOFUA 1
86#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
87
88struct SCSIDiskState {
89 SCSIDevice qdev;
90 uint32_t features;
91 bool media_changed;
92 bool media_event;
93 bool eject_request;
94 uint16_t port_index;
95 uint64_t max_unmap_size;
96 uint64_t max_io_size;
97 uint32_t quirks;
98 QEMUBH *bh;
99 char *version;
100 char *serial;
101 char *vendor;
102 char *product;
103 char *device_id;
104 bool tray_open;
105 bool tray_locked;
106
107
108
109
110
111
112
113 uint16_t rotation_rate;
114};
115
116static void scsi_free_request(SCSIRequest *req)
117{
118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
119
120 qemu_vfree(r->iov.iov_base);
121}
122
123
124static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
125{
126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
127 sense.ascq);
128 scsi_req_build_sense(&r->req, sense);
129 scsi_req_complete(&r->req, CHECK_CONDITION);
130}
131
132static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
133{
134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
135
136 if (!r->iov.iov_base) {
137 r->buflen = size;
138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
139 }
140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
141 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
142}
143
144static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
145{
146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
147
148 qemu_put_be64s(f, &r->sector);
149 qemu_put_be32s(f, &r->sector_count);
150 qemu_put_be32s(f, &r->buflen);
151 if (r->buflen) {
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 } else if (!req->retry) {
155 uint32_t len = r->iov.iov_len;
156 qemu_put_be32s(f, &len);
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
159 }
160}
161
162static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
163{
164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
165
166 qemu_get_be64s(f, &r->sector);
167 qemu_get_be32s(f, &r->sector_count);
168 qemu_get_be32s(f, &r->buflen);
169 if (r->buflen) {
170 scsi_init_iovec(r, r->buflen);
171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 } else if (!r->req.retry) {
174 uint32_t len;
175 qemu_get_be32s(f, &len);
176 r->iov.iov_len = len;
177 assert(r->iov.iov_len <= r->buflen);
178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
179 }
180 }
181
182 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
183}
184
185
186
187
188
189
190
191
192static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
193{
194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
197 SCSISense sense = SENSE_CODE(NO_SENSE);
198 int error = 0;
199 bool req_has_sense = false;
200 BlockErrorAction action;
201 int status;
202
203 if (ret < 0) {
204 status = scsi_sense_from_errno(-ret, &sense);
205 error = -ret;
206 } else {
207
208 status = ret;
209 if (status == CHECK_CONDITION) {
210 req_has_sense = true;
211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
212 } else {
213 error = EINVAL;
214 }
215 }
216
217
218
219
220
221
222
223 if (req_has_sense &&
224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
225 action = BLOCK_ERROR_ACTION_REPORT;
226 acct_failed = false;
227 } else {
228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
229 blk_error_action(s->qdev.conf.blk, action, is_read, error);
230 }
231
232 switch (action) {
233 case BLOCK_ERROR_ACTION_REPORT:
234 if (acct_failed) {
235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
236 }
237 if (req_has_sense) {
238 sdc->update_sense(&r->req);
239 } else if (status == CHECK_CONDITION) {
240 scsi_req_build_sense(&r->req, sense);
241 }
242 scsi_req_complete(&r->req, status);
243 return true;
244
245 case BLOCK_ERROR_ACTION_IGNORE:
246 return false;
247
248 case BLOCK_ERROR_ACTION_STOP:
249 scsi_req_retry(&r->req);
250 return true;
251
252 default:
253 g_assert_not_reached();
254 }
255}
256
257static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
258{
259 if (r->req.io_canceled) {
260 scsi_req_cancel_complete(&r->req);
261 return true;
262 }
263
264 if (ret < 0) {
265 return scsi_handle_rw_error(r, ret, acct_failed);
266 }
267
268 return false;
269}
270
271static void scsi_aio_complete(void *opaque, int ret)
272{
273 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
275
276 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
277
278 assert(r->req.aiocb != NULL);
279 r->req.aiocb = NULL;
280
281 if (scsi_disk_req_check_error(r, ret, true)) {
282 goto done;
283 }
284
285 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
286 scsi_req_complete(&r->req, GOOD);
287
288done:
289 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
290 scsi_req_unref(&r->req);
291}
292
293static bool scsi_is_cmd_fua(SCSICommand *cmd)
294{
295 switch (cmd->buf[0]) {
296 case READ_10:
297 case READ_12:
298 case READ_16:
299 case WRITE_10:
300 case WRITE_12:
301 case WRITE_16:
302 return (cmd->buf[1] & 8) != 0;
303
304 case VERIFY_10:
305 case VERIFY_12:
306 case VERIFY_16:
307 case WRITE_VERIFY_10:
308 case WRITE_VERIFY_12:
309 case WRITE_VERIFY_16:
310 return true;
311
312 case READ_6:
313 case WRITE_6:
314 default:
315 return false;
316 }
317}
318
319static void scsi_write_do_fua(SCSIDiskReq *r)
320{
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
322
323 assert(r->req.aiocb == NULL);
324 assert(!r->req.io_canceled);
325
326 if (r->need_fua_emulation) {
327 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
328 BLOCK_ACCT_FLUSH);
329 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
330 return;
331 }
332
333 scsi_req_complete(&r->req, GOOD);
334 scsi_req_unref(&r->req);
335}
336
337static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
338{
339 assert(r->req.aiocb == NULL);
340 if (scsi_disk_req_check_error(r, ret, false)) {
341 goto done;
342 }
343
344 r->sector += r->sector_count;
345 r->sector_count = 0;
346 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
347 scsi_write_do_fua(r);
348 return;
349 } else {
350 scsi_req_complete(&r->req, GOOD);
351 }
352
353done:
354 scsi_req_unref(&r->req);
355}
356
357
358static void scsi_dma_complete(void *opaque, int ret)
359{
360 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
362
363 assert(r->req.aiocb != NULL);
364 r->req.aiocb = NULL;
365
366 if (ret < 0) {
367 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 } else {
369 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
370 }
371 scsi_dma_complete_noio(r, ret);
372}
373
374static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
375{
376 uint32_t n;
377
378 assert(r->req.aiocb == NULL);
379 if (scsi_disk_req_check_error(r, ret, false)) {
380 goto done;
381 }
382
383 n = r->qiov.size / BDRV_SECTOR_SIZE;
384 r->sector += n;
385 r->sector_count -= n;
386 scsi_req_data(&r->req, r->qiov.size);
387
388done:
389 scsi_req_unref(&r->req);
390}
391
392static void scsi_read_complete(void *opaque, int ret)
393{
394 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
395 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
396
397 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
398
399 assert(r->req.aiocb != NULL);
400 r->req.aiocb = NULL;
401
402 if (ret < 0) {
403 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
404 } else {
405 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
406 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
407 }
408 scsi_read_complete_noio(r, ret);
409 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
410}
411
412
413static void scsi_do_read(SCSIDiskReq *r, int ret)
414{
415 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
416 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
417
418 assert (r->req.aiocb == NULL);
419 if (scsi_disk_req_check_error(r, ret, false)) {
420 goto done;
421 }
422
423
424 scsi_req_ref(&r->req);
425
426 if (r->req.sg) {
427 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
428 r->req.residual -= r->req.sg->size;
429 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
430 r->req.sg, r->sector << BDRV_SECTOR_BITS,
431 BDRV_SECTOR_SIZE,
432 sdc->dma_readv, r, scsi_dma_complete, r,
433 DMA_DIRECTION_FROM_DEVICE);
434 } else {
435 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
436 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
437 r->qiov.size, BLOCK_ACCT_READ);
438 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
439 scsi_read_complete, r, r);
440 }
441
442done:
443 scsi_req_unref(&r->req);
444}
445
446static void scsi_do_read_cb(void *opaque, int ret)
447{
448 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
450
451 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
452
453 assert (r->req.aiocb != NULL);
454 r->req.aiocb = NULL;
455
456 if (ret < 0) {
457 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
458 } else {
459 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
460 }
461 scsi_do_read(opaque, ret);
462 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
463}
464
465
466static void scsi_read_data(SCSIRequest *req)
467{
468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
470 bool first;
471
472 trace_scsi_disk_read_data_count(r->sector_count);
473 if (r->sector_count == 0) {
474
475 scsi_req_complete(&r->req, GOOD);
476 return;
477 }
478
479
480 assert(r->req.aiocb == NULL);
481
482
483 scsi_req_ref(&r->req);
484 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
485 trace_scsi_disk_read_data_invalid();
486 scsi_read_complete_noio(r, -EINVAL);
487 return;
488 }
489
490 if (!blk_is_available(req->dev->conf.blk)) {
491 scsi_read_complete_noio(r, -ENOMEDIUM);
492 return;
493 }
494
495 first = !r->started;
496 r->started = true;
497 if (first && r->need_fua_emulation) {
498 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
499 BLOCK_ACCT_FLUSH);
500 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
501 } else {
502 scsi_do_read(r, 0);
503 }
504}
505
506static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
507{
508 uint32_t n;
509
510 assert (r->req.aiocb == NULL);
511 if (scsi_disk_req_check_error(r, ret, false)) {
512 goto done;
513 }
514
515 n = r->qiov.size / BDRV_SECTOR_SIZE;
516 r->sector += n;
517 r->sector_count -= n;
518 if (r->sector_count == 0) {
519 scsi_write_do_fua(r);
520 return;
521 } else {
522 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
523 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
524 scsi_req_data(&r->req, r->qiov.size);
525 }
526
527done:
528 scsi_req_unref(&r->req);
529}
530
531static void scsi_write_complete(void * opaque, int ret)
532{
533 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
535
536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
537
538 assert (r->req.aiocb != NULL);
539 r->req.aiocb = NULL;
540
541 if (ret < 0) {
542 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
543 } else {
544 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
545 }
546 scsi_write_complete_noio(r, ret);
547 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
548}
549
550static void scsi_write_data(SCSIRequest *req)
551{
552 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
553 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
554 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
555
556
557 assert(r->req.aiocb == NULL);
558
559
560 scsi_req_ref(&r->req);
561 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
562 trace_scsi_disk_write_data_invalid();
563 scsi_write_complete_noio(r, -EINVAL);
564 return;
565 }
566
567 if (!r->req.sg && !r->qiov.size) {
568
569 r->started = true;
570 scsi_write_complete_noio(r, 0);
571 return;
572 }
573 if (!blk_is_available(req->dev->conf.blk)) {
574 scsi_write_complete_noio(r, -ENOMEDIUM);
575 return;
576 }
577
578 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
579 r->req.cmd.buf[0] == VERIFY_16) {
580 if (r->req.sg) {
581 scsi_dma_complete_noio(r, 0);
582 } else {
583 scsi_write_complete_noio(r, 0);
584 }
585 return;
586 }
587
588 if (r->req.sg) {
589 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
590 r->req.residual -= r->req.sg->size;
591 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
592 r->req.sg, r->sector << BDRV_SECTOR_BITS,
593 BDRV_SECTOR_SIZE,
594 sdc->dma_writev, r, scsi_dma_complete, r,
595 DMA_DIRECTION_TO_DEVICE);
596 } else {
597 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
598 r->qiov.size, BLOCK_ACCT_WRITE);
599 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
600 scsi_write_complete, r, r);
601 }
602}
603
604
605static uint8_t *scsi_get_buf(SCSIRequest *req)
606{
607 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
608
609 return (uint8_t *)r->iov.iov_base;
610}
611
612static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
613{
614 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
615 uint8_t page_code = req->cmd.buf[2];
616 int start, buflen = 0;
617
618 outbuf[buflen++] = s->qdev.type & 0x1f;
619 outbuf[buflen++] = page_code;
620 outbuf[buflen++] = 0x00;
621 outbuf[buflen++] = 0x00;
622 start = buflen;
623
624 switch (page_code) {
625 case 0x00:
626 {
627 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
628 outbuf[buflen++] = 0x00;
629 if (s->serial) {
630 outbuf[buflen++] = 0x80;
631 }
632 outbuf[buflen++] = 0x83;
633 if (s->qdev.type == TYPE_DISK) {
634 outbuf[buflen++] = 0xb0;
635 outbuf[buflen++] = 0xb1;
636 outbuf[buflen++] = 0xb2;
637 }
638 break;
639 }
640 case 0x80:
641 {
642 int l;
643
644 if (!s->serial) {
645 trace_scsi_disk_emulate_vpd_page_80_not_supported();
646 return -1;
647 }
648
649 l = strlen(s->serial);
650 if (l > 36) {
651 l = 36;
652 }
653
654 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
655 memcpy(outbuf + buflen, s->serial, l);
656 buflen += l;
657 break;
658 }
659
660 case 0x83:
661 {
662 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
663
664 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
665
666 if (id_len) {
667 outbuf[buflen++] = 0x2;
668 outbuf[buflen++] = 0;
669 outbuf[buflen++] = 0;
670 outbuf[buflen++] = id_len;
671 memcpy(outbuf + buflen, s->device_id, id_len);
672 buflen += id_len;
673 }
674
675 if (s->qdev.wwn) {
676 outbuf[buflen++] = 0x1;
677 outbuf[buflen++] = 0x3;
678 outbuf[buflen++] = 0;
679 outbuf[buflen++] = 8;
680 stq_be_p(&outbuf[buflen], s->qdev.wwn);
681 buflen += 8;
682 }
683
684 if (s->qdev.port_wwn) {
685 outbuf[buflen++] = 0x61;
686 outbuf[buflen++] = 0x93;
687 outbuf[buflen++] = 0;
688 outbuf[buflen++] = 8;
689 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
690 buflen += 8;
691 }
692
693 if (s->port_index) {
694 outbuf[buflen++] = 0x61;
695
696
697 outbuf[buflen++] = 0x94;
698
699 outbuf[buflen++] = 0;
700 outbuf[buflen++] = 4;
701 stw_be_p(&outbuf[buflen + 2], s->port_index);
702 buflen += 4;
703 }
704 break;
705 }
706 case 0xb0:
707 {
708 SCSIBlockLimits bl = {};
709
710 if (s->qdev.type == TYPE_ROM) {
711 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
712 return -1;
713 }
714 bl.wsnz = 1;
715 bl.unmap_sectors =
716 s->qdev.conf.discard_granularity / s->qdev.blocksize;
717 bl.min_io_size =
718 s->qdev.conf.min_io_size / s->qdev.blocksize;
719 bl.opt_io_size =
720 s->qdev.conf.opt_io_size / s->qdev.blocksize;
721 bl.max_unmap_sectors =
722 s->max_unmap_size / s->qdev.blocksize;
723 bl.max_io_sectors =
724 s->max_io_size / s->qdev.blocksize;
725
726 bl.max_unmap_descr = 255;
727
728 if (s->qdev.type == TYPE_DISK) {
729 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
730 int max_io_sectors_blk =
731 max_transfer_blk / s->qdev.blocksize;
732
733 bl.max_io_sectors =
734 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
735 }
736 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
737 break;
738 }
739 case 0xb1:
740 {
741 buflen = 0x40;
742 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
743 outbuf[5] = s->rotation_rate & 0xff;
744 outbuf[6] = 0;
745 outbuf[7] = 0;
746 outbuf[8] = 0;
747 break;
748 }
749 case 0xb2:
750 {
751 buflen = 8;
752 outbuf[4] = 0;
753 outbuf[5] = 0xe0;
754 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
755 outbuf[7] = 0;
756 break;
757 }
758 default:
759 return -1;
760 }
761
762 assert(buflen - start <= 255);
763 outbuf[start - 1] = buflen - start;
764 return buflen;
765}
766
767static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
768{
769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
770 int buflen = 0;
771
772 if (req->cmd.buf[1] & 0x1) {
773
774 return scsi_disk_emulate_vpd_page(req, outbuf);
775 }
776
777
778 if (req->cmd.buf[2] != 0) {
779 return -1;
780 }
781
782
783 buflen = req->cmd.xfer;
784 if (buflen > SCSI_MAX_INQUIRY_LEN) {
785 buflen = SCSI_MAX_INQUIRY_LEN;
786 }
787
788 outbuf[0] = s->qdev.type & 0x1f;
789 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
790
791 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
792 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
793
794 memset(&outbuf[32], 0, 4);
795 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
796
797
798
799
800
801
802 outbuf[2] = s->qdev.default_scsi_version;
803 outbuf[3] = 2 | 0x10;
804
805 if (buflen > 36) {
806 outbuf[4] = buflen - 5;
807 } else {
808
809
810 outbuf[4] = 36 - 5;
811 }
812
813
814 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
815 return buflen;
816}
817
818static inline bool media_is_dvd(SCSIDiskState *s)
819{
820 uint64_t nb_sectors;
821 if (s->qdev.type != TYPE_ROM) {
822 return false;
823 }
824 if (!blk_is_available(s->qdev.conf.blk)) {
825 return false;
826 }
827 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
828 return nb_sectors > CD_MAX_SECTORS;
829}
830
831static inline bool media_is_cd(SCSIDiskState *s)
832{
833 uint64_t nb_sectors;
834 if (s->qdev.type != TYPE_ROM) {
835 return false;
836 }
837 if (!blk_is_available(s->qdev.conf.blk)) {
838 return false;
839 }
840 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
841 return nb_sectors <= CD_MAX_SECTORS;
842}
843
844static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
845 uint8_t *outbuf)
846{
847 uint8_t type = r->req.cmd.buf[1] & 7;
848
849 if (s->qdev.type != TYPE_ROM) {
850 return -1;
851 }
852
853
854 if (type != 0) {
855 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
856 return -1;
857 }
858
859 memset(outbuf, 0, 34);
860 outbuf[1] = 32;
861 outbuf[2] = 0xe;
862 outbuf[3] = 1;
863 outbuf[4] = 1;
864 outbuf[5] = 1;
865 outbuf[6] = 1;
866 outbuf[7] = 0x20;
867 outbuf[8] = 0x00;
868
869
870
871
872
873
874 return 34;
875}
876
877static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
878 uint8_t *outbuf)
879{
880 static const int rds_caps_size[5] = {
881 [0] = 2048 + 4,
882 [1] = 4 + 4,
883 [3] = 188 + 4,
884 [4] = 2048 + 4,
885 };
886
887 uint8_t media = r->req.cmd.buf[1];
888 uint8_t layer = r->req.cmd.buf[6];
889 uint8_t format = r->req.cmd.buf[7];
890 int size = -1;
891
892 if (s->qdev.type != TYPE_ROM) {
893 return -1;
894 }
895 if (media != 0) {
896 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
897 return -1;
898 }
899
900 if (format != 0xff) {
901 if (!blk_is_available(s->qdev.conf.blk)) {
902 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
903 return -1;
904 }
905 if (media_is_cd(s)) {
906 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
907 return -1;
908 }
909 if (format >= ARRAY_SIZE(rds_caps_size)) {
910 return -1;
911 }
912 size = rds_caps_size[format];
913 memset(outbuf, 0, size);
914 }
915
916 switch (format) {
917 case 0x00: {
918
919 uint64_t nb_sectors;
920 if (layer != 0) {
921 goto fail;
922 }
923 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
924
925 outbuf[4] = 1;
926 outbuf[5] = 0xf;
927 outbuf[6] = 1;
928 outbuf[7] = 0;
929
930 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1);
931 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1);
932 break;
933 }
934
935 case 0x01:
936 break;
937
938 case 0x03:
939 return -1;
940
941 case 0x04:
942 break;
943
944 case 0xff: {
945 int i;
946 size = 4;
947 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
948 if (!rds_caps_size[i]) {
949 continue;
950 }
951 outbuf[size] = i;
952 outbuf[size + 1] = 0x40;
953 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
954 size += 4;
955 }
956 break;
957 }
958
959 default:
960 return -1;
961 }
962
963
964 stw_be_p(outbuf, size - 2);
965 return size;
966
967fail:
968 return -1;
969}
970
971static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
972{
973 uint8_t event_code, media_status;
974
975 media_status = 0;
976 if (s->tray_open) {
977 media_status = MS_TRAY_OPEN;
978 } else if (blk_is_inserted(s->qdev.conf.blk)) {
979 media_status = MS_MEDIA_PRESENT;
980 }
981
982
983 event_code = MEC_NO_CHANGE;
984 if (media_status != MS_TRAY_OPEN) {
985 if (s->media_event) {
986 event_code = MEC_NEW_MEDIA;
987 s->media_event = false;
988 } else if (s->eject_request) {
989 event_code = MEC_EJECT_REQUESTED;
990 s->eject_request = false;
991 }
992 }
993
994 outbuf[0] = event_code;
995 outbuf[1] = media_status;
996
997
998 outbuf[2] = 0;
999 outbuf[3] = 0;
1000 return 4;
1001}
1002
1003static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1004 uint8_t *outbuf)
1005{
1006 int size;
1007 uint8_t *buf = r->req.cmd.buf;
1008 uint8_t notification_class_request = buf[4];
1009 if (s->qdev.type != TYPE_ROM) {
1010 return -1;
1011 }
1012 if ((buf[1] & 1) == 0) {
1013
1014 return -1;
1015 }
1016
1017 size = 4;
1018 outbuf[0] = outbuf[1] = 0;
1019 outbuf[3] = 1 << GESN_MEDIA;
1020 if (notification_class_request & (1 << GESN_MEDIA)) {
1021 outbuf[2] = GESN_MEDIA;
1022 size += scsi_event_status_media(s, &outbuf[size]);
1023 } else {
1024 outbuf[2] = 0x80;
1025 }
1026 stw_be_p(outbuf, size - 4);
1027 return size;
1028}
1029
1030static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1031{
1032 int current;
1033
1034 if (s->qdev.type != TYPE_ROM) {
1035 return -1;
1036 }
1037
1038 if (media_is_dvd(s)) {
1039 current = MMC_PROFILE_DVD_ROM;
1040 } else if (media_is_cd(s)) {
1041 current = MMC_PROFILE_CD_ROM;
1042 } else {
1043 current = MMC_PROFILE_NONE;
1044 }
1045
1046 memset(outbuf, 0, 40);
1047 stl_be_p(&outbuf[0], 36);
1048 stw_be_p(&outbuf[6], current);
1049
1050 outbuf[10] = 0x03;
1051 outbuf[11] = 8;
1052 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1053 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1054 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1055 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1056
1057 stw_be_p(&outbuf[20], 1);
1058 outbuf[22] = 0x08 | 0x03;
1059 outbuf[23] = 8;
1060 stl_be_p(&outbuf[24], 1);
1061 outbuf[28] = 1;
1062
1063 stw_be_p(&outbuf[32], 3);
1064 outbuf[34] = 0x08 | 0x03;
1065 outbuf[35] = 4;
1066 outbuf[36] = 0x39;
1067
1068
1069 return 40;
1070}
1071
1072static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1073{
1074 if (s->qdev.type != TYPE_ROM) {
1075 return -1;
1076 }
1077 memset(outbuf, 0, 8);
1078 outbuf[5] = 1;
1079 return 8;
1080}
1081
1082static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1083 int page_control)
1084{
1085 static const int mode_sense_valid[0x3f] = {
1086 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1087 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1088 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1089 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1090 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1091 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1092 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1093 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
1094 };
1095
1096 uint8_t *p = *p_outbuf + 2;
1097 int length;
1098
1099 assert(page < ARRAY_SIZE(mode_sense_valid));
1100 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1101 return -1;
1102 }
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116 switch (page) {
1117 case MODE_PAGE_HD_GEOMETRY:
1118 length = 0x16;
1119 if (page_control == 1) {
1120 break;
1121 }
1122
1123 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1124 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1125 p[2] = s->qdev.conf.cyls & 0xff;
1126 p[3] = s->qdev.conf.heads & 0xff;
1127
1128 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1129 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[6] = s->qdev.conf.cyls & 0xff;
1131
1132 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1133 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1134 p[9] = s->qdev.conf.cyls & 0xff;
1135
1136 p[10] = 0;
1137 p[11] = 200;
1138
1139 p[12] = 0xff;
1140 p[13] = 0xff;
1141 p[14] = 0xff;
1142
1143 p[18] = (5400 >> 8) & 0xff;
1144 p[19] = 5400 & 0xff;
1145 break;
1146
1147 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1148 length = 0x1e;
1149 if (page_control == 1) {
1150 break;
1151 }
1152
1153 p[0] = 5000 >> 8;
1154 p[1] = 5000 & 0xff;
1155
1156 p[2] = s->qdev.conf.heads & 0xff;
1157 p[3] = s->qdev.conf.secs & 0xff;
1158 p[4] = s->qdev.blocksize >> 8;
1159 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1160 p[7] = s->qdev.conf.cyls & 0xff;
1161
1162 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1163 p[9] = s->qdev.conf.cyls & 0xff;
1164
1165 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1166 p[11] = s->qdev.conf.cyls & 0xff;
1167
1168 p[12] = 0;
1169 p[13] = 1;
1170
1171 p[14] = 1;
1172
1173 p[15] = 0;
1174 p[16] = 1;
1175
1176 p[17] = 1;
1177
1178 p[18] = 1;
1179
1180 p[26] = (5400 >> 8) & 0xff;
1181 p[27] = 5400 & 0xff;
1182 break;
1183
1184 case MODE_PAGE_CACHING:
1185 length = 0x12;
1186 if (page_control == 1 ||
1187 blk_enable_write_cache(s->qdev.conf.blk)) {
1188 p[0] = 4;
1189 }
1190 break;
1191
1192 case MODE_PAGE_R_W_ERROR:
1193 length = 10;
1194 if (page_control == 1) {
1195 if (s->qdev.type == TYPE_ROM) {
1196
1197 p[0] = 0x80;
1198 }
1199 break;
1200 }
1201 p[0] = 0x80;
1202 if (s->qdev.type == TYPE_ROM) {
1203 p[1] = 0x20;
1204 }
1205 break;
1206
1207 case MODE_PAGE_AUDIO_CTL:
1208 length = 14;
1209 break;
1210
1211 case MODE_PAGE_CAPABILITIES:
1212 length = 0x14;
1213 if (page_control == 1) {
1214 break;
1215 }
1216
1217 p[0] = 0x3b;
1218 p[1] = 0;
1219 p[2] = 0x7f;
1220
1221 p[3] = 0xff;
1222
1223
1224 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1225
1226 p[5] = 0;
1227
1228 p[6] = (50 * 176) >> 8;
1229 p[7] = (50 * 176) & 0xff;
1230 p[8] = 2 >> 8;
1231 p[9] = 2 & 0xff;
1232 p[10] = 2048 >> 8;
1233 p[11] = 2048 & 0xff;
1234 p[12] = (16 * 176) >> 8;
1235 p[13] = (16 * 176) & 0xff;
1236 p[16] = (16 * 176) >> 8;
1237 p[17] = (16 * 176) & 0xff;
1238 p[18] = (16 * 176) >> 8;
1239 p[19] = (16 * 176) & 0xff;
1240 break;
1241
1242 case MODE_PAGE_APPLE_VENDOR:
1243 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1244 length = 0x1e;
1245 if (page_control == 1) {
1246 break;
1247 }
1248
1249 memset(p, 0, length);
1250 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1251 break;
1252 } else {
1253 return -1;
1254 }
1255
1256 case MODE_PAGE_VENDOR_SPECIFIC:
1257 if (s->qdev.type == TYPE_DISK && (s->quirks &
1258 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1259 length = 0x2;
1260 if (page_control == 1) {
1261 p[0] = 0xff;
1262 p[1] = 0xff;
1263 break;
1264 }
1265 p[0] = 0;
1266 p[1] = 0;
1267 break;
1268 } else {
1269 return -1;
1270 }
1271
1272 default:
1273 return -1;
1274 }
1275
1276 assert(length < 256);
1277 (*p_outbuf)[0] = page;
1278 (*p_outbuf)[1] = length;
1279 *p_outbuf += length + 2;
1280 return length + 2;
1281}
1282
1283static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1284{
1285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1286 uint64_t nb_sectors;
1287 bool dbd;
1288 int page, buflen, ret, page_control;
1289 uint8_t *p;
1290 uint8_t dev_specific_param;
1291
1292 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1293 page = r->req.cmd.buf[2] & 0x3f;
1294 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1295
1296 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1297 10, page, r->req.cmd.xfer, page_control);
1298 memset(outbuf, 0, r->req.cmd.xfer);
1299 p = outbuf;
1300
1301 if (s->qdev.type == TYPE_DISK) {
1302 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1303 if (!blk_is_writable(s->qdev.conf.blk)) {
1304 dev_specific_param |= 0x80;
1305 }
1306 } else {
1307 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1308
1309 dev_specific_param = 0x00;
1310
1311
1312
1313
1314
1315
1316 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1317 page == MODE_PAGE_APPLE_VENDOR) {
1318 dbd = true;
1319 }
1320 } else {
1321
1322
1323
1324
1325 dev_specific_param = 0x00;
1326 dbd = true;
1327 }
1328 }
1329
1330 if (r->req.cmd.buf[0] == MODE_SENSE) {
1331 p[1] = 0;
1332 p[2] = dev_specific_param;
1333 p[3] = 0;
1334 p += 4;
1335 } else {
1336 p[2] = 0;
1337 p[3] = dev_specific_param;
1338 p[6] = p[7] = 0;
1339 p += 8;
1340 }
1341
1342 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1343 if (!dbd && nb_sectors) {
1344 if (r->req.cmd.buf[0] == MODE_SENSE) {
1345 outbuf[3] = 8;
1346 } else {
1347 outbuf[7] = 8;
1348 }
1349 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1350 if (nb_sectors > 0xffffff) {
1351 nb_sectors = 0;
1352 }
1353 p[0] = 0;
1354 p[1] = (nb_sectors >> 16) & 0xff;
1355 p[2] = (nb_sectors >> 8) & 0xff;
1356 p[3] = nb_sectors & 0xff;
1357 p[4] = 0;
1358 p[5] = 0;
1359 p[6] = s->qdev.blocksize >> 8;
1360 p[7] = 0;
1361 p += 8;
1362 }
1363
1364 if (page_control == 3) {
1365
1366 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1367 return -1;
1368 }
1369
1370 if (page == 0x3f) {
1371 for (page = 0; page <= 0x3e; page++) {
1372 mode_sense_page(s, page, &p, page_control);
1373 }
1374 } else {
1375 ret = mode_sense_page(s, page, &p, page_control);
1376 if (ret == -1) {
1377 return -1;
1378 }
1379 }
1380
1381 buflen = p - outbuf;
1382
1383
1384
1385
1386
1387 if (r->req.cmd.buf[0] == MODE_SENSE) {
1388 outbuf[0] = buflen - 1;
1389 } else {
1390 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1391 outbuf[1] = (buflen - 2) & 0xff;
1392 }
1393 return buflen;
1394}
1395
1396static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1397{
1398 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1399 int start_track, format, msf, toclen;
1400 uint64_t nb_sectors;
1401
1402 msf = req->cmd.buf[1] & 2;
1403 format = req->cmd.buf[2] & 0xf;
1404 start_track = req->cmd.buf[6];
1405 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1406 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1407 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1408 switch (format) {
1409 case 0:
1410 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1411 break;
1412 case 1:
1413
1414 toclen = 12;
1415 memset(outbuf, 0, 12);
1416 outbuf[1] = 0x0a;
1417 outbuf[2] = 0x01;
1418 outbuf[3] = 0x01;
1419 break;
1420 case 2:
1421 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1422 break;
1423 default:
1424 return -1;
1425 }
1426 return toclen;
1427}
1428
1429static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1430{
1431 SCSIRequest *req = &r->req;
1432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1433 bool start = req->cmd.buf[4] & 1;
1434 bool loej = req->cmd.buf[4] & 2;
1435 int pwrcnd = req->cmd.buf[4] & 0xf0;
1436
1437 if (pwrcnd) {
1438
1439 return 0;
1440 }
1441
1442 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1443 if (!start && !s->tray_open && s->tray_locked) {
1444 scsi_check_condition(r,
1445 blk_is_inserted(s->qdev.conf.blk)
1446 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1447 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1448 return -1;
1449 }
1450
1451 if (s->tray_open != !start) {
1452 blk_eject(s->qdev.conf.blk, !start);
1453 s->tray_open = !start;
1454 }
1455 }
1456 return 0;
1457}
1458
1459static void scsi_disk_emulate_read_data(SCSIRequest *req)
1460{
1461 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1462 int buflen = r->iov.iov_len;
1463
1464 if (buflen) {
1465 trace_scsi_disk_emulate_read_data(buflen);
1466 r->iov.iov_len = 0;
1467 r->started = true;
1468 scsi_req_data(&r->req, buflen);
1469 return;
1470 }
1471
1472
1473 scsi_req_complete(&r->req, GOOD);
1474}
1475
1476static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1477 uint8_t *inbuf, int inlen)
1478{
1479 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1480 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1481 uint8_t *p;
1482 int len, expected_len, changeable_len, i;
1483
1484
1485
1486
1487 expected_len = inlen + 2;
1488 if (expected_len > SCSI_MAX_MODE_LEN) {
1489 return -1;
1490 }
1491
1492
1493 if (page == MODE_PAGE_ALLS) {
1494 return -1;
1495 }
1496
1497 p = mode_current;
1498 memset(mode_current, 0, inlen + 2);
1499 len = mode_sense_page(s, page, &p, 0);
1500 if (len < 0 || len != expected_len) {
1501 return -1;
1502 }
1503
1504 p = mode_changeable;
1505 memset(mode_changeable, 0, inlen + 2);
1506 changeable_len = mode_sense_page(s, page, &p, 1);
1507 assert(changeable_len == len);
1508
1509
1510
1511
1512 for (i = 2; i < len; i++) {
1513 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1514 return -1;
1515 }
1516 }
1517 return 0;
1518}
1519
1520static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1521{
1522 switch (page) {
1523 case MODE_PAGE_CACHING:
1524 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1525 break;
1526
1527 default:
1528 break;
1529 }
1530}
1531
1532static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1533{
1534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1535
1536 while (len > 0) {
1537 int page, subpage, page_len;
1538
1539
1540 page = p[0] & 0x3f;
1541 if (p[0] & 0x40) {
1542 if (len < 4) {
1543 goto invalid_param_len;
1544 }
1545 subpage = p[1];
1546 page_len = lduw_be_p(&p[2]);
1547 p += 4;
1548 len -= 4;
1549 } else {
1550 if (len < 2) {
1551 goto invalid_param_len;
1552 }
1553 subpage = 0;
1554 page_len = p[1];
1555 p += 2;
1556 len -= 2;
1557 }
1558
1559 if (subpage) {
1560 goto invalid_param;
1561 }
1562 if (page_len > len) {
1563 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1564 goto invalid_param_len;
1565 }
1566 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
1567 }
1568
1569 if (!change) {
1570 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1571 goto invalid_param;
1572 }
1573 } else {
1574 scsi_disk_apply_mode_select(s, page, p);
1575 }
1576
1577 p += page_len;
1578 len -= page_len;
1579 }
1580 return 0;
1581
1582invalid_param:
1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1584 return -1;
1585
1586invalid_param_len:
1587 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1588 return -1;
1589}
1590
1591static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1592{
1593 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1594 uint8_t *p = inbuf;
1595 int cmd = r->req.cmd.buf[0];
1596 int len = r->req.cmd.xfer;
1597 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1598 int bd_len, bs;
1599 int pass;
1600
1601 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1602 if (!(s->quirks &
1603 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1604
1605 goto invalid_field;
1606 }
1607 }
1608
1609 if (len < hdr_len) {
1610 goto invalid_param_len;
1611 }
1612
1613 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1614 len -= hdr_len;
1615 p += hdr_len;
1616 if (len < bd_len) {
1617 goto invalid_param_len;
1618 }
1619 if (bd_len != 0 && bd_len != 8) {
1620 goto invalid_param;
1621 }
1622
1623
1624 if (bd_len) {
1625 bs = p[5] << 16 | p[6] << 8 | p[7];
1626
1627
1628
1629
1630
1631
1632
1633 if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) {
1634 s->qdev.blocksize = bs;
1635 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1636 }
1637 }
1638
1639 len -= bd_len;
1640 p += bd_len;
1641
1642
1643 for (pass = 0; pass < 2; pass++) {
1644 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1645 assert(pass == 0);
1646 return;
1647 }
1648 }
1649 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1650
1651 scsi_req_ref(&r->req);
1652 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1653 BLOCK_ACCT_FLUSH);
1654 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1655 return;
1656 }
1657
1658 scsi_req_complete(&r->req, GOOD);
1659 return;
1660
1661invalid_param:
1662 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1663 return;
1664
1665invalid_param_len:
1666 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1667 return;
1668
1669invalid_field:
1670 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1671}
1672
1673
1674static inline bool check_lba_range(SCSIDiskState *s,
1675 uint64_t sector_num, uint32_t nb_sectors)
1676{
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686 return (sector_num <= sector_num + nb_sectors &&
1687 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1688}
1689
1690typedef struct UnmapCBData {
1691 SCSIDiskReq *r;
1692 uint8_t *inbuf;
1693 int count;
1694} UnmapCBData;
1695
1696static void scsi_unmap_complete(void *opaque, int ret);
1697
1698static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1699{
1700 SCSIDiskReq *r = data->r;
1701 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1702
1703 assert(r->req.aiocb == NULL);
1704
1705 if (data->count > 0) {
1706 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1707 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1708 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1709 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1710
1711 if (!check_lba_range(s, sector_num, nb_sectors)) {
1712 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1713 BLOCK_ACCT_UNMAP);
1714 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1715 goto done;
1716 }
1717
1718 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1719 r->sector_count * BDRV_SECTOR_SIZE,
1720 BLOCK_ACCT_UNMAP);
1721
1722 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1723 r->sector * BDRV_SECTOR_SIZE,
1724 r->sector_count * BDRV_SECTOR_SIZE,
1725 scsi_unmap_complete, data);
1726 data->count--;
1727 data->inbuf += 16;
1728 return;
1729 }
1730
1731 scsi_req_complete(&r->req, GOOD);
1732
1733done:
1734 scsi_req_unref(&r->req);
1735 g_free(data);
1736}
1737
1738static void scsi_unmap_complete(void *opaque, int ret)
1739{
1740 UnmapCBData *data = opaque;
1741 SCSIDiskReq *r = data->r;
1742 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1743
1744 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1745
1746 assert(r->req.aiocb != NULL);
1747 r->req.aiocb = NULL;
1748
1749 if (scsi_disk_req_check_error(r, ret, true)) {
1750 scsi_req_unref(&r->req);
1751 g_free(data);
1752 } else {
1753 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1754 scsi_unmap_complete_noio(data, ret);
1755 }
1756 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1757}
1758
1759static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1760{
1761 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1762 uint8_t *p = inbuf;
1763 int len = r->req.cmd.xfer;
1764 UnmapCBData *data;
1765
1766
1767 if (r->req.cmd.buf[1] & 0x1) {
1768 goto invalid_field;
1769 }
1770
1771 if (len < 8) {
1772 goto invalid_param_len;
1773 }
1774 if (len < lduw_be_p(&p[0]) + 2) {
1775 goto invalid_param_len;
1776 }
1777 if (len < lduw_be_p(&p[2]) + 8) {
1778 goto invalid_param_len;
1779 }
1780 if (lduw_be_p(&p[2]) & 15) {
1781 goto invalid_param_len;
1782 }
1783
1784 if (!blk_is_writable(s->qdev.conf.blk)) {
1785 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1786 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1787 return;
1788 }
1789
1790 data = g_new0(UnmapCBData, 1);
1791 data->r = r;
1792 data->inbuf = &p[8];
1793 data->count = lduw_be_p(&p[2]) >> 4;
1794
1795
1796 scsi_req_ref(&r->req);
1797 scsi_unmap_complete_noio(data, 0);
1798 return;
1799
1800invalid_param_len:
1801 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1802 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1803 return;
1804
1805invalid_field:
1806 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1807 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1808}
1809
1810typedef struct WriteSameCBData {
1811 SCSIDiskReq *r;
1812 int64_t sector;
1813 int nb_sectors;
1814 QEMUIOVector qiov;
1815 struct iovec iov;
1816} WriteSameCBData;
1817
1818static void scsi_write_same_complete(void *opaque, int ret)
1819{
1820 WriteSameCBData *data = opaque;
1821 SCSIDiskReq *r = data->r;
1822 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1823
1824 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1825
1826 assert(r->req.aiocb != NULL);
1827 r->req.aiocb = NULL;
1828
1829 if (scsi_disk_req_check_error(r, ret, true)) {
1830 goto done;
1831 }
1832
1833 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1834
1835 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1836 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1837 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1838 data->iov.iov_len);
1839 if (data->iov.iov_len) {
1840 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1841 data->iov.iov_len, BLOCK_ACCT_WRITE);
1842
1843
1844 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1845 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1846 data->sector << BDRV_SECTOR_BITS,
1847 &data->qiov, 0,
1848 scsi_write_same_complete, data);
1849 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1850 return;
1851 }
1852
1853 scsi_req_complete(&r->req, GOOD);
1854
1855done:
1856 scsi_req_unref(&r->req);
1857 qemu_vfree(data->iov.iov_base);
1858 g_free(data);
1859 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1860}
1861
1862static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1863{
1864 SCSIRequest *req = &r->req;
1865 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1866 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1867 WriteSameCBData *data;
1868 uint8_t *buf;
1869 int i, l;
1870
1871
1872 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1873 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1874 return;
1875 }
1876
1877 if (!blk_is_writable(s->qdev.conf.blk)) {
1878 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1879 return;
1880 }
1881 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1882 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1883 return;
1884 }
1885
1886 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1887 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1888
1889
1890 scsi_req_ref(&r->req);
1891 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1892 nb_sectors * s->qdev.blocksize,
1893 BLOCK_ACCT_WRITE);
1894 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1895 r->req.cmd.lba * s->qdev.blocksize,
1896 nb_sectors * s->qdev.blocksize,
1897 flags, scsi_aio_complete, r);
1898 return;
1899 }
1900
1901 data = g_new0(WriteSameCBData, 1);
1902 data->r = r;
1903 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1904 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1905 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1906 SCSI_WRITE_SAME_MAX);
1907 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1908 data->iov.iov_len);
1909 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1910
1911 for (i = 0; i < data->iov.iov_len; i += l) {
1912 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1913 memcpy(&buf[i], inbuf, l);
1914 }
1915
1916 scsi_req_ref(&r->req);
1917 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1918 data->iov.iov_len, BLOCK_ACCT_WRITE);
1919 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1920 data->sector << BDRV_SECTOR_BITS,
1921 &data->qiov, 0,
1922 scsi_write_same_complete, data);
1923}
1924
1925static void scsi_disk_emulate_write_data(SCSIRequest *req)
1926{
1927 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1928
1929 if (r->iov.iov_len) {
1930 int buflen = r->iov.iov_len;
1931 trace_scsi_disk_emulate_write_data(buflen);
1932 r->iov.iov_len = 0;
1933 scsi_req_data(&r->req, buflen);
1934 return;
1935 }
1936
1937 switch (req->cmd.buf[0]) {
1938 case MODE_SELECT:
1939 case MODE_SELECT_10:
1940
1941 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1942 break;
1943
1944 case UNMAP:
1945 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1946 break;
1947
1948 case VERIFY_10:
1949 case VERIFY_12:
1950 case VERIFY_16:
1951 if (r->req.status == -1) {
1952 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1953 }
1954 break;
1955
1956 case WRITE_SAME_10:
1957 case WRITE_SAME_16:
1958 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1959 break;
1960
1961 default:
1962 abort();
1963 }
1964}
1965
1966static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1967{
1968 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1969 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1970 uint64_t nb_sectors;
1971 uint8_t *outbuf;
1972 int buflen;
1973
1974 switch (req->cmd.buf[0]) {
1975 case INQUIRY:
1976 case MODE_SENSE:
1977 case MODE_SENSE_10:
1978 case RESERVE:
1979 case RESERVE_10:
1980 case RELEASE:
1981 case RELEASE_10:
1982 case START_STOP:
1983 case ALLOW_MEDIUM_REMOVAL:
1984 case GET_CONFIGURATION:
1985 case GET_EVENT_STATUS_NOTIFICATION:
1986 case MECHANISM_STATUS:
1987 case REQUEST_SENSE:
1988 break;
1989
1990 default:
1991 if (!blk_is_available(s->qdev.conf.blk)) {
1992 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1993 return 0;
1994 }
1995 break;
1996 }
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006 if (req->cmd.xfer > 65536) {
2007 goto illegal_request;
2008 }
2009 r->buflen = MAX(4096, req->cmd.xfer);
2010
2011 if (!r->iov.iov_base) {
2012 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
2013 }
2014
2015 outbuf = r->iov.iov_base;
2016 memset(outbuf, 0, r->buflen);
2017 switch (req->cmd.buf[0]) {
2018 case TEST_UNIT_READY:
2019 assert(blk_is_available(s->qdev.conf.blk));
2020 break;
2021 case INQUIRY:
2022 buflen = scsi_disk_emulate_inquiry(req, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case MODE_SENSE:
2028 case MODE_SENSE_10:
2029 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
2030 if (buflen < 0) {
2031 goto illegal_request;
2032 }
2033 break;
2034 case READ_TOC:
2035 buflen = scsi_disk_emulate_read_toc(req, outbuf);
2036 if (buflen < 0) {
2037 goto illegal_request;
2038 }
2039 break;
2040 case RESERVE:
2041 if (req->cmd.buf[1] & 1) {
2042 goto illegal_request;
2043 }
2044 break;
2045 case RESERVE_10:
2046 if (req->cmd.buf[1] & 3) {
2047 goto illegal_request;
2048 }
2049 break;
2050 case RELEASE:
2051 if (req->cmd.buf[1] & 1) {
2052 goto illegal_request;
2053 }
2054 break;
2055 case RELEASE_10:
2056 if (req->cmd.buf[1] & 3) {
2057 goto illegal_request;
2058 }
2059 break;
2060 case START_STOP:
2061 if (scsi_disk_emulate_start_stop(r) < 0) {
2062 return 0;
2063 }
2064 break;
2065 case ALLOW_MEDIUM_REMOVAL:
2066 s->tray_locked = req->cmd.buf[4] & 1;
2067 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
2068 break;
2069 case READ_CAPACITY_10:
2070
2071 memset(outbuf, 0, 8);
2072 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2073 if (!nb_sectors) {
2074 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2075 return 0;
2076 }
2077 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2078 goto illegal_request;
2079 }
2080 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2081
2082 nb_sectors--;
2083
2084 s->qdev.max_lba = nb_sectors;
2085
2086 if (nb_sectors > UINT32_MAX) {
2087 nb_sectors = UINT32_MAX;
2088 }
2089 outbuf[0] = (nb_sectors >> 24) & 0xff;
2090 outbuf[1] = (nb_sectors >> 16) & 0xff;
2091 outbuf[2] = (nb_sectors >> 8) & 0xff;
2092 outbuf[3] = nb_sectors & 0xff;
2093 outbuf[4] = 0;
2094 outbuf[5] = 0;
2095 outbuf[6] = s->qdev.blocksize >> 8;
2096 outbuf[7] = 0;
2097 break;
2098 case REQUEST_SENSE:
2099
2100 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2101 (req->cmd.buf[1] & 1) == 0);
2102 if (buflen < 0) {
2103 goto illegal_request;
2104 }
2105 break;
2106 case MECHANISM_STATUS:
2107 buflen = scsi_emulate_mechanism_status(s, outbuf);
2108 if (buflen < 0) {
2109 goto illegal_request;
2110 }
2111 break;
2112 case GET_CONFIGURATION:
2113 buflen = scsi_get_configuration(s, outbuf);
2114 if (buflen < 0) {
2115 goto illegal_request;
2116 }
2117 break;
2118 case GET_EVENT_STATUS_NOTIFICATION:
2119 buflen = scsi_get_event_status_notification(s, r, outbuf);
2120 if (buflen < 0) {
2121 goto illegal_request;
2122 }
2123 break;
2124 case READ_DISC_INFORMATION:
2125 buflen = scsi_read_disc_information(s, r, outbuf);
2126 if (buflen < 0) {
2127 goto illegal_request;
2128 }
2129 break;
2130 case READ_DVD_STRUCTURE:
2131 buflen = scsi_read_dvd_structure(s, r, outbuf);
2132 if (buflen < 0) {
2133 goto illegal_request;
2134 }
2135 break;
2136 case SERVICE_ACTION_IN_16:
2137
2138 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2139 trace_scsi_disk_emulate_command_SAI_16();
2140 memset(outbuf, 0, req->cmd.xfer);
2141 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2142 if (!nb_sectors) {
2143 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2144 return 0;
2145 }
2146 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2147 goto illegal_request;
2148 }
2149 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2150
2151 nb_sectors--;
2152
2153 s->qdev.max_lba = nb_sectors;
2154 outbuf[0] = (nb_sectors >> 56) & 0xff;
2155 outbuf[1] = (nb_sectors >> 48) & 0xff;
2156 outbuf[2] = (nb_sectors >> 40) & 0xff;
2157 outbuf[3] = (nb_sectors >> 32) & 0xff;
2158 outbuf[4] = (nb_sectors >> 24) & 0xff;
2159 outbuf[5] = (nb_sectors >> 16) & 0xff;
2160 outbuf[6] = (nb_sectors >> 8) & 0xff;
2161 outbuf[7] = nb_sectors & 0xff;
2162 outbuf[8] = 0;
2163 outbuf[9] = 0;
2164 outbuf[10] = s->qdev.blocksize >> 8;
2165 outbuf[11] = 0;
2166 outbuf[12] = 0;
2167 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2168
2169
2170 if (s->qdev.conf.discard_granularity) {
2171 outbuf[14] = 0x80;
2172 }
2173
2174
2175 break;
2176 }
2177 trace_scsi_disk_emulate_command_SAI_unsupported();
2178 goto illegal_request;
2179 case SYNCHRONIZE_CACHE:
2180
2181 scsi_req_ref(&r->req);
2182 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2183 BLOCK_ACCT_FLUSH);
2184 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2185 return 0;
2186 case SEEK_10:
2187 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2188 if (r->req.cmd.lba > s->qdev.max_lba) {
2189 goto illegal_lba;
2190 }
2191 break;
2192 case MODE_SELECT:
2193 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2194 break;
2195 case MODE_SELECT_10:
2196 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2197 break;
2198 case UNMAP:
2199 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2200 break;
2201 case VERIFY_10:
2202 case VERIFY_12:
2203 case VERIFY_16:
2204 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2205 if (req->cmd.buf[1] & 6) {
2206 goto illegal_request;
2207 }
2208 break;
2209 case WRITE_SAME_10:
2210 case WRITE_SAME_16:
2211 trace_scsi_disk_emulate_command_WRITE_SAME(
2212 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2213 break;
2214 case FORMAT_UNIT:
2215 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2216 break;
2217 default:
2218 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2219 scsi_command_name(buf[0]));
2220 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2221 return 0;
2222 }
2223 assert(!r->req.aiocb);
2224 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2225 if (r->iov.iov_len == 0) {
2226 scsi_req_complete(&r->req, GOOD);
2227 }
2228 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2229 assert(r->iov.iov_len == req->cmd.xfer);
2230 return -r->iov.iov_len;
2231 } else {
2232 return r->iov.iov_len;
2233 }
2234
2235illegal_request:
2236 if (r->req.status == -1) {
2237 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2238 }
2239 return 0;
2240
2241illegal_lba:
2242 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2243 return 0;
2244}
2245
2246
2247
2248
2249
2250
2251static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2252{
2253 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2255 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2256 uint32_t len;
2257 uint8_t command;
2258
2259 command = buf[0];
2260
2261 if (!blk_is_available(s->qdev.conf.blk)) {
2262 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2263 return 0;
2264 }
2265
2266 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2267 switch (command) {
2268 case READ_6:
2269 case READ_10:
2270 case READ_12:
2271 case READ_16:
2272 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2273
2274
2275
2276
2277 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2278 goto illegal_request;
2279 }
2280 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2281 goto illegal_lba;
2282 }
2283 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2284 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2285 break;
2286 case WRITE_6:
2287 case WRITE_10:
2288 case WRITE_12:
2289 case WRITE_16:
2290 case WRITE_VERIFY_10:
2291 case WRITE_VERIFY_12:
2292 case WRITE_VERIFY_16:
2293 if (!blk_is_writable(s->qdev.conf.blk)) {
2294 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2295 return 0;
2296 }
2297 trace_scsi_disk_dma_command_WRITE(
2298 (command & 0xe) == 0xe ? "And Verify " : "",
2299 r->req.cmd.lba, len);
2300
2301 case VERIFY_10:
2302 case VERIFY_12:
2303 case VERIFY_16:
2304
2305
2306
2307
2308 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2309 goto illegal_request;
2310 }
2311 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2312 goto illegal_lba;
2313 }
2314 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2315 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2316 break;
2317 default:
2318 abort();
2319 illegal_request:
2320 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2321 return 0;
2322 illegal_lba:
2323 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2324 return 0;
2325 }
2326 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2327 if (r->sector_count == 0) {
2328 scsi_req_complete(&r->req, GOOD);
2329 }
2330 assert(r->iov.iov_len == 0);
2331 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2332 return -r->sector_count * BDRV_SECTOR_SIZE;
2333 } else {
2334 return r->sector_count * BDRV_SECTOR_SIZE;
2335 }
2336}
2337
2338static void scsi_disk_reset(DeviceState *dev)
2339{
2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2341 uint64_t nb_sectors;
2342 AioContext *ctx;
2343
2344 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2345
2346 ctx = blk_get_aio_context(s->qdev.conf.blk);
2347 aio_context_acquire(ctx);
2348 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2349 aio_context_release(ctx);
2350
2351 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2352 if (nb_sectors) {
2353 nb_sectors--;
2354 }
2355 s->qdev.max_lba = nb_sectors;
2356
2357 s->tray_locked = 0;
2358 s->tray_open = 0;
2359
2360 s->qdev.scsi_version = s->qdev.default_scsi_version;
2361}
2362
2363static void scsi_disk_drained_begin(void *opaque)
2364{
2365 SCSIDiskState *s = opaque;
2366
2367 scsi_device_drained_begin(&s->qdev);
2368}
2369
2370static void scsi_disk_drained_end(void *opaque)
2371{
2372 SCSIDiskState *s = opaque;
2373
2374 scsi_device_drained_end(&s->qdev);
2375}
2376
2377static void scsi_disk_resize_cb(void *opaque)
2378{
2379 SCSIDiskState *s = opaque;
2380
2381
2382
2383
2384 if (s->qdev.type == TYPE_DISK) {
2385 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2386 }
2387}
2388
2389static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2390{
2391 SCSIDiskState *s = opaque;
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403 s->media_changed = load;
2404 s->tray_open = !load;
2405 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2406 s->media_event = true;
2407 s->eject_request = false;
2408}
2409
2410static void scsi_cd_eject_request_cb(void *opaque, bool force)
2411{
2412 SCSIDiskState *s = opaque;
2413
2414 s->eject_request = true;
2415 if (force) {
2416 s->tray_locked = false;
2417 }
2418}
2419
2420static bool scsi_cd_is_tray_open(void *opaque)
2421{
2422 return ((SCSIDiskState *)opaque)->tray_open;
2423}
2424
2425static bool scsi_cd_is_medium_locked(void *opaque)
2426{
2427 return ((SCSIDiskState *)opaque)->tray_locked;
2428}
2429
2430static const BlockDevOps scsi_disk_removable_block_ops = {
2431 .change_media_cb = scsi_cd_change_media_cb,
2432 .drained_begin = scsi_disk_drained_begin,
2433 .drained_end = scsi_disk_drained_end,
2434 .eject_request_cb = scsi_cd_eject_request_cb,
2435 .is_medium_locked = scsi_cd_is_medium_locked,
2436 .is_tray_open = scsi_cd_is_tray_open,
2437 .resize_cb = scsi_disk_resize_cb,
2438};
2439
2440static const BlockDevOps scsi_disk_block_ops = {
2441 .drained_begin = scsi_disk_drained_begin,
2442 .drained_end = scsi_disk_drained_end,
2443 .resize_cb = scsi_disk_resize_cb,
2444};
2445
2446static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2447{
2448 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2449 if (s->media_changed) {
2450 s->media_changed = false;
2451 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2452 }
2453}
2454
2455static void scsi_realize(SCSIDevice *dev, Error **errp)
2456{
2457 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2458 bool read_only;
2459
2460 if (!s->qdev.conf.blk) {
2461 error_setg(errp, "drive property not set");
2462 return;
2463 }
2464
2465 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2466 !blk_is_inserted(s->qdev.conf.blk)) {
2467 error_setg(errp, "Device needs media, but drive is empty");
2468 return;
2469 }
2470
2471 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2472 return;
2473 }
2474
2475 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2476 !s->qdev.hba_supports_iothread)
2477 {
2478 error_setg(errp, "HBA does not support iothreads");
2479 return;
2480 }
2481
2482 if (dev->type == TYPE_DISK) {
2483 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2484 return;
2485 }
2486 }
2487
2488 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2489 if (dev->type == TYPE_ROM) {
2490 read_only = true;
2491 }
2492
2493 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2494 dev->type == TYPE_DISK, errp)) {
2495 return;
2496 }
2497
2498 if (s->qdev.conf.discard_granularity == -1) {
2499 s->qdev.conf.discard_granularity =
2500 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2501 }
2502
2503 if (!s->version) {
2504 s->version = g_strdup(qemu_hw_version());
2505 }
2506 if (!s->vendor) {
2507 s->vendor = g_strdup("QEMU");
2508 }
2509 if (!s->device_id) {
2510 if (s->serial) {
2511 s->device_id = g_strdup_printf("%.20s", s->serial);
2512 } else {
2513 const char *str = blk_name(s->qdev.conf.blk);
2514 if (str && *str) {
2515 s->device_id = g_strdup(str);
2516 }
2517 }
2518 }
2519
2520 if (blk_is_sg(s->qdev.conf.blk)) {
2521 error_setg(errp, "unwanted /dev/sg*");
2522 return;
2523 }
2524
2525 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2526 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2527 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2528 } else {
2529 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2530 }
2531
2532 blk_iostatus_enable(s->qdev.conf.blk);
2533
2534 add_boot_device_lchs(&dev->qdev, NULL,
2535 dev->conf.lcyls,
2536 dev->conf.lheads,
2537 dev->conf.lsecs);
2538}
2539
2540static void scsi_unrealize(SCSIDevice *dev)
2541{
2542 del_boot_device_lchs(&dev->qdev, NULL);
2543}
2544
2545static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2546{
2547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2548 AioContext *ctx = NULL;
2549
2550
2551
2552 if (s->qdev.conf.blk) {
2553 ctx = blk_get_aio_context(s->qdev.conf.blk);
2554 aio_context_acquire(ctx);
2555 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2556 goto out;
2557 }
2558 }
2559 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2560 s->qdev.type = TYPE_DISK;
2561 if (!s->product) {
2562 s->product = g_strdup("QEMU HARDDISK");
2563 }
2564 scsi_realize(&s->qdev, errp);
2565out:
2566 if (ctx) {
2567 aio_context_release(ctx);
2568 }
2569}
2570
2571static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2572{
2573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2574 AioContext *ctx;
2575 int ret;
2576 uint32_t blocksize = 2048;
2577
2578 if (!dev->conf.blk) {
2579
2580
2581 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2582 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2583 assert(ret == 0);
2584 }
2585
2586 if (dev->conf.physical_block_size != 0) {
2587 blocksize = dev->conf.physical_block_size;
2588 }
2589
2590 ctx = blk_get_aio_context(dev->conf.blk);
2591 aio_context_acquire(ctx);
2592 s->qdev.blocksize = blocksize;
2593 s->qdev.type = TYPE_ROM;
2594 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2595 if (!s->product) {
2596 s->product = g_strdup("QEMU CD-ROM");
2597 }
2598 scsi_realize(&s->qdev, errp);
2599 aio_context_release(ctx);
2600}
2601
2602
2603static const SCSIReqOps scsi_disk_emulate_reqops = {
2604 .size = sizeof(SCSIDiskReq),
2605 .free_req = scsi_free_request,
2606 .send_command = scsi_disk_emulate_command,
2607 .read_data = scsi_disk_emulate_read_data,
2608 .write_data = scsi_disk_emulate_write_data,
2609 .get_buf = scsi_get_buf,
2610};
2611
2612static const SCSIReqOps scsi_disk_dma_reqops = {
2613 .size = sizeof(SCSIDiskReq),
2614 .free_req = scsi_free_request,
2615 .send_command = scsi_disk_dma_command,
2616 .read_data = scsi_read_data,
2617 .write_data = scsi_write_data,
2618 .get_buf = scsi_get_buf,
2619 .load_request = scsi_disk_load_request,
2620 .save_request = scsi_disk_save_request,
2621};
2622
2623static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2624 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2625 [INQUIRY] = &scsi_disk_emulate_reqops,
2626 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2627 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2628 [START_STOP] = &scsi_disk_emulate_reqops,
2629 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2630 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2631 [READ_TOC] = &scsi_disk_emulate_reqops,
2632 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2633 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2634 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2635 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2636 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2637 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2638 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2639 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2640 [SEEK_10] = &scsi_disk_emulate_reqops,
2641 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2642 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2643 [UNMAP] = &scsi_disk_emulate_reqops,
2644 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2645 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2646 [VERIFY_10] = &scsi_disk_emulate_reqops,
2647 [VERIFY_12] = &scsi_disk_emulate_reqops,
2648 [VERIFY_16] = &scsi_disk_emulate_reqops,
2649 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
2650
2651 [READ_6] = &scsi_disk_dma_reqops,
2652 [READ_10] = &scsi_disk_dma_reqops,
2653 [READ_12] = &scsi_disk_dma_reqops,
2654 [READ_16] = &scsi_disk_dma_reqops,
2655 [WRITE_6] = &scsi_disk_dma_reqops,
2656 [WRITE_10] = &scsi_disk_dma_reqops,
2657 [WRITE_12] = &scsi_disk_dma_reqops,
2658 [WRITE_16] = &scsi_disk_dma_reqops,
2659 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2660 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2661 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2662};
2663
2664static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2665{
2666 int i;
2667 int len = scsi_cdb_length(buf);
2668 char *line_buffer, *p;
2669
2670 assert(len > 0 && len <= 16);
2671 line_buffer = g_malloc(len * 5 + 1);
2672
2673 for (i = 0, p = line_buffer; i < len; i++) {
2674 p += sprintf(p, " 0x%02x", buf[i]);
2675 }
2676 trace_scsi_disk_new_request(lun, tag, line_buffer);
2677
2678 g_free(line_buffer);
2679}
2680
2681static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2682 uint8_t *buf, void *hba_private)
2683{
2684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2685 SCSIRequest *req;
2686 const SCSIReqOps *ops;
2687 uint8_t command;
2688
2689 command = buf[0];
2690 ops = scsi_disk_reqops_dispatch[command];
2691 if (!ops) {
2692 ops = &scsi_disk_emulate_reqops;
2693 }
2694 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2695
2696 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2697 scsi_disk_new_request_dump(lun, tag, buf);
2698 }
2699
2700 return req;
2701}
2702
2703#ifdef __linux__
2704static int get_device_type(SCSIDiskState *s)
2705{
2706 uint8_t cmd[16];
2707 uint8_t buf[36];
2708 int ret;
2709
2710 memset(cmd, 0, sizeof(cmd));
2711 memset(buf, 0, sizeof(buf));
2712 cmd[0] = INQUIRY;
2713 cmd[4] = sizeof(buf);
2714
2715 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2716 buf, sizeof(buf), s->qdev.io_timeout);
2717 if (ret < 0) {
2718 return -1;
2719 }
2720 s->qdev.type = buf[0];
2721 if (buf[1] & 0x80) {
2722 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2723 }
2724 return 0;
2725}
2726
2727static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2728{
2729 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2730 AioContext *ctx;
2731 int sg_version;
2732 int rc;
2733
2734 if (!s->qdev.conf.blk) {
2735 error_setg(errp, "drive property not set");
2736 return;
2737 }
2738
2739 if (s->rotation_rate) {
2740 error_report_once("rotation_rate is specified for scsi-block but is "
2741 "not implemented. This option is deprecated and will "
2742 "be removed in a future version");
2743 }
2744
2745 ctx = blk_get_aio_context(s->qdev.conf.blk);
2746 aio_context_acquire(ctx);
2747
2748
2749 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2750 if (rc < 0) {
2751 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2752 if (rc != -EPERM) {
2753 error_append_hint(errp, "Is this a SCSI device?\n");
2754 }
2755 goto out;
2756 }
2757 if (sg_version < 30000) {
2758 error_setg(errp, "scsi generic interface too old");
2759 goto out;
2760 }
2761
2762
2763 rc = get_device_type(s);
2764 if (rc < 0) {
2765 error_setg(errp, "INQUIRY failed");
2766 goto out;
2767 }
2768
2769
2770
2771
2772
2773 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2774 s->qdev.blocksize = 2048;
2775 } else {
2776 s->qdev.blocksize = 512;
2777 }
2778
2779
2780
2781
2782 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2783
2784 scsi_realize(&s->qdev, errp);
2785 scsi_generic_read_device_inquiry(&s->qdev);
2786
2787out:
2788 aio_context_release(ctx);
2789}
2790
2791typedef struct SCSIBlockReq {
2792 SCSIDiskReq req;
2793 sg_io_hdr_t io_header;
2794
2795
2796 uint8_t cmd, cdb1, group_number;
2797
2798
2799 uint8_t cdb[16];
2800 BlockCompletionFunc *cb;
2801 void *cb_opaque;
2802} SCSIBlockReq;
2803
2804static void scsi_block_sgio_complete(void *opaque, int ret)
2805{
2806 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2807 SCSIDiskReq *r = &req->req;
2808 SCSIDevice *s = r->req.dev;
2809 sg_io_hdr_t *io_hdr = &req->io_header;
2810
2811 if (ret == 0) {
2812 if (io_hdr->host_status != SCSI_HOST_OK) {
2813 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2814 scsi_req_unref(&r->req);
2815 return;
2816 }
2817
2818 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2819 ret = BUSY;
2820 } else {
2821 ret = io_hdr->status;
2822 }
2823
2824 if (ret > 0) {
2825 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2826 if (scsi_handle_rw_error(r, ret, true)) {
2827 aio_context_release(blk_get_aio_context(s->conf.blk));
2828 scsi_req_unref(&r->req);
2829 return;
2830 }
2831 aio_context_release(blk_get_aio_context(s->conf.blk));
2832
2833
2834 ret = 0;
2835 }
2836 }
2837
2838 req->cb(req->cb_opaque, ret);
2839}
2840
2841static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2842 int64_t offset, QEMUIOVector *iov,
2843 int direction,
2844 BlockCompletionFunc *cb, void *opaque)
2845{
2846 sg_io_hdr_t *io_header = &req->io_header;
2847 SCSIDiskReq *r = &req->req;
2848 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2849 int nb_logical_blocks;
2850 uint64_t lba;
2851 BlockAIOCB *aiocb;
2852
2853
2854
2855
2856
2857 assert(offset % s->qdev.blocksize == 0);
2858 assert(iov->size % s->qdev.blocksize == 0);
2859
2860 io_header->interface_id = 'S';
2861
2862
2863 io_header->dxfer_direction = direction;
2864 io_header->dxfer_len = iov->size;
2865 io_header->dxferp = (void *)iov->iov;
2866 io_header->iovec_count = iov->niov;
2867 assert(io_header->iovec_count == iov->niov);
2868
2869
2870
2871
2872
2873
2874 io_header->cmdp = req->cdb;
2875 lba = offset / s->qdev.blocksize;
2876 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2877
2878 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2879
2880 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2881 req->cdb[4] = nb_logical_blocks;
2882 req->cdb[5] = 0;
2883 io_header->cmd_len = 6;
2884 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2885
2886 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2887 req->cdb[1] = req->cdb1;
2888 stl_be_p(&req->cdb[2], lba);
2889 req->cdb[6] = req->group_number;
2890 stw_be_p(&req->cdb[7], nb_logical_blocks);
2891 req->cdb[9] = 0;
2892 io_header->cmd_len = 10;
2893 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2894
2895 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2896 req->cdb[1] = req->cdb1;
2897 stl_be_p(&req->cdb[2], lba);
2898 stl_be_p(&req->cdb[6], nb_logical_blocks);
2899 req->cdb[10] = req->group_number;
2900 req->cdb[11] = 0;
2901 io_header->cmd_len = 12;
2902 } else {
2903
2904 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2905 req->cdb[1] = req->cdb1;
2906 stq_be_p(&req->cdb[2], lba);
2907 stl_be_p(&req->cdb[10], nb_logical_blocks);
2908 req->cdb[14] = req->group_number;
2909 req->cdb[15] = 0;
2910 io_header->cmd_len = 16;
2911 }
2912
2913
2914 io_header->mx_sb_len = sizeof(r->req.sense);
2915 io_header->sbp = r->req.sense;
2916 io_header->timeout = s->qdev.io_timeout * 1000;
2917 io_header->usr_ptr = r;
2918 io_header->flags |= SG_FLAG_DIRECT_IO;
2919 req->cb = cb;
2920 req->cb_opaque = opaque;
2921 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2922 nb_logical_blocks, io_header->timeout);
2923 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2924 assert(aiocb != NULL);
2925 return aiocb;
2926}
2927
2928static bool scsi_block_no_fua(SCSICommand *cmd)
2929{
2930 return false;
2931}
2932
2933static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2934 QEMUIOVector *iov,
2935 BlockCompletionFunc *cb, void *cb_opaque,
2936 void *opaque)
2937{
2938 SCSIBlockReq *r = opaque;
2939 return scsi_block_do_sgio(r, offset, iov,
2940 SG_DXFER_FROM_DEV, cb, cb_opaque);
2941}
2942
2943static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2944 QEMUIOVector *iov,
2945 BlockCompletionFunc *cb, void *cb_opaque,
2946 void *opaque)
2947{
2948 SCSIBlockReq *r = opaque;
2949 return scsi_block_do_sgio(r, offset, iov,
2950 SG_DXFER_TO_DEV, cb, cb_opaque);
2951}
2952
2953static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2954{
2955 switch (buf[0]) {
2956 case VERIFY_10:
2957 case VERIFY_12:
2958 case VERIFY_16:
2959
2960
2961
2962
2963 if ((buf[1] & 6) == 2) {
2964 return false;
2965 }
2966 break;
2967
2968 case READ_6:
2969 case READ_10:
2970 case READ_12:
2971 case READ_16:
2972 case WRITE_6:
2973 case WRITE_10:
2974 case WRITE_12:
2975 case WRITE_16:
2976 case WRITE_VERIFY_10:
2977 case WRITE_VERIFY_12:
2978 case WRITE_VERIFY_16:
2979
2980
2981
2982
2983
2984
2985 if (s->qdev.type != TYPE_ROM) {
2986 return false;
2987 }
2988 break;
2989
2990 default:
2991 break;
2992 }
2993
2994 return true;
2995}
2996
2997
2998static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2999{
3000 SCSIBlockReq *r = (SCSIBlockReq *)req;
3001 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
3002
3003 r->cmd = req->cmd.buf[0];
3004 switch (r->cmd >> 5) {
3005 case 0:
3006
3007 r->cdb1 = r->group_number = 0;
3008 break;
3009 case 1:
3010
3011 r->cdb1 = req->cmd.buf[1];
3012 r->group_number = req->cmd.buf[6];
3013 break;
3014 case 4:
3015
3016 r->cdb1 = req->cmd.buf[1];
3017 r->group_number = req->cmd.buf[10];
3018 break;
3019 case 5:
3020
3021 r->cdb1 = req->cmd.buf[1];
3022 r->group_number = req->cmd.buf[14];
3023 break;
3024 default:
3025 abort();
3026 }
3027
3028
3029
3030
3031
3032 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
3033 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3034 return 0;
3035 }
3036
3037 return scsi_disk_dma_command(req, buf);
3038}
3039
3040static const SCSIReqOps scsi_block_dma_reqops = {
3041 .size = sizeof(SCSIBlockReq),
3042 .free_req = scsi_free_request,
3043 .send_command = scsi_block_dma_command,
3044 .read_data = scsi_read_data,
3045 .write_data = scsi_write_data,
3046 .get_buf = scsi_get_buf,
3047 .load_request = scsi_disk_load_request,
3048 .save_request = scsi_disk_save_request,
3049};
3050
3051static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3052 uint32_t lun, uint8_t *buf,
3053 void *hba_private)
3054{
3055 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3056
3057 if (scsi_block_is_passthrough(s, buf)) {
3058 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3059 hba_private);
3060 } else {
3061 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
3062 hba_private);
3063 }
3064}
3065
3066static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
3067 uint8_t *buf, size_t buf_len,
3068 void *hba_private)
3069{
3070 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3071
3072 if (scsi_block_is_passthrough(s, buf)) {
3073 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3074 } else {
3075 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3076 }
3077}
3078
3079static void scsi_block_update_sense(SCSIRequest *req)
3080{
3081 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3082 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3083 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3084}
3085#endif
3086
3087static
3088BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3089 BlockCompletionFunc *cb, void *cb_opaque,
3090 void *opaque)
3091{
3092 SCSIDiskReq *r = opaque;
3093 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3094 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3095}
3096
3097static
3098BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3099 BlockCompletionFunc *cb, void *cb_opaque,
3100 void *opaque)
3101{
3102 SCSIDiskReq *r = opaque;
3103 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3104 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3105}
3106
3107static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
3108{
3109 DeviceClass *dc = DEVICE_CLASS(klass);
3110 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3111
3112 dc->fw_name = "disk";
3113 dc->reset = scsi_disk_reset;
3114 sdc->dma_readv = scsi_dma_readv;
3115 sdc->dma_writev = scsi_dma_writev;
3116 sdc->need_fua_emulation = scsi_is_cmd_fua;
3117}
3118
3119static const TypeInfo scsi_disk_base_info = {
3120 .name = TYPE_SCSI_DISK_BASE,
3121 .parent = TYPE_SCSI_DEVICE,
3122 .class_init = scsi_disk_base_class_initfn,
3123 .instance_size = sizeof(SCSIDiskState),
3124 .class_size = sizeof(SCSIDiskClass),
3125 .abstract = true,
3126};
3127
3128#define DEFINE_SCSI_DISK_PROPERTIES() \
3129 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3130 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3131 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3132 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3133 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3134 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3135 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3136 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3137
3138
3139static Property scsi_hd_properties[] = {
3140 DEFINE_SCSI_DISK_PROPERTIES(),
3141 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3142 SCSI_DISK_F_REMOVABLE, false),
3143 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3144 SCSI_DISK_F_DPOFUA, false),
3145 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3146 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3147 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3148 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3149 DEFAULT_MAX_UNMAP_SIZE),
3150 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3151 DEFAULT_MAX_IO_SIZE),
3152 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3153 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3154 5),
3155 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3156 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3157 0),
3158 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3159 DEFINE_PROP_END_OF_LIST(),
3160};
3161
3162static const VMStateDescription vmstate_scsi_disk_state = {
3163 .name = "scsi-disk",
3164 .version_id = 1,
3165 .minimum_version_id = 1,
3166 .fields = (VMStateField[]) {
3167 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3168 VMSTATE_BOOL(media_changed, SCSIDiskState),
3169 VMSTATE_BOOL(media_event, SCSIDiskState),
3170 VMSTATE_BOOL(eject_request, SCSIDiskState),
3171 VMSTATE_BOOL(tray_open, SCSIDiskState),
3172 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3173 VMSTATE_END_OF_LIST()
3174 }
3175};
3176
3177static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3178{
3179 DeviceClass *dc = DEVICE_CLASS(klass);
3180 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3181
3182 sc->realize = scsi_hd_realize;
3183 sc->unrealize = scsi_unrealize;
3184 sc->alloc_req = scsi_new_request;
3185 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3186 dc->desc = "virtual SCSI disk";
3187 device_class_set_props(dc, scsi_hd_properties);
3188 dc->vmsd = &vmstate_scsi_disk_state;
3189}
3190
3191static const TypeInfo scsi_hd_info = {
3192 .name = "scsi-hd",
3193 .parent = TYPE_SCSI_DISK_BASE,
3194 .class_init = scsi_hd_class_initfn,
3195};
3196
3197static Property scsi_cd_properties[] = {
3198 DEFINE_SCSI_DISK_PROPERTIES(),
3199 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3200 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3201 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3202 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3203 DEFAULT_MAX_IO_SIZE),
3204 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3205 5),
3206 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3207 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
3208 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3209 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
3210 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3211 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3212 0),
3213 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3214 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
3215 DEFINE_PROP_END_OF_LIST(),
3216};
3217
3218static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3219{
3220 DeviceClass *dc = DEVICE_CLASS(klass);
3221 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3222
3223 sc->realize = scsi_cd_realize;
3224 sc->alloc_req = scsi_new_request;
3225 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3226 dc->desc = "virtual SCSI CD-ROM";
3227 device_class_set_props(dc, scsi_cd_properties);
3228 dc->vmsd = &vmstate_scsi_disk_state;
3229}
3230
3231static const TypeInfo scsi_cd_info = {
3232 .name = "scsi-cd",
3233 .parent = TYPE_SCSI_DISK_BASE,
3234 .class_init = scsi_cd_class_initfn,
3235};
3236
3237#ifdef __linux__
3238static Property scsi_block_properties[] = {
3239 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3240 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3241 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3242 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3243 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3244 DEFAULT_MAX_UNMAP_SIZE),
3245 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3246 DEFAULT_MAX_IO_SIZE),
3247 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3248 -1),
3249 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3250 DEFAULT_IO_TIMEOUT),
3251 DEFINE_PROP_END_OF_LIST(),
3252};
3253
3254static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3255{
3256 DeviceClass *dc = DEVICE_CLASS(klass);
3257 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3258 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3259
3260 sc->realize = scsi_block_realize;
3261 sc->alloc_req = scsi_block_new_request;
3262 sc->parse_cdb = scsi_block_parse_cdb;
3263 sdc->dma_readv = scsi_block_dma_readv;
3264 sdc->dma_writev = scsi_block_dma_writev;
3265 sdc->update_sense = scsi_block_update_sense;
3266 sdc->need_fua_emulation = scsi_block_no_fua;
3267 dc->desc = "SCSI block device passthrough";
3268 device_class_set_props(dc, scsi_block_properties);
3269 dc->vmsd = &vmstate_scsi_disk_state;
3270}
3271
3272static const TypeInfo scsi_block_info = {
3273 .name = "scsi-block",
3274 .parent = TYPE_SCSI_DISK_BASE,
3275 .class_init = scsi_block_class_initfn,
3276};
3277#endif
3278
3279static void scsi_disk_register_types(void)
3280{
3281 type_register_static(&scsi_disk_base_info);
3282 type_register_static(&scsi_hd_info);
3283 type_register_static(&scsi_cd_info);
3284#ifdef __linux__
3285 type_register_static(&scsi_block_info);
3286#endif
3287}
3288
3289type_init(scsi_disk_register_types)
3290
