1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "qemu/hw-version.h"
29 #include "qemu/memalign.h"
30 #include "hw/scsi/scsi.h"
31 #include "migration/qemu-file-types.h"
32 #include "migration/vmstate.h"
33 #include "hw/scsi/emulation.h"
34 #include "scsi/constants.h"
35 #include "system/arch_init.h"
36 #include "system/block-backend.h"
37 #include "system/blockdev.h"
38 #include "hw/block/block.h"
39 #include "hw/qdev-properties.h"
40 #include "hw/qdev-properties-system.h"
41 #include "system/dma.h"
42 #include "system/system.h"
43 #include "qemu/cutils.h"
44 #include "trace.h"
45 #include "qom/object.h"
46
47 #ifdef __linux
48 #include <scsi/sg.h>
49 #endif
50
51 #define SCSI_WRITE_SAME_MAX (512 * KiB)
52 #define SCSI_DMA_BUF_SIZE (128 * KiB)
53 #define SCSI_MAX_INQUIRY_LEN 256
54 #define SCSI_MAX_MODE_LEN 256
55
56 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
57 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
58 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
59
60 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
61
62 #define MAX_SERIAL_LEN 36
63 #define MAX_SERIAL_LEN_FOR_DEVID 20
64
65 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
66
67 struct SCSIDiskClass {
68 SCSIDeviceClass parent_class;
69 /*
70 * Callbacks receive ret == 0 for success. Errors are represented either as
71 * negative errno values, or as positive SAM status codes. For host_status
72 * errors, the function passes ret == -ENODEV and sets the host_status field
73 * of the SCSIRequest.
74 */
75 DMAIOFunc *dma_readv;
76 DMAIOFunc *dma_writev;
77 bool (*need_fua)(SCSICommand *cmd);
78 void (*update_sense)(SCSIRequest *r);
79 };
80
81 typedef struct SCSIDiskReq {
82 SCSIRequest req;
83 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
84 uint64_t sector;
85 uint32_t sector_count;
86 uint32_t buflen;
87 bool started;
88 bool need_fua;
89 struct iovec iov;
90 QEMUIOVector qiov;
91 BlockAcctCookie acct;
92 } SCSIDiskReq;
93
94 #define SCSI_DISK_F_REMOVABLE 0
95 #define SCSI_DISK_F_DPOFUA 1
96 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
97
98 struct SCSIDiskState {
99 SCSIDevice qdev;
100 uint32_t features;
101 bool media_changed;
102 bool media_event;
103 bool eject_request;
104 uint16_t port_index;
105 uint64_t max_unmap_size;
106 uint64_t max_io_size;
107 uint32_t quirks;
108 char *version;
109 char *serial;
110 char *vendor;
111 char *product;
112 char *device_id;
113 char *loadparm; /* only for s390x */
114 bool tray_open;
115 bool tray_locked;
116 /*
117 * 0x0000 - rotation rate not reported
118 * 0x0001 - non-rotating medium (SSD)
119 * 0x0002-0x0400 - reserved
120 * 0x0401-0xffe - rotations per minute
121 * 0xffff - reserved
122 */
123 uint16_t rotation_rate;
124 bool migrate_emulated_scsi_request;
125 };
126
scsi_free_request(SCSIRequest * req)127 static void scsi_free_request(SCSIRequest *req)
128 {
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_vfree(r->iov.iov_base);
132 }
133
134 /* Helper function for command completion with sense. */
scsi_check_condition(SCSIDiskReq * r,SCSISense sense)135 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
136 {
137 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
138 sense.ascq);
139 scsi_req_build_sense(&r->req, sense);
140 scsi_req_complete(&r->req, CHECK_CONDITION);
141 }
142
scsi_init_iovec(SCSIDiskReq * r,size_t size)143 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
144 {
145 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
146
147 if (!r->iov.iov_base) {
148 r->buflen = size;
149 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
150 }
151 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
152 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
153 }
154
scsi_disk_save_request(QEMUFile * f,SCSIRequest * req)155 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
156 {
157 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
158
159 qemu_put_be64s(f, &r->sector);
160 qemu_put_be32s(f, &r->sector_count);
161 qemu_put_be32s(f, &r->buflen);
162 if (r->buflen) {
163 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
164 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
165 } else if (!req->retry) {
166 uint32_t len = r->iov.iov_len;
167 qemu_put_be32s(f, &len);
168 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
169 }
170 }
171 }
172
scsi_disk_emulate_save_request(QEMUFile * f,SCSIRequest * req)173 static void scsi_disk_emulate_save_request(QEMUFile *f, SCSIRequest *req)
174 {
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
176
177 if (s->migrate_emulated_scsi_request) {
178 scsi_disk_save_request(f, req);
179 }
180 }
181
scsi_disk_load_request(QEMUFile * f,SCSIRequest * req)182 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
183 {
184 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
185
186 qemu_get_be64s(f, &r->sector);
187 qemu_get_be32s(f, &r->sector_count);
188 qemu_get_be32s(f, &r->buflen);
189 if (r->buflen) {
190 scsi_init_iovec(r, r->buflen);
191 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
192 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
193 } else if (!r->req.retry) {
194 uint32_t len;
195 qemu_get_be32s(f, &len);
196 r->iov.iov_len = len;
197 assert(r->iov.iov_len <= r->buflen);
198 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
199 }
200 }
201
202 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
203 }
204
scsi_disk_emulate_load_request(QEMUFile * f,SCSIRequest * req)205 static void scsi_disk_emulate_load_request(QEMUFile *f, SCSIRequest *req)
206 {
207 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
208
209 if (s->migrate_emulated_scsi_request) {
210 scsi_disk_load_request(f, req);
211 }
212 }
213
214 /*
215 * scsi_handle_rw_error has two return values. False means that the error
216 * must be ignored, true means that the error has been processed and the
217 * caller should not do anything else for this request. Note that
218 * scsi_handle_rw_error always manages its reference counts, independent
219 * of the return value.
220 */
scsi_handle_rw_error(SCSIDiskReq * r,int ret,bool acct_failed)221 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
222 {
223 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
226 SCSISense sense = SENSE_CODE(NO_SENSE);
227 int16_t host_status;
228 int error;
229 bool req_has_sense = false;
230 BlockErrorAction action;
231 int status;
232
233 /*
234 * host_status should only be set for SG_IO requests that came back with a
235 * host_status error in scsi_block_sgio_complete(). This error path passes
236 * -ENODEV as the return value.
237 *
238 * Reset host_status in the request because we may still want to complete
239 * the request successfully with the 'stop' or 'ignore' error policy.
240 */
241 host_status = r->req.host_status;
242 if (host_status != -1) {
243 assert(ret == -ENODEV);
244 r->req.host_status = -1;
245 }
246
247 if (ret < 0) {
248 status = scsi_sense_from_errno(-ret, &sense);
249 error = -ret;
250 } else {
251 /* A passthrough command has completed with nonzero status. */
252 status = ret;
253 switch (status) {
254 case CHECK_CONDITION:
255 req_has_sense = true;
256 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
257 break;
258 case RESERVATION_CONFLICT:
259 /*
260 * Don't apply the error policy, always report to the guest.
261 *
262 * This is a passthrough code path, so it's not a backend error, but
263 * a response to an invalid guest request.
264 *
265 * Windows Failover Cluster validation intentionally sends invalid
266 * requests to verify that reservations work as intended. It is
267 * crucial that it sees the resulting errors.
268 *
269 * Treating a reservation conflict as a guest-side error is obvious
270 * when a pr-manager is in use. Without one, the situation is less
271 * clear, but there might be nothing that can be fixed on the host
272 * (like in the above example), and we don't want to be stuck in a
273 * loop where resuming the VM and retrying the request immediately
274 * stops it again. So always reporting is still the safer option in
275 * this case, too.
276 */
277 error = 0;
278 break;
279 default:
280 error = EINVAL;
281 break;
282 }
283 }
284
285 /*
286 * Check whether the error has to be handled by the guest or should
287 * rather follow the rerror=/werror= settings. Guest-handled errors
288 * are usually retried immediately, so do not post them to QMP and
289 * do not account them as failed I/O.
290 */
291 if (!error || (req_has_sense &&
292 scsi_sense_buf_is_guest_recoverable(r->req.sense,
293 sizeof(r->req.sense)))) {
294 action = BLOCK_ERROR_ACTION_REPORT;
295 acct_failed = false;
296 } else {
297 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
298 blk_error_action(s->qdev.conf.blk, action, is_read, error);
299 }
300
301 switch (action) {
302 case BLOCK_ERROR_ACTION_REPORT:
303 if (acct_failed) {
304 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
305 }
306 if (host_status != -1) {
307 scsi_req_complete_failed(&r->req, host_status);
308 return true;
309 }
310 if (req_has_sense) {
311 sdc->update_sense(&r->req);
312 } else if (status == CHECK_CONDITION) {
313 scsi_req_build_sense(&r->req, sense);
314 }
315 scsi_req_complete(&r->req, status);
316 return true;
317
318 case BLOCK_ERROR_ACTION_IGNORE:
319 return false;
320
321 case BLOCK_ERROR_ACTION_STOP:
322 scsi_req_retry(&r->req);
323 return true;
324
325 default:
326 g_assert_not_reached();
327 }
328 }
329
scsi_disk_req_check_error(SCSIDiskReq * r,int ret,bool acct_failed)330 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
331 {
332 if (r->req.io_canceled) {
333 scsi_req_cancel_complete(&r->req);
334 return true;
335 }
336
337 if (ret != 0) {
338 return scsi_handle_rw_error(r, ret, acct_failed);
339 }
340
341 return false;
342 }
343
scsi_aio_complete(void * opaque,int ret)344 static void scsi_aio_complete(void *opaque, int ret)
345 {
346 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
347 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
348
349 /* The request must run in its AioContext */
350 assert(r->req.ctx == qemu_get_current_aio_context());
351
352 assert(r->req.aiocb != NULL);
353 r->req.aiocb = NULL;
354
355 if (scsi_disk_req_check_error(r, ret, true)) {
356 goto done;
357 }
358
359 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
360 scsi_req_complete(&r->req, GOOD);
361
362 done:
363 scsi_req_unref(&r->req);
364 }
365
scsi_is_cmd_fua(SCSICommand * cmd)366 static bool scsi_is_cmd_fua(SCSICommand *cmd)
367 {
368 switch (cmd->buf[0]) {
369 case READ_10:
370 case READ_12:
371 case READ_16:
372 case WRITE_10:
373 case WRITE_12:
374 case WRITE_16:
375 return (cmd->buf[1] & 8) != 0;
376
377 case VERIFY_10:
378 case VERIFY_12:
379 case VERIFY_16:
380 case WRITE_VERIFY_10:
381 case WRITE_VERIFY_12:
382 case WRITE_VERIFY_16:
383 return true;
384
385 case READ_6:
386 case WRITE_6:
387 default:
388 return false;
389 }
390 }
391
scsi_dma_complete_noio(SCSIDiskReq * r,int ret)392 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
393 {
394 assert(r->req.aiocb == NULL);
395 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
396 goto done;
397 }
398
399 r->sector += r->sector_count;
400 r->sector_count = 0;
401 scsi_req_complete(&r->req, GOOD);
402
403 done:
404 scsi_req_unref(&r->req);
405 }
406
scsi_dma_complete(void * opaque,int ret)407 static void scsi_dma_complete(void *opaque, int ret)
408 {
409 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
410 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
411
412 assert(r->req.aiocb != NULL);
413 r->req.aiocb = NULL;
414
415 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
416 if (ret < 0) {
417 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
418 } else if (ret == 0) {
419 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
420 }
421 scsi_dma_complete_noio(r, ret);
422 }
423
scsi_read_complete_noio(SCSIDiskReq * r,int ret)424 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
425 {
426 uint32_t n;
427
428 /* The request must run in its AioContext */
429 assert(r->req.ctx == qemu_get_current_aio_context());
430
431 assert(r->req.aiocb == NULL);
432 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
433 goto done;
434 }
435
436 n = r->qiov.size / BDRV_SECTOR_SIZE;
437 r->sector += n;
438 r->sector_count -= n;
439 scsi_req_data(&r->req, r->qiov.size);
440
441 done:
442 scsi_req_unref(&r->req);
443 }
444
scsi_read_complete(void * opaque,int ret)445 static void scsi_read_complete(void *opaque, int ret)
446 {
447 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
448 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
449
450 assert(r->req.aiocb != NULL);
451 r->req.aiocb = NULL;
452
453 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
454 if (ret < 0) {
455 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
456 } else if (ret == 0) {
457 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
458 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
459 }
460 scsi_read_complete_noio(r, ret);
461 }
462
463 /* Actually issue a read to the block device. */
scsi_do_read(SCSIDiskReq * r,int ret)464 static void scsi_do_read(SCSIDiskReq *r, int ret)
465 {
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
468
469 assert (r->req.aiocb == NULL);
470 if (scsi_disk_req_check_error(r, ret, false)) {
471 goto done;
472 }
473
474 /* The request is used as the AIO opaque value, so add a ref. */
475 scsi_req_ref(&r->req);
476
477 if (r->req.sg) {
478 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
479 r->req.residual -= r->req.sg->size;
480 r->req.aiocb = dma_blk_io(r->req.sg, r->sector << BDRV_SECTOR_BITS,
481 BDRV_SECTOR_SIZE,
482 sdc->dma_readv, r, scsi_dma_complete, r,
483 DMA_DIRECTION_FROM_DEVICE);
484 } else {
485 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
486 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
487 r->qiov.size, BLOCK_ACCT_READ);
488 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
489 scsi_read_complete, r, r);
490 }
491
492 done:
493 scsi_req_unref(&r->req);
494 }
495
scsi_do_read_cb(void * opaque,int ret)496 static void scsi_do_read_cb(void *opaque, int ret)
497 {
498 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
499 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
500
501 assert (r->req.aiocb != NULL);
502 r->req.aiocb = NULL;
503
504 if (ret < 0) {
505 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
506 } else {
507 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
508 }
509 scsi_do_read(opaque, ret);
510 }
511
512 /* Read more data from scsi device into buffer. */
scsi_read_data(SCSIRequest * req)513 static void scsi_read_data(SCSIRequest *req)
514 {
515 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
516 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
517 bool first;
518
519 trace_scsi_disk_read_data_count(r->sector_count);
520 if (r->sector_count == 0) {
521 /* This also clears the sense buffer for REQUEST SENSE. */
522 scsi_req_complete(&r->req, GOOD);
523 return;
524 }
525
526 /* No data transfer may already be in progress */
527 assert(r->req.aiocb == NULL);
528
529 /* The request is used as the AIO opaque value, so add a ref. */
530 scsi_req_ref(&r->req);
531 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
532 trace_scsi_disk_read_data_invalid();
533 scsi_read_complete_noio(r, -EINVAL);
534 return;
535 }
536
537 if (!blk_is_available(req->dev->conf.blk)) {
538 scsi_read_complete_noio(r, -ENOMEDIUM);
539 return;
540 }
541
542 first = !r->started;
543 r->started = true;
544 if (first && r->need_fua) {
545 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
546 BLOCK_ACCT_FLUSH);
547 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
548 } else {
549 scsi_do_read(r, 0);
550 }
551 }
552
scsi_write_complete_noio(SCSIDiskReq * r,int ret)553 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
554 {
555 uint32_t n;
556
557 /* The request must run in its AioContext */
558 assert(r->req.ctx == qemu_get_current_aio_context());
559
560 assert (r->req.aiocb == NULL);
561 if (scsi_disk_req_check_error(r, ret, ret > 0)) {
562 goto done;
563 }
564
565 n = r->qiov.size / BDRV_SECTOR_SIZE;
566 r->sector += n;
567 r->sector_count -= n;
568 if (r->sector_count == 0) {
569 scsi_req_complete(&r->req, GOOD);
570 } else {
571 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
572 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
573 scsi_req_data(&r->req, r->qiov.size);
574 }
575
576 done:
577 scsi_req_unref(&r->req);
578 }
579
scsi_write_complete(void * opaque,int ret)580 static void scsi_write_complete(void * opaque, int ret)
581 {
582 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
583 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
584
585 assert (r->req.aiocb != NULL);
586 r->req.aiocb = NULL;
587
588 /* ret > 0 is accounted for in scsi_disk_req_check_error() */
589 if (ret < 0) {
590 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
591 } else if (ret == 0) {
592 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
593 }
594 scsi_write_complete_noio(r, ret);
595 }
596
scsi_write_data(SCSIRequest * req)597 static void scsi_write_data(SCSIRequest *req)
598 {
599 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
600 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
601 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
602 BlockCompletionFunc *cb;
603
604 /* No data transfer may already be in progress */
605 assert(r->req.aiocb == NULL);
606
607 /* The request is used as the AIO opaque value, so add a ref. */
608 scsi_req_ref(&r->req);
609 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
610 trace_scsi_disk_write_data_invalid();
611 scsi_write_complete_noio(r, -EINVAL);
612 return;
613 }
614
615 if (!r->req.sg && !r->qiov.size) {
616 /* Called for the first time. Ask the driver to send us more data. */
617 r->started = true;
618 scsi_write_complete_noio(r, 0);
619 return;
620 }
621 if (!blk_is_available(req->dev->conf.blk)) {
622 scsi_write_complete_noio(r, -ENOMEDIUM);
623 return;
624 }
625
626 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
627 r->req.cmd.buf[0] == VERIFY_16) {
628 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
629 BLOCK_ACCT_FLUSH);
630 cb = r->req.sg ? scsi_dma_complete : scsi_write_complete;
631 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, cb, r);
632 return;
633 }
634
635 if (r->req.sg) {
636 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
637 r->req.residual -= r->req.sg->size;
638 r->req.aiocb = dma_blk_io(r->req.sg, r->sector << BDRV_SECTOR_BITS,
639 BDRV_SECTOR_SIZE,
640 sdc->dma_writev, r, scsi_dma_complete, r,
641 DMA_DIRECTION_TO_DEVICE);
642 } else {
643 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
644 r->qiov.size, BLOCK_ACCT_WRITE);
645 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
646 scsi_write_complete, r, r);
647 }
648 }
649
650 /* Return a pointer to the data buffer. */
scsi_get_buf(SCSIRequest * req)651 static uint8_t *scsi_get_buf(SCSIRequest *req)
652 {
653 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
654
655 return (uint8_t *)r->iov.iov_base;
656 }
657
scsi_disk_emulate_vpd_page(SCSIRequest * req,uint8_t * outbuf)658 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
659 {
660 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
661 uint8_t page_code = req->cmd.buf[2];
662 int start, buflen = 0;
663
664 outbuf[buflen++] = s->qdev.type & 0x1f;
665 outbuf[buflen++] = page_code;
666 outbuf[buflen++] = 0x00;
667 outbuf[buflen++] = 0x00;
668 start = buflen;
669
670 switch (page_code) {
671 case 0x00: /* Supported page codes, mandatory */
672 {
673 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
674 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
675 if (s->serial) {
676 outbuf[buflen++] = 0x80; /* unit serial number */
677 }
678 outbuf[buflen++] = 0x83; /* device identification */
679 if (s->qdev.type == TYPE_DISK) {
680 outbuf[buflen++] = 0xb0; /* block limits */
681 outbuf[buflen++] = 0xb1; /* block device characteristics */
682 outbuf[buflen++] = 0xb2; /* thin provisioning */
683 }
684 break;
685 }
686 case 0x80: /* Device serial number, optional */
687 {
688 int l;
689
690 if (!s->serial) {
691 trace_scsi_disk_emulate_vpd_page_80_not_supported();
692 return -1;
693 }
694
695 l = strlen(s->serial);
696 if (l > MAX_SERIAL_LEN) {
697 l = MAX_SERIAL_LEN;
698 }
699
700 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
701 memcpy(outbuf + buflen, s->serial, l);
702 buflen += l;
703 break;
704 }
705
706 case 0x83: /* Device identification page, mandatory */
707 {
708 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
709
710 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
711
712 if (id_len) {
713 outbuf[buflen++] = 0x2; /* ASCII */
714 outbuf[buflen++] = 0; /* not officially assigned */
715 outbuf[buflen++] = 0; /* reserved */
716 outbuf[buflen++] = id_len; /* length of data following */
717 memcpy(outbuf + buflen, s->device_id, id_len);
718 buflen += id_len;
719 }
720
721 if (s->qdev.wwn) {
722 outbuf[buflen++] = 0x1; /* Binary */
723 outbuf[buflen++] = 0x3; /* NAA */
724 outbuf[buflen++] = 0; /* reserved */
725 outbuf[buflen++] = 8;
726 stq_be_p(&outbuf[buflen], s->qdev.wwn);
727 buflen += 8;
728 }
729
730 if (s->qdev.port_wwn) {
731 outbuf[buflen++] = 0x61; /* SAS / Binary */
732 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
733 outbuf[buflen++] = 0; /* reserved */
734 outbuf[buflen++] = 8;
735 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
736 buflen += 8;
737 }
738
739 if (s->port_index) {
740 outbuf[buflen++] = 0x61; /* SAS / Binary */
741
742 /* PIV/Target port/relative target port */
743 outbuf[buflen++] = 0x94;
744
745 outbuf[buflen++] = 0; /* reserved */
746 outbuf[buflen++] = 4;
747 stw_be_p(&outbuf[buflen + 2], s->port_index);
748 buflen += 4;
749 }
750 break;
751 }
752 case 0xb0: /* block limits */
753 {
754 SCSIBlockLimits bl = {};
755
756 if (s->qdev.type == TYPE_ROM) {
757 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
758 return -1;
759 }
760 bl.wsnz = 1;
761 bl.unmap_sectors =
762 s->qdev.conf.discard_granularity / s->qdev.blocksize;
763 bl.min_io_size =
764 s->qdev.conf.min_io_size / s->qdev.blocksize;
765 bl.opt_io_size =
766 s->qdev.conf.opt_io_size / s->qdev.blocksize;
767 bl.max_unmap_sectors =
768 s->max_unmap_size / s->qdev.blocksize;
769 bl.max_io_sectors =
770 s->max_io_size / s->qdev.blocksize;
771 /* 255 descriptors fit in 4 KiB with an 8-byte header */
772 bl.max_unmap_descr = 255;
773
774 if (s->qdev.type == TYPE_DISK) {
775 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
776 int max_io_sectors_blk =
777 max_transfer_blk / s->qdev.blocksize;
778
779 bl.max_io_sectors =
780 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
781 }
782 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
783 break;
784 }
785 case 0xb1: /* block device characteristics */
786 {
787 buflen = 0x40;
788 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
789 outbuf[5] = s->rotation_rate & 0xff;
790 outbuf[6] = 0; /* PRODUCT TYPE */
791 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
792 outbuf[8] = 0; /* VBULS */
793 break;
794 }
795 case 0xb2: /* thin provisioning */
796 {
797 buflen = 8;
798 outbuf[4] = 0;
799 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
800 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
801 outbuf[7] = 0;
802 break;
803 }
804 default:
805 return -1;
806 }
807 /* done with EVPD */
808 assert(buflen - start <= 255);
809 outbuf[start - 1] = buflen - start;
810 return buflen;
811 }
812
scsi_disk_emulate_inquiry(SCSIRequest * req,uint8_t * outbuf)813 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
814 {
815 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
816 int buflen = 0;
817
818 if (req->cmd.buf[1] & 0x1) {
819 /* Vital product data */
820 return scsi_disk_emulate_vpd_page(req, outbuf);
821 }
822
823 /* Standard INQUIRY data */
824 if (req->cmd.buf[2] != 0) {
825 return -1;
826 }
827
828 /* PAGE CODE == 0 */
829 buflen = req->cmd.xfer;
830 if (buflen > SCSI_MAX_INQUIRY_LEN) {
831 buflen = SCSI_MAX_INQUIRY_LEN;
832 }
833
834 outbuf[0] = s->qdev.type & 0x1f;
835 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
836
837 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
838 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
839
840 memset(&outbuf[32], 0, 4);
841 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
842 /*
843 * We claim conformance to SPC-3, which is required for guests
844 * to ask for modern features like READ CAPACITY(16) or the
845 * block characteristics VPD page by default. Not all of SPC-3
846 * is actually implemented, but we're good enough.
847 */
848 outbuf[2] = s->qdev.default_scsi_version;
849 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
850
851 if (buflen > 36) {
852 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
853 } else {
854 /* If the allocation length of CDB is too small,
855 the additional length is not adjusted */
856 outbuf[4] = 36 - 5;
857 }
858
859 /* Sync data transfer and TCQ. */
860 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
861 return buflen;
862 }
863
media_is_dvd(SCSIDiskState * s)864 static inline bool media_is_dvd(SCSIDiskState *s)
865 {
866 uint64_t nb_sectors;
867 if (s->qdev.type != TYPE_ROM) {
868 return false;
869 }
870 if (!blk_is_available(s->qdev.conf.blk)) {
871 return false;
872 }
873 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
874 return nb_sectors > CD_MAX_SECTORS;
875 }
876
media_is_cd(SCSIDiskState * s)877 static inline bool media_is_cd(SCSIDiskState *s)
878 {
879 uint64_t nb_sectors;
880 if (s->qdev.type != TYPE_ROM) {
881 return false;
882 }
883 if (!blk_is_available(s->qdev.conf.blk)) {
884 return false;
885 }
886 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
887 return nb_sectors <= CD_MAX_SECTORS;
888 }
889
scsi_read_disc_information(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)890 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
891 uint8_t *outbuf)
892 {
893 uint8_t type = r->req.cmd.buf[1] & 7;
894
895 if (s->qdev.type != TYPE_ROM) {
896 return -1;
897 }
898
899 /* Types 1/2 are only defined for Blu-Ray. */
900 if (type != 0) {
901 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
902 return -1;
903 }
904
905 memset(outbuf, 0, 34);
906 outbuf[1] = 32;
907 outbuf[2] = 0xe; /* last session complete, disc finalized */
908 outbuf[3] = 1; /* first track on disc */
909 outbuf[4] = 1; /* # of sessions */
910 outbuf[5] = 1; /* first track of last session */
911 outbuf[6] = 1; /* last track of last session */
912 outbuf[7] = 0x20; /* unrestricted use */
913 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
914 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
915 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
916 /* 24-31: disc bar code */
917 /* 32: disc application code */
918 /* 33: number of OPC tables */
919
920 return 34;
921 }
922
scsi_read_dvd_structure(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)923 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
924 uint8_t *outbuf)
925 {
926 static const int rds_caps_size[5] = {
927 [0] = 2048 + 4,
928 [1] = 4 + 4,
929 [3] = 188 + 4,
930 [4] = 2048 + 4,
931 };
932
933 uint8_t media = r->req.cmd.buf[1];
934 uint8_t layer = r->req.cmd.buf[6];
935 uint8_t format = r->req.cmd.buf[7];
936 int size = -1;
937
938 if (s->qdev.type != TYPE_ROM) {
939 return -1;
940 }
941 if (media != 0) {
942 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
943 return -1;
944 }
945
946 if (format != 0xff) {
947 if (!blk_is_available(s->qdev.conf.blk)) {
948 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
949 return -1;
950 }
951 if (media_is_cd(s)) {
952 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
953 return -1;
954 }
955 if (format >= ARRAY_SIZE(rds_caps_size)) {
956 return -1;
957 }
958 size = rds_caps_size[format];
959 memset(outbuf, 0, size);
960 }
961
962 switch (format) {
963 case 0x00: {
964 /* Physical format information */
965 uint64_t nb_sectors;
966 if (layer != 0) {
967 goto fail;
968 }
969 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
970
971 outbuf[4] = 1; /* DVD-ROM, part version 1 */
972 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
973 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
974 outbuf[7] = 0; /* default densities */
975
976 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
977 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
978 break;
979 }
980
981 case 0x01: /* DVD copyright information, all zeros */
982 break;
983
984 case 0x03: /* BCA information - invalid field for no BCA info */
985 return -1;
986
987 case 0x04: /* DVD disc manufacturing information, all zeros */
988 break;
989
990 case 0xff: { /* List capabilities */
991 int i;
992 size = 4;
993 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
994 if (!rds_caps_size[i]) {
995 continue;
996 }
997 outbuf[size] = i;
998 outbuf[size + 1] = 0x40; /* Not writable, readable */
999 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
1000 size += 4;
1001 }
1002 break;
1003 }
1004
1005 default:
1006 return -1;
1007 }
1008
1009 /* Size of buffer, not including 2 byte size field */
1010 stw_be_p(outbuf, size - 2);
1011 return size;
1012
1013 fail:
1014 return -1;
1015 }
1016
scsi_event_status_media(SCSIDiskState * s,uint8_t * outbuf)1017 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
1018 {
1019 uint8_t event_code, media_status;
1020
1021 media_status = 0;
1022 if (s->tray_open) {
1023 media_status = MS_TRAY_OPEN;
1024 } else if (blk_is_inserted(s->qdev.conf.blk)) {
1025 media_status = MS_MEDIA_PRESENT;
1026 }
1027
1028 /* Event notification descriptor */
1029 event_code = MEC_NO_CHANGE;
1030 if (media_status != MS_TRAY_OPEN) {
1031 if (s->media_event) {
1032 event_code = MEC_NEW_MEDIA;
1033 s->media_event = false;
1034 } else if (s->eject_request) {
1035 event_code = MEC_EJECT_REQUESTED;
1036 s->eject_request = false;
1037 }
1038 }
1039
1040 outbuf[0] = event_code;
1041 outbuf[1] = media_status;
1042
1043 /* These fields are reserved, just clear them. */
1044 outbuf[2] = 0;
1045 outbuf[3] = 0;
1046 return 4;
1047 }
1048
scsi_get_event_status_notification(SCSIDiskState * s,SCSIDiskReq * r,uint8_t * outbuf)1049 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1050 uint8_t *outbuf)
1051 {
1052 int size;
1053 uint8_t *buf = r->req.cmd.buf;
1054 uint8_t notification_class_request = buf[4];
1055 if (s->qdev.type != TYPE_ROM) {
1056 return -1;
1057 }
1058 if ((buf[1] & 1) == 0) {
1059 /* asynchronous */
1060 return -1;
1061 }
1062
1063 size = 4;
1064 outbuf[0] = outbuf[1] = 0;
1065 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1066 if (notification_class_request & (1 << GESN_MEDIA)) {
1067 outbuf[2] = GESN_MEDIA;
1068 size += scsi_event_status_media(s, &outbuf[size]);
1069 } else {
1070 outbuf[2] = 0x80;
1071 }
1072 stw_be_p(outbuf, size - 4);
1073 return size;
1074 }
1075
scsi_get_configuration(SCSIDiskState * s,uint8_t * outbuf)1076 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1077 {
1078 int current;
1079
1080 if (s->qdev.type != TYPE_ROM) {
1081 return -1;
1082 }
1083
1084 if (media_is_dvd(s)) {
1085 current = MMC_PROFILE_DVD_ROM;
1086 } else if (media_is_cd(s)) {
1087 current = MMC_PROFILE_CD_ROM;
1088 } else {
1089 current = MMC_PROFILE_NONE;
1090 }
1091
1092 memset(outbuf, 0, 40);
1093 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1094 stw_be_p(&outbuf[6], current);
1095 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1096 outbuf[10] = 0x03; /* persistent, current */
1097 outbuf[11] = 8; /* two profiles */
1098 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1099 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1100 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1101 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1102 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1103 stw_be_p(&outbuf[20], 1);
1104 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1105 outbuf[23] = 8;
1106 stl_be_p(&outbuf[24], 1); /* SCSI */
1107 outbuf[28] = 1; /* DBE = 1, mandatory */
1108 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1109 stw_be_p(&outbuf[32], 3);
1110 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1111 outbuf[35] = 4;
1112 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1113 /* TODO: Random readable, CD read, DVD read, drive serial number,
1114 power management */
1115 return 40;
1116 }
1117
scsi_emulate_mechanism_status(SCSIDiskState * s,uint8_t * outbuf)1118 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1119 {
1120 if (s->qdev.type != TYPE_ROM) {
1121 return -1;
1122 }
1123 memset(outbuf, 0, 8);
1124 outbuf[5] = 1; /* CD-ROM */
1125 return 8;
1126 }
1127
mode_sense_page(SCSIDiskState * s,int page,uint8_t ** p_outbuf,int page_control)1128 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1129 int page_control)
1130 {
1131 static const int mode_sense_valid[0x3f] = {
1132 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1133 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1134 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1135 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1136 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1137 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1138 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1139 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
1140 };
1141
1142 uint8_t *p = *p_outbuf + 2;
1143 int length;
1144
1145 assert(page < ARRAY_SIZE(mode_sense_valid));
1146 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1147 return -1;
1148 }
1149
1150 /*
1151 * If Changeable Values are requested, a mask denoting those mode parameters
1152 * that are changeable shall be returned. As we currently don't support
1153 * parameter changes via MODE_SELECT all bits are returned set to zero.
1154 * The buffer was already menset to zero by the caller of this function.
1155 *
1156 * The offsets here are off by two compared to the descriptions in the
1157 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1158 * but it is done so that offsets are consistent within our implementation
1159 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1160 * 2-byte and 4-byte headers.
1161 */
1162 switch (page) {
1163 case MODE_PAGE_HD_GEOMETRY:
1164 length = 0x16;
1165 if (page_control == 1) { /* Changeable Values */
1166 break;
1167 }
1168 /* if a geometry hint is available, use it */
1169 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1170 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1171 p[2] = s->qdev.conf.cyls & 0xff;
1172 p[3] = s->qdev.conf.heads & 0xff;
1173 /* Write precomp start cylinder, disabled */
1174 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1175 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1176 p[6] = s->qdev.conf.cyls & 0xff;
1177 /* Reduced current start cylinder, disabled */
1178 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1179 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1180 p[9] = s->qdev.conf.cyls & 0xff;
1181 /* Device step rate [ns], 200ns */
1182 p[10] = 0;
1183 p[11] = 200;
1184 /* Landing zone cylinder */
1185 p[12] = 0xff;
1186 p[13] = 0xff;
1187 p[14] = 0xff;
1188 /* Medium rotation rate [rpm], 5400 rpm */
1189 p[18] = (5400 >> 8) & 0xff;
1190 p[19] = 5400 & 0xff;
1191 break;
1192
1193 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1194 length = 0x1e;
1195 if (page_control == 1) { /* Changeable Values */
1196 break;
1197 }
1198 /* Transfer rate [kbit/s], 5Mbit/s */
1199 p[0] = 5000 >> 8;
1200 p[1] = 5000 & 0xff;
1201 /* if a geometry hint is available, use it */
1202 p[2] = s->qdev.conf.heads & 0xff;
1203 p[3] = s->qdev.conf.secs & 0xff;
1204 p[4] = s->qdev.blocksize >> 8;
1205 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1206 p[7] = s->qdev.conf.cyls & 0xff;
1207 /* Write precomp start cylinder, disabled */
1208 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1209 p[9] = s->qdev.conf.cyls & 0xff;
1210 /* Reduced current start cylinder, disabled */
1211 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1212 p[11] = s->qdev.conf.cyls & 0xff;
1213 /* Device step rate [100us], 100us */
1214 p[12] = 0;
1215 p[13] = 1;
1216 /* Device step pulse width [us], 1us */
1217 p[14] = 1;
1218 /* Device head settle delay [100us], 100us */
1219 p[15] = 0;
1220 p[16] = 1;
1221 /* Motor on delay [0.1s], 0.1s */
1222 p[17] = 1;
1223 /* Motor off delay [0.1s], 0.1s */
1224 p[18] = 1;
1225 /* Medium rotation rate [rpm], 5400 rpm */
1226 p[26] = (5400 >> 8) & 0xff;
1227 p[27] = 5400 & 0xff;
1228 break;
1229
1230 case MODE_PAGE_CACHING:
1231 length = 0x12;
1232 if (page_control == 1 || /* Changeable Values */
1233 blk_enable_write_cache(s->qdev.conf.blk)) {
1234 p[0] = 4; /* WCE */
1235 }
1236 break;
1237
1238 case MODE_PAGE_R_W_ERROR:
1239 length = 10;
1240 if (page_control == 1) { /* Changeable Values */
1241 if (s->qdev.type == TYPE_ROM) {
1242 /* Automatic Write Reallocation Enabled */
1243 p[0] = 0x80;
1244 }
1245 break;
1246 }
1247 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1248 if (s->qdev.type == TYPE_ROM) {
1249 p[1] = 0x20; /* Read Retry Count */
1250 }
1251 break;
1252
1253 case MODE_PAGE_AUDIO_CTL:
1254 length = 14;
1255 break;
1256
1257 case MODE_PAGE_CAPABILITIES:
1258 length = 0x14;
1259 if (page_control == 1) { /* Changeable Values */
1260 break;
1261 }
1262
1263 p[0] = 0x3b; /* CD-R & CD-RW read */
1264 p[1] = 0; /* Writing not supported */
1265 p[2] = 0x7f; /* Audio, composite, digital out,
1266 mode 2 form 1&2, multi session */
1267 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1268 RW corrected, C2 errors, ISRC,
1269 UPC, Bar code */
1270 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1271 /* Locking supported, jumper present, eject, tray */
1272 p[5] = 0; /* no volume & mute control, no
1273 changer */
1274 p[6] = (50 * 176) >> 8; /* 50x read speed */
1275 p[7] = (50 * 176) & 0xff;
1276 p[8] = 2 >> 8; /* Two volume levels */
1277 p[9] = 2 & 0xff;
1278 p[10] = 2048 >> 8; /* 2M buffer */
1279 p[11] = 2048 & 0xff;
1280 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1281 p[13] = (16 * 176) & 0xff;
1282 p[16] = (16 * 176) >> 8; /* 16x write speed */
1283 p[17] = (16 * 176) & 0xff;
1284 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1285 p[19] = (16 * 176) & 0xff;
1286 break;
1287
1288 case MODE_PAGE_APPLE_VENDOR:
1289 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1290 length = 0x1e;
1291 if (page_control == 1) { /* Changeable Values */
1292 break;
1293 }
1294
1295 memset(p, 0, length);
1296 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1297 break;
1298 } else {
1299 return -1;
1300 }
1301
1302 case MODE_PAGE_VENDOR_SPECIFIC:
1303 if (s->qdev.type == TYPE_DISK && (s->quirks &
1304 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1305 length = 0x2;
1306 if (page_control == 1) { /* Changeable Values */
1307 p[0] = 0xff;
1308 p[1] = 0xff;
1309 break;
1310 }
1311 p[0] = 0;
1312 p[1] = 0;
1313 break;
1314 } else {
1315 return -1;
1316 }
1317
1318 default:
1319 return -1;
1320 }
1321
1322 assert(length < 256);
1323 (*p_outbuf)[0] = page;
1324 (*p_outbuf)[1] = length;
1325 *p_outbuf += length + 2;
1326 return length + 2;
1327 }
1328
scsi_disk_emulate_mode_sense(SCSIDiskReq * r,uint8_t * outbuf)1329 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1330 {
1331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1332 uint64_t nb_sectors;
1333 bool dbd;
1334 int page, buflen, ret, page_control;
1335 uint8_t *p;
1336 uint8_t dev_specific_param;
1337
1338 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1339 page = r->req.cmd.buf[2] & 0x3f;
1340 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1341
1342 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1343 10, page, r->req.cmd.xfer, page_control);
1344 memset(outbuf, 0, r->req.cmd.xfer);
1345 p = outbuf;
1346
1347 if (s->qdev.type == TYPE_DISK) {
1348 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1349 if (!blk_is_writable(s->qdev.conf.blk)) {
1350 dev_specific_param |= 0x80; /* Readonly. */
1351 }
1352 } else {
1353 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1354 /* Use DBD from the request... */
1355 dev_specific_param = 0x00;
1356
1357 /*
1358 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR
1359 * which should never return a block descriptor even though DBD is
1360 * not set, otherwise CDROM detection fails in MacOS
1361 */
1362 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1363 page == MODE_PAGE_APPLE_VENDOR) {
1364 dbd = true;
1365 }
1366 } else {
1367 /*
1368 * MMC prescribes that CD/DVD drives have no block descriptors,
1369 * and defines no device-specific parameter.
1370 */
1371 dev_specific_param = 0x00;
1372 dbd = true;
1373 }
1374 }
1375
1376 if (r->req.cmd.buf[0] == MODE_SENSE) {
1377 p[1] = 0; /* Default media type. */
1378 p[2] = dev_specific_param;
1379 p[3] = 0; /* Block descriptor length. */
1380 p += 4;
1381 } else { /* MODE_SENSE_10 */
1382 p[2] = 0; /* Default media type. */
1383 p[3] = dev_specific_param;
1384 p[6] = p[7] = 0; /* Block descriptor length. */
1385 p += 8;
1386 }
1387
1388 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1389 if (!dbd && nb_sectors) {
1390 if (r->req.cmd.buf[0] == MODE_SENSE) {
1391 outbuf[3] = 8; /* Block descriptor length */
1392 } else { /* MODE_SENSE_10 */
1393 outbuf[7] = 8; /* Block descriptor length */
1394 }
1395 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1396 if (nb_sectors > 0xffffff) {
1397 nb_sectors = 0;
1398 }
1399 p[0] = 0; /* media density code */
1400 p[1] = (nb_sectors >> 16) & 0xff;
1401 p[2] = (nb_sectors >> 8) & 0xff;
1402 p[3] = nb_sectors & 0xff;
1403 p[4] = 0; /* reserved */
1404 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1405 p[6] = s->qdev.blocksize >> 8;
1406 p[7] = 0;
1407 p += 8;
1408 }
1409
1410 if (page_control == 3) {
1411 /* Saved Values */
1412 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1413 return -1;
1414 }
1415
1416 if (page == 0x3f) {
1417 for (page = 0; page <= 0x3e; page++) {
1418 mode_sense_page(s, page, &p, page_control);
1419 }
1420 } else {
1421 ret = mode_sense_page(s, page, &p, page_control);
1422 if (ret == -1) {
1423 return -1;
1424 }
1425 }
1426
1427 buflen = p - outbuf;
1428 /*
1429 * The mode data length field specifies the length in bytes of the
1430 * following data that is available to be transferred. The mode data
1431 * length does not include itself.
1432 */
1433 if (r->req.cmd.buf[0] == MODE_SENSE) {
1434 outbuf[0] = buflen - 1;
1435 } else { /* MODE_SENSE_10 */
1436 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1437 outbuf[1] = (buflen - 2) & 0xff;
1438 }
1439 return buflen;
1440 }
1441
scsi_disk_emulate_read_toc(SCSIRequest * req,uint8_t * outbuf)1442 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1443 {
1444 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1445 int start_track, format, msf, toclen;
1446 uint64_t nb_sectors;
1447
1448 msf = req->cmd.buf[1] & 2;
1449 format = req->cmd.buf[2] & 0xf;
1450 start_track = req->cmd.buf[6];
1451 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1452 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1453 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1454 switch (format) {
1455 case 0:
1456 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1457 break;
1458 case 1:
1459 /* multi session : only a single session defined */
1460 toclen = 12;
1461 memset(outbuf, 0, 12);
1462 outbuf[1] = 0x0a;
1463 outbuf[2] = 0x01;
1464 outbuf[3] = 0x01;
1465 break;
1466 case 2:
1467 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1468 break;
1469 default:
1470 return -1;
1471 }
1472 return toclen;
1473 }
1474
scsi_disk_emulate_start_stop(SCSIDiskReq * r)1475 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1476 {
1477 SCSIRequest *req = &r->req;
1478 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1479 bool start = req->cmd.buf[4] & 1;
1480 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1481 int pwrcnd = req->cmd.buf[4] & 0xf0;
1482
1483 if (pwrcnd) {
1484 /* eject/load only happens for power condition == 0 */
1485 return 0;
1486 }
1487
1488 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1489 if (!start && !s->tray_open && s->tray_locked) {
1490 scsi_check_condition(r,
1491 blk_is_inserted(s->qdev.conf.blk)
1492 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1493 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1494 return -1;
1495 }
1496
1497 if (s->tray_open != !start) {
1498 blk_eject(s->qdev.conf.blk, !start);
1499 s->tray_open = !start;
1500 }
1501 }
1502 return 0;
1503 }
1504
scsi_disk_emulate_read_data(SCSIRequest * req)1505 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1506 {
1507 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1508 int buflen = r->iov.iov_len;
1509
1510 if (buflen) {
1511 trace_scsi_disk_emulate_read_data(buflen);
1512 r->iov.iov_len = 0;
1513 r->started = true;
1514 scsi_req_data(&r->req, buflen);
1515 return;
1516 }
1517
1518 /* This also clears the sense buffer for REQUEST SENSE. */
1519 scsi_req_complete(&r->req, GOOD);
1520 }
1521
scsi_disk_check_mode_select(SCSIDiskState * s,int page,uint8_t * inbuf,int inlen)1522 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1523 uint8_t *inbuf, int inlen)
1524 {
1525 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1526 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1527 uint8_t *p;
1528 int len, expected_len, changeable_len, i;
1529
1530 /* The input buffer does not include the page header, so it is
1531 * off by 2 bytes.
1532 */
1533 expected_len = inlen + 2;
1534 if (expected_len > SCSI_MAX_MODE_LEN) {
1535 return -1;
1536 }
1537
1538 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1539 if (page == MODE_PAGE_ALLS) {
1540 return -1;
1541 }
1542
1543 p = mode_current;
1544 memset(mode_current, 0, inlen + 2);
1545 len = mode_sense_page(s, page, &p, 0);
1546 if (len < 0 || len != expected_len) {
1547 return -1;
1548 }
1549
1550 p = mode_changeable;
1551 memset(mode_changeable, 0, inlen + 2);
1552 changeable_len = mode_sense_page(s, page, &p, 1);
1553 assert(changeable_len == len);
1554
1555 /* Check that unchangeable bits are the same as what MODE SENSE
1556 * would return.
1557 */
1558 for (i = 2; i < len; i++) {
1559 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1560 return -1;
1561 }
1562 }
1563 return 0;
1564 }
1565
scsi_disk_apply_mode_select(SCSIDiskState * s,int page,uint8_t * p)1566 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1567 {
1568 switch (page) {
1569 case MODE_PAGE_CACHING:
1570 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1571 break;
1572
1573 default:
1574 break;
1575 }
1576 }
1577
mode_select_pages(SCSIDiskReq * r,uint8_t * p,int len,bool change)1578 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1579 {
1580 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1581
1582 while (len > 0) {
1583 int page, subpage, page_len;
1584
1585 /* Parse both possible formats for the mode page headers. */
1586 page = p[0] & 0x3f;
1587 if (p[0] & 0x40) {
1588 if (len < 4) {
1589 goto invalid_param_len;
1590 }
1591 subpage = p[1];
1592 page_len = lduw_be_p(&p[2]);
1593 p += 4;
1594 len -= 4;
1595 } else {
1596 if (len < 2) {
1597 goto invalid_param_len;
1598 }
1599 subpage = 0;
1600 page_len = p[1];
1601 p += 2;
1602 len -= 2;
1603 }
1604
1605 if (subpage) {
1606 goto invalid_param;
1607 }
1608 if (page_len > len) {
1609 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1610 goto invalid_param_len;
1611 }
1612 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
1613 }
1614
1615 if (!change) {
1616 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1617 goto invalid_param;
1618 }
1619 } else {
1620 scsi_disk_apply_mode_select(s, page, p);
1621 }
1622
1623 p += page_len;
1624 len -= page_len;
1625 }
1626 return 0;
1627
1628 invalid_param:
1629 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1630 return -1;
1631
1632 invalid_param_len:
1633 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1634 return -1;
1635 }
1636
scsi_disk_emulate_mode_select(SCSIDiskReq * r,uint8_t * inbuf)1637 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1638 {
1639 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1640 uint8_t *p = inbuf;
1641 int cmd = r->req.cmd.buf[0];
1642 int len = r->req.cmd.xfer;
1643 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1644 int bd_len, bs;
1645 int pass;
1646
1647 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1648 if (!(s->quirks &
1649 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1650 /* We only support PF=1, SP=0. */
1651 goto invalid_field;
1652 }
1653 }
1654
1655 if (len < hdr_len) {
1656 goto invalid_param_len;
1657 }
1658
1659 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1660 len -= hdr_len;
1661 p += hdr_len;
1662 if (len < bd_len) {
1663 goto invalid_param_len;
1664 }
1665 if (bd_len != 0 && bd_len != 8) {
1666 goto invalid_param;
1667 }
1668
1669 /* Allow changing the block size */
1670 if (bd_len) {
1671 bs = p[5] << 16 | p[6] << 8 | p[7];
1672
1673 /*
1674 * Since the existing code only checks/updates bits 8-15 of the block
1675 * size, restrict ourselves to the same requirement for now to ensure
1676 * that a block size set by a block descriptor and then read back by
1677 * a subsequent SCSI command will be the same. Also disallow a block
1678 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE.
1679 */
1680 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) {
1681 s->qdev.blocksize = bs;
1682 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1683 }
1684 }
1685
1686 len -= bd_len;
1687 p += bd_len;
1688
1689 /* Ensure no change is made if there is an error! */
1690 for (pass = 0; pass < 2; pass++) {
1691 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1692 assert(pass == 0);
1693 return;
1694 }
1695 }
1696 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1697 /* The request is used as the AIO opaque value, so add a ref. */
1698 scsi_req_ref(&r->req);
1699 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1700 BLOCK_ACCT_FLUSH);
1701 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1702 return;
1703 }
1704
1705 scsi_req_complete(&r->req, GOOD);
1706 return;
1707
1708 invalid_param:
1709 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1710 return;
1711
1712 invalid_param_len:
1713 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1714 return;
1715
1716 invalid_field:
1717 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1718 }
1719
1720 /* sector_num and nb_sectors expected to be in qdev blocksize */
check_lba_range(SCSIDiskState * s,uint64_t sector_num,uint32_t nb_sectors)1721 static inline bool check_lba_range(SCSIDiskState *s,
1722 uint64_t sector_num, uint32_t nb_sectors)
1723 {
1724 /*
1725 * The first line tests that no overflow happens when computing the last
1726 * sector. The second line tests that the last accessed sector is in
1727 * range.
1728 *
1729 * Careful, the computations should not underflow for nb_sectors == 0,
1730 * and a 0-block read to the first LBA beyond the end of device is
1731 * valid.
1732 */
1733 return (sector_num <= sector_num + nb_sectors &&
1734 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1735 }
1736
1737 typedef struct UnmapCBData {
1738 SCSIDiskReq *r;
1739 uint8_t *inbuf;
1740 int count;
1741 } UnmapCBData;
1742
1743 static void scsi_unmap_complete(void *opaque, int ret);
1744
scsi_unmap_complete_noio(UnmapCBData * data,int ret)1745 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1746 {
1747 SCSIDiskReq *r = data->r;
1748 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1749
1750 assert(r->req.aiocb == NULL);
1751
1752 if (data->count > 0) {
1753 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1754 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1755 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1756 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1757
1758 if (!check_lba_range(s, sector_num, nb_sectors)) {
1759 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1760 BLOCK_ACCT_UNMAP);
1761 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1762 goto done;
1763 }
1764
1765 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1766 r->sector_count * BDRV_SECTOR_SIZE,
1767 BLOCK_ACCT_UNMAP);
1768
1769 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1770 r->sector * BDRV_SECTOR_SIZE,
1771 r->sector_count * BDRV_SECTOR_SIZE,
1772 scsi_unmap_complete, data);
1773 data->count--;
1774 data->inbuf += 16;
1775 return;
1776 }
1777
1778 scsi_req_complete(&r->req, GOOD);
1779
1780 done:
1781 scsi_req_unref(&r->req);
1782 g_free(data);
1783 }
1784
scsi_unmap_complete(void * opaque,int ret)1785 static void scsi_unmap_complete(void *opaque, int ret)
1786 {
1787 UnmapCBData *data = opaque;
1788 SCSIDiskReq *r = data->r;
1789 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1790
1791 assert(r->req.aiocb != NULL);
1792 r->req.aiocb = NULL;
1793
1794 if (scsi_disk_req_check_error(r, ret, true)) {
1795 scsi_req_unref(&r->req);
1796 g_free(data);
1797 } else {
1798 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1799 scsi_unmap_complete_noio(data, ret);
1800 }
1801 }
1802
scsi_disk_emulate_unmap(SCSIDiskReq * r,uint8_t * inbuf)1803 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1804 {
1805 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1806 uint8_t *p = inbuf;
1807 int len = r->req.cmd.xfer;
1808 UnmapCBData *data;
1809
1810 /* Reject ANCHOR=1. */
1811 if (r->req.cmd.buf[1] & 0x1) {
1812 goto invalid_field;
1813 }
1814
1815 if (len < 8) {
1816 goto invalid_param_len;
1817 }
1818 if (len < lduw_be_p(&p[0]) + 2) {
1819 goto invalid_param_len;
1820 }
1821 if (len < lduw_be_p(&p[2]) + 8) {
1822 goto invalid_param_len;
1823 }
1824 if (lduw_be_p(&p[2]) & 15) {
1825 goto invalid_param_len;
1826 }
1827
1828 if (!blk_is_writable(s->qdev.conf.blk)) {
1829 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1830 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1831 return;
1832 }
1833
1834 data = g_new0(UnmapCBData, 1);
1835 data->r = r;
1836 data->inbuf = &p[8];
1837 data->count = lduw_be_p(&p[2]) >> 4;
1838
1839 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1840 scsi_req_ref(&r->req);
1841 scsi_unmap_complete_noio(data, 0);
1842 return;
1843
1844 invalid_param_len:
1845 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1846 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1847 return;
1848
1849 invalid_field:
1850 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1851 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1852 }
1853
1854 typedef struct WriteSameCBData {
1855 SCSIDiskReq *r;
1856 int64_t sector;
1857 int nb_sectors;
1858 QEMUIOVector qiov;
1859 struct iovec iov;
1860 } WriteSameCBData;
1861
scsi_write_same_complete(void * opaque,int ret)1862 static void scsi_write_same_complete(void *opaque, int ret)
1863 {
1864 WriteSameCBData *data = opaque;
1865 SCSIDiskReq *r = data->r;
1866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1867
1868 assert(r->req.aiocb != NULL);
1869 r->req.aiocb = NULL;
1870
1871 if (scsi_disk_req_check_error(r, ret, true)) {
1872 goto done;
1873 }
1874
1875 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1876
1877 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1878 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1879 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1880 data->iov.iov_len);
1881 if (data->iov.iov_len) {
1882 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1883 data->iov.iov_len, BLOCK_ACCT_WRITE);
1884 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1885 * where final qiov may need smaller size */
1886 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1887 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1888 data->sector << BDRV_SECTOR_BITS,
1889 &data->qiov, 0,
1890 scsi_write_same_complete, data);
1891 return;
1892 }
1893
1894 scsi_req_complete(&r->req, GOOD);
1895
1896 done:
1897 scsi_req_unref(&r->req);
1898 qemu_vfree(data->iov.iov_base);
1899 g_free(data);
1900 }
1901
scsi_disk_emulate_write_same(SCSIDiskReq * r,uint8_t * inbuf)1902 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1903 {
1904 SCSIRequest *req = &r->req;
1905 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1906 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1907 WriteSameCBData *data;
1908 uint8_t *buf;
1909 int i, l;
1910
1911 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1912 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1913 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1914 return;
1915 }
1916
1917 if (!blk_is_writable(s->qdev.conf.blk)) {
1918 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1919 return;
1920 }
1921 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1922 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1923 return;
1924 }
1925
1926 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1927 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1928
1929 /* The request is used as the AIO opaque value, so add a ref. */
1930 scsi_req_ref(&r->req);
1931 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1932 nb_sectors * s->qdev.blocksize,
1933 BLOCK_ACCT_WRITE);
1934 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1935 r->req.cmd.lba * s->qdev.blocksize,
1936 nb_sectors * s->qdev.blocksize,
1937 flags, scsi_aio_complete, r);
1938 return;
1939 }
1940
1941 data = g_new0(WriteSameCBData, 1);
1942 data->r = r;
1943 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1944 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1945 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1946 SCSI_WRITE_SAME_MAX);
1947 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1948 data->iov.iov_len);
1949 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1950
1951 for (i = 0; i < data->iov.iov_len; i += l) {
1952 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1953 memcpy(&buf[i], inbuf, l);
1954 }
1955
1956 scsi_req_ref(&r->req);
1957 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1958 data->iov.iov_len, BLOCK_ACCT_WRITE);
1959 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1960 data->sector << BDRV_SECTOR_BITS,
1961 &data->qiov, 0,
1962 scsi_write_same_complete, data);
1963 }
1964
scsi_disk_emulate_write_data(SCSIRequest * req)1965 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1966 {
1967 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1968
1969 if (r->iov.iov_len) {
1970 int buflen = r->iov.iov_len;
1971 trace_scsi_disk_emulate_write_data(buflen);
1972 r->iov.iov_len = 0;
1973 scsi_req_data(&r->req, buflen);
1974 return;
1975 }
1976
1977 switch (req->cmd.buf[0]) {
1978 case MODE_SELECT:
1979 case MODE_SELECT_10:
1980 /* This also clears the sense buffer for REQUEST SENSE. */
1981 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1982 break;
1983
1984 case UNMAP:
1985 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1986 break;
1987
1988 case VERIFY_10:
1989 case VERIFY_12:
1990 case VERIFY_16:
1991 if (r->req.status == -1) {
1992 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1993 }
1994 break;
1995
1996 case WRITE_SAME_10:
1997 case WRITE_SAME_16:
1998 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1999 break;
2000
2001 case FORMAT_UNIT:
2002 scsi_req_complete(&r->req, GOOD);
2003 break;
2004
2005 default:
2006 abort();
2007 }
2008 }
2009
scsi_disk_emulate_command(SCSIRequest * req,uint8_t * buf)2010 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
2011 {
2012 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2014 uint64_t nb_sectors;
2015 uint8_t *outbuf;
2016 int buflen;
2017
2018 switch (req->cmd.buf[0]) {
2019 case INQUIRY:
2020 case MODE_SENSE:
2021 case MODE_SENSE_10:
2022 case RESERVE:
2023 case RESERVE_10:
2024 case RELEASE:
2025 case RELEASE_10:
2026 case START_STOP:
2027 case ALLOW_MEDIUM_REMOVAL:
2028 case GET_CONFIGURATION:
2029 case GET_EVENT_STATUS_NOTIFICATION:
2030 case MECHANISM_STATUS:
2031 case REQUEST_SENSE:
2032 break;
2033
2034 default:
2035 if (!blk_is_available(s->qdev.conf.blk)) {
2036 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2037 return 0;
2038 }
2039 break;
2040 }
2041
2042 /*
2043 * FIXME: we shouldn't return anything bigger than 4k, but the code
2044 * requires the buffer to be as big as req->cmd.xfer in several
2045 * places. So, do not allow CDBs with a very large ALLOCATION
2046 * LENGTH. The real fix would be to modify scsi_read_data and
2047 * dma_buf_read, so that they return data beyond the buflen
2048 * as all zeros.
2049 */
2050 if (req->cmd.xfer > 65536) {
2051 goto illegal_request;
2052 }
2053 r->buflen = MAX(4096, req->cmd.xfer);
2054
2055 if (!r->iov.iov_base) {
2056 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
2057 }
2058
2059 outbuf = r->iov.iov_base;
2060 memset(outbuf, 0, r->buflen);
2061 switch (req->cmd.buf[0]) {
2062 case TEST_UNIT_READY:
2063 assert(blk_is_available(s->qdev.conf.blk));
2064 break;
2065 case INQUIRY:
2066 buflen = scsi_disk_emulate_inquiry(req, outbuf);
2067 if (buflen < 0) {
2068 goto illegal_request;
2069 }
2070 break;
2071 case MODE_SENSE:
2072 case MODE_SENSE_10:
2073 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
2074 if (buflen < 0) {
2075 goto illegal_request;
2076 }
2077 break;
2078 case READ_TOC:
2079 buflen = scsi_disk_emulate_read_toc(req, outbuf);
2080 if (buflen < 0) {
2081 goto illegal_request;
2082 }
2083 break;
2084 case RESERVE:
2085 if (req->cmd.buf[1] & 1) {
2086 goto illegal_request;
2087 }
2088 break;
2089 case RESERVE_10:
2090 if (req->cmd.buf[1] & 3) {
2091 goto illegal_request;
2092 }
2093 break;
2094 case RELEASE:
2095 if (req->cmd.buf[1] & 1) {
2096 goto illegal_request;
2097 }
2098 break;
2099 case RELEASE_10:
2100 if (req->cmd.buf[1] & 3) {
2101 goto illegal_request;
2102 }
2103 break;
2104 case START_STOP:
2105 if (scsi_disk_emulate_start_stop(r) < 0) {
2106 return 0;
2107 }
2108 break;
2109 case ALLOW_MEDIUM_REMOVAL:
2110 s->tray_locked = req->cmd.buf[4] & 1;
2111 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
2112 break;
2113 case READ_CAPACITY_10:
2114 /* The normal LEN field for this command is zero. */
2115 memset(outbuf, 0, 8);
2116 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2117 if (!nb_sectors) {
2118 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2119 return 0;
2120 }
2121 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2122 goto illegal_request;
2123 }
2124 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2125 /* Returned value is the address of the last sector. */
2126 nb_sectors--;
2127 /* Remember the new size for read/write sanity checking. */
2128 s->qdev.max_lba = nb_sectors;
2129 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
2130 if (nb_sectors > UINT32_MAX) {
2131 nb_sectors = UINT32_MAX;
2132 }
2133 outbuf[0] = (nb_sectors >> 24) & 0xff;
2134 outbuf[1] = (nb_sectors >> 16) & 0xff;
2135 outbuf[2] = (nb_sectors >> 8) & 0xff;
2136 outbuf[3] = nb_sectors & 0xff;
2137 outbuf[4] = 0;
2138 outbuf[5] = 0;
2139 outbuf[6] = s->qdev.blocksize >> 8;
2140 outbuf[7] = 0;
2141 break;
2142 case REQUEST_SENSE:
2143 /* Just return "NO SENSE". */
2144 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2145 (req->cmd.buf[1] & 1) == 0);
2146 if (buflen < 0) {
2147 goto illegal_request;
2148 }
2149 break;
2150 case MECHANISM_STATUS:
2151 buflen = scsi_emulate_mechanism_status(s, outbuf);
2152 if (buflen < 0) {
2153 goto illegal_request;
2154 }
2155 break;
2156 case GET_CONFIGURATION:
2157 buflen = scsi_get_configuration(s, outbuf);
2158 if (buflen < 0) {
2159 goto illegal_request;
2160 }
2161 break;
2162 case GET_EVENT_STATUS_NOTIFICATION:
2163 buflen = scsi_get_event_status_notification(s, r, outbuf);
2164 if (buflen < 0) {
2165 goto illegal_request;
2166 }
2167 break;
2168 case READ_DISC_INFORMATION:
2169 buflen = scsi_read_disc_information(s, r, outbuf);
2170 if (buflen < 0) {
2171 goto illegal_request;
2172 }
2173 break;
2174 case READ_DVD_STRUCTURE:
2175 buflen = scsi_read_dvd_structure(s, r, outbuf);
2176 if (buflen < 0) {
2177 goto illegal_request;
2178 }
2179 break;
2180 case SERVICE_ACTION_IN_16:
2181 /* Service Action In subcommands. */
2182 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2183 trace_scsi_disk_emulate_command_SAI_16();
2184 memset(outbuf, 0, req->cmd.xfer);
2185 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2186 if (!nb_sectors) {
2187 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2188 return 0;
2189 }
2190 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2191 goto illegal_request;
2192 }
2193 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2194 /* Returned value is the address of the last sector. */
2195 nb_sectors--;
2196 /* Remember the new size for read/write sanity checking. */
2197 s->qdev.max_lba = nb_sectors;
2198 outbuf[0] = (nb_sectors >> 56) & 0xff;
2199 outbuf[1] = (nb_sectors >> 48) & 0xff;
2200 outbuf[2] = (nb_sectors >> 40) & 0xff;
2201 outbuf[3] = (nb_sectors >> 32) & 0xff;
2202 outbuf[4] = (nb_sectors >> 24) & 0xff;
2203 outbuf[5] = (nb_sectors >> 16) & 0xff;
2204 outbuf[6] = (nb_sectors >> 8) & 0xff;
2205 outbuf[7] = nb_sectors & 0xff;
2206 outbuf[8] = 0;
2207 outbuf[9] = 0;
2208 outbuf[10] = s->qdev.blocksize >> 8;
2209 outbuf[11] = 0;
2210 outbuf[12] = 0;
2211 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2212
2213 /* set TPE bit if the format supports discard */
2214 if (s->qdev.conf.discard_granularity) {
2215 outbuf[14] = 0x80;
2216 }
2217
2218 /* Protection, exponent and lowest lba field left blank. */
2219 break;
2220 }
2221 trace_scsi_disk_emulate_command_SAI_unsupported();
2222 goto illegal_request;
2223 case SYNCHRONIZE_CACHE:
2224 /* The request is used as the AIO opaque value, so add a ref. */
2225 scsi_req_ref(&r->req);
2226 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2227 BLOCK_ACCT_FLUSH);
2228 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2229 return 0;
2230 case SEEK_10:
2231 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2232 if (r->req.cmd.lba > s->qdev.max_lba) {
2233 goto illegal_lba;
2234 }
2235 break;
2236 case MODE_SELECT:
2237 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2238 break;
2239 case MODE_SELECT_10:
2240 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2241 break;
2242 case UNMAP:
2243 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2244 break;
2245 case VERIFY_10:
2246 case VERIFY_12:
2247 case VERIFY_16:
2248 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2249 if (req->cmd.buf[1] & 6) {
2250 goto illegal_request;
2251 }
2252 break;
2253 case WRITE_SAME_10:
2254 case WRITE_SAME_16:
2255 trace_scsi_disk_emulate_command_WRITE_SAME(
2256 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2257 break;
2258 case FORMAT_UNIT:
2259 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2260 break;
2261 default:
2262 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2263 scsi_command_name(buf[0]));
2264 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2265 return 0;
2266 }
2267 assert(!r->req.aiocb);
2268 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2269 if (r->iov.iov_len == 0) {
2270 scsi_req_complete(&r->req, GOOD);
2271 }
2272 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2273 assert(r->iov.iov_len == req->cmd.xfer);
2274 return -r->iov.iov_len;
2275 } else {
2276 return r->iov.iov_len;
2277 }
2278
2279 illegal_request:
2280 if (r->req.status == -1) {
2281 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2282 }
2283 return 0;
2284
2285 illegal_lba:
2286 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2287 return 0;
2288 }
2289
2290 /* Execute a scsi command. Returns the length of the data expected by the
2291 command. This will be Positive for data transfers from the device
2292 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2293 and zero if the command does not transfer any data. */
2294
scsi_disk_dma_command(SCSIRequest * req,uint8_t * buf)2295 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2296 {
2297 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2299 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2300 uint32_t len;
2301 uint8_t command;
2302
2303 command = buf[0];
2304
2305 if (!blk_is_available(s->qdev.conf.blk)) {
2306 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2307 return 0;
2308 }
2309
2310 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2311 switch (command) {
2312 case READ_6:
2313 case READ_10:
2314 case READ_12:
2315 case READ_16:
2316 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2317 /* Protection information is not supported. For SCSI versions 2 and
2318 * older (as determined by snooping the guest's INQUIRY commands),
2319 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2320 */
2321 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2322 goto illegal_request;
2323 }
2324 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2325 goto illegal_lba;
2326 }
2327 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2328 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2329 break;
2330 case WRITE_6:
2331 case WRITE_10:
2332 case WRITE_12:
2333 case WRITE_16:
2334 case WRITE_VERIFY_10:
2335 case WRITE_VERIFY_12:
2336 case WRITE_VERIFY_16:
2337 if (!blk_is_writable(s->qdev.conf.blk)) {
2338 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2339 return 0;
2340 }
2341 trace_scsi_disk_dma_command_WRITE(
2342 (command & 0xe) == 0xe ? "And Verify " : "",
2343 r->req.cmd.lba, len);
2344 /* fall through */
2345 case VERIFY_10:
2346 case VERIFY_12:
2347 case VERIFY_16:
2348 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2349 * As far as DMA is concerned, we can treat it the same as a write;
2350 * scsi_block_do_sgio will send VERIFY commands.
2351 */
2352 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2353 goto illegal_request;
2354 }
2355 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2356 goto illegal_lba;
2357 }
2358 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2359 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2360 break;
2361 default:
2362 abort();
2363 illegal_request:
2364 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2365 return 0;
2366 illegal_lba:
2367 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2368 return 0;
2369 }
2370 r->need_fua = sdc->need_fua(&r->req.cmd);
2371 if (r->sector_count == 0) {
2372 scsi_req_complete(&r->req, GOOD);
2373 }
2374 assert(r->iov.iov_len == 0);
2375 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2376 return -r->sector_count * BDRV_SECTOR_SIZE;
2377 } else {
2378 return r->sector_count * BDRV_SECTOR_SIZE;
2379 }
2380 }
2381
scsi_disk_reset(DeviceState * dev)2382 static void scsi_disk_reset(DeviceState *dev)
2383 {
2384 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2385 uint64_t nb_sectors;
2386
2387 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2388
2389 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2390
2391 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2392 if (nb_sectors) {
2393 nb_sectors--;
2394 }
2395 s->qdev.max_lba = nb_sectors;
2396 /* reset tray statuses */
2397 s->tray_locked = 0;
2398 s->tray_open = 0;
2399
2400 s->qdev.scsi_version = s->qdev.default_scsi_version;
2401 }
2402
scsi_disk_drained_begin(void * opaque)2403 static void scsi_disk_drained_begin(void *opaque)
2404 {
2405 SCSIDiskState *s = opaque;
2406
2407 scsi_device_drained_begin(&s->qdev);
2408 }
2409
scsi_disk_drained_end(void * opaque)2410 static void scsi_disk_drained_end(void *opaque)
2411 {
2412 SCSIDiskState *s = opaque;
2413
2414 scsi_device_drained_end(&s->qdev);
2415 }
2416
scsi_disk_resize_cb(void * opaque)2417 static void scsi_disk_resize_cb(void *opaque)
2418 {
2419 SCSIDiskState *s = opaque;
2420
2421 /* SPC lists this sense code as available only for
2422 * direct-access devices.
2423 */
2424 if (s->qdev.type == TYPE_DISK) {
2425 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2426 }
2427 }
2428
scsi_cd_change_media_cb(void * opaque,bool load,Error ** errp)2429 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2430 {
2431 SCSIDiskState *s = opaque;
2432
2433 /*
2434 * When a CD gets changed, we have to report an ejected state and
2435 * then a loaded state to guests so that they detect tray
2436 * open/close and media change events. Guests that do not use
2437 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2438 * states rely on this behavior.
2439 *
2440 * media_changed governs the state machine used for unit attention
2441 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2442 */
2443 s->media_changed = load;
2444 s->tray_open = !load;
2445 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2446 s->media_event = true;
2447 s->eject_request = false;
2448 }
2449
scsi_cd_eject_request_cb(void * opaque,bool force)2450 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2451 {
2452 SCSIDiskState *s = opaque;
2453
2454 s->eject_request = true;
2455 if (force) {
2456 s->tray_locked = false;
2457 }
2458 }
2459
scsi_cd_is_tray_open(void * opaque)2460 static bool scsi_cd_is_tray_open(void *opaque)
2461 {
2462 return ((SCSIDiskState *)opaque)->tray_open;
2463 }
2464
scsi_cd_is_medium_locked(void * opaque)2465 static bool scsi_cd_is_medium_locked(void *opaque)
2466 {
2467 return ((SCSIDiskState *)opaque)->tray_locked;
2468 }
2469
2470 static const BlockDevOps scsi_disk_removable_block_ops = {
2471 .change_media_cb = scsi_cd_change_media_cb,
2472 .drained_begin = scsi_disk_drained_begin,
2473 .drained_end = scsi_disk_drained_end,
2474 .eject_request_cb = scsi_cd_eject_request_cb,
2475 .is_medium_locked = scsi_cd_is_medium_locked,
2476 .is_tray_open = scsi_cd_is_tray_open,
2477 .resize_cb = scsi_disk_resize_cb,
2478 };
2479
2480 static const BlockDevOps scsi_disk_block_ops = {
2481 .drained_begin = scsi_disk_drained_begin,
2482 .drained_end = scsi_disk_drained_end,
2483 .resize_cb = scsi_disk_resize_cb,
2484 };
2485
scsi_disk_unit_attention_reported(SCSIDevice * dev)2486 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2487 {
2488 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2489 if (s->media_changed) {
2490 s->media_changed = false;
2491 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2492 }
2493 }
2494
scsi_realize(SCSIDevice * dev,Error ** errp)2495 static void scsi_realize(SCSIDevice *dev, Error **errp)
2496 {
2497 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2498 bool read_only;
2499
2500 if (!s->qdev.conf.blk) {
2501 error_setg(errp, "drive property not set");
2502 return;
2503 }
2504
2505 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2506 !blk_is_inserted(s->qdev.conf.blk)) {
2507 error_setg(errp, "Device needs media, but drive is empty");
2508 return;
2509 }
2510
2511 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2512 return;
2513 }
2514
2515 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2516 !s->qdev.hba_supports_iothread)
2517 {
2518 error_setg(errp, "HBA does not support iothreads");
2519 return;
2520 }
2521
2522 if (dev->type == TYPE_DISK) {
2523 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2524 return;
2525 }
2526 }
2527
2528 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2529 if (dev->type == TYPE_ROM) {
2530 read_only = true;
2531 }
2532
2533 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2534 dev->type == TYPE_DISK, errp)) {
2535 return;
2536 }
2537
2538 if (s->qdev.conf.discard_granularity == -1) {
2539 s->qdev.conf.discard_granularity =
2540 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2541 }
2542
2543 if (!s->version) {
2544 s->version = g_strdup(qemu_hw_version());
2545 }
2546 if (!s->vendor) {
2547 s->vendor = g_strdup("QEMU");
2548 }
2549 if (s->serial && strlen(s->serial) > MAX_SERIAL_LEN) {
2550 error_setg(errp, "The serial number can't be longer than %d characters",
2551 MAX_SERIAL_LEN);
2552 return;
2553 }
2554 if (!s->device_id) {
2555 if (s->serial) {
2556 if (strlen(s->serial) > MAX_SERIAL_LEN_FOR_DEVID) {
2557 error_setg(errp, "The serial number can't be longer than %d "
2558 "characters when it is also used as the default for "
2559 "device_id", MAX_SERIAL_LEN_FOR_DEVID);
2560 return;
2561 }
2562 s->device_id = g_strdup(s->serial);
2563 } else {
2564 const char *str = blk_name(s->qdev.conf.blk);
2565 if (str && *str) {
2566 s->device_id = g_strdup(str);
2567 }
2568 }
2569 }
2570
2571 if (blk_is_sg(s->qdev.conf.blk)) {
2572 error_setg(errp, "unwanted /dev/sg*");
2573 return;
2574 }
2575
2576 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2577 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2578 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2579 } else {
2580 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2581 }
2582
2583 blk_iostatus_enable(s->qdev.conf.blk);
2584
2585 add_boot_device_lchs(&dev->qdev, NULL,
2586 dev->conf.lcyls,
2587 dev->conf.lheads,
2588 dev->conf.lsecs);
2589 }
2590
scsi_unrealize(SCSIDevice * dev)2591 static void scsi_unrealize(SCSIDevice *dev)
2592 {
2593 del_boot_device_lchs(&dev->qdev, NULL);
2594 }
2595
scsi_hd_realize(SCSIDevice * dev,Error ** errp)2596 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2597 {
2598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2599
2600 /* can happen for devices without drive. The error message for missing
2601 * backend will be issued in scsi_realize
2602 */
2603 if (s->qdev.conf.blk) {
2604 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2605 return;
2606 }
2607 }
2608 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2609 s->qdev.type = TYPE_DISK;
2610 if (!s->product) {
2611 s->product = g_strdup("QEMU HARDDISK");
2612 }
2613 scsi_realize(&s->qdev, errp);
2614 }
2615
scsi_cd_realize(SCSIDevice * dev,Error ** errp)2616 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2617 {
2618 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2619 int ret;
2620 uint32_t blocksize = 2048;
2621
2622 if (!dev->conf.blk) {
2623 /* Anonymous BlockBackend for an empty drive. As we put it into
2624 * dev->conf, qdev takes care of detaching on unplug. */
2625 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2626 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2627 assert(ret == 0);
2628 }
2629
2630 if (dev->conf.physical_block_size != 0) {
2631 blocksize = dev->conf.physical_block_size;
2632 }
2633
2634 s->qdev.blocksize = blocksize;
2635 s->qdev.type = TYPE_ROM;
2636 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2637 if (!s->product) {
2638 s->product = g_strdup("QEMU CD-ROM");
2639 }
2640 scsi_realize(&s->qdev, errp);
2641 }
2642
2643
2644 static const SCSIReqOps scsi_disk_emulate_reqops = {
2645 .size = sizeof(SCSIDiskReq),
2646 .free_req = scsi_free_request,
2647 .send_command = scsi_disk_emulate_command,
2648 .read_data = scsi_disk_emulate_read_data,
2649 .write_data = scsi_disk_emulate_write_data,
2650 .get_buf = scsi_get_buf,
2651 .load_request = scsi_disk_emulate_load_request,
2652 .save_request = scsi_disk_emulate_save_request,
2653 };
2654
2655 static const SCSIReqOps scsi_disk_dma_reqops = {
2656 .size = sizeof(SCSIDiskReq),
2657 .free_req = scsi_free_request,
2658 .send_command = scsi_disk_dma_command,
2659 .read_data = scsi_read_data,
2660 .write_data = scsi_write_data,
2661 .get_buf = scsi_get_buf,
2662 .load_request = scsi_disk_load_request,
2663 .save_request = scsi_disk_save_request,
2664 };
2665
2666 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2667 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2668 [INQUIRY] = &scsi_disk_emulate_reqops,
2669 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2670 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2671 [START_STOP] = &scsi_disk_emulate_reqops,
2672 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2673 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2674 [READ_TOC] = &scsi_disk_emulate_reqops,
2675 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2676 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2677 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2678 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2679 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2680 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2681 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2682 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2683 [SEEK_10] = &scsi_disk_emulate_reqops,
2684 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2685 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2686 [UNMAP] = &scsi_disk_emulate_reqops,
2687 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2688 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2689 [VERIFY_10] = &scsi_disk_emulate_reqops,
2690 [VERIFY_12] = &scsi_disk_emulate_reqops,
2691 [VERIFY_16] = &scsi_disk_emulate_reqops,
2692 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
2693
2694 [READ_6] = &scsi_disk_dma_reqops,
2695 [READ_10] = &scsi_disk_dma_reqops,
2696 [READ_12] = &scsi_disk_dma_reqops,
2697 [READ_16] = &scsi_disk_dma_reqops,
2698 [WRITE_6] = &scsi_disk_dma_reqops,
2699 [WRITE_10] = &scsi_disk_dma_reqops,
2700 [WRITE_12] = &scsi_disk_dma_reqops,
2701 [WRITE_16] = &scsi_disk_dma_reqops,
2702 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2703 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2704 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2705 };
2706
scsi_disk_new_request_dump(uint32_t lun,uint32_t tag,uint8_t * buf)2707 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2708 {
2709 int len = scsi_cdb_length(buf);
2710 g_autoptr(GString) str = NULL;
2711
2712 assert(len > 0 && len <= 16);
2713 str = qemu_hexdump_line(NULL, buf, len, 1, 0);
2714 trace_scsi_disk_new_request(lun, tag, str->str);
2715 }
2716
scsi_new_request(SCSIDevice * d,uint32_t tag,uint32_t lun,uint8_t * buf,void * hba_private)2717 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2718 uint8_t *buf, void *hba_private)
2719 {
2720 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2721 SCSIRequest *req;
2722 const SCSIReqOps *ops;
2723 uint8_t command;
2724
2725 command = buf[0];
2726 ops = scsi_disk_reqops_dispatch[command];
2727 if (!ops) {
2728 ops = &scsi_disk_emulate_reqops;
2729 }
2730 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2731
2732 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2733 scsi_disk_new_request_dump(lun, tag, buf);
2734 }
2735
2736 return req;
2737 }
2738
2739 #ifdef __linux__
get_device_type(SCSIDiskState * s)2740 static int get_device_type(SCSIDiskState *s)
2741 {
2742 uint8_t cmd[16];
2743 uint8_t buf[36];
2744 int ret;
2745
2746 memset(cmd, 0, sizeof(cmd));
2747 memset(buf, 0, sizeof(buf));
2748 cmd[0] = INQUIRY;
2749 cmd[4] = sizeof(buf);
2750
2751 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2752 buf, sizeof(buf), s->qdev.io_timeout);
2753 if (ret < 0) {
2754 return -1;
2755 }
2756 s->qdev.type = buf[0];
2757 if (buf[1] & 0x80) {
2758 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2759 }
2760 return 0;
2761 }
2762
scsi_block_realize(SCSIDevice * dev,Error ** errp)2763 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2764 {
2765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2766 int sg_version;
2767 int rc;
2768
2769 if (!s->qdev.conf.blk) {
2770 error_setg(errp, "drive property not set");
2771 return;
2772 }
2773
2774 if (s->rotation_rate) {
2775 error_report_once("rotation_rate is specified for scsi-block but is "
2776 "not implemented. This option is deprecated and will "
2777 "be removed in a future version");
2778 }
2779
2780 /* check we are using a driver managing SG_IO (version 3 and after) */
2781 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2782 if (rc < 0) {
2783 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2784 if (rc != -EPERM) {
2785 error_append_hint(errp, "Is this a SCSI device?\n");
2786 }
2787 return;
2788 }
2789 if (sg_version < 30000) {
2790 error_setg(errp, "scsi generic interface too old");
2791 return;
2792 }
2793
2794 /* get device type from INQUIRY data */
2795 rc = get_device_type(s);
2796 if (rc < 0) {
2797 error_setg(errp, "INQUIRY failed");
2798 return;
2799 }
2800
2801 /* Make a guess for the block size, we'll fix it when the guest sends.
2802 * READ CAPACITY. If they don't, they likely would assume these sizes
2803 * anyway. (TODO: check in /sys).
2804 */
2805 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2806 s->qdev.blocksize = 2048;
2807 } else {
2808 s->qdev.blocksize = 512;
2809 }
2810
2811 /* Makes the scsi-block device not removable by using HMP and QMP eject
2812 * command.
2813 */
2814 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2815
2816 scsi_realize(&s->qdev, errp);
2817 scsi_generic_read_device_inquiry(&s->qdev);
2818 }
2819
2820 typedef struct SCSIBlockReq {
2821 SCSIDiskReq req;
2822 sg_io_hdr_t io_header;
2823
2824 /* Selected bytes of the original CDB, copied into our own CDB. */
2825 uint8_t cmd, cdb1, group_number;
2826
2827 /* CDB passed to SG_IO. */
2828 uint8_t cdb[16];
2829 BlockCompletionFunc *cb;
2830 void *cb_opaque;
2831 } SCSIBlockReq;
2832
scsi_block_sgio_complete(void * opaque,int ret)2833 static void scsi_block_sgio_complete(void *opaque, int ret)
2834 {
2835 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2836 SCSIDiskReq *r = &req->req;
2837 sg_io_hdr_t *io_hdr = &req->io_header;
2838
2839 if (ret == 0) {
2840 if (io_hdr->host_status != SCSI_HOST_OK) {
2841 r->req.host_status = io_hdr->host_status;
2842 ret = -ENODEV;
2843 } else if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2844 ret = BUSY;
2845 } else {
2846 ret = io_hdr->status;
2847 }
2848 }
2849
2850 req->cb(req->cb_opaque, ret);
2851 }
2852
scsi_block_do_sgio(SCSIBlockReq * req,int64_t offset,QEMUIOVector * iov,int direction,BlockCompletionFunc * cb,void * opaque)2853 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2854 int64_t offset, QEMUIOVector *iov,
2855 int direction,
2856 BlockCompletionFunc *cb, void *opaque)
2857 {
2858 sg_io_hdr_t *io_header = &req->io_header;
2859 SCSIDiskReq *r = &req->req;
2860 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2861 int nb_logical_blocks;
2862 uint64_t lba;
2863 BlockAIOCB *aiocb;
2864
2865 /* This is not supported yet. It can only happen if the guest does
2866 * reads and writes that are not aligned to one logical sectors
2867 * _and_ cover multiple MemoryRegions.
2868 */
2869 assert(offset % s->qdev.blocksize == 0);
2870 assert(iov->size % s->qdev.blocksize == 0);
2871
2872 io_header->interface_id = 'S';
2873
2874 /* The data transfer comes from the QEMUIOVector. */
2875 io_header->dxfer_direction = direction;
2876 io_header->dxfer_len = iov->size;
2877 io_header->dxferp = (void *)iov->iov;
2878 io_header->iovec_count = iov->niov;
2879 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2880
2881 /* Build a new CDB with the LBA and length patched in, in case
2882 * DMA helpers split the transfer in multiple segments. Do not
2883 * build a CDB smaller than what the guest wanted, and only build
2884 * a larger one if strictly necessary.
2885 */
2886 io_header->cmdp = req->cdb;
2887 lba = offset / s->qdev.blocksize;
2888 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2889
2890 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2891 /* 6-byte CDB */
2892 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2893 req->cdb[4] = nb_logical_blocks;
2894 req->cdb[5] = 0;
2895 io_header->cmd_len = 6;
2896 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2897 /* 10-byte CDB */
2898 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2899 req->cdb[1] = req->cdb1;
2900 stl_be_p(&req->cdb[2], lba);
2901 req->cdb[6] = req->group_number;
2902 stw_be_p(&req->cdb[7], nb_logical_blocks);
2903 req->cdb[9] = 0;
2904 io_header->cmd_len = 10;
2905 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2906 /* 12-byte CDB */
2907 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2908 req->cdb[1] = req->cdb1;
2909 stl_be_p(&req->cdb[2], lba);
2910 stl_be_p(&req->cdb[6], nb_logical_blocks);
2911 req->cdb[10] = req->group_number;
2912 req->cdb[11] = 0;
2913 io_header->cmd_len = 12;
2914 } else {
2915 /* 16-byte CDB */
2916 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2917 req->cdb[1] = req->cdb1;
2918 stq_be_p(&req->cdb[2], lba);
2919 stl_be_p(&req->cdb[10], nb_logical_blocks);
2920 req->cdb[14] = req->group_number;
2921 req->cdb[15] = 0;
2922 io_header->cmd_len = 16;
2923 }
2924
2925 /* The rest is as in scsi-generic.c. */
2926 io_header->mx_sb_len = sizeof(r->req.sense);
2927 io_header->sbp = r->req.sense;
2928 io_header->timeout = s->qdev.io_timeout * 1000;
2929 io_header->usr_ptr = r;
2930 io_header->flags |= SG_FLAG_DIRECT_IO;
2931 req->cb = cb;
2932 req->cb_opaque = opaque;
2933 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2934 nb_logical_blocks, io_header->timeout);
2935 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2936 assert(aiocb != NULL);
2937 return aiocb;
2938 }
2939
scsi_block_no_fua(SCSICommand * cmd)2940 static bool scsi_block_no_fua(SCSICommand *cmd)
2941 {
2942 return false;
2943 }
2944
scsi_block_dma_readv(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)2945 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2946 QEMUIOVector *iov,
2947 BlockCompletionFunc *cb, void *cb_opaque,
2948 void *opaque)
2949 {
2950 SCSIBlockReq *r = opaque;
2951 return scsi_block_do_sgio(r, offset, iov,
2952 SG_DXFER_FROM_DEV, cb, cb_opaque);
2953 }
2954
scsi_block_dma_writev(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)2955 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2956 QEMUIOVector *iov,
2957 BlockCompletionFunc *cb, void *cb_opaque,
2958 void *opaque)
2959 {
2960 SCSIBlockReq *r = opaque;
2961 return scsi_block_do_sgio(r, offset, iov,
2962 SG_DXFER_TO_DEV, cb, cb_opaque);
2963 }
2964
scsi_block_is_passthrough(SCSIDiskState * s,uint8_t * buf)2965 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2966 {
2967 switch (buf[0]) {
2968 case VERIFY_10:
2969 case VERIFY_12:
2970 case VERIFY_16:
2971 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2972 * for the number of logical blocks specified in the length
2973 * field). For other modes, do not use scatter/gather operation.
2974 */
2975 if ((buf[1] & 6) == 2) {
2976 return false;
2977 }
2978 break;
2979
2980 case READ_6:
2981 case READ_10:
2982 case READ_12:
2983 case READ_16:
2984 case WRITE_6:
2985 case WRITE_10:
2986 case WRITE_12:
2987 case WRITE_16:
2988 case WRITE_VERIFY_10:
2989 case WRITE_VERIFY_12:
2990 case WRITE_VERIFY_16:
2991 /* MMC writing cannot be done via DMA helpers, because it sometimes
2992 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2993 * We might use scsi_block_dma_reqops as long as no writing commands are
2994 * seen, but performance usually isn't paramount on optical media. So,
2995 * just make scsi-block operate the same as scsi-generic for them.
2996 */
2997 if (s->qdev.type != TYPE_ROM) {
2998 return false;
2999 }
3000 break;
3001
3002 default:
3003 break;
3004 }
3005
3006 return true;
3007 }
3008
3009
scsi_block_dma_command(SCSIRequest * req,uint8_t * buf)3010 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
3011 {
3012 SCSIBlockReq *r = (SCSIBlockReq *)req;
3013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
3014
3015 r->cmd = req->cmd.buf[0];
3016 switch (r->cmd >> 5) {
3017 case 0:
3018 /* 6-byte CDB. */
3019 r->cdb1 = r->group_number = 0;
3020 break;
3021 case 1:
3022 /* 10-byte CDB. */
3023 r->cdb1 = req->cmd.buf[1];
3024 r->group_number = req->cmd.buf[6];
3025 break;
3026 case 4:
3027 /* 12-byte CDB. */
3028 r->cdb1 = req->cmd.buf[1];
3029 r->group_number = req->cmd.buf[10];
3030 break;
3031 case 5:
3032 /* 16-byte CDB. */
3033 r->cdb1 = req->cmd.buf[1];
3034 r->group_number = req->cmd.buf[14];
3035 break;
3036 default:
3037 abort();
3038 }
3039
3040 /* Protection information is not supported. For SCSI versions 2 and
3041 * older (as determined by snooping the guest's INQUIRY commands),
3042 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
3043 */
3044 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
3045 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3046 return 0;
3047 }
3048
3049 return scsi_disk_dma_command(req, buf);
3050 }
3051
3052 static const SCSIReqOps scsi_block_dma_reqops = {
3053 .size = sizeof(SCSIBlockReq),
3054 .free_req = scsi_free_request,
3055 .send_command = scsi_block_dma_command,
3056 .read_data = scsi_read_data,
3057 .write_data = scsi_write_data,
3058 .get_buf = scsi_get_buf,
3059 .load_request = scsi_disk_load_request,
3060 .save_request = scsi_disk_save_request,
3061 };
3062
scsi_block_new_request(SCSIDevice * d,uint32_t tag,uint32_t lun,uint8_t * buf,void * hba_private)3063 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3064 uint32_t lun, uint8_t *buf,
3065 void *hba_private)
3066 {
3067 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3068
3069 if (scsi_block_is_passthrough(s, buf)) {
3070 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3071 hba_private);
3072 } else {
3073 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
3074 hba_private);
3075 }
3076 }
3077
scsi_block_parse_cdb(SCSIDevice * d,SCSICommand * cmd,uint8_t * buf,size_t buf_len,void * hba_private)3078 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
3079 uint8_t *buf, size_t buf_len,
3080 void *hba_private)
3081 {
3082 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3083
3084 if (scsi_block_is_passthrough(s, buf)) {
3085 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3086 } else {
3087 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3088 }
3089 }
3090
scsi_block_update_sense(SCSIRequest * req)3091 static void scsi_block_update_sense(SCSIRequest *req)
3092 {
3093 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3094 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3095 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3096 }
3097 #endif
3098
3099 static
scsi_dma_readv(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)3100 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3101 BlockCompletionFunc *cb, void *cb_opaque,
3102 void *opaque)
3103 {
3104 SCSIDiskReq *r = opaque;
3105 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3106 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3107 }
3108
3109 static
scsi_dma_writev(int64_t offset,QEMUIOVector * iov,BlockCompletionFunc * cb,void * cb_opaque,void * opaque)3110 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3111 BlockCompletionFunc *cb, void *cb_opaque,
3112 void *opaque)
3113 {
3114 SCSIDiskReq *r = opaque;
3115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3116 int flags = r->need_fua ? BDRV_REQ_FUA : 0;
3117 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, flags, cb, cb_opaque);
3118 }
3119
scsi_property_get_loadparm(Object * obj,Error ** errp)3120 static char *scsi_property_get_loadparm(Object *obj, Error **errp)
3121 {
3122 return g_strdup(SCSI_DISK_BASE(obj)->loadparm);
3123 }
3124
scsi_property_set_loadparm(Object * obj,const char * value,Error ** errp)3125 static void scsi_property_set_loadparm(Object *obj, const char *value,
3126 Error **errp)
3127 {
3128 void *lp_str;
3129
3130 if (object_property_get_int(obj, "bootindex", NULL) < 0) {
3131 error_setg(errp, "'loadparm' is only valid for boot devices");
3132 return;
3133 }
3134
3135 lp_str = g_malloc0(strlen(value) + 1);
3136 if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
3137 g_free(lp_str);
3138 return;
3139 }
3140 SCSI_DISK_BASE(obj)->loadparm = lp_str;
3141 }
3142
scsi_property_add_specifics(DeviceClass * dc)3143 static void scsi_property_add_specifics(DeviceClass *dc)
3144 {
3145 ObjectClass *oc = OBJECT_CLASS(dc);
3146
3147 /* The loadparm property is only supported on s390x */
3148 if (qemu_arch_available(QEMU_ARCH_S390X)) {
3149 object_class_property_add_str(oc, "loadparm",
3150 scsi_property_get_loadparm,
3151 scsi_property_set_loadparm);
3152 object_class_property_set_description(oc, "loadparm",
3153 "load parameter (s390x only)");
3154 }
3155 }
3156
scsi_disk_base_class_initfn(ObjectClass * klass,const void * data)3157 static void scsi_disk_base_class_initfn(ObjectClass *klass, const void *data)
3158 {
3159 DeviceClass *dc = DEVICE_CLASS(klass);
3160 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3161
3162 dc->fw_name = "disk";
3163 device_class_set_legacy_reset(dc, scsi_disk_reset);
3164 sdc->dma_readv = scsi_dma_readv;
3165 sdc->dma_writev = scsi_dma_writev;
3166 sdc->need_fua = scsi_is_cmd_fua;
3167 }
3168
3169 static const TypeInfo scsi_disk_base_info = {
3170 .name = TYPE_SCSI_DISK_BASE,
3171 .parent = TYPE_SCSI_DEVICE,
3172 .class_init = scsi_disk_base_class_initfn,
3173 .instance_size = sizeof(SCSIDiskState),
3174 .class_size = sizeof(SCSIDiskClass),
3175 .abstract = true,
3176 };
3177
3178 #define DEFINE_SCSI_DISK_PROPERTIES() \
3179 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3180 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3181 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3182 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3183 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3184 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3185 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3186 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id), \
3187 DEFINE_PROP_BOOL("migrate-emulated-scsi-request", SCSIDiskState, migrate_emulated_scsi_request, true)
3188
3189
3190 static const Property scsi_hd_properties[] = {
3191 DEFINE_SCSI_DISK_PROPERTIES(),
3192 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3193 SCSI_DISK_F_REMOVABLE, false),
3194 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3195 SCSI_DISK_F_DPOFUA, true),
3196 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3197 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3198 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3199 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3200 DEFAULT_MAX_UNMAP_SIZE),
3201 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3202 DEFAULT_MAX_IO_SIZE),
3203 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3204 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3205 5),
3206 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3207 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3208 0),
3209 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3210 };
3211
3212 static const VMStateDescription vmstate_scsi_disk_state = {
3213 .name = "scsi-disk",
3214 .version_id = 1,
3215 .minimum_version_id = 1,
3216 .fields = (const VMStateField[]) {
3217 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3218 VMSTATE_BOOL(media_changed, SCSIDiskState),
3219 VMSTATE_BOOL(media_event, SCSIDiskState),
3220 VMSTATE_BOOL(eject_request, SCSIDiskState),
3221 VMSTATE_BOOL(tray_open, SCSIDiskState),
3222 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3223 VMSTATE_END_OF_LIST()
3224 }
3225 };
3226
scsi_hd_class_initfn(ObjectClass * klass,const void * data)3227 static void scsi_hd_class_initfn(ObjectClass *klass, const void *data)
3228 {
3229 DeviceClass *dc = DEVICE_CLASS(klass);
3230 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3231
3232 sc->realize = scsi_hd_realize;
3233 sc->unrealize = scsi_unrealize;
3234 sc->alloc_req = scsi_new_request;
3235 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3236 dc->desc = "virtual SCSI disk";
3237 device_class_set_props(dc, scsi_hd_properties);
3238 dc->vmsd = &vmstate_scsi_disk_state;
3239
3240 scsi_property_add_specifics(dc);
3241 }
3242
3243 static const TypeInfo scsi_hd_info = {
3244 .name = "scsi-hd",
3245 .parent = TYPE_SCSI_DISK_BASE,
3246 .class_init = scsi_hd_class_initfn,
3247 };
3248
3249 static const Property scsi_cd_properties[] = {
3250 DEFINE_SCSI_DISK_PROPERTIES(),
3251 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3252 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3253 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3254 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3255 DEFAULT_MAX_IO_SIZE),
3256 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3257 5),
3258 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3259 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
3260 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3261 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
3262 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3263 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3264 0),
3265 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3266 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
3267 };
3268
scsi_cd_class_initfn(ObjectClass * klass,const void * data)3269 static void scsi_cd_class_initfn(ObjectClass *klass, const void *data)
3270 {
3271 DeviceClass *dc = DEVICE_CLASS(klass);
3272 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3273
3274 sc->realize = scsi_cd_realize;
3275 sc->alloc_req = scsi_new_request;
3276 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3277 dc->desc = "virtual SCSI CD-ROM";
3278 device_class_set_props(dc, scsi_cd_properties);
3279 dc->vmsd = &vmstate_scsi_disk_state;
3280
3281 scsi_property_add_specifics(dc);
3282 }
3283
3284 static const TypeInfo scsi_cd_info = {
3285 .name = "scsi-cd",
3286 .parent = TYPE_SCSI_DISK_BASE,
3287 .class_init = scsi_cd_class_initfn,
3288 };
3289
3290 #ifdef __linux__
3291 static const Property scsi_block_properties[] = {
3292 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3293 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3294 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3295 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3296 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3297 DEFAULT_MAX_UNMAP_SIZE),
3298 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3299 DEFAULT_MAX_IO_SIZE),
3300 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3301 -1),
3302 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3303 DEFAULT_IO_TIMEOUT),
3304 };
3305
scsi_block_class_initfn(ObjectClass * klass,const void * data)3306 static void scsi_block_class_initfn(ObjectClass *klass, const void *data)
3307 {
3308 DeviceClass *dc = DEVICE_CLASS(klass);
3309 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3310 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3311
3312 sc->realize = scsi_block_realize;
3313 sc->alloc_req = scsi_block_new_request;
3314 sc->parse_cdb = scsi_block_parse_cdb;
3315 sdc->dma_readv = scsi_block_dma_readv;
3316 sdc->dma_writev = scsi_block_dma_writev;
3317 sdc->update_sense = scsi_block_update_sense;
3318 sdc->need_fua = scsi_block_no_fua;
3319 dc->desc = "SCSI block device passthrough";
3320 device_class_set_props(dc, scsi_block_properties);
3321 dc->vmsd = &vmstate_scsi_disk_state;
3322 }
3323
3324 static const TypeInfo scsi_block_info = {
3325 .name = "scsi-block",
3326 .parent = TYPE_SCSI_DISK_BASE,
3327 .class_init = scsi_block_class_initfn,
3328 };
3329 #endif
3330
scsi_disk_register_types(void)3331 static void scsi_disk_register_types(void)
3332 {
3333 type_register_static(&scsi_disk_base_info);
3334 type_register_static(&scsi_hd_info);
3335 type_register_static(&scsi_cd_info);
3336 #ifdef __linux__
3337 type_register_static(&scsi_block_info);
3338 #endif
3339 }
3340
3341 type_init(scsi_disk_register_types)
3342