1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu-common.h" 32 #include "qemu/error-report.h" 33 #include "hw/scsi/scsi.h" 34 #include "block/scsi.h" 35 #include "sysemu/sysemu.h" 36 #include "sysemu/blockdev.h" 37 #include "hw/block/block.h" 38 #include "sysemu/dma.h" 39 40 #ifdef __linux 41 #include <scsi/sg.h> 42 #endif 43 44 #define SCSI_WRITE_SAME_MAX 524288 45 #define SCSI_DMA_BUF_SIZE 131072 46 #define SCSI_MAX_INQUIRY_LEN 256 47 #define SCSI_MAX_MODE_LEN 256 48 49 #define DEFAULT_DISCARD_GRANULARITY 4096 50 51 typedef struct SCSIDiskState SCSIDiskState; 52 53 typedef struct SCSIDiskReq { 54 SCSIRequest req; 55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 56 uint64_t sector; 57 uint32_t sector_count; 58 uint32_t buflen; 59 bool started; 60 struct iovec iov; 61 QEMUIOVector qiov; 62 BlockAcctCookie acct; 63 } SCSIDiskReq; 64 65 #define SCSI_DISK_F_REMOVABLE 0 66 #define SCSI_DISK_F_DPOFUA 1 67 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 68 69 struct SCSIDiskState 70 { 71 SCSIDevice qdev; 72 uint32_t features; 73 bool media_changed; 74 bool media_event; 75 bool eject_request; 76 uint64_t wwn; 77 QEMUBH *bh; 78 char *version; 79 char *serial; 80 char *vendor; 81 char *product; 82 bool tray_open; 83 bool tray_locked; 84 }; 85 86 static int scsi_handle_rw_error(SCSIDiskReq *r, int error); 87 88 static void scsi_free_request(SCSIRequest *req) 89 { 90 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 91 92 qemu_vfree(r->iov.iov_base); 93 } 94 95 /* Helper function for command completion with sense. */ 96 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 97 { 98 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 99 r->req.tag, sense.key, sense.asc, sense.ascq); 100 scsi_req_build_sense(&r->req, sense); 101 scsi_req_complete(&r->req, CHECK_CONDITION); 102 } 103 104 /* Cancel a pending data transfer. */ 105 static void scsi_cancel_io(SCSIRequest *req) 106 { 107 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 108 109 DPRINTF("Cancel tag=0x%x\n", req->tag); 110 if (r->req.aiocb) { 111 bdrv_aio_cancel(r->req.aiocb); 112 113 /* This reference was left in by scsi_*_data. We take ownership of 114 * it the moment scsi_req_cancel is called, independent of whether 115 * bdrv_aio_cancel completes the request or not. */ 116 scsi_req_unref(&r->req); 117 } 118 r->req.aiocb = NULL; 119 } 120 121 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) 122 { 123 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 124 125 if (!r->iov.iov_base) { 126 r->buflen = size; 127 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 128 } 129 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 130 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 131 return r->qiov.size / 512; 132 } 133 134 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 135 { 136 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 137 138 qemu_put_be64s(f, &r->sector); 139 qemu_put_be32s(f, &r->sector_count); 140 qemu_put_be32s(f, &r->buflen); 141 if (r->buflen) { 142 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 143 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 144 } else if (!req->retry) { 145 uint32_t len = r->iov.iov_len; 146 qemu_put_be32s(f, &len); 147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 148 } 149 } 150 } 151 152 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 153 { 154 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 155 156 qemu_get_be64s(f, &r->sector); 157 qemu_get_be32s(f, &r->sector_count); 158 qemu_get_be32s(f, &r->buflen); 159 if (r->buflen) { 160 scsi_init_iovec(r, r->buflen); 161 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 162 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 163 } else if (!r->req.retry) { 164 uint32_t len; 165 qemu_get_be32s(f, &len); 166 r->iov.iov_len = len; 167 assert(r->iov.iov_len <= r->buflen); 168 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 169 } 170 } 171 172 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 173 } 174 175 static void scsi_aio_complete(void *opaque, int ret) 176 { 177 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 178 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 179 180 assert(r->req.aiocb != NULL); 181 r->req.aiocb = NULL; 182 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 183 if (r->req.io_canceled) { 184 goto done; 185 } 186 187 if (ret < 0) { 188 if (scsi_handle_rw_error(r, -ret)) { 189 goto done; 190 } 191 } 192 193 scsi_req_complete(&r->req, GOOD); 194 195 done: 196 if (!r->req.io_canceled) { 197 scsi_req_unref(&r->req); 198 } 199 } 200 201 static bool scsi_is_cmd_fua(SCSICommand *cmd) 202 { 203 switch (cmd->buf[0]) { 204 case READ_10: 205 case READ_12: 206 case READ_16: 207 case WRITE_10: 208 case WRITE_12: 209 case WRITE_16: 210 return (cmd->buf[1] & 8) != 0; 211 212 case VERIFY_10: 213 case VERIFY_12: 214 case VERIFY_16: 215 case WRITE_VERIFY_10: 216 case WRITE_VERIFY_12: 217 case WRITE_VERIFY_16: 218 return true; 219 220 case READ_6: 221 case WRITE_6: 222 default: 223 return false; 224 } 225 } 226 227 static void scsi_write_do_fua(SCSIDiskReq *r) 228 { 229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 230 231 if (r->req.io_canceled) { 232 goto done; 233 } 234 235 if (scsi_is_cmd_fua(&r->req.cmd)) { 236 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 237 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 238 return; 239 } 240 241 scsi_req_complete(&r->req, GOOD); 242 243 done: 244 if (!r->req.io_canceled) { 245 scsi_req_unref(&r->req); 246 } 247 } 248 249 static void scsi_dma_complete_noio(void *opaque, int ret) 250 { 251 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 252 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 253 254 if (r->req.aiocb != NULL) { 255 r->req.aiocb = NULL; 256 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 257 } 258 if (r->req.io_canceled) { 259 goto done; 260 } 261 262 if (ret < 0) { 263 if (scsi_handle_rw_error(r, -ret)) { 264 goto done; 265 } 266 } 267 268 r->sector += r->sector_count; 269 r->sector_count = 0; 270 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 271 scsi_write_do_fua(r); 272 return; 273 } else { 274 scsi_req_complete(&r->req, GOOD); 275 } 276 277 done: 278 if (!r->req.io_canceled) { 279 scsi_req_unref(&r->req); 280 } 281 } 282 283 static void scsi_dma_complete(void *opaque, int ret) 284 { 285 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 286 287 assert(r->req.aiocb != NULL); 288 scsi_dma_complete_noio(opaque, ret); 289 } 290 291 static void scsi_read_complete(void * opaque, int ret) 292 { 293 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 294 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 295 int n; 296 297 assert(r->req.aiocb != NULL); 298 r->req.aiocb = NULL; 299 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 300 if (r->req.io_canceled) { 301 goto done; 302 } 303 304 if (ret < 0) { 305 if (scsi_handle_rw_error(r, -ret)) { 306 goto done; 307 } 308 } 309 310 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 311 312 n = r->qiov.size / 512; 313 r->sector += n; 314 r->sector_count -= n; 315 scsi_req_data(&r->req, r->qiov.size); 316 317 done: 318 if (!r->req.io_canceled) { 319 scsi_req_unref(&r->req); 320 } 321 } 322 323 /* Actually issue a read to the block device. */ 324 static void scsi_do_read(void *opaque, int ret) 325 { 326 SCSIDiskReq *r = opaque; 327 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 328 uint32_t n; 329 330 if (r->req.aiocb != NULL) { 331 r->req.aiocb = NULL; 332 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 333 } 334 if (r->req.io_canceled) { 335 goto done; 336 } 337 338 if (ret < 0) { 339 if (scsi_handle_rw_error(r, -ret)) { 340 goto done; 341 } 342 } 343 344 /* The request is used as the AIO opaque value, so add a ref. */ 345 scsi_req_ref(&r->req); 346 347 if (r->req.sg) { 348 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ); 349 r->req.resid -= r->req.sg->size; 350 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, 351 scsi_dma_complete, r); 352 } else { 353 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 354 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); 355 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, 356 scsi_read_complete, r); 357 } 358 359 done: 360 if (!r->req.io_canceled) { 361 scsi_req_unref(&r->req); 362 } 363 } 364 365 /* Read more data from scsi device into buffer. */ 366 static void scsi_read_data(SCSIRequest *req) 367 { 368 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 369 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 370 bool first; 371 372 DPRINTF("Read sector_count=%d\n", r->sector_count); 373 if (r->sector_count == 0) { 374 /* This also clears the sense buffer for REQUEST SENSE. */ 375 scsi_req_complete(&r->req, GOOD); 376 return; 377 } 378 379 /* No data transfer may already be in progress */ 380 assert(r->req.aiocb == NULL); 381 382 /* The request is used as the AIO opaque value, so add a ref. */ 383 scsi_req_ref(&r->req); 384 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 385 DPRINTF("Data transfer direction invalid\n"); 386 scsi_read_complete(r, -EINVAL); 387 return; 388 } 389 390 if (s->tray_open) { 391 scsi_read_complete(r, -ENOMEDIUM); 392 return; 393 } 394 395 first = !r->started; 396 r->started = true; 397 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 398 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 399 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r); 400 } else { 401 scsi_do_read(r, 0); 402 } 403 } 404 405 /* 406 * scsi_handle_rw_error has two return values. 0 means that the error 407 * must be ignored, 1 means that the error has been processed and the 408 * caller should not do anything else for this request. Note that 409 * scsi_handle_rw_error always manages its reference counts, independent 410 * of the return value. 411 */ 412 static int scsi_handle_rw_error(SCSIDiskReq *r, int error) 413 { 414 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV); 415 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 416 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error); 417 418 if (action == BDRV_ACTION_REPORT) { 419 switch (error) { 420 case ENOMEDIUM: 421 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 422 break; 423 case ENOMEM: 424 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 425 break; 426 case EINVAL: 427 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 428 break; 429 default: 430 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 431 break; 432 } 433 } 434 bdrv_error_action(s->qdev.conf.bs, action, is_read, error); 435 if (action == BDRV_ACTION_STOP) { 436 scsi_req_retry(&r->req); 437 } 438 return action != BDRV_ACTION_IGNORE; 439 } 440 441 static void scsi_write_complete(void * opaque, int ret) 442 { 443 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 444 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 445 uint32_t n; 446 447 if (r->req.aiocb != NULL) { 448 r->req.aiocb = NULL; 449 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 450 } 451 if (r->req.io_canceled) { 452 goto done; 453 } 454 455 if (ret < 0) { 456 if (scsi_handle_rw_error(r, -ret)) { 457 goto done; 458 } 459 } 460 461 n = r->qiov.size / 512; 462 r->sector += n; 463 r->sector_count -= n; 464 if (r->sector_count == 0) { 465 scsi_write_do_fua(r); 466 return; 467 } else { 468 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 469 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 470 scsi_req_data(&r->req, r->qiov.size); 471 } 472 473 done: 474 if (!r->req.io_canceled) { 475 scsi_req_unref(&r->req); 476 } 477 } 478 479 static void scsi_write_data(SCSIRequest *req) 480 { 481 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 482 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 483 uint32_t n; 484 485 /* No data transfer may already be in progress */ 486 assert(r->req.aiocb == NULL); 487 488 /* The request is used as the AIO opaque value, so add a ref. */ 489 scsi_req_ref(&r->req); 490 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 491 DPRINTF("Data transfer direction invalid\n"); 492 scsi_write_complete(r, -EINVAL); 493 return; 494 } 495 496 if (!r->req.sg && !r->qiov.size) { 497 /* Called for the first time. Ask the driver to send us more data. */ 498 r->started = true; 499 scsi_write_complete(r, 0); 500 return; 501 } 502 if (s->tray_open) { 503 scsi_write_complete(r, -ENOMEDIUM); 504 return; 505 } 506 507 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 508 r->req.cmd.buf[0] == VERIFY_16) { 509 if (r->req.sg) { 510 scsi_dma_complete_noio(r, 0); 511 } else { 512 scsi_write_complete(r, 0); 513 } 514 return; 515 } 516 517 if (r->req.sg) { 518 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE); 519 r->req.resid -= r->req.sg->size; 520 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, 521 scsi_dma_complete, r); 522 } else { 523 n = r->qiov.size / 512; 524 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE); 525 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, 526 scsi_write_complete, r); 527 } 528 } 529 530 /* Return a pointer to the data buffer. */ 531 static uint8_t *scsi_get_buf(SCSIRequest *req) 532 { 533 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 534 535 return (uint8_t *)r->iov.iov_base; 536 } 537 538 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 539 { 540 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 541 int buflen = 0; 542 int start; 543 544 if (req->cmd.buf[1] & 0x1) { 545 /* Vital product data */ 546 uint8_t page_code = req->cmd.buf[2]; 547 548 outbuf[buflen++] = s->qdev.type & 0x1f; 549 outbuf[buflen++] = page_code ; // this page 550 outbuf[buflen++] = 0x00; 551 outbuf[buflen++] = 0x00; 552 start = buflen; 553 554 switch (page_code) { 555 case 0x00: /* Supported page codes, mandatory */ 556 { 557 DPRINTF("Inquiry EVPD[Supported pages] " 558 "buffer size %zd\n", req->cmd.xfer); 559 outbuf[buflen++] = 0x00; // list of supported pages (this page) 560 if (s->serial) { 561 outbuf[buflen++] = 0x80; // unit serial number 562 } 563 outbuf[buflen++] = 0x83; // device identification 564 if (s->qdev.type == TYPE_DISK) { 565 outbuf[buflen++] = 0xb0; // block limits 566 outbuf[buflen++] = 0xb2; // thin provisioning 567 } 568 break; 569 } 570 case 0x80: /* Device serial number, optional */ 571 { 572 int l; 573 574 if (!s->serial) { 575 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 576 return -1; 577 } 578 579 l = strlen(s->serial); 580 if (l > 20) { 581 l = 20; 582 } 583 584 DPRINTF("Inquiry EVPD[Serial number] " 585 "buffer size %zd\n", req->cmd.xfer); 586 memcpy(outbuf+buflen, s->serial, l); 587 buflen += l; 588 break; 589 } 590 591 case 0x83: /* Device identification page, mandatory */ 592 { 593 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs); 594 int max_len = s->serial ? 20 : 255 - 8; 595 int id_len = strlen(str); 596 597 if (id_len > max_len) { 598 id_len = max_len; 599 } 600 DPRINTF("Inquiry EVPD[Device identification] " 601 "buffer size %zd\n", req->cmd.xfer); 602 603 outbuf[buflen++] = 0x2; // ASCII 604 outbuf[buflen++] = 0; // not officially assigned 605 outbuf[buflen++] = 0; // reserved 606 outbuf[buflen++] = id_len; // length of data following 607 memcpy(outbuf+buflen, str, id_len); 608 buflen += id_len; 609 610 if (s->wwn) { 611 outbuf[buflen++] = 0x1; // Binary 612 outbuf[buflen++] = 0x3; // NAA 613 outbuf[buflen++] = 0; // reserved 614 outbuf[buflen++] = 8; 615 stq_be_p(&outbuf[buflen], s->wwn); 616 buflen += 8; 617 } 618 break; 619 } 620 case 0xb0: /* block limits */ 621 { 622 unsigned int unmap_sectors = 623 s->qdev.conf.discard_granularity / s->qdev.blocksize; 624 unsigned int min_io_size = 625 s->qdev.conf.min_io_size / s->qdev.blocksize; 626 unsigned int opt_io_size = 627 s->qdev.conf.opt_io_size / s->qdev.blocksize; 628 629 if (s->qdev.type == TYPE_ROM) { 630 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 631 page_code); 632 return -1; 633 } 634 /* required VPD size with unmap support */ 635 buflen = 0x40; 636 memset(outbuf + 4, 0, buflen - 4); 637 638 outbuf[4] = 0x1; /* wsnz */ 639 640 /* optimal transfer length granularity */ 641 outbuf[6] = (min_io_size >> 8) & 0xff; 642 outbuf[7] = min_io_size & 0xff; 643 644 /* optimal transfer length */ 645 outbuf[12] = (opt_io_size >> 24) & 0xff; 646 outbuf[13] = (opt_io_size >> 16) & 0xff; 647 outbuf[14] = (opt_io_size >> 8) & 0xff; 648 outbuf[15] = opt_io_size & 0xff; 649 650 /* optimal unmap granularity */ 651 outbuf[28] = (unmap_sectors >> 24) & 0xff; 652 outbuf[29] = (unmap_sectors >> 16) & 0xff; 653 outbuf[30] = (unmap_sectors >> 8) & 0xff; 654 outbuf[31] = unmap_sectors & 0xff; 655 break; 656 } 657 case 0xb2: /* thin provisioning */ 658 { 659 buflen = 8; 660 outbuf[4] = 0; 661 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 662 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 663 outbuf[7] = 0; 664 break; 665 } 666 default: 667 return -1; 668 } 669 /* done with EVPD */ 670 assert(buflen - start <= 255); 671 outbuf[start - 1] = buflen - start; 672 return buflen; 673 } 674 675 /* Standard INQUIRY data */ 676 if (req->cmd.buf[2] != 0) { 677 return -1; 678 } 679 680 /* PAGE CODE == 0 */ 681 buflen = req->cmd.xfer; 682 if (buflen > SCSI_MAX_INQUIRY_LEN) { 683 buflen = SCSI_MAX_INQUIRY_LEN; 684 } 685 686 outbuf[0] = s->qdev.type & 0x1f; 687 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 688 689 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 690 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 691 692 memset(&outbuf[32], 0, 4); 693 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 694 /* 695 * We claim conformance to SPC-3, which is required for guests 696 * to ask for modern features like READ CAPACITY(16) or the 697 * block characteristics VPD page by default. Not all of SPC-3 698 * is actually implemented, but we're good enough. 699 */ 700 outbuf[2] = 5; 701 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 702 703 if (buflen > 36) { 704 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 705 } else { 706 /* If the allocation length of CDB is too small, 707 the additional length is not adjusted */ 708 outbuf[4] = 36 - 5; 709 } 710 711 /* Sync data transfer and TCQ. */ 712 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 713 return buflen; 714 } 715 716 static inline bool media_is_dvd(SCSIDiskState *s) 717 { 718 uint64_t nb_sectors; 719 if (s->qdev.type != TYPE_ROM) { 720 return false; 721 } 722 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 723 return false; 724 } 725 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 726 return nb_sectors > CD_MAX_SECTORS; 727 } 728 729 static inline bool media_is_cd(SCSIDiskState *s) 730 { 731 uint64_t nb_sectors; 732 if (s->qdev.type != TYPE_ROM) { 733 return false; 734 } 735 if (!bdrv_is_inserted(s->qdev.conf.bs)) { 736 return false; 737 } 738 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 739 return nb_sectors <= CD_MAX_SECTORS; 740 } 741 742 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 743 uint8_t *outbuf) 744 { 745 uint8_t type = r->req.cmd.buf[1] & 7; 746 747 if (s->qdev.type != TYPE_ROM) { 748 return -1; 749 } 750 751 /* Types 1/2 are only defined for Blu-Ray. */ 752 if (type != 0) { 753 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 754 return -1; 755 } 756 757 memset(outbuf, 0, 34); 758 outbuf[1] = 32; 759 outbuf[2] = 0xe; /* last session complete, disc finalized */ 760 outbuf[3] = 1; /* first track on disc */ 761 outbuf[4] = 1; /* # of sessions */ 762 outbuf[5] = 1; /* first track of last session */ 763 outbuf[6] = 1; /* last track of last session */ 764 outbuf[7] = 0x20; /* unrestricted use */ 765 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 766 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 767 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 768 /* 24-31: disc bar code */ 769 /* 32: disc application code */ 770 /* 33: number of OPC tables */ 771 772 return 34; 773 } 774 775 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 776 uint8_t *outbuf) 777 { 778 static const int rds_caps_size[5] = { 779 [0] = 2048 + 4, 780 [1] = 4 + 4, 781 [3] = 188 + 4, 782 [4] = 2048 + 4, 783 }; 784 785 uint8_t media = r->req.cmd.buf[1]; 786 uint8_t layer = r->req.cmd.buf[6]; 787 uint8_t format = r->req.cmd.buf[7]; 788 int size = -1; 789 790 if (s->qdev.type != TYPE_ROM) { 791 return -1; 792 } 793 if (media != 0) { 794 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 795 return -1; 796 } 797 798 if (format != 0xff) { 799 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 800 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 801 return -1; 802 } 803 if (media_is_cd(s)) { 804 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 805 return -1; 806 } 807 if (format >= ARRAY_SIZE(rds_caps_size)) { 808 return -1; 809 } 810 size = rds_caps_size[format]; 811 memset(outbuf, 0, size); 812 } 813 814 switch (format) { 815 case 0x00: { 816 /* Physical format information */ 817 uint64_t nb_sectors; 818 if (layer != 0) { 819 goto fail; 820 } 821 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 822 823 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 824 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 825 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 826 outbuf[7] = 0; /* default densities */ 827 828 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 829 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 830 break; 831 } 832 833 case 0x01: /* DVD copyright information, all zeros */ 834 break; 835 836 case 0x03: /* BCA information - invalid field for no BCA info */ 837 return -1; 838 839 case 0x04: /* DVD disc manufacturing information, all zeros */ 840 break; 841 842 case 0xff: { /* List capabilities */ 843 int i; 844 size = 4; 845 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 846 if (!rds_caps_size[i]) { 847 continue; 848 } 849 outbuf[size] = i; 850 outbuf[size + 1] = 0x40; /* Not writable, readable */ 851 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 852 size += 4; 853 } 854 break; 855 } 856 857 default: 858 return -1; 859 } 860 861 /* Size of buffer, not including 2 byte size field */ 862 stw_be_p(outbuf, size - 2); 863 return size; 864 865 fail: 866 return -1; 867 } 868 869 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 870 { 871 uint8_t event_code, media_status; 872 873 media_status = 0; 874 if (s->tray_open) { 875 media_status = MS_TRAY_OPEN; 876 } else if (bdrv_is_inserted(s->qdev.conf.bs)) { 877 media_status = MS_MEDIA_PRESENT; 878 } 879 880 /* Event notification descriptor */ 881 event_code = MEC_NO_CHANGE; 882 if (media_status != MS_TRAY_OPEN) { 883 if (s->media_event) { 884 event_code = MEC_NEW_MEDIA; 885 s->media_event = false; 886 } else if (s->eject_request) { 887 event_code = MEC_EJECT_REQUESTED; 888 s->eject_request = false; 889 } 890 } 891 892 outbuf[0] = event_code; 893 outbuf[1] = media_status; 894 895 /* These fields are reserved, just clear them. */ 896 outbuf[2] = 0; 897 outbuf[3] = 0; 898 return 4; 899 } 900 901 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 902 uint8_t *outbuf) 903 { 904 int size; 905 uint8_t *buf = r->req.cmd.buf; 906 uint8_t notification_class_request = buf[4]; 907 if (s->qdev.type != TYPE_ROM) { 908 return -1; 909 } 910 if ((buf[1] & 1) == 0) { 911 /* asynchronous */ 912 return -1; 913 } 914 915 size = 4; 916 outbuf[0] = outbuf[1] = 0; 917 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 918 if (notification_class_request & (1 << GESN_MEDIA)) { 919 outbuf[2] = GESN_MEDIA; 920 size += scsi_event_status_media(s, &outbuf[size]); 921 } else { 922 outbuf[2] = 0x80; 923 } 924 stw_be_p(outbuf, size - 4); 925 return size; 926 } 927 928 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 929 { 930 int current; 931 932 if (s->qdev.type != TYPE_ROM) { 933 return -1; 934 } 935 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM; 936 memset(outbuf, 0, 40); 937 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 938 stw_be_p(&outbuf[6], current); 939 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 940 outbuf[10] = 0x03; /* persistent, current */ 941 outbuf[11] = 8; /* two profiles */ 942 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 943 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 944 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 945 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 946 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 947 stw_be_p(&outbuf[20], 1); 948 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 949 outbuf[23] = 8; 950 stl_be_p(&outbuf[24], 1); /* SCSI */ 951 outbuf[28] = 1; /* DBE = 1, mandatory */ 952 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 953 stw_be_p(&outbuf[32], 3); 954 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 955 outbuf[35] = 4; 956 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 957 /* TODO: Random readable, CD read, DVD read, drive serial number, 958 power management */ 959 return 40; 960 } 961 962 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 963 { 964 if (s->qdev.type != TYPE_ROM) { 965 return -1; 966 } 967 memset(outbuf, 0, 8); 968 outbuf[5] = 1; /* CD-ROM */ 969 return 8; 970 } 971 972 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 973 int page_control) 974 { 975 static const int mode_sense_valid[0x3f] = { 976 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 977 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 978 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 979 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 980 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 981 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 982 }; 983 984 uint8_t *p = *p_outbuf + 2; 985 int length; 986 987 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 988 return -1; 989 } 990 991 /* 992 * If Changeable Values are requested, a mask denoting those mode parameters 993 * that are changeable shall be returned. As we currently don't support 994 * parameter changes via MODE_SELECT all bits are returned set to zero. 995 * The buffer was already menset to zero by the caller of this function. 996 * 997 * The offsets here are off by two compared to the descriptions in the 998 * SCSI specs, because those include a 2-byte header. This is unfortunate, 999 * but it is done so that offsets are consistent within our implementation 1000 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1001 * 2-byte and 4-byte headers. 1002 */ 1003 switch (page) { 1004 case MODE_PAGE_HD_GEOMETRY: 1005 length = 0x16; 1006 if (page_control == 1) { /* Changeable Values */ 1007 break; 1008 } 1009 /* if a geometry hint is available, use it */ 1010 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1011 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1012 p[2] = s->qdev.conf.cyls & 0xff; 1013 p[3] = s->qdev.conf.heads & 0xff; 1014 /* Write precomp start cylinder, disabled */ 1015 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1016 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1017 p[6] = s->qdev.conf.cyls & 0xff; 1018 /* Reduced current start cylinder, disabled */ 1019 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1020 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1021 p[9] = s->qdev.conf.cyls & 0xff; 1022 /* Device step rate [ns], 200ns */ 1023 p[10] = 0; 1024 p[11] = 200; 1025 /* Landing zone cylinder */ 1026 p[12] = 0xff; 1027 p[13] = 0xff; 1028 p[14] = 0xff; 1029 /* Medium rotation rate [rpm], 5400 rpm */ 1030 p[18] = (5400 >> 8) & 0xff; 1031 p[19] = 5400 & 0xff; 1032 break; 1033 1034 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1035 length = 0x1e; 1036 if (page_control == 1) { /* Changeable Values */ 1037 break; 1038 } 1039 /* Transfer rate [kbit/s], 5Mbit/s */ 1040 p[0] = 5000 >> 8; 1041 p[1] = 5000 & 0xff; 1042 /* if a geometry hint is available, use it */ 1043 p[2] = s->qdev.conf.heads & 0xff; 1044 p[3] = s->qdev.conf.secs & 0xff; 1045 p[4] = s->qdev.blocksize >> 8; 1046 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1047 p[7] = s->qdev.conf.cyls & 0xff; 1048 /* Write precomp start cylinder, disabled */ 1049 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1050 p[9] = s->qdev.conf.cyls & 0xff; 1051 /* Reduced current start cylinder, disabled */ 1052 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1053 p[11] = s->qdev.conf.cyls & 0xff; 1054 /* Device step rate [100us], 100us */ 1055 p[12] = 0; 1056 p[13] = 1; 1057 /* Device step pulse width [us], 1us */ 1058 p[14] = 1; 1059 /* Device head settle delay [100us], 100us */ 1060 p[15] = 0; 1061 p[16] = 1; 1062 /* Motor on delay [0.1s], 0.1s */ 1063 p[17] = 1; 1064 /* Motor off delay [0.1s], 0.1s */ 1065 p[18] = 1; 1066 /* Medium rotation rate [rpm], 5400 rpm */ 1067 p[26] = (5400 >> 8) & 0xff; 1068 p[27] = 5400 & 0xff; 1069 break; 1070 1071 case MODE_PAGE_CACHING: 1072 length = 0x12; 1073 if (page_control == 1 || /* Changeable Values */ 1074 bdrv_enable_write_cache(s->qdev.conf.bs)) { 1075 p[0] = 4; /* WCE */ 1076 } 1077 break; 1078 1079 case MODE_PAGE_R_W_ERROR: 1080 length = 10; 1081 if (page_control == 1) { /* Changeable Values */ 1082 break; 1083 } 1084 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1085 if (s->qdev.type == TYPE_ROM) { 1086 p[1] = 0x20; /* Read Retry Count */ 1087 } 1088 break; 1089 1090 case MODE_PAGE_AUDIO_CTL: 1091 length = 14; 1092 break; 1093 1094 case MODE_PAGE_CAPABILITIES: 1095 length = 0x14; 1096 if (page_control == 1) { /* Changeable Values */ 1097 break; 1098 } 1099 1100 p[0] = 0x3b; /* CD-R & CD-RW read */ 1101 p[1] = 0; /* Writing not supported */ 1102 p[2] = 0x7f; /* Audio, composite, digital out, 1103 mode 2 form 1&2, multi session */ 1104 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1105 RW corrected, C2 errors, ISRC, 1106 UPC, Bar code */ 1107 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1108 /* Locking supported, jumper present, eject, tray */ 1109 p[5] = 0; /* no volume & mute control, no 1110 changer */ 1111 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1112 p[7] = (50 * 176) & 0xff; 1113 p[8] = 2 >> 8; /* Two volume levels */ 1114 p[9] = 2 & 0xff; 1115 p[10] = 2048 >> 8; /* 2M buffer */ 1116 p[11] = 2048 & 0xff; 1117 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1118 p[13] = (16 * 176) & 0xff; 1119 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1120 p[17] = (16 * 176) & 0xff; 1121 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1122 p[19] = (16 * 176) & 0xff; 1123 break; 1124 1125 default: 1126 return -1; 1127 } 1128 1129 assert(length < 256); 1130 (*p_outbuf)[0] = page; 1131 (*p_outbuf)[1] = length; 1132 *p_outbuf += length + 2; 1133 return length + 2; 1134 } 1135 1136 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1137 { 1138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1139 uint64_t nb_sectors; 1140 bool dbd; 1141 int page, buflen, ret, page_control; 1142 uint8_t *p; 1143 uint8_t dev_specific_param; 1144 1145 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1146 page = r->req.cmd.buf[2] & 0x3f; 1147 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1148 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1149 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1150 memset(outbuf, 0, r->req.cmd.xfer); 1151 p = outbuf; 1152 1153 if (s->qdev.type == TYPE_DISK) { 1154 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1155 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1156 dev_specific_param |= 0x80; /* Readonly. */ 1157 } 1158 } else { 1159 /* MMC prescribes that CD/DVD drives have no block descriptors, 1160 * and defines no device-specific parameter. */ 1161 dev_specific_param = 0x00; 1162 dbd = true; 1163 } 1164 1165 if (r->req.cmd.buf[0] == MODE_SENSE) { 1166 p[1] = 0; /* Default media type. */ 1167 p[2] = dev_specific_param; 1168 p[3] = 0; /* Block descriptor length. */ 1169 p += 4; 1170 } else { /* MODE_SENSE_10 */ 1171 p[2] = 0; /* Default media type. */ 1172 p[3] = dev_specific_param; 1173 p[6] = p[7] = 0; /* Block descriptor length. */ 1174 p += 8; 1175 } 1176 1177 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1178 if (!dbd && nb_sectors) { 1179 if (r->req.cmd.buf[0] == MODE_SENSE) { 1180 outbuf[3] = 8; /* Block descriptor length */ 1181 } else { /* MODE_SENSE_10 */ 1182 outbuf[7] = 8; /* Block descriptor length */ 1183 } 1184 nb_sectors /= (s->qdev.blocksize / 512); 1185 if (nb_sectors > 0xffffff) { 1186 nb_sectors = 0; 1187 } 1188 p[0] = 0; /* media density code */ 1189 p[1] = (nb_sectors >> 16) & 0xff; 1190 p[2] = (nb_sectors >> 8) & 0xff; 1191 p[3] = nb_sectors & 0xff; 1192 p[4] = 0; /* reserved */ 1193 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1194 p[6] = s->qdev.blocksize >> 8; 1195 p[7] = 0; 1196 p += 8; 1197 } 1198 1199 if (page_control == 3) { 1200 /* Saved Values */ 1201 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1202 return -1; 1203 } 1204 1205 if (page == 0x3f) { 1206 for (page = 0; page <= 0x3e; page++) { 1207 mode_sense_page(s, page, &p, page_control); 1208 } 1209 } else { 1210 ret = mode_sense_page(s, page, &p, page_control); 1211 if (ret == -1) { 1212 return -1; 1213 } 1214 } 1215 1216 buflen = p - outbuf; 1217 /* 1218 * The mode data length field specifies the length in bytes of the 1219 * following data that is available to be transferred. The mode data 1220 * length does not include itself. 1221 */ 1222 if (r->req.cmd.buf[0] == MODE_SENSE) { 1223 outbuf[0] = buflen - 1; 1224 } else { /* MODE_SENSE_10 */ 1225 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1226 outbuf[1] = (buflen - 2) & 0xff; 1227 } 1228 return buflen; 1229 } 1230 1231 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1232 { 1233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1234 int start_track, format, msf, toclen; 1235 uint64_t nb_sectors; 1236 1237 msf = req->cmd.buf[1] & 2; 1238 format = req->cmd.buf[2] & 0xf; 1239 start_track = req->cmd.buf[6]; 1240 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1241 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1242 nb_sectors /= s->qdev.blocksize / 512; 1243 switch (format) { 1244 case 0: 1245 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1246 break; 1247 case 1: 1248 /* multi session : only a single session defined */ 1249 toclen = 12; 1250 memset(outbuf, 0, 12); 1251 outbuf[1] = 0x0a; 1252 outbuf[2] = 0x01; 1253 outbuf[3] = 0x01; 1254 break; 1255 case 2: 1256 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1257 break; 1258 default: 1259 return -1; 1260 } 1261 return toclen; 1262 } 1263 1264 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1265 { 1266 SCSIRequest *req = &r->req; 1267 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1268 bool start = req->cmd.buf[4] & 1; 1269 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1270 int pwrcnd = req->cmd.buf[4] & 0xf0; 1271 1272 if (pwrcnd) { 1273 /* eject/load only happens for power condition == 0 */ 1274 return 0; 1275 } 1276 1277 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1278 if (!start && !s->tray_open && s->tray_locked) { 1279 scsi_check_condition(r, 1280 bdrv_is_inserted(s->qdev.conf.bs) 1281 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1282 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1283 return -1; 1284 } 1285 1286 if (s->tray_open != !start) { 1287 bdrv_eject(s->qdev.conf.bs, !start); 1288 s->tray_open = !start; 1289 } 1290 } 1291 return 0; 1292 } 1293 1294 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1295 { 1296 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1297 int buflen = r->iov.iov_len; 1298 1299 if (buflen) { 1300 DPRINTF("Read buf_len=%d\n", buflen); 1301 r->iov.iov_len = 0; 1302 r->started = true; 1303 scsi_req_data(&r->req, buflen); 1304 return; 1305 } 1306 1307 /* This also clears the sense buffer for REQUEST SENSE. */ 1308 scsi_req_complete(&r->req, GOOD); 1309 } 1310 1311 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1312 uint8_t *inbuf, int inlen) 1313 { 1314 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1315 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1316 uint8_t *p; 1317 int len, expected_len, changeable_len, i; 1318 1319 /* The input buffer does not include the page header, so it is 1320 * off by 2 bytes. 1321 */ 1322 expected_len = inlen + 2; 1323 if (expected_len > SCSI_MAX_MODE_LEN) { 1324 return -1; 1325 } 1326 1327 p = mode_current; 1328 memset(mode_current, 0, inlen + 2); 1329 len = mode_sense_page(s, page, &p, 0); 1330 if (len < 0 || len != expected_len) { 1331 return -1; 1332 } 1333 1334 p = mode_changeable; 1335 memset(mode_changeable, 0, inlen + 2); 1336 changeable_len = mode_sense_page(s, page, &p, 1); 1337 assert(changeable_len == len); 1338 1339 /* Check that unchangeable bits are the same as what MODE SENSE 1340 * would return. 1341 */ 1342 for (i = 2; i < len; i++) { 1343 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1344 return -1; 1345 } 1346 } 1347 return 0; 1348 } 1349 1350 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1351 { 1352 switch (page) { 1353 case MODE_PAGE_CACHING: 1354 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0); 1355 break; 1356 1357 default: 1358 break; 1359 } 1360 } 1361 1362 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1363 { 1364 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1365 1366 while (len > 0) { 1367 int page, subpage, page_len; 1368 1369 /* Parse both possible formats for the mode page headers. */ 1370 page = p[0] & 0x3f; 1371 if (p[0] & 0x40) { 1372 if (len < 4) { 1373 goto invalid_param_len; 1374 } 1375 subpage = p[1]; 1376 page_len = lduw_be_p(&p[2]); 1377 p += 4; 1378 len -= 4; 1379 } else { 1380 if (len < 2) { 1381 goto invalid_param_len; 1382 } 1383 subpage = 0; 1384 page_len = p[1]; 1385 p += 2; 1386 len -= 2; 1387 } 1388 1389 if (subpage) { 1390 goto invalid_param; 1391 } 1392 if (page_len > len) { 1393 goto invalid_param_len; 1394 } 1395 1396 if (!change) { 1397 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1398 goto invalid_param; 1399 } 1400 } else { 1401 scsi_disk_apply_mode_select(s, page, p); 1402 } 1403 1404 p += page_len; 1405 len -= page_len; 1406 } 1407 return 0; 1408 1409 invalid_param: 1410 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1411 return -1; 1412 1413 invalid_param_len: 1414 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1415 return -1; 1416 } 1417 1418 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1419 { 1420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1421 uint8_t *p = inbuf; 1422 int cmd = r->req.cmd.buf[0]; 1423 int len = r->req.cmd.xfer; 1424 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1425 int bd_len; 1426 int pass; 1427 1428 /* We only support PF=1, SP=0. */ 1429 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1430 goto invalid_field; 1431 } 1432 1433 if (len < hdr_len) { 1434 goto invalid_param_len; 1435 } 1436 1437 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1438 len -= hdr_len; 1439 p += hdr_len; 1440 if (len < bd_len) { 1441 goto invalid_param_len; 1442 } 1443 if (bd_len != 0 && bd_len != 8) { 1444 goto invalid_param; 1445 } 1446 1447 len -= bd_len; 1448 p += bd_len; 1449 1450 /* Ensure no change is made if there is an error! */ 1451 for (pass = 0; pass < 2; pass++) { 1452 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1453 assert(pass == 0); 1454 return; 1455 } 1456 } 1457 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) { 1458 /* The request is used as the AIO opaque value, so add a ref. */ 1459 scsi_req_ref(&r->req); 1460 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1461 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1462 return; 1463 } 1464 1465 scsi_req_complete(&r->req, GOOD); 1466 return; 1467 1468 invalid_param: 1469 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1470 return; 1471 1472 invalid_param_len: 1473 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1474 return; 1475 1476 invalid_field: 1477 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1478 } 1479 1480 static inline bool check_lba_range(SCSIDiskState *s, 1481 uint64_t sector_num, uint32_t nb_sectors) 1482 { 1483 /* 1484 * The first line tests that no overflow happens when computing the last 1485 * sector. The second line tests that the last accessed sector is in 1486 * range. 1487 * 1488 * Careful, the computations should not underflow for nb_sectors == 0, 1489 * and a 0-block read to the first LBA beyond the end of device is 1490 * valid. 1491 */ 1492 return (sector_num <= sector_num + nb_sectors && 1493 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1494 } 1495 1496 typedef struct UnmapCBData { 1497 SCSIDiskReq *r; 1498 uint8_t *inbuf; 1499 int count; 1500 } UnmapCBData; 1501 1502 static void scsi_unmap_complete(void *opaque, int ret) 1503 { 1504 UnmapCBData *data = opaque; 1505 SCSIDiskReq *r = data->r; 1506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1507 uint64_t sector_num; 1508 uint32_t nb_sectors; 1509 1510 r->req.aiocb = NULL; 1511 if (r->req.io_canceled) { 1512 goto done; 1513 } 1514 1515 if (ret < 0) { 1516 if (scsi_handle_rw_error(r, -ret)) { 1517 goto done; 1518 } 1519 } 1520 1521 if (data->count > 0) { 1522 sector_num = ldq_be_p(&data->inbuf[0]); 1523 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1524 if (!check_lba_range(s, sector_num, nb_sectors)) { 1525 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1526 goto done; 1527 } 1528 1529 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, 1530 sector_num * (s->qdev.blocksize / 512), 1531 nb_sectors * (s->qdev.blocksize / 512), 1532 scsi_unmap_complete, data); 1533 data->count--; 1534 data->inbuf += 16; 1535 return; 1536 } 1537 1538 scsi_req_complete(&r->req, GOOD); 1539 1540 done: 1541 if (!r->req.io_canceled) { 1542 scsi_req_unref(&r->req); 1543 } 1544 g_free(data); 1545 } 1546 1547 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1548 { 1549 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1550 uint8_t *p = inbuf; 1551 int len = r->req.cmd.xfer; 1552 UnmapCBData *data; 1553 1554 /* Reject ANCHOR=1. */ 1555 if (r->req.cmd.buf[1] & 0x1) { 1556 goto invalid_field; 1557 } 1558 1559 if (len < 8) { 1560 goto invalid_param_len; 1561 } 1562 if (len < lduw_be_p(&p[0]) + 2) { 1563 goto invalid_param_len; 1564 } 1565 if (len < lduw_be_p(&p[2]) + 8) { 1566 goto invalid_param_len; 1567 } 1568 if (lduw_be_p(&p[2]) & 15) { 1569 goto invalid_param_len; 1570 } 1571 1572 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1573 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1574 return; 1575 } 1576 1577 data = g_new0(UnmapCBData, 1); 1578 data->r = r; 1579 data->inbuf = &p[8]; 1580 data->count = lduw_be_p(&p[2]) >> 4; 1581 1582 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1583 scsi_req_ref(&r->req); 1584 scsi_unmap_complete(data, 0); 1585 return; 1586 1587 invalid_param_len: 1588 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1589 return; 1590 1591 invalid_field: 1592 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1593 } 1594 1595 typedef struct WriteSameCBData { 1596 SCSIDiskReq *r; 1597 int64_t sector; 1598 int nb_sectors; 1599 QEMUIOVector qiov; 1600 struct iovec iov; 1601 } WriteSameCBData; 1602 1603 static void scsi_write_same_complete(void *opaque, int ret) 1604 { 1605 WriteSameCBData *data = opaque; 1606 SCSIDiskReq *r = data->r; 1607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1608 1609 assert(r->req.aiocb != NULL); 1610 r->req.aiocb = NULL; 1611 bdrv_acct_done(s->qdev.conf.bs, &r->acct); 1612 if (r->req.io_canceled) { 1613 goto done; 1614 } 1615 1616 if (ret < 0) { 1617 if (scsi_handle_rw_error(r, -ret)) { 1618 goto done; 1619 } 1620 } 1621 1622 data->nb_sectors -= data->iov.iov_len / 512; 1623 data->sector += data->iov.iov_len / 512; 1624 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1625 if (data->iov.iov_len) { 1626 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); 1627 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1628 &data->qiov, data->iov.iov_len / 512, 1629 scsi_write_same_complete, r); 1630 return; 1631 } 1632 1633 scsi_req_complete(&r->req, GOOD); 1634 1635 done: 1636 if (!r->req.io_canceled) { 1637 scsi_req_unref(&r->req); 1638 } 1639 qemu_vfree(data->iov.iov_base); 1640 g_free(data); 1641 } 1642 1643 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1644 { 1645 SCSIRequest *req = &r->req; 1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1647 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); 1648 WriteSameCBData *data; 1649 uint8_t *buf; 1650 int i; 1651 1652 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1653 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1654 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1655 return; 1656 } 1657 1658 if (bdrv_is_read_only(s->qdev.conf.bs)) { 1659 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1660 return; 1661 } 1662 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1663 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1664 return; 1665 } 1666 1667 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1668 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1669 1670 /* The request is used as the AIO opaque value, so add a ref. */ 1671 scsi_req_ref(&r->req); 1672 bdrv_acct_start(s->qdev.conf.bs, &r->acct, nb_sectors * s->qdev.blocksize, 1673 BDRV_ACCT_WRITE); 1674 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs, 1675 r->req.cmd.lba * (s->qdev.blocksize / 512), 1676 nb_sectors * (s->qdev.blocksize / 512), 1677 flags, scsi_aio_complete, r); 1678 return; 1679 } 1680 1681 data = g_new0(WriteSameCBData, 1); 1682 data->r = r; 1683 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1684 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1685 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1686 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len); 1687 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1688 1689 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1690 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1691 } 1692 1693 scsi_req_ref(&r->req); 1694 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); 1695 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, 1696 &data->qiov, data->iov.iov_len / 512, 1697 scsi_write_same_complete, data); 1698 } 1699 1700 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1701 { 1702 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1703 1704 if (r->iov.iov_len) { 1705 int buflen = r->iov.iov_len; 1706 DPRINTF("Write buf_len=%d\n", buflen); 1707 r->iov.iov_len = 0; 1708 scsi_req_data(&r->req, buflen); 1709 return; 1710 } 1711 1712 switch (req->cmd.buf[0]) { 1713 case MODE_SELECT: 1714 case MODE_SELECT_10: 1715 /* This also clears the sense buffer for REQUEST SENSE. */ 1716 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1717 break; 1718 1719 case UNMAP: 1720 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1721 break; 1722 1723 case WRITE_SAME_10: 1724 case WRITE_SAME_16: 1725 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1726 break; 1727 default: 1728 abort(); 1729 } 1730 } 1731 1732 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1733 { 1734 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1735 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1736 uint64_t nb_sectors; 1737 uint8_t *outbuf; 1738 int buflen; 1739 1740 switch (req->cmd.buf[0]) { 1741 case INQUIRY: 1742 case MODE_SENSE: 1743 case MODE_SENSE_10: 1744 case RESERVE: 1745 case RESERVE_10: 1746 case RELEASE: 1747 case RELEASE_10: 1748 case START_STOP: 1749 case ALLOW_MEDIUM_REMOVAL: 1750 case GET_CONFIGURATION: 1751 case GET_EVENT_STATUS_NOTIFICATION: 1752 case MECHANISM_STATUS: 1753 case REQUEST_SENSE: 1754 break; 1755 1756 default: 1757 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 1758 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1759 return 0; 1760 } 1761 break; 1762 } 1763 1764 /* 1765 * FIXME: we shouldn't return anything bigger than 4k, but the code 1766 * requires the buffer to be as big as req->cmd.xfer in several 1767 * places. So, do not allow CDBs with a very large ALLOCATION 1768 * LENGTH. The real fix would be to modify scsi_read_data and 1769 * dma_buf_read, so that they return data beyond the buflen 1770 * as all zeros. 1771 */ 1772 if (req->cmd.xfer > 65536) { 1773 goto illegal_request; 1774 } 1775 r->buflen = MAX(4096, req->cmd.xfer); 1776 1777 if (!r->iov.iov_base) { 1778 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); 1779 } 1780 1781 buflen = req->cmd.xfer; 1782 outbuf = r->iov.iov_base; 1783 memset(outbuf, 0, r->buflen); 1784 switch (req->cmd.buf[0]) { 1785 case TEST_UNIT_READY: 1786 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs)); 1787 break; 1788 case INQUIRY: 1789 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1790 if (buflen < 0) { 1791 goto illegal_request; 1792 } 1793 break; 1794 case MODE_SENSE: 1795 case MODE_SENSE_10: 1796 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1797 if (buflen < 0) { 1798 goto illegal_request; 1799 } 1800 break; 1801 case READ_TOC: 1802 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1803 if (buflen < 0) { 1804 goto illegal_request; 1805 } 1806 break; 1807 case RESERVE: 1808 if (req->cmd.buf[1] & 1) { 1809 goto illegal_request; 1810 } 1811 break; 1812 case RESERVE_10: 1813 if (req->cmd.buf[1] & 3) { 1814 goto illegal_request; 1815 } 1816 break; 1817 case RELEASE: 1818 if (req->cmd.buf[1] & 1) { 1819 goto illegal_request; 1820 } 1821 break; 1822 case RELEASE_10: 1823 if (req->cmd.buf[1] & 3) { 1824 goto illegal_request; 1825 } 1826 break; 1827 case START_STOP: 1828 if (scsi_disk_emulate_start_stop(r) < 0) { 1829 return 0; 1830 } 1831 break; 1832 case ALLOW_MEDIUM_REMOVAL: 1833 s->tray_locked = req->cmd.buf[4] & 1; 1834 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1); 1835 break; 1836 case READ_CAPACITY_10: 1837 /* The normal LEN field for this command is zero. */ 1838 memset(outbuf, 0, 8); 1839 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1840 if (!nb_sectors) { 1841 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1842 return 0; 1843 } 1844 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1845 goto illegal_request; 1846 } 1847 nb_sectors /= s->qdev.blocksize / 512; 1848 /* Returned value is the address of the last sector. */ 1849 nb_sectors--; 1850 /* Remember the new size for read/write sanity checking. */ 1851 s->qdev.max_lba = nb_sectors; 1852 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1853 if (nb_sectors > UINT32_MAX) { 1854 nb_sectors = UINT32_MAX; 1855 } 1856 outbuf[0] = (nb_sectors >> 24) & 0xff; 1857 outbuf[1] = (nb_sectors >> 16) & 0xff; 1858 outbuf[2] = (nb_sectors >> 8) & 0xff; 1859 outbuf[3] = nb_sectors & 0xff; 1860 outbuf[4] = 0; 1861 outbuf[5] = 0; 1862 outbuf[6] = s->qdev.blocksize >> 8; 1863 outbuf[7] = 0; 1864 break; 1865 case REQUEST_SENSE: 1866 /* Just return "NO SENSE". */ 1867 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1868 (req->cmd.buf[1] & 1) == 0); 1869 if (buflen < 0) { 1870 goto illegal_request; 1871 } 1872 break; 1873 case MECHANISM_STATUS: 1874 buflen = scsi_emulate_mechanism_status(s, outbuf); 1875 if (buflen < 0) { 1876 goto illegal_request; 1877 } 1878 break; 1879 case GET_CONFIGURATION: 1880 buflen = scsi_get_configuration(s, outbuf); 1881 if (buflen < 0) { 1882 goto illegal_request; 1883 } 1884 break; 1885 case GET_EVENT_STATUS_NOTIFICATION: 1886 buflen = scsi_get_event_status_notification(s, r, outbuf); 1887 if (buflen < 0) { 1888 goto illegal_request; 1889 } 1890 break; 1891 case READ_DISC_INFORMATION: 1892 buflen = scsi_read_disc_information(s, r, outbuf); 1893 if (buflen < 0) { 1894 goto illegal_request; 1895 } 1896 break; 1897 case READ_DVD_STRUCTURE: 1898 buflen = scsi_read_dvd_structure(s, r, outbuf); 1899 if (buflen < 0) { 1900 goto illegal_request; 1901 } 1902 break; 1903 case SERVICE_ACTION_IN_16: 1904 /* Service Action In subcommands. */ 1905 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 1906 DPRINTF("SAI READ CAPACITY(16)\n"); 1907 memset(outbuf, 0, req->cmd.xfer); 1908 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 1909 if (!nb_sectors) { 1910 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1911 return 0; 1912 } 1913 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 1914 goto illegal_request; 1915 } 1916 nb_sectors /= s->qdev.blocksize / 512; 1917 /* Returned value is the address of the last sector. */ 1918 nb_sectors--; 1919 /* Remember the new size for read/write sanity checking. */ 1920 s->qdev.max_lba = nb_sectors; 1921 outbuf[0] = (nb_sectors >> 56) & 0xff; 1922 outbuf[1] = (nb_sectors >> 48) & 0xff; 1923 outbuf[2] = (nb_sectors >> 40) & 0xff; 1924 outbuf[3] = (nb_sectors >> 32) & 0xff; 1925 outbuf[4] = (nb_sectors >> 24) & 0xff; 1926 outbuf[5] = (nb_sectors >> 16) & 0xff; 1927 outbuf[6] = (nb_sectors >> 8) & 0xff; 1928 outbuf[7] = nb_sectors & 0xff; 1929 outbuf[8] = 0; 1930 outbuf[9] = 0; 1931 outbuf[10] = s->qdev.blocksize >> 8; 1932 outbuf[11] = 0; 1933 outbuf[12] = 0; 1934 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 1935 1936 /* set TPE bit if the format supports discard */ 1937 if (s->qdev.conf.discard_granularity) { 1938 outbuf[14] = 0x80; 1939 } 1940 1941 /* Protection, exponent and lowest lba field left blank. */ 1942 break; 1943 } 1944 DPRINTF("Unsupported Service Action In\n"); 1945 goto illegal_request; 1946 case SYNCHRONIZE_CACHE: 1947 /* The request is used as the AIO opaque value, so add a ref. */ 1948 scsi_req_ref(&r->req); 1949 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH); 1950 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r); 1951 return 0; 1952 case SEEK_10: 1953 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 1954 if (r->req.cmd.lba > s->qdev.max_lba) { 1955 goto illegal_lba; 1956 } 1957 break; 1958 case MODE_SELECT: 1959 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 1960 break; 1961 case MODE_SELECT_10: 1962 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 1963 break; 1964 case UNMAP: 1965 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 1966 break; 1967 case WRITE_SAME_10: 1968 case WRITE_SAME_16: 1969 DPRINTF("WRITE SAME %d (len %lu)\n", 1970 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 1971 (long)r->req.cmd.xfer); 1972 break; 1973 default: 1974 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]); 1975 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 1976 return 0; 1977 } 1978 assert(!r->req.aiocb); 1979 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 1980 if (r->iov.iov_len == 0) { 1981 scsi_req_complete(&r->req, GOOD); 1982 } 1983 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 1984 assert(r->iov.iov_len == req->cmd.xfer); 1985 return -r->iov.iov_len; 1986 } else { 1987 return r->iov.iov_len; 1988 } 1989 1990 illegal_request: 1991 if (r->req.status == -1) { 1992 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1993 } 1994 return 0; 1995 1996 illegal_lba: 1997 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1998 return 0; 1999 } 2000 2001 /* Execute a scsi command. Returns the length of the data expected by the 2002 command. This will be Positive for data transfers from the device 2003 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2004 and zero if the command does not transfer any data. */ 2005 2006 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2007 { 2008 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2009 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2010 uint32_t len; 2011 uint8_t command; 2012 2013 command = buf[0]; 2014 2015 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) { 2016 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2017 return 0; 2018 } 2019 2020 len = scsi_data_cdb_length(r->req.cmd.buf); 2021 switch (command) { 2022 case READ_6: 2023 case READ_10: 2024 case READ_12: 2025 case READ_16: 2026 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2027 if (r->req.cmd.buf[1] & 0xe0) { 2028 goto illegal_request; 2029 } 2030 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2031 goto illegal_lba; 2032 } 2033 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2034 r->sector_count = len * (s->qdev.blocksize / 512); 2035 break; 2036 case WRITE_6: 2037 case WRITE_10: 2038 case WRITE_12: 2039 case WRITE_16: 2040 case WRITE_VERIFY_10: 2041 case WRITE_VERIFY_12: 2042 case WRITE_VERIFY_16: 2043 if (bdrv_is_read_only(s->qdev.conf.bs)) { 2044 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2045 return 0; 2046 } 2047 /* fallthrough */ 2048 case VERIFY_10: 2049 case VERIFY_12: 2050 case VERIFY_16: 2051 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2052 (command & 0xe) == 0xe ? "And Verify " : "", 2053 r->req.cmd.lba, len); 2054 if (r->req.cmd.buf[1] & 0xe0) { 2055 goto illegal_request; 2056 } 2057 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2058 goto illegal_lba; 2059 } 2060 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2061 r->sector_count = len * (s->qdev.blocksize / 512); 2062 break; 2063 default: 2064 abort(); 2065 illegal_request: 2066 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2067 return 0; 2068 illegal_lba: 2069 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2070 return 0; 2071 } 2072 if (r->sector_count == 0) { 2073 scsi_req_complete(&r->req, GOOD); 2074 } 2075 assert(r->iov.iov_len == 0); 2076 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2077 return -r->sector_count * 512; 2078 } else { 2079 return r->sector_count * 512; 2080 } 2081 } 2082 2083 static void scsi_disk_reset(DeviceState *dev) 2084 { 2085 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2086 uint64_t nb_sectors; 2087 2088 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2089 2090 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors); 2091 nb_sectors /= s->qdev.blocksize / 512; 2092 if (nb_sectors) { 2093 nb_sectors--; 2094 } 2095 s->qdev.max_lba = nb_sectors; 2096 /* reset tray statuses */ 2097 s->tray_locked = 0; 2098 s->tray_open = 0; 2099 } 2100 2101 static void scsi_destroy(SCSIDevice *dev) 2102 { 2103 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2104 2105 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE)); 2106 blockdev_mark_auto_del(s->qdev.conf.bs); 2107 } 2108 2109 static void scsi_disk_resize_cb(void *opaque) 2110 { 2111 SCSIDiskState *s = opaque; 2112 2113 /* SPC lists this sense code as available only for 2114 * direct-access devices. 2115 */ 2116 if (s->qdev.type == TYPE_DISK) { 2117 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2118 } 2119 } 2120 2121 static void scsi_cd_change_media_cb(void *opaque, bool load) 2122 { 2123 SCSIDiskState *s = opaque; 2124 2125 /* 2126 * When a CD gets changed, we have to report an ejected state and 2127 * then a loaded state to guests so that they detect tray 2128 * open/close and media change events. Guests that do not use 2129 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2130 * states rely on this behavior. 2131 * 2132 * media_changed governs the state machine used for unit attention 2133 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2134 */ 2135 s->media_changed = load; 2136 s->tray_open = !load; 2137 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2138 s->media_event = true; 2139 s->eject_request = false; 2140 } 2141 2142 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2143 { 2144 SCSIDiskState *s = opaque; 2145 2146 s->eject_request = true; 2147 if (force) { 2148 s->tray_locked = false; 2149 } 2150 } 2151 2152 static bool scsi_cd_is_tray_open(void *opaque) 2153 { 2154 return ((SCSIDiskState *)opaque)->tray_open; 2155 } 2156 2157 static bool scsi_cd_is_medium_locked(void *opaque) 2158 { 2159 return ((SCSIDiskState *)opaque)->tray_locked; 2160 } 2161 2162 static const BlockDevOps scsi_disk_removable_block_ops = { 2163 .change_media_cb = scsi_cd_change_media_cb, 2164 .eject_request_cb = scsi_cd_eject_request_cb, 2165 .is_tray_open = scsi_cd_is_tray_open, 2166 .is_medium_locked = scsi_cd_is_medium_locked, 2167 2168 .resize_cb = scsi_disk_resize_cb, 2169 }; 2170 2171 static const BlockDevOps scsi_disk_block_ops = { 2172 .resize_cb = scsi_disk_resize_cb, 2173 }; 2174 2175 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2176 { 2177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2178 if (s->media_changed) { 2179 s->media_changed = false; 2180 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2181 } 2182 } 2183 2184 static int scsi_initfn(SCSIDevice *dev) 2185 { 2186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2187 2188 if (!s->qdev.conf.bs) { 2189 error_report("drive property not set"); 2190 return -1; 2191 } 2192 2193 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2194 !bdrv_is_inserted(s->qdev.conf.bs)) { 2195 error_report("Device needs media, but drive is empty"); 2196 return -1; 2197 } 2198 2199 blkconf_serial(&s->qdev.conf, &s->serial); 2200 if (dev->type == TYPE_DISK 2201 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) { 2202 return -1; 2203 } 2204 2205 if (s->qdev.conf.discard_granularity == -1) { 2206 s->qdev.conf.discard_granularity = 2207 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2208 } 2209 2210 if (!s->version) { 2211 s->version = g_strdup(qemu_get_version()); 2212 } 2213 if (!s->vendor) { 2214 s->vendor = g_strdup("QEMU"); 2215 } 2216 2217 if (bdrv_is_sg(s->qdev.conf.bs)) { 2218 error_report("unwanted /dev/sg*"); 2219 return -1; 2220 } 2221 2222 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2223 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2224 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s); 2225 } else { 2226 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s); 2227 } 2228 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize); 2229 2230 bdrv_iostatus_enable(s->qdev.conf.bs); 2231 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL); 2232 return 0; 2233 } 2234 2235 static int scsi_hd_initfn(SCSIDevice *dev) 2236 { 2237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2238 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2239 s->qdev.type = TYPE_DISK; 2240 if (!s->product) { 2241 s->product = g_strdup("QEMU HARDDISK"); 2242 } 2243 return scsi_initfn(&s->qdev); 2244 } 2245 2246 static int scsi_cd_initfn(SCSIDevice *dev) 2247 { 2248 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2249 s->qdev.blocksize = 2048; 2250 s->qdev.type = TYPE_ROM; 2251 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2252 if (!s->product) { 2253 s->product = g_strdup("QEMU CD-ROM"); 2254 } 2255 return scsi_initfn(&s->qdev); 2256 } 2257 2258 static int scsi_disk_initfn(SCSIDevice *dev) 2259 { 2260 DriveInfo *dinfo; 2261 2262 if (!dev->conf.bs) { 2263 return scsi_initfn(dev); /* ... and die there */ 2264 } 2265 2266 dinfo = drive_get_by_blockdev(dev->conf.bs); 2267 if (dinfo->media_cd) { 2268 return scsi_cd_initfn(dev); 2269 } else { 2270 return scsi_hd_initfn(dev); 2271 } 2272 } 2273 2274 static const SCSIReqOps scsi_disk_emulate_reqops = { 2275 .size = sizeof(SCSIDiskReq), 2276 .free_req = scsi_free_request, 2277 .send_command = scsi_disk_emulate_command, 2278 .read_data = scsi_disk_emulate_read_data, 2279 .write_data = scsi_disk_emulate_write_data, 2280 .get_buf = scsi_get_buf, 2281 }; 2282 2283 static const SCSIReqOps scsi_disk_dma_reqops = { 2284 .size = sizeof(SCSIDiskReq), 2285 .free_req = scsi_free_request, 2286 .send_command = scsi_disk_dma_command, 2287 .read_data = scsi_read_data, 2288 .write_data = scsi_write_data, 2289 .cancel_io = scsi_cancel_io, 2290 .get_buf = scsi_get_buf, 2291 .load_request = scsi_disk_load_request, 2292 .save_request = scsi_disk_save_request, 2293 }; 2294 2295 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2296 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2297 [INQUIRY] = &scsi_disk_emulate_reqops, 2298 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2299 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2300 [START_STOP] = &scsi_disk_emulate_reqops, 2301 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2302 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2303 [READ_TOC] = &scsi_disk_emulate_reqops, 2304 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2305 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2306 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2307 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2308 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2309 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2310 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2311 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2312 [SEEK_10] = &scsi_disk_emulate_reqops, 2313 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2314 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2315 [UNMAP] = &scsi_disk_emulate_reqops, 2316 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2317 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2318 2319 [READ_6] = &scsi_disk_dma_reqops, 2320 [READ_10] = &scsi_disk_dma_reqops, 2321 [READ_12] = &scsi_disk_dma_reqops, 2322 [READ_16] = &scsi_disk_dma_reqops, 2323 [VERIFY_10] = &scsi_disk_dma_reqops, 2324 [VERIFY_12] = &scsi_disk_dma_reqops, 2325 [VERIFY_16] = &scsi_disk_dma_reqops, 2326 [WRITE_6] = &scsi_disk_dma_reqops, 2327 [WRITE_10] = &scsi_disk_dma_reqops, 2328 [WRITE_12] = &scsi_disk_dma_reqops, 2329 [WRITE_16] = &scsi_disk_dma_reqops, 2330 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2331 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2332 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2333 }; 2334 2335 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2336 uint8_t *buf, void *hba_private) 2337 { 2338 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2339 SCSIRequest *req; 2340 const SCSIReqOps *ops; 2341 uint8_t command; 2342 2343 command = buf[0]; 2344 ops = scsi_disk_reqops_dispatch[command]; 2345 if (!ops) { 2346 ops = &scsi_disk_emulate_reqops; 2347 } 2348 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2349 2350 #ifdef DEBUG_SCSI 2351 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2352 { 2353 int i; 2354 for (i = 1; i < req->cmd.len; i++) { 2355 printf(" 0x%02x", buf[i]); 2356 } 2357 printf("\n"); 2358 } 2359 #endif 2360 2361 return req; 2362 } 2363 2364 #ifdef __linux__ 2365 static int get_device_type(SCSIDiskState *s) 2366 { 2367 BlockDriverState *bdrv = s->qdev.conf.bs; 2368 uint8_t cmd[16]; 2369 uint8_t buf[36]; 2370 uint8_t sensebuf[8]; 2371 sg_io_hdr_t io_header; 2372 int ret; 2373 2374 memset(cmd, 0, sizeof(cmd)); 2375 memset(buf, 0, sizeof(buf)); 2376 cmd[0] = INQUIRY; 2377 cmd[4] = sizeof(buf); 2378 2379 memset(&io_header, 0, sizeof(io_header)); 2380 io_header.interface_id = 'S'; 2381 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2382 io_header.dxfer_len = sizeof(buf); 2383 io_header.dxferp = buf; 2384 io_header.cmdp = cmd; 2385 io_header.cmd_len = sizeof(cmd); 2386 io_header.mx_sb_len = sizeof(sensebuf); 2387 io_header.sbp = sensebuf; 2388 io_header.timeout = 6000; /* XXX */ 2389 2390 ret = bdrv_ioctl(bdrv, SG_IO, &io_header); 2391 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2392 return -1; 2393 } 2394 s->qdev.type = buf[0]; 2395 if (buf[1] & 0x80) { 2396 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2397 } 2398 return 0; 2399 } 2400 2401 static int scsi_block_initfn(SCSIDevice *dev) 2402 { 2403 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2404 int sg_version; 2405 int rc; 2406 2407 if (!s->qdev.conf.bs) { 2408 error_report("scsi-block: drive property not set"); 2409 return -1; 2410 } 2411 2412 /* check we are using a driver managing SG_IO (version 3 and after) */ 2413 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 || 2414 sg_version < 30000) { 2415 error_report("scsi-block: scsi generic interface too old"); 2416 return -1; 2417 } 2418 2419 /* get device type from INQUIRY data */ 2420 rc = get_device_type(s); 2421 if (rc < 0) { 2422 error_report("scsi-block: INQUIRY failed"); 2423 return -1; 2424 } 2425 2426 /* Make a guess for the block size, we'll fix it when the guest sends. 2427 * READ CAPACITY. If they don't, they likely would assume these sizes 2428 * anyway. (TODO: check in /sys). 2429 */ 2430 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2431 s->qdev.blocksize = 2048; 2432 } else { 2433 s->qdev.blocksize = 512; 2434 } 2435 2436 /* Makes the scsi-block device not removable by using HMP and QMP eject 2437 * command. 2438 */ 2439 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2440 2441 return scsi_initfn(&s->qdev); 2442 } 2443 2444 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2445 uint32_t lun, uint8_t *buf, 2446 void *hba_private) 2447 { 2448 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2449 2450 switch (buf[0]) { 2451 case READ_6: 2452 case READ_10: 2453 case READ_12: 2454 case READ_16: 2455 case VERIFY_10: 2456 case VERIFY_12: 2457 case VERIFY_16: 2458 case WRITE_6: 2459 case WRITE_10: 2460 case WRITE_12: 2461 case WRITE_16: 2462 case WRITE_VERIFY_10: 2463 case WRITE_VERIFY_12: 2464 case WRITE_VERIFY_16: 2465 /* If we are not using O_DIRECT, we might read stale data from the 2466 * host cache if writes were made using other commands than these 2467 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2468 * O_DIRECT everything must go through SG_IO. 2469 */ 2470 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) { 2471 break; 2472 } 2473 2474 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2475 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2476 * And once you do these writes, reading from the block device is 2477 * unreliable, too. It is even possible that reads deliver random data 2478 * from the host page cache (this is probably a Linux bug). 2479 * 2480 * We might use scsi_disk_dma_reqops as long as no writing commands are 2481 * seen, but performance usually isn't paramount on optical media. So, 2482 * just make scsi-block operate the same as scsi-generic for them. 2483 */ 2484 if (s->qdev.type != TYPE_ROM) { 2485 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2486 hba_private); 2487 } 2488 } 2489 2490 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2491 hba_private); 2492 } 2493 #endif 2494 2495 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2496 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2497 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2498 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2499 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2500 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2501 2502 static Property scsi_hd_properties[] = { 2503 DEFINE_SCSI_DISK_PROPERTIES(), 2504 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2505 SCSI_DISK_F_REMOVABLE, false), 2506 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2507 SCSI_DISK_F_DPOFUA, false), 2508 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2509 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2510 DEFINE_PROP_END_OF_LIST(), 2511 }; 2512 2513 static const VMStateDescription vmstate_scsi_disk_state = { 2514 .name = "scsi-disk", 2515 .version_id = 1, 2516 .minimum_version_id = 1, 2517 .minimum_version_id_old = 1, 2518 .fields = (VMStateField[]) { 2519 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2520 VMSTATE_BOOL(media_changed, SCSIDiskState), 2521 VMSTATE_BOOL(media_event, SCSIDiskState), 2522 VMSTATE_BOOL(eject_request, SCSIDiskState), 2523 VMSTATE_BOOL(tray_open, SCSIDiskState), 2524 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2525 VMSTATE_END_OF_LIST() 2526 } 2527 }; 2528 2529 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2530 { 2531 DeviceClass *dc = DEVICE_CLASS(klass); 2532 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2533 2534 sc->init = scsi_hd_initfn; 2535 sc->destroy = scsi_destroy; 2536 sc->alloc_req = scsi_new_request; 2537 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2538 dc->fw_name = "disk"; 2539 dc->desc = "virtual SCSI disk"; 2540 dc->reset = scsi_disk_reset; 2541 dc->props = scsi_hd_properties; 2542 dc->vmsd = &vmstate_scsi_disk_state; 2543 } 2544 2545 static const TypeInfo scsi_hd_info = { 2546 .name = "scsi-hd", 2547 .parent = TYPE_SCSI_DEVICE, 2548 .instance_size = sizeof(SCSIDiskState), 2549 .class_init = scsi_hd_class_initfn, 2550 }; 2551 2552 static Property scsi_cd_properties[] = { 2553 DEFINE_SCSI_DISK_PROPERTIES(), 2554 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2555 DEFINE_PROP_END_OF_LIST(), 2556 }; 2557 2558 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2559 { 2560 DeviceClass *dc = DEVICE_CLASS(klass); 2561 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2562 2563 sc->init = scsi_cd_initfn; 2564 sc->destroy = scsi_destroy; 2565 sc->alloc_req = scsi_new_request; 2566 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2567 dc->fw_name = "disk"; 2568 dc->desc = "virtual SCSI CD-ROM"; 2569 dc->reset = scsi_disk_reset; 2570 dc->props = scsi_cd_properties; 2571 dc->vmsd = &vmstate_scsi_disk_state; 2572 } 2573 2574 static const TypeInfo scsi_cd_info = { 2575 .name = "scsi-cd", 2576 .parent = TYPE_SCSI_DEVICE, 2577 .instance_size = sizeof(SCSIDiskState), 2578 .class_init = scsi_cd_class_initfn, 2579 }; 2580 2581 #ifdef __linux__ 2582 static Property scsi_block_properties[] = { 2583 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), 2584 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1), 2585 DEFINE_PROP_END_OF_LIST(), 2586 }; 2587 2588 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2589 { 2590 DeviceClass *dc = DEVICE_CLASS(klass); 2591 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2592 2593 sc->init = scsi_block_initfn; 2594 sc->destroy = scsi_destroy; 2595 sc->alloc_req = scsi_block_new_request; 2596 dc->fw_name = "disk"; 2597 dc->desc = "SCSI block device passthrough"; 2598 dc->reset = scsi_disk_reset; 2599 dc->props = scsi_block_properties; 2600 dc->vmsd = &vmstate_scsi_disk_state; 2601 } 2602 2603 static const TypeInfo scsi_block_info = { 2604 .name = "scsi-block", 2605 .parent = TYPE_SCSI_DEVICE, 2606 .instance_size = sizeof(SCSIDiskState), 2607 .class_init = scsi_block_class_initfn, 2608 }; 2609 #endif 2610 2611 static Property scsi_disk_properties[] = { 2612 DEFINE_SCSI_DISK_PROPERTIES(), 2613 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2614 SCSI_DISK_F_REMOVABLE, false), 2615 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2616 SCSI_DISK_F_DPOFUA, false), 2617 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), 2618 DEFINE_PROP_END_OF_LIST(), 2619 }; 2620 2621 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2622 { 2623 DeviceClass *dc = DEVICE_CLASS(klass); 2624 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2625 2626 sc->init = scsi_disk_initfn; 2627 sc->destroy = scsi_destroy; 2628 sc->alloc_req = scsi_new_request; 2629 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2630 dc->fw_name = "disk"; 2631 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2632 dc->reset = scsi_disk_reset; 2633 dc->props = scsi_disk_properties; 2634 dc->vmsd = &vmstate_scsi_disk_state; 2635 } 2636 2637 static const TypeInfo scsi_disk_info = { 2638 .name = "scsi-disk", 2639 .parent = TYPE_SCSI_DEVICE, 2640 .instance_size = sizeof(SCSIDiskState), 2641 .class_init = scsi_disk_class_initfn, 2642 }; 2643 2644 static void scsi_disk_register_types(void) 2645 { 2646 type_register_static(&scsi_hd_info); 2647 type_register_static(&scsi_cd_info); 2648 #ifdef __linux__ 2649 type_register_static(&scsi_block_info); 2650 #endif 2651 type_register_static(&scsi_disk_info); 2652 } 2653 2654 type_init(scsi_disk_register_types) 2655