1 /* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22 //#define DEBUG_SCSI 23 24 #ifdef DEBUG_SCSI 25 #define DPRINTF(fmt, ...) \ 26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) 27 #else 28 #define DPRINTF(fmt, ...) do {} while(0) 29 #endif 30 31 #include "qemu/osdep.h" 32 #include "qapi/error.h" 33 #include "qemu/error-report.h" 34 #include "hw/scsi/scsi.h" 35 #include "block/scsi.h" 36 #include "sysemu/sysemu.h" 37 #include "sysemu/block-backend.h" 38 #include "sysemu/blockdev.h" 39 #include "hw/block/block.h" 40 #include "sysemu/dma.h" 41 #include "qemu/cutils.h" 42 43 #ifdef __linux 44 #include <scsi/sg.h> 45 #endif 46 47 #define SCSI_WRITE_SAME_MAX 524288 48 #define SCSI_DMA_BUF_SIZE 131072 49 #define SCSI_MAX_INQUIRY_LEN 256 50 #define SCSI_MAX_MODE_LEN 256 51 52 #define DEFAULT_DISCARD_GRANULARITY 4096 53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */ 54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 55 56 typedef struct SCSIDiskState SCSIDiskState; 57 58 typedef struct SCSIDiskReq { 59 SCSIRequest req; 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 61 uint64_t sector; 62 uint32_t sector_count; 63 uint32_t buflen; 64 bool started; 65 struct iovec iov; 66 QEMUIOVector qiov; 67 BlockAcctCookie acct; 68 } SCSIDiskReq; 69 70 #define SCSI_DISK_F_REMOVABLE 0 71 #define SCSI_DISK_F_DPOFUA 1 72 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 73 74 struct SCSIDiskState 75 { 76 SCSIDevice qdev; 77 uint32_t features; 78 bool media_changed; 79 bool media_event; 80 bool eject_request; 81 uint16_t port_index; 82 uint64_t max_unmap_size; 83 uint64_t max_io_size; 84 QEMUBH *bh; 85 char *version; 86 char *serial; 87 char *vendor; 88 char *product; 89 bool tray_open; 90 bool tray_locked; 91 }; 92 93 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed); 94 95 static void scsi_free_request(SCSIRequest *req) 96 { 97 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 98 99 qemu_vfree(r->iov.iov_base); 100 } 101 102 /* Helper function for command completion with sense. */ 103 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 104 { 105 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n", 106 r->req.tag, sense.key, sense.asc, sense.ascq); 107 scsi_req_build_sense(&r->req, sense); 108 scsi_req_complete(&r->req, CHECK_CONDITION); 109 } 110 111 static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 112 { 113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 114 115 if (!r->iov.iov_base) { 116 r->buflen = size; 117 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 118 } 119 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); 120 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 121 } 122 123 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 124 { 125 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 126 127 qemu_put_be64s(f, &r->sector); 128 qemu_put_be32s(f, &r->sector_count); 129 qemu_put_be32s(f, &r->buflen); 130 if (r->buflen) { 131 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 132 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 133 } else if (!req->retry) { 134 uint32_t len = r->iov.iov_len; 135 qemu_put_be32s(f, &len); 136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 137 } 138 } 139 } 140 141 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 142 { 143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 144 145 qemu_get_be64s(f, &r->sector); 146 qemu_get_be32s(f, &r->sector_count); 147 qemu_get_be32s(f, &r->buflen); 148 if (r->buflen) { 149 scsi_init_iovec(r, r->buflen); 150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 151 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 152 } else if (!r->req.retry) { 153 uint32_t len; 154 qemu_get_be32s(f, &len); 155 r->iov.iov_len = len; 156 assert(r->iov.iov_len <= r->buflen); 157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 158 } 159 } 160 161 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 162 } 163 164 static void scsi_aio_complete(void *opaque, int ret) 165 { 166 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 168 169 assert(r->req.aiocb != NULL); 170 r->req.aiocb = NULL; 171 if (r->req.io_canceled) { 172 scsi_req_cancel_complete(&r->req); 173 goto done; 174 } 175 176 if (ret < 0) { 177 if (scsi_handle_rw_error(r, -ret, true)) { 178 goto done; 179 } 180 } 181 182 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 183 scsi_req_complete(&r->req, GOOD); 184 185 done: 186 scsi_req_unref(&r->req); 187 } 188 189 static bool scsi_is_cmd_fua(SCSICommand *cmd) 190 { 191 switch (cmd->buf[0]) { 192 case READ_10: 193 case READ_12: 194 case READ_16: 195 case WRITE_10: 196 case WRITE_12: 197 case WRITE_16: 198 return (cmd->buf[1] & 8) != 0; 199 200 case VERIFY_10: 201 case VERIFY_12: 202 case VERIFY_16: 203 case WRITE_VERIFY_10: 204 case WRITE_VERIFY_12: 205 case WRITE_VERIFY_16: 206 return true; 207 208 case READ_6: 209 case WRITE_6: 210 default: 211 return false; 212 } 213 } 214 215 static void scsi_write_do_fua(SCSIDiskReq *r) 216 { 217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 218 219 assert(r->req.aiocb == NULL); 220 221 if (r->req.io_canceled) { 222 scsi_req_cancel_complete(&r->req); 223 goto done; 224 } 225 226 if (scsi_is_cmd_fua(&r->req.cmd)) { 227 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 228 BLOCK_ACCT_FLUSH); 229 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 230 return; 231 } 232 233 scsi_req_complete(&r->req, GOOD); 234 235 done: 236 scsi_req_unref(&r->req); 237 } 238 239 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 240 { 241 assert(r->req.aiocb == NULL); 242 243 if (r->req.io_canceled) { 244 scsi_req_cancel_complete(&r->req); 245 goto done; 246 } 247 248 if (ret < 0) { 249 if (scsi_handle_rw_error(r, -ret, false)) { 250 goto done; 251 } 252 } 253 254 r->sector += r->sector_count; 255 r->sector_count = 0; 256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 257 scsi_write_do_fua(r); 258 return; 259 } else { 260 scsi_req_complete(&r->req, GOOD); 261 } 262 263 done: 264 scsi_req_unref(&r->req); 265 } 266 267 static void scsi_dma_complete(void *opaque, int ret) 268 { 269 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 271 272 assert(r->req.aiocb != NULL); 273 r->req.aiocb = NULL; 274 275 if (ret < 0) { 276 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 277 } else { 278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 279 } 280 scsi_dma_complete_noio(r, ret); 281 } 282 283 static void scsi_read_complete(void * opaque, int ret) 284 { 285 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 287 int n; 288 289 assert(r->req.aiocb != NULL); 290 r->req.aiocb = NULL; 291 if (r->req.io_canceled) { 292 scsi_req_cancel_complete(&r->req); 293 goto done; 294 } 295 296 if (ret < 0) { 297 if (scsi_handle_rw_error(r, -ret, true)) { 298 goto done; 299 } 300 } 301 302 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 303 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size); 304 305 n = r->qiov.size / 512; 306 r->sector += n; 307 r->sector_count -= n; 308 scsi_req_data(&r->req, r->qiov.size); 309 310 done: 311 scsi_req_unref(&r->req); 312 } 313 314 /* Actually issue a read to the block device. */ 315 static void scsi_do_read(SCSIDiskReq *r, int ret) 316 { 317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 318 319 assert (r->req.aiocb == NULL); 320 321 if (r->req.io_canceled) { 322 scsi_req_cancel_complete(&r->req); 323 goto done; 324 } 325 326 if (ret < 0) { 327 if (scsi_handle_rw_error(r, -ret, false)) { 328 goto done; 329 } 330 } 331 332 /* The request is used as the AIO opaque value, so add a ref. */ 333 scsi_req_ref(&r->req); 334 335 if (r->req.sg) { 336 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 337 r->req.resid -= r->req.sg->size; 338 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, 339 r->sector << BDRV_SECTOR_BITS, 340 scsi_dma_complete, r); 341 } else { 342 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 343 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 344 r->qiov.size, BLOCK_ACCT_READ); 345 r->req.aiocb = blk_aio_preadv(s->qdev.conf.blk, 346 r->sector << BDRV_SECTOR_BITS, &r->qiov, 347 0, scsi_read_complete, r); 348 } 349 350 done: 351 scsi_req_unref(&r->req); 352 } 353 354 static void scsi_do_read_cb(void *opaque, int ret) 355 { 356 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 358 359 assert (r->req.aiocb != NULL); 360 r->req.aiocb = NULL; 361 362 if (ret < 0) { 363 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 364 } else { 365 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 366 } 367 scsi_do_read(opaque, ret); 368 } 369 370 /* Read more data from scsi device into buffer. */ 371 static void scsi_read_data(SCSIRequest *req) 372 { 373 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 375 bool first; 376 377 DPRINTF("Read sector_count=%d\n", r->sector_count); 378 if (r->sector_count == 0) { 379 /* This also clears the sense buffer for REQUEST SENSE. */ 380 scsi_req_complete(&r->req, GOOD); 381 return; 382 } 383 384 /* No data transfer may already be in progress */ 385 assert(r->req.aiocb == NULL); 386 387 /* The request is used as the AIO opaque value, so add a ref. */ 388 scsi_req_ref(&r->req); 389 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 390 DPRINTF("Data transfer direction invalid\n"); 391 scsi_read_complete(r, -EINVAL); 392 return; 393 } 394 395 if (s->tray_open) { 396 scsi_read_complete(r, -ENOMEDIUM); 397 return; 398 } 399 400 first = !r->started; 401 r->started = true; 402 if (first && scsi_is_cmd_fua(&r->req.cmd)) { 403 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 404 BLOCK_ACCT_FLUSH); 405 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 406 } else { 407 scsi_do_read(r, 0); 408 } 409 } 410 411 /* 412 * scsi_handle_rw_error has two return values. 0 means that the error 413 * must be ignored, 1 means that the error has been processed and the 414 * caller should not do anything else for this request. Note that 415 * scsi_handle_rw_error always manages its reference counts, independent 416 * of the return value. 417 */ 418 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed) 419 { 420 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 421 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 422 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk, 423 is_read, error); 424 425 if (action == BLOCK_ERROR_ACTION_REPORT) { 426 if (acct_failed) { 427 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 428 } 429 switch (error) { 430 case ENOMEDIUM: 431 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 432 break; 433 case ENOMEM: 434 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE)); 435 break; 436 case EINVAL: 437 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 438 break; 439 case ENOSPC: 440 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED)); 441 break; 442 default: 443 scsi_check_condition(r, SENSE_CODE(IO_ERROR)); 444 break; 445 } 446 } 447 blk_error_action(s->qdev.conf.blk, action, is_read, error); 448 if (action == BLOCK_ERROR_ACTION_STOP) { 449 scsi_req_retry(&r->req); 450 } 451 return action != BLOCK_ERROR_ACTION_IGNORE; 452 } 453 454 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 455 { 456 uint32_t n; 457 458 assert (r->req.aiocb == NULL); 459 460 if (r->req.io_canceled) { 461 scsi_req_cancel_complete(&r->req); 462 goto done; 463 } 464 465 if (ret < 0) { 466 if (scsi_handle_rw_error(r, -ret, false)) { 467 goto done; 468 } 469 } 470 471 n = r->qiov.size / 512; 472 r->sector += n; 473 r->sector_count -= n; 474 if (r->sector_count == 0) { 475 scsi_write_do_fua(r); 476 return; 477 } else { 478 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 479 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size); 480 scsi_req_data(&r->req, r->qiov.size); 481 } 482 483 done: 484 scsi_req_unref(&r->req); 485 } 486 487 static void scsi_write_complete(void * opaque, int ret) 488 { 489 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 490 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 491 492 assert (r->req.aiocb != NULL); 493 r->req.aiocb = NULL; 494 495 if (ret < 0) { 496 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 497 } else { 498 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 499 } 500 scsi_write_complete_noio(r, ret); 501 } 502 503 static void scsi_write_data(SCSIRequest *req) 504 { 505 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 507 508 /* No data transfer may already be in progress */ 509 assert(r->req.aiocb == NULL); 510 511 /* The request is used as the AIO opaque value, so add a ref. */ 512 scsi_req_ref(&r->req); 513 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 514 DPRINTF("Data transfer direction invalid\n"); 515 scsi_write_complete_noio(r, -EINVAL); 516 return; 517 } 518 519 if (!r->req.sg && !r->qiov.size) { 520 /* Called for the first time. Ask the driver to send us more data. */ 521 r->started = true; 522 scsi_write_complete_noio(r, 0); 523 return; 524 } 525 if (s->tray_open) { 526 scsi_write_complete_noio(r, -ENOMEDIUM); 527 return; 528 } 529 530 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 531 r->req.cmd.buf[0] == VERIFY_16) { 532 if (r->req.sg) { 533 scsi_dma_complete_noio(r, 0); 534 } else { 535 scsi_write_complete_noio(r, 0); 536 } 537 return; 538 } 539 540 if (r->req.sg) { 541 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 542 r->req.resid -= r->req.sg->size; 543 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, 544 r->sector << BDRV_SECTOR_BITS, 545 scsi_dma_complete, r); 546 } else { 547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 548 r->qiov.size, BLOCK_ACCT_WRITE); 549 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 550 r->sector << BDRV_SECTOR_BITS, &r->qiov, 551 0, scsi_write_complete, r); 552 } 553 } 554 555 /* Return a pointer to the data buffer. */ 556 static uint8_t *scsi_get_buf(SCSIRequest *req) 557 { 558 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 559 560 return (uint8_t *)r->iov.iov_base; 561 } 562 563 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 564 { 565 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 566 int buflen = 0; 567 int start; 568 569 if (req->cmd.buf[1] & 0x1) { 570 /* Vital product data */ 571 uint8_t page_code = req->cmd.buf[2]; 572 573 outbuf[buflen++] = s->qdev.type & 0x1f; 574 outbuf[buflen++] = page_code ; // this page 575 outbuf[buflen++] = 0x00; 576 outbuf[buflen++] = 0x00; 577 start = buflen; 578 579 switch (page_code) { 580 case 0x00: /* Supported page codes, mandatory */ 581 { 582 DPRINTF("Inquiry EVPD[Supported pages] " 583 "buffer size %zd\n", req->cmd.xfer); 584 outbuf[buflen++] = 0x00; // list of supported pages (this page) 585 if (s->serial) { 586 outbuf[buflen++] = 0x80; // unit serial number 587 } 588 outbuf[buflen++] = 0x83; // device identification 589 if (s->qdev.type == TYPE_DISK) { 590 outbuf[buflen++] = 0xb0; // block limits 591 outbuf[buflen++] = 0xb2; // thin provisioning 592 } 593 break; 594 } 595 case 0x80: /* Device serial number, optional */ 596 { 597 int l; 598 599 if (!s->serial) { 600 DPRINTF("Inquiry (EVPD[Serial number] not supported\n"); 601 return -1; 602 } 603 604 l = strlen(s->serial); 605 if (l > 20) { 606 l = 20; 607 } 608 609 DPRINTF("Inquiry EVPD[Serial number] " 610 "buffer size %zd\n", req->cmd.xfer); 611 memcpy(outbuf+buflen, s->serial, l); 612 buflen += l; 613 break; 614 } 615 616 case 0x83: /* Device identification page, mandatory */ 617 { 618 const char *str = s->serial ?: blk_name(s->qdev.conf.blk); 619 int max_len = s->serial ? 20 : 255 - 8; 620 int id_len = strlen(str); 621 622 if (id_len > max_len) { 623 id_len = max_len; 624 } 625 DPRINTF("Inquiry EVPD[Device identification] " 626 "buffer size %zd\n", req->cmd.xfer); 627 628 outbuf[buflen++] = 0x2; // ASCII 629 outbuf[buflen++] = 0; // not officially assigned 630 outbuf[buflen++] = 0; // reserved 631 outbuf[buflen++] = id_len; // length of data following 632 memcpy(outbuf+buflen, str, id_len); 633 buflen += id_len; 634 635 if (s->qdev.wwn) { 636 outbuf[buflen++] = 0x1; // Binary 637 outbuf[buflen++] = 0x3; // NAA 638 outbuf[buflen++] = 0; // reserved 639 outbuf[buflen++] = 8; 640 stq_be_p(&outbuf[buflen], s->qdev.wwn); 641 buflen += 8; 642 } 643 644 if (s->qdev.port_wwn) { 645 outbuf[buflen++] = 0x61; // SAS / Binary 646 outbuf[buflen++] = 0x93; // PIV / Target port / NAA 647 outbuf[buflen++] = 0; // reserved 648 outbuf[buflen++] = 8; 649 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 650 buflen += 8; 651 } 652 653 if (s->port_index) { 654 outbuf[buflen++] = 0x61; // SAS / Binary 655 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port 656 outbuf[buflen++] = 0; // reserved 657 outbuf[buflen++] = 4; 658 stw_be_p(&outbuf[buflen + 2], s->port_index); 659 buflen += 4; 660 } 661 break; 662 } 663 case 0xb0: /* block limits */ 664 { 665 unsigned int unmap_sectors = 666 s->qdev.conf.discard_granularity / s->qdev.blocksize; 667 unsigned int min_io_size = 668 s->qdev.conf.min_io_size / s->qdev.blocksize; 669 unsigned int opt_io_size = 670 s->qdev.conf.opt_io_size / s->qdev.blocksize; 671 unsigned int max_unmap_sectors = 672 s->max_unmap_size / s->qdev.blocksize; 673 unsigned int max_io_sectors = 674 s->max_io_size / s->qdev.blocksize; 675 676 if (s->qdev.type == TYPE_ROM) { 677 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n", 678 page_code); 679 return -1; 680 } 681 /* required VPD size with unmap support */ 682 buflen = 0x40; 683 memset(outbuf + 4, 0, buflen - 4); 684 685 outbuf[4] = 0x1; /* wsnz */ 686 687 /* optimal transfer length granularity */ 688 outbuf[6] = (min_io_size >> 8) & 0xff; 689 outbuf[7] = min_io_size & 0xff; 690 691 /* maximum transfer length */ 692 outbuf[8] = (max_io_sectors >> 24) & 0xff; 693 outbuf[9] = (max_io_sectors >> 16) & 0xff; 694 outbuf[10] = (max_io_sectors >> 8) & 0xff; 695 outbuf[11] = max_io_sectors & 0xff; 696 697 /* optimal transfer length */ 698 outbuf[12] = (opt_io_size >> 24) & 0xff; 699 outbuf[13] = (opt_io_size >> 16) & 0xff; 700 outbuf[14] = (opt_io_size >> 8) & 0xff; 701 outbuf[15] = opt_io_size & 0xff; 702 703 /* max unmap LBA count, default is 1GB */ 704 outbuf[20] = (max_unmap_sectors >> 24) & 0xff; 705 outbuf[21] = (max_unmap_sectors >> 16) & 0xff; 706 outbuf[22] = (max_unmap_sectors >> 8) & 0xff; 707 outbuf[23] = max_unmap_sectors & 0xff; 708 709 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */ 710 outbuf[24] = 0; 711 outbuf[25] = 0; 712 outbuf[26] = 0; 713 outbuf[27] = 255; 714 715 /* optimal unmap granularity */ 716 outbuf[28] = (unmap_sectors >> 24) & 0xff; 717 outbuf[29] = (unmap_sectors >> 16) & 0xff; 718 outbuf[30] = (unmap_sectors >> 8) & 0xff; 719 outbuf[31] = unmap_sectors & 0xff; 720 721 /* max write same size */ 722 outbuf[36] = 0; 723 outbuf[37] = 0; 724 outbuf[38] = 0; 725 outbuf[39] = 0; 726 727 outbuf[40] = (max_io_sectors >> 24) & 0xff; 728 outbuf[41] = (max_io_sectors >> 16) & 0xff; 729 outbuf[42] = (max_io_sectors >> 8) & 0xff; 730 outbuf[43] = max_io_sectors & 0xff; 731 break; 732 } 733 case 0xb2: /* thin provisioning */ 734 { 735 buflen = 8; 736 outbuf[4] = 0; 737 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 738 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 739 outbuf[7] = 0; 740 break; 741 } 742 default: 743 return -1; 744 } 745 /* done with EVPD */ 746 assert(buflen - start <= 255); 747 outbuf[start - 1] = buflen - start; 748 return buflen; 749 } 750 751 /* Standard INQUIRY data */ 752 if (req->cmd.buf[2] != 0) { 753 return -1; 754 } 755 756 /* PAGE CODE == 0 */ 757 buflen = req->cmd.xfer; 758 if (buflen > SCSI_MAX_INQUIRY_LEN) { 759 buflen = SCSI_MAX_INQUIRY_LEN; 760 } 761 762 outbuf[0] = s->qdev.type & 0x1f; 763 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 764 765 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 766 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 767 768 memset(&outbuf[32], 0, 4); 769 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 770 /* 771 * We claim conformance to SPC-3, which is required for guests 772 * to ask for modern features like READ CAPACITY(16) or the 773 * block characteristics VPD page by default. Not all of SPC-3 774 * is actually implemented, but we're good enough. 775 */ 776 outbuf[2] = 5; 777 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 778 779 if (buflen > 36) { 780 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 781 } else { 782 /* If the allocation length of CDB is too small, 783 the additional length is not adjusted */ 784 outbuf[4] = 36 - 5; 785 } 786 787 /* Sync data transfer and TCQ. */ 788 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 789 return buflen; 790 } 791 792 static inline bool media_is_dvd(SCSIDiskState *s) 793 { 794 uint64_t nb_sectors; 795 if (s->qdev.type != TYPE_ROM) { 796 return false; 797 } 798 if (!blk_is_inserted(s->qdev.conf.blk)) { 799 return false; 800 } 801 if (s->tray_open) { 802 return false; 803 } 804 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 805 return nb_sectors > CD_MAX_SECTORS; 806 } 807 808 static inline bool media_is_cd(SCSIDiskState *s) 809 { 810 uint64_t nb_sectors; 811 if (s->qdev.type != TYPE_ROM) { 812 return false; 813 } 814 if (!blk_is_inserted(s->qdev.conf.blk)) { 815 return false; 816 } 817 if (s->tray_open) { 818 return false; 819 } 820 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 821 return nb_sectors <= CD_MAX_SECTORS; 822 } 823 824 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 825 uint8_t *outbuf) 826 { 827 uint8_t type = r->req.cmd.buf[1] & 7; 828 829 if (s->qdev.type != TYPE_ROM) { 830 return -1; 831 } 832 833 /* Types 1/2 are only defined for Blu-Ray. */ 834 if (type != 0) { 835 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 836 return -1; 837 } 838 839 memset(outbuf, 0, 34); 840 outbuf[1] = 32; 841 outbuf[2] = 0xe; /* last session complete, disc finalized */ 842 outbuf[3] = 1; /* first track on disc */ 843 outbuf[4] = 1; /* # of sessions */ 844 outbuf[5] = 1; /* first track of last session */ 845 outbuf[6] = 1; /* last track of last session */ 846 outbuf[7] = 0x20; /* unrestricted use */ 847 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 848 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 849 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 850 /* 24-31: disc bar code */ 851 /* 32: disc application code */ 852 /* 33: number of OPC tables */ 853 854 return 34; 855 } 856 857 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 858 uint8_t *outbuf) 859 { 860 static const int rds_caps_size[5] = { 861 [0] = 2048 + 4, 862 [1] = 4 + 4, 863 [3] = 188 + 4, 864 [4] = 2048 + 4, 865 }; 866 867 uint8_t media = r->req.cmd.buf[1]; 868 uint8_t layer = r->req.cmd.buf[6]; 869 uint8_t format = r->req.cmd.buf[7]; 870 int size = -1; 871 872 if (s->qdev.type != TYPE_ROM) { 873 return -1; 874 } 875 if (media != 0) { 876 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 877 return -1; 878 } 879 880 if (format != 0xff) { 881 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 882 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 883 return -1; 884 } 885 if (media_is_cd(s)) { 886 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 887 return -1; 888 } 889 if (format >= ARRAY_SIZE(rds_caps_size)) { 890 return -1; 891 } 892 size = rds_caps_size[format]; 893 memset(outbuf, 0, size); 894 } 895 896 switch (format) { 897 case 0x00: { 898 /* Physical format information */ 899 uint64_t nb_sectors; 900 if (layer != 0) { 901 goto fail; 902 } 903 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 904 905 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 906 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 907 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 908 outbuf[7] = 0; /* default densities */ 909 910 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 911 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 912 break; 913 } 914 915 case 0x01: /* DVD copyright information, all zeros */ 916 break; 917 918 case 0x03: /* BCA information - invalid field for no BCA info */ 919 return -1; 920 921 case 0x04: /* DVD disc manufacturing information, all zeros */ 922 break; 923 924 case 0xff: { /* List capabilities */ 925 int i; 926 size = 4; 927 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 928 if (!rds_caps_size[i]) { 929 continue; 930 } 931 outbuf[size] = i; 932 outbuf[size + 1] = 0x40; /* Not writable, readable */ 933 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 934 size += 4; 935 } 936 break; 937 } 938 939 default: 940 return -1; 941 } 942 943 /* Size of buffer, not including 2 byte size field */ 944 stw_be_p(outbuf, size - 2); 945 return size; 946 947 fail: 948 return -1; 949 } 950 951 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 952 { 953 uint8_t event_code, media_status; 954 955 media_status = 0; 956 if (s->tray_open) { 957 media_status = MS_TRAY_OPEN; 958 } else if (blk_is_inserted(s->qdev.conf.blk)) { 959 media_status = MS_MEDIA_PRESENT; 960 } 961 962 /* Event notification descriptor */ 963 event_code = MEC_NO_CHANGE; 964 if (media_status != MS_TRAY_OPEN) { 965 if (s->media_event) { 966 event_code = MEC_NEW_MEDIA; 967 s->media_event = false; 968 } else if (s->eject_request) { 969 event_code = MEC_EJECT_REQUESTED; 970 s->eject_request = false; 971 } 972 } 973 974 outbuf[0] = event_code; 975 outbuf[1] = media_status; 976 977 /* These fields are reserved, just clear them. */ 978 outbuf[2] = 0; 979 outbuf[3] = 0; 980 return 4; 981 } 982 983 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 984 uint8_t *outbuf) 985 { 986 int size; 987 uint8_t *buf = r->req.cmd.buf; 988 uint8_t notification_class_request = buf[4]; 989 if (s->qdev.type != TYPE_ROM) { 990 return -1; 991 } 992 if ((buf[1] & 1) == 0) { 993 /* asynchronous */ 994 return -1; 995 } 996 997 size = 4; 998 outbuf[0] = outbuf[1] = 0; 999 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1000 if (notification_class_request & (1 << GESN_MEDIA)) { 1001 outbuf[2] = GESN_MEDIA; 1002 size += scsi_event_status_media(s, &outbuf[size]); 1003 } else { 1004 outbuf[2] = 0x80; 1005 } 1006 stw_be_p(outbuf, size - 4); 1007 return size; 1008 } 1009 1010 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1011 { 1012 int current; 1013 1014 if (s->qdev.type != TYPE_ROM) { 1015 return -1; 1016 } 1017 1018 if (media_is_dvd(s)) { 1019 current = MMC_PROFILE_DVD_ROM; 1020 } else if (media_is_cd(s)) { 1021 current = MMC_PROFILE_CD_ROM; 1022 } else { 1023 current = MMC_PROFILE_NONE; 1024 } 1025 1026 memset(outbuf, 0, 40); 1027 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1028 stw_be_p(&outbuf[6], current); 1029 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1030 outbuf[10] = 0x03; /* persistent, current */ 1031 outbuf[11] = 8; /* two profiles */ 1032 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1033 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1034 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1035 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1036 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1037 stw_be_p(&outbuf[20], 1); 1038 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1039 outbuf[23] = 8; 1040 stl_be_p(&outbuf[24], 1); /* SCSI */ 1041 outbuf[28] = 1; /* DBE = 1, mandatory */ 1042 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1043 stw_be_p(&outbuf[32], 3); 1044 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1045 outbuf[35] = 4; 1046 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1047 /* TODO: Random readable, CD read, DVD read, drive serial number, 1048 power management */ 1049 return 40; 1050 } 1051 1052 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1053 { 1054 if (s->qdev.type != TYPE_ROM) { 1055 return -1; 1056 } 1057 memset(outbuf, 0, 8); 1058 outbuf[5] = 1; /* CD-ROM */ 1059 return 8; 1060 } 1061 1062 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1063 int page_control) 1064 { 1065 static const int mode_sense_valid[0x3f] = { 1066 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1067 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1068 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1069 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1070 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1071 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1072 }; 1073 1074 uint8_t *p = *p_outbuf + 2; 1075 int length; 1076 1077 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1078 return -1; 1079 } 1080 1081 /* 1082 * If Changeable Values are requested, a mask denoting those mode parameters 1083 * that are changeable shall be returned. As we currently don't support 1084 * parameter changes via MODE_SELECT all bits are returned set to zero. 1085 * The buffer was already menset to zero by the caller of this function. 1086 * 1087 * The offsets here are off by two compared to the descriptions in the 1088 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1089 * but it is done so that offsets are consistent within our implementation 1090 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1091 * 2-byte and 4-byte headers. 1092 */ 1093 switch (page) { 1094 case MODE_PAGE_HD_GEOMETRY: 1095 length = 0x16; 1096 if (page_control == 1) { /* Changeable Values */ 1097 break; 1098 } 1099 /* if a geometry hint is available, use it */ 1100 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1101 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1102 p[2] = s->qdev.conf.cyls & 0xff; 1103 p[3] = s->qdev.conf.heads & 0xff; 1104 /* Write precomp start cylinder, disabled */ 1105 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1106 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1107 p[6] = s->qdev.conf.cyls & 0xff; 1108 /* Reduced current start cylinder, disabled */ 1109 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1110 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1111 p[9] = s->qdev.conf.cyls & 0xff; 1112 /* Device step rate [ns], 200ns */ 1113 p[10] = 0; 1114 p[11] = 200; 1115 /* Landing zone cylinder */ 1116 p[12] = 0xff; 1117 p[13] = 0xff; 1118 p[14] = 0xff; 1119 /* Medium rotation rate [rpm], 5400 rpm */ 1120 p[18] = (5400 >> 8) & 0xff; 1121 p[19] = 5400 & 0xff; 1122 break; 1123 1124 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1125 length = 0x1e; 1126 if (page_control == 1) { /* Changeable Values */ 1127 break; 1128 } 1129 /* Transfer rate [kbit/s], 5Mbit/s */ 1130 p[0] = 5000 >> 8; 1131 p[1] = 5000 & 0xff; 1132 /* if a geometry hint is available, use it */ 1133 p[2] = s->qdev.conf.heads & 0xff; 1134 p[3] = s->qdev.conf.secs & 0xff; 1135 p[4] = s->qdev.blocksize >> 8; 1136 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1137 p[7] = s->qdev.conf.cyls & 0xff; 1138 /* Write precomp start cylinder, disabled */ 1139 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1140 p[9] = s->qdev.conf.cyls & 0xff; 1141 /* Reduced current start cylinder, disabled */ 1142 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1143 p[11] = s->qdev.conf.cyls & 0xff; 1144 /* Device step rate [100us], 100us */ 1145 p[12] = 0; 1146 p[13] = 1; 1147 /* Device step pulse width [us], 1us */ 1148 p[14] = 1; 1149 /* Device head settle delay [100us], 100us */ 1150 p[15] = 0; 1151 p[16] = 1; 1152 /* Motor on delay [0.1s], 0.1s */ 1153 p[17] = 1; 1154 /* Motor off delay [0.1s], 0.1s */ 1155 p[18] = 1; 1156 /* Medium rotation rate [rpm], 5400 rpm */ 1157 p[26] = (5400 >> 8) & 0xff; 1158 p[27] = 5400 & 0xff; 1159 break; 1160 1161 case MODE_PAGE_CACHING: 1162 length = 0x12; 1163 if (page_control == 1 || /* Changeable Values */ 1164 blk_enable_write_cache(s->qdev.conf.blk)) { 1165 p[0] = 4; /* WCE */ 1166 } 1167 break; 1168 1169 case MODE_PAGE_R_W_ERROR: 1170 length = 10; 1171 if (page_control == 1) { /* Changeable Values */ 1172 break; 1173 } 1174 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1175 if (s->qdev.type == TYPE_ROM) { 1176 p[1] = 0x20; /* Read Retry Count */ 1177 } 1178 break; 1179 1180 case MODE_PAGE_AUDIO_CTL: 1181 length = 14; 1182 break; 1183 1184 case MODE_PAGE_CAPABILITIES: 1185 length = 0x14; 1186 if (page_control == 1) { /* Changeable Values */ 1187 break; 1188 } 1189 1190 p[0] = 0x3b; /* CD-R & CD-RW read */ 1191 p[1] = 0; /* Writing not supported */ 1192 p[2] = 0x7f; /* Audio, composite, digital out, 1193 mode 2 form 1&2, multi session */ 1194 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1195 RW corrected, C2 errors, ISRC, 1196 UPC, Bar code */ 1197 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1198 /* Locking supported, jumper present, eject, tray */ 1199 p[5] = 0; /* no volume & mute control, no 1200 changer */ 1201 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1202 p[7] = (50 * 176) & 0xff; 1203 p[8] = 2 >> 8; /* Two volume levels */ 1204 p[9] = 2 & 0xff; 1205 p[10] = 2048 >> 8; /* 2M buffer */ 1206 p[11] = 2048 & 0xff; 1207 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1208 p[13] = (16 * 176) & 0xff; 1209 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1210 p[17] = (16 * 176) & 0xff; 1211 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1212 p[19] = (16 * 176) & 0xff; 1213 break; 1214 1215 default: 1216 return -1; 1217 } 1218 1219 assert(length < 256); 1220 (*p_outbuf)[0] = page; 1221 (*p_outbuf)[1] = length; 1222 *p_outbuf += length + 2; 1223 return length + 2; 1224 } 1225 1226 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1227 { 1228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1229 uint64_t nb_sectors; 1230 bool dbd; 1231 int page, buflen, ret, page_control; 1232 uint8_t *p; 1233 uint8_t dev_specific_param; 1234 1235 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1236 page = r->req.cmd.buf[2] & 0x3f; 1237 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1238 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n", 1239 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control); 1240 memset(outbuf, 0, r->req.cmd.xfer); 1241 p = outbuf; 1242 1243 if (s->qdev.type == TYPE_DISK) { 1244 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1245 if (blk_is_read_only(s->qdev.conf.blk)) { 1246 dev_specific_param |= 0x80; /* Readonly. */ 1247 } 1248 } else { 1249 /* MMC prescribes that CD/DVD drives have no block descriptors, 1250 * and defines no device-specific parameter. */ 1251 dev_specific_param = 0x00; 1252 dbd = true; 1253 } 1254 1255 if (r->req.cmd.buf[0] == MODE_SENSE) { 1256 p[1] = 0; /* Default media type. */ 1257 p[2] = dev_specific_param; 1258 p[3] = 0; /* Block descriptor length. */ 1259 p += 4; 1260 } else { /* MODE_SENSE_10 */ 1261 p[2] = 0; /* Default media type. */ 1262 p[3] = dev_specific_param; 1263 p[6] = p[7] = 0; /* Block descriptor length. */ 1264 p += 8; 1265 } 1266 1267 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1268 if (!dbd && nb_sectors) { 1269 if (r->req.cmd.buf[0] == MODE_SENSE) { 1270 outbuf[3] = 8; /* Block descriptor length */ 1271 } else { /* MODE_SENSE_10 */ 1272 outbuf[7] = 8; /* Block descriptor length */ 1273 } 1274 nb_sectors /= (s->qdev.blocksize / 512); 1275 if (nb_sectors > 0xffffff) { 1276 nb_sectors = 0; 1277 } 1278 p[0] = 0; /* media density code */ 1279 p[1] = (nb_sectors >> 16) & 0xff; 1280 p[2] = (nb_sectors >> 8) & 0xff; 1281 p[3] = nb_sectors & 0xff; 1282 p[4] = 0; /* reserved */ 1283 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1284 p[6] = s->qdev.blocksize >> 8; 1285 p[7] = 0; 1286 p += 8; 1287 } 1288 1289 if (page_control == 3) { 1290 /* Saved Values */ 1291 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1292 return -1; 1293 } 1294 1295 if (page == 0x3f) { 1296 for (page = 0; page <= 0x3e; page++) { 1297 mode_sense_page(s, page, &p, page_control); 1298 } 1299 } else { 1300 ret = mode_sense_page(s, page, &p, page_control); 1301 if (ret == -1) { 1302 return -1; 1303 } 1304 } 1305 1306 buflen = p - outbuf; 1307 /* 1308 * The mode data length field specifies the length in bytes of the 1309 * following data that is available to be transferred. The mode data 1310 * length does not include itself. 1311 */ 1312 if (r->req.cmd.buf[0] == MODE_SENSE) { 1313 outbuf[0] = buflen - 1; 1314 } else { /* MODE_SENSE_10 */ 1315 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1316 outbuf[1] = (buflen - 2) & 0xff; 1317 } 1318 return buflen; 1319 } 1320 1321 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1322 { 1323 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1324 int start_track, format, msf, toclen; 1325 uint64_t nb_sectors; 1326 1327 msf = req->cmd.buf[1] & 2; 1328 format = req->cmd.buf[2] & 0xf; 1329 start_track = req->cmd.buf[6]; 1330 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1331 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 1332 nb_sectors /= s->qdev.blocksize / 512; 1333 switch (format) { 1334 case 0: 1335 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1336 break; 1337 case 1: 1338 /* multi session : only a single session defined */ 1339 toclen = 12; 1340 memset(outbuf, 0, 12); 1341 outbuf[1] = 0x0a; 1342 outbuf[2] = 0x01; 1343 outbuf[3] = 0x01; 1344 break; 1345 case 2: 1346 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1347 break; 1348 default: 1349 return -1; 1350 } 1351 return toclen; 1352 } 1353 1354 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1355 { 1356 SCSIRequest *req = &r->req; 1357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1358 bool start = req->cmd.buf[4] & 1; 1359 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1360 int pwrcnd = req->cmd.buf[4] & 0xf0; 1361 1362 if (pwrcnd) { 1363 /* eject/load only happens for power condition == 0 */ 1364 return 0; 1365 } 1366 1367 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1368 if (!start && !s->tray_open && s->tray_locked) { 1369 scsi_check_condition(r, 1370 blk_is_inserted(s->qdev.conf.blk) 1371 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1372 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1373 return -1; 1374 } 1375 1376 if (s->tray_open != !start) { 1377 blk_eject(s->qdev.conf.blk, !start); 1378 s->tray_open = !start; 1379 } 1380 } 1381 return 0; 1382 } 1383 1384 static void scsi_disk_emulate_read_data(SCSIRequest *req) 1385 { 1386 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1387 int buflen = r->iov.iov_len; 1388 1389 if (buflen) { 1390 DPRINTF("Read buf_len=%d\n", buflen); 1391 r->iov.iov_len = 0; 1392 r->started = true; 1393 scsi_req_data(&r->req, buflen); 1394 return; 1395 } 1396 1397 /* This also clears the sense buffer for REQUEST SENSE. */ 1398 scsi_req_complete(&r->req, GOOD); 1399 } 1400 1401 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1402 uint8_t *inbuf, int inlen) 1403 { 1404 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1405 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1406 uint8_t *p; 1407 int len, expected_len, changeable_len, i; 1408 1409 /* The input buffer does not include the page header, so it is 1410 * off by 2 bytes. 1411 */ 1412 expected_len = inlen + 2; 1413 if (expected_len > SCSI_MAX_MODE_LEN) { 1414 return -1; 1415 } 1416 1417 p = mode_current; 1418 memset(mode_current, 0, inlen + 2); 1419 len = mode_sense_page(s, page, &p, 0); 1420 if (len < 0 || len != expected_len) { 1421 return -1; 1422 } 1423 1424 p = mode_changeable; 1425 memset(mode_changeable, 0, inlen + 2); 1426 changeable_len = mode_sense_page(s, page, &p, 1); 1427 assert(changeable_len == len); 1428 1429 /* Check that unchangeable bits are the same as what MODE SENSE 1430 * would return. 1431 */ 1432 for (i = 2; i < len; i++) { 1433 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1434 return -1; 1435 } 1436 } 1437 return 0; 1438 } 1439 1440 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1441 { 1442 switch (page) { 1443 case MODE_PAGE_CACHING: 1444 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1445 break; 1446 1447 default: 1448 break; 1449 } 1450 } 1451 1452 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1453 { 1454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1455 1456 while (len > 0) { 1457 int page, subpage, page_len; 1458 1459 /* Parse both possible formats for the mode page headers. */ 1460 page = p[0] & 0x3f; 1461 if (p[0] & 0x40) { 1462 if (len < 4) { 1463 goto invalid_param_len; 1464 } 1465 subpage = p[1]; 1466 page_len = lduw_be_p(&p[2]); 1467 p += 4; 1468 len -= 4; 1469 } else { 1470 if (len < 2) { 1471 goto invalid_param_len; 1472 } 1473 subpage = 0; 1474 page_len = p[1]; 1475 p += 2; 1476 len -= 2; 1477 } 1478 1479 if (subpage) { 1480 goto invalid_param; 1481 } 1482 if (page_len > len) { 1483 goto invalid_param_len; 1484 } 1485 1486 if (!change) { 1487 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1488 goto invalid_param; 1489 } 1490 } else { 1491 scsi_disk_apply_mode_select(s, page, p); 1492 } 1493 1494 p += page_len; 1495 len -= page_len; 1496 } 1497 return 0; 1498 1499 invalid_param: 1500 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1501 return -1; 1502 1503 invalid_param_len: 1504 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1505 return -1; 1506 } 1507 1508 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1509 { 1510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1511 uint8_t *p = inbuf; 1512 int cmd = r->req.cmd.buf[0]; 1513 int len = r->req.cmd.xfer; 1514 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1515 int bd_len; 1516 int pass; 1517 1518 /* We only support PF=1, SP=0. */ 1519 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1520 goto invalid_field; 1521 } 1522 1523 if (len < hdr_len) { 1524 goto invalid_param_len; 1525 } 1526 1527 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1528 len -= hdr_len; 1529 p += hdr_len; 1530 if (len < bd_len) { 1531 goto invalid_param_len; 1532 } 1533 if (bd_len != 0 && bd_len != 8) { 1534 goto invalid_param; 1535 } 1536 1537 len -= bd_len; 1538 p += bd_len; 1539 1540 /* Ensure no change is made if there is an error! */ 1541 for (pass = 0; pass < 2; pass++) { 1542 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1543 assert(pass == 0); 1544 return; 1545 } 1546 } 1547 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1548 /* The request is used as the AIO opaque value, so add a ref. */ 1549 scsi_req_ref(&r->req); 1550 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1551 BLOCK_ACCT_FLUSH); 1552 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1553 return; 1554 } 1555 1556 scsi_req_complete(&r->req, GOOD); 1557 return; 1558 1559 invalid_param: 1560 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1561 return; 1562 1563 invalid_param_len: 1564 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1565 return; 1566 1567 invalid_field: 1568 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1569 } 1570 1571 static inline bool check_lba_range(SCSIDiskState *s, 1572 uint64_t sector_num, uint32_t nb_sectors) 1573 { 1574 /* 1575 * The first line tests that no overflow happens when computing the last 1576 * sector. The second line tests that the last accessed sector is in 1577 * range. 1578 * 1579 * Careful, the computations should not underflow for nb_sectors == 0, 1580 * and a 0-block read to the first LBA beyond the end of device is 1581 * valid. 1582 */ 1583 return (sector_num <= sector_num + nb_sectors && 1584 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1585 } 1586 1587 typedef struct UnmapCBData { 1588 SCSIDiskReq *r; 1589 uint8_t *inbuf; 1590 int count; 1591 } UnmapCBData; 1592 1593 static void scsi_unmap_complete(void *opaque, int ret); 1594 1595 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1596 { 1597 SCSIDiskReq *r = data->r; 1598 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1599 uint64_t sector_num; 1600 uint32_t nb_sectors; 1601 1602 assert(r->req.aiocb == NULL); 1603 1604 if (r->req.io_canceled) { 1605 scsi_req_cancel_complete(&r->req); 1606 goto done; 1607 } 1608 1609 if (ret < 0) { 1610 if (scsi_handle_rw_error(r, -ret, false)) { 1611 goto done; 1612 } 1613 } 1614 1615 if (data->count > 0) { 1616 sector_num = ldq_be_p(&data->inbuf[0]); 1617 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1618 if (!check_lba_range(s, sector_num, nb_sectors)) { 1619 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1620 goto done; 1621 } 1622 1623 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk, 1624 sector_num * (s->qdev.blocksize / 512), 1625 nb_sectors * (s->qdev.blocksize / 512), 1626 scsi_unmap_complete, data); 1627 data->count--; 1628 data->inbuf += 16; 1629 return; 1630 } 1631 1632 scsi_req_complete(&r->req, GOOD); 1633 1634 done: 1635 scsi_req_unref(&r->req); 1636 g_free(data); 1637 } 1638 1639 static void scsi_unmap_complete(void *opaque, int ret) 1640 { 1641 UnmapCBData *data = opaque; 1642 SCSIDiskReq *r = data->r; 1643 1644 assert(r->req.aiocb != NULL); 1645 r->req.aiocb = NULL; 1646 1647 scsi_unmap_complete_noio(data, ret); 1648 } 1649 1650 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1651 { 1652 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1653 uint8_t *p = inbuf; 1654 int len = r->req.cmd.xfer; 1655 UnmapCBData *data; 1656 1657 /* Reject ANCHOR=1. */ 1658 if (r->req.cmd.buf[1] & 0x1) { 1659 goto invalid_field; 1660 } 1661 1662 if (len < 8) { 1663 goto invalid_param_len; 1664 } 1665 if (len < lduw_be_p(&p[0]) + 2) { 1666 goto invalid_param_len; 1667 } 1668 if (len < lduw_be_p(&p[2]) + 8) { 1669 goto invalid_param_len; 1670 } 1671 if (lduw_be_p(&p[2]) & 15) { 1672 goto invalid_param_len; 1673 } 1674 1675 if (blk_is_read_only(s->qdev.conf.blk)) { 1676 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1677 return; 1678 } 1679 1680 data = g_new0(UnmapCBData, 1); 1681 data->r = r; 1682 data->inbuf = &p[8]; 1683 data->count = lduw_be_p(&p[2]) >> 4; 1684 1685 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1686 scsi_req_ref(&r->req); 1687 scsi_unmap_complete_noio(data, 0); 1688 return; 1689 1690 invalid_param_len: 1691 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1692 return; 1693 1694 invalid_field: 1695 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1696 } 1697 1698 typedef struct WriteSameCBData { 1699 SCSIDiskReq *r; 1700 int64_t sector; 1701 int nb_sectors; 1702 QEMUIOVector qiov; 1703 struct iovec iov; 1704 } WriteSameCBData; 1705 1706 static void scsi_write_same_complete(void *opaque, int ret) 1707 { 1708 WriteSameCBData *data = opaque; 1709 SCSIDiskReq *r = data->r; 1710 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1711 1712 assert(r->req.aiocb != NULL); 1713 r->req.aiocb = NULL; 1714 if (r->req.io_canceled) { 1715 scsi_req_cancel_complete(&r->req); 1716 goto done; 1717 } 1718 1719 if (ret < 0) { 1720 if (scsi_handle_rw_error(r, -ret, true)) { 1721 goto done; 1722 } 1723 } 1724 1725 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1726 1727 data->nb_sectors -= data->iov.iov_len / 512; 1728 data->sector += data->iov.iov_len / 512; 1729 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); 1730 if (data->iov.iov_len) { 1731 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1732 data->iov.iov_len, BLOCK_ACCT_WRITE); 1733 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1734 * where final qiov may need smaller size */ 1735 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1736 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1737 data->sector << BDRV_SECTOR_BITS, 1738 &data->qiov, 0, 1739 scsi_write_same_complete, data); 1740 return; 1741 } 1742 1743 scsi_req_complete(&r->req, GOOD); 1744 1745 done: 1746 scsi_req_unref(&r->req); 1747 qemu_vfree(data->iov.iov_base); 1748 g_free(data); 1749 } 1750 1751 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1752 { 1753 SCSIRequest *req = &r->req; 1754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1755 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1756 WriteSameCBData *data; 1757 uint8_t *buf; 1758 int i; 1759 1760 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1761 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1762 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1763 return; 1764 } 1765 1766 if (blk_is_read_only(s->qdev.conf.blk)) { 1767 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1768 return; 1769 } 1770 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1771 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1772 return; 1773 } 1774 1775 if (buffer_is_zero(inbuf, s->qdev.blocksize)) { 1776 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1777 1778 /* The request is used as the AIO opaque value, so add a ref. */ 1779 scsi_req_ref(&r->req); 1780 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1781 nb_sectors * s->qdev.blocksize, 1782 BLOCK_ACCT_WRITE); 1783 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1784 r->req.cmd.lba * s->qdev.blocksize, 1785 nb_sectors * s->qdev.blocksize, 1786 flags, scsi_aio_complete, r); 1787 return; 1788 } 1789 1790 data = g_new0(WriteSameCBData, 1); 1791 data->r = r; 1792 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 1793 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); 1794 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); 1795 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1796 data->iov.iov_len); 1797 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1798 1799 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1800 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1801 } 1802 1803 scsi_req_ref(&r->req); 1804 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1805 data->iov.iov_len, BLOCK_ACCT_WRITE); 1806 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1807 data->sector << BDRV_SECTOR_BITS, 1808 &data->qiov, 0, 1809 scsi_write_same_complete, data); 1810 } 1811 1812 static void scsi_disk_emulate_write_data(SCSIRequest *req) 1813 { 1814 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1815 1816 if (r->iov.iov_len) { 1817 int buflen = r->iov.iov_len; 1818 DPRINTF("Write buf_len=%d\n", buflen); 1819 r->iov.iov_len = 0; 1820 scsi_req_data(&r->req, buflen); 1821 return; 1822 } 1823 1824 switch (req->cmd.buf[0]) { 1825 case MODE_SELECT: 1826 case MODE_SELECT_10: 1827 /* This also clears the sense buffer for REQUEST SENSE. */ 1828 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1829 break; 1830 1831 case UNMAP: 1832 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1833 break; 1834 1835 case VERIFY_10: 1836 case VERIFY_12: 1837 case VERIFY_16: 1838 if (r->req.status == -1) { 1839 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1840 } 1841 break; 1842 1843 case WRITE_SAME_10: 1844 case WRITE_SAME_16: 1845 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1846 break; 1847 1848 default: 1849 abort(); 1850 } 1851 } 1852 1853 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1854 { 1855 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1856 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1857 uint64_t nb_sectors; 1858 uint8_t *outbuf; 1859 int buflen; 1860 1861 switch (req->cmd.buf[0]) { 1862 case INQUIRY: 1863 case MODE_SENSE: 1864 case MODE_SENSE_10: 1865 case RESERVE: 1866 case RESERVE_10: 1867 case RELEASE: 1868 case RELEASE_10: 1869 case START_STOP: 1870 case ALLOW_MEDIUM_REMOVAL: 1871 case GET_CONFIGURATION: 1872 case GET_EVENT_STATUS_NOTIFICATION: 1873 case MECHANISM_STATUS: 1874 case REQUEST_SENSE: 1875 break; 1876 1877 default: 1878 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 1879 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1880 return 0; 1881 } 1882 break; 1883 } 1884 1885 /* 1886 * FIXME: we shouldn't return anything bigger than 4k, but the code 1887 * requires the buffer to be as big as req->cmd.xfer in several 1888 * places. So, do not allow CDBs with a very large ALLOCATION 1889 * LENGTH. The real fix would be to modify scsi_read_data and 1890 * dma_buf_read, so that they return data beyond the buflen 1891 * as all zeros. 1892 */ 1893 if (req->cmd.xfer > 65536) { 1894 goto illegal_request; 1895 } 1896 r->buflen = MAX(4096, req->cmd.xfer); 1897 1898 if (!r->iov.iov_base) { 1899 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1900 } 1901 1902 buflen = req->cmd.xfer; 1903 outbuf = r->iov.iov_base; 1904 memset(outbuf, 0, r->buflen); 1905 switch (req->cmd.buf[0]) { 1906 case TEST_UNIT_READY: 1907 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk)); 1908 break; 1909 case INQUIRY: 1910 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1911 if (buflen < 0) { 1912 goto illegal_request; 1913 } 1914 break; 1915 case MODE_SENSE: 1916 case MODE_SENSE_10: 1917 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1918 if (buflen < 0) { 1919 goto illegal_request; 1920 } 1921 break; 1922 case READ_TOC: 1923 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1924 if (buflen < 0) { 1925 goto illegal_request; 1926 } 1927 break; 1928 case RESERVE: 1929 if (req->cmd.buf[1] & 1) { 1930 goto illegal_request; 1931 } 1932 break; 1933 case RESERVE_10: 1934 if (req->cmd.buf[1] & 3) { 1935 goto illegal_request; 1936 } 1937 break; 1938 case RELEASE: 1939 if (req->cmd.buf[1] & 1) { 1940 goto illegal_request; 1941 } 1942 break; 1943 case RELEASE_10: 1944 if (req->cmd.buf[1] & 3) { 1945 goto illegal_request; 1946 } 1947 break; 1948 case START_STOP: 1949 if (scsi_disk_emulate_start_stop(r) < 0) { 1950 return 0; 1951 } 1952 break; 1953 case ALLOW_MEDIUM_REMOVAL: 1954 s->tray_locked = req->cmd.buf[4] & 1; 1955 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1956 break; 1957 case READ_CAPACITY_10: 1958 /* The normal LEN field for this command is zero. */ 1959 memset(outbuf, 0, 8); 1960 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1961 if (!nb_sectors) { 1962 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1963 return 0; 1964 } 1965 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1966 goto illegal_request; 1967 } 1968 nb_sectors /= s->qdev.blocksize / 512; 1969 /* Returned value is the address of the last sector. */ 1970 nb_sectors--; 1971 /* Remember the new size for read/write sanity checking. */ 1972 s->qdev.max_lba = nb_sectors; 1973 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1974 if (nb_sectors > UINT32_MAX) { 1975 nb_sectors = UINT32_MAX; 1976 } 1977 outbuf[0] = (nb_sectors >> 24) & 0xff; 1978 outbuf[1] = (nb_sectors >> 16) & 0xff; 1979 outbuf[2] = (nb_sectors >> 8) & 0xff; 1980 outbuf[3] = nb_sectors & 0xff; 1981 outbuf[4] = 0; 1982 outbuf[5] = 0; 1983 outbuf[6] = s->qdev.blocksize >> 8; 1984 outbuf[7] = 0; 1985 break; 1986 case REQUEST_SENSE: 1987 /* Just return "NO SENSE". */ 1988 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen, 1989 (req->cmd.buf[1] & 1) == 0); 1990 if (buflen < 0) { 1991 goto illegal_request; 1992 } 1993 break; 1994 case MECHANISM_STATUS: 1995 buflen = scsi_emulate_mechanism_status(s, outbuf); 1996 if (buflen < 0) { 1997 goto illegal_request; 1998 } 1999 break; 2000 case GET_CONFIGURATION: 2001 buflen = scsi_get_configuration(s, outbuf); 2002 if (buflen < 0) { 2003 goto illegal_request; 2004 } 2005 break; 2006 case GET_EVENT_STATUS_NOTIFICATION: 2007 buflen = scsi_get_event_status_notification(s, r, outbuf); 2008 if (buflen < 0) { 2009 goto illegal_request; 2010 } 2011 break; 2012 case READ_DISC_INFORMATION: 2013 buflen = scsi_read_disc_information(s, r, outbuf); 2014 if (buflen < 0) { 2015 goto illegal_request; 2016 } 2017 break; 2018 case READ_DVD_STRUCTURE: 2019 buflen = scsi_read_dvd_structure(s, r, outbuf); 2020 if (buflen < 0) { 2021 goto illegal_request; 2022 } 2023 break; 2024 case SERVICE_ACTION_IN_16: 2025 /* Service Action In subcommands. */ 2026 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2027 DPRINTF("SAI READ CAPACITY(16)\n"); 2028 memset(outbuf, 0, req->cmd.xfer); 2029 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2030 if (!nb_sectors) { 2031 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2032 return 0; 2033 } 2034 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2035 goto illegal_request; 2036 } 2037 nb_sectors /= s->qdev.blocksize / 512; 2038 /* Returned value is the address of the last sector. */ 2039 nb_sectors--; 2040 /* Remember the new size for read/write sanity checking. */ 2041 s->qdev.max_lba = nb_sectors; 2042 outbuf[0] = (nb_sectors >> 56) & 0xff; 2043 outbuf[1] = (nb_sectors >> 48) & 0xff; 2044 outbuf[2] = (nb_sectors >> 40) & 0xff; 2045 outbuf[3] = (nb_sectors >> 32) & 0xff; 2046 outbuf[4] = (nb_sectors >> 24) & 0xff; 2047 outbuf[5] = (nb_sectors >> 16) & 0xff; 2048 outbuf[6] = (nb_sectors >> 8) & 0xff; 2049 outbuf[7] = nb_sectors & 0xff; 2050 outbuf[8] = 0; 2051 outbuf[9] = 0; 2052 outbuf[10] = s->qdev.blocksize >> 8; 2053 outbuf[11] = 0; 2054 outbuf[12] = 0; 2055 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2056 2057 /* set TPE bit if the format supports discard */ 2058 if (s->qdev.conf.discard_granularity) { 2059 outbuf[14] = 0x80; 2060 } 2061 2062 /* Protection, exponent and lowest lba field left blank. */ 2063 break; 2064 } 2065 DPRINTF("Unsupported Service Action In\n"); 2066 goto illegal_request; 2067 case SYNCHRONIZE_CACHE: 2068 /* The request is used as the AIO opaque value, so add a ref. */ 2069 scsi_req_ref(&r->req); 2070 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2071 BLOCK_ACCT_FLUSH); 2072 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2073 return 0; 2074 case SEEK_10: 2075 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba); 2076 if (r->req.cmd.lba > s->qdev.max_lba) { 2077 goto illegal_lba; 2078 } 2079 break; 2080 case MODE_SELECT: 2081 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); 2082 break; 2083 case MODE_SELECT_10: 2084 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); 2085 break; 2086 case UNMAP: 2087 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); 2088 break; 2089 case VERIFY_10: 2090 case VERIFY_12: 2091 case VERIFY_16: 2092 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3); 2093 if (req->cmd.buf[1] & 6) { 2094 goto illegal_request; 2095 } 2096 break; 2097 case WRITE_SAME_10: 2098 case WRITE_SAME_16: 2099 DPRINTF("WRITE SAME %d (len %lu)\n", 2100 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, 2101 (long)r->req.cmd.xfer); 2102 break; 2103 default: 2104 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], 2105 scsi_command_name(buf[0])); 2106 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2107 return 0; 2108 } 2109 assert(!r->req.aiocb); 2110 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2111 if (r->iov.iov_len == 0) { 2112 scsi_req_complete(&r->req, GOOD); 2113 } 2114 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2115 assert(r->iov.iov_len == req->cmd.xfer); 2116 return -r->iov.iov_len; 2117 } else { 2118 return r->iov.iov_len; 2119 } 2120 2121 illegal_request: 2122 if (r->req.status == -1) { 2123 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2124 } 2125 return 0; 2126 2127 illegal_lba: 2128 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2129 return 0; 2130 } 2131 2132 /* Execute a scsi command. Returns the length of the data expected by the 2133 command. This will be Positive for data transfers from the device 2134 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2135 and zero if the command does not transfer any data. */ 2136 2137 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2138 { 2139 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2141 uint32_t len; 2142 uint8_t command; 2143 2144 command = buf[0]; 2145 2146 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) { 2147 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2148 return 0; 2149 } 2150 2151 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2152 switch (command) { 2153 case READ_6: 2154 case READ_10: 2155 case READ_12: 2156 case READ_16: 2157 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len); 2158 if (r->req.cmd.buf[1] & 0xe0) { 2159 goto illegal_request; 2160 } 2161 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2162 goto illegal_lba; 2163 } 2164 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2165 r->sector_count = len * (s->qdev.blocksize / 512); 2166 break; 2167 case WRITE_6: 2168 case WRITE_10: 2169 case WRITE_12: 2170 case WRITE_16: 2171 case WRITE_VERIFY_10: 2172 case WRITE_VERIFY_12: 2173 case WRITE_VERIFY_16: 2174 if (blk_is_read_only(s->qdev.conf.blk)) { 2175 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2176 return 0; 2177 } 2178 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", 2179 (command & 0xe) == 0xe ? "And Verify " : "", 2180 r->req.cmd.lba, len); 2181 if (r->req.cmd.buf[1] & 0xe0) { 2182 goto illegal_request; 2183 } 2184 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2185 goto illegal_lba; 2186 } 2187 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); 2188 r->sector_count = len * (s->qdev.blocksize / 512); 2189 break; 2190 default: 2191 abort(); 2192 illegal_request: 2193 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2194 return 0; 2195 illegal_lba: 2196 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2197 return 0; 2198 } 2199 if (r->sector_count == 0) { 2200 scsi_req_complete(&r->req, GOOD); 2201 } 2202 assert(r->iov.iov_len == 0); 2203 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2204 return -r->sector_count * 512; 2205 } else { 2206 return r->sector_count * 512; 2207 } 2208 } 2209 2210 static void scsi_disk_reset(DeviceState *dev) 2211 { 2212 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2213 uint64_t nb_sectors; 2214 2215 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2216 2217 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2218 nb_sectors /= s->qdev.blocksize / 512; 2219 if (nb_sectors) { 2220 nb_sectors--; 2221 } 2222 s->qdev.max_lba = nb_sectors; 2223 /* reset tray statuses */ 2224 s->tray_locked = 0; 2225 s->tray_open = 0; 2226 } 2227 2228 static void scsi_disk_resize_cb(void *opaque) 2229 { 2230 SCSIDiskState *s = opaque; 2231 2232 /* SPC lists this sense code as available only for 2233 * direct-access devices. 2234 */ 2235 if (s->qdev.type == TYPE_DISK) { 2236 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2237 } 2238 } 2239 2240 static void scsi_cd_change_media_cb(void *opaque, bool load) 2241 { 2242 SCSIDiskState *s = opaque; 2243 2244 /* 2245 * When a CD gets changed, we have to report an ejected state and 2246 * then a loaded state to guests so that they detect tray 2247 * open/close and media change events. Guests that do not use 2248 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2249 * states rely on this behavior. 2250 * 2251 * media_changed governs the state machine used for unit attention 2252 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2253 */ 2254 s->media_changed = load; 2255 s->tray_open = !load; 2256 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2257 s->media_event = true; 2258 s->eject_request = false; 2259 } 2260 2261 static void scsi_cd_eject_request_cb(void *opaque, bool force) 2262 { 2263 SCSIDiskState *s = opaque; 2264 2265 s->eject_request = true; 2266 if (force) { 2267 s->tray_locked = false; 2268 } 2269 } 2270 2271 static bool scsi_cd_is_tray_open(void *opaque) 2272 { 2273 return ((SCSIDiskState *)opaque)->tray_open; 2274 } 2275 2276 static bool scsi_cd_is_medium_locked(void *opaque) 2277 { 2278 return ((SCSIDiskState *)opaque)->tray_locked; 2279 } 2280 2281 static const BlockDevOps scsi_disk_removable_block_ops = { 2282 .change_media_cb = scsi_cd_change_media_cb, 2283 .eject_request_cb = scsi_cd_eject_request_cb, 2284 .is_tray_open = scsi_cd_is_tray_open, 2285 .is_medium_locked = scsi_cd_is_medium_locked, 2286 2287 .resize_cb = scsi_disk_resize_cb, 2288 }; 2289 2290 static const BlockDevOps scsi_disk_block_ops = { 2291 .resize_cb = scsi_disk_resize_cb, 2292 }; 2293 2294 static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2295 { 2296 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2297 if (s->media_changed) { 2298 s->media_changed = false; 2299 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2300 } 2301 } 2302 2303 static void scsi_realize(SCSIDevice *dev, Error **errp) 2304 { 2305 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2306 Error *err = NULL; 2307 2308 if (!s->qdev.conf.blk) { 2309 error_setg(errp, "drive property not set"); 2310 return; 2311 } 2312 2313 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2314 !blk_is_inserted(s->qdev.conf.blk)) { 2315 error_setg(errp, "Device needs media, but drive is empty"); 2316 return; 2317 } 2318 2319 blkconf_serial(&s->qdev.conf, &s->serial); 2320 blkconf_blocksizes(&s->qdev.conf); 2321 if (dev->type == TYPE_DISK) { 2322 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err); 2323 if (err) { 2324 error_propagate(errp, err); 2325 return; 2326 } 2327 } 2328 2329 if (s->qdev.conf.discard_granularity == -1) { 2330 s->qdev.conf.discard_granularity = 2331 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2332 } 2333 2334 if (!s->version) { 2335 s->version = g_strdup(qemu_hw_version()); 2336 } 2337 if (!s->vendor) { 2338 s->vendor = g_strdup("QEMU"); 2339 } 2340 2341 if (blk_is_sg(s->qdev.conf.blk)) { 2342 error_setg(errp, "unwanted /dev/sg*"); 2343 return; 2344 } 2345 2346 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2347 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2349 } else { 2350 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2351 } 2352 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2353 2354 blk_iostatus_enable(s->qdev.conf.blk); 2355 } 2356 2357 static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2358 { 2359 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2360 /* can happen for devices without drive. The error message for missing 2361 * backend will be issued in scsi_realize 2362 */ 2363 if (s->qdev.conf.blk) { 2364 blkconf_blocksizes(&s->qdev.conf); 2365 } 2366 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2367 s->qdev.type = TYPE_DISK; 2368 if (!s->product) { 2369 s->product = g_strdup("QEMU HARDDISK"); 2370 } 2371 scsi_realize(&s->qdev, errp); 2372 } 2373 2374 static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2375 { 2376 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2377 s->qdev.blocksize = 2048; 2378 s->qdev.type = TYPE_ROM; 2379 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2380 if (!s->product) { 2381 s->product = g_strdup("QEMU CD-ROM"); 2382 } 2383 scsi_realize(&s->qdev, errp); 2384 } 2385 2386 static void scsi_disk_realize(SCSIDevice *dev, Error **errp) 2387 { 2388 DriveInfo *dinfo; 2389 Error *local_err = NULL; 2390 2391 if (!dev->conf.blk) { 2392 scsi_realize(dev, &local_err); 2393 assert(local_err); 2394 error_propagate(errp, local_err); 2395 return; 2396 } 2397 2398 dinfo = blk_legacy_dinfo(dev->conf.blk); 2399 if (dinfo && dinfo->media_cd) { 2400 scsi_cd_realize(dev, errp); 2401 } else { 2402 scsi_hd_realize(dev, errp); 2403 } 2404 } 2405 2406 static const SCSIReqOps scsi_disk_emulate_reqops = { 2407 .size = sizeof(SCSIDiskReq), 2408 .free_req = scsi_free_request, 2409 .send_command = scsi_disk_emulate_command, 2410 .read_data = scsi_disk_emulate_read_data, 2411 .write_data = scsi_disk_emulate_write_data, 2412 .get_buf = scsi_get_buf, 2413 }; 2414 2415 static const SCSIReqOps scsi_disk_dma_reqops = { 2416 .size = sizeof(SCSIDiskReq), 2417 .free_req = scsi_free_request, 2418 .send_command = scsi_disk_dma_command, 2419 .read_data = scsi_read_data, 2420 .write_data = scsi_write_data, 2421 .get_buf = scsi_get_buf, 2422 .load_request = scsi_disk_load_request, 2423 .save_request = scsi_disk_save_request, 2424 }; 2425 2426 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2427 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2428 [INQUIRY] = &scsi_disk_emulate_reqops, 2429 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2430 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2431 [START_STOP] = &scsi_disk_emulate_reqops, 2432 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2433 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2434 [READ_TOC] = &scsi_disk_emulate_reqops, 2435 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2436 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2437 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2438 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2439 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2440 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2441 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2442 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2443 [SEEK_10] = &scsi_disk_emulate_reqops, 2444 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2445 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2446 [UNMAP] = &scsi_disk_emulate_reqops, 2447 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2448 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2449 [VERIFY_10] = &scsi_disk_emulate_reqops, 2450 [VERIFY_12] = &scsi_disk_emulate_reqops, 2451 [VERIFY_16] = &scsi_disk_emulate_reqops, 2452 2453 [READ_6] = &scsi_disk_dma_reqops, 2454 [READ_10] = &scsi_disk_dma_reqops, 2455 [READ_12] = &scsi_disk_dma_reqops, 2456 [READ_16] = &scsi_disk_dma_reqops, 2457 [WRITE_6] = &scsi_disk_dma_reqops, 2458 [WRITE_10] = &scsi_disk_dma_reqops, 2459 [WRITE_12] = &scsi_disk_dma_reqops, 2460 [WRITE_16] = &scsi_disk_dma_reqops, 2461 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2462 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2463 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2464 }; 2465 2466 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2467 uint8_t *buf, void *hba_private) 2468 { 2469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2470 SCSIRequest *req; 2471 const SCSIReqOps *ops; 2472 uint8_t command; 2473 2474 command = buf[0]; 2475 ops = scsi_disk_reqops_dispatch[command]; 2476 if (!ops) { 2477 ops = &scsi_disk_emulate_reqops; 2478 } 2479 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2480 2481 #ifdef DEBUG_SCSI 2482 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 2483 { 2484 int i; 2485 for (i = 1; i < scsi_cdb_length(buf); i++) { 2486 printf(" 0x%02x", buf[i]); 2487 } 2488 printf("\n"); 2489 } 2490 #endif 2491 2492 return req; 2493 } 2494 2495 #ifdef __linux__ 2496 static int get_device_type(SCSIDiskState *s) 2497 { 2498 uint8_t cmd[16]; 2499 uint8_t buf[36]; 2500 uint8_t sensebuf[8]; 2501 sg_io_hdr_t io_header; 2502 int ret; 2503 2504 memset(cmd, 0, sizeof(cmd)); 2505 memset(buf, 0, sizeof(buf)); 2506 cmd[0] = INQUIRY; 2507 cmd[4] = sizeof(buf); 2508 2509 memset(&io_header, 0, sizeof(io_header)); 2510 io_header.interface_id = 'S'; 2511 io_header.dxfer_direction = SG_DXFER_FROM_DEV; 2512 io_header.dxfer_len = sizeof(buf); 2513 io_header.dxferp = buf; 2514 io_header.cmdp = cmd; 2515 io_header.cmd_len = sizeof(cmd); 2516 io_header.mx_sb_len = sizeof(sensebuf); 2517 io_header.sbp = sensebuf; 2518 io_header.timeout = 6000; /* XXX */ 2519 2520 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header); 2521 if (ret < 0 || io_header.driver_status || io_header.host_status) { 2522 return -1; 2523 } 2524 s->qdev.type = buf[0]; 2525 if (buf[1] & 0x80) { 2526 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2527 } 2528 return 0; 2529 } 2530 2531 static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2532 { 2533 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2534 int sg_version; 2535 int rc; 2536 2537 if (!s->qdev.conf.blk) { 2538 error_setg(errp, "drive property not set"); 2539 return; 2540 } 2541 2542 /* check we are using a driver managing SG_IO (version 3 and after) */ 2543 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2544 if (rc < 0) { 2545 error_setg(errp, "cannot get SG_IO version number: %s. " 2546 "Is this a SCSI device?", 2547 strerror(-rc)); 2548 return; 2549 } 2550 if (sg_version < 30000) { 2551 error_setg(errp, "scsi generic interface too old"); 2552 return; 2553 } 2554 2555 /* get device type from INQUIRY data */ 2556 rc = get_device_type(s); 2557 if (rc < 0) { 2558 error_setg(errp, "INQUIRY failed"); 2559 return; 2560 } 2561 2562 /* Make a guess for the block size, we'll fix it when the guest sends. 2563 * READ CAPACITY. If they don't, they likely would assume these sizes 2564 * anyway. (TODO: check in /sys). 2565 */ 2566 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2567 s->qdev.blocksize = 2048; 2568 } else { 2569 s->qdev.blocksize = 512; 2570 } 2571 2572 /* Makes the scsi-block device not removable by using HMP and QMP eject 2573 * command. 2574 */ 2575 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2576 2577 scsi_realize(&s->qdev, errp); 2578 scsi_generic_read_device_identification(&s->qdev); 2579 } 2580 2581 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2582 { 2583 switch (buf[0]) { 2584 case READ_6: 2585 case READ_10: 2586 case READ_12: 2587 case READ_16: 2588 case VERIFY_10: 2589 case VERIFY_12: 2590 case VERIFY_16: 2591 case WRITE_6: 2592 case WRITE_10: 2593 case WRITE_12: 2594 case WRITE_16: 2595 case WRITE_VERIFY_10: 2596 case WRITE_VERIFY_12: 2597 case WRITE_VERIFY_16: 2598 /* If we are not using O_DIRECT, we might read stale data from the 2599 * host cache if writes were made using other commands than these 2600 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without 2601 * O_DIRECT everything must go through SG_IO. 2602 */ 2603 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) { 2604 break; 2605 } 2606 2607 /* MMC writing cannot be done via pread/pwrite, because it sometimes 2608 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2609 * And once you do these writes, reading from the block device is 2610 * unreliable, too. It is even possible that reads deliver random data 2611 * from the host page cache (this is probably a Linux bug). 2612 * 2613 * We might use scsi_disk_dma_reqops as long as no writing commands are 2614 * seen, but performance usually isn't paramount on optical media. So, 2615 * just make scsi-block operate the same as scsi-generic for them. 2616 */ 2617 if (s->qdev.type != TYPE_ROM) { 2618 return false; 2619 } 2620 break; 2621 2622 default: 2623 break; 2624 } 2625 2626 return true; 2627 } 2628 2629 2630 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2631 uint32_t lun, uint8_t *buf, 2632 void *hba_private) 2633 { 2634 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2635 2636 if (scsi_block_is_passthrough(s, buf)) { 2637 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2638 hba_private); 2639 } else { 2640 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun, 2641 hba_private); 2642 } 2643 } 2644 2645 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2646 uint8_t *buf, void *hba_private) 2647 { 2648 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2649 2650 if (scsi_block_is_passthrough(s, buf)) { 2651 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2652 } else { 2653 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2654 } 2655 } 2656 2657 #endif 2658 2659 #define DEFINE_SCSI_DISK_PROPERTIES() \ 2660 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \ 2661 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 2662 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 2663 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 2664 DEFINE_PROP_STRING("product", SCSIDiskState, product) 2665 2666 static Property scsi_hd_properties[] = { 2667 DEFINE_SCSI_DISK_PROPERTIES(), 2668 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2669 SCSI_DISK_F_REMOVABLE, false), 2670 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2671 SCSI_DISK_F_DPOFUA, false), 2672 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2673 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2674 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2675 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2676 DEFAULT_MAX_UNMAP_SIZE), 2677 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2678 DEFAULT_MAX_IO_SIZE), 2679 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 2680 DEFINE_PROP_END_OF_LIST(), 2681 }; 2682 2683 static const VMStateDescription vmstate_scsi_disk_state = { 2684 .name = "scsi-disk", 2685 .version_id = 1, 2686 .minimum_version_id = 1, 2687 .fields = (VMStateField[]) { 2688 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 2689 VMSTATE_BOOL(media_changed, SCSIDiskState), 2690 VMSTATE_BOOL(media_event, SCSIDiskState), 2691 VMSTATE_BOOL(eject_request, SCSIDiskState), 2692 VMSTATE_BOOL(tray_open, SCSIDiskState), 2693 VMSTATE_BOOL(tray_locked, SCSIDiskState), 2694 VMSTATE_END_OF_LIST() 2695 } 2696 }; 2697 2698 static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 2699 { 2700 DeviceClass *dc = DEVICE_CLASS(klass); 2701 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2702 2703 sc->realize = scsi_hd_realize; 2704 sc->alloc_req = scsi_new_request; 2705 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2706 dc->fw_name = "disk"; 2707 dc->desc = "virtual SCSI disk"; 2708 dc->reset = scsi_disk_reset; 2709 dc->props = scsi_hd_properties; 2710 dc->vmsd = &vmstate_scsi_disk_state; 2711 } 2712 2713 static const TypeInfo scsi_hd_info = { 2714 .name = "scsi-hd", 2715 .parent = TYPE_SCSI_DEVICE, 2716 .instance_size = sizeof(SCSIDiskState), 2717 .class_init = scsi_hd_class_initfn, 2718 }; 2719 2720 static Property scsi_cd_properties[] = { 2721 DEFINE_SCSI_DISK_PROPERTIES(), 2722 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2723 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2724 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2725 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2726 DEFAULT_MAX_IO_SIZE), 2727 DEFINE_PROP_END_OF_LIST(), 2728 }; 2729 2730 static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 2731 { 2732 DeviceClass *dc = DEVICE_CLASS(klass); 2733 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2734 2735 sc->realize = scsi_cd_realize; 2736 sc->alloc_req = scsi_new_request; 2737 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2738 dc->fw_name = "disk"; 2739 dc->desc = "virtual SCSI CD-ROM"; 2740 dc->reset = scsi_disk_reset; 2741 dc->props = scsi_cd_properties; 2742 dc->vmsd = &vmstate_scsi_disk_state; 2743 } 2744 2745 static const TypeInfo scsi_cd_info = { 2746 .name = "scsi-cd", 2747 .parent = TYPE_SCSI_DEVICE, 2748 .instance_size = sizeof(SCSIDiskState), 2749 .class_init = scsi_cd_class_initfn, 2750 }; 2751 2752 #ifdef __linux__ 2753 static Property scsi_block_properties[] = { 2754 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 2755 DEFINE_PROP_END_OF_LIST(), 2756 }; 2757 2758 static void scsi_block_class_initfn(ObjectClass *klass, void *data) 2759 { 2760 DeviceClass *dc = DEVICE_CLASS(klass); 2761 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2762 2763 sc->realize = scsi_block_realize; 2764 sc->alloc_req = scsi_block_new_request; 2765 sc->parse_cdb = scsi_block_parse_cdb; 2766 dc->fw_name = "disk"; 2767 dc->desc = "SCSI block device passthrough"; 2768 dc->reset = scsi_disk_reset; 2769 dc->props = scsi_block_properties; 2770 dc->vmsd = &vmstate_scsi_disk_state; 2771 } 2772 2773 static const TypeInfo scsi_block_info = { 2774 .name = "scsi-block", 2775 .parent = TYPE_SCSI_DEVICE, 2776 .instance_size = sizeof(SCSIDiskState), 2777 .class_init = scsi_block_class_initfn, 2778 }; 2779 #endif 2780 2781 static Property scsi_disk_properties[] = { 2782 DEFINE_SCSI_DISK_PROPERTIES(), 2783 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 2784 SCSI_DISK_F_REMOVABLE, false), 2785 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 2786 SCSI_DISK_F_DPOFUA, false), 2787 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 2788 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 2789 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 2790 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 2791 DEFAULT_MAX_UNMAP_SIZE), 2792 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 2793 DEFAULT_MAX_IO_SIZE), 2794 DEFINE_PROP_END_OF_LIST(), 2795 }; 2796 2797 static void scsi_disk_class_initfn(ObjectClass *klass, void *data) 2798 { 2799 DeviceClass *dc = DEVICE_CLASS(klass); 2800 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 2801 2802 sc->realize = scsi_disk_realize; 2803 sc->alloc_req = scsi_new_request; 2804 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 2805 dc->fw_name = "disk"; 2806 dc->desc = "virtual SCSI disk or CD-ROM (legacy)"; 2807 dc->reset = scsi_disk_reset; 2808 dc->props = scsi_disk_properties; 2809 dc->vmsd = &vmstate_scsi_disk_state; 2810 } 2811 2812 static const TypeInfo scsi_disk_info = { 2813 .name = "scsi-disk", 2814 .parent = TYPE_SCSI_DEVICE, 2815 .instance_size = sizeof(SCSIDiskState), 2816 .class_init = scsi_disk_class_initfn, 2817 }; 2818 2819 static void scsi_disk_register_types(void) 2820 { 2821 type_register_static(&scsi_hd_info); 2822 type_register_static(&scsi_cd_info); 2823 #ifdef __linux__ 2824 type_register_static(&scsi_block_info); 2825 #endif 2826 type_register_static(&scsi_disk_info); 2827 } 2828 2829 type_init(scsi_disk_register_types) 2830