scsi-disk.c (99294B)
1/* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * Modifications: 9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case 10 * when the allocation length of CDB is smaller 11 * than 36. 12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the 13 * MODE SENSE response. 14 * 15 * This code is licensed under the LGPL. 16 * 17 * Note that this file only handles the SCSI architecture model and device 18 * commands. Emulation of interface/link layer protocols is handled by 19 * the host adapter emulator. 20 */ 21 22#include "qemu/osdep.h" 23#include "qemu/units.h" 24#include "qapi/error.h" 25#include "qemu/error-report.h" 26#include "qemu/main-loop.h" 27#include "qemu/module.h" 28#include "hw/scsi/scsi.h" 29#include "migration/qemu-file-types.h" 30#include "migration/vmstate.h" 31#include "hw/scsi/emulation.h" 32#include "scsi/constants.h" 33#include "sysemu/block-backend.h" 34#include "sysemu/blockdev.h" 35#include "hw/block/block.h" 36#include "hw/qdev-properties.h" 37#include "hw/qdev-properties-system.h" 38#include "sysemu/dma.h" 39#include "sysemu/sysemu.h" 40#include "qemu/cutils.h" 41#include "trace.h" 42#include "qom/object.h" 43 44#ifdef __linux 45#include <scsi/sg.h> 46#endif 47 48#define SCSI_WRITE_SAME_MAX (512 * KiB) 49#define SCSI_DMA_BUF_SIZE (128 * KiB) 50#define SCSI_MAX_INQUIRY_LEN 256 51#define SCSI_MAX_MODE_LEN 256 52 53#define DEFAULT_DISCARD_GRANULARITY (4 * KiB) 54#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB) 55#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */ 56 57#define TYPE_SCSI_DISK_BASE "scsi-disk-base" 58 59OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE) 60 61struct SCSIDiskClass { 62 SCSIDeviceClass parent_class; 63 DMAIOFunc *dma_readv; 64 DMAIOFunc *dma_writev; 65 bool (*need_fua_emulation)(SCSICommand *cmd); 66 void (*update_sense)(SCSIRequest *r); 67}; 68 69typedef struct SCSIDiskReq { 70 SCSIRequest req; 71 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */ 72 uint64_t sector; 73 uint32_t sector_count; 74 uint32_t buflen; 75 bool started; 76 bool need_fua_emulation; 77 struct iovec iov; 78 QEMUIOVector qiov; 79 BlockAcctCookie acct; 80} SCSIDiskReq; 81 82#define SCSI_DISK_F_REMOVABLE 0 83#define SCSI_DISK_F_DPOFUA 1 84#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2 85 86struct SCSIDiskState { 87 SCSIDevice qdev; 88 uint32_t features; 89 bool media_changed; 90 bool media_event; 91 bool eject_request; 92 uint16_t port_index; 93 uint64_t max_unmap_size; 94 uint64_t max_io_size; 95 QEMUBH *bh; 96 char *version; 97 char *serial; 98 char *vendor; 99 char *product; 100 char *device_id; 101 bool tray_open; 102 bool tray_locked; 103 /* 104 * 0x0000 - rotation rate not reported 105 * 0x0001 - non-rotating medium (SSD) 106 * 0x0002-0x0400 - reserved 107 * 0x0401-0xffe - rotations per minute 108 * 0xffff - reserved 109 */ 110 uint16_t rotation_rate; 111}; 112 113static void scsi_free_request(SCSIRequest *req) 114{ 115 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 116 117 qemu_vfree(r->iov.iov_base); 118} 119 120/* Helper function for command completion with sense. */ 121static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense) 122{ 123 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc, 124 sense.ascq); 125 scsi_req_build_sense(&r->req, sense); 126 scsi_req_complete(&r->req, CHECK_CONDITION); 127} 128 129static void scsi_init_iovec(SCSIDiskReq *r, size_t size) 130{ 131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 132 133 if (!r->iov.iov_base) { 134 r->buflen = size; 135 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 136 } 137 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen); 138 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 139} 140 141static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) 142{ 143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 144 145 qemu_put_be64s(f, &r->sector); 146 qemu_put_be32s(f, &r->sector_count); 147 qemu_put_be32s(f, &r->buflen); 148 if (r->buflen) { 149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 150 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 151 } else if (!req->retry) { 152 uint32_t len = r->iov.iov_len; 153 qemu_put_be32s(f, &len); 154 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); 155 } 156 } 157} 158 159static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) 160{ 161 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 162 163 qemu_get_be64s(f, &r->sector); 164 qemu_get_be32s(f, &r->sector_count); 165 qemu_get_be32s(f, &r->buflen); 166 if (r->buflen) { 167 scsi_init_iovec(r, r->buflen); 168 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 169 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 170 } else if (!r->req.retry) { 171 uint32_t len; 172 qemu_get_be32s(f, &len); 173 r->iov.iov_len = len; 174 assert(r->iov.iov_len <= r->buflen); 175 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); 176 } 177 } 178 179 qemu_iovec_init_external(&r->qiov, &r->iov, 1); 180} 181 182/* 183 * scsi_handle_rw_error has two return values. False means that the error 184 * must be ignored, true means that the error has been processed and the 185 * caller should not do anything else for this request. Note that 186 * scsi_handle_rw_error always manages its reference counts, independent 187 * of the return value. 188 */ 189static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed) 190{ 191 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV); 192 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 193 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 194 SCSISense sense = SENSE_CODE(NO_SENSE); 195 int error = 0; 196 bool req_has_sense = false; 197 BlockErrorAction action; 198 int status; 199 200 if (ret < 0) { 201 status = scsi_sense_from_errno(-ret, &sense); 202 error = -ret; 203 } else { 204 /* A passthrough command has completed with nonzero status. */ 205 status = ret; 206 if (status == CHECK_CONDITION) { 207 req_has_sense = true; 208 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense)); 209 } else { 210 error = EINVAL; 211 } 212 } 213 214 /* 215 * Check whether the error has to be handled by the guest or should 216 * rather follow the rerror=/werror= settings. Guest-handled errors 217 * are usually retried immediately, so do not post them to QMP and 218 * do not account them as failed I/O. 219 */ 220 if (req_has_sense && 221 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) { 222 action = BLOCK_ERROR_ACTION_REPORT; 223 acct_failed = false; 224 } else { 225 action = blk_get_error_action(s->qdev.conf.blk, is_read, error); 226 blk_error_action(s->qdev.conf.blk, action, is_read, error); 227 } 228 229 switch (action) { 230 case BLOCK_ERROR_ACTION_REPORT: 231 if (acct_failed) { 232 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 233 } 234 if (req_has_sense) { 235 sdc->update_sense(&r->req); 236 } else if (status == CHECK_CONDITION) { 237 scsi_req_build_sense(&r->req, sense); 238 } 239 scsi_req_complete(&r->req, status); 240 return true; 241 242 case BLOCK_ERROR_ACTION_IGNORE: 243 return false; 244 245 case BLOCK_ERROR_ACTION_STOP: 246 scsi_req_retry(&r->req); 247 return true; 248 249 default: 250 g_assert_not_reached(); 251 } 252} 253 254static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed) 255{ 256 if (r->req.io_canceled) { 257 scsi_req_cancel_complete(&r->req); 258 return true; 259 } 260 261 if (ret < 0) { 262 return scsi_handle_rw_error(r, ret, acct_failed); 263 } 264 265 return false; 266} 267 268static void scsi_aio_complete(void *opaque, int ret) 269{ 270 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 271 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 272 273 assert(r->req.aiocb != NULL); 274 r->req.aiocb = NULL; 275 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 276 if (scsi_disk_req_check_error(r, ret, true)) { 277 goto done; 278 } 279 280 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 281 scsi_req_complete(&r->req, GOOD); 282 283done: 284 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 285 scsi_req_unref(&r->req); 286} 287 288static bool scsi_is_cmd_fua(SCSICommand *cmd) 289{ 290 switch (cmd->buf[0]) { 291 case READ_10: 292 case READ_12: 293 case READ_16: 294 case WRITE_10: 295 case WRITE_12: 296 case WRITE_16: 297 return (cmd->buf[1] & 8) != 0; 298 299 case VERIFY_10: 300 case VERIFY_12: 301 case VERIFY_16: 302 case WRITE_VERIFY_10: 303 case WRITE_VERIFY_12: 304 case WRITE_VERIFY_16: 305 return true; 306 307 case READ_6: 308 case WRITE_6: 309 default: 310 return false; 311 } 312} 313 314static void scsi_write_do_fua(SCSIDiskReq *r) 315{ 316 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 317 318 assert(r->req.aiocb == NULL); 319 assert(!r->req.io_canceled); 320 321 if (r->need_fua_emulation) { 322 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 323 BLOCK_ACCT_FLUSH); 324 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 325 return; 326 } 327 328 scsi_req_complete(&r->req, GOOD); 329 scsi_req_unref(&r->req); 330} 331 332static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret) 333{ 334 assert(r->req.aiocb == NULL); 335 if (scsi_disk_req_check_error(r, ret, false)) { 336 goto done; 337 } 338 339 r->sector += r->sector_count; 340 r->sector_count = 0; 341 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 342 scsi_write_do_fua(r); 343 return; 344 } else { 345 scsi_req_complete(&r->req, GOOD); 346 } 347 348done: 349 scsi_req_unref(&r->req); 350} 351 352static void scsi_dma_complete(void *opaque, int ret) 353{ 354 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 355 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 356 357 assert(r->req.aiocb != NULL); 358 r->req.aiocb = NULL; 359 360 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 361 if (ret < 0) { 362 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 363 } else { 364 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 365 } 366 scsi_dma_complete_noio(r, ret); 367 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 368} 369 370static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) 371{ 372 uint32_t n; 373 374 assert(r->req.aiocb == NULL); 375 if (scsi_disk_req_check_error(r, ret, false)) { 376 goto done; 377 } 378 379 n = r->qiov.size / BDRV_SECTOR_SIZE; 380 r->sector += n; 381 r->sector_count -= n; 382 scsi_req_data(&r->req, r->qiov.size); 383 384done: 385 scsi_req_unref(&r->req); 386} 387 388static void scsi_read_complete(void *opaque, int ret) 389{ 390 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 392 393 assert(r->req.aiocb != NULL); 394 r->req.aiocb = NULL; 395 396 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 397 if (ret < 0) { 398 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 399 } else { 400 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 401 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); 402 } 403 scsi_read_complete_noio(r, ret); 404 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 405} 406 407/* Actually issue a read to the block device. */ 408static void scsi_do_read(SCSIDiskReq *r, int ret) 409{ 410 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 411 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 412 413 assert (r->req.aiocb == NULL); 414 if (scsi_disk_req_check_error(r, ret, false)) { 415 goto done; 416 } 417 418 /* The request is used as the AIO opaque value, so add a ref. */ 419 scsi_req_ref(&r->req); 420 421 if (r->req.sg) { 422 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ); 423 r->req.resid -= r->req.sg->size; 424 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 425 r->req.sg, r->sector << BDRV_SECTOR_BITS, 426 BDRV_SECTOR_SIZE, 427 sdc->dma_readv, r, scsi_dma_complete, r, 428 DMA_DIRECTION_FROM_DEVICE); 429 } else { 430 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 431 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 432 r->qiov.size, BLOCK_ACCT_READ); 433 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov, 434 scsi_read_complete, r, r); 435 } 436 437done: 438 scsi_req_unref(&r->req); 439} 440 441static void scsi_do_read_cb(void *opaque, int ret) 442{ 443 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 444 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 445 446 assert (r->req.aiocb != NULL); 447 r->req.aiocb = NULL; 448 449 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 450 if (ret < 0) { 451 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 452 } else { 453 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 454 } 455 scsi_do_read(opaque, ret); 456 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 457} 458 459/* Read more data from scsi device into buffer. */ 460static void scsi_read_data(SCSIRequest *req) 461{ 462 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 463 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 464 bool first; 465 466 trace_scsi_disk_read_data_count(r->sector_count); 467 if (r->sector_count == 0) { 468 /* This also clears the sense buffer for REQUEST SENSE. */ 469 scsi_req_complete(&r->req, GOOD); 470 return; 471 } 472 473 /* No data transfer may already be in progress */ 474 assert(r->req.aiocb == NULL); 475 476 /* The request is used as the AIO opaque value, so add a ref. */ 477 scsi_req_ref(&r->req); 478 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 479 trace_scsi_disk_read_data_invalid(); 480 scsi_read_complete_noio(r, -EINVAL); 481 return; 482 } 483 484 if (!blk_is_available(req->dev->conf.blk)) { 485 scsi_read_complete_noio(r, -ENOMEDIUM); 486 return; 487 } 488 489 first = !r->started; 490 r->started = true; 491 if (first && r->need_fua_emulation) { 492 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 493 BLOCK_ACCT_FLUSH); 494 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r); 495 } else { 496 scsi_do_read(r, 0); 497 } 498} 499 500static void scsi_write_complete_noio(SCSIDiskReq *r, int ret) 501{ 502 uint32_t n; 503 504 assert (r->req.aiocb == NULL); 505 if (scsi_disk_req_check_error(r, ret, false)) { 506 goto done; 507 } 508 509 n = r->qiov.size / BDRV_SECTOR_SIZE; 510 r->sector += n; 511 r->sector_count -= n; 512 if (r->sector_count == 0) { 513 scsi_write_do_fua(r); 514 return; 515 } else { 516 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); 517 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size); 518 scsi_req_data(&r->req, r->qiov.size); 519 } 520 521done: 522 scsi_req_unref(&r->req); 523} 524 525static void scsi_write_complete(void * opaque, int ret) 526{ 527 SCSIDiskReq *r = (SCSIDiskReq *)opaque; 528 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 529 530 assert (r->req.aiocb != NULL); 531 r->req.aiocb = NULL; 532 533 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 534 if (ret < 0) { 535 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); 536 } else { 537 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 538 } 539 scsi_write_complete_noio(r, ret); 540 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 541} 542 543static void scsi_write_data(SCSIRequest *req) 544{ 545 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 546 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 547 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 548 549 /* No data transfer may already be in progress */ 550 assert(r->req.aiocb == NULL); 551 552 /* The request is used as the AIO opaque value, so add a ref. */ 553 scsi_req_ref(&r->req); 554 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { 555 trace_scsi_disk_write_data_invalid(); 556 scsi_write_complete_noio(r, -EINVAL); 557 return; 558 } 559 560 if (!r->req.sg && !r->qiov.size) { 561 /* Called for the first time. Ask the driver to send us more data. */ 562 r->started = true; 563 scsi_write_complete_noio(r, 0); 564 return; 565 } 566 if (!blk_is_available(req->dev->conf.blk)) { 567 scsi_write_complete_noio(r, -ENOMEDIUM); 568 return; 569 } 570 571 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || 572 r->req.cmd.buf[0] == VERIFY_16) { 573 if (r->req.sg) { 574 scsi_dma_complete_noio(r, 0); 575 } else { 576 scsi_write_complete_noio(r, 0); 577 } 578 return; 579 } 580 581 if (r->req.sg) { 582 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE); 583 r->req.resid -= r->req.sg->size; 584 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk), 585 r->req.sg, r->sector << BDRV_SECTOR_BITS, 586 BDRV_SECTOR_SIZE, 587 sdc->dma_writev, r, scsi_dma_complete, r, 588 DMA_DIRECTION_TO_DEVICE); 589 } else { 590 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 591 r->qiov.size, BLOCK_ACCT_WRITE); 592 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov, 593 scsi_write_complete, r, r); 594 } 595} 596 597/* Return a pointer to the data buffer. */ 598static uint8_t *scsi_get_buf(SCSIRequest *req) 599{ 600 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 601 602 return (uint8_t *)r->iov.iov_base; 603} 604 605static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf) 606{ 607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 608 uint8_t page_code = req->cmd.buf[2]; 609 int start, buflen = 0; 610 611 outbuf[buflen++] = s->qdev.type & 0x1f; 612 outbuf[buflen++] = page_code; 613 outbuf[buflen++] = 0x00; 614 outbuf[buflen++] = 0x00; 615 start = buflen; 616 617 switch (page_code) { 618 case 0x00: /* Supported page codes, mandatory */ 619 { 620 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer); 621 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */ 622 if (s->serial) { 623 outbuf[buflen++] = 0x80; /* unit serial number */ 624 } 625 outbuf[buflen++] = 0x83; /* device identification */ 626 if (s->qdev.type == TYPE_DISK) { 627 outbuf[buflen++] = 0xb0; /* block limits */ 628 outbuf[buflen++] = 0xb1; /* block device characteristics */ 629 outbuf[buflen++] = 0xb2; /* thin provisioning */ 630 } 631 break; 632 } 633 case 0x80: /* Device serial number, optional */ 634 { 635 int l; 636 637 if (!s->serial) { 638 trace_scsi_disk_emulate_vpd_page_80_not_supported(); 639 return -1; 640 } 641 642 l = strlen(s->serial); 643 if (l > 36) { 644 l = 36; 645 } 646 647 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer); 648 memcpy(outbuf + buflen, s->serial, l); 649 buflen += l; 650 break; 651 } 652 653 case 0x83: /* Device identification page, mandatory */ 654 { 655 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0; 656 657 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer); 658 659 if (id_len) { 660 outbuf[buflen++] = 0x2; /* ASCII */ 661 outbuf[buflen++] = 0; /* not officially assigned */ 662 outbuf[buflen++] = 0; /* reserved */ 663 outbuf[buflen++] = id_len; /* length of data following */ 664 memcpy(outbuf + buflen, s->device_id, id_len); 665 buflen += id_len; 666 } 667 668 if (s->qdev.wwn) { 669 outbuf[buflen++] = 0x1; /* Binary */ 670 outbuf[buflen++] = 0x3; /* NAA */ 671 outbuf[buflen++] = 0; /* reserved */ 672 outbuf[buflen++] = 8; 673 stq_be_p(&outbuf[buflen], s->qdev.wwn); 674 buflen += 8; 675 } 676 677 if (s->qdev.port_wwn) { 678 outbuf[buflen++] = 0x61; /* SAS / Binary */ 679 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */ 680 outbuf[buflen++] = 0; /* reserved */ 681 outbuf[buflen++] = 8; 682 stq_be_p(&outbuf[buflen], s->qdev.port_wwn); 683 buflen += 8; 684 } 685 686 if (s->port_index) { 687 outbuf[buflen++] = 0x61; /* SAS / Binary */ 688 689 /* PIV/Target port/relative target port */ 690 outbuf[buflen++] = 0x94; 691 692 outbuf[buflen++] = 0; /* reserved */ 693 outbuf[buflen++] = 4; 694 stw_be_p(&outbuf[buflen + 2], s->port_index); 695 buflen += 4; 696 } 697 break; 698 } 699 case 0xb0: /* block limits */ 700 { 701 SCSIBlockLimits bl = {}; 702 703 if (s->qdev.type == TYPE_ROM) { 704 trace_scsi_disk_emulate_vpd_page_b0_not_supported(); 705 return -1; 706 } 707 bl.wsnz = 1; 708 bl.unmap_sectors = 709 s->qdev.conf.discard_granularity / s->qdev.blocksize; 710 bl.min_io_size = 711 s->qdev.conf.min_io_size / s->qdev.blocksize; 712 bl.opt_io_size = 713 s->qdev.conf.opt_io_size / s->qdev.blocksize; 714 bl.max_unmap_sectors = 715 s->max_unmap_size / s->qdev.blocksize; 716 bl.max_io_sectors = 717 s->max_io_size / s->qdev.blocksize; 718 /* 255 descriptors fit in 4 KiB with an 8-byte header */ 719 bl.max_unmap_descr = 255; 720 721 if (s->qdev.type == TYPE_DISK) { 722 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk); 723 int max_io_sectors_blk = 724 max_transfer_blk / s->qdev.blocksize; 725 726 bl.max_io_sectors = 727 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors); 728 } 729 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl); 730 break; 731 } 732 case 0xb1: /* block device characteristics */ 733 { 734 buflen = 0x40; 735 outbuf[4] = (s->rotation_rate >> 8) & 0xff; 736 outbuf[5] = s->rotation_rate & 0xff; 737 outbuf[6] = 0; /* PRODUCT TYPE */ 738 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */ 739 outbuf[8] = 0; /* VBULS */ 740 break; 741 } 742 case 0xb2: /* thin provisioning */ 743 { 744 buflen = 8; 745 outbuf[4] = 0; 746 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */ 747 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1; 748 outbuf[7] = 0; 749 break; 750 } 751 default: 752 return -1; 753 } 754 /* done with EVPD */ 755 assert(buflen - start <= 255); 756 outbuf[start - 1] = buflen - start; 757 return buflen; 758} 759 760static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) 761{ 762 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 763 int buflen = 0; 764 765 if (req->cmd.buf[1] & 0x1) { 766 /* Vital product data */ 767 return scsi_disk_emulate_vpd_page(req, outbuf); 768 } 769 770 /* Standard INQUIRY data */ 771 if (req->cmd.buf[2] != 0) { 772 return -1; 773 } 774 775 /* PAGE CODE == 0 */ 776 buflen = req->cmd.xfer; 777 if (buflen > SCSI_MAX_INQUIRY_LEN) { 778 buflen = SCSI_MAX_INQUIRY_LEN; 779 } 780 781 outbuf[0] = s->qdev.type & 0x1f; 782 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0; 783 784 strpadcpy((char *) &outbuf[16], 16, s->product, ' '); 785 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' '); 786 787 memset(&outbuf[32], 0, 4); 788 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version))); 789 /* 790 * We claim conformance to SPC-3, which is required for guests 791 * to ask for modern features like READ CAPACITY(16) or the 792 * block characteristics VPD page by default. Not all of SPC-3 793 * is actually implemented, but we're good enough. 794 */ 795 outbuf[2] = s->qdev.default_scsi_version; 796 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */ 797 798 if (buflen > 36) { 799 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */ 800 } else { 801 /* If the allocation length of CDB is too small, 802 the additional length is not adjusted */ 803 outbuf[4] = 36 - 5; 804 } 805 806 /* Sync data transfer and TCQ. */ 807 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0); 808 return buflen; 809} 810 811static inline bool media_is_dvd(SCSIDiskState *s) 812{ 813 uint64_t nb_sectors; 814 if (s->qdev.type != TYPE_ROM) { 815 return false; 816 } 817 if (!blk_is_available(s->qdev.conf.blk)) { 818 return false; 819 } 820 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 821 return nb_sectors > CD_MAX_SECTORS; 822} 823 824static inline bool media_is_cd(SCSIDiskState *s) 825{ 826 uint64_t nb_sectors; 827 if (s->qdev.type != TYPE_ROM) { 828 return false; 829 } 830 if (!blk_is_available(s->qdev.conf.blk)) { 831 return false; 832 } 833 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 834 return nb_sectors <= CD_MAX_SECTORS; 835} 836 837static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r, 838 uint8_t *outbuf) 839{ 840 uint8_t type = r->req.cmd.buf[1] & 7; 841 842 if (s->qdev.type != TYPE_ROM) { 843 return -1; 844 } 845 846 /* Types 1/2 are only defined for Blu-Ray. */ 847 if (type != 0) { 848 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 849 return -1; 850 } 851 852 memset(outbuf, 0, 34); 853 outbuf[1] = 32; 854 outbuf[2] = 0xe; /* last session complete, disc finalized */ 855 outbuf[3] = 1; /* first track on disc */ 856 outbuf[4] = 1; /* # of sessions */ 857 outbuf[5] = 1; /* first track of last session */ 858 outbuf[6] = 1; /* last track of last session */ 859 outbuf[7] = 0x20; /* unrestricted use */ 860 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */ 861 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */ 862 /* 12-23: not meaningful for CD-ROM or DVD-ROM */ 863 /* 24-31: disc bar code */ 864 /* 32: disc application code */ 865 /* 33: number of OPC tables */ 866 867 return 34; 868} 869 870static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r, 871 uint8_t *outbuf) 872{ 873 static const int rds_caps_size[5] = { 874 [0] = 2048 + 4, 875 [1] = 4 + 4, 876 [3] = 188 + 4, 877 [4] = 2048 + 4, 878 }; 879 880 uint8_t media = r->req.cmd.buf[1]; 881 uint8_t layer = r->req.cmd.buf[6]; 882 uint8_t format = r->req.cmd.buf[7]; 883 int size = -1; 884 885 if (s->qdev.type != TYPE_ROM) { 886 return -1; 887 } 888 if (media != 0) { 889 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 890 return -1; 891 } 892 893 if (format != 0xff) { 894 if (!blk_is_available(s->qdev.conf.blk)) { 895 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 896 return -1; 897 } 898 if (media_is_cd(s)) { 899 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT)); 900 return -1; 901 } 902 if (format >= ARRAY_SIZE(rds_caps_size)) { 903 return -1; 904 } 905 size = rds_caps_size[format]; 906 memset(outbuf, 0, size); 907 } 908 909 switch (format) { 910 case 0x00: { 911 /* Physical format information */ 912 uint64_t nb_sectors; 913 if (layer != 0) { 914 goto fail; 915 } 916 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 917 918 outbuf[4] = 1; /* DVD-ROM, part version 1 */ 919 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */ 920 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */ 921 outbuf[7] = 0; /* default densities */ 922 923 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */ 924 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */ 925 break; 926 } 927 928 case 0x01: /* DVD copyright information, all zeros */ 929 break; 930 931 case 0x03: /* BCA information - invalid field for no BCA info */ 932 return -1; 933 934 case 0x04: /* DVD disc manufacturing information, all zeros */ 935 break; 936 937 case 0xff: { /* List capabilities */ 938 int i; 939 size = 4; 940 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) { 941 if (!rds_caps_size[i]) { 942 continue; 943 } 944 outbuf[size] = i; 945 outbuf[size + 1] = 0x40; /* Not writable, readable */ 946 stw_be_p(&outbuf[size + 2], rds_caps_size[i]); 947 size += 4; 948 } 949 break; 950 } 951 952 default: 953 return -1; 954 } 955 956 /* Size of buffer, not including 2 byte size field */ 957 stw_be_p(outbuf, size - 2); 958 return size; 959 960fail: 961 return -1; 962} 963 964static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf) 965{ 966 uint8_t event_code, media_status; 967 968 media_status = 0; 969 if (s->tray_open) { 970 media_status = MS_TRAY_OPEN; 971 } else if (blk_is_inserted(s->qdev.conf.blk)) { 972 media_status = MS_MEDIA_PRESENT; 973 } 974 975 /* Event notification descriptor */ 976 event_code = MEC_NO_CHANGE; 977 if (media_status != MS_TRAY_OPEN) { 978 if (s->media_event) { 979 event_code = MEC_NEW_MEDIA; 980 s->media_event = false; 981 } else if (s->eject_request) { 982 event_code = MEC_EJECT_REQUESTED; 983 s->eject_request = false; 984 } 985 } 986 987 outbuf[0] = event_code; 988 outbuf[1] = media_status; 989 990 /* These fields are reserved, just clear them. */ 991 outbuf[2] = 0; 992 outbuf[3] = 0; 993 return 4; 994} 995 996static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r, 997 uint8_t *outbuf) 998{ 999 int size; 1000 uint8_t *buf = r->req.cmd.buf; 1001 uint8_t notification_class_request = buf[4]; 1002 if (s->qdev.type != TYPE_ROM) { 1003 return -1; 1004 } 1005 if ((buf[1] & 1) == 0) { 1006 /* asynchronous */ 1007 return -1; 1008 } 1009 1010 size = 4; 1011 outbuf[0] = outbuf[1] = 0; 1012 outbuf[3] = 1 << GESN_MEDIA; /* supported events */ 1013 if (notification_class_request & (1 << GESN_MEDIA)) { 1014 outbuf[2] = GESN_MEDIA; 1015 size += scsi_event_status_media(s, &outbuf[size]); 1016 } else { 1017 outbuf[2] = 0x80; 1018 } 1019 stw_be_p(outbuf, size - 4); 1020 return size; 1021} 1022 1023static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf) 1024{ 1025 int current; 1026 1027 if (s->qdev.type != TYPE_ROM) { 1028 return -1; 1029 } 1030 1031 if (media_is_dvd(s)) { 1032 current = MMC_PROFILE_DVD_ROM; 1033 } else if (media_is_cd(s)) { 1034 current = MMC_PROFILE_CD_ROM; 1035 } else { 1036 current = MMC_PROFILE_NONE; 1037 } 1038 1039 memset(outbuf, 0, 40); 1040 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */ 1041 stw_be_p(&outbuf[6], current); 1042 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */ 1043 outbuf[10] = 0x03; /* persistent, current */ 1044 outbuf[11] = 8; /* two profiles */ 1045 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM); 1046 outbuf[14] = (current == MMC_PROFILE_DVD_ROM); 1047 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM); 1048 outbuf[18] = (current == MMC_PROFILE_CD_ROM); 1049 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */ 1050 stw_be_p(&outbuf[20], 1); 1051 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */ 1052 outbuf[23] = 8; 1053 stl_be_p(&outbuf[24], 1); /* SCSI */ 1054 outbuf[28] = 1; /* DBE = 1, mandatory */ 1055 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */ 1056 stw_be_p(&outbuf[32], 3); 1057 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */ 1058 outbuf[35] = 4; 1059 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */ 1060 /* TODO: Random readable, CD read, DVD read, drive serial number, 1061 power management */ 1062 return 40; 1063} 1064 1065static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf) 1066{ 1067 if (s->qdev.type != TYPE_ROM) { 1068 return -1; 1069 } 1070 memset(outbuf, 0, 8); 1071 outbuf[5] = 1; /* CD-ROM */ 1072 return 8; 1073} 1074 1075static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, 1076 int page_control) 1077{ 1078 static const int mode_sense_valid[0x3f] = { 1079 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK), 1080 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK), 1081 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1082 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM), 1083 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM), 1084 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM), 1085 }; 1086 1087 uint8_t *p = *p_outbuf + 2; 1088 int length; 1089 1090 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { 1091 return -1; 1092 } 1093 1094 /* 1095 * If Changeable Values are requested, a mask denoting those mode parameters 1096 * that are changeable shall be returned. As we currently don't support 1097 * parameter changes via MODE_SELECT all bits are returned set to zero. 1098 * The buffer was already menset to zero by the caller of this function. 1099 * 1100 * The offsets here are off by two compared to the descriptions in the 1101 * SCSI specs, because those include a 2-byte header. This is unfortunate, 1102 * but it is done so that offsets are consistent within our implementation 1103 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both 1104 * 2-byte and 4-byte headers. 1105 */ 1106 switch (page) { 1107 case MODE_PAGE_HD_GEOMETRY: 1108 length = 0x16; 1109 if (page_control == 1) { /* Changeable Values */ 1110 break; 1111 } 1112 /* if a geometry hint is available, use it */ 1113 p[0] = (s->qdev.conf.cyls >> 16) & 0xff; 1114 p[1] = (s->qdev.conf.cyls >> 8) & 0xff; 1115 p[2] = s->qdev.conf.cyls & 0xff; 1116 p[3] = s->qdev.conf.heads & 0xff; 1117 /* Write precomp start cylinder, disabled */ 1118 p[4] = (s->qdev.conf.cyls >> 16) & 0xff; 1119 p[5] = (s->qdev.conf.cyls >> 8) & 0xff; 1120 p[6] = s->qdev.conf.cyls & 0xff; 1121 /* Reduced current start cylinder, disabled */ 1122 p[7] = (s->qdev.conf.cyls >> 16) & 0xff; 1123 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1124 p[9] = s->qdev.conf.cyls & 0xff; 1125 /* Device step rate [ns], 200ns */ 1126 p[10] = 0; 1127 p[11] = 200; 1128 /* Landing zone cylinder */ 1129 p[12] = 0xff; 1130 p[13] = 0xff; 1131 p[14] = 0xff; 1132 /* Medium rotation rate [rpm], 5400 rpm */ 1133 p[18] = (5400 >> 8) & 0xff; 1134 p[19] = 5400 & 0xff; 1135 break; 1136 1137 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY: 1138 length = 0x1e; 1139 if (page_control == 1) { /* Changeable Values */ 1140 break; 1141 } 1142 /* Transfer rate [kbit/s], 5Mbit/s */ 1143 p[0] = 5000 >> 8; 1144 p[1] = 5000 & 0xff; 1145 /* if a geometry hint is available, use it */ 1146 p[2] = s->qdev.conf.heads & 0xff; 1147 p[3] = s->qdev.conf.secs & 0xff; 1148 p[4] = s->qdev.blocksize >> 8; 1149 p[6] = (s->qdev.conf.cyls >> 8) & 0xff; 1150 p[7] = s->qdev.conf.cyls & 0xff; 1151 /* Write precomp start cylinder, disabled */ 1152 p[8] = (s->qdev.conf.cyls >> 8) & 0xff; 1153 p[9] = s->qdev.conf.cyls & 0xff; 1154 /* Reduced current start cylinder, disabled */ 1155 p[10] = (s->qdev.conf.cyls >> 8) & 0xff; 1156 p[11] = s->qdev.conf.cyls & 0xff; 1157 /* Device step rate [100us], 100us */ 1158 p[12] = 0; 1159 p[13] = 1; 1160 /* Device step pulse width [us], 1us */ 1161 p[14] = 1; 1162 /* Device head settle delay [100us], 100us */ 1163 p[15] = 0; 1164 p[16] = 1; 1165 /* Motor on delay [0.1s], 0.1s */ 1166 p[17] = 1; 1167 /* Motor off delay [0.1s], 0.1s */ 1168 p[18] = 1; 1169 /* Medium rotation rate [rpm], 5400 rpm */ 1170 p[26] = (5400 >> 8) & 0xff; 1171 p[27] = 5400 & 0xff; 1172 break; 1173 1174 case MODE_PAGE_CACHING: 1175 length = 0x12; 1176 if (page_control == 1 || /* Changeable Values */ 1177 blk_enable_write_cache(s->qdev.conf.blk)) { 1178 p[0] = 4; /* WCE */ 1179 } 1180 break; 1181 1182 case MODE_PAGE_R_W_ERROR: 1183 length = 10; 1184 if (page_control == 1) { /* Changeable Values */ 1185 break; 1186 } 1187 p[0] = 0x80; /* Automatic Write Reallocation Enabled */ 1188 if (s->qdev.type == TYPE_ROM) { 1189 p[1] = 0x20; /* Read Retry Count */ 1190 } 1191 break; 1192 1193 case MODE_PAGE_AUDIO_CTL: 1194 length = 14; 1195 break; 1196 1197 case MODE_PAGE_CAPABILITIES: 1198 length = 0x14; 1199 if (page_control == 1) { /* Changeable Values */ 1200 break; 1201 } 1202 1203 p[0] = 0x3b; /* CD-R & CD-RW read */ 1204 p[1] = 0; /* Writing not supported */ 1205 p[2] = 0x7f; /* Audio, composite, digital out, 1206 mode 2 form 1&2, multi session */ 1207 p[3] = 0xff; /* CD DA, DA accurate, RW supported, 1208 RW corrected, C2 errors, ISRC, 1209 UPC, Bar code */ 1210 p[4] = 0x2d | (s->tray_locked ? 2 : 0); 1211 /* Locking supported, jumper present, eject, tray */ 1212 p[5] = 0; /* no volume & mute control, no 1213 changer */ 1214 p[6] = (50 * 176) >> 8; /* 50x read speed */ 1215 p[7] = (50 * 176) & 0xff; 1216 p[8] = 2 >> 8; /* Two volume levels */ 1217 p[9] = 2 & 0xff; 1218 p[10] = 2048 >> 8; /* 2M buffer */ 1219 p[11] = 2048 & 0xff; 1220 p[12] = (16 * 176) >> 8; /* 16x read speed current */ 1221 p[13] = (16 * 176) & 0xff; 1222 p[16] = (16 * 176) >> 8; /* 16x write speed */ 1223 p[17] = (16 * 176) & 0xff; 1224 p[18] = (16 * 176) >> 8; /* 16x write speed current */ 1225 p[19] = (16 * 176) & 0xff; 1226 break; 1227 1228 default: 1229 return -1; 1230 } 1231 1232 assert(length < 256); 1233 (*p_outbuf)[0] = page; 1234 (*p_outbuf)[1] = length; 1235 *p_outbuf += length + 2; 1236 return length + 2; 1237} 1238 1239static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) 1240{ 1241 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1242 uint64_t nb_sectors; 1243 bool dbd; 1244 int page, buflen, ret, page_control; 1245 uint8_t *p; 1246 uint8_t dev_specific_param; 1247 1248 dbd = (r->req.cmd.buf[1] & 0x8) != 0; 1249 page = r->req.cmd.buf[2] & 0x3f; 1250 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6; 1251 1252 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 1253 10, page, r->req.cmd.xfer, page_control); 1254 memset(outbuf, 0, r->req.cmd.xfer); 1255 p = outbuf; 1256 1257 if (s->qdev.type == TYPE_DISK) { 1258 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; 1259 if (!blk_is_writable(s->qdev.conf.blk)) { 1260 dev_specific_param |= 0x80; /* Readonly. */ 1261 } 1262 } else { 1263 /* MMC prescribes that CD/DVD drives have no block descriptors, 1264 * and defines no device-specific parameter. */ 1265 dev_specific_param = 0x00; 1266 dbd = true; 1267 } 1268 1269 if (r->req.cmd.buf[0] == MODE_SENSE) { 1270 p[1] = 0; /* Default media type. */ 1271 p[2] = dev_specific_param; 1272 p[3] = 0; /* Block descriptor length. */ 1273 p += 4; 1274 } else { /* MODE_SENSE_10 */ 1275 p[2] = 0; /* Default media type. */ 1276 p[3] = dev_specific_param; 1277 p[6] = p[7] = 0; /* Block descriptor length. */ 1278 p += 8; 1279 } 1280 1281 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1282 if (!dbd && nb_sectors) { 1283 if (r->req.cmd.buf[0] == MODE_SENSE) { 1284 outbuf[3] = 8; /* Block descriptor length */ 1285 } else { /* MODE_SENSE_10 */ 1286 outbuf[7] = 8; /* Block descriptor length */ 1287 } 1288 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1289 if (nb_sectors > 0xffffff) { 1290 nb_sectors = 0; 1291 } 1292 p[0] = 0; /* media density code */ 1293 p[1] = (nb_sectors >> 16) & 0xff; 1294 p[2] = (nb_sectors >> 8) & 0xff; 1295 p[3] = nb_sectors & 0xff; 1296 p[4] = 0; /* reserved */ 1297 p[5] = 0; /* bytes 5-7 are the sector size in bytes */ 1298 p[6] = s->qdev.blocksize >> 8; 1299 p[7] = 0; 1300 p += 8; 1301 } 1302 1303 if (page_control == 3) { 1304 /* Saved Values */ 1305 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED)); 1306 return -1; 1307 } 1308 1309 if (page == 0x3f) { 1310 for (page = 0; page <= 0x3e; page++) { 1311 mode_sense_page(s, page, &p, page_control); 1312 } 1313 } else { 1314 ret = mode_sense_page(s, page, &p, page_control); 1315 if (ret == -1) { 1316 return -1; 1317 } 1318 } 1319 1320 buflen = p - outbuf; 1321 /* 1322 * The mode data length field specifies the length in bytes of the 1323 * following data that is available to be transferred. The mode data 1324 * length does not include itself. 1325 */ 1326 if (r->req.cmd.buf[0] == MODE_SENSE) { 1327 outbuf[0] = buflen - 1; 1328 } else { /* MODE_SENSE_10 */ 1329 outbuf[0] = ((buflen - 2) >> 8) & 0xff; 1330 outbuf[1] = (buflen - 2) & 0xff; 1331 } 1332 return buflen; 1333} 1334 1335static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf) 1336{ 1337 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1338 int start_track, format, msf, toclen; 1339 uint64_t nb_sectors; 1340 1341 msf = req->cmd.buf[1] & 2; 1342 format = req->cmd.buf[2] & 0xf; 1343 start_track = req->cmd.buf[6]; 1344 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1345 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1); 1346 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1347 switch (format) { 1348 case 0: 1349 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 1350 break; 1351 case 1: 1352 /* multi session : only a single session defined */ 1353 toclen = 12; 1354 memset(outbuf, 0, 12); 1355 outbuf[1] = 0x0a; 1356 outbuf[2] = 0x01; 1357 outbuf[3] = 0x01; 1358 break; 1359 case 2: 1360 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 1361 break; 1362 default: 1363 return -1; 1364 } 1365 return toclen; 1366} 1367 1368static int scsi_disk_emulate_start_stop(SCSIDiskReq *r) 1369{ 1370 SCSIRequest *req = &r->req; 1371 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1372 bool start = req->cmd.buf[4] & 1; 1373 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */ 1374 int pwrcnd = req->cmd.buf[4] & 0xf0; 1375 1376 if (pwrcnd) { 1377 /* eject/load only happens for power condition == 0 */ 1378 return 0; 1379 } 1380 1381 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) { 1382 if (!start && !s->tray_open && s->tray_locked) { 1383 scsi_check_condition(r, 1384 blk_is_inserted(s->qdev.conf.blk) 1385 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED) 1386 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED)); 1387 return -1; 1388 } 1389 1390 if (s->tray_open != !start) { 1391 blk_eject(s->qdev.conf.blk, !start); 1392 s->tray_open = !start; 1393 } 1394 } 1395 return 0; 1396} 1397 1398static void scsi_disk_emulate_read_data(SCSIRequest *req) 1399{ 1400 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1401 int buflen = r->iov.iov_len; 1402 1403 if (buflen) { 1404 trace_scsi_disk_emulate_read_data(buflen); 1405 r->iov.iov_len = 0; 1406 r->started = true; 1407 scsi_req_data(&r->req, buflen); 1408 return; 1409 } 1410 1411 /* This also clears the sense buffer for REQUEST SENSE. */ 1412 scsi_req_complete(&r->req, GOOD); 1413} 1414 1415static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, 1416 uint8_t *inbuf, int inlen) 1417{ 1418 uint8_t mode_current[SCSI_MAX_MODE_LEN]; 1419 uint8_t mode_changeable[SCSI_MAX_MODE_LEN]; 1420 uint8_t *p; 1421 int len, expected_len, changeable_len, i; 1422 1423 /* The input buffer does not include the page header, so it is 1424 * off by 2 bytes. 1425 */ 1426 expected_len = inlen + 2; 1427 if (expected_len > SCSI_MAX_MODE_LEN) { 1428 return -1; 1429 } 1430 1431 p = mode_current; 1432 memset(mode_current, 0, inlen + 2); 1433 len = mode_sense_page(s, page, &p, 0); 1434 if (len < 0 || len != expected_len) { 1435 return -1; 1436 } 1437 1438 p = mode_changeable; 1439 memset(mode_changeable, 0, inlen + 2); 1440 changeable_len = mode_sense_page(s, page, &p, 1); 1441 assert(changeable_len == len); 1442 1443 /* Check that unchangeable bits are the same as what MODE SENSE 1444 * would return. 1445 */ 1446 for (i = 2; i < len; i++) { 1447 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) { 1448 return -1; 1449 } 1450 } 1451 return 0; 1452} 1453 1454static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p) 1455{ 1456 switch (page) { 1457 case MODE_PAGE_CACHING: 1458 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0); 1459 break; 1460 1461 default: 1462 break; 1463 } 1464} 1465 1466static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change) 1467{ 1468 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1469 1470 while (len > 0) { 1471 int page, subpage, page_len; 1472 1473 /* Parse both possible formats for the mode page headers. */ 1474 page = p[0] & 0x3f; 1475 if (p[0] & 0x40) { 1476 if (len < 4) { 1477 goto invalid_param_len; 1478 } 1479 subpage = p[1]; 1480 page_len = lduw_be_p(&p[2]); 1481 p += 4; 1482 len -= 4; 1483 } else { 1484 if (len < 2) { 1485 goto invalid_param_len; 1486 } 1487 subpage = 0; 1488 page_len = p[1]; 1489 p += 2; 1490 len -= 2; 1491 } 1492 1493 if (subpage) { 1494 goto invalid_param; 1495 } 1496 if (page_len > len) { 1497 goto invalid_param_len; 1498 } 1499 1500 if (!change) { 1501 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) { 1502 goto invalid_param; 1503 } 1504 } else { 1505 scsi_disk_apply_mode_select(s, page, p); 1506 } 1507 1508 p += page_len; 1509 len -= page_len; 1510 } 1511 return 0; 1512 1513invalid_param: 1514 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1515 return -1; 1516 1517invalid_param_len: 1518 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1519 return -1; 1520} 1521 1522static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf) 1523{ 1524 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1525 uint8_t *p = inbuf; 1526 int cmd = r->req.cmd.buf[0]; 1527 int len = r->req.cmd.xfer; 1528 int hdr_len = (cmd == MODE_SELECT ? 4 : 8); 1529 int bd_len; 1530 int pass; 1531 1532 /* We only support PF=1, SP=0. */ 1533 if ((r->req.cmd.buf[1] & 0x11) != 0x10) { 1534 goto invalid_field; 1535 } 1536 1537 if (len < hdr_len) { 1538 goto invalid_param_len; 1539 } 1540 1541 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6])); 1542 len -= hdr_len; 1543 p += hdr_len; 1544 if (len < bd_len) { 1545 goto invalid_param_len; 1546 } 1547 if (bd_len != 0 && bd_len != 8) { 1548 goto invalid_param; 1549 } 1550 1551 len -= bd_len; 1552 p += bd_len; 1553 1554 /* Ensure no change is made if there is an error! */ 1555 for (pass = 0; pass < 2; pass++) { 1556 if (mode_select_pages(r, p, len, pass == 1) < 0) { 1557 assert(pass == 0); 1558 return; 1559 } 1560 } 1561 if (!blk_enable_write_cache(s->qdev.conf.blk)) { 1562 /* The request is used as the AIO opaque value, so add a ref. */ 1563 scsi_req_ref(&r->req); 1564 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 1565 BLOCK_ACCT_FLUSH); 1566 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 1567 return; 1568 } 1569 1570 scsi_req_complete(&r->req, GOOD); 1571 return; 1572 1573invalid_param: 1574 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM)); 1575 return; 1576 1577invalid_param_len: 1578 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1579 return; 1580 1581invalid_field: 1582 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1583} 1584 1585/* sector_num and nb_sectors expected to be in qdev blocksize */ 1586static inline bool check_lba_range(SCSIDiskState *s, 1587 uint64_t sector_num, uint32_t nb_sectors) 1588{ 1589 /* 1590 * The first line tests that no overflow happens when computing the last 1591 * sector. The second line tests that the last accessed sector is in 1592 * range. 1593 * 1594 * Careful, the computations should not underflow for nb_sectors == 0, 1595 * and a 0-block read to the first LBA beyond the end of device is 1596 * valid. 1597 */ 1598 return (sector_num <= sector_num + nb_sectors && 1599 sector_num + nb_sectors <= s->qdev.max_lba + 1); 1600} 1601 1602typedef struct UnmapCBData { 1603 SCSIDiskReq *r; 1604 uint8_t *inbuf; 1605 int count; 1606} UnmapCBData; 1607 1608static void scsi_unmap_complete(void *opaque, int ret); 1609 1610static void scsi_unmap_complete_noio(UnmapCBData *data, int ret) 1611{ 1612 SCSIDiskReq *r = data->r; 1613 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1614 1615 assert(r->req.aiocb == NULL); 1616 1617 if (data->count > 0) { 1618 uint64_t sector_num = ldq_be_p(&data->inbuf[0]); 1619 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL; 1620 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1621 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1622 1623 if (!check_lba_range(s, sector_num, nb_sectors)) { 1624 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), 1625 BLOCK_ACCT_UNMAP); 1626 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1627 goto done; 1628 } 1629 1630 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1631 r->sector_count * BDRV_SECTOR_SIZE, 1632 BLOCK_ACCT_UNMAP); 1633 1634 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk, 1635 r->sector * BDRV_SECTOR_SIZE, 1636 r->sector_count * BDRV_SECTOR_SIZE, 1637 scsi_unmap_complete, data); 1638 data->count--; 1639 data->inbuf += 16; 1640 return; 1641 } 1642 1643 scsi_req_complete(&r->req, GOOD); 1644 1645done: 1646 scsi_req_unref(&r->req); 1647 g_free(data); 1648} 1649 1650static void scsi_unmap_complete(void *opaque, int ret) 1651{ 1652 UnmapCBData *data = opaque; 1653 SCSIDiskReq *r = data->r; 1654 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1655 1656 assert(r->req.aiocb != NULL); 1657 r->req.aiocb = NULL; 1658 1659 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1660 if (scsi_disk_req_check_error(r, ret, true)) { 1661 scsi_req_unref(&r->req); 1662 g_free(data); 1663 } else { 1664 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1665 scsi_unmap_complete_noio(data, ret); 1666 } 1667 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1668} 1669 1670static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) 1671{ 1672 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1673 uint8_t *p = inbuf; 1674 int len = r->req.cmd.xfer; 1675 UnmapCBData *data; 1676 1677 /* Reject ANCHOR=1. */ 1678 if (r->req.cmd.buf[1] & 0x1) { 1679 goto invalid_field; 1680 } 1681 1682 if (len < 8) { 1683 goto invalid_param_len; 1684 } 1685 if (len < lduw_be_p(&p[0]) + 2) { 1686 goto invalid_param_len; 1687 } 1688 if (len < lduw_be_p(&p[2]) + 8) { 1689 goto invalid_param_len; 1690 } 1691 if (lduw_be_p(&p[2]) & 15) { 1692 goto invalid_param_len; 1693 } 1694 1695 if (!blk_is_writable(s->qdev.conf.blk)) { 1696 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1697 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1698 return; 1699 } 1700 1701 data = g_new0(UnmapCBData, 1); 1702 data->r = r; 1703 data->inbuf = &p[8]; 1704 data->count = lduw_be_p(&p[2]) >> 4; 1705 1706 /* The matching unref is in scsi_unmap_complete, before data is freed. */ 1707 scsi_req_ref(&r->req); 1708 scsi_unmap_complete_noio(data, 0); 1709 return; 1710 1711invalid_param_len: 1712 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1713 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); 1714 return; 1715 1716invalid_field: 1717 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); 1718 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1719} 1720 1721typedef struct WriteSameCBData { 1722 SCSIDiskReq *r; 1723 int64_t sector; 1724 int nb_sectors; 1725 QEMUIOVector qiov; 1726 struct iovec iov; 1727} WriteSameCBData; 1728 1729static void scsi_write_same_complete(void *opaque, int ret) 1730{ 1731 WriteSameCBData *data = opaque; 1732 SCSIDiskReq *r = data->r; 1733 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 1734 1735 assert(r->req.aiocb != NULL); 1736 r->req.aiocb = NULL; 1737 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); 1738 if (scsi_disk_req_check_error(r, ret, true)) { 1739 goto done; 1740 } 1741 1742 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); 1743 1744 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE; 1745 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE; 1746 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1747 data->iov.iov_len); 1748 if (data->iov.iov_len) { 1749 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1750 data->iov.iov_len, BLOCK_ACCT_WRITE); 1751 /* Reinitialize qiov, to handle unaligned WRITE SAME request 1752 * where final qiov may need smaller size */ 1753 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1754 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1755 data->sector << BDRV_SECTOR_BITS, 1756 &data->qiov, 0, 1757 scsi_write_same_complete, data); 1758 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1759 return; 1760 } 1761 1762 scsi_req_complete(&r->req, GOOD); 1763 1764done: 1765 scsi_req_unref(&r->req); 1766 qemu_vfree(data->iov.iov_base); 1767 g_free(data); 1768 aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); 1769} 1770 1771static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) 1772{ 1773 SCSIRequest *req = &r->req; 1774 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1775 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf); 1776 WriteSameCBData *data; 1777 uint8_t *buf; 1778 int i; 1779 1780 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ 1781 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { 1782 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1783 return; 1784 } 1785 1786 if (!blk_is_writable(s->qdev.conf.blk)) { 1787 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 1788 return; 1789 } 1790 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { 1791 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 1792 return; 1793 } 1794 1795 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) { 1796 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; 1797 1798 /* The request is used as the AIO opaque value, so add a ref. */ 1799 scsi_req_ref(&r->req); 1800 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1801 nb_sectors * s->qdev.blocksize, 1802 BLOCK_ACCT_WRITE); 1803 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk, 1804 r->req.cmd.lba * s->qdev.blocksize, 1805 nb_sectors * s->qdev.blocksize, 1806 flags, scsi_aio_complete, r); 1807 return; 1808 } 1809 1810 data = g_new0(WriteSameCBData, 1); 1811 data->r = r; 1812 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1813 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 1814 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE, 1815 SCSI_WRITE_SAME_MAX); 1816 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk, 1817 data->iov.iov_len); 1818 qemu_iovec_init_external(&data->qiov, &data->iov, 1); 1819 1820 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { 1821 memcpy(&buf[i], inbuf, s->qdev.blocksize); 1822 } 1823 1824 scsi_req_ref(&r->req); 1825 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 1826 data->iov.iov_len, BLOCK_ACCT_WRITE); 1827 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk, 1828 data->sector << BDRV_SECTOR_BITS, 1829 &data->qiov, 0, 1830 scsi_write_same_complete, data); 1831} 1832 1833static void scsi_disk_emulate_write_data(SCSIRequest *req) 1834{ 1835 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1836 1837 if (r->iov.iov_len) { 1838 int buflen = r->iov.iov_len; 1839 trace_scsi_disk_emulate_write_data(buflen); 1840 r->iov.iov_len = 0; 1841 scsi_req_data(&r->req, buflen); 1842 return; 1843 } 1844 1845 switch (req->cmd.buf[0]) { 1846 case MODE_SELECT: 1847 case MODE_SELECT_10: 1848 /* This also clears the sense buffer for REQUEST SENSE. */ 1849 scsi_disk_emulate_mode_select(r, r->iov.iov_base); 1850 break; 1851 1852 case UNMAP: 1853 scsi_disk_emulate_unmap(r, r->iov.iov_base); 1854 break; 1855 1856 case VERIFY_10: 1857 case VERIFY_12: 1858 case VERIFY_16: 1859 if (r->req.status == -1) { 1860 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 1861 } 1862 break; 1863 1864 case WRITE_SAME_10: 1865 case WRITE_SAME_16: 1866 scsi_disk_emulate_write_same(r, r->iov.iov_base); 1867 break; 1868 1869 default: 1870 abort(); 1871 } 1872} 1873 1874static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) 1875{ 1876 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 1877 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 1878 uint64_t nb_sectors; 1879 uint8_t *outbuf; 1880 int buflen; 1881 1882 switch (req->cmd.buf[0]) { 1883 case INQUIRY: 1884 case MODE_SENSE: 1885 case MODE_SENSE_10: 1886 case RESERVE: 1887 case RESERVE_10: 1888 case RELEASE: 1889 case RELEASE_10: 1890 case START_STOP: 1891 case ALLOW_MEDIUM_REMOVAL: 1892 case GET_CONFIGURATION: 1893 case GET_EVENT_STATUS_NOTIFICATION: 1894 case MECHANISM_STATUS: 1895 case REQUEST_SENSE: 1896 break; 1897 1898 default: 1899 if (!blk_is_available(s->qdev.conf.blk)) { 1900 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 1901 return 0; 1902 } 1903 break; 1904 } 1905 1906 /* 1907 * FIXME: we shouldn't return anything bigger than 4k, but the code 1908 * requires the buffer to be as big as req->cmd.xfer in several 1909 * places. So, do not allow CDBs with a very large ALLOCATION 1910 * LENGTH. The real fix would be to modify scsi_read_data and 1911 * dma_buf_read, so that they return data beyond the buflen 1912 * as all zeros. 1913 */ 1914 if (req->cmd.xfer > 65536) { 1915 goto illegal_request; 1916 } 1917 r->buflen = MAX(4096, req->cmd.xfer); 1918 1919 if (!r->iov.iov_base) { 1920 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen); 1921 } 1922 1923 outbuf = r->iov.iov_base; 1924 memset(outbuf, 0, r->buflen); 1925 switch (req->cmd.buf[0]) { 1926 case TEST_UNIT_READY: 1927 assert(blk_is_available(s->qdev.conf.blk)); 1928 break; 1929 case INQUIRY: 1930 buflen = scsi_disk_emulate_inquiry(req, outbuf); 1931 if (buflen < 0) { 1932 goto illegal_request; 1933 } 1934 break; 1935 case MODE_SENSE: 1936 case MODE_SENSE_10: 1937 buflen = scsi_disk_emulate_mode_sense(r, outbuf); 1938 if (buflen < 0) { 1939 goto illegal_request; 1940 } 1941 break; 1942 case READ_TOC: 1943 buflen = scsi_disk_emulate_read_toc(req, outbuf); 1944 if (buflen < 0) { 1945 goto illegal_request; 1946 } 1947 break; 1948 case RESERVE: 1949 if (req->cmd.buf[1] & 1) { 1950 goto illegal_request; 1951 } 1952 break; 1953 case RESERVE_10: 1954 if (req->cmd.buf[1] & 3) { 1955 goto illegal_request; 1956 } 1957 break; 1958 case RELEASE: 1959 if (req->cmd.buf[1] & 1) { 1960 goto illegal_request; 1961 } 1962 break; 1963 case RELEASE_10: 1964 if (req->cmd.buf[1] & 3) { 1965 goto illegal_request; 1966 } 1967 break; 1968 case START_STOP: 1969 if (scsi_disk_emulate_start_stop(r) < 0) { 1970 return 0; 1971 } 1972 break; 1973 case ALLOW_MEDIUM_REMOVAL: 1974 s->tray_locked = req->cmd.buf[4] & 1; 1975 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1); 1976 break; 1977 case READ_CAPACITY_10: 1978 /* The normal LEN field for this command is zero. */ 1979 memset(outbuf, 0, 8); 1980 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 1981 if (!nb_sectors) { 1982 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 1983 return 0; 1984 } 1985 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) { 1986 goto illegal_request; 1987 } 1988 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 1989 /* Returned value is the address of the last sector. */ 1990 nb_sectors--; 1991 /* Remember the new size for read/write sanity checking. */ 1992 s->qdev.max_lba = nb_sectors; 1993 /* Clip to 2TB, instead of returning capacity modulo 2TB. */ 1994 if (nb_sectors > UINT32_MAX) { 1995 nb_sectors = UINT32_MAX; 1996 } 1997 outbuf[0] = (nb_sectors >> 24) & 0xff; 1998 outbuf[1] = (nb_sectors >> 16) & 0xff; 1999 outbuf[2] = (nb_sectors >> 8) & 0xff; 2000 outbuf[3] = nb_sectors & 0xff; 2001 outbuf[4] = 0; 2002 outbuf[5] = 0; 2003 outbuf[6] = s->qdev.blocksize >> 8; 2004 outbuf[7] = 0; 2005 break; 2006 case REQUEST_SENSE: 2007 /* Just return "NO SENSE". */ 2008 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen, 2009 (req->cmd.buf[1] & 1) == 0); 2010 if (buflen < 0) { 2011 goto illegal_request; 2012 } 2013 break; 2014 case MECHANISM_STATUS: 2015 buflen = scsi_emulate_mechanism_status(s, outbuf); 2016 if (buflen < 0) { 2017 goto illegal_request; 2018 } 2019 break; 2020 case GET_CONFIGURATION: 2021 buflen = scsi_get_configuration(s, outbuf); 2022 if (buflen < 0) { 2023 goto illegal_request; 2024 } 2025 break; 2026 case GET_EVENT_STATUS_NOTIFICATION: 2027 buflen = scsi_get_event_status_notification(s, r, outbuf); 2028 if (buflen < 0) { 2029 goto illegal_request; 2030 } 2031 break; 2032 case READ_DISC_INFORMATION: 2033 buflen = scsi_read_disc_information(s, r, outbuf); 2034 if (buflen < 0) { 2035 goto illegal_request; 2036 } 2037 break; 2038 case READ_DVD_STRUCTURE: 2039 buflen = scsi_read_dvd_structure(s, r, outbuf); 2040 if (buflen < 0) { 2041 goto illegal_request; 2042 } 2043 break; 2044 case SERVICE_ACTION_IN_16: 2045 /* Service Action In subcommands. */ 2046 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { 2047 trace_scsi_disk_emulate_command_SAI_16(); 2048 memset(outbuf, 0, req->cmd.xfer); 2049 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2050 if (!nb_sectors) { 2051 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); 2052 return 0; 2053 } 2054 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) { 2055 goto illegal_request; 2056 } 2057 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2058 /* Returned value is the address of the last sector. */ 2059 nb_sectors--; 2060 /* Remember the new size for read/write sanity checking. */ 2061 s->qdev.max_lba = nb_sectors; 2062 outbuf[0] = (nb_sectors >> 56) & 0xff; 2063 outbuf[1] = (nb_sectors >> 48) & 0xff; 2064 outbuf[2] = (nb_sectors >> 40) & 0xff; 2065 outbuf[3] = (nb_sectors >> 32) & 0xff; 2066 outbuf[4] = (nb_sectors >> 24) & 0xff; 2067 outbuf[5] = (nb_sectors >> 16) & 0xff; 2068 outbuf[6] = (nb_sectors >> 8) & 0xff; 2069 outbuf[7] = nb_sectors & 0xff; 2070 outbuf[8] = 0; 2071 outbuf[9] = 0; 2072 outbuf[10] = s->qdev.blocksize >> 8; 2073 outbuf[11] = 0; 2074 outbuf[12] = 0; 2075 outbuf[13] = get_physical_block_exp(&s->qdev.conf); 2076 2077 /* set TPE bit if the format supports discard */ 2078 if (s->qdev.conf.discard_granularity) { 2079 outbuf[14] = 0x80; 2080 } 2081 2082 /* Protection, exponent and lowest lba field left blank. */ 2083 break; 2084 } 2085 trace_scsi_disk_emulate_command_SAI_unsupported(); 2086 goto illegal_request; 2087 case SYNCHRONIZE_CACHE: 2088 /* The request is used as the AIO opaque value, so add a ref. */ 2089 scsi_req_ref(&r->req); 2090 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0, 2091 BLOCK_ACCT_FLUSH); 2092 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r); 2093 return 0; 2094 case SEEK_10: 2095 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba); 2096 if (r->req.cmd.lba > s->qdev.max_lba) { 2097 goto illegal_lba; 2098 } 2099 break; 2100 case MODE_SELECT: 2101 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer); 2102 break; 2103 case MODE_SELECT_10: 2104 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer); 2105 break; 2106 case UNMAP: 2107 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer); 2108 break; 2109 case VERIFY_10: 2110 case VERIFY_12: 2111 case VERIFY_16: 2112 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3); 2113 if (req->cmd.buf[1] & 6) { 2114 goto illegal_request; 2115 } 2116 break; 2117 case WRITE_SAME_10: 2118 case WRITE_SAME_16: 2119 trace_scsi_disk_emulate_command_WRITE_SAME( 2120 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer); 2121 break; 2122 default: 2123 trace_scsi_disk_emulate_command_UNKNOWN(buf[0], 2124 scsi_command_name(buf[0])); 2125 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); 2126 return 0; 2127 } 2128 assert(!r->req.aiocb); 2129 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer); 2130 if (r->iov.iov_len == 0) { 2131 scsi_req_complete(&r->req, GOOD); 2132 } 2133 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2134 assert(r->iov.iov_len == req->cmd.xfer); 2135 return -r->iov.iov_len; 2136 } else { 2137 return r->iov.iov_len; 2138 } 2139 2140illegal_request: 2141 if (r->req.status == -1) { 2142 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2143 } 2144 return 0; 2145 2146illegal_lba: 2147 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2148 return 0; 2149} 2150 2151/* Execute a scsi command. Returns the length of the data expected by the 2152 command. This will be Positive for data transfers from the device 2153 (eg. disk reads), negative for transfers to the device (eg. disk writes), 2154 and zero if the command does not transfer any data. */ 2155 2156static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) 2157{ 2158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2160 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s)); 2161 uint32_t len; 2162 uint8_t command; 2163 2164 command = buf[0]; 2165 2166 if (!blk_is_available(s->qdev.conf.blk)) { 2167 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); 2168 return 0; 2169 } 2170 2171 len = scsi_data_cdb_xfer(r->req.cmd.buf); 2172 switch (command) { 2173 case READ_6: 2174 case READ_10: 2175 case READ_12: 2176 case READ_16: 2177 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len); 2178 /* Protection information is not supported. For SCSI versions 2 and 2179 * older (as determined by snooping the guest's INQUIRY commands), 2180 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2181 */ 2182 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2183 goto illegal_request; 2184 } 2185 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2186 goto illegal_lba; 2187 } 2188 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2189 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2190 break; 2191 case WRITE_6: 2192 case WRITE_10: 2193 case WRITE_12: 2194 case WRITE_16: 2195 case WRITE_VERIFY_10: 2196 case WRITE_VERIFY_12: 2197 case WRITE_VERIFY_16: 2198 if (!blk_is_writable(s->qdev.conf.blk)) { 2199 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); 2200 return 0; 2201 } 2202 trace_scsi_disk_dma_command_WRITE( 2203 (command & 0xe) == 0xe ? "And Verify " : "", 2204 r->req.cmd.lba, len); 2205 /* fall through */ 2206 case VERIFY_10: 2207 case VERIFY_12: 2208 case VERIFY_16: 2209 /* We get here only for BYTCHK == 0x01 and only for scsi-block. 2210 * As far as DMA is concerned, we can treat it the same as a write; 2211 * scsi_block_do_sgio will send VERIFY commands. 2212 */ 2213 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) { 2214 goto illegal_request; 2215 } 2216 if (!check_lba_range(s, r->req.cmd.lba, len)) { 2217 goto illegal_lba; 2218 } 2219 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2220 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE); 2221 break; 2222 default: 2223 abort(); 2224 illegal_request: 2225 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); 2226 return 0; 2227 illegal_lba: 2228 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); 2229 return 0; 2230 } 2231 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd); 2232 if (r->sector_count == 0) { 2233 scsi_req_complete(&r->req, GOOD); 2234 } 2235 assert(r->iov.iov_len == 0); 2236 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { 2237 return -r->sector_count * BDRV_SECTOR_SIZE; 2238 } else { 2239 return r->sector_count * BDRV_SECTOR_SIZE; 2240 } 2241} 2242 2243static void scsi_disk_reset(DeviceState *dev) 2244{ 2245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev); 2246 uint64_t nb_sectors; 2247 2248 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET)); 2249 2250 blk_get_geometry(s->qdev.conf.blk, &nb_sectors); 2251 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE; 2252 if (nb_sectors) { 2253 nb_sectors--; 2254 } 2255 s->qdev.max_lba = nb_sectors; 2256 /* reset tray statuses */ 2257 s->tray_locked = 0; 2258 s->tray_open = 0; 2259 2260 s->qdev.scsi_version = s->qdev.default_scsi_version; 2261} 2262 2263static void scsi_disk_resize_cb(void *opaque) 2264{ 2265 SCSIDiskState *s = opaque; 2266 2267 /* SPC lists this sense code as available only for 2268 * direct-access devices. 2269 */ 2270 if (s->qdev.type == TYPE_DISK) { 2271 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED)); 2272 } 2273} 2274 2275static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp) 2276{ 2277 SCSIDiskState *s = opaque; 2278 2279 /* 2280 * When a CD gets changed, we have to report an ejected state and 2281 * then a loaded state to guests so that they detect tray 2282 * open/close and media change events. Guests that do not use 2283 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close 2284 * states rely on this behavior. 2285 * 2286 * media_changed governs the state machine used for unit attention 2287 * report. media_event is used by GET EVENT STATUS NOTIFICATION. 2288 */ 2289 s->media_changed = load; 2290 s->tray_open = !load; 2291 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM)); 2292 s->media_event = true; 2293 s->eject_request = false; 2294} 2295 2296static void scsi_cd_eject_request_cb(void *opaque, bool force) 2297{ 2298 SCSIDiskState *s = opaque; 2299 2300 s->eject_request = true; 2301 if (force) { 2302 s->tray_locked = false; 2303 } 2304} 2305 2306static bool scsi_cd_is_tray_open(void *opaque) 2307{ 2308 return ((SCSIDiskState *)opaque)->tray_open; 2309} 2310 2311static bool scsi_cd_is_medium_locked(void *opaque) 2312{ 2313 return ((SCSIDiskState *)opaque)->tray_locked; 2314} 2315 2316static const BlockDevOps scsi_disk_removable_block_ops = { 2317 .change_media_cb = scsi_cd_change_media_cb, 2318 .eject_request_cb = scsi_cd_eject_request_cb, 2319 .is_tray_open = scsi_cd_is_tray_open, 2320 .is_medium_locked = scsi_cd_is_medium_locked, 2321 2322 .resize_cb = scsi_disk_resize_cb, 2323}; 2324 2325static const BlockDevOps scsi_disk_block_ops = { 2326 .resize_cb = scsi_disk_resize_cb, 2327}; 2328 2329static void scsi_disk_unit_attention_reported(SCSIDevice *dev) 2330{ 2331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2332 if (s->media_changed) { 2333 s->media_changed = false; 2334 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED)); 2335 } 2336} 2337 2338static void scsi_realize(SCSIDevice *dev, Error **errp) 2339{ 2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2341 bool read_only; 2342 2343 if (!s->qdev.conf.blk) { 2344 error_setg(errp, "drive property not set"); 2345 return; 2346 } 2347 2348 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2349 !blk_is_inserted(s->qdev.conf.blk)) { 2350 error_setg(errp, "Device needs media, but drive is empty"); 2351 return; 2352 } 2353 2354 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2355 return; 2356 } 2357 2358 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() && 2359 !s->qdev.hba_supports_iothread) 2360 { 2361 error_setg(errp, "HBA does not support iothreads"); 2362 return; 2363 } 2364 2365 if (dev->type == TYPE_DISK) { 2366 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) { 2367 return; 2368 } 2369 } 2370 2371 read_only = !blk_supports_write_perm(s->qdev.conf.blk); 2372 if (dev->type == TYPE_ROM) { 2373 read_only = true; 2374 } 2375 2376 if (!blkconf_apply_backend_options(&dev->conf, read_only, 2377 dev->type == TYPE_DISK, errp)) { 2378 return; 2379 } 2380 2381 if (s->qdev.conf.discard_granularity == -1) { 2382 s->qdev.conf.discard_granularity = 2383 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY); 2384 } 2385 2386 if (!s->version) { 2387 s->version = g_strdup(qemu_hw_version()); 2388 } 2389 if (!s->vendor) { 2390 s->vendor = g_strdup("QEMU"); 2391 } 2392 if (!s->device_id) { 2393 if (s->serial) { 2394 s->device_id = g_strdup_printf("%.20s", s->serial); 2395 } else { 2396 const char *str = blk_name(s->qdev.conf.blk); 2397 if (str && *str) { 2398 s->device_id = g_strdup(str); 2399 } 2400 } 2401 } 2402 2403 if (blk_is_sg(s->qdev.conf.blk)) { 2404 error_setg(errp, "unwanted /dev/sg*"); 2405 return; 2406 } 2407 2408 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && 2409 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) { 2410 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s); 2411 } else { 2412 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s); 2413 } 2414 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize); 2415 2416 blk_iostatus_enable(s->qdev.conf.blk); 2417 2418 add_boot_device_lchs(&dev->qdev, NULL, 2419 dev->conf.lcyls, 2420 dev->conf.lheads, 2421 dev->conf.lsecs); 2422} 2423 2424static void scsi_unrealize(SCSIDevice *dev) 2425{ 2426 del_boot_device_lchs(&dev->qdev, NULL); 2427} 2428 2429static void scsi_hd_realize(SCSIDevice *dev, Error **errp) 2430{ 2431 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2432 AioContext *ctx = NULL; 2433 /* can happen for devices without drive. The error message for missing 2434 * backend will be issued in scsi_realize 2435 */ 2436 if (s->qdev.conf.blk) { 2437 ctx = blk_get_aio_context(s->qdev.conf.blk); 2438 aio_context_acquire(ctx); 2439 if (!blkconf_blocksizes(&s->qdev.conf, errp)) { 2440 goto out; 2441 } 2442 } 2443 s->qdev.blocksize = s->qdev.conf.logical_block_size; 2444 s->qdev.type = TYPE_DISK; 2445 if (!s->product) { 2446 s->product = g_strdup("QEMU HARDDISK"); 2447 } 2448 scsi_realize(&s->qdev, errp); 2449out: 2450 if (ctx) { 2451 aio_context_release(ctx); 2452 } 2453} 2454 2455static void scsi_cd_realize(SCSIDevice *dev, Error **errp) 2456{ 2457 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2458 AioContext *ctx; 2459 int ret; 2460 2461 if (!dev->conf.blk) { 2462 /* Anonymous BlockBackend for an empty drive. As we put it into 2463 * dev->conf, qdev takes care of detaching on unplug. */ 2464 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); 2465 ret = blk_attach_dev(dev->conf.blk, &dev->qdev); 2466 assert(ret == 0); 2467 } 2468 2469 ctx = blk_get_aio_context(dev->conf.blk); 2470 aio_context_acquire(ctx); 2471 s->qdev.blocksize = 2048; 2472 s->qdev.type = TYPE_ROM; 2473 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2474 if (!s->product) { 2475 s->product = g_strdup("QEMU CD-ROM"); 2476 } 2477 scsi_realize(&s->qdev, errp); 2478 aio_context_release(ctx); 2479} 2480 2481 2482static const SCSIReqOps scsi_disk_emulate_reqops = { 2483 .size = sizeof(SCSIDiskReq), 2484 .free_req = scsi_free_request, 2485 .send_command = scsi_disk_emulate_command, 2486 .read_data = scsi_disk_emulate_read_data, 2487 .write_data = scsi_disk_emulate_write_data, 2488 .get_buf = scsi_get_buf, 2489}; 2490 2491static const SCSIReqOps scsi_disk_dma_reqops = { 2492 .size = sizeof(SCSIDiskReq), 2493 .free_req = scsi_free_request, 2494 .send_command = scsi_disk_dma_command, 2495 .read_data = scsi_read_data, 2496 .write_data = scsi_write_data, 2497 .get_buf = scsi_get_buf, 2498 .load_request = scsi_disk_load_request, 2499 .save_request = scsi_disk_save_request, 2500}; 2501 2502static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { 2503 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops, 2504 [INQUIRY] = &scsi_disk_emulate_reqops, 2505 [MODE_SENSE] = &scsi_disk_emulate_reqops, 2506 [MODE_SENSE_10] = &scsi_disk_emulate_reqops, 2507 [START_STOP] = &scsi_disk_emulate_reqops, 2508 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops, 2509 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops, 2510 [READ_TOC] = &scsi_disk_emulate_reqops, 2511 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops, 2512 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops, 2513 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops, 2514 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops, 2515 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops, 2516 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops, 2517 [REQUEST_SENSE] = &scsi_disk_emulate_reqops, 2518 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops, 2519 [SEEK_10] = &scsi_disk_emulate_reqops, 2520 [MODE_SELECT] = &scsi_disk_emulate_reqops, 2521 [MODE_SELECT_10] = &scsi_disk_emulate_reqops, 2522 [UNMAP] = &scsi_disk_emulate_reqops, 2523 [WRITE_SAME_10] = &scsi_disk_emulate_reqops, 2524 [WRITE_SAME_16] = &scsi_disk_emulate_reqops, 2525 [VERIFY_10] = &scsi_disk_emulate_reqops, 2526 [VERIFY_12] = &scsi_disk_emulate_reqops, 2527 [VERIFY_16] = &scsi_disk_emulate_reqops, 2528 2529 [READ_6] = &scsi_disk_dma_reqops, 2530 [READ_10] = &scsi_disk_dma_reqops, 2531 [READ_12] = &scsi_disk_dma_reqops, 2532 [READ_16] = &scsi_disk_dma_reqops, 2533 [WRITE_6] = &scsi_disk_dma_reqops, 2534 [WRITE_10] = &scsi_disk_dma_reqops, 2535 [WRITE_12] = &scsi_disk_dma_reqops, 2536 [WRITE_16] = &scsi_disk_dma_reqops, 2537 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops, 2538 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops, 2539 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops, 2540}; 2541 2542static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) 2543{ 2544 int i; 2545 int len = scsi_cdb_length(buf); 2546 char *line_buffer, *p; 2547 2548 assert(len > 0 && len <= 16); 2549 line_buffer = g_malloc(len * 5 + 1); 2550 2551 for (i = 0, p = line_buffer; i < len; i++) { 2552 p += sprintf(p, " 0x%02x", buf[i]); 2553 } 2554 trace_scsi_disk_new_request(lun, tag, line_buffer); 2555 2556 g_free(line_buffer); 2557} 2558 2559static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, 2560 uint8_t *buf, void *hba_private) 2561{ 2562 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2563 SCSIRequest *req; 2564 const SCSIReqOps *ops; 2565 uint8_t command; 2566 2567 command = buf[0]; 2568 ops = scsi_disk_reqops_dispatch[command]; 2569 if (!ops) { 2570 ops = &scsi_disk_emulate_reqops; 2571 } 2572 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private); 2573 2574 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) { 2575 scsi_disk_new_request_dump(lun, tag, buf); 2576 } 2577 2578 return req; 2579} 2580 2581#ifdef __linux__ 2582static int get_device_type(SCSIDiskState *s) 2583{ 2584 uint8_t cmd[16]; 2585 uint8_t buf[36]; 2586 int ret; 2587 2588 memset(cmd, 0, sizeof(cmd)); 2589 memset(buf, 0, sizeof(buf)); 2590 cmd[0] = INQUIRY; 2591 cmd[4] = sizeof(buf); 2592 2593 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd), 2594 buf, sizeof(buf), s->qdev.io_timeout); 2595 if (ret < 0) { 2596 return -1; 2597 } 2598 s->qdev.type = buf[0]; 2599 if (buf[1] & 0x80) { 2600 s->features |= 1 << SCSI_DISK_F_REMOVABLE; 2601 } 2602 return 0; 2603} 2604 2605static void scsi_block_realize(SCSIDevice *dev, Error **errp) 2606{ 2607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); 2608 AioContext *ctx; 2609 int sg_version; 2610 int rc; 2611 2612 if (!s->qdev.conf.blk) { 2613 error_setg(errp, "drive property not set"); 2614 return; 2615 } 2616 2617 if (s->rotation_rate) { 2618 error_report_once("rotation_rate is specified for scsi-block but is " 2619 "not implemented. This option is deprecated and will " 2620 "be removed in a future version"); 2621 } 2622 2623 ctx = blk_get_aio_context(s->qdev.conf.blk); 2624 aio_context_acquire(ctx); 2625 2626 /* check we are using a driver managing SG_IO (version 3 and after) */ 2627 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version); 2628 if (rc < 0) { 2629 error_setg_errno(errp, -rc, "cannot get SG_IO version number"); 2630 if (rc != -EPERM) { 2631 error_append_hint(errp, "Is this a SCSI device?\n"); 2632 } 2633 goto out; 2634 } 2635 if (sg_version < 30000) { 2636 error_setg(errp, "scsi generic interface too old"); 2637 goto out; 2638 } 2639 2640 /* get device type from INQUIRY data */ 2641 rc = get_device_type(s); 2642 if (rc < 0) { 2643 error_setg(errp, "INQUIRY failed"); 2644 goto out; 2645 } 2646 2647 /* Make a guess for the block size, we'll fix it when the guest sends. 2648 * READ CAPACITY. If they don't, they likely would assume these sizes 2649 * anyway. (TODO: check in /sys). 2650 */ 2651 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) { 2652 s->qdev.blocksize = 2048; 2653 } else { 2654 s->qdev.blocksize = 512; 2655 } 2656 2657 /* Makes the scsi-block device not removable by using HMP and QMP eject 2658 * command. 2659 */ 2660 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS); 2661 2662 scsi_realize(&s->qdev, errp); 2663 scsi_generic_read_device_inquiry(&s->qdev); 2664 2665out: 2666 aio_context_release(ctx); 2667} 2668 2669typedef struct SCSIBlockReq { 2670 SCSIDiskReq req; 2671 sg_io_hdr_t io_header; 2672 2673 /* Selected bytes of the original CDB, copied into our own CDB. */ 2674 uint8_t cmd, cdb1, group_number; 2675 2676 /* CDB passed to SG_IO. */ 2677 uint8_t cdb[16]; 2678 BlockCompletionFunc *cb; 2679 void *cb_opaque; 2680} SCSIBlockReq; 2681 2682static void scsi_block_sgio_complete(void *opaque, int ret) 2683{ 2684 SCSIBlockReq *req = (SCSIBlockReq *)opaque; 2685 SCSIDiskReq *r = &req->req; 2686 SCSIDevice *s = r->req.dev; 2687 sg_io_hdr_t *io_hdr = &req->io_header; 2688 2689 if (ret == 0) { 2690 if (io_hdr->host_status != SCSI_HOST_OK) { 2691 scsi_req_complete_failed(&r->req, io_hdr->host_status); 2692 scsi_req_unref(&r->req); 2693 return; 2694 } 2695 2696 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) { 2697 ret = BUSY; 2698 } else { 2699 ret = io_hdr->status; 2700 } 2701 2702 if (ret > 0) { 2703 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 2704 if (scsi_handle_rw_error(r, ret, true)) { 2705 aio_context_release(blk_get_aio_context(s->conf.blk)); 2706 scsi_req_unref(&r->req); 2707 return; 2708 } 2709 aio_context_release(blk_get_aio_context(s->conf.blk)); 2710 2711 /* Ignore error. */ 2712 ret = 0; 2713 } 2714 } 2715 2716 req->cb(req->cb_opaque, ret); 2717} 2718 2719static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req, 2720 int64_t offset, QEMUIOVector *iov, 2721 int direction, 2722 BlockCompletionFunc *cb, void *opaque) 2723{ 2724 sg_io_hdr_t *io_header = &req->io_header; 2725 SCSIDiskReq *r = &req->req; 2726 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2727 int nb_logical_blocks; 2728 uint64_t lba; 2729 BlockAIOCB *aiocb; 2730 2731 /* This is not supported yet. It can only happen if the guest does 2732 * reads and writes that are not aligned to one logical sectors 2733 * _and_ cover multiple MemoryRegions. 2734 */ 2735 assert(offset % s->qdev.blocksize == 0); 2736 assert(iov->size % s->qdev.blocksize == 0); 2737 2738 io_header->interface_id = 'S'; 2739 2740 /* The data transfer comes from the QEMUIOVector. */ 2741 io_header->dxfer_direction = direction; 2742 io_header->dxfer_len = iov->size; 2743 io_header->dxferp = (void *)iov->iov; 2744 io_header->iovec_count = iov->niov; 2745 assert(io_header->iovec_count == iov->niov); /* no overflow! */ 2746 2747 /* Build a new CDB with the LBA and length patched in, in case 2748 * DMA helpers split the transfer in multiple segments. Do not 2749 * build a CDB smaller than what the guest wanted, and only build 2750 * a larger one if strictly necessary. 2751 */ 2752 io_header->cmdp = req->cdb; 2753 lba = offset / s->qdev.blocksize; 2754 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize; 2755 2756 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) { 2757 /* 6-byte CDB */ 2758 stl_be_p(&req->cdb[0], lba | (req->cmd << 24)); 2759 req->cdb[4] = nb_logical_blocks; 2760 req->cdb[5] = 0; 2761 io_header->cmd_len = 6; 2762 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) { 2763 /* 10-byte CDB */ 2764 req->cdb[0] = (req->cmd & 0x1f) | 0x20; 2765 req->cdb[1] = req->cdb1; 2766 stl_be_p(&req->cdb[2], lba); 2767 req->cdb[6] = req->group_number; 2768 stw_be_p(&req->cdb[7], nb_logical_blocks); 2769 req->cdb[9] = 0; 2770 io_header->cmd_len = 10; 2771 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) { 2772 /* 12-byte CDB */ 2773 req->cdb[0] = (req->cmd & 0x1f) | 0xA0; 2774 req->cdb[1] = req->cdb1; 2775 stl_be_p(&req->cdb[2], lba); 2776 stl_be_p(&req->cdb[6], nb_logical_blocks); 2777 req->cdb[10] = req->group_number; 2778 req->cdb[11] = 0; 2779 io_header->cmd_len = 12; 2780 } else { 2781 /* 16-byte CDB */ 2782 req->cdb[0] = (req->cmd & 0x1f) | 0x80; 2783 req->cdb[1] = req->cdb1; 2784 stq_be_p(&req->cdb[2], lba); 2785 stl_be_p(&req->cdb[10], nb_logical_blocks); 2786 req->cdb[14] = req->group_number; 2787 req->cdb[15] = 0; 2788 io_header->cmd_len = 16; 2789 } 2790 2791 /* The rest is as in scsi-generic.c. */ 2792 io_header->mx_sb_len = sizeof(r->req.sense); 2793 io_header->sbp = r->req.sense; 2794 io_header->timeout = s->qdev.io_timeout * 1000; 2795 io_header->usr_ptr = r; 2796 io_header->flags |= SG_FLAG_DIRECT_IO; 2797 req->cb = cb; 2798 req->cb_opaque = opaque; 2799 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba, 2800 nb_logical_blocks, io_header->timeout); 2801 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req); 2802 assert(aiocb != NULL); 2803 return aiocb; 2804} 2805 2806static bool scsi_block_no_fua(SCSICommand *cmd) 2807{ 2808 return false; 2809} 2810 2811static BlockAIOCB *scsi_block_dma_readv(int64_t offset, 2812 QEMUIOVector *iov, 2813 BlockCompletionFunc *cb, void *cb_opaque, 2814 void *opaque) 2815{ 2816 SCSIBlockReq *r = opaque; 2817 return scsi_block_do_sgio(r, offset, iov, 2818 SG_DXFER_FROM_DEV, cb, cb_opaque); 2819} 2820 2821static BlockAIOCB *scsi_block_dma_writev(int64_t offset, 2822 QEMUIOVector *iov, 2823 BlockCompletionFunc *cb, void *cb_opaque, 2824 void *opaque) 2825{ 2826 SCSIBlockReq *r = opaque; 2827 return scsi_block_do_sgio(r, offset, iov, 2828 SG_DXFER_TO_DEV, cb, cb_opaque); 2829} 2830 2831static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf) 2832{ 2833 switch (buf[0]) { 2834 case VERIFY_10: 2835 case VERIFY_12: 2836 case VERIFY_16: 2837 /* Check if BYTCHK == 0x01 (data-out buffer contains data 2838 * for the number of logical blocks specified in the length 2839 * field). For other modes, do not use scatter/gather operation. 2840 */ 2841 if ((buf[1] & 6) == 2) { 2842 return false; 2843 } 2844 break; 2845 2846 case READ_6: 2847 case READ_10: 2848 case READ_12: 2849 case READ_16: 2850 case WRITE_6: 2851 case WRITE_10: 2852 case WRITE_12: 2853 case WRITE_16: 2854 case WRITE_VERIFY_10: 2855 case WRITE_VERIFY_12: 2856 case WRITE_VERIFY_16: 2857 /* MMC writing cannot be done via DMA helpers, because it sometimes 2858 * involves writing beyond the maximum LBA or to negative LBA (lead-in). 2859 * We might use scsi_block_dma_reqops as long as no writing commands are 2860 * seen, but performance usually isn't paramount on optical media. So, 2861 * just make scsi-block operate the same as scsi-generic for them. 2862 */ 2863 if (s->qdev.type != TYPE_ROM) { 2864 return false; 2865 } 2866 break; 2867 2868 default: 2869 break; 2870 } 2871 2872 return true; 2873} 2874 2875 2876static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf) 2877{ 2878 SCSIBlockReq *r = (SCSIBlockReq *)req; 2879 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); 2880 2881 r->cmd = req->cmd.buf[0]; 2882 switch (r->cmd >> 5) { 2883 case 0: 2884 /* 6-byte CDB. */ 2885 r->cdb1 = r->group_number = 0; 2886 break; 2887 case 1: 2888 /* 10-byte CDB. */ 2889 r->cdb1 = req->cmd.buf[1]; 2890 r->group_number = req->cmd.buf[6]; 2891 break; 2892 case 4: 2893 /* 12-byte CDB. */ 2894 r->cdb1 = req->cmd.buf[1]; 2895 r->group_number = req->cmd.buf[10]; 2896 break; 2897 case 5: 2898 /* 16-byte CDB. */ 2899 r->cdb1 = req->cmd.buf[1]; 2900 r->group_number = req->cmd.buf[14]; 2901 break; 2902 default: 2903 abort(); 2904 } 2905 2906 /* Protection information is not supported. For SCSI versions 2 and 2907 * older (as determined by snooping the guest's INQUIRY commands), 2908 * there is no RD/WR/VRPROTECT, so skip this check in these versions. 2909 */ 2910 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) { 2911 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD)); 2912 return 0; 2913 } 2914 2915 return scsi_disk_dma_command(req, buf); 2916} 2917 2918static const SCSIReqOps scsi_block_dma_reqops = { 2919 .size = sizeof(SCSIBlockReq), 2920 .free_req = scsi_free_request, 2921 .send_command = scsi_block_dma_command, 2922 .read_data = scsi_read_data, 2923 .write_data = scsi_write_data, 2924 .get_buf = scsi_get_buf, 2925 .load_request = scsi_disk_load_request, 2926 .save_request = scsi_disk_save_request, 2927}; 2928 2929static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, 2930 uint32_t lun, uint8_t *buf, 2931 void *hba_private) 2932{ 2933 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2934 2935 if (scsi_block_is_passthrough(s, buf)) { 2936 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun, 2937 hba_private); 2938 } else { 2939 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun, 2940 hba_private); 2941 } 2942} 2943 2944static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd, 2945 uint8_t *buf, void *hba_private) 2946{ 2947 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); 2948 2949 if (scsi_block_is_passthrough(s, buf)) { 2950 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private); 2951 } else { 2952 return scsi_req_parse_cdb(&s->qdev, cmd, buf); 2953 } 2954} 2955 2956static void scsi_block_update_sense(SCSIRequest *req) 2957{ 2958 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); 2959 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r); 2960 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense)); 2961} 2962#endif 2963 2964static 2965BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov, 2966 BlockCompletionFunc *cb, void *cb_opaque, 2967 void *opaque) 2968{ 2969 SCSIDiskReq *r = opaque; 2970 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2971 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2972} 2973 2974static 2975BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov, 2976 BlockCompletionFunc *cb, void *cb_opaque, 2977 void *opaque) 2978{ 2979 SCSIDiskReq *r = opaque; 2980 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); 2981 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque); 2982} 2983 2984static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data) 2985{ 2986 DeviceClass *dc = DEVICE_CLASS(klass); 2987 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 2988 2989 dc->fw_name = "disk"; 2990 dc->reset = scsi_disk_reset; 2991 sdc->dma_readv = scsi_dma_readv; 2992 sdc->dma_writev = scsi_dma_writev; 2993 sdc->need_fua_emulation = scsi_is_cmd_fua; 2994} 2995 2996static const TypeInfo scsi_disk_base_info = { 2997 .name = TYPE_SCSI_DISK_BASE, 2998 .parent = TYPE_SCSI_DEVICE, 2999 .class_init = scsi_disk_base_class_initfn, 3000 .instance_size = sizeof(SCSIDiskState), 3001 .class_size = sizeof(SCSIDiskClass), 3002 .abstract = true, 3003}; 3004 3005#define DEFINE_SCSI_DISK_PROPERTIES() \ 3006 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \ 3007 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \ 3008 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \ 3009 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ 3010 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \ 3011 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \ 3012 DEFINE_PROP_STRING("product", SCSIDiskState, product), \ 3013 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id) 3014 3015 3016static Property scsi_hd_properties[] = { 3017 DEFINE_SCSI_DISK_PROPERTIES(), 3018 DEFINE_PROP_BIT("removable", SCSIDiskState, features, 3019 SCSI_DISK_F_REMOVABLE, false), 3020 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features, 3021 SCSI_DISK_F_DPOFUA, false), 3022 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3023 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3024 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3025 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3026 DEFAULT_MAX_UNMAP_SIZE), 3027 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3028 DEFAULT_MAX_IO_SIZE), 3029 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3030 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3031 5), 3032 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), 3033 DEFINE_PROP_END_OF_LIST(), 3034}; 3035 3036static const VMStateDescription vmstate_scsi_disk_state = { 3037 .name = "scsi-disk", 3038 .version_id = 1, 3039 .minimum_version_id = 1, 3040 .fields = (VMStateField[]) { 3041 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), 3042 VMSTATE_BOOL(media_changed, SCSIDiskState), 3043 VMSTATE_BOOL(media_event, SCSIDiskState), 3044 VMSTATE_BOOL(eject_request, SCSIDiskState), 3045 VMSTATE_BOOL(tray_open, SCSIDiskState), 3046 VMSTATE_BOOL(tray_locked, SCSIDiskState), 3047 VMSTATE_END_OF_LIST() 3048 } 3049}; 3050 3051static void scsi_hd_class_initfn(ObjectClass *klass, void *data) 3052{ 3053 DeviceClass *dc = DEVICE_CLASS(klass); 3054 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3055 3056 sc->realize = scsi_hd_realize; 3057 sc->unrealize = scsi_unrealize; 3058 sc->alloc_req = scsi_new_request; 3059 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3060 dc->desc = "virtual SCSI disk"; 3061 device_class_set_props(dc, scsi_hd_properties); 3062 dc->vmsd = &vmstate_scsi_disk_state; 3063} 3064 3065static const TypeInfo scsi_hd_info = { 3066 .name = "scsi-hd", 3067 .parent = TYPE_SCSI_DISK_BASE, 3068 .class_init = scsi_hd_class_initfn, 3069}; 3070 3071static Property scsi_cd_properties[] = { 3072 DEFINE_SCSI_DISK_PROPERTIES(), 3073 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0), 3074 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0), 3075 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0), 3076 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3077 DEFAULT_MAX_IO_SIZE), 3078 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3079 5), 3080 DEFINE_PROP_END_OF_LIST(), 3081}; 3082 3083static void scsi_cd_class_initfn(ObjectClass *klass, void *data) 3084{ 3085 DeviceClass *dc = DEVICE_CLASS(klass); 3086 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3087 3088 sc->realize = scsi_cd_realize; 3089 sc->alloc_req = scsi_new_request; 3090 sc->unit_attention_reported = scsi_disk_unit_attention_reported; 3091 dc->desc = "virtual SCSI CD-ROM"; 3092 device_class_set_props(dc, scsi_cd_properties); 3093 dc->vmsd = &vmstate_scsi_disk_state; 3094} 3095 3096static const TypeInfo scsi_cd_info = { 3097 .name = "scsi-cd", 3098 .parent = TYPE_SCSI_DISK_BASE, 3099 .class_init = scsi_cd_class_initfn, 3100}; 3101 3102#ifdef __linux__ 3103static Property scsi_block_properties[] = { 3104 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), 3105 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk), 3106 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false), 3107 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), 3108 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, 3109 DEFAULT_MAX_UNMAP_SIZE), 3110 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size, 3111 DEFAULT_MAX_IO_SIZE), 3112 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version, 3113 -1), 3114 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout, 3115 DEFAULT_IO_TIMEOUT), 3116 DEFINE_PROP_END_OF_LIST(), 3117}; 3118 3119static void scsi_block_class_initfn(ObjectClass *klass, void *data) 3120{ 3121 DeviceClass *dc = DEVICE_CLASS(klass); 3122 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass); 3123 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass); 3124 3125 sc->realize = scsi_block_realize; 3126 sc->alloc_req = scsi_block_new_request; 3127 sc->parse_cdb = scsi_block_parse_cdb; 3128 sdc->dma_readv = scsi_block_dma_readv; 3129 sdc->dma_writev = scsi_block_dma_writev; 3130 sdc->update_sense = scsi_block_update_sense; 3131 sdc->need_fua_emulation = scsi_block_no_fua; 3132 dc->desc = "SCSI block device passthrough"; 3133 device_class_set_props(dc, scsi_block_properties); 3134 dc->vmsd = &vmstate_scsi_disk_state; 3135} 3136 3137static const TypeInfo scsi_block_info = { 3138 .name = "scsi-block", 3139 .parent = TYPE_SCSI_DISK_BASE, 3140 .class_init = scsi_block_class_initfn, 3141}; 3142#endif 3143 3144static void scsi_disk_register_types(void) 3145{ 3146 type_register_static(&scsi_disk_base_info); 3147 type_register_static(&scsi_hd_info); 3148 type_register_static(&scsi_cd_info); 3149#ifdef __linux__ 3150 type_register_static(&scsi_block_info); 3151#endif 3152} 3153 3154type_init(scsi_disk_register_types)