xref: /illumos-kvm-cmd/hw/scsi-disk.c (revision 68396ea9)
1 /*
2  * SCSI Device emulation
3  *
4  * Copyright (c) 2006 CodeSourcery.
5  * Based on code by Fabrice Bellard
6  *
7  * Written by Paul Brook
8  * Modifications:
9  *  2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10  *                                 when the allocation length of CDB is smaller
11  *                                 than 36.
12  *  2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13  *                                 MODE SENSE response.
14  *
15  * This code is licenced under the LGPL.
16  *
17  * Note that this file only handles the SCSI architecture model and device
18  * commands.  Emulation of interface/link layer protocols is handled by
19  * the host adapter emulator.
20  */
21 
22 //#define DEBUG_SCSI
23 
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30 
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33 
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 
41 #define SCSI_DMA_BUF_SIZE    131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43 
44 #define SCSI_REQ_STATUS_RETRY           0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ      0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE     0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH     0x04
49 
50 typedef struct SCSIDiskState SCSIDiskState;
51 
52 typedef struct SCSISense {
53     uint8_t key;
54 } SCSISense;
55 
56 typedef struct SCSIDiskReq {
57     SCSIRequest req;
58     /* ??? We should probably keep track of whether the data transfer is
59        a read or a write.  Currently we rely on the host getting it right.  */
60     /* Both sector and sector_count are in terms of qemu 512 byte blocks.  */
61     uint64_t sector;
62     uint32_t sector_count;
63     struct iovec iov;
64     QEMUIOVector qiov;
65     uint32_t status;
66 } SCSIDiskReq;
67 
68 struct SCSIDiskState
69 {
70     SCSIDevice qdev;
71     BlockDriverState *bs;
72     /* The qemu block layer uses a fixed 512 byte sector size.
73        This is the number of 512 byte blocks in a single scsi sector.  */
74     int cluster_size;
75     uint32_t removable;
76     uint64_t max_lba;
77     QEMUBH *bh;
78     char *version;
79     char *serial;
80     SCSISense sense;
81 };
82 
83 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
84 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
85 
scsi_new_request(SCSIDiskState * s,uint32_t tag,uint32_t lun)86 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
87         uint32_t lun)
88 {
89     SCSIRequest *req;
90     SCSIDiskReq *r;
91 
92     req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
93     r = DO_UPCAST(SCSIDiskReq, req, req);
94     r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
95     return r;
96 }
97 
scsi_remove_request(SCSIDiskReq * r)98 static void scsi_remove_request(SCSIDiskReq *r)
99 {
100     qemu_vfree(r->iov.iov_base);
101     scsi_req_free(&r->req);
102 }
103 
scsi_find_request(SCSIDiskState * s,uint32_t tag)104 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
105 {
106     return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
107 }
108 
scsi_disk_clear_sense(SCSIDiskState * s)109 static void scsi_disk_clear_sense(SCSIDiskState *s)
110 {
111     memset(&s->sense, 0, sizeof(s->sense));
112 }
113 
scsi_disk_set_sense(SCSIDiskState * s,uint8_t key)114 static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
115 {
116     s->sense.key = key;
117 }
118 
scsi_req_set_status(SCSIDiskReq * r,int status,int sense_code)119 static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
120 {
121     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122 
123     r->req.status = status;
124     scsi_disk_set_sense(s, sense_code);
125 }
126 
127 /* Helper function for command completion.  */
scsi_command_complete(SCSIDiskReq * r,int status,int sense)128 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
129 {
130     DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
131             r->req.tag, status, sense);
132     scsi_req_set_status(r, status, sense);
133     scsi_req_complete(&r->req);
134     scsi_remove_request(r);
135 }
136 
137 /* Cancel a pending data transfer.  */
scsi_cancel_io(SCSIDevice * d,uint32_t tag)138 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
139 {
140     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
141     SCSIDiskReq *r;
142     DPRINTF("Cancel tag=0x%x\n", tag);
143     r = scsi_find_request(s, tag);
144     if (r) {
145         if (r->req.aiocb)
146             bdrv_aio_cancel(r->req.aiocb);
147         r->req.aiocb = NULL;
148         scsi_remove_request(r);
149     }
150 }
151 
scsi_read_complete(void * opaque,int ret)152 static void scsi_read_complete(void * opaque, int ret)
153 {
154     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
155     int n;
156 
157     r->req.aiocb = NULL;
158 
159     if (ret) {
160         if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
161             return;
162         }
163     }
164 
165     DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
166 
167     n = r->iov.iov_len / 512;
168     r->sector += n;
169     r->sector_count -= n;
170     r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
171 }
172 
173 
scsi_read_request(SCSIDiskReq * r)174 static void scsi_read_request(SCSIDiskReq *r)
175 {
176     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
177     uint32_t n;
178 
179     if (r->sector_count == (uint32_t)-1) {
180         DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
181         r->sector_count = 0;
182         r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
183         return;
184     }
185     DPRINTF("Read sector_count=%d\n", r->sector_count);
186     if (r->sector_count == 0) {
187         scsi_command_complete(r, GOOD, NO_SENSE);
188         return;
189     }
190 
191     /* No data transfer may already be in progress */
192     assert(r->req.aiocb == NULL);
193 
194     n = r->sector_count;
195     if (n > SCSI_DMA_BUF_SIZE / 512)
196         n = SCSI_DMA_BUF_SIZE / 512;
197 
198     r->iov.iov_len = n * 512;
199     qemu_iovec_init_external(&r->qiov, &r->iov, 1);
200     r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
201                               scsi_read_complete, r);
202     if (r->req.aiocb == NULL) {
203         scsi_read_complete(r, -EIO);
204     }
205 }
206 
207 /* Read more data from scsi device into buffer.  */
scsi_read_data(SCSIDevice * d,uint32_t tag)208 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
209 {
210     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
211     SCSIDiskReq *r;
212 
213     r = scsi_find_request(s, tag);
214     if (!r) {
215         BADF("Bad read tag 0x%x\n", tag);
216         /* ??? This is the wrong error.  */
217         scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
218         return;
219     }
220 
221     scsi_read_request(r);
222 }
223 
scsi_handle_rw_error(SCSIDiskReq * r,int error,int type)224 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
225 {
226     int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
227     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
228     BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
229 
230     if (action == BLOCK_ERR_IGNORE) {
231         bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
232         return 0;
233     }
234 
235     if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
236             || action == BLOCK_ERR_STOP_ANY) {
237 
238         type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
239         r->status |= SCSI_REQ_STATUS_RETRY | type;
240 
241         bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
242         vm_stop(0);
243     } else {
244         if (type == SCSI_REQ_STATUS_RETRY_READ) {
245             r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
246         }
247         scsi_command_complete(r, CHECK_CONDITION,
248                 HARDWARE_ERROR);
249         bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
250     }
251 
252     return 1;
253 }
254 
scsi_write_complete(void * opaque,int ret)255 static void scsi_write_complete(void * opaque, int ret)
256 {
257     SCSIDiskReq *r = (SCSIDiskReq *)opaque;
258     uint32_t len;
259     uint32_t n;
260 
261     r->req.aiocb = NULL;
262 
263     if (ret) {
264         if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
265             return;
266         }
267     }
268 
269     n = r->iov.iov_len / 512;
270     r->sector += n;
271     r->sector_count -= n;
272     if (r->sector_count == 0) {
273         scsi_command_complete(r, GOOD, NO_SENSE);
274     } else {
275         len = r->sector_count * 512;
276         if (len > SCSI_DMA_BUF_SIZE) {
277             len = SCSI_DMA_BUF_SIZE;
278         }
279         r->iov.iov_len = len;
280         DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
281         r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
282     }
283 }
284 
scsi_write_request(SCSIDiskReq * r)285 static void scsi_write_request(SCSIDiskReq *r)
286 {
287     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
288     uint32_t n;
289 
290     /* No data transfer may already be in progress */
291     assert(r->req.aiocb == NULL);
292 
293     n = r->iov.iov_len / 512;
294     if (n) {
295         qemu_iovec_init_external(&r->qiov, &r->iov, 1);
296         r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
297                                    scsi_write_complete, r);
298         if (r->req.aiocb == NULL) {
299             scsi_write_complete(r, -EIO);
300         }
301     } else {
302         /* Invoke completion routine to fetch data from host.  */
303         scsi_write_complete(r, 0);
304     }
305 }
306 
307 /* Write data to a scsi device.  Returns nonzero on failure.
308    The transfer may complete asynchronously.  */
scsi_write_data(SCSIDevice * d,uint32_t tag)309 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
310 {
311     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
312     SCSIDiskReq *r;
313 
314     DPRINTF("Write data tag=0x%x\n", tag);
315     r = scsi_find_request(s, tag);
316     if (!r) {
317         BADF("Bad write tag 0x%x\n", tag);
318         scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
319         return 1;
320     }
321 
322     scsi_write_request(r);
323 
324     return 0;
325 }
326 
scsi_dma_restart_bh(void * opaque)327 static void scsi_dma_restart_bh(void *opaque)
328 {
329     SCSIDiskState *s = opaque;
330     SCSIRequest *req;
331     SCSIDiskReq *r;
332 
333     qemu_bh_delete(s->bh);
334     s->bh = NULL;
335 
336     QTAILQ_FOREACH(req, &s->qdev.requests, next) {
337         r = DO_UPCAST(SCSIDiskReq, req, req);
338         if (r->status & SCSI_REQ_STATUS_RETRY) {
339             int status = r->status;
340             int ret;
341 
342             r->status &=
343                 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
344 
345             switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
346             case SCSI_REQ_STATUS_RETRY_READ:
347                 scsi_read_request(r);
348                 break;
349             case SCSI_REQ_STATUS_RETRY_WRITE:
350                 scsi_write_request(r);
351                 break;
352             case SCSI_REQ_STATUS_RETRY_FLUSH:
353                 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
354                 if (ret == 0) {
355                     scsi_command_complete(r, GOOD, NO_SENSE);
356                 }
357             }
358         }
359     }
360 }
361 
scsi_dma_restart_cb(void * opaque,int running,int reason)362 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
363 {
364     SCSIDiskState *s = opaque;
365 
366     if (!running)
367         return;
368 
369     if (!s->bh) {
370         s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
371         qemu_bh_schedule(s->bh);
372     }
373 }
374 
375 /* Return a pointer to the data buffer.  */
scsi_get_buf(SCSIDevice * d,uint32_t tag)376 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
377 {
378     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
379     SCSIDiskReq *r;
380 
381     r = scsi_find_request(s, tag);
382     if (!r) {
383         BADF("Bad buffer tag 0x%x\n", tag);
384         return NULL;
385     }
386     return (uint8_t *)r->iov.iov_base;
387 }
388 
scsi_disk_emulate_inquiry(SCSIRequest * req,uint8_t * outbuf)389 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
390 {
391     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
392     int buflen = 0;
393 
394     if (req->cmd.buf[1] & 0x2) {
395         /* Command support data - optional, not implemented */
396         BADF("optional INQUIRY command support request not implemented\n");
397         return -1;
398     }
399 
400     if (req->cmd.buf[1] & 0x1) {
401         /* Vital product data */
402         uint8_t page_code = req->cmd.buf[2];
403         if (req->cmd.xfer < 4) {
404             BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
405                  "less than 4\n", page_code, req->cmd.xfer);
406             return -1;
407         }
408 
409         if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
410             outbuf[buflen++] = 5;
411         } else {
412             outbuf[buflen++] = 0;
413         }
414         outbuf[buflen++] = page_code ; // this page
415         outbuf[buflen++] = 0x00;
416 
417         switch (page_code) {
418         case 0x00: /* Supported page codes, mandatory */
419         {
420             int pages;
421             DPRINTF("Inquiry EVPD[Supported pages] "
422                     "buffer size %zd\n", req->cmd.xfer);
423             pages = buflen++;
424             outbuf[buflen++] = 0x00; // list of supported pages (this page)
425             outbuf[buflen++] = 0x80; // unit serial number
426             outbuf[buflen++] = 0x83; // device identification
427             if (bdrv_get_type_hint(s->bs) != BDRV_TYPE_CDROM) {
428                 outbuf[buflen++] = 0xb0; // block limits
429                 outbuf[buflen++] = 0xb2; // thin provisioning
430             }
431             outbuf[pages] = buflen - pages - 1; // number of pages
432             break;
433         }
434         case 0x80: /* Device serial number, optional */
435         {
436             int l = strlen(s->serial);
437 
438             if (l > req->cmd.xfer)
439                 l = req->cmd.xfer;
440             if (l > 20)
441                 l = 20;
442 
443             DPRINTF("Inquiry EVPD[Serial number] "
444                     "buffer size %zd\n", req->cmd.xfer);
445             outbuf[buflen++] = l;
446             memcpy(outbuf+buflen, s->serial, l);
447             buflen += l;
448             break;
449         }
450 
451         case 0x83: /* Device identification page, mandatory */
452         {
453             int max_len = 255 - 8;
454             int id_len = strlen(bdrv_get_device_name(s->bs));
455 
456             if (id_len > max_len)
457                 id_len = max_len;
458             DPRINTF("Inquiry EVPD[Device identification] "
459                     "buffer size %zd\n", req->cmd.xfer);
460 
461             outbuf[buflen++] = 4 + id_len;
462             outbuf[buflen++] = 0x2; // ASCII
463             outbuf[buflen++] = 0;   // not officially assigned
464             outbuf[buflen++] = 0;   // reserved
465             outbuf[buflen++] = id_len; // length of data following
466 
467             memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
468             buflen += id_len;
469             break;
470         }
471         case 0xb0: /* block limits */
472         {
473             unsigned int unmap_sectors =
474                     s->qdev.conf.discard_granularity / s->qdev.blocksize;
475             unsigned int min_io_size =
476                     s->qdev.conf.min_io_size / s->qdev.blocksize;
477             unsigned int opt_io_size =
478                     s->qdev.conf.opt_io_size / s->qdev.blocksize;
479 
480             if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
481                 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
482                         page_code);
483                 return -1;
484             }
485             /* required VPD size with unmap support */
486             outbuf[3] = buflen = 0x3c;
487 
488             memset(outbuf + 4, 0, buflen - 4);
489 
490             /* optimal transfer length granularity */
491             outbuf[6] = (min_io_size >> 8) & 0xff;
492             outbuf[7] = min_io_size & 0xff;
493 
494             /* optimal transfer length */
495             outbuf[12] = (opt_io_size >> 24) & 0xff;
496             outbuf[13] = (opt_io_size >> 16) & 0xff;
497             outbuf[14] = (opt_io_size >> 8) & 0xff;
498             outbuf[15] = opt_io_size & 0xff;
499 
500             /* optimal unmap granularity */
501             outbuf[28] = (unmap_sectors >> 24) & 0xff;
502             outbuf[29] = (unmap_sectors >> 16) & 0xff;
503             outbuf[30] = (unmap_sectors >> 8) & 0xff;
504             outbuf[31] = unmap_sectors & 0xff;
505             break;
506         }
507         case 0xb2: /* thin provisioning */
508         {
509             outbuf[3] = buflen = 8;
510             outbuf[4] = 0;
511             outbuf[5] = 0x40; /* write same with unmap supported */
512             outbuf[6] = 0;
513             outbuf[7] = 0;
514             break;
515         }
516         default:
517             BADF("Error: unsupported Inquiry (EVPD[%02X]) "
518                  "buffer size %zd\n", page_code, req->cmd.xfer);
519             return -1;
520         }
521         /* done with EVPD */
522         return buflen;
523     }
524 
525     /* Standard INQUIRY data */
526     if (req->cmd.buf[2] != 0) {
527         BADF("Error: Inquiry (STANDARD) page or code "
528              "is non-zero [%02X]\n", req->cmd.buf[2]);
529         return -1;
530     }
531 
532     /* PAGE CODE == 0 */
533     if (req->cmd.xfer < 5) {
534         BADF("Error: Inquiry (STANDARD) buffer size %zd "
535              "is less than 5\n", req->cmd.xfer);
536         return -1;
537     }
538 
539     buflen = req->cmd.xfer;
540     if (buflen > SCSI_MAX_INQUIRY_LEN)
541         buflen = SCSI_MAX_INQUIRY_LEN;
542 
543     memset(outbuf, 0, buflen);
544 
545     if (req->lun || req->cmd.buf[1] >> 5) {
546         outbuf[0] = 0x7f;	/* LUN not supported */
547         return buflen;
548     }
549 
550     if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
551         outbuf[0] = 5;
552         outbuf[1] = 0x80;
553         memcpy(&outbuf[16], "QEMU CD-ROM     ", 16);
554     } else {
555         outbuf[0] = 0;
556         outbuf[1] = s->removable ? 0x80 : 0;
557         memcpy(&outbuf[16], "QEMU HARDDISK   ", 16);
558     }
559     memcpy(&outbuf[8], "QEMU    ", 8);
560     memset(&outbuf[32], 0, 4);
561     memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
562     /*
563      * We claim conformance to SPC-3, which is required for guests
564      * to ask for modern features like READ CAPACITY(16) or the
565      * block characteristics VPD page by default.  Not all of SPC-3
566      * is actually implemented, but we're good enough.
567      */
568     outbuf[2] = 5;
569     outbuf[3] = 2; /* Format 2 */
570 
571     if (buflen > 36) {
572         outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
573     } else {
574         /* If the allocation length of CDB is too small,
575                the additional length is not adjusted */
576         outbuf[4] = 36 - 5;
577     }
578 
579     /* Sync data transfer and TCQ.  */
580     outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
581     return buflen;
582 }
583 
mode_sense_page(SCSIRequest * req,int page,uint8_t * p,int page_control)584 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
585                            int page_control)
586 {
587     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
588     BlockDriverState *bdrv = s->bs;
589     int cylinders, heads, secs;
590 
591     /*
592      * If Changeable Values are requested, a mask denoting those mode parameters
593      * that are changeable shall be returned. As we currently don't support
594      * parameter changes via MODE_SELECT all bits are returned set to zero.
595      * The buffer was already menset to zero by the caller of this function.
596      */
597     switch (page) {
598     case 4: /* Rigid disk device geometry page. */
599         p[0] = 4;
600         p[1] = 0x16;
601         if (page_control == 1) { /* Changeable Values */
602             return p[1] + 2;
603         }
604         /* if a geometry hint is available, use it */
605         bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
606         p[2] = (cylinders >> 16) & 0xff;
607         p[3] = (cylinders >> 8) & 0xff;
608         p[4] = cylinders & 0xff;
609         p[5] = heads & 0xff;
610         /* Write precomp start cylinder, disabled */
611         p[6] = (cylinders >> 16) & 0xff;
612         p[7] = (cylinders >> 8) & 0xff;
613         p[8] = cylinders & 0xff;
614         /* Reduced current start cylinder, disabled */
615         p[9] = (cylinders >> 16) & 0xff;
616         p[10] = (cylinders >> 8) & 0xff;
617         p[11] = cylinders & 0xff;
618         /* Device step rate [ns], 200ns */
619         p[12] = 0;
620         p[13] = 200;
621         /* Landing zone cylinder */
622         p[14] = 0xff;
623         p[15] =  0xff;
624         p[16] = 0xff;
625         /* Medium rotation rate [rpm], 5400 rpm */
626         p[20] = (5400 >> 8) & 0xff;
627         p[21] = 5400 & 0xff;
628         return p[1] + 2;
629 
630     case 5: /* Flexible disk device geometry page. */
631         p[0] = 5;
632         p[1] = 0x1e;
633         if (page_control == 1) { /* Changeable Values */
634             return p[1] + 2;
635         }
636         /* Transfer rate [kbit/s], 5Mbit/s */
637         p[2] = 5000 >> 8;
638         p[3] = 5000 & 0xff;
639         /* if a geometry hint is available, use it */
640         bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
641         p[4] = heads & 0xff;
642         p[5] = secs & 0xff;
643         p[6] = s->cluster_size * 2;
644         p[8] = (cylinders >> 8) & 0xff;
645         p[9] = cylinders & 0xff;
646         /* Write precomp start cylinder, disabled */
647         p[10] = (cylinders >> 8) & 0xff;
648         p[11] = cylinders & 0xff;
649         /* Reduced current start cylinder, disabled */
650         p[12] = (cylinders >> 8) & 0xff;
651         p[13] = cylinders & 0xff;
652         /* Device step rate [100us], 100us */
653         p[14] = 0;
654         p[15] = 1;
655         /* Device step pulse width [us], 1us */
656         p[16] = 1;
657         /* Device head settle delay [100us], 100us */
658         p[17] = 0;
659         p[18] = 1;
660         /* Motor on delay [0.1s], 0.1s */
661         p[19] = 1;
662         /* Motor off delay [0.1s], 0.1s */
663         p[20] = 1;
664         /* Medium rotation rate [rpm], 5400 rpm */
665         p[28] = (5400 >> 8) & 0xff;
666         p[29] = 5400 & 0xff;
667         return p[1] + 2;
668 
669     case 8: /* Caching page.  */
670         p[0] = 8;
671         p[1] = 0x12;
672         if (page_control == 1) { /* Changeable Values */
673             return p[1] + 2;
674         }
675         if (bdrv_enable_write_cache(s->bs)) {
676             p[2] = 4; /* WCE */
677         }
678         return p[1] + 2;
679 
680     case 0x2a: /* CD Capabilities and Mechanical Status page. */
681         if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
682             return 0;
683         p[0] = 0x2a;
684         p[1] = 0x14;
685         if (page_control == 1) { /* Changeable Values */
686             return p[1] + 2;
687         }
688         p[2] = 3; // CD-R & CD-RW read
689         p[3] = 0; // Writing not supported
690         p[4] = 0x7f; /* Audio, composite, digital out,
691                         mode 2 form 1&2, multi session */
692         p[5] = 0xff; /* CD DA, DA accurate, RW supported,
693                         RW corrected, C2 errors, ISRC,
694                         UPC, Bar code */
695         p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
696         /* Locking supported, jumper present, eject, tray */
697         p[7] = 0; /* no volume & mute control, no
698                      changer */
699         p[8] = (50 * 176) >> 8; // 50x read speed
700         p[9] = (50 * 176) & 0xff;
701         p[10] = 0 >> 8; // No volume
702         p[11] = 0 & 0xff;
703         p[12] = 2048 >> 8; // 2M buffer
704         p[13] = 2048 & 0xff;
705         p[14] = (16 * 176) >> 8; // 16x read speed current
706         p[15] = (16 * 176) & 0xff;
707         p[18] = (16 * 176) >> 8; // 16x write speed
708         p[19] = (16 * 176) & 0xff;
709         p[20] = (16 * 176) >> 8; // 16x write speed current
710         p[21] = (16 * 176) & 0xff;
711         return p[1] + 2;
712 
713     default:
714         return 0;
715     }
716 }
717 
scsi_disk_emulate_mode_sense(SCSIRequest * req,uint8_t * outbuf)718 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
719 {
720     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
721     uint64_t nb_sectors;
722     int page, dbd, buflen, page_control;
723     uint8_t *p;
724     uint8_t dev_specific_param;
725 
726     dbd = req->cmd.buf[1]  & 0x8;
727     page = req->cmd.buf[2] & 0x3f;
728     page_control = (req->cmd.buf[2] & 0xc0) >> 6;
729     DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
730         (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
731     memset(outbuf, 0, req->cmd.xfer);
732     p = outbuf;
733 
734     if (bdrv_is_read_only(s->bs)) {
735         dev_specific_param = 0x80; /* Readonly.  */
736     } else {
737         dev_specific_param = 0x00;
738     }
739 
740     if (req->cmd.buf[0] == MODE_SENSE) {
741         p[1] = 0; /* Default media type.  */
742         p[2] = dev_specific_param;
743         p[3] = 0; /* Block descriptor length.  */
744         p += 4;
745     } else { /* MODE_SENSE_10 */
746         p[2] = 0; /* Default media type.  */
747         p[3] = dev_specific_param;
748         p[6] = p[7] = 0; /* Block descriptor length.  */
749         p += 8;
750     }
751 
752     bdrv_get_geometry(s->bs, &nb_sectors);
753     if (!dbd && nb_sectors) {
754         if (req->cmd.buf[0] == MODE_SENSE) {
755             outbuf[3] = 8; /* Block descriptor length  */
756         } else { /* MODE_SENSE_10 */
757             outbuf[7] = 8; /* Block descriptor length  */
758         }
759         nb_sectors /= s->cluster_size;
760         if (nb_sectors > 0xffffff)
761             nb_sectors = 0;
762         p[0] = 0; /* media density code */
763         p[1] = (nb_sectors >> 16) & 0xff;
764         p[2] = (nb_sectors >> 8) & 0xff;
765         p[3] = nb_sectors & 0xff;
766         p[4] = 0; /* reserved */
767         p[5] = 0; /* bytes 5-7 are the sector size in bytes */
768         p[6] = s->cluster_size * 2;
769         p[7] = 0;
770         p += 8;
771     }
772 
773     if (page_control == 3) { /* Saved Values */
774         return -1; /* ILLEGAL_REQUEST */
775     }
776 
777     switch (page) {
778     case 0x04:
779     case 0x05:
780     case 0x08:
781     case 0x2a:
782         p += mode_sense_page(req, page, p, page_control);
783         break;
784     case 0x3f:
785         p += mode_sense_page(req, 0x08, p, page_control);
786         p += mode_sense_page(req, 0x2a, p, page_control);
787         break;
788     default:
789         return -1; /* ILLEGAL_REQUEST */
790     }
791 
792     buflen = p - outbuf;
793     /*
794      * The mode data length field specifies the length in bytes of the
795      * following data that is available to be transferred. The mode data
796      * length does not include itself.
797      */
798     if (req->cmd.buf[0] == MODE_SENSE) {
799         outbuf[0] = buflen - 1;
800     } else { /* MODE_SENSE_10 */
801         outbuf[0] = ((buflen - 2) >> 8) & 0xff;
802         outbuf[1] = (buflen - 2) & 0xff;
803     }
804     if (buflen > req->cmd.xfer)
805         buflen = req->cmd.xfer;
806     return buflen;
807 }
808 
scsi_disk_emulate_read_toc(SCSIRequest * req,uint8_t * outbuf)809 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
810 {
811     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
812     int start_track, format, msf, toclen;
813     uint64_t nb_sectors;
814 
815     msf = req->cmd.buf[1] & 2;
816     format = req->cmd.buf[2] & 0xf;
817     start_track = req->cmd.buf[6];
818     bdrv_get_geometry(s->bs, &nb_sectors);
819     DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
820     nb_sectors /= s->cluster_size;
821     switch (format) {
822     case 0:
823         toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
824         break;
825     case 1:
826         /* multi session : only a single session defined */
827         toclen = 12;
828         memset(outbuf, 0, 12);
829         outbuf[1] = 0x0a;
830         outbuf[2] = 0x01;
831         outbuf[3] = 0x01;
832         break;
833     case 2:
834         toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
835         break;
836     default:
837         return -1;
838     }
839     if (toclen > req->cmd.xfer)
840         toclen = req->cmd.xfer;
841     return toclen;
842 }
843 
scsi_disk_emulate_command(SCSIDiskReq * r,uint8_t * outbuf)844 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
845 {
846     SCSIRequest *req = &r->req;
847     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
848     uint64_t nb_sectors;
849     int buflen = 0;
850     int ret;
851 
852     switch (req->cmd.buf[0]) {
853     case TEST_UNIT_READY:
854         if (!bdrv_is_inserted(s->bs))
855             goto not_ready;
856 	break;
857     case REQUEST_SENSE:
858         if (req->cmd.xfer < 4)
859             goto illegal_request;
860         memset(outbuf, 0, 4);
861         buflen = 4;
862         if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
863             memset(outbuf, 0, 18);
864             buflen = 18;
865             outbuf[7] = 10;
866             /* asc 0x3a, ascq 0: Medium not present */
867             outbuf[12] = 0x3a;
868             outbuf[13] = 0;
869         }
870         outbuf[0] = 0xf0;
871         outbuf[1] = 0;
872         outbuf[2] = s->sense.key;
873         scsi_disk_clear_sense(s);
874         break;
875     case INQUIRY:
876         buflen = scsi_disk_emulate_inquiry(req, outbuf);
877         if (buflen < 0)
878             goto illegal_request;
879 	break;
880     case MODE_SENSE:
881     case MODE_SENSE_10:
882         buflen = scsi_disk_emulate_mode_sense(req, outbuf);
883         if (buflen < 0)
884             goto illegal_request;
885         break;
886     case READ_TOC:
887         buflen = scsi_disk_emulate_read_toc(req, outbuf);
888         if (buflen < 0)
889             goto illegal_request;
890         break;
891     case RESERVE:
892         if (req->cmd.buf[1] & 1)
893             goto illegal_request;
894         break;
895     case RESERVE_10:
896         if (req->cmd.buf[1] & 3)
897             goto illegal_request;
898         break;
899     case RELEASE:
900         if (req->cmd.buf[1] & 1)
901             goto illegal_request;
902         break;
903     case RELEASE_10:
904         if (req->cmd.buf[1] & 3)
905             goto illegal_request;
906         break;
907     case START_STOP:
908         if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
909             /* load/eject medium */
910             bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
911         }
912 	break;
913     case ALLOW_MEDIUM_REMOVAL:
914         bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
915 	break;
916     case READ_CAPACITY:
917         /* The normal LEN field for this command is zero.  */
918 	memset(outbuf, 0, 8);
919 	bdrv_get_geometry(s->bs, &nb_sectors);
920         if (!nb_sectors)
921             goto not_ready;
922         nb_sectors /= s->cluster_size;
923         /* Returned value is the address of the last sector.  */
924         nb_sectors--;
925         /* Remember the new size for read/write sanity checking. */
926         s->max_lba = nb_sectors;
927         /* Clip to 2TB, instead of returning capacity modulo 2TB. */
928         if (nb_sectors > UINT32_MAX)
929             nb_sectors = UINT32_MAX;
930         outbuf[0] = (nb_sectors >> 24) & 0xff;
931         outbuf[1] = (nb_sectors >> 16) & 0xff;
932         outbuf[2] = (nb_sectors >> 8) & 0xff;
933         outbuf[3] = nb_sectors & 0xff;
934         outbuf[4] = 0;
935         outbuf[5] = 0;
936         outbuf[6] = s->cluster_size * 2;
937         outbuf[7] = 0;
938         buflen = 8;
939 	break;
940     case SYNCHRONIZE_CACHE:
941         ret = bdrv_flush(s->bs);
942         if (ret < 0) {
943             if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
944                 return -1;
945             }
946         }
947         break;
948     case GET_CONFIGURATION:
949         memset(outbuf, 0, 8);
950         /* ??? This should probably return much more information.  For now
951            just return the basic header indicating the CD-ROM profile.  */
952         outbuf[7] = 8; // CD-ROM
953         buflen = 8;
954         break;
955     case SERVICE_ACTION_IN:
956         /* Service Action In subcommands. */
957         if ((req->cmd.buf[1] & 31) == 0x10) {
958             DPRINTF("SAI READ CAPACITY(16)\n");
959             memset(outbuf, 0, req->cmd.xfer);
960             bdrv_get_geometry(s->bs, &nb_sectors);
961             if (!nb_sectors)
962                 goto not_ready;
963             nb_sectors /= s->cluster_size;
964             /* Returned value is the address of the last sector.  */
965             nb_sectors--;
966             /* Remember the new size for read/write sanity checking. */
967             s->max_lba = nb_sectors;
968             outbuf[0] = (nb_sectors >> 56) & 0xff;
969             outbuf[1] = (nb_sectors >> 48) & 0xff;
970             outbuf[2] = (nb_sectors >> 40) & 0xff;
971             outbuf[3] = (nb_sectors >> 32) & 0xff;
972             outbuf[4] = (nb_sectors >> 24) & 0xff;
973             outbuf[5] = (nb_sectors >> 16) & 0xff;
974             outbuf[6] = (nb_sectors >> 8) & 0xff;
975             outbuf[7] = nb_sectors & 0xff;
976             outbuf[8] = 0;
977             outbuf[9] = 0;
978             outbuf[10] = s->cluster_size * 2;
979             outbuf[11] = 0;
980             outbuf[12] = 0;
981             outbuf[13] = get_physical_block_exp(&s->qdev.conf);
982 
983             /* set TPE bit if the format supports discard */
984             if (s->qdev.conf.discard_granularity) {
985                 outbuf[14] = 0x80;
986             }
987 
988             /* Protection, exponent and lowest lba field left blank. */
989             buflen = req->cmd.xfer;
990             break;
991         }
992         DPRINTF("Unsupported Service Action In\n");
993         goto illegal_request;
994     case REPORT_LUNS:
995         if (req->cmd.xfer < 16)
996             goto illegal_request;
997         memset(outbuf, 0, 16);
998         outbuf[3] = 8;
999         buflen = 16;
1000         break;
1001     case VERIFY:
1002         break;
1003     case REZERO_UNIT:
1004         DPRINTF("Rezero Unit\n");
1005         if (!bdrv_is_inserted(s->bs)) {
1006             goto not_ready;
1007         }
1008         break;
1009     default:
1010         goto illegal_request;
1011     }
1012     scsi_req_set_status(r, GOOD, NO_SENSE);
1013     return buflen;
1014 
1015 not_ready:
1016     scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
1017     return -1;
1018 
1019 illegal_request:
1020     scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1021     return -1;
1022 }
1023 
1024 /* Execute a scsi command.  Returns the length of the data expected by the
1025    command.  This will be Positive for data transfers from the device
1026    (eg. disk reads), negative for transfers to the device (eg. disk writes),
1027    and zero if the command does not transfer any data.  */
1028 
scsi_send_command(SCSIDevice * d,uint32_t tag,uint8_t * buf,int lun)1029 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1030                                  uint8_t *buf, int lun)
1031 {
1032     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1033     uint32_t len;
1034     int is_write;
1035     uint8_t command;
1036     uint8_t *outbuf;
1037     SCSIDiskReq *r;
1038     int rc;
1039 
1040     command = buf[0];
1041     r = scsi_find_request(s, tag);
1042     if (r) {
1043         BADF("Tag 0x%x already in use\n", tag);
1044         scsi_cancel_io(d, tag);
1045     }
1046     /* ??? Tags are not unique for different luns.  We only implement a
1047        single lun, so this should not matter.  */
1048     r = scsi_new_request(s, tag, lun);
1049     outbuf = (uint8_t *)r->iov.iov_base;
1050     is_write = 0;
1051     DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1052 
1053     if (scsi_req_parse(&r->req, buf) != 0) {
1054         BADF("Unsupported command length, command %x\n", command);
1055         goto fail;
1056     }
1057 #ifdef DEBUG_SCSI
1058     {
1059         int i;
1060         for (i = 1; i < r->req.cmd.len; i++) {
1061             printf(" 0x%02x", buf[i]);
1062         }
1063         printf("\n");
1064     }
1065 #endif
1066 
1067     if (lun || buf[1] >> 5) {
1068         /* Only LUN 0 supported.  */
1069         DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1070         if (command != REQUEST_SENSE && command != INQUIRY)
1071             goto fail;
1072     }
1073     switch (command) {
1074     case TEST_UNIT_READY:
1075     case REQUEST_SENSE:
1076     case INQUIRY:
1077     case MODE_SENSE:
1078     case MODE_SENSE_10:
1079     case RESERVE:
1080     case RESERVE_10:
1081     case RELEASE:
1082     case RELEASE_10:
1083     case START_STOP:
1084     case ALLOW_MEDIUM_REMOVAL:
1085     case READ_CAPACITY:
1086     case SYNCHRONIZE_CACHE:
1087     case READ_TOC:
1088     case GET_CONFIGURATION:
1089     case SERVICE_ACTION_IN:
1090     case REPORT_LUNS:
1091     case VERIFY:
1092     case REZERO_UNIT:
1093         rc = scsi_disk_emulate_command(r, outbuf);
1094         if (rc < 0) {
1095             return 0;
1096         }
1097 
1098         r->iov.iov_len = rc;
1099         break;
1100     case READ_6:
1101     case READ_10:
1102     case READ_12:
1103     case READ_16:
1104         len = r->req.cmd.xfer / d->blocksize;
1105         DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1106         if (r->req.cmd.lba > s->max_lba)
1107             goto illegal_lba;
1108         r->sector = r->req.cmd.lba * s->cluster_size;
1109         r->sector_count = len * s->cluster_size;
1110         break;
1111     case WRITE_6:
1112     case WRITE_10:
1113     case WRITE_12:
1114     case WRITE_16:
1115     case WRITE_VERIFY:
1116     case WRITE_VERIFY_12:
1117     case WRITE_VERIFY_16:
1118         len = r->req.cmd.xfer / d->blocksize;
1119         DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1120                 (command & 0xe) == 0xe ? "And Verify " : "",
1121                 r->req.cmd.lba, len);
1122         if (r->req.cmd.lba > s->max_lba)
1123             goto illegal_lba;
1124         r->sector = r->req.cmd.lba * s->cluster_size;
1125         r->sector_count = len * s->cluster_size;
1126         is_write = 1;
1127         break;
1128     case MODE_SELECT:
1129         DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1130         /* We don't support mode parameter changes.
1131            Allow the mode parameter header + block descriptors only. */
1132         if (r->req.cmd.xfer > 12) {
1133             goto fail;
1134         }
1135         break;
1136     case MODE_SELECT_10:
1137         DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1138         /* We don't support mode parameter changes.
1139            Allow the mode parameter header + block descriptors only. */
1140         if (r->req.cmd.xfer > 16) {
1141             goto fail;
1142         }
1143         break;
1144     case SEEK_6:
1145     case SEEK_10:
1146         DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1147                 r->req.cmd.lba);
1148         if (r->req.cmd.lba > s->max_lba) {
1149             goto illegal_lba;
1150         }
1151         break;
1152     case WRITE_SAME_16:
1153         len = r->req.cmd.xfer / d->blocksize;
1154 
1155         DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1156                 r->req.cmd.lba, len);
1157 
1158         if (r->req.cmd.lba > s->max_lba) {
1159             goto illegal_lba;
1160         }
1161 
1162         /*
1163          * We only support WRITE SAME with the unmap bit set for now.
1164          */
1165         if (!(buf[1] & 0x8)) {
1166             goto fail;
1167         }
1168 
1169         rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1170                           len * s->cluster_size);
1171         if (rc < 0) {
1172             /* XXX: better error code ?*/
1173             goto fail;
1174         }
1175 
1176         break;
1177     default:
1178         DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1179     fail:
1180         scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1181         return 0;
1182     illegal_lba:
1183         scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1184         return 0;
1185     }
1186     if (r->sector_count == 0 && r->iov.iov_len == 0) {
1187         scsi_command_complete(r, GOOD, NO_SENSE);
1188     }
1189     len = r->sector_count * 512 + r->iov.iov_len;
1190     if (is_write) {
1191         return -len;
1192     } else {
1193         if (!r->sector_count)
1194             r->sector_count = -1;
1195         return len;
1196     }
1197 }
1198 
scsi_disk_purge_requests(SCSIDiskState * s)1199 static void scsi_disk_purge_requests(SCSIDiskState *s)
1200 {
1201     SCSIDiskReq *r;
1202 
1203     while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1204         r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1205         if (r->req.aiocb) {
1206             bdrv_aio_cancel(r->req.aiocb);
1207         }
1208         scsi_remove_request(r);
1209     }
1210 }
1211 
scsi_disk_reset(DeviceState * dev)1212 static void scsi_disk_reset(DeviceState *dev)
1213 {
1214     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1215     uint64_t nb_sectors;
1216 
1217     scsi_disk_purge_requests(s);
1218 
1219     bdrv_get_geometry(s->bs, &nb_sectors);
1220     nb_sectors /= s->cluster_size;
1221     if (nb_sectors) {
1222         nb_sectors--;
1223     }
1224     s->max_lba = nb_sectors;
1225 }
1226 
scsi_destroy(SCSIDevice * dev)1227 static void scsi_destroy(SCSIDevice *dev)
1228 {
1229     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1230 
1231     scsi_disk_purge_requests(s);
1232     blockdev_mark_auto_del(s->qdev.conf.bs);
1233 }
1234 
scsi_disk_initfn(SCSIDevice * dev)1235 static int scsi_disk_initfn(SCSIDevice *dev)
1236 {
1237     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1238     int is_cd;
1239     DriveInfo *dinfo;
1240 
1241     if (!s->qdev.conf.bs) {
1242         error_report("scsi-disk: drive property not set");
1243         return -1;
1244     }
1245     s->bs = s->qdev.conf.bs;
1246     is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1247 
1248     if (!is_cd && !bdrv_is_inserted(s->bs)) {
1249         error_report("Device needs media, but drive is empty");
1250         return -1;
1251     }
1252 
1253     if (!s->serial) {
1254         /* try to fall back to value set with legacy -drive serial=... */
1255         dinfo = drive_get_by_blockdev(s->bs);
1256         s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1257     }
1258 
1259     if (!s->version) {
1260         s->version = qemu_strdup(QEMU_VERSION);
1261     }
1262 
1263     if (bdrv_is_sg(s->bs)) {
1264         error_report("scsi-disk: unwanted /dev/sg*");
1265         return -1;
1266     }
1267 
1268     if (is_cd) {
1269         s->qdev.blocksize = 2048;
1270     } else {
1271         s->qdev.blocksize = s->qdev.conf.logical_block_size;
1272     }
1273     s->cluster_size = s->qdev.blocksize / 512;
1274     s->bs->buffer_alignment = s->qdev.blocksize;
1275 
1276     s->qdev.type = TYPE_DISK;
1277     qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1278     bdrv_set_removable(s->bs, is_cd);
1279     add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1280     return 0;
1281 }
1282 
1283 static SCSIDeviceInfo scsi_disk_info = {
1284     .qdev.name    = "scsi-disk",
1285     .qdev.fw_name = "disk",
1286     .qdev.desc    = "virtual scsi disk or cdrom",
1287     .qdev.size    = sizeof(SCSIDiskState),
1288     .qdev.reset   = scsi_disk_reset,
1289     .init         = scsi_disk_initfn,
1290     .destroy      = scsi_destroy,
1291     .send_command = scsi_send_command,
1292     .read_data    = scsi_read_data,
1293     .write_data   = scsi_write_data,
1294     .cancel_io    = scsi_cancel_io,
1295     .get_buf      = scsi_get_buf,
1296     .qdev.props   = (Property[]) {
1297         DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1298         DEFINE_PROP_STRING("ver",  SCSIDiskState, version),
1299         DEFINE_PROP_STRING("serial",  SCSIDiskState, serial),
1300         DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1301         DEFINE_PROP_END_OF_LIST(),
1302     },
1303 };
1304 
scsi_disk_register_devices(void)1305 static void scsi_disk_register_devices(void)
1306 {
1307     scsi_qdev_register(&scsi_disk_info);
1308 }
1309 device_init(scsi_disk_register_devices)
1310