Statistics
| Branch: | Revision:

root / hw / scsi-disk.c @ 3e1c0c9a

History | View | Annotate | Download (40.6 kB)

1
/*
2
 * SCSI Device emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Based on code by Fabrice Bellard
6
 *
7
 * Written by Paul Brook
8
 * Modifications:
9
 *  2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10
 *                                 when the allocation length of CDB is smaller
11
 *                                 than 36.
12
 *  2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13
 *                                 MODE SENSE response.
14
 *
15
 * This code is licenced under the LGPL.
16
 *
17
 * Note that this file only handles the SCSI architecture model and device
18
 * commands.  Emulation of interface/link layer protocols is handled by
19
 * the host adapter emulator.
20
 */
21

    
22
//#define DEBUG_SCSI
23

    
24
#ifdef DEBUG_SCSI
25
#define DPRINTF(fmt, ...) \
26
do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27
#else
28
#define DPRINTF(fmt, ...) do {} while(0)
29
#endif
30

    
31
#define BADF(fmt, ...) \
32
do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33

    
34
#include "qemu-common.h"
35
#include "qemu-error.h"
36
#include "scsi.h"
37
#include "scsi-defs.h"
38
#include "sysemu.h"
39
#include "blockdev.h"
40

    
41
#define SCSI_DMA_BUF_SIZE    131072
42
#define SCSI_MAX_INQUIRY_LEN 256
43

    
44
#define SCSI_REQ_STATUS_RETRY           0x01
45
#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46
#define SCSI_REQ_STATUS_RETRY_READ      0x00
47
#define SCSI_REQ_STATUS_RETRY_WRITE     0x02
48
#define SCSI_REQ_STATUS_RETRY_FLUSH     0x04
49

    
50
typedef struct SCSIDiskState SCSIDiskState;
51

    
52
typedef struct SCSIDiskReq {
53
    SCSIRequest req;
54
    /* Both sector and sector_count are in terms of qemu 512 byte blocks.  */
55
    uint64_t sector;
56
    uint32_t sector_count;
57
    struct iovec iov;
58
    QEMUIOVector qiov;
59
    uint32_t status;
60
} SCSIDiskReq;
61

    
62
typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
63

    
64
struct SCSIDiskState
65
{
66
    SCSIDevice qdev;
67
    BlockDriverState *bs;
68
    /* The qemu block layer uses a fixed 512 byte sector size.
69
       This is the number of 512 byte blocks in a single scsi sector.  */
70
    int cluster_size;
71
    uint32_t removable;
72
    uint64_t max_lba;
73
    QEMUBH *bh;
74
    char *version;
75
    char *serial;
76
    SCSISense sense;
77
    SCSIDriveKind drive_kind;
78
};
79

    
80
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
81
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
82

    
83
static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
84
                                     uint32_t lun, void *hba_private)
85
{
86
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
87
    SCSIRequest *req;
88
    SCSIDiskReq *r;
89

    
90
    req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun, hba_private);
91
    r = DO_UPCAST(SCSIDiskReq, req, req);
92
    r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
93
    return req;
94
}
95

    
96
static void scsi_free_request(SCSIRequest *req)
97
{
98
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
99

    
100
    qemu_vfree(r->iov.iov_base);
101
}
102

    
103
static void scsi_disk_clear_sense(SCSIDiskState *s)
104
{
105
    memset(&s->sense, 0, sizeof(s->sense));
106
}
107

    
108
static void scsi_req_set_status(SCSIDiskReq *r, int status, SCSISense sense)
109
{
110
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
111

    
112
    r->req.status = status;
113
    s->sense = sense;
114
}
115

    
116
/* Helper function for command completion.  */
117
static void scsi_command_complete(SCSIDiskReq *r, int status, SCSISense sense)
118
{
119
    DPRINTF("Command complete tag=0x%x status=%d sense=%d/%d/%d\n",
120
            r->req.tag, status, sense.key, sense.asc, sense.ascq);
121
    scsi_req_set_status(r, status, sense);
122
    scsi_req_complete(&r->req);
123
}
124

    
125
/* Cancel a pending data transfer.  */
126
static void scsi_cancel_io(SCSIRequest *req)
127
{
128
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
129

    
130
    DPRINTF("Cancel tag=0x%x\n", req->tag);
131
    if (r->req.aiocb) {
132
        bdrv_aio_cancel(r->req.aiocb);
133
    }
134
    r->req.aiocb = NULL;
135
}
136

    
137
static void scsi_read_complete(void * opaque, int ret)
138
{
139
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
140
    int n;
141

    
142
    r->req.aiocb = NULL;
143

    
144
    if (ret) {
145
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
146
            return;
147
        }
148
    }
149

    
150
    DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
151

    
152
    n = r->iov.iov_len / 512;
153
    r->sector += n;
154
    r->sector_count -= n;
155
    scsi_req_data(&r->req, r->iov.iov_len);
156
}
157

    
158

    
159
/* Read more data from scsi device into buffer.  */
160
static void scsi_read_data(SCSIRequest *req)
161
{
162
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
163
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
164
    uint32_t n;
165

    
166
    if (r->sector_count == (uint32_t)-1) {
167
        DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
168
        r->sector_count = 0;
169
        scsi_req_data(&r->req, r->iov.iov_len);
170
        return;
171
    }
172
    DPRINTF("Read sector_count=%d\n", r->sector_count);
173
    if (r->sector_count == 0) {
174
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
175
        return;
176
    }
177

    
178
    /* No data transfer may already be in progress */
179
    assert(r->req.aiocb == NULL);
180

    
181
    if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
182
        DPRINTF("Data transfer direction invalid\n");
183
        scsi_read_complete(r, -EINVAL);
184
        return;
185
    }
186

    
187
    n = r->sector_count;
188
    if (n > SCSI_DMA_BUF_SIZE / 512)
189
        n = SCSI_DMA_BUF_SIZE / 512;
190

    
191
    r->iov.iov_len = n * 512;
192
    qemu_iovec_init_external(&r->qiov, &r->iov, 1);
193
    r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
194
                              scsi_read_complete, r);
195
    if (r->req.aiocb == NULL) {
196
        scsi_read_complete(r, -EIO);
197
    }
198
}
199

    
200
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
201
{
202
    int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
203
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
204
    BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
205

    
206
    if (action == BLOCK_ERR_IGNORE) {
207
        bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
208
        return 0;
209
    }
210

    
211
    if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
212
            || action == BLOCK_ERR_STOP_ANY) {
213

    
214
        type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
215
        r->status |= SCSI_REQ_STATUS_RETRY | type;
216

    
217
        bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
218
        vm_stop(VMSTOP_DISKFULL);
219
    } else {
220
        if (type == SCSI_REQ_STATUS_RETRY_READ) {
221
            scsi_req_data(&r->req, 0);
222
        }
223
        switch (error) {
224
        case ENOMEM:
225
            scsi_command_complete(r, CHECK_CONDITION,
226
                                  SENSE_CODE(TARGET_FAILURE));
227
            break;
228
        case EINVAL:
229
            scsi_command_complete(r, CHECK_CONDITION,
230
                                  SENSE_CODE(INVALID_FIELD));
231
            break;
232
        default:
233
            scsi_command_complete(r, CHECK_CONDITION,
234
                                  SENSE_CODE(IO_ERROR));
235
            break;
236
        }
237
        bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
238
    }
239
    return 1;
240
}
241

    
242
static void scsi_write_complete(void * opaque, int ret)
243
{
244
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
245
    uint32_t len;
246
    uint32_t n;
247

    
248
    r->req.aiocb = NULL;
249

    
250
    if (ret) {
251
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
252
            return;
253
        }
254
    }
255

    
256
    n = r->iov.iov_len / 512;
257
    r->sector += n;
258
    r->sector_count -= n;
259
    if (r->sector_count == 0) {
260
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
261
    } else {
262
        len = r->sector_count * 512;
263
        if (len > SCSI_DMA_BUF_SIZE) {
264
            len = SCSI_DMA_BUF_SIZE;
265
        }
266
        r->iov.iov_len = len;
267
        DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
268
        scsi_req_data(&r->req, len);
269
    }
270
}
271

    
272
static void scsi_write_data(SCSIRequest *req)
273
{
274
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
275
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
276
    uint32_t n;
277

    
278
    /* No data transfer may already be in progress */
279
    assert(r->req.aiocb == NULL);
280

    
281
    if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
282
        DPRINTF("Data transfer direction invalid\n");
283
        scsi_write_complete(r, -EINVAL);
284
        return;
285
    }
286

    
287
    n = r->iov.iov_len / 512;
288
    if (n) {
289
        qemu_iovec_init_external(&r->qiov, &r->iov, 1);
290
        r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
291
                                   scsi_write_complete, r);
292
        if (r->req.aiocb == NULL) {
293
            scsi_write_complete(r, -ENOMEM);
294
        }
295
    } else {
296
        /* Invoke completion routine to fetch data from host.  */
297
        scsi_write_complete(r, 0);
298
    }
299
}
300

    
301
static void scsi_dma_restart_bh(void *opaque)
302
{
303
    SCSIDiskState *s = opaque;
304
    SCSIRequest *req;
305
    SCSIDiskReq *r;
306

    
307
    qemu_bh_delete(s->bh);
308
    s->bh = NULL;
309

    
310
    QTAILQ_FOREACH(req, &s->qdev.requests, next) {
311
        r = DO_UPCAST(SCSIDiskReq, req, req);
312
        if (r->status & SCSI_REQ_STATUS_RETRY) {
313
            int status = r->status;
314
            int ret;
315

    
316
            r->status &=
317
                ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
318

    
319
            switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
320
            case SCSI_REQ_STATUS_RETRY_READ:
321
                scsi_read_data(&r->req);
322
                break;
323
            case SCSI_REQ_STATUS_RETRY_WRITE:
324
                scsi_write_data(&r->req);
325
                break;
326
            case SCSI_REQ_STATUS_RETRY_FLUSH:
327
                ret = scsi_disk_emulate_command(r, r->iov.iov_base);
328
                if (ret == 0) {
329
                    scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
330
                }
331
            }
332
        }
333
    }
334
}
335

    
336
static void scsi_dma_restart_cb(void *opaque, int running, int reason)
337
{
338
    SCSIDiskState *s = opaque;
339

    
340
    if (!running)
341
        return;
342

    
343
    if (!s->bh) {
344
        s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
345
        qemu_bh_schedule(s->bh);
346
    }
347
}
348

    
349
/* Return a pointer to the data buffer.  */
350
static uint8_t *scsi_get_buf(SCSIRequest *req)
351
{
352
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
353

    
354
    return (uint8_t *)r->iov.iov_base;
355
}
356

    
357
/* Copy sense information into the provided buffer */
358
static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
359
{
360
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
361

    
362
    return scsi_build_sense(s->sense, outbuf, len, len > 14);
363
}
364

    
365
static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
366
{
367
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
368
    int buflen = 0;
369

    
370
    if (req->cmd.buf[1] & 0x2) {
371
        /* Command support data - optional, not implemented */
372
        BADF("optional INQUIRY command support request not implemented\n");
373
        return -1;
374
    }
375

    
376
    if (req->cmd.buf[1] & 0x1) {
377
        /* Vital product data */
378
        uint8_t page_code = req->cmd.buf[2];
379
        if (req->cmd.xfer < 4) {
380
            BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
381
                 "less than 4\n", page_code, req->cmd.xfer);
382
            return -1;
383
        }
384

    
385
        if (s->drive_kind == SCSI_CD) {
386
            outbuf[buflen++] = 5;
387
        } else {
388
            outbuf[buflen++] = 0;
389
        }
390
        outbuf[buflen++] = page_code ; // this page
391
        outbuf[buflen++] = 0x00;
392

    
393
        switch (page_code) {
394
        case 0x00: /* Supported page codes, mandatory */
395
        {
396
            int pages;
397
            DPRINTF("Inquiry EVPD[Supported pages] "
398
                    "buffer size %zd\n", req->cmd.xfer);
399
            pages = buflen++;
400
            outbuf[buflen++] = 0x00; // list of supported pages (this page)
401
            if (s->serial)
402
                outbuf[buflen++] = 0x80; // unit serial number
403
            outbuf[buflen++] = 0x83; // device identification
404
            if (s->drive_kind == SCSI_HD) {
405
                outbuf[buflen++] = 0xb0; // block limits
406
                outbuf[buflen++] = 0xb2; // thin provisioning
407
            }
408
            outbuf[pages] = buflen - pages - 1; // number of pages
409
            break;
410
        }
411
        case 0x80: /* Device serial number, optional */
412
        {
413
            int l;
414

    
415
            if (!s->serial) {
416
                DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
417
                return -1;
418
            }
419

    
420
            l = strlen(s->serial);
421
            if (l > req->cmd.xfer)
422
                l = req->cmd.xfer;
423
            if (l > 20)
424
                l = 20;
425

    
426
            DPRINTF("Inquiry EVPD[Serial number] "
427
                    "buffer size %zd\n", req->cmd.xfer);
428
            outbuf[buflen++] = l;
429
            memcpy(outbuf+buflen, s->serial, l);
430
            buflen += l;
431
            break;
432
        }
433

    
434
        case 0x83: /* Device identification page, mandatory */
435
        {
436
            int max_len = 255 - 8;
437
            int id_len = strlen(bdrv_get_device_name(s->bs));
438

    
439
            if (id_len > max_len)
440
                id_len = max_len;
441
            DPRINTF("Inquiry EVPD[Device identification] "
442
                    "buffer size %zd\n", req->cmd.xfer);
443

    
444
            outbuf[buflen++] = 4 + id_len;
445
            outbuf[buflen++] = 0x2; // ASCII
446
            outbuf[buflen++] = 0;   // not officially assigned
447
            outbuf[buflen++] = 0;   // reserved
448
            outbuf[buflen++] = id_len; // length of data following
449

    
450
            memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
451
            buflen += id_len;
452
            break;
453
        }
454
        case 0xb0: /* block limits */
455
        {
456
            unsigned int unmap_sectors =
457
                    s->qdev.conf.discard_granularity / s->qdev.blocksize;
458
            unsigned int min_io_size =
459
                    s->qdev.conf.min_io_size / s->qdev.blocksize;
460
            unsigned int opt_io_size =
461
                    s->qdev.conf.opt_io_size / s->qdev.blocksize;
462

    
463
            if (s->drive_kind == SCSI_CD) {
464
                DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
465
                        page_code);
466
                return -1;
467
            }
468
            /* required VPD size with unmap support */
469
            outbuf[3] = buflen = 0x3c;
470

    
471
            memset(outbuf + 4, 0, buflen - 4);
472

    
473
            /* optimal transfer length granularity */
474
            outbuf[6] = (min_io_size >> 8) & 0xff;
475
            outbuf[7] = min_io_size & 0xff;
476

    
477
            /* optimal transfer length */
478
            outbuf[12] = (opt_io_size >> 24) & 0xff;
479
            outbuf[13] = (opt_io_size >> 16) & 0xff;
480
            outbuf[14] = (opt_io_size >> 8) & 0xff;
481
            outbuf[15] = opt_io_size & 0xff;
482

    
483
            /* optimal unmap granularity */
484
            outbuf[28] = (unmap_sectors >> 24) & 0xff;
485
            outbuf[29] = (unmap_sectors >> 16) & 0xff;
486
            outbuf[30] = (unmap_sectors >> 8) & 0xff;
487
            outbuf[31] = unmap_sectors & 0xff;
488
            break;
489
        }
490
        case 0xb2: /* thin provisioning */
491
        {
492
            outbuf[3] = buflen = 8;
493
            outbuf[4] = 0;
494
            outbuf[5] = 0x40; /* write same with unmap supported */
495
            outbuf[6] = 0;
496
            outbuf[7] = 0;
497
            break;
498
        }
499
        default:
500
            BADF("Error: unsupported Inquiry (EVPD[%02X]) "
501
                 "buffer size %zd\n", page_code, req->cmd.xfer);
502
            return -1;
503
        }
504
        /* done with EVPD */
505
        return buflen;
506
    }
507

    
508
    /* Standard INQUIRY data */
509
    if (req->cmd.buf[2] != 0) {
510
        BADF("Error: Inquiry (STANDARD) page or code "
511
             "is non-zero [%02X]\n", req->cmd.buf[2]);
512
        return -1;
513
    }
514

    
515
    /* PAGE CODE == 0 */
516
    if (req->cmd.xfer < 5) {
517
        BADF("Error: Inquiry (STANDARD) buffer size %zd "
518
             "is less than 5\n", req->cmd.xfer);
519
        return -1;
520
    }
521

    
522
    buflen = req->cmd.xfer;
523
    if (buflen > SCSI_MAX_INQUIRY_LEN)
524
        buflen = SCSI_MAX_INQUIRY_LEN;
525

    
526
    memset(outbuf, 0, buflen);
527

    
528
    if (req->lun) {
529
        outbuf[0] = 0x7f;        /* LUN not supported */
530
        return buflen;
531
    }
532

    
533
    if (s->drive_kind == SCSI_CD) {
534
        outbuf[0] = 5;
535
        outbuf[1] = 0x80;
536
        memcpy(&outbuf[16], "QEMU CD-ROM     ", 16);
537
    } else {
538
        outbuf[0] = 0;
539
        outbuf[1] = s->removable ? 0x80 : 0;
540
        memcpy(&outbuf[16], "QEMU HARDDISK   ", 16);
541
    }
542
    memcpy(&outbuf[8], "QEMU    ", 8);
543
    memset(&outbuf[32], 0, 4);
544
    memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
545
    /*
546
     * We claim conformance to SPC-3, which is required for guests
547
     * to ask for modern features like READ CAPACITY(16) or the
548
     * block characteristics VPD page by default.  Not all of SPC-3
549
     * is actually implemented, but we're good enough.
550
     */
551
    outbuf[2] = 5;
552
    outbuf[3] = 2; /* Format 2 */
553

    
554
    if (buflen > 36) {
555
        outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
556
    } else {
557
        /* If the allocation length of CDB is too small,
558
               the additional length is not adjusted */
559
        outbuf[4] = 36 - 5;
560
    }
561

    
562
    /* Sync data transfer and TCQ.  */
563
    outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
564
    return buflen;
565
}
566

    
567
static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
568
                           int page_control)
569
{
570
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
571
    BlockDriverState *bdrv = s->bs;
572
    int cylinders, heads, secs;
573

    
574
    /*
575
     * If Changeable Values are requested, a mask denoting those mode parameters
576
     * that are changeable shall be returned. As we currently don't support
577
     * parameter changes via MODE_SELECT all bits are returned set to zero.
578
     * The buffer was already menset to zero by the caller of this function.
579
     */
580
    switch (page) {
581
    case 4: /* Rigid disk device geometry page. */
582
        p[0] = 4;
583
        p[1] = 0x16;
584
        if (page_control == 1) { /* Changeable Values */
585
            return p[1] + 2;
586
        }
587
        /* if a geometry hint is available, use it */
588
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
589
        p[2] = (cylinders >> 16) & 0xff;
590
        p[3] = (cylinders >> 8) & 0xff;
591
        p[4] = cylinders & 0xff;
592
        p[5] = heads & 0xff;
593
        /* Write precomp start cylinder, disabled */
594
        p[6] = (cylinders >> 16) & 0xff;
595
        p[7] = (cylinders >> 8) & 0xff;
596
        p[8] = cylinders & 0xff;
597
        /* Reduced current start cylinder, disabled */
598
        p[9] = (cylinders >> 16) & 0xff;
599
        p[10] = (cylinders >> 8) & 0xff;
600
        p[11] = cylinders & 0xff;
601
        /* Device step rate [ns], 200ns */
602
        p[12] = 0;
603
        p[13] = 200;
604
        /* Landing zone cylinder */
605
        p[14] = 0xff;
606
        p[15] =  0xff;
607
        p[16] = 0xff;
608
        /* Medium rotation rate [rpm], 5400 rpm */
609
        p[20] = (5400 >> 8) & 0xff;
610
        p[21] = 5400 & 0xff;
611
        return p[1] + 2;
612

    
613
    case 5: /* Flexible disk device geometry page. */
614
        p[0] = 5;
615
        p[1] = 0x1e;
616
        if (page_control == 1) { /* Changeable Values */
617
            return p[1] + 2;
618
        }
619
        /* Transfer rate [kbit/s], 5Mbit/s */
620
        p[2] = 5000 >> 8;
621
        p[3] = 5000 & 0xff;
622
        /* if a geometry hint is available, use it */
623
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
624
        p[4] = heads & 0xff;
625
        p[5] = secs & 0xff;
626
        p[6] = s->cluster_size * 2;
627
        p[8] = (cylinders >> 8) & 0xff;
628
        p[9] = cylinders & 0xff;
629
        /* Write precomp start cylinder, disabled */
630
        p[10] = (cylinders >> 8) & 0xff;
631
        p[11] = cylinders & 0xff;
632
        /* Reduced current start cylinder, disabled */
633
        p[12] = (cylinders >> 8) & 0xff;
634
        p[13] = cylinders & 0xff;
635
        /* Device step rate [100us], 100us */
636
        p[14] = 0;
637
        p[15] = 1;
638
        /* Device step pulse width [us], 1us */
639
        p[16] = 1;
640
        /* Device head settle delay [100us], 100us */
641
        p[17] = 0;
642
        p[18] = 1;
643
        /* Motor on delay [0.1s], 0.1s */
644
        p[19] = 1;
645
        /* Motor off delay [0.1s], 0.1s */
646
        p[20] = 1;
647
        /* Medium rotation rate [rpm], 5400 rpm */
648
        p[28] = (5400 >> 8) & 0xff;
649
        p[29] = 5400 & 0xff;
650
        return p[1] + 2;
651

    
652
    case 8: /* Caching page.  */
653
        p[0] = 8;
654
        p[1] = 0x12;
655
        if (page_control == 1) { /* Changeable Values */
656
            return p[1] + 2;
657
        }
658
        if (bdrv_enable_write_cache(s->bs)) {
659
            p[2] = 4; /* WCE */
660
        }
661
        return p[1] + 2;
662

    
663
    case 0x2a: /* CD Capabilities and Mechanical Status page. */
664
        if (s->drive_kind != SCSI_CD)
665
            return 0;
666
        p[0] = 0x2a;
667
        p[1] = 0x14;
668
        if (page_control == 1) { /* Changeable Values */
669
            return p[1] + 2;
670
        }
671
        p[2] = 3; // CD-R & CD-RW read
672
        p[3] = 0; // Writing not supported
673
        p[4] = 0x7f; /* Audio, composite, digital out,
674
                        mode 2 form 1&2, multi session */
675
        p[5] = 0xff; /* CD DA, DA accurate, RW supported,
676
                        RW corrected, C2 errors, ISRC,
677
                        UPC, Bar code */
678
        p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
679
        /* Locking supported, jumper present, eject, tray */
680
        p[7] = 0; /* no volume & mute control, no
681
                     changer */
682
        p[8] = (50 * 176) >> 8; // 50x read speed
683
        p[9] = (50 * 176) & 0xff;
684
        p[10] = 0 >> 8; // No volume
685
        p[11] = 0 & 0xff;
686
        p[12] = 2048 >> 8; // 2M buffer
687
        p[13] = 2048 & 0xff;
688
        p[14] = (16 * 176) >> 8; // 16x read speed current
689
        p[15] = (16 * 176) & 0xff;
690
        p[18] = (16 * 176) >> 8; // 16x write speed
691
        p[19] = (16 * 176) & 0xff;
692
        p[20] = (16 * 176) >> 8; // 16x write speed current
693
        p[21] = (16 * 176) & 0xff;
694
        return p[1] + 2;
695

    
696
    default:
697
        return 0;
698
    }
699
}
700

    
701
static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
702
{
703
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
704
    uint64_t nb_sectors;
705
    int page, dbd, buflen, page_control;
706
    uint8_t *p;
707
    uint8_t dev_specific_param;
708

    
709
    dbd = req->cmd.buf[1]  & 0x8;
710
    page = req->cmd.buf[2] & 0x3f;
711
    page_control = (req->cmd.buf[2] & 0xc0) >> 6;
712
    DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
713
        (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
714
    memset(outbuf, 0, req->cmd.xfer);
715
    p = outbuf;
716

    
717
    if (bdrv_is_read_only(s->bs)) {
718
        dev_specific_param = 0x80; /* Readonly.  */
719
    } else {
720
        dev_specific_param = 0x00;
721
    }
722

    
723
    if (req->cmd.buf[0] == MODE_SENSE) {
724
        p[1] = 0; /* Default media type.  */
725
        p[2] = dev_specific_param;
726
        p[3] = 0; /* Block descriptor length.  */
727
        p += 4;
728
    } else { /* MODE_SENSE_10 */
729
        p[2] = 0; /* Default media type.  */
730
        p[3] = dev_specific_param;
731
        p[6] = p[7] = 0; /* Block descriptor length.  */
732
        p += 8;
733
    }
734

    
735
    bdrv_get_geometry(s->bs, &nb_sectors);
736
    if (!dbd && nb_sectors) {
737
        if (req->cmd.buf[0] == MODE_SENSE) {
738
            outbuf[3] = 8; /* Block descriptor length  */
739
        } else { /* MODE_SENSE_10 */
740
            outbuf[7] = 8; /* Block descriptor length  */
741
        }
742
        nb_sectors /= s->cluster_size;
743
        if (nb_sectors > 0xffffff)
744
            nb_sectors = 0;
745
        p[0] = 0; /* media density code */
746
        p[1] = (nb_sectors >> 16) & 0xff;
747
        p[2] = (nb_sectors >> 8) & 0xff;
748
        p[3] = nb_sectors & 0xff;
749
        p[4] = 0; /* reserved */
750
        p[5] = 0; /* bytes 5-7 are the sector size in bytes */
751
        p[6] = s->cluster_size * 2;
752
        p[7] = 0;
753
        p += 8;
754
    }
755

    
756
    if (page_control == 3) { /* Saved Values */
757
        return -1; /* ILLEGAL_REQUEST */
758
    }
759

    
760
    switch (page) {
761
    case 0x04:
762
    case 0x05:
763
    case 0x08:
764
    case 0x2a:
765
        p += mode_sense_page(req, page, p, page_control);
766
        break;
767
    case 0x3f:
768
        p += mode_sense_page(req, 0x08, p, page_control);
769
        p += mode_sense_page(req, 0x2a, p, page_control);
770
        break;
771
    default:
772
        return -1; /* ILLEGAL_REQUEST */
773
    }
774

    
775
    buflen = p - outbuf;
776
    /*
777
     * The mode data length field specifies the length in bytes of the
778
     * following data that is available to be transferred. The mode data
779
     * length does not include itself.
780
     */
781
    if (req->cmd.buf[0] == MODE_SENSE) {
782
        outbuf[0] = buflen - 1;
783
    } else { /* MODE_SENSE_10 */
784
        outbuf[0] = ((buflen - 2) >> 8) & 0xff;
785
        outbuf[1] = (buflen - 2) & 0xff;
786
    }
787
    if (buflen > req->cmd.xfer)
788
        buflen = req->cmd.xfer;
789
    return buflen;
790
}
791

    
792
static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
793
{
794
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
795
    int start_track, format, msf, toclen;
796
    uint64_t nb_sectors;
797

    
798
    msf = req->cmd.buf[1] & 2;
799
    format = req->cmd.buf[2] & 0xf;
800
    start_track = req->cmd.buf[6];
801
    bdrv_get_geometry(s->bs, &nb_sectors);
802
    DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
803
    nb_sectors /= s->cluster_size;
804
    switch (format) {
805
    case 0:
806
        toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
807
        break;
808
    case 1:
809
        /* multi session : only a single session defined */
810
        toclen = 12;
811
        memset(outbuf, 0, 12);
812
        outbuf[1] = 0x0a;
813
        outbuf[2] = 0x01;
814
        outbuf[3] = 0x01;
815
        break;
816
    case 2:
817
        toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
818
        break;
819
    default:
820
        return -1;
821
    }
822
    if (toclen > req->cmd.xfer)
823
        toclen = req->cmd.xfer;
824
    return toclen;
825
}
826

    
827
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
828
{
829
    SCSIRequest *req = &r->req;
830
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
831
    uint64_t nb_sectors;
832
    int buflen = 0;
833
    int ret;
834

    
835
    switch (req->cmd.buf[0]) {
836
    case TEST_UNIT_READY:
837
        if (!bdrv_is_inserted(s->bs))
838
            goto not_ready;
839
        break;
840
    case REQUEST_SENSE:
841
        if (req->cmd.xfer < 4)
842
            goto illegal_request;
843
        buflen = scsi_build_sense(s->sense, outbuf, req->cmd.xfer,
844
                                  req->cmd.xfer > 13);
845
        scsi_disk_clear_sense(s);
846
        break;
847
    case INQUIRY:
848
        buflen = scsi_disk_emulate_inquiry(req, outbuf);
849
        if (buflen < 0)
850
            goto illegal_request;
851
        break;
852
    case MODE_SENSE:
853
    case MODE_SENSE_10:
854
        buflen = scsi_disk_emulate_mode_sense(req, outbuf);
855
        if (buflen < 0)
856
            goto illegal_request;
857
        break;
858
    case READ_TOC:
859
        buflen = scsi_disk_emulate_read_toc(req, outbuf);
860
        if (buflen < 0)
861
            goto illegal_request;
862
        break;
863
    case RESERVE:
864
        if (req->cmd.buf[1] & 1)
865
            goto illegal_request;
866
        break;
867
    case RESERVE_10:
868
        if (req->cmd.buf[1] & 3)
869
            goto illegal_request;
870
        break;
871
    case RELEASE:
872
        if (req->cmd.buf[1] & 1)
873
            goto illegal_request;
874
        break;
875
    case RELEASE_10:
876
        if (req->cmd.buf[1] & 3)
877
            goto illegal_request;
878
        break;
879
    case START_STOP:
880
        if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
881
            /* load/eject medium */
882
            bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
883
        }
884
        break;
885
    case ALLOW_MEDIUM_REMOVAL:
886
        bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
887
        break;
888
    case READ_CAPACITY:
889
        /* The normal LEN field for this command is zero.  */
890
        memset(outbuf, 0, 8);
891
        bdrv_get_geometry(s->bs, &nb_sectors);
892
        if (!nb_sectors)
893
            goto not_ready;
894
        nb_sectors /= s->cluster_size;
895
        /* Returned value is the address of the last sector.  */
896
        nb_sectors--;
897
        /* Remember the new size for read/write sanity checking. */
898
        s->max_lba = nb_sectors;
899
        /* Clip to 2TB, instead of returning capacity modulo 2TB. */
900
        if (nb_sectors > UINT32_MAX)
901
            nb_sectors = UINT32_MAX;
902
        outbuf[0] = (nb_sectors >> 24) & 0xff;
903
        outbuf[1] = (nb_sectors >> 16) & 0xff;
904
        outbuf[2] = (nb_sectors >> 8) & 0xff;
905
        outbuf[3] = nb_sectors & 0xff;
906
        outbuf[4] = 0;
907
        outbuf[5] = 0;
908
        outbuf[6] = s->cluster_size * 2;
909
        outbuf[7] = 0;
910
        buflen = 8;
911
        break;
912
    case SYNCHRONIZE_CACHE:
913
        ret = bdrv_flush(s->bs);
914
        if (ret < 0) {
915
            if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
916
                return -1;
917
            }
918
        }
919
        break;
920
    case GET_CONFIGURATION:
921
        memset(outbuf, 0, 8);
922
        /* ??? This should probably return much more information.  For now
923
           just return the basic header indicating the CD-ROM profile.  */
924
        outbuf[7] = 8; // CD-ROM
925
        buflen = 8;
926
        break;
927
    case SERVICE_ACTION_IN:
928
        /* Service Action In subcommands. */
929
        if ((req->cmd.buf[1] & 31) == 0x10) {
930
            DPRINTF("SAI READ CAPACITY(16)\n");
931
            memset(outbuf, 0, req->cmd.xfer);
932
            bdrv_get_geometry(s->bs, &nb_sectors);
933
            if (!nb_sectors)
934
                goto not_ready;
935
            nb_sectors /= s->cluster_size;
936
            /* Returned value is the address of the last sector.  */
937
            nb_sectors--;
938
            /* Remember the new size for read/write sanity checking. */
939
            s->max_lba = nb_sectors;
940
            outbuf[0] = (nb_sectors >> 56) & 0xff;
941
            outbuf[1] = (nb_sectors >> 48) & 0xff;
942
            outbuf[2] = (nb_sectors >> 40) & 0xff;
943
            outbuf[3] = (nb_sectors >> 32) & 0xff;
944
            outbuf[4] = (nb_sectors >> 24) & 0xff;
945
            outbuf[5] = (nb_sectors >> 16) & 0xff;
946
            outbuf[6] = (nb_sectors >> 8) & 0xff;
947
            outbuf[7] = nb_sectors & 0xff;
948
            outbuf[8] = 0;
949
            outbuf[9] = 0;
950
            outbuf[10] = s->cluster_size * 2;
951
            outbuf[11] = 0;
952
            outbuf[12] = 0;
953
            outbuf[13] = get_physical_block_exp(&s->qdev.conf);
954

    
955
            /* set TPE bit if the format supports discard */
956
            if (s->qdev.conf.discard_granularity) {
957
                outbuf[14] = 0x80;
958
            }
959

    
960
            /* Protection, exponent and lowest lba field left blank. */
961
            buflen = req->cmd.xfer;
962
            break;
963
        }
964
        DPRINTF("Unsupported Service Action In\n");
965
        goto illegal_request;
966
    case REPORT_LUNS:
967
        if (req->cmd.xfer < 16)
968
            goto illegal_request;
969
        memset(outbuf, 0, 16);
970
        outbuf[3] = 8;
971
        buflen = 16;
972
        break;
973
    case VERIFY:
974
        break;
975
    case REZERO_UNIT:
976
        DPRINTF("Rezero Unit\n");
977
        if (!bdrv_is_inserted(s->bs)) {
978
            goto not_ready;
979
        }
980
        break;
981
    default:
982
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
983
        return -1;
984
    }
985
    scsi_req_set_status(r, GOOD, SENSE_CODE(NO_SENSE));
986
    return buflen;
987

    
988
not_ready:
989
    if (!bdrv_is_inserted(s->bs)) {
990
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(NO_MEDIUM));
991
    } else {
992
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LUN_NOT_READY));
993
    }
994
    return -1;
995

    
996
illegal_request:
997
    scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
998
    return -1;
999
}
1000

    
1001
/* Execute a scsi command.  Returns the length of the data expected by the
1002
   command.  This will be Positive for data transfers from the device
1003
   (eg. disk reads), negative for transfers to the device (eg. disk writes),
1004
   and zero if the command does not transfer any data.  */
1005

    
1006
static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1007
{
1008
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1009
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1010
    int32_t len;
1011
    uint8_t command;
1012
    uint8_t *outbuf;
1013
    int rc;
1014

    
1015
    command = buf[0];
1016
    outbuf = (uint8_t *)r->iov.iov_base;
1017
    DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1018

    
1019
    if (scsi_req_parse(&r->req, buf) != 0) {
1020
        BADF("Unsupported command length, command %x\n", command);
1021
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1022
        return 0;
1023
    }
1024
#ifdef DEBUG_SCSI
1025
    {
1026
        int i;
1027
        for (i = 1; i < r->req.cmd.len; i++) {
1028
            printf(" 0x%02x", buf[i]);
1029
        }
1030
        printf("\n");
1031
    }
1032
#endif
1033

    
1034
    if (req->lun) {
1035
        /* Only LUN 0 supported.  */
1036
        DPRINTF("Unimplemented LUN %d\n", req->lun);
1037
        if (command != REQUEST_SENSE && command != INQUIRY) {
1038
            scsi_command_complete(r, CHECK_CONDITION,
1039
                                  SENSE_CODE(LUN_NOT_SUPPORTED));
1040
            return 0;
1041
        }
1042
    }
1043
    switch (command) {
1044
    case TEST_UNIT_READY:
1045
    case REQUEST_SENSE:
1046
    case INQUIRY:
1047
    case MODE_SENSE:
1048
    case MODE_SENSE_10:
1049
    case RESERVE:
1050
    case RESERVE_10:
1051
    case RELEASE:
1052
    case RELEASE_10:
1053
    case START_STOP:
1054
    case ALLOW_MEDIUM_REMOVAL:
1055
    case READ_CAPACITY:
1056
    case SYNCHRONIZE_CACHE:
1057
    case READ_TOC:
1058
    case GET_CONFIGURATION:
1059
    case SERVICE_ACTION_IN:
1060
    case REPORT_LUNS:
1061
    case VERIFY:
1062
    case REZERO_UNIT:
1063
        rc = scsi_disk_emulate_command(r, outbuf);
1064
        if (rc < 0) {
1065
            return 0;
1066
        }
1067

    
1068
        r->iov.iov_len = rc;
1069
        break;
1070
    case READ_6:
1071
    case READ_10:
1072
    case READ_12:
1073
    case READ_16:
1074
        len = r->req.cmd.xfer / s->qdev.blocksize;
1075
        DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1076
        if (r->req.cmd.lba > s->max_lba)
1077
            goto illegal_lba;
1078
        r->sector = r->req.cmd.lba * s->cluster_size;
1079
        r->sector_count = len * s->cluster_size;
1080
        break;
1081
    case WRITE_6:
1082
    case WRITE_10:
1083
    case WRITE_12:
1084
    case WRITE_16:
1085
    case WRITE_VERIFY:
1086
    case WRITE_VERIFY_12:
1087
    case WRITE_VERIFY_16:
1088
        len = r->req.cmd.xfer / s->qdev.blocksize;
1089
        DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1090
                (command & 0xe) == 0xe ? "And Verify " : "",
1091
                r->req.cmd.lba, len);
1092
        if (r->req.cmd.lba > s->max_lba)
1093
            goto illegal_lba;
1094
        r->sector = r->req.cmd.lba * s->cluster_size;
1095
        r->sector_count = len * s->cluster_size;
1096
        break;
1097
    case MODE_SELECT:
1098
        DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1099
        /* We don't support mode parameter changes.
1100
           Allow the mode parameter header + block descriptors only. */
1101
        if (r->req.cmd.xfer > 12) {
1102
            goto fail;
1103
        }
1104
        break;
1105
    case MODE_SELECT_10:
1106
        DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1107
        /* We don't support mode parameter changes.
1108
           Allow the mode parameter header + block descriptors only. */
1109
        if (r->req.cmd.xfer > 16) {
1110
            goto fail;
1111
        }
1112
        break;
1113
    case SEEK_6:
1114
    case SEEK_10:
1115
        DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1116
                r->req.cmd.lba);
1117
        if (r->req.cmd.lba > s->max_lba) {
1118
            goto illegal_lba;
1119
        }
1120
        break;
1121
    case WRITE_SAME_16:
1122
        len = r->req.cmd.xfer / s->qdev.blocksize;
1123

    
1124
        DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1125
                r->req.cmd.lba, len);
1126

    
1127
        if (r->req.cmd.lba > s->max_lba) {
1128
            goto illegal_lba;
1129
        }
1130

    
1131
        /*
1132
         * We only support WRITE SAME with the unmap bit set for now.
1133
         */
1134
        if (!(buf[1] & 0x8)) {
1135
            goto fail;
1136
        }
1137

    
1138
        rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1139
                          len * s->cluster_size);
1140
        if (rc < 0) {
1141
            /* XXX: better error code ?*/
1142
            goto fail;
1143
        }
1144

    
1145
        break;
1146
    default:
1147
        DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1148
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1149
        return 0;
1150
    fail:
1151
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
1152
        return 0;
1153
    illegal_lba:
1154
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LBA_OUT_OF_RANGE));
1155
        return 0;
1156
    }
1157
    if (r->sector_count == 0 && r->iov.iov_len == 0) {
1158
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
1159
    }
1160
    len = r->sector_count * 512 + r->iov.iov_len;
1161
    if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1162
        return -len;
1163
    } else {
1164
        if (!r->sector_count)
1165
            r->sector_count = -1;
1166
        return len;
1167
    }
1168
}
1169

    
1170
static void scsi_disk_reset(DeviceState *dev)
1171
{
1172
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1173
    uint64_t nb_sectors;
1174

    
1175
    scsi_device_purge_requests(&s->qdev);
1176

    
1177
    bdrv_get_geometry(s->bs, &nb_sectors);
1178
    nb_sectors /= s->cluster_size;
1179
    if (nb_sectors) {
1180
        nb_sectors--;
1181
    }
1182
    s->max_lba = nb_sectors;
1183
}
1184

    
1185
static void scsi_destroy(SCSIDevice *dev)
1186
{
1187
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1188

    
1189
    scsi_device_purge_requests(&s->qdev);
1190
    blockdev_mark_auto_del(s->qdev.conf.bs);
1191
}
1192

    
1193
static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
1194
{
1195
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1196
    DriveInfo *dinfo;
1197

    
1198
    if (!s->qdev.conf.bs) {
1199
        error_report("scsi-disk: drive property not set");
1200
        return -1;
1201
    }
1202
    s->bs = s->qdev.conf.bs;
1203
    s->drive_kind = kind;
1204

    
1205
    if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
1206
        error_report("Device needs media, but drive is empty");
1207
        return -1;
1208
    }
1209

    
1210
    if (!s->serial) {
1211
        /* try to fall back to value set with legacy -drive serial=... */
1212
        dinfo = drive_get_by_blockdev(s->bs);
1213
        if (*dinfo->serial) {
1214
            s->serial = qemu_strdup(dinfo->serial);
1215
        }
1216
    }
1217

    
1218
    if (!s->version) {
1219
        s->version = qemu_strdup(QEMU_VERSION);
1220
    }
1221

    
1222
    if (bdrv_is_sg(s->bs)) {
1223
        error_report("scsi-disk: unwanted /dev/sg*");
1224
        return -1;
1225
    }
1226

    
1227
    if (kind == SCSI_CD) {
1228
        s->qdev.blocksize = 2048;
1229
    } else {
1230
        s->qdev.blocksize = s->qdev.conf.logical_block_size;
1231
    }
1232
    s->cluster_size = s->qdev.blocksize / 512;
1233
    s->bs->buffer_alignment = s->qdev.blocksize;
1234

    
1235
    s->qdev.type = TYPE_DISK;
1236
    qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1237
    bdrv_set_removable(s->bs, kind == SCSI_CD);
1238
    add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1239
    return 0;
1240
}
1241

    
1242
static int scsi_hd_initfn(SCSIDevice *dev)
1243
{
1244
    return scsi_initfn(dev, SCSI_HD);
1245
}
1246

    
1247
static int scsi_cd_initfn(SCSIDevice *dev)
1248
{
1249
    return scsi_initfn(dev, SCSI_CD);
1250
}
1251

    
1252
static int scsi_disk_initfn(SCSIDevice *dev)
1253
{
1254
    SCSIDriveKind kind;
1255
    DriveInfo *dinfo;
1256

    
1257
    if (!dev->conf.bs) {
1258
        kind = SCSI_HD;         /* will die in scsi_initfn() */
1259
    } else {
1260
        dinfo = drive_get_by_blockdev(dev->conf.bs);
1261
        kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
1262
    }
1263

    
1264
    return scsi_initfn(dev, kind);
1265
}
1266

    
1267
#define DEFINE_SCSI_DISK_PROPERTIES()                           \
1268
    DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),          \
1269
    DEFINE_PROP_STRING("ver",  SCSIDiskState, version),         \
1270
    DEFINE_PROP_STRING("serial",  SCSIDiskState, serial)
1271

    
1272
static SCSIDeviceInfo scsi_disk_info[] = {
1273
    {
1274
        .qdev.name    = "scsi-hd",
1275
        .qdev.fw_name = "disk",
1276
        .qdev.desc    = "virtual SCSI disk",
1277
        .qdev.size    = sizeof(SCSIDiskState),
1278
        .qdev.reset   = scsi_disk_reset,
1279
        .init         = scsi_hd_initfn,
1280
        .destroy      = scsi_destroy,
1281
        .alloc_req    = scsi_new_request,
1282
        .free_req     = scsi_free_request,
1283
        .send_command = scsi_send_command,
1284
        .read_data    = scsi_read_data,
1285
        .write_data   = scsi_write_data,
1286
        .cancel_io    = scsi_cancel_io,
1287
        .get_buf      = scsi_get_buf,
1288
        .get_sense    = scsi_get_sense,
1289
        .qdev.props   = (Property[]) {
1290
            DEFINE_SCSI_DISK_PROPERTIES(),
1291
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1292
            DEFINE_PROP_END_OF_LIST(),
1293
        }
1294
    },{
1295
        .qdev.name    = "scsi-cd",
1296
        .qdev.fw_name = "disk",
1297
        .qdev.desc    = "virtual SCSI CD-ROM",
1298
        .qdev.size    = sizeof(SCSIDiskState),
1299
        .qdev.reset   = scsi_disk_reset,
1300
        .init         = scsi_cd_initfn,
1301
        .destroy      = scsi_destroy,
1302
        .alloc_req    = scsi_new_request,
1303
        .free_req     = scsi_free_request,
1304
        .send_command = scsi_send_command,
1305
        .read_data    = scsi_read_data,
1306
        .write_data   = scsi_write_data,
1307
        .cancel_io    = scsi_cancel_io,
1308
        .get_buf      = scsi_get_buf,
1309
        .get_sense    = scsi_get_sense,
1310
        .qdev.props   = (Property[]) {
1311
            DEFINE_SCSI_DISK_PROPERTIES(),
1312
            DEFINE_PROP_END_OF_LIST(),
1313
        },
1314
    },{
1315
        .qdev.name    = "scsi-disk", /* legacy -device scsi-disk */
1316
        .qdev.fw_name = "disk",
1317
        .qdev.desc    = "virtual SCSI disk or CD-ROM (legacy)",
1318
        .qdev.size    = sizeof(SCSIDiskState),
1319
        .qdev.reset   = scsi_disk_reset,
1320
        .init         = scsi_disk_initfn,
1321
        .destroy      = scsi_destroy,
1322
        .alloc_req    = scsi_new_request,
1323
        .free_req     = scsi_free_request,
1324
        .send_command = scsi_send_command,
1325
        .read_data    = scsi_read_data,
1326
        .write_data   = scsi_write_data,
1327
        .cancel_io    = scsi_cancel_io,
1328
        .get_buf      = scsi_get_buf,
1329
        .get_sense    = scsi_get_sense,
1330
        .qdev.props   = (Property[]) {
1331
            DEFINE_SCSI_DISK_PROPERTIES(),
1332
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1333
            DEFINE_PROP_END_OF_LIST(),
1334
        }
1335
    }
1336
};
1337

    
1338
static void scsi_disk_register_devices(void)
1339
{
1340
    int i;
1341

    
1342
    for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1343
        scsi_qdev_register(&scsi_disk_info[i]);
1344
    }
1345
}
1346
device_init(scsi_disk_register_devices)