Statistics
| Branch: | Revision:

root / hw / scsi-disk.c @ 74382217

History | View | Annotate | Download (40.1 kB)

1
/*
2
 * SCSI Device emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Based on code by Fabrice Bellard
6
 *
7
 * Written by Paul Brook
8
 * Modifications:
9
 *  2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10
 *                                 when the allocation length of CDB is smaller
11
 *                                 than 36.
12
 *  2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13
 *                                 MODE SENSE response.
14
 *
15
 * This code is licenced under the LGPL.
16
 *
17
 * Note that this file only handles the SCSI architecture model and device
18
 * commands.  Emulation of interface/link layer protocols is handled by
19
 * the host adapter emulator.
20
 */
21

    
22
//#define DEBUG_SCSI
23

    
24
#ifdef DEBUG_SCSI
25
#define DPRINTF(fmt, ...) \
26
do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27
#else
28
#define DPRINTF(fmt, ...) do {} while(0)
29
#endif
30

    
31
#define BADF(fmt, ...) \
32
do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33

    
34
#include "qemu-common.h"
35
#include "qemu-error.h"
36
#include "scsi.h"
37
#include "scsi-defs.h"
38
#include "sysemu.h"
39
#include "blockdev.h"
40

    
41
#define SCSI_DMA_BUF_SIZE    131072
42
#define SCSI_MAX_INQUIRY_LEN 256
43

    
44
#define SCSI_REQ_STATUS_RETRY           0x01
45
#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46
#define SCSI_REQ_STATUS_RETRY_READ      0x00
47
#define SCSI_REQ_STATUS_RETRY_WRITE     0x02
48
#define SCSI_REQ_STATUS_RETRY_FLUSH     0x04
49

    
50
typedef struct SCSIDiskState SCSIDiskState;
51

    
52
typedef struct SCSIDiskReq {
53
    SCSIRequest req;
54
    /* ??? We should probably keep track of whether the data transfer is
55
       a read or a write.  Currently we rely on the host getting it right.  */
56
    /* Both sector and sector_count are in terms of qemu 512 byte blocks.  */
57
    uint64_t sector;
58
    uint32_t sector_count;
59
    struct iovec iov;
60
    QEMUIOVector qiov;
61
    uint32_t status;
62
} SCSIDiskReq;
63

    
64
typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
65

    
66
struct SCSIDiskState
67
{
68
    SCSIDevice qdev;
69
    BlockDriverState *bs;
70
    /* The qemu block layer uses a fixed 512 byte sector size.
71
       This is the number of 512 byte blocks in a single scsi sector.  */
72
    int cluster_size;
73
    uint32_t removable;
74
    uint64_t max_lba;
75
    QEMUBH *bh;
76
    char *version;
77
    char *serial;
78
    SCSISense sense;
79
    SCSIDriveKind drive_kind;
80
};
81

    
82
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
83
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
84

    
85
static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
86
        uint32_t lun)
87
{
88
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
89
    SCSIRequest *req;
90
    SCSIDiskReq *r;
91

    
92
    req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
93
    r = DO_UPCAST(SCSIDiskReq, req, req);
94
    r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
95
    return req;
96
}
97

    
98
static void scsi_free_request(SCSIRequest *req)
99
{
100
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101

    
102
    qemu_vfree(r->iov.iov_base);
103
}
104

    
105
static void scsi_disk_clear_sense(SCSIDiskState *s)
106
{
107
    memset(&s->sense, 0, sizeof(s->sense));
108
}
109

    
110
static void scsi_req_set_status(SCSIDiskReq *r, int status, SCSISense sense)
111
{
112
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
113

    
114
    r->req.status = status;
115
    s->sense = sense;
116
}
117

    
118
/* Helper function for command completion.  */
119
static void scsi_command_complete(SCSIDiskReq *r, int status, SCSISense sense)
120
{
121
    DPRINTF("Command complete tag=0x%x status=%d sense=%d/%d/%d\n",
122
            r->req.tag, status, sense.key, sense.asc, sense.ascq);
123
    scsi_req_set_status(r, status, sense);
124
    scsi_req_complete(&r->req);
125
}
126

    
127
/* Cancel a pending data transfer.  */
128
static void scsi_cancel_io(SCSIRequest *req)
129
{
130
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131

    
132
    DPRINTF("Cancel tag=0x%x\n", req->tag);
133
    if (r->req.aiocb) {
134
        bdrv_aio_cancel(r->req.aiocb);
135
    }
136
    r->req.aiocb = NULL;
137
}
138

    
139
static void scsi_read_complete(void * opaque, int ret)
140
{
141
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
142
    int n;
143

    
144
    r->req.aiocb = NULL;
145

    
146
    if (ret) {
147
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
148
            return;
149
        }
150
    }
151

    
152
    DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
153

    
154
    n = r->iov.iov_len / 512;
155
    r->sector += n;
156
    r->sector_count -= n;
157
    scsi_req_data(&r->req, r->iov.iov_len);
158
}
159

    
160

    
161
/* Read more data from scsi device into buffer.  */
162
static void scsi_read_data(SCSIRequest *req)
163
{
164
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
165
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
166
    uint32_t n;
167

    
168
    if (r->sector_count == (uint32_t)-1) {
169
        DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
170
        r->sector_count = 0;
171
        scsi_req_data(&r->req, r->iov.iov_len);
172
        return;
173
    }
174
    DPRINTF("Read sector_count=%d\n", r->sector_count);
175
    if (r->sector_count == 0) {
176
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
177
        return;
178
    }
179

    
180
    /* No data transfer may already be in progress */
181
    assert(r->req.aiocb == NULL);
182

    
183
    n = r->sector_count;
184
    if (n > SCSI_DMA_BUF_SIZE / 512)
185
        n = SCSI_DMA_BUF_SIZE / 512;
186

    
187
    r->iov.iov_len = n * 512;
188
    qemu_iovec_init_external(&r->qiov, &r->iov, 1);
189
    r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
190
                              scsi_read_complete, r);
191
    if (r->req.aiocb == NULL) {
192
        scsi_read_complete(r, -EIO);
193
    }
194
}
195

    
196
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
197
{
198
    int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
199
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
200
    BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
201

    
202
    if (action == BLOCK_ERR_IGNORE) {
203
        bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
204
        return 0;
205
    }
206

    
207
    if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
208
            || action == BLOCK_ERR_STOP_ANY) {
209

    
210
        type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
211
        r->status |= SCSI_REQ_STATUS_RETRY | type;
212

    
213
        bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
214
        vm_stop(VMSTOP_DISKFULL);
215
    } else {
216
        if (type == SCSI_REQ_STATUS_RETRY_READ) {
217
            scsi_req_data(&r->req, 0);
218
        }
219
        if (error == ENOMEM) {
220
            scsi_command_complete(r, CHECK_CONDITION,
221
                                  SENSE_CODE(TARGET_FAILURE));
222
        } else {
223
            scsi_command_complete(r, CHECK_CONDITION,
224
                                  SENSE_CODE(IO_ERROR));
225
        }
226
        bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
227
    }
228

    
229
    return 1;
230
}
231

    
232
static void scsi_write_complete(void * opaque, int ret)
233
{
234
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
235
    uint32_t len;
236
    uint32_t n;
237

    
238
    r->req.aiocb = NULL;
239

    
240
    if (ret) {
241
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
242
            return;
243
        }
244
    }
245

    
246
    n = r->iov.iov_len / 512;
247
    r->sector += n;
248
    r->sector_count -= n;
249
    if (r->sector_count == 0) {
250
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
251
    } else {
252
        len = r->sector_count * 512;
253
        if (len > SCSI_DMA_BUF_SIZE) {
254
            len = SCSI_DMA_BUF_SIZE;
255
        }
256
        r->iov.iov_len = len;
257
        DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
258
        scsi_req_data(&r->req, len);
259
    }
260
}
261

    
262
static int scsi_write_data(SCSIRequest *req)
263
{
264
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
265
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
266
    uint32_t n;
267

    
268
    /* No data transfer may already be in progress */
269
    assert(r->req.aiocb == NULL);
270

    
271
    n = r->iov.iov_len / 512;
272
    if (n) {
273
        qemu_iovec_init_external(&r->qiov, &r->iov, 1);
274
        r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
275
                                   scsi_write_complete, r);
276
        if (r->req.aiocb == NULL) {
277
            scsi_write_complete(r, -ENOMEM);
278
        }
279
    } else {
280
        /* Invoke completion routine to fetch data from host.  */
281
        scsi_write_complete(r, 0);
282
    }
283

    
284
    return 0;
285
}
286

    
287
static void scsi_dma_restart_bh(void *opaque)
288
{
289
    SCSIDiskState *s = opaque;
290
    SCSIRequest *req;
291
    SCSIDiskReq *r;
292

    
293
    qemu_bh_delete(s->bh);
294
    s->bh = NULL;
295

    
296
    QTAILQ_FOREACH(req, &s->qdev.requests, next) {
297
        r = DO_UPCAST(SCSIDiskReq, req, req);
298
        if (r->status & SCSI_REQ_STATUS_RETRY) {
299
            int status = r->status;
300
            int ret;
301

    
302
            r->status &=
303
                ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
304

    
305
            switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
306
            case SCSI_REQ_STATUS_RETRY_READ:
307
                scsi_read_data(&r->req);
308
                break;
309
            case SCSI_REQ_STATUS_RETRY_WRITE:
310
                scsi_write_data(&r->req);
311
                break;
312
            case SCSI_REQ_STATUS_RETRY_FLUSH:
313
                ret = scsi_disk_emulate_command(r, r->iov.iov_base);
314
                if (ret == 0) {
315
                    scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
316
                }
317
            }
318
        }
319
    }
320
}
321

    
322
static void scsi_dma_restart_cb(void *opaque, int running, int reason)
323
{
324
    SCSIDiskState *s = opaque;
325

    
326
    if (!running)
327
        return;
328

    
329
    if (!s->bh) {
330
        s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
331
        qemu_bh_schedule(s->bh);
332
    }
333
}
334

    
335
/* Return a pointer to the data buffer.  */
336
static uint8_t *scsi_get_buf(SCSIRequest *req)
337
{
338
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
339

    
340
    return (uint8_t *)r->iov.iov_base;
341
}
342

    
343
/* Copy sense information into the provided buffer */
344
static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
345
{
346
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
347

    
348
    return scsi_build_sense(s->sense, outbuf, len, len > 14);
349
}
350

    
351
static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
352
{
353
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
354
    int buflen = 0;
355

    
356
    if (req->cmd.buf[1] & 0x2) {
357
        /* Command support data - optional, not implemented */
358
        BADF("optional INQUIRY command support request not implemented\n");
359
        return -1;
360
    }
361

    
362
    if (req->cmd.buf[1] & 0x1) {
363
        /* Vital product data */
364
        uint8_t page_code = req->cmd.buf[2];
365
        if (req->cmd.xfer < 4) {
366
            BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
367
                 "less than 4\n", page_code, req->cmd.xfer);
368
            return -1;
369
        }
370

    
371
        if (s->drive_kind == SCSI_CD) {
372
            outbuf[buflen++] = 5;
373
        } else {
374
            outbuf[buflen++] = 0;
375
        }
376
        outbuf[buflen++] = page_code ; // this page
377
        outbuf[buflen++] = 0x00;
378

    
379
        switch (page_code) {
380
        case 0x00: /* Supported page codes, mandatory */
381
        {
382
            int pages;
383
            DPRINTF("Inquiry EVPD[Supported pages] "
384
                    "buffer size %zd\n", req->cmd.xfer);
385
            pages = buflen++;
386
            outbuf[buflen++] = 0x00; // list of supported pages (this page)
387
            outbuf[buflen++] = 0x80; // unit serial number
388
            outbuf[buflen++] = 0x83; // device identification
389
            if (s->drive_kind == SCSI_HD) {
390
                outbuf[buflen++] = 0xb0; // block limits
391
                outbuf[buflen++] = 0xb2; // thin provisioning
392
            }
393
            outbuf[pages] = buflen - pages - 1; // number of pages
394
            break;
395
        }
396
        case 0x80: /* Device serial number, optional */
397
        {
398
            int l = strlen(s->serial);
399

    
400
            if (l > req->cmd.xfer)
401
                l = req->cmd.xfer;
402
            if (l > 20)
403
                l = 20;
404

    
405
            DPRINTF("Inquiry EVPD[Serial number] "
406
                    "buffer size %zd\n", req->cmd.xfer);
407
            outbuf[buflen++] = l;
408
            memcpy(outbuf+buflen, s->serial, l);
409
            buflen += l;
410
            break;
411
        }
412

    
413
        case 0x83: /* Device identification page, mandatory */
414
        {
415
            int max_len = 255 - 8;
416
            int id_len = strlen(bdrv_get_device_name(s->bs));
417

    
418
            if (id_len > max_len)
419
                id_len = max_len;
420
            DPRINTF("Inquiry EVPD[Device identification] "
421
                    "buffer size %zd\n", req->cmd.xfer);
422

    
423
            outbuf[buflen++] = 4 + id_len;
424
            outbuf[buflen++] = 0x2; // ASCII
425
            outbuf[buflen++] = 0;   // not officially assigned
426
            outbuf[buflen++] = 0;   // reserved
427
            outbuf[buflen++] = id_len; // length of data following
428

    
429
            memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
430
            buflen += id_len;
431
            break;
432
        }
433
        case 0xb0: /* block limits */
434
        {
435
            unsigned int unmap_sectors =
436
                    s->qdev.conf.discard_granularity / s->qdev.blocksize;
437
            unsigned int min_io_size =
438
                    s->qdev.conf.min_io_size / s->qdev.blocksize;
439
            unsigned int opt_io_size =
440
                    s->qdev.conf.opt_io_size / s->qdev.blocksize;
441

    
442
            if (s->drive_kind == SCSI_CD) {
443
                DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
444
                        page_code);
445
                return -1;
446
            }
447
            /* required VPD size with unmap support */
448
            outbuf[3] = buflen = 0x3c;
449

    
450
            memset(outbuf + 4, 0, buflen - 4);
451

    
452
            /* optimal transfer length granularity */
453
            outbuf[6] = (min_io_size >> 8) & 0xff;
454
            outbuf[7] = min_io_size & 0xff;
455

    
456
            /* optimal transfer length */
457
            outbuf[12] = (opt_io_size >> 24) & 0xff;
458
            outbuf[13] = (opt_io_size >> 16) & 0xff;
459
            outbuf[14] = (opt_io_size >> 8) & 0xff;
460
            outbuf[15] = opt_io_size & 0xff;
461

    
462
            /* optimal unmap granularity */
463
            outbuf[28] = (unmap_sectors >> 24) & 0xff;
464
            outbuf[29] = (unmap_sectors >> 16) & 0xff;
465
            outbuf[30] = (unmap_sectors >> 8) & 0xff;
466
            outbuf[31] = unmap_sectors & 0xff;
467
            break;
468
        }
469
        case 0xb2: /* thin provisioning */
470
        {
471
            outbuf[3] = buflen = 8;
472
            outbuf[4] = 0;
473
            outbuf[5] = 0x40; /* write same with unmap supported */
474
            outbuf[6] = 0;
475
            outbuf[7] = 0;
476
            break;
477
        }
478
        default:
479
            BADF("Error: unsupported Inquiry (EVPD[%02X]) "
480
                 "buffer size %zd\n", page_code, req->cmd.xfer);
481
            return -1;
482
        }
483
        /* done with EVPD */
484
        return buflen;
485
    }
486

    
487
    /* Standard INQUIRY data */
488
    if (req->cmd.buf[2] != 0) {
489
        BADF("Error: Inquiry (STANDARD) page or code "
490
             "is non-zero [%02X]\n", req->cmd.buf[2]);
491
        return -1;
492
    }
493

    
494
    /* PAGE CODE == 0 */
495
    if (req->cmd.xfer < 5) {
496
        BADF("Error: Inquiry (STANDARD) buffer size %zd "
497
             "is less than 5\n", req->cmd.xfer);
498
        return -1;
499
    }
500

    
501
    buflen = req->cmd.xfer;
502
    if (buflen > SCSI_MAX_INQUIRY_LEN)
503
        buflen = SCSI_MAX_INQUIRY_LEN;
504

    
505
    memset(outbuf, 0, buflen);
506

    
507
    if (req->lun || req->cmd.buf[1] >> 5) {
508
        outbuf[0] = 0x7f;        /* LUN not supported */
509
        return buflen;
510
    }
511

    
512
    if (s->drive_kind == SCSI_CD) {
513
        outbuf[0] = 5;
514
        outbuf[1] = 0x80;
515
        memcpy(&outbuf[16], "QEMU CD-ROM     ", 16);
516
    } else {
517
        outbuf[0] = 0;
518
        outbuf[1] = s->removable ? 0x80 : 0;
519
        memcpy(&outbuf[16], "QEMU HARDDISK   ", 16);
520
    }
521
    memcpy(&outbuf[8], "QEMU    ", 8);
522
    memset(&outbuf[32], 0, 4);
523
    memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
524
    /*
525
     * We claim conformance to SPC-3, which is required for guests
526
     * to ask for modern features like READ CAPACITY(16) or the
527
     * block characteristics VPD page by default.  Not all of SPC-3
528
     * is actually implemented, but we're good enough.
529
     */
530
    outbuf[2] = 5;
531
    outbuf[3] = 2; /* Format 2 */
532

    
533
    if (buflen > 36) {
534
        outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
535
    } else {
536
        /* If the allocation length of CDB is too small,
537
               the additional length is not adjusted */
538
        outbuf[4] = 36 - 5;
539
    }
540

    
541
    /* Sync data transfer and TCQ.  */
542
    outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
543
    return buflen;
544
}
545

    
546
static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
547
                           int page_control)
548
{
549
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
550
    BlockDriverState *bdrv = s->bs;
551
    int cylinders, heads, secs;
552

    
553
    /*
554
     * If Changeable Values are requested, a mask denoting those mode parameters
555
     * that are changeable shall be returned. As we currently don't support
556
     * parameter changes via MODE_SELECT all bits are returned set to zero.
557
     * The buffer was already menset to zero by the caller of this function.
558
     */
559
    switch (page) {
560
    case 4: /* Rigid disk device geometry page. */
561
        p[0] = 4;
562
        p[1] = 0x16;
563
        if (page_control == 1) { /* Changeable Values */
564
            return p[1] + 2;
565
        }
566
        /* if a geometry hint is available, use it */
567
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
568
        p[2] = (cylinders >> 16) & 0xff;
569
        p[3] = (cylinders >> 8) & 0xff;
570
        p[4] = cylinders & 0xff;
571
        p[5] = heads & 0xff;
572
        /* Write precomp start cylinder, disabled */
573
        p[6] = (cylinders >> 16) & 0xff;
574
        p[7] = (cylinders >> 8) & 0xff;
575
        p[8] = cylinders & 0xff;
576
        /* Reduced current start cylinder, disabled */
577
        p[9] = (cylinders >> 16) & 0xff;
578
        p[10] = (cylinders >> 8) & 0xff;
579
        p[11] = cylinders & 0xff;
580
        /* Device step rate [ns], 200ns */
581
        p[12] = 0;
582
        p[13] = 200;
583
        /* Landing zone cylinder */
584
        p[14] = 0xff;
585
        p[15] =  0xff;
586
        p[16] = 0xff;
587
        /* Medium rotation rate [rpm], 5400 rpm */
588
        p[20] = (5400 >> 8) & 0xff;
589
        p[21] = 5400 & 0xff;
590
        return p[1] + 2;
591

    
592
    case 5: /* Flexible disk device geometry page. */
593
        p[0] = 5;
594
        p[1] = 0x1e;
595
        if (page_control == 1) { /* Changeable Values */
596
            return p[1] + 2;
597
        }
598
        /* Transfer rate [kbit/s], 5Mbit/s */
599
        p[2] = 5000 >> 8;
600
        p[3] = 5000 & 0xff;
601
        /* if a geometry hint is available, use it */
602
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
603
        p[4] = heads & 0xff;
604
        p[5] = secs & 0xff;
605
        p[6] = s->cluster_size * 2;
606
        p[8] = (cylinders >> 8) & 0xff;
607
        p[9] = cylinders & 0xff;
608
        /* Write precomp start cylinder, disabled */
609
        p[10] = (cylinders >> 8) & 0xff;
610
        p[11] = cylinders & 0xff;
611
        /* Reduced current start cylinder, disabled */
612
        p[12] = (cylinders >> 8) & 0xff;
613
        p[13] = cylinders & 0xff;
614
        /* Device step rate [100us], 100us */
615
        p[14] = 0;
616
        p[15] = 1;
617
        /* Device step pulse width [us], 1us */
618
        p[16] = 1;
619
        /* Device head settle delay [100us], 100us */
620
        p[17] = 0;
621
        p[18] = 1;
622
        /* Motor on delay [0.1s], 0.1s */
623
        p[19] = 1;
624
        /* Motor off delay [0.1s], 0.1s */
625
        p[20] = 1;
626
        /* Medium rotation rate [rpm], 5400 rpm */
627
        p[28] = (5400 >> 8) & 0xff;
628
        p[29] = 5400 & 0xff;
629
        return p[1] + 2;
630

    
631
    case 8: /* Caching page.  */
632
        p[0] = 8;
633
        p[1] = 0x12;
634
        if (page_control == 1) { /* Changeable Values */
635
            return p[1] + 2;
636
        }
637
        if (bdrv_enable_write_cache(s->bs)) {
638
            p[2] = 4; /* WCE */
639
        }
640
        return p[1] + 2;
641

    
642
    case 0x2a: /* CD Capabilities and Mechanical Status page. */
643
        if (s->drive_kind != SCSI_CD)
644
            return 0;
645
        p[0] = 0x2a;
646
        p[1] = 0x14;
647
        if (page_control == 1) { /* Changeable Values */
648
            return p[1] + 2;
649
        }
650
        p[2] = 3; // CD-R & CD-RW read
651
        p[3] = 0; // Writing not supported
652
        p[4] = 0x7f; /* Audio, composite, digital out,
653
                        mode 2 form 1&2, multi session */
654
        p[5] = 0xff; /* CD DA, DA accurate, RW supported,
655
                        RW corrected, C2 errors, ISRC,
656
                        UPC, Bar code */
657
        p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
658
        /* Locking supported, jumper present, eject, tray */
659
        p[7] = 0; /* no volume & mute control, no
660
                     changer */
661
        p[8] = (50 * 176) >> 8; // 50x read speed
662
        p[9] = (50 * 176) & 0xff;
663
        p[10] = 0 >> 8; // No volume
664
        p[11] = 0 & 0xff;
665
        p[12] = 2048 >> 8; // 2M buffer
666
        p[13] = 2048 & 0xff;
667
        p[14] = (16 * 176) >> 8; // 16x read speed current
668
        p[15] = (16 * 176) & 0xff;
669
        p[18] = (16 * 176) >> 8; // 16x write speed
670
        p[19] = (16 * 176) & 0xff;
671
        p[20] = (16 * 176) >> 8; // 16x write speed current
672
        p[21] = (16 * 176) & 0xff;
673
        return p[1] + 2;
674

    
675
    default:
676
        return 0;
677
    }
678
}
679

    
680
static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
681
{
682
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
683
    uint64_t nb_sectors;
684
    int page, dbd, buflen, page_control;
685
    uint8_t *p;
686
    uint8_t dev_specific_param;
687

    
688
    dbd = req->cmd.buf[1]  & 0x8;
689
    page = req->cmd.buf[2] & 0x3f;
690
    page_control = (req->cmd.buf[2] & 0xc0) >> 6;
691
    DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
692
        (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
693
    memset(outbuf, 0, req->cmd.xfer);
694
    p = outbuf;
695

    
696
    if (bdrv_is_read_only(s->bs)) {
697
        dev_specific_param = 0x80; /* Readonly.  */
698
    } else {
699
        dev_specific_param = 0x00;
700
    }
701

    
702
    if (req->cmd.buf[0] == MODE_SENSE) {
703
        p[1] = 0; /* Default media type.  */
704
        p[2] = dev_specific_param;
705
        p[3] = 0; /* Block descriptor length.  */
706
        p += 4;
707
    } else { /* MODE_SENSE_10 */
708
        p[2] = 0; /* Default media type.  */
709
        p[3] = dev_specific_param;
710
        p[6] = p[7] = 0; /* Block descriptor length.  */
711
        p += 8;
712
    }
713

    
714
    bdrv_get_geometry(s->bs, &nb_sectors);
715
    if (!dbd && nb_sectors) {
716
        if (req->cmd.buf[0] == MODE_SENSE) {
717
            outbuf[3] = 8; /* Block descriptor length  */
718
        } else { /* MODE_SENSE_10 */
719
            outbuf[7] = 8; /* Block descriptor length  */
720
        }
721
        nb_sectors /= s->cluster_size;
722
        if (nb_sectors > 0xffffff)
723
            nb_sectors = 0;
724
        p[0] = 0; /* media density code */
725
        p[1] = (nb_sectors >> 16) & 0xff;
726
        p[2] = (nb_sectors >> 8) & 0xff;
727
        p[3] = nb_sectors & 0xff;
728
        p[4] = 0; /* reserved */
729
        p[5] = 0; /* bytes 5-7 are the sector size in bytes */
730
        p[6] = s->cluster_size * 2;
731
        p[7] = 0;
732
        p += 8;
733
    }
734

    
735
    if (page_control == 3) { /* Saved Values */
736
        return -1; /* ILLEGAL_REQUEST */
737
    }
738

    
739
    switch (page) {
740
    case 0x04:
741
    case 0x05:
742
    case 0x08:
743
    case 0x2a:
744
        p += mode_sense_page(req, page, p, page_control);
745
        break;
746
    case 0x3f:
747
        p += mode_sense_page(req, 0x08, p, page_control);
748
        p += mode_sense_page(req, 0x2a, p, page_control);
749
        break;
750
    default:
751
        return -1; /* ILLEGAL_REQUEST */
752
    }
753

    
754
    buflen = p - outbuf;
755
    /*
756
     * The mode data length field specifies the length in bytes of the
757
     * following data that is available to be transferred. The mode data
758
     * length does not include itself.
759
     */
760
    if (req->cmd.buf[0] == MODE_SENSE) {
761
        outbuf[0] = buflen - 1;
762
    } else { /* MODE_SENSE_10 */
763
        outbuf[0] = ((buflen - 2) >> 8) & 0xff;
764
        outbuf[1] = (buflen - 2) & 0xff;
765
    }
766
    if (buflen > req->cmd.xfer)
767
        buflen = req->cmd.xfer;
768
    return buflen;
769
}
770

    
771
static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
772
{
773
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
774
    int start_track, format, msf, toclen;
775
    uint64_t nb_sectors;
776

    
777
    msf = req->cmd.buf[1] & 2;
778
    format = req->cmd.buf[2] & 0xf;
779
    start_track = req->cmd.buf[6];
780
    bdrv_get_geometry(s->bs, &nb_sectors);
781
    DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
782
    nb_sectors /= s->cluster_size;
783
    switch (format) {
784
    case 0:
785
        toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
786
        break;
787
    case 1:
788
        /* multi session : only a single session defined */
789
        toclen = 12;
790
        memset(outbuf, 0, 12);
791
        outbuf[1] = 0x0a;
792
        outbuf[2] = 0x01;
793
        outbuf[3] = 0x01;
794
        break;
795
    case 2:
796
        toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
797
        break;
798
    default:
799
        return -1;
800
    }
801
    if (toclen > req->cmd.xfer)
802
        toclen = req->cmd.xfer;
803
    return toclen;
804
}
805

    
806
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
807
{
808
    SCSIRequest *req = &r->req;
809
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
810
    uint64_t nb_sectors;
811
    int buflen = 0;
812
    int ret;
813

    
814
    switch (req->cmd.buf[0]) {
815
    case TEST_UNIT_READY:
816
        if (!bdrv_is_inserted(s->bs))
817
            goto not_ready;
818
        break;
819
    case REQUEST_SENSE:
820
        if (req->cmd.xfer < 4)
821
            goto illegal_request;
822
        buflen = scsi_build_sense(s->sense, outbuf, req->cmd.xfer,
823
                                  req->cmd.xfer > 13);
824
        scsi_disk_clear_sense(s);
825
        break;
826
    case INQUIRY:
827
        buflen = scsi_disk_emulate_inquiry(req, outbuf);
828
        if (buflen < 0)
829
            goto illegal_request;
830
        break;
831
    case MODE_SENSE:
832
    case MODE_SENSE_10:
833
        buflen = scsi_disk_emulate_mode_sense(req, outbuf);
834
        if (buflen < 0)
835
            goto illegal_request;
836
        break;
837
    case READ_TOC:
838
        buflen = scsi_disk_emulate_read_toc(req, outbuf);
839
        if (buflen < 0)
840
            goto illegal_request;
841
        break;
842
    case RESERVE:
843
        if (req->cmd.buf[1] & 1)
844
            goto illegal_request;
845
        break;
846
    case RESERVE_10:
847
        if (req->cmd.buf[1] & 3)
848
            goto illegal_request;
849
        break;
850
    case RELEASE:
851
        if (req->cmd.buf[1] & 1)
852
            goto illegal_request;
853
        break;
854
    case RELEASE_10:
855
        if (req->cmd.buf[1] & 3)
856
            goto illegal_request;
857
        break;
858
    case START_STOP:
859
        if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
860
            /* load/eject medium */
861
            bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
862
        }
863
        break;
864
    case ALLOW_MEDIUM_REMOVAL:
865
        bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
866
        break;
867
    case READ_CAPACITY:
868
        /* The normal LEN field for this command is zero.  */
869
        memset(outbuf, 0, 8);
870
        bdrv_get_geometry(s->bs, &nb_sectors);
871
        if (!nb_sectors)
872
            goto not_ready;
873
        nb_sectors /= s->cluster_size;
874
        /* Returned value is the address of the last sector.  */
875
        nb_sectors--;
876
        /* Remember the new size for read/write sanity checking. */
877
        s->max_lba = nb_sectors;
878
        /* Clip to 2TB, instead of returning capacity modulo 2TB. */
879
        if (nb_sectors > UINT32_MAX)
880
            nb_sectors = UINT32_MAX;
881
        outbuf[0] = (nb_sectors >> 24) & 0xff;
882
        outbuf[1] = (nb_sectors >> 16) & 0xff;
883
        outbuf[2] = (nb_sectors >> 8) & 0xff;
884
        outbuf[3] = nb_sectors & 0xff;
885
        outbuf[4] = 0;
886
        outbuf[5] = 0;
887
        outbuf[6] = s->cluster_size * 2;
888
        outbuf[7] = 0;
889
        buflen = 8;
890
        break;
891
    case SYNCHRONIZE_CACHE:
892
        ret = bdrv_flush(s->bs);
893
        if (ret < 0) {
894
            if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
895
                return -1;
896
            }
897
        }
898
        break;
899
    case GET_CONFIGURATION:
900
        memset(outbuf, 0, 8);
901
        /* ??? This should probably return much more information.  For now
902
           just return the basic header indicating the CD-ROM profile.  */
903
        outbuf[7] = 8; // CD-ROM
904
        buflen = 8;
905
        break;
906
    case SERVICE_ACTION_IN:
907
        /* Service Action In subcommands. */
908
        if ((req->cmd.buf[1] & 31) == 0x10) {
909
            DPRINTF("SAI READ CAPACITY(16)\n");
910
            memset(outbuf, 0, req->cmd.xfer);
911
            bdrv_get_geometry(s->bs, &nb_sectors);
912
            if (!nb_sectors)
913
                goto not_ready;
914
            nb_sectors /= s->cluster_size;
915
            /* Returned value is the address of the last sector.  */
916
            nb_sectors--;
917
            /* Remember the new size for read/write sanity checking. */
918
            s->max_lba = nb_sectors;
919
            outbuf[0] = (nb_sectors >> 56) & 0xff;
920
            outbuf[1] = (nb_sectors >> 48) & 0xff;
921
            outbuf[2] = (nb_sectors >> 40) & 0xff;
922
            outbuf[3] = (nb_sectors >> 32) & 0xff;
923
            outbuf[4] = (nb_sectors >> 24) & 0xff;
924
            outbuf[5] = (nb_sectors >> 16) & 0xff;
925
            outbuf[6] = (nb_sectors >> 8) & 0xff;
926
            outbuf[7] = nb_sectors & 0xff;
927
            outbuf[8] = 0;
928
            outbuf[9] = 0;
929
            outbuf[10] = s->cluster_size * 2;
930
            outbuf[11] = 0;
931
            outbuf[12] = 0;
932
            outbuf[13] = get_physical_block_exp(&s->qdev.conf);
933

    
934
            /* set TPE bit if the format supports discard */
935
            if (s->qdev.conf.discard_granularity) {
936
                outbuf[14] = 0x80;
937
            }
938

    
939
            /* Protection, exponent and lowest lba field left blank. */
940
            buflen = req->cmd.xfer;
941
            break;
942
        }
943
        DPRINTF("Unsupported Service Action In\n");
944
        goto illegal_request;
945
    case REPORT_LUNS:
946
        if (req->cmd.xfer < 16)
947
            goto illegal_request;
948
        memset(outbuf, 0, 16);
949
        outbuf[3] = 8;
950
        buflen = 16;
951
        break;
952
    case VERIFY:
953
        break;
954
    case REZERO_UNIT:
955
        DPRINTF("Rezero Unit\n");
956
        if (!bdrv_is_inserted(s->bs)) {
957
            goto not_ready;
958
        }
959
        break;
960
    default:
961
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
962
        return -1;
963
    }
964
    scsi_req_set_status(r, GOOD, SENSE_CODE(NO_SENSE));
965
    return buflen;
966

    
967
not_ready:
968
    if (!bdrv_is_inserted(s->bs)) {
969
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(NO_MEDIUM));
970
    } else {
971
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LUN_NOT_READY));
972
    }
973
    return -1;
974

    
975
illegal_request:
976
    scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
977
    return -1;
978
}
979

    
980
/* Execute a scsi command.  Returns the length of the data expected by the
981
   command.  This will be Positive for data transfers from the device
982
   (eg. disk reads), negative for transfers to the device (eg. disk writes),
983
   and zero if the command does not transfer any data.  */
984

    
985
static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
986
{
987
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
988
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
989
    int32_t len;
990
    int is_write;
991
    uint8_t command;
992
    uint8_t *outbuf;
993
    int rc;
994

    
995
    command = buf[0];
996
    outbuf = (uint8_t *)r->iov.iov_base;
997
    is_write = 0;
998
    DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
999

    
1000
    if (scsi_req_parse(&r->req, buf) != 0) {
1001
        BADF("Unsupported command length, command %x\n", command);
1002
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1003
        return 0;
1004
    }
1005
#ifdef DEBUG_SCSI
1006
    {
1007
        int i;
1008
        for (i = 1; i < r->req.cmd.len; i++) {
1009
            printf(" 0x%02x", buf[i]);
1010
        }
1011
        printf("\n");
1012
    }
1013
#endif
1014

    
1015
    if (req->lun || buf[1] >> 5) {
1016
        /* Only LUN 0 supported.  */
1017
        DPRINTF("Unimplemented LUN %d\n", req->lun ? req->lun : buf[1] >> 5);
1018
        if (command != REQUEST_SENSE && command != INQUIRY) {
1019
            scsi_command_complete(r, CHECK_CONDITION,
1020
                                  SENSE_CODE(LUN_NOT_SUPPORTED));
1021
            return 0;
1022
        }
1023
    }
1024
    switch (command) {
1025
    case TEST_UNIT_READY:
1026
    case REQUEST_SENSE:
1027
    case INQUIRY:
1028
    case MODE_SENSE:
1029
    case MODE_SENSE_10:
1030
    case RESERVE:
1031
    case RESERVE_10:
1032
    case RELEASE:
1033
    case RELEASE_10:
1034
    case START_STOP:
1035
    case ALLOW_MEDIUM_REMOVAL:
1036
    case READ_CAPACITY:
1037
    case SYNCHRONIZE_CACHE:
1038
    case READ_TOC:
1039
    case GET_CONFIGURATION:
1040
    case SERVICE_ACTION_IN:
1041
    case REPORT_LUNS:
1042
    case VERIFY:
1043
    case REZERO_UNIT:
1044
        rc = scsi_disk_emulate_command(r, outbuf);
1045
        if (rc < 0) {
1046
            return 0;
1047
        }
1048

    
1049
        r->iov.iov_len = rc;
1050
        break;
1051
    case READ_6:
1052
    case READ_10:
1053
    case READ_12:
1054
    case READ_16:
1055
        len = r->req.cmd.xfer / s->qdev.blocksize;
1056
        DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1057
        if (r->req.cmd.lba > s->max_lba)
1058
            goto illegal_lba;
1059
        r->sector = r->req.cmd.lba * s->cluster_size;
1060
        r->sector_count = len * s->cluster_size;
1061
        break;
1062
    case WRITE_6:
1063
    case WRITE_10:
1064
    case WRITE_12:
1065
    case WRITE_16:
1066
    case WRITE_VERIFY:
1067
    case WRITE_VERIFY_12:
1068
    case WRITE_VERIFY_16:
1069
        len = r->req.cmd.xfer / s->qdev.blocksize;
1070
        DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1071
                (command & 0xe) == 0xe ? "And Verify " : "",
1072
                r->req.cmd.lba, len);
1073
        if (r->req.cmd.lba > s->max_lba)
1074
            goto illegal_lba;
1075
        r->sector = r->req.cmd.lba * s->cluster_size;
1076
        r->sector_count = len * s->cluster_size;
1077
        is_write = 1;
1078
        break;
1079
    case MODE_SELECT:
1080
        DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1081
        /* We don't support mode parameter changes.
1082
           Allow the mode parameter header + block descriptors only. */
1083
        if (r->req.cmd.xfer > 12) {
1084
            goto fail;
1085
        }
1086
        break;
1087
    case MODE_SELECT_10:
1088
        DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1089
        /* We don't support mode parameter changes.
1090
           Allow the mode parameter header + block descriptors only. */
1091
        if (r->req.cmd.xfer > 16) {
1092
            goto fail;
1093
        }
1094
        break;
1095
    case SEEK_6:
1096
    case SEEK_10:
1097
        DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1098
                r->req.cmd.lba);
1099
        if (r->req.cmd.lba > s->max_lba) {
1100
            goto illegal_lba;
1101
        }
1102
        break;
1103
    case WRITE_SAME_16:
1104
        len = r->req.cmd.xfer / s->qdev.blocksize;
1105

    
1106
        DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1107
                r->req.cmd.lba, len);
1108

    
1109
        if (r->req.cmd.lba > s->max_lba) {
1110
            goto illegal_lba;
1111
        }
1112

    
1113
        /*
1114
         * We only support WRITE SAME with the unmap bit set for now.
1115
         */
1116
        if (!(buf[1] & 0x8)) {
1117
            goto fail;
1118
        }
1119

    
1120
        rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1121
                          len * s->cluster_size);
1122
        if (rc < 0) {
1123
            /* XXX: better error code ?*/
1124
            goto fail;
1125
        }
1126

    
1127
        break;
1128
    default:
1129
        DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1130
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1131
        return 0;
1132
    fail:
1133
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
1134
        return 0;
1135
    illegal_lba:
1136
        scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LBA_OUT_OF_RANGE));
1137
        return 0;
1138
    }
1139
    if (r->sector_count == 0 && r->iov.iov_len == 0) {
1140
        scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
1141
    }
1142
    len = r->sector_count * 512 + r->iov.iov_len;
1143
    if (is_write) {
1144
        len = -len;
1145
    } else {
1146
        if (!r->sector_count)
1147
            r->sector_count = -1;
1148
    }
1149
    return len;
1150
}
1151

    
1152
static void scsi_disk_reset(DeviceState *dev)
1153
{
1154
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1155
    uint64_t nb_sectors;
1156

    
1157
    scsi_device_purge_requests(&s->qdev);
1158

    
1159
    bdrv_get_geometry(s->bs, &nb_sectors);
1160
    nb_sectors /= s->cluster_size;
1161
    if (nb_sectors) {
1162
        nb_sectors--;
1163
    }
1164
    s->max_lba = nb_sectors;
1165
}
1166

    
1167
static void scsi_destroy(SCSIDevice *dev)
1168
{
1169
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1170

    
1171
    scsi_device_purge_requests(&s->qdev);
1172
    blockdev_mark_auto_del(s->qdev.conf.bs);
1173
}
1174

    
1175
static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
1176
{
1177
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1178
    DriveInfo *dinfo;
1179

    
1180
    if (!s->qdev.conf.bs) {
1181
        error_report("scsi-disk: drive property not set");
1182
        return -1;
1183
    }
1184
    s->bs = s->qdev.conf.bs;
1185
    s->drive_kind = kind;
1186

    
1187
    if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
1188
        error_report("Device needs media, but drive is empty");
1189
        return -1;
1190
    }
1191

    
1192
    if (!s->serial) {
1193
        /* try to fall back to value set with legacy -drive serial=... */
1194
        dinfo = drive_get_by_blockdev(s->bs);
1195
        s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1196
    }
1197

    
1198
    if (!s->version) {
1199
        s->version = qemu_strdup(QEMU_VERSION);
1200
    }
1201

    
1202
    if (bdrv_is_sg(s->bs)) {
1203
        error_report("scsi-disk: unwanted /dev/sg*");
1204
        return -1;
1205
    }
1206

    
1207
    if (kind == SCSI_CD) {
1208
        s->qdev.blocksize = 2048;
1209
    } else {
1210
        s->qdev.blocksize = s->qdev.conf.logical_block_size;
1211
    }
1212
    s->cluster_size = s->qdev.blocksize / 512;
1213
    s->bs->buffer_alignment = s->qdev.blocksize;
1214

    
1215
    s->qdev.type = TYPE_DISK;
1216
    qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1217
    bdrv_set_removable(s->bs, kind == SCSI_CD);
1218
    add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1219
    return 0;
1220
}
1221

    
1222
static int scsi_hd_initfn(SCSIDevice *dev)
1223
{
1224
    return scsi_initfn(dev, SCSI_HD);
1225
}
1226

    
1227
static int scsi_cd_initfn(SCSIDevice *dev)
1228
{
1229
    return scsi_initfn(dev, SCSI_CD);
1230
}
1231

    
1232
static int scsi_disk_initfn(SCSIDevice *dev)
1233
{
1234
    SCSIDriveKind kind;
1235
    DriveInfo *dinfo;
1236

    
1237
    if (!dev->conf.bs) {
1238
        kind = SCSI_HD;         /* will die in scsi_initfn() */
1239
    } else {
1240
        dinfo = drive_get_by_blockdev(dev->conf.bs);
1241
        kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
1242
    }
1243

    
1244
    return scsi_initfn(dev, kind);
1245
}
1246

    
1247
#define DEFINE_SCSI_DISK_PROPERTIES()                           \
1248
    DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),          \
1249
    DEFINE_PROP_STRING("ver",  SCSIDiskState, version),         \
1250
    DEFINE_PROP_STRING("serial",  SCSIDiskState, serial)
1251

    
1252
static SCSIDeviceInfo scsi_disk_info[] = {
1253
    {
1254
        .qdev.name    = "scsi-hd",
1255
        .qdev.fw_name = "disk",
1256
        .qdev.desc    = "virtual SCSI disk",
1257
        .qdev.size    = sizeof(SCSIDiskState),
1258
        .qdev.reset   = scsi_disk_reset,
1259
        .init         = scsi_hd_initfn,
1260
        .destroy      = scsi_destroy,
1261
        .alloc_req    = scsi_new_request,
1262
        .free_req     = scsi_free_request,
1263
        .send_command = scsi_send_command,
1264
        .read_data    = scsi_read_data,
1265
        .write_data   = scsi_write_data,
1266
        .cancel_io    = scsi_cancel_io,
1267
        .get_buf      = scsi_get_buf,
1268
        .get_sense    = scsi_get_sense,
1269
        .qdev.props   = (Property[]) {
1270
            DEFINE_SCSI_DISK_PROPERTIES(),
1271
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1272
            DEFINE_PROP_END_OF_LIST(),
1273
        }
1274
    },{
1275
        .qdev.name    = "scsi-cd",
1276
        .qdev.fw_name = "disk",
1277
        .qdev.desc    = "virtual SCSI CD-ROM",
1278
        .qdev.size    = sizeof(SCSIDiskState),
1279
        .qdev.reset   = scsi_disk_reset,
1280
        .init         = scsi_cd_initfn,
1281
        .destroy      = scsi_destroy,
1282
        .alloc_req    = scsi_new_request,
1283
        .free_req     = scsi_free_request,
1284
        .send_command = scsi_send_command,
1285
        .read_data    = scsi_read_data,
1286
        .write_data   = scsi_write_data,
1287
        .cancel_io    = scsi_cancel_io,
1288
        .get_buf      = scsi_get_buf,
1289
        .get_sense    = scsi_get_sense,
1290
        .qdev.props   = (Property[]) {
1291
            DEFINE_SCSI_DISK_PROPERTIES(),
1292
            DEFINE_PROP_END_OF_LIST(),
1293
        },
1294
    },{
1295
        .qdev.name    = "scsi-disk", /* legacy -device scsi-disk */
1296
        .qdev.fw_name = "disk",
1297
        .qdev.desc    = "virtual SCSI disk or CD-ROM (legacy)",
1298
        .qdev.size    = sizeof(SCSIDiskState),
1299
        .qdev.reset   = scsi_disk_reset,
1300
        .init         = scsi_disk_initfn,
1301
        .destroy      = scsi_destroy,
1302
        .alloc_req    = scsi_new_request,
1303
        .free_req     = scsi_free_request,
1304
        .send_command = scsi_send_command,
1305
        .read_data    = scsi_read_data,
1306
        .write_data   = scsi_write_data,
1307
        .cancel_io    = scsi_cancel_io,
1308
        .get_buf      = scsi_get_buf,
1309
        .get_sense    = scsi_get_sense,
1310
        .qdev.props   = (Property[]) {
1311
            DEFINE_SCSI_DISK_PROPERTIES(),
1312
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1313
            DEFINE_PROP_END_OF_LIST(),
1314
        }
1315
    }
1316
};
1317

    
1318
static void scsi_disk_register_devices(void)
1319
{
1320
    int i;
1321

    
1322
    for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1323
        scsi_qdev_register(&scsi_disk_info[i]);
1324
    }
1325
}
1326
device_init(scsi_disk_register_devices)