Statistics
| Branch: | Revision:

root / hw / scsi-disk.c @ 78ced65e

History | View | Annotate | Download (37.5 kB)

1
/*
2
 * SCSI Device emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Based on code by Fabrice Bellard
6
 *
7
 * Written by Paul Brook
8
 * Modifications:
9
 *  2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10
 *                                 when the allocation length of CDB is smaller
11
 *                                 than 36.
12
 *  2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13
 *                                 MODE SENSE response.
14
 *
15
 * This code is licenced under the LGPL.
16
 *
17
 * Note that this file only handles the SCSI architecture model and device
18
 * commands.  Emulation of interface/link layer protocols is handled by
19
 * the host adapter emulator.
20
 */
21

    
22
//#define DEBUG_SCSI
23

    
24
#ifdef DEBUG_SCSI
25
#define DPRINTF(fmt, ...) \
26
do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27
#else
28
#define DPRINTF(fmt, ...) do {} while(0)
29
#endif
30

    
31
#define BADF(fmt, ...) \
32
do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33

    
34
#include "qemu-common.h"
35
#include "qemu-error.h"
36
#include "scsi.h"
37
#include "scsi-defs.h"
38
#include "sysemu.h"
39
#include "blockdev.h"
40

    
41
#define SCSI_DMA_BUF_SIZE    131072
42
#define SCSI_MAX_INQUIRY_LEN 256
43

    
44
#define SCSI_REQ_STATUS_RETRY           0x01
45
#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46
#define SCSI_REQ_STATUS_RETRY_READ      0x00
47
#define SCSI_REQ_STATUS_RETRY_WRITE     0x02
48
#define SCSI_REQ_STATUS_RETRY_FLUSH     0x04
49

    
50
typedef struct SCSIDiskState SCSIDiskState;
51

    
52
typedef struct SCSIDiskReq {
53
    SCSIRequest req;
54
    /* ??? We should probably keep track of whether the data transfer is
55
       a read or a write.  Currently we rely on the host getting it right.  */
56
    /* Both sector and sector_count are in terms of qemu 512 byte blocks.  */
57
    uint64_t sector;
58
    uint32_t sector_count;
59
    struct iovec iov;
60
    QEMUIOVector qiov;
61
    uint32_t status;
62
} SCSIDiskReq;
63

    
64
struct SCSIDiskState
65
{
66
    SCSIDevice qdev;
67
    BlockDriverState *bs;
68
    /* The qemu block layer uses a fixed 512 byte sector size.
69
       This is the number of 512 byte blocks in a single scsi sector.  */
70
    int cluster_size;
71
    uint64_t max_lba;
72
    QEMUBH *bh;
73
    char *version;
74
    char *serial;
75
};
76

    
77
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
79

    
80
static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
81
        uint32_t lun)
82
{
83
    SCSIRequest *req;
84
    SCSIDiskReq *r;
85

    
86
    req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
87
    r = DO_UPCAST(SCSIDiskReq, req, req);
88
    r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
89
    return r;
90
}
91

    
92
static void scsi_remove_request(SCSIDiskReq *r)
93
{
94
    qemu_vfree(r->iov.iov_base);
95
    scsi_req_free(&r->req);
96
}
97

    
98
static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
99
{
100
    return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
101
}
102

    
103
static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
104
{
105
    req->status = status;
106
    scsi_dev_set_sense(req->dev, sense_code);
107
}
108

    
109
/* Helper function for command completion.  */
110
static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
111
{
112
    DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
113
            r->req.tag, status, sense);
114
    scsi_req_set_status(&r->req, status, sense);
115
    scsi_req_complete(&r->req);
116
    scsi_remove_request(r);
117
}
118

    
119
/* Cancel a pending data transfer.  */
120
static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
121
{
122
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
123
    SCSIDiskReq *r;
124
    DPRINTF("Cancel tag=0x%x\n", tag);
125
    r = scsi_find_request(s, tag);
126
    if (r) {
127
        if (r->req.aiocb)
128
            bdrv_aio_cancel(r->req.aiocb);
129
        r->req.aiocb = NULL;
130
        scsi_remove_request(r);
131
    }
132
}
133

    
134
static void scsi_read_complete(void * opaque, int ret)
135
{
136
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
137
    int n;
138

    
139
    r->req.aiocb = NULL;
140

    
141
    if (ret) {
142
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
143
            return;
144
        }
145
    }
146

    
147
    DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
148

    
149
    n = r->iov.iov_len / 512;
150
    r->sector += n;
151
    r->sector_count -= n;
152
    r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
153
}
154

    
155

    
156
static void scsi_read_request(SCSIDiskReq *r)
157
{
158
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
159
    uint32_t n;
160

    
161
    if (r->sector_count == (uint32_t)-1) {
162
        DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
163
        r->sector_count = 0;
164
        r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
165
        return;
166
    }
167
    DPRINTF("Read sector_count=%d\n", r->sector_count);
168
    if (r->sector_count == 0) {
169
        scsi_command_complete(r, GOOD, NO_SENSE);
170
        return;
171
    }
172

    
173
    n = r->sector_count;
174
    if (n > SCSI_DMA_BUF_SIZE / 512)
175
        n = SCSI_DMA_BUF_SIZE / 512;
176

    
177
    r->iov.iov_len = n * 512;
178
    qemu_iovec_init_external(&r->qiov, &r->iov, 1);
179
    r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
180
                              scsi_read_complete, r);
181
    if (r->req.aiocb == NULL)
182
        scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
183
}
184

    
185
/* Read more data from scsi device into buffer.  */
186
static void scsi_read_data(SCSIDevice *d, uint32_t tag)
187
{
188
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
189
    SCSIDiskReq *r;
190

    
191
    r = scsi_find_request(s, tag);
192
    if (!r) {
193
        BADF("Bad read tag 0x%x\n", tag);
194
        /* ??? This is the wrong error.  */
195
        scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
196
        return;
197
    }
198

    
199
    /* No data transfer may already be in progress */
200
    assert(r->req.aiocb == NULL);
201

    
202
    scsi_read_request(r);
203
}
204

    
205
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
206
{
207
    int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
208
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
209
    BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
210

    
211
    if (action == BLOCK_ERR_IGNORE) {
212
        bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
213
        return 0;
214
    }
215

    
216
    if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
217
            || action == BLOCK_ERR_STOP_ANY) {
218

    
219
        type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
220
        r->status |= SCSI_REQ_STATUS_RETRY | type;
221

    
222
        bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
223
        vm_stop(0);
224
    } else {
225
        if (type == SCSI_REQ_STATUS_RETRY_READ) {
226
            r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
227
        }
228
        scsi_command_complete(r, CHECK_CONDITION,
229
                HARDWARE_ERROR);
230
        bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
231
    }
232

    
233
    return 1;
234
}
235

    
236
static void scsi_write_complete(void * opaque, int ret)
237
{
238
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
239
    uint32_t len;
240
    uint32_t n;
241

    
242
    r->req.aiocb = NULL;
243

    
244
    if (ret) {
245
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
246
            return;
247
        }
248
    }
249

    
250
    n = r->iov.iov_len / 512;
251
    r->sector += n;
252
    r->sector_count -= n;
253
    if (r->sector_count == 0) {
254
        scsi_command_complete(r, GOOD, NO_SENSE);
255
    } else {
256
        len = r->sector_count * 512;
257
        if (len > SCSI_DMA_BUF_SIZE) {
258
            len = SCSI_DMA_BUF_SIZE;
259
        }
260
        r->iov.iov_len = len;
261
        DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
262
        r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
263
    }
264
}
265

    
266
static void scsi_write_request(SCSIDiskReq *r)
267
{
268
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
269
    uint32_t n;
270

    
271
    n = r->iov.iov_len / 512;
272
    if (n) {
273
        qemu_iovec_init_external(&r->qiov, &r->iov, 1);
274
        r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
275
                                   scsi_write_complete, r);
276
        if (r->req.aiocb == NULL)
277
            scsi_command_complete(r, CHECK_CONDITION,
278
                                  HARDWARE_ERROR);
279
    } else {
280
        /* Invoke completion routine to fetch data from host.  */
281
        scsi_write_complete(r, 0);
282
    }
283
}
284

    
285
/* Write data to a scsi device.  Returns nonzero on failure.
286
   The transfer may complete asynchronously.  */
287
static int scsi_write_data(SCSIDevice *d, uint32_t tag)
288
{
289
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
290
    SCSIDiskReq *r;
291

    
292
    DPRINTF("Write data tag=0x%x\n", tag);
293
    r = scsi_find_request(s, tag);
294
    if (!r) {
295
        BADF("Bad write tag 0x%x\n", tag);
296
        scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
297
        return 1;
298
    }
299

    
300
    /* No data transfer may already be in progress */
301
    assert(r->req.aiocb == NULL);
302

    
303
    scsi_write_request(r);
304

    
305
    return 0;
306
}
307

    
308
static void scsi_dma_restart_bh(void *opaque)
309
{
310
    SCSIDiskState *s = opaque;
311
    SCSIRequest *req;
312
    SCSIDiskReq *r;
313

    
314
    qemu_bh_delete(s->bh);
315
    s->bh = NULL;
316

    
317
    QTAILQ_FOREACH(req, &s->qdev.requests, next) {
318
        r = DO_UPCAST(SCSIDiskReq, req, req);
319
        if (r->status & SCSI_REQ_STATUS_RETRY) {
320
            int status = r->status;
321
            int ret;
322

    
323
            r->status &=
324
                ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
325

    
326
            switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
327
            case SCSI_REQ_STATUS_RETRY_READ:
328
                scsi_read_request(r);
329
                break;
330
            case SCSI_REQ_STATUS_RETRY_WRITE:
331
                scsi_write_request(r);
332
                break;
333
            case SCSI_REQ_STATUS_RETRY_FLUSH:
334
                ret = scsi_disk_emulate_command(r, r->iov.iov_base);
335
                if (ret == 0) {
336
                    scsi_command_complete(r, GOOD, NO_SENSE);
337
                }
338
            }
339
        }
340
    }
341
}
342

    
343
static void scsi_dma_restart_cb(void *opaque, int running, int reason)
344
{
345
    SCSIDiskState *s = opaque;
346

    
347
    if (!running)
348
        return;
349

    
350
    if (!s->bh) {
351
        s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
352
        qemu_bh_schedule(s->bh);
353
    }
354
}
355

    
356
/* Return a pointer to the data buffer.  */
357
static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
358
{
359
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
360
    SCSIDiskReq *r;
361

    
362
    r = scsi_find_request(s, tag);
363
    if (!r) {
364
        BADF("Bad buffer tag 0x%x\n", tag);
365
        return NULL;
366
    }
367
    return (uint8_t *)r->iov.iov_base;
368
}
369

    
370
static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
371
{
372
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
373
    int buflen = 0;
374

    
375
    if (req->cmd.buf[1] & 0x2) {
376
        /* Command support data - optional, not implemented */
377
        BADF("optional INQUIRY command support request not implemented\n");
378
        return -1;
379
    }
380

    
381
    if (req->cmd.buf[1] & 0x1) {
382
        /* Vital product data */
383
        uint8_t page_code = req->cmd.buf[2];
384
        if (req->cmd.xfer < 4) {
385
            BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
386
                 "less than 4\n", page_code, req->cmd.xfer);
387
            return -1;
388
        }
389

    
390
        if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
391
            outbuf[buflen++] = 5;
392
        } else {
393
            outbuf[buflen++] = 0;
394
        }
395
        outbuf[buflen++] = page_code ; // this page
396
        outbuf[buflen++] = 0x00;
397

    
398
        switch (page_code) {
399
        case 0x00: /* Supported page codes, mandatory */
400
            DPRINTF("Inquiry EVPD[Supported pages] "
401
                    "buffer size %zd\n", req->cmd.xfer);
402
            outbuf[buflen++] = 4;    // number of pages
403
            outbuf[buflen++] = 0x00; // list of supported pages (this page)
404
            outbuf[buflen++] = 0x80; // unit serial number
405
            outbuf[buflen++] = 0x83; // device identification
406
            outbuf[buflen++] = 0xb0; // block device characteristics
407
            break;
408

    
409
        case 0x80: /* Device serial number, optional */
410
        {
411
            int l = strlen(s->serial);
412

    
413
            if (l > req->cmd.xfer)
414
                l = req->cmd.xfer;
415
            if (l > 20)
416
                l = 20;
417

    
418
            DPRINTF("Inquiry EVPD[Serial number] "
419
                    "buffer size %zd\n", req->cmd.xfer);
420
            outbuf[buflen++] = l;
421
            memcpy(outbuf+buflen, s->serial, l);
422
            buflen += l;
423
            break;
424
        }
425

    
426
        case 0x83: /* Device identification page, mandatory */
427
        {
428
            int max_len = 255 - 8;
429
            int id_len = strlen(bdrv_get_device_name(s->bs));
430

    
431
            if (id_len > max_len)
432
                id_len = max_len;
433
            DPRINTF("Inquiry EVPD[Device identification] "
434
                    "buffer size %zd\n", req->cmd.xfer);
435

    
436
            outbuf[buflen++] = 3 + id_len;
437
            outbuf[buflen++] = 0x2; // ASCII
438
            outbuf[buflen++] = 0;   // not officially assigned
439
            outbuf[buflen++] = 0;   // reserved
440
            outbuf[buflen++] = id_len; // length of data following
441

    
442
            memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
443
            buflen += id_len;
444
            break;
445
        }
446
        case 0xb0: /* block device characteristics */
447
        {
448
            unsigned int min_io_size =
449
                    s->qdev.conf.min_io_size / s->qdev.blocksize;
450
            unsigned int opt_io_size =
451
                    s->qdev.conf.opt_io_size / s->qdev.blocksize;
452

    
453
            /* required VPD size with unmap support */
454
            outbuf[3] = buflen = 0x3c;
455

    
456
            memset(outbuf + 4, 0, buflen - 4);
457

    
458
            /* optimal transfer length granularity */
459
            outbuf[6] = (min_io_size >> 8) & 0xff;
460
            outbuf[7] = min_io_size & 0xff;
461

    
462
            /* optimal transfer length */
463
            outbuf[12] = (opt_io_size >> 24) & 0xff;
464
            outbuf[13] = (opt_io_size >> 16) & 0xff;
465
            outbuf[14] = (opt_io_size >> 8) & 0xff;
466
            outbuf[15] = opt_io_size & 0xff;
467
            break;
468
        }
469
        default:
470
            BADF("Error: unsupported Inquiry (EVPD[%02X]) "
471
                 "buffer size %zd\n", page_code, req->cmd.xfer);
472
            return -1;
473
        }
474
        /* done with EVPD */
475
        return buflen;
476
    }
477

    
478
    /* Standard INQUIRY data */
479
    if (req->cmd.buf[2] != 0) {
480
        BADF("Error: Inquiry (STANDARD) page or code "
481
             "is non-zero [%02X]\n", req->cmd.buf[2]);
482
        return -1;
483
    }
484

    
485
    /* PAGE CODE == 0 */
486
    if (req->cmd.xfer < 5) {
487
        BADF("Error: Inquiry (STANDARD) buffer size %zd "
488
             "is less than 5\n", req->cmd.xfer);
489
        return -1;
490
    }
491

    
492
    buflen = req->cmd.xfer;
493
    if (buflen > SCSI_MAX_INQUIRY_LEN)
494
        buflen = SCSI_MAX_INQUIRY_LEN;
495

    
496
    memset(outbuf, 0, buflen);
497

    
498
    if (req->lun || req->cmd.buf[1] >> 5) {
499
        outbuf[0] = 0x7f;        /* LUN not supported */
500
        return buflen;
501
    }
502

    
503
    if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
504
        outbuf[0] = 5;
505
        outbuf[1] = 0x80;
506
        memcpy(&outbuf[16], "QEMU CD-ROM     ", 16);
507
    } else {
508
        outbuf[0] = 0;
509
        memcpy(&outbuf[16], "QEMU HARDDISK   ", 16);
510
    }
511
    memcpy(&outbuf[8], "QEMU    ", 8);
512
    memset(&outbuf[32], 0, 4);
513
    memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
514
    /*
515
     * We claim conformance to SPC-3, which is required for guests
516
     * to ask for modern features like READ CAPACITY(16) or the
517
     * block characteristics VPD page by default.  Not all of SPC-3
518
     * is actually implemented, but we're good enough.
519
     */
520
    outbuf[2] = 5;
521
    outbuf[3] = 2; /* Format 2 */
522

    
523
    if (buflen > 36) {
524
        outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
525
    } else {
526
        /* If the allocation length of CDB is too small,
527
               the additional length is not adjusted */
528
        outbuf[4] = 36 - 5;
529
    }
530

    
531
    /* Sync data transfer and TCQ.  */
532
    outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
533
    return buflen;
534
}
535

    
536
static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
537
                           int page_control)
538
{
539
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
540
    BlockDriverState *bdrv = s->bs;
541
    int cylinders, heads, secs;
542

    
543
    /*
544
     * If Changeable Values are requested, a mask denoting those mode parameters
545
     * that are changeable shall be returned. As we currently don't support
546
     * parameter changes via MODE_SELECT all bits are returned set to zero.
547
     * The buffer was already menset to zero by the caller of this function.
548
     */
549
    switch (page) {
550
    case 4: /* Rigid disk device geometry page. */
551
        p[0] = 4;
552
        p[1] = 0x16;
553
        if (page_control == 1) { /* Changeable Values */
554
            return p[1] + 2;
555
        }
556
        /* if a geometry hint is available, use it */
557
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
558
        p[2] = (cylinders >> 16) & 0xff;
559
        p[3] = (cylinders >> 8) & 0xff;
560
        p[4] = cylinders & 0xff;
561
        p[5] = heads & 0xff;
562
        /* Write precomp start cylinder, disabled */
563
        p[6] = (cylinders >> 16) & 0xff;
564
        p[7] = (cylinders >> 8) & 0xff;
565
        p[8] = cylinders & 0xff;
566
        /* Reduced current start cylinder, disabled */
567
        p[9] = (cylinders >> 16) & 0xff;
568
        p[10] = (cylinders >> 8) & 0xff;
569
        p[11] = cylinders & 0xff;
570
        /* Device step rate [ns], 200ns */
571
        p[12] = 0;
572
        p[13] = 200;
573
        /* Landing zone cylinder */
574
        p[14] = 0xff;
575
        p[15] =  0xff;
576
        p[16] = 0xff;
577
        /* Medium rotation rate [rpm], 5400 rpm */
578
        p[20] = (5400 >> 8) & 0xff;
579
        p[21] = 5400 & 0xff;
580
        return p[1] + 2;
581

    
582
    case 5: /* Flexible disk device geometry page. */
583
        p[0] = 5;
584
        p[1] = 0x1e;
585
        if (page_control == 1) { /* Changeable Values */
586
            return p[1] + 2;
587
        }
588
        /* Transfer rate [kbit/s], 5Mbit/s */
589
        p[2] = 5000 >> 8;
590
        p[3] = 5000 & 0xff;
591
        /* if a geometry hint is available, use it */
592
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
593
        p[4] = heads & 0xff;
594
        p[5] = secs & 0xff;
595
        p[6] = s->cluster_size * 2;
596
        p[8] = (cylinders >> 8) & 0xff;
597
        p[9] = cylinders & 0xff;
598
        /* Write precomp start cylinder, disabled */
599
        p[10] = (cylinders >> 8) & 0xff;
600
        p[11] = cylinders & 0xff;
601
        /* Reduced current start cylinder, disabled */
602
        p[12] = (cylinders >> 8) & 0xff;
603
        p[13] = cylinders & 0xff;
604
        /* Device step rate [100us], 100us */
605
        p[14] = 0;
606
        p[15] = 1;
607
        /* Device step pulse width [us], 1us */
608
        p[16] = 1;
609
        /* Device head settle delay [100us], 100us */
610
        p[17] = 0;
611
        p[18] = 1;
612
        /* Motor on delay [0.1s], 0.1s */
613
        p[19] = 1;
614
        /* Motor off delay [0.1s], 0.1s */
615
        p[20] = 1;
616
        /* Medium rotation rate [rpm], 5400 rpm */
617
        p[28] = (5400 >> 8) & 0xff;
618
        p[29] = 5400 & 0xff;
619
        return p[1] + 2;
620

    
621
    case 8: /* Caching page.  */
622
        p[0] = 8;
623
        p[1] = 0x12;
624
        if (page_control == 1) { /* Changeable Values */
625
            return p[1] + 2;
626
        }
627
        if (bdrv_enable_write_cache(s->bs)) {
628
            p[2] = 4; /* WCE */
629
        }
630
        return p[1] + 2;
631

    
632
    case 0x2a: /* CD Capabilities and Mechanical Status page. */
633
        if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
634
            return 0;
635
        p[0] = 0x2a;
636
        p[1] = 0x14;
637
        if (page_control == 1) { /* Changeable Values */
638
            return p[1] + 2;
639
        }
640
        p[2] = 3; // CD-R & CD-RW read
641
        p[3] = 0; // Writing not supported
642
        p[4] = 0x7f; /* Audio, composite, digital out,
643
                        mode 2 form 1&2, multi session */
644
        p[5] = 0xff; /* CD DA, DA accurate, RW supported,
645
                        RW corrected, C2 errors, ISRC,
646
                        UPC, Bar code */
647
        p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
648
        /* Locking supported, jumper present, eject, tray */
649
        p[7] = 0; /* no volume & mute control, no
650
                     changer */
651
        p[8] = (50 * 176) >> 8; // 50x read speed
652
        p[9] = (50 * 176) & 0xff;
653
        p[10] = 0 >> 8; // No volume
654
        p[11] = 0 & 0xff;
655
        p[12] = 2048 >> 8; // 2M buffer
656
        p[13] = 2048 & 0xff;
657
        p[14] = (16 * 176) >> 8; // 16x read speed current
658
        p[15] = (16 * 176) & 0xff;
659
        p[18] = (16 * 176) >> 8; // 16x write speed
660
        p[19] = (16 * 176) & 0xff;
661
        p[20] = (16 * 176) >> 8; // 16x write speed current
662
        p[21] = (16 * 176) & 0xff;
663
        return p[1] + 2;
664

    
665
    default:
666
        return 0;
667
    }
668
}
669

    
670
static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
671
{
672
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
673
    uint64_t nb_sectors;
674
    int page, dbd, buflen, page_control;
675
    uint8_t *p;
676
    uint8_t dev_specific_param;
677

    
678
    dbd = req->cmd.buf[1]  & 0x8;
679
    page = req->cmd.buf[2] & 0x3f;
680
    page_control = (req->cmd.buf[2] & 0xc0) >> 6;
681
    DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
682
        (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
683
    memset(outbuf, 0, req->cmd.xfer);
684
    p = outbuf;
685

    
686
    if (bdrv_is_read_only(s->bs)) {
687
        dev_specific_param = 0x80; /* Readonly.  */
688
    } else {
689
        dev_specific_param = 0x00;
690
    }
691

    
692
    if (req->cmd.buf[0] == MODE_SENSE) {
693
        p[1] = 0; /* Default media type.  */
694
        p[2] = dev_specific_param;
695
        p[3] = 0; /* Block descriptor length.  */
696
        p += 4;
697
    } else { /* MODE_SENSE_10 */
698
        p[2] = 0; /* Default media type.  */
699
        p[3] = dev_specific_param;
700
        p[6] = p[7] = 0; /* Block descriptor length.  */
701
        p += 8;
702
    }
703

    
704
    bdrv_get_geometry(s->bs, &nb_sectors);
705
    if (!dbd && nb_sectors) {
706
        if (req->cmd.buf[0] == MODE_SENSE) {
707
            outbuf[3] = 8; /* Block descriptor length  */
708
        } else { /* MODE_SENSE_10 */
709
            outbuf[7] = 8; /* Block descriptor length  */
710
        }
711
        nb_sectors /= s->cluster_size;
712
        if (nb_sectors > 0xffffff)
713
            nb_sectors = 0;
714
        p[0] = 0; /* media density code */
715
        p[1] = (nb_sectors >> 16) & 0xff;
716
        p[2] = (nb_sectors >> 8) & 0xff;
717
        p[3] = nb_sectors & 0xff;
718
        p[4] = 0; /* reserved */
719
        p[5] = 0; /* bytes 5-7 are the sector size in bytes */
720
        p[6] = s->cluster_size * 2;
721
        p[7] = 0;
722
        p += 8;
723
    }
724

    
725
    if (page_control == 3) { /* Saved Values */
726
        return -1; /* ILLEGAL_REQUEST */
727
    }
728

    
729
    switch (page) {
730
    case 0x04:
731
    case 0x05:
732
    case 0x08:
733
    case 0x2a:
734
        p += mode_sense_page(req, page, p, page_control);
735
        break;
736
    case 0x3f:
737
        p += mode_sense_page(req, 0x08, p, page_control);
738
        p += mode_sense_page(req, 0x2a, p, page_control);
739
        break;
740
    default:
741
        return -1; /* ILLEGAL_REQUEST */
742
    }
743

    
744
    buflen = p - outbuf;
745
    /*
746
     * The mode data length field specifies the length in bytes of the
747
     * following data that is available to be transferred. The mode data
748
     * length does not include itself.
749
     */
750
    if (req->cmd.buf[0] == MODE_SENSE) {
751
        outbuf[0] = buflen - 1;
752
    } else { /* MODE_SENSE_10 */
753
        outbuf[0] = ((buflen - 2) >> 8) & 0xff;
754
        outbuf[1] = (buflen - 2) & 0xff;
755
    }
756
    if (buflen > req->cmd.xfer)
757
        buflen = req->cmd.xfer;
758
    return buflen;
759
}
760

    
761
static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
762
{
763
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
764
    int start_track, format, msf, toclen;
765
    uint64_t nb_sectors;
766

    
767
    msf = req->cmd.buf[1] & 2;
768
    format = req->cmd.buf[2] & 0xf;
769
    start_track = req->cmd.buf[6];
770
    bdrv_get_geometry(s->bs, &nb_sectors);
771
    DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
772
    nb_sectors /= s->cluster_size;
773
    switch (format) {
774
    case 0:
775
        toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
776
        break;
777
    case 1:
778
        /* multi session : only a single session defined */
779
        toclen = 12;
780
        memset(outbuf, 0, 12);
781
        outbuf[1] = 0x0a;
782
        outbuf[2] = 0x01;
783
        outbuf[3] = 0x01;
784
        break;
785
    case 2:
786
        toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
787
        break;
788
    default:
789
        return -1;
790
    }
791
    if (toclen > req->cmd.xfer)
792
        toclen = req->cmd.xfer;
793
    return toclen;
794
}
795

    
796
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
797
{
798
    SCSIRequest *req = &r->req;
799
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
800
    uint64_t nb_sectors;
801
    int buflen = 0;
802
    int ret;
803

    
804
    switch (req->cmd.buf[0]) {
805
    case TEST_UNIT_READY:
806
        if (!bdrv_is_inserted(s->bs))
807
            goto not_ready;
808
        break;
809
    case REQUEST_SENSE:
810
        if (req->cmd.xfer < 4)
811
            goto illegal_request;
812
        memset(outbuf, 0, 4);
813
        buflen = 4;
814
        if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
815
            memset(outbuf, 0, 18);
816
            buflen = 18;
817
            outbuf[7] = 10;
818
            /* asc 0x3a, ascq 0: Medium not present */
819
            outbuf[12] = 0x3a;
820
            outbuf[13] = 0;
821
        }
822
        outbuf[0] = 0xf0;
823
        outbuf[1] = 0;
824
        outbuf[2] = req->dev->sense.key;
825
        scsi_dev_clear_sense(req->dev);
826
        break;
827
    case INQUIRY:
828
        buflen = scsi_disk_emulate_inquiry(req, outbuf);
829
        if (buflen < 0)
830
            goto illegal_request;
831
        break;
832
    case MODE_SENSE:
833
    case MODE_SENSE_10:
834
        buflen = scsi_disk_emulate_mode_sense(req, outbuf);
835
        if (buflen < 0)
836
            goto illegal_request;
837
        break;
838
    case READ_TOC:
839
        buflen = scsi_disk_emulate_read_toc(req, outbuf);
840
        if (buflen < 0)
841
            goto illegal_request;
842
        break;
843
    case RESERVE:
844
        if (req->cmd.buf[1] & 1)
845
            goto illegal_request;
846
        break;
847
    case RESERVE_10:
848
        if (req->cmd.buf[1] & 3)
849
            goto illegal_request;
850
        break;
851
    case RELEASE:
852
        if (req->cmd.buf[1] & 1)
853
            goto illegal_request;
854
        break;
855
    case RELEASE_10:
856
        if (req->cmd.buf[1] & 3)
857
            goto illegal_request;
858
        break;
859
    case START_STOP:
860
        if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
861
            /* load/eject medium */
862
            bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
863
        }
864
        break;
865
    case ALLOW_MEDIUM_REMOVAL:
866
        bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
867
        break;
868
    case READ_CAPACITY:
869
        /* The normal LEN field for this command is zero.  */
870
        memset(outbuf, 0, 8);
871
        bdrv_get_geometry(s->bs, &nb_sectors);
872
        if (!nb_sectors)
873
            goto not_ready;
874
        nb_sectors /= s->cluster_size;
875
        /* Returned value is the address of the last sector.  */
876
        nb_sectors--;
877
        /* Remember the new size for read/write sanity checking. */
878
        s->max_lba = nb_sectors;
879
        /* Clip to 2TB, instead of returning capacity modulo 2TB. */
880
        if (nb_sectors > UINT32_MAX)
881
            nb_sectors = UINT32_MAX;
882
        outbuf[0] = (nb_sectors >> 24) & 0xff;
883
        outbuf[1] = (nb_sectors >> 16) & 0xff;
884
        outbuf[2] = (nb_sectors >> 8) & 0xff;
885
        outbuf[3] = nb_sectors & 0xff;
886
        outbuf[4] = 0;
887
        outbuf[5] = 0;
888
        outbuf[6] = s->cluster_size * 2;
889
        outbuf[7] = 0;
890
        buflen = 8;
891
        break;
892
    case SYNCHRONIZE_CACHE:
893
        ret = bdrv_flush(s->bs);
894
        if (ret < 0) {
895
            if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
896
                return -1;
897
            }
898
        }
899
        break;
900
    case GET_CONFIGURATION:
901
        memset(outbuf, 0, 8);
902
        /* ??? This should probably return much more information.  For now
903
           just return the basic header indicating the CD-ROM profile.  */
904
        outbuf[7] = 8; // CD-ROM
905
        buflen = 8;
906
        break;
907
    case SERVICE_ACTION_IN:
908
        /* Service Action In subcommands. */
909
        if ((req->cmd.buf[1] & 31) == 0x10) {
910
            DPRINTF("SAI READ CAPACITY(16)\n");
911
            memset(outbuf, 0, req->cmd.xfer);
912
            bdrv_get_geometry(s->bs, &nb_sectors);
913
            if (!nb_sectors)
914
                goto not_ready;
915
            nb_sectors /= s->cluster_size;
916
            /* Returned value is the address of the last sector.  */
917
            nb_sectors--;
918
            /* Remember the new size for read/write sanity checking. */
919
            s->max_lba = nb_sectors;
920
            outbuf[0] = (nb_sectors >> 56) & 0xff;
921
            outbuf[1] = (nb_sectors >> 48) & 0xff;
922
            outbuf[2] = (nb_sectors >> 40) & 0xff;
923
            outbuf[3] = (nb_sectors >> 32) & 0xff;
924
            outbuf[4] = (nb_sectors >> 24) & 0xff;
925
            outbuf[5] = (nb_sectors >> 16) & 0xff;
926
            outbuf[6] = (nb_sectors >> 8) & 0xff;
927
            outbuf[7] = nb_sectors & 0xff;
928
            outbuf[8] = 0;
929
            outbuf[9] = 0;
930
            outbuf[10] = s->cluster_size * 2;
931
            outbuf[11] = 0;
932
            outbuf[12] = 0;
933
            outbuf[13] = get_physical_block_exp(&s->qdev.conf);
934
            /* Protection, exponent and lowest lba field left blank. */
935
            buflen = req->cmd.xfer;
936
            break;
937
        }
938
        DPRINTF("Unsupported Service Action In\n");
939
        goto illegal_request;
940
    case REPORT_LUNS:
941
        if (req->cmd.xfer < 16)
942
            goto illegal_request;
943
        memset(outbuf, 0, 16);
944
        outbuf[3] = 8;
945
        buflen = 16;
946
        break;
947
    case VERIFY:
948
        break;
949
    case REZERO_UNIT:
950
        DPRINTF("Rezero Unit\n");
951
        if (!bdrv_is_inserted(s->bs)) {
952
            goto not_ready;
953
        }
954
        break;
955
    default:
956
        goto illegal_request;
957
    }
958
    scsi_req_set_status(req, GOOD, NO_SENSE);
959
    return buflen;
960

    
961
not_ready:
962
    scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
963
    return -1;
964

    
965
illegal_request:
966
    scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
967
    return -1;
968
}
969

    
970
/* Execute a scsi command.  Returns the length of the data expected by the
971
   command.  This will be Positive for data transfers from the device
972
   (eg. disk reads), negative for transfers to the device (eg. disk writes),
973
   and zero if the command does not transfer any data.  */
974

    
975
static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
976
                                 uint8_t *buf, int lun)
977
{
978
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
979
    uint64_t lba;
980
    uint32_t len;
981
    int cmdlen;
982
    int is_write;
983
    uint8_t command;
984
    uint8_t *outbuf;
985
    SCSIDiskReq *r;
986
    int rc;
987

    
988
    command = buf[0];
989
    r = scsi_find_request(s, tag);
990
    if (r) {
991
        BADF("Tag 0x%x already in use\n", tag);
992
        scsi_cancel_io(d, tag);
993
    }
994
    /* ??? Tags are not unique for different luns.  We only implement a
995
       single lun, so this should not matter.  */
996
    r = scsi_new_request(s, tag, lun);
997
    outbuf = (uint8_t *)r->iov.iov_base;
998
    is_write = 0;
999
    DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1000
    switch (command >> 5) {
1001
    case 0:
1002
        lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
1003
              (((uint64_t) buf[1] & 0x1f) << 16);
1004
        len = buf[4];
1005
        cmdlen = 6;
1006
        break;
1007
    case 1:
1008
    case 2:
1009
        lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1010
              ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1011
        len = buf[8] | (buf[7] << 8);
1012
        cmdlen = 10;
1013
        break;
1014
    case 4:
1015
        lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1016
              ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1017
              ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1018
              ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1019
        len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1020
        cmdlen = 16;
1021
        break;
1022
    case 5:
1023
        lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1024
              ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1025
        len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1026
        cmdlen = 12;
1027
        break;
1028
    default:
1029
        BADF("Unsupported command length, command %x\n", command);
1030
        goto fail;
1031
    }
1032
#ifdef DEBUG_SCSI
1033
    {
1034
        int i;
1035
        for (i = 1; i < cmdlen; i++) {
1036
            printf(" 0x%02x", buf[i]);
1037
        }
1038
        printf("\n");
1039
    }
1040
#endif
1041

    
1042
    if (scsi_req_parse(&r->req, buf) != 0) {
1043
        BADF("Unsupported command length, command %x\n", command);
1044
        goto fail;
1045
    }
1046
    assert(r->req.cmd.len == cmdlen);
1047
    assert(r->req.cmd.lba == lba);
1048

    
1049
    if (lun || buf[1] >> 5) {
1050
        /* Only LUN 0 supported.  */
1051
        DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1052
        if (command != REQUEST_SENSE && command != INQUIRY)
1053
            goto fail;
1054
    }
1055
    switch (command) {
1056
    case TEST_UNIT_READY:
1057
    case REQUEST_SENSE:
1058
    case INQUIRY:
1059
    case MODE_SENSE:
1060
    case MODE_SENSE_10:
1061
    case RESERVE:
1062
    case RESERVE_10:
1063
    case RELEASE:
1064
    case RELEASE_10:
1065
    case START_STOP:
1066
    case ALLOW_MEDIUM_REMOVAL:
1067
    case READ_CAPACITY:
1068
    case SYNCHRONIZE_CACHE:
1069
    case READ_TOC:
1070
    case GET_CONFIGURATION:
1071
    case SERVICE_ACTION_IN:
1072
    case REPORT_LUNS:
1073
    case VERIFY:
1074
    case REZERO_UNIT:
1075
        rc = scsi_disk_emulate_command(r, outbuf);
1076
        if (rc < 0) {
1077
            return 0;
1078
        }
1079

    
1080
        r->iov.iov_len = rc;
1081
        break;
1082
    case READ_6:
1083
    case READ_10:
1084
    case READ_12:
1085
    case READ_16:
1086
        DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1087
        if (lba > s->max_lba)
1088
            goto illegal_lba;
1089
        r->sector = lba * s->cluster_size;
1090
        r->sector_count = len * s->cluster_size;
1091
        break;
1092
    case WRITE_6:
1093
    case WRITE_10:
1094
    case WRITE_12:
1095
    case WRITE_16:
1096
    case WRITE_VERIFY:
1097
    case WRITE_VERIFY_12:
1098
    case WRITE_VERIFY_16:
1099
        DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1100
                (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1101
        if (lba > s->max_lba)
1102
            goto illegal_lba;
1103
        r->sector = lba * s->cluster_size;
1104
        r->sector_count = len * s->cluster_size;
1105
        is_write = 1;
1106
        break;
1107
    case MODE_SELECT:
1108
        DPRINTF("Mode Select(6) (len %d)\n", len);
1109
        /* We don't support mode parameter changes.
1110
           Allow the mode parameter header + block descriptors only. */
1111
        if (len > 12) {
1112
            goto fail;
1113
        }
1114
        break;
1115
    case MODE_SELECT_10:
1116
        DPRINTF("Mode Select(10) (len %d)\n", len);
1117
        /* We don't support mode parameter changes.
1118
           Allow the mode parameter header + block descriptors only. */
1119
        if (len > 16) {
1120
            goto fail;
1121
        }
1122
        break;
1123
    case SEEK_6:
1124
    case SEEK_10:
1125
        DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1126
        if (lba > s->max_lba) {
1127
            goto illegal_lba;
1128
        }
1129
        break;
1130
    default:
1131
        DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1132
    fail:
1133
        scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1134
        return 0;
1135
    illegal_lba:
1136
        scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1137
        return 0;
1138
    }
1139
    if (r->sector_count == 0 && r->iov.iov_len == 0) {
1140
        scsi_command_complete(r, GOOD, NO_SENSE);
1141
    }
1142
    len = r->sector_count * 512 + r->iov.iov_len;
1143
    if (is_write) {
1144
        return -len;
1145
    } else {
1146
        if (!r->sector_count)
1147
            r->sector_count = -1;
1148
        return len;
1149
    }
1150
}
1151

    
1152
static void scsi_disk_purge_requests(SCSIDiskState *s)
1153
{
1154
    SCSIDiskReq *r;
1155

    
1156
    while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1157
        r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1158
        if (r->req.aiocb) {
1159
            bdrv_aio_cancel(r->req.aiocb);
1160
        }
1161
        scsi_remove_request(r);
1162
    }
1163
}
1164

    
1165
static void scsi_disk_reset(DeviceState *dev)
1166
{
1167
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1168
    uint64_t nb_sectors;
1169

    
1170
    scsi_disk_purge_requests(s);
1171

    
1172
    bdrv_get_geometry(s->bs, &nb_sectors);
1173
    nb_sectors /= s->cluster_size;
1174
    if (nb_sectors) {
1175
        nb_sectors--;
1176
    }
1177
    s->max_lba = nb_sectors;
1178
}
1179

    
1180
static void scsi_destroy(SCSIDevice *dev)
1181
{
1182
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1183

    
1184
    scsi_disk_purge_requests(s);
1185
    blockdev_mark_auto_del(s->qdev.conf.bs);
1186
}
1187

    
1188
static int scsi_disk_initfn(SCSIDevice *dev)
1189
{
1190
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1191
    int is_cd;
1192
    DriveInfo *dinfo;
1193

    
1194
    if (!s->qdev.conf.bs) {
1195
        error_report("scsi-disk: drive property not set");
1196
        return -1;
1197
    }
1198
    s->bs = s->qdev.conf.bs;
1199
    is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1200

    
1201
    if (!is_cd && !bdrv_is_inserted(s->bs)) {
1202
        error_report("Device needs media, but drive is empty");
1203
        return -1;
1204
    }
1205

    
1206
    if (!s->serial) {
1207
        /* try to fall back to value set with legacy -drive serial=... */
1208
        dinfo = drive_get_by_blockdev(s->bs);
1209
        s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1210
    }
1211

    
1212
    if (!s->version) {
1213
        s->version = qemu_strdup(QEMU_VERSION);
1214
    }
1215

    
1216
    if (bdrv_is_sg(s->bs)) {
1217
        error_report("scsi-disk: unwanted /dev/sg*");
1218
        return -1;
1219
    }
1220

    
1221
    if (is_cd) {
1222
        s->qdev.blocksize = 2048;
1223
    } else {
1224
        s->qdev.blocksize = s->qdev.conf.logical_block_size;
1225
    }
1226
    s->cluster_size = s->qdev.blocksize / 512;
1227
    s->bs->buffer_alignment = s->qdev.blocksize;
1228

    
1229
    s->qdev.type = TYPE_DISK;
1230
    qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1231
    bdrv_set_removable(s->bs, is_cd);
1232
    return 0;
1233
}
1234

    
1235
static SCSIDeviceInfo scsi_disk_info = {
1236
    .qdev.name    = "scsi-disk",
1237
    .qdev.desc    = "virtual scsi disk or cdrom",
1238
    .qdev.size    = sizeof(SCSIDiskState),
1239
    .qdev.reset   = scsi_disk_reset,
1240
    .init         = scsi_disk_initfn,
1241
    .destroy      = scsi_destroy,
1242
    .send_command = scsi_send_command,
1243
    .read_data    = scsi_read_data,
1244
    .write_data   = scsi_write_data,
1245
    .cancel_io    = scsi_cancel_io,
1246
    .get_buf      = scsi_get_buf,
1247
    .qdev.props   = (Property[]) {
1248
        DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1249
        DEFINE_PROP_STRING("ver",  SCSIDiskState, version),
1250
        DEFINE_PROP_STRING("serial",  SCSIDiskState, serial),
1251
        DEFINE_PROP_END_OF_LIST(),
1252
    },
1253
};
1254

    
1255
static void scsi_disk_register_devices(void)
1256
{
1257
    scsi_qdev_register(&scsi_disk_info);
1258
}
1259
device_init(scsi_disk_register_devices)