Statistics
| Branch: | Revision:

root / hw / scsi-disk.c @ 94d3f98a

History | View | Annotate | Download (39.4 kB)

1
/*
2
 * SCSI Device emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Based on code by Fabrice Bellard
6
 *
7
 * Written by Paul Brook
8
 * Modifications:
9
 *  2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10
 *                                 when the allocation length of CDB is smaller
11
 *                                 than 36.
12
 *  2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13
 *                                 MODE SENSE response.
14
 *
15
 * This code is licenced under the LGPL.
16
 *
17
 * Note that this file only handles the SCSI architecture model and device
18
 * commands.  Emulation of interface/link layer protocols is handled by
19
 * the host adapter emulator.
20
 */
21

    
22
//#define DEBUG_SCSI
23

    
24
#ifdef DEBUG_SCSI
25
#define DPRINTF(fmt, ...) \
26
do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27
#else
28
#define DPRINTF(fmt, ...) do {} while(0)
29
#endif
30

    
31
#define BADF(fmt, ...) \
32
do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33

    
34
#include "qemu-common.h"
35
#include "qemu-error.h"
36
#include "scsi.h"
37
#include "scsi-defs.h"
38
#include "sysemu.h"
39
#include "blockdev.h"
40

    
41
#define SCSI_DMA_BUF_SIZE    131072
42
#define SCSI_MAX_INQUIRY_LEN 256
43

    
44
#define SCSI_REQ_STATUS_RETRY           0x01
45
#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46
#define SCSI_REQ_STATUS_RETRY_READ      0x00
47
#define SCSI_REQ_STATUS_RETRY_WRITE     0x02
48
#define SCSI_REQ_STATUS_RETRY_FLUSH     0x04
49

    
50
typedef struct SCSIDiskState SCSIDiskState;
51

    
52
typedef struct SCSISense {
53
    uint8_t key;
54
} SCSISense;
55

    
56
typedef struct SCSIDiskReq {
57
    SCSIRequest req;
58
    /* ??? We should probably keep track of whether the data transfer is
59
       a read or a write.  Currently we rely on the host getting it right.  */
60
    /* Both sector and sector_count are in terms of qemu 512 byte blocks.  */
61
    uint64_t sector;
62
    uint32_t sector_count;
63
    struct iovec iov;
64
    QEMUIOVector qiov;
65
    uint32_t status;
66
} SCSIDiskReq;
67

    
68
typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
69

    
70
struct SCSIDiskState
71
{
72
    SCSIDevice qdev;
73
    BlockDriverState *bs;
74
    /* The qemu block layer uses a fixed 512 byte sector size.
75
       This is the number of 512 byte blocks in a single scsi sector.  */
76
    int cluster_size;
77
    uint32_t removable;
78
    uint64_t max_lba;
79
    QEMUBH *bh;
80
    char *version;
81
    char *serial;
82
    SCSISense sense;
83
    SCSIDriveKind drive_kind;
84
};
85

    
86
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
87
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
88

    
89
static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
90
        uint32_t lun)
91
{
92
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
93
    SCSIRequest *req;
94
    SCSIDiskReq *r;
95

    
96
    req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
97
    r = DO_UPCAST(SCSIDiskReq, req, req);
98
    r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
99
    return req;
100
}
101

    
102
static void scsi_free_request(SCSIRequest *req)
103
{
104
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105

    
106
    qemu_vfree(r->iov.iov_base);
107
}
108

    
109
static void scsi_disk_clear_sense(SCSIDiskState *s)
110
{
111
    memset(&s->sense, 0, sizeof(s->sense));
112
}
113

    
114
static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
115
{
116
    s->sense.key = key;
117
}
118

    
119
static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
120
{
121
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122

    
123
    r->req.status = status;
124
    scsi_disk_set_sense(s, sense_code);
125
}
126

    
127
/* Helper function for command completion.  */
128
static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
129
{
130
    DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
131
            r->req.tag, status, sense);
132
    scsi_req_set_status(r, status, sense);
133
    scsi_req_complete(&r->req);
134
}
135

    
136
/* Cancel a pending data transfer.  */
137
static void scsi_cancel_io(SCSIRequest *req)
138
{
139
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
140

    
141
    DPRINTF("Cancel tag=0x%x\n", req->tag);
142
    if (r->req.aiocb) {
143
        bdrv_aio_cancel(r->req.aiocb);
144
    }
145
    r->req.aiocb = NULL;
146
}
147

    
148
static void scsi_read_complete(void * opaque, int ret)
149
{
150
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
151
    int n;
152

    
153
    r->req.aiocb = NULL;
154

    
155
    if (ret) {
156
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
157
            return;
158
        }
159
    }
160

    
161
    DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
162

    
163
    n = r->iov.iov_len / 512;
164
    r->sector += n;
165
    r->sector_count -= n;
166
    scsi_req_data(&r->req, r->iov.iov_len);
167
}
168

    
169

    
170
/* Read more data from scsi device into buffer.  */
171
static void scsi_read_data(SCSIRequest *req)
172
{
173
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
174
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175
    uint32_t n;
176

    
177
    if (r->sector_count == (uint32_t)-1) {
178
        DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
179
        r->sector_count = 0;
180
        scsi_req_data(&r->req, r->iov.iov_len);
181
        return;
182
    }
183
    DPRINTF("Read sector_count=%d\n", r->sector_count);
184
    if (r->sector_count == 0) {
185
        scsi_command_complete(r, GOOD, NO_SENSE);
186
        return;
187
    }
188

    
189
    /* No data transfer may already be in progress */
190
    assert(r->req.aiocb == NULL);
191

    
192
    n = r->sector_count;
193
    if (n > SCSI_DMA_BUF_SIZE / 512)
194
        n = SCSI_DMA_BUF_SIZE / 512;
195

    
196
    r->iov.iov_len = n * 512;
197
    qemu_iovec_init_external(&r->qiov, &r->iov, 1);
198
    r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
199
                              scsi_read_complete, r);
200
    if (r->req.aiocb == NULL) {
201
        scsi_read_complete(r, -EIO);
202
    }
203
}
204

    
205
static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
206
{
207
    int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
208
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
209
    BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
210

    
211
    if (action == BLOCK_ERR_IGNORE) {
212
        bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
213
        return 0;
214
    }
215

    
216
    if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
217
            || action == BLOCK_ERR_STOP_ANY) {
218

    
219
        type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
220
        r->status |= SCSI_REQ_STATUS_RETRY | type;
221

    
222
        bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
223
        vm_stop(VMSTOP_DISKFULL);
224
    } else {
225
        if (type == SCSI_REQ_STATUS_RETRY_READ) {
226
            scsi_req_data(&r->req, 0);
227
        }
228
        scsi_command_complete(r, CHECK_CONDITION,
229
                HARDWARE_ERROR);
230
        bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
231
    }
232

    
233
    return 1;
234
}
235

    
236
static void scsi_write_complete(void * opaque, int ret)
237
{
238
    SCSIDiskReq *r = (SCSIDiskReq *)opaque;
239
    uint32_t len;
240
    uint32_t n;
241

    
242
    r->req.aiocb = NULL;
243

    
244
    if (ret) {
245
        if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
246
            return;
247
        }
248
    }
249

    
250
    n = r->iov.iov_len / 512;
251
    r->sector += n;
252
    r->sector_count -= n;
253
    if (r->sector_count == 0) {
254
        scsi_command_complete(r, GOOD, NO_SENSE);
255
    } else {
256
        len = r->sector_count * 512;
257
        if (len > SCSI_DMA_BUF_SIZE) {
258
            len = SCSI_DMA_BUF_SIZE;
259
        }
260
        r->iov.iov_len = len;
261
        DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
262
        scsi_req_data(&r->req, len);
263
    }
264
}
265

    
266
static int scsi_write_data(SCSIRequest *req)
267
{
268
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
269
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270
    uint32_t n;
271

    
272
    /* No data transfer may already be in progress */
273
    assert(r->req.aiocb == NULL);
274

    
275
    n = r->iov.iov_len / 512;
276
    if (n) {
277
        qemu_iovec_init_external(&r->qiov, &r->iov, 1);
278
        r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
279
                                   scsi_write_complete, r);
280
        if (r->req.aiocb == NULL) {
281
            scsi_write_complete(r, -EIO);
282
        }
283
    } else {
284
        /* Invoke completion routine to fetch data from host.  */
285
        scsi_write_complete(r, 0);
286
    }
287

    
288
    return 0;
289
}
290

    
291
static void scsi_dma_restart_bh(void *opaque)
292
{
293
    SCSIDiskState *s = opaque;
294
    SCSIRequest *req;
295
    SCSIDiskReq *r;
296

    
297
    qemu_bh_delete(s->bh);
298
    s->bh = NULL;
299

    
300
    QTAILQ_FOREACH(req, &s->qdev.requests, next) {
301
        r = DO_UPCAST(SCSIDiskReq, req, req);
302
        if (r->status & SCSI_REQ_STATUS_RETRY) {
303
            int status = r->status;
304
            int ret;
305

    
306
            r->status &=
307
                ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
308

    
309
            switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
310
            case SCSI_REQ_STATUS_RETRY_READ:
311
                scsi_read_data(&r->req);
312
                break;
313
            case SCSI_REQ_STATUS_RETRY_WRITE:
314
                scsi_write_data(&r->req);
315
                break;
316
            case SCSI_REQ_STATUS_RETRY_FLUSH:
317
                ret = scsi_disk_emulate_command(r, r->iov.iov_base);
318
                if (ret == 0) {
319
                    scsi_command_complete(r, GOOD, NO_SENSE);
320
                }
321
            }
322
        }
323
    }
324
}
325

    
326
static void scsi_dma_restart_cb(void *opaque, int running, int reason)
327
{
328
    SCSIDiskState *s = opaque;
329

    
330
    if (!running)
331
        return;
332

    
333
    if (!s->bh) {
334
        s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
335
        qemu_bh_schedule(s->bh);
336
    }
337
}
338

    
339
/* Return a pointer to the data buffer.  */
340
static uint8_t *scsi_get_buf(SCSIRequest *req)
341
{
342
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343

    
344
    return (uint8_t *)r->iov.iov_base;
345
}
346

    
347
static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
348
{
349
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
350
    int buflen = 0;
351

    
352
    if (req->cmd.buf[1] & 0x2) {
353
        /* Command support data - optional, not implemented */
354
        BADF("optional INQUIRY command support request not implemented\n");
355
        return -1;
356
    }
357

    
358
    if (req->cmd.buf[1] & 0x1) {
359
        /* Vital product data */
360
        uint8_t page_code = req->cmd.buf[2];
361
        if (req->cmd.xfer < 4) {
362
            BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
363
                 "less than 4\n", page_code, req->cmd.xfer);
364
            return -1;
365
        }
366

    
367
        if (s->drive_kind == SCSI_CD) {
368
            outbuf[buflen++] = 5;
369
        } else {
370
            outbuf[buflen++] = 0;
371
        }
372
        outbuf[buflen++] = page_code ; // this page
373
        outbuf[buflen++] = 0x00;
374

    
375
        switch (page_code) {
376
        case 0x00: /* Supported page codes, mandatory */
377
        {
378
            int pages;
379
            DPRINTF("Inquiry EVPD[Supported pages] "
380
                    "buffer size %zd\n", req->cmd.xfer);
381
            pages = buflen++;
382
            outbuf[buflen++] = 0x00; // list of supported pages (this page)
383
            outbuf[buflen++] = 0x80; // unit serial number
384
            outbuf[buflen++] = 0x83; // device identification
385
            if (s->drive_kind == SCSI_HD) {
386
                outbuf[buflen++] = 0xb0; // block limits
387
                outbuf[buflen++] = 0xb2; // thin provisioning
388
            }
389
            outbuf[pages] = buflen - pages - 1; // number of pages
390
            break;
391
        }
392
        case 0x80: /* Device serial number, optional */
393
        {
394
            int l = strlen(s->serial);
395

    
396
            if (l > req->cmd.xfer)
397
                l = req->cmd.xfer;
398
            if (l > 20)
399
                l = 20;
400

    
401
            DPRINTF("Inquiry EVPD[Serial number] "
402
                    "buffer size %zd\n", req->cmd.xfer);
403
            outbuf[buflen++] = l;
404
            memcpy(outbuf+buflen, s->serial, l);
405
            buflen += l;
406
            break;
407
        }
408

    
409
        case 0x83: /* Device identification page, mandatory */
410
        {
411
            int max_len = 255 - 8;
412
            int id_len = strlen(bdrv_get_device_name(s->bs));
413

    
414
            if (id_len > max_len)
415
                id_len = max_len;
416
            DPRINTF("Inquiry EVPD[Device identification] "
417
                    "buffer size %zd\n", req->cmd.xfer);
418

    
419
            outbuf[buflen++] = 4 + id_len;
420
            outbuf[buflen++] = 0x2; // ASCII
421
            outbuf[buflen++] = 0;   // not officially assigned
422
            outbuf[buflen++] = 0;   // reserved
423
            outbuf[buflen++] = id_len; // length of data following
424

    
425
            memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
426
            buflen += id_len;
427
            break;
428
        }
429
        case 0xb0: /* block limits */
430
        {
431
            unsigned int unmap_sectors =
432
                    s->qdev.conf.discard_granularity / s->qdev.blocksize;
433
            unsigned int min_io_size =
434
                    s->qdev.conf.min_io_size / s->qdev.blocksize;
435
            unsigned int opt_io_size =
436
                    s->qdev.conf.opt_io_size / s->qdev.blocksize;
437

    
438
            if (s->drive_kind == SCSI_CD) {
439
                DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
440
                        page_code);
441
                return -1;
442
            }
443
            /* required VPD size with unmap support */
444
            outbuf[3] = buflen = 0x3c;
445

    
446
            memset(outbuf + 4, 0, buflen - 4);
447

    
448
            /* optimal transfer length granularity */
449
            outbuf[6] = (min_io_size >> 8) & 0xff;
450
            outbuf[7] = min_io_size & 0xff;
451

    
452
            /* optimal transfer length */
453
            outbuf[12] = (opt_io_size >> 24) & 0xff;
454
            outbuf[13] = (opt_io_size >> 16) & 0xff;
455
            outbuf[14] = (opt_io_size >> 8) & 0xff;
456
            outbuf[15] = opt_io_size & 0xff;
457

    
458
            /* optimal unmap granularity */
459
            outbuf[28] = (unmap_sectors >> 24) & 0xff;
460
            outbuf[29] = (unmap_sectors >> 16) & 0xff;
461
            outbuf[30] = (unmap_sectors >> 8) & 0xff;
462
            outbuf[31] = unmap_sectors & 0xff;
463
            break;
464
        }
465
        case 0xb2: /* thin provisioning */
466
        {
467
            outbuf[3] = buflen = 8;
468
            outbuf[4] = 0;
469
            outbuf[5] = 0x40; /* write same with unmap supported */
470
            outbuf[6] = 0;
471
            outbuf[7] = 0;
472
            break;
473
        }
474
        default:
475
            BADF("Error: unsupported Inquiry (EVPD[%02X]) "
476
                 "buffer size %zd\n", page_code, req->cmd.xfer);
477
            return -1;
478
        }
479
        /* done with EVPD */
480
        return buflen;
481
    }
482

    
483
    /* Standard INQUIRY data */
484
    if (req->cmd.buf[2] != 0) {
485
        BADF("Error: Inquiry (STANDARD) page or code "
486
             "is non-zero [%02X]\n", req->cmd.buf[2]);
487
        return -1;
488
    }
489

    
490
    /* PAGE CODE == 0 */
491
    if (req->cmd.xfer < 5) {
492
        BADF("Error: Inquiry (STANDARD) buffer size %zd "
493
             "is less than 5\n", req->cmd.xfer);
494
        return -1;
495
    }
496

    
497
    buflen = req->cmd.xfer;
498
    if (buflen > SCSI_MAX_INQUIRY_LEN)
499
        buflen = SCSI_MAX_INQUIRY_LEN;
500

    
501
    memset(outbuf, 0, buflen);
502

    
503
    if (req->lun || req->cmd.buf[1] >> 5) {
504
        outbuf[0] = 0x7f;        /* LUN not supported */
505
        return buflen;
506
    }
507

    
508
    if (s->drive_kind == SCSI_CD) {
509
        outbuf[0] = 5;
510
        outbuf[1] = 0x80;
511
        memcpy(&outbuf[16], "QEMU CD-ROM     ", 16);
512
    } else {
513
        outbuf[0] = 0;
514
        outbuf[1] = s->removable ? 0x80 : 0;
515
        memcpy(&outbuf[16], "QEMU HARDDISK   ", 16);
516
    }
517
    memcpy(&outbuf[8], "QEMU    ", 8);
518
    memset(&outbuf[32], 0, 4);
519
    memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
520
    /*
521
     * We claim conformance to SPC-3, which is required for guests
522
     * to ask for modern features like READ CAPACITY(16) or the
523
     * block characteristics VPD page by default.  Not all of SPC-3
524
     * is actually implemented, but we're good enough.
525
     */
526
    outbuf[2] = 5;
527
    outbuf[3] = 2; /* Format 2 */
528

    
529
    if (buflen > 36) {
530
        outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
531
    } else {
532
        /* If the allocation length of CDB is too small,
533
               the additional length is not adjusted */
534
        outbuf[4] = 36 - 5;
535
    }
536

    
537
    /* Sync data transfer and TCQ.  */
538
    outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
539
    return buflen;
540
}
541

    
542
static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
543
                           int page_control)
544
{
545
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
546
    BlockDriverState *bdrv = s->bs;
547
    int cylinders, heads, secs;
548

    
549
    /*
550
     * If Changeable Values are requested, a mask denoting those mode parameters
551
     * that are changeable shall be returned. As we currently don't support
552
     * parameter changes via MODE_SELECT all bits are returned set to zero.
553
     * The buffer was already menset to zero by the caller of this function.
554
     */
555
    switch (page) {
556
    case 4: /* Rigid disk device geometry page. */
557
        p[0] = 4;
558
        p[1] = 0x16;
559
        if (page_control == 1) { /* Changeable Values */
560
            return p[1] + 2;
561
        }
562
        /* if a geometry hint is available, use it */
563
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
564
        p[2] = (cylinders >> 16) & 0xff;
565
        p[3] = (cylinders >> 8) & 0xff;
566
        p[4] = cylinders & 0xff;
567
        p[5] = heads & 0xff;
568
        /* Write precomp start cylinder, disabled */
569
        p[6] = (cylinders >> 16) & 0xff;
570
        p[7] = (cylinders >> 8) & 0xff;
571
        p[8] = cylinders & 0xff;
572
        /* Reduced current start cylinder, disabled */
573
        p[9] = (cylinders >> 16) & 0xff;
574
        p[10] = (cylinders >> 8) & 0xff;
575
        p[11] = cylinders & 0xff;
576
        /* Device step rate [ns], 200ns */
577
        p[12] = 0;
578
        p[13] = 200;
579
        /* Landing zone cylinder */
580
        p[14] = 0xff;
581
        p[15] =  0xff;
582
        p[16] = 0xff;
583
        /* Medium rotation rate [rpm], 5400 rpm */
584
        p[20] = (5400 >> 8) & 0xff;
585
        p[21] = 5400 & 0xff;
586
        return p[1] + 2;
587

    
588
    case 5: /* Flexible disk device geometry page. */
589
        p[0] = 5;
590
        p[1] = 0x1e;
591
        if (page_control == 1) { /* Changeable Values */
592
            return p[1] + 2;
593
        }
594
        /* Transfer rate [kbit/s], 5Mbit/s */
595
        p[2] = 5000 >> 8;
596
        p[3] = 5000 & 0xff;
597
        /* if a geometry hint is available, use it */
598
        bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
599
        p[4] = heads & 0xff;
600
        p[5] = secs & 0xff;
601
        p[6] = s->cluster_size * 2;
602
        p[8] = (cylinders >> 8) & 0xff;
603
        p[9] = cylinders & 0xff;
604
        /* Write precomp start cylinder, disabled */
605
        p[10] = (cylinders >> 8) & 0xff;
606
        p[11] = cylinders & 0xff;
607
        /* Reduced current start cylinder, disabled */
608
        p[12] = (cylinders >> 8) & 0xff;
609
        p[13] = cylinders & 0xff;
610
        /* Device step rate [100us], 100us */
611
        p[14] = 0;
612
        p[15] = 1;
613
        /* Device step pulse width [us], 1us */
614
        p[16] = 1;
615
        /* Device head settle delay [100us], 100us */
616
        p[17] = 0;
617
        p[18] = 1;
618
        /* Motor on delay [0.1s], 0.1s */
619
        p[19] = 1;
620
        /* Motor off delay [0.1s], 0.1s */
621
        p[20] = 1;
622
        /* Medium rotation rate [rpm], 5400 rpm */
623
        p[28] = (5400 >> 8) & 0xff;
624
        p[29] = 5400 & 0xff;
625
        return p[1] + 2;
626

    
627
    case 8: /* Caching page.  */
628
        p[0] = 8;
629
        p[1] = 0x12;
630
        if (page_control == 1) { /* Changeable Values */
631
            return p[1] + 2;
632
        }
633
        if (bdrv_enable_write_cache(s->bs)) {
634
            p[2] = 4; /* WCE */
635
        }
636
        return p[1] + 2;
637

    
638
    case 0x2a: /* CD Capabilities and Mechanical Status page. */
639
        if (s->drive_kind != SCSI_CD)
640
            return 0;
641
        p[0] = 0x2a;
642
        p[1] = 0x14;
643
        if (page_control == 1) { /* Changeable Values */
644
            return p[1] + 2;
645
        }
646
        p[2] = 3; // CD-R & CD-RW read
647
        p[3] = 0; // Writing not supported
648
        p[4] = 0x7f; /* Audio, composite, digital out,
649
                        mode 2 form 1&2, multi session */
650
        p[5] = 0xff; /* CD DA, DA accurate, RW supported,
651
                        RW corrected, C2 errors, ISRC,
652
                        UPC, Bar code */
653
        p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
654
        /* Locking supported, jumper present, eject, tray */
655
        p[7] = 0; /* no volume & mute control, no
656
                     changer */
657
        p[8] = (50 * 176) >> 8; // 50x read speed
658
        p[9] = (50 * 176) & 0xff;
659
        p[10] = 0 >> 8; // No volume
660
        p[11] = 0 & 0xff;
661
        p[12] = 2048 >> 8; // 2M buffer
662
        p[13] = 2048 & 0xff;
663
        p[14] = (16 * 176) >> 8; // 16x read speed current
664
        p[15] = (16 * 176) & 0xff;
665
        p[18] = (16 * 176) >> 8; // 16x write speed
666
        p[19] = (16 * 176) & 0xff;
667
        p[20] = (16 * 176) >> 8; // 16x write speed current
668
        p[21] = (16 * 176) & 0xff;
669
        return p[1] + 2;
670

    
671
    default:
672
        return 0;
673
    }
674
}
675

    
676
static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
677
{
678
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
679
    uint64_t nb_sectors;
680
    int page, dbd, buflen, page_control;
681
    uint8_t *p;
682
    uint8_t dev_specific_param;
683

    
684
    dbd = req->cmd.buf[1]  & 0x8;
685
    page = req->cmd.buf[2] & 0x3f;
686
    page_control = (req->cmd.buf[2] & 0xc0) >> 6;
687
    DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
688
        (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
689
    memset(outbuf, 0, req->cmd.xfer);
690
    p = outbuf;
691

    
692
    if (bdrv_is_read_only(s->bs)) {
693
        dev_specific_param = 0x80; /* Readonly.  */
694
    } else {
695
        dev_specific_param = 0x00;
696
    }
697

    
698
    if (req->cmd.buf[0] == MODE_SENSE) {
699
        p[1] = 0; /* Default media type.  */
700
        p[2] = dev_specific_param;
701
        p[3] = 0; /* Block descriptor length.  */
702
        p += 4;
703
    } else { /* MODE_SENSE_10 */
704
        p[2] = 0; /* Default media type.  */
705
        p[3] = dev_specific_param;
706
        p[6] = p[7] = 0; /* Block descriptor length.  */
707
        p += 8;
708
    }
709

    
710
    bdrv_get_geometry(s->bs, &nb_sectors);
711
    if (!dbd && nb_sectors) {
712
        if (req->cmd.buf[0] == MODE_SENSE) {
713
            outbuf[3] = 8; /* Block descriptor length  */
714
        } else { /* MODE_SENSE_10 */
715
            outbuf[7] = 8; /* Block descriptor length  */
716
        }
717
        nb_sectors /= s->cluster_size;
718
        if (nb_sectors > 0xffffff)
719
            nb_sectors = 0;
720
        p[0] = 0; /* media density code */
721
        p[1] = (nb_sectors >> 16) & 0xff;
722
        p[2] = (nb_sectors >> 8) & 0xff;
723
        p[3] = nb_sectors & 0xff;
724
        p[4] = 0; /* reserved */
725
        p[5] = 0; /* bytes 5-7 are the sector size in bytes */
726
        p[6] = s->cluster_size * 2;
727
        p[7] = 0;
728
        p += 8;
729
    }
730

    
731
    if (page_control == 3) { /* Saved Values */
732
        return -1; /* ILLEGAL_REQUEST */
733
    }
734

    
735
    switch (page) {
736
    case 0x04:
737
    case 0x05:
738
    case 0x08:
739
    case 0x2a:
740
        p += mode_sense_page(req, page, p, page_control);
741
        break;
742
    case 0x3f:
743
        p += mode_sense_page(req, 0x08, p, page_control);
744
        p += mode_sense_page(req, 0x2a, p, page_control);
745
        break;
746
    default:
747
        return -1; /* ILLEGAL_REQUEST */
748
    }
749

    
750
    buflen = p - outbuf;
751
    /*
752
     * The mode data length field specifies the length in bytes of the
753
     * following data that is available to be transferred. The mode data
754
     * length does not include itself.
755
     */
756
    if (req->cmd.buf[0] == MODE_SENSE) {
757
        outbuf[0] = buflen - 1;
758
    } else { /* MODE_SENSE_10 */
759
        outbuf[0] = ((buflen - 2) >> 8) & 0xff;
760
        outbuf[1] = (buflen - 2) & 0xff;
761
    }
762
    if (buflen > req->cmd.xfer)
763
        buflen = req->cmd.xfer;
764
    return buflen;
765
}
766

    
767
static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
768
{
769
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
770
    int start_track, format, msf, toclen;
771
    uint64_t nb_sectors;
772

    
773
    msf = req->cmd.buf[1] & 2;
774
    format = req->cmd.buf[2] & 0xf;
775
    start_track = req->cmd.buf[6];
776
    bdrv_get_geometry(s->bs, &nb_sectors);
777
    DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
778
    nb_sectors /= s->cluster_size;
779
    switch (format) {
780
    case 0:
781
        toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
782
        break;
783
    case 1:
784
        /* multi session : only a single session defined */
785
        toclen = 12;
786
        memset(outbuf, 0, 12);
787
        outbuf[1] = 0x0a;
788
        outbuf[2] = 0x01;
789
        outbuf[3] = 0x01;
790
        break;
791
    case 2:
792
        toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
793
        break;
794
    default:
795
        return -1;
796
    }
797
    if (toclen > req->cmd.xfer)
798
        toclen = req->cmd.xfer;
799
    return toclen;
800
}
801

    
802
static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
803
{
804
    SCSIRequest *req = &r->req;
805
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
806
    uint64_t nb_sectors;
807
    int buflen = 0;
808
    int ret;
809

    
810
    switch (req->cmd.buf[0]) {
811
    case TEST_UNIT_READY:
812
        if (!bdrv_is_inserted(s->bs))
813
            goto not_ready;
814
        break;
815
    case REQUEST_SENSE:
816
        if (req->cmd.xfer < 4)
817
            goto illegal_request;
818
        memset(outbuf, 0, 4);
819
        buflen = 4;
820
        if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
821
            memset(outbuf, 0, 18);
822
            buflen = 18;
823
            outbuf[7] = 10;
824
            /* asc 0x3a, ascq 0: Medium not present */
825
            outbuf[12] = 0x3a;
826
            outbuf[13] = 0;
827
        }
828
        outbuf[0] = 0xf0;
829
        outbuf[1] = 0;
830
        outbuf[2] = s->sense.key;
831
        scsi_disk_clear_sense(s);
832
        break;
833
    case INQUIRY:
834
        buflen = scsi_disk_emulate_inquiry(req, outbuf);
835
        if (buflen < 0)
836
            goto illegal_request;
837
        break;
838
    case MODE_SENSE:
839
    case MODE_SENSE_10:
840
        buflen = scsi_disk_emulate_mode_sense(req, outbuf);
841
        if (buflen < 0)
842
            goto illegal_request;
843
        break;
844
    case READ_TOC:
845
        buflen = scsi_disk_emulate_read_toc(req, outbuf);
846
        if (buflen < 0)
847
            goto illegal_request;
848
        break;
849
    case RESERVE:
850
        if (req->cmd.buf[1] & 1)
851
            goto illegal_request;
852
        break;
853
    case RESERVE_10:
854
        if (req->cmd.buf[1] & 3)
855
            goto illegal_request;
856
        break;
857
    case RELEASE:
858
        if (req->cmd.buf[1] & 1)
859
            goto illegal_request;
860
        break;
861
    case RELEASE_10:
862
        if (req->cmd.buf[1] & 3)
863
            goto illegal_request;
864
        break;
865
    case START_STOP:
866
        if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
867
            /* load/eject medium */
868
            bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
869
        }
870
        break;
871
    case ALLOW_MEDIUM_REMOVAL:
872
        bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
873
        break;
874
    case READ_CAPACITY:
875
        /* The normal LEN field for this command is zero.  */
876
        memset(outbuf, 0, 8);
877
        bdrv_get_geometry(s->bs, &nb_sectors);
878
        if (!nb_sectors)
879
            goto not_ready;
880
        nb_sectors /= s->cluster_size;
881
        /* Returned value is the address of the last sector.  */
882
        nb_sectors--;
883
        /* Remember the new size for read/write sanity checking. */
884
        s->max_lba = nb_sectors;
885
        /* Clip to 2TB, instead of returning capacity modulo 2TB. */
886
        if (nb_sectors > UINT32_MAX)
887
            nb_sectors = UINT32_MAX;
888
        outbuf[0] = (nb_sectors >> 24) & 0xff;
889
        outbuf[1] = (nb_sectors >> 16) & 0xff;
890
        outbuf[2] = (nb_sectors >> 8) & 0xff;
891
        outbuf[3] = nb_sectors & 0xff;
892
        outbuf[4] = 0;
893
        outbuf[5] = 0;
894
        outbuf[6] = s->cluster_size * 2;
895
        outbuf[7] = 0;
896
        buflen = 8;
897
        break;
898
    case SYNCHRONIZE_CACHE:
899
        ret = bdrv_flush(s->bs);
900
        if (ret < 0) {
901
            if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
902
                return -1;
903
            }
904
        }
905
        break;
906
    case GET_CONFIGURATION:
907
        memset(outbuf, 0, 8);
908
        /* ??? This should probably return much more information.  For now
909
           just return the basic header indicating the CD-ROM profile.  */
910
        outbuf[7] = 8; // CD-ROM
911
        buflen = 8;
912
        break;
913
    case SERVICE_ACTION_IN:
914
        /* Service Action In subcommands. */
915
        if ((req->cmd.buf[1] & 31) == 0x10) {
916
            DPRINTF("SAI READ CAPACITY(16)\n");
917
            memset(outbuf, 0, req->cmd.xfer);
918
            bdrv_get_geometry(s->bs, &nb_sectors);
919
            if (!nb_sectors)
920
                goto not_ready;
921
            nb_sectors /= s->cluster_size;
922
            /* Returned value is the address of the last sector.  */
923
            nb_sectors--;
924
            /* Remember the new size for read/write sanity checking. */
925
            s->max_lba = nb_sectors;
926
            outbuf[0] = (nb_sectors >> 56) & 0xff;
927
            outbuf[1] = (nb_sectors >> 48) & 0xff;
928
            outbuf[2] = (nb_sectors >> 40) & 0xff;
929
            outbuf[3] = (nb_sectors >> 32) & 0xff;
930
            outbuf[4] = (nb_sectors >> 24) & 0xff;
931
            outbuf[5] = (nb_sectors >> 16) & 0xff;
932
            outbuf[6] = (nb_sectors >> 8) & 0xff;
933
            outbuf[7] = nb_sectors & 0xff;
934
            outbuf[8] = 0;
935
            outbuf[9] = 0;
936
            outbuf[10] = s->cluster_size * 2;
937
            outbuf[11] = 0;
938
            outbuf[12] = 0;
939
            outbuf[13] = get_physical_block_exp(&s->qdev.conf);
940

    
941
            /* set TPE bit if the format supports discard */
942
            if (s->qdev.conf.discard_granularity) {
943
                outbuf[14] = 0x80;
944
            }
945

    
946
            /* Protection, exponent and lowest lba field left blank. */
947
            buflen = req->cmd.xfer;
948
            break;
949
        }
950
        DPRINTF("Unsupported Service Action In\n");
951
        goto illegal_request;
952
    case REPORT_LUNS:
953
        if (req->cmd.xfer < 16)
954
            goto illegal_request;
955
        memset(outbuf, 0, 16);
956
        outbuf[3] = 8;
957
        buflen = 16;
958
        break;
959
    case VERIFY:
960
        break;
961
    case REZERO_UNIT:
962
        DPRINTF("Rezero Unit\n");
963
        if (!bdrv_is_inserted(s->bs)) {
964
            goto not_ready;
965
        }
966
        break;
967
    default:
968
        goto illegal_request;
969
    }
970
    scsi_req_set_status(r, GOOD, NO_SENSE);
971
    return buflen;
972

    
973
not_ready:
974
    scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
975
    return -1;
976

    
977
illegal_request:
978
    scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
979
    return -1;
980
}
981

    
982
/* Execute a scsi command.  Returns the length of the data expected by the
983
   command.  This will be Positive for data transfers from the device
984
   (eg. disk reads), negative for transfers to the device (eg. disk writes),
985
   and zero if the command does not transfer any data.  */
986

    
987
static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
988
{
989
    SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
990
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
991
    int32_t len;
992
    int is_write;
993
    uint8_t command;
994
    uint8_t *outbuf;
995
    int rc;
996

    
997
    scsi_req_enqueue(req);
998
    command = buf[0];
999
    outbuf = (uint8_t *)r->iov.iov_base;
1000
    is_write = 0;
1001
    DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1002

    
1003
    if (scsi_req_parse(&r->req, buf) != 0) {
1004
        BADF("Unsupported command length, command %x\n", command);
1005
        goto fail;
1006
    }
1007
#ifdef DEBUG_SCSI
1008
    {
1009
        int i;
1010
        for (i = 1; i < r->req.cmd.len; i++) {
1011
            printf(" 0x%02x", buf[i]);
1012
        }
1013
        printf("\n");
1014
    }
1015
#endif
1016

    
1017
    if (req->lun || buf[1] >> 5) {
1018
        /* Only LUN 0 supported.  */
1019
        DPRINTF("Unimplemented LUN %d\n", req->lun ? req->lun : buf[1] >> 5);
1020
        if (command != REQUEST_SENSE && command != INQUIRY)
1021
            goto fail;
1022
    }
1023
    switch (command) {
1024
    case TEST_UNIT_READY:
1025
    case REQUEST_SENSE:
1026
    case INQUIRY:
1027
    case MODE_SENSE:
1028
    case MODE_SENSE_10:
1029
    case RESERVE:
1030
    case RESERVE_10:
1031
    case RELEASE:
1032
    case RELEASE_10:
1033
    case START_STOP:
1034
    case ALLOW_MEDIUM_REMOVAL:
1035
    case READ_CAPACITY:
1036
    case SYNCHRONIZE_CACHE:
1037
    case READ_TOC:
1038
    case GET_CONFIGURATION:
1039
    case SERVICE_ACTION_IN:
1040
    case REPORT_LUNS:
1041
    case VERIFY:
1042
    case REZERO_UNIT:
1043
        rc = scsi_disk_emulate_command(r, outbuf);
1044
        if (rc < 0) {
1045
            return 0;
1046
        }
1047

    
1048
        r->iov.iov_len = rc;
1049
        break;
1050
    case READ_6:
1051
    case READ_10:
1052
    case READ_12:
1053
    case READ_16:
1054
        len = r->req.cmd.xfer / s->qdev.blocksize;
1055
        DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1056
        if (r->req.cmd.lba > s->max_lba)
1057
            goto illegal_lba;
1058
        r->sector = r->req.cmd.lba * s->cluster_size;
1059
        r->sector_count = len * s->cluster_size;
1060
        break;
1061
    case WRITE_6:
1062
    case WRITE_10:
1063
    case WRITE_12:
1064
    case WRITE_16:
1065
    case WRITE_VERIFY:
1066
    case WRITE_VERIFY_12:
1067
    case WRITE_VERIFY_16:
1068
        len = r->req.cmd.xfer / s->qdev.blocksize;
1069
        DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1070
                (command & 0xe) == 0xe ? "And Verify " : "",
1071
                r->req.cmd.lba, len);
1072
        if (r->req.cmd.lba > s->max_lba)
1073
            goto illegal_lba;
1074
        r->sector = r->req.cmd.lba * s->cluster_size;
1075
        r->sector_count = len * s->cluster_size;
1076
        is_write = 1;
1077
        break;
1078
    case MODE_SELECT:
1079
        DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1080
        /* We don't support mode parameter changes.
1081
           Allow the mode parameter header + block descriptors only. */
1082
        if (r->req.cmd.xfer > 12) {
1083
            goto fail;
1084
        }
1085
        break;
1086
    case MODE_SELECT_10:
1087
        DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1088
        /* We don't support mode parameter changes.
1089
           Allow the mode parameter header + block descriptors only. */
1090
        if (r->req.cmd.xfer > 16) {
1091
            goto fail;
1092
        }
1093
        break;
1094
    case SEEK_6:
1095
    case SEEK_10:
1096
        DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1097
                r->req.cmd.lba);
1098
        if (r->req.cmd.lba > s->max_lba) {
1099
            goto illegal_lba;
1100
        }
1101
        break;
1102
    case WRITE_SAME_16:
1103
        len = r->req.cmd.xfer / s->qdev.blocksize;
1104

    
1105
        DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1106
                r->req.cmd.lba, len);
1107

    
1108
        if (r->req.cmd.lba > s->max_lba) {
1109
            goto illegal_lba;
1110
        }
1111

    
1112
        /*
1113
         * We only support WRITE SAME with the unmap bit set for now.
1114
         */
1115
        if (!(buf[1] & 0x8)) {
1116
            goto fail;
1117
        }
1118

    
1119
        rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1120
                          len * s->cluster_size);
1121
        if (rc < 0) {
1122
            /* XXX: better error code ?*/
1123
            goto fail;
1124
        }
1125

    
1126
        break;
1127
    default:
1128
        DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1129
    fail:
1130
        scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1131
        return 0;
1132
    illegal_lba:
1133
        scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1134
        return 0;
1135
    }
1136
    if (r->sector_count == 0 && r->iov.iov_len == 0) {
1137
        scsi_command_complete(r, GOOD, NO_SENSE);
1138
    }
1139
    len = r->sector_count * 512 + r->iov.iov_len;
1140
    if (is_write) {
1141
        len = -len;
1142
    } else {
1143
        if (!r->sector_count)
1144
            r->sector_count = -1;
1145
    }
1146
    return len;
1147
}
1148

    
1149
static void scsi_disk_reset(DeviceState *dev)
1150
{
1151
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1152
    uint64_t nb_sectors;
1153

    
1154
    scsi_device_purge_requests(&s->qdev);
1155

    
1156
    bdrv_get_geometry(s->bs, &nb_sectors);
1157
    nb_sectors /= s->cluster_size;
1158
    if (nb_sectors) {
1159
        nb_sectors--;
1160
    }
1161
    s->max_lba = nb_sectors;
1162
}
1163

    
1164
static void scsi_destroy(SCSIDevice *dev)
1165
{
1166
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1167

    
1168
    scsi_device_purge_requests(&s->qdev);
1169
    blockdev_mark_auto_del(s->qdev.conf.bs);
1170
}
1171

    
1172
static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
1173
{
1174
    SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1175
    DriveInfo *dinfo;
1176

    
1177
    if (!s->qdev.conf.bs) {
1178
        error_report("scsi-disk: drive property not set");
1179
        return -1;
1180
    }
1181
    s->bs = s->qdev.conf.bs;
1182
    s->drive_kind = kind;
1183

    
1184
    if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
1185
        error_report("Device needs media, but drive is empty");
1186
        return -1;
1187
    }
1188

    
1189
    if (!s->serial) {
1190
        /* try to fall back to value set with legacy -drive serial=... */
1191
        dinfo = drive_get_by_blockdev(s->bs);
1192
        s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1193
    }
1194

    
1195
    if (!s->version) {
1196
        s->version = qemu_strdup(QEMU_VERSION);
1197
    }
1198

    
1199
    if (bdrv_is_sg(s->bs)) {
1200
        error_report("scsi-disk: unwanted /dev/sg*");
1201
        return -1;
1202
    }
1203

    
1204
    if (kind == SCSI_CD) {
1205
        s->qdev.blocksize = 2048;
1206
    } else {
1207
        s->qdev.blocksize = s->qdev.conf.logical_block_size;
1208
    }
1209
    s->cluster_size = s->qdev.blocksize / 512;
1210
    s->bs->buffer_alignment = s->qdev.blocksize;
1211

    
1212
    s->qdev.type = TYPE_DISK;
1213
    qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1214
    bdrv_set_removable(s->bs, kind == SCSI_CD);
1215
    add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1216
    return 0;
1217
}
1218

    
1219
static int scsi_hd_initfn(SCSIDevice *dev)
1220
{
1221
    return scsi_initfn(dev, SCSI_HD);
1222
}
1223

    
1224
static int scsi_cd_initfn(SCSIDevice *dev)
1225
{
1226
    return scsi_initfn(dev, SCSI_CD);
1227
}
1228

    
1229
static int scsi_disk_initfn(SCSIDevice *dev)
1230
{
1231
    SCSIDriveKind kind;
1232
    DriveInfo *dinfo;
1233

    
1234
    if (!dev->conf.bs) {
1235
        kind = SCSI_HD;         /* will die in scsi_initfn() */
1236
    } else {
1237
        dinfo = drive_get_by_blockdev(dev->conf.bs);
1238
        kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
1239
    }
1240

    
1241
    return scsi_initfn(dev, kind);
1242
}
1243

    
1244
#define DEFINE_SCSI_DISK_PROPERTIES()                           \
1245
    DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),          \
1246
    DEFINE_PROP_STRING("ver",  SCSIDiskState, version),         \
1247
    DEFINE_PROP_STRING("serial",  SCSIDiskState, serial)
1248

    
1249
static SCSIDeviceInfo scsi_disk_info[] = {
1250
    {
1251
        .qdev.name    = "scsi-hd",
1252
        .qdev.fw_name = "disk",
1253
        .qdev.desc    = "virtual SCSI disk",
1254
        .qdev.size    = sizeof(SCSIDiskState),
1255
        .qdev.reset   = scsi_disk_reset,
1256
        .init         = scsi_hd_initfn,
1257
        .destroy      = scsi_destroy,
1258
        .alloc_req    = scsi_new_request,
1259
        .free_req     = scsi_free_request,
1260
        .send_command = scsi_send_command,
1261
        .read_data    = scsi_read_data,
1262
        .write_data   = scsi_write_data,
1263
        .cancel_io    = scsi_cancel_io,
1264
        .get_buf      = scsi_get_buf,
1265
        .qdev.props   = (Property[]) {
1266
            DEFINE_SCSI_DISK_PROPERTIES(),
1267
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1268
            DEFINE_PROP_END_OF_LIST(),
1269
        }
1270
    },{
1271
        .qdev.name    = "scsi-cd",
1272
        .qdev.fw_name = "disk",
1273
        .qdev.desc    = "virtual SCSI CD-ROM",
1274
        .qdev.size    = sizeof(SCSIDiskState),
1275
        .qdev.reset   = scsi_disk_reset,
1276
        .init         = scsi_cd_initfn,
1277
        .destroy      = scsi_destroy,
1278
        .alloc_req    = scsi_new_request,
1279
        .free_req     = scsi_free_request,
1280
        .send_command = scsi_send_command,
1281
        .read_data    = scsi_read_data,
1282
        .write_data   = scsi_write_data,
1283
        .cancel_io    = scsi_cancel_io,
1284
        .get_buf      = scsi_get_buf,
1285
        .qdev.props   = (Property[]) {
1286
            DEFINE_SCSI_DISK_PROPERTIES(),
1287
            DEFINE_PROP_END_OF_LIST(),
1288
        },
1289
    },{
1290
        .qdev.name    = "scsi-disk", /* legacy -device scsi-disk */
1291
        .qdev.fw_name = "disk",
1292
        .qdev.desc    = "virtual SCSI disk or CD-ROM (legacy)",
1293
        .qdev.size    = sizeof(SCSIDiskState),
1294
        .qdev.reset   = scsi_disk_reset,
1295
        .init         = scsi_disk_initfn,
1296
        .destroy      = scsi_destroy,
1297
        .alloc_req    = scsi_new_request,
1298
        .free_req     = scsi_free_request,
1299
        .send_command = scsi_send_command,
1300
        .read_data    = scsi_read_data,
1301
        .write_data   = scsi_write_data,
1302
        .cancel_io    = scsi_cancel_io,
1303
        .get_buf      = scsi_get_buf,
1304
        .qdev.props   = (Property[]) {
1305
            DEFINE_SCSI_DISK_PROPERTIES(),
1306
            DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1307
            DEFINE_PROP_END_OF_LIST(),
1308
        }
1309
    }
1310
};
1311

    
1312
static void scsi_disk_register_devices(void)
1313
{
1314
    int i;
1315

    
1316
    for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1317
        scsi_qdev_register(&scsi_disk_info[i]);
1318
    }
1319
}
1320
device_init(scsi_disk_register_devices)