2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
16 #include <qemu-common.h>
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
24 #define DPRINTF(fmt, ...) do {} while(0)
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
30 #include "qemu-common.h"
32 #include "scsi-disk.h"
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
40 #define STATUS_CHECK_CONDITION 2
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
45 #define SCSI_REQ_STATUS_RETRY 0x01
47 typedef struct SCSIRequest {
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count;
57 BlockDriverAIOCB *aiocb;
58 struct SCSIRequest *next;
62 struct SCSIDeviceState
64 BlockDriverState *bdrv;
65 SCSIRequest *requests;
66 /* The qemu block layer uses a fixed 512 byte sector size.
67 This is the number of 512 byte blocks in a single scsi sector. */
72 /* Completion functions may be called from either scsi_{read,write}_data
73 or from the AIO completion routines. */
74 scsi_completionfn completion;
76 char drive_serial_str[21];
80 /* Global pool of SCSIRequest structures. */
81 static SCSIRequest *free_requests = NULL;
83 static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
89 free_requests = r->next;
91 r = qemu_malloc(sizeof(SCSIRequest));
92 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
101 r->next = s->requests;
106 static void scsi_remove_request(SCSIRequest *r)
109 SCSIDeviceState *s = r->dev;
111 if (s->requests == r) {
112 s->requests = r->next;
115 while (last && last->next != r)
118 last->next = r->next;
120 BADF("Orphaned request\n");
123 r->next = free_requests;
127 static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
132 while (r && r->tag != tag)
138 /* Helper function for command completion. */
139 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
141 SCSIDeviceState *s = r->dev;
143 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
146 scsi_remove_request(r);
147 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
150 /* Cancel a pending data transfer. */
151 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
153 SCSIDeviceState *s = d->state;
155 DPRINTF("Cancel tag=0x%x\n", tag);
156 r = scsi_find_request(s, tag);
159 bdrv_aio_cancel(r->aiocb);
161 scsi_remove_request(r);
165 static void scsi_read_complete(void * opaque, int ret)
167 SCSIRequest *r = (SCSIRequest *)opaque;
168 SCSIDeviceState *s = r->dev;
171 DPRINTF("IO error\n");
172 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
176 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->tag, r->iov.iov_len);
178 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
181 /* Read more data from scsi device into buffer. */
182 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
184 SCSIDeviceState *s = d->state;
188 r = scsi_find_request(s, tag);
190 BADF("Bad read tag 0x%x\n", tag);
191 /* ??? This is the wrong error. */
192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
195 if (r->sector_count == (uint32_t)-1) {
196 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
198 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
211 r->iov.iov_len = n * 512;
212 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
213 r->aiocb = bdrv_aio_readv(s->bdrv, r->sector, &r->qiov, n,
214 scsi_read_complete, r);
215 if (r->aiocb == NULL)
216 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
218 r->sector_count -= n;
221 static int scsi_handle_write_error(SCSIRequest *r, int error)
223 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->bdrv);
225 if (action == BLOCK_ERR_IGNORE)
228 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
229 || action == BLOCK_ERR_STOP_ANY) {
230 r->status |= SCSI_REQ_STATUS_RETRY;
233 scsi_command_complete(r, STATUS_CHECK_CONDITION,
234 SENSE_HARDWARE_ERROR);
240 static void scsi_write_complete(void * opaque, int ret)
242 SCSIRequest *r = (SCSIRequest *)opaque;
243 SCSIDeviceState *s = r->dev;
250 if (scsi_handle_write_error(r, -ret))
254 n = r->iov.iov_len / 512;
256 r->sector_count -= n;
257 if (r->sector_count == 0) {
258 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
260 len = r->sector_count * 512;
261 if (len > SCSI_DMA_BUF_SIZE) {
262 len = SCSI_DMA_BUF_SIZE;
264 r->iov.iov_len = len;
265 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
266 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
270 static void scsi_write_request(SCSIRequest *r)
272 SCSIDeviceState *s = r->dev;
275 n = r->iov.iov_len / 512;
277 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
278 r->aiocb = bdrv_aio_writev(s->bdrv, r->sector, &r->qiov, n,
279 scsi_write_complete, r);
280 if (r->aiocb == NULL)
281 scsi_command_complete(r, STATUS_CHECK_CONDITION,
282 SENSE_HARDWARE_ERROR);
284 /* Invoke completion routine to fetch data from host. */
285 scsi_write_complete(r, 0);
289 /* Write data to a scsi device. Returns nonzero on failure.
290 The transfer may complete asynchronously. */
291 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
293 SCSIDeviceState *s = d->state;
296 DPRINTF("Write data tag=0x%x\n", tag);
297 r = scsi_find_request(s, tag);
299 BADF("Bad write tag 0x%x\n", tag);
300 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
305 BADF("Data transfer already in progress\n");
307 scsi_write_request(r);
312 static void scsi_dma_restart_bh(void *opaque)
314 SCSIDeviceState *s = opaque;
315 SCSIRequest *r = s->requests;
317 qemu_bh_delete(s->bh);
321 if (r->status & SCSI_REQ_STATUS_RETRY) {
322 r->status &= ~SCSI_REQ_STATUS_RETRY;
323 scsi_write_request(r);
329 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
331 SCSIDeviceState *s = opaque;
337 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
338 qemu_bh_schedule(s->bh);
342 /* Return a pointer to the data buffer. */
343 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
345 SCSIDeviceState *s = d->state;
348 r = scsi_find_request(s, tag);
350 BADF("Bad buffer tag 0x%x\n", tag);
353 return (uint8_t *)r->iov.iov_base;
356 /* Execute a scsi command. Returns the length of the data expected by the
357 command. This will be Positive for data transfers from the device
358 (eg. disk reads), negative for transfers to the device (eg. disk writes),
359 and zero if the command does not transfer any data. */
361 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
362 uint8_t *buf, int lun)
364 SCSIDeviceState *s = d->state;
375 r = scsi_find_request(s, tag);
377 BADF("Tag 0x%x already in use\n", tag);
378 scsi_cancel_io(d, tag);
380 /* ??? Tags are not unique for different luns. We only implement a
381 single lun, so this should not matter. */
382 r = scsi_new_request(s, tag);
383 outbuf = (uint8_t *)r->iov.iov_base;
385 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
386 switch (command >> 5) {
388 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
389 (((uint64_t) buf[1] & 0x1f) << 16);
395 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
396 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
397 len = buf[8] | (buf[7] << 8);
401 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
402 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
403 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
404 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
405 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
409 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
410 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
411 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
415 BADF("Unsupported command length, command %x\n", command);
421 for (i = 1; i < cmdlen; i++) {
422 printf(" 0x%02x", buf[i]);
427 if (lun || buf[1] >> 5) {
428 /* Only LUN 0 supported. */
429 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
430 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
435 DPRINTF("Test Unit Ready\n");
436 if (!bdrv_is_inserted(s->bdrv))
440 DPRINTF("Request Sense (len %d)\n", len);
443 memset(outbuf, 0, 4);
445 if (s->sense == SENSE_NOT_READY && len >= 18) {
446 memset(outbuf, 0, 18);
449 /* asc 0x3a, ascq 0: Medium not present */
455 outbuf[2] = s->sense;
458 DPRINTF("Inquiry (len %d)\n", len);
460 /* Command support data - optional, not implemented */
461 BADF("optional INQUIRY command support request not implemented\n");
464 else if (buf[1] & 0x1) {
465 /* Vital product data */
466 uint8_t page_code = buf[2];
468 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
469 "less than 4\n", page_code, len);
476 /* Supported page codes, mandatory */
477 DPRINTF("Inquiry EVPD[Supported pages] "
478 "buffer size %d\n", len);
482 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
483 outbuf[r->iov.iov_len++] = 5;
485 outbuf[r->iov.iov_len++] = 0;
488 outbuf[r->iov.iov_len++] = 0x00; // this page
489 outbuf[r->iov.iov_len++] = 0x00;
490 outbuf[r->iov.iov_len++] = 3; // number of pages
491 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
492 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
493 outbuf[r->iov.iov_len++] = 0x83; // device identification
500 /* Device serial number, optional */
502 BADF("Error: EVPD[Serial number] Inquiry buffer "
503 "size %d too small, %d needed\n", len, 4);
507 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
508 l = MIN(len, strlen(s->drive_serial_str));
512 /* Supported page codes */
513 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
514 outbuf[r->iov.iov_len++] = 5;
516 outbuf[r->iov.iov_len++] = 0;
519 outbuf[r->iov.iov_len++] = 0x80; // this page
520 outbuf[r->iov.iov_len++] = 0x00;
521 outbuf[r->iov.iov_len++] = l;
522 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
529 /* Device identification page, mandatory */
530 int max_len = 255 - 8;
531 int id_len = strlen(bdrv_get_device_name(s->bdrv));
532 if (id_len > max_len)
535 DPRINTF("Inquiry EVPD[Device identification] "
536 "buffer size %d\n", len);
538 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
539 outbuf[r->iov.iov_len++] = 5;
541 outbuf[r->iov.iov_len++] = 0;
544 outbuf[r->iov.iov_len++] = 0x83; // this page
545 outbuf[r->iov.iov_len++] = 0x00;
546 outbuf[r->iov.iov_len++] = 3 + id_len;
548 outbuf[r->iov.iov_len++] = 0x2; // ASCII
549 outbuf[r->iov.iov_len++] = 0; // not officially assigned
550 outbuf[r->iov.iov_len++] = 0; // reserved
551 outbuf[r->iov.iov_len++] = id_len; // length of data following
553 memcpy(&outbuf[r->iov.iov_len],
554 bdrv_get_device_name(s->bdrv), id_len);
555 r->iov.iov_len += id_len;
559 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
560 "buffer size %d\n", page_code, len);
567 /* Standard INQUIRY data */
569 BADF("Error: Inquiry (STANDARD) page or code "
570 "is non-zero [%02X]\n", buf[2]);
576 BADF("Error: Inquiry (STANDARD) buffer size %d "
577 "is less than 5\n", len);
582 BADF("Error: Inquiry (STANDARD) buffer size %d "
583 "is less than 36 (TODO: only 5 required)\n", len);
587 if(len > SCSI_MAX_INQUIRY_LEN)
588 len = SCSI_MAX_INQUIRY_LEN;
590 memset(outbuf, 0, len);
592 if (lun || buf[1] >> 5) {
593 outbuf[0] = 0x7f; /* LUN not supported */
594 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
597 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
600 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
602 memcpy(&outbuf[8], "QEMU ", 8);
603 memcpy(&outbuf[32], QEMU_VERSION, 4);
604 /* Identify device as SCSI-3 rev 1.
605 Some later commands are also implemented. */
607 outbuf[3] = 2; /* Format 2 */
608 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
609 /* Sync data transfer and TCQ. */
610 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
611 r->iov.iov_len = len;
614 DPRINTF("Reserve(6)\n");
619 DPRINTF("Release(6)\n");
629 page = buf[2] & 0x3f;
630 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
633 outbuf[1] = 0; /* Default media type. */
634 outbuf[3] = 0; /* Block descriptor length. */
635 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
636 outbuf[2] = 0x80; /* Readonly. */
640 int cylinders, heads, secs;
642 /* Rigid disk device geometry page. */
645 /* if a geometry hint is available, use it */
646 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
647 p[2] = (cylinders >> 16) & 0xff;
648 p[3] = (cylinders >> 8) & 0xff;
649 p[4] = cylinders & 0xff;
651 /* Write precomp start cylinder, disabled */
652 p[6] = (cylinders >> 16) & 0xff;
653 p[7] = (cylinders >> 8) & 0xff;
654 p[8] = cylinders & 0xff;
655 /* Reduced current start cylinder, disabled */
656 p[9] = (cylinders >> 16) & 0xff;
657 p[10] = (cylinders >> 8) & 0xff;
658 p[11] = cylinders & 0xff;
659 /* Device step rate [ns], 200ns */
662 /* Landing zone cylinder */
666 /* Medium rotation rate [rpm], 5400 rpm */
667 p[20] = (5400 >> 8) & 0xff;
670 } else if (page == 5) {
671 int cylinders, heads, secs;
673 /* Flexible disk device geometry page. */
676 /* Transfer rate [kbit/s], 5Mbit/s */
679 /* if a geometry hint is available, use it */
680 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
683 p[6] = s->cluster_size * 2;
684 p[8] = (cylinders >> 8) & 0xff;
685 p[9] = cylinders & 0xff;
686 /* Write precomp start cylinder, disabled */
687 p[10] = (cylinders >> 8) & 0xff;
688 p[11] = cylinders & 0xff;
689 /* Reduced current start cylinder, disabled */
690 p[12] = (cylinders >> 8) & 0xff;
691 p[13] = cylinders & 0xff;
692 /* Device step rate [100us], 100us */
695 /* Device step pulse width [us], 1us */
697 /* Device head settle delay [100us], 100us */
700 /* Motor on delay [0.1s], 0.1s */
702 /* Motor off delay [0.1s], 0.1s */
704 /* Medium rotation rate [rpm], 5400 rpm */
705 p[28] = (5400 >> 8) & 0xff;
708 } else if ((page == 8 || page == 0x3f)) {
716 if ((page == 0x3f || page == 0x2a)
717 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
718 /* CD Capabilities and Mechanical Status page. */
721 p[2] = 3; // CD-R & CD-RW read
722 p[3] = 0; // Writing not supported
723 p[4] = 0x7f; /* Audio, composite, digital out,
724 mode 2 form 1&2, multi session */
725 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
726 RW corrected, C2 errors, ISRC,
728 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
729 /* Locking supported, jumper present, eject, tray */
730 p[7] = 0; /* no volume & mute control, no
732 p[8] = (50 * 176) >> 8; // 50x read speed
733 p[9] = (50 * 176) & 0xff;
734 p[10] = 0 >> 8; // No volume
736 p[12] = 2048 >> 8; // 2M buffer
738 p[14] = (16 * 176) >> 8; // 16x read speed current
739 p[15] = (16 * 176) & 0xff;
740 p[18] = (16 * 176) >> 8; // 16x write speed
741 p[19] = (16 * 176) & 0xff;
742 p[20] = (16 * 176) >> 8; // 16x write speed current
743 p[21] = (16 * 176) & 0xff;
746 r->iov.iov_len = p - outbuf;
747 outbuf[0] = r->iov.iov_len - 4;
748 if (r->iov.iov_len > len)
749 r->iov.iov_len = len;
753 DPRINTF("Start Stop Unit\n");
754 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM &&
756 /* load/eject medium */
757 bdrv_eject(s->bdrv, !(buf[4] & 1));
760 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
761 bdrv_set_locked(s->bdrv, buf[4] & 1);
764 DPRINTF("Read Capacity\n");
765 /* The normal LEN field for this command is zero. */
766 memset(outbuf, 0, 8);
767 bdrv_get_geometry(s->bdrv, &nb_sectors);
768 nb_sectors /= s->cluster_size;
769 /* Returned value is the address of the last sector. */
772 /* Remember the new size for read/write sanity checking. */
773 s->max_lba = nb_sectors;
774 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
775 if (nb_sectors > UINT32_MAX)
776 nb_sectors = UINT32_MAX;
777 outbuf[0] = (nb_sectors >> 24) & 0xff;
778 outbuf[1] = (nb_sectors >> 16) & 0xff;
779 outbuf[2] = (nb_sectors >> 8) & 0xff;
780 outbuf[3] = nb_sectors & 0xff;
783 outbuf[6] = s->cluster_size * 2;
788 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
795 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
796 if (lba > s->max_lba)
798 r->sector = lba * s->cluster_size;
799 r->sector_count = len * s->cluster_size;
804 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
805 if (lba > s->max_lba)
807 r->sector = lba * s->cluster_size;
808 r->sector_count = len * s->cluster_size;
812 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
817 int start_track, format, msf, toclen;
820 format = buf[2] & 0xf;
821 start_track = buf[6];
822 bdrv_get_geometry(s->bdrv, &nb_sectors);
823 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
824 nb_sectors /= s->cluster_size;
827 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
830 /* multi session : only a single session defined */
832 memset(outbuf, 0, 12);
838 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
846 r->iov.iov_len = len;
850 DPRINTF("Read TOC error\n");
854 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
855 memset(outbuf, 0, 8);
856 /* ??? This should probably return much more information. For now
857 just return the basic header indicating the CD-ROM profile. */
858 outbuf[7] = 8; // CD-ROM
862 DPRINTF("Reserve(10)\n");
867 DPRINTF("Release(10)\n");
872 /* Service Action In subcommands. */
873 if ((buf[1] & 31) == 0x10) {
874 DPRINTF("SAI READ CAPACITY(16)\n");
875 memset(outbuf, 0, len);
876 bdrv_get_geometry(s->bdrv, &nb_sectors);
877 nb_sectors /= s->cluster_size;
878 /* Returned value is the address of the last sector. */
881 /* Remember the new size for read/write sanity checking. */
882 s->max_lba = nb_sectors;
883 outbuf[0] = (nb_sectors >> 56) & 0xff;
884 outbuf[1] = (nb_sectors >> 48) & 0xff;
885 outbuf[2] = (nb_sectors >> 40) & 0xff;
886 outbuf[3] = (nb_sectors >> 32) & 0xff;
887 outbuf[4] = (nb_sectors >> 24) & 0xff;
888 outbuf[5] = (nb_sectors >> 16) & 0xff;
889 outbuf[6] = (nb_sectors >> 8) & 0xff;
890 outbuf[7] = nb_sectors & 0xff;
893 outbuf[10] = s->cluster_size * 2;
895 /* Protection, exponent and lowest lba field left blank. */
896 r->iov.iov_len = len;
898 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
903 DPRINTF("Unsupported Service Action In\n");
906 DPRINTF("Report LUNs (len %d)\n", len);
909 memset(outbuf, 0, 16);
914 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
917 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
919 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
922 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
925 if (r->sector_count == 0 && r->iov.iov_len == 0) {
926 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
928 len = r->sector_count * 512 + r->iov.iov_len;
932 if (!r->sector_count)
933 r->sector_count = -1;
938 static void scsi_destroy(SCSIDevice *d)
944 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
945 scsi_completionfn completion, void *opaque)
951 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
954 s->completion = completion;
956 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
961 bdrv_get_geometry(s->bdrv, &nb_sectors);
962 nb_sectors /= s->cluster_size;
965 s->max_lba = nb_sectors;
966 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
967 sizeof(s->drive_serial_str));
968 if (strlen(s->drive_serial_str) == 0)
969 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
970 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
971 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
973 d->destroy = scsi_destroy;
974 d->send_command = scsi_send_command;
975 d->read_data = scsi_read_data;
976 d->write_data = scsi_write_data;
977 d->cancel_io = scsi_cancel_io;
978 d->get_buf = scsi_get_buf;
projects / qemu / blob