2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emultion of interface/link layer protocols is handled by
13 * the host adapter emulation.
19 #define DPRINTF(fmt, args...) \
20 do { printf("scsi-disk: " fmt , ##args); } while (0)
22 #define DPRINTF(fmt, args...) do {} while(0)
25 #define BADF(fmt, args...) \
26 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
30 #define SENSE_NO_SENSE 0
31 #define SENSE_NOT_READY 2
32 #define SENSE_HARDWARE_ERROR 4
33 #define SENSE_ILLEGAL_REQUEST 5
35 #define SCSI_DMA_BUF_SIZE 65536
37 typedef struct SCSIRequest {
40 /* ??? We should probably keep track of whether the data trasfer is
41 a read or a write. Currently we rely on the host getting it right. */
42 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
45 /* The amounnt of data in the buffer. */
47 uint8_t dma_buf[SCSI_DMA_BUF_SIZE];
48 BlockDriverAIOCB *aiocb;
49 struct SCSIRequest *next;
54 BlockDriverState *bdrv;
55 SCSIRequest *requests;
56 /* The qemu block layer uses a fixed 512 byte sector size.
57 This is the number of 512 byte blocks in a single scsi sector. */
61 /* Completion functions may be called from either scsi_{read,write}_data
62 or from the AIO completion routines. */
63 scsi_completionfn completion;
67 /* Global pool of SCSIRequest structures. */
68 static SCSIRequest *free_requests = NULL;
70 static SCSIRequest *scsi_new_request(SCSIDevice *s, uint32_t tag)
76 free_requests = r->next;
78 r = qemu_malloc(sizeof(SCSIRequest));
86 r->next = s->requests;
91 static void scsi_remove_request(SCSIRequest *r)
94 SCSIDevice *s = r->dev;
96 if (s->requests == r) {
97 s->requests = r->next;
100 while (last && last->next != r)
103 last->next = r->next;
105 BADF("Orphaned request\n");
108 r->next = free_requests;
112 static SCSIRequest *scsi_find_request(SCSIDevice *s, uint32_t tag)
117 while (r && r->tag != tag)
123 /* Helper function for command completion. */
124 static void scsi_command_complete(SCSIRequest *r, int sense)
126 SCSIDevice *s = r->dev;
128 DPRINTF("Command complete tag=0x%x sense=%d\n", r->tag, sense);
131 scsi_remove_request(r);
132 s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
135 /* Cancel a pending data transfer. */
136 void scsi_cancel_io(SCSIDevice *s, uint32_t tag)
139 DPRINTF("Cancel tag=0x%x\n", tag);
140 r = scsi_find_request(s, tag);
143 bdrv_aio_cancel(r->aiocb);
145 scsi_remove_request(r);
149 static void scsi_read_complete(void * opaque, int ret)
151 SCSIRequest *r = (SCSIRequest *)opaque;
152 SCSIDevice *s = r->dev;
155 DPRINTF("IO error\n");
156 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
159 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
161 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
164 /* Read more data from scsi device into buffer. */
165 void scsi_read_data(SCSIDevice *s, uint32_t tag)
170 r = scsi_find_request(s, tag);
172 BADF("Bad read tag 0x%x\n", tag);
173 /* ??? This is the wrong error. */
174 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
177 if (r->sector_count == (uint32_t)-1) {
178 DPRINTF("Read buf_len=%d\n", r->buf_len);
180 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
183 DPRINTF("Read sector_count=%d\n", r->sector_count);
184 if (r->sector_count == 0) {
185 scsi_command_complete(r, SENSE_NO_SENSE);
190 if (n > SCSI_DMA_BUF_SIZE / 512)
191 n = SCSI_DMA_BUF_SIZE / 512;
193 r->buf_len = n * 512;
194 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
195 scsi_read_complete, r);
196 if (r->aiocb == NULL)
197 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
199 r->sector_count -= n;
202 static void scsi_write_complete(void * opaque, int ret)
204 SCSIRequest *r = (SCSIRequest *)opaque;
205 SCSIDevice *s = r->dev;
209 fprintf(stderr, "scsi-disc: IO write error\n");
214 if (r->sector_count == 0) {
215 scsi_command_complete(r, SENSE_NO_SENSE);
217 len = r->sector_count * 512;
218 if (len > SCSI_DMA_BUF_SIZE) {
219 len = SCSI_DMA_BUF_SIZE;
222 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
223 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
227 /* Write data to a scsi device. Returns nonzero on failure.
228 The transfer may complete asynchronously. */
229 int scsi_write_data(SCSIDevice *s, uint32_t tag)
234 DPRINTF("Write data tag=0x%x\n", tag);
235 r = scsi_find_request(s, tag);
237 BADF("Bad write tag 0x%x\n", tag);
238 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
242 BADF("Data transfer already in progress\n");
243 n = r->buf_len / 512;
245 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
246 scsi_write_complete, r);
247 if (r->aiocb == NULL)
248 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
250 r->sector_count -= n;
252 /* Invoke completion routine to fetch data from host. */
253 scsi_write_complete(r, 0);
259 /* Return a pointer to the data buffer. */
260 uint8_t *scsi_get_buf(SCSIDevice *s, uint32_t tag)
264 r = scsi_find_request(s, tag);
266 BADF("Bad buffer tag 0x%x\n", tag);
272 /* Execute a scsi command. Returns the length of the data expected by the
273 command. This will be Positive for data transfers from the device
274 (eg. disk reads), negative for transfers to the device (eg. disk writes),
275 and zero if the command does not transfer any data. */
277 int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
289 r = scsi_find_request(s, tag);
291 BADF("Tag 0x%x already in use\n", tag);
292 scsi_cancel_io(s, tag);
294 /* ??? Tags are not unique for different luns. We only implement a
295 single lun, so this should not matter. */
296 r = scsi_new_request(s, tag);
299 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
300 switch (command >> 5) {
302 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
308 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
309 len = buf[8] | (buf[7] << 8);
313 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
314 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
318 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
319 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
323 BADF("Unsupported command length, command %x\n", command);
329 for (i = 1; i < cmdlen; i++) {
330 printf(" 0x%02x", buf[i]);
335 if (lun || buf[1] >> 5) {
336 /* Only LUN 0 supported. */
337 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
342 DPRINTF("Test Unit Ready\n");
345 DPRINTF("Request Sense (len %d)\n", len);
348 memset(outbuf, 0, 4);
351 outbuf[2] = s->sense;
355 DPRINTF("Inquiry (len %d)\n", len);
357 BADF("Inquiry buffer too small (%d)\n", len);
359 memset(outbuf, 0, 36);
360 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
363 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
366 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
368 memcpy(&outbuf[8], "QEMU ", 8);
369 memcpy(&outbuf[32], QEMU_VERSION, 4);
370 /* Identify device as SCSI-3 rev 1.
371 Some later commands are also implemented. */
373 outbuf[3] = 2; /* Format 2 */
375 /* Sync data transfer and TCQ. */
376 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
380 DPRINTF("Reserve(6)\n");
385 DPRINTF("Release(6)\n");
395 page = buf[2] & 0x3f;
396 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
399 outbuf[1] = 0; /* Default media type. */
400 outbuf[3] = 0; /* Block descriptor length. */
401 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
402 outbuf[2] = 0x80; /* Readonly. */
405 if ((page == 8 || page == 0x3f)) {
413 if ((page == 0x3f || page == 0x2a)
414 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
415 /* CD Capabilities and Mechanical Status page. */
418 p[2] = 3; // CD-R & CD-RW read
419 p[3] = 0; // Writing not supported
420 p[4] = 0x7f; /* Audio, composite, digital out,
421 mode 2 form 1&2, multi session */
422 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
423 RW corrected, C2 errors, ISRC,
425 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
426 /* Locking supported, jumper present, eject, tray */
427 p[7] = 0; /* no volume & mute control, no
429 p[8] = (50 * 176) >> 8; // 50x read speed
430 p[9] = (50 * 176) & 0xff;
431 p[10] = 0 >> 8; // No volume
433 p[12] = 2048 >> 8; // 2M buffer
435 p[14] = (16 * 176) >> 8; // 16x read speed current
436 p[15] = (16 * 176) & 0xff;
437 p[18] = (16 * 176) >> 8; // 16x write speed
438 p[19] = (16 * 176) & 0xff;
439 p[20] = (16 * 176) >> 8; // 16x write speed current
440 p[21] = (16 * 176) & 0xff;
443 r->buf_len = p - outbuf;
444 outbuf[0] = r->buf_len - 4;
445 if (r->buf_len > len)
450 DPRINTF("Start Stop Unit\n");
453 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
454 bdrv_set_locked(s->bdrv, buf[4] & 1);
457 DPRINTF("Read Capacity\n");
458 /* The normal LEN field for this command is zero. */
459 memset(outbuf, 0, 8);
460 bdrv_get_geometry(s->bdrv, &nb_sectors);
461 /* Returned value is the address of the last sector. */
464 outbuf[0] = (nb_sectors >> 24) & 0xff;
465 outbuf[1] = (nb_sectors >> 16) & 0xff;
466 outbuf[2] = (nb_sectors >> 8) & 0xff;
467 outbuf[3] = nb_sectors & 0xff;
470 outbuf[6] = s->cluster_size * 2;
474 scsi_command_complete(r, SENSE_NOT_READY);
480 DPRINTF("Read (sector %d, count %d)\n", lba, len);
481 r->sector = lba * s->cluster_size;
482 r->sector_count = len * s->cluster_size;
486 DPRINTF("Write (sector %d, count %d)\n", lba, len);
487 r->sector = lba * s->cluster_size;
488 r->sector_count = len * s->cluster_size;
492 DPRINTF("Syncronise cache (sector %d, count %d)\n", lba, len);
497 int start_track, format, msf, toclen;
500 format = buf[2] & 0xf;
501 start_track = buf[6];
502 bdrv_get_geometry(s->bdrv, &nb_sectors);
503 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
506 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
509 /* multi session : only a single session defined */
511 memset(outbuf, 0, 12);
517 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
529 DPRINTF("Read TOC error\n");
533 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
534 memset(outbuf, 0, 8);
535 /* ??? This shoud probably return much more information. For now
536 just return the basic header indicating the CD-ROM profile. */
537 outbuf[7] = 8; // CD-ROM
541 DPRINTF("Reserve(10)\n");
546 DPRINTF("Release(10)\n");
551 DPRINTF("Report LUNs (len %d)\n", len);
554 memset(outbuf, 0, 16);
559 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
561 scsi_command_complete(r, SENSE_ILLEGAL_REQUEST);
564 if (r->sector_count == 0 && r->buf_len == 0) {
565 scsi_command_complete(r, SENSE_NO_SENSE);
567 len = r->sector_count * 512 + r->buf_len;
571 if (!r->sector_count)
572 r->sector_count = -1;
577 void scsi_disk_destroy(SCSIDevice *s)
582 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
584 scsi_completionfn completion,
589 s = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
592 s->completion = completion;
594 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
projects / qemu / blob