2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
16 #include <qemu-common.h>
21 #define DPRINTF(fmt, args...) \
22 do { printf("scsi-disk: " fmt , ##args); } while (0)
24 #define DPRINTF(fmt, args...) do {} while(0)
27 #define BADF(fmt, args...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
30 #include "qemu-common.h"
32 #include "scsi-disk.h"
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
40 #define STATUS_CHECK_CONDITION 2
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
45 typedef struct SCSIRequest {
48 /* ??? We should probably keep track of whether the data trasfer is
49 a read or a write. Currently we rely on the host getting it right. */
50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 /* The amounnt of data in the buffer. */
56 BlockDriverAIOCB *aiocb;
57 struct SCSIRequest *next;
60 struct SCSIDeviceState
62 BlockDriverState *bdrv;
63 SCSIRequest *requests;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
69 /* Completion functions may be called from either scsi_{read,write}_data
70 or from the AIO completion routines. */
71 scsi_completionfn completion;
73 char drive_serial_str[21];
76 /* Global pool of SCSIRequest structures. */
77 static SCSIRequest *free_requests = NULL;
79 static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
85 free_requests = r->next;
87 r = qemu_malloc(sizeof(SCSIRequest));
88 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
96 r->next = s->requests;
101 static void scsi_remove_request(SCSIRequest *r)
104 SCSIDeviceState *s = r->dev;
106 if (s->requests == r) {
107 s->requests = r->next;
110 while (last && last->next != r)
113 last->next = r->next;
115 BADF("Orphaned request\n");
118 r->next = free_requests;
122 static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
127 while (r && r->tag != tag)
133 /* Helper function for command completion. */
134 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
136 SCSIDeviceState *s = r->dev;
138 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
141 scsi_remove_request(r);
142 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
145 /* Cancel a pending data transfer. */
146 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
148 SCSIDeviceState *s = d->state;
150 DPRINTF("Cancel tag=0x%x\n", tag);
151 r = scsi_find_request(s, tag);
154 bdrv_aio_cancel(r->aiocb);
156 scsi_remove_request(r);
160 static void scsi_read_complete(void * opaque, int ret)
162 SCSIRequest *r = (SCSIRequest *)opaque;
163 SCSIDeviceState *s = r->dev;
166 DPRINTF("IO error\n");
167 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
168 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
171 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
173 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
176 /* Read more data from scsi device into buffer. */
177 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
179 SCSIDeviceState *s = d->state;
183 r = scsi_find_request(s, tag);
185 BADF("Bad read tag 0x%x\n", tag);
186 /* ??? This is the wrong error. */
187 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
190 if (r->sector_count == (uint32_t)-1) {
191 DPRINTF("Read buf_len=%d\n", r->buf_len);
193 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
196 DPRINTF("Read sector_count=%d\n", r->sector_count);
197 if (r->sector_count == 0) {
198 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
203 if (n > SCSI_DMA_BUF_SIZE / 512)
204 n = SCSI_DMA_BUF_SIZE / 512;
206 r->buf_len = n * 512;
207 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
208 scsi_read_complete, r);
209 if (r->aiocb == NULL)
210 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
212 r->sector_count -= n;
215 static void scsi_write_complete(void * opaque, int ret)
217 SCSIRequest *r = (SCSIRequest *)opaque;
218 SCSIDeviceState *s = r->dev;
222 fprintf(stderr, "scsi-disc: IO write error\n");
227 if (r->sector_count == 0) {
228 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
230 len = r->sector_count * 512;
231 if (len > SCSI_DMA_BUF_SIZE) {
232 len = SCSI_DMA_BUF_SIZE;
235 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
236 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
240 /* Write data to a scsi device. Returns nonzero on failure.
241 The transfer may complete asynchronously. */
242 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
244 SCSIDeviceState *s = d->state;
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
256 BADF("Data transfer already in progress\n");
257 n = r->buf_len / 512;
259 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
260 scsi_write_complete, r);
261 if (r->aiocb == NULL)
262 scsi_command_complete(r, STATUS_CHECK_CONDITION,
263 SENSE_HARDWARE_ERROR);
265 r->sector_count -= n;
267 /* Invoke completion routine to fetch data from host. */
268 scsi_write_complete(r, 0);
274 /* Return a pointer to the data buffer. */
275 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
277 SCSIDeviceState *s = d->state;
280 r = scsi_find_request(s, tag);
282 BADF("Bad buffer tag 0x%x\n", tag);
288 /* Execute a scsi command. Returns the length of the data expected by the
289 command. This will be Positive for data transfers from the device
290 (eg. disk reads), negative for transfers to the device (eg. disk writes),
291 and zero if the command does not transfer any data. */
293 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
294 uint8_t *buf, int lun)
296 SCSIDeviceState *s = d->state;
307 r = scsi_find_request(s, tag);
309 BADF("Tag 0x%x already in use\n", tag);
310 scsi_cancel_io(d, tag);
312 /* ??? Tags are not unique for different luns. We only implement a
313 single lun, so this should not matter. */
314 r = scsi_new_request(s, tag);
317 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
318 switch (command >> 5) {
320 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
326 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
327 len = buf[8] | (buf[7] << 8);
331 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
332 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
336 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
337 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
341 BADF("Unsupported command length, command %x\n", command);
347 for (i = 1; i < cmdlen; i++) {
348 printf(" 0x%02x", buf[i]);
353 if (lun || buf[1] >> 5) {
354 /* Only LUN 0 supported. */
355 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
356 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
361 DPRINTF("Test Unit Ready\n");
364 DPRINTF("Request Sense (len %d)\n", len);
367 memset(outbuf, 0, 4);
370 outbuf[2] = s->sense;
374 DPRINTF("Inquiry (len %d)\n", len);
376 /* Command support data - optional, not implemented */
377 BADF("optional INQUIRY command support request not implemented\n");
380 else if (buf[1] & 0x1) {
381 /* Vital product data */
382 uint8_t page_code = buf[2];
384 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
385 "less than 4\n", page_code, len);
392 /* Supported page codes, mandatory */
393 DPRINTF("Inquiry EVPD[Supported pages] "
394 "buffer size %d\n", len);
398 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
399 outbuf[r->buf_len++] = 5;
401 outbuf[r->buf_len++] = 0;
404 outbuf[r->buf_len++] = 0x00; // this page
405 outbuf[r->buf_len++] = 0x00;
406 outbuf[r->buf_len++] = 3; // number of pages
407 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
408 outbuf[r->buf_len++] = 0x80; // unit serial number
409 outbuf[r->buf_len++] = 0x83; // device identification
416 /* Device serial number, optional */
418 BADF("Error: EVPD[Serial number] Inquiry buffer "
419 "size %d too small, %d needed\n", len, 4);
423 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
424 l = MIN(len, strlen(s->drive_serial_str));
428 /* Supported page codes */
429 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
430 outbuf[r->buf_len++] = 5;
432 outbuf[r->buf_len++] = 0;
435 outbuf[r->buf_len++] = 0x80; // this page
436 outbuf[r->buf_len++] = 0x00;
437 outbuf[r->buf_len++] = l;
438 memcpy(&outbuf[r->buf_len], s->drive_serial_str, l);
445 /* Device identification page, mandatory */
446 int max_len = 255 - 8;
447 int id_len = strlen(bdrv_get_device_name(s->bdrv));
448 if (id_len > max_len)
451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %d\n", len);
454 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
455 outbuf[r->buf_len++] = 5;
457 outbuf[r->buf_len++] = 0;
460 outbuf[r->buf_len++] = 0x83; // this page
461 outbuf[r->buf_len++] = 0x00;
462 outbuf[r->buf_len++] = 3 + id_len;
464 outbuf[r->buf_len++] = 0x2; // ASCII
465 outbuf[r->buf_len++] = 0; // not officially assigned
466 outbuf[r->buf_len++] = 0; // reserved
467 outbuf[r->buf_len++] = id_len; // length of data following
469 memcpy(&outbuf[r->buf_len],
470 bdrv_get_device_name(s->bdrv), id_len);
471 r->buf_len += id_len;
475 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
476 "buffer size %d\n", page_code, len);
483 /* Standard INQUIRY data */
485 BADF("Error: Inquiry (STANDARD) page or code "
486 "is non-zero [%02X]\n", buf[2]);
492 BADF("Error: Inquiry (STANDARD) buffer size %d "
493 "is less than 5\n", len);
498 BADF("Error: Inquiry (STANDARD) buffer size %d "
499 "is less than 36 (TODO: only 5 required)\n", len);
503 if(len > SCSI_MAX_INQUIRY_LEN)
504 len = SCSI_MAX_INQUIRY_LEN;
506 memset(outbuf, 0, len);
508 if (lun || buf[1] >> 5) {
509 outbuf[0] = 0x7f; /* LUN not supported */
510 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
513 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
516 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
518 memcpy(&outbuf[8], "QEMU ", 8);
519 memcpy(&outbuf[32], QEMU_VERSION, 4);
520 /* Identify device as SCSI-3 rev 1.
521 Some later commands are also implemented. */
523 outbuf[3] = 2; /* Format 2 */
524 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
525 /* Sync data transfer and TCQ. */
526 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
530 DPRINTF("Reserve(6)\n");
535 DPRINTF("Release(6)\n");
545 page = buf[2] & 0x3f;
546 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
549 outbuf[1] = 0; /* Default media type. */
550 outbuf[3] = 0; /* Block descriptor length. */
551 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
552 outbuf[2] = 0x80; /* Readonly. */
556 int cylinders, heads, secs;
558 /* Rigid disk device geometry page. */
561 /* if a geometry hint is available, use it */
562 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
563 p[2] = (cylinders >> 16) & 0xff;
564 p[3] = (cylinders >> 8) & 0xff;
565 p[4] = cylinders & 0xff;
567 /* Write precomp start cylinder, disabled */
568 p[6] = (cylinders >> 16) & 0xff;
569 p[7] = (cylinders >> 8) & 0xff;
570 p[8] = cylinders & 0xff;
571 /* Reduced current start cylinder, disabled */
572 p[9] = (cylinders >> 16) & 0xff;
573 p[10] = (cylinders >> 8) & 0xff;
574 p[11] = cylinders & 0xff;
575 /* Device step rate [ns], 200ns */
578 /* Landing zone cylinder */
582 /* Medium rotation rate [rpm], 5400 rpm */
583 p[20] = (5400 >> 8) & 0xff;
586 } else if (page == 5) {
587 int cylinders, heads, secs;
589 /* Flexible disk device geometry page. */
592 /* Transfer rate [kbit/s], 5Mbit/s */
595 /* if a geometry hint is available, use it */
596 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
599 p[6] = s->cluster_size * 2;
600 p[8] = (cylinders >> 8) & 0xff;
601 p[9] = cylinders & 0xff;
602 /* Write precomp start cylinder, disabled */
603 p[10] = (cylinders >> 8) & 0xff;
604 p[11] = cylinders & 0xff;
605 /* Reduced current start cylinder, disabled */
606 p[12] = (cylinders >> 8) & 0xff;
607 p[13] = cylinders & 0xff;
608 /* Device step rate [100us], 100us */
611 /* Device step pulse width [us], 1us */
613 /* Device head settle delay [100us], 100us */
616 /* Motor on delay [0.1s], 0.1s */
618 /* Motor off delay [0.1s], 0.1s */
620 /* Medium rotation rate [rpm], 5400 rpm */
621 p[28] = (5400 >> 8) & 0xff;
624 } else if ((page == 8 || page == 0x3f)) {
632 if ((page == 0x3f || page == 0x2a)
633 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
634 /* CD Capabilities and Mechanical Status page. */
637 p[2] = 3; // CD-R & CD-RW read
638 p[3] = 0; // Writing not supported
639 p[4] = 0x7f; /* Audio, composite, digital out,
640 mode 2 form 1&2, multi session */
641 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
642 RW corrected, C2 errors, ISRC,
644 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
645 /* Locking supported, jumper present, eject, tray */
646 p[7] = 0; /* no volume & mute control, no
648 p[8] = (50 * 176) >> 8; // 50x read speed
649 p[9] = (50 * 176) & 0xff;
650 p[10] = 0 >> 8; // No volume
652 p[12] = 2048 >> 8; // 2M buffer
654 p[14] = (16 * 176) >> 8; // 16x read speed current
655 p[15] = (16 * 176) & 0xff;
656 p[18] = (16 * 176) >> 8; // 16x write speed
657 p[19] = (16 * 176) & 0xff;
658 p[20] = (16 * 176) >> 8; // 16x write speed current
659 p[21] = (16 * 176) & 0xff;
662 r->buf_len = p - outbuf;
663 outbuf[0] = r->buf_len - 4;
664 if (r->buf_len > len)
669 DPRINTF("Start Stop Unit\n");
672 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
673 bdrv_set_locked(s->bdrv, buf[4] & 1);
676 DPRINTF("Read Capacity\n");
677 /* The normal LEN field for this command is zero. */
678 memset(outbuf, 0, 8);
679 bdrv_get_geometry(s->bdrv, &nb_sectors);
680 /* Returned value is the address of the last sector. */
683 outbuf[0] = (nb_sectors >> 24) & 0xff;
684 outbuf[1] = (nb_sectors >> 16) & 0xff;
685 outbuf[2] = (nb_sectors >> 8) & 0xff;
686 outbuf[3] = nb_sectors & 0xff;
689 outbuf[6] = s->cluster_size * 2;
693 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
699 DPRINTF("Read (sector %d, count %d)\n", lba, len);
700 r->sector = lba * s->cluster_size;
701 r->sector_count = len * s->cluster_size;
705 DPRINTF("Write (sector %d, count %d)\n", lba, len);
706 r->sector = lba * s->cluster_size;
707 r->sector_count = len * s->cluster_size;
711 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
716 int start_track, format, msf, toclen;
719 format = buf[2] & 0xf;
720 start_track = buf[6];
721 bdrv_get_geometry(s->bdrv, &nb_sectors);
722 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
725 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
728 /* multi session : only a single session defined */
730 memset(outbuf, 0, 12);
736 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
748 DPRINTF("Read TOC error\n");
752 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
753 memset(outbuf, 0, 8);
754 /* ??? This should probably return much more information. For now
755 just return the basic header indicating the CD-ROM profile. */
756 outbuf[7] = 8; // CD-ROM
760 DPRINTF("Reserve(10)\n");
765 DPRINTF("Release(10)\n");
770 DPRINTF("Report LUNs (len %d)\n", len);
773 memset(outbuf, 0, 16);
778 DPRINTF("Verify (sector %d, count %d)\n", lba, len);
781 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
783 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
786 if (r->sector_count == 0 && r->buf_len == 0) {
787 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
789 len = r->sector_count * 512 + r->buf_len;
793 if (!r->sector_count)
794 r->sector_count = -1;
799 static void scsi_destroy(SCSIDevice *d)
805 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
806 scsi_completionfn completion, void *opaque)
811 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
814 s->completion = completion;
816 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
821 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
822 sizeof(s->drive_serial_str));
823 if (strlen(s->drive_serial_str) == 0)
824 strcpy(s->drive_serial_str, "0");
825 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
827 d->destroy = scsi_destroy;
828 d->send_command = scsi_send_command;
829 d->read_data = scsi_read_data;
830 d->write_data = scsi_write_data;
831 d->cancel_io = scsi_cancel_io;
832 d->get_buf = scsi_get_buf;
projects / qemu / blob