2 * USB Mass Storage Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
15 #define DPRINTF(fmt, args...) \
16 do { printf("usb-msd: " fmt , ##args); } while (0)
18 #define DPRINTF(fmt, args...) do {} while(0)
22 #define MassStorageReset 0xff
23 #define GetMaxLun 0xfe
26 USB_MSDM_CBW, /* Command Block. */
27 USB_MSDM_DATAOUT, /* Tranfer data to device. */
28 USB_MSDM_DATAIN, /* Transfer data from device. */
29 USB_MSDM_CSW /* Command Status. */
45 /* For async completion. */
66 static const uint8_t qemu_msd_dev_descriptor[] = {
67 0x12, /* u8 bLength; */
68 0x01, /* u8 bDescriptorType; Device */
69 0x00, 0x01, /* u16 bcdUSB; v1.0 */
71 0x00, /* u8 bDeviceClass; */
72 0x00, /* u8 bDeviceSubClass; */
73 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
74 0x08, /* u8 bMaxPacketSize0; 8 Bytes */
76 /* Vendor and product id are arbitrary. */
77 0x00, 0x00, /* u16 idVendor; */
78 0x00, 0x00, /* u16 idProduct; */
79 0x00, 0x00, /* u16 bcdDevice */
81 0x01, /* u8 iManufacturer; */
82 0x02, /* u8 iProduct; */
83 0x03, /* u8 iSerialNumber; */
84 0x01 /* u8 bNumConfigurations; */
87 static const uint8_t qemu_msd_config_descriptor[] = {
89 /* one configuration */
90 0x09, /* u8 bLength; */
91 0x02, /* u8 bDescriptorType; Configuration */
92 0x20, 0x00, /* u16 wTotalLength; */
93 0x01, /* u8 bNumInterfaces; (1) */
94 0x01, /* u8 bConfigurationValue; */
95 0x00, /* u8 iConfiguration; */
96 0xc0, /* u8 bmAttributes;
101 0x00, /* u8 MaxPower; */
104 0x09, /* u8 if_bLength; */
105 0x04, /* u8 if_bDescriptorType; Interface */
106 0x00, /* u8 if_bInterfaceNumber; */
107 0x00, /* u8 if_bAlternateSetting; */
108 0x02, /* u8 if_bNumEndpoints; */
109 0x08, /* u8 if_bInterfaceClass; MASS STORAGE */
110 0x06, /* u8 if_bInterfaceSubClass; SCSI */
111 0x50, /* u8 if_bInterfaceProtocol; Bulk Only */
112 0x00, /* u8 if_iInterface; */
114 /* Bulk-In endpoint */
115 0x07, /* u8 ep_bLength; */
116 0x05, /* u8 ep_bDescriptorType; Endpoint */
117 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
118 0x02, /* u8 ep_bmAttributes; Bulk */
119 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
120 0x00, /* u8 ep_bInterval; */
122 /* Bulk-Out endpoint */
123 0x07, /* u8 ep_bLength; */
124 0x05, /* u8 ep_bDescriptorType; Endpoint */
125 0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */
126 0x02, /* u8 ep_bmAttributes; Bulk */
127 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
128 0x00 /* u8 ep_bInterval; */
131 static void usb_msd_copy_data(MSDState *s)
135 if (len > s->scsi_len)
137 if (s->mode == USB_MSDM_DATAIN) {
138 memcpy(s->usb_buf, s->scsi_buf, len);
140 memcpy(s->scsi_buf, s->usb_buf, len);
147 if (s->scsi_len == 0) {
148 if (s->mode == USB_MSDM_DATAIN) {
149 scsi_read_data(s->scsi_dev, s->tag);
150 } else if (s->mode == USB_MSDM_DATAOUT) {
151 scsi_write_data(s->scsi_dev, s->tag);
156 static void usb_msd_send_status(MSDState *s)
158 struct usb_msd_csw csw;
160 csw.sig = cpu_to_le32(0x53425355);
161 csw.tag = cpu_to_le32(s->tag);
162 csw.residue = s->residue;
163 csw.status = s->result;
164 memcpy(s->usb_buf, &csw, 13);
167 static void usb_msd_command_complete(void *opaque, int reason, uint32_t tag,
170 MSDState *s = (MSDState *)opaque;
171 USBPacket *p = s->packet;
174 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
176 if (reason == SCSI_REASON_DONE) {
177 DPRINTF("Command complete %d\n", arg);
178 s->residue = s->data_len;
179 s->result = arg != 0;
181 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
182 /* A deferred packet with no write data remaining must be
183 the status read packet. */
184 usb_msd_send_status(s);
185 s->mode = USB_MSDM_CBW;
188 s->data_len -= s->usb_len;
189 if (s->mode == USB_MSDM_DATAIN)
190 memset(s->usb_buf, 0, s->usb_len);
193 if (s->data_len == 0)
194 s->mode = USB_MSDM_CSW;
197 usb_packet_complete(p);
198 } else if (s->data_len == 0) {
199 s->mode = USB_MSDM_CSW;
204 s->scsi_buf = scsi_get_buf(s->scsi_dev, tag);
206 usb_msd_copy_data(s);
207 if (s->usb_len == 0) {
208 /* Set s->packet to NULL before calling usb_packet_complete
209 because annother request may be issued before
210 usb_packet_complete returns. */
211 DPRINTF("Packet complete %p\n", p);
213 usb_packet_complete(p);
218 static void usb_msd_handle_reset(USBDevice *dev)
220 MSDState *s = (MSDState *)dev;
223 s->mode = USB_MSDM_CBW;
226 static int usb_msd_handle_control(USBDevice *dev, int request, int value,
227 int index, int length, uint8_t *data)
229 MSDState *s = (MSDState *)dev;
233 case DeviceRequest | USB_REQ_GET_STATUS:
234 data[0] = (1 << USB_DEVICE_SELF_POWERED) |
235 (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
239 case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
240 if (value == USB_DEVICE_REMOTE_WAKEUP) {
241 dev->remote_wakeup = 0;
247 case DeviceOutRequest | USB_REQ_SET_FEATURE:
248 if (value == USB_DEVICE_REMOTE_WAKEUP) {
249 dev->remote_wakeup = 1;
255 case DeviceOutRequest | USB_REQ_SET_ADDRESS:
259 case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
262 memcpy(data, qemu_msd_dev_descriptor,
263 sizeof(qemu_msd_dev_descriptor));
264 ret = sizeof(qemu_msd_dev_descriptor);
267 memcpy(data, qemu_msd_config_descriptor,
268 sizeof(qemu_msd_config_descriptor));
269 ret = sizeof(qemu_msd_config_descriptor);
272 switch(value & 0xff) {
282 /* vendor description */
283 ret = set_usb_string(data, "QEMU " QEMU_VERSION);
286 /* product description */
287 ret = set_usb_string(data, "QEMU USB HARDDRIVE");
291 ret = set_usb_string(data, "1");
301 case DeviceRequest | USB_REQ_GET_CONFIGURATION:
305 case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
308 case DeviceRequest | USB_REQ_GET_INTERFACE:
312 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
315 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
316 if (value == 0 && index != 0x81) { /* clear ep halt */
321 /* Class specific requests. */
322 case MassStorageReset:
323 /* Reset state ready for the next CBW. */
324 s->mode = USB_MSDM_CBW;
339 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
341 MSDState *s = opaque;
342 scsi_cancel_io(s->scsi_dev, s->tag);
347 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
349 MSDState *s = (MSDState *)dev;
351 struct usb_msd_cbw cbw;
352 uint8_t devep = p->devep;
353 uint8_t *data = p->data;
364 fprintf(stderr, "usb-msd: Bad CBW size");
367 memcpy(&cbw, data, 31);
368 if (le32_to_cpu(cbw.sig) != 0x43425355) {
369 fprintf(stderr, "usb-msd: Bad signature %08x\n",
370 le32_to_cpu(cbw.sig));
373 DPRINTF("Command on LUN %d\n", cbw.lun);
375 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
378 s->tag = le32_to_cpu(cbw.tag);
379 s->data_len = le32_to_cpu(cbw.data_len);
380 if (s->data_len == 0) {
381 s->mode = USB_MSDM_CSW;
382 } else if (cbw.flags & 0x80) {
383 s->mode = USB_MSDM_DATAIN;
385 s->mode = USB_MSDM_DATAOUT;
387 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
388 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
390 scsi_send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
391 /* ??? Should check that USB and SCSI data transfer
393 if (s->residue == 0) {
394 if (s->mode == USB_MSDM_DATAIN) {
395 scsi_read_data(s->scsi_dev, s->tag);
396 } else if (s->mode == USB_MSDM_DATAOUT) {
397 scsi_write_data(s->scsi_dev, s->tag);
403 case USB_MSDM_DATAOUT:
404 DPRINTF("Data out %d/%d\n", len, s->data_len);
405 if (len > s->data_len)
411 usb_msd_copy_data(s);
413 if (s->residue && s->usb_len) {
414 s->data_len -= s->usb_len;
415 if (s->data_len == 0)
416 s->mode = USB_MSDM_CSW;
420 DPRINTF("Deferring packet %p\n", p);
421 usb_defer_packet(p, usb_msd_cancel_io, s);
430 DPRINTF("Unexpected write (len %d)\n", len);
440 case USB_MSDM_DATAOUT:
441 if (s->data_len != 0 || len < 13)
443 /* Waiting for SCSI write to complete. */
444 usb_defer_packet(p, usb_msd_cancel_io, s);
450 DPRINTF("Command status %d tag 0x%x, len %d\n",
451 s->result, s->tag, len);
457 usb_msd_send_status(s);
458 s->mode = USB_MSDM_CBW;
462 case USB_MSDM_DATAIN:
463 DPRINTF("Data in %d/%d\n", len, s->data_len);
464 if (len > s->data_len)
469 usb_msd_copy_data(s);
471 if (s->residue && s->usb_len) {
472 s->data_len -= s->usb_len;
473 memset(s->usb_buf, 0, s->usb_len);
474 if (s->data_len == 0)
475 s->mode = USB_MSDM_CSW;
479 DPRINTF("Deferring packet %p\n", p);
480 usb_defer_packet(p, usb_msd_cancel_io, s);
489 DPRINTF("Unexpected read (len %d)\n", len);
495 DPRINTF("Bad token\n");
504 static void usb_msd_handle_destroy(USBDevice *dev)
506 MSDState *s = (MSDState *)dev;
508 scsi_disk_destroy(s->scsi_dev);
513 USBDevice *usb_msd_init(const char *filename)
516 BlockDriverState *bdrv;
518 s = qemu_mallocz(sizeof(MSDState));
522 bdrv = bdrv_new("usb");
523 if (bdrv_open(bdrv, filename, 0) < 0)
527 s->dev.speed = USB_SPEED_FULL;
528 s->dev.handle_packet = usb_generic_handle_packet;
530 s->dev.handle_reset = usb_msd_handle_reset;
531 s->dev.handle_control = usb_msd_handle_control;
532 s->dev.handle_data = usb_msd_handle_data;
533 s->dev.handle_destroy = usb_msd_handle_destroy;
535 snprintf(s->dev.devname, sizeof(s->dev.devname), "QEMU USB MSD(%.16s)",
538 s->scsi_dev = scsi_disk_init(bdrv, 0, usb_msd_command_complete, s);
539 usb_msd_handle_reset((USBDevice *)s);
540 return (USBDevice *)s;
projects / qemu / blob