2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * This code is licenced under the LGPL.
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
16 #include <qemu-common.h>
21 #define DPRINTF(fmt, args...) \
22 do { printf("scsi-disk: " fmt , ##args); } while (0)
24 #define DPRINTF(fmt, args...) do {} while(0)
27 #define BADF(fmt, args...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
30 #include "qemu-common.h"
32 #include "scsi-disk.h"
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
40 #define STATUS_CHECK_CONDITION 2
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
45 #define SCSI_REQ_STATUS_RETRY 0x01
47 typedef struct SCSIRequest {
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint32_t sector_count;
55 /* The amounnt of data in the buffer. */
58 BlockDriverAIOCB *aiocb;
59 struct SCSIRequest *next;
63 struct SCSIDeviceState
65 BlockDriverState *bdrv;
66 SCSIRequest *requests;
67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
73 /* Completion functions may be called from either scsi_{read,write}_data
74 or from the AIO completion routines. */
75 scsi_completionfn completion;
77 char drive_serial_str[21];
80 /* Global pool of SCSIRequest structures. */
81 static SCSIRequest *free_requests = NULL;
83 static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
89 free_requests = r->next;
91 r = qemu_malloc(sizeof(SCSIRequest));
92 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
101 r->next = s->requests;
106 static void scsi_remove_request(SCSIRequest *r)
109 SCSIDeviceState *s = r->dev;
111 if (s->requests == r) {
112 s->requests = r->next;
115 while (last && last->next != r)
118 last->next = r->next;
120 BADF("Orphaned request\n");
123 r->next = free_requests;
127 static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
132 while (r && r->tag != tag)
138 /* Helper function for command completion. */
139 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
141 SCSIDeviceState *s = r->dev;
143 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
146 scsi_remove_request(r);
147 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
150 /* Cancel a pending data transfer. */
151 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
153 SCSIDeviceState *s = d->state;
155 DPRINTF("Cancel tag=0x%x\n", tag);
156 r = scsi_find_request(s, tag);
159 bdrv_aio_cancel(r->aiocb);
161 scsi_remove_request(r);
165 static void scsi_read_complete(void * opaque, int ret)
167 SCSIRequest *r = (SCSIRequest *)opaque;
168 SCSIDeviceState *s = r->dev;
171 DPRINTF("IO error\n");
172 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
176 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
178 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
181 /* Read more data from scsi device into buffer. */
182 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
184 SCSIDeviceState *s = d->state;
188 r = scsi_find_request(s, tag);
190 BADF("Bad read tag 0x%x\n", tag);
191 /* ??? This is the wrong error. */
192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
195 if (r->sector_count == (uint32_t)-1) {
196 DPRINTF("Read buf_len=%d\n", r->buf_len);
198 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
211 r->buf_len = n * 512;
212 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
213 scsi_read_complete, r);
214 if (r->aiocb == NULL)
215 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
217 r->sector_count -= n;
220 static int scsi_handle_write_error(SCSIRequest *r, int error)
222 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->bdrv);
224 if (action == BLOCK_ERR_IGNORE)
227 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
228 || action == BLOCK_ERR_STOP_ANY) {
229 r->status |= SCSI_REQ_STATUS_RETRY;
232 scsi_command_complete(r, STATUS_CHECK_CONDITION,
233 SENSE_HARDWARE_ERROR);
239 static void scsi_write_complete(void * opaque, int ret)
241 SCSIRequest *r = (SCSIRequest *)opaque;
242 SCSIDeviceState *s = r->dev;
249 if (scsi_handle_write_error(r, -ret))
253 n = r->buf_len / 512;
255 r->sector_count -= n;
256 if (r->sector_count == 0) {
257 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
259 len = r->sector_count * 512;
260 if (len > SCSI_DMA_BUF_SIZE) {
261 len = SCSI_DMA_BUF_SIZE;
264 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
265 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
269 static void scsi_write_request(SCSIRequest *r)
271 SCSIDeviceState *s = r->dev;
274 n = r->buf_len / 512;
276 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
277 scsi_write_complete, r);
278 if (r->aiocb == NULL)
279 scsi_command_complete(r, STATUS_CHECK_CONDITION,
280 SENSE_HARDWARE_ERROR);
282 /* Invoke completion routine to fetch data from host. */
283 scsi_write_complete(r, 0);
287 /* Write data to a scsi device. Returns nonzero on failure.
288 The transfer may complete asynchronously. */
289 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
291 SCSIDeviceState *s = d->state;
294 DPRINTF("Write data tag=0x%x\n", tag);
295 r = scsi_find_request(s, tag);
297 BADF("Bad write tag 0x%x\n", tag);
298 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
303 BADF("Data transfer already in progress\n");
305 scsi_write_request(r);
310 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
312 SCSIDeviceState *s = opaque;
313 SCSIRequest *r = s->requests;
318 if (r->status & SCSI_REQ_STATUS_RETRY) {
319 r->status &= ~SCSI_REQ_STATUS_RETRY;
320 scsi_write_request(r);
326 /* Return a pointer to the data buffer. */
327 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
329 SCSIDeviceState *s = d->state;
332 r = scsi_find_request(s, tag);
334 BADF("Bad buffer tag 0x%x\n", tag);
340 /* Execute a scsi command. Returns the length of the data expected by the
341 command. This will be Positive for data transfers from the device
342 (eg. disk reads), negative for transfers to the device (eg. disk writes),
343 and zero if the command does not transfer any data. */
345 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
346 uint8_t *buf, int lun)
348 SCSIDeviceState *s = d->state;
359 r = scsi_find_request(s, tag);
361 BADF("Tag 0x%x already in use\n", tag);
362 scsi_cancel_io(d, tag);
364 /* ??? Tags are not unique for different luns. We only implement a
365 single lun, so this should not matter. */
366 r = scsi_new_request(s, tag);
369 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
370 switch (command >> 5) {
372 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
373 (((uint64_t) buf[1] & 0x1f) << 16);
379 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
380 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
381 len = buf[8] | (buf[7] << 8);
385 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
386 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
387 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
388 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
389 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
393 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
394 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
395 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
399 BADF("Unsupported command length, command %x\n", command);
405 for (i = 1; i < cmdlen; i++) {
406 printf(" 0x%02x", buf[i]);
411 if (lun || buf[1] >> 5) {
412 /* Only LUN 0 supported. */
413 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
414 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
419 DPRINTF("Test Unit Ready\n");
422 DPRINTF("Request Sense (len %d)\n", len);
425 memset(outbuf, 0, 4);
428 outbuf[2] = s->sense;
432 DPRINTF("Inquiry (len %d)\n", len);
434 /* Command support data - optional, not implemented */
435 BADF("optional INQUIRY command support request not implemented\n");
438 else if (buf[1] & 0x1) {
439 /* Vital product data */
440 uint8_t page_code = buf[2];
442 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
443 "less than 4\n", page_code, len);
450 /* Supported page codes, mandatory */
451 DPRINTF("Inquiry EVPD[Supported pages] "
452 "buffer size %d\n", len);
456 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
457 outbuf[r->buf_len++] = 5;
459 outbuf[r->buf_len++] = 0;
462 outbuf[r->buf_len++] = 0x00; // this page
463 outbuf[r->buf_len++] = 0x00;
464 outbuf[r->buf_len++] = 3; // number of pages
465 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
466 outbuf[r->buf_len++] = 0x80; // unit serial number
467 outbuf[r->buf_len++] = 0x83; // device identification
474 /* Device serial number, optional */
476 BADF("Error: EVPD[Serial number] Inquiry buffer "
477 "size %d too small, %d needed\n", len, 4);
481 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
482 l = MIN(len, strlen(s->drive_serial_str));
486 /* Supported page codes */
487 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
488 outbuf[r->buf_len++] = 5;
490 outbuf[r->buf_len++] = 0;
493 outbuf[r->buf_len++] = 0x80; // this page
494 outbuf[r->buf_len++] = 0x00;
495 outbuf[r->buf_len++] = l;
496 memcpy(&outbuf[r->buf_len], s->drive_serial_str, l);
503 /* Device identification page, mandatory */
504 int max_len = 255 - 8;
505 int id_len = strlen(bdrv_get_device_name(s->bdrv));
506 if (id_len > max_len)
509 DPRINTF("Inquiry EVPD[Device identification] "
510 "buffer size %d\n", len);
512 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
513 outbuf[r->buf_len++] = 5;
515 outbuf[r->buf_len++] = 0;
518 outbuf[r->buf_len++] = 0x83; // this page
519 outbuf[r->buf_len++] = 0x00;
520 outbuf[r->buf_len++] = 3 + id_len;
522 outbuf[r->buf_len++] = 0x2; // ASCII
523 outbuf[r->buf_len++] = 0; // not officially assigned
524 outbuf[r->buf_len++] = 0; // reserved
525 outbuf[r->buf_len++] = id_len; // length of data following
527 memcpy(&outbuf[r->buf_len],
528 bdrv_get_device_name(s->bdrv), id_len);
529 r->buf_len += id_len;
533 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
534 "buffer size %d\n", page_code, len);
541 /* Standard INQUIRY data */
543 BADF("Error: Inquiry (STANDARD) page or code "
544 "is non-zero [%02X]\n", buf[2]);
550 BADF("Error: Inquiry (STANDARD) buffer size %d "
551 "is less than 5\n", len);
556 BADF("Error: Inquiry (STANDARD) buffer size %d "
557 "is less than 36 (TODO: only 5 required)\n", len);
561 if(len > SCSI_MAX_INQUIRY_LEN)
562 len = SCSI_MAX_INQUIRY_LEN;
564 memset(outbuf, 0, len);
566 if (lun || buf[1] >> 5) {
567 outbuf[0] = 0x7f; /* LUN not supported */
568 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
571 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
574 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
576 memcpy(&outbuf[8], "QEMU ", 8);
577 memcpy(&outbuf[32], QEMU_VERSION, 4);
578 /* Identify device as SCSI-3 rev 1.
579 Some later commands are also implemented. */
581 outbuf[3] = 2; /* Format 2 */
582 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
583 /* Sync data transfer and TCQ. */
584 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
588 DPRINTF("Reserve(6)\n");
593 DPRINTF("Release(6)\n");
603 page = buf[2] & 0x3f;
604 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
607 outbuf[1] = 0; /* Default media type. */
608 outbuf[3] = 0; /* Block descriptor length. */
609 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
610 outbuf[2] = 0x80; /* Readonly. */
614 int cylinders, heads, secs;
616 /* Rigid disk device geometry page. */
619 /* if a geometry hint is available, use it */
620 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
621 p[2] = (cylinders >> 16) & 0xff;
622 p[3] = (cylinders >> 8) & 0xff;
623 p[4] = cylinders & 0xff;
625 /* Write precomp start cylinder, disabled */
626 p[6] = (cylinders >> 16) & 0xff;
627 p[7] = (cylinders >> 8) & 0xff;
628 p[8] = cylinders & 0xff;
629 /* Reduced current start cylinder, disabled */
630 p[9] = (cylinders >> 16) & 0xff;
631 p[10] = (cylinders >> 8) & 0xff;
632 p[11] = cylinders & 0xff;
633 /* Device step rate [ns], 200ns */
636 /* Landing zone cylinder */
640 /* Medium rotation rate [rpm], 5400 rpm */
641 p[20] = (5400 >> 8) & 0xff;
644 } else if (page == 5) {
645 int cylinders, heads, secs;
647 /* Flexible disk device geometry page. */
650 /* Transfer rate [kbit/s], 5Mbit/s */
653 /* if a geometry hint is available, use it */
654 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
657 p[6] = s->cluster_size * 2;
658 p[8] = (cylinders >> 8) & 0xff;
659 p[9] = cylinders & 0xff;
660 /* Write precomp start cylinder, disabled */
661 p[10] = (cylinders >> 8) & 0xff;
662 p[11] = cylinders & 0xff;
663 /* Reduced current start cylinder, disabled */
664 p[12] = (cylinders >> 8) & 0xff;
665 p[13] = cylinders & 0xff;
666 /* Device step rate [100us], 100us */
669 /* Device step pulse width [us], 1us */
671 /* Device head settle delay [100us], 100us */
674 /* Motor on delay [0.1s], 0.1s */
676 /* Motor off delay [0.1s], 0.1s */
678 /* Medium rotation rate [rpm], 5400 rpm */
679 p[28] = (5400 >> 8) & 0xff;
682 } else if ((page == 8 || page == 0x3f)) {
690 if ((page == 0x3f || page == 0x2a)
691 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
692 /* CD Capabilities and Mechanical Status page. */
695 p[2] = 3; // CD-R & CD-RW read
696 p[3] = 0; // Writing not supported
697 p[4] = 0x7f; /* Audio, composite, digital out,
698 mode 2 form 1&2, multi session */
699 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
700 RW corrected, C2 errors, ISRC,
702 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
703 /* Locking supported, jumper present, eject, tray */
704 p[7] = 0; /* no volume & mute control, no
706 p[8] = (50 * 176) >> 8; // 50x read speed
707 p[9] = (50 * 176) & 0xff;
708 p[10] = 0 >> 8; // No volume
710 p[12] = 2048 >> 8; // 2M buffer
712 p[14] = (16 * 176) >> 8; // 16x read speed current
713 p[15] = (16 * 176) & 0xff;
714 p[18] = (16 * 176) >> 8; // 16x write speed
715 p[19] = (16 * 176) & 0xff;
716 p[20] = (16 * 176) >> 8; // 16x write speed current
717 p[21] = (16 * 176) & 0xff;
720 r->buf_len = p - outbuf;
721 outbuf[0] = r->buf_len - 4;
722 if (r->buf_len > len)
727 DPRINTF("Start Stop Unit\n");
730 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
731 bdrv_set_locked(s->bdrv, buf[4] & 1);
734 DPRINTF("Read Capacity\n");
735 /* The normal LEN field for this command is zero. */
736 memset(outbuf, 0, 8);
737 bdrv_get_geometry(s->bdrv, &nb_sectors);
738 nb_sectors /= s->cluster_size;
739 /* Returned value is the address of the last sector. */
742 /* Remember the new size for read/write sanity checking. */
743 s->max_lba = nb_sectors;
744 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
745 if (nb_sectors > UINT32_MAX)
746 nb_sectors = UINT32_MAX;
747 outbuf[0] = (nb_sectors >> 24) & 0xff;
748 outbuf[1] = (nb_sectors >> 16) & 0xff;
749 outbuf[2] = (nb_sectors >> 8) & 0xff;
750 outbuf[3] = nb_sectors & 0xff;
753 outbuf[6] = s->cluster_size * 2;
757 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
764 DPRINTF("Read (sector %lld, count %d)\n", lba, len);
765 if (lba > s->max_lba)
767 r->sector = lba * s->cluster_size;
768 r->sector_count = len * s->cluster_size;
773 DPRINTF("Write (sector %lld, count %d)\n", lba, len);
774 if (lba > s->max_lba)
776 r->sector = lba * s->cluster_size;
777 r->sector_count = len * s->cluster_size;
781 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
786 int start_track, format, msf, toclen;
789 format = buf[2] & 0xf;
790 start_track = buf[6];
791 bdrv_get_geometry(s->bdrv, &nb_sectors);
792 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
793 nb_sectors /= s->cluster_size;
796 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
799 /* multi session : only a single session defined */
801 memset(outbuf, 0, 12);
807 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
819 DPRINTF("Read TOC error\n");
823 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
824 memset(outbuf, 0, 8);
825 /* ??? This should probably return much more information. For now
826 just return the basic header indicating the CD-ROM profile. */
827 outbuf[7] = 8; // CD-ROM
831 DPRINTF("Reserve(10)\n");
836 DPRINTF("Release(10)\n");
841 /* Service Action In subcommands. */
842 if ((buf[1] & 31) == 0x10) {
843 DPRINTF("SAI READ CAPACITY(16)\n");
844 memset(outbuf, 0, len);
845 bdrv_get_geometry(s->bdrv, &nb_sectors);
846 nb_sectors /= s->cluster_size;
847 /* Returned value is the address of the last sector. */
850 /* Remember the new size for read/write sanity checking. */
851 s->max_lba = nb_sectors;
852 outbuf[0] = (nb_sectors >> 56) & 0xff;
853 outbuf[1] = (nb_sectors >> 48) & 0xff;
854 outbuf[2] = (nb_sectors >> 40) & 0xff;
855 outbuf[3] = (nb_sectors >> 32) & 0xff;
856 outbuf[4] = (nb_sectors >> 24) & 0xff;
857 outbuf[5] = (nb_sectors >> 16) & 0xff;
858 outbuf[6] = (nb_sectors >> 8) & 0xff;
859 outbuf[7] = nb_sectors & 0xff;
862 outbuf[10] = s->cluster_size * 2;
864 /* Protection, exponent and lowest lba field left blank. */
867 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
872 DPRINTF("Unsupported Service Action In\n");
875 DPRINTF("Report LUNs (len %d)\n", len);
878 memset(outbuf, 0, 16);
883 DPRINTF("Verify (sector %d, count %d)\n", lba, len);
886 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
888 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
891 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
894 if (r->sector_count == 0 && r->buf_len == 0) {
895 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
897 len = r->sector_count * 512 + r->buf_len;
901 if (!r->sector_count)
902 r->sector_count = -1;
907 static void scsi_destroy(SCSIDevice *d)
913 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
914 scsi_completionfn completion, void *opaque)
920 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
923 s->completion = completion;
925 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
930 bdrv_get_geometry(s->bdrv, &nb_sectors);
931 nb_sectors /= s->cluster_size;
934 s->max_lba = nb_sectors;
935 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
936 sizeof(s->drive_serial_str));
937 if (strlen(s->drive_serial_str) == 0)
938 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
939 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
940 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
942 d->destroy = scsi_destroy;
943 d->send_command = scsi_send_command;
944 d->read_data = scsi_read_data;
945 d->write_data = scsi_write_data;
946 d->cancel_io = scsi_cancel_io;
947 d->get_buf = scsi_get_buf;
projects / qemu / blob