scsi-disk.c revision 8b23a6c7e1aee255004dd19098d4c2462b61b849
1/* 2 * SCSI Device emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Based on code by Fabrice Bellard 6 * 7 * Written by Paul Brook 8 * 9 * This code is licenced under the LGPL. 10 * 11 * Note that this file only handles the SCSI architecture model and device 12 * commands. Emulation of interface/link layer protocols is handled by 13 * the host adapter emulator. 14 */ 15 16//#define DEBUG_SCSI 17 18#ifdef DEBUG_SCSI 19#define DPRINTF(fmt, args...) \ 20do { printf("scsi-disk: " fmt , ##args); } while (0) 21#else 22#define DPRINTF(fmt, args...) do {} while(0) 23#endif 24 25#define BADF(fmt, args...) \ 26do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0) 27 28#include "qemu-common.h" 29#include "block.h" 30#include "scsi-disk.h" 31 32#define SENSE_NO_SENSE 0 33#define SENSE_NOT_READY 2 34#define SENSE_HARDWARE_ERROR 4 35#define SENSE_ILLEGAL_REQUEST 5 36 37#define SCSI_DMA_BUF_SIZE 65536 38 39typedef struct SCSIRequest { 40 SCSIDeviceState *dev; 41 uint32_t tag; 42 /* ??? We should probably keep track of whether the data trasfer is 43 a read or a write. Currently we rely on the host getting it right. */ 44 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */ 45 int sector; 46 int sector_count; 47 /* The amounnt of data in the buffer. */ 48 int buf_len; 49 uint8_t *dma_buf; 50 BlockDriverAIOCB *aiocb; 51 struct SCSIRequest *next; 52} SCSIRequest; 53 54struct SCSIDeviceState 55{ 56 BlockDriverState *bdrv; 57 SCSIRequest *requests; 58 /* The qemu block layer uses a fixed 512 byte sector size. 59 This is the number of 512 byte blocks in a single scsi sector. */ 60 int cluster_size; 61 int sense; 62 int tcq; 63 /* Completion functions may be called from either scsi_{read,write}_data 64 or from the AIO completion routines. */ 65 scsi_completionfn completion; 66 void *opaque; 67}; 68 69/* Global pool of SCSIRequest structures. */ 70static SCSIRequest *free_requests = NULL; 71 72static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag) 73{ 74 SCSIRequest *r; 75 76 if (free_requests) { 77 r = free_requests; 78 free_requests = r->next; 79 } else { 80 r = qemu_malloc(sizeof(SCSIRequest)); 81 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE); 82 } 83 r->dev = s; 84 r->tag = tag; 85 r->sector_count = 0; 86 r->buf_len = 0; 87 r->aiocb = NULL; 88 89 r->next = s->requests; 90 s->requests = r; 91 return r; 92} 93 94static void scsi_remove_request(SCSIRequest *r) 95{ 96 SCSIRequest *last; 97 SCSIDeviceState *s = r->dev; 98 99 if (s->requests == r) { 100 s->requests = r->next; 101 } else { 102 last = s->requests; 103 while (last && last->next != r) 104 last = last->next; 105 if (last) { 106 last->next = r->next; 107 } else { 108 BADF("Orphaned request\n"); 109 } 110 } 111 r->next = free_requests; 112 free_requests = r; 113} 114 115static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag) 116{ 117 SCSIRequest *r; 118 119 r = s->requests; 120 while (r && r->tag != tag) 121 r = r->next; 122 123 return r; 124} 125 126/* Helper function for command completion. */ 127static void scsi_command_complete(SCSIRequest *r, int sense) 128{ 129 SCSIDeviceState *s = r->dev; 130 uint32_t tag; 131 DPRINTF("Command complete tag=0x%x sense=%d\n", r->tag, sense); 132 s->sense = sense; 133 tag = r->tag; 134 scsi_remove_request(r); 135 s->completion(s->opaque, SCSI_REASON_DONE, tag, sense); 136} 137 138/* Cancel a pending data transfer. */ 139static void scsi_cancel_io(SCSIDevice *d, uint32_t tag) 140{ 141 SCSIDeviceState *s = d->state; 142 SCSIRequest *r; 143 DPRINTF("Cancel tag=0x%x\n", tag); 144 r = scsi_find_request(s, tag); 145 if (r) { 146 if (r->aiocb) 147 bdrv_aio_cancel(r->aiocb); 148 r->aiocb = NULL; 149 scsi_remove_request(r); 150 } 151} 152 153static void scsi_read_complete(void * opaque, int ret) 154{ 155 SCSIRequest *r = (SCSIRequest *)opaque; 156 SCSIDeviceState *s = r->dev; 157 158 if (ret) { 159 DPRINTF("IO error\n"); 160 scsi_command_complete(r, SENSE_HARDWARE_ERROR); 161 return; 162 } 163 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len); 164 165 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len); 166} 167 168/* Read more data from scsi device into buffer. */ 169static void scsi_read_data(SCSIDevice *d, uint32_t tag) 170{ 171 SCSIDeviceState *s = d->state; 172 SCSIRequest *r; 173 uint32_t n; 174 175 r = scsi_find_request(s, tag); 176 if (!r) { 177 BADF("Bad read tag 0x%x\n", tag); 178 /* ??? This is the wrong error. */ 179 scsi_command_complete(r, SENSE_HARDWARE_ERROR); 180 return; 181 } 182 if (r->sector_count == (uint32_t)-1) { 183 DPRINTF("Read buf_len=%d\n", r->buf_len); 184 r->sector_count = 0; 185 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len); 186 return; 187 } 188 DPRINTF("Read sector_count=%d\n", r->sector_count); 189 if (r->sector_count == 0) { 190 scsi_command_complete(r, SENSE_NO_SENSE); 191 return; 192 } 193 194 n = r->sector_count; 195 if (n > SCSI_DMA_BUF_SIZE / 512) 196 n = SCSI_DMA_BUF_SIZE / 512; 197 198 r->buf_len = n * 512; 199 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n, 200 scsi_read_complete, r); 201 if (r->aiocb == NULL) 202 scsi_command_complete(r, SENSE_HARDWARE_ERROR); 203 r->sector += n; 204 r->sector_count -= n; 205} 206 207static void scsi_write_complete(void * opaque, int ret) 208{ 209 SCSIRequest *r = (SCSIRequest *)opaque; 210 SCSIDeviceState *s = r->dev; 211 uint32_t len; 212 213 if (ret) { 214 fprintf(stderr, "scsi-disc: IO write error\n"); 215 exit(1); 216 } 217 218 r->aiocb = NULL; 219 if (r->sector_count == 0) { 220 scsi_command_complete(r, SENSE_NO_SENSE); 221 } else { 222 len = r->sector_count * 512; 223 if (len > SCSI_DMA_BUF_SIZE) { 224 len = SCSI_DMA_BUF_SIZE; 225 } 226 r->buf_len = len; 227 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len); 228 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len); 229 } 230} 231 232/* Write data to a scsi device. Returns nonzero on failure. 233 The transfer may complete asynchronously. */ 234static int scsi_write_data(SCSIDevice *d, uint32_t tag) 235{ 236 SCSIDeviceState *s = d->state; 237 SCSIRequest *r; 238 uint32_t n; 239 240 DPRINTF("Write data tag=0x%x\n", tag); 241 r = scsi_find_request(s, tag); 242 if (!r) { 243 BADF("Bad write tag 0x%x\n", tag); 244 scsi_command_complete(r, SENSE_HARDWARE_ERROR); 245 return 1; 246 } 247 if (r->aiocb) 248 BADF("Data transfer already in progress\n"); 249 n = r->buf_len / 512; 250 if (n) { 251 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n, 252 scsi_write_complete, r); 253 if (r->aiocb == NULL) 254 scsi_command_complete(r, SENSE_HARDWARE_ERROR); 255 r->sector += n; 256 r->sector_count -= n; 257 } else { 258 /* Invoke completion routine to fetch data from host. */ 259 scsi_write_complete(r, 0); 260 } 261 262 return 0; 263} 264 265/* Return a pointer to the data buffer. */ 266static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag) 267{ 268 SCSIDeviceState *s = d->state; 269 SCSIRequest *r; 270 271 r = scsi_find_request(s, tag); 272 if (!r) { 273 BADF("Bad buffer tag 0x%x\n", tag); 274 return NULL; 275 } 276 return r->dma_buf; 277} 278 279/* Execute a scsi command. Returns the length of the data expected by the 280 command. This will be Positive for data transfers from the device 281 (eg. disk reads), negative for transfers to the device (eg. disk writes), 282 and zero if the command does not transfer any data. */ 283 284static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, 285 uint8_t *buf, int lun) 286{ 287 SCSIDeviceState *s = d->state; 288 uint64_t nb_sectors; 289 uint32_t lba; 290 uint32_t len; 291 int cmdlen; 292 int is_write; 293 uint8_t command; 294 uint8_t *outbuf; 295 SCSIRequest *r; 296 297 command = buf[0]; 298 r = scsi_find_request(s, tag); 299 if (r) { 300 BADF("Tag 0x%x already in use\n", tag); 301 scsi_cancel_io(d, tag); 302 } 303 /* ??? Tags are not unique for different luns. We only implement a 304 single lun, so this should not matter. */ 305 r = scsi_new_request(s, tag); 306 outbuf = r->dma_buf; 307 is_write = 0; 308 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]); 309 switch (command >> 5) { 310 case 0: 311 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16); 312 len = buf[4]; 313 cmdlen = 6; 314 break; 315 case 1: 316 case 2: 317 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24); 318 len = buf[8] | (buf[7] << 8); 319 cmdlen = 10; 320 break; 321 case 4: 322 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24); 323 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24); 324 cmdlen = 16; 325 break; 326 case 5: 327 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24); 328 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24); 329 cmdlen = 12; 330 break; 331 default: 332 BADF("Unsupported command length, command %x\n", command); 333 goto fail; 334 } 335#ifdef DEBUG_SCSI 336 { 337 int i; 338 for (i = 1; i < cmdlen; i++) { 339 printf(" 0x%02x", buf[i]); 340 } 341 printf("\n"); 342 } 343#endif 344 if (lun || buf[1] >> 5) { 345 /* Only LUN 0 supported. */ 346 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5); 347 goto fail; 348 } 349 switch (command) { 350 case 0x0: 351 DPRINTF("Test Unit Ready\n"); 352 break; 353 case 0x03: 354 DPRINTF("Request Sense (len %d)\n", len); 355 if (len < 4) 356 goto fail; 357 memset(outbuf, 0, 4); 358 outbuf[0] = 0xf0; 359 outbuf[1] = 0; 360 outbuf[2] = s->sense; 361 r->buf_len = 4; 362 break; 363 case 0x12: 364 DPRINTF("Inquiry (len %d)\n", len); 365 if (buf[1] & 0x2) { 366 /* Command support data - optional, not implemented */ 367 BADF("optional INQUIRY command support request not implemented\n"); 368 goto fail; 369 } 370 else if (buf[1] & 0x1) { 371 /* Vital product data */ 372 uint8_t page_code = buf[2]; 373 if (len < 4) { 374 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is " 375 "less than 4\n", page_code, len); 376 goto fail; 377 } 378 379 switch (page_code) { 380 case 0x00: 381 { 382 /* Supported page codes, mandatory */ 383 DPRINTF("Inquiry EVPD[Supported pages] " 384 "buffer size %d\n", len); 385 386 r->buf_len = 0; 387 388 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 389 outbuf[r->buf_len++] = 5; 390 } else { 391 outbuf[r->buf_len++] = 0; 392 } 393 394 outbuf[r->buf_len++] = 0x00; // this page 395 outbuf[r->buf_len++] = 0x00; 396 outbuf[r->buf_len++] = 3; // number of pages 397 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page) 398 outbuf[r->buf_len++] = 0x80; // unit serial number 399 outbuf[r->buf_len++] = 0x83; // device identification 400 } 401 break; 402 case 0x80: 403 { 404 /* Device serial number, optional */ 405 if (len < 4) { 406 BADF("Error: EVPD[Serial number] Inquiry buffer " 407 "size %d too small, %d needed\n", len, 4); 408 goto fail; 409 } 410 411 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len); 412 413 r->buf_len = 0; 414 415 /* Supported page codes */ 416 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 417 outbuf[r->buf_len++] = 5; 418 } else { 419 outbuf[r->buf_len++] = 0; 420 } 421 422 outbuf[r->buf_len++] = 0x80; // this page 423 outbuf[r->buf_len++] = 0x00; 424 outbuf[r->buf_len++] = 0x01; // 1 byte data follow 425 426 outbuf[r->buf_len++] = '0'; // 1 byte data follow 427 } 428 429 break; 430 case 0x83: 431 { 432 /* Device identification page, mandatory */ 433 int max_len = 255 - 8; 434 int id_len = strlen(bdrv_get_device_name(s->bdrv)); 435 if (id_len > max_len) 436 id_len = max_len; 437 438 DPRINTF("Inquiry EVPD[Device identification] " 439 "buffer size %d\n", len); 440 r->buf_len = 0; 441 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 442 outbuf[r->buf_len++] = 5; 443 } else { 444 outbuf[r->buf_len++] = 0; 445 } 446 447 outbuf[r->buf_len++] = 0x83; // this page 448 outbuf[r->buf_len++] = 0x00; 449 outbuf[r->buf_len++] = 3 + id_len; 450 451 outbuf[r->buf_len++] = 0x2; // ASCII 452 outbuf[r->buf_len++] = 0; // not officially assigned 453 outbuf[r->buf_len++] = 0; // reserved 454 outbuf[r->buf_len++] = id_len; // length of data following 455 456 memcpy(&outbuf[r->buf_len], 457 bdrv_get_device_name(s->bdrv), id_len); 458 r->buf_len += id_len; 459 } 460 break; 461 default: 462 BADF("Error: unsupported Inquiry (EVPD[%02X]) " 463 "buffer size %d\n", page_code, len); 464 goto fail; 465 } 466 /* done with EVPD */ 467 break; 468 } 469 else { 470 /* Standard INQUIRY data */ 471 if (buf[2] != 0) { 472 BADF("Error: Inquiry (STANDARD) page or code " 473 "is non-zero [%02X]\n", buf[2]); 474 goto fail; 475 } 476 477 /* PAGE CODE == 0 */ 478 if (len < 5) { 479 BADF("Error: Inquiry (STANDARD) buffer size %d " 480 "is less than 5\n", len); 481 goto fail; 482 } 483 484 if (len < 36) { 485 BADF("Error: Inquiry (STANDARD) buffer size %d " 486 "is less than 36 (TODO: only 5 required)\n", len); 487 } 488 } 489 memset(outbuf, 0, 36); 490 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 491 outbuf[0] = 5; 492 outbuf[1] = 0x80; 493 memcpy(&outbuf[16], "QEMU CD-ROM ", 16); 494 } else { 495 outbuf[0] = 0; 496 memcpy(&outbuf[16], "QEMU HARDDISK ", 16); 497 } 498 memcpy(&outbuf[8], "QEMU ", 8); 499 memcpy(&outbuf[32], QEMU_VERSION, 4); 500 /* Identify device as SCSI-3 rev 1. 501 Some later commands are also implemented. */ 502 outbuf[2] = 3; 503 outbuf[3] = 2; /* Format 2 */ 504 outbuf[4] = 31; 505 /* Sync data transfer and TCQ. */ 506 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0); 507 r->buf_len = 36; 508 break; 509 case 0x16: 510 DPRINTF("Reserve(6)\n"); 511 if (buf[1] & 1) 512 goto fail; 513 break; 514 case 0x17: 515 DPRINTF("Release(6)\n"); 516 if (buf[1] & 1) 517 goto fail; 518 break; 519 case 0x1a: 520 case 0x5a: 521 { 522 uint8_t *p; 523 int page; 524 525 page = buf[2] & 0x3f; 526 DPRINTF("Mode Sense (page %d, len %d)\n", page, len); 527 p = outbuf; 528 memset(p, 0, 4); 529 outbuf[1] = 0; /* Default media type. */ 530 outbuf[3] = 0; /* Block descriptor length. */ 531 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 532 outbuf[2] = 0x80; /* Readonly. */ 533 } 534 p += 4; 535 if (page == 4) { 536 int cylinders, heads, secs; 537 538 /* Rigid disk device geometry page. */ 539 p[0] = 4; 540 p[1] = 0x16; 541 /* if a geometry hint is available, use it */ 542 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs); 543 p[2] = (cylinders >> 16) & 0xff; 544 p[3] = (cylinders >> 8) & 0xff; 545 p[4] = cylinders & 0xff; 546 p[5] = heads & 0xff; 547 /* Write precomp start cylinder, disabled */ 548 p[6] = (cylinders >> 16) & 0xff; 549 p[7] = (cylinders >> 8) & 0xff; 550 p[8] = cylinders & 0xff; 551 /* Reduced current start cylinder, disabled */ 552 p[9] = (cylinders >> 16) & 0xff; 553 p[10] = (cylinders >> 8) & 0xff; 554 p[11] = cylinders & 0xff; 555 /* Device step rate [ns], 200ns */ 556 p[12] = 0; 557 p[13] = 200; 558 /* Landing zone cylinder */ 559 p[14] = 0xff; 560 p[15] = 0xff; 561 p[16] = 0xff; 562 /* Medium rotation rate [rpm], 5400 rpm */ 563 p[20] = (5400 >> 8) & 0xff; 564 p[21] = 5400 & 0xff; 565 p += 0x16; 566 } else if (page == 5) { 567 int cylinders, heads, secs; 568 569 /* Flexible disk device geometry page. */ 570 p[0] = 5; 571 p[1] = 0x1e; 572 /* Transfer rate [kbit/s], 5Mbit/s */ 573 p[2] = 5000 >> 8; 574 p[3] = 5000 & 0xff; 575 /* if a geometry hint is available, use it */ 576 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs); 577 p[4] = heads & 0xff; 578 p[5] = secs & 0xff; 579 p[6] = s->cluster_size * 2; 580 p[8] = (cylinders >> 8) & 0xff; 581 p[9] = cylinders & 0xff; 582 /* Write precomp start cylinder, disabled */ 583 p[10] = (cylinders >> 8) & 0xff; 584 p[11] = cylinders & 0xff; 585 /* Reduced current start cylinder, disabled */ 586 p[12] = (cylinders >> 8) & 0xff; 587 p[13] = cylinders & 0xff; 588 /* Device step rate [100us], 100us */ 589 p[14] = 0; 590 p[15] = 1; 591 /* Device step pulse width [us], 1us */ 592 p[16] = 1; 593 /* Device head settle delay [100us], 100us */ 594 p[17] = 0; 595 p[18] = 1; 596 /* Motor on delay [0.1s], 0.1s */ 597 p[19] = 1; 598 /* Motor off delay [0.1s], 0.1s */ 599 p[20] = 1; 600 /* Medium rotation rate [rpm], 5400 rpm */ 601 p[28] = (5400 >> 8) & 0xff; 602 p[29] = 5400 & 0xff; 603 p += 0x1e; 604 } else if ((page == 8 || page == 0x3f)) { 605 /* Caching page. */ 606 memset(p,0,20); 607 p[0] = 8; 608 p[1] = 0x12; 609 p[2] = 4; /* WCE */ 610 p += 20; 611 } 612 if ((page == 0x3f || page == 0x2a) 613 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) { 614 /* CD Capabilities and Mechanical Status page. */ 615 p[0] = 0x2a; 616 p[1] = 0x14; 617 p[2] = 3; // CD-R & CD-RW read 618 p[3] = 0; // Writing not supported 619 p[4] = 0x7f; /* Audio, composite, digital out, 620 mode 2 form 1&2, multi session */ 621 p[5] = 0xff; /* CD DA, DA accurate, RW supported, 622 RW corrected, C2 errors, ISRC, 623 UPC, Bar code */ 624 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0); 625 /* Locking supported, jumper present, eject, tray */ 626 p[7] = 0; /* no volume & mute control, no 627 changer */ 628 p[8] = (50 * 176) >> 8; // 50x read speed 629 p[9] = (50 * 176) & 0xff; 630 p[10] = 0 >> 8; // No volume 631 p[11] = 0 & 0xff; 632 p[12] = 2048 >> 8; // 2M buffer 633 p[13] = 2048 & 0xff; 634 p[14] = (16 * 176) >> 8; // 16x read speed current 635 p[15] = (16 * 176) & 0xff; 636 p[18] = (16 * 176) >> 8; // 16x write speed 637 p[19] = (16 * 176) & 0xff; 638 p[20] = (16 * 176) >> 8; // 16x write speed current 639 p[21] = (16 * 176) & 0xff; 640 p += 22; 641 } 642 r->buf_len = p - outbuf; 643 outbuf[0] = r->buf_len - 4; 644 if (r->buf_len > len) 645 r->buf_len = len; 646 } 647 break; 648 case 0x1b: 649 DPRINTF("Start Stop Unit\n"); 650 break; 651 case 0x1e: 652 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3); 653 bdrv_set_locked(s->bdrv, buf[4] & 1); 654 break; 655 case 0x25: 656 DPRINTF("Read Capacity\n"); 657 /* The normal LEN field for this command is zero. */ 658 memset(outbuf, 0, 8); 659 bdrv_get_geometry(s->bdrv, &nb_sectors); 660 /* Returned value is the address of the last sector. */ 661 if (nb_sectors) { 662 nb_sectors--; 663 outbuf[0] = (nb_sectors >> 24) & 0xff; 664 outbuf[1] = (nb_sectors >> 16) & 0xff; 665 outbuf[2] = (nb_sectors >> 8) & 0xff; 666 outbuf[3] = nb_sectors & 0xff; 667 outbuf[4] = 0; 668 outbuf[5] = 0; 669 outbuf[6] = s->cluster_size * 2; 670 outbuf[7] = 0; 671 r->buf_len = 8; 672 } else { 673 scsi_command_complete(r, SENSE_NOT_READY); 674 return 0; 675 } 676 break; 677 case 0x08: 678 case 0x28: 679 DPRINTF("Read (sector %d, count %d)\n", lba, len); 680 r->sector = lba * s->cluster_size; 681 r->sector_count = len * s->cluster_size; 682 break; 683 case 0x0a: 684 case 0x2a: 685 DPRINTF("Write (sector %d, count %d)\n", lba, len); 686 r->sector = lba * s->cluster_size; 687 r->sector_count = len * s->cluster_size; 688 is_write = 1; 689 break; 690 case 0x35: 691 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len); 692 bdrv_flush(s->bdrv); 693 break; 694 case 0x43: 695 { 696 int start_track, format, msf, toclen; 697 698 msf = buf[1] & 2; 699 format = buf[2] & 0xf; 700 start_track = buf[6]; 701 bdrv_get_geometry(s->bdrv, &nb_sectors); 702 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1); 703 switch(format) { 704 case 0: 705 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track); 706 break; 707 case 1: 708 /* multi session : only a single session defined */ 709 toclen = 12; 710 memset(outbuf, 0, 12); 711 outbuf[1] = 0x0a; 712 outbuf[2] = 0x01; 713 outbuf[3] = 0x01; 714 break; 715 case 2: 716 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track); 717 break; 718 default: 719 goto error_cmd; 720 } 721 if (toclen > 0) { 722 if (len > toclen) 723 len = toclen; 724 r->buf_len = len; 725 break; 726 } 727 error_cmd: 728 DPRINTF("Read TOC error\n"); 729 goto fail; 730 } 731 case 0x46: 732 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len); 733 memset(outbuf, 0, 8); 734 /* ??? This should probably return much more information. For now 735 just return the basic header indicating the CD-ROM profile. */ 736 outbuf[7] = 8; // CD-ROM 737 r->buf_len = 8; 738 break; 739 case 0x56: 740 DPRINTF("Reserve(10)\n"); 741 if (buf[1] & 3) 742 goto fail; 743 break; 744 case 0x57: 745 DPRINTF("Release(10)\n"); 746 if (buf[1] & 3) 747 goto fail; 748 break; 749 case 0xa0: 750 DPRINTF("Report LUNs (len %d)\n", len); 751 if (len < 16) 752 goto fail; 753 memset(outbuf, 0, 16); 754 outbuf[3] = 8; 755 r->buf_len = 16; 756 break; 757 default: 758 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]); 759 fail: 760 scsi_command_complete(r, SENSE_ILLEGAL_REQUEST); 761 return 0; 762 } 763 if (r->sector_count == 0 && r->buf_len == 0) { 764 scsi_command_complete(r, SENSE_NO_SENSE); 765 } 766 len = r->sector_count * 512 + r->buf_len; 767 if (is_write) { 768 return -len; 769 } else { 770 if (!r->sector_count) 771 r->sector_count = -1; 772 return len; 773 } 774} 775 776static void scsi_destroy(SCSIDevice *d) 777{ 778 qemu_free(d->state); 779 qemu_free(d); 780} 781 782SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq, 783 scsi_completionfn completion, void *opaque) 784{ 785 SCSIDevice *d; 786 SCSIDeviceState *s; 787 788 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState)); 789 s->bdrv = bdrv; 790 s->tcq = tcq; 791 s->completion = completion; 792 s->opaque = opaque; 793 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) { 794 s->cluster_size = 4; 795 } else { 796 s->cluster_size = 1; 797 } 798 799 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice)); 800 d->state = s; 801 d->destroy = scsi_destroy; 802 d->send_command = scsi_send_command; 803 d->read_data = scsi_read_data; 804 d->write_data = scsi_write_data; 805 d->cancel_io = scsi_cancel_io; 806 d->get_buf = scsi_get_buf; 807 808 return d; 809} 810