--- /dev/null
+/*
+ * Generic SCSI Device support
+ *
+ * Copyright (c) 2007 Bull S.A.S.
+ * Based on code by Paul Brook
+ * Based on code by Fabrice Bellard
+ *
+ * Written by Laurent Vivier <Laurent.Vivier@bull.net>
+ *
+ * This code is licenced under the LGPL.
+ *
+ */
+
+#include "qemu-common.h"
+#include "block.h"
+#include "scsi-disk.h"
+
+#ifndef __linux__
+
+SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque)
+{
+ return NULL;
+}
+
+#else /* __linux__ */
+
+//#define DEBUG_SCSI
+
+#ifdef DEBUG_SCSI
+#define DPRINTF(fmt, args...) \
+do { printf("scsi-generic: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while(0)
+#endif
+
+#define BADF(fmt, args...) \
+do { fprintf(stderr, "scsi-generic: " fmt , ##args); } while (0)
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <scsi/sg.h>
+#include <scsi/scsi.h>
+
+#define LOAD_UNLOAD 0xa6
+#define SET_CD_SPEED 0xbb
+#define BLANK 0xa1
+
+#define SCSI_CMD_BUF_SIZE 16
+#define SCSI_SENSE_BUF_SIZE 32
+
+#define SG_ERR_DRIVER_TIMEOUT 0x06
+#define SG_ERR_DRIVER_SENSE 0x08
+
+#ifndef MAX_UINT
+#define MAX_UINT ((unsigned int)-1)
+#endif
+
+typedef struct SCSIRequest {
+ BlockDriverAIOCB *aiocb;
+ struct SCSIRequest *next;
+ SCSIDeviceState *dev;
+ uint32_t tag;
+ uint8_t cmd[SCSI_CMD_BUF_SIZE];
+ int cmdlen;
+ uint8_t *buf;
+ int buflen;
+ int len;
+ sg_io_hdr_t io_header;
+} SCSIRequest;
+
+struct SCSIDeviceState
+{
+ SCSIRequest *requests;
+ BlockDriverState *bdrv;
+ int blocksize;
+ int lun;
+ scsi_completionfn completion;
+ void *opaque;
+ int driver_status;
+ uint8_t sensebuf[SCSI_SENSE_BUF_SIZE];
+};
+
+/* Global pool of SCSIRequest structures. */
+static SCSIRequest *free_requests = NULL;
+
+static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
+{
+ SCSIRequest *r;
+
+ if (free_requests) {
+ r = free_requests;
+ free_requests = r->next;
+ } else {
+ r = qemu_malloc(sizeof(SCSIRequest));
+ r->buf = NULL;
+ r->buflen = 0;
+ }
+ r->dev = s;
+ r->tag = tag;
+ memset(r->cmd, 0, sizeof(r->cmd));
+ memset(&r->io_header, 0, sizeof(r->io_header));
+ r->cmdlen = 0;
+ r->len = 0;
+ r->aiocb = NULL;
+
+ /* link */
+
+ r->next = s->requests;
+ s->requests = r;
+ return r;
+}
+
+static void scsi_remove_request(SCSIRequest *r)
+{
+ SCSIRequest *last;
+ SCSIDeviceState *s = r->dev;
+
+ if (s->requests == r) {
+ s->requests = r->next;
+ } else {
+ last = s->requests;
+ while (last && last->next != r)
+ last = last->next;
+ if (last) {
+ last->next = r->next;
+ } else {
+ BADF("Orphaned request\n");
+ }
+ }
+ r->next = free_requests;
+ free_requests = r;
+}
+
+static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
+{
+ SCSIRequest *r;
+
+ r = s->requests;
+ while (r && r->tag != tag)
+ r = r->next;
+
+ return r;
+}
+
+/* Helper function for command completion. */
+static void scsi_command_complete(void *opaque, int ret)
+{
+ SCSIRequest *r = (SCSIRequest *)opaque;
+ SCSIDeviceState *s = r->dev;
+ uint32_t tag;
+ int sense;
+
+ s->driver_status = r->io_header.driver_status;
+ if (ret != 0)
+ sense = HARDWARE_ERROR;
+ else {
+ if (s->driver_status & SG_ERR_DRIVER_TIMEOUT) {
+ sense = HARDWARE_ERROR;
+ BADF("Driver Timeout\n");
+ } else if ((s->driver_status & SG_ERR_DRIVER_SENSE) == 0)
+ sense = NO_SENSE;
+ else
+ sense = s->sensebuf[2] & 0x0f;
+ }
+
+ DPRINTF("Command complete 0x%p tag=0x%x sense=%d\n", r, r->tag, sense);
+ tag = r->tag;
+ scsi_remove_request(r);
+ s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
+}
+
+/* Cancel a pending data transfer. */
+static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
+{
+ DPRINTF("scsi_cancel_io 0x%x\n", tag);
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ DPRINTF("Cancel tag=0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (r) {
+ if (r->aiocb)
+ bdrv_aio_cancel(r->aiocb);
+ r->aiocb = NULL;
+ scsi_remove_request(r);
+ }
+}
+
+static int execute_command(BlockDriverState *bdrv,
+ SCSIRequest *r, int direction,
+ BlockDriverCompletionFunc *complete)
+{
+
+ r->io_header.interface_id = 'S';
+ r->io_header.dxfer_direction = direction;
+ r->io_header.dxferp = r->buf;
+ r->io_header.dxfer_len = r->buflen;
+ r->io_header.cmdp = r->cmd;
+ r->io_header.cmd_len = r->cmdlen;
+ r->io_header.mx_sb_len = sizeof(r->dev->sensebuf);
+ r->io_header.sbp = r->dev->sensebuf;
+ r->io_header.timeout = MAX_UINT;
+ r->io_header.usr_ptr = r;
+ r->io_header.flags |= SG_FLAG_DIRECT_IO;
+
+ if (bdrv_pwrite(bdrv, -1, &r->io_header, sizeof(r->io_header)) == -1) {
+ BADF("execute_command: write failed ! (%d)\n", errno);
+ return -1;
+ }
+ if (complete == NULL) {
+ int ret;
+ r->aiocb = NULL;
+ while ((ret = bdrv_pread(bdrv, -1, &r->io_header,
+ sizeof(r->io_header))) == -1 &&
+ errno == EINTR);
+ if (ret == -1) {
+ BADF("execute_command: read failed !\n");
+ return -1;
+ }
+ return 0;
+ }
+
+ r->aiocb = bdrv_aio_read(bdrv, 0, (uint8_t*)&r->io_header,
+ -(int64_t)sizeof(r->io_header), complete, r);
+ if (r->aiocb == NULL) {
+ BADF("execute_command: read failed !\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static void scsi_read_complete(void * opaque, int ret)
+{
+ SCSIRequest *r = (SCSIRequest *)opaque;
+ SCSIDeviceState *s = r->dev;
+ int len;
+
+ if (ret) {
+ DPRINTF("IO error\n");
+ scsi_command_complete(r, ret);
+ return;
+ }
+ len = r->io_header.dxfer_len - r->io_header.resid;
+ DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, len);
+
+ r->len = -1;
+ s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
+}
+
+/* Read more data from scsi device into buffer. */
+static void scsi_read_data(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ int ret;
+
+ DPRINTF("scsi_read_data 0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad read tag 0x%x\n", tag);
+ /* ??? This is the wrong error. */
+ scsi_command_complete(r, -EINVAL);
+ return;
+ }
+
+ if (r->len == -1) {
+ scsi_command_complete(r, 0);
+ return;
+ }
+
+ if (r->cmd[0] == REQUEST_SENSE && s->driver_status & SG_ERR_DRIVER_SENSE)
+ {
+ memcpy(r->buf, s->sensebuf, 16);
+ r->io_header.driver_status = 0;
+ r->len = -1;
+ s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 16);
+ return;
+ }
+
+ ret = execute_command(s->bdrv, r, SG_DXFER_FROM_DEV, scsi_read_complete);
+ if (ret == -1) {
+ scsi_command_complete(r, -EINVAL);
+ return;
+ }
+}
+
+static void scsi_write_complete(void * opaque, int ret)
+{
+ SCSIRequest *r = (SCSIRequest *)opaque;
+
+ DPRINTF("scsi_write_complete() ret = %d\n", ret);
+ if (ret) {
+ DPRINTF("IO error\n");
+ scsi_command_complete(r, ret);
+ return;
+ }
+
+ scsi_command_complete(r, ret);
+}
+
+/* Write data to a scsi device. Returns nonzero on failure.
+ The transfer may complete asynchronously. */
+static int scsi_write_data(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ int ret;
+
+ DPRINTF("scsi_write_data 0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad write tag 0x%x\n", tag);
+ /* ??? This is the wrong error. */
+ scsi_command_complete(r, -EINVAL);
+ return 0;
+ }
+
+ if (r->len == 0) {
+ r->len = r->buflen;
+ s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->len);
+ return 0;
+ }
+
+ ret = execute_command(s->bdrv, r, SG_DXFER_TO_DEV, scsi_write_complete);
+ if (ret == -1) {
+ scsi_command_complete(r, -EINVAL);
+ return 1;
+ }
+
+ return 0;
+}
+
+/* Return a pointer to the data buffer. */
+static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad buffer tag 0x%x\n", tag);
+ return NULL;
+ }
+ return r->buf;
+}
+
+static int scsi_length(uint8_t *cmd, int blocksize, int *cmdlen, uint32_t *len)
+{
+ switch (cmd[0] >> 5) {
+ case 0:
+ *len = cmd[4];
+ *cmdlen = 6;
+ break;
+ case 1:
+ case 2:
+ *len = cmd[8] | (cmd[7] << 8);
+ *cmdlen = 10;
+ break;
+ case 4:
+ *len = cmd[13] | (cmd[12] << 8) | (cmd[11] << 16) | (cmd[10] << 24);
+ *cmdlen = 16;
+ break;
+ case 5:
+ *len = cmd[9] | (cmd[8] << 8) | (cmd[7] << 16) | (cmd[6] << 24);
+ *cmdlen = 12;
+ break;
+ default:
+ return -1;
+ }
+
+ switch(cmd[0]) {
+ case TEST_UNIT_READY:
+ case REZERO_UNIT:
+ case START_STOP:
+ case SEEK_6:
+ case WRITE_FILEMARKS:
+ case SPACE:
+ case ERASE:
+ case ALLOW_MEDIUM_REMOVAL:
+ case VERIFY:
+ case SEEK_10:
+ case SYNCHRONIZE_CACHE:
+ case LOCK_UNLOCK_CACHE:
+ case LOAD_UNLOAD:
+ case SET_CD_SPEED:
+ case SET_LIMITS:
+ case WRITE_LONG:
+ case MOVE_MEDIUM:
+ case UPDATE_BLOCK:
+ *len = 0;
+ break;
+ case MODE_SENSE:
+ break;
+ case WRITE_SAME:
+ *len = 1;
+ break;
+ case READ_CAPACITY:
+ *len = 8;
+ break;
+ case READ_BLOCK_LIMITS:
+ *len = 6;
+ break;
+ case READ_POSITION:
+ *len = 20;
+ break;
+ case SEND_VOLUME_TAG:
+ *len *= 40;
+ break;
+ case MEDIUM_SCAN:
+ *len *= 8;
+ break;
+ case WRITE_10:
+ cmd[1] &= ~0x08; /* disable FUA */
+ case WRITE_VERIFY:
+ case WRITE_6:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ *len *= blocksize;
+ break;
+ case READ_10:
+ cmd[1] &= ~0x08; /* disable FUA */
+ case READ_6:
+ case READ_REVERSE:
+ case RECOVER_BUFFERED_DATA:
+ case READ_12:
+ *len *= blocksize;
+ break;
+ }
+ return 0;
+}
+
+static int is_write(int command)
+{
+ switch (command) {
+ case COPY:
+ case COPY_VERIFY:
+ case COMPARE:
+ case CHANGE_DEFINITION:
+ case LOG_SELECT:
+ case MODE_SELECT:
+ case MODE_SELECT_10:
+ case SEND_DIAGNOSTIC:
+ case WRITE_BUFFER:
+ case FORMAT_UNIT:
+ case REASSIGN_BLOCKS:
+ case RESERVE:
+ case SEARCH_EQUAL:
+ case SEARCH_HIGH:
+ case SEARCH_LOW:
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_VERIFY:
+ case UPDATE_BLOCK:
+ case WRITE_LONG:
+ case WRITE_SAME:
+ case SEARCH_HIGH_12:
+ case SEARCH_EQUAL_12:
+ case SEARCH_LOW_12:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ case SET_WINDOW:
+ case MEDIUM_SCAN:
+ case SEND_VOLUME_TAG:
+ case WRITE_LONG_2:
+ return 1;
+ }
+ return 0;
+}
+
+/* Execute a scsi command. Returns the length of the data expected by the
+ command. This will be Positive for data transfers from the device
+ (eg. disk reads), negative for transfers to the device (eg. disk writes),
+ and zero if the command does not transfer any data. */
+
+static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
+ uint8_t *cmd, int lun)
+{
+ SCSIDeviceState *s = d->state;
+ uint32_t len;
+ int cmdlen;
+ SCSIRequest *r;
+ int ret;
+
+ /* ??? Tags are not unique for different luns. We only implement a
+ single lun, so this should not matter. */
+
+ if (lun != s->lun || (cmd[1] >> 5) != s->lun) {
+ DPRINTF("Unimplemented LUN %d\n", lun ? lun : cmd[1] >> 5);
+ s->completion(s->opaque, SCSI_REASON_DONE, tag, ILLEGAL_REQUEST);
+ return 0;
+ }
+
+ if (scsi_length(cmd, s->blocksize, &cmdlen, &len) == -1) {
+ BADF("Unsupported command length, command %x\n", cmd[0]);
+ return 0;
+ }
+
+ DPRINTF("Command: lun=%d tag=0x%x data=0x%02x len %d\n", lun, tag,
+ cmd[0], len);
+
+ r = scsi_find_request(s, tag);
+ if (r) {
+ BADF("Tag 0x%x already in use %p\n", tag, r);
+ scsi_cancel_io(d, tag);
+ }
+ r = scsi_new_request(s, tag);
+
+ memcpy(r->cmd, cmd, cmdlen);
+ r->cmdlen = cmdlen;
+
+ if (len == 0) {
+ if (r->buf != NULL)
+ free(r->buf);
+ r->buflen = 0;
+ r->buf = NULL;
+ ret = execute_command(s->bdrv, r, SG_DXFER_NONE, scsi_command_complete);
+ if (ret == -1) {
+ scsi_command_complete(r, -EINVAL);
+ return 0;
+ }
+ return 0;
+ }
+
+ if (r->buflen != len) {
+ if (r->buf != NULL)
+ free(r->buf);
+ r->buf = qemu_malloc(len);
+ r->buflen = len;
+ }
+
+ memset(r->buf, 0, r->buflen);
+ r->len = len;
+ if (is_write(cmd[0])) {
+ r->len = 0;
+ return -len;
+ }
+
+ return len;
+}
+
+static int get_blocksize(BlockDriverState *bdrv)
+{
+ uint8_t cmd[10];
+ uint8_t buf[8];
+ uint8_t sensebuf[8];
+ sg_io_hdr_t io_header;
+ int ret;
+
+ memset(cmd, sizeof(cmd), 0);
+ memset(buf, sizeof(buf), 0);
+ cmd[0] = READ_CAPACITY;
+
+ memset(&io_header, 0, sizeof(io_header));
+ io_header.interface_id = 'S';
+ io_header.dxfer_direction = SG_DXFER_FROM_DEV;
+ io_header.dxfer_len = sizeof(buf);
+ io_header.dxferp = buf;
+ io_header.cmdp = cmd;
+ io_header.cmd_len = sizeof(cmd);
+ io_header.mx_sb_len = sizeof(sensebuf);
+ io_header.sbp = sensebuf;
+ io_header.timeout = 6000; /* XXX */
+
+ ret = bdrv_pwrite(bdrv, -1, &io_header, sizeof(io_header));
+ if (ret == -1)
+ return -1;
+
+ while ((ret = bdrv_pread(bdrv, -1, &io_header, sizeof(io_header))) == -1 &&
+ errno == EINTR);
+
+ if (ret == -1)
+ return -1;
+
+ return (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7];
+}
+
+static void scsi_destroy(SCSIDevice *d)
+{
+ SCSIRequest *r, *n;
+
+ r = d->state->requests;
+ while (r) {
+ n = r->next;
+ qemu_free(r);
+ r = n;
+ }
+
+ r = free_requests;
+ while (r) {
+ n = r->next;
+ qemu_free(r);
+ r = n;
+ }
+
+ qemu_free(d->state);
+ qemu_free(d);
+}
+
+SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque)
+{
+ int sg_version;
+ SCSIDevice *d;
+ SCSIDeviceState *s;
+ struct sg_scsi_id scsiid;
+
+ /* check we are really using a /dev/sg* file */
+
+ if (!bdrv_is_sg(bdrv))
+ return NULL;
+
+ /* check we are using a driver managing SG_IO (version 3 and after */
+
+ if (bdrv_ioctl(bdrv, SG_GET_VERSION_NUM, &sg_version) < 0 ||
+ sg_version < 30000)
+ return NULL;
+
+ /* get LUN of the /dev/sg? */
+
+ if (bdrv_ioctl(bdrv, SG_GET_SCSI_ID, &scsiid))
+ return NULL;
+
+ /* define device state */
+
+ s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
+ s->bdrv = bdrv;
+ s->requests = NULL;
+ s->completion = completion;
+ s->opaque = opaque;
+ s->lun = scsiid.lun;
+ s->blocksize = get_blocksize(s->bdrv);
+ s->driver_status = 0;
+ memset(s->sensebuf, 0, sizeof(s->sensebuf));
+ /* removable media returns 0 if not present */
+ if (s->blocksize <= 0)
+ s->blocksize = 2048;
+
+ /* define function to manage device */
+
+ d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
+ d->state = s;
+ d->destroy = scsi_destroy;
+ d->send_command = scsi_send_command;
+ d->read_data = scsi_read_data;
+ d->write_data = scsi_write_data;
+ d->cancel_io = scsi_cancel_io;
+ d->get_buf = scsi_get_buf;
+
+ return d;
+}
+#endif /* __linux__ */
projects / qemu / commitdiff