scsi-bus.c (52381B)
1 #include "qemu/osdep.h" 2 #include "qapi/error.h" 3 #include "qemu/error-report.h" 4 #include "qemu/module.h" 5 #include "qemu/option.h" 6 #include "qemu/hw-version.h" 7 #include "hw/qdev-properties.h" 8 #include "hw/scsi/scsi.h" 9 #include "migration/qemu-file-types.h" 10 #include "migration/vmstate.h" 11 #include "scsi/constants.h" 12 #include "sysemu/block-backend.h" 13 #include "sysemu/blockdev.h" 14 #include "sysemu/sysemu.h" 15 #include "sysemu/runstate.h" 16 #include "trace.h" 17 #include "sysemu/dma.h" 18 #include "qemu/cutils.h" 19 20 static char *scsibus_get_dev_path(DeviceState *dev); 21 static char *scsibus_get_fw_dev_path(DeviceState *dev); 22 static void scsi_req_dequeue(SCSIRequest *req); 23 static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len); 24 static void scsi_target_free_buf(SCSIRequest *req); 25 26 static int next_scsi_bus; 27 28 static SCSIDevice *do_scsi_device_find(SCSIBus *bus, 29 int channel, int id, int lun, 30 bool include_unrealized) 31 { 32 BusChild *kid; 33 SCSIDevice *retval = NULL; 34 35 QTAILQ_FOREACH_RCU(kid, &bus->qbus.children, sibling) { 36 DeviceState *qdev = kid->child; 37 SCSIDevice *dev = SCSI_DEVICE(qdev); 38 39 if (dev->channel == channel && dev->id == id) { 40 if (dev->lun == lun) { 41 retval = dev; 42 break; 43 } 44 45 /* 46 * If we don't find exact match (channel/bus/lun), 47 * we will return the first device which matches channel/bus 48 */ 49 50 if (!retval) { 51 retval = dev; 52 } 53 } 54 } 55 56 /* 57 * This function might run on the IO thread and we might race against 58 * main thread hot-plugging the device. 59 * We assume that as soon as .realized is set to true we can let 60 * the user access the device. 61 */ 62 63 if (retval && !include_unrealized && 64 !qatomic_load_acquire(&retval->qdev.realized)) { 65 retval = NULL; 66 } 67 68 return retval; 69 } 70 71 SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun) 72 { 73 RCU_READ_LOCK_GUARD(); 74 return do_scsi_device_find(bus, channel, id, lun, false); 75 } 76 77 SCSIDevice *scsi_device_get(SCSIBus *bus, int channel, int id, int lun) 78 { 79 SCSIDevice *d; 80 RCU_READ_LOCK_GUARD(); 81 d = do_scsi_device_find(bus, channel, id, lun, false); 82 if (d) { 83 object_ref(d); 84 } 85 return d; 86 } 87 88 static void scsi_device_realize(SCSIDevice *s, Error **errp) 89 { 90 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 91 if (sc->realize) { 92 sc->realize(s, errp); 93 } 94 } 95 96 static void scsi_device_unrealize(SCSIDevice *s) 97 { 98 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 99 if (sc->unrealize) { 100 sc->unrealize(s); 101 } 102 } 103 104 int scsi_bus_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf, 105 size_t buf_len, void *hba_private) 106 { 107 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 108 int rc; 109 110 assert(cmd->len == 0); 111 rc = scsi_req_parse_cdb(dev, cmd, buf, buf_len); 112 if (bus->info->parse_cdb) { 113 rc = bus->info->parse_cdb(dev, cmd, buf, buf_len, hba_private); 114 } 115 return rc; 116 } 117 118 static SCSIRequest *scsi_device_alloc_req(SCSIDevice *s, uint32_t tag, uint32_t lun, 119 uint8_t *buf, void *hba_private) 120 { 121 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 122 if (sc->alloc_req) { 123 return sc->alloc_req(s, tag, lun, buf, hba_private); 124 } 125 126 return NULL; 127 } 128 129 void scsi_device_unit_attention_reported(SCSIDevice *s) 130 { 131 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(s); 132 if (sc->unit_attention_reported) { 133 sc->unit_attention_reported(s); 134 } 135 } 136 137 /* Create a scsi bus, and attach devices to it. */ 138 void scsi_bus_init_named(SCSIBus *bus, size_t bus_size, DeviceState *host, 139 const SCSIBusInfo *info, const char *bus_name) 140 { 141 qbus_init(bus, bus_size, TYPE_SCSI_BUS, host, bus_name); 142 bus->busnr = next_scsi_bus++; 143 bus->info = info; 144 qbus_set_bus_hotplug_handler(BUS(bus)); 145 } 146 147 static void scsi_dma_restart_bh(void *opaque) 148 { 149 SCSIDevice *s = opaque; 150 SCSIRequest *req, *next; 151 152 qemu_bh_delete(s->bh); 153 s->bh = NULL; 154 155 aio_context_acquire(blk_get_aio_context(s->conf.blk)); 156 QTAILQ_FOREACH_SAFE(req, &s->requests, next, next) { 157 scsi_req_ref(req); 158 if (req->retry) { 159 req->retry = false; 160 switch (req->cmd.mode) { 161 case SCSI_XFER_FROM_DEV: 162 case SCSI_XFER_TO_DEV: 163 scsi_req_continue(req); 164 break; 165 case SCSI_XFER_NONE: 166 scsi_req_dequeue(req); 167 scsi_req_enqueue(req); 168 break; 169 } 170 } 171 scsi_req_unref(req); 172 } 173 aio_context_release(blk_get_aio_context(s->conf.blk)); 174 /* Drop the reference that was acquired in scsi_dma_restart_cb */ 175 object_unref(OBJECT(s)); 176 } 177 178 void scsi_req_retry(SCSIRequest *req) 179 { 180 /* No need to save a reference, because scsi_dma_restart_bh just 181 * looks at the request list. */ 182 req->retry = true; 183 } 184 185 static void scsi_dma_restart_cb(void *opaque, bool running, RunState state) 186 { 187 SCSIDevice *s = opaque; 188 189 if (!running) { 190 return; 191 } 192 if (!s->bh) { 193 AioContext *ctx = blk_get_aio_context(s->conf.blk); 194 /* The reference is dropped in scsi_dma_restart_bh.*/ 195 object_ref(OBJECT(s)); 196 s->bh = aio_bh_new(ctx, scsi_dma_restart_bh, s); 197 qemu_bh_schedule(s->bh); 198 } 199 } 200 201 static bool scsi_bus_is_address_free(SCSIBus *bus, 202 int channel, int target, int lun, 203 SCSIDevice **p_dev) 204 { 205 SCSIDevice *d; 206 207 RCU_READ_LOCK_GUARD(); 208 d = do_scsi_device_find(bus, channel, target, lun, true); 209 if (d && d->lun == lun) { 210 if (p_dev) { 211 *p_dev = d; 212 } 213 return false; 214 } 215 if (p_dev) { 216 *p_dev = NULL; 217 } 218 return true; 219 } 220 221 static bool scsi_bus_check_address(BusState *qbus, DeviceState *qdev, Error **errp) 222 { 223 SCSIDevice *dev = SCSI_DEVICE(qdev); 224 SCSIBus *bus = SCSI_BUS(qbus); 225 226 if (dev->channel > bus->info->max_channel) { 227 error_setg(errp, "bad scsi channel id: %d", dev->channel); 228 return false; 229 } 230 if (dev->id != -1 && dev->id > bus->info->max_target) { 231 error_setg(errp, "bad scsi device id: %d", dev->id); 232 return false; 233 } 234 if (dev->lun != -1 && dev->lun > bus->info->max_lun) { 235 error_setg(errp, "bad scsi device lun: %d", dev->lun); 236 return false; 237 } 238 239 if (dev->id != -1 && dev->lun != -1) { 240 SCSIDevice *d; 241 if (!scsi_bus_is_address_free(bus, dev->channel, dev->id, dev->lun, &d)) { 242 error_setg(errp, "lun already used by '%s'", d->qdev.id); 243 return false; 244 } 245 } 246 247 return true; 248 } 249 250 static void scsi_qdev_realize(DeviceState *qdev, Error **errp) 251 { 252 SCSIDevice *dev = SCSI_DEVICE(qdev); 253 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 254 bool is_free; 255 Error *local_err = NULL; 256 257 if (dev->id == -1) { 258 int id = -1; 259 if (dev->lun == -1) { 260 dev->lun = 0; 261 } 262 do { 263 is_free = scsi_bus_is_address_free(bus, dev->channel, ++id, dev->lun, NULL); 264 } while (!is_free && id < bus->info->max_target); 265 if (!is_free) { 266 error_setg(errp, "no free target"); 267 return; 268 } 269 dev->id = id; 270 } else if (dev->lun == -1) { 271 int lun = -1; 272 do { 273 is_free = scsi_bus_is_address_free(bus, dev->channel, dev->id, ++lun, NULL); 274 } while (!is_free && lun < bus->info->max_lun); 275 if (!is_free) { 276 error_setg(errp, "no free lun"); 277 return; 278 } 279 dev->lun = lun; 280 } 281 282 QTAILQ_INIT(&dev->requests); 283 scsi_device_realize(dev, &local_err); 284 if (local_err) { 285 error_propagate(errp, local_err); 286 return; 287 } 288 dev->vmsentry = qdev_add_vm_change_state_handler(DEVICE(dev), 289 scsi_dma_restart_cb, dev); 290 } 291 292 static void scsi_qdev_unrealize(DeviceState *qdev) 293 { 294 SCSIDevice *dev = SCSI_DEVICE(qdev); 295 296 if (dev->vmsentry) { 297 qemu_del_vm_change_state_handler(dev->vmsentry); 298 } 299 300 scsi_device_purge_requests(dev, SENSE_CODE(NO_SENSE)); 301 302 scsi_device_unrealize(dev); 303 304 blockdev_mark_auto_del(dev->conf.blk); 305 } 306 307 /* handle legacy '-drive if=scsi,...' cmd line args */ 308 SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk, 309 int unit, bool removable, int bootindex, 310 bool share_rw, 311 BlockdevOnError rerror, 312 BlockdevOnError werror, 313 const char *serial, Error **errp) 314 { 315 const char *driver; 316 char *name; 317 DeviceState *dev; 318 DriveInfo *dinfo; 319 320 if (blk_is_sg(blk)) { 321 driver = "scsi-generic"; 322 } else { 323 dinfo = blk_legacy_dinfo(blk); 324 if (dinfo && dinfo->media_cd) { 325 driver = "scsi-cd"; 326 } else { 327 driver = "scsi-hd"; 328 } 329 } 330 dev = qdev_new(driver); 331 name = g_strdup_printf("legacy[%d]", unit); 332 object_property_add_child(OBJECT(bus), name, OBJECT(dev)); 333 g_free(name); 334 335 qdev_prop_set_uint32(dev, "scsi-id", unit); 336 if (bootindex >= 0) { 337 object_property_set_int(OBJECT(dev), "bootindex", bootindex, 338 &error_abort); 339 } 340 if (object_property_find(OBJECT(dev), "removable")) { 341 qdev_prop_set_bit(dev, "removable", removable); 342 } 343 if (serial && object_property_find(OBJECT(dev), "serial")) { 344 qdev_prop_set_string(dev, "serial", serial); 345 } 346 if (!qdev_prop_set_drive_err(dev, "drive", blk, errp)) { 347 object_unparent(OBJECT(dev)); 348 return NULL; 349 } 350 if (!object_property_set_bool(OBJECT(dev), "share-rw", share_rw, errp)) { 351 object_unparent(OBJECT(dev)); 352 return NULL; 353 } 354 355 qdev_prop_set_enum(dev, "rerror", rerror); 356 qdev_prop_set_enum(dev, "werror", werror); 357 358 if (!qdev_realize_and_unref(dev, &bus->qbus, errp)) { 359 object_unparent(OBJECT(dev)); 360 return NULL; 361 } 362 return SCSI_DEVICE(dev); 363 } 364 365 void scsi_bus_legacy_handle_cmdline(SCSIBus *bus) 366 { 367 Location loc; 368 DriveInfo *dinfo; 369 int unit; 370 371 loc_push_none(&loc); 372 for (unit = 0; unit <= bus->info->max_target; unit++) { 373 dinfo = drive_get(IF_SCSI, bus->busnr, unit); 374 if (dinfo == NULL) { 375 continue; 376 } 377 qemu_opts_loc_restore(dinfo->opts); 378 scsi_bus_legacy_add_drive(bus, blk_by_legacy_dinfo(dinfo), 379 unit, false, -1, false, 380 BLOCKDEV_ON_ERROR_AUTO, 381 BLOCKDEV_ON_ERROR_AUTO, 382 NULL, &error_fatal); 383 } 384 loc_pop(&loc); 385 } 386 387 static int32_t scsi_invalid_field(SCSIRequest *req, uint8_t *buf) 388 { 389 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD)); 390 scsi_req_complete(req, CHECK_CONDITION); 391 return 0; 392 } 393 394 static const struct SCSIReqOps reqops_invalid_field = { 395 .size = sizeof(SCSIRequest), 396 .send_command = scsi_invalid_field 397 }; 398 399 /* SCSIReqOps implementation for invalid commands. */ 400 401 static int32_t scsi_invalid_command(SCSIRequest *req, uint8_t *buf) 402 { 403 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE)); 404 scsi_req_complete(req, CHECK_CONDITION); 405 return 0; 406 } 407 408 static const struct SCSIReqOps reqops_invalid_opcode = { 409 .size = sizeof(SCSIRequest), 410 .send_command = scsi_invalid_command 411 }; 412 413 /* SCSIReqOps implementation for unit attention conditions. */ 414 415 static int32_t scsi_unit_attention(SCSIRequest *req, uint8_t *buf) 416 { 417 if (req->dev->unit_attention.key == UNIT_ATTENTION) { 418 scsi_req_build_sense(req, req->dev->unit_attention); 419 } else if (req->bus->unit_attention.key == UNIT_ATTENTION) { 420 scsi_req_build_sense(req, req->bus->unit_attention); 421 } 422 scsi_req_complete(req, CHECK_CONDITION); 423 return 0; 424 } 425 426 static const struct SCSIReqOps reqops_unit_attention = { 427 .size = sizeof(SCSIRequest), 428 .send_command = scsi_unit_attention 429 }; 430 431 /* SCSIReqOps implementation for REPORT LUNS and for commands sent to 432 an invalid LUN. */ 433 434 typedef struct SCSITargetReq SCSITargetReq; 435 436 struct SCSITargetReq { 437 SCSIRequest req; 438 int len; 439 uint8_t *buf; 440 int buf_len; 441 }; 442 443 static void store_lun(uint8_t *outbuf, int lun) 444 { 445 if (lun < 256) { 446 /* Simple logical unit addressing method*/ 447 outbuf[0] = 0; 448 outbuf[1] = lun; 449 } else { 450 /* Flat space addressing method */ 451 outbuf[0] = 0x40 | (lun >> 8); 452 outbuf[1] = (lun & 255); 453 } 454 } 455 456 static bool scsi_target_emulate_report_luns(SCSITargetReq *r) 457 { 458 BusChild *kid; 459 int channel, id; 460 uint8_t tmp[8] = {0}; 461 int len = 0; 462 GByteArray *buf; 463 464 if (r->req.cmd.xfer < 16) { 465 return false; 466 } 467 if (r->req.cmd.buf[2] > 2) { 468 return false; 469 } 470 471 /* reserve space for 63 LUNs*/ 472 buf = g_byte_array_sized_new(512); 473 474 channel = r->req.dev->channel; 475 id = r->req.dev->id; 476 477 /* add size (will be updated later to correct value */ 478 g_byte_array_append(buf, tmp, 8); 479 len += 8; 480 481 /* add LUN0 */ 482 g_byte_array_append(buf, tmp, 8); 483 len += 8; 484 485 WITH_RCU_READ_LOCK_GUARD() { 486 QTAILQ_FOREACH_RCU(kid, &r->req.bus->qbus.children, sibling) { 487 DeviceState *qdev = kid->child; 488 SCSIDevice *dev = SCSI_DEVICE(qdev); 489 490 if (dev->channel == channel && dev->id == id && dev->lun != 0) { 491 store_lun(tmp, dev->lun); 492 g_byte_array_append(buf, tmp, 8); 493 len += 8; 494 } 495 } 496 } 497 498 r->buf_len = len; 499 r->buf = g_byte_array_free(buf, FALSE); 500 r->len = MIN(len, r->req.cmd.xfer & ~7); 501 502 /* store the LUN list length */ 503 stl_be_p(&r->buf[0], len - 8); 504 return true; 505 } 506 507 static bool scsi_target_emulate_inquiry(SCSITargetReq *r) 508 { 509 assert(r->req.dev->lun != r->req.lun); 510 511 scsi_target_alloc_buf(&r->req, SCSI_INQUIRY_LEN); 512 513 if (r->req.cmd.buf[1] & 0x2) { 514 /* Command support data - optional, not implemented */ 515 return false; 516 } 517 518 if (r->req.cmd.buf[1] & 0x1) { 519 /* Vital product data */ 520 uint8_t page_code = r->req.cmd.buf[2]; 521 r->buf[r->len++] = page_code ; /* this page */ 522 r->buf[r->len++] = 0x00; 523 524 switch (page_code) { 525 case 0x00: /* Supported page codes, mandatory */ 526 { 527 int pages; 528 pages = r->len++; 529 r->buf[r->len++] = 0x00; /* list of supported pages (this page) */ 530 r->buf[pages] = r->len - pages - 1; /* number of pages */ 531 break; 532 } 533 default: 534 return false; 535 } 536 /* done with EVPD */ 537 assert(r->len < r->buf_len); 538 r->len = MIN(r->req.cmd.xfer, r->len); 539 return true; 540 } 541 542 /* Standard INQUIRY data */ 543 if (r->req.cmd.buf[2] != 0) { 544 return false; 545 } 546 547 /* PAGE CODE == 0 */ 548 r->len = MIN(r->req.cmd.xfer, SCSI_INQUIRY_LEN); 549 memset(r->buf, 0, r->len); 550 if (r->req.lun != 0) { 551 r->buf[0] = TYPE_NO_LUN; 552 } else { 553 r->buf[0] = TYPE_NOT_PRESENT | TYPE_INACTIVE; 554 r->buf[2] = 5; /* Version */ 555 r->buf[3] = 2 | 0x10; /* HiSup, response data format */ 556 r->buf[4] = r->len - 5; /* Additional Length = (Len - 1) - 4 */ 557 r->buf[7] = 0x10 | (r->req.bus->info->tcq ? 0x02 : 0); /* Sync, TCQ. */ 558 memcpy(&r->buf[8], "QEMU ", 8); 559 memcpy(&r->buf[16], "QEMU TARGET ", 16); 560 pstrcpy((char *) &r->buf[32], 4, qemu_hw_version()); 561 } 562 return true; 563 } 564 565 static size_t scsi_sense_len(SCSIRequest *req) 566 { 567 if (req->dev->type == TYPE_SCANNER) 568 return SCSI_SENSE_LEN_SCANNER; 569 else 570 return SCSI_SENSE_LEN; 571 } 572 573 static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf) 574 { 575 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 576 int fixed_sense = (req->cmd.buf[1] & 1) == 0; 577 578 if (req->lun != 0 && 579 buf[0] != INQUIRY && buf[0] != REQUEST_SENSE) { 580 scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED)); 581 scsi_req_complete(req, CHECK_CONDITION); 582 return 0; 583 } 584 switch (buf[0]) { 585 case REPORT_LUNS: 586 if (!scsi_target_emulate_report_luns(r)) { 587 goto illegal_request; 588 } 589 break; 590 case INQUIRY: 591 if (!scsi_target_emulate_inquiry(r)) { 592 goto illegal_request; 593 } 594 break; 595 case REQUEST_SENSE: 596 scsi_target_alloc_buf(&r->req, scsi_sense_len(req)); 597 if (req->lun != 0) { 598 const struct SCSISense sense = SENSE_CODE(LUN_NOT_SUPPORTED); 599 600 r->len = scsi_build_sense_buf(r->buf, req->cmd.xfer, 601 sense, fixed_sense); 602 } else { 603 r->len = scsi_device_get_sense(r->req.dev, r->buf, 604 MIN(req->cmd.xfer, r->buf_len), 605 fixed_sense); 606 } 607 if (r->req.dev->sense_is_ua) { 608 scsi_device_unit_attention_reported(req->dev); 609 r->req.dev->sense_len = 0; 610 r->req.dev->sense_is_ua = false; 611 } 612 break; 613 case TEST_UNIT_READY: 614 break; 615 default: 616 scsi_req_build_sense(req, SENSE_CODE(INVALID_OPCODE)); 617 scsi_req_complete(req, CHECK_CONDITION); 618 return 0; 619 illegal_request: 620 scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD)); 621 scsi_req_complete(req, CHECK_CONDITION); 622 return 0; 623 } 624 625 if (!r->len) { 626 scsi_req_complete(req, GOOD); 627 } 628 return r->len; 629 } 630 631 static void scsi_target_read_data(SCSIRequest *req) 632 { 633 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 634 uint32_t n; 635 636 n = r->len; 637 if (n > 0) { 638 r->len = 0; 639 scsi_req_data(&r->req, n); 640 } else { 641 scsi_req_complete(&r->req, GOOD); 642 } 643 } 644 645 static uint8_t *scsi_target_get_buf(SCSIRequest *req) 646 { 647 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 648 649 return r->buf; 650 } 651 652 static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len) 653 { 654 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 655 656 r->buf = g_malloc(len); 657 r->buf_len = len; 658 659 return r->buf; 660 } 661 662 static void scsi_target_free_buf(SCSIRequest *req) 663 { 664 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req); 665 666 g_free(r->buf); 667 } 668 669 static const struct SCSIReqOps reqops_target_command = { 670 .size = sizeof(SCSITargetReq), 671 .send_command = scsi_target_send_command, 672 .read_data = scsi_target_read_data, 673 .get_buf = scsi_target_get_buf, 674 .free_req = scsi_target_free_buf, 675 }; 676 677 678 SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, SCSIDevice *d, 679 uint32_t tag, uint32_t lun, void *hba_private) 680 { 681 SCSIRequest *req; 682 SCSIBus *bus = scsi_bus_from_device(d); 683 BusState *qbus = BUS(bus); 684 const int memset_off = offsetof(SCSIRequest, sense) 685 + sizeof(req->sense); 686 687 req = g_malloc(reqops->size); 688 memset((uint8_t *)req + memset_off, 0, reqops->size - memset_off); 689 req->refcount = 1; 690 req->bus = bus; 691 req->dev = d; 692 req->tag = tag; 693 req->lun = lun; 694 req->hba_private = hba_private; 695 req->status = -1; 696 req->host_status = -1; 697 req->ops = reqops; 698 object_ref(OBJECT(d)); 699 object_ref(OBJECT(qbus->parent)); 700 notifier_list_init(&req->cancel_notifiers); 701 trace_scsi_req_alloc(req->dev->id, req->lun, req->tag); 702 return req; 703 } 704 705 SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun, 706 uint8_t *buf, size_t buf_len, void *hba_private) 707 { 708 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, d->qdev.parent_bus); 709 const SCSIReqOps *ops; 710 SCSIDeviceClass *sc = SCSI_DEVICE_GET_CLASS(d); 711 SCSIRequest *req; 712 SCSICommand cmd = { .len = 0 }; 713 int ret; 714 715 if (buf_len == 0) { 716 trace_scsi_req_parse_bad(d->id, lun, tag, 0); 717 goto invalid_opcode; 718 } 719 720 if ((d->unit_attention.key == UNIT_ATTENTION || 721 bus->unit_attention.key == UNIT_ATTENTION) && 722 (buf[0] != INQUIRY && 723 buf[0] != REPORT_LUNS && 724 buf[0] != GET_CONFIGURATION && 725 buf[0] != GET_EVENT_STATUS_NOTIFICATION && 726 727 /* 728 * If we already have a pending unit attention condition, 729 * report this one before triggering another one. 730 */ 731 !(buf[0] == REQUEST_SENSE && d->sense_is_ua))) { 732 ops = &reqops_unit_attention; 733 } else if (lun != d->lun || 734 buf[0] == REPORT_LUNS || 735 (buf[0] == REQUEST_SENSE && d->sense_len)) { 736 ops = &reqops_target_command; 737 } else { 738 ops = NULL; 739 } 740 741 if (ops != NULL || !sc->parse_cdb) { 742 ret = scsi_req_parse_cdb(d, &cmd, buf, buf_len); 743 } else { 744 ret = sc->parse_cdb(d, &cmd, buf, buf_len, hba_private); 745 } 746 747 if (ret != 0) { 748 trace_scsi_req_parse_bad(d->id, lun, tag, buf[0]); 749 invalid_opcode: 750 req = scsi_req_alloc(&reqops_invalid_opcode, d, tag, lun, hba_private); 751 } else { 752 assert(cmd.len != 0); 753 trace_scsi_req_parsed(d->id, lun, tag, buf[0], 754 cmd.mode, cmd.xfer); 755 if (cmd.lba != -1) { 756 trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0], 757 cmd.lba); 758 } 759 760 if (cmd.xfer > INT32_MAX) { 761 req = scsi_req_alloc(&reqops_invalid_field, d, tag, lun, hba_private); 762 } else if (ops) { 763 req = scsi_req_alloc(ops, d, tag, lun, hba_private); 764 } else { 765 req = scsi_device_alloc_req(d, tag, lun, buf, hba_private); 766 } 767 } 768 769 req->cmd = cmd; 770 req->residual = req->cmd.xfer; 771 772 switch (buf[0]) { 773 case INQUIRY: 774 trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]); 775 break; 776 case TEST_UNIT_READY: 777 trace_scsi_test_unit_ready(d->id, lun, tag); 778 break; 779 case REPORT_LUNS: 780 trace_scsi_report_luns(d->id, lun, tag); 781 break; 782 case REQUEST_SENSE: 783 trace_scsi_request_sense(d->id, lun, tag); 784 break; 785 default: 786 break; 787 } 788 789 return req; 790 } 791 792 uint8_t *scsi_req_get_buf(SCSIRequest *req) 793 { 794 return req->ops->get_buf(req); 795 } 796 797 static void scsi_clear_unit_attention(SCSIRequest *req) 798 { 799 SCSISense *ua; 800 if (req->dev->unit_attention.key != UNIT_ATTENTION && 801 req->bus->unit_attention.key != UNIT_ATTENTION) { 802 return; 803 } 804 805 /* 806 * If an INQUIRY command enters the enabled command state, 807 * the device server shall [not] clear any unit attention condition; 808 * See also MMC-6, paragraphs 6.5 and 6.6.2. 809 */ 810 if (req->cmd.buf[0] == INQUIRY || 811 req->cmd.buf[0] == GET_CONFIGURATION || 812 req->cmd.buf[0] == GET_EVENT_STATUS_NOTIFICATION) { 813 return; 814 } 815 816 if (req->dev->unit_attention.key == UNIT_ATTENTION) { 817 ua = &req->dev->unit_attention; 818 } else { 819 ua = &req->bus->unit_attention; 820 } 821 822 /* 823 * If a REPORT LUNS command enters the enabled command state, [...] 824 * the device server shall clear any pending unit attention condition 825 * with an additional sense code of REPORTED LUNS DATA HAS CHANGED. 826 */ 827 if (req->cmd.buf[0] == REPORT_LUNS && 828 !(ua->asc == SENSE_CODE(REPORTED_LUNS_CHANGED).asc && 829 ua->ascq == SENSE_CODE(REPORTED_LUNS_CHANGED).ascq)) { 830 return; 831 } 832 833 *ua = SENSE_CODE(NO_SENSE); 834 } 835 836 int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len) 837 { 838 int ret; 839 840 assert(len >= 14); 841 if (!req->sense_len) { 842 return 0; 843 } 844 845 ret = scsi_convert_sense(req->sense, req->sense_len, buf, len, true); 846 847 /* 848 * FIXME: clearing unit attention conditions upon autosense should be done 849 * only if the UA_INTLCK_CTRL field in the Control mode page is set to 00b 850 * (SAM-5, 5.14). 851 * 852 * We assume UA_INTLCK_CTRL to be 00b for HBAs that support autosense, and 853 * 10b for HBAs that do not support it (do not call scsi_req_get_sense). 854 * Here we handle unit attention clearing for UA_INTLCK_CTRL == 00b. 855 */ 856 if (req->dev->sense_is_ua) { 857 scsi_device_unit_attention_reported(req->dev); 858 req->dev->sense_len = 0; 859 req->dev->sense_is_ua = false; 860 } 861 return ret; 862 } 863 864 int scsi_device_get_sense(SCSIDevice *dev, uint8_t *buf, int len, bool fixed) 865 { 866 return scsi_convert_sense(dev->sense, dev->sense_len, buf, len, fixed); 867 } 868 869 void scsi_req_build_sense(SCSIRequest *req, SCSISense sense) 870 { 871 trace_scsi_req_build_sense(req->dev->id, req->lun, req->tag, 872 sense.key, sense.asc, sense.ascq); 873 req->sense_len = scsi_build_sense(req->sense, sense); 874 } 875 876 static void scsi_req_enqueue_internal(SCSIRequest *req) 877 { 878 assert(!req->enqueued); 879 scsi_req_ref(req); 880 if (req->bus->info->get_sg_list) { 881 req->sg = req->bus->info->get_sg_list(req); 882 } else { 883 req->sg = NULL; 884 } 885 req->enqueued = true; 886 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next); 887 } 888 889 int32_t scsi_req_enqueue(SCSIRequest *req) 890 { 891 int32_t rc; 892 893 assert(!req->retry); 894 scsi_req_enqueue_internal(req); 895 scsi_req_ref(req); 896 rc = req->ops->send_command(req, req->cmd.buf); 897 scsi_req_unref(req); 898 return rc; 899 } 900 901 static void scsi_req_dequeue(SCSIRequest *req) 902 { 903 trace_scsi_req_dequeue(req->dev->id, req->lun, req->tag); 904 req->retry = false; 905 if (req->enqueued) { 906 QTAILQ_REMOVE(&req->dev->requests, req, next); 907 req->enqueued = false; 908 scsi_req_unref(req); 909 } 910 } 911 912 static int scsi_get_performance_length(int num_desc, int type, int data_type) 913 { 914 /* MMC-6, paragraph 6.7. */ 915 switch (type) { 916 case 0: 917 if ((data_type & 3) == 0) { 918 /* Each descriptor is as in Table 295 - Nominal performance. */ 919 return 16 * num_desc + 8; 920 } else { 921 /* Each descriptor is as in Table 296 - Exceptions. */ 922 return 6 * num_desc + 8; 923 } 924 case 1: 925 case 4: 926 case 5: 927 return 8 * num_desc + 8; 928 case 2: 929 return 2048 * num_desc + 8; 930 case 3: 931 return 16 * num_desc + 8; 932 default: 933 return 8; 934 } 935 } 936 937 static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf) 938 { 939 int byte_block = (buf[2] >> 2) & 0x1; 940 int type = (buf[2] >> 4) & 0x1; 941 int xfer_unit; 942 943 if (byte_block) { 944 if (type) { 945 xfer_unit = dev->blocksize; 946 } else { 947 xfer_unit = 512; 948 } 949 } else { 950 xfer_unit = 1; 951 } 952 953 return xfer_unit; 954 } 955 956 static int ata_passthrough_12_xfer(SCSIDevice *dev, uint8_t *buf) 957 { 958 int length = buf[2] & 0x3; 959 int xfer; 960 int unit = ata_passthrough_xfer_unit(dev, buf); 961 962 switch (length) { 963 case 0: 964 case 3: /* USB-specific. */ 965 default: 966 xfer = 0; 967 break; 968 case 1: 969 xfer = buf[3]; 970 break; 971 case 2: 972 xfer = buf[4]; 973 break; 974 } 975 976 return xfer * unit; 977 } 978 979 static int ata_passthrough_16_xfer(SCSIDevice *dev, uint8_t *buf) 980 { 981 int extend = buf[1] & 0x1; 982 int length = buf[2] & 0x3; 983 int xfer; 984 int unit = ata_passthrough_xfer_unit(dev, buf); 985 986 switch (length) { 987 case 0: 988 case 3: /* USB-specific. */ 989 default: 990 xfer = 0; 991 break; 992 case 1: 993 xfer = buf[4]; 994 xfer |= (extend ? buf[3] << 8 : 0); 995 break; 996 case 2: 997 xfer = buf[6]; 998 xfer |= (extend ? buf[5] << 8 : 0); 999 break; 1000 } 1001 1002 return xfer * unit; 1003 } 1004 1005 static int scsi_req_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1006 { 1007 cmd->xfer = scsi_cdb_xfer(buf); 1008 switch (buf[0]) { 1009 case TEST_UNIT_READY: 1010 case REWIND: 1011 case START_STOP: 1012 case SET_CAPACITY: 1013 case WRITE_FILEMARKS: 1014 case WRITE_FILEMARKS_16: 1015 case SPACE: 1016 case RESERVE: 1017 case RELEASE: 1018 case ERASE: 1019 case ALLOW_MEDIUM_REMOVAL: 1020 case SEEK_10: 1021 case SYNCHRONIZE_CACHE: 1022 case SYNCHRONIZE_CACHE_16: 1023 case LOCATE_16: 1024 case LOCK_UNLOCK_CACHE: 1025 case SET_CD_SPEED: 1026 case SET_LIMITS: 1027 case WRITE_LONG_10: 1028 case UPDATE_BLOCK: 1029 case RESERVE_TRACK: 1030 case SET_READ_AHEAD: 1031 case PRE_FETCH: 1032 case PRE_FETCH_16: 1033 case ALLOW_OVERWRITE: 1034 cmd->xfer = 0; 1035 break; 1036 case VERIFY_10: 1037 case VERIFY_12: 1038 case VERIFY_16: 1039 if ((buf[1] & 2) == 0) { 1040 cmd->xfer = 0; 1041 } else if ((buf[1] & 4) != 0) { 1042 cmd->xfer = 1; 1043 } 1044 cmd->xfer *= dev->blocksize; 1045 break; 1046 case MODE_SENSE: 1047 break; 1048 case WRITE_SAME_10: 1049 case WRITE_SAME_16: 1050 cmd->xfer = buf[1] & 1 ? 0 : dev->blocksize; 1051 break; 1052 case READ_CAPACITY_10: 1053 cmd->xfer = 8; 1054 break; 1055 case READ_BLOCK_LIMITS: 1056 cmd->xfer = 6; 1057 break; 1058 case SEND_VOLUME_TAG: 1059 /* GPCMD_SET_STREAMING from multimedia commands. */ 1060 if (dev->type == TYPE_ROM) { 1061 cmd->xfer = buf[10] | (buf[9] << 8); 1062 } else { 1063 cmd->xfer = buf[9] | (buf[8] << 8); 1064 } 1065 break; 1066 case WRITE_6: 1067 /* length 0 means 256 blocks */ 1068 if (cmd->xfer == 0) { 1069 cmd->xfer = 256; 1070 } 1071 /* fall through */ 1072 case WRITE_10: 1073 case WRITE_VERIFY_10: 1074 case WRITE_12: 1075 case WRITE_VERIFY_12: 1076 case WRITE_16: 1077 case WRITE_VERIFY_16: 1078 cmd->xfer *= dev->blocksize; 1079 break; 1080 case READ_6: 1081 case READ_REVERSE: 1082 /* length 0 means 256 blocks */ 1083 if (cmd->xfer == 0) { 1084 cmd->xfer = 256; 1085 } 1086 /* fall through */ 1087 case READ_10: 1088 case READ_12: 1089 case READ_16: 1090 cmd->xfer *= dev->blocksize; 1091 break; 1092 case FORMAT_UNIT: 1093 /* MMC mandates the parameter list to be 12-bytes long. Parameters 1094 * for block devices are restricted to the header right now. */ 1095 if (dev->type == TYPE_ROM && (buf[1] & 16)) { 1096 cmd->xfer = 12; 1097 } else { 1098 cmd->xfer = (buf[1] & 16) == 0 ? 0 : (buf[1] & 32 ? 8 : 4); 1099 } 1100 break; 1101 case INQUIRY: 1102 case RECEIVE_DIAGNOSTIC: 1103 case SEND_DIAGNOSTIC: 1104 cmd->xfer = buf[4] | (buf[3] << 8); 1105 break; 1106 case READ_CD: 1107 case READ_BUFFER: 1108 case WRITE_BUFFER: 1109 case SEND_CUE_SHEET: 1110 cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16); 1111 break; 1112 case PERSISTENT_RESERVE_OUT: 1113 cmd->xfer = ldl_be_p(&buf[5]) & 0xffffffffULL; 1114 break; 1115 case ERASE_12: 1116 if (dev->type == TYPE_ROM) { 1117 /* MMC command GET PERFORMANCE. */ 1118 cmd->xfer = scsi_get_performance_length(buf[9] | (buf[8] << 8), 1119 buf[10], buf[1] & 0x1f); 1120 } 1121 break; 1122 case MECHANISM_STATUS: 1123 case READ_DVD_STRUCTURE: 1124 case SEND_DVD_STRUCTURE: 1125 case MAINTENANCE_OUT: 1126 case MAINTENANCE_IN: 1127 if (dev->type == TYPE_ROM) { 1128 /* GPCMD_REPORT_KEY and GPCMD_SEND_KEY from multi media commands */ 1129 cmd->xfer = buf[9] | (buf[8] << 8); 1130 } 1131 break; 1132 case ATA_PASSTHROUGH_12: 1133 if (dev->type == TYPE_ROM) { 1134 /* BLANK command of MMC */ 1135 cmd->xfer = 0; 1136 } else { 1137 cmd->xfer = ata_passthrough_12_xfer(dev, buf); 1138 } 1139 break; 1140 case ATA_PASSTHROUGH_16: 1141 cmd->xfer = ata_passthrough_16_xfer(dev, buf); 1142 break; 1143 } 1144 return 0; 1145 } 1146 1147 static int scsi_req_stream_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1148 { 1149 switch (buf[0]) { 1150 /* stream commands */ 1151 case ERASE_12: 1152 case ERASE_16: 1153 cmd->xfer = 0; 1154 break; 1155 case READ_6: 1156 case READ_REVERSE: 1157 case RECOVER_BUFFERED_DATA: 1158 case WRITE_6: 1159 cmd->xfer = buf[4] | (buf[3] << 8) | (buf[2] << 16); 1160 if (buf[1] & 0x01) { /* fixed */ 1161 cmd->xfer *= dev->blocksize; 1162 } 1163 break; 1164 case READ_16: 1165 case READ_REVERSE_16: 1166 case VERIFY_16: 1167 case WRITE_16: 1168 cmd->xfer = buf[14] | (buf[13] << 8) | (buf[12] << 16); 1169 if (buf[1] & 0x01) { /* fixed */ 1170 cmd->xfer *= dev->blocksize; 1171 } 1172 break; 1173 case REWIND: 1174 case LOAD_UNLOAD: 1175 cmd->xfer = 0; 1176 break; 1177 case SPACE_16: 1178 cmd->xfer = buf[13] | (buf[12] << 8); 1179 break; 1180 case READ_POSITION: 1181 switch (buf[1] & 0x1f) /* operation code */ { 1182 case SHORT_FORM_BLOCK_ID: 1183 case SHORT_FORM_VENDOR_SPECIFIC: 1184 cmd->xfer = 20; 1185 break; 1186 case LONG_FORM: 1187 cmd->xfer = 32; 1188 break; 1189 case EXTENDED_FORM: 1190 cmd->xfer = buf[8] | (buf[7] << 8); 1191 break; 1192 default: 1193 return -1; 1194 } 1195 1196 break; 1197 case FORMAT_UNIT: 1198 cmd->xfer = buf[4] | (buf[3] << 8); 1199 break; 1200 /* generic commands */ 1201 default: 1202 return scsi_req_xfer(cmd, dev, buf); 1203 } 1204 return 0; 1205 } 1206 1207 static int scsi_req_medium_changer_xfer(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1208 { 1209 switch (buf[0]) { 1210 /* medium changer commands */ 1211 case EXCHANGE_MEDIUM: 1212 case INITIALIZE_ELEMENT_STATUS: 1213 case INITIALIZE_ELEMENT_STATUS_WITH_RANGE: 1214 case MOVE_MEDIUM: 1215 case POSITION_TO_ELEMENT: 1216 cmd->xfer = 0; 1217 break; 1218 case READ_ELEMENT_STATUS: 1219 cmd->xfer = buf[9] | (buf[8] << 8) | (buf[7] << 16); 1220 break; 1221 1222 /* generic commands */ 1223 default: 1224 return scsi_req_xfer(cmd, dev, buf); 1225 } 1226 return 0; 1227 } 1228 1229 static int scsi_req_scanner_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) 1230 { 1231 switch (buf[0]) { 1232 /* Scanner commands */ 1233 case OBJECT_POSITION: 1234 cmd->xfer = 0; 1235 break; 1236 case SCAN: 1237 cmd->xfer = buf[4]; 1238 break; 1239 case READ_10: 1240 case SEND: 1241 case GET_WINDOW: 1242 case SET_WINDOW: 1243 cmd->xfer = buf[8] | (buf[7] << 8) | (buf[6] << 16); 1244 break; 1245 default: 1246 /* GET_DATA_BUFFER_STATUS xfer handled by scsi_req_xfer */ 1247 return scsi_req_xfer(cmd, dev, buf); 1248 } 1249 1250 return 0; 1251 } 1252 1253 static void scsi_cmd_xfer_mode(SCSICommand *cmd) 1254 { 1255 if (!cmd->xfer) { 1256 cmd->mode = SCSI_XFER_NONE; 1257 return; 1258 } 1259 switch (cmd->buf[0]) { 1260 case WRITE_6: 1261 case WRITE_10: 1262 case WRITE_VERIFY_10: 1263 case WRITE_12: 1264 case WRITE_VERIFY_12: 1265 case WRITE_16: 1266 case WRITE_VERIFY_16: 1267 case VERIFY_10: 1268 case VERIFY_12: 1269 case VERIFY_16: 1270 case COPY: 1271 case COPY_VERIFY: 1272 case COMPARE: 1273 case CHANGE_DEFINITION: 1274 case LOG_SELECT: 1275 case MODE_SELECT: 1276 case MODE_SELECT_10: 1277 case SEND_DIAGNOSTIC: 1278 case WRITE_BUFFER: 1279 case FORMAT_UNIT: 1280 case REASSIGN_BLOCKS: 1281 case SEARCH_EQUAL: 1282 case SEARCH_HIGH: 1283 case SEARCH_LOW: 1284 case UPDATE_BLOCK: 1285 case WRITE_LONG_10: 1286 case WRITE_SAME_10: 1287 case WRITE_SAME_16: 1288 case UNMAP: 1289 case SEARCH_HIGH_12: 1290 case SEARCH_EQUAL_12: 1291 case SEARCH_LOW_12: 1292 case MEDIUM_SCAN: 1293 case SEND_VOLUME_TAG: 1294 case SEND_CUE_SHEET: 1295 case SEND_DVD_STRUCTURE: 1296 case PERSISTENT_RESERVE_OUT: 1297 case MAINTENANCE_OUT: 1298 case SET_WINDOW: 1299 case SCAN: 1300 /* SCAN conflicts with START_STOP. START_STOP has cmd->xfer set to 0 for 1301 * non-scanner devices, so we only get here for SCAN and not for START_STOP. 1302 */ 1303 cmd->mode = SCSI_XFER_TO_DEV; 1304 break; 1305 case ATA_PASSTHROUGH_12: 1306 case ATA_PASSTHROUGH_16: 1307 /* T_DIR */ 1308 cmd->mode = (cmd->buf[2] & 0x8) ? 1309 SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV; 1310 break; 1311 default: 1312 cmd->mode = SCSI_XFER_FROM_DEV; 1313 break; 1314 } 1315 } 1316 1317 int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf, 1318 size_t buf_len) 1319 { 1320 int rc; 1321 int len; 1322 1323 cmd->lba = -1; 1324 len = scsi_cdb_length(buf); 1325 if (len < 0 || len > buf_len) { 1326 return -1; 1327 } 1328 1329 cmd->len = len; 1330 switch (dev->type) { 1331 case TYPE_TAPE: 1332 rc = scsi_req_stream_xfer(cmd, dev, buf); 1333 break; 1334 case TYPE_MEDIUM_CHANGER: 1335 rc = scsi_req_medium_changer_xfer(cmd, dev, buf); 1336 break; 1337 case TYPE_SCANNER: 1338 rc = scsi_req_scanner_length(cmd, dev, buf); 1339 break; 1340 default: 1341 rc = scsi_req_xfer(cmd, dev, buf); 1342 break; 1343 } 1344 1345 if (rc != 0) 1346 return rc; 1347 1348 memcpy(cmd->buf, buf, cmd->len); 1349 scsi_cmd_xfer_mode(cmd); 1350 cmd->lba = scsi_cmd_lba(cmd); 1351 return 0; 1352 } 1353 1354 void scsi_device_report_change(SCSIDevice *dev, SCSISense sense) 1355 { 1356 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus); 1357 1358 scsi_device_set_ua(dev, sense); 1359 if (bus->info->change) { 1360 bus->info->change(bus, dev, sense); 1361 } 1362 } 1363 1364 SCSIRequest *scsi_req_ref(SCSIRequest *req) 1365 { 1366 assert(req->refcount > 0); 1367 req->refcount++; 1368 return req; 1369 } 1370 1371 void scsi_req_unref(SCSIRequest *req) 1372 { 1373 assert(req->refcount > 0); 1374 if (--req->refcount == 0) { 1375 BusState *qbus = req->dev->qdev.parent_bus; 1376 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, qbus); 1377 1378 if (bus->info->free_request && req->hba_private) { 1379 bus->info->free_request(bus, req->hba_private); 1380 } 1381 if (req->ops->free_req) { 1382 req->ops->free_req(req); 1383 } 1384 object_unref(OBJECT(req->dev)); 1385 object_unref(OBJECT(qbus->parent)); 1386 g_free(req); 1387 } 1388 } 1389 1390 /* Tell the device that we finished processing this chunk of I/O. It 1391 will start the next chunk or complete the command. */ 1392 void scsi_req_continue(SCSIRequest *req) 1393 { 1394 if (req->io_canceled) { 1395 trace_scsi_req_continue_canceled(req->dev->id, req->lun, req->tag); 1396 return; 1397 } 1398 trace_scsi_req_continue(req->dev->id, req->lun, req->tag); 1399 if (req->cmd.mode == SCSI_XFER_TO_DEV) { 1400 req->ops->write_data(req); 1401 } else { 1402 req->ops->read_data(req); 1403 } 1404 } 1405 1406 /* Called by the devices when data is ready for the HBA. The HBA should 1407 start a DMA operation to read or fill the device's data buffer. 1408 Once it completes, calling scsi_req_continue will restart I/O. */ 1409 void scsi_req_data(SCSIRequest *req, int len) 1410 { 1411 uint8_t *buf; 1412 if (req->io_canceled) { 1413 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len); 1414 return; 1415 } 1416 trace_scsi_req_data(req->dev->id, req->lun, req->tag, len); 1417 assert(req->cmd.mode != SCSI_XFER_NONE); 1418 if (!req->sg) { 1419 req->residual -= len; 1420 req->bus->info->transfer_data(req, len); 1421 return; 1422 } 1423 1424 /* If the device calls scsi_req_data and the HBA specified a 1425 * scatter/gather list, the transfer has to happen in a single 1426 * step. */ 1427 assert(!req->dma_started); 1428 req->dma_started = true; 1429 1430 buf = scsi_req_get_buf(req); 1431 if (req->cmd.mode == SCSI_XFER_FROM_DEV) { 1432 dma_buf_read(buf, len, &req->residual, req->sg, 1433 MEMTXATTRS_UNSPECIFIED); 1434 } else { 1435 dma_buf_write(buf, len, &req->residual, req->sg, 1436 MEMTXATTRS_UNSPECIFIED); 1437 } 1438 scsi_req_continue(req); 1439 } 1440 1441 void scsi_req_print(SCSIRequest *req) 1442 { 1443 FILE *fp = stderr; 1444 int i; 1445 1446 fprintf(fp, "[%s id=%d] %s", 1447 req->dev->qdev.parent_bus->name, 1448 req->dev->id, 1449 scsi_command_name(req->cmd.buf[0])); 1450 for (i = 1; i < req->cmd.len; i++) { 1451 fprintf(fp, " 0x%02x", req->cmd.buf[i]); 1452 } 1453 switch (req->cmd.mode) { 1454 case SCSI_XFER_NONE: 1455 fprintf(fp, " - none\n"); 1456 break; 1457 case SCSI_XFER_FROM_DEV: 1458 fprintf(fp, " - from-dev len=%zd\n", req->cmd.xfer); 1459 break; 1460 case SCSI_XFER_TO_DEV: 1461 fprintf(fp, " - to-dev len=%zd\n", req->cmd.xfer); 1462 break; 1463 default: 1464 fprintf(fp, " - Oops\n"); 1465 break; 1466 } 1467 } 1468 1469 void scsi_req_complete_failed(SCSIRequest *req, int host_status) 1470 { 1471 SCSISense sense; 1472 int status; 1473 1474 assert(req->status == -1 && req->host_status == -1); 1475 assert(req->ops != &reqops_unit_attention); 1476 1477 if (!req->bus->info->fail) { 1478 status = scsi_sense_from_host_status(req->host_status, &sense); 1479 if (status == CHECK_CONDITION) { 1480 scsi_req_build_sense(req, sense); 1481 } 1482 scsi_req_complete(req, status); 1483 return; 1484 } 1485 1486 req->host_status = host_status; 1487 scsi_req_ref(req); 1488 scsi_req_dequeue(req); 1489 req->bus->info->fail(req); 1490 1491 /* Cancelled requests might end up being completed instead of cancelled */ 1492 notifier_list_notify(&req->cancel_notifiers, req); 1493 scsi_req_unref(req); 1494 } 1495 1496 void scsi_req_complete(SCSIRequest *req, int status) 1497 { 1498 assert(req->status == -1 && req->host_status == -1); 1499 req->status = status; 1500 req->host_status = SCSI_HOST_OK; 1501 1502 assert(req->sense_len <= sizeof(req->sense)); 1503 if (status == GOOD) { 1504 req->sense_len = 0; 1505 } 1506 1507 if (req->sense_len) { 1508 memcpy(req->dev->sense, req->sense, req->sense_len); 1509 req->dev->sense_len = req->sense_len; 1510 req->dev->sense_is_ua = (req->ops == &reqops_unit_attention); 1511 } else { 1512 req->dev->sense_len = 0; 1513 req->dev->sense_is_ua = false; 1514 } 1515 1516 /* 1517 * Unit attention state is now stored in the device's sense buffer 1518 * if the HBA didn't do autosense. Clear the pending unit attention 1519 * flags. 1520 */ 1521 scsi_clear_unit_attention(req); 1522 1523 scsi_req_ref(req); 1524 scsi_req_dequeue(req); 1525 req->bus->info->complete(req, req->residual); 1526 1527 /* Cancelled requests might end up being completed instead of cancelled */ 1528 notifier_list_notify(&req->cancel_notifiers, req); 1529 scsi_req_unref(req); 1530 } 1531 1532 /* Called by the devices when the request is canceled. */ 1533 void scsi_req_cancel_complete(SCSIRequest *req) 1534 { 1535 assert(req->io_canceled); 1536 if (req->bus->info->cancel) { 1537 req->bus->info->cancel(req); 1538 } 1539 notifier_list_notify(&req->cancel_notifiers, req); 1540 scsi_req_unref(req); 1541 } 1542 1543 /* Cancel @req asynchronously. @notifier is added to @req's cancellation 1544 * notifier list, the bus will be notified the requests cancellation is 1545 * completed. 1546 * */ 1547 void scsi_req_cancel_async(SCSIRequest *req, Notifier *notifier) 1548 { 1549 trace_scsi_req_cancel(req->dev->id, req->lun, req->tag); 1550 if (notifier) { 1551 notifier_list_add(&req->cancel_notifiers, notifier); 1552 } 1553 if (req->io_canceled) { 1554 /* A blk_aio_cancel_async is pending; when it finishes, 1555 * scsi_req_cancel_complete will be called and will 1556 * call the notifier we just added. Just wait for that. 1557 */ 1558 assert(req->aiocb); 1559 return; 1560 } 1561 /* Dropped in scsi_req_cancel_complete. */ 1562 scsi_req_ref(req); 1563 scsi_req_dequeue(req); 1564 req->io_canceled = true; 1565 if (req->aiocb) { 1566 blk_aio_cancel_async(req->aiocb); 1567 } else { 1568 scsi_req_cancel_complete(req); 1569 } 1570 } 1571 1572 void scsi_req_cancel(SCSIRequest *req) 1573 { 1574 trace_scsi_req_cancel(req->dev->id, req->lun, req->tag); 1575 if (!req->enqueued) { 1576 return; 1577 } 1578 assert(!req->io_canceled); 1579 /* Dropped in scsi_req_cancel_complete. */ 1580 scsi_req_ref(req); 1581 scsi_req_dequeue(req); 1582 req->io_canceled = true; 1583 if (req->aiocb) { 1584 blk_aio_cancel(req->aiocb); 1585 } else { 1586 scsi_req_cancel_complete(req); 1587 } 1588 } 1589 1590 static int scsi_ua_precedence(SCSISense sense) 1591 { 1592 if (sense.key != UNIT_ATTENTION) { 1593 return INT_MAX; 1594 } 1595 if (sense.asc == 0x29 && sense.ascq == 0x04) { 1596 /* DEVICE INTERNAL RESET goes with POWER ON OCCURRED */ 1597 return 1; 1598 } else if (sense.asc == 0x3F && sense.ascq == 0x01) { 1599 /* MICROCODE HAS BEEN CHANGED goes with SCSI BUS RESET OCCURRED */ 1600 return 2; 1601 } else if (sense.asc == 0x29 && (sense.ascq == 0x05 || sense.ascq == 0x06)) { 1602 /* These two go with "all others". */ 1603 ; 1604 } else if (sense.asc == 0x29 && sense.ascq <= 0x07) { 1605 /* POWER ON, RESET OR BUS DEVICE RESET OCCURRED = 0 1606 * POWER ON OCCURRED = 1 1607 * SCSI BUS RESET OCCURRED = 2 1608 * BUS DEVICE RESET FUNCTION OCCURRED = 3 1609 * I_T NEXUS LOSS OCCURRED = 7 1610 */ 1611 return sense.ascq; 1612 } else if (sense.asc == 0x2F && sense.ascq == 0x01) { 1613 /* COMMANDS CLEARED BY POWER LOSS NOTIFICATION */ 1614 return 8; 1615 } 1616 return (sense.asc << 8) | sense.ascq; 1617 } 1618 1619 void scsi_bus_set_ua(SCSIBus *bus, SCSISense sense) 1620 { 1621 int prec1, prec2; 1622 if (sense.key != UNIT_ATTENTION) { 1623 return; 1624 } 1625 1626 /* 1627 * Override a pre-existing unit attention condition, except for a more 1628 * important reset condition. 1629 */ 1630 prec1 = scsi_ua_precedence(bus->unit_attention); 1631 prec2 = scsi_ua_precedence(sense); 1632 if (prec2 < prec1) { 1633 bus->unit_attention = sense; 1634 } 1635 } 1636 1637 void scsi_device_set_ua(SCSIDevice *sdev, SCSISense sense) 1638 { 1639 int prec1, prec2; 1640 if (sense.key != UNIT_ATTENTION) { 1641 return; 1642 } 1643 trace_scsi_device_set_ua(sdev->id, sdev->lun, sense.key, 1644 sense.asc, sense.ascq); 1645 1646 /* 1647 * Override a pre-existing unit attention condition, except for a more 1648 * important reset condition. 1649 */ 1650 prec1 = scsi_ua_precedence(sdev->unit_attention); 1651 prec2 = scsi_ua_precedence(sense); 1652 if (prec2 < prec1) { 1653 sdev->unit_attention = sense; 1654 } 1655 } 1656 1657 void scsi_device_purge_requests(SCSIDevice *sdev, SCSISense sense) 1658 { 1659 SCSIRequest *req; 1660 1661 aio_context_acquire(blk_get_aio_context(sdev->conf.blk)); 1662 while (!QTAILQ_EMPTY(&sdev->requests)) { 1663 req = QTAILQ_FIRST(&sdev->requests); 1664 scsi_req_cancel_async(req, NULL); 1665 } 1666 blk_drain(sdev->conf.blk); 1667 aio_context_release(blk_get_aio_context(sdev->conf.blk)); 1668 scsi_device_set_ua(sdev, sense); 1669 } 1670 1671 static char *scsibus_get_dev_path(DeviceState *dev) 1672 { 1673 SCSIDevice *d = SCSI_DEVICE(dev); 1674 DeviceState *hba = dev->parent_bus->parent; 1675 char *id; 1676 char *path; 1677 1678 id = qdev_get_dev_path(hba); 1679 if (id) { 1680 path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun); 1681 } else { 1682 path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun); 1683 } 1684 g_free(id); 1685 return path; 1686 } 1687 1688 static char *scsibus_get_fw_dev_path(DeviceState *dev) 1689 { 1690 SCSIDevice *d = SCSI_DEVICE(dev); 1691 return g_strdup_printf("channel@%x/%s@%x,%x", d->channel, 1692 qdev_fw_name(dev), d->id, d->lun); 1693 } 1694 1695 /* SCSI request list. For simplicity, pv points to the whole device */ 1696 1697 static int put_scsi_requests(QEMUFile *f, void *pv, size_t size, 1698 const VMStateField *field, JSONWriter *vmdesc) 1699 { 1700 SCSIDevice *s = pv; 1701 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); 1702 SCSIRequest *req; 1703 1704 QTAILQ_FOREACH(req, &s->requests, next) { 1705 assert(!req->io_canceled); 1706 assert(req->status == -1 && req->host_status == -1); 1707 assert(req->enqueued); 1708 1709 qemu_put_sbyte(f, req->retry ? 1 : 2); 1710 qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf)); 1711 qemu_put_be32s(f, &req->tag); 1712 qemu_put_be32s(f, &req->lun); 1713 if (bus->info->save_request) { 1714 bus->info->save_request(f, req); 1715 } 1716 if (req->ops->save_request) { 1717 req->ops->save_request(f, req); 1718 } 1719 } 1720 qemu_put_sbyte(f, 0); 1721 1722 return 0; 1723 } 1724 1725 static int get_scsi_requests(QEMUFile *f, void *pv, size_t size, 1726 const VMStateField *field) 1727 { 1728 SCSIDevice *s = pv; 1729 SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); 1730 int8_t sbyte; 1731 1732 while ((sbyte = qemu_get_sbyte(f)) > 0) { 1733 uint8_t buf[SCSI_CMD_BUF_SIZE]; 1734 uint32_t tag; 1735 uint32_t lun; 1736 SCSIRequest *req; 1737 1738 qemu_get_buffer(f, buf, sizeof(buf)); 1739 qemu_get_be32s(f, &tag); 1740 qemu_get_be32s(f, &lun); 1741 /* 1742 * A too-short CDB would have been rejected by scsi_req_new, so just use 1743 * SCSI_CMD_BUF_SIZE as the CDB length. 1744 */ 1745 req = scsi_req_new(s, tag, lun, buf, sizeof(buf), NULL); 1746 req->retry = (sbyte == 1); 1747 if (bus->info->load_request) { 1748 req->hba_private = bus->info->load_request(f, req); 1749 } 1750 if (req->ops->load_request) { 1751 req->ops->load_request(f, req); 1752 } 1753 1754 /* Just restart it later. */ 1755 scsi_req_enqueue_internal(req); 1756 1757 /* At this point, the request will be kept alive by the reference 1758 * added by scsi_req_enqueue_internal, so we can release our reference. 1759 * The HBA of course will add its own reference in the load_request 1760 * callback if it needs to hold on the SCSIRequest. 1761 */ 1762 scsi_req_unref(req); 1763 } 1764 1765 return 0; 1766 } 1767 1768 static const VMStateInfo vmstate_info_scsi_requests = { 1769 .name = "scsi-requests", 1770 .get = get_scsi_requests, 1771 .put = put_scsi_requests, 1772 }; 1773 1774 static bool scsi_sense_state_needed(void *opaque) 1775 { 1776 SCSIDevice *s = opaque; 1777 1778 return s->sense_len > SCSI_SENSE_BUF_SIZE_OLD; 1779 } 1780 1781 static const VMStateDescription vmstate_scsi_sense_state = { 1782 .name = "SCSIDevice/sense", 1783 .version_id = 1, 1784 .minimum_version_id = 1, 1785 .needed = scsi_sense_state_needed, 1786 .fields = (VMStateField[]) { 1787 VMSTATE_UINT8_SUB_ARRAY(sense, SCSIDevice, 1788 SCSI_SENSE_BUF_SIZE_OLD, 1789 SCSI_SENSE_BUF_SIZE - SCSI_SENSE_BUF_SIZE_OLD), 1790 VMSTATE_END_OF_LIST() 1791 } 1792 }; 1793 1794 const VMStateDescription vmstate_scsi_device = { 1795 .name = "SCSIDevice", 1796 .version_id = 1, 1797 .minimum_version_id = 1, 1798 .fields = (VMStateField[]) { 1799 VMSTATE_UINT8(unit_attention.key, SCSIDevice), 1800 VMSTATE_UINT8(unit_attention.asc, SCSIDevice), 1801 VMSTATE_UINT8(unit_attention.ascq, SCSIDevice), 1802 VMSTATE_BOOL(sense_is_ua, SCSIDevice), 1803 VMSTATE_UINT8_SUB_ARRAY(sense, SCSIDevice, 0, SCSI_SENSE_BUF_SIZE_OLD), 1804 VMSTATE_UINT32(sense_len, SCSIDevice), 1805 { 1806 .name = "requests", 1807 .version_id = 0, 1808 .field_exists = NULL, 1809 .size = 0, /* ouch */ 1810 .info = &vmstate_info_scsi_requests, 1811 .flags = VMS_SINGLE, 1812 .offset = 0, 1813 }, 1814 VMSTATE_END_OF_LIST() 1815 }, 1816 .subsections = (const VMStateDescription*[]) { 1817 &vmstate_scsi_sense_state, 1818 NULL 1819 } 1820 }; 1821 1822 static Property scsi_props[] = { 1823 DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0), 1824 DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1), 1825 DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1), 1826 DEFINE_PROP_END_OF_LIST(), 1827 }; 1828 1829 static void scsi_device_class_init(ObjectClass *klass, void *data) 1830 { 1831 DeviceClass *k = DEVICE_CLASS(klass); 1832 set_bit(DEVICE_CATEGORY_STORAGE, k->categories); 1833 k->bus_type = TYPE_SCSI_BUS; 1834 k->realize = scsi_qdev_realize; 1835 k->unrealize = scsi_qdev_unrealize; 1836 device_class_set_props(k, scsi_props); 1837 } 1838 1839 static void scsi_dev_instance_init(Object *obj) 1840 { 1841 DeviceState *dev = DEVICE(obj); 1842 SCSIDevice *s = SCSI_DEVICE(dev); 1843 1844 device_add_bootindex_property(obj, &s->conf.bootindex, 1845 "bootindex", NULL, 1846 &s->qdev); 1847 } 1848 1849 static const TypeInfo scsi_device_type_info = { 1850 .name = TYPE_SCSI_DEVICE, 1851 .parent = TYPE_DEVICE, 1852 .instance_size = sizeof(SCSIDevice), 1853 .abstract = true, 1854 .class_size = sizeof(SCSIDeviceClass), 1855 .class_init = scsi_device_class_init, 1856 .instance_init = scsi_dev_instance_init, 1857 }; 1858 1859 static void scsi_bus_class_init(ObjectClass *klass, void *data) 1860 { 1861 BusClass *k = BUS_CLASS(klass); 1862 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass); 1863 1864 k->get_dev_path = scsibus_get_dev_path; 1865 k->get_fw_dev_path = scsibus_get_fw_dev_path; 1866 k->check_address = scsi_bus_check_address; 1867 hc->unplug = qdev_simple_device_unplug_cb; 1868 } 1869 1870 static const TypeInfo scsi_bus_info = { 1871 .name = TYPE_SCSI_BUS, 1872 .parent = TYPE_BUS, 1873 .instance_size = sizeof(SCSIBus), 1874 .class_init = scsi_bus_class_init, 1875 .interfaces = (InterfaceInfo[]) { 1876 { TYPE_HOTPLUG_HANDLER }, 1877 { } 1878 } 1879 }; 1880 1881 static void scsi_register_types(void) 1882 { 1883 type_register_static(&scsi_bus_info); 1884 type_register_static(&scsi_device_type_info); 1885 } 1886 1887 type_init(scsi_register_types)