mirror of https://gitee.com/openkylin/qemu.git
654 lines
15 KiB
C
654 lines
15 KiB
C
/*
|
|
* Generic SCSI Device support
|
|
*
|
|
* Copyright (c) 2007 Bull S.A.S.
|
|
* Based on code by Paul Brook
|
|
* Based on code by Fabrice Bellard
|
|
*
|
|
* Written by Laurent Vivier <Laurent.Vivier@bull.net>
|
|
*
|
|
* This code is licenced under the LGPL.
|
|
*
|
|
*/
|
|
|
|
#include "qemu-common.h"
|
|
#include "block.h"
|
|
#include "scsi-disk.h"
|
|
|
|
#ifndef __linux__
|
|
|
|
SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
|
|
scsi_completionfn completion, void *opaque)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
#else /* __linux__ */
|
|
|
|
//#define DEBUG_SCSI
|
|
|
|
#ifdef DEBUG_SCSI
|
|
#define DPRINTF(fmt, args...) \
|
|
do { printf("scsi-generic: " fmt , ##args); } while (0)
|
|
#else
|
|
#define DPRINTF(fmt, args...) do {} while(0)
|
|
#endif
|
|
|
|
#define BADF(fmt, args...) \
|
|
do { fprintf(stderr, "scsi-generic: " fmt , ##args); } while (0)
|
|
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
#include <scsi/sg.h>
|
|
#include <scsi/scsi.h>
|
|
|
|
#define LOAD_UNLOAD 0xa6
|
|
#define SET_CD_SPEED 0xbb
|
|
#define BLANK 0xa1
|
|
|
|
#define SCSI_CMD_BUF_SIZE 16
|
|
#define SCSI_SENSE_BUF_SIZE 32
|
|
|
|
#define SG_ERR_DRIVER_TIMEOUT 0x06
|
|
#define SG_ERR_DRIVER_SENSE 0x08
|
|
|
|
#ifndef MAX_UINT
|
|
#define MAX_UINT ((unsigned int)-1)
|
|
#endif
|
|
|
|
typedef struct SCSIRequest {
|
|
BlockDriverAIOCB *aiocb;
|
|
struct SCSIRequest *next;
|
|
SCSIDeviceState *dev;
|
|
uint32_t tag;
|
|
uint8_t cmd[SCSI_CMD_BUF_SIZE];
|
|
int cmdlen;
|
|
uint8_t *buf;
|
|
int buflen;
|
|
int len;
|
|
sg_io_hdr_t io_header;
|
|
} SCSIRequest;
|
|
|
|
struct SCSIDeviceState
|
|
{
|
|
SCSIRequest *requests;
|
|
BlockDriverState *bdrv;
|
|
int blocksize;
|
|
int lun;
|
|
scsi_completionfn completion;
|
|
void *opaque;
|
|
int driver_status;
|
|
uint8_t sensebuf[SCSI_SENSE_BUF_SIZE];
|
|
};
|
|
|
|
/* Global pool of SCSIRequest structures. */
|
|
static SCSIRequest *free_requests = NULL;
|
|
|
|
static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
|
|
{
|
|
SCSIRequest *r;
|
|
|
|
if (free_requests) {
|
|
r = free_requests;
|
|
free_requests = r->next;
|
|
} else {
|
|
r = qemu_malloc(sizeof(SCSIRequest));
|
|
r->buf = NULL;
|
|
r->buflen = 0;
|
|
}
|
|
r->dev = s;
|
|
r->tag = tag;
|
|
memset(r->cmd, 0, sizeof(r->cmd));
|
|
memset(&r->io_header, 0, sizeof(r->io_header));
|
|
r->cmdlen = 0;
|
|
r->len = 0;
|
|
r->aiocb = NULL;
|
|
|
|
/* link */
|
|
|
|
r->next = s->requests;
|
|
s->requests = r;
|
|
return r;
|
|
}
|
|
|
|
static void scsi_remove_request(SCSIRequest *r)
|
|
{
|
|
SCSIRequest *last;
|
|
SCSIDeviceState *s = r->dev;
|
|
|
|
if (s->requests == r) {
|
|
s->requests = r->next;
|
|
} else {
|
|
last = s->requests;
|
|
while (last && last->next != r)
|
|
last = last->next;
|
|
if (last) {
|
|
last->next = r->next;
|
|
} else {
|
|
BADF("Orphaned request\n");
|
|
}
|
|
}
|
|
r->next = free_requests;
|
|
free_requests = r;
|
|
}
|
|
|
|
static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
|
|
{
|
|
SCSIRequest *r;
|
|
|
|
r = s->requests;
|
|
while (r && r->tag != tag)
|
|
r = r->next;
|
|
|
|
return r;
|
|
}
|
|
|
|
/* Helper function for command completion. */
|
|
static void scsi_command_complete(void *opaque, int ret)
|
|
{
|
|
SCSIRequest *r = (SCSIRequest *)opaque;
|
|
SCSIDeviceState *s = r->dev;
|
|
uint32_t tag;
|
|
int sense;
|
|
|
|
s->driver_status = r->io_header.driver_status;
|
|
if (ret != 0)
|
|
sense = HARDWARE_ERROR;
|
|
else {
|
|
if (s->driver_status & SG_ERR_DRIVER_TIMEOUT) {
|
|
sense = HARDWARE_ERROR;
|
|
BADF("Driver Timeout\n");
|
|
} else if ((s->driver_status & SG_ERR_DRIVER_SENSE) == 0)
|
|
sense = NO_SENSE;
|
|
else
|
|
sense = s->sensebuf[2] & 0x0f;
|
|
}
|
|
|
|
DPRINTF("Command complete 0x%p tag=0x%x sense=%d\n", r, r->tag, sense);
|
|
tag = r->tag;
|
|
scsi_remove_request(r);
|
|
s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
|
|
}
|
|
|
|
/* Cancel a pending data transfer. */
|
|
static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
|
|
{
|
|
DPRINTF("scsi_cancel_io 0x%x\n", tag);
|
|
SCSIDeviceState *s = d->state;
|
|
SCSIRequest *r;
|
|
DPRINTF("Cancel tag=0x%x\n", tag);
|
|
r = scsi_find_request(s, tag);
|
|
if (r) {
|
|
if (r->aiocb)
|
|
bdrv_aio_cancel(r->aiocb);
|
|
r->aiocb = NULL;
|
|
scsi_remove_request(r);
|
|
}
|
|
}
|
|
|
|
static int execute_command(BlockDriverState *bdrv,
|
|
SCSIRequest *r, int direction,
|
|
BlockDriverCompletionFunc *complete)
|
|
{
|
|
|
|
r->io_header.interface_id = 'S';
|
|
r->io_header.dxfer_direction = direction;
|
|
r->io_header.dxferp = r->buf;
|
|
r->io_header.dxfer_len = r->buflen;
|
|
r->io_header.cmdp = r->cmd;
|
|
r->io_header.cmd_len = r->cmdlen;
|
|
r->io_header.mx_sb_len = sizeof(r->dev->sensebuf);
|
|
r->io_header.sbp = r->dev->sensebuf;
|
|
r->io_header.timeout = MAX_UINT;
|
|
r->io_header.usr_ptr = r;
|
|
r->io_header.flags |= SG_FLAG_DIRECT_IO;
|
|
|
|
if (bdrv_pwrite(bdrv, -1, &r->io_header, sizeof(r->io_header)) == -1) {
|
|
BADF("execute_command: write failed ! (%d)\n", errno);
|
|
return -1;
|
|
}
|
|
if (complete == NULL) {
|
|
int ret;
|
|
r->aiocb = NULL;
|
|
while ((ret = bdrv_pread(bdrv, -1, &r->io_header,
|
|
sizeof(r->io_header))) == -1 &&
|
|
errno == EINTR);
|
|
if (ret == -1) {
|
|
BADF("execute_command: read failed !\n");
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
r->aiocb = bdrv_aio_read(bdrv, 0, (uint8_t*)&r->io_header,
|
|
-(int64_t)sizeof(r->io_header), complete, r);
|
|
if (r->aiocb == NULL) {
|
|
BADF("execute_command: read failed !\n");
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void scsi_read_complete(void * opaque, int ret)
|
|
{
|
|
SCSIRequest *r = (SCSIRequest *)opaque;
|
|
SCSIDeviceState *s = r->dev;
|
|
int len;
|
|
|
|
if (ret) {
|
|
DPRINTF("IO error\n");
|
|
scsi_command_complete(r, ret);
|
|
return;
|
|
}
|
|
len = r->io_header.dxfer_len - r->io_header.resid;
|
|
DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, len);
|
|
|
|
r->len = -1;
|
|
s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
|
|
}
|
|
|
|
/* Read more data from scsi device into buffer. */
|
|
static void scsi_read_data(SCSIDevice *d, uint32_t tag)
|
|
{
|
|
SCSIDeviceState *s = d->state;
|
|
SCSIRequest *r;
|
|
int ret;
|
|
|
|
DPRINTF("scsi_read_data 0x%x\n", tag);
|
|
r = scsi_find_request(s, tag);
|
|
if (!r) {
|
|
BADF("Bad read tag 0x%x\n", tag);
|
|
/* ??? This is the wrong error. */
|
|
scsi_command_complete(r, -EINVAL);
|
|
return;
|
|
}
|
|
|
|
if (r->len == -1) {
|
|
scsi_command_complete(r, 0);
|
|
return;
|
|
}
|
|
|
|
if (r->cmd[0] == REQUEST_SENSE && s->driver_status & SG_ERR_DRIVER_SENSE)
|
|
{
|
|
memcpy(r->buf, s->sensebuf, 16);
|
|
r->io_header.driver_status = 0;
|
|
r->len = -1;
|
|
s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 16);
|
|
return;
|
|
}
|
|
|
|
ret = execute_command(s->bdrv, r, SG_DXFER_FROM_DEV, scsi_read_complete);
|
|
if (ret == -1) {
|
|
scsi_command_complete(r, -EINVAL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
static void scsi_write_complete(void * opaque, int ret)
|
|
{
|
|
SCSIRequest *r = (SCSIRequest *)opaque;
|
|
|
|
DPRINTF("scsi_write_complete() ret = %d\n", ret);
|
|
if (ret) {
|
|
DPRINTF("IO error\n");
|
|
scsi_command_complete(r, ret);
|
|
return;
|
|
}
|
|
|
|
scsi_command_complete(r, ret);
|
|
}
|
|
|
|
/* Write data to a scsi device. Returns nonzero on failure.
|
|
The transfer may complete asynchronously. */
|
|
static int scsi_write_data(SCSIDevice *d, uint32_t tag)
|
|
{
|
|
SCSIDeviceState *s = d->state;
|
|
SCSIRequest *r;
|
|
int ret;
|
|
|
|
DPRINTF("scsi_write_data 0x%x\n", tag);
|
|
r = scsi_find_request(s, tag);
|
|
if (!r) {
|
|
BADF("Bad write tag 0x%x\n", tag);
|
|
/* ??? This is the wrong error. */
|
|
scsi_command_complete(r, -EINVAL);
|
|
return 0;
|
|
}
|
|
|
|
if (r->len == 0) {
|
|
r->len = r->buflen;
|
|
s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->len);
|
|
return 0;
|
|
}
|
|
|
|
ret = execute_command(s->bdrv, r, SG_DXFER_TO_DEV, scsi_write_complete);
|
|
if (ret == -1) {
|
|
scsi_command_complete(r, -EINVAL);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* Return a pointer to the data buffer. */
|
|
static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
|
|
{
|
|
SCSIDeviceState *s = d->state;
|
|
SCSIRequest *r;
|
|
r = scsi_find_request(s, tag);
|
|
if (!r) {
|
|
BADF("Bad buffer tag 0x%x\n", tag);
|
|
return NULL;
|
|
}
|
|
return r->buf;
|
|
}
|
|
|
|
static int scsi_length(uint8_t *cmd, int blocksize, int *cmdlen, uint32_t *len)
|
|
{
|
|
switch (cmd[0] >> 5) {
|
|
case 0:
|
|
*len = cmd[4];
|
|
*cmdlen = 6;
|
|
break;
|
|
case 1:
|
|
case 2:
|
|
*len = cmd[8] | (cmd[7] << 8);
|
|
*cmdlen = 10;
|
|
break;
|
|
case 4:
|
|
*len = cmd[13] | (cmd[12] << 8) | (cmd[11] << 16) | (cmd[10] << 24);
|
|
*cmdlen = 16;
|
|
break;
|
|
case 5:
|
|
*len = cmd[9] | (cmd[8] << 8) | (cmd[7] << 16) | (cmd[6] << 24);
|
|
*cmdlen = 12;
|
|
break;
|
|
default:
|
|
return -1;
|
|
}
|
|
|
|
switch(cmd[0]) {
|
|
case TEST_UNIT_READY:
|
|
case REZERO_UNIT:
|
|
case START_STOP:
|
|
case SEEK_6:
|
|
case WRITE_FILEMARKS:
|
|
case SPACE:
|
|
case ERASE:
|
|
case ALLOW_MEDIUM_REMOVAL:
|
|
case VERIFY:
|
|
case SEEK_10:
|
|
case SYNCHRONIZE_CACHE:
|
|
case LOCK_UNLOCK_CACHE:
|
|
case LOAD_UNLOAD:
|
|
case SET_CD_SPEED:
|
|
case SET_LIMITS:
|
|
case WRITE_LONG:
|
|
case MOVE_MEDIUM:
|
|
case UPDATE_BLOCK:
|
|
*len = 0;
|
|
break;
|
|
case MODE_SENSE:
|
|
break;
|
|
case WRITE_SAME:
|
|
*len = 1;
|
|
break;
|
|
case READ_CAPACITY:
|
|
*len = 8;
|
|
break;
|
|
case READ_BLOCK_LIMITS:
|
|
*len = 6;
|
|
break;
|
|
case READ_POSITION:
|
|
*len = 20;
|
|
break;
|
|
case SEND_VOLUME_TAG:
|
|
*len *= 40;
|
|
break;
|
|
case MEDIUM_SCAN:
|
|
*len *= 8;
|
|
break;
|
|
case WRITE_10:
|
|
cmd[1] &= ~0x08; /* disable FUA */
|
|
case WRITE_VERIFY:
|
|
case WRITE_6:
|
|
case WRITE_12:
|
|
case WRITE_VERIFY_12:
|
|
*len *= blocksize;
|
|
break;
|
|
case READ_10:
|
|
cmd[1] &= ~0x08; /* disable FUA */
|
|
case READ_6:
|
|
case READ_REVERSE:
|
|
case RECOVER_BUFFERED_DATA:
|
|
case READ_12:
|
|
*len *= blocksize;
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int is_write(int command)
|
|
{
|
|
switch (command) {
|
|
case COPY:
|
|
case COPY_VERIFY:
|
|
case COMPARE:
|
|
case CHANGE_DEFINITION:
|
|
case LOG_SELECT:
|
|
case MODE_SELECT:
|
|
case MODE_SELECT_10:
|
|
case SEND_DIAGNOSTIC:
|
|
case WRITE_BUFFER:
|
|
case FORMAT_UNIT:
|
|
case REASSIGN_BLOCKS:
|
|
case RESERVE:
|
|
case SEARCH_EQUAL:
|
|
case SEARCH_HIGH:
|
|
case SEARCH_LOW:
|
|
case WRITE_6:
|
|
case WRITE_10:
|
|
case WRITE_VERIFY:
|
|
case UPDATE_BLOCK:
|
|
case WRITE_LONG:
|
|
case WRITE_SAME:
|
|
case SEARCH_HIGH_12:
|
|
case SEARCH_EQUAL_12:
|
|
case SEARCH_LOW_12:
|
|
case WRITE_12:
|
|
case WRITE_VERIFY_12:
|
|
case SET_WINDOW:
|
|
case MEDIUM_SCAN:
|
|
case SEND_VOLUME_TAG:
|
|
case WRITE_LONG_2:
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/* Execute a scsi command. Returns the length of the data expected by the
|
|
command. This will be Positive for data transfers from the device
|
|
(eg. disk reads), negative for transfers to the device (eg. disk writes),
|
|
and zero if the command does not transfer any data. */
|
|
|
|
static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
|
|
uint8_t *cmd, int lun)
|
|
{
|
|
SCSIDeviceState *s = d->state;
|
|
uint32_t len;
|
|
int cmdlen;
|
|
SCSIRequest *r;
|
|
int ret;
|
|
|
|
/* ??? Tags are not unique for different luns. We only implement a
|
|
single lun, so this should not matter. */
|
|
|
|
if (lun != s->lun || (cmd[1] >> 5) != s->lun) {
|
|
DPRINTF("Unimplemented LUN %d\n", lun ? lun : cmd[1] >> 5);
|
|
s->completion(s->opaque, SCSI_REASON_DONE, tag, ILLEGAL_REQUEST);
|
|
return 0;
|
|
}
|
|
|
|
if (scsi_length(cmd, s->blocksize, &cmdlen, &len) == -1) {
|
|
BADF("Unsupported command length, command %x\n", cmd[0]);
|
|
return 0;
|
|
}
|
|
|
|
DPRINTF("Command: lun=%d tag=0x%x data=0x%02x len %d\n", lun, tag,
|
|
cmd[0], len);
|
|
|
|
r = scsi_find_request(s, tag);
|
|
if (r) {
|
|
BADF("Tag 0x%x already in use %p\n", tag, r);
|
|
scsi_cancel_io(d, tag);
|
|
}
|
|
r = scsi_new_request(s, tag);
|
|
|
|
memcpy(r->cmd, cmd, cmdlen);
|
|
r->cmdlen = cmdlen;
|
|
|
|
if (len == 0) {
|
|
if (r->buf != NULL)
|
|
free(r->buf);
|
|
r->buflen = 0;
|
|
r->buf = NULL;
|
|
ret = execute_command(s->bdrv, r, SG_DXFER_NONE, scsi_command_complete);
|
|
if (ret == -1) {
|
|
scsi_command_complete(r, -EINVAL);
|
|
return 0;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
if (r->buflen != len) {
|
|
if (r->buf != NULL)
|
|
free(r->buf);
|
|
r->buf = qemu_malloc(len);
|
|
r->buflen = len;
|
|
}
|
|
|
|
memset(r->buf, 0, r->buflen);
|
|
r->len = len;
|
|
if (is_write(cmd[0])) {
|
|
r->len = 0;
|
|
return -len;
|
|
}
|
|
|
|
return len;
|
|
}
|
|
|
|
static int get_blocksize(BlockDriverState *bdrv)
|
|
{
|
|
uint8_t cmd[10];
|
|
uint8_t buf[8];
|
|
uint8_t sensebuf[8];
|
|
sg_io_hdr_t io_header;
|
|
int ret;
|
|
|
|
memset(cmd, sizeof(cmd), 0);
|
|
memset(buf, sizeof(buf), 0);
|
|
cmd[0] = READ_CAPACITY;
|
|
|
|
memset(&io_header, 0, sizeof(io_header));
|
|
io_header.interface_id = 'S';
|
|
io_header.dxfer_direction = SG_DXFER_FROM_DEV;
|
|
io_header.dxfer_len = sizeof(buf);
|
|
io_header.dxferp = buf;
|
|
io_header.cmdp = cmd;
|
|
io_header.cmd_len = sizeof(cmd);
|
|
io_header.mx_sb_len = sizeof(sensebuf);
|
|
io_header.sbp = sensebuf;
|
|
io_header.timeout = 6000; /* XXX */
|
|
|
|
ret = bdrv_pwrite(bdrv, -1, &io_header, sizeof(io_header));
|
|
if (ret == -1)
|
|
return -1;
|
|
|
|
while ((ret = bdrv_pread(bdrv, -1, &io_header, sizeof(io_header))) == -1 &&
|
|
errno == EINTR);
|
|
|
|
if (ret == -1)
|
|
return -1;
|
|
|
|
return (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7];
|
|
}
|
|
|
|
static void scsi_destroy(SCSIDevice *d)
|
|
{
|
|
SCSIRequest *r, *n;
|
|
|
|
r = d->state->requests;
|
|
while (r) {
|
|
n = r->next;
|
|
qemu_free(r);
|
|
r = n;
|
|
}
|
|
|
|
r = free_requests;
|
|
while (r) {
|
|
n = r->next;
|
|
qemu_free(r);
|
|
r = n;
|
|
}
|
|
|
|
qemu_free(d->state);
|
|
qemu_free(d);
|
|
}
|
|
|
|
SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
|
|
scsi_completionfn completion, void *opaque)
|
|
{
|
|
int sg_version;
|
|
SCSIDevice *d;
|
|
SCSIDeviceState *s;
|
|
struct sg_scsi_id scsiid;
|
|
|
|
/* check we are really using a /dev/sg* file */
|
|
|
|
if (!bdrv_is_sg(bdrv))
|
|
return NULL;
|
|
|
|
/* check we are using a driver managing SG_IO (version 3 and after */
|
|
|
|
if (bdrv_ioctl(bdrv, SG_GET_VERSION_NUM, &sg_version) < 0 ||
|
|
sg_version < 30000)
|
|
return NULL;
|
|
|
|
/* get LUN of the /dev/sg? */
|
|
|
|
if (bdrv_ioctl(bdrv, SG_GET_SCSI_ID, &scsiid))
|
|
return NULL;
|
|
|
|
/* define device state */
|
|
|
|
s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
|
|
s->bdrv = bdrv;
|
|
s->requests = NULL;
|
|
s->completion = completion;
|
|
s->opaque = opaque;
|
|
s->lun = scsiid.lun;
|
|
s->blocksize = get_blocksize(s->bdrv);
|
|
s->driver_status = 0;
|
|
memset(s->sensebuf, 0, sizeof(s->sensebuf));
|
|
/* removable media returns 0 if not present */
|
|
if (s->blocksize <= 0)
|
|
s->blocksize = 2048;
|
|
|
|
/* define function to manage device */
|
|
|
|
d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
|
|
d->state = s;
|
|
d->destroy = scsi_destroy;
|
|
d->send_command = scsi_send_command;
|
|
d->read_data = scsi_read_data;
|
|
d->write_data = scsi_write_data;
|
|
d->cancel_io = scsi_cancel_io;
|
|
d->get_buf = scsi_get_buf;
|
|
|
|
return d;
|
|
}
|
|
#endif /* __linux__ */
|