From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1J3Adk-00013I-QS for qemu-devel@nongnu.org; Fri, 14 Dec 2007 08:31:45 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1J3Adh-00012i-Cx for qemu-devel@nongnu.org; Fri, 14 Dec 2007 08:31:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1J3Adh-00012c-4b for qemu-devel@nongnu.org; Fri, 14 Dec 2007 08:31:41 -0500 Received: from ecfrec.frec.bull.fr ([129.183.4.8]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1J3Adf-0000vU-2B for qemu-devel@nongnu.org; Fri, 14 Dec 2007 08:31:40 -0500 Received: from localhost (localhost [127.0.0.1]) by ecfrec.frec.bull.fr (Postfix) with ESMTP id 501EA19D950 for ; Fri, 14 Dec 2007 14:31:00 +0100 (CET) Received: from ecfrec.frec.bull.fr ([127.0.0.1]) by localhost (ecfrec.frec.bull.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12786-03 for ; Fri, 14 Dec 2007 14:30:56 +0100 (CET) Received: from ecn002.frec.bull.fr (ecn002.frec.bull.fr [129.183.4.6]) by ecfrec.frec.bull.fr (Postfix) with ESMTP id 62FAC19D9A8 for ; Fri, 14 Dec 2007 14:30:56 +0100 (CET) In-Reply-To: Date: Fri, 14 Dec 2007 14:33:34 +0100 Message-Id: <1197639214634@bull.net> Mime-Version: 1.0 From: Laurent Vivier Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Subject: [Qemu-devel] [PATCH] Real SCSI device passthrough (v4) Reply-To: Laurent Vivier , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org This patch allows to connect the virtual SCSI interface of Qemu to a real SCSI device of the host. Using the devices /dev/sg, it allows to send the SCSI commands from the virtual SCSI interface to the real device. It has been tested with a SATA disk and an ATA CD burner with ide-scsi modu= le and wodim to burn a CD-RW. v4 improves Windows support. Laurent --- Makefile | 1=20 block-raw.c | 27 +- block.c | 16 + block.h | 2=20 block_int.h | 4=20 hw/esp.c | 4=20 hw/lsi53c895a.c | 8=20 hw/scsi-disk.h | 2=20 hw/scsi-generic.c | 653 +++++++++++++++++++++++++++++++++++++++++++++++++= +++++ 9 files changed, 710 insertions(+), 7 deletions(-) Index: qemu/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/Makefile 2007-12-14 13:49:34.000000000 +0100 +++ qemu/Makefile 2007-12-14 13:49:46.000000000 +0100 @@ -56,6 +56,7 @@ OBJS+=3Dirq.o OBJS+=3Di2c.o smbus.o smbus_eeprom.o max7310.o max111x.o wm8750.o OBJS+=3Dssd0303.o ssd0323.o ads7846.o stellaris_input.o OBJS+=3Dscsi-disk.o cdrom.o +OBJS+=3Dscsi-generic.o OBJS+=3Dusb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o OBJS+=3Dsd.o ssi-sd.o =20 Index: qemu/block-raw.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/block-raw.c 2007-12-14 13:49:33.000000000 +0100 +++ qemu/block-raw.c 2007-12-14 13:49:46.000000000 +0100 @@ -148,7 +148,7 @@ static int raw_pread(BlockDriverState *b if (ret < 0) return ret; =20 - if (lseek(s->fd, offset, SEEK_SET) =3D=3D (off_t)-1) { + if (offset >=3D 0 && lseek(s->fd, offset, SEEK_SET) =3D=3D (off_t)-1) { ++(s->lseek_err_cnt); if(s->lseek_err_cnt <=3D 10) { DEBUG_BLOCK_PRINT("raw_pread(%d:%s, %" PRId64 ", %p, %d) [%" P= RId64 @@ -201,7 +201,7 @@ static int raw_pwrite(BlockDriverState * if (ret < 0) return ret; =20 - if (lseek(s->fd, offset, SEEK_SET) =3D=3D (off_t)-1) { + if (offset >=3D 0 && lseek(s->fd, offset, SEEK_SET) =3D=3D (off_t)-1) { ++(s->lseek_err_cnt); if(s->lseek_err_cnt) { DEBUG_BLOCK_PRINT("raw_pwrite(%d:%s, %" PRId64 ", %p, %d) [%" @@ -273,8 +273,8 @@ void qemu_aio_init(void) seems to fix the problem. */ struct aioinit ai; memset(&ai, 0, sizeof(ai)); - ai.aio_threads =3D 1; - ai.aio_num =3D 1; + ai.aio_threads =3D 16; + ai.aio_num =3D 16; ai.aio_idle_time =3D 365 * 100000; aio_init(&ai); } @@ -384,7 +384,10 @@ static RawAIOCB *raw_aio_setup(BlockDriv acb->aiocb.aio_sigevent.sigev_signo =3D aio_sig_num; acb->aiocb.aio_sigevent.sigev_notify =3D SIGEV_SIGNAL; acb->aiocb.aio_buf =3D buf; - acb->aiocb.aio_nbytes =3D nb_sectors * 512; + if (nb_sectors < 0) + acb->aiocb.aio_nbytes =3D -nb_sectors; + else + acb->aiocb.aio_nbytes =3D nb_sectors * 512; acb->aiocb.aio_offset =3D sector_num * 512; acb->next =3D first_aio; first_aio =3D acb; @@ -672,6 +675,8 @@ static int hdev_open(BlockDriverState *b s->fd_open_flags =3D open_flags; /* open will not fail even if no floppy is inserted */ open_flags |=3D O_NONBLOCK; + } else if (strstart(filename, "/dev/sg", NULL)) { + bs->sg =3D 1; } #endif fd =3D open(filename, open_flags, 0644); @@ -851,6 +856,12 @@ static int raw_set_locked(BlockDriverSta return 0; } =20 +static int raw_ioctl(BlockDriverState *bs, unsigned long int req, void *bu= f) +{ + BDRVRawState *s =3D bs->opaque; + + return ioctl(s->fd, req, buf); +} #else =20 static int raw_is_inserted(BlockDriverState *bs) @@ -873,6 +884,10 @@ static int raw_set_locked(BlockDriverSta return -ENOTSUP; } =20 +static int raw_ioctl(BlockDriverState *bs, unsigned long int req, void *bu= f) +{ + return -ENOTSUP; +} #endif /* !linux */ =20 BlockDriver bdrv_host_device =3D { @@ -899,6 +914,8 @@ BlockDriver bdrv_host_device =3D { .bdrv_media_changed =3D raw_media_changed, .bdrv_eject =3D raw_eject, .bdrv_set_locked =3D raw_set_locked, + /* generic scsi device */ + .bdrv_ioctl =3D raw_ioctl, }; =20 #else /* _WIN32 */ Index: qemu/block.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/block.c 2007-12-14 13:49:34.000000000 +0100 +++ qemu/block.c 2007-12-14 13:49:46.000000000 +0100 @@ -786,6 +786,11 @@ int bdrv_is_read_only(BlockDriverState * return bs->read_only; } =20 +int bdrv_is_sg(BlockDriverState *bs) +{ + return bs->sg; +} + /* XXX: no longer used */ void bdrv_set_change_cb(BlockDriverState *bs, void (*change_cb)(void *opaque), void *opaque) @@ -1394,3 +1399,14 @@ void bdrv_set_locked(BlockDriverState *b drv->bdrv_set_locked(bs, locked); } } + +/* needed for generic scsi interface */ + +int bdrv_ioctl(BlockDriverState *bs, unsigned long int req, void *buf) +{ + BlockDriver *drv =3D bs->drv; + + if (drv && drv->bdrv_ioctl) + return drv->bdrv_ioctl(bs, req, buf); + return -ENOTSUP; +} Index: qemu/block.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/block.h 2007-12-14 13:49:34.000000000 +0100 +++ qemu/block.h 2007-12-14 13:49:46.000000000 +0100 @@ -118,6 +118,7 @@ int bdrv_get_type_hint(BlockDriverState=20 int bdrv_get_translation_hint(BlockDriverState *bs); int bdrv_is_removable(BlockDriverState *bs); int bdrv_is_read_only(BlockDriverState *bs); +int bdrv_is_sg(BlockDriverState *bs); int bdrv_is_inserted(BlockDriverState *bs); int bdrv_media_changed(BlockDriverState *bs); int bdrv_is_locked(BlockDriverState *bs); @@ -147,6 +148,7 @@ int bdrv_snapshot_delete(BlockDriverStat int bdrv_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_info); char *bdrv_snapshot_dump(char *buf, int buf_size, QEMUSnapshotInfo *sn); +int bdrv_ioctl(BlockDriverState *bs, unsigned long int req, void *buf); =20 char *get_human_readable_size(char *buf, int buf_size, int64_t size); int path_is_absolute(const char *path); Index: qemu/block_int.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/block_int.h 2007-12-14 13:49:29.000000000 +0100 +++ qemu/block_int.h 2007-12-14 13:49:46.000000000 +0100 @@ -82,6 +82,9 @@ struct BlockDriver { int (*bdrv_eject)(BlockDriverState *bs, int eject_flag); int (*bdrv_set_locked)(BlockDriverState *bs, int locked); =20 + /* to control generic scsi devices */ + int (*bdrv_ioctl)(BlockDriverState *bs, unsigned long int req, char *b= uf); + BlockDriverAIOCB *free_aiocb; struct BlockDriver *next; }; @@ -93,6 +96,7 @@ struct BlockDriverState { int removable; /* if true, the media can be removed */ int locked; /* if true, the media cannot temporarily be ejected */ int encrypted; /* if true, the media is encrypted */ + int sg; /* if true, the device is a /dev/sg* */ /* event callback when inserting/removing */ void (*change_cb)(void *opaque); void *change_opaque; Index: qemu/hw/esp.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/hw/esp.c 2007-12-14 13:49:29.000000000 +0100 +++ qemu/hw/esp.c 2007-12-14 13:49:46.000000000 +0100 @@ -615,7 +615,9 @@ void esp_scsi_attach(void *opaque, Block } DPRINTF("Attaching block device %d\n", id); /* Command queueing is not implemented. */ - s->scsi_dev[id] =3D scsi_disk_init(bd, 0, esp_command_complete, s); + s->scsi_dev[id] =3D scsi_generic_init(bd, 0, esp_command_complete, s); + if (s->scsi_dev[id] =3D=3D NULL) + s->scsi_dev[id] =3D scsi_disk_init(bd, 0, esp_command_complete, s); } =20 void *esp_init(target_phys_addr_t espaddr, Index: qemu/hw/lsi53c895a.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/hw/lsi53c895a.c 2007-12-14 13:49:29.000000000 +0100 +++ qemu/hw/lsi53c895a.c 2007-12-14 13:49:46.000000000 +0100 @@ -1236,6 +1236,8 @@ static uint8_t lsi_reg_readb(LSIState *s return s->sdid; case 0x07: /* GPREG0 */ return 0x7f; + case 0x08: /* Revision ID */ + return 0x00; case 0xa: /* SSID */ return s->ssid; case 0xb: /* SBCL */ @@ -1281,6 +1283,8 @@ static uint8_t lsi_reg_readb(LSIState *s return s->ctest4; case 0x22: /* CTEST5 */ return s->ctest5; + case 0x23: /* CTEST6 */ + return 0; case 0x24: /* DBC[0:7] */ return s->dbc & 0xff; case 0x25: /* DBC[8:15] */ @@ -1838,7 +1842,9 @@ void lsi_scsi_attach(void *opaque, Block s->scsi_dev[id]->destroy(s->scsi_dev[id]); } DPRINTF("Attaching block device %d\n", id); - s->scsi_dev[id] =3D scsi_disk_init(bd, 1, lsi_command_complete, s); + s->scsi_dev[id] =3D scsi_generic_init(bd, 1, lsi_command_complete, s); + if (s->scsi_dev[id] =3D=3D NULL) + s->scsi_dev[id] =3D scsi_disk_init(bd, 1, lsi_command_complete, s); } =20 void *lsi_scsi_init(PCIBus *bus, int devfn) Index: qemu/hw/scsi-disk.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- qemu.orig/hw/scsi-disk.h 2007-12-14 13:49:29.000000000 +0100 +++ qemu/hw/scsi-disk.h 2007-12-14 13:49:46.000000000 +0100 @@ -26,6 +26,8 @@ struct SCSIDevice =20 SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq, scsi_completionfn completion, void *opaque); +SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq, + scsi_completionfn completion, void *opaque); =20 /* cdrom.c */ int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track); Index: qemu/hw/scsi-generic.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ qemu/hw/scsi-generic.c 2007-12-14 13:49:46.000000000 +0100 @@ -0,0 +1,653 @@ +/* + * Generic SCSI Device support + * + * Copyright (c) 2007 Bull S.A.S. + * Based on code by Paul Brook + * Based on code by Fabrice Bellard + * + * Written by Laurent Vivier + * + * This code is licenced under the LGPL. + * + */ + +#include "qemu-common.h" +#include "block.h" +#include "scsi-disk.h" + +#ifndef __linux__ + +SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq, + scsi_completionfn completion, void *opaque) +{ + return NULL; +} + +#else /* __linux__ */ + +//#define DEBUG_SCSI + +#ifdef DEBUG_SCSI +#define DPRINTF(fmt, args...) \ +do { printf("scsi-generic: " fmt , ##args); } while (0) +#else +#define DPRINTF(fmt, args...) do {} while(0) +#endif + +#define BADF(fmt, args...) \ +do { fprintf(stderr, "scsi-generic: " fmt , ##args); } while (0) + +#include +#include +#include +#include +#include +#include + +#define LOAD_UNLOAD 0xa6 +#define SET_CD_SPEED 0xbb +#define BLANK 0xa1 + +#define SCSI_CMD_BUF_SIZE 16 +#define SCSI_SENSE_BUF_SIZE 32 + +#define SG_ERR_DRIVER_TIMEOUT 0x06 +#define SG_ERR_DRIVER_SENSE 0x08 + +#ifndef MAX_UINT +#define MAX_UINT ((unsigned int)-1) +#endif + +typedef struct SCSIRequest { + BlockDriverAIOCB *aiocb; + struct SCSIRequest *next; + SCSIDeviceState *dev; + uint32_t tag; + uint8_t cmd[SCSI_CMD_BUF_SIZE]; + int cmdlen; + uint8_t *buf; + int buflen; + int len; + sg_io_hdr_t io_header; +} SCSIRequest; + +struct SCSIDeviceState +{ + SCSIRequest *requests; + BlockDriverState *bdrv; + int blocksize; + int lun; + scsi_completionfn completion; + void *opaque; + int driver_status; + uint8_t sensebuf[SCSI_SENSE_BUF_SIZE]; +}; + +/* Global pool of SCSIRequest structures. */ +static SCSIRequest *free_requests =3D NULL; + +static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag) +{ + SCSIRequest *r; + + if (free_requests) { + r =3D free_requests; + free_requests =3D r->next; + } else { + r =3D qemu_malloc(sizeof(SCSIRequest)); + r->buf =3D NULL; + r->buflen =3D 0; + } + r->dev =3D s; + r->tag =3D tag; + memset(r->cmd, 0, sizeof(r->cmd)); + memset(&r->io_header, 0, sizeof(r->io_header)); + r->cmdlen =3D 0; + r->len =3D 0; + r->aiocb =3D NULL; + + /* link */ + + r->next =3D s->requests; + s->requests =3D r; + return r; +} + +static void scsi_remove_request(SCSIRequest *r) +{ + SCSIRequest *last; + SCSIDeviceState *s =3D r->dev; + + if (s->requests =3D=3D r) { + s->requests =3D r->next; + } else { + last =3D s->requests; + while (last && last->next !=3D r) + last =3D last->next; + if (last) { + last->next =3D r->next; + } else { + BADF("Orphaned request\n"); + } + } + r->next =3D free_requests; + free_requests =3D r; +} + +static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag) +{ + SCSIRequest *r; + + r =3D s->requests; + while (r && r->tag !=3D tag) + r =3D r->next; + + return r; +} + +/* Helper function for command completion. */ +static void scsi_command_complete(void *opaque, int ret) +{ + SCSIRequest *r =3D (SCSIRequest *)opaque; + SCSIDeviceState *s =3D r->dev; + uint32_t tag; + int sense; + + s->driver_status =3D r->io_header.driver_status; + if (ret !=3D 0) + sense =3D HARDWARE_ERROR; + else { + if (s->driver_status & SG_ERR_DRIVER_TIMEOUT) { + sense =3D HARDWARE_ERROR; + BADF("Driver Timeout\n"); + } else if ((s->driver_status & SG_ERR_DRIVER_SENSE) =3D=3D 0) + sense =3D NO_SENSE; + else + sense =3D s->sensebuf[2] & 0x0f; + } + + DPRINTF("Command complete 0x%p tag=3D0x%x sense=3D%d\n", r, r->tag, se= nse); + tag =3D r->tag; + scsi_remove_request(r); + s->completion(s->opaque, SCSI_REASON_DONE, tag, sense); +} + +/* Cancel a pending data transfer. */ +static void scsi_cancel_io(SCSIDevice *d, uint32_t tag) +{ + DPRINTF("scsi_cancel_io 0x%x\n", tag); + SCSIDeviceState *s =3D d->state; + SCSIRequest *r; + DPRINTF("Cancel tag=3D0x%x\n", tag); + r =3D scsi_find_request(s, tag); + if (r) { + if (r->aiocb) + bdrv_aio_cancel(r->aiocb); + r->aiocb =3D NULL; + scsi_remove_request(r); + } +} + +static int execute_command(BlockDriverState *bdrv, + SCSIRequest *r, int direction, + BlockDriverCompletionFunc *complete) +{ + + r->io_header.interface_id =3D 'S'; + r->io_header.dxfer_direction =3D direction; + r->io_header.dxferp =3D r->buf; + r->io_header.dxfer_len =3D r->buflen; + r->io_header.cmdp =3D r->cmd; + r->io_header.cmd_len =3D r->cmdlen; + r->io_header.mx_sb_len =3D sizeof(r->dev->sensebuf); + r->io_header.sbp =3D r->dev->sensebuf; + r->io_header.timeout =3D MAX_UINT; + r->io_header.usr_ptr =3D r; + r->io_header.flags |=3D SG_FLAG_DIRECT_IO; + + if (bdrv_pwrite(bdrv, -1, &r->io_header, sizeof(r->io_header)) =3D=3D = -1) { + BADF("execute_command: write failed ! (%d)\n", errno); + return -1; + } + if (complete =3D=3D NULL) { + int ret; + r->aiocb =3D NULL; + while ((ret =3D bdrv_pread(bdrv, -1, &r->io_header, + sizeof(r->io_header))) =3D=3D -= 1 && + errno =3D=3D EINTR); + if (ret =3D=3D -1) { + BADF("execute_command: read failed !\n"); + return -1; + } + return 0; + } + + r->aiocb =3D bdrv_aio_read(bdrv, 0, (uint8_t*)&r->io_header, + -(int64_t)sizeof(r->io_header), complete, r); + if (r->aiocb =3D=3D NULL) { + BADF("execute_command: read failed !\n"); + return -1; + } + + return 0; +} + +static void scsi_read_complete(void * opaque, int ret) +{ + SCSIRequest *r =3D (SCSIRequest *)opaque; + SCSIDeviceState *s =3D r->dev; + int len; + + if (ret) { + DPRINTF("IO error\n"); + scsi_command_complete(r, ret); + return; + } + len =3D r->io_header.dxfer_len - r->io_header.resid; + DPRINTF("Data ready tag=3D0x%x len=3D%d\n", r->tag, len); + + r->len =3D -1; + s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len); +} + +/* Read more data from scsi device into buffer. */ +static void scsi_read_data(SCSIDevice *d, uint32_t tag) +{ + SCSIDeviceState *s =3D d->state; + SCSIRequest *r; + int ret; + + DPRINTF("scsi_read_data 0x%x\n", tag); + r =3D scsi_find_request(s, tag); + if (!r) { + BADF("Bad read tag 0x%x\n", tag); + /* ??? This is the wrong error. */ + scsi_command_complete(r, -EINVAL); + return; + } + + if (r->len =3D=3D -1) { + scsi_command_complete(r, 0); + return; + } + + if (r->cmd[0] =3D=3D REQUEST_SENSE && s->driver_status & SG_ERR_DRIVER= _SENSE) + { + memcpy(r->buf, s->sensebuf, 16); + r->io_header.driver_status =3D 0; + r->len =3D -1; + s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 16); + return; + } + + ret =3D execute_command(s->bdrv, r, SG_DXFER_FROM_DEV, scsi_read_compl= ete); + if (ret =3D=3D -1) { + scsi_command_complete(r, -EINVAL); + return; + } +} + +static void scsi_write_complete(void * opaque, int ret) +{ + SCSIRequest *r =3D (SCSIRequest *)opaque; + + DPRINTF("scsi_write_complete() ret =3D %d\n", ret); + if (ret) { + DPRINTF("IO error\n"); + scsi_command_complete(r, ret); + return; + } + + scsi_command_complete(r, ret); +} + +/* Write data to a scsi device. Returns nonzero on failure. + The transfer may complete asynchronously. */ +static int scsi_write_data(SCSIDevice *d, uint32_t tag) +{ + SCSIDeviceState *s =3D d->state; + SCSIRequest *r; + int ret; + + DPRINTF("scsi_write_data 0x%x\n", tag); + r =3D scsi_find_request(s, tag); + if (!r) { + BADF("Bad write tag 0x%x\n", tag); + /* ??? This is the wrong error. */ + scsi_command_complete(r, -EINVAL); + return 0; + } + + if (r->len =3D=3D 0) { + r->len =3D r->buflen; + s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->len); + return 0; + } + + ret =3D execute_command(s->bdrv, r, SG_DXFER_TO_DEV, scsi_write_comple= te); + if (ret =3D=3D -1) { + scsi_command_complete(r, -EINVAL); + return 1; + } + + return 0; +} + +/* Return a pointer to the data buffer. */ +static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag) +{ + SCSIDeviceState *s =3D d->state; + SCSIRequest *r; + r =3D scsi_find_request(s, tag); + if (!r) { + BADF("Bad buffer tag 0x%x\n", tag); + return NULL; + } + return r->buf; +} + +static int scsi_length(uint8_t *cmd, int blocksize, int *cmdlen, uint32_t = *len) +{ + switch (cmd[0] >> 5) { + case 0: + *len =3D cmd[4]; + *cmdlen =3D 6; + break; + case 1: + case 2: + *len =3D cmd[8] | (cmd[7] << 8); + *cmdlen =3D 10; + break; + case 4: + *len =3D cmd[13] | (cmd[12] << 8) | (cmd[11] << 16) | (cmd[10] << = 24); + *cmdlen =3D 16; + break; + case 5: + *len =3D cmd[9] | (cmd[8] << 8) | (cmd[7] << 16) | (cmd[6] << 24); + *cmdlen =3D 12; + break; + default: + return -1; + } + + switch(cmd[0]) { + case TEST_UNIT_READY: + case REZERO_UNIT: + case START_STOP: + case SEEK_6: + case WRITE_FILEMARKS: + case SPACE: + case ERASE: + case ALLOW_MEDIUM_REMOVAL: + case VERIFY: + case SEEK_10: + case SYNCHRONIZE_CACHE: + case LOCK_UNLOCK_CACHE: + case LOAD_UNLOAD: + case SET_CD_SPEED: + case SET_LIMITS: + case WRITE_LONG: + case MOVE_MEDIUM: + case UPDATE_BLOCK: + *len =3D 0; + break; + case MODE_SENSE: + break; + case WRITE_SAME: + *len =3D 1; + break; + case READ_CAPACITY: + *len =3D 8; + break; + case READ_BLOCK_LIMITS: + *len =3D 6; + break; + case READ_POSITION: + *len =3D 20; + break; + case SEND_VOLUME_TAG: + *len *=3D 40; + break; + case MEDIUM_SCAN: + *len *=3D 8; + break; + case WRITE_10: + cmd[1] &=3D ~0x08; /* disable FUA */ + case WRITE_VERIFY: + case WRITE_6: + case WRITE_12: + case WRITE_VERIFY_12: + *len *=3D blocksize; + break; + case READ_10: + cmd[1] &=3D ~0x08; /* disable FUA */ + case READ_6: + case READ_REVERSE: + case RECOVER_BUFFERED_DATA: + case READ_12: + *len *=3D blocksize; + break; + } + return 0; +} + +static int is_write(int command) +{ + switch (command) { + case COPY: + case COPY_VERIFY: + case COMPARE: + case CHANGE_DEFINITION: + case LOG_SELECT: + case MODE_SELECT: + case MODE_SELECT_10: + case SEND_DIAGNOSTIC: + case WRITE_BUFFER: + case FORMAT_UNIT: + case REASSIGN_BLOCKS: + case RESERVE: + case SEARCH_EQUAL: + case SEARCH_HIGH: + case SEARCH_LOW: + case WRITE_6: + case WRITE_10: + case WRITE_VERIFY: + case UPDATE_BLOCK: + case WRITE_LONG: + case WRITE_SAME: + case SEARCH_HIGH_12: + case SEARCH_EQUAL_12: + case SEARCH_LOW_12: + case WRITE_12: + case WRITE_VERIFY_12: + case SET_WINDOW: + case MEDIUM_SCAN: + case SEND_VOLUME_TAG: + case WRITE_LONG_2: + return 1; + } + return 0; +} + +/* Execute a scsi command. Returns the length of the data expected by the + command. This will be Positive for data transfers from the device + (eg. disk reads), negative for transfers to the device (eg. disk writes= ), + and zero if the command does not transfer any data. */ + +static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag, + uint8_t *cmd, int lun) +{ + SCSIDeviceState *s =3D d->state; + uint32_t len; + int cmdlen; + SCSIRequest *r; + int ret; + + /* ??? Tags are not unique for different luns. We only implement a + single lun, so this should not matter. */ + + if (lun !=3D s->lun || (cmd[1] >> 5) !=3D s->lun) { + DPRINTF("Unimplemented LUN %d\n", lun ? lun : cmd[1] >> 5); + s->completion(s->opaque, SCSI_REASON_DONE, tag, ILLEGAL_REQUEST); + return 0; + } + + if (scsi_length(cmd, s->blocksize, &cmdlen, &len) =3D=3D -1) { + BADF("Unsupported command length, command %x\n", cmd[0]); + return 0; + } + + DPRINTF("Command: lun=3D%d tag=3D0x%x data=3D0x%02x len %d\n", lun, ta= g, + cmd[0], len); + + r =3D scsi_find_request(s, tag); + if (r) { + BADF("Tag 0x%x already in use %p\n", tag, r); + scsi_cancel_io(d, tag); + } + r =3D scsi_new_request(s, tag); + + memcpy(r->cmd, cmd, cmdlen); + r->cmdlen =3D cmdlen; + + if (len =3D=3D 0) { + if (r->buf !=3D NULL) + free(r->buf); + r->buflen =3D 0; + r->buf =3D NULL; + ret =3D execute_command(s->bdrv, r, SG_DXFER_NONE, scsi_command_co= mplete); + if (ret =3D=3D -1) { + scsi_command_complete(r, -EINVAL); + return 0; + } + return 0; + } + + if (r->buflen !=3D len) { + if (r->buf !=3D NULL) + free(r->buf); + r->buf =3D qemu_malloc(len); + r->buflen =3D len; + } + + memset(r->buf, 0, r->buflen); + r->len =3D len; + if (is_write(cmd[0])) { + r->len =3D 0; + return -len; + } + + return len; +} + +static int get_blocksize(BlockDriverState *bdrv) +{ + uint8_t cmd[10]; + uint8_t buf[8]; + uint8_t sensebuf[8]; + sg_io_hdr_t io_header; + int ret; + + memset(cmd, sizeof(cmd), 0); + memset(buf, sizeof(buf), 0); + cmd[0] =3D READ_CAPACITY; + + memset(&io_header, 0, sizeof(io_header)); + io_header.interface_id =3D 'S'; + io_header.dxfer_direction =3D SG_DXFER_FROM_DEV; + io_header.dxfer_len =3D sizeof(buf); + io_header.dxferp =3D buf; + io_header.cmdp =3D cmd; + io_header.cmd_len =3D sizeof(cmd); + io_header.mx_sb_len =3D sizeof(sensebuf); + io_header.sbp =3D sensebuf; + io_header.timeout =3D 6000; /* XXX */ + + ret =3D bdrv_pwrite(bdrv, -1, &io_header, sizeof(io_header)); + if (ret =3D=3D -1) + return -1; + + while ((ret =3D bdrv_pread(bdrv, -1, &io_header, sizeof(io_header))) = =3D=3D -1 && + errno =3D=3D EINTR); + + if (ret =3D=3D -1) + return -1; + + return (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7]; +} + +static void scsi_destroy(SCSIDevice *d) +{ + SCSIRequest *r, *n; + + r =3D d->state->requests; + while (r) { + n =3D r->next; + qemu_free(r); + r =3D n; + } + + r =3D free_requests; + while (r) { + n =3D r->next; + qemu_free(r); + r =3D n; + } + + qemu_free(d->state); + qemu_free(d); +} + +SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq, + scsi_completionfn completion, void *opaque) +{ + int sg_version; + SCSIDevice *d; + SCSIDeviceState *s; + struct sg_scsi_id scsiid; + + /* check we are really using a /dev/sg* file */ + + if (!bdrv_is_sg(bdrv)) + return NULL; + + /* check we are using a driver managing SG_IO (version 3 and after */ + + if (bdrv_ioctl(bdrv, SG_GET_VERSION_NUM, (char*)&sg_version) < 0 || + sg_version < 30000) + return NULL; + + /* get LUN of the /dev/sg? */ + + if (bdrv_ioctl(bdrv, SG_GET_SCSI_ID, &scsiid)) + return NULL; + + /* define device state */ + + s =3D (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState)); + s->bdrv =3D bdrv; + s->requests =3D NULL; + s->completion =3D completion; + s->opaque =3D opaque; + s->lun =3D scsiid.lun; + s->blocksize =3D get_blocksize(s->bdrv); + s->driver_status =3D 0; + memset(s->sensebuf, 0, sizeof(s->sensebuf)); + /* removable media returns 0 if not present */ + if (s->blocksize <=3D 0) + s->blocksize =3D 2048; + + /* define function to manage device */ + + d =3D (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice)); + d->state =3D s; + d->destroy =3D scsi_destroy; + d->send_command =3D scsi_send_command; + d->read_data =3D scsi_read_data; + d->write_data =3D scsi_write_data; + d->cancel_io =3D scsi_cancel_io; + d->get_buf =3D scsi_get_buf; + + return d; +} +#endif /* __linux__ */