This patch allows to connect the virtual SCSI interface of Qemu to
a real SCSI device of the host.
Using the devices /dev/sg, it allows to send the SCSI command from the
virtual SCSI interface to the real device.
This patch uses synchronous SCSI I/O.
block-raw.c has been modified to disable the "lseek()" when offset is less than
0 in raw_pread() and raw_pwrite() to be able to use them on /dev/sg devices.
---
Makefile | 1
block-raw.c | 19 +
block.c | 17 +
block.h | 2
block_int.h | 4
hw/esp.c | 20 +
hw/lsi53c895a.c | 22 +-
hw/scsi-disk.c | 62 +++--
hw/scsi-disk.h | 29 +-
hw/scsi-generic.c | 577 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
hw/usb-msd.c | 16 -
11 files changed, 704 insertions(+), 65 deletions(-)
Index: qemu/block-raw.c
===================================================================
--- qemu.orig/block-raw.c 2007-11-28 11:39:19.000000000 +0100
+++ qemu/block-raw.c 2007-11-28 13:12:02.000000000 +0100
@@ -52,6 +52,7 @@
#include <sys/ioctl.h>
#include <linux/cdrom.h>
#include <linux/fd.h>
+#include <linux/major.h>
#endif
#ifdef __FreeBSD__
#include <sys/disk.h>
@@ -148,7 +149,7 @@ static int raw_pread(BlockDriverState *b
if (ret < 0)
return ret;
- if (lseek(s->fd, offset, SEEK_SET) == (off_t)-1) {
+ if (offset >= 0 && lseek(s->fd, offset, SEEK_SET) == (off_t)-1) {
++(s->lseek_err_cnt);
if(s->lseek_err_cnt <= 10) {
DEBUG_BLOCK_PRINT("raw_pread(%d:%s, %" PRId64 ", %p, %d) [%" PRId64
@@ -201,7 +202,7 @@ static int raw_pwrite(BlockDriverState *
if (ret < 0)
return ret;
- if (lseek(s->fd, offset, SEEK_SET) == (off_t)-1) {
+ if (offset >= 0 && lseek(s->fd, offset, SEEK_SET) == (off_t)-1) {
++(s->lseek_err_cnt);
if(s->lseek_err_cnt) {
DEBUG_BLOCK_PRINT("raw_pwrite(%d:%s, %" PRId64 ", %p, %d) [%"
@@ -672,6 +673,8 @@ static int hdev_open(BlockDriverState *b
s->fd_open_flags = open_flags;
/* open will not fail even if no floppy is inserted */
open_flags |= O_NONBLOCK;
+ } else if (strstart(filename, "/dev/sg", NULL)) {
+ bs->sg = 1;
}
#endif
fd = open(filename, open_flags, 0644);
@@ -851,6 +854,12 @@ static int raw_set_locked(BlockDriverSta
return 0;
}
+static int raw_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
+{
+ BDRVRawState *s = bs->opaque;
+
+ return ioctl(s->fd, req, buf);
+}
#else
static int raw_is_inserted(BlockDriverState *bs)
@@ -873,6 +882,10 @@ static int raw_set_locked(BlockDriverSta
return -ENOTSUP;
}
+static int raw_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
+{
+ return -ENOTSUP;
+}
#endif /* !linux */
BlockDriver bdrv_host_device = {
@@ -899,6 +912,8 @@ BlockDriver bdrv_host_device = {
.bdrv_media_changed = raw_media_changed,
.bdrv_eject = raw_eject,
.bdrv_set_locked = raw_set_locked,
+ /* generic scsi device */
+ .bdrv_ioctl = raw_ioctl,
};
#else /* _WIN32 */
Index: qemu/block.c
===================================================================
--- qemu.orig/block.c 2007-11-28 11:39:19.000000000 +0100
+++ qemu/block.c 2007-11-28 11:44:37.000000000 +0100
@@ -303,7 +303,6 @@ int bdrv_file_open(BlockDriverState **pb
{
BlockDriverState *bs;
int ret;
-
bs = bdrv_new("");
if (!bs)
return -ENOMEM;
@@ -780,6 +779,11 @@ int bdrv_is_read_only(BlockDriverState *
return bs->read_only;
}
+int bdrv_is_sg(BlockDriverState *bs)
+{
+ return bs->sg;
+}
+
/* XXX: no longer used */
void bdrv_set_change_cb(BlockDriverState *bs,
void (*change_cb)(void *opaque), void *opaque)
@@ -1352,3 +1356,14 @@ void bdrv_set_locked(BlockDriverState *b
drv->bdrv_set_locked(bs, locked);
}
}
+
+/* needed for generic scsi interface */
+
+int bdrv_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
+{
+ BlockDriver *drv = bs->drv;
+
+ if (drv && drv->bdrv_ioctl)
+ return drv->bdrv_ioctl(bs, req, buf);
+ return -ENOTSUP;
+}
Index: qemu/block.h
===================================================================
--- qemu.orig/block.h 2007-11-28 11:39:19.000000000 +0100
+++ qemu/block.h 2007-11-28 11:44:37.000000000 +0100
@@ -117,6 +117,7 @@ int bdrv_get_type_hint(BlockDriverState
int bdrv_get_translation_hint(BlockDriverState *bs);
int bdrv_is_removable(BlockDriverState *bs);
int bdrv_is_read_only(BlockDriverState *bs);
+int bdrv_is_sg(BlockDriverState *bs);
int bdrv_is_inserted(BlockDriverState *bs);
int bdrv_media_changed(BlockDriverState *bs);
int bdrv_is_locked(BlockDriverState *bs);
@@ -146,6 +147,7 @@ int bdrv_snapshot_delete(BlockDriverStat
int bdrv_snapshot_list(BlockDriverState *bs,
QEMUSnapshotInfo **psn_info);
char *bdrv_snapshot_dump(char *buf, int buf_size, QEMUSnapshotInfo *sn);
+int bdrv_ioctl(BlockDriverState *bs, unsigned long int req, void *buf);
char *get_human_readable_size(char *buf, int buf_size, int64_t size);
int path_is_absolute(const char *path);
Index: qemu/block_int.h
===================================================================
--- qemu.orig/block_int.h 2007-11-28 11:39:19.000000000 +0100
+++ qemu/block_int.h 2007-11-28 11:44:37.000000000 +0100
@@ -82,6 +82,9 @@ struct BlockDriver {
int (*bdrv_eject)(BlockDriverState *bs, int eject_flag);
int (*bdrv_set_locked)(BlockDriverState *bs, int locked);
+ /* to control generic scsi devices */
+ int (*bdrv_ioctl)(BlockDriverState *bs, unsigned long int req, char *buf);
+
BlockDriverAIOCB *free_aiocb;
struct BlockDriver *next;
};
@@ -93,6 +96,7 @@ struct BlockDriverState {
int removable; /* if true, the media can be removed */
int locked; /* if true, the media cannot temporarily be ejected */
int encrypted; /* if true, the media is encrypted */
+ int sg; /* if true, the device is a /dev/sg* */
/* event callback when inserting/removing */
void (*change_cb)(void *opaque);
void *change_opaque;
Index: qemu/hw/scsi-disk.c
===================================================================
--- qemu.orig/hw/scsi-disk.c 2007-11-28 11:39:19.000000000 +0100
+++ qemu/hw/scsi-disk.c 2007-11-28 11:44:37.000000000 +0100
@@ -37,7 +37,7 @@ do { fprintf(stderr, "scsi-disk: " fmt ,
#define SCSI_DMA_BUF_SIZE 65536
typedef struct SCSIRequest {
- SCSIDevice *dev;
+ SCSIDeviceState *dev;
uint32_t tag;
/* ??? We should probably keep track of whether the data trasfer is
a read or a write. Currently we rely on the host getting it right. */
@@ -51,7 +51,7 @@ typedef struct SCSIRequest {
struct SCSIRequest *next;
} SCSIRequest;
-struct SCSIDevice
+struct SCSIDeviceState
{
BlockDriverState *bdrv;
SCSIRequest *requests;
@@ -69,7 +69,7 @@ struct SCSIDevice
/* Global pool of SCSIRequest structures. */
static SCSIRequest *free_requests = NULL;
-static SCSIRequest *scsi_new_request(SCSIDevice *s, uint32_t tag)
+static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
{
SCSIRequest *r;
@@ -93,7 +93,7 @@ static SCSIRequest *scsi_new_request(SCS
static void scsi_remove_request(SCSIRequest *r)
{
SCSIRequest *last;
- SCSIDevice *s = r->dev;
+ SCSIDeviceState *s = r->dev;
if (s->requests == r) {
s->requests = r->next;
@@ -111,7 +111,7 @@ static void scsi_remove_request(SCSIRequ
free_requests = r;
}
-static SCSIRequest *scsi_find_request(SCSIDevice *s, uint32_t tag)
+static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
{
SCSIRequest *r;
@@ -125,7 +125,7 @@ static SCSIRequest *scsi_find_request(SC
/* Helper function for command completion. */
static void scsi_command_complete(SCSIRequest *r, int sense)
{
- SCSIDevice *s = r->dev;
+ SCSIDeviceState *s = r->dev;
uint32_t tag;
DPRINTF("Command complete tag=0x%x sense=%d\n", r->tag, sense);
s->sense = sense;
@@ -135,8 +135,9 @@ static void scsi_command_complete(SCSIRe
}
/* Cancel a pending data transfer. */
-void scsi_cancel_io(SCSIDevice *s, uint32_t tag)
+static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
{
+ SCSIDeviceState *s = d->state;
SCSIRequest *r;
DPRINTF("Cancel tag=0x%x\n", tag);
r = scsi_find_request(s, tag);
@@ -151,7 +152,7 @@ void scsi_cancel_io(SCSIDevice *s, uint3
static void scsi_read_complete(void * opaque, int ret)
{
SCSIRequest *r = (SCSIRequest *)opaque;
- SCSIDevice *s = r->dev;
+ SCSIDeviceState *s = r->dev;
if (ret) {
DPRINTF("IO error\n");
@@ -164,8 +165,9 @@ static void scsi_read_complete(void * op
}
/* Read more data from scsi device into buffer. */
-void scsi_read_data(SCSIDevice *s, uint32_t tag)
+static void scsi_read_data(SCSIDevice *d, uint32_t tag)
{
+ SCSIDeviceState *s = d->state;
SCSIRequest *r;
uint32_t n;
@@ -204,7 +206,7 @@ void scsi_read_data(SCSIDevice *s, uint3
static void scsi_write_complete(void * opaque, int ret)
{
SCSIRequest *r = (SCSIRequest *)opaque;
- SCSIDevice *s = r->dev;
+ SCSIDeviceState *s = r->dev;
uint32_t len;
if (ret) {
@@ -228,8 +230,9 @@ static void scsi_write_complete(void * o
/* Write data to a scsi device. Returns nonzero on failure.
The transfer may complete asynchronously. */
-int scsi_write_data(SCSIDevice *s, uint32_t tag)
+static int scsi_write_data(SCSIDevice *d, uint32_t tag)
{
+ SCSIDeviceState *s = d->state;
SCSIRequest *r;
uint32_t n;
@@ -259,8 +262,9 @@ int scsi_write_data(SCSIDevice *s, uint3
}
/* Return a pointer to the data buffer. */
-uint8_t *scsi_get_buf(SCSIDevice *s, uint32_t tag)
+static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
{
+ SCSIDeviceState *s = d->state;
SCSIRequest *r;
r = scsi_find_request(s, tag);
@@ -276,8 +280,10 @@ uint8_t *scsi_get_buf(SCSIDevice *s, uin
(eg. disk reads), negative for transfers to the device (eg. disk writes),
and zero if the command does not transfer any data. */
-int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun)
+static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
+ uint8_t *buf, int lun)
{
+ SCSIDeviceState *s = d->state;
int64_t nb_sectors;
uint32_t lba;
uint32_t len;
@@ -291,7 +297,7 @@ int32_t scsi_send_command(SCSIDevice *s,
r = scsi_find_request(s, tag);
if (r) {
BADF("Tag 0x%x already in use\n", tag);
- scsi_cancel_io(s, tag);
+ scsi_cancel_io(d, tag);
}
/* ??? Tags are not unique for different luns. We only implement a
single lun, so this should not matter. */
@@ -576,19 +582,19 @@ int32_t scsi_send_command(SCSIDevice *s,
}
}
-void scsi_disk_destroy(SCSIDevice *s)
+static void scsi_destroy(SCSIDevice *d)
{
- qemu_free(s);
+ qemu_free(d->state);
+ qemu_free(d);
}
-SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
- int tcq,
- scsi_completionfn completion,
- void *opaque)
+SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque)
{
- SCSIDevice *s;
+ SCSIDevice *d;
+ SCSIDeviceState *s;
- s = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
+ s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
s->bdrv = bdrv;
s->tcq = tcq;
s->completion = completion;
@@ -599,6 +605,14 @@ SCSIDevice *scsi_disk_init(BlockDriverSt
s->cluster_size = 1;
}
- return s;
-}
+ d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
+ d->state = s;
+ d->destroy = scsi_destroy;
+ d->send_command = scsi_send_command;
+ d->read_data = scsi_read_data;
+ d->write_data = scsi_write_data;
+ d->cancel_io = scsi_cancel_io;
+ d->get_buf = scsi_get_buf;
+ return d;
+}
Index: qemu/hw/esp.c
===================================================================
--- qemu.orig/hw/esp.c 2007-11-28 11:44:31.000000000 +0100
+++ qemu/hw/esp.c 2007-11-28 11:44:37.000000000 +0100
@@ -120,7 +120,7 @@ static int get_cmd(ESPState *s, uint8_t
if (s->current_dev) {
/* Started a new command before the old one finished. Cancel it. */
- scsi_cancel_io(s->current_dev, 0);
+ s->current_dev->cancel_io(s->current_dev, 0);
s->async_len = 0;
}
@@ -143,7 +143,7 @@ static void do_cmd(ESPState *s, uint8_t
DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
lun = buf[0] & 7;
- datalen = scsi_send_command(s->current_dev, 0, &buf[1], lun);
+ datalen = s->current_dev->send_command(s->current_dev, 0, &buf[1], lun);
s->ti_size = datalen;
if (datalen != 0) {
s->rregs[4] = STAT_IN | STAT_TC;
@@ -151,10 +151,10 @@ static void do_cmd(ESPState *s, uint8_t
s->dma_counter = 0;
if (datalen > 0) {
s->rregs[4] |= STAT_DI;
- scsi_read_data(s->current_dev, 0);
+ s->current_dev->read_data(s->current_dev, 0);
} else {
s->rregs[4] |= STAT_DO;
- scsi_write_data(s->current_dev, 0);
+ s->current_dev->write_data(s->current_dev, 0);
}
}
s->rregs[5] = INTR_BS | INTR_FC;
@@ -253,9 +253,9 @@ static void esp_do_dma(ESPState *s)
if (s->async_len == 0) {
if (to_device) {
// ti_size is negative
- scsi_write_data(s->current_dev, 0);
+ s->current_dev->write_data(s->current_dev, 0);
} else {
- scsi_read_data(s->current_dev, 0);
+ s->current_dev->read_data(s->current_dev, 0);
/* If there is still data to be read from the device then
complete the DMA operation immeriately. Otherwise defer
until the scsi layer has completed. */
@@ -290,7 +290,7 @@ static void esp_command_complete(void *o
} else {
DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
s->async_len = arg;
- s->async_buf = scsi_get_buf(s->current_dev, 0);
+ s->async_buf = s->current_dev->get_buf(s->current_dev, 0);
if (s->dma_left) {
esp_do_dma(s);
} else if (s->dma_counter != 0 && s->ti_size <= 0) {
@@ -569,11 +569,13 @@ void esp_scsi_attach(void *opaque, Block
}
if (s->scsi_dev[id]) {
DPRINTF("Destroying device %d\n", id);
- scsi_disk_destroy(s->scsi_dev[id]);
+ s->scsi_dev[id]->destroy(s->scsi_dev[id]);
}
DPRINTF("Attaching block device %d\n", id);
/* Command queueing is not implemented. */
- s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
+ s->scsi_dev[id] = scsi_generic_init(bd, 0, esp_command_complete, s);
+ if (s->scsi_dev[id] == NULL)
+ s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
}
void *esp_init(target_phys_addr_t espaddr,
Index: qemu/hw/lsi53c895a.c
===================================================================
--- qemu.orig/hw/lsi53c895a.c 2007-11-28 11:44:31.000000000 +0100
+++ qemu/hw/lsi53c895a.c 2007-11-28 13:12:02.000000000 +0100
@@ -465,7 +465,8 @@ static void lsi_do_dma(LSIState *s, int
s->dbc -= count;
if (s->dma_buf == NULL) {
- s->dma_buf = scsi_get_buf(s->current_dev, s->current_tag);
+ s->dma_buf = s->current_dev->get_buf(s->current_dev,
+ s->current_tag);
}
/* ??? Set SFBR to first data byte. */
@@ -479,10 +480,10 @@ static void lsi_do_dma(LSIState *s, int
s->dma_buf = NULL;
if (out) {
/* Write the data. */
- scsi_write_data(s->current_dev, s->current_tag);
+ s->current_dev->write_data(s->current_dev, s->current_tag);
} else {
/* Request any remaining data. */
- scsi_read_data(s->current_dev, s->current_tag);
+ s->current_dev->read_data(s->current_dev, s->current_tag);
}
} else {
s->dma_buf += count;
@@ -631,13 +632,14 @@ static void lsi_do_command(LSIState *s)
s->dbc = 16;
cpu_physical_memory_read(s->dnad, buf, s->dbc);
s->sfbr = buf[0];
- n = scsi_send_command(s->current_dev, s->current_tag, buf, s->current_lun);
+ n = s->current_dev->send_command(s->current_dev, s->current_tag, buf,
+ s->current_lun);
if (n > 0) {
lsi_set_phase(s, PHASE_DI);
- scsi_read_data(s->current_dev, s->current_tag);
+ s->current_dev->read_data(s->current_dev, s->current_tag);
} else if (n < 0) {
lsi_set_phase(s, PHASE_DO);
- scsi_write_data(s->current_dev, s->current_tag);
+ s->current_dev->write_data(s->current_dev, s->current_tag);
}
if (n && s->current_dma_len == 0) {
/* Command did not complete immediately so disconnect. */
@@ -1268,6 +1270,8 @@ static uint8_t lsi_reg_readb(LSIState *s
return s->ctest4;
case 0x22: /* CTEST5 */
return s->ctest5;
+ case 0x23: /* CTEST6 */
+ return 0;
case 0x24: /* DBC[0:7] */
return s->dbc & 0xff;
case 0x25: /* DBC[8:15] */
@@ -1822,10 +1826,12 @@ void lsi_scsi_attach(void *opaque, Block
}
if (s->scsi_dev[id]) {
DPRINTF("Destroying device %d\n", id);
- scsi_disk_destroy(s->scsi_dev[id]);
+ s->scsi_dev[id]->destroy(s->scsi_dev[id]);
}
DPRINTF("Attaching block device %d\n", id);
- s->scsi_dev[id] = scsi_disk_init(bd, 1, lsi_command_complete, s);
+ s->scsi_dev[id] = scsi_generic_init(bd, 1, lsi_command_complete, s);
+ if (s->scsi_dev[id] == NULL)
+ s->scsi_dev[id] = scsi_disk_init(bd, 1, lsi_command_complete, s);
}
void *lsi_scsi_init(PCIBus *bus, int devfn)
Index: qemu/hw/usb-msd.c
===================================================================
--- qemu.orig/hw/usb-msd.c 2007-11-28 11:39:19.000000000 +0100
+++ qemu/hw/usb-msd.c 2007-11-28 11:44:37.000000000 +0100
@@ -149,9 +149,9 @@ static void usb_msd_copy_data(MSDState *
s->data_len -= len;
if (s->scsi_len == 0) {
if (s->mode == USB_MSDM_DATAIN) {
- scsi_read_data(s->scsi_dev, s->tag);
+ s->scsi_dev->read_data(s->scsi_dev, s->tag);
} else if (s->mode == USB_MSDM_DATAOUT) {
- scsi_write_data(s->scsi_dev, s->tag);
+ s->scsi_dev->write_data(s->scsi_dev, s->tag);
}
}
}
@@ -204,7 +204,7 @@ static void usb_msd_command_complete(voi
return;
}
s->scsi_len = arg;
- s->scsi_buf = scsi_get_buf(s->scsi_dev, tag);
+ s->scsi_buf = s->scsi_dev->get_buf(s->scsi_dev, tag);
if (p) {
usb_msd_copy_data(s);
if (s->usb_len == 0) {
@@ -342,7 +342,7 @@ static int usb_msd_handle_control(USBDev
static void usb_msd_cancel_io(USBPacket *p, void *opaque)
{
MSDState *s = opaque;
- scsi_cancel_io(s->scsi_dev, s->tag);
+ s->scsi_dev->cancel_io(s->scsi_dev, s->tag);
s->packet = NULL;
s->scsi_len = 0;
}
@@ -390,14 +390,14 @@ static int usb_msd_handle_data(USBDevice
DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
s->tag, cbw.flags, cbw.cmd_len, s->data_len);
s->residue = 0;
- scsi_send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
+ s->scsi_dev->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
/* ??? Should check that USB and SCSI data transfer
directions match. */
if (s->residue == 0) {
if (s->mode == USB_MSDM_DATAIN) {
- scsi_read_data(s->scsi_dev, s->tag);
+ s->scsi_dev->read_data(s->scsi_dev, s->tag);
} else if (s->mode == USB_MSDM_DATAOUT) {
- scsi_write_data(s->scsi_dev, s->tag);
+ s->scsi_dev->write_data(s->scsi_dev, s->tag);
}
}
ret = len;
@@ -508,7 +508,7 @@ static void usb_msd_handle_destroy(USBDe
{
MSDState *s = (MSDState *)dev;
- scsi_disk_destroy(s->scsi_dev);
+ s->scsi_dev->destroy(s->scsi_dev);
bdrv_delete(s->bs);
qemu_free(s);
}
Index: qemu/hw/scsi-generic.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ qemu/hw/scsi-generic.c 2007-11-28 13:12:12.000000000 +0100
@@ -0,0 +1,577 @@
+/*
+ * Generic SCSI Device support
+ *
+ * Copyright (c) 2007 Bull S.A.S.
+ * Based on code by Paul Brook
+ * Based on code by Fabrice Bellard
+ *
+ * Written by Laurent Vivier <[EMAIL PROTECTED]>
+ *
+ * This code is licenced under the LGPL.
+ *
+ */
+
+#include "qemu-common.h"
+#include "block.h"
+#include "scsi-disk.h"
+
+#ifndef __linux__
+
+SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque)
+{
+ return NULL;
+}
+
+#else /* __linux__ */
+
+//#define DEBUG_SCSI
+
+#ifdef DEBUG_SCSI
+#define DPRINTF(fmt, args...) \
+do { printf("scsi-generic: " fmt , ##args); } while (0)
+#else
+#define DPRINTF(fmt, args...) do {} while(0)
+#endif
+
+#define BADF(fmt, args...) \
+do { fprintf(stderr, "scsi-generic: " fmt , ##args); } while (0)
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <scsi/sg.h>
+#include <scsi/scsi.h>
+
+#define LOAD_UNLOAD 0xa6
+#define SET_CD_SPEED 0xbb
+
+#define SCSI_CMD_BUF_SIZE 16
+#define SCSI_SENSE_BUF_SIZE 32
+
+#define SG_ERR_DRIVER_SENSE 0x08
+
+typedef struct SCSIRequest {
+ struct SCSIRequest *next;
+ SCSIDeviceState *dev;
+ uint32_t tag;
+ uint8_t cmd[SCSI_CMD_BUF_SIZE];
+ int cmdlen;
+ uint8_t *buf;
+ int buflen;
+ int len;
+ int driver_status;
+ uint8_t sensebuf[SCSI_SENSE_BUF_SIZE];
+} SCSIRequest;
+
+struct SCSIDeviceState
+{
+ SCSIRequest *requests;
+ BlockDriverState *bdrv;
+ int blocksize;
+ int lun;
+ scsi_completionfn completion;
+ void *opaque;
+};
+
+/* Global pool of SCSIRequest structures. */
+static SCSIRequest *free_requests = NULL;
+
+static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
+{
+ SCSIRequest *r;
+
+ if (free_requests) {
+ r = free_requests;
+ free_requests = r->next;
+ } else {
+ r = qemu_malloc(sizeof(SCSIRequest));
+ r->buf = NULL;
+ r->buflen = 0;
+ }
+ r->dev = s;
+ r->tag = tag;
+ memset(r->cmd, 0, sizeof(r->cmd));
+ memset(r->sensebuf, 0, sizeof(r->sensebuf));
+ r->cmdlen = 0;
+ r->len = 0;
+
+ /* link */
+
+ r->next = s->requests;
+ s->requests = r;
+ return r;
+}
+
+static void scsi_remove_request(SCSIRequest *r)
+{
+ SCSIRequest *last;
+ SCSIDeviceState *s = r->dev;
+
+ if (s->requests == r) {
+ s->requests = r->next;
+ } else {
+ last = s->requests;
+ while (last && last->next != r)
+ last = last->next;
+ if (last) {
+ last->next = r->next;
+ } else {
+ BADF("Orphaned request\n");
+ }
+ }
+ r->next = free_requests;
+ free_requests = r;
+}
+
+static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
+{
+ SCSIRequest *r;
+
+ r = s->requests;
+ while (r && r->tag != tag)
+ r = r->next;
+
+ return r;
+}
+
+static int scsi_get_sense(SCSIRequest *r)
+{
+ if ((r->driver_status & SG_ERR_DRIVER_SENSE) == 0)
+ return NO_SENSE;
+ return r->sensebuf[2] & 0x0f;
+}
+
+/* Helper function for command completion. */
+static void scsi_command_complete(SCSIRequest *r, int sense)
+{
+ SCSIDeviceState *s = r->dev;
+ uint32_t tag;
+ DPRINTF("Command complete 0x%p tag=0x%x sense=%d\n", r, r->tag, sense);
+ tag = r->tag;
+ scsi_remove_request(r);
+ s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
+}
+
+/* Cancel a pending data transfer. */
+static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
+{
+ DPRINTF("scsi_cancel_io 0x%x\n", tag);
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ DPRINTF("Cancel tag=0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (r) {
+ scsi_remove_request(r);
+ }
+}
+
+static int execute_command(BlockDriverState *bdrv, uint8_t *cmdbuf, int cmdlen,
+ uint8_t *outbuf, uint32_t outlen,
+ uint8_t *sensebuf, int senselen,
+ int direction, int *len)
+{
+ sg_io_hdr_t io_header;
+ int ret;
+
+ memset(&io_header, 0, sizeof(io_header));
+ io_header.interface_id = 'S';
+ io_header.dxfer_direction = direction;
+ io_header.dxfer_len = outlen;
+ io_header.dxferp = outbuf;
+ io_header.cmdp = cmdbuf;
+ io_header.cmd_len = cmdlen;
+ io_header.mx_sb_len = senselen;
+ io_header.sbp = sensebuf;
+ io_header.timeout = 6000; /* XXX */
+
+ ret = bdrv_pwrite(bdrv, -1, &io_header, sizeof(io_header));
+ if (ret == -1) {
+ BADF("execute_command: write failed ! (%d)\n", errno);
+ return -1;
+ }
+ while ((ret = bdrv_pread(bdrv, -1, &io_header, sizeof(io_header))) == -1 &&
+ errno == EINTR);
+
+ if (ret == -1) {
+ BADF("execute_command: read failed !\n");
+ return -1;
+ }
+
+ if (len != NULL)
+ *len = io_header.dxfer_len - io_header.resid;
+
+ return io_header.driver_status;
+}
+
+/* Read more data from scsi device into buffer. */
+static void scsi_read_data(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ int len;
+
+ DPRINTF("scsi_read_data 0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad read tag 0x%x\n", tag);
+ /* ??? This is the wrong error. */
+ scsi_command_complete(r, HARDWARE_ERROR);
+ return;
+ }
+
+ if (r->len == -1) {
+ scsi_command_complete(r, scsi_get_sense(r));
+ return;
+ }
+
+ len = r->len;
+ r->len = -1;
+ s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
+}
+
+/* Write data to a scsi device. Returns nonzero on failure.
+ The transfer may complete asynchronously. */
+static int scsi_write_data(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ int ret;
+
+ DPRINTF("scsi_write_data 0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad write tag 0x%x\n", tag);
+ /* ??? This is the wrong error. */
+ scsi_command_complete(r, HARDWARE_ERROR);
+ return 0;
+ }
+
+ if (r->len == 0) {
+ r->len = r->buflen;
+ s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->len);
+ return 0;
+ }
+
+ ret = execute_command(s->bdrv, r->cmd, r->cmdlen, r->buf, r->len,
+ r->sensebuf, sizeof(r->sensebuf),
+ SG_DXFER_TO_DEV, NULL);
+ if (ret == -1) {
+ scsi_command_complete(r, HARDWARE_ERROR);
+ return 1;
+ }
+ r->driver_status = ret;
+ scsi_command_complete(r, scsi_get_sense(r));
+
+ return 0;
+}
+
+/* Return a pointer to the data buffer. */
+static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
+{
+ SCSIDeviceState *s = d->state;
+ SCSIRequest *r;
+ DPRINTF("scsi_get_buf 0x%x\n", tag);
+ r = scsi_find_request(s, tag);
+ if (!r) {
+ BADF("Bad buffer tag 0x%x\n", tag);
+ return NULL;
+ }
+ return r->buf;
+}
+
+static int scsi_length(uint8_t *cmd, int blocksize, int *cmdlen, uint32_t *len)
+{
+ switch (cmd[0] >> 5) {
+ case 0:
+ *len = cmd[4];
+ *cmdlen = 6;
+ break;
+ case 1:
+ case 2:
+ *len = cmd[8] | (cmd[7] << 8);
+ *cmdlen = 10;
+ break;
+ case 4:
+ *len = cmd[13] | (cmd[12] << 8) | (cmd[11] << 16) | (cmd[10] << 24);
+ *cmdlen = 16;
+ break;
+ case 5:
+ *len = cmd[9] | (cmd[8] << 8) | (cmd[7] << 16) | (cmd[6] << 24);
+ *cmdlen = 12;
+ break;
+ default:
+ return -1;
+ }
+
+ switch(cmd[0]) {
+ case TEST_UNIT_READY:
+ case REZERO_UNIT:
+ case START_STOP:
+ case SEEK_6:
+ case WRITE_FILEMARKS:
+ case SPACE:
+ case ERASE:
+ case ALLOW_MEDIUM_REMOVAL:
+ case VERIFY:
+ case SEEK_10:
+ case SYNCHRONIZE_CACHE:
+ case LOCK_UNLOCK_CACHE:
+ case LOAD_UNLOAD:
+ case SET_CD_SPEED:
+ case SET_LIMITS:
+ case WRITE_LONG:
+ case MOVE_MEDIUM:
+ case UPDATE_BLOCK:
+ *len = 0;
+ break;
+ case MODE_SENSE:
+ break;
+ case WRITE_SAME:
+ *len = 1;
+ break;
+ case READ_CAPACITY:
+ *len = 8;
+ break;
+ case READ_BLOCK_LIMITS:
+ *len = 6;
+ break;
+ case READ_POSITION:
+ *len = 20;
+ break;
+ case SEND_VOLUME_TAG:
+ *len *= 40;
+ break;
+ case MEDIUM_SCAN:
+ *len *= 8;
+ break;
+ case WRITE_VERIFY:
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ *len *= blocksize;
+ break;
+ case READ_6:
+ case READ_REVERSE:
+ case RECOVER_BUFFERED_DATA:
+ case READ_10:
+ case READ_12:
+ *len *= blocksize;
+ break;
+ }
+ return 0;
+}
+
+static int is_write(int command)
+{
+ switch (command) {
+ case COPY:
+ case COPY_VERIFY:
+ case COMPARE:
+ case CHANGE_DEFINITION:
+ case LOG_SELECT:
+ case MODE_SELECT:
+ case MODE_SELECT_10:
+ case SEND_DIAGNOSTIC:
+ case WRITE_BUFFER:
+ case FORMAT_UNIT:
+ case REASSIGN_BLOCKS:
+ case RESERVE:
+ case SEARCH_EQUAL:
+ case SEARCH_HIGH:
+ case SEARCH_LOW:
+ case WRITE_6:
+ case WRITE_10:
+ case WRITE_VERIFY:
+ case UPDATE_BLOCK:
+ case WRITE_LONG:
+ case WRITE_SAME:
+ case SEARCH_HIGH_12:
+ case SEARCH_EQUAL_12:
+ case SEARCH_LOW_12:
+ case WRITE_12:
+ case WRITE_VERIFY_12:
+ case SET_WINDOW:
+ case MEDIUM_SCAN:
+ case SEND_VOLUME_TAG:
+ case WRITE_LONG_2:
+ return 1;
+ }
+ return 0;
+}
+
+/* Execute a scsi command. Returns the length of the data expected by the
+ command. This will be Positive for data transfers from the device
+ (eg. disk reads), negative for transfers to the device (eg. disk writes),
+ and zero if the command does not transfer any data. */
+
+static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
+ uint8_t *cmd, int lun)
+{
+ SCSIDeviceState *s = d->state;
+ uint32_t len;
+ int cmdlen;
+ SCSIRequest *r;
+ int ret;
+
+ r = scsi_find_request(s, tag);
+ if (r) {
+ BADF("Tag 0x%x already in use %p\n", tag, r);
+ scsi_cancel_io(d, tag);
+ }
+ r = scsi_new_request(s, tag);
+
+ /* ??? Tags are not unique for different luns. We only implement a
+ single lun, so this should not matter. */
+
+ if (lun != s->lun || (cmd[1] >> 5) != s->lun) {
+ DPRINTF("Unimplemented LUN %d\n", lun ? lun : cmd[1] >> 5);
+ scsi_command_complete(r, ILLEGAL_REQUEST);
+ return 0;
+ }
+
+ if (scsi_length(cmd, s->blocksize, &cmdlen, &len) == -1) {
+ BADF("Unsupported command length, command %x\n", cmd[0]);
+ return 0;
+ }
+
+ DPRINTF("Command: lun=%d tag=0x%x data=0x%02x len %d\n", lun, tag,
+ command, len);
+
+ memcpy(r->cmd, cmd, cmdlen);
+ r->cmdlen = cmdlen;
+
+ if (len == 0) {
+ ret = execute_command(s->bdrv, r->cmd, r->cmdlen, NULL, 0,
+ r->sensebuf, sizeof(r->sensebuf),
+ SG_DXFER_NONE, NULL);
+ if (ret == -1) {
+ scsi_command_complete(r, HARDWARE_ERROR);
+ return 0;
+ }
+ r->driver_status = ret;
+
+ scsi_command_complete(r, scsi_get_sense(r));
+ return 0;
+ }
+
+ if (r->buflen != len) {
+ if (r->buf != NULL)
+ free(r->buf);
+ posix_memalign((void**)&r->buf, 512, len);
+ r->buflen = len;
+ }
+
+ memset(r->buf, 0, r->buflen);
+ r->len = len;
+ if (is_write(cmd[0])) {
+ r->len = 0;
+ return -len;
+ }
+
+ ret = execute_command(s->bdrv, r->cmd, r->cmdlen, r->buf, r->len,
+ r->sensebuf, sizeof(r->sensebuf),
+ SG_DXFER_FROM_DEV, &len);
+ if (ret == -1) {
+ scsi_command_complete(r, HARDWARE_ERROR);
+ return 0;
+ }
+ r->len = len;
+ r->driver_status = ret;
+
+ return len;
+}
+
+static int get_blocksize(BlockDriverState *bdrv)
+{
+ uint8_t cmd[10];
+ uint8_t buf[8];
+ uint8_t sensebuf[8];
+ int ret;
+
+ memset(cmd, sizeof(cmd), 0);
+ memset(buf, sizeof(buf), 0);
+ cmd[0] = READ_CAPACITY;
+ ret = execute_command(bdrv, cmd, sizeof(cmd), buf, sizeof(buf),
+ sensebuf, sizeof(sensebuf),
+ SG_DXFER_FROM_DEV, NULL);
+ if (ret < 0)
+ return -1;
+ return (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7];
+}
+
+static void scsi_destroy(SCSIDevice *d)
+{
+ SCSIRequest *r, *n;
+
+ r = d->state->requests;
+ while (r) {
+ n = r->next;
+ qemu_free(r);
+ r = n;
+ }
+
+ r = free_requests;
+ while (r) {
+ n = r->next;
+ qemu_free(r);
+ r = n;
+ }
+
+ qemu_free(d->state);
+ qemu_free(d);
+}
+
+SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque)
+{
+ int sg_version;
+ SCSIDevice *d;
+ SCSIDeviceState *s;
+ struct sg_scsi_id scsiid;
+
+ /* check we are really using a /dev/sg* file */
+
+ if (!bdrv_is_sg(bdrv))
+ return NULL;
+
+ /* check we are using a driver managing SG_IO (version 3 and after */
+
+ if (bdrv_ioctl(bdrv, SG_GET_VERSION_NUM, (char*)&sg_version) < 0 ||
+ sg_version < 30000)
+ return NULL;
+
+ /* get LUN of the /dev/sg? */
+
+ if (bdrv_ioctl(bdrv, SG_GET_SCSI_ID, &scsiid))
+ return NULL;
+
+ /* define device state */
+
+ s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
+ s->bdrv = bdrv;
+ s->requests = NULL;
+ s->completion = completion;
+ s->opaque = opaque;
+ s->lun = scsiid.lun;
+ s->blocksize = get_blocksize(s->bdrv);
+ /* removable media returns 0 if not present */
+ if (s->blocksize <= 0)
+ s->blocksize = 2048;
+
+ /* define function to manage device */
+
+ d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
+ d->state = s;
+ d->destroy = scsi_destroy;
+ d->send_command = scsi_send_command;
+ d->read_data = scsi_read_data;
+ d->write_data = scsi_write_data;
+ d->cancel_io = scsi_cancel_io;
+ d->get_buf = scsi_get_buf;
+
+ return d;
+}
+#endif /* __linux__ */
Index: qemu/Makefile
===================================================================
--- qemu.orig/Makefile 2007-11-28 11:39:19.000000000 +0100
+++ qemu/Makefile 2007-11-28 11:44:37.000000000 +0100
@@ -56,6 +56,7 @@ OBJS+=irq.o
OBJS+=i2c.o smbus.o smbus_eeprom.o max7310.o max111x.o wm8750.o
OBJS+=ssd0303.o ssd0323.o ads7846.o stellaris_input.o
OBJS+=scsi-disk.o cdrom.o
+OBJS+=scsi-generic.o
OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o
OBJS+=sd.o ssi-sd.o
Index: qemu/hw/scsi-disk.h
===================================================================
--- qemu.orig/hw/scsi-disk.h 2007-11-28 11:39:19.000000000 +0100
+++ qemu/hw/scsi-disk.h 2007-11-28 11:44:37.000000000 +0100
@@ -7,24 +7,27 @@ enum scsi_reason {
SCSI_REASON_DATA /* Transfer complete, more data required. */
};
+typedef struct SCSIDeviceState SCSIDeviceState;
typedef struct SCSIDevice SCSIDevice;
typedef void (*scsi_completionfn)(void *opaque, int reason, uint32_t tag,
uint32_t arg);
-SCSIDevice *scsi_disk_init(BlockDriverState *bdrv,
- int tcq,
- scsi_completionfn completion,
- void *opaque);
-void scsi_disk_destroy(SCSIDevice *s);
+struct SCSIDevice
+{
+ SCSIDeviceState *state;
+ void (*destroy)(SCSIDevice *s);
+ int32_t (*send_command)(SCSIDevice *s, uint32_t tag, uint8_t *buf,
+ int lun);
+ void (*read_data)(SCSIDevice *s, uint32_t tag);
+ int (*write_data)(SCSIDevice *s, uint32_t tag);
+ void (*cancel_io)(SCSIDevice *s, uint32_t tag);
+ uint8_t *(*get_buf)(SCSIDevice *s, uint32_t tag);
+};
-int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun);
-/* SCSI data transfers are asynchrnonous. However, unlike the block IO
- layer the completion routine may be called directly by
- scsi_{read,write}_data. */
-void scsi_read_data(SCSIDevice *s, uint32_t tag);
-int scsi_write_data(SCSIDevice *s, uint32_t tag);
-void scsi_cancel_io(SCSIDevice *s, uint32_t tag);
-uint8_t *scsi_get_buf(SCSIDevice *s, uint32_t tag);
+SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque);
+SCSIDevice *scsi_generic_init(BlockDriverState *bdrv, int tcq,
+ scsi_completionfn completion, void *opaque);
/* cdrom.c */
int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track);
