Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.
Signed-off-by: Herve Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds a new property named 'ver' to scsi-disk which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
-drive if=none,id=disk,file=...
-device lsi
-device scsi-disk,drive=disk,bus=scsi.0,unit=0,ver=42
You can also switch the version for all scsi drives using:
-global scsi-disk.ver=42
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
According to the SCSI-2 specification,
http://ldkelley.com/SCSI2/SCSI2/SCSI2/SCSI2-08.html#8.2.5 ,
"if the allocation length of the command descriptor block (CDB) is too
small to transfer all of the parameters, the additional length shall
not be adjusted to reflect the truncation."
The 36 mandatory bytes of response are written to outbuf, and then
only the length requested in CDB is transferred.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Vendor identification, product identification and product revision level
should be padded with spaces without a terminating NULL character, see
SCSI-2 standard, 8.2.5.1 Standard INQUIRY data.
Signed-off-by: Laszlo Ast <laszlo.ast@siemens-enterprise.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Either rename variables and functions to refer to write errors (which is what
they actually do) or introduce a parameter to distinguish reads and writes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add READ_16 + friends to scsi-defs.h, scsi_command_name() and the
request parsing helper functions.
Use them in scsi-disk.c too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move VERIFY emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move REPORT_LUNS emulation from scsi_send_command() to
scsi_disk_emulate_command().
Also add REPORT_LUNS to scsi-defs.h and scsi_command_name().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move SERVICE_ACTION_IN emulation from scsi_send_command() to
scsi_disk_emulate_command().
Also add SERVICE_ACTION_IN to scsi-defs.h and scsi_command_name().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move GET_CONFIGURATION emulation from scsi_send_command() to
scsi_disk_emulate_command().
Also add GET_CONFIGURATION to scsi-defs.h and scsi_command_name().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move READ_TOC emulation from scsi_send_command() to
scsi_disk_emulate_command(). Add scsi_disk_emulate_read_toc() function
which holds the longisch READ_TOC emulation code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move SYNCHRONIZE_CACHE emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move READ_CAPACITY emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move ALLOW_MEDIUM_REMOVAL emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move START_STOP emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move MODE_SENSE emulation from scsi_send_command() to
scsi_disk_emulate_command(). Create two helper functions:
mode_sense_page() which writes the actual mode pages and
scsi_disk_emulate_mode_sense() which holds the longish MODE_SENSE
emulation code, calling into mode_sense_page() as needed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move RESERVE+RELEASE emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move INQUIRY emulation from scsi_send_command() to
scsi_disk_emulate_command(). Also split the longish INQUITY emulation
code into the new scsi_disk_emulate_inquiry() function. Serial number
handling is slightly changed, we don't copy it any more but look it up
directly in DriveInfo which we have at hand anyway.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move REQUEST_SENSE emulation from scsi_send_command() to
scsi_disk_emulate_command().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add new scsi_disk_emulate_command() function, which will -- when
finished -- handle all scsi disk command emulation except actual I/O
(READ+WRITE commands) which goes to the block layer. The function
builds on top of the new SCSIRequest struct.
SCSI command emulation code is moved over from scsi_send_command() in
steps to ease review and make it easier to pin down regressions (if any)
using bisect. This patch moves over TEST_UNIT_READY only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Also add and use the scsi_req_complete() helper function for calling the
completion callback.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Largely based on <scsi/scsi.h> from linux. Added into the tree so we
can use the defines everywhere, not just in scsi-generic.c (which is
linux-specific).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Create generic functions to allocate, find and release SCSIRequest
structs. Make scsi-disk and scsi-generic use them.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Changes:
* Move from open-coded lists to QTAILQ macros.
* Move the struct elements to the common data structures
(SCSIDevice + SCSIRequest).
* Drop free request pools.
* Fix request cleanup in the destroy callback.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Rename the SCSIRequest structs in scsi-disk.c and scsi-generic.c to
SCSIDiskReq and SCSIGenericReq. Create a SCSIRequest struct and move
the common elements over.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The SCSI-2 documentation suggests, that although the block
descriptor is optional for an arbitrary SCSI-2 device (chapter 8.2.10,
http://ldkelley.com/SCSI2/SCSI2/SCSI2/SCSI2/SCSI2-08.html )
it is mandatory for a disk: chapters 9.1.2, 9.3.3
( http://ldkelley.com/SCSI2/SCSI2/SCSI2/SCSI2-09.html ) don't say
"optional" any more, just "The block descriptor in the MODE SENSE
data describes the block lengths that are used on the medium."
v2: limit the number of sectors reported in the block descriptor to 24 bits.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Changes:
* drive_uninit() wants a DriveInfo now.
* drive_uninit() also calls bdrv_delete(),
so callers don't need to do that.
* drive_uninit() calls are moved over to the ->exit()
callbacks, destroy_bdrvs() is zapped.
* setting bdrv->private is not needed any more as the
only user (destroy_bdrvs) is gone.
* usb-storage needs no drive_uninit, scsi-disk will
handle that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a enable_write_cache flag in the block driver state, and use it to
decide if we claim to have a volatile write cache that needs controlled
flushing from the guest. The flag is off if cache=writethrough is
defined because O_DSYNC guarantees that every write goes to stable
storage, and it is on for cache=none and cache=writeback.
Both scsi-disk and ide now use the new flage, changing from their
defaults of always off (ide) or always on (scsi-disk).
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When a VM state change handler changes VM state, other VM state change
handlers can see the state transitions out of order.
bmdma_map(), scsi_disk_init() and virtio_blk_init() install VM state
change handlers to restart DMA. These handlers can vm_stop() by
running into a write error on a drive with werror=stop. This throws
the VM state change handler callback into disarray. Here's an example
case I observed:
0. The virtual IDE drive goes south. All future writes return errors.
1. Something encounters a write error, and duly stops the VM with
vm_stop().
2. vm_stop() calls vm_state_notify(0).
3. vm_state_notify() runs the callbacks in list vm_change_state_head.
It contains ide_dma_restart_cb() installed by bmdma_map(). It also
contains audio_vm_change_state_handler() installed by audio_init().
4. audio_vm_change_state_handler() stops audio stuff.
5. User continues VM with monitor command "c". This runs vm_start().
6. vm_start() calls vm_state_notify(1).
7. vm_state_notify() runs the callbacks in vm_change_state_head.
8. ide_dma_restart_cb() happens to come first. It does its work, runs
into a write error, and duly stops the VM with vm_stop().
9. vm_stop() runs vm_state_notify(0).
10. vm_state_notify() runs the callbacks in vm_change_state_head.
11. audio_vm_change_state_handler() stops audio stuff. Which isn't
running.
12. vm_stop() finishes, ide_dma_restart_cb() finishes, step 7's
vm_state_notify() resumes running handlers.
13. audio_vm_change_state_handler() starts audio stuff. Oopsie.
Fix this by moving the actual write from each VM state change handler
into a new bottom half (suggested by Gleb Natapov).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I used the following command to enable debugging:
perl -p -i -e 's/^\/\/#define DEBUG/#define DEBUG/g' * */* */*/*
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Always use the vectored APIs to reduce code churn once we switch the BlockDriver
API to be vectored.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7019 c046a42c-6fe2-441c-8c8c-71466251a162
Implement Test Unit Ready command (return NOT READY as above
if !bdrv_is_inserted(...))
Signed-off-by: Juergen Lock <nox@jelal.kn-bremen.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6954 c046a42c-6fe2-441c-8c8c-71466251a162
Add asc 0x3a, ascq 0: Medium not present to NOT READY sense
(needed to keep some guests from retrying causing long sleeps in the
kernel)
Signed-off-by: Juergen Lock <nox@jelal.kn-bremen.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6953 c046a42c-6fe2-441c-8c8c-71466251a162
The bdrv layer uses a signed offset. Furthermore, block-raw-posix
only seeks when that offset is positive. Passing a negative offset
to block-raw-posix can result in data being written at the current
seek cursor's position.
It may be possible to exploit this to seek to the end of the disk
and extend the virtual disk by writing data to a negative sector
offset. After a reboot, this could lead to the guest having a
larger disk than it had before.
Close the hole by sanity checking the lba against the size of the
disk.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6475 c046a42c-6fe2-441c-8c8c-71466251a162
Paul Brook pointed out that the number of sectors reported
by the SCSI read capacity commands needs to be divided by
s->cluster_size, because bdrv_get_geometry reports the number
of 512 byte sectors, while emulated CDROMs report 2048 byte
sectors back to the guest.
This has no consequences for emulated hard disks, which use
a cluster size of 1.
aliguori: fixed typo
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6469 c046a42c-6fe2-441c-8c8c-71466251a162
Implement SCSI READ(16), WRITE(16) and SAI READ CAPACITY(16) commands,
so SCSI disks larger than 2TB can work with guests that support these
newer SCSI commands.
The cast to (uint64_t) is needed because otherwise gcc will use a
signed int, which gets sign extended into uint64_t lba, resulting
in bad block numbers for READ 10 and READ 16 with block numbers
larger than 2^31.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6468 c046a42c-6fe2-441c-8c8c-71466251a162