aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi-bus.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-18qdev: Use wrapper for qdev_get_pathAnthony Liguori1-4/+2
This makes it easier to remove it from BusInfo. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [AF: Drop now unnecessary NULL initialization in scsibus_get_dev_path()] Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18qdev: Move bus properties to abstract superclassesPaolo Bonzini1-1/+1
In qdev, each bus in practice identified an abstract superclass, but this was mostly hidden. In QOM, instead, these abstract classes are explicit so we can move bus properties there. All bus property walks are removed, and all device property walks are changed to look along the class hierarchy instead. We would have duplicates if class A defines some properties and its subclass B does not define any, because class_b->props will be left equal to class_a->props. The solution here is to reintroduce the class_base_init TypeInfo callback, that was present in one of the early QOM versions but removed (on my request...) before committing. This breaks global bus properties, an obscure feature when used with the command-line which is actually useful and used when used by backwards-compatible machine types. So this patch also adjusts the global bus properties in hw/pc_piix.c to refer to the abstract class. Globals and other properties must be modified in the same patch to avoid complications related to initialization ordering. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18qdev: Move bus properties to a separate globalPaolo Bonzini1-6/+8
Simple code movement in order to simplify future refactoring. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-07scsi: prepare migration code for usb-storage supportGerd Hoffmann1-4/+4
usb-storage can't handle requests in one go as the data transfer can be splitted into lots of usb packets. Because of that there can be normal in-flight requests at savevm time and we need to handle that. With other scsi hba's this happens only in case i/o is stopped due to errors and there are pending requests which need to be restarted (req->retry = true). So, first we need to save req->retry and then handle the req->retry = false case. Write requests are handled fine already. For read requests we have to save the buffer as we will not restart the request (and thus not refill the buffer) on the target host. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-25scsi: declare vmstate_info_scsi_requests to be staticJim Meyering1-1/+1
Signed-off-by: Jim Meyering <meyering@redhat.com>
2012-05-07scsi: Add assertion for use-after-free errorsStefan Weil1-0/+1
The QEMU emulation which is currently used with Raspberry PI images (qemu-system-arm -M versatilepb ...) accesses memory which was freed. Valgrind output (extract): ==17857== Invalid write of size 4 ==17857== at 0x24EB06: scsi_req_unref (scsi-bus.c:1273) ==17857== by 0x24FFAE: scsi_read_complete (scsi-disk.c:277) ==17857== by 0x152ACC: bdrv_co_em_bh (block.c:3363) ==17857== by 0x13D49C: qemu_bh_poll (async.c:71) ==17857== by 0x211A8C: main_loop_wait (main-loop.c:503) ==17857== by 0x207954: main_loop (vl.c:1555) ==17857== by 0x20E9C9: main (vl.c:3653) ==17857== Address 0x1c54383c is 12 bytes inside a block of size 260 free'd ==17857== at 0x4824B3A: free (vg_replace_malloc.c:366) ==17857== by 0x20ADFA: free_and_trace (vl.c:2250) ==17857== by 0x4899FC5: g_free (in /lib/libglib-2.0.so.0.2400.1) ==17857== by 0x24EB3B: scsi_req_unref (scsi-bus.c:1277) ==17857== by 0x24F003: scsi_req_complete (scsi-bus.c:1383) ==17857== by 0x25022A: scsi_read_data (scsi-disk.c:334) ==17857== by 0x24EB9F: scsi_req_continue (scsi-bus.c:1289) ==17857== by 0x1C7787: lsi_do_dma (lsi53c895a.c:575) ==17857== by 0x1C8CDA: lsi_execute_script (lsi53c895a.c:1147) ==17857== by 0x1C74EA: lsi_resume_script (lsi53c895a.c:510) ==17857== by 0x1C7ECD: lsi_transfer_data (lsi53c895a.c:746) ==17857== by 0x24EC90: scsi_req_data (scsi-bus.c:1307) (There are some more similar messages.) This patch adds an assertion which also detects those errors: Calling scsi_req_unref is not allowed when the previous call of that function has decremented refcount to 0, because in this case req was freed. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: set VALID bit to 0 in fixed format sense dataPaolo Bonzini1-2/+2
The INFORMATION field (bytes 3..6) is never set by QEMU, so the VALID bit must be 0. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: do not require a minimum allocation length for REQUEST SENSEPaolo Bonzini1-5/+2
The requirements on the REQUEST SENSE buffer size are not in my copy of SPC (SPC-4 r27) and not observed by LIO. Rip them out. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: do not require a minimum allocation length for INQUIRYPaolo Bonzini1-8/+0
The requirements on the INQUIRY buffer size are not in my copy of SPC (SPC-4 r27) and not observed by LIO. Rip them out. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: parse 16-byte tape CDBsPaolo Bonzini1-0/+10
The transfer length for these commands is different from the transfer length of the corresponding disk commands, so parse it specially. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: do not report bogus overruns for commands in the 0x00-0x1F rangePaolo Bonzini1-6/+10
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only needed for READ_6 and WRITE_6. No other command in that range needs that special-casing, and the resulting overrun breaks scsi-testsuite's attempt to use command 2 as a known-invalid command. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commandsRonnie Sahlberg1-0/+2
scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI commands that come in from the guest. If the direction is set incorrectly this will eventually cause QEMU to kernel-panic the guest. Add UNMAP and ATAPASSTHROUGH as commands that send data to the device. Without this change, recent kernels will send both UNMAP as well as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the incorrect xfer direction very quickly causes the guest kernel to crash. Example causing a crash without the patch applied: ./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6 Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: fix WRITE SAME transfer length and directionPaolo Bonzini1-6/+8
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: prevent data transfer overflowPaolo Bonzini1-12/+26
Avoid sending more than 2GB of data, as that can cause overflows in int32_t variables. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19scsi: add SANITIZE commandPaolo Bonzini1-0/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19scsi: fix memory leakPaolo Bonzini1-2/+5
scsibus_get_dev_path is leaking id if it is not NULL. Fix it. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-03-19scsi: add get_dev_pathPaolo Bonzini1-0/+18
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-24scsi: fix searching for an empty idPaolo Bonzini1-5/+10
The conditions for detecting no free target or LUN were wrong. The LUN loop was followed by an "if" condition that is never true, because the loop is exited as soon as lun becomes equal to bus->info->max_lun, and never becomes greater than it. The target loop had a wrong condition (<= instead of <). Once this is fixed, the loop would fail in the same way as the LUN loop. The fix is to see whether scsi_device_find returned the device with the last (channel, target, LUN) pair, and fail if so. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-24scsi: fix wrong return for target INQUIRYPaolo Bonzini1-1/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-22scsi: add SCSIDevice vmstate definitionsPaolo Bonzini1-3/+104
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-22scsi-disk: enable scatter/gather functionalityPaolo Bonzini1-0/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-22scsi: add scatter/gather functionalityPaolo Bonzini1-2/+26
Scatter/gather functionality uses the newly added DMA helpers. The device can choose between doing DMA itself, or calling scsi_req_data as usual, which will use the newly added DMA helpers to copy piecewise to/from the destination area(s). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-22scsi: pass residual amount to command_completePaolo Bonzini1-4/+8
With the upcoming sglist support, HBAs will not see any transfer_data call and will not have a way to detect short transfers. So pass the residual amount of data upon command completion. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-02-15qom: Unify type registrationAndreas Färber1-2/+2
Replace device_init() with generalized type_init(). While at it, unify naming convention: type_init([$prefix_]register_types) Also, type_init() is a function, so add preceding blank line where necessary and don't put a semicolon after the closing brace. Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Anthony Liguori <anthony@codemonkey.ws> Cc: malc <av1474@comtv.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-03qdev: kill off DeviceInfoAnthony Liguori1-1/+1
It is no longer used in the tree since everything is done natively through QEMU Object Model. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-03qdev: register all types natively through QEMU Object ModelAnthony Liguori1-9/+10
This was done in a mostly automated fashion. I did it in three steps and then rebased it into a single step which avoids repeatedly touching every file in the tree. The first step was a sed-based addition of the parent type to the subclass registration functions. The second step was another sed-based removal of subclass registration functions while also adding virtual functions from the base class into a class_init function as appropriate. Finally, a python script was used to convert the DeviceInfo structures and qdev_register_subclass functions to TypeInfo structures, class_init functions, and type_register_static calls. We are almost fully converted to QOM after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-27scsi: convert to QEMU Object ModelAnthony Liguori1-26/+69
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-22scsi: fix fw pathPaolo Bonzini1-2/+2
The pre-1.0 firmware path for SCSI devices already included the LUN using the suffix argument to add_boot_device_path. Avoid that it is included twice, and convert the colons to commas for consistency with other kinds of devices Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-22usb-msd: do not register twice in the boot orderPaolo Bonzini1-2/+5
USB mass storage devices are registered twice in the boot order. To avoid having to keep the two paths in sync, pass the bootindex property down to the scsi-disk device and let it register itself. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-18scsi: pass down REQUEST SENSE to the device when there is no stored sensePaolo Bonzini1-3/+1
This will let scsi-block/scsi-generic report progress on long operations. Reported-by: Thomas Schmitt <scdbackup@gmxbackup.net> Tested-by: Thomas Schmitt <scdbackup@gmxbackup.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-18scsi: fix parsing of allocation length fieldPaolo Bonzini1-10/+87
- several MMC commands were parsed wrong by QEMU because their allocation length/parameter list length is placed in a non-standard position in the CDB (i.e. it is different from most commands with the same value in bits 5-7). - SEND VOLUME TAG length was multiplied by 40 which is not in SMC. The parameter list length is between 32 and 40 bytes. Same for MEDIUM SCAN (spec found at http://ldkelley.com/SCSI2/SCSI2-16.html but not in any of the PDFs I have here). - READ_POSITION (SSC) conflicts with PRE_FETCH (SBC). READ_POSITION's transfer length is not hardcoded to 20 in SSC; for PRE_FETCH cmd->xfer should be 0. Both fixed. - FORMAT MEDIUM (the SSC name for FORMAT UNIT) was missing. The FORMAT UNIT command is still somewhat broken for block devices because its parameter list length is not in the CDB. However it works for CD/DVD drives, which mandate the length of the payload. - fixed wrong sign-extensions for 32-bit fields (for the LBA field, this affects disks >1 TB). - several other SBC or SSC commands were missing or parsed wrong. - some commands were not in the list of "write" commands. Reported-by: Thomas Schmitt <scdbackup@gmx.net> Tested-by: Thomas Schmitt <scdbackup@gmx.net> (MMC bits only) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-18scsi: update list of commandsPaolo Bonzini1-6/+19
Add more commands and their names, and remove SEEK(6) which is obsolete. Instead, use SET_CAPACITY which is still in SSC. Tested-by: Thomas Schmitt <scdbackup@gmx.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-18scsi: fix fw pathPaolo Bonzini1-1/+1
The pre-1.0 firmware path for SCSI devices already included the LUN using the suffix argument to add_boot_device_path. I missed that when making channel and LUN customizable. Avoid that it is included twice, and convert the colons to commas for consistency with other kinds of devices Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: push request restart to SCSIDevicePaolo Bonzini1-0/+56
The request restart mechanism is generic and could be reused for scsi-generic. In the meanwhile, pushing it to SCSIDevice avoids that scsi_dma_restart_bh looks at SCSIGenericReqs when working on a scsi-block device. The code is the same that is already in hw/scsi-disk.c, with the type flags replaced by req->cmd.mode and a more generic way to requeue SCSI_XFER_NONE commands. I also added a missing call to qemu_del_vm_change_state_handler. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: do not call transfer_data after canceling a requestPaolo Bonzini1-4/+19
Otherwise, if cancellation is "faked" by the AIO layer and goes through qemu_aio_flush, the whole request is completed synchronously during scsi_req_cancel. Using the enqueued flag would work here, but not in the next patches, so I'm introducing a new io_canceled flag. That's because scsi_req_data is a synchronous callback and the enqueued flag might be reset by the time it returns. scsi-disk cannot unref the request until after calling scsi_req_data. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: pass cdb to alloc_reqPaolo Bonzini1-1/+1
This will let scsi-block choose between passthrough and emulation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: make reqops constPaolo Bonzini1-5/+5
Also delete a stale occurrence of SCSIReqOps inside SCSIDeviceInfo. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: add channel to addressingPaolo Bonzini1-9/+15
This also requires little more than adding the new argument to scsi_device_find, and the qdev property. All devices by default end up on channel 0. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: allow arbitrary LUNsPaolo Bonzini1-16/+32
This only requires changes in two places: in SCSIBus, we need to look for a free LUN if somebody creates a device with a pre-existing scsi-id but the default LUN (-1, meaning "search for a free spot"); in vSCSI, we need to actually parse the LUN according to the SCSI spec. For vSCSI, max_target/max_lun are set according to the logical unit addressing format in SAM. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: implement REPORT LUNS for arbitrary LUNsPaolo Bonzini1-10/+39
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: remove devs array from SCSIBusPaolo Bonzini1-23/+30
Change the devs array into a linked list, and add a scsi_device_find function to navigate the children list instead. This lets the SCSI bus use more complex addressing, and HBAs can talk to the correct device when there are multiple LUNs per target. scsi_device_find may return another LUN on the same target if none is found that matches exactly. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: move tcq/ndev to SCSIBusOps (now SCSIBusInfo)Paolo Bonzini1-15/+12
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi-disk: report media changed via unit attention sense codesPaolo Bonzini1-0/+5
Building on the previous patch, this one adds a media change callback to scsi-disk. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28scsi: notify the device when unit attention is reportedPaolo Bonzini1-5/+27
Reporting media change events via unit attention sense codes requires a small state machine: first report "NO MEDIUM", then report "MEDIUM MAY HAVE CHANGED". Unfortunately there is no good hooking point for the device to notice that its pending unit attention condition has been reported. This patch reworks the generic machinery to add one. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28atapi/scsi: unify definitions for MMCPaolo Bonzini1-1/+1
The definitions in ide/internal.h are duplicates, since ATAPI commands actually come from SCSI. Use the ones in scsi-defs.h and move the missing ones there. Two exceptions: - MODE_PAGE_WRITE_PARMS conflicts with the "flexible disk geometry" page in scsi-disk.c. It is unused, so pick the latter. - GPCMD_* is left in ide/internal.h, at least for now. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-09-20scsi: fix sign extension problemsPaolo Bonzini1-15/+7
When assigning a 32-bit value to cmd->xfer (which is 64-bits) it can be erroneously sign extended because the intermediate 32-bit computation is signed. Fix this by standardizing on the ld*_be_p functions. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-09-12scsi-disk: Fix START_STOP to fail when it can't ejectMarkus Armbruster1-0/+10
Don't fail when tray is already open. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-09-10scsi-bus: remove duplicate table entriesBlue Swirl1-3/+1
Remove duplicate entries from SCSI command table, spotted by clang analyzer: /src/qemu/hw/scsi-bus.c:979:40: warning: initializer overrides prior initialization of this subobject [ ERASE_16 ] = "ERASE_16", /src/qemu/hw/scsi-bus.c:978:40: note: previous initialization is here [ WRITE_SAME_16 ] = "WRITE_SAME_16", /src/qemu/hw/scsi-bus.c:984:40: warning: initializer overrides prior initialization of this subobject [ MAINTENANCE_IN ] = "MAINTENANCE_IN", /src/qemu/hw/scsi-bus.c:917:40: note: previous initialization is here [ MAINTENANCE_IN ] = "MAINTENANCE_IN", /src/qemu/hw/scsi-bus.c:985:40: warning: initializer overrides prior initialization of this subobject [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT", /src/qemu/hw/scsi-bus.c:918:40: note: previous initialization is here [ MAINTENANCE_OUT ] = "MAINTENANCE_OUT", Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-09-06scsi: fill in additional sense length correctlyPaolo Bonzini1-1/+2
Even though we do not use them, we should include the last three bytes of sense data in the additional sense length. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-09-06scsi: refine constants for READ CAPACITY 16Paolo Bonzini1-1/+2
Rename SERVICE_ACTION_IN to SERVICE_ACTION_IN_16 to distinguish from the 12-byte CDB variant, and add a constant for the subcommand. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>