dev-uas.c 28 KB


  1. /*
  2. * UAS (USB Attached SCSI) emulation
  3. *
  4. * Copyright Red Hat, Inc. 2012
  5. *
  6. * Author: Gerd Hoffmann <kraxel@redhat.com>
  7. *
  8. * This work is licensed under the terms of the GNU GPL, version 2 or later.
  9. * See the COPYING file in the top-level directory.
  10. */
  11. #include "qemu-common.h"
  12. #include "qemu/option.h"
  13. #include "qemu/config-file.h"
  14. #include "trace.h"
  15. #include "hw/usb.h"
  16. #include "hw/usb/desc.h"
  17. #include "hw/scsi/scsi.h"
  18. #include "block/scsi.h"
  19. /* --------------------------------------------------------------------- */
  20. #define UAS_UI_COMMAND 0x01
  21. #define UAS_UI_SENSE 0x03
  22. #define UAS_UI_RESPONSE 0x04
  23. #define UAS_UI_TASK_MGMT 0x05
  24. #define UAS_UI_READ_READY 0x06
  25. #define UAS_UI_WRITE_READY 0x07
  26. #define UAS_RC_TMF_COMPLETE 0x00
  27. #define UAS_RC_INVALID_INFO_UNIT 0x02
  28. #define UAS_RC_TMF_NOT_SUPPORTED 0x04
  29. #define UAS_RC_TMF_FAILED 0x05
  30. #define UAS_RC_TMF_SUCCEEDED 0x08
  31. #define UAS_RC_INCORRECT_LUN 0x09
  32. #define UAS_RC_OVERLAPPED_TAG 0x0a
  33. #define UAS_TMF_ABORT_TASK 0x01
  34. #define UAS_TMF_ABORT_TASK_SET 0x02
  35. #define UAS_TMF_CLEAR_TASK_SET 0x04
  36. #define UAS_TMF_LOGICAL_UNIT_RESET 0x08
  37. #define UAS_TMF_I_T_NEXUS_RESET 0x10
  38. #define UAS_TMF_CLEAR_ACA 0x40
  39. #define UAS_TMF_QUERY_TASK 0x80
  40. #define UAS_TMF_QUERY_TASK_SET 0x81
  41. #define UAS_TMF_QUERY_ASYNC_EVENT 0x82
  42. #define UAS_PIPE_ID_COMMAND 0x01
  43. #define UAS_PIPE_ID_STATUS 0x02
  44. #define UAS_PIPE_ID_DATA_IN 0x03
  45. #define UAS_PIPE_ID_DATA_OUT 0x04
  46. typedef struct {
  47. uint8_t id;
  48. uint8_t reserved;
  49. uint16_t tag;
  50. } QEMU_PACKED uas_iu_header;
  51. typedef struct {
  52. uint8_t prio_taskattr; /* 6:3 priority, 2:0 task attribute */
  53. uint8_t reserved_1;
  54. uint8_t add_cdb_length; /* 7:2 additional adb length (dwords) */
  55. uint8_t reserved_2;
  56. uint64_t lun;
  57. uint8_t cdb[16];
  58. uint8_t add_cdb[];
  59. } QEMU_PACKED uas_iu_command;
  60. typedef struct {
  61. uint16_t status_qualifier;
  62. uint8_t status;
  63. uint8_t reserved[7];
  64. uint16_t sense_length;
  65. uint8_t sense_data[18];
  66. } QEMU_PACKED uas_iu_sense;
  67. typedef struct {
  68. uint8_t add_response_info[3];
  69. uint8_t response_code;
  70. } QEMU_PACKED uas_iu_response;
  71. typedef struct {
  72. uint8_t function;
  73. uint8_t reserved;
  74. uint16_t task_tag;
  75. uint64_t lun;
  76. } QEMU_PACKED uas_iu_task_mgmt;
  77. typedef struct {
  78. uas_iu_header hdr;
  79. union {
  80. uas_iu_command command;
  81. uas_iu_sense sense;
  82. uas_iu_task_mgmt task;
  83. uas_iu_response response;
  84. };
  85. } QEMU_PACKED uas_iu;
  86. /* --------------------------------------------------------------------- */
  87. #define UAS_STREAM_BM_ATTR 4
  88. #define UAS_MAX_STREAMS (1 << UAS_STREAM_BM_ATTR)
  89. typedef struct UASDevice UASDevice;
  90. typedef struct UASRequest UASRequest;
  91. typedef struct UASStatus UASStatus;
  92. struct UASDevice {
  93. USBDevice dev;
  94. SCSIBus bus;
  95. QEMUBH *status_bh;
  96. QTAILQ_HEAD(, UASStatus) results;
  97. QTAILQ_HEAD(, UASRequest) requests;
  98. /* properties */
  99. uint32_t requestlog;
  100. /* usb 2.0 only */
  101. USBPacket *status2;
  102. UASRequest *datain2;
  103. UASRequest *dataout2;
  104. /* usb 3.0 only */
  105. USBPacket *data3[UAS_MAX_STREAMS + 1];
  106. USBPacket *status3[UAS_MAX_STREAMS + 1];
  107. };
  108. struct UASRequest {
  109. uint16_t tag;
  110. uint64_t lun;
  111. UASDevice *uas;
  112. SCSIDevice *dev;
  113. SCSIRequest *req;
  114. USBPacket *data;
  115. bool data_async;
  116. bool active;
  117. bool complete;
  118. uint32_t buf_off;
  119. uint32_t buf_size;
  120. uint32_t data_off;
  121. uint32_t data_size;
  122. QTAILQ_ENTRY(UASRequest) next;
  123. };
  124. struct UASStatus {
  125. uint32_t stream;
  126. uas_iu status;
  127. uint32_t length;
  128. QTAILQ_ENTRY(UASStatus) next;
  129. };
  130. /* --------------------------------------------------------------------- */
  131. enum {
  132. STR_MANUFACTURER = 1,
  133. STR_PRODUCT,
  134. STR_SERIALNUMBER,
  135. STR_CONFIG_HIGH,
  136. STR_CONFIG_SUPER,
  137. };
  138. static const USBDescStrings desc_strings = {
  139. [STR_MANUFACTURER] = "QEMU",
  140. [STR_PRODUCT] = "USB Attached SCSI HBA",
  141. [STR_SERIALNUMBER] = "27842",
  142. [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
  143. [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)",
  144. };
  145. static const USBDescIface desc_iface_high = {
  146. .bInterfaceNumber = 0,
  147. .bNumEndpoints = 4,
  148. .bInterfaceClass = USB_CLASS_MASS_STORAGE,
  149. .bInterfaceSubClass = 0x06, /* SCSI */
  150. .bInterfaceProtocol = 0x62, /* UAS */
  151. .eps = (USBDescEndpoint[]) {
  152. {
  153. .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_COMMAND,
  154. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  155. .wMaxPacketSize = 512,
  156. .extra = (uint8_t[]) {
  157. 0x04, /* u8 bLength */
  158. 0x24, /* u8 bDescriptorType */
  159. UAS_PIPE_ID_COMMAND,
  160. 0x00, /* u8 bReserved */
  161. },
  162. },{
  163. .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_STATUS,
  164. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  165. .wMaxPacketSize = 512,
  166. .extra = (uint8_t[]) {
  167. 0x04, /* u8 bLength */
  168. 0x24, /* u8 bDescriptorType */
  169. UAS_PIPE_ID_STATUS,
  170. 0x00, /* u8 bReserved */
  171. },
  172. },{
  173. .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_DATA_IN,
  174. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  175. .wMaxPacketSize = 512,
  176. .extra = (uint8_t[]) {
  177. 0x04, /* u8 bLength */
  178. 0x24, /* u8 bDescriptorType */
  179. UAS_PIPE_ID_DATA_IN,
  180. 0x00, /* u8 bReserved */
  181. },
  182. },{
  183. .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_DATA_OUT,
  184. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  185. .wMaxPacketSize = 512,
  186. .extra = (uint8_t[]) {
  187. 0x04, /* u8 bLength */
  188. 0x24, /* u8 bDescriptorType */
  189. UAS_PIPE_ID_DATA_OUT,
  190. 0x00, /* u8 bReserved */
  191. },
  192. },
  193. }
  194. };
  195. static const USBDescIface desc_iface_super = {
  196. .bInterfaceNumber = 0,
  197. .bNumEndpoints = 4,
  198. .bInterfaceClass = USB_CLASS_MASS_STORAGE,
  199. .bInterfaceSubClass = 0x06, /* SCSI */
  200. .bInterfaceProtocol = 0x62, /* UAS */
  201. .eps = (USBDescEndpoint[]) {
  202. {
  203. .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_COMMAND,
  204. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  205. .wMaxPacketSize = 1024,
  206. .bMaxBurst = 15,
  207. .extra = (uint8_t[]) {
  208. 0x04, /* u8 bLength */
  209. 0x24, /* u8 bDescriptorType */
  210. UAS_PIPE_ID_COMMAND,
  211. 0x00, /* u8 bReserved */
  212. },
  213. },{
  214. .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_STATUS,
  215. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  216. .wMaxPacketSize = 1024,
  217. .bMaxBurst = 15,
  218. .bmAttributes_super = UAS_STREAM_BM_ATTR,
  219. .extra = (uint8_t[]) {
  220. 0x04, /* u8 bLength */
  221. 0x24, /* u8 bDescriptorType */
  222. UAS_PIPE_ID_STATUS,
  223. 0x00, /* u8 bReserved */
  224. },
  225. },{
  226. .bEndpointAddress = USB_DIR_IN | UAS_PIPE_ID_DATA_IN,
  227. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  228. .wMaxPacketSize = 1024,
  229. .bMaxBurst = 15,
  230. .bmAttributes_super = UAS_STREAM_BM_ATTR,
  231. .extra = (uint8_t[]) {
  232. 0x04, /* u8 bLength */
  233. 0x24, /* u8 bDescriptorType */
  234. UAS_PIPE_ID_DATA_IN,
  235. 0x00, /* u8 bReserved */
  236. },
  237. },{
  238. .bEndpointAddress = USB_DIR_OUT | UAS_PIPE_ID_DATA_OUT,
  239. .bmAttributes = USB_ENDPOINT_XFER_BULK,
  240. .wMaxPacketSize = 1024,
  241. .bMaxBurst = 15,
  242. .bmAttributes_super = UAS_STREAM_BM_ATTR,
  243. .extra = (uint8_t[]) {
  244. 0x04, /* u8 bLength */
  245. 0x24, /* u8 bDescriptorType */
  246. UAS_PIPE_ID_DATA_OUT,
  247. 0x00, /* u8 bReserved */
  248. },
  249. },
  250. }
  251. };
  252. static const USBDescDevice desc_device_high = {
  253. .bcdUSB = 0x0200,
  254. .bMaxPacketSize0 = 64,
  255. .bNumConfigurations = 1,
  256. .confs = (USBDescConfig[]) {
  257. {
  258. .bNumInterfaces = 1,
  259. .bConfigurationValue = 1,
  260. .iConfiguration = STR_CONFIG_HIGH,
  261. .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_SELFPOWER,
  262. .nif = 1,
  263. .ifs = &desc_iface_high,
  264. },
  265. },
  266. };
  267. static const USBDescDevice desc_device_super = {
  268. .bcdUSB = 0x0300,
  269. .bMaxPacketSize0 = 64,
  270. .bNumConfigurations = 1,
  271. .confs = (USBDescConfig[]) {
  272. {
  273. .bNumInterfaces = 1,
  274. .bConfigurationValue = 1,
  275. .iConfiguration = STR_CONFIG_SUPER,
  276. .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_SELFPOWER,
  277. .nif = 1,
  278. .ifs = &desc_iface_super,
  279. },
  280. },
  281. };
  282. static const USBDesc desc = {
  283. .id = {
  284. .idVendor = 0x46f4, /* CRC16() of "QEMU" */
  285. .idProduct = 0x0003,
  286. .bcdDevice = 0,
  287. .iManufacturer = STR_MANUFACTURER,
  288. .iProduct = STR_PRODUCT,
  289. .iSerialNumber = STR_SERIALNUMBER,
  290. },
  291. .high = &desc_device_high,
  292. .super = &desc_device_super,
  293. .str = desc_strings,
  294. };
  295. /* --------------------------------------------------------------------- */
  296. static bool uas_using_streams(UASDevice *uas)
  297. {
  298. return uas->dev.speed == USB_SPEED_SUPER;
  299. }
  300. /* --------------------------------------------------------------------- */
  301. static UASStatus *usb_uas_alloc_status(UASDevice *uas, uint8_t id, uint16_t tag)
  302. {
  303. UASStatus *st = g_new0(UASStatus, 1);
  304. st->status.hdr.id = id;
  305. st->status.hdr.tag = cpu_to_be16(tag);
  306. st->length = sizeof(uas_iu_header);
  307. if (uas_using_streams(uas)) {
  308. st->stream = tag;
  309. }
  310. return st;
  311. }
  312. static void usb_uas_send_status_bh(void *opaque)
  313. {
  314. UASDevice *uas = opaque;
  315. UASStatus *st;
  316. USBPacket *p;
  317. while ((st = QTAILQ_FIRST(&uas->results)) != NULL) {
  318. if (uas_using_streams(uas)) {
  319. p = uas->status3[st->stream];
  320. uas->status3[st->stream] = NULL;
  321. } else {
  322. p = uas->status2;
  323. uas->status2 = NULL;
  324. }
  325. if (p == NULL) {
  326. break;
  327. }
  328. usb_packet_copy(p, &st->status, st->length);
  329. QTAILQ_REMOVE(&uas->results, st, next);
  330. g_free(st);
  331. p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
  332. usb_packet_complete(&uas->dev, p);
  333. }
  334. }
  335. static void usb_uas_queue_status(UASDevice *uas, UASStatus *st, int length)
  336. {
  337. USBPacket *p = uas_using_streams(uas) ?
  338. uas->status3[st->stream] : uas->status2;
  339. st->length += length;
  340. QTAILQ_INSERT_TAIL(&uas->results, st, next);
  341. if (p) {
  342. /*
  343. * Just schedule bh make sure any in-flight data transaction
  344. * is finished before completing (sending) the status packet.
  345. */
  346. qemu_bh_schedule(uas->status_bh);
  347. } else {
  348. USBEndpoint *ep = usb_ep_get(&uas->dev, USB_TOKEN_IN,
  349. UAS_PIPE_ID_STATUS);
  350. usb_wakeup(ep, st->stream);
  351. }
  352. }
  353. static void usb_uas_queue_response(UASDevice *uas, uint16_t tag, uint8_t code)
  354. {
  355. UASStatus *st = usb_uas_alloc_status(uas, UAS_UI_RESPONSE, tag);
  356. trace_usb_uas_response(uas->dev.addr, tag, code);
  357. st->status.response.response_code = code;
  358. usb_uas_queue_status(uas, st, sizeof(uas_iu_response));
  359. }
  360. static void usb_uas_queue_sense(UASRequest *req, uint8_t status)
  361. {
  362. UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_SENSE, req->tag);
  363. int len, slen = 0;
  364. trace_usb_uas_sense(req->uas->dev.addr, req->tag, status);
  365. st->status.sense.status = status;
  366. st->status.sense.status_qualifier = cpu_to_be16(0);
  367. if (status != GOOD) {
  368. slen = scsi_req_get_sense(req->req, st->status.sense.sense_data,
  369. sizeof(st->status.sense.sense_data));
  370. st->status.sense.sense_length = cpu_to_be16(slen);
  371. }
  372. len = sizeof(uas_iu_sense) - sizeof(st->status.sense.sense_data) + slen;
  373. usb_uas_queue_status(req->uas, st, len);
  374. }
  375. static void usb_uas_queue_fake_sense(UASDevice *uas, uint16_t tag,
  376. struct SCSISense sense)
  377. {
  378. UASStatus *st = usb_uas_alloc_status(uas, UAS_UI_SENSE, tag);
  379. int len, slen = 0;
  380. st->status.sense.status = CHECK_CONDITION;
  381. st->status.sense.status_qualifier = cpu_to_be16(0);
  382. st->status.sense.sense_data[0] = 0x70;
  383. st->status.sense.sense_data[2] = sense.key;
  384. st->status.sense.sense_data[7] = 10;
  385. st->status.sense.sense_data[12] = sense.asc;
  386. st->status.sense.sense_data[13] = sense.ascq;
  387. slen = 18;
  388. len = sizeof(uas_iu_sense) - sizeof(st->status.sense.sense_data) + slen;
  389. usb_uas_queue_status(uas, st, len);
  390. }
  391. static void usb_uas_queue_read_ready(UASRequest *req)
  392. {
  393. UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_READ_READY,
  394. req->tag);
  395. trace_usb_uas_read_ready(req->uas->dev.addr, req->tag);
  396. usb_uas_queue_status(req->uas, st, 0);
  397. }
  398. static void usb_uas_queue_write_ready(UASRequest *req)
  399. {
  400. UASStatus *st = usb_uas_alloc_status(req->uas, UAS_UI_WRITE_READY,
  401. req->tag);
  402. trace_usb_uas_write_ready(req->uas->dev.addr, req->tag);
  403. usb_uas_queue_status(req->uas, st, 0);
  404. }
  405. /* --------------------------------------------------------------------- */
  406. static int usb_uas_get_lun(uint64_t lun64)
  407. {
  408. return (lun64 >> 48) & 0xff;
  409. }
  410. static SCSIDevice *usb_uas_get_dev(UASDevice *uas, uint64_t lun64)
  411. {
  412. if ((lun64 >> 56) != 0x00) {
  413. return NULL;
  414. }
  415. return scsi_device_find(&uas->bus, 0, 0, usb_uas_get_lun(lun64));
  416. }
  417. static void usb_uas_complete_data_packet(UASRequest *req)
  418. {
  419. USBPacket *p;
  420. if (!req->data_async) {
  421. return;
  422. }
  423. p = req->data;
  424. req->data = NULL;
  425. req->data_async = false;
  426. p->status = USB_RET_SUCCESS; /* Clear previous ASYNC status */
  427. usb_packet_complete(&req->uas->dev, p);
  428. }
  429. static void usb_uas_copy_data(UASRequest *req)
  430. {
  431. uint32_t length;
  432. length = MIN(req->buf_size - req->buf_off,
  433. req->data->iov.size - req->data->actual_length);
  434. trace_usb_uas_xfer_data(req->uas->dev.addr, req->tag, length,
  435. req->data->actual_length, req->data->iov.size,
  436. req->buf_off, req->buf_size);
  437. usb_packet_copy(req->data, scsi_req_get_buf(req->req) + req->buf_off,
  438. length);
  439. req->buf_off += length;
  440. req->data_off += length;
  441. if (req->data->actual_length == req->data->iov.size) {
  442. usb_uas_complete_data_packet(req);
  443. }
  444. if (req->buf_size && req->buf_off == req->buf_size) {
  445. req->buf_off = 0;
  446. req->buf_size = 0;
  447. scsi_req_continue(req->req);
  448. }
  449. }
  450. static void usb_uas_start_next_transfer(UASDevice *uas)
  451. {
  452. UASRequest *req;
  453. if (uas_using_streams(uas)) {
  454. return;
  455. }
  456. QTAILQ_FOREACH(req, &uas->requests, next) {
  457. if (req->active || req->complete) {
  458. continue;
  459. }
  460. if (req->req->cmd.mode == SCSI_XFER_FROM_DEV && uas->datain2 == NULL) {
  461. uas->datain2 = req;
  462. usb_uas_queue_read_ready(req);
  463. req->active = true;
  464. return;
  465. }
  466. if (req->req->cmd.mode == SCSI_XFER_TO_DEV && uas->dataout2 == NULL) {
  467. uas->dataout2 = req;
  468. usb_uas_queue_write_ready(req);
  469. req->active = true;
  470. return;
  471. }
  472. }
  473. }
  474. static UASRequest *usb_uas_alloc_request(UASDevice *uas, uas_iu *iu)
  475. {
  476. UASRequest *req;
  477. req = g_new0(UASRequest, 1);
  478. req->uas = uas;
  479. req->tag = be16_to_cpu(iu->hdr.tag);
  480. req->lun = be64_to_cpu(iu->command.lun);
  481. req->dev = usb_uas_get_dev(req->uas, req->lun);
  482. return req;
  483. }
  484. static void usb_uas_scsi_free_request(SCSIBus *bus, void *priv)
  485. {
  486. UASRequest *req = priv;
  487. UASDevice *uas = req->uas;
  488. if (req == uas->datain2) {
  489. uas->datain2 = NULL;
  490. }
  491. if (req == uas->dataout2) {
  492. uas->dataout2 = NULL;
  493. }
  494. QTAILQ_REMOVE(&uas->requests, req, next);
  495. g_free(req);
  496. usb_uas_start_next_transfer(uas);
  497. }
  498. static UASRequest *usb_uas_find_request(UASDevice *uas, uint16_t tag)
  499. {
  500. UASRequest *req;
  501. QTAILQ_FOREACH(req, &uas->requests, next) {
  502. if (req->tag == tag) {
  503. return req;
  504. }
  505. }
  506. return NULL;
  507. }
  508. static void usb_uas_scsi_transfer_data(SCSIRequest *r, uint32_t len)
  509. {
  510. UASRequest *req = r->hba_private;
  511. trace_usb_uas_scsi_data(req->uas->dev.addr, req->tag, len);
  512. req->buf_off = 0;
  513. req->buf_size = len;
  514. if (req->data) {
  515. usb_uas_copy_data(req);
  516. } else {
  517. usb_uas_start_next_transfer(req->uas);
  518. }
  519. }
  520. static void usb_uas_scsi_command_complete(SCSIRequest *r,
  521. uint32_t status, size_t resid)
  522. {
  523. UASRequest *req = r->hba_private;
  524. trace_usb_uas_scsi_complete(req->uas->dev.addr, req->tag, status, resid);
  525. req->complete = true;
  526. if (req->data) {
  527. usb_uas_complete_data_packet(req);
  528. }
  529. usb_uas_queue_sense(req, status);
  530. scsi_req_unref(req->req);
  531. }
  532. static void usb_uas_scsi_request_cancelled(SCSIRequest *r)
  533. {
  534. UASRequest *req = r->hba_private;
  535. /* FIXME: queue notification to status pipe? */
  536. scsi_req_unref(req->req);
  537. }
  538. static const struct SCSIBusInfo usb_uas_scsi_info = {
  539. .tcq = true,
  540. .max_target = 0,
  541. .max_lun = 255,
  542. .transfer_data = usb_uas_scsi_transfer_data,
  543. .complete = usb_uas_scsi_command_complete,
  544. .cancel = usb_uas_scsi_request_cancelled,
  545. .free_request = usb_uas_scsi_free_request,
  546. };
  547. /* --------------------------------------------------------------------- */
  548. static void usb_uas_handle_reset(USBDevice *dev)
  549. {
  550. UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
  551. UASRequest *req, *nreq;
  552. UASStatus *st, *nst;
  553. trace_usb_uas_reset(dev->addr);
  554. QTAILQ_FOREACH_SAFE(req, &uas->requests, next, nreq) {
  555. scsi_req_cancel(req->req);
  556. }
  557. QTAILQ_FOREACH_SAFE(st, &uas->results, next, nst) {
  558. QTAILQ_REMOVE(&uas->results, st, next);
  559. g_free(st);
  560. }
  561. }
  562. static void usb_uas_handle_control(USBDevice *dev, USBPacket *p,
  563. int request, int value, int index, int length, uint8_t *data)
  564. {
  565. int ret;
  566. ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
  567. if (ret >= 0) {
  568. return;
  569. }
  570. fprintf(stderr, "%s: unhandled control request\n", __func__);
  571. p->status = USB_RET_STALL;
  572. }
  573. static void usb_uas_cancel_io(USBDevice *dev, USBPacket *p)
  574. {
  575. UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
  576. UASRequest *req, *nreq;
  577. int i;
  578. if (uas->status2 == p) {
  579. uas->status2 = NULL;
  580. qemu_bh_cancel(uas->status_bh);
  581. return;
  582. }
  583. if (uas_using_streams(uas)) {
  584. for (i = 0; i <= UAS_MAX_STREAMS; i++) {
  585. if (uas->status3[i] == p) {
  586. uas->status3[i] = NULL;
  587. return;
  588. }
  589. if (uas->data3[i] == p) {
  590. uas->data3[i] = NULL;
  591. return;
  592. }
  593. }
  594. }
  595. QTAILQ_FOREACH_SAFE(req, &uas->requests, next, nreq) {
  596. if (req->data == p) {
  597. req->data = NULL;
  598. return;
  599. }
  600. }
  601. assert(!"canceled usb packet not found");
  602. }
  603. static void usb_uas_command(UASDevice *uas, uas_iu *iu)
  604. {
  605. UASRequest *req;
  606. uint32_t len;
  607. uint16_t tag = be16_to_cpu(iu->hdr.tag);
  608. if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) {
  609. goto invalid_tag;
  610. }
  611. req = usb_uas_find_request(uas, tag);
  612. if (req) {
  613. goto overlapped_tag;
  614. }
  615. req = usb_uas_alloc_request(uas, iu);
  616. if (req->dev == NULL) {
  617. goto bad_target;
  618. }
  619. trace_usb_uas_command(uas->dev.addr, req->tag,
  620. usb_uas_get_lun(req->lun),
  621. req->lun >> 32, req->lun & 0xffffffff);
  622. QTAILQ_INSERT_TAIL(&uas->requests, req, next);
  623. if (uas_using_streams(uas) && uas->data3[req->tag] != NULL) {
  624. req->data = uas->data3[req->tag];
  625. req->data_async = true;
  626. uas->data3[req->tag] = NULL;
  627. }
  628. req->req = scsi_req_new(req->dev, req->tag,
  629. usb_uas_get_lun(req->lun),
  630. iu->command.cdb, req);
  631. if (uas->requestlog) {
  632. scsi_req_print(req->req);
  633. }
  634. len = scsi_req_enqueue(req->req);
  635. if (len) {
  636. req->data_size = len;
  637. scsi_req_continue(req->req);
  638. }
  639. return;
  640. invalid_tag:
  641. usb_uas_queue_fake_sense(uas, tag, sense_code_INVALID_TAG);
  642. return;
  643. overlapped_tag:
  644. usb_uas_queue_fake_sense(uas, tag, sense_code_OVERLAPPED_COMMANDS);
  645. return;
  646. bad_target:
  647. usb_uas_queue_fake_sense(uas, tag, sense_code_LUN_NOT_SUPPORTED);
  648. g_free(req);
  649. }
  650. static void usb_uas_task(UASDevice *uas, uas_iu *iu)
  651. {
  652. uint16_t tag = be16_to_cpu(iu->hdr.tag);
  653. uint64_t lun64 = be64_to_cpu(iu->task.lun);
  654. SCSIDevice *dev = usb_uas_get_dev(uas, lun64);
  655. int lun = usb_uas_get_lun(lun64);
  656. UASRequest *req;
  657. uint16_t task_tag;
  658. if (uas_using_streams(uas) && tag > UAS_MAX_STREAMS) {
  659. goto invalid_tag;
  660. }
  661. req = usb_uas_find_request(uas, be16_to_cpu(iu->hdr.tag));
  662. if (req) {
  663. goto overlapped_tag;
  664. }
  665. if (dev == NULL) {
  666. goto incorrect_lun;
  667. }
  668. switch (iu->task.function) {
  669. case UAS_TMF_ABORT_TASK:
  670. task_tag = be16_to_cpu(iu->task.task_tag);
  671. trace_usb_uas_tmf_abort_task(uas->dev.addr, tag, task_tag);
  672. req = usb_uas_find_request(uas, task_tag);
  673. if (req && req->dev == dev) {
  674. scsi_req_cancel(req->req);
  675. }
  676. usb_uas_queue_response(uas, tag, UAS_RC_TMF_COMPLETE);
  677. break;
  678. case UAS_TMF_LOGICAL_UNIT_RESET:
  679. trace_usb_uas_tmf_logical_unit_reset(uas->dev.addr, tag, lun);
  680. qdev_reset_all(&dev->qdev);
  681. usb_uas_queue_response(uas, tag, UAS_RC_TMF_COMPLETE);
  682. break;
  683. default:
  684. trace_usb_uas_tmf_unsupported(uas->dev.addr, tag, iu->task.function);
  685. usb_uas_queue_response(uas, tag, UAS_RC_TMF_NOT_SUPPORTED);
  686. break;
  687. }
  688. return;
  689. invalid_tag:
  690. usb_uas_queue_response(uas, tag, UAS_RC_INVALID_INFO_UNIT);
  691. return;
  692. overlapped_tag:
  693. usb_uas_queue_response(uas, req->tag, UAS_RC_OVERLAPPED_TAG);
  694. return;
  695. incorrect_lun:
  696. usb_uas_queue_response(uas, tag, UAS_RC_INCORRECT_LUN);
  697. }
  698. static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
  699. {
  700. UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
  701. uas_iu iu;
  702. UASStatus *st;
  703. UASRequest *req;
  704. int length;
  705. switch (p->ep->nr) {
  706. case UAS_PIPE_ID_COMMAND:
  707. length = MIN(sizeof(iu), p->iov.size);
  708. usb_packet_copy(p, &iu, length);
  709. switch (iu.hdr.id) {
  710. case UAS_UI_COMMAND:
  711. usb_uas_command(uas, &iu);
  712. break;
  713. case UAS_UI_TASK_MGMT:
  714. usb_uas_task(uas, &iu);
  715. break;
  716. default:
  717. fprintf(stderr, "%s: unknown command iu: id 0x%x\n",
  718. __func__, iu.hdr.id);
  719. p->status = USB_RET_STALL;
  720. break;
  721. }
  722. break;
  723. case UAS_PIPE_ID_STATUS:
  724. if (p->stream) {
  725. QTAILQ_FOREACH(st, &uas->results, next) {
  726. if (st->stream == p->stream) {
  727. break;
  728. }
  729. }
  730. if (st == NULL) {
  731. assert(uas->status3[p->stream] == NULL);
  732. uas->status3[p->stream] = p;
  733. p->status = USB_RET_ASYNC;
  734. break;
  735. }
  736. } else {
  737. st = QTAILQ_FIRST(&uas->results);
  738. if (st == NULL) {
  739. assert(uas->status2 == NULL);
  740. uas->status2 = p;
  741. p->status = USB_RET_ASYNC;
  742. break;
  743. }
  744. }
  745. usb_packet_copy(p, &st->status, st->length);
  746. QTAILQ_REMOVE(&uas->results, st, next);
  747. g_free(st);
  748. break;
  749. case UAS_PIPE_ID_DATA_IN:
  750. case UAS_PIPE_ID_DATA_OUT:
  751. if (p->stream) {
  752. req = usb_uas_find_request(uas, p->stream);
  753. } else {
  754. req = (p->ep->nr == UAS_PIPE_ID_DATA_IN)
  755. ? uas->datain2 : uas->dataout2;
  756. }
  757. if (req == NULL) {
  758. if (p->stream) {
  759. assert(uas->data3[p->stream] == NULL);
  760. uas->data3[p->stream] = p;
  761. p->status = USB_RET_ASYNC;
  762. break;
  763. } else {
  764. fprintf(stderr, "%s: no inflight request\n", __func__);
  765. p->status = USB_RET_STALL;
  766. break;
  767. }
  768. }
  769. scsi_req_ref(req->req);
  770. req->data = p;
  771. usb_uas_copy_data(req);
  772. if (p->actual_length == p->iov.size || req->complete) {
  773. req->data = NULL;
  774. } else {
  775. req->data_async = true;
  776. p->status = USB_RET_ASYNC;
  777. }
  778. scsi_req_unref(req->req);
  779. usb_uas_start_next_transfer(uas);
  780. break;
  781. default:
  782. fprintf(stderr, "%s: invalid endpoint %d\n", __func__, p->ep->nr);
  783. p->status = USB_RET_STALL;
  784. break;
  785. }
  786. }
  787. static void usb_uas_handle_destroy(USBDevice *dev)
  788. {
  789. UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
  790. qemu_bh_delete(uas->status_bh);
  791. }
  792. static int usb_uas_init(USBDevice *dev)
  793. {
  794. UASDevice *uas = DO_UPCAST(UASDevice, dev, dev);
  795. usb_desc_create_serial(dev);
  796. usb_desc_init(dev);
  797. QTAILQ_INIT(&uas->results);
  798. QTAILQ_INIT(&uas->requests);
  799. uas->status_bh = qemu_bh_new(usb_uas_send_status_bh, uas);
  800. scsi_bus_new(&uas->bus, sizeof(uas->bus), DEVICE(dev),
  801. &usb_uas_scsi_info, NULL);
  802. return 0;
  803. }
  804. static const VMStateDescription vmstate_usb_uas = {
  805. .name = "usb-uas",
  806. .unmigratable = 1,
  807. .fields = (VMStateField[]) {
  808. VMSTATE_USB_DEVICE(dev, UASDevice),
  809. VMSTATE_END_OF_LIST()
  810. }
  811. };
  812. static Property uas_properties[] = {
  813. DEFINE_PROP_UINT32("log-scsi-req", UASDevice, requestlog, 0),
  814. DEFINE_PROP_END_OF_LIST(),
  815. };
  816. static void usb_uas_class_initfn(ObjectClass *klass, void *data)
  817. {
  818. DeviceClass *dc = DEVICE_CLASS(klass);
  819. USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
  820. uc->init = usb_uas_init;
  821. uc->product_desc = desc_strings[STR_PRODUCT];
  822. uc->usb_desc = &desc;
  823. uc->cancel_packet = usb_uas_cancel_io;
  824. uc->handle_attach = usb_desc_attach;
  825. uc->handle_reset = usb_uas_handle_reset;
  826. uc->handle_control = usb_uas_handle_control;
  827. uc->handle_data = usb_uas_handle_data;
  828. uc->handle_destroy = usb_uas_handle_destroy;
  829. set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
  830. dc->fw_name = "storage";
  831. dc->vmsd = &vmstate_usb_uas;
  832. dc->props = uas_properties;
  833. }
  834. static const TypeInfo uas_info = {
  835. .name = "usb-uas",
  836. .parent = TYPE_USB_DEVICE,
  837. .instance_size = sizeof(UASDevice),
  838. .class_init = usb_uas_class_initfn,
  839. };
  840. static void usb_uas_register_types(void)
  841. {
  842. type_register_static(&uas_info);
  843. }
  844. type_init(usb_uas_register_types)