From c5fd1fb038405ed13496761970b3b531f747a892 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 22 Nov 2013 13:39:59 +0100 Subject: scsi-disk: catch write protection errors in UNMAP This is the same that is already done for WRITE SAME. Signed-off-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi --- hw/scsi/scsi-disk.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'hw/scsi') diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 74e6a14c29..4138268ad9 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1543,6 +1543,7 @@ done: static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) { + SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); uint8_t *p = inbuf; int len = r->req.cmd.xfer; UnmapCBData *data; @@ -1560,6 +1561,11 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) goto invalid_param_len; } + if (bdrv_is_read_only(s->qdev.conf.bs)) { + scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); + return; + } + data = g_new0(UnmapCBData, 1); data->r = r; data->inbuf = &p[8]; -- cgit v1.2.1 From 823bd7391c96ba675f20fd6d952d1cb6e1ffb851 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 22 Nov 2013 13:40:00 +0100 Subject: scsi-disk: reject ANCHOR=1 for UNMAP and WRITE SAME commands Since we report ANC_SUP==0 in VPD page B2h, we need to return an error (ILLEGAL REQUEST/INVALID FIELD IN CDB) for all WRITE SAME requests with ANCHOR==1. Inspired by a similar patch to the LIO in-kernel target. Signed-off-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi --- hw/scsi/scsi-disk.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'hw/scsi') diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 4138268ad9..0640bb031d 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1548,6 +1548,11 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) int len = r->req.cmd.xfer; UnmapCBData *data; + /* Reject ANCHOR=1. */ + if (r->req.cmd.buf[1] & 0x1) { + goto invalid_field; + } + if (len < 8) { goto invalid_param_len; } @@ -1578,6 +1583,10 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) invalid_param_len: scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN)); + return; + +invalid_field: + scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); } static void scsi_disk_emulate_write_data(SCSIRequest *req) @@ -1856,8 +1865,9 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) /* * We only support WRITE SAME with the unmap bit set for now. + * Reject UNMAP=0 or ANCHOR=1. */ - if (!(req->cmd.buf[1] & 0x8)) { + if (!(req->cmd.buf[1] & 0x8) || (req->cmd.buf[1] & 0x10)) { goto illegal_request; } -- cgit v1.2.1 From 84f94a9a82487639bc87d5f09f938c9f6a61f79a Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 22 Nov 2013 13:40:01 +0100 Subject: scsi-disk: correctly implement WRITE SAME Fetch the data to be written from the input buffer. If it is all zeroes, we can use the write_zeroes call (possibly with the new MAY_UNMAP flag). Otherwise, do as many write cycles as needed, writing 512k at a time. Strictly speaking, this is still incorrect because a zero cluster should only be written if the MAY_UNMAP flag is set. But this is a bug in qcow2 and the other formats, not in the SCSI code. Signed-off-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi --- hw/scsi/scsi-disk.c | 140 +++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 116 insertions(+), 24 deletions(-) (limited to 'hw/scsi') diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 0640bb031d..efadfc023f 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -41,6 +41,7 @@ do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0) #include #endif +#define SCSI_WRITE_SAME_MAX 524288 #define SCSI_DMA_BUF_SIZE 131072 #define SCSI_MAX_INQUIRY_LEN 256 #define SCSI_MAX_MODE_LEN 256 @@ -634,6 +635,8 @@ static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) buflen = 0x40; memset(outbuf + 4, 0, buflen - 4); + outbuf[4] = 0x1; /* wsnz */ + /* optimal transfer length granularity */ outbuf[6] = (min_io_size >> 8) & 0xff; outbuf[7] = min_io_size & 0xff; @@ -1589,6 +1592,111 @@ invalid_field: scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); } +typedef struct WriteSameCBData { + SCSIDiskReq *r; + int64_t sector; + int nb_sectors; + QEMUIOVector qiov; + struct iovec iov; +} WriteSameCBData; + +static void scsi_write_same_complete(void *opaque, int ret) +{ + WriteSameCBData *data = opaque; + SCSIDiskReq *r = data->r; + SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); + + assert(r->req.aiocb != NULL); + r->req.aiocb = NULL; + bdrv_acct_done(s->qdev.conf.bs, &r->acct); + if (r->req.io_canceled) { + goto done; + } + + if (ret < 0) { + if (scsi_handle_rw_error(r, -ret)) { + goto done; + } + } + + data->nb_sectors -= data->iov.iov_len / 512; + data->sector += data->iov.iov_len / 512; + data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len); + if (data->iov.iov_len) { + bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); + r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, + &data->qiov, data->iov.iov_len / 512, + scsi_write_same_complete, r); + return; + } + + scsi_req_complete(&r->req, GOOD); + +done: + if (!r->req.io_canceled) { + scsi_req_unref(&r->req); + } + qemu_vfree(data->iov.iov_base); + g_free(data); +} + +static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) +{ + SCSIRequest *req = &r->req; + SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); + uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); + WriteSameCBData *data; + uint8_t *buf; + int i; + + /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */ + if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) { + scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); + return; + } + + if (bdrv_is_read_only(s->qdev.conf.bs)) { + scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); + return; + } + if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { + scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); + return; + } + + if (buffer_is_zero(inbuf, s->qdev.blocksize)) { + int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0; + + /* The request is used as the AIO opaque value, so add a ref. */ + scsi_req_ref(&r->req); + bdrv_acct_start(s->qdev.conf.bs, &r->acct, nb_sectors * s->qdev.blocksize, + BDRV_ACCT_WRITE); + r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs, + r->req.cmd.lba * (s->qdev.blocksize / 512), + nb_sectors * (s->qdev.blocksize / 512), + flags, scsi_aio_complete, r); + return; + } + + data = g_new0(WriteSameCBData, 1); + data->r = r; + data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512); + data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512); + data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX); + data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len); + qemu_iovec_init_external(&data->qiov, &data->iov, 1); + + for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) { + memcpy(&buf[i], inbuf, s->qdev.blocksize); + } + + scsi_req_ref(&r->req); + bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE); + r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector, + &data->qiov, data->iov.iov_len / 512, + scsi_write_same_complete, data); +} + static void scsi_disk_emulate_write_data(SCSIRequest *req) { SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); @@ -1612,6 +1720,10 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req) scsi_disk_emulate_unmap(r, r->iov.iov_base); break; + case WRITE_SAME_10: + case WRITE_SAME_16: + scsi_disk_emulate_write_same(r, r->iov.iov_base); + break; default: abort(); } @@ -1854,30 +1966,10 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) break; case WRITE_SAME_10: case WRITE_SAME_16: - nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); - if (bdrv_is_read_only(s->qdev.conf.bs)) { - scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); - return 0; - } - if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) { - goto illegal_lba; - } - - /* - * We only support WRITE SAME with the unmap bit set for now. - * Reject UNMAP=0 or ANCHOR=1. - */ - if (!(req->cmd.buf[1] & 0x8) || (req->cmd.buf[1] & 0x10)) { - goto illegal_request; - } - - /* The request is used as the AIO opaque value, so add a ref. */ - scsi_req_ref(&r->req); - r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs, - r->req.cmd.lba * (s->qdev.blocksize / 512), - nb_sectors * (s->qdev.blocksize / 512), - scsi_aio_complete, r); - return 0; + DPRINTF("WRITE SAME %d (len %lu)\n", + req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, + (long)r->req.cmd.xfer); + break; default: DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]); scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); -- cgit v1.2.1