2
* USB Mass Storage Device emulation
4
* Copyright (c) 2006 CodeSourcery.
5
* Written by Paul Brook
7
* This code is licenced under the LGPL.
10
#include "qemu-common.h"
13
#include "scsi-disk.h"
18
#define DPRINTF(fmt, args...) \
19
do { printf("usb-msd: " fmt , ##args); } while (0)
21
#define DPRINTF(fmt, args...) do {} while(0)
25
#define MassStorageReset 0xff
26
#define GetMaxLun 0xfe
29
USB_MSDM_CBW, /* Command Block. */
30
USB_MSDM_DATAOUT, /* Tranfer data to device. */
31
USB_MSDM_DATAIN, /* Transfer data from device. */
32
USB_MSDM_CSW /* Command Status. */
48
/* For async completion. */
69
static const uint8_t qemu_msd_dev_descriptor[] = {
70
0x12, /* u8 bLength; */
71
0x01, /* u8 bDescriptorType; Device */
72
0x00, 0x01, /* u16 bcdUSB; v1.0 */
74
0x00, /* u8 bDeviceClass; */
75
0x00, /* u8 bDeviceSubClass; */
76
0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
77
0x08, /* u8 bMaxPacketSize0; 8 Bytes */
79
/* Vendor and product id are arbitrary. */
80
0x00, 0x00, /* u16 idVendor; */
81
0x00, 0x00, /* u16 idProduct; */
82
0x00, 0x00, /* u16 bcdDevice */
84
0x01, /* u8 iManufacturer; */
85
0x02, /* u8 iProduct; */
86
0x03, /* u8 iSerialNumber; */
87
0x01 /* u8 bNumConfigurations; */
90
static const uint8_t qemu_msd_config_descriptor[] = {
92
/* one configuration */
93
0x09, /* u8 bLength; */
94
0x02, /* u8 bDescriptorType; Configuration */
95
0x20, 0x00, /* u16 wTotalLength; */
96
0x01, /* u8 bNumInterfaces; (1) */
97
0x01, /* u8 bConfigurationValue; */
98
0x00, /* u8 iConfiguration; */
99
0xc0, /* u8 bmAttributes;
104
0x00, /* u8 MaxPower; */
107
0x09, /* u8 if_bLength; */
108
0x04, /* u8 if_bDescriptorType; Interface */
109
0x00, /* u8 if_bInterfaceNumber; */
110
0x00, /* u8 if_bAlternateSetting; */
111
0x02, /* u8 if_bNumEndpoints; */
112
0x08, /* u8 if_bInterfaceClass; MASS STORAGE */
113
0x06, /* u8 if_bInterfaceSubClass; SCSI */
114
0x50, /* u8 if_bInterfaceProtocol; Bulk Only */
115
0x00, /* u8 if_iInterface; */
117
/* Bulk-In endpoint */
118
0x07, /* u8 ep_bLength; */
119
0x05, /* u8 ep_bDescriptorType; Endpoint */
120
0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
121
0x02, /* u8 ep_bmAttributes; Bulk */
122
0x40, 0x00, /* u16 ep_wMaxPacketSize; */
123
0x00, /* u8 ep_bInterval; */
125
/* Bulk-Out endpoint */
126
0x07, /* u8 ep_bLength; */
127
0x05, /* u8 ep_bDescriptorType; Endpoint */
128
0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */
129
0x02, /* u8 ep_bmAttributes; Bulk */
130
0x40, 0x00, /* u16 ep_wMaxPacketSize; */
131
0x00 /* u8 ep_bInterval; */
134
static void usb_msd_copy_data(MSDState *s)
138
if (len > s->scsi_len)
140
if (s->mode == USB_MSDM_DATAIN) {
141
memcpy(s->usb_buf, s->scsi_buf, len);
143
memcpy(s->scsi_buf, s->usb_buf, len);
150
if (s->scsi_len == 0) {
151
if (s->mode == USB_MSDM_DATAIN) {
152
s->scsi_dev->read_data(s->scsi_dev, s->tag);
153
} else if (s->mode == USB_MSDM_DATAOUT) {
154
s->scsi_dev->write_data(s->scsi_dev, s->tag);
159
static void usb_msd_send_status(MSDState *s)
161
struct usb_msd_csw csw;
163
csw.sig = cpu_to_le32(0x53425355);
164
csw.tag = cpu_to_le32(s->tag);
165
csw.residue = s->residue;
166
csw.status = s->result;
167
memcpy(s->usb_buf, &csw, 13);
170
static void usb_msd_command_complete(void *opaque, int reason, uint32_t tag,
173
MSDState *s = (MSDState *)opaque;
174
USBPacket *p = s->packet;
177
fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
179
if (reason == SCSI_REASON_DONE) {
180
DPRINTF("Command complete %d\n", arg);
181
s->residue = s->data_len;
182
s->result = arg != 0;
184
if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
185
/* A deferred packet with no write data remaining must be
186
the status read packet. */
187
usb_msd_send_status(s);
188
s->mode = USB_MSDM_CBW;
191
s->data_len -= s->usb_len;
192
if (s->mode == USB_MSDM_DATAIN)
193
memset(s->usb_buf, 0, s->usb_len);
196
if (s->data_len == 0)
197
s->mode = USB_MSDM_CSW;
200
usb_packet_complete(p);
201
} else if (s->data_len == 0) {
202
s->mode = USB_MSDM_CSW;
207
s->scsi_buf = s->scsi_dev->get_buf(s->scsi_dev, tag);
209
usb_msd_copy_data(s);
210
if (s->usb_len == 0) {
211
/* Set s->packet to NULL before calling usb_packet_complete
212
because annother request may be issued before
213
usb_packet_complete returns. */
214
DPRINTF("Packet complete %p\n", p);
216
usb_packet_complete(p);
221
static void usb_msd_handle_reset(USBDevice *dev)
223
MSDState *s = (MSDState *)dev;
226
s->mode = USB_MSDM_CBW;
229
static int usb_msd_handle_control(USBDevice *dev, int request, int value,
230
int index, int length, uint8_t *data)
232
MSDState *s = (MSDState *)dev;
236
case DeviceRequest | USB_REQ_GET_STATUS:
237
data[0] = (1 << USB_DEVICE_SELF_POWERED) |
238
(dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
242
case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
243
if (value == USB_DEVICE_REMOTE_WAKEUP) {
244
dev->remote_wakeup = 0;
250
case DeviceOutRequest | USB_REQ_SET_FEATURE:
251
if (value == USB_DEVICE_REMOTE_WAKEUP) {
252
dev->remote_wakeup = 1;
258
case DeviceOutRequest | USB_REQ_SET_ADDRESS:
262
case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
265
memcpy(data, qemu_msd_dev_descriptor,
266
sizeof(qemu_msd_dev_descriptor));
267
ret = sizeof(qemu_msd_dev_descriptor);
270
memcpy(data, qemu_msd_config_descriptor,
271
sizeof(qemu_msd_config_descriptor));
272
ret = sizeof(qemu_msd_config_descriptor);
275
switch(value & 0xff) {
285
/* vendor description */
286
ret = set_usb_string(data, "QEMU " QEMU_VERSION);
289
/* product description */
290
ret = set_usb_string(data, "QEMU USB HARDDRIVE");
294
ret = set_usb_string(data, "1");
304
case DeviceRequest | USB_REQ_GET_CONFIGURATION:
308
case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
311
case DeviceRequest | USB_REQ_GET_INTERFACE:
315
case DeviceOutRequest | USB_REQ_SET_INTERFACE:
318
case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
319
if (value == 0 && index != 0x81) { /* clear ep halt */
324
/* Class specific requests. */
325
case MassStorageReset:
326
/* Reset state ready for the next CBW. */
327
s->mode = USB_MSDM_CBW;
342
static void usb_msd_cancel_io(USBPacket *p, void *opaque)
344
MSDState *s = opaque;
345
s->scsi_dev->cancel_io(s->scsi_dev, s->tag);
350
static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
352
MSDState *s = (MSDState *)dev;
354
struct usb_msd_cbw cbw;
355
uint8_t devep = p->devep;
356
uint8_t *data = p->data;
367
fprintf(stderr, "usb-msd: Bad CBW size");
370
memcpy(&cbw, data, 31);
371
if (le32_to_cpu(cbw.sig) != 0x43425355) {
372
fprintf(stderr, "usb-msd: Bad signature %08x\n",
373
le32_to_cpu(cbw.sig));
376
DPRINTF("Command on LUN %d\n", cbw.lun);
378
fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
381
s->tag = le32_to_cpu(cbw.tag);
382
s->data_len = le32_to_cpu(cbw.data_len);
383
if (s->data_len == 0) {
384
s->mode = USB_MSDM_CSW;
385
} else if (cbw.flags & 0x80) {
386
s->mode = USB_MSDM_DATAIN;
388
s->mode = USB_MSDM_DATAOUT;
390
DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
391
s->tag, cbw.flags, cbw.cmd_len, s->data_len);
393
s->scsi_dev->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
394
/* ??? Should check that USB and SCSI data transfer
396
if (s->residue == 0) {
397
if (s->mode == USB_MSDM_DATAIN) {
398
s->scsi_dev->read_data(s->scsi_dev, s->tag);
399
} else if (s->mode == USB_MSDM_DATAOUT) {
400
s->scsi_dev->write_data(s->scsi_dev, s->tag);
406
case USB_MSDM_DATAOUT:
407
DPRINTF("Data out %d/%d\n", len, s->data_len);
408
if (len > s->data_len)
414
usb_msd_copy_data(s);
416
if (s->residue && s->usb_len) {
417
s->data_len -= s->usb_len;
418
if (s->data_len == 0)
419
s->mode = USB_MSDM_CSW;
423
DPRINTF("Deferring packet %p\n", p);
424
usb_defer_packet(p, usb_msd_cancel_io, s);
433
DPRINTF("Unexpected write (len %d)\n", len);
443
case USB_MSDM_DATAOUT:
444
if (s->data_len != 0 || len < 13)
446
/* Waiting for SCSI write to complete. */
447
usb_defer_packet(p, usb_msd_cancel_io, s);
453
DPRINTF("Command status %d tag 0x%x, len %d\n",
454
s->result, s->tag, len);
460
usb_msd_send_status(s);
461
s->mode = USB_MSDM_CBW;
465
case USB_MSDM_DATAIN:
466
DPRINTF("Data in %d/%d\n", len, s->data_len);
467
if (len > s->data_len)
472
usb_msd_copy_data(s);
474
if (s->residue && s->usb_len) {
475
s->data_len -= s->usb_len;
476
memset(s->usb_buf, 0, s->usb_len);
477
if (s->data_len == 0)
478
s->mode = USB_MSDM_CSW;
482
DPRINTF("Deferring packet %p\n", p);
483
usb_defer_packet(p, usb_msd_cancel_io, s);
492
DPRINTF("Unexpected read (len %d)\n", len);
498
DPRINTF("Bad token\n");
507
static void usb_msd_handle_destroy(USBDevice *dev)
509
MSDState *s = (MSDState *)dev;
511
s->scsi_dev->destroy(s->scsi_dev);
516
USBDevice *usb_msd_init(const char *filename)
519
BlockDriverState *bdrv;
520
BlockDriver *drv = NULL;
524
p1 = strchr(filename, ':');
528
if (strstart(filename, "format=", &p2)) {
529
int len = MIN(p1 - p2, sizeof(fmt));
530
pstrcpy(fmt, len, p2);
532
drv = bdrv_find_format(fmt);
534
printf("invalid format %s\n", fmt);
537
} else if (*filename != ':') {
538
printf("unrecognized USB mass-storage option %s\n", filename);
546
printf("block device specification needed\n");
550
s = qemu_mallocz(sizeof(MSDState));
554
bdrv = bdrv_new("usb");
555
if (bdrv_open2(bdrv, filename, 0, drv) < 0)
557
if (qemu_key_check(bdrv, filename))
561
s->dev.speed = USB_SPEED_FULL;
562
s->dev.handle_packet = usb_generic_handle_packet;
564
s->dev.handle_reset = usb_msd_handle_reset;
565
s->dev.handle_control = usb_msd_handle_control;
566
s->dev.handle_data = usb_msd_handle_data;
567
s->dev.handle_destroy = usb_msd_handle_destroy;
569
snprintf(s->dev.devname, sizeof(s->dev.devname), "QEMU USB MSD(%.16s)",
572
s->scsi_dev = scsi_disk_init(bdrv, 0, usb_msd_command_complete, s);
573
usb_msd_handle_reset((USBDevice *)s);
574
return (USBDevice *)s;
added
removed
hw/usb-msd.c
