1/* $FreeBSD: head/sys/dev/usb/storage/ustorage_fs.c 194677 2009-06-23 02:19:59Z thompsa $ */
2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39#include <sys/stdint.h>
40#include <sys/stddef.h>
41#include <sys/param.h>
42#include <sys/queue.h>
43#include <sys/types.h>
44#include <sys/systm.h>
45#include <sys/kernel.h>
46#include <sys/bus.h>
47#include <sys/linker_set.h>
48#include <sys/module.h>
49#include <sys/lock.h>
50#include <sys/mutex.h>
51#include <sys/condvar.h>
52#include <sys/sysctl.h>
53#include <sys/sx.h>
54#include <sys/unistd.h>
55#include <sys/callout.h>
56#include <sys/malloc.h>
57#include <sys/priv.h>
58
59#include <dev/usb/usb.h>
60#include <dev/usb/usbdi.h>
61#include "usbdevs.h"
62#include "usb_if.h"
63
64#define USB_DEBUG_VAR ustorage_fs_debug
65#include <dev/usb/usb_debug.h>
66
67#if USB_DEBUG
68static int ustorage_fs_debug = 0;
69
70SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
71SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
72 &ustorage_fs_debug, 0, "ustorage_fs debug level");
73#endif
74
75/* Define some limits */
76
77#ifndef USTORAGE_FS_BULK_SIZE
78#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */
79#endif
80
81#ifndef USTORAGE_FS_MAX_LUN
82#define USTORAGE_FS_MAX_LUN 8 /* units */
83#endif
84
85#ifndef USTORAGE_QDATA_MAX
86#define USTORAGE_QDATA_MAX 40 /* bytes */
87#endif
88
89#define sc_cmd_data sc_cbw.CBWCDB
90
91/*
92 * The SCSI ID string must be exactly 28 characters long
93 * exluding the terminating zero.
94 */
95#ifndef USTORAGE_FS_ID_STRING
96#define USTORAGE_FS_ID_STRING \
97 "FreeBSD " /* 8 */ \
98 "File-Stor Gadget" /* 16 */ \
99 "0101" /* 4 */
100#endif
101
102/*
103 * The following macro defines the number of
104 * sectors to be allocated for the RAM disk:
105 */
106#ifndef USTORAGE_FS_RAM_SECT
107#define USTORAGE_FS_RAM_SECT (1UL << 13)
108#endif
109
110static uint8_t *ustorage_fs_ramdisk;
111
112/* USB transfer definitions */
113
114#define USTORAGE_FS_T_BBB_COMMAND 0
115#define USTORAGE_FS_T_BBB_DATA_DUMP 1
116#define USTORAGE_FS_T_BBB_DATA_READ 2
117#define USTORAGE_FS_T_BBB_DATA_WRITE 3
118#define USTORAGE_FS_T_BBB_STATUS 4
119#define USTORAGE_FS_T_BBB_MAX 5
120
121/* USB data stage direction */
122
123#define DIR_NONE 0
124#define DIR_READ 1
125#define DIR_WRITE 2
126
127/* USB interface specific control request */
128
129#define UR_BBB_RESET 0xff /* Bulk-Only reset */
130#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
131
132/* Command Block Wrapper */
133typedef struct {
134 uDWord dCBWSignature;
135#define CBWSIGNATURE 0x43425355
136 uDWord dCBWTag;
137 uDWord dCBWDataTransferLength;
138 uByte bCBWFlags;
139#define CBWFLAGS_OUT 0x00
140#define CBWFLAGS_IN 0x80
141 uByte bCBWLUN;
142 uByte bCDBLength;
143#define CBWCDBLENGTH 16
144 uByte CBWCDB[CBWCDBLENGTH];
145} __packed ustorage_fs_bbb_cbw_t;
146
147#define USTORAGE_FS_BBB_CBW_SIZE 31
148
149/* Command Status Wrapper */
150typedef struct {
151 uDWord dCSWSignature;
152#define CSWSIGNATURE 0x53425355
153 uDWord dCSWTag;
154 uDWord dCSWDataResidue;
155 uByte bCSWStatus;
156#define CSWSTATUS_GOOD 0x0
157#define CSWSTATUS_FAILED 0x1
158#define CSWSTATUS_PHASE 0x2
159} __packed ustorage_fs_bbb_csw_t;
160
161#define USTORAGE_FS_BBB_CSW_SIZE 13
162
163struct ustorage_fs_lun {
164
165 uint8_t *memory_image;
166
167 uint32_t num_sectors;
168 uint32_t sense_data;
169 uint32_t sense_data_info;
170 uint32_t unit_attention_data;
171
172 uint8_t read_only:1;
173 uint8_t prevent_medium_removal:1;
174 uint8_t info_valid:1;
175 uint8_t removable:1;
176};
177
178struct ustorage_fs_softc {
179
180 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
181 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
182
183 struct mtx sc_mtx;
184
185 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
186
187 struct {
188 uint8_t *data_ptr;
189 struct ustorage_fs_lun *currlun;
190
191 uint32_t data_rem; /* bytes, as reported by the command
192 * block wrapper */
193 uint32_t offset; /* bytes */
194
195 uint8_t cbw_dir;
196 uint8_t cmd_dir;
197 uint8_t lun;
198 uint8_t cmd_len;
199 uint8_t data_short:1;
200 uint8_t data_error:1;
201 } sc_transfer;
202
203 device_t sc_dev;
204 struct usb_device *sc_udev;
205 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
206
207 uint8_t sc_iface_no; /* interface number */
208 uint8_t sc_last_lun;
209 uint8_t sc_last_xfer_index;
210 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
211};
212
213/* prototypes */
214
215static device_probe_t ustorage_fs_probe;
216static device_attach_t ustorage_fs_attach;
217static device_detach_t ustorage_fs_detach;
218static device_suspend_t ustorage_fs_suspend;
219static device_resume_t ustorage_fs_resume;
220static usb_handle_request_t ustorage_fs_handle_request;
221
222static usb_callback_t ustorage_fs_t_bbb_command_callback;
223static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
224static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
225static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
226static usb_callback_t ustorage_fs_t_bbb_status_callback;
227
228static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
229static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
230
231static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
232static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
233static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
234static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
235static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
236static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
237static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
238static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
239static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
240static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
241static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
242static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
243static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
244static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
245
246static device_method_t ustorage_fs_methods[] = {
247 /* USB interface */
248 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
249
250 /* Device interface */
251 DEVMETHOD(device_probe, ustorage_fs_probe),
252 DEVMETHOD(device_attach, ustorage_fs_attach),
253 DEVMETHOD(device_detach, ustorage_fs_detach),
254 DEVMETHOD(device_suspend, ustorage_fs_suspend),
255 DEVMETHOD(device_resume, ustorage_fs_resume),
256
257 {0, 0}
258};
259
260static driver_t ustorage_fs_driver = {
261 .name = "ustorage_fs",
262 .methods = ustorage_fs_methods,
263 .size = sizeof(struct ustorage_fs_softc),
264};
265
266static devclass_t ustorage_fs_devclass;
267
268DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
269MODULE_VERSION(ustorage_fs, 0);
270MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
271
272static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
273
274 [USTORAGE_FS_T_BBB_COMMAND] = {
275 .type = UE_BULK,
276 .endpoint = UE_ADDR_ANY,
277 .direction = UE_DIR_OUT,
278 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
279 .flags = {.ext_buffer = 1,},
280 .callback = &ustorage_fs_t_bbb_command_callback,
281 .usb_mode = USB_MODE_DEVICE,
282 },
283
284 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
285 .type = UE_BULK,
286 .endpoint = UE_ADDR_ANY,
287 .direction = UE_DIR_OUT,
288 .bufsize = 0, /* use wMaxPacketSize */
289 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
290 .callback = &ustorage_fs_t_bbb_data_dump_callback,
291 .usb_mode = USB_MODE_DEVICE,
292 },
293
294 [USTORAGE_FS_T_BBB_DATA_READ] = {
295 .type = UE_BULK,
296 .endpoint = UE_ADDR_ANY,
297 .direction = UE_DIR_OUT,
298 .bufsize = USTORAGE_FS_BULK_SIZE,
299 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
300 .callback = &ustorage_fs_t_bbb_data_read_callback,
301 .usb_mode = USB_MODE_DEVICE,
302 },
303
304 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
305 .type = UE_BULK,
306 .endpoint = UE_ADDR_ANY,
307 .direction = UE_DIR_IN,
308 .bufsize = USTORAGE_FS_BULK_SIZE,
309 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
310 .callback = &ustorage_fs_t_bbb_data_write_callback,
311 .usb_mode = USB_MODE_DEVICE,
312 },
313
314 [USTORAGE_FS_T_BBB_STATUS] = {
315 .type = UE_BULK,
316 .endpoint = UE_ADDR_ANY,
317 .direction = UE_DIR_IN,
318 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
319 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
320 .callback = &ustorage_fs_t_bbb_status_callback,
321 .usb_mode = USB_MODE_DEVICE,
322 },
323};
324
325/*
326 * USB device probe/attach/detach
327 */
328
329static int
330ustorage_fs_probe(device_t dev)
331{
332 struct usb_attach_arg *uaa = device_get_ivars(dev);
333 struct usb_interface_descriptor *id;
334
335 if (uaa->usb_mode != USB_MODE_DEVICE) {
336 return (ENXIO);
337 }
338 if (uaa->use_generic == 0) {
339 /* give other drivers a try first */
340 return (ENXIO);
341 }
342 /* Check for a standards compliant device */
343 id = usbd_get_interface_descriptor(uaa->iface);
344 if ((id == NULL) ||
345 (id->bInterfaceClass != UICLASS_MASS) ||
346 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
347 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
348 return (ENXIO);
349 }
350 return (0);
351}
352
353static int
354ustorage_fs_attach(device_t dev)
355{
356 struct ustorage_fs_softc *sc = device_get_softc(dev);
357 struct usb_attach_arg *uaa = device_get_ivars(dev);
358 struct usb_interface_descriptor *id;
359 int err;
360 int unit;
361
362 /*
363 * NOTE: the softc struct is bzero-ed in device_set_driver.
364 * We can safely call ustorage_fs_detach without specifically
365 * initializing the struct.
366 */
367
368 sc->sc_dev = dev;
369 sc->sc_udev = uaa->device;
370 unit = device_get_unit(dev);
371
372 if (unit == 0) {
373 if (ustorage_fs_ramdisk == NULL) {
374 /*
375 * allocate a memory image for our ramdisk until
376 * further
377 */
378 ustorage_fs_ramdisk =
379 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
380 if (ustorage_fs_ramdisk == NULL) {
381 return (ENOMEM);
382 }
383 }
384 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
385 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
386 sc->sc_lun[0].removable = 1;
387 }
388
389 device_set_usb_desc(dev);
390
391 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
392 NULL, (MTX_DEF | MTX_RECURSE));
393
394 /* get interface index */
395
396 id = usbd_get_interface_descriptor(uaa->iface);
397 if (id == NULL) {
398 device_printf(dev, "failed to get "
399 "interface number\n");
400 goto detach;
401 }
402 sc->sc_iface_no = id->bInterfaceNumber;
403
404 err = usbd_transfer_setup(uaa->device,
405 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
406 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
407 if (err) {
408 device_printf(dev, "could not setup required "
409 "transfers, %s\n", usbd_errstr(err));
410 goto detach;
411 }
412 /* start Mass Storage State Machine */
413
414 mtx_lock(&sc->sc_mtx);
415 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
416 mtx_unlock(&sc->sc_mtx);
417
418 return (0); /* success */
419
420detach:
421 ustorage_fs_detach(dev);
422 return (ENXIO); /* failure */
423}
424
425static int
426ustorage_fs_detach(device_t dev)
427{
428 struct ustorage_fs_softc *sc = device_get_softc(dev);
429
430 /* teardown our statemachine */
431
432 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
433
434 mtx_destroy(&sc->sc_mtx);
435
436 return (0); /* success */
437}
438
439static int
440ustorage_fs_suspend(device_t dev)
441{
442 device_printf(dev, "suspending\n");
443 return (0); /* success */
444}
445
446static int
447ustorage_fs_resume(device_t dev)
448{
449 device_printf(dev, "resuming\n");
450 return (0); /* success */
451}
452
453/*
454 * Generic functions to handle transfers
455 */
456
457static void
458ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
459{
460 if (sc->sc_xfer[xfer_index]) {
461 sc->sc_last_xfer_index = xfer_index;
462 usbd_transfer_start(sc->sc_xfer[xfer_index]);
463 }
464}
465
466static void
467ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
468{
469 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
470 mtx_unlock(&sc->sc_mtx);
471 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
472 mtx_lock(&sc->sc_mtx);
473}
474
475static int
476ustorage_fs_handle_request(device_t dev,
477 const void *preq, void **pptr, uint16_t *plen,
478 uint16_t offset, uint8_t is_complete)
479{
480 struct ustorage_fs_softc *sc = device_get_softc(dev);
481 const struct usb_device_request *req = preq;
482
483 if (!is_complete) {
484 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
485 (req->bRequest == UR_BBB_RESET)) {
486 *plen = 0;
487 mtx_lock(&sc->sc_mtx);
488 ustorage_fs_transfer_stop(sc);
489 sc->sc_transfer.data_error = 1;
490 ustorage_fs_transfer_start(sc,
491 USTORAGE_FS_T_BBB_COMMAND);
492 mtx_unlock(&sc->sc_mtx);
493 return (0);
494 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
495 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
496 if (offset == 0) {
497 *plen = 1;
498 *pptr = &sc->sc_last_lun;
499 } else {
500 *plen = 0;
501 }
502 return (0);
503 }
504 }
505 return (ENXIO); /* use builtin handler */
506}
507
508static void
509ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
510{
511 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
512 uint32_t tag;
513 uint8_t err = 0;
514
515 DPRINTF("\n");
516
517 switch (USB_GET_STATE(xfer)) {
518 case USB_ST_TRANSFERRED:
519
520 tag = UGETDW(sc->sc_cbw.dCBWSignature);
521
522 if (tag != CBWSIGNATURE) {
523 /* do nothing */
524 DPRINTF("invalid signature 0x%08x\n", tag);
525 break;
526 }
527 tag = UGETDW(sc->sc_cbw.dCBWTag);
528
529 /* echo back tag */
530 USETDW(sc->sc_csw.dCSWTag, tag);
531
532 /* reset status */
533 sc->sc_csw.bCSWStatus = 0;
534
535 /* reset data offset, data length and data remainder */
536 sc->sc_transfer.offset = 0;
537 sc->sc_transfer.data_rem =
538 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
539
540 /* reset data flags */
541 sc->sc_transfer.data_short = 0;
542
543 /* extract LUN */
544 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
545
546 if (sc->sc_transfer.data_rem == 0) {
547 sc->sc_transfer.cbw_dir = DIR_NONE;
548 } else {
549 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
550 sc->sc_transfer.cbw_dir = DIR_WRITE;
551 } else {
552 sc->sc_transfer.cbw_dir = DIR_READ;
553 }
554 }
555
556 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
557 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
558 (sc->sc_transfer.cmd_len == 0)) {
559 /* just halt - this is invalid */
560 DPRINTF("invalid command length %d bytes\n",
561 sc->sc_transfer.cmd_len);
562 break;
563 }
564
565 err = ustorage_fs_do_cmd(sc);
566 if (err) {
567 /* got an error */
568 DPRINTF("command failed\n");
569 break;
570 }
571 if ((sc->sc_transfer.data_rem > 0) &&
572 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
573 /* contradicting data transfer direction */
574 err = 1;
575 DPRINTF("data direction mismatch\n");
576 break;
577 }
578 switch (sc->sc_transfer.cbw_dir) {
579 case DIR_READ:
580 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
581 break;
582 case DIR_WRITE:
583 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
584 break;
585 default:
586 ustorage_fs_transfer_start(sc,
587 USTORAGE_FS_T_BBB_STATUS);
588 break;
589 }
590 break;
591
592 case USB_ST_SETUP:
593tr_setup:
594 if (sc->sc_transfer.data_error) {
595 sc->sc_transfer.data_error = 0;
596 usbd_xfer_set_stall(xfer);
597 DPRINTF("stall pipe\n");
598 }
599
600 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw,
601 sizeof(sc->sc_cbw));
602 usbd_transfer_submit(xfer);
603 break;
604
605 default: /* Error */
606 DPRINTF("error\n");
607 if (error == USB_ERR_CANCELLED) {
608 break;
609 }
610 /* If the pipe is already stalled, don't do another stall */
611 if (!usbd_xfer_is_stalled(xfer))
612 sc->sc_transfer.data_error = 1;
613
614 /* try again */
615 goto tr_setup;
616 }
617 if (err) {
618 if (sc->sc_csw.bCSWStatus == 0) {
619 /* set some default error code */
620 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
621 }
622 if (sc->sc_transfer.cbw_dir == DIR_READ) {
623 /* dump all data */
624 ustorage_fs_transfer_start(sc,
625 USTORAGE_FS_T_BBB_DATA_DUMP);
626 return;
627 }
628 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
629 /* need to stall before status */
630 sc->sc_transfer.data_error = 1;
631 }
632 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
633 }
634}
635
636static void
637ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
638{
639 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
640 uint32_t max_bulk = usbd_xfer_max_len(xfer);
641 int actlen, sumlen;
642
643 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
644
645 DPRINTF("\n");
646
647 switch (USB_GET_STATE(xfer)) {
648 case USB_ST_TRANSFERRED:
649 sc->sc_transfer.data_rem -= actlen;
650 sc->sc_transfer.offset += actlen;
651
652 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
653 /* short transfer or end of data */
654 ustorage_fs_transfer_start(sc,
655 USTORAGE_FS_T_BBB_STATUS);
656 break;
657 }
658 /* Fallthrough */
659
660 case USB_ST_SETUP:
661tr_setup:
662 if (max_bulk > sc->sc_transfer.data_rem) {
663 max_bulk = sc->sc_transfer.data_rem;
664 }
665 if (sc->sc_transfer.data_error) {
666 sc->sc_transfer.data_error = 0;
667 usbd_xfer_set_stall(xfer);
668 }
669 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
670 usbd_transfer_submit(xfer);
671 break;
672
673 default: /* Error */
674 if (error == USB_ERR_CANCELLED) {
675 break;
676 }
677 /*
678 * If the pipe is already stalled, don't do another stall:
679 */
680 if (!usbd_xfer_is_stalled(xfer))
681 sc->sc_transfer.data_error = 1;
682
683 /* try again */
684 goto tr_setup;
685 }
686}
687
688static void
689ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
690{
691 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
692 uint32_t max_bulk = usbd_xfer_max_len(xfer);
693 int actlen, sumlen;
694
695 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
696
697 DPRINTF("\n");
698
699 switch (USB_GET_STATE(xfer)) {
700 case USB_ST_TRANSFERRED:
701 sc->sc_transfer.data_rem -= actlen;
702 sc->sc_transfer.data_ptr += actlen;
703 sc->sc_transfer.offset += actlen;
704
705 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
706 /* short transfer or end of data */
707 ustorage_fs_transfer_start(sc,
708 USTORAGE_FS_T_BBB_STATUS);
709 break;
710 }
711 /* Fallthrough */
712
713 case USB_ST_SETUP:
714tr_setup:
715 if (max_bulk > sc->sc_transfer.data_rem) {
716 max_bulk = sc->sc_transfer.data_rem;
717 }
718 if (sc->sc_transfer.data_error) {
719 sc->sc_transfer.data_error = 0;
720 usbd_xfer_set_stall(xfer);
721 }
722
723 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
724 max_bulk);
725 usbd_transfer_submit(xfer);
726 break;
727
728 default: /* Error */
729 if (error == USB_ERR_CANCELLED) {
730 break;
731 }
732 /* If the pipe is already stalled, don't do another stall */
733 if (!usbd_xfer_is_stalled(xfer))
734 sc->sc_transfer.data_error = 1;
735
736 /* try again */
737 goto tr_setup;
738 }
739}
740
741static void
742ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
743{
744 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
745 uint32_t max_bulk = usbd_xfer_max_len(xfer);
746 int actlen, sumlen;
747
748 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
749
750 DPRINTF("\n");
751
752 switch (USB_GET_STATE(xfer)) {
753 case USB_ST_TRANSFERRED:
754 sc->sc_transfer.data_rem -= actlen;
755 sc->sc_transfer.data_ptr += actlen;
756 sc->sc_transfer.offset += actlen;
757
758 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
759 /* short transfer or end of data */
760 ustorage_fs_transfer_start(sc,
761 USTORAGE_FS_T_BBB_STATUS);
762 break;
763 }
764 case USB_ST_SETUP:
765tr_setup:
766 if (max_bulk >= sc->sc_transfer.data_rem) {
767 max_bulk = sc->sc_transfer.data_rem;
768 if (sc->sc_transfer.data_short)
769 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
770 else
771 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
772 } else
773 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
774
775 if (sc->sc_transfer.data_error) {
776 sc->sc_transfer.data_error = 0;
777 usbd_xfer_set_stall(xfer);
778 }
779
780 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
781 max_bulk);
782 usbd_transfer_submit(xfer);
783 break;
784
785 default: /* Error */
786 if (error == USB_ERR_CANCELLED) {
787 break;
788 }
789 /*
790 * If the pipe is already stalled, don't do another
791 * stall
792 */
793 if (!usbd_xfer_is_stalled(xfer))
794 sc->sc_transfer.data_error = 1;
795
796 /* try again */
797 goto tr_setup;
798 }
799}
800
801static void
802ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
803{
804 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
805
806 DPRINTF("\n");
807
808 switch (USB_GET_STATE(xfer)) {
809 case USB_ST_TRANSFERRED:
810 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
811 break;
812
813 case USB_ST_SETUP:
814tr_setup:
815 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
816 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
817
818 if (sc->sc_transfer.data_error) {
819 sc->sc_transfer.data_error = 0;
820 usbd_xfer_set_stall(xfer);
821 }
822
823 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw,
824 sizeof(sc->sc_csw));
825 usbd_transfer_submit(xfer);
826 break;
827
828 default:
829 if (error == USB_ERR_CANCELLED) {
830 break;
831 }
832 /* If the pipe is already stalled, don't do another stall */
833 if (!usbd_xfer_is_stalled(xfer))
834 sc->sc_transfer.data_error = 1;
835
836 /* try again */
837 goto tr_setup;
838 }
839}
840
841/* SCSI commands that we recognize */
842#define SC_FORMAT_UNIT 0x04
843#define SC_INQUIRY 0x12
844#define SC_MODE_SELECT_6 0x15
845#define SC_MODE_SELECT_10 0x55
846#define SC_MODE_SENSE_6 0x1a
847#define SC_MODE_SENSE_10 0x5a
848#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
849#define SC_READ_6 0x08
850#define SC_READ_10 0x28
851#define SC_READ_12 0xa8
852#define SC_READ_CAPACITY 0x25
853#define SC_READ_FORMAT_CAPACITIES 0x23
854#define SC_RELEASE 0x17
855#define SC_REQUEST_SENSE 0x03
856#define SC_RESERVE 0x16
857#define SC_SEND_DIAGNOSTIC 0x1d
858#define SC_START_STOP_UNIT 0x1b
859#define SC_SYNCHRONIZE_CACHE 0x35
860#define SC_TEST_UNIT_READY 0x00
861#define SC_VERIFY 0x2f
862#define SC_WRITE_6 0x0a
863#define SC_WRITE_10 0x2a
864#define SC_WRITE_12 0xaa
865
866/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
867#define SS_NO_SENSE 0
868#define SS_COMMUNICATION_FAILURE 0x040800
869#define SS_INVALID_COMMAND 0x052000
870#define SS_INVALID_FIELD_IN_CDB 0x052400
871#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
872#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
873#define SS_MEDIUM_NOT_PRESENT 0x023a00
874#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
875#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
876#define SS_RESET_OCCURRED 0x062900
877#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
878#define SS_UNRECOVERED_READ_ERROR 0x031100
879#define SS_WRITE_ERROR 0x030c02
880#define SS_WRITE_PROTECTED 0x072700
881
882#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
883#define ASC(x) ((uint8_t) ((x) >> 8))
884#define ASCQ(x) ((uint8_t) (x))
885
886/* Routines for unaligned data access */
887
888static uint16_t
889get_be16(uint8_t *buf)
890{
891 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
892}
893
894static uint32_t
895get_be32(uint8_t *buf)
896{
897 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
898 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
899}
900
901static void
902put_be16(uint8_t *buf, uint16_t val)
903{
904 buf[0] = val >> 8;
905 buf[1] = val;
906}
907
908static void
909put_be32(uint8_t *buf, uint32_t val)
910{
911 buf[0] = val >> 24;
912 buf[1] = val >> 16;
913 buf[2] = val >> 8;
914 buf[3] = val & 0xff;
915}
916
917/*------------------------------------------------------------------------*
918 * ustorage_fs_verify
919 *
920 * Returns:
921 * 0: Success
922 * Else: Failure
923 *------------------------------------------------------------------------*/
924static uint8_t
925ustorage_fs_verify(struct ustorage_fs_softc *sc)
926{
927 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
928 uint32_t lba;
929 uint32_t vlen;
930 uint64_t file_offset;
931 uint64_t amount_left;
932
933 /*
934 * Get the starting Logical Block Address
935 */
936 lba = get_be32(&sc->sc_cmd_data[2]);
937
938 /*
939 * We allow DPO (Disable Page Out = don't save data in the cache)
940 * but we don't implement it.
941 */
942 if ((sc->sc_cmd_data[1] & ~0x10) != 0) {
943 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
944 return (1);
945 }
946 vlen = get_be16(&sc->sc_cmd_data[7]);
947 if (vlen == 0) {
948 goto done;
949 }
950 /* No default reply */
951
952 /* Prepare to carry out the file verify */
953 amount_left = vlen;
954 amount_left <<= 9;
955 file_offset = lba;
956 file_offset <<= 9;
957
958 /* Range check */
959 vlen += lba;
960
961 if ((vlen < lba) ||
962 (vlen > currlun->num_sectors) ||
963 (lba >= currlun->num_sectors)) {
964 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
965 return (1);
966 }
967 /* XXX TODO: verify that data is readable */
968done:
969 return (ustorage_fs_min_len(sc, 0, 0 - 1));
970}
971
972/*------------------------------------------------------------------------*
973 * ustorage_fs_inquiry
974 *
975 * Returns:
976 * 0: Success
977 * Else: Failure
978 *------------------------------------------------------------------------*/
979static uint8_t
980ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
981{
982 uint8_t *buf = sc->sc_transfer.data_ptr;
983
984 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
985
986 if (!sc->sc_transfer.currlun) {
987 /* Unsupported LUNs are okay */
988 memset(buf, 0, 36);
989 buf[0] = 0x7f;
990 /* Unsupported, no device - type */
991 return (ustorage_fs_min_len(sc, 36, 0 - 1));
992 }
993 memset(buf, 0, 8);
994 /* Non - removable, direct - access device */
995 if (currlun->removable)
996 buf[1] = 0x80;
997 buf[2] = 2;
998 /* ANSI SCSI level 2 */
999 buf[3] = 2;
1000 /* SCSI - 2 INQUIRY data format */
1001 buf[4] = 31;
1002 /* Additional length */
1003 /* No special options */
1004 /* Copy in ID string */
1005 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1006
1007#if (USTORAGE_QDATA_MAX < 36)
1008#error "(USTORAGE_QDATA_MAX < 36)"
1009#endif
1010 return (ustorage_fs_min_len(sc, 36, 0 - 1));
1011}
1012
1013/*------------------------------------------------------------------------*
1014 * ustorage_fs_request_sense
1015 *
1016 * Returns:
1017 * 0: Success
1018 * Else: Failure
1019 *------------------------------------------------------------------------*/
1020static uint8_t
1021ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1022{
1023 uint8_t *buf = sc->sc_transfer.data_ptr;
1024 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1025 uint32_t sd;
1026 uint32_t sdinfo;
1027 uint8_t valid;
1028
1029 /*
1030 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1031 *
1032 * If a REQUEST SENSE command is received from an initiator
1033 * with a pending unit attention condition (before the target
1034 * generates the contingent allegiance condition), then the
1035 * target shall either:
1036 * a) report any pending sense data and preserve the unit
1037 * attention condition on the logical unit, or,
1038 * b) report the unit attention condition, may discard any
1039 * pending sense data, and clear the unit attention
1040 * condition on the logical unit for that initiator.
1041 *
1042 * FSG normally uses option a); enable this code to use option b).
1043 */
1044#if 0
1045 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1046 currlun->sense_data = currlun->unit_attention_data;
1047 currlun->unit_attention_data = SS_NO_SENSE;
1048 }
1049#endif
1050
1051 if (!currlun) {
1052 /* Unsupported LUNs are okay */
1053 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1054 sdinfo = 0;
1055 valid = 0;
1056 } else {
1057 sd = currlun->sense_data;
1058 sdinfo = currlun->sense_data_info;
1059 valid = currlun->info_valid << 7;
1060 currlun->sense_data = SS_NO_SENSE;
1061 currlun->sense_data_info = 0;
1062 currlun->info_valid = 0;
1063 }
1064
1065 memset(buf, 0, 18);
1066 buf[0] = valid | 0x70;
1067 /* Valid, current error */
1068 buf[2] = SK(sd);
1069 put_be32(&buf[3], sdinfo);
1070 /* Sense information */
1071 buf[7] = 18 - 8;
1072 /* Additional sense length */
1073 buf[12] = ASC(sd);
1074 buf[13] = ASCQ(sd);
1075
1076#if (USTORAGE_QDATA_MAX < 18)
1077#error "(USTORAGE_QDATA_MAX < 18)"
1078#endif
1079 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1080}
1081
1082/*------------------------------------------------------------------------*
1083 * ustorage_fs_read_capacity
1084 *
1085 * Returns:
1086 * 0: Success
1087 * Else: Failure
1088 *------------------------------------------------------------------------*/
1089static uint8_t
1090ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1091{
1092 uint8_t *buf = sc->sc_transfer.data_ptr;
1093 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1094 uint32_t lba = get_be32(&sc->sc_cmd_data[2]);
1095 uint8_t pmi = sc->sc_cmd_data[8];
1096
1097 /* Check the PMI and LBA fields */
1098 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1099 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1100 return (1);
1101 }
1102 /* Max logical block */
1103 put_be32(&buf[0], currlun->num_sectors - 1);
1104 /* Block length */
1105 put_be32(&buf[4], 512);
1106
1107#if (USTORAGE_QDATA_MAX < 8)
1108#error "(USTORAGE_QDATA_MAX < 8)"
1109#endif
1110 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1111}
1112
1113/*------------------------------------------------------------------------*
1114 * ustorage_fs_mode_sense
1115 *
1116 * Returns:
1117 * 0: Success
1118 * Else: Failure
1119 *------------------------------------------------------------------------*/
1120static uint8_t
1121ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1122{
1123 uint8_t *buf = sc->sc_transfer.data_ptr;
1124 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1125 uint8_t *buf0;
1126 uint16_t len;
1127 uint16_t limit;
1128 uint8_t mscmnd = sc->sc_cmd_data[0];
1129 uint8_t pc;
1130 uint8_t page_code;
1131 uint8_t changeable_values;
1132 uint8_t all_pages;
1133
1134 buf0 = buf;
1135
1136 if ((sc->sc_cmd_data[1] & ~0x08) != 0) {
1137 /* Mask away DBD */
1138 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1139 return (1);
1140 }
1141 pc = sc->sc_cmd_data[2] >> 6;
1142 page_code = sc->sc_cmd_data[2] & 0x3f;
1143 if (pc == 3) {
1144 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1145 return (1);
1146 }
1147 changeable_values = (pc == 1);
1148 all_pages = (page_code == 0x3f);
1149
1150 /*
1151 * Write the mode parameter header. Fixed values are: default
1152 * medium type, no cache control (DPOFUA), and no block descriptors.
1153 * The only variable value is the WriteProtect bit. We will fill in
1154 * the mode data length later.
1155 */
1156 memset(buf, 0, 8);
1157 if (mscmnd == SC_MODE_SENSE_6) {
1158 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1159 /* WP, DPOFUA */
1160 buf += 4;
1161 limit = 255;
1162 } else {
1163 /* SC_MODE_SENSE_10 */
1164 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1165 /* WP, DPOFUA */
1166 buf += 8;
1167 limit = 65535;
1168 /* Should really be mod_data.buflen */
1169 }
1170
1171 /* No block descriptors */
1172
1173 /*
1174 * The mode pages, in numerical order.
1175 */
1176 if ((page_code == 0x08) || all_pages) {
1177 buf[0] = 0x08;
1178 /* Page code */
1179 buf[1] = 10;
1180 /* Page length */
1181 memset(buf + 2, 0, 10);
1182 /* None of the fields are changeable */
1183
1184 if (!changeable_values) {
1185 buf[2] = 0x04;
1186 /* Write cache enable, */
1187 /* Read cache not disabled */
1188 /* No cache retention priorities */
1189 put_be16(&buf[4], 0xffff);
1190 /* Don 't disable prefetch */
1191 /* Minimum prefetch = 0 */
1192 put_be16(&buf[8], 0xffff);
1193 /* Maximum prefetch */
1194 put_be16(&buf[10], 0xffff);
1195 /* Maximum prefetch ceiling */
1196 }
1197 buf += 12;
1198 }
1199 /*
1200 * Check that a valid page was requested and the mode data length
1201 * isn't too long.
1202 */
1203 len = buf - buf0;
1204 if (len > limit) {
1205 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1206 return (1);
1207 }
1208 /* Store the mode data length */
1209 if (mscmnd == SC_MODE_SENSE_6)
1210 buf0[0] = len - 1;
1211 else
1212 put_be16(buf0, len - 2);
1213
1214#if (USTORAGE_QDATA_MAX < 24)
1215#error "(USTORAGE_QDATA_MAX < 24)"
1216#endif
1217 return (ustorage_fs_min_len(sc, len, 0 - 1));
1218}
1219
1220/*------------------------------------------------------------------------*
1221 * ustorage_fs_start_stop
1222 *
1223 * Returns:
1224 * 0: Success
1225 * Else: Failure
1226 *------------------------------------------------------------------------*/
1227static uint8_t
1228ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1229{
1230 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1231 uint8_t loej;
1232 uint8_t start;
1233 uint8_t immed;
1234
1235 if (!currlun->removable) {
1236 currlun->sense_data = SS_INVALID_COMMAND;
1237 return (1);
1238 }
1239 immed = sc->sc_cmd_data[1] & 0x01;
1240 loej = sc->sc_cmd_data[4] & 0x02;
1241 start = sc->sc_cmd_data[4] & 0x01;
1242
1243 if (immed || loej || start) {
1244 /* compile fix */
1245 }
1246 return (0);
1247}
1248
1249/*------------------------------------------------------------------------*
1250 * ustorage_fs_prevent_allow
1251 *
1252 * Returns:
1253 * 0: Success
1254 * Else: Failure
1255 *------------------------------------------------------------------------*/
1256static uint8_t
1257ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1258{
1259 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1260 uint8_t prevent;
1261
1262 if (!currlun->removable) {
1263 currlun->sense_data = SS_INVALID_COMMAND;
1264 return (1);
1265 }
1266 prevent = sc->sc_cmd_data[4] & 0x01;
1267 if ((sc->sc_cmd_data[4] & ~0x01) != 0) {
1268 /* Mask away Prevent */
1269 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1270 return (1);
1271 }
1272 if (currlun->prevent_medium_removal && !prevent) {
1273 //fsync_sub(currlun);
1274 }
1275 currlun->prevent_medium_removal = prevent;
1276 return (0);
1277}
1278
1279/*------------------------------------------------------------------------*
1280 * ustorage_fs_read_format_capacities
1281 *
1282 * Returns:
1283 * 0: Success
1284 * Else: Failure
1285 *------------------------------------------------------------------------*/
1286static uint8_t
1287ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1288{
1289 uint8_t *buf = sc->sc_transfer.data_ptr;
1290 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1291
1292 buf[0] = buf[1] = buf[2] = 0;
1293 buf[3] = 8;
1294 /* Only the Current / Maximum Capacity Descriptor */
1295 buf += 4;
1296
1297 /* Number of blocks */
1298 put_be32(&buf[0], currlun->num_sectors);
1299 /* Block length */
1300 put_be32(&buf[4], 512);
1301 /* Current capacity */
1302 buf[4] = 0x02;
1303
1304#if (USTORAGE_QDATA_MAX < 12)
1305#error "(USTORAGE_QDATA_MAX < 12)"
1306#endif
1307 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1308}
1309
1310/*------------------------------------------------------------------------*
1311 * ustorage_fs_mode_select
1312 *
1313 * Return values:
1314 * 0: Success
1315 * Else: Failure
1316 *------------------------------------------------------------------------*/
1317static uint8_t
1318ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1319{
1320 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1321
1322 /* We don't support MODE SELECT */
1323 currlun->sense_data = SS_INVALID_COMMAND;
1324 return (1);
1325}
1326
1327/*------------------------------------------------------------------------*
1328 * ustorage_fs_synchronize_cache
1329 *
1330 * Return values:
1331 * 0: Success
1332 * Else: Failure
1333 *------------------------------------------------------------------------*/
1334static uint8_t
1335ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1336{
1337#if 0
1338 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1339 uint8_t rc;
1340
1341 /*
1342 * We ignore the requested LBA and write out all dirty data buffers.
1343 */
1344 rc = 0;
1345 if (rc) {
1346 currlun->sense_data = SS_WRITE_ERROR;
1347 }
1348#endif
1349 return (0);
1350}
1351
1352/*------------------------------------------------------------------------*
1353 * ustorage_fs_read - read data from disk
1354 *
1355 * Return values:
1356 * 0: Success
1357 * Else: Failure
1358 *------------------------------------------------------------------------*/
1359static uint8_t
1360ustorage_fs_read(struct ustorage_fs_softc *sc)
1361{
1362 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1363 uint64_t file_offset;
1364 uint32_t lba;
1365 uint32_t len;
1366
1367 /*
1368 * Get the starting Logical Block Address and check that it's not
1369 * too big
1370 */
1371 if (sc->sc_cmd_data[0] == SC_READ_6) {
1372 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1373 get_be16(&sc->sc_cmd_data[2]);
1374 } else {
1375 lba = get_be32(&sc->sc_cmd_data[2]);
1376
1377 /*
1378 * We allow DPO (Disable Page Out = don't save data in the
1379 * cache) and FUA (Force Unit Access = don't read from the
1380 * cache), but we don't implement them.
1381 */
1382 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1383 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1384 return (1);
1385 }
1386 }
1387 len = sc->sc_transfer.data_rem >> 9;
1388 len += lba;
1389
1390 if ((len < lba) ||
1391 (len > currlun->num_sectors) ||
1392 (lba >= currlun->num_sectors)) {
1393 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1394 return (1);
1395 }
1396 file_offset = lba;
1397 file_offset <<= 9;
1398
1399 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1400
1401 return (0);
1402}
1403
1404/*------------------------------------------------------------------------*
1405 * ustorage_fs_write - write data to disk
1406 *
1407 * Return values:
1408 * 0: Success
1409 * Else: Failure
1410 *------------------------------------------------------------------------*/
1411static uint8_t
1412ustorage_fs_write(struct ustorage_fs_softc *sc)
1413{
1414 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1415 uint64_t file_offset;
1416 uint32_t lba;
1417 uint32_t len;
1418
1419 if (currlun->read_only) {
1420 currlun->sense_data = SS_WRITE_PROTECTED;
1421 return (1);
1422 }
1423 /* XXX clear SYNC */
1424
1425 /*
1426 * Get the starting Logical Block Address and check that it's not
1427 * too big.
1428 */
1429 if (sc->sc_cmd_data[0] == SC_WRITE_6)
1430 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1431 get_be16(&sc->sc_cmd_data[2]);
1432 else {
1433 lba = get_be32(&sc->sc_cmd_data[2]);
1434
1435 /*
1436 * We allow DPO (Disable Page Out = don't save data in the
1437 * cache) and FUA (Force Unit Access = write directly to the
1438 * medium). We don't implement DPO; we implement FUA by
1439 * performing synchronous output.
1440 */
1441 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1442 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1443 return (1);
1444 }
1445 if (sc->sc_cmd_data[1] & 0x08) {
1446 /* FUA */
1447 /* XXX set SYNC flag here */
1448 }
1449 }
1450
1451 len = sc->sc_transfer.data_rem >> 9;
1452 len += lba;
1453
1454 if ((len < lba) ||
1455 (len > currlun->num_sectors) ||
1456 (lba >= currlun->num_sectors)) {
1457 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1458 return (1);
1459 }
1460 file_offset = lba;
1461 file_offset <<= 9;
1462
1463 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1464
1465 return (0);
1466}
1467
1468/*------------------------------------------------------------------------*
1469 * ustorage_fs_min_len
1470 *
1471 * Return values:
1472 * 0: Success
1473 * Else: Failure
1474 *------------------------------------------------------------------------*/
1475static uint8_t
1476ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1477{
1478 if (len != sc->sc_transfer.data_rem) {
1479
1480 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1481 /*
1482 * there must be something wrong about this SCSI
1483 * command
1484 */
1485 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1486 return (1);
1487 }
1488 /* compute the minimum length */
1489
1490 if (sc->sc_transfer.data_rem > len) {
1491 /* data ends prematurely */
1492 sc->sc_transfer.data_rem = len;
1493 sc->sc_transfer.data_short = 1;
1494 }
1495 /* check length alignment */
1496
1497 if (sc->sc_transfer.data_rem & ~mask) {
1498 /* data ends prematurely */
1499 sc->sc_transfer.data_rem &= mask;
1500 sc->sc_transfer.data_short = 1;
1501 }
1502 }
1503 return (0);
1504}
1505
1506/*------------------------------------------------------------------------*
1507 * ustorage_fs_check_cmd - check command routine
1508 *
1509 * Check whether the command is properly formed and whether its data
1510 * size and direction agree with the values we already have.
1511 *
1512 * Return values:
1513 * 0: Success
1514 * Else: Failure
1515 *------------------------------------------------------------------------*/
1516static uint8_t
1517ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1518 uint16_t mask, uint8_t needs_medium)
1519{
1520 struct ustorage_fs_lun *currlun;
1521 uint8_t lun = (sc->sc_cmd_data[1] >> 5);
1522 uint8_t i;
1523
1524 /* Verify the length of the command itself */
1525 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1526 DPRINTF("%u > %u\n",
1527 min_cmd_size, sc->sc_transfer.cmd_len);
1528 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1529 return (1);
1530 }
1531 /* Mask away the LUN */
1532 sc->sc_cmd_data[1] &= 0x1f;
1533
1534 /* Check if LUN is correct */
1535 if (lun != sc->sc_transfer.lun) {
1536
1537 }
1538 /* Check the LUN */
1539 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1540 sc->sc_transfer.currlun = currlun =
1541 sc->sc_lun + sc->sc_transfer.lun;
1542 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) {
1543 currlun->sense_data = SS_NO_SENSE;
1544 currlun->sense_data_info = 0;
1545 currlun->info_valid = 0;
1546 }
1547 /*
1548 * If a unit attention condition exists, only INQUIRY
1549 * and REQUEST SENSE commands are allowed. Anything
1550 * else must fail!
1551 */
1552 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1553 (sc->sc_cmd_data[0] != SC_INQUIRY) &&
1554 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1555 currlun->sense_data = currlun->unit_attention_data;
1556 currlun->unit_attention_data = SS_NO_SENSE;
1557 return (1);
1558 }
1559 } else {
1560 sc->sc_transfer.currlun = currlun = NULL;
1561
1562 /*
1563 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1564 * to use unsupported LUNs; all others may not.
1565 */
1566 if ((sc->sc_cmd_data[0] != SC_INQUIRY) &&
1567 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1568 return (1);
1569 }
1570 }
1571
1572 /*
1573 * Check that only command bytes listed in the mask are
1574 * non-zero.
1575 */
1576 for (i = 0; i != min_cmd_size; i++) {
1577 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) {
1578 if (currlun) {
1579 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1580 }
1581 return (1);
1582 }
1583 }
1584
1585 /*
1586 * If the medium isn't mounted and the command needs to access
1587 * it, return an error.
1588 */
1589 if (currlun && (!currlun->memory_image) && needs_medium) {
1590 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1591 return (1);
1592 }
1593 return (0);
1594}
1595
1596/*------------------------------------------------------------------------*
1597 * ustorage_fs_do_cmd - do command
1598 *
1599 * Return values:
1600 * 0: Success
1601 * Else: Failure
1602 *------------------------------------------------------------------------*/
1603static uint8_t
1604ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1605{
1606 uint8_t error = 1;
1607 uint8_t i;
1608 uint32_t temp;
1609 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1610
1611 /* set default data transfer pointer */
1612 sc->sc_transfer.data_ptr = sc->sc_qdata;
1613
1614 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1615 sc->sc_cmd_data[0], sc->sc_transfer.data_rem);
1616
1617 switch (sc->sc_cmd_data[0]) {
1618 case SC_INQUIRY:
1619 sc->sc_transfer.cmd_dir = DIR_WRITE;
1620 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1621 if (error) {
1622 break;
1623 }
1624 error = ustorage_fs_check_cmd(sc, 6,
1625 (1UL << 4) | 1, 0);
1626 if (error) {
1627 break;
1628 }
1629 error = ustorage_fs_inquiry(sc);
1630
1631 break;
1632
1633 case SC_MODE_SELECT_6:
1634 sc->sc_transfer.cmd_dir = DIR_READ;
1635 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1636 if (error) {
1637 break;
1638 }
1639 error = ustorage_fs_check_cmd(sc, 6,
1640 (1UL << 1) | (1UL << 4) | 1, 0);
1641 if (error) {
1642 break;
1643 }
1644 error = ustorage_fs_mode_select(sc);
1645
1646 break;
1647
1648 case SC_MODE_SELECT_10:
1649 sc->sc_transfer.cmd_dir = DIR_READ;
1650 error = ustorage_fs_min_len(sc,
1651 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1652 if (error) {
1653 break;
1654 }
1655 error = ustorage_fs_check_cmd(sc, 10,
1656 (1UL << 1) | (3UL << 7) | 1, 0);
1657 if (error) {
1658 break;
1659 }
1660 error = ustorage_fs_mode_select(sc);
1661
1662 break;
1663
1664 case SC_MODE_SENSE_6:
1665 sc->sc_transfer.cmd_dir = DIR_WRITE;
1666 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1667 if (error) {
1668 break;
1669 }
1670 error = ustorage_fs_check_cmd(sc, 6,
1671 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1672 if (error) {
1673 break;
1674 }
1675 error = ustorage_fs_mode_sense(sc);
1676
1677 break;
1678
1679 case SC_MODE_SENSE_10:
1680 sc->sc_transfer.cmd_dir = DIR_WRITE;
1681 error = ustorage_fs_min_len(sc,
1682 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1683 if (error) {
1684 break;
1685 }
1686 error = ustorage_fs_check_cmd(sc, 10,
1687 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1688 if (error) {
1689 break;
1690 }
1691 error = ustorage_fs_mode_sense(sc);
1692
1693 break;
1694
1695 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1696 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1697 if (error) {
1698 break;
1699 }
1700 error = ustorage_fs_check_cmd(sc, 6,
1701 (1UL << 4) | 1, 0);
1702 if (error) {
1703 break;
1704 }
1705 error = ustorage_fs_prevent_allow(sc);
1706
1707 break;
1708
1709 case SC_READ_6:
1710 i = sc->sc_cmd_data[4];
1711 sc->sc_transfer.cmd_dir = DIR_WRITE;
1712 temp = ((i == 0) ? 256UL : i);
1713 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1714 if (error) {
1715 break;
1716 }
1717 error = ustorage_fs_check_cmd(sc, 6,
1718 (7UL << 1) | (1UL << 4) | 1, 1);
1719 if (error) {
1720 break;
1721 }
1722 error = ustorage_fs_read(sc);
1723
1724 break;
1725
1726 case SC_READ_10:
1727 sc->sc_transfer.cmd_dir = DIR_WRITE;
1728 temp = get_be16(&sc->sc_cmd_data[7]);
1729 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1730 if (error) {
1731 break;
1732 }
1733 error = ustorage_fs_check_cmd(sc, 10,
1734 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1735 if (error) {
1736 break;
1737 }
1738 error = ustorage_fs_read(sc);
1739
1740 break;
1741
1742 case SC_READ_12:
1743 sc->sc_transfer.cmd_dir = DIR_WRITE;
1744 temp = get_be32(&sc->sc_cmd_data[6]);
1745 if (temp >= (1UL << (32 - 9))) {
1746 /* numerical overflow */
1747 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1748 error = 1;
1749 break;
1750 }
1751 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1752 if (error) {
1753 break;
1754 }
1755 error = ustorage_fs_check_cmd(sc, 12,
1756 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1757 if (error) {
1758 break;
1759 }
1760 error = ustorage_fs_read(sc);
1761
1762 break;
1763
1764 case SC_READ_CAPACITY:
1765 sc->sc_transfer.cmd_dir = DIR_WRITE;
1766 error = ustorage_fs_check_cmd(sc, 10,
1767 (0xfUL << 2) | (1UL << 8) | 1, 1);
1768 if (error) {
1769 break;
1770 }
1771 error = ustorage_fs_read_capacity(sc);
1772
1773 break;
1774
1775 case SC_READ_FORMAT_CAPACITIES:
1776 sc->sc_transfer.cmd_dir = DIR_WRITE;
1777 error = ustorage_fs_min_len(sc,
1778 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1779 if (error) {
1780 break;
1781 }
1782 error = ustorage_fs_check_cmd(sc, 10,
1783 (3UL << 7) | 1, 1);
1784 if (error) {
1785 break;
1786 }
1787 error = ustorage_fs_read_format_capacities(sc);
1788
1789 break;
1790
1791 case SC_REQUEST_SENSE:
1792 sc->sc_transfer.cmd_dir = DIR_WRITE;
1793 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1794 if (error) {
1795 break;
1796 }
1797 error = ustorage_fs_check_cmd(sc, 6,
1798 (1UL << 4) | 1, 0);
1799 if (error) {
1800 break;
1801 }
1802 error = ustorage_fs_request_sense(sc);
1803
1804 break;
1805
1806 case SC_START_STOP_UNIT:
1807 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1808 if (error) {
1809 break;
1810 }
1811 error = ustorage_fs_check_cmd(sc, 6,
1812 (1UL << 1) | (1UL << 4) | 1, 0);
1813 if (error) {
1814 break;
1815 }
1816 error = ustorage_fs_start_stop(sc);
1817
1818 break;
1819
1820 case SC_SYNCHRONIZE_CACHE:
1821 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1822 if (error) {
1823 break;
1824 }
1825 error = ustorage_fs_check_cmd(sc, 10,
1826 (0xfUL << 2) | (3UL << 7) | 1, 1);
1827 if (error) {
1828 break;
1829 }
1830 error = ustorage_fs_synchronize_cache(sc);
1831
1832 break;
1833
1834 case SC_TEST_UNIT_READY:
1835 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1836 if (error) {
1837 break;
1838 }
1839 error = ustorage_fs_check_cmd(sc, 6,
1840 0 | 1, 1);
1841 break;
1842
1843 /*
1844 * Although optional, this command is used by MS-Windows.
1845 * We support a minimal version: BytChk must be 0.
1846 */
1847 case SC_VERIFY:
1848 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1849 if (error) {
1850 break;
1851 }
1852 error = ustorage_fs_check_cmd(sc, 10,
1853 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1854 if (error) {
1855 break;
1856 }
1857 error = ustorage_fs_verify(sc);
1858
1859 break;
1860
1861 case SC_WRITE_6:
1862 i = sc->sc_cmd_data[4];
1863 sc->sc_transfer.cmd_dir = DIR_READ;
1864 temp = ((i == 0) ? 256UL : i);
1865 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1866 if (error) {
1867 break;
1868 }
1869 error = ustorage_fs_check_cmd(sc, 6,
1870 (7UL << 1) | (1UL << 4) | 1, 1);
1871 if (error) {
1872 break;
1873 }
1874 error = ustorage_fs_write(sc);
1875
1876 break;
1877
1878 case SC_WRITE_10:
1879 sc->sc_transfer.cmd_dir = DIR_READ;
1880 temp = get_be16(&sc->sc_cmd_data[7]);
1881 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1882 if (error) {
1883 break;
1884 }
1885 error = ustorage_fs_check_cmd(sc, 10,
1886 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1887 if (error) {
1888 break;
1889 }
1890 error = ustorage_fs_write(sc);
1891
1892 break;
1893
1894 case SC_WRITE_12:
1895 sc->sc_transfer.cmd_dir = DIR_READ;
1896 temp = get_be32(&sc->sc_cmd_data[6]);
1897 if (temp > (mask9 >> 9)) {
1898 /* numerical overflow */
1899 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1900 error = 1;
1901 break;
1902 }
1903 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1904 if (error) {
1905 break;
1906 }
1907 error = ustorage_fs_check_cmd(sc, 12,
1908 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1909 if (error) {
1910 break;
1911 }
1912 error = ustorage_fs_write(sc);
1913
1914 break;
1915
1916 /*
1917 * Some mandatory commands that we recognize but don't
1918 * implement. They don't mean much in this setting.
1919 * It's left as an exercise for anyone interested to
1920 * implement RESERVE and RELEASE in terms of Posix
1921 * locks.
1922 */
1923 case SC_FORMAT_UNIT:
1924 case SC_RELEASE:
1925 case SC_RESERVE:
1926 case SC_SEND_DIAGNOSTIC:
1927 /* Fallthrough */
1928
1929 default:
1930 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1931 if (error) {
1932 break;
1933 }
1934 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1935 0xff, 0);
1936 if (error) {
1937 break;
1938 }
1939 sc->sc_transfer.currlun->sense_data =
1940 SS_INVALID_COMMAND;
1941 error = 1;
1942
1943 break;
1944 }
1945 return (error);
1946}
2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39#include <sys/stdint.h>
40#include <sys/stddef.h>
41#include <sys/param.h>
42#include <sys/queue.h>
43#include <sys/types.h>
44#include <sys/systm.h>
45#include <sys/kernel.h>
46#include <sys/bus.h>
47#include <sys/linker_set.h>
48#include <sys/module.h>
49#include <sys/lock.h>
50#include <sys/mutex.h>
51#include <sys/condvar.h>
52#include <sys/sysctl.h>
53#include <sys/sx.h>
54#include <sys/unistd.h>
55#include <sys/callout.h>
56#include <sys/malloc.h>
57#include <sys/priv.h>
58
59#include <dev/usb/usb.h>
60#include <dev/usb/usbdi.h>
61#include "usbdevs.h"
62#include "usb_if.h"
63
64#define USB_DEBUG_VAR ustorage_fs_debug
65#include <dev/usb/usb_debug.h>
66
67#if USB_DEBUG
68static int ustorage_fs_debug = 0;
69
70SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
71SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
72 &ustorage_fs_debug, 0, "ustorage_fs debug level");
73#endif
74
75/* Define some limits */
76
77#ifndef USTORAGE_FS_BULK_SIZE
78#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */
79#endif
80
81#ifndef USTORAGE_FS_MAX_LUN
82#define USTORAGE_FS_MAX_LUN 8 /* units */
83#endif
84
85#ifndef USTORAGE_QDATA_MAX
86#define USTORAGE_QDATA_MAX 40 /* bytes */
87#endif
88
89#define sc_cmd_data sc_cbw.CBWCDB
90
91/*
92 * The SCSI ID string must be exactly 28 characters long
93 * exluding the terminating zero.
94 */
95#ifndef USTORAGE_FS_ID_STRING
96#define USTORAGE_FS_ID_STRING \
97 "FreeBSD " /* 8 */ \
98 "File-Stor Gadget" /* 16 */ \
99 "0101" /* 4 */
100#endif
101
102/*
103 * The following macro defines the number of
104 * sectors to be allocated for the RAM disk:
105 */
106#ifndef USTORAGE_FS_RAM_SECT
107#define USTORAGE_FS_RAM_SECT (1UL << 13)
108#endif
109
110static uint8_t *ustorage_fs_ramdisk;
111
112/* USB transfer definitions */
113
114#define USTORAGE_FS_T_BBB_COMMAND 0
115#define USTORAGE_FS_T_BBB_DATA_DUMP 1
116#define USTORAGE_FS_T_BBB_DATA_READ 2
117#define USTORAGE_FS_T_BBB_DATA_WRITE 3
118#define USTORAGE_FS_T_BBB_STATUS 4
119#define USTORAGE_FS_T_BBB_MAX 5
120
121/* USB data stage direction */
122
123#define DIR_NONE 0
124#define DIR_READ 1
125#define DIR_WRITE 2
126
127/* USB interface specific control request */
128
129#define UR_BBB_RESET 0xff /* Bulk-Only reset */
130#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
131
132/* Command Block Wrapper */
133typedef struct {
134 uDWord dCBWSignature;
135#define CBWSIGNATURE 0x43425355
136 uDWord dCBWTag;
137 uDWord dCBWDataTransferLength;
138 uByte bCBWFlags;
139#define CBWFLAGS_OUT 0x00
140#define CBWFLAGS_IN 0x80
141 uByte bCBWLUN;
142 uByte bCDBLength;
143#define CBWCDBLENGTH 16
144 uByte CBWCDB[CBWCDBLENGTH];
145} __packed ustorage_fs_bbb_cbw_t;
146
147#define USTORAGE_FS_BBB_CBW_SIZE 31
148
149/* Command Status Wrapper */
150typedef struct {
151 uDWord dCSWSignature;
152#define CSWSIGNATURE 0x53425355
153 uDWord dCSWTag;
154 uDWord dCSWDataResidue;
155 uByte bCSWStatus;
156#define CSWSTATUS_GOOD 0x0
157#define CSWSTATUS_FAILED 0x1
158#define CSWSTATUS_PHASE 0x2
159} __packed ustorage_fs_bbb_csw_t;
160
161#define USTORAGE_FS_BBB_CSW_SIZE 13
162
163struct ustorage_fs_lun {
164
165 uint8_t *memory_image;
166
167 uint32_t num_sectors;
168 uint32_t sense_data;
169 uint32_t sense_data_info;
170 uint32_t unit_attention_data;
171
172 uint8_t read_only:1;
173 uint8_t prevent_medium_removal:1;
174 uint8_t info_valid:1;
175 uint8_t removable:1;
176};
177
178struct ustorage_fs_softc {
179
180 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
181 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
182
183 struct mtx sc_mtx;
184
185 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
186
187 struct {
188 uint8_t *data_ptr;
189 struct ustorage_fs_lun *currlun;
190
191 uint32_t data_rem; /* bytes, as reported by the command
192 * block wrapper */
193 uint32_t offset; /* bytes */
194
195 uint8_t cbw_dir;
196 uint8_t cmd_dir;
197 uint8_t lun;
198 uint8_t cmd_len;
199 uint8_t data_short:1;
200 uint8_t data_error:1;
201 } sc_transfer;
202
203 device_t sc_dev;
204 struct usb_device *sc_udev;
205 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
206
207 uint8_t sc_iface_no; /* interface number */
208 uint8_t sc_last_lun;
209 uint8_t sc_last_xfer_index;
210 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
211};
212
213/* prototypes */
214
215static device_probe_t ustorage_fs_probe;
216static device_attach_t ustorage_fs_attach;
217static device_detach_t ustorage_fs_detach;
218static device_suspend_t ustorage_fs_suspend;
219static device_resume_t ustorage_fs_resume;
220static usb_handle_request_t ustorage_fs_handle_request;
221
222static usb_callback_t ustorage_fs_t_bbb_command_callback;
223static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
224static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
225static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
226static usb_callback_t ustorage_fs_t_bbb_status_callback;
227
228static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
229static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
230
231static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
232static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
233static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
234static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
235static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
236static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
237static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
238static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
239static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
240static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
241static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
242static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
243static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
244static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
245
246static device_method_t ustorage_fs_methods[] = {
247 /* USB interface */
248 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
249
250 /* Device interface */
251 DEVMETHOD(device_probe, ustorage_fs_probe),
252 DEVMETHOD(device_attach, ustorage_fs_attach),
253 DEVMETHOD(device_detach, ustorage_fs_detach),
254 DEVMETHOD(device_suspend, ustorage_fs_suspend),
255 DEVMETHOD(device_resume, ustorage_fs_resume),
256
257 {0, 0}
258};
259
260static driver_t ustorage_fs_driver = {
261 .name = "ustorage_fs",
262 .methods = ustorage_fs_methods,
263 .size = sizeof(struct ustorage_fs_softc),
264};
265
266static devclass_t ustorage_fs_devclass;
267
268DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
269MODULE_VERSION(ustorage_fs, 0);
270MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
271
272static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
273
274 [USTORAGE_FS_T_BBB_COMMAND] = {
275 .type = UE_BULK,
276 .endpoint = UE_ADDR_ANY,
277 .direction = UE_DIR_OUT,
278 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
279 .flags = {.ext_buffer = 1,},
280 .callback = &ustorage_fs_t_bbb_command_callback,
281 .usb_mode = USB_MODE_DEVICE,
282 },
283
284 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
285 .type = UE_BULK,
286 .endpoint = UE_ADDR_ANY,
287 .direction = UE_DIR_OUT,
288 .bufsize = 0, /* use wMaxPacketSize */
289 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
290 .callback = &ustorage_fs_t_bbb_data_dump_callback,
291 .usb_mode = USB_MODE_DEVICE,
292 },
293
294 [USTORAGE_FS_T_BBB_DATA_READ] = {
295 .type = UE_BULK,
296 .endpoint = UE_ADDR_ANY,
297 .direction = UE_DIR_OUT,
298 .bufsize = USTORAGE_FS_BULK_SIZE,
299 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
300 .callback = &ustorage_fs_t_bbb_data_read_callback,
301 .usb_mode = USB_MODE_DEVICE,
302 },
303
304 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
305 .type = UE_BULK,
306 .endpoint = UE_ADDR_ANY,
307 .direction = UE_DIR_IN,
308 .bufsize = USTORAGE_FS_BULK_SIZE,
309 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
310 .callback = &ustorage_fs_t_bbb_data_write_callback,
311 .usb_mode = USB_MODE_DEVICE,
312 },
313
314 [USTORAGE_FS_T_BBB_STATUS] = {
315 .type = UE_BULK,
316 .endpoint = UE_ADDR_ANY,
317 .direction = UE_DIR_IN,
318 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
319 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
320 .callback = &ustorage_fs_t_bbb_status_callback,
321 .usb_mode = USB_MODE_DEVICE,
322 },
323};
324
325/*
326 * USB device probe/attach/detach
327 */
328
329static int
330ustorage_fs_probe(device_t dev)
331{
332 struct usb_attach_arg *uaa = device_get_ivars(dev);
333 struct usb_interface_descriptor *id;
334
335 if (uaa->usb_mode != USB_MODE_DEVICE) {
336 return (ENXIO);
337 }
338 if (uaa->use_generic == 0) {
339 /* give other drivers a try first */
340 return (ENXIO);
341 }
342 /* Check for a standards compliant device */
343 id = usbd_get_interface_descriptor(uaa->iface);
344 if ((id == NULL) ||
345 (id->bInterfaceClass != UICLASS_MASS) ||
346 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
347 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
348 return (ENXIO);
349 }
350 return (0);
351}
352
353static int
354ustorage_fs_attach(device_t dev)
355{
356 struct ustorage_fs_softc *sc = device_get_softc(dev);
357 struct usb_attach_arg *uaa = device_get_ivars(dev);
358 struct usb_interface_descriptor *id;
359 int err;
360 int unit;
361
362 /*
363 * NOTE: the softc struct is bzero-ed in device_set_driver.
364 * We can safely call ustorage_fs_detach without specifically
365 * initializing the struct.
366 */
367
368 sc->sc_dev = dev;
369 sc->sc_udev = uaa->device;
370 unit = device_get_unit(dev);
371
372 if (unit == 0) {
373 if (ustorage_fs_ramdisk == NULL) {
374 /*
375 * allocate a memory image for our ramdisk until
376 * further
377 */
378 ustorage_fs_ramdisk =
379 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
380 if (ustorage_fs_ramdisk == NULL) {
381 return (ENOMEM);
382 }
383 }
384 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
385 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
386 sc->sc_lun[0].removable = 1;
387 }
388
389 device_set_usb_desc(dev);
390
391 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
392 NULL, (MTX_DEF | MTX_RECURSE));
393
394 /* get interface index */
395
396 id = usbd_get_interface_descriptor(uaa->iface);
397 if (id == NULL) {
398 device_printf(dev, "failed to get "
399 "interface number\n");
400 goto detach;
401 }
402 sc->sc_iface_no = id->bInterfaceNumber;
403
404 err = usbd_transfer_setup(uaa->device,
405 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
406 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
407 if (err) {
408 device_printf(dev, "could not setup required "
409 "transfers, %s\n", usbd_errstr(err));
410 goto detach;
411 }
412 /* start Mass Storage State Machine */
413
414 mtx_lock(&sc->sc_mtx);
415 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
416 mtx_unlock(&sc->sc_mtx);
417
418 return (0); /* success */
419
420detach:
421 ustorage_fs_detach(dev);
422 return (ENXIO); /* failure */
423}
424
425static int
426ustorage_fs_detach(device_t dev)
427{
428 struct ustorage_fs_softc *sc = device_get_softc(dev);
429
430 /* teardown our statemachine */
431
432 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
433
434 mtx_destroy(&sc->sc_mtx);
435
436 return (0); /* success */
437}
438
439static int
440ustorage_fs_suspend(device_t dev)
441{
442 device_printf(dev, "suspending\n");
443 return (0); /* success */
444}
445
446static int
447ustorage_fs_resume(device_t dev)
448{
449 device_printf(dev, "resuming\n");
450 return (0); /* success */
451}
452
453/*
454 * Generic functions to handle transfers
455 */
456
457static void
458ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
459{
460 if (sc->sc_xfer[xfer_index]) {
461 sc->sc_last_xfer_index = xfer_index;
462 usbd_transfer_start(sc->sc_xfer[xfer_index]);
463 }
464}
465
466static void
467ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
468{
469 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
470 mtx_unlock(&sc->sc_mtx);
471 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
472 mtx_lock(&sc->sc_mtx);
473}
474
475static int
476ustorage_fs_handle_request(device_t dev,
477 const void *preq, void **pptr, uint16_t *plen,
478 uint16_t offset, uint8_t is_complete)
479{
480 struct ustorage_fs_softc *sc = device_get_softc(dev);
481 const struct usb_device_request *req = preq;
482
483 if (!is_complete) {
484 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
485 (req->bRequest == UR_BBB_RESET)) {
486 *plen = 0;
487 mtx_lock(&sc->sc_mtx);
488 ustorage_fs_transfer_stop(sc);
489 sc->sc_transfer.data_error = 1;
490 ustorage_fs_transfer_start(sc,
491 USTORAGE_FS_T_BBB_COMMAND);
492 mtx_unlock(&sc->sc_mtx);
493 return (0);
494 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
495 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
496 if (offset == 0) {
497 *plen = 1;
498 *pptr = &sc->sc_last_lun;
499 } else {
500 *plen = 0;
501 }
502 return (0);
503 }
504 }
505 return (ENXIO); /* use builtin handler */
506}
507
508static void
509ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
510{
511 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
512 uint32_t tag;
513 uint8_t err = 0;
514
515 DPRINTF("\n");
516
517 switch (USB_GET_STATE(xfer)) {
518 case USB_ST_TRANSFERRED:
519
520 tag = UGETDW(sc->sc_cbw.dCBWSignature);
521
522 if (tag != CBWSIGNATURE) {
523 /* do nothing */
524 DPRINTF("invalid signature 0x%08x\n", tag);
525 break;
526 }
527 tag = UGETDW(sc->sc_cbw.dCBWTag);
528
529 /* echo back tag */
530 USETDW(sc->sc_csw.dCSWTag, tag);
531
532 /* reset status */
533 sc->sc_csw.bCSWStatus = 0;
534
535 /* reset data offset, data length and data remainder */
536 sc->sc_transfer.offset = 0;
537 sc->sc_transfer.data_rem =
538 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
539
540 /* reset data flags */
541 sc->sc_transfer.data_short = 0;
542
543 /* extract LUN */
544 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
545
546 if (sc->sc_transfer.data_rem == 0) {
547 sc->sc_transfer.cbw_dir = DIR_NONE;
548 } else {
549 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
550 sc->sc_transfer.cbw_dir = DIR_WRITE;
551 } else {
552 sc->sc_transfer.cbw_dir = DIR_READ;
553 }
554 }
555
556 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
557 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
558 (sc->sc_transfer.cmd_len == 0)) {
559 /* just halt - this is invalid */
560 DPRINTF("invalid command length %d bytes\n",
561 sc->sc_transfer.cmd_len);
562 break;
563 }
564
565 err = ustorage_fs_do_cmd(sc);
566 if (err) {
567 /* got an error */
568 DPRINTF("command failed\n");
569 break;
570 }
571 if ((sc->sc_transfer.data_rem > 0) &&
572 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
573 /* contradicting data transfer direction */
574 err = 1;
575 DPRINTF("data direction mismatch\n");
576 break;
577 }
578 switch (sc->sc_transfer.cbw_dir) {
579 case DIR_READ:
580 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
581 break;
582 case DIR_WRITE:
583 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
584 break;
585 default:
586 ustorage_fs_transfer_start(sc,
587 USTORAGE_FS_T_BBB_STATUS);
588 break;
589 }
590 break;
591
592 case USB_ST_SETUP:
593tr_setup:
594 if (sc->sc_transfer.data_error) {
595 sc->sc_transfer.data_error = 0;
596 usbd_xfer_set_stall(xfer);
597 DPRINTF("stall pipe\n");
598 }
599
600 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw,
601 sizeof(sc->sc_cbw));
602 usbd_transfer_submit(xfer);
603 break;
604
605 default: /* Error */
606 DPRINTF("error\n");
607 if (error == USB_ERR_CANCELLED) {
608 break;
609 }
610 /* If the pipe is already stalled, don't do another stall */
611 if (!usbd_xfer_is_stalled(xfer))
612 sc->sc_transfer.data_error = 1;
613
614 /* try again */
615 goto tr_setup;
616 }
617 if (err) {
618 if (sc->sc_csw.bCSWStatus == 0) {
619 /* set some default error code */
620 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
621 }
622 if (sc->sc_transfer.cbw_dir == DIR_READ) {
623 /* dump all data */
624 ustorage_fs_transfer_start(sc,
625 USTORAGE_FS_T_BBB_DATA_DUMP);
626 return;
627 }
628 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
629 /* need to stall before status */
630 sc->sc_transfer.data_error = 1;
631 }
632 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
633 }
634}
635
636static void
637ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
638{
639 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
640 uint32_t max_bulk = usbd_xfer_max_len(xfer);
641 int actlen, sumlen;
642
643 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
644
645 DPRINTF("\n");
646
647 switch (USB_GET_STATE(xfer)) {
648 case USB_ST_TRANSFERRED:
649 sc->sc_transfer.data_rem -= actlen;
650 sc->sc_transfer.offset += actlen;
651
652 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
653 /* short transfer or end of data */
654 ustorage_fs_transfer_start(sc,
655 USTORAGE_FS_T_BBB_STATUS);
656 break;
657 }
658 /* Fallthrough */
659
660 case USB_ST_SETUP:
661tr_setup:
662 if (max_bulk > sc->sc_transfer.data_rem) {
663 max_bulk = sc->sc_transfer.data_rem;
664 }
665 if (sc->sc_transfer.data_error) {
666 sc->sc_transfer.data_error = 0;
667 usbd_xfer_set_stall(xfer);
668 }
669 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
670 usbd_transfer_submit(xfer);
671 break;
672
673 default: /* Error */
674 if (error == USB_ERR_CANCELLED) {
675 break;
676 }
677 /*
678 * If the pipe is already stalled, don't do another stall:
679 */
680 if (!usbd_xfer_is_stalled(xfer))
681 sc->sc_transfer.data_error = 1;
682
683 /* try again */
684 goto tr_setup;
685 }
686}
687
688static void
689ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
690{
691 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
692 uint32_t max_bulk = usbd_xfer_max_len(xfer);
693 int actlen, sumlen;
694
695 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
696
697 DPRINTF("\n");
698
699 switch (USB_GET_STATE(xfer)) {
700 case USB_ST_TRANSFERRED:
701 sc->sc_transfer.data_rem -= actlen;
702 sc->sc_transfer.data_ptr += actlen;
703 sc->sc_transfer.offset += actlen;
704
705 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
706 /* short transfer or end of data */
707 ustorage_fs_transfer_start(sc,
708 USTORAGE_FS_T_BBB_STATUS);
709 break;
710 }
711 /* Fallthrough */
712
713 case USB_ST_SETUP:
714tr_setup:
715 if (max_bulk > sc->sc_transfer.data_rem) {
716 max_bulk = sc->sc_transfer.data_rem;
717 }
718 if (sc->sc_transfer.data_error) {
719 sc->sc_transfer.data_error = 0;
720 usbd_xfer_set_stall(xfer);
721 }
722
723 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
724 max_bulk);
725 usbd_transfer_submit(xfer);
726 break;
727
728 default: /* Error */
729 if (error == USB_ERR_CANCELLED) {
730 break;
731 }
732 /* If the pipe is already stalled, don't do another stall */
733 if (!usbd_xfer_is_stalled(xfer))
734 sc->sc_transfer.data_error = 1;
735
736 /* try again */
737 goto tr_setup;
738 }
739}
740
741static void
742ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
743{
744 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
745 uint32_t max_bulk = usbd_xfer_max_len(xfer);
746 int actlen, sumlen;
747
748 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
749
750 DPRINTF("\n");
751
752 switch (USB_GET_STATE(xfer)) {
753 case USB_ST_TRANSFERRED:
754 sc->sc_transfer.data_rem -= actlen;
755 sc->sc_transfer.data_ptr += actlen;
756 sc->sc_transfer.offset += actlen;
757
758 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
759 /* short transfer or end of data */
760 ustorage_fs_transfer_start(sc,
761 USTORAGE_FS_T_BBB_STATUS);
762 break;
763 }
764 case USB_ST_SETUP:
765tr_setup:
766 if (max_bulk >= sc->sc_transfer.data_rem) {
767 max_bulk = sc->sc_transfer.data_rem;
768 if (sc->sc_transfer.data_short)
769 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
770 else
771 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
772 } else
773 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
774
775 if (sc->sc_transfer.data_error) {
776 sc->sc_transfer.data_error = 0;
777 usbd_xfer_set_stall(xfer);
778 }
779
780 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
781 max_bulk);
782 usbd_transfer_submit(xfer);
783 break;
784
785 default: /* Error */
786 if (error == USB_ERR_CANCELLED) {
787 break;
788 }
789 /*
790 * If the pipe is already stalled, don't do another
791 * stall
792 */
793 if (!usbd_xfer_is_stalled(xfer))
794 sc->sc_transfer.data_error = 1;
795
796 /* try again */
797 goto tr_setup;
798 }
799}
800
801static void
802ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
803{
804 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
805
806 DPRINTF("\n");
807
808 switch (USB_GET_STATE(xfer)) {
809 case USB_ST_TRANSFERRED:
810 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
811 break;
812
813 case USB_ST_SETUP:
814tr_setup:
815 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
816 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
817
818 if (sc->sc_transfer.data_error) {
819 sc->sc_transfer.data_error = 0;
820 usbd_xfer_set_stall(xfer);
821 }
822
823 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw,
824 sizeof(sc->sc_csw));
825 usbd_transfer_submit(xfer);
826 break;
827
828 default:
829 if (error == USB_ERR_CANCELLED) {
830 break;
831 }
832 /* If the pipe is already stalled, don't do another stall */
833 if (!usbd_xfer_is_stalled(xfer))
834 sc->sc_transfer.data_error = 1;
835
836 /* try again */
837 goto tr_setup;
838 }
839}
840
841/* SCSI commands that we recognize */
842#define SC_FORMAT_UNIT 0x04
843#define SC_INQUIRY 0x12
844#define SC_MODE_SELECT_6 0x15
845#define SC_MODE_SELECT_10 0x55
846#define SC_MODE_SENSE_6 0x1a
847#define SC_MODE_SENSE_10 0x5a
848#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
849#define SC_READ_6 0x08
850#define SC_READ_10 0x28
851#define SC_READ_12 0xa8
852#define SC_READ_CAPACITY 0x25
853#define SC_READ_FORMAT_CAPACITIES 0x23
854#define SC_RELEASE 0x17
855#define SC_REQUEST_SENSE 0x03
856#define SC_RESERVE 0x16
857#define SC_SEND_DIAGNOSTIC 0x1d
858#define SC_START_STOP_UNIT 0x1b
859#define SC_SYNCHRONIZE_CACHE 0x35
860#define SC_TEST_UNIT_READY 0x00
861#define SC_VERIFY 0x2f
862#define SC_WRITE_6 0x0a
863#define SC_WRITE_10 0x2a
864#define SC_WRITE_12 0xaa
865
866/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
867#define SS_NO_SENSE 0
868#define SS_COMMUNICATION_FAILURE 0x040800
869#define SS_INVALID_COMMAND 0x052000
870#define SS_INVALID_FIELD_IN_CDB 0x052400
871#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
872#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
873#define SS_MEDIUM_NOT_PRESENT 0x023a00
874#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
875#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
876#define SS_RESET_OCCURRED 0x062900
877#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
878#define SS_UNRECOVERED_READ_ERROR 0x031100
879#define SS_WRITE_ERROR 0x030c02
880#define SS_WRITE_PROTECTED 0x072700
881
882#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
883#define ASC(x) ((uint8_t) ((x) >> 8))
884#define ASCQ(x) ((uint8_t) (x))
885
886/* Routines for unaligned data access */
887
888static uint16_t
889get_be16(uint8_t *buf)
890{
891 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
892}
893
894static uint32_t
895get_be32(uint8_t *buf)
896{
897 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
898 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
899}
900
901static void
902put_be16(uint8_t *buf, uint16_t val)
903{
904 buf[0] = val >> 8;
905 buf[1] = val;
906}
907
908static void
909put_be32(uint8_t *buf, uint32_t val)
910{
911 buf[0] = val >> 24;
912 buf[1] = val >> 16;
913 buf[2] = val >> 8;
914 buf[3] = val & 0xff;
915}
916
917/*------------------------------------------------------------------------*
918 * ustorage_fs_verify
919 *
920 * Returns:
921 * 0: Success
922 * Else: Failure
923 *------------------------------------------------------------------------*/
924static uint8_t
925ustorage_fs_verify(struct ustorage_fs_softc *sc)
926{
927 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
928 uint32_t lba;
929 uint32_t vlen;
930 uint64_t file_offset;
931 uint64_t amount_left;
932
933 /*
934 * Get the starting Logical Block Address
935 */
936 lba = get_be32(&sc->sc_cmd_data[2]);
937
938 /*
939 * We allow DPO (Disable Page Out = don't save data in the cache)
940 * but we don't implement it.
941 */
942 if ((sc->sc_cmd_data[1] & ~0x10) != 0) {
943 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
944 return (1);
945 }
946 vlen = get_be16(&sc->sc_cmd_data[7]);
947 if (vlen == 0) {
948 goto done;
949 }
950 /* No default reply */
951
952 /* Prepare to carry out the file verify */
953 amount_left = vlen;
954 amount_left <<= 9;
955 file_offset = lba;
956 file_offset <<= 9;
957
958 /* Range check */
959 vlen += lba;
960
961 if ((vlen < lba) ||
962 (vlen > currlun->num_sectors) ||
963 (lba >= currlun->num_sectors)) {
964 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
965 return (1);
966 }
967 /* XXX TODO: verify that data is readable */
968done:
969 return (ustorage_fs_min_len(sc, 0, 0 - 1));
970}
971
972/*------------------------------------------------------------------------*
973 * ustorage_fs_inquiry
974 *
975 * Returns:
976 * 0: Success
977 * Else: Failure
978 *------------------------------------------------------------------------*/
979static uint8_t
980ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
981{
982 uint8_t *buf = sc->sc_transfer.data_ptr;
983
984 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
985
986 if (!sc->sc_transfer.currlun) {
987 /* Unsupported LUNs are okay */
988 memset(buf, 0, 36);
989 buf[0] = 0x7f;
990 /* Unsupported, no device - type */
991 return (ustorage_fs_min_len(sc, 36, 0 - 1));
992 }
993 memset(buf, 0, 8);
994 /* Non - removable, direct - access device */
995 if (currlun->removable)
996 buf[1] = 0x80;
997 buf[2] = 2;
998 /* ANSI SCSI level 2 */
999 buf[3] = 2;
1000 /* SCSI - 2 INQUIRY data format */
1001 buf[4] = 31;
1002 /* Additional length */
1003 /* No special options */
1004 /* Copy in ID string */
1005 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1006
1007#if (USTORAGE_QDATA_MAX < 36)
1008#error "(USTORAGE_QDATA_MAX < 36)"
1009#endif
1010 return (ustorage_fs_min_len(sc, 36, 0 - 1));
1011}
1012
1013/*------------------------------------------------------------------------*
1014 * ustorage_fs_request_sense
1015 *
1016 * Returns:
1017 * 0: Success
1018 * Else: Failure
1019 *------------------------------------------------------------------------*/
1020static uint8_t
1021ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1022{
1023 uint8_t *buf = sc->sc_transfer.data_ptr;
1024 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1025 uint32_t sd;
1026 uint32_t sdinfo;
1027 uint8_t valid;
1028
1029 /*
1030 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1031 *
1032 * If a REQUEST SENSE command is received from an initiator
1033 * with a pending unit attention condition (before the target
1034 * generates the contingent allegiance condition), then the
1035 * target shall either:
1036 * a) report any pending sense data and preserve the unit
1037 * attention condition on the logical unit, or,
1038 * b) report the unit attention condition, may discard any
1039 * pending sense data, and clear the unit attention
1040 * condition on the logical unit for that initiator.
1041 *
1042 * FSG normally uses option a); enable this code to use option b).
1043 */
1044#if 0
1045 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1046 currlun->sense_data = currlun->unit_attention_data;
1047 currlun->unit_attention_data = SS_NO_SENSE;
1048 }
1049#endif
1050
1051 if (!currlun) {
1052 /* Unsupported LUNs are okay */
1053 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1054 sdinfo = 0;
1055 valid = 0;
1056 } else {
1057 sd = currlun->sense_data;
1058 sdinfo = currlun->sense_data_info;
1059 valid = currlun->info_valid << 7;
1060 currlun->sense_data = SS_NO_SENSE;
1061 currlun->sense_data_info = 0;
1062 currlun->info_valid = 0;
1063 }
1064
1065 memset(buf, 0, 18);
1066 buf[0] = valid | 0x70;
1067 /* Valid, current error */
1068 buf[2] = SK(sd);
1069 put_be32(&buf[3], sdinfo);
1070 /* Sense information */
1071 buf[7] = 18 - 8;
1072 /* Additional sense length */
1073 buf[12] = ASC(sd);
1074 buf[13] = ASCQ(sd);
1075
1076#if (USTORAGE_QDATA_MAX < 18)
1077#error "(USTORAGE_QDATA_MAX < 18)"
1078#endif
1079 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1080}
1081
1082/*------------------------------------------------------------------------*
1083 * ustorage_fs_read_capacity
1084 *
1085 * Returns:
1086 * 0: Success
1087 * Else: Failure
1088 *------------------------------------------------------------------------*/
1089static uint8_t
1090ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1091{
1092 uint8_t *buf = sc->sc_transfer.data_ptr;
1093 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1094 uint32_t lba = get_be32(&sc->sc_cmd_data[2]);
1095 uint8_t pmi = sc->sc_cmd_data[8];
1096
1097 /* Check the PMI and LBA fields */
1098 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1099 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1100 return (1);
1101 }
1102 /* Max logical block */
1103 put_be32(&buf[0], currlun->num_sectors - 1);
1104 /* Block length */
1105 put_be32(&buf[4], 512);
1106
1107#if (USTORAGE_QDATA_MAX < 8)
1108#error "(USTORAGE_QDATA_MAX < 8)"
1109#endif
1110 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1111}
1112
1113/*------------------------------------------------------------------------*
1114 * ustorage_fs_mode_sense
1115 *
1116 * Returns:
1117 * 0: Success
1118 * Else: Failure
1119 *------------------------------------------------------------------------*/
1120static uint8_t
1121ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1122{
1123 uint8_t *buf = sc->sc_transfer.data_ptr;
1124 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1125 uint8_t *buf0;
1126 uint16_t len;
1127 uint16_t limit;
1128 uint8_t mscmnd = sc->sc_cmd_data[0];
1129 uint8_t pc;
1130 uint8_t page_code;
1131 uint8_t changeable_values;
1132 uint8_t all_pages;
1133
1134 buf0 = buf;
1135
1136 if ((sc->sc_cmd_data[1] & ~0x08) != 0) {
1137 /* Mask away DBD */
1138 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1139 return (1);
1140 }
1141 pc = sc->sc_cmd_data[2] >> 6;
1142 page_code = sc->sc_cmd_data[2] & 0x3f;
1143 if (pc == 3) {
1144 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1145 return (1);
1146 }
1147 changeable_values = (pc == 1);
1148 all_pages = (page_code == 0x3f);
1149
1150 /*
1151 * Write the mode parameter header. Fixed values are: default
1152 * medium type, no cache control (DPOFUA), and no block descriptors.
1153 * The only variable value is the WriteProtect bit. We will fill in
1154 * the mode data length later.
1155 */
1156 memset(buf, 0, 8);
1157 if (mscmnd == SC_MODE_SENSE_6) {
1158 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1159 /* WP, DPOFUA */
1160 buf += 4;
1161 limit = 255;
1162 } else {
1163 /* SC_MODE_SENSE_10 */
1164 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1165 /* WP, DPOFUA */
1166 buf += 8;
1167 limit = 65535;
1168 /* Should really be mod_data.buflen */
1169 }
1170
1171 /* No block descriptors */
1172
1173 /*
1174 * The mode pages, in numerical order.
1175 */
1176 if ((page_code == 0x08) || all_pages) {
1177 buf[0] = 0x08;
1178 /* Page code */
1179 buf[1] = 10;
1180 /* Page length */
1181 memset(buf + 2, 0, 10);
1182 /* None of the fields are changeable */
1183
1184 if (!changeable_values) {
1185 buf[2] = 0x04;
1186 /* Write cache enable, */
1187 /* Read cache not disabled */
1188 /* No cache retention priorities */
1189 put_be16(&buf[4], 0xffff);
1190 /* Don 't disable prefetch */
1191 /* Minimum prefetch = 0 */
1192 put_be16(&buf[8], 0xffff);
1193 /* Maximum prefetch */
1194 put_be16(&buf[10], 0xffff);
1195 /* Maximum prefetch ceiling */
1196 }
1197 buf += 12;
1198 }
1199 /*
1200 * Check that a valid page was requested and the mode data length
1201 * isn't too long.
1202 */
1203 len = buf - buf0;
1204 if (len > limit) {
1205 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1206 return (1);
1207 }
1208 /* Store the mode data length */
1209 if (mscmnd == SC_MODE_SENSE_6)
1210 buf0[0] = len - 1;
1211 else
1212 put_be16(buf0, len - 2);
1213
1214#if (USTORAGE_QDATA_MAX < 24)
1215#error "(USTORAGE_QDATA_MAX < 24)"
1216#endif
1217 return (ustorage_fs_min_len(sc, len, 0 - 1));
1218}
1219
1220/*------------------------------------------------------------------------*
1221 * ustorage_fs_start_stop
1222 *
1223 * Returns:
1224 * 0: Success
1225 * Else: Failure
1226 *------------------------------------------------------------------------*/
1227static uint8_t
1228ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1229{
1230 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1231 uint8_t loej;
1232 uint8_t start;
1233 uint8_t immed;
1234
1235 if (!currlun->removable) {
1236 currlun->sense_data = SS_INVALID_COMMAND;
1237 return (1);
1238 }
1239 immed = sc->sc_cmd_data[1] & 0x01;
1240 loej = sc->sc_cmd_data[4] & 0x02;
1241 start = sc->sc_cmd_data[4] & 0x01;
1242
1243 if (immed || loej || start) {
1244 /* compile fix */
1245 }
1246 return (0);
1247}
1248
1249/*------------------------------------------------------------------------*
1250 * ustorage_fs_prevent_allow
1251 *
1252 * Returns:
1253 * 0: Success
1254 * Else: Failure
1255 *------------------------------------------------------------------------*/
1256static uint8_t
1257ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1258{
1259 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1260 uint8_t prevent;
1261
1262 if (!currlun->removable) {
1263 currlun->sense_data = SS_INVALID_COMMAND;
1264 return (1);
1265 }
1266 prevent = sc->sc_cmd_data[4] & 0x01;
1267 if ((sc->sc_cmd_data[4] & ~0x01) != 0) {
1268 /* Mask away Prevent */
1269 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1270 return (1);
1271 }
1272 if (currlun->prevent_medium_removal && !prevent) {
1273 //fsync_sub(currlun);
1274 }
1275 currlun->prevent_medium_removal = prevent;
1276 return (0);
1277}
1278
1279/*------------------------------------------------------------------------*
1280 * ustorage_fs_read_format_capacities
1281 *
1282 * Returns:
1283 * 0: Success
1284 * Else: Failure
1285 *------------------------------------------------------------------------*/
1286static uint8_t
1287ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1288{
1289 uint8_t *buf = sc->sc_transfer.data_ptr;
1290 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1291
1292 buf[0] = buf[1] = buf[2] = 0;
1293 buf[3] = 8;
1294 /* Only the Current / Maximum Capacity Descriptor */
1295 buf += 4;
1296
1297 /* Number of blocks */
1298 put_be32(&buf[0], currlun->num_sectors);
1299 /* Block length */
1300 put_be32(&buf[4], 512);
1301 /* Current capacity */
1302 buf[4] = 0x02;
1303
1304#if (USTORAGE_QDATA_MAX < 12)
1305#error "(USTORAGE_QDATA_MAX < 12)"
1306#endif
1307 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1308}
1309
1310/*------------------------------------------------------------------------*
1311 * ustorage_fs_mode_select
1312 *
1313 * Return values:
1314 * 0: Success
1315 * Else: Failure
1316 *------------------------------------------------------------------------*/
1317static uint8_t
1318ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1319{
1320 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1321
1322 /* We don't support MODE SELECT */
1323 currlun->sense_data = SS_INVALID_COMMAND;
1324 return (1);
1325}
1326
1327/*------------------------------------------------------------------------*
1328 * ustorage_fs_synchronize_cache
1329 *
1330 * Return values:
1331 * 0: Success
1332 * Else: Failure
1333 *------------------------------------------------------------------------*/
1334static uint8_t
1335ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1336{
1337#if 0
1338 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1339 uint8_t rc;
1340
1341 /*
1342 * We ignore the requested LBA and write out all dirty data buffers.
1343 */
1344 rc = 0;
1345 if (rc) {
1346 currlun->sense_data = SS_WRITE_ERROR;
1347 }
1348#endif
1349 return (0);
1350}
1351
1352/*------------------------------------------------------------------------*
1353 * ustorage_fs_read - read data from disk
1354 *
1355 * Return values:
1356 * 0: Success
1357 * Else: Failure
1358 *------------------------------------------------------------------------*/
1359static uint8_t
1360ustorage_fs_read(struct ustorage_fs_softc *sc)
1361{
1362 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1363 uint64_t file_offset;
1364 uint32_t lba;
1365 uint32_t len;
1366
1367 /*
1368 * Get the starting Logical Block Address and check that it's not
1369 * too big
1370 */
1371 if (sc->sc_cmd_data[0] == SC_READ_6) {
1372 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1373 get_be16(&sc->sc_cmd_data[2]);
1374 } else {
1375 lba = get_be32(&sc->sc_cmd_data[2]);
1376
1377 /*
1378 * We allow DPO (Disable Page Out = don't save data in the
1379 * cache) and FUA (Force Unit Access = don't read from the
1380 * cache), but we don't implement them.
1381 */
1382 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1383 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1384 return (1);
1385 }
1386 }
1387 len = sc->sc_transfer.data_rem >> 9;
1388 len += lba;
1389
1390 if ((len < lba) ||
1391 (len > currlun->num_sectors) ||
1392 (lba >= currlun->num_sectors)) {
1393 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1394 return (1);
1395 }
1396 file_offset = lba;
1397 file_offset <<= 9;
1398
1399 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1400
1401 return (0);
1402}
1403
1404/*------------------------------------------------------------------------*
1405 * ustorage_fs_write - write data to disk
1406 *
1407 * Return values:
1408 * 0: Success
1409 * Else: Failure
1410 *------------------------------------------------------------------------*/
1411static uint8_t
1412ustorage_fs_write(struct ustorage_fs_softc *sc)
1413{
1414 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1415 uint64_t file_offset;
1416 uint32_t lba;
1417 uint32_t len;
1418
1419 if (currlun->read_only) {
1420 currlun->sense_data = SS_WRITE_PROTECTED;
1421 return (1);
1422 }
1423 /* XXX clear SYNC */
1424
1425 /*
1426 * Get the starting Logical Block Address and check that it's not
1427 * too big.
1428 */
1429 if (sc->sc_cmd_data[0] == SC_WRITE_6)
1430 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1431 get_be16(&sc->sc_cmd_data[2]);
1432 else {
1433 lba = get_be32(&sc->sc_cmd_data[2]);
1434
1435 /*
1436 * We allow DPO (Disable Page Out = don't save data in the
1437 * cache) and FUA (Force Unit Access = write directly to the
1438 * medium). We don't implement DPO; we implement FUA by
1439 * performing synchronous output.
1440 */
1441 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1442 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1443 return (1);
1444 }
1445 if (sc->sc_cmd_data[1] & 0x08) {
1446 /* FUA */
1447 /* XXX set SYNC flag here */
1448 }
1449 }
1450
1451 len = sc->sc_transfer.data_rem >> 9;
1452 len += lba;
1453
1454 if ((len < lba) ||
1455 (len > currlun->num_sectors) ||
1456 (lba >= currlun->num_sectors)) {
1457 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1458 return (1);
1459 }
1460 file_offset = lba;
1461 file_offset <<= 9;
1462
1463 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1464
1465 return (0);
1466}
1467
1468/*------------------------------------------------------------------------*
1469 * ustorage_fs_min_len
1470 *
1471 * Return values:
1472 * 0: Success
1473 * Else: Failure
1474 *------------------------------------------------------------------------*/
1475static uint8_t
1476ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1477{
1478 if (len != sc->sc_transfer.data_rem) {
1479
1480 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1481 /*
1482 * there must be something wrong about this SCSI
1483 * command
1484 */
1485 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1486 return (1);
1487 }
1488 /* compute the minimum length */
1489
1490 if (sc->sc_transfer.data_rem > len) {
1491 /* data ends prematurely */
1492 sc->sc_transfer.data_rem = len;
1493 sc->sc_transfer.data_short = 1;
1494 }
1495 /* check length alignment */
1496
1497 if (sc->sc_transfer.data_rem & ~mask) {
1498 /* data ends prematurely */
1499 sc->sc_transfer.data_rem &= mask;
1500 sc->sc_transfer.data_short = 1;
1501 }
1502 }
1503 return (0);
1504}
1505
1506/*------------------------------------------------------------------------*
1507 * ustorage_fs_check_cmd - check command routine
1508 *
1509 * Check whether the command is properly formed and whether its data
1510 * size and direction agree with the values we already have.
1511 *
1512 * Return values:
1513 * 0: Success
1514 * Else: Failure
1515 *------------------------------------------------------------------------*/
1516static uint8_t
1517ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1518 uint16_t mask, uint8_t needs_medium)
1519{
1520 struct ustorage_fs_lun *currlun;
1521 uint8_t lun = (sc->sc_cmd_data[1] >> 5);
1522 uint8_t i;
1523
1524 /* Verify the length of the command itself */
1525 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1526 DPRINTF("%u > %u\n",
1527 min_cmd_size, sc->sc_transfer.cmd_len);
1528 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1529 return (1);
1530 }
1531 /* Mask away the LUN */
1532 sc->sc_cmd_data[1] &= 0x1f;
1533
1534 /* Check if LUN is correct */
1535 if (lun != sc->sc_transfer.lun) {
1536
1537 }
1538 /* Check the LUN */
1539 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1540 sc->sc_transfer.currlun = currlun =
1541 sc->sc_lun + sc->sc_transfer.lun;
1542 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) {
1543 currlun->sense_data = SS_NO_SENSE;
1544 currlun->sense_data_info = 0;
1545 currlun->info_valid = 0;
1546 }
1547 /*
1548 * If a unit attention condition exists, only INQUIRY
1549 * and REQUEST SENSE commands are allowed. Anything
1550 * else must fail!
1551 */
1552 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1553 (sc->sc_cmd_data[0] != SC_INQUIRY) &&
1554 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1555 currlun->sense_data = currlun->unit_attention_data;
1556 currlun->unit_attention_data = SS_NO_SENSE;
1557 return (1);
1558 }
1559 } else {
1560 sc->sc_transfer.currlun = currlun = NULL;
1561
1562 /*
1563 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1564 * to use unsupported LUNs; all others may not.
1565 */
1566 if ((sc->sc_cmd_data[0] != SC_INQUIRY) &&
1567 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1568 return (1);
1569 }
1570 }
1571
1572 /*
1573 * Check that only command bytes listed in the mask are
1574 * non-zero.
1575 */
1576 for (i = 0; i != min_cmd_size; i++) {
1577 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) {
1578 if (currlun) {
1579 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1580 }
1581 return (1);
1582 }
1583 }
1584
1585 /*
1586 * If the medium isn't mounted and the command needs to access
1587 * it, return an error.
1588 */
1589 if (currlun && (!currlun->memory_image) && needs_medium) {
1590 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1591 return (1);
1592 }
1593 return (0);
1594}
1595
1596/*------------------------------------------------------------------------*
1597 * ustorage_fs_do_cmd - do command
1598 *
1599 * Return values:
1600 * 0: Success
1601 * Else: Failure
1602 *------------------------------------------------------------------------*/
1603static uint8_t
1604ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1605{
1606 uint8_t error = 1;
1607 uint8_t i;
1608 uint32_t temp;
1609 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1610
1611 /* set default data transfer pointer */
1612 sc->sc_transfer.data_ptr = sc->sc_qdata;
1613
1614 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1615 sc->sc_cmd_data[0], sc->sc_transfer.data_rem);
1616
1617 switch (sc->sc_cmd_data[0]) {
1618 case SC_INQUIRY:
1619 sc->sc_transfer.cmd_dir = DIR_WRITE;
1620 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1621 if (error) {
1622 break;
1623 }
1624 error = ustorage_fs_check_cmd(sc, 6,
1625 (1UL << 4) | 1, 0);
1626 if (error) {
1627 break;
1628 }
1629 error = ustorage_fs_inquiry(sc);
1630
1631 break;
1632
1633 case SC_MODE_SELECT_6:
1634 sc->sc_transfer.cmd_dir = DIR_READ;
1635 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1636 if (error) {
1637 break;
1638 }
1639 error = ustorage_fs_check_cmd(sc, 6,
1640 (1UL << 1) | (1UL << 4) | 1, 0);
1641 if (error) {
1642 break;
1643 }
1644 error = ustorage_fs_mode_select(sc);
1645
1646 break;
1647
1648 case SC_MODE_SELECT_10:
1649 sc->sc_transfer.cmd_dir = DIR_READ;
1650 error = ustorage_fs_min_len(sc,
1651 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1652 if (error) {
1653 break;
1654 }
1655 error = ustorage_fs_check_cmd(sc, 10,
1656 (1UL << 1) | (3UL << 7) | 1, 0);
1657 if (error) {
1658 break;
1659 }
1660 error = ustorage_fs_mode_select(sc);
1661
1662 break;
1663
1664 case SC_MODE_SENSE_6:
1665 sc->sc_transfer.cmd_dir = DIR_WRITE;
1666 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1667 if (error) {
1668 break;
1669 }
1670 error = ustorage_fs_check_cmd(sc, 6,
1671 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1672 if (error) {
1673 break;
1674 }
1675 error = ustorage_fs_mode_sense(sc);
1676
1677 break;
1678
1679 case SC_MODE_SENSE_10:
1680 sc->sc_transfer.cmd_dir = DIR_WRITE;
1681 error = ustorage_fs_min_len(sc,
1682 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1683 if (error) {
1684 break;
1685 }
1686 error = ustorage_fs_check_cmd(sc, 10,
1687 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1688 if (error) {
1689 break;
1690 }
1691 error = ustorage_fs_mode_sense(sc);
1692
1693 break;
1694
1695 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1696 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1697 if (error) {
1698 break;
1699 }
1700 error = ustorage_fs_check_cmd(sc, 6,
1701 (1UL << 4) | 1, 0);
1702 if (error) {
1703 break;
1704 }
1705 error = ustorage_fs_prevent_allow(sc);
1706
1707 break;
1708
1709 case SC_READ_6:
1710 i = sc->sc_cmd_data[4];
1711 sc->sc_transfer.cmd_dir = DIR_WRITE;
1712 temp = ((i == 0) ? 256UL : i);
1713 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1714 if (error) {
1715 break;
1716 }
1717 error = ustorage_fs_check_cmd(sc, 6,
1718 (7UL << 1) | (1UL << 4) | 1, 1);
1719 if (error) {
1720 break;
1721 }
1722 error = ustorage_fs_read(sc);
1723
1724 break;
1725
1726 case SC_READ_10:
1727 sc->sc_transfer.cmd_dir = DIR_WRITE;
1728 temp = get_be16(&sc->sc_cmd_data[7]);
1729 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1730 if (error) {
1731 break;
1732 }
1733 error = ustorage_fs_check_cmd(sc, 10,
1734 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1735 if (error) {
1736 break;
1737 }
1738 error = ustorage_fs_read(sc);
1739
1740 break;
1741
1742 case SC_READ_12:
1743 sc->sc_transfer.cmd_dir = DIR_WRITE;
1744 temp = get_be32(&sc->sc_cmd_data[6]);
1745 if (temp >= (1UL << (32 - 9))) {
1746 /* numerical overflow */
1747 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1748 error = 1;
1749 break;
1750 }
1751 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1752 if (error) {
1753 break;
1754 }
1755 error = ustorage_fs_check_cmd(sc, 12,
1756 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1757 if (error) {
1758 break;
1759 }
1760 error = ustorage_fs_read(sc);
1761
1762 break;
1763
1764 case SC_READ_CAPACITY:
1765 sc->sc_transfer.cmd_dir = DIR_WRITE;
1766 error = ustorage_fs_check_cmd(sc, 10,
1767 (0xfUL << 2) | (1UL << 8) | 1, 1);
1768 if (error) {
1769 break;
1770 }
1771 error = ustorage_fs_read_capacity(sc);
1772
1773 break;
1774
1775 case SC_READ_FORMAT_CAPACITIES:
1776 sc->sc_transfer.cmd_dir = DIR_WRITE;
1777 error = ustorage_fs_min_len(sc,
1778 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1779 if (error) {
1780 break;
1781 }
1782 error = ustorage_fs_check_cmd(sc, 10,
1783 (3UL << 7) | 1, 1);
1784 if (error) {
1785 break;
1786 }
1787 error = ustorage_fs_read_format_capacities(sc);
1788
1789 break;
1790
1791 case SC_REQUEST_SENSE:
1792 sc->sc_transfer.cmd_dir = DIR_WRITE;
1793 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1794 if (error) {
1795 break;
1796 }
1797 error = ustorage_fs_check_cmd(sc, 6,
1798 (1UL << 4) | 1, 0);
1799 if (error) {
1800 break;
1801 }
1802 error = ustorage_fs_request_sense(sc);
1803
1804 break;
1805
1806 case SC_START_STOP_UNIT:
1807 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1808 if (error) {
1809 break;
1810 }
1811 error = ustorage_fs_check_cmd(sc, 6,
1812 (1UL << 1) | (1UL << 4) | 1, 0);
1813 if (error) {
1814 break;
1815 }
1816 error = ustorage_fs_start_stop(sc);
1817
1818 break;
1819
1820 case SC_SYNCHRONIZE_CACHE:
1821 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1822 if (error) {
1823 break;
1824 }
1825 error = ustorage_fs_check_cmd(sc, 10,
1826 (0xfUL << 2) | (3UL << 7) | 1, 1);
1827 if (error) {
1828 break;
1829 }
1830 error = ustorage_fs_synchronize_cache(sc);
1831
1832 break;
1833
1834 case SC_TEST_UNIT_READY:
1835 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1836 if (error) {
1837 break;
1838 }
1839 error = ustorage_fs_check_cmd(sc, 6,
1840 0 | 1, 1);
1841 break;
1842
1843 /*
1844 * Although optional, this command is used by MS-Windows.
1845 * We support a minimal version: BytChk must be 0.
1846 */
1847 case SC_VERIFY:
1848 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1849 if (error) {
1850 break;
1851 }
1852 error = ustorage_fs_check_cmd(sc, 10,
1853 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1854 if (error) {
1855 break;
1856 }
1857 error = ustorage_fs_verify(sc);
1858
1859 break;
1860
1861 case SC_WRITE_6:
1862 i = sc->sc_cmd_data[4];
1863 sc->sc_transfer.cmd_dir = DIR_READ;
1864 temp = ((i == 0) ? 256UL : i);
1865 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1866 if (error) {
1867 break;
1868 }
1869 error = ustorage_fs_check_cmd(sc, 6,
1870 (7UL << 1) | (1UL << 4) | 1, 1);
1871 if (error) {
1872 break;
1873 }
1874 error = ustorage_fs_write(sc);
1875
1876 break;
1877
1878 case SC_WRITE_10:
1879 sc->sc_transfer.cmd_dir = DIR_READ;
1880 temp = get_be16(&sc->sc_cmd_data[7]);
1881 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1882 if (error) {
1883 break;
1884 }
1885 error = ustorage_fs_check_cmd(sc, 10,
1886 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1887 if (error) {
1888 break;
1889 }
1890 error = ustorage_fs_write(sc);
1891
1892 break;
1893
1894 case SC_WRITE_12:
1895 sc->sc_transfer.cmd_dir = DIR_READ;
1896 temp = get_be32(&sc->sc_cmd_data[6]);
1897 if (temp > (mask9 >> 9)) {
1898 /* numerical overflow */
1899 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1900 error = 1;
1901 break;
1902 }
1903 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1904 if (error) {
1905 break;
1906 }
1907 error = ustorage_fs_check_cmd(sc, 12,
1908 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1909 if (error) {
1910 break;
1911 }
1912 error = ustorage_fs_write(sc);
1913
1914 break;
1915
1916 /*
1917 * Some mandatory commands that we recognize but don't
1918 * implement. They don't mean much in this setting.
1919 * It's left as an exercise for anyone interested to
1920 * implement RESERVE and RELEASE in terms of Posix
1921 * locks.
1922 */
1923 case SC_FORMAT_UNIT:
1924 case SC_RELEASE:
1925 case SC_RESERVE:
1926 case SC_SEND_DIAGNOSTIC:
1927 /* Fallthrough */
1928
1929 default:
1930 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1931 if (error) {
1932 break;
1933 }
1934 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1935 0xff, 0);
1936 if (error) {
1937 break;
1938 }
1939 sc->sc_transfer.currlun->sense_data =
1940 SS_INVALID_COMMAND;
1941 error = 1;
1942
1943 break;
1944 }
1945 return (error);
1946}