2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39#include <sys/stdint.h>
40#include <sys/stddef.h>
41#include <sys/param.h>
42#include <sys/queue.h>
43#include <sys/types.h>
44#include <sys/systm.h>
45#include <sys/kernel.h>
46#include <sys/bus.h>
47#include <sys/linker_set.h>
48#include <sys/module.h>
49#include <sys/lock.h>
50#include <sys/mutex.h>
51#include <sys/condvar.h>
52#include <sys/sysctl.h>
53#include <sys/sx.h>
54#include <sys/unistd.h>
55#include <sys/callout.h>
56#include <sys/malloc.h>
57#include <sys/priv.h>
58
59#include <dev/usb/usb.h>
60#include <dev/usb/usbdi.h>
61#include "usbdevs.h"
62#include "usb_if.h"
63
64#define USB_DEBUG_VAR ustorage_fs_debug
65#include <dev/usb/usb_debug.h>
66
67#if USB_DEBUG
68static int ustorage_fs_debug = 0;
69
70SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
71SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
72 &ustorage_fs_debug, 0, "ustorage_fs debug level");
73#endif
74
75/* Define some limits */
76
77#ifndef USTORAGE_FS_BULK_SIZE
78#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */
79#endif
80
81#ifndef USTORAGE_FS_MAX_LUN
82#define USTORAGE_FS_MAX_LUN 8 /* units */
83#endif
84
85#ifndef USTORAGE_QDATA_MAX
86#define USTORAGE_QDATA_MAX 40 /* bytes */
87#endif
88
89#define sc_cmd_data sc_cbw.CBWCDB
90
91/*
92 * The SCSI ID string must be exactly 28 characters long
93 * exluding the terminating zero.
94 */
95#ifndef USTORAGE_FS_ID_STRING
96#define USTORAGE_FS_ID_STRING \
97 "FreeBSD " /* 8 */ \
98 "File-Stor Gadget" /* 16 */ \
99 "0101" /* 4 */
100#endif
101
102/*
103 * The following macro defines the number of
104 * sectors to be allocated for the RAM disk:
105 */
106#ifndef USTORAGE_FS_RAM_SECT
107#define USTORAGE_FS_RAM_SECT (1UL << 13)
108#endif
109
110static uint8_t *ustorage_fs_ramdisk;
111
112/* USB transfer definitions */
113
114#define USTORAGE_FS_T_BBB_COMMAND 0
115#define USTORAGE_FS_T_BBB_DATA_DUMP 1
116#define USTORAGE_FS_T_BBB_DATA_READ 2
117#define USTORAGE_FS_T_BBB_DATA_WRITE 3
118#define USTORAGE_FS_T_BBB_STATUS 4
119#define USTORAGE_FS_T_BBB_MAX 5
120
121/* USB data stage direction */
122
123#define DIR_NONE 0
124#define DIR_READ 1
125#define DIR_WRITE 2
126
127/* USB interface specific control request */
128
129#define UR_BBB_RESET 0xff /* Bulk-Only reset */
130#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
131
132/* Command Block Wrapper */
133typedef struct {
134 uDWord dCBWSignature;
135#define CBWSIGNATURE 0x43425355
136 uDWord dCBWTag;
137 uDWord dCBWDataTransferLength;
138 uByte bCBWFlags;
139#define CBWFLAGS_OUT 0x00
140#define CBWFLAGS_IN 0x80
141 uByte bCBWLUN;
142 uByte bCDBLength;
143#define CBWCDBLENGTH 16
144 uByte CBWCDB[CBWCDBLENGTH];
145} __packed ustorage_fs_bbb_cbw_t;
146
147#define USTORAGE_FS_BBB_CBW_SIZE 31
148
149/* Command Status Wrapper */
150typedef struct {
151 uDWord dCSWSignature;
152#define CSWSIGNATURE 0x53425355
153 uDWord dCSWTag;
154 uDWord dCSWDataResidue;
155 uByte bCSWStatus;
156#define CSWSTATUS_GOOD 0x0
157#define CSWSTATUS_FAILED 0x1
158#define CSWSTATUS_PHASE 0x2
159} __packed ustorage_fs_bbb_csw_t;
160
161#define USTORAGE_FS_BBB_CSW_SIZE 13
162
163struct ustorage_fs_lun {
164
165 uint8_t *memory_image;
166
167 uint32_t num_sectors;
168 uint32_t sense_data;
169 uint32_t sense_data_info;
170 uint32_t unit_attention_data;
171
172 uint8_t read_only:1;
173 uint8_t prevent_medium_removal:1;
174 uint8_t info_valid:1;
175 uint8_t removable:1;
176};
177
178struct ustorage_fs_softc {
179
180 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
181 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
182
183 struct mtx sc_mtx;
184
185 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
186
187 struct {
188 uint8_t *data_ptr;
189 struct ustorage_fs_lun *currlun;
190
191 uint32_t data_rem; /* bytes, as reported by the command
192 * block wrapper */
193 uint32_t offset; /* bytes */
194
195 uint8_t cbw_dir;
196 uint8_t cmd_dir;
197 uint8_t lun;
198 uint8_t cmd_len;
199 uint8_t data_short:1;
200 uint8_t data_error:1;
201 } sc_transfer;
202
203 device_t sc_dev;
204 struct usb_device *sc_udev;
205 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
206
207 uint8_t sc_iface_no; /* interface number */
208 uint8_t sc_last_lun;
209 uint8_t sc_last_xfer_index;
210 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
211};
212
213/* prototypes */
214
215static device_probe_t ustorage_fs_probe;
216static device_attach_t ustorage_fs_attach;
217static device_detach_t ustorage_fs_detach;
218static device_suspend_t ustorage_fs_suspend;
219static device_resume_t ustorage_fs_resume;
220static usb_handle_request_t ustorage_fs_handle_request;
221
222static usb_callback_t ustorage_fs_t_bbb_command_callback;
223static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
224static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
225static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
226static usb_callback_t ustorage_fs_t_bbb_status_callback;
227
228static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
229static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
230
231static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
232static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
233static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
234static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
235static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
236static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
237static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
238static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
239static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
240static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
241static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
242static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
243static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
244static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
245
246static device_method_t ustorage_fs_methods[] = {
247 /* USB interface */
248 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
249
250 /* Device interface */
251 DEVMETHOD(device_probe, ustorage_fs_probe),
252 DEVMETHOD(device_attach, ustorage_fs_attach),
253 DEVMETHOD(device_detach, ustorage_fs_detach),
254 DEVMETHOD(device_suspend, ustorage_fs_suspend),
255 DEVMETHOD(device_resume, ustorage_fs_resume),
256
257 {0, 0}
258};
259
260static driver_t ustorage_fs_driver = {
261 .name = "ustorage_fs",
262 .methods = ustorage_fs_methods,
263 .size = sizeof(struct ustorage_fs_softc),
264};
265
266static devclass_t ustorage_fs_devclass;
267
268DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
269MODULE_VERSION(ustorage_fs, 0);
270MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
271
272static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
273
274 [USTORAGE_FS_T_BBB_COMMAND] = {
275 .type = UE_BULK,
276 .endpoint = UE_ADDR_ANY,
277 .direction = UE_DIR_OUT,
278 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
279 .flags = {.ext_buffer = 1,},
280 .callback = &ustorage_fs_t_bbb_command_callback,
281 .usb_mode = USB_MODE_DEVICE,
282 },
283
284 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
285 .type = UE_BULK,
286 .endpoint = UE_ADDR_ANY,
287 .direction = UE_DIR_OUT,
288 .bufsize = 0, /* use wMaxPacketSize */
289 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
290 .callback = &ustorage_fs_t_bbb_data_dump_callback,
291 .usb_mode = USB_MODE_DEVICE,
292 },
293
294 [USTORAGE_FS_T_BBB_DATA_READ] = {
295 .type = UE_BULK,
296 .endpoint = UE_ADDR_ANY,
297 .direction = UE_DIR_OUT,
298 .bufsize = USTORAGE_FS_BULK_SIZE,
299 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
300 .callback = &ustorage_fs_t_bbb_data_read_callback,
301 .usb_mode = USB_MODE_DEVICE,
302 },
303
304 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
305 .type = UE_BULK,
306 .endpoint = UE_ADDR_ANY,
307 .direction = UE_DIR_IN,
308 .bufsize = USTORAGE_FS_BULK_SIZE,
309 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
310 .callback = &ustorage_fs_t_bbb_data_write_callback,
311 .usb_mode = USB_MODE_DEVICE,
312 },
313
314 [USTORAGE_FS_T_BBB_STATUS] = {
315 .type = UE_BULK,
316 .endpoint = UE_ADDR_ANY,
317 .direction = UE_DIR_IN,
318 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
319 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
320 .callback = &ustorage_fs_t_bbb_status_callback,
321 .usb_mode = USB_MODE_DEVICE,
322 },
323};
324
325/*
326 * USB device probe/attach/detach
327 */
328
329static int
330ustorage_fs_probe(device_t dev)
331{
332 struct usb_attach_arg *uaa = device_get_ivars(dev);
333 struct usb_interface_descriptor *id;
334
335 if (uaa->usb_mode != USB_MODE_DEVICE) {
336 return (ENXIO);
337 }
338 if (uaa->use_generic == 0) {
339 /* give other drivers a try first */
340 return (ENXIO);
341 }
342 /* Check for a standards compliant device */
343 id = usbd_get_interface_descriptor(uaa->iface);
344 if ((id == NULL) ||
345 (id->bInterfaceClass != UICLASS_MASS) ||
346 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
347 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
348 return (ENXIO);
349 }
350 return (0);
351}
352
353static int
354ustorage_fs_attach(device_t dev)
355{
356 struct ustorage_fs_softc *sc = device_get_softc(dev);
357 struct usb_attach_arg *uaa = device_get_ivars(dev);
358 struct usb_interface_descriptor *id;
359 int err;
360 int unit;
361
362 /*
363 * NOTE: the softc struct is bzero-ed in device_set_driver.
364 * We can safely call ustorage_fs_detach without specifically
365 * initializing the struct.
366 */
367
368 sc->sc_dev = dev;
369 sc->sc_udev = uaa->device;
370 unit = device_get_unit(dev);
371
372 if (unit == 0) {
373 if (ustorage_fs_ramdisk == NULL) {
374 /*
375 * allocate a memory image for our ramdisk until
376 * further
377 */
378 ustorage_fs_ramdisk =
379 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
380 if (ustorage_fs_ramdisk == NULL) {
381 return (ENOMEM);
382 }
383 }
384 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
385 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
386 sc->sc_lun[0].removable = 1;
387 }
388
389 device_set_usb_desc(dev);
390
391 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
392 NULL, (MTX_DEF | MTX_RECURSE));
393
394 /* get interface index */
395
396 id = usbd_get_interface_descriptor(uaa->iface);
397 if (id == NULL) {
398 device_printf(dev, "failed to get "
399 "interface number\n");
400 goto detach;
401 }
402 sc->sc_iface_no = id->bInterfaceNumber;
403
404 err = usbd_transfer_setup(uaa->device,
405 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
406 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
407 if (err) {
408 device_printf(dev, "could not setup required "
409 "transfers, %s\n", usbd_errstr(err));
410 goto detach;
411 }
412 /* start Mass Storage State Machine */
413
414 mtx_lock(&sc->sc_mtx);
415 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
416 mtx_unlock(&sc->sc_mtx);
417
418 return (0); /* success */
419
420detach:
421 ustorage_fs_detach(dev);
422 return (ENXIO); /* failure */
423}
424
425static int
426ustorage_fs_detach(device_t dev)
427{
428 struct ustorage_fs_softc *sc = device_get_softc(dev);
429
430 /* teardown our statemachine */
431
432 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
433
434 mtx_destroy(&sc->sc_mtx);
435
436 return (0); /* success */
437}
438
439static int
440ustorage_fs_suspend(device_t dev)
441{
442 device_printf(dev, "suspending\n");
443 return (0); /* success */
444}
445
446static int
447ustorage_fs_resume(device_t dev)
448{
449 device_printf(dev, "resuming\n");
450 return (0); /* success */
451}
452
453/*
454 * Generic functions to handle transfers
455 */
456
457static void
458ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
459{
460 if (sc->sc_xfer[xfer_index]) {
461 sc->sc_last_xfer_index = xfer_index;
462 usbd_transfer_start(sc->sc_xfer[xfer_index]);
463 }
464}
465
466static void
467ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
468{
469 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
470 mtx_unlock(&sc->sc_mtx);
471 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
472 mtx_lock(&sc->sc_mtx);
473}
474
475static int
476ustorage_fs_handle_request(device_t dev,
477 const void *preq, void **pptr, uint16_t *plen,
| 2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39#include <sys/stdint.h>
40#include <sys/stddef.h>
41#include <sys/param.h>
42#include <sys/queue.h>
43#include <sys/types.h>
44#include <sys/systm.h>
45#include <sys/kernel.h>
46#include <sys/bus.h>
47#include <sys/linker_set.h>
48#include <sys/module.h>
49#include <sys/lock.h>
50#include <sys/mutex.h>
51#include <sys/condvar.h>
52#include <sys/sysctl.h>
53#include <sys/sx.h>
54#include <sys/unistd.h>
55#include <sys/callout.h>
56#include <sys/malloc.h>
57#include <sys/priv.h>
58
59#include <dev/usb/usb.h>
60#include <dev/usb/usbdi.h>
61#include "usbdevs.h"
62#include "usb_if.h"
63
64#define USB_DEBUG_VAR ustorage_fs_debug
65#include <dev/usb/usb_debug.h>
66
67#if USB_DEBUG
68static int ustorage_fs_debug = 0;
69
70SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
71SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
72 &ustorage_fs_debug, 0, "ustorage_fs debug level");
73#endif
74
75/* Define some limits */
76
77#ifndef USTORAGE_FS_BULK_SIZE
78#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */
79#endif
80
81#ifndef USTORAGE_FS_MAX_LUN
82#define USTORAGE_FS_MAX_LUN 8 /* units */
83#endif
84
85#ifndef USTORAGE_QDATA_MAX
86#define USTORAGE_QDATA_MAX 40 /* bytes */
87#endif
88
89#define sc_cmd_data sc_cbw.CBWCDB
90
91/*
92 * The SCSI ID string must be exactly 28 characters long
93 * exluding the terminating zero.
94 */
95#ifndef USTORAGE_FS_ID_STRING
96#define USTORAGE_FS_ID_STRING \
97 "FreeBSD " /* 8 */ \
98 "File-Stor Gadget" /* 16 */ \
99 "0101" /* 4 */
100#endif
101
102/*
103 * The following macro defines the number of
104 * sectors to be allocated for the RAM disk:
105 */
106#ifndef USTORAGE_FS_RAM_SECT
107#define USTORAGE_FS_RAM_SECT (1UL << 13)
108#endif
109
110static uint8_t *ustorage_fs_ramdisk;
111
112/* USB transfer definitions */
113
114#define USTORAGE_FS_T_BBB_COMMAND 0
115#define USTORAGE_FS_T_BBB_DATA_DUMP 1
116#define USTORAGE_FS_T_BBB_DATA_READ 2
117#define USTORAGE_FS_T_BBB_DATA_WRITE 3
118#define USTORAGE_FS_T_BBB_STATUS 4
119#define USTORAGE_FS_T_BBB_MAX 5
120
121/* USB data stage direction */
122
123#define DIR_NONE 0
124#define DIR_READ 1
125#define DIR_WRITE 2
126
127/* USB interface specific control request */
128
129#define UR_BBB_RESET 0xff /* Bulk-Only reset */
130#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
131
132/* Command Block Wrapper */
133typedef struct {
134 uDWord dCBWSignature;
135#define CBWSIGNATURE 0x43425355
136 uDWord dCBWTag;
137 uDWord dCBWDataTransferLength;
138 uByte bCBWFlags;
139#define CBWFLAGS_OUT 0x00
140#define CBWFLAGS_IN 0x80
141 uByte bCBWLUN;
142 uByte bCDBLength;
143#define CBWCDBLENGTH 16
144 uByte CBWCDB[CBWCDBLENGTH];
145} __packed ustorage_fs_bbb_cbw_t;
146
147#define USTORAGE_FS_BBB_CBW_SIZE 31
148
149/* Command Status Wrapper */
150typedef struct {
151 uDWord dCSWSignature;
152#define CSWSIGNATURE 0x53425355
153 uDWord dCSWTag;
154 uDWord dCSWDataResidue;
155 uByte bCSWStatus;
156#define CSWSTATUS_GOOD 0x0
157#define CSWSTATUS_FAILED 0x1
158#define CSWSTATUS_PHASE 0x2
159} __packed ustorage_fs_bbb_csw_t;
160
161#define USTORAGE_FS_BBB_CSW_SIZE 13
162
163struct ustorage_fs_lun {
164
165 uint8_t *memory_image;
166
167 uint32_t num_sectors;
168 uint32_t sense_data;
169 uint32_t sense_data_info;
170 uint32_t unit_attention_data;
171
172 uint8_t read_only:1;
173 uint8_t prevent_medium_removal:1;
174 uint8_t info_valid:1;
175 uint8_t removable:1;
176};
177
178struct ustorage_fs_softc {
179
180 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
181 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
182
183 struct mtx sc_mtx;
184
185 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
186
187 struct {
188 uint8_t *data_ptr;
189 struct ustorage_fs_lun *currlun;
190
191 uint32_t data_rem; /* bytes, as reported by the command
192 * block wrapper */
193 uint32_t offset; /* bytes */
194
195 uint8_t cbw_dir;
196 uint8_t cmd_dir;
197 uint8_t lun;
198 uint8_t cmd_len;
199 uint8_t data_short:1;
200 uint8_t data_error:1;
201 } sc_transfer;
202
203 device_t sc_dev;
204 struct usb_device *sc_udev;
205 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
206
207 uint8_t sc_iface_no; /* interface number */
208 uint8_t sc_last_lun;
209 uint8_t sc_last_xfer_index;
210 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
211};
212
213/* prototypes */
214
215static device_probe_t ustorage_fs_probe;
216static device_attach_t ustorage_fs_attach;
217static device_detach_t ustorage_fs_detach;
218static device_suspend_t ustorage_fs_suspend;
219static device_resume_t ustorage_fs_resume;
220static usb_handle_request_t ustorage_fs_handle_request;
221
222static usb_callback_t ustorage_fs_t_bbb_command_callback;
223static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
224static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
225static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
226static usb_callback_t ustorage_fs_t_bbb_status_callback;
227
228static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
229static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
230
231static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
232static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
233static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
234static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
235static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
236static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
237static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
238static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
239static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
240static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
241static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
242static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
243static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
244static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
245
246static device_method_t ustorage_fs_methods[] = {
247 /* USB interface */
248 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
249
250 /* Device interface */
251 DEVMETHOD(device_probe, ustorage_fs_probe),
252 DEVMETHOD(device_attach, ustorage_fs_attach),
253 DEVMETHOD(device_detach, ustorage_fs_detach),
254 DEVMETHOD(device_suspend, ustorage_fs_suspend),
255 DEVMETHOD(device_resume, ustorage_fs_resume),
256
257 {0, 0}
258};
259
260static driver_t ustorage_fs_driver = {
261 .name = "ustorage_fs",
262 .methods = ustorage_fs_methods,
263 .size = sizeof(struct ustorage_fs_softc),
264};
265
266static devclass_t ustorage_fs_devclass;
267
268DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
269MODULE_VERSION(ustorage_fs, 0);
270MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
271
272static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
273
274 [USTORAGE_FS_T_BBB_COMMAND] = {
275 .type = UE_BULK,
276 .endpoint = UE_ADDR_ANY,
277 .direction = UE_DIR_OUT,
278 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
279 .flags = {.ext_buffer = 1,},
280 .callback = &ustorage_fs_t_bbb_command_callback,
281 .usb_mode = USB_MODE_DEVICE,
282 },
283
284 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
285 .type = UE_BULK,
286 .endpoint = UE_ADDR_ANY,
287 .direction = UE_DIR_OUT,
288 .bufsize = 0, /* use wMaxPacketSize */
289 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
290 .callback = &ustorage_fs_t_bbb_data_dump_callback,
291 .usb_mode = USB_MODE_DEVICE,
292 },
293
294 [USTORAGE_FS_T_BBB_DATA_READ] = {
295 .type = UE_BULK,
296 .endpoint = UE_ADDR_ANY,
297 .direction = UE_DIR_OUT,
298 .bufsize = USTORAGE_FS_BULK_SIZE,
299 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
300 .callback = &ustorage_fs_t_bbb_data_read_callback,
301 .usb_mode = USB_MODE_DEVICE,
302 },
303
304 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
305 .type = UE_BULK,
306 .endpoint = UE_ADDR_ANY,
307 .direction = UE_DIR_IN,
308 .bufsize = USTORAGE_FS_BULK_SIZE,
309 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
310 .callback = &ustorage_fs_t_bbb_data_write_callback,
311 .usb_mode = USB_MODE_DEVICE,
312 },
313
314 [USTORAGE_FS_T_BBB_STATUS] = {
315 .type = UE_BULK,
316 .endpoint = UE_ADDR_ANY,
317 .direction = UE_DIR_IN,
318 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
319 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
320 .callback = &ustorage_fs_t_bbb_status_callback,
321 .usb_mode = USB_MODE_DEVICE,
322 },
323};
324
325/*
326 * USB device probe/attach/detach
327 */
328
329static int
330ustorage_fs_probe(device_t dev)
331{
332 struct usb_attach_arg *uaa = device_get_ivars(dev);
333 struct usb_interface_descriptor *id;
334
335 if (uaa->usb_mode != USB_MODE_DEVICE) {
336 return (ENXIO);
337 }
338 if (uaa->use_generic == 0) {
339 /* give other drivers a try first */
340 return (ENXIO);
341 }
342 /* Check for a standards compliant device */
343 id = usbd_get_interface_descriptor(uaa->iface);
344 if ((id == NULL) ||
345 (id->bInterfaceClass != UICLASS_MASS) ||
346 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
347 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
348 return (ENXIO);
349 }
350 return (0);
351}
352
353static int
354ustorage_fs_attach(device_t dev)
355{
356 struct ustorage_fs_softc *sc = device_get_softc(dev);
357 struct usb_attach_arg *uaa = device_get_ivars(dev);
358 struct usb_interface_descriptor *id;
359 int err;
360 int unit;
361
362 /*
363 * NOTE: the softc struct is bzero-ed in device_set_driver.
364 * We can safely call ustorage_fs_detach without specifically
365 * initializing the struct.
366 */
367
368 sc->sc_dev = dev;
369 sc->sc_udev = uaa->device;
370 unit = device_get_unit(dev);
371
372 if (unit == 0) {
373 if (ustorage_fs_ramdisk == NULL) {
374 /*
375 * allocate a memory image for our ramdisk until
376 * further
377 */
378 ustorage_fs_ramdisk =
379 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
380 if (ustorage_fs_ramdisk == NULL) {
381 return (ENOMEM);
382 }
383 }
384 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
385 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
386 sc->sc_lun[0].removable = 1;
387 }
388
389 device_set_usb_desc(dev);
390
391 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
392 NULL, (MTX_DEF | MTX_RECURSE));
393
394 /* get interface index */
395
396 id = usbd_get_interface_descriptor(uaa->iface);
397 if (id == NULL) {
398 device_printf(dev, "failed to get "
399 "interface number\n");
400 goto detach;
401 }
402 sc->sc_iface_no = id->bInterfaceNumber;
403
404 err = usbd_transfer_setup(uaa->device,
405 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
406 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
407 if (err) {
408 device_printf(dev, "could not setup required "
409 "transfers, %s\n", usbd_errstr(err));
410 goto detach;
411 }
412 /* start Mass Storage State Machine */
413
414 mtx_lock(&sc->sc_mtx);
415 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
416 mtx_unlock(&sc->sc_mtx);
417
418 return (0); /* success */
419
420detach:
421 ustorage_fs_detach(dev);
422 return (ENXIO); /* failure */
423}
424
425static int
426ustorage_fs_detach(device_t dev)
427{
428 struct ustorage_fs_softc *sc = device_get_softc(dev);
429
430 /* teardown our statemachine */
431
432 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
433
434 mtx_destroy(&sc->sc_mtx);
435
436 return (0); /* success */
437}
438
439static int
440ustorage_fs_suspend(device_t dev)
441{
442 device_printf(dev, "suspending\n");
443 return (0); /* success */
444}
445
446static int
447ustorage_fs_resume(device_t dev)
448{
449 device_printf(dev, "resuming\n");
450 return (0); /* success */
451}
452
453/*
454 * Generic functions to handle transfers
455 */
456
457static void
458ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
459{
460 if (sc->sc_xfer[xfer_index]) {
461 sc->sc_last_xfer_index = xfer_index;
462 usbd_transfer_start(sc->sc_xfer[xfer_index]);
463 }
464}
465
466static void
467ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
468{
469 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
470 mtx_unlock(&sc->sc_mtx);
471 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
472 mtx_lock(&sc->sc_mtx);
473}
474
475static int
476ustorage_fs_handle_request(device_t dev,
477 const void *preq, void **pptr, uint16_t *plen,
|
482
483 if (!is_complete) {
484 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
485 (req->bRequest == UR_BBB_RESET)) {
486 *plen = 0;
487 mtx_lock(&sc->sc_mtx);
488 ustorage_fs_transfer_stop(sc);
489 sc->sc_transfer.data_error = 1;
490 ustorage_fs_transfer_start(sc,
491 USTORAGE_FS_T_BBB_COMMAND);
492 mtx_unlock(&sc->sc_mtx);
493 return (0);
494 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
495 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
496 if (offset == 0) {
497 *plen = 1;
498 *pptr = &sc->sc_last_lun;
499 } else {
500 *plen = 0;
501 }
502 return (0);
503 }
504 }
505 return (ENXIO); /* use builtin handler */
506}
507
508static void
509ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
510{
511 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
512 uint32_t tag;
513 uint8_t err = 0;
514
515 DPRINTF("\n");
516
517 switch (USB_GET_STATE(xfer)) {
518 case USB_ST_TRANSFERRED:
519
520 tag = UGETDW(sc->sc_cbw.dCBWSignature);
521
522 if (tag != CBWSIGNATURE) {
523 /* do nothing */
524 DPRINTF("invalid signature 0x%08x\n", tag);
525 break;
526 }
527 tag = UGETDW(sc->sc_cbw.dCBWTag);
528
529 /* echo back tag */
530 USETDW(sc->sc_csw.dCSWTag, tag);
531
532 /* reset status */
533 sc->sc_csw.bCSWStatus = 0;
534
535 /* reset data offset, data length and data remainder */
536 sc->sc_transfer.offset = 0;
537 sc->sc_transfer.data_rem =
538 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
539
540 /* reset data flags */
541 sc->sc_transfer.data_short = 0;
542
543 /* extract LUN */
544 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
545
546 if (sc->sc_transfer.data_rem == 0) {
547 sc->sc_transfer.cbw_dir = DIR_NONE;
548 } else {
549 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
550 sc->sc_transfer.cbw_dir = DIR_WRITE;
551 } else {
552 sc->sc_transfer.cbw_dir = DIR_READ;
553 }
554 }
555
556 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
557 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
558 (sc->sc_transfer.cmd_len == 0)) {
559 /* just halt - this is invalid */
560 DPRINTF("invalid command length %d bytes\n",
561 sc->sc_transfer.cmd_len);
562 break;
563 }
564
565 err = ustorage_fs_do_cmd(sc);
566 if (err) {
567 /* got an error */
568 DPRINTF("command failed\n");
569 break;
570 }
571 if ((sc->sc_transfer.data_rem > 0) &&
572 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
573 /* contradicting data transfer direction */
574 err = 1;
575 DPRINTF("data direction mismatch\n");
576 break;
577 }
578 switch (sc->sc_transfer.cbw_dir) {
579 case DIR_READ:
580 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
581 break;
582 case DIR_WRITE:
583 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
584 break;
585 default:
586 ustorage_fs_transfer_start(sc,
587 USTORAGE_FS_T_BBB_STATUS);
588 break;
589 }
590 break;
591
592 case USB_ST_SETUP:
593tr_setup:
594 if (sc->sc_transfer.data_error) {
595 sc->sc_transfer.data_error = 0;
596 usbd_xfer_set_stall(xfer);
597 DPRINTF("stall pipe\n");
598 }
599
600 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw,
601 sizeof(sc->sc_cbw));
602 usbd_transfer_submit(xfer);
603 break;
604
605 default: /* Error */
606 DPRINTF("error\n");
607 if (error == USB_ERR_CANCELLED) {
608 break;
609 }
610 /* If the pipe is already stalled, don't do another stall */
611 if (!usbd_xfer_is_stalled(xfer))
612 sc->sc_transfer.data_error = 1;
613
614 /* try again */
615 goto tr_setup;
616 }
617 if (err) {
618 if (sc->sc_csw.bCSWStatus == 0) {
619 /* set some default error code */
620 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
621 }
622 if (sc->sc_transfer.cbw_dir == DIR_READ) {
623 /* dump all data */
624 ustorage_fs_transfer_start(sc,
625 USTORAGE_FS_T_BBB_DATA_DUMP);
626 return;
627 }
628 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
629 /* need to stall before status */
630 sc->sc_transfer.data_error = 1;
631 }
632 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
633 }
634}
635
636static void
637ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
638{
639 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
640 uint32_t max_bulk = usbd_xfer_max_len(xfer);
641 int actlen, sumlen;
642
643 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
644
645 DPRINTF("\n");
646
647 switch (USB_GET_STATE(xfer)) {
648 case USB_ST_TRANSFERRED:
649 sc->sc_transfer.data_rem -= actlen;
650 sc->sc_transfer.offset += actlen;
651
652 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
653 /* short transfer or end of data */
654 ustorage_fs_transfer_start(sc,
655 USTORAGE_FS_T_BBB_STATUS);
656 break;
657 }
658 /* Fallthrough */
659
660 case USB_ST_SETUP:
661tr_setup:
662 if (max_bulk > sc->sc_transfer.data_rem) {
663 max_bulk = sc->sc_transfer.data_rem;
664 }
665 if (sc->sc_transfer.data_error) {
666 sc->sc_transfer.data_error = 0;
667 usbd_xfer_set_stall(xfer);
668 }
669 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
670 usbd_transfer_submit(xfer);
671 break;
672
673 default: /* Error */
674 if (error == USB_ERR_CANCELLED) {
675 break;
676 }
677 /*
678 * If the pipe is already stalled, don't do another stall:
679 */
680 if (!usbd_xfer_is_stalled(xfer))
681 sc->sc_transfer.data_error = 1;
682
683 /* try again */
684 goto tr_setup;
685 }
686}
687
688static void
689ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
690{
691 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
692 uint32_t max_bulk = usbd_xfer_max_len(xfer);
693 int actlen, sumlen;
694
695 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
696
697 DPRINTF("\n");
698
699 switch (USB_GET_STATE(xfer)) {
700 case USB_ST_TRANSFERRED:
701 sc->sc_transfer.data_rem -= actlen;
702 sc->sc_transfer.data_ptr += actlen;
703 sc->sc_transfer.offset += actlen;
704
705 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
706 /* short transfer or end of data */
707 ustorage_fs_transfer_start(sc,
708 USTORAGE_FS_T_BBB_STATUS);
709 break;
710 }
711 /* Fallthrough */
712
713 case USB_ST_SETUP:
714tr_setup:
715 if (max_bulk > sc->sc_transfer.data_rem) {
716 max_bulk = sc->sc_transfer.data_rem;
717 }
718 if (sc->sc_transfer.data_error) {
719 sc->sc_transfer.data_error = 0;
720 usbd_xfer_set_stall(xfer);
721 }
722
723 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
724 max_bulk);
725 usbd_transfer_submit(xfer);
726 break;
727
728 default: /* Error */
729 if (error == USB_ERR_CANCELLED) {
730 break;
731 }
732 /* If the pipe is already stalled, don't do another stall */
733 if (!usbd_xfer_is_stalled(xfer))
734 sc->sc_transfer.data_error = 1;
735
736 /* try again */
737 goto tr_setup;
738 }
739}
740
741static void
742ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
743{
744 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
745 uint32_t max_bulk = usbd_xfer_max_len(xfer);
746 int actlen, sumlen;
747
748 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
749
750 DPRINTF("\n");
751
752 switch (USB_GET_STATE(xfer)) {
753 case USB_ST_TRANSFERRED:
754 sc->sc_transfer.data_rem -= actlen;
755 sc->sc_transfer.data_ptr += actlen;
756 sc->sc_transfer.offset += actlen;
757
758 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
759 /* short transfer or end of data */
760 ustorage_fs_transfer_start(sc,
761 USTORAGE_FS_T_BBB_STATUS);
762 break;
763 }
764 case USB_ST_SETUP:
765tr_setup:
766 if (max_bulk >= sc->sc_transfer.data_rem) {
767 max_bulk = sc->sc_transfer.data_rem;
768 if (sc->sc_transfer.data_short)
769 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
770 else
771 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
772 } else
773 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
774
775 if (sc->sc_transfer.data_error) {
776 sc->sc_transfer.data_error = 0;
777 usbd_xfer_set_stall(xfer);
778 }
779
780 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
781 max_bulk);
782 usbd_transfer_submit(xfer);
783 break;
784
785 default: /* Error */
786 if (error == USB_ERR_CANCELLED) {
787 break;
788 }
789 /*
790 * If the pipe is already stalled, don't do another
791 * stall
792 */
793 if (!usbd_xfer_is_stalled(xfer))
794 sc->sc_transfer.data_error = 1;
795
796 /* try again */
797 goto tr_setup;
798 }
799}
800
801static void
802ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
803{
804 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
805
806 DPRINTF("\n");
807
808 switch (USB_GET_STATE(xfer)) {
809 case USB_ST_TRANSFERRED:
810 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
811 break;
812
813 case USB_ST_SETUP:
814tr_setup:
815 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
816 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
817
818 if (sc->sc_transfer.data_error) {
819 sc->sc_transfer.data_error = 0;
820 usbd_xfer_set_stall(xfer);
821 }
822
823 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw,
824 sizeof(sc->sc_csw));
825 usbd_transfer_submit(xfer);
826 break;
827
828 default:
829 if (error == USB_ERR_CANCELLED) {
830 break;
831 }
832 /* If the pipe is already stalled, don't do another stall */
833 if (!usbd_xfer_is_stalled(xfer))
834 sc->sc_transfer.data_error = 1;
835
836 /* try again */
837 goto tr_setup;
838 }
839}
840
841/* SCSI commands that we recognize */
842#define SC_FORMAT_UNIT 0x04
843#define SC_INQUIRY 0x12
844#define SC_MODE_SELECT_6 0x15
845#define SC_MODE_SELECT_10 0x55
846#define SC_MODE_SENSE_6 0x1a
847#define SC_MODE_SENSE_10 0x5a
848#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
849#define SC_READ_6 0x08
850#define SC_READ_10 0x28
851#define SC_READ_12 0xa8
852#define SC_READ_CAPACITY 0x25
853#define SC_READ_FORMAT_CAPACITIES 0x23
854#define SC_RELEASE 0x17
855#define SC_REQUEST_SENSE 0x03
856#define SC_RESERVE 0x16
857#define SC_SEND_DIAGNOSTIC 0x1d
858#define SC_START_STOP_UNIT 0x1b
859#define SC_SYNCHRONIZE_CACHE 0x35
860#define SC_TEST_UNIT_READY 0x00
861#define SC_VERIFY 0x2f
862#define SC_WRITE_6 0x0a
863#define SC_WRITE_10 0x2a
864#define SC_WRITE_12 0xaa
865
866/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
867#define SS_NO_SENSE 0
868#define SS_COMMUNICATION_FAILURE 0x040800
869#define SS_INVALID_COMMAND 0x052000
870#define SS_INVALID_FIELD_IN_CDB 0x052400
871#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
872#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
873#define SS_MEDIUM_NOT_PRESENT 0x023a00
874#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
875#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
876#define SS_RESET_OCCURRED 0x062900
877#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
878#define SS_UNRECOVERED_READ_ERROR 0x031100
879#define SS_WRITE_ERROR 0x030c02
880#define SS_WRITE_PROTECTED 0x072700
881
882#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
883#define ASC(x) ((uint8_t) ((x) >> 8))
884#define ASCQ(x) ((uint8_t) (x))
885
886/* Routines for unaligned data access */
887
888static uint16_t
889get_be16(uint8_t *buf)
890{
891 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
892}
893
894static uint32_t
895get_be32(uint8_t *buf)
896{
897 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
898 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
899}
900
901static void
902put_be16(uint8_t *buf, uint16_t val)
903{
904 buf[0] = val >> 8;
905 buf[1] = val;
906}
907
908static void
909put_be32(uint8_t *buf, uint32_t val)
910{
911 buf[0] = val >> 24;
912 buf[1] = val >> 16;
913 buf[2] = val >> 8;
914 buf[3] = val & 0xff;
915}
916
917/*------------------------------------------------------------------------*
918 * ustorage_fs_verify
919 *
920 * Returns:
921 * 0: Success
922 * Else: Failure
923 *------------------------------------------------------------------------*/
924static uint8_t
925ustorage_fs_verify(struct ustorage_fs_softc *sc)
926{
927 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
928 uint32_t lba;
929 uint32_t vlen;
930 uint64_t file_offset;
931 uint64_t amount_left;
932
933 /*
934 * Get the starting Logical Block Address
935 */
936 lba = get_be32(&sc->sc_cmd_data[2]);
937
938 /*
939 * We allow DPO (Disable Page Out = don't save data in the cache)
940 * but we don't implement it.
941 */
942 if ((sc->sc_cmd_data[1] & ~0x10) != 0) {
943 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
944 return (1);
945 }
946 vlen = get_be16(&sc->sc_cmd_data[7]);
947 if (vlen == 0) {
948 goto done;
949 }
950 /* No default reply */
951
952 /* Prepare to carry out the file verify */
953 amount_left = vlen;
954 amount_left <<= 9;
955 file_offset = lba;
956 file_offset <<= 9;
957
958 /* Range check */
959 vlen += lba;
960
961 if ((vlen < lba) ||
962 (vlen > currlun->num_sectors) ||
963 (lba >= currlun->num_sectors)) {
964 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
965 return (1);
966 }
967 /* XXX TODO: verify that data is readable */
968done:
969 return (ustorage_fs_min_len(sc, 0, 0 - 1));
970}
971
972/*------------------------------------------------------------------------*
973 * ustorage_fs_inquiry
974 *
975 * Returns:
976 * 0: Success
977 * Else: Failure
978 *------------------------------------------------------------------------*/
979static uint8_t
980ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
981{
982 uint8_t *buf = sc->sc_transfer.data_ptr;
983
984 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
985
986 if (!sc->sc_transfer.currlun) {
987 /* Unsupported LUNs are okay */
988 memset(buf, 0, 36);
989 buf[0] = 0x7f;
990 /* Unsupported, no device - type */
991 return (ustorage_fs_min_len(sc, 36, 0 - 1));
992 }
993 memset(buf, 0, 8);
994 /* Non - removable, direct - access device */
995 if (currlun->removable)
996 buf[1] = 0x80;
997 buf[2] = 2;
998 /* ANSI SCSI level 2 */
999 buf[3] = 2;
1000 /* SCSI - 2 INQUIRY data format */
1001 buf[4] = 31;
1002 /* Additional length */
1003 /* No special options */
1004 /* Copy in ID string */
1005 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1006
1007#if (USTORAGE_QDATA_MAX < 36)
1008#error "(USTORAGE_QDATA_MAX < 36)"
1009#endif
1010 return (ustorage_fs_min_len(sc, 36, 0 - 1));
1011}
1012
1013/*------------------------------------------------------------------------*
1014 * ustorage_fs_request_sense
1015 *
1016 * Returns:
1017 * 0: Success
1018 * Else: Failure
1019 *------------------------------------------------------------------------*/
1020static uint8_t
1021ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1022{
1023 uint8_t *buf = sc->sc_transfer.data_ptr;
1024 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1025 uint32_t sd;
1026 uint32_t sdinfo;
1027 uint8_t valid;
1028
1029 /*
1030 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1031 *
1032 * If a REQUEST SENSE command is received from an initiator
1033 * with a pending unit attention condition (before the target
1034 * generates the contingent allegiance condition), then the
1035 * target shall either:
1036 * a) report any pending sense data and preserve the unit
1037 * attention condition on the logical unit, or,
1038 * b) report the unit attention condition, may discard any
1039 * pending sense data, and clear the unit attention
1040 * condition on the logical unit for that initiator.
1041 *
1042 * FSG normally uses option a); enable this code to use option b).
1043 */
1044#if 0
1045 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1046 currlun->sense_data = currlun->unit_attention_data;
1047 currlun->unit_attention_data = SS_NO_SENSE;
1048 }
1049#endif
1050
1051 if (!currlun) {
1052 /* Unsupported LUNs are okay */
1053 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1054 sdinfo = 0;
1055 valid = 0;
1056 } else {
1057 sd = currlun->sense_data;
1058 sdinfo = currlun->sense_data_info;
1059 valid = currlun->info_valid << 7;
1060 currlun->sense_data = SS_NO_SENSE;
1061 currlun->sense_data_info = 0;
1062 currlun->info_valid = 0;
1063 }
1064
1065 memset(buf, 0, 18);
1066 buf[0] = valid | 0x70;
1067 /* Valid, current error */
1068 buf[2] = SK(sd);
1069 put_be32(&buf[3], sdinfo);
1070 /* Sense information */
1071 buf[7] = 18 - 8;
1072 /* Additional sense length */
1073 buf[12] = ASC(sd);
1074 buf[13] = ASCQ(sd);
1075
1076#if (USTORAGE_QDATA_MAX < 18)
1077#error "(USTORAGE_QDATA_MAX < 18)"
1078#endif
1079 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1080}
1081
1082/*------------------------------------------------------------------------*
1083 * ustorage_fs_read_capacity
1084 *
1085 * Returns:
1086 * 0: Success
1087 * Else: Failure
1088 *------------------------------------------------------------------------*/
1089static uint8_t
1090ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1091{
1092 uint8_t *buf = sc->sc_transfer.data_ptr;
1093 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1094 uint32_t lba = get_be32(&sc->sc_cmd_data[2]);
1095 uint8_t pmi = sc->sc_cmd_data[8];
1096
1097 /* Check the PMI and LBA fields */
1098 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1099 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1100 return (1);
1101 }
1102 /* Max logical block */
1103 put_be32(&buf[0], currlun->num_sectors - 1);
1104 /* Block length */
1105 put_be32(&buf[4], 512);
1106
1107#if (USTORAGE_QDATA_MAX < 8)
1108#error "(USTORAGE_QDATA_MAX < 8)"
1109#endif
1110 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1111}
1112
1113/*------------------------------------------------------------------------*
1114 * ustorage_fs_mode_sense
1115 *
1116 * Returns:
1117 * 0: Success
1118 * Else: Failure
1119 *------------------------------------------------------------------------*/
1120static uint8_t
1121ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1122{
1123 uint8_t *buf = sc->sc_transfer.data_ptr;
1124 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1125 uint8_t *buf0;
1126 uint16_t len;
1127 uint16_t limit;
1128 uint8_t mscmnd = sc->sc_cmd_data[0];
1129 uint8_t pc;
1130 uint8_t page_code;
1131 uint8_t changeable_values;
1132 uint8_t all_pages;
1133
1134 buf0 = buf;
1135
1136 if ((sc->sc_cmd_data[1] & ~0x08) != 0) {
1137 /* Mask away DBD */
1138 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1139 return (1);
1140 }
1141 pc = sc->sc_cmd_data[2] >> 6;
1142 page_code = sc->sc_cmd_data[2] & 0x3f;
1143 if (pc == 3) {
1144 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1145 return (1);
1146 }
1147 changeable_values = (pc == 1);
1148 all_pages = (page_code == 0x3f);
1149
1150 /*
1151 * Write the mode parameter header. Fixed values are: default
1152 * medium type, no cache control (DPOFUA), and no block descriptors.
1153 * The only variable value is the WriteProtect bit. We will fill in
1154 * the mode data length later.
1155 */
1156 memset(buf, 0, 8);
1157 if (mscmnd == SC_MODE_SENSE_6) {
1158 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1159 /* WP, DPOFUA */
1160 buf += 4;
1161 limit = 255;
1162 } else {
1163 /* SC_MODE_SENSE_10 */
1164 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1165 /* WP, DPOFUA */
1166 buf += 8;
1167 limit = 65535;
1168 /* Should really be mod_data.buflen */
1169 }
1170
1171 /* No block descriptors */
1172
1173 /*
1174 * The mode pages, in numerical order.
1175 */
1176 if ((page_code == 0x08) || all_pages) {
1177 buf[0] = 0x08;
1178 /* Page code */
1179 buf[1] = 10;
1180 /* Page length */
1181 memset(buf + 2, 0, 10);
1182 /* None of the fields are changeable */
1183
1184 if (!changeable_values) {
1185 buf[2] = 0x04;
1186 /* Write cache enable, */
1187 /* Read cache not disabled */
1188 /* No cache retention priorities */
1189 put_be16(&buf[4], 0xffff);
1190 /* Don 't disable prefetch */
1191 /* Minimum prefetch = 0 */
1192 put_be16(&buf[8], 0xffff);
1193 /* Maximum prefetch */
1194 put_be16(&buf[10], 0xffff);
1195 /* Maximum prefetch ceiling */
1196 }
1197 buf += 12;
1198 }
1199 /*
1200 * Check that a valid page was requested and the mode data length
1201 * isn't too long.
1202 */
1203 len = buf - buf0;
1204 if (len > limit) {
1205 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1206 return (1);
1207 }
1208 /* Store the mode data length */
1209 if (mscmnd == SC_MODE_SENSE_6)
1210 buf0[0] = len - 1;
1211 else
1212 put_be16(buf0, len - 2);
1213
1214#if (USTORAGE_QDATA_MAX < 24)
1215#error "(USTORAGE_QDATA_MAX < 24)"
1216#endif
1217 return (ustorage_fs_min_len(sc, len, 0 - 1));
1218}
1219
1220/*------------------------------------------------------------------------*
1221 * ustorage_fs_start_stop
1222 *
1223 * Returns:
1224 * 0: Success
1225 * Else: Failure
1226 *------------------------------------------------------------------------*/
1227static uint8_t
1228ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1229{
1230 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1231 uint8_t loej;
1232 uint8_t start;
1233 uint8_t immed;
1234
1235 if (!currlun->removable) {
1236 currlun->sense_data = SS_INVALID_COMMAND;
1237 return (1);
1238 }
1239 immed = sc->sc_cmd_data[1] & 0x01;
1240 loej = sc->sc_cmd_data[4] & 0x02;
1241 start = sc->sc_cmd_data[4] & 0x01;
1242
1243 if (immed || loej || start) {
1244 /* compile fix */
1245 }
1246 return (0);
1247}
1248
1249/*------------------------------------------------------------------------*
1250 * ustorage_fs_prevent_allow
1251 *
1252 * Returns:
1253 * 0: Success
1254 * Else: Failure
1255 *------------------------------------------------------------------------*/
1256static uint8_t
1257ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1258{
1259 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1260 uint8_t prevent;
1261
1262 if (!currlun->removable) {
1263 currlun->sense_data = SS_INVALID_COMMAND;
1264 return (1);
1265 }
1266 prevent = sc->sc_cmd_data[4] & 0x01;
1267 if ((sc->sc_cmd_data[4] & ~0x01) != 0) {
1268 /* Mask away Prevent */
1269 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1270 return (1);
1271 }
1272 if (currlun->prevent_medium_removal && !prevent) {
1273 //fsync_sub(currlun);
1274 }
1275 currlun->prevent_medium_removal = prevent;
1276 return (0);
1277}
1278
1279/*------------------------------------------------------------------------*
1280 * ustorage_fs_read_format_capacities
1281 *
1282 * Returns:
1283 * 0: Success
1284 * Else: Failure
1285 *------------------------------------------------------------------------*/
1286static uint8_t
1287ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1288{
1289 uint8_t *buf = sc->sc_transfer.data_ptr;
1290 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1291
1292 buf[0] = buf[1] = buf[2] = 0;
1293 buf[3] = 8;
1294 /* Only the Current / Maximum Capacity Descriptor */
1295 buf += 4;
1296
1297 /* Number of blocks */
1298 put_be32(&buf[0], currlun->num_sectors);
1299 /* Block length */
1300 put_be32(&buf[4], 512);
1301 /* Current capacity */
1302 buf[4] = 0x02;
1303
1304#if (USTORAGE_QDATA_MAX < 12)
1305#error "(USTORAGE_QDATA_MAX < 12)"
1306#endif
1307 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1308}
1309
1310/*------------------------------------------------------------------------*
1311 * ustorage_fs_mode_select
1312 *
1313 * Return values:
1314 * 0: Success
1315 * Else: Failure
1316 *------------------------------------------------------------------------*/
1317static uint8_t
1318ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1319{
1320 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1321
1322 /* We don't support MODE SELECT */
1323 currlun->sense_data = SS_INVALID_COMMAND;
1324 return (1);
1325}
1326
1327/*------------------------------------------------------------------------*
1328 * ustorage_fs_synchronize_cache
1329 *
1330 * Return values:
1331 * 0: Success
1332 * Else: Failure
1333 *------------------------------------------------------------------------*/
1334static uint8_t
1335ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1336{
1337#if 0
1338 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1339 uint8_t rc;
1340
1341 /*
1342 * We ignore the requested LBA and write out all dirty data buffers.
1343 */
1344 rc = 0;
1345 if (rc) {
1346 currlun->sense_data = SS_WRITE_ERROR;
1347 }
1348#endif
1349 return (0);
1350}
1351
1352/*------------------------------------------------------------------------*
1353 * ustorage_fs_read - read data from disk
1354 *
1355 * Return values:
1356 * 0: Success
1357 * Else: Failure
1358 *------------------------------------------------------------------------*/
1359static uint8_t
1360ustorage_fs_read(struct ustorage_fs_softc *sc)
1361{
1362 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1363 uint64_t file_offset;
1364 uint32_t lba;
1365 uint32_t len;
1366
1367 /*
1368 * Get the starting Logical Block Address and check that it's not
1369 * too big
1370 */
1371 if (sc->sc_cmd_data[0] == SC_READ_6) {
1372 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1373 get_be16(&sc->sc_cmd_data[2]);
1374 } else {
1375 lba = get_be32(&sc->sc_cmd_data[2]);
1376
1377 /*
1378 * We allow DPO (Disable Page Out = don't save data in the
1379 * cache) and FUA (Force Unit Access = don't read from the
1380 * cache), but we don't implement them.
1381 */
1382 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1383 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1384 return (1);
1385 }
1386 }
1387 len = sc->sc_transfer.data_rem >> 9;
1388 len += lba;
1389
1390 if ((len < lba) ||
1391 (len > currlun->num_sectors) ||
1392 (lba >= currlun->num_sectors)) {
1393 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1394 return (1);
1395 }
1396 file_offset = lba;
1397 file_offset <<= 9;
1398
1399 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1400
1401 return (0);
1402}
1403
1404/*------------------------------------------------------------------------*
1405 * ustorage_fs_write - write data to disk
1406 *
1407 * Return values:
1408 * 0: Success
1409 * Else: Failure
1410 *------------------------------------------------------------------------*/
1411static uint8_t
1412ustorage_fs_write(struct ustorage_fs_softc *sc)
1413{
1414 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1415 uint64_t file_offset;
1416 uint32_t lba;
1417 uint32_t len;
1418
1419 if (currlun->read_only) {
1420 currlun->sense_data = SS_WRITE_PROTECTED;
1421 return (1);
1422 }
1423 /* XXX clear SYNC */
1424
1425 /*
1426 * Get the starting Logical Block Address and check that it's not
1427 * too big.
1428 */
1429 if (sc->sc_cmd_data[0] == SC_WRITE_6)
1430 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1431 get_be16(&sc->sc_cmd_data[2]);
1432 else {
1433 lba = get_be32(&sc->sc_cmd_data[2]);
1434
1435 /*
1436 * We allow DPO (Disable Page Out = don't save data in the
1437 * cache) and FUA (Force Unit Access = write directly to the
1438 * medium). We don't implement DPO; we implement FUA by
1439 * performing synchronous output.
1440 */
1441 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1442 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1443 return (1);
1444 }
1445 if (sc->sc_cmd_data[1] & 0x08) {
1446 /* FUA */
1447 /* XXX set SYNC flag here */
1448 }
1449 }
1450
1451 len = sc->sc_transfer.data_rem >> 9;
1452 len += lba;
1453
1454 if ((len < lba) ||
1455 (len > currlun->num_sectors) ||
1456 (lba >= currlun->num_sectors)) {
1457 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1458 return (1);
1459 }
1460 file_offset = lba;
1461 file_offset <<= 9;
1462
1463 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1464
1465 return (0);
1466}
1467
1468/*------------------------------------------------------------------------*
1469 * ustorage_fs_min_len
1470 *
1471 * Return values:
1472 * 0: Success
1473 * Else: Failure
1474 *------------------------------------------------------------------------*/
1475static uint8_t
1476ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1477{
1478 if (len != sc->sc_transfer.data_rem) {
1479
1480 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1481 /*
1482 * there must be something wrong about this SCSI
1483 * command
1484 */
1485 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1486 return (1);
1487 }
1488 /* compute the minimum length */
1489
1490 if (sc->sc_transfer.data_rem > len) {
1491 /* data ends prematurely */
1492 sc->sc_transfer.data_rem = len;
1493 sc->sc_transfer.data_short = 1;
1494 }
1495 /* check length alignment */
1496
1497 if (sc->sc_transfer.data_rem & ~mask) {
1498 /* data ends prematurely */
1499 sc->sc_transfer.data_rem &= mask;
1500 sc->sc_transfer.data_short = 1;
1501 }
1502 }
1503 return (0);
1504}
1505
1506/*------------------------------------------------------------------------*
1507 * ustorage_fs_check_cmd - check command routine
1508 *
1509 * Check whether the command is properly formed and whether its data
1510 * size and direction agree with the values we already have.
1511 *
1512 * Return values:
1513 * 0: Success
1514 * Else: Failure
1515 *------------------------------------------------------------------------*/
1516static uint8_t
1517ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1518 uint16_t mask, uint8_t needs_medium)
1519{
1520 struct ustorage_fs_lun *currlun;
1521 uint8_t lun = (sc->sc_cmd_data[1] >> 5);
1522 uint8_t i;
1523
1524 /* Verify the length of the command itself */
1525 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1526 DPRINTF("%u > %u\n",
1527 min_cmd_size, sc->sc_transfer.cmd_len);
1528 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1529 return (1);
1530 }
1531 /* Mask away the LUN */
1532 sc->sc_cmd_data[1] &= 0x1f;
1533
1534 /* Check if LUN is correct */
1535 if (lun != sc->sc_transfer.lun) {
1536
1537 }
1538 /* Check the LUN */
1539 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1540 sc->sc_transfer.currlun = currlun =
1541 sc->sc_lun + sc->sc_transfer.lun;
1542 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) {
1543 currlun->sense_data = SS_NO_SENSE;
1544 currlun->sense_data_info = 0;
1545 currlun->info_valid = 0;
1546 }
1547 /*
1548 * If a unit attention condition exists, only INQUIRY
1549 * and REQUEST SENSE commands are allowed. Anything
1550 * else must fail!
1551 */
1552 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1553 (sc->sc_cmd_data[0] != SC_INQUIRY) &&
1554 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1555 currlun->sense_data = currlun->unit_attention_data;
1556 currlun->unit_attention_data = SS_NO_SENSE;
1557 return (1);
1558 }
1559 } else {
1560 sc->sc_transfer.currlun = currlun = NULL;
1561
1562 /*
1563 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1564 * to use unsupported LUNs; all others may not.
1565 */
1566 if ((sc->sc_cmd_data[0] != SC_INQUIRY) &&
1567 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1568 return (1);
1569 }
1570 }
1571
1572 /*
1573 * Check that only command bytes listed in the mask are
1574 * non-zero.
1575 */
1576 for (i = 0; i != min_cmd_size; i++) {
1577 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) {
1578 if (currlun) {
1579 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1580 }
1581 return (1);
1582 }
1583 }
1584
1585 /*
1586 * If the medium isn't mounted and the command needs to access
1587 * it, return an error.
1588 */
1589 if (currlun && (!currlun->memory_image) && needs_medium) {
1590 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1591 return (1);
1592 }
1593 return (0);
1594}
1595
1596/*------------------------------------------------------------------------*
1597 * ustorage_fs_do_cmd - do command
1598 *
1599 * Return values:
1600 * 0: Success
1601 * Else: Failure
1602 *------------------------------------------------------------------------*/
1603static uint8_t
1604ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1605{
1606 uint8_t error = 1;
1607 uint8_t i;
1608 uint32_t temp;
1609 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1610
1611 /* set default data transfer pointer */
1612 sc->sc_transfer.data_ptr = sc->sc_qdata;
1613
1614 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1615 sc->sc_cmd_data[0], sc->sc_transfer.data_rem);
1616
1617 switch (sc->sc_cmd_data[0]) {
1618 case SC_INQUIRY:
1619 sc->sc_transfer.cmd_dir = DIR_WRITE;
1620 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1621 if (error) {
1622 break;
1623 }
1624 error = ustorage_fs_check_cmd(sc, 6,
1625 (1UL << 4) | 1, 0);
1626 if (error) {
1627 break;
1628 }
1629 error = ustorage_fs_inquiry(sc);
1630
1631 break;
1632
1633 case SC_MODE_SELECT_6:
1634 sc->sc_transfer.cmd_dir = DIR_READ;
1635 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1636 if (error) {
1637 break;
1638 }
1639 error = ustorage_fs_check_cmd(sc, 6,
1640 (1UL << 1) | (1UL << 4) | 1, 0);
1641 if (error) {
1642 break;
1643 }
1644 error = ustorage_fs_mode_select(sc);
1645
1646 break;
1647
1648 case SC_MODE_SELECT_10:
1649 sc->sc_transfer.cmd_dir = DIR_READ;
1650 error = ustorage_fs_min_len(sc,
1651 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1652 if (error) {
1653 break;
1654 }
1655 error = ustorage_fs_check_cmd(sc, 10,
1656 (1UL << 1) | (3UL << 7) | 1, 0);
1657 if (error) {
1658 break;
1659 }
1660 error = ustorage_fs_mode_select(sc);
1661
1662 break;
1663
1664 case SC_MODE_SENSE_6:
1665 sc->sc_transfer.cmd_dir = DIR_WRITE;
1666 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1667 if (error) {
1668 break;
1669 }
1670 error = ustorage_fs_check_cmd(sc, 6,
1671 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1672 if (error) {
1673 break;
1674 }
1675 error = ustorage_fs_mode_sense(sc);
1676
1677 break;
1678
1679 case SC_MODE_SENSE_10:
1680 sc->sc_transfer.cmd_dir = DIR_WRITE;
1681 error = ustorage_fs_min_len(sc,
1682 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1683 if (error) {
1684 break;
1685 }
1686 error = ustorage_fs_check_cmd(sc, 10,
1687 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1688 if (error) {
1689 break;
1690 }
1691 error = ustorage_fs_mode_sense(sc);
1692
1693 break;
1694
1695 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1696 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1697 if (error) {
1698 break;
1699 }
1700 error = ustorage_fs_check_cmd(sc, 6,
1701 (1UL << 4) | 1, 0);
1702 if (error) {
1703 break;
1704 }
1705 error = ustorage_fs_prevent_allow(sc);
1706
1707 break;
1708
1709 case SC_READ_6:
1710 i = sc->sc_cmd_data[4];
1711 sc->sc_transfer.cmd_dir = DIR_WRITE;
1712 temp = ((i == 0) ? 256UL : i);
1713 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1714 if (error) {
1715 break;
1716 }
1717 error = ustorage_fs_check_cmd(sc, 6,
1718 (7UL << 1) | (1UL << 4) | 1, 1);
1719 if (error) {
1720 break;
1721 }
1722 error = ustorage_fs_read(sc);
1723
1724 break;
1725
1726 case SC_READ_10:
1727 sc->sc_transfer.cmd_dir = DIR_WRITE;
1728 temp = get_be16(&sc->sc_cmd_data[7]);
1729 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1730 if (error) {
1731 break;
1732 }
1733 error = ustorage_fs_check_cmd(sc, 10,
1734 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1735 if (error) {
1736 break;
1737 }
1738 error = ustorage_fs_read(sc);
1739
1740 break;
1741
1742 case SC_READ_12:
1743 sc->sc_transfer.cmd_dir = DIR_WRITE;
1744 temp = get_be32(&sc->sc_cmd_data[6]);
1745 if (temp >= (1UL << (32 - 9))) {
1746 /* numerical overflow */
1747 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1748 error = 1;
1749 break;
1750 }
1751 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1752 if (error) {
1753 break;
1754 }
1755 error = ustorage_fs_check_cmd(sc, 12,
1756 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1757 if (error) {
1758 break;
1759 }
1760 error = ustorage_fs_read(sc);
1761
1762 break;
1763
1764 case SC_READ_CAPACITY:
1765 sc->sc_transfer.cmd_dir = DIR_WRITE;
1766 error = ustorage_fs_check_cmd(sc, 10,
1767 (0xfUL << 2) | (1UL << 8) | 1, 1);
1768 if (error) {
1769 break;
1770 }
1771 error = ustorage_fs_read_capacity(sc);
1772
1773 break;
1774
1775 case SC_READ_FORMAT_CAPACITIES:
1776 sc->sc_transfer.cmd_dir = DIR_WRITE;
1777 error = ustorage_fs_min_len(sc,
1778 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1779 if (error) {
1780 break;
1781 }
1782 error = ustorage_fs_check_cmd(sc, 10,
1783 (3UL << 7) | 1, 1);
1784 if (error) {
1785 break;
1786 }
1787 error = ustorage_fs_read_format_capacities(sc);
1788
1789 break;
1790
1791 case SC_REQUEST_SENSE:
1792 sc->sc_transfer.cmd_dir = DIR_WRITE;
1793 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1794 if (error) {
1795 break;
1796 }
1797 error = ustorage_fs_check_cmd(sc, 6,
1798 (1UL << 4) | 1, 0);
1799 if (error) {
1800 break;
1801 }
1802 error = ustorage_fs_request_sense(sc);
1803
1804 break;
1805
1806 case SC_START_STOP_UNIT:
1807 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1808 if (error) {
1809 break;
1810 }
1811 error = ustorage_fs_check_cmd(sc, 6,
1812 (1UL << 1) | (1UL << 4) | 1, 0);
1813 if (error) {
1814 break;
1815 }
1816 error = ustorage_fs_start_stop(sc);
1817
1818 break;
1819
1820 case SC_SYNCHRONIZE_CACHE:
1821 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1822 if (error) {
1823 break;
1824 }
1825 error = ustorage_fs_check_cmd(sc, 10,
1826 (0xfUL << 2) | (3UL << 7) | 1, 1);
1827 if (error) {
1828 break;
1829 }
1830 error = ustorage_fs_synchronize_cache(sc);
1831
1832 break;
1833
1834 case SC_TEST_UNIT_READY:
1835 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1836 if (error) {
1837 break;
1838 }
1839 error = ustorage_fs_check_cmd(sc, 6,
1840 0 | 1, 1);
1841 break;
1842
1843 /*
1844 * Although optional, this command is used by MS-Windows.
1845 * We support a minimal version: BytChk must be 0.
1846 */
1847 case SC_VERIFY:
1848 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1849 if (error) {
1850 break;
1851 }
1852 error = ustorage_fs_check_cmd(sc, 10,
1853 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1854 if (error) {
1855 break;
1856 }
1857 error = ustorage_fs_verify(sc);
1858
1859 break;
1860
1861 case SC_WRITE_6:
1862 i = sc->sc_cmd_data[4];
1863 sc->sc_transfer.cmd_dir = DIR_READ;
1864 temp = ((i == 0) ? 256UL : i);
1865 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1866 if (error) {
1867 break;
1868 }
1869 error = ustorage_fs_check_cmd(sc, 6,
1870 (7UL << 1) | (1UL << 4) | 1, 1);
1871 if (error) {
1872 break;
1873 }
1874 error = ustorage_fs_write(sc);
1875
1876 break;
1877
1878 case SC_WRITE_10:
1879 sc->sc_transfer.cmd_dir = DIR_READ;
1880 temp = get_be16(&sc->sc_cmd_data[7]);
1881 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1882 if (error) {
1883 break;
1884 }
1885 error = ustorage_fs_check_cmd(sc, 10,
1886 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1887 if (error) {
1888 break;
1889 }
1890 error = ustorage_fs_write(sc);
1891
1892 break;
1893
1894 case SC_WRITE_12:
1895 sc->sc_transfer.cmd_dir = DIR_READ;
1896 temp = get_be32(&sc->sc_cmd_data[6]);
1897 if (temp > (mask9 >> 9)) {
1898 /* numerical overflow */
1899 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1900 error = 1;
1901 break;
1902 }
1903 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1904 if (error) {
1905 break;
1906 }
1907 error = ustorage_fs_check_cmd(sc, 12,
1908 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1909 if (error) {
1910 break;
1911 }
1912 error = ustorage_fs_write(sc);
1913
1914 break;
1915
1916 /*
1917 * Some mandatory commands that we recognize but don't
1918 * implement. They don't mean much in this setting.
1919 * It's left as an exercise for anyone interested to
1920 * implement RESERVE and RELEASE in terms of Posix
1921 * locks.
1922 */
1923 case SC_FORMAT_UNIT:
1924 case SC_RELEASE:
1925 case SC_RESERVE:
1926 case SC_SEND_DIAGNOSTIC:
1927 /* Fallthrough */
1928
1929 default:
1930 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1931 if (error) {
1932 break;
1933 }
1934 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1935 0xff, 0);
1936 if (error) {
1937 break;
1938 }
1939 sc->sc_transfer.currlun->sense_data =
1940 SS_INVALID_COMMAND;
1941 error = 1;
1942
1943 break;
1944 }
1945 return (error);
1946}
| 483
484 if (!is_complete) {
485 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
486 (req->bRequest == UR_BBB_RESET)) {
487 *plen = 0;
488 mtx_lock(&sc->sc_mtx);
489 ustorage_fs_transfer_stop(sc);
490 sc->sc_transfer.data_error = 1;
491 ustorage_fs_transfer_start(sc,
492 USTORAGE_FS_T_BBB_COMMAND);
493 mtx_unlock(&sc->sc_mtx);
494 return (0);
495 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
496 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
497 if (offset == 0) {
498 *plen = 1;
499 *pptr = &sc->sc_last_lun;
500 } else {
501 *plen = 0;
502 }
503 return (0);
504 }
505 }
506 return (ENXIO); /* use builtin handler */
507}
508
509static void
510ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
511{
512 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
513 uint32_t tag;
514 uint8_t err = 0;
515
516 DPRINTF("\n");
517
518 switch (USB_GET_STATE(xfer)) {
519 case USB_ST_TRANSFERRED:
520
521 tag = UGETDW(sc->sc_cbw.dCBWSignature);
522
523 if (tag != CBWSIGNATURE) {
524 /* do nothing */
525 DPRINTF("invalid signature 0x%08x\n", tag);
526 break;
527 }
528 tag = UGETDW(sc->sc_cbw.dCBWTag);
529
530 /* echo back tag */
531 USETDW(sc->sc_csw.dCSWTag, tag);
532
533 /* reset status */
534 sc->sc_csw.bCSWStatus = 0;
535
536 /* reset data offset, data length and data remainder */
537 sc->sc_transfer.offset = 0;
538 sc->sc_transfer.data_rem =
539 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
540
541 /* reset data flags */
542 sc->sc_transfer.data_short = 0;
543
544 /* extract LUN */
545 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
546
547 if (sc->sc_transfer.data_rem == 0) {
548 sc->sc_transfer.cbw_dir = DIR_NONE;
549 } else {
550 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
551 sc->sc_transfer.cbw_dir = DIR_WRITE;
552 } else {
553 sc->sc_transfer.cbw_dir = DIR_READ;
554 }
555 }
556
557 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
558 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
559 (sc->sc_transfer.cmd_len == 0)) {
560 /* just halt - this is invalid */
561 DPRINTF("invalid command length %d bytes\n",
562 sc->sc_transfer.cmd_len);
563 break;
564 }
565
566 err = ustorage_fs_do_cmd(sc);
567 if (err) {
568 /* got an error */
569 DPRINTF("command failed\n");
570 break;
571 }
572 if ((sc->sc_transfer.data_rem > 0) &&
573 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
574 /* contradicting data transfer direction */
575 err = 1;
576 DPRINTF("data direction mismatch\n");
577 break;
578 }
579 switch (sc->sc_transfer.cbw_dir) {
580 case DIR_READ:
581 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
582 break;
583 case DIR_WRITE:
584 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
585 break;
586 default:
587 ustorage_fs_transfer_start(sc,
588 USTORAGE_FS_T_BBB_STATUS);
589 break;
590 }
591 break;
592
593 case USB_ST_SETUP:
594tr_setup:
595 if (sc->sc_transfer.data_error) {
596 sc->sc_transfer.data_error = 0;
597 usbd_xfer_set_stall(xfer);
598 DPRINTF("stall pipe\n");
599 }
600
601 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw,
602 sizeof(sc->sc_cbw));
603 usbd_transfer_submit(xfer);
604 break;
605
606 default: /* Error */
607 DPRINTF("error\n");
608 if (error == USB_ERR_CANCELLED) {
609 break;
610 }
611 /* If the pipe is already stalled, don't do another stall */
612 if (!usbd_xfer_is_stalled(xfer))
613 sc->sc_transfer.data_error = 1;
614
615 /* try again */
616 goto tr_setup;
617 }
618 if (err) {
619 if (sc->sc_csw.bCSWStatus == 0) {
620 /* set some default error code */
621 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
622 }
623 if (sc->sc_transfer.cbw_dir == DIR_READ) {
624 /* dump all data */
625 ustorage_fs_transfer_start(sc,
626 USTORAGE_FS_T_BBB_DATA_DUMP);
627 return;
628 }
629 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
630 /* need to stall before status */
631 sc->sc_transfer.data_error = 1;
632 }
633 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
634 }
635}
636
637static void
638ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
639{
640 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
641 uint32_t max_bulk = usbd_xfer_max_len(xfer);
642 int actlen, sumlen;
643
644 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
645
646 DPRINTF("\n");
647
648 switch (USB_GET_STATE(xfer)) {
649 case USB_ST_TRANSFERRED:
650 sc->sc_transfer.data_rem -= actlen;
651 sc->sc_transfer.offset += actlen;
652
653 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
654 /* short transfer or end of data */
655 ustorage_fs_transfer_start(sc,
656 USTORAGE_FS_T_BBB_STATUS);
657 break;
658 }
659 /* Fallthrough */
660
661 case USB_ST_SETUP:
662tr_setup:
663 if (max_bulk > sc->sc_transfer.data_rem) {
664 max_bulk = sc->sc_transfer.data_rem;
665 }
666 if (sc->sc_transfer.data_error) {
667 sc->sc_transfer.data_error = 0;
668 usbd_xfer_set_stall(xfer);
669 }
670 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
671 usbd_transfer_submit(xfer);
672 break;
673
674 default: /* Error */
675 if (error == USB_ERR_CANCELLED) {
676 break;
677 }
678 /*
679 * If the pipe is already stalled, don't do another stall:
680 */
681 if (!usbd_xfer_is_stalled(xfer))
682 sc->sc_transfer.data_error = 1;
683
684 /* try again */
685 goto tr_setup;
686 }
687}
688
689static void
690ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
691{
692 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
693 uint32_t max_bulk = usbd_xfer_max_len(xfer);
694 int actlen, sumlen;
695
696 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
697
698 DPRINTF("\n");
699
700 switch (USB_GET_STATE(xfer)) {
701 case USB_ST_TRANSFERRED:
702 sc->sc_transfer.data_rem -= actlen;
703 sc->sc_transfer.data_ptr += actlen;
704 sc->sc_transfer.offset += actlen;
705
706 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
707 /* short transfer or end of data */
708 ustorage_fs_transfer_start(sc,
709 USTORAGE_FS_T_BBB_STATUS);
710 break;
711 }
712 /* Fallthrough */
713
714 case USB_ST_SETUP:
715tr_setup:
716 if (max_bulk > sc->sc_transfer.data_rem) {
717 max_bulk = sc->sc_transfer.data_rem;
718 }
719 if (sc->sc_transfer.data_error) {
720 sc->sc_transfer.data_error = 0;
721 usbd_xfer_set_stall(xfer);
722 }
723
724 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
725 max_bulk);
726 usbd_transfer_submit(xfer);
727 break;
728
729 default: /* Error */
730 if (error == USB_ERR_CANCELLED) {
731 break;
732 }
733 /* If the pipe is already stalled, don't do another stall */
734 if (!usbd_xfer_is_stalled(xfer))
735 sc->sc_transfer.data_error = 1;
736
737 /* try again */
738 goto tr_setup;
739 }
740}
741
742static void
743ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
744{
745 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
746 uint32_t max_bulk = usbd_xfer_max_len(xfer);
747 int actlen, sumlen;
748
749 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
750
751 DPRINTF("\n");
752
753 switch (USB_GET_STATE(xfer)) {
754 case USB_ST_TRANSFERRED:
755 sc->sc_transfer.data_rem -= actlen;
756 sc->sc_transfer.data_ptr += actlen;
757 sc->sc_transfer.offset += actlen;
758
759 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
760 /* short transfer or end of data */
761 ustorage_fs_transfer_start(sc,
762 USTORAGE_FS_T_BBB_STATUS);
763 break;
764 }
765 case USB_ST_SETUP:
766tr_setup:
767 if (max_bulk >= sc->sc_transfer.data_rem) {
768 max_bulk = sc->sc_transfer.data_rem;
769 if (sc->sc_transfer.data_short)
770 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
771 else
772 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
773 } else
774 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
775
776 if (sc->sc_transfer.data_error) {
777 sc->sc_transfer.data_error = 0;
778 usbd_xfer_set_stall(xfer);
779 }
780
781 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
782 max_bulk);
783 usbd_transfer_submit(xfer);
784 break;
785
786 default: /* Error */
787 if (error == USB_ERR_CANCELLED) {
788 break;
789 }
790 /*
791 * If the pipe is already stalled, don't do another
792 * stall
793 */
794 if (!usbd_xfer_is_stalled(xfer))
795 sc->sc_transfer.data_error = 1;
796
797 /* try again */
798 goto tr_setup;
799 }
800}
801
802static void
803ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
804{
805 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
806
807 DPRINTF("\n");
808
809 switch (USB_GET_STATE(xfer)) {
810 case USB_ST_TRANSFERRED:
811 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
812 break;
813
814 case USB_ST_SETUP:
815tr_setup:
816 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
817 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
818
819 if (sc->sc_transfer.data_error) {
820 sc->sc_transfer.data_error = 0;
821 usbd_xfer_set_stall(xfer);
822 }
823
824 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw,
825 sizeof(sc->sc_csw));
826 usbd_transfer_submit(xfer);
827 break;
828
829 default:
830 if (error == USB_ERR_CANCELLED) {
831 break;
832 }
833 /* If the pipe is already stalled, don't do another stall */
834 if (!usbd_xfer_is_stalled(xfer))
835 sc->sc_transfer.data_error = 1;
836
837 /* try again */
838 goto tr_setup;
839 }
840}
841
842/* SCSI commands that we recognize */
843#define SC_FORMAT_UNIT 0x04
844#define SC_INQUIRY 0x12
845#define SC_MODE_SELECT_6 0x15
846#define SC_MODE_SELECT_10 0x55
847#define SC_MODE_SENSE_6 0x1a
848#define SC_MODE_SENSE_10 0x5a
849#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
850#define SC_READ_6 0x08
851#define SC_READ_10 0x28
852#define SC_READ_12 0xa8
853#define SC_READ_CAPACITY 0x25
854#define SC_READ_FORMAT_CAPACITIES 0x23
855#define SC_RELEASE 0x17
856#define SC_REQUEST_SENSE 0x03
857#define SC_RESERVE 0x16
858#define SC_SEND_DIAGNOSTIC 0x1d
859#define SC_START_STOP_UNIT 0x1b
860#define SC_SYNCHRONIZE_CACHE 0x35
861#define SC_TEST_UNIT_READY 0x00
862#define SC_VERIFY 0x2f
863#define SC_WRITE_6 0x0a
864#define SC_WRITE_10 0x2a
865#define SC_WRITE_12 0xaa
866
867/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
868#define SS_NO_SENSE 0
869#define SS_COMMUNICATION_FAILURE 0x040800
870#define SS_INVALID_COMMAND 0x052000
871#define SS_INVALID_FIELD_IN_CDB 0x052400
872#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
873#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
874#define SS_MEDIUM_NOT_PRESENT 0x023a00
875#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
876#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
877#define SS_RESET_OCCURRED 0x062900
878#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
879#define SS_UNRECOVERED_READ_ERROR 0x031100
880#define SS_WRITE_ERROR 0x030c02
881#define SS_WRITE_PROTECTED 0x072700
882
883#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
884#define ASC(x) ((uint8_t) ((x) >> 8))
885#define ASCQ(x) ((uint8_t) (x))
886
887/* Routines for unaligned data access */
888
889static uint16_t
890get_be16(uint8_t *buf)
891{
892 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
893}
894
895static uint32_t
896get_be32(uint8_t *buf)
897{
898 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
899 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
900}
901
902static void
903put_be16(uint8_t *buf, uint16_t val)
904{
905 buf[0] = val >> 8;
906 buf[1] = val;
907}
908
909static void
910put_be32(uint8_t *buf, uint32_t val)
911{
912 buf[0] = val >> 24;
913 buf[1] = val >> 16;
914 buf[2] = val >> 8;
915 buf[3] = val & 0xff;
916}
917
918/*------------------------------------------------------------------------*
919 * ustorage_fs_verify
920 *
921 * Returns:
922 * 0: Success
923 * Else: Failure
924 *------------------------------------------------------------------------*/
925static uint8_t
926ustorage_fs_verify(struct ustorage_fs_softc *sc)
927{
928 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
929 uint32_t lba;
930 uint32_t vlen;
931 uint64_t file_offset;
932 uint64_t amount_left;
933
934 /*
935 * Get the starting Logical Block Address
936 */
937 lba = get_be32(&sc->sc_cmd_data[2]);
938
939 /*
940 * We allow DPO (Disable Page Out = don't save data in the cache)
941 * but we don't implement it.
942 */
943 if ((sc->sc_cmd_data[1] & ~0x10) != 0) {
944 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
945 return (1);
946 }
947 vlen = get_be16(&sc->sc_cmd_data[7]);
948 if (vlen == 0) {
949 goto done;
950 }
951 /* No default reply */
952
953 /* Prepare to carry out the file verify */
954 amount_left = vlen;
955 amount_left <<= 9;
956 file_offset = lba;
957 file_offset <<= 9;
958
959 /* Range check */
960 vlen += lba;
961
962 if ((vlen < lba) ||
963 (vlen > currlun->num_sectors) ||
964 (lba >= currlun->num_sectors)) {
965 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
966 return (1);
967 }
968 /* XXX TODO: verify that data is readable */
969done:
970 return (ustorage_fs_min_len(sc, 0, 0 - 1));
971}
972
973/*------------------------------------------------------------------------*
974 * ustorage_fs_inquiry
975 *
976 * Returns:
977 * 0: Success
978 * Else: Failure
979 *------------------------------------------------------------------------*/
980static uint8_t
981ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
982{
983 uint8_t *buf = sc->sc_transfer.data_ptr;
984
985 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
986
987 if (!sc->sc_transfer.currlun) {
988 /* Unsupported LUNs are okay */
989 memset(buf, 0, 36);
990 buf[0] = 0x7f;
991 /* Unsupported, no device - type */
992 return (ustorage_fs_min_len(sc, 36, 0 - 1));
993 }
994 memset(buf, 0, 8);
995 /* Non - removable, direct - access device */
996 if (currlun->removable)
997 buf[1] = 0x80;
998 buf[2] = 2;
999 /* ANSI SCSI level 2 */
1000 buf[3] = 2;
1001 /* SCSI - 2 INQUIRY data format */
1002 buf[4] = 31;
1003 /* Additional length */
1004 /* No special options */
1005 /* Copy in ID string */
1006 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1007
1008#if (USTORAGE_QDATA_MAX < 36)
1009#error "(USTORAGE_QDATA_MAX < 36)"
1010#endif
1011 return (ustorage_fs_min_len(sc, 36, 0 - 1));
1012}
1013
1014/*------------------------------------------------------------------------*
1015 * ustorage_fs_request_sense
1016 *
1017 * Returns:
1018 * 0: Success
1019 * Else: Failure
1020 *------------------------------------------------------------------------*/
1021static uint8_t
1022ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1023{
1024 uint8_t *buf = sc->sc_transfer.data_ptr;
1025 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1026 uint32_t sd;
1027 uint32_t sdinfo;
1028 uint8_t valid;
1029
1030 /*
1031 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1032 *
1033 * If a REQUEST SENSE command is received from an initiator
1034 * with a pending unit attention condition (before the target
1035 * generates the contingent allegiance condition), then the
1036 * target shall either:
1037 * a) report any pending sense data and preserve the unit
1038 * attention condition on the logical unit, or,
1039 * b) report the unit attention condition, may discard any
1040 * pending sense data, and clear the unit attention
1041 * condition on the logical unit for that initiator.
1042 *
1043 * FSG normally uses option a); enable this code to use option b).
1044 */
1045#if 0
1046 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1047 currlun->sense_data = currlun->unit_attention_data;
1048 currlun->unit_attention_data = SS_NO_SENSE;
1049 }
1050#endif
1051
1052 if (!currlun) {
1053 /* Unsupported LUNs are okay */
1054 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1055 sdinfo = 0;
1056 valid = 0;
1057 } else {
1058 sd = currlun->sense_data;
1059 sdinfo = currlun->sense_data_info;
1060 valid = currlun->info_valid << 7;
1061 currlun->sense_data = SS_NO_SENSE;
1062 currlun->sense_data_info = 0;
1063 currlun->info_valid = 0;
1064 }
1065
1066 memset(buf, 0, 18);
1067 buf[0] = valid | 0x70;
1068 /* Valid, current error */
1069 buf[2] = SK(sd);
1070 put_be32(&buf[3], sdinfo);
1071 /* Sense information */
1072 buf[7] = 18 - 8;
1073 /* Additional sense length */
1074 buf[12] = ASC(sd);
1075 buf[13] = ASCQ(sd);
1076
1077#if (USTORAGE_QDATA_MAX < 18)
1078#error "(USTORAGE_QDATA_MAX < 18)"
1079#endif
1080 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1081}
1082
1083/*------------------------------------------------------------------------*
1084 * ustorage_fs_read_capacity
1085 *
1086 * Returns:
1087 * 0: Success
1088 * Else: Failure
1089 *------------------------------------------------------------------------*/
1090static uint8_t
1091ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1092{
1093 uint8_t *buf = sc->sc_transfer.data_ptr;
1094 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1095 uint32_t lba = get_be32(&sc->sc_cmd_data[2]);
1096 uint8_t pmi = sc->sc_cmd_data[8];
1097
1098 /* Check the PMI and LBA fields */
1099 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1100 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1101 return (1);
1102 }
1103 /* Max logical block */
1104 put_be32(&buf[0], currlun->num_sectors - 1);
1105 /* Block length */
1106 put_be32(&buf[4], 512);
1107
1108#if (USTORAGE_QDATA_MAX < 8)
1109#error "(USTORAGE_QDATA_MAX < 8)"
1110#endif
1111 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1112}
1113
1114/*------------------------------------------------------------------------*
1115 * ustorage_fs_mode_sense
1116 *
1117 * Returns:
1118 * 0: Success
1119 * Else: Failure
1120 *------------------------------------------------------------------------*/
1121static uint8_t
1122ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1123{
1124 uint8_t *buf = sc->sc_transfer.data_ptr;
1125 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1126 uint8_t *buf0;
1127 uint16_t len;
1128 uint16_t limit;
1129 uint8_t mscmnd = sc->sc_cmd_data[0];
1130 uint8_t pc;
1131 uint8_t page_code;
1132 uint8_t changeable_values;
1133 uint8_t all_pages;
1134
1135 buf0 = buf;
1136
1137 if ((sc->sc_cmd_data[1] & ~0x08) != 0) {
1138 /* Mask away DBD */
1139 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1140 return (1);
1141 }
1142 pc = sc->sc_cmd_data[2] >> 6;
1143 page_code = sc->sc_cmd_data[2] & 0x3f;
1144 if (pc == 3) {
1145 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1146 return (1);
1147 }
1148 changeable_values = (pc == 1);
1149 all_pages = (page_code == 0x3f);
1150
1151 /*
1152 * Write the mode parameter header. Fixed values are: default
1153 * medium type, no cache control (DPOFUA), and no block descriptors.
1154 * The only variable value is the WriteProtect bit. We will fill in
1155 * the mode data length later.
1156 */
1157 memset(buf, 0, 8);
1158 if (mscmnd == SC_MODE_SENSE_6) {
1159 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1160 /* WP, DPOFUA */
1161 buf += 4;
1162 limit = 255;
1163 } else {
1164 /* SC_MODE_SENSE_10 */
1165 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1166 /* WP, DPOFUA */
1167 buf += 8;
1168 limit = 65535;
1169 /* Should really be mod_data.buflen */
1170 }
1171
1172 /* No block descriptors */
1173
1174 /*
1175 * The mode pages, in numerical order.
1176 */
1177 if ((page_code == 0x08) || all_pages) {
1178 buf[0] = 0x08;
1179 /* Page code */
1180 buf[1] = 10;
1181 /* Page length */
1182 memset(buf + 2, 0, 10);
1183 /* None of the fields are changeable */
1184
1185 if (!changeable_values) {
1186 buf[2] = 0x04;
1187 /* Write cache enable, */
1188 /* Read cache not disabled */
1189 /* No cache retention priorities */
1190 put_be16(&buf[4], 0xffff);
1191 /* Don 't disable prefetch */
1192 /* Minimum prefetch = 0 */
1193 put_be16(&buf[8], 0xffff);
1194 /* Maximum prefetch */
1195 put_be16(&buf[10], 0xffff);
1196 /* Maximum prefetch ceiling */
1197 }
1198 buf += 12;
1199 }
1200 /*
1201 * Check that a valid page was requested and the mode data length
1202 * isn't too long.
1203 */
1204 len = buf - buf0;
1205 if (len > limit) {
1206 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1207 return (1);
1208 }
1209 /* Store the mode data length */
1210 if (mscmnd == SC_MODE_SENSE_6)
1211 buf0[0] = len - 1;
1212 else
1213 put_be16(buf0, len - 2);
1214
1215#if (USTORAGE_QDATA_MAX < 24)
1216#error "(USTORAGE_QDATA_MAX < 24)"
1217#endif
1218 return (ustorage_fs_min_len(sc, len, 0 - 1));
1219}
1220
1221/*------------------------------------------------------------------------*
1222 * ustorage_fs_start_stop
1223 *
1224 * Returns:
1225 * 0: Success
1226 * Else: Failure
1227 *------------------------------------------------------------------------*/
1228static uint8_t
1229ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1230{
1231 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1232 uint8_t loej;
1233 uint8_t start;
1234 uint8_t immed;
1235
1236 if (!currlun->removable) {
1237 currlun->sense_data = SS_INVALID_COMMAND;
1238 return (1);
1239 }
1240 immed = sc->sc_cmd_data[1] & 0x01;
1241 loej = sc->sc_cmd_data[4] & 0x02;
1242 start = sc->sc_cmd_data[4] & 0x01;
1243
1244 if (immed || loej || start) {
1245 /* compile fix */
1246 }
1247 return (0);
1248}
1249
1250/*------------------------------------------------------------------------*
1251 * ustorage_fs_prevent_allow
1252 *
1253 * Returns:
1254 * 0: Success
1255 * Else: Failure
1256 *------------------------------------------------------------------------*/
1257static uint8_t
1258ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1259{
1260 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1261 uint8_t prevent;
1262
1263 if (!currlun->removable) {
1264 currlun->sense_data = SS_INVALID_COMMAND;
1265 return (1);
1266 }
1267 prevent = sc->sc_cmd_data[4] & 0x01;
1268 if ((sc->sc_cmd_data[4] & ~0x01) != 0) {
1269 /* Mask away Prevent */
1270 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1271 return (1);
1272 }
1273 if (currlun->prevent_medium_removal && !prevent) {
1274 //fsync_sub(currlun);
1275 }
1276 currlun->prevent_medium_removal = prevent;
1277 return (0);
1278}
1279
1280/*------------------------------------------------------------------------*
1281 * ustorage_fs_read_format_capacities
1282 *
1283 * Returns:
1284 * 0: Success
1285 * Else: Failure
1286 *------------------------------------------------------------------------*/
1287static uint8_t
1288ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1289{
1290 uint8_t *buf = sc->sc_transfer.data_ptr;
1291 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1292
1293 buf[0] = buf[1] = buf[2] = 0;
1294 buf[3] = 8;
1295 /* Only the Current / Maximum Capacity Descriptor */
1296 buf += 4;
1297
1298 /* Number of blocks */
1299 put_be32(&buf[0], currlun->num_sectors);
1300 /* Block length */
1301 put_be32(&buf[4], 512);
1302 /* Current capacity */
1303 buf[4] = 0x02;
1304
1305#if (USTORAGE_QDATA_MAX < 12)
1306#error "(USTORAGE_QDATA_MAX < 12)"
1307#endif
1308 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1309}
1310
1311/*------------------------------------------------------------------------*
1312 * ustorage_fs_mode_select
1313 *
1314 * Return values:
1315 * 0: Success
1316 * Else: Failure
1317 *------------------------------------------------------------------------*/
1318static uint8_t
1319ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1320{
1321 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1322
1323 /* We don't support MODE SELECT */
1324 currlun->sense_data = SS_INVALID_COMMAND;
1325 return (1);
1326}
1327
1328/*------------------------------------------------------------------------*
1329 * ustorage_fs_synchronize_cache
1330 *
1331 * Return values:
1332 * 0: Success
1333 * Else: Failure
1334 *------------------------------------------------------------------------*/
1335static uint8_t
1336ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1337{
1338#if 0
1339 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1340 uint8_t rc;
1341
1342 /*
1343 * We ignore the requested LBA and write out all dirty data buffers.
1344 */
1345 rc = 0;
1346 if (rc) {
1347 currlun->sense_data = SS_WRITE_ERROR;
1348 }
1349#endif
1350 return (0);
1351}
1352
1353/*------------------------------------------------------------------------*
1354 * ustorage_fs_read - read data from disk
1355 *
1356 * Return values:
1357 * 0: Success
1358 * Else: Failure
1359 *------------------------------------------------------------------------*/
1360static uint8_t
1361ustorage_fs_read(struct ustorage_fs_softc *sc)
1362{
1363 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1364 uint64_t file_offset;
1365 uint32_t lba;
1366 uint32_t len;
1367
1368 /*
1369 * Get the starting Logical Block Address and check that it's not
1370 * too big
1371 */
1372 if (sc->sc_cmd_data[0] == SC_READ_6) {
1373 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1374 get_be16(&sc->sc_cmd_data[2]);
1375 } else {
1376 lba = get_be32(&sc->sc_cmd_data[2]);
1377
1378 /*
1379 * We allow DPO (Disable Page Out = don't save data in the
1380 * cache) and FUA (Force Unit Access = don't read from the
1381 * cache), but we don't implement them.
1382 */
1383 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1384 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1385 return (1);
1386 }
1387 }
1388 len = sc->sc_transfer.data_rem >> 9;
1389 len += lba;
1390
1391 if ((len < lba) ||
1392 (len > currlun->num_sectors) ||
1393 (lba >= currlun->num_sectors)) {
1394 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1395 return (1);
1396 }
1397 file_offset = lba;
1398 file_offset <<= 9;
1399
1400 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1401
1402 return (0);
1403}
1404
1405/*------------------------------------------------------------------------*
1406 * ustorage_fs_write - write data to disk
1407 *
1408 * Return values:
1409 * 0: Success
1410 * Else: Failure
1411 *------------------------------------------------------------------------*/
1412static uint8_t
1413ustorage_fs_write(struct ustorage_fs_softc *sc)
1414{
1415 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1416 uint64_t file_offset;
1417 uint32_t lba;
1418 uint32_t len;
1419
1420 if (currlun->read_only) {
1421 currlun->sense_data = SS_WRITE_PROTECTED;
1422 return (1);
1423 }
1424 /* XXX clear SYNC */
1425
1426 /*
1427 * Get the starting Logical Block Address and check that it's not
1428 * too big.
1429 */
1430 if (sc->sc_cmd_data[0] == SC_WRITE_6)
1431 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) |
1432 get_be16(&sc->sc_cmd_data[2]);
1433 else {
1434 lba = get_be32(&sc->sc_cmd_data[2]);
1435
1436 /*
1437 * We allow DPO (Disable Page Out = don't save data in the
1438 * cache) and FUA (Force Unit Access = write directly to the
1439 * medium). We don't implement DPO; we implement FUA by
1440 * performing synchronous output.
1441 */
1442 if ((sc->sc_cmd_data[1] & ~0x18) != 0) {
1443 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1444 return (1);
1445 }
1446 if (sc->sc_cmd_data[1] & 0x08) {
1447 /* FUA */
1448 /* XXX set SYNC flag here */
1449 }
1450 }
1451
1452 len = sc->sc_transfer.data_rem >> 9;
1453 len += lba;
1454
1455 if ((len < lba) ||
1456 (len > currlun->num_sectors) ||
1457 (lba >= currlun->num_sectors)) {
1458 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1459 return (1);
1460 }
1461 file_offset = lba;
1462 file_offset <<= 9;
1463
1464 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1465
1466 return (0);
1467}
1468
1469/*------------------------------------------------------------------------*
1470 * ustorage_fs_min_len
1471 *
1472 * Return values:
1473 * 0: Success
1474 * Else: Failure
1475 *------------------------------------------------------------------------*/
1476static uint8_t
1477ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1478{
1479 if (len != sc->sc_transfer.data_rem) {
1480
1481 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1482 /*
1483 * there must be something wrong about this SCSI
1484 * command
1485 */
1486 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1487 return (1);
1488 }
1489 /* compute the minimum length */
1490
1491 if (sc->sc_transfer.data_rem > len) {
1492 /* data ends prematurely */
1493 sc->sc_transfer.data_rem = len;
1494 sc->sc_transfer.data_short = 1;
1495 }
1496 /* check length alignment */
1497
1498 if (sc->sc_transfer.data_rem & ~mask) {
1499 /* data ends prematurely */
1500 sc->sc_transfer.data_rem &= mask;
1501 sc->sc_transfer.data_short = 1;
1502 }
1503 }
1504 return (0);
1505}
1506
1507/*------------------------------------------------------------------------*
1508 * ustorage_fs_check_cmd - check command routine
1509 *
1510 * Check whether the command is properly formed and whether its data
1511 * size and direction agree with the values we already have.
1512 *
1513 * Return values:
1514 * 0: Success
1515 * Else: Failure
1516 *------------------------------------------------------------------------*/
1517static uint8_t
1518ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1519 uint16_t mask, uint8_t needs_medium)
1520{
1521 struct ustorage_fs_lun *currlun;
1522 uint8_t lun = (sc->sc_cmd_data[1] >> 5);
1523 uint8_t i;
1524
1525 /* Verify the length of the command itself */
1526 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1527 DPRINTF("%u > %u\n",
1528 min_cmd_size, sc->sc_transfer.cmd_len);
1529 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1530 return (1);
1531 }
1532 /* Mask away the LUN */
1533 sc->sc_cmd_data[1] &= 0x1f;
1534
1535 /* Check if LUN is correct */
1536 if (lun != sc->sc_transfer.lun) {
1537
1538 }
1539 /* Check the LUN */
1540 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1541 sc->sc_transfer.currlun = currlun =
1542 sc->sc_lun + sc->sc_transfer.lun;
1543 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) {
1544 currlun->sense_data = SS_NO_SENSE;
1545 currlun->sense_data_info = 0;
1546 currlun->info_valid = 0;
1547 }
1548 /*
1549 * If a unit attention condition exists, only INQUIRY
1550 * and REQUEST SENSE commands are allowed. Anything
1551 * else must fail!
1552 */
1553 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1554 (sc->sc_cmd_data[0] != SC_INQUIRY) &&
1555 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1556 currlun->sense_data = currlun->unit_attention_data;
1557 currlun->unit_attention_data = SS_NO_SENSE;
1558 return (1);
1559 }
1560 } else {
1561 sc->sc_transfer.currlun = currlun = NULL;
1562
1563 /*
1564 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1565 * to use unsupported LUNs; all others may not.
1566 */
1567 if ((sc->sc_cmd_data[0] != SC_INQUIRY) &&
1568 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) {
1569 return (1);
1570 }
1571 }
1572
1573 /*
1574 * Check that only command bytes listed in the mask are
1575 * non-zero.
1576 */
1577 for (i = 0; i != min_cmd_size; i++) {
1578 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) {
1579 if (currlun) {
1580 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1581 }
1582 return (1);
1583 }
1584 }
1585
1586 /*
1587 * If the medium isn't mounted and the command needs to access
1588 * it, return an error.
1589 */
1590 if (currlun && (!currlun->memory_image) && needs_medium) {
1591 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1592 return (1);
1593 }
1594 return (0);
1595}
1596
1597/*------------------------------------------------------------------------*
1598 * ustorage_fs_do_cmd - do command
1599 *
1600 * Return values:
1601 * 0: Success
1602 * Else: Failure
1603 *------------------------------------------------------------------------*/
1604static uint8_t
1605ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1606{
1607 uint8_t error = 1;
1608 uint8_t i;
1609 uint32_t temp;
1610 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1611
1612 /* set default data transfer pointer */
1613 sc->sc_transfer.data_ptr = sc->sc_qdata;
1614
1615 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1616 sc->sc_cmd_data[0], sc->sc_transfer.data_rem);
1617
1618 switch (sc->sc_cmd_data[0]) {
1619 case SC_INQUIRY:
1620 sc->sc_transfer.cmd_dir = DIR_WRITE;
1621 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1622 if (error) {
1623 break;
1624 }
1625 error = ustorage_fs_check_cmd(sc, 6,
1626 (1UL << 4) | 1, 0);
1627 if (error) {
1628 break;
1629 }
1630 error = ustorage_fs_inquiry(sc);
1631
1632 break;
1633
1634 case SC_MODE_SELECT_6:
1635 sc->sc_transfer.cmd_dir = DIR_READ;
1636 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1637 if (error) {
1638 break;
1639 }
1640 error = ustorage_fs_check_cmd(sc, 6,
1641 (1UL << 1) | (1UL << 4) | 1, 0);
1642 if (error) {
1643 break;
1644 }
1645 error = ustorage_fs_mode_select(sc);
1646
1647 break;
1648
1649 case SC_MODE_SELECT_10:
1650 sc->sc_transfer.cmd_dir = DIR_READ;
1651 error = ustorage_fs_min_len(sc,
1652 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1653 if (error) {
1654 break;
1655 }
1656 error = ustorage_fs_check_cmd(sc, 10,
1657 (1UL << 1) | (3UL << 7) | 1, 0);
1658 if (error) {
1659 break;
1660 }
1661 error = ustorage_fs_mode_select(sc);
1662
1663 break;
1664
1665 case SC_MODE_SENSE_6:
1666 sc->sc_transfer.cmd_dir = DIR_WRITE;
1667 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1668 if (error) {
1669 break;
1670 }
1671 error = ustorage_fs_check_cmd(sc, 6,
1672 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1673 if (error) {
1674 break;
1675 }
1676 error = ustorage_fs_mode_sense(sc);
1677
1678 break;
1679
1680 case SC_MODE_SENSE_10:
1681 sc->sc_transfer.cmd_dir = DIR_WRITE;
1682 error = ustorage_fs_min_len(sc,
1683 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1684 if (error) {
1685 break;
1686 }
1687 error = ustorage_fs_check_cmd(sc, 10,
1688 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1689 if (error) {
1690 break;
1691 }
1692 error = ustorage_fs_mode_sense(sc);
1693
1694 break;
1695
1696 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1697 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1698 if (error) {
1699 break;
1700 }
1701 error = ustorage_fs_check_cmd(sc, 6,
1702 (1UL << 4) | 1, 0);
1703 if (error) {
1704 break;
1705 }
1706 error = ustorage_fs_prevent_allow(sc);
1707
1708 break;
1709
1710 case SC_READ_6:
1711 i = sc->sc_cmd_data[4];
1712 sc->sc_transfer.cmd_dir = DIR_WRITE;
1713 temp = ((i == 0) ? 256UL : i);
1714 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1715 if (error) {
1716 break;
1717 }
1718 error = ustorage_fs_check_cmd(sc, 6,
1719 (7UL << 1) | (1UL << 4) | 1, 1);
1720 if (error) {
1721 break;
1722 }
1723 error = ustorage_fs_read(sc);
1724
1725 break;
1726
1727 case SC_READ_10:
1728 sc->sc_transfer.cmd_dir = DIR_WRITE;
1729 temp = get_be16(&sc->sc_cmd_data[7]);
1730 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1731 if (error) {
1732 break;
1733 }
1734 error = ustorage_fs_check_cmd(sc, 10,
1735 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1736 if (error) {
1737 break;
1738 }
1739 error = ustorage_fs_read(sc);
1740
1741 break;
1742
1743 case SC_READ_12:
1744 sc->sc_transfer.cmd_dir = DIR_WRITE;
1745 temp = get_be32(&sc->sc_cmd_data[6]);
1746 if (temp >= (1UL << (32 - 9))) {
1747 /* numerical overflow */
1748 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1749 error = 1;
1750 break;
1751 }
1752 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1753 if (error) {
1754 break;
1755 }
1756 error = ustorage_fs_check_cmd(sc, 12,
1757 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1758 if (error) {
1759 break;
1760 }
1761 error = ustorage_fs_read(sc);
1762
1763 break;
1764
1765 case SC_READ_CAPACITY:
1766 sc->sc_transfer.cmd_dir = DIR_WRITE;
1767 error = ustorage_fs_check_cmd(sc, 10,
1768 (0xfUL << 2) | (1UL << 8) | 1, 1);
1769 if (error) {
1770 break;
1771 }
1772 error = ustorage_fs_read_capacity(sc);
1773
1774 break;
1775
1776 case SC_READ_FORMAT_CAPACITIES:
1777 sc->sc_transfer.cmd_dir = DIR_WRITE;
1778 error = ustorage_fs_min_len(sc,
1779 get_be16(&sc->sc_cmd_data[7]), 0 - 1);
1780 if (error) {
1781 break;
1782 }
1783 error = ustorage_fs_check_cmd(sc, 10,
1784 (3UL << 7) | 1, 1);
1785 if (error) {
1786 break;
1787 }
1788 error = ustorage_fs_read_format_capacities(sc);
1789
1790 break;
1791
1792 case SC_REQUEST_SENSE:
1793 sc->sc_transfer.cmd_dir = DIR_WRITE;
1794 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1);
1795 if (error) {
1796 break;
1797 }
1798 error = ustorage_fs_check_cmd(sc, 6,
1799 (1UL << 4) | 1, 0);
1800 if (error) {
1801 break;
1802 }
1803 error = ustorage_fs_request_sense(sc);
1804
1805 break;
1806
1807 case SC_START_STOP_UNIT:
1808 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1809 if (error) {
1810 break;
1811 }
1812 error = ustorage_fs_check_cmd(sc, 6,
1813 (1UL << 1) | (1UL << 4) | 1, 0);
1814 if (error) {
1815 break;
1816 }
1817 error = ustorage_fs_start_stop(sc);
1818
1819 break;
1820
1821 case SC_SYNCHRONIZE_CACHE:
1822 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1823 if (error) {
1824 break;
1825 }
1826 error = ustorage_fs_check_cmd(sc, 10,
1827 (0xfUL << 2) | (3UL << 7) | 1, 1);
1828 if (error) {
1829 break;
1830 }
1831 error = ustorage_fs_synchronize_cache(sc);
1832
1833 break;
1834
1835 case SC_TEST_UNIT_READY:
1836 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1837 if (error) {
1838 break;
1839 }
1840 error = ustorage_fs_check_cmd(sc, 6,
1841 0 | 1, 1);
1842 break;
1843
1844 /*
1845 * Although optional, this command is used by MS-Windows.
1846 * We support a minimal version: BytChk must be 0.
1847 */
1848 case SC_VERIFY:
1849 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1850 if (error) {
1851 break;
1852 }
1853 error = ustorage_fs_check_cmd(sc, 10,
1854 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1855 if (error) {
1856 break;
1857 }
1858 error = ustorage_fs_verify(sc);
1859
1860 break;
1861
1862 case SC_WRITE_6:
1863 i = sc->sc_cmd_data[4];
1864 sc->sc_transfer.cmd_dir = DIR_READ;
1865 temp = ((i == 0) ? 256UL : i);
1866 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1867 if (error) {
1868 break;
1869 }
1870 error = ustorage_fs_check_cmd(sc, 6,
1871 (7UL << 1) | (1UL << 4) | 1, 1);
1872 if (error) {
1873 break;
1874 }
1875 error = ustorage_fs_write(sc);
1876
1877 break;
1878
1879 case SC_WRITE_10:
1880 sc->sc_transfer.cmd_dir = DIR_READ;
1881 temp = get_be16(&sc->sc_cmd_data[7]);
1882 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1883 if (error) {
1884 break;
1885 }
1886 error = ustorage_fs_check_cmd(sc, 10,
1887 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1888 if (error) {
1889 break;
1890 }
1891 error = ustorage_fs_write(sc);
1892
1893 break;
1894
1895 case SC_WRITE_12:
1896 sc->sc_transfer.cmd_dir = DIR_READ;
1897 temp = get_be32(&sc->sc_cmd_data[6]);
1898 if (temp > (mask9 >> 9)) {
1899 /* numerical overflow */
1900 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1901 error = 1;
1902 break;
1903 }
1904 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1905 if (error) {
1906 break;
1907 }
1908 error = ustorage_fs_check_cmd(sc, 12,
1909 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1910 if (error) {
1911 break;
1912 }
1913 error = ustorage_fs_write(sc);
1914
1915 break;
1916
1917 /*
1918 * Some mandatory commands that we recognize but don't
1919 * implement. They don't mean much in this setting.
1920 * It's left as an exercise for anyone interested to
1921 * implement RESERVE and RELEASE in terms of Posix
1922 * locks.
1923 */
1924 case SC_FORMAT_UNIT:
1925 case SC_RELEASE:
1926 case SC_RESERVE:
1927 case SC_SEND_DIAGNOSTIC:
1928 /* Fallthrough */
1929
1930 default:
1931 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1932 if (error) {
1933 break;
1934 }
1935 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1936 0xff, 0);
1937 if (error) {
1938 break;
1939 }
1940 sc->sc_transfer.currlun->sense_data =
1941 SS_INVALID_COMMAND;
1942 error = 1;
1943
1944 break;
1945 }
1946 return (error);
1947}
|