1/* $FreeBSD: head/sys/dev/usb/storage/ustorage_fs.c 190174 2009-03-20 19:04:31Z thompsa $ */
2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38#include "usbdevs.h"
39#include <dev/usb/usb.h>
40#include <dev/usb/usb_mfunc.h>
41#include <dev/usb/usb_error.h>
42
43#define USB_DEBUG_VAR ustorage_fs_debug
44
45#include <dev/usb/usb_core.h>
46#include <dev/usb/usb_util.h>
47#include <dev/usb/usb_busdma.h>
48#include <dev/usb/usb_debug.h>
49#include <dev/usb/usb_process.h>
50#include <dev/usb/usb_device.h>
51
52#if USB_DEBUG
53static int ustorage_fs_debug = 0;
54
55SYSCTL_NODE(_hw_usb2, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
56SYSCTL_INT(_hw_usb2_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
57 &ustorage_fs_debug, 0, "ustorage_fs debug level");
58#endif
59
60/* Define some limits */
61
62#define USTORAGE_FS_BULK_SIZE (1UL << 17)
63#define USTORAGE_FS_MAX_LUN 8
64
65/*
66 * The SCSI ID string must be exactly 28 characters long
67 * exluding the terminating zero.
68 */
69#ifndef USTORAGE_FS_ID_STRING
70#define USTORAGE_FS_ID_STRING \
71 "FreeBSD " /* 8 */ \
72 "File-Stor Gadget" /* 16 */ \
73 "0101" /* 4 */
74#endif
75
76/*
77 * The following macro defines the number of
78 * sectors to be allocated for the RAM disk:
79 */
80#ifndef USTORAGE_FS_RAM_SECT
81#define USTORAGE_FS_RAM_SECT (1UL << 13)
82#endif
83
84static uint8_t *ustorage_fs_ramdisk;
85
86/* USB transfer definitions */
87
88#define USTORAGE_FS_T_BBB_COMMAND 0
89#define USTORAGE_FS_T_BBB_DATA_DUMP 1
90#define USTORAGE_FS_T_BBB_DATA_READ 2
91#define USTORAGE_FS_T_BBB_DATA_WRITE 3
92#define USTORAGE_FS_T_BBB_STATUS 4
93#define USTORAGE_FS_T_BBB_MAX 5
94
95/* USB data stage direction */
96
97#define DIR_NONE 0
98#define DIR_READ 1
99#define DIR_WRITE 2
100
101/* USB interface specific control request */
102
103#define UR_BBB_RESET 0xff /* Bulk-Only reset */
104#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
105
106/* Command Block Wrapper */
107typedef struct {
108 uDWord dCBWSignature;
109#define CBWSIGNATURE 0x43425355
110 uDWord dCBWTag;
111 uDWord dCBWDataTransferLength;
112 uByte bCBWFlags;
113#define CBWFLAGS_OUT 0x00
114#define CBWFLAGS_IN 0x80
115 uByte bCBWLUN;
116 uByte bCDBLength;
117#define CBWCDBLENGTH 16
118 uByte CBWCDB[CBWCDBLENGTH];
119} __packed ustorage_fs_bbb_cbw_t;
120
121#define USTORAGE_FS_BBB_CBW_SIZE 31
122
123/* Command Status Wrapper */
124typedef struct {
125 uDWord dCSWSignature;
126#define CSWSIGNATURE 0x53425355
127 uDWord dCSWTag;
128 uDWord dCSWDataResidue;
129 uByte bCSWStatus;
130#define CSWSTATUS_GOOD 0x0
131#define CSWSTATUS_FAILED 0x1
132#define CSWSTATUS_PHASE 0x2
133} __packed ustorage_fs_bbb_csw_t;
134
135#define USTORAGE_FS_BBB_CSW_SIZE 13
136
137struct ustorage_fs_lun {
138
139 void *memory_image;
140
141 uint32_t num_sectors;
142 uint32_t sense_data;
143 uint32_t sense_data_info;
144 uint32_t unit_attention_data;
145
146 uint8_t read_only:1;
147 uint8_t prevent_medium_removal:1;
148 uint8_t info_valid:1;
149 uint8_t removable:1;
150};
151
152struct ustorage_fs_softc {
153
154 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
155 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
156
157 struct mtx sc_mtx;
158
159 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
160
161 struct {
162 uint8_t *data_ptr;
163 struct ustorage_fs_lun *currlun;
164
165 uint32_t data_rem; /* bytes, as reported by the command
166 * block wrapper */
167 uint32_t offset; /* bytes */
168
169 uint8_t cbw_dir;
170 uint8_t cmd_dir;
171 uint8_t lun;
172 uint8_t cmd_data[CBWCDBLENGTH];
173 uint8_t cmd_len;
174 uint8_t data_short:1;
175 uint8_t data_error:1;
176 } sc_transfer;
177
178 device_t sc_dev;
179 struct usb2_device *sc_udev;
180 struct usb2_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
181
182 uint32_t sc_unit;
183
184 uint8_t sc_name[16];
185 uint8_t sc_iface_no; /* interface number */
186 uint8_t sc_last_lun;
187 uint8_t sc_last_xfer_index;
188 uint8_t sc_qdata[1024];
189};
190
191/* prototypes */
192
193static device_probe_t ustorage_fs_probe;
194static device_attach_t ustorage_fs_attach;
195static device_detach_t ustorage_fs_detach;
196static device_suspend_t ustorage_fs_suspend;
197static device_resume_t ustorage_fs_resume;
198static device_shutdown_t ustorage_fs_shutdown;
199static usb_handle_request_t ustorage_fs_handle_request;
200
201static usb2_callback_t ustorage_fs_t_bbb_command_callback;
202static usb2_callback_t ustorage_fs_t_bbb_data_dump_callback;
203static usb2_callback_t ustorage_fs_t_bbb_data_read_callback;
204static usb2_callback_t ustorage_fs_t_bbb_data_write_callback;
205static usb2_callback_t ustorage_fs_t_bbb_status_callback;
206
207static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
208static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
209
210static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
211static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
212static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
213static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
214static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
215static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
216static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
217static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
218static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
219static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
220static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
221static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
222static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
223static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
224
225static device_method_t ustorage_fs_methods[] = {
226 /* USB interface */
227 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
228
229 /* Device interface */
230 DEVMETHOD(device_probe, ustorage_fs_probe),
231 DEVMETHOD(device_attach, ustorage_fs_attach),
232 DEVMETHOD(device_detach, ustorage_fs_detach),
233 DEVMETHOD(device_suspend, ustorage_fs_suspend),
234 DEVMETHOD(device_resume, ustorage_fs_resume),
235 DEVMETHOD(device_shutdown, ustorage_fs_shutdown),
236
237 {0, 0}
238};
239
240static driver_t ustorage_fs_driver = {
241 .name = "ustorage_fs",
242 .methods = ustorage_fs_methods,
243 .size = sizeof(struct ustorage_fs_softc),
244};
245
246static devclass_t ustorage_fs_devclass;
247
248DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
249MODULE_VERSION(ustorage_fs, 0);
250MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
251
252struct usb2_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
253
254 [USTORAGE_FS_T_BBB_COMMAND] = {
255 .type = UE_BULK,
256 .endpoint = UE_ADDR_ANY,
257 .direction = UE_DIR_OUT,
258 .md.bufsize = sizeof(ustorage_fs_bbb_cbw_t),
259 .md.flags = {.ext_buffer = 1,},
260 .md.callback = &ustorage_fs_t_bbb_command_callback,
261 },
262
263 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
264 .type = UE_BULK,
265 .endpoint = UE_ADDR_ANY,
266 .direction = UE_DIR_OUT,
267 .md.bufsize = 0, /* use wMaxPacketSize */
268 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
269 .md.callback = &ustorage_fs_t_bbb_data_dump_callback,
270 },
271
272 [USTORAGE_FS_T_BBB_DATA_READ] = {
273 .type = UE_BULK,
274 .endpoint = UE_ADDR_ANY,
275 .direction = UE_DIR_OUT,
276 .md.bufsize = USTORAGE_FS_BULK_SIZE,
277 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
278 .md.callback = &ustorage_fs_t_bbb_data_read_callback,
279 },
280
281 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
282 .type = UE_BULK,
283 .endpoint = UE_ADDR_ANY,
284 .direction = UE_DIR_IN,
285 .md.bufsize = USTORAGE_FS_BULK_SIZE,
286 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
287 .md.callback = &ustorage_fs_t_bbb_data_write_callback,
288 },
289
290 [USTORAGE_FS_T_BBB_STATUS] = {
291 .type = UE_BULK,
292 .endpoint = UE_ADDR_ANY,
293 .direction = UE_DIR_IN,
294 .md.bufsize = sizeof(ustorage_fs_bbb_csw_t),
295 .md.flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
296 .md.callback = &ustorage_fs_t_bbb_status_callback,
297 },
298};
299
300/*
301 * USB device probe/attach/detach
302 */
303
304static int
305ustorage_fs_probe(device_t dev)
306{
307 struct usb2_attach_arg *uaa = device_get_ivars(dev);
308 struct usb2_interface_descriptor *id;
309
310 if (uaa->usb2_mode != USB_MODE_DEVICE) {
311 return (ENXIO);
312 }
313 if (uaa->use_generic == 0) {
314 /* give other drivers a try first */
315 return (ENXIO);
316 }
317 /* Check for a standards compliant device */
318 id = usb2_get_interface_descriptor(uaa->iface);
319 if ((id == NULL) ||
320 (id->bInterfaceClass != UICLASS_MASS) ||
321 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
322 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
323 return (ENXIO);
324 }
325 return (0);
326}
327
328static int
329ustorage_fs_attach(device_t dev)
330{
331 struct ustorage_fs_softc *sc = device_get_softc(dev);
332 struct usb2_attach_arg *uaa = device_get_ivars(dev);
333 struct usb2_interface_descriptor *id;
334 int err;
335
336 /*
337 * NOTE: the softc struct is bzero-ed in device_set_driver.
338 * We can safely call ustorage_fs_detach without specifically
339 * initializing the struct.
340 */
341
342 sc->sc_dev = dev;
343 sc->sc_udev = uaa->device;
344 sc->sc_unit = device_get_unit(dev);
345
346 if (sc->sc_unit == 0) {
347 if (ustorage_fs_ramdisk == NULL) {
348 /*
349 * allocate a memory image for our ramdisk until
350 * further
351 */
352 ustorage_fs_ramdisk =
353 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
354 if (ustorage_fs_ramdisk == NULL) {
355 return (ENOMEM);
356 }
357 }
358 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
359 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
360 sc->sc_lun[0].removable = 1;
361 }
362 snprintf(sc->sc_name, sizeof(sc->sc_name),
363 "%s", device_get_nameunit(dev));
364
365 device_set_usb2_desc(dev);
366
367 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
368 NULL, (MTX_DEF | MTX_RECURSE));
369
370 /* get interface index */
371
372 id = usb2_get_interface_descriptor(uaa->iface);
373 if (id == NULL) {
374 device_printf(dev, "failed to get "
375 "interface number\n");
376 goto detach;
377 }
378 sc->sc_iface_no = id->bInterfaceNumber;
379
380 err = usb2_transfer_setup(uaa->device,
381 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
382 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
383 if (err) {
384 device_printf(dev, "could not setup required "
385 "transfers, %s\n", usb2_errstr(err));
386 goto detach;
387 }
388 /* start Mass Storage State Machine */
389
390 mtx_lock(&sc->sc_mtx);
391 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
392 mtx_unlock(&sc->sc_mtx);
393
394 return (0); /* success */
395
396detach:
397 ustorage_fs_detach(dev);
398 return (ENXIO); /* failure */
399}
400
401static int
402ustorage_fs_detach(device_t dev)
403{
404 struct ustorage_fs_softc *sc = device_get_softc(dev);
405
406 /* teardown our statemachine */
407
408 usb2_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
409
410 mtx_destroy(&sc->sc_mtx);
411
412 return (0); /* success */
413}
414
415static int
416ustorage_fs_suspend(device_t dev)
417{
418 device_printf(dev, "suspending\n");
419 return (0); /* success */
420}
421
422static int
423ustorage_fs_resume(device_t dev)
424{
425 device_printf(dev, "resuming\n");
426 return (0); /* success */
427}
428
429static int
430ustorage_fs_shutdown(device_t dev)
431{
432 return (0); /* success */
433}
434
435/*
436 * Generic functions to handle transfers
437 */
438
439static void
440ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
441{
442 if (sc->sc_xfer[xfer_index]) {
443 sc->sc_last_xfer_index = xfer_index;
444 usb2_transfer_start(sc->sc_xfer[xfer_index]);
445 }
446}
447
448static void
449ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
450{
451 usb2_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
452 mtx_unlock(&sc->sc_mtx);
453 usb2_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
454 mtx_lock(&sc->sc_mtx);
455}
456
457static int
458ustorage_fs_handle_request(device_t dev,
459 const void *preq, void **pptr, uint16_t *plen,
460 uint16_t offset, uint8_t is_complete)
461{
462 struct ustorage_fs_softc *sc = device_get_softc(dev);
463 const struct usb2_device_request *req = preq;
464
465 if (!is_complete) {
466 if (req->bRequest == UR_BBB_RESET) {
467 *plen = 0;
468 mtx_lock(&sc->sc_mtx);
469 ustorage_fs_transfer_stop(sc);
470 sc->sc_transfer.data_error = 1;
471 ustorage_fs_transfer_start(sc,
472 USTORAGE_FS_T_BBB_COMMAND);
473 mtx_unlock(&sc->sc_mtx);
474 return (0);
475 } else if (req->bRequest == UR_BBB_GET_MAX_LUN) {
476 if (offset == 0) {
477 *plen = 1;
478 *pptr = &sc->sc_last_lun;
479 } else {
480 *plen = 0;
481 }
482 return (0);
483 }
484 }
485 return (ENXIO); /* use builtin handler */
486}
487
488static void
489ustorage_fs_t_bbb_command_callback(struct usb2_xfer *xfer)
490{
491 struct ustorage_fs_softc *sc = xfer->priv_sc;
492 uint32_t tag;
493 uint8_t error = 0;
494
495 DPRINTF("\n");
496
497 switch (USB_GET_STATE(xfer)) {
498 case USB_ST_TRANSFERRED:
499
500 tag = UGETDW(sc->sc_cbw.dCBWSignature);
501
502 if (tag != CBWSIGNATURE) {
503 /* do nothing */
504 DPRINTF("invalid signature 0x%08x\n", tag);
505 break;
506 }
507 tag = UGETDW(sc->sc_cbw.dCBWTag);
508
509 /* echo back tag */
510 USETDW(sc->sc_csw.dCSWTag, tag);
511
512 /* reset status */
513 sc->sc_csw.bCSWStatus = 0;
514
515 /* reset data offset, data length and data remainder */
516 sc->sc_transfer.offset = 0;
517 sc->sc_transfer.data_rem =
518 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
519
520 /* reset data flags */
521 sc->sc_transfer.data_short = 0;
522
523 /* extract LUN */
524 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
525
526 if (sc->sc_transfer.data_rem == 0) {
527 sc->sc_transfer.cbw_dir = DIR_NONE;
528 } else {
529 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
530 sc->sc_transfer.cbw_dir = DIR_WRITE;
531 } else {
532 sc->sc_transfer.cbw_dir = DIR_READ;
533 }
534 }
535
536 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
537 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
538 (sc->sc_transfer.cmd_len == 0)) {
539 /* just halt - this is invalid */
540 DPRINTF("invalid command length %d bytes\n",
541 sc->sc_transfer.cmd_len);
542 break;
543 }
544 bcopy(sc->sc_cbw.CBWCDB, sc->sc_transfer.cmd_data,
545 sc->sc_transfer.cmd_len);
546
547 bzero(sc->sc_cbw.CBWCDB + sc->sc_transfer.cmd_len,
548 sizeof(sc->sc_cbw.CBWCDB) - sc->sc_transfer.cmd_len);
549
550 error = ustorage_fs_do_cmd(sc);
551 if (error) {
552 /* got an error */
553 DPRINTF("command failed\n");
554 break;
555 }
556 if ((sc->sc_transfer.data_rem > 0) &&
557 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
558 /* contradicting data transfer direction */
559 error = 1;
560 DPRINTF("data direction mismatch\n");
561 break;
562 }
563 switch (sc->sc_transfer.cbw_dir) {
564 case DIR_READ:
565 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
566 break;
567 case DIR_WRITE:
568 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
569 break;
570 default:
571 ustorage_fs_transfer_start(sc,
572 USTORAGE_FS_T_BBB_STATUS);
573 break;
574 }
575 break;
576
577 case USB_ST_SETUP:
578tr_setup:
579 if (sc->sc_transfer.data_error) {
580 sc->sc_transfer.data_error = 0;
581 xfer->flags.stall_pipe = 1;
582 DPRINTF("stall pipe\n");
583 } else {
584 xfer->flags.stall_pipe = 0;
585 }
586
587 xfer->frlengths[0] = sizeof(sc->sc_cbw);
588 usb2_set_frame_data(xfer, &sc->sc_cbw, 0);
589 usb2_start_hardware(xfer);
590 break;
591
592 default: /* Error */
593 DPRINTF("error\n");
594 if (xfer->error == USB_ERR_CANCELLED) {
595 break;
596 }
597 /* If the pipe is already stalled, don't do another stall */
598 if (!xfer->pipe->is_stalled) {
599 sc->sc_transfer.data_error = 1;
600 }
601 /* try again */
602 goto tr_setup;
603 }
604 if (error) {
605 if (sc->sc_csw.bCSWStatus == 0) {
606 /* set some default error code */
607 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
608 }
609 if (sc->sc_transfer.cbw_dir == DIR_READ) {
610 /* dump all data */
611 ustorage_fs_transfer_start(sc,
612 USTORAGE_FS_T_BBB_DATA_DUMP);
613 return;
614 }
615 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
616 /* need to stall before status */
617 sc->sc_transfer.data_error = 1;
618 }
619 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
620 }
621}
622
623static void
624ustorage_fs_t_bbb_data_dump_callback(struct usb2_xfer *xfer)
625{
626 struct ustorage_fs_softc *sc = xfer->priv_sc;
627 uint32_t max_bulk = xfer->max_data_length;
628
629 DPRINTF("\n");
630
631 switch (USB_GET_STATE(xfer)) {
632 case USB_ST_TRANSFERRED:
633 sc->sc_transfer.data_rem -= xfer->actlen;
634 sc->sc_transfer.offset += xfer->actlen;
635
636 if ((xfer->actlen != xfer->sumlen) ||
637 (sc->sc_transfer.data_rem == 0)) {
638 /* short transfer or end of data */
639 ustorage_fs_transfer_start(sc,
640 USTORAGE_FS_T_BBB_STATUS);
641 break;
642 }
643 /* Fallthrough */
644
645 case USB_ST_SETUP:
646tr_setup:
647 if (max_bulk > sc->sc_transfer.data_rem) {
648 max_bulk = sc->sc_transfer.data_rem;
649 }
650 if (sc->sc_transfer.data_error) {
651 sc->sc_transfer.data_error = 0;
652 xfer->flags.stall_pipe = 1;
653 } else {
654 xfer->flags.stall_pipe = 0;
655 }
656 xfer->frlengths[0] = max_bulk;
657 usb2_start_hardware(xfer);
658 break;
659
660 default: /* Error */
661 if (xfer->error == USB_ERR_CANCELLED) {
662 break;
663 }
664 /*
665 * If the pipe is already stalled, don't do another stall:
666 */
667 if (!xfer->pipe->is_stalled) {
668 sc->sc_transfer.data_error = 1;
669 }
670 /* try again */
671 goto tr_setup;
672 }
673}
674
675static void
676ustorage_fs_t_bbb_data_read_callback(struct usb2_xfer *xfer)
677{
678 struct ustorage_fs_softc *sc = xfer->priv_sc;
679 uint32_t max_bulk = xfer->max_data_length;
680
681 DPRINTF("\n");
682
683 switch (USB_GET_STATE(xfer)) {
684 case USB_ST_TRANSFERRED:
685 sc->sc_transfer.data_rem -= xfer->actlen;
686 sc->sc_transfer.data_ptr += xfer->actlen;
687 sc->sc_transfer.offset += xfer->actlen;
688
689 if ((xfer->actlen != xfer->sumlen) ||
690 (sc->sc_transfer.data_rem == 0)) {
691 /* short transfer or end of data */
692 ustorage_fs_transfer_start(sc,
693 USTORAGE_FS_T_BBB_STATUS);
694 break;
695 }
696 /* Fallthrough */
697
698 case USB_ST_SETUP:
699tr_setup:
700 if (max_bulk > sc->sc_transfer.data_rem) {
701 max_bulk = sc->sc_transfer.data_rem;
702 }
703 if (sc->sc_transfer.data_error) {
704 sc->sc_transfer.data_error = 0;
705 xfer->flags.stall_pipe = 1;
706 } else {
707 xfer->flags.stall_pipe = 0;
708 }
709
710 xfer->frlengths[0] = max_bulk;
711 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0);
712 usb2_start_hardware(xfer);
713 break;
714
715 default: /* Error */
716 if (xfer->error == USB_ERR_CANCELLED) {
717 break;
718 }
719 /* If the pipe is already stalled, don't do another stall */
720 if (!xfer->pipe->is_stalled) {
721 sc->sc_transfer.data_error = 1;
722 }
723 /* try again */
724 goto tr_setup;
725 }
726}
727
728static void
729ustorage_fs_t_bbb_data_write_callback(struct usb2_xfer *xfer)
730{
731 struct ustorage_fs_softc *sc = xfer->priv_sc;
732 uint32_t max_bulk = xfer->max_data_length;
733
734 DPRINTF("\n");
735
736 switch (USB_GET_STATE(xfer)) {
737 case USB_ST_TRANSFERRED:
738 sc->sc_transfer.data_rem -= xfer->actlen;
739 sc->sc_transfer.data_ptr += xfer->actlen;
740 sc->sc_transfer.offset += xfer->actlen;
741
742 if ((xfer->actlen != xfer->sumlen) ||
743 (sc->sc_transfer.data_rem == 0)) {
744 /* short transfer or end of data */
745 ustorage_fs_transfer_start(sc,
746 USTORAGE_FS_T_BBB_STATUS);
747 break;
748 }
749 case USB_ST_SETUP:
750tr_setup:
751 if (max_bulk >= sc->sc_transfer.data_rem) {
752 max_bulk = sc->sc_transfer.data_rem;
753 if (sc->sc_transfer.data_short) {
754 xfer->flags.force_short_xfer = 1;
755 } else {
756 xfer->flags.force_short_xfer = 0;
757 }
758 } else {
759 xfer->flags.force_short_xfer = 0;
760 }
761
762 if (sc->sc_transfer.data_error) {
763 sc->sc_transfer.data_error = 0;
764 xfer->flags.stall_pipe = 1;
765 } else {
766 xfer->flags.stall_pipe = 0;
767 }
768
769 xfer->frlengths[0] = max_bulk;
770 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0);
771 usb2_start_hardware(xfer);
772 break;
773
774 default: /* Error */
775 if (xfer->error == USB_ERR_CANCELLED) {
776 break;
777 }
778 /*
779 * If the pipe is already stalled, don't do another
780 * stall
781 */
782 if (!xfer->pipe->is_stalled) {
783 sc->sc_transfer.data_error = 1;
784 }
785 /* try again */
786 goto tr_setup;
787 }
788}
789
790static void
791ustorage_fs_t_bbb_status_callback(struct usb2_xfer *xfer)
792{
793 struct ustorage_fs_softc *sc = xfer->priv_sc;
794
795 DPRINTF("\n");
796
797 switch (USB_GET_STATE(xfer)) {
798 case USB_ST_TRANSFERRED:
799 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
800 break;
801
802 case USB_ST_SETUP:
803tr_setup:
804 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
805 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
806
807 if (sc->sc_transfer.data_error) {
808 sc->sc_transfer.data_error = 0;
809 xfer->flags.stall_pipe = 1;
810 } else {
811 xfer->flags.stall_pipe = 0;
812 }
813
814 xfer->frlengths[0] = sizeof(sc->sc_csw);
815 usb2_set_frame_data(xfer, &sc->sc_csw, 0);
816 usb2_start_hardware(xfer);
817 break;
818
819 default:
820 if (xfer->error == USB_ERR_CANCELLED) {
821 break;
822 }
823 /* If the pipe is already stalled, don't do another stall */
824 if (!xfer->pipe->is_stalled) {
825 sc->sc_transfer.data_error = 1;
826 }
827 /* try again */
828 goto tr_setup;
829 }
830}
831
832/* SCSI commands that we recognize */
833#define SC_FORMAT_UNIT 0x04
834#define SC_INQUIRY 0x12
835#define SC_MODE_SELECT_6 0x15
836#define SC_MODE_SELECT_10 0x55
837#define SC_MODE_SENSE_6 0x1a
838#define SC_MODE_SENSE_10 0x5a
839#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
840#define SC_READ_6 0x08
841#define SC_READ_10 0x28
842#define SC_READ_12 0xa8
843#define SC_READ_CAPACITY 0x25
844#define SC_READ_FORMAT_CAPACITIES 0x23
845#define SC_RELEASE 0x17
846#define SC_REQUEST_SENSE 0x03
847#define SC_RESERVE 0x16
848#define SC_SEND_DIAGNOSTIC 0x1d
849#define SC_START_STOP_UNIT 0x1b
850#define SC_SYNCHRONIZE_CACHE 0x35
851#define SC_TEST_UNIT_READY 0x00
852#define SC_VERIFY 0x2f
853#define SC_WRITE_6 0x0a
854#define SC_WRITE_10 0x2a
855#define SC_WRITE_12 0xaa
856
857/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
858#define SS_NO_SENSE 0
859#define SS_COMMUNICATION_FAILURE 0x040800
860#define SS_INVALID_COMMAND 0x052000
861#define SS_INVALID_FIELD_IN_CDB 0x052400
862#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
863#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
864#define SS_MEDIUM_NOT_PRESENT 0x023a00
865#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
866#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
867#define SS_RESET_OCCURRED 0x062900
868#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
869#define SS_UNRECOVERED_READ_ERROR 0x031100
870#define SS_WRITE_ERROR 0x030c02
871#define SS_WRITE_PROTECTED 0x072700
872
873#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
874#define ASC(x) ((uint8_t) ((x) >> 8))
875#define ASCQ(x) ((uint8_t) (x))
876
877/* Routines for unaligned data access */
878
879static uint16_t
880get_be16(uint8_t *buf)
881{
882 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
883}
884
885static uint32_t
886get_be32(uint8_t *buf)
887{
888 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
889 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
890}
891
892static void
893put_be16(uint8_t *buf, uint16_t val)
894{
895 buf[0] = val >> 8;
896 buf[1] = val;
897}
898
899static void
900put_be32(uint8_t *buf, uint32_t val)
901{
902 buf[0] = val >> 24;
903 buf[1] = val >> 16;
904 buf[2] = val >> 8;
905 buf[3] = val & 0xff;
906}
907
908/*------------------------------------------------------------------------*
909 * ustorage_fs_verify
910 *
911 * Returns:
912 * 0: Success
913 * Else: Failure
914 *------------------------------------------------------------------------*/
915static uint8_t
916ustorage_fs_verify(struct ustorage_fs_softc *sc)
917{
918 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
919 uint32_t lba;
920 uint32_t vlen;
921 uint64_t file_offset;
922 uint64_t amount_left;
923
924 /*
925 * Get the starting Logical Block Address
926 */
927 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
928
929 /*
930 * We allow DPO (Disable Page Out = don't save data in the cache)
931 * but we don't implement it.
932 */
933 if ((sc->sc_transfer.cmd_data[1] & ~0x10) != 0) {
934 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
935 return (1);
936 }
937 vlen = get_be16(&sc->sc_transfer.cmd_data[7]);
938 if (vlen == 0) {
939 goto done;
940 }
941 /* No default reply */
942
943 /* Prepare to carry out the file verify */
944 amount_left = vlen;
945 amount_left <<= 9;
946 file_offset = lba;
947 file_offset <<= 9;
948
949 /* Range check */
950 vlen += lba;
951
952 if ((vlen < lba) ||
953 (vlen > currlun->num_sectors) ||
954 (lba >= currlun->num_sectors)) {
955 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
956 return (1);
957 }
958 /* XXX TODO: verify that data is readable */
959done:
960 return (ustorage_fs_min_len(sc, 0, 0 - 1));
961}
962
963/*------------------------------------------------------------------------*
964 * ustorage_fs_inquiry
965 *
966 * Returns:
967 * 0: Success
968 * Else: Failure
969 *------------------------------------------------------------------------*/
970static uint8_t
971ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
972{
973 uint8_t *buf = sc->sc_transfer.data_ptr;
974
975 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
976
977 if (!sc->sc_transfer.currlun) {
978 /* Unsupported LUNs are okay */
979 memset(buf, 0, 36);
980 buf[0] = 0x7f;
981 /* Unsupported, no device - type */
982 return (ustorage_fs_min_len(sc, 36, 0 - 1));
983 }
984 memset(buf, 0, 8);
985 /* Non - removable, direct - access device */
986 if (currlun->removable)
987 buf[1] = 0x80;
988 buf[2] = 2;
989 /* ANSI SCSI level 2 */
990 buf[3] = 2;
991 /* SCSI - 2 INQUIRY data format */
992 buf[4] = 31;
993 /* Additional length */
994 /* No special options */
995 /* Copy in ID string */
996 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
997
998 return (ustorage_fs_min_len(sc, 36, 0 - 1));
999}
1000
1001/*------------------------------------------------------------------------*
1002 * ustorage_fs_request_sense
1003 *
1004 * Returns:
1005 * 0: Success
1006 * Else: Failure
1007 *------------------------------------------------------------------------*/
1008static uint8_t
1009ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1010{
1011 uint8_t *buf = sc->sc_transfer.data_ptr;
1012 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1013 uint32_t sd;
1014 uint32_t sdinfo;
1015 uint8_t valid;
1016
1017 /*
1018 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1019 *
1020 * If a REQUEST SENSE command is received from an initiator
1021 * with a pending unit attention condition (before the target
1022 * generates the contingent allegiance condition), then the
1023 * target shall either:
1024 * a) report any pending sense data and preserve the unit
1025 * attention condition on the logical unit, or,
1026 * b) report the unit attention condition, may discard any
1027 * pending sense data, and clear the unit attention
1028 * condition on the logical unit for that initiator.
1029 *
1030 * FSG normally uses option a); enable this code to use option b).
1031 */
1032#if 0
1033 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1034 currlun->sense_data = currlun->unit_attention_data;
1035 currlun->unit_attention_data = SS_NO_SENSE;
1036 }
1037#endif
1038
1039 if (!currlun) {
1040 /* Unsupported LUNs are okay */
1041 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1042 sdinfo = 0;
1043 valid = 0;
1044 } else {
1045 sd = currlun->sense_data;
1046 sdinfo = currlun->sense_data_info;
1047 valid = currlun->info_valid << 7;
1048 currlun->sense_data = SS_NO_SENSE;
1049 currlun->sense_data_info = 0;
1050 currlun->info_valid = 0;
1051 }
1052
1053 memset(buf, 0, 18);
1054 buf[0] = valid | 0x70;
1055 /* Valid, current error */
1056 buf[2] = SK(sd);
1057 put_be32(&buf[3], sdinfo);
1058 /* Sense information */
1059 buf[7] = 18 - 8;
1060 /* Additional sense length */
1061 buf[12] = ASC(sd);
1062 buf[13] = ASCQ(sd);
1063 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1064}
1065
1066
1067/*------------------------------------------------------------------------*
1068 * ustorage_fs_read_capacity
1069 *
1070 * Returns:
1071 * 0: Success
1072 * Else: Failure
1073 *------------------------------------------------------------------------*/
1074static uint8_t
1075ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1076{
1077 uint8_t *buf = sc->sc_transfer.data_ptr;
1078 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1079 uint32_t lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1080 uint8_t pmi = sc->sc_transfer.cmd_data[8];
1081
1082 /* Check the PMI and LBA fields */
1083 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1084 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1085 return (1);
1086 }
1087 put_be32(&buf[0], currlun->num_sectors - 1);
1088 /* Max logical block */
1089 put_be32(&buf[4], 512);
1090 /* Block length */
1091 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1092}
1093
1094
1095/*------------------------------------------------------------------------*
1096 * ustorage_fs_mode_sense
1097 *
1098 * Returns:
1099 * 0: Success
1100 * Else: Failure
1101 *------------------------------------------------------------------------*/
1102static uint8_t
1103ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1104{
1105 uint8_t *buf = sc->sc_transfer.data_ptr;
1106 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1107 uint8_t *buf0;
1108 uint16_t len;
1109 uint16_t limit;
1110 uint8_t mscmnd = sc->sc_transfer.cmd_data[0];
1111 uint8_t pc;
1112 uint8_t page_code;
1113 uint8_t changeable_values;
1114 uint8_t all_pages;
1115
1116 buf0 = buf;
1117
1118 if ((sc->sc_transfer.cmd_data[1] & ~0x08) != 0) {
1119 /* Mask away DBD */
1120 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1121 return (1);
1122 }
1123 pc = sc->sc_transfer.cmd_data[2] >> 6;
1124 page_code = sc->sc_transfer.cmd_data[2] & 0x3f;
1125 if (pc == 3) {
1126 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1127 return (1);
1128 }
1129 changeable_values = (pc == 1);
1130 all_pages = (page_code == 0x3f);
1131
1132 /*
1133 * Write the mode parameter header. Fixed values are: default
1134 * medium type, no cache control (DPOFUA), and no block descriptors.
1135 * The only variable value is the WriteProtect bit. We will fill in
1136 * the mode data length later.
1137 */
1138 memset(buf, 0, 8);
1139 if (mscmnd == SC_MODE_SENSE_6) {
1140 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1141 /* WP, DPOFUA */
1142 buf += 4;
1143 limit = 255;
1144 } else {
1145 /* SC_MODE_SENSE_10 */
1146 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1147 /* WP, DPOFUA */
1148 buf += 8;
1149 limit = 65535;
1150 /* Should really be mod_data.buflen */
1151 }
1152
1153 /* No block descriptors */
1154
1155 /*
1156 * The mode pages, in numerical order.
1157 */
1158 if ((page_code == 0x08) || all_pages) {
1159 buf[0] = 0x08;
1160 /* Page code */
1161 buf[1] = 10;
1162 /* Page length */
1163 memset(buf + 2, 0, 10);
1164 /* None of the fields are changeable */
1165
1166 if (!changeable_values) {
1167 buf[2] = 0x04;
1168 /* Write cache enable, */
1169 /* Read cache not disabled */
1170 /* No cache retention priorities */
1171 put_be16(&buf[4], 0xffff);
1172 /* Don 't disable prefetch */
1173 /* Minimum prefetch = 0 */
1174 put_be16(&buf[8], 0xffff);
1175 /* Maximum prefetch */
1176 put_be16(&buf[10], 0xffff);
1177 /* Maximum prefetch ceiling */
1178 }
1179 buf += 12;
1180 }
1181 /*
1182 * Check that a valid page was requested and the mode data length
1183 * isn't too long.
1184 */
1185 len = buf - buf0;
1186 if (len > limit) {
1187 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1188 return (1);
1189 }
1190 /* Store the mode data length */
1191 if (mscmnd == SC_MODE_SENSE_6)
1192 buf0[0] = len - 1;
1193 else
1194 put_be16(buf0, len - 2);
1195 return (ustorage_fs_min_len(sc, len, 0 - 1));
1196}
1197
1198/*------------------------------------------------------------------------*
1199 * ustorage_fs_start_stop
1200 *
1201 * Returns:
1202 * 0: Success
1203 * Else: Failure
1204 *------------------------------------------------------------------------*/
1205static uint8_t
1206ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1207{
1208 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1209 uint8_t loej;
1210 uint8_t start;
1211 uint8_t immed;
1212
1213 if (!currlun->removable) {
1214 currlun->sense_data = SS_INVALID_COMMAND;
1215 return (1);
1216 }
1217 immed = sc->sc_transfer.cmd_data[1] & 0x01;
1218 loej = sc->sc_transfer.cmd_data[4] & 0x02;
1219 start = sc->sc_transfer.cmd_data[4] & 0x01;
1220
1221 if (immed || loej || start) {
1222 /* compile fix */
1223 }
1224 return (0);
1225}
1226
1227/*------------------------------------------------------------------------*
1228 * ustorage_fs_prevent_allow
1229 *
1230 * Returns:
1231 * 0: Success
1232 * Else: Failure
1233 *------------------------------------------------------------------------*/
1234static uint8_t
1235ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1236{
1237 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1238 uint8_t prevent;
1239
1240 if (!currlun->removable) {
1241 currlun->sense_data = SS_INVALID_COMMAND;
1242 return (1);
1243 }
1244 prevent = sc->sc_transfer.cmd_data[4] & 0x01;
1245 if ((sc->sc_transfer.cmd_data[4] & ~0x01) != 0) {
1246 /* Mask away Prevent */
1247 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1248 return (1);
1249 }
1250 if (currlun->prevent_medium_removal && !prevent) {
1251 //fsync_sub(currlun);
1252 }
1253 currlun->prevent_medium_removal = prevent;
1254 return (0);
1255}
1256
1257/*------------------------------------------------------------------------*
1258 * ustorage_fs_read_format_capacities
1259 *
1260 * Returns:
1261 * 0: Success
1262 * Else: Failure
1263 *------------------------------------------------------------------------*/
1264static uint8_t
1265ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1266{
1267 uint8_t *buf = sc->sc_transfer.data_ptr;
1268 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1269
1270 buf[0] = buf[1] = buf[2] = 0;
1271 buf[3] = 8;
1272 /* Only the Current / Maximum Capacity Descriptor */
1273 buf += 4;
1274
1275 put_be32(&buf[0], currlun->num_sectors);
1276 /* Number of blocks */
1277 put_be32(&buf[4], 512);
1278 /* Block length */
1279 buf[4] = 0x02;
1280 /* Current capacity */
1281 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1282}
1283
1284/*------------------------------------------------------------------------*
1285 * ustorage_fs_mode_select
1286 *
1287 * Return values:
1288 * 0: Success
1289 * Else: Failure
1290 *------------------------------------------------------------------------*/
1291static uint8_t
1292ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1293{
1294 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1295
1296 /* We don't support MODE SELECT */
1297 currlun->sense_data = SS_INVALID_COMMAND;
1298 return (1);
1299}
1300
1301/*------------------------------------------------------------------------*
1302 * ustorage_fs_synchronize_cache
1303 *
1304 * Return values:
1305 * 0: Success
1306 * Else: Failure
1307 *------------------------------------------------------------------------*/
1308static uint8_t
1309ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1310{
1311#if 0
1312 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1313 uint8_t rc;
1314
1315 /*
1316 * We ignore the requested LBA and write out all dirty data buffers.
1317 */
1318 rc = 0;
1319 if (rc) {
1320 currlun->sense_data = SS_WRITE_ERROR;
1321 }
1322#endif
1323 return (0);
1324}
1325
1326/*------------------------------------------------------------------------*
1327 * ustorage_fs_read - read data from disk
1328 *
1329 * Return values:
1330 * 0: Success
1331 * Else: Failure
1332 *------------------------------------------------------------------------*/
1333static uint8_t
1334ustorage_fs_read(struct ustorage_fs_softc *sc)
1335{
1336 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1337 uint64_t file_offset;
1338 uint32_t lba;
1339 uint32_t len;
1340
1341 /*
1342 * Get the starting Logical Block Address and check that it's not
1343 * too big
1344 */
1345 if (sc->sc_transfer.cmd_data[0] == SC_READ_6) {
1346 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) |
1347 get_be16(&sc->sc_transfer.cmd_data[2]);
1348 } else {
1349 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1350
1351 /*
1352 * We allow DPO (Disable Page Out = don't save data in the
1353 * cache) and FUA (Force Unit Access = don't read from the
1354 * cache), but we don't implement them.
1355 */
1356 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) {
1357 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1358 return (1);
1359 }
1360 }
1361 len = sc->sc_transfer.data_rem >> 9;
1362 len += lba;
1363
1364 if ((len < lba) ||
1365 (len > currlun->num_sectors) ||
1366 (lba >= currlun->num_sectors)) {
1367 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1368 return (1);
1369 }
1370 file_offset = lba;
1371 file_offset <<= 9;
1372
1373 sc->sc_transfer.data_ptr =
1374 USB_ADD_BYTES(currlun->memory_image, (uint32_t)file_offset);
1375
1376 return (0);
1377}
1378
1379/*------------------------------------------------------------------------*
1380 * ustorage_fs_write - write data to disk
1381 *
1382 * Return values:
1383 * 0: Success
1384 * Else: Failure
1385 *------------------------------------------------------------------------*/
1386static uint8_t
1387ustorage_fs_write(struct ustorage_fs_softc *sc)
1388{
1389 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1390 uint64_t file_offset;
1391 uint32_t lba;
1392 uint32_t len;
1393
1394 if (currlun->read_only) {
1395 currlun->sense_data = SS_WRITE_PROTECTED;
1396 return (1);
1397 }
1398 /* XXX clear SYNC */
1399
1400 /*
1401 * Get the starting Logical Block Address and check that it's not
1402 * too big.
1403 */
1404 if (sc->sc_transfer.cmd_data[0] == SC_WRITE_6)
1405 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) |
1406 get_be16(&sc->sc_transfer.cmd_data[2]);
1407 else {
1408 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1409
1410 /*
1411 * We allow DPO (Disable Page Out = don't save data in the
1412 * cache) and FUA (Force Unit Access = write directly to the
1413 * medium). We don't implement DPO; we implement FUA by
1414 * performing synchronous output.
1415 */
1416 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) {
1417 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1418 return (1);
1419 }
1420 if (sc->sc_transfer.cmd_data[1] & 0x08) {
1421 /* FUA */
1422 /* XXX set SYNC flag here */
1423 }
1424 }
1425
1426 len = sc->sc_transfer.data_rem >> 9;
1427 len += lba;
1428
1429 if ((len < lba) ||
1430 (len > currlun->num_sectors) ||
1431 (lba >= currlun->num_sectors)) {
1432 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1433 return (1);
1434 }
1435 file_offset = lba;
1436 file_offset <<= 9;
1437
1438 sc->sc_transfer.data_ptr =
1439 USB_ADD_BYTES(currlun->memory_image, (uint32_t)file_offset);
1440
1441 return (0);
1442}
1443
1444/*------------------------------------------------------------------------*
1445 * ustorage_fs_min_len
1446 *
1447 * Return values:
1448 * 0: Success
1449 * Else: Failure
1450 *------------------------------------------------------------------------*/
1451static uint8_t
1452ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1453{
1454 if (len != sc->sc_transfer.data_rem) {
1455
1456 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1457 /*
1458 * there must be something wrong about this SCSI
1459 * command
1460 */
1461 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1462 return (1);
1463 }
1464 /* compute the minimum length */
1465
1466 if (sc->sc_transfer.data_rem > len) {
1467 /* data ends prematurely */
1468 sc->sc_transfer.data_rem = len;
1469 sc->sc_transfer.data_short = 1;
1470 }
1471 /* check length alignment */
1472
1473 if (sc->sc_transfer.data_rem & ~mask) {
1474 /* data ends prematurely */
1475 sc->sc_transfer.data_rem &= mask;
1476 sc->sc_transfer.data_short = 1;
1477 }
1478 }
1479 return (0);
1480}
1481
1482/*------------------------------------------------------------------------*
1483 * ustorage_fs_check_cmd - check command routine
1484 *
1485 * Check whether the command is properly formed and whether its data
1486 * size and direction agree with the values we already have.
1487 *
1488 * Return values:
1489 * 0: Success
1490 * Else: Failure
1491 *------------------------------------------------------------------------*/
1492static uint8_t
1493ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1494 uint16_t mask, uint8_t needs_medium)
1495{
1496 struct ustorage_fs_lun *currlun;
1497 uint8_t lun = (sc->sc_transfer.cmd_data[1] >> 5);
1498 uint8_t i;
1499
1500 /* Verify the length of the command itself */
1501 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1502 DPRINTF("%u > %u\n",
1503 min_cmd_size, sc->sc_transfer.cmd_len);
1504 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1505 return (1);
1506 }
1507 /* Mask away the LUN */
1508 sc->sc_transfer.cmd_data[1] &= 0x1f;
1509
1510 /* Check if LUN is correct */
1511 if (lun != sc->sc_transfer.lun) {
1512
1513 }
1514 /* Check the LUN */
1515 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1516 sc->sc_transfer.currlun = currlun =
1517 sc->sc_lun + sc->sc_transfer.lun;
1518 if (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE) {
1519 currlun->sense_data = SS_NO_SENSE;
1520 currlun->sense_data_info = 0;
1521 currlun->info_valid = 0;
1522 }
1523 /*
1524 * If a unit attention condition exists, only INQUIRY
1525 * and REQUEST SENSE commands are allowed. Anything
1526 * else must fail!
1527 */
1528 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1529 (sc->sc_transfer.cmd_data[0] != SC_INQUIRY) &&
1530 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) {
1531 currlun->sense_data = currlun->unit_attention_data;
1532 currlun->unit_attention_data = SS_NO_SENSE;
1533 return (1);
1534 }
1535 } else {
1536 sc->sc_transfer.currlun = currlun = NULL;
1537
1538 /*
1539 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1540 * to use unsupported LUNs; all others may not.
1541 */
1542 if ((sc->sc_transfer.cmd_data[0] != SC_INQUIRY) &&
1543 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) {
1544 return (1);
1545 }
1546 }
1547
1548 /*
1549 * Check that only command bytes listed in the mask are
1550 * non-zero.
1551 */
1552 for (i = 0; i != min_cmd_size; i++) {
1553 if (sc->sc_transfer.cmd_data[i] && !(mask & (1UL << i))) {
1554 if (currlun) {
1555 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1556 }
1557 return (1);
1558 }
1559 }
1560
1561 /*
1562 * If the medium isn't mounted and the command needs to access
1563 * it, return an error.
1564 */
1565 if (currlun && (!currlun->memory_image) && needs_medium) {
1566 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1567 return (1);
1568 }
1569 return (0);
1570}
1571
1572/*------------------------------------------------------------------------*
1573 * ustorage_fs_do_cmd - do command
1574 *
1575 * Return values:
1576 * 0: Success
1577 * Else: Failure
1578 *------------------------------------------------------------------------*/
1579static uint8_t
1580ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1581{
1582 uint8_t error = 1;
1583 uint8_t i;
1584 uint32_t temp;
1585
1586 /* set default data transfer pointer */
1587 sc->sc_transfer.data_ptr = sc->sc_qdata;
1588
1589 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1590 sc->sc_transfer.cmd_data[0], sc->sc_transfer.data_rem);
1591
1592 switch (sc->sc_transfer.cmd_data[0]) {
1593 case SC_INQUIRY:
1594 sc->sc_transfer.cmd_dir = DIR_WRITE;
1595 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1596 if (error) {
1597 break;
1598 }
1599 error = ustorage_fs_check_cmd(sc, 6,
1600 (1UL << 4) | 1, 0);
1601 if (error) {
1602 break;
1603 }
1604 error = ustorage_fs_inquiry(sc);
1605
1606 break;
1607
1608 case SC_MODE_SELECT_6:
1609 sc->sc_transfer.cmd_dir = DIR_READ;
1610 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1611 if (error) {
1612 break;
1613 }
1614 error = ustorage_fs_check_cmd(sc, 6,
1615 (1UL << 1) | (1UL << 4) | 1, 0);
1616 if (error) {
1617 break;
1618 }
1619 error = ustorage_fs_mode_select(sc);
1620
1621 break;
1622
1623 case SC_MODE_SELECT_10:
1624 sc->sc_transfer.cmd_dir = DIR_READ;
1625 error = ustorage_fs_min_len(sc,
1626 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1627 if (error) {
1628 break;
1629 }
1630 error = ustorage_fs_check_cmd(sc, 10,
1631 (1UL << 1) | (3UL << 7) | 1, 0);
1632 if (error) {
1633 break;
1634 }
1635 error = ustorage_fs_mode_select(sc);
1636
1637 break;
1638
1639 case SC_MODE_SENSE_6:
1640 sc->sc_transfer.cmd_dir = DIR_WRITE;
1641 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1642 if (error) {
1643 break;
1644 }
1645 error = ustorage_fs_check_cmd(sc, 6,
1646 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1647 if (error) {
1648 break;
1649 }
1650 error = ustorage_fs_mode_sense(sc);
1651
1652 break;
1653
1654 case SC_MODE_SENSE_10:
1655 sc->sc_transfer.cmd_dir = DIR_WRITE;
1656 error = ustorage_fs_min_len(sc,
1657 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1658 if (error) {
1659 break;
1660 }
1661 error = ustorage_fs_check_cmd(sc, 10,
1662 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1663 if (error) {
1664 break;
1665 }
1666 error = ustorage_fs_mode_sense(sc);
1667
1668 break;
1669
1670 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1671 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1672 if (error) {
1673 break;
1674 }
1675 error = ustorage_fs_check_cmd(sc, 6,
1676 (1UL << 4) | 1, 0);
1677 if (error) {
1678 break;
1679 }
1680 error = ustorage_fs_prevent_allow(sc);
1681
1682 break;
1683
1684 case SC_READ_6:
1685 i = sc->sc_transfer.cmd_data[4];
1686 sc->sc_transfer.cmd_dir = DIR_WRITE;
1687 temp = ((i == 0) ? 256UL : i);
1688 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1689 if (error) {
1690 break;
1691 }
1692 error = ustorage_fs_check_cmd(sc, 6,
1693 (7UL << 1) | (1UL << 4) | 1, 1);
1694 if (error) {
1695 break;
1696 }
1697 error = ustorage_fs_read(sc);
1698
1699 break;
1700
1701 case SC_READ_10:
1702 sc->sc_transfer.cmd_dir = DIR_WRITE;
1703 temp = get_be16(&sc->sc_transfer.cmd_data[7]);
1704 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1705 if (error) {
1706 break;
1707 }
1708 error = ustorage_fs_check_cmd(sc, 10,
1709 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1710 if (error) {
1711 break;
1712 }
1713 error = ustorage_fs_read(sc);
1714
1715 break;
1716
1717 case SC_READ_12:
1718 sc->sc_transfer.cmd_dir = DIR_WRITE;
1719 temp = get_be32(&sc->sc_transfer.cmd_data[6]);
1720 if (temp >= (1UL << (32 - 9))) {
1721 /* numerical overflow */
1722 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1723 error = 1;
1724 break;
1725 }
1726 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1727 if (error) {
1728 break;
1729 }
1730 error = ustorage_fs_check_cmd(sc, 12,
1731 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1732 if (error) {
1733 break;
1734 }
1735 error = ustorage_fs_read(sc);
1736
1737 break;
1738
1739 case SC_READ_CAPACITY:
1740 sc->sc_transfer.cmd_dir = DIR_WRITE;
1741 error = ustorage_fs_check_cmd(sc, 10,
1742 (0xfUL << 2) | (1UL << 8) | 1, 1);
1743 if (error) {
1744 break;
1745 }
1746 error = ustorage_fs_read_capacity(sc);
1747
1748 break;
1749
1750 case SC_READ_FORMAT_CAPACITIES:
1751 sc->sc_transfer.cmd_dir = DIR_WRITE;
1752 error = ustorage_fs_min_len(sc,
1753 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1754 if (error) {
1755 break;
1756 }
1757 error = ustorage_fs_check_cmd(sc, 10,
1758 (3UL << 7) | 1, 1);
1759 if (error) {
1760 break;
1761 }
1762 error = ustorage_fs_read_format_capacities(sc);
1763
1764 break;
1765
1766 case SC_REQUEST_SENSE:
1767 sc->sc_transfer.cmd_dir = DIR_WRITE;
1768 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1769 if (error) {
1770 break;
1771 }
1772 error = ustorage_fs_check_cmd(sc, 6,
1773 (1UL << 4) | 1, 0);
1774 if (error) {
1775 break;
1776 }
1777 error = ustorage_fs_request_sense(sc);
1778
1779 break;
1780
1781 case SC_START_STOP_UNIT:
1782 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1783 if (error) {
1784 break;
1785 }
1786 error = ustorage_fs_check_cmd(sc, 6,
1787 (1UL << 1) | (1UL << 4) | 1, 0);
1788 if (error) {
1789 break;
1790 }
1791 error = ustorage_fs_start_stop(sc);
1792
1793 break;
1794
1795 case SC_SYNCHRONIZE_CACHE:
1796 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1797 if (error) {
1798 break;
1799 }
1800 error = ustorage_fs_check_cmd(sc, 10,
1801 (0xfUL << 2) | (3UL << 7) | 1, 1);
1802 if (error) {
1803 break;
1804 }
1805 error = ustorage_fs_synchronize_cache(sc);
1806
1807 break;
1808
1809 case SC_TEST_UNIT_READY:
1810 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1811 if (error) {
1812 break;
1813 }
1814 error = ustorage_fs_check_cmd(sc, 6,
1815 0 | 1, 1);
1816 break;
1817
1818 /*
1819 * Although optional, this command is used by MS-Windows.
1820 * We support a minimal version: BytChk must be 0.
1821 */
1822 case SC_VERIFY:
1823 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1824 if (error) {
1825 break;
1826 }
1827 error = ustorage_fs_check_cmd(sc, 10,
1828 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1829 if (error) {
1830 break;
1831 }
1832 error = ustorage_fs_verify(sc);
1833
1834 break;
1835
1836 case SC_WRITE_6:
1837 i = sc->sc_transfer.cmd_data[4];
1838 sc->sc_transfer.cmd_dir = DIR_READ;
1839 temp = ((i == 0) ? 256UL : i);
1840 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1841 if (error) {
1842 break;
1843 }
1844 error = ustorage_fs_check_cmd(sc, 6,
1845 (7UL << 1) | (1UL << 4) | 1, 1);
1846 if (error) {
1847 break;
1848 }
1849 error = ustorage_fs_write(sc);
1850
1851 break;
1852
1853 case SC_WRITE_10:
1854 sc->sc_transfer.cmd_dir = DIR_READ;
1855 temp = get_be16(&sc->sc_transfer.cmd_data[7]);
1856 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1857 if (error) {
1858 break;
1859 }
1860 error = ustorage_fs_check_cmd(sc, 10,
1861 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1862 if (error) {
1863 break;
1864 }
1865 error = ustorage_fs_write(sc);
1866
1867 break;
1868
1869 case SC_WRITE_12:
1870 sc->sc_transfer.cmd_dir = DIR_READ;
1871 temp = get_be32(&sc->sc_transfer.cmd_data[6]);
1872 if (temp >= (1UL << (32 - 9))) {
1873 /* numerical overflow */
1874 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1875 error = 1;
1876 break;
1877 }
1878 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1879 if (error) {
1880 break;
1881 }
1882 error = ustorage_fs_check_cmd(sc, 12,
1883 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1884 if (error) {
1885 break;
1886 }
1887 error = ustorage_fs_write(sc);
1888
1889 break;
1890
1891 /*
1892 * Some mandatory commands that we recognize but don't
1893 * implement. They don't mean much in this setting.
1894 * It's left as an exercise for anyone interested to
1895 * implement RESERVE and RELEASE in terms of Posix
1896 * locks.
1897 */
1898 case SC_FORMAT_UNIT:
1899 case SC_RELEASE:
1900 case SC_RESERVE:
1901 case SC_SEND_DIAGNOSTIC:
1902 /* Fallthrough */
1903
1904 default:
1905 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1906 if (error) {
1907 break;
1908 }
1909 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1910 0xff, 0);
1911 if (error) {
1912 break;
1913 }
1914 sc->sc_transfer.currlun->sense_data =
1915 SS_INVALID_COMMAND;
1916 error = 1;
1917
1918 break;
1919 }
1920 return (error);
1921}
2/*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38#include "usbdevs.h"
39#include <dev/usb/usb.h>
40#include <dev/usb/usb_mfunc.h>
41#include <dev/usb/usb_error.h>
42
43#define USB_DEBUG_VAR ustorage_fs_debug
44
45#include <dev/usb/usb_core.h>
46#include <dev/usb/usb_util.h>
47#include <dev/usb/usb_busdma.h>
48#include <dev/usb/usb_debug.h>
49#include <dev/usb/usb_process.h>
50#include <dev/usb/usb_device.h>
51
52#if USB_DEBUG
53static int ustorage_fs_debug = 0;
54
55SYSCTL_NODE(_hw_usb2, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
56SYSCTL_INT(_hw_usb2_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
57 &ustorage_fs_debug, 0, "ustorage_fs debug level");
58#endif
59
60/* Define some limits */
61
62#define USTORAGE_FS_BULK_SIZE (1UL << 17)
63#define USTORAGE_FS_MAX_LUN 8
64
65/*
66 * The SCSI ID string must be exactly 28 characters long
67 * exluding the terminating zero.
68 */
69#ifndef USTORAGE_FS_ID_STRING
70#define USTORAGE_FS_ID_STRING \
71 "FreeBSD " /* 8 */ \
72 "File-Stor Gadget" /* 16 */ \
73 "0101" /* 4 */
74#endif
75
76/*
77 * The following macro defines the number of
78 * sectors to be allocated for the RAM disk:
79 */
80#ifndef USTORAGE_FS_RAM_SECT
81#define USTORAGE_FS_RAM_SECT (1UL << 13)
82#endif
83
84static uint8_t *ustorage_fs_ramdisk;
85
86/* USB transfer definitions */
87
88#define USTORAGE_FS_T_BBB_COMMAND 0
89#define USTORAGE_FS_T_BBB_DATA_DUMP 1
90#define USTORAGE_FS_T_BBB_DATA_READ 2
91#define USTORAGE_FS_T_BBB_DATA_WRITE 3
92#define USTORAGE_FS_T_BBB_STATUS 4
93#define USTORAGE_FS_T_BBB_MAX 5
94
95/* USB data stage direction */
96
97#define DIR_NONE 0
98#define DIR_READ 1
99#define DIR_WRITE 2
100
101/* USB interface specific control request */
102
103#define UR_BBB_RESET 0xff /* Bulk-Only reset */
104#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
105
106/* Command Block Wrapper */
107typedef struct {
108 uDWord dCBWSignature;
109#define CBWSIGNATURE 0x43425355
110 uDWord dCBWTag;
111 uDWord dCBWDataTransferLength;
112 uByte bCBWFlags;
113#define CBWFLAGS_OUT 0x00
114#define CBWFLAGS_IN 0x80
115 uByte bCBWLUN;
116 uByte bCDBLength;
117#define CBWCDBLENGTH 16
118 uByte CBWCDB[CBWCDBLENGTH];
119} __packed ustorage_fs_bbb_cbw_t;
120
121#define USTORAGE_FS_BBB_CBW_SIZE 31
122
123/* Command Status Wrapper */
124typedef struct {
125 uDWord dCSWSignature;
126#define CSWSIGNATURE 0x53425355
127 uDWord dCSWTag;
128 uDWord dCSWDataResidue;
129 uByte bCSWStatus;
130#define CSWSTATUS_GOOD 0x0
131#define CSWSTATUS_FAILED 0x1
132#define CSWSTATUS_PHASE 0x2
133} __packed ustorage_fs_bbb_csw_t;
134
135#define USTORAGE_FS_BBB_CSW_SIZE 13
136
137struct ustorage_fs_lun {
138
139 void *memory_image;
140
141 uint32_t num_sectors;
142 uint32_t sense_data;
143 uint32_t sense_data_info;
144 uint32_t unit_attention_data;
145
146 uint8_t read_only:1;
147 uint8_t prevent_medium_removal:1;
148 uint8_t info_valid:1;
149 uint8_t removable:1;
150};
151
152struct ustorage_fs_softc {
153
154 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */
155 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */
156
157 struct mtx sc_mtx;
158
159 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
160
161 struct {
162 uint8_t *data_ptr;
163 struct ustorage_fs_lun *currlun;
164
165 uint32_t data_rem; /* bytes, as reported by the command
166 * block wrapper */
167 uint32_t offset; /* bytes */
168
169 uint8_t cbw_dir;
170 uint8_t cmd_dir;
171 uint8_t lun;
172 uint8_t cmd_data[CBWCDBLENGTH];
173 uint8_t cmd_len;
174 uint8_t data_short:1;
175 uint8_t data_error:1;
176 } sc_transfer;
177
178 device_t sc_dev;
179 struct usb2_device *sc_udev;
180 struct usb2_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
181
182 uint32_t sc_unit;
183
184 uint8_t sc_name[16];
185 uint8_t sc_iface_no; /* interface number */
186 uint8_t sc_last_lun;
187 uint8_t sc_last_xfer_index;
188 uint8_t sc_qdata[1024];
189};
190
191/* prototypes */
192
193static device_probe_t ustorage_fs_probe;
194static device_attach_t ustorage_fs_attach;
195static device_detach_t ustorage_fs_detach;
196static device_suspend_t ustorage_fs_suspend;
197static device_resume_t ustorage_fs_resume;
198static device_shutdown_t ustorage_fs_shutdown;
199static usb_handle_request_t ustorage_fs_handle_request;
200
201static usb2_callback_t ustorage_fs_t_bbb_command_callback;
202static usb2_callback_t ustorage_fs_t_bbb_data_dump_callback;
203static usb2_callback_t ustorage_fs_t_bbb_data_read_callback;
204static usb2_callback_t ustorage_fs_t_bbb_data_write_callback;
205static usb2_callback_t ustorage_fs_t_bbb_status_callback;
206
207static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
208static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
209
210static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
211static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
212static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
213static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
214static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
215static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
216static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
217static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
218static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
219static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
220static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
221static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
222static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
223static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
224
225static device_method_t ustorage_fs_methods[] = {
226 /* USB interface */
227 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
228
229 /* Device interface */
230 DEVMETHOD(device_probe, ustorage_fs_probe),
231 DEVMETHOD(device_attach, ustorage_fs_attach),
232 DEVMETHOD(device_detach, ustorage_fs_detach),
233 DEVMETHOD(device_suspend, ustorage_fs_suspend),
234 DEVMETHOD(device_resume, ustorage_fs_resume),
235 DEVMETHOD(device_shutdown, ustorage_fs_shutdown),
236
237 {0, 0}
238};
239
240static driver_t ustorage_fs_driver = {
241 .name = "ustorage_fs",
242 .methods = ustorage_fs_methods,
243 .size = sizeof(struct ustorage_fs_softc),
244};
245
246static devclass_t ustorage_fs_devclass;
247
248DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
249MODULE_VERSION(ustorage_fs, 0);
250MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
251
252struct usb2_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
253
254 [USTORAGE_FS_T_BBB_COMMAND] = {
255 .type = UE_BULK,
256 .endpoint = UE_ADDR_ANY,
257 .direction = UE_DIR_OUT,
258 .md.bufsize = sizeof(ustorage_fs_bbb_cbw_t),
259 .md.flags = {.ext_buffer = 1,},
260 .md.callback = &ustorage_fs_t_bbb_command_callback,
261 },
262
263 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
264 .type = UE_BULK,
265 .endpoint = UE_ADDR_ANY,
266 .direction = UE_DIR_OUT,
267 .md.bufsize = 0, /* use wMaxPacketSize */
268 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
269 .md.callback = &ustorage_fs_t_bbb_data_dump_callback,
270 },
271
272 [USTORAGE_FS_T_BBB_DATA_READ] = {
273 .type = UE_BULK,
274 .endpoint = UE_ADDR_ANY,
275 .direction = UE_DIR_OUT,
276 .md.bufsize = USTORAGE_FS_BULK_SIZE,
277 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
278 .md.callback = &ustorage_fs_t_bbb_data_read_callback,
279 },
280
281 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
282 .type = UE_BULK,
283 .endpoint = UE_ADDR_ANY,
284 .direction = UE_DIR_IN,
285 .md.bufsize = USTORAGE_FS_BULK_SIZE,
286 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
287 .md.callback = &ustorage_fs_t_bbb_data_write_callback,
288 },
289
290 [USTORAGE_FS_T_BBB_STATUS] = {
291 .type = UE_BULK,
292 .endpoint = UE_ADDR_ANY,
293 .direction = UE_DIR_IN,
294 .md.bufsize = sizeof(ustorage_fs_bbb_csw_t),
295 .md.flags = {.short_xfer_ok = 1,.ext_buffer = 1,},
296 .md.callback = &ustorage_fs_t_bbb_status_callback,
297 },
298};
299
300/*
301 * USB device probe/attach/detach
302 */
303
304static int
305ustorage_fs_probe(device_t dev)
306{
307 struct usb2_attach_arg *uaa = device_get_ivars(dev);
308 struct usb2_interface_descriptor *id;
309
310 if (uaa->usb2_mode != USB_MODE_DEVICE) {
311 return (ENXIO);
312 }
313 if (uaa->use_generic == 0) {
314 /* give other drivers a try first */
315 return (ENXIO);
316 }
317 /* Check for a standards compliant device */
318 id = usb2_get_interface_descriptor(uaa->iface);
319 if ((id == NULL) ||
320 (id->bInterfaceClass != UICLASS_MASS) ||
321 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
322 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
323 return (ENXIO);
324 }
325 return (0);
326}
327
328static int
329ustorage_fs_attach(device_t dev)
330{
331 struct ustorage_fs_softc *sc = device_get_softc(dev);
332 struct usb2_attach_arg *uaa = device_get_ivars(dev);
333 struct usb2_interface_descriptor *id;
334 int err;
335
336 /*
337 * NOTE: the softc struct is bzero-ed in device_set_driver.
338 * We can safely call ustorage_fs_detach without specifically
339 * initializing the struct.
340 */
341
342 sc->sc_dev = dev;
343 sc->sc_udev = uaa->device;
344 sc->sc_unit = device_get_unit(dev);
345
346 if (sc->sc_unit == 0) {
347 if (ustorage_fs_ramdisk == NULL) {
348 /*
349 * allocate a memory image for our ramdisk until
350 * further
351 */
352 ustorage_fs_ramdisk =
353 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK);
354 if (ustorage_fs_ramdisk == NULL) {
355 return (ENOMEM);
356 }
357 }
358 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
359 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
360 sc->sc_lun[0].removable = 1;
361 }
362 snprintf(sc->sc_name, sizeof(sc->sc_name),
363 "%s", device_get_nameunit(dev));
364
365 device_set_usb2_desc(dev);
366
367 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
368 NULL, (MTX_DEF | MTX_RECURSE));
369
370 /* get interface index */
371
372 id = usb2_get_interface_descriptor(uaa->iface);
373 if (id == NULL) {
374 device_printf(dev, "failed to get "
375 "interface number\n");
376 goto detach;
377 }
378 sc->sc_iface_no = id->bInterfaceNumber;
379
380 err = usb2_transfer_setup(uaa->device,
381 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
382 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
383 if (err) {
384 device_printf(dev, "could not setup required "
385 "transfers, %s\n", usb2_errstr(err));
386 goto detach;
387 }
388 /* start Mass Storage State Machine */
389
390 mtx_lock(&sc->sc_mtx);
391 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
392 mtx_unlock(&sc->sc_mtx);
393
394 return (0); /* success */
395
396detach:
397 ustorage_fs_detach(dev);
398 return (ENXIO); /* failure */
399}
400
401static int
402ustorage_fs_detach(device_t dev)
403{
404 struct ustorage_fs_softc *sc = device_get_softc(dev);
405
406 /* teardown our statemachine */
407
408 usb2_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
409
410 mtx_destroy(&sc->sc_mtx);
411
412 return (0); /* success */
413}
414
415static int
416ustorage_fs_suspend(device_t dev)
417{
418 device_printf(dev, "suspending\n");
419 return (0); /* success */
420}
421
422static int
423ustorage_fs_resume(device_t dev)
424{
425 device_printf(dev, "resuming\n");
426 return (0); /* success */
427}
428
429static int
430ustorage_fs_shutdown(device_t dev)
431{
432 return (0); /* success */
433}
434
435/*
436 * Generic functions to handle transfers
437 */
438
439static void
440ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
441{
442 if (sc->sc_xfer[xfer_index]) {
443 sc->sc_last_xfer_index = xfer_index;
444 usb2_transfer_start(sc->sc_xfer[xfer_index]);
445 }
446}
447
448static void
449ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
450{
451 usb2_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
452 mtx_unlock(&sc->sc_mtx);
453 usb2_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
454 mtx_lock(&sc->sc_mtx);
455}
456
457static int
458ustorage_fs_handle_request(device_t dev,
459 const void *preq, void **pptr, uint16_t *plen,
460 uint16_t offset, uint8_t is_complete)
461{
462 struct ustorage_fs_softc *sc = device_get_softc(dev);
463 const struct usb2_device_request *req = preq;
464
465 if (!is_complete) {
466 if (req->bRequest == UR_BBB_RESET) {
467 *plen = 0;
468 mtx_lock(&sc->sc_mtx);
469 ustorage_fs_transfer_stop(sc);
470 sc->sc_transfer.data_error = 1;
471 ustorage_fs_transfer_start(sc,
472 USTORAGE_FS_T_BBB_COMMAND);
473 mtx_unlock(&sc->sc_mtx);
474 return (0);
475 } else if (req->bRequest == UR_BBB_GET_MAX_LUN) {
476 if (offset == 0) {
477 *plen = 1;
478 *pptr = &sc->sc_last_lun;
479 } else {
480 *plen = 0;
481 }
482 return (0);
483 }
484 }
485 return (ENXIO); /* use builtin handler */
486}
487
488static void
489ustorage_fs_t_bbb_command_callback(struct usb2_xfer *xfer)
490{
491 struct ustorage_fs_softc *sc = xfer->priv_sc;
492 uint32_t tag;
493 uint8_t error = 0;
494
495 DPRINTF("\n");
496
497 switch (USB_GET_STATE(xfer)) {
498 case USB_ST_TRANSFERRED:
499
500 tag = UGETDW(sc->sc_cbw.dCBWSignature);
501
502 if (tag != CBWSIGNATURE) {
503 /* do nothing */
504 DPRINTF("invalid signature 0x%08x\n", tag);
505 break;
506 }
507 tag = UGETDW(sc->sc_cbw.dCBWTag);
508
509 /* echo back tag */
510 USETDW(sc->sc_csw.dCSWTag, tag);
511
512 /* reset status */
513 sc->sc_csw.bCSWStatus = 0;
514
515 /* reset data offset, data length and data remainder */
516 sc->sc_transfer.offset = 0;
517 sc->sc_transfer.data_rem =
518 UGETDW(sc->sc_cbw.dCBWDataTransferLength);
519
520 /* reset data flags */
521 sc->sc_transfer.data_short = 0;
522
523 /* extract LUN */
524 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN;
525
526 if (sc->sc_transfer.data_rem == 0) {
527 sc->sc_transfer.cbw_dir = DIR_NONE;
528 } else {
529 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) {
530 sc->sc_transfer.cbw_dir = DIR_WRITE;
531 } else {
532 sc->sc_transfer.cbw_dir = DIR_READ;
533 }
534 }
535
536 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength;
537 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) ||
538 (sc->sc_transfer.cmd_len == 0)) {
539 /* just halt - this is invalid */
540 DPRINTF("invalid command length %d bytes\n",
541 sc->sc_transfer.cmd_len);
542 break;
543 }
544 bcopy(sc->sc_cbw.CBWCDB, sc->sc_transfer.cmd_data,
545 sc->sc_transfer.cmd_len);
546
547 bzero(sc->sc_cbw.CBWCDB + sc->sc_transfer.cmd_len,
548 sizeof(sc->sc_cbw.CBWCDB) - sc->sc_transfer.cmd_len);
549
550 error = ustorage_fs_do_cmd(sc);
551 if (error) {
552 /* got an error */
553 DPRINTF("command failed\n");
554 break;
555 }
556 if ((sc->sc_transfer.data_rem > 0) &&
557 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
558 /* contradicting data transfer direction */
559 error = 1;
560 DPRINTF("data direction mismatch\n");
561 break;
562 }
563 switch (sc->sc_transfer.cbw_dir) {
564 case DIR_READ:
565 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
566 break;
567 case DIR_WRITE:
568 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
569 break;
570 default:
571 ustorage_fs_transfer_start(sc,
572 USTORAGE_FS_T_BBB_STATUS);
573 break;
574 }
575 break;
576
577 case USB_ST_SETUP:
578tr_setup:
579 if (sc->sc_transfer.data_error) {
580 sc->sc_transfer.data_error = 0;
581 xfer->flags.stall_pipe = 1;
582 DPRINTF("stall pipe\n");
583 } else {
584 xfer->flags.stall_pipe = 0;
585 }
586
587 xfer->frlengths[0] = sizeof(sc->sc_cbw);
588 usb2_set_frame_data(xfer, &sc->sc_cbw, 0);
589 usb2_start_hardware(xfer);
590 break;
591
592 default: /* Error */
593 DPRINTF("error\n");
594 if (xfer->error == USB_ERR_CANCELLED) {
595 break;
596 }
597 /* If the pipe is already stalled, don't do another stall */
598 if (!xfer->pipe->is_stalled) {
599 sc->sc_transfer.data_error = 1;
600 }
601 /* try again */
602 goto tr_setup;
603 }
604 if (error) {
605 if (sc->sc_csw.bCSWStatus == 0) {
606 /* set some default error code */
607 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
608 }
609 if (sc->sc_transfer.cbw_dir == DIR_READ) {
610 /* dump all data */
611 ustorage_fs_transfer_start(sc,
612 USTORAGE_FS_T_BBB_DATA_DUMP);
613 return;
614 }
615 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
616 /* need to stall before status */
617 sc->sc_transfer.data_error = 1;
618 }
619 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
620 }
621}
622
623static void
624ustorage_fs_t_bbb_data_dump_callback(struct usb2_xfer *xfer)
625{
626 struct ustorage_fs_softc *sc = xfer->priv_sc;
627 uint32_t max_bulk = xfer->max_data_length;
628
629 DPRINTF("\n");
630
631 switch (USB_GET_STATE(xfer)) {
632 case USB_ST_TRANSFERRED:
633 sc->sc_transfer.data_rem -= xfer->actlen;
634 sc->sc_transfer.offset += xfer->actlen;
635
636 if ((xfer->actlen != xfer->sumlen) ||
637 (sc->sc_transfer.data_rem == 0)) {
638 /* short transfer or end of data */
639 ustorage_fs_transfer_start(sc,
640 USTORAGE_FS_T_BBB_STATUS);
641 break;
642 }
643 /* Fallthrough */
644
645 case USB_ST_SETUP:
646tr_setup:
647 if (max_bulk > sc->sc_transfer.data_rem) {
648 max_bulk = sc->sc_transfer.data_rem;
649 }
650 if (sc->sc_transfer.data_error) {
651 sc->sc_transfer.data_error = 0;
652 xfer->flags.stall_pipe = 1;
653 } else {
654 xfer->flags.stall_pipe = 0;
655 }
656 xfer->frlengths[0] = max_bulk;
657 usb2_start_hardware(xfer);
658 break;
659
660 default: /* Error */
661 if (xfer->error == USB_ERR_CANCELLED) {
662 break;
663 }
664 /*
665 * If the pipe is already stalled, don't do another stall:
666 */
667 if (!xfer->pipe->is_stalled) {
668 sc->sc_transfer.data_error = 1;
669 }
670 /* try again */
671 goto tr_setup;
672 }
673}
674
675static void
676ustorage_fs_t_bbb_data_read_callback(struct usb2_xfer *xfer)
677{
678 struct ustorage_fs_softc *sc = xfer->priv_sc;
679 uint32_t max_bulk = xfer->max_data_length;
680
681 DPRINTF("\n");
682
683 switch (USB_GET_STATE(xfer)) {
684 case USB_ST_TRANSFERRED:
685 sc->sc_transfer.data_rem -= xfer->actlen;
686 sc->sc_transfer.data_ptr += xfer->actlen;
687 sc->sc_transfer.offset += xfer->actlen;
688
689 if ((xfer->actlen != xfer->sumlen) ||
690 (sc->sc_transfer.data_rem == 0)) {
691 /* short transfer or end of data */
692 ustorage_fs_transfer_start(sc,
693 USTORAGE_FS_T_BBB_STATUS);
694 break;
695 }
696 /* Fallthrough */
697
698 case USB_ST_SETUP:
699tr_setup:
700 if (max_bulk > sc->sc_transfer.data_rem) {
701 max_bulk = sc->sc_transfer.data_rem;
702 }
703 if (sc->sc_transfer.data_error) {
704 sc->sc_transfer.data_error = 0;
705 xfer->flags.stall_pipe = 1;
706 } else {
707 xfer->flags.stall_pipe = 0;
708 }
709
710 xfer->frlengths[0] = max_bulk;
711 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0);
712 usb2_start_hardware(xfer);
713 break;
714
715 default: /* Error */
716 if (xfer->error == USB_ERR_CANCELLED) {
717 break;
718 }
719 /* If the pipe is already stalled, don't do another stall */
720 if (!xfer->pipe->is_stalled) {
721 sc->sc_transfer.data_error = 1;
722 }
723 /* try again */
724 goto tr_setup;
725 }
726}
727
728static void
729ustorage_fs_t_bbb_data_write_callback(struct usb2_xfer *xfer)
730{
731 struct ustorage_fs_softc *sc = xfer->priv_sc;
732 uint32_t max_bulk = xfer->max_data_length;
733
734 DPRINTF("\n");
735
736 switch (USB_GET_STATE(xfer)) {
737 case USB_ST_TRANSFERRED:
738 sc->sc_transfer.data_rem -= xfer->actlen;
739 sc->sc_transfer.data_ptr += xfer->actlen;
740 sc->sc_transfer.offset += xfer->actlen;
741
742 if ((xfer->actlen != xfer->sumlen) ||
743 (sc->sc_transfer.data_rem == 0)) {
744 /* short transfer or end of data */
745 ustorage_fs_transfer_start(sc,
746 USTORAGE_FS_T_BBB_STATUS);
747 break;
748 }
749 case USB_ST_SETUP:
750tr_setup:
751 if (max_bulk >= sc->sc_transfer.data_rem) {
752 max_bulk = sc->sc_transfer.data_rem;
753 if (sc->sc_transfer.data_short) {
754 xfer->flags.force_short_xfer = 1;
755 } else {
756 xfer->flags.force_short_xfer = 0;
757 }
758 } else {
759 xfer->flags.force_short_xfer = 0;
760 }
761
762 if (sc->sc_transfer.data_error) {
763 sc->sc_transfer.data_error = 0;
764 xfer->flags.stall_pipe = 1;
765 } else {
766 xfer->flags.stall_pipe = 0;
767 }
768
769 xfer->frlengths[0] = max_bulk;
770 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0);
771 usb2_start_hardware(xfer);
772 break;
773
774 default: /* Error */
775 if (xfer->error == USB_ERR_CANCELLED) {
776 break;
777 }
778 /*
779 * If the pipe is already stalled, don't do another
780 * stall
781 */
782 if (!xfer->pipe->is_stalled) {
783 sc->sc_transfer.data_error = 1;
784 }
785 /* try again */
786 goto tr_setup;
787 }
788}
789
790static void
791ustorage_fs_t_bbb_status_callback(struct usb2_xfer *xfer)
792{
793 struct ustorage_fs_softc *sc = xfer->priv_sc;
794
795 DPRINTF("\n");
796
797 switch (USB_GET_STATE(xfer)) {
798 case USB_ST_TRANSFERRED:
799 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
800 break;
801
802 case USB_ST_SETUP:
803tr_setup:
804 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE);
805 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem);
806
807 if (sc->sc_transfer.data_error) {
808 sc->sc_transfer.data_error = 0;
809 xfer->flags.stall_pipe = 1;
810 } else {
811 xfer->flags.stall_pipe = 0;
812 }
813
814 xfer->frlengths[0] = sizeof(sc->sc_csw);
815 usb2_set_frame_data(xfer, &sc->sc_csw, 0);
816 usb2_start_hardware(xfer);
817 break;
818
819 default:
820 if (xfer->error == USB_ERR_CANCELLED) {
821 break;
822 }
823 /* If the pipe is already stalled, don't do another stall */
824 if (!xfer->pipe->is_stalled) {
825 sc->sc_transfer.data_error = 1;
826 }
827 /* try again */
828 goto tr_setup;
829 }
830}
831
832/* SCSI commands that we recognize */
833#define SC_FORMAT_UNIT 0x04
834#define SC_INQUIRY 0x12
835#define SC_MODE_SELECT_6 0x15
836#define SC_MODE_SELECT_10 0x55
837#define SC_MODE_SENSE_6 0x1a
838#define SC_MODE_SENSE_10 0x5a
839#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
840#define SC_READ_6 0x08
841#define SC_READ_10 0x28
842#define SC_READ_12 0xa8
843#define SC_READ_CAPACITY 0x25
844#define SC_READ_FORMAT_CAPACITIES 0x23
845#define SC_RELEASE 0x17
846#define SC_REQUEST_SENSE 0x03
847#define SC_RESERVE 0x16
848#define SC_SEND_DIAGNOSTIC 0x1d
849#define SC_START_STOP_UNIT 0x1b
850#define SC_SYNCHRONIZE_CACHE 0x35
851#define SC_TEST_UNIT_READY 0x00
852#define SC_VERIFY 0x2f
853#define SC_WRITE_6 0x0a
854#define SC_WRITE_10 0x2a
855#define SC_WRITE_12 0xaa
856
857/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
858#define SS_NO_SENSE 0
859#define SS_COMMUNICATION_FAILURE 0x040800
860#define SS_INVALID_COMMAND 0x052000
861#define SS_INVALID_FIELD_IN_CDB 0x052400
862#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
863#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
864#define SS_MEDIUM_NOT_PRESENT 0x023a00
865#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
866#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
867#define SS_RESET_OCCURRED 0x062900
868#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
869#define SS_UNRECOVERED_READ_ERROR 0x031100
870#define SS_WRITE_ERROR 0x030c02
871#define SS_WRITE_PROTECTED 0x072700
872
873#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
874#define ASC(x) ((uint8_t) ((x) >> 8))
875#define ASCQ(x) ((uint8_t) (x))
876
877/* Routines for unaligned data access */
878
879static uint16_t
880get_be16(uint8_t *buf)
881{
882 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
883}
884
885static uint32_t
886get_be32(uint8_t *buf)
887{
888 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
889 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
890}
891
892static void
893put_be16(uint8_t *buf, uint16_t val)
894{
895 buf[0] = val >> 8;
896 buf[1] = val;
897}
898
899static void
900put_be32(uint8_t *buf, uint32_t val)
901{
902 buf[0] = val >> 24;
903 buf[1] = val >> 16;
904 buf[2] = val >> 8;
905 buf[3] = val & 0xff;
906}
907
908/*------------------------------------------------------------------------*
909 * ustorage_fs_verify
910 *
911 * Returns:
912 * 0: Success
913 * Else: Failure
914 *------------------------------------------------------------------------*/
915static uint8_t
916ustorage_fs_verify(struct ustorage_fs_softc *sc)
917{
918 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
919 uint32_t lba;
920 uint32_t vlen;
921 uint64_t file_offset;
922 uint64_t amount_left;
923
924 /*
925 * Get the starting Logical Block Address
926 */
927 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
928
929 /*
930 * We allow DPO (Disable Page Out = don't save data in the cache)
931 * but we don't implement it.
932 */
933 if ((sc->sc_transfer.cmd_data[1] & ~0x10) != 0) {
934 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
935 return (1);
936 }
937 vlen = get_be16(&sc->sc_transfer.cmd_data[7]);
938 if (vlen == 0) {
939 goto done;
940 }
941 /* No default reply */
942
943 /* Prepare to carry out the file verify */
944 amount_left = vlen;
945 amount_left <<= 9;
946 file_offset = lba;
947 file_offset <<= 9;
948
949 /* Range check */
950 vlen += lba;
951
952 if ((vlen < lba) ||
953 (vlen > currlun->num_sectors) ||
954 (lba >= currlun->num_sectors)) {
955 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
956 return (1);
957 }
958 /* XXX TODO: verify that data is readable */
959done:
960 return (ustorage_fs_min_len(sc, 0, 0 - 1));
961}
962
963/*------------------------------------------------------------------------*
964 * ustorage_fs_inquiry
965 *
966 * Returns:
967 * 0: Success
968 * Else: Failure
969 *------------------------------------------------------------------------*/
970static uint8_t
971ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
972{
973 uint8_t *buf = sc->sc_transfer.data_ptr;
974
975 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
976
977 if (!sc->sc_transfer.currlun) {
978 /* Unsupported LUNs are okay */
979 memset(buf, 0, 36);
980 buf[0] = 0x7f;
981 /* Unsupported, no device - type */
982 return (ustorage_fs_min_len(sc, 36, 0 - 1));
983 }
984 memset(buf, 0, 8);
985 /* Non - removable, direct - access device */
986 if (currlun->removable)
987 buf[1] = 0x80;
988 buf[2] = 2;
989 /* ANSI SCSI level 2 */
990 buf[3] = 2;
991 /* SCSI - 2 INQUIRY data format */
992 buf[4] = 31;
993 /* Additional length */
994 /* No special options */
995 /* Copy in ID string */
996 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
997
998 return (ustorage_fs_min_len(sc, 36, 0 - 1));
999}
1000
1001/*------------------------------------------------------------------------*
1002 * ustorage_fs_request_sense
1003 *
1004 * Returns:
1005 * 0: Success
1006 * Else: Failure
1007 *------------------------------------------------------------------------*/
1008static uint8_t
1009ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1010{
1011 uint8_t *buf = sc->sc_transfer.data_ptr;
1012 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1013 uint32_t sd;
1014 uint32_t sdinfo;
1015 uint8_t valid;
1016
1017 /*
1018 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1019 *
1020 * If a REQUEST SENSE command is received from an initiator
1021 * with a pending unit attention condition (before the target
1022 * generates the contingent allegiance condition), then the
1023 * target shall either:
1024 * a) report any pending sense data and preserve the unit
1025 * attention condition on the logical unit, or,
1026 * b) report the unit attention condition, may discard any
1027 * pending sense data, and clear the unit attention
1028 * condition on the logical unit for that initiator.
1029 *
1030 * FSG normally uses option a); enable this code to use option b).
1031 */
1032#if 0
1033 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1034 currlun->sense_data = currlun->unit_attention_data;
1035 currlun->unit_attention_data = SS_NO_SENSE;
1036 }
1037#endif
1038
1039 if (!currlun) {
1040 /* Unsupported LUNs are okay */
1041 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1042 sdinfo = 0;
1043 valid = 0;
1044 } else {
1045 sd = currlun->sense_data;
1046 sdinfo = currlun->sense_data_info;
1047 valid = currlun->info_valid << 7;
1048 currlun->sense_data = SS_NO_SENSE;
1049 currlun->sense_data_info = 0;
1050 currlun->info_valid = 0;
1051 }
1052
1053 memset(buf, 0, 18);
1054 buf[0] = valid | 0x70;
1055 /* Valid, current error */
1056 buf[2] = SK(sd);
1057 put_be32(&buf[3], sdinfo);
1058 /* Sense information */
1059 buf[7] = 18 - 8;
1060 /* Additional sense length */
1061 buf[12] = ASC(sd);
1062 buf[13] = ASCQ(sd);
1063 return (ustorage_fs_min_len(sc, 18, 0 - 1));
1064}
1065
1066
1067/*------------------------------------------------------------------------*
1068 * ustorage_fs_read_capacity
1069 *
1070 * Returns:
1071 * 0: Success
1072 * Else: Failure
1073 *------------------------------------------------------------------------*/
1074static uint8_t
1075ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1076{
1077 uint8_t *buf = sc->sc_transfer.data_ptr;
1078 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1079 uint32_t lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1080 uint8_t pmi = sc->sc_transfer.cmd_data[8];
1081
1082 /* Check the PMI and LBA fields */
1083 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1084 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1085 return (1);
1086 }
1087 put_be32(&buf[0], currlun->num_sectors - 1);
1088 /* Max logical block */
1089 put_be32(&buf[4], 512);
1090 /* Block length */
1091 return (ustorage_fs_min_len(sc, 8, 0 - 1));
1092}
1093
1094
1095/*------------------------------------------------------------------------*
1096 * ustorage_fs_mode_sense
1097 *
1098 * Returns:
1099 * 0: Success
1100 * Else: Failure
1101 *------------------------------------------------------------------------*/
1102static uint8_t
1103ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1104{
1105 uint8_t *buf = sc->sc_transfer.data_ptr;
1106 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1107 uint8_t *buf0;
1108 uint16_t len;
1109 uint16_t limit;
1110 uint8_t mscmnd = sc->sc_transfer.cmd_data[0];
1111 uint8_t pc;
1112 uint8_t page_code;
1113 uint8_t changeable_values;
1114 uint8_t all_pages;
1115
1116 buf0 = buf;
1117
1118 if ((sc->sc_transfer.cmd_data[1] & ~0x08) != 0) {
1119 /* Mask away DBD */
1120 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1121 return (1);
1122 }
1123 pc = sc->sc_transfer.cmd_data[2] >> 6;
1124 page_code = sc->sc_transfer.cmd_data[2] & 0x3f;
1125 if (pc == 3) {
1126 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1127 return (1);
1128 }
1129 changeable_values = (pc == 1);
1130 all_pages = (page_code == 0x3f);
1131
1132 /*
1133 * Write the mode parameter header. Fixed values are: default
1134 * medium type, no cache control (DPOFUA), and no block descriptors.
1135 * The only variable value is the WriteProtect bit. We will fill in
1136 * the mode data length later.
1137 */
1138 memset(buf, 0, 8);
1139 if (mscmnd == SC_MODE_SENSE_6) {
1140 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1141 /* WP, DPOFUA */
1142 buf += 4;
1143 limit = 255;
1144 } else {
1145 /* SC_MODE_SENSE_10 */
1146 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1147 /* WP, DPOFUA */
1148 buf += 8;
1149 limit = 65535;
1150 /* Should really be mod_data.buflen */
1151 }
1152
1153 /* No block descriptors */
1154
1155 /*
1156 * The mode pages, in numerical order.
1157 */
1158 if ((page_code == 0x08) || all_pages) {
1159 buf[0] = 0x08;
1160 /* Page code */
1161 buf[1] = 10;
1162 /* Page length */
1163 memset(buf + 2, 0, 10);
1164 /* None of the fields are changeable */
1165
1166 if (!changeable_values) {
1167 buf[2] = 0x04;
1168 /* Write cache enable, */
1169 /* Read cache not disabled */
1170 /* No cache retention priorities */
1171 put_be16(&buf[4], 0xffff);
1172 /* Don 't disable prefetch */
1173 /* Minimum prefetch = 0 */
1174 put_be16(&buf[8], 0xffff);
1175 /* Maximum prefetch */
1176 put_be16(&buf[10], 0xffff);
1177 /* Maximum prefetch ceiling */
1178 }
1179 buf += 12;
1180 }
1181 /*
1182 * Check that a valid page was requested and the mode data length
1183 * isn't too long.
1184 */
1185 len = buf - buf0;
1186 if (len > limit) {
1187 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1188 return (1);
1189 }
1190 /* Store the mode data length */
1191 if (mscmnd == SC_MODE_SENSE_6)
1192 buf0[0] = len - 1;
1193 else
1194 put_be16(buf0, len - 2);
1195 return (ustorage_fs_min_len(sc, len, 0 - 1));
1196}
1197
1198/*------------------------------------------------------------------------*
1199 * ustorage_fs_start_stop
1200 *
1201 * Returns:
1202 * 0: Success
1203 * Else: Failure
1204 *------------------------------------------------------------------------*/
1205static uint8_t
1206ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1207{
1208 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1209 uint8_t loej;
1210 uint8_t start;
1211 uint8_t immed;
1212
1213 if (!currlun->removable) {
1214 currlun->sense_data = SS_INVALID_COMMAND;
1215 return (1);
1216 }
1217 immed = sc->sc_transfer.cmd_data[1] & 0x01;
1218 loej = sc->sc_transfer.cmd_data[4] & 0x02;
1219 start = sc->sc_transfer.cmd_data[4] & 0x01;
1220
1221 if (immed || loej || start) {
1222 /* compile fix */
1223 }
1224 return (0);
1225}
1226
1227/*------------------------------------------------------------------------*
1228 * ustorage_fs_prevent_allow
1229 *
1230 * Returns:
1231 * 0: Success
1232 * Else: Failure
1233 *------------------------------------------------------------------------*/
1234static uint8_t
1235ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1236{
1237 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1238 uint8_t prevent;
1239
1240 if (!currlun->removable) {
1241 currlun->sense_data = SS_INVALID_COMMAND;
1242 return (1);
1243 }
1244 prevent = sc->sc_transfer.cmd_data[4] & 0x01;
1245 if ((sc->sc_transfer.cmd_data[4] & ~0x01) != 0) {
1246 /* Mask away Prevent */
1247 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1248 return (1);
1249 }
1250 if (currlun->prevent_medium_removal && !prevent) {
1251 //fsync_sub(currlun);
1252 }
1253 currlun->prevent_medium_removal = prevent;
1254 return (0);
1255}
1256
1257/*------------------------------------------------------------------------*
1258 * ustorage_fs_read_format_capacities
1259 *
1260 * Returns:
1261 * 0: Success
1262 * Else: Failure
1263 *------------------------------------------------------------------------*/
1264static uint8_t
1265ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1266{
1267 uint8_t *buf = sc->sc_transfer.data_ptr;
1268 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1269
1270 buf[0] = buf[1] = buf[2] = 0;
1271 buf[3] = 8;
1272 /* Only the Current / Maximum Capacity Descriptor */
1273 buf += 4;
1274
1275 put_be32(&buf[0], currlun->num_sectors);
1276 /* Number of blocks */
1277 put_be32(&buf[4], 512);
1278 /* Block length */
1279 buf[4] = 0x02;
1280 /* Current capacity */
1281 return (ustorage_fs_min_len(sc, 12, 0 - 1));
1282}
1283
1284/*------------------------------------------------------------------------*
1285 * ustorage_fs_mode_select
1286 *
1287 * Return values:
1288 * 0: Success
1289 * Else: Failure
1290 *------------------------------------------------------------------------*/
1291static uint8_t
1292ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1293{
1294 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1295
1296 /* We don't support MODE SELECT */
1297 currlun->sense_data = SS_INVALID_COMMAND;
1298 return (1);
1299}
1300
1301/*------------------------------------------------------------------------*
1302 * ustorage_fs_synchronize_cache
1303 *
1304 * Return values:
1305 * 0: Success
1306 * Else: Failure
1307 *------------------------------------------------------------------------*/
1308static uint8_t
1309ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1310{
1311#if 0
1312 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1313 uint8_t rc;
1314
1315 /*
1316 * We ignore the requested LBA and write out all dirty data buffers.
1317 */
1318 rc = 0;
1319 if (rc) {
1320 currlun->sense_data = SS_WRITE_ERROR;
1321 }
1322#endif
1323 return (0);
1324}
1325
1326/*------------------------------------------------------------------------*
1327 * ustorage_fs_read - read data from disk
1328 *
1329 * Return values:
1330 * 0: Success
1331 * Else: Failure
1332 *------------------------------------------------------------------------*/
1333static uint8_t
1334ustorage_fs_read(struct ustorage_fs_softc *sc)
1335{
1336 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1337 uint64_t file_offset;
1338 uint32_t lba;
1339 uint32_t len;
1340
1341 /*
1342 * Get the starting Logical Block Address and check that it's not
1343 * too big
1344 */
1345 if (sc->sc_transfer.cmd_data[0] == SC_READ_6) {
1346 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) |
1347 get_be16(&sc->sc_transfer.cmd_data[2]);
1348 } else {
1349 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1350
1351 /*
1352 * We allow DPO (Disable Page Out = don't save data in the
1353 * cache) and FUA (Force Unit Access = don't read from the
1354 * cache), but we don't implement them.
1355 */
1356 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) {
1357 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1358 return (1);
1359 }
1360 }
1361 len = sc->sc_transfer.data_rem >> 9;
1362 len += lba;
1363
1364 if ((len < lba) ||
1365 (len > currlun->num_sectors) ||
1366 (lba >= currlun->num_sectors)) {
1367 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1368 return (1);
1369 }
1370 file_offset = lba;
1371 file_offset <<= 9;
1372
1373 sc->sc_transfer.data_ptr =
1374 USB_ADD_BYTES(currlun->memory_image, (uint32_t)file_offset);
1375
1376 return (0);
1377}
1378
1379/*------------------------------------------------------------------------*
1380 * ustorage_fs_write - write data to disk
1381 *
1382 * Return values:
1383 * 0: Success
1384 * Else: Failure
1385 *------------------------------------------------------------------------*/
1386static uint8_t
1387ustorage_fs_write(struct ustorage_fs_softc *sc)
1388{
1389 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1390 uint64_t file_offset;
1391 uint32_t lba;
1392 uint32_t len;
1393
1394 if (currlun->read_only) {
1395 currlun->sense_data = SS_WRITE_PROTECTED;
1396 return (1);
1397 }
1398 /* XXX clear SYNC */
1399
1400 /*
1401 * Get the starting Logical Block Address and check that it's not
1402 * too big.
1403 */
1404 if (sc->sc_transfer.cmd_data[0] == SC_WRITE_6)
1405 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) |
1406 get_be16(&sc->sc_transfer.cmd_data[2]);
1407 else {
1408 lba = get_be32(&sc->sc_transfer.cmd_data[2]);
1409
1410 /*
1411 * We allow DPO (Disable Page Out = don't save data in the
1412 * cache) and FUA (Force Unit Access = write directly to the
1413 * medium). We don't implement DPO; we implement FUA by
1414 * performing synchronous output.
1415 */
1416 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) {
1417 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1418 return (1);
1419 }
1420 if (sc->sc_transfer.cmd_data[1] & 0x08) {
1421 /* FUA */
1422 /* XXX set SYNC flag here */
1423 }
1424 }
1425
1426 len = sc->sc_transfer.data_rem >> 9;
1427 len += lba;
1428
1429 if ((len < lba) ||
1430 (len > currlun->num_sectors) ||
1431 (lba >= currlun->num_sectors)) {
1432 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1433 return (1);
1434 }
1435 file_offset = lba;
1436 file_offset <<= 9;
1437
1438 sc->sc_transfer.data_ptr =
1439 USB_ADD_BYTES(currlun->memory_image, (uint32_t)file_offset);
1440
1441 return (0);
1442}
1443
1444/*------------------------------------------------------------------------*
1445 * ustorage_fs_min_len
1446 *
1447 * Return values:
1448 * 0: Success
1449 * Else: Failure
1450 *------------------------------------------------------------------------*/
1451static uint8_t
1452ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1453{
1454 if (len != sc->sc_transfer.data_rem) {
1455
1456 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1457 /*
1458 * there must be something wrong about this SCSI
1459 * command
1460 */
1461 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1462 return (1);
1463 }
1464 /* compute the minimum length */
1465
1466 if (sc->sc_transfer.data_rem > len) {
1467 /* data ends prematurely */
1468 sc->sc_transfer.data_rem = len;
1469 sc->sc_transfer.data_short = 1;
1470 }
1471 /* check length alignment */
1472
1473 if (sc->sc_transfer.data_rem & ~mask) {
1474 /* data ends prematurely */
1475 sc->sc_transfer.data_rem &= mask;
1476 sc->sc_transfer.data_short = 1;
1477 }
1478 }
1479 return (0);
1480}
1481
1482/*------------------------------------------------------------------------*
1483 * ustorage_fs_check_cmd - check command routine
1484 *
1485 * Check whether the command is properly formed and whether its data
1486 * size and direction agree with the values we already have.
1487 *
1488 * Return values:
1489 * 0: Success
1490 * Else: Failure
1491 *------------------------------------------------------------------------*/
1492static uint8_t
1493ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1494 uint16_t mask, uint8_t needs_medium)
1495{
1496 struct ustorage_fs_lun *currlun;
1497 uint8_t lun = (sc->sc_transfer.cmd_data[1] >> 5);
1498 uint8_t i;
1499
1500 /* Verify the length of the command itself */
1501 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1502 DPRINTF("%u > %u\n",
1503 min_cmd_size, sc->sc_transfer.cmd_len);
1504 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE;
1505 return (1);
1506 }
1507 /* Mask away the LUN */
1508 sc->sc_transfer.cmd_data[1] &= 0x1f;
1509
1510 /* Check if LUN is correct */
1511 if (lun != sc->sc_transfer.lun) {
1512
1513 }
1514 /* Check the LUN */
1515 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1516 sc->sc_transfer.currlun = currlun =
1517 sc->sc_lun + sc->sc_transfer.lun;
1518 if (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE) {
1519 currlun->sense_data = SS_NO_SENSE;
1520 currlun->sense_data_info = 0;
1521 currlun->info_valid = 0;
1522 }
1523 /*
1524 * If a unit attention condition exists, only INQUIRY
1525 * and REQUEST SENSE commands are allowed. Anything
1526 * else must fail!
1527 */
1528 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1529 (sc->sc_transfer.cmd_data[0] != SC_INQUIRY) &&
1530 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) {
1531 currlun->sense_data = currlun->unit_attention_data;
1532 currlun->unit_attention_data = SS_NO_SENSE;
1533 return (1);
1534 }
1535 } else {
1536 sc->sc_transfer.currlun = currlun = NULL;
1537
1538 /*
1539 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1540 * to use unsupported LUNs; all others may not.
1541 */
1542 if ((sc->sc_transfer.cmd_data[0] != SC_INQUIRY) &&
1543 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) {
1544 return (1);
1545 }
1546 }
1547
1548 /*
1549 * Check that only command bytes listed in the mask are
1550 * non-zero.
1551 */
1552 for (i = 0; i != min_cmd_size; i++) {
1553 if (sc->sc_transfer.cmd_data[i] && !(mask & (1UL << i))) {
1554 if (currlun) {
1555 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1556 }
1557 return (1);
1558 }
1559 }
1560
1561 /*
1562 * If the medium isn't mounted and the command needs to access
1563 * it, return an error.
1564 */
1565 if (currlun && (!currlun->memory_image) && needs_medium) {
1566 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1567 return (1);
1568 }
1569 return (0);
1570}
1571
1572/*------------------------------------------------------------------------*
1573 * ustorage_fs_do_cmd - do command
1574 *
1575 * Return values:
1576 * 0: Success
1577 * Else: Failure
1578 *------------------------------------------------------------------------*/
1579static uint8_t
1580ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1581{
1582 uint8_t error = 1;
1583 uint8_t i;
1584 uint32_t temp;
1585
1586 /* set default data transfer pointer */
1587 sc->sc_transfer.data_ptr = sc->sc_qdata;
1588
1589 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1590 sc->sc_transfer.cmd_data[0], sc->sc_transfer.data_rem);
1591
1592 switch (sc->sc_transfer.cmd_data[0]) {
1593 case SC_INQUIRY:
1594 sc->sc_transfer.cmd_dir = DIR_WRITE;
1595 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1596 if (error) {
1597 break;
1598 }
1599 error = ustorage_fs_check_cmd(sc, 6,
1600 (1UL << 4) | 1, 0);
1601 if (error) {
1602 break;
1603 }
1604 error = ustorage_fs_inquiry(sc);
1605
1606 break;
1607
1608 case SC_MODE_SELECT_6:
1609 sc->sc_transfer.cmd_dir = DIR_READ;
1610 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1611 if (error) {
1612 break;
1613 }
1614 error = ustorage_fs_check_cmd(sc, 6,
1615 (1UL << 1) | (1UL << 4) | 1, 0);
1616 if (error) {
1617 break;
1618 }
1619 error = ustorage_fs_mode_select(sc);
1620
1621 break;
1622
1623 case SC_MODE_SELECT_10:
1624 sc->sc_transfer.cmd_dir = DIR_READ;
1625 error = ustorage_fs_min_len(sc,
1626 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1627 if (error) {
1628 break;
1629 }
1630 error = ustorage_fs_check_cmd(sc, 10,
1631 (1UL << 1) | (3UL << 7) | 1, 0);
1632 if (error) {
1633 break;
1634 }
1635 error = ustorage_fs_mode_select(sc);
1636
1637 break;
1638
1639 case SC_MODE_SENSE_6:
1640 sc->sc_transfer.cmd_dir = DIR_WRITE;
1641 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1642 if (error) {
1643 break;
1644 }
1645 error = ustorage_fs_check_cmd(sc, 6,
1646 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1647 if (error) {
1648 break;
1649 }
1650 error = ustorage_fs_mode_sense(sc);
1651
1652 break;
1653
1654 case SC_MODE_SENSE_10:
1655 sc->sc_transfer.cmd_dir = DIR_WRITE;
1656 error = ustorage_fs_min_len(sc,
1657 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1658 if (error) {
1659 break;
1660 }
1661 error = ustorage_fs_check_cmd(sc, 10,
1662 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1663 if (error) {
1664 break;
1665 }
1666 error = ustorage_fs_mode_sense(sc);
1667
1668 break;
1669
1670 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1671 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1672 if (error) {
1673 break;
1674 }
1675 error = ustorage_fs_check_cmd(sc, 6,
1676 (1UL << 4) | 1, 0);
1677 if (error) {
1678 break;
1679 }
1680 error = ustorage_fs_prevent_allow(sc);
1681
1682 break;
1683
1684 case SC_READ_6:
1685 i = sc->sc_transfer.cmd_data[4];
1686 sc->sc_transfer.cmd_dir = DIR_WRITE;
1687 temp = ((i == 0) ? 256UL : i);
1688 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1689 if (error) {
1690 break;
1691 }
1692 error = ustorage_fs_check_cmd(sc, 6,
1693 (7UL << 1) | (1UL << 4) | 1, 1);
1694 if (error) {
1695 break;
1696 }
1697 error = ustorage_fs_read(sc);
1698
1699 break;
1700
1701 case SC_READ_10:
1702 sc->sc_transfer.cmd_dir = DIR_WRITE;
1703 temp = get_be16(&sc->sc_transfer.cmd_data[7]);
1704 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1705 if (error) {
1706 break;
1707 }
1708 error = ustorage_fs_check_cmd(sc, 10,
1709 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1710 if (error) {
1711 break;
1712 }
1713 error = ustorage_fs_read(sc);
1714
1715 break;
1716
1717 case SC_READ_12:
1718 sc->sc_transfer.cmd_dir = DIR_WRITE;
1719 temp = get_be32(&sc->sc_transfer.cmd_data[6]);
1720 if (temp >= (1UL << (32 - 9))) {
1721 /* numerical overflow */
1722 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1723 error = 1;
1724 break;
1725 }
1726 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1727 if (error) {
1728 break;
1729 }
1730 error = ustorage_fs_check_cmd(sc, 12,
1731 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1732 if (error) {
1733 break;
1734 }
1735 error = ustorage_fs_read(sc);
1736
1737 break;
1738
1739 case SC_READ_CAPACITY:
1740 sc->sc_transfer.cmd_dir = DIR_WRITE;
1741 error = ustorage_fs_check_cmd(sc, 10,
1742 (0xfUL << 2) | (1UL << 8) | 1, 1);
1743 if (error) {
1744 break;
1745 }
1746 error = ustorage_fs_read_capacity(sc);
1747
1748 break;
1749
1750 case SC_READ_FORMAT_CAPACITIES:
1751 sc->sc_transfer.cmd_dir = DIR_WRITE;
1752 error = ustorage_fs_min_len(sc,
1753 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1);
1754 if (error) {
1755 break;
1756 }
1757 error = ustorage_fs_check_cmd(sc, 10,
1758 (3UL << 7) | 1, 1);
1759 if (error) {
1760 break;
1761 }
1762 error = ustorage_fs_read_format_capacities(sc);
1763
1764 break;
1765
1766 case SC_REQUEST_SENSE:
1767 sc->sc_transfer.cmd_dir = DIR_WRITE;
1768 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1);
1769 if (error) {
1770 break;
1771 }
1772 error = ustorage_fs_check_cmd(sc, 6,
1773 (1UL << 4) | 1, 0);
1774 if (error) {
1775 break;
1776 }
1777 error = ustorage_fs_request_sense(sc);
1778
1779 break;
1780
1781 case SC_START_STOP_UNIT:
1782 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1783 if (error) {
1784 break;
1785 }
1786 error = ustorage_fs_check_cmd(sc, 6,
1787 (1UL << 1) | (1UL << 4) | 1, 0);
1788 if (error) {
1789 break;
1790 }
1791 error = ustorage_fs_start_stop(sc);
1792
1793 break;
1794
1795 case SC_SYNCHRONIZE_CACHE:
1796 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1797 if (error) {
1798 break;
1799 }
1800 error = ustorage_fs_check_cmd(sc, 10,
1801 (0xfUL << 2) | (3UL << 7) | 1, 1);
1802 if (error) {
1803 break;
1804 }
1805 error = ustorage_fs_synchronize_cache(sc);
1806
1807 break;
1808
1809 case SC_TEST_UNIT_READY:
1810 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1811 if (error) {
1812 break;
1813 }
1814 error = ustorage_fs_check_cmd(sc, 6,
1815 0 | 1, 1);
1816 break;
1817
1818 /*
1819 * Although optional, this command is used by MS-Windows.
1820 * We support a minimal version: BytChk must be 0.
1821 */
1822 case SC_VERIFY:
1823 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1824 if (error) {
1825 break;
1826 }
1827 error = ustorage_fs_check_cmd(sc, 10,
1828 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1829 if (error) {
1830 break;
1831 }
1832 error = ustorage_fs_verify(sc);
1833
1834 break;
1835
1836 case SC_WRITE_6:
1837 i = sc->sc_transfer.cmd_data[4];
1838 sc->sc_transfer.cmd_dir = DIR_READ;
1839 temp = ((i == 0) ? 256UL : i);
1840 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1841 if (error) {
1842 break;
1843 }
1844 error = ustorage_fs_check_cmd(sc, 6,
1845 (7UL << 1) | (1UL << 4) | 1, 1);
1846 if (error) {
1847 break;
1848 }
1849 error = ustorage_fs_write(sc);
1850
1851 break;
1852
1853 case SC_WRITE_10:
1854 sc->sc_transfer.cmd_dir = DIR_READ;
1855 temp = get_be16(&sc->sc_transfer.cmd_data[7]);
1856 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1857 if (error) {
1858 break;
1859 }
1860 error = ustorage_fs_check_cmd(sc, 10,
1861 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1862 if (error) {
1863 break;
1864 }
1865 error = ustorage_fs_write(sc);
1866
1867 break;
1868
1869 case SC_WRITE_12:
1870 sc->sc_transfer.cmd_dir = DIR_READ;
1871 temp = get_be32(&sc->sc_transfer.cmd_data[6]);
1872 if (temp >= (1UL << (32 - 9))) {
1873 /* numerical overflow */
1874 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED;
1875 error = 1;
1876 break;
1877 }
1878 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9));
1879 if (error) {
1880 break;
1881 }
1882 error = ustorage_fs_check_cmd(sc, 12,
1883 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1884 if (error) {
1885 break;
1886 }
1887 error = ustorage_fs_write(sc);
1888
1889 break;
1890
1891 /*
1892 * Some mandatory commands that we recognize but don't
1893 * implement. They don't mean much in this setting.
1894 * It's left as an exercise for anyone interested to
1895 * implement RESERVE and RELEASE in terms of Posix
1896 * locks.
1897 */
1898 case SC_FORMAT_UNIT:
1899 case SC_RELEASE:
1900 case SC_RESERVE:
1901 case SC_SEND_DIAGNOSTIC:
1902 /* Fallthrough */
1903
1904 default:
1905 error = ustorage_fs_min_len(sc, 0, 0 - 1);
1906 if (error) {
1907 break;
1908 }
1909 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1910 0xff, 0);
1911 if (error) {
1912 break;
1913 }
1914 sc->sc_transfer.currlun->sense_data =
1915 SS_INVALID_COMMAND;
1916 error = 1;
1917
1918 break;
1919 }
1920 return (error);
1921}