ustorage_fs.c revision 190181
1/* $FreeBSD: head/sys/dev/usb/storage/ustorage_fs.c 190181 2009-03-20 21:50:54Z thompsa $ */ 2/*- 3 * Copyright (C) 2003-2005 Alan Stern 4 * Copyright (C) 2008 Hans Petter Selasky 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34/* 35 * NOTE: Much of the SCSI statemachine handling code derives from the 36 * Linux USB gadget stack. 37 */ 38#include "usbdevs.h" 39#include <dev/usb/usb.h> 40#include <dev/usb/usb_mfunc.h> 41#include <dev/usb/usb_error.h> 42 43#define USB_DEBUG_VAR ustorage_fs_debug 44 45#include <dev/usb/usb_core.h> 46#include <dev/usb/usb_util.h> 47#include <dev/usb/usb_busdma.h> 48#include <dev/usb/usb_debug.h> 49#include <dev/usb/usb_process.h> 50#include <dev/usb/usb_device.h> 51 52#if USB_DEBUG 53static int ustorage_fs_debug = 0; 54 55SYSCTL_NODE(_hw_usb2, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs"); 56SYSCTL_INT(_hw_usb2_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW, 57 &ustorage_fs_debug, 0, "ustorage_fs debug level"); 58#endif 59 60/* Define some limits */ 61 62#ifndef USTORAGE_FS_BULK_SIZE 63#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */ 64#endif 65 66#define USTORAGE_FS_MAX_LUN 8 /* units */ 67 68/* 69 * The SCSI ID string must be exactly 28 characters long 70 * exluding the terminating zero. 71 */ 72#ifndef USTORAGE_FS_ID_STRING 73#define USTORAGE_FS_ID_STRING \ 74 "FreeBSD " /* 8 */ \ 75 "File-Stor Gadget" /* 16 */ \ 76 "0101" /* 4 */ 77#endif 78 79/* 80 * The following macro defines the number of 81 * sectors to be allocated for the RAM disk: 82 */ 83#ifndef USTORAGE_FS_RAM_SECT 84#define USTORAGE_FS_RAM_SECT (1UL << 13) 85#endif 86 87static uint8_t *ustorage_fs_ramdisk; 88 89/* USB transfer definitions */ 90 91#define USTORAGE_FS_T_BBB_COMMAND 0 92#define USTORAGE_FS_T_BBB_DATA_DUMP 1 93#define USTORAGE_FS_T_BBB_DATA_READ 2 94#define USTORAGE_FS_T_BBB_DATA_WRITE 3 95#define USTORAGE_FS_T_BBB_STATUS 4 96#define USTORAGE_FS_T_BBB_MAX 5 97 98/* USB data stage direction */ 99 100#define DIR_NONE 0 101#define DIR_READ 1 102#define DIR_WRITE 2 103 104/* USB interface specific control request */ 105 106#define UR_BBB_RESET 0xff /* Bulk-Only reset */ 107#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */ 108 109/* Command Block Wrapper */ 110typedef struct { 111 uDWord dCBWSignature; 112#define CBWSIGNATURE 0x43425355 113 uDWord dCBWTag; 114 uDWord dCBWDataTransferLength; 115 uByte bCBWFlags; 116#define CBWFLAGS_OUT 0x00 117#define CBWFLAGS_IN 0x80 118 uByte bCBWLUN; 119 uByte bCDBLength; 120#define CBWCDBLENGTH 16 121 uByte CBWCDB[CBWCDBLENGTH]; 122} __packed ustorage_fs_bbb_cbw_t; 123 124#define USTORAGE_FS_BBB_CBW_SIZE 31 125 126/* Command Status Wrapper */ 127typedef struct { 128 uDWord dCSWSignature; 129#define CSWSIGNATURE 0x53425355 130 uDWord dCSWTag; 131 uDWord dCSWDataResidue; 132 uByte bCSWStatus; 133#define CSWSTATUS_GOOD 0x0 134#define CSWSTATUS_FAILED 0x1 135#define CSWSTATUS_PHASE 0x2 136} __packed ustorage_fs_bbb_csw_t; 137 138#define USTORAGE_FS_BBB_CSW_SIZE 13 139 140struct ustorage_fs_lun { 141 142 uint8_t *memory_image; 143 144 uint32_t num_sectors; 145 uint32_t sense_data; 146 uint32_t sense_data_info; 147 uint32_t unit_attention_data; 148 149 uint8_t read_only:1; 150 uint8_t prevent_medium_removal:1; 151 uint8_t info_valid:1; 152 uint8_t removable:1; 153}; 154 155struct ustorage_fs_softc { 156 157 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */ 158 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */ 159 160 struct mtx sc_mtx; 161 162 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN]; 163 164 struct { 165 uint8_t *data_ptr; 166 struct ustorage_fs_lun *currlun; 167 168 uint32_t data_rem; /* bytes, as reported by the command 169 * block wrapper */ 170 uint32_t offset; /* bytes */ 171 172 uint8_t cbw_dir; 173 uint8_t cmd_dir; 174 uint8_t lun; 175 uint8_t cmd_data[CBWCDBLENGTH]; 176 uint8_t cmd_len; 177 uint8_t data_short:1; 178 uint8_t data_error:1; 179 } sc_transfer; 180 181 device_t sc_dev; 182 struct usb2_device *sc_udev; 183 struct usb2_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX]; 184 185 uint32_t sc_unit; 186 187 uint8_t sc_name[16]; 188 uint8_t sc_iface_no; /* interface number */ 189 uint8_t sc_last_lun; 190 uint8_t sc_last_xfer_index; 191 uint8_t sc_qdata[1024]; 192}; 193 194/* prototypes */ 195 196static device_probe_t ustorage_fs_probe; 197static device_attach_t ustorage_fs_attach; 198static device_detach_t ustorage_fs_detach; 199static device_suspend_t ustorage_fs_suspend; 200static device_resume_t ustorage_fs_resume; 201static device_shutdown_t ustorage_fs_shutdown; 202static usb_handle_request_t ustorage_fs_handle_request; 203 204static usb2_callback_t ustorage_fs_t_bbb_command_callback; 205static usb2_callback_t ustorage_fs_t_bbb_data_dump_callback; 206static usb2_callback_t ustorage_fs_t_bbb_data_read_callback; 207static usb2_callback_t ustorage_fs_t_bbb_data_write_callback; 208static usb2_callback_t ustorage_fs_t_bbb_status_callback; 209 210static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index); 211static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc); 212 213static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc); 214static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc); 215static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc); 216static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc); 217static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc); 218static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc); 219static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc); 220static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc); 221static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc); 222static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask); 223static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc); 224static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc); 225static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium); 226static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc); 227 228static device_method_t ustorage_fs_methods[] = { 229 /* USB interface */ 230 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request), 231 232 /* Device interface */ 233 DEVMETHOD(device_probe, ustorage_fs_probe), 234 DEVMETHOD(device_attach, ustorage_fs_attach), 235 DEVMETHOD(device_detach, ustorage_fs_detach), 236 DEVMETHOD(device_suspend, ustorage_fs_suspend), 237 DEVMETHOD(device_resume, ustorage_fs_resume), 238 DEVMETHOD(device_shutdown, ustorage_fs_shutdown), 239 240 {0, 0} 241}; 242 243static driver_t ustorage_fs_driver = { 244 .name = "ustorage_fs", 245 .methods = ustorage_fs_methods, 246 .size = sizeof(struct ustorage_fs_softc), 247}; 248 249static devclass_t ustorage_fs_devclass; 250 251DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0); 252MODULE_VERSION(ustorage_fs, 0); 253MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1); 254 255struct usb2_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = { 256 257 [USTORAGE_FS_T_BBB_COMMAND] = { 258 .type = UE_BULK, 259 .endpoint = UE_ADDR_ANY, 260 .direction = UE_DIR_OUT, 261 .md.bufsize = sizeof(ustorage_fs_bbb_cbw_t), 262 .md.flags = {.ext_buffer = 1,}, 263 .md.callback = &ustorage_fs_t_bbb_command_callback, 264 }, 265 266 [USTORAGE_FS_T_BBB_DATA_DUMP] = { 267 .type = UE_BULK, 268 .endpoint = UE_ADDR_ANY, 269 .direction = UE_DIR_OUT, 270 .md.bufsize = 0, /* use wMaxPacketSize */ 271 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,}, 272 .md.callback = &ustorage_fs_t_bbb_data_dump_callback, 273 }, 274 275 [USTORAGE_FS_T_BBB_DATA_READ] = { 276 .type = UE_BULK, 277 .endpoint = UE_ADDR_ANY, 278 .direction = UE_DIR_OUT, 279 .md.bufsize = USTORAGE_FS_BULK_SIZE, 280 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 281 .md.callback = &ustorage_fs_t_bbb_data_read_callback, 282 }, 283 284 [USTORAGE_FS_T_BBB_DATA_WRITE] = { 285 .type = UE_BULK, 286 .endpoint = UE_ADDR_ANY, 287 .direction = UE_DIR_IN, 288 .md.bufsize = USTORAGE_FS_BULK_SIZE, 289 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 290 .md.callback = &ustorage_fs_t_bbb_data_write_callback, 291 }, 292 293 [USTORAGE_FS_T_BBB_STATUS] = { 294 .type = UE_BULK, 295 .endpoint = UE_ADDR_ANY, 296 .direction = UE_DIR_IN, 297 .md.bufsize = sizeof(ustorage_fs_bbb_csw_t), 298 .md.flags = {.short_xfer_ok = 1,.ext_buffer = 1,}, 299 .md.callback = &ustorage_fs_t_bbb_status_callback, 300 }, 301}; 302 303/* 304 * USB device probe/attach/detach 305 */ 306 307static int 308ustorage_fs_probe(device_t dev) 309{ 310 struct usb2_attach_arg *uaa = device_get_ivars(dev); 311 struct usb2_interface_descriptor *id; 312 313 if (uaa->usb2_mode != USB_MODE_DEVICE) { 314 return (ENXIO); 315 } 316 if (uaa->use_generic == 0) { 317 /* give other drivers a try first */ 318 return (ENXIO); 319 } 320 /* Check for a standards compliant device */ 321 id = usb2_get_interface_descriptor(uaa->iface); 322 if ((id == NULL) || 323 (id->bInterfaceClass != UICLASS_MASS) || 324 (id->bInterfaceSubClass != UISUBCLASS_SCSI) || 325 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { 326 return (ENXIO); 327 } 328 return (0); 329} 330 331static int 332ustorage_fs_attach(device_t dev) 333{ 334 struct ustorage_fs_softc *sc = device_get_softc(dev); 335 struct usb2_attach_arg *uaa = device_get_ivars(dev); 336 struct usb2_interface_descriptor *id; 337 int err; 338 339 /* 340 * NOTE: the softc struct is bzero-ed in device_set_driver. 341 * We can safely call ustorage_fs_detach without specifically 342 * initializing the struct. 343 */ 344 345 sc->sc_dev = dev; 346 sc->sc_udev = uaa->device; 347 sc->sc_unit = device_get_unit(dev); 348 349 if (sc->sc_unit == 0) { 350 if (ustorage_fs_ramdisk == NULL) { 351 /* 352 * allocate a memory image for our ramdisk until 353 * further 354 */ 355 ustorage_fs_ramdisk = 356 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK); 357 if (ustorage_fs_ramdisk == NULL) { 358 return (ENOMEM); 359 } 360 } 361 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk; 362 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT; 363 sc->sc_lun[0].removable = 1; 364 } 365 snprintf(sc->sc_name, sizeof(sc->sc_name), 366 "%s", device_get_nameunit(dev)); 367 368 device_set_usb2_desc(dev); 369 370 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock", 371 NULL, (MTX_DEF | MTX_RECURSE)); 372 373 /* get interface index */ 374 375 id = usb2_get_interface_descriptor(uaa->iface); 376 if (id == NULL) { 377 device_printf(dev, "failed to get " 378 "interface number\n"); 379 goto detach; 380 } 381 sc->sc_iface_no = id->bInterfaceNumber; 382 383 err = usb2_transfer_setup(uaa->device, 384 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config, 385 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx); 386 if (err) { 387 device_printf(dev, "could not setup required " 388 "transfers, %s\n", usb2_errstr(err)); 389 goto detach; 390 } 391 /* start Mass Storage State Machine */ 392 393 mtx_lock(&sc->sc_mtx); 394 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 395 mtx_unlock(&sc->sc_mtx); 396 397 return (0); /* success */ 398 399detach: 400 ustorage_fs_detach(dev); 401 return (ENXIO); /* failure */ 402} 403 404static int 405ustorage_fs_detach(device_t dev) 406{ 407 struct ustorage_fs_softc *sc = device_get_softc(dev); 408 409 /* teardown our statemachine */ 410 411 usb2_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX); 412 413 mtx_destroy(&sc->sc_mtx); 414 415 return (0); /* success */ 416} 417 418static int 419ustorage_fs_suspend(device_t dev) 420{ 421 device_printf(dev, "suspending\n"); 422 return (0); /* success */ 423} 424 425static int 426ustorage_fs_resume(device_t dev) 427{ 428 device_printf(dev, "resuming\n"); 429 return (0); /* success */ 430} 431 432static int 433ustorage_fs_shutdown(device_t dev) 434{ 435 return (0); /* success */ 436} 437 438/* 439 * Generic functions to handle transfers 440 */ 441 442static void 443ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index) 444{ 445 if (sc->sc_xfer[xfer_index]) { 446 sc->sc_last_xfer_index = xfer_index; 447 usb2_transfer_start(sc->sc_xfer[xfer_index]); 448 } 449} 450 451static void 452ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc) 453{ 454 usb2_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]); 455 mtx_unlock(&sc->sc_mtx); 456 usb2_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]); 457 mtx_lock(&sc->sc_mtx); 458} 459 460static int 461ustorage_fs_handle_request(device_t dev, 462 const void *preq, void **pptr, uint16_t *plen, 463 uint16_t offset, uint8_t is_complete) 464{ 465 struct ustorage_fs_softc *sc = device_get_softc(dev); 466 const struct usb2_device_request *req = preq; 467 468 if (!is_complete) { 469 if (req->bRequest == UR_BBB_RESET) { 470 *plen = 0; 471 mtx_lock(&sc->sc_mtx); 472 ustorage_fs_transfer_stop(sc); 473 sc->sc_transfer.data_error = 1; 474 ustorage_fs_transfer_start(sc, 475 USTORAGE_FS_T_BBB_COMMAND); 476 mtx_unlock(&sc->sc_mtx); 477 return (0); 478 } else if (req->bRequest == UR_BBB_GET_MAX_LUN) { 479 if (offset == 0) { 480 *plen = 1; 481 *pptr = &sc->sc_last_lun; 482 } else { 483 *plen = 0; 484 } 485 return (0); 486 } 487 } 488 return (ENXIO); /* use builtin handler */ 489} 490 491static void 492ustorage_fs_t_bbb_command_callback(struct usb2_xfer *xfer) 493{ 494 struct ustorage_fs_softc *sc = xfer->priv_sc; 495 uint32_t tag; 496 uint8_t error = 0; 497 498 DPRINTF("\n"); 499 500 switch (USB_GET_STATE(xfer)) { 501 case USB_ST_TRANSFERRED: 502 503 tag = UGETDW(sc->sc_cbw.dCBWSignature); 504 505 if (tag != CBWSIGNATURE) { 506 /* do nothing */ 507 DPRINTF("invalid signature 0x%08x\n", tag); 508 break; 509 } 510 tag = UGETDW(sc->sc_cbw.dCBWTag); 511 512 /* echo back tag */ 513 USETDW(sc->sc_csw.dCSWTag, tag); 514 515 /* reset status */ 516 sc->sc_csw.bCSWStatus = 0; 517 518 /* reset data offset, data length and data remainder */ 519 sc->sc_transfer.offset = 0; 520 sc->sc_transfer.data_rem = 521 UGETDW(sc->sc_cbw.dCBWDataTransferLength); 522 523 /* reset data flags */ 524 sc->sc_transfer.data_short = 0; 525 526 /* extract LUN */ 527 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN; 528 529 if (sc->sc_transfer.data_rem == 0) { 530 sc->sc_transfer.cbw_dir = DIR_NONE; 531 } else { 532 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) { 533 sc->sc_transfer.cbw_dir = DIR_WRITE; 534 } else { 535 sc->sc_transfer.cbw_dir = DIR_READ; 536 } 537 } 538 539 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength; 540 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) || 541 (sc->sc_transfer.cmd_len == 0)) { 542 /* just halt - this is invalid */ 543 DPRINTF("invalid command length %d bytes\n", 544 sc->sc_transfer.cmd_len); 545 break; 546 } 547 bcopy(sc->sc_cbw.CBWCDB, sc->sc_transfer.cmd_data, 548 sc->sc_transfer.cmd_len); 549 550 bzero(sc->sc_cbw.CBWCDB + sc->sc_transfer.cmd_len, 551 sizeof(sc->sc_cbw.CBWCDB) - sc->sc_transfer.cmd_len); 552 553 error = ustorage_fs_do_cmd(sc); 554 if (error) { 555 /* got an error */ 556 DPRINTF("command failed\n"); 557 break; 558 } 559 if ((sc->sc_transfer.data_rem > 0) && 560 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) { 561 /* contradicting data transfer direction */ 562 error = 1; 563 DPRINTF("data direction mismatch\n"); 564 break; 565 } 566 switch (sc->sc_transfer.cbw_dir) { 567 case DIR_READ: 568 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ); 569 break; 570 case DIR_WRITE: 571 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE); 572 break; 573 default: 574 ustorage_fs_transfer_start(sc, 575 USTORAGE_FS_T_BBB_STATUS); 576 break; 577 } 578 break; 579 580 case USB_ST_SETUP: 581tr_setup: 582 if (sc->sc_transfer.data_error) { 583 sc->sc_transfer.data_error = 0; 584 xfer->flags.stall_pipe = 1; 585 DPRINTF("stall pipe\n"); 586 } else { 587 xfer->flags.stall_pipe = 0; 588 } 589 590 xfer->frlengths[0] = sizeof(sc->sc_cbw); 591 usb2_set_frame_data(xfer, &sc->sc_cbw, 0); 592 usb2_start_hardware(xfer); 593 break; 594 595 default: /* Error */ 596 DPRINTF("error\n"); 597 if (xfer->error == USB_ERR_CANCELLED) { 598 break; 599 } 600 /* If the pipe is already stalled, don't do another stall */ 601 if (!xfer->pipe->is_stalled) { 602 sc->sc_transfer.data_error = 1; 603 } 604 /* try again */ 605 goto tr_setup; 606 } 607 if (error) { 608 if (sc->sc_csw.bCSWStatus == 0) { 609 /* set some default error code */ 610 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 611 } 612 if (sc->sc_transfer.cbw_dir == DIR_READ) { 613 /* dump all data */ 614 ustorage_fs_transfer_start(sc, 615 USTORAGE_FS_T_BBB_DATA_DUMP); 616 return; 617 } 618 if (sc->sc_transfer.cbw_dir == DIR_WRITE) { 619 /* need to stall before status */ 620 sc->sc_transfer.data_error = 1; 621 } 622 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS); 623 } 624} 625 626static void 627ustorage_fs_t_bbb_data_dump_callback(struct usb2_xfer *xfer) 628{ 629 struct ustorage_fs_softc *sc = xfer->priv_sc; 630 uint32_t max_bulk = xfer->max_data_length; 631 632 DPRINTF("\n"); 633 634 switch (USB_GET_STATE(xfer)) { 635 case USB_ST_TRANSFERRED: 636 sc->sc_transfer.data_rem -= xfer->actlen; 637 sc->sc_transfer.offset += xfer->actlen; 638 639 if ((xfer->actlen != xfer->sumlen) || 640 (sc->sc_transfer.data_rem == 0)) { 641 /* short transfer or end of data */ 642 ustorage_fs_transfer_start(sc, 643 USTORAGE_FS_T_BBB_STATUS); 644 break; 645 } 646 /* Fallthrough */ 647 648 case USB_ST_SETUP: 649tr_setup: 650 if (max_bulk > sc->sc_transfer.data_rem) { 651 max_bulk = sc->sc_transfer.data_rem; 652 } 653 if (sc->sc_transfer.data_error) { 654 sc->sc_transfer.data_error = 0; 655 xfer->flags.stall_pipe = 1; 656 } else { 657 xfer->flags.stall_pipe = 0; 658 } 659 xfer->frlengths[0] = max_bulk; 660 usb2_start_hardware(xfer); 661 break; 662 663 default: /* Error */ 664 if (xfer->error == USB_ERR_CANCELLED) { 665 break; 666 } 667 /* 668 * If the pipe is already stalled, don't do another stall: 669 */ 670 if (!xfer->pipe->is_stalled) { 671 sc->sc_transfer.data_error = 1; 672 } 673 /* try again */ 674 goto tr_setup; 675 } 676} 677 678static void 679ustorage_fs_t_bbb_data_read_callback(struct usb2_xfer *xfer) 680{ 681 struct ustorage_fs_softc *sc = xfer->priv_sc; 682 uint32_t max_bulk = xfer->max_data_length; 683 684 DPRINTF("\n"); 685 686 switch (USB_GET_STATE(xfer)) { 687 case USB_ST_TRANSFERRED: 688 sc->sc_transfer.data_rem -= xfer->actlen; 689 sc->sc_transfer.data_ptr += xfer->actlen; 690 sc->sc_transfer.offset += xfer->actlen; 691 692 if ((xfer->actlen != xfer->sumlen) || 693 (sc->sc_transfer.data_rem == 0)) { 694 /* short transfer or end of data */ 695 ustorage_fs_transfer_start(sc, 696 USTORAGE_FS_T_BBB_STATUS); 697 break; 698 } 699 /* Fallthrough */ 700 701 case USB_ST_SETUP: 702tr_setup: 703 if (max_bulk > sc->sc_transfer.data_rem) { 704 max_bulk = sc->sc_transfer.data_rem; 705 } 706 if (sc->sc_transfer.data_error) { 707 sc->sc_transfer.data_error = 0; 708 xfer->flags.stall_pipe = 1; 709 } else { 710 xfer->flags.stall_pipe = 0; 711 } 712 713 xfer->frlengths[0] = max_bulk; 714 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0); 715 usb2_start_hardware(xfer); 716 break; 717 718 default: /* Error */ 719 if (xfer->error == USB_ERR_CANCELLED) { 720 break; 721 } 722 /* If the pipe is already stalled, don't do another stall */ 723 if (!xfer->pipe->is_stalled) { 724 sc->sc_transfer.data_error = 1; 725 } 726 /* try again */ 727 goto tr_setup; 728 } 729} 730 731static void 732ustorage_fs_t_bbb_data_write_callback(struct usb2_xfer *xfer) 733{ 734 struct ustorage_fs_softc *sc = xfer->priv_sc; 735 uint32_t max_bulk = xfer->max_data_length; 736 737 DPRINTF("\n"); 738 739 switch (USB_GET_STATE(xfer)) { 740 case USB_ST_TRANSFERRED: 741 sc->sc_transfer.data_rem -= xfer->actlen; 742 sc->sc_transfer.data_ptr += xfer->actlen; 743 sc->sc_transfer.offset += xfer->actlen; 744 745 if ((xfer->actlen != xfer->sumlen) || 746 (sc->sc_transfer.data_rem == 0)) { 747 /* short transfer or end of data */ 748 ustorage_fs_transfer_start(sc, 749 USTORAGE_FS_T_BBB_STATUS); 750 break; 751 } 752 case USB_ST_SETUP: 753tr_setup: 754 if (max_bulk >= sc->sc_transfer.data_rem) { 755 max_bulk = sc->sc_transfer.data_rem; 756 if (sc->sc_transfer.data_short) { 757 xfer->flags.force_short_xfer = 1; 758 } else { 759 xfer->flags.force_short_xfer = 0; 760 } 761 } else { 762 xfer->flags.force_short_xfer = 0; 763 } 764 765 if (sc->sc_transfer.data_error) { 766 sc->sc_transfer.data_error = 0; 767 xfer->flags.stall_pipe = 1; 768 } else { 769 xfer->flags.stall_pipe = 0; 770 } 771 772 xfer->frlengths[0] = max_bulk; 773 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0); 774 usb2_start_hardware(xfer); 775 break; 776 777 default: /* Error */ 778 if (xfer->error == USB_ERR_CANCELLED) { 779 break; 780 } 781 /* 782 * If the pipe is already stalled, don't do another 783 * stall 784 */ 785 if (!xfer->pipe->is_stalled) { 786 sc->sc_transfer.data_error = 1; 787 } 788 /* try again */ 789 goto tr_setup; 790 } 791} 792 793static void 794ustorage_fs_t_bbb_status_callback(struct usb2_xfer *xfer) 795{ 796 struct ustorage_fs_softc *sc = xfer->priv_sc; 797 798 DPRINTF("\n"); 799 800 switch (USB_GET_STATE(xfer)) { 801 case USB_ST_TRANSFERRED: 802 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 803 break; 804 805 case USB_ST_SETUP: 806tr_setup: 807 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE); 808 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem); 809 810 if (sc->sc_transfer.data_error) { 811 sc->sc_transfer.data_error = 0; 812 xfer->flags.stall_pipe = 1; 813 } else { 814 xfer->flags.stall_pipe = 0; 815 } 816 817 xfer->frlengths[0] = sizeof(sc->sc_csw); 818 usb2_set_frame_data(xfer, &sc->sc_csw, 0); 819 usb2_start_hardware(xfer); 820 break; 821 822 default: 823 if (xfer->error == USB_ERR_CANCELLED) { 824 break; 825 } 826 /* If the pipe is already stalled, don't do another stall */ 827 if (!xfer->pipe->is_stalled) { 828 sc->sc_transfer.data_error = 1; 829 } 830 /* try again */ 831 goto tr_setup; 832 } 833} 834 835/* SCSI commands that we recognize */ 836#define SC_FORMAT_UNIT 0x04 837#define SC_INQUIRY 0x12 838#define SC_MODE_SELECT_6 0x15 839#define SC_MODE_SELECT_10 0x55 840#define SC_MODE_SENSE_6 0x1a 841#define SC_MODE_SENSE_10 0x5a 842#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 843#define SC_READ_6 0x08 844#define SC_READ_10 0x28 845#define SC_READ_12 0xa8 846#define SC_READ_CAPACITY 0x25 847#define SC_READ_FORMAT_CAPACITIES 0x23 848#define SC_RELEASE 0x17 849#define SC_REQUEST_SENSE 0x03 850#define SC_RESERVE 0x16 851#define SC_SEND_DIAGNOSTIC 0x1d 852#define SC_START_STOP_UNIT 0x1b 853#define SC_SYNCHRONIZE_CACHE 0x35 854#define SC_TEST_UNIT_READY 0x00 855#define SC_VERIFY 0x2f 856#define SC_WRITE_6 0x0a 857#define SC_WRITE_10 0x2a 858#define SC_WRITE_12 0xaa 859 860/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 861#define SS_NO_SENSE 0 862#define SS_COMMUNICATION_FAILURE 0x040800 863#define SS_INVALID_COMMAND 0x052000 864#define SS_INVALID_FIELD_IN_CDB 0x052400 865#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 866#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 867#define SS_MEDIUM_NOT_PRESENT 0x023a00 868#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 869#define SS_NOT_READY_TO_READY_TRANSITION 0x062800 870#define SS_RESET_OCCURRED 0x062900 871#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 872#define SS_UNRECOVERED_READ_ERROR 0x031100 873#define SS_WRITE_ERROR 0x030c02 874#define SS_WRITE_PROTECTED 0x072700 875 876#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */ 877#define ASC(x) ((uint8_t) ((x) >> 8)) 878#define ASCQ(x) ((uint8_t) (x)) 879 880/* Routines for unaligned data access */ 881 882static uint16_t 883get_be16(uint8_t *buf) 884{ 885 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]); 886} 887 888static uint32_t 889get_be32(uint8_t *buf) 890{ 891 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | 892 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]); 893} 894 895static void 896put_be16(uint8_t *buf, uint16_t val) 897{ 898 buf[0] = val >> 8; 899 buf[1] = val; 900} 901 902static void 903put_be32(uint8_t *buf, uint32_t val) 904{ 905 buf[0] = val >> 24; 906 buf[1] = val >> 16; 907 buf[2] = val >> 8; 908 buf[3] = val & 0xff; 909} 910 911/*------------------------------------------------------------------------* 912 * ustorage_fs_verify 913 * 914 * Returns: 915 * 0: Success 916 * Else: Failure 917 *------------------------------------------------------------------------*/ 918static uint8_t 919ustorage_fs_verify(struct ustorage_fs_softc *sc) 920{ 921 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 922 uint32_t lba; 923 uint32_t vlen; 924 uint64_t file_offset; 925 uint64_t amount_left; 926 927 /* 928 * Get the starting Logical Block Address 929 */ 930 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 931 932 /* 933 * We allow DPO (Disable Page Out = don't save data in the cache) 934 * but we don't implement it. 935 */ 936 if ((sc->sc_transfer.cmd_data[1] & ~0x10) != 0) { 937 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 938 return (1); 939 } 940 vlen = get_be16(&sc->sc_transfer.cmd_data[7]); 941 if (vlen == 0) { 942 goto done; 943 } 944 /* No default reply */ 945 946 /* Prepare to carry out the file verify */ 947 amount_left = vlen; 948 amount_left <<= 9; 949 file_offset = lba; 950 file_offset <<= 9; 951 952 /* Range check */ 953 vlen += lba; 954 955 if ((vlen < lba) || 956 (vlen > currlun->num_sectors) || 957 (lba >= currlun->num_sectors)) { 958 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 959 return (1); 960 } 961 /* XXX TODO: verify that data is readable */ 962done: 963 return (ustorage_fs_min_len(sc, 0, 0 - 1)); 964} 965 966/*------------------------------------------------------------------------* 967 * ustorage_fs_inquiry 968 * 969 * Returns: 970 * 0: Success 971 * Else: Failure 972 *------------------------------------------------------------------------*/ 973static uint8_t 974ustorage_fs_inquiry(struct ustorage_fs_softc *sc) 975{ 976 uint8_t *buf = sc->sc_transfer.data_ptr; 977 978 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 979 980 if (!sc->sc_transfer.currlun) { 981 /* Unsupported LUNs are okay */ 982 memset(buf, 0, 36); 983 buf[0] = 0x7f; 984 /* Unsupported, no device - type */ 985 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 986 } 987 memset(buf, 0, 8); 988 /* Non - removable, direct - access device */ 989 if (currlun->removable) 990 buf[1] = 0x80; 991 buf[2] = 2; 992 /* ANSI SCSI level 2 */ 993 buf[3] = 2; 994 /* SCSI - 2 INQUIRY data format */ 995 buf[4] = 31; 996 /* Additional length */ 997 /* No special options */ 998 /* Copy in ID string */ 999 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28); 1000 1001 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 1002} 1003 1004/*------------------------------------------------------------------------* 1005 * ustorage_fs_request_sense 1006 * 1007 * Returns: 1008 * 0: Success 1009 * Else: Failure 1010 *------------------------------------------------------------------------*/ 1011static uint8_t 1012ustorage_fs_request_sense(struct ustorage_fs_softc *sc) 1013{ 1014 uint8_t *buf = sc->sc_transfer.data_ptr; 1015 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1016 uint32_t sd; 1017 uint32_t sdinfo; 1018 uint8_t valid; 1019 1020 /* 1021 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1022 * 1023 * If a REQUEST SENSE command is received from an initiator 1024 * with a pending unit attention condition (before the target 1025 * generates the contingent allegiance condition), then the 1026 * target shall either: 1027 * a) report any pending sense data and preserve the unit 1028 * attention condition on the logical unit, or, 1029 * b) report the unit attention condition, may discard any 1030 * pending sense data, and clear the unit attention 1031 * condition on the logical unit for that initiator. 1032 * 1033 * FSG normally uses option a); enable this code to use option b). 1034 */ 1035#if 0 1036 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) { 1037 currlun->sense_data = currlun->unit_attention_data; 1038 currlun->unit_attention_data = SS_NO_SENSE; 1039 } 1040#endif 1041 1042 if (!currlun) { 1043 /* Unsupported LUNs are okay */ 1044 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1045 sdinfo = 0; 1046 valid = 0; 1047 } else { 1048 sd = currlun->sense_data; 1049 sdinfo = currlun->sense_data_info; 1050 valid = currlun->info_valid << 7; 1051 currlun->sense_data = SS_NO_SENSE; 1052 currlun->sense_data_info = 0; 1053 currlun->info_valid = 0; 1054 } 1055 1056 memset(buf, 0, 18); 1057 buf[0] = valid | 0x70; 1058 /* Valid, current error */ 1059 buf[2] = SK(sd); 1060 put_be32(&buf[3], sdinfo); 1061 /* Sense information */ 1062 buf[7] = 18 - 8; 1063 /* Additional sense length */ 1064 buf[12] = ASC(sd); 1065 buf[13] = ASCQ(sd); 1066 return (ustorage_fs_min_len(sc, 18, 0 - 1)); 1067} 1068 1069 1070/*------------------------------------------------------------------------* 1071 * ustorage_fs_read_capacity 1072 * 1073 * Returns: 1074 * 0: Success 1075 * Else: Failure 1076 *------------------------------------------------------------------------*/ 1077static uint8_t 1078ustorage_fs_read_capacity(struct ustorage_fs_softc *sc) 1079{ 1080 uint8_t *buf = sc->sc_transfer.data_ptr; 1081 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1082 uint32_t lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1083 uint8_t pmi = sc->sc_transfer.cmd_data[8]; 1084 1085 /* Check the PMI and LBA fields */ 1086 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) { 1087 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1088 return (1); 1089 } 1090 put_be32(&buf[0], currlun->num_sectors - 1); 1091 /* Max logical block */ 1092 put_be32(&buf[4], 512); 1093 /* Block length */ 1094 return (ustorage_fs_min_len(sc, 8, 0 - 1)); 1095} 1096 1097 1098/*------------------------------------------------------------------------* 1099 * ustorage_fs_mode_sense 1100 * 1101 * Returns: 1102 * 0: Success 1103 * Else: Failure 1104 *------------------------------------------------------------------------*/ 1105static uint8_t 1106ustorage_fs_mode_sense(struct ustorage_fs_softc *sc) 1107{ 1108 uint8_t *buf = sc->sc_transfer.data_ptr; 1109 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1110 uint8_t *buf0; 1111 uint16_t len; 1112 uint16_t limit; 1113 uint8_t mscmnd = sc->sc_transfer.cmd_data[0]; 1114 uint8_t pc; 1115 uint8_t page_code; 1116 uint8_t changeable_values; 1117 uint8_t all_pages; 1118 1119 buf0 = buf; 1120 1121 if ((sc->sc_transfer.cmd_data[1] & ~0x08) != 0) { 1122 /* Mask away DBD */ 1123 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1124 return (1); 1125 } 1126 pc = sc->sc_transfer.cmd_data[2] >> 6; 1127 page_code = sc->sc_transfer.cmd_data[2] & 0x3f; 1128 if (pc == 3) { 1129 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1130 return (1); 1131 } 1132 changeable_values = (pc == 1); 1133 all_pages = (page_code == 0x3f); 1134 1135 /* 1136 * Write the mode parameter header. Fixed values are: default 1137 * medium type, no cache control (DPOFUA), and no block descriptors. 1138 * The only variable value is the WriteProtect bit. We will fill in 1139 * the mode data length later. 1140 */ 1141 memset(buf, 0, 8); 1142 if (mscmnd == SC_MODE_SENSE_6) { 1143 buf[2] = (currlun->read_only ? 0x80 : 0x00); 1144 /* WP, DPOFUA */ 1145 buf += 4; 1146 limit = 255; 1147 } else { 1148 /* SC_MODE_SENSE_10 */ 1149 buf[3] = (currlun->read_only ? 0x80 : 0x00); 1150 /* WP, DPOFUA */ 1151 buf += 8; 1152 limit = 65535; 1153 /* Should really be mod_data.buflen */ 1154 } 1155 1156 /* No block descriptors */ 1157 1158 /* 1159 * The mode pages, in numerical order. 1160 */ 1161 if ((page_code == 0x08) || all_pages) { 1162 buf[0] = 0x08; 1163 /* Page code */ 1164 buf[1] = 10; 1165 /* Page length */ 1166 memset(buf + 2, 0, 10); 1167 /* None of the fields are changeable */ 1168 1169 if (!changeable_values) { 1170 buf[2] = 0x04; 1171 /* Write cache enable, */ 1172 /* Read cache not disabled */ 1173 /* No cache retention priorities */ 1174 put_be16(&buf[4], 0xffff); 1175 /* Don 't disable prefetch */ 1176 /* Minimum prefetch = 0 */ 1177 put_be16(&buf[8], 0xffff); 1178 /* Maximum prefetch */ 1179 put_be16(&buf[10], 0xffff); 1180 /* Maximum prefetch ceiling */ 1181 } 1182 buf += 12; 1183 } 1184 /* 1185 * Check that a valid page was requested and the mode data length 1186 * isn't too long. 1187 */ 1188 len = buf - buf0; 1189 if (len > limit) { 1190 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1191 return (1); 1192 } 1193 /* Store the mode data length */ 1194 if (mscmnd == SC_MODE_SENSE_6) 1195 buf0[0] = len - 1; 1196 else 1197 put_be16(buf0, len - 2); 1198 return (ustorage_fs_min_len(sc, len, 0 - 1)); 1199} 1200 1201/*------------------------------------------------------------------------* 1202 * ustorage_fs_start_stop 1203 * 1204 * Returns: 1205 * 0: Success 1206 * Else: Failure 1207 *------------------------------------------------------------------------*/ 1208static uint8_t 1209ustorage_fs_start_stop(struct ustorage_fs_softc *sc) 1210{ 1211 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1212 uint8_t loej; 1213 uint8_t start; 1214 uint8_t immed; 1215 1216 if (!currlun->removable) { 1217 currlun->sense_data = SS_INVALID_COMMAND; 1218 return (1); 1219 } 1220 immed = sc->sc_transfer.cmd_data[1] & 0x01; 1221 loej = sc->sc_transfer.cmd_data[4] & 0x02; 1222 start = sc->sc_transfer.cmd_data[4] & 0x01; 1223 1224 if (immed || loej || start) { 1225 /* compile fix */ 1226 } 1227 return (0); 1228} 1229 1230/*------------------------------------------------------------------------* 1231 * ustorage_fs_prevent_allow 1232 * 1233 * Returns: 1234 * 0: Success 1235 * Else: Failure 1236 *------------------------------------------------------------------------*/ 1237static uint8_t 1238ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc) 1239{ 1240 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1241 uint8_t prevent; 1242 1243 if (!currlun->removable) { 1244 currlun->sense_data = SS_INVALID_COMMAND; 1245 return (1); 1246 } 1247 prevent = sc->sc_transfer.cmd_data[4] & 0x01; 1248 if ((sc->sc_transfer.cmd_data[4] & ~0x01) != 0) { 1249 /* Mask away Prevent */ 1250 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1251 return (1); 1252 } 1253 if (currlun->prevent_medium_removal && !prevent) { 1254 //fsync_sub(currlun); 1255 } 1256 currlun->prevent_medium_removal = prevent; 1257 return (0); 1258} 1259 1260/*------------------------------------------------------------------------* 1261 * ustorage_fs_read_format_capacities 1262 * 1263 * Returns: 1264 * 0: Success 1265 * Else: Failure 1266 *------------------------------------------------------------------------*/ 1267static uint8_t 1268ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc) 1269{ 1270 uint8_t *buf = sc->sc_transfer.data_ptr; 1271 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1272 1273 buf[0] = buf[1] = buf[2] = 0; 1274 buf[3] = 8; 1275 /* Only the Current / Maximum Capacity Descriptor */ 1276 buf += 4; 1277 1278 put_be32(&buf[0], currlun->num_sectors); 1279 /* Number of blocks */ 1280 put_be32(&buf[4], 512); 1281 /* Block length */ 1282 buf[4] = 0x02; 1283 /* Current capacity */ 1284 return (ustorage_fs_min_len(sc, 12, 0 - 1)); 1285} 1286 1287/*------------------------------------------------------------------------* 1288 * ustorage_fs_mode_select 1289 * 1290 * Return values: 1291 * 0: Success 1292 * Else: Failure 1293 *------------------------------------------------------------------------*/ 1294static uint8_t 1295ustorage_fs_mode_select(struct ustorage_fs_softc *sc) 1296{ 1297 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1298 1299 /* We don't support MODE SELECT */ 1300 currlun->sense_data = SS_INVALID_COMMAND; 1301 return (1); 1302} 1303 1304/*------------------------------------------------------------------------* 1305 * ustorage_fs_synchronize_cache 1306 * 1307 * Return values: 1308 * 0: Success 1309 * Else: Failure 1310 *------------------------------------------------------------------------*/ 1311static uint8_t 1312ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc) 1313{ 1314#if 0 1315 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1316 uint8_t rc; 1317 1318 /* 1319 * We ignore the requested LBA and write out all dirty data buffers. 1320 */ 1321 rc = 0; 1322 if (rc) { 1323 currlun->sense_data = SS_WRITE_ERROR; 1324 } 1325#endif 1326 return (0); 1327} 1328 1329/*------------------------------------------------------------------------* 1330 * ustorage_fs_read - read data from disk 1331 * 1332 * Return values: 1333 * 0: Success 1334 * Else: Failure 1335 *------------------------------------------------------------------------*/ 1336static uint8_t 1337ustorage_fs_read(struct ustorage_fs_softc *sc) 1338{ 1339 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1340 uint64_t file_offset; 1341 uint32_t lba; 1342 uint32_t len; 1343 1344 /* 1345 * Get the starting Logical Block Address and check that it's not 1346 * too big 1347 */ 1348 if (sc->sc_transfer.cmd_data[0] == SC_READ_6) { 1349 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) | 1350 get_be16(&sc->sc_transfer.cmd_data[2]); 1351 } else { 1352 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1353 1354 /* 1355 * We allow DPO (Disable Page Out = don't save data in the 1356 * cache) and FUA (Force Unit Access = don't read from the 1357 * cache), but we don't implement them. 1358 */ 1359 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) { 1360 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1361 return (1); 1362 } 1363 } 1364 len = sc->sc_transfer.data_rem >> 9; 1365 len += lba; 1366 1367 if ((len < lba) || 1368 (len > currlun->num_sectors) || 1369 (lba >= currlun->num_sectors)) { 1370 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1371 return (1); 1372 } 1373 file_offset = lba; 1374 file_offset <<= 9; 1375 1376 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1377 1378 return (0); 1379} 1380 1381/*------------------------------------------------------------------------* 1382 * ustorage_fs_write - write data to disk 1383 * 1384 * Return values: 1385 * 0: Success 1386 * Else: Failure 1387 *------------------------------------------------------------------------*/ 1388static uint8_t 1389ustorage_fs_write(struct ustorage_fs_softc *sc) 1390{ 1391 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1392 uint64_t file_offset; 1393 uint32_t lba; 1394 uint32_t len; 1395 1396 if (currlun->read_only) { 1397 currlun->sense_data = SS_WRITE_PROTECTED; 1398 return (1); 1399 } 1400 /* XXX clear SYNC */ 1401 1402 /* 1403 * Get the starting Logical Block Address and check that it's not 1404 * too big. 1405 */ 1406 if (sc->sc_transfer.cmd_data[0] == SC_WRITE_6) 1407 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) | 1408 get_be16(&sc->sc_transfer.cmd_data[2]); 1409 else { 1410 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1411 1412 /* 1413 * We allow DPO (Disable Page Out = don't save data in the 1414 * cache) and FUA (Force Unit Access = write directly to the 1415 * medium). We don't implement DPO; we implement FUA by 1416 * performing synchronous output. 1417 */ 1418 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) { 1419 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1420 return (1); 1421 } 1422 if (sc->sc_transfer.cmd_data[1] & 0x08) { 1423 /* FUA */ 1424 /* XXX set SYNC flag here */ 1425 } 1426 } 1427 1428 len = sc->sc_transfer.data_rem >> 9; 1429 len += lba; 1430 1431 if ((len < lba) || 1432 (len > currlun->num_sectors) || 1433 (lba >= currlun->num_sectors)) { 1434 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1435 return (1); 1436 } 1437 file_offset = lba; 1438 file_offset <<= 9; 1439 1440 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1441 1442 return (0); 1443} 1444 1445/*------------------------------------------------------------------------* 1446 * ustorage_fs_min_len 1447 * 1448 * Return values: 1449 * 0: Success 1450 * Else: Failure 1451 *------------------------------------------------------------------------*/ 1452static uint8_t 1453ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask) 1454{ 1455 if (len != sc->sc_transfer.data_rem) { 1456 1457 if (sc->sc_transfer.cbw_dir == DIR_READ) { 1458 /* 1459 * there must be something wrong about this SCSI 1460 * command 1461 */ 1462 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1463 return (1); 1464 } 1465 /* compute the minimum length */ 1466 1467 if (sc->sc_transfer.data_rem > len) { 1468 /* data ends prematurely */ 1469 sc->sc_transfer.data_rem = len; 1470 sc->sc_transfer.data_short = 1; 1471 } 1472 /* check length alignment */ 1473 1474 if (sc->sc_transfer.data_rem & ~mask) { 1475 /* data ends prematurely */ 1476 sc->sc_transfer.data_rem &= mask; 1477 sc->sc_transfer.data_short = 1; 1478 } 1479 } 1480 return (0); 1481} 1482 1483/*------------------------------------------------------------------------* 1484 * ustorage_fs_check_cmd - check command routine 1485 * 1486 * Check whether the command is properly formed and whether its data 1487 * size and direction agree with the values we already have. 1488 * 1489 * Return values: 1490 * 0: Success 1491 * Else: Failure 1492 *------------------------------------------------------------------------*/ 1493static uint8_t 1494ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size, 1495 uint16_t mask, uint8_t needs_medium) 1496{ 1497 struct ustorage_fs_lun *currlun; 1498 uint8_t lun = (sc->sc_transfer.cmd_data[1] >> 5); 1499 uint8_t i; 1500 1501 /* Verify the length of the command itself */ 1502 if (min_cmd_size > sc->sc_transfer.cmd_len) { 1503 DPRINTF("%u > %u\n", 1504 min_cmd_size, sc->sc_transfer.cmd_len); 1505 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1506 return (1); 1507 } 1508 /* Mask away the LUN */ 1509 sc->sc_transfer.cmd_data[1] &= 0x1f; 1510 1511 /* Check if LUN is correct */ 1512 if (lun != sc->sc_transfer.lun) { 1513 1514 } 1515 /* Check the LUN */ 1516 if (sc->sc_transfer.lun <= sc->sc_last_lun) { 1517 sc->sc_transfer.currlun = currlun = 1518 sc->sc_lun + sc->sc_transfer.lun; 1519 if (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE) { 1520 currlun->sense_data = SS_NO_SENSE; 1521 currlun->sense_data_info = 0; 1522 currlun->info_valid = 0; 1523 } 1524 /* 1525 * If a unit attention condition exists, only INQUIRY 1526 * and REQUEST SENSE commands are allowed. Anything 1527 * else must fail! 1528 */ 1529 if ((currlun->unit_attention_data != SS_NO_SENSE) && 1530 (sc->sc_transfer.cmd_data[0] != SC_INQUIRY) && 1531 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) { 1532 currlun->sense_data = currlun->unit_attention_data; 1533 currlun->unit_attention_data = SS_NO_SENSE; 1534 return (1); 1535 } 1536 } else { 1537 sc->sc_transfer.currlun = currlun = NULL; 1538 1539 /* 1540 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1541 * to use unsupported LUNs; all others may not. 1542 */ 1543 if ((sc->sc_transfer.cmd_data[0] != SC_INQUIRY) && 1544 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) { 1545 return (1); 1546 } 1547 } 1548 1549 /* 1550 * Check that only command bytes listed in the mask are 1551 * non-zero. 1552 */ 1553 for (i = 0; i != min_cmd_size; i++) { 1554 if (sc->sc_transfer.cmd_data[i] && !(mask & (1UL << i))) { 1555 if (currlun) { 1556 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1557 } 1558 return (1); 1559 } 1560 } 1561 1562 /* 1563 * If the medium isn't mounted and the command needs to access 1564 * it, return an error. 1565 */ 1566 if (currlun && (!currlun->memory_image) && needs_medium) { 1567 currlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1568 return (1); 1569 } 1570 return (0); 1571} 1572 1573/*------------------------------------------------------------------------* 1574 * ustorage_fs_do_cmd - do command 1575 * 1576 * Return values: 1577 * 0: Success 1578 * Else: Failure 1579 *------------------------------------------------------------------------*/ 1580static uint8_t 1581ustorage_fs_do_cmd(struct ustorage_fs_softc *sc) 1582{ 1583 uint8_t error = 1; 1584 uint8_t i; 1585 uint32_t temp; 1586 1587 /* set default data transfer pointer */ 1588 sc->sc_transfer.data_ptr = sc->sc_qdata; 1589 1590 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n", 1591 sc->sc_transfer.cmd_data[0], sc->sc_transfer.data_rem); 1592 1593 switch (sc->sc_transfer.cmd_data[0]) { 1594 case SC_INQUIRY: 1595 sc->sc_transfer.cmd_dir = DIR_WRITE; 1596 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1597 if (error) { 1598 break; 1599 } 1600 error = ustorage_fs_check_cmd(sc, 6, 1601 (1UL << 4) | 1, 0); 1602 if (error) { 1603 break; 1604 } 1605 error = ustorage_fs_inquiry(sc); 1606 1607 break; 1608 1609 case SC_MODE_SELECT_6: 1610 sc->sc_transfer.cmd_dir = DIR_READ; 1611 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1612 if (error) { 1613 break; 1614 } 1615 error = ustorage_fs_check_cmd(sc, 6, 1616 (1UL << 1) | (1UL << 4) | 1, 0); 1617 if (error) { 1618 break; 1619 } 1620 error = ustorage_fs_mode_select(sc); 1621 1622 break; 1623 1624 case SC_MODE_SELECT_10: 1625 sc->sc_transfer.cmd_dir = DIR_READ; 1626 error = ustorage_fs_min_len(sc, 1627 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1628 if (error) { 1629 break; 1630 } 1631 error = ustorage_fs_check_cmd(sc, 10, 1632 (1UL << 1) | (3UL << 7) | 1, 0); 1633 if (error) { 1634 break; 1635 } 1636 error = ustorage_fs_mode_select(sc); 1637 1638 break; 1639 1640 case SC_MODE_SENSE_6: 1641 sc->sc_transfer.cmd_dir = DIR_WRITE; 1642 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1643 if (error) { 1644 break; 1645 } 1646 error = ustorage_fs_check_cmd(sc, 6, 1647 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0); 1648 if (error) { 1649 break; 1650 } 1651 error = ustorage_fs_mode_sense(sc); 1652 1653 break; 1654 1655 case SC_MODE_SENSE_10: 1656 sc->sc_transfer.cmd_dir = DIR_WRITE; 1657 error = ustorage_fs_min_len(sc, 1658 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1659 if (error) { 1660 break; 1661 } 1662 error = ustorage_fs_check_cmd(sc, 10, 1663 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0); 1664 if (error) { 1665 break; 1666 } 1667 error = ustorage_fs_mode_sense(sc); 1668 1669 break; 1670 1671 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 1672 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1673 if (error) { 1674 break; 1675 } 1676 error = ustorage_fs_check_cmd(sc, 6, 1677 (1UL << 4) | 1, 0); 1678 if (error) { 1679 break; 1680 } 1681 error = ustorage_fs_prevent_allow(sc); 1682 1683 break; 1684 1685 case SC_READ_6: 1686 i = sc->sc_transfer.cmd_data[4]; 1687 sc->sc_transfer.cmd_dir = DIR_WRITE; 1688 temp = ((i == 0) ? 256UL : i); 1689 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1690 if (error) { 1691 break; 1692 } 1693 error = ustorage_fs_check_cmd(sc, 6, 1694 (7UL << 1) | (1UL << 4) | 1, 1); 1695 if (error) { 1696 break; 1697 } 1698 error = ustorage_fs_read(sc); 1699 1700 break; 1701 1702 case SC_READ_10: 1703 sc->sc_transfer.cmd_dir = DIR_WRITE; 1704 temp = get_be16(&sc->sc_transfer.cmd_data[7]); 1705 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1706 if (error) { 1707 break; 1708 } 1709 error = ustorage_fs_check_cmd(sc, 10, 1710 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1711 if (error) { 1712 break; 1713 } 1714 error = ustorage_fs_read(sc); 1715 1716 break; 1717 1718 case SC_READ_12: 1719 sc->sc_transfer.cmd_dir = DIR_WRITE; 1720 temp = get_be32(&sc->sc_transfer.cmd_data[6]); 1721 if (temp >= (1UL << (32 - 9))) { 1722 /* numerical overflow */ 1723 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1724 error = 1; 1725 break; 1726 } 1727 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1728 if (error) { 1729 break; 1730 } 1731 error = ustorage_fs_check_cmd(sc, 12, 1732 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1733 if (error) { 1734 break; 1735 } 1736 error = ustorage_fs_read(sc); 1737 1738 break; 1739 1740 case SC_READ_CAPACITY: 1741 sc->sc_transfer.cmd_dir = DIR_WRITE; 1742 error = ustorage_fs_check_cmd(sc, 10, 1743 (0xfUL << 2) | (1UL << 8) | 1, 1); 1744 if (error) { 1745 break; 1746 } 1747 error = ustorage_fs_read_capacity(sc); 1748 1749 break; 1750 1751 case SC_READ_FORMAT_CAPACITIES: 1752 sc->sc_transfer.cmd_dir = DIR_WRITE; 1753 error = ustorage_fs_min_len(sc, 1754 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1755 if (error) { 1756 break; 1757 } 1758 error = ustorage_fs_check_cmd(sc, 10, 1759 (3UL << 7) | 1, 1); 1760 if (error) { 1761 break; 1762 } 1763 error = ustorage_fs_read_format_capacities(sc); 1764 1765 break; 1766 1767 case SC_REQUEST_SENSE: 1768 sc->sc_transfer.cmd_dir = DIR_WRITE; 1769 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1770 if (error) { 1771 break; 1772 } 1773 error = ustorage_fs_check_cmd(sc, 6, 1774 (1UL << 4) | 1, 0); 1775 if (error) { 1776 break; 1777 } 1778 error = ustorage_fs_request_sense(sc); 1779 1780 break; 1781 1782 case SC_START_STOP_UNIT: 1783 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1784 if (error) { 1785 break; 1786 } 1787 error = ustorage_fs_check_cmd(sc, 6, 1788 (1UL << 1) | (1UL << 4) | 1, 0); 1789 if (error) { 1790 break; 1791 } 1792 error = ustorage_fs_start_stop(sc); 1793 1794 break; 1795 1796 case SC_SYNCHRONIZE_CACHE: 1797 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1798 if (error) { 1799 break; 1800 } 1801 error = ustorage_fs_check_cmd(sc, 10, 1802 (0xfUL << 2) | (3UL << 7) | 1, 1); 1803 if (error) { 1804 break; 1805 } 1806 error = ustorage_fs_synchronize_cache(sc); 1807 1808 break; 1809 1810 case SC_TEST_UNIT_READY: 1811 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1812 if (error) { 1813 break; 1814 } 1815 error = ustorage_fs_check_cmd(sc, 6, 1816 0 | 1, 1); 1817 break; 1818 1819 /* 1820 * Although optional, this command is used by MS-Windows. 1821 * We support a minimal version: BytChk must be 0. 1822 */ 1823 case SC_VERIFY: 1824 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1825 if (error) { 1826 break; 1827 } 1828 error = ustorage_fs_check_cmd(sc, 10, 1829 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1830 if (error) { 1831 break; 1832 } 1833 error = ustorage_fs_verify(sc); 1834 1835 break; 1836 1837 case SC_WRITE_6: 1838 i = sc->sc_transfer.cmd_data[4]; 1839 sc->sc_transfer.cmd_dir = DIR_READ; 1840 temp = ((i == 0) ? 256UL : i); 1841 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1842 if (error) { 1843 break; 1844 } 1845 error = ustorage_fs_check_cmd(sc, 6, 1846 (7UL << 1) | (1UL << 4) | 1, 1); 1847 if (error) { 1848 break; 1849 } 1850 error = ustorage_fs_write(sc); 1851 1852 break; 1853 1854 case SC_WRITE_10: 1855 sc->sc_transfer.cmd_dir = DIR_READ; 1856 temp = get_be16(&sc->sc_transfer.cmd_data[7]); 1857 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1858 if (error) { 1859 break; 1860 } 1861 error = ustorage_fs_check_cmd(sc, 10, 1862 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1863 if (error) { 1864 break; 1865 } 1866 error = ustorage_fs_write(sc); 1867 1868 break; 1869 1870 case SC_WRITE_12: 1871 sc->sc_transfer.cmd_dir = DIR_READ; 1872 temp = get_be32(&sc->sc_transfer.cmd_data[6]); 1873 if (temp >= (1UL << (32 - 9))) { 1874 /* numerical overflow */ 1875 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1876 error = 1; 1877 break; 1878 } 1879 error = ustorage_fs_min_len(sc, temp << 9, 0 - (1UL << 9)); 1880 if (error) { 1881 break; 1882 } 1883 error = ustorage_fs_check_cmd(sc, 12, 1884 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1885 if (error) { 1886 break; 1887 } 1888 error = ustorage_fs_write(sc); 1889 1890 break; 1891 1892 /* 1893 * Some mandatory commands that we recognize but don't 1894 * implement. They don't mean much in this setting. 1895 * It's left as an exercise for anyone interested to 1896 * implement RESERVE and RELEASE in terms of Posix 1897 * locks. 1898 */ 1899 case SC_FORMAT_UNIT: 1900 case SC_RELEASE: 1901 case SC_RESERVE: 1902 case SC_SEND_DIAGNOSTIC: 1903 /* Fallthrough */ 1904 1905 default: 1906 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1907 if (error) { 1908 break; 1909 } 1910 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len, 1911 0xff, 0); 1912 if (error) { 1913 break; 1914 } 1915 sc->sc_transfer.currlun->sense_data = 1916 SS_INVALID_COMMAND; 1917 error = 1; 1918 1919 break; 1920 } 1921 return (error); 1922} 1923