ustorage_fs.c revision 190719
1/* $FreeBSD: head/sys/dev/usb/storage/ustorage_fs.c 190719 2009-04-05 18:18:01Z thompsa $ */ 2/*- 3 * Copyright (C) 2003-2005 Alan Stern 4 * Copyright (C) 2008 Hans Petter Selasky 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34/* 35 * NOTE: Much of the SCSI statemachine handling code derives from the 36 * Linux USB gadget stack. 37 */ 38#include "usbdevs.h" 39#include <dev/usb/usb.h> 40#include <dev/usb/usb_mfunc.h> 41#include <dev/usb/usb_error.h> 42 43#define USB_DEBUG_VAR ustorage_fs_debug 44 45#include <dev/usb/usb_core.h> 46#include <dev/usb/usb_util.h> 47#include <dev/usb/usb_busdma.h> 48#include <dev/usb/usb_debug.h> 49#include <dev/usb/usb_process.h> 50#include <dev/usb/usb_device.h> 51 52#if USB_DEBUG 53static int ustorage_fs_debug = 0; 54 55SYSCTL_NODE(_hw_usb2, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs"); 56SYSCTL_INT(_hw_usb2_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW, 57 &ustorage_fs_debug, 0, "ustorage_fs debug level"); 58#endif 59 60/* Define some limits */ 61 62#ifndef USTORAGE_FS_BULK_SIZE 63#define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */ 64#endif 65 66#define USTORAGE_FS_MAX_LUN 8 /* units */ 67 68/* 69 * The SCSI ID string must be exactly 28 characters long 70 * exluding the terminating zero. 71 */ 72#ifndef USTORAGE_FS_ID_STRING 73#define USTORAGE_FS_ID_STRING \ 74 "FreeBSD " /* 8 */ \ 75 "File-Stor Gadget" /* 16 */ \ 76 "0101" /* 4 */ 77#endif 78 79/* 80 * The following macro defines the number of 81 * sectors to be allocated for the RAM disk: 82 */ 83#ifndef USTORAGE_FS_RAM_SECT 84#define USTORAGE_FS_RAM_SECT (1UL << 13) 85#endif 86 87static uint8_t *ustorage_fs_ramdisk; 88 89/* USB transfer definitions */ 90 91#define USTORAGE_FS_T_BBB_COMMAND 0 92#define USTORAGE_FS_T_BBB_DATA_DUMP 1 93#define USTORAGE_FS_T_BBB_DATA_READ 2 94#define USTORAGE_FS_T_BBB_DATA_WRITE 3 95#define USTORAGE_FS_T_BBB_STATUS 4 96#define USTORAGE_FS_T_BBB_MAX 5 97 98/* USB data stage direction */ 99 100#define DIR_NONE 0 101#define DIR_READ 1 102#define DIR_WRITE 2 103 104/* USB interface specific control request */ 105 106#define UR_BBB_RESET 0xff /* Bulk-Only reset */ 107#define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */ 108 109/* Command Block Wrapper */ 110typedef struct { 111 uDWord dCBWSignature; 112#define CBWSIGNATURE 0x43425355 113 uDWord dCBWTag; 114 uDWord dCBWDataTransferLength; 115 uByte bCBWFlags; 116#define CBWFLAGS_OUT 0x00 117#define CBWFLAGS_IN 0x80 118 uByte bCBWLUN; 119 uByte bCDBLength; 120#define CBWCDBLENGTH 16 121 uByte CBWCDB[CBWCDBLENGTH]; 122} __packed ustorage_fs_bbb_cbw_t; 123 124#define USTORAGE_FS_BBB_CBW_SIZE 31 125 126/* Command Status Wrapper */ 127typedef struct { 128 uDWord dCSWSignature; 129#define CSWSIGNATURE 0x53425355 130 uDWord dCSWTag; 131 uDWord dCSWDataResidue; 132 uByte bCSWStatus; 133#define CSWSTATUS_GOOD 0x0 134#define CSWSTATUS_FAILED 0x1 135#define CSWSTATUS_PHASE 0x2 136} __packed ustorage_fs_bbb_csw_t; 137 138#define USTORAGE_FS_BBB_CSW_SIZE 13 139 140struct ustorage_fs_lun { 141 142 uint8_t *memory_image; 143 144 uint32_t num_sectors; 145 uint32_t sense_data; 146 uint32_t sense_data_info; 147 uint32_t unit_attention_data; 148 149 uint8_t read_only:1; 150 uint8_t prevent_medium_removal:1; 151 uint8_t info_valid:1; 152 uint8_t removable:1; 153}; 154 155struct ustorage_fs_softc { 156 157 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */ 158 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */ 159 160 struct mtx sc_mtx; 161 162 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN]; 163 164 struct { 165 uint8_t *data_ptr; 166 struct ustorage_fs_lun *currlun; 167 168 uint32_t data_rem; /* bytes, as reported by the command 169 * block wrapper */ 170 uint32_t offset; /* bytes */ 171 172 uint8_t cbw_dir; 173 uint8_t cmd_dir; 174 uint8_t lun; 175 uint8_t cmd_data[CBWCDBLENGTH]; 176 uint8_t cmd_len; 177 uint8_t data_short:1; 178 uint8_t data_error:1; 179 } sc_transfer; 180 181 device_t sc_dev; 182 struct usb2_device *sc_udev; 183 struct usb2_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX]; 184 185 uint32_t sc_unit; 186 187 uint8_t sc_name[16]; 188 uint8_t sc_iface_no; /* interface number */ 189 uint8_t sc_last_lun; 190 uint8_t sc_last_xfer_index; 191 uint8_t sc_qdata[1024]; 192}; 193 194/* prototypes */ 195 196static device_probe_t ustorage_fs_probe; 197static device_attach_t ustorage_fs_attach; 198static device_detach_t ustorage_fs_detach; 199static device_suspend_t ustorage_fs_suspend; 200static device_resume_t ustorage_fs_resume; 201static device_shutdown_t ustorage_fs_shutdown; 202static usb_handle_request_t ustorage_fs_handle_request; 203 204static usb2_callback_t ustorage_fs_t_bbb_command_callback; 205static usb2_callback_t ustorage_fs_t_bbb_data_dump_callback; 206static usb2_callback_t ustorage_fs_t_bbb_data_read_callback; 207static usb2_callback_t ustorage_fs_t_bbb_data_write_callback; 208static usb2_callback_t ustorage_fs_t_bbb_status_callback; 209 210static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index); 211static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc); 212 213static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc); 214static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc); 215static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc); 216static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc); 217static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc); 218static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc); 219static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc); 220static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc); 221static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc); 222static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask); 223static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc); 224static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc); 225static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium); 226static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc); 227 228static device_method_t ustorage_fs_methods[] = { 229 /* USB interface */ 230 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request), 231 232 /* Device interface */ 233 DEVMETHOD(device_probe, ustorage_fs_probe), 234 DEVMETHOD(device_attach, ustorage_fs_attach), 235 DEVMETHOD(device_detach, ustorage_fs_detach), 236 DEVMETHOD(device_suspend, ustorage_fs_suspend), 237 DEVMETHOD(device_resume, ustorage_fs_resume), 238 DEVMETHOD(device_shutdown, ustorage_fs_shutdown), 239 240 {0, 0} 241}; 242 243static driver_t ustorage_fs_driver = { 244 .name = "ustorage_fs", 245 .methods = ustorage_fs_methods, 246 .size = sizeof(struct ustorage_fs_softc), 247}; 248 249static devclass_t ustorage_fs_devclass; 250 251DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0); 252MODULE_VERSION(ustorage_fs, 0); 253MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1); 254 255struct usb2_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = { 256 257 [USTORAGE_FS_T_BBB_COMMAND] = { 258 .type = UE_BULK, 259 .endpoint = UE_ADDR_ANY, 260 .direction = UE_DIR_OUT, 261 .md.bufsize = sizeof(ustorage_fs_bbb_cbw_t), 262 .md.flags = {.ext_buffer = 1,}, 263 .md.callback = &ustorage_fs_t_bbb_command_callback, 264 }, 265 266 [USTORAGE_FS_T_BBB_DATA_DUMP] = { 267 .type = UE_BULK, 268 .endpoint = UE_ADDR_ANY, 269 .direction = UE_DIR_OUT, 270 .md.bufsize = 0, /* use wMaxPacketSize */ 271 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,}, 272 .md.callback = &ustorage_fs_t_bbb_data_dump_callback, 273 }, 274 275 [USTORAGE_FS_T_BBB_DATA_READ] = { 276 .type = UE_BULK, 277 .endpoint = UE_ADDR_ANY, 278 .direction = UE_DIR_OUT, 279 .md.bufsize = USTORAGE_FS_BULK_SIZE, 280 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 281 .md.callback = &ustorage_fs_t_bbb_data_read_callback, 282 }, 283 284 [USTORAGE_FS_T_BBB_DATA_WRITE] = { 285 .type = UE_BULK, 286 .endpoint = UE_ADDR_ANY, 287 .direction = UE_DIR_IN, 288 .md.bufsize = USTORAGE_FS_BULK_SIZE, 289 .md.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 290 .md.callback = &ustorage_fs_t_bbb_data_write_callback, 291 }, 292 293 [USTORAGE_FS_T_BBB_STATUS] = { 294 .type = UE_BULK, 295 .endpoint = UE_ADDR_ANY, 296 .direction = UE_DIR_IN, 297 .md.bufsize = sizeof(ustorage_fs_bbb_csw_t), 298 .md.flags = {.short_xfer_ok = 1,.ext_buffer = 1,}, 299 .md.callback = &ustorage_fs_t_bbb_status_callback, 300 }, 301}; 302 303/* 304 * USB device probe/attach/detach 305 */ 306 307static int 308ustorage_fs_probe(device_t dev) 309{ 310 struct usb2_attach_arg *uaa = device_get_ivars(dev); 311 struct usb2_interface_descriptor *id; 312 313 if (uaa->usb2_mode != USB_MODE_DEVICE) { 314 return (ENXIO); 315 } 316 if (uaa->use_generic == 0) { 317 /* give other drivers a try first */ 318 return (ENXIO); 319 } 320 /* Check for a standards compliant device */ 321 id = usb2_get_interface_descriptor(uaa->iface); 322 if ((id == NULL) || 323 (id->bInterfaceClass != UICLASS_MASS) || 324 (id->bInterfaceSubClass != UISUBCLASS_SCSI) || 325 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { 326 return (ENXIO); 327 } 328 return (0); 329} 330 331static int 332ustorage_fs_attach(device_t dev) 333{ 334 struct ustorage_fs_softc *sc = device_get_softc(dev); 335 struct usb2_attach_arg *uaa = device_get_ivars(dev); 336 struct usb2_interface_descriptor *id; 337 int err; 338 339 /* 340 * NOTE: the softc struct is bzero-ed in device_set_driver. 341 * We can safely call ustorage_fs_detach without specifically 342 * initializing the struct. 343 */ 344 345 sc->sc_dev = dev; 346 sc->sc_udev = uaa->device; 347 sc->sc_unit = device_get_unit(dev); 348 349 if (sc->sc_unit == 0) { 350 if (ustorage_fs_ramdisk == NULL) { 351 /* 352 * allocate a memory image for our ramdisk until 353 * further 354 */ 355 ustorage_fs_ramdisk = 356 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK); 357 if (ustorage_fs_ramdisk == NULL) { 358 return (ENOMEM); 359 } 360 } 361 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk; 362 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT; 363 sc->sc_lun[0].removable = 1; 364 } 365 snprintf(sc->sc_name, sizeof(sc->sc_name), 366 "%s", device_get_nameunit(dev)); 367 368 device_set_usb2_desc(dev); 369 370 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock", 371 NULL, (MTX_DEF | MTX_RECURSE)); 372 373 /* get interface index */ 374 375 id = usb2_get_interface_descriptor(uaa->iface); 376 if (id == NULL) { 377 device_printf(dev, "failed to get " 378 "interface number\n"); 379 goto detach; 380 } 381 sc->sc_iface_no = id->bInterfaceNumber; 382 383 err = usb2_transfer_setup(uaa->device, 384 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config, 385 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx); 386 if (err) { 387 device_printf(dev, "could not setup required " 388 "transfers, %s\n", usb2_errstr(err)); 389 goto detach; 390 } 391 /* start Mass Storage State Machine */ 392 393 mtx_lock(&sc->sc_mtx); 394 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 395 mtx_unlock(&sc->sc_mtx); 396 397 return (0); /* success */ 398 399detach: 400 ustorage_fs_detach(dev); 401 return (ENXIO); /* failure */ 402} 403 404static int 405ustorage_fs_detach(device_t dev) 406{ 407 struct ustorage_fs_softc *sc = device_get_softc(dev); 408 409 /* teardown our statemachine */ 410 411 usb2_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX); 412 413 mtx_destroy(&sc->sc_mtx); 414 415 return (0); /* success */ 416} 417 418static int 419ustorage_fs_suspend(device_t dev) 420{ 421 device_printf(dev, "suspending\n"); 422 return (0); /* success */ 423} 424 425static int 426ustorage_fs_resume(device_t dev) 427{ 428 device_printf(dev, "resuming\n"); 429 return (0); /* success */ 430} 431 432static int 433ustorage_fs_shutdown(device_t dev) 434{ 435 return (0); /* success */ 436} 437 438/* 439 * Generic functions to handle transfers 440 */ 441 442static void 443ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index) 444{ 445 if (sc->sc_xfer[xfer_index]) { 446 sc->sc_last_xfer_index = xfer_index; 447 usb2_transfer_start(sc->sc_xfer[xfer_index]); 448 } 449} 450 451static void 452ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc) 453{ 454 usb2_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]); 455 mtx_unlock(&sc->sc_mtx); 456 usb2_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]); 457 mtx_lock(&sc->sc_mtx); 458} 459 460static int 461ustorage_fs_handle_request(device_t dev, 462 const void *preq, void **pptr, uint16_t *plen, 463 uint16_t offset, uint8_t is_complete) 464{ 465 struct ustorage_fs_softc *sc = device_get_softc(dev); 466 const struct usb2_device_request *req = preq; 467 468 if (!is_complete) { 469 if (req->bRequest == UR_BBB_RESET) { 470 *plen = 0; 471 mtx_lock(&sc->sc_mtx); 472 ustorage_fs_transfer_stop(sc); 473 sc->sc_transfer.data_error = 1; 474 ustorage_fs_transfer_start(sc, 475 USTORAGE_FS_T_BBB_COMMAND); 476 mtx_unlock(&sc->sc_mtx); 477 return (0); 478 } else if (req->bRequest == UR_BBB_GET_MAX_LUN) { 479 if (offset == 0) { 480 *plen = 1; 481 *pptr = &sc->sc_last_lun; 482 } else { 483 *plen = 0; 484 } 485 return (0); 486 } 487 } 488 return (ENXIO); /* use builtin handler */ 489} 490 491static void 492ustorage_fs_t_bbb_command_callback(struct usb2_xfer *xfer) 493{ 494 struct ustorage_fs_softc *sc = xfer->priv_sc; 495 uint32_t tag; 496 uint8_t error = 0; 497 498 DPRINTF("\n"); 499 500 switch (USB_GET_STATE(xfer)) { 501 case USB_ST_TRANSFERRED: 502 503 tag = UGETDW(sc->sc_cbw.dCBWSignature); 504 505 if (tag != CBWSIGNATURE) { 506 /* do nothing */ 507 DPRINTF("invalid signature 0x%08x\n", tag); 508 break; 509 } 510 tag = UGETDW(sc->sc_cbw.dCBWTag); 511 512 /* echo back tag */ 513 USETDW(sc->sc_csw.dCSWTag, tag); 514 515 /* reset status */ 516 sc->sc_csw.bCSWStatus = 0; 517 518 /* reset data offset, data length and data remainder */ 519 sc->sc_transfer.offset = 0; 520 sc->sc_transfer.data_rem = 521 UGETDW(sc->sc_cbw.dCBWDataTransferLength); 522 523 /* reset data flags */ 524 sc->sc_transfer.data_short = 0; 525 526 /* extract LUN */ 527 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN; 528 529 if (sc->sc_transfer.data_rem == 0) { 530 sc->sc_transfer.cbw_dir = DIR_NONE; 531 } else { 532 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) { 533 sc->sc_transfer.cbw_dir = DIR_WRITE; 534 } else { 535 sc->sc_transfer.cbw_dir = DIR_READ; 536 } 537 } 538 539 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength; 540 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) || 541 (sc->sc_transfer.cmd_len == 0)) { 542 /* just halt - this is invalid */ 543 DPRINTF("invalid command length %d bytes\n", 544 sc->sc_transfer.cmd_len); 545 break; 546 } 547 bcopy(sc->sc_cbw.CBWCDB, sc->sc_transfer.cmd_data, 548 sc->sc_transfer.cmd_len); 549 550 bzero(sc->sc_cbw.CBWCDB + sc->sc_transfer.cmd_len, 551 sizeof(sc->sc_cbw.CBWCDB) - sc->sc_transfer.cmd_len); 552 553 error = ustorage_fs_do_cmd(sc); 554 if (error) { 555 /* got an error */ 556 DPRINTF("command failed\n"); 557 break; 558 } 559 if ((sc->sc_transfer.data_rem > 0) && 560 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) { 561 /* contradicting data transfer direction */ 562 error = 1; 563 DPRINTF("data direction mismatch\n"); 564 break; 565 } 566 switch (sc->sc_transfer.cbw_dir) { 567 case DIR_READ: 568 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ); 569 break; 570 case DIR_WRITE: 571 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE); 572 break; 573 default: 574 ustorage_fs_transfer_start(sc, 575 USTORAGE_FS_T_BBB_STATUS); 576 break; 577 } 578 break; 579 580 case USB_ST_SETUP: 581tr_setup: 582 if (sc->sc_transfer.data_error) { 583 sc->sc_transfer.data_error = 0; 584 xfer->flags.stall_pipe = 1; 585 DPRINTF("stall pipe\n"); 586 } else { 587 xfer->flags.stall_pipe = 0; 588 } 589 590 xfer->frlengths[0] = sizeof(sc->sc_cbw); 591 usb2_set_frame_data(xfer, &sc->sc_cbw, 0); 592 usb2_start_hardware(xfer); 593 break; 594 595 default: /* Error */ 596 DPRINTF("error\n"); 597 if (xfer->error == USB_ERR_CANCELLED) { 598 break; 599 } 600 /* If the pipe is already stalled, don't do another stall */ 601 if (!xfer->pipe->is_stalled) { 602 sc->sc_transfer.data_error = 1; 603 } 604 /* try again */ 605 goto tr_setup; 606 } 607 if (error) { 608 if (sc->sc_csw.bCSWStatus == 0) { 609 /* set some default error code */ 610 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 611 } 612 if (sc->sc_transfer.cbw_dir == DIR_READ) { 613 /* dump all data */ 614 ustorage_fs_transfer_start(sc, 615 USTORAGE_FS_T_BBB_DATA_DUMP); 616 return; 617 } 618 if (sc->sc_transfer.cbw_dir == DIR_WRITE) { 619 /* need to stall before status */ 620 sc->sc_transfer.data_error = 1; 621 } 622 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS); 623 } 624} 625 626static void 627ustorage_fs_t_bbb_data_dump_callback(struct usb2_xfer *xfer) 628{ 629 struct ustorage_fs_softc *sc = xfer->priv_sc; 630 uint32_t max_bulk = xfer->max_data_length; 631 632 DPRINTF("\n"); 633 634 switch (USB_GET_STATE(xfer)) { 635 case USB_ST_TRANSFERRED: 636 sc->sc_transfer.data_rem -= xfer->actlen; 637 sc->sc_transfer.offset += xfer->actlen; 638 639 if ((xfer->actlen != xfer->sumlen) || 640 (sc->sc_transfer.data_rem == 0)) { 641 /* short transfer or end of data */ 642 ustorage_fs_transfer_start(sc, 643 USTORAGE_FS_T_BBB_STATUS); 644 break; 645 } 646 /* Fallthrough */ 647 648 case USB_ST_SETUP: 649tr_setup: 650 if (max_bulk > sc->sc_transfer.data_rem) { 651 max_bulk = sc->sc_transfer.data_rem; 652 } 653 if (sc->sc_transfer.data_error) { 654 sc->sc_transfer.data_error = 0; 655 xfer->flags.stall_pipe = 1; 656 } else { 657 xfer->flags.stall_pipe = 0; 658 } 659 xfer->frlengths[0] = max_bulk; 660 usb2_start_hardware(xfer); 661 break; 662 663 default: /* Error */ 664 if (xfer->error == USB_ERR_CANCELLED) { 665 break; 666 } 667 /* 668 * If the pipe is already stalled, don't do another stall: 669 */ 670 if (!xfer->pipe->is_stalled) { 671 sc->sc_transfer.data_error = 1; 672 } 673 /* try again */ 674 goto tr_setup; 675 } 676} 677 678static void 679ustorage_fs_t_bbb_data_read_callback(struct usb2_xfer *xfer) 680{ 681 struct ustorage_fs_softc *sc = xfer->priv_sc; 682 uint32_t max_bulk = xfer->max_data_length; 683 684 DPRINTF("\n"); 685 686 switch (USB_GET_STATE(xfer)) { 687 case USB_ST_TRANSFERRED: 688 sc->sc_transfer.data_rem -= xfer->actlen; 689 sc->sc_transfer.data_ptr += xfer->actlen; 690 sc->sc_transfer.offset += xfer->actlen; 691 692 if ((xfer->actlen != xfer->sumlen) || 693 (sc->sc_transfer.data_rem == 0)) { 694 /* short transfer or end of data */ 695 ustorage_fs_transfer_start(sc, 696 USTORAGE_FS_T_BBB_STATUS); 697 break; 698 } 699 /* Fallthrough */ 700 701 case USB_ST_SETUP: 702tr_setup: 703 if (max_bulk > sc->sc_transfer.data_rem) { 704 max_bulk = sc->sc_transfer.data_rem; 705 } 706 if (sc->sc_transfer.data_error) { 707 sc->sc_transfer.data_error = 0; 708 xfer->flags.stall_pipe = 1; 709 } else { 710 xfer->flags.stall_pipe = 0; 711 } 712 713 xfer->frlengths[0] = max_bulk; 714 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0); 715 usb2_start_hardware(xfer); 716 break; 717 718 default: /* Error */ 719 if (xfer->error == USB_ERR_CANCELLED) { 720 break; 721 } 722 /* If the pipe is already stalled, don't do another stall */ 723 if (!xfer->pipe->is_stalled) { 724 sc->sc_transfer.data_error = 1; 725 } 726 /* try again */ 727 goto tr_setup; 728 } 729} 730 731static void 732ustorage_fs_t_bbb_data_write_callback(struct usb2_xfer *xfer) 733{ 734 struct ustorage_fs_softc *sc = xfer->priv_sc; 735 uint32_t max_bulk = xfer->max_data_length; 736 737 DPRINTF("\n"); 738 739 switch (USB_GET_STATE(xfer)) { 740 case USB_ST_TRANSFERRED: 741 sc->sc_transfer.data_rem -= xfer->actlen; 742 sc->sc_transfer.data_ptr += xfer->actlen; 743 sc->sc_transfer.offset += xfer->actlen; 744 745 if ((xfer->actlen != xfer->sumlen) || 746 (sc->sc_transfer.data_rem == 0)) { 747 /* short transfer or end of data */ 748 ustorage_fs_transfer_start(sc, 749 USTORAGE_FS_T_BBB_STATUS); 750 break; 751 } 752 case USB_ST_SETUP: 753tr_setup: 754 if (max_bulk >= sc->sc_transfer.data_rem) { 755 max_bulk = sc->sc_transfer.data_rem; 756 if (sc->sc_transfer.data_short) { 757 xfer->flags.force_short_xfer = 1; 758 } else { 759 xfer->flags.force_short_xfer = 0; 760 } 761 } else { 762 xfer->flags.force_short_xfer = 0; 763 } 764 765 if (sc->sc_transfer.data_error) { 766 sc->sc_transfer.data_error = 0; 767 xfer->flags.stall_pipe = 1; 768 } else { 769 xfer->flags.stall_pipe = 0; 770 } 771 772 xfer->frlengths[0] = max_bulk; 773 usb2_set_frame_data(xfer, sc->sc_transfer.data_ptr, 0); 774 usb2_start_hardware(xfer); 775 break; 776 777 default: /* Error */ 778 if (xfer->error == USB_ERR_CANCELLED) { 779 break; 780 } 781 /* 782 * If the pipe is already stalled, don't do another 783 * stall 784 */ 785 if (!xfer->pipe->is_stalled) { 786 sc->sc_transfer.data_error = 1; 787 } 788 /* try again */ 789 goto tr_setup; 790 } 791} 792 793static void 794ustorage_fs_t_bbb_status_callback(struct usb2_xfer *xfer) 795{ 796 struct ustorage_fs_softc *sc = xfer->priv_sc; 797 798 DPRINTF("\n"); 799 800 switch (USB_GET_STATE(xfer)) { 801 case USB_ST_TRANSFERRED: 802 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 803 break; 804 805 case USB_ST_SETUP: 806tr_setup: 807 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE); 808 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem); 809 810 if (sc->sc_transfer.data_error) { 811 sc->sc_transfer.data_error = 0; 812 xfer->flags.stall_pipe = 1; 813 } else { 814 xfer->flags.stall_pipe = 0; 815 } 816 817 xfer->frlengths[0] = sizeof(sc->sc_csw); 818 usb2_set_frame_data(xfer, &sc->sc_csw, 0); 819 usb2_start_hardware(xfer); 820 break; 821 822 default: 823 if (xfer->error == USB_ERR_CANCELLED) { 824 break; 825 } 826 /* If the pipe is already stalled, don't do another stall */ 827 if (!xfer->pipe->is_stalled) { 828 sc->sc_transfer.data_error = 1; 829 } 830 /* try again */ 831 goto tr_setup; 832 } 833} 834 835/* SCSI commands that we recognize */ 836#define SC_FORMAT_UNIT 0x04 837#define SC_INQUIRY 0x12 838#define SC_MODE_SELECT_6 0x15 839#define SC_MODE_SELECT_10 0x55 840#define SC_MODE_SENSE_6 0x1a 841#define SC_MODE_SENSE_10 0x5a 842#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 843#define SC_READ_6 0x08 844#define SC_READ_10 0x28 845#define SC_READ_12 0xa8 846#define SC_READ_CAPACITY 0x25 847#define SC_READ_FORMAT_CAPACITIES 0x23 848#define SC_RELEASE 0x17 849#define SC_REQUEST_SENSE 0x03 850#define SC_RESERVE 0x16 851#define SC_SEND_DIAGNOSTIC 0x1d 852#define SC_START_STOP_UNIT 0x1b 853#define SC_SYNCHRONIZE_CACHE 0x35 854#define SC_TEST_UNIT_READY 0x00 855#define SC_VERIFY 0x2f 856#define SC_WRITE_6 0x0a 857#define SC_WRITE_10 0x2a 858#define SC_WRITE_12 0xaa 859 860/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 861#define SS_NO_SENSE 0 862#define SS_COMMUNICATION_FAILURE 0x040800 863#define SS_INVALID_COMMAND 0x052000 864#define SS_INVALID_FIELD_IN_CDB 0x052400 865#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 866#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 867#define SS_MEDIUM_NOT_PRESENT 0x023a00 868#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 869#define SS_NOT_READY_TO_READY_TRANSITION 0x062800 870#define SS_RESET_OCCURRED 0x062900 871#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 872#define SS_UNRECOVERED_READ_ERROR 0x031100 873#define SS_WRITE_ERROR 0x030c02 874#define SS_WRITE_PROTECTED 0x072700 875 876#define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */ 877#define ASC(x) ((uint8_t) ((x) >> 8)) 878#define ASCQ(x) ((uint8_t) (x)) 879 880/* Routines for unaligned data access */ 881 882static uint16_t 883get_be16(uint8_t *buf) 884{ 885 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]); 886} 887 888static uint32_t 889get_be32(uint8_t *buf) 890{ 891 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | 892 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]); 893} 894 895static void 896put_be16(uint8_t *buf, uint16_t val) 897{ 898 buf[0] = val >> 8; 899 buf[1] = val; 900} 901 902static void 903put_be32(uint8_t *buf, uint32_t val) 904{ 905 buf[0] = val >> 24; 906 buf[1] = val >> 16; 907 buf[2] = val >> 8; 908 buf[3] = val & 0xff; 909} 910 911/*------------------------------------------------------------------------* 912 * ustorage_fs_verify 913 * 914 * Returns: 915 * 0: Success 916 * Else: Failure 917 *------------------------------------------------------------------------*/ 918static uint8_t 919ustorage_fs_verify(struct ustorage_fs_softc *sc) 920{ 921 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 922 uint32_t lba; 923 uint32_t vlen; 924 uint64_t file_offset; 925 uint64_t amount_left; 926 927 /* 928 * Get the starting Logical Block Address 929 */ 930 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 931 932 /* 933 * We allow DPO (Disable Page Out = don't save data in the cache) 934 * but we don't implement it. 935 */ 936 if ((sc->sc_transfer.cmd_data[1] & ~0x10) != 0) { 937 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 938 return (1); 939 } 940 vlen = get_be16(&sc->sc_transfer.cmd_data[7]); 941 if (vlen == 0) { 942 goto done; 943 } 944 /* No default reply */ 945 946 /* Prepare to carry out the file verify */ 947 amount_left = vlen; 948 amount_left <<= 9; 949 file_offset = lba; 950 file_offset <<= 9; 951 952 /* Range check */ 953 vlen += lba; 954 955 if ((vlen < lba) || 956 (vlen > currlun->num_sectors) || 957 (lba >= currlun->num_sectors)) { 958 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 959 return (1); 960 } 961 /* XXX TODO: verify that data is readable */ 962done: 963 return (ustorage_fs_min_len(sc, 0, 0 - 1)); 964} 965 966/*------------------------------------------------------------------------* 967 * ustorage_fs_inquiry 968 * 969 * Returns: 970 * 0: Success 971 * Else: Failure 972 *------------------------------------------------------------------------*/ 973static uint8_t 974ustorage_fs_inquiry(struct ustorage_fs_softc *sc) 975{ 976 uint8_t *buf = sc->sc_transfer.data_ptr; 977 978 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 979 980 if (!sc->sc_transfer.currlun) { 981 /* Unsupported LUNs are okay */ 982 memset(buf, 0, 36); 983 buf[0] = 0x7f; 984 /* Unsupported, no device - type */ 985 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 986 } 987 memset(buf, 0, 8); 988 /* Non - removable, direct - access device */ 989 if (currlun->removable) 990 buf[1] = 0x80; 991 buf[2] = 2; 992 /* ANSI SCSI level 2 */ 993 buf[3] = 2; 994 /* SCSI - 2 INQUIRY data format */ 995 buf[4] = 31; 996 /* Additional length */ 997 /* No special options */ 998 /* Copy in ID string */ 999 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28); 1000 1001 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 1002} 1003 1004/*------------------------------------------------------------------------* 1005 * ustorage_fs_request_sense 1006 * 1007 * Returns: 1008 * 0: Success 1009 * Else: Failure 1010 *------------------------------------------------------------------------*/ 1011static uint8_t 1012ustorage_fs_request_sense(struct ustorage_fs_softc *sc) 1013{ 1014 uint8_t *buf = sc->sc_transfer.data_ptr; 1015 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1016 uint32_t sd; 1017 uint32_t sdinfo; 1018 uint8_t valid; 1019 1020 /* 1021 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1022 * 1023 * If a REQUEST SENSE command is received from an initiator 1024 * with a pending unit attention condition (before the target 1025 * generates the contingent allegiance condition), then the 1026 * target shall either: 1027 * a) report any pending sense data and preserve the unit 1028 * attention condition on the logical unit, or, 1029 * b) report the unit attention condition, may discard any 1030 * pending sense data, and clear the unit attention 1031 * condition on the logical unit for that initiator. 1032 * 1033 * FSG normally uses option a); enable this code to use option b). 1034 */ 1035#if 0 1036 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) { 1037 currlun->sense_data = currlun->unit_attention_data; 1038 currlun->unit_attention_data = SS_NO_SENSE; 1039 } 1040#endif 1041 1042 if (!currlun) { 1043 /* Unsupported LUNs are okay */ 1044 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1045 sdinfo = 0; 1046 valid = 0; 1047 } else { 1048 sd = currlun->sense_data; 1049 sdinfo = currlun->sense_data_info; 1050 valid = currlun->info_valid << 7; 1051 currlun->sense_data = SS_NO_SENSE; 1052 currlun->sense_data_info = 0; 1053 currlun->info_valid = 0; 1054 } 1055 1056 memset(buf, 0, 18); 1057 buf[0] = valid | 0x70; 1058 /* Valid, current error */ 1059 buf[2] = SK(sd); 1060 put_be32(&buf[3], sdinfo); 1061 /* Sense information */ 1062 buf[7] = 18 - 8; 1063 /* Additional sense length */ 1064 buf[12] = ASC(sd); 1065 buf[13] = ASCQ(sd); 1066 return (ustorage_fs_min_len(sc, 18, 0 - 1)); 1067} 1068 1069 1070/*------------------------------------------------------------------------* 1071 * ustorage_fs_read_capacity 1072 * 1073 * Returns: 1074 * 0: Success 1075 * Else: Failure 1076 *------------------------------------------------------------------------*/ 1077static uint8_t 1078ustorage_fs_read_capacity(struct ustorage_fs_softc *sc) 1079{ 1080 uint8_t *buf = sc->sc_transfer.data_ptr; 1081 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1082 uint32_t lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1083 uint8_t pmi = sc->sc_transfer.cmd_data[8]; 1084 1085 /* Check the PMI and LBA fields */ 1086 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) { 1087 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1088 return (1); 1089 } 1090 put_be32(&buf[0], currlun->num_sectors - 1); 1091 /* Max logical block */ 1092 put_be32(&buf[4], 512); 1093 /* Block length */ 1094 return (ustorage_fs_min_len(sc, 8, 0 - 1)); 1095} 1096 1097 1098/*------------------------------------------------------------------------* 1099 * ustorage_fs_mode_sense 1100 * 1101 * Returns: 1102 * 0: Success 1103 * Else: Failure 1104 *------------------------------------------------------------------------*/ 1105static uint8_t 1106ustorage_fs_mode_sense(struct ustorage_fs_softc *sc) 1107{ 1108 uint8_t *buf = sc->sc_transfer.data_ptr; 1109 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1110 uint8_t *buf0; 1111 uint16_t len; 1112 uint16_t limit; 1113 uint8_t mscmnd = sc->sc_transfer.cmd_data[0]; 1114 uint8_t pc; 1115 uint8_t page_code; 1116 uint8_t changeable_values; 1117 uint8_t all_pages; 1118 1119 buf0 = buf; 1120 1121 if ((sc->sc_transfer.cmd_data[1] & ~0x08) != 0) { 1122 /* Mask away DBD */ 1123 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1124 return (1); 1125 } 1126 pc = sc->sc_transfer.cmd_data[2] >> 6; 1127 page_code = sc->sc_transfer.cmd_data[2] & 0x3f; 1128 if (pc == 3) { 1129 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1130 return (1); 1131 } 1132 changeable_values = (pc == 1); 1133 all_pages = (page_code == 0x3f); 1134 1135 /* 1136 * Write the mode parameter header. Fixed values are: default 1137 * medium type, no cache control (DPOFUA), and no block descriptors. 1138 * The only variable value is the WriteProtect bit. We will fill in 1139 * the mode data length later. 1140 */ 1141 memset(buf, 0, 8); 1142 if (mscmnd == SC_MODE_SENSE_6) { 1143 buf[2] = (currlun->read_only ? 0x80 : 0x00); 1144 /* WP, DPOFUA */ 1145 buf += 4; 1146 limit = 255; 1147 } else { 1148 /* SC_MODE_SENSE_10 */ 1149 buf[3] = (currlun->read_only ? 0x80 : 0x00); 1150 /* WP, DPOFUA */ 1151 buf += 8; 1152 limit = 65535; 1153 /* Should really be mod_data.buflen */ 1154 } 1155 1156 /* No block descriptors */ 1157 1158 /* 1159 * The mode pages, in numerical order. 1160 */ 1161 if ((page_code == 0x08) || all_pages) { 1162 buf[0] = 0x08; 1163 /* Page code */ 1164 buf[1] = 10; 1165 /* Page length */ 1166 memset(buf + 2, 0, 10); 1167 /* None of the fields are changeable */ 1168 1169 if (!changeable_values) { 1170 buf[2] = 0x04; 1171 /* Write cache enable, */ 1172 /* Read cache not disabled */ 1173 /* No cache retention priorities */ 1174 put_be16(&buf[4], 0xffff); 1175 /* Don 't disable prefetch */ 1176 /* Minimum prefetch = 0 */ 1177 put_be16(&buf[8], 0xffff); 1178 /* Maximum prefetch */ 1179 put_be16(&buf[10], 0xffff); 1180 /* Maximum prefetch ceiling */ 1181 } 1182 buf += 12; 1183 } 1184 /* 1185 * Check that a valid page was requested and the mode data length 1186 * isn't too long. 1187 */ 1188 len = buf - buf0; 1189 if (len > limit) { 1190 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1191 return (1); 1192 } 1193 /* Store the mode data length */ 1194 if (mscmnd == SC_MODE_SENSE_6) 1195 buf0[0] = len - 1; 1196 else 1197 put_be16(buf0, len - 2); 1198 return (ustorage_fs_min_len(sc, len, 0 - 1)); 1199} 1200 1201/*------------------------------------------------------------------------* 1202 * ustorage_fs_start_stop 1203 * 1204 * Returns: 1205 * 0: Success 1206 * Else: Failure 1207 *------------------------------------------------------------------------*/ 1208static uint8_t 1209ustorage_fs_start_stop(struct ustorage_fs_softc *sc) 1210{ 1211 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1212 uint8_t loej; 1213 uint8_t start; 1214 uint8_t immed; 1215 1216 if (!currlun->removable) { 1217 currlun->sense_data = SS_INVALID_COMMAND; 1218 return (1); 1219 } 1220 immed = sc->sc_transfer.cmd_data[1] & 0x01; 1221 loej = sc->sc_transfer.cmd_data[4] & 0x02; 1222 start = sc->sc_transfer.cmd_data[4] & 0x01; 1223 1224 if (immed || loej || start) { 1225 /* compile fix */ 1226 } 1227 return (0); 1228} 1229 1230/*------------------------------------------------------------------------* 1231 * ustorage_fs_prevent_allow 1232 * 1233 * Returns: 1234 * 0: Success 1235 * Else: Failure 1236 *------------------------------------------------------------------------*/ 1237static uint8_t 1238ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc) 1239{ 1240 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1241 uint8_t prevent; 1242 1243 if (!currlun->removable) { 1244 currlun->sense_data = SS_INVALID_COMMAND; 1245 return (1); 1246 } 1247 prevent = sc->sc_transfer.cmd_data[4] & 0x01; 1248 if ((sc->sc_transfer.cmd_data[4] & ~0x01) != 0) { 1249 /* Mask away Prevent */ 1250 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1251 return (1); 1252 } 1253 if (currlun->prevent_medium_removal && !prevent) { 1254 //fsync_sub(currlun); 1255 } 1256 currlun->prevent_medium_removal = prevent; 1257 return (0); 1258} 1259 1260/*------------------------------------------------------------------------* 1261 * ustorage_fs_read_format_capacities 1262 * 1263 * Returns: 1264 * 0: Success 1265 * Else: Failure 1266 *------------------------------------------------------------------------*/ 1267static uint8_t 1268ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc) 1269{ 1270 uint8_t *buf = sc->sc_transfer.data_ptr; 1271 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1272 1273 buf[0] = buf[1] = buf[2] = 0; 1274 buf[3] = 8; 1275 /* Only the Current / Maximum Capacity Descriptor */ 1276 buf += 4; 1277 1278 put_be32(&buf[0], currlun->num_sectors); 1279 /* Number of blocks */ 1280 put_be32(&buf[4], 512); 1281 /* Block length */ 1282 buf[4] = 0x02; 1283 /* Current capacity */ 1284 return (ustorage_fs_min_len(sc, 12, 0 - 1)); 1285} 1286 1287/*------------------------------------------------------------------------* 1288 * ustorage_fs_mode_select 1289 * 1290 * Return values: 1291 * 0: Success 1292 * Else: Failure 1293 *------------------------------------------------------------------------*/ 1294static uint8_t 1295ustorage_fs_mode_select(struct ustorage_fs_softc *sc) 1296{ 1297 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1298 1299 /* We don't support MODE SELECT */ 1300 currlun->sense_data = SS_INVALID_COMMAND; 1301 return (1); 1302} 1303 1304/*------------------------------------------------------------------------* 1305 * ustorage_fs_synchronize_cache 1306 * 1307 * Return values: 1308 * 0: Success 1309 * Else: Failure 1310 *------------------------------------------------------------------------*/ 1311static uint8_t 1312ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc) 1313{ 1314#if 0 1315 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1316 uint8_t rc; 1317 1318 /* 1319 * We ignore the requested LBA and write out all dirty data buffers. 1320 */ 1321 rc = 0; 1322 if (rc) { 1323 currlun->sense_data = SS_WRITE_ERROR; 1324 } 1325#endif 1326 return (0); 1327} 1328 1329/*------------------------------------------------------------------------* 1330 * ustorage_fs_read - read data from disk 1331 * 1332 * Return values: 1333 * 0: Success 1334 * Else: Failure 1335 *------------------------------------------------------------------------*/ 1336static uint8_t 1337ustorage_fs_read(struct ustorage_fs_softc *sc) 1338{ 1339 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1340 uint64_t file_offset; 1341 uint32_t lba; 1342 uint32_t len; 1343 1344 /* 1345 * Get the starting Logical Block Address and check that it's not 1346 * too big 1347 */ 1348 if (sc->sc_transfer.cmd_data[0] == SC_READ_6) { 1349 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) | 1350 get_be16(&sc->sc_transfer.cmd_data[2]); 1351 } else { 1352 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1353 1354 /* 1355 * We allow DPO (Disable Page Out = don't save data in the 1356 * cache) and FUA (Force Unit Access = don't read from the 1357 * cache), but we don't implement them. 1358 */ 1359 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) { 1360 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1361 return (1); 1362 } 1363 } 1364 len = sc->sc_transfer.data_rem >> 9; 1365 len += lba; 1366 1367 if ((len < lba) || 1368 (len > currlun->num_sectors) || 1369 (lba >= currlun->num_sectors)) { 1370 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1371 return (1); 1372 } 1373 file_offset = lba; 1374 file_offset <<= 9; 1375 1376 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1377 1378 return (0); 1379} 1380 1381/*------------------------------------------------------------------------* 1382 * ustorage_fs_write - write data to disk 1383 * 1384 * Return values: 1385 * 0: Success 1386 * Else: Failure 1387 *------------------------------------------------------------------------*/ 1388static uint8_t 1389ustorage_fs_write(struct ustorage_fs_softc *sc) 1390{ 1391 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1392 uint64_t file_offset; 1393 uint32_t lba; 1394 uint32_t len; 1395 1396 if (currlun->read_only) { 1397 currlun->sense_data = SS_WRITE_PROTECTED; 1398 return (1); 1399 } 1400 /* XXX clear SYNC */ 1401 1402 /* 1403 * Get the starting Logical Block Address and check that it's not 1404 * too big. 1405 */ 1406 if (sc->sc_transfer.cmd_data[0] == SC_WRITE_6) 1407 lba = (((uint32_t)sc->sc_transfer.cmd_data[1]) << 16) | 1408 get_be16(&sc->sc_transfer.cmd_data[2]); 1409 else { 1410 lba = get_be32(&sc->sc_transfer.cmd_data[2]); 1411 1412 /* 1413 * We allow DPO (Disable Page Out = don't save data in the 1414 * cache) and FUA (Force Unit Access = write directly to the 1415 * medium). We don't implement DPO; we implement FUA by 1416 * performing synchronous output. 1417 */ 1418 if ((sc->sc_transfer.cmd_data[1] & ~0x18) != 0) { 1419 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1420 return (1); 1421 } 1422 if (sc->sc_transfer.cmd_data[1] & 0x08) { 1423 /* FUA */ 1424 /* XXX set SYNC flag here */ 1425 } 1426 } 1427 1428 len = sc->sc_transfer.data_rem >> 9; 1429 len += lba; 1430 1431 if ((len < lba) || 1432 (len > currlun->num_sectors) || 1433 (lba >= currlun->num_sectors)) { 1434 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1435 return (1); 1436 } 1437 file_offset = lba; 1438 file_offset <<= 9; 1439 1440 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1441 1442 return (0); 1443} 1444 1445/*------------------------------------------------------------------------* 1446 * ustorage_fs_min_len 1447 * 1448 * Return values: 1449 * 0: Success 1450 * Else: Failure 1451 *------------------------------------------------------------------------*/ 1452static uint8_t 1453ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask) 1454{ 1455 if (len != sc->sc_transfer.data_rem) { 1456 1457 if (sc->sc_transfer.cbw_dir == DIR_READ) { 1458 /* 1459 * there must be something wrong about this SCSI 1460 * command 1461 */ 1462 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1463 return (1); 1464 } 1465 /* compute the minimum length */ 1466 1467 if (sc->sc_transfer.data_rem > len) { 1468 /* data ends prematurely */ 1469 sc->sc_transfer.data_rem = len; 1470 sc->sc_transfer.data_short = 1; 1471 } 1472 /* check length alignment */ 1473 1474 if (sc->sc_transfer.data_rem & ~mask) { 1475 /* data ends prematurely */ 1476 sc->sc_transfer.data_rem &= mask; 1477 sc->sc_transfer.data_short = 1; 1478 } 1479 } 1480 return (0); 1481} 1482 1483/*------------------------------------------------------------------------* 1484 * ustorage_fs_check_cmd - check command routine 1485 * 1486 * Check whether the command is properly formed and whether its data 1487 * size and direction agree with the values we already have. 1488 * 1489 * Return values: 1490 * 0: Success 1491 * Else: Failure 1492 *------------------------------------------------------------------------*/ 1493static uint8_t 1494ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size, 1495 uint16_t mask, uint8_t needs_medium) 1496{ 1497 struct ustorage_fs_lun *currlun; 1498 uint8_t lun = (sc->sc_transfer.cmd_data[1] >> 5); 1499 uint8_t i; 1500 1501 /* Verify the length of the command itself */ 1502 if (min_cmd_size > sc->sc_transfer.cmd_len) { 1503 DPRINTF("%u > %u\n", 1504 min_cmd_size, sc->sc_transfer.cmd_len); 1505 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1506 return (1); 1507 } 1508 /* Mask away the LUN */ 1509 sc->sc_transfer.cmd_data[1] &= 0x1f; 1510 1511 /* Check if LUN is correct */ 1512 if (lun != sc->sc_transfer.lun) { 1513 1514 } 1515 /* Check the LUN */ 1516 if (sc->sc_transfer.lun <= sc->sc_last_lun) { 1517 sc->sc_transfer.currlun = currlun = 1518 sc->sc_lun + sc->sc_transfer.lun; 1519 if (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE) { 1520 currlun->sense_data = SS_NO_SENSE; 1521 currlun->sense_data_info = 0; 1522 currlun->info_valid = 0; 1523 } 1524 /* 1525 * If a unit attention condition exists, only INQUIRY 1526 * and REQUEST SENSE commands are allowed. Anything 1527 * else must fail! 1528 */ 1529 if ((currlun->unit_attention_data != SS_NO_SENSE) && 1530 (sc->sc_transfer.cmd_data[0] != SC_INQUIRY) && 1531 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) { 1532 currlun->sense_data = currlun->unit_attention_data; 1533 currlun->unit_attention_data = SS_NO_SENSE; 1534 return (1); 1535 } 1536 } else { 1537 sc->sc_transfer.currlun = currlun = NULL; 1538 1539 /* 1540 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1541 * to use unsupported LUNs; all others may not. 1542 */ 1543 if ((sc->sc_transfer.cmd_data[0] != SC_INQUIRY) && 1544 (sc->sc_transfer.cmd_data[0] != SC_REQUEST_SENSE)) { 1545 return (1); 1546 } 1547 } 1548 1549 /* 1550 * Check that only command bytes listed in the mask are 1551 * non-zero. 1552 */ 1553 for (i = 0; i != min_cmd_size; i++) { 1554 if (sc->sc_transfer.cmd_data[i] && !(mask & (1UL << i))) { 1555 if (currlun) { 1556 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1557 } 1558 return (1); 1559 } 1560 } 1561 1562 /* 1563 * If the medium isn't mounted and the command needs to access 1564 * it, return an error. 1565 */ 1566 if (currlun && (!currlun->memory_image) && needs_medium) { 1567 currlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1568 return (1); 1569 } 1570 return (0); 1571} 1572 1573/*------------------------------------------------------------------------* 1574 * ustorage_fs_do_cmd - do command 1575 * 1576 * Return values: 1577 * 0: Success 1578 * Else: Failure 1579 *------------------------------------------------------------------------*/ 1580static uint8_t 1581ustorage_fs_do_cmd(struct ustorage_fs_softc *sc) 1582{ 1583 uint8_t error = 1; 1584 uint8_t i; 1585 uint32_t temp; 1586 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9; 1587 1588 /* set default data transfer pointer */ 1589 sc->sc_transfer.data_ptr = sc->sc_qdata; 1590 1591 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n", 1592 sc->sc_transfer.cmd_data[0], sc->sc_transfer.data_rem); 1593 1594 switch (sc->sc_transfer.cmd_data[0]) { 1595 case SC_INQUIRY: 1596 sc->sc_transfer.cmd_dir = DIR_WRITE; 1597 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1598 if (error) { 1599 break; 1600 } 1601 error = ustorage_fs_check_cmd(sc, 6, 1602 (1UL << 4) | 1, 0); 1603 if (error) { 1604 break; 1605 } 1606 error = ustorage_fs_inquiry(sc); 1607 1608 break; 1609 1610 case SC_MODE_SELECT_6: 1611 sc->sc_transfer.cmd_dir = DIR_READ; 1612 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1613 if (error) { 1614 break; 1615 } 1616 error = ustorage_fs_check_cmd(sc, 6, 1617 (1UL << 1) | (1UL << 4) | 1, 0); 1618 if (error) { 1619 break; 1620 } 1621 error = ustorage_fs_mode_select(sc); 1622 1623 break; 1624 1625 case SC_MODE_SELECT_10: 1626 sc->sc_transfer.cmd_dir = DIR_READ; 1627 error = ustorage_fs_min_len(sc, 1628 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1629 if (error) { 1630 break; 1631 } 1632 error = ustorage_fs_check_cmd(sc, 10, 1633 (1UL << 1) | (3UL << 7) | 1, 0); 1634 if (error) { 1635 break; 1636 } 1637 error = ustorage_fs_mode_select(sc); 1638 1639 break; 1640 1641 case SC_MODE_SENSE_6: 1642 sc->sc_transfer.cmd_dir = DIR_WRITE; 1643 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1644 if (error) { 1645 break; 1646 } 1647 error = ustorage_fs_check_cmd(sc, 6, 1648 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0); 1649 if (error) { 1650 break; 1651 } 1652 error = ustorage_fs_mode_sense(sc); 1653 1654 break; 1655 1656 case SC_MODE_SENSE_10: 1657 sc->sc_transfer.cmd_dir = DIR_WRITE; 1658 error = ustorage_fs_min_len(sc, 1659 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1660 if (error) { 1661 break; 1662 } 1663 error = ustorage_fs_check_cmd(sc, 10, 1664 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0); 1665 if (error) { 1666 break; 1667 } 1668 error = ustorage_fs_mode_sense(sc); 1669 1670 break; 1671 1672 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 1673 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1674 if (error) { 1675 break; 1676 } 1677 error = ustorage_fs_check_cmd(sc, 6, 1678 (1UL << 4) | 1, 0); 1679 if (error) { 1680 break; 1681 } 1682 error = ustorage_fs_prevent_allow(sc); 1683 1684 break; 1685 1686 case SC_READ_6: 1687 i = sc->sc_transfer.cmd_data[4]; 1688 sc->sc_transfer.cmd_dir = DIR_WRITE; 1689 temp = ((i == 0) ? 256UL : i); 1690 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1691 if (error) { 1692 break; 1693 } 1694 error = ustorage_fs_check_cmd(sc, 6, 1695 (7UL << 1) | (1UL << 4) | 1, 1); 1696 if (error) { 1697 break; 1698 } 1699 error = ustorage_fs_read(sc); 1700 1701 break; 1702 1703 case SC_READ_10: 1704 sc->sc_transfer.cmd_dir = DIR_WRITE; 1705 temp = get_be16(&sc->sc_transfer.cmd_data[7]); 1706 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1707 if (error) { 1708 break; 1709 } 1710 error = ustorage_fs_check_cmd(sc, 10, 1711 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1712 if (error) { 1713 break; 1714 } 1715 error = ustorage_fs_read(sc); 1716 1717 break; 1718 1719 case SC_READ_12: 1720 sc->sc_transfer.cmd_dir = DIR_WRITE; 1721 temp = get_be32(&sc->sc_transfer.cmd_data[6]); 1722 if (temp >= (1UL << (32 - 9))) { 1723 /* numerical overflow */ 1724 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1725 error = 1; 1726 break; 1727 } 1728 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1729 if (error) { 1730 break; 1731 } 1732 error = ustorage_fs_check_cmd(sc, 12, 1733 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1734 if (error) { 1735 break; 1736 } 1737 error = ustorage_fs_read(sc); 1738 1739 break; 1740 1741 case SC_READ_CAPACITY: 1742 sc->sc_transfer.cmd_dir = DIR_WRITE; 1743 error = ustorage_fs_check_cmd(sc, 10, 1744 (0xfUL << 2) | (1UL << 8) | 1, 1); 1745 if (error) { 1746 break; 1747 } 1748 error = ustorage_fs_read_capacity(sc); 1749 1750 break; 1751 1752 case SC_READ_FORMAT_CAPACITIES: 1753 sc->sc_transfer.cmd_dir = DIR_WRITE; 1754 error = ustorage_fs_min_len(sc, 1755 get_be16(&sc->sc_transfer.cmd_data[7]), 0 - 1); 1756 if (error) { 1757 break; 1758 } 1759 error = ustorage_fs_check_cmd(sc, 10, 1760 (3UL << 7) | 1, 1); 1761 if (error) { 1762 break; 1763 } 1764 error = ustorage_fs_read_format_capacities(sc); 1765 1766 break; 1767 1768 case SC_REQUEST_SENSE: 1769 sc->sc_transfer.cmd_dir = DIR_WRITE; 1770 error = ustorage_fs_min_len(sc, sc->sc_transfer.cmd_data[4], 0 - 1); 1771 if (error) { 1772 break; 1773 } 1774 error = ustorage_fs_check_cmd(sc, 6, 1775 (1UL << 4) | 1, 0); 1776 if (error) { 1777 break; 1778 } 1779 error = ustorage_fs_request_sense(sc); 1780 1781 break; 1782 1783 case SC_START_STOP_UNIT: 1784 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1785 if (error) { 1786 break; 1787 } 1788 error = ustorage_fs_check_cmd(sc, 6, 1789 (1UL << 1) | (1UL << 4) | 1, 0); 1790 if (error) { 1791 break; 1792 } 1793 error = ustorage_fs_start_stop(sc); 1794 1795 break; 1796 1797 case SC_SYNCHRONIZE_CACHE: 1798 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1799 if (error) { 1800 break; 1801 } 1802 error = ustorage_fs_check_cmd(sc, 10, 1803 (0xfUL << 2) | (3UL << 7) | 1, 1); 1804 if (error) { 1805 break; 1806 } 1807 error = ustorage_fs_synchronize_cache(sc); 1808 1809 break; 1810 1811 case SC_TEST_UNIT_READY: 1812 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1813 if (error) { 1814 break; 1815 } 1816 error = ustorage_fs_check_cmd(sc, 6, 1817 0 | 1, 1); 1818 break; 1819 1820 /* 1821 * Although optional, this command is used by MS-Windows. 1822 * We support a minimal version: BytChk must be 0. 1823 */ 1824 case SC_VERIFY: 1825 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1826 if (error) { 1827 break; 1828 } 1829 error = ustorage_fs_check_cmd(sc, 10, 1830 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1831 if (error) { 1832 break; 1833 } 1834 error = ustorage_fs_verify(sc); 1835 1836 break; 1837 1838 case SC_WRITE_6: 1839 i = sc->sc_transfer.cmd_data[4]; 1840 sc->sc_transfer.cmd_dir = DIR_READ; 1841 temp = ((i == 0) ? 256UL : i); 1842 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1843 if (error) { 1844 break; 1845 } 1846 error = ustorage_fs_check_cmd(sc, 6, 1847 (7UL << 1) | (1UL << 4) | 1, 1); 1848 if (error) { 1849 break; 1850 } 1851 error = ustorage_fs_write(sc); 1852 1853 break; 1854 1855 case SC_WRITE_10: 1856 sc->sc_transfer.cmd_dir = DIR_READ; 1857 temp = get_be16(&sc->sc_transfer.cmd_data[7]); 1858 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1859 if (error) { 1860 break; 1861 } 1862 error = ustorage_fs_check_cmd(sc, 10, 1863 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1864 if (error) { 1865 break; 1866 } 1867 error = ustorage_fs_write(sc); 1868 1869 break; 1870 1871 case SC_WRITE_12: 1872 sc->sc_transfer.cmd_dir = DIR_READ; 1873 temp = get_be32(&sc->sc_transfer.cmd_data[6]); 1874 if (temp > (mask9 >> 9)) { 1875 /* numerical overflow */ 1876 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1877 error = 1; 1878 break; 1879 } 1880 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1881 if (error) { 1882 break; 1883 } 1884 error = ustorage_fs_check_cmd(sc, 12, 1885 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1886 if (error) { 1887 break; 1888 } 1889 error = ustorage_fs_write(sc); 1890 1891 break; 1892 1893 /* 1894 * Some mandatory commands that we recognize but don't 1895 * implement. They don't mean much in this setting. 1896 * It's left as an exercise for anyone interested to 1897 * implement RESERVE and RELEASE in terms of Posix 1898 * locks. 1899 */ 1900 case SC_FORMAT_UNIT: 1901 case SC_RELEASE: 1902 case SC_RESERVE: 1903 case SC_SEND_DIAGNOSTIC: 1904 /* Fallthrough */ 1905 1906 default: 1907 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1908 if (error) { 1909 break; 1910 } 1911 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len, 1912 0xff, 0); 1913 if (error) { 1914 break; 1915 } 1916 sc->sc_transfer.currlun->sense_data = 1917 SS_INVALID_COMMAND; 1918 error = 1; 1919 1920 break; 1921 } 1922 return (error); 1923} 1924