1 /*- 2 * Copyright (c) 2011 Sandvine Incorporated. All rights reserved. 3 * Copyright (c) 2002-2011 Andre Albsmeier <andre@albsmeier.net> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer, 11 * without modification, immediately at the beginning of the file. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 /* 29 * This software is derived from Andre Albsmeier's fwprog.c which contained 30 * the following note: 31 * 32 * Many thanks goes to Marc Frajola <marc@terasolutions.com> from 33 * TeraSolutions for the initial idea and his programme for upgrading 34 * the firmware of I*M DDYS drives. 35 */ 36 37 /* 38 * BEWARE: 39 * 40 * The fact that you see your favorite vendor listed below does not 41 * imply that your equipment won't break when you use this software 42 * with it. It only means that the firmware of at least one device type 43 * of each vendor listed has been programmed successfully using this code. 44 * 45 * The -s option simulates a download but does nothing apart from that. 46 * It can be used to check what chunk sizes would have been used with the 47 * specified device. 48 */ 49 50 #include <sys/cdefs.h> 51 __FBSDID("$FreeBSD$"); 52 53 #include <sys/types.h> 54 #include <sys/stat.h> 55 56 #include <err.h> 57 #include <fcntl.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <unistd.h> 62 63 #include <cam/scsi/scsi_all.h> 64 #include <cam/scsi/scsi_message.h> 65 #include <camlib.h> 66 67 #include "progress.h" 68 69 #include "camcontrol.h" 70 71 #define WB_TIMEOUT 50000 /* 50 seconds */ 72 73 typedef enum { 74 VENDOR_HGST, 75 VENDOR_HITACHI, 76 VENDOR_HP, 77 VENDOR_IBM, 78 VENDOR_PLEXTOR, 79 VENDOR_QUALSTAR, 80 VENDOR_QUANTUM, 81 VENDOR_SAMSUNG, 82 VENDOR_SEAGATE, 83 VENDOR_SMART, 84 VENDOR_ATA, 85 VENDOR_UNKNOWN 86 } fw_vendor_t; 87 88 /* 89 * FW_TUR_READY: The drive must return good status for a test unit ready. 90 * 91 * FW_TUR_NOT_READY: The drive must return not ready status for a test unit 92 * ready. You may want this in a removable media drive. 93 * 94 * FW_TUR_NA: It doesn't matter whether the drive is ready or not. 95 * This may be the case for a removable media drive. 96 */ 97 typedef enum { 98 FW_TUR_NONE, 99 FW_TUR_READY, 100 FW_TUR_NOT_READY, 101 FW_TUR_NA 102 } fw_tur_status; 103 104 /* 105 * FW_TIMEOUT_DEFAULT: Attempt to probe for a WRITE BUFFER timeout 106 * value from the drive. If we get an answer, 107 * use the Recommended timeout. Otherwise, 108 * use the default value from the table. 109 * 110 * FW_TIMEOUT_DEV_REPORTED: The timeout value was probed directly from 111 * the device. 112 * 113 * FW_TIMEOUT_NO_PROBE: Do not ask the device for a WRITE BUFFER 114 * timeout value. Use the device-specific 115 * value. 116 * 117 * FW_TIMEOUT_USER_SPEC: The user specified a timeout on the command 118 * line with the -t option. This overrides any 119 * probe or default timeout. 120 */ 121 typedef enum { 122 FW_TIMEOUT_DEFAULT, 123 FW_TIMEOUT_DEV_REPORTED, 124 FW_TIMEOUT_NO_PROBE, 125 FW_TIMEOUT_USER_SPEC 126 } fw_timeout_type; 127 128 /* 129 * type: Enumeration for the particular vendor. 130 * 131 * pattern: Pattern to match for the Vendor ID from the SCSI 132 * Inquiry data. 133 * 134 * dev_type: SCSI device type to match, or T_ANY to match any 135 * device from the given vendor. Note that if there 136 * is a specific device type listed for a particular 137 * vendor, it must be listed before a T_ANY entry. 138 * 139 * max_pkt_size: Maximum packet size when talking to a device. Note 140 * that although large data sizes may be supported by 141 * the target device, they may not be supported by the 142 * OS or the controller. 143 * 144 * cdb_byte2: This specifies byte 2 (byte 1 when counting from 0) 145 * of the CDB. This is generally the WRITE BUFFER mode. 146 * 147 * cdb_byte2_last: This specifies byte 2 for the last chunk of the 148 * download. 149 * 150 * inc_cdb_buffer_id: Increment the buffer ID by 1 for each chunk sent 151 * down to the drive. 152 * 153 * inc_cdb_offset: Increment the offset field in the CDB with the byte 154 * offset into the firmware file. 155 * 156 * tur_status: Pay attention to whether the device is ready before 157 * upgrading the firmware, or not. See above for the 158 * values. 159 */ 160 struct fw_vendor { 161 fw_vendor_t type; 162 const char *pattern; 163 int dev_type; 164 int max_pkt_size; 165 u_int8_t cdb_byte2; 166 u_int8_t cdb_byte2_last; 167 int inc_cdb_buffer_id; 168 int inc_cdb_offset; 169 fw_tur_status tur_status; 170 int timeout_ms; 171 fw_timeout_type timeout_type; 172 }; 173 174 /* 175 * Vendor notes: 176 * 177 * HGST: The packets need to be sent in multiples of 4K. 178 * 179 * IBM: For LTO and TS drives, the buffer ID is ignored in mode 7 (and 180 * some other modes). It treats the request as a firmware download. 181 * The offset (and therefore the length of each chunk sent) needs 182 * to be a multiple of the offset boundary specified for firmware 183 * (buffer ID 4) in the read buffer command. At least for LTO-6, 184 * that seems to be 0, but using a 32K chunk size should satisfy 185 * most any alignment requirement. 186 * 187 * SmrtStor: Mode 5 is also supported, but since the firmware is 400KB or 188 * so, we can't fit it in a single request in most cases. 189 */ 190 static struct fw_vendor vendors_list[] = { 191 {VENDOR_HGST, "HGST", T_DIRECT, 192 0x1000, 0x07, 0x07, 1, 0, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 193 {VENDOR_HITACHI, "HITACHI", T_ANY, 194 0x8000, 0x05, 0x05, 1, 0, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 195 {VENDOR_HP, "HP", T_ANY, 196 0x8000, 0x07, 0x07, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 197 {VENDOR_IBM, "IBM", T_SEQUENTIAL, 198 0x8000, 0x07, 0x07, 0, 1, FW_TUR_NA, 300 * 1000, FW_TIMEOUT_DEFAULT}, 199 {VENDOR_IBM, "IBM", T_ANY, 200 0x8000, 0x05, 0x05, 1, 0, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 201 {VENDOR_PLEXTOR, "PLEXTOR", T_ANY, 202 0x2000, 0x04, 0x05, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 203 {VENDOR_QUALSTAR, "QUALSTAR", T_ANY, 204 0x2030, 0x05, 0x05, 0, 0, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 205 {VENDOR_QUANTUM, "QUANTUM", T_ANY, 206 0x2000, 0x04, 0x05, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 207 {VENDOR_SAMSUNG, "SAMSUNG", T_ANY, 208 0x8000, 0x07, 0x07, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 209 {VENDOR_SEAGATE, "SEAGATE", T_ANY, 210 0x8000, 0x07, 0x07, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 211 {VENDOR_SMART, "SmrtStor", T_DIRECT, 212 0x8000, 0x07, 0x07, 0, 1, FW_TUR_READY, WB_TIMEOUT, FW_TIMEOUT_DEFAULT}, 213 214 /* 215 * We match any ATA device. This is really just a placeholder, 216 * since we won't actually send a WRITE BUFFER with any of the 217 * listed parameters. If a SATA device is behind a SAS controller, 218 * the SCSI to ATA translation code (at least for LSI) doesn't 219 * generally translate a SCSI WRITE BUFFER into an ATA DOWNLOAD 220 * MICROCODE command. So, we use the SCSI ATA PASS_THROUGH command 221 * to send the ATA DOWNLOAD MICROCODE command instead. 222 */ 223 {VENDOR_ATA, "ATA", T_ANY, 224 0x8000, 0x07, 0x07, 0, 1, FW_TUR_READY, WB_TIMEOUT, 225 FW_TIMEOUT_NO_PROBE}, 226 {VENDOR_UNKNOWN, NULL, T_ANY, 227 0x0000, 0x00, 0x00, 0, 0, FW_TUR_NONE, WB_TIMEOUT, FW_TIMEOUT_DEFAULT} 228 }; 229 230 struct fw_timeout_desc { 231 fw_timeout_type timeout_type; 232 const char *timeout_desc; 233 }; 234 235 static const struct fw_timeout_desc fw_timeout_desc_table[] = { 236 { FW_TIMEOUT_DEFAULT, "the default" }, 237 { FW_TIMEOUT_DEV_REPORTED, "recommended by this particular device" }, 238 { FW_TIMEOUT_NO_PROBE, "the default" }, 239 { FW_TIMEOUT_USER_SPEC, "what was specified on the command line" } 240 }; 241 242 #ifndef ATA_DOWNLOAD_MICROCODE 243 #define ATA_DOWNLOAD_MICROCODE 0x92 244 #endif 245 246 #define USE_OFFSETS_FEATURE 0x3 247 248 #ifndef LOW_SECTOR_SIZE 249 #define LOW_SECTOR_SIZE 512 250 #endif 251 252 #define ATA_MAKE_LBA(o, p) \ 253 ((((((o) / LOW_SECTOR_SIZE) >> 8) & 0xff) << 16) | \ 254 ((((o) / LOW_SECTOR_SIZE) & 0xff) << 8) | \ 255 ((((p) / LOW_SECTOR_SIZE) >> 8) & 0xff)) 256 257 #define ATA_MAKE_SECTORS(p) (((p) / 512) & 0xff) 258 259 #ifndef UNKNOWN_MAX_PKT_SIZE 260 #define UNKNOWN_MAX_PKT_SIZE 0x8000 261 #endif 262 263 static struct fw_vendor *fw_get_vendor(struct cam_device *cam_dev, 264 struct ata_params *ident_buf); 265 static int fw_get_timeout(struct cam_device *cam_dev, struct fw_vendor *vp, 266 int task_attr, int retry_count, int timeout); 267 static int fw_validate_ibm(struct cam_device *dev, int retry_count, 268 int timeout, int fd, char *buf, 269 const char *fw_img_path, int quiet); 270 static char *fw_read_img(struct cam_device *dev, int retry_count, 271 int timeout, int quiet, const char *fw_img_path, 272 struct fw_vendor *vp, int *num_bytes); 273 static int fw_check_device_ready(struct cam_device *dev, 274 camcontrol_devtype devtype, 275 struct fw_vendor *vp, int printerrors, 276 int timeout); 277 static int fw_download_img(struct cam_device *cam_dev, 278 struct fw_vendor *vp, char *buf, int img_size, 279 int sim_mode, int printerrors, int quiet, 280 int retry_count, int timeout, const char */*name*/, 281 camcontrol_devtype devtype); 282 283 /* 284 * Find entry in vendors list that belongs to 285 * the vendor of given cam device. 286 */ 287 static struct fw_vendor * 288 fw_get_vendor(struct cam_device *cam_dev, struct ata_params *ident_buf) 289 { 290 char vendor[42]; 291 struct fw_vendor *vp; 292 293 if (cam_dev == NULL) 294 return (NULL); 295 296 if (ident_buf != NULL) { 297 cam_strvis((u_char *)vendor, ident_buf->model, 298 sizeof(ident_buf->model), sizeof(vendor)); 299 for (vp = vendors_list; vp->pattern != NULL; vp++) { 300 if (vp->type == VENDOR_ATA) 301 return (vp); 302 } 303 } else { 304 cam_strvis((u_char *)vendor, (u_char *)cam_dev->inq_data.vendor, 305 sizeof(cam_dev->inq_data.vendor), sizeof(vendor)); 306 } 307 for (vp = vendors_list; vp->pattern != NULL; vp++) { 308 if (!cam_strmatch((const u_char *)vendor, 309 (const u_char *)vp->pattern, strlen(vendor))) { 310 if ((vp->dev_type == T_ANY) 311 || (vp->dev_type == SID_TYPE(&cam_dev->inq_data))) 312 break; 313 } 314 } 315 return (vp); 316 } 317 318 static int 319 fw_get_timeout(struct cam_device *cam_dev, struct fw_vendor *vp, 320 int task_attr, int retry_count, int timeout) 321 { 322 struct scsi_report_supported_opcodes_one *one; 323 struct scsi_report_supported_opcodes_timeout *td; 324 uint8_t *buf = NULL; 325 uint32_t fill_len = 0, cdb_len = 0, rec_timeout = 0; 326 int retval = 0; 327 328 /* 329 * If the user has specified a timeout on the command line, we let 330 * him override any default or probed value. 331 */ 332 if (timeout != 0) { 333 vp->timeout_type = FW_TIMEOUT_USER_SPEC; 334 vp->timeout_ms = timeout; 335 goto bailout; 336 } 337 338 /* 339 * Check to see whether we should probe for a timeout for this 340 * device. 341 */ 342 if (vp->timeout_type == FW_TIMEOUT_NO_PROBE) 343 goto bailout; 344 345 retval = scsigetopcodes(/*device*/ cam_dev, 346 /*opcode_set*/ 1, 347 /*opcode*/ WRITE_BUFFER, 348 /*show_sa_errors*/ 1, 349 /*sa_set*/ 0, 350 /*service_action*/ 0, 351 /*timeout_desc*/ 1, 352 /*task_attr*/ task_attr, 353 /*retry_count*/ retry_count, 354 /*timeout*/ 10000, 355 /*verbose*/ 0, 356 /*fill_len*/ &fill_len, 357 /*data_ptr*/ &buf); 358 /* 359 * It isn't an error if we can't get a timeout descriptor. We just 360 * continue on with the default timeout. 361 */ 362 if (retval != 0) { 363 retval = 0; 364 goto bailout; 365 } 366 367 /* 368 * Even if the drive didn't return a SCSI error, if we don't have 369 * enough data to contain the one opcode descriptor, the CDB 370 * structure and a timeout descriptor, we don't have the timeout 371 * value we're looking for. So we'll just fall back to the 372 * default value. 373 */ 374 if (fill_len < (sizeof(*one) + sizeof(struct scsi_write_buffer) + 375 sizeof(*td))) 376 goto bailout; 377 378 one = (struct scsi_report_supported_opcodes_one *)buf; 379 380 /* 381 * If the drive claims to not support the WRITE BUFFER command... 382 * fall back to the default timeout value and let things fail on 383 * the actual firmware download. 384 */ 385 if ((one->support & RSO_ONE_SUP_MASK) == RSO_ONE_SUP_NOT_SUP) 386 goto bailout; 387 388 cdb_len = scsi_2btoul(one->cdb_length); 389 td = (struct scsi_report_supported_opcodes_timeout *) 390 &buf[sizeof(*one) + cdb_len]; 391 392 rec_timeout = scsi_4btoul(td->recommended_time); 393 /* 394 * If the recommended timeout is 0, then the device has probably 395 * returned a bogus value. 396 */ 397 if (rec_timeout == 0) 398 goto bailout; 399 400 /* CAM timeouts are in ms */ 401 rec_timeout *= 1000; 402 403 vp->timeout_ms = rec_timeout; 404 vp->timeout_type = FW_TIMEOUT_DEV_REPORTED; 405 406 bailout: 407 return (retval); 408 } 409 410 #define SVPD_IBM_FW_DESIGNATION 0x03 411 412 /* 413 * IBM LTO and TS tape drives have an INQUIRY VPD page 0x3 with the following 414 * format: 415 */ 416 struct fw_ibm_tape_fw_designation { 417 uint8_t device; 418 uint8_t page_code; 419 uint8_t reserved; 420 uint8_t length; 421 uint8_t ascii_length; 422 uint8_t reserved2[3]; 423 uint8_t load_id[4]; 424 uint8_t fw_rev[4]; 425 uint8_t ptf_number[4]; 426 uint8_t patch_number[4]; 427 uint8_t ru_name[8]; 428 uint8_t lib_seq_num[5]; 429 }; 430 431 /* 432 * The firmware for IBM tape drives has the following header format. The 433 * load_id and ru_name in the header file should match what is returned in 434 * VPD page 0x3. 435 */ 436 struct fw_ibm_tape_fw_header { 437 uint8_t unspec[4]; 438 uint8_t length[4]; /* Firmware and header! */ 439 uint8_t load_id[4]; 440 uint8_t fw_rev[4]; 441 uint8_t reserved[8]; 442 uint8_t ru_name[8]; 443 }; 444 445 static int 446 fw_validate_ibm(struct cam_device *dev, int retry_count, int timeout, int fd, 447 char *buf, const char *fw_img_path, int quiet) 448 { 449 union ccb *ccb; 450 struct fw_ibm_tape_fw_designation vpd_page; 451 struct fw_ibm_tape_fw_header *header; 452 char drive_rev[sizeof(vpd_page.fw_rev) + 1]; 453 char file_rev[sizeof(vpd_page.fw_rev) + 1]; 454 int retval = 1; 455 456 ccb = cam_getccb(dev); 457 if (ccb == NULL) { 458 warnx("couldn't allocate CCB"); 459 goto bailout; 460 } 461 462 /* cam_getccb cleans up the header, caller has to zero the payload */ 463 CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio); 464 465 bzero(&vpd_page, sizeof(vpd_page)); 466 467 scsi_inquiry(&ccb->csio, 468 /*retries*/ retry_count, 469 /*cbfcnp*/ NULL, 470 /* tag_action */ MSG_SIMPLE_Q_TAG, 471 /* inq_buf */ (u_int8_t *)&vpd_page, 472 /* inq_len */ sizeof(vpd_page), 473 /* evpd */ 1, 474 /* page_code */ SVPD_IBM_FW_DESIGNATION, 475 /* sense_len */ SSD_FULL_SIZE, 476 /* timeout */ timeout ? timeout : 5000); 477 478 /* Disable freezing the device queue */ 479 ccb->ccb_h.flags |= CAM_DEV_QFRZDIS; 480 481 if (retry_count != 0) 482 ccb->ccb_h.flags |= CAM_PASS_ERR_RECOVER; 483 484 if (cam_send_ccb(dev, ccb) < 0) { 485 warn("error getting firmware designation page"); 486 487 cam_error_print(dev, ccb, CAM_ESF_ALL, 488 CAM_EPF_ALL, stderr); 489 490 cam_freeccb(ccb); 491 ccb = NULL; 492 goto bailout; 493 } 494 495 if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) { 496 cam_error_print(dev, ccb, CAM_ESF_ALL, 497 CAM_EPF_ALL, stderr); 498 goto bailout; 499 } 500 501 /* 502 * Read the firmware header only. 503 */ 504 if (read(fd, buf, sizeof(*header)) != sizeof(*header)) { 505 warn("unable to read %zu bytes from %s", sizeof(*header), 506 fw_img_path); 507 goto bailout; 508 } 509 510 /* Rewind the file back to 0 for the full file read. */ 511 if (lseek(fd, 0, SEEK_SET) == -1) { 512 warn("Unable to lseek"); 513 goto bailout; 514 } 515 516 header = (struct fw_ibm_tape_fw_header *)buf; 517 518 bzero(drive_rev, sizeof(drive_rev)); 519 bcopy(vpd_page.fw_rev, drive_rev, sizeof(vpd_page.fw_rev)); 520 bzero(file_rev, sizeof(file_rev)); 521 bcopy(header->fw_rev, file_rev, sizeof(header->fw_rev)); 522 523 if (quiet == 0) { 524 fprintf(stdout, "Current Drive Firmware version: %s\n", 525 drive_rev); 526 fprintf(stdout, "Firmware File version: %s\n", file_rev); 527 } 528 529 /* 530 * For IBM tape drives the load ID and RU name reported by the 531 * drive should match what is in the firmware file. 532 */ 533 if (bcmp(vpd_page.load_id, header->load_id, 534 MIN(sizeof(vpd_page.load_id), sizeof(header->load_id))) != 0) { 535 warnx("Drive Firmware load ID 0x%x does not match firmware " 536 "file load ID 0x%x", scsi_4btoul(vpd_page.load_id), 537 scsi_4btoul(header->load_id)); 538 goto bailout; 539 } 540 541 if (bcmp(vpd_page.ru_name, header->ru_name, 542 MIN(sizeof(vpd_page.ru_name), sizeof(header->ru_name))) != 0) { 543 warnx("Drive Firmware RU name 0x%jx does not match firmware " 544 "file RU name 0x%jx", 545 (uintmax_t)scsi_8btou64(vpd_page.ru_name), 546 (uintmax_t)scsi_8btou64(header->ru_name)); 547 goto bailout; 548 } 549 if (quiet == 0) 550 fprintf(stdout, "Firmware file is valid for this drive.\n"); 551 retval = 0; 552 bailout: 553 cam_freeccb(ccb); 554 555 return (retval); 556 } 557 558 /* 559 * Allocate a buffer and read fw image file into it 560 * from given path. Number of bytes read is stored 561 * in num_bytes. 562 */ 563 static char * 564 fw_read_img(struct cam_device *dev, int retry_count, int timeout, int quiet, 565 const char *fw_img_path, struct fw_vendor *vp, int *num_bytes) 566 { 567 int fd; 568 struct stat stbuf; 569 char *buf; 570 off_t img_size; 571 int skip_bytes = 0; 572 573 if ((fd = open(fw_img_path, O_RDONLY)) < 0) { 574 warn("Could not open image file %s", fw_img_path); 575 return (NULL); 576 } 577 if (fstat(fd, &stbuf) < 0) { 578 warn("Could not stat image file %s", fw_img_path); 579 goto bailout1; 580 } 581 if ((img_size = stbuf.st_size) == 0) { 582 warnx("Zero length image file %s", fw_img_path); 583 goto bailout1; 584 } 585 if ((buf = malloc(img_size)) == NULL) { 586 warnx("Could not allocate buffer to read image file %s", 587 fw_img_path); 588 goto bailout1; 589 } 590 /* Skip headers if applicable. */ 591 switch (vp->type) { 592 case VENDOR_SEAGATE: 593 if (read(fd, buf, 16) != 16) { 594 warn("Could not read image file %s", fw_img_path); 595 goto bailout; 596 } 597 if (lseek(fd, 0, SEEK_SET) == -1) { 598 warn("Unable to lseek"); 599 goto bailout; 600 } 601 if ((strncmp(buf, "SEAGATE,SEAGATE ", 16) == 0) || 602 (img_size % 512 == 80)) 603 skip_bytes = 80; 604 break; 605 case VENDOR_QUALSTAR: 606 skip_bytes = img_size % 1030; 607 break; 608 case VENDOR_IBM: { 609 if (vp->dev_type != T_SEQUENTIAL) 610 break; 611 if (fw_validate_ibm(dev, retry_count, timeout, fd, buf, 612 fw_img_path, quiet) != 0) 613 goto bailout; 614 break; 615 } 616 default: 617 break; 618 } 619 if (skip_bytes != 0) { 620 fprintf(stdout, "Skipping %d byte header.\n", skip_bytes); 621 if (lseek(fd, skip_bytes, SEEK_SET) == -1) { 622 warn("Could not lseek"); 623 goto bailout; 624 } 625 img_size -= skip_bytes; 626 } 627 /* Read image into a buffer. */ 628 if (read(fd, buf, img_size) != img_size) { 629 warn("Could not read image file %s", fw_img_path); 630 goto bailout; 631 } 632 *num_bytes = img_size; 633 close(fd); 634 return (buf); 635 bailout: 636 free(buf); 637 bailout1: 638 close(fd); 639 *num_bytes = 0; 640 return (NULL); 641 } 642 643 /* 644 * Returns 0 for "success", where success means that the device has met the 645 * requirement in the vendor structure for being ready or not ready when 646 * firmware is downloaded. 647 * 648 * Returns 1 for a failure to be ready to accept a firmware download. 649 * (e.g., a drive needs to be ready, but returns not ready) 650 * 651 * Returns -1 for any other failure. 652 */ 653 static int 654 fw_check_device_ready(struct cam_device *dev, camcontrol_devtype devtype, 655 struct fw_vendor *vp, int printerrors, int timeout) 656 { 657 union ccb *ccb; 658 int retval = 0; 659 int16_t *ptr = NULL; 660 size_t dxfer_len = 0; 661 662 if ((ccb = cam_getccb(dev)) == NULL) { 663 warnx("Could not allocate CCB"); 664 retval = -1; 665 goto bailout; 666 } 667 668 CCB_CLEAR_ALL_EXCEPT_HDR(ccb); 669 670 if (devtype != CC_DT_SCSI) { 671 dxfer_len = sizeof(struct ata_params); 672 673 ptr = (uint16_t *)malloc(dxfer_len); 674 if (ptr == NULL) { 675 warnx("can't malloc memory for identify"); 676 retval = -1; 677 goto bailout; 678 } 679 bzero(ptr, dxfer_len); 680 } 681 682 switch (devtype) { 683 case CC_DT_SCSI: 684 scsi_test_unit_ready(&ccb->csio, 685 /*retries*/ 0, 686 /*cbfcnp*/ NULL, 687 /*tag_action*/ MSG_SIMPLE_Q_TAG, 688 /*sense_len*/ SSD_FULL_SIZE, 689 /*timeout*/ 5000); 690 break; 691 case CC_DT_ATA_BEHIND_SCSI: 692 case CC_DT_ATA: { 693 retval = build_ata_cmd(ccb, 694 /*retries*/ 1, 695 /*flags*/ CAM_DIR_IN, 696 /*tag_action*/ MSG_SIMPLE_Q_TAG, 697 /*protocol*/ AP_PROTO_PIO_IN, 698 /*ata_flags*/ AP_FLAG_BYT_BLOK_BYTES | 699 AP_FLAG_TLEN_SECT_CNT | 700 AP_FLAG_TDIR_FROM_DEV, 701 /*features*/ 0, 702 /*sector_count*/ (uint8_t) dxfer_len, 703 /*lba*/ 0, 704 /*command*/ ATA_ATA_IDENTIFY, 705 /*auxiliary*/ 0, 706 /*data_ptr*/ (uint8_t *)ptr, 707 /*dxfer_len*/ dxfer_len, 708 /*cdb_storage*/ NULL, 709 /*cdb_storage_len*/ 0, 710 /*sense_len*/ SSD_FULL_SIZE, 711 /*timeout*/ timeout ? timeout : 30 * 1000, 712 /*is48bit*/ 0, 713 /*devtype*/ devtype); 714 if (retval != 0) { 715 retval = -1; 716 warnx("%s: build_ata_cmd() failed, likely " 717 "programmer error", __func__); 718 goto bailout; 719 } 720 break; 721 } 722 default: 723 warnx("Unknown disk type %d", devtype); 724 retval = -1; 725 goto bailout; 726 break; /*NOTREACHED*/ 727 } 728 729 ccb->ccb_h.flags |= CAM_DEV_QFRZDIS; 730 731 retval = cam_send_ccb(dev, ccb); 732 if (retval != 0) { 733 warn("error sending %s CCB", (devtype == CC_DT_SCSI) ? 734 "Test Unit Ready" : "Identify"); 735 retval = -1; 736 goto bailout; 737 } 738 739 if (((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) 740 && (vp->tur_status == FW_TUR_READY)) { 741 warnx("Device is not ready"); 742 if (printerrors) 743 cam_error_print(dev, ccb, CAM_ESF_ALL, 744 CAM_EPF_ALL, stderr); 745 retval = 1; 746 goto bailout; 747 } else if (((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) 748 && (vp->tur_status == FW_TUR_NOT_READY)) { 749 warnx("Device cannot have media loaded when firmware is " 750 "downloaded"); 751 retval = 1; 752 goto bailout; 753 } 754 bailout: 755 free(ptr); 756 cam_freeccb(ccb); 757 758 return (retval); 759 } 760 761 /* 762 * Download firmware stored in buf to cam_dev. If simulation mode 763 * is enabled, only show what packet sizes would be sent to the 764 * device but do not sent any actual packets 765 */ 766 static int 767 fw_download_img(struct cam_device *cam_dev, struct fw_vendor *vp, 768 char *buf, int img_size, int sim_mode, int printerrors, int quiet, 769 int retry_count, int timeout, const char *imgname, 770 camcontrol_devtype devtype) 771 { 772 struct scsi_write_buffer cdb; 773 progress_t progress; 774 int size = 0; 775 union ccb *ccb = NULL; 776 int pkt_count = 0; 777 int max_pkt_size; 778 u_int32_t pkt_size = 0; 779 char *pkt_ptr = buf; 780 u_int32_t offset; 781 int last_pkt = 0; 782 int retval = 0; 783 784 /* 785 * Check to see whether the device is ready to accept a firmware 786 * download. 787 */ 788 retval = fw_check_device_ready(cam_dev, devtype, vp, printerrors, 789 timeout); 790 if (retval != 0) 791 goto bailout; 792 793 if ((ccb = cam_getccb(cam_dev)) == NULL) { 794 warnx("Could not allocate CCB"); 795 retval = 1; 796 goto bailout; 797 } 798 799 CCB_CLEAR_ALL_EXCEPT_HDR(ccb); 800 801 max_pkt_size = vp->max_pkt_size; 802 if (max_pkt_size == 0) 803 max_pkt_size = UNKNOWN_MAX_PKT_SIZE; 804 805 pkt_size = max_pkt_size; 806 progress_init(&progress, imgname, size = img_size); 807 /* Download single fw packets. */ 808 do { 809 if (img_size <= max_pkt_size) { 810 last_pkt = 1; 811 pkt_size = img_size; 812 } 813 progress_update(&progress, size - img_size); 814 if (((sim_mode == 0) && (quiet == 0)) 815 || ((sim_mode != 0) && (printerrors == 0))) 816 progress_draw(&progress); 817 bzero(&cdb, sizeof(cdb)); 818 switch (devtype) { 819 case CC_DT_SCSI: 820 cdb.opcode = WRITE_BUFFER; 821 cdb.control = 0; 822 /* Parameter list length. */ 823 scsi_ulto3b(pkt_size, &cdb.length[0]); 824 offset = vp->inc_cdb_offset ? (pkt_ptr - buf) : 0; 825 scsi_ulto3b(offset, &cdb.offset[0]); 826 cdb.byte2 = last_pkt ? vp->cdb_byte2_last : 827 vp->cdb_byte2; 828 cdb.buffer_id = vp->inc_cdb_buffer_id ? pkt_count : 0; 829 /* Zero out payload of ccb union after ccb header. */ 830 CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->csio); 831 /* 832 * Copy previously constructed cdb into ccb_scsiio 833 * struct. 834 */ 835 bcopy(&cdb, &ccb->csio.cdb_io.cdb_bytes[0], 836 sizeof(struct scsi_write_buffer)); 837 /* Fill rest of ccb_scsiio struct. */ 838 cam_fill_csio(&ccb->csio, /* ccb_scsiio*/ 839 retry_count, /* retries*/ 840 NULL, /* cbfcnp*/ 841 CAM_DIR_OUT | CAM_DEV_QFRZDIS, /* flags*/ 842 CAM_TAG_ACTION_NONE, /* tag_action*/ 843 (u_char *)pkt_ptr, /* data_ptr*/ 844 pkt_size, /* dxfer_len*/ 845 SSD_FULL_SIZE, /* sense_len*/ 846 sizeof(struct scsi_write_buffer), /* cdb_len*/ 847 timeout ? timeout : WB_TIMEOUT); /* timeout*/ 848 break; 849 case CC_DT_ATA: 850 case CC_DT_ATA_BEHIND_SCSI: { 851 uint32_t off; 852 853 off = (uint32_t)(pkt_ptr - buf); 854 855 retval = build_ata_cmd(ccb, 856 /*retry_count*/ retry_count, 857 /*flags*/ CAM_DIR_OUT | CAM_DEV_QFRZDIS, 858 /*tag_action*/ CAM_TAG_ACTION_NONE, 859 /*protocol*/ AP_PROTO_PIO_OUT, 860 /*ata_flags*/ AP_FLAG_BYT_BLOK_BYTES | 861 AP_FLAG_TLEN_SECT_CNT | 862 AP_FLAG_TDIR_TO_DEV, 863 /*features*/ USE_OFFSETS_FEATURE, 864 /*sector_count*/ ATA_MAKE_SECTORS(pkt_size), 865 /*lba*/ ATA_MAKE_LBA(off, pkt_size), 866 /*command*/ ATA_DOWNLOAD_MICROCODE, 867 /*auxiliary*/ 0, 868 /*data_ptr*/ (uint8_t *)pkt_ptr, 869 /*dxfer_len*/ pkt_size, 870 /*cdb_storage*/ NULL, 871 /*cdb_storage_len*/ 0, 872 /*sense_len*/ SSD_FULL_SIZE, 873 /*timeout*/ timeout ? timeout : WB_TIMEOUT, 874 /*is48bit*/ 0, 875 /*devtype*/ devtype); 876 877 if (retval != 0) { 878 warnx("%s: build_ata_cmd() failed, likely " 879 "programmer error", __func__); 880 goto bailout; 881 } 882 break; 883 } 884 default: 885 warnx("Unknown device type %d", devtype); 886 retval = 1; 887 goto bailout; 888 break; /*NOTREACHED*/ 889 } 890 if (!sim_mode) { 891 /* Execute the command. */ 892 if (cam_send_ccb(cam_dev, ccb) < 0 || 893 (ccb->ccb_h.status & CAM_STATUS_MASK) != 894 CAM_REQ_CMP) { 895 warnx("Error writing image to device"); 896 if (printerrors) 897 cam_error_print(cam_dev, ccb, 898 CAM_ESF_ALL, CAM_EPF_ALL, stderr); 899 retval = 1; 900 goto bailout; 901 } 902 } else if (printerrors) { 903 cam_error_print(cam_dev, ccb, CAM_ESF_COMMAND, 0, 904 stdout); 905 } 906 907 /* Prepare next round. */ 908 pkt_count++; 909 pkt_ptr += pkt_size; 910 img_size -= pkt_size; 911 } while(!last_pkt); 912 bailout: 913 if (quiet == 0) 914 progress_complete(&progress, size - img_size); 915 cam_freeccb(ccb); 916 return (retval); 917 } 918 919 int 920 fwdownload(struct cam_device *device, int argc, char **argv, 921 char *combinedopt, int printerrors, int task_attr, int retry_count, 922 int timeout) 923 { 924 union ccb *ccb = NULL; 925 struct fw_vendor *vp; 926 char *fw_img_path = NULL; 927 struct ata_params *ident_buf = NULL; 928 camcontrol_devtype devtype; 929 char *buf = NULL; 930 int img_size; 931 int c; 932 int sim_mode = 0; 933 int confirmed = 0; 934 int quiet = 0; 935 int retval = 0; 936 937 while ((c = getopt(argc, argv, combinedopt)) != -1) { 938 switch (c) { 939 case 'f': 940 fw_img_path = optarg; 941 break; 942 case 'q': 943 quiet = 1; 944 break; 945 case 's': 946 sim_mode = 1; 947 break; 948 case 'y': 949 confirmed = 1; 950 break; 951 default: 952 break; 953 } 954 } 955 956 if (fw_img_path == NULL) 957 errx(1, "you must specify a firmware image file using -f " 958 "option"); 959 960 retval = get_device_type(device, retry_count, timeout, printerrors, 961 &devtype); 962 if (retval != 0) 963 errx(1, "Unable to determine device type"); 964 965 if ((devtype == CC_DT_ATA) 966 || (devtype == CC_DT_ATA_BEHIND_SCSI)) { 967 ccb = cam_getccb(device); 968 if (ccb == NULL) { 969 warnx("couldn't allocate CCB"); 970 retval = 1; 971 goto bailout; 972 } 973 974 if (ata_do_identify(device, retry_count, timeout, ccb, 975 &ident_buf) != 0) { 976 retval = 1; 977 goto bailout; 978 } 979 } else if (devtype != CC_DT_SCSI) 980 errx(1, "Unsupported device type %d", devtype); 981 982 vp = fw_get_vendor(device, ident_buf); 983 /* 984 * Bail out if we have an unknown vendor and this isn't an ATA 985 * disk. For a SCSI disk, we have no chance of working properly 986 * with the default values in the VENDOR_UNKNOWN case. For an ATA 987 * disk connected via an ATA transport, we may work for drives that 988 * support the ATA_DOWNLOAD_MICROCODE command. 989 */ 990 if (((vp == NULL) 991 || (vp->type == VENDOR_UNKNOWN)) 992 && (devtype == CC_DT_SCSI)) 993 errx(1, "Unsupported device"); 994 995 retval = fw_get_timeout(device, vp, task_attr, retry_count, timeout); 996 if (retval != 0) { 997 warnx("Unable to get a firmware download timeout value"); 998 goto bailout; 999 } 1000 1001 buf = fw_read_img(device, retry_count, timeout, quiet, fw_img_path, 1002 vp, &img_size); 1003 if (buf == NULL) { 1004 retval = 1; 1005 goto bailout; 1006 } 1007 1008 if (!confirmed) { 1009 fprintf(stdout, "You are about to download firmware image (%s)" 1010 " into the following device:\n", 1011 fw_img_path); 1012 if (devtype == CC_DT_SCSI) { 1013 if (scsidoinquiry(device, argc, argv, combinedopt, 1014 MSG_SIMPLE_Q_TAG, 0, 5000) != 0) { 1015 warnx("Error sending inquiry"); 1016 retval = 1; 1017 goto bailout; 1018 } 1019 } else { 1020 printf("%s%d: ", device->device_name, 1021 device->dev_unit_num); 1022 ata_print_ident(ident_buf); 1023 camxferrate(device); 1024 free(ident_buf); 1025 } 1026 fprintf(stdout, "Using a timeout of %u ms, which is %s.\n", 1027 vp->timeout_ms, 1028 fw_timeout_desc_table[vp->timeout_type].timeout_desc); 1029 fprintf(stdout, "\nIt may damage your drive. "); 1030 if (!get_confirmation()) { 1031 retval = 1; 1032 goto bailout; 1033 } 1034 } 1035 if ((sim_mode != 0) && (quiet == 0)) 1036 fprintf(stdout, "Running in simulation mode\n"); 1037 1038 if (fw_download_img(device, vp, buf, img_size, sim_mode, printerrors, 1039 quiet, retry_count, vp->timeout_ms, fw_img_path, devtype) != 0) { 1040 fprintf(stderr, "Firmware download failed\n"); 1041 retval = 1; 1042 goto bailout; 1043 } else if (quiet == 0) 1044 fprintf(stdout, "Firmware download successful\n"); 1045 1046 bailout: 1047 cam_freeccb(ccb); 1048 free(buf); 1049 return (retval); 1050 } 1051 1052