xref: /freebsd/sys/dev/usb/storage/umass.c (revision d13def78ccef6dbc25c2e197089ee5fc4d7b82c3)
1 #include <sys/cdefs.h>
2 __FBSDID("$FreeBSD$");
3 
4 /*-
5  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
6  *
7  * Copyright (c) 1999 MAEKAWA Masahide <bishop@rr.iij4u.or.jp>,
8  *		      Nick Hibma <n_hibma@FreeBSD.org>
9  * All rights reserved.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  *	$FreeBSD$
33  *	$NetBSD: umass.c,v 1.28 2000/04/02 23:46:53 augustss Exp $
34  */
35 
36 /* Also already merged from NetBSD:
37  *	$NetBSD: umass.c,v 1.67 2001/11/25 19:05:22 augustss Exp $
38  *	$NetBSD: umass.c,v 1.90 2002/11/04 19:17:33 pooka Exp $
39  *	$NetBSD: umass.c,v 1.108 2003/11/07 17:03:25 wiz Exp $
40  *	$NetBSD: umass.c,v 1.109 2003/12/04 13:57:31 keihan Exp $
41  */
42 
43 /*
44  * Universal Serial Bus Mass Storage Class specs:
45  * http://www.usb.org/developers/devclass_docs/usb_msc_overview_1.2.pdf
46  * http://www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
47  * http://www.usb.org/developers/devclass_docs/usb_msc_cbi_1.1.pdf
48  * http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf
49  */
50 
51 /*
52  * Ported to NetBSD by Lennart Augustsson <augustss@NetBSD.org>.
53  * Parts of the code written by Jason R. Thorpe <thorpej@shagadelic.org>.
54  */
55 
56 /*
57  * The driver handles 3 Wire Protocols
58  * - Command/Bulk/Interrupt (CBI)
59  * - Command/Bulk/Interrupt with Command Completion Interrupt (CBI with CCI)
60  * - Mass Storage Bulk-Only (BBB)
61  *   (BBB refers Bulk/Bulk/Bulk for Command/Data/Status phases)
62  *
63  * Over these wire protocols it handles the following command protocols
64  * - SCSI
65  * - UFI (floppy command set)
66  * - 8070i (ATAPI)
67  *
68  * UFI and 8070i (ATAPI) are transformed versions of the SCSI command set. The
69  * sc->sc_transform method is used to convert the commands into the appropriate
70  * format (if at all necessary). For example, UFI requires all commands to be
71  * 12 bytes in length amongst other things.
72  *
73  * The source code below is marked and can be split into a number of pieces
74  * (in this order):
75  *
76  * - probe/attach/detach
77  * - generic transfer routines
78  * - BBB
79  * - CBI
80  * - CBI_I (in addition to functions from CBI)
81  * - CAM (Common Access Method)
82  * - SCSI
83  * - UFI
84  * - 8070i (ATAPI)
85  *
86  * The protocols are implemented using a state machine, for the transfers as
87  * well as for the resets. The state machine is contained in umass_t_*_callback.
88  * The state machine is started through either umass_command_start() or
89  * umass_reset().
90  *
91  * The reason for doing this is a) CAM performs a lot better this way and b) it
92  * avoids using tsleep from interrupt context (for example after a failed
93  * transfer).
94  */
95 
96 /*
97  * The SCSI related part of this driver has been derived from the
98  * dev/ppbus/vpo.c driver, by Nicolas Souchu (nsouch@FreeBSD.org).
99  *
100  * The CAM layer uses so called actions which are messages sent to the host
101  * adapter for completion. The actions come in through umass_cam_action. The
102  * appropriate block of routines is called depending on the transport protocol
103  * in use. When the transfer has finished, these routines call
104  * umass_cam_cb again to complete the CAM command.
105  */
106 
107 #include <sys/stdint.h>
108 #include <sys/stddef.h>
109 #include <sys/param.h>
110 #include <sys/queue.h>
111 #include <sys/types.h>
112 #include <sys/systm.h>
113 #include <sys/kernel.h>
114 #include <sys/bus.h>
115 #include <sys/module.h>
116 #include <sys/lock.h>
117 #include <sys/mutex.h>
118 #include <sys/condvar.h>
119 #include <sys/sysctl.h>
120 #include <sys/sx.h>
121 #include <sys/unistd.h>
122 #include <sys/callout.h>
123 #include <sys/malloc.h>
124 #include <sys/priv.h>
125 
126 #include <dev/usb/usb.h>
127 #include <dev/usb/usbdi.h>
128 #include <dev/usb/usbdi_util.h>
129 #include "usbdevs.h"
130 
131 #include <dev/usb/quirk/usb_quirk.h>
132 
133 #include <cam/cam.h>
134 #include <cam/cam_ccb.h>
135 #include <cam/cam_sim.h>
136 #include <cam/cam_xpt_sim.h>
137 #include <cam/scsi/scsi_all.h>
138 #include <cam/scsi/scsi_da.h>
139 
140 #include <cam/cam_periph.h>
141 
142 #ifdef USB_DEBUG
143 #define	DIF(m, x)				\
144   do {						\
145     if (umass_debug & (m)) { x ; }		\
146   } while (0)
147 
148 #define	DPRINTF(sc, m, fmt, ...)			\
149   do {							\
150     if (umass_debug & (m)) {				\
151         printf("%s:%s: " fmt,				\
152 	       (sc) ? (const char *)(sc)->sc_name :	\
153 	       (const char *)"umassX",			\
154 		__FUNCTION__ ,## __VA_ARGS__);		\
155     }							\
156   } while (0)
157 
158 #define	UDMASS_GEN	0x00010000	/* general */
159 #define	UDMASS_SCSI	0x00020000	/* scsi */
160 #define	UDMASS_UFI	0x00040000	/* ufi command set */
161 #define	UDMASS_ATAPI	0x00080000	/* 8070i command set */
162 #define	UDMASS_CMD	(UDMASS_SCSI|UDMASS_UFI|UDMASS_ATAPI)
163 #define	UDMASS_USB	0x00100000	/* USB general */
164 #define	UDMASS_BBB	0x00200000	/* Bulk-Only transfers */
165 #define	UDMASS_CBI	0x00400000	/* CBI transfers */
166 #define	UDMASS_WIRE	(UDMASS_BBB|UDMASS_CBI)
167 #define	UDMASS_ALL	0xffff0000	/* all of the above */
168 static int umass_debug;
169 static int umass_throttle;
170 
171 static SYSCTL_NODE(_hw_usb, OID_AUTO, umass, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
172     "USB umass");
173 SYSCTL_INT(_hw_usb_umass, OID_AUTO, debug, CTLFLAG_RWTUN,
174     &umass_debug, 0, "umass debug level");
175 SYSCTL_INT(_hw_usb_umass, OID_AUTO, throttle, CTLFLAG_RWTUN,
176     &umass_throttle, 0, "Forced delay between commands in milliseconds");
177 #else
178 #define	DIF(...) do { } while (0)
179 #define	DPRINTF(...) do { } while (0)
180 #endif
181 
182 #define	UMASS_BULK_SIZE (1 << 17)
183 #define	UMASS_CBI_DIAGNOSTIC_CMDLEN 12	/* bytes */
184 #define	UMASS_MAX_CMDLEN MAX(12, CAM_MAX_CDBLEN)	/* bytes */
185 
186 /* USB transfer definitions */
187 
188 #define	UMASS_T_BBB_RESET1      0	/* Bulk-Only */
189 #define	UMASS_T_BBB_RESET2      1
190 #define	UMASS_T_BBB_RESET3      2
191 #define	UMASS_T_BBB_COMMAND     3
192 #define	UMASS_T_BBB_DATA_READ   4
193 #define	UMASS_T_BBB_DATA_RD_CS  5
194 #define	UMASS_T_BBB_DATA_WRITE  6
195 #define	UMASS_T_BBB_DATA_WR_CS  7
196 #define	UMASS_T_BBB_STATUS      8
197 #define	UMASS_T_BBB_MAX         9
198 
199 #define	UMASS_T_CBI_RESET1      0	/* CBI */
200 #define	UMASS_T_CBI_RESET2      1
201 #define	UMASS_T_CBI_RESET3      2
202 #define	UMASS_T_CBI_COMMAND     3
203 #define	UMASS_T_CBI_DATA_READ   4
204 #define	UMASS_T_CBI_DATA_RD_CS  5
205 #define	UMASS_T_CBI_DATA_WRITE  6
206 #define	UMASS_T_CBI_DATA_WR_CS  7
207 #define	UMASS_T_CBI_STATUS      8
208 #define	UMASS_T_CBI_RESET4      9
209 #define	UMASS_T_CBI_MAX        10
210 
211 #define	UMASS_T_MAX MAX(UMASS_T_CBI_MAX, UMASS_T_BBB_MAX)
212 
213 /* Generic definitions */
214 
215 /* Direction for transfer */
216 #define	DIR_NONE	0
217 #define	DIR_IN		1
218 #define	DIR_OUT		2
219 
220 /* device name */
221 #define	DEVNAME		"umass"
222 #define	DEVNAME_SIM	"umass-sim"
223 
224 /* Approximate maximum transfer speeds (assumes 33% overhead). */
225 #define	UMASS_FULL_TRANSFER_SPEED	1000
226 #define	UMASS_HIGH_TRANSFER_SPEED	40000
227 #define	UMASS_SUPER_TRANSFER_SPEED	400000
228 #define	UMASS_FLOPPY_TRANSFER_SPEED	20
229 
230 #define	UMASS_TIMEOUT			5000	/* ms */
231 
232 /* CAM specific definitions */
233 
234 #define	UMASS_SCSIID_MAX	1	/* maximum number of drives expected */
235 #define	UMASS_SCSIID_HOST	UMASS_SCSIID_MAX
236 
237 /* Bulk-Only features */
238 
239 #define	UR_BBB_RESET		0xff	/* Bulk-Only reset */
240 #define	UR_BBB_GET_MAX_LUN	0xfe	/* Get maximum lun */
241 
242 /* Command Block Wrapper */
243 typedef struct {
244 	uDWord	dCBWSignature;
245 #define	CBWSIGNATURE	0x43425355
246 	uDWord	dCBWTag;
247 	uDWord	dCBWDataTransferLength;
248 	uByte	bCBWFlags;
249 #define	CBWFLAGS_OUT	0x00
250 #define	CBWFLAGS_IN	0x80
251 	uByte	bCBWLUN;
252 	uByte	bCDBLength;
253 #define	CBWCDBLENGTH	16
254 	uByte	CBWCDB[CBWCDBLENGTH];
255 } __packed umass_bbb_cbw_t;
256 
257 #define	UMASS_BBB_CBW_SIZE	31
258 
259 /* Command Status Wrapper */
260 typedef struct {
261 	uDWord	dCSWSignature;
262 #define	CSWSIGNATURE	0x53425355
263 #define	CSWSIGNATURE_IMAGINATION_DBX1	0x43425355
264 #define	CSWSIGNATURE_OLYMPUS_C1	0x55425355
265 	uDWord	dCSWTag;
266 	uDWord	dCSWDataResidue;
267 	uByte	bCSWStatus;
268 #define	CSWSTATUS_GOOD	0x0
269 #define	CSWSTATUS_FAILED	0x1
270 #define	CSWSTATUS_PHASE	0x2
271 } __packed umass_bbb_csw_t;
272 
273 #define	UMASS_BBB_CSW_SIZE	13
274 
275 /* CBI features */
276 
277 #define	UR_CBI_ADSC	0x00
278 
279 typedef union {
280 	struct {
281 		uint8_t	type;
282 #define	IDB_TYPE_CCI		0x00
283 		uint8_t	value;
284 #define	IDB_VALUE_PASS		0x00
285 #define	IDB_VALUE_FAIL		0x01
286 #define	IDB_VALUE_PHASE		0x02
287 #define	IDB_VALUE_PERSISTENT	0x03
288 #define	IDB_VALUE_STATUS_MASK	0x03
289 	} __packed common;
290 
291 	struct {
292 		uint8_t	asc;
293 		uint8_t	ascq;
294 	} __packed ufi;
295 } __packed umass_cbi_sbl_t;
296 
297 struct umass_softc;			/* see below */
298 
299 typedef void (umass_callback_t)(struct umass_softc *sc, union ccb *ccb,
300     	uint32_t residue, uint8_t status);
301 
302 #define	STATUS_CMD_OK		0	/* everything ok */
303 #define	STATUS_CMD_UNKNOWN	1	/* will have to fetch sense */
304 #define	STATUS_CMD_FAILED	2	/* transfer was ok, command failed */
305 #define	STATUS_WIRE_FAILED	3	/* couldn't even get command across */
306 
307 typedef uint8_t (umass_transform_t)(struct umass_softc *sc, uint8_t *cmd_ptr,
308     	uint8_t cmd_len);
309 
310 /* Wire and command protocol */
311 #define	UMASS_PROTO_BBB		0x0001	/* USB wire protocol */
312 #define	UMASS_PROTO_CBI		0x0002
313 #define	UMASS_PROTO_CBI_I	0x0004
314 #define	UMASS_PROTO_WIRE	0x00ff	/* USB wire protocol mask */
315 #define	UMASS_PROTO_SCSI	0x0100	/* command protocol */
316 #define	UMASS_PROTO_ATAPI	0x0200
317 #define	UMASS_PROTO_UFI		0x0400
318 #define	UMASS_PROTO_RBC		0x0800
319 #define	UMASS_PROTO_COMMAND	0xff00	/* command protocol mask */
320 
321 /* Device specific quirks */
322 #define	NO_QUIRKS		0x0000
323 	/*
324 	 * The drive does not support Test Unit Ready. Convert to Start Unit
325 	 */
326 #define	NO_TEST_UNIT_READY	0x0001
327 	/*
328 	 * The drive does not reset the Unit Attention state after REQUEST
329 	 * SENSE has been sent. The INQUIRY command does not reset the UA
330 	 * either, and so CAM runs in circles trying to retrieve the initial
331 	 * INQUIRY data.
332 	 */
333 #define	RS_NO_CLEAR_UA		0x0002
334 	/* The drive does not support START STOP.  */
335 #define	NO_START_STOP		0x0004
336 	/* Don't ask for full inquiry data (255b).  */
337 #define	FORCE_SHORT_INQUIRY	0x0008
338 	/* Needs to be initialised the Shuttle way */
339 #define	SHUTTLE_INIT		0x0010
340 	/* Drive needs to be switched to alternate iface 1 */
341 #define	ALT_IFACE_1		0x0020
342 	/* Drive does not do 1Mb/s, but just floppy speeds (20kb/s) */
343 #define	FLOPPY_SPEED		0x0040
344 	/* The device can't count and gets the residue of transfers wrong */
345 #define	IGNORE_RESIDUE		0x0080
346 	/* No GetMaxLun call */
347 #define	NO_GETMAXLUN		0x0100
348 	/* The device uses a weird CSWSIGNATURE. */
349 #define	WRONG_CSWSIG		0x0200
350 	/* Device cannot handle INQUIRY so fake a generic response */
351 #define	NO_INQUIRY		0x0400
352 	/* Device cannot handle INQUIRY EVPD, return CHECK CONDITION */
353 #define	NO_INQUIRY_EVPD		0x0800
354 	/* Pad all RBC requests to 12 bytes. */
355 #define	RBC_PAD_TO_12		0x1000
356 	/*
357 	 * Device reports number of sectors from READ_CAPACITY, not max
358 	 * sector number.
359 	 */
360 #define	READ_CAPACITY_OFFBY1	0x2000
361 	/*
362 	 * Device cannot handle a SCSI synchronize cache command.  Normally
363 	 * this quirk would be handled in the cam layer, but for IDE bridges
364 	 * we need to associate the quirk with the bridge and not the
365 	 * underlying disk device.  This is handled by faking a success
366 	 * result.
367 	 */
368 #define	NO_SYNCHRONIZE_CACHE	0x4000
369 	/* Device does not support 'PREVENT/ALLOW MEDIUM REMOVAL'. */
370 #define	NO_PREVENT_ALLOW	0x8000
371 
372 struct umass_softc {
373 
374 	struct scsi_sense cam_scsi_sense;
375 	struct scsi_test_unit_ready cam_scsi_test_unit_ready;
376 	struct mtx sc_mtx;
377 	struct {
378 		uint8_t *data_ptr;
379 		union ccb *ccb;
380 		umass_callback_t *callback;
381 
382 		uint32_t data_len;	/* bytes */
383 		uint32_t data_rem;	/* bytes */
384 		uint32_t data_timeout;	/* ms */
385 		uint32_t actlen;	/* bytes */
386 
387 		uint8_t	cmd_data[UMASS_MAX_CMDLEN];
388 		uint8_t	cmd_len;	/* bytes */
389 		uint8_t	dir;
390 		uint8_t	lun;
391 	}	sc_transfer;
392 
393 	/* Bulk specific variables for transfers in progress */
394 	umass_bbb_cbw_t cbw;		/* command block wrapper */
395 	umass_bbb_csw_t csw;		/* command status wrapper */
396 
397 	/* CBI specific variables for transfers in progress */
398 	umass_cbi_sbl_t sbl;		/* status block */
399 
400 	device_t sc_dev;
401 	struct usb_device *sc_udev;
402 	struct cam_sim *sc_sim;		/* SCSI Interface Module */
403 	struct usb_xfer *sc_xfer[UMASS_T_MAX];
404 
405 	/*
406 	 * The command transform function is used to convert the SCSI
407 	 * commands into their derivatives, like UFI, ATAPI, and friends.
408 	 */
409 	umass_transform_t *sc_transform;
410 
411 	uint32_t sc_unit;
412 	uint32_t sc_quirks;		/* they got it almost right */
413 	uint32_t sc_proto;		/* wire and cmd protocol */
414 
415 	uint8_t	sc_name[16];
416 	uint8_t	sc_iface_no;		/* interface number */
417 	uint8_t	sc_maxlun;		/* maximum LUN number, inclusive */
418 	uint8_t	sc_last_xfer_index;
419 	uint8_t	sc_status_try;
420 };
421 
422 struct umass_probe_proto {
423 	uint32_t quirks;
424 	uint32_t proto;
425 
426 	int	error;
427 };
428 
429 /* prototypes */
430 
431 static device_probe_t umass_probe;
432 static device_attach_t umass_attach;
433 static device_detach_t umass_detach;
434 
435 static usb_callback_t umass_tr_error;
436 static usb_callback_t umass_t_bbb_reset1_callback;
437 static usb_callback_t umass_t_bbb_reset2_callback;
438 static usb_callback_t umass_t_bbb_reset3_callback;
439 static usb_callback_t umass_t_bbb_command_callback;
440 static usb_callback_t umass_t_bbb_data_read_callback;
441 static usb_callback_t umass_t_bbb_data_rd_cs_callback;
442 static usb_callback_t umass_t_bbb_data_write_callback;
443 static usb_callback_t umass_t_bbb_data_wr_cs_callback;
444 static usb_callback_t umass_t_bbb_status_callback;
445 static usb_callback_t umass_t_cbi_reset1_callback;
446 static usb_callback_t umass_t_cbi_reset2_callback;
447 static usb_callback_t umass_t_cbi_reset3_callback;
448 static usb_callback_t umass_t_cbi_reset4_callback;
449 static usb_callback_t umass_t_cbi_command_callback;
450 static usb_callback_t umass_t_cbi_data_read_callback;
451 static usb_callback_t umass_t_cbi_data_rd_cs_callback;
452 static usb_callback_t umass_t_cbi_data_write_callback;
453 static usb_callback_t umass_t_cbi_data_wr_cs_callback;
454 static usb_callback_t umass_t_cbi_status_callback;
455 
456 static void	umass_cancel_ccb(struct umass_softc *);
457 static void	umass_init_shuttle(struct umass_softc *);
458 static void	umass_reset(struct umass_softc *);
459 static void	umass_t_bbb_data_clear_stall_callback(struct usb_xfer *,
460 		    uint8_t, uint8_t, usb_error_t);
461 static void	umass_command_start(struct umass_softc *, uint8_t, void *,
462 		    uint32_t, uint32_t, umass_callback_t *, union ccb *);
463 static uint8_t	umass_bbb_get_max_lun(struct umass_softc *);
464 static void	umass_cbi_start_status(struct umass_softc *);
465 static void	umass_t_cbi_data_clear_stall_callback(struct usb_xfer *,
466 		    uint8_t, uint8_t, usb_error_t);
467 static int	umass_cam_attach_sim(struct umass_softc *);
468 static void	umass_cam_attach(struct umass_softc *);
469 static void	umass_cam_detach_sim(struct umass_softc *);
470 static void	umass_cam_action(struct cam_sim *, union ccb *);
471 static void	umass_cam_poll(struct cam_sim *);
472 static void	umass_cam_cb(struct umass_softc *, union ccb *, uint32_t,
473 		    uint8_t);
474 static void	umass_cam_sense_cb(struct umass_softc *, union ccb *, uint32_t,
475 		    uint8_t);
476 static void	umass_cam_quirk_cb(struct umass_softc *, union ccb *, uint32_t,
477 		    uint8_t);
478 static uint8_t	umass_scsi_transform(struct umass_softc *, uint8_t *, uint8_t);
479 static uint8_t	umass_rbc_transform(struct umass_softc *, uint8_t *, uint8_t);
480 static uint8_t	umass_ufi_transform(struct umass_softc *, uint8_t *, uint8_t);
481 static uint8_t	umass_atapi_transform(struct umass_softc *, uint8_t *,
482 		    uint8_t);
483 static uint8_t	umass_no_transform(struct umass_softc *, uint8_t *, uint8_t);
484 static uint8_t	umass_std_transform(struct umass_softc *, union ccb *, uint8_t
485 		    *, uint8_t);
486 
487 #ifdef USB_DEBUG
488 static void	umass_bbb_dump_cbw(struct umass_softc *, umass_bbb_cbw_t *);
489 static void	umass_bbb_dump_csw(struct umass_softc *, umass_bbb_csw_t *);
490 static void	umass_cbi_dump_cmd(struct umass_softc *, void *, uint8_t);
491 static void	umass_dump_buffer(struct umass_softc *, uint8_t *, uint32_t,
492 		    uint32_t);
493 #endif
494 
495 static struct usb_config umass_bbb_config[UMASS_T_BBB_MAX] = {
496 
497 	[UMASS_T_BBB_RESET1] = {
498 		.type = UE_CONTROL,
499 		.endpoint = 0x00,	/* Control pipe */
500 		.direction = UE_DIR_ANY,
501 		.bufsize = sizeof(struct usb_device_request),
502 		.callback = &umass_t_bbb_reset1_callback,
503 		.timeout = 5000,	/* 5 seconds */
504 		.interval = 500,	/* 500 milliseconds */
505 	},
506 
507 	[UMASS_T_BBB_RESET2] = {
508 		.type = UE_CONTROL,
509 		.endpoint = 0x00,	/* Control pipe */
510 		.direction = UE_DIR_ANY,
511 		.bufsize = sizeof(struct usb_device_request),
512 		.callback = &umass_t_bbb_reset2_callback,
513 		.timeout = 5000,	/* 5 seconds */
514 		.interval = 50,	/* 50 milliseconds */
515 	},
516 
517 	[UMASS_T_BBB_RESET3] = {
518 		.type = UE_CONTROL,
519 		.endpoint = 0x00,	/* Control pipe */
520 		.direction = UE_DIR_ANY,
521 		.bufsize = sizeof(struct usb_device_request),
522 		.callback = &umass_t_bbb_reset3_callback,
523 		.timeout = 5000,	/* 5 seconds */
524 		.interval = 50,	/* 50 milliseconds */
525 	},
526 
527 	[UMASS_T_BBB_COMMAND] = {
528 		.type = UE_BULK,
529 		.endpoint = UE_ADDR_ANY,
530 		.direction = UE_DIR_OUT,
531 		.bufsize = sizeof(umass_bbb_cbw_t),
532 		.callback = &umass_t_bbb_command_callback,
533 		.timeout = 5000,	/* 5 seconds */
534 	},
535 
536 	[UMASS_T_BBB_DATA_READ] = {
537 		.type = UE_BULK,
538 		.endpoint = UE_ADDR_ANY,
539 		.direction = UE_DIR_IN,
540 		.bufsize = UMASS_BULK_SIZE,
541 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
542 		.callback = &umass_t_bbb_data_read_callback,
543 		.timeout = 0,	/* overwritten later */
544 	},
545 
546 	[UMASS_T_BBB_DATA_RD_CS] = {
547 		.type = UE_CONTROL,
548 		.endpoint = 0x00,	/* Control pipe */
549 		.direction = UE_DIR_ANY,
550 		.bufsize = sizeof(struct usb_device_request),
551 		.callback = &umass_t_bbb_data_rd_cs_callback,
552 		.timeout = 5000,	/* 5 seconds */
553 	},
554 
555 	[UMASS_T_BBB_DATA_WRITE] = {
556 		.type = UE_BULK,
557 		.endpoint = UE_ADDR_ANY,
558 		.direction = UE_DIR_OUT,
559 		.bufsize = UMASS_BULK_SIZE,
560 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
561 		.callback = &umass_t_bbb_data_write_callback,
562 		.timeout = 0,	/* overwritten later */
563 	},
564 
565 	[UMASS_T_BBB_DATA_WR_CS] = {
566 		.type = UE_CONTROL,
567 		.endpoint = 0x00,	/* Control pipe */
568 		.direction = UE_DIR_ANY,
569 		.bufsize = sizeof(struct usb_device_request),
570 		.callback = &umass_t_bbb_data_wr_cs_callback,
571 		.timeout = 5000,	/* 5 seconds */
572 	},
573 
574 	[UMASS_T_BBB_STATUS] = {
575 		.type = UE_BULK,
576 		.endpoint = UE_ADDR_ANY,
577 		.direction = UE_DIR_IN,
578 		.bufsize = sizeof(umass_bbb_csw_t),
579 		.flags = {.short_xfer_ok = 1,},
580 		.callback = &umass_t_bbb_status_callback,
581 		.timeout = 5000,	/* ms */
582 	},
583 };
584 
585 static struct usb_config umass_cbi_config[UMASS_T_CBI_MAX] = {
586 
587 	[UMASS_T_CBI_RESET1] = {
588 		.type = UE_CONTROL,
589 		.endpoint = 0x00,	/* Control pipe */
590 		.direction = UE_DIR_ANY,
591 		.bufsize = (sizeof(struct usb_device_request) +
592 		    UMASS_CBI_DIAGNOSTIC_CMDLEN),
593 		.callback = &umass_t_cbi_reset1_callback,
594 		.timeout = 5000,	/* 5 seconds */
595 		.interval = 500,	/* 500 milliseconds */
596 	},
597 
598 	[UMASS_T_CBI_RESET2] = {
599 		.type = UE_CONTROL,
600 		.endpoint = 0x00,	/* Control pipe */
601 		.direction = UE_DIR_ANY,
602 		.bufsize = sizeof(struct usb_device_request),
603 		.callback = &umass_t_cbi_reset2_callback,
604 		.timeout = 5000,	/* 5 seconds */
605 		.interval = 50,	/* 50 milliseconds */
606 	},
607 
608 	[UMASS_T_CBI_RESET3] = {
609 		.type = UE_CONTROL,
610 		.endpoint = 0x00,	/* Control pipe */
611 		.direction = UE_DIR_ANY,
612 		.bufsize = sizeof(struct usb_device_request),
613 		.callback = &umass_t_cbi_reset3_callback,
614 		.timeout = 5000,	/* 5 seconds */
615 		.interval = 50,	/* 50 milliseconds */
616 	},
617 
618 	[UMASS_T_CBI_COMMAND] = {
619 		.type = UE_CONTROL,
620 		.endpoint = 0x00,	/* Control pipe */
621 		.direction = UE_DIR_ANY,
622 		.bufsize = (sizeof(struct usb_device_request) +
623 		    UMASS_MAX_CMDLEN),
624 		.callback = &umass_t_cbi_command_callback,
625 		.timeout = 5000,	/* 5 seconds */
626 	},
627 
628 	[UMASS_T_CBI_DATA_READ] = {
629 		.type = UE_BULK,
630 		.endpoint = UE_ADDR_ANY,
631 		.direction = UE_DIR_IN,
632 		.bufsize = UMASS_BULK_SIZE,
633 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
634 		.callback = &umass_t_cbi_data_read_callback,
635 		.timeout = 0,	/* overwritten later */
636 	},
637 
638 	[UMASS_T_CBI_DATA_RD_CS] = {
639 		.type = UE_CONTROL,
640 		.endpoint = 0x00,	/* Control pipe */
641 		.direction = UE_DIR_ANY,
642 		.bufsize = sizeof(struct usb_device_request),
643 		.callback = &umass_t_cbi_data_rd_cs_callback,
644 		.timeout = 5000,	/* 5 seconds */
645 	},
646 
647 	[UMASS_T_CBI_DATA_WRITE] = {
648 		.type = UE_BULK,
649 		.endpoint = UE_ADDR_ANY,
650 		.direction = UE_DIR_OUT,
651 		.bufsize = UMASS_BULK_SIZE,
652 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
653 		.callback = &umass_t_cbi_data_write_callback,
654 		.timeout = 0,	/* overwritten later */
655 	},
656 
657 	[UMASS_T_CBI_DATA_WR_CS] = {
658 		.type = UE_CONTROL,
659 		.endpoint = 0x00,	/* Control pipe */
660 		.direction = UE_DIR_ANY,
661 		.bufsize = sizeof(struct usb_device_request),
662 		.callback = &umass_t_cbi_data_wr_cs_callback,
663 		.timeout = 5000,	/* 5 seconds */
664 	},
665 
666 	[UMASS_T_CBI_STATUS] = {
667 		.type = UE_INTERRUPT,
668 		.endpoint = UE_ADDR_ANY,
669 		.direction = UE_DIR_IN,
670 		.flags = {.short_xfer_ok = 1,.no_pipe_ok = 1,},
671 		.bufsize = sizeof(umass_cbi_sbl_t),
672 		.callback = &umass_t_cbi_status_callback,
673 		.timeout = 5000,	/* ms */
674 	},
675 
676 	[UMASS_T_CBI_RESET4] = {
677 		.type = UE_CONTROL,
678 		.endpoint = 0x00,	/* Control pipe */
679 		.direction = UE_DIR_ANY,
680 		.bufsize = sizeof(struct usb_device_request),
681 		.callback = &umass_t_cbi_reset4_callback,
682 		.timeout = 5000,	/* ms */
683 	},
684 };
685 
686 /* If device cannot return valid inquiry data, fake it */
687 static const uint8_t fake_inq_data[SHORT_INQUIRY_LENGTH] = {
688 	0, /* removable */ 0x80, SCSI_REV_2, SCSI_REV_2,
689 	 /* additional_length */ 31, 0, 0, 0
690 };
691 
692 #define	UFI_COMMAND_LENGTH	12	/* UFI commands are always 12 bytes */
693 #define	ATAPI_COMMAND_LENGTH	12	/* ATAPI commands are always 12 bytes */
694 
695 static devclass_t umass_devclass;
696 
697 static device_method_t umass_methods[] = {
698 	/* Device interface */
699 	DEVMETHOD(device_probe, umass_probe),
700 	DEVMETHOD(device_attach, umass_attach),
701 	DEVMETHOD(device_detach, umass_detach),
702 
703 	DEVMETHOD_END
704 };
705 
706 static driver_t umass_driver = {
707 	.name = "umass",
708 	.methods = umass_methods,
709 	.size = sizeof(struct umass_softc),
710 };
711 
712 static const STRUCT_USB_HOST_ID __used umass_devs[] = {
713 	/* generic mass storage class */
714 	{USB_IFACE_CLASS(UICLASS_MASS),},
715 };
716 
717 DRIVER_MODULE(umass, uhub, umass_driver, umass_devclass, NULL, 0);
718 MODULE_DEPEND(umass, usb, 1, 1, 1);
719 MODULE_DEPEND(umass, cam, 1, 1, 1);
720 MODULE_VERSION(umass, 1);
721 USB_PNP_HOST_INFO(umass_devs);
722 
723 /*
724  * USB device probe/attach/detach
725  */
726 
727 static uint16_t
728 umass_get_proto(struct usb_interface *iface)
729 {
730 	struct usb_interface_descriptor *id;
731 	uint16_t retval;
732 
733 	retval = 0;
734 
735 	/* Check for a standards compliant device */
736 	id = usbd_get_interface_descriptor(iface);
737 	if ((id == NULL) ||
738 	    (id->bInterfaceClass != UICLASS_MASS)) {
739 		goto done;
740 	}
741 	switch (id->bInterfaceSubClass) {
742 	case UISUBCLASS_SCSI:
743 		retval |= UMASS_PROTO_SCSI;
744 		break;
745 	case UISUBCLASS_UFI:
746 		retval |= UMASS_PROTO_UFI;
747 		break;
748 	case UISUBCLASS_RBC:
749 		retval |= UMASS_PROTO_RBC;
750 		break;
751 	case UISUBCLASS_SFF8020I:
752 	case UISUBCLASS_SFF8070I:
753 		retval |= UMASS_PROTO_ATAPI;
754 		break;
755 	default:
756 		goto done;
757 	}
758 
759 	switch (id->bInterfaceProtocol) {
760 	case UIPROTO_MASS_CBI:
761 		retval |= UMASS_PROTO_CBI;
762 		break;
763 	case UIPROTO_MASS_CBI_I:
764 		retval |= UMASS_PROTO_CBI_I;
765 		break;
766 	case UIPROTO_MASS_BBB_OLD:
767 	case UIPROTO_MASS_BBB:
768 		retval |= UMASS_PROTO_BBB;
769 		break;
770 	default:
771 		goto done;
772 	}
773 done:
774 	return (retval);
775 }
776 
777 /*
778  * Match the device we are seeing with the devices supported.
779  */
780 static struct umass_probe_proto
781 umass_probe_proto(device_t dev, struct usb_attach_arg *uaa)
782 {
783 	struct umass_probe_proto ret;
784 	uint32_t quirks = NO_QUIRKS;
785 	uint32_t proto = umass_get_proto(uaa->iface);
786 
787 	memset(&ret, 0, sizeof(ret));
788 	ret.error = BUS_PROBE_GENERIC;
789 
790 	/* Search for protocol enforcement */
791 
792 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_BBB)) {
793 		proto &= ~UMASS_PROTO_WIRE;
794 		proto |= UMASS_PROTO_BBB;
795 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI)) {
796 		proto &= ~UMASS_PROTO_WIRE;
797 		proto |= UMASS_PROTO_CBI;
798 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI_I)) {
799 		proto &= ~UMASS_PROTO_WIRE;
800 		proto |= UMASS_PROTO_CBI_I;
801 	}
802 
803 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_SCSI)) {
804 		proto &= ~UMASS_PROTO_COMMAND;
805 		proto |= UMASS_PROTO_SCSI;
806 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_ATAPI)) {
807 		proto &= ~UMASS_PROTO_COMMAND;
808 		proto |= UMASS_PROTO_ATAPI;
809 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_UFI)) {
810 		proto &= ~UMASS_PROTO_COMMAND;
811 		proto |= UMASS_PROTO_UFI;
812 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_RBC)) {
813 		proto &= ~UMASS_PROTO_COMMAND;
814 		proto |= UMASS_PROTO_RBC;
815 	}
816 
817 	/* Check if the protocol is invalid */
818 
819 	if ((proto & UMASS_PROTO_COMMAND) == 0) {
820 		ret.error = ENXIO;
821 		goto done;
822 	}
823 
824 	if ((proto & UMASS_PROTO_WIRE) == 0) {
825 		ret.error = ENXIO;
826 		goto done;
827 	}
828 
829 	/* Search for quirks */
830 
831 	if (usb_test_quirk(uaa, UQ_MSC_NO_TEST_UNIT_READY))
832 		quirks |= NO_TEST_UNIT_READY;
833 	if (usb_test_quirk(uaa, UQ_MSC_NO_RS_CLEAR_UA))
834 		quirks |= RS_NO_CLEAR_UA;
835 	if (usb_test_quirk(uaa, UQ_MSC_NO_START_STOP))
836 		quirks |= NO_START_STOP;
837 	if (usb_test_quirk(uaa, UQ_MSC_NO_GETMAXLUN))
838 		quirks |= NO_GETMAXLUN;
839 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY))
840 		quirks |= NO_INQUIRY;
841 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY_EVPD))
842 		quirks |= NO_INQUIRY_EVPD;
843 	if (usb_test_quirk(uaa, UQ_MSC_NO_PREVENT_ALLOW))
844 		quirks |= NO_PREVENT_ALLOW;
845 	if (usb_test_quirk(uaa, UQ_MSC_NO_SYNC_CACHE))
846 		quirks |= NO_SYNCHRONIZE_CACHE;
847 	if (usb_test_quirk(uaa, UQ_MSC_SHUTTLE_INIT))
848 		quirks |= SHUTTLE_INIT;
849 	if (usb_test_quirk(uaa, UQ_MSC_ALT_IFACE_1))
850 		quirks |= ALT_IFACE_1;
851 	if (usb_test_quirk(uaa, UQ_MSC_FLOPPY_SPEED))
852 		quirks |= FLOPPY_SPEED;
853 	if (usb_test_quirk(uaa, UQ_MSC_IGNORE_RESIDUE))
854 		quirks |= IGNORE_RESIDUE;
855 	if (usb_test_quirk(uaa, UQ_MSC_WRONG_CSWSIG))
856 		quirks |= WRONG_CSWSIG;
857 	if (usb_test_quirk(uaa, UQ_MSC_RBC_PAD_TO_12))
858 		quirks |= RBC_PAD_TO_12;
859 	if (usb_test_quirk(uaa, UQ_MSC_READ_CAP_OFFBY1))
860 		quirks |= READ_CAPACITY_OFFBY1;
861 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_SHORT_INQ))
862 		quirks |= FORCE_SHORT_INQUIRY;
863 
864 done:
865 	ret.quirks = quirks;
866 	ret.proto = proto;
867 	return (ret);
868 }
869 
870 static int
871 umass_probe(device_t dev)
872 {
873 	struct usb_attach_arg *uaa = device_get_ivars(dev);
874 	struct umass_probe_proto temp;
875 
876 	if (uaa->usb_mode != USB_MODE_HOST) {
877 		return (ENXIO);
878 	}
879 	temp = umass_probe_proto(dev, uaa);
880 
881 	return (temp.error);
882 }
883 
884 static int
885 umass_attach(device_t dev)
886 {
887 	struct umass_softc *sc = device_get_softc(dev);
888 	struct usb_attach_arg *uaa = device_get_ivars(dev);
889 	struct umass_probe_proto temp = umass_probe_proto(dev, uaa);
890 	struct usb_interface_descriptor *id;
891 	int err;
892 
893 	/*
894 	 * NOTE: the softc struct is cleared in device_set_driver.
895 	 * We can safely call umass_detach without specifically
896 	 * initializing the struct.
897 	 */
898 
899 	sc->sc_dev = dev;
900 	sc->sc_udev = uaa->device;
901 	sc->sc_proto = temp.proto;
902 	sc->sc_quirks = temp.quirks;
903 	sc->sc_unit = device_get_unit(dev);
904 
905 	snprintf(sc->sc_name, sizeof(sc->sc_name),
906 	    "%s", device_get_nameunit(dev));
907 
908 	device_set_usb_desc(dev);
909 
910         mtx_init(&sc->sc_mtx, device_get_nameunit(dev),
911 	    NULL, MTX_DEF | MTX_RECURSE);
912 
913 	/* get interface index */
914 
915 	id = usbd_get_interface_descriptor(uaa->iface);
916 	if (id == NULL) {
917 		device_printf(dev, "failed to get "
918 		    "interface number\n");
919 		goto detach;
920 	}
921 	sc->sc_iface_no = id->bInterfaceNumber;
922 
923 #ifdef USB_DEBUG
924 	device_printf(dev, " ");
925 
926 	switch (sc->sc_proto & UMASS_PROTO_COMMAND) {
927 	case UMASS_PROTO_SCSI:
928 		printf("SCSI");
929 		break;
930 	case UMASS_PROTO_ATAPI:
931 		printf("8070i (ATAPI)");
932 		break;
933 	case UMASS_PROTO_UFI:
934 		printf("UFI");
935 		break;
936 	case UMASS_PROTO_RBC:
937 		printf("RBC");
938 		break;
939 	default:
940 		printf("(unknown 0x%02x)",
941 		    sc->sc_proto & UMASS_PROTO_COMMAND);
942 		break;
943 	}
944 
945 	printf(" over ");
946 
947 	switch (sc->sc_proto & UMASS_PROTO_WIRE) {
948 	case UMASS_PROTO_BBB:
949 		printf("Bulk-Only");
950 		break;
951 	case UMASS_PROTO_CBI:		/* uses Comand/Bulk pipes */
952 		printf("CBI");
953 		break;
954 	case UMASS_PROTO_CBI_I:	/* uses Comand/Bulk/Interrupt pipes */
955 		printf("CBI with CCI");
956 		break;
957 	default:
958 		printf("(unknown 0x%02x)",
959 		    sc->sc_proto & UMASS_PROTO_WIRE);
960 	}
961 
962 	printf("; quirks = 0x%04x\n", sc->sc_quirks);
963 #endif
964 
965 	if (sc->sc_quirks & ALT_IFACE_1) {
966 		err = usbd_set_alt_interface_index
967 		    (uaa->device, uaa->info.bIfaceIndex, 1);
968 
969 		if (err) {
970 			DPRINTF(sc, UDMASS_USB, "could not switch to "
971 			    "Alt Interface 1\n");
972 			goto detach;
973 		}
974 	}
975 	/* allocate all required USB transfers */
976 
977 	if (sc->sc_proto & UMASS_PROTO_BBB) {
978 
979 		err = usbd_transfer_setup(uaa->device,
980 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_bbb_config,
981 		    UMASS_T_BBB_MAX, sc, &sc->sc_mtx);
982 
983 		/* skip reset first time */
984 		sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
985 
986 	} else if (sc->sc_proto & (UMASS_PROTO_CBI | UMASS_PROTO_CBI_I)) {
987 
988 		err = usbd_transfer_setup(uaa->device,
989 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_cbi_config,
990 		    UMASS_T_CBI_MAX, sc, &sc->sc_mtx);
991 
992 		/* skip reset first time */
993 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
994 
995 	} else {
996 		err = USB_ERR_INVAL;
997 	}
998 
999 	if (err) {
1000 		device_printf(dev, "could not setup required "
1001 		    "transfers, %s\n", usbd_errstr(err));
1002 		goto detach;
1003 	}
1004 #ifdef USB_DEBUG
1005 	if (umass_throttle > 0) {
1006 		uint8_t x;
1007 		int iv;
1008 
1009 		iv = umass_throttle;
1010 
1011 		if (iv < 1)
1012 			iv = 1;
1013 		else if (iv > 8000)
1014 			iv = 8000;
1015 
1016 		for (x = 0; x != UMASS_T_MAX; x++) {
1017 			if (sc->sc_xfer[x] != NULL)
1018 				usbd_xfer_set_interval(sc->sc_xfer[x], iv);
1019 		}
1020 	}
1021 #endif
1022 	sc->sc_transform =
1023 	    (sc->sc_proto & UMASS_PROTO_SCSI) ? &umass_scsi_transform :
1024 	    (sc->sc_proto & UMASS_PROTO_UFI) ? &umass_ufi_transform :
1025 	    (sc->sc_proto & UMASS_PROTO_ATAPI) ? &umass_atapi_transform :
1026 	    (sc->sc_proto & UMASS_PROTO_RBC) ? &umass_rbc_transform :
1027 	    &umass_no_transform;
1028 
1029 	/* from here onwards the device can be used. */
1030 
1031 	if (sc->sc_quirks & SHUTTLE_INIT) {
1032 		umass_init_shuttle(sc);
1033 	}
1034 	/* get the maximum LUN supported by the device */
1035 
1036 	if (((sc->sc_proto & UMASS_PROTO_WIRE) == UMASS_PROTO_BBB) &&
1037 	    !(sc->sc_quirks & NO_GETMAXLUN))
1038 		sc->sc_maxlun = umass_bbb_get_max_lun(sc);
1039 	else
1040 		sc->sc_maxlun = 0;
1041 
1042 	/* Prepare the SCSI command block */
1043 	sc->cam_scsi_sense.opcode = REQUEST_SENSE;
1044 	sc->cam_scsi_test_unit_ready.opcode = TEST_UNIT_READY;
1045 
1046 	/* register the SIM */
1047 	err = umass_cam_attach_sim(sc);
1048 	if (err) {
1049 		goto detach;
1050 	}
1051 	/* scan the SIM */
1052 	umass_cam_attach(sc);
1053 
1054 	DPRINTF(sc, UDMASS_GEN, "Attach finished\n");
1055 
1056 	return (0);			/* success */
1057 
1058 detach:
1059 	umass_detach(dev);
1060 	return (ENXIO);			/* failure */
1061 }
1062 
1063 static int
1064 umass_detach(device_t dev)
1065 {
1066 	struct umass_softc *sc = device_get_softc(dev);
1067 
1068 	DPRINTF(sc, UDMASS_USB, "\n");
1069 
1070 	/* teardown our statemachine */
1071 
1072 	usbd_transfer_unsetup(sc->sc_xfer, UMASS_T_MAX);
1073 
1074 	mtx_lock(&sc->sc_mtx);
1075 
1076 	/* cancel any leftover CCB's */
1077 
1078 	umass_cancel_ccb(sc);
1079 
1080 	umass_cam_detach_sim(sc);
1081 
1082 	mtx_unlock(&sc->sc_mtx);
1083 
1084 	mtx_destroy(&sc->sc_mtx);
1085 
1086 	return (0);			/* success */
1087 }
1088 
1089 static void
1090 umass_init_shuttle(struct umass_softc *sc)
1091 {
1092 	struct usb_device_request req;
1093 	uint8_t status[2] = {0, 0};
1094 
1095 	/*
1096 	 * The Linux driver does this, but no one can tell us what the
1097 	 * command does.
1098 	 */
1099 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
1100 	req.bRequest = 1;		/* XXX unknown command */
1101 	USETW(req.wValue, 0);
1102 	req.wIndex[0] = sc->sc_iface_no;
1103 	req.wIndex[1] = 0;
1104 	USETW(req.wLength, sizeof(status));
1105 	usbd_do_request(sc->sc_udev, NULL, &req, &status);
1106 
1107 	DPRINTF(sc, UDMASS_GEN, "Shuttle init returned 0x%02x%02x\n",
1108 	    status[0], status[1]);
1109 }
1110 
1111 /*
1112  * Generic functions to handle transfers
1113  */
1114 
1115 static void
1116 umass_transfer_start(struct umass_softc *sc, uint8_t xfer_index)
1117 {
1118 	DPRINTF(sc, UDMASS_GEN, "transfer index = "
1119 	    "%d\n", xfer_index);
1120 
1121 	if (sc->sc_xfer[xfer_index]) {
1122 		sc->sc_last_xfer_index = xfer_index;
1123 		usbd_transfer_start(sc->sc_xfer[xfer_index]);
1124 	} else {
1125 		umass_cancel_ccb(sc);
1126 	}
1127 }
1128 
1129 static void
1130 umass_reset(struct umass_softc *sc)
1131 {
1132 	DPRINTF(sc, UDMASS_GEN, "resetting device\n");
1133 
1134 	/*
1135 	 * stop the last transfer, if not already stopped:
1136 	 */
1137 	usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
1138 	umass_transfer_start(sc, 0);
1139 }
1140 
1141 static void
1142 umass_cancel_ccb(struct umass_softc *sc)
1143 {
1144 	union ccb *ccb;
1145 
1146 	USB_MTX_ASSERT(&sc->sc_mtx, MA_OWNED);
1147 
1148 	ccb = sc->sc_transfer.ccb;
1149 	sc->sc_transfer.ccb = NULL;
1150 	sc->sc_last_xfer_index = 0;
1151 
1152 	if (ccb) {
1153 		(sc->sc_transfer.callback)
1154 		    (sc, ccb, (sc->sc_transfer.data_len -
1155 		    sc->sc_transfer.actlen), STATUS_WIRE_FAILED);
1156 	}
1157 }
1158 
1159 static void
1160 umass_tr_error(struct usb_xfer *xfer, usb_error_t error)
1161 {
1162 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1163 
1164 	if (error != USB_ERR_CANCELLED) {
1165 
1166 		DPRINTF(sc, UDMASS_GEN, "transfer error, %s -> "
1167 		    "reset\n", usbd_errstr(error));
1168 	}
1169 	umass_cancel_ccb(sc);
1170 }
1171 
1172 /*
1173  * BBB protocol specific functions
1174  */
1175 
1176 static void
1177 umass_t_bbb_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1178 {
1179 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1180 	struct usb_device_request req;
1181 	struct usb_page_cache *pc;
1182 
1183 	switch (USB_GET_STATE(xfer)) {
1184 	case USB_ST_TRANSFERRED:
1185 		umass_transfer_start(sc, UMASS_T_BBB_RESET2);
1186 		return;
1187 
1188 	case USB_ST_SETUP:
1189 		/*
1190 		 * Reset recovery (5.3.4 in Universal Serial Bus Mass Storage Class)
1191 		 *
1192 		 * For Reset Recovery the host shall issue in the following order:
1193 		 * a) a Bulk-Only Mass Storage Reset
1194 		 * b) a Clear Feature HALT to the Bulk-In endpoint
1195 		 * c) a Clear Feature HALT to the Bulk-Out endpoint
1196 		 *
1197 		 * This is done in 3 steps, using 3 transfers:
1198 		 * UMASS_T_BBB_RESET1
1199 		 * UMASS_T_BBB_RESET2
1200 		 * UMASS_T_BBB_RESET3
1201 		 */
1202 
1203 		DPRINTF(sc, UDMASS_BBB, "BBB reset!\n");
1204 
1205 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1206 		req.bRequest = UR_BBB_RESET;	/* bulk only reset */
1207 		USETW(req.wValue, 0);
1208 		req.wIndex[0] = sc->sc_iface_no;
1209 		req.wIndex[1] = 0;
1210 		USETW(req.wLength, 0);
1211 
1212 		pc = usbd_xfer_get_frame(xfer, 0);
1213 		usbd_copy_in(pc, 0, &req, sizeof(req));
1214 
1215 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1216 		usbd_xfer_set_frames(xfer, 1);
1217 		usbd_transfer_submit(xfer);
1218 		return;
1219 
1220 	default:			/* Error */
1221 		umass_tr_error(xfer, error);
1222 		return;
1223 	}
1224 }
1225 
1226 static void
1227 umass_t_bbb_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1228 {
1229 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_RESET3,
1230 	    UMASS_T_BBB_DATA_READ, error);
1231 }
1232 
1233 static void
1234 umass_t_bbb_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1235 {
1236 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_COMMAND,
1237 	    UMASS_T_BBB_DATA_WRITE, error);
1238 }
1239 
1240 static void
1241 umass_t_bbb_data_clear_stall_callback(struct usb_xfer *xfer,
1242     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1243 {
1244 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1245 
1246 	switch (USB_GET_STATE(xfer)) {
1247 	case USB_ST_TRANSFERRED:
1248 tr_transferred:
1249 		umass_transfer_start(sc, next_xfer);
1250 		return;
1251 
1252 	case USB_ST_SETUP:
1253 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1254 			goto tr_transferred;
1255 		}
1256 		return;
1257 
1258 	default:			/* Error */
1259 		umass_tr_error(xfer, error);
1260 		return;
1261 	}
1262 }
1263 
1264 static void
1265 umass_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
1266 {
1267 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1268 	union ccb *ccb = sc->sc_transfer.ccb;
1269 	struct usb_page_cache *pc;
1270 	uint32_t tag;
1271 
1272 	switch (USB_GET_STATE(xfer)) {
1273 	case USB_ST_TRANSFERRED:
1274 		umass_transfer_start
1275 		    (sc, ((sc->sc_transfer.dir == DIR_IN) ? UMASS_T_BBB_DATA_READ :
1276 		    (sc->sc_transfer.dir == DIR_OUT) ? UMASS_T_BBB_DATA_WRITE :
1277 		    UMASS_T_BBB_STATUS));
1278 		return;
1279 
1280 	case USB_ST_SETUP:
1281 
1282 		sc->sc_status_try = 0;
1283 
1284 		if (ccb) {
1285 
1286 			/*
1287 		         * the initial value is not important,
1288 		         * as long as the values are unique:
1289 		         */
1290 			tag = UGETDW(sc->cbw.dCBWTag) + 1;
1291 
1292 			USETDW(sc->cbw.dCBWSignature, CBWSIGNATURE);
1293 			USETDW(sc->cbw.dCBWTag, tag);
1294 
1295 			/*
1296 		         * dCBWDataTransferLength:
1297 		         *   This field indicates the number of bytes of data that the host
1298 		         *   intends to transfer on the IN or OUT Bulk endpoint(as indicated by
1299 		         *   the Direction bit) during the execution of this command. If this
1300 		         *   field is set to 0, the device will expect that no data will be
1301 		         *   transferred IN or OUT during this command, regardless of the value
1302 		         *   of the Direction bit defined in dCBWFlags.
1303 		         */
1304 			USETDW(sc->cbw.dCBWDataTransferLength, sc->sc_transfer.data_len);
1305 
1306 			/*
1307 		         * dCBWFlags:
1308 		         *   The bits of the Flags field are defined as follows:
1309 		         *     Bits 0-6  reserved
1310 		         *     Bit  7    Direction - this bit shall be ignored if the
1311 		         *                           dCBWDataTransferLength field is zero.
1312 		         *               0 = data Out from host to device
1313 		         *               1 = data In from device to host
1314 		         */
1315 			sc->cbw.bCBWFlags = ((sc->sc_transfer.dir == DIR_IN) ?
1316 			    CBWFLAGS_IN : CBWFLAGS_OUT);
1317 			sc->cbw.bCBWLUN = sc->sc_transfer.lun;
1318 
1319 			if (sc->sc_transfer.cmd_len > sizeof(sc->cbw.CBWCDB)) {
1320 				sc->sc_transfer.cmd_len = sizeof(sc->cbw.CBWCDB);
1321 				DPRINTF(sc, UDMASS_BBB, "Truncating long command!\n");
1322 			}
1323 			sc->cbw.bCDBLength = sc->sc_transfer.cmd_len;
1324 
1325 			/* copy SCSI command data */
1326 			memcpy(sc->cbw.CBWCDB, sc->sc_transfer.cmd_data,
1327 			    sc->sc_transfer.cmd_len);
1328 
1329 			/* clear remaining command area */
1330 			memset(sc->cbw.CBWCDB +
1331 			    sc->sc_transfer.cmd_len, 0,
1332 			    sizeof(sc->cbw.CBWCDB) -
1333 			    sc->sc_transfer.cmd_len);
1334 
1335 			DIF(UDMASS_BBB, umass_bbb_dump_cbw(sc, &sc->cbw));
1336 
1337 			pc = usbd_xfer_get_frame(xfer, 0);
1338 			usbd_copy_in(pc, 0, &sc->cbw, sizeof(sc->cbw));
1339 			usbd_xfer_set_frame_len(xfer, 0, sizeof(sc->cbw));
1340 
1341 			usbd_transfer_submit(xfer);
1342 		}
1343 		return;
1344 
1345 	default:			/* Error */
1346 		umass_tr_error(xfer, error);
1347 		return;
1348 	}
1349 }
1350 
1351 static void
1352 umass_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1353 {
1354 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1355 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1356 	int actlen, sumlen;
1357 
1358 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1359 
1360 	switch (USB_GET_STATE(xfer)) {
1361 	case USB_ST_TRANSFERRED:
1362 		sc->sc_transfer.data_rem -= actlen;
1363 		sc->sc_transfer.data_ptr += actlen;
1364 		sc->sc_transfer.actlen += actlen;
1365 
1366 		if (actlen < sumlen) {
1367 			/* short transfer */
1368 			sc->sc_transfer.data_rem = 0;
1369 		}
1370 	case USB_ST_SETUP:
1371 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1372 		    max_bulk, sc->sc_transfer.data_rem);
1373 
1374 		if (sc->sc_transfer.data_rem == 0) {
1375 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1376 			return;
1377 		}
1378 		if (max_bulk > sc->sc_transfer.data_rem) {
1379 			max_bulk = sc->sc_transfer.data_rem;
1380 		}
1381 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1382 
1383 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1384 		    max_bulk);
1385 
1386 		usbd_transfer_submit(xfer);
1387 		return;
1388 
1389 	default:			/* Error */
1390 		if (error == USB_ERR_CANCELLED) {
1391 			umass_tr_error(xfer, error);
1392 		} else {
1393 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1394 		}
1395 		return;
1396 	}
1397 }
1398 
1399 static void
1400 umass_t_bbb_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1401 {
1402 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1403 	    UMASS_T_BBB_DATA_READ, error);
1404 }
1405 
1406 static void
1407 umass_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1408 {
1409 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1410 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1411 	int actlen, sumlen;
1412 
1413 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1414 
1415 	switch (USB_GET_STATE(xfer)) {
1416 	case USB_ST_TRANSFERRED:
1417 		sc->sc_transfer.data_rem -= actlen;
1418 		sc->sc_transfer.data_ptr += actlen;
1419 		sc->sc_transfer.actlen += actlen;
1420 
1421 		if (actlen < sumlen) {
1422 			/* short transfer */
1423 			sc->sc_transfer.data_rem = 0;
1424 		}
1425 	case USB_ST_SETUP:
1426 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1427 		    max_bulk, sc->sc_transfer.data_rem);
1428 
1429 		if (sc->sc_transfer.data_rem == 0) {
1430 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1431 			return;
1432 		}
1433 		if (max_bulk > sc->sc_transfer.data_rem) {
1434 			max_bulk = sc->sc_transfer.data_rem;
1435 		}
1436 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1437 
1438 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1439 		    max_bulk);
1440 
1441 		usbd_transfer_submit(xfer);
1442 		return;
1443 
1444 	default:			/* Error */
1445 		if (error == USB_ERR_CANCELLED) {
1446 			umass_tr_error(xfer, error);
1447 		} else {
1448 			umass_transfer_start(sc, UMASS_T_BBB_DATA_WR_CS);
1449 		}
1450 		return;
1451 	}
1452 }
1453 
1454 static void
1455 umass_t_bbb_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1456 {
1457 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1458 	    UMASS_T_BBB_DATA_WRITE, error);
1459 }
1460 
1461 static void
1462 umass_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
1463 {
1464 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1465 	union ccb *ccb = sc->sc_transfer.ccb;
1466 	struct usb_page_cache *pc;
1467 	uint32_t residue;
1468 	int actlen;
1469 
1470 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1471 
1472 	switch (USB_GET_STATE(xfer)) {
1473 	case USB_ST_TRANSFERRED:
1474 
1475 		/*
1476 		 * Do a full reset if there is something wrong with the CSW:
1477 		 */
1478 		sc->sc_status_try = 1;
1479 
1480 		/* Zero missing parts of the CSW: */
1481 
1482 		if (actlen < (int)sizeof(sc->csw))
1483 			memset(&sc->csw, 0, sizeof(sc->csw));
1484 
1485 		pc = usbd_xfer_get_frame(xfer, 0);
1486 		usbd_copy_out(pc, 0, &sc->csw, actlen);
1487 
1488 		DIF(UDMASS_BBB, umass_bbb_dump_csw(sc, &sc->csw));
1489 
1490 		residue = UGETDW(sc->csw.dCSWDataResidue);
1491 
1492 		if ((!residue) || (sc->sc_quirks & IGNORE_RESIDUE)) {
1493 			residue = (sc->sc_transfer.data_len -
1494 			    sc->sc_transfer.actlen);
1495 		}
1496 		if (residue > sc->sc_transfer.data_len) {
1497 			DPRINTF(sc, UDMASS_BBB, "truncating residue from %d "
1498 			    "to %d bytes\n", residue, sc->sc_transfer.data_len);
1499 			residue = sc->sc_transfer.data_len;
1500 		}
1501 		/* translate weird command-status signatures: */
1502 		if (sc->sc_quirks & WRONG_CSWSIG) {
1503 
1504 			uint32_t temp = UGETDW(sc->csw.dCSWSignature);
1505 
1506 			if ((temp == CSWSIGNATURE_OLYMPUS_C1) ||
1507 			    (temp == CSWSIGNATURE_IMAGINATION_DBX1)) {
1508 				USETDW(sc->csw.dCSWSignature, CSWSIGNATURE);
1509 			}
1510 		}
1511 		/* check CSW and handle eventual error */
1512 		if (UGETDW(sc->csw.dCSWSignature) != CSWSIGNATURE) {
1513 			DPRINTF(sc, UDMASS_BBB, "bad CSW signature 0x%08x != 0x%08x\n",
1514 			    UGETDW(sc->csw.dCSWSignature), CSWSIGNATURE);
1515 			/*
1516 			 * Invalid CSW: Wrong signature or wrong tag might
1517 			 * indicate that we lost synchronization. Reset the
1518 			 * device.
1519 			 */
1520 			goto tr_error;
1521 		} else if (UGETDW(sc->csw.dCSWTag) != UGETDW(sc->cbw.dCBWTag)) {
1522 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: tag 0x%08x should be "
1523 			    "0x%08x\n", UGETDW(sc->csw.dCSWTag),
1524 			    UGETDW(sc->cbw.dCBWTag));
1525 			goto tr_error;
1526 		} else if (sc->csw.bCSWStatus > CSWSTATUS_PHASE) {
1527 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: status %d > %d\n",
1528 			    sc->csw.bCSWStatus, CSWSTATUS_PHASE);
1529 			goto tr_error;
1530 		} else if (sc->csw.bCSWStatus == CSWSTATUS_PHASE) {
1531 			DPRINTF(sc, UDMASS_BBB, "Phase error, residue = "
1532 			    "%d\n", residue);
1533 			goto tr_error;
1534 		} else if (sc->sc_transfer.actlen > sc->sc_transfer.data_len) {
1535 			DPRINTF(sc, UDMASS_BBB, "Buffer overrun %d > %d\n",
1536 			    sc->sc_transfer.actlen, sc->sc_transfer.data_len);
1537 			goto tr_error;
1538 		} else if (sc->csw.bCSWStatus == CSWSTATUS_FAILED) {
1539 			DPRINTF(sc, UDMASS_BBB, "Command failed, residue = "
1540 			    "%d\n", residue);
1541 
1542 			sc->sc_transfer.ccb = NULL;
1543 
1544 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1545 
1546 			(sc->sc_transfer.callback)
1547 			    (sc, ccb, residue, STATUS_CMD_FAILED);
1548 		} else {
1549 			sc->sc_transfer.ccb = NULL;
1550 
1551 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1552 
1553 			(sc->sc_transfer.callback)
1554 			    (sc, ccb, residue, STATUS_CMD_OK);
1555 		}
1556 		return;
1557 
1558 	case USB_ST_SETUP:
1559 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1560 		usbd_transfer_submit(xfer);
1561 		return;
1562 
1563 	default:
1564 tr_error:
1565 		DPRINTF(sc, UDMASS_BBB, "Failed to read CSW: %s, try %d\n",
1566 		    usbd_errstr(error), sc->sc_status_try);
1567 
1568 		if ((error == USB_ERR_CANCELLED) ||
1569 		    (sc->sc_status_try)) {
1570 			umass_tr_error(xfer, error);
1571 		} else {
1572 			sc->sc_status_try = 1;
1573 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1574 		}
1575 		return;
1576 	}
1577 }
1578 
1579 static void
1580 umass_command_start(struct umass_softc *sc, uint8_t dir,
1581     void *data_ptr, uint32_t data_len,
1582     uint32_t data_timeout, umass_callback_t *callback,
1583     union ccb *ccb)
1584 {
1585 	sc->sc_transfer.lun = ccb->ccb_h.target_lun;
1586 
1587 	/*
1588 	 * NOTE: assumes that "sc->sc_transfer.cmd_data" and
1589 	 * "sc->sc_transfer.cmd_len" has been properly
1590 	 * initialized.
1591 	 */
1592 
1593 	sc->sc_transfer.dir = data_len ? dir : DIR_NONE;
1594 	sc->sc_transfer.data_ptr = data_ptr;
1595 	sc->sc_transfer.data_len = data_len;
1596 	sc->sc_transfer.data_rem = data_len;
1597 	sc->sc_transfer.data_timeout = (data_timeout + UMASS_TIMEOUT);
1598 
1599 	sc->sc_transfer.actlen = 0;
1600 	sc->sc_transfer.callback = callback;
1601 	sc->sc_transfer.ccb = ccb;
1602 
1603 	if (sc->sc_xfer[sc->sc_last_xfer_index]) {
1604 		usbd_transfer_start(sc->sc_xfer[sc->sc_last_xfer_index]);
1605 	} else {
1606 		umass_cancel_ccb(sc);
1607 	}
1608 }
1609 
1610 static uint8_t
1611 umass_bbb_get_max_lun(struct umass_softc *sc)
1612 {
1613 	struct usb_device_request req;
1614 	usb_error_t err;
1615 	uint8_t buf = 0;
1616 
1617 	/* The Get Max Lun command is a class-specific request. */
1618 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1619 	req.bRequest = UR_BBB_GET_MAX_LUN;
1620 	USETW(req.wValue, 0);
1621 	req.wIndex[0] = sc->sc_iface_no;
1622 	req.wIndex[1] = 0;
1623 	USETW(req.wLength, 1);
1624 
1625 	err = usbd_do_request(sc->sc_udev, NULL, &req, &buf);
1626 	if (err) {
1627 		buf = 0;
1628 
1629 		/* Device doesn't support Get Max Lun request. */
1630 		printf("%s: Get Max Lun not supported (%s)\n",
1631 		    sc->sc_name, usbd_errstr(err));
1632 	}
1633 	return (buf);
1634 }
1635 
1636 /*
1637  * Command/Bulk/Interrupt (CBI) specific functions
1638  */
1639 
1640 static void
1641 umass_cbi_start_status(struct umass_softc *sc)
1642 {
1643 	if (sc->sc_xfer[UMASS_T_CBI_STATUS]) {
1644 		umass_transfer_start(sc, UMASS_T_CBI_STATUS);
1645 	} else {
1646 		union ccb *ccb = sc->sc_transfer.ccb;
1647 
1648 		sc->sc_transfer.ccb = NULL;
1649 
1650 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1651 
1652 		(sc->sc_transfer.callback)
1653 		    (sc, ccb, (sc->sc_transfer.data_len -
1654 		    sc->sc_transfer.actlen), STATUS_CMD_UNKNOWN);
1655 	}
1656 }
1657 
1658 static void
1659 umass_t_cbi_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1660 {
1661 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1662 	struct usb_device_request req;
1663 	struct usb_page_cache *pc;
1664 	uint8_t buf[UMASS_CBI_DIAGNOSTIC_CMDLEN];
1665 
1666 	uint8_t i;
1667 
1668 	switch (USB_GET_STATE(xfer)) {
1669 	case USB_ST_TRANSFERRED:
1670 		umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1671 		break;
1672 
1673 	case USB_ST_SETUP:
1674 		/*
1675 		 * Command Block Reset Protocol
1676 		 *
1677 		 * First send a reset request to the device. Then clear
1678 		 * any possibly stalled bulk endpoints.
1679 		 *
1680 		 * This is done in 3 steps, using 3 transfers:
1681 		 * UMASS_T_CBI_RESET1
1682 		 * UMASS_T_CBI_RESET2
1683 		 * UMASS_T_CBI_RESET3
1684 		 * UMASS_T_CBI_RESET4 (only if there is an interrupt endpoint)
1685 		 */
1686 
1687 		DPRINTF(sc, UDMASS_CBI, "CBI reset!\n");
1688 
1689 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1690 		req.bRequest = UR_CBI_ADSC;
1691 		USETW(req.wValue, 0);
1692 		req.wIndex[0] = sc->sc_iface_no;
1693 		req.wIndex[1] = 0;
1694 		USETW(req.wLength, UMASS_CBI_DIAGNOSTIC_CMDLEN);
1695 
1696 		/*
1697 		 * The 0x1d code is the SEND DIAGNOSTIC command. To
1698 		 * distinguish between the two, the last 10 bytes of the CBL
1699 		 * is filled with 0xff (section 2.2 of the CBI
1700 		 * specification)
1701 		 */
1702 		buf[0] = 0x1d;		/* Command Block Reset */
1703 		buf[1] = 0x04;
1704 
1705 		for (i = 2; i < UMASS_CBI_DIAGNOSTIC_CMDLEN; i++) {
1706 			buf[i] = 0xff;
1707 		}
1708 
1709 		pc = usbd_xfer_get_frame(xfer, 0);
1710 		usbd_copy_in(pc, 0, &req, sizeof(req));
1711 		pc = usbd_xfer_get_frame(xfer, 1);
1712 		usbd_copy_in(pc, 0, buf, sizeof(buf));
1713 
1714 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1715 		usbd_xfer_set_frame_len(xfer, 1, sizeof(buf));
1716 		usbd_xfer_set_frames(xfer, 2);
1717 		usbd_transfer_submit(xfer);
1718 		break;
1719 
1720 	default:			/* Error */
1721 		if (error == USB_ERR_CANCELLED)
1722 			umass_tr_error(xfer, error);
1723 		else
1724 			umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1725 		break;
1726 	}
1727 }
1728 
1729 static void
1730 umass_t_cbi_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1731 {
1732 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_RESET3,
1733 	    UMASS_T_CBI_DATA_READ, error);
1734 }
1735 
1736 static void
1737 umass_t_cbi_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1738 {
1739 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1740 
1741 	umass_t_cbi_data_clear_stall_callback
1742 	    (xfer, (sc->sc_xfer[UMASS_T_CBI_RESET4] &&
1743 	    sc->sc_xfer[UMASS_T_CBI_STATUS]) ?
1744 	    UMASS_T_CBI_RESET4 : UMASS_T_CBI_COMMAND,
1745 	    UMASS_T_CBI_DATA_WRITE, error);
1746 }
1747 
1748 static void
1749 umass_t_cbi_reset4_callback(struct usb_xfer *xfer, usb_error_t error)
1750 {
1751 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_COMMAND,
1752 	    UMASS_T_CBI_STATUS, error);
1753 }
1754 
1755 static void
1756 umass_t_cbi_data_clear_stall_callback(struct usb_xfer *xfer,
1757     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1758 {
1759 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1760 
1761 	switch (USB_GET_STATE(xfer)) {
1762 	case USB_ST_TRANSFERRED:
1763 tr_transferred:
1764 		if (next_xfer == UMASS_T_CBI_STATUS) {
1765 			umass_cbi_start_status(sc);
1766 		} else {
1767 			umass_transfer_start(sc, next_xfer);
1768 		}
1769 		break;
1770 
1771 	case USB_ST_SETUP:
1772 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1773 			goto tr_transferred;	/* should not happen */
1774 		}
1775 		break;
1776 
1777 	default:			/* Error */
1778 		umass_tr_error(xfer, error);
1779 		break;
1780 	}
1781 }
1782 
1783 static void
1784 umass_t_cbi_command_callback(struct usb_xfer *xfer, usb_error_t error)
1785 {
1786 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1787 	union ccb *ccb = sc->sc_transfer.ccb;
1788 	struct usb_device_request req;
1789 	struct usb_page_cache *pc;
1790 
1791 	switch (USB_GET_STATE(xfer)) {
1792 	case USB_ST_TRANSFERRED:
1793 
1794 		if (sc->sc_transfer.dir == DIR_NONE) {
1795 			umass_cbi_start_status(sc);
1796 		} else {
1797 			umass_transfer_start
1798 			    (sc, (sc->sc_transfer.dir == DIR_IN) ?
1799 			    UMASS_T_CBI_DATA_READ : UMASS_T_CBI_DATA_WRITE);
1800 		}
1801 		break;
1802 
1803 	case USB_ST_SETUP:
1804 
1805 		if (ccb) {
1806 
1807 			/*
1808 		         * do a CBI transfer with cmd_len bytes from
1809 		         * cmd_data, possibly a data phase of data_len
1810 		         * bytes from/to the device and finally a status
1811 		         * read phase.
1812 		         */
1813 
1814 			req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1815 			req.bRequest = UR_CBI_ADSC;
1816 			USETW(req.wValue, 0);
1817 			req.wIndex[0] = sc->sc_iface_no;
1818 			req.wIndex[1] = 0;
1819 			req.wLength[0] = sc->sc_transfer.cmd_len;
1820 			req.wLength[1] = 0;
1821 
1822 			pc = usbd_xfer_get_frame(xfer, 0);
1823 			usbd_copy_in(pc, 0, &req, sizeof(req));
1824 			pc = usbd_xfer_get_frame(xfer, 1);
1825 			usbd_copy_in(pc, 0, sc->sc_transfer.cmd_data,
1826 			    sc->sc_transfer.cmd_len);
1827 
1828 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1829 			usbd_xfer_set_frame_len(xfer, 1, sc->sc_transfer.cmd_len);
1830 			usbd_xfer_set_frames(xfer,
1831 			    sc->sc_transfer.cmd_len ? 2 : 1);
1832 
1833 			DIF(UDMASS_CBI,
1834 			    umass_cbi_dump_cmd(sc,
1835 			    sc->sc_transfer.cmd_data,
1836 			    sc->sc_transfer.cmd_len));
1837 
1838 			usbd_transfer_submit(xfer);
1839 		}
1840 		break;
1841 
1842 	default:			/* Error */
1843 		/*
1844 		 * STALL on the control pipe can be result of the command error.
1845 		 * Attempt to clear this STALL same as for bulk pipe also
1846 		 * results in command completion interrupt, but ASC/ASCQ there
1847 		 * look like not always valid, so don't bother about it.
1848 		 */
1849 		if ((error == USB_ERR_STALLED) ||
1850 		    (sc->sc_transfer.callback == &umass_cam_cb)) {
1851 			sc->sc_transfer.ccb = NULL;
1852 			(sc->sc_transfer.callback)
1853 			    (sc, ccb, sc->sc_transfer.data_len,
1854 			    STATUS_CMD_UNKNOWN);
1855 		} else {
1856 			umass_tr_error(xfer, error);
1857 			/* skip reset */
1858 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1859 		}
1860 		break;
1861 	}
1862 }
1863 
1864 static void
1865 umass_t_cbi_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1866 {
1867 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1868 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1869 	int actlen, sumlen;
1870 
1871 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1872 
1873 	switch (USB_GET_STATE(xfer)) {
1874 	case USB_ST_TRANSFERRED:
1875 		sc->sc_transfer.data_rem -= actlen;
1876 		sc->sc_transfer.data_ptr += actlen;
1877 		sc->sc_transfer.actlen += actlen;
1878 
1879 		if (actlen < sumlen) {
1880 			/* short transfer */
1881 			sc->sc_transfer.data_rem = 0;
1882 		}
1883 	case USB_ST_SETUP:
1884 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1885 		    max_bulk, sc->sc_transfer.data_rem);
1886 
1887 		if (sc->sc_transfer.data_rem == 0) {
1888 			umass_cbi_start_status(sc);
1889 			break;
1890 		}
1891 		if (max_bulk > sc->sc_transfer.data_rem) {
1892 			max_bulk = sc->sc_transfer.data_rem;
1893 		}
1894 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1895 
1896 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1897 		    max_bulk);
1898 
1899 		usbd_transfer_submit(xfer);
1900 		break;
1901 
1902 	default:			/* Error */
1903 		if ((error == USB_ERR_CANCELLED) ||
1904 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1905 			umass_tr_error(xfer, error);
1906 		} else {
1907 			umass_transfer_start(sc, UMASS_T_CBI_DATA_RD_CS);
1908 		}
1909 		break;
1910 	}
1911 }
1912 
1913 static void
1914 umass_t_cbi_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1915 {
1916 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1917 	    UMASS_T_CBI_DATA_READ, error);
1918 }
1919 
1920 static void
1921 umass_t_cbi_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1922 {
1923 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1924 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1925 	int actlen, sumlen;
1926 
1927 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1928 
1929 	switch (USB_GET_STATE(xfer)) {
1930 	case USB_ST_TRANSFERRED:
1931 		sc->sc_transfer.data_rem -= actlen;
1932 		sc->sc_transfer.data_ptr += actlen;
1933 		sc->sc_transfer.actlen += actlen;
1934 
1935 		if (actlen < sumlen) {
1936 			/* short transfer */
1937 			sc->sc_transfer.data_rem = 0;
1938 		}
1939 	case USB_ST_SETUP:
1940 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1941 		    max_bulk, sc->sc_transfer.data_rem);
1942 
1943 		if (sc->sc_transfer.data_rem == 0) {
1944 			umass_cbi_start_status(sc);
1945 			break;
1946 		}
1947 		if (max_bulk > sc->sc_transfer.data_rem) {
1948 			max_bulk = sc->sc_transfer.data_rem;
1949 		}
1950 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1951 
1952 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1953 		    max_bulk);
1954 
1955 		usbd_transfer_submit(xfer);
1956 		break;
1957 
1958 	default:			/* Error */
1959 		if ((error == USB_ERR_CANCELLED) ||
1960 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1961 			umass_tr_error(xfer, error);
1962 		} else {
1963 			umass_transfer_start(sc, UMASS_T_CBI_DATA_WR_CS);
1964 		}
1965 		break;
1966 	}
1967 }
1968 
1969 static void
1970 umass_t_cbi_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1971 {
1972 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1973 	    UMASS_T_CBI_DATA_WRITE, error);
1974 }
1975 
1976 static void
1977 umass_t_cbi_status_callback(struct usb_xfer *xfer, usb_error_t error)
1978 {
1979 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1980 	union ccb *ccb = sc->sc_transfer.ccb;
1981 	struct usb_page_cache *pc;
1982 	uint32_t residue;
1983 	uint8_t status;
1984 	int actlen;
1985 
1986 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1987 
1988 	switch (USB_GET_STATE(xfer)) {
1989 	case USB_ST_TRANSFERRED:
1990 
1991 		if (actlen < (int)sizeof(sc->sbl)) {
1992 			goto tr_setup;
1993 		}
1994 		pc = usbd_xfer_get_frame(xfer, 0);
1995 		usbd_copy_out(pc, 0, &sc->sbl, sizeof(sc->sbl));
1996 
1997 		residue = (sc->sc_transfer.data_len -
1998 		    sc->sc_transfer.actlen);
1999 
2000 		/* dissect the information in the buffer */
2001 
2002 		if (sc->sc_proto & UMASS_PROTO_UFI) {
2003 
2004 			/*
2005 			 * Section 3.4.3.1.3 specifies that the UFI command
2006 			 * protocol returns an ASC and ASCQ in the interrupt
2007 			 * data block.
2008 			 */
2009 
2010 			DPRINTF(sc, UDMASS_CBI, "UFI CCI, ASC = 0x%02x, "
2011 			    "ASCQ = 0x%02x\n", sc->sbl.ufi.asc,
2012 			    sc->sbl.ufi.ascq);
2013 
2014 			status = (((sc->sbl.ufi.asc == 0) &&
2015 			    (sc->sbl.ufi.ascq == 0)) ?
2016 			    STATUS_CMD_OK : STATUS_CMD_FAILED);
2017 
2018 			sc->sc_transfer.ccb = NULL;
2019 
2020 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2021 
2022 			(sc->sc_transfer.callback)
2023 			    (sc, ccb, residue, status);
2024 
2025 			break;
2026 
2027 		} else {
2028 
2029 			/* Command Interrupt Data Block */
2030 
2031 			DPRINTF(sc, UDMASS_CBI, "type=0x%02x, value=0x%02x\n",
2032 			    sc->sbl.common.type, sc->sbl.common.value);
2033 
2034 			if (sc->sbl.common.type == IDB_TYPE_CCI) {
2035 
2036 				status = (sc->sbl.common.value & IDB_VALUE_STATUS_MASK);
2037 
2038 				status = ((status == IDB_VALUE_PASS) ? STATUS_CMD_OK :
2039 				    (status == IDB_VALUE_FAIL) ? STATUS_CMD_FAILED :
2040 				    (status == IDB_VALUE_PERSISTENT) ? STATUS_CMD_FAILED :
2041 				    STATUS_WIRE_FAILED);
2042 
2043 				sc->sc_transfer.ccb = NULL;
2044 
2045 				sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2046 
2047 				(sc->sc_transfer.callback)
2048 				    (sc, ccb, residue, status);
2049 
2050 				break;
2051 			}
2052 		}
2053 
2054 		/* fallthrough */
2055 
2056 	case USB_ST_SETUP:
2057 tr_setup:
2058 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
2059 		usbd_transfer_submit(xfer);
2060 		break;
2061 
2062 	default:			/* Error */
2063 		DPRINTF(sc, UDMASS_CBI, "Failed to read CSW: %s\n",
2064 		    usbd_errstr(error));
2065 		umass_tr_error(xfer, error);
2066 		break;
2067 	}
2068 }
2069 
2070 /*
2071  * CAM specific functions (used by SCSI, UFI, 8070i (ATAPI))
2072  */
2073 
2074 static int
2075 umass_cam_attach_sim(struct umass_softc *sc)
2076 {
2077 	struct cam_devq *devq;		/* Per device Queue */
2078 
2079 	/*
2080 	 * A HBA is attached to the CAM layer.
2081 	 *
2082 	 * The CAM layer will then after a while start probing for devices on
2083 	 * the bus. The number of SIMs is limited to one.
2084 	 */
2085 
2086 	devq = cam_simq_alloc(1 /* maximum openings */ );
2087 	if (devq == NULL) {
2088 		return (ENOMEM);
2089 	}
2090 	sc->sc_sim = cam_sim_alloc
2091 	    (&umass_cam_action, &umass_cam_poll,
2092 	    DEVNAME_SIM,
2093 	    sc /* priv */ ,
2094 	    sc->sc_unit /* unit number */ ,
2095 	    &sc->sc_mtx /* mutex */ ,
2096 	    1 /* maximum device openings */ ,
2097 	    0 /* maximum tagged device openings */ ,
2098 	    devq);
2099 
2100 	if (sc->sc_sim == NULL) {
2101 		cam_simq_free(devq);
2102 		return (ENOMEM);
2103 	}
2104 
2105 	mtx_lock(&sc->sc_mtx);
2106 
2107 	if (xpt_bus_register(sc->sc_sim, sc->sc_dev,
2108 	    sc->sc_unit) != CAM_SUCCESS) {
2109 		mtx_unlock(&sc->sc_mtx);
2110 		return (ENOMEM);
2111 	}
2112 	mtx_unlock(&sc->sc_mtx);
2113 
2114 	return (0);
2115 }
2116 
2117 static void
2118 umass_cam_attach(struct umass_softc *sc)
2119 {
2120 #ifndef USB_DEBUG
2121 	if (bootverbose)
2122 #endif
2123 		printf("%s:%d:%d: Attached to scbus%d\n",
2124 		    sc->sc_name, cam_sim_path(sc->sc_sim),
2125 		    sc->sc_unit, cam_sim_path(sc->sc_sim));
2126 }
2127 
2128 /* umass_cam_detach
2129  *	detach from the CAM layer
2130  */
2131 
2132 static void
2133 umass_cam_detach_sim(struct umass_softc *sc)
2134 {
2135 	if (sc->sc_sim != NULL) {
2136 		if (xpt_bus_deregister(cam_sim_path(sc->sc_sim))) {
2137 			/* accessing the softc is not possible after this */
2138 			sc->sc_sim->softc = NULL;
2139 			cam_sim_free(sc->sc_sim, /* free_devq */ TRUE);
2140 		} else {
2141 			panic("%s: CAM layer is busy\n",
2142 			    sc->sc_name);
2143 		}
2144 		sc->sc_sim = NULL;
2145 	}
2146 }
2147 
2148 /* umass_cam_action
2149  * 	CAM requests for action come through here
2150  */
2151 
2152 static void
2153 umass_cam_action(struct cam_sim *sim, union ccb *ccb)
2154 {
2155 	struct umass_softc *sc = (struct umass_softc *)sim->softc;
2156 
2157 	if (sc == NULL) {
2158 		ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2159 		xpt_done(ccb);
2160 		return;
2161 	}
2162 
2163 	/* Perform the requested action */
2164 	switch (ccb->ccb_h.func_code) {
2165 	case XPT_SCSI_IO:
2166 		{
2167 			uint8_t *cmd;
2168 			uint8_t dir;
2169 
2170 			if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2171 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2172 			} else {
2173 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2174 			}
2175 
2176 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2177 			    "cmd: 0x%02x, flags: 0x%02x, "
2178 			    "%db cmd/%db data/%db sense\n",
2179 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2180 			    (uintmax_t)ccb->ccb_h.target_lun, cmd[0],
2181 			    ccb->ccb_h.flags & CAM_DIR_MASK, ccb->csio.cdb_len,
2182 			    ccb->csio.dxfer_len, ccb->csio.sense_len);
2183 
2184 			if (sc->sc_transfer.ccb) {
2185 				DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2186 				    "I/O in progress, deferring\n",
2187 				    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2188 				    (uintmax_t)ccb->ccb_h.target_lun);
2189 				ccb->ccb_h.status = CAM_SCSI_BUSY;
2190 				xpt_done(ccb);
2191 				goto done;
2192 			}
2193 			switch (ccb->ccb_h.flags & CAM_DIR_MASK) {
2194 			case CAM_DIR_IN:
2195 				dir = DIR_IN;
2196 				break;
2197 			case CAM_DIR_OUT:
2198 				dir = DIR_OUT;
2199 				DIF(UDMASS_SCSI,
2200 				    umass_dump_buffer(sc, ccb->csio.data_ptr,
2201 				    ccb->csio.dxfer_len, 48));
2202 				break;
2203 			default:
2204 				dir = DIR_NONE;
2205 			}
2206 
2207 			ccb->ccb_h.status = CAM_REQ_INPROG | CAM_SIM_QUEUED;
2208 
2209 			/*
2210 			 * sc->sc_transform will convert the command to the
2211 			 * command format needed by the specific command set
2212 			 * and return the converted command in
2213 			 * "sc->sc_transfer.cmd_data"
2214 			 */
2215 			if (umass_std_transform(sc, ccb, cmd, ccb->csio.cdb_len)) {
2216 
2217 				if (sc->sc_transfer.cmd_data[0] == INQUIRY) {
2218 					const char *pserial;
2219 
2220 					pserial = usb_get_serial(sc->sc_udev);
2221 
2222 					/*
2223 					 * Umass devices don't generally report their serial numbers
2224 					 * in the usual SCSI way.  Emulate it here.
2225 					 */
2226 					if ((sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2227 					    (sc->sc_transfer.cmd_data[2] == SVPD_UNIT_SERIAL_NUMBER) &&
2228 					    (pserial[0] != '\0')) {
2229 						struct scsi_vpd_unit_serial_number *vpd_serial;
2230 
2231 						vpd_serial = (struct scsi_vpd_unit_serial_number *)ccb->csio.data_ptr;
2232 						vpd_serial->length = strlen(pserial);
2233 						if (vpd_serial->length > sizeof(vpd_serial->serial_num))
2234 							vpd_serial->length = sizeof(vpd_serial->serial_num);
2235 						memcpy(vpd_serial->serial_num, pserial, vpd_serial->length);
2236 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2237 						ccb->ccb_h.status = CAM_REQ_CMP;
2238 						xpt_done(ccb);
2239 						goto done;
2240 					}
2241 
2242 					/*
2243 					 * Handle EVPD inquiry for broken devices first
2244 					 * NO_INQUIRY also implies NO_INQUIRY_EVPD
2245 					 */
2246 					if ((sc->sc_quirks & (NO_INQUIRY_EVPD | NO_INQUIRY)) &&
2247 					    (sc->sc_transfer.cmd_data[1] & SI_EVPD)) {
2248 
2249 						scsi_set_sense_data(&ccb->csio.sense_data,
2250 							/*sense_format*/ SSD_TYPE_NONE,
2251 							/*current_error*/ 1,
2252 							/*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
2253 							/*asc*/ 0x24,
2254 							/*ascq*/ 0x00,
2255 							/*extra args*/ SSD_ELEM_NONE);
2256 						ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2257 						ccb->ccb_h.status =
2258 						    CAM_SCSI_STATUS_ERROR |
2259 						    CAM_AUTOSNS_VALID |
2260 						    CAM_DEV_QFRZN;
2261 						xpt_freeze_devq(ccb->ccb_h.path, 1);
2262 						xpt_done(ccb);
2263 						goto done;
2264 					}
2265 					/*
2266 					 * Return fake inquiry data for
2267 					 * broken devices
2268 					 */
2269 					if (sc->sc_quirks & NO_INQUIRY) {
2270 						memcpy(ccb->csio.data_ptr, &fake_inq_data,
2271 						    sizeof(fake_inq_data));
2272 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2273 						ccb->ccb_h.status = CAM_REQ_CMP;
2274 						xpt_done(ccb);
2275 						goto done;
2276 					}
2277 					if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2278 						ccb->csio.dxfer_len = SHORT_INQUIRY_LENGTH;
2279 					}
2280 				} else if (sc->sc_transfer.cmd_data[0] == PREVENT_ALLOW) {
2281 					if (sc->sc_quirks & NO_PREVENT_ALLOW) {
2282 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2283 						ccb->ccb_h.status = CAM_REQ_CMP;
2284 						xpt_done(ccb);
2285 						goto done;
2286 					}
2287 				} else if (sc->sc_transfer.cmd_data[0] == SYNCHRONIZE_CACHE) {
2288 					if (sc->sc_quirks & NO_SYNCHRONIZE_CACHE) {
2289 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2290 						ccb->ccb_h.status = CAM_REQ_CMP;
2291 						xpt_done(ccb);
2292 						goto done;
2293 					}
2294 				}
2295 				umass_command_start(sc, dir, ccb->csio.data_ptr,
2296 				    ccb->csio.dxfer_len,
2297 				    ccb->ccb_h.timeout,
2298 				    &umass_cam_cb, ccb);
2299 			}
2300 			break;
2301 		}
2302 	case XPT_PATH_INQ:
2303 		{
2304 			struct ccb_pathinq *cpi = &ccb->cpi;
2305 
2306 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_PATH_INQ:.\n",
2307 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2308 			    (uintmax_t)ccb->ccb_h.target_lun);
2309 
2310 			/* host specific information */
2311 			cpi->version_num = 1;
2312 			cpi->hba_inquiry = 0;
2313 			cpi->target_sprt = 0;
2314 			cpi->hba_misc = PIM_NO_6_BYTE;
2315 			cpi->hba_eng_cnt = 0;
2316 			cpi->max_target = UMASS_SCSIID_MAX;	/* one target */
2317 			cpi->initiator_id = UMASS_SCSIID_HOST;
2318 			strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2319 			strlcpy(cpi->hba_vid, "USB SCSI", HBA_IDLEN);
2320 			strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
2321 			cpi->unit_number = cam_sim_unit(sim);
2322 			cpi->bus_id = sc->sc_unit;
2323 			cpi->protocol = PROTO_SCSI;
2324 			cpi->protocol_version = SCSI_REV_2;
2325 			cpi->transport = XPORT_USB;
2326 			cpi->transport_version = 0;
2327 
2328 			if (sc == NULL) {
2329 				cpi->base_transfer_speed = 0;
2330 				cpi->max_lun = 0;
2331 			} else {
2332 				if (sc->sc_quirks & FLOPPY_SPEED) {
2333 					cpi->base_transfer_speed =
2334 					    UMASS_FLOPPY_TRANSFER_SPEED;
2335 				} else {
2336 					switch (usbd_get_speed(sc->sc_udev)) {
2337 					case USB_SPEED_SUPER:
2338 						cpi->base_transfer_speed =
2339 						    UMASS_SUPER_TRANSFER_SPEED;
2340 						cpi->maxio = MAXPHYS;
2341 						break;
2342 					case USB_SPEED_HIGH:
2343 						cpi->base_transfer_speed =
2344 						    UMASS_HIGH_TRANSFER_SPEED;
2345 						break;
2346 					default:
2347 						cpi->base_transfer_speed =
2348 						    UMASS_FULL_TRANSFER_SPEED;
2349 						break;
2350 					}
2351 				}
2352 				cpi->max_lun = sc->sc_maxlun;
2353 			}
2354 
2355 			cpi->ccb_h.status = CAM_REQ_CMP;
2356 			xpt_done(ccb);
2357 			break;
2358 		}
2359 	case XPT_RESET_DEV:
2360 		{
2361 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_RESET_DEV:.\n",
2362 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2363 			    (uintmax_t)ccb->ccb_h.target_lun);
2364 
2365 			umass_reset(sc);
2366 
2367 			ccb->ccb_h.status = CAM_REQ_CMP;
2368 			xpt_done(ccb);
2369 			break;
2370 		}
2371 	case XPT_GET_TRAN_SETTINGS:
2372 		{
2373 			struct ccb_trans_settings *cts = &ccb->cts;
2374 
2375 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_GET_TRAN_SETTINGS:.\n",
2376 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2377 			    (uintmax_t)ccb->ccb_h.target_lun);
2378 
2379 			cts->protocol = PROTO_SCSI;
2380 			cts->protocol_version = SCSI_REV_2;
2381 			cts->transport = XPORT_USB;
2382 			cts->transport_version = 0;
2383 			cts->xport_specific.valid = 0;
2384 
2385 			ccb->ccb_h.status = CAM_REQ_CMP;
2386 			xpt_done(ccb);
2387 			break;
2388 		}
2389 	case XPT_SET_TRAN_SETTINGS:
2390 		{
2391 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SET_TRAN_SETTINGS:.\n",
2392 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2393 			    (uintmax_t)ccb->ccb_h.target_lun);
2394 
2395 			ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2396 			xpt_done(ccb);
2397 			break;
2398 		}
2399 	case XPT_CALC_GEOMETRY:
2400 		{
2401 			cam_calc_geometry(&ccb->ccg, /* extended */ 1);
2402 			xpt_done(ccb);
2403 			break;
2404 		}
2405 	case XPT_NOOP:
2406 		{
2407 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_NOOP:.\n",
2408 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2409 			    (uintmax_t)ccb->ccb_h.target_lun);
2410 
2411 			ccb->ccb_h.status = CAM_REQ_CMP;
2412 			xpt_done(ccb);
2413 			break;
2414 		}
2415 	default:
2416 		DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:func_code 0x%04x: "
2417 		    "Not implemented\n",
2418 		    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2419 		    (uintmax_t)ccb->ccb_h.target_lun, ccb->ccb_h.func_code);
2420 
2421 		ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2422 		xpt_done(ccb);
2423 		break;
2424 	}
2425 
2426 done:
2427 	return;
2428 }
2429 
2430 static void
2431 umass_cam_poll(struct cam_sim *sim)
2432 {
2433 	struct umass_softc *sc = (struct umass_softc *)sim->softc;
2434 
2435 	if (sc == NULL)
2436 		return;
2437 
2438 	DPRINTF(sc, UDMASS_SCSI, "CAM poll\n");
2439 
2440 	usbd_transfer_poll(sc->sc_xfer, UMASS_T_MAX);
2441 }
2442 
2443 
2444 /* umass_cam_cb
2445  *	finalise a completed CAM command
2446  */
2447 
2448 static void
2449 umass_cam_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2450     uint8_t status)
2451 {
2452 	ccb->csio.resid = residue;
2453 
2454 	switch (status) {
2455 	case STATUS_CMD_OK:
2456 		ccb->ccb_h.status = CAM_REQ_CMP;
2457 		if ((sc->sc_quirks & READ_CAPACITY_OFFBY1) &&
2458 		    (ccb->ccb_h.func_code == XPT_SCSI_IO) &&
2459 		    (ccb->csio.cdb_io.cdb_bytes[0] == READ_CAPACITY)) {
2460 			struct scsi_read_capacity_data *rcap;
2461 			uint32_t maxsector;
2462 
2463 			rcap = (void *)(ccb->csio.data_ptr);
2464 			maxsector = scsi_4btoul(rcap->addr) - 1;
2465 			scsi_ulto4b(maxsector, rcap->addr);
2466 		}
2467 		/*
2468 		 * We have to add SVPD_UNIT_SERIAL_NUMBER to the list
2469 		 * of pages supported by the device - otherwise, CAM
2470 		 * will never ask us for the serial number if the
2471 		 * device cannot handle that by itself.
2472 		 */
2473 		if (ccb->ccb_h.func_code == XPT_SCSI_IO &&
2474 		    sc->sc_transfer.cmd_data[0] == INQUIRY &&
2475 		    (sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2476 		    sc->sc_transfer.cmd_data[2] == SVPD_SUPPORTED_PAGE_LIST &&
2477 		    (usb_get_serial(sc->sc_udev)[0] != '\0')) {
2478 			struct ccb_scsiio *csio;
2479 			struct scsi_vpd_supported_page_list *page_list;
2480 
2481 			csio = &ccb->csio;
2482 			page_list = (struct scsi_vpd_supported_page_list *)csio->data_ptr;
2483 			if (page_list->length + 1 < SVPD_SUPPORTED_PAGES_SIZE) {
2484 				page_list->list[page_list->length] = SVPD_UNIT_SERIAL_NUMBER;
2485 				page_list->length++;
2486 			}
2487 		}
2488 		xpt_done(ccb);
2489 		break;
2490 
2491 	case STATUS_CMD_UNKNOWN:
2492 	case STATUS_CMD_FAILED:
2493 
2494 		/* fetch sense data */
2495 
2496 		/* the rest of the command was filled in at attach */
2497 		sc->cam_scsi_sense.length = ccb->csio.sense_len;
2498 
2499 		DPRINTF(sc, UDMASS_SCSI, "Fetching %d bytes of "
2500 		    "sense data\n", ccb->csio.sense_len);
2501 
2502 		if (umass_std_transform(sc, ccb, &sc->cam_scsi_sense.opcode,
2503 		    sizeof(sc->cam_scsi_sense))) {
2504 
2505 			if ((sc->sc_quirks & FORCE_SHORT_INQUIRY) &&
2506 			    (sc->sc_transfer.cmd_data[0] == INQUIRY)) {
2507 				ccb->csio.sense_len = SHORT_INQUIRY_LENGTH;
2508 			}
2509 			umass_command_start(sc, DIR_IN, &ccb->csio.sense_data.error_code,
2510 			    ccb->csio.sense_len, ccb->ccb_h.timeout,
2511 			    &umass_cam_sense_cb, ccb);
2512 		}
2513 		break;
2514 
2515 	default:
2516 		/*
2517 		 * The wire protocol failed and will hopefully have
2518 		 * recovered. We return an error to CAM and let CAM
2519 		 * retry the command if necessary.
2520 		 */
2521 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2522 		ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN;
2523 		xpt_done(ccb);
2524 		break;
2525 	}
2526 }
2527 
2528 /*
2529  * Finalise a completed autosense operation
2530  */
2531 static void
2532 umass_cam_sense_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2533     uint8_t status)
2534 {
2535 	uint8_t *cmd;
2536 
2537 	switch (status) {
2538 	case STATUS_CMD_OK:
2539 	case STATUS_CMD_UNKNOWN:
2540 	case STATUS_CMD_FAILED: {
2541 		int key, sense_len;
2542 
2543 		ccb->csio.sense_resid = residue;
2544 		sense_len = ccb->csio.sense_len - ccb->csio.sense_resid;
2545 		key = scsi_get_sense_key(&ccb->csio.sense_data, sense_len,
2546 					 /*show_errors*/ 1);
2547 
2548 		if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2549 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2550 		} else {
2551 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2552 		}
2553 
2554 		/*
2555 		 * Getting sense data always succeeds (apart from wire
2556 		 * failures):
2557 		 */
2558 		if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2559 		    (cmd[0] == INQUIRY) &&
2560 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2561 			/*
2562 			 * Ignore unit attention errors in the case where
2563 			 * the Unit Attention state is not cleared on
2564 			 * REQUEST SENSE. They will appear again at the next
2565 			 * command.
2566 			 */
2567 			ccb->ccb_h.status = CAM_REQ_CMP;
2568 		} else if (key == SSD_KEY_NO_SENSE) {
2569 			/*
2570 			 * No problem after all (in the case of CBI without
2571 			 * CCI)
2572 			 */
2573 			ccb->ccb_h.status = CAM_REQ_CMP;
2574 		} else if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2575 			    (cmd[0] == READ_CAPACITY) &&
2576 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2577 			/*
2578 			 * Some devices do not clear the unit attention error
2579 			 * on request sense. We insert a test unit ready
2580 			 * command to make sure we clear the unit attention
2581 			 * condition, then allow the retry to proceed as
2582 			 * usual.
2583 			 */
2584 
2585 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2586 			ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2587 			    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2588 			ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2589 
2590 #if 0
2591 			DELAY(300000);
2592 #endif
2593 			DPRINTF(sc, UDMASS_SCSI, "Doing a sneaky"
2594 			    "TEST_UNIT_READY\n");
2595 
2596 			/* the rest of the command was filled in at attach */
2597 
2598 			if ((sc->sc_transform)(sc,
2599 			    &sc->cam_scsi_test_unit_ready.opcode,
2600 			    sizeof(sc->cam_scsi_test_unit_ready)) == 1) {
2601 				umass_command_start(sc, DIR_NONE, NULL, 0,
2602 				    ccb->ccb_h.timeout,
2603 				    &umass_cam_quirk_cb, ccb);
2604 				break;
2605 			}
2606 		} else {
2607 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2608 			if (key >= 0) {
2609 				ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2610 				    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2611 				ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2612 			} else
2613 				ccb->ccb_h.status = CAM_AUTOSENSE_FAIL
2614 				    | CAM_DEV_QFRZN;
2615 		}
2616 		xpt_done(ccb);
2617 		break;
2618 	}
2619 	default:
2620 		DPRINTF(sc, UDMASS_SCSI, "Autosense failed, "
2621 		    "status %d\n", status);
2622 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2623 		ccb->ccb_h.status = CAM_AUTOSENSE_FAIL | CAM_DEV_QFRZN;
2624 		xpt_done(ccb);
2625 	}
2626 }
2627 
2628 /*
2629  * This completion code just handles the fact that we sent a test-unit-ready
2630  * after having previously failed a READ CAPACITY with CHECK_COND.  The CCB
2631  * status for CAM is already set earlier.
2632  */
2633 static void
2634 umass_cam_quirk_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2635     uint8_t status)
2636 {
2637 	DPRINTF(sc, UDMASS_SCSI, "Test unit ready "
2638 	    "returned status %d\n", status);
2639 
2640 	xpt_done(ccb);
2641 }
2642 
2643 /*
2644  * SCSI specific functions
2645  */
2646 
2647 static uint8_t
2648 umass_scsi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2649     uint8_t cmd_len)
2650 {
2651 	if ((cmd_len == 0) ||
2652 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2653 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2654 		    "length: %d bytes\n", cmd_len);
2655 		return (0);		/* failure */
2656 	}
2657 	sc->sc_transfer.cmd_len = cmd_len;
2658 
2659 	switch (cmd_ptr[0]) {
2660 	case TEST_UNIT_READY:
2661 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2662 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2663 			    "to START_UNIT\n");
2664 			memset(sc->sc_transfer.cmd_data, 0, cmd_len);
2665 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2666 			sc->sc_transfer.cmd_data[4] = SSS_START;
2667 			return (1);
2668 		}
2669 		break;
2670 
2671 	case INQUIRY:
2672 		/*
2673 		 * some drives wedge when asked for full inquiry
2674 		 * information.
2675 		 */
2676 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2677 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2678 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2679 			return (1);
2680 		}
2681 		break;
2682 	}
2683 
2684 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2685 	return (1);
2686 }
2687 
2688 static uint8_t
2689 umass_rbc_transform(struct umass_softc *sc, uint8_t *cmd_ptr, uint8_t cmd_len)
2690 {
2691 	if ((cmd_len == 0) ||
2692 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2693 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2694 		    "length: %d bytes\n", cmd_len);
2695 		return (0);		/* failure */
2696 	}
2697 	switch (cmd_ptr[0]) {
2698 		/* these commands are defined in RBC: */
2699 	case READ_10:
2700 	case READ_CAPACITY:
2701 	case START_STOP_UNIT:
2702 	case SYNCHRONIZE_CACHE:
2703 	case WRITE_10:
2704 	case VERIFY_10:
2705 	case INQUIRY:
2706 	case MODE_SELECT_10:
2707 	case MODE_SENSE_10:
2708 	case TEST_UNIT_READY:
2709 	case WRITE_BUFFER:
2710 		/*
2711 		 * The following commands are not listed in my copy of the
2712 		 * RBC specs. CAM however seems to want those, and at least
2713 		 * the Sony DSC device appears to support those as well
2714 		 */
2715 	case REQUEST_SENSE:
2716 	case PREVENT_ALLOW:
2717 
2718 		memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2719 
2720 		if ((sc->sc_quirks & RBC_PAD_TO_12) && (cmd_len < 12)) {
2721 			memset(sc->sc_transfer.cmd_data + cmd_len,
2722 			    0, 12 - cmd_len);
2723 			cmd_len = 12;
2724 		}
2725 		sc->sc_transfer.cmd_len = cmd_len;
2726 		return (1);		/* success */
2727 
2728 		/* All other commands are not legal in RBC */
2729 	default:
2730 		DPRINTF(sc, UDMASS_SCSI, "Unsupported RBC "
2731 		    "command 0x%02x\n", cmd_ptr[0]);
2732 		return (0);		/* failure */
2733 	}
2734 }
2735 
2736 static uint8_t
2737 umass_ufi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2738     uint8_t cmd_len)
2739 {
2740 	if ((cmd_len == 0) ||
2741 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2742 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2743 		    "length: %d bytes\n", cmd_len);
2744 		return (0);		/* failure */
2745 	}
2746 	/* An UFI command is always 12 bytes in length */
2747 	sc->sc_transfer.cmd_len = UFI_COMMAND_LENGTH;
2748 
2749 	/* Zero the command data */
2750 	memset(sc->sc_transfer.cmd_data, 0, UFI_COMMAND_LENGTH);
2751 
2752 	switch (cmd_ptr[0]) {
2753 		/*
2754 		 * Commands of which the format has been verified. They
2755 		 * should work. Copy the command into the (zeroed out)
2756 		 * destination buffer.
2757 		 */
2758 	case TEST_UNIT_READY:
2759 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2760 			/*
2761 			 * Some devices do not support this command. Start
2762 			 * Stop Unit should give the same results
2763 			 */
2764 			DPRINTF(sc, UDMASS_UFI, "Converted TEST_UNIT_READY "
2765 			    "to START_UNIT\n");
2766 
2767 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2768 			sc->sc_transfer.cmd_data[4] = SSS_START;
2769 			return (1);
2770 		}
2771 		break;
2772 
2773 	case REZERO_UNIT:
2774 	case REQUEST_SENSE:
2775 	case FORMAT_UNIT:
2776 	case INQUIRY:
2777 	case START_STOP_UNIT:
2778 	case SEND_DIAGNOSTIC:
2779 	case PREVENT_ALLOW:
2780 	case READ_CAPACITY:
2781 	case READ_10:
2782 	case WRITE_10:
2783 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2784 	case WRITE_AND_VERIFY:
2785 	case VERIFY:
2786 	case MODE_SELECT_10:
2787 	case MODE_SENSE_10:
2788 	case READ_12:
2789 	case WRITE_12:
2790 	case READ_FORMAT_CAPACITIES:
2791 		break;
2792 
2793 		/*
2794 		 * SYNCHRONIZE_CACHE isn't supported by UFI, nor should it be
2795 		 * required for UFI devices, so it is appropriate to fake
2796 		 * success.
2797 		 */
2798 	case SYNCHRONIZE_CACHE:
2799 		return (2);
2800 
2801 	default:
2802 		DPRINTF(sc, UDMASS_SCSI, "Unsupported UFI "
2803 		    "command 0x%02x\n", cmd_ptr[0]);
2804 		return (0);		/* failure */
2805 	}
2806 
2807 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2808 	return (1);			/* success */
2809 }
2810 
2811 /*
2812  * 8070i (ATAPI) specific functions
2813  */
2814 static uint8_t
2815 umass_atapi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2816     uint8_t cmd_len)
2817 {
2818 	if ((cmd_len == 0) ||
2819 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2820 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2821 		    "length: %d bytes\n", cmd_len);
2822 		return (0);		/* failure */
2823 	}
2824 	/* An ATAPI command is always 12 bytes in length. */
2825 	sc->sc_transfer.cmd_len = ATAPI_COMMAND_LENGTH;
2826 
2827 	/* Zero the command data */
2828 	memset(sc->sc_transfer.cmd_data, 0, ATAPI_COMMAND_LENGTH);
2829 
2830 	switch (cmd_ptr[0]) {
2831 		/*
2832 		 * Commands of which the format has been verified. They
2833 		 * should work. Copy the command into the destination
2834 		 * buffer.
2835 		 */
2836 	case INQUIRY:
2837 		/*
2838 		 * some drives wedge when asked for full inquiry
2839 		 * information.
2840 		 */
2841 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2842 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2843 
2844 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2845 			return (1);
2846 		}
2847 		break;
2848 
2849 	case TEST_UNIT_READY:
2850 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2851 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2852 			    "to START_UNIT\n");
2853 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2854 			sc->sc_transfer.cmd_data[4] = SSS_START;
2855 			return (1);
2856 		}
2857 		break;
2858 
2859 	case REZERO_UNIT:
2860 	case REQUEST_SENSE:
2861 	case START_STOP_UNIT:
2862 	case SEND_DIAGNOSTIC:
2863 	case PREVENT_ALLOW:
2864 	case READ_CAPACITY:
2865 	case READ_10:
2866 	case WRITE_10:
2867 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2868 	case SYNCHRONIZE_CACHE:
2869 	case MODE_SELECT_10:
2870 	case MODE_SENSE_10:
2871 	case READ_BUFFER:
2872 	case 0x42:			/* READ_SUBCHANNEL */
2873 	case 0x43:			/* READ_TOC */
2874 	case 0x44:			/* READ_HEADER */
2875 	case 0x47:			/* PLAY_MSF (Play Minute/Second/Frame) */
2876 	case 0x48:			/* PLAY_TRACK */
2877 	case 0x49:			/* PLAY_TRACK_REL */
2878 	case 0x4b:			/* PAUSE */
2879 	case 0x51:			/* READ_DISK_INFO */
2880 	case 0x52:			/* READ_TRACK_INFO */
2881 	case 0x54:			/* SEND_OPC */
2882 	case 0x59:			/* READ_MASTER_CUE */
2883 	case 0x5b:			/* CLOSE_TR_SESSION */
2884 	case 0x5c:			/* READ_BUFFER_CAP */
2885 	case 0x5d:			/* SEND_CUE_SHEET */
2886 	case 0xa1:			/* BLANK */
2887 	case 0xa5:			/* PLAY_12 */
2888 	case 0xa6:			/* EXCHANGE_MEDIUM */
2889 	case 0xad:			/* READ_DVD_STRUCTURE */
2890 	case 0xbb:			/* SET_CD_SPEED */
2891 	case 0xe5:			/* READ_TRACK_INFO_PHILIPS */
2892 		break;
2893 
2894 	case READ_12:
2895 	case WRITE_12:
2896 	default:
2897 		DPRINTF(sc, UDMASS_SCSI, "Unsupported ATAPI "
2898 		    "command 0x%02x - trying anyway\n",
2899 		    cmd_ptr[0]);
2900 		break;
2901 	}
2902 
2903 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2904 	return (1);			/* success */
2905 }
2906 
2907 static uint8_t
2908 umass_no_transform(struct umass_softc *sc, uint8_t *cmd,
2909     uint8_t cmdlen)
2910 {
2911 	return (0);			/* failure */
2912 }
2913 
2914 static uint8_t
2915 umass_std_transform(struct umass_softc *sc, union ccb *ccb,
2916     uint8_t *cmd, uint8_t cmdlen)
2917 {
2918 	uint8_t retval;
2919 
2920 	retval = (sc->sc_transform) (sc, cmd, cmdlen);
2921 
2922 	if (retval == 2) {
2923 		ccb->ccb_h.status = CAM_REQ_CMP;
2924 		xpt_done(ccb);
2925 		return (0);
2926 	} else if (retval == 0) {
2927 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2928 		ccb->ccb_h.status = CAM_REQ_INVALID | CAM_DEV_QFRZN;
2929 		xpt_done(ccb);
2930 		return (0);
2931 	}
2932 	/* Command should be executed */
2933 	return (1);
2934 }
2935 
2936 #ifdef USB_DEBUG
2937 static void
2938 umass_bbb_dump_cbw(struct umass_softc *sc, umass_bbb_cbw_t *cbw)
2939 {
2940 	uint8_t *c = cbw->CBWCDB;
2941 
2942 	uint32_t dlen = UGETDW(cbw->dCBWDataTransferLength);
2943 	uint32_t tag = UGETDW(cbw->dCBWTag);
2944 
2945 	uint8_t clen = cbw->bCDBLength;
2946 	uint8_t flags = cbw->bCBWFlags;
2947 	uint8_t lun = cbw->bCBWLUN;
2948 
2949 	DPRINTF(sc, UDMASS_BBB, "CBW %d: cmd = %db "
2950 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2951 	    "data = %db, lun = %d, dir = %s\n",
2952 	    tag, clen,
2953 	    c[0], c[1], c[2], c[3], c[4], c[5], (clen > 6 ? "..." : ""),
2954 	    dlen, lun, (flags == CBWFLAGS_IN ? "in" :
2955 	    (flags == CBWFLAGS_OUT ? "out" : "<invalid>")));
2956 }
2957 
2958 static void
2959 umass_bbb_dump_csw(struct umass_softc *sc, umass_bbb_csw_t *csw)
2960 {
2961 	uint32_t sig = UGETDW(csw->dCSWSignature);
2962 	uint32_t tag = UGETDW(csw->dCSWTag);
2963 	uint32_t res = UGETDW(csw->dCSWDataResidue);
2964 	uint8_t status = csw->bCSWStatus;
2965 
2966 	DPRINTF(sc, UDMASS_BBB, "CSW %d: sig = 0x%08x (%s), tag = 0x%08x, "
2967 	    "res = %d, status = 0x%02x (%s)\n",
2968 	    tag, sig, (sig == CSWSIGNATURE ? "valid" : "invalid"),
2969 	    tag, res,
2970 	    status, (status == CSWSTATUS_GOOD ? "good" :
2971 	    (status == CSWSTATUS_FAILED ? "failed" :
2972 	    (status == CSWSTATUS_PHASE ? "phase" : "<invalid>"))));
2973 }
2974 
2975 static void
2976 umass_cbi_dump_cmd(struct umass_softc *sc, void *cmd, uint8_t cmdlen)
2977 {
2978 	uint8_t *c = cmd;
2979 	uint8_t dir = sc->sc_transfer.dir;
2980 
2981 	DPRINTF(sc, UDMASS_BBB, "cmd = %db "
2982 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2983 	    "data = %db, dir = %s\n",
2984 	    cmdlen,
2985 	    c[0], c[1], c[2], c[3], c[4], c[5], (cmdlen > 6 ? "..." : ""),
2986 	    sc->sc_transfer.data_len,
2987 	    (dir == DIR_IN ? "in" :
2988 	    (dir == DIR_OUT ? "out" :
2989 	    (dir == DIR_NONE ? "no data phase" : "<invalid>"))));
2990 }
2991 
2992 static void
2993 umass_dump_buffer(struct umass_softc *sc, uint8_t *buffer, uint32_t buflen,
2994     uint32_t printlen)
2995 {
2996 	uint32_t i, j;
2997 	char s1[40];
2998 	char s2[40];
2999 	char s3[5];
3000 
3001 	s1[0] = '\0';
3002 	s3[0] = '\0';
3003 
3004 	sprintf(s2, " buffer=%p, buflen=%d", buffer, buflen);
3005 	for (i = 0; (i < buflen) && (i < printlen); i++) {
3006 		j = i % 16;
3007 		if (j == 0 && i != 0) {
3008 			DPRINTF(sc, UDMASS_GEN, "0x %s%s\n",
3009 			    s1, s2);
3010 			s2[0] = '\0';
3011 		}
3012 		sprintf(&s1[j * 2], "%02x", buffer[i] & 0xff);
3013 	}
3014 	if (buflen > printlen)
3015 		sprintf(s3, " ...");
3016 	DPRINTF(sc, UDMASS_GEN, "0x %s%s%s\n",
3017 	    s1, s2, s3);
3018 }
3019 
3020 #endif
3021