xref: /freebsd/sys/dev/usb/storage/umass.c (revision f4b37ed0f8b307b1f3f0f630ca725d68f1dff30d)
1 #include <sys/cdefs.h>
2 __FBSDID("$FreeBSD$");
3 
4 /*-
5  * Copyright (c) 1999 MAEKAWA Masahide <bishop@rr.iij4u.or.jp>,
6  *		      Nick Hibma <n_hibma@FreeBSD.org>
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  *	$FreeBSD$
31  *	$NetBSD: umass.c,v 1.28 2000/04/02 23:46:53 augustss Exp $
32  */
33 
34 /* Also already merged from NetBSD:
35  *	$NetBSD: umass.c,v 1.67 2001/11/25 19:05:22 augustss Exp $
36  *	$NetBSD: umass.c,v 1.90 2002/11/04 19:17:33 pooka Exp $
37  *	$NetBSD: umass.c,v 1.108 2003/11/07 17:03:25 wiz Exp $
38  *	$NetBSD: umass.c,v 1.109 2003/12/04 13:57:31 keihan Exp $
39  */
40 
41 /*
42  * Universal Serial Bus Mass Storage Class specs:
43  * http://www.usb.org/developers/devclass_docs/usb_msc_overview_1.2.pdf
44  * http://www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
45  * http://www.usb.org/developers/devclass_docs/usb_msc_cbi_1.1.pdf
46  * http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf
47  */
48 
49 /*
50  * Ported to NetBSD by Lennart Augustsson <augustss@NetBSD.org>.
51  * Parts of the code written by Jason R. Thorpe <thorpej@shagadelic.org>.
52  */
53 
54 /*
55  * The driver handles 3 Wire Protocols
56  * - Command/Bulk/Interrupt (CBI)
57  * - Command/Bulk/Interrupt with Command Completion Interrupt (CBI with CCI)
58  * - Mass Storage Bulk-Only (BBB)
59  *   (BBB refers Bulk/Bulk/Bulk for Command/Data/Status phases)
60  *
61  * Over these wire protocols it handles the following command protocols
62  * - SCSI
63  * - UFI (floppy command set)
64  * - 8070i (ATAPI)
65  *
66  * UFI and 8070i (ATAPI) are transformed versions of the SCSI command set. The
67  * sc->sc_transform method is used to convert the commands into the appropriate
68  * format (if at all necessary). For example, UFI requires all commands to be
69  * 12 bytes in length amongst other things.
70  *
71  * The source code below is marked and can be split into a number of pieces
72  * (in this order):
73  *
74  * - probe/attach/detach
75  * - generic transfer routines
76  * - BBB
77  * - CBI
78  * - CBI_I (in addition to functions from CBI)
79  * - CAM (Common Access Method)
80  * - SCSI
81  * - UFI
82  * - 8070i (ATAPI)
83  *
84  * The protocols are implemented using a state machine, for the transfers as
85  * well as for the resets. The state machine is contained in umass_t_*_callback.
86  * The state machine is started through either umass_command_start() or
87  * umass_reset().
88  *
89  * The reason for doing this is a) CAM performs a lot better this way and b) it
90  * avoids using tsleep from interrupt context (for example after a failed
91  * transfer).
92  */
93 
94 /*
95  * The SCSI related part of this driver has been derived from the
96  * dev/ppbus/vpo.c driver, by Nicolas Souchu (nsouch@FreeBSD.org).
97  *
98  * The CAM layer uses so called actions which are messages sent to the host
99  * adapter for completion. The actions come in through umass_cam_action. The
100  * appropriate block of routines is called depending on the transport protocol
101  * in use. When the transfer has finished, these routines call
102  * umass_cam_cb again to complete the CAM command.
103  */
104 
105 #include <sys/stdint.h>
106 #include <sys/stddef.h>
107 #include <sys/param.h>
108 #include <sys/queue.h>
109 #include <sys/types.h>
110 #include <sys/systm.h>
111 #include <sys/kernel.h>
112 #include <sys/bus.h>
113 #include <sys/module.h>
114 #include <sys/lock.h>
115 #include <sys/mutex.h>
116 #include <sys/condvar.h>
117 #include <sys/sysctl.h>
118 #include <sys/sx.h>
119 #include <sys/unistd.h>
120 #include <sys/callout.h>
121 #include <sys/malloc.h>
122 #include <sys/priv.h>
123 
124 #include <dev/usb/usb.h>
125 #include <dev/usb/usbdi.h>
126 #include <dev/usb/usbdi_util.h>
127 #include "usbdevs.h"
128 
129 #include <dev/usb/quirk/usb_quirk.h>
130 
131 #include <cam/cam.h>
132 #include <cam/cam_ccb.h>
133 #include <cam/cam_sim.h>
134 #include <cam/cam_xpt_sim.h>
135 #include <cam/scsi/scsi_all.h>
136 #include <cam/scsi/scsi_da.h>
137 
138 #include <cam/cam_periph.h>
139 
140 #ifdef USB_DEBUG
141 #define	DIF(m, x)				\
142   do {						\
143     if (umass_debug & (m)) { x ; }		\
144   } while (0)
145 
146 #define	DPRINTF(sc, m, fmt, ...)			\
147   do {							\
148     if (umass_debug & (m)) {				\
149         printf("%s:%s: " fmt,				\
150 	       (sc) ? (const char *)(sc)->sc_name :	\
151 	       (const char *)"umassX",			\
152 		__FUNCTION__ ,## __VA_ARGS__);		\
153     }							\
154   } while (0)
155 
156 #define	UDMASS_GEN	0x00010000	/* general */
157 #define	UDMASS_SCSI	0x00020000	/* scsi */
158 #define	UDMASS_UFI	0x00040000	/* ufi command set */
159 #define	UDMASS_ATAPI	0x00080000	/* 8070i command set */
160 #define	UDMASS_CMD	(UDMASS_SCSI|UDMASS_UFI|UDMASS_ATAPI)
161 #define	UDMASS_USB	0x00100000	/* USB general */
162 #define	UDMASS_BBB	0x00200000	/* Bulk-Only transfers */
163 #define	UDMASS_CBI	0x00400000	/* CBI transfers */
164 #define	UDMASS_WIRE	(UDMASS_BBB|UDMASS_CBI)
165 #define	UDMASS_ALL	0xffff0000	/* all of the above */
166 static int umass_debug;
167 static int umass_throttle;
168 
169 static SYSCTL_NODE(_hw_usb, OID_AUTO, umass, CTLFLAG_RW, 0, "USB umass");
170 SYSCTL_INT(_hw_usb_umass, OID_AUTO, debug, CTLFLAG_RWTUN,
171     &umass_debug, 0, "umass debug level");
172 SYSCTL_INT(_hw_usb_umass, OID_AUTO, throttle, CTLFLAG_RWTUN,
173     &umass_throttle, 0, "Forced delay between commands in milliseconds");
174 #else
175 #define	DIF(...) do { } while (0)
176 #define	DPRINTF(...) do { } while (0)
177 #endif
178 
179 #define	UMASS_BULK_SIZE (1 << 17)
180 #define	UMASS_CBI_DIAGNOSTIC_CMDLEN 12	/* bytes */
181 #define	UMASS_MAX_CMDLEN MAX(12, CAM_MAX_CDBLEN)	/* bytes */
182 
183 /* USB transfer definitions */
184 
185 #define	UMASS_T_BBB_RESET1      0	/* Bulk-Only */
186 #define	UMASS_T_BBB_RESET2      1
187 #define	UMASS_T_BBB_RESET3      2
188 #define	UMASS_T_BBB_COMMAND     3
189 #define	UMASS_T_BBB_DATA_READ   4
190 #define	UMASS_T_BBB_DATA_RD_CS  5
191 #define	UMASS_T_BBB_DATA_WRITE  6
192 #define	UMASS_T_BBB_DATA_WR_CS  7
193 #define	UMASS_T_BBB_STATUS      8
194 #define	UMASS_T_BBB_MAX         9
195 
196 #define	UMASS_T_CBI_RESET1      0	/* CBI */
197 #define	UMASS_T_CBI_RESET2      1
198 #define	UMASS_T_CBI_RESET3      2
199 #define	UMASS_T_CBI_COMMAND     3
200 #define	UMASS_T_CBI_DATA_READ   4
201 #define	UMASS_T_CBI_DATA_RD_CS  5
202 #define	UMASS_T_CBI_DATA_WRITE  6
203 #define	UMASS_T_CBI_DATA_WR_CS  7
204 #define	UMASS_T_CBI_STATUS      8
205 #define	UMASS_T_CBI_RESET4      9
206 #define	UMASS_T_CBI_MAX        10
207 
208 #define	UMASS_T_MAX MAX(UMASS_T_CBI_MAX, UMASS_T_BBB_MAX)
209 
210 /* Generic definitions */
211 
212 /* Direction for transfer */
213 #define	DIR_NONE	0
214 #define	DIR_IN		1
215 #define	DIR_OUT		2
216 
217 /* device name */
218 #define	DEVNAME		"umass"
219 #define	DEVNAME_SIM	"umass-sim"
220 
221 /* Approximate maximum transfer speeds (assumes 33% overhead). */
222 #define	UMASS_FULL_TRANSFER_SPEED	1000
223 #define	UMASS_HIGH_TRANSFER_SPEED	40000
224 #define	UMASS_SUPER_TRANSFER_SPEED	400000
225 #define	UMASS_FLOPPY_TRANSFER_SPEED	20
226 
227 #define	UMASS_TIMEOUT			5000	/* ms */
228 
229 /* CAM specific definitions */
230 
231 #define	UMASS_SCSIID_MAX	1	/* maximum number of drives expected */
232 #define	UMASS_SCSIID_HOST	UMASS_SCSIID_MAX
233 
234 /* Bulk-Only features */
235 
236 #define	UR_BBB_RESET		0xff	/* Bulk-Only reset */
237 #define	UR_BBB_GET_MAX_LUN	0xfe	/* Get maximum lun */
238 
239 /* Command Block Wrapper */
240 typedef struct {
241 	uDWord	dCBWSignature;
242 #define	CBWSIGNATURE	0x43425355
243 	uDWord	dCBWTag;
244 	uDWord	dCBWDataTransferLength;
245 	uByte	bCBWFlags;
246 #define	CBWFLAGS_OUT	0x00
247 #define	CBWFLAGS_IN	0x80
248 	uByte	bCBWLUN;
249 	uByte	bCDBLength;
250 #define	CBWCDBLENGTH	16
251 	uByte	CBWCDB[CBWCDBLENGTH];
252 } __packed umass_bbb_cbw_t;
253 
254 #define	UMASS_BBB_CBW_SIZE	31
255 
256 /* Command Status Wrapper */
257 typedef struct {
258 	uDWord	dCSWSignature;
259 #define	CSWSIGNATURE	0x53425355
260 #define	CSWSIGNATURE_IMAGINATION_DBX1	0x43425355
261 #define	CSWSIGNATURE_OLYMPUS_C1	0x55425355
262 	uDWord	dCSWTag;
263 	uDWord	dCSWDataResidue;
264 	uByte	bCSWStatus;
265 #define	CSWSTATUS_GOOD	0x0
266 #define	CSWSTATUS_FAILED	0x1
267 #define	CSWSTATUS_PHASE	0x2
268 } __packed umass_bbb_csw_t;
269 
270 #define	UMASS_BBB_CSW_SIZE	13
271 
272 /* CBI features */
273 
274 #define	UR_CBI_ADSC	0x00
275 
276 typedef union {
277 	struct {
278 		uint8_t	type;
279 #define	IDB_TYPE_CCI		0x00
280 		uint8_t	value;
281 #define	IDB_VALUE_PASS		0x00
282 #define	IDB_VALUE_FAIL		0x01
283 #define	IDB_VALUE_PHASE		0x02
284 #define	IDB_VALUE_PERSISTENT	0x03
285 #define	IDB_VALUE_STATUS_MASK	0x03
286 	} __packed common;
287 
288 	struct {
289 		uint8_t	asc;
290 		uint8_t	ascq;
291 	} __packed ufi;
292 } __packed umass_cbi_sbl_t;
293 
294 struct umass_softc;			/* see below */
295 
296 typedef void (umass_callback_t)(struct umass_softc *sc, union ccb *ccb,
297     	uint32_t residue, uint8_t status);
298 
299 #define	STATUS_CMD_OK		0	/* everything ok */
300 #define	STATUS_CMD_UNKNOWN	1	/* will have to fetch sense */
301 #define	STATUS_CMD_FAILED	2	/* transfer was ok, command failed */
302 #define	STATUS_WIRE_FAILED	3	/* couldn't even get command across */
303 
304 typedef uint8_t (umass_transform_t)(struct umass_softc *sc, uint8_t *cmd_ptr,
305     	uint8_t cmd_len);
306 
307 /* Wire and command protocol */
308 #define	UMASS_PROTO_BBB		0x0001	/* USB wire protocol */
309 #define	UMASS_PROTO_CBI		0x0002
310 #define	UMASS_PROTO_CBI_I	0x0004
311 #define	UMASS_PROTO_WIRE	0x00ff	/* USB wire protocol mask */
312 #define	UMASS_PROTO_SCSI	0x0100	/* command protocol */
313 #define	UMASS_PROTO_ATAPI	0x0200
314 #define	UMASS_PROTO_UFI		0x0400
315 #define	UMASS_PROTO_RBC		0x0800
316 #define	UMASS_PROTO_COMMAND	0xff00	/* command protocol mask */
317 
318 /* Device specific quirks */
319 #define	NO_QUIRKS		0x0000
320 	/*
321 	 * The drive does not support Test Unit Ready. Convert to Start Unit
322 	 */
323 #define	NO_TEST_UNIT_READY	0x0001
324 	/*
325 	 * The drive does not reset the Unit Attention state after REQUEST
326 	 * SENSE has been sent. The INQUIRY command does not reset the UA
327 	 * either, and so CAM runs in circles trying to retrieve the initial
328 	 * INQUIRY data.
329 	 */
330 #define	RS_NO_CLEAR_UA		0x0002
331 	/* The drive does not support START STOP.  */
332 #define	NO_START_STOP		0x0004
333 	/* Don't ask for full inquiry data (255b).  */
334 #define	FORCE_SHORT_INQUIRY	0x0008
335 	/* Needs to be initialised the Shuttle way */
336 #define	SHUTTLE_INIT		0x0010
337 	/* Drive needs to be switched to alternate iface 1 */
338 #define	ALT_IFACE_1		0x0020
339 	/* Drive does not do 1Mb/s, but just floppy speeds (20kb/s) */
340 #define	FLOPPY_SPEED		0x0040
341 	/* The device can't count and gets the residue of transfers wrong */
342 #define	IGNORE_RESIDUE		0x0080
343 	/* No GetMaxLun call */
344 #define	NO_GETMAXLUN		0x0100
345 	/* The device uses a weird CSWSIGNATURE. */
346 #define	WRONG_CSWSIG		0x0200
347 	/* Device cannot handle INQUIRY so fake a generic response */
348 #define	NO_INQUIRY		0x0400
349 	/* Device cannot handle INQUIRY EVPD, return CHECK CONDITION */
350 #define	NO_INQUIRY_EVPD		0x0800
351 	/* Pad all RBC requests to 12 bytes. */
352 #define	RBC_PAD_TO_12		0x1000
353 	/*
354 	 * Device reports number of sectors from READ_CAPACITY, not max
355 	 * sector number.
356 	 */
357 #define	READ_CAPACITY_OFFBY1	0x2000
358 	/*
359 	 * Device cannot handle a SCSI synchronize cache command.  Normally
360 	 * this quirk would be handled in the cam layer, but for IDE bridges
361 	 * we need to associate the quirk with the bridge and not the
362 	 * underlying disk device.  This is handled by faking a success
363 	 * result.
364 	 */
365 #define	NO_SYNCHRONIZE_CACHE	0x4000
366 	/* Device does not support 'PREVENT/ALLOW MEDIUM REMOVAL'. */
367 #define	NO_PREVENT_ALLOW	0x8000
368 
369 struct umass_softc {
370 
371 	struct scsi_sense cam_scsi_sense;
372 	struct scsi_test_unit_ready cam_scsi_test_unit_ready;
373 	struct mtx sc_mtx;
374 	struct {
375 		uint8_t *data_ptr;
376 		union ccb *ccb;
377 		umass_callback_t *callback;
378 
379 		uint32_t data_len;	/* bytes */
380 		uint32_t data_rem;	/* bytes */
381 		uint32_t data_timeout;	/* ms */
382 		uint32_t actlen;	/* bytes */
383 
384 		uint8_t	cmd_data[UMASS_MAX_CMDLEN];
385 		uint8_t	cmd_len;	/* bytes */
386 		uint8_t	dir;
387 		uint8_t	lun;
388 	}	sc_transfer;
389 
390 	/* Bulk specific variables for transfers in progress */
391 	umass_bbb_cbw_t cbw;		/* command block wrapper */
392 	umass_bbb_csw_t csw;		/* command status wrapper */
393 
394 	/* CBI specific variables for transfers in progress */
395 	umass_cbi_sbl_t sbl;		/* status block */
396 
397 	device_t sc_dev;
398 	struct usb_device *sc_udev;
399 	struct cam_sim *sc_sim;		/* SCSI Interface Module */
400 	struct usb_xfer *sc_xfer[UMASS_T_MAX];
401 
402 	/*
403 	 * The command transform function is used to convert the SCSI
404 	 * commands into their derivatives, like UFI, ATAPI, and friends.
405 	 */
406 	umass_transform_t *sc_transform;
407 
408 	uint32_t sc_unit;
409 	uint32_t sc_quirks;		/* they got it almost right */
410 	uint32_t sc_proto;		/* wire and cmd protocol */
411 
412 	uint8_t	sc_name[16];
413 	uint8_t	sc_iface_no;		/* interface number */
414 	uint8_t	sc_maxlun;		/* maximum LUN number, inclusive */
415 	uint8_t	sc_last_xfer_index;
416 	uint8_t	sc_status_try;
417 };
418 
419 struct umass_probe_proto {
420 	uint32_t quirks;
421 	uint32_t proto;
422 
423 	int	error;
424 };
425 
426 /* prototypes */
427 
428 static device_probe_t umass_probe;
429 static device_attach_t umass_attach;
430 static device_detach_t umass_detach;
431 
432 static usb_callback_t umass_tr_error;
433 static usb_callback_t umass_t_bbb_reset1_callback;
434 static usb_callback_t umass_t_bbb_reset2_callback;
435 static usb_callback_t umass_t_bbb_reset3_callback;
436 static usb_callback_t umass_t_bbb_command_callback;
437 static usb_callback_t umass_t_bbb_data_read_callback;
438 static usb_callback_t umass_t_bbb_data_rd_cs_callback;
439 static usb_callback_t umass_t_bbb_data_write_callback;
440 static usb_callback_t umass_t_bbb_data_wr_cs_callback;
441 static usb_callback_t umass_t_bbb_status_callback;
442 static usb_callback_t umass_t_cbi_reset1_callback;
443 static usb_callback_t umass_t_cbi_reset2_callback;
444 static usb_callback_t umass_t_cbi_reset3_callback;
445 static usb_callback_t umass_t_cbi_reset4_callback;
446 static usb_callback_t umass_t_cbi_command_callback;
447 static usb_callback_t umass_t_cbi_data_read_callback;
448 static usb_callback_t umass_t_cbi_data_rd_cs_callback;
449 static usb_callback_t umass_t_cbi_data_write_callback;
450 static usb_callback_t umass_t_cbi_data_wr_cs_callback;
451 static usb_callback_t umass_t_cbi_status_callback;
452 
453 static void	umass_cancel_ccb(struct umass_softc *);
454 static void	umass_init_shuttle(struct umass_softc *);
455 static void	umass_reset(struct umass_softc *);
456 static void	umass_t_bbb_data_clear_stall_callback(struct usb_xfer *,
457 		    uint8_t, uint8_t, usb_error_t);
458 static void	umass_command_start(struct umass_softc *, uint8_t, void *,
459 		    uint32_t, uint32_t, umass_callback_t *, union ccb *);
460 static uint8_t	umass_bbb_get_max_lun(struct umass_softc *);
461 static void	umass_cbi_start_status(struct umass_softc *);
462 static void	umass_t_cbi_data_clear_stall_callback(struct usb_xfer *,
463 		    uint8_t, uint8_t, usb_error_t);
464 static int	umass_cam_attach_sim(struct umass_softc *);
465 static void	umass_cam_attach(struct umass_softc *);
466 static void	umass_cam_detach_sim(struct umass_softc *);
467 static void	umass_cam_action(struct cam_sim *, union ccb *);
468 static void	umass_cam_poll(struct cam_sim *);
469 static void	umass_cam_cb(struct umass_softc *, union ccb *, uint32_t,
470 		    uint8_t);
471 static void	umass_cam_sense_cb(struct umass_softc *, union ccb *, uint32_t,
472 		    uint8_t);
473 static void	umass_cam_quirk_cb(struct umass_softc *, union ccb *, uint32_t,
474 		    uint8_t);
475 static uint8_t	umass_scsi_transform(struct umass_softc *, uint8_t *, uint8_t);
476 static uint8_t	umass_rbc_transform(struct umass_softc *, uint8_t *, uint8_t);
477 static uint8_t	umass_ufi_transform(struct umass_softc *, uint8_t *, uint8_t);
478 static uint8_t	umass_atapi_transform(struct umass_softc *, uint8_t *,
479 		    uint8_t);
480 static uint8_t	umass_no_transform(struct umass_softc *, uint8_t *, uint8_t);
481 static uint8_t	umass_std_transform(struct umass_softc *, union ccb *, uint8_t
482 		    *, uint8_t);
483 
484 #ifdef USB_DEBUG
485 static void	umass_bbb_dump_cbw(struct umass_softc *, umass_bbb_cbw_t *);
486 static void	umass_bbb_dump_csw(struct umass_softc *, umass_bbb_csw_t *);
487 static void	umass_cbi_dump_cmd(struct umass_softc *, void *, uint8_t);
488 static void	umass_dump_buffer(struct umass_softc *, uint8_t *, uint32_t,
489 		    uint32_t);
490 #endif
491 
492 static struct usb_config umass_bbb_config[UMASS_T_BBB_MAX] = {
493 
494 	[UMASS_T_BBB_RESET1] = {
495 		.type = UE_CONTROL,
496 		.endpoint = 0x00,	/* Control pipe */
497 		.direction = UE_DIR_ANY,
498 		.bufsize = sizeof(struct usb_device_request),
499 		.callback = &umass_t_bbb_reset1_callback,
500 		.timeout = 5000,	/* 5 seconds */
501 		.interval = 500,	/* 500 milliseconds */
502 	},
503 
504 	[UMASS_T_BBB_RESET2] = {
505 		.type = UE_CONTROL,
506 		.endpoint = 0x00,	/* Control pipe */
507 		.direction = UE_DIR_ANY,
508 		.bufsize = sizeof(struct usb_device_request),
509 		.callback = &umass_t_bbb_reset2_callback,
510 		.timeout = 5000,	/* 5 seconds */
511 		.interval = 50,	/* 50 milliseconds */
512 	},
513 
514 	[UMASS_T_BBB_RESET3] = {
515 		.type = UE_CONTROL,
516 		.endpoint = 0x00,	/* Control pipe */
517 		.direction = UE_DIR_ANY,
518 		.bufsize = sizeof(struct usb_device_request),
519 		.callback = &umass_t_bbb_reset3_callback,
520 		.timeout = 5000,	/* 5 seconds */
521 		.interval = 50,	/* 50 milliseconds */
522 	},
523 
524 	[UMASS_T_BBB_COMMAND] = {
525 		.type = UE_BULK,
526 		.endpoint = UE_ADDR_ANY,
527 		.direction = UE_DIR_OUT,
528 		.bufsize = sizeof(umass_bbb_cbw_t),
529 		.callback = &umass_t_bbb_command_callback,
530 		.timeout = 5000,	/* 5 seconds */
531 	},
532 
533 	[UMASS_T_BBB_DATA_READ] = {
534 		.type = UE_BULK,
535 		.endpoint = UE_ADDR_ANY,
536 		.direction = UE_DIR_IN,
537 		.bufsize = UMASS_BULK_SIZE,
538 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
539 		.callback = &umass_t_bbb_data_read_callback,
540 		.timeout = 0,	/* overwritten later */
541 	},
542 
543 	[UMASS_T_BBB_DATA_RD_CS] = {
544 		.type = UE_CONTROL,
545 		.endpoint = 0x00,	/* Control pipe */
546 		.direction = UE_DIR_ANY,
547 		.bufsize = sizeof(struct usb_device_request),
548 		.callback = &umass_t_bbb_data_rd_cs_callback,
549 		.timeout = 5000,	/* 5 seconds */
550 	},
551 
552 	[UMASS_T_BBB_DATA_WRITE] = {
553 		.type = UE_BULK,
554 		.endpoint = UE_ADDR_ANY,
555 		.direction = UE_DIR_OUT,
556 		.bufsize = UMASS_BULK_SIZE,
557 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
558 		.callback = &umass_t_bbb_data_write_callback,
559 		.timeout = 0,	/* overwritten later */
560 	},
561 
562 	[UMASS_T_BBB_DATA_WR_CS] = {
563 		.type = UE_CONTROL,
564 		.endpoint = 0x00,	/* Control pipe */
565 		.direction = UE_DIR_ANY,
566 		.bufsize = sizeof(struct usb_device_request),
567 		.callback = &umass_t_bbb_data_wr_cs_callback,
568 		.timeout = 5000,	/* 5 seconds */
569 	},
570 
571 	[UMASS_T_BBB_STATUS] = {
572 		.type = UE_BULK,
573 		.endpoint = UE_ADDR_ANY,
574 		.direction = UE_DIR_IN,
575 		.bufsize = sizeof(umass_bbb_csw_t),
576 		.flags = {.short_xfer_ok = 1,},
577 		.callback = &umass_t_bbb_status_callback,
578 		.timeout = 5000,	/* ms */
579 	},
580 };
581 
582 static struct usb_config umass_cbi_config[UMASS_T_CBI_MAX] = {
583 
584 	[UMASS_T_CBI_RESET1] = {
585 		.type = UE_CONTROL,
586 		.endpoint = 0x00,	/* Control pipe */
587 		.direction = UE_DIR_ANY,
588 		.bufsize = (sizeof(struct usb_device_request) +
589 		    UMASS_CBI_DIAGNOSTIC_CMDLEN),
590 		.callback = &umass_t_cbi_reset1_callback,
591 		.timeout = 5000,	/* 5 seconds */
592 		.interval = 500,	/* 500 milliseconds */
593 	},
594 
595 	[UMASS_T_CBI_RESET2] = {
596 		.type = UE_CONTROL,
597 		.endpoint = 0x00,	/* Control pipe */
598 		.direction = UE_DIR_ANY,
599 		.bufsize = sizeof(struct usb_device_request),
600 		.callback = &umass_t_cbi_reset2_callback,
601 		.timeout = 5000,	/* 5 seconds */
602 		.interval = 50,	/* 50 milliseconds */
603 	},
604 
605 	[UMASS_T_CBI_RESET3] = {
606 		.type = UE_CONTROL,
607 		.endpoint = 0x00,	/* Control pipe */
608 		.direction = UE_DIR_ANY,
609 		.bufsize = sizeof(struct usb_device_request),
610 		.callback = &umass_t_cbi_reset3_callback,
611 		.timeout = 5000,	/* 5 seconds */
612 		.interval = 50,	/* 50 milliseconds */
613 	},
614 
615 	[UMASS_T_CBI_COMMAND] = {
616 		.type = UE_CONTROL,
617 		.endpoint = 0x00,	/* Control pipe */
618 		.direction = UE_DIR_ANY,
619 		.bufsize = (sizeof(struct usb_device_request) +
620 		    UMASS_MAX_CMDLEN),
621 		.callback = &umass_t_cbi_command_callback,
622 		.timeout = 5000,	/* 5 seconds */
623 	},
624 
625 	[UMASS_T_CBI_DATA_READ] = {
626 		.type = UE_BULK,
627 		.endpoint = UE_ADDR_ANY,
628 		.direction = UE_DIR_IN,
629 		.bufsize = UMASS_BULK_SIZE,
630 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
631 		.callback = &umass_t_cbi_data_read_callback,
632 		.timeout = 0,	/* overwritten later */
633 	},
634 
635 	[UMASS_T_CBI_DATA_RD_CS] = {
636 		.type = UE_CONTROL,
637 		.endpoint = 0x00,	/* Control pipe */
638 		.direction = UE_DIR_ANY,
639 		.bufsize = sizeof(struct usb_device_request),
640 		.callback = &umass_t_cbi_data_rd_cs_callback,
641 		.timeout = 5000,	/* 5 seconds */
642 	},
643 
644 	[UMASS_T_CBI_DATA_WRITE] = {
645 		.type = UE_BULK,
646 		.endpoint = UE_ADDR_ANY,
647 		.direction = UE_DIR_OUT,
648 		.bufsize = UMASS_BULK_SIZE,
649 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
650 		.callback = &umass_t_cbi_data_write_callback,
651 		.timeout = 0,	/* overwritten later */
652 	},
653 
654 	[UMASS_T_CBI_DATA_WR_CS] = {
655 		.type = UE_CONTROL,
656 		.endpoint = 0x00,	/* Control pipe */
657 		.direction = UE_DIR_ANY,
658 		.bufsize = sizeof(struct usb_device_request),
659 		.callback = &umass_t_cbi_data_wr_cs_callback,
660 		.timeout = 5000,	/* 5 seconds */
661 	},
662 
663 	[UMASS_T_CBI_STATUS] = {
664 		.type = UE_INTERRUPT,
665 		.endpoint = UE_ADDR_ANY,
666 		.direction = UE_DIR_IN,
667 		.flags = {.short_xfer_ok = 1,.no_pipe_ok = 1,},
668 		.bufsize = sizeof(umass_cbi_sbl_t),
669 		.callback = &umass_t_cbi_status_callback,
670 		.timeout = 5000,	/* ms */
671 	},
672 
673 	[UMASS_T_CBI_RESET4] = {
674 		.type = UE_CONTROL,
675 		.endpoint = 0x00,	/* Control pipe */
676 		.direction = UE_DIR_ANY,
677 		.bufsize = sizeof(struct usb_device_request),
678 		.callback = &umass_t_cbi_reset4_callback,
679 		.timeout = 5000,	/* ms */
680 	},
681 };
682 
683 /* If device cannot return valid inquiry data, fake it */
684 static const uint8_t fake_inq_data[SHORT_INQUIRY_LENGTH] = {
685 	0, /* removable */ 0x80, SCSI_REV_2, SCSI_REV_2,
686 	 /* additional_length */ 31, 0, 0, 0
687 };
688 
689 #define	UFI_COMMAND_LENGTH	12	/* UFI commands are always 12 bytes */
690 #define	ATAPI_COMMAND_LENGTH	12	/* ATAPI commands are always 12 bytes */
691 
692 static devclass_t umass_devclass;
693 
694 static device_method_t umass_methods[] = {
695 	/* Device interface */
696 	DEVMETHOD(device_probe, umass_probe),
697 	DEVMETHOD(device_attach, umass_attach),
698 	DEVMETHOD(device_detach, umass_detach),
699 
700 	DEVMETHOD_END
701 };
702 
703 static driver_t umass_driver = {
704 	.name = "umass",
705 	.methods = umass_methods,
706 	.size = sizeof(struct umass_softc),
707 };
708 
709 DRIVER_MODULE(umass, uhub, umass_driver, umass_devclass, NULL, 0);
710 MODULE_DEPEND(umass, usb, 1, 1, 1);
711 MODULE_DEPEND(umass, cam, 1, 1, 1);
712 MODULE_VERSION(umass, 1);
713 
714 /*
715  * USB device probe/attach/detach
716  */
717 
718 static const STRUCT_USB_HOST_ID __used umass_devs[] = {
719 	/* generic mass storage class */
720 	{USB_IFACE_CLASS(UICLASS_MASS),},
721 };
722 
723 static uint16_t
724 umass_get_proto(struct usb_interface *iface)
725 {
726 	struct usb_interface_descriptor *id;
727 	uint16_t retval;
728 
729 	retval = 0;
730 
731 	/* Check for a standards compliant device */
732 	id = usbd_get_interface_descriptor(iface);
733 	if ((id == NULL) ||
734 	    (id->bInterfaceClass != UICLASS_MASS)) {
735 		goto done;
736 	}
737 	switch (id->bInterfaceSubClass) {
738 	case UISUBCLASS_SCSI:
739 		retval |= UMASS_PROTO_SCSI;
740 		break;
741 	case UISUBCLASS_UFI:
742 		retval |= UMASS_PROTO_UFI;
743 		break;
744 	case UISUBCLASS_RBC:
745 		retval |= UMASS_PROTO_RBC;
746 		break;
747 	case UISUBCLASS_SFF8020I:
748 	case UISUBCLASS_SFF8070I:
749 		retval |= UMASS_PROTO_ATAPI;
750 		break;
751 	default:
752 		goto done;
753 	}
754 
755 	switch (id->bInterfaceProtocol) {
756 	case UIPROTO_MASS_CBI:
757 		retval |= UMASS_PROTO_CBI;
758 		break;
759 	case UIPROTO_MASS_CBI_I:
760 		retval |= UMASS_PROTO_CBI_I;
761 		break;
762 	case UIPROTO_MASS_BBB_OLD:
763 	case UIPROTO_MASS_BBB:
764 		retval |= UMASS_PROTO_BBB;
765 		break;
766 	default:
767 		goto done;
768 	}
769 done:
770 	return (retval);
771 }
772 
773 /*
774  * Match the device we are seeing with the devices supported.
775  */
776 static struct umass_probe_proto
777 umass_probe_proto(device_t dev, struct usb_attach_arg *uaa)
778 {
779 	struct umass_probe_proto ret;
780 	uint32_t quirks = NO_QUIRKS;
781 	uint32_t proto = umass_get_proto(uaa->iface);
782 
783 	memset(&ret, 0, sizeof(ret));
784 	ret.error = BUS_PROBE_GENERIC;
785 
786 	/* Search for protocol enforcement */
787 
788 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_BBB)) {
789 		proto &= ~UMASS_PROTO_WIRE;
790 		proto |= UMASS_PROTO_BBB;
791 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI)) {
792 		proto &= ~UMASS_PROTO_WIRE;
793 		proto |= UMASS_PROTO_CBI;
794 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI_I)) {
795 		proto &= ~UMASS_PROTO_WIRE;
796 		proto |= UMASS_PROTO_CBI_I;
797 	}
798 
799 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_SCSI)) {
800 		proto &= ~UMASS_PROTO_COMMAND;
801 		proto |= UMASS_PROTO_SCSI;
802 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_ATAPI)) {
803 		proto &= ~UMASS_PROTO_COMMAND;
804 		proto |= UMASS_PROTO_ATAPI;
805 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_UFI)) {
806 		proto &= ~UMASS_PROTO_COMMAND;
807 		proto |= UMASS_PROTO_UFI;
808 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_RBC)) {
809 		proto &= ~UMASS_PROTO_COMMAND;
810 		proto |= UMASS_PROTO_RBC;
811 	}
812 
813 	/* Check if the protocol is invalid */
814 
815 	if ((proto & UMASS_PROTO_COMMAND) == 0) {
816 		ret.error = ENXIO;
817 		goto done;
818 	}
819 
820 	if ((proto & UMASS_PROTO_WIRE) == 0) {
821 		ret.error = ENXIO;
822 		goto done;
823 	}
824 
825 	/* Search for quirks */
826 
827 	if (usb_test_quirk(uaa, UQ_MSC_NO_TEST_UNIT_READY))
828 		quirks |= NO_TEST_UNIT_READY;
829 	if (usb_test_quirk(uaa, UQ_MSC_NO_RS_CLEAR_UA))
830 		quirks |= RS_NO_CLEAR_UA;
831 	if (usb_test_quirk(uaa, UQ_MSC_NO_START_STOP))
832 		quirks |= NO_START_STOP;
833 	if (usb_test_quirk(uaa, UQ_MSC_NO_GETMAXLUN))
834 		quirks |= NO_GETMAXLUN;
835 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY))
836 		quirks |= NO_INQUIRY;
837 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY_EVPD))
838 		quirks |= NO_INQUIRY_EVPD;
839 	if (usb_test_quirk(uaa, UQ_MSC_NO_PREVENT_ALLOW))
840 		quirks |= NO_PREVENT_ALLOW;
841 	if (usb_test_quirk(uaa, UQ_MSC_NO_SYNC_CACHE))
842 		quirks |= NO_SYNCHRONIZE_CACHE;
843 	if (usb_test_quirk(uaa, UQ_MSC_SHUTTLE_INIT))
844 		quirks |= SHUTTLE_INIT;
845 	if (usb_test_quirk(uaa, UQ_MSC_ALT_IFACE_1))
846 		quirks |= ALT_IFACE_1;
847 	if (usb_test_quirk(uaa, UQ_MSC_FLOPPY_SPEED))
848 		quirks |= FLOPPY_SPEED;
849 	if (usb_test_quirk(uaa, UQ_MSC_IGNORE_RESIDUE))
850 		quirks |= IGNORE_RESIDUE;
851 	if (usb_test_quirk(uaa, UQ_MSC_WRONG_CSWSIG))
852 		quirks |= WRONG_CSWSIG;
853 	if (usb_test_quirk(uaa, UQ_MSC_RBC_PAD_TO_12))
854 		quirks |= RBC_PAD_TO_12;
855 	if (usb_test_quirk(uaa, UQ_MSC_READ_CAP_OFFBY1))
856 		quirks |= READ_CAPACITY_OFFBY1;
857 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_SHORT_INQ))
858 		quirks |= FORCE_SHORT_INQUIRY;
859 
860 done:
861 	ret.quirks = quirks;
862 	ret.proto = proto;
863 	return (ret);
864 }
865 
866 static int
867 umass_probe(device_t dev)
868 {
869 	struct usb_attach_arg *uaa = device_get_ivars(dev);
870 	struct umass_probe_proto temp;
871 
872 	if (uaa->usb_mode != USB_MODE_HOST) {
873 		return (ENXIO);
874 	}
875 	temp = umass_probe_proto(dev, uaa);
876 
877 	return (temp.error);
878 }
879 
880 static int
881 umass_attach(device_t dev)
882 {
883 	struct umass_softc *sc = device_get_softc(dev);
884 	struct usb_attach_arg *uaa = device_get_ivars(dev);
885 	struct umass_probe_proto temp = umass_probe_proto(dev, uaa);
886 	struct usb_interface_descriptor *id;
887 	int err;
888 
889 	/*
890 	 * NOTE: the softc struct is cleared in device_set_driver.
891 	 * We can safely call umass_detach without specifically
892 	 * initializing the struct.
893 	 */
894 
895 	sc->sc_dev = dev;
896 	sc->sc_udev = uaa->device;
897 	sc->sc_proto = temp.proto;
898 	sc->sc_quirks = temp.quirks;
899 	sc->sc_unit = device_get_unit(dev);
900 
901 	snprintf(sc->sc_name, sizeof(sc->sc_name),
902 	    "%s", device_get_nameunit(dev));
903 
904 	device_set_usb_desc(dev);
905 
906         mtx_init(&sc->sc_mtx, device_get_nameunit(dev),
907 	    NULL, MTX_DEF | MTX_RECURSE);
908 
909 	/* get interface index */
910 
911 	id = usbd_get_interface_descriptor(uaa->iface);
912 	if (id == NULL) {
913 		device_printf(dev, "failed to get "
914 		    "interface number\n");
915 		goto detach;
916 	}
917 	sc->sc_iface_no = id->bInterfaceNumber;
918 
919 #ifdef USB_DEBUG
920 	device_printf(dev, " ");
921 
922 	switch (sc->sc_proto & UMASS_PROTO_COMMAND) {
923 	case UMASS_PROTO_SCSI:
924 		printf("SCSI");
925 		break;
926 	case UMASS_PROTO_ATAPI:
927 		printf("8070i (ATAPI)");
928 		break;
929 	case UMASS_PROTO_UFI:
930 		printf("UFI");
931 		break;
932 	case UMASS_PROTO_RBC:
933 		printf("RBC");
934 		break;
935 	default:
936 		printf("(unknown 0x%02x)",
937 		    sc->sc_proto & UMASS_PROTO_COMMAND);
938 		break;
939 	}
940 
941 	printf(" over ");
942 
943 	switch (sc->sc_proto & UMASS_PROTO_WIRE) {
944 	case UMASS_PROTO_BBB:
945 		printf("Bulk-Only");
946 		break;
947 	case UMASS_PROTO_CBI:		/* uses Comand/Bulk pipes */
948 		printf("CBI");
949 		break;
950 	case UMASS_PROTO_CBI_I:	/* uses Comand/Bulk/Interrupt pipes */
951 		printf("CBI with CCI");
952 		break;
953 	default:
954 		printf("(unknown 0x%02x)",
955 		    sc->sc_proto & UMASS_PROTO_WIRE);
956 	}
957 
958 	printf("; quirks = 0x%04x\n", sc->sc_quirks);
959 #endif
960 
961 	if (sc->sc_quirks & ALT_IFACE_1) {
962 		err = usbd_set_alt_interface_index
963 		    (uaa->device, uaa->info.bIfaceIndex, 1);
964 
965 		if (err) {
966 			DPRINTF(sc, UDMASS_USB, "could not switch to "
967 			    "Alt Interface 1\n");
968 			goto detach;
969 		}
970 	}
971 	/* allocate all required USB transfers */
972 
973 	if (sc->sc_proto & UMASS_PROTO_BBB) {
974 
975 		err = usbd_transfer_setup(uaa->device,
976 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_bbb_config,
977 		    UMASS_T_BBB_MAX, sc, &sc->sc_mtx);
978 
979 		/* skip reset first time */
980 		sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
981 
982 	} else if (sc->sc_proto & (UMASS_PROTO_CBI | UMASS_PROTO_CBI_I)) {
983 
984 		err = usbd_transfer_setup(uaa->device,
985 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_cbi_config,
986 		    UMASS_T_CBI_MAX, sc, &sc->sc_mtx);
987 
988 		/* skip reset first time */
989 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
990 
991 	} else {
992 		err = USB_ERR_INVAL;
993 	}
994 
995 	if (err) {
996 		device_printf(dev, "could not setup required "
997 		    "transfers, %s\n", usbd_errstr(err));
998 		goto detach;
999 	}
1000 #ifdef USB_DEBUG
1001 	if (umass_throttle > 0) {
1002 		uint8_t x;
1003 		int iv;
1004 
1005 		iv = umass_throttle;
1006 
1007 		if (iv < 1)
1008 			iv = 1;
1009 		else if (iv > 8000)
1010 			iv = 8000;
1011 
1012 		for (x = 0; x != UMASS_T_MAX; x++) {
1013 			if (sc->sc_xfer[x] != NULL)
1014 				usbd_xfer_set_interval(sc->sc_xfer[x], iv);
1015 		}
1016 	}
1017 #endif
1018 	sc->sc_transform =
1019 	    (sc->sc_proto & UMASS_PROTO_SCSI) ? &umass_scsi_transform :
1020 	    (sc->sc_proto & UMASS_PROTO_UFI) ? &umass_ufi_transform :
1021 	    (sc->sc_proto & UMASS_PROTO_ATAPI) ? &umass_atapi_transform :
1022 	    (sc->sc_proto & UMASS_PROTO_RBC) ? &umass_rbc_transform :
1023 	    &umass_no_transform;
1024 
1025 	/* from here onwards the device can be used. */
1026 
1027 	if (sc->sc_quirks & SHUTTLE_INIT) {
1028 		umass_init_shuttle(sc);
1029 	}
1030 	/* get the maximum LUN supported by the device */
1031 
1032 	if (((sc->sc_proto & UMASS_PROTO_WIRE) == UMASS_PROTO_BBB) &&
1033 	    !(sc->sc_quirks & NO_GETMAXLUN))
1034 		sc->sc_maxlun = umass_bbb_get_max_lun(sc);
1035 	else
1036 		sc->sc_maxlun = 0;
1037 
1038 	/* Prepare the SCSI command block */
1039 	sc->cam_scsi_sense.opcode = REQUEST_SENSE;
1040 	sc->cam_scsi_test_unit_ready.opcode = TEST_UNIT_READY;
1041 
1042 	/* register the SIM */
1043 	err = umass_cam_attach_sim(sc);
1044 	if (err) {
1045 		goto detach;
1046 	}
1047 	/* scan the SIM */
1048 	umass_cam_attach(sc);
1049 
1050 	DPRINTF(sc, UDMASS_GEN, "Attach finished\n");
1051 
1052 	return (0);			/* success */
1053 
1054 detach:
1055 	umass_detach(dev);
1056 	return (ENXIO);			/* failure */
1057 }
1058 
1059 static int
1060 umass_detach(device_t dev)
1061 {
1062 	struct umass_softc *sc = device_get_softc(dev);
1063 
1064 	DPRINTF(sc, UDMASS_USB, "\n");
1065 
1066 	/* teardown our statemachine */
1067 
1068 	usbd_transfer_unsetup(sc->sc_xfer, UMASS_T_MAX);
1069 
1070 	mtx_lock(&sc->sc_mtx);
1071 
1072 	/* cancel any leftover CCB's */
1073 
1074 	umass_cancel_ccb(sc);
1075 
1076 	umass_cam_detach_sim(sc);
1077 
1078 	mtx_unlock(&sc->sc_mtx);
1079 
1080 	mtx_destroy(&sc->sc_mtx);
1081 
1082 	return (0);			/* success */
1083 }
1084 
1085 static void
1086 umass_init_shuttle(struct umass_softc *sc)
1087 {
1088 	struct usb_device_request req;
1089 	usb_error_t err;
1090 	uint8_t status[2] = {0, 0};
1091 
1092 	/*
1093 	 * The Linux driver does this, but no one can tell us what the
1094 	 * command does.
1095 	 */
1096 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
1097 	req.bRequest = 1;		/* XXX unknown command */
1098 	USETW(req.wValue, 0);
1099 	req.wIndex[0] = sc->sc_iface_no;
1100 	req.wIndex[1] = 0;
1101 	USETW(req.wLength, sizeof(status));
1102 	err = usbd_do_request(sc->sc_udev, NULL, &req, &status);
1103 
1104 	DPRINTF(sc, UDMASS_GEN, "Shuttle init returned 0x%02x%02x\n",
1105 	    status[0], status[1]);
1106 }
1107 
1108 /*
1109  * Generic functions to handle transfers
1110  */
1111 
1112 static void
1113 umass_transfer_start(struct umass_softc *sc, uint8_t xfer_index)
1114 {
1115 	DPRINTF(sc, UDMASS_GEN, "transfer index = "
1116 	    "%d\n", xfer_index);
1117 
1118 	if (sc->sc_xfer[xfer_index]) {
1119 		sc->sc_last_xfer_index = xfer_index;
1120 		usbd_transfer_start(sc->sc_xfer[xfer_index]);
1121 	} else {
1122 		umass_cancel_ccb(sc);
1123 	}
1124 }
1125 
1126 static void
1127 umass_reset(struct umass_softc *sc)
1128 {
1129 	DPRINTF(sc, UDMASS_GEN, "resetting device\n");
1130 
1131 	/*
1132 	 * stop the last transfer, if not already stopped:
1133 	 */
1134 	usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
1135 	umass_transfer_start(sc, 0);
1136 }
1137 
1138 static void
1139 umass_cancel_ccb(struct umass_softc *sc)
1140 {
1141 	union ccb *ccb;
1142 
1143 	mtx_assert(&sc->sc_mtx, MA_OWNED);
1144 
1145 	ccb = sc->sc_transfer.ccb;
1146 	sc->sc_transfer.ccb = NULL;
1147 	sc->sc_last_xfer_index = 0;
1148 
1149 	if (ccb) {
1150 		(sc->sc_transfer.callback)
1151 		    (sc, ccb, (sc->sc_transfer.data_len -
1152 		    sc->sc_transfer.actlen), STATUS_WIRE_FAILED);
1153 	}
1154 }
1155 
1156 static void
1157 umass_tr_error(struct usb_xfer *xfer, usb_error_t error)
1158 {
1159 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1160 
1161 	if (error != USB_ERR_CANCELLED) {
1162 
1163 		DPRINTF(sc, UDMASS_GEN, "transfer error, %s -> "
1164 		    "reset\n", usbd_errstr(error));
1165 	}
1166 	umass_cancel_ccb(sc);
1167 }
1168 
1169 /*
1170  * BBB protocol specific functions
1171  */
1172 
1173 static void
1174 umass_t_bbb_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1175 {
1176 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1177 	struct usb_device_request req;
1178 	struct usb_page_cache *pc;
1179 
1180 	switch (USB_GET_STATE(xfer)) {
1181 	case USB_ST_TRANSFERRED:
1182 		umass_transfer_start(sc, UMASS_T_BBB_RESET2);
1183 		return;
1184 
1185 	case USB_ST_SETUP:
1186 		/*
1187 		 * Reset recovery (5.3.4 in Universal Serial Bus Mass Storage Class)
1188 		 *
1189 		 * For Reset Recovery the host shall issue in the following order:
1190 		 * a) a Bulk-Only Mass Storage Reset
1191 		 * b) a Clear Feature HALT to the Bulk-In endpoint
1192 		 * c) a Clear Feature HALT to the Bulk-Out endpoint
1193 		 *
1194 		 * This is done in 3 steps, using 3 transfers:
1195 		 * UMASS_T_BBB_RESET1
1196 		 * UMASS_T_BBB_RESET2
1197 		 * UMASS_T_BBB_RESET3
1198 		 */
1199 
1200 		DPRINTF(sc, UDMASS_BBB, "BBB reset!\n");
1201 
1202 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1203 		req.bRequest = UR_BBB_RESET;	/* bulk only reset */
1204 		USETW(req.wValue, 0);
1205 		req.wIndex[0] = sc->sc_iface_no;
1206 		req.wIndex[1] = 0;
1207 		USETW(req.wLength, 0);
1208 
1209 		pc = usbd_xfer_get_frame(xfer, 0);
1210 		usbd_copy_in(pc, 0, &req, sizeof(req));
1211 
1212 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1213 		usbd_xfer_set_frames(xfer, 1);
1214 		usbd_transfer_submit(xfer);
1215 		return;
1216 
1217 	default:			/* Error */
1218 		umass_tr_error(xfer, error);
1219 		return;
1220 	}
1221 }
1222 
1223 static void
1224 umass_t_bbb_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1225 {
1226 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_RESET3,
1227 	    UMASS_T_BBB_DATA_READ, error);
1228 }
1229 
1230 static void
1231 umass_t_bbb_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1232 {
1233 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_COMMAND,
1234 	    UMASS_T_BBB_DATA_WRITE, error);
1235 }
1236 
1237 static void
1238 umass_t_bbb_data_clear_stall_callback(struct usb_xfer *xfer,
1239     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1240 {
1241 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1242 
1243 	switch (USB_GET_STATE(xfer)) {
1244 	case USB_ST_TRANSFERRED:
1245 tr_transferred:
1246 		umass_transfer_start(sc, next_xfer);
1247 		return;
1248 
1249 	case USB_ST_SETUP:
1250 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1251 			goto tr_transferred;
1252 		}
1253 		return;
1254 
1255 	default:			/* Error */
1256 		umass_tr_error(xfer, error);
1257 		return;
1258 	}
1259 }
1260 
1261 static void
1262 umass_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
1263 {
1264 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1265 	union ccb *ccb = sc->sc_transfer.ccb;
1266 	struct usb_page_cache *pc;
1267 	uint32_t tag;
1268 
1269 	switch (USB_GET_STATE(xfer)) {
1270 	case USB_ST_TRANSFERRED:
1271 		umass_transfer_start
1272 		    (sc, ((sc->sc_transfer.dir == DIR_IN) ? UMASS_T_BBB_DATA_READ :
1273 		    (sc->sc_transfer.dir == DIR_OUT) ? UMASS_T_BBB_DATA_WRITE :
1274 		    UMASS_T_BBB_STATUS));
1275 		return;
1276 
1277 	case USB_ST_SETUP:
1278 
1279 		sc->sc_status_try = 0;
1280 
1281 		if (ccb) {
1282 
1283 			/*
1284 		         * the initial value is not important,
1285 		         * as long as the values are unique:
1286 		         */
1287 			tag = UGETDW(sc->cbw.dCBWTag) + 1;
1288 
1289 			USETDW(sc->cbw.dCBWSignature, CBWSIGNATURE);
1290 			USETDW(sc->cbw.dCBWTag, tag);
1291 
1292 			/*
1293 		         * dCBWDataTransferLength:
1294 		         *   This field indicates the number of bytes of data that the host
1295 		         *   intends to transfer on the IN or OUT Bulk endpoint(as indicated by
1296 		         *   the Direction bit) during the execution of this command. If this
1297 		         *   field is set to 0, the device will expect that no data will be
1298 		         *   transferred IN or OUT during this command, regardless of the value
1299 		         *   of the Direction bit defined in dCBWFlags.
1300 		         */
1301 			USETDW(sc->cbw.dCBWDataTransferLength, sc->sc_transfer.data_len);
1302 
1303 			/*
1304 		         * dCBWFlags:
1305 		         *   The bits of the Flags field are defined as follows:
1306 		         *     Bits 0-6  reserved
1307 		         *     Bit  7    Direction - this bit shall be ignored if the
1308 		         *                           dCBWDataTransferLength field is zero.
1309 		         *               0 = data Out from host to device
1310 		         *               1 = data In from device to host
1311 		         */
1312 			sc->cbw.bCBWFlags = ((sc->sc_transfer.dir == DIR_IN) ?
1313 			    CBWFLAGS_IN : CBWFLAGS_OUT);
1314 			sc->cbw.bCBWLUN = sc->sc_transfer.lun;
1315 
1316 			if (sc->sc_transfer.cmd_len > sizeof(sc->cbw.CBWCDB)) {
1317 				sc->sc_transfer.cmd_len = sizeof(sc->cbw.CBWCDB);
1318 				DPRINTF(sc, UDMASS_BBB, "Truncating long command!\n");
1319 			}
1320 			sc->cbw.bCDBLength = sc->sc_transfer.cmd_len;
1321 
1322 			/* copy SCSI command data */
1323 			memcpy(sc->cbw.CBWCDB, sc->sc_transfer.cmd_data,
1324 			    sc->sc_transfer.cmd_len);
1325 
1326 			/* clear remaining command area */
1327 			memset(sc->cbw.CBWCDB +
1328 			    sc->sc_transfer.cmd_len, 0,
1329 			    sizeof(sc->cbw.CBWCDB) -
1330 			    sc->sc_transfer.cmd_len);
1331 
1332 			DIF(UDMASS_BBB, umass_bbb_dump_cbw(sc, &sc->cbw));
1333 
1334 			pc = usbd_xfer_get_frame(xfer, 0);
1335 			usbd_copy_in(pc, 0, &sc->cbw, sizeof(sc->cbw));
1336 			usbd_xfer_set_frame_len(xfer, 0, sizeof(sc->cbw));
1337 
1338 			usbd_transfer_submit(xfer);
1339 		}
1340 		return;
1341 
1342 	default:			/* Error */
1343 		umass_tr_error(xfer, error);
1344 		return;
1345 	}
1346 }
1347 
1348 static void
1349 umass_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1350 {
1351 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1352 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1353 	int actlen, sumlen;
1354 
1355 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1356 
1357 	switch (USB_GET_STATE(xfer)) {
1358 	case USB_ST_TRANSFERRED:
1359 		sc->sc_transfer.data_rem -= actlen;
1360 		sc->sc_transfer.data_ptr += actlen;
1361 		sc->sc_transfer.actlen += actlen;
1362 
1363 		if (actlen < sumlen) {
1364 			/* short transfer */
1365 			sc->sc_transfer.data_rem = 0;
1366 		}
1367 	case USB_ST_SETUP:
1368 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1369 		    max_bulk, sc->sc_transfer.data_rem);
1370 
1371 		if (sc->sc_transfer.data_rem == 0) {
1372 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1373 			return;
1374 		}
1375 		if (max_bulk > sc->sc_transfer.data_rem) {
1376 			max_bulk = sc->sc_transfer.data_rem;
1377 		}
1378 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1379 
1380 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1381 		    max_bulk);
1382 
1383 		usbd_transfer_submit(xfer);
1384 		return;
1385 
1386 	default:			/* Error */
1387 		if (error == USB_ERR_CANCELLED) {
1388 			umass_tr_error(xfer, error);
1389 		} else {
1390 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1391 		}
1392 		return;
1393 	}
1394 }
1395 
1396 static void
1397 umass_t_bbb_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1398 {
1399 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1400 	    UMASS_T_BBB_DATA_READ, error);
1401 }
1402 
1403 static void
1404 umass_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1405 {
1406 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1407 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1408 	int actlen, sumlen;
1409 
1410 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1411 
1412 	switch (USB_GET_STATE(xfer)) {
1413 	case USB_ST_TRANSFERRED:
1414 		sc->sc_transfer.data_rem -= actlen;
1415 		sc->sc_transfer.data_ptr += actlen;
1416 		sc->sc_transfer.actlen += actlen;
1417 
1418 		if (actlen < sumlen) {
1419 			/* short transfer */
1420 			sc->sc_transfer.data_rem = 0;
1421 		}
1422 	case USB_ST_SETUP:
1423 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1424 		    max_bulk, sc->sc_transfer.data_rem);
1425 
1426 		if (sc->sc_transfer.data_rem == 0) {
1427 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1428 			return;
1429 		}
1430 		if (max_bulk > sc->sc_transfer.data_rem) {
1431 			max_bulk = sc->sc_transfer.data_rem;
1432 		}
1433 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1434 
1435 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1436 		    max_bulk);
1437 
1438 		usbd_transfer_submit(xfer);
1439 		return;
1440 
1441 	default:			/* Error */
1442 		if (error == USB_ERR_CANCELLED) {
1443 			umass_tr_error(xfer, error);
1444 		} else {
1445 			umass_transfer_start(sc, UMASS_T_BBB_DATA_WR_CS);
1446 		}
1447 		return;
1448 	}
1449 }
1450 
1451 static void
1452 umass_t_bbb_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1453 {
1454 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1455 	    UMASS_T_BBB_DATA_WRITE, error);
1456 }
1457 
1458 static void
1459 umass_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
1460 {
1461 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1462 	union ccb *ccb = sc->sc_transfer.ccb;
1463 	struct usb_page_cache *pc;
1464 	uint32_t residue;
1465 	int actlen;
1466 
1467 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1468 
1469 	switch (USB_GET_STATE(xfer)) {
1470 	case USB_ST_TRANSFERRED:
1471 
1472 		/*
1473 		 * Do a full reset if there is something wrong with the CSW:
1474 		 */
1475 		sc->sc_status_try = 1;
1476 
1477 		/* Zero missing parts of the CSW: */
1478 
1479 		if (actlen < (int)sizeof(sc->csw))
1480 			memset(&sc->csw, 0, sizeof(sc->csw));
1481 
1482 		pc = usbd_xfer_get_frame(xfer, 0);
1483 		usbd_copy_out(pc, 0, &sc->csw, actlen);
1484 
1485 		DIF(UDMASS_BBB, umass_bbb_dump_csw(sc, &sc->csw));
1486 
1487 		residue = UGETDW(sc->csw.dCSWDataResidue);
1488 
1489 		if ((!residue) || (sc->sc_quirks & IGNORE_RESIDUE)) {
1490 			residue = (sc->sc_transfer.data_len -
1491 			    sc->sc_transfer.actlen);
1492 		}
1493 		if (residue > sc->sc_transfer.data_len) {
1494 			DPRINTF(sc, UDMASS_BBB, "truncating residue from %d "
1495 			    "to %d bytes\n", residue, sc->sc_transfer.data_len);
1496 			residue = sc->sc_transfer.data_len;
1497 		}
1498 		/* translate weird command-status signatures: */
1499 		if (sc->sc_quirks & WRONG_CSWSIG) {
1500 
1501 			uint32_t temp = UGETDW(sc->csw.dCSWSignature);
1502 
1503 			if ((temp == CSWSIGNATURE_OLYMPUS_C1) ||
1504 			    (temp == CSWSIGNATURE_IMAGINATION_DBX1)) {
1505 				USETDW(sc->csw.dCSWSignature, CSWSIGNATURE);
1506 			}
1507 		}
1508 		/* check CSW and handle eventual error */
1509 		if (UGETDW(sc->csw.dCSWSignature) != CSWSIGNATURE) {
1510 			DPRINTF(sc, UDMASS_BBB, "bad CSW signature 0x%08x != 0x%08x\n",
1511 			    UGETDW(sc->csw.dCSWSignature), CSWSIGNATURE);
1512 			/*
1513 			 * Invalid CSW: Wrong signature or wrong tag might
1514 			 * indicate that we lost synchronization. Reset the
1515 			 * device.
1516 			 */
1517 			goto tr_error;
1518 		} else if (UGETDW(sc->csw.dCSWTag) != UGETDW(sc->cbw.dCBWTag)) {
1519 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: tag 0x%08x should be "
1520 			    "0x%08x\n", UGETDW(sc->csw.dCSWTag),
1521 			    UGETDW(sc->cbw.dCBWTag));
1522 			goto tr_error;
1523 		} else if (sc->csw.bCSWStatus > CSWSTATUS_PHASE) {
1524 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: status %d > %d\n",
1525 			    sc->csw.bCSWStatus, CSWSTATUS_PHASE);
1526 			goto tr_error;
1527 		} else if (sc->csw.bCSWStatus == CSWSTATUS_PHASE) {
1528 			DPRINTF(sc, UDMASS_BBB, "Phase error, residue = "
1529 			    "%d\n", residue);
1530 			goto tr_error;
1531 		} else if (sc->sc_transfer.actlen > sc->sc_transfer.data_len) {
1532 			DPRINTF(sc, UDMASS_BBB, "Buffer overrun %d > %d\n",
1533 			    sc->sc_transfer.actlen, sc->sc_transfer.data_len);
1534 			goto tr_error;
1535 		} else if (sc->csw.bCSWStatus == CSWSTATUS_FAILED) {
1536 			DPRINTF(sc, UDMASS_BBB, "Command failed, residue = "
1537 			    "%d\n", residue);
1538 
1539 			sc->sc_transfer.ccb = NULL;
1540 
1541 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1542 
1543 			(sc->sc_transfer.callback)
1544 			    (sc, ccb, residue, STATUS_CMD_FAILED);
1545 		} else {
1546 			sc->sc_transfer.ccb = NULL;
1547 
1548 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1549 
1550 			(sc->sc_transfer.callback)
1551 			    (sc, ccb, residue, STATUS_CMD_OK);
1552 		}
1553 		return;
1554 
1555 	case USB_ST_SETUP:
1556 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1557 		usbd_transfer_submit(xfer);
1558 		return;
1559 
1560 	default:
1561 tr_error:
1562 		DPRINTF(sc, UDMASS_BBB, "Failed to read CSW: %s, try %d\n",
1563 		    usbd_errstr(error), sc->sc_status_try);
1564 
1565 		if ((error == USB_ERR_CANCELLED) ||
1566 		    (sc->sc_status_try)) {
1567 			umass_tr_error(xfer, error);
1568 		} else {
1569 			sc->sc_status_try = 1;
1570 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1571 		}
1572 		return;
1573 	}
1574 }
1575 
1576 static void
1577 umass_command_start(struct umass_softc *sc, uint8_t dir,
1578     void *data_ptr, uint32_t data_len,
1579     uint32_t data_timeout, umass_callback_t *callback,
1580     union ccb *ccb)
1581 {
1582 	sc->sc_transfer.lun = ccb->ccb_h.target_lun;
1583 
1584 	/*
1585 	 * NOTE: assumes that "sc->sc_transfer.cmd_data" and
1586 	 * "sc->sc_transfer.cmd_len" has been properly
1587 	 * initialized.
1588 	 */
1589 
1590 	sc->sc_transfer.dir = data_len ? dir : DIR_NONE;
1591 	sc->sc_transfer.data_ptr = data_ptr;
1592 	sc->sc_transfer.data_len = data_len;
1593 	sc->sc_transfer.data_rem = data_len;
1594 	sc->sc_transfer.data_timeout = (data_timeout + UMASS_TIMEOUT);
1595 
1596 	sc->sc_transfer.actlen = 0;
1597 	sc->sc_transfer.callback = callback;
1598 	sc->sc_transfer.ccb = ccb;
1599 
1600 	if (sc->sc_xfer[sc->sc_last_xfer_index]) {
1601 		usbd_transfer_start(sc->sc_xfer[sc->sc_last_xfer_index]);
1602 	} else {
1603 		umass_cancel_ccb(sc);
1604 	}
1605 }
1606 
1607 static uint8_t
1608 umass_bbb_get_max_lun(struct umass_softc *sc)
1609 {
1610 	struct usb_device_request req;
1611 	usb_error_t err;
1612 	uint8_t buf = 0;
1613 
1614 	/* The Get Max Lun command is a class-specific request. */
1615 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1616 	req.bRequest = UR_BBB_GET_MAX_LUN;
1617 	USETW(req.wValue, 0);
1618 	req.wIndex[0] = sc->sc_iface_no;
1619 	req.wIndex[1] = 0;
1620 	USETW(req.wLength, 1);
1621 
1622 	err = usbd_do_request(sc->sc_udev, NULL, &req, &buf);
1623 	if (err) {
1624 		buf = 0;
1625 
1626 		/* Device doesn't support Get Max Lun request. */
1627 		printf("%s: Get Max Lun not supported (%s)\n",
1628 		    sc->sc_name, usbd_errstr(err));
1629 	}
1630 	return (buf);
1631 }
1632 
1633 /*
1634  * Command/Bulk/Interrupt (CBI) specific functions
1635  */
1636 
1637 static void
1638 umass_cbi_start_status(struct umass_softc *sc)
1639 {
1640 	if (sc->sc_xfer[UMASS_T_CBI_STATUS]) {
1641 		umass_transfer_start(sc, UMASS_T_CBI_STATUS);
1642 	} else {
1643 		union ccb *ccb = sc->sc_transfer.ccb;
1644 
1645 		sc->sc_transfer.ccb = NULL;
1646 
1647 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1648 
1649 		(sc->sc_transfer.callback)
1650 		    (sc, ccb, (sc->sc_transfer.data_len -
1651 		    sc->sc_transfer.actlen), STATUS_CMD_UNKNOWN);
1652 	}
1653 }
1654 
1655 static void
1656 umass_t_cbi_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1657 {
1658 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1659 	struct usb_device_request req;
1660 	struct usb_page_cache *pc;
1661 	uint8_t buf[UMASS_CBI_DIAGNOSTIC_CMDLEN];
1662 
1663 	uint8_t i;
1664 
1665 	switch (USB_GET_STATE(xfer)) {
1666 	case USB_ST_TRANSFERRED:
1667 		umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1668 		break;
1669 
1670 	case USB_ST_SETUP:
1671 		/*
1672 		 * Command Block Reset Protocol
1673 		 *
1674 		 * First send a reset request to the device. Then clear
1675 		 * any possibly stalled bulk endpoints.
1676 		 *
1677 		 * This is done in 3 steps, using 3 transfers:
1678 		 * UMASS_T_CBI_RESET1
1679 		 * UMASS_T_CBI_RESET2
1680 		 * UMASS_T_CBI_RESET3
1681 		 * UMASS_T_CBI_RESET4 (only if there is an interrupt endpoint)
1682 		 */
1683 
1684 		DPRINTF(sc, UDMASS_CBI, "CBI reset!\n");
1685 
1686 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1687 		req.bRequest = UR_CBI_ADSC;
1688 		USETW(req.wValue, 0);
1689 		req.wIndex[0] = sc->sc_iface_no;
1690 		req.wIndex[1] = 0;
1691 		USETW(req.wLength, UMASS_CBI_DIAGNOSTIC_CMDLEN);
1692 
1693 		/*
1694 		 * The 0x1d code is the SEND DIAGNOSTIC command. To
1695 		 * distinguish between the two, the last 10 bytes of the CBL
1696 		 * is filled with 0xff (section 2.2 of the CBI
1697 		 * specification)
1698 		 */
1699 		buf[0] = 0x1d;		/* Command Block Reset */
1700 		buf[1] = 0x04;
1701 
1702 		for (i = 2; i < UMASS_CBI_DIAGNOSTIC_CMDLEN; i++) {
1703 			buf[i] = 0xff;
1704 		}
1705 
1706 		pc = usbd_xfer_get_frame(xfer, 0);
1707 		usbd_copy_in(pc, 0, &req, sizeof(req));
1708 		pc = usbd_xfer_get_frame(xfer, 1);
1709 		usbd_copy_in(pc, 0, buf, sizeof(buf));
1710 
1711 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1712 		usbd_xfer_set_frame_len(xfer, 1, sizeof(buf));
1713 		usbd_xfer_set_frames(xfer, 2);
1714 		usbd_transfer_submit(xfer);
1715 		break;
1716 
1717 	default:			/* Error */
1718 		if (error == USB_ERR_CANCELLED)
1719 			umass_tr_error(xfer, error);
1720 		else
1721 			umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1722 		break;
1723 	}
1724 }
1725 
1726 static void
1727 umass_t_cbi_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1728 {
1729 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_RESET3,
1730 	    UMASS_T_CBI_DATA_READ, error);
1731 }
1732 
1733 static void
1734 umass_t_cbi_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1735 {
1736 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1737 
1738 	umass_t_cbi_data_clear_stall_callback
1739 	    (xfer, (sc->sc_xfer[UMASS_T_CBI_RESET4] &&
1740 	    sc->sc_xfer[UMASS_T_CBI_STATUS]) ?
1741 	    UMASS_T_CBI_RESET4 : UMASS_T_CBI_COMMAND,
1742 	    UMASS_T_CBI_DATA_WRITE, error);
1743 }
1744 
1745 static void
1746 umass_t_cbi_reset4_callback(struct usb_xfer *xfer, usb_error_t error)
1747 {
1748 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_COMMAND,
1749 	    UMASS_T_CBI_STATUS, error);
1750 }
1751 
1752 static void
1753 umass_t_cbi_data_clear_stall_callback(struct usb_xfer *xfer,
1754     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1755 {
1756 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1757 
1758 	switch (USB_GET_STATE(xfer)) {
1759 	case USB_ST_TRANSFERRED:
1760 tr_transferred:
1761 		if (next_xfer == UMASS_T_CBI_STATUS) {
1762 			umass_cbi_start_status(sc);
1763 		} else {
1764 			umass_transfer_start(sc, next_xfer);
1765 		}
1766 		break;
1767 
1768 	case USB_ST_SETUP:
1769 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1770 			goto tr_transferred;	/* should not happen */
1771 		}
1772 		break;
1773 
1774 	default:			/* Error */
1775 		umass_tr_error(xfer, error);
1776 		break;
1777 	}
1778 }
1779 
1780 static void
1781 umass_t_cbi_command_callback(struct usb_xfer *xfer, usb_error_t error)
1782 {
1783 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1784 	union ccb *ccb = sc->sc_transfer.ccb;
1785 	struct usb_device_request req;
1786 	struct usb_page_cache *pc;
1787 
1788 	switch (USB_GET_STATE(xfer)) {
1789 	case USB_ST_TRANSFERRED:
1790 
1791 		if (sc->sc_transfer.dir == DIR_NONE) {
1792 			umass_cbi_start_status(sc);
1793 		} else {
1794 			umass_transfer_start
1795 			    (sc, (sc->sc_transfer.dir == DIR_IN) ?
1796 			    UMASS_T_CBI_DATA_READ : UMASS_T_CBI_DATA_WRITE);
1797 		}
1798 		break;
1799 
1800 	case USB_ST_SETUP:
1801 
1802 		if (ccb) {
1803 
1804 			/*
1805 		         * do a CBI transfer with cmd_len bytes from
1806 		         * cmd_data, possibly a data phase of data_len
1807 		         * bytes from/to the device and finally a status
1808 		         * read phase.
1809 		         */
1810 
1811 			req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1812 			req.bRequest = UR_CBI_ADSC;
1813 			USETW(req.wValue, 0);
1814 			req.wIndex[0] = sc->sc_iface_no;
1815 			req.wIndex[1] = 0;
1816 			req.wLength[0] = sc->sc_transfer.cmd_len;
1817 			req.wLength[1] = 0;
1818 
1819 			pc = usbd_xfer_get_frame(xfer, 0);
1820 			usbd_copy_in(pc, 0, &req, sizeof(req));
1821 			pc = usbd_xfer_get_frame(xfer, 1);
1822 			usbd_copy_in(pc, 0, sc->sc_transfer.cmd_data,
1823 			    sc->sc_transfer.cmd_len);
1824 
1825 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1826 			usbd_xfer_set_frame_len(xfer, 1, sc->sc_transfer.cmd_len);
1827 			usbd_xfer_set_frames(xfer,
1828 			    sc->sc_transfer.cmd_len ? 2 : 1);
1829 
1830 			DIF(UDMASS_CBI,
1831 			    umass_cbi_dump_cmd(sc,
1832 			    sc->sc_transfer.cmd_data,
1833 			    sc->sc_transfer.cmd_len));
1834 
1835 			usbd_transfer_submit(xfer);
1836 		}
1837 		break;
1838 
1839 	default:			/* Error */
1840 		/*
1841 		 * STALL on the control pipe can be result of the command error.
1842 		 * Attempt to clear this STALL same as for bulk pipe also
1843 		 * results in command completion interrupt, but ASC/ASCQ there
1844 		 * look like not always valid, so don't bother about it.
1845 		 */
1846 		if ((error == USB_ERR_STALLED) ||
1847 		    (sc->sc_transfer.callback == &umass_cam_cb)) {
1848 			sc->sc_transfer.ccb = NULL;
1849 			(sc->sc_transfer.callback)
1850 			    (sc, ccb, sc->sc_transfer.data_len,
1851 			    STATUS_CMD_UNKNOWN);
1852 		} else {
1853 			umass_tr_error(xfer, error);
1854 			/* skip reset */
1855 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1856 		}
1857 		break;
1858 	}
1859 }
1860 
1861 static void
1862 umass_t_cbi_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1863 {
1864 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1865 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1866 	int actlen, sumlen;
1867 
1868 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1869 
1870 	switch (USB_GET_STATE(xfer)) {
1871 	case USB_ST_TRANSFERRED:
1872 		sc->sc_transfer.data_rem -= actlen;
1873 		sc->sc_transfer.data_ptr += actlen;
1874 		sc->sc_transfer.actlen += actlen;
1875 
1876 		if (actlen < sumlen) {
1877 			/* short transfer */
1878 			sc->sc_transfer.data_rem = 0;
1879 		}
1880 	case USB_ST_SETUP:
1881 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1882 		    max_bulk, sc->sc_transfer.data_rem);
1883 
1884 		if (sc->sc_transfer.data_rem == 0) {
1885 			umass_cbi_start_status(sc);
1886 			break;
1887 		}
1888 		if (max_bulk > sc->sc_transfer.data_rem) {
1889 			max_bulk = sc->sc_transfer.data_rem;
1890 		}
1891 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1892 
1893 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1894 		    max_bulk);
1895 
1896 		usbd_transfer_submit(xfer);
1897 		break;
1898 
1899 	default:			/* Error */
1900 		if ((error == USB_ERR_CANCELLED) ||
1901 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1902 			umass_tr_error(xfer, error);
1903 		} else {
1904 			umass_transfer_start(sc, UMASS_T_CBI_DATA_RD_CS);
1905 		}
1906 		break;
1907 	}
1908 }
1909 
1910 static void
1911 umass_t_cbi_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1912 {
1913 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1914 	    UMASS_T_CBI_DATA_READ, error);
1915 }
1916 
1917 static void
1918 umass_t_cbi_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1919 {
1920 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1921 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1922 	int actlen, sumlen;
1923 
1924 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1925 
1926 	switch (USB_GET_STATE(xfer)) {
1927 	case USB_ST_TRANSFERRED:
1928 		sc->sc_transfer.data_rem -= actlen;
1929 		sc->sc_transfer.data_ptr += actlen;
1930 		sc->sc_transfer.actlen += actlen;
1931 
1932 		if (actlen < sumlen) {
1933 			/* short transfer */
1934 			sc->sc_transfer.data_rem = 0;
1935 		}
1936 	case USB_ST_SETUP:
1937 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1938 		    max_bulk, sc->sc_transfer.data_rem);
1939 
1940 		if (sc->sc_transfer.data_rem == 0) {
1941 			umass_cbi_start_status(sc);
1942 			break;
1943 		}
1944 		if (max_bulk > sc->sc_transfer.data_rem) {
1945 			max_bulk = sc->sc_transfer.data_rem;
1946 		}
1947 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1948 
1949 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1950 		    max_bulk);
1951 
1952 		usbd_transfer_submit(xfer);
1953 		break;
1954 
1955 	default:			/* Error */
1956 		if ((error == USB_ERR_CANCELLED) ||
1957 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1958 			umass_tr_error(xfer, error);
1959 		} else {
1960 			umass_transfer_start(sc, UMASS_T_CBI_DATA_WR_CS);
1961 		}
1962 		break;
1963 	}
1964 }
1965 
1966 static void
1967 umass_t_cbi_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1968 {
1969 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1970 	    UMASS_T_CBI_DATA_WRITE, error);
1971 }
1972 
1973 static void
1974 umass_t_cbi_status_callback(struct usb_xfer *xfer, usb_error_t error)
1975 {
1976 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1977 	union ccb *ccb = sc->sc_transfer.ccb;
1978 	struct usb_page_cache *pc;
1979 	uint32_t residue;
1980 	uint8_t status;
1981 	int actlen;
1982 
1983 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1984 
1985 	switch (USB_GET_STATE(xfer)) {
1986 	case USB_ST_TRANSFERRED:
1987 
1988 		if (actlen < (int)sizeof(sc->sbl)) {
1989 			goto tr_setup;
1990 		}
1991 		pc = usbd_xfer_get_frame(xfer, 0);
1992 		usbd_copy_out(pc, 0, &sc->sbl, sizeof(sc->sbl));
1993 
1994 		residue = (sc->sc_transfer.data_len -
1995 		    sc->sc_transfer.actlen);
1996 
1997 		/* dissect the information in the buffer */
1998 
1999 		if (sc->sc_proto & UMASS_PROTO_UFI) {
2000 
2001 			/*
2002 			 * Section 3.4.3.1.3 specifies that the UFI command
2003 			 * protocol returns an ASC and ASCQ in the interrupt
2004 			 * data block.
2005 			 */
2006 
2007 			DPRINTF(sc, UDMASS_CBI, "UFI CCI, ASC = 0x%02x, "
2008 			    "ASCQ = 0x%02x\n", sc->sbl.ufi.asc,
2009 			    sc->sbl.ufi.ascq);
2010 
2011 			status = (((sc->sbl.ufi.asc == 0) &&
2012 			    (sc->sbl.ufi.ascq == 0)) ?
2013 			    STATUS_CMD_OK : STATUS_CMD_FAILED);
2014 
2015 			sc->sc_transfer.ccb = NULL;
2016 
2017 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2018 
2019 			(sc->sc_transfer.callback)
2020 			    (sc, ccb, residue, status);
2021 
2022 			break;
2023 
2024 		} else {
2025 
2026 			/* Command Interrupt Data Block */
2027 
2028 			DPRINTF(sc, UDMASS_CBI, "type=0x%02x, value=0x%02x\n",
2029 			    sc->sbl.common.type, sc->sbl.common.value);
2030 
2031 			if (sc->sbl.common.type == IDB_TYPE_CCI) {
2032 
2033 				status = (sc->sbl.common.value & IDB_VALUE_STATUS_MASK);
2034 
2035 				status = ((status == IDB_VALUE_PASS) ? STATUS_CMD_OK :
2036 				    (status == IDB_VALUE_FAIL) ? STATUS_CMD_FAILED :
2037 				    (status == IDB_VALUE_PERSISTENT) ? STATUS_CMD_FAILED :
2038 				    STATUS_WIRE_FAILED);
2039 
2040 				sc->sc_transfer.ccb = NULL;
2041 
2042 				sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2043 
2044 				(sc->sc_transfer.callback)
2045 				    (sc, ccb, residue, status);
2046 
2047 				break;
2048 			}
2049 		}
2050 
2051 		/* fallthrough */
2052 
2053 	case USB_ST_SETUP:
2054 tr_setup:
2055 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
2056 		usbd_transfer_submit(xfer);
2057 		break;
2058 
2059 	default:			/* Error */
2060 		DPRINTF(sc, UDMASS_CBI, "Failed to read CSW: %s\n",
2061 		    usbd_errstr(error));
2062 		umass_tr_error(xfer, error);
2063 		break;
2064 	}
2065 }
2066 
2067 /*
2068  * CAM specific functions (used by SCSI, UFI, 8070i (ATAPI))
2069  */
2070 
2071 static int
2072 umass_cam_attach_sim(struct umass_softc *sc)
2073 {
2074 	struct cam_devq *devq;		/* Per device Queue */
2075 
2076 	/*
2077 	 * A HBA is attached to the CAM layer.
2078 	 *
2079 	 * The CAM layer will then after a while start probing for devices on
2080 	 * the bus. The number of SIMs is limited to one.
2081 	 */
2082 
2083 	devq = cam_simq_alloc(1 /* maximum openings */ );
2084 	if (devq == NULL) {
2085 		return (ENOMEM);
2086 	}
2087 	sc->sc_sim = cam_sim_alloc
2088 	    (&umass_cam_action, &umass_cam_poll,
2089 	    DEVNAME_SIM,
2090 	    sc /* priv */ ,
2091 	    sc->sc_unit /* unit number */ ,
2092 	    &sc->sc_mtx /* mutex */ ,
2093 	    1 /* maximum device openings */ ,
2094 	    0 /* maximum tagged device openings */ ,
2095 	    devq);
2096 
2097 	if (sc->sc_sim == NULL) {
2098 		cam_simq_free(devq);
2099 		return (ENOMEM);
2100 	}
2101 
2102 	mtx_lock(&sc->sc_mtx);
2103 
2104 	if (xpt_bus_register(sc->sc_sim, sc->sc_dev,
2105 	    sc->sc_unit) != CAM_SUCCESS) {
2106 		mtx_unlock(&sc->sc_mtx);
2107 		return (ENOMEM);
2108 	}
2109 	mtx_unlock(&sc->sc_mtx);
2110 
2111 	return (0);
2112 }
2113 
2114 static void
2115 umass_cam_attach(struct umass_softc *sc)
2116 {
2117 #ifndef USB_DEBUG
2118 	if (bootverbose)
2119 #endif
2120 		printf("%s:%d:%d: Attached to scbus%d\n",
2121 		    sc->sc_name, cam_sim_path(sc->sc_sim),
2122 		    sc->sc_unit, cam_sim_path(sc->sc_sim));
2123 }
2124 
2125 /* umass_cam_detach
2126  *	detach from the CAM layer
2127  */
2128 
2129 static void
2130 umass_cam_detach_sim(struct umass_softc *sc)
2131 {
2132 	if (sc->sc_sim != NULL) {
2133 		if (xpt_bus_deregister(cam_sim_path(sc->sc_sim))) {
2134 			/* accessing the softc is not possible after this */
2135 			sc->sc_sim->softc = NULL;
2136 			cam_sim_free(sc->sc_sim, /* free_devq */ TRUE);
2137 		} else {
2138 			panic("%s: CAM layer is busy\n",
2139 			    sc->sc_name);
2140 		}
2141 		sc->sc_sim = NULL;
2142 	}
2143 }
2144 
2145 /* umass_cam_action
2146  * 	CAM requests for action come through here
2147  */
2148 
2149 static void
2150 umass_cam_action(struct cam_sim *sim, union ccb *ccb)
2151 {
2152 	struct umass_softc *sc = (struct umass_softc *)sim->softc;
2153 
2154 	if (sc == NULL) {
2155 		ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2156 		xpt_done(ccb);
2157 		return;
2158 	}
2159 
2160 	/* Perform the requested action */
2161 	switch (ccb->ccb_h.func_code) {
2162 	case XPT_SCSI_IO:
2163 		{
2164 			uint8_t *cmd;
2165 			uint8_t dir;
2166 
2167 			if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2168 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2169 			} else {
2170 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2171 			}
2172 
2173 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2174 			    "cmd: 0x%02x, flags: 0x%02x, "
2175 			    "%db cmd/%db data/%db sense\n",
2176 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2177 			    (uintmax_t)ccb->ccb_h.target_lun, cmd[0],
2178 			    ccb->ccb_h.flags & CAM_DIR_MASK, ccb->csio.cdb_len,
2179 			    ccb->csio.dxfer_len, ccb->csio.sense_len);
2180 
2181 			if (sc->sc_transfer.ccb) {
2182 				DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2183 				    "I/O in progress, deferring\n",
2184 				    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2185 				    (uintmax_t)ccb->ccb_h.target_lun);
2186 				ccb->ccb_h.status = CAM_SCSI_BUSY;
2187 				xpt_done(ccb);
2188 				goto done;
2189 			}
2190 			switch (ccb->ccb_h.flags & CAM_DIR_MASK) {
2191 			case CAM_DIR_IN:
2192 				dir = DIR_IN;
2193 				break;
2194 			case CAM_DIR_OUT:
2195 				dir = DIR_OUT;
2196 				DIF(UDMASS_SCSI,
2197 				    umass_dump_buffer(sc, ccb->csio.data_ptr,
2198 				    ccb->csio.dxfer_len, 48));
2199 				break;
2200 			default:
2201 				dir = DIR_NONE;
2202 			}
2203 
2204 			ccb->ccb_h.status = CAM_REQ_INPROG | CAM_SIM_QUEUED;
2205 
2206 			/*
2207 			 * sc->sc_transform will convert the command to the
2208 			 * command format needed by the specific command set
2209 			 * and return the converted command in
2210 			 * "sc->sc_transfer.cmd_data"
2211 			 */
2212 			if (umass_std_transform(sc, ccb, cmd, ccb->csio.cdb_len)) {
2213 
2214 				if (sc->sc_transfer.cmd_data[0] == INQUIRY) {
2215 					const char *pserial;
2216 
2217 					pserial = usb_get_serial(sc->sc_udev);
2218 
2219 					/*
2220 					 * Umass devices don't generally report their serial numbers
2221 					 * in the usual SCSI way.  Emulate it here.
2222 					 */
2223 					if ((sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2224 					    (sc->sc_transfer.cmd_data[2] == SVPD_UNIT_SERIAL_NUMBER) &&
2225 					    (pserial[0] != '\0')) {
2226 						struct scsi_vpd_unit_serial_number *vpd_serial;
2227 
2228 						vpd_serial = (struct scsi_vpd_unit_serial_number *)ccb->csio.data_ptr;
2229 						vpd_serial->length = strlen(pserial);
2230 						if (vpd_serial->length > sizeof(vpd_serial->serial_num))
2231 							vpd_serial->length = sizeof(vpd_serial->serial_num);
2232 						memcpy(vpd_serial->serial_num, pserial, vpd_serial->length);
2233 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2234 						ccb->ccb_h.status = CAM_REQ_CMP;
2235 						xpt_done(ccb);
2236 						goto done;
2237 					}
2238 
2239 					/*
2240 					 * Handle EVPD inquiry for broken devices first
2241 					 * NO_INQUIRY also implies NO_INQUIRY_EVPD
2242 					 */
2243 					if ((sc->sc_quirks & (NO_INQUIRY_EVPD | NO_INQUIRY)) &&
2244 					    (sc->sc_transfer.cmd_data[1] & SI_EVPD)) {
2245 
2246 						scsi_set_sense_data(&ccb->csio.sense_data,
2247 							/*sense_format*/ SSD_TYPE_NONE,
2248 							/*current_error*/ 1,
2249 							/*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
2250 							/*asc*/ 0x24,
2251 							/*ascq*/ 0x00,
2252 							/*extra args*/ SSD_ELEM_NONE);
2253 						ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2254 						ccb->ccb_h.status =
2255 						    CAM_SCSI_STATUS_ERROR |
2256 						    CAM_AUTOSNS_VALID |
2257 						    CAM_DEV_QFRZN;
2258 						xpt_freeze_devq(ccb->ccb_h.path, 1);
2259 						xpt_done(ccb);
2260 						goto done;
2261 					}
2262 					/*
2263 					 * Return fake inquiry data for
2264 					 * broken devices
2265 					 */
2266 					if (sc->sc_quirks & NO_INQUIRY) {
2267 						memcpy(ccb->csio.data_ptr, &fake_inq_data,
2268 						    sizeof(fake_inq_data));
2269 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2270 						ccb->ccb_h.status = CAM_REQ_CMP;
2271 						xpt_done(ccb);
2272 						goto done;
2273 					}
2274 					if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2275 						ccb->csio.dxfer_len = SHORT_INQUIRY_LENGTH;
2276 					}
2277 				} else if (sc->sc_transfer.cmd_data[0] == PREVENT_ALLOW) {
2278 					if (sc->sc_quirks & NO_PREVENT_ALLOW) {
2279 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2280 						ccb->ccb_h.status = CAM_REQ_CMP;
2281 						xpt_done(ccb);
2282 						goto done;
2283 					}
2284 				} else if (sc->sc_transfer.cmd_data[0] == SYNCHRONIZE_CACHE) {
2285 					if (sc->sc_quirks & NO_SYNCHRONIZE_CACHE) {
2286 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2287 						ccb->ccb_h.status = CAM_REQ_CMP;
2288 						xpt_done(ccb);
2289 						goto done;
2290 					}
2291 				}
2292 				umass_command_start(sc, dir, ccb->csio.data_ptr,
2293 				    ccb->csio.dxfer_len,
2294 				    ccb->ccb_h.timeout,
2295 				    &umass_cam_cb, ccb);
2296 			}
2297 			break;
2298 		}
2299 	case XPT_PATH_INQ:
2300 		{
2301 			struct ccb_pathinq *cpi = &ccb->cpi;
2302 
2303 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_PATH_INQ:.\n",
2304 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2305 			    (uintmax_t)ccb->ccb_h.target_lun);
2306 
2307 			/* host specific information */
2308 			cpi->version_num = 1;
2309 			cpi->hba_inquiry = 0;
2310 			cpi->target_sprt = 0;
2311 			cpi->hba_misc = PIM_NO_6_BYTE;
2312 			cpi->hba_eng_cnt = 0;
2313 			cpi->max_target = UMASS_SCSIID_MAX;	/* one target */
2314 			cpi->initiator_id = UMASS_SCSIID_HOST;
2315 			strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2316 			strlcpy(cpi->hba_vid, "USB SCSI", HBA_IDLEN);
2317 			strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
2318 			cpi->unit_number = cam_sim_unit(sim);
2319 			cpi->bus_id = sc->sc_unit;
2320 			cpi->protocol = PROTO_SCSI;
2321 			cpi->protocol_version = SCSI_REV_2;
2322 			cpi->transport = XPORT_USB;
2323 			cpi->transport_version = 0;
2324 
2325 			if (sc == NULL) {
2326 				cpi->base_transfer_speed = 0;
2327 				cpi->max_lun = 0;
2328 			} else {
2329 				if (sc->sc_quirks & FLOPPY_SPEED) {
2330 					cpi->base_transfer_speed =
2331 					    UMASS_FLOPPY_TRANSFER_SPEED;
2332 				} else {
2333 					switch (usbd_get_speed(sc->sc_udev)) {
2334 					case USB_SPEED_SUPER:
2335 						cpi->base_transfer_speed =
2336 						    UMASS_SUPER_TRANSFER_SPEED;
2337 						cpi->maxio = MAXPHYS;
2338 						break;
2339 					case USB_SPEED_HIGH:
2340 						cpi->base_transfer_speed =
2341 						    UMASS_HIGH_TRANSFER_SPEED;
2342 						break;
2343 					default:
2344 						cpi->base_transfer_speed =
2345 						    UMASS_FULL_TRANSFER_SPEED;
2346 						break;
2347 					}
2348 				}
2349 				cpi->max_lun = sc->sc_maxlun;
2350 			}
2351 
2352 			cpi->ccb_h.status = CAM_REQ_CMP;
2353 			xpt_done(ccb);
2354 			break;
2355 		}
2356 	case XPT_RESET_DEV:
2357 		{
2358 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_RESET_DEV:.\n",
2359 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2360 			    (uintmax_t)ccb->ccb_h.target_lun);
2361 
2362 			umass_reset(sc);
2363 
2364 			ccb->ccb_h.status = CAM_REQ_CMP;
2365 			xpt_done(ccb);
2366 			break;
2367 		}
2368 	case XPT_GET_TRAN_SETTINGS:
2369 		{
2370 			struct ccb_trans_settings *cts = &ccb->cts;
2371 
2372 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_GET_TRAN_SETTINGS:.\n",
2373 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2374 			    (uintmax_t)ccb->ccb_h.target_lun);
2375 
2376 			cts->protocol = PROTO_SCSI;
2377 			cts->protocol_version = SCSI_REV_2;
2378 			cts->transport = XPORT_USB;
2379 			cts->transport_version = 0;
2380 			cts->xport_specific.valid = 0;
2381 
2382 			ccb->ccb_h.status = CAM_REQ_CMP;
2383 			xpt_done(ccb);
2384 			break;
2385 		}
2386 	case XPT_SET_TRAN_SETTINGS:
2387 		{
2388 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SET_TRAN_SETTINGS:.\n",
2389 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2390 			    (uintmax_t)ccb->ccb_h.target_lun);
2391 
2392 			ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2393 			xpt_done(ccb);
2394 			break;
2395 		}
2396 	case XPT_CALC_GEOMETRY:
2397 		{
2398 			cam_calc_geometry(&ccb->ccg, /* extended */ 1);
2399 			xpt_done(ccb);
2400 			break;
2401 		}
2402 	case XPT_NOOP:
2403 		{
2404 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_NOOP:.\n",
2405 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2406 			    (uintmax_t)ccb->ccb_h.target_lun);
2407 
2408 			ccb->ccb_h.status = CAM_REQ_CMP;
2409 			xpt_done(ccb);
2410 			break;
2411 		}
2412 	default:
2413 		DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:func_code 0x%04x: "
2414 		    "Not implemented\n",
2415 		    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2416 		    (uintmax_t)ccb->ccb_h.target_lun, ccb->ccb_h.func_code);
2417 
2418 		ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2419 		xpt_done(ccb);
2420 		break;
2421 	}
2422 
2423 done:
2424 	return;
2425 }
2426 
2427 static void
2428 umass_cam_poll(struct cam_sim *sim)
2429 {
2430 	struct umass_softc *sc = (struct umass_softc *)sim->softc;
2431 
2432 	if (sc == NULL)
2433 		return;
2434 
2435 	DPRINTF(sc, UDMASS_SCSI, "CAM poll\n");
2436 
2437 	usbd_transfer_poll(sc->sc_xfer, UMASS_T_MAX);
2438 }
2439 
2440 
2441 /* umass_cam_cb
2442  *	finalise a completed CAM command
2443  */
2444 
2445 static void
2446 umass_cam_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2447     uint8_t status)
2448 {
2449 	ccb->csio.resid = residue;
2450 
2451 	switch (status) {
2452 	case STATUS_CMD_OK:
2453 		ccb->ccb_h.status = CAM_REQ_CMP;
2454 		if ((sc->sc_quirks & READ_CAPACITY_OFFBY1) &&
2455 		    (ccb->ccb_h.func_code == XPT_SCSI_IO) &&
2456 		    (ccb->csio.cdb_io.cdb_bytes[0] == READ_CAPACITY)) {
2457 			struct scsi_read_capacity_data *rcap;
2458 			uint32_t maxsector;
2459 
2460 			rcap = (void *)(ccb->csio.data_ptr);
2461 			maxsector = scsi_4btoul(rcap->addr) - 1;
2462 			scsi_ulto4b(maxsector, rcap->addr);
2463 		}
2464 		/*
2465 		 * We have to add SVPD_UNIT_SERIAL_NUMBER to the list
2466 		 * of pages supported by the device - otherwise, CAM
2467 		 * will never ask us for the serial number if the
2468 		 * device cannot handle that by itself.
2469 		 */
2470 		if (ccb->ccb_h.func_code == XPT_SCSI_IO &&
2471 		    sc->sc_transfer.cmd_data[0] == INQUIRY &&
2472 		    (sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2473 		    sc->sc_transfer.cmd_data[2] == SVPD_SUPPORTED_PAGE_LIST &&
2474 		    (usb_get_serial(sc->sc_udev)[0] != '\0')) {
2475 			struct ccb_scsiio *csio;
2476 			struct scsi_vpd_supported_page_list *page_list;
2477 
2478 			csio = &ccb->csio;
2479 			page_list = (struct scsi_vpd_supported_page_list *)csio->data_ptr;
2480 			if (page_list->length + 1 < SVPD_SUPPORTED_PAGES_SIZE) {
2481 				page_list->list[page_list->length] = SVPD_UNIT_SERIAL_NUMBER;
2482 				page_list->length++;
2483 			}
2484 		}
2485 		xpt_done(ccb);
2486 		break;
2487 
2488 	case STATUS_CMD_UNKNOWN:
2489 	case STATUS_CMD_FAILED:
2490 
2491 		/* fetch sense data */
2492 
2493 		/* the rest of the command was filled in at attach */
2494 		sc->cam_scsi_sense.length = ccb->csio.sense_len;
2495 
2496 		DPRINTF(sc, UDMASS_SCSI, "Fetching %d bytes of "
2497 		    "sense data\n", ccb->csio.sense_len);
2498 
2499 		if (umass_std_transform(sc, ccb, &sc->cam_scsi_sense.opcode,
2500 		    sizeof(sc->cam_scsi_sense))) {
2501 
2502 			if ((sc->sc_quirks & FORCE_SHORT_INQUIRY) &&
2503 			    (sc->sc_transfer.cmd_data[0] == INQUIRY)) {
2504 				ccb->csio.sense_len = SHORT_INQUIRY_LENGTH;
2505 			}
2506 			umass_command_start(sc, DIR_IN, &ccb->csio.sense_data.error_code,
2507 			    ccb->csio.sense_len, ccb->ccb_h.timeout,
2508 			    &umass_cam_sense_cb, ccb);
2509 		}
2510 		break;
2511 
2512 	default:
2513 		/*
2514 		 * The wire protocol failed and will hopefully have
2515 		 * recovered. We return an error to CAM and let CAM
2516 		 * retry the command if necessary.
2517 		 */
2518 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2519 		ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN;
2520 		xpt_done(ccb);
2521 		break;
2522 	}
2523 }
2524 
2525 /*
2526  * Finalise a completed autosense operation
2527  */
2528 static void
2529 umass_cam_sense_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2530     uint8_t status)
2531 {
2532 	uint8_t *cmd;
2533 
2534 	switch (status) {
2535 	case STATUS_CMD_OK:
2536 	case STATUS_CMD_UNKNOWN:
2537 	case STATUS_CMD_FAILED: {
2538 		int key, sense_len;
2539 
2540 		ccb->csio.sense_resid = residue;
2541 		sense_len = ccb->csio.sense_len - ccb->csio.sense_resid;
2542 		key = scsi_get_sense_key(&ccb->csio.sense_data, sense_len,
2543 					 /*show_errors*/ 1);
2544 
2545 		if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2546 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2547 		} else {
2548 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2549 		}
2550 
2551 		/*
2552 		 * Getting sense data always succeeds (apart from wire
2553 		 * failures):
2554 		 */
2555 		if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2556 		    (cmd[0] == INQUIRY) &&
2557 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2558 			/*
2559 			 * Ignore unit attention errors in the case where
2560 			 * the Unit Attention state is not cleared on
2561 			 * REQUEST SENSE. They will appear again at the next
2562 			 * command.
2563 			 */
2564 			ccb->ccb_h.status = CAM_REQ_CMP;
2565 		} else if (key == SSD_KEY_NO_SENSE) {
2566 			/*
2567 			 * No problem after all (in the case of CBI without
2568 			 * CCI)
2569 			 */
2570 			ccb->ccb_h.status = CAM_REQ_CMP;
2571 		} else if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2572 			    (cmd[0] == READ_CAPACITY) &&
2573 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2574 			/*
2575 			 * Some devices do not clear the unit attention error
2576 			 * on request sense. We insert a test unit ready
2577 			 * command to make sure we clear the unit attention
2578 			 * condition, then allow the retry to proceed as
2579 			 * usual.
2580 			 */
2581 
2582 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2583 			ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2584 			    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2585 			ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2586 
2587 #if 0
2588 			DELAY(300000);
2589 #endif
2590 			DPRINTF(sc, UDMASS_SCSI, "Doing a sneaky"
2591 			    "TEST_UNIT_READY\n");
2592 
2593 			/* the rest of the command was filled in at attach */
2594 
2595 			if ((sc->sc_transform)(sc,
2596 			    &sc->cam_scsi_test_unit_ready.opcode,
2597 			    sizeof(sc->cam_scsi_test_unit_ready)) == 1) {
2598 				umass_command_start(sc, DIR_NONE, NULL, 0,
2599 				    ccb->ccb_h.timeout,
2600 				    &umass_cam_quirk_cb, ccb);
2601 				break;
2602 			}
2603 		} else {
2604 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2605 			if (key >= 0) {
2606 				ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2607 				    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2608 				ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2609 			} else
2610 				ccb->ccb_h.status = CAM_AUTOSENSE_FAIL
2611 				    | CAM_DEV_QFRZN;
2612 		}
2613 		xpt_done(ccb);
2614 		break;
2615 	}
2616 	default:
2617 		DPRINTF(sc, UDMASS_SCSI, "Autosense failed, "
2618 		    "status %d\n", status);
2619 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2620 		ccb->ccb_h.status = CAM_AUTOSENSE_FAIL | CAM_DEV_QFRZN;
2621 		xpt_done(ccb);
2622 	}
2623 }
2624 
2625 /*
2626  * This completion code just handles the fact that we sent a test-unit-ready
2627  * after having previously failed a READ CAPACITY with CHECK_COND.  The CCB
2628  * status for CAM is already set earlier.
2629  */
2630 static void
2631 umass_cam_quirk_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2632     uint8_t status)
2633 {
2634 	DPRINTF(sc, UDMASS_SCSI, "Test unit ready "
2635 	    "returned status %d\n", status);
2636 
2637 	xpt_done(ccb);
2638 }
2639 
2640 /*
2641  * SCSI specific functions
2642  */
2643 
2644 static uint8_t
2645 umass_scsi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2646     uint8_t cmd_len)
2647 {
2648 	if ((cmd_len == 0) ||
2649 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2650 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2651 		    "length: %d bytes\n", cmd_len);
2652 		return (0);		/* failure */
2653 	}
2654 	sc->sc_transfer.cmd_len = cmd_len;
2655 
2656 	switch (cmd_ptr[0]) {
2657 	case TEST_UNIT_READY:
2658 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2659 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2660 			    "to START_UNIT\n");
2661 			memset(sc->sc_transfer.cmd_data, 0, cmd_len);
2662 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2663 			sc->sc_transfer.cmd_data[4] = SSS_START;
2664 			return (1);
2665 		}
2666 		break;
2667 
2668 	case INQUIRY:
2669 		/*
2670 		 * some drives wedge when asked for full inquiry
2671 		 * information.
2672 		 */
2673 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2674 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2675 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2676 			return (1);
2677 		}
2678 		break;
2679 	}
2680 
2681 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2682 	return (1);
2683 }
2684 
2685 static uint8_t
2686 umass_rbc_transform(struct umass_softc *sc, uint8_t *cmd_ptr, uint8_t cmd_len)
2687 {
2688 	if ((cmd_len == 0) ||
2689 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2690 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2691 		    "length: %d bytes\n", cmd_len);
2692 		return (0);		/* failure */
2693 	}
2694 	switch (cmd_ptr[0]) {
2695 		/* these commands are defined in RBC: */
2696 	case READ_10:
2697 	case READ_CAPACITY:
2698 	case START_STOP_UNIT:
2699 	case SYNCHRONIZE_CACHE:
2700 	case WRITE_10:
2701 	case VERIFY_10:
2702 	case INQUIRY:
2703 	case MODE_SELECT_10:
2704 	case MODE_SENSE_10:
2705 	case TEST_UNIT_READY:
2706 	case WRITE_BUFFER:
2707 		/*
2708 		 * The following commands are not listed in my copy of the
2709 		 * RBC specs. CAM however seems to want those, and at least
2710 		 * the Sony DSC device appears to support those as well
2711 		 */
2712 	case REQUEST_SENSE:
2713 	case PREVENT_ALLOW:
2714 
2715 		memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2716 
2717 		if ((sc->sc_quirks & RBC_PAD_TO_12) && (cmd_len < 12)) {
2718 			memset(sc->sc_transfer.cmd_data + cmd_len,
2719 			    0, 12 - cmd_len);
2720 			cmd_len = 12;
2721 		}
2722 		sc->sc_transfer.cmd_len = cmd_len;
2723 		return (1);		/* sucess */
2724 
2725 		/* All other commands are not legal in RBC */
2726 	default:
2727 		DPRINTF(sc, UDMASS_SCSI, "Unsupported RBC "
2728 		    "command 0x%02x\n", cmd_ptr[0]);
2729 		return (0);		/* failure */
2730 	}
2731 }
2732 
2733 static uint8_t
2734 umass_ufi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2735     uint8_t cmd_len)
2736 {
2737 	if ((cmd_len == 0) ||
2738 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2739 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2740 		    "length: %d bytes\n", cmd_len);
2741 		return (0);		/* failure */
2742 	}
2743 	/* An UFI command is always 12 bytes in length */
2744 	sc->sc_transfer.cmd_len = UFI_COMMAND_LENGTH;
2745 
2746 	/* Zero the command data */
2747 	memset(sc->sc_transfer.cmd_data, 0, UFI_COMMAND_LENGTH);
2748 
2749 	switch (cmd_ptr[0]) {
2750 		/*
2751 		 * Commands of which the format has been verified. They
2752 		 * should work. Copy the command into the (zeroed out)
2753 		 * destination buffer.
2754 		 */
2755 	case TEST_UNIT_READY:
2756 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2757 			/*
2758 			 * Some devices do not support this command. Start
2759 			 * Stop Unit should give the same results
2760 			 */
2761 			DPRINTF(sc, UDMASS_UFI, "Converted TEST_UNIT_READY "
2762 			    "to START_UNIT\n");
2763 
2764 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2765 			sc->sc_transfer.cmd_data[4] = SSS_START;
2766 			return (1);
2767 		}
2768 		break;
2769 
2770 	case REZERO_UNIT:
2771 	case REQUEST_SENSE:
2772 	case FORMAT_UNIT:
2773 	case INQUIRY:
2774 	case START_STOP_UNIT:
2775 	case SEND_DIAGNOSTIC:
2776 	case PREVENT_ALLOW:
2777 	case READ_CAPACITY:
2778 	case READ_10:
2779 	case WRITE_10:
2780 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2781 	case WRITE_AND_VERIFY:
2782 	case VERIFY:
2783 	case MODE_SELECT_10:
2784 	case MODE_SENSE_10:
2785 	case READ_12:
2786 	case WRITE_12:
2787 	case READ_FORMAT_CAPACITIES:
2788 		break;
2789 
2790 		/*
2791 		 * SYNCHRONIZE_CACHE isn't supported by UFI, nor should it be
2792 		 * required for UFI devices, so it is appropriate to fake
2793 		 * success.
2794 		 */
2795 	case SYNCHRONIZE_CACHE:
2796 		return (2);
2797 
2798 	default:
2799 		DPRINTF(sc, UDMASS_SCSI, "Unsupported UFI "
2800 		    "command 0x%02x\n", cmd_ptr[0]);
2801 		return (0);		/* failure */
2802 	}
2803 
2804 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2805 	return (1);			/* success */
2806 }
2807 
2808 /*
2809  * 8070i (ATAPI) specific functions
2810  */
2811 static uint8_t
2812 umass_atapi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2813     uint8_t cmd_len)
2814 {
2815 	if ((cmd_len == 0) ||
2816 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2817 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2818 		    "length: %d bytes\n", cmd_len);
2819 		return (0);		/* failure */
2820 	}
2821 	/* An ATAPI command is always 12 bytes in length. */
2822 	sc->sc_transfer.cmd_len = ATAPI_COMMAND_LENGTH;
2823 
2824 	/* Zero the command data */
2825 	memset(sc->sc_transfer.cmd_data, 0, ATAPI_COMMAND_LENGTH);
2826 
2827 	switch (cmd_ptr[0]) {
2828 		/*
2829 		 * Commands of which the format has been verified. They
2830 		 * should work. Copy the command into the destination
2831 		 * buffer.
2832 		 */
2833 	case INQUIRY:
2834 		/*
2835 		 * some drives wedge when asked for full inquiry
2836 		 * information.
2837 		 */
2838 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2839 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2840 
2841 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2842 			return (1);
2843 		}
2844 		break;
2845 
2846 	case TEST_UNIT_READY:
2847 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2848 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2849 			    "to START_UNIT\n");
2850 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2851 			sc->sc_transfer.cmd_data[4] = SSS_START;
2852 			return (1);
2853 		}
2854 		break;
2855 
2856 	case REZERO_UNIT:
2857 	case REQUEST_SENSE:
2858 	case START_STOP_UNIT:
2859 	case SEND_DIAGNOSTIC:
2860 	case PREVENT_ALLOW:
2861 	case READ_CAPACITY:
2862 	case READ_10:
2863 	case WRITE_10:
2864 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2865 	case SYNCHRONIZE_CACHE:
2866 	case MODE_SELECT_10:
2867 	case MODE_SENSE_10:
2868 	case READ_BUFFER:
2869 	case 0x42:			/* READ_SUBCHANNEL */
2870 	case 0x43:			/* READ_TOC */
2871 	case 0x44:			/* READ_HEADER */
2872 	case 0x47:			/* PLAY_MSF (Play Minute/Second/Frame) */
2873 	case 0x48:			/* PLAY_TRACK */
2874 	case 0x49:			/* PLAY_TRACK_REL */
2875 	case 0x4b:			/* PAUSE */
2876 	case 0x51:			/* READ_DISK_INFO */
2877 	case 0x52:			/* READ_TRACK_INFO */
2878 	case 0x54:			/* SEND_OPC */
2879 	case 0x59:			/* READ_MASTER_CUE */
2880 	case 0x5b:			/* CLOSE_TR_SESSION */
2881 	case 0x5c:			/* READ_BUFFER_CAP */
2882 	case 0x5d:			/* SEND_CUE_SHEET */
2883 	case 0xa1:			/* BLANK */
2884 	case 0xa5:			/* PLAY_12 */
2885 	case 0xa6:			/* EXCHANGE_MEDIUM */
2886 	case 0xad:			/* READ_DVD_STRUCTURE */
2887 	case 0xbb:			/* SET_CD_SPEED */
2888 	case 0xe5:			/* READ_TRACK_INFO_PHILIPS */
2889 		break;
2890 
2891 	case READ_12:
2892 	case WRITE_12:
2893 	default:
2894 		DPRINTF(sc, UDMASS_SCSI, "Unsupported ATAPI "
2895 		    "command 0x%02x - trying anyway\n",
2896 		    cmd_ptr[0]);
2897 		break;
2898 	}
2899 
2900 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2901 	return (1);			/* success */
2902 }
2903 
2904 static uint8_t
2905 umass_no_transform(struct umass_softc *sc, uint8_t *cmd,
2906     uint8_t cmdlen)
2907 {
2908 	return (0);			/* failure */
2909 }
2910 
2911 static uint8_t
2912 umass_std_transform(struct umass_softc *sc, union ccb *ccb,
2913     uint8_t *cmd, uint8_t cmdlen)
2914 {
2915 	uint8_t retval;
2916 
2917 	retval = (sc->sc_transform) (sc, cmd, cmdlen);
2918 
2919 	if (retval == 2) {
2920 		ccb->ccb_h.status = CAM_REQ_CMP;
2921 		xpt_done(ccb);
2922 		return (0);
2923 	} else if (retval == 0) {
2924 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2925 		ccb->ccb_h.status = CAM_REQ_INVALID | CAM_DEV_QFRZN;
2926 		xpt_done(ccb);
2927 		return (0);
2928 	}
2929 	/* Command should be executed */
2930 	return (1);
2931 }
2932 
2933 #ifdef USB_DEBUG
2934 static void
2935 umass_bbb_dump_cbw(struct umass_softc *sc, umass_bbb_cbw_t *cbw)
2936 {
2937 	uint8_t *c = cbw->CBWCDB;
2938 
2939 	uint32_t dlen = UGETDW(cbw->dCBWDataTransferLength);
2940 	uint32_t tag = UGETDW(cbw->dCBWTag);
2941 
2942 	uint8_t clen = cbw->bCDBLength;
2943 	uint8_t flags = cbw->bCBWFlags;
2944 	uint8_t lun = cbw->bCBWLUN;
2945 
2946 	DPRINTF(sc, UDMASS_BBB, "CBW %d: cmd = %db "
2947 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2948 	    "data = %db, lun = %d, dir = %s\n",
2949 	    tag, clen,
2950 	    c[0], c[1], c[2], c[3], c[4], c[5], (clen > 6 ? "..." : ""),
2951 	    dlen, lun, (flags == CBWFLAGS_IN ? "in" :
2952 	    (flags == CBWFLAGS_OUT ? "out" : "<invalid>")));
2953 }
2954 
2955 static void
2956 umass_bbb_dump_csw(struct umass_softc *sc, umass_bbb_csw_t *csw)
2957 {
2958 	uint32_t sig = UGETDW(csw->dCSWSignature);
2959 	uint32_t tag = UGETDW(csw->dCSWTag);
2960 	uint32_t res = UGETDW(csw->dCSWDataResidue);
2961 	uint8_t status = csw->bCSWStatus;
2962 
2963 	DPRINTF(sc, UDMASS_BBB, "CSW %d: sig = 0x%08x (%s), tag = 0x%08x, "
2964 	    "res = %d, status = 0x%02x (%s)\n",
2965 	    tag, sig, (sig == CSWSIGNATURE ? "valid" : "invalid"),
2966 	    tag, res,
2967 	    status, (status == CSWSTATUS_GOOD ? "good" :
2968 	    (status == CSWSTATUS_FAILED ? "failed" :
2969 	    (status == CSWSTATUS_PHASE ? "phase" : "<invalid>"))));
2970 }
2971 
2972 static void
2973 umass_cbi_dump_cmd(struct umass_softc *sc, void *cmd, uint8_t cmdlen)
2974 {
2975 	uint8_t *c = cmd;
2976 	uint8_t dir = sc->sc_transfer.dir;
2977 
2978 	DPRINTF(sc, UDMASS_BBB, "cmd = %db "
2979 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2980 	    "data = %db, dir = %s\n",
2981 	    cmdlen,
2982 	    c[0], c[1], c[2], c[3], c[4], c[5], (cmdlen > 6 ? "..." : ""),
2983 	    sc->sc_transfer.data_len,
2984 	    (dir == DIR_IN ? "in" :
2985 	    (dir == DIR_OUT ? "out" :
2986 	    (dir == DIR_NONE ? "no data phase" : "<invalid>"))));
2987 }
2988 
2989 static void
2990 umass_dump_buffer(struct umass_softc *sc, uint8_t *buffer, uint32_t buflen,
2991     uint32_t printlen)
2992 {
2993 	uint32_t i, j;
2994 	char s1[40];
2995 	char s2[40];
2996 	char s3[5];
2997 
2998 	s1[0] = '\0';
2999 	s3[0] = '\0';
3000 
3001 	sprintf(s2, " buffer=%p, buflen=%d", buffer, buflen);
3002 	for (i = 0; (i < buflen) && (i < printlen); i++) {
3003 		j = i % 16;
3004 		if (j == 0 && i != 0) {
3005 			DPRINTF(sc, UDMASS_GEN, "0x %s%s\n",
3006 			    s1, s2);
3007 			s2[0] = '\0';
3008 		}
3009 		sprintf(&s1[j * 2], "%02x", buffer[i] & 0xff);
3010 	}
3011 	if (buflen > printlen)
3012 		sprintf(s3, " ...");
3013 	DPRINTF(sc, UDMASS_GEN, "0x %s%s%s\n",
3014 	    s1, s2, s3);
3015 }
3016 
3017 #endif
3018