1 /* $FreeBSD$ */ 2 /*- 3 * Copyright (C) 2003-2005 Alan Stern 4 * Copyright (C) 2008 Hans Petter Selasky 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /* 35 * NOTE: Much of the SCSI statemachine handling code derives from the 36 * Linux USB gadget stack. 37 */ 38 39 #include <sys/stdint.h> 40 #include <sys/stddef.h> 41 #include <sys/param.h> 42 #include <sys/queue.h> 43 #include <sys/types.h> 44 #include <sys/systm.h> 45 #include <sys/kernel.h> 46 #include <sys/bus.h> 47 #include <sys/module.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/condvar.h> 51 #include <sys/sysctl.h> 52 #include <sys/sx.h> 53 #include <sys/unistd.h> 54 #include <sys/callout.h> 55 #include <sys/malloc.h> 56 #include <sys/priv.h> 57 58 #include <dev/usb/usb.h> 59 #include <dev/usb/usbdi.h> 60 #include "usbdevs.h" 61 #include "usb_if.h" 62 63 #define USB_DEBUG_VAR ustorage_fs_debug 64 #include <dev/usb/usb_debug.h> 65 66 #ifdef USB_DEBUG 67 static int ustorage_fs_debug = 0; 68 69 SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs"); 70 SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW, 71 &ustorage_fs_debug, 0, "ustorage_fs debug level"); 72 #endif 73 74 /* Define some limits */ 75 76 #ifndef USTORAGE_FS_BULK_SIZE 77 #define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */ 78 #endif 79 80 #ifndef USTORAGE_FS_MAX_LUN 81 #define USTORAGE_FS_MAX_LUN 8 /* units */ 82 #endif 83 84 #ifndef USTORAGE_QDATA_MAX 85 #define USTORAGE_QDATA_MAX 40 /* bytes */ 86 #endif 87 88 #define sc_cmd_data sc_cbw.CBWCDB 89 90 /* 91 * The SCSI ID string must be exactly 28 characters long 92 * exluding the terminating zero. 93 */ 94 #ifndef USTORAGE_FS_ID_STRING 95 #define USTORAGE_FS_ID_STRING \ 96 "FreeBSD " /* 8 */ \ 97 "File-Stor Gadget" /* 16 */ \ 98 "0101" /* 4 */ 99 #endif 100 101 /* 102 * The following macro defines the number of 103 * sectors to be allocated for the RAM disk: 104 */ 105 #ifndef USTORAGE_FS_RAM_SECT 106 #define USTORAGE_FS_RAM_SECT (1UL << 13) 107 #endif 108 109 static uint8_t *ustorage_fs_ramdisk; 110 111 /* USB transfer definitions */ 112 113 #define USTORAGE_FS_T_BBB_COMMAND 0 114 #define USTORAGE_FS_T_BBB_DATA_DUMP 1 115 #define USTORAGE_FS_T_BBB_DATA_READ 2 116 #define USTORAGE_FS_T_BBB_DATA_WRITE 3 117 #define USTORAGE_FS_T_BBB_STATUS 4 118 #define USTORAGE_FS_T_BBB_MAX 5 119 120 /* USB data stage direction */ 121 122 #define DIR_NONE 0 123 #define DIR_READ 1 124 #define DIR_WRITE 2 125 126 /* USB interface specific control request */ 127 128 #define UR_BBB_RESET 0xff /* Bulk-Only reset */ 129 #define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */ 130 131 /* Command Block Wrapper */ 132 typedef struct { 133 uDWord dCBWSignature; 134 #define CBWSIGNATURE 0x43425355 135 uDWord dCBWTag; 136 uDWord dCBWDataTransferLength; 137 uByte bCBWFlags; 138 #define CBWFLAGS_OUT 0x00 139 #define CBWFLAGS_IN 0x80 140 uByte bCBWLUN; 141 uByte bCDBLength; 142 #define CBWCDBLENGTH 16 143 uByte CBWCDB[CBWCDBLENGTH]; 144 } __packed ustorage_fs_bbb_cbw_t; 145 146 #define USTORAGE_FS_BBB_CBW_SIZE 31 147 148 /* Command Status Wrapper */ 149 typedef struct { 150 uDWord dCSWSignature; 151 #define CSWSIGNATURE 0x53425355 152 uDWord dCSWTag; 153 uDWord dCSWDataResidue; 154 uByte bCSWStatus; 155 #define CSWSTATUS_GOOD 0x0 156 #define CSWSTATUS_FAILED 0x1 157 #define CSWSTATUS_PHASE 0x2 158 } __packed ustorage_fs_bbb_csw_t; 159 160 #define USTORAGE_FS_BBB_CSW_SIZE 13 161 162 struct ustorage_fs_lun { 163 164 uint8_t *memory_image; 165 166 uint32_t num_sectors; 167 uint32_t sense_data; 168 uint32_t sense_data_info; 169 uint32_t unit_attention_data; 170 171 uint8_t read_only:1; 172 uint8_t prevent_medium_removal:1; 173 uint8_t info_valid:1; 174 uint8_t removable:1; 175 }; 176 177 struct ustorage_fs_softc { 178 179 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */ 180 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */ 181 182 struct mtx sc_mtx; 183 184 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN]; 185 186 struct { 187 uint8_t *data_ptr; 188 struct ustorage_fs_lun *currlun; 189 190 uint32_t data_rem; /* bytes, as reported by the command 191 * block wrapper */ 192 uint32_t offset; /* bytes */ 193 194 uint8_t cbw_dir; 195 uint8_t cmd_dir; 196 uint8_t lun; 197 uint8_t cmd_len; 198 uint8_t data_short:1; 199 uint8_t data_error:1; 200 } sc_transfer; 201 202 device_t sc_dev; 203 struct usb_device *sc_udev; 204 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX]; 205 206 uint8_t sc_iface_no; /* interface number */ 207 uint8_t sc_last_lun; 208 uint8_t sc_last_xfer_index; 209 uint8_t sc_qdata[USTORAGE_QDATA_MAX]; 210 }; 211 212 /* prototypes */ 213 214 static device_probe_t ustorage_fs_probe; 215 static device_attach_t ustorage_fs_attach; 216 static device_detach_t ustorage_fs_detach; 217 static device_suspend_t ustorage_fs_suspend; 218 static device_resume_t ustorage_fs_resume; 219 static usb_handle_request_t ustorage_fs_handle_request; 220 221 static usb_callback_t ustorage_fs_t_bbb_command_callback; 222 static usb_callback_t ustorage_fs_t_bbb_data_dump_callback; 223 static usb_callback_t ustorage_fs_t_bbb_data_read_callback; 224 static usb_callback_t ustorage_fs_t_bbb_data_write_callback; 225 static usb_callback_t ustorage_fs_t_bbb_status_callback; 226 227 static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index); 228 static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc); 229 230 static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc); 231 static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc); 232 static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc); 233 static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc); 234 static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc); 235 static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc); 236 static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc); 237 static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc); 238 static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc); 239 static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask); 240 static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc); 241 static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc); 242 static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium); 243 static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc); 244 245 static device_method_t ustorage_fs_methods[] = { 246 /* USB interface */ 247 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request), 248 249 /* Device interface */ 250 DEVMETHOD(device_probe, ustorage_fs_probe), 251 DEVMETHOD(device_attach, ustorage_fs_attach), 252 DEVMETHOD(device_detach, ustorage_fs_detach), 253 DEVMETHOD(device_suspend, ustorage_fs_suspend), 254 DEVMETHOD(device_resume, ustorage_fs_resume), 255 256 {0, 0} 257 }; 258 259 static driver_t ustorage_fs_driver = { 260 .name = "ustorage_fs", 261 .methods = ustorage_fs_methods, 262 .size = sizeof(struct ustorage_fs_softc), 263 }; 264 265 static devclass_t ustorage_fs_devclass; 266 267 DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0); 268 MODULE_VERSION(ustorage_fs, 0); 269 MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1); 270 271 static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = { 272 273 [USTORAGE_FS_T_BBB_COMMAND] = { 274 .type = UE_BULK, 275 .endpoint = UE_ADDR_ANY, 276 .direction = UE_DIR_OUT, 277 .bufsize = sizeof(ustorage_fs_bbb_cbw_t), 278 .flags = {.ext_buffer = 1,}, 279 .callback = &ustorage_fs_t_bbb_command_callback, 280 .usb_mode = USB_MODE_DEVICE, 281 }, 282 283 [USTORAGE_FS_T_BBB_DATA_DUMP] = { 284 .type = UE_BULK, 285 .endpoint = UE_ADDR_ANY, 286 .direction = UE_DIR_OUT, 287 .bufsize = 0, /* use wMaxPacketSize */ 288 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,}, 289 .callback = &ustorage_fs_t_bbb_data_dump_callback, 290 .usb_mode = USB_MODE_DEVICE, 291 }, 292 293 [USTORAGE_FS_T_BBB_DATA_READ] = { 294 .type = UE_BULK, 295 .endpoint = UE_ADDR_ANY, 296 .direction = UE_DIR_OUT, 297 .bufsize = USTORAGE_FS_BULK_SIZE, 298 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 299 .callback = &ustorage_fs_t_bbb_data_read_callback, 300 .usb_mode = USB_MODE_DEVICE, 301 }, 302 303 [USTORAGE_FS_T_BBB_DATA_WRITE] = { 304 .type = UE_BULK, 305 .endpoint = UE_ADDR_ANY, 306 .direction = UE_DIR_IN, 307 .bufsize = USTORAGE_FS_BULK_SIZE, 308 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 309 .callback = &ustorage_fs_t_bbb_data_write_callback, 310 .usb_mode = USB_MODE_DEVICE, 311 }, 312 313 [USTORAGE_FS_T_BBB_STATUS] = { 314 .type = UE_BULK, 315 .endpoint = UE_ADDR_ANY, 316 .direction = UE_DIR_IN, 317 .bufsize = sizeof(ustorage_fs_bbb_csw_t), 318 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,}, 319 .callback = &ustorage_fs_t_bbb_status_callback, 320 .usb_mode = USB_MODE_DEVICE, 321 }, 322 }; 323 324 /* 325 * USB device probe/attach/detach 326 */ 327 328 static int 329 ustorage_fs_probe(device_t dev) 330 { 331 struct usb_attach_arg *uaa = device_get_ivars(dev); 332 struct usb_interface_descriptor *id; 333 334 if (uaa->usb_mode != USB_MODE_DEVICE) { 335 return (ENXIO); 336 } 337 if (uaa->use_generic == 0) { 338 /* give other drivers a try first */ 339 return (ENXIO); 340 } 341 /* Check for a standards compliant device */ 342 id = usbd_get_interface_descriptor(uaa->iface); 343 if ((id == NULL) || 344 (id->bInterfaceClass != UICLASS_MASS) || 345 (id->bInterfaceSubClass != UISUBCLASS_SCSI) || 346 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { 347 return (ENXIO); 348 } 349 return (0); 350 } 351 352 static int 353 ustorage_fs_attach(device_t dev) 354 { 355 struct ustorage_fs_softc *sc = device_get_softc(dev); 356 struct usb_attach_arg *uaa = device_get_ivars(dev); 357 struct usb_interface_descriptor *id; 358 int err; 359 int unit; 360 361 /* 362 * NOTE: the softc struct is bzero-ed in device_set_driver. 363 * We can safely call ustorage_fs_detach without specifically 364 * initializing the struct. 365 */ 366 367 sc->sc_dev = dev; 368 sc->sc_udev = uaa->device; 369 unit = device_get_unit(dev); 370 371 if (unit == 0) { 372 if (ustorage_fs_ramdisk == NULL) { 373 /* 374 * allocate a memory image for our ramdisk until 375 * further 376 */ 377 ustorage_fs_ramdisk = 378 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, M_ZERO | M_WAITOK); 379 if (ustorage_fs_ramdisk == NULL) { 380 return (ENOMEM); 381 } 382 } 383 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk; 384 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT; 385 sc->sc_lun[0].removable = 1; 386 } 387 388 device_set_usb_desc(dev); 389 390 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock", 391 NULL, (MTX_DEF | MTX_RECURSE)); 392 393 /* get interface index */ 394 395 id = usbd_get_interface_descriptor(uaa->iface); 396 if (id == NULL) { 397 device_printf(dev, "failed to get " 398 "interface number\n"); 399 goto detach; 400 } 401 sc->sc_iface_no = id->bInterfaceNumber; 402 403 err = usbd_transfer_setup(uaa->device, 404 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config, 405 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx); 406 if (err) { 407 device_printf(dev, "could not setup required " 408 "transfers, %s\n", usbd_errstr(err)); 409 goto detach; 410 } 411 /* start Mass Storage State Machine */ 412 413 mtx_lock(&sc->sc_mtx); 414 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 415 mtx_unlock(&sc->sc_mtx); 416 417 return (0); /* success */ 418 419 detach: 420 ustorage_fs_detach(dev); 421 return (ENXIO); /* failure */ 422 } 423 424 static int 425 ustorage_fs_detach(device_t dev) 426 { 427 struct ustorage_fs_softc *sc = device_get_softc(dev); 428 429 /* teardown our statemachine */ 430 431 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX); 432 433 mtx_destroy(&sc->sc_mtx); 434 435 return (0); /* success */ 436 } 437 438 static int 439 ustorage_fs_suspend(device_t dev) 440 { 441 device_printf(dev, "suspending\n"); 442 return (0); /* success */ 443 } 444 445 static int 446 ustorage_fs_resume(device_t dev) 447 { 448 device_printf(dev, "resuming\n"); 449 return (0); /* success */ 450 } 451 452 /* 453 * Generic functions to handle transfers 454 */ 455 456 static void 457 ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index) 458 { 459 if (sc->sc_xfer[xfer_index]) { 460 sc->sc_last_xfer_index = xfer_index; 461 usbd_transfer_start(sc->sc_xfer[xfer_index]); 462 } 463 } 464 465 static void 466 ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc) 467 { 468 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]); 469 mtx_unlock(&sc->sc_mtx); 470 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]); 471 mtx_lock(&sc->sc_mtx); 472 } 473 474 static int 475 ustorage_fs_handle_request(device_t dev, 476 const void *preq, void **pptr, uint16_t *plen, 477 uint16_t offset, uint8_t *pstate) 478 { 479 struct ustorage_fs_softc *sc = device_get_softc(dev); 480 const struct usb_device_request *req = preq; 481 uint8_t is_complete = *pstate; 482 483 if (!is_complete) { 484 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) && 485 (req->bRequest == UR_BBB_RESET)) { 486 *plen = 0; 487 mtx_lock(&sc->sc_mtx); 488 ustorage_fs_transfer_stop(sc); 489 sc->sc_transfer.data_error = 1; 490 ustorage_fs_transfer_start(sc, 491 USTORAGE_FS_T_BBB_COMMAND); 492 mtx_unlock(&sc->sc_mtx); 493 return (0); 494 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) && 495 (req->bRequest == UR_BBB_GET_MAX_LUN)) { 496 if (offset == 0) { 497 *plen = 1; 498 *pptr = &sc->sc_last_lun; 499 } else { 500 *plen = 0; 501 } 502 return (0); 503 } 504 } 505 return (ENXIO); /* use builtin handler */ 506 } 507 508 static void 509 ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error) 510 { 511 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 512 uint32_t tag; 513 uint8_t err = 0; 514 515 DPRINTF("\n"); 516 517 switch (USB_GET_STATE(xfer)) { 518 case USB_ST_TRANSFERRED: 519 520 tag = UGETDW(sc->sc_cbw.dCBWSignature); 521 522 if (tag != CBWSIGNATURE) { 523 /* do nothing */ 524 DPRINTF("invalid signature 0x%08x\n", tag); 525 break; 526 } 527 tag = UGETDW(sc->sc_cbw.dCBWTag); 528 529 /* echo back tag */ 530 USETDW(sc->sc_csw.dCSWTag, tag); 531 532 /* reset status */ 533 sc->sc_csw.bCSWStatus = 0; 534 535 /* reset data offset, data length and data remainder */ 536 sc->sc_transfer.offset = 0; 537 sc->sc_transfer.data_rem = 538 UGETDW(sc->sc_cbw.dCBWDataTransferLength); 539 540 /* reset data flags */ 541 sc->sc_transfer.data_short = 0; 542 543 /* extract LUN */ 544 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN; 545 546 if (sc->sc_transfer.data_rem == 0) { 547 sc->sc_transfer.cbw_dir = DIR_NONE; 548 } else { 549 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) { 550 sc->sc_transfer.cbw_dir = DIR_WRITE; 551 } else { 552 sc->sc_transfer.cbw_dir = DIR_READ; 553 } 554 } 555 556 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength; 557 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) || 558 (sc->sc_transfer.cmd_len == 0)) { 559 /* just halt - this is invalid */ 560 DPRINTF("invalid command length %d bytes\n", 561 sc->sc_transfer.cmd_len); 562 break; 563 } 564 565 err = ustorage_fs_do_cmd(sc); 566 if (err) { 567 /* got an error */ 568 DPRINTF("command failed\n"); 569 break; 570 } 571 if ((sc->sc_transfer.data_rem > 0) && 572 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) { 573 /* contradicting data transfer direction */ 574 err = 1; 575 DPRINTF("data direction mismatch\n"); 576 break; 577 } 578 switch (sc->sc_transfer.cbw_dir) { 579 case DIR_READ: 580 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ); 581 break; 582 case DIR_WRITE: 583 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE); 584 break; 585 default: 586 ustorage_fs_transfer_start(sc, 587 USTORAGE_FS_T_BBB_STATUS); 588 break; 589 } 590 break; 591 592 case USB_ST_SETUP: 593 tr_setup: 594 if (sc->sc_transfer.data_error) { 595 sc->sc_transfer.data_error = 0; 596 usbd_xfer_set_stall(xfer); 597 DPRINTF("stall pipe\n"); 598 } 599 600 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw, 601 sizeof(sc->sc_cbw)); 602 usbd_transfer_submit(xfer); 603 break; 604 605 default: /* Error */ 606 DPRINTF("error\n"); 607 if (error == USB_ERR_CANCELLED) { 608 break; 609 } 610 /* If the pipe is already stalled, don't do another stall */ 611 if (!usbd_xfer_is_stalled(xfer)) 612 sc->sc_transfer.data_error = 1; 613 614 /* try again */ 615 goto tr_setup; 616 } 617 if (err) { 618 if (sc->sc_csw.bCSWStatus == 0) { 619 /* set some default error code */ 620 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 621 } 622 if (sc->sc_transfer.cbw_dir == DIR_READ) { 623 /* dump all data */ 624 ustorage_fs_transfer_start(sc, 625 USTORAGE_FS_T_BBB_DATA_DUMP); 626 return; 627 } 628 if (sc->sc_transfer.cbw_dir == DIR_WRITE) { 629 /* need to stall before status */ 630 sc->sc_transfer.data_error = 1; 631 } 632 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS); 633 } 634 } 635 636 static void 637 ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error) 638 { 639 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 640 uint32_t max_bulk = usbd_xfer_max_len(xfer); 641 int actlen, sumlen; 642 643 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 644 645 DPRINTF("\n"); 646 647 switch (USB_GET_STATE(xfer)) { 648 case USB_ST_TRANSFERRED: 649 sc->sc_transfer.data_rem -= actlen; 650 sc->sc_transfer.offset += actlen; 651 652 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 653 /* short transfer or end of data */ 654 ustorage_fs_transfer_start(sc, 655 USTORAGE_FS_T_BBB_STATUS); 656 break; 657 } 658 /* Fallthrough */ 659 660 case USB_ST_SETUP: 661 tr_setup: 662 if (max_bulk > sc->sc_transfer.data_rem) { 663 max_bulk = sc->sc_transfer.data_rem; 664 } 665 if (sc->sc_transfer.data_error) { 666 sc->sc_transfer.data_error = 0; 667 usbd_xfer_set_stall(xfer); 668 } 669 usbd_xfer_set_frame_len(xfer, 0, max_bulk); 670 usbd_transfer_submit(xfer); 671 break; 672 673 default: /* Error */ 674 if (error == USB_ERR_CANCELLED) { 675 break; 676 } 677 /* 678 * If the pipe is already stalled, don't do another stall: 679 */ 680 if (!usbd_xfer_is_stalled(xfer)) 681 sc->sc_transfer.data_error = 1; 682 683 /* try again */ 684 goto tr_setup; 685 } 686 } 687 688 static void 689 ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error) 690 { 691 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 692 uint32_t max_bulk = usbd_xfer_max_len(xfer); 693 int actlen, sumlen; 694 695 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 696 697 DPRINTF("\n"); 698 699 switch (USB_GET_STATE(xfer)) { 700 case USB_ST_TRANSFERRED: 701 sc->sc_transfer.data_rem -= actlen; 702 sc->sc_transfer.data_ptr += actlen; 703 sc->sc_transfer.offset += actlen; 704 705 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 706 /* short transfer or end of data */ 707 ustorage_fs_transfer_start(sc, 708 USTORAGE_FS_T_BBB_STATUS); 709 break; 710 } 711 /* Fallthrough */ 712 713 case USB_ST_SETUP: 714 tr_setup: 715 if (max_bulk > sc->sc_transfer.data_rem) { 716 max_bulk = sc->sc_transfer.data_rem; 717 } 718 if (sc->sc_transfer.data_error) { 719 sc->sc_transfer.data_error = 0; 720 usbd_xfer_set_stall(xfer); 721 } 722 723 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr, 724 max_bulk); 725 usbd_transfer_submit(xfer); 726 break; 727 728 default: /* Error */ 729 if (error == USB_ERR_CANCELLED) { 730 break; 731 } 732 /* If the pipe is already stalled, don't do another stall */ 733 if (!usbd_xfer_is_stalled(xfer)) 734 sc->sc_transfer.data_error = 1; 735 736 /* try again */ 737 goto tr_setup; 738 } 739 } 740 741 static void 742 ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error) 743 { 744 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 745 uint32_t max_bulk = usbd_xfer_max_len(xfer); 746 int actlen, sumlen; 747 748 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 749 750 DPRINTF("\n"); 751 752 switch (USB_GET_STATE(xfer)) { 753 case USB_ST_TRANSFERRED: 754 sc->sc_transfer.data_rem -= actlen; 755 sc->sc_transfer.data_ptr += actlen; 756 sc->sc_transfer.offset += actlen; 757 758 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 759 /* short transfer or end of data */ 760 ustorage_fs_transfer_start(sc, 761 USTORAGE_FS_T_BBB_STATUS); 762 break; 763 } 764 case USB_ST_SETUP: 765 tr_setup: 766 if (max_bulk >= sc->sc_transfer.data_rem) { 767 max_bulk = sc->sc_transfer.data_rem; 768 if (sc->sc_transfer.data_short) 769 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER); 770 else 771 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 772 } else 773 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 774 775 if (sc->sc_transfer.data_error) { 776 sc->sc_transfer.data_error = 0; 777 usbd_xfer_set_stall(xfer); 778 } 779 780 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr, 781 max_bulk); 782 usbd_transfer_submit(xfer); 783 break; 784 785 default: /* Error */ 786 if (error == USB_ERR_CANCELLED) { 787 break; 788 } 789 /* 790 * If the pipe is already stalled, don't do another 791 * stall 792 */ 793 if (!usbd_xfer_is_stalled(xfer)) 794 sc->sc_transfer.data_error = 1; 795 796 /* try again */ 797 goto tr_setup; 798 } 799 } 800 801 static void 802 ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error) 803 { 804 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 805 806 DPRINTF("\n"); 807 808 switch (USB_GET_STATE(xfer)) { 809 case USB_ST_TRANSFERRED: 810 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 811 break; 812 813 case USB_ST_SETUP: 814 tr_setup: 815 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE); 816 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem); 817 818 if (sc->sc_transfer.data_error) { 819 sc->sc_transfer.data_error = 0; 820 usbd_xfer_set_stall(xfer); 821 } 822 823 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw, 824 sizeof(sc->sc_csw)); 825 usbd_transfer_submit(xfer); 826 break; 827 828 default: 829 if (error == USB_ERR_CANCELLED) { 830 break; 831 } 832 /* If the pipe is already stalled, don't do another stall */ 833 if (!usbd_xfer_is_stalled(xfer)) 834 sc->sc_transfer.data_error = 1; 835 836 /* try again */ 837 goto tr_setup; 838 } 839 } 840 841 /* SCSI commands that we recognize */ 842 #define SC_FORMAT_UNIT 0x04 843 #define SC_INQUIRY 0x12 844 #define SC_MODE_SELECT_6 0x15 845 #define SC_MODE_SELECT_10 0x55 846 #define SC_MODE_SENSE_6 0x1a 847 #define SC_MODE_SENSE_10 0x5a 848 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 849 #define SC_READ_6 0x08 850 #define SC_READ_10 0x28 851 #define SC_READ_12 0xa8 852 #define SC_READ_CAPACITY 0x25 853 #define SC_READ_FORMAT_CAPACITIES 0x23 854 #define SC_RELEASE 0x17 855 #define SC_REQUEST_SENSE 0x03 856 #define SC_RESERVE 0x16 857 #define SC_SEND_DIAGNOSTIC 0x1d 858 #define SC_START_STOP_UNIT 0x1b 859 #define SC_SYNCHRONIZE_CACHE 0x35 860 #define SC_TEST_UNIT_READY 0x00 861 #define SC_VERIFY 0x2f 862 #define SC_WRITE_6 0x0a 863 #define SC_WRITE_10 0x2a 864 #define SC_WRITE_12 0xaa 865 866 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 867 #define SS_NO_SENSE 0 868 #define SS_COMMUNICATION_FAILURE 0x040800 869 #define SS_INVALID_COMMAND 0x052000 870 #define SS_INVALID_FIELD_IN_CDB 0x052400 871 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 872 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 873 #define SS_MEDIUM_NOT_PRESENT 0x023a00 874 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 875 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800 876 #define SS_RESET_OCCURRED 0x062900 877 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 878 #define SS_UNRECOVERED_READ_ERROR 0x031100 879 #define SS_WRITE_ERROR 0x030c02 880 #define SS_WRITE_PROTECTED 0x072700 881 882 #define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */ 883 #define ASC(x) ((uint8_t) ((x) >> 8)) 884 #define ASCQ(x) ((uint8_t) (x)) 885 886 /* Routines for unaligned data access */ 887 888 static uint16_t 889 get_be16(uint8_t *buf) 890 { 891 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]); 892 } 893 894 static uint32_t 895 get_be32(uint8_t *buf) 896 { 897 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | 898 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]); 899 } 900 901 static void 902 put_be16(uint8_t *buf, uint16_t val) 903 { 904 buf[0] = val >> 8; 905 buf[1] = val; 906 } 907 908 static void 909 put_be32(uint8_t *buf, uint32_t val) 910 { 911 buf[0] = val >> 24; 912 buf[1] = val >> 16; 913 buf[2] = val >> 8; 914 buf[3] = val & 0xff; 915 } 916 917 /*------------------------------------------------------------------------* 918 * ustorage_fs_verify 919 * 920 * Returns: 921 * 0: Success 922 * Else: Failure 923 *------------------------------------------------------------------------*/ 924 static uint8_t 925 ustorage_fs_verify(struct ustorage_fs_softc *sc) 926 { 927 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 928 uint32_t lba; 929 uint32_t vlen; 930 uint64_t file_offset; 931 uint64_t amount_left; 932 933 /* 934 * Get the starting Logical Block Address 935 */ 936 lba = get_be32(&sc->sc_cmd_data[2]); 937 938 /* 939 * We allow DPO (Disable Page Out = don't save data in the cache) 940 * but we don't implement it. 941 */ 942 if ((sc->sc_cmd_data[1] & ~0x10) != 0) { 943 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 944 return (1); 945 } 946 vlen = get_be16(&sc->sc_cmd_data[7]); 947 if (vlen == 0) { 948 goto done; 949 } 950 /* No default reply */ 951 952 /* Prepare to carry out the file verify */ 953 amount_left = vlen; 954 amount_left <<= 9; 955 file_offset = lba; 956 file_offset <<= 9; 957 958 /* Range check */ 959 vlen += lba; 960 961 if ((vlen < lba) || 962 (vlen > currlun->num_sectors) || 963 (lba >= currlun->num_sectors)) { 964 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 965 return (1); 966 } 967 /* XXX TODO: verify that data is readable */ 968 done: 969 return (ustorage_fs_min_len(sc, 0, 0 - 1)); 970 } 971 972 /*------------------------------------------------------------------------* 973 * ustorage_fs_inquiry 974 * 975 * Returns: 976 * 0: Success 977 * Else: Failure 978 *------------------------------------------------------------------------*/ 979 static uint8_t 980 ustorage_fs_inquiry(struct ustorage_fs_softc *sc) 981 { 982 uint8_t *buf = sc->sc_transfer.data_ptr; 983 984 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 985 986 if (!sc->sc_transfer.currlun) { 987 /* Unsupported LUNs are okay */ 988 memset(buf, 0, 36); 989 buf[0] = 0x7f; 990 /* Unsupported, no device - type */ 991 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 992 } 993 memset(buf, 0, 8); 994 /* Non - removable, direct - access device */ 995 if (currlun->removable) 996 buf[1] = 0x80; 997 buf[2] = 2; 998 /* ANSI SCSI level 2 */ 999 buf[3] = 2; 1000 /* SCSI - 2 INQUIRY data format */ 1001 buf[4] = 31; 1002 /* Additional length */ 1003 /* No special options */ 1004 /* Copy in ID string */ 1005 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28); 1006 1007 #if (USTORAGE_QDATA_MAX < 36) 1008 #error "(USTORAGE_QDATA_MAX < 36)" 1009 #endif 1010 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 1011 } 1012 1013 /*------------------------------------------------------------------------* 1014 * ustorage_fs_request_sense 1015 * 1016 * Returns: 1017 * 0: Success 1018 * Else: Failure 1019 *------------------------------------------------------------------------*/ 1020 static uint8_t 1021 ustorage_fs_request_sense(struct ustorage_fs_softc *sc) 1022 { 1023 uint8_t *buf = sc->sc_transfer.data_ptr; 1024 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1025 uint32_t sd; 1026 uint32_t sdinfo; 1027 uint8_t valid; 1028 1029 /* 1030 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1031 * 1032 * If a REQUEST SENSE command is received from an initiator 1033 * with a pending unit attention condition (before the target 1034 * generates the contingent allegiance condition), then the 1035 * target shall either: 1036 * a) report any pending sense data and preserve the unit 1037 * attention condition on the logical unit, or, 1038 * b) report the unit attention condition, may discard any 1039 * pending sense data, and clear the unit attention 1040 * condition on the logical unit for that initiator. 1041 * 1042 * FSG normally uses option a); enable this code to use option b). 1043 */ 1044 #if 0 1045 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) { 1046 currlun->sense_data = currlun->unit_attention_data; 1047 currlun->unit_attention_data = SS_NO_SENSE; 1048 } 1049 #endif 1050 1051 if (!currlun) { 1052 /* Unsupported LUNs are okay */ 1053 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1054 sdinfo = 0; 1055 valid = 0; 1056 } else { 1057 sd = currlun->sense_data; 1058 sdinfo = currlun->sense_data_info; 1059 valid = currlun->info_valid << 7; 1060 currlun->sense_data = SS_NO_SENSE; 1061 currlun->sense_data_info = 0; 1062 currlun->info_valid = 0; 1063 } 1064 1065 memset(buf, 0, 18); 1066 buf[0] = valid | 0x70; 1067 /* Valid, current error */ 1068 buf[2] = SK(sd); 1069 put_be32(&buf[3], sdinfo); 1070 /* Sense information */ 1071 buf[7] = 18 - 8; 1072 /* Additional sense length */ 1073 buf[12] = ASC(sd); 1074 buf[13] = ASCQ(sd); 1075 1076 #if (USTORAGE_QDATA_MAX < 18) 1077 #error "(USTORAGE_QDATA_MAX < 18)" 1078 #endif 1079 return (ustorage_fs_min_len(sc, 18, 0 - 1)); 1080 } 1081 1082 /*------------------------------------------------------------------------* 1083 * ustorage_fs_read_capacity 1084 * 1085 * Returns: 1086 * 0: Success 1087 * Else: Failure 1088 *------------------------------------------------------------------------*/ 1089 static uint8_t 1090 ustorage_fs_read_capacity(struct ustorage_fs_softc *sc) 1091 { 1092 uint8_t *buf = sc->sc_transfer.data_ptr; 1093 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1094 uint32_t lba = get_be32(&sc->sc_cmd_data[2]); 1095 uint8_t pmi = sc->sc_cmd_data[8]; 1096 1097 /* Check the PMI and LBA fields */ 1098 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) { 1099 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1100 return (1); 1101 } 1102 /* Max logical block */ 1103 put_be32(&buf[0], currlun->num_sectors - 1); 1104 /* Block length */ 1105 put_be32(&buf[4], 512); 1106 1107 #if (USTORAGE_QDATA_MAX < 8) 1108 #error "(USTORAGE_QDATA_MAX < 8)" 1109 #endif 1110 return (ustorage_fs_min_len(sc, 8, 0 - 1)); 1111 } 1112 1113 /*------------------------------------------------------------------------* 1114 * ustorage_fs_mode_sense 1115 * 1116 * Returns: 1117 * 0: Success 1118 * Else: Failure 1119 *------------------------------------------------------------------------*/ 1120 static uint8_t 1121 ustorage_fs_mode_sense(struct ustorage_fs_softc *sc) 1122 { 1123 uint8_t *buf = sc->sc_transfer.data_ptr; 1124 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1125 uint8_t *buf0; 1126 uint16_t len; 1127 uint16_t limit; 1128 uint8_t mscmnd = sc->sc_cmd_data[0]; 1129 uint8_t pc; 1130 uint8_t page_code; 1131 uint8_t changeable_values; 1132 uint8_t all_pages; 1133 1134 buf0 = buf; 1135 1136 if ((sc->sc_cmd_data[1] & ~0x08) != 0) { 1137 /* Mask away DBD */ 1138 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1139 return (1); 1140 } 1141 pc = sc->sc_cmd_data[2] >> 6; 1142 page_code = sc->sc_cmd_data[2] & 0x3f; 1143 if (pc == 3) { 1144 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1145 return (1); 1146 } 1147 changeable_values = (pc == 1); 1148 all_pages = (page_code == 0x3f); 1149 1150 /* 1151 * Write the mode parameter header. Fixed values are: default 1152 * medium type, no cache control (DPOFUA), and no block descriptors. 1153 * The only variable value is the WriteProtect bit. We will fill in 1154 * the mode data length later. 1155 */ 1156 memset(buf, 0, 8); 1157 if (mscmnd == SC_MODE_SENSE_6) { 1158 buf[2] = (currlun->read_only ? 0x80 : 0x00); 1159 /* WP, DPOFUA */ 1160 buf += 4; 1161 limit = 255; 1162 } else { 1163 /* SC_MODE_SENSE_10 */ 1164 buf[3] = (currlun->read_only ? 0x80 : 0x00); 1165 /* WP, DPOFUA */ 1166 buf += 8; 1167 limit = 65535; 1168 /* Should really be mod_data.buflen */ 1169 } 1170 1171 /* No block descriptors */ 1172 1173 /* 1174 * The mode pages, in numerical order. 1175 */ 1176 if ((page_code == 0x08) || all_pages) { 1177 buf[0] = 0x08; 1178 /* Page code */ 1179 buf[1] = 10; 1180 /* Page length */ 1181 memset(buf + 2, 0, 10); 1182 /* None of the fields are changeable */ 1183 1184 if (!changeable_values) { 1185 buf[2] = 0x04; 1186 /* Write cache enable, */ 1187 /* Read cache not disabled */ 1188 /* No cache retention priorities */ 1189 put_be16(&buf[4], 0xffff); 1190 /* Don 't disable prefetch */ 1191 /* Minimum prefetch = 0 */ 1192 put_be16(&buf[8], 0xffff); 1193 /* Maximum prefetch */ 1194 put_be16(&buf[10], 0xffff); 1195 /* Maximum prefetch ceiling */ 1196 } 1197 buf += 12; 1198 } 1199 /* 1200 * Check that a valid page was requested and the mode data length 1201 * isn't too long. 1202 */ 1203 len = buf - buf0; 1204 if (len > limit) { 1205 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1206 return (1); 1207 } 1208 /* Store the mode data length */ 1209 if (mscmnd == SC_MODE_SENSE_6) 1210 buf0[0] = len - 1; 1211 else 1212 put_be16(buf0, len - 2); 1213 1214 #if (USTORAGE_QDATA_MAX < 24) 1215 #error "(USTORAGE_QDATA_MAX < 24)" 1216 #endif 1217 return (ustorage_fs_min_len(sc, len, 0 - 1)); 1218 } 1219 1220 /*------------------------------------------------------------------------* 1221 * ustorage_fs_start_stop 1222 * 1223 * Returns: 1224 * 0: Success 1225 * Else: Failure 1226 *------------------------------------------------------------------------*/ 1227 static uint8_t 1228 ustorage_fs_start_stop(struct ustorage_fs_softc *sc) 1229 { 1230 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1231 uint8_t loej; 1232 uint8_t start; 1233 uint8_t immed; 1234 1235 if (!currlun->removable) { 1236 currlun->sense_data = SS_INVALID_COMMAND; 1237 return (1); 1238 } 1239 immed = sc->sc_cmd_data[1] & 0x01; 1240 loej = sc->sc_cmd_data[4] & 0x02; 1241 start = sc->sc_cmd_data[4] & 0x01; 1242 1243 if (immed || loej || start) { 1244 /* compile fix */ 1245 } 1246 return (0); 1247 } 1248 1249 /*------------------------------------------------------------------------* 1250 * ustorage_fs_prevent_allow 1251 * 1252 * Returns: 1253 * 0: Success 1254 * Else: Failure 1255 *------------------------------------------------------------------------*/ 1256 static uint8_t 1257 ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc) 1258 { 1259 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1260 uint8_t prevent; 1261 1262 if (!currlun->removable) { 1263 currlun->sense_data = SS_INVALID_COMMAND; 1264 return (1); 1265 } 1266 prevent = sc->sc_cmd_data[4] & 0x01; 1267 if ((sc->sc_cmd_data[4] & ~0x01) != 0) { 1268 /* Mask away Prevent */ 1269 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1270 return (1); 1271 } 1272 if (currlun->prevent_medium_removal && !prevent) { 1273 //fsync_sub(currlun); 1274 } 1275 currlun->prevent_medium_removal = prevent; 1276 return (0); 1277 } 1278 1279 /*------------------------------------------------------------------------* 1280 * ustorage_fs_read_format_capacities 1281 * 1282 * Returns: 1283 * 0: Success 1284 * Else: Failure 1285 *------------------------------------------------------------------------*/ 1286 static uint8_t 1287 ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc) 1288 { 1289 uint8_t *buf = sc->sc_transfer.data_ptr; 1290 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1291 1292 buf[0] = buf[1] = buf[2] = 0; 1293 buf[3] = 8; 1294 /* Only the Current / Maximum Capacity Descriptor */ 1295 buf += 4; 1296 1297 /* Number of blocks */ 1298 put_be32(&buf[0], currlun->num_sectors); 1299 /* Block length */ 1300 put_be32(&buf[4], 512); 1301 /* Current capacity */ 1302 buf[4] = 0x02; 1303 1304 #if (USTORAGE_QDATA_MAX < 12) 1305 #error "(USTORAGE_QDATA_MAX < 12)" 1306 #endif 1307 return (ustorage_fs_min_len(sc, 12, 0 - 1)); 1308 } 1309 1310 /*------------------------------------------------------------------------* 1311 * ustorage_fs_mode_select 1312 * 1313 * Return values: 1314 * 0: Success 1315 * Else: Failure 1316 *------------------------------------------------------------------------*/ 1317 static uint8_t 1318 ustorage_fs_mode_select(struct ustorage_fs_softc *sc) 1319 { 1320 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1321 1322 /* We don't support MODE SELECT */ 1323 currlun->sense_data = SS_INVALID_COMMAND; 1324 return (1); 1325 } 1326 1327 /*------------------------------------------------------------------------* 1328 * ustorage_fs_synchronize_cache 1329 * 1330 * Return values: 1331 * 0: Success 1332 * Else: Failure 1333 *------------------------------------------------------------------------*/ 1334 static uint8_t 1335 ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc) 1336 { 1337 #if 0 1338 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1339 uint8_t rc; 1340 1341 /* 1342 * We ignore the requested LBA and write out all dirty data buffers. 1343 */ 1344 rc = 0; 1345 if (rc) { 1346 currlun->sense_data = SS_WRITE_ERROR; 1347 } 1348 #endif 1349 return (0); 1350 } 1351 1352 /*------------------------------------------------------------------------* 1353 * ustorage_fs_read - read data from disk 1354 * 1355 * Return values: 1356 * 0: Success 1357 * Else: Failure 1358 *------------------------------------------------------------------------*/ 1359 static uint8_t 1360 ustorage_fs_read(struct ustorage_fs_softc *sc) 1361 { 1362 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1363 uint64_t file_offset; 1364 uint32_t lba; 1365 uint32_t len; 1366 1367 /* 1368 * Get the starting Logical Block Address and check that it's not 1369 * too big 1370 */ 1371 if (sc->sc_cmd_data[0] == SC_READ_6) { 1372 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) | 1373 get_be16(&sc->sc_cmd_data[2]); 1374 } else { 1375 lba = get_be32(&sc->sc_cmd_data[2]); 1376 1377 /* 1378 * We allow DPO (Disable Page Out = don't save data in the 1379 * cache) and FUA (Force Unit Access = don't read from the 1380 * cache), but we don't implement them. 1381 */ 1382 if ((sc->sc_cmd_data[1] & ~0x18) != 0) { 1383 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1384 return (1); 1385 } 1386 } 1387 len = sc->sc_transfer.data_rem >> 9; 1388 len += lba; 1389 1390 if ((len < lba) || 1391 (len > currlun->num_sectors) || 1392 (lba >= currlun->num_sectors)) { 1393 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1394 return (1); 1395 } 1396 file_offset = lba; 1397 file_offset <<= 9; 1398 1399 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1400 1401 return (0); 1402 } 1403 1404 /*------------------------------------------------------------------------* 1405 * ustorage_fs_write - write data to disk 1406 * 1407 * Return values: 1408 * 0: Success 1409 * Else: Failure 1410 *------------------------------------------------------------------------*/ 1411 static uint8_t 1412 ustorage_fs_write(struct ustorage_fs_softc *sc) 1413 { 1414 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1415 uint64_t file_offset; 1416 uint32_t lba; 1417 uint32_t len; 1418 1419 if (currlun->read_only) { 1420 currlun->sense_data = SS_WRITE_PROTECTED; 1421 return (1); 1422 } 1423 /* XXX clear SYNC */ 1424 1425 /* 1426 * Get the starting Logical Block Address and check that it's not 1427 * too big. 1428 */ 1429 if (sc->sc_cmd_data[0] == SC_WRITE_6) 1430 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) | 1431 get_be16(&sc->sc_cmd_data[2]); 1432 else { 1433 lba = get_be32(&sc->sc_cmd_data[2]); 1434 1435 /* 1436 * We allow DPO (Disable Page Out = don't save data in the 1437 * cache) and FUA (Force Unit Access = write directly to the 1438 * medium). We don't implement DPO; we implement FUA by 1439 * performing synchronous output. 1440 */ 1441 if ((sc->sc_cmd_data[1] & ~0x18) != 0) { 1442 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1443 return (1); 1444 } 1445 if (sc->sc_cmd_data[1] & 0x08) { 1446 /* FUA */ 1447 /* XXX set SYNC flag here */ 1448 } 1449 } 1450 1451 len = sc->sc_transfer.data_rem >> 9; 1452 len += lba; 1453 1454 if ((len < lba) || 1455 (len > currlun->num_sectors) || 1456 (lba >= currlun->num_sectors)) { 1457 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1458 return (1); 1459 } 1460 file_offset = lba; 1461 file_offset <<= 9; 1462 1463 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1464 1465 return (0); 1466 } 1467 1468 /*------------------------------------------------------------------------* 1469 * ustorage_fs_min_len 1470 * 1471 * Return values: 1472 * 0: Success 1473 * Else: Failure 1474 *------------------------------------------------------------------------*/ 1475 static uint8_t 1476 ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask) 1477 { 1478 if (len != sc->sc_transfer.data_rem) { 1479 1480 if (sc->sc_transfer.cbw_dir == DIR_READ) { 1481 /* 1482 * there must be something wrong about this SCSI 1483 * command 1484 */ 1485 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1486 return (1); 1487 } 1488 /* compute the minimum length */ 1489 1490 if (sc->sc_transfer.data_rem > len) { 1491 /* data ends prematurely */ 1492 sc->sc_transfer.data_rem = len; 1493 sc->sc_transfer.data_short = 1; 1494 } 1495 /* check length alignment */ 1496 1497 if (sc->sc_transfer.data_rem & ~mask) { 1498 /* data ends prematurely */ 1499 sc->sc_transfer.data_rem &= mask; 1500 sc->sc_transfer.data_short = 1; 1501 } 1502 } 1503 return (0); 1504 } 1505 1506 /*------------------------------------------------------------------------* 1507 * ustorage_fs_check_cmd - check command routine 1508 * 1509 * Check whether the command is properly formed and whether its data 1510 * size and direction agree with the values we already have. 1511 * 1512 * Return values: 1513 * 0: Success 1514 * Else: Failure 1515 *------------------------------------------------------------------------*/ 1516 static uint8_t 1517 ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size, 1518 uint16_t mask, uint8_t needs_medium) 1519 { 1520 struct ustorage_fs_lun *currlun; 1521 uint8_t lun = (sc->sc_cmd_data[1] >> 5); 1522 uint8_t i; 1523 1524 /* Verify the length of the command itself */ 1525 if (min_cmd_size > sc->sc_transfer.cmd_len) { 1526 DPRINTF("%u > %u\n", 1527 min_cmd_size, sc->sc_transfer.cmd_len); 1528 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1529 return (1); 1530 } 1531 /* Mask away the LUN */ 1532 sc->sc_cmd_data[1] &= 0x1f; 1533 1534 /* Check if LUN is correct */ 1535 if (lun != sc->sc_transfer.lun) { 1536 1537 } 1538 /* Check the LUN */ 1539 if (sc->sc_transfer.lun <= sc->sc_last_lun) { 1540 sc->sc_transfer.currlun = currlun = 1541 sc->sc_lun + sc->sc_transfer.lun; 1542 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) { 1543 currlun->sense_data = SS_NO_SENSE; 1544 currlun->sense_data_info = 0; 1545 currlun->info_valid = 0; 1546 } 1547 /* 1548 * If a unit attention condition exists, only INQUIRY 1549 * and REQUEST SENSE commands are allowed. Anything 1550 * else must fail! 1551 */ 1552 if ((currlun->unit_attention_data != SS_NO_SENSE) && 1553 (sc->sc_cmd_data[0] != SC_INQUIRY) && 1554 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) { 1555 currlun->sense_data = currlun->unit_attention_data; 1556 currlun->unit_attention_data = SS_NO_SENSE; 1557 return (1); 1558 } 1559 } else { 1560 sc->sc_transfer.currlun = currlun = NULL; 1561 1562 /* 1563 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1564 * to use unsupported LUNs; all others may not. 1565 */ 1566 if ((sc->sc_cmd_data[0] != SC_INQUIRY) && 1567 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) { 1568 return (1); 1569 } 1570 } 1571 1572 /* 1573 * Check that only command bytes listed in the mask are 1574 * non-zero. 1575 */ 1576 for (i = 0; i != min_cmd_size; i++) { 1577 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) { 1578 if (currlun) { 1579 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1580 } 1581 return (1); 1582 } 1583 } 1584 1585 /* 1586 * If the medium isn't mounted and the command needs to access 1587 * it, return an error. 1588 */ 1589 if (currlun && (!currlun->memory_image) && needs_medium) { 1590 currlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1591 return (1); 1592 } 1593 return (0); 1594 } 1595 1596 /*------------------------------------------------------------------------* 1597 * ustorage_fs_do_cmd - do command 1598 * 1599 * Return values: 1600 * 0: Success 1601 * Else: Failure 1602 *------------------------------------------------------------------------*/ 1603 static uint8_t 1604 ustorage_fs_do_cmd(struct ustorage_fs_softc *sc) 1605 { 1606 uint8_t error = 1; 1607 uint8_t i; 1608 uint32_t temp; 1609 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9; 1610 1611 /* set default data transfer pointer */ 1612 sc->sc_transfer.data_ptr = sc->sc_qdata; 1613 1614 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n", 1615 sc->sc_cmd_data[0], sc->sc_transfer.data_rem); 1616 1617 switch (sc->sc_cmd_data[0]) { 1618 case SC_INQUIRY: 1619 sc->sc_transfer.cmd_dir = DIR_WRITE; 1620 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1621 if (error) { 1622 break; 1623 } 1624 error = ustorage_fs_check_cmd(sc, 6, 1625 (1UL << 4) | 1, 0); 1626 if (error) { 1627 break; 1628 } 1629 error = ustorage_fs_inquiry(sc); 1630 1631 break; 1632 1633 case SC_MODE_SELECT_6: 1634 sc->sc_transfer.cmd_dir = DIR_READ; 1635 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1636 if (error) { 1637 break; 1638 } 1639 error = ustorage_fs_check_cmd(sc, 6, 1640 (1UL << 1) | (1UL << 4) | 1, 0); 1641 if (error) { 1642 break; 1643 } 1644 error = ustorage_fs_mode_select(sc); 1645 1646 break; 1647 1648 case SC_MODE_SELECT_10: 1649 sc->sc_transfer.cmd_dir = DIR_READ; 1650 error = ustorage_fs_min_len(sc, 1651 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1652 if (error) { 1653 break; 1654 } 1655 error = ustorage_fs_check_cmd(sc, 10, 1656 (1UL << 1) | (3UL << 7) | 1, 0); 1657 if (error) { 1658 break; 1659 } 1660 error = ustorage_fs_mode_select(sc); 1661 1662 break; 1663 1664 case SC_MODE_SENSE_6: 1665 sc->sc_transfer.cmd_dir = DIR_WRITE; 1666 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1667 if (error) { 1668 break; 1669 } 1670 error = ustorage_fs_check_cmd(sc, 6, 1671 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0); 1672 if (error) { 1673 break; 1674 } 1675 error = ustorage_fs_mode_sense(sc); 1676 1677 break; 1678 1679 case SC_MODE_SENSE_10: 1680 sc->sc_transfer.cmd_dir = DIR_WRITE; 1681 error = ustorage_fs_min_len(sc, 1682 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1683 if (error) { 1684 break; 1685 } 1686 error = ustorage_fs_check_cmd(sc, 10, 1687 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0); 1688 if (error) { 1689 break; 1690 } 1691 error = ustorage_fs_mode_sense(sc); 1692 1693 break; 1694 1695 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 1696 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1697 if (error) { 1698 break; 1699 } 1700 error = ustorage_fs_check_cmd(sc, 6, 1701 (1UL << 4) | 1, 0); 1702 if (error) { 1703 break; 1704 } 1705 error = ustorage_fs_prevent_allow(sc); 1706 1707 break; 1708 1709 case SC_READ_6: 1710 i = sc->sc_cmd_data[4]; 1711 sc->sc_transfer.cmd_dir = DIR_WRITE; 1712 temp = ((i == 0) ? 256UL : i); 1713 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1714 if (error) { 1715 break; 1716 } 1717 error = ustorage_fs_check_cmd(sc, 6, 1718 (7UL << 1) | (1UL << 4) | 1, 1); 1719 if (error) { 1720 break; 1721 } 1722 error = ustorage_fs_read(sc); 1723 1724 break; 1725 1726 case SC_READ_10: 1727 sc->sc_transfer.cmd_dir = DIR_WRITE; 1728 temp = get_be16(&sc->sc_cmd_data[7]); 1729 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1730 if (error) { 1731 break; 1732 } 1733 error = ustorage_fs_check_cmd(sc, 10, 1734 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1735 if (error) { 1736 break; 1737 } 1738 error = ustorage_fs_read(sc); 1739 1740 break; 1741 1742 case SC_READ_12: 1743 sc->sc_transfer.cmd_dir = DIR_WRITE; 1744 temp = get_be32(&sc->sc_cmd_data[6]); 1745 if (temp >= (1UL << (32 - 9))) { 1746 /* numerical overflow */ 1747 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1748 error = 1; 1749 break; 1750 } 1751 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1752 if (error) { 1753 break; 1754 } 1755 error = ustorage_fs_check_cmd(sc, 12, 1756 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1757 if (error) { 1758 break; 1759 } 1760 error = ustorage_fs_read(sc); 1761 1762 break; 1763 1764 case SC_READ_CAPACITY: 1765 sc->sc_transfer.cmd_dir = DIR_WRITE; 1766 error = ustorage_fs_check_cmd(sc, 10, 1767 (0xfUL << 2) | (1UL << 8) | 1, 1); 1768 if (error) { 1769 break; 1770 } 1771 error = ustorage_fs_read_capacity(sc); 1772 1773 break; 1774 1775 case SC_READ_FORMAT_CAPACITIES: 1776 sc->sc_transfer.cmd_dir = DIR_WRITE; 1777 error = ustorage_fs_min_len(sc, 1778 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1779 if (error) { 1780 break; 1781 } 1782 error = ustorage_fs_check_cmd(sc, 10, 1783 (3UL << 7) | 1, 1); 1784 if (error) { 1785 break; 1786 } 1787 error = ustorage_fs_read_format_capacities(sc); 1788 1789 break; 1790 1791 case SC_REQUEST_SENSE: 1792 sc->sc_transfer.cmd_dir = DIR_WRITE; 1793 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1794 if (error) { 1795 break; 1796 } 1797 error = ustorage_fs_check_cmd(sc, 6, 1798 (1UL << 4) | 1, 0); 1799 if (error) { 1800 break; 1801 } 1802 error = ustorage_fs_request_sense(sc); 1803 1804 break; 1805 1806 case SC_START_STOP_UNIT: 1807 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1808 if (error) { 1809 break; 1810 } 1811 error = ustorage_fs_check_cmd(sc, 6, 1812 (1UL << 1) | (1UL << 4) | 1, 0); 1813 if (error) { 1814 break; 1815 } 1816 error = ustorage_fs_start_stop(sc); 1817 1818 break; 1819 1820 case SC_SYNCHRONIZE_CACHE: 1821 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1822 if (error) { 1823 break; 1824 } 1825 error = ustorage_fs_check_cmd(sc, 10, 1826 (0xfUL << 2) | (3UL << 7) | 1, 1); 1827 if (error) { 1828 break; 1829 } 1830 error = ustorage_fs_synchronize_cache(sc); 1831 1832 break; 1833 1834 case SC_TEST_UNIT_READY: 1835 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1836 if (error) { 1837 break; 1838 } 1839 error = ustorage_fs_check_cmd(sc, 6, 1840 0 | 1, 1); 1841 break; 1842 1843 /* 1844 * Although optional, this command is used by MS-Windows. 1845 * We support a minimal version: BytChk must be 0. 1846 */ 1847 case SC_VERIFY: 1848 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1849 if (error) { 1850 break; 1851 } 1852 error = ustorage_fs_check_cmd(sc, 10, 1853 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1854 if (error) { 1855 break; 1856 } 1857 error = ustorage_fs_verify(sc); 1858 1859 break; 1860 1861 case SC_WRITE_6: 1862 i = sc->sc_cmd_data[4]; 1863 sc->sc_transfer.cmd_dir = DIR_READ; 1864 temp = ((i == 0) ? 256UL : i); 1865 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1866 if (error) { 1867 break; 1868 } 1869 error = ustorage_fs_check_cmd(sc, 6, 1870 (7UL << 1) | (1UL << 4) | 1, 1); 1871 if (error) { 1872 break; 1873 } 1874 error = ustorage_fs_write(sc); 1875 1876 break; 1877 1878 case SC_WRITE_10: 1879 sc->sc_transfer.cmd_dir = DIR_READ; 1880 temp = get_be16(&sc->sc_cmd_data[7]); 1881 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1882 if (error) { 1883 break; 1884 } 1885 error = ustorage_fs_check_cmd(sc, 10, 1886 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1887 if (error) { 1888 break; 1889 } 1890 error = ustorage_fs_write(sc); 1891 1892 break; 1893 1894 case SC_WRITE_12: 1895 sc->sc_transfer.cmd_dir = DIR_READ; 1896 temp = get_be32(&sc->sc_cmd_data[6]); 1897 if (temp > (mask9 >> 9)) { 1898 /* numerical overflow */ 1899 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1900 error = 1; 1901 break; 1902 } 1903 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1904 if (error) { 1905 break; 1906 } 1907 error = ustorage_fs_check_cmd(sc, 12, 1908 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1909 if (error) { 1910 break; 1911 } 1912 error = ustorage_fs_write(sc); 1913 1914 break; 1915 1916 /* 1917 * Some mandatory commands that we recognize but don't 1918 * implement. They don't mean much in this setting. 1919 * It's left as an exercise for anyone interested to 1920 * implement RESERVE and RELEASE in terms of Posix 1921 * locks. 1922 */ 1923 case SC_FORMAT_UNIT: 1924 case SC_RELEASE: 1925 case SC_RESERVE: 1926 case SC_SEND_DIAGNOSTIC: 1927 /* Fallthrough */ 1928 1929 default: 1930 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1931 if (error) { 1932 break; 1933 } 1934 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len, 1935 0xff, 0); 1936 if (error) { 1937 break; 1938 } 1939 sc->sc_transfer.currlun->sense_data = 1940 SS_INVALID_COMMAND; 1941 error = 1; 1942 1943 break; 1944 } 1945 return (error); 1946 } 1947