1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 2003-2005 Alan Stern 5 * Copyright (C) 2008 Hans Petter Selasky 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions, and the following disclaimer, 13 * without modification. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The names of the above-listed copyright holders may not be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 23 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * NOTE: Much of the SCSI statemachine handling code derives from the 37 * Linux USB gadget stack. 38 */ 39 40 #ifdef USB_GLOBAL_INCLUDE_FILE 41 #include USB_GLOBAL_INCLUDE_FILE 42 #else 43 #include <sys/stdint.h> 44 #include <sys/stddef.h> 45 #include <sys/param.h> 46 #include <sys/queue.h> 47 #include <sys/types.h> 48 #include <sys/systm.h> 49 #include <sys/kernel.h> 50 #include <sys/bus.h> 51 #include <sys/module.h> 52 #include <sys/lock.h> 53 #include <sys/mutex.h> 54 #include <sys/condvar.h> 55 #include <sys/sysctl.h> 56 #include <sys/sx.h> 57 #include <sys/unistd.h> 58 #include <sys/callout.h> 59 #include <sys/malloc.h> 60 #include <sys/priv.h> 61 62 #include <dev/usb/usb.h> 63 #include <dev/usb/usbdi.h> 64 #include "usbdevs.h" 65 #include "usb_if.h" 66 67 #define USB_DEBUG_VAR ustorage_fs_debug 68 #include <dev/usb/usb_debug.h> 69 #endif /* USB_GLOBAL_INCLUDE_FILE */ 70 71 #ifdef USB_DEBUG 72 static int ustorage_fs_debug = 0; 73 74 SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 75 "USB ustorage_fs"); 76 SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RWTUN, 77 &ustorage_fs_debug, 0, "ustorage_fs debug level"); 78 #endif 79 80 /* Define some limits */ 81 82 #ifndef USTORAGE_FS_BULK_SIZE 83 #define USTORAGE_FS_BULK_SIZE (1U << 17) /* bytes */ 84 #endif 85 86 #ifndef USTORAGE_FS_MAX_LUN 87 #define USTORAGE_FS_MAX_LUN 8 /* units */ 88 #endif 89 90 #ifndef USTORAGE_QDATA_MAX 91 #define USTORAGE_QDATA_MAX 40 /* bytes */ 92 #endif 93 94 /* 95 * The SCSI ID string must be exactly 28 characters long 96 * exluding the terminating zero. 97 */ 98 #ifndef USTORAGE_FS_ID_STRING 99 #define USTORAGE_FS_ID_STRING \ 100 "FreeBSD " /* 8 */ \ 101 "File-Stor Gadget" /* 16 */ \ 102 "0101" /* 4 */ 103 #endif 104 105 /* 106 * The following macro defines the number of 107 * sectors to be allocated for the RAM disk: 108 */ 109 #ifndef USTORAGE_FS_RAM_SECT 110 #define USTORAGE_FS_RAM_SECT (1UL << 13) 111 #endif 112 113 static uint8_t *ustorage_fs_ramdisk; 114 115 /* USB transfer definitions */ 116 117 #define USTORAGE_FS_T_BBB_COMMAND 0 118 #define USTORAGE_FS_T_BBB_DATA_DUMP 1 119 #define USTORAGE_FS_T_BBB_DATA_READ 2 120 #define USTORAGE_FS_T_BBB_DATA_WRITE 3 121 #define USTORAGE_FS_T_BBB_STATUS 4 122 #define USTORAGE_FS_T_BBB_MAX 5 123 124 /* USB data stage direction */ 125 126 #define DIR_NONE 0 127 #define DIR_READ 1 128 #define DIR_WRITE 2 129 130 /* USB interface specific control request */ 131 132 #define UR_BBB_RESET 0xff /* Bulk-Only reset */ 133 #define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */ 134 135 /* Command Block Wrapper */ 136 typedef struct { 137 uDWord dCBWSignature; 138 #define CBWSIGNATURE 0x43425355 139 uDWord dCBWTag; 140 uDWord dCBWDataTransferLength; 141 uByte bCBWFlags; 142 #define CBWFLAGS_OUT 0x00 143 #define CBWFLAGS_IN 0x80 144 uByte bCBWLUN; 145 uByte bCDBLength; 146 #define CBWCDBLENGTH 16 147 uByte CBWCDB[CBWCDBLENGTH]; 148 } __packed ustorage_fs_bbb_cbw_t; 149 150 #define USTORAGE_FS_BBB_CBW_SIZE 31 151 152 /* Command Status Wrapper */ 153 typedef struct { 154 uDWord dCSWSignature; 155 #define CSWSIGNATURE 0x53425355 156 uDWord dCSWTag; 157 uDWord dCSWDataResidue; 158 uByte bCSWStatus; 159 #define CSWSTATUS_GOOD 0x0 160 #define CSWSTATUS_FAILED 0x1 161 #define CSWSTATUS_PHASE 0x2 162 } __packed ustorage_fs_bbb_csw_t; 163 164 #define USTORAGE_FS_BBB_CSW_SIZE 13 165 166 struct ustorage_fs_lun { 167 uint8_t *memory_image; 168 169 uint32_t num_sectors; 170 uint32_t sense_data; 171 uint32_t sense_data_info; 172 uint32_t unit_attention_data; 173 174 uint8_t read_only:1; 175 uint8_t prevent_medium_removal:1; 176 uint8_t info_valid:1; 177 uint8_t removable:1; 178 }; 179 180 struct ustorage_fs_softc { 181 ustorage_fs_bbb_cbw_t *sc_cbw; /* Command Wrapper Block */ 182 ustorage_fs_bbb_csw_t *sc_csw; /* Command Status Block */ 183 void *sc_dma_ptr; /* Main data buffer */ 184 185 struct mtx sc_mtx; 186 187 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN]; 188 189 struct { 190 uint8_t *data_ptr; 191 struct ustorage_fs_lun *currlun; 192 193 uint32_t data_rem; /* bytes, as reported by the command 194 * block wrapper */ 195 uint32_t offset; /* bytes */ 196 197 uint8_t cbw_dir; 198 uint8_t cmd_dir; 199 uint8_t lun; 200 uint8_t cmd_len; 201 uint8_t data_short:1; 202 uint8_t data_error:1; 203 } sc_transfer; 204 205 device_t sc_dev; 206 struct usb_device *sc_udev; 207 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX]; 208 209 uint8_t sc_iface_no; /* interface number */ 210 uint8_t sc_last_lun; 211 uint8_t sc_last_xfer_index; 212 uint8_t sc_qdata[USTORAGE_QDATA_MAX]; 213 }; 214 215 /* prototypes */ 216 217 static device_probe_t ustorage_fs_probe; 218 static device_attach_t ustorage_fs_attach; 219 static device_detach_t ustorage_fs_detach; 220 static device_suspend_t ustorage_fs_suspend; 221 static device_resume_t ustorage_fs_resume; 222 static usb_handle_request_t ustorage_fs_handle_request; 223 224 static usb_callback_t ustorage_fs_t_bbb_command_callback; 225 static usb_callback_t ustorage_fs_t_bbb_data_dump_callback; 226 static usb_callback_t ustorage_fs_t_bbb_data_read_callback; 227 static usb_callback_t ustorage_fs_t_bbb_data_write_callback; 228 static usb_callback_t ustorage_fs_t_bbb_status_callback; 229 230 static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index); 231 static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc); 232 233 static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc); 234 static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc); 235 static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc); 236 static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc); 237 static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc); 238 static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc); 239 static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc); 240 static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc); 241 static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc); 242 static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask); 243 static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc); 244 static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc); 245 static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium); 246 static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc); 247 248 static device_method_t ustorage_fs_methods[] = { 249 /* USB interface */ 250 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request), 251 252 /* Device interface */ 253 DEVMETHOD(device_probe, ustorage_fs_probe), 254 DEVMETHOD(device_attach, ustorage_fs_attach), 255 DEVMETHOD(device_detach, ustorage_fs_detach), 256 DEVMETHOD(device_suspend, ustorage_fs_suspend), 257 DEVMETHOD(device_resume, ustorage_fs_resume), 258 259 DEVMETHOD_END 260 }; 261 262 static driver_t ustorage_fs_driver = { 263 .name = "ustorage_fs", 264 .methods = ustorage_fs_methods, 265 .size = sizeof(struct ustorage_fs_softc), 266 }; 267 268 DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, NULL, NULL); 269 MODULE_VERSION(ustorage_fs, 0); 270 MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1); 271 272 static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = { 273 [USTORAGE_FS_T_BBB_COMMAND] = { 274 .type = UE_BULK, 275 .endpoint = UE_ADDR_ANY, 276 .direction = UE_DIR_OUT, 277 .bufsize = sizeof(ustorage_fs_bbb_cbw_t), 278 .callback = &ustorage_fs_t_bbb_command_callback, 279 .usb_mode = USB_MODE_DEVICE, 280 }, 281 282 [USTORAGE_FS_T_BBB_DATA_DUMP] = { 283 .type = UE_BULK, 284 .endpoint = UE_ADDR_ANY, 285 .direction = UE_DIR_OUT, 286 .bufsize = 0, /* use wMaxPacketSize */ 287 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,}, 288 .callback = &ustorage_fs_t_bbb_data_dump_callback, 289 .usb_mode = USB_MODE_DEVICE, 290 }, 291 292 [USTORAGE_FS_T_BBB_DATA_READ] = { 293 .type = UE_BULK, 294 .endpoint = UE_ADDR_ANY, 295 .direction = UE_DIR_OUT, 296 .bufsize = USTORAGE_FS_BULK_SIZE, 297 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1}, 298 .callback = &ustorage_fs_t_bbb_data_read_callback, 299 .usb_mode = USB_MODE_DEVICE, 300 }, 301 302 [USTORAGE_FS_T_BBB_DATA_WRITE] = { 303 .type = UE_BULK, 304 .endpoint = UE_ADDR_ANY, 305 .direction = UE_DIR_IN, 306 .bufsize = USTORAGE_FS_BULK_SIZE, 307 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 308 .callback = &ustorage_fs_t_bbb_data_write_callback, 309 .usb_mode = USB_MODE_DEVICE, 310 }, 311 312 [USTORAGE_FS_T_BBB_STATUS] = { 313 .type = UE_BULK, 314 .endpoint = UE_ADDR_ANY, 315 .direction = UE_DIR_IN, 316 .bufsize = sizeof(ustorage_fs_bbb_csw_t), 317 .flags = {.short_xfer_ok = 1}, 318 .callback = &ustorage_fs_t_bbb_status_callback, 319 .usb_mode = USB_MODE_DEVICE, 320 }, 321 }; 322 323 /* 324 * USB device probe/attach/detach 325 */ 326 327 static int 328 ustorage_fs_probe(device_t dev) 329 { 330 struct usb_attach_arg *uaa = device_get_ivars(dev); 331 struct usb_interface_descriptor *id; 332 333 if (uaa->usb_mode != USB_MODE_DEVICE) { 334 return (ENXIO); 335 } 336 /* Check for a standards compliant device */ 337 id = usbd_get_interface_descriptor(uaa->iface); 338 if ((id == NULL) || 339 (id->bInterfaceClass != UICLASS_MASS) || 340 (id->bInterfaceSubClass != UISUBCLASS_SCSI) || 341 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { 342 return (ENXIO); 343 } 344 return (BUS_PROBE_GENERIC); 345 } 346 347 static int 348 ustorage_fs_attach(device_t dev) 349 { 350 struct ustorage_fs_softc *sc = device_get_softc(dev); 351 struct usb_attach_arg *uaa = device_get_ivars(dev); 352 struct usb_interface_descriptor *id; 353 int err; 354 int unit; 355 356 /* 357 * NOTE: the softc struct is cleared in device_set_driver. 358 * We can safely call ustorage_fs_detach without specifically 359 * initializing the struct. 360 */ 361 362 sc->sc_dev = dev; 363 sc->sc_udev = uaa->device; 364 unit = device_get_unit(dev); 365 366 /* enable power saving mode */ 367 usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE); 368 369 if (unit == 0) { 370 if (ustorage_fs_ramdisk == NULL) { 371 /* 372 * allocate a memory image for our ramdisk until 373 * further 374 */ 375 ustorage_fs_ramdisk = 376 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB, 377 M_ZERO | M_WAITOK); 378 } 379 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk; 380 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT; 381 sc->sc_lun[0].removable = 1; 382 } 383 384 device_set_usb_desc(dev); 385 386 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock", 387 NULL, (MTX_DEF | MTX_RECURSE)); 388 389 /* get interface index */ 390 391 id = usbd_get_interface_descriptor(uaa->iface); 392 if (id == NULL) { 393 device_printf(dev, "failed to get " 394 "interface number\n"); 395 goto detach; 396 } 397 sc->sc_iface_no = id->bInterfaceNumber; 398 399 err = usbd_transfer_setup(uaa->device, 400 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config, 401 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx); 402 if (err) { 403 device_printf(dev, "could not setup required " 404 "transfers, %s\n", usbd_errstr(err)); 405 goto detach; 406 } 407 408 sc->sc_cbw = usbd_xfer_get_frame_buffer(sc->sc_xfer[ 409 USTORAGE_FS_T_BBB_COMMAND], 0); 410 sc->sc_csw = usbd_xfer_get_frame_buffer(sc->sc_xfer[ 411 USTORAGE_FS_T_BBB_STATUS], 0); 412 sc->sc_dma_ptr = usbd_xfer_get_frame_buffer(sc->sc_xfer[ 413 USTORAGE_FS_T_BBB_DATA_READ], 0); 414 415 /* start Mass Storage State Machine */ 416 417 mtx_lock(&sc->sc_mtx); 418 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 419 mtx_unlock(&sc->sc_mtx); 420 421 return (0); /* success */ 422 423 detach: 424 ustorage_fs_detach(dev); 425 return (ENXIO); /* failure */ 426 } 427 428 static int 429 ustorage_fs_detach(device_t dev) 430 { 431 struct ustorage_fs_softc *sc = device_get_softc(dev); 432 433 /* teardown our statemachine */ 434 435 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX); 436 437 mtx_destroy(&sc->sc_mtx); 438 439 return (0); /* success */ 440 } 441 442 static int 443 ustorage_fs_suspend(device_t dev) 444 { 445 device_printf(dev, "suspending\n"); 446 return (0); /* success */ 447 } 448 449 static int 450 ustorage_fs_resume(device_t dev) 451 { 452 device_printf(dev, "resuming\n"); 453 return (0); /* success */ 454 } 455 456 /* 457 * Generic functions to handle transfers 458 */ 459 460 static void 461 ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index) 462 { 463 if (sc->sc_xfer[xfer_index]) { 464 sc->sc_last_xfer_index = xfer_index; 465 usbd_transfer_start(sc->sc_xfer[xfer_index]); 466 } 467 } 468 469 static void 470 ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc) 471 { 472 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]); 473 mtx_unlock(&sc->sc_mtx); 474 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]); 475 mtx_lock(&sc->sc_mtx); 476 } 477 478 static int 479 ustorage_fs_handle_request(device_t dev, 480 const void *preq, void **pptr, uint16_t *plen, 481 uint16_t offset, uint8_t *pstate) 482 { 483 struct ustorage_fs_softc *sc = device_get_softc(dev); 484 const struct usb_device_request *req = preq; 485 uint8_t is_complete = *pstate; 486 487 if (!is_complete) { 488 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) && 489 (req->bRequest == UR_BBB_RESET)) { 490 *plen = 0; 491 mtx_lock(&sc->sc_mtx); 492 ustorage_fs_transfer_stop(sc); 493 sc->sc_transfer.data_error = 1; 494 ustorage_fs_transfer_start(sc, 495 USTORAGE_FS_T_BBB_COMMAND); 496 mtx_unlock(&sc->sc_mtx); 497 return (0); 498 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) && 499 (req->bRequest == UR_BBB_GET_MAX_LUN)) { 500 if (offset == 0) { 501 *plen = 1; 502 *pptr = &sc->sc_last_lun; 503 } else { 504 *plen = 0; 505 } 506 return (0); 507 } 508 } 509 return (ENXIO); /* use builtin handler */ 510 } 511 512 static void 513 ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error) 514 { 515 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 516 uint32_t tag; 517 uint8_t err = 0; 518 519 DPRINTF("\n"); 520 521 switch (USB_GET_STATE(xfer)) { 522 case USB_ST_TRANSFERRED: 523 524 tag = UGETDW(sc->sc_cbw->dCBWSignature); 525 526 if (tag != CBWSIGNATURE) { 527 /* do nothing */ 528 DPRINTF("invalid signature 0x%08x\n", tag); 529 break; 530 } 531 tag = UGETDW(sc->sc_cbw->dCBWTag); 532 533 /* echo back tag */ 534 USETDW(sc->sc_csw->dCSWTag, tag); 535 536 /* reset status */ 537 sc->sc_csw->bCSWStatus = 0; 538 539 /* reset data offset, data length and data remainder */ 540 sc->sc_transfer.offset = 0; 541 sc->sc_transfer.data_rem = 542 UGETDW(sc->sc_cbw->dCBWDataTransferLength); 543 544 /* reset data flags */ 545 sc->sc_transfer.data_short = 0; 546 547 /* extract LUN */ 548 sc->sc_transfer.lun = sc->sc_cbw->bCBWLUN; 549 550 if (sc->sc_transfer.data_rem == 0) { 551 sc->sc_transfer.cbw_dir = DIR_NONE; 552 } else { 553 if (sc->sc_cbw->bCBWFlags & CBWFLAGS_IN) { 554 sc->sc_transfer.cbw_dir = DIR_WRITE; 555 } else { 556 sc->sc_transfer.cbw_dir = DIR_READ; 557 } 558 } 559 560 sc->sc_transfer.cmd_len = sc->sc_cbw->bCDBLength; 561 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw->CBWCDB)) || 562 (sc->sc_transfer.cmd_len == 0)) { 563 /* just halt - this is invalid */ 564 DPRINTF("invalid command length %d bytes\n", 565 sc->sc_transfer.cmd_len); 566 break; 567 } 568 569 err = ustorage_fs_do_cmd(sc); 570 if (err) { 571 /* got an error */ 572 DPRINTF("command failed\n"); 573 break; 574 } 575 if ((sc->sc_transfer.data_rem > 0) && 576 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) { 577 /* contradicting data transfer direction */ 578 err = 1; 579 DPRINTF("data direction mismatch\n"); 580 break; 581 } 582 switch (sc->sc_transfer.cbw_dir) { 583 case DIR_READ: 584 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ); 585 break; 586 case DIR_WRITE: 587 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE); 588 break; 589 default: 590 ustorage_fs_transfer_start(sc, 591 USTORAGE_FS_T_BBB_STATUS); 592 break; 593 } 594 break; 595 596 case USB_ST_SETUP: 597 tr_setup: 598 if (sc->sc_transfer.data_error) { 599 sc->sc_transfer.data_error = 0; 600 usbd_xfer_set_stall(xfer); 601 DPRINTF("stall pipe\n"); 602 } 603 usbd_xfer_set_frame_len(xfer, 0, 604 sizeof(ustorage_fs_bbb_cbw_t)); 605 usbd_transfer_submit(xfer); 606 break; 607 608 default: /* Error */ 609 DPRINTF("error\n"); 610 if (error == USB_ERR_CANCELLED) { 611 break; 612 } 613 /* If the pipe is already stalled, don't do another stall */ 614 if (!usbd_xfer_is_stalled(xfer)) 615 sc->sc_transfer.data_error = 1; 616 617 /* try again */ 618 goto tr_setup; 619 } 620 if (err) { 621 if (sc->sc_csw->bCSWStatus == 0) { 622 /* set some default error code */ 623 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED; 624 } 625 if (sc->sc_transfer.cbw_dir == DIR_READ) { 626 /* dump all data */ 627 ustorage_fs_transfer_start(sc, 628 USTORAGE_FS_T_BBB_DATA_DUMP); 629 return; 630 } 631 if (sc->sc_transfer.cbw_dir == DIR_WRITE) { 632 /* need to stall before status */ 633 sc->sc_transfer.data_error = 1; 634 } 635 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS); 636 } 637 } 638 639 static void 640 ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error) 641 { 642 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 643 uint32_t max_bulk = usbd_xfer_max_len(xfer); 644 int actlen, sumlen; 645 646 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 647 648 DPRINTF("\n"); 649 650 switch (USB_GET_STATE(xfer)) { 651 case USB_ST_TRANSFERRED: 652 sc->sc_transfer.data_rem -= actlen; 653 sc->sc_transfer.offset += actlen; 654 655 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 656 /* short transfer or end of data */ 657 ustorage_fs_transfer_start(sc, 658 USTORAGE_FS_T_BBB_STATUS); 659 break; 660 } 661 /* Fallthrough */ 662 663 case USB_ST_SETUP: 664 tr_setup: 665 if (max_bulk > sc->sc_transfer.data_rem) { 666 max_bulk = sc->sc_transfer.data_rem; 667 } 668 if (sc->sc_transfer.data_error) { 669 sc->sc_transfer.data_error = 0; 670 usbd_xfer_set_stall(xfer); 671 } 672 usbd_xfer_set_frame_len(xfer, 0, max_bulk); 673 usbd_transfer_submit(xfer); 674 break; 675 676 default: /* Error */ 677 if (error == USB_ERR_CANCELLED) { 678 break; 679 } 680 /* 681 * If the pipe is already stalled, don't do another stall: 682 */ 683 if (!usbd_xfer_is_stalled(xfer)) 684 sc->sc_transfer.data_error = 1; 685 686 /* try again */ 687 goto tr_setup; 688 } 689 } 690 691 static void 692 ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error) 693 { 694 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 695 uint32_t max_bulk = usbd_xfer_max_len(xfer); 696 int actlen, sumlen; 697 698 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 699 700 DPRINTF("\n"); 701 702 switch (USB_GET_STATE(xfer)) { 703 case USB_ST_TRANSFERRED: 704 /* XXX copy data from DMA buffer */ 705 memcpy(sc->sc_transfer.data_ptr, sc->sc_dma_ptr, actlen); 706 707 sc->sc_transfer.data_rem -= actlen; 708 sc->sc_transfer.data_ptr += actlen; 709 sc->sc_transfer.offset += actlen; 710 711 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 712 /* short transfer or end of data */ 713 ustorage_fs_transfer_start(sc, 714 USTORAGE_FS_T_BBB_STATUS); 715 break; 716 } 717 /* Fallthrough */ 718 719 case USB_ST_SETUP: 720 tr_setup: 721 if (max_bulk > sc->sc_transfer.data_rem) { 722 max_bulk = sc->sc_transfer.data_rem; 723 } 724 if (sc->sc_transfer.data_error) { 725 sc->sc_transfer.data_error = 0; 726 usbd_xfer_set_stall(xfer); 727 } 728 729 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk); 730 usbd_transfer_submit(xfer); 731 break; 732 733 default: /* Error */ 734 if (error == USB_ERR_CANCELLED) { 735 break; 736 } 737 /* If the pipe is already stalled, don't do another stall */ 738 if (!usbd_xfer_is_stalled(xfer)) 739 sc->sc_transfer.data_error = 1; 740 741 /* try again */ 742 goto tr_setup; 743 } 744 } 745 746 static void 747 ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error) 748 { 749 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 750 uint32_t max_bulk = usbd_xfer_max_len(xfer); 751 int actlen, sumlen; 752 753 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 754 755 DPRINTF("\n"); 756 757 switch (USB_GET_STATE(xfer)) { 758 case USB_ST_TRANSFERRED: 759 sc->sc_transfer.data_rem -= actlen; 760 sc->sc_transfer.data_ptr += actlen; 761 sc->sc_transfer.offset += actlen; 762 763 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 764 /* short transfer or end of data */ 765 ustorage_fs_transfer_start(sc, 766 USTORAGE_FS_T_BBB_STATUS); 767 break; 768 } 769 case USB_ST_SETUP: 770 tr_setup: 771 if (max_bulk >= sc->sc_transfer.data_rem) { 772 max_bulk = sc->sc_transfer.data_rem; 773 if (sc->sc_transfer.data_short) 774 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER); 775 else 776 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 777 } else 778 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 779 780 if (sc->sc_transfer.data_error) { 781 sc->sc_transfer.data_error = 0; 782 usbd_xfer_set_stall(xfer); 783 } 784 785 /* XXX copy data to DMA buffer */ 786 memcpy(sc->sc_dma_ptr, sc->sc_transfer.data_ptr, max_bulk); 787 788 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk); 789 usbd_transfer_submit(xfer); 790 break; 791 792 default: /* Error */ 793 if (error == USB_ERR_CANCELLED) { 794 break; 795 } 796 /* 797 * If the pipe is already stalled, don't do another 798 * stall 799 */ 800 if (!usbd_xfer_is_stalled(xfer)) 801 sc->sc_transfer.data_error = 1; 802 803 /* try again */ 804 goto tr_setup; 805 } 806 } 807 808 static void 809 ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error) 810 { 811 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 812 813 DPRINTF("\n"); 814 815 switch (USB_GET_STATE(xfer)) { 816 case USB_ST_TRANSFERRED: 817 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 818 break; 819 820 case USB_ST_SETUP: 821 tr_setup: 822 USETDW(sc->sc_csw->dCSWSignature, CSWSIGNATURE); 823 USETDW(sc->sc_csw->dCSWDataResidue, sc->sc_transfer.data_rem); 824 825 if (sc->sc_transfer.data_error) { 826 sc->sc_transfer.data_error = 0; 827 usbd_xfer_set_stall(xfer); 828 } 829 usbd_xfer_set_frame_len(xfer, 0, 830 sizeof(ustorage_fs_bbb_csw_t)); 831 usbd_transfer_submit(xfer); 832 break; 833 834 default: 835 if (error == USB_ERR_CANCELLED) { 836 break; 837 } 838 /* If the pipe is already stalled, don't do another stall */ 839 if (!usbd_xfer_is_stalled(xfer)) 840 sc->sc_transfer.data_error = 1; 841 842 /* try again */ 843 goto tr_setup; 844 } 845 } 846 847 /* SCSI commands that we recognize */ 848 #define SC_FORMAT_UNIT 0x04 849 #define SC_INQUIRY 0x12 850 #define SC_MODE_SELECT_6 0x15 851 #define SC_MODE_SELECT_10 0x55 852 #define SC_MODE_SENSE_6 0x1a 853 #define SC_MODE_SENSE_10 0x5a 854 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 855 #define SC_READ_6 0x08 856 #define SC_READ_10 0x28 857 #define SC_READ_12 0xa8 858 #define SC_READ_CAPACITY 0x25 859 #define SC_READ_FORMAT_CAPACITIES 0x23 860 #define SC_RELEASE 0x17 861 #define SC_REQUEST_SENSE 0x03 862 #define SC_RESERVE 0x16 863 #define SC_SEND_DIAGNOSTIC 0x1d 864 #define SC_START_STOP_UNIT 0x1b 865 #define SC_SYNCHRONIZE_CACHE 0x35 866 #define SC_TEST_UNIT_READY 0x00 867 #define SC_VERIFY 0x2f 868 #define SC_WRITE_6 0x0a 869 #define SC_WRITE_10 0x2a 870 #define SC_WRITE_12 0xaa 871 872 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 873 #define SS_NO_SENSE 0 874 #define SS_COMMUNICATION_FAILURE 0x040800 875 #define SS_INVALID_COMMAND 0x052000 876 #define SS_INVALID_FIELD_IN_CDB 0x052400 877 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 878 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 879 #define SS_MEDIUM_NOT_PRESENT 0x023a00 880 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 881 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800 882 #define SS_RESET_OCCURRED 0x062900 883 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 884 #define SS_UNRECOVERED_READ_ERROR 0x031100 885 #define SS_WRITE_ERROR 0x030c02 886 #define SS_WRITE_PROTECTED 0x072700 887 888 #define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */ 889 #define ASC(x) ((uint8_t) ((x) >> 8)) 890 #define ASCQ(x) ((uint8_t) (x)) 891 892 /* Routines for unaligned data access */ 893 894 static uint16_t 895 get_be16(uint8_t *buf) 896 { 897 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]); 898 } 899 900 static uint32_t 901 get_be32(uint8_t *buf) 902 { 903 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | 904 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]); 905 } 906 907 static void 908 put_be16(uint8_t *buf, uint16_t val) 909 { 910 buf[0] = val >> 8; 911 buf[1] = val; 912 } 913 914 static void 915 put_be32(uint8_t *buf, uint32_t val) 916 { 917 buf[0] = val >> 24; 918 buf[1] = val >> 16; 919 buf[2] = val >> 8; 920 buf[3] = val & 0xff; 921 } 922 923 /*------------------------------------------------------------------------* 924 * ustorage_fs_verify 925 * 926 * Returns: 927 * 0: Success 928 * Else: Failure 929 *------------------------------------------------------------------------*/ 930 static uint8_t 931 ustorage_fs_verify(struct ustorage_fs_softc *sc) 932 { 933 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 934 uint32_t lba; 935 uint32_t vlen; 936 937 /* 938 * Get the starting Logical Block Address 939 */ 940 lba = get_be32(&sc->sc_cbw->CBWCDB[2]); 941 942 /* 943 * We allow DPO (Disable Page Out = don't save data in the cache) 944 * but we don't implement it. 945 */ 946 if ((sc->sc_cbw->CBWCDB[1] & ~0x10) != 0) { 947 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 948 return (1); 949 } 950 vlen = get_be16(&sc->sc_cbw->CBWCDB[7]); 951 if (vlen == 0) { 952 goto done; 953 } 954 /* No default reply */ 955 956 /* Range check */ 957 vlen += lba; 958 959 if ((vlen < lba) || 960 (vlen > currlun->num_sectors) || 961 (lba >= currlun->num_sectors)) { 962 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 963 return (1); 964 } 965 /* XXX TODO: verify that data is readable */ 966 done: 967 return (ustorage_fs_min_len(sc, 0, -1U)); 968 } 969 970 /*------------------------------------------------------------------------* 971 * ustorage_fs_inquiry 972 * 973 * Returns: 974 * 0: Success 975 * Else: Failure 976 *------------------------------------------------------------------------*/ 977 static uint8_t 978 ustorage_fs_inquiry(struct ustorage_fs_softc *sc) 979 { 980 uint8_t *buf = sc->sc_transfer.data_ptr; 981 982 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 983 984 if (!sc->sc_transfer.currlun) { 985 /* Unsupported LUNs are okay */ 986 memset(buf, 0, 36); 987 buf[0] = 0x7f; 988 /* Unsupported, no device - type */ 989 return (ustorage_fs_min_len(sc, 36, -1U)); 990 } 991 memset(buf, 0, 8); 992 /* Non - removable, direct - access device */ 993 if (currlun->removable) 994 buf[1] = 0x80; 995 buf[2] = 2; 996 /* ANSI SCSI level 2 */ 997 buf[3] = 2; 998 /* SCSI - 2 INQUIRY data format */ 999 buf[4] = 31; 1000 /* Additional length */ 1001 /* No special options */ 1002 /* Copy in ID string */ 1003 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28); 1004 1005 #if (USTORAGE_QDATA_MAX < 36) 1006 #error "(USTORAGE_QDATA_MAX < 36)" 1007 #endif 1008 return (ustorage_fs_min_len(sc, 36, -1U)); 1009 } 1010 1011 /*------------------------------------------------------------------------* 1012 * ustorage_fs_request_sense 1013 * 1014 * Returns: 1015 * 0: Success 1016 * Else: Failure 1017 *------------------------------------------------------------------------*/ 1018 static uint8_t 1019 ustorage_fs_request_sense(struct ustorage_fs_softc *sc) 1020 { 1021 uint8_t *buf = sc->sc_transfer.data_ptr; 1022 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1023 uint32_t sd; 1024 uint32_t sdinfo; 1025 uint8_t valid; 1026 1027 /* 1028 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1029 * 1030 * If a REQUEST SENSE command is received from an initiator 1031 * with a pending unit attention condition (before the target 1032 * generates the contingent allegiance condition), then the 1033 * target shall either: 1034 * a) report any pending sense data and preserve the unit 1035 * attention condition on the logical unit, or, 1036 * b) report the unit attention condition, may discard any 1037 * pending sense data, and clear the unit attention 1038 * condition on the logical unit for that initiator. 1039 * 1040 * FSG normally uses option a); enable this code to use option b). 1041 */ 1042 #if 0 1043 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) { 1044 currlun->sense_data = currlun->unit_attention_data; 1045 currlun->unit_attention_data = SS_NO_SENSE; 1046 } 1047 #endif 1048 1049 if (!currlun) { 1050 /* Unsupported LUNs are okay */ 1051 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1052 sdinfo = 0; 1053 valid = 0; 1054 } else { 1055 sd = currlun->sense_data; 1056 sdinfo = currlun->sense_data_info; 1057 valid = currlun->info_valid << 7; 1058 currlun->sense_data = SS_NO_SENSE; 1059 currlun->sense_data_info = 0; 1060 currlun->info_valid = 0; 1061 } 1062 1063 memset(buf, 0, 18); 1064 buf[0] = valid | 0x70; 1065 /* Valid, current error */ 1066 buf[2] = SK(sd); 1067 put_be32(&buf[3], sdinfo); 1068 /* Sense information */ 1069 buf[7] = 18 - 8; 1070 /* Additional sense length */ 1071 buf[12] = ASC(sd); 1072 buf[13] = ASCQ(sd); 1073 1074 #if (USTORAGE_QDATA_MAX < 18) 1075 #error "(USTORAGE_QDATA_MAX < 18)" 1076 #endif 1077 return (ustorage_fs_min_len(sc, 18, -1U)); 1078 } 1079 1080 /*------------------------------------------------------------------------* 1081 * ustorage_fs_read_capacity 1082 * 1083 * Returns: 1084 * 0: Success 1085 * Else: Failure 1086 *------------------------------------------------------------------------*/ 1087 static uint8_t 1088 ustorage_fs_read_capacity(struct ustorage_fs_softc *sc) 1089 { 1090 uint8_t *buf = sc->sc_transfer.data_ptr; 1091 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1092 uint32_t lba = get_be32(&sc->sc_cbw->CBWCDB[2]); 1093 uint8_t pmi = sc->sc_cbw->CBWCDB[8]; 1094 1095 /* Check the PMI and LBA fields */ 1096 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) { 1097 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1098 return (1); 1099 } 1100 /* Max logical block */ 1101 put_be32(&buf[0], currlun->num_sectors - 1); 1102 /* Block length */ 1103 put_be32(&buf[4], 512); 1104 1105 #if (USTORAGE_QDATA_MAX < 8) 1106 #error "(USTORAGE_QDATA_MAX < 8)" 1107 #endif 1108 return (ustorage_fs_min_len(sc, 8, -1U)); 1109 } 1110 1111 /*------------------------------------------------------------------------* 1112 * ustorage_fs_mode_sense 1113 * 1114 * Returns: 1115 * 0: Success 1116 * Else: Failure 1117 *------------------------------------------------------------------------*/ 1118 static uint8_t 1119 ustorage_fs_mode_sense(struct ustorage_fs_softc *sc) 1120 { 1121 uint8_t *buf = sc->sc_transfer.data_ptr; 1122 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1123 uint8_t *buf0; 1124 uint16_t len; 1125 uint16_t limit; 1126 uint8_t mscmnd = sc->sc_cbw->CBWCDB[0]; 1127 uint8_t pc; 1128 uint8_t page_code; 1129 uint8_t changeable_values; 1130 uint8_t all_pages; 1131 1132 buf0 = buf; 1133 1134 if ((sc->sc_cbw->CBWCDB[1] & ~0x08) != 0) { 1135 /* Mask away DBD */ 1136 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1137 return (1); 1138 } 1139 pc = sc->sc_cbw->CBWCDB[2] >> 6; 1140 page_code = sc->sc_cbw->CBWCDB[2] & 0x3f; 1141 if (pc == 3) { 1142 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1143 return (1); 1144 } 1145 changeable_values = (pc == 1); 1146 all_pages = (page_code == 0x3f); 1147 1148 /* 1149 * Write the mode parameter header. Fixed values are: default 1150 * medium type, no cache control (DPOFUA), and no block descriptors. 1151 * The only variable value is the WriteProtect bit. We will fill in 1152 * the mode data length later. 1153 */ 1154 memset(buf, 0, 8); 1155 if (mscmnd == SC_MODE_SENSE_6) { 1156 buf[2] = (currlun->read_only ? 0x80 : 0x00); 1157 /* WP, DPOFUA */ 1158 buf += 4; 1159 limit = 255; 1160 } else { 1161 /* SC_MODE_SENSE_10 */ 1162 buf[3] = (currlun->read_only ? 0x80 : 0x00); 1163 /* WP, DPOFUA */ 1164 buf += 8; 1165 limit = 65535; 1166 /* Should really be mod_data.buflen */ 1167 } 1168 1169 /* No block descriptors */ 1170 1171 /* 1172 * The mode pages, in numerical order. 1173 */ 1174 if ((page_code == 0x08) || all_pages) { 1175 buf[0] = 0x08; 1176 /* Page code */ 1177 buf[1] = 10; 1178 /* Page length */ 1179 memset(buf + 2, 0, 10); 1180 /* None of the fields are changeable */ 1181 1182 if (!changeable_values) { 1183 buf[2] = 0x04; 1184 /* Write cache enable, */ 1185 /* Read cache not disabled */ 1186 /* No cache retention priorities */ 1187 put_be16(&buf[4], 0xffff); 1188 /* Don 't disable prefetch */ 1189 /* Minimum prefetch = 0 */ 1190 put_be16(&buf[8], 0xffff); 1191 /* Maximum prefetch */ 1192 put_be16(&buf[10], 0xffff); 1193 /* Maximum prefetch ceiling */ 1194 } 1195 buf += 12; 1196 } 1197 /* 1198 * Check that a valid page was requested and the mode data length 1199 * isn't too long. 1200 */ 1201 len = buf - buf0; 1202 if (len > limit) { 1203 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1204 return (1); 1205 } 1206 /* Store the mode data length */ 1207 if (mscmnd == SC_MODE_SENSE_6) 1208 buf0[0] = len - 1; 1209 else 1210 put_be16(buf0, len - 2); 1211 1212 #if (USTORAGE_QDATA_MAX < 24) 1213 #error "(USTORAGE_QDATA_MAX < 24)" 1214 #endif 1215 return (ustorage_fs_min_len(sc, len, -1U)); 1216 } 1217 1218 /*------------------------------------------------------------------------* 1219 * ustorage_fs_start_stop 1220 * 1221 * Returns: 1222 * 0: Success 1223 * Else: Failure 1224 *------------------------------------------------------------------------*/ 1225 static uint8_t 1226 ustorage_fs_start_stop(struct ustorage_fs_softc *sc) 1227 { 1228 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1229 uint8_t loej; 1230 uint8_t start; 1231 uint8_t immed; 1232 1233 if (!currlun->removable) { 1234 currlun->sense_data = SS_INVALID_COMMAND; 1235 return (1); 1236 } 1237 immed = sc->sc_cbw->CBWCDB[1] & 0x01; 1238 loej = sc->sc_cbw->CBWCDB[4] & 0x02; 1239 start = sc->sc_cbw->CBWCDB[4] & 0x01; 1240 1241 if (immed || loej || start) { 1242 /* compile fix */ 1243 } 1244 return (0); 1245 } 1246 1247 /*------------------------------------------------------------------------* 1248 * ustorage_fs_prevent_allow 1249 * 1250 * Returns: 1251 * 0: Success 1252 * Else: Failure 1253 *------------------------------------------------------------------------*/ 1254 static uint8_t 1255 ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc) 1256 { 1257 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1258 uint8_t prevent; 1259 1260 if (!currlun->removable) { 1261 currlun->sense_data = SS_INVALID_COMMAND; 1262 return (1); 1263 } 1264 prevent = sc->sc_cbw->CBWCDB[4] & 0x01; 1265 if ((sc->sc_cbw->CBWCDB[4] & ~0x01) != 0) { 1266 /* Mask away Prevent */ 1267 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1268 return (1); 1269 } 1270 if (currlun->prevent_medium_removal && !prevent) { 1271 //fsync_sub(currlun); 1272 } 1273 currlun->prevent_medium_removal = prevent; 1274 return (0); 1275 } 1276 1277 /*------------------------------------------------------------------------* 1278 * ustorage_fs_read_format_capacities 1279 * 1280 * Returns: 1281 * 0: Success 1282 * Else: Failure 1283 *------------------------------------------------------------------------*/ 1284 static uint8_t 1285 ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc) 1286 { 1287 uint8_t *buf = sc->sc_transfer.data_ptr; 1288 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1289 1290 buf[0] = buf[1] = buf[2] = 0; 1291 buf[3] = 8; 1292 /* Only the Current / Maximum Capacity Descriptor */ 1293 buf += 4; 1294 1295 /* Number of blocks */ 1296 put_be32(&buf[0], currlun->num_sectors); 1297 /* Block length */ 1298 put_be32(&buf[4], 512); 1299 /* Current capacity */ 1300 buf[4] = 0x02; 1301 1302 #if (USTORAGE_QDATA_MAX < 12) 1303 #error "(USTORAGE_QDATA_MAX < 12)" 1304 #endif 1305 return (ustorage_fs_min_len(sc, 12, -1U)); 1306 } 1307 1308 /*------------------------------------------------------------------------* 1309 * ustorage_fs_mode_select 1310 * 1311 * Return values: 1312 * 0: Success 1313 * Else: Failure 1314 *------------------------------------------------------------------------*/ 1315 static uint8_t 1316 ustorage_fs_mode_select(struct ustorage_fs_softc *sc) 1317 { 1318 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1319 1320 /* We don't support MODE SELECT */ 1321 currlun->sense_data = SS_INVALID_COMMAND; 1322 return (1); 1323 } 1324 1325 /*------------------------------------------------------------------------* 1326 * ustorage_fs_synchronize_cache 1327 * 1328 * Return values: 1329 * 0: Success 1330 * Else: Failure 1331 *------------------------------------------------------------------------*/ 1332 static uint8_t 1333 ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc) 1334 { 1335 #if 0 1336 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1337 uint8_t rc; 1338 1339 /* 1340 * We ignore the requested LBA and write out all dirty data buffers. 1341 */ 1342 rc = 0; 1343 if (rc) { 1344 currlun->sense_data = SS_WRITE_ERROR; 1345 } 1346 #endif 1347 return (0); 1348 } 1349 1350 /*------------------------------------------------------------------------* 1351 * ustorage_fs_read - read data from disk 1352 * 1353 * Return values: 1354 * 0: Success 1355 * Else: Failure 1356 *------------------------------------------------------------------------*/ 1357 static uint8_t 1358 ustorage_fs_read(struct ustorage_fs_softc *sc) 1359 { 1360 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1361 uint64_t file_offset; 1362 uint32_t lba; 1363 uint32_t len; 1364 1365 /* 1366 * Get the starting Logical Block Address and check that it's not 1367 * too big 1368 */ 1369 if (sc->sc_cbw->CBWCDB[0] == SC_READ_6) { 1370 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) | 1371 get_be16(&sc->sc_cbw->CBWCDB[2]); 1372 } else { 1373 lba = get_be32(&sc->sc_cbw->CBWCDB[2]); 1374 1375 /* 1376 * We allow DPO (Disable Page Out = don't save data in the 1377 * cache) and FUA (Force Unit Access = don't read from the 1378 * cache), but we don't implement them. 1379 */ 1380 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) { 1381 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1382 return (1); 1383 } 1384 } 1385 len = sc->sc_transfer.data_rem >> 9; 1386 len += lba; 1387 1388 if ((len < lba) || 1389 (len > currlun->num_sectors) || 1390 (lba >= currlun->num_sectors)) { 1391 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1392 return (1); 1393 } 1394 file_offset = lba; 1395 file_offset <<= 9; 1396 1397 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1398 1399 return (0); 1400 } 1401 1402 /*------------------------------------------------------------------------* 1403 * ustorage_fs_write - write data to disk 1404 * 1405 * Return values: 1406 * 0: Success 1407 * Else: Failure 1408 *------------------------------------------------------------------------*/ 1409 static uint8_t 1410 ustorage_fs_write(struct ustorage_fs_softc *sc) 1411 { 1412 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1413 uint64_t file_offset; 1414 uint32_t lba; 1415 uint32_t len; 1416 1417 if (currlun->read_only) { 1418 currlun->sense_data = SS_WRITE_PROTECTED; 1419 return (1); 1420 } 1421 /* XXX clear SYNC */ 1422 1423 /* 1424 * Get the starting Logical Block Address and check that it's not 1425 * too big. 1426 */ 1427 if (sc->sc_cbw->CBWCDB[0] == SC_WRITE_6) 1428 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) | 1429 get_be16(&sc->sc_cbw->CBWCDB[2]); 1430 else { 1431 lba = get_be32(&sc->sc_cbw->CBWCDB[2]); 1432 1433 /* 1434 * We allow DPO (Disable Page Out = don't save data in the 1435 * cache) and FUA (Force Unit Access = write directly to the 1436 * medium). We don't implement DPO; we implement FUA by 1437 * performing synchronous output. 1438 */ 1439 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) { 1440 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1441 return (1); 1442 } 1443 if (sc->sc_cbw->CBWCDB[1] & 0x08) { 1444 /* FUA */ 1445 /* XXX set SYNC flag here */ 1446 } 1447 } 1448 1449 len = sc->sc_transfer.data_rem >> 9; 1450 len += lba; 1451 1452 if ((len < lba) || 1453 (len > currlun->num_sectors) || 1454 (lba >= currlun->num_sectors)) { 1455 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1456 return (1); 1457 } 1458 file_offset = lba; 1459 file_offset <<= 9; 1460 1461 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1462 1463 return (0); 1464 } 1465 1466 /*------------------------------------------------------------------------* 1467 * ustorage_fs_min_len 1468 * 1469 * Return values: 1470 * 0: Success 1471 * Else: Failure 1472 *------------------------------------------------------------------------*/ 1473 static uint8_t 1474 ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask) 1475 { 1476 if (len != sc->sc_transfer.data_rem) { 1477 if (sc->sc_transfer.cbw_dir == DIR_READ) { 1478 /* 1479 * there must be something wrong about this SCSI 1480 * command 1481 */ 1482 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE; 1483 return (1); 1484 } 1485 /* compute the minimum length */ 1486 1487 if (sc->sc_transfer.data_rem > len) { 1488 /* data ends prematurely */ 1489 sc->sc_transfer.data_rem = len; 1490 sc->sc_transfer.data_short = 1; 1491 } 1492 /* check length alignment */ 1493 1494 if (sc->sc_transfer.data_rem & ~mask) { 1495 /* data ends prematurely */ 1496 sc->sc_transfer.data_rem &= mask; 1497 sc->sc_transfer.data_short = 1; 1498 } 1499 } 1500 return (0); 1501 } 1502 1503 /*------------------------------------------------------------------------* 1504 * ustorage_fs_check_cmd - check command routine 1505 * 1506 * Check whether the command is properly formed and whether its data 1507 * size and direction agree with the values we already have. 1508 * 1509 * Return values: 1510 * 0: Success 1511 * Else: Failure 1512 *------------------------------------------------------------------------*/ 1513 static uint8_t 1514 ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size, 1515 uint16_t mask, uint8_t needs_medium) 1516 { 1517 struct ustorage_fs_lun *currlun; 1518 uint8_t lun = (sc->sc_cbw->CBWCDB[1] >> 5); 1519 uint8_t i; 1520 1521 /* Verify the length of the command itself */ 1522 if (min_cmd_size > sc->sc_transfer.cmd_len) { 1523 DPRINTF("%u > %u\n", 1524 min_cmd_size, sc->sc_transfer.cmd_len); 1525 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE; 1526 return (1); 1527 } 1528 /* Mask away the LUN */ 1529 sc->sc_cbw->CBWCDB[1] &= 0x1f; 1530 1531 /* Check if LUN is correct */ 1532 if (lun != sc->sc_transfer.lun) { 1533 } 1534 /* Check the LUN */ 1535 if (sc->sc_transfer.lun <= sc->sc_last_lun) { 1536 sc->sc_transfer.currlun = currlun = 1537 sc->sc_lun + sc->sc_transfer.lun; 1538 if (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE) { 1539 currlun->sense_data = SS_NO_SENSE; 1540 currlun->sense_data_info = 0; 1541 currlun->info_valid = 0; 1542 } 1543 /* 1544 * If a unit attention condition exists, only INQUIRY 1545 * and REQUEST SENSE commands are allowed. Anything 1546 * else must fail! 1547 */ 1548 if ((currlun->unit_attention_data != SS_NO_SENSE) && 1549 (sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) && 1550 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) { 1551 currlun->sense_data = currlun->unit_attention_data; 1552 currlun->unit_attention_data = SS_NO_SENSE; 1553 return (1); 1554 } 1555 } else { 1556 sc->sc_transfer.currlun = currlun = NULL; 1557 1558 /* 1559 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1560 * to use unsupported LUNs; all others may not. 1561 */ 1562 if ((sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) && 1563 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) { 1564 return (1); 1565 } 1566 } 1567 1568 /* 1569 * Check that only command bytes listed in the mask are 1570 * non-zero. 1571 */ 1572 for (i = 0; i != min_cmd_size; i++) { 1573 if (sc->sc_cbw->CBWCDB[i] && !(mask & (1UL << i))) { 1574 if (currlun) { 1575 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1576 } 1577 return (1); 1578 } 1579 } 1580 1581 /* 1582 * If the medium isn't mounted and the command needs to access 1583 * it, return an error. 1584 */ 1585 if (currlun && (!currlun->memory_image) && needs_medium) { 1586 currlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1587 return (1); 1588 } 1589 return (0); 1590 } 1591 1592 /*------------------------------------------------------------------------* 1593 * ustorage_fs_do_cmd - do command 1594 * 1595 * Return values: 1596 * 0: Success 1597 * Else: Failure 1598 *------------------------------------------------------------------------*/ 1599 static uint8_t 1600 ustorage_fs_do_cmd(struct ustorage_fs_softc *sc) 1601 { 1602 uint8_t error = 1; 1603 uint8_t i; 1604 uint32_t temp; 1605 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9; 1606 1607 /* set default data transfer pointer */ 1608 sc->sc_transfer.data_ptr = sc->sc_qdata; 1609 1610 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n", 1611 sc->sc_cbw->CBWCDB[0], sc->sc_transfer.data_rem); 1612 1613 switch (sc->sc_cbw->CBWCDB[0]) { 1614 case SC_INQUIRY: 1615 sc->sc_transfer.cmd_dir = DIR_WRITE; 1616 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U); 1617 if (error) { 1618 break; 1619 } 1620 error = ustorage_fs_check_cmd(sc, 6, 1621 (1UL << 4) | 1, 0); 1622 if (error) { 1623 break; 1624 } 1625 error = ustorage_fs_inquiry(sc); 1626 1627 break; 1628 1629 case SC_MODE_SELECT_6: 1630 sc->sc_transfer.cmd_dir = DIR_READ; 1631 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U); 1632 if (error) { 1633 break; 1634 } 1635 error = ustorage_fs_check_cmd(sc, 6, 1636 (1UL << 1) | (1UL << 4) | 1, 0); 1637 if (error) { 1638 break; 1639 } 1640 error = ustorage_fs_mode_select(sc); 1641 1642 break; 1643 1644 case SC_MODE_SELECT_10: 1645 sc->sc_transfer.cmd_dir = DIR_READ; 1646 error = ustorage_fs_min_len(sc, 1647 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U); 1648 if (error) { 1649 break; 1650 } 1651 error = ustorage_fs_check_cmd(sc, 10, 1652 (1UL << 1) | (3UL << 7) | 1, 0); 1653 if (error) { 1654 break; 1655 } 1656 error = ustorage_fs_mode_select(sc); 1657 1658 break; 1659 1660 case SC_MODE_SENSE_6: 1661 sc->sc_transfer.cmd_dir = DIR_WRITE; 1662 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U); 1663 if (error) { 1664 break; 1665 } 1666 error = ustorage_fs_check_cmd(sc, 6, 1667 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0); 1668 if (error) { 1669 break; 1670 } 1671 error = ustorage_fs_mode_sense(sc); 1672 1673 break; 1674 1675 case SC_MODE_SENSE_10: 1676 sc->sc_transfer.cmd_dir = DIR_WRITE; 1677 error = ustorage_fs_min_len(sc, 1678 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U); 1679 if (error) { 1680 break; 1681 } 1682 error = ustorage_fs_check_cmd(sc, 10, 1683 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0); 1684 if (error) { 1685 break; 1686 } 1687 error = ustorage_fs_mode_sense(sc); 1688 1689 break; 1690 1691 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 1692 error = ustorage_fs_min_len(sc, 0, -1U); 1693 if (error) { 1694 break; 1695 } 1696 error = ustorage_fs_check_cmd(sc, 6, 1697 (1UL << 4) | 1, 0); 1698 if (error) { 1699 break; 1700 } 1701 error = ustorage_fs_prevent_allow(sc); 1702 1703 break; 1704 1705 case SC_READ_6: 1706 i = sc->sc_cbw->CBWCDB[4]; 1707 sc->sc_transfer.cmd_dir = DIR_WRITE; 1708 temp = ((i == 0) ? 256UL : i); 1709 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1710 if (error) { 1711 break; 1712 } 1713 error = ustorage_fs_check_cmd(sc, 6, 1714 (7UL << 1) | (1UL << 4) | 1, 1); 1715 if (error) { 1716 break; 1717 } 1718 error = ustorage_fs_read(sc); 1719 1720 break; 1721 1722 case SC_READ_10: 1723 sc->sc_transfer.cmd_dir = DIR_WRITE; 1724 temp = get_be16(&sc->sc_cbw->CBWCDB[7]); 1725 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1726 if (error) { 1727 break; 1728 } 1729 error = ustorage_fs_check_cmd(sc, 10, 1730 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1731 if (error) { 1732 break; 1733 } 1734 error = ustorage_fs_read(sc); 1735 1736 break; 1737 1738 case SC_READ_12: 1739 sc->sc_transfer.cmd_dir = DIR_WRITE; 1740 temp = get_be32(&sc->sc_cbw->CBWCDB[6]); 1741 if (temp >= (1UL << (32 - 9))) { 1742 /* numerical overflow */ 1743 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED; 1744 error = 1; 1745 break; 1746 } 1747 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1748 if (error) { 1749 break; 1750 } 1751 error = ustorage_fs_check_cmd(sc, 12, 1752 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1753 if (error) { 1754 break; 1755 } 1756 error = ustorage_fs_read(sc); 1757 1758 break; 1759 1760 case SC_READ_CAPACITY: 1761 sc->sc_transfer.cmd_dir = DIR_WRITE; 1762 error = ustorage_fs_check_cmd(sc, 10, 1763 (0xfUL << 2) | (1UL << 8) | 1, 1); 1764 if (error) { 1765 break; 1766 } 1767 error = ustorage_fs_read_capacity(sc); 1768 1769 break; 1770 1771 case SC_READ_FORMAT_CAPACITIES: 1772 sc->sc_transfer.cmd_dir = DIR_WRITE; 1773 error = ustorage_fs_min_len(sc, 1774 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U); 1775 if (error) { 1776 break; 1777 } 1778 error = ustorage_fs_check_cmd(sc, 10, 1779 (3UL << 7) | 1, 1); 1780 if (error) { 1781 break; 1782 } 1783 error = ustorage_fs_read_format_capacities(sc); 1784 1785 break; 1786 1787 case SC_REQUEST_SENSE: 1788 sc->sc_transfer.cmd_dir = DIR_WRITE; 1789 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U); 1790 if (error) { 1791 break; 1792 } 1793 error = ustorage_fs_check_cmd(sc, 6, 1794 (1UL << 4) | 1, 0); 1795 if (error) { 1796 break; 1797 } 1798 error = ustorage_fs_request_sense(sc); 1799 1800 break; 1801 1802 case SC_START_STOP_UNIT: 1803 error = ustorage_fs_min_len(sc, 0, -1U); 1804 if (error) { 1805 break; 1806 } 1807 error = ustorage_fs_check_cmd(sc, 6, 1808 (1UL << 1) | (1UL << 4) | 1, 0); 1809 if (error) { 1810 break; 1811 } 1812 error = ustorage_fs_start_stop(sc); 1813 1814 break; 1815 1816 case SC_SYNCHRONIZE_CACHE: 1817 error = ustorage_fs_min_len(sc, 0, -1U); 1818 if (error) { 1819 break; 1820 } 1821 error = ustorage_fs_check_cmd(sc, 10, 1822 (0xfUL << 2) | (3UL << 7) | 1, 1); 1823 if (error) { 1824 break; 1825 } 1826 error = ustorage_fs_synchronize_cache(sc); 1827 1828 break; 1829 1830 case SC_TEST_UNIT_READY: 1831 error = ustorage_fs_min_len(sc, 0, -1U); 1832 if (error) { 1833 break; 1834 } 1835 error = ustorage_fs_check_cmd(sc, 6, 1836 0 | 1, 1); 1837 break; 1838 1839 /* 1840 * Although optional, this command is used by MS-Windows. 1841 * We support a minimal version: BytChk must be 0. 1842 */ 1843 case SC_VERIFY: 1844 error = ustorage_fs_min_len(sc, 0, -1U); 1845 if (error) { 1846 break; 1847 } 1848 error = ustorage_fs_check_cmd(sc, 10, 1849 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1850 if (error) { 1851 break; 1852 } 1853 error = ustorage_fs_verify(sc); 1854 1855 break; 1856 1857 case SC_WRITE_6: 1858 i = sc->sc_cbw->CBWCDB[4]; 1859 sc->sc_transfer.cmd_dir = DIR_READ; 1860 temp = ((i == 0) ? 256UL : i); 1861 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1862 if (error) { 1863 break; 1864 } 1865 error = ustorage_fs_check_cmd(sc, 6, 1866 (7UL << 1) | (1UL << 4) | 1, 1); 1867 if (error) { 1868 break; 1869 } 1870 error = ustorage_fs_write(sc); 1871 1872 break; 1873 1874 case SC_WRITE_10: 1875 sc->sc_transfer.cmd_dir = DIR_READ; 1876 temp = get_be16(&sc->sc_cbw->CBWCDB[7]); 1877 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1878 if (error) { 1879 break; 1880 } 1881 error = ustorage_fs_check_cmd(sc, 10, 1882 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1883 if (error) { 1884 break; 1885 } 1886 error = ustorage_fs_write(sc); 1887 1888 break; 1889 1890 case SC_WRITE_12: 1891 sc->sc_transfer.cmd_dir = DIR_READ; 1892 temp = get_be32(&sc->sc_cbw->CBWCDB[6]); 1893 if (temp > (mask9 >> 9)) { 1894 /* numerical overflow */ 1895 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED; 1896 error = 1; 1897 break; 1898 } 1899 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1900 if (error) { 1901 break; 1902 } 1903 error = ustorage_fs_check_cmd(sc, 12, 1904 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1905 if (error) { 1906 break; 1907 } 1908 error = ustorage_fs_write(sc); 1909 1910 break; 1911 1912 /* 1913 * Some mandatory commands that we recognize but don't 1914 * implement. They don't mean much in this setting. 1915 * It's left as an exercise for anyone interested to 1916 * implement RESERVE and RELEASE in terms of Posix 1917 * locks. 1918 */ 1919 case SC_FORMAT_UNIT: 1920 case SC_RELEASE: 1921 case SC_RESERVE: 1922 case SC_SEND_DIAGNOSTIC: 1923 /* Fallthrough */ 1924 1925 default: 1926 error = ustorage_fs_min_len(sc, 0, -1U); 1927 if (error) { 1928 break; 1929 } 1930 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len, 1931 0xff, 0); 1932 if (error) { 1933 break; 1934 } 1935 sc->sc_transfer.currlun->sense_data = 1936 SS_INVALID_COMMAND; 1937 error = 1; 1938 1939 break; 1940 } 1941 return (error); 1942 } 1943