xref: /freebsd/sys/dev/usb/usb_msctest.c (revision ec273ebf3b6aed5fba8c56b6ece5ad8693a48ea7)
1 /* $FreeBSD$ */
2 /*-
3  * Copyright (c) 2008,2011 Hans Petter Selasky. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 /*
28  * The following file contains code that will detect USB autoinstall
29  * disks.
30  *
31  * TODO: Potentially we could add code to automatically detect USB
32  * mass storage quirks for not supported SCSI commands!
33  */
34 
35 #ifdef USB_GLOBAL_INCLUDE_FILE
36 #include USB_GLOBAL_INCLUDE_FILE
37 #else
38 #include <sys/stdint.h>
39 #include <sys/stddef.h>
40 #include <sys/param.h>
41 #include <sys/queue.h>
42 #include <sys/types.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/bus.h>
46 #include <sys/module.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/condvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/sx.h>
52 #include <sys/unistd.h>
53 #include <sys/callout.h>
54 #include <sys/malloc.h>
55 #include <sys/priv.h>
56 
57 #include <dev/usb/usb.h>
58 #include <dev/usb/usbdi.h>
59 #include <dev/usb/usbdi_util.h>
60 
61 #define	USB_DEBUG_VAR usb_debug
62 
63 #include <dev/usb/usb_busdma.h>
64 #include <dev/usb/usb_process.h>
65 #include <dev/usb/usb_transfer.h>
66 #include <dev/usb/usb_msctest.h>
67 #include <dev/usb/usb_debug.h>
68 #include <dev/usb/usb_device.h>
69 #include <dev/usb/usb_request.h>
70 #include <dev/usb/usb_util.h>
71 #include <dev/usb/quirk/usb_quirk.h>
72 #endif			/* USB_GLOBAL_INCLUDE_FILE */
73 
74 enum {
75 	ST_COMMAND,
76 	ST_DATA_RD,
77 	ST_DATA_RD_CS,
78 	ST_DATA_WR,
79 	ST_DATA_WR_CS,
80 	ST_STATUS,
81 	ST_MAX,
82 };
83 
84 enum {
85 	DIR_IN,
86 	DIR_OUT,
87 	DIR_NONE,
88 };
89 
90 #define	SCSI_MAX_LEN	MAX(SCSI_FIXED_BLOCK_SIZE, USB_MSCTEST_BULK_SIZE)
91 #define	SCSI_INQ_LEN	0x24
92 #define	SCSI_SENSE_LEN	0xFF
93 #define	SCSI_FIXED_BLOCK_SIZE 512	/* bytes */
94 
95 static uint8_t scsi_test_unit_ready[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
96 static uint8_t scsi_inquiry[] = { 0x12, 0x00, 0x00, 0x00, SCSI_INQ_LEN, 0x00 };
97 static uint8_t scsi_rezero_init[] =     { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 };
98 static uint8_t scsi_start_stop_unit[] = { 0x1b, 0x00, 0x00, 0x00, 0x02, 0x00 };
99 static uint8_t scsi_ztestor_eject[] =   { 0x85, 0x01, 0x01, 0x01, 0x18, 0x01,
100 					  0x01, 0x01, 0x01, 0x01, 0x00, 0x00 };
101 static uint8_t scsi_cmotech_eject[] =   { 0xff, 0x52, 0x44, 0x45, 0x56, 0x43,
102 					  0x48, 0x47 };
103 static uint8_t scsi_huawei_eject[] =	{ 0x11, 0x06, 0x00, 0x00, 0x00, 0x00,
104 					  0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 					  0x00, 0x00, 0x00, 0x00 };
106 static uint8_t scsi_huawei_eject2[] =	{ 0x11, 0x06, 0x20, 0x00, 0x00, 0x01,
107 					  0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 					  0x00, 0x00, 0x00, 0x00 };
109 static uint8_t scsi_tct_eject[] =	{ 0x06, 0xf5, 0x04, 0x02, 0x52, 0x70 };
110 static uint8_t scsi_sync_cache[] =	{ 0x35, 0x00, 0x00, 0x00, 0x00, 0x00,
111 					  0x00, 0x00, 0x00, 0x00 };
112 static uint8_t scsi_request_sense[] =	{ 0x03, 0x00, 0x00, 0x00, 0x12, 0x00,
113 					  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
114 static uint8_t scsi_read_capacity[] =	{ 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,
115 					  0x00, 0x00, 0x00, 0x00 };
116 static uint8_t scsi_prevent_removal[] =	{ 0x1e, 0, 0, 0, 1, 0 };
117 static uint8_t scsi_allow_removal[] =	{ 0x1e, 0, 0, 0, 0, 0 };
118 
119 #ifndef USB_MSCTEST_BULK_SIZE
120 #define	USB_MSCTEST_BULK_SIZE	64	/* dummy */
121 #endif
122 
123 #define	ERR_CSW_FAILED		-1
124 
125 /* Command Block Wrapper */
126 struct bbb_cbw {
127 	uDWord	dCBWSignature;
128 #define	CBWSIGNATURE	0x43425355
129 	uDWord	dCBWTag;
130 	uDWord	dCBWDataTransferLength;
131 	uByte	bCBWFlags;
132 #define	CBWFLAGS_OUT	0x00
133 #define	CBWFLAGS_IN	0x80
134 	uByte	bCBWLUN;
135 	uByte	bCDBLength;
136 #define	CBWCDBLENGTH	16
137 	uByte	CBWCDB[CBWCDBLENGTH];
138 } __packed;
139 
140 /* Command Status Wrapper */
141 struct bbb_csw {
142 	uDWord	dCSWSignature;
143 #define	CSWSIGNATURE	0x53425355
144 	uDWord	dCSWTag;
145 	uDWord	dCSWDataResidue;
146 	uByte	bCSWStatus;
147 #define	CSWSTATUS_GOOD	0x0
148 #define	CSWSTATUS_FAILED	0x1
149 #define	CSWSTATUS_PHASE	0x2
150 } __packed;
151 
152 struct bbb_transfer {
153 	struct mtx mtx;
154 	struct cv cv;
155 	struct bbb_cbw *cbw;
156 	struct bbb_csw *csw;
157 
158 	struct usb_xfer *xfer[ST_MAX];
159 
160 	uint8_t *data_ptr;
161 
162 	usb_size_t data_len;		/* bytes */
163 	usb_size_t data_rem;		/* bytes */
164 	usb_timeout_t data_timeout;	/* ms */
165 	usb_frlength_t actlen;		/* bytes */
166 	usb_frlength_t buffer_size;    	/* bytes */
167 
168 	uint8_t	cmd_len;		/* bytes */
169 	uint8_t	dir;
170 	uint8_t	lun;
171 	uint8_t	state;
172 	uint8_t	status_try;
173 	int	error;
174 
175 	uint8_t	*buffer;
176 };
177 
178 static usb_callback_t bbb_command_callback;
179 static usb_callback_t bbb_data_read_callback;
180 static usb_callback_t bbb_data_rd_cs_callback;
181 static usb_callback_t bbb_data_write_callback;
182 static usb_callback_t bbb_data_wr_cs_callback;
183 static usb_callback_t bbb_status_callback;
184 
185 static void	bbb_done(struct bbb_transfer *, int);
186 static void	bbb_transfer_start(struct bbb_transfer *, uint8_t);
187 static void	bbb_data_clear_stall_callback(struct usb_xfer *, uint8_t,
188 		    uint8_t);
189 static int	bbb_command_start(struct bbb_transfer *, uint8_t, uint8_t,
190 		    void *, size_t, void *, size_t, usb_timeout_t);
191 static struct bbb_transfer *bbb_attach(struct usb_device *, uint8_t);
192 static void	bbb_detach(struct bbb_transfer *);
193 
194 static const struct usb_config bbb_config[ST_MAX] = {
195 
196 	[ST_COMMAND] = {
197 		.type = UE_BULK,
198 		.endpoint = UE_ADDR_ANY,
199 		.direction = UE_DIR_OUT,
200 		.bufsize = sizeof(struct bbb_cbw),
201 		.callback = &bbb_command_callback,
202 		.timeout = 4 * USB_MS_HZ,	/* 4 seconds */
203 	},
204 
205 	[ST_DATA_RD] = {
206 		.type = UE_BULK,
207 		.endpoint = UE_ADDR_ANY,
208 		.direction = UE_DIR_IN,
209 		.bufsize = SCSI_MAX_LEN,
210 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
211 		.callback = &bbb_data_read_callback,
212 		.timeout = 4 * USB_MS_HZ,	/* 4 seconds */
213 	},
214 
215 	[ST_DATA_RD_CS] = {
216 		.type = UE_CONTROL,
217 		.endpoint = 0x00,	/* Control pipe */
218 		.direction = UE_DIR_ANY,
219 		.bufsize = sizeof(struct usb_device_request),
220 		.callback = &bbb_data_rd_cs_callback,
221 		.timeout = 1 * USB_MS_HZ,	/* 1 second  */
222 	},
223 
224 	[ST_DATA_WR] = {
225 		.type = UE_BULK,
226 		.endpoint = UE_ADDR_ANY,
227 		.direction = UE_DIR_OUT,
228 		.bufsize = SCSI_MAX_LEN,
229 		.flags = {.ext_buffer = 1,.proxy_buffer = 1,},
230 		.callback = &bbb_data_write_callback,
231 		.timeout = 4 * USB_MS_HZ,	/* 4 seconds */
232 	},
233 
234 	[ST_DATA_WR_CS] = {
235 		.type = UE_CONTROL,
236 		.endpoint = 0x00,	/* Control pipe */
237 		.direction = UE_DIR_ANY,
238 		.bufsize = sizeof(struct usb_device_request),
239 		.callback = &bbb_data_wr_cs_callback,
240 		.timeout = 1 * USB_MS_HZ,	/* 1 second  */
241 	},
242 
243 	[ST_STATUS] = {
244 		.type = UE_BULK,
245 		.endpoint = UE_ADDR_ANY,
246 		.direction = UE_DIR_IN,
247 		.bufsize = sizeof(struct bbb_csw),
248 		.flags = {.short_xfer_ok = 1,},
249 		.callback = &bbb_status_callback,
250 		.timeout = 1 * USB_MS_HZ,	/* 1 second  */
251 	},
252 };
253 
254 static void
255 bbb_done(struct bbb_transfer *sc, int error)
256 {
257 	sc->error = error;
258 	sc->state = ST_COMMAND;
259 	sc->status_try = 1;
260 	cv_signal(&sc->cv);
261 }
262 
263 static void
264 bbb_transfer_start(struct bbb_transfer *sc, uint8_t xfer_index)
265 {
266 	sc->state = xfer_index;
267 	usbd_transfer_start(sc->xfer[xfer_index]);
268 }
269 
270 static void
271 bbb_data_clear_stall_callback(struct usb_xfer *xfer,
272     uint8_t next_xfer, uint8_t stall_xfer)
273 {
274 	struct bbb_transfer *sc = usbd_xfer_softc(xfer);
275 
276 	if (usbd_clear_stall_callback(xfer, sc->xfer[stall_xfer])) {
277 		switch (USB_GET_STATE(xfer)) {
278 		case USB_ST_SETUP:
279 		case USB_ST_TRANSFERRED:
280 			bbb_transfer_start(sc, next_xfer);
281 			break;
282 		default:
283 			bbb_done(sc, USB_ERR_STALLED);
284 			break;
285 		}
286 	}
287 }
288 
289 static void
290 bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
291 {
292 	struct bbb_transfer *sc = usbd_xfer_softc(xfer);
293 	uint32_t tag;
294 
295 	switch (USB_GET_STATE(xfer)) {
296 	case USB_ST_TRANSFERRED:
297 		bbb_transfer_start
298 		    (sc, ((sc->dir == DIR_IN) ? ST_DATA_RD :
299 		    (sc->dir == DIR_OUT) ? ST_DATA_WR :
300 		    ST_STATUS));
301 		break;
302 
303 	case USB_ST_SETUP:
304 		sc->status_try = 0;
305 		tag = UGETDW(sc->cbw->dCBWTag) + 1;
306 		USETDW(sc->cbw->dCBWSignature, CBWSIGNATURE);
307 		USETDW(sc->cbw->dCBWTag, tag);
308 		USETDW(sc->cbw->dCBWDataTransferLength, (uint32_t)sc->data_len);
309 		sc->cbw->bCBWFlags = ((sc->dir == DIR_IN) ? CBWFLAGS_IN : CBWFLAGS_OUT);
310 		sc->cbw->bCBWLUN = sc->lun;
311 		sc->cbw->bCDBLength = sc->cmd_len;
312 		if (sc->cbw->bCDBLength > sizeof(sc->cbw->CBWCDB)) {
313 			sc->cbw->bCDBLength = sizeof(sc->cbw->CBWCDB);
314 			DPRINTFN(0, "Truncating long command\n");
315 		}
316 		usbd_xfer_set_frame_len(xfer, 0,
317 		    sizeof(struct bbb_cbw));
318 		usbd_transfer_submit(xfer);
319 		break;
320 
321 	default:			/* Error */
322 		bbb_done(sc, error);
323 		break;
324 	}
325 }
326 
327 static void
328 bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
329 {
330 	struct bbb_transfer *sc = usbd_xfer_softc(xfer);
331 	usb_frlength_t max_bulk = usbd_xfer_max_len(xfer);
332 	int actlen, sumlen;
333 
334 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
335 
336 	switch (USB_GET_STATE(xfer)) {
337 	case USB_ST_TRANSFERRED:
338 		sc->data_rem -= actlen;
339 		sc->data_ptr += actlen;
340 		sc->actlen += actlen;
341 
342 		if (actlen < sumlen) {
343 			/* short transfer */
344 			sc->data_rem = 0;
345 		}
346 	case USB_ST_SETUP:
347 		DPRINTF("max_bulk=%d, data_rem=%d\n",
348 		    max_bulk, sc->data_rem);
349 
350 		if (sc->data_rem == 0) {
351 			bbb_transfer_start(sc, ST_STATUS);
352 			break;
353 		}
354 		if (max_bulk > sc->data_rem) {
355 			max_bulk = sc->data_rem;
356 		}
357 		usbd_xfer_set_timeout(xfer, sc->data_timeout);
358 		usbd_xfer_set_frame_data(xfer, 0, sc->data_ptr, max_bulk);
359 		usbd_transfer_submit(xfer);
360 		break;
361 
362 	default:			/* Error */
363 		if (error == USB_ERR_CANCELLED) {
364 			bbb_done(sc, error);
365 		} else {
366 			bbb_transfer_start(sc, ST_DATA_RD_CS);
367 		}
368 		break;
369 	}
370 }
371 
372 static void
373 bbb_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
374 {
375 	bbb_data_clear_stall_callback(xfer, ST_STATUS,
376 	    ST_DATA_RD);
377 }
378 
379 static void
380 bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
381 {
382 	struct bbb_transfer *sc = usbd_xfer_softc(xfer);
383 	usb_frlength_t max_bulk = usbd_xfer_max_len(xfer);
384 	int actlen, sumlen;
385 
386 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
387 
388 	switch (USB_GET_STATE(xfer)) {
389 	case USB_ST_TRANSFERRED:
390 		sc->data_rem -= actlen;
391 		sc->data_ptr += actlen;
392 		sc->actlen += actlen;
393 
394 		if (actlen < sumlen) {
395 			/* short transfer */
396 			sc->data_rem = 0;
397 		}
398 	case USB_ST_SETUP:
399 		DPRINTF("max_bulk=%d, data_rem=%d\n",
400 		    max_bulk, sc->data_rem);
401 
402 		if (sc->data_rem == 0) {
403 			bbb_transfer_start(sc, ST_STATUS);
404 			break;
405 		}
406 		if (max_bulk > sc->data_rem) {
407 			max_bulk = sc->data_rem;
408 		}
409 		usbd_xfer_set_timeout(xfer, sc->data_timeout);
410 		usbd_xfer_set_frame_data(xfer, 0, sc->data_ptr, max_bulk);
411 		usbd_transfer_submit(xfer);
412 		break;
413 
414 	default:			/* Error */
415 		if (error == USB_ERR_CANCELLED) {
416 			bbb_done(sc, error);
417 		} else {
418 			bbb_transfer_start(sc, ST_DATA_WR_CS);
419 		}
420 		break;
421 	}
422 }
423 
424 static void
425 bbb_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
426 {
427 	bbb_data_clear_stall_callback(xfer, ST_STATUS,
428 	    ST_DATA_WR);
429 }
430 
431 static void
432 bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
433 {
434 	struct bbb_transfer *sc = usbd_xfer_softc(xfer);
435 	int actlen;
436 	int sumlen;
437 
438 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
439 
440 	switch (USB_GET_STATE(xfer)) {
441 	case USB_ST_TRANSFERRED:
442 
443 		/* very simple status check */
444 
445 		if (actlen < (int)sizeof(struct bbb_csw)) {
446 			bbb_done(sc, USB_ERR_SHORT_XFER);
447 		} else if (sc->csw->bCSWStatus == CSWSTATUS_GOOD) {
448 			bbb_done(sc, 0);	/* success */
449 		} else {
450 			bbb_done(sc, ERR_CSW_FAILED);	/* error */
451 		}
452 		break;
453 
454 	case USB_ST_SETUP:
455 		usbd_xfer_set_frame_len(xfer, 0,
456 		    sizeof(struct bbb_csw));
457 		usbd_transfer_submit(xfer);
458 		break;
459 
460 	default:
461 		DPRINTF("Failed to read CSW: %s, try %d\n",
462 		    usbd_errstr(error), sc->status_try);
463 
464 		if (error == USB_ERR_CANCELLED || sc->status_try) {
465 			bbb_done(sc, error);
466 		} else {
467 			sc->status_try = 1;
468 			bbb_transfer_start(sc, ST_DATA_RD_CS);
469 		}
470 		break;
471 	}
472 }
473 
474 /*------------------------------------------------------------------------*
475  *	bbb_command_start - execute a SCSI command synchronously
476  *
477  * Return values
478  * 0: Success
479  * Else: Failure
480  *------------------------------------------------------------------------*/
481 static int
482 bbb_command_start(struct bbb_transfer *sc, uint8_t dir, uint8_t lun,
483     void *data_ptr, size_t data_len, void *cmd_ptr, size_t cmd_len,
484     usb_timeout_t data_timeout)
485 {
486 	sc->lun = lun;
487 	sc->dir = data_len ? dir : DIR_NONE;
488 	sc->data_ptr = data_ptr;
489 	sc->data_len = data_len;
490 	sc->data_rem = data_len;
491 	sc->data_timeout = (data_timeout + USB_MS_HZ);
492 	sc->actlen = 0;
493 	sc->error = 0;
494 	sc->cmd_len = cmd_len;
495 	memset(&sc->cbw->CBWCDB, 0, sizeof(sc->cbw->CBWCDB));
496 	memcpy(&sc->cbw->CBWCDB, cmd_ptr, cmd_len);
497 	DPRINTFN(1, "SCSI cmd = %*D\n", (int)cmd_len, (char *)sc->cbw->CBWCDB, ":");
498 
499 	mtx_lock(&sc->mtx);
500 	usbd_transfer_start(sc->xfer[sc->state]);
501 
502 	while (usbd_transfer_pending(sc->xfer[sc->state])) {
503 		cv_wait(&sc->cv, &sc->mtx);
504 	}
505 	mtx_unlock(&sc->mtx);
506 	return (sc->error);
507 }
508 
509 static struct bbb_transfer *
510 bbb_attach(struct usb_device *udev, uint8_t iface_index)
511 {
512 	struct usb_interface *iface;
513 	struct usb_interface_descriptor *id;
514 	struct bbb_transfer *sc;
515 	usb_error_t err;
516 
517 #if USB_HAVE_MSCTEST_DETACH
518 	uint8_t do_unlock;
519 
520 	/* Prevent re-enumeration */
521 	do_unlock = usbd_enum_lock(udev);
522 
523 	/*
524 	 * Make sure any driver which is hooked up to this interface,
525 	 * like umass is gone:
526 	 */
527 	usb_detach_device(udev, iface_index, 0);
528 
529 	if (do_unlock)
530 		usbd_enum_unlock(udev);
531 #endif
532 
533 	iface = usbd_get_iface(udev, iface_index);
534 	if (iface == NULL)
535 		return (NULL);
536 
537 	id = iface->idesc;
538 	if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
539 		return (NULL);
540 
541 	switch (id->bInterfaceSubClass) {
542 	case UISUBCLASS_SCSI:
543 	case UISUBCLASS_UFI:
544 	case UISUBCLASS_SFF8020I:
545 	case UISUBCLASS_SFF8070I:
546 		break;
547 	default:
548 		return (NULL);
549 	}
550 
551 	switch (id->bInterfaceProtocol) {
552 	case UIPROTO_MASS_BBB_OLD:
553 	case UIPROTO_MASS_BBB:
554 		break;
555 	default:
556 		return (NULL);
557 	}
558 
559 	sc = malloc(sizeof(*sc), M_USB, M_WAITOK | M_ZERO);
560 	mtx_init(&sc->mtx, "USB autoinstall", NULL, MTX_DEF);
561 	cv_init(&sc->cv, "WBBB");
562 
563 	err = usbd_transfer_setup(udev, &iface_index, sc->xfer, bbb_config,
564 	    ST_MAX, sc, &sc->mtx);
565 	if (err) {
566 		bbb_detach(sc);
567 		return (NULL);
568 	}
569 	/* store pointer to DMA buffers */
570 	sc->buffer = usbd_xfer_get_frame_buffer(
571 	    sc->xfer[ST_DATA_RD], 0);
572 	sc->buffer_size =
573 	    usbd_xfer_max_len(sc->xfer[ST_DATA_RD]);
574 	sc->cbw = usbd_xfer_get_frame_buffer(
575 	    sc->xfer[ST_COMMAND], 0);
576 	sc->csw = usbd_xfer_get_frame_buffer(
577 	    sc->xfer[ST_STATUS], 0);
578 
579 	return (sc);
580 }
581 
582 static void
583 bbb_detach(struct bbb_transfer *sc)
584 {
585 	usbd_transfer_unsetup(sc->xfer, ST_MAX);
586 	mtx_destroy(&sc->mtx);
587 	cv_destroy(&sc->cv);
588 	free(sc, M_USB);
589 }
590 
591 /*------------------------------------------------------------------------*
592  *	usb_iface_is_cdrom
593  *
594  * Return values:
595  * 1: This interface is an auto install disk (CD-ROM)
596  * 0: Not an auto install disk.
597  *------------------------------------------------------------------------*/
598 int
599 usb_iface_is_cdrom(struct usb_device *udev, uint8_t iface_index)
600 {
601 	struct bbb_transfer *sc;
602 	uint8_t timeout;
603 	uint8_t is_cdrom;
604 	uint8_t sid_type;
605 	int err;
606 
607 	sc = bbb_attach(udev, iface_index);
608 	if (sc == NULL)
609 		return (0);
610 
611 	is_cdrom = 0;
612 	timeout = 4;	/* tries */
613 	while (--timeout) {
614 		err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
615 		    SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
616 		    USB_MS_HZ);
617 
618 		if (err == 0 && sc->actlen > 0) {
619 			sid_type = sc->buffer[0] & 0x1F;
620 			if (sid_type == 0x05)
621 				is_cdrom = 1;
622 			break;
623 		} else if (err != ERR_CSW_FAILED)
624 			break;	/* non retryable error */
625 		usb_pause_mtx(NULL, hz);
626 	}
627 	bbb_detach(sc);
628 	return (is_cdrom);
629 }
630 
631 static uint8_t
632 usb_msc_get_max_lun(struct usb_device *udev, uint8_t iface_index)
633 {
634 	struct usb_device_request req;
635 	usb_error_t err;
636 	uint8_t buf = 0;
637 
638 
639 	/* The Get Max Lun command is a class-specific request. */
640 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
641 	req.bRequest = 0xFE;		/* GET_MAX_LUN */
642 	USETW(req.wValue, 0);
643 	req.wIndex[0] = iface_index;
644 	req.wIndex[1] = 0;
645 	USETW(req.wLength, 1);
646 
647 	err = usbd_do_request(udev, NULL, &req, &buf);
648 	if (err)
649 		buf = 0;
650 
651 	return (buf);
652 }
653 
654 usb_error_t
655 usb_msc_auto_quirk(struct usb_device *udev, uint8_t iface_index)
656 {
657 	struct bbb_transfer *sc;
658 	uint8_t timeout;
659 	uint8_t is_no_direct;
660 	uint8_t sid_type;
661 	int err;
662 
663 	sc = bbb_attach(udev, iface_index);
664 	if (sc == NULL)
665 		return (0);
666 
667 	/*
668 	 * Some devices need a delay after that the configuration
669 	 * value is set to function properly:
670 	 */
671 	usb_pause_mtx(NULL, hz);
672 
673 	if (usb_msc_get_max_lun(udev, iface_index) == 0) {
674 		DPRINTF("Device has only got one LUN.\n");
675 		usbd_add_dynamic_quirk(udev, UQ_MSC_NO_GETMAXLUN);
676 	}
677 
678 	is_no_direct = 1;
679 	for (timeout = 4; timeout != 0; timeout--) {
680 		err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
681 		    SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
682 		    USB_MS_HZ);
683 
684 		if (err == 0 && sc->actlen > 0) {
685 			sid_type = sc->buffer[0] & 0x1F;
686 			if (sid_type == 0x00)
687 				is_no_direct = 0;
688 			break;
689 		} else if (err != ERR_CSW_FAILED) {
690 			DPRINTF("Device is not responding "
691 			    "properly to SCSI INQUIRY command.\n");
692 			goto error;	/* non retryable error */
693 		}
694 		usb_pause_mtx(NULL, hz);
695 	}
696 
697 	if (is_no_direct) {
698 		DPRINTF("Device is not direct access.\n");
699 		goto done;
700 	}
701 
702 	err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
703 	    &scsi_test_unit_ready, sizeof(scsi_test_unit_ready),
704 	    USB_MS_HZ);
705 
706 	if (err != 0) {
707 		if (err != ERR_CSW_FAILED)
708 			goto error;
709 		DPRINTF("Test unit ready failed\n");
710 	}
711 
712 	err = bbb_command_start(sc, DIR_OUT, 0, NULL, 0,
713 	    &scsi_prevent_removal, sizeof(scsi_prevent_removal),
714 	    USB_MS_HZ);
715 
716 	if (err == 0) {
717 		err = bbb_command_start(sc, DIR_OUT, 0, NULL, 0,
718 		    &scsi_allow_removal, sizeof(scsi_allow_removal),
719 		    USB_MS_HZ);
720 	}
721 
722 	if (err != 0) {
723 		if (err != ERR_CSW_FAILED)
724 			goto error;
725 		DPRINTF("Device doesn't handle prevent and allow removal\n");
726 		usbd_add_dynamic_quirk(udev, UQ_MSC_NO_PREVENT_ALLOW);
727 	}
728 
729 	timeout = 1;
730 
731 retry_sync_cache:
732 	err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
733 	    &scsi_sync_cache, sizeof(scsi_sync_cache),
734 	    USB_MS_HZ);
735 
736 	if (err != 0) {
737 
738 		if (err != ERR_CSW_FAILED)
739 			goto error;
740 
741 		DPRINTF("Device doesn't handle synchronize cache\n");
742 
743 		usbd_add_dynamic_quirk(udev, UQ_MSC_NO_SYNC_CACHE);
744 	} else {
745 
746 		/*
747 		 * Certain Kingston memory sticks fail the first
748 		 * read capacity after a synchronize cache command
749 		 * has been issued. Disable the synchronize cache
750 		 * command for such devices.
751 		 */
752 
753 		err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
754 		    &scsi_read_capacity, sizeof(scsi_read_capacity),
755 		    USB_MS_HZ);
756 
757 		if (err != 0) {
758 			if (err != ERR_CSW_FAILED)
759 				goto error;
760 
761 			err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
762 			    &scsi_read_capacity, sizeof(scsi_read_capacity),
763 			    USB_MS_HZ);
764 
765 			if (err == 0) {
766 				if (timeout--)
767 					goto retry_sync_cache;
768 
769 				DPRINTF("Device most likely doesn't "
770 				    "handle synchronize cache\n");
771 
772 				usbd_add_dynamic_quirk(udev,
773 				    UQ_MSC_NO_SYNC_CACHE);
774 			} else {
775 				if (err != ERR_CSW_FAILED)
776 					goto error;
777 			}
778 		}
779 	}
780 
781 	/* clear sense status of any failed commands on the device */
782 
783 	err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
784 	    SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
785 	    USB_MS_HZ);
786 
787 	DPRINTF("Inquiry = %d\n", err);
788 
789 	if (err != 0) {
790 
791 		if (err != ERR_CSW_FAILED)
792 			goto error;
793 	}
794 
795 	err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
796 	    SCSI_SENSE_LEN, &scsi_request_sense,
797 	    sizeof(scsi_request_sense), USB_MS_HZ);
798 
799 	DPRINTF("Request sense = %d\n", err);
800 
801 	if (err != 0) {
802 
803 		if (err != ERR_CSW_FAILED)
804 			goto error;
805 	}
806 
807 done:
808 	bbb_detach(sc);
809 	return (0);
810 
811 error:
812  	bbb_detach(sc);
813 
814 	DPRINTF("Device did not respond, enabling all quirks\n");
815 
816 	usbd_add_dynamic_quirk(udev, UQ_MSC_NO_SYNC_CACHE);
817 	usbd_add_dynamic_quirk(udev, UQ_MSC_NO_PREVENT_ALLOW);
818 	usbd_add_dynamic_quirk(udev, UQ_MSC_NO_TEST_UNIT_READY);
819 
820 	/* Need to re-enumerate the device */
821 	usbd_req_re_enumerate(udev, NULL);
822 
823 	return (USB_ERR_STALLED);
824 }
825 
826 usb_error_t
827 usb_msc_eject(struct usb_device *udev, uint8_t iface_index, int method)
828 {
829 	struct bbb_transfer *sc;
830 	usb_error_t err;
831 
832 	sc = bbb_attach(udev, iface_index);
833 	if (sc == NULL)
834 		return (USB_ERR_INVAL);
835 
836 	switch (method) {
837 	case MSC_EJECT_STOPUNIT:
838 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
839 		    &scsi_test_unit_ready, sizeof(scsi_test_unit_ready),
840 		    USB_MS_HZ);
841 		DPRINTF("Test unit ready status: %s\n", usbd_errstr(err));
842 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
843 		    &scsi_start_stop_unit, sizeof(scsi_start_stop_unit),
844 		    USB_MS_HZ);
845 		break;
846 	case MSC_EJECT_REZERO:
847 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
848 		    &scsi_rezero_init, sizeof(scsi_rezero_init),
849 		    USB_MS_HZ);
850 		break;
851 	case MSC_EJECT_ZTESTOR:
852 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
853 		    &scsi_ztestor_eject, sizeof(scsi_ztestor_eject),
854 		    USB_MS_HZ);
855 		break;
856 	case MSC_EJECT_CMOTECH:
857 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
858 		    &scsi_cmotech_eject, sizeof(scsi_cmotech_eject),
859 		    USB_MS_HZ);
860 		break;
861 	case MSC_EJECT_HUAWEI:
862 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
863 		    &scsi_huawei_eject, sizeof(scsi_huawei_eject),
864 		    USB_MS_HZ);
865 		break;
866 	case MSC_EJECT_HUAWEI2:
867 		err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
868 		    &scsi_huawei_eject2, sizeof(scsi_huawei_eject2),
869 		    USB_MS_HZ);
870 		break;
871 	case MSC_EJECT_TCT:
872 		/*
873 		 * TCTMobile needs DIR_IN flag. To get it, we
874 		 * supply a dummy data with the command.
875 		 */
876 		err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
877 		    sc->buffer_size, &scsi_tct_eject,
878 		    sizeof(scsi_tct_eject), USB_MS_HZ);
879 		break;
880 	default:
881 		DPRINTF("Unknown eject method (%d)\n", method);
882 		bbb_detach(sc);
883 		return (USB_ERR_INVAL);
884 	}
885 
886 	DPRINTF("Eject CD command status: %s\n", usbd_errstr(err));
887 
888 	bbb_detach(sc);
889 	return (0);
890 }
891 
892 usb_error_t
893 usb_msc_read_10(struct usb_device *udev, uint8_t iface_index,
894     uint32_t lba, uint32_t blocks, void *buffer)
895 {
896 	struct bbb_transfer *sc;
897 	uint8_t cmd[10];
898 	usb_error_t err;
899 
900 	cmd[0] = 0x28;		/* READ_10 */
901 	cmd[1] = 0;
902 	cmd[2] = lba >> 24;
903 	cmd[3] = lba >> 16;
904 	cmd[4] = lba >> 8;
905 	cmd[5] = lba >> 0;
906 	cmd[6] = 0;
907 	cmd[7] = blocks >> 8;
908 	cmd[8] = blocks;
909 	cmd[9] = 0;
910 
911 	sc = bbb_attach(udev, iface_index);
912 	if (sc == NULL)
913 		return (USB_ERR_INVAL);
914 
915 	err = bbb_command_start(sc, DIR_IN, 0, buffer,
916 	    blocks * SCSI_FIXED_BLOCK_SIZE, cmd, 10, USB_MS_HZ);
917 
918 	bbb_detach(sc);
919 
920 	return (err);
921 }
922 
923 usb_error_t
924 usb_msc_write_10(struct usb_device *udev, uint8_t iface_index,
925     uint32_t lba, uint32_t blocks, void *buffer)
926 {
927 	struct bbb_transfer *sc;
928 	uint8_t cmd[10];
929 	usb_error_t err;
930 
931 	cmd[0] = 0x2a;		/* WRITE_10 */
932 	cmd[1] = 0;
933 	cmd[2] = lba >> 24;
934 	cmd[3] = lba >> 16;
935 	cmd[4] = lba >> 8;
936 	cmd[5] = lba >> 0;
937 	cmd[6] = 0;
938 	cmd[7] = blocks >> 8;
939 	cmd[8] = blocks;
940 	cmd[9] = 0;
941 
942 	sc = bbb_attach(udev, iface_index);
943 	if (sc == NULL)
944 		return (USB_ERR_INVAL);
945 
946 	err = bbb_command_start(sc, DIR_OUT, 0, buffer,
947 	    blocks * SCSI_FIXED_BLOCK_SIZE, cmd, 10, USB_MS_HZ);
948 
949 	bbb_detach(sc);
950 
951 	return (err);
952 }
953 
954 usb_error_t
955 usb_msc_read_capacity(struct usb_device *udev, uint8_t iface_index,
956     uint32_t *lba_last, uint32_t *block_size)
957 {
958 	struct bbb_transfer *sc;
959 	usb_error_t err;
960 
961 	sc = bbb_attach(udev, iface_index);
962 	if (sc == NULL)
963 		return (USB_ERR_INVAL);
964 
965 	err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
966 	    &scsi_read_capacity, sizeof(scsi_read_capacity),
967 	    USB_MS_HZ);
968 
969 	*lba_last =
970 	    (sc->buffer[0] << 24) |
971 	    (sc->buffer[1] << 16) |
972 	    (sc->buffer[2] << 8) |
973 	    (sc->buffer[3]);
974 
975 	*block_size =
976 	    (sc->buffer[4] << 24) |
977 	    (sc->buffer[5] << 16) |
978 	    (sc->buffer[6] << 8) |
979 	    (sc->buffer[7]);
980 
981 	/* we currently only support one block size */
982 	if (*block_size != SCSI_FIXED_BLOCK_SIZE)
983 		err = USB_ERR_INVAL;
984 
985 	bbb_detach(sc);
986 
987 	return (err);
988 }
989