1 /* $FreeBSD$ */
2 /*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39 #include <sys/stdint.h>
40 #include <sys/param.h>
41 #include <sys/queue.h>
42 #include <sys/types.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/bus.h>
46 #include <sys/module.h>
47 #include <sys/lock.h>
48 #include <sys/condvar.h>
49 #include <sys/sysctl.h>
50 #include <sys/unistd.h>
51 #include <sys/callout.h>
52 #include <sys/malloc.h>
53 #include <sys/caps.h>
54
55 #include <bus/u4b/usb.h>
56 #include <bus/u4b/usbdi.h>
57 #include "usbdevs.h"
58 #include "usb_if.h"
59
60 #define USB_DEBUG_VAR ustorage_fs_debug
61 #include <bus/u4b/usb_debug.h>
62
63 #ifdef USB_DEBUG
64 static int ustorage_fs_debug = 0;
65
66 SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
67 SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW,
68 &ustorage_fs_debug, 0, "ustorage_fs debug level");
69 #endif
70
71 /* Define some limits */
72
73 #ifndef USTORAGE_FS_BULK_SIZE
74 #define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */
75 #endif
76
77 #ifndef USTORAGE_FS_MAX_LUN
78 #define USTORAGE_FS_MAX_LUN 8 /* units */
79 #endif
80
81 #ifndef USTORAGE_QDATA_MAX
82 #define USTORAGE_QDATA_MAX 40 /* bytes */
83 #endif
84
85 #define sc_cmd_data sc_cbw.CBWCDB
86
87 /*
88 * The SCSI ID string must be exactly 28 characters long
89 * exluding the terminating zero.
90 */
91 #ifndef USTORAGE_FS_ID_STRING
92 #define USTORAGE_FS_ID_STRING \
93 "FreeBSD " /* 8 */ \
94 "File-Stor Gadget" /* 16 */ \
95 "0101" /* 4 */
96 #endif
97
98 /*
99 * The following macro defines the number of
100 * sectors to be allocated for the RAM disk:
101 */
102 #ifndef USTORAGE_FS_RAM_SECT
103 #define USTORAGE_FS_RAM_SECT (1UL << 13)
104 #endif
105
106 static uint8_t *ustorage_fs_ramdisk;
107
108 /* USB transfer definitions */
109
110 #define USTORAGE_FS_T_BBB_COMMAND 0
111 #define USTORAGE_FS_T_BBB_DATA_DUMP 1
112 #define USTORAGE_FS_T_BBB_DATA_READ 2
113 #define USTORAGE_FS_T_BBB_DATA_WRITE 3
114 #define USTORAGE_FS_T_BBB_STATUS 4
115 #define USTORAGE_FS_T_BBB_MAX 5
116
117 /* USB data stage direction */
118
119 #define DIR_NONE 0
120 #define DIR_READ 1
121 #define DIR_WRITE 2
122
123 /* USB interface specific control request */
124
125 #define UR_BBB_RESET 0xff /* Bulk-Only reset */
126 #define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
127
128 /* Command Block Wrapper */
129 typedef struct {
130 uDWord dCBWSignature;
131 #define CBWSIGNATURE 0x43425355
132 uDWord dCBWTag;
133 uDWord dCBWDataTransferLength;
134 uByte bCBWFlags;
135 #define CBWFLAGS_OUT 0x00
136 #define CBWFLAGS_IN 0x80
137 uByte bCBWLUN;
138 uByte bCDBLength;
139 #define CBWCDBLENGTH 16
140 uByte CBWCDB[CBWCDBLENGTH];
141 } __packed ustorage_fs_bbb_cbw_t;
142
143 #define USTORAGE_FS_BBB_CBW_SIZE 31
144
145 /* Command Status Wrapper */
146 typedef struct {
147 uDWord dCSWSignature;
148 #define CSWSIGNATURE 0x53425355
149 uDWord dCSWTag;
150 uDWord dCSWDataResidue;
151 uByte bCSWStatus;
152 #define CSWSTATUS_GOOD 0x0
153 #define CSWSTATUS_FAILED 0x1
154 #define CSWSTATUS_PHASE 0x2
155 } __packed ustorage_fs_bbb_csw_t;
156
157 #define USTORAGE_FS_BBB_CSW_SIZE 13
158
159 struct ustorage_fs_lun {
160
161 uint8_t *memory_image;
162
163 uint32_t num_sectors;
164 uint32_t sense_data;
165 uint32_t sense_data_info;
166 uint32_t unit_attention_data;
167
168 uint8_t read_only:1;
169 uint8_t prevent_medium_removal:1;
170 uint8_t info_valid:1;
171 uint8_t removable:1;
172 };
173
174 struct ustorage_fs_softc {
175
176 ustorage_fs_bbb_cbw_t *sc_cbw; /* Command Wrapper Block */
177 ustorage_fs_bbb_csw_t *sc_csw; /* Command Status Block */
178 void *sc_dma_ptr; /* Main data buffer */
179
180 struct lock sc_lock;
181
182 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
183
184 struct {
185 uint8_t *data_ptr;
186 struct ustorage_fs_lun *currlun;
187
188 uint32_t data_rem; /* bytes, as reported by the command
189 * block wrapper */
190 uint32_t offset; /* bytes */
191
192 uint8_t cbw_dir;
193 uint8_t cmd_dir;
194 uint8_t lun;
195 uint8_t cmd_len;
196 uint8_t data_short:1;
197 uint8_t data_error:1;
198 } sc_transfer;
199
200 device_t sc_dev;
201 struct usb_device *sc_udev;
202 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
203
204 uint8_t sc_iface_no; /* interface number */
205 uint8_t sc_last_lun;
206 uint8_t sc_last_xfer_index;
207 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
208 };
209
210 /* prototypes */
211
212 static device_probe_t ustorage_fs_probe;
213 static device_attach_t ustorage_fs_attach;
214 static device_detach_t ustorage_fs_detach;
215 static device_suspend_t ustorage_fs_suspend;
216 static device_resume_t ustorage_fs_resume;
217 static usb_handle_request_t ustorage_fs_handle_request;
218
219 static usb_callback_t ustorage_fs_t_bbb_command_callback;
220 static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
221 static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
222 static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
223 static usb_callback_t ustorage_fs_t_bbb_status_callback;
224
225 static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
226 static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
227
228 static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
229 static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
230 static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
231 static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
232 static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
233 static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
234 static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
235 static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
236 static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
237 static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
238 static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
239 static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
240 static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
241 static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
242
243 static device_method_t ustorage_fs_methods[] = {
244 /* USB interface */
245 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
246
247 /* Device interface */
248 DEVMETHOD(device_probe, ustorage_fs_probe),
249 DEVMETHOD(device_attach, ustorage_fs_attach),
250 DEVMETHOD(device_detach, ustorage_fs_detach),
251 DEVMETHOD(device_suspend, ustorage_fs_suspend),
252 DEVMETHOD(device_resume, ustorage_fs_resume),
253
254 DEVMETHOD_END
255 };
256
257 static driver_t ustorage_fs_driver = {
258 .name = "ustorage_fs",
259 .methods = ustorage_fs_methods,
260 .size = sizeof(struct ustorage_fs_softc),
261 };
262
263 static devclass_t ustorage_fs_devclass;
264
265 DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, NULL);
266 MODULE_VERSION(ustorage_fs, 0);
267 MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
268
269 static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
270
271 [USTORAGE_FS_T_BBB_COMMAND] = {
272 .type = UE_BULK,
273 .endpoint = UE_ADDR_ANY,
274 .direction = UE_DIR_OUT,
275 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
276 .callback = &ustorage_fs_t_bbb_command_callback,
277 .usb_mode = USB_MODE_DEVICE,
278 },
279
280 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
281 .type = UE_BULK,
282 .endpoint = UE_ADDR_ANY,
283 .direction = UE_DIR_OUT,
284 .bufsize = 0, /* use wMaxPacketSize */
285 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
286 .callback = &ustorage_fs_t_bbb_data_dump_callback,
287 .usb_mode = USB_MODE_DEVICE,
288 },
289
290 [USTORAGE_FS_T_BBB_DATA_READ] = {
291 .type = UE_BULK,
292 .endpoint = UE_ADDR_ANY,
293 .direction = UE_DIR_OUT,
294 .bufsize = USTORAGE_FS_BULK_SIZE,
295 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1},
296 .callback = &ustorage_fs_t_bbb_data_read_callback,
297 .usb_mode = USB_MODE_DEVICE,
298 },
299
300 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
301 .type = UE_BULK,
302 .endpoint = UE_ADDR_ANY,
303 .direction = UE_DIR_IN,
304 .bufsize = USTORAGE_FS_BULK_SIZE,
305 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
306 .callback = &ustorage_fs_t_bbb_data_write_callback,
307 .usb_mode = USB_MODE_DEVICE,
308 },
309
310 [USTORAGE_FS_T_BBB_STATUS] = {
311 .type = UE_BULK,
312 .endpoint = UE_ADDR_ANY,
313 .direction = UE_DIR_IN,
314 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
315 .flags = {.short_xfer_ok = 1},
316 .callback = &ustorage_fs_t_bbb_status_callback,
317 .usb_mode = USB_MODE_DEVICE,
318 },
319 };
320
321 /*
322 * USB device probe/attach/detach
323 */
324
325 static int
ustorage_fs_probe(device_t dev)326 ustorage_fs_probe(device_t dev)
327 {
328 struct usb_attach_arg *uaa = device_get_ivars(dev);
329 struct usb_interface_descriptor *id;
330
331 if (uaa->usb_mode != USB_MODE_DEVICE) {
332 return (ENXIO);
333 }
334 /* Check for a standards compliant device */
335 id = usbd_get_interface_descriptor(uaa->iface);
336 if ((id == NULL) ||
337 (id->bInterfaceClass != UICLASS_MASS) ||
338 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
339 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
340 return (ENXIO);
341 }
342 return (BUS_PROBE_GENERIC);
343 }
344
345 static int
ustorage_fs_attach(device_t dev)346 ustorage_fs_attach(device_t dev)
347 {
348 struct ustorage_fs_softc *sc = device_get_softc(dev);
349 struct usb_attach_arg *uaa = device_get_ivars(dev);
350 struct usb_interface_descriptor *id;
351 int err;
352 int unit;
353
354 /*
355 * NOTE: the softc struct is cleared in device_set_driver.
356 * We can safely call ustorage_fs_detach without specifically
357 * initializing the struct.
358 */
359
360 sc->sc_dev = dev;
361 sc->sc_udev = uaa->device;
362 unit = device_get_unit(dev);
363
364 /* enable power saving mode */
365 usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
366
367 if (unit == 0) {
368 if (ustorage_fs_ramdisk == NULL) {
369 /*
370 * allocate a memory image for our ramdisk until
371 * further
372 */
373 ustorage_fs_ramdisk =
374 kmalloc(USTORAGE_FS_RAM_SECT << 9, M_USB,
375 M_ZERO | M_WAITOK);
376
377 if (ustorage_fs_ramdisk == NULL) {
378 return (ENOMEM);
379 }
380 }
381 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
382 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
383 sc->sc_lun[0].removable = 1;
384 }
385
386 device_set_usb_desc(dev);
387
388 lockinit(&sc->sc_lock, "USTORAGE_FS lock", 0, LK_CANRECURSE);
389
390 /* get interface index */
391
392 id = usbd_get_interface_descriptor(uaa->iface);
393 if (id == NULL) {
394 device_printf(dev, "failed to get "
395 "interface number\n");
396 goto detach;
397 }
398 sc->sc_iface_no = id->bInterfaceNumber;
399
400 err = usbd_transfer_setup(uaa->device,
401 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
402 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_lock);
403 if (err) {
404 device_printf(dev, "could not setup required "
405 "transfers, %s\n", usbd_errstr(err));
406 goto detach;
407 }
408
409 sc->sc_cbw = usbd_xfer_get_frame_buffer(sc->sc_xfer[
410 USTORAGE_FS_T_BBB_COMMAND], 0);
411 sc->sc_csw = usbd_xfer_get_frame_buffer(sc->sc_xfer[
412 USTORAGE_FS_T_BBB_STATUS], 0);
413 sc->sc_dma_ptr = usbd_xfer_get_frame_buffer(sc->sc_xfer[
414 USTORAGE_FS_T_BBB_DATA_READ], 0);
415
416 /* start Mass Storage State Machine */
417
418 lockmgr(&sc->sc_lock, LK_EXCLUSIVE);
419 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
420 lockmgr(&sc->sc_lock, LK_RELEASE);
421
422 return (0); /* success */
423
424 detach:
425 ustorage_fs_detach(dev);
426 return (ENXIO); /* failure */
427 }
428
429 static int
ustorage_fs_detach(device_t dev)430 ustorage_fs_detach(device_t dev)
431 {
432 struct ustorage_fs_softc *sc = device_get_softc(dev);
433
434 /* teardown our statemachine */
435
436 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
437
438 lockuninit(&sc->sc_lock);
439
440 return (0); /* success */
441 }
442
443 static int
ustorage_fs_suspend(device_t dev)444 ustorage_fs_suspend(device_t dev)
445 {
446 device_printf(dev, "suspending\n");
447 return (0); /* success */
448 }
449
450 static int
ustorage_fs_resume(device_t dev)451 ustorage_fs_resume(device_t dev)
452 {
453 device_printf(dev, "resuming\n");
454 return (0); /* success */
455 }
456
457 /*
458 * Generic functions to handle transfers
459 */
460
461 static void
ustorage_fs_transfer_start(struct ustorage_fs_softc * sc,uint8_t xfer_index)462 ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
463 {
464 if (sc->sc_xfer[xfer_index]) {
465 sc->sc_last_xfer_index = xfer_index;
466 usbd_transfer_start(sc->sc_xfer[xfer_index]);
467 }
468 }
469
470 static void
ustorage_fs_transfer_stop(struct ustorage_fs_softc * sc)471 ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
472 {
473 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
474 lockmgr(&sc->sc_lock, LK_RELEASE);
475 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
476 lockmgr(&sc->sc_lock, LK_EXCLUSIVE);
477 }
478
479 static int
ustorage_fs_handle_request(device_t dev,const void * preq,void ** pptr,uint16_t * plen,uint16_t offset,uint8_t * pstate)480 ustorage_fs_handle_request(device_t dev,
481 const void *preq, void **pptr, uint16_t *plen,
482 uint16_t offset, uint8_t *pstate)
483 {
484 struct ustorage_fs_softc *sc = device_get_softc(dev);
485 const struct usb_device_request *req = preq;
486 uint8_t is_complete = *pstate;
487
488 if (!is_complete) {
489 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
490 (req->bRequest == UR_BBB_RESET)) {
491 *plen = 0;
492 lockmgr(&sc->sc_lock, LK_EXCLUSIVE);
493 ustorage_fs_transfer_stop(sc);
494 sc->sc_transfer.data_error = 1;
495 ustorage_fs_transfer_start(sc,
496 USTORAGE_FS_T_BBB_COMMAND);
497 lockmgr(&sc->sc_lock, LK_RELEASE);
498 return (0);
499 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
500 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
501 if (offset == 0) {
502 *plen = 1;
503 *pptr = &sc->sc_last_lun;
504 } else {
505 *plen = 0;
506 }
507 return (0);
508 }
509 }
510 return (ENXIO); /* use builtin handler */
511 }
512
513 static void
ustorage_fs_t_bbb_command_callback(struct usb_xfer * xfer,usb_error_t error)514 ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
515 {
516 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
517 uint32_t tag;
518 uint8_t err = 0;
519
520 DPRINTF("\n");
521
522 switch (USB_GET_STATE(xfer)) {
523 case USB_ST_TRANSFERRED:
524
525 tag = UGETDW(sc->sc_cbw->dCBWSignature);
526
527 if (tag != CBWSIGNATURE) {
528 /* do nothing */
529 DPRINTF("invalid signature 0x%08x\n", tag);
530 break;
531 }
532 tag = UGETDW(sc->sc_cbw->dCBWTag);
533
534 /* echo back tag */
535 USETDW(sc->sc_csw->dCSWTag, tag);
536
537 /* reset status */
538 sc->sc_csw->bCSWStatus = 0;
539
540 /* reset data offset, data length and data remainder */
541 sc->sc_transfer.offset = 0;
542 sc->sc_transfer.data_rem =
543 UGETDW(sc->sc_cbw->dCBWDataTransferLength);
544
545 /* reset data flags */
546 sc->sc_transfer.data_short = 0;
547
548 /* extract LUN */
549 sc->sc_transfer.lun = sc->sc_cbw->bCBWLUN;
550
551 if (sc->sc_transfer.data_rem == 0) {
552 sc->sc_transfer.cbw_dir = DIR_NONE;
553 } else {
554 if (sc->sc_cbw->bCBWFlags & CBWFLAGS_IN) {
555 sc->sc_transfer.cbw_dir = DIR_WRITE;
556 } else {
557 sc->sc_transfer.cbw_dir = DIR_READ;
558 }
559 }
560
561 sc->sc_transfer.cmd_len = sc->sc_cbw->bCDBLength;
562 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw->CBWCDB)) ||
563 (sc->sc_transfer.cmd_len == 0)) {
564 /* just halt - this is invalid */
565 DPRINTF("invalid command length %d bytes\n",
566 sc->sc_transfer.cmd_len);
567 break;
568 }
569
570 err = ustorage_fs_do_cmd(sc);
571 if (err) {
572 /* got an error */
573 DPRINTF("command failed\n");
574 break;
575 }
576 if ((sc->sc_transfer.data_rem > 0) &&
577 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
578 /* contradicting data transfer direction */
579 err = 1;
580 DPRINTF("data direction mismatch\n");
581 break;
582 }
583 switch (sc->sc_transfer.cbw_dir) {
584 case DIR_READ:
585 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
586 break;
587 case DIR_WRITE:
588 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
589 break;
590 default:
591 ustorage_fs_transfer_start(sc,
592 USTORAGE_FS_T_BBB_STATUS);
593 break;
594 }
595 break;
596
597 case USB_ST_SETUP:
598 tr_setup:
599 if (sc->sc_transfer.data_error) {
600 sc->sc_transfer.data_error = 0;
601 usbd_xfer_set_stall(xfer);
602 DPRINTF("stall pipe\n");
603 }
604 usbd_xfer_set_frame_len(xfer, 0,
605 sizeof(ustorage_fs_bbb_cbw_t));
606 usbd_transfer_submit(xfer);
607 break;
608
609 default: /* Error */
610 DPRINTF("error\n");
611 if (error == USB_ERR_CANCELLED) {
612 break;
613 }
614 /* If the pipe is already stalled, don't do another stall */
615 if (!usbd_xfer_is_stalled(xfer))
616 sc->sc_transfer.data_error = 1;
617
618 /* try again */
619 goto tr_setup;
620 }
621 if (err) {
622 if (sc->sc_csw->bCSWStatus == 0) {
623 /* set some default error code */
624 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
625 }
626 if (sc->sc_transfer.cbw_dir == DIR_READ) {
627 /* dump all data */
628 ustorage_fs_transfer_start(sc,
629 USTORAGE_FS_T_BBB_DATA_DUMP);
630 return;
631 }
632 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
633 /* need to stall before status */
634 sc->sc_transfer.data_error = 1;
635 }
636 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
637 }
638 }
639
640 static void
ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer * xfer,usb_error_t error)641 ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
642 {
643 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
644 uint32_t max_bulk = usbd_xfer_max_len(xfer);
645 int actlen, sumlen;
646
647 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
648
649 DPRINTF("\n");
650
651 switch (USB_GET_STATE(xfer)) {
652 case USB_ST_TRANSFERRED:
653 sc->sc_transfer.data_rem -= actlen;
654 sc->sc_transfer.offset += actlen;
655
656 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
657 /* short transfer or end of data */
658 ustorage_fs_transfer_start(sc,
659 USTORAGE_FS_T_BBB_STATUS);
660 break;
661 }
662 /* Fallthrough */
663
664 case USB_ST_SETUP:
665 tr_setup:
666 if (max_bulk > sc->sc_transfer.data_rem) {
667 max_bulk = sc->sc_transfer.data_rem;
668 }
669 if (sc->sc_transfer.data_error) {
670 sc->sc_transfer.data_error = 0;
671 usbd_xfer_set_stall(xfer);
672 }
673 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
674 usbd_transfer_submit(xfer);
675 break;
676
677 default: /* Error */
678 if (error == USB_ERR_CANCELLED) {
679 break;
680 }
681 /*
682 * If the pipe is already stalled, don't do another stall:
683 */
684 if (!usbd_xfer_is_stalled(xfer))
685 sc->sc_transfer.data_error = 1;
686
687 /* try again */
688 goto tr_setup;
689 }
690 }
691
692 static void
ustorage_fs_t_bbb_data_read_callback(struct usb_xfer * xfer,usb_error_t error)693 ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
694 {
695 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
696 uint32_t max_bulk = usbd_xfer_max_len(xfer);
697 int actlen, sumlen;
698
699 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
700
701 DPRINTF("\n");
702
703 switch (USB_GET_STATE(xfer)) {
704 case USB_ST_TRANSFERRED:
705 /* XXX copy data from DMA buffer */
706 memcpy(sc->sc_transfer.data_ptr, sc->sc_dma_ptr, actlen);
707
708 sc->sc_transfer.data_rem -= actlen;
709 sc->sc_transfer.data_ptr += actlen;
710 sc->sc_transfer.offset += actlen;
711
712 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
713 /* short transfer or end of data */
714 ustorage_fs_transfer_start(sc,
715 USTORAGE_FS_T_BBB_STATUS);
716 break;
717 }
718 /* Fallthrough */
719
720 case USB_ST_SETUP:
721 tr_setup:
722 if (max_bulk > sc->sc_transfer.data_rem) {
723 max_bulk = sc->sc_transfer.data_rem;
724 }
725 if (sc->sc_transfer.data_error) {
726 sc->sc_transfer.data_error = 0;
727 usbd_xfer_set_stall(xfer);
728 }
729
730 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk);
731 usbd_transfer_submit(xfer);
732 break;
733
734 default: /* Error */
735 if (error == USB_ERR_CANCELLED) {
736 break;
737 }
738 /* If the pipe is already stalled, don't do another stall */
739 if (!usbd_xfer_is_stalled(xfer))
740 sc->sc_transfer.data_error = 1;
741
742 /* try again */
743 goto tr_setup;
744 }
745 }
746
747 static void
ustorage_fs_t_bbb_data_write_callback(struct usb_xfer * xfer,usb_error_t error)748 ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
749 {
750 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
751 uint32_t max_bulk = usbd_xfer_max_len(xfer);
752 int actlen, sumlen;
753
754 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
755
756 DPRINTF("\n");
757
758 switch (USB_GET_STATE(xfer)) {
759 case USB_ST_TRANSFERRED:
760 sc->sc_transfer.data_rem -= actlen;
761 sc->sc_transfer.data_ptr += actlen;
762 sc->sc_transfer.offset += actlen;
763
764 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
765 /* short transfer or end of data */
766 ustorage_fs_transfer_start(sc,
767 USTORAGE_FS_T_BBB_STATUS);
768 break;
769 }
770 case USB_ST_SETUP:
771 tr_setup:
772 if (max_bulk >= sc->sc_transfer.data_rem) {
773 max_bulk = sc->sc_transfer.data_rem;
774 if (sc->sc_transfer.data_short)
775 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
776 else
777 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
778 } else
779 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
780
781 if (sc->sc_transfer.data_error) {
782 sc->sc_transfer.data_error = 0;
783 usbd_xfer_set_stall(xfer);
784 }
785
786 /* XXX copy data to DMA buffer */
787 memcpy(sc->sc_dma_ptr, sc->sc_transfer.data_ptr, max_bulk);
788
789 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk);
790 usbd_transfer_submit(xfer);
791 break;
792
793 default: /* Error */
794 if (error == USB_ERR_CANCELLED) {
795 break;
796 }
797 /*
798 * If the pipe is already stalled, don't do another
799 * stall
800 */
801 if (!usbd_xfer_is_stalled(xfer))
802 sc->sc_transfer.data_error = 1;
803
804 /* try again */
805 goto tr_setup;
806 }
807 }
808
809 static void
ustorage_fs_t_bbb_status_callback(struct usb_xfer * xfer,usb_error_t error)810 ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
811 {
812 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
813
814 DPRINTF("\n");
815
816 switch (USB_GET_STATE(xfer)) {
817 case USB_ST_TRANSFERRED:
818 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
819 break;
820
821 case USB_ST_SETUP:
822 tr_setup:
823 USETDW(sc->sc_csw->dCSWSignature, CSWSIGNATURE);
824 USETDW(sc->sc_csw->dCSWDataResidue, sc->sc_transfer.data_rem);
825
826 if (sc->sc_transfer.data_error) {
827 sc->sc_transfer.data_error = 0;
828 usbd_xfer_set_stall(xfer);
829 }
830 usbd_xfer_set_frame_len(xfer, 0,
831 sizeof(ustorage_fs_bbb_csw_t));
832 usbd_transfer_submit(xfer);
833 break;
834
835 default:
836 if (error == USB_ERR_CANCELLED) {
837 break;
838 }
839 /* If the pipe is already stalled, don't do another stall */
840 if (!usbd_xfer_is_stalled(xfer))
841 sc->sc_transfer.data_error = 1;
842
843 /* try again */
844 goto tr_setup;
845 }
846 }
847
848 /* SCSI commands that we recognize */
849 #define SC_FORMAT_UNIT 0x04
850 #define SC_INQUIRY 0x12
851 #define SC_MODE_SELECT_6 0x15
852 #define SC_MODE_SELECT_10 0x55
853 #define SC_MODE_SENSE_6 0x1a
854 #define SC_MODE_SENSE_10 0x5a
855 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
856 #define SC_READ_6 0x08
857 #define SC_READ_10 0x28
858 #define SC_READ_12 0xa8
859 #define SC_READ_CAPACITY 0x25
860 #define SC_READ_FORMAT_CAPACITIES 0x23
861 #define SC_RELEASE 0x17
862 #define SC_REQUEST_SENSE 0x03
863 #define SC_RESERVE 0x16
864 #define SC_SEND_DIAGNOSTIC 0x1d
865 #define SC_START_STOP_UNIT 0x1b
866 #define SC_SYNCHRONIZE_CACHE 0x35
867 #define SC_TEST_UNIT_READY 0x00
868 #define SC_VERIFY 0x2f
869 #define SC_WRITE_6 0x0a
870 #define SC_WRITE_10 0x2a
871 #define SC_WRITE_12 0xaa
872
873 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
874 #define SS_NO_SENSE 0
875 #define SS_COMMUNICATION_FAILURE 0x040800
876 #define SS_INVALID_COMMAND 0x052000
877 #define SS_INVALID_FIELD_IN_CDB 0x052400
878 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
879 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
880 #define SS_MEDIUM_NOT_PRESENT 0x023a00
881 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
882 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800
883 #define SS_RESET_OCCURRED 0x062900
884 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
885 #define SS_UNRECOVERED_READ_ERROR 0x031100
886 #define SS_WRITE_ERROR 0x030c02
887 #define SS_WRITE_PROTECTED 0x072700
888
889 #define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
890 #define ASC(x) ((uint8_t) ((x) >> 8))
891 #define ASCQ(x) ((uint8_t) (x))
892
893 /* Routines for unaligned data access */
894
895 static uint16_t
get_be16(uint8_t * buf)896 get_be16(uint8_t *buf)
897 {
898 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
899 }
900
901 static uint32_t
get_be32(uint8_t * buf)902 get_be32(uint8_t *buf)
903 {
904 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
905 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
906 }
907
908 static void
put_be16(uint8_t * buf,uint16_t val)909 put_be16(uint8_t *buf, uint16_t val)
910 {
911 buf[0] = val >> 8;
912 buf[1] = val;
913 }
914
915 static void
put_be32(uint8_t * buf,uint32_t val)916 put_be32(uint8_t *buf, uint32_t val)
917 {
918 buf[0] = val >> 24;
919 buf[1] = val >> 16;
920 buf[2] = val >> 8;
921 buf[3] = val & 0xff;
922 }
923
924 /*------------------------------------------------------------------------*
925 * ustorage_fs_verify
926 *
927 * Returns:
928 * 0: Success
929 * Else: Failure
930 *------------------------------------------------------------------------*/
931 static uint8_t
ustorage_fs_verify(struct ustorage_fs_softc * sc)932 ustorage_fs_verify(struct ustorage_fs_softc *sc)
933 {
934 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
935 uint32_t lba;
936 uint32_t vlen;
937 uint64_t file_offset;
938 uint64_t amount_left;
939
940 /*
941 * Get the starting Logical Block Address
942 */
943 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
944
945 /*
946 * We allow DPO (Disable Page Out = don't save data in the cache)
947 * but we don't implement it.
948 */
949 if ((sc->sc_cbw->CBWCDB[1] & ~0x10) != 0) {
950 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
951 return (1);
952 }
953 vlen = get_be16(&sc->sc_cbw->CBWCDB[7]);
954 if (vlen == 0) {
955 goto done;
956 }
957 /* No default reply */
958
959 /* Prepare to carry out the file verify */
960 amount_left = vlen;
961 amount_left <<= 9;
962 file_offset = lba;
963 file_offset <<= 9;
964
965 /* Range check */
966 vlen += lba;
967
968 if ((vlen < lba) ||
969 (vlen > currlun->num_sectors) ||
970 (lba >= currlun->num_sectors)) {
971 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
972 return (1);
973 }
974 /* XXX TODO: verify that data is readable */
975 done:
976 return (ustorage_fs_min_len(sc, 0, -1U));
977 }
978
979 /*------------------------------------------------------------------------*
980 * ustorage_fs_inquiry
981 *
982 * Returns:
983 * 0: Success
984 * Else: Failure
985 *------------------------------------------------------------------------*/
986 static uint8_t
ustorage_fs_inquiry(struct ustorage_fs_softc * sc)987 ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
988 {
989 uint8_t *buf = sc->sc_transfer.data_ptr;
990
991 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
992
993 if (!sc->sc_transfer.currlun) {
994 /* Unsupported LUNs are okay */
995 memset(buf, 0, 36);
996 buf[0] = 0x7f;
997 /* Unsupported, no device - type */
998 return (ustorage_fs_min_len(sc, 36, -1U));
999 }
1000 memset(buf, 0, 8);
1001 /* Non - removable, direct - access device */
1002 if (currlun->removable)
1003 buf[1] = 0x80;
1004 buf[2] = 2;
1005 /* ANSI SCSI level 2 */
1006 buf[3] = 2;
1007 /* SCSI - 2 INQUIRY data format */
1008 buf[4] = 31;
1009 /* Additional length */
1010 /* No special options */
1011 /* Copy in ID string */
1012 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1013
1014 #if (USTORAGE_QDATA_MAX < 36)
1015 #error "(USTORAGE_QDATA_MAX < 36)"
1016 #endif
1017 return (ustorage_fs_min_len(sc, 36, -1U));
1018 }
1019
1020 /*------------------------------------------------------------------------*
1021 * ustorage_fs_request_sense
1022 *
1023 * Returns:
1024 * 0: Success
1025 * Else: Failure
1026 *------------------------------------------------------------------------*/
1027 static uint8_t
ustorage_fs_request_sense(struct ustorage_fs_softc * sc)1028 ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1029 {
1030 uint8_t *buf = sc->sc_transfer.data_ptr;
1031 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1032 uint32_t sd;
1033 uint32_t sdinfo;
1034 uint8_t valid;
1035
1036 /*
1037 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1038 *
1039 * If a REQUEST SENSE command is received from an initiator
1040 * with a pending unit attention condition (before the target
1041 * generates the contingent allegiance condition), then the
1042 * target shall either:
1043 * a) report any pending sense data and preserve the unit
1044 * attention condition on the logical unit, or,
1045 * b) report the unit attention condition, may discard any
1046 * pending sense data, and clear the unit attention
1047 * condition on the logical unit for that initiator.
1048 *
1049 * FSG normally uses option a); enable this code to use option b).
1050 */
1051 #if 0
1052 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1053 currlun->sense_data = currlun->unit_attention_data;
1054 currlun->unit_attention_data = SS_NO_SENSE;
1055 }
1056 #endif
1057
1058 if (!currlun) {
1059 /* Unsupported LUNs are okay */
1060 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1061 sdinfo = 0;
1062 valid = 0;
1063 } else {
1064 sd = currlun->sense_data;
1065 sdinfo = currlun->sense_data_info;
1066 valid = currlun->info_valid << 7;
1067 currlun->sense_data = SS_NO_SENSE;
1068 currlun->sense_data_info = 0;
1069 currlun->info_valid = 0;
1070 }
1071
1072 memset(buf, 0, 18);
1073 buf[0] = valid | 0x70;
1074 /* Valid, current error */
1075 buf[2] = SK(sd);
1076 put_be32(&buf[3], sdinfo);
1077 /* Sense information */
1078 buf[7] = 18 - 8;
1079 /* Additional sense length */
1080 buf[12] = ASC(sd);
1081 buf[13] = ASCQ(sd);
1082
1083 #if (USTORAGE_QDATA_MAX < 18)
1084 #error "(USTORAGE_QDATA_MAX < 18)"
1085 #endif
1086 return (ustorage_fs_min_len(sc, 18, -1U));
1087 }
1088
1089 /*------------------------------------------------------------------------*
1090 * ustorage_fs_read_capacity
1091 *
1092 * Returns:
1093 * 0: Success
1094 * Else: Failure
1095 *------------------------------------------------------------------------*/
1096 static uint8_t
ustorage_fs_read_capacity(struct ustorage_fs_softc * sc)1097 ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1098 {
1099 uint8_t *buf = sc->sc_transfer.data_ptr;
1100 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1101 uint32_t lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1102 uint8_t pmi = sc->sc_cbw->CBWCDB[8];
1103
1104 /* Check the PMI and LBA fields */
1105 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1106 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1107 return (1);
1108 }
1109 /* Max logical block */
1110 put_be32(&buf[0], currlun->num_sectors - 1);
1111 /* Block length */
1112 put_be32(&buf[4], 512);
1113
1114 #if (USTORAGE_QDATA_MAX < 8)
1115 #error "(USTORAGE_QDATA_MAX < 8)"
1116 #endif
1117 return (ustorage_fs_min_len(sc, 8, -1U));
1118 }
1119
1120 /*------------------------------------------------------------------------*
1121 * ustorage_fs_mode_sense
1122 *
1123 * Returns:
1124 * 0: Success
1125 * Else: Failure
1126 *------------------------------------------------------------------------*/
1127 static uint8_t
ustorage_fs_mode_sense(struct ustorage_fs_softc * sc)1128 ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1129 {
1130 uint8_t *buf = sc->sc_transfer.data_ptr;
1131 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1132 uint8_t *buf0;
1133 uint16_t len;
1134 uint16_t limit;
1135 uint8_t mscmnd = sc->sc_cbw->CBWCDB[0];
1136 uint8_t pc;
1137 uint8_t page_code;
1138 uint8_t changeable_values;
1139 uint8_t all_pages;
1140
1141 buf0 = buf;
1142
1143 if ((sc->sc_cbw->CBWCDB[1] & ~0x08) != 0) {
1144 /* Mask away DBD */
1145 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1146 return (1);
1147 }
1148 pc = sc->sc_cbw->CBWCDB[2] >> 6;
1149 page_code = sc->sc_cbw->CBWCDB[2] & 0x3f;
1150 if (pc == 3) {
1151 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1152 return (1);
1153 }
1154 changeable_values = (pc == 1);
1155 all_pages = (page_code == 0x3f);
1156
1157 /*
1158 * Write the mode parameter header. Fixed values are: default
1159 * medium type, no cache control (DPOFUA), and no block descriptors.
1160 * The only variable value is the WriteProtect bit. We will fill in
1161 * the mode data length later.
1162 */
1163 memset(buf, 0, 8);
1164 if (mscmnd == SC_MODE_SENSE_6) {
1165 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1166 /* WP, DPOFUA */
1167 buf += 4;
1168 limit = 255;
1169 } else {
1170 /* SC_MODE_SENSE_10 */
1171 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1172 /* WP, DPOFUA */
1173 buf += 8;
1174 limit = 65535;
1175 /* Should really be mod_data.buflen */
1176 }
1177
1178 /* No block descriptors */
1179
1180 /*
1181 * The mode pages, in numerical order.
1182 */
1183 if ((page_code == 0x08) || all_pages) {
1184 buf[0] = 0x08;
1185 /* Page code */
1186 buf[1] = 10;
1187 /* Page length */
1188 memset(buf + 2, 0, 10);
1189 /* None of the fields are changeable */
1190
1191 if (!changeable_values) {
1192 buf[2] = 0x04;
1193 /* Write cache enable, */
1194 /* Read cache not disabled */
1195 /* No cache retention priorities */
1196 put_be16(&buf[4], 0xffff);
1197 /* Don 't disable prefetch */
1198 /* Minimum prefetch = 0 */
1199 put_be16(&buf[8], 0xffff);
1200 /* Maximum prefetch */
1201 put_be16(&buf[10], 0xffff);
1202 /* Maximum prefetch ceiling */
1203 }
1204 buf += 12;
1205 }
1206 /*
1207 * Check that a valid page was requested and the mode data length
1208 * isn't too long.
1209 */
1210 len = buf - buf0;
1211 if (len > limit) {
1212 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1213 return (1);
1214 }
1215 /* Store the mode data length */
1216 if (mscmnd == SC_MODE_SENSE_6)
1217 buf0[0] = len - 1;
1218 else
1219 put_be16(buf0, len - 2);
1220
1221 #if (USTORAGE_QDATA_MAX < 24)
1222 #error "(USTORAGE_QDATA_MAX < 24)"
1223 #endif
1224 return (ustorage_fs_min_len(sc, len, -1U));
1225 }
1226
1227 /*------------------------------------------------------------------------*
1228 * ustorage_fs_start_stop
1229 *
1230 * Returns:
1231 * 0: Success
1232 * Else: Failure
1233 *------------------------------------------------------------------------*/
1234 static uint8_t
ustorage_fs_start_stop(struct ustorage_fs_softc * sc)1235 ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1236 {
1237 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1238 uint8_t loej;
1239 uint8_t start;
1240 uint8_t immed;
1241
1242 if (!currlun->removable) {
1243 currlun->sense_data = SS_INVALID_COMMAND;
1244 return (1);
1245 }
1246 immed = sc->sc_cbw->CBWCDB[1] & 0x01;
1247 loej = sc->sc_cbw->CBWCDB[4] & 0x02;
1248 start = sc->sc_cbw->CBWCDB[4] & 0x01;
1249
1250 if (immed || loej || start) {
1251 /* compile fix */
1252 }
1253 return (0);
1254 }
1255
1256 /*------------------------------------------------------------------------*
1257 * ustorage_fs_prevent_allow
1258 *
1259 * Returns:
1260 * 0: Success
1261 * Else: Failure
1262 *------------------------------------------------------------------------*/
1263 static uint8_t
ustorage_fs_prevent_allow(struct ustorage_fs_softc * sc)1264 ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1265 {
1266 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1267 uint8_t prevent;
1268
1269 if (!currlun->removable) {
1270 currlun->sense_data = SS_INVALID_COMMAND;
1271 return (1);
1272 }
1273 prevent = sc->sc_cbw->CBWCDB[4] & 0x01;
1274 if ((sc->sc_cbw->CBWCDB[4] & ~0x01) != 0) {
1275 /* Mask away Prevent */
1276 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1277 return (1);
1278 }
1279 if (currlun->prevent_medium_removal && !prevent) {
1280 //fsync_sub(currlun);
1281 }
1282 currlun->prevent_medium_removal = prevent;
1283 return (0);
1284 }
1285
1286 /*------------------------------------------------------------------------*
1287 * ustorage_fs_read_format_capacities
1288 *
1289 * Returns:
1290 * 0: Success
1291 * Else: Failure
1292 *------------------------------------------------------------------------*/
1293 static uint8_t
ustorage_fs_read_format_capacities(struct ustorage_fs_softc * sc)1294 ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1295 {
1296 uint8_t *buf = sc->sc_transfer.data_ptr;
1297 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1298
1299 buf[0] = buf[1] = buf[2] = 0;
1300 buf[3] = 8;
1301 /* Only the Current / Maximum Capacity Descriptor */
1302 buf += 4;
1303
1304 /* Number of blocks */
1305 put_be32(&buf[0], currlun->num_sectors);
1306 /* Block length */
1307 put_be32(&buf[4], 512);
1308 /* Current capacity */
1309 buf[4] = 0x02;
1310
1311 #if (USTORAGE_QDATA_MAX < 12)
1312 #error "(USTORAGE_QDATA_MAX < 12)"
1313 #endif
1314 return (ustorage_fs_min_len(sc, 12, -1U));
1315 }
1316
1317 /*------------------------------------------------------------------------*
1318 * ustorage_fs_mode_select
1319 *
1320 * Return values:
1321 * 0: Success
1322 * Else: Failure
1323 *------------------------------------------------------------------------*/
1324 static uint8_t
ustorage_fs_mode_select(struct ustorage_fs_softc * sc)1325 ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1326 {
1327 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1328
1329 /* We don't support MODE SELECT */
1330 currlun->sense_data = SS_INVALID_COMMAND;
1331 return (1);
1332 }
1333
1334 /*------------------------------------------------------------------------*
1335 * ustorage_fs_synchronize_cache
1336 *
1337 * Return values:
1338 * 0: Success
1339 * Else: Failure
1340 *------------------------------------------------------------------------*/
1341 static uint8_t
ustorage_fs_synchronize_cache(struct ustorage_fs_softc * sc)1342 ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1343 {
1344 #if 0
1345 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1346 uint8_t rc;
1347
1348 /*
1349 * We ignore the requested LBA and write out all dirty data buffers.
1350 */
1351 rc = 0;
1352 if (rc) {
1353 currlun->sense_data = SS_WRITE_ERROR;
1354 }
1355 #endif
1356 return (0);
1357 }
1358
1359 /*------------------------------------------------------------------------*
1360 * ustorage_fs_read - read data from disk
1361 *
1362 * Return values:
1363 * 0: Success
1364 * Else: Failure
1365 *------------------------------------------------------------------------*/
1366 static uint8_t
ustorage_fs_read(struct ustorage_fs_softc * sc)1367 ustorage_fs_read(struct ustorage_fs_softc *sc)
1368 {
1369 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1370 uint64_t file_offset;
1371 uint32_t lba;
1372 uint32_t len;
1373
1374 /*
1375 * Get the starting Logical Block Address and check that it's not
1376 * too big
1377 */
1378 if (sc->sc_cbw->CBWCDB[0] == SC_READ_6) {
1379 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) |
1380 get_be16(&sc->sc_cbw->CBWCDB[2]);
1381 } else {
1382 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1383
1384 /*
1385 * We allow DPO (Disable Page Out = don't save data in the
1386 * cache) and FUA (Force Unit Access = don't read from the
1387 * cache), but we don't implement them.
1388 */
1389 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) {
1390 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1391 return (1);
1392 }
1393 }
1394 len = sc->sc_transfer.data_rem >> 9;
1395 len += lba;
1396
1397 if ((len < lba) ||
1398 (len > currlun->num_sectors) ||
1399 (lba >= currlun->num_sectors)) {
1400 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1401 return (1);
1402 }
1403 file_offset = lba;
1404 file_offset <<= 9;
1405
1406 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1407
1408 return (0);
1409 }
1410
1411 /*------------------------------------------------------------------------*
1412 * ustorage_fs_write - write data to disk
1413 *
1414 * Return values:
1415 * 0: Success
1416 * Else: Failure
1417 *------------------------------------------------------------------------*/
1418 static uint8_t
ustorage_fs_write(struct ustorage_fs_softc * sc)1419 ustorage_fs_write(struct ustorage_fs_softc *sc)
1420 {
1421 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1422 uint64_t file_offset;
1423 uint32_t lba;
1424 uint32_t len;
1425
1426 if (currlun->read_only) {
1427 currlun->sense_data = SS_WRITE_PROTECTED;
1428 return (1);
1429 }
1430 /* XXX clear SYNC */
1431
1432 /*
1433 * Get the starting Logical Block Address and check that it's not
1434 * too big.
1435 */
1436 if (sc->sc_cbw->CBWCDB[0] == SC_WRITE_6)
1437 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) |
1438 get_be16(&sc->sc_cbw->CBWCDB[2]);
1439 else {
1440 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1441
1442 /*
1443 * We allow DPO (Disable Page Out = don't save data in the
1444 * cache) and FUA (Force Unit Access = write directly to the
1445 * medium). We don't implement DPO; we implement FUA by
1446 * performing synchronous output.
1447 */
1448 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) {
1449 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1450 return (1);
1451 }
1452 if (sc->sc_cbw->CBWCDB[1] & 0x08) {
1453 /* FUA */
1454 /* XXX set SYNC flag here */
1455 }
1456 }
1457
1458 len = sc->sc_transfer.data_rem >> 9;
1459 len += lba;
1460
1461 if ((len < lba) ||
1462 (len > currlun->num_sectors) ||
1463 (lba >= currlun->num_sectors)) {
1464 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1465 return (1);
1466 }
1467 file_offset = lba;
1468 file_offset <<= 9;
1469
1470 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1471
1472 return (0);
1473 }
1474
1475 /*------------------------------------------------------------------------*
1476 * ustorage_fs_min_len
1477 *
1478 * Return values:
1479 * 0: Success
1480 * Else: Failure
1481 *------------------------------------------------------------------------*/
1482 static uint8_t
ustorage_fs_min_len(struct ustorage_fs_softc * sc,uint32_t len,uint32_t mask)1483 ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1484 {
1485 if (len != sc->sc_transfer.data_rem) {
1486
1487 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1488 /*
1489 * there must be something wrong about this SCSI
1490 * command
1491 */
1492 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE;
1493 return (1);
1494 }
1495 /* compute the minimum length */
1496
1497 if (sc->sc_transfer.data_rem > len) {
1498 /* data ends prematurely */
1499 sc->sc_transfer.data_rem = len;
1500 sc->sc_transfer.data_short = 1;
1501 }
1502 /* check length alignment */
1503
1504 if (sc->sc_transfer.data_rem & ~mask) {
1505 /* data ends prematurely */
1506 sc->sc_transfer.data_rem &= mask;
1507 sc->sc_transfer.data_short = 1;
1508 }
1509 }
1510 return (0);
1511 }
1512
1513 /*------------------------------------------------------------------------*
1514 * ustorage_fs_check_cmd - check command routine
1515 *
1516 * Check whether the command is properly formed and whether its data
1517 * size and direction agree with the values we already have.
1518 *
1519 * Return values:
1520 * 0: Success
1521 * Else: Failure
1522 *------------------------------------------------------------------------*/
1523 static uint8_t
ustorage_fs_check_cmd(struct ustorage_fs_softc * sc,uint8_t min_cmd_size,uint16_t mask,uint8_t needs_medium)1524 ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1525 uint16_t mask, uint8_t needs_medium)
1526 {
1527 struct ustorage_fs_lun *currlun;
1528 uint8_t lun = (sc->sc_cbw->CBWCDB[1] >> 5);
1529 uint8_t i;
1530
1531 /* Verify the length of the command itself */
1532 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1533 DPRINTF("%u > %u\n",
1534 min_cmd_size, sc->sc_transfer.cmd_len);
1535 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE;
1536 return (1);
1537 }
1538 /* Mask away the LUN */
1539 sc->sc_cbw->CBWCDB[1] &= 0x1f;
1540
1541 /* Check if LUN is correct */
1542 if (lun != sc->sc_transfer.lun) {
1543
1544 }
1545 /* Check the LUN */
1546 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1547 sc->sc_transfer.currlun = currlun =
1548 sc->sc_lun + sc->sc_transfer.lun;
1549 if (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE) {
1550 currlun->sense_data = SS_NO_SENSE;
1551 currlun->sense_data_info = 0;
1552 currlun->info_valid = 0;
1553 }
1554 /*
1555 * If a unit attention condition exists, only INQUIRY
1556 * and REQUEST SENSE commands are allowed. Anything
1557 * else must fail!
1558 */
1559 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1560 (sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) &&
1561 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) {
1562 currlun->sense_data = currlun->unit_attention_data;
1563 currlun->unit_attention_data = SS_NO_SENSE;
1564 return (1);
1565 }
1566 } else {
1567 sc->sc_transfer.currlun = currlun = NULL;
1568
1569 /*
1570 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1571 * to use unsupported LUNs; all others may not.
1572 */
1573 if ((sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) &&
1574 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) {
1575 return (1);
1576 }
1577 }
1578
1579 /*
1580 * Check that only command bytes listed in the mask are
1581 * non-zero.
1582 */
1583 for (i = 0; i != min_cmd_size; i++) {
1584 if (sc->sc_cbw->CBWCDB[i] && !(mask & (1UL << i))) {
1585 if (currlun) {
1586 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1587 }
1588 return (1);
1589 }
1590 }
1591
1592 /*
1593 * If the medium isn't mounted and the command needs to access
1594 * it, return an error.
1595 */
1596 if (currlun && (!currlun->memory_image) && needs_medium) {
1597 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1598 return (1);
1599 }
1600 return (0);
1601 }
1602
1603 /*------------------------------------------------------------------------*
1604 * ustorage_fs_do_cmd - do command
1605 *
1606 * Return values:
1607 * 0: Success
1608 * Else: Failure
1609 *------------------------------------------------------------------------*/
1610 static uint8_t
ustorage_fs_do_cmd(struct ustorage_fs_softc * sc)1611 ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1612 {
1613 uint8_t error = 1;
1614 uint8_t i;
1615 uint32_t temp;
1616 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1617
1618 /* set default data transfer pointer */
1619 sc->sc_transfer.data_ptr = sc->sc_qdata;
1620
1621 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1622 sc->sc_cbw->CBWCDB[0], sc->sc_transfer.data_rem);
1623
1624 switch (sc->sc_cbw->CBWCDB[0]) {
1625 case SC_INQUIRY:
1626 sc->sc_transfer.cmd_dir = DIR_WRITE;
1627 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1628 if (error) {
1629 break;
1630 }
1631 error = ustorage_fs_check_cmd(sc, 6,
1632 (1UL << 4) | 1, 0);
1633 if (error) {
1634 break;
1635 }
1636 error = ustorage_fs_inquiry(sc);
1637
1638 break;
1639
1640 case SC_MODE_SELECT_6:
1641 sc->sc_transfer.cmd_dir = DIR_READ;
1642 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1643 if (error) {
1644 break;
1645 }
1646 error = ustorage_fs_check_cmd(sc, 6,
1647 (1UL << 1) | (1UL << 4) | 1, 0);
1648 if (error) {
1649 break;
1650 }
1651 error = ustorage_fs_mode_select(sc);
1652
1653 break;
1654
1655 case SC_MODE_SELECT_10:
1656 sc->sc_transfer.cmd_dir = DIR_READ;
1657 error = ustorage_fs_min_len(sc,
1658 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1659 if (error) {
1660 break;
1661 }
1662 error = ustorage_fs_check_cmd(sc, 10,
1663 (1UL << 1) | (3UL << 7) | 1, 0);
1664 if (error) {
1665 break;
1666 }
1667 error = ustorage_fs_mode_select(sc);
1668
1669 break;
1670
1671 case SC_MODE_SENSE_6:
1672 sc->sc_transfer.cmd_dir = DIR_WRITE;
1673 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1674 if (error) {
1675 break;
1676 }
1677 error = ustorage_fs_check_cmd(sc, 6,
1678 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1679 if (error) {
1680 break;
1681 }
1682 error = ustorage_fs_mode_sense(sc);
1683
1684 break;
1685
1686 case SC_MODE_SENSE_10:
1687 sc->sc_transfer.cmd_dir = DIR_WRITE;
1688 error = ustorage_fs_min_len(sc,
1689 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1690 if (error) {
1691 break;
1692 }
1693 error = ustorage_fs_check_cmd(sc, 10,
1694 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1695 if (error) {
1696 break;
1697 }
1698 error = ustorage_fs_mode_sense(sc);
1699
1700 break;
1701
1702 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1703 error = ustorage_fs_min_len(sc, 0, -1U);
1704 if (error) {
1705 break;
1706 }
1707 error = ustorage_fs_check_cmd(sc, 6,
1708 (1UL << 4) | 1, 0);
1709 if (error) {
1710 break;
1711 }
1712 error = ustorage_fs_prevent_allow(sc);
1713
1714 break;
1715
1716 case SC_READ_6:
1717 i = sc->sc_cbw->CBWCDB[4];
1718 sc->sc_transfer.cmd_dir = DIR_WRITE;
1719 temp = ((i == 0) ? 256UL : i);
1720 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1721 if (error) {
1722 break;
1723 }
1724 error = ustorage_fs_check_cmd(sc, 6,
1725 (7UL << 1) | (1UL << 4) | 1, 1);
1726 if (error) {
1727 break;
1728 }
1729 error = ustorage_fs_read(sc);
1730
1731 break;
1732
1733 case SC_READ_10:
1734 sc->sc_transfer.cmd_dir = DIR_WRITE;
1735 temp = get_be16(&sc->sc_cbw->CBWCDB[7]);
1736 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1737 if (error) {
1738 break;
1739 }
1740 error = ustorage_fs_check_cmd(sc, 10,
1741 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1742 if (error) {
1743 break;
1744 }
1745 error = ustorage_fs_read(sc);
1746
1747 break;
1748
1749 case SC_READ_12:
1750 sc->sc_transfer.cmd_dir = DIR_WRITE;
1751 temp = get_be32(&sc->sc_cbw->CBWCDB[6]);
1752 if (temp >= (1UL << (32 - 9))) {
1753 /* numerical overflow */
1754 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
1755 error = 1;
1756 break;
1757 }
1758 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1759 if (error) {
1760 break;
1761 }
1762 error = ustorage_fs_check_cmd(sc, 12,
1763 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1764 if (error) {
1765 break;
1766 }
1767 error = ustorage_fs_read(sc);
1768
1769 break;
1770
1771 case SC_READ_CAPACITY:
1772 sc->sc_transfer.cmd_dir = DIR_WRITE;
1773 error = ustorage_fs_check_cmd(sc, 10,
1774 (0xfUL << 2) | (1UL << 8) | 1, 1);
1775 if (error) {
1776 break;
1777 }
1778 error = ustorage_fs_read_capacity(sc);
1779
1780 break;
1781
1782 case SC_READ_FORMAT_CAPACITIES:
1783 sc->sc_transfer.cmd_dir = DIR_WRITE;
1784 error = ustorage_fs_min_len(sc,
1785 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1786 if (error) {
1787 break;
1788 }
1789 error = ustorage_fs_check_cmd(sc, 10,
1790 (3UL << 7) | 1, 1);
1791 if (error) {
1792 break;
1793 }
1794 error = ustorage_fs_read_format_capacities(sc);
1795
1796 break;
1797
1798 case SC_REQUEST_SENSE:
1799 sc->sc_transfer.cmd_dir = DIR_WRITE;
1800 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1801 if (error) {
1802 break;
1803 }
1804 error = ustorage_fs_check_cmd(sc, 6,
1805 (1UL << 4) | 1, 0);
1806 if (error) {
1807 break;
1808 }
1809 error = ustorage_fs_request_sense(sc);
1810
1811 break;
1812
1813 case SC_START_STOP_UNIT:
1814 error = ustorage_fs_min_len(sc, 0, -1U);
1815 if (error) {
1816 break;
1817 }
1818 error = ustorage_fs_check_cmd(sc, 6,
1819 (1UL << 1) | (1UL << 4) | 1, 0);
1820 if (error) {
1821 break;
1822 }
1823 error = ustorage_fs_start_stop(sc);
1824
1825 break;
1826
1827 case SC_SYNCHRONIZE_CACHE:
1828 error = ustorage_fs_min_len(sc, 0, -1U);
1829 if (error) {
1830 break;
1831 }
1832 error = ustorage_fs_check_cmd(sc, 10,
1833 (0xfUL << 2) | (3UL << 7) | 1, 1);
1834 if (error) {
1835 break;
1836 }
1837 error = ustorage_fs_synchronize_cache(sc);
1838
1839 break;
1840
1841 case SC_TEST_UNIT_READY:
1842 error = ustorage_fs_min_len(sc, 0, -1U);
1843 if (error) {
1844 break;
1845 }
1846 error = ustorage_fs_check_cmd(sc, 6,
1847 0 | 1, 1);
1848 break;
1849
1850 /*
1851 * Although optional, this command is used by MS-Windows.
1852 * We support a minimal version: BytChk must be 0.
1853 */
1854 case SC_VERIFY:
1855 error = ustorage_fs_min_len(sc, 0, -1U);
1856 if (error) {
1857 break;
1858 }
1859 error = ustorage_fs_check_cmd(sc, 10,
1860 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1861 if (error) {
1862 break;
1863 }
1864 error = ustorage_fs_verify(sc);
1865
1866 break;
1867
1868 case SC_WRITE_6:
1869 i = sc->sc_cbw->CBWCDB[4];
1870 sc->sc_transfer.cmd_dir = DIR_READ;
1871 temp = ((i == 0) ? 256UL : i);
1872 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1873 if (error) {
1874 break;
1875 }
1876 error = ustorage_fs_check_cmd(sc, 6,
1877 (7UL << 1) | (1UL << 4) | 1, 1);
1878 if (error) {
1879 break;
1880 }
1881 error = ustorage_fs_write(sc);
1882
1883 break;
1884
1885 case SC_WRITE_10:
1886 sc->sc_transfer.cmd_dir = DIR_READ;
1887 temp = get_be16(&sc->sc_cbw->CBWCDB[7]);
1888 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1889 if (error) {
1890 break;
1891 }
1892 error = ustorage_fs_check_cmd(sc, 10,
1893 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1894 if (error) {
1895 break;
1896 }
1897 error = ustorage_fs_write(sc);
1898
1899 break;
1900
1901 case SC_WRITE_12:
1902 sc->sc_transfer.cmd_dir = DIR_READ;
1903 temp = get_be32(&sc->sc_cbw->CBWCDB[6]);
1904 if (temp > (mask9 >> 9)) {
1905 /* numerical overflow */
1906 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
1907 error = 1;
1908 break;
1909 }
1910 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1911 if (error) {
1912 break;
1913 }
1914 error = ustorage_fs_check_cmd(sc, 12,
1915 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1916 if (error) {
1917 break;
1918 }
1919 error = ustorage_fs_write(sc);
1920
1921 break;
1922
1923 /*
1924 * Some mandatory commands that we recognize but don't
1925 * implement. They don't mean much in this setting.
1926 * It's left as an exercise for anyone interested to
1927 * implement RESERVE and RELEASE in terms of Posix
1928 * locks.
1929 */
1930 case SC_FORMAT_UNIT:
1931 case SC_RELEASE:
1932 case SC_RESERVE:
1933 case SC_SEND_DIAGNOSTIC:
1934 /* Fallthrough */
1935
1936 default:
1937 error = ustorage_fs_min_len(sc, 0, -1U);
1938 if (error) {
1939 break;
1940 }
1941 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1942 0xff, 0);
1943 if (error) {
1944 break;
1945 }
1946 sc->sc_transfer.currlun->sense_data =
1947 SS_INVALID_COMMAND;
1948 error = 1;
1949
1950 break;
1951 }
1952 return (error);
1953 }
1954