1 /* $FreeBSD$ */ 2 /*- 3 * Copyright (C) 2003-2005 Alan Stern 4 * Copyright (C) 2008 Hans Petter Selasky 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /* 35 * NOTE: Much of the SCSI statemachine handling code derives from the 36 * Linux USB gadget stack. 37 */ 38 39 #include <sys/stdint.h> 40 #include <sys/param.h> 41 #include <sys/queue.h> 42 #include <sys/types.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/bus.h> 46 #include <sys/module.h> 47 #include <sys/lock.h> 48 #include <sys/mutex.h> 49 #include <sys/condvar.h> 50 #include <sys/sysctl.h> 51 #include <sys/unistd.h> 52 #include <sys/callout.h> 53 #include <sys/malloc.h> 54 #include <sys/priv.h> 55 56 #include <bus/u4b/usb.h> 57 #include <bus/u4b/usbdi.h> 58 #include <bus/u4b/usbdevs.h> 59 #include "usb_if.h" 60 61 #define USB_DEBUG_VAR ustorage_fs_debug 62 #include <bus/u4b/usb_debug.h> 63 64 #ifdef USB_DEBUG 65 static int ustorage_fs_debug = 0; 66 67 SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs"); 68 SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RW, 69 &ustorage_fs_debug, 0, "ustorage_fs debug level"); 70 #endif 71 72 /* Define some limits */ 73 74 #ifndef USTORAGE_FS_BULK_SIZE 75 #define USTORAGE_FS_BULK_SIZE (1UL << 17) /* bytes */ 76 #endif 77 78 #ifndef USTORAGE_FS_MAX_LUN 79 #define USTORAGE_FS_MAX_LUN 8 /* units */ 80 #endif 81 82 #ifndef USTORAGE_QDATA_MAX 83 #define USTORAGE_QDATA_MAX 40 /* bytes */ 84 #endif 85 86 #define sc_cmd_data sc_cbw.CBWCDB 87 88 /* 89 * The SCSI ID string must be exactly 28 characters long 90 * exluding the terminating zero. 91 */ 92 #ifndef USTORAGE_FS_ID_STRING 93 #define USTORAGE_FS_ID_STRING \ 94 "FreeBSD " /* 8 */ \ 95 "File-Stor Gadget" /* 16 */ \ 96 "0101" /* 4 */ 97 #endif 98 99 /* 100 * The following macro defines the number of 101 * sectors to be allocated for the RAM disk: 102 */ 103 #ifndef USTORAGE_FS_RAM_SECT 104 #define USTORAGE_FS_RAM_SECT (1UL << 13) 105 #endif 106 107 static uint8_t *ustorage_fs_ramdisk; 108 109 /* USB transfer definitions */ 110 111 #define USTORAGE_FS_T_BBB_COMMAND 0 112 #define USTORAGE_FS_T_BBB_DATA_DUMP 1 113 #define USTORAGE_FS_T_BBB_DATA_READ 2 114 #define USTORAGE_FS_T_BBB_DATA_WRITE 3 115 #define USTORAGE_FS_T_BBB_STATUS 4 116 #define USTORAGE_FS_T_BBB_MAX 5 117 118 /* USB data stage direction */ 119 120 #define DIR_NONE 0 121 #define DIR_READ 1 122 #define DIR_WRITE 2 123 124 /* USB interface specific control request */ 125 126 #define UR_BBB_RESET 0xff /* Bulk-Only reset */ 127 #define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */ 128 129 /* Command Block Wrapper */ 130 typedef struct { 131 uDWord dCBWSignature; 132 #define CBWSIGNATURE 0x43425355 133 uDWord dCBWTag; 134 uDWord dCBWDataTransferLength; 135 uByte bCBWFlags; 136 #define CBWFLAGS_OUT 0x00 137 #define CBWFLAGS_IN 0x80 138 uByte bCBWLUN; 139 uByte bCDBLength; 140 #define CBWCDBLENGTH 16 141 uByte CBWCDB[CBWCDBLENGTH]; 142 } __packed ustorage_fs_bbb_cbw_t; 143 144 #define USTORAGE_FS_BBB_CBW_SIZE 31 145 146 /* Command Status Wrapper */ 147 typedef struct { 148 uDWord dCSWSignature; 149 #define CSWSIGNATURE 0x53425355 150 uDWord dCSWTag; 151 uDWord dCSWDataResidue; 152 uByte bCSWStatus; 153 #define CSWSTATUS_GOOD 0x0 154 #define CSWSTATUS_FAILED 0x1 155 #define CSWSTATUS_PHASE 0x2 156 } __packed ustorage_fs_bbb_csw_t; 157 158 #define USTORAGE_FS_BBB_CSW_SIZE 13 159 160 struct ustorage_fs_lun { 161 162 uint8_t *memory_image; 163 164 uint32_t num_sectors; 165 uint32_t sense_data; 166 uint32_t sense_data_info; 167 uint32_t unit_attention_data; 168 169 uint8_t read_only:1; 170 uint8_t prevent_medium_removal:1; 171 uint8_t info_valid:1; 172 uint8_t removable:1; 173 }; 174 175 struct ustorage_fs_softc { 176 177 ustorage_fs_bbb_cbw_t sc_cbw; /* Command Wrapper Block */ 178 ustorage_fs_bbb_csw_t sc_csw; /* Command Status Block */ 179 180 struct lock sc_lock; 181 182 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN]; 183 184 struct { 185 uint8_t *data_ptr; 186 struct ustorage_fs_lun *currlun; 187 188 uint32_t data_rem; /* bytes, as reported by the command 189 * block wrapper */ 190 uint32_t offset; /* bytes */ 191 192 uint8_t cbw_dir; 193 uint8_t cmd_dir; 194 uint8_t lun; 195 uint8_t cmd_len; 196 uint8_t data_short:1; 197 uint8_t data_error:1; 198 } sc_transfer; 199 200 device_t sc_dev; 201 struct usb_device *sc_udev; 202 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX]; 203 204 uint8_t sc_iface_no; /* interface number */ 205 uint8_t sc_last_lun; 206 uint8_t sc_last_xfer_index; 207 uint8_t sc_qdata[USTORAGE_QDATA_MAX]; 208 }; 209 210 /* prototypes */ 211 212 static device_probe_t ustorage_fs_probe; 213 static device_attach_t ustorage_fs_attach; 214 static device_detach_t ustorage_fs_detach; 215 static device_suspend_t ustorage_fs_suspend; 216 static device_resume_t ustorage_fs_resume; 217 static usb_handle_request_t ustorage_fs_handle_request; 218 219 static usb_callback_t ustorage_fs_t_bbb_command_callback; 220 static usb_callback_t ustorage_fs_t_bbb_data_dump_callback; 221 static usb_callback_t ustorage_fs_t_bbb_data_read_callback; 222 static usb_callback_t ustorage_fs_t_bbb_data_write_callback; 223 static usb_callback_t ustorage_fs_t_bbb_status_callback; 224 225 static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index); 226 static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc); 227 228 static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc); 229 static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc); 230 static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc); 231 static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc); 232 static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc); 233 static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc); 234 static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc); 235 static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc); 236 static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc); 237 static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask); 238 static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc); 239 static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc); 240 static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium); 241 static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc); 242 243 static device_method_t ustorage_fs_methods[] = { 244 /* USB interface */ 245 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request), 246 247 /* Device interface */ 248 DEVMETHOD(device_probe, ustorage_fs_probe), 249 DEVMETHOD(device_attach, ustorage_fs_attach), 250 DEVMETHOD(device_detach, ustorage_fs_detach), 251 DEVMETHOD(device_suspend, ustorage_fs_suspend), 252 DEVMETHOD(device_resume, ustorage_fs_resume), 253 254 {0, 0} 255 }; 256 257 static driver_t ustorage_fs_driver = { 258 .name = "ustorage_fs", 259 .methods = ustorage_fs_methods, 260 .size = sizeof(struct ustorage_fs_softc), 261 }; 262 263 static devclass_t ustorage_fs_devclass; 264 265 DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, NULL); 266 MODULE_VERSION(ustorage_fs, 0); 267 MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1); 268 269 static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = { 270 271 [USTORAGE_FS_T_BBB_COMMAND] = { 272 .type = UE_BULK, 273 .endpoint = UE_ADDR_ANY, 274 .direction = UE_DIR_OUT, 275 .bufsize = sizeof(ustorage_fs_bbb_cbw_t), 276 .flags = {.ext_buffer = 1,}, 277 .callback = &ustorage_fs_t_bbb_command_callback, 278 .usb_mode = USB_MODE_DEVICE, 279 }, 280 281 [USTORAGE_FS_T_BBB_DATA_DUMP] = { 282 .type = UE_BULK, 283 .endpoint = UE_ADDR_ANY, 284 .direction = UE_DIR_OUT, 285 .bufsize = 0, /* use wMaxPacketSize */ 286 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,}, 287 .callback = &ustorage_fs_t_bbb_data_dump_callback, 288 .usb_mode = USB_MODE_DEVICE, 289 }, 290 291 [USTORAGE_FS_T_BBB_DATA_READ] = { 292 .type = UE_BULK, 293 .endpoint = UE_ADDR_ANY, 294 .direction = UE_DIR_OUT, 295 .bufsize = USTORAGE_FS_BULK_SIZE, 296 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 297 .callback = &ustorage_fs_t_bbb_data_read_callback, 298 .usb_mode = USB_MODE_DEVICE, 299 }, 300 301 [USTORAGE_FS_T_BBB_DATA_WRITE] = { 302 .type = UE_BULK, 303 .endpoint = UE_ADDR_ANY, 304 .direction = UE_DIR_IN, 305 .bufsize = USTORAGE_FS_BULK_SIZE, 306 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1}, 307 .callback = &ustorage_fs_t_bbb_data_write_callback, 308 .usb_mode = USB_MODE_DEVICE, 309 }, 310 311 [USTORAGE_FS_T_BBB_STATUS] = { 312 .type = UE_BULK, 313 .endpoint = UE_ADDR_ANY, 314 .direction = UE_DIR_IN, 315 .bufsize = sizeof(ustorage_fs_bbb_csw_t), 316 .flags = {.short_xfer_ok = 1,.ext_buffer = 1,}, 317 .callback = &ustorage_fs_t_bbb_status_callback, 318 .usb_mode = USB_MODE_DEVICE, 319 }, 320 }; 321 322 /* 323 * USB device probe/attach/detach 324 */ 325 326 static int 327 ustorage_fs_probe(device_t dev) 328 { 329 struct usb_attach_arg *uaa = device_get_ivars(dev); 330 struct usb_interface_descriptor *id; 331 332 if (uaa->usb_mode != USB_MODE_DEVICE) { 333 return (ENXIO); 334 } 335 /* Check for a standards compliant device */ 336 id = usbd_get_interface_descriptor(uaa->iface); 337 if ((id == NULL) || 338 (id->bInterfaceClass != UICLASS_MASS) || 339 (id->bInterfaceSubClass != UISUBCLASS_SCSI) || 340 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) { 341 return (ENXIO); 342 } 343 return (BUS_PROBE_GENERIC); 344 } 345 346 static int 347 ustorage_fs_attach(device_t dev) 348 { 349 struct ustorage_fs_softc *sc = device_get_softc(dev); 350 struct usb_attach_arg *uaa = device_get_ivars(dev); 351 struct usb_interface_descriptor *id; 352 int err; 353 int unit; 354 355 /* 356 * NOTE: the softc struct is cleared in device_set_driver. 357 * We can safely call ustorage_fs_detach without specifically 358 * initializing the struct. 359 */ 360 361 sc->sc_dev = dev; 362 sc->sc_udev = uaa->device; 363 unit = device_get_unit(dev); 364 365 /* enable power saving mode */ 366 usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE); 367 368 if (unit == 0) { 369 if (ustorage_fs_ramdisk == NULL) { 370 /* 371 * allocate a memory image for our ramdisk until 372 * further 373 */ 374 ustorage_fs_ramdisk = 375 kmalloc(USTORAGE_FS_RAM_SECT << 9, M_USB, 376 M_ZERO | M_WAITOK); 377 } 378 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk; 379 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT; 380 sc->sc_lun[0].removable = 1; 381 } 382 383 device_set_usb_desc(dev); 384 385 lockinit(&sc->sc_lock, "USTORAGE_FS lock", 0, LK_CANRECURSE); 386 387 /* get interface index */ 388 389 id = usbd_get_interface_descriptor(uaa->iface); 390 if (id == NULL) { 391 device_printf(dev, "failed to get " 392 "interface number\n"); 393 goto detach; 394 } 395 sc->sc_iface_no = id->bInterfaceNumber; 396 397 err = usbd_transfer_setup(uaa->device, 398 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config, 399 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_lock); 400 if (err) { 401 device_printf(dev, "could not setup required " 402 "transfers, %s\n", usbd_errstr(err)); 403 goto detach; 404 } 405 /* start Mass Storage State Machine */ 406 407 lockmgr(&sc->sc_lock, LK_EXCLUSIVE); 408 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 409 lockmgr(&sc->sc_lock, LK_RELEASE); 410 411 return (0); /* success */ 412 413 detach: 414 ustorage_fs_detach(dev); 415 return (ENXIO); /* failure */ 416 } 417 418 static int 419 ustorage_fs_detach(device_t dev) 420 { 421 struct ustorage_fs_softc *sc = device_get_softc(dev); 422 423 /* teardown our statemachine */ 424 425 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX); 426 427 lockuninit(&sc->sc_lock); 428 429 return (0); /* success */ 430 } 431 432 static int 433 ustorage_fs_suspend(device_t dev) 434 { 435 device_printf(dev, "suspending\n"); 436 return (0); /* success */ 437 } 438 439 static int 440 ustorage_fs_resume(device_t dev) 441 { 442 device_printf(dev, "resuming\n"); 443 return (0); /* success */ 444 } 445 446 /* 447 * Generic functions to handle transfers 448 */ 449 450 static void 451 ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index) 452 { 453 if (sc->sc_xfer[xfer_index]) { 454 sc->sc_last_xfer_index = xfer_index; 455 usbd_transfer_start(sc->sc_xfer[xfer_index]); 456 } 457 } 458 459 static void 460 ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc) 461 { 462 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]); 463 lockmgr(&sc->sc_lock, LK_RELEASE); 464 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]); 465 lockmgr(&sc->sc_lock, LK_EXCLUSIVE); 466 } 467 468 static int 469 ustorage_fs_handle_request(device_t dev, 470 const void *preq, void **pptr, uint16_t *plen, 471 uint16_t offset, uint8_t *pstate) 472 { 473 struct ustorage_fs_softc *sc = device_get_softc(dev); 474 const struct usb_device_request *req = preq; 475 uint8_t is_complete = *pstate; 476 477 if (!is_complete) { 478 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) && 479 (req->bRequest == UR_BBB_RESET)) { 480 *plen = 0; 481 lockmgr(&sc->sc_lock, LK_EXCLUSIVE); 482 ustorage_fs_transfer_stop(sc); 483 sc->sc_transfer.data_error = 1; 484 ustorage_fs_transfer_start(sc, 485 USTORAGE_FS_T_BBB_COMMAND); 486 lockmgr(&sc->sc_lock, LK_RELEASE); 487 return (0); 488 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) && 489 (req->bRequest == UR_BBB_GET_MAX_LUN)) { 490 if (offset == 0) { 491 *plen = 1; 492 *pptr = &sc->sc_last_lun; 493 } else { 494 *plen = 0; 495 } 496 return (0); 497 } 498 } 499 return (ENXIO); /* use builtin handler */ 500 } 501 502 static void 503 ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error) 504 { 505 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 506 uint32_t tag; 507 uint8_t err = 0; 508 509 DPRINTF("\n"); 510 511 switch (USB_GET_STATE(xfer)) { 512 case USB_ST_TRANSFERRED: 513 514 tag = UGETDW(sc->sc_cbw.dCBWSignature); 515 516 if (tag != CBWSIGNATURE) { 517 /* do nothing */ 518 DPRINTF("invalid signature 0x%08x\n", tag); 519 break; 520 } 521 tag = UGETDW(sc->sc_cbw.dCBWTag); 522 523 /* echo back tag */ 524 USETDW(sc->sc_csw.dCSWTag, tag); 525 526 /* reset status */ 527 sc->sc_csw.bCSWStatus = 0; 528 529 /* reset data offset, data length and data remainder */ 530 sc->sc_transfer.offset = 0; 531 sc->sc_transfer.data_rem = 532 UGETDW(sc->sc_cbw.dCBWDataTransferLength); 533 534 /* reset data flags */ 535 sc->sc_transfer.data_short = 0; 536 537 /* extract LUN */ 538 sc->sc_transfer.lun = sc->sc_cbw.bCBWLUN; 539 540 if (sc->sc_transfer.data_rem == 0) { 541 sc->sc_transfer.cbw_dir = DIR_NONE; 542 } else { 543 if (sc->sc_cbw.bCBWFlags & CBWFLAGS_IN) { 544 sc->sc_transfer.cbw_dir = DIR_WRITE; 545 } else { 546 sc->sc_transfer.cbw_dir = DIR_READ; 547 } 548 } 549 550 sc->sc_transfer.cmd_len = sc->sc_cbw.bCDBLength; 551 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw.CBWCDB)) || 552 (sc->sc_transfer.cmd_len == 0)) { 553 /* just halt - this is invalid */ 554 DPRINTF("invalid command length %d bytes\n", 555 sc->sc_transfer.cmd_len); 556 break; 557 } 558 559 err = ustorage_fs_do_cmd(sc); 560 if (err) { 561 /* got an error */ 562 DPRINTF("command failed\n"); 563 break; 564 } 565 if ((sc->sc_transfer.data_rem > 0) && 566 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) { 567 /* contradicting data transfer direction */ 568 err = 1; 569 DPRINTF("data direction mismatch\n"); 570 break; 571 } 572 switch (sc->sc_transfer.cbw_dir) { 573 case DIR_READ: 574 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ); 575 break; 576 case DIR_WRITE: 577 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE); 578 break; 579 default: 580 ustorage_fs_transfer_start(sc, 581 USTORAGE_FS_T_BBB_STATUS); 582 break; 583 } 584 break; 585 586 case USB_ST_SETUP: 587 tr_setup: 588 if (sc->sc_transfer.data_error) { 589 sc->sc_transfer.data_error = 0; 590 usbd_xfer_set_stall(xfer); 591 DPRINTF("stall pipe\n"); 592 } 593 594 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_cbw, 595 sizeof(sc->sc_cbw)); 596 usbd_transfer_submit(xfer); 597 break; 598 599 default: /* Error */ 600 DPRINTF("error\n"); 601 if (error == USB_ERR_CANCELLED) { 602 break; 603 } 604 /* If the pipe is already stalled, don't do another stall */ 605 if (!usbd_xfer_is_stalled(xfer)) 606 sc->sc_transfer.data_error = 1; 607 608 /* try again */ 609 goto tr_setup; 610 } 611 if (err) { 612 if (sc->sc_csw.bCSWStatus == 0) { 613 /* set some default error code */ 614 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 615 } 616 if (sc->sc_transfer.cbw_dir == DIR_READ) { 617 /* dump all data */ 618 ustorage_fs_transfer_start(sc, 619 USTORAGE_FS_T_BBB_DATA_DUMP); 620 return; 621 } 622 if (sc->sc_transfer.cbw_dir == DIR_WRITE) { 623 /* need to stall before status */ 624 sc->sc_transfer.data_error = 1; 625 } 626 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS); 627 } 628 } 629 630 static void 631 ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error) 632 { 633 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 634 uint32_t max_bulk = usbd_xfer_max_len(xfer); 635 int actlen, sumlen; 636 637 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 638 639 DPRINTF("\n"); 640 641 switch (USB_GET_STATE(xfer)) { 642 case USB_ST_TRANSFERRED: 643 sc->sc_transfer.data_rem -= actlen; 644 sc->sc_transfer.offset += actlen; 645 646 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 647 /* short transfer or end of data */ 648 ustorage_fs_transfer_start(sc, 649 USTORAGE_FS_T_BBB_STATUS); 650 break; 651 } 652 /* Fallthrough */ 653 654 case USB_ST_SETUP: 655 tr_setup: 656 if (max_bulk > sc->sc_transfer.data_rem) { 657 max_bulk = sc->sc_transfer.data_rem; 658 } 659 if (sc->sc_transfer.data_error) { 660 sc->sc_transfer.data_error = 0; 661 usbd_xfer_set_stall(xfer); 662 } 663 usbd_xfer_set_frame_len(xfer, 0, max_bulk); 664 usbd_transfer_submit(xfer); 665 break; 666 667 default: /* Error */ 668 if (error == USB_ERR_CANCELLED) { 669 break; 670 } 671 /* 672 * If the pipe is already stalled, don't do another stall: 673 */ 674 if (!usbd_xfer_is_stalled(xfer)) 675 sc->sc_transfer.data_error = 1; 676 677 /* try again */ 678 goto tr_setup; 679 } 680 } 681 682 static void 683 ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error) 684 { 685 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 686 uint32_t max_bulk = usbd_xfer_max_len(xfer); 687 int actlen, sumlen; 688 689 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 690 691 DPRINTF("\n"); 692 693 switch (USB_GET_STATE(xfer)) { 694 case USB_ST_TRANSFERRED: 695 sc->sc_transfer.data_rem -= actlen; 696 sc->sc_transfer.data_ptr += actlen; 697 sc->sc_transfer.offset += actlen; 698 699 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 700 /* short transfer or end of data */ 701 ustorage_fs_transfer_start(sc, 702 USTORAGE_FS_T_BBB_STATUS); 703 break; 704 } 705 /* Fallthrough */ 706 707 case USB_ST_SETUP: 708 tr_setup: 709 if (max_bulk > sc->sc_transfer.data_rem) { 710 max_bulk = sc->sc_transfer.data_rem; 711 } 712 if (sc->sc_transfer.data_error) { 713 sc->sc_transfer.data_error = 0; 714 usbd_xfer_set_stall(xfer); 715 } 716 717 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr, 718 max_bulk); 719 usbd_transfer_submit(xfer); 720 break; 721 722 default: /* Error */ 723 if (error == USB_ERR_CANCELLED) { 724 break; 725 } 726 /* If the pipe is already stalled, don't do another stall */ 727 if (!usbd_xfer_is_stalled(xfer)) 728 sc->sc_transfer.data_error = 1; 729 730 /* try again */ 731 goto tr_setup; 732 } 733 } 734 735 static void 736 ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error) 737 { 738 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 739 uint32_t max_bulk = usbd_xfer_max_len(xfer); 740 int actlen, sumlen; 741 742 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 743 744 DPRINTF("\n"); 745 746 switch (USB_GET_STATE(xfer)) { 747 case USB_ST_TRANSFERRED: 748 sc->sc_transfer.data_rem -= actlen; 749 sc->sc_transfer.data_ptr += actlen; 750 sc->sc_transfer.offset += actlen; 751 752 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) { 753 /* short transfer or end of data */ 754 ustorage_fs_transfer_start(sc, 755 USTORAGE_FS_T_BBB_STATUS); 756 break; 757 } 758 case USB_ST_SETUP: 759 tr_setup: 760 if (max_bulk >= sc->sc_transfer.data_rem) { 761 max_bulk = sc->sc_transfer.data_rem; 762 if (sc->sc_transfer.data_short) 763 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER); 764 else 765 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 766 } else 767 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER); 768 769 if (sc->sc_transfer.data_error) { 770 sc->sc_transfer.data_error = 0; 771 usbd_xfer_set_stall(xfer); 772 } 773 774 usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr, 775 max_bulk); 776 usbd_transfer_submit(xfer); 777 break; 778 779 default: /* Error */ 780 if (error == USB_ERR_CANCELLED) { 781 break; 782 } 783 /* 784 * If the pipe is already stalled, don't do another 785 * stall 786 */ 787 if (!usbd_xfer_is_stalled(xfer)) 788 sc->sc_transfer.data_error = 1; 789 790 /* try again */ 791 goto tr_setup; 792 } 793 } 794 795 static void 796 ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error) 797 { 798 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer); 799 800 DPRINTF("\n"); 801 802 switch (USB_GET_STATE(xfer)) { 803 case USB_ST_TRANSFERRED: 804 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND); 805 break; 806 807 case USB_ST_SETUP: 808 tr_setup: 809 USETDW(sc->sc_csw.dCSWSignature, CSWSIGNATURE); 810 USETDW(sc->sc_csw.dCSWDataResidue, sc->sc_transfer.data_rem); 811 812 if (sc->sc_transfer.data_error) { 813 sc->sc_transfer.data_error = 0; 814 usbd_xfer_set_stall(xfer); 815 } 816 817 usbd_xfer_set_frame_data(xfer, 0, &sc->sc_csw, 818 sizeof(sc->sc_csw)); 819 usbd_transfer_submit(xfer); 820 break; 821 822 default: 823 if (error == USB_ERR_CANCELLED) { 824 break; 825 } 826 /* If the pipe is already stalled, don't do another stall */ 827 if (!usbd_xfer_is_stalled(xfer)) 828 sc->sc_transfer.data_error = 1; 829 830 /* try again */ 831 goto tr_setup; 832 } 833 } 834 835 /* SCSI commands that we recognize */ 836 #define SC_FORMAT_UNIT 0x04 837 #define SC_INQUIRY 0x12 838 #define SC_MODE_SELECT_6 0x15 839 #define SC_MODE_SELECT_10 0x55 840 #define SC_MODE_SENSE_6 0x1a 841 #define SC_MODE_SENSE_10 0x5a 842 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 843 #define SC_READ_6 0x08 844 #define SC_READ_10 0x28 845 #define SC_READ_12 0xa8 846 #define SC_READ_CAPACITY 0x25 847 #define SC_READ_FORMAT_CAPACITIES 0x23 848 #define SC_RELEASE 0x17 849 #define SC_REQUEST_SENSE 0x03 850 #define SC_RESERVE 0x16 851 #define SC_SEND_DIAGNOSTIC 0x1d 852 #define SC_START_STOP_UNIT 0x1b 853 #define SC_SYNCHRONIZE_CACHE 0x35 854 #define SC_TEST_UNIT_READY 0x00 855 #define SC_VERIFY 0x2f 856 #define SC_WRITE_6 0x0a 857 #define SC_WRITE_10 0x2a 858 #define SC_WRITE_12 0xaa 859 860 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 861 #define SS_NO_SENSE 0 862 #define SS_COMMUNICATION_FAILURE 0x040800 863 #define SS_INVALID_COMMAND 0x052000 864 #define SS_INVALID_FIELD_IN_CDB 0x052400 865 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 866 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 867 #define SS_MEDIUM_NOT_PRESENT 0x023a00 868 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 869 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800 870 #define SS_RESET_OCCURRED 0x062900 871 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 872 #define SS_UNRECOVERED_READ_ERROR 0x031100 873 #define SS_WRITE_ERROR 0x030c02 874 #define SS_WRITE_PROTECTED 0x072700 875 876 #define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */ 877 #define ASC(x) ((uint8_t) ((x) >> 8)) 878 #define ASCQ(x) ((uint8_t) (x)) 879 880 /* Routines for unaligned data access */ 881 882 static uint16_t 883 get_be16(uint8_t *buf) 884 { 885 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]); 886 } 887 888 static uint32_t 889 get_be32(uint8_t *buf) 890 { 891 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | 892 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]); 893 } 894 895 static void 896 put_be16(uint8_t *buf, uint16_t val) 897 { 898 buf[0] = val >> 8; 899 buf[1] = val; 900 } 901 902 static void 903 put_be32(uint8_t *buf, uint32_t val) 904 { 905 buf[0] = val >> 24; 906 buf[1] = val >> 16; 907 buf[2] = val >> 8; 908 buf[3] = val & 0xff; 909 } 910 911 /*------------------------------------------------------------------------* 912 * ustorage_fs_verify 913 * 914 * Returns: 915 * 0: Success 916 * Else: Failure 917 *------------------------------------------------------------------------*/ 918 static uint8_t 919 ustorage_fs_verify(struct ustorage_fs_softc *sc) 920 { 921 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 922 uint32_t lba; 923 uint32_t vlen; 924 uint64_t file_offset; 925 uint64_t amount_left; 926 927 /* 928 * Get the starting Logical Block Address 929 */ 930 lba = get_be32(&sc->sc_cmd_data[2]); 931 932 /* 933 * We allow DPO (Disable Page Out = don't save data in the cache) 934 * but we don't implement it. 935 */ 936 if ((sc->sc_cmd_data[1] & ~0x10) != 0) { 937 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 938 return (1); 939 } 940 vlen = get_be16(&sc->sc_cmd_data[7]); 941 if (vlen == 0) { 942 goto done; 943 } 944 /* No default reply */ 945 946 /* Prepare to carry out the file verify */ 947 amount_left = vlen; 948 amount_left <<= 9; 949 file_offset = lba; 950 file_offset <<= 9; 951 952 /* Range check */ 953 vlen += lba; 954 955 if ((vlen < lba) || 956 (vlen > currlun->num_sectors) || 957 (lba >= currlun->num_sectors)) { 958 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 959 return (1); 960 } 961 /* XXX TODO: verify that data is readable */ 962 done: 963 return (ustorage_fs_min_len(sc, 0, 0 - 1)); 964 } 965 966 /*------------------------------------------------------------------------* 967 * ustorage_fs_inquiry 968 * 969 * Returns: 970 * 0: Success 971 * Else: Failure 972 *------------------------------------------------------------------------*/ 973 static uint8_t 974 ustorage_fs_inquiry(struct ustorage_fs_softc *sc) 975 { 976 uint8_t *buf = sc->sc_transfer.data_ptr; 977 978 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 979 980 if (!sc->sc_transfer.currlun) { 981 /* Unsupported LUNs are okay */ 982 memset(buf, 0, 36); 983 buf[0] = 0x7f; 984 /* Unsupported, no device - type */ 985 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 986 } 987 memset(buf, 0, 8); 988 /* Non - removable, direct - access device */ 989 if (currlun->removable) 990 buf[1] = 0x80; 991 buf[2] = 2; 992 /* ANSI SCSI level 2 */ 993 buf[3] = 2; 994 /* SCSI - 2 INQUIRY data format */ 995 buf[4] = 31; 996 /* Additional length */ 997 /* No special options */ 998 /* Copy in ID string */ 999 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28); 1000 1001 #if (USTORAGE_QDATA_MAX < 36) 1002 #error "(USTORAGE_QDATA_MAX < 36)" 1003 #endif 1004 return (ustorage_fs_min_len(sc, 36, 0 - 1)); 1005 } 1006 1007 /*------------------------------------------------------------------------* 1008 * ustorage_fs_request_sense 1009 * 1010 * Returns: 1011 * 0: Success 1012 * Else: Failure 1013 *------------------------------------------------------------------------*/ 1014 static uint8_t 1015 ustorage_fs_request_sense(struct ustorage_fs_softc *sc) 1016 { 1017 uint8_t *buf = sc->sc_transfer.data_ptr; 1018 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1019 uint32_t sd; 1020 uint32_t sdinfo; 1021 uint8_t valid; 1022 1023 /* 1024 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1025 * 1026 * If a REQUEST SENSE command is received from an initiator 1027 * with a pending unit attention condition (before the target 1028 * generates the contingent allegiance condition), then the 1029 * target shall either: 1030 * a) report any pending sense data and preserve the unit 1031 * attention condition on the logical unit, or, 1032 * b) report the unit attention condition, may discard any 1033 * pending sense data, and clear the unit attention 1034 * condition on the logical unit for that initiator. 1035 * 1036 * FSG normally uses option a); enable this code to use option b). 1037 */ 1038 #if 0 1039 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) { 1040 currlun->sense_data = currlun->unit_attention_data; 1041 currlun->unit_attention_data = SS_NO_SENSE; 1042 } 1043 #endif 1044 1045 if (!currlun) { 1046 /* Unsupported LUNs are okay */ 1047 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1048 sdinfo = 0; 1049 valid = 0; 1050 } else { 1051 sd = currlun->sense_data; 1052 sdinfo = currlun->sense_data_info; 1053 valid = currlun->info_valid << 7; 1054 currlun->sense_data = SS_NO_SENSE; 1055 currlun->sense_data_info = 0; 1056 currlun->info_valid = 0; 1057 } 1058 1059 memset(buf, 0, 18); 1060 buf[0] = valid | 0x70; 1061 /* Valid, current error */ 1062 buf[2] = SK(sd); 1063 put_be32(&buf[3], sdinfo); 1064 /* Sense information */ 1065 buf[7] = 18 - 8; 1066 /* Additional sense length */ 1067 buf[12] = ASC(sd); 1068 buf[13] = ASCQ(sd); 1069 1070 #if (USTORAGE_QDATA_MAX < 18) 1071 #error "(USTORAGE_QDATA_MAX < 18)" 1072 #endif 1073 return (ustorage_fs_min_len(sc, 18, 0 - 1)); 1074 } 1075 1076 /*------------------------------------------------------------------------* 1077 * ustorage_fs_read_capacity 1078 * 1079 * Returns: 1080 * 0: Success 1081 * Else: Failure 1082 *------------------------------------------------------------------------*/ 1083 static uint8_t 1084 ustorage_fs_read_capacity(struct ustorage_fs_softc *sc) 1085 { 1086 uint8_t *buf = sc->sc_transfer.data_ptr; 1087 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1088 uint32_t lba = get_be32(&sc->sc_cmd_data[2]); 1089 uint8_t pmi = sc->sc_cmd_data[8]; 1090 1091 /* Check the PMI and LBA fields */ 1092 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) { 1093 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1094 return (1); 1095 } 1096 /* Max logical block */ 1097 put_be32(&buf[0], currlun->num_sectors - 1); 1098 /* Block length */ 1099 put_be32(&buf[4], 512); 1100 1101 #if (USTORAGE_QDATA_MAX < 8) 1102 #error "(USTORAGE_QDATA_MAX < 8)" 1103 #endif 1104 return (ustorage_fs_min_len(sc, 8, 0 - 1)); 1105 } 1106 1107 /*------------------------------------------------------------------------* 1108 * ustorage_fs_mode_sense 1109 * 1110 * Returns: 1111 * 0: Success 1112 * Else: Failure 1113 *------------------------------------------------------------------------*/ 1114 static uint8_t 1115 ustorage_fs_mode_sense(struct ustorage_fs_softc *sc) 1116 { 1117 uint8_t *buf = sc->sc_transfer.data_ptr; 1118 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1119 uint8_t *buf0; 1120 uint16_t len; 1121 uint16_t limit; 1122 uint8_t mscmnd = sc->sc_cmd_data[0]; 1123 uint8_t pc; 1124 uint8_t page_code; 1125 uint8_t changeable_values; 1126 uint8_t all_pages; 1127 1128 buf0 = buf; 1129 1130 if ((sc->sc_cmd_data[1] & ~0x08) != 0) { 1131 /* Mask away DBD */ 1132 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1133 return (1); 1134 } 1135 pc = sc->sc_cmd_data[2] >> 6; 1136 page_code = sc->sc_cmd_data[2] & 0x3f; 1137 if (pc == 3) { 1138 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1139 return (1); 1140 } 1141 changeable_values = (pc == 1); 1142 all_pages = (page_code == 0x3f); 1143 1144 /* 1145 * Write the mode parameter header. Fixed values are: default 1146 * medium type, no cache control (DPOFUA), and no block descriptors. 1147 * The only variable value is the WriteProtect bit. We will fill in 1148 * the mode data length later. 1149 */ 1150 memset(buf, 0, 8); 1151 if (mscmnd == SC_MODE_SENSE_6) { 1152 buf[2] = (currlun->read_only ? 0x80 : 0x00); 1153 /* WP, DPOFUA */ 1154 buf += 4; 1155 limit = 255; 1156 } else { 1157 /* SC_MODE_SENSE_10 */ 1158 buf[3] = (currlun->read_only ? 0x80 : 0x00); 1159 /* WP, DPOFUA */ 1160 buf += 8; 1161 limit = 65535; 1162 /* Should really be mod_data.buflen */ 1163 } 1164 1165 /* No block descriptors */ 1166 1167 /* 1168 * The mode pages, in numerical order. 1169 */ 1170 if ((page_code == 0x08) || all_pages) { 1171 buf[0] = 0x08; 1172 /* Page code */ 1173 buf[1] = 10; 1174 /* Page length */ 1175 memset(buf + 2, 0, 10); 1176 /* None of the fields are changeable */ 1177 1178 if (!changeable_values) { 1179 buf[2] = 0x04; 1180 /* Write cache enable, */ 1181 /* Read cache not disabled */ 1182 /* No cache retention priorities */ 1183 put_be16(&buf[4], 0xffff); 1184 /* Don 't disable prefetch */ 1185 /* Minimum prefetch = 0 */ 1186 put_be16(&buf[8], 0xffff); 1187 /* Maximum prefetch */ 1188 put_be16(&buf[10], 0xffff); 1189 /* Maximum prefetch ceiling */ 1190 } 1191 buf += 12; 1192 } 1193 /* 1194 * Check that a valid page was requested and the mode data length 1195 * isn't too long. 1196 */ 1197 len = buf - buf0; 1198 if (len > limit) { 1199 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1200 return (1); 1201 } 1202 /* Store the mode data length */ 1203 if (mscmnd == SC_MODE_SENSE_6) 1204 buf0[0] = len - 1; 1205 else 1206 put_be16(buf0, len - 2); 1207 1208 #if (USTORAGE_QDATA_MAX < 24) 1209 #error "(USTORAGE_QDATA_MAX < 24)" 1210 #endif 1211 return (ustorage_fs_min_len(sc, len, 0 - 1)); 1212 } 1213 1214 /*------------------------------------------------------------------------* 1215 * ustorage_fs_start_stop 1216 * 1217 * Returns: 1218 * 0: Success 1219 * Else: Failure 1220 *------------------------------------------------------------------------*/ 1221 static uint8_t 1222 ustorage_fs_start_stop(struct ustorage_fs_softc *sc) 1223 { 1224 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1225 uint8_t loej; 1226 uint8_t start; 1227 uint8_t immed; 1228 1229 if (!currlun->removable) { 1230 currlun->sense_data = SS_INVALID_COMMAND; 1231 return (1); 1232 } 1233 immed = sc->sc_cmd_data[1] & 0x01; 1234 loej = sc->sc_cmd_data[4] & 0x02; 1235 start = sc->sc_cmd_data[4] & 0x01; 1236 1237 if (immed || loej || start) { 1238 /* compile fix */ 1239 } 1240 return (0); 1241 } 1242 1243 /*------------------------------------------------------------------------* 1244 * ustorage_fs_prevent_allow 1245 * 1246 * Returns: 1247 * 0: Success 1248 * Else: Failure 1249 *------------------------------------------------------------------------*/ 1250 static uint8_t 1251 ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc) 1252 { 1253 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1254 uint8_t prevent; 1255 1256 if (!currlun->removable) { 1257 currlun->sense_data = SS_INVALID_COMMAND; 1258 return (1); 1259 } 1260 prevent = sc->sc_cmd_data[4] & 0x01; 1261 if ((sc->sc_cmd_data[4] & ~0x01) != 0) { 1262 /* Mask away Prevent */ 1263 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1264 return (1); 1265 } 1266 if (currlun->prevent_medium_removal && !prevent) { 1267 //fsync_sub(currlun); 1268 } 1269 currlun->prevent_medium_removal = prevent; 1270 return (0); 1271 } 1272 1273 /*------------------------------------------------------------------------* 1274 * ustorage_fs_read_format_capacities 1275 * 1276 * Returns: 1277 * 0: Success 1278 * Else: Failure 1279 *------------------------------------------------------------------------*/ 1280 static uint8_t 1281 ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc) 1282 { 1283 uint8_t *buf = sc->sc_transfer.data_ptr; 1284 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1285 1286 buf[0] = buf[1] = buf[2] = 0; 1287 buf[3] = 8; 1288 /* Only the Current / Maximum Capacity Descriptor */ 1289 buf += 4; 1290 1291 /* Number of blocks */ 1292 put_be32(&buf[0], currlun->num_sectors); 1293 /* Block length */ 1294 put_be32(&buf[4], 512); 1295 /* Current capacity */ 1296 buf[4] = 0x02; 1297 1298 #if (USTORAGE_QDATA_MAX < 12) 1299 #error "(USTORAGE_QDATA_MAX < 12)" 1300 #endif 1301 return (ustorage_fs_min_len(sc, 12, 0 - 1)); 1302 } 1303 1304 /*------------------------------------------------------------------------* 1305 * ustorage_fs_mode_select 1306 * 1307 * Return values: 1308 * 0: Success 1309 * Else: Failure 1310 *------------------------------------------------------------------------*/ 1311 static uint8_t 1312 ustorage_fs_mode_select(struct ustorage_fs_softc *sc) 1313 { 1314 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1315 1316 /* We don't support MODE SELECT */ 1317 currlun->sense_data = SS_INVALID_COMMAND; 1318 return (1); 1319 } 1320 1321 /*------------------------------------------------------------------------* 1322 * ustorage_fs_synchronize_cache 1323 * 1324 * Return values: 1325 * 0: Success 1326 * Else: Failure 1327 *------------------------------------------------------------------------*/ 1328 static uint8_t 1329 ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc) 1330 { 1331 #if 0 1332 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1333 uint8_t rc; 1334 1335 /* 1336 * We ignore the requested LBA and write out all dirty data buffers. 1337 */ 1338 rc = 0; 1339 if (rc) { 1340 currlun->sense_data = SS_WRITE_ERROR; 1341 } 1342 #endif 1343 return (0); 1344 } 1345 1346 /*------------------------------------------------------------------------* 1347 * ustorage_fs_read - read data from disk 1348 * 1349 * Return values: 1350 * 0: Success 1351 * Else: Failure 1352 *------------------------------------------------------------------------*/ 1353 static uint8_t 1354 ustorage_fs_read(struct ustorage_fs_softc *sc) 1355 { 1356 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1357 uint64_t file_offset; 1358 uint32_t lba; 1359 uint32_t len; 1360 1361 /* 1362 * Get the starting Logical Block Address and check that it's not 1363 * too big 1364 */ 1365 if (sc->sc_cmd_data[0] == SC_READ_6) { 1366 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) | 1367 get_be16(&sc->sc_cmd_data[2]); 1368 } else { 1369 lba = get_be32(&sc->sc_cmd_data[2]); 1370 1371 /* 1372 * We allow DPO (Disable Page Out = don't save data in the 1373 * cache) and FUA (Force Unit Access = don't read from the 1374 * cache), but we don't implement them. 1375 */ 1376 if ((sc->sc_cmd_data[1] & ~0x18) != 0) { 1377 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1378 return (1); 1379 } 1380 } 1381 len = sc->sc_transfer.data_rem >> 9; 1382 len += lba; 1383 1384 if ((len < lba) || 1385 (len > currlun->num_sectors) || 1386 (lba >= currlun->num_sectors)) { 1387 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1388 return (1); 1389 } 1390 file_offset = lba; 1391 file_offset <<= 9; 1392 1393 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1394 1395 return (0); 1396 } 1397 1398 /*------------------------------------------------------------------------* 1399 * ustorage_fs_write - write data to disk 1400 * 1401 * Return values: 1402 * 0: Success 1403 * Else: Failure 1404 *------------------------------------------------------------------------*/ 1405 static uint8_t 1406 ustorage_fs_write(struct ustorage_fs_softc *sc) 1407 { 1408 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun; 1409 uint64_t file_offset; 1410 uint32_t lba; 1411 uint32_t len; 1412 1413 if (currlun->read_only) { 1414 currlun->sense_data = SS_WRITE_PROTECTED; 1415 return (1); 1416 } 1417 /* XXX clear SYNC */ 1418 1419 /* 1420 * Get the starting Logical Block Address and check that it's not 1421 * too big. 1422 */ 1423 if (sc->sc_cmd_data[0] == SC_WRITE_6) 1424 lba = (((uint32_t)sc->sc_cmd_data[1]) << 16) | 1425 get_be16(&sc->sc_cmd_data[2]); 1426 else { 1427 lba = get_be32(&sc->sc_cmd_data[2]); 1428 1429 /* 1430 * We allow DPO (Disable Page Out = don't save data in the 1431 * cache) and FUA (Force Unit Access = write directly to the 1432 * medium). We don't implement DPO; we implement FUA by 1433 * performing synchronous output. 1434 */ 1435 if ((sc->sc_cmd_data[1] & ~0x18) != 0) { 1436 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1437 return (1); 1438 } 1439 if (sc->sc_cmd_data[1] & 0x08) { 1440 /* FUA */ 1441 /* XXX set SYNC flag here */ 1442 } 1443 } 1444 1445 len = sc->sc_transfer.data_rem >> 9; 1446 len += lba; 1447 1448 if ((len < lba) || 1449 (len > currlun->num_sectors) || 1450 (lba >= currlun->num_sectors)) { 1451 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1452 return (1); 1453 } 1454 file_offset = lba; 1455 file_offset <<= 9; 1456 1457 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset; 1458 1459 return (0); 1460 } 1461 1462 /*------------------------------------------------------------------------* 1463 * ustorage_fs_min_len 1464 * 1465 * Return values: 1466 * 0: Success 1467 * Else: Failure 1468 *------------------------------------------------------------------------*/ 1469 static uint8_t 1470 ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask) 1471 { 1472 if (len != sc->sc_transfer.data_rem) { 1473 1474 if (sc->sc_transfer.cbw_dir == DIR_READ) { 1475 /* 1476 * there must be something wrong about this SCSI 1477 * command 1478 */ 1479 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1480 return (1); 1481 } 1482 /* compute the minimum length */ 1483 1484 if (sc->sc_transfer.data_rem > len) { 1485 /* data ends prematurely */ 1486 sc->sc_transfer.data_rem = len; 1487 sc->sc_transfer.data_short = 1; 1488 } 1489 /* check length alignment */ 1490 1491 if (sc->sc_transfer.data_rem & ~mask) { 1492 /* data ends prematurely */ 1493 sc->sc_transfer.data_rem &= mask; 1494 sc->sc_transfer.data_short = 1; 1495 } 1496 } 1497 return (0); 1498 } 1499 1500 /*------------------------------------------------------------------------* 1501 * ustorage_fs_check_cmd - check command routine 1502 * 1503 * Check whether the command is properly formed and whether its data 1504 * size and direction agree with the values we already have. 1505 * 1506 * Return values: 1507 * 0: Success 1508 * Else: Failure 1509 *------------------------------------------------------------------------*/ 1510 static uint8_t 1511 ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size, 1512 uint16_t mask, uint8_t needs_medium) 1513 { 1514 struct ustorage_fs_lun *currlun; 1515 uint8_t lun = (sc->sc_cmd_data[1] >> 5); 1516 uint8_t i; 1517 1518 /* Verify the length of the command itself */ 1519 if (min_cmd_size > sc->sc_transfer.cmd_len) { 1520 DPRINTF("%u > %u\n", 1521 min_cmd_size, sc->sc_transfer.cmd_len); 1522 sc->sc_csw.bCSWStatus = CSWSTATUS_PHASE; 1523 return (1); 1524 } 1525 /* Mask away the LUN */ 1526 sc->sc_cmd_data[1] &= 0x1f; 1527 1528 /* Check if LUN is correct */ 1529 if (lun != sc->sc_transfer.lun) { 1530 1531 } 1532 /* Check the LUN */ 1533 if (sc->sc_transfer.lun <= sc->sc_last_lun) { 1534 sc->sc_transfer.currlun = currlun = 1535 sc->sc_lun + sc->sc_transfer.lun; 1536 if (sc->sc_cmd_data[0] != SC_REQUEST_SENSE) { 1537 currlun->sense_data = SS_NO_SENSE; 1538 currlun->sense_data_info = 0; 1539 currlun->info_valid = 0; 1540 } 1541 /* 1542 * If a unit attention condition exists, only INQUIRY 1543 * and REQUEST SENSE commands are allowed. Anything 1544 * else must fail! 1545 */ 1546 if ((currlun->unit_attention_data != SS_NO_SENSE) && 1547 (sc->sc_cmd_data[0] != SC_INQUIRY) && 1548 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) { 1549 currlun->sense_data = currlun->unit_attention_data; 1550 currlun->unit_attention_data = SS_NO_SENSE; 1551 return (1); 1552 } 1553 } else { 1554 sc->sc_transfer.currlun = currlun = NULL; 1555 1556 /* 1557 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1558 * to use unsupported LUNs; all others may not. 1559 */ 1560 if ((sc->sc_cmd_data[0] != SC_INQUIRY) && 1561 (sc->sc_cmd_data[0] != SC_REQUEST_SENSE)) { 1562 return (1); 1563 } 1564 } 1565 1566 /* 1567 * Check that only command bytes listed in the mask are 1568 * non-zero. 1569 */ 1570 for (i = 0; i != min_cmd_size; i++) { 1571 if (sc->sc_cmd_data[i] && !(mask & (1UL << i))) { 1572 if (currlun) { 1573 currlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1574 } 1575 return (1); 1576 } 1577 } 1578 1579 /* 1580 * If the medium isn't mounted and the command needs to access 1581 * it, return an error. 1582 */ 1583 if (currlun && (!currlun->memory_image) && needs_medium) { 1584 currlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1585 return (1); 1586 } 1587 return (0); 1588 } 1589 1590 /*------------------------------------------------------------------------* 1591 * ustorage_fs_do_cmd - do command 1592 * 1593 * Return values: 1594 * 0: Success 1595 * Else: Failure 1596 *------------------------------------------------------------------------*/ 1597 static uint8_t 1598 ustorage_fs_do_cmd(struct ustorage_fs_softc *sc) 1599 { 1600 uint8_t error = 1; 1601 uint8_t i; 1602 uint32_t temp; 1603 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9; 1604 1605 /* set default data transfer pointer */ 1606 sc->sc_transfer.data_ptr = sc->sc_qdata; 1607 1608 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n", 1609 sc->sc_cmd_data[0], sc->sc_transfer.data_rem); 1610 1611 switch (sc->sc_cmd_data[0]) { 1612 case SC_INQUIRY: 1613 sc->sc_transfer.cmd_dir = DIR_WRITE; 1614 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1615 if (error) { 1616 break; 1617 } 1618 error = ustorage_fs_check_cmd(sc, 6, 1619 (1UL << 4) | 1, 0); 1620 if (error) { 1621 break; 1622 } 1623 error = ustorage_fs_inquiry(sc); 1624 1625 break; 1626 1627 case SC_MODE_SELECT_6: 1628 sc->sc_transfer.cmd_dir = DIR_READ; 1629 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1630 if (error) { 1631 break; 1632 } 1633 error = ustorage_fs_check_cmd(sc, 6, 1634 (1UL << 1) | (1UL << 4) | 1, 0); 1635 if (error) { 1636 break; 1637 } 1638 error = ustorage_fs_mode_select(sc); 1639 1640 break; 1641 1642 case SC_MODE_SELECT_10: 1643 sc->sc_transfer.cmd_dir = DIR_READ; 1644 error = ustorage_fs_min_len(sc, 1645 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1646 if (error) { 1647 break; 1648 } 1649 error = ustorage_fs_check_cmd(sc, 10, 1650 (1UL << 1) | (3UL << 7) | 1, 0); 1651 if (error) { 1652 break; 1653 } 1654 error = ustorage_fs_mode_select(sc); 1655 1656 break; 1657 1658 case SC_MODE_SENSE_6: 1659 sc->sc_transfer.cmd_dir = DIR_WRITE; 1660 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1661 if (error) { 1662 break; 1663 } 1664 error = ustorage_fs_check_cmd(sc, 6, 1665 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0); 1666 if (error) { 1667 break; 1668 } 1669 error = ustorage_fs_mode_sense(sc); 1670 1671 break; 1672 1673 case SC_MODE_SENSE_10: 1674 sc->sc_transfer.cmd_dir = DIR_WRITE; 1675 error = ustorage_fs_min_len(sc, 1676 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1677 if (error) { 1678 break; 1679 } 1680 error = ustorage_fs_check_cmd(sc, 10, 1681 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0); 1682 if (error) { 1683 break; 1684 } 1685 error = ustorage_fs_mode_sense(sc); 1686 1687 break; 1688 1689 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 1690 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1691 if (error) { 1692 break; 1693 } 1694 error = ustorage_fs_check_cmd(sc, 6, 1695 (1UL << 4) | 1, 0); 1696 if (error) { 1697 break; 1698 } 1699 error = ustorage_fs_prevent_allow(sc); 1700 1701 break; 1702 1703 case SC_READ_6: 1704 i = sc->sc_cmd_data[4]; 1705 sc->sc_transfer.cmd_dir = DIR_WRITE; 1706 temp = ((i == 0) ? 256UL : i); 1707 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1708 if (error) { 1709 break; 1710 } 1711 error = ustorage_fs_check_cmd(sc, 6, 1712 (7UL << 1) | (1UL << 4) | 1, 1); 1713 if (error) { 1714 break; 1715 } 1716 error = ustorage_fs_read(sc); 1717 1718 break; 1719 1720 case SC_READ_10: 1721 sc->sc_transfer.cmd_dir = DIR_WRITE; 1722 temp = get_be16(&sc->sc_cmd_data[7]); 1723 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1724 if (error) { 1725 break; 1726 } 1727 error = ustorage_fs_check_cmd(sc, 10, 1728 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1729 if (error) { 1730 break; 1731 } 1732 error = ustorage_fs_read(sc); 1733 1734 break; 1735 1736 case SC_READ_12: 1737 sc->sc_transfer.cmd_dir = DIR_WRITE; 1738 temp = get_be32(&sc->sc_cmd_data[6]); 1739 if (temp >= (1UL << (32 - 9))) { 1740 /* numerical overflow */ 1741 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1742 error = 1; 1743 break; 1744 } 1745 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1746 if (error) { 1747 break; 1748 } 1749 error = ustorage_fs_check_cmd(sc, 12, 1750 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1751 if (error) { 1752 break; 1753 } 1754 error = ustorage_fs_read(sc); 1755 1756 break; 1757 1758 case SC_READ_CAPACITY: 1759 sc->sc_transfer.cmd_dir = DIR_WRITE; 1760 error = ustorage_fs_check_cmd(sc, 10, 1761 (0xfUL << 2) | (1UL << 8) | 1, 1); 1762 if (error) { 1763 break; 1764 } 1765 error = ustorage_fs_read_capacity(sc); 1766 1767 break; 1768 1769 case SC_READ_FORMAT_CAPACITIES: 1770 sc->sc_transfer.cmd_dir = DIR_WRITE; 1771 error = ustorage_fs_min_len(sc, 1772 get_be16(&sc->sc_cmd_data[7]), 0 - 1); 1773 if (error) { 1774 break; 1775 } 1776 error = ustorage_fs_check_cmd(sc, 10, 1777 (3UL << 7) | 1, 1); 1778 if (error) { 1779 break; 1780 } 1781 error = ustorage_fs_read_format_capacities(sc); 1782 1783 break; 1784 1785 case SC_REQUEST_SENSE: 1786 sc->sc_transfer.cmd_dir = DIR_WRITE; 1787 error = ustorage_fs_min_len(sc, sc->sc_cmd_data[4], 0 - 1); 1788 if (error) { 1789 break; 1790 } 1791 error = ustorage_fs_check_cmd(sc, 6, 1792 (1UL << 4) | 1, 0); 1793 if (error) { 1794 break; 1795 } 1796 error = ustorage_fs_request_sense(sc); 1797 1798 break; 1799 1800 case SC_START_STOP_UNIT: 1801 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1802 if (error) { 1803 break; 1804 } 1805 error = ustorage_fs_check_cmd(sc, 6, 1806 (1UL << 1) | (1UL << 4) | 1, 0); 1807 if (error) { 1808 break; 1809 } 1810 error = ustorage_fs_start_stop(sc); 1811 1812 break; 1813 1814 case SC_SYNCHRONIZE_CACHE: 1815 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1816 if (error) { 1817 break; 1818 } 1819 error = ustorage_fs_check_cmd(sc, 10, 1820 (0xfUL << 2) | (3UL << 7) | 1, 1); 1821 if (error) { 1822 break; 1823 } 1824 error = ustorage_fs_synchronize_cache(sc); 1825 1826 break; 1827 1828 case SC_TEST_UNIT_READY: 1829 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1830 if (error) { 1831 break; 1832 } 1833 error = ustorage_fs_check_cmd(sc, 6, 1834 0 | 1, 1); 1835 break; 1836 1837 /* 1838 * Although optional, this command is used by MS-Windows. 1839 * We support a minimal version: BytChk must be 0. 1840 */ 1841 case SC_VERIFY: 1842 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1843 if (error) { 1844 break; 1845 } 1846 error = ustorage_fs_check_cmd(sc, 10, 1847 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1848 if (error) { 1849 break; 1850 } 1851 error = ustorage_fs_verify(sc); 1852 1853 break; 1854 1855 case SC_WRITE_6: 1856 i = sc->sc_cmd_data[4]; 1857 sc->sc_transfer.cmd_dir = DIR_READ; 1858 temp = ((i == 0) ? 256UL : i); 1859 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1860 if (error) { 1861 break; 1862 } 1863 error = ustorage_fs_check_cmd(sc, 6, 1864 (7UL << 1) | (1UL << 4) | 1, 1); 1865 if (error) { 1866 break; 1867 } 1868 error = ustorage_fs_write(sc); 1869 1870 break; 1871 1872 case SC_WRITE_10: 1873 sc->sc_transfer.cmd_dir = DIR_READ; 1874 temp = get_be16(&sc->sc_cmd_data[7]); 1875 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1876 if (error) { 1877 break; 1878 } 1879 error = ustorage_fs_check_cmd(sc, 10, 1880 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1); 1881 if (error) { 1882 break; 1883 } 1884 error = ustorage_fs_write(sc); 1885 1886 break; 1887 1888 case SC_WRITE_12: 1889 sc->sc_transfer.cmd_dir = DIR_READ; 1890 temp = get_be32(&sc->sc_cmd_data[6]); 1891 if (temp > (mask9 >> 9)) { 1892 /* numerical overflow */ 1893 sc->sc_csw.bCSWStatus = CSWSTATUS_FAILED; 1894 error = 1; 1895 break; 1896 } 1897 error = ustorage_fs_min_len(sc, temp << 9, mask9); 1898 if (error) { 1899 break; 1900 } 1901 error = ustorage_fs_check_cmd(sc, 12, 1902 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1); 1903 if (error) { 1904 break; 1905 } 1906 error = ustorage_fs_write(sc); 1907 1908 break; 1909 1910 /* 1911 * Some mandatory commands that we recognize but don't 1912 * implement. They don't mean much in this setting. 1913 * It's left as an exercise for anyone interested to 1914 * implement RESERVE and RELEASE in terms of Posix 1915 * locks. 1916 */ 1917 case SC_FORMAT_UNIT: 1918 case SC_RELEASE: 1919 case SC_RESERVE: 1920 case SC_SEND_DIAGNOSTIC: 1921 /* Fallthrough */ 1922 1923 default: 1924 error = ustorage_fs_min_len(sc, 0, 0 - 1); 1925 if (error) { 1926 break; 1927 } 1928 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len, 1929 0xff, 0); 1930 if (error) { 1931 break; 1932 } 1933 sc->sc_transfer.currlun->sense_data = 1934 SS_INVALID_COMMAND; 1935 error = 1; 1936 1937 break; 1938 } 1939 return (error); 1940 } 1941