1 /* $FreeBSD$ */
2 /*-
3 * Copyright (c) 2008,2011 Hans Petter Selasky. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27 /*
28 * The following file contains code that will detect USB autoinstall
29 * disks.
30 *
31 * TODO: Potentially we could add code to automatically detect USB
32 * mass storage quirks for not supported SCSI commands!
33 */
34
35 #ifdef USB_GLOBAL_INCLUDE_FILE
36 #include USB_GLOBAL_INCLUDE_FILE
37 #else
38 #include <sys/stdint.h>
39 #include <sys/stddef.h>
40 #include <sys/param.h>
41 #include <sys/queue.h>
42 #include <sys/types.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/bus.h>
46 #include <sys/module.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/condvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/sx.h>
52 #include <sys/unistd.h>
53 #include <sys/callout.h>
54 #include <sys/malloc.h>
55 #include <sys/priv.h>
56
57 #include <dev/usb/usb.h>
58 #include <dev/usb/usbdi.h>
59 #include <dev/usb/usbdi_util.h>
60
61 #define USB_DEBUG_VAR usb_debug
62
63 #include <dev/usb/usb_busdma.h>
64 #include <dev/usb/usb_process.h>
65 #include <dev/usb/usb_transfer.h>
66 #include <dev/usb/usb_msctest.h>
67 #include <dev/usb/usb_debug.h>
68 #include <dev/usb/usb_device.h>
69 #include <dev/usb/usb_request.h>
70 #include <dev/usb/usb_util.h>
71 #include <dev/usb/quirk/usb_quirk.h>
72 #endif /* USB_GLOBAL_INCLUDE_FILE */
73
74 enum {
75 ST_COMMAND,
76 ST_DATA_RD,
77 ST_DATA_RD_CS,
78 ST_DATA_WR,
79 ST_DATA_WR_CS,
80 ST_STATUS,
81 ST_MAX,
82 };
83
84 enum {
85 DIR_IN,
86 DIR_OUT,
87 DIR_NONE,
88 };
89
90 #define SCSI_MAX_LEN MAX(SCSI_FIXED_BLOCK_SIZE, USB_MSCTEST_BULK_SIZE)
91 #define SCSI_INQ_LEN 0x24
92 #define SCSI_SENSE_LEN 0xFF
93 #define SCSI_FIXED_BLOCK_SIZE 512 /* bytes */
94
95 static uint8_t scsi_test_unit_ready[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
96 static uint8_t scsi_inquiry[] = { 0x12, 0x00, 0x00, 0x00, SCSI_INQ_LEN, 0x00 };
97 static uint8_t scsi_rezero_init[] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00 };
98 static uint8_t scsi_start_stop_unit[] = { 0x1b, 0x00, 0x00, 0x00, 0x02, 0x00 };
99 static uint8_t scsi_ztestor_eject[] = { 0x85, 0x01, 0x01, 0x01, 0x18, 0x01,
100 0x01, 0x01, 0x01, 0x01, 0x00, 0x00 };
101 static uint8_t scsi_cmotech_eject[] = { 0xff, 0x52, 0x44, 0x45, 0x56, 0x43,
102 0x48, 0x47 };
103 static uint8_t scsi_huawei_eject[] = { 0x11, 0x06, 0x00, 0x00, 0x00, 0x00,
104 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00 };
106 static uint8_t scsi_huawei_eject2[] = { 0x11, 0x06, 0x20, 0x00, 0x00, 0x01,
107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00 };
109 static uint8_t scsi_tct_eject[] = { 0x06, 0xf5, 0x04, 0x02, 0x52, 0x70 };
110 static uint8_t scsi_sync_cache[] = { 0x35, 0x00, 0x00, 0x00, 0x00, 0x00,
111 0x00, 0x00, 0x00, 0x00 };
112 static uint8_t scsi_request_sense[] = { 0x03, 0x00, 0x00, 0x00, 0x12, 0x00,
113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
114 static uint8_t scsi_read_capacity[] = { 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00 };
116 static uint8_t scsi_prevent_removal[] = { 0x1e, 0, 0, 0, 1, 0 };
117 static uint8_t scsi_allow_removal[] = { 0x1e, 0, 0, 0, 0, 0 };
118
119 #ifndef USB_MSCTEST_BULK_SIZE
120 #define USB_MSCTEST_BULK_SIZE 64 /* dummy */
121 #endif
122
123 #define ERR_CSW_FAILED -1
124
125 /* Command Block Wrapper */
126 struct bbb_cbw {
127 uDWord dCBWSignature;
128 #define CBWSIGNATURE 0x43425355
129 uDWord dCBWTag;
130 uDWord dCBWDataTransferLength;
131 uByte bCBWFlags;
132 #define CBWFLAGS_OUT 0x00
133 #define CBWFLAGS_IN 0x80
134 uByte bCBWLUN;
135 uByte bCDBLength;
136 #define CBWCDBLENGTH 16
137 uByte CBWCDB[CBWCDBLENGTH];
138 } __packed;
139
140 /* Command Status Wrapper */
141 struct bbb_csw {
142 uDWord dCSWSignature;
143 #define CSWSIGNATURE 0x53425355
144 uDWord dCSWTag;
145 uDWord dCSWDataResidue;
146 uByte bCSWStatus;
147 #define CSWSTATUS_GOOD 0x0
148 #define CSWSTATUS_FAILED 0x1
149 #define CSWSTATUS_PHASE 0x2
150 } __packed;
151
152 struct bbb_transfer {
153 struct mtx mtx;
154 struct cv cv;
155 struct bbb_cbw *cbw;
156 struct bbb_csw *csw;
157
158 struct usb_xfer *xfer[ST_MAX];
159
160 uint8_t *data_ptr;
161
162 usb_size_t data_len; /* bytes */
163 usb_size_t data_rem; /* bytes */
164 usb_timeout_t data_timeout; /* ms */
165 usb_frlength_t actlen; /* bytes */
166 usb_frlength_t buffer_size; /* bytes */
167
168 uint8_t cmd_len; /* bytes */
169 uint8_t dir;
170 uint8_t lun;
171 uint8_t state;
172 uint8_t status_try;
173 int error;
174
175 uint8_t *buffer;
176 };
177
178 static usb_callback_t bbb_command_callback;
179 static usb_callback_t bbb_data_read_callback;
180 static usb_callback_t bbb_data_rd_cs_callback;
181 static usb_callback_t bbb_data_write_callback;
182 static usb_callback_t bbb_data_wr_cs_callback;
183 static usb_callback_t bbb_status_callback;
184 static usb_callback_t bbb_raw_write_callback;
185
186 static void bbb_done(struct bbb_transfer *, int);
187 static void bbb_transfer_start(struct bbb_transfer *, uint8_t);
188 static void bbb_data_clear_stall_callback(struct usb_xfer *, uint8_t,
189 uint8_t);
190 static int bbb_command_start(struct bbb_transfer *, uint8_t, uint8_t,
191 void *, size_t, void *, size_t, usb_timeout_t);
192 static struct bbb_transfer *bbb_attach(struct usb_device *, uint8_t, uint8_t);
193 static void bbb_detach(struct bbb_transfer *);
194
195 static const struct usb_config bbb_config[ST_MAX] = {
196
197 [ST_COMMAND] = {
198 .type = UE_BULK,
199 .endpoint = UE_ADDR_ANY,
200 .direction = UE_DIR_OUT,
201 .bufsize = sizeof(struct bbb_cbw),
202 .callback = &bbb_command_callback,
203 .timeout = 4 * USB_MS_HZ, /* 4 seconds */
204 },
205
206 [ST_DATA_RD] = {
207 .type = UE_BULK,
208 .endpoint = UE_ADDR_ANY,
209 .direction = UE_DIR_IN,
210 .bufsize = SCSI_MAX_LEN,
211 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
212 .callback = &bbb_data_read_callback,
213 .timeout = 4 * USB_MS_HZ, /* 4 seconds */
214 },
215
216 [ST_DATA_RD_CS] = {
217 .type = UE_CONTROL,
218 .endpoint = 0x00, /* Control pipe */
219 .direction = UE_DIR_ANY,
220 .bufsize = sizeof(struct usb_device_request),
221 .callback = &bbb_data_rd_cs_callback,
222 .timeout = 1 * USB_MS_HZ, /* 1 second */
223 },
224
225 [ST_DATA_WR] = {
226 .type = UE_BULK,
227 .endpoint = UE_ADDR_ANY,
228 .direction = UE_DIR_OUT,
229 .bufsize = SCSI_MAX_LEN,
230 .flags = {.ext_buffer = 1,.proxy_buffer = 1,},
231 .callback = &bbb_data_write_callback,
232 .timeout = 4 * USB_MS_HZ, /* 4 seconds */
233 },
234
235 [ST_DATA_WR_CS] = {
236 .type = UE_CONTROL,
237 .endpoint = 0x00, /* Control pipe */
238 .direction = UE_DIR_ANY,
239 .bufsize = sizeof(struct usb_device_request),
240 .callback = &bbb_data_wr_cs_callback,
241 .timeout = 1 * USB_MS_HZ, /* 1 second */
242 },
243
244 [ST_STATUS] = {
245 .type = UE_BULK,
246 .endpoint = UE_ADDR_ANY,
247 .direction = UE_DIR_IN,
248 .bufsize = sizeof(struct bbb_csw),
249 .flags = {.short_xfer_ok = 1,},
250 .callback = &bbb_status_callback,
251 .timeout = 1 * USB_MS_HZ, /* 1 second */
252 },
253 };
254
255 static const struct usb_config bbb_raw_config[1] = {
256
257 [0] = {
258 .type = UE_BULK_INTR,
259 .endpoint = UE_ADDR_ANY,
260 .direction = UE_DIR_OUT,
261 .bufsize = SCSI_MAX_LEN,
262 .flags = {.ext_buffer = 1,.proxy_buffer = 1,},
263 .callback = &bbb_raw_write_callback,
264 .timeout = 1 * USB_MS_HZ, /* 1 second */
265 },
266 };
267
268 static void
bbb_done(struct bbb_transfer * sc,int error)269 bbb_done(struct bbb_transfer *sc, int error)
270 {
271 sc->error = error;
272 sc->state = ST_COMMAND;
273 sc->status_try = 1;
274 cv_signal(&sc->cv);
275 }
276
277 static void
bbb_transfer_start(struct bbb_transfer * sc,uint8_t xfer_index)278 bbb_transfer_start(struct bbb_transfer *sc, uint8_t xfer_index)
279 {
280 sc->state = xfer_index;
281 usbd_transfer_start(sc->xfer[xfer_index]);
282 }
283
284 static void
bbb_data_clear_stall_callback(struct usb_xfer * xfer,uint8_t next_xfer,uint8_t stall_xfer)285 bbb_data_clear_stall_callback(struct usb_xfer *xfer,
286 uint8_t next_xfer, uint8_t stall_xfer)
287 {
288 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
289
290 if (usbd_clear_stall_callback(xfer, sc->xfer[stall_xfer])) {
291 switch (USB_GET_STATE(xfer)) {
292 case USB_ST_SETUP:
293 case USB_ST_TRANSFERRED:
294 bbb_transfer_start(sc, next_xfer);
295 break;
296 default:
297 bbb_done(sc, USB_ERR_STALLED);
298 break;
299 }
300 }
301 }
302
303 static void
bbb_command_callback(struct usb_xfer * xfer,usb_error_t error)304 bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
305 {
306 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
307 uint32_t tag;
308
309 switch (USB_GET_STATE(xfer)) {
310 case USB_ST_TRANSFERRED:
311 bbb_transfer_start
312 (sc, ((sc->dir == DIR_IN) ? ST_DATA_RD :
313 (sc->dir == DIR_OUT) ? ST_DATA_WR :
314 ST_STATUS));
315 break;
316
317 case USB_ST_SETUP:
318 sc->status_try = 0;
319 tag = UGETDW(sc->cbw->dCBWTag) + 1;
320 USETDW(sc->cbw->dCBWSignature, CBWSIGNATURE);
321 USETDW(sc->cbw->dCBWTag, tag);
322 USETDW(sc->cbw->dCBWDataTransferLength, (uint32_t)sc->data_len);
323 sc->cbw->bCBWFlags = ((sc->dir == DIR_IN) ? CBWFLAGS_IN : CBWFLAGS_OUT);
324 sc->cbw->bCBWLUN = sc->lun;
325 sc->cbw->bCDBLength = sc->cmd_len;
326 if (sc->cbw->bCDBLength > sizeof(sc->cbw->CBWCDB)) {
327 sc->cbw->bCDBLength = sizeof(sc->cbw->CBWCDB);
328 DPRINTFN(0, "Truncating long command\n");
329 }
330 usbd_xfer_set_frame_len(xfer, 0,
331 sizeof(struct bbb_cbw));
332 usbd_transfer_submit(xfer);
333 break;
334
335 default: /* Error */
336 bbb_done(sc, error);
337 break;
338 }
339 }
340
341 static void
bbb_data_read_callback(struct usb_xfer * xfer,usb_error_t error)342 bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
343 {
344 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
345 usb_frlength_t max_bulk = usbd_xfer_max_len(xfer);
346 int actlen, sumlen;
347
348 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
349
350 switch (USB_GET_STATE(xfer)) {
351 case USB_ST_TRANSFERRED:
352 sc->data_rem -= actlen;
353 sc->data_ptr += actlen;
354 sc->actlen += actlen;
355
356 if (actlen < sumlen) {
357 /* short transfer */
358 sc->data_rem = 0;
359 }
360 case USB_ST_SETUP:
361 DPRINTF("max_bulk=%d, data_rem=%d\n",
362 max_bulk, sc->data_rem);
363
364 if (sc->data_rem == 0) {
365 bbb_transfer_start(sc, ST_STATUS);
366 break;
367 }
368 if (max_bulk > sc->data_rem) {
369 max_bulk = sc->data_rem;
370 }
371 usbd_xfer_set_timeout(xfer, sc->data_timeout);
372 usbd_xfer_set_frame_data(xfer, 0, sc->data_ptr, max_bulk);
373 usbd_transfer_submit(xfer);
374 break;
375
376 default: /* Error */
377 if (error == USB_ERR_CANCELLED) {
378 bbb_done(sc, error);
379 } else {
380 bbb_transfer_start(sc, ST_DATA_RD_CS);
381 }
382 break;
383 }
384 }
385
386 static void
bbb_data_rd_cs_callback(struct usb_xfer * xfer,usb_error_t error)387 bbb_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
388 {
389 bbb_data_clear_stall_callback(xfer, ST_STATUS,
390 ST_DATA_RD);
391 }
392
393 static void
bbb_data_write_callback(struct usb_xfer * xfer,usb_error_t error)394 bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
395 {
396 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
397 usb_frlength_t max_bulk = usbd_xfer_max_len(xfer);
398 int actlen, sumlen;
399
400 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
401
402 switch (USB_GET_STATE(xfer)) {
403 case USB_ST_TRANSFERRED:
404 sc->data_rem -= actlen;
405 sc->data_ptr += actlen;
406 sc->actlen += actlen;
407
408 if (actlen < sumlen) {
409 /* short transfer */
410 sc->data_rem = 0;
411 }
412 case USB_ST_SETUP:
413 DPRINTF("max_bulk=%d, data_rem=%d\n",
414 max_bulk, sc->data_rem);
415
416 if (sc->data_rem == 0) {
417 bbb_transfer_start(sc, ST_STATUS);
418 break;
419 }
420 if (max_bulk > sc->data_rem) {
421 max_bulk = sc->data_rem;
422 }
423 usbd_xfer_set_timeout(xfer, sc->data_timeout);
424 usbd_xfer_set_frame_data(xfer, 0, sc->data_ptr, max_bulk);
425 usbd_transfer_submit(xfer);
426 break;
427
428 default: /* Error */
429 if (error == USB_ERR_CANCELLED) {
430 bbb_done(sc, error);
431 } else {
432 bbb_transfer_start(sc, ST_DATA_WR_CS);
433 }
434 break;
435 }
436 }
437
438 static void
bbb_data_wr_cs_callback(struct usb_xfer * xfer,usb_error_t error)439 bbb_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
440 {
441 bbb_data_clear_stall_callback(xfer, ST_STATUS,
442 ST_DATA_WR);
443 }
444
445 static void
bbb_status_callback(struct usb_xfer * xfer,usb_error_t error)446 bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
447 {
448 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
449 int actlen;
450 int sumlen;
451
452 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
453
454 switch (USB_GET_STATE(xfer)) {
455 case USB_ST_TRANSFERRED:
456
457 /* very simple status check */
458
459 if (actlen < (int)sizeof(struct bbb_csw)) {
460 bbb_done(sc, USB_ERR_SHORT_XFER);
461 } else if (sc->csw->bCSWStatus == CSWSTATUS_GOOD) {
462 bbb_done(sc, 0); /* success */
463 } else {
464 bbb_done(sc, ERR_CSW_FAILED); /* error */
465 }
466 break;
467
468 case USB_ST_SETUP:
469 usbd_xfer_set_frame_len(xfer, 0,
470 sizeof(struct bbb_csw));
471 usbd_transfer_submit(xfer);
472 break;
473
474 default:
475 DPRINTF("Failed to read CSW: %s, try %d\n",
476 usbd_errstr(error), sc->status_try);
477
478 if (error == USB_ERR_CANCELLED || sc->status_try) {
479 bbb_done(sc, error);
480 } else {
481 sc->status_try = 1;
482 bbb_transfer_start(sc, ST_DATA_RD_CS);
483 }
484 break;
485 }
486 }
487
488 static void
bbb_raw_write_callback(struct usb_xfer * xfer,usb_error_t error)489 bbb_raw_write_callback(struct usb_xfer *xfer, usb_error_t error)
490 {
491 struct bbb_transfer *sc = usbd_xfer_softc(xfer);
492 usb_frlength_t max_bulk = usbd_xfer_max_len(xfer);
493 int actlen, sumlen;
494
495 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
496
497 switch (USB_GET_STATE(xfer)) {
498 case USB_ST_TRANSFERRED:
499 sc->data_rem -= actlen;
500 sc->data_ptr += actlen;
501 sc->actlen += actlen;
502
503 if (actlen < sumlen) {
504 /* short transfer */
505 sc->data_rem = 0;
506 }
507 case USB_ST_SETUP:
508 DPRINTF("max_bulk=%d, data_rem=%d\n",
509 max_bulk, sc->data_rem);
510
511 if (sc->data_rem == 0) {
512 bbb_done(sc, 0);
513 break;
514 }
515 if (max_bulk > sc->data_rem) {
516 max_bulk = sc->data_rem;
517 }
518 usbd_xfer_set_timeout(xfer, sc->data_timeout);
519 usbd_xfer_set_frame_data(xfer, 0, sc->data_ptr, max_bulk);
520 usbd_transfer_submit(xfer);
521 break;
522
523 default: /* Error */
524 bbb_done(sc, error);
525 break;
526 }
527 }
528
529 /*------------------------------------------------------------------------*
530 * bbb_command_start - execute a SCSI command synchronously
531 *
532 * Return values
533 * 0: Success
534 * Else: Failure
535 *------------------------------------------------------------------------*/
536 static int
bbb_command_start(struct bbb_transfer * sc,uint8_t dir,uint8_t lun,void * data_ptr,size_t data_len,void * cmd_ptr,size_t cmd_len,usb_timeout_t data_timeout)537 bbb_command_start(struct bbb_transfer *sc, uint8_t dir, uint8_t lun,
538 void *data_ptr, size_t data_len, void *cmd_ptr, size_t cmd_len,
539 usb_timeout_t data_timeout)
540 {
541 sc->lun = lun;
542 sc->dir = data_len ? dir : DIR_NONE;
543 sc->data_ptr = data_ptr;
544 sc->data_len = data_len;
545 sc->data_rem = data_len;
546 sc->data_timeout = (data_timeout + USB_MS_HZ);
547 sc->actlen = 0;
548 sc->error = 0;
549 sc->cmd_len = cmd_len;
550 memset(&sc->cbw->CBWCDB, 0, sizeof(sc->cbw->CBWCDB));
551 memcpy(&sc->cbw->CBWCDB, cmd_ptr, cmd_len);
552 DPRINTFN(1, "SCSI cmd = %*D\n", (int)cmd_len, (char *)sc->cbw->CBWCDB, ":");
553
554 mtx_lock(&sc->mtx);
555 usbd_transfer_start(sc->xfer[sc->state]);
556
557 while (usbd_transfer_pending(sc->xfer[sc->state])) {
558 cv_wait(&sc->cv, &sc->mtx);
559 }
560 mtx_unlock(&sc->mtx);
561 return (sc->error);
562 }
563
564 /*------------------------------------------------------------------------*
565 * bbb_raw_write - write a raw BULK message synchronously
566 *
567 * Return values
568 * 0: Success
569 * Else: Failure
570 *------------------------------------------------------------------------*/
571 static int
bbb_raw_write(struct bbb_transfer * sc,const void * data_ptr,size_t data_len,usb_timeout_t data_timeout)572 bbb_raw_write(struct bbb_transfer *sc, const void *data_ptr, size_t data_len,
573 usb_timeout_t data_timeout)
574 {
575 sc->data_ptr = __DECONST(void *, data_ptr);
576 sc->data_len = data_len;
577 sc->data_rem = data_len;
578 sc->data_timeout = (data_timeout + USB_MS_HZ);
579 sc->actlen = 0;
580 sc->error = 0;
581
582 DPRINTFN(1, "BULK DATA = %*D\n", (int)data_len,
583 (const char *)data_ptr, ":");
584
585 mtx_lock(&sc->mtx);
586 usbd_transfer_start(sc->xfer[0]);
587 while (usbd_transfer_pending(sc->xfer[0]))
588 cv_wait(&sc->cv, &sc->mtx);
589 mtx_unlock(&sc->mtx);
590 return (sc->error);
591 }
592
593 static struct bbb_transfer *
bbb_attach(struct usb_device * udev,uint8_t iface_index,uint8_t bInterfaceClass)594 bbb_attach(struct usb_device *udev, uint8_t iface_index,
595 uint8_t bInterfaceClass)
596 {
597 struct usb_interface *iface;
598 struct usb_interface_descriptor *id;
599 const struct usb_config *pconfig;
600 struct bbb_transfer *sc;
601 usb_error_t err;
602 int nconfig;
603
604 #if USB_HAVE_MSCTEST_DETACH
605 uint8_t do_unlock;
606
607 /* Prevent re-enumeration */
608 do_unlock = usbd_enum_lock(udev);
609
610 /*
611 * Make sure any driver which is hooked up to this interface,
612 * like umass is gone:
613 */
614 usb_detach_device(udev, iface_index, 0);
615
616 if (do_unlock)
617 usbd_enum_unlock(udev);
618 #endif
619
620 iface = usbd_get_iface(udev, iface_index);
621 if (iface == NULL)
622 return (NULL);
623
624 id = iface->idesc;
625 if (id == NULL || id->bInterfaceClass != bInterfaceClass)
626 return (NULL);
627
628 switch (id->bInterfaceClass) {
629 case UICLASS_MASS:
630 switch (id->bInterfaceSubClass) {
631 case UISUBCLASS_SCSI:
632 case UISUBCLASS_UFI:
633 case UISUBCLASS_SFF8020I:
634 case UISUBCLASS_SFF8070I:
635 break;
636 default:
637 return (NULL);
638 }
639 switch (id->bInterfaceProtocol) {
640 case UIPROTO_MASS_BBB_OLD:
641 case UIPROTO_MASS_BBB:
642 break;
643 default:
644 return (NULL);
645 }
646 pconfig = bbb_config;
647 nconfig = ST_MAX;
648 break;
649 case UICLASS_HID:
650 switch (id->bInterfaceSubClass) {
651 case 0:
652 break;
653 default:
654 return (NULL);
655 }
656 pconfig = bbb_raw_config;
657 nconfig = 1;
658 break;
659 default:
660 return (NULL);
661 }
662
663 sc = malloc(sizeof(*sc), M_USB, M_WAITOK | M_ZERO);
664 mtx_init(&sc->mtx, "USB autoinstall", NULL, MTX_DEF);
665 cv_init(&sc->cv, "WBBB");
666
667 err = usbd_transfer_setup(udev, &iface_index, sc->xfer, pconfig,
668 nconfig, sc, &sc->mtx);
669 if (err) {
670 bbb_detach(sc);
671 return (NULL);
672 }
673 switch (id->bInterfaceClass) {
674 case UICLASS_MASS:
675 /* store pointer to DMA buffers */
676 sc->buffer = usbd_xfer_get_frame_buffer(
677 sc->xfer[ST_DATA_RD], 0);
678 sc->buffer_size =
679 usbd_xfer_max_len(sc->xfer[ST_DATA_RD]);
680 sc->cbw = usbd_xfer_get_frame_buffer(
681 sc->xfer[ST_COMMAND], 0);
682 sc->csw = usbd_xfer_get_frame_buffer(
683 sc->xfer[ST_STATUS], 0);
684 break;
685 default:
686 break;
687 }
688 return (sc);
689 }
690
691 static void
bbb_detach(struct bbb_transfer * sc)692 bbb_detach(struct bbb_transfer *sc)
693 {
694 usbd_transfer_unsetup(sc->xfer, ST_MAX);
695 mtx_destroy(&sc->mtx);
696 cv_destroy(&sc->cv);
697 free(sc, M_USB);
698 }
699
700 /*------------------------------------------------------------------------*
701 * usb_iface_is_cdrom
702 *
703 * Return values:
704 * 1: This interface is an auto install disk (CD-ROM)
705 * 0: Not an auto install disk.
706 *------------------------------------------------------------------------*/
707 int
usb_iface_is_cdrom(struct usb_device * udev,uint8_t iface_index)708 usb_iface_is_cdrom(struct usb_device *udev, uint8_t iface_index)
709 {
710 struct bbb_transfer *sc;
711 uint8_t timeout;
712 uint8_t is_cdrom;
713 uint8_t sid_type;
714 int err;
715
716 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
717 if (sc == NULL)
718 return (0);
719
720 is_cdrom = 0;
721 timeout = 4; /* tries */
722 while (--timeout) {
723 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
724 SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
725 USB_MS_HZ);
726
727 if (err == 0 && sc->actlen > 0) {
728 sid_type = sc->buffer[0] & 0x1F;
729 if (sid_type == 0x05)
730 is_cdrom = 1;
731 break;
732 } else if (err != ERR_CSW_FAILED)
733 break; /* non retryable error */
734 usb_pause_mtx(NULL, hz);
735 }
736 bbb_detach(sc);
737 return (is_cdrom);
738 }
739
740 static uint8_t
usb_msc_get_max_lun(struct usb_device * udev,uint8_t iface_index)741 usb_msc_get_max_lun(struct usb_device *udev, uint8_t iface_index)
742 {
743 struct usb_device_request req;
744 usb_error_t err;
745 uint8_t buf = 0;
746
747
748 /* The Get Max Lun command is a class-specific request. */
749 req.bmRequestType = UT_READ_CLASS_INTERFACE;
750 req.bRequest = 0xFE; /* GET_MAX_LUN */
751 USETW(req.wValue, 0);
752 req.wIndex[0] = iface_index;
753 req.wIndex[1] = 0;
754 USETW(req.wLength, 1);
755
756 err = usbd_do_request(udev, NULL, &req, &buf);
757 if (err)
758 buf = 0;
759
760 return (buf);
761 }
762
763 usb_error_t
usb_msc_auto_quirk(struct usb_device * udev,uint8_t iface_index)764 usb_msc_auto_quirk(struct usb_device *udev, uint8_t iface_index)
765 {
766 struct bbb_transfer *sc;
767 uint8_t timeout;
768 uint8_t is_no_direct;
769 uint8_t sid_type;
770 int err;
771
772 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
773 if (sc == NULL)
774 return (0);
775
776 /*
777 * Some devices need a delay after that the configuration
778 * value is set to function properly:
779 */
780 usb_pause_mtx(NULL, hz);
781
782 if (usb_msc_get_max_lun(udev, iface_index) == 0) {
783 DPRINTF("Device has only got one LUN.\n");
784 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_GETMAXLUN);
785 }
786
787 is_no_direct = 1;
788 for (timeout = 4; timeout != 0; timeout--) {
789 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
790 SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
791 USB_MS_HZ);
792
793 if (err == 0 && sc->actlen > 0) {
794 sid_type = sc->buffer[0] & 0x1F;
795 if (sid_type == 0x00)
796 is_no_direct = 0;
797 break;
798 } else if (err != ERR_CSW_FAILED) {
799 DPRINTF("Device is not responding "
800 "properly to SCSI INQUIRY command.\n");
801 goto error; /* non retryable error */
802 }
803 usb_pause_mtx(NULL, hz);
804 }
805
806 if (is_no_direct) {
807 DPRINTF("Device is not direct access.\n");
808 goto done;
809 }
810
811 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
812 &scsi_test_unit_ready, sizeof(scsi_test_unit_ready),
813 USB_MS_HZ);
814
815 if (err != 0) {
816 if (err != ERR_CSW_FAILED)
817 goto error;
818 DPRINTF("Test unit ready failed\n");
819 }
820
821 err = bbb_command_start(sc, DIR_OUT, 0, NULL, 0,
822 &scsi_prevent_removal, sizeof(scsi_prevent_removal),
823 USB_MS_HZ);
824
825 if (err == 0) {
826 err = bbb_command_start(sc, DIR_OUT, 0, NULL, 0,
827 &scsi_allow_removal, sizeof(scsi_allow_removal),
828 USB_MS_HZ);
829 }
830
831 if (err != 0) {
832 if (err != ERR_CSW_FAILED)
833 goto error;
834 DPRINTF("Device doesn't handle prevent and allow removal\n");
835 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_PREVENT_ALLOW);
836 }
837
838 timeout = 1;
839
840 retry_sync_cache:
841 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
842 &scsi_sync_cache, sizeof(scsi_sync_cache),
843 USB_MS_HZ);
844
845 if (err != 0) {
846
847 if (err != ERR_CSW_FAILED)
848 goto error;
849
850 DPRINTF("Device doesn't handle synchronize cache\n");
851
852 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_SYNC_CACHE);
853 } else {
854
855 /*
856 * Certain Kingston memory sticks fail the first
857 * read capacity after a synchronize cache command
858 * has been issued. Disable the synchronize cache
859 * command for such devices.
860 */
861
862 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
863 &scsi_read_capacity, sizeof(scsi_read_capacity),
864 USB_MS_HZ);
865
866 if (err != 0) {
867 if (err != ERR_CSW_FAILED)
868 goto error;
869
870 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
871 &scsi_read_capacity, sizeof(scsi_read_capacity),
872 USB_MS_HZ);
873
874 if (err == 0) {
875 if (timeout--)
876 goto retry_sync_cache;
877
878 DPRINTF("Device most likely doesn't "
879 "handle synchronize cache\n");
880
881 usbd_add_dynamic_quirk(udev,
882 UQ_MSC_NO_SYNC_CACHE);
883 } else {
884 if (err != ERR_CSW_FAILED)
885 goto error;
886 }
887 }
888 }
889
890 /* clear sense status of any failed commands on the device */
891
892 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
893 SCSI_INQ_LEN, &scsi_inquiry, sizeof(scsi_inquiry),
894 USB_MS_HZ);
895
896 DPRINTF("Inquiry = %d\n", err);
897
898 if (err != 0) {
899
900 if (err != ERR_CSW_FAILED)
901 goto error;
902 }
903
904 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
905 SCSI_SENSE_LEN, &scsi_request_sense,
906 sizeof(scsi_request_sense), USB_MS_HZ);
907
908 DPRINTF("Request sense = %d\n", err);
909
910 if (err != 0) {
911
912 if (err != ERR_CSW_FAILED)
913 goto error;
914 }
915
916 done:
917 bbb_detach(sc);
918 return (0);
919
920 error:
921 bbb_detach(sc);
922
923 DPRINTF("Device did not respond, enabling all quirks\n");
924
925 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_SYNC_CACHE);
926 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_PREVENT_ALLOW);
927 usbd_add_dynamic_quirk(udev, UQ_MSC_NO_TEST_UNIT_READY);
928
929 /* Need to re-enumerate the device */
930 usbd_req_re_enumerate(udev, NULL);
931
932 return (USB_ERR_STALLED);
933 }
934
935 usb_error_t
usb_msc_eject(struct usb_device * udev,uint8_t iface_index,int method)936 usb_msc_eject(struct usb_device *udev, uint8_t iface_index, int method)
937 {
938 struct bbb_transfer *sc;
939 usb_error_t err;
940
941 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
942 if (sc == NULL)
943 return (USB_ERR_INVAL);
944
945 switch (method) {
946 case MSC_EJECT_STOPUNIT:
947 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
948 &scsi_test_unit_ready, sizeof(scsi_test_unit_ready),
949 USB_MS_HZ);
950 DPRINTF("Test unit ready status: %s\n", usbd_errstr(err));
951 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
952 &scsi_start_stop_unit, sizeof(scsi_start_stop_unit),
953 USB_MS_HZ);
954 break;
955 case MSC_EJECT_REZERO:
956 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
957 &scsi_rezero_init, sizeof(scsi_rezero_init),
958 USB_MS_HZ);
959 break;
960 case MSC_EJECT_ZTESTOR:
961 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
962 &scsi_ztestor_eject, sizeof(scsi_ztestor_eject),
963 USB_MS_HZ);
964 break;
965 case MSC_EJECT_CMOTECH:
966 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
967 &scsi_cmotech_eject, sizeof(scsi_cmotech_eject),
968 USB_MS_HZ);
969 break;
970 case MSC_EJECT_HUAWEI:
971 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
972 &scsi_huawei_eject, sizeof(scsi_huawei_eject),
973 USB_MS_HZ);
974 break;
975 case MSC_EJECT_HUAWEI2:
976 err = bbb_command_start(sc, DIR_IN, 0, NULL, 0,
977 &scsi_huawei_eject2, sizeof(scsi_huawei_eject2),
978 USB_MS_HZ);
979 break;
980 case MSC_EJECT_TCT:
981 /*
982 * TCTMobile needs DIR_IN flag. To get it, we
983 * supply a dummy data with the command.
984 */
985 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer,
986 sc->buffer_size, &scsi_tct_eject,
987 sizeof(scsi_tct_eject), USB_MS_HZ);
988 break;
989 default:
990 DPRINTF("Unknown eject method (%d)\n", method);
991 bbb_detach(sc);
992 return (USB_ERR_INVAL);
993 }
994
995 DPRINTF("Eject CD command status: %s\n", usbd_errstr(err));
996
997 bbb_detach(sc);
998 return (0);
999 }
1000
1001 usb_error_t
usb_dymo_eject(struct usb_device * udev,uint8_t iface_index)1002 usb_dymo_eject(struct usb_device *udev, uint8_t iface_index)
1003 {
1004 static const uint8_t data[3] = { 0x1b, 0x5a, 0x01 };
1005 struct bbb_transfer *sc;
1006 usb_error_t err;
1007
1008 sc = bbb_attach(udev, iface_index, UICLASS_HID);
1009 if (sc == NULL)
1010 return (USB_ERR_INVAL);
1011 err = bbb_raw_write(sc, data, sizeof(data), USB_MS_HZ);
1012 bbb_detach(sc);
1013 return (err);
1014 }
1015
1016 usb_error_t
usb_msc_read_10(struct usb_device * udev,uint8_t iface_index,uint32_t lba,uint32_t blocks,void * buffer)1017 usb_msc_read_10(struct usb_device *udev, uint8_t iface_index,
1018 uint32_t lba, uint32_t blocks, void *buffer)
1019 {
1020 struct bbb_transfer *sc;
1021 uint8_t cmd[10];
1022 usb_error_t err;
1023
1024 cmd[0] = 0x28; /* READ_10 */
1025 cmd[1] = 0;
1026 cmd[2] = lba >> 24;
1027 cmd[3] = lba >> 16;
1028 cmd[4] = lba >> 8;
1029 cmd[5] = lba >> 0;
1030 cmd[6] = 0;
1031 cmd[7] = blocks >> 8;
1032 cmd[8] = blocks;
1033 cmd[9] = 0;
1034
1035 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
1036 if (sc == NULL)
1037 return (USB_ERR_INVAL);
1038
1039 err = bbb_command_start(sc, DIR_IN, 0, buffer,
1040 blocks * SCSI_FIXED_BLOCK_SIZE, cmd, 10, USB_MS_HZ);
1041
1042 bbb_detach(sc);
1043
1044 return (err);
1045 }
1046
1047 usb_error_t
usb_msc_write_10(struct usb_device * udev,uint8_t iface_index,uint32_t lba,uint32_t blocks,void * buffer)1048 usb_msc_write_10(struct usb_device *udev, uint8_t iface_index,
1049 uint32_t lba, uint32_t blocks, void *buffer)
1050 {
1051 struct bbb_transfer *sc;
1052 uint8_t cmd[10];
1053 usb_error_t err;
1054
1055 cmd[0] = 0x2a; /* WRITE_10 */
1056 cmd[1] = 0;
1057 cmd[2] = lba >> 24;
1058 cmd[3] = lba >> 16;
1059 cmd[4] = lba >> 8;
1060 cmd[5] = lba >> 0;
1061 cmd[6] = 0;
1062 cmd[7] = blocks >> 8;
1063 cmd[8] = blocks;
1064 cmd[9] = 0;
1065
1066 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
1067 if (sc == NULL)
1068 return (USB_ERR_INVAL);
1069
1070 err = bbb_command_start(sc, DIR_OUT, 0, buffer,
1071 blocks * SCSI_FIXED_BLOCK_SIZE, cmd, 10, USB_MS_HZ);
1072
1073 bbb_detach(sc);
1074
1075 return (err);
1076 }
1077
1078 usb_error_t
usb_msc_read_capacity(struct usb_device * udev,uint8_t iface_index,uint32_t * lba_last,uint32_t * block_size)1079 usb_msc_read_capacity(struct usb_device *udev, uint8_t iface_index,
1080 uint32_t *lba_last, uint32_t *block_size)
1081 {
1082 struct bbb_transfer *sc;
1083 usb_error_t err;
1084
1085 sc = bbb_attach(udev, iface_index, UICLASS_MASS);
1086 if (sc == NULL)
1087 return (USB_ERR_INVAL);
1088
1089 err = bbb_command_start(sc, DIR_IN, 0, sc->buffer, 8,
1090 &scsi_read_capacity, sizeof(scsi_read_capacity),
1091 USB_MS_HZ);
1092
1093 *lba_last =
1094 (sc->buffer[0] << 24) |
1095 (sc->buffer[1] << 16) |
1096 (sc->buffer[2] << 8) |
1097 (sc->buffer[3]);
1098
1099 *block_size =
1100 (sc->buffer[4] << 24) |
1101 (sc->buffer[5] << 16) |
1102 (sc->buffer[6] << 8) |
1103 (sc->buffer[7]);
1104
1105 /* we currently only support one block size */
1106 if (*block_size != SCSI_FIXED_BLOCK_SIZE)
1107 err = USB_ERR_INVAL;
1108
1109 bbb_detach(sc);
1110
1111 return (err);
1112 }
1113