1 /* $FreeBSD$ */
2 /*-
3 * Copyright (C) 2003-2005 Alan Stern
4 * Copyright (C) 2008 Hans Petter Selasky
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer,
12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without
18 * specific prior written permission.
19 *
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
22 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
23 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
25 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /*
35 * NOTE: Much of the SCSI statemachine handling code derives from the
36 * Linux USB gadget stack.
37 */
38
39 #ifdef USB_GLOBAL_INCLUDE_FILE
40 #include USB_GLOBAL_INCLUDE_FILE
41 #else
42 #include <sys/stdint.h>
43 #include <sys/stddef.h>
44 #include <sys/param.h>
45 #include <sys/queue.h>
46 #include <sys/types.h>
47 #include <sys/systm.h>
48 #include <sys/kernel.h>
49 #include <sys/bus.h>
50 #include <sys/module.h>
51 #include <sys/lock.h>
52 #include <sys/mutex.h>
53 #include <sys/condvar.h>
54 #include <sys/sysctl.h>
55 #include <sys/sx.h>
56 #include <sys/unistd.h>
57 #include <sys/callout.h>
58 #include <sys/malloc.h>
59 #include <sys/priv.h>
60
61 #include <dev/usb/usb.h>
62 #include <dev/usb/usbdi.h>
63 #include "usbdevs.h"
64 #include "usb_if.h"
65
66 #define USB_DEBUG_VAR ustorage_fs_debug
67 #include <dev/usb/usb_debug.h>
68 #endif /* USB_GLOBAL_INCLUDE_FILE */
69
70 #ifdef USB_DEBUG
71 static int ustorage_fs_debug = 0;
72
73 SYSCTL_NODE(_hw_usb, OID_AUTO, ustorage_fs, CTLFLAG_RW, 0, "USB ustorage_fs");
74 SYSCTL_INT(_hw_usb_ustorage_fs, OID_AUTO, debug, CTLFLAG_RWTUN,
75 &ustorage_fs_debug, 0, "ustorage_fs debug level");
76 #endif
77
78 /* Define some limits */
79
80 #ifndef USTORAGE_FS_BULK_SIZE
81 #define USTORAGE_FS_BULK_SIZE (1U << 17) /* bytes */
82 #endif
83
84 #ifndef USTORAGE_FS_MAX_LUN
85 #define USTORAGE_FS_MAX_LUN 8 /* units */
86 #endif
87
88 #ifndef USTORAGE_QDATA_MAX
89 #define USTORAGE_QDATA_MAX 40 /* bytes */
90 #endif
91
92 /*
93 * The SCSI ID string must be exactly 28 characters long
94 * exluding the terminating zero.
95 */
96 #ifndef USTORAGE_FS_ID_STRING
97 #define USTORAGE_FS_ID_STRING \
98 "FreeBSD " /* 8 */ \
99 "File-Stor Gadget" /* 16 */ \
100 "0101" /* 4 */
101 #endif
102
103 /*
104 * The following macro defines the number of
105 * sectors to be allocated for the RAM disk:
106 */
107 #ifndef USTORAGE_FS_RAM_SECT
108 #define USTORAGE_FS_RAM_SECT (1UL << 13)
109 #endif
110
111 static uint8_t *ustorage_fs_ramdisk;
112
113 /* USB transfer definitions */
114
115 #define USTORAGE_FS_T_BBB_COMMAND 0
116 #define USTORAGE_FS_T_BBB_DATA_DUMP 1
117 #define USTORAGE_FS_T_BBB_DATA_READ 2
118 #define USTORAGE_FS_T_BBB_DATA_WRITE 3
119 #define USTORAGE_FS_T_BBB_STATUS 4
120 #define USTORAGE_FS_T_BBB_MAX 5
121
122 /* USB data stage direction */
123
124 #define DIR_NONE 0
125 #define DIR_READ 1
126 #define DIR_WRITE 2
127
128 /* USB interface specific control request */
129
130 #define UR_BBB_RESET 0xff /* Bulk-Only reset */
131 #define UR_BBB_GET_MAX_LUN 0xfe /* Get maximum lun */
132
133 /* Command Block Wrapper */
134 typedef struct {
135 uDWord dCBWSignature;
136 #define CBWSIGNATURE 0x43425355
137 uDWord dCBWTag;
138 uDWord dCBWDataTransferLength;
139 uByte bCBWFlags;
140 #define CBWFLAGS_OUT 0x00
141 #define CBWFLAGS_IN 0x80
142 uByte bCBWLUN;
143 uByte bCDBLength;
144 #define CBWCDBLENGTH 16
145 uByte CBWCDB[CBWCDBLENGTH];
146 } __packed ustorage_fs_bbb_cbw_t;
147
148 #define USTORAGE_FS_BBB_CBW_SIZE 31
149
150 /* Command Status Wrapper */
151 typedef struct {
152 uDWord dCSWSignature;
153 #define CSWSIGNATURE 0x53425355
154 uDWord dCSWTag;
155 uDWord dCSWDataResidue;
156 uByte bCSWStatus;
157 #define CSWSTATUS_GOOD 0x0
158 #define CSWSTATUS_FAILED 0x1
159 #define CSWSTATUS_PHASE 0x2
160 } __packed ustorage_fs_bbb_csw_t;
161
162 #define USTORAGE_FS_BBB_CSW_SIZE 13
163
164 struct ustorage_fs_lun {
165
166 uint8_t *memory_image;
167
168 uint32_t num_sectors;
169 uint32_t sense_data;
170 uint32_t sense_data_info;
171 uint32_t unit_attention_data;
172
173 uint8_t read_only:1;
174 uint8_t prevent_medium_removal:1;
175 uint8_t info_valid:1;
176 uint8_t removable:1;
177 };
178
179 struct ustorage_fs_softc {
180
181 ustorage_fs_bbb_cbw_t *sc_cbw; /* Command Wrapper Block */
182 ustorage_fs_bbb_csw_t *sc_csw; /* Command Status Block */
183 void *sc_dma_ptr; /* Main data buffer */
184
185 struct mtx sc_mtx;
186
187 struct ustorage_fs_lun sc_lun[USTORAGE_FS_MAX_LUN];
188
189 struct {
190 uint8_t *data_ptr;
191 struct ustorage_fs_lun *currlun;
192
193 uint32_t data_rem; /* bytes, as reported by the command
194 * block wrapper */
195 uint32_t offset; /* bytes */
196
197 uint8_t cbw_dir;
198 uint8_t cmd_dir;
199 uint8_t lun;
200 uint8_t cmd_len;
201 uint8_t data_short:1;
202 uint8_t data_error:1;
203 } sc_transfer;
204
205 device_t sc_dev;
206 struct usb_device *sc_udev;
207 struct usb_xfer *sc_xfer[USTORAGE_FS_T_BBB_MAX];
208
209 uint8_t sc_iface_no; /* interface number */
210 uint8_t sc_last_lun;
211 uint8_t sc_last_xfer_index;
212 uint8_t sc_qdata[USTORAGE_QDATA_MAX];
213 };
214
215 /* prototypes */
216
217 static device_probe_t ustorage_fs_probe;
218 static device_attach_t ustorage_fs_attach;
219 static device_detach_t ustorage_fs_detach;
220 static device_suspend_t ustorage_fs_suspend;
221 static device_resume_t ustorage_fs_resume;
222 static usb_handle_request_t ustorage_fs_handle_request;
223
224 static usb_callback_t ustorage_fs_t_bbb_command_callback;
225 static usb_callback_t ustorage_fs_t_bbb_data_dump_callback;
226 static usb_callback_t ustorage_fs_t_bbb_data_read_callback;
227 static usb_callback_t ustorage_fs_t_bbb_data_write_callback;
228 static usb_callback_t ustorage_fs_t_bbb_status_callback;
229
230 static void ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index);
231 static void ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc);
232
233 static uint8_t ustorage_fs_verify(struct ustorage_fs_softc *sc);
234 static uint8_t ustorage_fs_inquiry(struct ustorage_fs_softc *sc);
235 static uint8_t ustorage_fs_request_sense(struct ustorage_fs_softc *sc);
236 static uint8_t ustorage_fs_read_capacity(struct ustorage_fs_softc *sc);
237 static uint8_t ustorage_fs_mode_sense(struct ustorage_fs_softc *sc);
238 static uint8_t ustorage_fs_start_stop(struct ustorage_fs_softc *sc);
239 static uint8_t ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc);
240 static uint8_t ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc);
241 static uint8_t ustorage_fs_mode_select(struct ustorage_fs_softc *sc);
242 static uint8_t ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask);
243 static uint8_t ustorage_fs_read(struct ustorage_fs_softc *sc);
244 static uint8_t ustorage_fs_write(struct ustorage_fs_softc *sc);
245 static uint8_t ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t cmd_size, uint16_t mask, uint8_t needs_medium);
246 static uint8_t ustorage_fs_do_cmd(struct ustorage_fs_softc *sc);
247
248 static device_method_t ustorage_fs_methods[] = {
249 /* USB interface */
250 DEVMETHOD(usb_handle_request, ustorage_fs_handle_request),
251
252 /* Device interface */
253 DEVMETHOD(device_probe, ustorage_fs_probe),
254 DEVMETHOD(device_attach, ustorage_fs_attach),
255 DEVMETHOD(device_detach, ustorage_fs_detach),
256 DEVMETHOD(device_suspend, ustorage_fs_suspend),
257 DEVMETHOD(device_resume, ustorage_fs_resume),
258
259 DEVMETHOD_END
260 };
261
262 static driver_t ustorage_fs_driver = {
263 .name = "ustorage_fs",
264 .methods = ustorage_fs_methods,
265 .size = sizeof(struct ustorage_fs_softc),
266 };
267
268 static devclass_t ustorage_fs_devclass;
269
270 DRIVER_MODULE(ustorage_fs, uhub, ustorage_fs_driver, ustorage_fs_devclass, NULL, 0);
271 MODULE_VERSION(ustorage_fs, 0);
272 MODULE_DEPEND(ustorage_fs, usb, 1, 1, 1);
273
274 static struct usb_config ustorage_fs_bbb_config[USTORAGE_FS_T_BBB_MAX] = {
275
276 [USTORAGE_FS_T_BBB_COMMAND] = {
277 .type = UE_BULK,
278 .endpoint = UE_ADDR_ANY,
279 .direction = UE_DIR_OUT,
280 .bufsize = sizeof(ustorage_fs_bbb_cbw_t),
281 .callback = &ustorage_fs_t_bbb_command_callback,
282 .usb_mode = USB_MODE_DEVICE,
283 },
284
285 [USTORAGE_FS_T_BBB_DATA_DUMP] = {
286 .type = UE_BULK,
287 .endpoint = UE_ADDR_ANY,
288 .direction = UE_DIR_OUT,
289 .bufsize = 0, /* use wMaxPacketSize */
290 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,},
291 .callback = &ustorage_fs_t_bbb_data_dump_callback,
292 .usb_mode = USB_MODE_DEVICE,
293 },
294
295 [USTORAGE_FS_T_BBB_DATA_READ] = {
296 .type = UE_BULK,
297 .endpoint = UE_ADDR_ANY,
298 .direction = UE_DIR_OUT,
299 .bufsize = USTORAGE_FS_BULK_SIZE,
300 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1},
301 .callback = &ustorage_fs_t_bbb_data_read_callback,
302 .usb_mode = USB_MODE_DEVICE,
303 },
304
305 [USTORAGE_FS_T_BBB_DATA_WRITE] = {
306 .type = UE_BULK,
307 .endpoint = UE_ADDR_ANY,
308 .direction = UE_DIR_IN,
309 .bufsize = USTORAGE_FS_BULK_SIZE,
310 .flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer = 1},
311 .callback = &ustorage_fs_t_bbb_data_write_callback,
312 .usb_mode = USB_MODE_DEVICE,
313 },
314
315 [USTORAGE_FS_T_BBB_STATUS] = {
316 .type = UE_BULK,
317 .endpoint = UE_ADDR_ANY,
318 .direction = UE_DIR_IN,
319 .bufsize = sizeof(ustorage_fs_bbb_csw_t),
320 .flags = {.short_xfer_ok = 1},
321 .callback = &ustorage_fs_t_bbb_status_callback,
322 .usb_mode = USB_MODE_DEVICE,
323 },
324 };
325
326 /*
327 * USB device probe/attach/detach
328 */
329
330 static int
ustorage_fs_probe(device_t dev)331 ustorage_fs_probe(device_t dev)
332 {
333 struct usb_attach_arg *uaa = device_get_ivars(dev);
334 struct usb_interface_descriptor *id;
335
336 if (uaa->usb_mode != USB_MODE_DEVICE) {
337 return (ENXIO);
338 }
339 /* Check for a standards compliant device */
340 id = usbd_get_interface_descriptor(uaa->iface);
341 if ((id == NULL) ||
342 (id->bInterfaceClass != UICLASS_MASS) ||
343 (id->bInterfaceSubClass != UISUBCLASS_SCSI) ||
344 (id->bInterfaceProtocol != UIPROTO_MASS_BBB)) {
345 return (ENXIO);
346 }
347 return (BUS_PROBE_GENERIC);
348 }
349
350 static int
ustorage_fs_attach(device_t dev)351 ustorage_fs_attach(device_t dev)
352 {
353 struct ustorage_fs_softc *sc = device_get_softc(dev);
354 struct usb_attach_arg *uaa = device_get_ivars(dev);
355 struct usb_interface_descriptor *id;
356 int err;
357 int unit;
358
359 /*
360 * NOTE: the softc struct is cleared in device_set_driver.
361 * We can safely call ustorage_fs_detach without specifically
362 * initializing the struct.
363 */
364
365 sc->sc_dev = dev;
366 sc->sc_udev = uaa->device;
367 unit = device_get_unit(dev);
368
369 /* enable power saving mode */
370 usbd_set_power_mode(uaa->device, USB_POWER_MODE_SAVE);
371
372 if (unit == 0) {
373 if (ustorage_fs_ramdisk == NULL) {
374 /*
375 * allocate a memory image for our ramdisk until
376 * further
377 */
378 ustorage_fs_ramdisk =
379 malloc(USTORAGE_FS_RAM_SECT << 9, M_USB,
380 M_ZERO | M_WAITOK);
381 }
382 sc->sc_lun[0].memory_image = ustorage_fs_ramdisk;
383 sc->sc_lun[0].num_sectors = USTORAGE_FS_RAM_SECT;
384 sc->sc_lun[0].removable = 1;
385 }
386
387 device_set_usb_desc(dev);
388
389 mtx_init(&sc->sc_mtx, "USTORAGE_FS lock",
390 NULL, (MTX_DEF | MTX_RECURSE));
391
392 /* get interface index */
393
394 id = usbd_get_interface_descriptor(uaa->iface);
395 if (id == NULL) {
396 device_printf(dev, "failed to get "
397 "interface number\n");
398 goto detach;
399 }
400 sc->sc_iface_no = id->bInterfaceNumber;
401
402 err = usbd_transfer_setup(uaa->device,
403 &uaa->info.bIfaceIndex, sc->sc_xfer, ustorage_fs_bbb_config,
404 USTORAGE_FS_T_BBB_MAX, sc, &sc->sc_mtx);
405 if (err) {
406 device_printf(dev, "could not setup required "
407 "transfers, %s\n", usbd_errstr(err));
408 goto detach;
409 }
410
411 sc->sc_cbw = usbd_xfer_get_frame_buffer(sc->sc_xfer[
412 USTORAGE_FS_T_BBB_COMMAND], 0);
413 sc->sc_csw = usbd_xfer_get_frame_buffer(sc->sc_xfer[
414 USTORAGE_FS_T_BBB_STATUS], 0);
415 sc->sc_dma_ptr = usbd_xfer_get_frame_buffer(sc->sc_xfer[
416 USTORAGE_FS_T_BBB_DATA_READ], 0);
417
418 /* start Mass Storage State Machine */
419
420 mtx_lock(&sc->sc_mtx);
421 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
422 mtx_unlock(&sc->sc_mtx);
423
424 return (0); /* success */
425
426 detach:
427 ustorage_fs_detach(dev);
428 return (ENXIO); /* failure */
429 }
430
431 static int
ustorage_fs_detach(device_t dev)432 ustorage_fs_detach(device_t dev)
433 {
434 struct ustorage_fs_softc *sc = device_get_softc(dev);
435
436 /* teardown our statemachine */
437
438 usbd_transfer_unsetup(sc->sc_xfer, USTORAGE_FS_T_BBB_MAX);
439
440 mtx_destroy(&sc->sc_mtx);
441
442 return (0); /* success */
443 }
444
445 static int
ustorage_fs_suspend(device_t dev)446 ustorage_fs_suspend(device_t dev)
447 {
448 device_printf(dev, "suspending\n");
449 return (0); /* success */
450 }
451
452 static int
ustorage_fs_resume(device_t dev)453 ustorage_fs_resume(device_t dev)
454 {
455 device_printf(dev, "resuming\n");
456 return (0); /* success */
457 }
458
459 /*
460 * Generic functions to handle transfers
461 */
462
463 static void
ustorage_fs_transfer_start(struct ustorage_fs_softc * sc,uint8_t xfer_index)464 ustorage_fs_transfer_start(struct ustorage_fs_softc *sc, uint8_t xfer_index)
465 {
466 if (sc->sc_xfer[xfer_index]) {
467 sc->sc_last_xfer_index = xfer_index;
468 usbd_transfer_start(sc->sc_xfer[xfer_index]);
469 }
470 }
471
472 static void
ustorage_fs_transfer_stop(struct ustorage_fs_softc * sc)473 ustorage_fs_transfer_stop(struct ustorage_fs_softc *sc)
474 {
475 usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
476 mtx_unlock(&sc->sc_mtx);
477 usbd_transfer_drain(sc->sc_xfer[sc->sc_last_xfer_index]);
478 mtx_lock(&sc->sc_mtx);
479 }
480
481 static int
ustorage_fs_handle_request(device_t dev,const void * preq,void ** pptr,uint16_t * plen,uint16_t offset,uint8_t * pstate)482 ustorage_fs_handle_request(device_t dev,
483 const void *preq, void **pptr, uint16_t *plen,
484 uint16_t offset, uint8_t *pstate)
485 {
486 struct ustorage_fs_softc *sc = device_get_softc(dev);
487 const struct usb_device_request *req = preq;
488 uint8_t is_complete = *pstate;
489
490 if (!is_complete) {
491 if ((req->bmRequestType == UT_WRITE_CLASS_INTERFACE) &&
492 (req->bRequest == UR_BBB_RESET)) {
493 *plen = 0;
494 mtx_lock(&sc->sc_mtx);
495 ustorage_fs_transfer_stop(sc);
496 sc->sc_transfer.data_error = 1;
497 ustorage_fs_transfer_start(sc,
498 USTORAGE_FS_T_BBB_COMMAND);
499 mtx_unlock(&sc->sc_mtx);
500 return (0);
501 } else if ((req->bmRequestType == UT_READ_CLASS_INTERFACE) &&
502 (req->bRequest == UR_BBB_GET_MAX_LUN)) {
503 if (offset == 0) {
504 *plen = 1;
505 *pptr = &sc->sc_last_lun;
506 } else {
507 *plen = 0;
508 }
509 return (0);
510 }
511 }
512 return (ENXIO); /* use builtin handler */
513 }
514
515 static void
ustorage_fs_t_bbb_command_callback(struct usb_xfer * xfer,usb_error_t error)516 ustorage_fs_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
517 {
518 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
519 uint32_t tag;
520 uint8_t err = 0;
521
522 DPRINTF("\n");
523
524 switch (USB_GET_STATE(xfer)) {
525 case USB_ST_TRANSFERRED:
526
527 tag = UGETDW(sc->sc_cbw->dCBWSignature);
528
529 if (tag != CBWSIGNATURE) {
530 /* do nothing */
531 DPRINTF("invalid signature 0x%08x\n", tag);
532 break;
533 }
534 tag = UGETDW(sc->sc_cbw->dCBWTag);
535
536 /* echo back tag */
537 USETDW(sc->sc_csw->dCSWTag, tag);
538
539 /* reset status */
540 sc->sc_csw->bCSWStatus = 0;
541
542 /* reset data offset, data length and data remainder */
543 sc->sc_transfer.offset = 0;
544 sc->sc_transfer.data_rem =
545 UGETDW(sc->sc_cbw->dCBWDataTransferLength);
546
547 /* reset data flags */
548 sc->sc_transfer.data_short = 0;
549
550 /* extract LUN */
551 sc->sc_transfer.lun = sc->sc_cbw->bCBWLUN;
552
553 if (sc->sc_transfer.data_rem == 0) {
554 sc->sc_transfer.cbw_dir = DIR_NONE;
555 } else {
556 if (sc->sc_cbw->bCBWFlags & CBWFLAGS_IN) {
557 sc->sc_transfer.cbw_dir = DIR_WRITE;
558 } else {
559 sc->sc_transfer.cbw_dir = DIR_READ;
560 }
561 }
562
563 sc->sc_transfer.cmd_len = sc->sc_cbw->bCDBLength;
564 if ((sc->sc_transfer.cmd_len > sizeof(sc->sc_cbw->CBWCDB)) ||
565 (sc->sc_transfer.cmd_len == 0)) {
566 /* just halt - this is invalid */
567 DPRINTF("invalid command length %d bytes\n",
568 sc->sc_transfer.cmd_len);
569 break;
570 }
571
572 err = ustorage_fs_do_cmd(sc);
573 if (err) {
574 /* got an error */
575 DPRINTF("command failed\n");
576 break;
577 }
578 if ((sc->sc_transfer.data_rem > 0) &&
579 (sc->sc_transfer.cbw_dir != sc->sc_transfer.cmd_dir)) {
580 /* contradicting data transfer direction */
581 err = 1;
582 DPRINTF("data direction mismatch\n");
583 break;
584 }
585 switch (sc->sc_transfer.cbw_dir) {
586 case DIR_READ:
587 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_READ);
588 break;
589 case DIR_WRITE:
590 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_DATA_WRITE);
591 break;
592 default:
593 ustorage_fs_transfer_start(sc,
594 USTORAGE_FS_T_BBB_STATUS);
595 break;
596 }
597 break;
598
599 case USB_ST_SETUP:
600 tr_setup:
601 if (sc->sc_transfer.data_error) {
602 sc->sc_transfer.data_error = 0;
603 usbd_xfer_set_stall(xfer);
604 DPRINTF("stall pipe\n");
605 }
606 usbd_xfer_set_frame_len(xfer, 0,
607 sizeof(ustorage_fs_bbb_cbw_t));
608 usbd_transfer_submit(xfer);
609 break;
610
611 default: /* Error */
612 DPRINTF("error\n");
613 if (error == USB_ERR_CANCELLED) {
614 break;
615 }
616 /* If the pipe is already stalled, don't do another stall */
617 if (!usbd_xfer_is_stalled(xfer))
618 sc->sc_transfer.data_error = 1;
619
620 /* try again */
621 goto tr_setup;
622 }
623 if (err) {
624 if (sc->sc_csw->bCSWStatus == 0) {
625 /* set some default error code */
626 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
627 }
628 if (sc->sc_transfer.cbw_dir == DIR_READ) {
629 /* dump all data */
630 ustorage_fs_transfer_start(sc,
631 USTORAGE_FS_T_BBB_DATA_DUMP);
632 return;
633 }
634 if (sc->sc_transfer.cbw_dir == DIR_WRITE) {
635 /* need to stall before status */
636 sc->sc_transfer.data_error = 1;
637 }
638 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_STATUS);
639 }
640 }
641
642 static void
ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer * xfer,usb_error_t error)643 ustorage_fs_t_bbb_data_dump_callback(struct usb_xfer *xfer, usb_error_t error)
644 {
645 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
646 uint32_t max_bulk = usbd_xfer_max_len(xfer);
647 int actlen, sumlen;
648
649 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
650
651 DPRINTF("\n");
652
653 switch (USB_GET_STATE(xfer)) {
654 case USB_ST_TRANSFERRED:
655 sc->sc_transfer.data_rem -= actlen;
656 sc->sc_transfer.offset += actlen;
657
658 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
659 /* short transfer or end of data */
660 ustorage_fs_transfer_start(sc,
661 USTORAGE_FS_T_BBB_STATUS);
662 break;
663 }
664 /* Fallthrough */
665
666 case USB_ST_SETUP:
667 tr_setup:
668 if (max_bulk > sc->sc_transfer.data_rem) {
669 max_bulk = sc->sc_transfer.data_rem;
670 }
671 if (sc->sc_transfer.data_error) {
672 sc->sc_transfer.data_error = 0;
673 usbd_xfer_set_stall(xfer);
674 }
675 usbd_xfer_set_frame_len(xfer, 0, max_bulk);
676 usbd_transfer_submit(xfer);
677 break;
678
679 default: /* Error */
680 if (error == USB_ERR_CANCELLED) {
681 break;
682 }
683 /*
684 * If the pipe is already stalled, don't do another stall:
685 */
686 if (!usbd_xfer_is_stalled(xfer))
687 sc->sc_transfer.data_error = 1;
688
689 /* try again */
690 goto tr_setup;
691 }
692 }
693
694 static void
ustorage_fs_t_bbb_data_read_callback(struct usb_xfer * xfer,usb_error_t error)695 ustorage_fs_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
696 {
697 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
698 uint32_t max_bulk = usbd_xfer_max_len(xfer);
699 int actlen, sumlen;
700
701 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
702
703 DPRINTF("\n");
704
705 switch (USB_GET_STATE(xfer)) {
706 case USB_ST_TRANSFERRED:
707 /* XXX copy data from DMA buffer */
708 memcpy(sc->sc_transfer.data_ptr, sc->sc_dma_ptr, actlen);
709
710 sc->sc_transfer.data_rem -= actlen;
711 sc->sc_transfer.data_ptr += actlen;
712 sc->sc_transfer.offset += actlen;
713
714 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
715 /* short transfer or end of data */
716 ustorage_fs_transfer_start(sc,
717 USTORAGE_FS_T_BBB_STATUS);
718 break;
719 }
720 /* Fallthrough */
721
722 case USB_ST_SETUP:
723 tr_setup:
724 if (max_bulk > sc->sc_transfer.data_rem) {
725 max_bulk = sc->sc_transfer.data_rem;
726 }
727 if (sc->sc_transfer.data_error) {
728 sc->sc_transfer.data_error = 0;
729 usbd_xfer_set_stall(xfer);
730 }
731
732 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk);
733 usbd_transfer_submit(xfer);
734 break;
735
736 default: /* Error */
737 if (error == USB_ERR_CANCELLED) {
738 break;
739 }
740 /* If the pipe is already stalled, don't do another stall */
741 if (!usbd_xfer_is_stalled(xfer))
742 sc->sc_transfer.data_error = 1;
743
744 /* try again */
745 goto tr_setup;
746 }
747 }
748
749 static void
ustorage_fs_t_bbb_data_write_callback(struct usb_xfer * xfer,usb_error_t error)750 ustorage_fs_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
751 {
752 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
753 uint32_t max_bulk = usbd_xfer_max_len(xfer);
754 int actlen, sumlen;
755
756 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
757
758 DPRINTF("\n");
759
760 switch (USB_GET_STATE(xfer)) {
761 case USB_ST_TRANSFERRED:
762 sc->sc_transfer.data_rem -= actlen;
763 sc->sc_transfer.data_ptr += actlen;
764 sc->sc_transfer.offset += actlen;
765
766 if (actlen != sumlen || sc->sc_transfer.data_rem == 0) {
767 /* short transfer or end of data */
768 ustorage_fs_transfer_start(sc,
769 USTORAGE_FS_T_BBB_STATUS);
770 break;
771 }
772 case USB_ST_SETUP:
773 tr_setup:
774 if (max_bulk >= sc->sc_transfer.data_rem) {
775 max_bulk = sc->sc_transfer.data_rem;
776 if (sc->sc_transfer.data_short)
777 usbd_xfer_set_flag(xfer, USB_FORCE_SHORT_XFER);
778 else
779 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
780 } else
781 usbd_xfer_clr_flag(xfer, USB_FORCE_SHORT_XFER);
782
783 if (sc->sc_transfer.data_error) {
784 sc->sc_transfer.data_error = 0;
785 usbd_xfer_set_stall(xfer);
786 }
787
788 /* XXX copy data to DMA buffer */
789 memcpy(sc->sc_dma_ptr, sc->sc_transfer.data_ptr, max_bulk);
790
791 usbd_xfer_set_frame_data(xfer, 0, sc->sc_dma_ptr, max_bulk);
792 usbd_transfer_submit(xfer);
793 break;
794
795 default: /* Error */
796 if (error == USB_ERR_CANCELLED) {
797 break;
798 }
799 /*
800 * If the pipe is already stalled, don't do another
801 * stall
802 */
803 if (!usbd_xfer_is_stalled(xfer))
804 sc->sc_transfer.data_error = 1;
805
806 /* try again */
807 goto tr_setup;
808 }
809 }
810
811 static void
ustorage_fs_t_bbb_status_callback(struct usb_xfer * xfer,usb_error_t error)812 ustorage_fs_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
813 {
814 struct ustorage_fs_softc *sc = usbd_xfer_softc(xfer);
815
816 DPRINTF("\n");
817
818 switch (USB_GET_STATE(xfer)) {
819 case USB_ST_TRANSFERRED:
820 ustorage_fs_transfer_start(sc, USTORAGE_FS_T_BBB_COMMAND);
821 break;
822
823 case USB_ST_SETUP:
824 tr_setup:
825 USETDW(sc->sc_csw->dCSWSignature, CSWSIGNATURE);
826 USETDW(sc->sc_csw->dCSWDataResidue, sc->sc_transfer.data_rem);
827
828 if (sc->sc_transfer.data_error) {
829 sc->sc_transfer.data_error = 0;
830 usbd_xfer_set_stall(xfer);
831 }
832 usbd_xfer_set_frame_len(xfer, 0,
833 sizeof(ustorage_fs_bbb_csw_t));
834 usbd_transfer_submit(xfer);
835 break;
836
837 default:
838 if (error == USB_ERR_CANCELLED) {
839 break;
840 }
841 /* If the pipe is already stalled, don't do another stall */
842 if (!usbd_xfer_is_stalled(xfer))
843 sc->sc_transfer.data_error = 1;
844
845 /* try again */
846 goto tr_setup;
847 }
848 }
849
850 /* SCSI commands that we recognize */
851 #define SC_FORMAT_UNIT 0x04
852 #define SC_INQUIRY 0x12
853 #define SC_MODE_SELECT_6 0x15
854 #define SC_MODE_SELECT_10 0x55
855 #define SC_MODE_SENSE_6 0x1a
856 #define SC_MODE_SENSE_10 0x5a
857 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
858 #define SC_READ_6 0x08
859 #define SC_READ_10 0x28
860 #define SC_READ_12 0xa8
861 #define SC_READ_CAPACITY 0x25
862 #define SC_READ_FORMAT_CAPACITIES 0x23
863 #define SC_RELEASE 0x17
864 #define SC_REQUEST_SENSE 0x03
865 #define SC_RESERVE 0x16
866 #define SC_SEND_DIAGNOSTIC 0x1d
867 #define SC_START_STOP_UNIT 0x1b
868 #define SC_SYNCHRONIZE_CACHE 0x35
869 #define SC_TEST_UNIT_READY 0x00
870 #define SC_VERIFY 0x2f
871 #define SC_WRITE_6 0x0a
872 #define SC_WRITE_10 0x2a
873 #define SC_WRITE_12 0xaa
874
875 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
876 #define SS_NO_SENSE 0
877 #define SS_COMMUNICATION_FAILURE 0x040800
878 #define SS_INVALID_COMMAND 0x052000
879 #define SS_INVALID_FIELD_IN_CDB 0x052400
880 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
881 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
882 #define SS_MEDIUM_NOT_PRESENT 0x023a00
883 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
884 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800
885 #define SS_RESET_OCCURRED 0x062900
886 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
887 #define SS_UNRECOVERED_READ_ERROR 0x031100
888 #define SS_WRITE_ERROR 0x030c02
889 #define SS_WRITE_PROTECTED 0x072700
890
891 #define SK(x) ((uint8_t) ((x) >> 16)) /* Sense Key byte, etc. */
892 #define ASC(x) ((uint8_t) ((x) >> 8))
893 #define ASCQ(x) ((uint8_t) (x))
894
895 /* Routines for unaligned data access */
896
897 static uint16_t
get_be16(uint8_t * buf)898 get_be16(uint8_t *buf)
899 {
900 return ((uint16_t)buf[0] << 8) | ((uint16_t)buf[1]);
901 }
902
903 static uint32_t
get_be32(uint8_t * buf)904 get_be32(uint8_t *buf)
905 {
906 return ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) |
907 ((uint32_t)buf[2] << 8) | ((uint32_t)buf[3]);
908 }
909
910 static void
put_be16(uint8_t * buf,uint16_t val)911 put_be16(uint8_t *buf, uint16_t val)
912 {
913 buf[0] = val >> 8;
914 buf[1] = val;
915 }
916
917 static void
put_be32(uint8_t * buf,uint32_t val)918 put_be32(uint8_t *buf, uint32_t val)
919 {
920 buf[0] = val >> 24;
921 buf[1] = val >> 16;
922 buf[2] = val >> 8;
923 buf[3] = val & 0xff;
924 }
925
926 /*------------------------------------------------------------------------*
927 * ustorage_fs_verify
928 *
929 * Returns:
930 * 0: Success
931 * Else: Failure
932 *------------------------------------------------------------------------*/
933 static uint8_t
ustorage_fs_verify(struct ustorage_fs_softc * sc)934 ustorage_fs_verify(struct ustorage_fs_softc *sc)
935 {
936 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
937 uint32_t lba;
938 uint32_t vlen;
939 uint64_t file_offset;
940 uint64_t amount_left;
941
942 /*
943 * Get the starting Logical Block Address
944 */
945 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
946
947 /*
948 * We allow DPO (Disable Page Out = don't save data in the cache)
949 * but we don't implement it.
950 */
951 if ((sc->sc_cbw->CBWCDB[1] & ~0x10) != 0) {
952 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
953 return (1);
954 }
955 vlen = get_be16(&sc->sc_cbw->CBWCDB[7]);
956 if (vlen == 0) {
957 goto done;
958 }
959 /* No default reply */
960
961 /* Prepare to carry out the file verify */
962 amount_left = vlen;
963 amount_left <<= 9;
964 file_offset = lba;
965 file_offset <<= 9;
966
967 /* Range check */
968 vlen += lba;
969
970 if ((vlen < lba) ||
971 (vlen > currlun->num_sectors) ||
972 (lba >= currlun->num_sectors)) {
973 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
974 return (1);
975 }
976 /* XXX TODO: verify that data is readable */
977 done:
978 return (ustorage_fs_min_len(sc, 0, -1U));
979 }
980
981 /*------------------------------------------------------------------------*
982 * ustorage_fs_inquiry
983 *
984 * Returns:
985 * 0: Success
986 * Else: Failure
987 *------------------------------------------------------------------------*/
988 static uint8_t
ustorage_fs_inquiry(struct ustorage_fs_softc * sc)989 ustorage_fs_inquiry(struct ustorage_fs_softc *sc)
990 {
991 uint8_t *buf = sc->sc_transfer.data_ptr;
992
993 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
994
995 if (!sc->sc_transfer.currlun) {
996 /* Unsupported LUNs are okay */
997 memset(buf, 0, 36);
998 buf[0] = 0x7f;
999 /* Unsupported, no device - type */
1000 return (ustorage_fs_min_len(sc, 36, -1U));
1001 }
1002 memset(buf, 0, 8);
1003 /* Non - removable, direct - access device */
1004 if (currlun->removable)
1005 buf[1] = 0x80;
1006 buf[2] = 2;
1007 /* ANSI SCSI level 2 */
1008 buf[3] = 2;
1009 /* SCSI - 2 INQUIRY data format */
1010 buf[4] = 31;
1011 /* Additional length */
1012 /* No special options */
1013 /* Copy in ID string */
1014 memcpy(buf + 8, USTORAGE_FS_ID_STRING, 28);
1015
1016 #if (USTORAGE_QDATA_MAX < 36)
1017 #error "(USTORAGE_QDATA_MAX < 36)"
1018 #endif
1019 return (ustorage_fs_min_len(sc, 36, -1U));
1020 }
1021
1022 /*------------------------------------------------------------------------*
1023 * ustorage_fs_request_sense
1024 *
1025 * Returns:
1026 * 0: Success
1027 * Else: Failure
1028 *------------------------------------------------------------------------*/
1029 static uint8_t
ustorage_fs_request_sense(struct ustorage_fs_softc * sc)1030 ustorage_fs_request_sense(struct ustorage_fs_softc *sc)
1031 {
1032 uint8_t *buf = sc->sc_transfer.data_ptr;
1033 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1034 uint32_t sd;
1035 uint32_t sdinfo;
1036 uint8_t valid;
1037
1038 /*
1039 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1040 *
1041 * If a REQUEST SENSE command is received from an initiator
1042 * with a pending unit attention condition (before the target
1043 * generates the contingent allegiance condition), then the
1044 * target shall either:
1045 * a) report any pending sense data and preserve the unit
1046 * attention condition on the logical unit, or,
1047 * b) report the unit attention condition, may discard any
1048 * pending sense data, and clear the unit attention
1049 * condition on the logical unit for that initiator.
1050 *
1051 * FSG normally uses option a); enable this code to use option b).
1052 */
1053 #if 0
1054 if (currlun && currlun->unit_attention_data != SS_NO_SENSE) {
1055 currlun->sense_data = currlun->unit_attention_data;
1056 currlun->unit_attention_data = SS_NO_SENSE;
1057 }
1058 #endif
1059
1060 if (!currlun) {
1061 /* Unsupported LUNs are okay */
1062 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1063 sdinfo = 0;
1064 valid = 0;
1065 } else {
1066 sd = currlun->sense_data;
1067 sdinfo = currlun->sense_data_info;
1068 valid = currlun->info_valid << 7;
1069 currlun->sense_data = SS_NO_SENSE;
1070 currlun->sense_data_info = 0;
1071 currlun->info_valid = 0;
1072 }
1073
1074 memset(buf, 0, 18);
1075 buf[0] = valid | 0x70;
1076 /* Valid, current error */
1077 buf[2] = SK(sd);
1078 put_be32(&buf[3], sdinfo);
1079 /* Sense information */
1080 buf[7] = 18 - 8;
1081 /* Additional sense length */
1082 buf[12] = ASC(sd);
1083 buf[13] = ASCQ(sd);
1084
1085 #if (USTORAGE_QDATA_MAX < 18)
1086 #error "(USTORAGE_QDATA_MAX < 18)"
1087 #endif
1088 return (ustorage_fs_min_len(sc, 18, -1U));
1089 }
1090
1091 /*------------------------------------------------------------------------*
1092 * ustorage_fs_read_capacity
1093 *
1094 * Returns:
1095 * 0: Success
1096 * Else: Failure
1097 *------------------------------------------------------------------------*/
1098 static uint8_t
ustorage_fs_read_capacity(struct ustorage_fs_softc * sc)1099 ustorage_fs_read_capacity(struct ustorage_fs_softc *sc)
1100 {
1101 uint8_t *buf = sc->sc_transfer.data_ptr;
1102 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1103 uint32_t lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1104 uint8_t pmi = sc->sc_cbw->CBWCDB[8];
1105
1106 /* Check the PMI and LBA fields */
1107 if ((pmi > 1) || ((pmi == 0) && (lba != 0))) {
1108 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1109 return (1);
1110 }
1111 /* Max logical block */
1112 put_be32(&buf[0], currlun->num_sectors - 1);
1113 /* Block length */
1114 put_be32(&buf[4], 512);
1115
1116 #if (USTORAGE_QDATA_MAX < 8)
1117 #error "(USTORAGE_QDATA_MAX < 8)"
1118 #endif
1119 return (ustorage_fs_min_len(sc, 8, -1U));
1120 }
1121
1122 /*------------------------------------------------------------------------*
1123 * ustorage_fs_mode_sense
1124 *
1125 * Returns:
1126 * 0: Success
1127 * Else: Failure
1128 *------------------------------------------------------------------------*/
1129 static uint8_t
ustorage_fs_mode_sense(struct ustorage_fs_softc * sc)1130 ustorage_fs_mode_sense(struct ustorage_fs_softc *sc)
1131 {
1132 uint8_t *buf = sc->sc_transfer.data_ptr;
1133 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1134 uint8_t *buf0;
1135 uint16_t len;
1136 uint16_t limit;
1137 uint8_t mscmnd = sc->sc_cbw->CBWCDB[0];
1138 uint8_t pc;
1139 uint8_t page_code;
1140 uint8_t changeable_values;
1141 uint8_t all_pages;
1142
1143 buf0 = buf;
1144
1145 if ((sc->sc_cbw->CBWCDB[1] & ~0x08) != 0) {
1146 /* Mask away DBD */
1147 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1148 return (1);
1149 }
1150 pc = sc->sc_cbw->CBWCDB[2] >> 6;
1151 page_code = sc->sc_cbw->CBWCDB[2] & 0x3f;
1152 if (pc == 3) {
1153 currlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1154 return (1);
1155 }
1156 changeable_values = (pc == 1);
1157 all_pages = (page_code == 0x3f);
1158
1159 /*
1160 * Write the mode parameter header. Fixed values are: default
1161 * medium type, no cache control (DPOFUA), and no block descriptors.
1162 * The only variable value is the WriteProtect bit. We will fill in
1163 * the mode data length later.
1164 */
1165 memset(buf, 0, 8);
1166 if (mscmnd == SC_MODE_SENSE_6) {
1167 buf[2] = (currlun->read_only ? 0x80 : 0x00);
1168 /* WP, DPOFUA */
1169 buf += 4;
1170 limit = 255;
1171 } else {
1172 /* SC_MODE_SENSE_10 */
1173 buf[3] = (currlun->read_only ? 0x80 : 0x00);
1174 /* WP, DPOFUA */
1175 buf += 8;
1176 limit = 65535;
1177 /* Should really be mod_data.buflen */
1178 }
1179
1180 /* No block descriptors */
1181
1182 /*
1183 * The mode pages, in numerical order.
1184 */
1185 if ((page_code == 0x08) || all_pages) {
1186 buf[0] = 0x08;
1187 /* Page code */
1188 buf[1] = 10;
1189 /* Page length */
1190 memset(buf + 2, 0, 10);
1191 /* None of the fields are changeable */
1192
1193 if (!changeable_values) {
1194 buf[2] = 0x04;
1195 /* Write cache enable, */
1196 /* Read cache not disabled */
1197 /* No cache retention priorities */
1198 put_be16(&buf[4], 0xffff);
1199 /* Don 't disable prefetch */
1200 /* Minimum prefetch = 0 */
1201 put_be16(&buf[8], 0xffff);
1202 /* Maximum prefetch */
1203 put_be16(&buf[10], 0xffff);
1204 /* Maximum prefetch ceiling */
1205 }
1206 buf += 12;
1207 }
1208 /*
1209 * Check that a valid page was requested and the mode data length
1210 * isn't too long.
1211 */
1212 len = buf - buf0;
1213 if (len > limit) {
1214 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1215 return (1);
1216 }
1217 /* Store the mode data length */
1218 if (mscmnd == SC_MODE_SENSE_6)
1219 buf0[0] = len - 1;
1220 else
1221 put_be16(buf0, len - 2);
1222
1223 #if (USTORAGE_QDATA_MAX < 24)
1224 #error "(USTORAGE_QDATA_MAX < 24)"
1225 #endif
1226 return (ustorage_fs_min_len(sc, len, -1U));
1227 }
1228
1229 /*------------------------------------------------------------------------*
1230 * ustorage_fs_start_stop
1231 *
1232 * Returns:
1233 * 0: Success
1234 * Else: Failure
1235 *------------------------------------------------------------------------*/
1236 static uint8_t
ustorage_fs_start_stop(struct ustorage_fs_softc * sc)1237 ustorage_fs_start_stop(struct ustorage_fs_softc *sc)
1238 {
1239 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1240 uint8_t loej;
1241 uint8_t start;
1242 uint8_t immed;
1243
1244 if (!currlun->removable) {
1245 currlun->sense_data = SS_INVALID_COMMAND;
1246 return (1);
1247 }
1248 immed = sc->sc_cbw->CBWCDB[1] & 0x01;
1249 loej = sc->sc_cbw->CBWCDB[4] & 0x02;
1250 start = sc->sc_cbw->CBWCDB[4] & 0x01;
1251
1252 if (immed || loej || start) {
1253 /* compile fix */
1254 }
1255 return (0);
1256 }
1257
1258 /*------------------------------------------------------------------------*
1259 * ustorage_fs_prevent_allow
1260 *
1261 * Returns:
1262 * 0: Success
1263 * Else: Failure
1264 *------------------------------------------------------------------------*/
1265 static uint8_t
ustorage_fs_prevent_allow(struct ustorage_fs_softc * sc)1266 ustorage_fs_prevent_allow(struct ustorage_fs_softc *sc)
1267 {
1268 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1269 uint8_t prevent;
1270
1271 if (!currlun->removable) {
1272 currlun->sense_data = SS_INVALID_COMMAND;
1273 return (1);
1274 }
1275 prevent = sc->sc_cbw->CBWCDB[4] & 0x01;
1276 if ((sc->sc_cbw->CBWCDB[4] & ~0x01) != 0) {
1277 /* Mask away Prevent */
1278 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1279 return (1);
1280 }
1281 if (currlun->prevent_medium_removal && !prevent) {
1282 //fsync_sub(currlun);
1283 }
1284 currlun->prevent_medium_removal = prevent;
1285 return (0);
1286 }
1287
1288 /*------------------------------------------------------------------------*
1289 * ustorage_fs_read_format_capacities
1290 *
1291 * Returns:
1292 * 0: Success
1293 * Else: Failure
1294 *------------------------------------------------------------------------*/
1295 static uint8_t
ustorage_fs_read_format_capacities(struct ustorage_fs_softc * sc)1296 ustorage_fs_read_format_capacities(struct ustorage_fs_softc *sc)
1297 {
1298 uint8_t *buf = sc->sc_transfer.data_ptr;
1299 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1300
1301 buf[0] = buf[1] = buf[2] = 0;
1302 buf[3] = 8;
1303 /* Only the Current / Maximum Capacity Descriptor */
1304 buf += 4;
1305
1306 /* Number of blocks */
1307 put_be32(&buf[0], currlun->num_sectors);
1308 /* Block length */
1309 put_be32(&buf[4], 512);
1310 /* Current capacity */
1311 buf[4] = 0x02;
1312
1313 #if (USTORAGE_QDATA_MAX < 12)
1314 #error "(USTORAGE_QDATA_MAX < 12)"
1315 #endif
1316 return (ustorage_fs_min_len(sc, 12, -1U));
1317 }
1318
1319 /*------------------------------------------------------------------------*
1320 * ustorage_fs_mode_select
1321 *
1322 * Return values:
1323 * 0: Success
1324 * Else: Failure
1325 *------------------------------------------------------------------------*/
1326 static uint8_t
ustorage_fs_mode_select(struct ustorage_fs_softc * sc)1327 ustorage_fs_mode_select(struct ustorage_fs_softc *sc)
1328 {
1329 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1330
1331 /* We don't support MODE SELECT */
1332 currlun->sense_data = SS_INVALID_COMMAND;
1333 return (1);
1334 }
1335
1336 /*------------------------------------------------------------------------*
1337 * ustorage_fs_synchronize_cache
1338 *
1339 * Return values:
1340 * 0: Success
1341 * Else: Failure
1342 *------------------------------------------------------------------------*/
1343 static uint8_t
ustorage_fs_synchronize_cache(struct ustorage_fs_softc * sc)1344 ustorage_fs_synchronize_cache(struct ustorage_fs_softc *sc)
1345 {
1346 #if 0
1347 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1348 uint8_t rc;
1349
1350 /*
1351 * We ignore the requested LBA and write out all dirty data buffers.
1352 */
1353 rc = 0;
1354 if (rc) {
1355 currlun->sense_data = SS_WRITE_ERROR;
1356 }
1357 #endif
1358 return (0);
1359 }
1360
1361 /*------------------------------------------------------------------------*
1362 * ustorage_fs_read - read data from disk
1363 *
1364 * Return values:
1365 * 0: Success
1366 * Else: Failure
1367 *------------------------------------------------------------------------*/
1368 static uint8_t
ustorage_fs_read(struct ustorage_fs_softc * sc)1369 ustorage_fs_read(struct ustorage_fs_softc *sc)
1370 {
1371 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1372 uint64_t file_offset;
1373 uint32_t lba;
1374 uint32_t len;
1375
1376 /*
1377 * Get the starting Logical Block Address and check that it's not
1378 * too big
1379 */
1380 if (sc->sc_cbw->CBWCDB[0] == SC_READ_6) {
1381 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) |
1382 get_be16(&sc->sc_cbw->CBWCDB[2]);
1383 } else {
1384 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1385
1386 /*
1387 * We allow DPO (Disable Page Out = don't save data in the
1388 * cache) and FUA (Force Unit Access = don't read from the
1389 * cache), but we don't implement them.
1390 */
1391 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) {
1392 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1393 return (1);
1394 }
1395 }
1396 len = sc->sc_transfer.data_rem >> 9;
1397 len += lba;
1398
1399 if ((len < lba) ||
1400 (len > currlun->num_sectors) ||
1401 (lba >= currlun->num_sectors)) {
1402 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1403 return (1);
1404 }
1405 file_offset = lba;
1406 file_offset <<= 9;
1407
1408 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1409
1410 return (0);
1411 }
1412
1413 /*------------------------------------------------------------------------*
1414 * ustorage_fs_write - write data to disk
1415 *
1416 * Return values:
1417 * 0: Success
1418 * Else: Failure
1419 *------------------------------------------------------------------------*/
1420 static uint8_t
ustorage_fs_write(struct ustorage_fs_softc * sc)1421 ustorage_fs_write(struct ustorage_fs_softc *sc)
1422 {
1423 struct ustorage_fs_lun *currlun = sc->sc_transfer.currlun;
1424 uint64_t file_offset;
1425 uint32_t lba;
1426 uint32_t len;
1427
1428 if (currlun->read_only) {
1429 currlun->sense_data = SS_WRITE_PROTECTED;
1430 return (1);
1431 }
1432 /* XXX clear SYNC */
1433
1434 /*
1435 * Get the starting Logical Block Address and check that it's not
1436 * too big.
1437 */
1438 if (sc->sc_cbw->CBWCDB[0] == SC_WRITE_6)
1439 lba = (((uint32_t)sc->sc_cbw->CBWCDB[1]) << 16) |
1440 get_be16(&sc->sc_cbw->CBWCDB[2]);
1441 else {
1442 lba = get_be32(&sc->sc_cbw->CBWCDB[2]);
1443
1444 /*
1445 * We allow DPO (Disable Page Out = don't save data in the
1446 * cache) and FUA (Force Unit Access = write directly to the
1447 * medium). We don't implement DPO; we implement FUA by
1448 * performing synchronous output.
1449 */
1450 if ((sc->sc_cbw->CBWCDB[1] & ~0x18) != 0) {
1451 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1452 return (1);
1453 }
1454 if (sc->sc_cbw->CBWCDB[1] & 0x08) {
1455 /* FUA */
1456 /* XXX set SYNC flag here */
1457 }
1458 }
1459
1460 len = sc->sc_transfer.data_rem >> 9;
1461 len += lba;
1462
1463 if ((len < lba) ||
1464 (len > currlun->num_sectors) ||
1465 (lba >= currlun->num_sectors)) {
1466 currlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1467 return (1);
1468 }
1469 file_offset = lba;
1470 file_offset <<= 9;
1471
1472 sc->sc_transfer.data_ptr = currlun->memory_image + file_offset;
1473
1474 return (0);
1475 }
1476
1477 /*------------------------------------------------------------------------*
1478 * ustorage_fs_min_len
1479 *
1480 * Return values:
1481 * 0: Success
1482 * Else: Failure
1483 *------------------------------------------------------------------------*/
1484 static uint8_t
ustorage_fs_min_len(struct ustorage_fs_softc * sc,uint32_t len,uint32_t mask)1485 ustorage_fs_min_len(struct ustorage_fs_softc *sc, uint32_t len, uint32_t mask)
1486 {
1487 if (len != sc->sc_transfer.data_rem) {
1488
1489 if (sc->sc_transfer.cbw_dir == DIR_READ) {
1490 /*
1491 * there must be something wrong about this SCSI
1492 * command
1493 */
1494 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE;
1495 return (1);
1496 }
1497 /* compute the minimum length */
1498
1499 if (sc->sc_transfer.data_rem > len) {
1500 /* data ends prematurely */
1501 sc->sc_transfer.data_rem = len;
1502 sc->sc_transfer.data_short = 1;
1503 }
1504 /* check length alignment */
1505
1506 if (sc->sc_transfer.data_rem & ~mask) {
1507 /* data ends prematurely */
1508 sc->sc_transfer.data_rem &= mask;
1509 sc->sc_transfer.data_short = 1;
1510 }
1511 }
1512 return (0);
1513 }
1514
1515 /*------------------------------------------------------------------------*
1516 * ustorage_fs_check_cmd - check command routine
1517 *
1518 * Check whether the command is properly formed and whether its data
1519 * size and direction agree with the values we already have.
1520 *
1521 * Return values:
1522 * 0: Success
1523 * Else: Failure
1524 *------------------------------------------------------------------------*/
1525 static uint8_t
ustorage_fs_check_cmd(struct ustorage_fs_softc * sc,uint8_t min_cmd_size,uint16_t mask,uint8_t needs_medium)1526 ustorage_fs_check_cmd(struct ustorage_fs_softc *sc, uint8_t min_cmd_size,
1527 uint16_t mask, uint8_t needs_medium)
1528 {
1529 struct ustorage_fs_lun *currlun;
1530 uint8_t lun = (sc->sc_cbw->CBWCDB[1] >> 5);
1531 uint8_t i;
1532
1533 /* Verify the length of the command itself */
1534 if (min_cmd_size > sc->sc_transfer.cmd_len) {
1535 DPRINTF("%u > %u\n",
1536 min_cmd_size, sc->sc_transfer.cmd_len);
1537 sc->sc_csw->bCSWStatus = CSWSTATUS_PHASE;
1538 return (1);
1539 }
1540 /* Mask away the LUN */
1541 sc->sc_cbw->CBWCDB[1] &= 0x1f;
1542
1543 /* Check if LUN is correct */
1544 if (lun != sc->sc_transfer.lun) {
1545
1546 }
1547 /* Check the LUN */
1548 if (sc->sc_transfer.lun <= sc->sc_last_lun) {
1549 sc->sc_transfer.currlun = currlun =
1550 sc->sc_lun + sc->sc_transfer.lun;
1551 if (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE) {
1552 currlun->sense_data = SS_NO_SENSE;
1553 currlun->sense_data_info = 0;
1554 currlun->info_valid = 0;
1555 }
1556 /*
1557 * If a unit attention condition exists, only INQUIRY
1558 * and REQUEST SENSE commands are allowed. Anything
1559 * else must fail!
1560 */
1561 if ((currlun->unit_attention_data != SS_NO_SENSE) &&
1562 (sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) &&
1563 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) {
1564 currlun->sense_data = currlun->unit_attention_data;
1565 currlun->unit_attention_data = SS_NO_SENSE;
1566 return (1);
1567 }
1568 } else {
1569 sc->sc_transfer.currlun = currlun = NULL;
1570
1571 /*
1572 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1573 * to use unsupported LUNs; all others may not.
1574 */
1575 if ((sc->sc_cbw->CBWCDB[0] != SC_INQUIRY) &&
1576 (sc->sc_cbw->CBWCDB[0] != SC_REQUEST_SENSE)) {
1577 return (1);
1578 }
1579 }
1580
1581 /*
1582 * Check that only command bytes listed in the mask are
1583 * non-zero.
1584 */
1585 for (i = 0; i != min_cmd_size; i++) {
1586 if (sc->sc_cbw->CBWCDB[i] && !(mask & (1UL << i))) {
1587 if (currlun) {
1588 currlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1589 }
1590 return (1);
1591 }
1592 }
1593
1594 /*
1595 * If the medium isn't mounted and the command needs to access
1596 * it, return an error.
1597 */
1598 if (currlun && (!currlun->memory_image) && needs_medium) {
1599 currlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1600 return (1);
1601 }
1602 return (0);
1603 }
1604
1605 /*------------------------------------------------------------------------*
1606 * ustorage_fs_do_cmd - do command
1607 *
1608 * Return values:
1609 * 0: Success
1610 * Else: Failure
1611 *------------------------------------------------------------------------*/
1612 static uint8_t
ustorage_fs_do_cmd(struct ustorage_fs_softc * sc)1613 ustorage_fs_do_cmd(struct ustorage_fs_softc *sc)
1614 {
1615 uint8_t error = 1;
1616 uint8_t i;
1617 uint32_t temp;
1618 const uint32_t mask9 = (0xFFFFFFFFUL >> 9) << 9;
1619
1620 /* set default data transfer pointer */
1621 sc->sc_transfer.data_ptr = sc->sc_qdata;
1622
1623 DPRINTF("cmd_data[0]=0x%02x, data_rem=0x%08x\n",
1624 sc->sc_cbw->CBWCDB[0], sc->sc_transfer.data_rem);
1625
1626 switch (sc->sc_cbw->CBWCDB[0]) {
1627 case SC_INQUIRY:
1628 sc->sc_transfer.cmd_dir = DIR_WRITE;
1629 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1630 if (error) {
1631 break;
1632 }
1633 error = ustorage_fs_check_cmd(sc, 6,
1634 (1UL << 4) | 1, 0);
1635 if (error) {
1636 break;
1637 }
1638 error = ustorage_fs_inquiry(sc);
1639
1640 break;
1641
1642 case SC_MODE_SELECT_6:
1643 sc->sc_transfer.cmd_dir = DIR_READ;
1644 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1645 if (error) {
1646 break;
1647 }
1648 error = ustorage_fs_check_cmd(sc, 6,
1649 (1UL << 1) | (1UL << 4) | 1, 0);
1650 if (error) {
1651 break;
1652 }
1653 error = ustorage_fs_mode_select(sc);
1654
1655 break;
1656
1657 case SC_MODE_SELECT_10:
1658 sc->sc_transfer.cmd_dir = DIR_READ;
1659 error = ustorage_fs_min_len(sc,
1660 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1661 if (error) {
1662 break;
1663 }
1664 error = ustorage_fs_check_cmd(sc, 10,
1665 (1UL << 1) | (3UL << 7) | 1, 0);
1666 if (error) {
1667 break;
1668 }
1669 error = ustorage_fs_mode_select(sc);
1670
1671 break;
1672
1673 case SC_MODE_SENSE_6:
1674 sc->sc_transfer.cmd_dir = DIR_WRITE;
1675 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1676 if (error) {
1677 break;
1678 }
1679 error = ustorage_fs_check_cmd(sc, 6,
1680 (1UL << 1) | (1UL << 2) | (1UL << 4) | 1, 0);
1681 if (error) {
1682 break;
1683 }
1684 error = ustorage_fs_mode_sense(sc);
1685
1686 break;
1687
1688 case SC_MODE_SENSE_10:
1689 sc->sc_transfer.cmd_dir = DIR_WRITE;
1690 error = ustorage_fs_min_len(sc,
1691 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1692 if (error) {
1693 break;
1694 }
1695 error = ustorage_fs_check_cmd(sc, 10,
1696 (1UL << 1) | (1UL << 2) | (3UL << 7) | 1, 0);
1697 if (error) {
1698 break;
1699 }
1700 error = ustorage_fs_mode_sense(sc);
1701
1702 break;
1703
1704 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1705 error = ustorage_fs_min_len(sc, 0, -1U);
1706 if (error) {
1707 break;
1708 }
1709 error = ustorage_fs_check_cmd(sc, 6,
1710 (1UL << 4) | 1, 0);
1711 if (error) {
1712 break;
1713 }
1714 error = ustorage_fs_prevent_allow(sc);
1715
1716 break;
1717
1718 case SC_READ_6:
1719 i = sc->sc_cbw->CBWCDB[4];
1720 sc->sc_transfer.cmd_dir = DIR_WRITE;
1721 temp = ((i == 0) ? 256UL : i);
1722 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1723 if (error) {
1724 break;
1725 }
1726 error = ustorage_fs_check_cmd(sc, 6,
1727 (7UL << 1) | (1UL << 4) | 1, 1);
1728 if (error) {
1729 break;
1730 }
1731 error = ustorage_fs_read(sc);
1732
1733 break;
1734
1735 case SC_READ_10:
1736 sc->sc_transfer.cmd_dir = DIR_WRITE;
1737 temp = get_be16(&sc->sc_cbw->CBWCDB[7]);
1738 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1739 if (error) {
1740 break;
1741 }
1742 error = ustorage_fs_check_cmd(sc, 10,
1743 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1744 if (error) {
1745 break;
1746 }
1747 error = ustorage_fs_read(sc);
1748
1749 break;
1750
1751 case SC_READ_12:
1752 sc->sc_transfer.cmd_dir = DIR_WRITE;
1753 temp = get_be32(&sc->sc_cbw->CBWCDB[6]);
1754 if (temp >= (1UL << (32 - 9))) {
1755 /* numerical overflow */
1756 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
1757 error = 1;
1758 break;
1759 }
1760 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1761 if (error) {
1762 break;
1763 }
1764 error = ustorage_fs_check_cmd(sc, 12,
1765 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1766 if (error) {
1767 break;
1768 }
1769 error = ustorage_fs_read(sc);
1770
1771 break;
1772
1773 case SC_READ_CAPACITY:
1774 sc->sc_transfer.cmd_dir = DIR_WRITE;
1775 error = ustorage_fs_check_cmd(sc, 10,
1776 (0xfUL << 2) | (1UL << 8) | 1, 1);
1777 if (error) {
1778 break;
1779 }
1780 error = ustorage_fs_read_capacity(sc);
1781
1782 break;
1783
1784 case SC_READ_FORMAT_CAPACITIES:
1785 sc->sc_transfer.cmd_dir = DIR_WRITE;
1786 error = ustorage_fs_min_len(sc,
1787 get_be16(&sc->sc_cbw->CBWCDB[7]), -1U);
1788 if (error) {
1789 break;
1790 }
1791 error = ustorage_fs_check_cmd(sc, 10,
1792 (3UL << 7) | 1, 1);
1793 if (error) {
1794 break;
1795 }
1796 error = ustorage_fs_read_format_capacities(sc);
1797
1798 break;
1799
1800 case SC_REQUEST_SENSE:
1801 sc->sc_transfer.cmd_dir = DIR_WRITE;
1802 error = ustorage_fs_min_len(sc, sc->sc_cbw->CBWCDB[4], -1U);
1803 if (error) {
1804 break;
1805 }
1806 error = ustorage_fs_check_cmd(sc, 6,
1807 (1UL << 4) | 1, 0);
1808 if (error) {
1809 break;
1810 }
1811 error = ustorage_fs_request_sense(sc);
1812
1813 break;
1814
1815 case SC_START_STOP_UNIT:
1816 error = ustorage_fs_min_len(sc, 0, -1U);
1817 if (error) {
1818 break;
1819 }
1820 error = ustorage_fs_check_cmd(sc, 6,
1821 (1UL << 1) | (1UL << 4) | 1, 0);
1822 if (error) {
1823 break;
1824 }
1825 error = ustorage_fs_start_stop(sc);
1826
1827 break;
1828
1829 case SC_SYNCHRONIZE_CACHE:
1830 error = ustorage_fs_min_len(sc, 0, -1U);
1831 if (error) {
1832 break;
1833 }
1834 error = ustorage_fs_check_cmd(sc, 10,
1835 (0xfUL << 2) | (3UL << 7) | 1, 1);
1836 if (error) {
1837 break;
1838 }
1839 error = ustorage_fs_synchronize_cache(sc);
1840
1841 break;
1842
1843 case SC_TEST_UNIT_READY:
1844 error = ustorage_fs_min_len(sc, 0, -1U);
1845 if (error) {
1846 break;
1847 }
1848 error = ustorage_fs_check_cmd(sc, 6,
1849 0 | 1, 1);
1850 break;
1851
1852 /*
1853 * Although optional, this command is used by MS-Windows.
1854 * We support a minimal version: BytChk must be 0.
1855 */
1856 case SC_VERIFY:
1857 error = ustorage_fs_min_len(sc, 0, -1U);
1858 if (error) {
1859 break;
1860 }
1861 error = ustorage_fs_check_cmd(sc, 10,
1862 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1863 if (error) {
1864 break;
1865 }
1866 error = ustorage_fs_verify(sc);
1867
1868 break;
1869
1870 case SC_WRITE_6:
1871 i = sc->sc_cbw->CBWCDB[4];
1872 sc->sc_transfer.cmd_dir = DIR_READ;
1873 temp = ((i == 0) ? 256UL : i);
1874 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1875 if (error) {
1876 break;
1877 }
1878 error = ustorage_fs_check_cmd(sc, 6,
1879 (7UL << 1) | (1UL << 4) | 1, 1);
1880 if (error) {
1881 break;
1882 }
1883 error = ustorage_fs_write(sc);
1884
1885 break;
1886
1887 case SC_WRITE_10:
1888 sc->sc_transfer.cmd_dir = DIR_READ;
1889 temp = get_be16(&sc->sc_cbw->CBWCDB[7]);
1890 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1891 if (error) {
1892 break;
1893 }
1894 error = ustorage_fs_check_cmd(sc, 10,
1895 (1UL << 1) | (0xfUL << 2) | (3UL << 7) | 1, 1);
1896 if (error) {
1897 break;
1898 }
1899 error = ustorage_fs_write(sc);
1900
1901 break;
1902
1903 case SC_WRITE_12:
1904 sc->sc_transfer.cmd_dir = DIR_READ;
1905 temp = get_be32(&sc->sc_cbw->CBWCDB[6]);
1906 if (temp > (mask9 >> 9)) {
1907 /* numerical overflow */
1908 sc->sc_csw->bCSWStatus = CSWSTATUS_FAILED;
1909 error = 1;
1910 break;
1911 }
1912 error = ustorage_fs_min_len(sc, temp << 9, mask9);
1913 if (error) {
1914 break;
1915 }
1916 error = ustorage_fs_check_cmd(sc, 12,
1917 (1UL << 1) | (0xfUL << 2) | (0xfUL << 6) | 1, 1);
1918 if (error) {
1919 break;
1920 }
1921 error = ustorage_fs_write(sc);
1922
1923 break;
1924
1925 /*
1926 * Some mandatory commands that we recognize but don't
1927 * implement. They don't mean much in this setting.
1928 * It's left as an exercise for anyone interested to
1929 * implement RESERVE and RELEASE in terms of Posix
1930 * locks.
1931 */
1932 case SC_FORMAT_UNIT:
1933 case SC_RELEASE:
1934 case SC_RESERVE:
1935 case SC_SEND_DIAGNOSTIC:
1936 /* Fallthrough */
1937
1938 default:
1939 error = ustorage_fs_min_len(sc, 0, -1U);
1940 if (error) {
1941 break;
1942 }
1943 error = ustorage_fs_check_cmd(sc, sc->sc_transfer.cmd_len,
1944 0xff, 0);
1945 if (error) {
1946 break;
1947 }
1948 sc->sc_transfer.currlun->sense_data =
1949 SS_INVALID_COMMAND;
1950 error = 1;
1951
1952 break;
1953 }
1954 return (error);
1955 }
1956