xref: /freebsd-14-stable/sys/dev/usb/storage/umass.c (revision 642fc04eda48d6b8b0091d968cb5fbca0cb577ba)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 1999 MAEKAWA Masahide <bishop@rr.iij4u.or.jp>,
5  *		      Nick Hibma <n_hibma@FreeBSD.org>
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *	$NetBSD: umass.c,v 1.28 2000/04/02 23:46:53 augustss Exp $
29  */
30 
31 /* Also already merged from NetBSD:
32  *	$NetBSD: umass.c,v 1.67 2001/11/25 19:05:22 augustss Exp $
33  *	$NetBSD: umass.c,v 1.90 2002/11/04 19:17:33 pooka Exp $
34  *	$NetBSD: umass.c,v 1.108 2003/11/07 17:03:25 wiz Exp $
35  *	$NetBSD: umass.c,v 1.109 2003/12/04 13:57:31 keihan Exp $
36  */
37 
38 /*
39  * Universal Serial Bus Mass Storage Class specs:
40  * http://www.usb.org/developers/devclass_docs/usb_msc_overview_1.2.pdf
41  * http://www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
42  * http://www.usb.org/developers/devclass_docs/usb_msc_cbi_1.1.pdf
43  * http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf
44  */
45 
46 /*
47  * Ported to NetBSD by Lennart Augustsson <augustss@NetBSD.org>.
48  * Parts of the code written by Jason R. Thorpe <thorpej@shagadelic.org>.
49  */
50 
51 /*
52  * The driver handles 3 Wire Protocols
53  * - Command/Bulk/Interrupt (CBI)
54  * - Command/Bulk/Interrupt with Command Completion Interrupt (CBI with CCI)
55  * - Mass Storage Bulk-Only (BBB)
56  *   (BBB refers Bulk/Bulk/Bulk for Command/Data/Status phases)
57  *
58  * Over these wire protocols it handles the following command protocols
59  * - SCSI
60  * - UFI (floppy command set)
61  * - 8070i (ATAPI)
62  *
63  * UFI and 8070i (ATAPI) are transformed versions of the SCSI command set. The
64  * sc->sc_transform method is used to convert the commands into the appropriate
65  * format (if at all necessary). For example, UFI requires all commands to be
66  * 12 bytes in length amongst other things.
67  *
68  * The source code below is marked and can be split into a number of pieces
69  * (in this order):
70  *
71  * - probe/attach/detach
72  * - generic transfer routines
73  * - BBB
74  * - CBI
75  * - CBI_I (in addition to functions from CBI)
76  * - CAM (Common Access Method)
77  * - SCSI
78  * - UFI
79  * - 8070i (ATAPI)
80  *
81  * The protocols are implemented using a state machine, for the transfers as
82  * well as for the resets. The state machine is contained in umass_t_*_callback.
83  * The state machine is started through either umass_command_start() or
84  * umass_reset().
85  *
86  * The reason for doing this is a) CAM performs a lot better this way and b) it
87  * avoids using tsleep from interrupt context (for example after a failed
88  * transfer).
89  */
90 
91 /*
92  * The SCSI related part of this driver has been derived from the
93  * dev/ppbus/vpo.c driver, by Nicolas Souchu (nsouch@FreeBSD.org).
94  *
95  * The CAM layer uses so called actions which are messages sent to the host
96  * adapter for completion. The actions come in through umass_cam_action. The
97  * appropriate block of routines is called depending on the transport protocol
98  * in use. When the transfer has finished, these routines call
99  * umass_cam_cb again to complete the CAM command.
100  */
101 
102 #include <sys/stdint.h>
103 #include <sys/stddef.h>
104 #include <sys/param.h>
105 #include <sys/queue.h>
106 #include <sys/types.h>
107 #include <sys/systm.h>
108 #include <sys/kernel.h>
109 #include <sys/bus.h>
110 #include <sys/module.h>
111 #include <sys/lock.h>
112 #include <sys/mutex.h>
113 #include <sys/condvar.h>
114 #include <sys/sysctl.h>
115 #include <sys/sx.h>
116 #include <sys/unistd.h>
117 #include <sys/callout.h>
118 #include <sys/malloc.h>
119 #include <sys/priv.h>
120 
121 #include <dev/usb/usb.h>
122 #include <dev/usb/usbdi.h>
123 #include <dev/usb/usbdi_util.h>
124 #include "usbdevs.h"
125 
126 #include <dev/usb/quirk/usb_quirk.h>
127 
128 #include <cam/cam.h>
129 #include <cam/cam_ccb.h>
130 #include <cam/cam_sim.h>
131 #include <cam/cam_xpt_sim.h>
132 #include <cam/scsi/scsi_all.h>
133 #include <cam/scsi/scsi_da.h>
134 
135 #include <cam/cam_periph.h>
136 
137 #ifdef USB_DEBUG
138 #define	DIF(m, x)				\
139   do {						\
140     if (umass_debug & (m)) { x ; }		\
141   } while (0)
142 
143 #define	DPRINTF(sc, m, fmt, ...)			\
144   do {							\
145     if (umass_debug & (m)) {				\
146         printf("%s:%s: " fmt,				\
147 	       (sc) ? (const char *)(sc)->sc_name :	\
148 	       (const char *)"umassX",			\
149 		__FUNCTION__ ,## __VA_ARGS__);		\
150     }							\
151   } while (0)
152 
153 #define	UDMASS_GEN	0x00010000	/* general */
154 #define	UDMASS_SCSI	0x00020000	/* scsi */
155 #define	UDMASS_UFI	0x00040000	/* ufi command set */
156 #define	UDMASS_ATAPI	0x00080000	/* 8070i command set */
157 #define	UDMASS_CMD	(UDMASS_SCSI|UDMASS_UFI|UDMASS_ATAPI)
158 #define	UDMASS_USB	0x00100000	/* USB general */
159 #define	UDMASS_BBB	0x00200000	/* Bulk-Only transfers */
160 #define	UDMASS_CBI	0x00400000	/* CBI transfers */
161 #define	UDMASS_WIRE	(UDMASS_BBB|UDMASS_CBI)
162 #define	UDMASS_ALL	0xffff0000	/* all of the above */
163 static int umass_debug;
164 static int umass_throttle;
165 
166 static SYSCTL_NODE(_hw_usb, OID_AUTO, umass, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
167     "USB umass");
168 SYSCTL_INT(_hw_usb_umass, OID_AUTO, debug, CTLFLAG_RWTUN,
169     &umass_debug, 0, "umass debug level");
170 SYSCTL_INT(_hw_usb_umass, OID_AUTO, throttle, CTLFLAG_RWTUN,
171     &umass_throttle, 0, "Forced delay between commands in milliseconds");
172 #else
173 #define	DIF(...) do { } while (0)
174 #define	DPRINTF(...) do { } while (0)
175 #endif
176 
177 #define	UMASS_BULK_SIZE (1 << 17)
178 #define	UMASS_CBI_DIAGNOSTIC_CMDLEN 12	/* bytes */
179 #define	UMASS_MAX_CMDLEN MAX(12, CAM_MAX_CDBLEN)	/* bytes */
180 
181 /* USB transfer definitions */
182 
183 #define	UMASS_T_BBB_RESET1      0	/* Bulk-Only */
184 #define	UMASS_T_BBB_RESET2      1
185 #define	UMASS_T_BBB_RESET3      2
186 #define	UMASS_T_BBB_COMMAND     3
187 #define	UMASS_T_BBB_DATA_READ   4
188 #define	UMASS_T_BBB_DATA_RD_CS  5
189 #define	UMASS_T_BBB_DATA_WRITE  6
190 #define	UMASS_T_BBB_DATA_WR_CS  7
191 #define	UMASS_T_BBB_STATUS      8
192 #define	UMASS_T_BBB_MAX         9
193 
194 #define	UMASS_T_CBI_RESET1      0	/* CBI */
195 #define	UMASS_T_CBI_RESET2      1
196 #define	UMASS_T_CBI_RESET3      2
197 #define	UMASS_T_CBI_COMMAND     3
198 #define	UMASS_T_CBI_DATA_READ   4
199 #define	UMASS_T_CBI_DATA_RD_CS  5
200 #define	UMASS_T_CBI_DATA_WRITE  6
201 #define	UMASS_T_CBI_DATA_WR_CS  7
202 #define	UMASS_T_CBI_STATUS      8
203 #define	UMASS_T_CBI_RESET4      9
204 #define	UMASS_T_CBI_MAX        10
205 
206 #define	UMASS_T_MAX MAX(UMASS_T_CBI_MAX, UMASS_T_BBB_MAX)
207 
208 /* Generic definitions */
209 
210 /* Direction for transfer */
211 #define	DIR_NONE	0
212 #define	DIR_IN		1
213 #define	DIR_OUT		2
214 
215 /* device name */
216 #define	DEVNAME		"umass"
217 #define	DEVNAME_SIM	"umass-sim"
218 
219 /* Approximate maximum transfer speeds (assumes 33% overhead). */
220 #define	UMASS_FULL_TRANSFER_SPEED	1000
221 #define	UMASS_HIGH_TRANSFER_SPEED	40000
222 #define	UMASS_SUPER_TRANSFER_SPEED	400000
223 #define	UMASS_FLOPPY_TRANSFER_SPEED	20
224 
225 #define	UMASS_TIMEOUT			5000	/* ms */
226 
227 /* CAM specific definitions */
228 
229 #define	UMASS_SCSIID_MAX	1	/* maximum number of drives expected */
230 #define	UMASS_SCSIID_HOST	UMASS_SCSIID_MAX
231 
232 /* Bulk-Only features */
233 
234 #define	UR_BBB_RESET		0xff	/* Bulk-Only reset */
235 #define	UR_BBB_GET_MAX_LUN	0xfe	/* Get maximum lun */
236 
237 /* Command Block Wrapper */
238 typedef struct {
239 	uDWord	dCBWSignature;
240 #define	CBWSIGNATURE	0x43425355
241 	uDWord	dCBWTag;
242 	uDWord	dCBWDataTransferLength;
243 	uByte	bCBWFlags;
244 #define	CBWFLAGS_OUT	0x00
245 #define	CBWFLAGS_IN	0x80
246 	uByte	bCBWLUN;
247 	uByte	bCDBLength;
248 #define	CBWCDBLENGTH	16
249 	uByte	CBWCDB[CBWCDBLENGTH];
250 } __packed umass_bbb_cbw_t;
251 
252 #define	UMASS_BBB_CBW_SIZE	31
253 
254 /* Command Status Wrapper */
255 typedef struct {
256 	uDWord	dCSWSignature;
257 #define	CSWSIGNATURE	0x53425355
258 #define	CSWSIGNATURE_IMAGINATION_DBX1	0x43425355
259 #define	CSWSIGNATURE_OLYMPUS_C1	0x55425355
260 	uDWord	dCSWTag;
261 	uDWord	dCSWDataResidue;
262 	uByte	bCSWStatus;
263 #define	CSWSTATUS_GOOD	0x0
264 #define	CSWSTATUS_FAILED	0x1
265 #define	CSWSTATUS_PHASE	0x2
266 } __packed umass_bbb_csw_t;
267 
268 #define	UMASS_BBB_CSW_SIZE	13
269 
270 /* CBI features */
271 
272 #define	UR_CBI_ADSC	0x00
273 
274 typedef union {
275 	struct {
276 		uint8_t	type;
277 #define	IDB_TYPE_CCI		0x00
278 		uint8_t	value;
279 #define	IDB_VALUE_PASS		0x00
280 #define	IDB_VALUE_FAIL		0x01
281 #define	IDB_VALUE_PHASE		0x02
282 #define	IDB_VALUE_PERSISTENT	0x03
283 #define	IDB_VALUE_STATUS_MASK	0x03
284 	} __packed common;
285 
286 	struct {
287 		uint8_t	asc;
288 		uint8_t	ascq;
289 	} __packed ufi;
290 } __packed umass_cbi_sbl_t;
291 
292 struct umass_softc;			/* see below */
293 
294 typedef void (umass_callback_t)(struct umass_softc *sc, union ccb *ccb,
295     	uint32_t residue, uint8_t status);
296 
297 #define	STATUS_CMD_OK		0	/* everything ok */
298 #define	STATUS_CMD_UNKNOWN	1	/* will have to fetch sense */
299 #define	STATUS_CMD_FAILED	2	/* transfer was ok, command failed */
300 #define	STATUS_WIRE_FAILED	3	/* couldn't even get command across */
301 
302 typedef uint8_t (umass_transform_t)(struct umass_softc *sc, uint8_t *cmd_ptr,
303     	uint8_t cmd_len);
304 
305 /* Wire and command protocol */
306 #define	UMASS_PROTO_BBB		0x0001	/* USB wire protocol */
307 #define	UMASS_PROTO_CBI		0x0002
308 #define	UMASS_PROTO_CBI_I	0x0004
309 #define	UMASS_PROTO_WIRE	0x00ff	/* USB wire protocol mask */
310 #define	UMASS_PROTO_SCSI	0x0100	/* command protocol */
311 #define	UMASS_PROTO_ATAPI	0x0200
312 #define	UMASS_PROTO_UFI		0x0400
313 #define	UMASS_PROTO_RBC		0x0800
314 #define	UMASS_PROTO_COMMAND	0xff00	/* command protocol mask */
315 
316 /* Device specific quirks */
317 #define	NO_QUIRKS		0x0000
318 	/*
319 	 * The drive does not support Test Unit Ready. Convert to Start Unit
320 	 */
321 #define	NO_TEST_UNIT_READY	0x0001
322 	/*
323 	 * The drive does not reset the Unit Attention state after REQUEST
324 	 * SENSE has been sent. The INQUIRY command does not reset the UA
325 	 * either, and so CAM runs in circles trying to retrieve the initial
326 	 * INQUIRY data.
327 	 */
328 #define	RS_NO_CLEAR_UA		0x0002
329 	/* The drive does not support START STOP.  */
330 #define	NO_START_STOP		0x0004
331 	/* Don't ask for full inquiry data (255b).  */
332 #define	FORCE_SHORT_INQUIRY	0x0008
333 	/* Needs to be initialised the Shuttle way */
334 #define	SHUTTLE_INIT		0x0010
335 	/* Drive needs to be switched to alternate iface 1 */
336 #define	ALT_IFACE_1		0x0020
337 	/* Drive does not do 1Mb/s, but just floppy speeds (20kb/s) */
338 #define	FLOPPY_SPEED		0x0040
339 	/* The device can't count and gets the residue of transfers wrong */
340 #define	IGNORE_RESIDUE		0x0080
341 	/* No GetMaxLun call */
342 #define	NO_GETMAXLUN		0x0100
343 	/* The device uses a weird CSWSIGNATURE. */
344 #define	WRONG_CSWSIG		0x0200
345 	/* Device cannot handle INQUIRY so fake a generic response */
346 #define	NO_INQUIRY		0x0400
347 	/* Device cannot handle INQUIRY EVPD, return CHECK CONDITION */
348 #define	NO_INQUIRY_EVPD		0x0800
349 	/* Pad all RBC requests to 12 bytes. */
350 #define	RBC_PAD_TO_12		0x1000
351 	/*
352 	 * Device reports number of sectors from READ_CAPACITY, not max
353 	 * sector number.
354 	 */
355 #define	READ_CAPACITY_OFFBY1	0x2000
356 	/*
357 	 * Device cannot handle a SCSI synchronize cache command.  Normally
358 	 * this quirk would be handled in the cam layer, but for IDE bridges
359 	 * we need to associate the quirk with the bridge and not the
360 	 * underlying disk device.  This is handled by faking a success
361 	 * result.
362 	 */
363 #define	NO_SYNCHRONIZE_CACHE	0x4000
364 	/* Device does not support 'PREVENT/ALLOW MEDIUM REMOVAL'. */
365 #define	NO_PREVENT_ALLOW	0x8000
366 
367 struct umass_softc {
368 	struct scsi_sense cam_scsi_sense;
369 	struct scsi_test_unit_ready cam_scsi_test_unit_ready;
370 	struct mtx sc_mtx;
371 	struct {
372 		uint8_t *data_ptr;
373 		union ccb *ccb;
374 		umass_callback_t *callback;
375 
376 		uint32_t data_len;	/* bytes */
377 		uint32_t data_rem;	/* bytes */
378 		uint32_t data_timeout;	/* ms */
379 		uint32_t actlen;	/* bytes */
380 
381 		uint8_t	cmd_data[UMASS_MAX_CMDLEN];
382 		uint8_t	cmd_len;	/* bytes */
383 		uint8_t	dir;
384 		uint8_t	lun;
385 	}	sc_transfer;
386 
387 	/* Bulk specific variables for transfers in progress */
388 	umass_bbb_cbw_t cbw;		/* command block wrapper */
389 	umass_bbb_csw_t csw;		/* command status wrapper */
390 
391 	/* CBI specific variables for transfers in progress */
392 	umass_cbi_sbl_t sbl;		/* status block */
393 
394 	device_t sc_dev;
395 	struct usb_device *sc_udev;
396 	struct cam_sim *sc_sim;		/* SCSI Interface Module */
397 	struct usb_xfer *sc_xfer[UMASS_T_MAX];
398 
399 	/*
400 	 * The command transform function is used to convert the SCSI
401 	 * commands into their derivatives, like UFI, ATAPI, and friends.
402 	 */
403 	umass_transform_t *sc_transform;
404 
405 	uint32_t sc_unit;
406 	uint32_t sc_quirks;		/* they got it almost right */
407 	uint32_t sc_proto;		/* wire and cmd protocol */
408 
409 	uint8_t	sc_name[16];
410 	uint8_t	sc_iface_no;		/* interface number */
411 	uint8_t	sc_maxlun;		/* maximum LUN number, inclusive */
412 	uint8_t	sc_last_xfer_index;
413 	uint8_t	sc_status_try;
414 };
415 
416 struct umass_probe_proto {
417 	uint32_t quirks;
418 	uint32_t proto;
419 
420 	int	error;
421 };
422 
423 /* prototypes */
424 
425 static device_probe_t umass_probe;
426 static device_attach_t umass_attach;
427 static device_detach_t umass_detach;
428 
429 static usb_callback_t umass_tr_error;
430 static usb_callback_t umass_t_bbb_reset1_callback;
431 static usb_callback_t umass_t_bbb_reset2_callback;
432 static usb_callback_t umass_t_bbb_reset3_callback;
433 static usb_callback_t umass_t_bbb_command_callback;
434 static usb_callback_t umass_t_bbb_data_read_callback;
435 static usb_callback_t umass_t_bbb_data_rd_cs_callback;
436 static usb_callback_t umass_t_bbb_data_write_callback;
437 static usb_callback_t umass_t_bbb_data_wr_cs_callback;
438 static usb_callback_t umass_t_bbb_status_callback;
439 static usb_callback_t umass_t_cbi_reset1_callback;
440 static usb_callback_t umass_t_cbi_reset2_callback;
441 static usb_callback_t umass_t_cbi_reset3_callback;
442 static usb_callback_t umass_t_cbi_reset4_callback;
443 static usb_callback_t umass_t_cbi_command_callback;
444 static usb_callback_t umass_t_cbi_data_read_callback;
445 static usb_callback_t umass_t_cbi_data_rd_cs_callback;
446 static usb_callback_t umass_t_cbi_data_write_callback;
447 static usb_callback_t umass_t_cbi_data_wr_cs_callback;
448 static usb_callback_t umass_t_cbi_status_callback;
449 
450 static void	umass_cancel_ccb(struct umass_softc *);
451 static void	umass_init_shuttle(struct umass_softc *);
452 static void	umass_reset(struct umass_softc *);
453 static void	umass_t_bbb_data_clear_stall_callback(struct usb_xfer *,
454 		    uint8_t, uint8_t, usb_error_t);
455 static void	umass_command_start(struct umass_softc *, uint8_t, void *,
456 		    uint32_t, uint32_t, umass_callback_t *, union ccb *);
457 static uint8_t	umass_bbb_get_max_lun(struct umass_softc *);
458 static void	umass_cbi_start_status(struct umass_softc *);
459 static void	umass_t_cbi_data_clear_stall_callback(struct usb_xfer *,
460 		    uint8_t, uint8_t, usb_error_t);
461 static int	umass_cam_attach_sim(struct umass_softc *);
462 static void	umass_cam_attach(struct umass_softc *);
463 static void	umass_cam_detach_sim(struct umass_softc *);
464 static void	umass_cam_action(struct cam_sim *, union ccb *);
465 static void	umass_cam_poll(struct cam_sim *);
466 static void	umass_cam_cb(struct umass_softc *, union ccb *, uint32_t,
467 		    uint8_t);
468 static void	umass_cam_sense_cb(struct umass_softc *, union ccb *, uint32_t,
469 		    uint8_t);
470 static void	umass_cam_quirk_cb(struct umass_softc *, union ccb *, uint32_t,
471 		    uint8_t);
472 static uint8_t	umass_scsi_transform(struct umass_softc *, uint8_t *, uint8_t);
473 static uint8_t	umass_rbc_transform(struct umass_softc *, uint8_t *, uint8_t);
474 static uint8_t	umass_ufi_transform(struct umass_softc *, uint8_t *, uint8_t);
475 static uint8_t	umass_atapi_transform(struct umass_softc *, uint8_t *,
476 		    uint8_t);
477 static uint8_t	umass_no_transform(struct umass_softc *, uint8_t *, uint8_t);
478 static uint8_t	umass_std_transform(struct umass_softc *, union ccb *, uint8_t
479 		    *, uint8_t);
480 
481 #ifdef USB_DEBUG
482 static void	umass_bbb_dump_cbw(struct umass_softc *, umass_bbb_cbw_t *);
483 static void	umass_bbb_dump_csw(struct umass_softc *, umass_bbb_csw_t *);
484 static void	umass_cbi_dump_cmd(struct umass_softc *, void *, uint8_t);
485 static void	umass_dump_buffer(struct umass_softc *, uint8_t *, uint32_t,
486 		    uint32_t);
487 #endif
488 
489 static struct usb_config umass_bbb_config[UMASS_T_BBB_MAX] = {
490 	[UMASS_T_BBB_RESET1] = {
491 		.type = UE_CONTROL,
492 		.endpoint = 0x00,	/* Control pipe */
493 		.direction = UE_DIR_ANY,
494 		.bufsize = sizeof(struct usb_device_request),
495 		.callback = &umass_t_bbb_reset1_callback,
496 		.timeout = 5000,	/* 5 seconds */
497 		.interval = 500,	/* 500 milliseconds */
498 	},
499 
500 	[UMASS_T_BBB_RESET2] = {
501 		.type = UE_CONTROL,
502 		.endpoint = 0x00,	/* Control pipe */
503 		.direction = UE_DIR_ANY,
504 		.bufsize = sizeof(struct usb_device_request),
505 		.callback = &umass_t_bbb_reset2_callback,
506 		.timeout = 5000,	/* 5 seconds */
507 		.interval = 50,	/* 50 milliseconds */
508 	},
509 
510 	[UMASS_T_BBB_RESET3] = {
511 		.type = UE_CONTROL,
512 		.endpoint = 0x00,	/* Control pipe */
513 		.direction = UE_DIR_ANY,
514 		.bufsize = sizeof(struct usb_device_request),
515 		.callback = &umass_t_bbb_reset3_callback,
516 		.timeout = 5000,	/* 5 seconds */
517 		.interval = 50,	/* 50 milliseconds */
518 	},
519 
520 	[UMASS_T_BBB_COMMAND] = {
521 		.type = UE_BULK,
522 		.endpoint = UE_ADDR_ANY,
523 		.direction = UE_DIR_OUT,
524 		.bufsize = sizeof(umass_bbb_cbw_t),
525 		.callback = &umass_t_bbb_command_callback,
526 		.timeout = 5000,	/* 5 seconds */
527 	},
528 
529 	[UMASS_T_BBB_DATA_READ] = {
530 		.type = UE_BULK,
531 		.endpoint = UE_ADDR_ANY,
532 		.direction = UE_DIR_IN,
533 		.bufsize = UMASS_BULK_SIZE,
534 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
535 		.callback = &umass_t_bbb_data_read_callback,
536 		.timeout = 0,	/* overwritten later */
537 	},
538 
539 	[UMASS_T_BBB_DATA_RD_CS] = {
540 		.type = UE_CONTROL,
541 		.endpoint = 0x00,	/* Control pipe */
542 		.direction = UE_DIR_ANY,
543 		.bufsize = sizeof(struct usb_device_request),
544 		.callback = &umass_t_bbb_data_rd_cs_callback,
545 		.timeout = 5000,	/* 5 seconds */
546 	},
547 
548 	[UMASS_T_BBB_DATA_WRITE] = {
549 		.type = UE_BULK,
550 		.endpoint = UE_ADDR_ANY,
551 		.direction = UE_DIR_OUT,
552 		.bufsize = UMASS_BULK_SIZE,
553 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
554 		.callback = &umass_t_bbb_data_write_callback,
555 		.timeout = 0,	/* overwritten later */
556 	},
557 
558 	[UMASS_T_BBB_DATA_WR_CS] = {
559 		.type = UE_CONTROL,
560 		.endpoint = 0x00,	/* Control pipe */
561 		.direction = UE_DIR_ANY,
562 		.bufsize = sizeof(struct usb_device_request),
563 		.callback = &umass_t_bbb_data_wr_cs_callback,
564 		.timeout = 5000,	/* 5 seconds */
565 	},
566 
567 	[UMASS_T_BBB_STATUS] = {
568 		.type = UE_BULK,
569 		.endpoint = UE_ADDR_ANY,
570 		.direction = UE_DIR_IN,
571 		.bufsize = sizeof(umass_bbb_csw_t),
572 		.flags = {.short_xfer_ok = 1,},
573 		.callback = &umass_t_bbb_status_callback,
574 		.timeout = 5000,	/* ms */
575 	},
576 };
577 
578 static struct usb_config umass_cbi_config[UMASS_T_CBI_MAX] = {
579 	[UMASS_T_CBI_RESET1] = {
580 		.type = UE_CONTROL,
581 		.endpoint = 0x00,	/* Control pipe */
582 		.direction = UE_DIR_ANY,
583 		.bufsize = (sizeof(struct usb_device_request) +
584 		    UMASS_CBI_DIAGNOSTIC_CMDLEN),
585 		.callback = &umass_t_cbi_reset1_callback,
586 		.timeout = 5000,	/* 5 seconds */
587 		.interval = 500,	/* 500 milliseconds */
588 	},
589 
590 	[UMASS_T_CBI_RESET2] = {
591 		.type = UE_CONTROL,
592 		.endpoint = 0x00,	/* Control pipe */
593 		.direction = UE_DIR_ANY,
594 		.bufsize = sizeof(struct usb_device_request),
595 		.callback = &umass_t_cbi_reset2_callback,
596 		.timeout = 5000,	/* 5 seconds */
597 		.interval = 50,	/* 50 milliseconds */
598 	},
599 
600 	[UMASS_T_CBI_RESET3] = {
601 		.type = UE_CONTROL,
602 		.endpoint = 0x00,	/* Control pipe */
603 		.direction = UE_DIR_ANY,
604 		.bufsize = sizeof(struct usb_device_request),
605 		.callback = &umass_t_cbi_reset3_callback,
606 		.timeout = 5000,	/* 5 seconds */
607 		.interval = 50,	/* 50 milliseconds */
608 	},
609 
610 	[UMASS_T_CBI_COMMAND] = {
611 		.type = UE_CONTROL,
612 		.endpoint = 0x00,	/* Control pipe */
613 		.direction = UE_DIR_ANY,
614 		.bufsize = (sizeof(struct usb_device_request) +
615 		    UMASS_MAX_CMDLEN),
616 		.callback = &umass_t_cbi_command_callback,
617 		.timeout = 5000,	/* 5 seconds */
618 	},
619 
620 	[UMASS_T_CBI_DATA_READ] = {
621 		.type = UE_BULK,
622 		.endpoint = UE_ADDR_ANY,
623 		.direction = UE_DIR_IN,
624 		.bufsize = UMASS_BULK_SIZE,
625 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
626 		.callback = &umass_t_cbi_data_read_callback,
627 		.timeout = 0,	/* overwritten later */
628 	},
629 
630 	[UMASS_T_CBI_DATA_RD_CS] = {
631 		.type = UE_CONTROL,
632 		.endpoint = 0x00,	/* Control pipe */
633 		.direction = UE_DIR_ANY,
634 		.bufsize = sizeof(struct usb_device_request),
635 		.callback = &umass_t_cbi_data_rd_cs_callback,
636 		.timeout = 5000,	/* 5 seconds */
637 	},
638 
639 	[UMASS_T_CBI_DATA_WRITE] = {
640 		.type = UE_BULK,
641 		.endpoint = UE_ADDR_ANY,
642 		.direction = UE_DIR_OUT,
643 		.bufsize = UMASS_BULK_SIZE,
644 		.flags = {.proxy_buffer = 1,.short_xfer_ok = 1,.ext_buffer=1,},
645 		.callback = &umass_t_cbi_data_write_callback,
646 		.timeout = 0,	/* overwritten later */
647 	},
648 
649 	[UMASS_T_CBI_DATA_WR_CS] = {
650 		.type = UE_CONTROL,
651 		.endpoint = 0x00,	/* Control pipe */
652 		.direction = UE_DIR_ANY,
653 		.bufsize = sizeof(struct usb_device_request),
654 		.callback = &umass_t_cbi_data_wr_cs_callback,
655 		.timeout = 5000,	/* 5 seconds */
656 	},
657 
658 	[UMASS_T_CBI_STATUS] = {
659 		.type = UE_INTERRUPT,
660 		.endpoint = UE_ADDR_ANY,
661 		.direction = UE_DIR_IN,
662 		.flags = {.short_xfer_ok = 1,.no_pipe_ok = 1,},
663 		.bufsize = sizeof(umass_cbi_sbl_t),
664 		.callback = &umass_t_cbi_status_callback,
665 		.timeout = 5000,	/* ms */
666 	},
667 
668 	[UMASS_T_CBI_RESET4] = {
669 		.type = UE_CONTROL,
670 		.endpoint = 0x00,	/* Control pipe */
671 		.direction = UE_DIR_ANY,
672 		.bufsize = sizeof(struct usb_device_request),
673 		.callback = &umass_t_cbi_reset4_callback,
674 		.timeout = 5000,	/* ms */
675 	},
676 };
677 
678 /* If device cannot return valid inquiry data, fake it */
679 static const uint8_t fake_inq_data[SHORT_INQUIRY_LENGTH] = {
680 	0, /* removable */ 0x80, SCSI_REV_2, SCSI_REV_2,
681 	 /* additional_length */ 31, 0, 0, 0
682 };
683 
684 #define	UFI_COMMAND_LENGTH	12	/* UFI commands are always 12 bytes */
685 #define	ATAPI_COMMAND_LENGTH	12	/* ATAPI commands are always 12 bytes */
686 
687 static device_method_t umass_methods[] = {
688 	/* Device interface */
689 	DEVMETHOD(device_probe, umass_probe),
690 	DEVMETHOD(device_attach, umass_attach),
691 	DEVMETHOD(device_detach, umass_detach),
692 
693 	DEVMETHOD_END
694 };
695 
696 static driver_t umass_driver = {
697 	.name = "umass",
698 	.methods = umass_methods,
699 	.size = sizeof(struct umass_softc),
700 };
701 
702 static const STRUCT_USB_HOST_ID __used umass_devs[] = {
703 	/* generic mass storage class */
704 	{USB_IFACE_CLASS(UICLASS_MASS),},
705 };
706 
707 DRIVER_MODULE(umass, uhub, umass_driver, NULL, NULL);
708 MODULE_DEPEND(umass, usb, 1, 1, 1);
709 MODULE_DEPEND(umass, cam, 1, 1, 1);
710 MODULE_VERSION(umass, 1);
711 USB_PNP_HOST_INFO(umass_devs);
712 
713 /*
714  * USB device probe/attach/detach
715  */
716 
717 static uint16_t
umass_get_proto(struct usb_interface * iface)718 umass_get_proto(struct usb_interface *iface)
719 {
720 	struct usb_interface_descriptor *id;
721 	uint16_t retval;
722 
723 	retval = 0;
724 
725 	/* Check for a standards compliant device */
726 	id = usbd_get_interface_descriptor(iface);
727 	if ((id == NULL) ||
728 	    (id->bInterfaceClass != UICLASS_MASS)) {
729 		goto done;
730 	}
731 	switch (id->bInterfaceSubClass) {
732 	case UISUBCLASS_SCSI:
733 		retval |= UMASS_PROTO_SCSI;
734 		break;
735 	case UISUBCLASS_UFI:
736 		retval |= UMASS_PROTO_UFI;
737 		break;
738 	case UISUBCLASS_RBC:
739 		retval |= UMASS_PROTO_RBC;
740 		break;
741 	case UISUBCLASS_SFF8020I:
742 	case UISUBCLASS_SFF8070I:
743 		retval |= UMASS_PROTO_ATAPI;
744 		break;
745 	default:
746 		goto done;
747 	}
748 
749 	switch (id->bInterfaceProtocol) {
750 	case UIPROTO_MASS_CBI:
751 		retval |= UMASS_PROTO_CBI;
752 		break;
753 	case UIPROTO_MASS_CBI_I:
754 		retval |= UMASS_PROTO_CBI_I;
755 		break;
756 	case UIPROTO_MASS_BBB_OLD:
757 	case UIPROTO_MASS_BBB:
758 		retval |= UMASS_PROTO_BBB;
759 		break;
760 	default:
761 		goto done;
762 	}
763 done:
764 	return (retval);
765 }
766 
767 /*
768  * Match the device we are seeing with the devices supported.
769  */
770 static struct umass_probe_proto
umass_probe_proto(device_t dev,struct usb_attach_arg * uaa)771 umass_probe_proto(device_t dev, struct usb_attach_arg *uaa)
772 {
773 	struct umass_probe_proto ret;
774 	uint32_t quirks = NO_QUIRKS;
775 	uint32_t proto = umass_get_proto(uaa->iface);
776 
777 	memset(&ret, 0, sizeof(ret));
778 	ret.error = BUS_PROBE_GENERIC;
779 
780 	/* Check if we should deny probing. */
781 	if (usb_test_quirk(uaa, UQ_MSC_IGNORE)) {
782 		ret.error = ENXIO;
783 		goto done;
784 	}
785 
786 	/* Search for protocol enforcement */
787 
788 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_BBB)) {
789 		proto &= ~UMASS_PROTO_WIRE;
790 		proto |= UMASS_PROTO_BBB;
791 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI)) {
792 		proto &= ~UMASS_PROTO_WIRE;
793 		proto |= UMASS_PROTO_CBI;
794 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_WIRE_CBI_I)) {
795 		proto &= ~UMASS_PROTO_WIRE;
796 		proto |= UMASS_PROTO_CBI_I;
797 	}
798 
799 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_SCSI)) {
800 		proto &= ~UMASS_PROTO_COMMAND;
801 		proto |= UMASS_PROTO_SCSI;
802 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_ATAPI)) {
803 		proto &= ~UMASS_PROTO_COMMAND;
804 		proto |= UMASS_PROTO_ATAPI;
805 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_UFI)) {
806 		proto &= ~UMASS_PROTO_COMMAND;
807 		proto |= UMASS_PROTO_UFI;
808 	} else if (usb_test_quirk(uaa, UQ_MSC_FORCE_PROTO_RBC)) {
809 		proto &= ~UMASS_PROTO_COMMAND;
810 		proto |= UMASS_PROTO_RBC;
811 	}
812 
813 	/* Check if the protocol is invalid */
814 
815 	if ((proto & UMASS_PROTO_COMMAND) == 0) {
816 		ret.error = ENXIO;
817 		goto done;
818 	}
819 
820 	if ((proto & UMASS_PROTO_WIRE) == 0) {
821 		ret.error = ENXIO;
822 		goto done;
823 	}
824 
825 	/* Search for quirks */
826 
827 	if (usb_test_quirk(uaa, UQ_MSC_NO_TEST_UNIT_READY))
828 		quirks |= NO_TEST_UNIT_READY;
829 	if (usb_test_quirk(uaa, UQ_MSC_NO_RS_CLEAR_UA))
830 		quirks |= RS_NO_CLEAR_UA;
831 	if (usb_test_quirk(uaa, UQ_MSC_NO_START_STOP))
832 		quirks |= NO_START_STOP;
833 	if (usb_test_quirk(uaa, UQ_MSC_NO_GETMAXLUN))
834 		quirks |= NO_GETMAXLUN;
835 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY))
836 		quirks |= NO_INQUIRY;
837 	if (usb_test_quirk(uaa, UQ_MSC_NO_INQUIRY_EVPD))
838 		quirks |= NO_INQUIRY_EVPD;
839 	if (usb_test_quirk(uaa, UQ_MSC_NO_PREVENT_ALLOW))
840 		quirks |= NO_PREVENT_ALLOW;
841 	if (usb_test_quirk(uaa, UQ_MSC_NO_SYNC_CACHE))
842 		quirks |= NO_SYNCHRONIZE_CACHE;
843 	if (usb_test_quirk(uaa, UQ_MSC_SHUTTLE_INIT))
844 		quirks |= SHUTTLE_INIT;
845 	if (usb_test_quirk(uaa, UQ_MSC_ALT_IFACE_1))
846 		quirks |= ALT_IFACE_1;
847 	if (usb_test_quirk(uaa, UQ_MSC_FLOPPY_SPEED))
848 		quirks |= FLOPPY_SPEED;
849 	if (usb_test_quirk(uaa, UQ_MSC_IGNORE_RESIDUE))
850 		quirks |= IGNORE_RESIDUE;
851 	if (usb_test_quirk(uaa, UQ_MSC_WRONG_CSWSIG))
852 		quirks |= WRONG_CSWSIG;
853 	if (usb_test_quirk(uaa, UQ_MSC_RBC_PAD_TO_12))
854 		quirks |= RBC_PAD_TO_12;
855 	if (usb_test_quirk(uaa, UQ_MSC_READ_CAP_OFFBY1))
856 		quirks |= READ_CAPACITY_OFFBY1;
857 	if (usb_test_quirk(uaa, UQ_MSC_FORCE_SHORT_INQ))
858 		quirks |= FORCE_SHORT_INQUIRY;
859 
860 done:
861 	ret.quirks = quirks;
862 	ret.proto = proto;
863 	return (ret);
864 }
865 
866 static int
umass_probe(device_t dev)867 umass_probe(device_t dev)
868 {
869 	struct usb_attach_arg *uaa = device_get_ivars(dev);
870 	struct umass_probe_proto temp;
871 
872 	if (uaa->usb_mode != USB_MODE_HOST) {
873 		return (ENXIO);
874 	}
875 	temp = umass_probe_proto(dev, uaa);
876 
877 	return (temp.error);
878 }
879 
880 static int
umass_attach(device_t dev)881 umass_attach(device_t dev)
882 {
883 	struct umass_softc *sc = device_get_softc(dev);
884 	struct usb_attach_arg *uaa = device_get_ivars(dev);
885 	struct umass_probe_proto temp = umass_probe_proto(dev, uaa);
886 	struct usb_interface_descriptor *id;
887 	int err;
888 
889 	/*
890 	 * NOTE: the softc struct is cleared in device_set_driver.
891 	 * We can safely call umass_detach without specifically
892 	 * initializing the struct.
893 	 */
894 
895 	sc->sc_dev = dev;
896 	sc->sc_udev = uaa->device;
897 	sc->sc_proto = temp.proto;
898 	sc->sc_quirks = temp.quirks;
899 	sc->sc_unit = device_get_unit(dev);
900 
901 	snprintf(sc->sc_name, sizeof(sc->sc_name),
902 	    "%s", device_get_nameunit(dev));
903 
904 	device_set_usb_desc(dev);
905 
906         mtx_init(&sc->sc_mtx, device_get_nameunit(dev),
907 	    NULL, MTX_DEF | MTX_RECURSE);
908 
909 	/* get interface index */
910 
911 	id = usbd_get_interface_descriptor(uaa->iface);
912 	if (id == NULL) {
913 		device_printf(dev, "failed to get "
914 		    "interface number\n");
915 		goto detach;
916 	}
917 	sc->sc_iface_no = id->bInterfaceNumber;
918 
919 #ifdef USB_DEBUG
920 	device_printf(dev, " ");
921 
922 	switch (sc->sc_proto & UMASS_PROTO_COMMAND) {
923 	case UMASS_PROTO_SCSI:
924 		printf("SCSI");
925 		break;
926 	case UMASS_PROTO_ATAPI:
927 		printf("8070i (ATAPI)");
928 		break;
929 	case UMASS_PROTO_UFI:
930 		printf("UFI");
931 		break;
932 	case UMASS_PROTO_RBC:
933 		printf("RBC");
934 		break;
935 	default:
936 		printf("(unknown 0x%02x)",
937 		    sc->sc_proto & UMASS_PROTO_COMMAND);
938 		break;
939 	}
940 
941 	printf(" over ");
942 
943 	switch (sc->sc_proto & UMASS_PROTO_WIRE) {
944 	case UMASS_PROTO_BBB:
945 		printf("Bulk-Only");
946 		break;
947 	case UMASS_PROTO_CBI:		/* uses Comand/Bulk pipes */
948 		printf("CBI");
949 		break;
950 	case UMASS_PROTO_CBI_I:	/* uses Comand/Bulk/Interrupt pipes */
951 		printf("CBI with CCI");
952 		break;
953 	default:
954 		printf("(unknown 0x%02x)",
955 		    sc->sc_proto & UMASS_PROTO_WIRE);
956 	}
957 
958 	printf("; quirks = 0x%04x\n", sc->sc_quirks);
959 #endif
960 
961 	if (sc->sc_quirks & ALT_IFACE_1) {
962 		err = usbd_set_alt_interface_index
963 		    (uaa->device, uaa->info.bIfaceIndex, 1);
964 
965 		if (err) {
966 			DPRINTF(sc, UDMASS_USB, "could not switch to "
967 			    "Alt Interface 1\n");
968 			goto detach;
969 		}
970 	}
971 	/* allocate all required USB transfers */
972 
973 	if (sc->sc_proto & UMASS_PROTO_BBB) {
974 		err = usbd_transfer_setup(uaa->device,
975 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_bbb_config,
976 		    UMASS_T_BBB_MAX, sc, &sc->sc_mtx);
977 
978 		/* skip reset first time */
979 		sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
980 
981 	} else if (sc->sc_proto & (UMASS_PROTO_CBI | UMASS_PROTO_CBI_I)) {
982 		err = usbd_transfer_setup(uaa->device,
983 		    &uaa->info.bIfaceIndex, sc->sc_xfer, umass_cbi_config,
984 		    UMASS_T_CBI_MAX, sc, &sc->sc_mtx);
985 
986 		/* skip reset first time */
987 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
988 
989 	} else {
990 		err = USB_ERR_INVAL;
991 	}
992 
993 	if (err) {
994 		device_printf(dev, "could not setup required "
995 		    "transfers, %s\n", usbd_errstr(err));
996 		goto detach;
997 	}
998 #ifdef USB_DEBUG
999 	if (umass_throttle > 0) {
1000 		uint8_t x;
1001 		int iv;
1002 
1003 		iv = umass_throttle;
1004 
1005 		if (iv < 1)
1006 			iv = 1;
1007 		else if (iv > 8000)
1008 			iv = 8000;
1009 
1010 		for (x = 0; x != UMASS_T_MAX; x++) {
1011 			if (sc->sc_xfer[x] != NULL)
1012 				usbd_xfer_set_interval(sc->sc_xfer[x], iv);
1013 		}
1014 	}
1015 #endif
1016 	sc->sc_transform =
1017 	    (sc->sc_proto & UMASS_PROTO_SCSI) ? &umass_scsi_transform :
1018 	    (sc->sc_proto & UMASS_PROTO_UFI) ? &umass_ufi_transform :
1019 	    (sc->sc_proto & UMASS_PROTO_ATAPI) ? &umass_atapi_transform :
1020 	    (sc->sc_proto & UMASS_PROTO_RBC) ? &umass_rbc_transform :
1021 	    &umass_no_transform;
1022 
1023 	/* from here onwards the device can be used. */
1024 
1025 	if (sc->sc_quirks & SHUTTLE_INIT) {
1026 		umass_init_shuttle(sc);
1027 	}
1028 	/* get the maximum LUN supported by the device */
1029 
1030 	if (((sc->sc_proto & UMASS_PROTO_WIRE) == UMASS_PROTO_BBB) &&
1031 	    !(sc->sc_quirks & NO_GETMAXLUN))
1032 		sc->sc_maxlun = umass_bbb_get_max_lun(sc);
1033 	else
1034 		sc->sc_maxlun = 0;
1035 
1036 	/* Prepare the SCSI command block */
1037 	sc->cam_scsi_sense.opcode = REQUEST_SENSE;
1038 	sc->cam_scsi_test_unit_ready.opcode = TEST_UNIT_READY;
1039 
1040 	/* register the SIM */
1041 	err = umass_cam_attach_sim(sc);
1042 	if (err) {
1043 		goto detach;
1044 	}
1045 	/* scan the SIM */
1046 	umass_cam_attach(sc);
1047 
1048 	DPRINTF(sc, UDMASS_GEN, "Attach finished\n");
1049 
1050 	return (0);			/* success */
1051 
1052 detach:
1053 	umass_detach(dev);
1054 	return (ENXIO);			/* failure */
1055 }
1056 
1057 static int
umass_detach(device_t dev)1058 umass_detach(device_t dev)
1059 {
1060 	struct umass_softc *sc = device_get_softc(dev);
1061 
1062 	DPRINTF(sc, UDMASS_USB, "\n");
1063 
1064 	/* teardown our statemachine */
1065 
1066 	usbd_transfer_unsetup(sc->sc_xfer, UMASS_T_MAX);
1067 
1068 	mtx_lock(&sc->sc_mtx);
1069 
1070 	/* cancel any leftover CCB's */
1071 
1072 	umass_cancel_ccb(sc);
1073 
1074 	umass_cam_detach_sim(sc);
1075 
1076 	mtx_unlock(&sc->sc_mtx);
1077 
1078 	mtx_destroy(&sc->sc_mtx);
1079 
1080 	return (0);			/* success */
1081 }
1082 
1083 static void
umass_init_shuttle(struct umass_softc * sc)1084 umass_init_shuttle(struct umass_softc *sc)
1085 {
1086 	struct usb_device_request req;
1087 	uint8_t status[2] = {0, 0};
1088 
1089 	/*
1090 	 * The Linux driver does this, but no one can tell us what the
1091 	 * command does.
1092 	 */
1093 	req.bmRequestType = UT_READ_VENDOR_DEVICE;
1094 	req.bRequest = 1;		/* XXX unknown command */
1095 	USETW(req.wValue, 0);
1096 	req.wIndex[0] = sc->sc_iface_no;
1097 	req.wIndex[1] = 0;
1098 	USETW(req.wLength, sizeof(status));
1099 	usbd_do_request(sc->sc_udev, NULL, &req, &status);
1100 
1101 	DPRINTF(sc, UDMASS_GEN, "Shuttle init returned 0x%02x%02x\n",
1102 	    status[0], status[1]);
1103 }
1104 
1105 /*
1106  * Generic functions to handle transfers
1107  */
1108 
1109 static void
umass_transfer_start(struct umass_softc * sc,uint8_t xfer_index)1110 umass_transfer_start(struct umass_softc *sc, uint8_t xfer_index)
1111 {
1112 	DPRINTF(sc, UDMASS_GEN, "transfer index = "
1113 	    "%d\n", xfer_index);
1114 
1115 	if (sc->sc_xfer[xfer_index]) {
1116 		sc->sc_last_xfer_index = xfer_index;
1117 		usbd_transfer_start(sc->sc_xfer[xfer_index]);
1118 	} else {
1119 		umass_cancel_ccb(sc);
1120 	}
1121 }
1122 
1123 static void
umass_reset(struct umass_softc * sc)1124 umass_reset(struct umass_softc *sc)
1125 {
1126 	DPRINTF(sc, UDMASS_GEN, "resetting device\n");
1127 
1128 	/*
1129 	 * stop the last transfer, if not already stopped:
1130 	 */
1131 	usbd_transfer_stop(sc->sc_xfer[sc->sc_last_xfer_index]);
1132 	umass_transfer_start(sc, 0);
1133 }
1134 
1135 static void
umass_cancel_ccb(struct umass_softc * sc)1136 umass_cancel_ccb(struct umass_softc *sc)
1137 {
1138 	union ccb *ccb;
1139 
1140 	USB_MTX_ASSERT(&sc->sc_mtx, MA_OWNED);
1141 
1142 	ccb = sc->sc_transfer.ccb;
1143 	sc->sc_transfer.ccb = NULL;
1144 	sc->sc_last_xfer_index = 0;
1145 
1146 	if (ccb) {
1147 		(sc->sc_transfer.callback)
1148 		    (sc, ccb, (sc->sc_transfer.data_len -
1149 		    sc->sc_transfer.actlen), STATUS_WIRE_FAILED);
1150 	}
1151 }
1152 
1153 static void
umass_tr_error(struct usb_xfer * xfer,usb_error_t error)1154 umass_tr_error(struct usb_xfer *xfer, usb_error_t error)
1155 {
1156 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1157 
1158 	if (error != USB_ERR_CANCELLED) {
1159 		DPRINTF(sc, UDMASS_GEN, "transfer error, %s -> "
1160 		    "reset\n", usbd_errstr(error));
1161 	}
1162 	umass_cancel_ccb(sc);
1163 }
1164 
1165 /*
1166  * BBB protocol specific functions
1167  */
1168 
1169 static void
umass_t_bbb_reset1_callback(struct usb_xfer * xfer,usb_error_t error)1170 umass_t_bbb_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1171 {
1172 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1173 	struct usb_device_request req;
1174 	struct usb_page_cache *pc;
1175 
1176 	switch (USB_GET_STATE(xfer)) {
1177 	case USB_ST_TRANSFERRED:
1178 		umass_transfer_start(sc, UMASS_T_BBB_RESET2);
1179 		return;
1180 
1181 	case USB_ST_SETUP:
1182 		/*
1183 		 * Reset recovery (5.3.4 in Universal Serial Bus Mass Storage Class)
1184 		 *
1185 		 * For Reset Recovery the host shall issue in the following order:
1186 		 * a) a Bulk-Only Mass Storage Reset
1187 		 * b) a Clear Feature HALT to the Bulk-In endpoint
1188 		 * c) a Clear Feature HALT to the Bulk-Out endpoint
1189 		 *
1190 		 * This is done in 3 steps, using 3 transfers:
1191 		 * UMASS_T_BBB_RESET1
1192 		 * UMASS_T_BBB_RESET2
1193 		 * UMASS_T_BBB_RESET3
1194 		 */
1195 
1196 		DPRINTF(sc, UDMASS_BBB, "BBB reset!\n");
1197 
1198 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1199 		req.bRequest = UR_BBB_RESET;	/* bulk only reset */
1200 		USETW(req.wValue, 0);
1201 		req.wIndex[0] = sc->sc_iface_no;
1202 		req.wIndex[1] = 0;
1203 		USETW(req.wLength, 0);
1204 
1205 		pc = usbd_xfer_get_frame(xfer, 0);
1206 		usbd_copy_in(pc, 0, &req, sizeof(req));
1207 
1208 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1209 		usbd_xfer_set_frames(xfer, 1);
1210 		usbd_transfer_submit(xfer);
1211 		return;
1212 
1213 	default:			/* Error */
1214 		umass_tr_error(xfer, error);
1215 		return;
1216 	}
1217 }
1218 
1219 static void
umass_t_bbb_reset2_callback(struct usb_xfer * xfer,usb_error_t error)1220 umass_t_bbb_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1221 {
1222 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_RESET3,
1223 	    UMASS_T_BBB_DATA_READ, error);
1224 }
1225 
1226 static void
umass_t_bbb_reset3_callback(struct usb_xfer * xfer,usb_error_t error)1227 umass_t_bbb_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1228 {
1229 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_COMMAND,
1230 	    UMASS_T_BBB_DATA_WRITE, error);
1231 }
1232 
1233 static void
umass_t_bbb_data_clear_stall_callback(struct usb_xfer * xfer,uint8_t next_xfer,uint8_t stall_xfer,usb_error_t error)1234 umass_t_bbb_data_clear_stall_callback(struct usb_xfer *xfer,
1235     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1236 {
1237 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1238 
1239 	switch (USB_GET_STATE(xfer)) {
1240 	case USB_ST_TRANSFERRED:
1241 tr_transferred:
1242 		umass_transfer_start(sc, next_xfer);
1243 		return;
1244 
1245 	case USB_ST_SETUP:
1246 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1247 			goto tr_transferred;
1248 		}
1249 		return;
1250 
1251 	default:			/* Error */
1252 		umass_tr_error(xfer, error);
1253 		return;
1254 	}
1255 }
1256 
1257 static void
umass_t_bbb_command_callback(struct usb_xfer * xfer,usb_error_t error)1258 umass_t_bbb_command_callback(struct usb_xfer *xfer, usb_error_t error)
1259 {
1260 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1261 	union ccb *ccb = sc->sc_transfer.ccb;
1262 	struct usb_page_cache *pc;
1263 	uint32_t tag;
1264 
1265 	switch (USB_GET_STATE(xfer)) {
1266 	case USB_ST_TRANSFERRED:
1267 		umass_transfer_start
1268 		    (sc, ((sc->sc_transfer.dir == DIR_IN) ? UMASS_T_BBB_DATA_READ :
1269 		    (sc->sc_transfer.dir == DIR_OUT) ? UMASS_T_BBB_DATA_WRITE :
1270 		    UMASS_T_BBB_STATUS));
1271 		return;
1272 
1273 	case USB_ST_SETUP:
1274 
1275 		sc->sc_status_try = 0;
1276 
1277 		if (ccb) {
1278 			/*
1279 		         * the initial value is not important,
1280 		         * as long as the values are unique:
1281 		         */
1282 			tag = UGETDW(sc->cbw.dCBWTag) + 1;
1283 
1284 			USETDW(sc->cbw.dCBWSignature, CBWSIGNATURE);
1285 			USETDW(sc->cbw.dCBWTag, tag);
1286 
1287 			/*
1288 		         * dCBWDataTransferLength:
1289 		         *   This field indicates the number of bytes of data that the host
1290 		         *   intends to transfer on the IN or OUT Bulk endpoint(as indicated by
1291 		         *   the Direction bit) during the execution of this command. If this
1292 		         *   field is set to 0, the device will expect that no data will be
1293 		         *   transferred IN or OUT during this command, regardless of the value
1294 		         *   of the Direction bit defined in dCBWFlags.
1295 		         */
1296 			USETDW(sc->cbw.dCBWDataTransferLength, sc->sc_transfer.data_len);
1297 
1298 			/*
1299 		         * dCBWFlags:
1300 		         *   The bits of the Flags field are defined as follows:
1301 		         *     Bits 0-6  reserved
1302 		         *     Bit  7    Direction - this bit shall be ignored if the
1303 		         *                           dCBWDataTransferLength field is zero.
1304 		         *               0 = data Out from host to device
1305 		         *               1 = data In from device to host
1306 		         */
1307 			sc->cbw.bCBWFlags = ((sc->sc_transfer.dir == DIR_IN) ?
1308 			    CBWFLAGS_IN : CBWFLAGS_OUT);
1309 			sc->cbw.bCBWLUN = sc->sc_transfer.lun;
1310 
1311 			if (sc->sc_transfer.cmd_len > sizeof(sc->cbw.CBWCDB)) {
1312 				sc->sc_transfer.cmd_len = sizeof(sc->cbw.CBWCDB);
1313 				DPRINTF(sc, UDMASS_BBB, "Truncating long command!\n");
1314 			}
1315 			sc->cbw.bCDBLength = sc->sc_transfer.cmd_len;
1316 
1317 			/* copy SCSI command data */
1318 			memcpy(sc->cbw.CBWCDB, sc->sc_transfer.cmd_data,
1319 			    sc->sc_transfer.cmd_len);
1320 
1321 			/* clear remaining command area */
1322 			memset(sc->cbw.CBWCDB +
1323 			    sc->sc_transfer.cmd_len, 0,
1324 			    sizeof(sc->cbw.CBWCDB) -
1325 			    sc->sc_transfer.cmd_len);
1326 
1327 			DIF(UDMASS_BBB, umass_bbb_dump_cbw(sc, &sc->cbw));
1328 
1329 			pc = usbd_xfer_get_frame(xfer, 0);
1330 			usbd_copy_in(pc, 0, &sc->cbw, sizeof(sc->cbw));
1331 			usbd_xfer_set_frame_len(xfer, 0, sizeof(sc->cbw));
1332 
1333 			usbd_transfer_submit(xfer);
1334 		}
1335 		return;
1336 
1337 	default:			/* Error */
1338 		umass_tr_error(xfer, error);
1339 		return;
1340 	}
1341 }
1342 
1343 static void
umass_t_bbb_data_read_callback(struct usb_xfer * xfer,usb_error_t error)1344 umass_t_bbb_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1345 {
1346 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1347 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1348 	int actlen, sumlen;
1349 
1350 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1351 
1352 	switch (USB_GET_STATE(xfer)) {
1353 	case USB_ST_TRANSFERRED:
1354 		sc->sc_transfer.data_rem -= actlen;
1355 		sc->sc_transfer.data_ptr += actlen;
1356 		sc->sc_transfer.actlen += actlen;
1357 
1358 		if (actlen < sumlen) {
1359 			/* short transfer */
1360 			sc->sc_transfer.data_rem = 0;
1361 		}
1362 	case USB_ST_SETUP:
1363 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1364 		    max_bulk, sc->sc_transfer.data_rem);
1365 
1366 		if (sc->sc_transfer.data_rem == 0) {
1367 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1368 			return;
1369 		}
1370 		if (max_bulk > sc->sc_transfer.data_rem) {
1371 			max_bulk = sc->sc_transfer.data_rem;
1372 		}
1373 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1374 
1375 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1376 		    max_bulk);
1377 
1378 		usbd_transfer_submit(xfer);
1379 		return;
1380 
1381 	default:			/* Error */
1382 		if (error == USB_ERR_CANCELLED) {
1383 			umass_tr_error(xfer, error);
1384 		} else {
1385 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1386 		}
1387 		return;
1388 	}
1389 }
1390 
1391 static void
umass_t_bbb_data_rd_cs_callback(struct usb_xfer * xfer,usb_error_t error)1392 umass_t_bbb_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1393 {
1394 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1395 	    UMASS_T_BBB_DATA_READ, error);
1396 }
1397 
1398 static void
umass_t_bbb_data_write_callback(struct usb_xfer * xfer,usb_error_t error)1399 umass_t_bbb_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1400 {
1401 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1402 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1403 	int actlen, sumlen;
1404 
1405 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1406 
1407 	switch (USB_GET_STATE(xfer)) {
1408 	case USB_ST_TRANSFERRED:
1409 		sc->sc_transfer.data_rem -= actlen;
1410 		sc->sc_transfer.data_ptr += actlen;
1411 		sc->sc_transfer.actlen += actlen;
1412 
1413 		if (actlen < sumlen) {
1414 			/* short transfer */
1415 			sc->sc_transfer.data_rem = 0;
1416 		}
1417 	case USB_ST_SETUP:
1418 		DPRINTF(sc, UDMASS_BBB, "max_bulk=%d, data_rem=%d\n",
1419 		    max_bulk, sc->sc_transfer.data_rem);
1420 
1421 		if (sc->sc_transfer.data_rem == 0) {
1422 			umass_transfer_start(sc, UMASS_T_BBB_STATUS);
1423 			return;
1424 		}
1425 		if (max_bulk > sc->sc_transfer.data_rem) {
1426 			max_bulk = sc->sc_transfer.data_rem;
1427 		}
1428 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1429 
1430 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1431 		    max_bulk);
1432 
1433 		usbd_transfer_submit(xfer);
1434 		return;
1435 
1436 	default:			/* Error */
1437 		if (error == USB_ERR_CANCELLED) {
1438 			umass_tr_error(xfer, error);
1439 		} else {
1440 			umass_transfer_start(sc, UMASS_T_BBB_DATA_WR_CS);
1441 		}
1442 		return;
1443 	}
1444 }
1445 
1446 static void
umass_t_bbb_data_wr_cs_callback(struct usb_xfer * xfer,usb_error_t error)1447 umass_t_bbb_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1448 {
1449 	umass_t_bbb_data_clear_stall_callback(xfer, UMASS_T_BBB_STATUS,
1450 	    UMASS_T_BBB_DATA_WRITE, error);
1451 }
1452 
1453 static void
umass_t_bbb_status_callback(struct usb_xfer * xfer,usb_error_t error)1454 umass_t_bbb_status_callback(struct usb_xfer *xfer, usb_error_t error)
1455 {
1456 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1457 	union ccb *ccb = sc->sc_transfer.ccb;
1458 	struct usb_page_cache *pc;
1459 	uint32_t residue;
1460 	int actlen;
1461 
1462 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1463 
1464 	switch (USB_GET_STATE(xfer)) {
1465 	case USB_ST_TRANSFERRED:
1466 
1467 		/*
1468 		 * Do a full reset if there is something wrong with the CSW:
1469 		 */
1470 		sc->sc_status_try = 1;
1471 
1472 		/* Zero missing parts of the CSW: */
1473 
1474 		if (actlen < (int)sizeof(sc->csw))
1475 			memset(&sc->csw, 0, sizeof(sc->csw));
1476 
1477 		pc = usbd_xfer_get_frame(xfer, 0);
1478 		usbd_copy_out(pc, 0, &sc->csw, actlen);
1479 
1480 		DIF(UDMASS_BBB, umass_bbb_dump_csw(sc, &sc->csw));
1481 
1482 		residue = UGETDW(sc->csw.dCSWDataResidue);
1483 
1484 		if ((!residue) || (sc->sc_quirks & IGNORE_RESIDUE)) {
1485 			residue = (sc->sc_transfer.data_len -
1486 			    sc->sc_transfer.actlen);
1487 		}
1488 		if (residue > sc->sc_transfer.data_len) {
1489 			DPRINTF(sc, UDMASS_BBB, "truncating residue from %d "
1490 			    "to %d bytes\n", residue, sc->sc_transfer.data_len);
1491 			residue = sc->sc_transfer.data_len;
1492 		}
1493 		/* translate weird command-status signatures: */
1494 		if (sc->sc_quirks & WRONG_CSWSIG) {
1495 			uint32_t temp = UGETDW(sc->csw.dCSWSignature);
1496 
1497 			if ((temp == CSWSIGNATURE_OLYMPUS_C1) ||
1498 			    (temp == CSWSIGNATURE_IMAGINATION_DBX1)) {
1499 				USETDW(sc->csw.dCSWSignature, CSWSIGNATURE);
1500 			}
1501 		}
1502 		/* check CSW and handle eventual error */
1503 		if (UGETDW(sc->csw.dCSWSignature) != CSWSIGNATURE) {
1504 			DPRINTF(sc, UDMASS_BBB, "bad CSW signature 0x%08x != 0x%08x\n",
1505 			    UGETDW(sc->csw.dCSWSignature), CSWSIGNATURE);
1506 			/*
1507 			 * Invalid CSW: Wrong signature or wrong tag might
1508 			 * indicate that we lost synchronization. Reset the
1509 			 * device.
1510 			 */
1511 			goto tr_error;
1512 		} else if (UGETDW(sc->csw.dCSWTag) != UGETDW(sc->cbw.dCBWTag)) {
1513 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: tag 0x%08x should be "
1514 			    "0x%08x\n", UGETDW(sc->csw.dCSWTag),
1515 			    UGETDW(sc->cbw.dCBWTag));
1516 			goto tr_error;
1517 		} else if (sc->csw.bCSWStatus > CSWSTATUS_PHASE) {
1518 			DPRINTF(sc, UDMASS_BBB, "Invalid CSW: status %d > %d\n",
1519 			    sc->csw.bCSWStatus, CSWSTATUS_PHASE);
1520 			goto tr_error;
1521 		} else if (sc->csw.bCSWStatus == CSWSTATUS_PHASE) {
1522 			DPRINTF(sc, UDMASS_BBB, "Phase error, residue = "
1523 			    "%d\n", residue);
1524 			goto tr_error;
1525 		} else if (sc->sc_transfer.actlen > sc->sc_transfer.data_len) {
1526 			DPRINTF(sc, UDMASS_BBB, "Buffer overrun %d > %d\n",
1527 			    sc->sc_transfer.actlen, sc->sc_transfer.data_len);
1528 			goto tr_error;
1529 		} else if (sc->csw.bCSWStatus == CSWSTATUS_FAILED) {
1530 			DPRINTF(sc, UDMASS_BBB, "Command failed, residue = "
1531 			    "%d\n", residue);
1532 
1533 			sc->sc_transfer.ccb = NULL;
1534 
1535 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1536 
1537 			(sc->sc_transfer.callback)
1538 			    (sc, ccb, residue, STATUS_CMD_FAILED);
1539 		} else {
1540 			sc->sc_transfer.ccb = NULL;
1541 
1542 			sc->sc_last_xfer_index = UMASS_T_BBB_COMMAND;
1543 
1544 			(sc->sc_transfer.callback)
1545 			    (sc, ccb, residue, STATUS_CMD_OK);
1546 		}
1547 		return;
1548 
1549 	case USB_ST_SETUP:
1550 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
1551 		usbd_transfer_submit(xfer);
1552 		return;
1553 
1554 	default:
1555 tr_error:
1556 		DPRINTF(sc, UDMASS_BBB, "Failed to read CSW: %s, try %d\n",
1557 		    usbd_errstr(error), sc->sc_status_try);
1558 
1559 		if ((error == USB_ERR_CANCELLED) ||
1560 		    (sc->sc_status_try)) {
1561 			umass_tr_error(xfer, error);
1562 		} else {
1563 			sc->sc_status_try = 1;
1564 			umass_transfer_start(sc, UMASS_T_BBB_DATA_RD_CS);
1565 		}
1566 		return;
1567 	}
1568 }
1569 
1570 static void
umass_command_start(struct umass_softc * sc,uint8_t dir,void * data_ptr,uint32_t data_len,uint32_t data_timeout,umass_callback_t * callback,union ccb * ccb)1571 umass_command_start(struct umass_softc *sc, uint8_t dir,
1572     void *data_ptr, uint32_t data_len,
1573     uint32_t data_timeout, umass_callback_t *callback,
1574     union ccb *ccb)
1575 {
1576 	sc->sc_transfer.lun = ccb->ccb_h.target_lun;
1577 
1578 	/*
1579 	 * NOTE: assumes that "sc->sc_transfer.cmd_data" and
1580 	 * "sc->sc_transfer.cmd_len" has been properly
1581 	 * initialized.
1582 	 */
1583 
1584 	sc->sc_transfer.dir = data_len ? dir : DIR_NONE;
1585 	sc->sc_transfer.data_ptr = data_ptr;
1586 	sc->sc_transfer.data_len = data_len;
1587 	sc->sc_transfer.data_rem = data_len;
1588 	sc->sc_transfer.data_timeout = (data_timeout + UMASS_TIMEOUT);
1589 
1590 	sc->sc_transfer.actlen = 0;
1591 	sc->sc_transfer.callback = callback;
1592 	sc->sc_transfer.ccb = ccb;
1593 
1594 	if (sc->sc_xfer[sc->sc_last_xfer_index]) {
1595 		usbd_transfer_start(sc->sc_xfer[sc->sc_last_xfer_index]);
1596 	} else {
1597 		umass_cancel_ccb(sc);
1598 	}
1599 }
1600 
1601 static uint8_t
umass_bbb_get_max_lun(struct umass_softc * sc)1602 umass_bbb_get_max_lun(struct umass_softc *sc)
1603 {
1604 	struct usb_device_request req;
1605 	usb_error_t err;
1606 	uint8_t buf = 0;
1607 
1608 	/* The Get Max Lun command is a class-specific request. */
1609 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1610 	req.bRequest = UR_BBB_GET_MAX_LUN;
1611 	USETW(req.wValue, 0);
1612 	req.wIndex[0] = sc->sc_iface_no;
1613 	req.wIndex[1] = 0;
1614 	USETW(req.wLength, 1);
1615 
1616 	err = usbd_do_request(sc->sc_udev, NULL, &req, &buf);
1617 	if (err) {
1618 		buf = 0;
1619 
1620 		/* Device doesn't support Get Max Lun request. */
1621 		printf("%s: Get Max Lun not supported (%s)\n",
1622 		    sc->sc_name, usbd_errstr(err));
1623 	}
1624 	return (buf);
1625 }
1626 
1627 /*
1628  * Command/Bulk/Interrupt (CBI) specific functions
1629  */
1630 
1631 static void
umass_cbi_start_status(struct umass_softc * sc)1632 umass_cbi_start_status(struct umass_softc *sc)
1633 {
1634 	if (sc->sc_xfer[UMASS_T_CBI_STATUS]) {
1635 		umass_transfer_start(sc, UMASS_T_CBI_STATUS);
1636 	} else {
1637 		union ccb *ccb = sc->sc_transfer.ccb;
1638 
1639 		sc->sc_transfer.ccb = NULL;
1640 
1641 		sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1642 
1643 		(sc->sc_transfer.callback)
1644 		    (sc, ccb, (sc->sc_transfer.data_len -
1645 		    sc->sc_transfer.actlen), STATUS_CMD_UNKNOWN);
1646 	}
1647 }
1648 
1649 static void
umass_t_cbi_reset1_callback(struct usb_xfer * xfer,usb_error_t error)1650 umass_t_cbi_reset1_callback(struct usb_xfer *xfer, usb_error_t error)
1651 {
1652 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1653 	struct usb_device_request req;
1654 	struct usb_page_cache *pc;
1655 	uint8_t buf[UMASS_CBI_DIAGNOSTIC_CMDLEN];
1656 
1657 	uint8_t i;
1658 
1659 	switch (USB_GET_STATE(xfer)) {
1660 	case USB_ST_TRANSFERRED:
1661 		umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1662 		break;
1663 
1664 	case USB_ST_SETUP:
1665 		/*
1666 		 * Command Block Reset Protocol
1667 		 *
1668 		 * First send a reset request to the device. Then clear
1669 		 * any possibly stalled bulk endpoints.
1670 		 *
1671 		 * This is done in 3 steps, using 3 transfers:
1672 		 * UMASS_T_CBI_RESET1
1673 		 * UMASS_T_CBI_RESET2
1674 		 * UMASS_T_CBI_RESET3
1675 		 * UMASS_T_CBI_RESET4 (only if there is an interrupt endpoint)
1676 		 */
1677 
1678 		DPRINTF(sc, UDMASS_CBI, "CBI reset!\n");
1679 
1680 		req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1681 		req.bRequest = UR_CBI_ADSC;
1682 		USETW(req.wValue, 0);
1683 		req.wIndex[0] = sc->sc_iface_no;
1684 		req.wIndex[1] = 0;
1685 		USETW(req.wLength, UMASS_CBI_DIAGNOSTIC_CMDLEN);
1686 
1687 		/*
1688 		 * The 0x1d code is the SEND DIAGNOSTIC command. To
1689 		 * distinguish between the two, the last 10 bytes of the CBL
1690 		 * is filled with 0xff (section 2.2 of the CBI
1691 		 * specification)
1692 		 */
1693 		buf[0] = 0x1d;		/* Command Block Reset */
1694 		buf[1] = 0x04;
1695 
1696 		for (i = 2; i < UMASS_CBI_DIAGNOSTIC_CMDLEN; i++) {
1697 			buf[i] = 0xff;
1698 		}
1699 
1700 		pc = usbd_xfer_get_frame(xfer, 0);
1701 		usbd_copy_in(pc, 0, &req, sizeof(req));
1702 		pc = usbd_xfer_get_frame(xfer, 1);
1703 		usbd_copy_in(pc, 0, buf, sizeof(buf));
1704 
1705 		usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1706 		usbd_xfer_set_frame_len(xfer, 1, sizeof(buf));
1707 		usbd_xfer_set_frames(xfer, 2);
1708 		usbd_transfer_submit(xfer);
1709 		break;
1710 
1711 	default:			/* Error */
1712 		if (error == USB_ERR_CANCELLED)
1713 			umass_tr_error(xfer, error);
1714 		else
1715 			umass_transfer_start(sc, UMASS_T_CBI_RESET2);
1716 		break;
1717 	}
1718 }
1719 
1720 static void
umass_t_cbi_reset2_callback(struct usb_xfer * xfer,usb_error_t error)1721 umass_t_cbi_reset2_callback(struct usb_xfer *xfer, usb_error_t error)
1722 {
1723 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_RESET3,
1724 	    UMASS_T_CBI_DATA_READ, error);
1725 }
1726 
1727 static void
umass_t_cbi_reset3_callback(struct usb_xfer * xfer,usb_error_t error)1728 umass_t_cbi_reset3_callback(struct usb_xfer *xfer, usb_error_t error)
1729 {
1730 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1731 
1732 	umass_t_cbi_data_clear_stall_callback
1733 	    (xfer, (sc->sc_xfer[UMASS_T_CBI_RESET4] &&
1734 	    sc->sc_xfer[UMASS_T_CBI_STATUS]) ?
1735 	    UMASS_T_CBI_RESET4 : UMASS_T_CBI_COMMAND,
1736 	    UMASS_T_CBI_DATA_WRITE, error);
1737 }
1738 
1739 static void
umass_t_cbi_reset4_callback(struct usb_xfer * xfer,usb_error_t error)1740 umass_t_cbi_reset4_callback(struct usb_xfer *xfer, usb_error_t error)
1741 {
1742 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_COMMAND,
1743 	    UMASS_T_CBI_STATUS, error);
1744 }
1745 
1746 static void
umass_t_cbi_data_clear_stall_callback(struct usb_xfer * xfer,uint8_t next_xfer,uint8_t stall_xfer,usb_error_t error)1747 umass_t_cbi_data_clear_stall_callback(struct usb_xfer *xfer,
1748     uint8_t next_xfer, uint8_t stall_xfer, usb_error_t error)
1749 {
1750 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1751 
1752 	switch (USB_GET_STATE(xfer)) {
1753 	case USB_ST_TRANSFERRED:
1754 tr_transferred:
1755 		if (next_xfer == UMASS_T_CBI_STATUS) {
1756 			umass_cbi_start_status(sc);
1757 		} else {
1758 			umass_transfer_start(sc, next_xfer);
1759 		}
1760 		break;
1761 
1762 	case USB_ST_SETUP:
1763 		if (usbd_clear_stall_callback(xfer, sc->sc_xfer[stall_xfer])) {
1764 			goto tr_transferred;	/* should not happen */
1765 		}
1766 		break;
1767 
1768 	default:			/* Error */
1769 		umass_tr_error(xfer, error);
1770 		break;
1771 	}
1772 }
1773 
1774 static void
umass_t_cbi_command_callback(struct usb_xfer * xfer,usb_error_t error)1775 umass_t_cbi_command_callback(struct usb_xfer *xfer, usb_error_t error)
1776 {
1777 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1778 	union ccb *ccb = sc->sc_transfer.ccb;
1779 	struct usb_device_request req;
1780 	struct usb_page_cache *pc;
1781 
1782 	switch (USB_GET_STATE(xfer)) {
1783 	case USB_ST_TRANSFERRED:
1784 
1785 		if (sc->sc_transfer.dir == DIR_NONE) {
1786 			umass_cbi_start_status(sc);
1787 		} else {
1788 			umass_transfer_start
1789 			    (sc, (sc->sc_transfer.dir == DIR_IN) ?
1790 			    UMASS_T_CBI_DATA_READ : UMASS_T_CBI_DATA_WRITE);
1791 		}
1792 		break;
1793 
1794 	case USB_ST_SETUP:
1795 
1796 		if (ccb) {
1797 			/*
1798 		         * do a CBI transfer with cmd_len bytes from
1799 		         * cmd_data, possibly a data phase of data_len
1800 		         * bytes from/to the device and finally a status
1801 		         * read phase.
1802 		         */
1803 
1804 			req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1805 			req.bRequest = UR_CBI_ADSC;
1806 			USETW(req.wValue, 0);
1807 			req.wIndex[0] = sc->sc_iface_no;
1808 			req.wIndex[1] = 0;
1809 			req.wLength[0] = sc->sc_transfer.cmd_len;
1810 			req.wLength[1] = 0;
1811 
1812 			pc = usbd_xfer_get_frame(xfer, 0);
1813 			usbd_copy_in(pc, 0, &req, sizeof(req));
1814 			pc = usbd_xfer_get_frame(xfer, 1);
1815 			usbd_copy_in(pc, 0, sc->sc_transfer.cmd_data,
1816 			    sc->sc_transfer.cmd_len);
1817 
1818 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
1819 			usbd_xfer_set_frame_len(xfer, 1, sc->sc_transfer.cmd_len);
1820 			usbd_xfer_set_frames(xfer,
1821 			    sc->sc_transfer.cmd_len ? 2 : 1);
1822 
1823 			DIF(UDMASS_CBI,
1824 			    umass_cbi_dump_cmd(sc,
1825 			    sc->sc_transfer.cmd_data,
1826 			    sc->sc_transfer.cmd_len));
1827 
1828 			usbd_transfer_submit(xfer);
1829 		}
1830 		break;
1831 
1832 	default:			/* Error */
1833 		/*
1834 		 * STALL on the control pipe can be result of the command error.
1835 		 * Attempt to clear this STALL same as for bulk pipe also
1836 		 * results in command completion interrupt, but ASC/ASCQ there
1837 		 * look like not always valid, so don't bother about it.
1838 		 */
1839 		if ((error == USB_ERR_STALLED) ||
1840 		    (sc->sc_transfer.callback == &umass_cam_cb)) {
1841 			sc->sc_transfer.ccb = NULL;
1842 			(sc->sc_transfer.callback)
1843 			    (sc, ccb, sc->sc_transfer.data_len,
1844 			    STATUS_CMD_UNKNOWN);
1845 		} else {
1846 			umass_tr_error(xfer, error);
1847 			/* skip reset */
1848 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
1849 		}
1850 		break;
1851 	}
1852 }
1853 
1854 static void
umass_t_cbi_data_read_callback(struct usb_xfer * xfer,usb_error_t error)1855 umass_t_cbi_data_read_callback(struct usb_xfer *xfer, usb_error_t error)
1856 {
1857 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1858 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1859 	int actlen, sumlen;
1860 
1861 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1862 
1863 	switch (USB_GET_STATE(xfer)) {
1864 	case USB_ST_TRANSFERRED:
1865 		sc->sc_transfer.data_rem -= actlen;
1866 		sc->sc_transfer.data_ptr += actlen;
1867 		sc->sc_transfer.actlen += actlen;
1868 
1869 		if (actlen < sumlen) {
1870 			/* short transfer */
1871 			sc->sc_transfer.data_rem = 0;
1872 		}
1873 	case USB_ST_SETUP:
1874 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1875 		    max_bulk, sc->sc_transfer.data_rem);
1876 
1877 		if (sc->sc_transfer.data_rem == 0) {
1878 			umass_cbi_start_status(sc);
1879 			break;
1880 		}
1881 		if (max_bulk > sc->sc_transfer.data_rem) {
1882 			max_bulk = sc->sc_transfer.data_rem;
1883 		}
1884 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1885 
1886 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1887 		    max_bulk);
1888 
1889 		usbd_transfer_submit(xfer);
1890 		break;
1891 
1892 	default:			/* Error */
1893 		if ((error == USB_ERR_CANCELLED) ||
1894 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1895 			umass_tr_error(xfer, error);
1896 		} else {
1897 			umass_transfer_start(sc, UMASS_T_CBI_DATA_RD_CS);
1898 		}
1899 		break;
1900 	}
1901 }
1902 
1903 static void
umass_t_cbi_data_rd_cs_callback(struct usb_xfer * xfer,usb_error_t error)1904 umass_t_cbi_data_rd_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1905 {
1906 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1907 	    UMASS_T_CBI_DATA_READ, error);
1908 }
1909 
1910 static void
umass_t_cbi_data_write_callback(struct usb_xfer * xfer,usb_error_t error)1911 umass_t_cbi_data_write_callback(struct usb_xfer *xfer, usb_error_t error)
1912 {
1913 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1914 	uint32_t max_bulk = usbd_xfer_max_len(xfer);
1915 	int actlen, sumlen;
1916 
1917 	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
1918 
1919 	switch (USB_GET_STATE(xfer)) {
1920 	case USB_ST_TRANSFERRED:
1921 		sc->sc_transfer.data_rem -= actlen;
1922 		sc->sc_transfer.data_ptr += actlen;
1923 		sc->sc_transfer.actlen += actlen;
1924 
1925 		if (actlen < sumlen) {
1926 			/* short transfer */
1927 			sc->sc_transfer.data_rem = 0;
1928 		}
1929 	case USB_ST_SETUP:
1930 		DPRINTF(sc, UDMASS_CBI, "max_bulk=%d, data_rem=%d\n",
1931 		    max_bulk, sc->sc_transfer.data_rem);
1932 
1933 		if (sc->sc_transfer.data_rem == 0) {
1934 			umass_cbi_start_status(sc);
1935 			break;
1936 		}
1937 		if (max_bulk > sc->sc_transfer.data_rem) {
1938 			max_bulk = sc->sc_transfer.data_rem;
1939 		}
1940 		usbd_xfer_set_timeout(xfer, sc->sc_transfer.data_timeout);
1941 
1942 		usbd_xfer_set_frame_data(xfer, 0, sc->sc_transfer.data_ptr,
1943 		    max_bulk);
1944 
1945 		usbd_transfer_submit(xfer);
1946 		break;
1947 
1948 	default:			/* Error */
1949 		if ((error == USB_ERR_CANCELLED) ||
1950 		    (sc->sc_transfer.callback != &umass_cam_cb)) {
1951 			umass_tr_error(xfer, error);
1952 		} else {
1953 			umass_transfer_start(sc, UMASS_T_CBI_DATA_WR_CS);
1954 		}
1955 		break;
1956 	}
1957 }
1958 
1959 static void
umass_t_cbi_data_wr_cs_callback(struct usb_xfer * xfer,usb_error_t error)1960 umass_t_cbi_data_wr_cs_callback(struct usb_xfer *xfer, usb_error_t error)
1961 {
1962 	umass_t_cbi_data_clear_stall_callback(xfer, UMASS_T_CBI_STATUS,
1963 	    UMASS_T_CBI_DATA_WRITE, error);
1964 }
1965 
1966 static void
umass_t_cbi_status_callback(struct usb_xfer * xfer,usb_error_t error)1967 umass_t_cbi_status_callback(struct usb_xfer *xfer, usb_error_t error)
1968 {
1969 	struct umass_softc *sc = usbd_xfer_softc(xfer);
1970 	union ccb *ccb = sc->sc_transfer.ccb;
1971 	struct usb_page_cache *pc;
1972 	uint32_t residue;
1973 	uint8_t status;
1974 	int actlen;
1975 
1976 	usbd_xfer_status(xfer, &actlen, NULL, NULL, NULL);
1977 
1978 	switch (USB_GET_STATE(xfer)) {
1979 	case USB_ST_TRANSFERRED:
1980 
1981 		if (actlen < (int)sizeof(sc->sbl)) {
1982 			goto tr_setup;
1983 		}
1984 		pc = usbd_xfer_get_frame(xfer, 0);
1985 		usbd_copy_out(pc, 0, &sc->sbl, sizeof(sc->sbl));
1986 
1987 		residue = (sc->sc_transfer.data_len -
1988 		    sc->sc_transfer.actlen);
1989 
1990 		/* dissect the information in the buffer */
1991 
1992 		if (sc->sc_proto & UMASS_PROTO_UFI) {
1993 			/*
1994 			 * Section 3.4.3.1.3 specifies that the UFI command
1995 			 * protocol returns an ASC and ASCQ in the interrupt
1996 			 * data block.
1997 			 */
1998 
1999 			DPRINTF(sc, UDMASS_CBI, "UFI CCI, ASC = 0x%02x, "
2000 			    "ASCQ = 0x%02x\n", sc->sbl.ufi.asc,
2001 			    sc->sbl.ufi.ascq);
2002 
2003 			status = (((sc->sbl.ufi.asc == 0) &&
2004 			    (sc->sbl.ufi.ascq == 0)) ?
2005 			    STATUS_CMD_OK : STATUS_CMD_FAILED);
2006 
2007 			sc->sc_transfer.ccb = NULL;
2008 
2009 			sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2010 
2011 			(sc->sc_transfer.callback)
2012 			    (sc, ccb, residue, status);
2013 
2014 			break;
2015 
2016 		} else {
2017 			/* Command Interrupt Data Block */
2018 
2019 			DPRINTF(sc, UDMASS_CBI, "type=0x%02x, value=0x%02x\n",
2020 			    sc->sbl.common.type, sc->sbl.common.value);
2021 
2022 			if (sc->sbl.common.type == IDB_TYPE_CCI) {
2023 				status = (sc->sbl.common.value & IDB_VALUE_STATUS_MASK);
2024 
2025 				status = ((status == IDB_VALUE_PASS) ? STATUS_CMD_OK :
2026 				    (status == IDB_VALUE_FAIL) ? STATUS_CMD_FAILED :
2027 				    (status == IDB_VALUE_PERSISTENT) ? STATUS_CMD_FAILED :
2028 				    STATUS_WIRE_FAILED);
2029 
2030 				sc->sc_transfer.ccb = NULL;
2031 
2032 				sc->sc_last_xfer_index = UMASS_T_CBI_COMMAND;
2033 
2034 				(sc->sc_transfer.callback)
2035 				    (sc, ccb, residue, status);
2036 
2037 				break;
2038 			}
2039 		}
2040 
2041 		/* fallthrough */
2042 
2043 	case USB_ST_SETUP:
2044 tr_setup:
2045 		usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
2046 		usbd_transfer_submit(xfer);
2047 		break;
2048 
2049 	default:			/* Error */
2050 		DPRINTF(sc, UDMASS_CBI, "Failed to read CSW: %s\n",
2051 		    usbd_errstr(error));
2052 		umass_tr_error(xfer, error);
2053 		break;
2054 	}
2055 }
2056 
2057 /*
2058  * CAM specific functions (used by SCSI, UFI, 8070i (ATAPI))
2059  */
2060 
2061 static int
umass_cam_attach_sim(struct umass_softc * sc)2062 umass_cam_attach_sim(struct umass_softc *sc)
2063 {
2064 	struct cam_devq *devq;		/* Per device Queue */
2065 	cam_status status;
2066 
2067 	/*
2068 	 * A HBA is attached to the CAM layer.
2069 	 *
2070 	 * The CAM layer will then after a while start probing for devices on
2071 	 * the bus. The number of SIMs is limited to one.
2072 	 */
2073 
2074 	devq = cam_simq_alloc(1 /* maximum openings */ );
2075 	if (devq == NULL) {
2076 		return (ENOMEM);
2077 	}
2078 	sc->sc_sim = cam_sim_alloc
2079 	    (&umass_cam_action, &umass_cam_poll,
2080 	    DEVNAME_SIM,
2081 	    sc /* priv */ ,
2082 	    sc->sc_unit /* unit number */ ,
2083 	    &sc->sc_mtx /* mutex */ ,
2084 	    1 /* maximum device openings */ ,
2085 	    0 /* maximum tagged device openings */ ,
2086 	    devq);
2087 
2088 	if (sc->sc_sim == NULL) {
2089 		cam_simq_free(devq);
2090 		return (ENOMEM);
2091 	}
2092 
2093 	mtx_lock(&sc->sc_mtx);
2094 	status = xpt_bus_register(sc->sc_sim, sc->sc_dev, sc->sc_unit);
2095 	if (status != CAM_SUCCESS) {
2096 		cam_sim_free(sc->sc_sim, /* free_devq */ TRUE);
2097 		mtx_unlock(&sc->sc_mtx);
2098 		printf("%s: xpt_bus_register failed with status %#x\n",
2099 		    __func__, status);
2100 		return (ENOMEM);
2101 	}
2102 	mtx_unlock(&sc->sc_mtx);
2103 
2104 	return (0);
2105 }
2106 
2107 static void
umass_cam_attach(struct umass_softc * sc)2108 umass_cam_attach(struct umass_softc *sc)
2109 {
2110 #ifndef USB_DEBUG
2111 	if (bootverbose)
2112 #endif
2113 		printf("%s:%d:%d: Attached to scbus%d\n",
2114 		    sc->sc_name, cam_sim_path(sc->sc_sim),
2115 		    sc->sc_unit, cam_sim_path(sc->sc_sim));
2116 }
2117 
2118 /* umass_cam_detach
2119  *	detach from the CAM layer
2120  */
2121 
2122 static void
umass_cam_detach_sim(struct umass_softc * sc)2123 umass_cam_detach_sim(struct umass_softc *sc)
2124 {
2125 	int error;
2126 
2127 	if (sc->sc_sim != NULL) {
2128 		error = xpt_bus_deregister(cam_sim_path(sc->sc_sim));
2129 		if (error == 0) {
2130 			/* accessing the softc is not possible after this */
2131 			sc->sc_sim->softc = NULL;
2132 			DPRINTF(sc, UDMASS_SCSI, "%s: %s:%d:%d caling "
2133 			    "cam_sim_free sim %p refc %u mtx %p\n",
2134 			    __func__, sc->sc_name, cam_sim_path(sc->sc_sim),
2135 			    sc->sc_unit, sc->sc_sim,
2136 			    sc->sc_sim->refcount, sc->sc_sim->mtx);
2137 			cam_sim_free(sc->sc_sim, /* free_devq */ TRUE);
2138 		} else {
2139 			panic("%s: %s: CAM layer is busy: errno %d\n",
2140 			    __func__, sc->sc_name, error);
2141 		}
2142 		sc->sc_sim = NULL;
2143 	}
2144 }
2145 
2146 /* umass_cam_action
2147  * 	CAM requests for action come through here
2148  */
2149 
2150 static void
umass_cam_action(struct cam_sim * sim,union ccb * ccb)2151 umass_cam_action(struct cam_sim *sim, union ccb *ccb)
2152 {
2153 	struct umass_softc *sc = cam_sim_softc(sim);
2154 
2155 	if (sc == NULL) {
2156 		ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2157 		xpt_done(ccb);
2158 		return;
2159 	}
2160 
2161 	/* Perform the requested action */
2162 	switch (ccb->ccb_h.func_code) {
2163 	case XPT_SCSI_IO:
2164 		{
2165 			uint8_t *cmd;
2166 			uint8_t dir;
2167 
2168 			if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2169 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2170 			} else {
2171 				cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2172 			}
2173 
2174 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2175 			    "cmd: 0x%02x, flags: 0x%02x, "
2176 			    "%db cmd/%db data/%db sense\n",
2177 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2178 			    (uintmax_t)ccb->ccb_h.target_lun, cmd[0],
2179 			    ccb->ccb_h.flags & CAM_DIR_MASK, ccb->csio.cdb_len,
2180 			    ccb->csio.dxfer_len, ccb->csio.sense_len);
2181 
2182 			if (sc->sc_transfer.ccb) {
2183 				DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SCSI_IO: "
2184 				    "I/O in progress, deferring\n",
2185 				    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2186 				    (uintmax_t)ccb->ccb_h.target_lun);
2187 				ccb->ccb_h.status = CAM_SCSI_BUSY;
2188 				xpt_done(ccb);
2189 				goto done;
2190 			}
2191 			switch (ccb->ccb_h.flags & CAM_DIR_MASK) {
2192 			case CAM_DIR_IN:
2193 				dir = DIR_IN;
2194 				break;
2195 			case CAM_DIR_OUT:
2196 				dir = DIR_OUT;
2197 				DIF(UDMASS_SCSI,
2198 				    umass_dump_buffer(sc, ccb->csio.data_ptr,
2199 				    ccb->csio.dxfer_len, 48));
2200 				break;
2201 			default:
2202 				dir = DIR_NONE;
2203 			}
2204 
2205 			ccb->ccb_h.status = CAM_REQ_INPROG | CAM_SIM_QUEUED;
2206 
2207 			/*
2208 			 * sc->sc_transform will convert the command to the
2209 			 * command format needed by the specific command set
2210 			 * and return the converted command in
2211 			 * "sc->sc_transfer.cmd_data"
2212 			 */
2213 			if (umass_std_transform(sc, ccb, cmd, ccb->csio.cdb_len)) {
2214 				if (sc->sc_transfer.cmd_data[0] == INQUIRY) {
2215 					const char *pserial;
2216 
2217 					pserial = usb_get_serial(sc->sc_udev);
2218 
2219 					/*
2220 					 * Umass devices don't generally report their serial numbers
2221 					 * in the usual SCSI way.  Emulate it here.
2222 					 */
2223 					if ((sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2224 					    (sc->sc_transfer.cmd_data[2] == SVPD_UNIT_SERIAL_NUMBER) &&
2225 					    (pserial[0] != '\0')) {
2226 						struct scsi_vpd_unit_serial_number *vpd_serial;
2227 
2228 						vpd_serial = (struct scsi_vpd_unit_serial_number *)ccb->csio.data_ptr;
2229 						vpd_serial->length = strlen(pserial);
2230 						if (vpd_serial->length > sizeof(vpd_serial->serial_num))
2231 							vpd_serial->length = sizeof(vpd_serial->serial_num);
2232 						memcpy(vpd_serial->serial_num, pserial, vpd_serial->length);
2233 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2234 						ccb->ccb_h.status = CAM_REQ_CMP;
2235 						xpt_done(ccb);
2236 						goto done;
2237 					}
2238 
2239 					/*
2240 					 * Handle EVPD inquiry for broken devices first
2241 					 * NO_INQUIRY also implies NO_INQUIRY_EVPD
2242 					 */
2243 					if ((sc->sc_quirks & (NO_INQUIRY_EVPD | NO_INQUIRY)) &&
2244 					    (sc->sc_transfer.cmd_data[1] & SI_EVPD)) {
2245 						scsi_set_sense_data(&ccb->csio.sense_data,
2246 							/*sense_format*/ SSD_TYPE_NONE,
2247 							/*current_error*/ 1,
2248 							/*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
2249 							/*asc*/ 0x24,
2250 							/*ascq*/ 0x00,
2251 							/*extra args*/ SSD_ELEM_NONE);
2252 						ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2253 						ccb->ccb_h.status =
2254 						    CAM_SCSI_STATUS_ERROR |
2255 						    CAM_AUTOSNS_VALID |
2256 						    CAM_DEV_QFRZN;
2257 						xpt_freeze_devq(ccb->ccb_h.path, 1);
2258 						xpt_done(ccb);
2259 						goto done;
2260 					}
2261 					/*
2262 					 * Return fake inquiry data for
2263 					 * broken devices
2264 					 */
2265 					if (sc->sc_quirks & NO_INQUIRY) {
2266 						memcpy(ccb->csio.data_ptr, &fake_inq_data,
2267 						    sizeof(fake_inq_data));
2268 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2269 						ccb->ccb_h.status = CAM_REQ_CMP;
2270 						xpt_done(ccb);
2271 						goto done;
2272 					}
2273 					if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2274 						ccb->csio.dxfer_len = SHORT_INQUIRY_LENGTH;
2275 					}
2276 				} else if (sc->sc_transfer.cmd_data[0] == PREVENT_ALLOW) {
2277 					if (sc->sc_quirks & NO_PREVENT_ALLOW) {
2278 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2279 						ccb->ccb_h.status = CAM_REQ_CMP;
2280 						xpt_done(ccb);
2281 						goto done;
2282 					}
2283 				} else if (sc->sc_transfer.cmd_data[0] == SYNCHRONIZE_CACHE) {
2284 					if (sc->sc_quirks & NO_SYNCHRONIZE_CACHE) {
2285 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2286 						ccb->ccb_h.status = CAM_REQ_CMP;
2287 						xpt_done(ccb);
2288 						goto done;
2289 					}
2290 				} else if (sc->sc_transfer.cmd_data[0] == START_STOP_UNIT) {
2291 					if (sc->sc_quirks & NO_START_STOP) {
2292 						ccb->csio.scsi_status = SCSI_STATUS_OK;
2293 						ccb->ccb_h.status = CAM_REQ_CMP;
2294 						xpt_done(ccb);
2295 						goto done;
2296 					}
2297 				}
2298 				umass_command_start(sc, dir, ccb->csio.data_ptr,
2299 				    ccb->csio.dxfer_len,
2300 				    ccb->ccb_h.timeout,
2301 				    &umass_cam_cb, ccb);
2302 			}
2303 			break;
2304 		}
2305 	case XPT_PATH_INQ:
2306 		{
2307 			struct ccb_pathinq *cpi = &ccb->cpi;
2308 
2309 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_PATH_INQ:.\n",
2310 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2311 			    (uintmax_t)ccb->ccb_h.target_lun);
2312 
2313 			/* host specific information */
2314 			cpi->version_num = 1;
2315 			cpi->hba_inquiry = 0;
2316 			cpi->target_sprt = 0;
2317 			cpi->hba_misc = PIM_NO_6_BYTE;
2318 			cpi->hba_eng_cnt = 0;
2319 			cpi->max_target = UMASS_SCSIID_MAX;	/* one target */
2320 			cpi->initiator_id = UMASS_SCSIID_HOST;
2321 			strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2322 			strlcpy(cpi->hba_vid, "USB SCSI", HBA_IDLEN);
2323 			strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
2324 			cpi->unit_number = cam_sim_unit(sim);
2325 			cpi->bus_id = sc->sc_unit;
2326 			cpi->protocol = PROTO_SCSI;
2327 			cpi->protocol_version = SCSI_REV_2;
2328 			cpi->transport = XPORT_USB;
2329 			cpi->transport_version = 0;
2330 
2331 			if (sc == NULL) {
2332 				cpi->base_transfer_speed = 0;
2333 				cpi->max_lun = 0;
2334 			} else {
2335 				if (sc->sc_quirks & FLOPPY_SPEED) {
2336 					cpi->base_transfer_speed =
2337 					    UMASS_FLOPPY_TRANSFER_SPEED;
2338 				} else {
2339 					switch (usbd_get_speed(sc->sc_udev)) {
2340 					case USB_SPEED_SUPER:
2341 						cpi->base_transfer_speed =
2342 						    UMASS_SUPER_TRANSFER_SPEED;
2343 						cpi->maxio = maxphys;
2344 						break;
2345 					case USB_SPEED_HIGH:
2346 						cpi->base_transfer_speed =
2347 						    UMASS_HIGH_TRANSFER_SPEED;
2348 						break;
2349 					default:
2350 						cpi->base_transfer_speed =
2351 						    UMASS_FULL_TRANSFER_SPEED;
2352 						break;
2353 					}
2354 				}
2355 				cpi->max_lun = sc->sc_maxlun;
2356 			}
2357 
2358 			cpi->ccb_h.status = CAM_REQ_CMP;
2359 			xpt_done(ccb);
2360 			break;
2361 		}
2362 	case XPT_RESET_DEV:
2363 		{
2364 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_RESET_DEV:.\n",
2365 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2366 			    (uintmax_t)ccb->ccb_h.target_lun);
2367 
2368 			umass_reset(sc);
2369 
2370 			ccb->ccb_h.status = CAM_REQ_CMP;
2371 			xpt_done(ccb);
2372 			break;
2373 		}
2374 	case XPT_GET_TRAN_SETTINGS:
2375 		{
2376 			struct ccb_trans_settings *cts = &ccb->cts;
2377 
2378 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_GET_TRAN_SETTINGS:.\n",
2379 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2380 			    (uintmax_t)ccb->ccb_h.target_lun);
2381 
2382 			cts->protocol = PROTO_SCSI;
2383 			cts->protocol_version = SCSI_REV_2;
2384 			cts->transport = XPORT_USB;
2385 			cts->transport_version = 0;
2386 			cts->xport_specific.valid = 0;
2387 
2388 			ccb->ccb_h.status = CAM_REQ_CMP;
2389 			xpt_done(ccb);
2390 			break;
2391 		}
2392 	case XPT_SET_TRAN_SETTINGS:
2393 		{
2394 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_SET_TRAN_SETTINGS:.\n",
2395 			    cam_sim_path(sc->sc_sim), ccb->ccb_h.target_id,
2396 			    (uintmax_t)ccb->ccb_h.target_lun);
2397 
2398 			ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2399 			xpt_done(ccb);
2400 			break;
2401 		}
2402 	case XPT_CALC_GEOMETRY:
2403 		{
2404 			cam_calc_geometry(&ccb->ccg, /* extended */ 1);
2405 			xpt_done(ccb);
2406 			break;
2407 		}
2408 	case XPT_NOOP:
2409 		{
2410 			DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:XPT_NOOP:.\n",
2411 			    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2412 			    (uintmax_t)ccb->ccb_h.target_lun);
2413 
2414 			ccb->ccb_h.status = CAM_REQ_CMP;
2415 			xpt_done(ccb);
2416 			break;
2417 		}
2418 	default:
2419 		DPRINTF(sc, UDMASS_SCSI, "%d:%d:%jx:func_code 0x%04x: "
2420 		    "Not implemented\n",
2421 		    sc ? cam_sim_path(sc->sc_sim) : -1, ccb->ccb_h.target_id,
2422 		    (uintmax_t)ccb->ccb_h.target_lun, ccb->ccb_h.func_code);
2423 
2424 		ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
2425 		xpt_done(ccb);
2426 		break;
2427 	}
2428 
2429 done:
2430 	return;
2431 }
2432 
2433 static void
umass_cam_poll(struct cam_sim * sim)2434 umass_cam_poll(struct cam_sim *sim)
2435 {
2436 	struct umass_softc *sc = cam_sim_softc(sim);
2437 
2438 	if (sc == NULL)
2439 		return;
2440 
2441 	DPRINTF(sc, UDMASS_SCSI, "CAM poll\n");
2442 
2443 	usbd_transfer_poll(sc->sc_xfer, UMASS_T_MAX);
2444 }
2445 
2446 /* umass_cam_cb
2447  *	finalise a completed CAM command
2448  */
2449 
2450 static void
umass_cam_cb(struct umass_softc * sc,union ccb * ccb,uint32_t residue,uint8_t status)2451 umass_cam_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2452     uint8_t status)
2453 {
2454 	ccb->csio.resid = residue;
2455 
2456 	switch (status) {
2457 	case STATUS_CMD_OK:
2458 		ccb->ccb_h.status = CAM_REQ_CMP;
2459 		if ((sc->sc_quirks & READ_CAPACITY_OFFBY1) &&
2460 		    (ccb->ccb_h.func_code == XPT_SCSI_IO) &&
2461 		    (ccb->csio.cdb_io.cdb_bytes[0] == READ_CAPACITY)) {
2462 			struct scsi_read_capacity_data *rcap;
2463 			uint32_t maxsector;
2464 
2465 			rcap = (void *)(ccb->csio.data_ptr);
2466 			maxsector = scsi_4btoul(rcap->addr) - 1;
2467 			scsi_ulto4b(maxsector, rcap->addr);
2468 		}
2469 		/*
2470 		 * We have to add SVPD_UNIT_SERIAL_NUMBER to the list
2471 		 * of pages supported by the device - otherwise, CAM
2472 		 * will never ask us for the serial number if the
2473 		 * device cannot handle that by itself.
2474 		 */
2475 		if (ccb->ccb_h.func_code == XPT_SCSI_IO &&
2476 		    sc->sc_transfer.cmd_data[0] == INQUIRY &&
2477 		    (sc->sc_transfer.cmd_data[1] & SI_EVPD) &&
2478 		    sc->sc_transfer.cmd_data[2] == SVPD_SUPPORTED_PAGE_LIST &&
2479 		    (usb_get_serial(sc->sc_udev)[0] != '\0')) {
2480 			struct ccb_scsiio *csio;
2481 			struct scsi_vpd_supported_page_list *page_list;
2482 
2483 			csio = &ccb->csio;
2484 			page_list = (struct scsi_vpd_supported_page_list *)csio->data_ptr;
2485 			if (page_list->length + 1 < SVPD_SUPPORTED_PAGES_SIZE) {
2486 				page_list->list[page_list->length] = SVPD_UNIT_SERIAL_NUMBER;
2487 				page_list->length++;
2488 			}
2489 		}
2490 		xpt_done(ccb);
2491 		break;
2492 
2493 	case STATUS_CMD_UNKNOWN:
2494 	case STATUS_CMD_FAILED:
2495 
2496 		/* fetch sense data */
2497 
2498 		/* the rest of the command was filled in at attach */
2499 		sc->cam_scsi_sense.length = ccb->csio.sense_len;
2500 
2501 		DPRINTF(sc, UDMASS_SCSI, "Fetching %d bytes of "
2502 		    "sense data\n", ccb->csio.sense_len);
2503 
2504 		if (umass_std_transform(sc, ccb, &sc->cam_scsi_sense.opcode,
2505 		    sizeof(sc->cam_scsi_sense))) {
2506 			if ((sc->sc_quirks & FORCE_SHORT_INQUIRY) &&
2507 			    (sc->sc_transfer.cmd_data[0] == INQUIRY)) {
2508 				ccb->csio.sense_len = SHORT_INQUIRY_LENGTH;
2509 			}
2510 			umass_command_start(sc, DIR_IN, &ccb->csio.sense_data.error_code,
2511 			    ccb->csio.sense_len, ccb->ccb_h.timeout,
2512 			    &umass_cam_sense_cb, ccb);
2513 		}
2514 		break;
2515 
2516 	default:
2517 		/*
2518 		 * The wire protocol failed and will hopefully have
2519 		 * recovered. We return an error to CAM and let CAM
2520 		 * retry the command if necessary.
2521 		 */
2522 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2523 		ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN;
2524 		xpt_done(ccb);
2525 		break;
2526 	}
2527 }
2528 
2529 /*
2530  * Finalise a completed autosense operation
2531  */
2532 static void
umass_cam_sense_cb(struct umass_softc * sc,union ccb * ccb,uint32_t residue,uint8_t status)2533 umass_cam_sense_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2534     uint8_t status)
2535 {
2536 	uint8_t *cmd;
2537 
2538 	switch (status) {
2539 	case STATUS_CMD_OK:
2540 	case STATUS_CMD_UNKNOWN:
2541 	case STATUS_CMD_FAILED: {
2542 		int key, sense_len;
2543 
2544 		ccb->csio.sense_resid = residue;
2545 		sense_len = ccb->csio.sense_len - ccb->csio.sense_resid;
2546 		key = scsi_get_sense_key(&ccb->csio.sense_data, sense_len,
2547 					 /*show_errors*/ 1);
2548 
2549 		if (ccb->csio.ccb_h.flags & CAM_CDB_POINTER) {
2550 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_ptr);
2551 		} else {
2552 			cmd = (uint8_t *)(ccb->csio.cdb_io.cdb_bytes);
2553 		}
2554 
2555 		/*
2556 		 * Getting sense data always succeeds (apart from wire
2557 		 * failures):
2558 		 */
2559 		if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2560 		    (cmd[0] == INQUIRY) &&
2561 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2562 			/*
2563 			 * Ignore unit attention errors in the case where
2564 			 * the Unit Attention state is not cleared on
2565 			 * REQUEST SENSE. They will appear again at the next
2566 			 * command.
2567 			 */
2568 			ccb->ccb_h.status = CAM_REQ_CMP;
2569 		} else if (key == SSD_KEY_NO_SENSE) {
2570 			/*
2571 			 * No problem after all (in the case of CBI without
2572 			 * CCI)
2573 			 */
2574 			ccb->ccb_h.status = CAM_REQ_CMP;
2575 		} else if ((sc->sc_quirks & RS_NO_CLEAR_UA) &&
2576 			    (cmd[0] == READ_CAPACITY) &&
2577 		    (key == SSD_KEY_UNIT_ATTENTION)) {
2578 			/*
2579 			 * Some devices do not clear the unit attention error
2580 			 * on request sense. We insert a test unit ready
2581 			 * command to make sure we clear the unit attention
2582 			 * condition, then allow the retry to proceed as
2583 			 * usual.
2584 			 */
2585 
2586 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2587 			ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2588 			    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2589 			ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2590 
2591 #if 0
2592 			DELAY(300000);
2593 #endif
2594 			DPRINTF(sc, UDMASS_SCSI, "Doing a sneaky"
2595 			    "TEST_UNIT_READY\n");
2596 
2597 			/* the rest of the command was filled in at attach */
2598 
2599 			if ((sc->sc_transform)(sc,
2600 			    &sc->cam_scsi_test_unit_ready.opcode,
2601 			    sizeof(sc->cam_scsi_test_unit_ready)) == 1) {
2602 				umass_command_start(sc, DIR_NONE, NULL, 0,
2603 				    ccb->ccb_h.timeout,
2604 				    &umass_cam_quirk_cb, ccb);
2605 				break;
2606 			}
2607 		} else {
2608 			xpt_freeze_devq(ccb->ccb_h.path, 1);
2609 			if (key >= 0) {
2610 				ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
2611 				    | CAM_AUTOSNS_VALID | CAM_DEV_QFRZN;
2612 				ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
2613 			} else
2614 				ccb->ccb_h.status = CAM_AUTOSENSE_FAIL
2615 				    | CAM_DEV_QFRZN;
2616 		}
2617 		xpt_done(ccb);
2618 		break;
2619 	}
2620 	default:
2621 		DPRINTF(sc, UDMASS_SCSI, "Autosense failed, "
2622 		    "status %d\n", status);
2623 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2624 		ccb->ccb_h.status = CAM_AUTOSENSE_FAIL | CAM_DEV_QFRZN;
2625 		xpt_done(ccb);
2626 	}
2627 }
2628 
2629 /*
2630  * This completion code just handles the fact that we sent a test-unit-ready
2631  * after having previously failed a READ CAPACITY with CHECK_COND.  The CCB
2632  * status for CAM is already set earlier.
2633  */
2634 static void
umass_cam_quirk_cb(struct umass_softc * sc,union ccb * ccb,uint32_t residue,uint8_t status)2635 umass_cam_quirk_cb(struct umass_softc *sc, union ccb *ccb, uint32_t residue,
2636     uint8_t status)
2637 {
2638 	DPRINTF(sc, UDMASS_SCSI, "Test unit ready "
2639 	    "returned status %d\n", status);
2640 
2641 	xpt_done(ccb);
2642 }
2643 
2644 /*
2645  * SCSI specific functions
2646  */
2647 
2648 static uint8_t
umass_scsi_transform(struct umass_softc * sc,uint8_t * cmd_ptr,uint8_t cmd_len)2649 umass_scsi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2650     uint8_t cmd_len)
2651 {
2652 	if ((cmd_len == 0) ||
2653 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2654 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2655 		    "length: %d bytes\n", cmd_len);
2656 		return (0);		/* failure */
2657 	}
2658 	sc->sc_transfer.cmd_len = cmd_len;
2659 
2660 	switch (cmd_ptr[0]) {
2661 	case TEST_UNIT_READY:
2662 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2663 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2664 			    "to START_UNIT\n");
2665 			memset(sc->sc_transfer.cmd_data, 0, cmd_len);
2666 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2667 			sc->sc_transfer.cmd_data[4] = SSS_START;
2668 			return (1);
2669 		}
2670 		break;
2671 
2672 	case INQUIRY:
2673 		/*
2674 		 * some drives wedge when asked for full inquiry
2675 		 * information.
2676 		 */
2677 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2678 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2679 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2680 			return (1);
2681 		}
2682 		break;
2683 	}
2684 
2685 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2686 	return (1);
2687 }
2688 
2689 static uint8_t
umass_rbc_transform(struct umass_softc * sc,uint8_t * cmd_ptr,uint8_t cmd_len)2690 umass_rbc_transform(struct umass_softc *sc, uint8_t *cmd_ptr, uint8_t cmd_len)
2691 {
2692 	if ((cmd_len == 0) ||
2693 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2694 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2695 		    "length: %d bytes\n", cmd_len);
2696 		return (0);		/* failure */
2697 	}
2698 	switch (cmd_ptr[0]) {
2699 		/* these commands are defined in RBC: */
2700 	case READ_10:
2701 	case READ_CAPACITY:
2702 	case START_STOP_UNIT:
2703 	case SYNCHRONIZE_CACHE:
2704 	case WRITE_10:
2705 	case VERIFY_10:
2706 	case INQUIRY:
2707 	case MODE_SELECT_10:
2708 	case MODE_SENSE_10:
2709 	case TEST_UNIT_READY:
2710 	case WRITE_BUFFER:
2711 		/*
2712 		 * The following commands are not listed in my copy of the
2713 		 * RBC specs. CAM however seems to want those, and at least
2714 		 * the Sony DSC device appears to support those as well
2715 		 */
2716 	case REQUEST_SENSE:
2717 	case PREVENT_ALLOW:
2718 
2719 		memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2720 
2721 		if ((sc->sc_quirks & RBC_PAD_TO_12) && (cmd_len < 12)) {
2722 			memset(sc->sc_transfer.cmd_data + cmd_len,
2723 			    0, 12 - cmd_len);
2724 			cmd_len = 12;
2725 		}
2726 		sc->sc_transfer.cmd_len = cmd_len;
2727 		return (1);		/* success */
2728 
2729 		/* All other commands are not legal in RBC */
2730 	default:
2731 		DPRINTF(sc, UDMASS_SCSI, "Unsupported RBC "
2732 		    "command 0x%02x\n", cmd_ptr[0]);
2733 		return (0);		/* failure */
2734 	}
2735 }
2736 
2737 static uint8_t
umass_ufi_transform(struct umass_softc * sc,uint8_t * cmd_ptr,uint8_t cmd_len)2738 umass_ufi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2739     uint8_t cmd_len)
2740 {
2741 	if ((cmd_len == 0) ||
2742 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2743 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2744 		    "length: %d bytes\n", cmd_len);
2745 		return (0);		/* failure */
2746 	}
2747 	/* An UFI command is always 12 bytes in length */
2748 	sc->sc_transfer.cmd_len = UFI_COMMAND_LENGTH;
2749 
2750 	/* Zero the command data */
2751 	memset(sc->sc_transfer.cmd_data, 0, UFI_COMMAND_LENGTH);
2752 
2753 	switch (cmd_ptr[0]) {
2754 		/*
2755 		 * Commands of which the format has been verified. They
2756 		 * should work. Copy the command into the (zeroed out)
2757 		 * destination buffer.
2758 		 */
2759 	case TEST_UNIT_READY:
2760 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2761 			/*
2762 			 * Some devices do not support this command. Start
2763 			 * Stop Unit should give the same results
2764 			 */
2765 			DPRINTF(sc, UDMASS_UFI, "Converted TEST_UNIT_READY "
2766 			    "to START_UNIT\n");
2767 
2768 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2769 			sc->sc_transfer.cmd_data[4] = SSS_START;
2770 			return (1);
2771 		}
2772 		break;
2773 
2774 	case REZERO_UNIT:
2775 	case REQUEST_SENSE:
2776 	case FORMAT_UNIT:
2777 	case INQUIRY:
2778 	case START_STOP_UNIT:
2779 	case SEND_DIAGNOSTIC:
2780 	case PREVENT_ALLOW:
2781 	case READ_CAPACITY:
2782 	case READ_10:
2783 	case WRITE_10:
2784 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2785 	case WRITE_AND_VERIFY:
2786 	case VERIFY:
2787 	case MODE_SELECT_10:
2788 	case MODE_SENSE_10:
2789 	case READ_12:
2790 	case WRITE_12:
2791 	case READ_FORMAT_CAPACITIES:
2792 		break;
2793 
2794 		/*
2795 		 * SYNCHRONIZE_CACHE isn't supported by UFI, nor should it be
2796 		 * required for UFI devices, so it is appropriate to fake
2797 		 * success.
2798 		 */
2799 	case SYNCHRONIZE_CACHE:
2800 		return (2);
2801 
2802 	default:
2803 		DPRINTF(sc, UDMASS_SCSI, "Unsupported UFI "
2804 		    "command 0x%02x\n", cmd_ptr[0]);
2805 		return (0);		/* failure */
2806 	}
2807 
2808 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2809 	return (1);			/* success */
2810 }
2811 
2812 /*
2813  * 8070i (ATAPI) specific functions
2814  */
2815 static uint8_t
umass_atapi_transform(struct umass_softc * sc,uint8_t * cmd_ptr,uint8_t cmd_len)2816 umass_atapi_transform(struct umass_softc *sc, uint8_t *cmd_ptr,
2817     uint8_t cmd_len)
2818 {
2819 	if ((cmd_len == 0) ||
2820 	    (cmd_len > sizeof(sc->sc_transfer.cmd_data))) {
2821 		DPRINTF(sc, UDMASS_SCSI, "Invalid command "
2822 		    "length: %d bytes\n", cmd_len);
2823 		return (0);		/* failure */
2824 	}
2825 	/* An ATAPI command is always 12 bytes in length. */
2826 	sc->sc_transfer.cmd_len = ATAPI_COMMAND_LENGTH;
2827 
2828 	/* Zero the command data */
2829 	memset(sc->sc_transfer.cmd_data, 0, ATAPI_COMMAND_LENGTH);
2830 
2831 	switch (cmd_ptr[0]) {
2832 		/*
2833 		 * Commands of which the format has been verified. They
2834 		 * should work. Copy the command into the destination
2835 		 * buffer.
2836 		 */
2837 	case INQUIRY:
2838 		/*
2839 		 * some drives wedge when asked for full inquiry
2840 		 * information.
2841 		 */
2842 		if (sc->sc_quirks & FORCE_SHORT_INQUIRY) {
2843 			memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2844 
2845 			sc->sc_transfer.cmd_data[4] = SHORT_INQUIRY_LENGTH;
2846 			return (1);
2847 		}
2848 		break;
2849 
2850 	case TEST_UNIT_READY:
2851 		if (sc->sc_quirks & NO_TEST_UNIT_READY) {
2852 			DPRINTF(sc, UDMASS_SCSI, "Converted TEST_UNIT_READY "
2853 			    "to START_UNIT\n");
2854 			sc->sc_transfer.cmd_data[0] = START_STOP_UNIT;
2855 			sc->sc_transfer.cmd_data[4] = SSS_START;
2856 			return (1);
2857 		}
2858 		break;
2859 
2860 	case REZERO_UNIT:
2861 	case REQUEST_SENSE:
2862 	case START_STOP_UNIT:
2863 	case SEND_DIAGNOSTIC:
2864 	case PREVENT_ALLOW:
2865 	case READ_CAPACITY:
2866 	case READ_10:
2867 	case WRITE_10:
2868 	case POSITION_TO_ELEMENT:	/* SEEK_10 */
2869 	case SYNCHRONIZE_CACHE:
2870 	case MODE_SELECT_10:
2871 	case MODE_SENSE_10:
2872 	case READ_BUFFER:
2873 	case 0x42:			/* READ_SUBCHANNEL */
2874 	case 0x43:			/* READ_TOC */
2875 	case 0x44:			/* READ_HEADER */
2876 	case 0x47:			/* PLAY_MSF (Play Minute/Second/Frame) */
2877 	case 0x48:			/* PLAY_TRACK */
2878 	case 0x49:			/* PLAY_TRACK_REL */
2879 	case 0x4b:			/* PAUSE */
2880 	case 0x51:			/* READ_DISK_INFO */
2881 	case 0x52:			/* READ_TRACK_INFO */
2882 	case 0x54:			/* SEND_OPC */
2883 	case 0x59:			/* READ_MASTER_CUE */
2884 	case 0x5b:			/* CLOSE_TR_SESSION */
2885 	case 0x5c:			/* READ_BUFFER_CAP */
2886 	case 0x5d:			/* SEND_CUE_SHEET */
2887 	case 0xa1:			/* BLANK */
2888 	case 0xa5:			/* PLAY_12 */
2889 	case 0xa6:			/* EXCHANGE_MEDIUM */
2890 	case 0xad:			/* READ_DVD_STRUCTURE */
2891 	case 0xbb:			/* SET_CD_SPEED */
2892 	case 0xe5:			/* READ_TRACK_INFO_PHILIPS */
2893 		break;
2894 
2895 	case READ_12:
2896 	case WRITE_12:
2897 	default:
2898 		DPRINTF(sc, UDMASS_SCSI, "Unsupported ATAPI "
2899 		    "command 0x%02x - trying anyway\n",
2900 		    cmd_ptr[0]);
2901 		break;
2902 	}
2903 
2904 	memcpy(sc->sc_transfer.cmd_data, cmd_ptr, cmd_len);
2905 	return (1);			/* success */
2906 }
2907 
2908 static uint8_t
umass_no_transform(struct umass_softc * sc,uint8_t * cmd,uint8_t cmdlen)2909 umass_no_transform(struct umass_softc *sc, uint8_t *cmd,
2910     uint8_t cmdlen)
2911 {
2912 	return (0);			/* failure */
2913 }
2914 
2915 static uint8_t
umass_std_transform(struct umass_softc * sc,union ccb * ccb,uint8_t * cmd,uint8_t cmdlen)2916 umass_std_transform(struct umass_softc *sc, union ccb *ccb,
2917     uint8_t *cmd, uint8_t cmdlen)
2918 {
2919 	uint8_t retval;
2920 
2921 	retval = (sc->sc_transform) (sc, cmd, cmdlen);
2922 
2923 	if (retval == 2) {
2924 		ccb->ccb_h.status = CAM_REQ_CMP;
2925 		xpt_done(ccb);
2926 		return (0);
2927 	} else if (retval == 0) {
2928 		xpt_freeze_devq(ccb->ccb_h.path, 1);
2929 		ccb->ccb_h.status = CAM_REQ_INVALID | CAM_DEV_QFRZN;
2930 		xpt_done(ccb);
2931 		return (0);
2932 	}
2933 	/* Command should be executed */
2934 	return (1);
2935 }
2936 
2937 #ifdef USB_DEBUG
2938 static void
umass_bbb_dump_cbw(struct umass_softc * sc,umass_bbb_cbw_t * cbw)2939 umass_bbb_dump_cbw(struct umass_softc *sc, umass_bbb_cbw_t *cbw)
2940 {
2941 	uint8_t *c = cbw->CBWCDB;
2942 
2943 	uint32_t dlen = UGETDW(cbw->dCBWDataTransferLength);
2944 	uint32_t tag = UGETDW(cbw->dCBWTag);
2945 
2946 	uint8_t clen = cbw->bCDBLength;
2947 	uint8_t flags = cbw->bCBWFlags;
2948 	uint8_t lun = cbw->bCBWLUN;
2949 
2950 	DPRINTF(sc, UDMASS_BBB, "CBW %d: cmd = %db "
2951 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2952 	    "data = %db, lun = %d, dir = %s\n",
2953 	    tag, clen,
2954 	    c[0], c[1], c[2], c[3], c[4], c[5], (clen > 6 ? "..." : ""),
2955 	    dlen, lun, (flags == CBWFLAGS_IN ? "in" :
2956 	    (flags == CBWFLAGS_OUT ? "out" : "<invalid>")));
2957 }
2958 
2959 static void
umass_bbb_dump_csw(struct umass_softc * sc,umass_bbb_csw_t * csw)2960 umass_bbb_dump_csw(struct umass_softc *sc, umass_bbb_csw_t *csw)
2961 {
2962 	uint32_t sig = UGETDW(csw->dCSWSignature);
2963 	uint32_t tag = UGETDW(csw->dCSWTag);
2964 	uint32_t res = UGETDW(csw->dCSWDataResidue);
2965 	uint8_t status = csw->bCSWStatus;
2966 
2967 	DPRINTF(sc, UDMASS_BBB, "CSW %d: sig = 0x%08x (%s), tag = 0x%08x, "
2968 	    "res = %d, status = 0x%02x (%s)\n",
2969 	    tag, sig, (sig == CSWSIGNATURE ? "valid" : "invalid"),
2970 	    tag, res,
2971 	    status, (status == CSWSTATUS_GOOD ? "good" :
2972 	    (status == CSWSTATUS_FAILED ? "failed" :
2973 	    (status == CSWSTATUS_PHASE ? "phase" : "<invalid>"))));
2974 }
2975 
2976 static void
umass_cbi_dump_cmd(struct umass_softc * sc,void * cmd,uint8_t cmdlen)2977 umass_cbi_dump_cmd(struct umass_softc *sc, void *cmd, uint8_t cmdlen)
2978 {
2979 	uint8_t *c = cmd;
2980 	uint8_t dir = sc->sc_transfer.dir;
2981 
2982 	DPRINTF(sc, UDMASS_BBB, "cmd = %db "
2983 	    "(0x%02x%02x%02x%02x%02x%02x%s), "
2984 	    "data = %db, dir = %s\n",
2985 	    cmdlen,
2986 	    c[0], c[1], c[2], c[3], c[4], c[5], (cmdlen > 6 ? "..." : ""),
2987 	    sc->sc_transfer.data_len,
2988 	    (dir == DIR_IN ? "in" :
2989 	    (dir == DIR_OUT ? "out" :
2990 	    (dir == DIR_NONE ? "no data phase" : "<invalid>"))));
2991 }
2992 
2993 static void
umass_dump_buffer(struct umass_softc * sc,uint8_t * buffer,uint32_t buflen,uint32_t printlen)2994 umass_dump_buffer(struct umass_softc *sc, uint8_t *buffer, uint32_t buflen,
2995     uint32_t printlen)
2996 {
2997 	uint32_t i, j;
2998 	char s1[40];
2999 	char s2[40];
3000 	char s3[5];
3001 
3002 	s1[0] = '\0';
3003 	s3[0] = '\0';
3004 
3005 	sprintf(s2, " buffer=%p, buflen=%d", buffer, buflen);
3006 	for (i = 0; (i < buflen) && (i < printlen); i++) {
3007 		j = i % 16;
3008 		if (j == 0 && i != 0) {
3009 			DPRINTF(sc, UDMASS_GEN, "0x %s%s\n",
3010 			    s1, s2);
3011 			s2[0] = '\0';
3012 		}
3013 		sprintf(&s1[j * 2], "%02x", buffer[i] & 0xff);
3014 	}
3015 	if (buflen > printlen)
3016 		sprintf(s3, " ...");
3017 	DPRINTF(sc, UDMASS_GEN, "0x %s%s%s\n",
3018 	    s1, s2, s3);
3019 }
3020 
3021 #endif
3022