From 1244bb8780b3b92a03d9a8dad9f73a4dc5fb5113 Mon Sep 17 00:00:00 2001 From: Florin9doi Date: Sat, 20 Jun 2026 11:13:28 +0300 Subject: [PATCH 1/4] fw: fix crom gen --- iop/iLink/iLinkman/src/iLink_crom.c | 54 ++++++++++----------- iop/iLink/iLinkman/src/include/iLink_CROM.h | 52 ++++++++++---------- 2 files changed, 52 insertions(+), 54 deletions(-) diff --git a/iop/iLink/iLinkman/src/iLink_crom.c b/iop/iLink/iLinkman/src/iLink_crom.c index 1959fc459583..2032f60e843c 100644 --- a/iop/iLink/iLinkman/src/iLink_crom.c +++ b/iop/iLink/iLinkman/src/iLink_crom.c @@ -294,17 +294,25 @@ static void BuildConfigurationROM(void) if ((CROM_Buffer = malloc(CROMSize)) == NULL) return; + memset(CROM_Buffer, 0, CROMSize); + CurrentOffset = sizeof(struct BusInformationBlockHeader) + sizeof(struct BusInformationBlock); /* Fill in the fields in the Root Directory (Exists immediately after the Bus Information block). */ DirectoryHeader = (struct DirectoryHeader *)&CROM_Buffer[CurrentOffset]; RootDirectory = (struct Root_Directory *)((unsigned char *)DirectoryHeader + sizeof(struct DirectoryHeader)); - RootDirectory->Module_Vendor_ID_Texual_Descriptor_Offset = (IEEE1394_CROM_VENDOR << 24) | (sizeof(struct DirectoryHeader) * 2 / 4 + TotalRootDirectorySizeInQuads - 2 + sizeof(struct Module_Vendor_Id) / 4); /* Calculate the relative offset (In quadlets!!). */ + RootDirectory->VendorID = (IEEE1394_CROM_VENDOR << 24) | 0x80046; + RootDirectory->Module_Vendor_ID_Texual_Descriptor_Offset = (IEEE1394_CROM_MODEL_ID << 24) + | (sizeof(struct DirectoryHeader) * 2 / 4 + + TotalRootDirectorySizeInQuads - 2 // offset of Module_Vendor_ID_Texual_Descriptor_Offset+1 + + sizeof(struct Module_Vendor_Id) / 4); /* Calculate the relative offset (In quadlets!!). */ RootDirectory->Node_Capabilities = (IEEE1394_CROM_NODE_CAPS << 24) | 0x0C0083C0; - RootDirectory->Node_Unique_ID_Offset = (IEEE1394_CROM_NODE_UID << 24) | (sizeof(struct DirectoryHeader) * 3 / 4 + TotalRootDirectorySizeInQuads - 2 + sizeof(struct Module_Vendor_Id) / 4 + sizeof(struct Module_Vendor_ID_Texual_Descriptor) / 4); + RootDirectory->Node_Unique_ID_Offset = (IEEE1394_CROM_NODE_UID << 24) + | (sizeof(struct DirectoryHeader) * 3 / 4 + + TotalRootDirectorySizeInQuads - 4 // offset of Node_Unique_ID_Offset+1 + + sizeof(struct Module_Vendor_Id) / 4 + + sizeof(struct Module_Vendor_ID_Texual_Descriptor) / 4); RootDirectory->Module_Vendor_ID_Offset = (IEEE1394_CROM_MODULE_VENDOR_ID << 24) | (nExtraCROMUnits + 1); - ieee1394Swab32(RootDirectory, RootDirectory, sizeof(struct Root_Directory) / 4); /* Convert this block of data to Big-endian data. */ - CurrentOffset = CurrentOffset + sizeof(struct DirectoryHeader) + sizeof(struct Root_Directory); for (i = 0; i < 16; i++) { @@ -315,19 +323,15 @@ static void BuildConfigurationROM(void) } DirectoryHeader->Directory_length = TotalRootDirectorySizeInQuads; - DirectoryHeader->CRC16 = BSWAP16(iLinkCalculateCRC16(RootDirectory, DirectoryHeader->Directory_length)); - DirectoryHeader->Directory_length = BSWAP16(DirectoryHeader->Directory_length); + DirectoryHeader->CRC16 = iLinkCalculateCRC16(RootDirectory, DirectoryHeader->Directory_length); /* Fill in the fields of the Module Vendor ID record. */ ModuleVendorID = (struct Module_Vendor_Id *)&CROM_Buffer[CurrentOffset + sizeof(struct DirectoryHeader)]; ModuleVendorID->Textual_Descriptor = (IEEE1394_CROM_MODEL_ID << 24) | ((sizeof(struct DirectoryHeader) * 2 / 4 + sizeof(struct Module_Vendor_ID_Texual_Descriptor) + sizeof(struct Node_Unique_Id)) / 4); - ieee1394Swab32(ModuleVendorID, ModuleVendorID, sizeof(struct Module_Vendor_Id) / 4); /* Convert this block of data to Big-endian data. */ - DirectoryHeader = (struct DirectoryHeader *)&CROM_Buffer[CurrentOffset]; DirectoryHeader->Directory_length = 1; - DirectoryHeader->CRC16 = BSWAP16(iLinkCalculateCRC16(ModuleVendorID, DirectoryHeader->Directory_length)); - DirectoryHeader->Directory_length = BSWAP16(DirectoryHeader->Directory_length); + DirectoryHeader->CRC16 = iLinkCalculateCRC16(ModuleVendorID, DirectoryHeader->Directory_length); CurrentOffset = CurrentOffset + sizeof(struct Module_Vendor_Id) + sizeof(struct DirectoryHeader); @@ -336,14 +340,10 @@ static void BuildConfigurationROM(void) ModuleTexualDescriptor = (struct Module_Vendor_ID_Texual_Descriptor *)((unsigned char *)DirectoryHeader + sizeof(struct DirectoryHeader)); ModuleTexualDescriptor->Specifier_ID = 0x00000000; ModuleTexualDescriptor->Language_ID = 0x00000000; - - ieee1394Swab32(ModuleTexualDescriptor, ModuleTexualDescriptor, sizeof(struct Module_Vendor_ID_Texual_Descriptor) / 4); /* Convert this block of data to Big-endian data. */ - - memcpy(ModuleTexualDescriptor->Vendor_Name, "Sony", 4); /* Don't flop the "Sony" text. */ + ModuleTexualDescriptor->Vendor_Name = ('S' << 24) | ('o' << 16) | ('n' << 8) | ('y' << 0); DirectoryHeader->Directory_length = 3; - DirectoryHeader->CRC16 = BSWAP16(iLinkCalculateCRC16(ModuleTexualDescriptor, DirectoryHeader->Directory_length)); - DirectoryHeader->Directory_length = BSWAP16(DirectoryHeader->Directory_length); + DirectoryHeader->CRC16 = iLinkCalculateCRC16(ModuleTexualDescriptor, DirectoryHeader->Directory_length); CurrentOffset = CurrentOffset + sizeof(struct Module_Vendor_ID_Texual_Descriptor) + sizeof(struct DirectoryHeader); @@ -351,12 +351,11 @@ static void BuildConfigurationROM(void) DirectoryHeader = (struct DirectoryHeader *)&CROM_Buffer[CurrentOffset]; NodeUniqueID = (struct Node_Unique_Id *)((unsigned char *)DirectoryHeader + sizeof(struct DirectoryHeader)); - NodeUniqueID->HardwareID = BSWAP32((ConsoleGUID >> 32)); - NodeUniqueID->Chip_ID_Low = BSWAP32((ConsoleGUID & 0xFFFFFFFF)); + NodeUniqueID->HardwareID = ConsoleGUID >> 32; + NodeUniqueID->Chip_ID_Low = ConsoleGUID & 0xFFFFFFFF; DirectoryHeader->Directory_length = sizeof(struct Node_Unique_Id) / 4; - DirectoryHeader->CRC16 = BSWAP16(iLinkCalculateCRC16(NodeUniqueID, DirectoryHeader->Directory_length)); - DirectoryHeader->Directory_length = BSWAP16(DirectoryHeader->Directory_length); + DirectoryHeader->CRC16 = iLinkCalculateCRC16(NodeUniqueID, DirectoryHeader->Directory_length); CurrentOffset = CurrentOffset + sizeof(struct DirectoryHeader) + sizeof(struct Node_Unique_Id); @@ -370,25 +369,24 @@ static void BuildConfigurationROM(void) memcpy(ModelName->Model_Name, ConsoleModelName, sizeof(ModelName->Model_Name)); DirectoryHeader->Directory_length = sizeof(struct ModelID_Textual_Descriptor) / 4; - DirectoryHeader->CRC16 = BSWAP16(iLinkCalculateCRC16(ModelName, DirectoryHeader->Directory_length)); - DirectoryHeader->Directory_length = BSWAP16(DirectoryHeader->Directory_length); + DirectoryHeader->CRC16 = iLinkCalculateCRC16(ModelName, DirectoryHeader->Directory_length); CurrentOffset = sizeof(struct BusInformationBlockHeader); /* Fill in the fields in the Bus Information Block. */ BusInfoBlk = (struct BusInformationBlock *)&CROM_Buffer[CurrentOffset]; - memcpy(BusInfoBlk->BusName, "1394", 4); - BusInfoBlk->capabilities = NodeCapabilities << 3; - BusInfoBlk->Cyc_Clk_Acc = CycleClkAcc; - BusInfoBlk->Max_Rec = Max_Rec << 4; + BusInfoBlk->BusName = ('1' << 24) | ('3' << 16) | ('9' << 8) | ('4' << 0); BusInfoBlk->misc = LinkSpeed; + BusInfoBlk->Max_Rec = Max_Rec << 4; + BusInfoBlk->Cyc_Clk_Acc = CycleClkAcc; + BusInfoBlk->capabilities = NodeCapabilities << 3; BusInfoBlk->HardwareID = NodeUniqueID->HardwareID; BusInfoBlk->Chip_ID_Low = NodeUniqueID->Chip_ID_Low; /* Fill in the fields in the Bus Information Block Header. */ - ((struct BusInformationBlockHeader *)CROM_Buffer)->Bus_info_length = 4; /* According to the standard. */ - ((struct BusInformationBlockHeader *)CROM_Buffer)->CRC_length = sizeof(struct BusInformationBlock) / 4; ((struct BusInformationBlockHeader *)CROM_Buffer)->ROM_CRC_value = BSWAP16(iLinkCalculateCRC16(BusInfoBlk, sizeof(struct BusInformationBlock) / 4)); + ((struct BusInformationBlockHeader *)CROM_Buffer)->CRC_length = sizeof(struct BusInformationBlock) / 4; + ((struct BusInformationBlockHeader *)CROM_Buffer)->Bus_info_length = 4; /* According to the standard. */ if (ConfigurationROM != NULL) free(ConfigurationROM); diff --git a/iop/iLink/iLinkman/src/include/iLink_CROM.h b/iop/iLink/iLinkman/src/include/iLink_CROM.h index 7b1cfdde8637..8ba4e7a1a782 100644 --- a/iop/iLink/iLinkman/src/include/iLink_CROM.h +++ b/iop/iLink/iLinkman/src/include/iLink_CROM.h @@ -14,59 +14,59 @@ struct BusInformationBlockHeader { - unsigned char Bus_info_length; - unsigned char CRC_length; - unsigned short int ROM_CRC_value; + u16 ROM_CRC_value; + u8 CRC_length; + u8 Bus_info_length; }; struct BusInformationBlock { - unsigned char BusName[4]; - unsigned char capabilities; - unsigned char Cyc_Clk_Acc; - unsigned char Max_Rec; - unsigned char misc; /* g, resv. and link_spd fields. */ + u32 BusName; + u8 misc; /* g, resv. and link_spd fields. */ + u8 Max_Rec; + u8 Cyc_Clk_Acc; + u8 capabilities; - unsigned int HardwareID; /* NodeVendorID | Chip_ID_High */ - unsigned int Chip_ID_Low; + u32 HardwareID; /* NodeVendorID | Chip_ID_High */ + u32 Chip_ID_Low; }; struct DirectoryHeader { - unsigned short int Directory_length; - unsigned short int CRC16; + u16 CRC16; + u16 Directory_length; }; struct Root_Directory { - unsigned int VendorID; - unsigned int Module_Vendor_ID_Texual_Descriptor_Offset; - unsigned int Node_Capabilities; - unsigned int Node_Unique_ID_Offset; - unsigned int Module_Vendor_ID_Offset; + u32 VendorID; + u32 Module_Vendor_ID_Texual_Descriptor_Offset; + u32 Node_Capabilities; + u32 Node_Unique_ID_Offset; + u32 Module_Vendor_ID_Offset; }; struct Module_Vendor_ID_Texual_Descriptor { - unsigned int Specifier_ID; - unsigned int Language_ID; - unsigned char Vendor_Name[4]; /* "Sony" */ + u32 Specifier_ID; + u32 Language_ID; + u32 Vendor_Name; }; struct Module_Vendor_Id { /* For Playstation 2 consoles only? */ - unsigned int Textual_Descriptor; + u32 Textual_Descriptor; }; struct ModelID_Textual_Descriptor { - unsigned int Specifier_ID; - unsigned int Language_ID; - unsigned char Model_Name[12]; /* E.g. "SCPH-10000" + 2x00-bytes at the end. */ + u32 Specifier_ID; + u32 Language_ID; + u8 Model_Name[12]; /* E.g. "SCPH-10000" + 2x00-bytes at the end. */ }; struct Node_Unique_Id { - unsigned int HardwareID; /* Node_Vendor_ID | Chip_ID_High */ - unsigned int Chip_ID_Low; + u32 HardwareID; /* Node_Vendor_ID | Chip_ID_High */ + u32 Chip_ID_Low; }; From 3675cbf64c613bfd523ad7a83e227e97fdf83b02 Mon Sep 17 00:00:00 2001 From: Florin9doi Date: Sat, 20 Jun 2026 11:17:46 +0300 Subject: [PATCH 2/4] fw: erase sbp2 structs before use --- iop/iLink/IEEE1394_bd/src/include/sbp2_disk.h | 2 +- iop/iLink/IEEE1394_bd/src/sbp2_driver.c | 1 + iop/iLink/IEEE1394_bd/src/scsi.c | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/iop/iLink/IEEE1394_bd/src/include/sbp2_disk.h b/iop/iLink/IEEE1394_bd/src/include/sbp2_disk.h index 2466206cda3c..905dc4a1b8e5 100644 --- a/iop/iLink/IEEE1394_bd/src/include/sbp2_disk.h +++ b/iop/iLink/IEEE1394_bd/src/include/sbp2_disk.h @@ -19,7 +19,7 @@ #define CDB_MAX_PAYLOAD(v) ((v) << 20) #define CDB_SPEED(v) ((v) << 24) #define CDB_DIRECTION(v) ((v) << 27) -#define CDB_DATA_SIZE(v) ((v)) +#define CDB_DATA_SIZE(v) ((v & 0xffff)) /* Event flag bits. */ #define WRITE_REQ_INCOMING 1 diff --git a/iop/iLink/IEEE1394_bd/src/sbp2_driver.c b/iop/iLink/IEEE1394_bd/src/sbp2_driver.c index e64e785c8800..9dfc0b71da1b 100644 --- a/iop/iLink/IEEE1394_bd/src/sbp2_driver.c +++ b/iop/iLink/IEEE1394_bd/src/sbp2_driver.c @@ -536,6 +536,7 @@ static int sbp2_queue_cmd(struct scsi_interface *scsi, const unsigned char *cmd, int i; int ret; struct CommandDescriptorBlock cdb; + memset(&cdb, 0, sizeof(cdb)); M_DEBUG("sbp2_queue_cmd(0x%02x)\n", cmd[0]); diff --git a/iop/iLink/IEEE1394_bd/src/scsi.c b/iop/iLink/IEEE1394_bd/src/scsi.c index befa9d894a12..9f20df9e5fc9 100644 --- a/iop/iLink/IEEE1394_bd/src/scsi.c +++ b/iop/iLink/IEEE1394_bd/src/scsi.c @@ -24,6 +24,7 @@ typedef struct _inquiry_data u8 product[16]; u8 revision[4]; } inquiry_data; +static_assert(sizeof(inquiry_data) == 36); typedef struct _sense_data { @@ -43,6 +44,7 @@ typedef struct _read_capacity_data u8 last_lba[4]; u8 block_length[4]; } read_capacity_data; +static_assert(sizeof(read_capacity_data) == 8); #define NUM_DEVICES 2 static struct block_device g_scsi_bd[NUM_DEVICES]; @@ -148,6 +150,7 @@ static int scsi_warmup(struct block_device *bd) while ((stat = scsi_cmd_test_unit_ready(bd)) != 0) { M_PRINTF("ERROR: scsi_cmd_test_unit_ready %d\n", stat); + memset(&sd, 0, sizeof(sense_data)); stat = scsi_cmd_request_sense(bd, &sd, sizeof(sense_data)); if (stat != 0) { M_PRINTF("ERROR: scsi_cmd_request_sense %d\n", stat); @@ -166,6 +169,7 @@ static int scsi_warmup(struct block_device *bd) } } + memset(&rcd, 0, sizeof(read_capacity_data)); if ((stat = scsi_cmd_read_capacity(bd, &rcd, sizeof(read_capacity_data))) != 0) { M_PRINTF("ERROR: scsi_cmd_read_capacity %d\n", stat); return -1; From 5eb6bbc6c8d395bd241f6de280f9c54344e78813 Mon Sep 17 00:00:00 2001 From: Florin9doi Date: Sat, 20 Jun 2026 14:58:22 +0300 Subject: [PATCH 3/4] fw: fix sbp2 direction --- iop/iLink/IEEE1394_bd/src/sbp2_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iop/iLink/IEEE1394_bd/src/sbp2_driver.c b/iop/iLink/IEEE1394_bd/src/sbp2_driver.c index 9dfc0b71da1b..285bf81ed81f 100644 --- a/iop/iLink/IEEE1394_bd/src/sbp2_driver.c +++ b/iop/iLink/IEEE1394_bd/src/sbp2_driver.c @@ -541,7 +541,7 @@ static int sbp2_queue_cmd(struct scsi_interface *scsi, const unsigned char *cmd, M_DEBUG("sbp2_queue_cmd(0x%02x)\n", cmd[0]); cdb.misc = ORB_NOTIFY | ORB_REQUEST_FORMAT(0) | CDB_MAX_PAYLOAD(dev->max_payload) | CDB_SPEED(dev->speed); - cdb.misc |= data_wr ? CDB_DIRECTION(WRITE_TRANSACTION) : CDB_DIRECTION(READ_TRANSACTION); + cdb.misc |= CDB_DIRECTION(WRITE_TRANSACTION); if (data_len > 0) cdb.misc |= CDB_DATA_SIZE(data_len); From ba5d2de6a94078bd913188ce67a9da1ab62343b2 Mon Sep 17 00:00:00 2001 From: Florin9doi Date: Sat, 20 Jun 2026 15:28:36 +0300 Subject: [PATCH 4/4] fw: read_capacity_16 --- iop/iLink/IEEE1394_bd/src/scsi.c | 65 +++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 13 deletions(-) diff --git a/iop/iLink/IEEE1394_bd/src/scsi.c b/iop/iLink/IEEE1394_bd/src/scsi.c index 9f20df9e5fc9..dfca7f38ceb6 100644 --- a/iop/iLink/IEEE1394_bd/src/scsi.c +++ b/iop/iLink/IEEE1394_bd/src/scsi.c @@ -39,12 +39,22 @@ typedef struct _sense_data u8 res4[4]; } sense_data; -typedef struct _read_capacity_data +typedef struct _read_capacity10_data { u8 last_lba[4]; u8 block_length[4]; -} read_capacity_data; -static_assert(sizeof(read_capacity_data) == 8); +} read_capacity10_data; +static_assert(sizeof(read_capacity10_data) == 8); + +typedef struct _read_capacity16_data +{ + u8 last_lba_msb[4]; + u8 last_lba_lsb[4]; + u8 block_length[4]; + u8 args[4]; + u8 reserved[16]; +} read_capacity16_data; +static_assert(sizeof(read_capacity16_data) == 32); #define NUM_DEVICES 2 static struct block_device g_scsi_bd[NUM_DEVICES]; @@ -93,11 +103,25 @@ static int scsi_cmd_start_stop_unit(struct block_device *bd, u8 param) return scsi_cmd(bd, 0x1b, NULL, 0, param); } -static inline int scsi_cmd_read_capacity(struct block_device *bd, void *buffer, int size) +static inline int scsi_cmd_read_capacity10(struct block_device *bd, void *buffer, int buf_size) +{ + M_DEBUG("%s\n", __func__); + + return scsi_cmd(bd, 0x25, buffer, buf_size, 0); +} + +static inline int scsi_cmd_read_capacity16(struct block_device *bd, void *buffer, int buf_size) { + unsigned char comData[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + struct scsi_interface *scsi = (struct scsi_interface *)bd->priv; + M_DEBUG("%s\n", __func__); - return scsi_cmd(bd, 0x25, buffer, size, 0); + comData[0] = 0x9e; + comData[1] = 0x10; + comData[13] = buf_size; + + return scsi->queue_cmd(scsi, comData, 16, buffer, buf_size, 0); } static int scsi_cmd_rw_sector(struct block_device *bd, u64 lba, const void *buffer, unsigned short int sectorCount, unsigned int write) @@ -129,7 +153,6 @@ static int scsi_warmup(struct block_device *bd) struct scsi_interface *scsi = (struct scsi_interface *)bd->priv; inquiry_data id; sense_data sd; - read_capacity_data rcd; int stat; M_DEBUG("%s\n", __func__); @@ -169,16 +192,32 @@ static int scsi_warmup(struct block_device *bd) } } - memset(&rcd, 0, sizeof(read_capacity_data)); - if ((stat = scsi_cmd_read_capacity(bd, &rcd, sizeof(read_capacity_data))) != 0) { - M_PRINTF("ERROR: scsi_cmd_read_capacity %d\n", stat); + //* + read_capacity10_data rc10d; + memset(&rc10d, 0, sizeof(read_capacity10_data)); + if ((stat = scsi_cmd_read_capacity10(bd, &rc10d, sizeof(read_capacity10_data))) != 0) { + M_PRINTF("ERROR: scsi_cmd_read_capacity10 %d\n", stat); return -1; } - - bd->sectorSize = getBI32(&rcd.block_length); + bd->sectorCount = getBI32(&rc10d.last_lba); + bd->sectorSize = getBI32(&rc10d.block_length); bd->sectorOffset = 0; - bd->sectorCount = getBI32(&rcd.last_lba); - M_PRINTF("%lu %u-byte logical blocks: (%luMB / %luMiB)\n", (u32)bd->sectorCount, bd->sectorSize, (u32)bd->sectorCount / ((1000 * 1000) / bd->sectorSize), (u32)bd->sectorCount / ((1024 * 1024) / bd->sectorSize)); + /*/ + read_capacity16_data rc16d; + memset(&rc16d, 0, sizeof(read_capacity16_data)); + if ((stat = scsi_cmd_read_capacity16(bd, &rc16d, sizeof(read_capacity16_data))) != 0) { + M_PRINTF("ERROR: scsi_cmd_read_capacity16 %d\n", stat); + return -1; + } + bd->sectorCount = ((u64)getBI32(&rc16d.last_lba_msb) << 32) | (getBI32(&rc16d.last_lba_lsb)); + bd->sectorSize = getBI32(&rc16d.block_length); + bd->sectorOffset = 0; + //*/ + + u64 sectorCount = bd->sectorCount; + U64_2XU32(sectorCount); + M_PRINTF("0x%08x%08x %u-byte logical blocks: (%lu MB / %lu MiB)\n", sectorCount_u32[1], sectorCount_u32[0], bd->sectorSize, + (u32)(bd->sectorCount / ((1000 * 1000) / bd->sectorSize)), (u32)(bd->sectorCount / ((1024 * 1024) / bd->sectorSize))); return 0; }