Hi Ian,
While my job is no longer as a developer, I used to be a kernel-mode dev in the Windows storage stack (disk.sys, cdrom.sys, classpnp.sys), working closely with the file systems folks. More recently, I’ve also worked with hathach to make significant improvements to the tinyuf2 bootloader / ghostfat code. And I added a decoder for the 010 Editor
for FAT/exFAT. So… I have some good history in this space.
If I understand correctly, the existing (problematic) BP5 firmware exposed the mass storage device to the host (PC), while simultaneously also exposing the mass storage device to the firmware. Both the host and the firmware read the data, and generate a file system view of the data stored thereon.
As you have discovered, having this simultaneously exposed to both is going to be problematic for many reasons. The simplest solution is to choose one device to “own” the file system that’s on the mass storage device … but there are still edge cases to be cautious about.
Can you confirm that your solution is as follows?
- At boot, USB MSD is exposed as R/W (read/write) to the host.
- When a serial connection attaches, USB MSD ownership moves from host to firmware
- When serial connection closed, USB MSD ownership moves from firmware back to host
In addition, can you confirm a bit more detail on actions taken during those transitions?
Ownership transitions from firmware → host:
(E.g, when the serial connection is closed.)
Generally, the firmware unmounts the file system, and re-exposes the MSD to the host. This is done by allowing media commands to succeed (e.g., TEST_UNIT_READY, READ, WRITE, READ_CAPACITY, etc.). However, the exposure of the MSD to the host is deferred by at least one sense code error indicating that the media is not present (“latching the error”).
Ownership transitions from host → firmware
(E.g., when a serial connection is attached)
Generally, the firmware first notifies the host that the media was suddenly removed. This includes ensuring the host receives at least one error for a TEST_UNIT_READY, READ, WRITE, etc. that indicates that the media is not present (“latching the error”). This is intended to cause the host to invalidate any cached data (emulating ejection of the media).
Next post for additional thoughts
Presuming the above is substantially correct, see my next post for additional notes / questions.
Henry