Loading...
1/* Driver for SanDisk SDDR-09 SmartMedia reader
2 *
3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
5 * Developed with the assistance of:
6 * (c) 2002 Alan Stern <stern@rowland.org>
7 *
8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9 * This chip is a programmable USB controller. In the SDDR-09, it has
10 * been programmed to obey a certain limited set of SCSI commands.
11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12 * commands.
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2, or (at your option) any
17 * later version.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation, Inc.,
26 * 675 Mass Ave, Cambridge, MA 02139, USA.
27 */
28
29/*
30 * Known vendor commands: 12 bytes, first byte is opcode
31 *
32 * E7: read scatter gather
33 * E8: read
34 * E9: write
35 * EA: erase
36 * EB: reset
37 * EC: read status
38 * ED: read ID
39 * EE: write CIS (?)
40 * EF: compute checksum (?)
41 */
42
43#include <linux/errno.h>
44#include <linux/module.h>
45#include <linux/slab.h>
46
47#include <scsi/scsi.h>
48#include <scsi/scsi_cmnd.h>
49#include <scsi/scsi_device.h>
50
51#include "usb.h"
52#include "transport.h"
53#include "protocol.h"
54#include "debug.h"
55
56MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
57MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
58MODULE_LICENSE("GPL");
59
60static int usb_stor_sddr09_dpcm_init(struct us_data *us);
61static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
62static int usb_stor_sddr09_init(struct us_data *us);
63
64
65/*
66 * The table of devices
67 */
68#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
69 vendorName, productName, useProtocol, useTransport, \
70 initFunction, flags) \
71{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
72 .driver_info = (flags)|(USB_US_TYPE_STOR<<24) }
73
74struct usb_device_id sddr09_usb_ids[] = {
75# include "unusual_sddr09.h"
76 { } /* Terminating entry */
77};
78MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
79
80#undef UNUSUAL_DEV
81
82/*
83 * The flags table
84 */
85#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
86 vendor_name, product_name, use_protocol, use_transport, \
87 init_function, Flags) \
88{ \
89 .vendorName = vendor_name, \
90 .productName = product_name, \
91 .useProtocol = use_protocol, \
92 .useTransport = use_transport, \
93 .initFunction = init_function, \
94}
95
96static struct us_unusual_dev sddr09_unusual_dev_list[] = {
97# include "unusual_sddr09.h"
98 { } /* Terminating entry */
99};
100
101#undef UNUSUAL_DEV
102
103
104#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
105#define LSB_of(s) ((s)&0xFF)
106#define MSB_of(s) ((s)>>8)
107
108/* #define US_DEBUGP printk */
109
110/*
111 * First some stuff that does not belong here:
112 * data on SmartMedia and other cards, completely
113 * unrelated to this driver.
114 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
115 */
116
117struct nand_flash_dev {
118 int model_id;
119 int chipshift; /* 1<<cs bytes total capacity */
120 char pageshift; /* 1<<ps bytes in a page */
121 char blockshift; /* 1<<bs pages in an erase block */
122 char zoneshift; /* 1<<zs blocks in a zone */
123 /* # of logical blocks is 125/128 of this */
124 char pageadrlen; /* length of an address in bytes - 1 */
125};
126
127/*
128 * NAND Flash Manufacturer ID Codes
129 */
130#define NAND_MFR_AMD 0x01
131#define NAND_MFR_NATSEMI 0x8f
132#define NAND_MFR_TOSHIBA 0x98
133#define NAND_MFR_SAMSUNG 0xec
134
135static inline char *nand_flash_manufacturer(int manuf_id) {
136 switch(manuf_id) {
137 case NAND_MFR_AMD:
138 return "AMD";
139 case NAND_MFR_NATSEMI:
140 return "NATSEMI";
141 case NAND_MFR_TOSHIBA:
142 return "Toshiba";
143 case NAND_MFR_SAMSUNG:
144 return "Samsung";
145 default:
146 return "unknown";
147 }
148}
149
150/*
151 * It looks like it is unnecessary to attach manufacturer to the
152 * remaining data: SSFDC prescribes manufacturer-independent id codes.
153 *
154 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
155 */
156
157static struct nand_flash_dev nand_flash_ids[] = {
158 /* NAND flash */
159 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
160 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
161 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
162 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
163 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
164 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
165 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
166 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
167 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
168 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
169 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
170 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
171 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
172
173 /* MASK ROM */
174 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
175 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
176 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
177 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
178 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
179 { 0,}
180};
181
182static struct nand_flash_dev *
183nand_find_id(unsigned char id) {
184 int i;
185
186 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
187 if (nand_flash_ids[i].model_id == id)
188 return &(nand_flash_ids[i]);
189 return NULL;
190}
191
192/*
193 * ECC computation.
194 */
195static unsigned char parity[256];
196static unsigned char ecc2[256];
197
198static void nand_init_ecc(void) {
199 int i, j, a;
200
201 parity[0] = 0;
202 for (i = 1; i < 256; i++)
203 parity[i] = (parity[i&(i-1)] ^ 1);
204
205 for (i = 0; i < 256; i++) {
206 a = 0;
207 for (j = 0; j < 8; j++) {
208 if (i & (1<<j)) {
209 if ((j & 1) == 0)
210 a ^= 0x04;
211 if ((j & 2) == 0)
212 a ^= 0x10;
213 if ((j & 4) == 0)
214 a ^= 0x40;
215 }
216 }
217 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
218 }
219}
220
221/* compute 3-byte ecc on 256 bytes */
222static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
223 int i, j, a;
224 unsigned char par, bit, bits[8];
225
226 par = 0;
227 for (j = 0; j < 8; j++)
228 bits[j] = 0;
229
230 /* collect 16 checksum bits */
231 for (i = 0; i < 256; i++) {
232 par ^= data[i];
233 bit = parity[data[i]];
234 for (j = 0; j < 8; j++)
235 if ((i & (1<<j)) == 0)
236 bits[j] ^= bit;
237 }
238
239 /* put 4+4+4 = 12 bits in the ecc */
240 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
241 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
242
243 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
244 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
245
246 ecc[2] = ecc2[par];
247}
248
249static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
250 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
251}
252
253static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
254 memcpy(data, ecc, 3);
255}
256
257/*
258 * The actual driver starts here.
259 */
260
261struct sddr09_card_info {
262 unsigned long capacity; /* Size of card in bytes */
263 int pagesize; /* Size of page in bytes */
264 int pageshift; /* log2 of pagesize */
265 int blocksize; /* Size of block in pages */
266 int blockshift; /* log2 of blocksize */
267 int blockmask; /* 2^blockshift - 1 */
268 int *lba_to_pba; /* logical to physical map */
269 int *pba_to_lba; /* physical to logical map */
270 int lbact; /* number of available pages */
271 int flags;
272#define SDDR09_WP 1 /* write protected */
273};
274
275/*
276 * On my 16MB card, control blocks have size 64 (16 real control bytes,
277 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
278 * so the reader makes up the remaining 48. Don't know whether these numbers
279 * depend on the card. For now a constant.
280 */
281#define CONTROL_SHIFT 6
282
283/*
284 * On my Combo CF/SM reader, the SM reader has LUN 1.
285 * (and things fail with LUN 0).
286 * It seems LUN is irrelevant for others.
287 */
288#define LUN 1
289#define LUNBITS (LUN << 5)
290
291/*
292 * LBA and PBA are unsigned ints. Special values.
293 */
294#define UNDEF 0xffffffff
295#define SPARE 0xfffffffe
296#define UNUSABLE 0xfffffffd
297
298static const int erase_bad_lba_entries = 0;
299
300/* send vendor interface command (0x41) */
301/* called for requests 0, 1, 8 */
302static int
303sddr09_send_command(struct us_data *us,
304 unsigned char request,
305 unsigned char direction,
306 unsigned char *xfer_data,
307 unsigned int xfer_len) {
308 unsigned int pipe;
309 unsigned char requesttype = (0x41 | direction);
310 int rc;
311
312 // Get the receive or send control pipe number
313
314 if (direction == USB_DIR_IN)
315 pipe = us->recv_ctrl_pipe;
316 else
317 pipe = us->send_ctrl_pipe;
318
319 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
320 0, 0, xfer_data, xfer_len);
321 switch (rc) {
322 case USB_STOR_XFER_GOOD: return 0;
323 case USB_STOR_XFER_STALLED: return -EPIPE;
324 default: return -EIO;
325 }
326}
327
328static int
329sddr09_send_scsi_command(struct us_data *us,
330 unsigned char *command,
331 unsigned int command_len) {
332 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
333}
334
335#if 0
336/*
337 * Test Unit Ready Command: 12 bytes.
338 * byte 0: opcode: 00
339 */
340static int
341sddr09_test_unit_ready(struct us_data *us) {
342 unsigned char *command = us->iobuf;
343 int result;
344
345 memset(command, 0, 6);
346 command[1] = LUNBITS;
347
348 result = sddr09_send_scsi_command(us, command, 6);
349
350 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result);
351
352 return result;
353}
354#endif
355
356/*
357 * Request Sense Command: 12 bytes.
358 * byte 0: opcode: 03
359 * byte 4: data length
360 */
361static int
362sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
363 unsigned char *command = us->iobuf;
364 int result;
365
366 memset(command, 0, 12);
367 command[0] = 0x03;
368 command[1] = LUNBITS;
369 command[4] = buflen;
370
371 result = sddr09_send_scsi_command(us, command, 12);
372 if (result)
373 return result;
374
375 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
376 sensebuf, buflen, NULL);
377 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
378}
379
380/*
381 * Read Command: 12 bytes.
382 * byte 0: opcode: E8
383 * byte 1: last two bits: 00: read data, 01: read blockwise control,
384 * 10: read both, 11: read pagewise control.
385 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
386 * bytes 2-5: address (interpretation depends on byte 1, see below)
387 * bytes 10-11: count (idem)
388 *
389 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
390 * A read data command gets data in 512-byte pages.
391 * A read control command gets control in 64-byte chunks.
392 * A read both command gets data+control in 576-byte chunks.
393 *
394 * Blocks are groups of 32 pages, and read blockwise control jumps to the
395 * next block, while read pagewise control jumps to the next page after
396 * reading a group of 64 control bytes.
397 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
398 *
399 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
400 */
401
402static int
403sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
404 int nr_of_pages, int bulklen, unsigned char *buf,
405 int use_sg) {
406
407 unsigned char *command = us->iobuf;
408 int result;
409
410 command[0] = 0xE8;
411 command[1] = LUNBITS | x;
412 command[2] = MSB_of(fromaddress>>16);
413 command[3] = LSB_of(fromaddress>>16);
414 command[4] = MSB_of(fromaddress & 0xFFFF);
415 command[5] = LSB_of(fromaddress & 0xFFFF);
416 command[6] = 0;
417 command[7] = 0;
418 command[8] = 0;
419 command[9] = 0;
420 command[10] = MSB_of(nr_of_pages);
421 command[11] = LSB_of(nr_of_pages);
422
423 result = sddr09_send_scsi_command(us, command, 12);
424
425 if (result) {
426 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n",
427 x, result);
428 return result;
429 }
430
431 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
432 buf, bulklen, use_sg, NULL);
433
434 if (result != USB_STOR_XFER_GOOD) {
435 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n",
436 x, result);
437 return -EIO;
438 }
439 return 0;
440}
441
442/*
443 * Read Data
444 *
445 * fromaddress counts data shorts:
446 * increasing it by 256 shifts the bytestream by 512 bytes;
447 * the last 8 bits are ignored.
448 *
449 * nr_of_pages counts pages of size (1 << pageshift).
450 */
451static int
452sddr09_read20(struct us_data *us, unsigned long fromaddress,
453 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
454 int bulklen = nr_of_pages << pageshift;
455
456 /* The last 8 bits of fromaddress are ignored. */
457 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
458 buf, use_sg);
459}
460
461/*
462 * Read Blockwise Control
463 *
464 * fromaddress gives the starting position (as in read data;
465 * the last 8 bits are ignored); increasing it by 32*256 shifts
466 * the output stream by 64 bytes.
467 *
468 * count counts control groups of size (1 << controlshift).
469 * For me, controlshift = 6. Is this constant?
470 *
471 * After getting one control group, jump to the next block
472 * (fromaddress += 8192).
473 */
474static int
475sddr09_read21(struct us_data *us, unsigned long fromaddress,
476 int count, int controlshift, unsigned char *buf, int use_sg) {
477
478 int bulklen = (count << controlshift);
479 return sddr09_readX(us, 1, fromaddress, count, bulklen,
480 buf, use_sg);
481}
482
483/*
484 * Read both Data and Control
485 *
486 * fromaddress counts data shorts, ignoring control:
487 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
488 * the last 8 bits are ignored.
489 *
490 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
491 */
492static int
493sddr09_read22(struct us_data *us, unsigned long fromaddress,
494 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
495
496 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
497 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n",
498 nr_of_pages, bulklen);
499 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
500 buf, use_sg);
501}
502
503#if 0
504/*
505 * Read Pagewise Control
506 *
507 * fromaddress gives the starting position (as in read data;
508 * the last 8 bits are ignored); increasing it by 256 shifts
509 * the output stream by 64 bytes.
510 *
511 * count counts control groups of size (1 << controlshift).
512 * For me, controlshift = 6. Is this constant?
513 *
514 * After getting one control group, jump to the next page
515 * (fromaddress += 256).
516 */
517static int
518sddr09_read23(struct us_data *us, unsigned long fromaddress,
519 int count, int controlshift, unsigned char *buf, int use_sg) {
520
521 int bulklen = (count << controlshift);
522 return sddr09_readX(us, 3, fromaddress, count, bulklen,
523 buf, use_sg);
524}
525#endif
526
527/*
528 * Erase Command: 12 bytes.
529 * byte 0: opcode: EA
530 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
531 *
532 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
533 * The byte address being erased is 2*Eaddress.
534 * The CIS cannot be erased.
535 */
536static int
537sddr09_erase(struct us_data *us, unsigned long Eaddress) {
538 unsigned char *command = us->iobuf;
539 int result;
540
541 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress);
542
543 memset(command, 0, 12);
544 command[0] = 0xEA;
545 command[1] = LUNBITS;
546 command[6] = MSB_of(Eaddress>>16);
547 command[7] = LSB_of(Eaddress>>16);
548 command[8] = MSB_of(Eaddress & 0xFFFF);
549 command[9] = LSB_of(Eaddress & 0xFFFF);
550
551 result = sddr09_send_scsi_command(us, command, 12);
552
553 if (result)
554 US_DEBUGP("Result for send_control in sddr09_erase %d\n",
555 result);
556
557 return result;
558}
559
560/*
561 * Write CIS Command: 12 bytes.
562 * byte 0: opcode: EE
563 * bytes 2-5: write address in shorts
564 * bytes 10-11: sector count
565 *
566 * This writes at the indicated address. Don't know how it differs
567 * from E9. Maybe it does not erase? However, it will also write to
568 * the CIS.
569 *
570 * When two such commands on the same page follow each other directly,
571 * the second one is not done.
572 */
573
574/*
575 * Write Command: 12 bytes.
576 * byte 0: opcode: E9
577 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
578 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
579 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
580 *
581 * If write address equals erase address, the erase is done first,
582 * otherwise the write is done first. When erase address equals zero
583 * no erase is done?
584 */
585static int
586sddr09_writeX(struct us_data *us,
587 unsigned long Waddress, unsigned long Eaddress,
588 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
589
590 unsigned char *command = us->iobuf;
591 int result;
592
593 command[0] = 0xE9;
594 command[1] = LUNBITS;
595
596 command[2] = MSB_of(Waddress>>16);
597 command[3] = LSB_of(Waddress>>16);
598 command[4] = MSB_of(Waddress & 0xFFFF);
599 command[5] = LSB_of(Waddress & 0xFFFF);
600
601 command[6] = MSB_of(Eaddress>>16);
602 command[7] = LSB_of(Eaddress>>16);
603 command[8] = MSB_of(Eaddress & 0xFFFF);
604 command[9] = LSB_of(Eaddress & 0xFFFF);
605
606 command[10] = MSB_of(nr_of_pages);
607 command[11] = LSB_of(nr_of_pages);
608
609 result = sddr09_send_scsi_command(us, command, 12);
610
611 if (result) {
612 US_DEBUGP("Result for send_control in sddr09_writeX %d\n",
613 result);
614 return result;
615 }
616
617 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
618 buf, bulklen, use_sg, NULL);
619
620 if (result != USB_STOR_XFER_GOOD) {
621 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n",
622 result);
623 return -EIO;
624 }
625 return 0;
626}
627
628/* erase address, write same address */
629static int
630sddr09_write_inplace(struct us_data *us, unsigned long address,
631 int nr_of_pages, int pageshift, unsigned char *buf,
632 int use_sg) {
633 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
634 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
635 buf, use_sg);
636}
637
638#if 0
639/*
640 * Read Scatter Gather Command: 3+4n bytes.
641 * byte 0: opcode E7
642 * byte 2: n
643 * bytes 4i-1,4i,4i+1: page address
644 * byte 4i+2: page count
645 * (i=1..n)
646 *
647 * This reads several pages from the card to a single memory buffer.
648 * The last two bits of byte 1 have the same meaning as for E8.
649 */
650static int
651sddr09_read_sg_test_only(struct us_data *us) {
652 unsigned char *command = us->iobuf;
653 int result, bulklen, nsg, ct;
654 unsigned char *buf;
655 unsigned long address;
656
657 nsg = bulklen = 0;
658 command[0] = 0xE7;
659 command[1] = LUNBITS;
660 command[2] = 0;
661 address = 040000; ct = 1;
662 nsg++;
663 bulklen += (ct << 9);
664 command[4*nsg+2] = ct;
665 command[4*nsg+1] = ((address >> 9) & 0xFF);
666 command[4*nsg+0] = ((address >> 17) & 0xFF);
667 command[4*nsg-1] = ((address >> 25) & 0xFF);
668
669 address = 0340000; ct = 1;
670 nsg++;
671 bulklen += (ct << 9);
672 command[4*nsg+2] = ct;
673 command[4*nsg+1] = ((address >> 9) & 0xFF);
674 command[4*nsg+0] = ((address >> 17) & 0xFF);
675 command[4*nsg-1] = ((address >> 25) & 0xFF);
676
677 address = 01000000; ct = 2;
678 nsg++;
679 bulklen += (ct << 9);
680 command[4*nsg+2] = ct;
681 command[4*nsg+1] = ((address >> 9) & 0xFF);
682 command[4*nsg+0] = ((address >> 17) & 0xFF);
683 command[4*nsg-1] = ((address >> 25) & 0xFF);
684
685 command[2] = nsg;
686
687 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
688
689 if (result) {
690 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n",
691 result);
692 return result;
693 }
694
695 buf = kmalloc(bulklen, GFP_NOIO);
696 if (!buf)
697 return -ENOMEM;
698
699 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
700 buf, bulklen, NULL);
701 kfree(buf);
702 if (result != USB_STOR_XFER_GOOD) {
703 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n",
704 result);
705 return -EIO;
706 }
707
708 return 0;
709}
710#endif
711
712/*
713 * Read Status Command: 12 bytes.
714 * byte 0: opcode: EC
715 *
716 * Returns 64 bytes, all zero except for the first.
717 * bit 0: 1: Error
718 * bit 5: 1: Suspended
719 * bit 6: 1: Ready
720 * bit 7: 1: Not write-protected
721 */
722
723static int
724sddr09_read_status(struct us_data *us, unsigned char *status) {
725
726 unsigned char *command = us->iobuf;
727 unsigned char *data = us->iobuf;
728 int result;
729
730 US_DEBUGP("Reading status...\n");
731
732 memset(command, 0, 12);
733 command[0] = 0xEC;
734 command[1] = LUNBITS;
735
736 result = sddr09_send_scsi_command(us, command, 12);
737 if (result)
738 return result;
739
740 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
741 data, 64, NULL);
742 *status = data[0];
743 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
744}
745
746static int
747sddr09_read_data(struct us_data *us,
748 unsigned long address,
749 unsigned int sectors) {
750
751 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
752 unsigned char *buffer;
753 unsigned int lba, maxlba, pba;
754 unsigned int page, pages;
755 unsigned int len, offset;
756 struct scatterlist *sg;
757 int result;
758
759 // Figure out the initial LBA and page
760 lba = address >> info->blockshift;
761 page = (address & info->blockmask);
762 maxlba = info->capacity >> (info->pageshift + info->blockshift);
763 if (lba >= maxlba)
764 return -EIO;
765
766 // Since we only read in one block at a time, we have to create
767 // a bounce buffer and move the data a piece at a time between the
768 // bounce buffer and the actual transfer buffer.
769
770 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
771 buffer = kmalloc(len, GFP_NOIO);
772 if (buffer == NULL) {
773 printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
774 return -ENOMEM;
775 }
776
777 // This could be made much more efficient by checking for
778 // contiguous LBA's. Another exercise left to the student.
779
780 result = 0;
781 offset = 0;
782 sg = NULL;
783
784 while (sectors > 0) {
785
786 /* Find number of pages we can read in this block */
787 pages = min(sectors, info->blocksize - page);
788 len = pages << info->pageshift;
789
790 /* Not overflowing capacity? */
791 if (lba >= maxlba) {
792 US_DEBUGP("Error: Requested lba %u exceeds "
793 "maximum %u\n", lba, maxlba);
794 result = -EIO;
795 break;
796 }
797
798 /* Find where this lba lives on disk */
799 pba = info->lba_to_pba[lba];
800
801 if (pba == UNDEF) { /* this lba was never written */
802
803 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n",
804 pages, lba, page);
805
806 /* This is not really an error. It just means
807 that the block has never been written.
808 Instead of returning an error
809 it is better to return all zero data. */
810
811 memset(buffer, 0, len);
812
813 } else {
814 US_DEBUGP("Read %d pages, from PBA %d"
815 " (LBA %d) page %d\n",
816 pages, pba, lba, page);
817
818 address = ((pba << info->blockshift) + page) <<
819 info->pageshift;
820
821 result = sddr09_read20(us, address>>1,
822 pages, info->pageshift, buffer, 0);
823 if (result)
824 break;
825 }
826
827 // Store the data in the transfer buffer
828 usb_stor_access_xfer_buf(buffer, len, us->srb,
829 &sg, &offset, TO_XFER_BUF);
830
831 page = 0;
832 lba++;
833 sectors -= pages;
834 }
835
836 kfree(buffer);
837 return result;
838}
839
840static unsigned int
841sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
842 static unsigned int lastpba = 1;
843 int zonestart, end, i;
844
845 zonestart = (lba/1000) << 10;
846 end = info->capacity >> (info->blockshift + info->pageshift);
847 end -= zonestart;
848 if (end > 1024)
849 end = 1024;
850
851 for (i = lastpba+1; i < end; i++) {
852 if (info->pba_to_lba[zonestart+i] == UNDEF) {
853 lastpba = i;
854 return zonestart+i;
855 }
856 }
857 for (i = 0; i <= lastpba; i++) {
858 if (info->pba_to_lba[zonestart+i] == UNDEF) {
859 lastpba = i;
860 return zonestart+i;
861 }
862 }
863 return 0;
864}
865
866static int
867sddr09_write_lba(struct us_data *us, unsigned int lba,
868 unsigned int page, unsigned int pages,
869 unsigned char *ptr, unsigned char *blockbuffer) {
870
871 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
872 unsigned long address;
873 unsigned int pba, lbap;
874 unsigned int pagelen;
875 unsigned char *bptr, *cptr, *xptr;
876 unsigned char ecc[3];
877 int i, result, isnew;
878
879 lbap = ((lba % 1000) << 1) | 0x1000;
880 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
881 lbap ^= 1;
882 pba = info->lba_to_pba[lba];
883 isnew = 0;
884
885 if (pba == UNDEF) {
886 pba = sddr09_find_unused_pba(info, lba);
887 if (!pba) {
888 printk(KERN_WARNING
889 "sddr09_write_lba: Out of unused blocks\n");
890 return -ENOSPC;
891 }
892 info->pba_to_lba[pba] = lba;
893 info->lba_to_pba[lba] = pba;
894 isnew = 1;
895 }
896
897 if (pba == 1) {
898 /* Maybe it is impossible to write to PBA 1.
899 Fake success, but don't do anything. */
900 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
901 return 0;
902 }
903
904 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
905
906 /* read old contents */
907 address = (pba << (info->pageshift + info->blockshift));
908 result = sddr09_read22(us, address>>1, info->blocksize,
909 info->pageshift, blockbuffer, 0);
910 if (result)
911 return result;
912
913 /* check old contents and fill lba */
914 for (i = 0; i < info->blocksize; i++) {
915 bptr = blockbuffer + i*pagelen;
916 cptr = bptr + info->pagesize;
917 nand_compute_ecc(bptr, ecc);
918 if (!nand_compare_ecc(cptr+13, ecc)) {
919 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n",
920 i, pba);
921 nand_store_ecc(cptr+13, ecc);
922 }
923 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
924 if (!nand_compare_ecc(cptr+8, ecc)) {
925 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n",
926 i, pba);
927 nand_store_ecc(cptr+8, ecc);
928 }
929 cptr[6] = cptr[11] = MSB_of(lbap);
930 cptr[7] = cptr[12] = LSB_of(lbap);
931 }
932
933 /* copy in new stuff and compute ECC */
934 xptr = ptr;
935 for (i = page; i < page+pages; i++) {
936 bptr = blockbuffer + i*pagelen;
937 cptr = bptr + info->pagesize;
938 memcpy(bptr, xptr, info->pagesize);
939 xptr += info->pagesize;
940 nand_compute_ecc(bptr, ecc);
941 nand_store_ecc(cptr+13, ecc);
942 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
943 nand_store_ecc(cptr+8, ecc);
944 }
945
946 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba);
947
948 result = sddr09_write_inplace(us, address>>1, info->blocksize,
949 info->pageshift, blockbuffer, 0);
950
951 US_DEBUGP("sddr09_write_inplace returns %d\n", result);
952
953#if 0
954 {
955 unsigned char status = 0;
956 int result2 = sddr09_read_status(us, &status);
957 if (result2)
958 US_DEBUGP("sddr09_write_inplace: cannot read status\n");
959 else if (status != 0xc0)
960 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n",
961 status);
962 }
963#endif
964
965#if 0
966 {
967 int result2 = sddr09_test_unit_ready(us);
968 }
969#endif
970
971 return result;
972}
973
974static int
975sddr09_write_data(struct us_data *us,
976 unsigned long address,
977 unsigned int sectors) {
978
979 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
980 unsigned int lba, maxlba, page, pages;
981 unsigned int pagelen, blocklen;
982 unsigned char *blockbuffer;
983 unsigned char *buffer;
984 unsigned int len, offset;
985 struct scatterlist *sg;
986 int result;
987
988 // Figure out the initial LBA and page
989 lba = address >> info->blockshift;
990 page = (address & info->blockmask);
991 maxlba = info->capacity >> (info->pageshift + info->blockshift);
992 if (lba >= maxlba)
993 return -EIO;
994
995 // blockbuffer is used for reading in the old data, overwriting
996 // with the new data, and performing ECC calculations
997
998 /* TODO: instead of doing kmalloc/kfree for each write,
999 add a bufferpointer to the info structure */
1000
1001 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
1002 blocklen = (pagelen << info->blockshift);
1003 blockbuffer = kmalloc(blocklen, GFP_NOIO);
1004 if (!blockbuffer) {
1005 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1006 return -ENOMEM;
1007 }
1008
1009 // Since we don't write the user data directly to the device,
1010 // we have to create a bounce buffer and move the data a piece
1011 // at a time between the bounce buffer and the actual transfer buffer.
1012
1013 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1014 buffer = kmalloc(len, GFP_NOIO);
1015 if (buffer == NULL) {
1016 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1017 kfree(blockbuffer);
1018 return -ENOMEM;
1019 }
1020
1021 result = 0;
1022 offset = 0;
1023 sg = NULL;
1024
1025 while (sectors > 0) {
1026
1027 // Write as many sectors as possible in this block
1028
1029 pages = min(sectors, info->blocksize - page);
1030 len = (pages << info->pageshift);
1031
1032 /* Not overflowing capacity? */
1033 if (lba >= maxlba) {
1034 US_DEBUGP("Error: Requested lba %u exceeds "
1035 "maximum %u\n", lba, maxlba);
1036 result = -EIO;
1037 break;
1038 }
1039
1040 // Get the data from the transfer buffer
1041 usb_stor_access_xfer_buf(buffer, len, us->srb,
1042 &sg, &offset, FROM_XFER_BUF);
1043
1044 result = sddr09_write_lba(us, lba, page, pages,
1045 buffer, blockbuffer);
1046 if (result)
1047 break;
1048
1049 page = 0;
1050 lba++;
1051 sectors -= pages;
1052 }
1053
1054 kfree(buffer);
1055 kfree(blockbuffer);
1056
1057 return result;
1058}
1059
1060static int
1061sddr09_read_control(struct us_data *us,
1062 unsigned long address,
1063 unsigned int blocks,
1064 unsigned char *content,
1065 int use_sg) {
1066
1067 US_DEBUGP("Read control address %lu, blocks %d\n",
1068 address, blocks);
1069
1070 return sddr09_read21(us, address, blocks,
1071 CONTROL_SHIFT, content, use_sg);
1072}
1073
1074/*
1075 * Read Device ID Command: 12 bytes.
1076 * byte 0: opcode: ED
1077 *
1078 * Returns 2 bytes: Manufacturer ID and Device ID.
1079 * On more recent cards 3 bytes: the third byte is an option code A5
1080 * signifying that the secret command to read an 128-bit ID is available.
1081 * On still more recent cards 4 bytes: the fourth byte C0 means that
1082 * a second read ID cmd is available.
1083 */
1084static int
1085sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1086 unsigned char *command = us->iobuf;
1087 unsigned char *content = us->iobuf;
1088 int result, i;
1089
1090 memset(command, 0, 12);
1091 command[0] = 0xED;
1092 command[1] = LUNBITS;
1093
1094 result = sddr09_send_scsi_command(us, command, 12);
1095 if (result)
1096 return result;
1097
1098 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1099 content, 64, NULL);
1100
1101 for (i = 0; i < 4; i++)
1102 deviceID[i] = content[i];
1103
1104 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1105}
1106
1107static int
1108sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1109 int result;
1110 unsigned char status;
1111
1112 result = sddr09_read_status(us, &status);
1113 if (result) {
1114 US_DEBUGP("sddr09_get_wp: read_status fails\n");
1115 return result;
1116 }
1117 US_DEBUGP("sddr09_get_wp: status 0x%02X", status);
1118 if ((status & 0x80) == 0) {
1119 info->flags |= SDDR09_WP; /* write protected */
1120 US_DEBUGP(" WP");
1121 }
1122 if (status & 0x40)
1123 US_DEBUGP(" Ready");
1124 if (status & LUNBITS)
1125 US_DEBUGP(" Suspended");
1126 if (status & 0x1)
1127 US_DEBUGP(" Error");
1128 US_DEBUGP("\n");
1129 return 0;
1130}
1131
1132#if 0
1133/*
1134 * Reset Command: 12 bytes.
1135 * byte 0: opcode: EB
1136 */
1137static int
1138sddr09_reset(struct us_data *us) {
1139
1140 unsigned char *command = us->iobuf;
1141
1142 memset(command, 0, 12);
1143 command[0] = 0xEB;
1144 command[1] = LUNBITS;
1145
1146 return sddr09_send_scsi_command(us, command, 12);
1147}
1148#endif
1149
1150static struct nand_flash_dev *
1151sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1152 struct nand_flash_dev *cardinfo;
1153 unsigned char deviceID[4];
1154 char blurbtxt[256];
1155 int result;
1156
1157 US_DEBUGP("Reading capacity...\n");
1158
1159 result = sddr09_read_deviceID(us, deviceID);
1160
1161 if (result) {
1162 US_DEBUGP("Result of read_deviceID is %d\n", result);
1163 printk(KERN_WARNING "sddr09: could not read card info\n");
1164 return NULL;
1165 }
1166
1167 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1168 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1169
1170 /* Byte 0 is the manufacturer */
1171 sprintf(blurbtxt + strlen(blurbtxt),
1172 ": Manuf. %s",
1173 nand_flash_manufacturer(deviceID[0]));
1174
1175 /* Byte 1 is the device type */
1176 cardinfo = nand_find_id(deviceID[1]);
1177 if (cardinfo) {
1178 /* MB or MiB? It is neither. A 16 MB card has
1179 17301504 raw bytes, of which 16384000 are
1180 usable for user data. */
1181 sprintf(blurbtxt + strlen(blurbtxt),
1182 ", %d MB", 1<<(cardinfo->chipshift - 20));
1183 } else {
1184 sprintf(blurbtxt + strlen(blurbtxt),
1185 ", type unrecognized");
1186 }
1187
1188 /* Byte 2 is code to signal availability of 128-bit ID */
1189 if (deviceID[2] == 0xa5) {
1190 sprintf(blurbtxt + strlen(blurbtxt),
1191 ", 128-bit ID");
1192 }
1193
1194 /* Byte 3 announces the availability of another read ID command */
1195 if (deviceID[3] == 0xc0) {
1196 sprintf(blurbtxt + strlen(blurbtxt),
1197 ", extra cmd");
1198 }
1199
1200 if (flags & SDDR09_WP)
1201 sprintf(blurbtxt + strlen(blurbtxt),
1202 ", WP");
1203
1204 printk(KERN_WARNING "%s\n", blurbtxt);
1205
1206 return cardinfo;
1207}
1208
1209static int
1210sddr09_read_map(struct us_data *us) {
1211
1212 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1213 int numblocks, alloc_len, alloc_blocks;
1214 int i, j, result;
1215 unsigned char *buffer, *buffer_end, *ptr;
1216 unsigned int lba, lbact;
1217
1218 if (!info->capacity)
1219 return -1;
1220
1221 // size of a block is 1 << (blockshift + pageshift) bytes
1222 // divide into the total capacity to get the number of blocks
1223
1224 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1225
1226 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1227 // but only use a 64 KB buffer
1228 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1229#define SDDR09_READ_MAP_BUFSZ 65536
1230
1231 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1232 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1233 buffer = kmalloc(alloc_len, GFP_NOIO);
1234 if (buffer == NULL) {
1235 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1236 result = -1;
1237 goto done;
1238 }
1239 buffer_end = buffer + alloc_len;
1240
1241#undef SDDR09_READ_MAP_BUFSZ
1242
1243 kfree(info->lba_to_pba);
1244 kfree(info->pba_to_lba);
1245 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1246 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1247
1248 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1249 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1250 result = -1;
1251 goto done;
1252 }
1253
1254 for (i = 0; i < numblocks; i++)
1255 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1256
1257 /*
1258 * Define lba-pba translation table
1259 */
1260
1261 ptr = buffer_end;
1262 for (i = 0; i < numblocks; i++) {
1263 ptr += (1 << CONTROL_SHIFT);
1264 if (ptr >= buffer_end) {
1265 unsigned long address;
1266
1267 address = i << (info->pageshift + info->blockshift);
1268 result = sddr09_read_control(
1269 us, address>>1,
1270 min(alloc_blocks, numblocks - i),
1271 buffer, 0);
1272 if (result) {
1273 result = -1;
1274 goto done;
1275 }
1276 ptr = buffer;
1277 }
1278
1279 if (i == 0 || i == 1) {
1280 info->pba_to_lba[i] = UNUSABLE;
1281 continue;
1282 }
1283
1284 /* special PBAs have control field 0^16 */
1285 for (j = 0; j < 16; j++)
1286 if (ptr[j] != 0)
1287 goto nonz;
1288 info->pba_to_lba[i] = UNUSABLE;
1289 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1290 i);
1291 continue;
1292
1293 nonz:
1294 /* unwritten PBAs have control field FF^16 */
1295 for (j = 0; j < 16; j++)
1296 if (ptr[j] != 0xff)
1297 goto nonff;
1298 continue;
1299
1300 nonff:
1301 /* normal PBAs start with six FFs */
1302 if (j < 6) {
1303 printk(KERN_WARNING
1304 "sddr09: PBA %d has no logical mapping: "
1305 "reserved area = %02X%02X%02X%02X "
1306 "data status %02X block status %02X\n",
1307 i, ptr[0], ptr[1], ptr[2], ptr[3],
1308 ptr[4], ptr[5]);
1309 info->pba_to_lba[i] = UNUSABLE;
1310 continue;
1311 }
1312
1313 if ((ptr[6] >> 4) != 0x01) {
1314 printk(KERN_WARNING
1315 "sddr09: PBA %d has invalid address field "
1316 "%02X%02X/%02X%02X\n",
1317 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1318 info->pba_to_lba[i] = UNUSABLE;
1319 continue;
1320 }
1321
1322 /* check even parity */
1323 if (parity[ptr[6] ^ ptr[7]]) {
1324 printk(KERN_WARNING
1325 "sddr09: Bad parity in LBA for block %d"
1326 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1327 info->pba_to_lba[i] = UNUSABLE;
1328 continue;
1329 }
1330
1331 lba = short_pack(ptr[7], ptr[6]);
1332 lba = (lba & 0x07FF) >> 1;
1333
1334 /*
1335 * Every 1024 physical blocks ("zone"), the LBA numbers
1336 * go back to zero, but are within a higher block of LBA's.
1337 * Also, there is a maximum of 1000 LBA's per zone.
1338 * In other words, in PBA 1024-2047 you will find LBA 0-999
1339 * which are really LBA 1000-1999. This allows for 24 bad
1340 * or special physical blocks per zone.
1341 */
1342
1343 if (lba >= 1000) {
1344 printk(KERN_WARNING
1345 "sddr09: Bad low LBA %d for block %d\n",
1346 lba, i);
1347 goto possibly_erase;
1348 }
1349
1350 lba += 1000*(i/0x400);
1351
1352 if (info->lba_to_pba[lba] != UNDEF) {
1353 printk(KERN_WARNING
1354 "sddr09: LBA %d seen for PBA %d and %d\n",
1355 lba, info->lba_to_pba[lba], i);
1356 goto possibly_erase;
1357 }
1358
1359 info->pba_to_lba[i] = lba;
1360 info->lba_to_pba[lba] = i;
1361 continue;
1362
1363 possibly_erase:
1364 if (erase_bad_lba_entries) {
1365 unsigned long address;
1366
1367 address = (i << (info->pageshift + info->blockshift));
1368 sddr09_erase(us, address>>1);
1369 info->pba_to_lba[i] = UNDEF;
1370 } else
1371 info->pba_to_lba[i] = UNUSABLE;
1372 }
1373
1374 /*
1375 * Approximate capacity. This is not entirely correct yet,
1376 * since a zone with less than 1000 usable pages leads to
1377 * missing LBAs. Especially if it is the last zone, some
1378 * LBAs can be past capacity.
1379 */
1380 lbact = 0;
1381 for (i = 0; i < numblocks; i += 1024) {
1382 int ct = 0;
1383
1384 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1385 if (info->pba_to_lba[i+j] != UNUSABLE) {
1386 if (ct >= 1000)
1387 info->pba_to_lba[i+j] = SPARE;
1388 else
1389 ct++;
1390 }
1391 }
1392 lbact += ct;
1393 }
1394 info->lbact = lbact;
1395 US_DEBUGP("Found %d LBA's\n", lbact);
1396 result = 0;
1397
1398 done:
1399 if (result != 0) {
1400 kfree(info->lba_to_pba);
1401 kfree(info->pba_to_lba);
1402 info->lba_to_pba = NULL;
1403 info->pba_to_lba = NULL;
1404 }
1405 kfree(buffer);
1406 return result;
1407}
1408
1409static void
1410sddr09_card_info_destructor(void *extra) {
1411 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1412
1413 if (!info)
1414 return;
1415
1416 kfree(info->lba_to_pba);
1417 kfree(info->pba_to_lba);
1418}
1419
1420static int
1421sddr09_common_init(struct us_data *us) {
1422 int result;
1423
1424 /* set the configuration -- STALL is an acceptable response here */
1425 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1426 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev
1427 ->actconfig->desc.bConfigurationValue);
1428 return -EINVAL;
1429 }
1430
1431 result = usb_reset_configuration(us->pusb_dev);
1432 US_DEBUGP("Result of usb_reset_configuration is %d\n", result);
1433 if (result == -EPIPE) {
1434 US_DEBUGP("-- stall on control interface\n");
1435 } else if (result != 0) {
1436 /* it's not a stall, but another error -- time to bail */
1437 US_DEBUGP("-- Unknown error. Rejecting device\n");
1438 return -EINVAL;
1439 }
1440
1441 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1442 if (!us->extra)
1443 return -ENOMEM;
1444 us->extra_destructor = sddr09_card_info_destructor;
1445
1446 nand_init_ecc();
1447 return 0;
1448}
1449
1450
1451/*
1452 * This is needed at a very early stage. If this is not listed in the
1453 * unusual devices list but called from here then LUN 0 of the combo reader
1454 * is not recognized. But I do not know what precisely these calls do.
1455 */
1456static int
1457usb_stor_sddr09_dpcm_init(struct us_data *us) {
1458 int result;
1459 unsigned char *data = us->iobuf;
1460
1461 result = sddr09_common_init(us);
1462 if (result)
1463 return result;
1464
1465 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1466 if (result) {
1467 US_DEBUGP("sddr09_init: send_command fails\n");
1468 return result;
1469 }
1470
1471 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1472 // get 07 02
1473
1474 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1475 if (result) {
1476 US_DEBUGP("sddr09_init: 2nd send_command fails\n");
1477 return result;
1478 }
1479
1480 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1481 // get 07 00
1482
1483 result = sddr09_request_sense(us, data, 18);
1484 if (result == 0 && data[2] != 0) {
1485 int j;
1486 for (j=0; j<18; j++)
1487 printk(" %02X", data[j]);
1488 printk("\n");
1489 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1490 // 70: current command
1491 // sense key 0, sense code 0, extd sense code 0
1492 // additional transfer length * = sizeof(data) - 7
1493 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1494 // sense key 06, sense code 28: unit attention,
1495 // not ready to ready transition
1496 }
1497
1498 // test unit ready
1499
1500 return 0; /* not result */
1501}
1502
1503/*
1504 * Transport for the Microtech DPCM-USB
1505 */
1506static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1507{
1508 int ret;
1509
1510 US_DEBUGP("dpcm_transport: LUN=%d\n", srb->device->lun);
1511
1512 switch (srb->device->lun) {
1513 case 0:
1514
1515 /*
1516 * LUN 0 corresponds to the CompactFlash card reader.
1517 */
1518 ret = usb_stor_CB_transport(srb, us);
1519 break;
1520
1521 case 1:
1522
1523 /*
1524 * LUN 1 corresponds to the SmartMedia card reader.
1525 */
1526
1527 /*
1528 * Set the LUN to 0 (just in case).
1529 */
1530 srb->device->lun = 0;
1531 ret = sddr09_transport(srb, us);
1532 srb->device->lun = 1;
1533 break;
1534
1535 default:
1536 US_DEBUGP("dpcm_transport: Invalid LUN %d\n",
1537 srb->device->lun);
1538 ret = USB_STOR_TRANSPORT_ERROR;
1539 break;
1540 }
1541 return ret;
1542}
1543
1544
1545/*
1546 * Transport for the Sandisk SDDR-09
1547 */
1548static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1549{
1550 static unsigned char sensekey = 0, sensecode = 0;
1551 static unsigned char havefakesense = 0;
1552 int result, i;
1553 unsigned char *ptr = us->iobuf;
1554 unsigned long capacity;
1555 unsigned int page, pages;
1556
1557 struct sddr09_card_info *info;
1558
1559 static unsigned char inquiry_response[8] = {
1560 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1561 };
1562
1563 /* note: no block descriptor support */
1564 static unsigned char mode_page_01[19] = {
1565 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1566 0x01, 0x0A,
1567 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1568 };
1569
1570 info = (struct sddr09_card_info *)us->extra;
1571
1572 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1573 /* for a faked command, we have to follow with a faked sense */
1574 memset(ptr, 0, 18);
1575 ptr[0] = 0x70;
1576 ptr[2] = sensekey;
1577 ptr[7] = 11;
1578 ptr[12] = sensecode;
1579 usb_stor_set_xfer_buf(ptr, 18, srb);
1580 sensekey = sensecode = havefakesense = 0;
1581 return USB_STOR_TRANSPORT_GOOD;
1582 }
1583
1584 havefakesense = 1;
1585
1586 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1587 respond to INQUIRY commands */
1588
1589 if (srb->cmnd[0] == INQUIRY) {
1590 memcpy(ptr, inquiry_response, 8);
1591 fill_inquiry_response(us, ptr, 36);
1592 return USB_STOR_TRANSPORT_GOOD;
1593 }
1594
1595 if (srb->cmnd[0] == READ_CAPACITY) {
1596 struct nand_flash_dev *cardinfo;
1597
1598 sddr09_get_wp(us, info); /* read WP bit */
1599
1600 cardinfo = sddr09_get_cardinfo(us, info->flags);
1601 if (!cardinfo) {
1602 /* probably no media */
1603 init_error:
1604 sensekey = 0x02; /* not ready */
1605 sensecode = 0x3a; /* medium not present */
1606 return USB_STOR_TRANSPORT_FAILED;
1607 }
1608
1609 info->capacity = (1 << cardinfo->chipshift);
1610 info->pageshift = cardinfo->pageshift;
1611 info->pagesize = (1 << info->pageshift);
1612 info->blockshift = cardinfo->blockshift;
1613 info->blocksize = (1 << info->blockshift);
1614 info->blockmask = info->blocksize - 1;
1615
1616 // map initialization, must follow get_cardinfo()
1617 if (sddr09_read_map(us)) {
1618 /* probably out of memory */
1619 goto init_error;
1620 }
1621
1622 // Report capacity
1623
1624 capacity = (info->lbact << info->blockshift) - 1;
1625
1626 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1627
1628 // Report page size
1629
1630 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1631 usb_stor_set_xfer_buf(ptr, 8, srb);
1632
1633 return USB_STOR_TRANSPORT_GOOD;
1634 }
1635
1636 if (srb->cmnd[0] == MODE_SENSE_10) {
1637 int modepage = (srb->cmnd[2] & 0x3F);
1638
1639 /* They ask for the Read/Write error recovery page,
1640 or for all pages. */
1641 /* %% We should check DBD %% */
1642 if (modepage == 0x01 || modepage == 0x3F) {
1643 US_DEBUGP("SDDR09: Dummy up request for "
1644 "mode page 0x%x\n", modepage);
1645
1646 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1647 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1648 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1649 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1650 return USB_STOR_TRANSPORT_GOOD;
1651 }
1652
1653 sensekey = 0x05; /* illegal request */
1654 sensecode = 0x24; /* invalid field in CDB */
1655 return USB_STOR_TRANSPORT_FAILED;
1656 }
1657
1658 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1659 return USB_STOR_TRANSPORT_GOOD;
1660
1661 havefakesense = 0;
1662
1663 if (srb->cmnd[0] == READ_10) {
1664
1665 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1666 page <<= 16;
1667 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1668 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1669
1670 US_DEBUGP("READ_10: read page %d pagect %d\n",
1671 page, pages);
1672
1673 result = sddr09_read_data(us, page, pages);
1674 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1675 USB_STOR_TRANSPORT_ERROR);
1676 }
1677
1678 if (srb->cmnd[0] == WRITE_10) {
1679
1680 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1681 page <<= 16;
1682 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1683 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1684
1685 US_DEBUGP("WRITE_10: write page %d pagect %d\n",
1686 page, pages);
1687
1688 result = sddr09_write_data(us, page, pages);
1689 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1690 USB_STOR_TRANSPORT_ERROR);
1691 }
1692
1693 /* catch-all for all other commands, except
1694 * pass TEST_UNIT_READY and REQUEST_SENSE through
1695 */
1696 if (srb->cmnd[0] != TEST_UNIT_READY &&
1697 srb->cmnd[0] != REQUEST_SENSE) {
1698 sensekey = 0x05; /* illegal request */
1699 sensecode = 0x20; /* invalid command */
1700 havefakesense = 1;
1701 return USB_STOR_TRANSPORT_FAILED;
1702 }
1703
1704 for (; srb->cmd_len<12; srb->cmd_len++)
1705 srb->cmnd[srb->cmd_len] = 0;
1706
1707 srb->cmnd[1] = LUNBITS;
1708
1709 ptr[0] = 0;
1710 for (i=0; i<12; i++)
1711 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1712
1713 US_DEBUGP("SDDR09: Send control for command %s\n", ptr);
1714
1715 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1716 if (result) {
1717 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command "
1718 "returns %d\n", result);
1719 return USB_STOR_TRANSPORT_ERROR;
1720 }
1721
1722 if (scsi_bufflen(srb) == 0)
1723 return USB_STOR_TRANSPORT_GOOD;
1724
1725 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1726 srb->sc_data_direction == DMA_FROM_DEVICE) {
1727 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1728 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1729
1730 US_DEBUGP("SDDR09: %s %d bytes\n",
1731 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1732 "sending" : "receiving",
1733 scsi_bufflen(srb));
1734
1735 result = usb_stor_bulk_srb(us, pipe, srb);
1736
1737 return (result == USB_STOR_XFER_GOOD ?
1738 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1739 }
1740
1741 return USB_STOR_TRANSPORT_GOOD;
1742}
1743
1744/*
1745 * Initialization routine for the sddr09 subdriver
1746 */
1747static int
1748usb_stor_sddr09_init(struct us_data *us) {
1749 return sddr09_common_init(us);
1750}
1751
1752static int sddr09_probe(struct usb_interface *intf,
1753 const struct usb_device_id *id)
1754{
1755 struct us_data *us;
1756 int result;
1757
1758 result = usb_stor_probe1(&us, intf, id,
1759 (id - sddr09_usb_ids) + sddr09_unusual_dev_list);
1760 if (result)
1761 return result;
1762
1763 if (us->protocol == USB_PR_DPCM_USB) {
1764 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1765 us->transport = dpcm_transport;
1766 us->transport_reset = usb_stor_CB_reset;
1767 us->max_lun = 1;
1768 } else {
1769 us->transport_name = "EUSB/SDDR09";
1770 us->transport = sddr09_transport;
1771 us->transport_reset = usb_stor_CB_reset;
1772 us->max_lun = 0;
1773 }
1774
1775 result = usb_stor_probe2(us);
1776 return result;
1777}
1778
1779static struct usb_driver sddr09_driver = {
1780 .name = "ums-sddr09",
1781 .probe = sddr09_probe,
1782 .disconnect = usb_stor_disconnect,
1783 .suspend = usb_stor_suspend,
1784 .resume = usb_stor_resume,
1785 .reset_resume = usb_stor_reset_resume,
1786 .pre_reset = usb_stor_pre_reset,
1787 .post_reset = usb_stor_post_reset,
1788 .id_table = sddr09_usb_ids,
1789 .soft_unbind = 1,
1790};
1791
1792static int __init sddr09_init(void)
1793{
1794 return usb_register(&sddr09_driver);
1795}
1796
1797static void __exit sddr09_exit(void)
1798{
1799 usb_deregister(&sddr09_driver);
1800}
1801
1802module_init(sddr09_init);
1803module_exit(sddr09_exit);
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Driver for SanDisk SDDR-09 SmartMedia reader
4 *
5 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
6 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
7 * Developed with the assistance of:
8 * (c) 2002 Alan Stern <stern@rowland.org>
9 *
10 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
11 * This chip is a programmable USB controller. In the SDDR-09, it has
12 * been programmed to obey a certain limited set of SCSI commands.
13 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
14 * commands.
15 */
16
17/*
18 * Known vendor commands: 12 bytes, first byte is opcode
19 *
20 * E7: read scatter gather
21 * E8: read
22 * E9: write
23 * EA: erase
24 * EB: reset
25 * EC: read status
26 * ED: read ID
27 * EE: write CIS (?)
28 * EF: compute checksum (?)
29 */
30
31#include <linux/errno.h>
32#include <linux/module.h>
33#include <linux/slab.h>
34
35#include <scsi/scsi.h>
36#include <scsi/scsi_cmnd.h>
37#include <scsi/scsi_device.h>
38
39#include "usb.h"
40#include "transport.h"
41#include "protocol.h"
42#include "debug.h"
43#include "scsiglue.h"
44
45#define DRV_NAME "ums-sddr09"
46
47MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
48MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
49MODULE_LICENSE("GPL");
50
51static int usb_stor_sddr09_dpcm_init(struct us_data *us);
52static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
53static int usb_stor_sddr09_init(struct us_data *us);
54
55
56/*
57 * The table of devices
58 */
59#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
60 vendorName, productName, useProtocol, useTransport, \
61 initFunction, flags) \
62{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
63 .driver_info = (flags) }
64
65static struct usb_device_id sddr09_usb_ids[] = {
66# include "unusual_sddr09.h"
67 { } /* Terminating entry */
68};
69MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
70
71#undef UNUSUAL_DEV
72
73/*
74 * The flags table
75 */
76#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
77 vendor_name, product_name, use_protocol, use_transport, \
78 init_function, Flags) \
79{ \
80 .vendorName = vendor_name, \
81 .productName = product_name, \
82 .useProtocol = use_protocol, \
83 .useTransport = use_transport, \
84 .initFunction = init_function, \
85}
86
87static struct us_unusual_dev sddr09_unusual_dev_list[] = {
88# include "unusual_sddr09.h"
89 { } /* Terminating entry */
90};
91
92#undef UNUSUAL_DEV
93
94
95#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
96#define LSB_of(s) ((s)&0xFF)
97#define MSB_of(s) ((s)>>8)
98
99/*
100 * First some stuff that does not belong here:
101 * data on SmartMedia and other cards, completely
102 * unrelated to this driver.
103 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
104 */
105
106struct nand_flash_dev {
107 int model_id;
108 int chipshift; /* 1<<cs bytes total capacity */
109 char pageshift; /* 1<<ps bytes in a page */
110 char blockshift; /* 1<<bs pages in an erase block */
111 char zoneshift; /* 1<<zs blocks in a zone */
112 /* # of logical blocks is 125/128 of this */
113 char pageadrlen; /* length of an address in bytes - 1 */
114};
115
116/*
117 * NAND Flash Manufacturer ID Codes
118 */
119#define NAND_MFR_AMD 0x01
120#define NAND_MFR_NATSEMI 0x8f
121#define NAND_MFR_TOSHIBA 0x98
122#define NAND_MFR_SAMSUNG 0xec
123
124static inline char *nand_flash_manufacturer(int manuf_id) {
125 switch(manuf_id) {
126 case NAND_MFR_AMD:
127 return "AMD";
128 case NAND_MFR_NATSEMI:
129 return "NATSEMI";
130 case NAND_MFR_TOSHIBA:
131 return "Toshiba";
132 case NAND_MFR_SAMSUNG:
133 return "Samsung";
134 default:
135 return "unknown";
136 }
137}
138
139/*
140 * It looks like it is unnecessary to attach manufacturer to the
141 * remaining data: SSFDC prescribes manufacturer-independent id codes.
142 *
143 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
144 */
145
146static struct nand_flash_dev nand_flash_ids[] = {
147 /* NAND flash */
148 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
149 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
150 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
151 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
152 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
153 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
154 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
155 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
156 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
157 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
158 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
159 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
160 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
161
162 /* MASK ROM */
163 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
164 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
165 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
166 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
167 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
168 { 0,}
169};
170
171static struct nand_flash_dev *
172nand_find_id(unsigned char id) {
173 int i;
174
175 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
176 if (nand_flash_ids[i].model_id == id)
177 return &(nand_flash_ids[i]);
178 return NULL;
179}
180
181/*
182 * ECC computation.
183 */
184static unsigned char parity[256];
185static unsigned char ecc2[256];
186
187static void nand_init_ecc(void) {
188 int i, j, a;
189
190 parity[0] = 0;
191 for (i = 1; i < 256; i++)
192 parity[i] = (parity[i&(i-1)] ^ 1);
193
194 for (i = 0; i < 256; i++) {
195 a = 0;
196 for (j = 0; j < 8; j++) {
197 if (i & (1<<j)) {
198 if ((j & 1) == 0)
199 a ^= 0x04;
200 if ((j & 2) == 0)
201 a ^= 0x10;
202 if ((j & 4) == 0)
203 a ^= 0x40;
204 }
205 }
206 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
207 }
208}
209
210/* compute 3-byte ecc on 256 bytes */
211static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
212 int i, j, a;
213 unsigned char par = 0, bit, bits[8] = {0};
214
215 /* collect 16 checksum bits */
216 for (i = 0; i < 256; i++) {
217 par ^= data[i];
218 bit = parity[data[i]];
219 for (j = 0; j < 8; j++)
220 if ((i & (1<<j)) == 0)
221 bits[j] ^= bit;
222 }
223
224 /* put 4+4+4 = 12 bits in the ecc */
225 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
226 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
227
228 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
229 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
230
231 ecc[2] = ecc2[par];
232}
233
234static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
235 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
236}
237
238static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
239 memcpy(data, ecc, 3);
240}
241
242/*
243 * The actual driver starts here.
244 */
245
246struct sddr09_card_info {
247 unsigned long capacity; /* Size of card in bytes */
248 int pagesize; /* Size of page in bytes */
249 int pageshift; /* log2 of pagesize */
250 int blocksize; /* Size of block in pages */
251 int blockshift; /* log2 of blocksize */
252 int blockmask; /* 2^blockshift - 1 */
253 int *lba_to_pba; /* logical to physical map */
254 int *pba_to_lba; /* physical to logical map */
255 int lbact; /* number of available pages */
256 int flags;
257#define SDDR09_WP 1 /* write protected */
258};
259
260/*
261 * On my 16MB card, control blocks have size 64 (16 real control bytes,
262 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
263 * so the reader makes up the remaining 48. Don't know whether these numbers
264 * depend on the card. For now a constant.
265 */
266#define CONTROL_SHIFT 6
267
268/*
269 * On my Combo CF/SM reader, the SM reader has LUN 1.
270 * (and things fail with LUN 0).
271 * It seems LUN is irrelevant for others.
272 */
273#define LUN 1
274#define LUNBITS (LUN << 5)
275
276/*
277 * LBA and PBA are unsigned ints. Special values.
278 */
279#define UNDEF 0xffffffff
280#define SPARE 0xfffffffe
281#define UNUSABLE 0xfffffffd
282
283static const int erase_bad_lba_entries = 0;
284
285/* send vendor interface command (0x41) */
286/* called for requests 0, 1, 8 */
287static int
288sddr09_send_command(struct us_data *us,
289 unsigned char request,
290 unsigned char direction,
291 unsigned char *xfer_data,
292 unsigned int xfer_len) {
293 unsigned int pipe;
294 unsigned char requesttype = (0x41 | direction);
295 int rc;
296
297 // Get the receive or send control pipe number
298
299 if (direction == USB_DIR_IN)
300 pipe = us->recv_ctrl_pipe;
301 else
302 pipe = us->send_ctrl_pipe;
303
304 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
305 0, 0, xfer_data, xfer_len);
306 switch (rc) {
307 case USB_STOR_XFER_GOOD: return 0;
308 case USB_STOR_XFER_STALLED: return -EPIPE;
309 default: return -EIO;
310 }
311}
312
313static int
314sddr09_send_scsi_command(struct us_data *us,
315 unsigned char *command,
316 unsigned int command_len) {
317 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
318}
319
320#if 0
321/*
322 * Test Unit Ready Command: 12 bytes.
323 * byte 0: opcode: 00
324 */
325static int
326sddr09_test_unit_ready(struct us_data *us) {
327 unsigned char *command = us->iobuf;
328 int result;
329
330 memset(command, 0, 6);
331 command[1] = LUNBITS;
332
333 result = sddr09_send_scsi_command(us, command, 6);
334
335 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
336
337 return result;
338}
339#endif
340
341/*
342 * Request Sense Command: 12 bytes.
343 * byte 0: opcode: 03
344 * byte 4: data length
345 */
346static int
347sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
348 unsigned char *command = us->iobuf;
349 int result;
350
351 memset(command, 0, 12);
352 command[0] = 0x03;
353 command[1] = LUNBITS;
354 command[4] = buflen;
355
356 result = sddr09_send_scsi_command(us, command, 12);
357 if (result)
358 return result;
359
360 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
361 sensebuf, buflen, NULL);
362 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
363}
364
365/*
366 * Read Command: 12 bytes.
367 * byte 0: opcode: E8
368 * byte 1: last two bits: 00: read data, 01: read blockwise control,
369 * 10: read both, 11: read pagewise control.
370 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
371 * bytes 2-5: address (interpretation depends on byte 1, see below)
372 * bytes 10-11: count (idem)
373 *
374 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
375 * A read data command gets data in 512-byte pages.
376 * A read control command gets control in 64-byte chunks.
377 * A read both command gets data+control in 576-byte chunks.
378 *
379 * Blocks are groups of 32 pages, and read blockwise control jumps to the
380 * next block, while read pagewise control jumps to the next page after
381 * reading a group of 64 control bytes.
382 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
383 *
384 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
385 */
386
387static int
388sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
389 int nr_of_pages, int bulklen, unsigned char *buf,
390 int use_sg) {
391
392 unsigned char *command = us->iobuf;
393 int result;
394
395 command[0] = 0xE8;
396 command[1] = LUNBITS | x;
397 command[2] = MSB_of(fromaddress>>16);
398 command[3] = LSB_of(fromaddress>>16);
399 command[4] = MSB_of(fromaddress & 0xFFFF);
400 command[5] = LSB_of(fromaddress & 0xFFFF);
401 command[6] = 0;
402 command[7] = 0;
403 command[8] = 0;
404 command[9] = 0;
405 command[10] = MSB_of(nr_of_pages);
406 command[11] = LSB_of(nr_of_pages);
407
408 result = sddr09_send_scsi_command(us, command, 12);
409
410 if (result) {
411 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
412 x, result);
413 return result;
414 }
415
416 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
417 buf, bulklen, use_sg, NULL);
418
419 if (result != USB_STOR_XFER_GOOD) {
420 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
421 x, result);
422 return -EIO;
423 }
424 return 0;
425}
426
427/*
428 * Read Data
429 *
430 * fromaddress counts data shorts:
431 * increasing it by 256 shifts the bytestream by 512 bytes;
432 * the last 8 bits are ignored.
433 *
434 * nr_of_pages counts pages of size (1 << pageshift).
435 */
436static int
437sddr09_read20(struct us_data *us, unsigned long fromaddress,
438 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
439 int bulklen = nr_of_pages << pageshift;
440
441 /* The last 8 bits of fromaddress are ignored. */
442 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
443 buf, use_sg);
444}
445
446/*
447 * Read Blockwise Control
448 *
449 * fromaddress gives the starting position (as in read data;
450 * the last 8 bits are ignored); increasing it by 32*256 shifts
451 * the output stream by 64 bytes.
452 *
453 * count counts control groups of size (1 << controlshift).
454 * For me, controlshift = 6. Is this constant?
455 *
456 * After getting one control group, jump to the next block
457 * (fromaddress += 8192).
458 */
459static int
460sddr09_read21(struct us_data *us, unsigned long fromaddress,
461 int count, int controlshift, unsigned char *buf, int use_sg) {
462
463 int bulklen = (count << controlshift);
464 return sddr09_readX(us, 1, fromaddress, count, bulklen,
465 buf, use_sg);
466}
467
468/*
469 * Read both Data and Control
470 *
471 * fromaddress counts data shorts, ignoring control:
472 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
473 * the last 8 bits are ignored.
474 *
475 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
476 */
477static int
478sddr09_read22(struct us_data *us, unsigned long fromaddress,
479 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
480
481 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
482 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
483 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
484 buf, use_sg);
485}
486
487#if 0
488/*
489 * Read Pagewise Control
490 *
491 * fromaddress gives the starting position (as in read data;
492 * the last 8 bits are ignored); increasing it by 256 shifts
493 * the output stream by 64 bytes.
494 *
495 * count counts control groups of size (1 << controlshift).
496 * For me, controlshift = 6. Is this constant?
497 *
498 * After getting one control group, jump to the next page
499 * (fromaddress += 256).
500 */
501static int
502sddr09_read23(struct us_data *us, unsigned long fromaddress,
503 int count, int controlshift, unsigned char *buf, int use_sg) {
504
505 int bulklen = (count << controlshift);
506 return sddr09_readX(us, 3, fromaddress, count, bulklen,
507 buf, use_sg);
508}
509#endif
510
511/*
512 * Erase Command: 12 bytes.
513 * byte 0: opcode: EA
514 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
515 *
516 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
517 * The byte address being erased is 2*Eaddress.
518 * The CIS cannot be erased.
519 */
520static int
521sddr09_erase(struct us_data *us, unsigned long Eaddress) {
522 unsigned char *command = us->iobuf;
523 int result;
524
525 usb_stor_dbg(us, "erase address %lu\n", Eaddress);
526
527 memset(command, 0, 12);
528 command[0] = 0xEA;
529 command[1] = LUNBITS;
530 command[6] = MSB_of(Eaddress>>16);
531 command[7] = LSB_of(Eaddress>>16);
532 command[8] = MSB_of(Eaddress & 0xFFFF);
533 command[9] = LSB_of(Eaddress & 0xFFFF);
534
535 result = sddr09_send_scsi_command(us, command, 12);
536
537 if (result)
538 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
539 result);
540
541 return result;
542}
543
544/*
545 * Write CIS Command: 12 bytes.
546 * byte 0: opcode: EE
547 * bytes 2-5: write address in shorts
548 * bytes 10-11: sector count
549 *
550 * This writes at the indicated address. Don't know how it differs
551 * from E9. Maybe it does not erase? However, it will also write to
552 * the CIS.
553 *
554 * When two such commands on the same page follow each other directly,
555 * the second one is not done.
556 */
557
558/*
559 * Write Command: 12 bytes.
560 * byte 0: opcode: E9
561 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
562 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
563 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
564 *
565 * If write address equals erase address, the erase is done first,
566 * otherwise the write is done first. When erase address equals zero
567 * no erase is done?
568 */
569static int
570sddr09_writeX(struct us_data *us,
571 unsigned long Waddress, unsigned long Eaddress,
572 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
573
574 unsigned char *command = us->iobuf;
575 int result;
576
577 command[0] = 0xE9;
578 command[1] = LUNBITS;
579
580 command[2] = MSB_of(Waddress>>16);
581 command[3] = LSB_of(Waddress>>16);
582 command[4] = MSB_of(Waddress & 0xFFFF);
583 command[5] = LSB_of(Waddress & 0xFFFF);
584
585 command[6] = MSB_of(Eaddress>>16);
586 command[7] = LSB_of(Eaddress>>16);
587 command[8] = MSB_of(Eaddress & 0xFFFF);
588 command[9] = LSB_of(Eaddress & 0xFFFF);
589
590 command[10] = MSB_of(nr_of_pages);
591 command[11] = LSB_of(nr_of_pages);
592
593 result = sddr09_send_scsi_command(us, command, 12);
594
595 if (result) {
596 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
597 result);
598 return result;
599 }
600
601 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
602 buf, bulklen, use_sg, NULL);
603
604 if (result != USB_STOR_XFER_GOOD) {
605 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
606 result);
607 return -EIO;
608 }
609 return 0;
610}
611
612/* erase address, write same address */
613static int
614sddr09_write_inplace(struct us_data *us, unsigned long address,
615 int nr_of_pages, int pageshift, unsigned char *buf,
616 int use_sg) {
617 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
618 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
619 buf, use_sg);
620}
621
622#if 0
623/*
624 * Read Scatter Gather Command: 3+4n bytes.
625 * byte 0: opcode E7
626 * byte 2: n
627 * bytes 4i-1,4i,4i+1: page address
628 * byte 4i+2: page count
629 * (i=1..n)
630 *
631 * This reads several pages from the card to a single memory buffer.
632 * The last two bits of byte 1 have the same meaning as for E8.
633 */
634static int
635sddr09_read_sg_test_only(struct us_data *us) {
636 unsigned char *command = us->iobuf;
637 int result, bulklen, nsg, ct;
638 unsigned char *buf;
639 unsigned long address;
640
641 nsg = bulklen = 0;
642 command[0] = 0xE7;
643 command[1] = LUNBITS;
644 command[2] = 0;
645 address = 040000; ct = 1;
646 nsg++;
647 bulklen += (ct << 9);
648 command[4*nsg+2] = ct;
649 command[4*nsg+1] = ((address >> 9) & 0xFF);
650 command[4*nsg+0] = ((address >> 17) & 0xFF);
651 command[4*nsg-1] = ((address >> 25) & 0xFF);
652
653 address = 0340000; ct = 1;
654 nsg++;
655 bulklen += (ct << 9);
656 command[4*nsg+2] = ct;
657 command[4*nsg+1] = ((address >> 9) & 0xFF);
658 command[4*nsg+0] = ((address >> 17) & 0xFF);
659 command[4*nsg-1] = ((address >> 25) & 0xFF);
660
661 address = 01000000; ct = 2;
662 nsg++;
663 bulklen += (ct << 9);
664 command[4*nsg+2] = ct;
665 command[4*nsg+1] = ((address >> 9) & 0xFF);
666 command[4*nsg+0] = ((address >> 17) & 0xFF);
667 command[4*nsg-1] = ((address >> 25) & 0xFF);
668
669 command[2] = nsg;
670
671 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
672
673 if (result) {
674 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
675 result);
676 return result;
677 }
678
679 buf = kmalloc(bulklen, GFP_NOIO);
680 if (!buf)
681 return -ENOMEM;
682
683 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
684 buf, bulklen, NULL);
685 kfree(buf);
686 if (result != USB_STOR_XFER_GOOD) {
687 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
688 result);
689 return -EIO;
690 }
691
692 return 0;
693}
694#endif
695
696/*
697 * Read Status Command: 12 bytes.
698 * byte 0: opcode: EC
699 *
700 * Returns 64 bytes, all zero except for the first.
701 * bit 0: 1: Error
702 * bit 5: 1: Suspended
703 * bit 6: 1: Ready
704 * bit 7: 1: Not write-protected
705 */
706
707static int
708sddr09_read_status(struct us_data *us, unsigned char *status) {
709
710 unsigned char *command = us->iobuf;
711 unsigned char *data = us->iobuf;
712 int result;
713
714 usb_stor_dbg(us, "Reading status...\n");
715
716 memset(command, 0, 12);
717 command[0] = 0xEC;
718 command[1] = LUNBITS;
719
720 result = sddr09_send_scsi_command(us, command, 12);
721 if (result)
722 return result;
723
724 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
725 data, 64, NULL);
726 *status = data[0];
727 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
728}
729
730static int
731sddr09_read_data(struct us_data *us,
732 unsigned long address,
733 unsigned int sectors) {
734
735 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
736 unsigned char *buffer;
737 unsigned int lba, maxlba, pba;
738 unsigned int page, pages;
739 unsigned int len, offset;
740 struct scatterlist *sg;
741 int result;
742
743 // Figure out the initial LBA and page
744 lba = address >> info->blockshift;
745 page = (address & info->blockmask);
746 maxlba = info->capacity >> (info->pageshift + info->blockshift);
747 if (lba >= maxlba)
748 return -EIO;
749
750 // Since we only read in one block at a time, we have to create
751 // a bounce buffer and move the data a piece at a time between the
752 // bounce buffer and the actual transfer buffer.
753
754 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
755 buffer = kmalloc(len, GFP_NOIO);
756 if (!buffer)
757 return -ENOMEM;
758
759 // This could be made much more efficient by checking for
760 // contiguous LBA's. Another exercise left to the student.
761
762 result = 0;
763 offset = 0;
764 sg = NULL;
765
766 while (sectors > 0) {
767
768 /* Find number of pages we can read in this block */
769 pages = min(sectors, info->blocksize - page);
770 len = pages << info->pageshift;
771
772 /* Not overflowing capacity? */
773 if (lba >= maxlba) {
774 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
775 lba, maxlba);
776 result = -EIO;
777 break;
778 }
779
780 /* Find where this lba lives on disk */
781 pba = info->lba_to_pba[lba];
782
783 if (pba == UNDEF) { /* this lba was never written */
784
785 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
786 pages, lba, page);
787
788 /*
789 * This is not really an error. It just means
790 * that the block has never been written.
791 * Instead of returning an error
792 * it is better to return all zero data.
793 */
794
795 memset(buffer, 0, len);
796
797 } else {
798 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
799 pages, pba, lba, page);
800
801 address = ((pba << info->blockshift) + page) <<
802 info->pageshift;
803
804 result = sddr09_read20(us, address>>1,
805 pages, info->pageshift, buffer, 0);
806 if (result)
807 break;
808 }
809
810 // Store the data in the transfer buffer
811 usb_stor_access_xfer_buf(buffer, len, us->srb,
812 &sg, &offset, TO_XFER_BUF);
813
814 page = 0;
815 lba++;
816 sectors -= pages;
817 }
818
819 kfree(buffer);
820 return result;
821}
822
823static unsigned int
824sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
825 static unsigned int lastpba = 1;
826 int zonestart, end, i;
827
828 zonestart = (lba/1000) << 10;
829 end = info->capacity >> (info->blockshift + info->pageshift);
830 end -= zonestart;
831 if (end > 1024)
832 end = 1024;
833
834 for (i = lastpba+1; i < end; i++) {
835 if (info->pba_to_lba[zonestart+i] == UNDEF) {
836 lastpba = i;
837 return zonestart+i;
838 }
839 }
840 for (i = 0; i <= lastpba; i++) {
841 if (info->pba_to_lba[zonestart+i] == UNDEF) {
842 lastpba = i;
843 return zonestart+i;
844 }
845 }
846 return 0;
847}
848
849static int
850sddr09_write_lba(struct us_data *us, unsigned int lba,
851 unsigned int page, unsigned int pages,
852 unsigned char *ptr, unsigned char *blockbuffer) {
853
854 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
855 unsigned long address;
856 unsigned int pba, lbap;
857 unsigned int pagelen;
858 unsigned char *bptr, *cptr, *xptr;
859 unsigned char ecc[3];
860 int i, result;
861
862 lbap = ((lba % 1000) << 1) | 0x1000;
863 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
864 lbap ^= 1;
865 pba = info->lba_to_pba[lba];
866
867 if (pba == UNDEF) {
868 pba = sddr09_find_unused_pba(info, lba);
869 if (!pba) {
870 printk(KERN_WARNING
871 "sddr09_write_lba: Out of unused blocks\n");
872 return -ENOSPC;
873 }
874 info->pba_to_lba[pba] = lba;
875 info->lba_to_pba[lba] = pba;
876 }
877
878 if (pba == 1) {
879 /*
880 * Maybe it is impossible to write to PBA 1.
881 * Fake success, but don't do anything.
882 */
883 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
884 return 0;
885 }
886
887 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
888
889 /* read old contents */
890 address = (pba << (info->pageshift + info->blockshift));
891 result = sddr09_read22(us, address>>1, info->blocksize,
892 info->pageshift, blockbuffer, 0);
893 if (result)
894 return result;
895
896 /* check old contents and fill lba */
897 for (i = 0; i < info->blocksize; i++) {
898 bptr = blockbuffer + i*pagelen;
899 cptr = bptr + info->pagesize;
900 nand_compute_ecc(bptr, ecc);
901 if (!nand_compare_ecc(cptr+13, ecc)) {
902 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
903 i, pba);
904 nand_store_ecc(cptr+13, ecc);
905 }
906 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
907 if (!nand_compare_ecc(cptr+8, ecc)) {
908 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
909 i, pba);
910 nand_store_ecc(cptr+8, ecc);
911 }
912 cptr[6] = cptr[11] = MSB_of(lbap);
913 cptr[7] = cptr[12] = LSB_of(lbap);
914 }
915
916 /* copy in new stuff and compute ECC */
917 xptr = ptr;
918 for (i = page; i < page+pages; i++) {
919 bptr = blockbuffer + i*pagelen;
920 cptr = bptr + info->pagesize;
921 memcpy(bptr, xptr, info->pagesize);
922 xptr += info->pagesize;
923 nand_compute_ecc(bptr, ecc);
924 nand_store_ecc(cptr+13, ecc);
925 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
926 nand_store_ecc(cptr+8, ecc);
927 }
928
929 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
930
931 result = sddr09_write_inplace(us, address>>1, info->blocksize,
932 info->pageshift, blockbuffer, 0);
933
934 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
935
936#if 0
937 {
938 unsigned char status = 0;
939 int result2 = sddr09_read_status(us, &status);
940 if (result2)
941 usb_stor_dbg(us, "cannot read status\n");
942 else if (status != 0xc0)
943 usb_stor_dbg(us, "status after write: 0x%x\n", status);
944 }
945#endif
946
947#if 0
948 {
949 int result2 = sddr09_test_unit_ready(us);
950 }
951#endif
952
953 return result;
954}
955
956static int
957sddr09_write_data(struct us_data *us,
958 unsigned long address,
959 unsigned int sectors) {
960
961 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
962 unsigned int lba, maxlba, page, pages;
963 unsigned int pagelen, blocklen;
964 unsigned char *blockbuffer;
965 unsigned char *buffer;
966 unsigned int len, offset;
967 struct scatterlist *sg;
968 int result;
969
970 /* Figure out the initial LBA and page */
971 lba = address >> info->blockshift;
972 page = (address & info->blockmask);
973 maxlba = info->capacity >> (info->pageshift + info->blockshift);
974 if (lba >= maxlba)
975 return -EIO;
976
977 /*
978 * blockbuffer is used for reading in the old data, overwriting
979 * with the new data, and performing ECC calculations
980 */
981
982 /*
983 * TODO: instead of doing kmalloc/kfree for each write,
984 * add a bufferpointer to the info structure
985 */
986
987 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
988 blocklen = (pagelen << info->blockshift);
989 blockbuffer = kmalloc(blocklen, GFP_NOIO);
990 if (!blockbuffer)
991 return -ENOMEM;
992
993 /*
994 * Since we don't write the user data directly to the device,
995 * we have to create a bounce buffer and move the data a piece
996 * at a time between the bounce buffer and the actual transfer buffer.
997 */
998
999 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1000 buffer = kmalloc(len, GFP_NOIO);
1001 if (!buffer) {
1002 kfree(blockbuffer);
1003 return -ENOMEM;
1004 }
1005
1006 result = 0;
1007 offset = 0;
1008 sg = NULL;
1009
1010 while (sectors > 0) {
1011
1012 /* Write as many sectors as possible in this block */
1013
1014 pages = min(sectors, info->blocksize - page);
1015 len = (pages << info->pageshift);
1016
1017 /* Not overflowing capacity? */
1018 if (lba >= maxlba) {
1019 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1020 lba, maxlba);
1021 result = -EIO;
1022 break;
1023 }
1024
1025 /* Get the data from the transfer buffer */
1026 usb_stor_access_xfer_buf(buffer, len, us->srb,
1027 &sg, &offset, FROM_XFER_BUF);
1028
1029 result = sddr09_write_lba(us, lba, page, pages,
1030 buffer, blockbuffer);
1031 if (result)
1032 break;
1033
1034 page = 0;
1035 lba++;
1036 sectors -= pages;
1037 }
1038
1039 kfree(buffer);
1040 kfree(blockbuffer);
1041
1042 return result;
1043}
1044
1045static int
1046sddr09_read_control(struct us_data *us,
1047 unsigned long address,
1048 unsigned int blocks,
1049 unsigned char *content,
1050 int use_sg) {
1051
1052 usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1053 address, blocks);
1054
1055 return sddr09_read21(us, address, blocks,
1056 CONTROL_SHIFT, content, use_sg);
1057}
1058
1059/*
1060 * Read Device ID Command: 12 bytes.
1061 * byte 0: opcode: ED
1062 *
1063 * Returns 2 bytes: Manufacturer ID and Device ID.
1064 * On more recent cards 3 bytes: the third byte is an option code A5
1065 * signifying that the secret command to read an 128-bit ID is available.
1066 * On still more recent cards 4 bytes: the fourth byte C0 means that
1067 * a second read ID cmd is available.
1068 */
1069static int
1070sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1071 unsigned char *command = us->iobuf;
1072 unsigned char *content = us->iobuf;
1073 int result, i;
1074
1075 memset(command, 0, 12);
1076 command[0] = 0xED;
1077 command[1] = LUNBITS;
1078
1079 result = sddr09_send_scsi_command(us, command, 12);
1080 if (result)
1081 return result;
1082
1083 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1084 content, 64, NULL);
1085
1086 for (i = 0; i < 4; i++)
1087 deviceID[i] = content[i];
1088
1089 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1090}
1091
1092static int
1093sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1094 int result;
1095 unsigned char status;
1096 const char *wp_fmt;
1097
1098 result = sddr09_read_status(us, &status);
1099 if (result) {
1100 usb_stor_dbg(us, "read_status fails\n");
1101 return result;
1102 }
1103 if ((status & 0x80) == 0) {
1104 info->flags |= SDDR09_WP; /* write protected */
1105 wp_fmt = " WP";
1106 } else {
1107 wp_fmt = "";
1108 }
1109 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1110 status & 0x40 ? " Ready" : "",
1111 status & LUNBITS ? " Suspended" : "",
1112 status & 0x01 ? " Error" : "");
1113
1114 return 0;
1115}
1116
1117#if 0
1118/*
1119 * Reset Command: 12 bytes.
1120 * byte 0: opcode: EB
1121 */
1122static int
1123sddr09_reset(struct us_data *us) {
1124
1125 unsigned char *command = us->iobuf;
1126
1127 memset(command, 0, 12);
1128 command[0] = 0xEB;
1129 command[1] = LUNBITS;
1130
1131 return sddr09_send_scsi_command(us, command, 12);
1132}
1133#endif
1134
1135static struct nand_flash_dev *
1136sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1137 struct nand_flash_dev *cardinfo;
1138 unsigned char deviceID[4];
1139 char blurbtxt[256];
1140 int result;
1141
1142 usb_stor_dbg(us, "Reading capacity...\n");
1143
1144 result = sddr09_read_deviceID(us, deviceID);
1145
1146 if (result) {
1147 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1148 printk(KERN_WARNING "sddr09: could not read card info\n");
1149 return NULL;
1150 }
1151
1152 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1153
1154 /* Byte 0 is the manufacturer */
1155 sprintf(blurbtxt + strlen(blurbtxt),
1156 ": Manuf. %s",
1157 nand_flash_manufacturer(deviceID[0]));
1158
1159 /* Byte 1 is the device type */
1160 cardinfo = nand_find_id(deviceID[1]);
1161 if (cardinfo) {
1162 /*
1163 * MB or MiB? It is neither. A 16 MB card has
1164 * 17301504 raw bytes, of which 16384000 are
1165 * usable for user data.
1166 */
1167 sprintf(blurbtxt + strlen(blurbtxt),
1168 ", %d MB", 1<<(cardinfo->chipshift - 20));
1169 } else {
1170 sprintf(blurbtxt + strlen(blurbtxt),
1171 ", type unrecognized");
1172 }
1173
1174 /* Byte 2 is code to signal availability of 128-bit ID */
1175 if (deviceID[2] == 0xa5) {
1176 sprintf(blurbtxt + strlen(blurbtxt),
1177 ", 128-bit ID");
1178 }
1179
1180 /* Byte 3 announces the availability of another read ID command */
1181 if (deviceID[3] == 0xc0) {
1182 sprintf(blurbtxt + strlen(blurbtxt),
1183 ", extra cmd");
1184 }
1185
1186 if (flags & SDDR09_WP)
1187 sprintf(blurbtxt + strlen(blurbtxt),
1188 ", WP");
1189
1190 printk(KERN_WARNING "%s\n", blurbtxt);
1191
1192 return cardinfo;
1193}
1194
1195static int
1196sddr09_read_map(struct us_data *us) {
1197
1198 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1199 int numblocks, alloc_len, alloc_blocks;
1200 int i, j, result;
1201 unsigned char *buffer, *buffer_end, *ptr;
1202 unsigned int lba, lbact;
1203
1204 if (!info->capacity)
1205 return -1;
1206
1207 /*
1208 * size of a block is 1 << (blockshift + pageshift) bytes
1209 * divide into the total capacity to get the number of blocks
1210 */
1211
1212 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1213
1214 /*
1215 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1216 * but only use a 64 KB buffer
1217 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1218 */
1219#define SDDR09_READ_MAP_BUFSZ 65536
1220
1221 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1222 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1223 buffer = kmalloc(alloc_len, GFP_NOIO);
1224 if (!buffer) {
1225 result = -1;
1226 goto done;
1227 }
1228 buffer_end = buffer + alloc_len;
1229
1230#undef SDDR09_READ_MAP_BUFSZ
1231
1232 kfree(info->lba_to_pba);
1233 kfree(info->pba_to_lba);
1234 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1235 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1236
1237 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1238 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1239 result = -1;
1240 goto done;
1241 }
1242
1243 for (i = 0; i < numblocks; i++)
1244 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1245
1246 /*
1247 * Define lba-pba translation table
1248 */
1249
1250 ptr = buffer_end;
1251 for (i = 0; i < numblocks; i++) {
1252 ptr += (1 << CONTROL_SHIFT);
1253 if (ptr >= buffer_end) {
1254 unsigned long address;
1255
1256 address = i << (info->pageshift + info->blockshift);
1257 result = sddr09_read_control(
1258 us, address>>1,
1259 min(alloc_blocks, numblocks - i),
1260 buffer, 0);
1261 if (result) {
1262 result = -1;
1263 goto done;
1264 }
1265 ptr = buffer;
1266 }
1267
1268 if (i == 0 || i == 1) {
1269 info->pba_to_lba[i] = UNUSABLE;
1270 continue;
1271 }
1272
1273 /* special PBAs have control field 0^16 */
1274 for (j = 0; j < 16; j++)
1275 if (ptr[j] != 0)
1276 goto nonz;
1277 info->pba_to_lba[i] = UNUSABLE;
1278 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1279 i);
1280 continue;
1281
1282 nonz:
1283 /* unwritten PBAs have control field FF^16 */
1284 for (j = 0; j < 16; j++)
1285 if (ptr[j] != 0xff)
1286 goto nonff;
1287 continue;
1288
1289 nonff:
1290 /* normal PBAs start with six FFs */
1291 if (j < 6) {
1292 printk(KERN_WARNING
1293 "sddr09: PBA %d has no logical mapping: "
1294 "reserved area = %02X%02X%02X%02X "
1295 "data status %02X block status %02X\n",
1296 i, ptr[0], ptr[1], ptr[2], ptr[3],
1297 ptr[4], ptr[5]);
1298 info->pba_to_lba[i] = UNUSABLE;
1299 continue;
1300 }
1301
1302 if ((ptr[6] >> 4) != 0x01) {
1303 printk(KERN_WARNING
1304 "sddr09: PBA %d has invalid address field "
1305 "%02X%02X/%02X%02X\n",
1306 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1307 info->pba_to_lba[i] = UNUSABLE;
1308 continue;
1309 }
1310
1311 /* check even parity */
1312 if (parity[ptr[6] ^ ptr[7]]) {
1313 printk(KERN_WARNING
1314 "sddr09: Bad parity in LBA for block %d"
1315 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1316 info->pba_to_lba[i] = UNUSABLE;
1317 continue;
1318 }
1319
1320 lba = short_pack(ptr[7], ptr[6]);
1321 lba = (lba & 0x07FF) >> 1;
1322
1323 /*
1324 * Every 1024 physical blocks ("zone"), the LBA numbers
1325 * go back to zero, but are within a higher block of LBA's.
1326 * Also, there is a maximum of 1000 LBA's per zone.
1327 * In other words, in PBA 1024-2047 you will find LBA 0-999
1328 * which are really LBA 1000-1999. This allows for 24 bad
1329 * or special physical blocks per zone.
1330 */
1331
1332 if (lba >= 1000) {
1333 printk(KERN_WARNING
1334 "sddr09: Bad low LBA %d for block %d\n",
1335 lba, i);
1336 goto possibly_erase;
1337 }
1338
1339 lba += 1000*(i/0x400);
1340
1341 if (info->lba_to_pba[lba] != UNDEF) {
1342 printk(KERN_WARNING
1343 "sddr09: LBA %d seen for PBA %d and %d\n",
1344 lba, info->lba_to_pba[lba], i);
1345 goto possibly_erase;
1346 }
1347
1348 info->pba_to_lba[i] = lba;
1349 info->lba_to_pba[lba] = i;
1350 continue;
1351
1352 possibly_erase:
1353 if (erase_bad_lba_entries) {
1354 unsigned long address;
1355
1356 address = (i << (info->pageshift + info->blockshift));
1357 sddr09_erase(us, address>>1);
1358 info->pba_to_lba[i] = UNDEF;
1359 } else
1360 info->pba_to_lba[i] = UNUSABLE;
1361 }
1362
1363 /*
1364 * Approximate capacity. This is not entirely correct yet,
1365 * since a zone with less than 1000 usable pages leads to
1366 * missing LBAs. Especially if it is the last zone, some
1367 * LBAs can be past capacity.
1368 */
1369 lbact = 0;
1370 for (i = 0; i < numblocks; i += 1024) {
1371 int ct = 0;
1372
1373 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1374 if (info->pba_to_lba[i+j] != UNUSABLE) {
1375 if (ct >= 1000)
1376 info->pba_to_lba[i+j] = SPARE;
1377 else
1378 ct++;
1379 }
1380 }
1381 lbact += ct;
1382 }
1383 info->lbact = lbact;
1384 usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1385 result = 0;
1386
1387 done:
1388 if (result != 0) {
1389 kfree(info->lba_to_pba);
1390 kfree(info->pba_to_lba);
1391 info->lba_to_pba = NULL;
1392 info->pba_to_lba = NULL;
1393 }
1394 kfree(buffer);
1395 return result;
1396}
1397
1398static void
1399sddr09_card_info_destructor(void *extra) {
1400 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1401
1402 if (!info)
1403 return;
1404
1405 kfree(info->lba_to_pba);
1406 kfree(info->pba_to_lba);
1407}
1408
1409static int
1410sddr09_common_init(struct us_data *us) {
1411 int result;
1412
1413 /* set the configuration -- STALL is an acceptable response here */
1414 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1415 usb_stor_dbg(us, "active config #%d != 1 ??\n",
1416 us->pusb_dev->actconfig->desc.bConfigurationValue);
1417 return -EINVAL;
1418 }
1419
1420 result = usb_reset_configuration(us->pusb_dev);
1421 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1422 if (result == -EPIPE) {
1423 usb_stor_dbg(us, "-- stall on control interface\n");
1424 } else if (result != 0) {
1425 /* it's not a stall, but another error -- time to bail */
1426 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n");
1427 return -EINVAL;
1428 }
1429
1430 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1431 if (!us->extra)
1432 return -ENOMEM;
1433 us->extra_destructor = sddr09_card_info_destructor;
1434
1435 nand_init_ecc();
1436 return 0;
1437}
1438
1439
1440/*
1441 * This is needed at a very early stage. If this is not listed in the
1442 * unusual devices list but called from here then LUN 0 of the combo reader
1443 * is not recognized. But I do not know what precisely these calls do.
1444 */
1445static int
1446usb_stor_sddr09_dpcm_init(struct us_data *us) {
1447 int result;
1448 unsigned char *data = us->iobuf;
1449
1450 result = sddr09_common_init(us);
1451 if (result)
1452 return result;
1453
1454 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1455 if (result) {
1456 usb_stor_dbg(us, "send_command fails\n");
1457 return result;
1458 }
1459
1460 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1461 // get 07 02
1462
1463 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1464 if (result) {
1465 usb_stor_dbg(us, "2nd send_command fails\n");
1466 return result;
1467 }
1468
1469 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1470 // get 07 00
1471
1472 result = sddr09_request_sense(us, data, 18);
1473 if (result == 0 && data[2] != 0) {
1474 int j;
1475 for (j=0; j<18; j++)
1476 printk(" %02X", data[j]);
1477 printk("\n");
1478 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1479 // 70: current command
1480 // sense key 0, sense code 0, extd sense code 0
1481 // additional transfer length * = sizeof(data) - 7
1482 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1483 // sense key 06, sense code 28: unit attention,
1484 // not ready to ready transition
1485 }
1486
1487 // test unit ready
1488
1489 return 0; /* not result */
1490}
1491
1492/*
1493 * Transport for the Microtech DPCM-USB
1494 */
1495static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1496{
1497 int ret;
1498
1499 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1500
1501 switch (srb->device->lun) {
1502 case 0:
1503
1504 /*
1505 * LUN 0 corresponds to the CompactFlash card reader.
1506 */
1507 ret = usb_stor_CB_transport(srb, us);
1508 break;
1509
1510 case 1:
1511
1512 /*
1513 * LUN 1 corresponds to the SmartMedia card reader.
1514 */
1515
1516 /*
1517 * Set the LUN to 0 (just in case).
1518 */
1519 srb->device->lun = 0;
1520 ret = sddr09_transport(srb, us);
1521 srb->device->lun = 1;
1522 break;
1523
1524 default:
1525 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1526 ret = USB_STOR_TRANSPORT_ERROR;
1527 break;
1528 }
1529 return ret;
1530}
1531
1532
1533/*
1534 * Transport for the Sandisk SDDR-09
1535 */
1536static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1537{
1538 static unsigned char sensekey = 0, sensecode = 0;
1539 static unsigned char havefakesense = 0;
1540 int result, i;
1541 unsigned char *ptr = us->iobuf;
1542 unsigned long capacity;
1543 unsigned int page, pages;
1544
1545 struct sddr09_card_info *info;
1546
1547 static unsigned char inquiry_response[8] = {
1548 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1549 };
1550
1551 /* note: no block descriptor support */
1552 static unsigned char mode_page_01[19] = {
1553 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1554 0x01, 0x0A,
1555 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1556 };
1557
1558 info = (struct sddr09_card_info *)us->extra;
1559
1560 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1561 /* for a faked command, we have to follow with a faked sense */
1562 memset(ptr, 0, 18);
1563 ptr[0] = 0x70;
1564 ptr[2] = sensekey;
1565 ptr[7] = 11;
1566 ptr[12] = sensecode;
1567 usb_stor_set_xfer_buf(ptr, 18, srb);
1568 sensekey = sensecode = havefakesense = 0;
1569 return USB_STOR_TRANSPORT_GOOD;
1570 }
1571
1572 havefakesense = 1;
1573
1574 /*
1575 * Dummy up a response for INQUIRY since SDDR09 doesn't
1576 * respond to INQUIRY commands
1577 */
1578
1579 if (srb->cmnd[0] == INQUIRY) {
1580 memcpy(ptr, inquiry_response, 8);
1581 fill_inquiry_response(us, ptr, 36);
1582 return USB_STOR_TRANSPORT_GOOD;
1583 }
1584
1585 if (srb->cmnd[0] == READ_CAPACITY) {
1586 struct nand_flash_dev *cardinfo;
1587
1588 sddr09_get_wp(us, info); /* read WP bit */
1589
1590 cardinfo = sddr09_get_cardinfo(us, info->flags);
1591 if (!cardinfo) {
1592 /* probably no media */
1593 init_error:
1594 sensekey = 0x02; /* not ready */
1595 sensecode = 0x3a; /* medium not present */
1596 return USB_STOR_TRANSPORT_FAILED;
1597 }
1598
1599 info->capacity = (1 << cardinfo->chipshift);
1600 info->pageshift = cardinfo->pageshift;
1601 info->pagesize = (1 << info->pageshift);
1602 info->blockshift = cardinfo->blockshift;
1603 info->blocksize = (1 << info->blockshift);
1604 info->blockmask = info->blocksize - 1;
1605
1606 // map initialization, must follow get_cardinfo()
1607 if (sddr09_read_map(us)) {
1608 /* probably out of memory */
1609 goto init_error;
1610 }
1611
1612 // Report capacity
1613
1614 capacity = (info->lbact << info->blockshift) - 1;
1615
1616 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1617
1618 // Report page size
1619
1620 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1621 usb_stor_set_xfer_buf(ptr, 8, srb);
1622
1623 return USB_STOR_TRANSPORT_GOOD;
1624 }
1625
1626 if (srb->cmnd[0] == MODE_SENSE_10) {
1627 int modepage = (srb->cmnd[2] & 0x3F);
1628
1629 /*
1630 * They ask for the Read/Write error recovery page,
1631 * or for all pages.
1632 */
1633 /* %% We should check DBD %% */
1634 if (modepage == 0x01 || modepage == 0x3F) {
1635 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636 modepage);
1637
1638 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642 return USB_STOR_TRANSPORT_GOOD;
1643 }
1644
1645 sensekey = 0x05; /* illegal request */
1646 sensecode = 0x24; /* invalid field in CDB */
1647 return USB_STOR_TRANSPORT_FAILED;
1648 }
1649
1650 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651 return USB_STOR_TRANSPORT_GOOD;
1652
1653 havefakesense = 0;
1654
1655 if (srb->cmnd[0] == READ_10) {
1656
1657 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658 page <<= 16;
1659 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661
1662 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663 page, pages);
1664
1665 result = sddr09_read_data(us, page, pages);
1666 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667 USB_STOR_TRANSPORT_ERROR);
1668 }
1669
1670 if (srb->cmnd[0] == WRITE_10) {
1671
1672 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 page <<= 16;
1674 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676
1677 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678 page, pages);
1679
1680 result = sddr09_write_data(us, page, pages);
1681 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 USB_STOR_TRANSPORT_ERROR);
1683 }
1684
1685 /*
1686 * catch-all for all other commands, except
1687 * pass TEST_UNIT_READY and REQUEST_SENSE through
1688 */
1689 if (srb->cmnd[0] != TEST_UNIT_READY &&
1690 srb->cmnd[0] != REQUEST_SENSE) {
1691 sensekey = 0x05; /* illegal request */
1692 sensecode = 0x20; /* invalid command */
1693 havefakesense = 1;
1694 return USB_STOR_TRANSPORT_FAILED;
1695 }
1696
1697 for (; srb->cmd_len<12; srb->cmd_len++)
1698 srb->cmnd[srb->cmd_len] = 0;
1699
1700 srb->cmnd[1] = LUNBITS;
1701
1702 ptr[0] = 0;
1703 for (i=0; i<12; i++)
1704 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1705
1706 usb_stor_dbg(us, "Send control for command %s\n", ptr);
1707
1708 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1709 if (result) {
1710 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1711 result);
1712 return USB_STOR_TRANSPORT_ERROR;
1713 }
1714
1715 if (scsi_bufflen(srb) == 0)
1716 return USB_STOR_TRANSPORT_GOOD;
1717
1718 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1719 srb->sc_data_direction == DMA_FROM_DEVICE) {
1720 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1721 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1722
1723 usb_stor_dbg(us, "%s %d bytes\n",
1724 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1725 "sending" : "receiving",
1726 scsi_bufflen(srb));
1727
1728 result = usb_stor_bulk_srb(us, pipe, srb);
1729
1730 return (result == USB_STOR_XFER_GOOD ?
1731 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1732 }
1733
1734 return USB_STOR_TRANSPORT_GOOD;
1735}
1736
1737/*
1738 * Initialization routine for the sddr09 subdriver
1739 */
1740static int
1741usb_stor_sddr09_init(struct us_data *us) {
1742 return sddr09_common_init(us);
1743}
1744
1745static struct scsi_host_template sddr09_host_template;
1746
1747static int sddr09_probe(struct usb_interface *intf,
1748 const struct usb_device_id *id)
1749{
1750 struct us_data *us;
1751 int result;
1752
1753 result = usb_stor_probe1(&us, intf, id,
1754 (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1755 &sddr09_host_template);
1756 if (result)
1757 return result;
1758
1759 if (us->protocol == USB_PR_DPCM_USB) {
1760 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1761 us->transport = dpcm_transport;
1762 us->transport_reset = usb_stor_CB_reset;
1763 us->max_lun = 1;
1764 } else {
1765 us->transport_name = "EUSB/SDDR09";
1766 us->transport = sddr09_transport;
1767 us->transport_reset = usb_stor_CB_reset;
1768 us->max_lun = 0;
1769 }
1770
1771 result = usb_stor_probe2(us);
1772 return result;
1773}
1774
1775static struct usb_driver sddr09_driver = {
1776 .name = DRV_NAME,
1777 .probe = sddr09_probe,
1778 .disconnect = usb_stor_disconnect,
1779 .suspend = usb_stor_suspend,
1780 .resume = usb_stor_resume,
1781 .reset_resume = usb_stor_reset_resume,
1782 .pre_reset = usb_stor_pre_reset,
1783 .post_reset = usb_stor_post_reset,
1784 .id_table = sddr09_usb_ids,
1785 .soft_unbind = 1,
1786 .no_dynamic_id = 1,
1787};
1788
1789module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);