Loading...
1/* Driver for SanDisk SDDR-09 SmartMedia reader
2 *
3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
5 * Developed with the assistance of:
6 * (c) 2002 Alan Stern <stern@rowland.org>
7 *
8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9 * This chip is a programmable USB controller. In the SDDR-09, it has
10 * been programmed to obey a certain limited set of SCSI commands.
11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12 * commands.
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2, or (at your option) any
17 * later version.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation, Inc.,
26 * 675 Mass Ave, Cambridge, MA 02139, USA.
27 */
28
29/*
30 * Known vendor commands: 12 bytes, first byte is opcode
31 *
32 * E7: read scatter gather
33 * E8: read
34 * E9: write
35 * EA: erase
36 * EB: reset
37 * EC: read status
38 * ED: read ID
39 * EE: write CIS (?)
40 * EF: compute checksum (?)
41 */
42
43#include <linux/errno.h>
44#include <linux/module.h>
45#include <linux/slab.h>
46
47#include <scsi/scsi.h>
48#include <scsi/scsi_cmnd.h>
49#include <scsi/scsi_device.h>
50
51#include "usb.h"
52#include "transport.h"
53#include "protocol.h"
54#include "debug.h"
55#include "scsiglue.h"
56
57#define DRV_NAME "ums-sddr09"
58
59MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
60MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
61MODULE_LICENSE("GPL");
62
63static int usb_stor_sddr09_dpcm_init(struct us_data *us);
64static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
65static int usb_stor_sddr09_init(struct us_data *us);
66
67
68/*
69 * The table of devices
70 */
71#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
72 vendorName, productName, useProtocol, useTransport, \
73 initFunction, flags) \
74{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
75 .driver_info = (flags) }
76
77static struct usb_device_id sddr09_usb_ids[] = {
78# include "unusual_sddr09.h"
79 { } /* Terminating entry */
80};
81MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
82
83#undef UNUSUAL_DEV
84
85/*
86 * The flags table
87 */
88#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
89 vendor_name, product_name, use_protocol, use_transport, \
90 init_function, Flags) \
91{ \
92 .vendorName = vendor_name, \
93 .productName = product_name, \
94 .useProtocol = use_protocol, \
95 .useTransport = use_transport, \
96 .initFunction = init_function, \
97}
98
99static struct us_unusual_dev sddr09_unusual_dev_list[] = {
100# include "unusual_sddr09.h"
101 { } /* Terminating entry */
102};
103
104#undef UNUSUAL_DEV
105
106
107#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
108#define LSB_of(s) ((s)&0xFF)
109#define MSB_of(s) ((s)>>8)
110
111/*
112 * First some stuff that does not belong here:
113 * data on SmartMedia and other cards, completely
114 * unrelated to this driver.
115 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
116 */
117
118struct nand_flash_dev {
119 int model_id;
120 int chipshift; /* 1<<cs bytes total capacity */
121 char pageshift; /* 1<<ps bytes in a page */
122 char blockshift; /* 1<<bs pages in an erase block */
123 char zoneshift; /* 1<<zs blocks in a zone */
124 /* # of logical blocks is 125/128 of this */
125 char pageadrlen; /* length of an address in bytes - 1 */
126};
127
128/*
129 * NAND Flash Manufacturer ID Codes
130 */
131#define NAND_MFR_AMD 0x01
132#define NAND_MFR_NATSEMI 0x8f
133#define NAND_MFR_TOSHIBA 0x98
134#define NAND_MFR_SAMSUNG 0xec
135
136static inline char *nand_flash_manufacturer(int manuf_id) {
137 switch(manuf_id) {
138 case NAND_MFR_AMD:
139 return "AMD";
140 case NAND_MFR_NATSEMI:
141 return "NATSEMI";
142 case NAND_MFR_TOSHIBA:
143 return "Toshiba";
144 case NAND_MFR_SAMSUNG:
145 return "Samsung";
146 default:
147 return "unknown";
148 }
149}
150
151/*
152 * It looks like it is unnecessary to attach manufacturer to the
153 * remaining data: SSFDC prescribes manufacturer-independent id codes.
154 *
155 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
156 */
157
158static struct nand_flash_dev nand_flash_ids[] = {
159 /* NAND flash */
160 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
161 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
162 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
163 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
164 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
165 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
166 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
167 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
168 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
169 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
170 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
171 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
172 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
173
174 /* MASK ROM */
175 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
176 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
177 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
178 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
179 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
180 { 0,}
181};
182
183static struct nand_flash_dev *
184nand_find_id(unsigned char id) {
185 int i;
186
187 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
188 if (nand_flash_ids[i].model_id == id)
189 return &(nand_flash_ids[i]);
190 return NULL;
191}
192
193/*
194 * ECC computation.
195 */
196static unsigned char parity[256];
197static unsigned char ecc2[256];
198
199static void nand_init_ecc(void) {
200 int i, j, a;
201
202 parity[0] = 0;
203 for (i = 1; i < 256; i++)
204 parity[i] = (parity[i&(i-1)] ^ 1);
205
206 for (i = 0; i < 256; i++) {
207 a = 0;
208 for (j = 0; j < 8; j++) {
209 if (i & (1<<j)) {
210 if ((j & 1) == 0)
211 a ^= 0x04;
212 if ((j & 2) == 0)
213 a ^= 0x10;
214 if ((j & 4) == 0)
215 a ^= 0x40;
216 }
217 }
218 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
219 }
220}
221
222/* compute 3-byte ecc on 256 bytes */
223static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
224 int i, j, a;
225 unsigned char par = 0, bit, bits[8] = {0};
226
227 /* collect 16 checksum bits */
228 for (i = 0; i < 256; i++) {
229 par ^= data[i];
230 bit = parity[data[i]];
231 for (j = 0; j < 8; j++)
232 if ((i & (1<<j)) == 0)
233 bits[j] ^= bit;
234 }
235
236 /* put 4+4+4 = 12 bits in the ecc */
237 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
238 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
239
240 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
241 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
242
243 ecc[2] = ecc2[par];
244}
245
246static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
247 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
248}
249
250static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
251 memcpy(data, ecc, 3);
252}
253
254/*
255 * The actual driver starts here.
256 */
257
258struct sddr09_card_info {
259 unsigned long capacity; /* Size of card in bytes */
260 int pagesize; /* Size of page in bytes */
261 int pageshift; /* log2 of pagesize */
262 int blocksize; /* Size of block in pages */
263 int blockshift; /* log2 of blocksize */
264 int blockmask; /* 2^blockshift - 1 */
265 int *lba_to_pba; /* logical to physical map */
266 int *pba_to_lba; /* physical to logical map */
267 int lbact; /* number of available pages */
268 int flags;
269#define SDDR09_WP 1 /* write protected */
270};
271
272/*
273 * On my 16MB card, control blocks have size 64 (16 real control bytes,
274 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
275 * so the reader makes up the remaining 48. Don't know whether these numbers
276 * depend on the card. For now a constant.
277 */
278#define CONTROL_SHIFT 6
279
280/*
281 * On my Combo CF/SM reader, the SM reader has LUN 1.
282 * (and things fail with LUN 0).
283 * It seems LUN is irrelevant for others.
284 */
285#define LUN 1
286#define LUNBITS (LUN << 5)
287
288/*
289 * LBA and PBA are unsigned ints. Special values.
290 */
291#define UNDEF 0xffffffff
292#define SPARE 0xfffffffe
293#define UNUSABLE 0xfffffffd
294
295static const int erase_bad_lba_entries = 0;
296
297/* send vendor interface command (0x41) */
298/* called for requests 0, 1, 8 */
299static int
300sddr09_send_command(struct us_data *us,
301 unsigned char request,
302 unsigned char direction,
303 unsigned char *xfer_data,
304 unsigned int xfer_len) {
305 unsigned int pipe;
306 unsigned char requesttype = (0x41 | direction);
307 int rc;
308
309 // Get the receive or send control pipe number
310
311 if (direction == USB_DIR_IN)
312 pipe = us->recv_ctrl_pipe;
313 else
314 pipe = us->send_ctrl_pipe;
315
316 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
317 0, 0, xfer_data, xfer_len);
318 switch (rc) {
319 case USB_STOR_XFER_GOOD: return 0;
320 case USB_STOR_XFER_STALLED: return -EPIPE;
321 default: return -EIO;
322 }
323}
324
325static int
326sddr09_send_scsi_command(struct us_data *us,
327 unsigned char *command,
328 unsigned int command_len) {
329 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
330}
331
332#if 0
333/*
334 * Test Unit Ready Command: 12 bytes.
335 * byte 0: opcode: 00
336 */
337static int
338sddr09_test_unit_ready(struct us_data *us) {
339 unsigned char *command = us->iobuf;
340 int result;
341
342 memset(command, 0, 6);
343 command[1] = LUNBITS;
344
345 result = sddr09_send_scsi_command(us, command, 6);
346
347 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
348
349 return result;
350}
351#endif
352
353/*
354 * Request Sense Command: 12 bytes.
355 * byte 0: opcode: 03
356 * byte 4: data length
357 */
358static int
359sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
360 unsigned char *command = us->iobuf;
361 int result;
362
363 memset(command, 0, 12);
364 command[0] = 0x03;
365 command[1] = LUNBITS;
366 command[4] = buflen;
367
368 result = sddr09_send_scsi_command(us, command, 12);
369 if (result)
370 return result;
371
372 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
373 sensebuf, buflen, NULL);
374 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
375}
376
377/*
378 * Read Command: 12 bytes.
379 * byte 0: opcode: E8
380 * byte 1: last two bits: 00: read data, 01: read blockwise control,
381 * 10: read both, 11: read pagewise control.
382 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
383 * bytes 2-5: address (interpretation depends on byte 1, see below)
384 * bytes 10-11: count (idem)
385 *
386 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
387 * A read data command gets data in 512-byte pages.
388 * A read control command gets control in 64-byte chunks.
389 * A read both command gets data+control in 576-byte chunks.
390 *
391 * Blocks are groups of 32 pages, and read blockwise control jumps to the
392 * next block, while read pagewise control jumps to the next page after
393 * reading a group of 64 control bytes.
394 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
395 *
396 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
397 */
398
399static int
400sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
401 int nr_of_pages, int bulklen, unsigned char *buf,
402 int use_sg) {
403
404 unsigned char *command = us->iobuf;
405 int result;
406
407 command[0] = 0xE8;
408 command[1] = LUNBITS | x;
409 command[2] = MSB_of(fromaddress>>16);
410 command[3] = LSB_of(fromaddress>>16);
411 command[4] = MSB_of(fromaddress & 0xFFFF);
412 command[5] = LSB_of(fromaddress & 0xFFFF);
413 command[6] = 0;
414 command[7] = 0;
415 command[8] = 0;
416 command[9] = 0;
417 command[10] = MSB_of(nr_of_pages);
418 command[11] = LSB_of(nr_of_pages);
419
420 result = sddr09_send_scsi_command(us, command, 12);
421
422 if (result) {
423 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
424 x, result);
425 return result;
426 }
427
428 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
429 buf, bulklen, use_sg, NULL);
430
431 if (result != USB_STOR_XFER_GOOD) {
432 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
433 x, result);
434 return -EIO;
435 }
436 return 0;
437}
438
439/*
440 * Read Data
441 *
442 * fromaddress counts data shorts:
443 * increasing it by 256 shifts the bytestream by 512 bytes;
444 * the last 8 bits are ignored.
445 *
446 * nr_of_pages counts pages of size (1 << pageshift).
447 */
448static int
449sddr09_read20(struct us_data *us, unsigned long fromaddress,
450 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
451 int bulklen = nr_of_pages << pageshift;
452
453 /* The last 8 bits of fromaddress are ignored. */
454 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
455 buf, use_sg);
456}
457
458/*
459 * Read Blockwise Control
460 *
461 * fromaddress gives the starting position (as in read data;
462 * the last 8 bits are ignored); increasing it by 32*256 shifts
463 * the output stream by 64 bytes.
464 *
465 * count counts control groups of size (1 << controlshift).
466 * For me, controlshift = 6. Is this constant?
467 *
468 * After getting one control group, jump to the next block
469 * (fromaddress += 8192).
470 */
471static int
472sddr09_read21(struct us_data *us, unsigned long fromaddress,
473 int count, int controlshift, unsigned char *buf, int use_sg) {
474
475 int bulklen = (count << controlshift);
476 return sddr09_readX(us, 1, fromaddress, count, bulklen,
477 buf, use_sg);
478}
479
480/*
481 * Read both Data and Control
482 *
483 * fromaddress counts data shorts, ignoring control:
484 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
485 * the last 8 bits are ignored.
486 *
487 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
488 */
489static int
490sddr09_read22(struct us_data *us, unsigned long fromaddress,
491 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
492
493 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
494 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
495 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
496 buf, use_sg);
497}
498
499#if 0
500/*
501 * Read Pagewise Control
502 *
503 * fromaddress gives the starting position (as in read data;
504 * the last 8 bits are ignored); increasing it by 256 shifts
505 * the output stream by 64 bytes.
506 *
507 * count counts control groups of size (1 << controlshift).
508 * For me, controlshift = 6. Is this constant?
509 *
510 * After getting one control group, jump to the next page
511 * (fromaddress += 256).
512 */
513static int
514sddr09_read23(struct us_data *us, unsigned long fromaddress,
515 int count, int controlshift, unsigned char *buf, int use_sg) {
516
517 int bulklen = (count << controlshift);
518 return sddr09_readX(us, 3, fromaddress, count, bulklen,
519 buf, use_sg);
520}
521#endif
522
523/*
524 * Erase Command: 12 bytes.
525 * byte 0: opcode: EA
526 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
527 *
528 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
529 * The byte address being erased is 2*Eaddress.
530 * The CIS cannot be erased.
531 */
532static int
533sddr09_erase(struct us_data *us, unsigned long Eaddress) {
534 unsigned char *command = us->iobuf;
535 int result;
536
537 usb_stor_dbg(us, "erase address %lu\n", Eaddress);
538
539 memset(command, 0, 12);
540 command[0] = 0xEA;
541 command[1] = LUNBITS;
542 command[6] = MSB_of(Eaddress>>16);
543 command[7] = LSB_of(Eaddress>>16);
544 command[8] = MSB_of(Eaddress & 0xFFFF);
545 command[9] = LSB_of(Eaddress & 0xFFFF);
546
547 result = sddr09_send_scsi_command(us, command, 12);
548
549 if (result)
550 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
551 result);
552
553 return result;
554}
555
556/*
557 * Write CIS Command: 12 bytes.
558 * byte 0: opcode: EE
559 * bytes 2-5: write address in shorts
560 * bytes 10-11: sector count
561 *
562 * This writes at the indicated address. Don't know how it differs
563 * from E9. Maybe it does not erase? However, it will also write to
564 * the CIS.
565 *
566 * When two such commands on the same page follow each other directly,
567 * the second one is not done.
568 */
569
570/*
571 * Write Command: 12 bytes.
572 * byte 0: opcode: E9
573 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
574 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
575 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
576 *
577 * If write address equals erase address, the erase is done first,
578 * otherwise the write is done first. When erase address equals zero
579 * no erase is done?
580 */
581static int
582sddr09_writeX(struct us_data *us,
583 unsigned long Waddress, unsigned long Eaddress,
584 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
585
586 unsigned char *command = us->iobuf;
587 int result;
588
589 command[0] = 0xE9;
590 command[1] = LUNBITS;
591
592 command[2] = MSB_of(Waddress>>16);
593 command[3] = LSB_of(Waddress>>16);
594 command[4] = MSB_of(Waddress & 0xFFFF);
595 command[5] = LSB_of(Waddress & 0xFFFF);
596
597 command[6] = MSB_of(Eaddress>>16);
598 command[7] = LSB_of(Eaddress>>16);
599 command[8] = MSB_of(Eaddress & 0xFFFF);
600 command[9] = LSB_of(Eaddress & 0xFFFF);
601
602 command[10] = MSB_of(nr_of_pages);
603 command[11] = LSB_of(nr_of_pages);
604
605 result = sddr09_send_scsi_command(us, command, 12);
606
607 if (result) {
608 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
609 result);
610 return result;
611 }
612
613 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
614 buf, bulklen, use_sg, NULL);
615
616 if (result != USB_STOR_XFER_GOOD) {
617 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
618 result);
619 return -EIO;
620 }
621 return 0;
622}
623
624/* erase address, write same address */
625static int
626sddr09_write_inplace(struct us_data *us, unsigned long address,
627 int nr_of_pages, int pageshift, unsigned char *buf,
628 int use_sg) {
629 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
630 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
631 buf, use_sg);
632}
633
634#if 0
635/*
636 * Read Scatter Gather Command: 3+4n bytes.
637 * byte 0: opcode E7
638 * byte 2: n
639 * bytes 4i-1,4i,4i+1: page address
640 * byte 4i+2: page count
641 * (i=1..n)
642 *
643 * This reads several pages from the card to a single memory buffer.
644 * The last two bits of byte 1 have the same meaning as for E8.
645 */
646static int
647sddr09_read_sg_test_only(struct us_data *us) {
648 unsigned char *command = us->iobuf;
649 int result, bulklen, nsg, ct;
650 unsigned char *buf;
651 unsigned long address;
652
653 nsg = bulklen = 0;
654 command[0] = 0xE7;
655 command[1] = LUNBITS;
656 command[2] = 0;
657 address = 040000; ct = 1;
658 nsg++;
659 bulklen += (ct << 9);
660 command[4*nsg+2] = ct;
661 command[4*nsg+1] = ((address >> 9) & 0xFF);
662 command[4*nsg+0] = ((address >> 17) & 0xFF);
663 command[4*nsg-1] = ((address >> 25) & 0xFF);
664
665 address = 0340000; ct = 1;
666 nsg++;
667 bulklen += (ct << 9);
668 command[4*nsg+2] = ct;
669 command[4*nsg+1] = ((address >> 9) & 0xFF);
670 command[4*nsg+0] = ((address >> 17) & 0xFF);
671 command[4*nsg-1] = ((address >> 25) & 0xFF);
672
673 address = 01000000; ct = 2;
674 nsg++;
675 bulklen += (ct << 9);
676 command[4*nsg+2] = ct;
677 command[4*nsg+1] = ((address >> 9) & 0xFF);
678 command[4*nsg+0] = ((address >> 17) & 0xFF);
679 command[4*nsg-1] = ((address >> 25) & 0xFF);
680
681 command[2] = nsg;
682
683 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
684
685 if (result) {
686 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
687 result);
688 return result;
689 }
690
691 buf = kmalloc(bulklen, GFP_NOIO);
692 if (!buf)
693 return -ENOMEM;
694
695 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
696 buf, bulklen, NULL);
697 kfree(buf);
698 if (result != USB_STOR_XFER_GOOD) {
699 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
700 result);
701 return -EIO;
702 }
703
704 return 0;
705}
706#endif
707
708/*
709 * Read Status Command: 12 bytes.
710 * byte 0: opcode: EC
711 *
712 * Returns 64 bytes, all zero except for the first.
713 * bit 0: 1: Error
714 * bit 5: 1: Suspended
715 * bit 6: 1: Ready
716 * bit 7: 1: Not write-protected
717 */
718
719static int
720sddr09_read_status(struct us_data *us, unsigned char *status) {
721
722 unsigned char *command = us->iobuf;
723 unsigned char *data = us->iobuf;
724 int result;
725
726 usb_stor_dbg(us, "Reading status...\n");
727
728 memset(command, 0, 12);
729 command[0] = 0xEC;
730 command[1] = LUNBITS;
731
732 result = sddr09_send_scsi_command(us, command, 12);
733 if (result)
734 return result;
735
736 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
737 data, 64, NULL);
738 *status = data[0];
739 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
740}
741
742static int
743sddr09_read_data(struct us_data *us,
744 unsigned long address,
745 unsigned int sectors) {
746
747 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
748 unsigned char *buffer;
749 unsigned int lba, maxlba, pba;
750 unsigned int page, pages;
751 unsigned int len, offset;
752 struct scatterlist *sg;
753 int result;
754
755 // Figure out the initial LBA and page
756 lba = address >> info->blockshift;
757 page = (address & info->blockmask);
758 maxlba = info->capacity >> (info->pageshift + info->blockshift);
759 if (lba >= maxlba)
760 return -EIO;
761
762 // Since we only read in one block at a time, we have to create
763 // a bounce buffer and move the data a piece at a time between the
764 // bounce buffer and the actual transfer buffer.
765
766 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
767 buffer = kmalloc(len, GFP_NOIO);
768 if (buffer == NULL) {
769 printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
770 return -ENOMEM;
771 }
772
773 // This could be made much more efficient by checking for
774 // contiguous LBA's. Another exercise left to the student.
775
776 result = 0;
777 offset = 0;
778 sg = NULL;
779
780 while (sectors > 0) {
781
782 /* Find number of pages we can read in this block */
783 pages = min(sectors, info->blocksize - page);
784 len = pages << info->pageshift;
785
786 /* Not overflowing capacity? */
787 if (lba >= maxlba) {
788 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
789 lba, maxlba);
790 result = -EIO;
791 break;
792 }
793
794 /* Find where this lba lives on disk */
795 pba = info->lba_to_pba[lba];
796
797 if (pba == UNDEF) { /* this lba was never written */
798
799 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
800 pages, lba, page);
801
802 /* This is not really an error. It just means
803 that the block has never been written.
804 Instead of returning an error
805 it is better to return all zero data. */
806
807 memset(buffer, 0, len);
808
809 } else {
810 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
811 pages, pba, lba, page);
812
813 address = ((pba << info->blockshift) + page) <<
814 info->pageshift;
815
816 result = sddr09_read20(us, address>>1,
817 pages, info->pageshift, buffer, 0);
818 if (result)
819 break;
820 }
821
822 // Store the data in the transfer buffer
823 usb_stor_access_xfer_buf(buffer, len, us->srb,
824 &sg, &offset, TO_XFER_BUF);
825
826 page = 0;
827 lba++;
828 sectors -= pages;
829 }
830
831 kfree(buffer);
832 return result;
833}
834
835static unsigned int
836sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
837 static unsigned int lastpba = 1;
838 int zonestart, end, i;
839
840 zonestart = (lba/1000) << 10;
841 end = info->capacity >> (info->blockshift + info->pageshift);
842 end -= zonestart;
843 if (end > 1024)
844 end = 1024;
845
846 for (i = lastpba+1; i < end; i++) {
847 if (info->pba_to_lba[zonestart+i] == UNDEF) {
848 lastpba = i;
849 return zonestart+i;
850 }
851 }
852 for (i = 0; i <= lastpba; i++) {
853 if (info->pba_to_lba[zonestart+i] == UNDEF) {
854 lastpba = i;
855 return zonestart+i;
856 }
857 }
858 return 0;
859}
860
861static int
862sddr09_write_lba(struct us_data *us, unsigned int lba,
863 unsigned int page, unsigned int pages,
864 unsigned char *ptr, unsigned char *blockbuffer) {
865
866 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
867 unsigned long address;
868 unsigned int pba, lbap;
869 unsigned int pagelen;
870 unsigned char *bptr, *cptr, *xptr;
871 unsigned char ecc[3];
872 int i, result, isnew;
873
874 lbap = ((lba % 1000) << 1) | 0x1000;
875 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
876 lbap ^= 1;
877 pba = info->lba_to_pba[lba];
878 isnew = 0;
879
880 if (pba == UNDEF) {
881 pba = sddr09_find_unused_pba(info, lba);
882 if (!pba) {
883 printk(KERN_WARNING
884 "sddr09_write_lba: Out of unused blocks\n");
885 return -ENOSPC;
886 }
887 info->pba_to_lba[pba] = lba;
888 info->lba_to_pba[lba] = pba;
889 isnew = 1;
890 }
891
892 if (pba == 1) {
893 /* Maybe it is impossible to write to PBA 1.
894 Fake success, but don't do anything. */
895 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
896 return 0;
897 }
898
899 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
900
901 /* read old contents */
902 address = (pba << (info->pageshift + info->blockshift));
903 result = sddr09_read22(us, address>>1, info->blocksize,
904 info->pageshift, blockbuffer, 0);
905 if (result)
906 return result;
907
908 /* check old contents and fill lba */
909 for (i = 0; i < info->blocksize; i++) {
910 bptr = blockbuffer + i*pagelen;
911 cptr = bptr + info->pagesize;
912 nand_compute_ecc(bptr, ecc);
913 if (!nand_compare_ecc(cptr+13, ecc)) {
914 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
915 i, pba);
916 nand_store_ecc(cptr+13, ecc);
917 }
918 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
919 if (!nand_compare_ecc(cptr+8, ecc)) {
920 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
921 i, pba);
922 nand_store_ecc(cptr+8, ecc);
923 }
924 cptr[6] = cptr[11] = MSB_of(lbap);
925 cptr[7] = cptr[12] = LSB_of(lbap);
926 }
927
928 /* copy in new stuff and compute ECC */
929 xptr = ptr;
930 for (i = page; i < page+pages; i++) {
931 bptr = blockbuffer + i*pagelen;
932 cptr = bptr + info->pagesize;
933 memcpy(bptr, xptr, info->pagesize);
934 xptr += info->pagesize;
935 nand_compute_ecc(bptr, ecc);
936 nand_store_ecc(cptr+13, ecc);
937 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
938 nand_store_ecc(cptr+8, ecc);
939 }
940
941 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
942
943 result = sddr09_write_inplace(us, address>>1, info->blocksize,
944 info->pageshift, blockbuffer, 0);
945
946 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
947
948#if 0
949 {
950 unsigned char status = 0;
951 int result2 = sddr09_read_status(us, &status);
952 if (result2)
953 usb_stor_dbg(us, "cannot read status\n");
954 else if (status != 0xc0)
955 usb_stor_dbg(us, "status after write: 0x%x\n", status);
956 }
957#endif
958
959#if 0
960 {
961 int result2 = sddr09_test_unit_ready(us);
962 }
963#endif
964
965 return result;
966}
967
968static int
969sddr09_write_data(struct us_data *us,
970 unsigned long address,
971 unsigned int sectors) {
972
973 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
974 unsigned int lba, maxlba, page, pages;
975 unsigned int pagelen, blocklen;
976 unsigned char *blockbuffer;
977 unsigned char *buffer;
978 unsigned int len, offset;
979 struct scatterlist *sg;
980 int result;
981
982 // Figure out the initial LBA and page
983 lba = address >> info->blockshift;
984 page = (address & info->blockmask);
985 maxlba = info->capacity >> (info->pageshift + info->blockshift);
986 if (lba >= maxlba)
987 return -EIO;
988
989 // blockbuffer is used for reading in the old data, overwriting
990 // with the new data, and performing ECC calculations
991
992 /* TODO: instead of doing kmalloc/kfree for each write,
993 add a bufferpointer to the info structure */
994
995 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
996 blocklen = (pagelen << info->blockshift);
997 blockbuffer = kmalloc(blocklen, GFP_NOIO);
998 if (!blockbuffer) {
999 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1000 return -ENOMEM;
1001 }
1002
1003 // Since we don't write the user data directly to the device,
1004 // we have to create a bounce buffer and move the data a piece
1005 // at a time between the bounce buffer and the actual transfer buffer.
1006
1007 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1008 buffer = kmalloc(len, GFP_NOIO);
1009 if (buffer == NULL) {
1010 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1011 kfree(blockbuffer);
1012 return -ENOMEM;
1013 }
1014
1015 result = 0;
1016 offset = 0;
1017 sg = NULL;
1018
1019 while (sectors > 0) {
1020
1021 // Write as many sectors as possible in this block
1022
1023 pages = min(sectors, info->blocksize - page);
1024 len = (pages << info->pageshift);
1025
1026 /* Not overflowing capacity? */
1027 if (lba >= maxlba) {
1028 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1029 lba, maxlba);
1030 result = -EIO;
1031 break;
1032 }
1033
1034 // Get the data from the transfer buffer
1035 usb_stor_access_xfer_buf(buffer, len, us->srb,
1036 &sg, &offset, FROM_XFER_BUF);
1037
1038 result = sddr09_write_lba(us, lba, page, pages,
1039 buffer, blockbuffer);
1040 if (result)
1041 break;
1042
1043 page = 0;
1044 lba++;
1045 sectors -= pages;
1046 }
1047
1048 kfree(buffer);
1049 kfree(blockbuffer);
1050
1051 return result;
1052}
1053
1054static int
1055sddr09_read_control(struct us_data *us,
1056 unsigned long address,
1057 unsigned int blocks,
1058 unsigned char *content,
1059 int use_sg) {
1060
1061 usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1062 address, blocks);
1063
1064 return sddr09_read21(us, address, blocks,
1065 CONTROL_SHIFT, content, use_sg);
1066}
1067
1068/*
1069 * Read Device ID Command: 12 bytes.
1070 * byte 0: opcode: ED
1071 *
1072 * Returns 2 bytes: Manufacturer ID and Device ID.
1073 * On more recent cards 3 bytes: the third byte is an option code A5
1074 * signifying that the secret command to read an 128-bit ID is available.
1075 * On still more recent cards 4 bytes: the fourth byte C0 means that
1076 * a second read ID cmd is available.
1077 */
1078static int
1079sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1080 unsigned char *command = us->iobuf;
1081 unsigned char *content = us->iobuf;
1082 int result, i;
1083
1084 memset(command, 0, 12);
1085 command[0] = 0xED;
1086 command[1] = LUNBITS;
1087
1088 result = sddr09_send_scsi_command(us, command, 12);
1089 if (result)
1090 return result;
1091
1092 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1093 content, 64, NULL);
1094
1095 for (i = 0; i < 4; i++)
1096 deviceID[i] = content[i];
1097
1098 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1099}
1100
1101static int
1102sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1103 int result;
1104 unsigned char status;
1105 const char *wp_fmt;
1106
1107 result = sddr09_read_status(us, &status);
1108 if (result) {
1109 usb_stor_dbg(us, "read_status fails\n");
1110 return result;
1111 }
1112 if ((status & 0x80) == 0) {
1113 info->flags |= SDDR09_WP; /* write protected */
1114 wp_fmt = " WP";
1115 } else {
1116 wp_fmt = "";
1117 }
1118 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1119 status & 0x40 ? " Ready" : "",
1120 status & LUNBITS ? " Suspended" : "",
1121 status & 0x01 ? " Error" : "");
1122
1123 return 0;
1124}
1125
1126#if 0
1127/*
1128 * Reset Command: 12 bytes.
1129 * byte 0: opcode: EB
1130 */
1131static int
1132sddr09_reset(struct us_data *us) {
1133
1134 unsigned char *command = us->iobuf;
1135
1136 memset(command, 0, 12);
1137 command[0] = 0xEB;
1138 command[1] = LUNBITS;
1139
1140 return sddr09_send_scsi_command(us, command, 12);
1141}
1142#endif
1143
1144static struct nand_flash_dev *
1145sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1146 struct nand_flash_dev *cardinfo;
1147 unsigned char deviceID[4];
1148 char blurbtxt[256];
1149 int result;
1150
1151 usb_stor_dbg(us, "Reading capacity...\n");
1152
1153 result = sddr09_read_deviceID(us, deviceID);
1154
1155 if (result) {
1156 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1157 printk(KERN_WARNING "sddr09: could not read card info\n");
1158 return NULL;
1159 }
1160
1161 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1162
1163 /* Byte 0 is the manufacturer */
1164 sprintf(blurbtxt + strlen(blurbtxt),
1165 ": Manuf. %s",
1166 nand_flash_manufacturer(deviceID[0]));
1167
1168 /* Byte 1 is the device type */
1169 cardinfo = nand_find_id(deviceID[1]);
1170 if (cardinfo) {
1171 /* MB or MiB? It is neither. A 16 MB card has
1172 17301504 raw bytes, of which 16384000 are
1173 usable for user data. */
1174 sprintf(blurbtxt + strlen(blurbtxt),
1175 ", %d MB", 1<<(cardinfo->chipshift - 20));
1176 } else {
1177 sprintf(blurbtxt + strlen(blurbtxt),
1178 ", type unrecognized");
1179 }
1180
1181 /* Byte 2 is code to signal availability of 128-bit ID */
1182 if (deviceID[2] == 0xa5) {
1183 sprintf(blurbtxt + strlen(blurbtxt),
1184 ", 128-bit ID");
1185 }
1186
1187 /* Byte 3 announces the availability of another read ID command */
1188 if (deviceID[3] == 0xc0) {
1189 sprintf(blurbtxt + strlen(blurbtxt),
1190 ", extra cmd");
1191 }
1192
1193 if (flags & SDDR09_WP)
1194 sprintf(blurbtxt + strlen(blurbtxt),
1195 ", WP");
1196
1197 printk(KERN_WARNING "%s\n", blurbtxt);
1198
1199 return cardinfo;
1200}
1201
1202static int
1203sddr09_read_map(struct us_data *us) {
1204
1205 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1206 int numblocks, alloc_len, alloc_blocks;
1207 int i, j, result;
1208 unsigned char *buffer, *buffer_end, *ptr;
1209 unsigned int lba, lbact;
1210
1211 if (!info->capacity)
1212 return -1;
1213
1214 // size of a block is 1 << (blockshift + pageshift) bytes
1215 // divide into the total capacity to get the number of blocks
1216
1217 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1218
1219 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1220 // but only use a 64 KB buffer
1221 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1222#define SDDR09_READ_MAP_BUFSZ 65536
1223
1224 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1225 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1226 buffer = kmalloc(alloc_len, GFP_NOIO);
1227 if (buffer == NULL) {
1228 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1229 result = -1;
1230 goto done;
1231 }
1232 buffer_end = buffer + alloc_len;
1233
1234#undef SDDR09_READ_MAP_BUFSZ
1235
1236 kfree(info->lba_to_pba);
1237 kfree(info->pba_to_lba);
1238 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1239 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1240
1241 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1242 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1243 result = -1;
1244 goto done;
1245 }
1246
1247 for (i = 0; i < numblocks; i++)
1248 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1249
1250 /*
1251 * Define lba-pba translation table
1252 */
1253
1254 ptr = buffer_end;
1255 for (i = 0; i < numblocks; i++) {
1256 ptr += (1 << CONTROL_SHIFT);
1257 if (ptr >= buffer_end) {
1258 unsigned long address;
1259
1260 address = i << (info->pageshift + info->blockshift);
1261 result = sddr09_read_control(
1262 us, address>>1,
1263 min(alloc_blocks, numblocks - i),
1264 buffer, 0);
1265 if (result) {
1266 result = -1;
1267 goto done;
1268 }
1269 ptr = buffer;
1270 }
1271
1272 if (i == 0 || i == 1) {
1273 info->pba_to_lba[i] = UNUSABLE;
1274 continue;
1275 }
1276
1277 /* special PBAs have control field 0^16 */
1278 for (j = 0; j < 16; j++)
1279 if (ptr[j] != 0)
1280 goto nonz;
1281 info->pba_to_lba[i] = UNUSABLE;
1282 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1283 i);
1284 continue;
1285
1286 nonz:
1287 /* unwritten PBAs have control field FF^16 */
1288 for (j = 0; j < 16; j++)
1289 if (ptr[j] != 0xff)
1290 goto nonff;
1291 continue;
1292
1293 nonff:
1294 /* normal PBAs start with six FFs */
1295 if (j < 6) {
1296 printk(KERN_WARNING
1297 "sddr09: PBA %d has no logical mapping: "
1298 "reserved area = %02X%02X%02X%02X "
1299 "data status %02X block status %02X\n",
1300 i, ptr[0], ptr[1], ptr[2], ptr[3],
1301 ptr[4], ptr[5]);
1302 info->pba_to_lba[i] = UNUSABLE;
1303 continue;
1304 }
1305
1306 if ((ptr[6] >> 4) != 0x01) {
1307 printk(KERN_WARNING
1308 "sddr09: PBA %d has invalid address field "
1309 "%02X%02X/%02X%02X\n",
1310 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1311 info->pba_to_lba[i] = UNUSABLE;
1312 continue;
1313 }
1314
1315 /* check even parity */
1316 if (parity[ptr[6] ^ ptr[7]]) {
1317 printk(KERN_WARNING
1318 "sddr09: Bad parity in LBA for block %d"
1319 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1320 info->pba_to_lba[i] = UNUSABLE;
1321 continue;
1322 }
1323
1324 lba = short_pack(ptr[7], ptr[6]);
1325 lba = (lba & 0x07FF) >> 1;
1326
1327 /*
1328 * Every 1024 physical blocks ("zone"), the LBA numbers
1329 * go back to zero, but are within a higher block of LBA's.
1330 * Also, there is a maximum of 1000 LBA's per zone.
1331 * In other words, in PBA 1024-2047 you will find LBA 0-999
1332 * which are really LBA 1000-1999. This allows for 24 bad
1333 * or special physical blocks per zone.
1334 */
1335
1336 if (lba >= 1000) {
1337 printk(KERN_WARNING
1338 "sddr09: Bad low LBA %d for block %d\n",
1339 lba, i);
1340 goto possibly_erase;
1341 }
1342
1343 lba += 1000*(i/0x400);
1344
1345 if (info->lba_to_pba[lba] != UNDEF) {
1346 printk(KERN_WARNING
1347 "sddr09: LBA %d seen for PBA %d and %d\n",
1348 lba, info->lba_to_pba[lba], i);
1349 goto possibly_erase;
1350 }
1351
1352 info->pba_to_lba[i] = lba;
1353 info->lba_to_pba[lba] = i;
1354 continue;
1355
1356 possibly_erase:
1357 if (erase_bad_lba_entries) {
1358 unsigned long address;
1359
1360 address = (i << (info->pageshift + info->blockshift));
1361 sddr09_erase(us, address>>1);
1362 info->pba_to_lba[i] = UNDEF;
1363 } else
1364 info->pba_to_lba[i] = UNUSABLE;
1365 }
1366
1367 /*
1368 * Approximate capacity. This is not entirely correct yet,
1369 * since a zone with less than 1000 usable pages leads to
1370 * missing LBAs. Especially if it is the last zone, some
1371 * LBAs can be past capacity.
1372 */
1373 lbact = 0;
1374 for (i = 0; i < numblocks; i += 1024) {
1375 int ct = 0;
1376
1377 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1378 if (info->pba_to_lba[i+j] != UNUSABLE) {
1379 if (ct >= 1000)
1380 info->pba_to_lba[i+j] = SPARE;
1381 else
1382 ct++;
1383 }
1384 }
1385 lbact += ct;
1386 }
1387 info->lbact = lbact;
1388 usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1389 result = 0;
1390
1391 done:
1392 if (result != 0) {
1393 kfree(info->lba_to_pba);
1394 kfree(info->pba_to_lba);
1395 info->lba_to_pba = NULL;
1396 info->pba_to_lba = NULL;
1397 }
1398 kfree(buffer);
1399 return result;
1400}
1401
1402static void
1403sddr09_card_info_destructor(void *extra) {
1404 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1405
1406 if (!info)
1407 return;
1408
1409 kfree(info->lba_to_pba);
1410 kfree(info->pba_to_lba);
1411}
1412
1413static int
1414sddr09_common_init(struct us_data *us) {
1415 int result;
1416
1417 /* set the configuration -- STALL is an acceptable response here */
1418 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1419 usb_stor_dbg(us, "active config #%d != 1 ??\n",
1420 us->pusb_dev->actconfig->desc.bConfigurationValue);
1421 return -EINVAL;
1422 }
1423
1424 result = usb_reset_configuration(us->pusb_dev);
1425 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1426 if (result == -EPIPE) {
1427 usb_stor_dbg(us, "-- stall on control interface\n");
1428 } else if (result != 0) {
1429 /* it's not a stall, but another error -- time to bail */
1430 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n");
1431 return -EINVAL;
1432 }
1433
1434 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1435 if (!us->extra)
1436 return -ENOMEM;
1437 us->extra_destructor = sddr09_card_info_destructor;
1438
1439 nand_init_ecc();
1440 return 0;
1441}
1442
1443
1444/*
1445 * This is needed at a very early stage. If this is not listed in the
1446 * unusual devices list but called from here then LUN 0 of the combo reader
1447 * is not recognized. But I do not know what precisely these calls do.
1448 */
1449static int
1450usb_stor_sddr09_dpcm_init(struct us_data *us) {
1451 int result;
1452 unsigned char *data = us->iobuf;
1453
1454 result = sddr09_common_init(us);
1455 if (result)
1456 return result;
1457
1458 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1459 if (result) {
1460 usb_stor_dbg(us, "send_command fails\n");
1461 return result;
1462 }
1463
1464 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1465 // get 07 02
1466
1467 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1468 if (result) {
1469 usb_stor_dbg(us, "2nd send_command fails\n");
1470 return result;
1471 }
1472
1473 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1474 // get 07 00
1475
1476 result = sddr09_request_sense(us, data, 18);
1477 if (result == 0 && data[2] != 0) {
1478 int j;
1479 for (j=0; j<18; j++)
1480 printk(" %02X", data[j]);
1481 printk("\n");
1482 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1483 // 70: current command
1484 // sense key 0, sense code 0, extd sense code 0
1485 // additional transfer length * = sizeof(data) - 7
1486 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1487 // sense key 06, sense code 28: unit attention,
1488 // not ready to ready transition
1489 }
1490
1491 // test unit ready
1492
1493 return 0; /* not result */
1494}
1495
1496/*
1497 * Transport for the Microtech DPCM-USB
1498 */
1499static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1500{
1501 int ret;
1502
1503 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1504
1505 switch (srb->device->lun) {
1506 case 0:
1507
1508 /*
1509 * LUN 0 corresponds to the CompactFlash card reader.
1510 */
1511 ret = usb_stor_CB_transport(srb, us);
1512 break;
1513
1514 case 1:
1515
1516 /*
1517 * LUN 1 corresponds to the SmartMedia card reader.
1518 */
1519
1520 /*
1521 * Set the LUN to 0 (just in case).
1522 */
1523 srb->device->lun = 0;
1524 ret = sddr09_transport(srb, us);
1525 srb->device->lun = 1;
1526 break;
1527
1528 default:
1529 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1530 ret = USB_STOR_TRANSPORT_ERROR;
1531 break;
1532 }
1533 return ret;
1534}
1535
1536
1537/*
1538 * Transport for the Sandisk SDDR-09
1539 */
1540static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1541{
1542 static unsigned char sensekey = 0, sensecode = 0;
1543 static unsigned char havefakesense = 0;
1544 int result, i;
1545 unsigned char *ptr = us->iobuf;
1546 unsigned long capacity;
1547 unsigned int page, pages;
1548
1549 struct sddr09_card_info *info;
1550
1551 static unsigned char inquiry_response[8] = {
1552 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1553 };
1554
1555 /* note: no block descriptor support */
1556 static unsigned char mode_page_01[19] = {
1557 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1558 0x01, 0x0A,
1559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1560 };
1561
1562 info = (struct sddr09_card_info *)us->extra;
1563
1564 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1565 /* for a faked command, we have to follow with a faked sense */
1566 memset(ptr, 0, 18);
1567 ptr[0] = 0x70;
1568 ptr[2] = sensekey;
1569 ptr[7] = 11;
1570 ptr[12] = sensecode;
1571 usb_stor_set_xfer_buf(ptr, 18, srb);
1572 sensekey = sensecode = havefakesense = 0;
1573 return USB_STOR_TRANSPORT_GOOD;
1574 }
1575
1576 havefakesense = 1;
1577
1578 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1579 respond to INQUIRY commands */
1580
1581 if (srb->cmnd[0] == INQUIRY) {
1582 memcpy(ptr, inquiry_response, 8);
1583 fill_inquiry_response(us, ptr, 36);
1584 return USB_STOR_TRANSPORT_GOOD;
1585 }
1586
1587 if (srb->cmnd[0] == READ_CAPACITY) {
1588 struct nand_flash_dev *cardinfo;
1589
1590 sddr09_get_wp(us, info); /* read WP bit */
1591
1592 cardinfo = sddr09_get_cardinfo(us, info->flags);
1593 if (!cardinfo) {
1594 /* probably no media */
1595 init_error:
1596 sensekey = 0x02; /* not ready */
1597 sensecode = 0x3a; /* medium not present */
1598 return USB_STOR_TRANSPORT_FAILED;
1599 }
1600
1601 info->capacity = (1 << cardinfo->chipshift);
1602 info->pageshift = cardinfo->pageshift;
1603 info->pagesize = (1 << info->pageshift);
1604 info->blockshift = cardinfo->blockshift;
1605 info->blocksize = (1 << info->blockshift);
1606 info->blockmask = info->blocksize - 1;
1607
1608 // map initialization, must follow get_cardinfo()
1609 if (sddr09_read_map(us)) {
1610 /* probably out of memory */
1611 goto init_error;
1612 }
1613
1614 // Report capacity
1615
1616 capacity = (info->lbact << info->blockshift) - 1;
1617
1618 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1619
1620 // Report page size
1621
1622 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1623 usb_stor_set_xfer_buf(ptr, 8, srb);
1624
1625 return USB_STOR_TRANSPORT_GOOD;
1626 }
1627
1628 if (srb->cmnd[0] == MODE_SENSE_10) {
1629 int modepage = (srb->cmnd[2] & 0x3F);
1630
1631 /* They ask for the Read/Write error recovery page,
1632 or for all pages. */
1633 /* %% We should check DBD %% */
1634 if (modepage == 0x01 || modepage == 0x3F) {
1635 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636 modepage);
1637
1638 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642 return USB_STOR_TRANSPORT_GOOD;
1643 }
1644
1645 sensekey = 0x05; /* illegal request */
1646 sensecode = 0x24; /* invalid field in CDB */
1647 return USB_STOR_TRANSPORT_FAILED;
1648 }
1649
1650 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651 return USB_STOR_TRANSPORT_GOOD;
1652
1653 havefakesense = 0;
1654
1655 if (srb->cmnd[0] == READ_10) {
1656
1657 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658 page <<= 16;
1659 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661
1662 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663 page, pages);
1664
1665 result = sddr09_read_data(us, page, pages);
1666 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667 USB_STOR_TRANSPORT_ERROR);
1668 }
1669
1670 if (srb->cmnd[0] == WRITE_10) {
1671
1672 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 page <<= 16;
1674 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676
1677 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678 page, pages);
1679
1680 result = sddr09_write_data(us, page, pages);
1681 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 USB_STOR_TRANSPORT_ERROR);
1683 }
1684
1685 /* catch-all for all other commands, except
1686 * pass TEST_UNIT_READY and REQUEST_SENSE through
1687 */
1688 if (srb->cmnd[0] != TEST_UNIT_READY &&
1689 srb->cmnd[0] != REQUEST_SENSE) {
1690 sensekey = 0x05; /* illegal request */
1691 sensecode = 0x20; /* invalid command */
1692 havefakesense = 1;
1693 return USB_STOR_TRANSPORT_FAILED;
1694 }
1695
1696 for (; srb->cmd_len<12; srb->cmd_len++)
1697 srb->cmnd[srb->cmd_len] = 0;
1698
1699 srb->cmnd[1] = LUNBITS;
1700
1701 ptr[0] = 0;
1702 for (i=0; i<12; i++)
1703 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1704
1705 usb_stor_dbg(us, "Send control for command %s\n", ptr);
1706
1707 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1708 if (result) {
1709 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1710 result);
1711 return USB_STOR_TRANSPORT_ERROR;
1712 }
1713
1714 if (scsi_bufflen(srb) == 0)
1715 return USB_STOR_TRANSPORT_GOOD;
1716
1717 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1718 srb->sc_data_direction == DMA_FROM_DEVICE) {
1719 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1720 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1721
1722 usb_stor_dbg(us, "%s %d bytes\n",
1723 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1724 "sending" : "receiving",
1725 scsi_bufflen(srb));
1726
1727 result = usb_stor_bulk_srb(us, pipe, srb);
1728
1729 return (result == USB_STOR_XFER_GOOD ?
1730 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1731 }
1732
1733 return USB_STOR_TRANSPORT_GOOD;
1734}
1735
1736/*
1737 * Initialization routine for the sddr09 subdriver
1738 */
1739static int
1740usb_stor_sddr09_init(struct us_data *us) {
1741 return sddr09_common_init(us);
1742}
1743
1744static struct scsi_host_template sddr09_host_template;
1745
1746static int sddr09_probe(struct usb_interface *intf,
1747 const struct usb_device_id *id)
1748{
1749 struct us_data *us;
1750 int result;
1751
1752 result = usb_stor_probe1(&us, intf, id,
1753 (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1754 &sddr09_host_template);
1755 if (result)
1756 return result;
1757
1758 if (us->protocol == USB_PR_DPCM_USB) {
1759 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1760 us->transport = dpcm_transport;
1761 us->transport_reset = usb_stor_CB_reset;
1762 us->max_lun = 1;
1763 } else {
1764 us->transport_name = "EUSB/SDDR09";
1765 us->transport = sddr09_transport;
1766 us->transport_reset = usb_stor_CB_reset;
1767 us->max_lun = 0;
1768 }
1769
1770 result = usb_stor_probe2(us);
1771 return result;
1772}
1773
1774static struct usb_driver sddr09_driver = {
1775 .name = DRV_NAME,
1776 .probe = sddr09_probe,
1777 .disconnect = usb_stor_disconnect,
1778 .suspend = usb_stor_suspend,
1779 .resume = usb_stor_resume,
1780 .reset_resume = usb_stor_reset_resume,
1781 .pre_reset = usb_stor_pre_reset,
1782 .post_reset = usb_stor_post_reset,
1783 .id_table = sddr09_usb_ids,
1784 .soft_unbind = 1,
1785 .no_dynamic_id = 1,
1786};
1787
1788module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1/* Driver for SanDisk SDDR-09 SmartMedia reader
2 *
3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
5 * Developed with the assistance of:
6 * (c) 2002 Alan Stern <stern@rowland.org>
7 *
8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9 * This chip is a programmable USB controller. In the SDDR-09, it has
10 * been programmed to obey a certain limited set of SCSI commands.
11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12 * commands.
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2, or (at your option) any
17 * later version.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation, Inc.,
26 * 675 Mass Ave, Cambridge, MA 02139, USA.
27 */
28
29/*
30 * Known vendor commands: 12 bytes, first byte is opcode
31 *
32 * E7: read scatter gather
33 * E8: read
34 * E9: write
35 * EA: erase
36 * EB: reset
37 * EC: read status
38 * ED: read ID
39 * EE: write CIS (?)
40 * EF: compute checksum (?)
41 */
42
43#include <linux/errno.h>
44#include <linux/module.h>
45#include <linux/slab.h>
46
47#include <scsi/scsi.h>
48#include <scsi/scsi_cmnd.h>
49#include <scsi/scsi_device.h>
50
51#include "usb.h"
52#include "transport.h"
53#include "protocol.h"
54#include "debug.h"
55
56MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
57MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
58MODULE_LICENSE("GPL");
59
60static int usb_stor_sddr09_dpcm_init(struct us_data *us);
61static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
62static int usb_stor_sddr09_init(struct us_data *us);
63
64
65/*
66 * The table of devices
67 */
68#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
69 vendorName, productName, useProtocol, useTransport, \
70 initFunction, flags) \
71{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
72 .driver_info = (flags) }
73
74static struct usb_device_id sddr09_usb_ids[] = {
75# include "unusual_sddr09.h"
76 { } /* Terminating entry */
77};
78MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
79
80#undef UNUSUAL_DEV
81
82/*
83 * The flags table
84 */
85#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
86 vendor_name, product_name, use_protocol, use_transport, \
87 init_function, Flags) \
88{ \
89 .vendorName = vendor_name, \
90 .productName = product_name, \
91 .useProtocol = use_protocol, \
92 .useTransport = use_transport, \
93 .initFunction = init_function, \
94}
95
96static struct us_unusual_dev sddr09_unusual_dev_list[] = {
97# include "unusual_sddr09.h"
98 { } /* Terminating entry */
99};
100
101#undef UNUSUAL_DEV
102
103
104#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
105#define LSB_of(s) ((s)&0xFF)
106#define MSB_of(s) ((s)>>8)
107
108/*
109 * First some stuff that does not belong here:
110 * data on SmartMedia and other cards, completely
111 * unrelated to this driver.
112 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
113 */
114
115struct nand_flash_dev {
116 int model_id;
117 int chipshift; /* 1<<cs bytes total capacity */
118 char pageshift; /* 1<<ps bytes in a page */
119 char blockshift; /* 1<<bs pages in an erase block */
120 char zoneshift; /* 1<<zs blocks in a zone */
121 /* # of logical blocks is 125/128 of this */
122 char pageadrlen; /* length of an address in bytes - 1 */
123};
124
125/*
126 * NAND Flash Manufacturer ID Codes
127 */
128#define NAND_MFR_AMD 0x01
129#define NAND_MFR_NATSEMI 0x8f
130#define NAND_MFR_TOSHIBA 0x98
131#define NAND_MFR_SAMSUNG 0xec
132
133static inline char *nand_flash_manufacturer(int manuf_id) {
134 switch(manuf_id) {
135 case NAND_MFR_AMD:
136 return "AMD";
137 case NAND_MFR_NATSEMI:
138 return "NATSEMI";
139 case NAND_MFR_TOSHIBA:
140 return "Toshiba";
141 case NAND_MFR_SAMSUNG:
142 return "Samsung";
143 default:
144 return "unknown";
145 }
146}
147
148/*
149 * It looks like it is unnecessary to attach manufacturer to the
150 * remaining data: SSFDC prescribes manufacturer-independent id codes.
151 *
152 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
153 */
154
155static struct nand_flash_dev nand_flash_ids[] = {
156 /* NAND flash */
157 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
158 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
159 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
160 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
161 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
162 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
163 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
164 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
165 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
166 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
167 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
168 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
169 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
170
171 /* MASK ROM */
172 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
173 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
174 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
175 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
176 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
177 { 0,}
178};
179
180static struct nand_flash_dev *
181nand_find_id(unsigned char id) {
182 int i;
183
184 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
185 if (nand_flash_ids[i].model_id == id)
186 return &(nand_flash_ids[i]);
187 return NULL;
188}
189
190/*
191 * ECC computation.
192 */
193static unsigned char parity[256];
194static unsigned char ecc2[256];
195
196static void nand_init_ecc(void) {
197 int i, j, a;
198
199 parity[0] = 0;
200 for (i = 1; i < 256; i++)
201 parity[i] = (parity[i&(i-1)] ^ 1);
202
203 for (i = 0; i < 256; i++) {
204 a = 0;
205 for (j = 0; j < 8; j++) {
206 if (i & (1<<j)) {
207 if ((j & 1) == 0)
208 a ^= 0x04;
209 if ((j & 2) == 0)
210 a ^= 0x10;
211 if ((j & 4) == 0)
212 a ^= 0x40;
213 }
214 }
215 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
216 }
217}
218
219/* compute 3-byte ecc on 256 bytes */
220static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
221 int i, j, a;
222 unsigned char par = 0, bit, bits[8] = {0};
223
224 /* collect 16 checksum bits */
225 for (i = 0; i < 256; i++) {
226 par ^= data[i];
227 bit = parity[data[i]];
228 for (j = 0; j < 8; j++)
229 if ((i & (1<<j)) == 0)
230 bits[j] ^= bit;
231 }
232
233 /* put 4+4+4 = 12 bits in the ecc */
234 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
235 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
236
237 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
238 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
239
240 ecc[2] = ecc2[par];
241}
242
243static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
244 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
245}
246
247static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
248 memcpy(data, ecc, 3);
249}
250
251/*
252 * The actual driver starts here.
253 */
254
255struct sddr09_card_info {
256 unsigned long capacity; /* Size of card in bytes */
257 int pagesize; /* Size of page in bytes */
258 int pageshift; /* log2 of pagesize */
259 int blocksize; /* Size of block in pages */
260 int blockshift; /* log2 of blocksize */
261 int blockmask; /* 2^blockshift - 1 */
262 int *lba_to_pba; /* logical to physical map */
263 int *pba_to_lba; /* physical to logical map */
264 int lbact; /* number of available pages */
265 int flags;
266#define SDDR09_WP 1 /* write protected */
267};
268
269/*
270 * On my 16MB card, control blocks have size 64 (16 real control bytes,
271 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
272 * so the reader makes up the remaining 48. Don't know whether these numbers
273 * depend on the card. For now a constant.
274 */
275#define CONTROL_SHIFT 6
276
277/*
278 * On my Combo CF/SM reader, the SM reader has LUN 1.
279 * (and things fail with LUN 0).
280 * It seems LUN is irrelevant for others.
281 */
282#define LUN 1
283#define LUNBITS (LUN << 5)
284
285/*
286 * LBA and PBA are unsigned ints. Special values.
287 */
288#define UNDEF 0xffffffff
289#define SPARE 0xfffffffe
290#define UNUSABLE 0xfffffffd
291
292static const int erase_bad_lba_entries = 0;
293
294/* send vendor interface command (0x41) */
295/* called for requests 0, 1, 8 */
296static int
297sddr09_send_command(struct us_data *us,
298 unsigned char request,
299 unsigned char direction,
300 unsigned char *xfer_data,
301 unsigned int xfer_len) {
302 unsigned int pipe;
303 unsigned char requesttype = (0x41 | direction);
304 int rc;
305
306 // Get the receive or send control pipe number
307
308 if (direction == USB_DIR_IN)
309 pipe = us->recv_ctrl_pipe;
310 else
311 pipe = us->send_ctrl_pipe;
312
313 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
314 0, 0, xfer_data, xfer_len);
315 switch (rc) {
316 case USB_STOR_XFER_GOOD: return 0;
317 case USB_STOR_XFER_STALLED: return -EPIPE;
318 default: return -EIO;
319 }
320}
321
322static int
323sddr09_send_scsi_command(struct us_data *us,
324 unsigned char *command,
325 unsigned int command_len) {
326 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
327}
328
329#if 0
330/*
331 * Test Unit Ready Command: 12 bytes.
332 * byte 0: opcode: 00
333 */
334static int
335sddr09_test_unit_ready(struct us_data *us) {
336 unsigned char *command = us->iobuf;
337 int result;
338
339 memset(command, 0, 6);
340 command[1] = LUNBITS;
341
342 result = sddr09_send_scsi_command(us, command, 6);
343
344 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
345
346 return result;
347}
348#endif
349
350/*
351 * Request Sense Command: 12 bytes.
352 * byte 0: opcode: 03
353 * byte 4: data length
354 */
355static int
356sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
357 unsigned char *command = us->iobuf;
358 int result;
359
360 memset(command, 0, 12);
361 command[0] = 0x03;
362 command[1] = LUNBITS;
363 command[4] = buflen;
364
365 result = sddr09_send_scsi_command(us, command, 12);
366 if (result)
367 return result;
368
369 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
370 sensebuf, buflen, NULL);
371 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
372}
373
374/*
375 * Read Command: 12 bytes.
376 * byte 0: opcode: E8
377 * byte 1: last two bits: 00: read data, 01: read blockwise control,
378 * 10: read both, 11: read pagewise control.
379 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
380 * bytes 2-5: address (interpretation depends on byte 1, see below)
381 * bytes 10-11: count (idem)
382 *
383 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
384 * A read data command gets data in 512-byte pages.
385 * A read control command gets control in 64-byte chunks.
386 * A read both command gets data+control in 576-byte chunks.
387 *
388 * Blocks are groups of 32 pages, and read blockwise control jumps to the
389 * next block, while read pagewise control jumps to the next page after
390 * reading a group of 64 control bytes.
391 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
392 *
393 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
394 */
395
396static int
397sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
398 int nr_of_pages, int bulklen, unsigned char *buf,
399 int use_sg) {
400
401 unsigned char *command = us->iobuf;
402 int result;
403
404 command[0] = 0xE8;
405 command[1] = LUNBITS | x;
406 command[2] = MSB_of(fromaddress>>16);
407 command[3] = LSB_of(fromaddress>>16);
408 command[4] = MSB_of(fromaddress & 0xFFFF);
409 command[5] = LSB_of(fromaddress & 0xFFFF);
410 command[6] = 0;
411 command[7] = 0;
412 command[8] = 0;
413 command[9] = 0;
414 command[10] = MSB_of(nr_of_pages);
415 command[11] = LSB_of(nr_of_pages);
416
417 result = sddr09_send_scsi_command(us, command, 12);
418
419 if (result) {
420 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
421 x, result);
422 return result;
423 }
424
425 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
426 buf, bulklen, use_sg, NULL);
427
428 if (result != USB_STOR_XFER_GOOD) {
429 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
430 x, result);
431 return -EIO;
432 }
433 return 0;
434}
435
436/*
437 * Read Data
438 *
439 * fromaddress counts data shorts:
440 * increasing it by 256 shifts the bytestream by 512 bytes;
441 * the last 8 bits are ignored.
442 *
443 * nr_of_pages counts pages of size (1 << pageshift).
444 */
445static int
446sddr09_read20(struct us_data *us, unsigned long fromaddress,
447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
448 int bulklen = nr_of_pages << pageshift;
449
450 /* The last 8 bits of fromaddress are ignored. */
451 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
452 buf, use_sg);
453}
454
455/*
456 * Read Blockwise Control
457 *
458 * fromaddress gives the starting position (as in read data;
459 * the last 8 bits are ignored); increasing it by 32*256 shifts
460 * the output stream by 64 bytes.
461 *
462 * count counts control groups of size (1 << controlshift).
463 * For me, controlshift = 6. Is this constant?
464 *
465 * After getting one control group, jump to the next block
466 * (fromaddress += 8192).
467 */
468static int
469sddr09_read21(struct us_data *us, unsigned long fromaddress,
470 int count, int controlshift, unsigned char *buf, int use_sg) {
471
472 int bulklen = (count << controlshift);
473 return sddr09_readX(us, 1, fromaddress, count, bulklen,
474 buf, use_sg);
475}
476
477/*
478 * Read both Data and Control
479 *
480 * fromaddress counts data shorts, ignoring control:
481 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
482 * the last 8 bits are ignored.
483 *
484 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
485 */
486static int
487sddr09_read22(struct us_data *us, unsigned long fromaddress,
488 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
489
490 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
491 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
492 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
493 buf, use_sg);
494}
495
496#if 0
497/*
498 * Read Pagewise Control
499 *
500 * fromaddress gives the starting position (as in read data;
501 * the last 8 bits are ignored); increasing it by 256 shifts
502 * the output stream by 64 bytes.
503 *
504 * count counts control groups of size (1 << controlshift).
505 * For me, controlshift = 6. Is this constant?
506 *
507 * After getting one control group, jump to the next page
508 * (fromaddress += 256).
509 */
510static int
511sddr09_read23(struct us_data *us, unsigned long fromaddress,
512 int count, int controlshift, unsigned char *buf, int use_sg) {
513
514 int bulklen = (count << controlshift);
515 return sddr09_readX(us, 3, fromaddress, count, bulklen,
516 buf, use_sg);
517}
518#endif
519
520/*
521 * Erase Command: 12 bytes.
522 * byte 0: opcode: EA
523 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
524 *
525 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
526 * The byte address being erased is 2*Eaddress.
527 * The CIS cannot be erased.
528 */
529static int
530sddr09_erase(struct us_data *us, unsigned long Eaddress) {
531 unsigned char *command = us->iobuf;
532 int result;
533
534 usb_stor_dbg(us, "erase address %lu\n", Eaddress);
535
536 memset(command, 0, 12);
537 command[0] = 0xEA;
538 command[1] = LUNBITS;
539 command[6] = MSB_of(Eaddress>>16);
540 command[7] = LSB_of(Eaddress>>16);
541 command[8] = MSB_of(Eaddress & 0xFFFF);
542 command[9] = LSB_of(Eaddress & 0xFFFF);
543
544 result = sddr09_send_scsi_command(us, command, 12);
545
546 if (result)
547 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
548 result);
549
550 return result;
551}
552
553/*
554 * Write CIS Command: 12 bytes.
555 * byte 0: opcode: EE
556 * bytes 2-5: write address in shorts
557 * bytes 10-11: sector count
558 *
559 * This writes at the indicated address. Don't know how it differs
560 * from E9. Maybe it does not erase? However, it will also write to
561 * the CIS.
562 *
563 * When two such commands on the same page follow each other directly,
564 * the second one is not done.
565 */
566
567/*
568 * Write Command: 12 bytes.
569 * byte 0: opcode: E9
570 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
571 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
572 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
573 *
574 * If write address equals erase address, the erase is done first,
575 * otherwise the write is done first. When erase address equals zero
576 * no erase is done?
577 */
578static int
579sddr09_writeX(struct us_data *us,
580 unsigned long Waddress, unsigned long Eaddress,
581 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
582
583 unsigned char *command = us->iobuf;
584 int result;
585
586 command[0] = 0xE9;
587 command[1] = LUNBITS;
588
589 command[2] = MSB_of(Waddress>>16);
590 command[3] = LSB_of(Waddress>>16);
591 command[4] = MSB_of(Waddress & 0xFFFF);
592 command[5] = LSB_of(Waddress & 0xFFFF);
593
594 command[6] = MSB_of(Eaddress>>16);
595 command[7] = LSB_of(Eaddress>>16);
596 command[8] = MSB_of(Eaddress & 0xFFFF);
597 command[9] = LSB_of(Eaddress & 0xFFFF);
598
599 command[10] = MSB_of(nr_of_pages);
600 command[11] = LSB_of(nr_of_pages);
601
602 result = sddr09_send_scsi_command(us, command, 12);
603
604 if (result) {
605 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
606 result);
607 return result;
608 }
609
610 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
611 buf, bulklen, use_sg, NULL);
612
613 if (result != USB_STOR_XFER_GOOD) {
614 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
615 result);
616 return -EIO;
617 }
618 return 0;
619}
620
621/* erase address, write same address */
622static int
623sddr09_write_inplace(struct us_data *us, unsigned long address,
624 int nr_of_pages, int pageshift, unsigned char *buf,
625 int use_sg) {
626 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
627 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
628 buf, use_sg);
629}
630
631#if 0
632/*
633 * Read Scatter Gather Command: 3+4n bytes.
634 * byte 0: opcode E7
635 * byte 2: n
636 * bytes 4i-1,4i,4i+1: page address
637 * byte 4i+2: page count
638 * (i=1..n)
639 *
640 * This reads several pages from the card to a single memory buffer.
641 * The last two bits of byte 1 have the same meaning as for E8.
642 */
643static int
644sddr09_read_sg_test_only(struct us_data *us) {
645 unsigned char *command = us->iobuf;
646 int result, bulklen, nsg, ct;
647 unsigned char *buf;
648 unsigned long address;
649
650 nsg = bulklen = 0;
651 command[0] = 0xE7;
652 command[1] = LUNBITS;
653 command[2] = 0;
654 address = 040000; ct = 1;
655 nsg++;
656 bulklen += (ct << 9);
657 command[4*nsg+2] = ct;
658 command[4*nsg+1] = ((address >> 9) & 0xFF);
659 command[4*nsg+0] = ((address >> 17) & 0xFF);
660 command[4*nsg-1] = ((address >> 25) & 0xFF);
661
662 address = 0340000; ct = 1;
663 nsg++;
664 bulklen += (ct << 9);
665 command[4*nsg+2] = ct;
666 command[4*nsg+1] = ((address >> 9) & 0xFF);
667 command[4*nsg+0] = ((address >> 17) & 0xFF);
668 command[4*nsg-1] = ((address >> 25) & 0xFF);
669
670 address = 01000000; ct = 2;
671 nsg++;
672 bulklen += (ct << 9);
673 command[4*nsg+2] = ct;
674 command[4*nsg+1] = ((address >> 9) & 0xFF);
675 command[4*nsg+0] = ((address >> 17) & 0xFF);
676 command[4*nsg-1] = ((address >> 25) & 0xFF);
677
678 command[2] = nsg;
679
680 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
681
682 if (result) {
683 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
684 result);
685 return result;
686 }
687
688 buf = kmalloc(bulklen, GFP_NOIO);
689 if (!buf)
690 return -ENOMEM;
691
692 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
693 buf, bulklen, NULL);
694 kfree(buf);
695 if (result != USB_STOR_XFER_GOOD) {
696 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
697 result);
698 return -EIO;
699 }
700
701 return 0;
702}
703#endif
704
705/*
706 * Read Status Command: 12 bytes.
707 * byte 0: opcode: EC
708 *
709 * Returns 64 bytes, all zero except for the first.
710 * bit 0: 1: Error
711 * bit 5: 1: Suspended
712 * bit 6: 1: Ready
713 * bit 7: 1: Not write-protected
714 */
715
716static int
717sddr09_read_status(struct us_data *us, unsigned char *status) {
718
719 unsigned char *command = us->iobuf;
720 unsigned char *data = us->iobuf;
721 int result;
722
723 usb_stor_dbg(us, "Reading status...\n");
724
725 memset(command, 0, 12);
726 command[0] = 0xEC;
727 command[1] = LUNBITS;
728
729 result = sddr09_send_scsi_command(us, command, 12);
730 if (result)
731 return result;
732
733 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
734 data, 64, NULL);
735 *status = data[0];
736 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
737}
738
739static int
740sddr09_read_data(struct us_data *us,
741 unsigned long address,
742 unsigned int sectors) {
743
744 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
745 unsigned char *buffer;
746 unsigned int lba, maxlba, pba;
747 unsigned int page, pages;
748 unsigned int len, offset;
749 struct scatterlist *sg;
750 int result;
751
752 // Figure out the initial LBA and page
753 lba = address >> info->blockshift;
754 page = (address & info->blockmask);
755 maxlba = info->capacity >> (info->pageshift + info->blockshift);
756 if (lba >= maxlba)
757 return -EIO;
758
759 // Since we only read in one block at a time, we have to create
760 // a bounce buffer and move the data a piece at a time between the
761 // bounce buffer and the actual transfer buffer.
762
763 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
764 buffer = kmalloc(len, GFP_NOIO);
765 if (buffer == NULL) {
766 printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
767 return -ENOMEM;
768 }
769
770 // This could be made much more efficient by checking for
771 // contiguous LBA's. Another exercise left to the student.
772
773 result = 0;
774 offset = 0;
775 sg = NULL;
776
777 while (sectors > 0) {
778
779 /* Find number of pages we can read in this block */
780 pages = min(sectors, info->blocksize - page);
781 len = pages << info->pageshift;
782
783 /* Not overflowing capacity? */
784 if (lba >= maxlba) {
785 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
786 lba, maxlba);
787 result = -EIO;
788 break;
789 }
790
791 /* Find where this lba lives on disk */
792 pba = info->lba_to_pba[lba];
793
794 if (pba == UNDEF) { /* this lba was never written */
795
796 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
797 pages, lba, page);
798
799 /* This is not really an error. It just means
800 that the block has never been written.
801 Instead of returning an error
802 it is better to return all zero data. */
803
804 memset(buffer, 0, len);
805
806 } else {
807 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
808 pages, pba, lba, page);
809
810 address = ((pba << info->blockshift) + page) <<
811 info->pageshift;
812
813 result = sddr09_read20(us, address>>1,
814 pages, info->pageshift, buffer, 0);
815 if (result)
816 break;
817 }
818
819 // Store the data in the transfer buffer
820 usb_stor_access_xfer_buf(buffer, len, us->srb,
821 &sg, &offset, TO_XFER_BUF);
822
823 page = 0;
824 lba++;
825 sectors -= pages;
826 }
827
828 kfree(buffer);
829 return result;
830}
831
832static unsigned int
833sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
834 static unsigned int lastpba = 1;
835 int zonestart, end, i;
836
837 zonestart = (lba/1000) << 10;
838 end = info->capacity >> (info->blockshift + info->pageshift);
839 end -= zonestart;
840 if (end > 1024)
841 end = 1024;
842
843 for (i = lastpba+1; i < end; i++) {
844 if (info->pba_to_lba[zonestart+i] == UNDEF) {
845 lastpba = i;
846 return zonestart+i;
847 }
848 }
849 for (i = 0; i <= lastpba; i++) {
850 if (info->pba_to_lba[zonestart+i] == UNDEF) {
851 lastpba = i;
852 return zonestart+i;
853 }
854 }
855 return 0;
856}
857
858static int
859sddr09_write_lba(struct us_data *us, unsigned int lba,
860 unsigned int page, unsigned int pages,
861 unsigned char *ptr, unsigned char *blockbuffer) {
862
863 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
864 unsigned long address;
865 unsigned int pba, lbap;
866 unsigned int pagelen;
867 unsigned char *bptr, *cptr, *xptr;
868 unsigned char ecc[3];
869 int i, result, isnew;
870
871 lbap = ((lba % 1000) << 1) | 0x1000;
872 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
873 lbap ^= 1;
874 pba = info->lba_to_pba[lba];
875 isnew = 0;
876
877 if (pba == UNDEF) {
878 pba = sddr09_find_unused_pba(info, lba);
879 if (!pba) {
880 printk(KERN_WARNING
881 "sddr09_write_lba: Out of unused blocks\n");
882 return -ENOSPC;
883 }
884 info->pba_to_lba[pba] = lba;
885 info->lba_to_pba[lba] = pba;
886 isnew = 1;
887 }
888
889 if (pba == 1) {
890 /* Maybe it is impossible to write to PBA 1.
891 Fake success, but don't do anything. */
892 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
893 return 0;
894 }
895
896 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
897
898 /* read old contents */
899 address = (pba << (info->pageshift + info->blockshift));
900 result = sddr09_read22(us, address>>1, info->blocksize,
901 info->pageshift, blockbuffer, 0);
902 if (result)
903 return result;
904
905 /* check old contents and fill lba */
906 for (i = 0; i < info->blocksize; i++) {
907 bptr = blockbuffer + i*pagelen;
908 cptr = bptr + info->pagesize;
909 nand_compute_ecc(bptr, ecc);
910 if (!nand_compare_ecc(cptr+13, ecc)) {
911 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
912 i, pba);
913 nand_store_ecc(cptr+13, ecc);
914 }
915 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
916 if (!nand_compare_ecc(cptr+8, ecc)) {
917 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
918 i, pba);
919 nand_store_ecc(cptr+8, ecc);
920 }
921 cptr[6] = cptr[11] = MSB_of(lbap);
922 cptr[7] = cptr[12] = LSB_of(lbap);
923 }
924
925 /* copy in new stuff and compute ECC */
926 xptr = ptr;
927 for (i = page; i < page+pages; i++) {
928 bptr = blockbuffer + i*pagelen;
929 cptr = bptr + info->pagesize;
930 memcpy(bptr, xptr, info->pagesize);
931 xptr += info->pagesize;
932 nand_compute_ecc(bptr, ecc);
933 nand_store_ecc(cptr+13, ecc);
934 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
935 nand_store_ecc(cptr+8, ecc);
936 }
937
938 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
939
940 result = sddr09_write_inplace(us, address>>1, info->blocksize,
941 info->pageshift, blockbuffer, 0);
942
943 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
944
945#if 0
946 {
947 unsigned char status = 0;
948 int result2 = sddr09_read_status(us, &status);
949 if (result2)
950 usb_stor_dbg(us, "cannot read status\n");
951 else if (status != 0xc0)
952 usb_stor_dbg(us, "status after write: 0x%x\n", status);
953 }
954#endif
955
956#if 0
957 {
958 int result2 = sddr09_test_unit_ready(us);
959 }
960#endif
961
962 return result;
963}
964
965static int
966sddr09_write_data(struct us_data *us,
967 unsigned long address,
968 unsigned int sectors) {
969
970 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
971 unsigned int lba, maxlba, page, pages;
972 unsigned int pagelen, blocklen;
973 unsigned char *blockbuffer;
974 unsigned char *buffer;
975 unsigned int len, offset;
976 struct scatterlist *sg;
977 int result;
978
979 // Figure out the initial LBA and page
980 lba = address >> info->blockshift;
981 page = (address & info->blockmask);
982 maxlba = info->capacity >> (info->pageshift + info->blockshift);
983 if (lba >= maxlba)
984 return -EIO;
985
986 // blockbuffer is used for reading in the old data, overwriting
987 // with the new data, and performing ECC calculations
988
989 /* TODO: instead of doing kmalloc/kfree for each write,
990 add a bufferpointer to the info structure */
991
992 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
993 blocklen = (pagelen << info->blockshift);
994 blockbuffer = kmalloc(blocklen, GFP_NOIO);
995 if (!blockbuffer) {
996 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
997 return -ENOMEM;
998 }
999
1000 // Since we don't write the user data directly to the device,
1001 // we have to create a bounce buffer and move the data a piece
1002 // at a time between the bounce buffer and the actual transfer buffer.
1003
1004 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1005 buffer = kmalloc(len, GFP_NOIO);
1006 if (buffer == NULL) {
1007 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1008 kfree(blockbuffer);
1009 return -ENOMEM;
1010 }
1011
1012 result = 0;
1013 offset = 0;
1014 sg = NULL;
1015
1016 while (sectors > 0) {
1017
1018 // Write as many sectors as possible in this block
1019
1020 pages = min(sectors, info->blocksize - page);
1021 len = (pages << info->pageshift);
1022
1023 /* Not overflowing capacity? */
1024 if (lba >= maxlba) {
1025 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1026 lba, maxlba);
1027 result = -EIO;
1028 break;
1029 }
1030
1031 // Get the data from the transfer buffer
1032 usb_stor_access_xfer_buf(buffer, len, us->srb,
1033 &sg, &offset, FROM_XFER_BUF);
1034
1035 result = sddr09_write_lba(us, lba, page, pages,
1036 buffer, blockbuffer);
1037 if (result)
1038 break;
1039
1040 page = 0;
1041 lba++;
1042 sectors -= pages;
1043 }
1044
1045 kfree(buffer);
1046 kfree(blockbuffer);
1047
1048 return result;
1049}
1050
1051static int
1052sddr09_read_control(struct us_data *us,
1053 unsigned long address,
1054 unsigned int blocks,
1055 unsigned char *content,
1056 int use_sg) {
1057
1058 usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1059 address, blocks);
1060
1061 return sddr09_read21(us, address, blocks,
1062 CONTROL_SHIFT, content, use_sg);
1063}
1064
1065/*
1066 * Read Device ID Command: 12 bytes.
1067 * byte 0: opcode: ED
1068 *
1069 * Returns 2 bytes: Manufacturer ID and Device ID.
1070 * On more recent cards 3 bytes: the third byte is an option code A5
1071 * signifying that the secret command to read an 128-bit ID is available.
1072 * On still more recent cards 4 bytes: the fourth byte C0 means that
1073 * a second read ID cmd is available.
1074 */
1075static int
1076sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1077 unsigned char *command = us->iobuf;
1078 unsigned char *content = us->iobuf;
1079 int result, i;
1080
1081 memset(command, 0, 12);
1082 command[0] = 0xED;
1083 command[1] = LUNBITS;
1084
1085 result = sddr09_send_scsi_command(us, command, 12);
1086 if (result)
1087 return result;
1088
1089 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1090 content, 64, NULL);
1091
1092 for (i = 0; i < 4; i++)
1093 deviceID[i] = content[i];
1094
1095 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1096}
1097
1098static int
1099sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1100 int result;
1101 unsigned char status;
1102
1103 result = sddr09_read_status(us, &status);
1104 if (result) {
1105 usb_stor_dbg(us, "read_status fails\n");
1106 return result;
1107 }
1108 usb_stor_dbg(us, "status 0x%02X", status);
1109 if ((status & 0x80) == 0) {
1110 info->flags |= SDDR09_WP; /* write protected */
1111 US_DEBUGPX(" WP");
1112 }
1113 if (status & 0x40)
1114 US_DEBUGPX(" Ready");
1115 if (status & LUNBITS)
1116 US_DEBUGPX(" Suspended");
1117 if (status & 0x1)
1118 US_DEBUGPX(" Error");
1119 US_DEBUGPX("\n");
1120 return 0;
1121}
1122
1123#if 0
1124/*
1125 * Reset Command: 12 bytes.
1126 * byte 0: opcode: EB
1127 */
1128static int
1129sddr09_reset(struct us_data *us) {
1130
1131 unsigned char *command = us->iobuf;
1132
1133 memset(command, 0, 12);
1134 command[0] = 0xEB;
1135 command[1] = LUNBITS;
1136
1137 return sddr09_send_scsi_command(us, command, 12);
1138}
1139#endif
1140
1141static struct nand_flash_dev *
1142sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1143 struct nand_flash_dev *cardinfo;
1144 unsigned char deviceID[4];
1145 char blurbtxt[256];
1146 int result;
1147
1148 usb_stor_dbg(us, "Reading capacity...\n");
1149
1150 result = sddr09_read_deviceID(us, deviceID);
1151
1152 if (result) {
1153 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1154 printk(KERN_WARNING "sddr09: could not read card info\n");
1155 return NULL;
1156 }
1157
1158 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1159 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1160
1161 /* Byte 0 is the manufacturer */
1162 sprintf(blurbtxt + strlen(blurbtxt),
1163 ": Manuf. %s",
1164 nand_flash_manufacturer(deviceID[0]));
1165
1166 /* Byte 1 is the device type */
1167 cardinfo = nand_find_id(deviceID[1]);
1168 if (cardinfo) {
1169 /* MB or MiB? It is neither. A 16 MB card has
1170 17301504 raw bytes, of which 16384000 are
1171 usable for user data. */
1172 sprintf(blurbtxt + strlen(blurbtxt),
1173 ", %d MB", 1<<(cardinfo->chipshift - 20));
1174 } else {
1175 sprintf(blurbtxt + strlen(blurbtxt),
1176 ", type unrecognized");
1177 }
1178
1179 /* Byte 2 is code to signal availability of 128-bit ID */
1180 if (deviceID[2] == 0xa5) {
1181 sprintf(blurbtxt + strlen(blurbtxt),
1182 ", 128-bit ID");
1183 }
1184
1185 /* Byte 3 announces the availability of another read ID command */
1186 if (deviceID[3] == 0xc0) {
1187 sprintf(blurbtxt + strlen(blurbtxt),
1188 ", extra cmd");
1189 }
1190
1191 if (flags & SDDR09_WP)
1192 sprintf(blurbtxt + strlen(blurbtxt),
1193 ", WP");
1194
1195 printk(KERN_WARNING "%s\n", blurbtxt);
1196
1197 return cardinfo;
1198}
1199
1200static int
1201sddr09_read_map(struct us_data *us) {
1202
1203 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1204 int numblocks, alloc_len, alloc_blocks;
1205 int i, j, result;
1206 unsigned char *buffer, *buffer_end, *ptr;
1207 unsigned int lba, lbact;
1208
1209 if (!info->capacity)
1210 return -1;
1211
1212 // size of a block is 1 << (blockshift + pageshift) bytes
1213 // divide into the total capacity to get the number of blocks
1214
1215 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1216
1217 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1218 // but only use a 64 KB buffer
1219 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1220#define SDDR09_READ_MAP_BUFSZ 65536
1221
1222 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1223 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1224 buffer = kmalloc(alloc_len, GFP_NOIO);
1225 if (buffer == NULL) {
1226 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1227 result = -1;
1228 goto done;
1229 }
1230 buffer_end = buffer + alloc_len;
1231
1232#undef SDDR09_READ_MAP_BUFSZ
1233
1234 kfree(info->lba_to_pba);
1235 kfree(info->pba_to_lba);
1236 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1237 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1238
1239 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1240 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1241 result = -1;
1242 goto done;
1243 }
1244
1245 for (i = 0; i < numblocks; i++)
1246 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1247
1248 /*
1249 * Define lba-pba translation table
1250 */
1251
1252 ptr = buffer_end;
1253 for (i = 0; i < numblocks; i++) {
1254 ptr += (1 << CONTROL_SHIFT);
1255 if (ptr >= buffer_end) {
1256 unsigned long address;
1257
1258 address = i << (info->pageshift + info->blockshift);
1259 result = sddr09_read_control(
1260 us, address>>1,
1261 min(alloc_blocks, numblocks - i),
1262 buffer, 0);
1263 if (result) {
1264 result = -1;
1265 goto done;
1266 }
1267 ptr = buffer;
1268 }
1269
1270 if (i == 0 || i == 1) {
1271 info->pba_to_lba[i] = UNUSABLE;
1272 continue;
1273 }
1274
1275 /* special PBAs have control field 0^16 */
1276 for (j = 0; j < 16; j++)
1277 if (ptr[j] != 0)
1278 goto nonz;
1279 info->pba_to_lba[i] = UNUSABLE;
1280 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1281 i);
1282 continue;
1283
1284 nonz:
1285 /* unwritten PBAs have control field FF^16 */
1286 for (j = 0; j < 16; j++)
1287 if (ptr[j] != 0xff)
1288 goto nonff;
1289 continue;
1290
1291 nonff:
1292 /* normal PBAs start with six FFs */
1293 if (j < 6) {
1294 printk(KERN_WARNING
1295 "sddr09: PBA %d has no logical mapping: "
1296 "reserved area = %02X%02X%02X%02X "
1297 "data status %02X block status %02X\n",
1298 i, ptr[0], ptr[1], ptr[2], ptr[3],
1299 ptr[4], ptr[5]);
1300 info->pba_to_lba[i] = UNUSABLE;
1301 continue;
1302 }
1303
1304 if ((ptr[6] >> 4) != 0x01) {
1305 printk(KERN_WARNING
1306 "sddr09: PBA %d has invalid address field "
1307 "%02X%02X/%02X%02X\n",
1308 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1309 info->pba_to_lba[i] = UNUSABLE;
1310 continue;
1311 }
1312
1313 /* check even parity */
1314 if (parity[ptr[6] ^ ptr[7]]) {
1315 printk(KERN_WARNING
1316 "sddr09: Bad parity in LBA for block %d"
1317 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1318 info->pba_to_lba[i] = UNUSABLE;
1319 continue;
1320 }
1321
1322 lba = short_pack(ptr[7], ptr[6]);
1323 lba = (lba & 0x07FF) >> 1;
1324
1325 /*
1326 * Every 1024 physical blocks ("zone"), the LBA numbers
1327 * go back to zero, but are within a higher block of LBA's.
1328 * Also, there is a maximum of 1000 LBA's per zone.
1329 * In other words, in PBA 1024-2047 you will find LBA 0-999
1330 * which are really LBA 1000-1999. This allows for 24 bad
1331 * or special physical blocks per zone.
1332 */
1333
1334 if (lba >= 1000) {
1335 printk(KERN_WARNING
1336 "sddr09: Bad low LBA %d for block %d\n",
1337 lba, i);
1338 goto possibly_erase;
1339 }
1340
1341 lba += 1000*(i/0x400);
1342
1343 if (info->lba_to_pba[lba] != UNDEF) {
1344 printk(KERN_WARNING
1345 "sddr09: LBA %d seen for PBA %d and %d\n",
1346 lba, info->lba_to_pba[lba], i);
1347 goto possibly_erase;
1348 }
1349
1350 info->pba_to_lba[i] = lba;
1351 info->lba_to_pba[lba] = i;
1352 continue;
1353
1354 possibly_erase:
1355 if (erase_bad_lba_entries) {
1356 unsigned long address;
1357
1358 address = (i << (info->pageshift + info->blockshift));
1359 sddr09_erase(us, address>>1);
1360 info->pba_to_lba[i] = UNDEF;
1361 } else
1362 info->pba_to_lba[i] = UNUSABLE;
1363 }
1364
1365 /*
1366 * Approximate capacity. This is not entirely correct yet,
1367 * since a zone with less than 1000 usable pages leads to
1368 * missing LBAs. Especially if it is the last zone, some
1369 * LBAs can be past capacity.
1370 */
1371 lbact = 0;
1372 for (i = 0; i < numblocks; i += 1024) {
1373 int ct = 0;
1374
1375 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1376 if (info->pba_to_lba[i+j] != UNUSABLE) {
1377 if (ct >= 1000)
1378 info->pba_to_lba[i+j] = SPARE;
1379 else
1380 ct++;
1381 }
1382 }
1383 lbact += ct;
1384 }
1385 info->lbact = lbact;
1386 usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1387 result = 0;
1388
1389 done:
1390 if (result != 0) {
1391 kfree(info->lba_to_pba);
1392 kfree(info->pba_to_lba);
1393 info->lba_to_pba = NULL;
1394 info->pba_to_lba = NULL;
1395 }
1396 kfree(buffer);
1397 return result;
1398}
1399
1400static void
1401sddr09_card_info_destructor(void *extra) {
1402 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1403
1404 if (!info)
1405 return;
1406
1407 kfree(info->lba_to_pba);
1408 kfree(info->pba_to_lba);
1409}
1410
1411static int
1412sddr09_common_init(struct us_data *us) {
1413 int result;
1414
1415 /* set the configuration -- STALL is an acceptable response here */
1416 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1417 usb_stor_dbg(us, "active config #%d != 1 ??\n",
1418 us->pusb_dev->actconfig->desc.bConfigurationValue);
1419 return -EINVAL;
1420 }
1421
1422 result = usb_reset_configuration(us->pusb_dev);
1423 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1424 if (result == -EPIPE) {
1425 usb_stor_dbg(us, "-- stall on control interface\n");
1426 } else if (result != 0) {
1427 /* it's not a stall, but another error -- time to bail */
1428 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n");
1429 return -EINVAL;
1430 }
1431
1432 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1433 if (!us->extra)
1434 return -ENOMEM;
1435 us->extra_destructor = sddr09_card_info_destructor;
1436
1437 nand_init_ecc();
1438 return 0;
1439}
1440
1441
1442/*
1443 * This is needed at a very early stage. If this is not listed in the
1444 * unusual devices list but called from here then LUN 0 of the combo reader
1445 * is not recognized. But I do not know what precisely these calls do.
1446 */
1447static int
1448usb_stor_sddr09_dpcm_init(struct us_data *us) {
1449 int result;
1450 unsigned char *data = us->iobuf;
1451
1452 result = sddr09_common_init(us);
1453 if (result)
1454 return result;
1455
1456 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1457 if (result) {
1458 usb_stor_dbg(us, "send_command fails\n");
1459 return result;
1460 }
1461
1462 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1463 // get 07 02
1464
1465 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1466 if (result) {
1467 usb_stor_dbg(us, "2nd send_command fails\n");
1468 return result;
1469 }
1470
1471 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1472 // get 07 00
1473
1474 result = sddr09_request_sense(us, data, 18);
1475 if (result == 0 && data[2] != 0) {
1476 int j;
1477 for (j=0; j<18; j++)
1478 printk(" %02X", data[j]);
1479 printk("\n");
1480 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1481 // 70: current command
1482 // sense key 0, sense code 0, extd sense code 0
1483 // additional transfer length * = sizeof(data) - 7
1484 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1485 // sense key 06, sense code 28: unit attention,
1486 // not ready to ready transition
1487 }
1488
1489 // test unit ready
1490
1491 return 0; /* not result */
1492}
1493
1494/*
1495 * Transport for the Microtech DPCM-USB
1496 */
1497static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1498{
1499 int ret;
1500
1501 usb_stor_dbg(us, "LUN=%d\n", srb->device->lun);
1502
1503 switch (srb->device->lun) {
1504 case 0:
1505
1506 /*
1507 * LUN 0 corresponds to the CompactFlash card reader.
1508 */
1509 ret = usb_stor_CB_transport(srb, us);
1510 break;
1511
1512 case 1:
1513
1514 /*
1515 * LUN 1 corresponds to the SmartMedia card reader.
1516 */
1517
1518 /*
1519 * Set the LUN to 0 (just in case).
1520 */
1521 srb->device->lun = 0;
1522 ret = sddr09_transport(srb, us);
1523 srb->device->lun = 1;
1524 break;
1525
1526 default:
1527 usb_stor_dbg(us, "Invalid LUN %d\n", srb->device->lun);
1528 ret = USB_STOR_TRANSPORT_ERROR;
1529 break;
1530 }
1531 return ret;
1532}
1533
1534
1535/*
1536 * Transport for the Sandisk SDDR-09
1537 */
1538static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1539{
1540 static unsigned char sensekey = 0, sensecode = 0;
1541 static unsigned char havefakesense = 0;
1542 int result, i;
1543 unsigned char *ptr = us->iobuf;
1544 unsigned long capacity;
1545 unsigned int page, pages;
1546
1547 struct sddr09_card_info *info;
1548
1549 static unsigned char inquiry_response[8] = {
1550 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1551 };
1552
1553 /* note: no block descriptor support */
1554 static unsigned char mode_page_01[19] = {
1555 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1556 0x01, 0x0A,
1557 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1558 };
1559
1560 info = (struct sddr09_card_info *)us->extra;
1561
1562 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1563 /* for a faked command, we have to follow with a faked sense */
1564 memset(ptr, 0, 18);
1565 ptr[0] = 0x70;
1566 ptr[2] = sensekey;
1567 ptr[7] = 11;
1568 ptr[12] = sensecode;
1569 usb_stor_set_xfer_buf(ptr, 18, srb);
1570 sensekey = sensecode = havefakesense = 0;
1571 return USB_STOR_TRANSPORT_GOOD;
1572 }
1573
1574 havefakesense = 1;
1575
1576 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1577 respond to INQUIRY commands */
1578
1579 if (srb->cmnd[0] == INQUIRY) {
1580 memcpy(ptr, inquiry_response, 8);
1581 fill_inquiry_response(us, ptr, 36);
1582 return USB_STOR_TRANSPORT_GOOD;
1583 }
1584
1585 if (srb->cmnd[0] == READ_CAPACITY) {
1586 struct nand_flash_dev *cardinfo;
1587
1588 sddr09_get_wp(us, info); /* read WP bit */
1589
1590 cardinfo = sddr09_get_cardinfo(us, info->flags);
1591 if (!cardinfo) {
1592 /* probably no media */
1593 init_error:
1594 sensekey = 0x02; /* not ready */
1595 sensecode = 0x3a; /* medium not present */
1596 return USB_STOR_TRANSPORT_FAILED;
1597 }
1598
1599 info->capacity = (1 << cardinfo->chipshift);
1600 info->pageshift = cardinfo->pageshift;
1601 info->pagesize = (1 << info->pageshift);
1602 info->blockshift = cardinfo->blockshift;
1603 info->blocksize = (1 << info->blockshift);
1604 info->blockmask = info->blocksize - 1;
1605
1606 // map initialization, must follow get_cardinfo()
1607 if (sddr09_read_map(us)) {
1608 /* probably out of memory */
1609 goto init_error;
1610 }
1611
1612 // Report capacity
1613
1614 capacity = (info->lbact << info->blockshift) - 1;
1615
1616 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1617
1618 // Report page size
1619
1620 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1621 usb_stor_set_xfer_buf(ptr, 8, srb);
1622
1623 return USB_STOR_TRANSPORT_GOOD;
1624 }
1625
1626 if (srb->cmnd[0] == MODE_SENSE_10) {
1627 int modepage = (srb->cmnd[2] & 0x3F);
1628
1629 /* They ask for the Read/Write error recovery page,
1630 or for all pages. */
1631 /* %% We should check DBD %% */
1632 if (modepage == 0x01 || modepage == 0x3F) {
1633 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1634 modepage);
1635
1636 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1637 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1638 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1639 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1640 return USB_STOR_TRANSPORT_GOOD;
1641 }
1642
1643 sensekey = 0x05; /* illegal request */
1644 sensecode = 0x24; /* invalid field in CDB */
1645 return USB_STOR_TRANSPORT_FAILED;
1646 }
1647
1648 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1649 return USB_STOR_TRANSPORT_GOOD;
1650
1651 havefakesense = 0;
1652
1653 if (srb->cmnd[0] == READ_10) {
1654
1655 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1656 page <<= 16;
1657 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1658 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1659
1660 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1661 page, pages);
1662
1663 result = sddr09_read_data(us, page, pages);
1664 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1665 USB_STOR_TRANSPORT_ERROR);
1666 }
1667
1668 if (srb->cmnd[0] == WRITE_10) {
1669
1670 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1671 page <<= 16;
1672 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1673 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1674
1675 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1676 page, pages);
1677
1678 result = sddr09_write_data(us, page, pages);
1679 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1680 USB_STOR_TRANSPORT_ERROR);
1681 }
1682
1683 /* catch-all for all other commands, except
1684 * pass TEST_UNIT_READY and REQUEST_SENSE through
1685 */
1686 if (srb->cmnd[0] != TEST_UNIT_READY &&
1687 srb->cmnd[0] != REQUEST_SENSE) {
1688 sensekey = 0x05; /* illegal request */
1689 sensecode = 0x20; /* invalid command */
1690 havefakesense = 1;
1691 return USB_STOR_TRANSPORT_FAILED;
1692 }
1693
1694 for (; srb->cmd_len<12; srb->cmd_len++)
1695 srb->cmnd[srb->cmd_len] = 0;
1696
1697 srb->cmnd[1] = LUNBITS;
1698
1699 ptr[0] = 0;
1700 for (i=0; i<12; i++)
1701 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1702
1703 usb_stor_dbg(us, "Send control for command %s\n", ptr);
1704
1705 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1706 if (result) {
1707 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1708 result);
1709 return USB_STOR_TRANSPORT_ERROR;
1710 }
1711
1712 if (scsi_bufflen(srb) == 0)
1713 return USB_STOR_TRANSPORT_GOOD;
1714
1715 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1716 srb->sc_data_direction == DMA_FROM_DEVICE) {
1717 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1718 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1719
1720 usb_stor_dbg(us, "%s %d bytes\n",
1721 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1722 "sending" : "receiving",
1723 scsi_bufflen(srb));
1724
1725 result = usb_stor_bulk_srb(us, pipe, srb);
1726
1727 return (result == USB_STOR_XFER_GOOD ?
1728 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1729 }
1730
1731 return USB_STOR_TRANSPORT_GOOD;
1732}
1733
1734/*
1735 * Initialization routine for the sddr09 subdriver
1736 */
1737static int
1738usb_stor_sddr09_init(struct us_data *us) {
1739 return sddr09_common_init(us);
1740}
1741
1742static int sddr09_probe(struct usb_interface *intf,
1743 const struct usb_device_id *id)
1744{
1745 struct us_data *us;
1746 int result;
1747
1748 result = usb_stor_probe1(&us, intf, id,
1749 (id - sddr09_usb_ids) + sddr09_unusual_dev_list);
1750 if (result)
1751 return result;
1752
1753 if (us->protocol == USB_PR_DPCM_USB) {
1754 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1755 us->transport = dpcm_transport;
1756 us->transport_reset = usb_stor_CB_reset;
1757 us->max_lun = 1;
1758 } else {
1759 us->transport_name = "EUSB/SDDR09";
1760 us->transport = sddr09_transport;
1761 us->transport_reset = usb_stor_CB_reset;
1762 us->max_lun = 0;
1763 }
1764
1765 result = usb_stor_probe2(us);
1766 return result;
1767}
1768
1769static struct usb_driver sddr09_driver = {
1770 .name = "ums-sddr09",
1771 .probe = sddr09_probe,
1772 .disconnect = usb_stor_disconnect,
1773 .suspend = usb_stor_suspend,
1774 .resume = usb_stor_resume,
1775 .reset_resume = usb_stor_reset_resume,
1776 .pre_reset = usb_stor_pre_reset,
1777 .post_reset = usb_stor_post_reset,
1778 .id_table = sddr09_usb_ids,
1779 .soft_unbind = 1,
1780 .no_dynamic_id = 1,
1781};
1782
1783module_usb_driver(sddr09_driver);