Loading...
1/* Driver for SanDisk SDDR-09 SmartMedia reader
2 *
3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
5 * Developed with the assistance of:
6 * (c) 2002 Alan Stern <stern@rowland.org>
7 *
8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9 * This chip is a programmable USB controller. In the SDDR-09, it has
10 * been programmed to obey a certain limited set of SCSI commands.
11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12 * commands.
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2, or (at your option) any
17 * later version.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License along
25 * with this program; if not, write to the Free Software Foundation, Inc.,
26 * 675 Mass Ave, Cambridge, MA 02139, USA.
27 */
28
29/*
30 * Known vendor commands: 12 bytes, first byte is opcode
31 *
32 * E7: read scatter gather
33 * E8: read
34 * E9: write
35 * EA: erase
36 * EB: reset
37 * EC: read status
38 * ED: read ID
39 * EE: write CIS (?)
40 * EF: compute checksum (?)
41 */
42
43#include <linux/errno.h>
44#include <linux/module.h>
45#include <linux/slab.h>
46
47#include <scsi/scsi.h>
48#include <scsi/scsi_cmnd.h>
49#include <scsi/scsi_device.h>
50
51#include "usb.h"
52#include "transport.h"
53#include "protocol.h"
54#include "debug.h"
55#include "scsiglue.h"
56
57#define DRV_NAME "ums-sddr09"
58
59MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
60MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
61MODULE_LICENSE("GPL");
62
63static int usb_stor_sddr09_dpcm_init(struct us_data *us);
64static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
65static int usb_stor_sddr09_init(struct us_data *us);
66
67
68/*
69 * The table of devices
70 */
71#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
72 vendorName, productName, useProtocol, useTransport, \
73 initFunction, flags) \
74{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
75 .driver_info = (flags) }
76
77static struct usb_device_id sddr09_usb_ids[] = {
78# include "unusual_sddr09.h"
79 { } /* Terminating entry */
80};
81MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
82
83#undef UNUSUAL_DEV
84
85/*
86 * The flags table
87 */
88#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
89 vendor_name, product_name, use_protocol, use_transport, \
90 init_function, Flags) \
91{ \
92 .vendorName = vendor_name, \
93 .productName = product_name, \
94 .useProtocol = use_protocol, \
95 .useTransport = use_transport, \
96 .initFunction = init_function, \
97}
98
99static struct us_unusual_dev sddr09_unusual_dev_list[] = {
100# include "unusual_sddr09.h"
101 { } /* Terminating entry */
102};
103
104#undef UNUSUAL_DEV
105
106
107#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
108#define LSB_of(s) ((s)&0xFF)
109#define MSB_of(s) ((s)>>8)
110
111/*
112 * First some stuff that does not belong here:
113 * data on SmartMedia and other cards, completely
114 * unrelated to this driver.
115 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
116 */
117
118struct nand_flash_dev {
119 int model_id;
120 int chipshift; /* 1<<cs bytes total capacity */
121 char pageshift; /* 1<<ps bytes in a page */
122 char blockshift; /* 1<<bs pages in an erase block */
123 char zoneshift; /* 1<<zs blocks in a zone */
124 /* # of logical blocks is 125/128 of this */
125 char pageadrlen; /* length of an address in bytes - 1 */
126};
127
128/*
129 * NAND Flash Manufacturer ID Codes
130 */
131#define NAND_MFR_AMD 0x01
132#define NAND_MFR_NATSEMI 0x8f
133#define NAND_MFR_TOSHIBA 0x98
134#define NAND_MFR_SAMSUNG 0xec
135
136static inline char *nand_flash_manufacturer(int manuf_id) {
137 switch(manuf_id) {
138 case NAND_MFR_AMD:
139 return "AMD";
140 case NAND_MFR_NATSEMI:
141 return "NATSEMI";
142 case NAND_MFR_TOSHIBA:
143 return "Toshiba";
144 case NAND_MFR_SAMSUNG:
145 return "Samsung";
146 default:
147 return "unknown";
148 }
149}
150
151/*
152 * It looks like it is unnecessary to attach manufacturer to the
153 * remaining data: SSFDC prescribes manufacturer-independent id codes.
154 *
155 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
156 */
157
158static struct nand_flash_dev nand_flash_ids[] = {
159 /* NAND flash */
160 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
161 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
162 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
163 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
164 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
165 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
166 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
167 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
168 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
169 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
170 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
171 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
172 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
173
174 /* MASK ROM */
175 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
176 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
177 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
178 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
179 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
180 { 0,}
181};
182
183static struct nand_flash_dev *
184nand_find_id(unsigned char id) {
185 int i;
186
187 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
188 if (nand_flash_ids[i].model_id == id)
189 return &(nand_flash_ids[i]);
190 return NULL;
191}
192
193/*
194 * ECC computation.
195 */
196static unsigned char parity[256];
197static unsigned char ecc2[256];
198
199static void nand_init_ecc(void) {
200 int i, j, a;
201
202 parity[0] = 0;
203 for (i = 1; i < 256; i++)
204 parity[i] = (parity[i&(i-1)] ^ 1);
205
206 for (i = 0; i < 256; i++) {
207 a = 0;
208 for (j = 0; j < 8; j++) {
209 if (i & (1<<j)) {
210 if ((j & 1) == 0)
211 a ^= 0x04;
212 if ((j & 2) == 0)
213 a ^= 0x10;
214 if ((j & 4) == 0)
215 a ^= 0x40;
216 }
217 }
218 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
219 }
220}
221
222/* compute 3-byte ecc on 256 bytes */
223static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
224 int i, j, a;
225 unsigned char par = 0, bit, bits[8] = {0};
226
227 /* collect 16 checksum bits */
228 for (i = 0; i < 256; i++) {
229 par ^= data[i];
230 bit = parity[data[i]];
231 for (j = 0; j < 8; j++)
232 if ((i & (1<<j)) == 0)
233 bits[j] ^= bit;
234 }
235
236 /* put 4+4+4 = 12 bits in the ecc */
237 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
238 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
239
240 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
241 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
242
243 ecc[2] = ecc2[par];
244}
245
246static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
247 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
248}
249
250static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
251 memcpy(data, ecc, 3);
252}
253
254/*
255 * The actual driver starts here.
256 */
257
258struct sddr09_card_info {
259 unsigned long capacity; /* Size of card in bytes */
260 int pagesize; /* Size of page in bytes */
261 int pageshift; /* log2 of pagesize */
262 int blocksize; /* Size of block in pages */
263 int blockshift; /* log2 of blocksize */
264 int blockmask; /* 2^blockshift - 1 */
265 int *lba_to_pba; /* logical to physical map */
266 int *pba_to_lba; /* physical to logical map */
267 int lbact; /* number of available pages */
268 int flags;
269#define SDDR09_WP 1 /* write protected */
270};
271
272/*
273 * On my 16MB card, control blocks have size 64 (16 real control bytes,
274 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
275 * so the reader makes up the remaining 48. Don't know whether these numbers
276 * depend on the card. For now a constant.
277 */
278#define CONTROL_SHIFT 6
279
280/*
281 * On my Combo CF/SM reader, the SM reader has LUN 1.
282 * (and things fail with LUN 0).
283 * It seems LUN is irrelevant for others.
284 */
285#define LUN 1
286#define LUNBITS (LUN << 5)
287
288/*
289 * LBA and PBA are unsigned ints. Special values.
290 */
291#define UNDEF 0xffffffff
292#define SPARE 0xfffffffe
293#define UNUSABLE 0xfffffffd
294
295static const int erase_bad_lba_entries = 0;
296
297/* send vendor interface command (0x41) */
298/* called for requests 0, 1, 8 */
299static int
300sddr09_send_command(struct us_data *us,
301 unsigned char request,
302 unsigned char direction,
303 unsigned char *xfer_data,
304 unsigned int xfer_len) {
305 unsigned int pipe;
306 unsigned char requesttype = (0x41 | direction);
307 int rc;
308
309 // Get the receive or send control pipe number
310
311 if (direction == USB_DIR_IN)
312 pipe = us->recv_ctrl_pipe;
313 else
314 pipe = us->send_ctrl_pipe;
315
316 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
317 0, 0, xfer_data, xfer_len);
318 switch (rc) {
319 case USB_STOR_XFER_GOOD: return 0;
320 case USB_STOR_XFER_STALLED: return -EPIPE;
321 default: return -EIO;
322 }
323}
324
325static int
326sddr09_send_scsi_command(struct us_data *us,
327 unsigned char *command,
328 unsigned int command_len) {
329 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
330}
331
332#if 0
333/*
334 * Test Unit Ready Command: 12 bytes.
335 * byte 0: opcode: 00
336 */
337static int
338sddr09_test_unit_ready(struct us_data *us) {
339 unsigned char *command = us->iobuf;
340 int result;
341
342 memset(command, 0, 6);
343 command[1] = LUNBITS;
344
345 result = sddr09_send_scsi_command(us, command, 6);
346
347 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
348
349 return result;
350}
351#endif
352
353/*
354 * Request Sense Command: 12 bytes.
355 * byte 0: opcode: 03
356 * byte 4: data length
357 */
358static int
359sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
360 unsigned char *command = us->iobuf;
361 int result;
362
363 memset(command, 0, 12);
364 command[0] = 0x03;
365 command[1] = LUNBITS;
366 command[4] = buflen;
367
368 result = sddr09_send_scsi_command(us, command, 12);
369 if (result)
370 return result;
371
372 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
373 sensebuf, buflen, NULL);
374 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
375}
376
377/*
378 * Read Command: 12 bytes.
379 * byte 0: opcode: E8
380 * byte 1: last two bits: 00: read data, 01: read blockwise control,
381 * 10: read both, 11: read pagewise control.
382 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
383 * bytes 2-5: address (interpretation depends on byte 1, see below)
384 * bytes 10-11: count (idem)
385 *
386 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
387 * A read data command gets data in 512-byte pages.
388 * A read control command gets control in 64-byte chunks.
389 * A read both command gets data+control in 576-byte chunks.
390 *
391 * Blocks are groups of 32 pages, and read blockwise control jumps to the
392 * next block, while read pagewise control jumps to the next page after
393 * reading a group of 64 control bytes.
394 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
395 *
396 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
397 */
398
399static int
400sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
401 int nr_of_pages, int bulklen, unsigned char *buf,
402 int use_sg) {
403
404 unsigned char *command = us->iobuf;
405 int result;
406
407 command[0] = 0xE8;
408 command[1] = LUNBITS | x;
409 command[2] = MSB_of(fromaddress>>16);
410 command[3] = LSB_of(fromaddress>>16);
411 command[4] = MSB_of(fromaddress & 0xFFFF);
412 command[5] = LSB_of(fromaddress & 0xFFFF);
413 command[6] = 0;
414 command[7] = 0;
415 command[8] = 0;
416 command[9] = 0;
417 command[10] = MSB_of(nr_of_pages);
418 command[11] = LSB_of(nr_of_pages);
419
420 result = sddr09_send_scsi_command(us, command, 12);
421
422 if (result) {
423 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
424 x, result);
425 return result;
426 }
427
428 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
429 buf, bulklen, use_sg, NULL);
430
431 if (result != USB_STOR_XFER_GOOD) {
432 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
433 x, result);
434 return -EIO;
435 }
436 return 0;
437}
438
439/*
440 * Read Data
441 *
442 * fromaddress counts data shorts:
443 * increasing it by 256 shifts the bytestream by 512 bytes;
444 * the last 8 bits are ignored.
445 *
446 * nr_of_pages counts pages of size (1 << pageshift).
447 */
448static int
449sddr09_read20(struct us_data *us, unsigned long fromaddress,
450 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
451 int bulklen = nr_of_pages << pageshift;
452
453 /* The last 8 bits of fromaddress are ignored. */
454 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
455 buf, use_sg);
456}
457
458/*
459 * Read Blockwise Control
460 *
461 * fromaddress gives the starting position (as in read data;
462 * the last 8 bits are ignored); increasing it by 32*256 shifts
463 * the output stream by 64 bytes.
464 *
465 * count counts control groups of size (1 << controlshift).
466 * For me, controlshift = 6. Is this constant?
467 *
468 * After getting one control group, jump to the next block
469 * (fromaddress += 8192).
470 */
471static int
472sddr09_read21(struct us_data *us, unsigned long fromaddress,
473 int count, int controlshift, unsigned char *buf, int use_sg) {
474
475 int bulklen = (count << controlshift);
476 return sddr09_readX(us, 1, fromaddress, count, bulklen,
477 buf, use_sg);
478}
479
480/*
481 * Read both Data and Control
482 *
483 * fromaddress counts data shorts, ignoring control:
484 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
485 * the last 8 bits are ignored.
486 *
487 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
488 */
489static int
490sddr09_read22(struct us_data *us, unsigned long fromaddress,
491 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
492
493 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
494 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
495 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
496 buf, use_sg);
497}
498
499#if 0
500/*
501 * Read Pagewise Control
502 *
503 * fromaddress gives the starting position (as in read data;
504 * the last 8 bits are ignored); increasing it by 256 shifts
505 * the output stream by 64 bytes.
506 *
507 * count counts control groups of size (1 << controlshift).
508 * For me, controlshift = 6. Is this constant?
509 *
510 * After getting one control group, jump to the next page
511 * (fromaddress += 256).
512 */
513static int
514sddr09_read23(struct us_data *us, unsigned long fromaddress,
515 int count, int controlshift, unsigned char *buf, int use_sg) {
516
517 int bulklen = (count << controlshift);
518 return sddr09_readX(us, 3, fromaddress, count, bulklen,
519 buf, use_sg);
520}
521#endif
522
523/*
524 * Erase Command: 12 bytes.
525 * byte 0: opcode: EA
526 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
527 *
528 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
529 * The byte address being erased is 2*Eaddress.
530 * The CIS cannot be erased.
531 */
532static int
533sddr09_erase(struct us_data *us, unsigned long Eaddress) {
534 unsigned char *command = us->iobuf;
535 int result;
536
537 usb_stor_dbg(us, "erase address %lu\n", Eaddress);
538
539 memset(command, 0, 12);
540 command[0] = 0xEA;
541 command[1] = LUNBITS;
542 command[6] = MSB_of(Eaddress>>16);
543 command[7] = LSB_of(Eaddress>>16);
544 command[8] = MSB_of(Eaddress & 0xFFFF);
545 command[9] = LSB_of(Eaddress & 0xFFFF);
546
547 result = sddr09_send_scsi_command(us, command, 12);
548
549 if (result)
550 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
551 result);
552
553 return result;
554}
555
556/*
557 * Write CIS Command: 12 bytes.
558 * byte 0: opcode: EE
559 * bytes 2-5: write address in shorts
560 * bytes 10-11: sector count
561 *
562 * This writes at the indicated address. Don't know how it differs
563 * from E9. Maybe it does not erase? However, it will also write to
564 * the CIS.
565 *
566 * When two such commands on the same page follow each other directly,
567 * the second one is not done.
568 */
569
570/*
571 * Write Command: 12 bytes.
572 * byte 0: opcode: E9
573 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
574 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
575 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
576 *
577 * If write address equals erase address, the erase is done first,
578 * otherwise the write is done first. When erase address equals zero
579 * no erase is done?
580 */
581static int
582sddr09_writeX(struct us_data *us,
583 unsigned long Waddress, unsigned long Eaddress,
584 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
585
586 unsigned char *command = us->iobuf;
587 int result;
588
589 command[0] = 0xE9;
590 command[1] = LUNBITS;
591
592 command[2] = MSB_of(Waddress>>16);
593 command[3] = LSB_of(Waddress>>16);
594 command[4] = MSB_of(Waddress & 0xFFFF);
595 command[5] = LSB_of(Waddress & 0xFFFF);
596
597 command[6] = MSB_of(Eaddress>>16);
598 command[7] = LSB_of(Eaddress>>16);
599 command[8] = MSB_of(Eaddress & 0xFFFF);
600 command[9] = LSB_of(Eaddress & 0xFFFF);
601
602 command[10] = MSB_of(nr_of_pages);
603 command[11] = LSB_of(nr_of_pages);
604
605 result = sddr09_send_scsi_command(us, command, 12);
606
607 if (result) {
608 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
609 result);
610 return result;
611 }
612
613 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
614 buf, bulklen, use_sg, NULL);
615
616 if (result != USB_STOR_XFER_GOOD) {
617 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
618 result);
619 return -EIO;
620 }
621 return 0;
622}
623
624/* erase address, write same address */
625static int
626sddr09_write_inplace(struct us_data *us, unsigned long address,
627 int nr_of_pages, int pageshift, unsigned char *buf,
628 int use_sg) {
629 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
630 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
631 buf, use_sg);
632}
633
634#if 0
635/*
636 * Read Scatter Gather Command: 3+4n bytes.
637 * byte 0: opcode E7
638 * byte 2: n
639 * bytes 4i-1,4i,4i+1: page address
640 * byte 4i+2: page count
641 * (i=1..n)
642 *
643 * This reads several pages from the card to a single memory buffer.
644 * The last two bits of byte 1 have the same meaning as for E8.
645 */
646static int
647sddr09_read_sg_test_only(struct us_data *us) {
648 unsigned char *command = us->iobuf;
649 int result, bulklen, nsg, ct;
650 unsigned char *buf;
651 unsigned long address;
652
653 nsg = bulklen = 0;
654 command[0] = 0xE7;
655 command[1] = LUNBITS;
656 command[2] = 0;
657 address = 040000; ct = 1;
658 nsg++;
659 bulklen += (ct << 9);
660 command[4*nsg+2] = ct;
661 command[4*nsg+1] = ((address >> 9) & 0xFF);
662 command[4*nsg+0] = ((address >> 17) & 0xFF);
663 command[4*nsg-1] = ((address >> 25) & 0xFF);
664
665 address = 0340000; ct = 1;
666 nsg++;
667 bulklen += (ct << 9);
668 command[4*nsg+2] = ct;
669 command[4*nsg+1] = ((address >> 9) & 0xFF);
670 command[4*nsg+0] = ((address >> 17) & 0xFF);
671 command[4*nsg-1] = ((address >> 25) & 0xFF);
672
673 address = 01000000; ct = 2;
674 nsg++;
675 bulklen += (ct << 9);
676 command[4*nsg+2] = ct;
677 command[4*nsg+1] = ((address >> 9) & 0xFF);
678 command[4*nsg+0] = ((address >> 17) & 0xFF);
679 command[4*nsg-1] = ((address >> 25) & 0xFF);
680
681 command[2] = nsg;
682
683 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
684
685 if (result) {
686 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
687 result);
688 return result;
689 }
690
691 buf = kmalloc(bulklen, GFP_NOIO);
692 if (!buf)
693 return -ENOMEM;
694
695 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
696 buf, bulklen, NULL);
697 kfree(buf);
698 if (result != USB_STOR_XFER_GOOD) {
699 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
700 result);
701 return -EIO;
702 }
703
704 return 0;
705}
706#endif
707
708/*
709 * Read Status Command: 12 bytes.
710 * byte 0: opcode: EC
711 *
712 * Returns 64 bytes, all zero except for the first.
713 * bit 0: 1: Error
714 * bit 5: 1: Suspended
715 * bit 6: 1: Ready
716 * bit 7: 1: Not write-protected
717 */
718
719static int
720sddr09_read_status(struct us_data *us, unsigned char *status) {
721
722 unsigned char *command = us->iobuf;
723 unsigned char *data = us->iobuf;
724 int result;
725
726 usb_stor_dbg(us, "Reading status...\n");
727
728 memset(command, 0, 12);
729 command[0] = 0xEC;
730 command[1] = LUNBITS;
731
732 result = sddr09_send_scsi_command(us, command, 12);
733 if (result)
734 return result;
735
736 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
737 data, 64, NULL);
738 *status = data[0];
739 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
740}
741
742static int
743sddr09_read_data(struct us_data *us,
744 unsigned long address,
745 unsigned int sectors) {
746
747 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
748 unsigned char *buffer;
749 unsigned int lba, maxlba, pba;
750 unsigned int page, pages;
751 unsigned int len, offset;
752 struct scatterlist *sg;
753 int result;
754
755 // Figure out the initial LBA and page
756 lba = address >> info->blockshift;
757 page = (address & info->blockmask);
758 maxlba = info->capacity >> (info->pageshift + info->blockshift);
759 if (lba >= maxlba)
760 return -EIO;
761
762 // Since we only read in one block at a time, we have to create
763 // a bounce buffer and move the data a piece at a time between the
764 // bounce buffer and the actual transfer buffer.
765
766 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
767 buffer = kmalloc(len, GFP_NOIO);
768 if (buffer == NULL) {
769 printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
770 return -ENOMEM;
771 }
772
773 // This could be made much more efficient by checking for
774 // contiguous LBA's. Another exercise left to the student.
775
776 result = 0;
777 offset = 0;
778 sg = NULL;
779
780 while (sectors > 0) {
781
782 /* Find number of pages we can read in this block */
783 pages = min(sectors, info->blocksize - page);
784 len = pages << info->pageshift;
785
786 /* Not overflowing capacity? */
787 if (lba >= maxlba) {
788 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
789 lba, maxlba);
790 result = -EIO;
791 break;
792 }
793
794 /* Find where this lba lives on disk */
795 pba = info->lba_to_pba[lba];
796
797 if (pba == UNDEF) { /* this lba was never written */
798
799 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
800 pages, lba, page);
801
802 /* This is not really an error. It just means
803 that the block has never been written.
804 Instead of returning an error
805 it is better to return all zero data. */
806
807 memset(buffer, 0, len);
808
809 } else {
810 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
811 pages, pba, lba, page);
812
813 address = ((pba << info->blockshift) + page) <<
814 info->pageshift;
815
816 result = sddr09_read20(us, address>>1,
817 pages, info->pageshift, buffer, 0);
818 if (result)
819 break;
820 }
821
822 // Store the data in the transfer buffer
823 usb_stor_access_xfer_buf(buffer, len, us->srb,
824 &sg, &offset, TO_XFER_BUF);
825
826 page = 0;
827 lba++;
828 sectors -= pages;
829 }
830
831 kfree(buffer);
832 return result;
833}
834
835static unsigned int
836sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
837 static unsigned int lastpba = 1;
838 int zonestart, end, i;
839
840 zonestart = (lba/1000) << 10;
841 end = info->capacity >> (info->blockshift + info->pageshift);
842 end -= zonestart;
843 if (end > 1024)
844 end = 1024;
845
846 for (i = lastpba+1; i < end; i++) {
847 if (info->pba_to_lba[zonestart+i] == UNDEF) {
848 lastpba = i;
849 return zonestart+i;
850 }
851 }
852 for (i = 0; i <= lastpba; i++) {
853 if (info->pba_to_lba[zonestart+i] == UNDEF) {
854 lastpba = i;
855 return zonestart+i;
856 }
857 }
858 return 0;
859}
860
861static int
862sddr09_write_lba(struct us_data *us, unsigned int lba,
863 unsigned int page, unsigned int pages,
864 unsigned char *ptr, unsigned char *blockbuffer) {
865
866 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
867 unsigned long address;
868 unsigned int pba, lbap;
869 unsigned int pagelen;
870 unsigned char *bptr, *cptr, *xptr;
871 unsigned char ecc[3];
872 int i, result, isnew;
873
874 lbap = ((lba % 1000) << 1) | 0x1000;
875 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
876 lbap ^= 1;
877 pba = info->lba_to_pba[lba];
878 isnew = 0;
879
880 if (pba == UNDEF) {
881 pba = sddr09_find_unused_pba(info, lba);
882 if (!pba) {
883 printk(KERN_WARNING
884 "sddr09_write_lba: Out of unused blocks\n");
885 return -ENOSPC;
886 }
887 info->pba_to_lba[pba] = lba;
888 info->lba_to_pba[lba] = pba;
889 isnew = 1;
890 }
891
892 if (pba == 1) {
893 /* Maybe it is impossible to write to PBA 1.
894 Fake success, but don't do anything. */
895 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
896 return 0;
897 }
898
899 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
900
901 /* read old contents */
902 address = (pba << (info->pageshift + info->blockshift));
903 result = sddr09_read22(us, address>>1, info->blocksize,
904 info->pageshift, blockbuffer, 0);
905 if (result)
906 return result;
907
908 /* check old contents and fill lba */
909 for (i = 0; i < info->blocksize; i++) {
910 bptr = blockbuffer + i*pagelen;
911 cptr = bptr + info->pagesize;
912 nand_compute_ecc(bptr, ecc);
913 if (!nand_compare_ecc(cptr+13, ecc)) {
914 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
915 i, pba);
916 nand_store_ecc(cptr+13, ecc);
917 }
918 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
919 if (!nand_compare_ecc(cptr+8, ecc)) {
920 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
921 i, pba);
922 nand_store_ecc(cptr+8, ecc);
923 }
924 cptr[6] = cptr[11] = MSB_of(lbap);
925 cptr[7] = cptr[12] = LSB_of(lbap);
926 }
927
928 /* copy in new stuff and compute ECC */
929 xptr = ptr;
930 for (i = page; i < page+pages; i++) {
931 bptr = blockbuffer + i*pagelen;
932 cptr = bptr + info->pagesize;
933 memcpy(bptr, xptr, info->pagesize);
934 xptr += info->pagesize;
935 nand_compute_ecc(bptr, ecc);
936 nand_store_ecc(cptr+13, ecc);
937 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
938 nand_store_ecc(cptr+8, ecc);
939 }
940
941 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
942
943 result = sddr09_write_inplace(us, address>>1, info->blocksize,
944 info->pageshift, blockbuffer, 0);
945
946 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
947
948#if 0
949 {
950 unsigned char status = 0;
951 int result2 = sddr09_read_status(us, &status);
952 if (result2)
953 usb_stor_dbg(us, "cannot read status\n");
954 else if (status != 0xc0)
955 usb_stor_dbg(us, "status after write: 0x%x\n", status);
956 }
957#endif
958
959#if 0
960 {
961 int result2 = sddr09_test_unit_ready(us);
962 }
963#endif
964
965 return result;
966}
967
968static int
969sddr09_write_data(struct us_data *us,
970 unsigned long address,
971 unsigned int sectors) {
972
973 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
974 unsigned int lba, maxlba, page, pages;
975 unsigned int pagelen, blocklen;
976 unsigned char *blockbuffer;
977 unsigned char *buffer;
978 unsigned int len, offset;
979 struct scatterlist *sg;
980 int result;
981
982 // Figure out the initial LBA and page
983 lba = address >> info->blockshift;
984 page = (address & info->blockmask);
985 maxlba = info->capacity >> (info->pageshift + info->blockshift);
986 if (lba >= maxlba)
987 return -EIO;
988
989 // blockbuffer is used for reading in the old data, overwriting
990 // with the new data, and performing ECC calculations
991
992 /* TODO: instead of doing kmalloc/kfree for each write,
993 add a bufferpointer to the info structure */
994
995 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
996 blocklen = (pagelen << info->blockshift);
997 blockbuffer = kmalloc(blocklen, GFP_NOIO);
998 if (!blockbuffer) {
999 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1000 return -ENOMEM;
1001 }
1002
1003 // Since we don't write the user data directly to the device,
1004 // we have to create a bounce buffer and move the data a piece
1005 // at a time between the bounce buffer and the actual transfer buffer.
1006
1007 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1008 buffer = kmalloc(len, GFP_NOIO);
1009 if (buffer == NULL) {
1010 printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1011 kfree(blockbuffer);
1012 return -ENOMEM;
1013 }
1014
1015 result = 0;
1016 offset = 0;
1017 sg = NULL;
1018
1019 while (sectors > 0) {
1020
1021 // Write as many sectors as possible in this block
1022
1023 pages = min(sectors, info->blocksize - page);
1024 len = (pages << info->pageshift);
1025
1026 /* Not overflowing capacity? */
1027 if (lba >= maxlba) {
1028 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1029 lba, maxlba);
1030 result = -EIO;
1031 break;
1032 }
1033
1034 // Get the data from the transfer buffer
1035 usb_stor_access_xfer_buf(buffer, len, us->srb,
1036 &sg, &offset, FROM_XFER_BUF);
1037
1038 result = sddr09_write_lba(us, lba, page, pages,
1039 buffer, blockbuffer);
1040 if (result)
1041 break;
1042
1043 page = 0;
1044 lba++;
1045 sectors -= pages;
1046 }
1047
1048 kfree(buffer);
1049 kfree(blockbuffer);
1050
1051 return result;
1052}
1053
1054static int
1055sddr09_read_control(struct us_data *us,
1056 unsigned long address,
1057 unsigned int blocks,
1058 unsigned char *content,
1059 int use_sg) {
1060
1061 usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1062 address, blocks);
1063
1064 return sddr09_read21(us, address, blocks,
1065 CONTROL_SHIFT, content, use_sg);
1066}
1067
1068/*
1069 * Read Device ID Command: 12 bytes.
1070 * byte 0: opcode: ED
1071 *
1072 * Returns 2 bytes: Manufacturer ID and Device ID.
1073 * On more recent cards 3 bytes: the third byte is an option code A5
1074 * signifying that the secret command to read an 128-bit ID is available.
1075 * On still more recent cards 4 bytes: the fourth byte C0 means that
1076 * a second read ID cmd is available.
1077 */
1078static int
1079sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1080 unsigned char *command = us->iobuf;
1081 unsigned char *content = us->iobuf;
1082 int result, i;
1083
1084 memset(command, 0, 12);
1085 command[0] = 0xED;
1086 command[1] = LUNBITS;
1087
1088 result = sddr09_send_scsi_command(us, command, 12);
1089 if (result)
1090 return result;
1091
1092 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1093 content, 64, NULL);
1094
1095 for (i = 0; i < 4; i++)
1096 deviceID[i] = content[i];
1097
1098 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1099}
1100
1101static int
1102sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1103 int result;
1104 unsigned char status;
1105 const char *wp_fmt;
1106
1107 result = sddr09_read_status(us, &status);
1108 if (result) {
1109 usb_stor_dbg(us, "read_status fails\n");
1110 return result;
1111 }
1112 if ((status & 0x80) == 0) {
1113 info->flags |= SDDR09_WP; /* write protected */
1114 wp_fmt = " WP";
1115 } else {
1116 wp_fmt = "";
1117 }
1118 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1119 status & 0x40 ? " Ready" : "",
1120 status & LUNBITS ? " Suspended" : "",
1121 status & 0x01 ? " Error" : "");
1122
1123 return 0;
1124}
1125
1126#if 0
1127/*
1128 * Reset Command: 12 bytes.
1129 * byte 0: opcode: EB
1130 */
1131static int
1132sddr09_reset(struct us_data *us) {
1133
1134 unsigned char *command = us->iobuf;
1135
1136 memset(command, 0, 12);
1137 command[0] = 0xEB;
1138 command[1] = LUNBITS;
1139
1140 return sddr09_send_scsi_command(us, command, 12);
1141}
1142#endif
1143
1144static struct nand_flash_dev *
1145sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1146 struct nand_flash_dev *cardinfo;
1147 unsigned char deviceID[4];
1148 char blurbtxt[256];
1149 int result;
1150
1151 usb_stor_dbg(us, "Reading capacity...\n");
1152
1153 result = sddr09_read_deviceID(us, deviceID);
1154
1155 if (result) {
1156 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1157 printk(KERN_WARNING "sddr09: could not read card info\n");
1158 return NULL;
1159 }
1160
1161 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1162
1163 /* Byte 0 is the manufacturer */
1164 sprintf(blurbtxt + strlen(blurbtxt),
1165 ": Manuf. %s",
1166 nand_flash_manufacturer(deviceID[0]));
1167
1168 /* Byte 1 is the device type */
1169 cardinfo = nand_find_id(deviceID[1]);
1170 if (cardinfo) {
1171 /* MB or MiB? It is neither. A 16 MB card has
1172 17301504 raw bytes, of which 16384000 are
1173 usable for user data. */
1174 sprintf(blurbtxt + strlen(blurbtxt),
1175 ", %d MB", 1<<(cardinfo->chipshift - 20));
1176 } else {
1177 sprintf(blurbtxt + strlen(blurbtxt),
1178 ", type unrecognized");
1179 }
1180
1181 /* Byte 2 is code to signal availability of 128-bit ID */
1182 if (deviceID[2] == 0xa5) {
1183 sprintf(blurbtxt + strlen(blurbtxt),
1184 ", 128-bit ID");
1185 }
1186
1187 /* Byte 3 announces the availability of another read ID command */
1188 if (deviceID[3] == 0xc0) {
1189 sprintf(blurbtxt + strlen(blurbtxt),
1190 ", extra cmd");
1191 }
1192
1193 if (flags & SDDR09_WP)
1194 sprintf(blurbtxt + strlen(blurbtxt),
1195 ", WP");
1196
1197 printk(KERN_WARNING "%s\n", blurbtxt);
1198
1199 return cardinfo;
1200}
1201
1202static int
1203sddr09_read_map(struct us_data *us) {
1204
1205 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1206 int numblocks, alloc_len, alloc_blocks;
1207 int i, j, result;
1208 unsigned char *buffer, *buffer_end, *ptr;
1209 unsigned int lba, lbact;
1210
1211 if (!info->capacity)
1212 return -1;
1213
1214 // size of a block is 1 << (blockshift + pageshift) bytes
1215 // divide into the total capacity to get the number of blocks
1216
1217 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1218
1219 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1220 // but only use a 64 KB buffer
1221 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1222#define SDDR09_READ_MAP_BUFSZ 65536
1223
1224 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1225 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1226 buffer = kmalloc(alloc_len, GFP_NOIO);
1227 if (buffer == NULL) {
1228 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1229 result = -1;
1230 goto done;
1231 }
1232 buffer_end = buffer + alloc_len;
1233
1234#undef SDDR09_READ_MAP_BUFSZ
1235
1236 kfree(info->lba_to_pba);
1237 kfree(info->pba_to_lba);
1238 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1239 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1240
1241 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1242 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1243 result = -1;
1244 goto done;
1245 }
1246
1247 for (i = 0; i < numblocks; i++)
1248 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1249
1250 /*
1251 * Define lba-pba translation table
1252 */
1253
1254 ptr = buffer_end;
1255 for (i = 0; i < numblocks; i++) {
1256 ptr += (1 << CONTROL_SHIFT);
1257 if (ptr >= buffer_end) {
1258 unsigned long address;
1259
1260 address = i << (info->pageshift + info->blockshift);
1261 result = sddr09_read_control(
1262 us, address>>1,
1263 min(alloc_blocks, numblocks - i),
1264 buffer, 0);
1265 if (result) {
1266 result = -1;
1267 goto done;
1268 }
1269 ptr = buffer;
1270 }
1271
1272 if (i == 0 || i == 1) {
1273 info->pba_to_lba[i] = UNUSABLE;
1274 continue;
1275 }
1276
1277 /* special PBAs have control field 0^16 */
1278 for (j = 0; j < 16; j++)
1279 if (ptr[j] != 0)
1280 goto nonz;
1281 info->pba_to_lba[i] = UNUSABLE;
1282 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1283 i);
1284 continue;
1285
1286 nonz:
1287 /* unwritten PBAs have control field FF^16 */
1288 for (j = 0; j < 16; j++)
1289 if (ptr[j] != 0xff)
1290 goto nonff;
1291 continue;
1292
1293 nonff:
1294 /* normal PBAs start with six FFs */
1295 if (j < 6) {
1296 printk(KERN_WARNING
1297 "sddr09: PBA %d has no logical mapping: "
1298 "reserved area = %02X%02X%02X%02X "
1299 "data status %02X block status %02X\n",
1300 i, ptr[0], ptr[1], ptr[2], ptr[3],
1301 ptr[4], ptr[5]);
1302 info->pba_to_lba[i] = UNUSABLE;
1303 continue;
1304 }
1305
1306 if ((ptr[6] >> 4) != 0x01) {
1307 printk(KERN_WARNING
1308 "sddr09: PBA %d has invalid address field "
1309 "%02X%02X/%02X%02X\n",
1310 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1311 info->pba_to_lba[i] = UNUSABLE;
1312 continue;
1313 }
1314
1315 /* check even parity */
1316 if (parity[ptr[6] ^ ptr[7]]) {
1317 printk(KERN_WARNING
1318 "sddr09: Bad parity in LBA for block %d"
1319 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1320 info->pba_to_lba[i] = UNUSABLE;
1321 continue;
1322 }
1323
1324 lba = short_pack(ptr[7], ptr[6]);
1325 lba = (lba & 0x07FF) >> 1;
1326
1327 /*
1328 * Every 1024 physical blocks ("zone"), the LBA numbers
1329 * go back to zero, but are within a higher block of LBA's.
1330 * Also, there is a maximum of 1000 LBA's per zone.
1331 * In other words, in PBA 1024-2047 you will find LBA 0-999
1332 * which are really LBA 1000-1999. This allows for 24 bad
1333 * or special physical blocks per zone.
1334 */
1335
1336 if (lba >= 1000) {
1337 printk(KERN_WARNING
1338 "sddr09: Bad low LBA %d for block %d\n",
1339 lba, i);
1340 goto possibly_erase;
1341 }
1342
1343 lba += 1000*(i/0x400);
1344
1345 if (info->lba_to_pba[lba] != UNDEF) {
1346 printk(KERN_WARNING
1347 "sddr09: LBA %d seen for PBA %d and %d\n",
1348 lba, info->lba_to_pba[lba], i);
1349 goto possibly_erase;
1350 }
1351
1352 info->pba_to_lba[i] = lba;
1353 info->lba_to_pba[lba] = i;
1354 continue;
1355
1356 possibly_erase:
1357 if (erase_bad_lba_entries) {
1358 unsigned long address;
1359
1360 address = (i << (info->pageshift + info->blockshift));
1361 sddr09_erase(us, address>>1);
1362 info->pba_to_lba[i] = UNDEF;
1363 } else
1364 info->pba_to_lba[i] = UNUSABLE;
1365 }
1366
1367 /*
1368 * Approximate capacity. This is not entirely correct yet,
1369 * since a zone with less than 1000 usable pages leads to
1370 * missing LBAs. Especially if it is the last zone, some
1371 * LBAs can be past capacity.
1372 */
1373 lbact = 0;
1374 for (i = 0; i < numblocks; i += 1024) {
1375 int ct = 0;
1376
1377 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1378 if (info->pba_to_lba[i+j] != UNUSABLE) {
1379 if (ct >= 1000)
1380 info->pba_to_lba[i+j] = SPARE;
1381 else
1382 ct++;
1383 }
1384 }
1385 lbact += ct;
1386 }
1387 info->lbact = lbact;
1388 usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1389 result = 0;
1390
1391 done:
1392 if (result != 0) {
1393 kfree(info->lba_to_pba);
1394 kfree(info->pba_to_lba);
1395 info->lba_to_pba = NULL;
1396 info->pba_to_lba = NULL;
1397 }
1398 kfree(buffer);
1399 return result;
1400}
1401
1402static void
1403sddr09_card_info_destructor(void *extra) {
1404 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1405
1406 if (!info)
1407 return;
1408
1409 kfree(info->lba_to_pba);
1410 kfree(info->pba_to_lba);
1411}
1412
1413static int
1414sddr09_common_init(struct us_data *us) {
1415 int result;
1416
1417 /* set the configuration -- STALL is an acceptable response here */
1418 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1419 usb_stor_dbg(us, "active config #%d != 1 ??\n",
1420 us->pusb_dev->actconfig->desc.bConfigurationValue);
1421 return -EINVAL;
1422 }
1423
1424 result = usb_reset_configuration(us->pusb_dev);
1425 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1426 if (result == -EPIPE) {
1427 usb_stor_dbg(us, "-- stall on control interface\n");
1428 } else if (result != 0) {
1429 /* it's not a stall, but another error -- time to bail */
1430 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n");
1431 return -EINVAL;
1432 }
1433
1434 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1435 if (!us->extra)
1436 return -ENOMEM;
1437 us->extra_destructor = sddr09_card_info_destructor;
1438
1439 nand_init_ecc();
1440 return 0;
1441}
1442
1443
1444/*
1445 * This is needed at a very early stage. If this is not listed in the
1446 * unusual devices list but called from here then LUN 0 of the combo reader
1447 * is not recognized. But I do not know what precisely these calls do.
1448 */
1449static int
1450usb_stor_sddr09_dpcm_init(struct us_data *us) {
1451 int result;
1452 unsigned char *data = us->iobuf;
1453
1454 result = sddr09_common_init(us);
1455 if (result)
1456 return result;
1457
1458 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1459 if (result) {
1460 usb_stor_dbg(us, "send_command fails\n");
1461 return result;
1462 }
1463
1464 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1465 // get 07 02
1466
1467 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1468 if (result) {
1469 usb_stor_dbg(us, "2nd send_command fails\n");
1470 return result;
1471 }
1472
1473 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1474 // get 07 00
1475
1476 result = sddr09_request_sense(us, data, 18);
1477 if (result == 0 && data[2] != 0) {
1478 int j;
1479 for (j=0; j<18; j++)
1480 printk(" %02X", data[j]);
1481 printk("\n");
1482 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1483 // 70: current command
1484 // sense key 0, sense code 0, extd sense code 0
1485 // additional transfer length * = sizeof(data) - 7
1486 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1487 // sense key 06, sense code 28: unit attention,
1488 // not ready to ready transition
1489 }
1490
1491 // test unit ready
1492
1493 return 0; /* not result */
1494}
1495
1496/*
1497 * Transport for the Microtech DPCM-USB
1498 */
1499static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1500{
1501 int ret;
1502
1503 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1504
1505 switch (srb->device->lun) {
1506 case 0:
1507
1508 /*
1509 * LUN 0 corresponds to the CompactFlash card reader.
1510 */
1511 ret = usb_stor_CB_transport(srb, us);
1512 break;
1513
1514 case 1:
1515
1516 /*
1517 * LUN 1 corresponds to the SmartMedia card reader.
1518 */
1519
1520 /*
1521 * Set the LUN to 0 (just in case).
1522 */
1523 srb->device->lun = 0;
1524 ret = sddr09_transport(srb, us);
1525 srb->device->lun = 1;
1526 break;
1527
1528 default:
1529 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1530 ret = USB_STOR_TRANSPORT_ERROR;
1531 break;
1532 }
1533 return ret;
1534}
1535
1536
1537/*
1538 * Transport for the Sandisk SDDR-09
1539 */
1540static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1541{
1542 static unsigned char sensekey = 0, sensecode = 0;
1543 static unsigned char havefakesense = 0;
1544 int result, i;
1545 unsigned char *ptr = us->iobuf;
1546 unsigned long capacity;
1547 unsigned int page, pages;
1548
1549 struct sddr09_card_info *info;
1550
1551 static unsigned char inquiry_response[8] = {
1552 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1553 };
1554
1555 /* note: no block descriptor support */
1556 static unsigned char mode_page_01[19] = {
1557 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1558 0x01, 0x0A,
1559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1560 };
1561
1562 info = (struct sddr09_card_info *)us->extra;
1563
1564 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1565 /* for a faked command, we have to follow with a faked sense */
1566 memset(ptr, 0, 18);
1567 ptr[0] = 0x70;
1568 ptr[2] = sensekey;
1569 ptr[7] = 11;
1570 ptr[12] = sensecode;
1571 usb_stor_set_xfer_buf(ptr, 18, srb);
1572 sensekey = sensecode = havefakesense = 0;
1573 return USB_STOR_TRANSPORT_GOOD;
1574 }
1575
1576 havefakesense = 1;
1577
1578 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1579 respond to INQUIRY commands */
1580
1581 if (srb->cmnd[0] == INQUIRY) {
1582 memcpy(ptr, inquiry_response, 8);
1583 fill_inquiry_response(us, ptr, 36);
1584 return USB_STOR_TRANSPORT_GOOD;
1585 }
1586
1587 if (srb->cmnd[0] == READ_CAPACITY) {
1588 struct nand_flash_dev *cardinfo;
1589
1590 sddr09_get_wp(us, info); /* read WP bit */
1591
1592 cardinfo = sddr09_get_cardinfo(us, info->flags);
1593 if (!cardinfo) {
1594 /* probably no media */
1595 init_error:
1596 sensekey = 0x02; /* not ready */
1597 sensecode = 0x3a; /* medium not present */
1598 return USB_STOR_TRANSPORT_FAILED;
1599 }
1600
1601 info->capacity = (1 << cardinfo->chipshift);
1602 info->pageshift = cardinfo->pageshift;
1603 info->pagesize = (1 << info->pageshift);
1604 info->blockshift = cardinfo->blockshift;
1605 info->blocksize = (1 << info->blockshift);
1606 info->blockmask = info->blocksize - 1;
1607
1608 // map initialization, must follow get_cardinfo()
1609 if (sddr09_read_map(us)) {
1610 /* probably out of memory */
1611 goto init_error;
1612 }
1613
1614 // Report capacity
1615
1616 capacity = (info->lbact << info->blockshift) - 1;
1617
1618 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1619
1620 // Report page size
1621
1622 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1623 usb_stor_set_xfer_buf(ptr, 8, srb);
1624
1625 return USB_STOR_TRANSPORT_GOOD;
1626 }
1627
1628 if (srb->cmnd[0] == MODE_SENSE_10) {
1629 int modepage = (srb->cmnd[2] & 0x3F);
1630
1631 /* They ask for the Read/Write error recovery page,
1632 or for all pages. */
1633 /* %% We should check DBD %% */
1634 if (modepage == 0x01 || modepage == 0x3F) {
1635 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636 modepage);
1637
1638 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642 return USB_STOR_TRANSPORT_GOOD;
1643 }
1644
1645 sensekey = 0x05; /* illegal request */
1646 sensecode = 0x24; /* invalid field in CDB */
1647 return USB_STOR_TRANSPORT_FAILED;
1648 }
1649
1650 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651 return USB_STOR_TRANSPORT_GOOD;
1652
1653 havefakesense = 0;
1654
1655 if (srb->cmnd[0] == READ_10) {
1656
1657 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658 page <<= 16;
1659 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661
1662 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663 page, pages);
1664
1665 result = sddr09_read_data(us, page, pages);
1666 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667 USB_STOR_TRANSPORT_ERROR);
1668 }
1669
1670 if (srb->cmnd[0] == WRITE_10) {
1671
1672 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 page <<= 16;
1674 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676
1677 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678 page, pages);
1679
1680 result = sddr09_write_data(us, page, pages);
1681 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 USB_STOR_TRANSPORT_ERROR);
1683 }
1684
1685 /* catch-all for all other commands, except
1686 * pass TEST_UNIT_READY and REQUEST_SENSE through
1687 */
1688 if (srb->cmnd[0] != TEST_UNIT_READY &&
1689 srb->cmnd[0] != REQUEST_SENSE) {
1690 sensekey = 0x05; /* illegal request */
1691 sensecode = 0x20; /* invalid command */
1692 havefakesense = 1;
1693 return USB_STOR_TRANSPORT_FAILED;
1694 }
1695
1696 for (; srb->cmd_len<12; srb->cmd_len++)
1697 srb->cmnd[srb->cmd_len] = 0;
1698
1699 srb->cmnd[1] = LUNBITS;
1700
1701 ptr[0] = 0;
1702 for (i=0; i<12; i++)
1703 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1704
1705 usb_stor_dbg(us, "Send control for command %s\n", ptr);
1706
1707 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1708 if (result) {
1709 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1710 result);
1711 return USB_STOR_TRANSPORT_ERROR;
1712 }
1713
1714 if (scsi_bufflen(srb) == 0)
1715 return USB_STOR_TRANSPORT_GOOD;
1716
1717 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1718 srb->sc_data_direction == DMA_FROM_DEVICE) {
1719 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1720 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1721
1722 usb_stor_dbg(us, "%s %d bytes\n",
1723 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1724 "sending" : "receiving",
1725 scsi_bufflen(srb));
1726
1727 result = usb_stor_bulk_srb(us, pipe, srb);
1728
1729 return (result == USB_STOR_XFER_GOOD ?
1730 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1731 }
1732
1733 return USB_STOR_TRANSPORT_GOOD;
1734}
1735
1736/*
1737 * Initialization routine for the sddr09 subdriver
1738 */
1739static int
1740usb_stor_sddr09_init(struct us_data *us) {
1741 return sddr09_common_init(us);
1742}
1743
1744static struct scsi_host_template sddr09_host_template;
1745
1746static int sddr09_probe(struct usb_interface *intf,
1747 const struct usb_device_id *id)
1748{
1749 struct us_data *us;
1750 int result;
1751
1752 result = usb_stor_probe1(&us, intf, id,
1753 (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1754 &sddr09_host_template);
1755 if (result)
1756 return result;
1757
1758 if (us->protocol == USB_PR_DPCM_USB) {
1759 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1760 us->transport = dpcm_transport;
1761 us->transport_reset = usb_stor_CB_reset;
1762 us->max_lun = 1;
1763 } else {
1764 us->transport_name = "EUSB/SDDR09";
1765 us->transport = sddr09_transport;
1766 us->transport_reset = usb_stor_CB_reset;
1767 us->max_lun = 0;
1768 }
1769
1770 result = usb_stor_probe2(us);
1771 return result;
1772}
1773
1774static struct usb_driver sddr09_driver = {
1775 .name = DRV_NAME,
1776 .probe = sddr09_probe,
1777 .disconnect = usb_stor_disconnect,
1778 .suspend = usb_stor_suspend,
1779 .resume = usb_stor_resume,
1780 .reset_resume = usb_stor_reset_resume,
1781 .pre_reset = usb_stor_pre_reset,
1782 .post_reset = usb_stor_post_reset,
1783 .id_table = sddr09_usb_ids,
1784 .soft_unbind = 1,
1785 .no_dynamic_id = 1,
1786};
1787
1788module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Driver for SanDisk SDDR-09 SmartMedia reader
4 *
5 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
6 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
7 * Developed with the assistance of:
8 * (c) 2002 Alan Stern <stern@rowland.org>
9 *
10 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
11 * This chip is a programmable USB controller. In the SDDR-09, it has
12 * been programmed to obey a certain limited set of SCSI commands.
13 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
14 * commands.
15 */
16
17/*
18 * Known vendor commands: 12 bytes, first byte is opcode
19 *
20 * E7: read scatter gather
21 * E8: read
22 * E9: write
23 * EA: erase
24 * EB: reset
25 * EC: read status
26 * ED: read ID
27 * EE: write CIS (?)
28 * EF: compute checksum (?)
29 */
30
31#include <linux/errno.h>
32#include <linux/module.h>
33#include <linux/slab.h>
34
35#include <scsi/scsi.h>
36#include <scsi/scsi_cmnd.h>
37#include <scsi/scsi_device.h>
38
39#include "usb.h"
40#include "transport.h"
41#include "protocol.h"
42#include "debug.h"
43#include "scsiglue.h"
44
45#define DRV_NAME "ums-sddr09"
46
47MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
48MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
49MODULE_LICENSE("GPL");
50
51static int usb_stor_sddr09_dpcm_init(struct us_data *us);
52static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
53static int usb_stor_sddr09_init(struct us_data *us);
54
55
56/*
57 * The table of devices
58 */
59#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
60 vendorName, productName, useProtocol, useTransport, \
61 initFunction, flags) \
62{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
63 .driver_info = (flags) }
64
65static struct usb_device_id sddr09_usb_ids[] = {
66# include "unusual_sddr09.h"
67 { } /* Terminating entry */
68};
69MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
70
71#undef UNUSUAL_DEV
72
73/*
74 * The flags table
75 */
76#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
77 vendor_name, product_name, use_protocol, use_transport, \
78 init_function, Flags) \
79{ \
80 .vendorName = vendor_name, \
81 .productName = product_name, \
82 .useProtocol = use_protocol, \
83 .useTransport = use_transport, \
84 .initFunction = init_function, \
85}
86
87static struct us_unusual_dev sddr09_unusual_dev_list[] = {
88# include "unusual_sddr09.h"
89 { } /* Terminating entry */
90};
91
92#undef UNUSUAL_DEV
93
94
95#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
96#define LSB_of(s) ((s)&0xFF)
97#define MSB_of(s) ((s)>>8)
98
99/*
100 * First some stuff that does not belong here:
101 * data on SmartMedia and other cards, completely
102 * unrelated to this driver.
103 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
104 */
105
106struct nand_flash_dev {
107 int model_id;
108 int chipshift; /* 1<<cs bytes total capacity */
109 char pageshift; /* 1<<ps bytes in a page */
110 char blockshift; /* 1<<bs pages in an erase block */
111 char zoneshift; /* 1<<zs blocks in a zone */
112 /* # of logical blocks is 125/128 of this */
113 char pageadrlen; /* length of an address in bytes - 1 */
114};
115
116/*
117 * NAND Flash Manufacturer ID Codes
118 */
119#define NAND_MFR_AMD 0x01
120#define NAND_MFR_NATSEMI 0x8f
121#define NAND_MFR_TOSHIBA 0x98
122#define NAND_MFR_SAMSUNG 0xec
123
124static inline char *nand_flash_manufacturer(int manuf_id) {
125 switch(manuf_id) {
126 case NAND_MFR_AMD:
127 return "AMD";
128 case NAND_MFR_NATSEMI:
129 return "NATSEMI";
130 case NAND_MFR_TOSHIBA:
131 return "Toshiba";
132 case NAND_MFR_SAMSUNG:
133 return "Samsung";
134 default:
135 return "unknown";
136 }
137}
138
139/*
140 * It looks like it is unnecessary to attach manufacturer to the
141 * remaining data: SSFDC prescribes manufacturer-independent id codes.
142 *
143 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
144 */
145
146static struct nand_flash_dev nand_flash_ids[] = {
147 /* NAND flash */
148 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
149 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
150 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
151 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
152 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
153 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
154 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
155 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
156 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
157 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
158 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
159 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
160 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
161
162 /* MASK ROM */
163 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
164 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
165 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
166 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
167 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
168 { 0,}
169};
170
171static struct nand_flash_dev *
172nand_find_id(unsigned char id) {
173 int i;
174
175 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
176 if (nand_flash_ids[i].model_id == id)
177 return &(nand_flash_ids[i]);
178 return NULL;
179}
180
181/*
182 * ECC computation.
183 */
184static unsigned char parity[256];
185static unsigned char ecc2[256];
186
187static void nand_init_ecc(void) {
188 int i, j, a;
189
190 parity[0] = 0;
191 for (i = 1; i < 256; i++)
192 parity[i] = (parity[i&(i-1)] ^ 1);
193
194 for (i = 0; i < 256; i++) {
195 a = 0;
196 for (j = 0; j < 8; j++) {
197 if (i & (1<<j)) {
198 if ((j & 1) == 0)
199 a ^= 0x04;
200 if ((j & 2) == 0)
201 a ^= 0x10;
202 if ((j & 4) == 0)
203 a ^= 0x40;
204 }
205 }
206 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
207 }
208}
209
210/* compute 3-byte ecc on 256 bytes */
211static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
212 int i, j, a;
213 unsigned char par = 0, bit, bits[8] = {0};
214
215 /* collect 16 checksum bits */
216 for (i = 0; i < 256; i++) {
217 par ^= data[i];
218 bit = parity[data[i]];
219 for (j = 0; j < 8; j++)
220 if ((i & (1<<j)) == 0)
221 bits[j] ^= bit;
222 }
223
224 /* put 4+4+4 = 12 bits in the ecc */
225 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
226 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
227
228 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
229 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
230
231 ecc[2] = ecc2[par];
232}
233
234static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
235 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
236}
237
238static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
239 memcpy(data, ecc, 3);
240}
241
242/*
243 * The actual driver starts here.
244 */
245
246struct sddr09_card_info {
247 unsigned long capacity; /* Size of card in bytes */
248 int pagesize; /* Size of page in bytes */
249 int pageshift; /* log2 of pagesize */
250 int blocksize; /* Size of block in pages */
251 int blockshift; /* log2 of blocksize */
252 int blockmask; /* 2^blockshift - 1 */
253 int *lba_to_pba; /* logical to physical map */
254 int *pba_to_lba; /* physical to logical map */
255 int lbact; /* number of available pages */
256 int flags;
257#define SDDR09_WP 1 /* write protected */
258};
259
260/*
261 * On my 16MB card, control blocks have size 64 (16 real control bytes,
262 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
263 * so the reader makes up the remaining 48. Don't know whether these numbers
264 * depend on the card. For now a constant.
265 */
266#define CONTROL_SHIFT 6
267
268/*
269 * On my Combo CF/SM reader, the SM reader has LUN 1.
270 * (and things fail with LUN 0).
271 * It seems LUN is irrelevant for others.
272 */
273#define LUN 1
274#define LUNBITS (LUN << 5)
275
276/*
277 * LBA and PBA are unsigned ints. Special values.
278 */
279#define UNDEF 0xffffffff
280#define SPARE 0xfffffffe
281#define UNUSABLE 0xfffffffd
282
283static const int erase_bad_lba_entries = 0;
284
285/* send vendor interface command (0x41) */
286/* called for requests 0, 1, 8 */
287static int
288sddr09_send_command(struct us_data *us,
289 unsigned char request,
290 unsigned char direction,
291 unsigned char *xfer_data,
292 unsigned int xfer_len) {
293 unsigned int pipe;
294 unsigned char requesttype = (0x41 | direction);
295 int rc;
296
297 // Get the receive or send control pipe number
298
299 if (direction == USB_DIR_IN)
300 pipe = us->recv_ctrl_pipe;
301 else
302 pipe = us->send_ctrl_pipe;
303
304 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
305 0, 0, xfer_data, xfer_len);
306 switch (rc) {
307 case USB_STOR_XFER_GOOD: return 0;
308 case USB_STOR_XFER_STALLED: return -EPIPE;
309 default: return -EIO;
310 }
311}
312
313static int
314sddr09_send_scsi_command(struct us_data *us,
315 unsigned char *command,
316 unsigned int command_len) {
317 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
318}
319
320#if 0
321/*
322 * Test Unit Ready Command: 12 bytes.
323 * byte 0: opcode: 00
324 */
325static int
326sddr09_test_unit_ready(struct us_data *us) {
327 unsigned char *command = us->iobuf;
328 int result;
329
330 memset(command, 0, 6);
331 command[1] = LUNBITS;
332
333 result = sddr09_send_scsi_command(us, command, 6);
334
335 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
336
337 return result;
338}
339#endif
340
341/*
342 * Request Sense Command: 12 bytes.
343 * byte 0: opcode: 03
344 * byte 4: data length
345 */
346static int
347sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
348 unsigned char *command = us->iobuf;
349 int result;
350
351 memset(command, 0, 12);
352 command[0] = 0x03;
353 command[1] = LUNBITS;
354 command[4] = buflen;
355
356 result = sddr09_send_scsi_command(us, command, 12);
357 if (result)
358 return result;
359
360 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
361 sensebuf, buflen, NULL);
362 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
363}
364
365/*
366 * Read Command: 12 bytes.
367 * byte 0: opcode: E8
368 * byte 1: last two bits: 00: read data, 01: read blockwise control,
369 * 10: read both, 11: read pagewise control.
370 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
371 * bytes 2-5: address (interpretation depends on byte 1, see below)
372 * bytes 10-11: count (idem)
373 *
374 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
375 * A read data command gets data in 512-byte pages.
376 * A read control command gets control in 64-byte chunks.
377 * A read both command gets data+control in 576-byte chunks.
378 *
379 * Blocks are groups of 32 pages, and read blockwise control jumps to the
380 * next block, while read pagewise control jumps to the next page after
381 * reading a group of 64 control bytes.
382 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
383 *
384 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
385 */
386
387static int
388sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
389 int nr_of_pages, int bulklen, unsigned char *buf,
390 int use_sg) {
391
392 unsigned char *command = us->iobuf;
393 int result;
394
395 command[0] = 0xE8;
396 command[1] = LUNBITS | x;
397 command[2] = MSB_of(fromaddress>>16);
398 command[3] = LSB_of(fromaddress>>16);
399 command[4] = MSB_of(fromaddress & 0xFFFF);
400 command[5] = LSB_of(fromaddress & 0xFFFF);
401 command[6] = 0;
402 command[7] = 0;
403 command[8] = 0;
404 command[9] = 0;
405 command[10] = MSB_of(nr_of_pages);
406 command[11] = LSB_of(nr_of_pages);
407
408 result = sddr09_send_scsi_command(us, command, 12);
409
410 if (result) {
411 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
412 x, result);
413 return result;
414 }
415
416 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
417 buf, bulklen, use_sg, NULL);
418
419 if (result != USB_STOR_XFER_GOOD) {
420 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
421 x, result);
422 return -EIO;
423 }
424 return 0;
425}
426
427/*
428 * Read Data
429 *
430 * fromaddress counts data shorts:
431 * increasing it by 256 shifts the bytestream by 512 bytes;
432 * the last 8 bits are ignored.
433 *
434 * nr_of_pages counts pages of size (1 << pageshift).
435 */
436static int
437sddr09_read20(struct us_data *us, unsigned long fromaddress,
438 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
439 int bulklen = nr_of_pages << pageshift;
440
441 /* The last 8 bits of fromaddress are ignored. */
442 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
443 buf, use_sg);
444}
445
446/*
447 * Read Blockwise Control
448 *
449 * fromaddress gives the starting position (as in read data;
450 * the last 8 bits are ignored); increasing it by 32*256 shifts
451 * the output stream by 64 bytes.
452 *
453 * count counts control groups of size (1 << controlshift).
454 * For me, controlshift = 6. Is this constant?
455 *
456 * After getting one control group, jump to the next block
457 * (fromaddress += 8192).
458 */
459static int
460sddr09_read21(struct us_data *us, unsigned long fromaddress,
461 int count, int controlshift, unsigned char *buf, int use_sg) {
462
463 int bulklen = (count << controlshift);
464 return sddr09_readX(us, 1, fromaddress, count, bulklen,
465 buf, use_sg);
466}
467
468/*
469 * Read both Data and Control
470 *
471 * fromaddress counts data shorts, ignoring control:
472 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
473 * the last 8 bits are ignored.
474 *
475 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
476 */
477static int
478sddr09_read22(struct us_data *us, unsigned long fromaddress,
479 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
480
481 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
482 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
483 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
484 buf, use_sg);
485}
486
487#if 0
488/*
489 * Read Pagewise Control
490 *
491 * fromaddress gives the starting position (as in read data;
492 * the last 8 bits are ignored); increasing it by 256 shifts
493 * the output stream by 64 bytes.
494 *
495 * count counts control groups of size (1 << controlshift).
496 * For me, controlshift = 6. Is this constant?
497 *
498 * After getting one control group, jump to the next page
499 * (fromaddress += 256).
500 */
501static int
502sddr09_read23(struct us_data *us, unsigned long fromaddress,
503 int count, int controlshift, unsigned char *buf, int use_sg) {
504
505 int bulklen = (count << controlshift);
506 return sddr09_readX(us, 3, fromaddress, count, bulklen,
507 buf, use_sg);
508}
509#endif
510
511/*
512 * Erase Command: 12 bytes.
513 * byte 0: opcode: EA
514 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
515 *
516 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
517 * The byte address being erased is 2*Eaddress.
518 * The CIS cannot be erased.
519 */
520static int
521sddr09_erase(struct us_data *us, unsigned long Eaddress) {
522 unsigned char *command = us->iobuf;
523 int result;
524
525 usb_stor_dbg(us, "erase address %lu\n", Eaddress);
526
527 memset(command, 0, 12);
528 command[0] = 0xEA;
529 command[1] = LUNBITS;
530 command[6] = MSB_of(Eaddress>>16);
531 command[7] = LSB_of(Eaddress>>16);
532 command[8] = MSB_of(Eaddress & 0xFFFF);
533 command[9] = LSB_of(Eaddress & 0xFFFF);
534
535 result = sddr09_send_scsi_command(us, command, 12);
536
537 if (result)
538 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
539 result);
540
541 return result;
542}
543
544/*
545 * Write CIS Command: 12 bytes.
546 * byte 0: opcode: EE
547 * bytes 2-5: write address in shorts
548 * bytes 10-11: sector count
549 *
550 * This writes at the indicated address. Don't know how it differs
551 * from E9. Maybe it does not erase? However, it will also write to
552 * the CIS.
553 *
554 * When two such commands on the same page follow each other directly,
555 * the second one is not done.
556 */
557
558/*
559 * Write Command: 12 bytes.
560 * byte 0: opcode: E9
561 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
562 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
563 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
564 *
565 * If write address equals erase address, the erase is done first,
566 * otherwise the write is done first. When erase address equals zero
567 * no erase is done?
568 */
569static int
570sddr09_writeX(struct us_data *us,
571 unsigned long Waddress, unsigned long Eaddress,
572 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
573
574 unsigned char *command = us->iobuf;
575 int result;
576
577 command[0] = 0xE9;
578 command[1] = LUNBITS;
579
580 command[2] = MSB_of(Waddress>>16);
581 command[3] = LSB_of(Waddress>>16);
582 command[4] = MSB_of(Waddress & 0xFFFF);
583 command[5] = LSB_of(Waddress & 0xFFFF);
584
585 command[6] = MSB_of(Eaddress>>16);
586 command[7] = LSB_of(Eaddress>>16);
587 command[8] = MSB_of(Eaddress & 0xFFFF);
588 command[9] = LSB_of(Eaddress & 0xFFFF);
589
590 command[10] = MSB_of(nr_of_pages);
591 command[11] = LSB_of(nr_of_pages);
592
593 result = sddr09_send_scsi_command(us, command, 12);
594
595 if (result) {
596 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
597 result);
598 return result;
599 }
600
601 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
602 buf, bulklen, use_sg, NULL);
603
604 if (result != USB_STOR_XFER_GOOD) {
605 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
606 result);
607 return -EIO;
608 }
609 return 0;
610}
611
612/* erase address, write same address */
613static int
614sddr09_write_inplace(struct us_data *us, unsigned long address,
615 int nr_of_pages, int pageshift, unsigned char *buf,
616 int use_sg) {
617 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
618 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
619 buf, use_sg);
620}
621
622#if 0
623/*
624 * Read Scatter Gather Command: 3+4n bytes.
625 * byte 0: opcode E7
626 * byte 2: n
627 * bytes 4i-1,4i,4i+1: page address
628 * byte 4i+2: page count
629 * (i=1..n)
630 *
631 * This reads several pages from the card to a single memory buffer.
632 * The last two bits of byte 1 have the same meaning as for E8.
633 */
634static int
635sddr09_read_sg_test_only(struct us_data *us) {
636 unsigned char *command = us->iobuf;
637 int result, bulklen, nsg, ct;
638 unsigned char *buf;
639 unsigned long address;
640
641 nsg = bulklen = 0;
642 command[0] = 0xE7;
643 command[1] = LUNBITS;
644 command[2] = 0;
645 address = 040000; ct = 1;
646 nsg++;
647 bulklen += (ct << 9);
648 command[4*nsg+2] = ct;
649 command[4*nsg+1] = ((address >> 9) & 0xFF);
650 command[4*nsg+0] = ((address >> 17) & 0xFF);
651 command[4*nsg-1] = ((address >> 25) & 0xFF);
652
653 address = 0340000; ct = 1;
654 nsg++;
655 bulklen += (ct << 9);
656 command[4*nsg+2] = ct;
657 command[4*nsg+1] = ((address >> 9) & 0xFF);
658 command[4*nsg+0] = ((address >> 17) & 0xFF);
659 command[4*nsg-1] = ((address >> 25) & 0xFF);
660
661 address = 01000000; ct = 2;
662 nsg++;
663 bulklen += (ct << 9);
664 command[4*nsg+2] = ct;
665 command[4*nsg+1] = ((address >> 9) & 0xFF);
666 command[4*nsg+0] = ((address >> 17) & 0xFF);
667 command[4*nsg-1] = ((address >> 25) & 0xFF);
668
669 command[2] = nsg;
670
671 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
672
673 if (result) {
674 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
675 result);
676 return result;
677 }
678
679 buf = kmalloc(bulklen, GFP_NOIO);
680 if (!buf)
681 return -ENOMEM;
682
683 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
684 buf, bulklen, NULL);
685 kfree(buf);
686 if (result != USB_STOR_XFER_GOOD) {
687 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
688 result);
689 return -EIO;
690 }
691
692 return 0;
693}
694#endif
695
696/*
697 * Read Status Command: 12 bytes.
698 * byte 0: opcode: EC
699 *
700 * Returns 64 bytes, all zero except for the first.
701 * bit 0: 1: Error
702 * bit 5: 1: Suspended
703 * bit 6: 1: Ready
704 * bit 7: 1: Not write-protected
705 */
706
707static int
708sddr09_read_status(struct us_data *us, unsigned char *status) {
709
710 unsigned char *command = us->iobuf;
711 unsigned char *data = us->iobuf;
712 int result;
713
714 usb_stor_dbg(us, "Reading status...\n");
715
716 memset(command, 0, 12);
717 command[0] = 0xEC;
718 command[1] = LUNBITS;
719
720 result = sddr09_send_scsi_command(us, command, 12);
721 if (result)
722 return result;
723
724 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
725 data, 64, NULL);
726 *status = data[0];
727 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
728}
729
730static int
731sddr09_read_data(struct us_data *us,
732 unsigned long address,
733 unsigned int sectors) {
734
735 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
736 unsigned char *buffer;
737 unsigned int lba, maxlba, pba;
738 unsigned int page, pages;
739 unsigned int len, offset;
740 struct scatterlist *sg;
741 int result;
742
743 // Figure out the initial LBA and page
744 lba = address >> info->blockshift;
745 page = (address & info->blockmask);
746 maxlba = info->capacity >> (info->pageshift + info->blockshift);
747 if (lba >= maxlba)
748 return -EIO;
749
750 // Since we only read in one block at a time, we have to create
751 // a bounce buffer and move the data a piece at a time between the
752 // bounce buffer and the actual transfer buffer.
753
754 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
755 buffer = kmalloc(len, GFP_NOIO);
756 if (!buffer)
757 return -ENOMEM;
758
759 // This could be made much more efficient by checking for
760 // contiguous LBA's. Another exercise left to the student.
761
762 result = 0;
763 offset = 0;
764 sg = NULL;
765
766 while (sectors > 0) {
767
768 /* Find number of pages we can read in this block */
769 pages = min(sectors, info->blocksize - page);
770 len = pages << info->pageshift;
771
772 /* Not overflowing capacity? */
773 if (lba >= maxlba) {
774 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
775 lba, maxlba);
776 result = -EIO;
777 break;
778 }
779
780 /* Find where this lba lives on disk */
781 pba = info->lba_to_pba[lba];
782
783 if (pba == UNDEF) { /* this lba was never written */
784
785 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
786 pages, lba, page);
787
788 /*
789 * This is not really an error. It just means
790 * that the block has never been written.
791 * Instead of returning an error
792 * it is better to return all zero data.
793 */
794
795 memset(buffer, 0, len);
796
797 } else {
798 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
799 pages, pba, lba, page);
800
801 address = ((pba << info->blockshift) + page) <<
802 info->pageshift;
803
804 result = sddr09_read20(us, address>>1,
805 pages, info->pageshift, buffer, 0);
806 if (result)
807 break;
808 }
809
810 // Store the data in the transfer buffer
811 usb_stor_access_xfer_buf(buffer, len, us->srb,
812 &sg, &offset, TO_XFER_BUF);
813
814 page = 0;
815 lba++;
816 sectors -= pages;
817 }
818
819 kfree(buffer);
820 return result;
821}
822
823static unsigned int
824sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
825 static unsigned int lastpba = 1;
826 int zonestart, end, i;
827
828 zonestart = (lba/1000) << 10;
829 end = info->capacity >> (info->blockshift + info->pageshift);
830 end -= zonestart;
831 if (end > 1024)
832 end = 1024;
833
834 for (i = lastpba+1; i < end; i++) {
835 if (info->pba_to_lba[zonestart+i] == UNDEF) {
836 lastpba = i;
837 return zonestart+i;
838 }
839 }
840 for (i = 0; i <= lastpba; i++) {
841 if (info->pba_to_lba[zonestart+i] == UNDEF) {
842 lastpba = i;
843 return zonestart+i;
844 }
845 }
846 return 0;
847}
848
849static int
850sddr09_write_lba(struct us_data *us, unsigned int lba,
851 unsigned int page, unsigned int pages,
852 unsigned char *ptr, unsigned char *blockbuffer) {
853
854 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
855 unsigned long address;
856 unsigned int pba, lbap;
857 unsigned int pagelen;
858 unsigned char *bptr, *cptr, *xptr;
859 unsigned char ecc[3];
860 int i, result;
861
862 lbap = ((lba % 1000) << 1) | 0x1000;
863 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
864 lbap ^= 1;
865 pba = info->lba_to_pba[lba];
866
867 if (pba == UNDEF) {
868 pba = sddr09_find_unused_pba(info, lba);
869 if (!pba) {
870 printk(KERN_WARNING
871 "sddr09_write_lba: Out of unused blocks\n");
872 return -ENOSPC;
873 }
874 info->pba_to_lba[pba] = lba;
875 info->lba_to_pba[lba] = pba;
876 }
877
878 if (pba == 1) {
879 /*
880 * Maybe it is impossible to write to PBA 1.
881 * Fake success, but don't do anything.
882 */
883 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
884 return 0;
885 }
886
887 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
888
889 /* read old contents */
890 address = (pba << (info->pageshift + info->blockshift));
891 result = sddr09_read22(us, address>>1, info->blocksize,
892 info->pageshift, blockbuffer, 0);
893 if (result)
894 return result;
895
896 /* check old contents and fill lba */
897 for (i = 0; i < info->blocksize; i++) {
898 bptr = blockbuffer + i*pagelen;
899 cptr = bptr + info->pagesize;
900 nand_compute_ecc(bptr, ecc);
901 if (!nand_compare_ecc(cptr+13, ecc)) {
902 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
903 i, pba);
904 nand_store_ecc(cptr+13, ecc);
905 }
906 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
907 if (!nand_compare_ecc(cptr+8, ecc)) {
908 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
909 i, pba);
910 nand_store_ecc(cptr+8, ecc);
911 }
912 cptr[6] = cptr[11] = MSB_of(lbap);
913 cptr[7] = cptr[12] = LSB_of(lbap);
914 }
915
916 /* copy in new stuff and compute ECC */
917 xptr = ptr;
918 for (i = page; i < page+pages; i++) {
919 bptr = blockbuffer + i*pagelen;
920 cptr = bptr + info->pagesize;
921 memcpy(bptr, xptr, info->pagesize);
922 xptr += info->pagesize;
923 nand_compute_ecc(bptr, ecc);
924 nand_store_ecc(cptr+13, ecc);
925 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
926 nand_store_ecc(cptr+8, ecc);
927 }
928
929 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
930
931 result = sddr09_write_inplace(us, address>>1, info->blocksize,
932 info->pageshift, blockbuffer, 0);
933
934 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
935
936#if 0
937 {
938 unsigned char status = 0;
939 int result2 = sddr09_read_status(us, &status);
940 if (result2)
941 usb_stor_dbg(us, "cannot read status\n");
942 else if (status != 0xc0)
943 usb_stor_dbg(us, "status after write: 0x%x\n", status);
944 }
945#endif
946
947#if 0
948 {
949 int result2 = sddr09_test_unit_ready(us);
950 }
951#endif
952
953 return result;
954}
955
956static int
957sddr09_write_data(struct us_data *us,
958 unsigned long address,
959 unsigned int sectors) {
960
961 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
962 unsigned int lba, maxlba, page, pages;
963 unsigned int pagelen, blocklen;
964 unsigned char *blockbuffer;
965 unsigned char *buffer;
966 unsigned int len, offset;
967 struct scatterlist *sg;
968 int result;
969
970 /* Figure out the initial LBA and page */
971 lba = address >> info->blockshift;
972 page = (address & info->blockmask);
973 maxlba = info->capacity >> (info->pageshift + info->blockshift);
974 if (lba >= maxlba)
975 return -EIO;
976
977 /*
978 * blockbuffer is used for reading in the old data, overwriting
979 * with the new data, and performing ECC calculations
980 */
981
982 /*
983 * TODO: instead of doing kmalloc/kfree for each write,
984 * add a bufferpointer to the info structure
985 */
986
987 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
988 blocklen = (pagelen << info->blockshift);
989 blockbuffer = kmalloc(blocklen, GFP_NOIO);
990 if (!blockbuffer)
991 return -ENOMEM;
992
993 /*
994 * Since we don't write the user data directly to the device,
995 * we have to create a bounce buffer and move the data a piece
996 * at a time between the bounce buffer and the actual transfer buffer.
997 */
998
999 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1000 buffer = kmalloc(len, GFP_NOIO);
1001 if (!buffer) {
1002 kfree(blockbuffer);
1003 return -ENOMEM;
1004 }
1005
1006 result = 0;
1007 offset = 0;
1008 sg = NULL;
1009
1010 while (sectors > 0) {
1011
1012 /* Write as many sectors as possible in this block */
1013
1014 pages = min(sectors, info->blocksize - page);
1015 len = (pages << info->pageshift);
1016
1017 /* Not overflowing capacity? */
1018 if (lba >= maxlba) {
1019 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1020 lba, maxlba);
1021 result = -EIO;
1022 break;
1023 }
1024
1025 /* Get the data from the transfer buffer */
1026 usb_stor_access_xfer_buf(buffer, len, us->srb,
1027 &sg, &offset, FROM_XFER_BUF);
1028
1029 result = sddr09_write_lba(us, lba, page, pages,
1030 buffer, blockbuffer);
1031 if (result)
1032 break;
1033
1034 page = 0;
1035 lba++;
1036 sectors -= pages;
1037 }
1038
1039 kfree(buffer);
1040 kfree(blockbuffer);
1041
1042 return result;
1043}
1044
1045static int
1046sddr09_read_control(struct us_data *us,
1047 unsigned long address,
1048 unsigned int blocks,
1049 unsigned char *content,
1050 int use_sg) {
1051
1052 usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1053 address, blocks);
1054
1055 return sddr09_read21(us, address, blocks,
1056 CONTROL_SHIFT, content, use_sg);
1057}
1058
1059/*
1060 * Read Device ID Command: 12 bytes.
1061 * byte 0: opcode: ED
1062 *
1063 * Returns 2 bytes: Manufacturer ID and Device ID.
1064 * On more recent cards 3 bytes: the third byte is an option code A5
1065 * signifying that the secret command to read an 128-bit ID is available.
1066 * On still more recent cards 4 bytes: the fourth byte C0 means that
1067 * a second read ID cmd is available.
1068 */
1069static int
1070sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1071 unsigned char *command = us->iobuf;
1072 unsigned char *content = us->iobuf;
1073 int result, i;
1074
1075 memset(command, 0, 12);
1076 command[0] = 0xED;
1077 command[1] = LUNBITS;
1078
1079 result = sddr09_send_scsi_command(us, command, 12);
1080 if (result)
1081 return result;
1082
1083 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1084 content, 64, NULL);
1085
1086 for (i = 0; i < 4; i++)
1087 deviceID[i] = content[i];
1088
1089 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1090}
1091
1092static int
1093sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1094 int result;
1095 unsigned char status;
1096 const char *wp_fmt;
1097
1098 result = sddr09_read_status(us, &status);
1099 if (result) {
1100 usb_stor_dbg(us, "read_status fails\n");
1101 return result;
1102 }
1103 if ((status & 0x80) == 0) {
1104 info->flags |= SDDR09_WP; /* write protected */
1105 wp_fmt = " WP";
1106 } else {
1107 wp_fmt = "";
1108 }
1109 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1110 status & 0x40 ? " Ready" : "",
1111 status & LUNBITS ? " Suspended" : "",
1112 status & 0x01 ? " Error" : "");
1113
1114 return 0;
1115}
1116
1117#if 0
1118/*
1119 * Reset Command: 12 bytes.
1120 * byte 0: opcode: EB
1121 */
1122static int
1123sddr09_reset(struct us_data *us) {
1124
1125 unsigned char *command = us->iobuf;
1126
1127 memset(command, 0, 12);
1128 command[0] = 0xEB;
1129 command[1] = LUNBITS;
1130
1131 return sddr09_send_scsi_command(us, command, 12);
1132}
1133#endif
1134
1135static struct nand_flash_dev *
1136sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1137 struct nand_flash_dev *cardinfo;
1138 unsigned char deviceID[4];
1139 char blurbtxt[256];
1140 int result;
1141
1142 usb_stor_dbg(us, "Reading capacity...\n");
1143
1144 result = sddr09_read_deviceID(us, deviceID);
1145
1146 if (result) {
1147 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1148 printk(KERN_WARNING "sddr09: could not read card info\n");
1149 return NULL;
1150 }
1151
1152 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1153
1154 /* Byte 0 is the manufacturer */
1155 sprintf(blurbtxt + strlen(blurbtxt),
1156 ": Manuf. %s",
1157 nand_flash_manufacturer(deviceID[0]));
1158
1159 /* Byte 1 is the device type */
1160 cardinfo = nand_find_id(deviceID[1]);
1161 if (cardinfo) {
1162 /*
1163 * MB or MiB? It is neither. A 16 MB card has
1164 * 17301504 raw bytes, of which 16384000 are
1165 * usable for user data.
1166 */
1167 sprintf(blurbtxt + strlen(blurbtxt),
1168 ", %d MB", 1<<(cardinfo->chipshift - 20));
1169 } else {
1170 sprintf(blurbtxt + strlen(blurbtxt),
1171 ", type unrecognized");
1172 }
1173
1174 /* Byte 2 is code to signal availability of 128-bit ID */
1175 if (deviceID[2] == 0xa5) {
1176 sprintf(blurbtxt + strlen(blurbtxt),
1177 ", 128-bit ID");
1178 }
1179
1180 /* Byte 3 announces the availability of another read ID command */
1181 if (deviceID[3] == 0xc0) {
1182 sprintf(blurbtxt + strlen(blurbtxt),
1183 ", extra cmd");
1184 }
1185
1186 if (flags & SDDR09_WP)
1187 sprintf(blurbtxt + strlen(blurbtxt),
1188 ", WP");
1189
1190 printk(KERN_WARNING "%s\n", blurbtxt);
1191
1192 return cardinfo;
1193}
1194
1195static int
1196sddr09_read_map(struct us_data *us) {
1197
1198 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1199 int numblocks, alloc_len, alloc_blocks;
1200 int i, j, result;
1201 unsigned char *buffer, *buffer_end, *ptr;
1202 unsigned int lba, lbact;
1203
1204 if (!info->capacity)
1205 return -1;
1206
1207 /*
1208 * size of a block is 1 << (blockshift + pageshift) bytes
1209 * divide into the total capacity to get the number of blocks
1210 */
1211
1212 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1213
1214 /*
1215 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1216 * but only use a 64 KB buffer
1217 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1218 */
1219#define SDDR09_READ_MAP_BUFSZ 65536
1220
1221 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1222 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1223 buffer = kmalloc(alloc_len, GFP_NOIO);
1224 if (!buffer) {
1225 result = -1;
1226 goto done;
1227 }
1228 buffer_end = buffer + alloc_len;
1229
1230#undef SDDR09_READ_MAP_BUFSZ
1231
1232 kfree(info->lba_to_pba);
1233 kfree(info->pba_to_lba);
1234 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1235 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1236
1237 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1238 printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1239 result = -1;
1240 goto done;
1241 }
1242
1243 for (i = 0; i < numblocks; i++)
1244 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1245
1246 /*
1247 * Define lba-pba translation table
1248 */
1249
1250 ptr = buffer_end;
1251 for (i = 0; i < numblocks; i++) {
1252 ptr += (1 << CONTROL_SHIFT);
1253 if (ptr >= buffer_end) {
1254 unsigned long address;
1255
1256 address = i << (info->pageshift + info->blockshift);
1257 result = sddr09_read_control(
1258 us, address>>1,
1259 min(alloc_blocks, numblocks - i),
1260 buffer, 0);
1261 if (result) {
1262 result = -1;
1263 goto done;
1264 }
1265 ptr = buffer;
1266 }
1267
1268 if (i == 0 || i == 1) {
1269 info->pba_to_lba[i] = UNUSABLE;
1270 continue;
1271 }
1272
1273 /* special PBAs have control field 0^16 */
1274 for (j = 0; j < 16; j++)
1275 if (ptr[j] != 0)
1276 goto nonz;
1277 info->pba_to_lba[i] = UNUSABLE;
1278 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1279 i);
1280 continue;
1281
1282 nonz:
1283 /* unwritten PBAs have control field FF^16 */
1284 for (j = 0; j < 16; j++)
1285 if (ptr[j] != 0xff)
1286 goto nonff;
1287 continue;
1288
1289 nonff:
1290 /* normal PBAs start with six FFs */
1291 if (j < 6) {
1292 printk(KERN_WARNING
1293 "sddr09: PBA %d has no logical mapping: "
1294 "reserved area = %02X%02X%02X%02X "
1295 "data status %02X block status %02X\n",
1296 i, ptr[0], ptr[1], ptr[2], ptr[3],
1297 ptr[4], ptr[5]);
1298 info->pba_to_lba[i] = UNUSABLE;
1299 continue;
1300 }
1301
1302 if ((ptr[6] >> 4) != 0x01) {
1303 printk(KERN_WARNING
1304 "sddr09: PBA %d has invalid address field "
1305 "%02X%02X/%02X%02X\n",
1306 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1307 info->pba_to_lba[i] = UNUSABLE;
1308 continue;
1309 }
1310
1311 /* check even parity */
1312 if (parity[ptr[6] ^ ptr[7]]) {
1313 printk(KERN_WARNING
1314 "sddr09: Bad parity in LBA for block %d"
1315 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1316 info->pba_to_lba[i] = UNUSABLE;
1317 continue;
1318 }
1319
1320 lba = short_pack(ptr[7], ptr[6]);
1321 lba = (lba & 0x07FF) >> 1;
1322
1323 /*
1324 * Every 1024 physical blocks ("zone"), the LBA numbers
1325 * go back to zero, but are within a higher block of LBA's.
1326 * Also, there is a maximum of 1000 LBA's per zone.
1327 * In other words, in PBA 1024-2047 you will find LBA 0-999
1328 * which are really LBA 1000-1999. This allows for 24 bad
1329 * or special physical blocks per zone.
1330 */
1331
1332 if (lba >= 1000) {
1333 printk(KERN_WARNING
1334 "sddr09: Bad low LBA %d for block %d\n",
1335 lba, i);
1336 goto possibly_erase;
1337 }
1338
1339 lba += 1000*(i/0x400);
1340
1341 if (info->lba_to_pba[lba] != UNDEF) {
1342 printk(KERN_WARNING
1343 "sddr09: LBA %d seen for PBA %d and %d\n",
1344 lba, info->lba_to_pba[lba], i);
1345 goto possibly_erase;
1346 }
1347
1348 info->pba_to_lba[i] = lba;
1349 info->lba_to_pba[lba] = i;
1350 continue;
1351
1352 possibly_erase:
1353 if (erase_bad_lba_entries) {
1354 unsigned long address;
1355
1356 address = (i << (info->pageshift + info->blockshift));
1357 sddr09_erase(us, address>>1);
1358 info->pba_to_lba[i] = UNDEF;
1359 } else
1360 info->pba_to_lba[i] = UNUSABLE;
1361 }
1362
1363 /*
1364 * Approximate capacity. This is not entirely correct yet,
1365 * since a zone with less than 1000 usable pages leads to
1366 * missing LBAs. Especially if it is the last zone, some
1367 * LBAs can be past capacity.
1368 */
1369 lbact = 0;
1370 for (i = 0; i < numblocks; i += 1024) {
1371 int ct = 0;
1372
1373 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1374 if (info->pba_to_lba[i+j] != UNUSABLE) {
1375 if (ct >= 1000)
1376 info->pba_to_lba[i+j] = SPARE;
1377 else
1378 ct++;
1379 }
1380 }
1381 lbact += ct;
1382 }
1383 info->lbact = lbact;
1384 usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1385 result = 0;
1386
1387 done:
1388 if (result != 0) {
1389 kfree(info->lba_to_pba);
1390 kfree(info->pba_to_lba);
1391 info->lba_to_pba = NULL;
1392 info->pba_to_lba = NULL;
1393 }
1394 kfree(buffer);
1395 return result;
1396}
1397
1398static void
1399sddr09_card_info_destructor(void *extra) {
1400 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1401
1402 if (!info)
1403 return;
1404
1405 kfree(info->lba_to_pba);
1406 kfree(info->pba_to_lba);
1407}
1408
1409static int
1410sddr09_common_init(struct us_data *us) {
1411 int result;
1412
1413 /* set the configuration -- STALL is an acceptable response here */
1414 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1415 usb_stor_dbg(us, "active config #%d != 1 ??\n",
1416 us->pusb_dev->actconfig->desc.bConfigurationValue);
1417 return -EINVAL;
1418 }
1419
1420 result = usb_reset_configuration(us->pusb_dev);
1421 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1422 if (result == -EPIPE) {
1423 usb_stor_dbg(us, "-- stall on control interface\n");
1424 } else if (result != 0) {
1425 /* it's not a stall, but another error -- time to bail */
1426 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n");
1427 return -EINVAL;
1428 }
1429
1430 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1431 if (!us->extra)
1432 return -ENOMEM;
1433 us->extra_destructor = sddr09_card_info_destructor;
1434
1435 nand_init_ecc();
1436 return 0;
1437}
1438
1439
1440/*
1441 * This is needed at a very early stage. If this is not listed in the
1442 * unusual devices list but called from here then LUN 0 of the combo reader
1443 * is not recognized. But I do not know what precisely these calls do.
1444 */
1445static int
1446usb_stor_sddr09_dpcm_init(struct us_data *us) {
1447 int result;
1448 unsigned char *data = us->iobuf;
1449
1450 result = sddr09_common_init(us);
1451 if (result)
1452 return result;
1453
1454 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1455 if (result) {
1456 usb_stor_dbg(us, "send_command fails\n");
1457 return result;
1458 }
1459
1460 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1461 // get 07 02
1462
1463 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1464 if (result) {
1465 usb_stor_dbg(us, "2nd send_command fails\n");
1466 return result;
1467 }
1468
1469 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1470 // get 07 00
1471
1472 result = sddr09_request_sense(us, data, 18);
1473 if (result == 0 && data[2] != 0) {
1474 int j;
1475 for (j=0; j<18; j++)
1476 printk(" %02X", data[j]);
1477 printk("\n");
1478 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1479 // 70: current command
1480 // sense key 0, sense code 0, extd sense code 0
1481 // additional transfer length * = sizeof(data) - 7
1482 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1483 // sense key 06, sense code 28: unit attention,
1484 // not ready to ready transition
1485 }
1486
1487 // test unit ready
1488
1489 return 0; /* not result */
1490}
1491
1492/*
1493 * Transport for the Microtech DPCM-USB
1494 */
1495static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1496{
1497 int ret;
1498
1499 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1500
1501 switch (srb->device->lun) {
1502 case 0:
1503
1504 /*
1505 * LUN 0 corresponds to the CompactFlash card reader.
1506 */
1507 ret = usb_stor_CB_transport(srb, us);
1508 break;
1509
1510 case 1:
1511
1512 /*
1513 * LUN 1 corresponds to the SmartMedia card reader.
1514 */
1515
1516 /*
1517 * Set the LUN to 0 (just in case).
1518 */
1519 srb->device->lun = 0;
1520 ret = sddr09_transport(srb, us);
1521 srb->device->lun = 1;
1522 break;
1523
1524 default:
1525 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1526 ret = USB_STOR_TRANSPORT_ERROR;
1527 break;
1528 }
1529 return ret;
1530}
1531
1532
1533/*
1534 * Transport for the Sandisk SDDR-09
1535 */
1536static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1537{
1538 static unsigned char sensekey = 0, sensecode = 0;
1539 static unsigned char havefakesense = 0;
1540 int result, i;
1541 unsigned char *ptr = us->iobuf;
1542 unsigned long capacity;
1543 unsigned int page, pages;
1544
1545 struct sddr09_card_info *info;
1546
1547 static unsigned char inquiry_response[8] = {
1548 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1549 };
1550
1551 /* note: no block descriptor support */
1552 static unsigned char mode_page_01[19] = {
1553 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1554 0x01, 0x0A,
1555 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1556 };
1557
1558 info = (struct sddr09_card_info *)us->extra;
1559
1560 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1561 /* for a faked command, we have to follow with a faked sense */
1562 memset(ptr, 0, 18);
1563 ptr[0] = 0x70;
1564 ptr[2] = sensekey;
1565 ptr[7] = 11;
1566 ptr[12] = sensecode;
1567 usb_stor_set_xfer_buf(ptr, 18, srb);
1568 sensekey = sensecode = havefakesense = 0;
1569 return USB_STOR_TRANSPORT_GOOD;
1570 }
1571
1572 havefakesense = 1;
1573
1574 /*
1575 * Dummy up a response for INQUIRY since SDDR09 doesn't
1576 * respond to INQUIRY commands
1577 */
1578
1579 if (srb->cmnd[0] == INQUIRY) {
1580 memcpy(ptr, inquiry_response, 8);
1581 fill_inquiry_response(us, ptr, 36);
1582 return USB_STOR_TRANSPORT_GOOD;
1583 }
1584
1585 if (srb->cmnd[0] == READ_CAPACITY) {
1586 struct nand_flash_dev *cardinfo;
1587
1588 sddr09_get_wp(us, info); /* read WP bit */
1589
1590 cardinfo = sddr09_get_cardinfo(us, info->flags);
1591 if (!cardinfo) {
1592 /* probably no media */
1593 init_error:
1594 sensekey = 0x02; /* not ready */
1595 sensecode = 0x3a; /* medium not present */
1596 return USB_STOR_TRANSPORT_FAILED;
1597 }
1598
1599 info->capacity = (1 << cardinfo->chipshift);
1600 info->pageshift = cardinfo->pageshift;
1601 info->pagesize = (1 << info->pageshift);
1602 info->blockshift = cardinfo->blockshift;
1603 info->blocksize = (1 << info->blockshift);
1604 info->blockmask = info->blocksize - 1;
1605
1606 // map initialization, must follow get_cardinfo()
1607 if (sddr09_read_map(us)) {
1608 /* probably out of memory */
1609 goto init_error;
1610 }
1611
1612 // Report capacity
1613
1614 capacity = (info->lbact << info->blockshift) - 1;
1615
1616 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1617
1618 // Report page size
1619
1620 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1621 usb_stor_set_xfer_buf(ptr, 8, srb);
1622
1623 return USB_STOR_TRANSPORT_GOOD;
1624 }
1625
1626 if (srb->cmnd[0] == MODE_SENSE_10) {
1627 int modepage = (srb->cmnd[2] & 0x3F);
1628
1629 /*
1630 * They ask for the Read/Write error recovery page,
1631 * or for all pages.
1632 */
1633 /* %% We should check DBD %% */
1634 if (modepage == 0x01 || modepage == 0x3F) {
1635 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636 modepage);
1637
1638 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642 return USB_STOR_TRANSPORT_GOOD;
1643 }
1644
1645 sensekey = 0x05; /* illegal request */
1646 sensecode = 0x24; /* invalid field in CDB */
1647 return USB_STOR_TRANSPORT_FAILED;
1648 }
1649
1650 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651 return USB_STOR_TRANSPORT_GOOD;
1652
1653 havefakesense = 0;
1654
1655 if (srb->cmnd[0] == READ_10) {
1656
1657 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658 page <<= 16;
1659 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661
1662 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663 page, pages);
1664
1665 result = sddr09_read_data(us, page, pages);
1666 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667 USB_STOR_TRANSPORT_ERROR);
1668 }
1669
1670 if (srb->cmnd[0] == WRITE_10) {
1671
1672 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 page <<= 16;
1674 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676
1677 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678 page, pages);
1679
1680 result = sddr09_write_data(us, page, pages);
1681 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 USB_STOR_TRANSPORT_ERROR);
1683 }
1684
1685 /*
1686 * catch-all for all other commands, except
1687 * pass TEST_UNIT_READY and REQUEST_SENSE through
1688 */
1689 if (srb->cmnd[0] != TEST_UNIT_READY &&
1690 srb->cmnd[0] != REQUEST_SENSE) {
1691 sensekey = 0x05; /* illegal request */
1692 sensecode = 0x20; /* invalid command */
1693 havefakesense = 1;
1694 return USB_STOR_TRANSPORT_FAILED;
1695 }
1696
1697 for (; srb->cmd_len<12; srb->cmd_len++)
1698 srb->cmnd[srb->cmd_len] = 0;
1699
1700 srb->cmnd[1] = LUNBITS;
1701
1702 ptr[0] = 0;
1703 for (i=0; i<12; i++)
1704 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1705
1706 usb_stor_dbg(us, "Send control for command %s\n", ptr);
1707
1708 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1709 if (result) {
1710 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1711 result);
1712 return USB_STOR_TRANSPORT_ERROR;
1713 }
1714
1715 if (scsi_bufflen(srb) == 0)
1716 return USB_STOR_TRANSPORT_GOOD;
1717
1718 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1719 srb->sc_data_direction == DMA_FROM_DEVICE) {
1720 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1721 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1722
1723 usb_stor_dbg(us, "%s %d bytes\n",
1724 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1725 "sending" : "receiving",
1726 scsi_bufflen(srb));
1727
1728 result = usb_stor_bulk_srb(us, pipe, srb);
1729
1730 return (result == USB_STOR_XFER_GOOD ?
1731 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1732 }
1733
1734 return USB_STOR_TRANSPORT_GOOD;
1735}
1736
1737/*
1738 * Initialization routine for the sddr09 subdriver
1739 */
1740static int
1741usb_stor_sddr09_init(struct us_data *us) {
1742 return sddr09_common_init(us);
1743}
1744
1745static struct scsi_host_template sddr09_host_template;
1746
1747static int sddr09_probe(struct usb_interface *intf,
1748 const struct usb_device_id *id)
1749{
1750 struct us_data *us;
1751 int result;
1752
1753 result = usb_stor_probe1(&us, intf, id,
1754 (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1755 &sddr09_host_template);
1756 if (result)
1757 return result;
1758
1759 if (us->protocol == USB_PR_DPCM_USB) {
1760 us->transport_name = "Control/Bulk-EUSB/SDDR09";
1761 us->transport = dpcm_transport;
1762 us->transport_reset = usb_stor_CB_reset;
1763 us->max_lun = 1;
1764 } else {
1765 us->transport_name = "EUSB/SDDR09";
1766 us->transport = sddr09_transport;
1767 us->transport_reset = usb_stor_CB_reset;
1768 us->max_lun = 0;
1769 }
1770
1771 result = usb_stor_probe2(us);
1772 return result;
1773}
1774
1775static struct usb_driver sddr09_driver = {
1776 .name = DRV_NAME,
1777 .probe = sddr09_probe,
1778 .disconnect = usb_stor_disconnect,
1779 .suspend = usb_stor_suspend,
1780 .resume = usb_stor_resume,
1781 .reset_resume = usb_stor_reset_resume,
1782 .pre_reset = usb_stor_pre_reset,
1783 .post_reset = usb_stor_post_reset,
1784 .id_table = sddr09_usb_ids,
1785 .soft_unbind = 1,
1786 .no_dynamic_id = 1,
1787};
1788
1789module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);