1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/module.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 #include <scsi/scsi_device.h> 50 51 #include "usb.h" 52 #include "transport.h" 53 #include "protocol.h" 54 #include "debug.h" 55 56 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader"); 57 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>"); 58 MODULE_LICENSE("GPL"); 59 60 static int usb_stor_sddr09_dpcm_init(struct us_data *us); 61 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us); 62 static int usb_stor_sddr09_init(struct us_data *us); 63 64 65 /* 66 * The table of devices 67 */ 68 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \ 69 vendorName, productName, useProtocol, useTransport, \ 70 initFunction, flags) \ 71 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \ 72 .driver_info = (flags) } 73 74 static struct usb_device_id sddr09_usb_ids[] = { 75 # include "unusual_sddr09.h" 76 { } /* Terminating entry */ 77 }; 78 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids); 79 80 #undef UNUSUAL_DEV 81 82 /* 83 * The flags table 84 */ 85 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \ 86 vendor_name, product_name, use_protocol, use_transport, \ 87 init_function, Flags) \ 88 { \ 89 .vendorName = vendor_name, \ 90 .productName = product_name, \ 91 .useProtocol = use_protocol, \ 92 .useTransport = use_transport, \ 93 .initFunction = init_function, \ 94 } 95 96 static struct us_unusual_dev sddr09_unusual_dev_list[] = { 97 # include "unusual_sddr09.h" 98 { } /* Terminating entry */ 99 }; 100 101 #undef UNUSUAL_DEV 102 103 104 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 105 #define LSB_of(s) ((s)&0xFF) 106 #define MSB_of(s) ((s)>>8) 107 108 /* 109 * First some stuff that does not belong here: 110 * data on SmartMedia and other cards, completely 111 * unrelated to this driver. 112 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 113 */ 114 115 struct nand_flash_dev { 116 int model_id; 117 int chipshift; /* 1<<cs bytes total capacity */ 118 char pageshift; /* 1<<ps bytes in a page */ 119 char blockshift; /* 1<<bs pages in an erase block */ 120 char zoneshift; /* 1<<zs blocks in a zone */ 121 /* # of logical blocks is 125/128 of this */ 122 char pageadrlen; /* length of an address in bytes - 1 */ 123 }; 124 125 /* 126 * NAND Flash Manufacturer ID Codes 127 */ 128 #define NAND_MFR_AMD 0x01 129 #define NAND_MFR_NATSEMI 0x8f 130 #define NAND_MFR_TOSHIBA 0x98 131 #define NAND_MFR_SAMSUNG 0xec 132 133 static inline char *nand_flash_manufacturer(int manuf_id) { 134 switch(manuf_id) { 135 case NAND_MFR_AMD: 136 return "AMD"; 137 case NAND_MFR_NATSEMI: 138 return "NATSEMI"; 139 case NAND_MFR_TOSHIBA: 140 return "Toshiba"; 141 case NAND_MFR_SAMSUNG: 142 return "Samsung"; 143 default: 144 return "unknown"; 145 } 146 } 147 148 /* 149 * It looks like it is unnecessary to attach manufacturer to the 150 * remaining data: SSFDC prescribes manufacturer-independent id codes. 151 * 152 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 153 */ 154 155 static struct nand_flash_dev nand_flash_ids[] = { 156 /* NAND flash */ 157 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 158 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 159 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 160 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 161 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 162 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 163 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 164 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 165 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 166 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 167 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 168 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 169 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 170 171 /* MASK ROM */ 172 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 173 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 174 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 175 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 176 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 177 { 0,} 178 }; 179 180 static struct nand_flash_dev * 181 nand_find_id(unsigned char id) { 182 int i; 183 184 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 185 if (nand_flash_ids[i].model_id == id) 186 return &(nand_flash_ids[i]); 187 return NULL; 188 } 189 190 /* 191 * ECC computation. 192 */ 193 static unsigned char parity[256]; 194 static unsigned char ecc2[256]; 195 196 static void nand_init_ecc(void) { 197 int i, j, a; 198 199 parity[0] = 0; 200 for (i = 1; i < 256; i++) 201 parity[i] = (parity[i&(i-1)] ^ 1); 202 203 for (i = 0; i < 256; i++) { 204 a = 0; 205 for (j = 0; j < 8; j++) { 206 if (i & (1<<j)) { 207 if ((j & 1) == 0) 208 a ^= 0x04; 209 if ((j & 2) == 0) 210 a ^= 0x10; 211 if ((j & 4) == 0) 212 a ^= 0x40; 213 } 214 } 215 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 216 } 217 } 218 219 /* compute 3-byte ecc on 256 bytes */ 220 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 221 int i, j, a; 222 unsigned char par = 0, bit, bits[8] = {0}; 223 224 /* collect 16 checksum bits */ 225 for (i = 0; i < 256; i++) { 226 par ^= data[i]; 227 bit = parity[data[i]]; 228 for (j = 0; j < 8; j++) 229 if ((i & (1<<j)) == 0) 230 bits[j] ^= bit; 231 } 232 233 /* put 4+4+4 = 12 bits in the ecc */ 234 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 235 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 236 237 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 238 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 239 240 ecc[2] = ecc2[par]; 241 } 242 243 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 244 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 245 } 246 247 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 248 memcpy(data, ecc, 3); 249 } 250 251 /* 252 * The actual driver starts here. 253 */ 254 255 struct sddr09_card_info { 256 unsigned long capacity; /* Size of card in bytes */ 257 int pagesize; /* Size of page in bytes */ 258 int pageshift; /* log2 of pagesize */ 259 int blocksize; /* Size of block in pages */ 260 int blockshift; /* log2 of blocksize */ 261 int blockmask; /* 2^blockshift - 1 */ 262 int *lba_to_pba; /* logical to physical map */ 263 int *pba_to_lba; /* physical to logical map */ 264 int lbact; /* number of available pages */ 265 int flags; 266 #define SDDR09_WP 1 /* write protected */ 267 }; 268 269 /* 270 * On my 16MB card, control blocks have size 64 (16 real control bytes, 271 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 272 * so the reader makes up the remaining 48. Don't know whether these numbers 273 * depend on the card. For now a constant. 274 */ 275 #define CONTROL_SHIFT 6 276 277 /* 278 * On my Combo CF/SM reader, the SM reader has LUN 1. 279 * (and things fail with LUN 0). 280 * It seems LUN is irrelevant for others. 281 */ 282 #define LUN 1 283 #define LUNBITS (LUN << 5) 284 285 /* 286 * LBA and PBA are unsigned ints. Special values. 287 */ 288 #define UNDEF 0xffffffff 289 #define SPARE 0xfffffffe 290 #define UNUSABLE 0xfffffffd 291 292 static const int erase_bad_lba_entries = 0; 293 294 /* send vendor interface command (0x41) */ 295 /* called for requests 0, 1, 8 */ 296 static int 297 sddr09_send_command(struct us_data *us, 298 unsigned char request, 299 unsigned char direction, 300 unsigned char *xfer_data, 301 unsigned int xfer_len) { 302 unsigned int pipe; 303 unsigned char requesttype = (0x41 | direction); 304 int rc; 305 306 // Get the receive or send control pipe number 307 308 if (direction == USB_DIR_IN) 309 pipe = us->recv_ctrl_pipe; 310 else 311 pipe = us->send_ctrl_pipe; 312 313 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 314 0, 0, xfer_data, xfer_len); 315 switch (rc) { 316 case USB_STOR_XFER_GOOD: return 0; 317 case USB_STOR_XFER_STALLED: return -EPIPE; 318 default: return -EIO; 319 } 320 } 321 322 static int 323 sddr09_send_scsi_command(struct us_data *us, 324 unsigned char *command, 325 unsigned int command_len) { 326 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 327 } 328 329 #if 0 330 /* 331 * Test Unit Ready Command: 12 bytes. 332 * byte 0: opcode: 00 333 */ 334 static int 335 sddr09_test_unit_ready(struct us_data *us) { 336 unsigned char *command = us->iobuf; 337 int result; 338 339 memset(command, 0, 6); 340 command[1] = LUNBITS; 341 342 result = sddr09_send_scsi_command(us, command, 6); 343 344 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result); 345 346 return result; 347 } 348 #endif 349 350 /* 351 * Request Sense Command: 12 bytes. 352 * byte 0: opcode: 03 353 * byte 4: data length 354 */ 355 static int 356 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 357 unsigned char *command = us->iobuf; 358 int result; 359 360 memset(command, 0, 12); 361 command[0] = 0x03; 362 command[1] = LUNBITS; 363 command[4] = buflen; 364 365 result = sddr09_send_scsi_command(us, command, 12); 366 if (result) 367 return result; 368 369 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 370 sensebuf, buflen, NULL); 371 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 372 } 373 374 /* 375 * Read Command: 12 bytes. 376 * byte 0: opcode: E8 377 * byte 1: last two bits: 00: read data, 01: read blockwise control, 378 * 10: read both, 11: read pagewise control. 379 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 380 * bytes 2-5: address (interpretation depends on byte 1, see below) 381 * bytes 10-11: count (idem) 382 * 383 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 384 * A read data command gets data in 512-byte pages. 385 * A read control command gets control in 64-byte chunks. 386 * A read both command gets data+control in 576-byte chunks. 387 * 388 * Blocks are groups of 32 pages, and read blockwise control jumps to the 389 * next block, while read pagewise control jumps to the next page after 390 * reading a group of 64 control bytes. 391 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 392 * 393 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 394 */ 395 396 static int 397 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 398 int nr_of_pages, int bulklen, unsigned char *buf, 399 int use_sg) { 400 401 unsigned char *command = us->iobuf; 402 int result; 403 404 command[0] = 0xE8; 405 command[1] = LUNBITS | x; 406 command[2] = MSB_of(fromaddress>>16); 407 command[3] = LSB_of(fromaddress>>16); 408 command[4] = MSB_of(fromaddress & 0xFFFF); 409 command[5] = LSB_of(fromaddress & 0xFFFF); 410 command[6] = 0; 411 command[7] = 0; 412 command[8] = 0; 413 command[9] = 0; 414 command[10] = MSB_of(nr_of_pages); 415 command[11] = LSB_of(nr_of_pages); 416 417 result = sddr09_send_scsi_command(us, command, 12); 418 419 if (result) { 420 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n", 421 x, result); 422 return result; 423 } 424 425 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 426 buf, bulklen, use_sg, NULL); 427 428 if (result != USB_STOR_XFER_GOOD) { 429 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n", 430 x, result); 431 return -EIO; 432 } 433 return 0; 434 } 435 436 /* 437 * Read Data 438 * 439 * fromaddress counts data shorts: 440 * increasing it by 256 shifts the bytestream by 512 bytes; 441 * the last 8 bits are ignored. 442 * 443 * nr_of_pages counts pages of size (1 << pageshift). 444 */ 445 static int 446 sddr09_read20(struct us_data *us, unsigned long fromaddress, 447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 448 int bulklen = nr_of_pages << pageshift; 449 450 /* The last 8 bits of fromaddress are ignored. */ 451 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 452 buf, use_sg); 453 } 454 455 /* 456 * Read Blockwise Control 457 * 458 * fromaddress gives the starting position (as in read data; 459 * the last 8 bits are ignored); increasing it by 32*256 shifts 460 * the output stream by 64 bytes. 461 * 462 * count counts control groups of size (1 << controlshift). 463 * For me, controlshift = 6. Is this constant? 464 * 465 * After getting one control group, jump to the next block 466 * (fromaddress += 8192). 467 */ 468 static int 469 sddr09_read21(struct us_data *us, unsigned long fromaddress, 470 int count, int controlshift, unsigned char *buf, int use_sg) { 471 472 int bulklen = (count << controlshift); 473 return sddr09_readX(us, 1, fromaddress, count, bulklen, 474 buf, use_sg); 475 } 476 477 /* 478 * Read both Data and Control 479 * 480 * fromaddress counts data shorts, ignoring control: 481 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 482 * the last 8 bits are ignored. 483 * 484 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 485 */ 486 static int 487 sddr09_read22(struct us_data *us, unsigned long fromaddress, 488 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 489 490 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 491 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen); 492 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 493 buf, use_sg); 494 } 495 496 #if 0 497 /* 498 * Read Pagewise Control 499 * 500 * fromaddress gives the starting position (as in read data; 501 * the last 8 bits are ignored); increasing it by 256 shifts 502 * the output stream by 64 bytes. 503 * 504 * count counts control groups of size (1 << controlshift). 505 * For me, controlshift = 6. Is this constant? 506 * 507 * After getting one control group, jump to the next page 508 * (fromaddress += 256). 509 */ 510 static int 511 sddr09_read23(struct us_data *us, unsigned long fromaddress, 512 int count, int controlshift, unsigned char *buf, int use_sg) { 513 514 int bulklen = (count << controlshift); 515 return sddr09_readX(us, 3, fromaddress, count, bulklen, 516 buf, use_sg); 517 } 518 #endif 519 520 /* 521 * Erase Command: 12 bytes. 522 * byte 0: opcode: EA 523 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 524 * 525 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 526 * The byte address being erased is 2*Eaddress. 527 * The CIS cannot be erased. 528 */ 529 static int 530 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 531 unsigned char *command = us->iobuf; 532 int result; 533 534 usb_stor_dbg(us, "erase address %lu\n", Eaddress); 535 536 memset(command, 0, 12); 537 command[0] = 0xEA; 538 command[1] = LUNBITS; 539 command[6] = MSB_of(Eaddress>>16); 540 command[7] = LSB_of(Eaddress>>16); 541 command[8] = MSB_of(Eaddress & 0xFFFF); 542 command[9] = LSB_of(Eaddress & 0xFFFF); 543 544 result = sddr09_send_scsi_command(us, command, 12); 545 546 if (result) 547 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n", 548 result); 549 550 return result; 551 } 552 553 /* 554 * Write CIS Command: 12 bytes. 555 * byte 0: opcode: EE 556 * bytes 2-5: write address in shorts 557 * bytes 10-11: sector count 558 * 559 * This writes at the indicated address. Don't know how it differs 560 * from E9. Maybe it does not erase? However, it will also write to 561 * the CIS. 562 * 563 * When two such commands on the same page follow each other directly, 564 * the second one is not done. 565 */ 566 567 /* 568 * Write Command: 12 bytes. 569 * byte 0: opcode: E9 570 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 571 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 572 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 573 * 574 * If write address equals erase address, the erase is done first, 575 * otherwise the write is done first. When erase address equals zero 576 * no erase is done? 577 */ 578 static int 579 sddr09_writeX(struct us_data *us, 580 unsigned long Waddress, unsigned long Eaddress, 581 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 582 583 unsigned char *command = us->iobuf; 584 int result; 585 586 command[0] = 0xE9; 587 command[1] = LUNBITS; 588 589 command[2] = MSB_of(Waddress>>16); 590 command[3] = LSB_of(Waddress>>16); 591 command[4] = MSB_of(Waddress & 0xFFFF); 592 command[5] = LSB_of(Waddress & 0xFFFF); 593 594 command[6] = MSB_of(Eaddress>>16); 595 command[7] = LSB_of(Eaddress>>16); 596 command[8] = MSB_of(Eaddress & 0xFFFF); 597 command[9] = LSB_of(Eaddress & 0xFFFF); 598 599 command[10] = MSB_of(nr_of_pages); 600 command[11] = LSB_of(nr_of_pages); 601 602 result = sddr09_send_scsi_command(us, command, 12); 603 604 if (result) { 605 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n", 606 result); 607 return result; 608 } 609 610 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 611 buf, bulklen, use_sg, NULL); 612 613 if (result != USB_STOR_XFER_GOOD) { 614 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n", 615 result); 616 return -EIO; 617 } 618 return 0; 619 } 620 621 /* erase address, write same address */ 622 static int 623 sddr09_write_inplace(struct us_data *us, unsigned long address, 624 int nr_of_pages, int pageshift, unsigned char *buf, 625 int use_sg) { 626 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 627 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 628 buf, use_sg); 629 } 630 631 #if 0 632 /* 633 * Read Scatter Gather Command: 3+4n bytes. 634 * byte 0: opcode E7 635 * byte 2: n 636 * bytes 4i-1,4i,4i+1: page address 637 * byte 4i+2: page count 638 * (i=1..n) 639 * 640 * This reads several pages from the card to a single memory buffer. 641 * The last two bits of byte 1 have the same meaning as for E8. 642 */ 643 static int 644 sddr09_read_sg_test_only(struct us_data *us) { 645 unsigned char *command = us->iobuf; 646 int result, bulklen, nsg, ct; 647 unsigned char *buf; 648 unsigned long address; 649 650 nsg = bulklen = 0; 651 command[0] = 0xE7; 652 command[1] = LUNBITS; 653 command[2] = 0; 654 address = 040000; ct = 1; 655 nsg++; 656 bulklen += (ct << 9); 657 command[4*nsg+2] = ct; 658 command[4*nsg+1] = ((address >> 9) & 0xFF); 659 command[4*nsg+0] = ((address >> 17) & 0xFF); 660 command[4*nsg-1] = ((address >> 25) & 0xFF); 661 662 address = 0340000; ct = 1; 663 nsg++; 664 bulklen += (ct << 9); 665 command[4*nsg+2] = ct; 666 command[4*nsg+1] = ((address >> 9) & 0xFF); 667 command[4*nsg+0] = ((address >> 17) & 0xFF); 668 command[4*nsg-1] = ((address >> 25) & 0xFF); 669 670 address = 01000000; ct = 2; 671 nsg++; 672 bulklen += (ct << 9); 673 command[4*nsg+2] = ct; 674 command[4*nsg+1] = ((address >> 9) & 0xFF); 675 command[4*nsg+0] = ((address >> 17) & 0xFF); 676 command[4*nsg-1] = ((address >> 25) & 0xFF); 677 678 command[2] = nsg; 679 680 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 681 682 if (result) { 683 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n", 684 result); 685 return result; 686 } 687 688 buf = kmalloc(bulklen, GFP_NOIO); 689 if (!buf) 690 return -ENOMEM; 691 692 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 693 buf, bulklen, NULL); 694 kfree(buf); 695 if (result != USB_STOR_XFER_GOOD) { 696 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n", 697 result); 698 return -EIO; 699 } 700 701 return 0; 702 } 703 #endif 704 705 /* 706 * Read Status Command: 12 bytes. 707 * byte 0: opcode: EC 708 * 709 * Returns 64 bytes, all zero except for the first. 710 * bit 0: 1: Error 711 * bit 5: 1: Suspended 712 * bit 6: 1: Ready 713 * bit 7: 1: Not write-protected 714 */ 715 716 static int 717 sddr09_read_status(struct us_data *us, unsigned char *status) { 718 719 unsigned char *command = us->iobuf; 720 unsigned char *data = us->iobuf; 721 int result; 722 723 usb_stor_dbg(us, "Reading status...\n"); 724 725 memset(command, 0, 12); 726 command[0] = 0xEC; 727 command[1] = LUNBITS; 728 729 result = sddr09_send_scsi_command(us, command, 12); 730 if (result) 731 return result; 732 733 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 734 data, 64, NULL); 735 *status = data[0]; 736 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 737 } 738 739 static int 740 sddr09_read_data(struct us_data *us, 741 unsigned long address, 742 unsigned int sectors) { 743 744 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 745 unsigned char *buffer; 746 unsigned int lba, maxlba, pba; 747 unsigned int page, pages; 748 unsigned int len, offset; 749 struct scatterlist *sg; 750 int result; 751 752 // Figure out the initial LBA and page 753 lba = address >> info->blockshift; 754 page = (address & info->blockmask); 755 maxlba = info->capacity >> (info->pageshift + info->blockshift); 756 if (lba >= maxlba) 757 return -EIO; 758 759 // Since we only read in one block at a time, we have to create 760 // a bounce buffer and move the data a piece at a time between the 761 // bounce buffer and the actual transfer buffer. 762 763 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 764 buffer = kmalloc(len, GFP_NOIO); 765 if (buffer == NULL) { 766 printk(KERN_WARNING "sddr09_read_data: Out of memory\n"); 767 return -ENOMEM; 768 } 769 770 // This could be made much more efficient by checking for 771 // contiguous LBA's. Another exercise left to the student. 772 773 result = 0; 774 offset = 0; 775 sg = NULL; 776 777 while (sectors > 0) { 778 779 /* Find number of pages we can read in this block */ 780 pages = min(sectors, info->blocksize - page); 781 len = pages << info->pageshift; 782 783 /* Not overflowing capacity? */ 784 if (lba >= maxlba) { 785 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 786 lba, maxlba); 787 result = -EIO; 788 break; 789 } 790 791 /* Find where this lba lives on disk */ 792 pba = info->lba_to_pba[lba]; 793 794 if (pba == UNDEF) { /* this lba was never written */ 795 796 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n", 797 pages, lba, page); 798 799 /* This is not really an error. It just means 800 that the block has never been written. 801 Instead of returning an error 802 it is better to return all zero data. */ 803 804 memset(buffer, 0, len); 805 806 } else { 807 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n", 808 pages, pba, lba, page); 809 810 address = ((pba << info->blockshift) + page) << 811 info->pageshift; 812 813 result = sddr09_read20(us, address>>1, 814 pages, info->pageshift, buffer, 0); 815 if (result) 816 break; 817 } 818 819 // Store the data in the transfer buffer 820 usb_stor_access_xfer_buf(buffer, len, us->srb, 821 &sg, &offset, TO_XFER_BUF); 822 823 page = 0; 824 lba++; 825 sectors -= pages; 826 } 827 828 kfree(buffer); 829 return result; 830 } 831 832 static unsigned int 833 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 834 static unsigned int lastpba = 1; 835 int zonestart, end, i; 836 837 zonestart = (lba/1000) << 10; 838 end = info->capacity >> (info->blockshift + info->pageshift); 839 end -= zonestart; 840 if (end > 1024) 841 end = 1024; 842 843 for (i = lastpba+1; i < end; i++) { 844 if (info->pba_to_lba[zonestart+i] == UNDEF) { 845 lastpba = i; 846 return zonestart+i; 847 } 848 } 849 for (i = 0; i <= lastpba; i++) { 850 if (info->pba_to_lba[zonestart+i] == UNDEF) { 851 lastpba = i; 852 return zonestart+i; 853 } 854 } 855 return 0; 856 } 857 858 static int 859 sddr09_write_lba(struct us_data *us, unsigned int lba, 860 unsigned int page, unsigned int pages, 861 unsigned char *ptr, unsigned char *blockbuffer) { 862 863 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 864 unsigned long address; 865 unsigned int pba, lbap; 866 unsigned int pagelen; 867 unsigned char *bptr, *cptr, *xptr; 868 unsigned char ecc[3]; 869 int i, result, isnew; 870 871 lbap = ((lba % 1000) << 1) | 0x1000; 872 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 873 lbap ^= 1; 874 pba = info->lba_to_pba[lba]; 875 isnew = 0; 876 877 if (pba == UNDEF) { 878 pba = sddr09_find_unused_pba(info, lba); 879 if (!pba) { 880 printk(KERN_WARNING 881 "sddr09_write_lba: Out of unused blocks\n"); 882 return -ENOSPC; 883 } 884 info->pba_to_lba[pba] = lba; 885 info->lba_to_pba[lba] = pba; 886 isnew = 1; 887 } 888 889 if (pba == 1) { 890 /* Maybe it is impossible to write to PBA 1. 891 Fake success, but don't do anything. */ 892 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 893 return 0; 894 } 895 896 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 897 898 /* read old contents */ 899 address = (pba << (info->pageshift + info->blockshift)); 900 result = sddr09_read22(us, address>>1, info->blocksize, 901 info->pageshift, blockbuffer, 0); 902 if (result) 903 return result; 904 905 /* check old contents and fill lba */ 906 for (i = 0; i < info->blocksize; i++) { 907 bptr = blockbuffer + i*pagelen; 908 cptr = bptr + info->pagesize; 909 nand_compute_ecc(bptr, ecc); 910 if (!nand_compare_ecc(cptr+13, ecc)) { 911 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n", 912 i, pba); 913 nand_store_ecc(cptr+13, ecc); 914 } 915 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 916 if (!nand_compare_ecc(cptr+8, ecc)) { 917 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n", 918 i, pba); 919 nand_store_ecc(cptr+8, ecc); 920 } 921 cptr[6] = cptr[11] = MSB_of(lbap); 922 cptr[7] = cptr[12] = LSB_of(lbap); 923 } 924 925 /* copy in new stuff and compute ECC */ 926 xptr = ptr; 927 for (i = page; i < page+pages; i++) { 928 bptr = blockbuffer + i*pagelen; 929 cptr = bptr + info->pagesize; 930 memcpy(bptr, xptr, info->pagesize); 931 xptr += info->pagesize; 932 nand_compute_ecc(bptr, ecc); 933 nand_store_ecc(cptr+13, ecc); 934 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 935 nand_store_ecc(cptr+8, ecc); 936 } 937 938 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba); 939 940 result = sddr09_write_inplace(us, address>>1, info->blocksize, 941 info->pageshift, blockbuffer, 0); 942 943 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result); 944 945 #if 0 946 { 947 unsigned char status = 0; 948 int result2 = sddr09_read_status(us, &status); 949 if (result2) 950 usb_stor_dbg(us, "cannot read status\n"); 951 else if (status != 0xc0) 952 usb_stor_dbg(us, "status after write: 0x%x\n", status); 953 } 954 #endif 955 956 #if 0 957 { 958 int result2 = sddr09_test_unit_ready(us); 959 } 960 #endif 961 962 return result; 963 } 964 965 static int 966 sddr09_write_data(struct us_data *us, 967 unsigned long address, 968 unsigned int sectors) { 969 970 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 971 unsigned int lba, maxlba, page, pages; 972 unsigned int pagelen, blocklen; 973 unsigned char *blockbuffer; 974 unsigned char *buffer; 975 unsigned int len, offset; 976 struct scatterlist *sg; 977 int result; 978 979 // Figure out the initial LBA and page 980 lba = address >> info->blockshift; 981 page = (address & info->blockmask); 982 maxlba = info->capacity >> (info->pageshift + info->blockshift); 983 if (lba >= maxlba) 984 return -EIO; 985 986 // blockbuffer is used for reading in the old data, overwriting 987 // with the new data, and performing ECC calculations 988 989 /* TODO: instead of doing kmalloc/kfree for each write, 990 add a bufferpointer to the info structure */ 991 992 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 993 blocklen = (pagelen << info->blockshift); 994 blockbuffer = kmalloc(blocklen, GFP_NOIO); 995 if (!blockbuffer) { 996 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 997 return -ENOMEM; 998 } 999 1000 // Since we don't write the user data directly to the device, 1001 // we have to create a bounce buffer and move the data a piece 1002 // at a time between the bounce buffer and the actual transfer buffer. 1003 1004 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 1005 buffer = kmalloc(len, GFP_NOIO); 1006 if (buffer == NULL) { 1007 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1008 kfree(blockbuffer); 1009 return -ENOMEM; 1010 } 1011 1012 result = 0; 1013 offset = 0; 1014 sg = NULL; 1015 1016 while (sectors > 0) { 1017 1018 // Write as many sectors as possible in this block 1019 1020 pages = min(sectors, info->blocksize - page); 1021 len = (pages << info->pageshift); 1022 1023 /* Not overflowing capacity? */ 1024 if (lba >= maxlba) { 1025 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 1026 lba, maxlba); 1027 result = -EIO; 1028 break; 1029 } 1030 1031 // Get the data from the transfer buffer 1032 usb_stor_access_xfer_buf(buffer, len, us->srb, 1033 &sg, &offset, FROM_XFER_BUF); 1034 1035 result = sddr09_write_lba(us, lba, page, pages, 1036 buffer, blockbuffer); 1037 if (result) 1038 break; 1039 1040 page = 0; 1041 lba++; 1042 sectors -= pages; 1043 } 1044 1045 kfree(buffer); 1046 kfree(blockbuffer); 1047 1048 return result; 1049 } 1050 1051 static int 1052 sddr09_read_control(struct us_data *us, 1053 unsigned long address, 1054 unsigned int blocks, 1055 unsigned char *content, 1056 int use_sg) { 1057 1058 usb_stor_dbg(us, "Read control address %lu, blocks %d\n", 1059 address, blocks); 1060 1061 return sddr09_read21(us, address, blocks, 1062 CONTROL_SHIFT, content, use_sg); 1063 } 1064 1065 /* 1066 * Read Device ID Command: 12 bytes. 1067 * byte 0: opcode: ED 1068 * 1069 * Returns 2 bytes: Manufacturer ID and Device ID. 1070 * On more recent cards 3 bytes: the third byte is an option code A5 1071 * signifying that the secret command to read an 128-bit ID is available. 1072 * On still more recent cards 4 bytes: the fourth byte C0 means that 1073 * a second read ID cmd is available. 1074 */ 1075 static int 1076 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1077 unsigned char *command = us->iobuf; 1078 unsigned char *content = us->iobuf; 1079 int result, i; 1080 1081 memset(command, 0, 12); 1082 command[0] = 0xED; 1083 command[1] = LUNBITS; 1084 1085 result = sddr09_send_scsi_command(us, command, 12); 1086 if (result) 1087 return result; 1088 1089 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1090 content, 64, NULL); 1091 1092 for (i = 0; i < 4; i++) 1093 deviceID[i] = content[i]; 1094 1095 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1096 } 1097 1098 static int 1099 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1100 int result; 1101 unsigned char status; 1102 1103 result = sddr09_read_status(us, &status); 1104 if (result) { 1105 usb_stor_dbg(us, "read_status fails\n"); 1106 return result; 1107 } 1108 usb_stor_dbg(us, "status 0x%02X", status); 1109 if ((status & 0x80) == 0) { 1110 info->flags |= SDDR09_WP; /* write protected */ 1111 US_DEBUGPX(" WP"); 1112 } 1113 if (status & 0x40) 1114 US_DEBUGPX(" Ready"); 1115 if (status & LUNBITS) 1116 US_DEBUGPX(" Suspended"); 1117 if (status & 0x1) 1118 US_DEBUGPX(" Error"); 1119 US_DEBUGPX("\n"); 1120 return 0; 1121 } 1122 1123 #if 0 1124 /* 1125 * Reset Command: 12 bytes. 1126 * byte 0: opcode: EB 1127 */ 1128 static int 1129 sddr09_reset(struct us_data *us) { 1130 1131 unsigned char *command = us->iobuf; 1132 1133 memset(command, 0, 12); 1134 command[0] = 0xEB; 1135 command[1] = LUNBITS; 1136 1137 return sddr09_send_scsi_command(us, command, 12); 1138 } 1139 #endif 1140 1141 static struct nand_flash_dev * 1142 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1143 struct nand_flash_dev *cardinfo; 1144 unsigned char deviceID[4]; 1145 char blurbtxt[256]; 1146 int result; 1147 1148 usb_stor_dbg(us, "Reading capacity...\n"); 1149 1150 result = sddr09_read_deviceID(us, deviceID); 1151 1152 if (result) { 1153 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result); 1154 printk(KERN_WARNING "sddr09: could not read card info\n"); 1155 return NULL; 1156 } 1157 1158 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID); 1159 1160 /* Byte 0 is the manufacturer */ 1161 sprintf(blurbtxt + strlen(blurbtxt), 1162 ": Manuf. %s", 1163 nand_flash_manufacturer(deviceID[0])); 1164 1165 /* Byte 1 is the device type */ 1166 cardinfo = nand_find_id(deviceID[1]); 1167 if (cardinfo) { 1168 /* MB or MiB? It is neither. A 16 MB card has 1169 17301504 raw bytes, of which 16384000 are 1170 usable for user data. */ 1171 sprintf(blurbtxt + strlen(blurbtxt), 1172 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1173 } else { 1174 sprintf(blurbtxt + strlen(blurbtxt), 1175 ", type unrecognized"); 1176 } 1177 1178 /* Byte 2 is code to signal availability of 128-bit ID */ 1179 if (deviceID[2] == 0xa5) { 1180 sprintf(blurbtxt + strlen(blurbtxt), 1181 ", 128-bit ID"); 1182 } 1183 1184 /* Byte 3 announces the availability of another read ID command */ 1185 if (deviceID[3] == 0xc0) { 1186 sprintf(blurbtxt + strlen(blurbtxt), 1187 ", extra cmd"); 1188 } 1189 1190 if (flags & SDDR09_WP) 1191 sprintf(blurbtxt + strlen(blurbtxt), 1192 ", WP"); 1193 1194 printk(KERN_WARNING "%s\n", blurbtxt); 1195 1196 return cardinfo; 1197 } 1198 1199 static int 1200 sddr09_read_map(struct us_data *us) { 1201 1202 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1203 int numblocks, alloc_len, alloc_blocks; 1204 int i, j, result; 1205 unsigned char *buffer, *buffer_end, *ptr; 1206 unsigned int lba, lbact; 1207 1208 if (!info->capacity) 1209 return -1; 1210 1211 // size of a block is 1 << (blockshift + pageshift) bytes 1212 // divide into the total capacity to get the number of blocks 1213 1214 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1215 1216 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1217 // but only use a 64 KB buffer 1218 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1219 #define SDDR09_READ_MAP_BUFSZ 65536 1220 1221 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1222 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1223 buffer = kmalloc(alloc_len, GFP_NOIO); 1224 if (buffer == NULL) { 1225 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1226 result = -1; 1227 goto done; 1228 } 1229 buffer_end = buffer + alloc_len; 1230 1231 #undef SDDR09_READ_MAP_BUFSZ 1232 1233 kfree(info->lba_to_pba); 1234 kfree(info->pba_to_lba); 1235 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1236 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1237 1238 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1239 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1240 result = -1; 1241 goto done; 1242 } 1243 1244 for (i = 0; i < numblocks; i++) 1245 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1246 1247 /* 1248 * Define lba-pba translation table 1249 */ 1250 1251 ptr = buffer_end; 1252 for (i = 0; i < numblocks; i++) { 1253 ptr += (1 << CONTROL_SHIFT); 1254 if (ptr >= buffer_end) { 1255 unsigned long address; 1256 1257 address = i << (info->pageshift + info->blockshift); 1258 result = sddr09_read_control( 1259 us, address>>1, 1260 min(alloc_blocks, numblocks - i), 1261 buffer, 0); 1262 if (result) { 1263 result = -1; 1264 goto done; 1265 } 1266 ptr = buffer; 1267 } 1268 1269 if (i == 0 || i == 1) { 1270 info->pba_to_lba[i] = UNUSABLE; 1271 continue; 1272 } 1273 1274 /* special PBAs have control field 0^16 */ 1275 for (j = 0; j < 16; j++) 1276 if (ptr[j] != 0) 1277 goto nonz; 1278 info->pba_to_lba[i] = UNUSABLE; 1279 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1280 i); 1281 continue; 1282 1283 nonz: 1284 /* unwritten PBAs have control field FF^16 */ 1285 for (j = 0; j < 16; j++) 1286 if (ptr[j] != 0xff) 1287 goto nonff; 1288 continue; 1289 1290 nonff: 1291 /* normal PBAs start with six FFs */ 1292 if (j < 6) { 1293 printk(KERN_WARNING 1294 "sddr09: PBA %d has no logical mapping: " 1295 "reserved area = %02X%02X%02X%02X " 1296 "data status %02X block status %02X\n", 1297 i, ptr[0], ptr[1], ptr[2], ptr[3], 1298 ptr[4], ptr[5]); 1299 info->pba_to_lba[i] = UNUSABLE; 1300 continue; 1301 } 1302 1303 if ((ptr[6] >> 4) != 0x01) { 1304 printk(KERN_WARNING 1305 "sddr09: PBA %d has invalid address field " 1306 "%02X%02X/%02X%02X\n", 1307 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1308 info->pba_to_lba[i] = UNUSABLE; 1309 continue; 1310 } 1311 1312 /* check even parity */ 1313 if (parity[ptr[6] ^ ptr[7]]) { 1314 printk(KERN_WARNING 1315 "sddr09: Bad parity in LBA for block %d" 1316 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1317 info->pba_to_lba[i] = UNUSABLE; 1318 continue; 1319 } 1320 1321 lba = short_pack(ptr[7], ptr[6]); 1322 lba = (lba & 0x07FF) >> 1; 1323 1324 /* 1325 * Every 1024 physical blocks ("zone"), the LBA numbers 1326 * go back to zero, but are within a higher block of LBA's. 1327 * Also, there is a maximum of 1000 LBA's per zone. 1328 * In other words, in PBA 1024-2047 you will find LBA 0-999 1329 * which are really LBA 1000-1999. This allows for 24 bad 1330 * or special physical blocks per zone. 1331 */ 1332 1333 if (lba >= 1000) { 1334 printk(KERN_WARNING 1335 "sddr09: Bad low LBA %d for block %d\n", 1336 lba, i); 1337 goto possibly_erase; 1338 } 1339 1340 lba += 1000*(i/0x400); 1341 1342 if (info->lba_to_pba[lba] != UNDEF) { 1343 printk(KERN_WARNING 1344 "sddr09: LBA %d seen for PBA %d and %d\n", 1345 lba, info->lba_to_pba[lba], i); 1346 goto possibly_erase; 1347 } 1348 1349 info->pba_to_lba[i] = lba; 1350 info->lba_to_pba[lba] = i; 1351 continue; 1352 1353 possibly_erase: 1354 if (erase_bad_lba_entries) { 1355 unsigned long address; 1356 1357 address = (i << (info->pageshift + info->blockshift)); 1358 sddr09_erase(us, address>>1); 1359 info->pba_to_lba[i] = UNDEF; 1360 } else 1361 info->pba_to_lba[i] = UNUSABLE; 1362 } 1363 1364 /* 1365 * Approximate capacity. This is not entirely correct yet, 1366 * since a zone with less than 1000 usable pages leads to 1367 * missing LBAs. Especially if it is the last zone, some 1368 * LBAs can be past capacity. 1369 */ 1370 lbact = 0; 1371 for (i = 0; i < numblocks; i += 1024) { 1372 int ct = 0; 1373 1374 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1375 if (info->pba_to_lba[i+j] != UNUSABLE) { 1376 if (ct >= 1000) 1377 info->pba_to_lba[i+j] = SPARE; 1378 else 1379 ct++; 1380 } 1381 } 1382 lbact += ct; 1383 } 1384 info->lbact = lbact; 1385 usb_stor_dbg(us, "Found %d LBA's\n", lbact); 1386 result = 0; 1387 1388 done: 1389 if (result != 0) { 1390 kfree(info->lba_to_pba); 1391 kfree(info->pba_to_lba); 1392 info->lba_to_pba = NULL; 1393 info->pba_to_lba = NULL; 1394 } 1395 kfree(buffer); 1396 return result; 1397 } 1398 1399 static void 1400 sddr09_card_info_destructor(void *extra) { 1401 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1402 1403 if (!info) 1404 return; 1405 1406 kfree(info->lba_to_pba); 1407 kfree(info->pba_to_lba); 1408 } 1409 1410 static int 1411 sddr09_common_init(struct us_data *us) { 1412 int result; 1413 1414 /* set the configuration -- STALL is an acceptable response here */ 1415 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1416 usb_stor_dbg(us, "active config #%d != 1 ??\n", 1417 us->pusb_dev->actconfig->desc.bConfigurationValue); 1418 return -EINVAL; 1419 } 1420 1421 result = usb_reset_configuration(us->pusb_dev); 1422 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result); 1423 if (result == -EPIPE) { 1424 usb_stor_dbg(us, "-- stall on control interface\n"); 1425 } else if (result != 0) { 1426 /* it's not a stall, but another error -- time to bail */ 1427 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n"); 1428 return -EINVAL; 1429 } 1430 1431 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1432 if (!us->extra) 1433 return -ENOMEM; 1434 us->extra_destructor = sddr09_card_info_destructor; 1435 1436 nand_init_ecc(); 1437 return 0; 1438 } 1439 1440 1441 /* 1442 * This is needed at a very early stage. If this is not listed in the 1443 * unusual devices list but called from here then LUN 0 of the combo reader 1444 * is not recognized. But I do not know what precisely these calls do. 1445 */ 1446 static int 1447 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1448 int result; 1449 unsigned char *data = us->iobuf; 1450 1451 result = sddr09_common_init(us); 1452 if (result) 1453 return result; 1454 1455 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1456 if (result) { 1457 usb_stor_dbg(us, "send_command fails\n"); 1458 return result; 1459 } 1460 1461 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1462 // get 07 02 1463 1464 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1465 if (result) { 1466 usb_stor_dbg(us, "2nd send_command fails\n"); 1467 return result; 1468 } 1469 1470 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1471 // get 07 00 1472 1473 result = sddr09_request_sense(us, data, 18); 1474 if (result == 0 && data[2] != 0) { 1475 int j; 1476 for (j=0; j<18; j++) 1477 printk(" %02X", data[j]); 1478 printk("\n"); 1479 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1480 // 70: current command 1481 // sense key 0, sense code 0, extd sense code 0 1482 // additional transfer length * = sizeof(data) - 7 1483 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1484 // sense key 06, sense code 28: unit attention, 1485 // not ready to ready transition 1486 } 1487 1488 // test unit ready 1489 1490 return 0; /* not result */ 1491 } 1492 1493 /* 1494 * Transport for the Microtech DPCM-USB 1495 */ 1496 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1497 { 1498 int ret; 1499 1500 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun); 1501 1502 switch (srb->device->lun) { 1503 case 0: 1504 1505 /* 1506 * LUN 0 corresponds to the CompactFlash card reader. 1507 */ 1508 ret = usb_stor_CB_transport(srb, us); 1509 break; 1510 1511 case 1: 1512 1513 /* 1514 * LUN 1 corresponds to the SmartMedia card reader. 1515 */ 1516 1517 /* 1518 * Set the LUN to 0 (just in case). 1519 */ 1520 srb->device->lun = 0; 1521 ret = sddr09_transport(srb, us); 1522 srb->device->lun = 1; 1523 break; 1524 1525 default: 1526 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun); 1527 ret = USB_STOR_TRANSPORT_ERROR; 1528 break; 1529 } 1530 return ret; 1531 } 1532 1533 1534 /* 1535 * Transport for the Sandisk SDDR-09 1536 */ 1537 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1538 { 1539 static unsigned char sensekey = 0, sensecode = 0; 1540 static unsigned char havefakesense = 0; 1541 int result, i; 1542 unsigned char *ptr = us->iobuf; 1543 unsigned long capacity; 1544 unsigned int page, pages; 1545 1546 struct sddr09_card_info *info; 1547 1548 static unsigned char inquiry_response[8] = { 1549 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1550 }; 1551 1552 /* note: no block descriptor support */ 1553 static unsigned char mode_page_01[19] = { 1554 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1555 0x01, 0x0A, 1556 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1557 }; 1558 1559 info = (struct sddr09_card_info *)us->extra; 1560 1561 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1562 /* for a faked command, we have to follow with a faked sense */ 1563 memset(ptr, 0, 18); 1564 ptr[0] = 0x70; 1565 ptr[2] = sensekey; 1566 ptr[7] = 11; 1567 ptr[12] = sensecode; 1568 usb_stor_set_xfer_buf(ptr, 18, srb); 1569 sensekey = sensecode = havefakesense = 0; 1570 return USB_STOR_TRANSPORT_GOOD; 1571 } 1572 1573 havefakesense = 1; 1574 1575 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1576 respond to INQUIRY commands */ 1577 1578 if (srb->cmnd[0] == INQUIRY) { 1579 memcpy(ptr, inquiry_response, 8); 1580 fill_inquiry_response(us, ptr, 36); 1581 return USB_STOR_TRANSPORT_GOOD; 1582 } 1583 1584 if (srb->cmnd[0] == READ_CAPACITY) { 1585 struct nand_flash_dev *cardinfo; 1586 1587 sddr09_get_wp(us, info); /* read WP bit */ 1588 1589 cardinfo = sddr09_get_cardinfo(us, info->flags); 1590 if (!cardinfo) { 1591 /* probably no media */ 1592 init_error: 1593 sensekey = 0x02; /* not ready */ 1594 sensecode = 0x3a; /* medium not present */ 1595 return USB_STOR_TRANSPORT_FAILED; 1596 } 1597 1598 info->capacity = (1 << cardinfo->chipshift); 1599 info->pageshift = cardinfo->pageshift; 1600 info->pagesize = (1 << info->pageshift); 1601 info->blockshift = cardinfo->blockshift; 1602 info->blocksize = (1 << info->blockshift); 1603 info->blockmask = info->blocksize - 1; 1604 1605 // map initialization, must follow get_cardinfo() 1606 if (sddr09_read_map(us)) { 1607 /* probably out of memory */ 1608 goto init_error; 1609 } 1610 1611 // Report capacity 1612 1613 capacity = (info->lbact << info->blockshift) - 1; 1614 1615 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1616 1617 // Report page size 1618 1619 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1620 usb_stor_set_xfer_buf(ptr, 8, srb); 1621 1622 return USB_STOR_TRANSPORT_GOOD; 1623 } 1624 1625 if (srb->cmnd[0] == MODE_SENSE_10) { 1626 int modepage = (srb->cmnd[2] & 0x3F); 1627 1628 /* They ask for the Read/Write error recovery page, 1629 or for all pages. */ 1630 /* %% We should check DBD %% */ 1631 if (modepage == 0x01 || modepage == 0x3F) { 1632 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n", 1633 modepage); 1634 1635 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1636 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1637 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1638 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1639 return USB_STOR_TRANSPORT_GOOD; 1640 } 1641 1642 sensekey = 0x05; /* illegal request */ 1643 sensecode = 0x24; /* invalid field in CDB */ 1644 return USB_STOR_TRANSPORT_FAILED; 1645 } 1646 1647 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1648 return USB_STOR_TRANSPORT_GOOD; 1649 1650 havefakesense = 0; 1651 1652 if (srb->cmnd[0] == READ_10) { 1653 1654 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1655 page <<= 16; 1656 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1657 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1658 1659 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n", 1660 page, pages); 1661 1662 result = sddr09_read_data(us, page, pages); 1663 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1664 USB_STOR_TRANSPORT_ERROR); 1665 } 1666 1667 if (srb->cmnd[0] == WRITE_10) { 1668 1669 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1670 page <<= 16; 1671 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1672 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1673 1674 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n", 1675 page, pages); 1676 1677 result = sddr09_write_data(us, page, pages); 1678 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1679 USB_STOR_TRANSPORT_ERROR); 1680 } 1681 1682 /* catch-all for all other commands, except 1683 * pass TEST_UNIT_READY and REQUEST_SENSE through 1684 */ 1685 if (srb->cmnd[0] != TEST_UNIT_READY && 1686 srb->cmnd[0] != REQUEST_SENSE) { 1687 sensekey = 0x05; /* illegal request */ 1688 sensecode = 0x20; /* invalid command */ 1689 havefakesense = 1; 1690 return USB_STOR_TRANSPORT_FAILED; 1691 } 1692 1693 for (; srb->cmd_len<12; srb->cmd_len++) 1694 srb->cmnd[srb->cmd_len] = 0; 1695 1696 srb->cmnd[1] = LUNBITS; 1697 1698 ptr[0] = 0; 1699 for (i=0; i<12; i++) 1700 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1701 1702 usb_stor_dbg(us, "Send control for command %s\n", ptr); 1703 1704 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1705 if (result) { 1706 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n", 1707 result); 1708 return USB_STOR_TRANSPORT_ERROR; 1709 } 1710 1711 if (scsi_bufflen(srb) == 0) 1712 return USB_STOR_TRANSPORT_GOOD; 1713 1714 if (srb->sc_data_direction == DMA_TO_DEVICE || 1715 srb->sc_data_direction == DMA_FROM_DEVICE) { 1716 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1717 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1718 1719 usb_stor_dbg(us, "%s %d bytes\n", 1720 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1721 "sending" : "receiving", 1722 scsi_bufflen(srb)); 1723 1724 result = usb_stor_bulk_srb(us, pipe, srb); 1725 1726 return (result == USB_STOR_XFER_GOOD ? 1727 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1728 } 1729 1730 return USB_STOR_TRANSPORT_GOOD; 1731 } 1732 1733 /* 1734 * Initialization routine for the sddr09 subdriver 1735 */ 1736 static int 1737 usb_stor_sddr09_init(struct us_data *us) { 1738 return sddr09_common_init(us); 1739 } 1740 1741 static int sddr09_probe(struct usb_interface *intf, 1742 const struct usb_device_id *id) 1743 { 1744 struct us_data *us; 1745 int result; 1746 1747 result = usb_stor_probe1(&us, intf, id, 1748 (id - sddr09_usb_ids) + sddr09_unusual_dev_list); 1749 if (result) 1750 return result; 1751 1752 if (us->protocol == USB_PR_DPCM_USB) { 1753 us->transport_name = "Control/Bulk-EUSB/SDDR09"; 1754 us->transport = dpcm_transport; 1755 us->transport_reset = usb_stor_CB_reset; 1756 us->max_lun = 1; 1757 } else { 1758 us->transport_name = "EUSB/SDDR09"; 1759 us->transport = sddr09_transport; 1760 us->transport_reset = usb_stor_CB_reset; 1761 us->max_lun = 0; 1762 } 1763 1764 result = usb_stor_probe2(us); 1765 return result; 1766 } 1767 1768 static struct usb_driver sddr09_driver = { 1769 .name = "ums-sddr09", 1770 .probe = sddr09_probe, 1771 .disconnect = usb_stor_disconnect, 1772 .suspend = usb_stor_suspend, 1773 .resume = usb_stor_resume, 1774 .reset_resume = usb_stor_reset_resume, 1775 .pre_reset = usb_stor_pre_reset, 1776 .post_reset = usb_stor_post_reset, 1777 .id_table = sddr09_usb_ids, 1778 .soft_unbind = 1, 1779 .no_dynamic_id = 1, 1780 }; 1781 1782 module_usb_driver(sddr09_driver); 1783