1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Driver for SanDisk SDDR-09 SmartMedia reader 4 * 5 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 6 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 7 * Developed with the assistance of: 8 * (c) 2002 Alan Stern <stern@rowland.org> 9 * 10 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 11 * This chip is a programmable USB controller. In the SDDR-09, it has 12 * been programmed to obey a certain limited set of SCSI commands. 13 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 14 * commands. 15 */ 16 17 /* 18 * Known vendor commands: 12 bytes, first byte is opcode 19 * 20 * E7: read scatter gather 21 * E8: read 22 * E9: write 23 * EA: erase 24 * EB: reset 25 * EC: read status 26 * ED: read ID 27 * EE: write CIS (?) 28 * EF: compute checksum (?) 29 */ 30 31 #include <linux/errno.h> 32 #include <linux/module.h> 33 #include <linux/slab.h> 34 35 #include <scsi/scsi.h> 36 #include <scsi/scsi_cmnd.h> 37 #include <scsi/scsi_device.h> 38 39 #include "usb.h" 40 #include "transport.h" 41 #include "protocol.h" 42 #include "debug.h" 43 #include "scsiglue.h" 44 45 #define DRV_NAME "ums-sddr09" 46 47 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader"); 48 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>"); 49 MODULE_LICENSE("GPL"); 50 MODULE_IMPORT_NS("USB_STORAGE"); 51 52 static int usb_stor_sddr09_dpcm_init(struct us_data *us); 53 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us); 54 static int usb_stor_sddr09_init(struct us_data *us); 55 56 57 /* 58 * The table of devices 59 */ 60 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \ 61 vendorName, productName, useProtocol, useTransport, \ 62 initFunction, flags) \ 63 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \ 64 .driver_info = (flags) } 65 66 static const struct usb_device_id sddr09_usb_ids[] = { 67 # include "unusual_sddr09.h" 68 { } /* Terminating entry */ 69 }; 70 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids); 71 72 #undef UNUSUAL_DEV 73 74 /* 75 * The flags table 76 */ 77 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \ 78 vendor_name, product_name, use_protocol, use_transport, \ 79 init_function, Flags) \ 80 { \ 81 .vendorName = vendor_name, \ 82 .productName = product_name, \ 83 .useProtocol = use_protocol, \ 84 .useTransport = use_transport, \ 85 .initFunction = init_function, \ 86 } 87 88 static const struct us_unusual_dev sddr09_unusual_dev_list[] = { 89 # include "unusual_sddr09.h" 90 { } /* Terminating entry */ 91 }; 92 93 #undef UNUSUAL_DEV 94 95 96 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 97 #define LSB_of(s) ((s)&0xFF) 98 #define MSB_of(s) ((s)>>8) 99 100 /* 101 * First some stuff that does not belong here: 102 * data on SmartMedia and other cards, completely 103 * unrelated to this driver. 104 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 105 */ 106 107 struct nand_flash_dev { 108 int model_id; 109 int chipshift; /* 1<<cs bytes total capacity */ 110 char pageshift; /* 1<<ps bytes in a page */ 111 char blockshift; /* 1<<bs pages in an erase block */ 112 char zoneshift; /* 1<<zs blocks in a zone */ 113 /* # of logical blocks is 125/128 of this */ 114 char pageadrlen; /* length of an address in bytes - 1 */ 115 }; 116 117 /* 118 * NAND Flash Manufacturer ID Codes 119 */ 120 #define NAND_MFR_AMD 0x01 121 #define NAND_MFR_NATSEMI 0x8f 122 #define NAND_MFR_TOSHIBA 0x98 123 #define NAND_MFR_SAMSUNG 0xec 124 nand_flash_manufacturer(int manuf_id)125 static inline char *nand_flash_manufacturer(int manuf_id) { 126 switch(manuf_id) { 127 case NAND_MFR_AMD: 128 return "AMD"; 129 case NAND_MFR_NATSEMI: 130 return "NATSEMI"; 131 case NAND_MFR_TOSHIBA: 132 return "Toshiba"; 133 case NAND_MFR_SAMSUNG: 134 return "Samsung"; 135 default: 136 return "unknown"; 137 } 138 } 139 140 /* 141 * It looks like it is unnecessary to attach manufacturer to the 142 * remaining data: SSFDC prescribes manufacturer-independent id codes. 143 * 144 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 145 */ 146 147 static struct nand_flash_dev nand_flash_ids[] = { 148 /* NAND flash */ 149 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 150 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 151 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 152 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 153 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 154 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 155 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 156 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 157 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 158 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 159 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 160 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 161 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 162 163 /* MASK ROM */ 164 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 165 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 166 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 167 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 168 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 169 { 0,} 170 }; 171 172 static struct nand_flash_dev * nand_find_id(unsigned char id)173 nand_find_id(unsigned char id) { 174 int i; 175 176 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 177 if (nand_flash_ids[i].model_id == id) 178 return &(nand_flash_ids[i]); 179 return NULL; 180 } 181 182 /* 183 * ECC computation. 184 */ 185 static unsigned char parity[256]; 186 static unsigned char ecc2[256]; 187 nand_init_ecc(void)188 static void nand_init_ecc(void) { 189 int i, j, a; 190 191 parity[0] = 0; 192 for (i = 1; i < 256; i++) 193 parity[i] = (parity[i&(i-1)] ^ 1); 194 195 for (i = 0; i < 256; i++) { 196 a = 0; 197 for (j = 0; j < 8; j++) { 198 if (i & (1<<j)) { 199 if ((j & 1) == 0) 200 a ^= 0x04; 201 if ((j & 2) == 0) 202 a ^= 0x10; 203 if ((j & 4) == 0) 204 a ^= 0x40; 205 } 206 } 207 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 208 } 209 } 210 211 /* compute 3-byte ecc on 256 bytes */ nand_compute_ecc(unsigned char * data,unsigned char * ecc)212 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 213 int i, j, a; 214 unsigned char par = 0, bit, bits[8] = {0}; 215 216 /* collect 16 checksum bits */ 217 for (i = 0; i < 256; i++) { 218 par ^= data[i]; 219 bit = parity[data[i]]; 220 for (j = 0; j < 8; j++) 221 if ((i & (1<<j)) == 0) 222 bits[j] ^= bit; 223 } 224 225 /* put 4+4+4 = 12 bits in the ecc */ 226 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 227 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 228 229 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 230 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 231 232 ecc[2] = ecc2[par]; 233 } 234 nand_compare_ecc(unsigned char * data,unsigned char * ecc)235 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 236 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 237 } 238 nand_store_ecc(unsigned char * data,unsigned char * ecc)239 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 240 memcpy(data, ecc, 3); 241 } 242 243 /* 244 * The actual driver starts here. 245 */ 246 247 struct sddr09_card_info { 248 unsigned long capacity; /* Size of card in bytes */ 249 int pagesize; /* Size of page in bytes */ 250 int pageshift; /* log2 of pagesize */ 251 int blocksize; /* Size of block in pages */ 252 int blockshift; /* log2 of blocksize */ 253 int blockmask; /* 2^blockshift - 1 */ 254 int *lba_to_pba; /* logical to physical map */ 255 int *pba_to_lba; /* physical to logical map */ 256 int lbact; /* number of available pages */ 257 int flags; 258 #define SDDR09_WP 1 /* write protected */ 259 }; 260 261 /* 262 * On my 16MB card, control blocks have size 64 (16 real control bytes, 263 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 264 * so the reader makes up the remaining 48. Don't know whether these numbers 265 * depend on the card. For now a constant. 266 */ 267 #define CONTROL_SHIFT 6 268 269 /* 270 * On my Combo CF/SM reader, the SM reader has LUN 1. 271 * (and things fail with LUN 0). 272 * It seems LUN is irrelevant for others. 273 */ 274 #define LUN 1 275 #define LUNBITS (LUN << 5) 276 277 /* 278 * LBA and PBA are unsigned ints. Special values. 279 */ 280 #define UNDEF 0xffffffff 281 #define SPARE 0xfffffffe 282 #define UNUSABLE 0xfffffffd 283 284 static const int erase_bad_lba_entries = 0; 285 286 /* send vendor interface command (0x41) */ 287 /* called for requests 0, 1, 8 */ 288 static int sddr09_send_command(struct us_data * us,unsigned char request,unsigned char direction,unsigned char * xfer_data,unsigned int xfer_len)289 sddr09_send_command(struct us_data *us, 290 unsigned char request, 291 unsigned char direction, 292 unsigned char *xfer_data, 293 unsigned int xfer_len) { 294 unsigned int pipe; 295 unsigned char requesttype = (0x41 | direction); 296 int rc; 297 298 // Get the receive or send control pipe number 299 300 if (direction == USB_DIR_IN) 301 pipe = us->recv_ctrl_pipe; 302 else 303 pipe = us->send_ctrl_pipe; 304 305 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 306 0, 0, xfer_data, xfer_len); 307 switch (rc) { 308 case USB_STOR_XFER_GOOD: return 0; 309 case USB_STOR_XFER_STALLED: return -EPIPE; 310 default: return -EIO; 311 } 312 } 313 314 static int sddr09_send_scsi_command(struct us_data * us,unsigned char * command,unsigned int command_len)315 sddr09_send_scsi_command(struct us_data *us, 316 unsigned char *command, 317 unsigned int command_len) { 318 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 319 } 320 321 #if 0 322 /* 323 * Test Unit Ready Command: 12 bytes. 324 * byte 0: opcode: 00 325 */ 326 static int 327 sddr09_test_unit_ready(struct us_data *us) { 328 unsigned char *command = us->iobuf; 329 int result; 330 331 memset(command, 0, 6); 332 command[1] = LUNBITS; 333 334 result = sddr09_send_scsi_command(us, command, 6); 335 336 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result); 337 338 return result; 339 } 340 #endif 341 342 /* 343 * Request Sense Command: 12 bytes. 344 * byte 0: opcode: 03 345 * byte 4: data length 346 */ 347 static int sddr09_request_sense(struct us_data * us,unsigned char * sensebuf,int buflen)348 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 349 unsigned char *command = us->iobuf; 350 int result; 351 352 memset(command, 0, 12); 353 command[0] = 0x03; 354 command[1] = LUNBITS; 355 command[4] = buflen; 356 357 result = sddr09_send_scsi_command(us, command, 12); 358 if (result) 359 return result; 360 361 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 362 sensebuf, buflen, NULL); 363 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 364 } 365 366 /* 367 * Read Command: 12 bytes. 368 * byte 0: opcode: E8 369 * byte 1: last two bits: 00: read data, 01: read blockwise control, 370 * 10: read both, 11: read pagewise control. 371 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 372 * bytes 2-5: address (interpretation depends on byte 1, see below) 373 * bytes 10-11: count (idem) 374 * 375 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 376 * A read data command gets data in 512-byte pages. 377 * A read control command gets control in 64-byte chunks. 378 * A read both command gets data+control in 576-byte chunks. 379 * 380 * Blocks are groups of 32 pages, and read blockwise control jumps to the 381 * next block, while read pagewise control jumps to the next page after 382 * reading a group of 64 control bytes. 383 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 384 * 385 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 386 */ 387 388 static int sddr09_readX(struct us_data * us,int x,unsigned long fromaddress,int nr_of_pages,int bulklen,unsigned char * buf,int use_sg)389 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 390 int nr_of_pages, int bulklen, unsigned char *buf, 391 int use_sg) { 392 393 unsigned char *command = us->iobuf; 394 int result; 395 396 command[0] = 0xE8; 397 command[1] = LUNBITS | x; 398 command[2] = MSB_of(fromaddress>>16); 399 command[3] = LSB_of(fromaddress>>16); 400 command[4] = MSB_of(fromaddress & 0xFFFF); 401 command[5] = LSB_of(fromaddress & 0xFFFF); 402 command[6] = 0; 403 command[7] = 0; 404 command[8] = 0; 405 command[9] = 0; 406 command[10] = MSB_of(nr_of_pages); 407 command[11] = LSB_of(nr_of_pages); 408 409 result = sddr09_send_scsi_command(us, command, 12); 410 411 if (result) { 412 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n", 413 x, result); 414 return result; 415 } 416 417 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 418 buf, bulklen, use_sg, NULL); 419 420 if (result != USB_STOR_XFER_GOOD) { 421 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n", 422 x, result); 423 return -EIO; 424 } 425 return 0; 426 } 427 428 /* 429 * Read Data 430 * 431 * fromaddress counts data shorts: 432 * increasing it by 256 shifts the bytestream by 512 bytes; 433 * the last 8 bits are ignored. 434 * 435 * nr_of_pages counts pages of size (1 << pageshift). 436 */ 437 static int sddr09_read20(struct us_data * us,unsigned long fromaddress,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)438 sddr09_read20(struct us_data *us, unsigned long fromaddress, 439 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 440 int bulklen = nr_of_pages << pageshift; 441 442 /* The last 8 bits of fromaddress are ignored. */ 443 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 444 buf, use_sg); 445 } 446 447 /* 448 * Read Blockwise Control 449 * 450 * fromaddress gives the starting position (as in read data; 451 * the last 8 bits are ignored); increasing it by 32*256 shifts 452 * the output stream by 64 bytes. 453 * 454 * count counts control groups of size (1 << controlshift). 455 * For me, controlshift = 6. Is this constant? 456 * 457 * After getting one control group, jump to the next block 458 * (fromaddress += 8192). 459 */ 460 static int sddr09_read21(struct us_data * us,unsigned long fromaddress,int count,int controlshift,unsigned char * buf,int use_sg)461 sddr09_read21(struct us_data *us, unsigned long fromaddress, 462 int count, int controlshift, unsigned char *buf, int use_sg) { 463 464 int bulklen = (count << controlshift); 465 return sddr09_readX(us, 1, fromaddress, count, bulklen, 466 buf, use_sg); 467 } 468 469 /* 470 * Read both Data and Control 471 * 472 * fromaddress counts data shorts, ignoring control: 473 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 474 * the last 8 bits are ignored. 475 * 476 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 477 */ 478 static int sddr09_read22(struct us_data * us,unsigned long fromaddress,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)479 sddr09_read22(struct us_data *us, unsigned long fromaddress, 480 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 481 482 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 483 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen); 484 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 485 buf, use_sg); 486 } 487 488 #if 0 489 /* 490 * Read Pagewise Control 491 * 492 * fromaddress gives the starting position (as in read data; 493 * the last 8 bits are ignored); increasing it by 256 shifts 494 * the output stream by 64 bytes. 495 * 496 * count counts control groups of size (1 << controlshift). 497 * For me, controlshift = 6. Is this constant? 498 * 499 * After getting one control group, jump to the next page 500 * (fromaddress += 256). 501 */ 502 static int 503 sddr09_read23(struct us_data *us, unsigned long fromaddress, 504 int count, int controlshift, unsigned char *buf, int use_sg) { 505 506 int bulklen = (count << controlshift); 507 return sddr09_readX(us, 3, fromaddress, count, bulklen, 508 buf, use_sg); 509 } 510 #endif 511 512 /* 513 * Erase Command: 12 bytes. 514 * byte 0: opcode: EA 515 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 516 * 517 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 518 * The byte address being erased is 2*Eaddress. 519 * The CIS cannot be erased. 520 */ 521 static int sddr09_erase(struct us_data * us,unsigned long Eaddress)522 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 523 unsigned char *command = us->iobuf; 524 int result; 525 526 usb_stor_dbg(us, "erase address %lu\n", Eaddress); 527 528 memset(command, 0, 12); 529 command[0] = 0xEA; 530 command[1] = LUNBITS; 531 command[6] = MSB_of(Eaddress>>16); 532 command[7] = LSB_of(Eaddress>>16); 533 command[8] = MSB_of(Eaddress & 0xFFFF); 534 command[9] = LSB_of(Eaddress & 0xFFFF); 535 536 result = sddr09_send_scsi_command(us, command, 12); 537 538 if (result) 539 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n", 540 result); 541 542 return result; 543 } 544 545 /* 546 * Write CIS Command: 12 bytes. 547 * byte 0: opcode: EE 548 * bytes 2-5: write address in shorts 549 * bytes 10-11: sector count 550 * 551 * This writes at the indicated address. Don't know how it differs 552 * from E9. Maybe it does not erase? However, it will also write to 553 * the CIS. 554 * 555 * When two such commands on the same page follow each other directly, 556 * the second one is not done. 557 */ 558 559 /* 560 * Write Command: 12 bytes. 561 * byte 0: opcode: E9 562 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 563 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 564 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 565 * 566 * If write address equals erase address, the erase is done first, 567 * otherwise the write is done first. When erase address equals zero 568 * no erase is done? 569 */ 570 static int sddr09_writeX(struct us_data * us,unsigned long Waddress,unsigned long Eaddress,int nr_of_pages,int bulklen,unsigned char * buf,int use_sg)571 sddr09_writeX(struct us_data *us, 572 unsigned long Waddress, unsigned long Eaddress, 573 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 574 575 unsigned char *command = us->iobuf; 576 int result; 577 578 command[0] = 0xE9; 579 command[1] = LUNBITS; 580 581 command[2] = MSB_of(Waddress>>16); 582 command[3] = LSB_of(Waddress>>16); 583 command[4] = MSB_of(Waddress & 0xFFFF); 584 command[5] = LSB_of(Waddress & 0xFFFF); 585 586 command[6] = MSB_of(Eaddress>>16); 587 command[7] = LSB_of(Eaddress>>16); 588 command[8] = MSB_of(Eaddress & 0xFFFF); 589 command[9] = LSB_of(Eaddress & 0xFFFF); 590 591 command[10] = MSB_of(nr_of_pages); 592 command[11] = LSB_of(nr_of_pages); 593 594 result = sddr09_send_scsi_command(us, command, 12); 595 596 if (result) { 597 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n", 598 result); 599 return result; 600 } 601 602 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 603 buf, bulklen, use_sg, NULL); 604 605 if (result != USB_STOR_XFER_GOOD) { 606 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n", 607 result); 608 return -EIO; 609 } 610 return 0; 611 } 612 613 /* erase address, write same address */ 614 static int sddr09_write_inplace(struct us_data * us,unsigned long address,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)615 sddr09_write_inplace(struct us_data *us, unsigned long address, 616 int nr_of_pages, int pageshift, unsigned char *buf, 617 int use_sg) { 618 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 619 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 620 buf, use_sg); 621 } 622 623 #if 0 624 /* 625 * Read Scatter Gather Command: 3+4n bytes. 626 * byte 0: opcode E7 627 * byte 2: n 628 * bytes 4i-1,4i,4i+1: page address 629 * byte 4i+2: page count 630 * (i=1..n) 631 * 632 * This reads several pages from the card to a single memory buffer. 633 * The last two bits of byte 1 have the same meaning as for E8. 634 */ 635 static int 636 sddr09_read_sg_test_only(struct us_data *us) { 637 unsigned char *command = us->iobuf; 638 int result, bulklen, nsg, ct; 639 unsigned char *buf; 640 unsigned long address; 641 642 nsg = bulklen = 0; 643 command[0] = 0xE7; 644 command[1] = LUNBITS; 645 command[2] = 0; 646 address = 040000; ct = 1; 647 nsg++; 648 bulklen += (ct << 9); 649 command[4*nsg+2] = ct; 650 command[4*nsg+1] = ((address >> 9) & 0xFF); 651 command[4*nsg+0] = ((address >> 17) & 0xFF); 652 command[4*nsg-1] = ((address >> 25) & 0xFF); 653 654 address = 0340000; ct = 1; 655 nsg++; 656 bulklen += (ct << 9); 657 command[4*nsg+2] = ct; 658 command[4*nsg+1] = ((address >> 9) & 0xFF); 659 command[4*nsg+0] = ((address >> 17) & 0xFF); 660 command[4*nsg-1] = ((address >> 25) & 0xFF); 661 662 address = 01000000; ct = 2; 663 nsg++; 664 bulklen += (ct << 9); 665 command[4*nsg+2] = ct; 666 command[4*nsg+1] = ((address >> 9) & 0xFF); 667 command[4*nsg+0] = ((address >> 17) & 0xFF); 668 command[4*nsg-1] = ((address >> 25) & 0xFF); 669 670 command[2] = nsg; 671 672 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 673 674 if (result) { 675 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n", 676 result); 677 return result; 678 } 679 680 buf = kmalloc(bulklen, GFP_NOIO); 681 if (!buf) 682 return -ENOMEM; 683 684 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 685 buf, bulklen, NULL); 686 kfree(buf); 687 if (result != USB_STOR_XFER_GOOD) { 688 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n", 689 result); 690 return -EIO; 691 } 692 693 return 0; 694 } 695 #endif 696 697 /* 698 * Read Status Command: 12 bytes. 699 * byte 0: opcode: EC 700 * 701 * Returns 64 bytes, all zero except for the first. 702 * bit 0: 1: Error 703 * bit 5: 1: Suspended 704 * bit 6: 1: Ready 705 * bit 7: 1: Not write-protected 706 */ 707 708 static int sddr09_read_status(struct us_data * us,unsigned char * status)709 sddr09_read_status(struct us_data *us, unsigned char *status) { 710 711 unsigned char *command = us->iobuf; 712 unsigned char *data = us->iobuf; 713 int result; 714 715 usb_stor_dbg(us, "Reading status...\n"); 716 717 memset(command, 0, 12); 718 command[0] = 0xEC; 719 command[1] = LUNBITS; 720 721 result = sddr09_send_scsi_command(us, command, 12); 722 if (result) 723 return result; 724 725 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 726 data, 64, NULL); 727 *status = data[0]; 728 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 729 } 730 731 static int sddr09_read_data(struct us_data * us,unsigned long address,unsigned int sectors)732 sddr09_read_data(struct us_data *us, 733 unsigned long address, 734 unsigned int sectors) { 735 736 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 737 unsigned char *buffer; 738 unsigned int lba, maxlba, pba; 739 unsigned int page, pages; 740 unsigned int len, offset; 741 struct scatterlist *sg; 742 int result; 743 744 // Figure out the initial LBA and page 745 lba = address >> info->blockshift; 746 page = (address & info->blockmask); 747 maxlba = info->capacity >> (info->pageshift + info->blockshift); 748 if (lba >= maxlba) 749 return -EIO; 750 751 // Since we only read in one block at a time, we have to create 752 // a bounce buffer and move the data a piece at a time between the 753 // bounce buffer and the actual transfer buffer. 754 755 len = min_t(unsigned int, sectors, info->blocksize) * info->pagesize; 756 buffer = kmalloc(len, GFP_NOIO); 757 if (!buffer) 758 return -ENOMEM; 759 760 // This could be made much more efficient by checking for 761 // contiguous LBA's. Another exercise left to the student. 762 763 result = 0; 764 offset = 0; 765 sg = NULL; 766 767 while (sectors > 0) { 768 769 /* Find number of pages we can read in this block */ 770 pages = min(sectors, info->blocksize - page); 771 len = pages << info->pageshift; 772 773 /* Not overflowing capacity? */ 774 if (lba >= maxlba) { 775 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 776 lba, maxlba); 777 result = -EIO; 778 break; 779 } 780 781 /* Find where this lba lives on disk */ 782 pba = info->lba_to_pba[lba]; 783 784 if (pba == UNDEF) { /* this lba was never written */ 785 786 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n", 787 pages, lba, page); 788 789 /* 790 * This is not really an error. It just means 791 * that the block has never been written. 792 * Instead of returning an error 793 * it is better to return all zero data. 794 */ 795 796 memset(buffer, 0, len); 797 798 } else { 799 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n", 800 pages, pba, lba, page); 801 802 address = ((pba << info->blockshift) + page) << 803 info->pageshift; 804 805 result = sddr09_read20(us, address>>1, 806 pages, info->pageshift, buffer, 0); 807 if (result) 808 break; 809 } 810 811 // Store the data in the transfer buffer 812 usb_stor_access_xfer_buf(buffer, len, us->srb, 813 &sg, &offset, TO_XFER_BUF); 814 815 page = 0; 816 lba++; 817 sectors -= pages; 818 } 819 820 kfree(buffer); 821 return result; 822 } 823 824 static unsigned int sddr09_find_unused_pba(struct sddr09_card_info * info,unsigned int lba)825 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 826 static unsigned int lastpba = 1; 827 int zonestart, end, i; 828 829 zonestart = (lba/1000) << 10; 830 end = info->capacity >> (info->blockshift + info->pageshift); 831 end -= zonestart; 832 if (end > 1024) 833 end = 1024; 834 835 for (i = lastpba+1; i < end; i++) { 836 if (info->pba_to_lba[zonestart+i] == UNDEF) { 837 lastpba = i; 838 return zonestart+i; 839 } 840 } 841 for (i = 0; i <= lastpba; i++) { 842 if (info->pba_to_lba[zonestart+i] == UNDEF) { 843 lastpba = i; 844 return zonestart+i; 845 } 846 } 847 return 0; 848 } 849 850 static int sddr09_write_lba(struct us_data * us,unsigned int lba,unsigned int page,unsigned int pages,unsigned char * ptr,unsigned char * blockbuffer)851 sddr09_write_lba(struct us_data *us, unsigned int lba, 852 unsigned int page, unsigned int pages, 853 unsigned char *ptr, unsigned char *blockbuffer) { 854 855 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 856 unsigned long address; 857 unsigned int pba, lbap; 858 unsigned int pagelen; 859 unsigned char *bptr, *cptr, *xptr; 860 unsigned char ecc[3]; 861 int i, result; 862 863 lbap = ((lba % 1000) << 1) | 0x1000; 864 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 865 lbap ^= 1; 866 pba = info->lba_to_pba[lba]; 867 868 if (pba == UNDEF) { 869 pba = sddr09_find_unused_pba(info, lba); 870 if (!pba) { 871 printk(KERN_WARNING 872 "sddr09_write_lba: Out of unused blocks\n"); 873 return -ENOSPC; 874 } 875 info->pba_to_lba[pba] = lba; 876 info->lba_to_pba[lba] = pba; 877 } 878 879 if (pba == 1) { 880 /* 881 * Maybe it is impossible to write to PBA 1. 882 * Fake success, but don't do anything. 883 */ 884 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 885 return 0; 886 } 887 888 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 889 890 /* read old contents */ 891 address = (pba << (info->pageshift + info->blockshift)); 892 result = sddr09_read22(us, address>>1, info->blocksize, 893 info->pageshift, blockbuffer, 0); 894 if (result) 895 return result; 896 897 /* check old contents and fill lba */ 898 for (i = 0; i < info->blocksize; i++) { 899 bptr = blockbuffer + i*pagelen; 900 cptr = bptr + info->pagesize; 901 nand_compute_ecc(bptr, ecc); 902 if (!nand_compare_ecc(cptr+13, ecc)) { 903 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n", 904 i, pba); 905 nand_store_ecc(cptr+13, ecc); 906 } 907 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 908 if (!nand_compare_ecc(cptr+8, ecc)) { 909 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n", 910 i, pba); 911 nand_store_ecc(cptr+8, ecc); 912 } 913 cptr[6] = cptr[11] = MSB_of(lbap); 914 cptr[7] = cptr[12] = LSB_of(lbap); 915 } 916 917 /* copy in new stuff and compute ECC */ 918 xptr = ptr; 919 for (i = page; i < page+pages; i++) { 920 bptr = blockbuffer + i*pagelen; 921 cptr = bptr + info->pagesize; 922 memcpy(bptr, xptr, info->pagesize); 923 xptr += info->pagesize; 924 nand_compute_ecc(bptr, ecc); 925 nand_store_ecc(cptr+13, ecc); 926 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 927 nand_store_ecc(cptr+8, ecc); 928 } 929 930 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba); 931 932 result = sddr09_write_inplace(us, address>>1, info->blocksize, 933 info->pageshift, blockbuffer, 0); 934 935 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result); 936 937 #if 0 938 { 939 unsigned char status = 0; 940 int result2 = sddr09_read_status(us, &status); 941 if (result2) 942 usb_stor_dbg(us, "cannot read status\n"); 943 else if (status != 0xc0) 944 usb_stor_dbg(us, "status after write: 0x%x\n", status); 945 } 946 #endif 947 948 #if 0 949 { 950 int result2 = sddr09_test_unit_ready(us); 951 } 952 #endif 953 954 return result; 955 } 956 957 static int sddr09_write_data(struct us_data * us,unsigned long address,unsigned int sectors)958 sddr09_write_data(struct us_data *us, 959 unsigned long address, 960 unsigned int sectors) { 961 962 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 963 unsigned int lba, maxlba, page, pages; 964 unsigned int pagelen, blocklen; 965 unsigned char *blockbuffer; 966 unsigned char *buffer; 967 unsigned int len, offset; 968 struct scatterlist *sg; 969 int result; 970 971 /* Figure out the initial LBA and page */ 972 lba = address >> info->blockshift; 973 page = (address & info->blockmask); 974 maxlba = info->capacity >> (info->pageshift + info->blockshift); 975 if (lba >= maxlba) 976 return -EIO; 977 978 /* 979 * blockbuffer is used for reading in the old data, overwriting 980 * with the new data, and performing ECC calculations 981 */ 982 983 /* 984 * TODO: instead of doing kmalloc/kfree for each write, 985 * add a bufferpointer to the info structure 986 */ 987 988 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 989 blocklen = (pagelen << info->blockshift); 990 blockbuffer = kmalloc(blocklen, GFP_NOIO); 991 if (!blockbuffer) 992 return -ENOMEM; 993 994 /* 995 * Since we don't write the user data directly to the device, 996 * we have to create a bounce buffer and move the data a piece 997 * at a time between the bounce buffer and the actual transfer buffer. 998 */ 999 1000 len = min_t(unsigned int, sectors, info->blocksize) * info->pagesize; 1001 buffer = kmalloc(len, GFP_NOIO); 1002 if (!buffer) { 1003 kfree(blockbuffer); 1004 return -ENOMEM; 1005 } 1006 1007 result = 0; 1008 offset = 0; 1009 sg = NULL; 1010 1011 while (sectors > 0) { 1012 1013 /* Write as many sectors as possible in this block */ 1014 1015 pages = min(sectors, info->blocksize - page); 1016 len = (pages << info->pageshift); 1017 1018 /* Not overflowing capacity? */ 1019 if (lba >= maxlba) { 1020 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 1021 lba, maxlba); 1022 result = -EIO; 1023 break; 1024 } 1025 1026 /* Get the data from the transfer buffer */ 1027 usb_stor_access_xfer_buf(buffer, len, us->srb, 1028 &sg, &offset, FROM_XFER_BUF); 1029 1030 result = sddr09_write_lba(us, lba, page, pages, 1031 buffer, blockbuffer); 1032 if (result) 1033 break; 1034 1035 page = 0; 1036 lba++; 1037 sectors -= pages; 1038 } 1039 1040 kfree(buffer); 1041 kfree(blockbuffer); 1042 1043 return result; 1044 } 1045 1046 static int sddr09_read_control(struct us_data * us,unsigned long address,unsigned int blocks,unsigned char * content,int use_sg)1047 sddr09_read_control(struct us_data *us, 1048 unsigned long address, 1049 unsigned int blocks, 1050 unsigned char *content, 1051 int use_sg) { 1052 1053 usb_stor_dbg(us, "Read control address %lu, blocks %d\n", 1054 address, blocks); 1055 1056 return sddr09_read21(us, address, blocks, 1057 CONTROL_SHIFT, content, use_sg); 1058 } 1059 1060 /* 1061 * Read Device ID Command: 12 bytes. 1062 * byte 0: opcode: ED 1063 * 1064 * Returns 2 bytes: Manufacturer ID and Device ID. 1065 * On more recent cards 3 bytes: the third byte is an option code A5 1066 * signifying that the secret command to read an 128-bit ID is available. 1067 * On still more recent cards 4 bytes: the fourth byte C0 means that 1068 * a second read ID cmd is available. 1069 */ 1070 static int sddr09_read_deviceID(struct us_data * us,unsigned char * deviceID)1071 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1072 unsigned char *command = us->iobuf; 1073 unsigned char *content = us->iobuf; 1074 int result, i; 1075 1076 memset(command, 0, 12); 1077 command[0] = 0xED; 1078 command[1] = LUNBITS; 1079 1080 result = sddr09_send_scsi_command(us, command, 12); 1081 if (result) 1082 return result; 1083 1084 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1085 content, 64, NULL); 1086 1087 for (i = 0; i < 4; i++) 1088 deviceID[i] = content[i]; 1089 1090 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1091 } 1092 1093 static int sddr09_get_wp(struct us_data * us,struct sddr09_card_info * info)1094 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1095 int result; 1096 unsigned char status; 1097 const char *wp_fmt; 1098 1099 result = sddr09_read_status(us, &status); 1100 if (result) { 1101 usb_stor_dbg(us, "read_status fails\n"); 1102 return result; 1103 } 1104 if ((status & 0x80) == 0) { 1105 info->flags |= SDDR09_WP; /* write protected */ 1106 wp_fmt = " WP"; 1107 } else { 1108 wp_fmt = ""; 1109 } 1110 usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt, 1111 status & 0x40 ? " Ready" : "", 1112 status & LUNBITS ? " Suspended" : "", 1113 status & 0x01 ? " Error" : ""); 1114 1115 return 0; 1116 } 1117 1118 #if 0 1119 /* 1120 * Reset Command: 12 bytes. 1121 * byte 0: opcode: EB 1122 */ 1123 static int 1124 sddr09_reset(struct us_data *us) { 1125 1126 unsigned char *command = us->iobuf; 1127 1128 memset(command, 0, 12); 1129 command[0] = 0xEB; 1130 command[1] = LUNBITS; 1131 1132 return sddr09_send_scsi_command(us, command, 12); 1133 } 1134 #endif 1135 1136 static struct nand_flash_dev * sddr09_get_cardinfo(struct us_data * us,unsigned char flags)1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1138 struct nand_flash_dev *cardinfo; 1139 unsigned char deviceID[4]; 1140 char blurbtxt[256]; 1141 int result; 1142 1143 usb_stor_dbg(us, "Reading capacity...\n"); 1144 1145 result = sddr09_read_deviceID(us, deviceID); 1146 1147 if (result) { 1148 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result); 1149 printk(KERN_WARNING "sddr09: could not read card info\n"); 1150 return NULL; 1151 } 1152 1153 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID); 1154 1155 /* Byte 0 is the manufacturer */ 1156 sprintf(blurbtxt + strlen(blurbtxt), 1157 ": Manuf. %s", 1158 nand_flash_manufacturer(deviceID[0])); 1159 1160 /* Byte 1 is the device type */ 1161 cardinfo = nand_find_id(deviceID[1]); 1162 if (cardinfo) { 1163 /* 1164 * MB or MiB? It is neither. A 16 MB card has 1165 * 17301504 raw bytes, of which 16384000 are 1166 * usable for user data. 1167 */ 1168 sprintf(blurbtxt + strlen(blurbtxt), 1169 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1170 } else { 1171 sprintf(blurbtxt + strlen(blurbtxt), 1172 ", type unrecognized"); 1173 } 1174 1175 /* Byte 2 is code to signal availability of 128-bit ID */ 1176 if (deviceID[2] == 0xa5) { 1177 sprintf(blurbtxt + strlen(blurbtxt), 1178 ", 128-bit ID"); 1179 } 1180 1181 /* Byte 3 announces the availability of another read ID command */ 1182 if (deviceID[3] == 0xc0) { 1183 sprintf(blurbtxt + strlen(blurbtxt), 1184 ", extra cmd"); 1185 } 1186 1187 if (flags & SDDR09_WP) 1188 sprintf(blurbtxt + strlen(blurbtxt), 1189 ", WP"); 1190 1191 printk(KERN_WARNING "%s\n", blurbtxt); 1192 1193 return cardinfo; 1194 } 1195 1196 static int sddr09_read_map(struct us_data * us)1197 sddr09_read_map(struct us_data *us) { 1198 1199 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1200 int numblocks, alloc_len, alloc_blocks; 1201 int i, j, result; 1202 unsigned char *buffer, *buffer_end, *ptr; 1203 unsigned int lba, lbact; 1204 1205 if (!info->capacity) 1206 return -1; 1207 1208 /* 1209 * size of a block is 1 << (blockshift + pageshift) bytes 1210 * divide into the total capacity to get the number of blocks 1211 */ 1212 1213 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1214 1215 /* 1216 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1217 * but only use a 64 KB buffer 1218 * buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1219 */ 1220 #define SDDR09_READ_MAP_BUFSZ 65536 1221 1222 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1223 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1224 buffer = kmalloc(alloc_len, GFP_NOIO); 1225 if (!buffer) { 1226 result = -1; 1227 goto done; 1228 } 1229 buffer_end = buffer + alloc_len; 1230 1231 #undef SDDR09_READ_MAP_BUFSZ 1232 1233 kfree(info->lba_to_pba); 1234 kfree(info->pba_to_lba); 1235 info->lba_to_pba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO); 1236 info->pba_to_lba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO); 1237 1238 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1239 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1240 result = -1; 1241 goto done; 1242 } 1243 1244 for (i = 0; i < numblocks; i++) 1245 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1246 1247 /* 1248 * Define lba-pba translation table 1249 */ 1250 1251 ptr = buffer_end; 1252 for (i = 0; i < numblocks; i++) { 1253 ptr += (1 << CONTROL_SHIFT); 1254 if (ptr >= buffer_end) { 1255 unsigned long address; 1256 1257 address = i << (info->pageshift + info->blockshift); 1258 result = sddr09_read_control( 1259 us, address>>1, 1260 min(alloc_blocks, numblocks - i), 1261 buffer, 0); 1262 if (result) { 1263 result = -1; 1264 goto done; 1265 } 1266 ptr = buffer; 1267 } 1268 1269 if (i == 0 || i == 1) { 1270 info->pba_to_lba[i] = UNUSABLE; 1271 continue; 1272 } 1273 1274 /* special PBAs have control field 0^16 */ 1275 for (j = 0; j < 16; j++) 1276 if (ptr[j] != 0) 1277 goto nonz; 1278 info->pba_to_lba[i] = UNUSABLE; 1279 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1280 i); 1281 continue; 1282 1283 nonz: 1284 /* unwritten PBAs have control field FF^16 */ 1285 for (j = 0; j < 16; j++) 1286 if (ptr[j] != 0xff) 1287 goto nonff; 1288 continue; 1289 1290 nonff: 1291 /* normal PBAs start with six FFs */ 1292 if (j < 6) { 1293 printk(KERN_WARNING 1294 "sddr09: PBA %d has no logical mapping: " 1295 "reserved area = %02X%02X%02X%02X " 1296 "data status %02X block status %02X\n", 1297 i, ptr[0], ptr[1], ptr[2], ptr[3], 1298 ptr[4], ptr[5]); 1299 info->pba_to_lba[i] = UNUSABLE; 1300 continue; 1301 } 1302 1303 if ((ptr[6] >> 4) != 0x01) { 1304 printk(KERN_WARNING 1305 "sddr09: PBA %d has invalid address field " 1306 "%02X%02X/%02X%02X\n", 1307 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1308 info->pba_to_lba[i] = UNUSABLE; 1309 continue; 1310 } 1311 1312 /* check even parity */ 1313 if (parity[ptr[6] ^ ptr[7]]) { 1314 printk(KERN_WARNING 1315 "sddr09: Bad parity in LBA for block %d" 1316 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1317 info->pba_to_lba[i] = UNUSABLE; 1318 continue; 1319 } 1320 1321 lba = short_pack(ptr[7], ptr[6]); 1322 lba = (lba & 0x07FF) >> 1; 1323 1324 /* 1325 * Every 1024 physical blocks ("zone"), the LBA numbers 1326 * go back to zero, but are within a higher block of LBA's. 1327 * Also, there is a maximum of 1000 LBA's per zone. 1328 * In other words, in PBA 1024-2047 you will find LBA 0-999 1329 * which are really LBA 1000-1999. This allows for 24 bad 1330 * or special physical blocks per zone. 1331 */ 1332 1333 if (lba >= 1000) { 1334 printk(KERN_WARNING 1335 "sddr09: Bad low LBA %d for block %d\n", 1336 lba, i); 1337 goto possibly_erase; 1338 } 1339 1340 lba += 1000*(i/0x400); 1341 1342 if (info->lba_to_pba[lba] != UNDEF) { 1343 printk(KERN_WARNING 1344 "sddr09: LBA %d seen for PBA %d and %d\n", 1345 lba, info->lba_to_pba[lba], i); 1346 goto possibly_erase; 1347 } 1348 1349 info->pba_to_lba[i] = lba; 1350 info->lba_to_pba[lba] = i; 1351 continue; 1352 1353 possibly_erase: 1354 if (erase_bad_lba_entries) { 1355 unsigned long address; 1356 1357 address = (i << (info->pageshift + info->blockshift)); 1358 sddr09_erase(us, address>>1); 1359 info->pba_to_lba[i] = UNDEF; 1360 } else 1361 info->pba_to_lba[i] = UNUSABLE; 1362 } 1363 1364 /* 1365 * Approximate capacity. This is not entirely correct yet, 1366 * since a zone with less than 1000 usable pages leads to 1367 * missing LBAs. Especially if it is the last zone, some 1368 * LBAs can be past capacity. 1369 */ 1370 lbact = 0; 1371 for (i = 0; i < numblocks; i += 1024) { 1372 int ct = 0; 1373 1374 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1375 if (info->pba_to_lba[i+j] != UNUSABLE) { 1376 if (ct >= 1000) 1377 info->pba_to_lba[i+j] = SPARE; 1378 else 1379 ct++; 1380 } 1381 } 1382 lbact += ct; 1383 } 1384 info->lbact = lbact; 1385 usb_stor_dbg(us, "Found %d LBA's\n", lbact); 1386 result = 0; 1387 1388 done: 1389 if (result != 0) { 1390 kfree(info->lba_to_pba); 1391 kfree(info->pba_to_lba); 1392 info->lba_to_pba = NULL; 1393 info->pba_to_lba = NULL; 1394 } 1395 kfree(buffer); 1396 return result; 1397 } 1398 1399 static void sddr09_card_info_destructor(void * extra)1400 sddr09_card_info_destructor(void *extra) { 1401 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1402 1403 if (!info) 1404 return; 1405 1406 kfree(info->lba_to_pba); 1407 kfree(info->pba_to_lba); 1408 } 1409 1410 static int sddr09_common_init(struct us_data * us)1411 sddr09_common_init(struct us_data *us) { 1412 int result; 1413 1414 /* set the configuration -- STALL is an acceptable response here */ 1415 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1416 usb_stor_dbg(us, "active config #%d != 1 ??\n", 1417 us->pusb_dev->actconfig->desc.bConfigurationValue); 1418 return -EINVAL; 1419 } 1420 1421 result = usb_reset_configuration(us->pusb_dev); 1422 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result); 1423 if (result == -EPIPE) { 1424 usb_stor_dbg(us, "-- stall on control interface\n"); 1425 } else if (result != 0) { 1426 /* it's not a stall, but another error -- time to bail */ 1427 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n"); 1428 return -EINVAL; 1429 } 1430 1431 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1432 if (!us->extra) 1433 return -ENOMEM; 1434 us->extra_destructor = sddr09_card_info_destructor; 1435 1436 nand_init_ecc(); 1437 return 0; 1438 } 1439 1440 1441 /* 1442 * This is needed at a very early stage. If this is not listed in the 1443 * unusual devices list but called from here then LUN 0 of the combo reader 1444 * is not recognized. But I do not know what precisely these calls do. 1445 */ 1446 static int usb_stor_sddr09_dpcm_init(struct us_data * us)1447 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1448 int result; 1449 unsigned char *data = us->iobuf; 1450 1451 result = sddr09_common_init(us); 1452 if (result) 1453 return result; 1454 1455 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1456 if (result) { 1457 usb_stor_dbg(us, "send_command fails\n"); 1458 return result; 1459 } 1460 1461 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1462 // get 07 02 1463 1464 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1465 if (result) { 1466 usb_stor_dbg(us, "2nd send_command fails\n"); 1467 return result; 1468 } 1469 1470 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1471 // get 07 00 1472 1473 result = sddr09_request_sense(us, data, 18); 1474 if (result == 0 && data[2] != 0) { 1475 int j; 1476 for (j=0; j<18; j++) 1477 printk(" %02X", data[j]); 1478 printk("\n"); 1479 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1480 // 70: current command 1481 // sense key 0, sense code 0, extd sense code 0 1482 // additional transfer length * = sizeof(data) - 7 1483 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1484 // sense key 06, sense code 28: unit attention, 1485 // not ready to ready transition 1486 } 1487 1488 // test unit ready 1489 1490 return 0; /* not result */ 1491 } 1492 1493 /* 1494 * Transport for the Microtech DPCM-USB 1495 */ dpcm_transport(struct scsi_cmnd * srb,struct us_data * us)1496 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1497 { 1498 int ret; 1499 1500 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun); 1501 1502 switch (srb->device->lun) { 1503 case 0: 1504 1505 /* 1506 * LUN 0 corresponds to the CompactFlash card reader. 1507 */ 1508 ret = usb_stor_CB_transport(srb, us); 1509 break; 1510 1511 case 1: 1512 1513 /* 1514 * LUN 1 corresponds to the SmartMedia card reader. 1515 */ 1516 1517 /* 1518 * Set the LUN to 0 (just in case). 1519 */ 1520 srb->device->lun = 0; 1521 ret = sddr09_transport(srb, us); 1522 srb->device->lun = 1; 1523 break; 1524 1525 default: 1526 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun); 1527 ret = USB_STOR_TRANSPORT_ERROR; 1528 break; 1529 } 1530 return ret; 1531 } 1532 1533 1534 /* 1535 * Transport for the Sandisk SDDR-09 1536 */ sddr09_transport(struct scsi_cmnd * srb,struct us_data * us)1537 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1538 { 1539 static unsigned char sensekey = 0, sensecode = 0; 1540 static unsigned char havefakesense = 0; 1541 int result, i; 1542 unsigned char *ptr = us->iobuf; 1543 unsigned long capacity; 1544 unsigned int page, pages; 1545 1546 struct sddr09_card_info *info; 1547 1548 static unsigned char inquiry_response[8] = { 1549 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1550 }; 1551 1552 /* note: no block descriptor support */ 1553 static unsigned char mode_page_01[19] = { 1554 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1555 0x01, 0x0A, 1556 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1557 }; 1558 1559 info = (struct sddr09_card_info *)us->extra; 1560 1561 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1562 /* for a faked command, we have to follow with a faked sense */ 1563 memset(ptr, 0, 18); 1564 ptr[0] = 0x70; 1565 ptr[2] = sensekey; 1566 ptr[7] = 11; 1567 ptr[12] = sensecode; 1568 usb_stor_set_xfer_buf(ptr, 18, srb); 1569 sensekey = sensecode = havefakesense = 0; 1570 return USB_STOR_TRANSPORT_GOOD; 1571 } 1572 1573 havefakesense = 1; 1574 1575 /* 1576 * Dummy up a response for INQUIRY since SDDR09 doesn't 1577 * respond to INQUIRY commands 1578 */ 1579 1580 if (srb->cmnd[0] == INQUIRY) { 1581 memcpy(ptr, inquiry_response, 8); 1582 fill_inquiry_response(us, ptr, 36); 1583 return USB_STOR_TRANSPORT_GOOD; 1584 } 1585 1586 if (srb->cmnd[0] == READ_CAPACITY) { 1587 struct nand_flash_dev *cardinfo; 1588 1589 sddr09_get_wp(us, info); /* read WP bit */ 1590 1591 cardinfo = sddr09_get_cardinfo(us, info->flags); 1592 if (!cardinfo) { 1593 /* probably no media */ 1594 init_error: 1595 sensekey = 0x02; /* not ready */ 1596 sensecode = 0x3a; /* medium not present */ 1597 return USB_STOR_TRANSPORT_FAILED; 1598 } 1599 1600 info->capacity = (1 << cardinfo->chipshift); 1601 info->pageshift = cardinfo->pageshift; 1602 info->pagesize = (1 << info->pageshift); 1603 info->blockshift = cardinfo->blockshift; 1604 info->blocksize = (1 << info->blockshift); 1605 info->blockmask = info->blocksize - 1; 1606 1607 // map initialization, must follow get_cardinfo() 1608 if (sddr09_read_map(us)) { 1609 /* probably out of memory */ 1610 goto init_error; 1611 } 1612 1613 // Report capacity 1614 1615 capacity = (info->lbact << info->blockshift) - 1; 1616 1617 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1618 1619 // Report page size 1620 1621 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1622 usb_stor_set_xfer_buf(ptr, 8, srb); 1623 1624 return USB_STOR_TRANSPORT_GOOD; 1625 } 1626 1627 if (srb->cmnd[0] == MODE_SENSE_10) { 1628 int modepage = (srb->cmnd[2] & 0x3F); 1629 1630 /* 1631 * They ask for the Read/Write error recovery page, 1632 * or for all pages. 1633 */ 1634 /* %% We should check DBD %% */ 1635 if (modepage == 0x01 || modepage == 0x3F) { 1636 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n", 1637 modepage); 1638 1639 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1640 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1641 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1642 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1643 return USB_STOR_TRANSPORT_GOOD; 1644 } 1645 1646 sensekey = 0x05; /* illegal request */ 1647 sensecode = 0x24; /* invalid field in CDB */ 1648 return USB_STOR_TRANSPORT_FAILED; 1649 } 1650 1651 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1652 return USB_STOR_TRANSPORT_GOOD; 1653 1654 havefakesense = 0; 1655 1656 if (srb->cmnd[0] == READ_10) { 1657 1658 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1659 page <<= 16; 1660 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1661 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1662 1663 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n", 1664 page, pages); 1665 1666 result = sddr09_read_data(us, page, pages); 1667 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1668 USB_STOR_TRANSPORT_ERROR); 1669 } 1670 1671 if (srb->cmnd[0] == WRITE_10) { 1672 1673 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1674 page <<= 16; 1675 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1676 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1677 1678 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n", 1679 page, pages); 1680 1681 result = sddr09_write_data(us, page, pages); 1682 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1683 USB_STOR_TRANSPORT_ERROR); 1684 } 1685 1686 /* 1687 * catch-all for all other commands, except 1688 * pass TEST_UNIT_READY and REQUEST_SENSE through 1689 */ 1690 if (srb->cmnd[0] != TEST_UNIT_READY && 1691 srb->cmnd[0] != REQUEST_SENSE) { 1692 sensekey = 0x05; /* illegal request */ 1693 sensecode = 0x20; /* invalid command */ 1694 havefakesense = 1; 1695 return USB_STOR_TRANSPORT_FAILED; 1696 } 1697 1698 for (; srb->cmd_len<12; srb->cmd_len++) 1699 srb->cmnd[srb->cmd_len] = 0; 1700 1701 srb->cmnd[1] = LUNBITS; 1702 1703 ptr[0] = 0; 1704 for (i=0; i<12; i++) 1705 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1706 1707 usb_stor_dbg(us, "Send control for command %s\n", ptr); 1708 1709 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1710 if (result) { 1711 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n", 1712 result); 1713 return USB_STOR_TRANSPORT_ERROR; 1714 } 1715 1716 if (scsi_bufflen(srb) == 0) 1717 return USB_STOR_TRANSPORT_GOOD; 1718 1719 if (srb->sc_data_direction == DMA_TO_DEVICE || 1720 srb->sc_data_direction == DMA_FROM_DEVICE) { 1721 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1722 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1723 1724 usb_stor_dbg(us, "%s %d bytes\n", 1725 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1726 "sending" : "receiving", 1727 scsi_bufflen(srb)); 1728 1729 result = usb_stor_bulk_srb(us, pipe, srb); 1730 1731 return (result == USB_STOR_XFER_GOOD ? 1732 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1733 } 1734 1735 return USB_STOR_TRANSPORT_GOOD; 1736 } 1737 1738 /* 1739 * Initialization routine for the sddr09 subdriver 1740 */ 1741 static int usb_stor_sddr09_init(struct us_data * us)1742 usb_stor_sddr09_init(struct us_data *us) { 1743 return sddr09_common_init(us); 1744 } 1745 1746 static struct scsi_host_template sddr09_host_template; 1747 sddr09_probe(struct usb_interface * intf,const struct usb_device_id * id)1748 static int sddr09_probe(struct usb_interface *intf, 1749 const struct usb_device_id *id) 1750 { 1751 struct us_data *us; 1752 int result; 1753 1754 result = usb_stor_probe1(&us, intf, id, 1755 (id - sddr09_usb_ids) + sddr09_unusual_dev_list, 1756 &sddr09_host_template); 1757 if (result) 1758 return result; 1759 1760 if (us->protocol == USB_PR_DPCM_USB) { 1761 us->transport_name = "Control/Bulk-EUSB/SDDR09"; 1762 us->transport = dpcm_transport; 1763 us->transport_reset = usb_stor_CB_reset; 1764 us->max_lun = 1; 1765 } else { 1766 us->transport_name = "EUSB/SDDR09"; 1767 us->transport = sddr09_transport; 1768 us->transport_reset = usb_stor_CB_reset; 1769 us->max_lun = 0; 1770 } 1771 1772 result = usb_stor_probe2(us); 1773 return result; 1774 } 1775 1776 static struct usb_driver sddr09_driver = { 1777 .name = DRV_NAME, 1778 .probe = sddr09_probe, 1779 .disconnect = usb_stor_disconnect, 1780 .suspend = usb_stor_suspend, 1781 .resume = usb_stor_resume, 1782 .reset_resume = usb_stor_reset_resume, 1783 .pre_reset = usb_stor_pre_reset, 1784 .post_reset = usb_stor_post_reset, 1785 .id_table = sddr09_usb_ids, 1786 .soft_unbind = 1, 1787 .no_dynamic_id = 1, 1788 }; 1789 1790 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME); 1791