xref: /linux/drivers/usb/storage/sddr09.c (revision 071bf69a0220253a44acb8b2a27f7a262b9a46bf)
1 /*
2  * Driver for SanDisk SDDR-09 SmartMedia reader
3  *
4  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
6  * Developed with the assistance of:
7  *   (c) 2002 Alan Stern <stern@rowland.org>
8  *
9  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10  * This chip is a programmable USB controller. In the SDDR-09, it has
11  * been programmed to obey a certain limited set of SCSI commands.
12  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
13  * commands.
14  *
15  * This program is free software; you can redistribute it and/or modify it
16  * under the terms of the GNU General Public License as published by the
17  * Free Software Foundation; either version 2, or (at your option) any
18  * later version.
19  *
20  * This program is distributed in the hope that it will be useful, but
21  * WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23  * General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License along
26  * with this program; if not, write to the Free Software Foundation, Inc.,
27  * 675 Mass Ave, Cambridge, MA 02139, USA.
28  */
29 
30 /*
31  * Known vendor commands: 12 bytes, first byte is opcode
32  *
33  * E7: read scatter gather
34  * E8: read
35  * E9: write
36  * EA: erase
37  * EB: reset
38  * EC: read status
39  * ED: read ID
40  * EE: write CIS (?)
41  * EF: compute checksum (?)
42  */
43 
44 #include <linux/errno.h>
45 #include <linux/module.h>
46 #include <linux/slab.h>
47 
48 #include <scsi/scsi.h>
49 #include <scsi/scsi_cmnd.h>
50 #include <scsi/scsi_device.h>
51 
52 #include "usb.h"
53 #include "transport.h"
54 #include "protocol.h"
55 #include "debug.h"
56 #include "scsiglue.h"
57 
58 #define DRV_NAME "ums-sddr09"
59 
60 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
61 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
62 MODULE_LICENSE("GPL");
63 
64 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
65 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
66 static int usb_stor_sddr09_init(struct us_data *us);
67 
68 
69 /*
70  * The table of devices
71  */
72 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
73 		    vendorName, productName, useProtocol, useTransport, \
74 		    initFunction, flags) \
75 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
76   .driver_info = (flags) }
77 
78 static struct usb_device_id sddr09_usb_ids[] = {
79 #	include "unusual_sddr09.h"
80 	{ }		/* Terminating entry */
81 };
82 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
83 
84 #undef UNUSUAL_DEV
85 
86 /*
87  * The flags table
88  */
89 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
90 		    vendor_name, product_name, use_protocol, use_transport, \
91 		    init_function, Flags) \
92 { \
93 	.vendorName = vendor_name,	\
94 	.productName = product_name,	\
95 	.useProtocol = use_protocol,	\
96 	.useTransport = use_transport,	\
97 	.initFunction = init_function,	\
98 }
99 
100 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
101 #	include "unusual_sddr09.h"
102 	{ }		/* Terminating entry */
103 };
104 
105 #undef UNUSUAL_DEV
106 
107 
108 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
109 #define LSB_of(s) ((s)&0xFF)
110 #define MSB_of(s) ((s)>>8)
111 
112 /*
113  * First some stuff that does not belong here:
114  * data on SmartMedia and other cards, completely
115  * unrelated to this driver.
116  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
117  */
118 
119 struct nand_flash_dev {
120 	int model_id;
121 	int chipshift;		/* 1<<cs bytes total capacity */
122 	char pageshift;		/* 1<<ps bytes in a page */
123 	char blockshift;	/* 1<<bs pages in an erase block */
124 	char zoneshift;		/* 1<<zs blocks in a zone */
125 				/* # of logical blocks is 125/128 of this */
126 	char pageadrlen;	/* length of an address in bytes - 1 */
127 };
128 
129 /*
130  * NAND Flash Manufacturer ID Codes
131  */
132 #define NAND_MFR_AMD		0x01
133 #define NAND_MFR_NATSEMI	0x8f
134 #define NAND_MFR_TOSHIBA	0x98
135 #define NAND_MFR_SAMSUNG	0xec
136 
137 static inline char *nand_flash_manufacturer(int manuf_id) {
138 	switch(manuf_id) {
139 	case NAND_MFR_AMD:
140 		return "AMD";
141 	case NAND_MFR_NATSEMI:
142 		return "NATSEMI";
143 	case NAND_MFR_TOSHIBA:
144 		return "Toshiba";
145 	case NAND_MFR_SAMSUNG:
146 		return "Samsung";
147 	default:
148 		return "unknown";
149 	}
150 }
151 
152 /*
153  * It looks like it is unnecessary to attach manufacturer to the
154  * remaining data: SSFDC prescribes manufacturer-independent id codes.
155  *
156  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
157  */
158 
159 static struct nand_flash_dev nand_flash_ids[] = {
160 	/* NAND flash */
161 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
162 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
163 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
164 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
165 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
166 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
167 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
168 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
169 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
170 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
171 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
172 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
173 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
174 
175 	/* MASK ROM */
176 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
177 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
178 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
179 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
180 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
181 	{ 0,}
182 };
183 
184 static struct nand_flash_dev *
185 nand_find_id(unsigned char id) {
186 	int i;
187 
188 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
189 		if (nand_flash_ids[i].model_id == id)
190 			return &(nand_flash_ids[i]);
191 	return NULL;
192 }
193 
194 /*
195  * ECC computation.
196  */
197 static unsigned char parity[256];
198 static unsigned char ecc2[256];
199 
200 static void nand_init_ecc(void) {
201 	int i, j, a;
202 
203 	parity[0] = 0;
204 	for (i = 1; i < 256; i++)
205 		parity[i] = (parity[i&(i-1)] ^ 1);
206 
207 	for (i = 0; i < 256; i++) {
208 		a = 0;
209 		for (j = 0; j < 8; j++) {
210 			if (i & (1<<j)) {
211 				if ((j & 1) == 0)
212 					a ^= 0x04;
213 				if ((j & 2) == 0)
214 					a ^= 0x10;
215 				if ((j & 4) == 0)
216 					a ^= 0x40;
217 			}
218 		}
219 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
220 	}
221 }
222 
223 /* compute 3-byte ecc on 256 bytes */
224 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
225 	int i, j, a;
226 	unsigned char par = 0, bit, bits[8] = {0};
227 
228 	/* collect 16 checksum bits */
229 	for (i = 0; i < 256; i++) {
230 		par ^= data[i];
231 		bit = parity[data[i]];
232 		for (j = 0; j < 8; j++)
233 			if ((i & (1<<j)) == 0)
234 				bits[j] ^= bit;
235 	}
236 
237 	/* put 4+4+4 = 12 bits in the ecc */
238 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
239 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
240 
241 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
242 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
243 
244 	ecc[2] = ecc2[par];
245 }
246 
247 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
248 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
249 }
250 
251 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
252 	memcpy(data, ecc, 3);
253 }
254 
255 /*
256  * The actual driver starts here.
257  */
258 
259 struct sddr09_card_info {
260 	unsigned long	capacity;	/* Size of card in bytes */
261 	int		pagesize;	/* Size of page in bytes */
262 	int		pageshift;	/* log2 of pagesize */
263 	int		blocksize;	/* Size of block in pages */
264 	int		blockshift;	/* log2 of blocksize */
265 	int		blockmask;	/* 2^blockshift - 1 */
266 	int		*lba_to_pba;	/* logical to physical map */
267 	int		*pba_to_lba;	/* physical to logical map */
268 	int		lbact;		/* number of available pages */
269 	int		flags;
270 #define	SDDR09_WP	1		/* write protected */
271 };
272 
273 /*
274  * On my 16MB card, control blocks have size 64 (16 real control bytes,
275  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
276  * so the reader makes up the remaining 48. Don't know whether these numbers
277  * depend on the card. For now a constant.
278  */
279 #define CONTROL_SHIFT 6
280 
281 /*
282  * On my Combo CF/SM reader, the SM reader has LUN 1.
283  * (and things fail with LUN 0).
284  * It seems LUN is irrelevant for others.
285  */
286 #define LUN	1
287 #define	LUNBITS	(LUN << 5)
288 
289 /*
290  * LBA and PBA are unsigned ints. Special values.
291  */
292 #define UNDEF    0xffffffff
293 #define SPARE    0xfffffffe
294 #define UNUSABLE 0xfffffffd
295 
296 static const int erase_bad_lba_entries = 0;
297 
298 /* send vendor interface command (0x41) */
299 /* called for requests 0, 1, 8 */
300 static int
301 sddr09_send_command(struct us_data *us,
302 		    unsigned char request,
303 		    unsigned char direction,
304 		    unsigned char *xfer_data,
305 		    unsigned int xfer_len) {
306 	unsigned int pipe;
307 	unsigned char requesttype = (0x41 | direction);
308 	int rc;
309 
310 	// Get the receive or send control pipe number
311 
312 	if (direction == USB_DIR_IN)
313 		pipe = us->recv_ctrl_pipe;
314 	else
315 		pipe = us->send_ctrl_pipe;
316 
317 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
318 				   0, 0, xfer_data, xfer_len);
319 	switch (rc) {
320 		case USB_STOR_XFER_GOOD:	return 0;
321 		case USB_STOR_XFER_STALLED:	return -EPIPE;
322 		default:			return -EIO;
323 	}
324 }
325 
326 static int
327 sddr09_send_scsi_command(struct us_data *us,
328 			 unsigned char *command,
329 			 unsigned int command_len) {
330 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
331 }
332 
333 #if 0
334 /*
335  * Test Unit Ready Command: 12 bytes.
336  * byte 0: opcode: 00
337  */
338 static int
339 sddr09_test_unit_ready(struct us_data *us) {
340 	unsigned char *command = us->iobuf;
341 	int result;
342 
343 	memset(command, 0, 6);
344 	command[1] = LUNBITS;
345 
346 	result = sddr09_send_scsi_command(us, command, 6);
347 
348 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
349 
350 	return result;
351 }
352 #endif
353 
354 /*
355  * Request Sense Command: 12 bytes.
356  * byte 0: opcode: 03
357  * byte 4: data length
358  */
359 static int
360 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
361 	unsigned char *command = us->iobuf;
362 	int result;
363 
364 	memset(command, 0, 12);
365 	command[0] = 0x03;
366 	command[1] = LUNBITS;
367 	command[4] = buflen;
368 
369 	result = sddr09_send_scsi_command(us, command, 12);
370 	if (result)
371 		return result;
372 
373 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
374 			sensebuf, buflen, NULL);
375 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
376 }
377 
378 /*
379  * Read Command: 12 bytes.
380  * byte 0: opcode: E8
381  * byte 1: last two bits: 00: read data, 01: read blockwise control,
382  *			10: read both, 11: read pagewise control.
383  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
384  * bytes 2-5: address (interpretation depends on byte 1, see below)
385  * bytes 10-11: count (idem)
386  *
387  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
388  * A read data command gets data in 512-byte pages.
389  * A read control command gets control in 64-byte chunks.
390  * A read both command gets data+control in 576-byte chunks.
391  *
392  * Blocks are groups of 32 pages, and read blockwise control jumps to the
393  * next block, while read pagewise control jumps to the next page after
394  * reading a group of 64 control bytes.
395  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
396  *
397  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
398  */
399 
400 static int
401 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
402 	     int nr_of_pages, int bulklen, unsigned char *buf,
403 	     int use_sg) {
404 
405 	unsigned char *command = us->iobuf;
406 	int result;
407 
408 	command[0] = 0xE8;
409 	command[1] = LUNBITS | x;
410 	command[2] = MSB_of(fromaddress>>16);
411 	command[3] = LSB_of(fromaddress>>16);
412 	command[4] = MSB_of(fromaddress & 0xFFFF);
413 	command[5] = LSB_of(fromaddress & 0xFFFF);
414 	command[6] = 0;
415 	command[7] = 0;
416 	command[8] = 0;
417 	command[9] = 0;
418 	command[10] = MSB_of(nr_of_pages);
419 	command[11] = LSB_of(nr_of_pages);
420 
421 	result = sddr09_send_scsi_command(us, command, 12);
422 
423 	if (result) {
424 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
425 			     x, result);
426 		return result;
427 	}
428 
429 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
430 				       buf, bulklen, use_sg, NULL);
431 
432 	if (result != USB_STOR_XFER_GOOD) {
433 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
434 			     x, result);
435 		return -EIO;
436 	}
437 	return 0;
438 }
439 
440 /*
441  * Read Data
442  *
443  * fromaddress counts data shorts:
444  * increasing it by 256 shifts the bytestream by 512 bytes;
445  * the last 8 bits are ignored.
446  *
447  * nr_of_pages counts pages of size (1 << pageshift).
448  */
449 static int
450 sddr09_read20(struct us_data *us, unsigned long fromaddress,
451 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
452 	int bulklen = nr_of_pages << pageshift;
453 
454 	/* The last 8 bits of fromaddress are ignored. */
455 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
456 			    buf, use_sg);
457 }
458 
459 /*
460  * Read Blockwise Control
461  *
462  * fromaddress gives the starting position (as in read data;
463  * the last 8 bits are ignored); increasing it by 32*256 shifts
464  * the output stream by 64 bytes.
465  *
466  * count counts control groups of size (1 << controlshift).
467  * For me, controlshift = 6. Is this constant?
468  *
469  * After getting one control group, jump to the next block
470  * (fromaddress += 8192).
471  */
472 static int
473 sddr09_read21(struct us_data *us, unsigned long fromaddress,
474 	      int count, int controlshift, unsigned char *buf, int use_sg) {
475 
476 	int bulklen = (count << controlshift);
477 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
478 			    buf, use_sg);
479 }
480 
481 /*
482  * Read both Data and Control
483  *
484  * fromaddress counts data shorts, ignoring control:
485  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
486  * the last 8 bits are ignored.
487  *
488  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
489  */
490 static int
491 sddr09_read22(struct us_data *us, unsigned long fromaddress,
492 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
493 
494 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
495 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
496 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
497 			    buf, use_sg);
498 }
499 
500 #if 0
501 /*
502  * Read Pagewise Control
503  *
504  * fromaddress gives the starting position (as in read data;
505  * the last 8 bits are ignored); increasing it by 256 shifts
506  * the output stream by 64 bytes.
507  *
508  * count counts control groups of size (1 << controlshift).
509  * For me, controlshift = 6. Is this constant?
510  *
511  * After getting one control group, jump to the next page
512  * (fromaddress += 256).
513  */
514 static int
515 sddr09_read23(struct us_data *us, unsigned long fromaddress,
516 	      int count, int controlshift, unsigned char *buf, int use_sg) {
517 
518 	int bulklen = (count << controlshift);
519 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
520 			    buf, use_sg);
521 }
522 #endif
523 
524 /*
525  * Erase Command: 12 bytes.
526  * byte 0: opcode: EA
527  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
528  *
529  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
530  * The byte address being erased is 2*Eaddress.
531  * The CIS cannot be erased.
532  */
533 static int
534 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
535 	unsigned char *command = us->iobuf;
536 	int result;
537 
538 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
539 
540 	memset(command, 0, 12);
541 	command[0] = 0xEA;
542 	command[1] = LUNBITS;
543 	command[6] = MSB_of(Eaddress>>16);
544 	command[7] = LSB_of(Eaddress>>16);
545 	command[8] = MSB_of(Eaddress & 0xFFFF);
546 	command[9] = LSB_of(Eaddress & 0xFFFF);
547 
548 	result = sddr09_send_scsi_command(us, command, 12);
549 
550 	if (result)
551 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
552 			     result);
553 
554 	return result;
555 }
556 
557 /*
558  * Write CIS Command: 12 bytes.
559  * byte 0: opcode: EE
560  * bytes 2-5: write address in shorts
561  * bytes 10-11: sector count
562  *
563  * This writes at the indicated address. Don't know how it differs
564  * from E9. Maybe it does not erase? However, it will also write to
565  * the CIS.
566  *
567  * When two such commands on the same page follow each other directly,
568  * the second one is not done.
569  */
570 
571 /*
572  * Write Command: 12 bytes.
573  * byte 0: opcode: E9
574  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
575  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
576  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
577  *
578  * If write address equals erase address, the erase is done first,
579  * otherwise the write is done first. When erase address equals zero
580  * no erase is done?
581  */
582 static int
583 sddr09_writeX(struct us_data *us,
584 	      unsigned long Waddress, unsigned long Eaddress,
585 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
586 
587 	unsigned char *command = us->iobuf;
588 	int result;
589 
590 	command[0] = 0xE9;
591 	command[1] = LUNBITS;
592 
593 	command[2] = MSB_of(Waddress>>16);
594 	command[3] = LSB_of(Waddress>>16);
595 	command[4] = MSB_of(Waddress & 0xFFFF);
596 	command[5] = LSB_of(Waddress & 0xFFFF);
597 
598 	command[6] = MSB_of(Eaddress>>16);
599 	command[7] = LSB_of(Eaddress>>16);
600 	command[8] = MSB_of(Eaddress & 0xFFFF);
601 	command[9] = LSB_of(Eaddress & 0xFFFF);
602 
603 	command[10] = MSB_of(nr_of_pages);
604 	command[11] = LSB_of(nr_of_pages);
605 
606 	result = sddr09_send_scsi_command(us, command, 12);
607 
608 	if (result) {
609 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
610 			     result);
611 		return result;
612 	}
613 
614 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
615 				       buf, bulklen, use_sg, NULL);
616 
617 	if (result != USB_STOR_XFER_GOOD) {
618 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
619 			     result);
620 		return -EIO;
621 	}
622 	return 0;
623 }
624 
625 /* erase address, write same address */
626 static int
627 sddr09_write_inplace(struct us_data *us, unsigned long address,
628 		     int nr_of_pages, int pageshift, unsigned char *buf,
629 		     int use_sg) {
630 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
631 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
632 			     buf, use_sg);
633 }
634 
635 #if 0
636 /*
637  * Read Scatter Gather Command: 3+4n bytes.
638  * byte 0: opcode E7
639  * byte 2: n
640  * bytes 4i-1,4i,4i+1: page address
641  * byte 4i+2: page count
642  * (i=1..n)
643  *
644  * This reads several pages from the card to a single memory buffer.
645  * The last two bits of byte 1 have the same meaning as for E8.
646  */
647 static int
648 sddr09_read_sg_test_only(struct us_data *us) {
649 	unsigned char *command = us->iobuf;
650 	int result, bulklen, nsg, ct;
651 	unsigned char *buf;
652 	unsigned long address;
653 
654 	nsg = bulklen = 0;
655 	command[0] = 0xE7;
656 	command[1] = LUNBITS;
657 	command[2] = 0;
658 	address = 040000; ct = 1;
659 	nsg++;
660 	bulklen += (ct << 9);
661 	command[4*nsg+2] = ct;
662 	command[4*nsg+1] = ((address >> 9) & 0xFF);
663 	command[4*nsg+0] = ((address >> 17) & 0xFF);
664 	command[4*nsg-1] = ((address >> 25) & 0xFF);
665 
666 	address = 0340000; ct = 1;
667 	nsg++;
668 	bulklen += (ct << 9);
669 	command[4*nsg+2] = ct;
670 	command[4*nsg+1] = ((address >> 9) & 0xFF);
671 	command[4*nsg+0] = ((address >> 17) & 0xFF);
672 	command[4*nsg-1] = ((address >> 25) & 0xFF);
673 
674 	address = 01000000; ct = 2;
675 	nsg++;
676 	bulklen += (ct << 9);
677 	command[4*nsg+2] = ct;
678 	command[4*nsg+1] = ((address >> 9) & 0xFF);
679 	command[4*nsg+0] = ((address >> 17) & 0xFF);
680 	command[4*nsg-1] = ((address >> 25) & 0xFF);
681 
682 	command[2] = nsg;
683 
684 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
685 
686 	if (result) {
687 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
688 			     result);
689 		return result;
690 	}
691 
692 	buf = kmalloc(bulklen, GFP_NOIO);
693 	if (!buf)
694 		return -ENOMEM;
695 
696 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
697 				       buf, bulklen, NULL);
698 	kfree(buf);
699 	if (result != USB_STOR_XFER_GOOD) {
700 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
701 			     result);
702 		return -EIO;
703 	}
704 
705 	return 0;
706 }
707 #endif
708 
709 /*
710  * Read Status Command: 12 bytes.
711  * byte 0: opcode: EC
712  *
713  * Returns 64 bytes, all zero except for the first.
714  * bit 0: 1: Error
715  * bit 5: 1: Suspended
716  * bit 6: 1: Ready
717  * bit 7: 1: Not write-protected
718  */
719 
720 static int
721 sddr09_read_status(struct us_data *us, unsigned char *status) {
722 
723 	unsigned char *command = us->iobuf;
724 	unsigned char *data = us->iobuf;
725 	int result;
726 
727 	usb_stor_dbg(us, "Reading status...\n");
728 
729 	memset(command, 0, 12);
730 	command[0] = 0xEC;
731 	command[1] = LUNBITS;
732 
733 	result = sddr09_send_scsi_command(us, command, 12);
734 	if (result)
735 		return result;
736 
737 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
738 				       data, 64, NULL);
739 	*status = data[0];
740 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
741 }
742 
743 static int
744 sddr09_read_data(struct us_data *us,
745 		 unsigned long address,
746 		 unsigned int sectors) {
747 
748 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
749 	unsigned char *buffer;
750 	unsigned int lba, maxlba, pba;
751 	unsigned int page, pages;
752 	unsigned int len, offset;
753 	struct scatterlist *sg;
754 	int result;
755 
756 	// Figure out the initial LBA and page
757 	lba = address >> info->blockshift;
758 	page = (address & info->blockmask);
759 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
760 	if (lba >= maxlba)
761 		return -EIO;
762 
763 	// Since we only read in one block at a time, we have to create
764 	// a bounce buffer and move the data a piece at a time between the
765 	// bounce buffer and the actual transfer buffer.
766 
767 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
768 	buffer = kmalloc(len, GFP_NOIO);
769 	if (buffer == NULL) {
770 		printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
771 		return -ENOMEM;
772 	}
773 
774 	// This could be made much more efficient by checking for
775 	// contiguous LBA's. Another exercise left to the student.
776 
777 	result = 0;
778 	offset = 0;
779 	sg = NULL;
780 
781 	while (sectors > 0) {
782 
783 		/* Find number of pages we can read in this block */
784 		pages = min(sectors, info->blocksize - page);
785 		len = pages << info->pageshift;
786 
787 		/* Not overflowing capacity? */
788 		if (lba >= maxlba) {
789 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
790 				     lba, maxlba);
791 			result = -EIO;
792 			break;
793 		}
794 
795 		/* Find where this lba lives on disk */
796 		pba = info->lba_to_pba[lba];
797 
798 		if (pba == UNDEF) {	/* this lba was never written */
799 
800 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
801 				     pages, lba, page);
802 
803 			/*
804 			 * This is not really an error. It just means
805 			 * that the block has never been written.
806 			 * Instead of returning an error
807 			 * it is better to return all zero data.
808 			 */
809 
810 			memset(buffer, 0, len);
811 
812 		} else {
813 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
814 				     pages, pba, lba, page);
815 
816 			address = ((pba << info->blockshift) + page) <<
817 				info->pageshift;
818 
819 			result = sddr09_read20(us, address>>1,
820 					pages, info->pageshift, buffer, 0);
821 			if (result)
822 				break;
823 		}
824 
825 		// Store the data in the transfer buffer
826 		usb_stor_access_xfer_buf(buffer, len, us->srb,
827 				&sg, &offset, TO_XFER_BUF);
828 
829 		page = 0;
830 		lba++;
831 		sectors -= pages;
832 	}
833 
834 	kfree(buffer);
835 	return result;
836 }
837 
838 static unsigned int
839 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
840 	static unsigned int lastpba = 1;
841 	int zonestart, end, i;
842 
843 	zonestart = (lba/1000) << 10;
844 	end = info->capacity >> (info->blockshift + info->pageshift);
845 	end -= zonestart;
846 	if (end > 1024)
847 		end = 1024;
848 
849 	for (i = lastpba+1; i < end; i++) {
850 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
851 			lastpba = i;
852 			return zonestart+i;
853 		}
854 	}
855 	for (i = 0; i <= lastpba; i++) {
856 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
857 			lastpba = i;
858 			return zonestart+i;
859 		}
860 	}
861 	return 0;
862 }
863 
864 static int
865 sddr09_write_lba(struct us_data *us, unsigned int lba,
866 		 unsigned int page, unsigned int pages,
867 		 unsigned char *ptr, unsigned char *blockbuffer) {
868 
869 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
870 	unsigned long address;
871 	unsigned int pba, lbap;
872 	unsigned int pagelen;
873 	unsigned char *bptr, *cptr, *xptr;
874 	unsigned char ecc[3];
875 	int i, result, isnew;
876 
877 	lbap = ((lba % 1000) << 1) | 0x1000;
878 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
879 		lbap ^= 1;
880 	pba = info->lba_to_pba[lba];
881 	isnew = 0;
882 
883 	if (pba == UNDEF) {
884 		pba = sddr09_find_unused_pba(info, lba);
885 		if (!pba) {
886 			printk(KERN_WARNING
887 			       "sddr09_write_lba: Out of unused blocks\n");
888 			return -ENOSPC;
889 		}
890 		info->pba_to_lba[pba] = lba;
891 		info->lba_to_pba[lba] = pba;
892 		isnew = 1;
893 	}
894 
895 	if (pba == 1) {
896 		/*
897 		 * Maybe it is impossible to write to PBA 1.
898 		 * Fake success, but don't do anything.
899 		 */
900 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
901 		return 0;
902 	}
903 
904 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
905 
906 	/* read old contents */
907 	address = (pba << (info->pageshift + info->blockshift));
908 	result = sddr09_read22(us, address>>1, info->blocksize,
909 			       info->pageshift, blockbuffer, 0);
910 	if (result)
911 		return result;
912 
913 	/* check old contents and fill lba */
914 	for (i = 0; i < info->blocksize; i++) {
915 		bptr = blockbuffer + i*pagelen;
916 		cptr = bptr + info->pagesize;
917 		nand_compute_ecc(bptr, ecc);
918 		if (!nand_compare_ecc(cptr+13, ecc)) {
919 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
920 				     i, pba);
921 			nand_store_ecc(cptr+13, ecc);
922 		}
923 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
924 		if (!nand_compare_ecc(cptr+8, ecc)) {
925 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
926 				     i, pba);
927 			nand_store_ecc(cptr+8, ecc);
928 		}
929 		cptr[6] = cptr[11] = MSB_of(lbap);
930 		cptr[7] = cptr[12] = LSB_of(lbap);
931 	}
932 
933 	/* copy in new stuff and compute ECC */
934 	xptr = ptr;
935 	for (i = page; i < page+pages; i++) {
936 		bptr = blockbuffer + i*pagelen;
937 		cptr = bptr + info->pagesize;
938 		memcpy(bptr, xptr, info->pagesize);
939 		xptr += info->pagesize;
940 		nand_compute_ecc(bptr, ecc);
941 		nand_store_ecc(cptr+13, ecc);
942 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
943 		nand_store_ecc(cptr+8, ecc);
944 	}
945 
946 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
947 
948 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
949 				      info->pageshift, blockbuffer, 0);
950 
951 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
952 
953 #if 0
954 	{
955 		unsigned char status = 0;
956 		int result2 = sddr09_read_status(us, &status);
957 		if (result2)
958 			usb_stor_dbg(us, "cannot read status\n");
959 		else if (status != 0xc0)
960 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
961 	}
962 #endif
963 
964 #if 0
965 	{
966 		int result2 = sddr09_test_unit_ready(us);
967 	}
968 #endif
969 
970 	return result;
971 }
972 
973 static int
974 sddr09_write_data(struct us_data *us,
975 		  unsigned long address,
976 		  unsigned int sectors) {
977 
978 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
979 	unsigned int lba, maxlba, page, pages;
980 	unsigned int pagelen, blocklen;
981 	unsigned char *blockbuffer;
982 	unsigned char *buffer;
983 	unsigned int len, offset;
984 	struct scatterlist *sg;
985 	int result;
986 
987 	/* Figure out the initial LBA and page */
988 	lba = address >> info->blockshift;
989 	page = (address & info->blockmask);
990 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
991 	if (lba >= maxlba)
992 		return -EIO;
993 
994 	/*
995 	 * blockbuffer is used for reading in the old data, overwriting
996 	 * with the new data, and performing ECC calculations
997 	 */
998 
999 	/*
1000 	 * TODO: instead of doing kmalloc/kfree for each write,
1001 	 * add a bufferpointer to the info structure
1002 	 */
1003 
1004 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
1005 	blocklen = (pagelen << info->blockshift);
1006 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
1007 	if (!blockbuffer) {
1008 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1009 		return -ENOMEM;
1010 	}
1011 
1012 	/*
1013 	 * Since we don't write the user data directly to the device,
1014 	 * we have to create a bounce buffer and move the data a piece
1015 	 * at a time between the bounce buffer and the actual transfer buffer.
1016 	 */
1017 
1018 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1019 	buffer = kmalloc(len, GFP_NOIO);
1020 	if (buffer == NULL) {
1021 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1022 		kfree(blockbuffer);
1023 		return -ENOMEM;
1024 	}
1025 
1026 	result = 0;
1027 	offset = 0;
1028 	sg = NULL;
1029 
1030 	while (sectors > 0) {
1031 
1032 		/* Write as many sectors as possible in this block */
1033 
1034 		pages = min(sectors, info->blocksize - page);
1035 		len = (pages << info->pageshift);
1036 
1037 		/* Not overflowing capacity? */
1038 		if (lba >= maxlba) {
1039 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1040 				     lba, maxlba);
1041 			result = -EIO;
1042 			break;
1043 		}
1044 
1045 		/* Get the data from the transfer buffer */
1046 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1047 				&sg, &offset, FROM_XFER_BUF);
1048 
1049 		result = sddr09_write_lba(us, lba, page, pages,
1050 				buffer, blockbuffer);
1051 		if (result)
1052 			break;
1053 
1054 		page = 0;
1055 		lba++;
1056 		sectors -= pages;
1057 	}
1058 
1059 	kfree(buffer);
1060 	kfree(blockbuffer);
1061 
1062 	return result;
1063 }
1064 
1065 static int
1066 sddr09_read_control(struct us_data *us,
1067 		unsigned long address,
1068 		unsigned int blocks,
1069 		unsigned char *content,
1070 		int use_sg) {
1071 
1072 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1073 		     address, blocks);
1074 
1075 	return sddr09_read21(us, address, blocks,
1076 			     CONTROL_SHIFT, content, use_sg);
1077 }
1078 
1079 /*
1080  * Read Device ID Command: 12 bytes.
1081  * byte 0: opcode: ED
1082  *
1083  * Returns 2 bytes: Manufacturer ID and Device ID.
1084  * On more recent cards 3 bytes: the third byte is an option code A5
1085  * signifying that the secret command to read an 128-bit ID is available.
1086  * On still more recent cards 4 bytes: the fourth byte C0 means that
1087  * a second read ID cmd is available.
1088  */
1089 static int
1090 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1091 	unsigned char *command = us->iobuf;
1092 	unsigned char *content = us->iobuf;
1093 	int result, i;
1094 
1095 	memset(command, 0, 12);
1096 	command[0] = 0xED;
1097 	command[1] = LUNBITS;
1098 
1099 	result = sddr09_send_scsi_command(us, command, 12);
1100 	if (result)
1101 		return result;
1102 
1103 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1104 			content, 64, NULL);
1105 
1106 	for (i = 0; i < 4; i++)
1107 		deviceID[i] = content[i];
1108 
1109 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1110 }
1111 
1112 static int
1113 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1114 	int result;
1115 	unsigned char status;
1116 	const char *wp_fmt;
1117 
1118 	result = sddr09_read_status(us, &status);
1119 	if (result) {
1120 		usb_stor_dbg(us, "read_status fails\n");
1121 		return result;
1122 	}
1123 	if ((status & 0x80) == 0) {
1124 		info->flags |= SDDR09_WP;	/* write protected */
1125 		wp_fmt = " WP";
1126 	} else {
1127 		wp_fmt = "";
1128 	}
1129 	usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1130 		     status & 0x40 ? " Ready" : "",
1131 		     status & LUNBITS ? " Suspended" : "",
1132 		     status & 0x01 ? " Error" : "");
1133 
1134 	return 0;
1135 }
1136 
1137 #if 0
1138 /*
1139  * Reset Command: 12 bytes.
1140  * byte 0: opcode: EB
1141  */
1142 static int
1143 sddr09_reset(struct us_data *us) {
1144 
1145 	unsigned char *command = us->iobuf;
1146 
1147 	memset(command, 0, 12);
1148 	command[0] = 0xEB;
1149 	command[1] = LUNBITS;
1150 
1151 	return sddr09_send_scsi_command(us, command, 12);
1152 }
1153 #endif
1154 
1155 static struct nand_flash_dev *
1156 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1157 	struct nand_flash_dev *cardinfo;
1158 	unsigned char deviceID[4];
1159 	char blurbtxt[256];
1160 	int result;
1161 
1162 	usb_stor_dbg(us, "Reading capacity...\n");
1163 
1164 	result = sddr09_read_deviceID(us, deviceID);
1165 
1166 	if (result) {
1167 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1168 		printk(KERN_WARNING "sddr09: could not read card info\n");
1169 		return NULL;
1170 	}
1171 
1172 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1173 
1174 	/* Byte 0 is the manufacturer */
1175 	sprintf(blurbtxt + strlen(blurbtxt),
1176 		": Manuf. %s",
1177 		nand_flash_manufacturer(deviceID[0]));
1178 
1179 	/* Byte 1 is the device type */
1180 	cardinfo = nand_find_id(deviceID[1]);
1181 	if (cardinfo) {
1182 		/*
1183 		 * MB or MiB? It is neither. A 16 MB card has
1184 		 * 17301504 raw bytes, of which 16384000 are
1185 		 * usable for user data.
1186 		 */
1187 		sprintf(blurbtxt + strlen(blurbtxt),
1188 			", %d MB", 1<<(cardinfo->chipshift - 20));
1189 	} else {
1190 		sprintf(blurbtxt + strlen(blurbtxt),
1191 			", type unrecognized");
1192 	}
1193 
1194 	/* Byte 2 is code to signal availability of 128-bit ID */
1195 	if (deviceID[2] == 0xa5) {
1196 		sprintf(blurbtxt + strlen(blurbtxt),
1197 			", 128-bit ID");
1198 	}
1199 
1200 	/* Byte 3 announces the availability of another read ID command */
1201 	if (deviceID[3] == 0xc0) {
1202 		sprintf(blurbtxt + strlen(blurbtxt),
1203 			", extra cmd");
1204 	}
1205 
1206 	if (flags & SDDR09_WP)
1207 		sprintf(blurbtxt + strlen(blurbtxt),
1208 			", WP");
1209 
1210 	printk(KERN_WARNING "%s\n", blurbtxt);
1211 
1212 	return cardinfo;
1213 }
1214 
1215 static int
1216 sddr09_read_map(struct us_data *us) {
1217 
1218 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1219 	int numblocks, alloc_len, alloc_blocks;
1220 	int i, j, result;
1221 	unsigned char *buffer, *buffer_end, *ptr;
1222 	unsigned int lba, lbact;
1223 
1224 	if (!info->capacity)
1225 		return -1;
1226 
1227 	/*
1228 	 * size of a block is 1 << (blockshift + pageshift) bytes
1229 	 * divide into the total capacity to get the number of blocks
1230 	 */
1231 
1232 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1233 
1234 	/*
1235 	 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1236 	 * but only use a 64 KB buffer
1237 	 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1238 	 */
1239 #define SDDR09_READ_MAP_BUFSZ 65536
1240 
1241 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1242 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1243 	buffer = kmalloc(alloc_len, GFP_NOIO);
1244 	if (buffer == NULL) {
1245 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1246 		result = -1;
1247 		goto done;
1248 	}
1249 	buffer_end = buffer + alloc_len;
1250 
1251 #undef SDDR09_READ_MAP_BUFSZ
1252 
1253 	kfree(info->lba_to_pba);
1254 	kfree(info->pba_to_lba);
1255 	info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1256 	info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1257 
1258 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1259 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1260 		result = -1;
1261 		goto done;
1262 	}
1263 
1264 	for (i = 0; i < numblocks; i++)
1265 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1266 
1267 	/*
1268 	 * Define lba-pba translation table
1269 	 */
1270 
1271 	ptr = buffer_end;
1272 	for (i = 0; i < numblocks; i++) {
1273 		ptr += (1 << CONTROL_SHIFT);
1274 		if (ptr >= buffer_end) {
1275 			unsigned long address;
1276 
1277 			address = i << (info->pageshift + info->blockshift);
1278 			result = sddr09_read_control(
1279 				us, address>>1,
1280 				min(alloc_blocks, numblocks - i),
1281 				buffer, 0);
1282 			if (result) {
1283 				result = -1;
1284 				goto done;
1285 			}
1286 			ptr = buffer;
1287 		}
1288 
1289 		if (i == 0 || i == 1) {
1290 			info->pba_to_lba[i] = UNUSABLE;
1291 			continue;
1292 		}
1293 
1294 		/* special PBAs have control field 0^16 */
1295 		for (j = 0; j < 16; j++)
1296 			if (ptr[j] != 0)
1297 				goto nonz;
1298 		info->pba_to_lba[i] = UNUSABLE;
1299 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1300 		       i);
1301 		continue;
1302 
1303 	nonz:
1304 		/* unwritten PBAs have control field FF^16 */
1305 		for (j = 0; j < 16; j++)
1306 			if (ptr[j] != 0xff)
1307 				goto nonff;
1308 		continue;
1309 
1310 	nonff:
1311 		/* normal PBAs start with six FFs */
1312 		if (j < 6) {
1313 			printk(KERN_WARNING
1314 			       "sddr09: PBA %d has no logical mapping: "
1315 			       "reserved area = %02X%02X%02X%02X "
1316 			       "data status %02X block status %02X\n",
1317 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1318 			       ptr[4], ptr[5]);
1319 			info->pba_to_lba[i] = UNUSABLE;
1320 			continue;
1321 		}
1322 
1323 		if ((ptr[6] >> 4) != 0x01) {
1324 			printk(KERN_WARNING
1325 			       "sddr09: PBA %d has invalid address field "
1326 			       "%02X%02X/%02X%02X\n",
1327 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1328 			info->pba_to_lba[i] = UNUSABLE;
1329 			continue;
1330 		}
1331 
1332 		/* check even parity */
1333 		if (parity[ptr[6] ^ ptr[7]]) {
1334 			printk(KERN_WARNING
1335 			       "sddr09: Bad parity in LBA for block %d"
1336 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1337 			info->pba_to_lba[i] = UNUSABLE;
1338 			continue;
1339 		}
1340 
1341 		lba = short_pack(ptr[7], ptr[6]);
1342 		lba = (lba & 0x07FF) >> 1;
1343 
1344 		/*
1345 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1346 		 * go back to zero, but are within a higher block of LBA's.
1347 		 * Also, there is a maximum of 1000 LBA's per zone.
1348 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1349 		 * which are really LBA 1000-1999. This allows for 24 bad
1350 		 * or special physical blocks per zone.
1351 		 */
1352 
1353 		if (lba >= 1000) {
1354 			printk(KERN_WARNING
1355 			       "sddr09: Bad low LBA %d for block %d\n",
1356 			       lba, i);
1357 			goto possibly_erase;
1358 		}
1359 
1360 		lba += 1000*(i/0x400);
1361 
1362 		if (info->lba_to_pba[lba] != UNDEF) {
1363 			printk(KERN_WARNING
1364 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1365 			       lba, info->lba_to_pba[lba], i);
1366 			goto possibly_erase;
1367 		}
1368 
1369 		info->pba_to_lba[i] = lba;
1370 		info->lba_to_pba[lba] = i;
1371 		continue;
1372 
1373 	possibly_erase:
1374 		if (erase_bad_lba_entries) {
1375 			unsigned long address;
1376 
1377 			address = (i << (info->pageshift + info->blockshift));
1378 			sddr09_erase(us, address>>1);
1379 			info->pba_to_lba[i] = UNDEF;
1380 		} else
1381 			info->pba_to_lba[i] = UNUSABLE;
1382 	}
1383 
1384 	/*
1385 	 * Approximate capacity. This is not entirely correct yet,
1386 	 * since a zone with less than 1000 usable pages leads to
1387 	 * missing LBAs. Especially if it is the last zone, some
1388 	 * LBAs can be past capacity.
1389 	 */
1390 	lbact = 0;
1391 	for (i = 0; i < numblocks; i += 1024) {
1392 		int ct = 0;
1393 
1394 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1395 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1396 				if (ct >= 1000)
1397 					info->pba_to_lba[i+j] = SPARE;
1398 				else
1399 					ct++;
1400 			}
1401 		}
1402 		lbact += ct;
1403 	}
1404 	info->lbact = lbact;
1405 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1406 	result = 0;
1407 
1408  done:
1409 	if (result != 0) {
1410 		kfree(info->lba_to_pba);
1411 		kfree(info->pba_to_lba);
1412 		info->lba_to_pba = NULL;
1413 		info->pba_to_lba = NULL;
1414 	}
1415 	kfree(buffer);
1416 	return result;
1417 }
1418 
1419 static void
1420 sddr09_card_info_destructor(void *extra) {
1421 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1422 
1423 	if (!info)
1424 		return;
1425 
1426 	kfree(info->lba_to_pba);
1427 	kfree(info->pba_to_lba);
1428 }
1429 
1430 static int
1431 sddr09_common_init(struct us_data *us) {
1432 	int result;
1433 
1434 	/* set the configuration -- STALL is an acceptable response here */
1435 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1436 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1437 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1438 		return -EINVAL;
1439 	}
1440 
1441 	result = usb_reset_configuration(us->pusb_dev);
1442 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1443 	if (result == -EPIPE) {
1444 		usb_stor_dbg(us, "-- stall on control interface\n");
1445 	} else if (result != 0) {
1446 		/* it's not a stall, but another error -- time to bail */
1447 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1448 		return -EINVAL;
1449 	}
1450 
1451 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1452 	if (!us->extra)
1453 		return -ENOMEM;
1454 	us->extra_destructor = sddr09_card_info_destructor;
1455 
1456 	nand_init_ecc();
1457 	return 0;
1458 }
1459 
1460 
1461 /*
1462  * This is needed at a very early stage. If this is not listed in the
1463  * unusual devices list but called from here then LUN 0 of the combo reader
1464  * is not recognized. But I do not know what precisely these calls do.
1465  */
1466 static int
1467 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1468 	int result;
1469 	unsigned char *data = us->iobuf;
1470 
1471 	result = sddr09_common_init(us);
1472 	if (result)
1473 		return result;
1474 
1475 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1476 	if (result) {
1477 		usb_stor_dbg(us, "send_command fails\n");
1478 		return result;
1479 	}
1480 
1481 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1482 	// get 07 02
1483 
1484 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1485 	if (result) {
1486 		usb_stor_dbg(us, "2nd send_command fails\n");
1487 		return result;
1488 	}
1489 
1490 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1491 	// get 07 00
1492 
1493 	result = sddr09_request_sense(us, data, 18);
1494 	if (result == 0 && data[2] != 0) {
1495 		int j;
1496 		for (j=0; j<18; j++)
1497 			printk(" %02X", data[j]);
1498 		printk("\n");
1499 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1500 		// 70: current command
1501 		// sense key 0, sense code 0, extd sense code 0
1502 		// additional transfer length * = sizeof(data) - 7
1503 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1504 		// sense key 06, sense code 28: unit attention,
1505 		// not ready to ready transition
1506 	}
1507 
1508 	// test unit ready
1509 
1510 	return 0;		/* not result */
1511 }
1512 
1513 /*
1514  * Transport for the Microtech DPCM-USB
1515  */
1516 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1517 {
1518 	int ret;
1519 
1520 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1521 
1522 	switch (srb->device->lun) {
1523 	case 0:
1524 
1525 		/*
1526 		 * LUN 0 corresponds to the CompactFlash card reader.
1527 		 */
1528 		ret = usb_stor_CB_transport(srb, us);
1529 		break;
1530 
1531 	case 1:
1532 
1533 		/*
1534 		 * LUN 1 corresponds to the SmartMedia card reader.
1535 		 */
1536 
1537 		/*
1538 		 * Set the LUN to 0 (just in case).
1539 		 */
1540 		srb->device->lun = 0;
1541 		ret = sddr09_transport(srb, us);
1542 		srb->device->lun = 1;
1543 		break;
1544 
1545 	default:
1546 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1547 		ret = USB_STOR_TRANSPORT_ERROR;
1548 		break;
1549 	}
1550 	return ret;
1551 }
1552 
1553 
1554 /*
1555  * Transport for the Sandisk SDDR-09
1556  */
1557 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1558 {
1559 	static unsigned char sensekey = 0, sensecode = 0;
1560 	static unsigned char havefakesense = 0;
1561 	int result, i;
1562 	unsigned char *ptr = us->iobuf;
1563 	unsigned long capacity;
1564 	unsigned int page, pages;
1565 
1566 	struct sddr09_card_info *info;
1567 
1568 	static unsigned char inquiry_response[8] = {
1569 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1570 	};
1571 
1572 	/* note: no block descriptor support */
1573 	static unsigned char mode_page_01[19] = {
1574 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1575 		0x01, 0x0A,
1576 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1577 	};
1578 
1579 	info = (struct sddr09_card_info *)us->extra;
1580 
1581 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1582 		/* for a faked command, we have to follow with a faked sense */
1583 		memset(ptr, 0, 18);
1584 		ptr[0] = 0x70;
1585 		ptr[2] = sensekey;
1586 		ptr[7] = 11;
1587 		ptr[12] = sensecode;
1588 		usb_stor_set_xfer_buf(ptr, 18, srb);
1589 		sensekey = sensecode = havefakesense = 0;
1590 		return USB_STOR_TRANSPORT_GOOD;
1591 	}
1592 
1593 	havefakesense = 1;
1594 
1595 	/*
1596 	 * Dummy up a response for INQUIRY since SDDR09 doesn't
1597 	 * respond to INQUIRY commands
1598 	 */
1599 
1600 	if (srb->cmnd[0] == INQUIRY) {
1601 		memcpy(ptr, inquiry_response, 8);
1602 		fill_inquiry_response(us, ptr, 36);
1603 		return USB_STOR_TRANSPORT_GOOD;
1604 	}
1605 
1606 	if (srb->cmnd[0] == READ_CAPACITY) {
1607 		struct nand_flash_dev *cardinfo;
1608 
1609 		sddr09_get_wp(us, info);	/* read WP bit */
1610 
1611 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1612 		if (!cardinfo) {
1613 			/* probably no media */
1614 		init_error:
1615 			sensekey = 0x02;	/* not ready */
1616 			sensecode = 0x3a;	/* medium not present */
1617 			return USB_STOR_TRANSPORT_FAILED;
1618 		}
1619 
1620 		info->capacity = (1 << cardinfo->chipshift);
1621 		info->pageshift = cardinfo->pageshift;
1622 		info->pagesize = (1 << info->pageshift);
1623 		info->blockshift = cardinfo->blockshift;
1624 		info->blocksize = (1 << info->blockshift);
1625 		info->blockmask = info->blocksize - 1;
1626 
1627 		// map initialization, must follow get_cardinfo()
1628 		if (sddr09_read_map(us)) {
1629 			/* probably out of memory */
1630 			goto init_error;
1631 		}
1632 
1633 		// Report capacity
1634 
1635 		capacity = (info->lbact << info->blockshift) - 1;
1636 
1637 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1638 
1639 		// Report page size
1640 
1641 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1642 		usb_stor_set_xfer_buf(ptr, 8, srb);
1643 
1644 		return USB_STOR_TRANSPORT_GOOD;
1645 	}
1646 
1647 	if (srb->cmnd[0] == MODE_SENSE_10) {
1648 		int modepage = (srb->cmnd[2] & 0x3F);
1649 
1650 		/*
1651 		 * They ask for the Read/Write error recovery page,
1652 		 * or for all pages.
1653 		 */
1654 		/* %% We should check DBD %% */
1655 		if (modepage == 0x01 || modepage == 0x3F) {
1656 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1657 				     modepage);
1658 
1659 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1660 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1661 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1662 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1663 			return USB_STOR_TRANSPORT_GOOD;
1664 		}
1665 
1666 		sensekey = 0x05;	/* illegal request */
1667 		sensecode = 0x24;	/* invalid field in CDB */
1668 		return USB_STOR_TRANSPORT_FAILED;
1669 	}
1670 
1671 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1672 		return USB_STOR_TRANSPORT_GOOD;
1673 
1674 	havefakesense = 0;
1675 
1676 	if (srb->cmnd[0] == READ_10) {
1677 
1678 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1679 		page <<= 16;
1680 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1681 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1682 
1683 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1684 			     page, pages);
1685 
1686 		result = sddr09_read_data(us, page, pages);
1687 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1688 				USB_STOR_TRANSPORT_ERROR);
1689 	}
1690 
1691 	if (srb->cmnd[0] == WRITE_10) {
1692 
1693 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1694 		page <<= 16;
1695 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1696 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1697 
1698 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1699 			     page, pages);
1700 
1701 		result = sddr09_write_data(us, page, pages);
1702 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1703 				USB_STOR_TRANSPORT_ERROR);
1704 	}
1705 
1706 	/*
1707 	 * catch-all for all other commands, except
1708 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1709 	 */
1710 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1711 	    srb->cmnd[0] != REQUEST_SENSE) {
1712 		sensekey = 0x05;	/* illegal request */
1713 		sensecode = 0x20;	/* invalid command */
1714 		havefakesense = 1;
1715 		return USB_STOR_TRANSPORT_FAILED;
1716 	}
1717 
1718 	for (; srb->cmd_len<12; srb->cmd_len++)
1719 		srb->cmnd[srb->cmd_len] = 0;
1720 
1721 	srb->cmnd[1] = LUNBITS;
1722 
1723 	ptr[0] = 0;
1724 	for (i=0; i<12; i++)
1725 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1726 
1727 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1728 
1729 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1730 	if (result) {
1731 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1732 			     result);
1733 		return USB_STOR_TRANSPORT_ERROR;
1734 	}
1735 
1736 	if (scsi_bufflen(srb) == 0)
1737 		return USB_STOR_TRANSPORT_GOOD;
1738 
1739 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1740 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1741 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1742 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1743 
1744 		usb_stor_dbg(us, "%s %d bytes\n",
1745 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1746 			     "sending" : "receiving",
1747 			     scsi_bufflen(srb));
1748 
1749 		result = usb_stor_bulk_srb(us, pipe, srb);
1750 
1751 		return (result == USB_STOR_XFER_GOOD ?
1752 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1753 	}
1754 
1755 	return USB_STOR_TRANSPORT_GOOD;
1756 }
1757 
1758 /*
1759  * Initialization routine for the sddr09 subdriver
1760  */
1761 static int
1762 usb_stor_sddr09_init(struct us_data *us) {
1763 	return sddr09_common_init(us);
1764 }
1765 
1766 static struct scsi_host_template sddr09_host_template;
1767 
1768 static int sddr09_probe(struct usb_interface *intf,
1769 			 const struct usb_device_id *id)
1770 {
1771 	struct us_data *us;
1772 	int result;
1773 
1774 	result = usb_stor_probe1(&us, intf, id,
1775 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1776 			&sddr09_host_template);
1777 	if (result)
1778 		return result;
1779 
1780 	if (us->protocol == USB_PR_DPCM_USB) {
1781 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1782 		us->transport = dpcm_transport;
1783 		us->transport_reset = usb_stor_CB_reset;
1784 		us->max_lun = 1;
1785 	} else {
1786 		us->transport_name = "EUSB/SDDR09";
1787 		us->transport = sddr09_transport;
1788 		us->transport_reset = usb_stor_CB_reset;
1789 		us->max_lun = 0;
1790 	}
1791 
1792 	result = usb_stor_probe2(us);
1793 	return result;
1794 }
1795 
1796 static struct usb_driver sddr09_driver = {
1797 	.name =		DRV_NAME,
1798 	.probe =	sddr09_probe,
1799 	.disconnect =	usb_stor_disconnect,
1800 	.suspend =	usb_stor_suspend,
1801 	.resume =	usb_stor_resume,
1802 	.reset_resume =	usb_stor_reset_resume,
1803 	.pre_reset =	usb_stor_pre_reset,
1804 	.post_reset =	usb_stor_post_reset,
1805 	.id_table =	sddr09_usb_ids,
1806 	.soft_unbind =	1,
1807 	.no_dynamic_id = 1,
1808 };
1809 
1810 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1811