1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/module.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 #include <scsi/scsi_device.h> 50 51 #include "usb.h" 52 #include "transport.h" 53 #include "protocol.h" 54 #include "debug.h" 55 56 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader"); 57 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>"); 58 MODULE_LICENSE("GPL"); 59 60 static int usb_stor_sddr09_dpcm_init(struct us_data *us); 61 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us); 62 static int usb_stor_sddr09_init(struct us_data *us); 63 64 65 /* 66 * The table of devices 67 */ 68 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \ 69 vendorName, productName, useProtocol, useTransport, \ 70 initFunction, flags) \ 71 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \ 72 .driver_info = (flags) } 73 74 static struct usb_device_id sddr09_usb_ids[] = { 75 # include "unusual_sddr09.h" 76 { } /* Terminating entry */ 77 }; 78 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids); 79 80 #undef UNUSUAL_DEV 81 82 /* 83 * The flags table 84 */ 85 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \ 86 vendor_name, product_name, use_protocol, use_transport, \ 87 init_function, Flags) \ 88 { \ 89 .vendorName = vendor_name, \ 90 .productName = product_name, \ 91 .useProtocol = use_protocol, \ 92 .useTransport = use_transport, \ 93 .initFunction = init_function, \ 94 } 95 96 static struct us_unusual_dev sddr09_unusual_dev_list[] = { 97 # include "unusual_sddr09.h" 98 { } /* Terminating entry */ 99 }; 100 101 #undef UNUSUAL_DEV 102 103 104 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 105 #define LSB_of(s) ((s)&0xFF) 106 #define MSB_of(s) ((s)>>8) 107 108 /* 109 * First some stuff that does not belong here: 110 * data on SmartMedia and other cards, completely 111 * unrelated to this driver. 112 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 113 */ 114 115 struct nand_flash_dev { 116 int model_id; 117 int chipshift; /* 1<<cs bytes total capacity */ 118 char pageshift; /* 1<<ps bytes in a page */ 119 char blockshift; /* 1<<bs pages in an erase block */ 120 char zoneshift; /* 1<<zs blocks in a zone */ 121 /* # of logical blocks is 125/128 of this */ 122 char pageadrlen; /* length of an address in bytes - 1 */ 123 }; 124 125 /* 126 * NAND Flash Manufacturer ID Codes 127 */ 128 #define NAND_MFR_AMD 0x01 129 #define NAND_MFR_NATSEMI 0x8f 130 #define NAND_MFR_TOSHIBA 0x98 131 #define NAND_MFR_SAMSUNG 0xec 132 133 static inline char *nand_flash_manufacturer(int manuf_id) { 134 switch(manuf_id) { 135 case NAND_MFR_AMD: 136 return "AMD"; 137 case NAND_MFR_NATSEMI: 138 return "NATSEMI"; 139 case NAND_MFR_TOSHIBA: 140 return "Toshiba"; 141 case NAND_MFR_SAMSUNG: 142 return "Samsung"; 143 default: 144 return "unknown"; 145 } 146 } 147 148 /* 149 * It looks like it is unnecessary to attach manufacturer to the 150 * remaining data: SSFDC prescribes manufacturer-independent id codes. 151 * 152 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 153 */ 154 155 static struct nand_flash_dev nand_flash_ids[] = { 156 /* NAND flash */ 157 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 158 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 159 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 160 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 161 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 162 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 163 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 164 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 165 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 166 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 167 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 168 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 169 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 170 171 /* MASK ROM */ 172 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 173 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 174 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 175 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 176 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 177 { 0,} 178 }; 179 180 static struct nand_flash_dev * 181 nand_find_id(unsigned char id) { 182 int i; 183 184 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 185 if (nand_flash_ids[i].model_id == id) 186 return &(nand_flash_ids[i]); 187 return NULL; 188 } 189 190 /* 191 * ECC computation. 192 */ 193 static unsigned char parity[256]; 194 static unsigned char ecc2[256]; 195 196 static void nand_init_ecc(void) { 197 int i, j, a; 198 199 parity[0] = 0; 200 for (i = 1; i < 256; i++) 201 parity[i] = (parity[i&(i-1)] ^ 1); 202 203 for (i = 0; i < 256; i++) { 204 a = 0; 205 for (j = 0; j < 8; j++) { 206 if (i & (1<<j)) { 207 if ((j & 1) == 0) 208 a ^= 0x04; 209 if ((j & 2) == 0) 210 a ^= 0x10; 211 if ((j & 4) == 0) 212 a ^= 0x40; 213 } 214 } 215 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 216 } 217 } 218 219 /* compute 3-byte ecc on 256 bytes */ 220 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 221 int i, j, a; 222 unsigned char par = 0, bit, bits[8] = {0}; 223 224 /* collect 16 checksum bits */ 225 for (i = 0; i < 256; i++) { 226 par ^= data[i]; 227 bit = parity[data[i]]; 228 for (j = 0; j < 8; j++) 229 if ((i & (1<<j)) == 0) 230 bits[j] ^= bit; 231 } 232 233 /* put 4+4+4 = 12 bits in the ecc */ 234 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 235 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 236 237 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 238 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 239 240 ecc[2] = ecc2[par]; 241 } 242 243 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 244 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 245 } 246 247 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 248 memcpy(data, ecc, 3); 249 } 250 251 /* 252 * The actual driver starts here. 253 */ 254 255 struct sddr09_card_info { 256 unsigned long capacity; /* Size of card in bytes */ 257 int pagesize; /* Size of page in bytes */ 258 int pageshift; /* log2 of pagesize */ 259 int blocksize; /* Size of block in pages */ 260 int blockshift; /* log2 of blocksize */ 261 int blockmask; /* 2^blockshift - 1 */ 262 int *lba_to_pba; /* logical to physical map */ 263 int *pba_to_lba; /* physical to logical map */ 264 int lbact; /* number of available pages */ 265 int flags; 266 #define SDDR09_WP 1 /* write protected */ 267 }; 268 269 /* 270 * On my 16MB card, control blocks have size 64 (16 real control bytes, 271 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 272 * so the reader makes up the remaining 48. Don't know whether these numbers 273 * depend on the card. For now a constant. 274 */ 275 #define CONTROL_SHIFT 6 276 277 /* 278 * On my Combo CF/SM reader, the SM reader has LUN 1. 279 * (and things fail with LUN 0). 280 * It seems LUN is irrelevant for others. 281 */ 282 #define LUN 1 283 #define LUNBITS (LUN << 5) 284 285 /* 286 * LBA and PBA are unsigned ints. Special values. 287 */ 288 #define UNDEF 0xffffffff 289 #define SPARE 0xfffffffe 290 #define UNUSABLE 0xfffffffd 291 292 static const int erase_bad_lba_entries = 0; 293 294 /* send vendor interface command (0x41) */ 295 /* called for requests 0, 1, 8 */ 296 static int 297 sddr09_send_command(struct us_data *us, 298 unsigned char request, 299 unsigned char direction, 300 unsigned char *xfer_data, 301 unsigned int xfer_len) { 302 unsigned int pipe; 303 unsigned char requesttype = (0x41 | direction); 304 int rc; 305 306 // Get the receive or send control pipe number 307 308 if (direction == USB_DIR_IN) 309 pipe = us->recv_ctrl_pipe; 310 else 311 pipe = us->send_ctrl_pipe; 312 313 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 314 0, 0, xfer_data, xfer_len); 315 switch (rc) { 316 case USB_STOR_XFER_GOOD: return 0; 317 case USB_STOR_XFER_STALLED: return -EPIPE; 318 default: return -EIO; 319 } 320 } 321 322 static int 323 sddr09_send_scsi_command(struct us_data *us, 324 unsigned char *command, 325 unsigned int command_len) { 326 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 327 } 328 329 #if 0 330 /* 331 * Test Unit Ready Command: 12 bytes. 332 * byte 0: opcode: 00 333 */ 334 static int 335 sddr09_test_unit_ready(struct us_data *us) { 336 unsigned char *command = us->iobuf; 337 int result; 338 339 memset(command, 0, 6); 340 command[1] = LUNBITS; 341 342 result = sddr09_send_scsi_command(us, command, 6); 343 344 usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result); 345 346 return result; 347 } 348 #endif 349 350 /* 351 * Request Sense Command: 12 bytes. 352 * byte 0: opcode: 03 353 * byte 4: data length 354 */ 355 static int 356 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 357 unsigned char *command = us->iobuf; 358 int result; 359 360 memset(command, 0, 12); 361 command[0] = 0x03; 362 command[1] = LUNBITS; 363 command[4] = buflen; 364 365 result = sddr09_send_scsi_command(us, command, 12); 366 if (result) 367 return result; 368 369 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 370 sensebuf, buflen, NULL); 371 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 372 } 373 374 /* 375 * Read Command: 12 bytes. 376 * byte 0: opcode: E8 377 * byte 1: last two bits: 00: read data, 01: read blockwise control, 378 * 10: read both, 11: read pagewise control. 379 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 380 * bytes 2-5: address (interpretation depends on byte 1, see below) 381 * bytes 10-11: count (idem) 382 * 383 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 384 * A read data command gets data in 512-byte pages. 385 * A read control command gets control in 64-byte chunks. 386 * A read both command gets data+control in 576-byte chunks. 387 * 388 * Blocks are groups of 32 pages, and read blockwise control jumps to the 389 * next block, while read pagewise control jumps to the next page after 390 * reading a group of 64 control bytes. 391 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 392 * 393 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 394 */ 395 396 static int 397 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 398 int nr_of_pages, int bulklen, unsigned char *buf, 399 int use_sg) { 400 401 unsigned char *command = us->iobuf; 402 int result; 403 404 command[0] = 0xE8; 405 command[1] = LUNBITS | x; 406 command[2] = MSB_of(fromaddress>>16); 407 command[3] = LSB_of(fromaddress>>16); 408 command[4] = MSB_of(fromaddress & 0xFFFF); 409 command[5] = LSB_of(fromaddress & 0xFFFF); 410 command[6] = 0; 411 command[7] = 0; 412 command[8] = 0; 413 command[9] = 0; 414 command[10] = MSB_of(nr_of_pages); 415 command[11] = LSB_of(nr_of_pages); 416 417 result = sddr09_send_scsi_command(us, command, 12); 418 419 if (result) { 420 usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n", 421 x, result); 422 return result; 423 } 424 425 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 426 buf, bulklen, use_sg, NULL); 427 428 if (result != USB_STOR_XFER_GOOD) { 429 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n", 430 x, result); 431 return -EIO; 432 } 433 return 0; 434 } 435 436 /* 437 * Read Data 438 * 439 * fromaddress counts data shorts: 440 * increasing it by 256 shifts the bytestream by 512 bytes; 441 * the last 8 bits are ignored. 442 * 443 * nr_of_pages counts pages of size (1 << pageshift). 444 */ 445 static int 446 sddr09_read20(struct us_data *us, unsigned long fromaddress, 447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 448 int bulklen = nr_of_pages << pageshift; 449 450 /* The last 8 bits of fromaddress are ignored. */ 451 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 452 buf, use_sg); 453 } 454 455 /* 456 * Read Blockwise Control 457 * 458 * fromaddress gives the starting position (as in read data; 459 * the last 8 bits are ignored); increasing it by 32*256 shifts 460 * the output stream by 64 bytes. 461 * 462 * count counts control groups of size (1 << controlshift). 463 * For me, controlshift = 6. Is this constant? 464 * 465 * After getting one control group, jump to the next block 466 * (fromaddress += 8192). 467 */ 468 static int 469 sddr09_read21(struct us_data *us, unsigned long fromaddress, 470 int count, int controlshift, unsigned char *buf, int use_sg) { 471 472 int bulklen = (count << controlshift); 473 return sddr09_readX(us, 1, fromaddress, count, bulklen, 474 buf, use_sg); 475 } 476 477 /* 478 * Read both Data and Control 479 * 480 * fromaddress counts data shorts, ignoring control: 481 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 482 * the last 8 bits are ignored. 483 * 484 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 485 */ 486 static int 487 sddr09_read22(struct us_data *us, unsigned long fromaddress, 488 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 489 490 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 491 usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen); 492 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 493 buf, use_sg); 494 } 495 496 #if 0 497 /* 498 * Read Pagewise Control 499 * 500 * fromaddress gives the starting position (as in read data; 501 * the last 8 bits are ignored); increasing it by 256 shifts 502 * the output stream by 64 bytes. 503 * 504 * count counts control groups of size (1 << controlshift). 505 * For me, controlshift = 6. Is this constant? 506 * 507 * After getting one control group, jump to the next page 508 * (fromaddress += 256). 509 */ 510 static int 511 sddr09_read23(struct us_data *us, unsigned long fromaddress, 512 int count, int controlshift, unsigned char *buf, int use_sg) { 513 514 int bulklen = (count << controlshift); 515 return sddr09_readX(us, 3, fromaddress, count, bulklen, 516 buf, use_sg); 517 } 518 #endif 519 520 /* 521 * Erase Command: 12 bytes. 522 * byte 0: opcode: EA 523 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 524 * 525 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 526 * The byte address being erased is 2*Eaddress. 527 * The CIS cannot be erased. 528 */ 529 static int 530 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 531 unsigned char *command = us->iobuf; 532 int result; 533 534 usb_stor_dbg(us, "erase address %lu\n", Eaddress); 535 536 memset(command, 0, 12); 537 command[0] = 0xEA; 538 command[1] = LUNBITS; 539 command[6] = MSB_of(Eaddress>>16); 540 command[7] = LSB_of(Eaddress>>16); 541 command[8] = MSB_of(Eaddress & 0xFFFF); 542 command[9] = LSB_of(Eaddress & 0xFFFF); 543 544 result = sddr09_send_scsi_command(us, command, 12); 545 546 if (result) 547 usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n", 548 result); 549 550 return result; 551 } 552 553 /* 554 * Write CIS Command: 12 bytes. 555 * byte 0: opcode: EE 556 * bytes 2-5: write address in shorts 557 * bytes 10-11: sector count 558 * 559 * This writes at the indicated address. Don't know how it differs 560 * from E9. Maybe it does not erase? However, it will also write to 561 * the CIS. 562 * 563 * When two such commands on the same page follow each other directly, 564 * the second one is not done. 565 */ 566 567 /* 568 * Write Command: 12 bytes. 569 * byte 0: opcode: E9 570 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 571 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 572 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 573 * 574 * If write address equals erase address, the erase is done first, 575 * otherwise the write is done first. When erase address equals zero 576 * no erase is done? 577 */ 578 static int 579 sddr09_writeX(struct us_data *us, 580 unsigned long Waddress, unsigned long Eaddress, 581 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 582 583 unsigned char *command = us->iobuf; 584 int result; 585 586 command[0] = 0xE9; 587 command[1] = LUNBITS; 588 589 command[2] = MSB_of(Waddress>>16); 590 command[3] = LSB_of(Waddress>>16); 591 command[4] = MSB_of(Waddress & 0xFFFF); 592 command[5] = LSB_of(Waddress & 0xFFFF); 593 594 command[6] = MSB_of(Eaddress>>16); 595 command[7] = LSB_of(Eaddress>>16); 596 command[8] = MSB_of(Eaddress & 0xFFFF); 597 command[9] = LSB_of(Eaddress & 0xFFFF); 598 599 command[10] = MSB_of(nr_of_pages); 600 command[11] = LSB_of(nr_of_pages); 601 602 result = sddr09_send_scsi_command(us, command, 12); 603 604 if (result) { 605 usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n", 606 result); 607 return result; 608 } 609 610 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 611 buf, bulklen, use_sg, NULL); 612 613 if (result != USB_STOR_XFER_GOOD) { 614 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n", 615 result); 616 return -EIO; 617 } 618 return 0; 619 } 620 621 /* erase address, write same address */ 622 static int 623 sddr09_write_inplace(struct us_data *us, unsigned long address, 624 int nr_of_pages, int pageshift, unsigned char *buf, 625 int use_sg) { 626 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 627 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 628 buf, use_sg); 629 } 630 631 #if 0 632 /* 633 * Read Scatter Gather Command: 3+4n bytes. 634 * byte 0: opcode E7 635 * byte 2: n 636 * bytes 4i-1,4i,4i+1: page address 637 * byte 4i+2: page count 638 * (i=1..n) 639 * 640 * This reads several pages from the card to a single memory buffer. 641 * The last two bits of byte 1 have the same meaning as for E8. 642 */ 643 static int 644 sddr09_read_sg_test_only(struct us_data *us) { 645 unsigned char *command = us->iobuf; 646 int result, bulklen, nsg, ct; 647 unsigned char *buf; 648 unsigned long address; 649 650 nsg = bulklen = 0; 651 command[0] = 0xE7; 652 command[1] = LUNBITS; 653 command[2] = 0; 654 address = 040000; ct = 1; 655 nsg++; 656 bulklen += (ct << 9); 657 command[4*nsg+2] = ct; 658 command[4*nsg+1] = ((address >> 9) & 0xFF); 659 command[4*nsg+0] = ((address >> 17) & 0xFF); 660 command[4*nsg-1] = ((address >> 25) & 0xFF); 661 662 address = 0340000; ct = 1; 663 nsg++; 664 bulklen += (ct << 9); 665 command[4*nsg+2] = ct; 666 command[4*nsg+1] = ((address >> 9) & 0xFF); 667 command[4*nsg+0] = ((address >> 17) & 0xFF); 668 command[4*nsg-1] = ((address >> 25) & 0xFF); 669 670 address = 01000000; ct = 2; 671 nsg++; 672 bulklen += (ct << 9); 673 command[4*nsg+2] = ct; 674 command[4*nsg+1] = ((address >> 9) & 0xFF); 675 command[4*nsg+0] = ((address >> 17) & 0xFF); 676 command[4*nsg-1] = ((address >> 25) & 0xFF); 677 678 command[2] = nsg; 679 680 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 681 682 if (result) { 683 usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n", 684 result); 685 return result; 686 } 687 688 buf = kmalloc(bulklen, GFP_NOIO); 689 if (!buf) 690 return -ENOMEM; 691 692 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 693 buf, bulklen, NULL); 694 kfree(buf); 695 if (result != USB_STOR_XFER_GOOD) { 696 usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n", 697 result); 698 return -EIO; 699 } 700 701 return 0; 702 } 703 #endif 704 705 /* 706 * Read Status Command: 12 bytes. 707 * byte 0: opcode: EC 708 * 709 * Returns 64 bytes, all zero except for the first. 710 * bit 0: 1: Error 711 * bit 5: 1: Suspended 712 * bit 6: 1: Ready 713 * bit 7: 1: Not write-protected 714 */ 715 716 static int 717 sddr09_read_status(struct us_data *us, unsigned char *status) { 718 719 unsigned char *command = us->iobuf; 720 unsigned char *data = us->iobuf; 721 int result; 722 723 usb_stor_dbg(us, "Reading status...\n"); 724 725 memset(command, 0, 12); 726 command[0] = 0xEC; 727 command[1] = LUNBITS; 728 729 result = sddr09_send_scsi_command(us, command, 12); 730 if (result) 731 return result; 732 733 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 734 data, 64, NULL); 735 *status = data[0]; 736 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 737 } 738 739 static int 740 sddr09_read_data(struct us_data *us, 741 unsigned long address, 742 unsigned int sectors) { 743 744 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 745 unsigned char *buffer; 746 unsigned int lba, maxlba, pba; 747 unsigned int page, pages; 748 unsigned int len, offset; 749 struct scatterlist *sg; 750 int result; 751 752 // Figure out the initial LBA and page 753 lba = address >> info->blockshift; 754 page = (address & info->blockmask); 755 maxlba = info->capacity >> (info->pageshift + info->blockshift); 756 if (lba >= maxlba) 757 return -EIO; 758 759 // Since we only read in one block at a time, we have to create 760 // a bounce buffer and move the data a piece at a time between the 761 // bounce buffer and the actual transfer buffer. 762 763 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 764 buffer = kmalloc(len, GFP_NOIO); 765 if (buffer == NULL) { 766 printk(KERN_WARNING "sddr09_read_data: Out of memory\n"); 767 return -ENOMEM; 768 } 769 770 // This could be made much more efficient by checking for 771 // contiguous LBA's. Another exercise left to the student. 772 773 result = 0; 774 offset = 0; 775 sg = NULL; 776 777 while (sectors > 0) { 778 779 /* Find number of pages we can read in this block */ 780 pages = min(sectors, info->blocksize - page); 781 len = pages << info->pageshift; 782 783 /* Not overflowing capacity? */ 784 if (lba >= maxlba) { 785 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 786 lba, maxlba); 787 result = -EIO; 788 break; 789 } 790 791 /* Find where this lba lives on disk */ 792 pba = info->lba_to_pba[lba]; 793 794 if (pba == UNDEF) { /* this lba was never written */ 795 796 usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n", 797 pages, lba, page); 798 799 /* This is not really an error. It just means 800 that the block has never been written. 801 Instead of returning an error 802 it is better to return all zero data. */ 803 804 memset(buffer, 0, len); 805 806 } else { 807 usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n", 808 pages, pba, lba, page); 809 810 address = ((pba << info->blockshift) + page) << 811 info->pageshift; 812 813 result = sddr09_read20(us, address>>1, 814 pages, info->pageshift, buffer, 0); 815 if (result) 816 break; 817 } 818 819 // Store the data in the transfer buffer 820 usb_stor_access_xfer_buf(buffer, len, us->srb, 821 &sg, &offset, TO_XFER_BUF); 822 823 page = 0; 824 lba++; 825 sectors -= pages; 826 } 827 828 kfree(buffer); 829 return result; 830 } 831 832 static unsigned int 833 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 834 static unsigned int lastpba = 1; 835 int zonestart, end, i; 836 837 zonestart = (lba/1000) << 10; 838 end = info->capacity >> (info->blockshift + info->pageshift); 839 end -= zonestart; 840 if (end > 1024) 841 end = 1024; 842 843 for (i = lastpba+1; i < end; i++) { 844 if (info->pba_to_lba[zonestart+i] == UNDEF) { 845 lastpba = i; 846 return zonestart+i; 847 } 848 } 849 for (i = 0; i <= lastpba; i++) { 850 if (info->pba_to_lba[zonestart+i] == UNDEF) { 851 lastpba = i; 852 return zonestart+i; 853 } 854 } 855 return 0; 856 } 857 858 static int 859 sddr09_write_lba(struct us_data *us, unsigned int lba, 860 unsigned int page, unsigned int pages, 861 unsigned char *ptr, unsigned char *blockbuffer) { 862 863 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 864 unsigned long address; 865 unsigned int pba, lbap; 866 unsigned int pagelen; 867 unsigned char *bptr, *cptr, *xptr; 868 unsigned char ecc[3]; 869 int i, result, isnew; 870 871 lbap = ((lba % 1000) << 1) | 0x1000; 872 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 873 lbap ^= 1; 874 pba = info->lba_to_pba[lba]; 875 isnew = 0; 876 877 if (pba == UNDEF) { 878 pba = sddr09_find_unused_pba(info, lba); 879 if (!pba) { 880 printk(KERN_WARNING 881 "sddr09_write_lba: Out of unused blocks\n"); 882 return -ENOSPC; 883 } 884 info->pba_to_lba[pba] = lba; 885 info->lba_to_pba[lba] = pba; 886 isnew = 1; 887 } 888 889 if (pba == 1) { 890 /* Maybe it is impossible to write to PBA 1. 891 Fake success, but don't do anything. */ 892 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 893 return 0; 894 } 895 896 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 897 898 /* read old contents */ 899 address = (pba << (info->pageshift + info->blockshift)); 900 result = sddr09_read22(us, address>>1, info->blocksize, 901 info->pageshift, blockbuffer, 0); 902 if (result) 903 return result; 904 905 /* check old contents and fill lba */ 906 for (i = 0; i < info->blocksize; i++) { 907 bptr = blockbuffer + i*pagelen; 908 cptr = bptr + info->pagesize; 909 nand_compute_ecc(bptr, ecc); 910 if (!nand_compare_ecc(cptr+13, ecc)) { 911 usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n", 912 i, pba); 913 nand_store_ecc(cptr+13, ecc); 914 } 915 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 916 if (!nand_compare_ecc(cptr+8, ecc)) { 917 usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n", 918 i, pba); 919 nand_store_ecc(cptr+8, ecc); 920 } 921 cptr[6] = cptr[11] = MSB_of(lbap); 922 cptr[7] = cptr[12] = LSB_of(lbap); 923 } 924 925 /* copy in new stuff and compute ECC */ 926 xptr = ptr; 927 for (i = page; i < page+pages; i++) { 928 bptr = blockbuffer + i*pagelen; 929 cptr = bptr + info->pagesize; 930 memcpy(bptr, xptr, info->pagesize); 931 xptr += info->pagesize; 932 nand_compute_ecc(bptr, ecc); 933 nand_store_ecc(cptr+13, ecc); 934 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 935 nand_store_ecc(cptr+8, ecc); 936 } 937 938 usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba); 939 940 result = sddr09_write_inplace(us, address>>1, info->blocksize, 941 info->pageshift, blockbuffer, 0); 942 943 usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result); 944 945 #if 0 946 { 947 unsigned char status = 0; 948 int result2 = sddr09_read_status(us, &status); 949 if (result2) 950 usb_stor_dbg(us, "cannot read status\n"); 951 else if (status != 0xc0) 952 usb_stor_dbg(us, "status after write: 0x%x\n", status); 953 } 954 #endif 955 956 #if 0 957 { 958 int result2 = sddr09_test_unit_ready(us); 959 } 960 #endif 961 962 return result; 963 } 964 965 static int 966 sddr09_write_data(struct us_data *us, 967 unsigned long address, 968 unsigned int sectors) { 969 970 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 971 unsigned int lba, maxlba, page, pages; 972 unsigned int pagelen, blocklen; 973 unsigned char *blockbuffer; 974 unsigned char *buffer; 975 unsigned int len, offset; 976 struct scatterlist *sg; 977 int result; 978 979 // Figure out the initial LBA and page 980 lba = address >> info->blockshift; 981 page = (address & info->blockmask); 982 maxlba = info->capacity >> (info->pageshift + info->blockshift); 983 if (lba >= maxlba) 984 return -EIO; 985 986 // blockbuffer is used for reading in the old data, overwriting 987 // with the new data, and performing ECC calculations 988 989 /* TODO: instead of doing kmalloc/kfree for each write, 990 add a bufferpointer to the info structure */ 991 992 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 993 blocklen = (pagelen << info->blockshift); 994 blockbuffer = kmalloc(blocklen, GFP_NOIO); 995 if (!blockbuffer) { 996 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 997 return -ENOMEM; 998 } 999 1000 // Since we don't write the user data directly to the device, 1001 // we have to create a bounce buffer and move the data a piece 1002 // at a time between the bounce buffer and the actual transfer buffer. 1003 1004 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 1005 buffer = kmalloc(len, GFP_NOIO); 1006 if (buffer == NULL) { 1007 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1008 kfree(blockbuffer); 1009 return -ENOMEM; 1010 } 1011 1012 result = 0; 1013 offset = 0; 1014 sg = NULL; 1015 1016 while (sectors > 0) { 1017 1018 // Write as many sectors as possible in this block 1019 1020 pages = min(sectors, info->blocksize - page); 1021 len = (pages << info->pageshift); 1022 1023 /* Not overflowing capacity? */ 1024 if (lba >= maxlba) { 1025 usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n", 1026 lba, maxlba); 1027 result = -EIO; 1028 break; 1029 } 1030 1031 // Get the data from the transfer buffer 1032 usb_stor_access_xfer_buf(buffer, len, us->srb, 1033 &sg, &offset, FROM_XFER_BUF); 1034 1035 result = sddr09_write_lba(us, lba, page, pages, 1036 buffer, blockbuffer); 1037 if (result) 1038 break; 1039 1040 page = 0; 1041 lba++; 1042 sectors -= pages; 1043 } 1044 1045 kfree(buffer); 1046 kfree(blockbuffer); 1047 1048 return result; 1049 } 1050 1051 static int 1052 sddr09_read_control(struct us_data *us, 1053 unsigned long address, 1054 unsigned int blocks, 1055 unsigned char *content, 1056 int use_sg) { 1057 1058 usb_stor_dbg(us, "Read control address %lu, blocks %d\n", 1059 address, blocks); 1060 1061 return sddr09_read21(us, address, blocks, 1062 CONTROL_SHIFT, content, use_sg); 1063 } 1064 1065 /* 1066 * Read Device ID Command: 12 bytes. 1067 * byte 0: opcode: ED 1068 * 1069 * Returns 2 bytes: Manufacturer ID and Device ID. 1070 * On more recent cards 3 bytes: the third byte is an option code A5 1071 * signifying that the secret command to read an 128-bit ID is available. 1072 * On still more recent cards 4 bytes: the fourth byte C0 means that 1073 * a second read ID cmd is available. 1074 */ 1075 static int 1076 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1077 unsigned char *command = us->iobuf; 1078 unsigned char *content = us->iobuf; 1079 int result, i; 1080 1081 memset(command, 0, 12); 1082 command[0] = 0xED; 1083 command[1] = LUNBITS; 1084 1085 result = sddr09_send_scsi_command(us, command, 12); 1086 if (result) 1087 return result; 1088 1089 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1090 content, 64, NULL); 1091 1092 for (i = 0; i < 4; i++) 1093 deviceID[i] = content[i]; 1094 1095 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1096 } 1097 1098 static int 1099 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1100 int result; 1101 unsigned char status; 1102 1103 result = sddr09_read_status(us, &status); 1104 if (result) { 1105 usb_stor_dbg(us, "read_status fails\n"); 1106 return result; 1107 } 1108 usb_stor_dbg(us, "status 0x%02X", status); 1109 if ((status & 0x80) == 0) { 1110 info->flags |= SDDR09_WP; /* write protected */ 1111 US_DEBUGPX(" WP"); 1112 } 1113 if (status & 0x40) 1114 US_DEBUGPX(" Ready"); 1115 if (status & LUNBITS) 1116 US_DEBUGPX(" Suspended"); 1117 if (status & 0x1) 1118 US_DEBUGPX(" Error"); 1119 US_DEBUGPX("\n"); 1120 return 0; 1121 } 1122 1123 #if 0 1124 /* 1125 * Reset Command: 12 bytes. 1126 * byte 0: opcode: EB 1127 */ 1128 static int 1129 sddr09_reset(struct us_data *us) { 1130 1131 unsigned char *command = us->iobuf; 1132 1133 memset(command, 0, 12); 1134 command[0] = 0xEB; 1135 command[1] = LUNBITS; 1136 1137 return sddr09_send_scsi_command(us, command, 12); 1138 } 1139 #endif 1140 1141 static struct nand_flash_dev * 1142 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1143 struct nand_flash_dev *cardinfo; 1144 unsigned char deviceID[4]; 1145 char blurbtxt[256]; 1146 int result; 1147 1148 usb_stor_dbg(us, "Reading capacity...\n"); 1149 1150 result = sddr09_read_deviceID(us, deviceID); 1151 1152 if (result) { 1153 usb_stor_dbg(us, "Result of read_deviceID is %d\n", result); 1154 printk(KERN_WARNING "sddr09: could not read card info\n"); 1155 return NULL; 1156 } 1157 1158 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1159 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1160 1161 /* Byte 0 is the manufacturer */ 1162 sprintf(blurbtxt + strlen(blurbtxt), 1163 ": Manuf. %s", 1164 nand_flash_manufacturer(deviceID[0])); 1165 1166 /* Byte 1 is the device type */ 1167 cardinfo = nand_find_id(deviceID[1]); 1168 if (cardinfo) { 1169 /* MB or MiB? It is neither. A 16 MB card has 1170 17301504 raw bytes, of which 16384000 are 1171 usable for user data. */ 1172 sprintf(blurbtxt + strlen(blurbtxt), 1173 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1174 } else { 1175 sprintf(blurbtxt + strlen(blurbtxt), 1176 ", type unrecognized"); 1177 } 1178 1179 /* Byte 2 is code to signal availability of 128-bit ID */ 1180 if (deviceID[2] == 0xa5) { 1181 sprintf(blurbtxt + strlen(blurbtxt), 1182 ", 128-bit ID"); 1183 } 1184 1185 /* Byte 3 announces the availability of another read ID command */ 1186 if (deviceID[3] == 0xc0) { 1187 sprintf(blurbtxt + strlen(blurbtxt), 1188 ", extra cmd"); 1189 } 1190 1191 if (flags & SDDR09_WP) 1192 sprintf(blurbtxt + strlen(blurbtxt), 1193 ", WP"); 1194 1195 printk(KERN_WARNING "%s\n", blurbtxt); 1196 1197 return cardinfo; 1198 } 1199 1200 static int 1201 sddr09_read_map(struct us_data *us) { 1202 1203 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1204 int numblocks, alloc_len, alloc_blocks; 1205 int i, j, result; 1206 unsigned char *buffer, *buffer_end, *ptr; 1207 unsigned int lba, lbact; 1208 1209 if (!info->capacity) 1210 return -1; 1211 1212 // size of a block is 1 << (blockshift + pageshift) bytes 1213 // divide into the total capacity to get the number of blocks 1214 1215 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1216 1217 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1218 // but only use a 64 KB buffer 1219 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1220 #define SDDR09_READ_MAP_BUFSZ 65536 1221 1222 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1223 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1224 buffer = kmalloc(alloc_len, GFP_NOIO); 1225 if (buffer == NULL) { 1226 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1227 result = -1; 1228 goto done; 1229 } 1230 buffer_end = buffer + alloc_len; 1231 1232 #undef SDDR09_READ_MAP_BUFSZ 1233 1234 kfree(info->lba_to_pba); 1235 kfree(info->pba_to_lba); 1236 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1237 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1238 1239 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1240 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1241 result = -1; 1242 goto done; 1243 } 1244 1245 for (i = 0; i < numblocks; i++) 1246 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1247 1248 /* 1249 * Define lba-pba translation table 1250 */ 1251 1252 ptr = buffer_end; 1253 for (i = 0; i < numblocks; i++) { 1254 ptr += (1 << CONTROL_SHIFT); 1255 if (ptr >= buffer_end) { 1256 unsigned long address; 1257 1258 address = i << (info->pageshift + info->blockshift); 1259 result = sddr09_read_control( 1260 us, address>>1, 1261 min(alloc_blocks, numblocks - i), 1262 buffer, 0); 1263 if (result) { 1264 result = -1; 1265 goto done; 1266 } 1267 ptr = buffer; 1268 } 1269 1270 if (i == 0 || i == 1) { 1271 info->pba_to_lba[i] = UNUSABLE; 1272 continue; 1273 } 1274 1275 /* special PBAs have control field 0^16 */ 1276 for (j = 0; j < 16; j++) 1277 if (ptr[j] != 0) 1278 goto nonz; 1279 info->pba_to_lba[i] = UNUSABLE; 1280 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1281 i); 1282 continue; 1283 1284 nonz: 1285 /* unwritten PBAs have control field FF^16 */ 1286 for (j = 0; j < 16; j++) 1287 if (ptr[j] != 0xff) 1288 goto nonff; 1289 continue; 1290 1291 nonff: 1292 /* normal PBAs start with six FFs */ 1293 if (j < 6) { 1294 printk(KERN_WARNING 1295 "sddr09: PBA %d has no logical mapping: " 1296 "reserved area = %02X%02X%02X%02X " 1297 "data status %02X block status %02X\n", 1298 i, ptr[0], ptr[1], ptr[2], ptr[3], 1299 ptr[4], ptr[5]); 1300 info->pba_to_lba[i] = UNUSABLE; 1301 continue; 1302 } 1303 1304 if ((ptr[6] >> 4) != 0x01) { 1305 printk(KERN_WARNING 1306 "sddr09: PBA %d has invalid address field " 1307 "%02X%02X/%02X%02X\n", 1308 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1309 info->pba_to_lba[i] = UNUSABLE; 1310 continue; 1311 } 1312 1313 /* check even parity */ 1314 if (parity[ptr[6] ^ ptr[7]]) { 1315 printk(KERN_WARNING 1316 "sddr09: Bad parity in LBA for block %d" 1317 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1318 info->pba_to_lba[i] = UNUSABLE; 1319 continue; 1320 } 1321 1322 lba = short_pack(ptr[7], ptr[6]); 1323 lba = (lba & 0x07FF) >> 1; 1324 1325 /* 1326 * Every 1024 physical blocks ("zone"), the LBA numbers 1327 * go back to zero, but are within a higher block of LBA's. 1328 * Also, there is a maximum of 1000 LBA's per zone. 1329 * In other words, in PBA 1024-2047 you will find LBA 0-999 1330 * which are really LBA 1000-1999. This allows for 24 bad 1331 * or special physical blocks per zone. 1332 */ 1333 1334 if (lba >= 1000) { 1335 printk(KERN_WARNING 1336 "sddr09: Bad low LBA %d for block %d\n", 1337 lba, i); 1338 goto possibly_erase; 1339 } 1340 1341 lba += 1000*(i/0x400); 1342 1343 if (info->lba_to_pba[lba] != UNDEF) { 1344 printk(KERN_WARNING 1345 "sddr09: LBA %d seen for PBA %d and %d\n", 1346 lba, info->lba_to_pba[lba], i); 1347 goto possibly_erase; 1348 } 1349 1350 info->pba_to_lba[i] = lba; 1351 info->lba_to_pba[lba] = i; 1352 continue; 1353 1354 possibly_erase: 1355 if (erase_bad_lba_entries) { 1356 unsigned long address; 1357 1358 address = (i << (info->pageshift + info->blockshift)); 1359 sddr09_erase(us, address>>1); 1360 info->pba_to_lba[i] = UNDEF; 1361 } else 1362 info->pba_to_lba[i] = UNUSABLE; 1363 } 1364 1365 /* 1366 * Approximate capacity. This is not entirely correct yet, 1367 * since a zone with less than 1000 usable pages leads to 1368 * missing LBAs. Especially if it is the last zone, some 1369 * LBAs can be past capacity. 1370 */ 1371 lbact = 0; 1372 for (i = 0; i < numblocks; i += 1024) { 1373 int ct = 0; 1374 1375 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1376 if (info->pba_to_lba[i+j] != UNUSABLE) { 1377 if (ct >= 1000) 1378 info->pba_to_lba[i+j] = SPARE; 1379 else 1380 ct++; 1381 } 1382 } 1383 lbact += ct; 1384 } 1385 info->lbact = lbact; 1386 usb_stor_dbg(us, "Found %d LBA's\n", lbact); 1387 result = 0; 1388 1389 done: 1390 if (result != 0) { 1391 kfree(info->lba_to_pba); 1392 kfree(info->pba_to_lba); 1393 info->lba_to_pba = NULL; 1394 info->pba_to_lba = NULL; 1395 } 1396 kfree(buffer); 1397 return result; 1398 } 1399 1400 static void 1401 sddr09_card_info_destructor(void *extra) { 1402 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1403 1404 if (!info) 1405 return; 1406 1407 kfree(info->lba_to_pba); 1408 kfree(info->pba_to_lba); 1409 } 1410 1411 static int 1412 sddr09_common_init(struct us_data *us) { 1413 int result; 1414 1415 /* set the configuration -- STALL is an acceptable response here */ 1416 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1417 usb_stor_dbg(us, "active config #%d != 1 ??\n", 1418 us->pusb_dev->actconfig->desc.bConfigurationValue); 1419 return -EINVAL; 1420 } 1421 1422 result = usb_reset_configuration(us->pusb_dev); 1423 usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result); 1424 if (result == -EPIPE) { 1425 usb_stor_dbg(us, "-- stall on control interface\n"); 1426 } else if (result != 0) { 1427 /* it's not a stall, but another error -- time to bail */ 1428 usb_stor_dbg(us, "-- Unknown error. Rejecting device\n"); 1429 return -EINVAL; 1430 } 1431 1432 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1433 if (!us->extra) 1434 return -ENOMEM; 1435 us->extra_destructor = sddr09_card_info_destructor; 1436 1437 nand_init_ecc(); 1438 return 0; 1439 } 1440 1441 1442 /* 1443 * This is needed at a very early stage. If this is not listed in the 1444 * unusual devices list but called from here then LUN 0 of the combo reader 1445 * is not recognized. But I do not know what precisely these calls do. 1446 */ 1447 static int 1448 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1449 int result; 1450 unsigned char *data = us->iobuf; 1451 1452 result = sddr09_common_init(us); 1453 if (result) 1454 return result; 1455 1456 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1457 if (result) { 1458 usb_stor_dbg(us, "send_command fails\n"); 1459 return result; 1460 } 1461 1462 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1463 // get 07 02 1464 1465 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1466 if (result) { 1467 usb_stor_dbg(us, "2nd send_command fails\n"); 1468 return result; 1469 } 1470 1471 usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]); 1472 // get 07 00 1473 1474 result = sddr09_request_sense(us, data, 18); 1475 if (result == 0 && data[2] != 0) { 1476 int j; 1477 for (j=0; j<18; j++) 1478 printk(" %02X", data[j]); 1479 printk("\n"); 1480 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1481 // 70: current command 1482 // sense key 0, sense code 0, extd sense code 0 1483 // additional transfer length * = sizeof(data) - 7 1484 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1485 // sense key 06, sense code 28: unit attention, 1486 // not ready to ready transition 1487 } 1488 1489 // test unit ready 1490 1491 return 0; /* not result */ 1492 } 1493 1494 /* 1495 * Transport for the Microtech DPCM-USB 1496 */ 1497 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1498 { 1499 int ret; 1500 1501 usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun); 1502 1503 switch (srb->device->lun) { 1504 case 0: 1505 1506 /* 1507 * LUN 0 corresponds to the CompactFlash card reader. 1508 */ 1509 ret = usb_stor_CB_transport(srb, us); 1510 break; 1511 1512 case 1: 1513 1514 /* 1515 * LUN 1 corresponds to the SmartMedia card reader. 1516 */ 1517 1518 /* 1519 * Set the LUN to 0 (just in case). 1520 */ 1521 srb->device->lun = 0; 1522 ret = sddr09_transport(srb, us); 1523 srb->device->lun = 1; 1524 break; 1525 1526 default: 1527 usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun); 1528 ret = USB_STOR_TRANSPORT_ERROR; 1529 break; 1530 } 1531 return ret; 1532 } 1533 1534 1535 /* 1536 * Transport for the Sandisk SDDR-09 1537 */ 1538 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1539 { 1540 static unsigned char sensekey = 0, sensecode = 0; 1541 static unsigned char havefakesense = 0; 1542 int result, i; 1543 unsigned char *ptr = us->iobuf; 1544 unsigned long capacity; 1545 unsigned int page, pages; 1546 1547 struct sddr09_card_info *info; 1548 1549 static unsigned char inquiry_response[8] = { 1550 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1551 }; 1552 1553 /* note: no block descriptor support */ 1554 static unsigned char mode_page_01[19] = { 1555 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1556 0x01, 0x0A, 1557 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1558 }; 1559 1560 info = (struct sddr09_card_info *)us->extra; 1561 1562 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1563 /* for a faked command, we have to follow with a faked sense */ 1564 memset(ptr, 0, 18); 1565 ptr[0] = 0x70; 1566 ptr[2] = sensekey; 1567 ptr[7] = 11; 1568 ptr[12] = sensecode; 1569 usb_stor_set_xfer_buf(ptr, 18, srb); 1570 sensekey = sensecode = havefakesense = 0; 1571 return USB_STOR_TRANSPORT_GOOD; 1572 } 1573 1574 havefakesense = 1; 1575 1576 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1577 respond to INQUIRY commands */ 1578 1579 if (srb->cmnd[0] == INQUIRY) { 1580 memcpy(ptr, inquiry_response, 8); 1581 fill_inquiry_response(us, ptr, 36); 1582 return USB_STOR_TRANSPORT_GOOD; 1583 } 1584 1585 if (srb->cmnd[0] == READ_CAPACITY) { 1586 struct nand_flash_dev *cardinfo; 1587 1588 sddr09_get_wp(us, info); /* read WP bit */ 1589 1590 cardinfo = sddr09_get_cardinfo(us, info->flags); 1591 if (!cardinfo) { 1592 /* probably no media */ 1593 init_error: 1594 sensekey = 0x02; /* not ready */ 1595 sensecode = 0x3a; /* medium not present */ 1596 return USB_STOR_TRANSPORT_FAILED; 1597 } 1598 1599 info->capacity = (1 << cardinfo->chipshift); 1600 info->pageshift = cardinfo->pageshift; 1601 info->pagesize = (1 << info->pageshift); 1602 info->blockshift = cardinfo->blockshift; 1603 info->blocksize = (1 << info->blockshift); 1604 info->blockmask = info->blocksize - 1; 1605 1606 // map initialization, must follow get_cardinfo() 1607 if (sddr09_read_map(us)) { 1608 /* probably out of memory */ 1609 goto init_error; 1610 } 1611 1612 // Report capacity 1613 1614 capacity = (info->lbact << info->blockshift) - 1; 1615 1616 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1617 1618 // Report page size 1619 1620 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1621 usb_stor_set_xfer_buf(ptr, 8, srb); 1622 1623 return USB_STOR_TRANSPORT_GOOD; 1624 } 1625 1626 if (srb->cmnd[0] == MODE_SENSE_10) { 1627 int modepage = (srb->cmnd[2] & 0x3F); 1628 1629 /* They ask for the Read/Write error recovery page, 1630 or for all pages. */ 1631 /* %% We should check DBD %% */ 1632 if (modepage == 0x01 || modepage == 0x3F) { 1633 usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n", 1634 modepage); 1635 1636 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1637 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1638 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1639 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1640 return USB_STOR_TRANSPORT_GOOD; 1641 } 1642 1643 sensekey = 0x05; /* illegal request */ 1644 sensecode = 0x24; /* invalid field in CDB */ 1645 return USB_STOR_TRANSPORT_FAILED; 1646 } 1647 1648 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1649 return USB_STOR_TRANSPORT_GOOD; 1650 1651 havefakesense = 0; 1652 1653 if (srb->cmnd[0] == READ_10) { 1654 1655 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1656 page <<= 16; 1657 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1658 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1659 1660 usb_stor_dbg(us, "READ_10: read page %d pagect %d\n", 1661 page, pages); 1662 1663 result = sddr09_read_data(us, page, pages); 1664 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1665 USB_STOR_TRANSPORT_ERROR); 1666 } 1667 1668 if (srb->cmnd[0] == WRITE_10) { 1669 1670 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1671 page <<= 16; 1672 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1673 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1674 1675 usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n", 1676 page, pages); 1677 1678 result = sddr09_write_data(us, page, pages); 1679 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1680 USB_STOR_TRANSPORT_ERROR); 1681 } 1682 1683 /* catch-all for all other commands, except 1684 * pass TEST_UNIT_READY and REQUEST_SENSE through 1685 */ 1686 if (srb->cmnd[0] != TEST_UNIT_READY && 1687 srb->cmnd[0] != REQUEST_SENSE) { 1688 sensekey = 0x05; /* illegal request */ 1689 sensecode = 0x20; /* invalid command */ 1690 havefakesense = 1; 1691 return USB_STOR_TRANSPORT_FAILED; 1692 } 1693 1694 for (; srb->cmd_len<12; srb->cmd_len++) 1695 srb->cmnd[srb->cmd_len] = 0; 1696 1697 srb->cmnd[1] = LUNBITS; 1698 1699 ptr[0] = 0; 1700 for (i=0; i<12; i++) 1701 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1702 1703 usb_stor_dbg(us, "Send control for command %s\n", ptr); 1704 1705 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1706 if (result) { 1707 usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n", 1708 result); 1709 return USB_STOR_TRANSPORT_ERROR; 1710 } 1711 1712 if (scsi_bufflen(srb) == 0) 1713 return USB_STOR_TRANSPORT_GOOD; 1714 1715 if (srb->sc_data_direction == DMA_TO_DEVICE || 1716 srb->sc_data_direction == DMA_FROM_DEVICE) { 1717 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1718 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1719 1720 usb_stor_dbg(us, "%s %d bytes\n", 1721 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1722 "sending" : "receiving", 1723 scsi_bufflen(srb)); 1724 1725 result = usb_stor_bulk_srb(us, pipe, srb); 1726 1727 return (result == USB_STOR_XFER_GOOD ? 1728 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1729 } 1730 1731 return USB_STOR_TRANSPORT_GOOD; 1732 } 1733 1734 /* 1735 * Initialization routine for the sddr09 subdriver 1736 */ 1737 static int 1738 usb_stor_sddr09_init(struct us_data *us) { 1739 return sddr09_common_init(us); 1740 } 1741 1742 static int sddr09_probe(struct usb_interface *intf, 1743 const struct usb_device_id *id) 1744 { 1745 struct us_data *us; 1746 int result; 1747 1748 result = usb_stor_probe1(&us, intf, id, 1749 (id - sddr09_usb_ids) + sddr09_unusual_dev_list); 1750 if (result) 1751 return result; 1752 1753 if (us->protocol == USB_PR_DPCM_USB) { 1754 us->transport_name = "Control/Bulk-EUSB/SDDR09"; 1755 us->transport = dpcm_transport; 1756 us->transport_reset = usb_stor_CB_reset; 1757 us->max_lun = 1; 1758 } else { 1759 us->transport_name = "EUSB/SDDR09"; 1760 us->transport = sddr09_transport; 1761 us->transport_reset = usb_stor_CB_reset; 1762 us->max_lun = 0; 1763 } 1764 1765 result = usb_stor_probe2(us); 1766 return result; 1767 } 1768 1769 static struct usb_driver sddr09_driver = { 1770 .name = "ums-sddr09", 1771 .probe = sddr09_probe, 1772 .disconnect = usb_stor_disconnect, 1773 .suspend = usb_stor_suspend, 1774 .resume = usb_stor_resume, 1775 .reset_resume = usb_stor_reset_resume, 1776 .pre_reset = usb_stor_pre_reset, 1777 .post_reset = usb_stor_post_reset, 1778 .id_table = sddr09_usb_ids, 1779 .soft_unbind = 1, 1780 .no_dynamic_id = 1, 1781 }; 1782 1783 module_usb_driver(sddr09_driver); 1784