xref: /linux/drivers/usb/storage/sddr09.c (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1 /* Driver for SanDisk SDDR-09 SmartMedia reader
2  *
3  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
5  * Developed with the assistance of:
6  *   (c) 2002 Alan Stern <stern@rowland.org>
7  *
8  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9  * This chip is a programmable USB controller. In the SDDR-09, it has
10  * been programmed to obey a certain limited set of SCSI commands.
11  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12  * commands.
13  *
14  * This program is free software; you can redistribute it and/or modify it
15  * under the terms of the GNU General Public License as published by the
16  * Free Software Foundation; either version 2, or (at your option) any
17  * later version.
18  *
19  * This program is distributed in the hope that it will be useful, but
20  * WITHOUT ANY WARRANTY; without even the implied warranty of
21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22  * General Public License for more details.
23  *
24  * You should have received a copy of the GNU General Public License along
25  * with this program; if not, write to the Free Software Foundation, Inc.,
26  * 675 Mass Ave, Cambridge, MA 02139, USA.
27  */
28 
29 /*
30  * Known vendor commands: 12 bytes, first byte is opcode
31  *
32  * E7: read scatter gather
33  * E8: read
34  * E9: write
35  * EA: erase
36  * EB: reset
37  * EC: read status
38  * ED: read ID
39  * EE: write CIS (?)
40  * EF: compute checksum (?)
41  */
42 
43 #include <linux/errno.h>
44 #include <linux/module.h>
45 #include <linux/slab.h>
46 
47 #include <scsi/scsi.h>
48 #include <scsi/scsi_cmnd.h>
49 #include <scsi/scsi_device.h>
50 
51 #include "usb.h"
52 #include "transport.h"
53 #include "protocol.h"
54 #include "debug.h"
55 
56 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
57 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
58 MODULE_LICENSE("GPL");
59 
60 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
61 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
62 static int usb_stor_sddr09_init(struct us_data *us);
63 
64 
65 /*
66  * The table of devices
67  */
68 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
69 		    vendorName, productName, useProtocol, useTransport, \
70 		    initFunction, flags) \
71 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
72   .driver_info = (flags) }
73 
74 static struct usb_device_id sddr09_usb_ids[] = {
75 #	include "unusual_sddr09.h"
76 	{ }		/* Terminating entry */
77 };
78 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
79 
80 #undef UNUSUAL_DEV
81 
82 /*
83  * The flags table
84  */
85 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
86 		    vendor_name, product_name, use_protocol, use_transport, \
87 		    init_function, Flags) \
88 { \
89 	.vendorName = vendor_name,	\
90 	.productName = product_name,	\
91 	.useProtocol = use_protocol,	\
92 	.useTransport = use_transport,	\
93 	.initFunction = init_function,	\
94 }
95 
96 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
97 #	include "unusual_sddr09.h"
98 	{ }		/* Terminating entry */
99 };
100 
101 #undef UNUSUAL_DEV
102 
103 
104 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
105 #define LSB_of(s) ((s)&0xFF)
106 #define MSB_of(s) ((s)>>8)
107 
108 /*
109  * First some stuff that does not belong here:
110  * data on SmartMedia and other cards, completely
111  * unrelated to this driver.
112  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
113  */
114 
115 struct nand_flash_dev {
116 	int model_id;
117 	int chipshift;		/* 1<<cs bytes total capacity */
118 	char pageshift;		/* 1<<ps bytes in a page */
119 	char blockshift;	/* 1<<bs pages in an erase block */
120 	char zoneshift;		/* 1<<zs blocks in a zone */
121 				/* # of logical blocks is 125/128 of this */
122 	char pageadrlen;	/* length of an address in bytes - 1 */
123 };
124 
125 /*
126  * NAND Flash Manufacturer ID Codes
127  */
128 #define NAND_MFR_AMD		0x01
129 #define NAND_MFR_NATSEMI	0x8f
130 #define NAND_MFR_TOSHIBA	0x98
131 #define NAND_MFR_SAMSUNG	0xec
132 
133 static inline char *nand_flash_manufacturer(int manuf_id) {
134 	switch(manuf_id) {
135 	case NAND_MFR_AMD:
136 		return "AMD";
137 	case NAND_MFR_NATSEMI:
138 		return "NATSEMI";
139 	case NAND_MFR_TOSHIBA:
140 		return "Toshiba";
141 	case NAND_MFR_SAMSUNG:
142 		return "Samsung";
143 	default:
144 		return "unknown";
145 	}
146 }
147 
148 /*
149  * It looks like it is unnecessary to attach manufacturer to the
150  * remaining data: SSFDC prescribes manufacturer-independent id codes.
151  *
152  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
153  */
154 
155 static struct nand_flash_dev nand_flash_ids[] = {
156 	/* NAND flash */
157 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
158 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
159 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
160 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
161 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
162 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
163 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
164 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
165 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
166 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
167 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
168 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
169 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
170 
171 	/* MASK ROM */
172 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
173 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
174 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
175 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
176 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
177 	{ 0,}
178 };
179 
180 static struct nand_flash_dev *
181 nand_find_id(unsigned char id) {
182 	int i;
183 
184 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
185 		if (nand_flash_ids[i].model_id == id)
186 			return &(nand_flash_ids[i]);
187 	return NULL;
188 }
189 
190 /*
191  * ECC computation.
192  */
193 static unsigned char parity[256];
194 static unsigned char ecc2[256];
195 
196 static void nand_init_ecc(void) {
197 	int i, j, a;
198 
199 	parity[0] = 0;
200 	for (i = 1; i < 256; i++)
201 		parity[i] = (parity[i&(i-1)] ^ 1);
202 
203 	for (i = 0; i < 256; i++) {
204 		a = 0;
205 		for (j = 0; j < 8; j++) {
206 			if (i & (1<<j)) {
207 				if ((j & 1) == 0)
208 					a ^= 0x04;
209 				if ((j & 2) == 0)
210 					a ^= 0x10;
211 				if ((j & 4) == 0)
212 					a ^= 0x40;
213 			}
214 		}
215 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
216 	}
217 }
218 
219 /* compute 3-byte ecc on 256 bytes */
220 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
221 	int i, j, a;
222 	unsigned char par = 0, bit, bits[8] = {0};
223 
224 	/* collect 16 checksum bits */
225 	for (i = 0; i < 256; i++) {
226 		par ^= data[i];
227 		bit = parity[data[i]];
228 		for (j = 0; j < 8; j++)
229 			if ((i & (1<<j)) == 0)
230 				bits[j] ^= bit;
231 	}
232 
233 	/* put 4+4+4 = 12 bits in the ecc */
234 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
235 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
236 
237 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
238 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
239 
240 	ecc[2] = ecc2[par];
241 }
242 
243 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
244 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
245 }
246 
247 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
248 	memcpy(data, ecc, 3);
249 }
250 
251 /*
252  * The actual driver starts here.
253  */
254 
255 struct sddr09_card_info {
256 	unsigned long	capacity;	/* Size of card in bytes */
257 	int		pagesize;	/* Size of page in bytes */
258 	int		pageshift;	/* log2 of pagesize */
259 	int		blocksize;	/* Size of block in pages */
260 	int		blockshift;	/* log2 of blocksize */
261 	int		blockmask;	/* 2^blockshift - 1 */
262 	int		*lba_to_pba;	/* logical to physical map */
263 	int		*pba_to_lba;	/* physical to logical map */
264 	int		lbact;		/* number of available pages */
265 	int		flags;
266 #define	SDDR09_WP	1		/* write protected */
267 };
268 
269 /*
270  * On my 16MB card, control blocks have size 64 (16 real control bytes,
271  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
272  * so the reader makes up the remaining 48. Don't know whether these numbers
273  * depend on the card. For now a constant.
274  */
275 #define CONTROL_SHIFT 6
276 
277 /*
278  * On my Combo CF/SM reader, the SM reader has LUN 1.
279  * (and things fail with LUN 0).
280  * It seems LUN is irrelevant for others.
281  */
282 #define LUN	1
283 #define	LUNBITS	(LUN << 5)
284 
285 /*
286  * LBA and PBA are unsigned ints. Special values.
287  */
288 #define UNDEF    0xffffffff
289 #define SPARE    0xfffffffe
290 #define UNUSABLE 0xfffffffd
291 
292 static const int erase_bad_lba_entries = 0;
293 
294 /* send vendor interface command (0x41) */
295 /* called for requests 0, 1, 8 */
296 static int
297 sddr09_send_command(struct us_data *us,
298 		    unsigned char request,
299 		    unsigned char direction,
300 		    unsigned char *xfer_data,
301 		    unsigned int xfer_len) {
302 	unsigned int pipe;
303 	unsigned char requesttype = (0x41 | direction);
304 	int rc;
305 
306 	// Get the receive or send control pipe number
307 
308 	if (direction == USB_DIR_IN)
309 		pipe = us->recv_ctrl_pipe;
310 	else
311 		pipe = us->send_ctrl_pipe;
312 
313 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
314 				   0, 0, xfer_data, xfer_len);
315 	switch (rc) {
316 		case USB_STOR_XFER_GOOD:	return 0;
317 		case USB_STOR_XFER_STALLED:	return -EPIPE;
318 		default:			return -EIO;
319 	}
320 }
321 
322 static int
323 sddr09_send_scsi_command(struct us_data *us,
324 			 unsigned char *command,
325 			 unsigned int command_len) {
326 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
327 }
328 
329 #if 0
330 /*
331  * Test Unit Ready Command: 12 bytes.
332  * byte 0: opcode: 00
333  */
334 static int
335 sddr09_test_unit_ready(struct us_data *us) {
336 	unsigned char *command = us->iobuf;
337 	int result;
338 
339 	memset(command, 0, 6);
340 	command[1] = LUNBITS;
341 
342 	result = sddr09_send_scsi_command(us, command, 6);
343 
344 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
345 
346 	return result;
347 }
348 #endif
349 
350 /*
351  * Request Sense Command: 12 bytes.
352  * byte 0: opcode: 03
353  * byte 4: data length
354  */
355 static int
356 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
357 	unsigned char *command = us->iobuf;
358 	int result;
359 
360 	memset(command, 0, 12);
361 	command[0] = 0x03;
362 	command[1] = LUNBITS;
363 	command[4] = buflen;
364 
365 	result = sddr09_send_scsi_command(us, command, 12);
366 	if (result)
367 		return result;
368 
369 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
370 			sensebuf, buflen, NULL);
371 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
372 }
373 
374 /*
375  * Read Command: 12 bytes.
376  * byte 0: opcode: E8
377  * byte 1: last two bits: 00: read data, 01: read blockwise control,
378  *			10: read both, 11: read pagewise control.
379  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
380  * bytes 2-5: address (interpretation depends on byte 1, see below)
381  * bytes 10-11: count (idem)
382  *
383  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
384  * A read data command gets data in 512-byte pages.
385  * A read control command gets control in 64-byte chunks.
386  * A read both command gets data+control in 576-byte chunks.
387  *
388  * Blocks are groups of 32 pages, and read blockwise control jumps to the
389  * next block, while read pagewise control jumps to the next page after
390  * reading a group of 64 control bytes.
391  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
392  *
393  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
394  */
395 
396 static int
397 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
398 	     int nr_of_pages, int bulklen, unsigned char *buf,
399 	     int use_sg) {
400 
401 	unsigned char *command = us->iobuf;
402 	int result;
403 
404 	command[0] = 0xE8;
405 	command[1] = LUNBITS | x;
406 	command[2] = MSB_of(fromaddress>>16);
407 	command[3] = LSB_of(fromaddress>>16);
408 	command[4] = MSB_of(fromaddress & 0xFFFF);
409 	command[5] = LSB_of(fromaddress & 0xFFFF);
410 	command[6] = 0;
411 	command[7] = 0;
412 	command[8] = 0;
413 	command[9] = 0;
414 	command[10] = MSB_of(nr_of_pages);
415 	command[11] = LSB_of(nr_of_pages);
416 
417 	result = sddr09_send_scsi_command(us, command, 12);
418 
419 	if (result) {
420 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
421 			     x, result);
422 		return result;
423 	}
424 
425 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
426 				       buf, bulklen, use_sg, NULL);
427 
428 	if (result != USB_STOR_XFER_GOOD) {
429 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
430 			     x, result);
431 		return -EIO;
432 	}
433 	return 0;
434 }
435 
436 /*
437  * Read Data
438  *
439  * fromaddress counts data shorts:
440  * increasing it by 256 shifts the bytestream by 512 bytes;
441  * the last 8 bits are ignored.
442  *
443  * nr_of_pages counts pages of size (1 << pageshift).
444  */
445 static int
446 sddr09_read20(struct us_data *us, unsigned long fromaddress,
447 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
448 	int bulklen = nr_of_pages << pageshift;
449 
450 	/* The last 8 bits of fromaddress are ignored. */
451 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
452 			    buf, use_sg);
453 }
454 
455 /*
456  * Read Blockwise Control
457  *
458  * fromaddress gives the starting position (as in read data;
459  * the last 8 bits are ignored); increasing it by 32*256 shifts
460  * the output stream by 64 bytes.
461  *
462  * count counts control groups of size (1 << controlshift).
463  * For me, controlshift = 6. Is this constant?
464  *
465  * After getting one control group, jump to the next block
466  * (fromaddress += 8192).
467  */
468 static int
469 sddr09_read21(struct us_data *us, unsigned long fromaddress,
470 	      int count, int controlshift, unsigned char *buf, int use_sg) {
471 
472 	int bulklen = (count << controlshift);
473 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
474 			    buf, use_sg);
475 }
476 
477 /*
478  * Read both Data and Control
479  *
480  * fromaddress counts data shorts, ignoring control:
481  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
482  * the last 8 bits are ignored.
483  *
484  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
485  */
486 static int
487 sddr09_read22(struct us_data *us, unsigned long fromaddress,
488 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
489 
490 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
491 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
492 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
493 			    buf, use_sg);
494 }
495 
496 #if 0
497 /*
498  * Read Pagewise Control
499  *
500  * fromaddress gives the starting position (as in read data;
501  * the last 8 bits are ignored); increasing it by 256 shifts
502  * the output stream by 64 bytes.
503  *
504  * count counts control groups of size (1 << controlshift).
505  * For me, controlshift = 6. Is this constant?
506  *
507  * After getting one control group, jump to the next page
508  * (fromaddress += 256).
509  */
510 static int
511 sddr09_read23(struct us_data *us, unsigned long fromaddress,
512 	      int count, int controlshift, unsigned char *buf, int use_sg) {
513 
514 	int bulklen = (count << controlshift);
515 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
516 			    buf, use_sg);
517 }
518 #endif
519 
520 /*
521  * Erase Command: 12 bytes.
522  * byte 0: opcode: EA
523  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
524  *
525  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
526  * The byte address being erased is 2*Eaddress.
527  * The CIS cannot be erased.
528  */
529 static int
530 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
531 	unsigned char *command = us->iobuf;
532 	int result;
533 
534 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
535 
536 	memset(command, 0, 12);
537 	command[0] = 0xEA;
538 	command[1] = LUNBITS;
539 	command[6] = MSB_of(Eaddress>>16);
540 	command[7] = LSB_of(Eaddress>>16);
541 	command[8] = MSB_of(Eaddress & 0xFFFF);
542 	command[9] = LSB_of(Eaddress & 0xFFFF);
543 
544 	result = sddr09_send_scsi_command(us, command, 12);
545 
546 	if (result)
547 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
548 			     result);
549 
550 	return result;
551 }
552 
553 /*
554  * Write CIS Command: 12 bytes.
555  * byte 0: opcode: EE
556  * bytes 2-5: write address in shorts
557  * bytes 10-11: sector count
558  *
559  * This writes at the indicated address. Don't know how it differs
560  * from E9. Maybe it does not erase? However, it will also write to
561  * the CIS.
562  *
563  * When two such commands on the same page follow each other directly,
564  * the second one is not done.
565  */
566 
567 /*
568  * Write Command: 12 bytes.
569  * byte 0: opcode: E9
570  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
571  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
572  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
573  *
574  * If write address equals erase address, the erase is done first,
575  * otherwise the write is done first. When erase address equals zero
576  * no erase is done?
577  */
578 static int
579 sddr09_writeX(struct us_data *us,
580 	      unsigned long Waddress, unsigned long Eaddress,
581 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
582 
583 	unsigned char *command = us->iobuf;
584 	int result;
585 
586 	command[0] = 0xE9;
587 	command[1] = LUNBITS;
588 
589 	command[2] = MSB_of(Waddress>>16);
590 	command[3] = LSB_of(Waddress>>16);
591 	command[4] = MSB_of(Waddress & 0xFFFF);
592 	command[5] = LSB_of(Waddress & 0xFFFF);
593 
594 	command[6] = MSB_of(Eaddress>>16);
595 	command[7] = LSB_of(Eaddress>>16);
596 	command[8] = MSB_of(Eaddress & 0xFFFF);
597 	command[9] = LSB_of(Eaddress & 0xFFFF);
598 
599 	command[10] = MSB_of(nr_of_pages);
600 	command[11] = LSB_of(nr_of_pages);
601 
602 	result = sddr09_send_scsi_command(us, command, 12);
603 
604 	if (result) {
605 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
606 			     result);
607 		return result;
608 	}
609 
610 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
611 				       buf, bulklen, use_sg, NULL);
612 
613 	if (result != USB_STOR_XFER_GOOD) {
614 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
615 			     result);
616 		return -EIO;
617 	}
618 	return 0;
619 }
620 
621 /* erase address, write same address */
622 static int
623 sddr09_write_inplace(struct us_data *us, unsigned long address,
624 		     int nr_of_pages, int pageshift, unsigned char *buf,
625 		     int use_sg) {
626 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
627 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
628 			     buf, use_sg);
629 }
630 
631 #if 0
632 /*
633  * Read Scatter Gather Command: 3+4n bytes.
634  * byte 0: opcode E7
635  * byte 2: n
636  * bytes 4i-1,4i,4i+1: page address
637  * byte 4i+2: page count
638  * (i=1..n)
639  *
640  * This reads several pages from the card to a single memory buffer.
641  * The last two bits of byte 1 have the same meaning as for E8.
642  */
643 static int
644 sddr09_read_sg_test_only(struct us_data *us) {
645 	unsigned char *command = us->iobuf;
646 	int result, bulklen, nsg, ct;
647 	unsigned char *buf;
648 	unsigned long address;
649 
650 	nsg = bulklen = 0;
651 	command[0] = 0xE7;
652 	command[1] = LUNBITS;
653 	command[2] = 0;
654 	address = 040000; ct = 1;
655 	nsg++;
656 	bulklen += (ct << 9);
657 	command[4*nsg+2] = ct;
658 	command[4*nsg+1] = ((address >> 9) & 0xFF);
659 	command[4*nsg+0] = ((address >> 17) & 0xFF);
660 	command[4*nsg-1] = ((address >> 25) & 0xFF);
661 
662 	address = 0340000; ct = 1;
663 	nsg++;
664 	bulklen += (ct << 9);
665 	command[4*nsg+2] = ct;
666 	command[4*nsg+1] = ((address >> 9) & 0xFF);
667 	command[4*nsg+0] = ((address >> 17) & 0xFF);
668 	command[4*nsg-1] = ((address >> 25) & 0xFF);
669 
670 	address = 01000000; ct = 2;
671 	nsg++;
672 	bulklen += (ct << 9);
673 	command[4*nsg+2] = ct;
674 	command[4*nsg+1] = ((address >> 9) & 0xFF);
675 	command[4*nsg+0] = ((address >> 17) & 0xFF);
676 	command[4*nsg-1] = ((address >> 25) & 0xFF);
677 
678 	command[2] = nsg;
679 
680 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
681 
682 	if (result) {
683 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
684 			     result);
685 		return result;
686 	}
687 
688 	buf = kmalloc(bulklen, GFP_NOIO);
689 	if (!buf)
690 		return -ENOMEM;
691 
692 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
693 				       buf, bulklen, NULL);
694 	kfree(buf);
695 	if (result != USB_STOR_XFER_GOOD) {
696 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
697 			     result);
698 		return -EIO;
699 	}
700 
701 	return 0;
702 }
703 #endif
704 
705 /*
706  * Read Status Command: 12 bytes.
707  * byte 0: opcode: EC
708  *
709  * Returns 64 bytes, all zero except for the first.
710  * bit 0: 1: Error
711  * bit 5: 1: Suspended
712  * bit 6: 1: Ready
713  * bit 7: 1: Not write-protected
714  */
715 
716 static int
717 sddr09_read_status(struct us_data *us, unsigned char *status) {
718 
719 	unsigned char *command = us->iobuf;
720 	unsigned char *data = us->iobuf;
721 	int result;
722 
723 	usb_stor_dbg(us, "Reading status...\n");
724 
725 	memset(command, 0, 12);
726 	command[0] = 0xEC;
727 	command[1] = LUNBITS;
728 
729 	result = sddr09_send_scsi_command(us, command, 12);
730 	if (result)
731 		return result;
732 
733 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
734 				       data, 64, NULL);
735 	*status = data[0];
736 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
737 }
738 
739 static int
740 sddr09_read_data(struct us_data *us,
741 		 unsigned long address,
742 		 unsigned int sectors) {
743 
744 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
745 	unsigned char *buffer;
746 	unsigned int lba, maxlba, pba;
747 	unsigned int page, pages;
748 	unsigned int len, offset;
749 	struct scatterlist *sg;
750 	int result;
751 
752 	// Figure out the initial LBA and page
753 	lba = address >> info->blockshift;
754 	page = (address & info->blockmask);
755 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
756 	if (lba >= maxlba)
757 		return -EIO;
758 
759 	// Since we only read in one block at a time, we have to create
760 	// a bounce buffer and move the data a piece at a time between the
761 	// bounce buffer and the actual transfer buffer.
762 
763 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
764 	buffer = kmalloc(len, GFP_NOIO);
765 	if (buffer == NULL) {
766 		printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
767 		return -ENOMEM;
768 	}
769 
770 	// This could be made much more efficient by checking for
771 	// contiguous LBA's. Another exercise left to the student.
772 
773 	result = 0;
774 	offset = 0;
775 	sg = NULL;
776 
777 	while (sectors > 0) {
778 
779 		/* Find number of pages we can read in this block */
780 		pages = min(sectors, info->blocksize - page);
781 		len = pages << info->pageshift;
782 
783 		/* Not overflowing capacity? */
784 		if (lba >= maxlba) {
785 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
786 				     lba, maxlba);
787 			result = -EIO;
788 			break;
789 		}
790 
791 		/* Find where this lba lives on disk */
792 		pba = info->lba_to_pba[lba];
793 
794 		if (pba == UNDEF) {	/* this lba was never written */
795 
796 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
797 				     pages, lba, page);
798 
799 			/* This is not really an error. It just means
800 			   that the block has never been written.
801 			   Instead of returning an error
802 			   it is better to return all zero data. */
803 
804 			memset(buffer, 0, len);
805 
806 		} else {
807 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
808 				     pages, pba, lba, page);
809 
810 			address = ((pba << info->blockshift) + page) <<
811 				info->pageshift;
812 
813 			result = sddr09_read20(us, address>>1,
814 					pages, info->pageshift, buffer, 0);
815 			if (result)
816 				break;
817 		}
818 
819 		// Store the data in the transfer buffer
820 		usb_stor_access_xfer_buf(buffer, len, us->srb,
821 				&sg, &offset, TO_XFER_BUF);
822 
823 		page = 0;
824 		lba++;
825 		sectors -= pages;
826 	}
827 
828 	kfree(buffer);
829 	return result;
830 }
831 
832 static unsigned int
833 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
834 	static unsigned int lastpba = 1;
835 	int zonestart, end, i;
836 
837 	zonestart = (lba/1000) << 10;
838 	end = info->capacity >> (info->blockshift + info->pageshift);
839 	end -= zonestart;
840 	if (end > 1024)
841 		end = 1024;
842 
843 	for (i = lastpba+1; i < end; i++) {
844 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
845 			lastpba = i;
846 			return zonestart+i;
847 		}
848 	}
849 	for (i = 0; i <= lastpba; i++) {
850 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
851 			lastpba = i;
852 			return zonestart+i;
853 		}
854 	}
855 	return 0;
856 }
857 
858 static int
859 sddr09_write_lba(struct us_data *us, unsigned int lba,
860 		 unsigned int page, unsigned int pages,
861 		 unsigned char *ptr, unsigned char *blockbuffer) {
862 
863 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
864 	unsigned long address;
865 	unsigned int pba, lbap;
866 	unsigned int pagelen;
867 	unsigned char *bptr, *cptr, *xptr;
868 	unsigned char ecc[3];
869 	int i, result, isnew;
870 
871 	lbap = ((lba % 1000) << 1) | 0x1000;
872 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
873 		lbap ^= 1;
874 	pba = info->lba_to_pba[lba];
875 	isnew = 0;
876 
877 	if (pba == UNDEF) {
878 		pba = sddr09_find_unused_pba(info, lba);
879 		if (!pba) {
880 			printk(KERN_WARNING
881 			       "sddr09_write_lba: Out of unused blocks\n");
882 			return -ENOSPC;
883 		}
884 		info->pba_to_lba[pba] = lba;
885 		info->lba_to_pba[lba] = pba;
886 		isnew = 1;
887 	}
888 
889 	if (pba == 1) {
890 		/* Maybe it is impossible to write to PBA 1.
891 		   Fake success, but don't do anything. */
892 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
893 		return 0;
894 	}
895 
896 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
897 
898 	/* read old contents */
899 	address = (pba << (info->pageshift + info->blockshift));
900 	result = sddr09_read22(us, address>>1, info->blocksize,
901 			       info->pageshift, blockbuffer, 0);
902 	if (result)
903 		return result;
904 
905 	/* check old contents and fill lba */
906 	for (i = 0; i < info->blocksize; i++) {
907 		bptr = blockbuffer + i*pagelen;
908 		cptr = bptr + info->pagesize;
909 		nand_compute_ecc(bptr, ecc);
910 		if (!nand_compare_ecc(cptr+13, ecc)) {
911 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
912 				     i, pba);
913 			nand_store_ecc(cptr+13, ecc);
914 		}
915 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
916 		if (!nand_compare_ecc(cptr+8, ecc)) {
917 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
918 				     i, pba);
919 			nand_store_ecc(cptr+8, ecc);
920 		}
921 		cptr[6] = cptr[11] = MSB_of(lbap);
922 		cptr[7] = cptr[12] = LSB_of(lbap);
923 	}
924 
925 	/* copy in new stuff and compute ECC */
926 	xptr = ptr;
927 	for (i = page; i < page+pages; i++) {
928 		bptr = blockbuffer + i*pagelen;
929 		cptr = bptr + info->pagesize;
930 		memcpy(bptr, xptr, info->pagesize);
931 		xptr += info->pagesize;
932 		nand_compute_ecc(bptr, ecc);
933 		nand_store_ecc(cptr+13, ecc);
934 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
935 		nand_store_ecc(cptr+8, ecc);
936 	}
937 
938 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
939 
940 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
941 				      info->pageshift, blockbuffer, 0);
942 
943 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
944 
945 #if 0
946 	{
947 		unsigned char status = 0;
948 		int result2 = sddr09_read_status(us, &status);
949 		if (result2)
950 			usb_stor_dbg(us, "cannot read status\n");
951 		else if (status != 0xc0)
952 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
953 	}
954 #endif
955 
956 #if 0
957 	{
958 		int result2 = sddr09_test_unit_ready(us);
959 	}
960 #endif
961 
962 	return result;
963 }
964 
965 static int
966 sddr09_write_data(struct us_data *us,
967 		  unsigned long address,
968 		  unsigned int sectors) {
969 
970 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
971 	unsigned int lba, maxlba, page, pages;
972 	unsigned int pagelen, blocklen;
973 	unsigned char *blockbuffer;
974 	unsigned char *buffer;
975 	unsigned int len, offset;
976 	struct scatterlist *sg;
977 	int result;
978 
979 	// Figure out the initial LBA and page
980 	lba = address >> info->blockshift;
981 	page = (address & info->blockmask);
982 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
983 	if (lba >= maxlba)
984 		return -EIO;
985 
986 	// blockbuffer is used for reading in the old data, overwriting
987 	// with the new data, and performing ECC calculations
988 
989 	/* TODO: instead of doing kmalloc/kfree for each write,
990 	   add a bufferpointer to the info structure */
991 
992 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
993 	blocklen = (pagelen << info->blockshift);
994 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
995 	if (!blockbuffer) {
996 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
997 		return -ENOMEM;
998 	}
999 
1000 	// Since we don't write the user data directly to the device,
1001 	// we have to create a bounce buffer and move the data a piece
1002 	// at a time between the bounce buffer and the actual transfer buffer.
1003 
1004 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1005 	buffer = kmalloc(len, GFP_NOIO);
1006 	if (buffer == NULL) {
1007 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1008 		kfree(blockbuffer);
1009 		return -ENOMEM;
1010 	}
1011 
1012 	result = 0;
1013 	offset = 0;
1014 	sg = NULL;
1015 
1016 	while (sectors > 0) {
1017 
1018 		// Write as many sectors as possible in this block
1019 
1020 		pages = min(sectors, info->blocksize - page);
1021 		len = (pages << info->pageshift);
1022 
1023 		/* Not overflowing capacity? */
1024 		if (lba >= maxlba) {
1025 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1026 				     lba, maxlba);
1027 			result = -EIO;
1028 			break;
1029 		}
1030 
1031 		// Get the data from the transfer buffer
1032 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1033 				&sg, &offset, FROM_XFER_BUF);
1034 
1035 		result = sddr09_write_lba(us, lba, page, pages,
1036 				buffer, blockbuffer);
1037 		if (result)
1038 			break;
1039 
1040 		page = 0;
1041 		lba++;
1042 		sectors -= pages;
1043 	}
1044 
1045 	kfree(buffer);
1046 	kfree(blockbuffer);
1047 
1048 	return result;
1049 }
1050 
1051 static int
1052 sddr09_read_control(struct us_data *us,
1053 		unsigned long address,
1054 		unsigned int blocks,
1055 		unsigned char *content,
1056 		int use_sg) {
1057 
1058 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1059 		     address, blocks);
1060 
1061 	return sddr09_read21(us, address, blocks,
1062 			     CONTROL_SHIFT, content, use_sg);
1063 }
1064 
1065 /*
1066  * Read Device ID Command: 12 bytes.
1067  * byte 0: opcode: ED
1068  *
1069  * Returns 2 bytes: Manufacturer ID and Device ID.
1070  * On more recent cards 3 bytes: the third byte is an option code A5
1071  * signifying that the secret command to read an 128-bit ID is available.
1072  * On still more recent cards 4 bytes: the fourth byte C0 means that
1073  * a second read ID cmd is available.
1074  */
1075 static int
1076 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1077 	unsigned char *command = us->iobuf;
1078 	unsigned char *content = us->iobuf;
1079 	int result, i;
1080 
1081 	memset(command, 0, 12);
1082 	command[0] = 0xED;
1083 	command[1] = LUNBITS;
1084 
1085 	result = sddr09_send_scsi_command(us, command, 12);
1086 	if (result)
1087 		return result;
1088 
1089 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1090 			content, 64, NULL);
1091 
1092 	for (i = 0; i < 4; i++)
1093 		deviceID[i] = content[i];
1094 
1095 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1096 }
1097 
1098 static int
1099 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1100 	int result;
1101 	unsigned char status;
1102 
1103 	result = sddr09_read_status(us, &status);
1104 	if (result) {
1105 		usb_stor_dbg(us, "read_status fails\n");
1106 		return result;
1107 	}
1108 	usb_stor_dbg(us, "status 0x%02X", status);
1109 	if ((status & 0x80) == 0) {
1110 		info->flags |= SDDR09_WP;	/* write protected */
1111 		US_DEBUGPX(" WP");
1112 	}
1113 	if (status & 0x40)
1114 		US_DEBUGPX(" Ready");
1115 	if (status & LUNBITS)
1116 		US_DEBUGPX(" Suspended");
1117 	if (status & 0x1)
1118 		US_DEBUGPX(" Error");
1119 	US_DEBUGPX("\n");
1120 	return 0;
1121 }
1122 
1123 #if 0
1124 /*
1125  * Reset Command: 12 bytes.
1126  * byte 0: opcode: EB
1127  */
1128 static int
1129 sddr09_reset(struct us_data *us) {
1130 
1131 	unsigned char *command = us->iobuf;
1132 
1133 	memset(command, 0, 12);
1134 	command[0] = 0xEB;
1135 	command[1] = LUNBITS;
1136 
1137 	return sddr09_send_scsi_command(us, command, 12);
1138 }
1139 #endif
1140 
1141 static struct nand_flash_dev *
1142 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1143 	struct nand_flash_dev *cardinfo;
1144 	unsigned char deviceID[4];
1145 	char blurbtxt[256];
1146 	int result;
1147 
1148 	usb_stor_dbg(us, "Reading capacity...\n");
1149 
1150 	result = sddr09_read_deviceID(us, deviceID);
1151 
1152 	if (result) {
1153 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1154 		printk(KERN_WARNING "sddr09: could not read card info\n");
1155 		return NULL;
1156 	}
1157 
1158 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1159 		deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1160 
1161 	/* Byte 0 is the manufacturer */
1162 	sprintf(blurbtxt + strlen(blurbtxt),
1163 		": Manuf. %s",
1164 		nand_flash_manufacturer(deviceID[0]));
1165 
1166 	/* Byte 1 is the device type */
1167 	cardinfo = nand_find_id(deviceID[1]);
1168 	if (cardinfo) {
1169 		/* MB or MiB? It is neither. A 16 MB card has
1170 		   17301504 raw bytes, of which 16384000 are
1171 		   usable for user data. */
1172 		sprintf(blurbtxt + strlen(blurbtxt),
1173 			", %d MB", 1<<(cardinfo->chipshift - 20));
1174 	} else {
1175 		sprintf(blurbtxt + strlen(blurbtxt),
1176 			", type unrecognized");
1177 	}
1178 
1179 	/* Byte 2 is code to signal availability of 128-bit ID */
1180 	if (deviceID[2] == 0xa5) {
1181 		sprintf(blurbtxt + strlen(blurbtxt),
1182 			", 128-bit ID");
1183 	}
1184 
1185 	/* Byte 3 announces the availability of another read ID command */
1186 	if (deviceID[3] == 0xc0) {
1187 		sprintf(blurbtxt + strlen(blurbtxt),
1188 			", extra cmd");
1189 	}
1190 
1191 	if (flags & SDDR09_WP)
1192 		sprintf(blurbtxt + strlen(blurbtxt),
1193 			", WP");
1194 
1195 	printk(KERN_WARNING "%s\n", blurbtxt);
1196 
1197 	return cardinfo;
1198 }
1199 
1200 static int
1201 sddr09_read_map(struct us_data *us) {
1202 
1203 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1204 	int numblocks, alloc_len, alloc_blocks;
1205 	int i, j, result;
1206 	unsigned char *buffer, *buffer_end, *ptr;
1207 	unsigned int lba, lbact;
1208 
1209 	if (!info->capacity)
1210 		return -1;
1211 
1212 	// size of a block is 1 << (blockshift + pageshift) bytes
1213 	// divide into the total capacity to get the number of blocks
1214 
1215 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1216 
1217 	// read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1218 	// but only use a 64 KB buffer
1219 	// buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1220 #define SDDR09_READ_MAP_BUFSZ 65536
1221 
1222 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1223 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1224 	buffer = kmalloc(alloc_len, GFP_NOIO);
1225 	if (buffer == NULL) {
1226 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1227 		result = -1;
1228 		goto done;
1229 	}
1230 	buffer_end = buffer + alloc_len;
1231 
1232 #undef SDDR09_READ_MAP_BUFSZ
1233 
1234 	kfree(info->lba_to_pba);
1235 	kfree(info->pba_to_lba);
1236 	info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1237 	info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1238 
1239 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1240 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1241 		result = -1;
1242 		goto done;
1243 	}
1244 
1245 	for (i = 0; i < numblocks; i++)
1246 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1247 
1248 	/*
1249 	 * Define lba-pba translation table
1250 	 */
1251 
1252 	ptr = buffer_end;
1253 	for (i = 0; i < numblocks; i++) {
1254 		ptr += (1 << CONTROL_SHIFT);
1255 		if (ptr >= buffer_end) {
1256 			unsigned long address;
1257 
1258 			address = i << (info->pageshift + info->blockshift);
1259 			result = sddr09_read_control(
1260 				us, address>>1,
1261 				min(alloc_blocks, numblocks - i),
1262 				buffer, 0);
1263 			if (result) {
1264 				result = -1;
1265 				goto done;
1266 			}
1267 			ptr = buffer;
1268 		}
1269 
1270 		if (i == 0 || i == 1) {
1271 			info->pba_to_lba[i] = UNUSABLE;
1272 			continue;
1273 		}
1274 
1275 		/* special PBAs have control field 0^16 */
1276 		for (j = 0; j < 16; j++)
1277 			if (ptr[j] != 0)
1278 				goto nonz;
1279 		info->pba_to_lba[i] = UNUSABLE;
1280 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1281 		       i);
1282 		continue;
1283 
1284 	nonz:
1285 		/* unwritten PBAs have control field FF^16 */
1286 		for (j = 0; j < 16; j++)
1287 			if (ptr[j] != 0xff)
1288 				goto nonff;
1289 		continue;
1290 
1291 	nonff:
1292 		/* normal PBAs start with six FFs */
1293 		if (j < 6) {
1294 			printk(KERN_WARNING
1295 			       "sddr09: PBA %d has no logical mapping: "
1296 			       "reserved area = %02X%02X%02X%02X "
1297 			       "data status %02X block status %02X\n",
1298 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1299 			       ptr[4], ptr[5]);
1300 			info->pba_to_lba[i] = UNUSABLE;
1301 			continue;
1302 		}
1303 
1304 		if ((ptr[6] >> 4) != 0x01) {
1305 			printk(KERN_WARNING
1306 			       "sddr09: PBA %d has invalid address field "
1307 			       "%02X%02X/%02X%02X\n",
1308 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1309 			info->pba_to_lba[i] = UNUSABLE;
1310 			continue;
1311 		}
1312 
1313 		/* check even parity */
1314 		if (parity[ptr[6] ^ ptr[7]]) {
1315 			printk(KERN_WARNING
1316 			       "sddr09: Bad parity in LBA for block %d"
1317 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1318 			info->pba_to_lba[i] = UNUSABLE;
1319 			continue;
1320 		}
1321 
1322 		lba = short_pack(ptr[7], ptr[6]);
1323 		lba = (lba & 0x07FF) >> 1;
1324 
1325 		/*
1326 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1327 		 * go back to zero, but are within a higher block of LBA's.
1328 		 * Also, there is a maximum of 1000 LBA's per zone.
1329 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1330 		 * which are really LBA 1000-1999. This allows for 24 bad
1331 		 * or special physical blocks per zone.
1332 		 */
1333 
1334 		if (lba >= 1000) {
1335 			printk(KERN_WARNING
1336 			       "sddr09: Bad low LBA %d for block %d\n",
1337 			       lba, i);
1338 			goto possibly_erase;
1339 		}
1340 
1341 		lba += 1000*(i/0x400);
1342 
1343 		if (info->lba_to_pba[lba] != UNDEF) {
1344 			printk(KERN_WARNING
1345 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1346 			       lba, info->lba_to_pba[lba], i);
1347 			goto possibly_erase;
1348 		}
1349 
1350 		info->pba_to_lba[i] = lba;
1351 		info->lba_to_pba[lba] = i;
1352 		continue;
1353 
1354 	possibly_erase:
1355 		if (erase_bad_lba_entries) {
1356 			unsigned long address;
1357 
1358 			address = (i << (info->pageshift + info->blockshift));
1359 			sddr09_erase(us, address>>1);
1360 			info->pba_to_lba[i] = UNDEF;
1361 		} else
1362 			info->pba_to_lba[i] = UNUSABLE;
1363 	}
1364 
1365 	/*
1366 	 * Approximate capacity. This is not entirely correct yet,
1367 	 * since a zone with less than 1000 usable pages leads to
1368 	 * missing LBAs. Especially if it is the last zone, some
1369 	 * LBAs can be past capacity.
1370 	 */
1371 	lbact = 0;
1372 	for (i = 0; i < numblocks; i += 1024) {
1373 		int ct = 0;
1374 
1375 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1376 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1377 				if (ct >= 1000)
1378 					info->pba_to_lba[i+j] = SPARE;
1379 				else
1380 					ct++;
1381 			}
1382 		}
1383 		lbact += ct;
1384 	}
1385 	info->lbact = lbact;
1386 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1387 	result = 0;
1388 
1389  done:
1390 	if (result != 0) {
1391 		kfree(info->lba_to_pba);
1392 		kfree(info->pba_to_lba);
1393 		info->lba_to_pba = NULL;
1394 		info->pba_to_lba = NULL;
1395 	}
1396 	kfree(buffer);
1397 	return result;
1398 }
1399 
1400 static void
1401 sddr09_card_info_destructor(void *extra) {
1402 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1403 
1404 	if (!info)
1405 		return;
1406 
1407 	kfree(info->lba_to_pba);
1408 	kfree(info->pba_to_lba);
1409 }
1410 
1411 static int
1412 sddr09_common_init(struct us_data *us) {
1413 	int result;
1414 
1415 	/* set the configuration -- STALL is an acceptable response here */
1416 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1417 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1418 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1419 		return -EINVAL;
1420 	}
1421 
1422 	result = usb_reset_configuration(us->pusb_dev);
1423 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1424 	if (result == -EPIPE) {
1425 		usb_stor_dbg(us, "-- stall on control interface\n");
1426 	} else if (result != 0) {
1427 		/* it's not a stall, but another error -- time to bail */
1428 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1429 		return -EINVAL;
1430 	}
1431 
1432 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1433 	if (!us->extra)
1434 		return -ENOMEM;
1435 	us->extra_destructor = sddr09_card_info_destructor;
1436 
1437 	nand_init_ecc();
1438 	return 0;
1439 }
1440 
1441 
1442 /*
1443  * This is needed at a very early stage. If this is not listed in the
1444  * unusual devices list but called from here then LUN 0 of the combo reader
1445  * is not recognized. But I do not know what precisely these calls do.
1446  */
1447 static int
1448 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1449 	int result;
1450 	unsigned char *data = us->iobuf;
1451 
1452 	result = sddr09_common_init(us);
1453 	if (result)
1454 		return result;
1455 
1456 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1457 	if (result) {
1458 		usb_stor_dbg(us, "send_command fails\n");
1459 		return result;
1460 	}
1461 
1462 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1463 	// get 07 02
1464 
1465 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1466 	if (result) {
1467 		usb_stor_dbg(us, "2nd send_command fails\n");
1468 		return result;
1469 	}
1470 
1471 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1472 	// get 07 00
1473 
1474 	result = sddr09_request_sense(us, data, 18);
1475 	if (result == 0 && data[2] != 0) {
1476 		int j;
1477 		for (j=0; j<18; j++)
1478 			printk(" %02X", data[j]);
1479 		printk("\n");
1480 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1481 		// 70: current command
1482 		// sense key 0, sense code 0, extd sense code 0
1483 		// additional transfer length * = sizeof(data) - 7
1484 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1485 		// sense key 06, sense code 28: unit attention,
1486 		// not ready to ready transition
1487 	}
1488 
1489 	// test unit ready
1490 
1491 	return 0;		/* not result */
1492 }
1493 
1494 /*
1495  * Transport for the Microtech DPCM-USB
1496  */
1497 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1498 {
1499 	int ret;
1500 
1501 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1502 
1503 	switch (srb->device->lun) {
1504 	case 0:
1505 
1506 		/*
1507 		 * LUN 0 corresponds to the CompactFlash card reader.
1508 		 */
1509 		ret = usb_stor_CB_transport(srb, us);
1510 		break;
1511 
1512 	case 1:
1513 
1514 		/*
1515 		 * LUN 1 corresponds to the SmartMedia card reader.
1516 		 */
1517 
1518 		/*
1519 		 * Set the LUN to 0 (just in case).
1520 		 */
1521 		srb->device->lun = 0;
1522 		ret = sddr09_transport(srb, us);
1523 		srb->device->lun = 1;
1524 		break;
1525 
1526 	default:
1527 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1528 		ret = USB_STOR_TRANSPORT_ERROR;
1529 		break;
1530 	}
1531 	return ret;
1532 }
1533 
1534 
1535 /*
1536  * Transport for the Sandisk SDDR-09
1537  */
1538 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1539 {
1540 	static unsigned char sensekey = 0, sensecode = 0;
1541 	static unsigned char havefakesense = 0;
1542 	int result, i;
1543 	unsigned char *ptr = us->iobuf;
1544 	unsigned long capacity;
1545 	unsigned int page, pages;
1546 
1547 	struct sddr09_card_info *info;
1548 
1549 	static unsigned char inquiry_response[8] = {
1550 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1551 	};
1552 
1553 	/* note: no block descriptor support */
1554 	static unsigned char mode_page_01[19] = {
1555 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1556 		0x01, 0x0A,
1557 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1558 	};
1559 
1560 	info = (struct sddr09_card_info *)us->extra;
1561 
1562 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1563 		/* for a faked command, we have to follow with a faked sense */
1564 		memset(ptr, 0, 18);
1565 		ptr[0] = 0x70;
1566 		ptr[2] = sensekey;
1567 		ptr[7] = 11;
1568 		ptr[12] = sensecode;
1569 		usb_stor_set_xfer_buf(ptr, 18, srb);
1570 		sensekey = sensecode = havefakesense = 0;
1571 		return USB_STOR_TRANSPORT_GOOD;
1572 	}
1573 
1574 	havefakesense = 1;
1575 
1576 	/* Dummy up a response for INQUIRY since SDDR09 doesn't
1577 	   respond to INQUIRY commands */
1578 
1579 	if (srb->cmnd[0] == INQUIRY) {
1580 		memcpy(ptr, inquiry_response, 8);
1581 		fill_inquiry_response(us, ptr, 36);
1582 		return USB_STOR_TRANSPORT_GOOD;
1583 	}
1584 
1585 	if (srb->cmnd[0] == READ_CAPACITY) {
1586 		struct nand_flash_dev *cardinfo;
1587 
1588 		sddr09_get_wp(us, info);	/* read WP bit */
1589 
1590 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1591 		if (!cardinfo) {
1592 			/* probably no media */
1593 		init_error:
1594 			sensekey = 0x02;	/* not ready */
1595 			sensecode = 0x3a;	/* medium not present */
1596 			return USB_STOR_TRANSPORT_FAILED;
1597 		}
1598 
1599 		info->capacity = (1 << cardinfo->chipshift);
1600 		info->pageshift = cardinfo->pageshift;
1601 		info->pagesize = (1 << info->pageshift);
1602 		info->blockshift = cardinfo->blockshift;
1603 		info->blocksize = (1 << info->blockshift);
1604 		info->blockmask = info->blocksize - 1;
1605 
1606 		// map initialization, must follow get_cardinfo()
1607 		if (sddr09_read_map(us)) {
1608 			/* probably out of memory */
1609 			goto init_error;
1610 		}
1611 
1612 		// Report capacity
1613 
1614 		capacity = (info->lbact << info->blockshift) - 1;
1615 
1616 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1617 
1618 		// Report page size
1619 
1620 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1621 		usb_stor_set_xfer_buf(ptr, 8, srb);
1622 
1623 		return USB_STOR_TRANSPORT_GOOD;
1624 	}
1625 
1626 	if (srb->cmnd[0] == MODE_SENSE_10) {
1627 		int modepage = (srb->cmnd[2] & 0x3F);
1628 
1629 		/* They ask for the Read/Write error recovery page,
1630 		   or for all pages. */
1631 		/* %% We should check DBD %% */
1632 		if (modepage == 0x01 || modepage == 0x3F) {
1633 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1634 				     modepage);
1635 
1636 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1637 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1638 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1639 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1640 			return USB_STOR_TRANSPORT_GOOD;
1641 		}
1642 
1643 		sensekey = 0x05;	/* illegal request */
1644 		sensecode = 0x24;	/* invalid field in CDB */
1645 		return USB_STOR_TRANSPORT_FAILED;
1646 	}
1647 
1648 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1649 		return USB_STOR_TRANSPORT_GOOD;
1650 
1651 	havefakesense = 0;
1652 
1653 	if (srb->cmnd[0] == READ_10) {
1654 
1655 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1656 		page <<= 16;
1657 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1658 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1659 
1660 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1661 			     page, pages);
1662 
1663 		result = sddr09_read_data(us, page, pages);
1664 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1665 				USB_STOR_TRANSPORT_ERROR);
1666 	}
1667 
1668 	if (srb->cmnd[0] == WRITE_10) {
1669 
1670 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1671 		page <<= 16;
1672 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1673 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1674 
1675 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1676 			     page, pages);
1677 
1678 		result = sddr09_write_data(us, page, pages);
1679 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1680 				USB_STOR_TRANSPORT_ERROR);
1681 	}
1682 
1683 	/* catch-all for all other commands, except
1684 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1685 	 */
1686 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1687 	    srb->cmnd[0] != REQUEST_SENSE) {
1688 		sensekey = 0x05;	/* illegal request */
1689 		sensecode = 0x20;	/* invalid command */
1690 		havefakesense = 1;
1691 		return USB_STOR_TRANSPORT_FAILED;
1692 	}
1693 
1694 	for (; srb->cmd_len<12; srb->cmd_len++)
1695 		srb->cmnd[srb->cmd_len] = 0;
1696 
1697 	srb->cmnd[1] = LUNBITS;
1698 
1699 	ptr[0] = 0;
1700 	for (i=0; i<12; i++)
1701 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1702 
1703 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1704 
1705 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1706 	if (result) {
1707 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1708 			     result);
1709 		return USB_STOR_TRANSPORT_ERROR;
1710 	}
1711 
1712 	if (scsi_bufflen(srb) == 0)
1713 		return USB_STOR_TRANSPORT_GOOD;
1714 
1715 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1716 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1717 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1718 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1719 
1720 		usb_stor_dbg(us, "%s %d bytes\n",
1721 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1722 			     "sending" : "receiving",
1723 			     scsi_bufflen(srb));
1724 
1725 		result = usb_stor_bulk_srb(us, pipe, srb);
1726 
1727 		return (result == USB_STOR_XFER_GOOD ?
1728 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1729 	}
1730 
1731 	return USB_STOR_TRANSPORT_GOOD;
1732 }
1733 
1734 /*
1735  * Initialization routine for the sddr09 subdriver
1736  */
1737 static int
1738 usb_stor_sddr09_init(struct us_data *us) {
1739 	return sddr09_common_init(us);
1740 }
1741 
1742 static int sddr09_probe(struct usb_interface *intf,
1743 			 const struct usb_device_id *id)
1744 {
1745 	struct us_data *us;
1746 	int result;
1747 
1748 	result = usb_stor_probe1(&us, intf, id,
1749 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list);
1750 	if (result)
1751 		return result;
1752 
1753 	if (us->protocol == USB_PR_DPCM_USB) {
1754 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1755 		us->transport = dpcm_transport;
1756 		us->transport_reset = usb_stor_CB_reset;
1757 		us->max_lun = 1;
1758 	} else {
1759 		us->transport_name = "EUSB/SDDR09";
1760 		us->transport = sddr09_transport;
1761 		us->transport_reset = usb_stor_CB_reset;
1762 		us->max_lun = 0;
1763 	}
1764 
1765 	result = usb_stor_probe2(us);
1766 	return result;
1767 }
1768 
1769 static struct usb_driver sddr09_driver = {
1770 	.name =		"ums-sddr09",
1771 	.probe =	sddr09_probe,
1772 	.disconnect =	usb_stor_disconnect,
1773 	.suspend =	usb_stor_suspend,
1774 	.resume =	usb_stor_resume,
1775 	.reset_resume =	usb_stor_reset_resume,
1776 	.pre_reset =	usb_stor_pre_reset,
1777 	.post_reset =	usb_stor_post_reset,
1778 	.id_table =	sddr09_usb_ids,
1779 	.soft_unbind =	1,
1780 	.no_dynamic_id = 1,
1781 };
1782 
1783 module_usb_driver(sddr09_driver);
1784