1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $ 4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 5 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 6 * Developed with the assistance of: 7 * (c) 2002 Alan Stern <stern@rowland.org> 8 * 9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 10 * This chip is a programmable USB controller. In the SDDR-09, it has 11 * been programmed to obey a certain limited set of SCSI commands. 12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 13 * commands. 14 * 15 * This program is free software; you can redistribute it and/or modify it 16 * under the terms of the GNU General Public License as published by the 17 * Free Software Foundation; either version 2, or (at your option) any 18 * later version. 19 * 20 * This program is distributed in the hope that it will be useful, but 21 * WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 * General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License along 26 * with this program; if not, write to the Free Software Foundation, Inc., 27 * 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 /* 31 * Known vendor commands: 12 bytes, first byte is opcode 32 * 33 * E7: read scatter gather 34 * E8: read 35 * E9: write 36 * EA: erase 37 * EB: reset 38 * EC: read status 39 * ED: read ID 40 * EE: write CIS (?) 41 * EF: compute checksum (?) 42 */ 43 44 #include <linux/errno.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 50 #include "usb.h" 51 #include "transport.h" 52 #include "protocol.h" 53 #include "debug.h" 54 #include "sddr09.h" 55 56 57 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 58 #define LSB_of(s) ((s)&0xFF) 59 #define MSB_of(s) ((s)>>8) 60 61 /* #define US_DEBUGP printk */ 62 63 /* 64 * First some stuff that does not belong here: 65 * data on SmartMedia and other cards, completely 66 * unrelated to this driver. 67 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 68 */ 69 70 struct nand_flash_dev { 71 int model_id; 72 int chipshift; /* 1<<cs bytes total capacity */ 73 char pageshift; /* 1<<ps bytes in a page */ 74 char blockshift; /* 1<<bs pages in an erase block */ 75 char zoneshift; /* 1<<zs blocks in a zone */ 76 /* # of logical blocks is 125/128 of this */ 77 char pageadrlen; /* length of an address in bytes - 1 */ 78 }; 79 80 /* 81 * NAND Flash Manufacturer ID Codes 82 */ 83 #define NAND_MFR_AMD 0x01 84 #define NAND_MFR_NATSEMI 0x8f 85 #define NAND_MFR_TOSHIBA 0x98 86 #define NAND_MFR_SAMSUNG 0xec 87 88 static inline char *nand_flash_manufacturer(int manuf_id) { 89 switch(manuf_id) { 90 case NAND_MFR_AMD: 91 return "AMD"; 92 case NAND_MFR_NATSEMI: 93 return "NATSEMI"; 94 case NAND_MFR_TOSHIBA: 95 return "Toshiba"; 96 case NAND_MFR_SAMSUNG: 97 return "Samsung"; 98 default: 99 return "unknown"; 100 } 101 } 102 103 /* 104 * It looks like it is unnecessary to attach manufacturer to the 105 * remaining data: SSFDC prescribes manufacturer-independent id codes. 106 * 107 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 108 */ 109 110 static struct nand_flash_dev nand_flash_ids[] = { 111 /* NAND flash */ 112 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 113 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 114 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 115 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 116 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 117 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 118 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 119 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 120 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 121 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 122 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 123 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 124 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 125 126 /* MASK ROM */ 127 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 128 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 129 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 130 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 131 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 132 { 0,} 133 }; 134 135 static struct nand_flash_dev * 136 nand_find_id(unsigned char id) { 137 int i; 138 139 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 140 if (nand_flash_ids[i].model_id == id) 141 return &(nand_flash_ids[i]); 142 return NULL; 143 } 144 145 /* 146 * ECC computation. 147 */ 148 static unsigned char parity[256]; 149 static unsigned char ecc2[256]; 150 151 static void nand_init_ecc(void) { 152 int i, j, a; 153 154 parity[0] = 0; 155 for (i = 1; i < 256; i++) 156 parity[i] = (parity[i&(i-1)] ^ 1); 157 158 for (i = 0; i < 256; i++) { 159 a = 0; 160 for (j = 0; j < 8; j++) { 161 if (i & (1<<j)) { 162 if ((j & 1) == 0) 163 a ^= 0x04; 164 if ((j & 2) == 0) 165 a ^= 0x10; 166 if ((j & 4) == 0) 167 a ^= 0x40; 168 } 169 } 170 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 171 } 172 } 173 174 /* compute 3-byte ecc on 256 bytes */ 175 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 176 int i, j, a; 177 unsigned char par, bit, bits[8]; 178 179 par = 0; 180 for (j = 0; j < 8; j++) 181 bits[j] = 0; 182 183 /* collect 16 checksum bits */ 184 for (i = 0; i < 256; i++) { 185 par ^= data[i]; 186 bit = parity[data[i]]; 187 for (j = 0; j < 8; j++) 188 if ((i & (1<<j)) == 0) 189 bits[j] ^= bit; 190 } 191 192 /* put 4+4+4 = 12 bits in the ecc */ 193 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 194 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 195 196 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 197 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 198 199 ecc[2] = ecc2[par]; 200 } 201 202 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 203 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 204 } 205 206 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 207 memcpy(data, ecc, 3); 208 } 209 210 /* 211 * The actual driver starts here. 212 */ 213 214 struct sddr09_card_info { 215 unsigned long capacity; /* Size of card in bytes */ 216 int pagesize; /* Size of page in bytes */ 217 int pageshift; /* log2 of pagesize */ 218 int blocksize; /* Size of block in pages */ 219 int blockshift; /* log2 of blocksize */ 220 int blockmask; /* 2^blockshift - 1 */ 221 int *lba_to_pba; /* logical to physical map */ 222 int *pba_to_lba; /* physical to logical map */ 223 int lbact; /* number of available pages */ 224 int flags; 225 #define SDDR09_WP 1 /* write protected */ 226 }; 227 228 /* 229 * On my 16MB card, control blocks have size 64 (16 real control bytes, 230 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 231 * so the reader makes up the remaining 48. Don't know whether these numbers 232 * depend on the card. For now a constant. 233 */ 234 #define CONTROL_SHIFT 6 235 236 /* 237 * On my Combo CF/SM reader, the SM reader has LUN 1. 238 * (and things fail with LUN 0). 239 * It seems LUN is irrelevant for others. 240 */ 241 #define LUN 1 242 #define LUNBITS (LUN << 5) 243 244 /* 245 * LBA and PBA are unsigned ints. Special values. 246 */ 247 #define UNDEF 0xffffffff 248 #define SPARE 0xfffffffe 249 #define UNUSABLE 0xfffffffd 250 251 static const int erase_bad_lba_entries = 0; 252 253 /* send vendor interface command (0x41) */ 254 /* called for requests 0, 1, 8 */ 255 static int 256 sddr09_send_command(struct us_data *us, 257 unsigned char request, 258 unsigned char direction, 259 unsigned char *xfer_data, 260 unsigned int xfer_len) { 261 unsigned int pipe; 262 unsigned char requesttype = (0x41 | direction); 263 int rc; 264 265 // Get the receive or send control pipe number 266 267 if (direction == USB_DIR_IN) 268 pipe = us->recv_ctrl_pipe; 269 else 270 pipe = us->send_ctrl_pipe; 271 272 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 273 0, 0, xfer_data, xfer_len); 274 switch (rc) { 275 case USB_STOR_XFER_GOOD: return 0; 276 case USB_STOR_XFER_STALLED: return -EPIPE; 277 default: return -EIO; 278 } 279 } 280 281 static int 282 sddr09_send_scsi_command(struct us_data *us, 283 unsigned char *command, 284 unsigned int command_len) { 285 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 286 } 287 288 #if 0 289 /* 290 * Test Unit Ready Command: 12 bytes. 291 * byte 0: opcode: 00 292 */ 293 static int 294 sddr09_test_unit_ready(struct us_data *us) { 295 unsigned char *command = us->iobuf; 296 int result; 297 298 memset(command, 0, 6); 299 command[1] = LUNBITS; 300 301 result = sddr09_send_scsi_command(us, command, 6); 302 303 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 304 305 return result; 306 } 307 #endif 308 309 /* 310 * Request Sense Command: 12 bytes. 311 * byte 0: opcode: 03 312 * byte 4: data length 313 */ 314 static int 315 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 316 unsigned char *command = us->iobuf; 317 int result; 318 319 memset(command, 0, 12); 320 command[0] = 0x03; 321 command[1] = LUNBITS; 322 command[4] = buflen; 323 324 result = sddr09_send_scsi_command(us, command, 12); 325 if (result) 326 return result; 327 328 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 329 sensebuf, buflen, NULL); 330 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 331 } 332 333 /* 334 * Read Command: 12 bytes. 335 * byte 0: opcode: E8 336 * byte 1: last two bits: 00: read data, 01: read blockwise control, 337 * 10: read both, 11: read pagewise control. 338 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 339 * bytes 2-5: address (interpretation depends on byte 1, see below) 340 * bytes 10-11: count (idem) 341 * 342 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 343 * A read data command gets data in 512-byte pages. 344 * A read control command gets control in 64-byte chunks. 345 * A read both command gets data+control in 576-byte chunks. 346 * 347 * Blocks are groups of 32 pages, and read blockwise control jumps to the 348 * next block, while read pagewise control jumps to the next page after 349 * reading a group of 64 control bytes. 350 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 351 * 352 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 353 */ 354 355 static int 356 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 357 int nr_of_pages, int bulklen, unsigned char *buf, 358 int use_sg) { 359 360 unsigned char *command = us->iobuf; 361 int result; 362 363 command[0] = 0xE8; 364 command[1] = LUNBITS | x; 365 command[2] = MSB_of(fromaddress>>16); 366 command[3] = LSB_of(fromaddress>>16); 367 command[4] = MSB_of(fromaddress & 0xFFFF); 368 command[5] = LSB_of(fromaddress & 0xFFFF); 369 command[6] = 0; 370 command[7] = 0; 371 command[8] = 0; 372 command[9] = 0; 373 command[10] = MSB_of(nr_of_pages); 374 command[11] = LSB_of(nr_of_pages); 375 376 result = sddr09_send_scsi_command(us, command, 12); 377 378 if (result) { 379 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 380 x, result); 381 return result; 382 } 383 384 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 385 buf, bulklen, use_sg, NULL); 386 387 if (result != USB_STOR_XFER_GOOD) { 388 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 389 x, result); 390 return -EIO; 391 } 392 return 0; 393 } 394 395 /* 396 * Read Data 397 * 398 * fromaddress counts data shorts: 399 * increasing it by 256 shifts the bytestream by 512 bytes; 400 * the last 8 bits are ignored. 401 * 402 * nr_of_pages counts pages of size (1 << pageshift). 403 */ 404 static int 405 sddr09_read20(struct us_data *us, unsigned long fromaddress, 406 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 407 int bulklen = nr_of_pages << pageshift; 408 409 /* The last 8 bits of fromaddress are ignored. */ 410 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 411 buf, use_sg); 412 } 413 414 /* 415 * Read Blockwise Control 416 * 417 * fromaddress gives the starting position (as in read data; 418 * the last 8 bits are ignored); increasing it by 32*256 shifts 419 * the output stream by 64 bytes. 420 * 421 * count counts control groups of size (1 << controlshift). 422 * For me, controlshift = 6. Is this constant? 423 * 424 * After getting one control group, jump to the next block 425 * (fromaddress += 8192). 426 */ 427 static int 428 sddr09_read21(struct us_data *us, unsigned long fromaddress, 429 int count, int controlshift, unsigned char *buf, int use_sg) { 430 431 int bulklen = (count << controlshift); 432 return sddr09_readX(us, 1, fromaddress, count, bulklen, 433 buf, use_sg); 434 } 435 436 /* 437 * Read both Data and Control 438 * 439 * fromaddress counts data shorts, ignoring control: 440 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 441 * the last 8 bits are ignored. 442 * 443 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 444 */ 445 static int 446 sddr09_read22(struct us_data *us, unsigned long fromaddress, 447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 448 449 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 450 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 451 nr_of_pages, bulklen); 452 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 453 buf, use_sg); 454 } 455 456 #if 0 457 /* 458 * Read Pagewise Control 459 * 460 * fromaddress gives the starting position (as in read data; 461 * the last 8 bits are ignored); increasing it by 256 shifts 462 * the output stream by 64 bytes. 463 * 464 * count counts control groups of size (1 << controlshift). 465 * For me, controlshift = 6. Is this constant? 466 * 467 * After getting one control group, jump to the next page 468 * (fromaddress += 256). 469 */ 470 static int 471 sddr09_read23(struct us_data *us, unsigned long fromaddress, 472 int count, int controlshift, unsigned char *buf, int use_sg) { 473 474 int bulklen = (count << controlshift); 475 return sddr09_readX(us, 3, fromaddress, count, bulklen, 476 buf, use_sg); 477 } 478 #endif 479 480 /* 481 * Erase Command: 12 bytes. 482 * byte 0: opcode: EA 483 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 484 * 485 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 486 * The byte address being erased is 2*Eaddress. 487 * The CIS cannot be erased. 488 */ 489 static int 490 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 491 unsigned char *command = us->iobuf; 492 int result; 493 494 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 495 496 memset(command, 0, 12); 497 command[0] = 0xEA; 498 command[1] = LUNBITS; 499 command[6] = MSB_of(Eaddress>>16); 500 command[7] = LSB_of(Eaddress>>16); 501 command[8] = MSB_of(Eaddress & 0xFFFF); 502 command[9] = LSB_of(Eaddress & 0xFFFF); 503 504 result = sddr09_send_scsi_command(us, command, 12); 505 506 if (result) 507 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 508 result); 509 510 return result; 511 } 512 513 /* 514 * Write CIS Command: 12 bytes. 515 * byte 0: opcode: EE 516 * bytes 2-5: write address in shorts 517 * bytes 10-11: sector count 518 * 519 * This writes at the indicated address. Don't know how it differs 520 * from E9. Maybe it does not erase? However, it will also write to 521 * the CIS. 522 * 523 * When two such commands on the same page follow each other directly, 524 * the second one is not done. 525 */ 526 527 /* 528 * Write Command: 12 bytes. 529 * byte 0: opcode: E9 530 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 531 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 532 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 533 * 534 * If write address equals erase address, the erase is done first, 535 * otherwise the write is done first. When erase address equals zero 536 * no erase is done? 537 */ 538 static int 539 sddr09_writeX(struct us_data *us, 540 unsigned long Waddress, unsigned long Eaddress, 541 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 542 543 unsigned char *command = us->iobuf; 544 int result; 545 546 command[0] = 0xE9; 547 command[1] = LUNBITS; 548 549 command[2] = MSB_of(Waddress>>16); 550 command[3] = LSB_of(Waddress>>16); 551 command[4] = MSB_of(Waddress & 0xFFFF); 552 command[5] = LSB_of(Waddress & 0xFFFF); 553 554 command[6] = MSB_of(Eaddress>>16); 555 command[7] = LSB_of(Eaddress>>16); 556 command[8] = MSB_of(Eaddress & 0xFFFF); 557 command[9] = LSB_of(Eaddress & 0xFFFF); 558 559 command[10] = MSB_of(nr_of_pages); 560 command[11] = LSB_of(nr_of_pages); 561 562 result = sddr09_send_scsi_command(us, command, 12); 563 564 if (result) { 565 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 566 result); 567 return result; 568 } 569 570 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 571 buf, bulklen, use_sg, NULL); 572 573 if (result != USB_STOR_XFER_GOOD) { 574 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 575 result); 576 return -EIO; 577 } 578 return 0; 579 } 580 581 /* erase address, write same address */ 582 static int 583 sddr09_write_inplace(struct us_data *us, unsigned long address, 584 int nr_of_pages, int pageshift, unsigned char *buf, 585 int use_sg) { 586 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 587 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 588 buf, use_sg); 589 } 590 591 #if 0 592 /* 593 * Read Scatter Gather Command: 3+4n bytes. 594 * byte 0: opcode E7 595 * byte 2: n 596 * bytes 4i-1,4i,4i+1: page address 597 * byte 4i+2: page count 598 * (i=1..n) 599 * 600 * This reads several pages from the card to a single memory buffer. 601 * The last two bits of byte 1 have the same meaning as for E8. 602 */ 603 static int 604 sddr09_read_sg_test_only(struct us_data *us) { 605 unsigned char *command = us->iobuf; 606 int result, bulklen, nsg, ct; 607 unsigned char *buf; 608 unsigned long address; 609 610 nsg = bulklen = 0; 611 command[0] = 0xE7; 612 command[1] = LUNBITS; 613 command[2] = 0; 614 address = 040000; ct = 1; 615 nsg++; 616 bulklen += (ct << 9); 617 command[4*nsg+2] = ct; 618 command[4*nsg+1] = ((address >> 9) & 0xFF); 619 command[4*nsg+0] = ((address >> 17) & 0xFF); 620 command[4*nsg-1] = ((address >> 25) & 0xFF); 621 622 address = 0340000; ct = 1; 623 nsg++; 624 bulklen += (ct << 9); 625 command[4*nsg+2] = ct; 626 command[4*nsg+1] = ((address >> 9) & 0xFF); 627 command[4*nsg+0] = ((address >> 17) & 0xFF); 628 command[4*nsg-1] = ((address >> 25) & 0xFF); 629 630 address = 01000000; ct = 2; 631 nsg++; 632 bulklen += (ct << 9); 633 command[4*nsg+2] = ct; 634 command[4*nsg+1] = ((address >> 9) & 0xFF); 635 command[4*nsg+0] = ((address >> 17) & 0xFF); 636 command[4*nsg-1] = ((address >> 25) & 0xFF); 637 638 command[2] = nsg; 639 640 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 641 642 if (result) { 643 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 644 result); 645 return result; 646 } 647 648 buf = kmalloc(bulklen, GFP_NOIO); 649 if (!buf) 650 return -ENOMEM; 651 652 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 653 buf, bulklen, NULL); 654 kfree(buf); 655 if (result != USB_STOR_XFER_GOOD) { 656 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 657 result); 658 return -EIO; 659 } 660 661 return 0; 662 } 663 #endif 664 665 /* 666 * Read Status Command: 12 bytes. 667 * byte 0: opcode: EC 668 * 669 * Returns 64 bytes, all zero except for the first. 670 * bit 0: 1: Error 671 * bit 5: 1: Suspended 672 * bit 6: 1: Ready 673 * bit 7: 1: Not write-protected 674 */ 675 676 static int 677 sddr09_read_status(struct us_data *us, unsigned char *status) { 678 679 unsigned char *command = us->iobuf; 680 unsigned char *data = us->iobuf; 681 int result; 682 683 US_DEBUGP("Reading status...\n"); 684 685 memset(command, 0, 12); 686 command[0] = 0xEC; 687 command[1] = LUNBITS; 688 689 result = sddr09_send_scsi_command(us, command, 12); 690 if (result) 691 return result; 692 693 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 694 data, 64, NULL); 695 *status = data[0]; 696 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 697 } 698 699 static int 700 sddr09_read_data(struct us_data *us, 701 unsigned long address, 702 unsigned int sectors) { 703 704 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 705 unsigned char *buffer; 706 unsigned int lba, maxlba, pba; 707 unsigned int page, pages; 708 unsigned int len, index, offset; 709 int result; 710 711 // Figure out the initial LBA and page 712 lba = address >> info->blockshift; 713 page = (address & info->blockmask); 714 maxlba = info->capacity >> (info->pageshift + info->blockshift); 715 if (lba >= maxlba) 716 return -EIO; 717 718 // Since we only read in one block at a time, we have to create 719 // a bounce buffer and move the data a piece at a time between the 720 // bounce buffer and the actual transfer buffer. 721 722 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 723 buffer = kmalloc(len, GFP_NOIO); 724 if (buffer == NULL) { 725 printk("sddr09_read_data: Out of memory\n"); 726 return -ENOMEM; 727 } 728 729 // This could be made much more efficient by checking for 730 // contiguous LBA's. Another exercise left to the student. 731 732 result = 0; 733 index = offset = 0; 734 735 while (sectors > 0) { 736 737 /* Find number of pages we can read in this block */ 738 pages = min(sectors, info->blocksize - page); 739 len = pages << info->pageshift; 740 741 /* Not overflowing capacity? */ 742 if (lba >= maxlba) { 743 US_DEBUGP("Error: Requested lba %u exceeds " 744 "maximum %u\n", lba, maxlba); 745 result = -EIO; 746 break; 747 } 748 749 /* Find where this lba lives on disk */ 750 pba = info->lba_to_pba[lba]; 751 752 if (pba == UNDEF) { /* this lba was never written */ 753 754 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 755 pages, lba, page); 756 757 /* This is not really an error. It just means 758 that the block has never been written. 759 Instead of returning an error 760 it is better to return all zero data. */ 761 762 memset(buffer, 0, len); 763 764 } else { 765 US_DEBUGP("Read %d pages, from PBA %d" 766 " (LBA %d) page %d\n", 767 pages, pba, lba, page); 768 769 address = ((pba << info->blockshift) + page) << 770 info->pageshift; 771 772 result = sddr09_read20(us, address>>1, 773 pages, info->pageshift, buffer, 0); 774 if (result) 775 break; 776 } 777 778 // Store the data in the transfer buffer 779 usb_stor_access_xfer_buf(buffer, len, us->srb, 780 &index, &offset, TO_XFER_BUF); 781 782 page = 0; 783 lba++; 784 sectors -= pages; 785 } 786 787 kfree(buffer); 788 return result; 789 } 790 791 static unsigned int 792 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 793 static unsigned int lastpba = 1; 794 int zonestart, end, i; 795 796 zonestart = (lba/1000) << 10; 797 end = info->capacity >> (info->blockshift + info->pageshift); 798 end -= zonestart; 799 if (end > 1024) 800 end = 1024; 801 802 for (i = lastpba+1; i < end; i++) { 803 if (info->pba_to_lba[zonestart+i] == UNDEF) { 804 lastpba = i; 805 return zonestart+i; 806 } 807 } 808 for (i = 0; i <= lastpba; i++) { 809 if (info->pba_to_lba[zonestart+i] == UNDEF) { 810 lastpba = i; 811 return zonestart+i; 812 } 813 } 814 return 0; 815 } 816 817 static int 818 sddr09_write_lba(struct us_data *us, unsigned int lba, 819 unsigned int page, unsigned int pages, 820 unsigned char *ptr, unsigned char *blockbuffer) { 821 822 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 823 unsigned long address; 824 unsigned int pba, lbap; 825 unsigned int pagelen; 826 unsigned char *bptr, *cptr, *xptr; 827 unsigned char ecc[3]; 828 int i, result, isnew; 829 830 lbap = ((lba % 1000) << 1) | 0x1000; 831 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 832 lbap ^= 1; 833 pba = info->lba_to_pba[lba]; 834 isnew = 0; 835 836 if (pba == UNDEF) { 837 pba = sddr09_find_unused_pba(info, lba); 838 if (!pba) { 839 printk("sddr09_write_lba: Out of unused blocks\n"); 840 return -ENOSPC; 841 } 842 info->pba_to_lba[pba] = lba; 843 info->lba_to_pba[lba] = pba; 844 isnew = 1; 845 } 846 847 if (pba == 1) { 848 /* Maybe it is impossible to write to PBA 1. 849 Fake success, but don't do anything. */ 850 printk("sddr09: avoid writing to pba 1\n"); 851 return 0; 852 } 853 854 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 855 856 /* read old contents */ 857 address = (pba << (info->pageshift + info->blockshift)); 858 result = sddr09_read22(us, address>>1, info->blocksize, 859 info->pageshift, blockbuffer, 0); 860 if (result) 861 return result; 862 863 /* check old contents and fill lba */ 864 for (i = 0; i < info->blocksize; i++) { 865 bptr = blockbuffer + i*pagelen; 866 cptr = bptr + info->pagesize; 867 nand_compute_ecc(bptr, ecc); 868 if (!nand_compare_ecc(cptr+13, ecc)) { 869 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 870 i, pba); 871 nand_store_ecc(cptr+13, ecc); 872 } 873 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 874 if (!nand_compare_ecc(cptr+8, ecc)) { 875 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 876 i, pba); 877 nand_store_ecc(cptr+8, ecc); 878 } 879 cptr[6] = cptr[11] = MSB_of(lbap); 880 cptr[7] = cptr[12] = LSB_of(lbap); 881 } 882 883 /* copy in new stuff and compute ECC */ 884 xptr = ptr; 885 for (i = page; i < page+pages; i++) { 886 bptr = blockbuffer + i*pagelen; 887 cptr = bptr + info->pagesize; 888 memcpy(bptr, xptr, info->pagesize); 889 xptr += info->pagesize; 890 nand_compute_ecc(bptr, ecc); 891 nand_store_ecc(cptr+13, ecc); 892 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 893 nand_store_ecc(cptr+8, ecc); 894 } 895 896 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 897 898 result = sddr09_write_inplace(us, address>>1, info->blocksize, 899 info->pageshift, blockbuffer, 0); 900 901 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 902 903 #if 0 904 { 905 unsigned char status = 0; 906 int result2 = sddr09_read_status(us, &status); 907 if (result2) 908 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 909 else if (status != 0xc0) 910 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 911 status); 912 } 913 #endif 914 915 #if 0 916 { 917 int result2 = sddr09_test_unit_ready(us); 918 } 919 #endif 920 921 return result; 922 } 923 924 static int 925 sddr09_write_data(struct us_data *us, 926 unsigned long address, 927 unsigned int sectors) { 928 929 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 930 unsigned int lba, maxlba, page, pages; 931 unsigned int pagelen, blocklen; 932 unsigned char *blockbuffer; 933 unsigned char *buffer; 934 unsigned int len, index, offset; 935 int result; 936 937 // Figure out the initial LBA and page 938 lba = address >> info->blockshift; 939 page = (address & info->blockmask); 940 maxlba = info->capacity >> (info->pageshift + info->blockshift); 941 if (lba >= maxlba) 942 return -EIO; 943 944 // blockbuffer is used for reading in the old data, overwriting 945 // with the new data, and performing ECC calculations 946 947 /* TODO: instead of doing kmalloc/kfree for each write, 948 add a bufferpointer to the info structure */ 949 950 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 951 blocklen = (pagelen << info->blockshift); 952 blockbuffer = kmalloc(blocklen, GFP_NOIO); 953 if (!blockbuffer) { 954 printk("sddr09_write_data: Out of memory\n"); 955 return -ENOMEM; 956 } 957 958 // Since we don't write the user data directly to the device, 959 // we have to create a bounce buffer and move the data a piece 960 // at a time between the bounce buffer and the actual transfer buffer. 961 962 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 963 buffer = kmalloc(len, GFP_NOIO); 964 if (buffer == NULL) { 965 printk("sddr09_write_data: Out of memory\n"); 966 kfree(blockbuffer); 967 return -ENOMEM; 968 } 969 970 result = 0; 971 index = offset = 0; 972 973 while (sectors > 0) { 974 975 // Write as many sectors as possible in this block 976 977 pages = min(sectors, info->blocksize - page); 978 len = (pages << info->pageshift); 979 980 /* Not overflowing capacity? */ 981 if (lba >= maxlba) { 982 US_DEBUGP("Error: Requested lba %u exceeds " 983 "maximum %u\n", lba, maxlba); 984 result = -EIO; 985 break; 986 } 987 988 // Get the data from the transfer buffer 989 usb_stor_access_xfer_buf(buffer, len, us->srb, 990 &index, &offset, FROM_XFER_BUF); 991 992 result = sddr09_write_lba(us, lba, page, pages, 993 buffer, blockbuffer); 994 if (result) 995 break; 996 997 page = 0; 998 lba++; 999 sectors -= pages; 1000 } 1001 1002 kfree(buffer); 1003 kfree(blockbuffer); 1004 1005 return result; 1006 } 1007 1008 static int 1009 sddr09_read_control(struct us_data *us, 1010 unsigned long address, 1011 unsigned int blocks, 1012 unsigned char *content, 1013 int use_sg) { 1014 1015 US_DEBUGP("Read control address %lu, blocks %d\n", 1016 address, blocks); 1017 1018 return sddr09_read21(us, address, blocks, 1019 CONTROL_SHIFT, content, use_sg); 1020 } 1021 1022 /* 1023 * Read Device ID Command: 12 bytes. 1024 * byte 0: opcode: ED 1025 * 1026 * Returns 2 bytes: Manufacturer ID and Device ID. 1027 * On more recent cards 3 bytes: the third byte is an option code A5 1028 * signifying that the secret command to read an 128-bit ID is available. 1029 * On still more recent cards 4 bytes: the fourth byte C0 means that 1030 * a second read ID cmd is available. 1031 */ 1032 static int 1033 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1034 unsigned char *command = us->iobuf; 1035 unsigned char *content = us->iobuf; 1036 int result, i; 1037 1038 memset(command, 0, 12); 1039 command[0] = 0xED; 1040 command[1] = LUNBITS; 1041 1042 result = sddr09_send_scsi_command(us, command, 12); 1043 if (result) 1044 return result; 1045 1046 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1047 content, 64, NULL); 1048 1049 for (i = 0; i < 4; i++) 1050 deviceID[i] = content[i]; 1051 1052 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1053 } 1054 1055 static int 1056 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1057 int result; 1058 unsigned char status; 1059 1060 result = sddr09_read_status(us, &status); 1061 if (result) { 1062 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1063 return result; 1064 } 1065 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1066 if ((status & 0x80) == 0) { 1067 info->flags |= SDDR09_WP; /* write protected */ 1068 US_DEBUGP(" WP"); 1069 } 1070 if (status & 0x40) 1071 US_DEBUGP(" Ready"); 1072 if (status & LUNBITS) 1073 US_DEBUGP(" Suspended"); 1074 if (status & 0x1) 1075 US_DEBUGP(" Error"); 1076 US_DEBUGP("\n"); 1077 return 0; 1078 } 1079 1080 #if 0 1081 /* 1082 * Reset Command: 12 bytes. 1083 * byte 0: opcode: EB 1084 */ 1085 static int 1086 sddr09_reset(struct us_data *us) { 1087 1088 unsigned char *command = us->iobuf; 1089 1090 memset(command, 0, 12); 1091 command[0] = 0xEB; 1092 command[1] = LUNBITS; 1093 1094 return sddr09_send_scsi_command(us, command, 12); 1095 } 1096 #endif 1097 1098 static struct nand_flash_dev * 1099 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1100 struct nand_flash_dev *cardinfo; 1101 unsigned char deviceID[4]; 1102 char blurbtxt[256]; 1103 int result; 1104 1105 US_DEBUGP("Reading capacity...\n"); 1106 1107 result = sddr09_read_deviceID(us, deviceID); 1108 1109 if (result) { 1110 US_DEBUGP("Result of read_deviceID is %d\n", result); 1111 printk("sddr09: could not read card info\n"); 1112 return NULL; 1113 } 1114 1115 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1116 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1117 1118 /* Byte 0 is the manufacturer */ 1119 sprintf(blurbtxt + strlen(blurbtxt), 1120 ": Manuf. %s", 1121 nand_flash_manufacturer(deviceID[0])); 1122 1123 /* Byte 1 is the device type */ 1124 cardinfo = nand_find_id(deviceID[1]); 1125 if (cardinfo) { 1126 /* MB or MiB? It is neither. A 16 MB card has 1127 17301504 raw bytes, of which 16384000 are 1128 usable for user data. */ 1129 sprintf(blurbtxt + strlen(blurbtxt), 1130 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1131 } else { 1132 sprintf(blurbtxt + strlen(blurbtxt), 1133 ", type unrecognized"); 1134 } 1135 1136 /* Byte 2 is code to signal availability of 128-bit ID */ 1137 if (deviceID[2] == 0xa5) { 1138 sprintf(blurbtxt + strlen(blurbtxt), 1139 ", 128-bit ID"); 1140 } 1141 1142 /* Byte 3 announces the availability of another read ID command */ 1143 if (deviceID[3] == 0xc0) { 1144 sprintf(blurbtxt + strlen(blurbtxt), 1145 ", extra cmd"); 1146 } 1147 1148 if (flags & SDDR09_WP) 1149 sprintf(blurbtxt + strlen(blurbtxt), 1150 ", WP"); 1151 1152 printk("%s\n", blurbtxt); 1153 1154 return cardinfo; 1155 } 1156 1157 static int 1158 sddr09_read_map(struct us_data *us) { 1159 1160 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1161 int numblocks, alloc_len, alloc_blocks; 1162 int i, j, result; 1163 unsigned char *buffer, *buffer_end, *ptr; 1164 unsigned int lba, lbact; 1165 1166 if (!info->capacity) 1167 return -1; 1168 1169 // size of a block is 1 << (blockshift + pageshift) bytes 1170 // divide into the total capacity to get the number of blocks 1171 1172 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1173 1174 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1175 // but only use a 64 KB buffer 1176 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1177 #define SDDR09_READ_MAP_BUFSZ 65536 1178 1179 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1180 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1181 buffer = kmalloc(alloc_len, GFP_NOIO); 1182 if (buffer == NULL) { 1183 printk("sddr09_read_map: out of memory\n"); 1184 result = -1; 1185 goto done; 1186 } 1187 buffer_end = buffer + alloc_len; 1188 1189 #undef SDDR09_READ_MAP_BUFSZ 1190 1191 kfree(info->lba_to_pba); 1192 kfree(info->pba_to_lba); 1193 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1194 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1195 1196 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1197 printk("sddr09_read_map: out of memory\n"); 1198 result = -1; 1199 goto done; 1200 } 1201 1202 for (i = 0; i < numblocks; i++) 1203 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1204 1205 /* 1206 * Define lba-pba translation table 1207 */ 1208 1209 ptr = buffer_end; 1210 for (i = 0; i < numblocks; i++) { 1211 ptr += (1 << CONTROL_SHIFT); 1212 if (ptr >= buffer_end) { 1213 unsigned long address; 1214 1215 address = i << (info->pageshift + info->blockshift); 1216 result = sddr09_read_control( 1217 us, address>>1, 1218 min(alloc_blocks, numblocks - i), 1219 buffer, 0); 1220 if (result) { 1221 result = -1; 1222 goto done; 1223 } 1224 ptr = buffer; 1225 } 1226 1227 if (i == 0 || i == 1) { 1228 info->pba_to_lba[i] = UNUSABLE; 1229 continue; 1230 } 1231 1232 /* special PBAs have control field 0^16 */ 1233 for (j = 0; j < 16; j++) 1234 if (ptr[j] != 0) 1235 goto nonz; 1236 info->pba_to_lba[i] = UNUSABLE; 1237 printk("sddr09: PBA %d has no logical mapping\n", i); 1238 continue; 1239 1240 nonz: 1241 /* unwritten PBAs have control field FF^16 */ 1242 for (j = 0; j < 16; j++) 1243 if (ptr[j] != 0xff) 1244 goto nonff; 1245 continue; 1246 1247 nonff: 1248 /* normal PBAs start with six FFs */ 1249 if (j < 6) { 1250 printk("sddr09: PBA %d has no logical mapping: " 1251 "reserved area = %02X%02X%02X%02X " 1252 "data status %02X block status %02X\n", 1253 i, ptr[0], ptr[1], ptr[2], ptr[3], 1254 ptr[4], ptr[5]); 1255 info->pba_to_lba[i] = UNUSABLE; 1256 continue; 1257 } 1258 1259 if ((ptr[6] >> 4) != 0x01) { 1260 printk("sddr09: PBA %d has invalid address field " 1261 "%02X%02X/%02X%02X\n", 1262 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1263 info->pba_to_lba[i] = UNUSABLE; 1264 continue; 1265 } 1266 1267 /* check even parity */ 1268 if (parity[ptr[6] ^ ptr[7]]) { 1269 printk("sddr09: Bad parity in LBA for block %d" 1270 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1271 info->pba_to_lba[i] = UNUSABLE; 1272 continue; 1273 } 1274 1275 lba = short_pack(ptr[7], ptr[6]); 1276 lba = (lba & 0x07FF) >> 1; 1277 1278 /* 1279 * Every 1024 physical blocks ("zone"), the LBA numbers 1280 * go back to zero, but are within a higher block of LBA's. 1281 * Also, there is a maximum of 1000 LBA's per zone. 1282 * In other words, in PBA 1024-2047 you will find LBA 0-999 1283 * which are really LBA 1000-1999. This allows for 24 bad 1284 * or special physical blocks per zone. 1285 */ 1286 1287 if (lba >= 1000) { 1288 printk("sddr09: Bad low LBA %d for block %d\n", 1289 lba, i); 1290 goto possibly_erase; 1291 } 1292 1293 lba += 1000*(i/0x400); 1294 1295 if (info->lba_to_pba[lba] != UNDEF) { 1296 printk("sddr09: LBA %d seen for PBA %d and %d\n", 1297 lba, info->lba_to_pba[lba], i); 1298 goto possibly_erase; 1299 } 1300 1301 info->pba_to_lba[i] = lba; 1302 info->lba_to_pba[lba] = i; 1303 continue; 1304 1305 possibly_erase: 1306 if (erase_bad_lba_entries) { 1307 unsigned long address; 1308 1309 address = (i << (info->pageshift + info->blockshift)); 1310 sddr09_erase(us, address>>1); 1311 info->pba_to_lba[i] = UNDEF; 1312 } else 1313 info->pba_to_lba[i] = UNUSABLE; 1314 } 1315 1316 /* 1317 * Approximate capacity. This is not entirely correct yet, 1318 * since a zone with less than 1000 usable pages leads to 1319 * missing LBAs. Especially if it is the last zone, some 1320 * LBAs can be past capacity. 1321 */ 1322 lbact = 0; 1323 for (i = 0; i < numblocks; i += 1024) { 1324 int ct = 0; 1325 1326 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1327 if (info->pba_to_lba[i+j] != UNUSABLE) { 1328 if (ct >= 1000) 1329 info->pba_to_lba[i+j] = SPARE; 1330 else 1331 ct++; 1332 } 1333 } 1334 lbact += ct; 1335 } 1336 info->lbact = lbact; 1337 US_DEBUGP("Found %d LBA's\n", lbact); 1338 result = 0; 1339 1340 done: 1341 if (result != 0) { 1342 kfree(info->lba_to_pba); 1343 kfree(info->pba_to_lba); 1344 info->lba_to_pba = NULL; 1345 info->pba_to_lba = NULL; 1346 } 1347 kfree(buffer); 1348 return result; 1349 } 1350 1351 static void 1352 sddr09_card_info_destructor(void *extra) { 1353 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1354 1355 if (!info) 1356 return; 1357 1358 kfree(info->lba_to_pba); 1359 kfree(info->pba_to_lba); 1360 } 1361 1362 static int 1363 sddr09_common_init(struct us_data *us) { 1364 int result; 1365 1366 /* set the configuration -- STALL is an acceptable response here */ 1367 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1368 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1369 ->actconfig->desc.bConfigurationValue); 1370 return -EINVAL; 1371 } 1372 1373 result = usb_reset_configuration(us->pusb_dev); 1374 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1375 if (result == -EPIPE) { 1376 US_DEBUGP("-- stall on control interface\n"); 1377 } else if (result != 0) { 1378 /* it's not a stall, but another error -- time to bail */ 1379 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1380 return -EINVAL; 1381 } 1382 1383 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1384 if (!us->extra) 1385 return -ENOMEM; 1386 us->extra_destructor = sddr09_card_info_destructor; 1387 1388 nand_init_ecc(); 1389 return 0; 1390 } 1391 1392 1393 /* 1394 * This is needed at a very early stage. If this is not listed in the 1395 * unusual devices list but called from here then LUN 0 of the combo reader 1396 * is not recognized. But I do not know what precisely these calls do. 1397 */ 1398 int 1399 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1400 int result; 1401 unsigned char *data = us->iobuf; 1402 1403 result = sddr09_common_init(us); 1404 if (result) 1405 return result; 1406 1407 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1408 if (result) { 1409 US_DEBUGP("sddr09_init: send_command fails\n"); 1410 return result; 1411 } 1412 1413 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1414 // get 07 02 1415 1416 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1417 if (result) { 1418 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1419 return result; 1420 } 1421 1422 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1423 // get 07 00 1424 1425 result = sddr09_request_sense(us, data, 18); 1426 if (result == 0 && data[2] != 0) { 1427 int j; 1428 for (j=0; j<18; j++) 1429 printk(" %02X", data[j]); 1430 printk("\n"); 1431 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1432 // 70: current command 1433 // sense key 0, sense code 0, extd sense code 0 1434 // additional transfer length * = sizeof(data) - 7 1435 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1436 // sense key 06, sense code 28: unit attention, 1437 // not ready to ready transition 1438 } 1439 1440 // test unit ready 1441 1442 return 0; /* not result */ 1443 } 1444 1445 /* 1446 * Transport for the Sandisk SDDR-09 1447 */ 1448 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1449 { 1450 static unsigned char sensekey = 0, sensecode = 0; 1451 static unsigned char havefakesense = 0; 1452 int result, i; 1453 unsigned char *ptr = us->iobuf; 1454 unsigned long capacity; 1455 unsigned int page, pages; 1456 1457 struct sddr09_card_info *info; 1458 1459 static unsigned char inquiry_response[8] = { 1460 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1461 }; 1462 1463 /* note: no block descriptor support */ 1464 static unsigned char mode_page_01[19] = { 1465 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1466 0x01, 0x0A, 1467 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1468 }; 1469 1470 info = (struct sddr09_card_info *)us->extra; 1471 1472 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1473 /* for a faked command, we have to follow with a faked sense */ 1474 memset(ptr, 0, 18); 1475 ptr[0] = 0x70; 1476 ptr[2] = sensekey; 1477 ptr[7] = 11; 1478 ptr[12] = sensecode; 1479 usb_stor_set_xfer_buf(ptr, 18, srb); 1480 sensekey = sensecode = havefakesense = 0; 1481 return USB_STOR_TRANSPORT_GOOD; 1482 } 1483 1484 havefakesense = 1; 1485 1486 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1487 respond to INQUIRY commands */ 1488 1489 if (srb->cmnd[0] == INQUIRY) { 1490 memcpy(ptr, inquiry_response, 8); 1491 fill_inquiry_response(us, ptr, 36); 1492 return USB_STOR_TRANSPORT_GOOD; 1493 } 1494 1495 if (srb->cmnd[0] == READ_CAPACITY) { 1496 struct nand_flash_dev *cardinfo; 1497 1498 sddr09_get_wp(us, info); /* read WP bit */ 1499 1500 cardinfo = sddr09_get_cardinfo(us, info->flags); 1501 if (!cardinfo) { 1502 /* probably no media */ 1503 init_error: 1504 sensekey = 0x02; /* not ready */ 1505 sensecode = 0x3a; /* medium not present */ 1506 return USB_STOR_TRANSPORT_FAILED; 1507 } 1508 1509 info->capacity = (1 << cardinfo->chipshift); 1510 info->pageshift = cardinfo->pageshift; 1511 info->pagesize = (1 << info->pageshift); 1512 info->blockshift = cardinfo->blockshift; 1513 info->blocksize = (1 << info->blockshift); 1514 info->blockmask = info->blocksize - 1; 1515 1516 // map initialization, must follow get_cardinfo() 1517 if (sddr09_read_map(us)) { 1518 /* probably out of memory */ 1519 goto init_error; 1520 } 1521 1522 // Report capacity 1523 1524 capacity = (info->lbact << info->blockshift) - 1; 1525 1526 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1527 1528 // Report page size 1529 1530 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1531 usb_stor_set_xfer_buf(ptr, 8, srb); 1532 1533 return USB_STOR_TRANSPORT_GOOD; 1534 } 1535 1536 if (srb->cmnd[0] == MODE_SENSE_10) { 1537 int modepage = (srb->cmnd[2] & 0x3F); 1538 1539 /* They ask for the Read/Write error recovery page, 1540 or for all pages. */ 1541 /* %% We should check DBD %% */ 1542 if (modepage == 0x01 || modepage == 0x3F) { 1543 US_DEBUGP("SDDR09: Dummy up request for " 1544 "mode page 0x%x\n", modepage); 1545 1546 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1547 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1548 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1549 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1550 return USB_STOR_TRANSPORT_GOOD; 1551 } 1552 1553 sensekey = 0x05; /* illegal request */ 1554 sensecode = 0x24; /* invalid field in CDB */ 1555 return USB_STOR_TRANSPORT_FAILED; 1556 } 1557 1558 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1559 return USB_STOR_TRANSPORT_GOOD; 1560 1561 havefakesense = 0; 1562 1563 if (srb->cmnd[0] == READ_10) { 1564 1565 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1566 page <<= 16; 1567 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1568 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1569 1570 US_DEBUGP("READ_10: read page %d pagect %d\n", 1571 page, pages); 1572 1573 result = sddr09_read_data(us, page, pages); 1574 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1575 USB_STOR_TRANSPORT_ERROR); 1576 } 1577 1578 if (srb->cmnd[0] == WRITE_10) { 1579 1580 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1581 page <<= 16; 1582 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1583 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1584 1585 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1586 page, pages); 1587 1588 result = sddr09_write_data(us, page, pages); 1589 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1590 USB_STOR_TRANSPORT_ERROR); 1591 } 1592 1593 /* catch-all for all other commands, except 1594 * pass TEST_UNIT_READY and REQUEST_SENSE through 1595 */ 1596 if (srb->cmnd[0] != TEST_UNIT_READY && 1597 srb->cmnd[0] != REQUEST_SENSE) { 1598 sensekey = 0x05; /* illegal request */ 1599 sensecode = 0x20; /* invalid command */ 1600 havefakesense = 1; 1601 return USB_STOR_TRANSPORT_FAILED; 1602 } 1603 1604 for (; srb->cmd_len<12; srb->cmd_len++) 1605 srb->cmnd[srb->cmd_len] = 0; 1606 1607 srb->cmnd[1] = LUNBITS; 1608 1609 ptr[0] = 0; 1610 for (i=0; i<12; i++) 1611 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1612 1613 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1614 1615 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1616 if (result) { 1617 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1618 "returns %d\n", result); 1619 return USB_STOR_TRANSPORT_ERROR; 1620 } 1621 1622 if (srb->request_bufflen == 0) 1623 return USB_STOR_TRANSPORT_GOOD; 1624 1625 if (srb->sc_data_direction == DMA_TO_DEVICE || 1626 srb->sc_data_direction == DMA_FROM_DEVICE) { 1627 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1628 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1629 1630 US_DEBUGP("SDDR09: %s %d bytes\n", 1631 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1632 "sending" : "receiving", 1633 srb->request_bufflen); 1634 1635 result = usb_stor_bulk_transfer_sg(us, pipe, 1636 srb->request_buffer, 1637 srb->request_bufflen, 1638 srb->use_sg, &srb->resid); 1639 1640 return (result == USB_STOR_XFER_GOOD ? 1641 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1642 } 1643 1644 return USB_STOR_TRANSPORT_GOOD; 1645 } 1646 1647 /* 1648 * Initialization routine for the sddr09 subdriver 1649 */ 1650 int 1651 usb_stor_sddr09_init(struct us_data *us) { 1652 return sddr09_common_init(us); 1653 } 1654