xref: /linux/drivers/usb/storage/sddr09.c (revision b85d45947951d23cb22d90caecf4c1eb81342c96)
1 /* Driver for SanDisk SDDR-09 SmartMedia reader
2  *
3  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
4  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
5  * Developed with the assistance of:
6  *   (c) 2002 Alan Stern <stern@rowland.org>
7  *
8  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
9  * This chip is a programmable USB controller. In the SDDR-09, it has
10  * been programmed to obey a certain limited set of SCSI commands.
11  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
12  * commands.
13  *
14  * This program is free software; you can redistribute it and/or modify it
15  * under the terms of the GNU General Public License as published by the
16  * Free Software Foundation; either version 2, or (at your option) any
17  * later version.
18  *
19  * This program is distributed in the hope that it will be useful, but
20  * WITHOUT ANY WARRANTY; without even the implied warranty of
21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22  * General Public License for more details.
23  *
24  * You should have received a copy of the GNU General Public License along
25  * with this program; if not, write to the Free Software Foundation, Inc.,
26  * 675 Mass Ave, Cambridge, MA 02139, USA.
27  */
28 
29 /*
30  * Known vendor commands: 12 bytes, first byte is opcode
31  *
32  * E7: read scatter gather
33  * E8: read
34  * E9: write
35  * EA: erase
36  * EB: reset
37  * EC: read status
38  * ED: read ID
39  * EE: write CIS (?)
40  * EF: compute checksum (?)
41  */
42 
43 #include <linux/errno.h>
44 #include <linux/module.h>
45 #include <linux/slab.h>
46 
47 #include <scsi/scsi.h>
48 #include <scsi/scsi_cmnd.h>
49 #include <scsi/scsi_device.h>
50 
51 #include "usb.h"
52 #include "transport.h"
53 #include "protocol.h"
54 #include "debug.h"
55 #include "scsiglue.h"
56 
57 #define DRV_NAME "ums-sddr09"
58 
59 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
60 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
61 MODULE_LICENSE("GPL");
62 
63 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
64 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
65 static int usb_stor_sddr09_init(struct us_data *us);
66 
67 
68 /*
69  * The table of devices
70  */
71 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
72 		    vendorName, productName, useProtocol, useTransport, \
73 		    initFunction, flags) \
74 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
75   .driver_info = (flags) }
76 
77 static struct usb_device_id sddr09_usb_ids[] = {
78 #	include "unusual_sddr09.h"
79 	{ }		/* Terminating entry */
80 };
81 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
82 
83 #undef UNUSUAL_DEV
84 
85 /*
86  * The flags table
87  */
88 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
89 		    vendor_name, product_name, use_protocol, use_transport, \
90 		    init_function, Flags) \
91 { \
92 	.vendorName = vendor_name,	\
93 	.productName = product_name,	\
94 	.useProtocol = use_protocol,	\
95 	.useTransport = use_transport,	\
96 	.initFunction = init_function,	\
97 }
98 
99 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
100 #	include "unusual_sddr09.h"
101 	{ }		/* Terminating entry */
102 };
103 
104 #undef UNUSUAL_DEV
105 
106 
107 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
108 #define LSB_of(s) ((s)&0xFF)
109 #define MSB_of(s) ((s)>>8)
110 
111 /*
112  * First some stuff that does not belong here:
113  * data on SmartMedia and other cards, completely
114  * unrelated to this driver.
115  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
116  */
117 
118 struct nand_flash_dev {
119 	int model_id;
120 	int chipshift;		/* 1<<cs bytes total capacity */
121 	char pageshift;		/* 1<<ps bytes in a page */
122 	char blockshift;	/* 1<<bs pages in an erase block */
123 	char zoneshift;		/* 1<<zs blocks in a zone */
124 				/* # of logical blocks is 125/128 of this */
125 	char pageadrlen;	/* length of an address in bytes - 1 */
126 };
127 
128 /*
129  * NAND Flash Manufacturer ID Codes
130  */
131 #define NAND_MFR_AMD		0x01
132 #define NAND_MFR_NATSEMI	0x8f
133 #define NAND_MFR_TOSHIBA	0x98
134 #define NAND_MFR_SAMSUNG	0xec
135 
136 static inline char *nand_flash_manufacturer(int manuf_id) {
137 	switch(manuf_id) {
138 	case NAND_MFR_AMD:
139 		return "AMD";
140 	case NAND_MFR_NATSEMI:
141 		return "NATSEMI";
142 	case NAND_MFR_TOSHIBA:
143 		return "Toshiba";
144 	case NAND_MFR_SAMSUNG:
145 		return "Samsung";
146 	default:
147 		return "unknown";
148 	}
149 }
150 
151 /*
152  * It looks like it is unnecessary to attach manufacturer to the
153  * remaining data: SSFDC prescribes manufacturer-independent id codes.
154  *
155  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
156  */
157 
158 static struct nand_flash_dev nand_flash_ids[] = {
159 	/* NAND flash */
160 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
161 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
162 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
163 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
164 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
165 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
166 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
167 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
168 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
169 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
170 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
171 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
172 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
173 
174 	/* MASK ROM */
175 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
176 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
177 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
178 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
179 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
180 	{ 0,}
181 };
182 
183 static struct nand_flash_dev *
184 nand_find_id(unsigned char id) {
185 	int i;
186 
187 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
188 		if (nand_flash_ids[i].model_id == id)
189 			return &(nand_flash_ids[i]);
190 	return NULL;
191 }
192 
193 /*
194  * ECC computation.
195  */
196 static unsigned char parity[256];
197 static unsigned char ecc2[256];
198 
199 static void nand_init_ecc(void) {
200 	int i, j, a;
201 
202 	parity[0] = 0;
203 	for (i = 1; i < 256; i++)
204 		parity[i] = (parity[i&(i-1)] ^ 1);
205 
206 	for (i = 0; i < 256; i++) {
207 		a = 0;
208 		for (j = 0; j < 8; j++) {
209 			if (i & (1<<j)) {
210 				if ((j & 1) == 0)
211 					a ^= 0x04;
212 				if ((j & 2) == 0)
213 					a ^= 0x10;
214 				if ((j & 4) == 0)
215 					a ^= 0x40;
216 			}
217 		}
218 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
219 	}
220 }
221 
222 /* compute 3-byte ecc on 256 bytes */
223 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
224 	int i, j, a;
225 	unsigned char par = 0, bit, bits[8] = {0};
226 
227 	/* collect 16 checksum bits */
228 	for (i = 0; i < 256; i++) {
229 		par ^= data[i];
230 		bit = parity[data[i]];
231 		for (j = 0; j < 8; j++)
232 			if ((i & (1<<j)) == 0)
233 				bits[j] ^= bit;
234 	}
235 
236 	/* put 4+4+4 = 12 bits in the ecc */
237 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
238 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
239 
240 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
241 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
242 
243 	ecc[2] = ecc2[par];
244 }
245 
246 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
247 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
248 }
249 
250 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
251 	memcpy(data, ecc, 3);
252 }
253 
254 /*
255  * The actual driver starts here.
256  */
257 
258 struct sddr09_card_info {
259 	unsigned long	capacity;	/* Size of card in bytes */
260 	int		pagesize;	/* Size of page in bytes */
261 	int		pageshift;	/* log2 of pagesize */
262 	int		blocksize;	/* Size of block in pages */
263 	int		blockshift;	/* log2 of blocksize */
264 	int		blockmask;	/* 2^blockshift - 1 */
265 	int		*lba_to_pba;	/* logical to physical map */
266 	int		*pba_to_lba;	/* physical to logical map */
267 	int		lbact;		/* number of available pages */
268 	int		flags;
269 #define	SDDR09_WP	1		/* write protected */
270 };
271 
272 /*
273  * On my 16MB card, control blocks have size 64 (16 real control bytes,
274  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
275  * so the reader makes up the remaining 48. Don't know whether these numbers
276  * depend on the card. For now a constant.
277  */
278 #define CONTROL_SHIFT 6
279 
280 /*
281  * On my Combo CF/SM reader, the SM reader has LUN 1.
282  * (and things fail with LUN 0).
283  * It seems LUN is irrelevant for others.
284  */
285 #define LUN	1
286 #define	LUNBITS	(LUN << 5)
287 
288 /*
289  * LBA and PBA are unsigned ints. Special values.
290  */
291 #define UNDEF    0xffffffff
292 #define SPARE    0xfffffffe
293 #define UNUSABLE 0xfffffffd
294 
295 static const int erase_bad_lba_entries = 0;
296 
297 /* send vendor interface command (0x41) */
298 /* called for requests 0, 1, 8 */
299 static int
300 sddr09_send_command(struct us_data *us,
301 		    unsigned char request,
302 		    unsigned char direction,
303 		    unsigned char *xfer_data,
304 		    unsigned int xfer_len) {
305 	unsigned int pipe;
306 	unsigned char requesttype = (0x41 | direction);
307 	int rc;
308 
309 	// Get the receive or send control pipe number
310 
311 	if (direction == USB_DIR_IN)
312 		pipe = us->recv_ctrl_pipe;
313 	else
314 		pipe = us->send_ctrl_pipe;
315 
316 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
317 				   0, 0, xfer_data, xfer_len);
318 	switch (rc) {
319 		case USB_STOR_XFER_GOOD:	return 0;
320 		case USB_STOR_XFER_STALLED:	return -EPIPE;
321 		default:			return -EIO;
322 	}
323 }
324 
325 static int
326 sddr09_send_scsi_command(struct us_data *us,
327 			 unsigned char *command,
328 			 unsigned int command_len) {
329 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
330 }
331 
332 #if 0
333 /*
334  * Test Unit Ready Command: 12 bytes.
335  * byte 0: opcode: 00
336  */
337 static int
338 sddr09_test_unit_ready(struct us_data *us) {
339 	unsigned char *command = us->iobuf;
340 	int result;
341 
342 	memset(command, 0, 6);
343 	command[1] = LUNBITS;
344 
345 	result = sddr09_send_scsi_command(us, command, 6);
346 
347 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
348 
349 	return result;
350 }
351 #endif
352 
353 /*
354  * Request Sense Command: 12 bytes.
355  * byte 0: opcode: 03
356  * byte 4: data length
357  */
358 static int
359 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
360 	unsigned char *command = us->iobuf;
361 	int result;
362 
363 	memset(command, 0, 12);
364 	command[0] = 0x03;
365 	command[1] = LUNBITS;
366 	command[4] = buflen;
367 
368 	result = sddr09_send_scsi_command(us, command, 12);
369 	if (result)
370 		return result;
371 
372 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
373 			sensebuf, buflen, NULL);
374 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
375 }
376 
377 /*
378  * Read Command: 12 bytes.
379  * byte 0: opcode: E8
380  * byte 1: last two bits: 00: read data, 01: read blockwise control,
381  *			10: read both, 11: read pagewise control.
382  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
383  * bytes 2-5: address (interpretation depends on byte 1, see below)
384  * bytes 10-11: count (idem)
385  *
386  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
387  * A read data command gets data in 512-byte pages.
388  * A read control command gets control in 64-byte chunks.
389  * A read both command gets data+control in 576-byte chunks.
390  *
391  * Blocks are groups of 32 pages, and read blockwise control jumps to the
392  * next block, while read pagewise control jumps to the next page after
393  * reading a group of 64 control bytes.
394  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
395  *
396  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
397  */
398 
399 static int
400 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
401 	     int nr_of_pages, int bulklen, unsigned char *buf,
402 	     int use_sg) {
403 
404 	unsigned char *command = us->iobuf;
405 	int result;
406 
407 	command[0] = 0xE8;
408 	command[1] = LUNBITS | x;
409 	command[2] = MSB_of(fromaddress>>16);
410 	command[3] = LSB_of(fromaddress>>16);
411 	command[4] = MSB_of(fromaddress & 0xFFFF);
412 	command[5] = LSB_of(fromaddress & 0xFFFF);
413 	command[6] = 0;
414 	command[7] = 0;
415 	command[8] = 0;
416 	command[9] = 0;
417 	command[10] = MSB_of(nr_of_pages);
418 	command[11] = LSB_of(nr_of_pages);
419 
420 	result = sddr09_send_scsi_command(us, command, 12);
421 
422 	if (result) {
423 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
424 			     x, result);
425 		return result;
426 	}
427 
428 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
429 				       buf, bulklen, use_sg, NULL);
430 
431 	if (result != USB_STOR_XFER_GOOD) {
432 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
433 			     x, result);
434 		return -EIO;
435 	}
436 	return 0;
437 }
438 
439 /*
440  * Read Data
441  *
442  * fromaddress counts data shorts:
443  * increasing it by 256 shifts the bytestream by 512 bytes;
444  * the last 8 bits are ignored.
445  *
446  * nr_of_pages counts pages of size (1 << pageshift).
447  */
448 static int
449 sddr09_read20(struct us_data *us, unsigned long fromaddress,
450 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
451 	int bulklen = nr_of_pages << pageshift;
452 
453 	/* The last 8 bits of fromaddress are ignored. */
454 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
455 			    buf, use_sg);
456 }
457 
458 /*
459  * Read Blockwise Control
460  *
461  * fromaddress gives the starting position (as in read data;
462  * the last 8 bits are ignored); increasing it by 32*256 shifts
463  * the output stream by 64 bytes.
464  *
465  * count counts control groups of size (1 << controlshift).
466  * For me, controlshift = 6. Is this constant?
467  *
468  * After getting one control group, jump to the next block
469  * (fromaddress += 8192).
470  */
471 static int
472 sddr09_read21(struct us_data *us, unsigned long fromaddress,
473 	      int count, int controlshift, unsigned char *buf, int use_sg) {
474 
475 	int bulklen = (count << controlshift);
476 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
477 			    buf, use_sg);
478 }
479 
480 /*
481  * Read both Data and Control
482  *
483  * fromaddress counts data shorts, ignoring control:
484  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
485  * the last 8 bits are ignored.
486  *
487  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
488  */
489 static int
490 sddr09_read22(struct us_data *us, unsigned long fromaddress,
491 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
492 
493 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
494 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
495 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
496 			    buf, use_sg);
497 }
498 
499 #if 0
500 /*
501  * Read Pagewise Control
502  *
503  * fromaddress gives the starting position (as in read data;
504  * the last 8 bits are ignored); increasing it by 256 shifts
505  * the output stream by 64 bytes.
506  *
507  * count counts control groups of size (1 << controlshift).
508  * For me, controlshift = 6. Is this constant?
509  *
510  * After getting one control group, jump to the next page
511  * (fromaddress += 256).
512  */
513 static int
514 sddr09_read23(struct us_data *us, unsigned long fromaddress,
515 	      int count, int controlshift, unsigned char *buf, int use_sg) {
516 
517 	int bulklen = (count << controlshift);
518 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
519 			    buf, use_sg);
520 }
521 #endif
522 
523 /*
524  * Erase Command: 12 bytes.
525  * byte 0: opcode: EA
526  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
527  *
528  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
529  * The byte address being erased is 2*Eaddress.
530  * The CIS cannot be erased.
531  */
532 static int
533 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
534 	unsigned char *command = us->iobuf;
535 	int result;
536 
537 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
538 
539 	memset(command, 0, 12);
540 	command[0] = 0xEA;
541 	command[1] = LUNBITS;
542 	command[6] = MSB_of(Eaddress>>16);
543 	command[7] = LSB_of(Eaddress>>16);
544 	command[8] = MSB_of(Eaddress & 0xFFFF);
545 	command[9] = LSB_of(Eaddress & 0xFFFF);
546 
547 	result = sddr09_send_scsi_command(us, command, 12);
548 
549 	if (result)
550 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
551 			     result);
552 
553 	return result;
554 }
555 
556 /*
557  * Write CIS Command: 12 bytes.
558  * byte 0: opcode: EE
559  * bytes 2-5: write address in shorts
560  * bytes 10-11: sector count
561  *
562  * This writes at the indicated address. Don't know how it differs
563  * from E9. Maybe it does not erase? However, it will also write to
564  * the CIS.
565  *
566  * When two such commands on the same page follow each other directly,
567  * the second one is not done.
568  */
569 
570 /*
571  * Write Command: 12 bytes.
572  * byte 0: opcode: E9
573  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
574  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
575  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
576  *
577  * If write address equals erase address, the erase is done first,
578  * otherwise the write is done first. When erase address equals zero
579  * no erase is done?
580  */
581 static int
582 sddr09_writeX(struct us_data *us,
583 	      unsigned long Waddress, unsigned long Eaddress,
584 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
585 
586 	unsigned char *command = us->iobuf;
587 	int result;
588 
589 	command[0] = 0xE9;
590 	command[1] = LUNBITS;
591 
592 	command[2] = MSB_of(Waddress>>16);
593 	command[3] = LSB_of(Waddress>>16);
594 	command[4] = MSB_of(Waddress & 0xFFFF);
595 	command[5] = LSB_of(Waddress & 0xFFFF);
596 
597 	command[6] = MSB_of(Eaddress>>16);
598 	command[7] = LSB_of(Eaddress>>16);
599 	command[8] = MSB_of(Eaddress & 0xFFFF);
600 	command[9] = LSB_of(Eaddress & 0xFFFF);
601 
602 	command[10] = MSB_of(nr_of_pages);
603 	command[11] = LSB_of(nr_of_pages);
604 
605 	result = sddr09_send_scsi_command(us, command, 12);
606 
607 	if (result) {
608 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
609 			     result);
610 		return result;
611 	}
612 
613 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
614 				       buf, bulklen, use_sg, NULL);
615 
616 	if (result != USB_STOR_XFER_GOOD) {
617 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
618 			     result);
619 		return -EIO;
620 	}
621 	return 0;
622 }
623 
624 /* erase address, write same address */
625 static int
626 sddr09_write_inplace(struct us_data *us, unsigned long address,
627 		     int nr_of_pages, int pageshift, unsigned char *buf,
628 		     int use_sg) {
629 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
630 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
631 			     buf, use_sg);
632 }
633 
634 #if 0
635 /*
636  * Read Scatter Gather Command: 3+4n bytes.
637  * byte 0: opcode E7
638  * byte 2: n
639  * bytes 4i-1,4i,4i+1: page address
640  * byte 4i+2: page count
641  * (i=1..n)
642  *
643  * This reads several pages from the card to a single memory buffer.
644  * The last two bits of byte 1 have the same meaning as for E8.
645  */
646 static int
647 sddr09_read_sg_test_only(struct us_data *us) {
648 	unsigned char *command = us->iobuf;
649 	int result, bulklen, nsg, ct;
650 	unsigned char *buf;
651 	unsigned long address;
652 
653 	nsg = bulklen = 0;
654 	command[0] = 0xE7;
655 	command[1] = LUNBITS;
656 	command[2] = 0;
657 	address = 040000; ct = 1;
658 	nsg++;
659 	bulklen += (ct << 9);
660 	command[4*nsg+2] = ct;
661 	command[4*nsg+1] = ((address >> 9) & 0xFF);
662 	command[4*nsg+0] = ((address >> 17) & 0xFF);
663 	command[4*nsg-1] = ((address >> 25) & 0xFF);
664 
665 	address = 0340000; ct = 1;
666 	nsg++;
667 	bulklen += (ct << 9);
668 	command[4*nsg+2] = ct;
669 	command[4*nsg+1] = ((address >> 9) & 0xFF);
670 	command[4*nsg+0] = ((address >> 17) & 0xFF);
671 	command[4*nsg-1] = ((address >> 25) & 0xFF);
672 
673 	address = 01000000; ct = 2;
674 	nsg++;
675 	bulklen += (ct << 9);
676 	command[4*nsg+2] = ct;
677 	command[4*nsg+1] = ((address >> 9) & 0xFF);
678 	command[4*nsg+0] = ((address >> 17) & 0xFF);
679 	command[4*nsg-1] = ((address >> 25) & 0xFF);
680 
681 	command[2] = nsg;
682 
683 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
684 
685 	if (result) {
686 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
687 			     result);
688 		return result;
689 	}
690 
691 	buf = kmalloc(bulklen, GFP_NOIO);
692 	if (!buf)
693 		return -ENOMEM;
694 
695 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
696 				       buf, bulklen, NULL);
697 	kfree(buf);
698 	if (result != USB_STOR_XFER_GOOD) {
699 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
700 			     result);
701 		return -EIO;
702 	}
703 
704 	return 0;
705 }
706 #endif
707 
708 /*
709  * Read Status Command: 12 bytes.
710  * byte 0: opcode: EC
711  *
712  * Returns 64 bytes, all zero except for the first.
713  * bit 0: 1: Error
714  * bit 5: 1: Suspended
715  * bit 6: 1: Ready
716  * bit 7: 1: Not write-protected
717  */
718 
719 static int
720 sddr09_read_status(struct us_data *us, unsigned char *status) {
721 
722 	unsigned char *command = us->iobuf;
723 	unsigned char *data = us->iobuf;
724 	int result;
725 
726 	usb_stor_dbg(us, "Reading status...\n");
727 
728 	memset(command, 0, 12);
729 	command[0] = 0xEC;
730 	command[1] = LUNBITS;
731 
732 	result = sddr09_send_scsi_command(us, command, 12);
733 	if (result)
734 		return result;
735 
736 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
737 				       data, 64, NULL);
738 	*status = data[0];
739 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
740 }
741 
742 static int
743 sddr09_read_data(struct us_data *us,
744 		 unsigned long address,
745 		 unsigned int sectors) {
746 
747 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
748 	unsigned char *buffer;
749 	unsigned int lba, maxlba, pba;
750 	unsigned int page, pages;
751 	unsigned int len, offset;
752 	struct scatterlist *sg;
753 	int result;
754 
755 	// Figure out the initial LBA and page
756 	lba = address >> info->blockshift;
757 	page = (address & info->blockmask);
758 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
759 	if (lba >= maxlba)
760 		return -EIO;
761 
762 	// Since we only read in one block at a time, we have to create
763 	// a bounce buffer and move the data a piece at a time between the
764 	// bounce buffer and the actual transfer buffer.
765 
766 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
767 	buffer = kmalloc(len, GFP_NOIO);
768 	if (buffer == NULL) {
769 		printk(KERN_WARNING "sddr09_read_data: Out of memory\n");
770 		return -ENOMEM;
771 	}
772 
773 	// This could be made much more efficient by checking for
774 	// contiguous LBA's. Another exercise left to the student.
775 
776 	result = 0;
777 	offset = 0;
778 	sg = NULL;
779 
780 	while (sectors > 0) {
781 
782 		/* Find number of pages we can read in this block */
783 		pages = min(sectors, info->blocksize - page);
784 		len = pages << info->pageshift;
785 
786 		/* Not overflowing capacity? */
787 		if (lba >= maxlba) {
788 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
789 				     lba, maxlba);
790 			result = -EIO;
791 			break;
792 		}
793 
794 		/* Find where this lba lives on disk */
795 		pba = info->lba_to_pba[lba];
796 
797 		if (pba == UNDEF) {	/* this lba was never written */
798 
799 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
800 				     pages, lba, page);
801 
802 			/* This is not really an error. It just means
803 			   that the block has never been written.
804 			   Instead of returning an error
805 			   it is better to return all zero data. */
806 
807 			memset(buffer, 0, len);
808 
809 		} else {
810 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
811 				     pages, pba, lba, page);
812 
813 			address = ((pba << info->blockshift) + page) <<
814 				info->pageshift;
815 
816 			result = sddr09_read20(us, address>>1,
817 					pages, info->pageshift, buffer, 0);
818 			if (result)
819 				break;
820 		}
821 
822 		// Store the data in the transfer buffer
823 		usb_stor_access_xfer_buf(buffer, len, us->srb,
824 				&sg, &offset, TO_XFER_BUF);
825 
826 		page = 0;
827 		lba++;
828 		sectors -= pages;
829 	}
830 
831 	kfree(buffer);
832 	return result;
833 }
834 
835 static unsigned int
836 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
837 	static unsigned int lastpba = 1;
838 	int zonestart, end, i;
839 
840 	zonestart = (lba/1000) << 10;
841 	end = info->capacity >> (info->blockshift + info->pageshift);
842 	end -= zonestart;
843 	if (end > 1024)
844 		end = 1024;
845 
846 	for (i = lastpba+1; i < end; i++) {
847 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
848 			lastpba = i;
849 			return zonestart+i;
850 		}
851 	}
852 	for (i = 0; i <= lastpba; i++) {
853 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
854 			lastpba = i;
855 			return zonestart+i;
856 		}
857 	}
858 	return 0;
859 }
860 
861 static int
862 sddr09_write_lba(struct us_data *us, unsigned int lba,
863 		 unsigned int page, unsigned int pages,
864 		 unsigned char *ptr, unsigned char *blockbuffer) {
865 
866 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
867 	unsigned long address;
868 	unsigned int pba, lbap;
869 	unsigned int pagelen;
870 	unsigned char *bptr, *cptr, *xptr;
871 	unsigned char ecc[3];
872 	int i, result, isnew;
873 
874 	lbap = ((lba % 1000) << 1) | 0x1000;
875 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
876 		lbap ^= 1;
877 	pba = info->lba_to_pba[lba];
878 	isnew = 0;
879 
880 	if (pba == UNDEF) {
881 		pba = sddr09_find_unused_pba(info, lba);
882 		if (!pba) {
883 			printk(KERN_WARNING
884 			       "sddr09_write_lba: Out of unused blocks\n");
885 			return -ENOSPC;
886 		}
887 		info->pba_to_lba[pba] = lba;
888 		info->lba_to_pba[lba] = pba;
889 		isnew = 1;
890 	}
891 
892 	if (pba == 1) {
893 		/* Maybe it is impossible to write to PBA 1.
894 		   Fake success, but don't do anything. */
895 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
896 		return 0;
897 	}
898 
899 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
900 
901 	/* read old contents */
902 	address = (pba << (info->pageshift + info->blockshift));
903 	result = sddr09_read22(us, address>>1, info->blocksize,
904 			       info->pageshift, blockbuffer, 0);
905 	if (result)
906 		return result;
907 
908 	/* check old contents and fill lba */
909 	for (i = 0; i < info->blocksize; i++) {
910 		bptr = blockbuffer + i*pagelen;
911 		cptr = bptr + info->pagesize;
912 		nand_compute_ecc(bptr, ecc);
913 		if (!nand_compare_ecc(cptr+13, ecc)) {
914 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
915 				     i, pba);
916 			nand_store_ecc(cptr+13, ecc);
917 		}
918 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
919 		if (!nand_compare_ecc(cptr+8, ecc)) {
920 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
921 				     i, pba);
922 			nand_store_ecc(cptr+8, ecc);
923 		}
924 		cptr[6] = cptr[11] = MSB_of(lbap);
925 		cptr[7] = cptr[12] = LSB_of(lbap);
926 	}
927 
928 	/* copy in new stuff and compute ECC */
929 	xptr = ptr;
930 	for (i = page; i < page+pages; i++) {
931 		bptr = blockbuffer + i*pagelen;
932 		cptr = bptr + info->pagesize;
933 		memcpy(bptr, xptr, info->pagesize);
934 		xptr += info->pagesize;
935 		nand_compute_ecc(bptr, ecc);
936 		nand_store_ecc(cptr+13, ecc);
937 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
938 		nand_store_ecc(cptr+8, ecc);
939 	}
940 
941 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
942 
943 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
944 				      info->pageshift, blockbuffer, 0);
945 
946 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
947 
948 #if 0
949 	{
950 		unsigned char status = 0;
951 		int result2 = sddr09_read_status(us, &status);
952 		if (result2)
953 			usb_stor_dbg(us, "cannot read status\n");
954 		else if (status != 0xc0)
955 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
956 	}
957 #endif
958 
959 #if 0
960 	{
961 		int result2 = sddr09_test_unit_ready(us);
962 	}
963 #endif
964 
965 	return result;
966 }
967 
968 static int
969 sddr09_write_data(struct us_data *us,
970 		  unsigned long address,
971 		  unsigned int sectors) {
972 
973 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
974 	unsigned int lba, maxlba, page, pages;
975 	unsigned int pagelen, blocklen;
976 	unsigned char *blockbuffer;
977 	unsigned char *buffer;
978 	unsigned int len, offset;
979 	struct scatterlist *sg;
980 	int result;
981 
982 	// Figure out the initial LBA and page
983 	lba = address >> info->blockshift;
984 	page = (address & info->blockmask);
985 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
986 	if (lba >= maxlba)
987 		return -EIO;
988 
989 	// blockbuffer is used for reading in the old data, overwriting
990 	// with the new data, and performing ECC calculations
991 
992 	/* TODO: instead of doing kmalloc/kfree for each write,
993 	   add a bufferpointer to the info structure */
994 
995 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
996 	blocklen = (pagelen << info->blockshift);
997 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
998 	if (!blockbuffer) {
999 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1000 		return -ENOMEM;
1001 	}
1002 
1003 	// Since we don't write the user data directly to the device,
1004 	// we have to create a bounce buffer and move the data a piece
1005 	// at a time between the bounce buffer and the actual transfer buffer.
1006 
1007 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1008 	buffer = kmalloc(len, GFP_NOIO);
1009 	if (buffer == NULL) {
1010 		printk(KERN_WARNING "sddr09_write_data: Out of memory\n");
1011 		kfree(blockbuffer);
1012 		return -ENOMEM;
1013 	}
1014 
1015 	result = 0;
1016 	offset = 0;
1017 	sg = NULL;
1018 
1019 	while (sectors > 0) {
1020 
1021 		// Write as many sectors as possible in this block
1022 
1023 		pages = min(sectors, info->blocksize - page);
1024 		len = (pages << info->pageshift);
1025 
1026 		/* Not overflowing capacity? */
1027 		if (lba >= maxlba) {
1028 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1029 				     lba, maxlba);
1030 			result = -EIO;
1031 			break;
1032 		}
1033 
1034 		// Get the data from the transfer buffer
1035 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1036 				&sg, &offset, FROM_XFER_BUF);
1037 
1038 		result = sddr09_write_lba(us, lba, page, pages,
1039 				buffer, blockbuffer);
1040 		if (result)
1041 			break;
1042 
1043 		page = 0;
1044 		lba++;
1045 		sectors -= pages;
1046 	}
1047 
1048 	kfree(buffer);
1049 	kfree(blockbuffer);
1050 
1051 	return result;
1052 }
1053 
1054 static int
1055 sddr09_read_control(struct us_data *us,
1056 		unsigned long address,
1057 		unsigned int blocks,
1058 		unsigned char *content,
1059 		int use_sg) {
1060 
1061 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1062 		     address, blocks);
1063 
1064 	return sddr09_read21(us, address, blocks,
1065 			     CONTROL_SHIFT, content, use_sg);
1066 }
1067 
1068 /*
1069  * Read Device ID Command: 12 bytes.
1070  * byte 0: opcode: ED
1071  *
1072  * Returns 2 bytes: Manufacturer ID and Device ID.
1073  * On more recent cards 3 bytes: the third byte is an option code A5
1074  * signifying that the secret command to read an 128-bit ID is available.
1075  * On still more recent cards 4 bytes: the fourth byte C0 means that
1076  * a second read ID cmd is available.
1077  */
1078 static int
1079 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1080 	unsigned char *command = us->iobuf;
1081 	unsigned char *content = us->iobuf;
1082 	int result, i;
1083 
1084 	memset(command, 0, 12);
1085 	command[0] = 0xED;
1086 	command[1] = LUNBITS;
1087 
1088 	result = sddr09_send_scsi_command(us, command, 12);
1089 	if (result)
1090 		return result;
1091 
1092 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1093 			content, 64, NULL);
1094 
1095 	for (i = 0; i < 4; i++)
1096 		deviceID[i] = content[i];
1097 
1098 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1099 }
1100 
1101 static int
1102 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1103 	int result;
1104 	unsigned char status;
1105 
1106 	result = sddr09_read_status(us, &status);
1107 	if (result) {
1108 		usb_stor_dbg(us, "read_status fails\n");
1109 		return result;
1110 	}
1111 	usb_stor_dbg(us, "status 0x%02X", status);
1112 	if ((status & 0x80) == 0) {
1113 		info->flags |= SDDR09_WP;	/* write protected */
1114 		US_DEBUGPX(" WP");
1115 	}
1116 	if (status & 0x40)
1117 		US_DEBUGPX(" Ready");
1118 	if (status & LUNBITS)
1119 		US_DEBUGPX(" Suspended");
1120 	if (status & 0x1)
1121 		US_DEBUGPX(" Error");
1122 	US_DEBUGPX("\n");
1123 	return 0;
1124 }
1125 
1126 #if 0
1127 /*
1128  * Reset Command: 12 bytes.
1129  * byte 0: opcode: EB
1130  */
1131 static int
1132 sddr09_reset(struct us_data *us) {
1133 
1134 	unsigned char *command = us->iobuf;
1135 
1136 	memset(command, 0, 12);
1137 	command[0] = 0xEB;
1138 	command[1] = LUNBITS;
1139 
1140 	return sddr09_send_scsi_command(us, command, 12);
1141 }
1142 #endif
1143 
1144 static struct nand_flash_dev *
1145 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1146 	struct nand_flash_dev *cardinfo;
1147 	unsigned char deviceID[4];
1148 	char blurbtxt[256];
1149 	int result;
1150 
1151 	usb_stor_dbg(us, "Reading capacity...\n");
1152 
1153 	result = sddr09_read_deviceID(us, deviceID);
1154 
1155 	if (result) {
1156 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1157 		printk(KERN_WARNING "sddr09: could not read card info\n");
1158 		return NULL;
1159 	}
1160 
1161 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1162 
1163 	/* Byte 0 is the manufacturer */
1164 	sprintf(blurbtxt + strlen(blurbtxt),
1165 		": Manuf. %s",
1166 		nand_flash_manufacturer(deviceID[0]));
1167 
1168 	/* Byte 1 is the device type */
1169 	cardinfo = nand_find_id(deviceID[1]);
1170 	if (cardinfo) {
1171 		/* MB or MiB? It is neither. A 16 MB card has
1172 		   17301504 raw bytes, of which 16384000 are
1173 		   usable for user data. */
1174 		sprintf(blurbtxt + strlen(blurbtxt),
1175 			", %d MB", 1<<(cardinfo->chipshift - 20));
1176 	} else {
1177 		sprintf(blurbtxt + strlen(blurbtxt),
1178 			", type unrecognized");
1179 	}
1180 
1181 	/* Byte 2 is code to signal availability of 128-bit ID */
1182 	if (deviceID[2] == 0xa5) {
1183 		sprintf(blurbtxt + strlen(blurbtxt),
1184 			", 128-bit ID");
1185 	}
1186 
1187 	/* Byte 3 announces the availability of another read ID command */
1188 	if (deviceID[3] == 0xc0) {
1189 		sprintf(blurbtxt + strlen(blurbtxt),
1190 			", extra cmd");
1191 	}
1192 
1193 	if (flags & SDDR09_WP)
1194 		sprintf(blurbtxt + strlen(blurbtxt),
1195 			", WP");
1196 
1197 	printk(KERN_WARNING "%s\n", blurbtxt);
1198 
1199 	return cardinfo;
1200 }
1201 
1202 static int
1203 sddr09_read_map(struct us_data *us) {
1204 
1205 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1206 	int numblocks, alloc_len, alloc_blocks;
1207 	int i, j, result;
1208 	unsigned char *buffer, *buffer_end, *ptr;
1209 	unsigned int lba, lbact;
1210 
1211 	if (!info->capacity)
1212 		return -1;
1213 
1214 	// size of a block is 1 << (blockshift + pageshift) bytes
1215 	// divide into the total capacity to get the number of blocks
1216 
1217 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1218 
1219 	// read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1220 	// but only use a 64 KB buffer
1221 	// buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1222 #define SDDR09_READ_MAP_BUFSZ 65536
1223 
1224 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1225 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1226 	buffer = kmalloc(alloc_len, GFP_NOIO);
1227 	if (buffer == NULL) {
1228 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1229 		result = -1;
1230 		goto done;
1231 	}
1232 	buffer_end = buffer + alloc_len;
1233 
1234 #undef SDDR09_READ_MAP_BUFSZ
1235 
1236 	kfree(info->lba_to_pba);
1237 	kfree(info->pba_to_lba);
1238 	info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1239 	info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1240 
1241 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1242 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1243 		result = -1;
1244 		goto done;
1245 	}
1246 
1247 	for (i = 0; i < numblocks; i++)
1248 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1249 
1250 	/*
1251 	 * Define lba-pba translation table
1252 	 */
1253 
1254 	ptr = buffer_end;
1255 	for (i = 0; i < numblocks; i++) {
1256 		ptr += (1 << CONTROL_SHIFT);
1257 		if (ptr >= buffer_end) {
1258 			unsigned long address;
1259 
1260 			address = i << (info->pageshift + info->blockshift);
1261 			result = sddr09_read_control(
1262 				us, address>>1,
1263 				min(alloc_blocks, numblocks - i),
1264 				buffer, 0);
1265 			if (result) {
1266 				result = -1;
1267 				goto done;
1268 			}
1269 			ptr = buffer;
1270 		}
1271 
1272 		if (i == 0 || i == 1) {
1273 			info->pba_to_lba[i] = UNUSABLE;
1274 			continue;
1275 		}
1276 
1277 		/* special PBAs have control field 0^16 */
1278 		for (j = 0; j < 16; j++)
1279 			if (ptr[j] != 0)
1280 				goto nonz;
1281 		info->pba_to_lba[i] = UNUSABLE;
1282 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1283 		       i);
1284 		continue;
1285 
1286 	nonz:
1287 		/* unwritten PBAs have control field FF^16 */
1288 		for (j = 0; j < 16; j++)
1289 			if (ptr[j] != 0xff)
1290 				goto nonff;
1291 		continue;
1292 
1293 	nonff:
1294 		/* normal PBAs start with six FFs */
1295 		if (j < 6) {
1296 			printk(KERN_WARNING
1297 			       "sddr09: PBA %d has no logical mapping: "
1298 			       "reserved area = %02X%02X%02X%02X "
1299 			       "data status %02X block status %02X\n",
1300 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1301 			       ptr[4], ptr[5]);
1302 			info->pba_to_lba[i] = UNUSABLE;
1303 			continue;
1304 		}
1305 
1306 		if ((ptr[6] >> 4) != 0x01) {
1307 			printk(KERN_WARNING
1308 			       "sddr09: PBA %d has invalid address field "
1309 			       "%02X%02X/%02X%02X\n",
1310 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1311 			info->pba_to_lba[i] = UNUSABLE;
1312 			continue;
1313 		}
1314 
1315 		/* check even parity */
1316 		if (parity[ptr[6] ^ ptr[7]]) {
1317 			printk(KERN_WARNING
1318 			       "sddr09: Bad parity in LBA for block %d"
1319 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1320 			info->pba_to_lba[i] = UNUSABLE;
1321 			continue;
1322 		}
1323 
1324 		lba = short_pack(ptr[7], ptr[6]);
1325 		lba = (lba & 0x07FF) >> 1;
1326 
1327 		/*
1328 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1329 		 * go back to zero, but are within a higher block of LBA's.
1330 		 * Also, there is a maximum of 1000 LBA's per zone.
1331 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1332 		 * which are really LBA 1000-1999. This allows for 24 bad
1333 		 * or special physical blocks per zone.
1334 		 */
1335 
1336 		if (lba >= 1000) {
1337 			printk(KERN_WARNING
1338 			       "sddr09: Bad low LBA %d for block %d\n",
1339 			       lba, i);
1340 			goto possibly_erase;
1341 		}
1342 
1343 		lba += 1000*(i/0x400);
1344 
1345 		if (info->lba_to_pba[lba] != UNDEF) {
1346 			printk(KERN_WARNING
1347 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1348 			       lba, info->lba_to_pba[lba], i);
1349 			goto possibly_erase;
1350 		}
1351 
1352 		info->pba_to_lba[i] = lba;
1353 		info->lba_to_pba[lba] = i;
1354 		continue;
1355 
1356 	possibly_erase:
1357 		if (erase_bad_lba_entries) {
1358 			unsigned long address;
1359 
1360 			address = (i << (info->pageshift + info->blockshift));
1361 			sddr09_erase(us, address>>1);
1362 			info->pba_to_lba[i] = UNDEF;
1363 		} else
1364 			info->pba_to_lba[i] = UNUSABLE;
1365 	}
1366 
1367 	/*
1368 	 * Approximate capacity. This is not entirely correct yet,
1369 	 * since a zone with less than 1000 usable pages leads to
1370 	 * missing LBAs. Especially if it is the last zone, some
1371 	 * LBAs can be past capacity.
1372 	 */
1373 	lbact = 0;
1374 	for (i = 0; i < numblocks; i += 1024) {
1375 		int ct = 0;
1376 
1377 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1378 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1379 				if (ct >= 1000)
1380 					info->pba_to_lba[i+j] = SPARE;
1381 				else
1382 					ct++;
1383 			}
1384 		}
1385 		lbact += ct;
1386 	}
1387 	info->lbact = lbact;
1388 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1389 	result = 0;
1390 
1391  done:
1392 	if (result != 0) {
1393 		kfree(info->lba_to_pba);
1394 		kfree(info->pba_to_lba);
1395 		info->lba_to_pba = NULL;
1396 		info->pba_to_lba = NULL;
1397 	}
1398 	kfree(buffer);
1399 	return result;
1400 }
1401 
1402 static void
1403 sddr09_card_info_destructor(void *extra) {
1404 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1405 
1406 	if (!info)
1407 		return;
1408 
1409 	kfree(info->lba_to_pba);
1410 	kfree(info->pba_to_lba);
1411 }
1412 
1413 static int
1414 sddr09_common_init(struct us_data *us) {
1415 	int result;
1416 
1417 	/* set the configuration -- STALL is an acceptable response here */
1418 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1419 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1420 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1421 		return -EINVAL;
1422 	}
1423 
1424 	result = usb_reset_configuration(us->pusb_dev);
1425 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1426 	if (result == -EPIPE) {
1427 		usb_stor_dbg(us, "-- stall on control interface\n");
1428 	} else if (result != 0) {
1429 		/* it's not a stall, but another error -- time to bail */
1430 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1431 		return -EINVAL;
1432 	}
1433 
1434 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1435 	if (!us->extra)
1436 		return -ENOMEM;
1437 	us->extra_destructor = sddr09_card_info_destructor;
1438 
1439 	nand_init_ecc();
1440 	return 0;
1441 }
1442 
1443 
1444 /*
1445  * This is needed at a very early stage. If this is not listed in the
1446  * unusual devices list but called from here then LUN 0 of the combo reader
1447  * is not recognized. But I do not know what precisely these calls do.
1448  */
1449 static int
1450 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1451 	int result;
1452 	unsigned char *data = us->iobuf;
1453 
1454 	result = sddr09_common_init(us);
1455 	if (result)
1456 		return result;
1457 
1458 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1459 	if (result) {
1460 		usb_stor_dbg(us, "send_command fails\n");
1461 		return result;
1462 	}
1463 
1464 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1465 	// get 07 02
1466 
1467 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1468 	if (result) {
1469 		usb_stor_dbg(us, "2nd send_command fails\n");
1470 		return result;
1471 	}
1472 
1473 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1474 	// get 07 00
1475 
1476 	result = sddr09_request_sense(us, data, 18);
1477 	if (result == 0 && data[2] != 0) {
1478 		int j;
1479 		for (j=0; j<18; j++)
1480 			printk(" %02X", data[j]);
1481 		printk("\n");
1482 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1483 		// 70: current command
1484 		// sense key 0, sense code 0, extd sense code 0
1485 		// additional transfer length * = sizeof(data) - 7
1486 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1487 		// sense key 06, sense code 28: unit attention,
1488 		// not ready to ready transition
1489 	}
1490 
1491 	// test unit ready
1492 
1493 	return 0;		/* not result */
1494 }
1495 
1496 /*
1497  * Transport for the Microtech DPCM-USB
1498  */
1499 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1500 {
1501 	int ret;
1502 
1503 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1504 
1505 	switch (srb->device->lun) {
1506 	case 0:
1507 
1508 		/*
1509 		 * LUN 0 corresponds to the CompactFlash card reader.
1510 		 */
1511 		ret = usb_stor_CB_transport(srb, us);
1512 		break;
1513 
1514 	case 1:
1515 
1516 		/*
1517 		 * LUN 1 corresponds to the SmartMedia card reader.
1518 		 */
1519 
1520 		/*
1521 		 * Set the LUN to 0 (just in case).
1522 		 */
1523 		srb->device->lun = 0;
1524 		ret = sddr09_transport(srb, us);
1525 		srb->device->lun = 1;
1526 		break;
1527 
1528 	default:
1529 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1530 		ret = USB_STOR_TRANSPORT_ERROR;
1531 		break;
1532 	}
1533 	return ret;
1534 }
1535 
1536 
1537 /*
1538  * Transport for the Sandisk SDDR-09
1539  */
1540 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1541 {
1542 	static unsigned char sensekey = 0, sensecode = 0;
1543 	static unsigned char havefakesense = 0;
1544 	int result, i;
1545 	unsigned char *ptr = us->iobuf;
1546 	unsigned long capacity;
1547 	unsigned int page, pages;
1548 
1549 	struct sddr09_card_info *info;
1550 
1551 	static unsigned char inquiry_response[8] = {
1552 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1553 	};
1554 
1555 	/* note: no block descriptor support */
1556 	static unsigned char mode_page_01[19] = {
1557 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1558 		0x01, 0x0A,
1559 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1560 	};
1561 
1562 	info = (struct sddr09_card_info *)us->extra;
1563 
1564 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1565 		/* for a faked command, we have to follow with a faked sense */
1566 		memset(ptr, 0, 18);
1567 		ptr[0] = 0x70;
1568 		ptr[2] = sensekey;
1569 		ptr[7] = 11;
1570 		ptr[12] = sensecode;
1571 		usb_stor_set_xfer_buf(ptr, 18, srb);
1572 		sensekey = sensecode = havefakesense = 0;
1573 		return USB_STOR_TRANSPORT_GOOD;
1574 	}
1575 
1576 	havefakesense = 1;
1577 
1578 	/* Dummy up a response for INQUIRY since SDDR09 doesn't
1579 	   respond to INQUIRY commands */
1580 
1581 	if (srb->cmnd[0] == INQUIRY) {
1582 		memcpy(ptr, inquiry_response, 8);
1583 		fill_inquiry_response(us, ptr, 36);
1584 		return USB_STOR_TRANSPORT_GOOD;
1585 	}
1586 
1587 	if (srb->cmnd[0] == READ_CAPACITY) {
1588 		struct nand_flash_dev *cardinfo;
1589 
1590 		sddr09_get_wp(us, info);	/* read WP bit */
1591 
1592 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1593 		if (!cardinfo) {
1594 			/* probably no media */
1595 		init_error:
1596 			sensekey = 0x02;	/* not ready */
1597 			sensecode = 0x3a;	/* medium not present */
1598 			return USB_STOR_TRANSPORT_FAILED;
1599 		}
1600 
1601 		info->capacity = (1 << cardinfo->chipshift);
1602 		info->pageshift = cardinfo->pageshift;
1603 		info->pagesize = (1 << info->pageshift);
1604 		info->blockshift = cardinfo->blockshift;
1605 		info->blocksize = (1 << info->blockshift);
1606 		info->blockmask = info->blocksize - 1;
1607 
1608 		// map initialization, must follow get_cardinfo()
1609 		if (sddr09_read_map(us)) {
1610 			/* probably out of memory */
1611 			goto init_error;
1612 		}
1613 
1614 		// Report capacity
1615 
1616 		capacity = (info->lbact << info->blockshift) - 1;
1617 
1618 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1619 
1620 		// Report page size
1621 
1622 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1623 		usb_stor_set_xfer_buf(ptr, 8, srb);
1624 
1625 		return USB_STOR_TRANSPORT_GOOD;
1626 	}
1627 
1628 	if (srb->cmnd[0] == MODE_SENSE_10) {
1629 		int modepage = (srb->cmnd[2] & 0x3F);
1630 
1631 		/* They ask for the Read/Write error recovery page,
1632 		   or for all pages. */
1633 		/* %% We should check DBD %% */
1634 		if (modepage == 0x01 || modepage == 0x3F) {
1635 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636 				     modepage);
1637 
1638 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642 			return USB_STOR_TRANSPORT_GOOD;
1643 		}
1644 
1645 		sensekey = 0x05;	/* illegal request */
1646 		sensecode = 0x24;	/* invalid field in CDB */
1647 		return USB_STOR_TRANSPORT_FAILED;
1648 	}
1649 
1650 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651 		return USB_STOR_TRANSPORT_GOOD;
1652 
1653 	havefakesense = 0;
1654 
1655 	if (srb->cmnd[0] == READ_10) {
1656 
1657 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658 		page <<= 16;
1659 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661 
1662 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663 			     page, pages);
1664 
1665 		result = sddr09_read_data(us, page, pages);
1666 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667 				USB_STOR_TRANSPORT_ERROR);
1668 	}
1669 
1670 	if (srb->cmnd[0] == WRITE_10) {
1671 
1672 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 		page <<= 16;
1674 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676 
1677 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678 			     page, pages);
1679 
1680 		result = sddr09_write_data(us, page, pages);
1681 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 				USB_STOR_TRANSPORT_ERROR);
1683 	}
1684 
1685 	/* catch-all for all other commands, except
1686 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1687 	 */
1688 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1689 	    srb->cmnd[0] != REQUEST_SENSE) {
1690 		sensekey = 0x05;	/* illegal request */
1691 		sensecode = 0x20;	/* invalid command */
1692 		havefakesense = 1;
1693 		return USB_STOR_TRANSPORT_FAILED;
1694 	}
1695 
1696 	for (; srb->cmd_len<12; srb->cmd_len++)
1697 		srb->cmnd[srb->cmd_len] = 0;
1698 
1699 	srb->cmnd[1] = LUNBITS;
1700 
1701 	ptr[0] = 0;
1702 	for (i=0; i<12; i++)
1703 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1704 
1705 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1706 
1707 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1708 	if (result) {
1709 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1710 			     result);
1711 		return USB_STOR_TRANSPORT_ERROR;
1712 	}
1713 
1714 	if (scsi_bufflen(srb) == 0)
1715 		return USB_STOR_TRANSPORT_GOOD;
1716 
1717 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1718 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1719 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1720 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1721 
1722 		usb_stor_dbg(us, "%s %d bytes\n",
1723 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1724 			     "sending" : "receiving",
1725 			     scsi_bufflen(srb));
1726 
1727 		result = usb_stor_bulk_srb(us, pipe, srb);
1728 
1729 		return (result == USB_STOR_XFER_GOOD ?
1730 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1731 	}
1732 
1733 	return USB_STOR_TRANSPORT_GOOD;
1734 }
1735 
1736 /*
1737  * Initialization routine for the sddr09 subdriver
1738  */
1739 static int
1740 usb_stor_sddr09_init(struct us_data *us) {
1741 	return sddr09_common_init(us);
1742 }
1743 
1744 static struct scsi_host_template sddr09_host_template;
1745 
1746 static int sddr09_probe(struct usb_interface *intf,
1747 			 const struct usb_device_id *id)
1748 {
1749 	struct us_data *us;
1750 	int result;
1751 
1752 	result = usb_stor_probe1(&us, intf, id,
1753 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1754 			&sddr09_host_template);
1755 	if (result)
1756 		return result;
1757 
1758 	if (us->protocol == USB_PR_DPCM_USB) {
1759 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1760 		us->transport = dpcm_transport;
1761 		us->transport_reset = usb_stor_CB_reset;
1762 		us->max_lun = 1;
1763 	} else {
1764 		us->transport_name = "EUSB/SDDR09";
1765 		us->transport = sddr09_transport;
1766 		us->transport_reset = usb_stor_CB_reset;
1767 		us->max_lun = 0;
1768 	}
1769 
1770 	result = usb_stor_probe2(us);
1771 	return result;
1772 }
1773 
1774 static struct usb_driver sddr09_driver = {
1775 	.name =		DRV_NAME,
1776 	.probe =	sddr09_probe,
1777 	.disconnect =	usb_stor_disconnect,
1778 	.suspend =	usb_stor_suspend,
1779 	.resume =	usb_stor_resume,
1780 	.reset_resume =	usb_stor_reset_resume,
1781 	.pre_reset =	usb_stor_pre_reset,
1782 	.post_reset =	usb_stor_post_reset,
1783 	.id_table =	sddr09_usb_ids,
1784 	.soft_unbind =	1,
1785 	.no_dynamic_id = 1,
1786 };
1787 
1788 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1789