xref: /linux/drivers/usb/storage/sddr09.c (revision e5c86679d5e864947a52fb31e45a425dea3e7fa9)
1 /*
2  * Driver for SanDisk SDDR-09 SmartMedia reader
3  *
4  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
6  * Developed with the assistance of:
7  *   (c) 2002 Alan Stern <stern@rowland.org>
8  *
9  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10  * This chip is a programmable USB controller. In the SDDR-09, it has
11  * been programmed to obey a certain limited set of SCSI commands.
12  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
13  * commands.
14  *
15  * This program is free software; you can redistribute it and/or modify it
16  * under the terms of the GNU General Public License as published by the
17  * Free Software Foundation; either version 2, or (at your option) any
18  * later version.
19  *
20  * This program is distributed in the hope that it will be useful, but
21  * WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23  * General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License along
26  * with this program; if not, write to the Free Software Foundation, Inc.,
27  * 675 Mass Ave, Cambridge, MA 02139, USA.
28  */
29 
30 /*
31  * Known vendor commands: 12 bytes, first byte is opcode
32  *
33  * E7: read scatter gather
34  * E8: read
35  * E9: write
36  * EA: erase
37  * EB: reset
38  * EC: read status
39  * ED: read ID
40  * EE: write CIS (?)
41  * EF: compute checksum (?)
42  */
43 
44 #include <linux/errno.h>
45 #include <linux/module.h>
46 #include <linux/slab.h>
47 
48 #include <scsi/scsi.h>
49 #include <scsi/scsi_cmnd.h>
50 #include <scsi/scsi_device.h>
51 
52 #include "usb.h"
53 #include "transport.h"
54 #include "protocol.h"
55 #include "debug.h"
56 #include "scsiglue.h"
57 
58 #define DRV_NAME "ums-sddr09"
59 
60 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
61 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
62 MODULE_LICENSE("GPL");
63 
64 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
65 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
66 static int usb_stor_sddr09_init(struct us_data *us);
67 
68 
69 /*
70  * The table of devices
71  */
72 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
73 		    vendorName, productName, useProtocol, useTransport, \
74 		    initFunction, flags) \
75 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
76   .driver_info = (flags) }
77 
78 static struct usb_device_id sddr09_usb_ids[] = {
79 #	include "unusual_sddr09.h"
80 	{ }		/* Terminating entry */
81 };
82 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
83 
84 #undef UNUSUAL_DEV
85 
86 /*
87  * The flags table
88  */
89 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
90 		    vendor_name, product_name, use_protocol, use_transport, \
91 		    init_function, Flags) \
92 { \
93 	.vendorName = vendor_name,	\
94 	.productName = product_name,	\
95 	.useProtocol = use_protocol,	\
96 	.useTransport = use_transport,	\
97 	.initFunction = init_function,	\
98 }
99 
100 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
101 #	include "unusual_sddr09.h"
102 	{ }		/* Terminating entry */
103 };
104 
105 #undef UNUSUAL_DEV
106 
107 
108 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
109 #define LSB_of(s) ((s)&0xFF)
110 #define MSB_of(s) ((s)>>8)
111 
112 /*
113  * First some stuff that does not belong here:
114  * data on SmartMedia and other cards, completely
115  * unrelated to this driver.
116  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
117  */
118 
119 struct nand_flash_dev {
120 	int model_id;
121 	int chipshift;		/* 1<<cs bytes total capacity */
122 	char pageshift;		/* 1<<ps bytes in a page */
123 	char blockshift;	/* 1<<bs pages in an erase block */
124 	char zoneshift;		/* 1<<zs blocks in a zone */
125 				/* # of logical blocks is 125/128 of this */
126 	char pageadrlen;	/* length of an address in bytes - 1 */
127 };
128 
129 /*
130  * NAND Flash Manufacturer ID Codes
131  */
132 #define NAND_MFR_AMD		0x01
133 #define NAND_MFR_NATSEMI	0x8f
134 #define NAND_MFR_TOSHIBA	0x98
135 #define NAND_MFR_SAMSUNG	0xec
136 
137 static inline char *nand_flash_manufacturer(int manuf_id) {
138 	switch(manuf_id) {
139 	case NAND_MFR_AMD:
140 		return "AMD";
141 	case NAND_MFR_NATSEMI:
142 		return "NATSEMI";
143 	case NAND_MFR_TOSHIBA:
144 		return "Toshiba";
145 	case NAND_MFR_SAMSUNG:
146 		return "Samsung";
147 	default:
148 		return "unknown";
149 	}
150 }
151 
152 /*
153  * It looks like it is unnecessary to attach manufacturer to the
154  * remaining data: SSFDC prescribes manufacturer-independent id codes.
155  *
156  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
157  */
158 
159 static struct nand_flash_dev nand_flash_ids[] = {
160 	/* NAND flash */
161 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
162 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
163 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
164 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
165 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
166 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
167 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
168 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
169 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
170 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
171 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
172 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
173 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
174 
175 	/* MASK ROM */
176 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
177 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
178 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
179 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
180 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
181 	{ 0,}
182 };
183 
184 static struct nand_flash_dev *
185 nand_find_id(unsigned char id) {
186 	int i;
187 
188 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
189 		if (nand_flash_ids[i].model_id == id)
190 			return &(nand_flash_ids[i]);
191 	return NULL;
192 }
193 
194 /*
195  * ECC computation.
196  */
197 static unsigned char parity[256];
198 static unsigned char ecc2[256];
199 
200 static void nand_init_ecc(void) {
201 	int i, j, a;
202 
203 	parity[0] = 0;
204 	for (i = 1; i < 256; i++)
205 		parity[i] = (parity[i&(i-1)] ^ 1);
206 
207 	for (i = 0; i < 256; i++) {
208 		a = 0;
209 		for (j = 0; j < 8; j++) {
210 			if (i & (1<<j)) {
211 				if ((j & 1) == 0)
212 					a ^= 0x04;
213 				if ((j & 2) == 0)
214 					a ^= 0x10;
215 				if ((j & 4) == 0)
216 					a ^= 0x40;
217 			}
218 		}
219 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
220 	}
221 }
222 
223 /* compute 3-byte ecc on 256 bytes */
224 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
225 	int i, j, a;
226 	unsigned char par = 0, bit, bits[8] = {0};
227 
228 	/* collect 16 checksum bits */
229 	for (i = 0; i < 256; i++) {
230 		par ^= data[i];
231 		bit = parity[data[i]];
232 		for (j = 0; j < 8; j++)
233 			if ((i & (1<<j)) == 0)
234 				bits[j] ^= bit;
235 	}
236 
237 	/* put 4+4+4 = 12 bits in the ecc */
238 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
239 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
240 
241 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
242 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
243 
244 	ecc[2] = ecc2[par];
245 }
246 
247 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
248 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
249 }
250 
251 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
252 	memcpy(data, ecc, 3);
253 }
254 
255 /*
256  * The actual driver starts here.
257  */
258 
259 struct sddr09_card_info {
260 	unsigned long	capacity;	/* Size of card in bytes */
261 	int		pagesize;	/* Size of page in bytes */
262 	int		pageshift;	/* log2 of pagesize */
263 	int		blocksize;	/* Size of block in pages */
264 	int		blockshift;	/* log2 of blocksize */
265 	int		blockmask;	/* 2^blockshift - 1 */
266 	int		*lba_to_pba;	/* logical to physical map */
267 	int		*pba_to_lba;	/* physical to logical map */
268 	int		lbact;		/* number of available pages */
269 	int		flags;
270 #define	SDDR09_WP	1		/* write protected */
271 };
272 
273 /*
274  * On my 16MB card, control blocks have size 64 (16 real control bytes,
275  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
276  * so the reader makes up the remaining 48. Don't know whether these numbers
277  * depend on the card. For now a constant.
278  */
279 #define CONTROL_SHIFT 6
280 
281 /*
282  * On my Combo CF/SM reader, the SM reader has LUN 1.
283  * (and things fail with LUN 0).
284  * It seems LUN is irrelevant for others.
285  */
286 #define LUN	1
287 #define	LUNBITS	(LUN << 5)
288 
289 /*
290  * LBA and PBA are unsigned ints. Special values.
291  */
292 #define UNDEF    0xffffffff
293 #define SPARE    0xfffffffe
294 #define UNUSABLE 0xfffffffd
295 
296 static const int erase_bad_lba_entries = 0;
297 
298 /* send vendor interface command (0x41) */
299 /* called for requests 0, 1, 8 */
300 static int
301 sddr09_send_command(struct us_data *us,
302 		    unsigned char request,
303 		    unsigned char direction,
304 		    unsigned char *xfer_data,
305 		    unsigned int xfer_len) {
306 	unsigned int pipe;
307 	unsigned char requesttype = (0x41 | direction);
308 	int rc;
309 
310 	// Get the receive or send control pipe number
311 
312 	if (direction == USB_DIR_IN)
313 		pipe = us->recv_ctrl_pipe;
314 	else
315 		pipe = us->send_ctrl_pipe;
316 
317 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
318 				   0, 0, xfer_data, xfer_len);
319 	switch (rc) {
320 		case USB_STOR_XFER_GOOD:	return 0;
321 		case USB_STOR_XFER_STALLED:	return -EPIPE;
322 		default:			return -EIO;
323 	}
324 }
325 
326 static int
327 sddr09_send_scsi_command(struct us_data *us,
328 			 unsigned char *command,
329 			 unsigned int command_len) {
330 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
331 }
332 
333 #if 0
334 /*
335  * Test Unit Ready Command: 12 bytes.
336  * byte 0: opcode: 00
337  */
338 static int
339 sddr09_test_unit_ready(struct us_data *us) {
340 	unsigned char *command = us->iobuf;
341 	int result;
342 
343 	memset(command, 0, 6);
344 	command[1] = LUNBITS;
345 
346 	result = sddr09_send_scsi_command(us, command, 6);
347 
348 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
349 
350 	return result;
351 }
352 #endif
353 
354 /*
355  * Request Sense Command: 12 bytes.
356  * byte 0: opcode: 03
357  * byte 4: data length
358  */
359 static int
360 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
361 	unsigned char *command = us->iobuf;
362 	int result;
363 
364 	memset(command, 0, 12);
365 	command[0] = 0x03;
366 	command[1] = LUNBITS;
367 	command[4] = buflen;
368 
369 	result = sddr09_send_scsi_command(us, command, 12);
370 	if (result)
371 		return result;
372 
373 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
374 			sensebuf, buflen, NULL);
375 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
376 }
377 
378 /*
379  * Read Command: 12 bytes.
380  * byte 0: opcode: E8
381  * byte 1: last two bits: 00: read data, 01: read blockwise control,
382  *			10: read both, 11: read pagewise control.
383  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
384  * bytes 2-5: address (interpretation depends on byte 1, see below)
385  * bytes 10-11: count (idem)
386  *
387  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
388  * A read data command gets data in 512-byte pages.
389  * A read control command gets control in 64-byte chunks.
390  * A read both command gets data+control in 576-byte chunks.
391  *
392  * Blocks are groups of 32 pages, and read blockwise control jumps to the
393  * next block, while read pagewise control jumps to the next page after
394  * reading a group of 64 control bytes.
395  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
396  *
397  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
398  */
399 
400 static int
401 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
402 	     int nr_of_pages, int bulklen, unsigned char *buf,
403 	     int use_sg) {
404 
405 	unsigned char *command = us->iobuf;
406 	int result;
407 
408 	command[0] = 0xE8;
409 	command[1] = LUNBITS | x;
410 	command[2] = MSB_of(fromaddress>>16);
411 	command[3] = LSB_of(fromaddress>>16);
412 	command[4] = MSB_of(fromaddress & 0xFFFF);
413 	command[5] = LSB_of(fromaddress & 0xFFFF);
414 	command[6] = 0;
415 	command[7] = 0;
416 	command[8] = 0;
417 	command[9] = 0;
418 	command[10] = MSB_of(nr_of_pages);
419 	command[11] = LSB_of(nr_of_pages);
420 
421 	result = sddr09_send_scsi_command(us, command, 12);
422 
423 	if (result) {
424 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
425 			     x, result);
426 		return result;
427 	}
428 
429 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
430 				       buf, bulklen, use_sg, NULL);
431 
432 	if (result != USB_STOR_XFER_GOOD) {
433 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
434 			     x, result);
435 		return -EIO;
436 	}
437 	return 0;
438 }
439 
440 /*
441  * Read Data
442  *
443  * fromaddress counts data shorts:
444  * increasing it by 256 shifts the bytestream by 512 bytes;
445  * the last 8 bits are ignored.
446  *
447  * nr_of_pages counts pages of size (1 << pageshift).
448  */
449 static int
450 sddr09_read20(struct us_data *us, unsigned long fromaddress,
451 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
452 	int bulklen = nr_of_pages << pageshift;
453 
454 	/* The last 8 bits of fromaddress are ignored. */
455 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
456 			    buf, use_sg);
457 }
458 
459 /*
460  * Read Blockwise Control
461  *
462  * fromaddress gives the starting position (as in read data;
463  * the last 8 bits are ignored); increasing it by 32*256 shifts
464  * the output stream by 64 bytes.
465  *
466  * count counts control groups of size (1 << controlshift).
467  * For me, controlshift = 6. Is this constant?
468  *
469  * After getting one control group, jump to the next block
470  * (fromaddress += 8192).
471  */
472 static int
473 sddr09_read21(struct us_data *us, unsigned long fromaddress,
474 	      int count, int controlshift, unsigned char *buf, int use_sg) {
475 
476 	int bulklen = (count << controlshift);
477 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
478 			    buf, use_sg);
479 }
480 
481 /*
482  * Read both Data and Control
483  *
484  * fromaddress counts data shorts, ignoring control:
485  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
486  * the last 8 bits are ignored.
487  *
488  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
489  */
490 static int
491 sddr09_read22(struct us_data *us, unsigned long fromaddress,
492 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
493 
494 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
495 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
496 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
497 			    buf, use_sg);
498 }
499 
500 #if 0
501 /*
502  * Read Pagewise Control
503  *
504  * fromaddress gives the starting position (as in read data;
505  * the last 8 bits are ignored); increasing it by 256 shifts
506  * the output stream by 64 bytes.
507  *
508  * count counts control groups of size (1 << controlshift).
509  * For me, controlshift = 6. Is this constant?
510  *
511  * After getting one control group, jump to the next page
512  * (fromaddress += 256).
513  */
514 static int
515 sddr09_read23(struct us_data *us, unsigned long fromaddress,
516 	      int count, int controlshift, unsigned char *buf, int use_sg) {
517 
518 	int bulklen = (count << controlshift);
519 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
520 			    buf, use_sg);
521 }
522 #endif
523 
524 /*
525  * Erase Command: 12 bytes.
526  * byte 0: opcode: EA
527  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
528  *
529  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
530  * The byte address being erased is 2*Eaddress.
531  * The CIS cannot be erased.
532  */
533 static int
534 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
535 	unsigned char *command = us->iobuf;
536 	int result;
537 
538 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
539 
540 	memset(command, 0, 12);
541 	command[0] = 0xEA;
542 	command[1] = LUNBITS;
543 	command[6] = MSB_of(Eaddress>>16);
544 	command[7] = LSB_of(Eaddress>>16);
545 	command[8] = MSB_of(Eaddress & 0xFFFF);
546 	command[9] = LSB_of(Eaddress & 0xFFFF);
547 
548 	result = sddr09_send_scsi_command(us, command, 12);
549 
550 	if (result)
551 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
552 			     result);
553 
554 	return result;
555 }
556 
557 /*
558  * Write CIS Command: 12 bytes.
559  * byte 0: opcode: EE
560  * bytes 2-5: write address in shorts
561  * bytes 10-11: sector count
562  *
563  * This writes at the indicated address. Don't know how it differs
564  * from E9. Maybe it does not erase? However, it will also write to
565  * the CIS.
566  *
567  * When two such commands on the same page follow each other directly,
568  * the second one is not done.
569  */
570 
571 /*
572  * Write Command: 12 bytes.
573  * byte 0: opcode: E9
574  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
575  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
576  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
577  *
578  * If write address equals erase address, the erase is done first,
579  * otherwise the write is done first. When erase address equals zero
580  * no erase is done?
581  */
582 static int
583 sddr09_writeX(struct us_data *us,
584 	      unsigned long Waddress, unsigned long Eaddress,
585 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
586 
587 	unsigned char *command = us->iobuf;
588 	int result;
589 
590 	command[0] = 0xE9;
591 	command[1] = LUNBITS;
592 
593 	command[2] = MSB_of(Waddress>>16);
594 	command[3] = LSB_of(Waddress>>16);
595 	command[4] = MSB_of(Waddress & 0xFFFF);
596 	command[5] = LSB_of(Waddress & 0xFFFF);
597 
598 	command[6] = MSB_of(Eaddress>>16);
599 	command[7] = LSB_of(Eaddress>>16);
600 	command[8] = MSB_of(Eaddress & 0xFFFF);
601 	command[9] = LSB_of(Eaddress & 0xFFFF);
602 
603 	command[10] = MSB_of(nr_of_pages);
604 	command[11] = LSB_of(nr_of_pages);
605 
606 	result = sddr09_send_scsi_command(us, command, 12);
607 
608 	if (result) {
609 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
610 			     result);
611 		return result;
612 	}
613 
614 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
615 				       buf, bulklen, use_sg, NULL);
616 
617 	if (result != USB_STOR_XFER_GOOD) {
618 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
619 			     result);
620 		return -EIO;
621 	}
622 	return 0;
623 }
624 
625 /* erase address, write same address */
626 static int
627 sddr09_write_inplace(struct us_data *us, unsigned long address,
628 		     int nr_of_pages, int pageshift, unsigned char *buf,
629 		     int use_sg) {
630 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
631 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
632 			     buf, use_sg);
633 }
634 
635 #if 0
636 /*
637  * Read Scatter Gather Command: 3+4n bytes.
638  * byte 0: opcode E7
639  * byte 2: n
640  * bytes 4i-1,4i,4i+1: page address
641  * byte 4i+2: page count
642  * (i=1..n)
643  *
644  * This reads several pages from the card to a single memory buffer.
645  * The last two bits of byte 1 have the same meaning as for E8.
646  */
647 static int
648 sddr09_read_sg_test_only(struct us_data *us) {
649 	unsigned char *command = us->iobuf;
650 	int result, bulklen, nsg, ct;
651 	unsigned char *buf;
652 	unsigned long address;
653 
654 	nsg = bulklen = 0;
655 	command[0] = 0xE7;
656 	command[1] = LUNBITS;
657 	command[2] = 0;
658 	address = 040000; ct = 1;
659 	nsg++;
660 	bulklen += (ct << 9);
661 	command[4*nsg+2] = ct;
662 	command[4*nsg+1] = ((address >> 9) & 0xFF);
663 	command[4*nsg+0] = ((address >> 17) & 0xFF);
664 	command[4*nsg-1] = ((address >> 25) & 0xFF);
665 
666 	address = 0340000; ct = 1;
667 	nsg++;
668 	bulklen += (ct << 9);
669 	command[4*nsg+2] = ct;
670 	command[4*nsg+1] = ((address >> 9) & 0xFF);
671 	command[4*nsg+0] = ((address >> 17) & 0xFF);
672 	command[4*nsg-1] = ((address >> 25) & 0xFF);
673 
674 	address = 01000000; ct = 2;
675 	nsg++;
676 	bulklen += (ct << 9);
677 	command[4*nsg+2] = ct;
678 	command[4*nsg+1] = ((address >> 9) & 0xFF);
679 	command[4*nsg+0] = ((address >> 17) & 0xFF);
680 	command[4*nsg-1] = ((address >> 25) & 0xFF);
681 
682 	command[2] = nsg;
683 
684 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
685 
686 	if (result) {
687 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
688 			     result);
689 		return result;
690 	}
691 
692 	buf = kmalloc(bulklen, GFP_NOIO);
693 	if (!buf)
694 		return -ENOMEM;
695 
696 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
697 				       buf, bulklen, NULL);
698 	kfree(buf);
699 	if (result != USB_STOR_XFER_GOOD) {
700 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
701 			     result);
702 		return -EIO;
703 	}
704 
705 	return 0;
706 }
707 #endif
708 
709 /*
710  * Read Status Command: 12 bytes.
711  * byte 0: opcode: EC
712  *
713  * Returns 64 bytes, all zero except for the first.
714  * bit 0: 1: Error
715  * bit 5: 1: Suspended
716  * bit 6: 1: Ready
717  * bit 7: 1: Not write-protected
718  */
719 
720 static int
721 sddr09_read_status(struct us_data *us, unsigned char *status) {
722 
723 	unsigned char *command = us->iobuf;
724 	unsigned char *data = us->iobuf;
725 	int result;
726 
727 	usb_stor_dbg(us, "Reading status...\n");
728 
729 	memset(command, 0, 12);
730 	command[0] = 0xEC;
731 	command[1] = LUNBITS;
732 
733 	result = sddr09_send_scsi_command(us, command, 12);
734 	if (result)
735 		return result;
736 
737 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
738 				       data, 64, NULL);
739 	*status = data[0];
740 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
741 }
742 
743 static int
744 sddr09_read_data(struct us_data *us,
745 		 unsigned long address,
746 		 unsigned int sectors) {
747 
748 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
749 	unsigned char *buffer;
750 	unsigned int lba, maxlba, pba;
751 	unsigned int page, pages;
752 	unsigned int len, offset;
753 	struct scatterlist *sg;
754 	int result;
755 
756 	// Figure out the initial LBA and page
757 	lba = address >> info->blockshift;
758 	page = (address & info->blockmask);
759 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
760 	if (lba >= maxlba)
761 		return -EIO;
762 
763 	// Since we only read in one block at a time, we have to create
764 	// a bounce buffer and move the data a piece at a time between the
765 	// bounce buffer and the actual transfer buffer.
766 
767 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
768 	buffer = kmalloc(len, GFP_NOIO);
769 	if (!buffer)
770 		return -ENOMEM;
771 
772 	// This could be made much more efficient by checking for
773 	// contiguous LBA's. Another exercise left to the student.
774 
775 	result = 0;
776 	offset = 0;
777 	sg = NULL;
778 
779 	while (sectors > 0) {
780 
781 		/* Find number of pages we can read in this block */
782 		pages = min(sectors, info->blocksize - page);
783 		len = pages << info->pageshift;
784 
785 		/* Not overflowing capacity? */
786 		if (lba >= maxlba) {
787 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
788 				     lba, maxlba);
789 			result = -EIO;
790 			break;
791 		}
792 
793 		/* Find where this lba lives on disk */
794 		pba = info->lba_to_pba[lba];
795 
796 		if (pba == UNDEF) {	/* this lba was never written */
797 
798 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
799 				     pages, lba, page);
800 
801 			/*
802 			 * This is not really an error. It just means
803 			 * that the block has never been written.
804 			 * Instead of returning an error
805 			 * it is better to return all zero data.
806 			 */
807 
808 			memset(buffer, 0, len);
809 
810 		} else {
811 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
812 				     pages, pba, lba, page);
813 
814 			address = ((pba << info->blockshift) + page) <<
815 				info->pageshift;
816 
817 			result = sddr09_read20(us, address>>1,
818 					pages, info->pageshift, buffer, 0);
819 			if (result)
820 				break;
821 		}
822 
823 		// Store the data in the transfer buffer
824 		usb_stor_access_xfer_buf(buffer, len, us->srb,
825 				&sg, &offset, TO_XFER_BUF);
826 
827 		page = 0;
828 		lba++;
829 		sectors -= pages;
830 	}
831 
832 	kfree(buffer);
833 	return result;
834 }
835 
836 static unsigned int
837 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
838 	static unsigned int lastpba = 1;
839 	int zonestart, end, i;
840 
841 	zonestart = (lba/1000) << 10;
842 	end = info->capacity >> (info->blockshift + info->pageshift);
843 	end -= zonestart;
844 	if (end > 1024)
845 		end = 1024;
846 
847 	for (i = lastpba+1; i < end; i++) {
848 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
849 			lastpba = i;
850 			return zonestart+i;
851 		}
852 	}
853 	for (i = 0; i <= lastpba; i++) {
854 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
855 			lastpba = i;
856 			return zonestart+i;
857 		}
858 	}
859 	return 0;
860 }
861 
862 static int
863 sddr09_write_lba(struct us_data *us, unsigned int lba,
864 		 unsigned int page, unsigned int pages,
865 		 unsigned char *ptr, unsigned char *blockbuffer) {
866 
867 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
868 	unsigned long address;
869 	unsigned int pba, lbap;
870 	unsigned int pagelen;
871 	unsigned char *bptr, *cptr, *xptr;
872 	unsigned char ecc[3];
873 	int i, result;
874 
875 	lbap = ((lba % 1000) << 1) | 0x1000;
876 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
877 		lbap ^= 1;
878 	pba = info->lba_to_pba[lba];
879 
880 	if (pba == UNDEF) {
881 		pba = sddr09_find_unused_pba(info, lba);
882 		if (!pba) {
883 			printk(KERN_WARNING
884 			       "sddr09_write_lba: Out of unused blocks\n");
885 			return -ENOSPC;
886 		}
887 		info->pba_to_lba[pba] = lba;
888 		info->lba_to_pba[lba] = pba;
889 	}
890 
891 	if (pba == 1) {
892 		/*
893 		 * Maybe it is impossible to write to PBA 1.
894 		 * Fake success, but don't do anything.
895 		 */
896 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
897 		return 0;
898 	}
899 
900 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
901 
902 	/* read old contents */
903 	address = (pba << (info->pageshift + info->blockshift));
904 	result = sddr09_read22(us, address>>1, info->blocksize,
905 			       info->pageshift, blockbuffer, 0);
906 	if (result)
907 		return result;
908 
909 	/* check old contents and fill lba */
910 	for (i = 0; i < info->blocksize; i++) {
911 		bptr = blockbuffer + i*pagelen;
912 		cptr = bptr + info->pagesize;
913 		nand_compute_ecc(bptr, ecc);
914 		if (!nand_compare_ecc(cptr+13, ecc)) {
915 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
916 				     i, pba);
917 			nand_store_ecc(cptr+13, ecc);
918 		}
919 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
920 		if (!nand_compare_ecc(cptr+8, ecc)) {
921 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
922 				     i, pba);
923 			nand_store_ecc(cptr+8, ecc);
924 		}
925 		cptr[6] = cptr[11] = MSB_of(lbap);
926 		cptr[7] = cptr[12] = LSB_of(lbap);
927 	}
928 
929 	/* copy in new stuff and compute ECC */
930 	xptr = ptr;
931 	for (i = page; i < page+pages; i++) {
932 		bptr = blockbuffer + i*pagelen;
933 		cptr = bptr + info->pagesize;
934 		memcpy(bptr, xptr, info->pagesize);
935 		xptr += info->pagesize;
936 		nand_compute_ecc(bptr, ecc);
937 		nand_store_ecc(cptr+13, ecc);
938 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
939 		nand_store_ecc(cptr+8, ecc);
940 	}
941 
942 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
943 
944 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
945 				      info->pageshift, blockbuffer, 0);
946 
947 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
948 
949 #if 0
950 	{
951 		unsigned char status = 0;
952 		int result2 = sddr09_read_status(us, &status);
953 		if (result2)
954 			usb_stor_dbg(us, "cannot read status\n");
955 		else if (status != 0xc0)
956 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
957 	}
958 #endif
959 
960 #if 0
961 	{
962 		int result2 = sddr09_test_unit_ready(us);
963 	}
964 #endif
965 
966 	return result;
967 }
968 
969 static int
970 sddr09_write_data(struct us_data *us,
971 		  unsigned long address,
972 		  unsigned int sectors) {
973 
974 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
975 	unsigned int lba, maxlba, page, pages;
976 	unsigned int pagelen, blocklen;
977 	unsigned char *blockbuffer;
978 	unsigned char *buffer;
979 	unsigned int len, offset;
980 	struct scatterlist *sg;
981 	int result;
982 
983 	/* Figure out the initial LBA and page */
984 	lba = address >> info->blockshift;
985 	page = (address & info->blockmask);
986 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
987 	if (lba >= maxlba)
988 		return -EIO;
989 
990 	/*
991 	 * blockbuffer is used for reading in the old data, overwriting
992 	 * with the new data, and performing ECC calculations
993 	 */
994 
995 	/*
996 	 * TODO: instead of doing kmalloc/kfree for each write,
997 	 * add a bufferpointer to the info structure
998 	 */
999 
1000 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
1001 	blocklen = (pagelen << info->blockshift);
1002 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
1003 	if (!blockbuffer)
1004 		return -ENOMEM;
1005 
1006 	/*
1007 	 * Since we don't write the user data directly to the device,
1008 	 * we have to create a bounce buffer and move the data a piece
1009 	 * at a time between the bounce buffer and the actual transfer buffer.
1010 	 */
1011 
1012 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1013 	buffer = kmalloc(len, GFP_NOIO);
1014 	if (!buffer) {
1015 		kfree(blockbuffer);
1016 		return -ENOMEM;
1017 	}
1018 
1019 	result = 0;
1020 	offset = 0;
1021 	sg = NULL;
1022 
1023 	while (sectors > 0) {
1024 
1025 		/* Write as many sectors as possible in this block */
1026 
1027 		pages = min(sectors, info->blocksize - page);
1028 		len = (pages << info->pageshift);
1029 
1030 		/* Not overflowing capacity? */
1031 		if (lba >= maxlba) {
1032 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1033 				     lba, maxlba);
1034 			result = -EIO;
1035 			break;
1036 		}
1037 
1038 		/* Get the data from the transfer buffer */
1039 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1040 				&sg, &offset, FROM_XFER_BUF);
1041 
1042 		result = sddr09_write_lba(us, lba, page, pages,
1043 				buffer, blockbuffer);
1044 		if (result)
1045 			break;
1046 
1047 		page = 0;
1048 		lba++;
1049 		sectors -= pages;
1050 	}
1051 
1052 	kfree(buffer);
1053 	kfree(blockbuffer);
1054 
1055 	return result;
1056 }
1057 
1058 static int
1059 sddr09_read_control(struct us_data *us,
1060 		unsigned long address,
1061 		unsigned int blocks,
1062 		unsigned char *content,
1063 		int use_sg) {
1064 
1065 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1066 		     address, blocks);
1067 
1068 	return sddr09_read21(us, address, blocks,
1069 			     CONTROL_SHIFT, content, use_sg);
1070 }
1071 
1072 /*
1073  * Read Device ID Command: 12 bytes.
1074  * byte 0: opcode: ED
1075  *
1076  * Returns 2 bytes: Manufacturer ID and Device ID.
1077  * On more recent cards 3 bytes: the third byte is an option code A5
1078  * signifying that the secret command to read an 128-bit ID is available.
1079  * On still more recent cards 4 bytes: the fourth byte C0 means that
1080  * a second read ID cmd is available.
1081  */
1082 static int
1083 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1084 	unsigned char *command = us->iobuf;
1085 	unsigned char *content = us->iobuf;
1086 	int result, i;
1087 
1088 	memset(command, 0, 12);
1089 	command[0] = 0xED;
1090 	command[1] = LUNBITS;
1091 
1092 	result = sddr09_send_scsi_command(us, command, 12);
1093 	if (result)
1094 		return result;
1095 
1096 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1097 			content, 64, NULL);
1098 
1099 	for (i = 0; i < 4; i++)
1100 		deviceID[i] = content[i];
1101 
1102 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1103 }
1104 
1105 static int
1106 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1107 	int result;
1108 	unsigned char status;
1109 	const char *wp_fmt;
1110 
1111 	result = sddr09_read_status(us, &status);
1112 	if (result) {
1113 		usb_stor_dbg(us, "read_status fails\n");
1114 		return result;
1115 	}
1116 	if ((status & 0x80) == 0) {
1117 		info->flags |= SDDR09_WP;	/* write protected */
1118 		wp_fmt = " WP";
1119 	} else {
1120 		wp_fmt = "";
1121 	}
1122 	usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1123 		     status & 0x40 ? " Ready" : "",
1124 		     status & LUNBITS ? " Suspended" : "",
1125 		     status & 0x01 ? " Error" : "");
1126 
1127 	return 0;
1128 }
1129 
1130 #if 0
1131 /*
1132  * Reset Command: 12 bytes.
1133  * byte 0: opcode: EB
1134  */
1135 static int
1136 sddr09_reset(struct us_data *us) {
1137 
1138 	unsigned char *command = us->iobuf;
1139 
1140 	memset(command, 0, 12);
1141 	command[0] = 0xEB;
1142 	command[1] = LUNBITS;
1143 
1144 	return sddr09_send_scsi_command(us, command, 12);
1145 }
1146 #endif
1147 
1148 static struct nand_flash_dev *
1149 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1150 	struct nand_flash_dev *cardinfo;
1151 	unsigned char deviceID[4];
1152 	char blurbtxt[256];
1153 	int result;
1154 
1155 	usb_stor_dbg(us, "Reading capacity...\n");
1156 
1157 	result = sddr09_read_deviceID(us, deviceID);
1158 
1159 	if (result) {
1160 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1161 		printk(KERN_WARNING "sddr09: could not read card info\n");
1162 		return NULL;
1163 	}
1164 
1165 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1166 
1167 	/* Byte 0 is the manufacturer */
1168 	sprintf(blurbtxt + strlen(blurbtxt),
1169 		": Manuf. %s",
1170 		nand_flash_manufacturer(deviceID[0]));
1171 
1172 	/* Byte 1 is the device type */
1173 	cardinfo = nand_find_id(deviceID[1]);
1174 	if (cardinfo) {
1175 		/*
1176 		 * MB or MiB? It is neither. A 16 MB card has
1177 		 * 17301504 raw bytes, of which 16384000 are
1178 		 * usable for user data.
1179 		 */
1180 		sprintf(blurbtxt + strlen(blurbtxt),
1181 			", %d MB", 1<<(cardinfo->chipshift - 20));
1182 	} else {
1183 		sprintf(blurbtxt + strlen(blurbtxt),
1184 			", type unrecognized");
1185 	}
1186 
1187 	/* Byte 2 is code to signal availability of 128-bit ID */
1188 	if (deviceID[2] == 0xa5) {
1189 		sprintf(blurbtxt + strlen(blurbtxt),
1190 			", 128-bit ID");
1191 	}
1192 
1193 	/* Byte 3 announces the availability of another read ID command */
1194 	if (deviceID[3] == 0xc0) {
1195 		sprintf(blurbtxt + strlen(blurbtxt),
1196 			", extra cmd");
1197 	}
1198 
1199 	if (flags & SDDR09_WP)
1200 		sprintf(blurbtxt + strlen(blurbtxt),
1201 			", WP");
1202 
1203 	printk(KERN_WARNING "%s\n", blurbtxt);
1204 
1205 	return cardinfo;
1206 }
1207 
1208 static int
1209 sddr09_read_map(struct us_data *us) {
1210 
1211 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1212 	int numblocks, alloc_len, alloc_blocks;
1213 	int i, j, result;
1214 	unsigned char *buffer, *buffer_end, *ptr;
1215 	unsigned int lba, lbact;
1216 
1217 	if (!info->capacity)
1218 		return -1;
1219 
1220 	/*
1221 	 * size of a block is 1 << (blockshift + pageshift) bytes
1222 	 * divide into the total capacity to get the number of blocks
1223 	 */
1224 
1225 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1226 
1227 	/*
1228 	 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1229 	 * but only use a 64 KB buffer
1230 	 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1231 	 */
1232 #define SDDR09_READ_MAP_BUFSZ 65536
1233 
1234 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1235 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1236 	buffer = kmalloc(alloc_len, GFP_NOIO);
1237 	if (!buffer) {
1238 		result = -1;
1239 		goto done;
1240 	}
1241 	buffer_end = buffer + alloc_len;
1242 
1243 #undef SDDR09_READ_MAP_BUFSZ
1244 
1245 	kfree(info->lba_to_pba);
1246 	kfree(info->pba_to_lba);
1247 	info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1248 	info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1249 
1250 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1251 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1252 		result = -1;
1253 		goto done;
1254 	}
1255 
1256 	for (i = 0; i < numblocks; i++)
1257 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1258 
1259 	/*
1260 	 * Define lba-pba translation table
1261 	 */
1262 
1263 	ptr = buffer_end;
1264 	for (i = 0; i < numblocks; i++) {
1265 		ptr += (1 << CONTROL_SHIFT);
1266 		if (ptr >= buffer_end) {
1267 			unsigned long address;
1268 
1269 			address = i << (info->pageshift + info->blockshift);
1270 			result = sddr09_read_control(
1271 				us, address>>1,
1272 				min(alloc_blocks, numblocks - i),
1273 				buffer, 0);
1274 			if (result) {
1275 				result = -1;
1276 				goto done;
1277 			}
1278 			ptr = buffer;
1279 		}
1280 
1281 		if (i == 0 || i == 1) {
1282 			info->pba_to_lba[i] = UNUSABLE;
1283 			continue;
1284 		}
1285 
1286 		/* special PBAs have control field 0^16 */
1287 		for (j = 0; j < 16; j++)
1288 			if (ptr[j] != 0)
1289 				goto nonz;
1290 		info->pba_to_lba[i] = UNUSABLE;
1291 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1292 		       i);
1293 		continue;
1294 
1295 	nonz:
1296 		/* unwritten PBAs have control field FF^16 */
1297 		for (j = 0; j < 16; j++)
1298 			if (ptr[j] != 0xff)
1299 				goto nonff;
1300 		continue;
1301 
1302 	nonff:
1303 		/* normal PBAs start with six FFs */
1304 		if (j < 6) {
1305 			printk(KERN_WARNING
1306 			       "sddr09: PBA %d has no logical mapping: "
1307 			       "reserved area = %02X%02X%02X%02X "
1308 			       "data status %02X block status %02X\n",
1309 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1310 			       ptr[4], ptr[5]);
1311 			info->pba_to_lba[i] = UNUSABLE;
1312 			continue;
1313 		}
1314 
1315 		if ((ptr[6] >> 4) != 0x01) {
1316 			printk(KERN_WARNING
1317 			       "sddr09: PBA %d has invalid address field "
1318 			       "%02X%02X/%02X%02X\n",
1319 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1320 			info->pba_to_lba[i] = UNUSABLE;
1321 			continue;
1322 		}
1323 
1324 		/* check even parity */
1325 		if (parity[ptr[6] ^ ptr[7]]) {
1326 			printk(KERN_WARNING
1327 			       "sddr09: Bad parity in LBA for block %d"
1328 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1329 			info->pba_to_lba[i] = UNUSABLE;
1330 			continue;
1331 		}
1332 
1333 		lba = short_pack(ptr[7], ptr[6]);
1334 		lba = (lba & 0x07FF) >> 1;
1335 
1336 		/*
1337 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1338 		 * go back to zero, but are within a higher block of LBA's.
1339 		 * Also, there is a maximum of 1000 LBA's per zone.
1340 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1341 		 * which are really LBA 1000-1999. This allows for 24 bad
1342 		 * or special physical blocks per zone.
1343 		 */
1344 
1345 		if (lba >= 1000) {
1346 			printk(KERN_WARNING
1347 			       "sddr09: Bad low LBA %d for block %d\n",
1348 			       lba, i);
1349 			goto possibly_erase;
1350 		}
1351 
1352 		lba += 1000*(i/0x400);
1353 
1354 		if (info->lba_to_pba[lba] != UNDEF) {
1355 			printk(KERN_WARNING
1356 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1357 			       lba, info->lba_to_pba[lba], i);
1358 			goto possibly_erase;
1359 		}
1360 
1361 		info->pba_to_lba[i] = lba;
1362 		info->lba_to_pba[lba] = i;
1363 		continue;
1364 
1365 	possibly_erase:
1366 		if (erase_bad_lba_entries) {
1367 			unsigned long address;
1368 
1369 			address = (i << (info->pageshift + info->blockshift));
1370 			sddr09_erase(us, address>>1);
1371 			info->pba_to_lba[i] = UNDEF;
1372 		} else
1373 			info->pba_to_lba[i] = UNUSABLE;
1374 	}
1375 
1376 	/*
1377 	 * Approximate capacity. This is not entirely correct yet,
1378 	 * since a zone with less than 1000 usable pages leads to
1379 	 * missing LBAs. Especially if it is the last zone, some
1380 	 * LBAs can be past capacity.
1381 	 */
1382 	lbact = 0;
1383 	for (i = 0; i < numblocks; i += 1024) {
1384 		int ct = 0;
1385 
1386 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1387 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1388 				if (ct >= 1000)
1389 					info->pba_to_lba[i+j] = SPARE;
1390 				else
1391 					ct++;
1392 			}
1393 		}
1394 		lbact += ct;
1395 	}
1396 	info->lbact = lbact;
1397 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1398 	result = 0;
1399 
1400  done:
1401 	if (result != 0) {
1402 		kfree(info->lba_to_pba);
1403 		kfree(info->pba_to_lba);
1404 		info->lba_to_pba = NULL;
1405 		info->pba_to_lba = NULL;
1406 	}
1407 	kfree(buffer);
1408 	return result;
1409 }
1410 
1411 static void
1412 sddr09_card_info_destructor(void *extra) {
1413 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1414 
1415 	if (!info)
1416 		return;
1417 
1418 	kfree(info->lba_to_pba);
1419 	kfree(info->pba_to_lba);
1420 }
1421 
1422 static int
1423 sddr09_common_init(struct us_data *us) {
1424 	int result;
1425 
1426 	/* set the configuration -- STALL is an acceptable response here */
1427 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1428 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1429 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1430 		return -EINVAL;
1431 	}
1432 
1433 	result = usb_reset_configuration(us->pusb_dev);
1434 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1435 	if (result == -EPIPE) {
1436 		usb_stor_dbg(us, "-- stall on control interface\n");
1437 	} else if (result != 0) {
1438 		/* it's not a stall, but another error -- time to bail */
1439 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1440 		return -EINVAL;
1441 	}
1442 
1443 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1444 	if (!us->extra)
1445 		return -ENOMEM;
1446 	us->extra_destructor = sddr09_card_info_destructor;
1447 
1448 	nand_init_ecc();
1449 	return 0;
1450 }
1451 
1452 
1453 /*
1454  * This is needed at a very early stage. If this is not listed in the
1455  * unusual devices list but called from here then LUN 0 of the combo reader
1456  * is not recognized. But I do not know what precisely these calls do.
1457  */
1458 static int
1459 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1460 	int result;
1461 	unsigned char *data = us->iobuf;
1462 
1463 	result = sddr09_common_init(us);
1464 	if (result)
1465 		return result;
1466 
1467 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1468 	if (result) {
1469 		usb_stor_dbg(us, "send_command fails\n");
1470 		return result;
1471 	}
1472 
1473 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1474 	// get 07 02
1475 
1476 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1477 	if (result) {
1478 		usb_stor_dbg(us, "2nd send_command fails\n");
1479 		return result;
1480 	}
1481 
1482 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1483 	// get 07 00
1484 
1485 	result = sddr09_request_sense(us, data, 18);
1486 	if (result == 0 && data[2] != 0) {
1487 		int j;
1488 		for (j=0; j<18; j++)
1489 			printk(" %02X", data[j]);
1490 		printk("\n");
1491 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1492 		// 70: current command
1493 		// sense key 0, sense code 0, extd sense code 0
1494 		// additional transfer length * = sizeof(data) - 7
1495 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1496 		// sense key 06, sense code 28: unit attention,
1497 		// not ready to ready transition
1498 	}
1499 
1500 	// test unit ready
1501 
1502 	return 0;		/* not result */
1503 }
1504 
1505 /*
1506  * Transport for the Microtech DPCM-USB
1507  */
1508 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1509 {
1510 	int ret;
1511 
1512 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1513 
1514 	switch (srb->device->lun) {
1515 	case 0:
1516 
1517 		/*
1518 		 * LUN 0 corresponds to the CompactFlash card reader.
1519 		 */
1520 		ret = usb_stor_CB_transport(srb, us);
1521 		break;
1522 
1523 	case 1:
1524 
1525 		/*
1526 		 * LUN 1 corresponds to the SmartMedia card reader.
1527 		 */
1528 
1529 		/*
1530 		 * Set the LUN to 0 (just in case).
1531 		 */
1532 		srb->device->lun = 0;
1533 		ret = sddr09_transport(srb, us);
1534 		srb->device->lun = 1;
1535 		break;
1536 
1537 	default:
1538 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1539 		ret = USB_STOR_TRANSPORT_ERROR;
1540 		break;
1541 	}
1542 	return ret;
1543 }
1544 
1545 
1546 /*
1547  * Transport for the Sandisk SDDR-09
1548  */
1549 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1550 {
1551 	static unsigned char sensekey = 0, sensecode = 0;
1552 	static unsigned char havefakesense = 0;
1553 	int result, i;
1554 	unsigned char *ptr = us->iobuf;
1555 	unsigned long capacity;
1556 	unsigned int page, pages;
1557 
1558 	struct sddr09_card_info *info;
1559 
1560 	static unsigned char inquiry_response[8] = {
1561 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1562 	};
1563 
1564 	/* note: no block descriptor support */
1565 	static unsigned char mode_page_01[19] = {
1566 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1567 		0x01, 0x0A,
1568 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1569 	};
1570 
1571 	info = (struct sddr09_card_info *)us->extra;
1572 
1573 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1574 		/* for a faked command, we have to follow with a faked sense */
1575 		memset(ptr, 0, 18);
1576 		ptr[0] = 0x70;
1577 		ptr[2] = sensekey;
1578 		ptr[7] = 11;
1579 		ptr[12] = sensecode;
1580 		usb_stor_set_xfer_buf(ptr, 18, srb);
1581 		sensekey = sensecode = havefakesense = 0;
1582 		return USB_STOR_TRANSPORT_GOOD;
1583 	}
1584 
1585 	havefakesense = 1;
1586 
1587 	/*
1588 	 * Dummy up a response for INQUIRY since SDDR09 doesn't
1589 	 * respond to INQUIRY commands
1590 	 */
1591 
1592 	if (srb->cmnd[0] == INQUIRY) {
1593 		memcpy(ptr, inquiry_response, 8);
1594 		fill_inquiry_response(us, ptr, 36);
1595 		return USB_STOR_TRANSPORT_GOOD;
1596 	}
1597 
1598 	if (srb->cmnd[0] == READ_CAPACITY) {
1599 		struct nand_flash_dev *cardinfo;
1600 
1601 		sddr09_get_wp(us, info);	/* read WP bit */
1602 
1603 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1604 		if (!cardinfo) {
1605 			/* probably no media */
1606 		init_error:
1607 			sensekey = 0x02;	/* not ready */
1608 			sensecode = 0x3a;	/* medium not present */
1609 			return USB_STOR_TRANSPORT_FAILED;
1610 		}
1611 
1612 		info->capacity = (1 << cardinfo->chipshift);
1613 		info->pageshift = cardinfo->pageshift;
1614 		info->pagesize = (1 << info->pageshift);
1615 		info->blockshift = cardinfo->blockshift;
1616 		info->blocksize = (1 << info->blockshift);
1617 		info->blockmask = info->blocksize - 1;
1618 
1619 		// map initialization, must follow get_cardinfo()
1620 		if (sddr09_read_map(us)) {
1621 			/* probably out of memory */
1622 			goto init_error;
1623 		}
1624 
1625 		// Report capacity
1626 
1627 		capacity = (info->lbact << info->blockshift) - 1;
1628 
1629 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1630 
1631 		// Report page size
1632 
1633 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1634 		usb_stor_set_xfer_buf(ptr, 8, srb);
1635 
1636 		return USB_STOR_TRANSPORT_GOOD;
1637 	}
1638 
1639 	if (srb->cmnd[0] == MODE_SENSE_10) {
1640 		int modepage = (srb->cmnd[2] & 0x3F);
1641 
1642 		/*
1643 		 * They ask for the Read/Write error recovery page,
1644 		 * or for all pages.
1645 		 */
1646 		/* %% We should check DBD %% */
1647 		if (modepage == 0x01 || modepage == 0x3F) {
1648 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1649 				     modepage);
1650 
1651 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1652 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1653 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1654 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1655 			return USB_STOR_TRANSPORT_GOOD;
1656 		}
1657 
1658 		sensekey = 0x05;	/* illegal request */
1659 		sensecode = 0x24;	/* invalid field in CDB */
1660 		return USB_STOR_TRANSPORT_FAILED;
1661 	}
1662 
1663 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1664 		return USB_STOR_TRANSPORT_GOOD;
1665 
1666 	havefakesense = 0;
1667 
1668 	if (srb->cmnd[0] == READ_10) {
1669 
1670 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1671 		page <<= 16;
1672 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1673 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1674 
1675 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1676 			     page, pages);
1677 
1678 		result = sddr09_read_data(us, page, pages);
1679 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1680 				USB_STOR_TRANSPORT_ERROR);
1681 	}
1682 
1683 	if (srb->cmnd[0] == WRITE_10) {
1684 
1685 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1686 		page <<= 16;
1687 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1688 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1689 
1690 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1691 			     page, pages);
1692 
1693 		result = sddr09_write_data(us, page, pages);
1694 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1695 				USB_STOR_TRANSPORT_ERROR);
1696 	}
1697 
1698 	/*
1699 	 * catch-all for all other commands, except
1700 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1701 	 */
1702 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1703 	    srb->cmnd[0] != REQUEST_SENSE) {
1704 		sensekey = 0x05;	/* illegal request */
1705 		sensecode = 0x20;	/* invalid command */
1706 		havefakesense = 1;
1707 		return USB_STOR_TRANSPORT_FAILED;
1708 	}
1709 
1710 	for (; srb->cmd_len<12; srb->cmd_len++)
1711 		srb->cmnd[srb->cmd_len] = 0;
1712 
1713 	srb->cmnd[1] = LUNBITS;
1714 
1715 	ptr[0] = 0;
1716 	for (i=0; i<12; i++)
1717 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1718 
1719 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1720 
1721 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1722 	if (result) {
1723 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1724 			     result);
1725 		return USB_STOR_TRANSPORT_ERROR;
1726 	}
1727 
1728 	if (scsi_bufflen(srb) == 0)
1729 		return USB_STOR_TRANSPORT_GOOD;
1730 
1731 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1732 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1733 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1734 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1735 
1736 		usb_stor_dbg(us, "%s %d bytes\n",
1737 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1738 			     "sending" : "receiving",
1739 			     scsi_bufflen(srb));
1740 
1741 		result = usb_stor_bulk_srb(us, pipe, srb);
1742 
1743 		return (result == USB_STOR_XFER_GOOD ?
1744 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1745 	}
1746 
1747 	return USB_STOR_TRANSPORT_GOOD;
1748 }
1749 
1750 /*
1751  * Initialization routine for the sddr09 subdriver
1752  */
1753 static int
1754 usb_stor_sddr09_init(struct us_data *us) {
1755 	return sddr09_common_init(us);
1756 }
1757 
1758 static struct scsi_host_template sddr09_host_template;
1759 
1760 static int sddr09_probe(struct usb_interface *intf,
1761 			 const struct usb_device_id *id)
1762 {
1763 	struct us_data *us;
1764 	int result;
1765 
1766 	result = usb_stor_probe1(&us, intf, id,
1767 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1768 			&sddr09_host_template);
1769 	if (result)
1770 		return result;
1771 
1772 	if (us->protocol == USB_PR_DPCM_USB) {
1773 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1774 		us->transport = dpcm_transport;
1775 		us->transport_reset = usb_stor_CB_reset;
1776 		us->max_lun = 1;
1777 	} else {
1778 		us->transport_name = "EUSB/SDDR09";
1779 		us->transport = sddr09_transport;
1780 		us->transport_reset = usb_stor_CB_reset;
1781 		us->max_lun = 0;
1782 	}
1783 
1784 	result = usb_stor_probe2(us);
1785 	return result;
1786 }
1787 
1788 static struct usb_driver sddr09_driver = {
1789 	.name =		DRV_NAME,
1790 	.probe =	sddr09_probe,
1791 	.disconnect =	usb_stor_disconnect,
1792 	.suspend =	usb_stor_suspend,
1793 	.resume =	usb_stor_resume,
1794 	.reset_resume =	usb_stor_reset_resume,
1795 	.pre_reset =	usb_stor_pre_reset,
1796 	.post_reset =	usb_stor_post_reset,
1797 	.id_table =	sddr09_usb_ids,
1798 	.soft_unbind =	1,
1799 	.no_dynamic_id = 1,
1800 };
1801 
1802 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1803