1 /* Driver for USB Mass Storage compliant devices 2 * 3 * Current development and maintenance by: 4 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net) 5 * 6 * Developed with the assistance of: 7 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org) 8 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov) 9 * (c) 2002 Alan Stern <stern@rowland.org> 10 * 11 * Initial work by: 12 * (c) 1999 Michael Gee (michael@linuxspecific.com) 13 * 14 * This driver is based on the 'USB Mass Storage Class' document. This 15 * describes in detail the protocol used to communicate with such 16 * devices. Clearly, the designers had SCSI and ATAPI commands in 17 * mind when they created this document. The commands are all very 18 * similar to commands in the SCSI-II and ATAPI specifications. 19 * 20 * It is important to note that in a number of cases this class 21 * exhibits class-specific exemptions from the USB specification. 22 * Notably the usage of NAK, STALL and ACK differs from the norm, in 23 * that they are used to communicate wait, failed and OK on commands. 24 * 25 * Also, for certain devices, the interrupt endpoint is used to convey 26 * status of a command. 27 * 28 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more 29 * information about this driver. 30 * 31 * This program is free software; you can redistribute it and/or modify it 32 * under the terms of the GNU General Public License as published by the 33 * Free Software Foundation; either version 2, or (at your option) any 34 * later version. 35 * 36 * This program is distributed in the hope that it will be useful, but 37 * WITHOUT ANY WARRANTY; without even the implied warranty of 38 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 39 * General Public License for more details. 40 * 41 * You should have received a copy of the GNU General Public License along 42 * with this program; if not, write to the Free Software Foundation, Inc., 43 * 675 Mass Ave, Cambridge, MA 02139, USA. 44 */ 45 46 #include <linux/sched.h> 47 #include <linux/gfp.h> 48 #include <linux/errno.h> 49 #include <linux/export.h> 50 51 #include <linux/usb/quirks.h> 52 53 #include <scsi/scsi.h> 54 #include <scsi/scsi_eh.h> 55 #include <scsi/scsi_device.h> 56 57 #include "usb.h" 58 #include "transport.h" 59 #include "protocol.h" 60 #include "scsiglue.h" 61 #include "debug.h" 62 63 #include <linux/blkdev.h> 64 #include "../../scsi/sd.h" 65 66 67 /*********************************************************************** 68 * Data transfer routines 69 ***********************************************************************/ 70 71 /* 72 * This is subtle, so pay attention: 73 * --------------------------------- 74 * We're very concerned about races with a command abort. Hanging this code 75 * is a sure fire way to hang the kernel. (Note that this discussion applies 76 * only to transactions resulting from a scsi queued-command, since only 77 * these transactions are subject to a scsi abort. Other transactions, such 78 * as those occurring during device-specific initialization, must be handled 79 * by a separate code path.) 80 * 81 * The abort function (usb_storage_command_abort() in scsiglue.c) first 82 * sets the machine state and the ABORTING bit in us->dflags to prevent 83 * new URBs from being submitted. It then calls usb_stor_stop_transport() 84 * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags 85 * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE 86 * bit is tested to see if the current_sg scatter-gather request needs to be 87 * stopped. The timeout callback routine does much the same thing. 88 * 89 * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to 90 * prevent new URBs from being submitted, and usb_stor_stop_transport() is 91 * called to stop any ongoing requests. 92 * 93 * The submit function first verifies that the submitting is allowed 94 * (neither ABORTING nor DISCONNECTING bits are set) and that the submit 95 * completes without errors, and only then sets the URB_ACTIVE bit. This 96 * prevents the stop_transport() function from trying to cancel the URB 97 * while the submit call is underway. Next, the submit function must test 98 * the flags to see if an abort or disconnect occurred during the submission 99 * or before the URB_ACTIVE bit was set. If so, it's essential to cancel 100 * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit 101 * is still set). Either way, the function must then wait for the URB to 102 * finish. Note that the URB can still be in progress even after a call to 103 * usb_unlink_urb() returns. 104 * 105 * The idea is that (1) once the ABORTING or DISCONNECTING bit is set, 106 * either the stop_transport() function or the submitting function 107 * is guaranteed to call usb_unlink_urb() for an active URB, 108 * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being 109 * called more than once or from being called during usb_submit_urb(). 110 */ 111 112 /* This is the completion handler which will wake us up when an URB 113 * completes. 114 */ 115 static void usb_stor_blocking_completion(struct urb *urb) 116 { 117 struct completion *urb_done_ptr = urb->context; 118 119 complete(urb_done_ptr); 120 } 121 122 /* This is the common part of the URB message submission code 123 * 124 * All URBs from the usb-storage driver involved in handling a queued scsi 125 * command _must_ pass through this function (or something like it) for the 126 * abort mechanisms to work properly. 127 */ 128 static int usb_stor_msg_common(struct us_data *us, int timeout) 129 { 130 struct completion urb_done; 131 long timeleft; 132 int status; 133 134 /* don't submit URBs during abort processing */ 135 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) 136 return -EIO; 137 138 /* set up data structures for the wakeup system */ 139 init_completion(&urb_done); 140 141 /* fill the common fields in the URB */ 142 us->current_urb->context = &urb_done; 143 us->current_urb->transfer_flags = 0; 144 145 /* we assume that if transfer_buffer isn't us->iobuf then it 146 * hasn't been mapped for DMA. Yes, this is clunky, but it's 147 * easier than always having the caller tell us whether the 148 * transfer buffer has already been mapped. */ 149 if (us->current_urb->transfer_buffer == us->iobuf) 150 us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; 151 us->current_urb->transfer_dma = us->iobuf_dma; 152 153 /* submit the URB */ 154 status = usb_submit_urb(us->current_urb, GFP_NOIO); 155 if (status) { 156 /* something went wrong */ 157 return status; 158 } 159 160 /* since the URB has been submitted successfully, it's now okay 161 * to cancel it */ 162 set_bit(US_FLIDX_URB_ACTIVE, &us->dflags); 163 164 /* did an abort occur during the submission? */ 165 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { 166 167 /* cancel the URB, if it hasn't been cancelled already */ 168 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) { 169 usb_stor_dbg(us, "-- cancelling URB\n"); 170 usb_unlink_urb(us->current_urb); 171 } 172 } 173 174 /* wait for the completion of the URB */ 175 timeleft = wait_for_completion_interruptible_timeout( 176 &urb_done, timeout ? : MAX_SCHEDULE_TIMEOUT); 177 178 clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags); 179 180 if (timeleft <= 0) { 181 usb_stor_dbg(us, "%s -- cancelling URB\n", 182 timeleft == 0 ? "Timeout" : "Signal"); 183 usb_kill_urb(us->current_urb); 184 } 185 186 /* return the URB status */ 187 return us->current_urb->status; 188 } 189 190 /* 191 * Transfer one control message, with timeouts, and allowing early 192 * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx. 193 */ 194 int usb_stor_control_msg(struct us_data *us, unsigned int pipe, 195 u8 request, u8 requesttype, u16 value, u16 index, 196 void *data, u16 size, int timeout) 197 { 198 int status; 199 200 usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n", 201 request, requesttype, value, index, size); 202 203 /* fill in the devrequest structure */ 204 us->cr->bRequestType = requesttype; 205 us->cr->bRequest = request; 206 us->cr->wValue = cpu_to_le16(value); 207 us->cr->wIndex = cpu_to_le16(index); 208 us->cr->wLength = cpu_to_le16(size); 209 210 /* fill and submit the URB */ 211 usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 212 (unsigned char*) us->cr, data, size, 213 usb_stor_blocking_completion, NULL); 214 status = usb_stor_msg_common(us, timeout); 215 216 /* return the actual length of the data transferred if no error */ 217 if (status == 0) 218 status = us->current_urb->actual_length; 219 return status; 220 } 221 EXPORT_SYMBOL_GPL(usb_stor_control_msg); 222 223 /* This is a version of usb_clear_halt() that allows early termination and 224 * doesn't read the status from the device -- this is because some devices 225 * crash their internal firmware when the status is requested after a halt. 226 * 227 * A definitive list of these 'bad' devices is too difficult to maintain or 228 * make complete enough to be useful. This problem was first observed on the 229 * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither 230 * MacOS nor Windows checks the status after clearing a halt. 231 * 232 * Since many vendors in this space limit their testing to interoperability 233 * with these two OSes, specification violations like this one are common. 234 */ 235 int usb_stor_clear_halt(struct us_data *us, unsigned int pipe) 236 { 237 int result; 238 int endp = usb_pipeendpoint(pipe); 239 240 if (usb_pipein (pipe)) 241 endp |= USB_DIR_IN; 242 243 result = usb_stor_control_msg(us, us->send_ctrl_pipe, 244 USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT, 245 USB_ENDPOINT_HALT, endp, 246 NULL, 0, 3*HZ); 247 248 if (result >= 0) 249 usb_reset_endpoint(us->pusb_dev, endp); 250 251 usb_stor_dbg(us, "result = %d\n", result); 252 return result; 253 } 254 EXPORT_SYMBOL_GPL(usb_stor_clear_halt); 255 256 257 /* 258 * Interpret the results of a URB transfer 259 * 260 * This function prints appropriate debugging messages, clears halts on 261 * non-control endpoints, and translates the status to the corresponding 262 * USB_STOR_XFER_xxx return code. 263 */ 264 static int interpret_urb_result(struct us_data *us, unsigned int pipe, 265 unsigned int length, int result, unsigned int partial) 266 { 267 usb_stor_dbg(us, "Status code %d; transferred %u/%u\n", 268 result, partial, length); 269 switch (result) { 270 271 /* no error code; did we send all the data? */ 272 case 0: 273 if (partial != length) { 274 usb_stor_dbg(us, "-- short transfer\n"); 275 return USB_STOR_XFER_SHORT; 276 } 277 278 usb_stor_dbg(us, "-- transfer complete\n"); 279 return USB_STOR_XFER_GOOD; 280 281 /* stalled */ 282 case -EPIPE: 283 /* for control endpoints, (used by CB[I]) a stall indicates 284 * a failed command */ 285 if (usb_pipecontrol(pipe)) { 286 usb_stor_dbg(us, "-- stall on control pipe\n"); 287 return USB_STOR_XFER_STALLED; 288 } 289 290 /* for other sorts of endpoint, clear the stall */ 291 usb_stor_dbg(us, "clearing endpoint halt for pipe 0x%x\n", 292 pipe); 293 if (usb_stor_clear_halt(us, pipe) < 0) 294 return USB_STOR_XFER_ERROR; 295 return USB_STOR_XFER_STALLED; 296 297 /* babble - the device tried to send more than we wanted to read */ 298 case -EOVERFLOW: 299 usb_stor_dbg(us, "-- babble\n"); 300 return USB_STOR_XFER_LONG; 301 302 /* the transfer was cancelled by abort, disconnect, or timeout */ 303 case -ECONNRESET: 304 usb_stor_dbg(us, "-- transfer cancelled\n"); 305 return USB_STOR_XFER_ERROR; 306 307 /* short scatter-gather read transfer */ 308 case -EREMOTEIO: 309 usb_stor_dbg(us, "-- short read transfer\n"); 310 return USB_STOR_XFER_SHORT; 311 312 /* abort or disconnect in progress */ 313 case -EIO: 314 usb_stor_dbg(us, "-- abort or disconnect in progress\n"); 315 return USB_STOR_XFER_ERROR; 316 317 /* the catch-all error case */ 318 default: 319 usb_stor_dbg(us, "-- unknown error\n"); 320 return USB_STOR_XFER_ERROR; 321 } 322 } 323 324 /* 325 * Transfer one control message, without timeouts, but allowing early 326 * termination. Return codes are USB_STOR_XFER_xxx. 327 */ 328 int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe, 329 u8 request, u8 requesttype, u16 value, u16 index, 330 void *data, u16 size) 331 { 332 int result; 333 334 usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n", 335 request, requesttype, value, index, size); 336 337 /* fill in the devrequest structure */ 338 us->cr->bRequestType = requesttype; 339 us->cr->bRequest = request; 340 us->cr->wValue = cpu_to_le16(value); 341 us->cr->wIndex = cpu_to_le16(index); 342 us->cr->wLength = cpu_to_le16(size); 343 344 /* fill and submit the URB */ 345 usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 346 (unsigned char*) us->cr, data, size, 347 usb_stor_blocking_completion, NULL); 348 result = usb_stor_msg_common(us, 0); 349 350 return interpret_urb_result(us, pipe, size, result, 351 us->current_urb->actual_length); 352 } 353 EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer); 354 355 /* 356 * Receive one interrupt buffer, without timeouts, but allowing early 357 * termination. Return codes are USB_STOR_XFER_xxx. 358 * 359 * This routine always uses us->recv_intr_pipe as the pipe and 360 * us->ep_bInterval as the interrupt interval. 361 */ 362 static int usb_stor_intr_transfer(struct us_data *us, void *buf, 363 unsigned int length) 364 { 365 int result; 366 unsigned int pipe = us->recv_intr_pipe; 367 unsigned int maxp; 368 369 usb_stor_dbg(us, "xfer %u bytes\n", length); 370 371 /* calculate the max packet size */ 372 maxp = usb_maxpacket(us->pusb_dev, pipe, usb_pipeout(pipe)); 373 if (maxp > length) 374 maxp = length; 375 376 /* fill and submit the URB */ 377 usb_fill_int_urb(us->current_urb, us->pusb_dev, pipe, buf, 378 maxp, usb_stor_blocking_completion, NULL, 379 us->ep_bInterval); 380 result = usb_stor_msg_common(us, 0); 381 382 return interpret_urb_result(us, pipe, length, result, 383 us->current_urb->actual_length); 384 } 385 386 /* 387 * Transfer one buffer via bulk pipe, without timeouts, but allowing early 388 * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe 389 * stalls during the transfer, the halt is automatically cleared. 390 */ 391 int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe, 392 void *buf, unsigned int length, unsigned int *act_len) 393 { 394 int result; 395 396 usb_stor_dbg(us, "xfer %u bytes\n", length); 397 398 /* fill and submit the URB */ 399 usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, buf, length, 400 usb_stor_blocking_completion, NULL); 401 result = usb_stor_msg_common(us, 0); 402 403 /* store the actual length of the data transferred */ 404 if (act_len) 405 *act_len = us->current_urb->actual_length; 406 return interpret_urb_result(us, pipe, length, result, 407 us->current_urb->actual_length); 408 } 409 EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf); 410 411 /* 412 * Transfer a scatter-gather list via bulk transfer 413 * 414 * This function does basically the same thing as usb_stor_bulk_transfer_buf() 415 * above, but it uses the usbcore scatter-gather library. 416 */ 417 static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe, 418 struct scatterlist *sg, int num_sg, unsigned int length, 419 unsigned int *act_len) 420 { 421 int result; 422 423 /* don't submit s-g requests during abort processing */ 424 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) 425 return USB_STOR_XFER_ERROR; 426 427 /* initialize the scatter-gather request block */ 428 usb_stor_dbg(us, "xfer %u bytes, %d entries\n", length, num_sg); 429 result = usb_sg_init(&us->current_sg, us->pusb_dev, pipe, 0, 430 sg, num_sg, length, GFP_NOIO); 431 if (result) { 432 usb_stor_dbg(us, "usb_sg_init returned %d\n", result); 433 return USB_STOR_XFER_ERROR; 434 } 435 436 /* since the block has been initialized successfully, it's now 437 * okay to cancel it */ 438 set_bit(US_FLIDX_SG_ACTIVE, &us->dflags); 439 440 /* did an abort occur during the submission? */ 441 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { 442 443 /* cancel the request, if it hasn't been cancelled already */ 444 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) { 445 usb_stor_dbg(us, "-- cancelling sg request\n"); 446 usb_sg_cancel(&us->current_sg); 447 } 448 } 449 450 /* wait for the completion of the transfer */ 451 usb_sg_wait(&us->current_sg); 452 clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags); 453 454 result = us->current_sg.status; 455 if (act_len) 456 *act_len = us->current_sg.bytes; 457 return interpret_urb_result(us, pipe, length, result, 458 us->current_sg.bytes); 459 } 460 461 /* 462 * Common used function. Transfer a complete command 463 * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid 464 */ 465 int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe, 466 struct scsi_cmnd* srb) 467 { 468 unsigned int partial; 469 int result = usb_stor_bulk_transfer_sglist(us, pipe, scsi_sglist(srb), 470 scsi_sg_count(srb), scsi_bufflen(srb), 471 &partial); 472 473 scsi_set_resid(srb, scsi_bufflen(srb) - partial); 474 return result; 475 } 476 EXPORT_SYMBOL_GPL(usb_stor_bulk_srb); 477 478 /* 479 * Transfer an entire SCSI command's worth of data payload over the bulk 480 * pipe. 481 * 482 * Note that this uses usb_stor_bulk_transfer_buf() and 483 * usb_stor_bulk_transfer_sglist() to achieve its goals -- 484 * this function simply determines whether we're going to use 485 * scatter-gather or not, and acts appropriately. 486 */ 487 int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe, 488 void *buf, unsigned int length_left, int use_sg, int *residual) 489 { 490 int result; 491 unsigned int partial; 492 493 /* are we scatter-gathering? */ 494 if (use_sg) { 495 /* use the usb core scatter-gather primitives */ 496 result = usb_stor_bulk_transfer_sglist(us, pipe, 497 (struct scatterlist *) buf, use_sg, 498 length_left, &partial); 499 length_left -= partial; 500 } else { 501 /* no scatter-gather, just make the request */ 502 result = usb_stor_bulk_transfer_buf(us, pipe, buf, 503 length_left, &partial); 504 length_left -= partial; 505 } 506 507 /* store the residual and return the error code */ 508 if (residual) 509 *residual = length_left; 510 return result; 511 } 512 EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg); 513 514 /*********************************************************************** 515 * Transport routines 516 ***********************************************************************/ 517 518 /* There are so many devices that report the capacity incorrectly, 519 * this routine was written to counteract some of the resulting 520 * problems. 521 */ 522 static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb) 523 { 524 struct gendisk *disk; 525 struct scsi_disk *sdkp; 526 u32 sector; 527 528 /* To Report "Medium Error: Record Not Found */ 529 static unsigned char record_not_found[18] = { 530 [0] = 0x70, /* current error */ 531 [2] = MEDIUM_ERROR, /* = 0x03 */ 532 [7] = 0x0a, /* additional length */ 533 [12] = 0x14 /* Record Not Found */ 534 }; 535 536 /* If last-sector problems can't occur, whether because the 537 * capacity was already decremented or because the device is 538 * known to report the correct capacity, then we don't need 539 * to do anything. 540 */ 541 if (!us->use_last_sector_hacks) 542 return; 543 544 /* Was this command a READ(10) or a WRITE(10)? */ 545 if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10) 546 goto done; 547 548 /* Did this command access the last sector? */ 549 sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) | 550 (srb->cmnd[4] << 8) | (srb->cmnd[5]); 551 disk = srb->request->rq_disk; 552 if (!disk) 553 goto done; 554 sdkp = scsi_disk(disk); 555 if (!sdkp) 556 goto done; 557 if (sector + 1 != sdkp->capacity) 558 goto done; 559 560 if (srb->result == SAM_STAT_GOOD && scsi_get_resid(srb) == 0) { 561 562 /* The command succeeded. We know this device doesn't 563 * have the last-sector bug, so stop checking it. 564 */ 565 us->use_last_sector_hacks = 0; 566 567 } else { 568 /* The command failed. Allow up to 3 retries in case this 569 * is some normal sort of failure. After that, assume the 570 * capacity is wrong and we're trying to access the sector 571 * beyond the end. Replace the result code and sense data 572 * with values that will cause the SCSI core to fail the 573 * command immediately, instead of going into an infinite 574 * (or even just a very long) retry loop. 575 */ 576 if (++us->last_sector_retries < 3) 577 return; 578 srb->result = SAM_STAT_CHECK_CONDITION; 579 memcpy(srb->sense_buffer, record_not_found, 580 sizeof(record_not_found)); 581 } 582 583 done: 584 /* Don't reset the retry counter for TEST UNIT READY commands, 585 * because they get issued after device resets which might be 586 * caused by a failed last-sector access. 587 */ 588 if (srb->cmnd[0] != TEST_UNIT_READY) 589 us->last_sector_retries = 0; 590 } 591 592 /* Invoke the transport and basic error-handling/recovery methods 593 * 594 * This is used by the protocol layers to actually send the message to 595 * the device and receive the response. 596 */ 597 void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us) 598 { 599 int need_auto_sense; 600 int result; 601 602 /* send the command to the transport layer */ 603 scsi_set_resid(srb, 0); 604 result = us->transport(srb, us); 605 606 /* if the command gets aborted by the higher layers, we need to 607 * short-circuit all other processing 608 */ 609 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { 610 usb_stor_dbg(us, "-- command was aborted\n"); 611 srb->result = DID_ABORT << 16; 612 goto Handle_Errors; 613 } 614 615 /* if there is a transport error, reset and don't auto-sense */ 616 if (result == USB_STOR_TRANSPORT_ERROR) { 617 usb_stor_dbg(us, "-- transport indicates error, resetting\n"); 618 srb->result = DID_ERROR << 16; 619 goto Handle_Errors; 620 } 621 622 /* if the transport provided its own sense data, don't auto-sense */ 623 if (result == USB_STOR_TRANSPORT_NO_SENSE) { 624 srb->result = SAM_STAT_CHECK_CONDITION; 625 last_sector_hacks(us, srb); 626 return; 627 } 628 629 srb->result = SAM_STAT_GOOD; 630 631 /* Determine if we need to auto-sense 632 * 633 * I normally don't use a flag like this, but it's almost impossible 634 * to understand what's going on here if I don't. 635 */ 636 need_auto_sense = 0; 637 638 /* 639 * If we're running the CB transport, which is incapable 640 * of determining status on its own, we will auto-sense 641 * unless the operation involved a data-in transfer. Devices 642 * can signal most data-in errors by stalling the bulk-in pipe. 643 */ 644 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_DPCM_USB) && 645 srb->sc_data_direction != DMA_FROM_DEVICE) { 646 usb_stor_dbg(us, "-- CB transport device requiring auto-sense\n"); 647 need_auto_sense = 1; 648 } 649 650 /* 651 * If we have a failure, we're going to do a REQUEST_SENSE 652 * automatically. Note that we differentiate between a command 653 * "failure" and an "error" in the transport mechanism. 654 */ 655 if (result == USB_STOR_TRANSPORT_FAILED) { 656 usb_stor_dbg(us, "-- transport indicates command failure\n"); 657 need_auto_sense = 1; 658 } 659 660 /* 661 * Determine if this device is SAT by seeing if the 662 * command executed successfully. Otherwise we'll have 663 * to wait for at least one CHECK_CONDITION to determine 664 * SANE_SENSE support 665 */ 666 if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) && 667 result == USB_STOR_TRANSPORT_GOOD && 668 !(us->fflags & US_FL_SANE_SENSE) && 669 !(us->fflags & US_FL_BAD_SENSE) && 670 !(srb->cmnd[2] & 0x20))) { 671 usb_stor_dbg(us, "-- SAT supported, increasing auto-sense\n"); 672 us->fflags |= US_FL_SANE_SENSE; 673 } 674 675 /* 676 * A short transfer on a command where we don't expect it 677 * is unusual, but it doesn't mean we need to auto-sense. 678 */ 679 if ((scsi_get_resid(srb) > 0) && 680 !((srb->cmnd[0] == REQUEST_SENSE) || 681 (srb->cmnd[0] == INQUIRY) || 682 (srb->cmnd[0] == MODE_SENSE) || 683 (srb->cmnd[0] == LOG_SENSE) || 684 (srb->cmnd[0] == MODE_SENSE_10))) { 685 usb_stor_dbg(us, "-- unexpectedly short transfer\n"); 686 } 687 688 /* Now, if we need to do the auto-sense, let's do it */ 689 if (need_auto_sense) { 690 int temp_result; 691 struct scsi_eh_save ses; 692 int sense_size = US_SENSE_SIZE; 693 struct scsi_sense_hdr sshdr; 694 const u8 *scdd; 695 u8 fm_ili; 696 697 /* device supports and needs bigger sense buffer */ 698 if (us->fflags & US_FL_SANE_SENSE) 699 sense_size = ~0; 700 Retry_Sense: 701 usb_stor_dbg(us, "Issuing auto-REQUEST_SENSE\n"); 702 703 scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sense_size); 704 705 /* FIXME: we must do the protocol translation here */ 706 if (us->subclass == USB_SC_RBC || us->subclass == USB_SC_SCSI || 707 us->subclass == USB_SC_CYP_ATACB) 708 srb->cmd_len = 6; 709 else 710 srb->cmd_len = 12; 711 712 /* issue the auto-sense command */ 713 scsi_set_resid(srb, 0); 714 temp_result = us->transport(us->srb, us); 715 716 /* let's clean up right away */ 717 scsi_eh_restore_cmnd(srb, &ses); 718 719 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { 720 usb_stor_dbg(us, "-- auto-sense aborted\n"); 721 srb->result = DID_ABORT << 16; 722 723 /* If SANE_SENSE caused this problem, disable it */ 724 if (sense_size != US_SENSE_SIZE) { 725 us->fflags &= ~US_FL_SANE_SENSE; 726 us->fflags |= US_FL_BAD_SENSE; 727 } 728 goto Handle_Errors; 729 } 730 731 /* Some devices claim to support larger sense but fail when 732 * trying to request it. When a transport failure happens 733 * using US_FS_SANE_SENSE, we always retry with a standard 734 * (small) sense request. This fixes some USB GSM modems 735 */ 736 if (temp_result == USB_STOR_TRANSPORT_FAILED && 737 sense_size != US_SENSE_SIZE) { 738 usb_stor_dbg(us, "-- auto-sense failure, retry small sense\n"); 739 sense_size = US_SENSE_SIZE; 740 us->fflags &= ~US_FL_SANE_SENSE; 741 us->fflags |= US_FL_BAD_SENSE; 742 goto Retry_Sense; 743 } 744 745 /* Other failures */ 746 if (temp_result != USB_STOR_TRANSPORT_GOOD) { 747 usb_stor_dbg(us, "-- auto-sense failure\n"); 748 749 /* we skip the reset if this happens to be a 750 * multi-target device, since failure of an 751 * auto-sense is perfectly valid 752 */ 753 srb->result = DID_ERROR << 16; 754 if (!(us->fflags & US_FL_SCM_MULT_TARG)) 755 goto Handle_Errors; 756 return; 757 } 758 759 /* If the sense data returned is larger than 18-bytes then we 760 * assume this device supports requesting more in the future. 761 * The response code must be 70h through 73h inclusive. 762 */ 763 if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) && 764 !(us->fflags & US_FL_SANE_SENSE) && 765 !(us->fflags & US_FL_BAD_SENSE) && 766 (srb->sense_buffer[0] & 0x7C) == 0x70) { 767 usb_stor_dbg(us, "-- SANE_SENSE support enabled\n"); 768 us->fflags |= US_FL_SANE_SENSE; 769 770 /* Indicate to the user that we truncated their sense 771 * because we didn't know it supported larger sense. 772 */ 773 usb_stor_dbg(us, "-- Sense data truncated to %i from %i\n", 774 US_SENSE_SIZE, 775 srb->sense_buffer[7] + 8); 776 srb->sense_buffer[7] = (US_SENSE_SIZE - 8); 777 } 778 779 scsi_normalize_sense(srb->sense_buffer, SCSI_SENSE_BUFFERSIZE, 780 &sshdr); 781 782 usb_stor_dbg(us, "-- Result from auto-sense is %d\n", 783 temp_result); 784 usb_stor_dbg(us, "-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n", 785 sshdr.response_code, sshdr.sense_key, 786 sshdr.asc, sshdr.ascq); 787 #ifdef CONFIG_USB_STORAGE_DEBUG 788 usb_stor_show_sense(us, sshdr.sense_key, sshdr.asc, sshdr.ascq); 789 #endif 790 791 /* set the result so the higher layers expect this data */ 792 srb->result = SAM_STAT_CHECK_CONDITION; 793 794 scdd = scsi_sense_desc_find(srb->sense_buffer, 795 SCSI_SENSE_BUFFERSIZE, 4); 796 fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0; 797 798 /* We often get empty sense data. This could indicate that 799 * everything worked or that there was an unspecified 800 * problem. We have to decide which. 801 */ 802 if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 && 803 fm_ili == 0) { 804 /* If things are really okay, then let's show that. 805 * Zero out the sense buffer so the higher layers 806 * won't realize we did an unsolicited auto-sense. 807 */ 808 if (result == USB_STOR_TRANSPORT_GOOD) { 809 srb->result = SAM_STAT_GOOD; 810 srb->sense_buffer[0] = 0x0; 811 812 /* If there was a problem, report an unspecified 813 * hardware error to prevent the higher layers from 814 * entering an infinite retry loop. 815 */ 816 } else { 817 srb->result = DID_ERROR << 16; 818 if ((sshdr.response_code & 0x72) == 0x72) 819 srb->sense_buffer[1] = HARDWARE_ERROR; 820 else 821 srb->sense_buffer[2] = HARDWARE_ERROR; 822 } 823 } 824 } 825 826 /* 827 * Some devices don't work or return incorrect data the first 828 * time they get a READ(10) command, or for the first READ(10) 829 * after a media change. If the INITIAL_READ10 flag is set, 830 * keep track of whether READ(10) commands succeed. If the 831 * previous one succeeded and this one failed, set the REDO_READ10 832 * flag to force a retry. 833 */ 834 if (unlikely((us->fflags & US_FL_INITIAL_READ10) && 835 srb->cmnd[0] == READ_10)) { 836 if (srb->result == SAM_STAT_GOOD) { 837 set_bit(US_FLIDX_READ10_WORKED, &us->dflags); 838 } else if (test_bit(US_FLIDX_READ10_WORKED, &us->dflags)) { 839 clear_bit(US_FLIDX_READ10_WORKED, &us->dflags); 840 set_bit(US_FLIDX_REDO_READ10, &us->dflags); 841 } 842 843 /* 844 * Next, if the REDO_READ10 flag is set, return a result 845 * code that will cause the SCSI core to retry the READ(10) 846 * command immediately. 847 */ 848 if (test_bit(US_FLIDX_REDO_READ10, &us->dflags)) { 849 clear_bit(US_FLIDX_REDO_READ10, &us->dflags); 850 srb->result = DID_IMM_RETRY << 16; 851 srb->sense_buffer[0] = 0; 852 } 853 } 854 855 /* Did we transfer less than the minimum amount required? */ 856 if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) && 857 scsi_bufflen(srb) - scsi_get_resid(srb) < srb->underflow) 858 srb->result = DID_ERROR << 16; 859 860 last_sector_hacks(us, srb); 861 return; 862 863 /* Error and abort processing: try to resynchronize with the device 864 * by issuing a port reset. If that fails, try a class-specific 865 * device reset. */ 866 Handle_Errors: 867 868 /* Set the RESETTING bit, and clear the ABORTING bit so that 869 * the reset may proceed. */ 870 scsi_lock(us_to_host(us)); 871 set_bit(US_FLIDX_RESETTING, &us->dflags); 872 clear_bit(US_FLIDX_ABORTING, &us->dflags); 873 scsi_unlock(us_to_host(us)); 874 875 /* We must release the device lock because the pre_reset routine 876 * will want to acquire it. */ 877 mutex_unlock(&us->dev_mutex); 878 result = usb_stor_port_reset(us); 879 mutex_lock(&us->dev_mutex); 880 881 if (result < 0) { 882 scsi_lock(us_to_host(us)); 883 usb_stor_report_device_reset(us); 884 scsi_unlock(us_to_host(us)); 885 us->transport_reset(us); 886 } 887 clear_bit(US_FLIDX_RESETTING, &us->dflags); 888 last_sector_hacks(us, srb); 889 } 890 891 /* Stop the current URB transfer */ 892 void usb_stor_stop_transport(struct us_data *us) 893 { 894 /* If the state machine is blocked waiting for an URB, 895 * let's wake it up. The test_and_clear_bit() call 896 * guarantees that if a URB has just been submitted, 897 * it won't be cancelled more than once. */ 898 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) { 899 usb_stor_dbg(us, "-- cancelling URB\n"); 900 usb_unlink_urb(us->current_urb); 901 } 902 903 /* If we are waiting for a scatter-gather operation, cancel it. */ 904 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) { 905 usb_stor_dbg(us, "-- cancelling sg request\n"); 906 usb_sg_cancel(&us->current_sg); 907 } 908 } 909 910 /* 911 * Control/Bulk and Control/Bulk/Interrupt transport 912 */ 913 914 int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us) 915 { 916 unsigned int transfer_length = scsi_bufflen(srb); 917 unsigned int pipe = 0; 918 int result; 919 920 /* COMMAND STAGE */ 921 /* let's send the command via the control pipe */ 922 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe, 923 US_CBI_ADSC, 924 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0, 925 us->ifnum, srb->cmnd, srb->cmd_len); 926 927 /* check the return code for the command */ 928 usb_stor_dbg(us, "Call to usb_stor_ctrl_transfer() returned %d\n", 929 result); 930 931 /* if we stalled the command, it means command failed */ 932 if (result == USB_STOR_XFER_STALLED) { 933 return USB_STOR_TRANSPORT_FAILED; 934 } 935 936 /* Uh oh... serious problem here */ 937 if (result != USB_STOR_XFER_GOOD) { 938 return USB_STOR_TRANSPORT_ERROR; 939 } 940 941 /* DATA STAGE */ 942 /* transfer the data payload for this command, if one exists*/ 943 if (transfer_length) { 944 pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 945 us->recv_bulk_pipe : us->send_bulk_pipe; 946 result = usb_stor_bulk_srb(us, pipe, srb); 947 usb_stor_dbg(us, "CBI data stage result is 0x%x\n", result); 948 949 /* if we stalled the data transfer it means command failed */ 950 if (result == USB_STOR_XFER_STALLED) 951 return USB_STOR_TRANSPORT_FAILED; 952 if (result > USB_STOR_XFER_STALLED) 953 return USB_STOR_TRANSPORT_ERROR; 954 } 955 956 /* STATUS STAGE */ 957 958 /* NOTE: CB does not have a status stage. Silly, I know. So 959 * we have to catch this at a higher level. 960 */ 961 if (us->protocol != USB_PR_CBI) 962 return USB_STOR_TRANSPORT_GOOD; 963 964 result = usb_stor_intr_transfer(us, us->iobuf, 2); 965 usb_stor_dbg(us, "Got interrupt data (0x%x, 0x%x)\n", 966 us->iobuf[0], us->iobuf[1]); 967 if (result != USB_STOR_XFER_GOOD) 968 return USB_STOR_TRANSPORT_ERROR; 969 970 /* UFI gives us ASC and ASCQ, like a request sense 971 * 972 * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI 973 * devices, so we ignore the information for those commands. Note 974 * that this means we could be ignoring a real error on these 975 * commands, but that can't be helped. 976 */ 977 if (us->subclass == USB_SC_UFI) { 978 if (srb->cmnd[0] == REQUEST_SENSE || 979 srb->cmnd[0] == INQUIRY) 980 return USB_STOR_TRANSPORT_GOOD; 981 if (us->iobuf[0]) 982 goto Failed; 983 return USB_STOR_TRANSPORT_GOOD; 984 } 985 986 /* If not UFI, we interpret the data as a result code 987 * The first byte should always be a 0x0. 988 * 989 * Some bogus devices don't follow that rule. They stuff the ASC 990 * into the first byte -- so if it's non-zero, call it a failure. 991 */ 992 if (us->iobuf[0]) { 993 usb_stor_dbg(us, "CBI IRQ data showed reserved bType 0x%x\n", 994 us->iobuf[0]); 995 goto Failed; 996 997 } 998 999 /* The second byte & 0x0F should be 0x0 for good, otherwise error */ 1000 switch (us->iobuf[1] & 0x0F) { 1001 case 0x00: 1002 return USB_STOR_TRANSPORT_GOOD; 1003 case 0x01: 1004 goto Failed; 1005 } 1006 return USB_STOR_TRANSPORT_ERROR; 1007 1008 /* the CBI spec requires that the bulk pipe must be cleared 1009 * following any data-in/out command failure (section 2.4.3.1.3) 1010 */ 1011 Failed: 1012 if (pipe) 1013 usb_stor_clear_halt(us, pipe); 1014 return USB_STOR_TRANSPORT_FAILED; 1015 } 1016 EXPORT_SYMBOL_GPL(usb_stor_CB_transport); 1017 1018 /* 1019 * Bulk only transport 1020 */ 1021 1022 /* Determine what the maximum LUN supported is */ 1023 int usb_stor_Bulk_max_lun(struct us_data *us) 1024 { 1025 int result; 1026 1027 /* issue the command */ 1028 us->iobuf[0] = 0; 1029 result = usb_stor_control_msg(us, us->recv_ctrl_pipe, 1030 US_BULK_GET_MAX_LUN, 1031 USB_DIR_IN | USB_TYPE_CLASS | 1032 USB_RECIP_INTERFACE, 1033 0, us->ifnum, us->iobuf, 1, 10*HZ); 1034 1035 usb_stor_dbg(us, "GetMaxLUN command result is %d, data is %d\n", 1036 result, us->iobuf[0]); 1037 1038 /* 1039 * If we have a successful request, return the result if valid. The 1040 * CBW LUN field is 4 bits wide, so the value reported by the device 1041 * should fit into that. 1042 */ 1043 if (result > 0) { 1044 if (us->iobuf[0] < 16) { 1045 return us->iobuf[0]; 1046 } else { 1047 dev_info(&us->pusb_intf->dev, 1048 "Max LUN %d is not valid, using 0 instead", 1049 us->iobuf[0]); 1050 } 1051 } 1052 1053 /* 1054 * Some devices don't like GetMaxLUN. They may STALL the control 1055 * pipe, they may return a zero-length result, they may do nothing at 1056 * all and timeout, or they may fail in even more bizarrely creative 1057 * ways. In these cases the best approach is to use the default 1058 * value: only one LUN. 1059 */ 1060 return 0; 1061 } 1062 1063 int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) 1064 { 1065 struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf; 1066 struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf; 1067 unsigned int transfer_length = scsi_bufflen(srb); 1068 unsigned int residue; 1069 int result; 1070 int fake_sense = 0; 1071 unsigned int cswlen; 1072 unsigned int cbwlen = US_BULK_CB_WRAP_LEN; 1073 1074 /* Take care of BULK32 devices; set extra byte to 0 */ 1075 if (unlikely(us->fflags & US_FL_BULK32)) { 1076 cbwlen = 32; 1077 us->iobuf[31] = 0; 1078 } 1079 1080 /* set up the command wrapper */ 1081 bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN); 1082 bcb->DataTransferLength = cpu_to_le32(transfer_length); 1083 bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ? 1084 US_BULK_FLAG_IN : 0; 1085 bcb->Tag = ++us->tag; 1086 bcb->Lun = srb->device->lun; 1087 if (us->fflags & US_FL_SCM_MULT_TARG) 1088 bcb->Lun |= srb->device->id << 4; 1089 bcb->Length = srb->cmd_len; 1090 1091 /* copy the command payload */ 1092 memset(bcb->CDB, 0, sizeof(bcb->CDB)); 1093 memcpy(bcb->CDB, srb->cmnd, bcb->Length); 1094 1095 /* send it to out endpoint */ 1096 usb_stor_dbg(us, "Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n", 1097 le32_to_cpu(bcb->Signature), bcb->Tag, 1098 le32_to_cpu(bcb->DataTransferLength), bcb->Flags, 1099 (bcb->Lun >> 4), (bcb->Lun & 0x0F), 1100 bcb->Length); 1101 result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, 1102 bcb, cbwlen, NULL); 1103 usb_stor_dbg(us, "Bulk command transfer result=%d\n", result); 1104 if (result != USB_STOR_XFER_GOOD) 1105 return USB_STOR_TRANSPORT_ERROR; 1106 1107 /* DATA STAGE */ 1108 /* send/receive data payload, if there is any */ 1109 1110 /* Some USB-IDE converter chips need a 100us delay between the 1111 * command phase and the data phase. Some devices need a little 1112 * more than that, probably because of clock rate inaccuracies. */ 1113 if (unlikely(us->fflags & US_FL_GO_SLOW)) 1114 usleep_range(125, 150); 1115 1116 if (transfer_length) { 1117 unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 1118 us->recv_bulk_pipe : us->send_bulk_pipe; 1119 result = usb_stor_bulk_srb(us, pipe, srb); 1120 usb_stor_dbg(us, "Bulk data transfer result 0x%x\n", result); 1121 if (result == USB_STOR_XFER_ERROR) 1122 return USB_STOR_TRANSPORT_ERROR; 1123 1124 /* If the device tried to send back more data than the 1125 * amount requested, the spec requires us to transfer 1126 * the CSW anyway. Since there's no point retrying the 1127 * the command, we'll return fake sense data indicating 1128 * Illegal Request, Invalid Field in CDB. 1129 */ 1130 if (result == USB_STOR_XFER_LONG) 1131 fake_sense = 1; 1132 1133 /* 1134 * Sometimes a device will mistakenly skip the data phase 1135 * and go directly to the status phase without sending a 1136 * zero-length packet. If we get a 13-byte response here, 1137 * check whether it really is a CSW. 1138 */ 1139 if (result == USB_STOR_XFER_SHORT && 1140 srb->sc_data_direction == DMA_FROM_DEVICE && 1141 transfer_length - scsi_get_resid(srb) == 1142 US_BULK_CS_WRAP_LEN) { 1143 struct scatterlist *sg = NULL; 1144 unsigned int offset = 0; 1145 1146 if (usb_stor_access_xfer_buf((unsigned char *) bcs, 1147 US_BULK_CS_WRAP_LEN, srb, &sg, 1148 &offset, FROM_XFER_BUF) == 1149 US_BULK_CS_WRAP_LEN && 1150 bcs->Signature == 1151 cpu_to_le32(US_BULK_CS_SIGN)) { 1152 usb_stor_dbg(us, "Device skipped data phase\n"); 1153 scsi_set_resid(srb, transfer_length); 1154 goto skipped_data_phase; 1155 } 1156 } 1157 } 1158 1159 /* See flow chart on pg 15 of the Bulk Only Transport spec for 1160 * an explanation of how this code works. 1161 */ 1162 1163 /* get CSW for device status */ 1164 usb_stor_dbg(us, "Attempting to get CSW...\n"); 1165 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1166 bcs, US_BULK_CS_WRAP_LEN, &cswlen); 1167 1168 /* Some broken devices add unnecessary zero-length packets to the 1169 * end of their data transfers. Such packets show up as 0-length 1170 * CSWs. If we encounter such a thing, try to read the CSW again. 1171 */ 1172 if (result == USB_STOR_XFER_SHORT && cswlen == 0) { 1173 usb_stor_dbg(us, "Received 0-length CSW; retrying...\n"); 1174 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1175 bcs, US_BULK_CS_WRAP_LEN, &cswlen); 1176 } 1177 1178 /* did the attempt to read the CSW fail? */ 1179 if (result == USB_STOR_XFER_STALLED) { 1180 1181 /* get the status again */ 1182 usb_stor_dbg(us, "Attempting to get CSW (2nd try)...\n"); 1183 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1184 bcs, US_BULK_CS_WRAP_LEN, NULL); 1185 } 1186 1187 /* if we still have a failure at this point, we're in trouble */ 1188 usb_stor_dbg(us, "Bulk status result = %d\n", result); 1189 if (result != USB_STOR_XFER_GOOD) 1190 return USB_STOR_TRANSPORT_ERROR; 1191 1192 skipped_data_phase: 1193 /* check bulk status */ 1194 residue = le32_to_cpu(bcs->Residue); 1195 usb_stor_dbg(us, "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n", 1196 le32_to_cpu(bcs->Signature), bcs->Tag, 1197 residue, bcs->Status); 1198 if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) || 1199 bcs->Status > US_BULK_STAT_PHASE) { 1200 usb_stor_dbg(us, "Bulk logical error\n"); 1201 return USB_STOR_TRANSPORT_ERROR; 1202 } 1203 1204 /* Some broken devices report odd signatures, so we do not check them 1205 * for validity against the spec. We store the first one we see, 1206 * and check subsequent transfers for validity against this signature. 1207 */ 1208 if (!us->bcs_signature) { 1209 us->bcs_signature = bcs->Signature; 1210 if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN)) 1211 usb_stor_dbg(us, "Learnt BCS signature 0x%08X\n", 1212 le32_to_cpu(us->bcs_signature)); 1213 } else if (bcs->Signature != us->bcs_signature) { 1214 usb_stor_dbg(us, "Signature mismatch: got %08X, expecting %08X\n", 1215 le32_to_cpu(bcs->Signature), 1216 le32_to_cpu(us->bcs_signature)); 1217 return USB_STOR_TRANSPORT_ERROR; 1218 } 1219 1220 /* try to compute the actual residue, based on how much data 1221 * was really transferred and what the device tells us */ 1222 if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) { 1223 1224 /* Heuristically detect devices that generate bogus residues 1225 * by seeing what happens with INQUIRY and READ CAPACITY 1226 * commands. 1227 */ 1228 if (bcs->Status == US_BULK_STAT_OK && 1229 scsi_get_resid(srb) == 0 && 1230 ((srb->cmnd[0] == INQUIRY && 1231 transfer_length == 36) || 1232 (srb->cmnd[0] == READ_CAPACITY && 1233 transfer_length == 8))) { 1234 us->fflags |= US_FL_IGNORE_RESIDUE; 1235 1236 } else { 1237 residue = min(residue, transfer_length); 1238 scsi_set_resid(srb, max(scsi_get_resid(srb), 1239 (int) residue)); 1240 } 1241 } 1242 1243 /* based on the status code, we report good or bad */ 1244 switch (bcs->Status) { 1245 case US_BULK_STAT_OK: 1246 /* device babbled -- return fake sense data */ 1247 if (fake_sense) { 1248 memcpy(srb->sense_buffer, 1249 usb_stor_sense_invalidCDB, 1250 sizeof(usb_stor_sense_invalidCDB)); 1251 return USB_STOR_TRANSPORT_NO_SENSE; 1252 } 1253 1254 /* command good -- note that data could be short */ 1255 return USB_STOR_TRANSPORT_GOOD; 1256 1257 case US_BULK_STAT_FAIL: 1258 /* command failed */ 1259 return USB_STOR_TRANSPORT_FAILED; 1260 1261 case US_BULK_STAT_PHASE: 1262 /* phase error -- note that a transport reset will be 1263 * invoked by the invoke_transport() function 1264 */ 1265 return USB_STOR_TRANSPORT_ERROR; 1266 } 1267 1268 /* we should never get here, but if we do, we're in trouble */ 1269 return USB_STOR_TRANSPORT_ERROR; 1270 } 1271 EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport); 1272 1273 /*********************************************************************** 1274 * Reset routines 1275 ***********************************************************************/ 1276 1277 /* This is the common part of the device reset code. 1278 * 1279 * It's handy that every transport mechanism uses the control endpoint for 1280 * resets. 1281 * 1282 * Basically, we send a reset with a 5-second timeout, so we don't get 1283 * jammed attempting to do the reset. 1284 */ 1285 static int usb_stor_reset_common(struct us_data *us, 1286 u8 request, u8 requesttype, 1287 u16 value, u16 index, void *data, u16 size) 1288 { 1289 int result; 1290 int result2; 1291 1292 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1293 usb_stor_dbg(us, "No reset during disconnect\n"); 1294 return -EIO; 1295 } 1296 1297 result = usb_stor_control_msg(us, us->send_ctrl_pipe, 1298 request, requesttype, value, index, data, size, 1299 5*HZ); 1300 if (result < 0) { 1301 usb_stor_dbg(us, "Soft reset failed: %d\n", result); 1302 return result; 1303 } 1304 1305 /* Give the device some time to recover from the reset, 1306 * but don't delay disconnect processing. */ 1307 wait_event_interruptible_timeout(us->delay_wait, 1308 test_bit(US_FLIDX_DISCONNECTING, &us->dflags), 1309 HZ*6); 1310 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1311 usb_stor_dbg(us, "Reset interrupted by disconnect\n"); 1312 return -EIO; 1313 } 1314 1315 usb_stor_dbg(us, "Soft reset: clearing bulk-in endpoint halt\n"); 1316 result = usb_stor_clear_halt(us, us->recv_bulk_pipe); 1317 1318 usb_stor_dbg(us, "Soft reset: clearing bulk-out endpoint halt\n"); 1319 result2 = usb_stor_clear_halt(us, us->send_bulk_pipe); 1320 1321 /* return a result code based on the result of the clear-halts */ 1322 if (result >= 0) 1323 result = result2; 1324 if (result < 0) 1325 usb_stor_dbg(us, "Soft reset failed\n"); 1326 else 1327 usb_stor_dbg(us, "Soft reset done\n"); 1328 return result; 1329 } 1330 1331 /* This issues a CB[I] Reset to the device in question 1332 */ 1333 #define CB_RESET_CMD_SIZE 12 1334 1335 int usb_stor_CB_reset(struct us_data *us) 1336 { 1337 memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE); 1338 us->iobuf[0] = SEND_DIAGNOSTIC; 1339 us->iobuf[1] = 4; 1340 return usb_stor_reset_common(us, US_CBI_ADSC, 1341 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1342 0, us->ifnum, us->iobuf, CB_RESET_CMD_SIZE); 1343 } 1344 EXPORT_SYMBOL_GPL(usb_stor_CB_reset); 1345 1346 /* This issues a Bulk-only Reset to the device in question, including 1347 * clearing the subsequent endpoint halts that may occur. 1348 */ 1349 int usb_stor_Bulk_reset(struct us_data *us) 1350 { 1351 return usb_stor_reset_common(us, US_BULK_RESET_REQUEST, 1352 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1353 0, us->ifnum, NULL, 0); 1354 } 1355 EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset); 1356 1357 /* Issue a USB port reset to the device. The caller must not hold 1358 * us->dev_mutex. 1359 */ 1360 int usb_stor_port_reset(struct us_data *us) 1361 { 1362 int result; 1363 1364 /*for these devices we must use the class specific method */ 1365 if (us->pusb_dev->quirks & USB_QUIRK_RESET) 1366 return -EPERM; 1367 1368 result = usb_lock_device_for_reset(us->pusb_dev, us->pusb_intf); 1369 if (result < 0) 1370 usb_stor_dbg(us, "unable to lock device for reset: %d\n", 1371 result); 1372 else { 1373 /* Were we disconnected while waiting for the lock? */ 1374 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1375 result = -EIO; 1376 usb_stor_dbg(us, "No reset during disconnect\n"); 1377 } else { 1378 result = usb_reset_device(us->pusb_dev); 1379 usb_stor_dbg(us, "usb_reset_device returns %d\n", 1380 result); 1381 } 1382 usb_unlock_device(us->pusb_dev); 1383 } 1384 return result; 1385 } 1386