xref: /linux/drivers/usb/storage/uas.c (revision 9cfc5c90ad38c8fc11bfd39de42a107da00871ba)
1 /*
2  * USB Attached SCSI
3  * Note that this is not the same as the USB Mass Storage driver
4  *
5  * Copyright Hans de Goede <hdegoede@redhat.com> for Red Hat, Inc. 2013 - 2014
6  * Copyright Matthew Wilcox for Intel Corp, 2010
7  * Copyright Sarah Sharp for Intel Corp, 2010
8  *
9  * Distributed under the terms of the GNU GPL, version two.
10  */
11 
12 #include <linux/blkdev.h>
13 #include <linux/slab.h>
14 #include <linux/types.h>
15 #include <linux/module.h>
16 #include <linux/usb.h>
17 #include <linux/usb_usual.h>
18 #include <linux/usb/hcd.h>
19 #include <linux/usb/storage.h>
20 #include <linux/usb/uas.h>
21 
22 #include <scsi/scsi.h>
23 #include <scsi/scsi_eh.h>
24 #include <scsi/scsi_dbg.h>
25 #include <scsi/scsi_cmnd.h>
26 #include <scsi/scsi_device.h>
27 #include <scsi/scsi_host.h>
28 #include <scsi/scsi_tcq.h>
29 
30 #include "uas-detect.h"
31 #include "scsiglue.h"
32 
33 #define MAX_CMNDS 256
34 
35 struct uas_dev_info {
36 	struct usb_interface *intf;
37 	struct usb_device *udev;
38 	struct usb_anchor cmd_urbs;
39 	struct usb_anchor sense_urbs;
40 	struct usb_anchor data_urbs;
41 	unsigned long flags;
42 	int qdepth, resetting;
43 	unsigned cmd_pipe, status_pipe, data_in_pipe, data_out_pipe;
44 	unsigned use_streams:1;
45 	unsigned shutdown:1;
46 	struct scsi_cmnd *cmnd[MAX_CMNDS];
47 	spinlock_t lock;
48 	struct work_struct work;
49 };
50 
51 enum {
52 	SUBMIT_STATUS_URB	= (1 << 1),
53 	ALLOC_DATA_IN_URB	= (1 << 2),
54 	SUBMIT_DATA_IN_URB	= (1 << 3),
55 	ALLOC_DATA_OUT_URB	= (1 << 4),
56 	SUBMIT_DATA_OUT_URB	= (1 << 5),
57 	ALLOC_CMD_URB		= (1 << 6),
58 	SUBMIT_CMD_URB		= (1 << 7),
59 	COMMAND_INFLIGHT        = (1 << 8),
60 	DATA_IN_URB_INFLIGHT    = (1 << 9),
61 	DATA_OUT_URB_INFLIGHT   = (1 << 10),
62 	COMMAND_ABORTED         = (1 << 11),
63 	IS_IN_WORK_LIST         = (1 << 12),
64 };
65 
66 /* Overrides scsi_pointer */
67 struct uas_cmd_info {
68 	unsigned int state;
69 	unsigned int uas_tag;
70 	struct urb *cmd_urb;
71 	struct urb *data_in_urb;
72 	struct urb *data_out_urb;
73 };
74 
75 /* I hate forward declarations, but I actually have a loop */
76 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
77 				struct uas_dev_info *devinfo, gfp_t gfp);
78 static void uas_do_work(struct work_struct *work);
79 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller);
80 static void uas_free_streams(struct uas_dev_info *devinfo);
81 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
82 				int status);
83 
84 static void uas_do_work(struct work_struct *work)
85 {
86 	struct uas_dev_info *devinfo =
87 		container_of(work, struct uas_dev_info, work);
88 	struct uas_cmd_info *cmdinfo;
89 	struct scsi_cmnd *cmnd;
90 	unsigned long flags;
91 	int i, err;
92 
93 	spin_lock_irqsave(&devinfo->lock, flags);
94 
95 	if (devinfo->resetting)
96 		goto out;
97 
98 	for (i = 0; i < devinfo->qdepth; i++) {
99 		if (!devinfo->cmnd[i])
100 			continue;
101 
102 		cmnd = devinfo->cmnd[i];
103 		cmdinfo = (void *)&cmnd->SCp;
104 
105 		if (!(cmdinfo->state & IS_IN_WORK_LIST))
106 			continue;
107 
108 		err = uas_submit_urbs(cmnd, cmnd->device->hostdata, GFP_ATOMIC);
109 		if (!err)
110 			cmdinfo->state &= ~IS_IN_WORK_LIST;
111 		else
112 			schedule_work(&devinfo->work);
113 	}
114 out:
115 	spin_unlock_irqrestore(&devinfo->lock, flags);
116 }
117 
118 static void uas_add_work(struct uas_cmd_info *cmdinfo)
119 {
120 	struct scsi_pointer *scp = (void *)cmdinfo;
121 	struct scsi_cmnd *cmnd = container_of(scp, struct scsi_cmnd, SCp);
122 	struct uas_dev_info *devinfo = cmnd->device->hostdata;
123 
124 	lockdep_assert_held(&devinfo->lock);
125 	cmdinfo->state |= IS_IN_WORK_LIST;
126 	schedule_work(&devinfo->work);
127 }
128 
129 static void uas_zap_pending(struct uas_dev_info *devinfo, int result)
130 {
131 	struct uas_cmd_info *cmdinfo;
132 	struct scsi_cmnd *cmnd;
133 	unsigned long flags;
134 	int i, err;
135 
136 	spin_lock_irqsave(&devinfo->lock, flags);
137 	for (i = 0; i < devinfo->qdepth; i++) {
138 		if (!devinfo->cmnd[i])
139 			continue;
140 
141 		cmnd = devinfo->cmnd[i];
142 		cmdinfo = (void *)&cmnd->SCp;
143 		uas_log_cmd_state(cmnd, __func__, 0);
144 		/* Sense urbs were killed, clear COMMAND_INFLIGHT manually */
145 		cmdinfo->state &= ~COMMAND_INFLIGHT;
146 		cmnd->result = result << 16;
147 		err = uas_try_complete(cmnd, __func__);
148 		WARN_ON(err != 0);
149 	}
150 	spin_unlock_irqrestore(&devinfo->lock, flags);
151 }
152 
153 static void uas_sense(struct urb *urb, struct scsi_cmnd *cmnd)
154 {
155 	struct sense_iu *sense_iu = urb->transfer_buffer;
156 	struct scsi_device *sdev = cmnd->device;
157 
158 	if (urb->actual_length > 16) {
159 		unsigned len = be16_to_cpup(&sense_iu->len);
160 		if (len + 16 != urb->actual_length) {
161 			int newlen = min(len + 16, urb->actual_length) - 16;
162 			if (newlen < 0)
163 				newlen = 0;
164 			sdev_printk(KERN_INFO, sdev, "%s: urb length %d "
165 				"disagrees with IU sense data length %d, "
166 				"using %d bytes of sense data\n", __func__,
167 					urb->actual_length, len, newlen);
168 			len = newlen;
169 		}
170 		memcpy(cmnd->sense_buffer, sense_iu->sense, len);
171 	}
172 
173 	cmnd->result = sense_iu->status;
174 }
175 
176 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
177 			      int status)
178 {
179 	struct uas_cmd_info *ci = (void *)&cmnd->SCp;
180 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
181 
182 	scmd_printk(KERN_INFO, cmnd,
183 		    "%s %d uas-tag %d inflight:%s%s%s%s%s%s%s%s%s%s%s%s ",
184 		    prefix, status, cmdinfo->uas_tag,
185 		    (ci->state & SUBMIT_STATUS_URB)     ? " s-st"  : "",
186 		    (ci->state & ALLOC_DATA_IN_URB)     ? " a-in"  : "",
187 		    (ci->state & SUBMIT_DATA_IN_URB)    ? " s-in"  : "",
188 		    (ci->state & ALLOC_DATA_OUT_URB)    ? " a-out" : "",
189 		    (ci->state & SUBMIT_DATA_OUT_URB)   ? " s-out" : "",
190 		    (ci->state & ALLOC_CMD_URB)         ? " a-cmd" : "",
191 		    (ci->state & SUBMIT_CMD_URB)        ? " s-cmd" : "",
192 		    (ci->state & COMMAND_INFLIGHT)      ? " CMD"   : "",
193 		    (ci->state & DATA_IN_URB_INFLIGHT)  ? " IN"    : "",
194 		    (ci->state & DATA_OUT_URB_INFLIGHT) ? " OUT"   : "",
195 		    (ci->state & COMMAND_ABORTED)       ? " abort" : "",
196 		    (ci->state & IS_IN_WORK_LIST)       ? " work"  : "");
197 	scsi_print_command(cmnd);
198 }
199 
200 static void uas_free_unsubmitted_urbs(struct scsi_cmnd *cmnd)
201 {
202 	struct uas_cmd_info *cmdinfo;
203 
204 	if (!cmnd)
205 		return;
206 
207 	cmdinfo = (void *)&cmnd->SCp;
208 
209 	if (cmdinfo->state & SUBMIT_CMD_URB)
210 		usb_free_urb(cmdinfo->cmd_urb);
211 
212 	/* data urbs may have never gotten their submit flag set */
213 	if (!(cmdinfo->state & DATA_IN_URB_INFLIGHT))
214 		usb_free_urb(cmdinfo->data_in_urb);
215 	if (!(cmdinfo->state & DATA_OUT_URB_INFLIGHT))
216 		usb_free_urb(cmdinfo->data_out_urb);
217 }
218 
219 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller)
220 {
221 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
222 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
223 
224 	lockdep_assert_held(&devinfo->lock);
225 	if (cmdinfo->state & (COMMAND_INFLIGHT |
226 			      DATA_IN_URB_INFLIGHT |
227 			      DATA_OUT_URB_INFLIGHT |
228 			      COMMAND_ABORTED))
229 		return -EBUSY;
230 	devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
231 	uas_free_unsubmitted_urbs(cmnd);
232 	cmnd->scsi_done(cmnd);
233 	return 0;
234 }
235 
236 static void uas_xfer_data(struct urb *urb, struct scsi_cmnd *cmnd,
237 			  unsigned direction)
238 {
239 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
240 	int err;
241 
242 	cmdinfo->state |= direction | SUBMIT_STATUS_URB;
243 	err = uas_submit_urbs(cmnd, cmnd->device->hostdata, GFP_ATOMIC);
244 	if (err) {
245 		uas_add_work(cmdinfo);
246 	}
247 }
248 
249 static void uas_stat_cmplt(struct urb *urb)
250 {
251 	struct iu *iu = urb->transfer_buffer;
252 	struct Scsi_Host *shost = urb->context;
253 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
254 	struct urb *data_in_urb = NULL;
255 	struct urb *data_out_urb = NULL;
256 	struct scsi_cmnd *cmnd;
257 	struct uas_cmd_info *cmdinfo;
258 	unsigned long flags;
259 	unsigned int idx;
260 	int status = urb->status;
261 
262 	spin_lock_irqsave(&devinfo->lock, flags);
263 
264 	if (devinfo->resetting)
265 		goto out;
266 
267 	if (status) {
268 		if (status != -ENOENT && status != -ECONNRESET && status != -ESHUTDOWN)
269 			dev_err(&urb->dev->dev, "stat urb: status %d\n", status);
270 		goto out;
271 	}
272 
273 	idx = be16_to_cpup(&iu->tag) - 1;
274 	if (idx >= MAX_CMNDS || !devinfo->cmnd[idx]) {
275 		dev_err(&urb->dev->dev,
276 			"stat urb: no pending cmd for uas-tag %d\n", idx + 1);
277 		goto out;
278 	}
279 
280 	cmnd = devinfo->cmnd[idx];
281 	cmdinfo = (void *)&cmnd->SCp;
282 
283 	if (!(cmdinfo->state & COMMAND_INFLIGHT)) {
284 		uas_log_cmd_state(cmnd, "unexpected status cmplt", 0);
285 		goto out;
286 	}
287 
288 	switch (iu->iu_id) {
289 	case IU_ID_STATUS:
290 		uas_sense(urb, cmnd);
291 		if (cmnd->result != 0) {
292 			/* cancel data transfers on error */
293 			data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
294 			data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
295 		}
296 		cmdinfo->state &= ~COMMAND_INFLIGHT;
297 		uas_try_complete(cmnd, __func__);
298 		break;
299 	case IU_ID_READ_READY:
300 		if (!cmdinfo->data_in_urb ||
301 				(cmdinfo->state & DATA_IN_URB_INFLIGHT)) {
302 			uas_log_cmd_state(cmnd, "unexpected read rdy", 0);
303 			break;
304 		}
305 		uas_xfer_data(urb, cmnd, SUBMIT_DATA_IN_URB);
306 		break;
307 	case IU_ID_WRITE_READY:
308 		if (!cmdinfo->data_out_urb ||
309 				(cmdinfo->state & DATA_OUT_URB_INFLIGHT)) {
310 			uas_log_cmd_state(cmnd, "unexpected write rdy", 0);
311 			break;
312 		}
313 		uas_xfer_data(urb, cmnd, SUBMIT_DATA_OUT_URB);
314 		break;
315 	case IU_ID_RESPONSE:
316 		uas_log_cmd_state(cmnd, "unexpected response iu",
317 				  ((struct response_iu *)iu)->response_code);
318 		/* Error, cancel data transfers */
319 		data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
320 		data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
321 		cmdinfo->state &= ~COMMAND_INFLIGHT;
322 		cmnd->result = DID_ERROR << 16;
323 		uas_try_complete(cmnd, __func__);
324 		break;
325 	default:
326 		uas_log_cmd_state(cmnd, "bogus IU", iu->iu_id);
327 	}
328 out:
329 	usb_free_urb(urb);
330 	spin_unlock_irqrestore(&devinfo->lock, flags);
331 
332 	/* Unlinking of data urbs must be done without holding the lock */
333 	if (data_in_urb) {
334 		usb_unlink_urb(data_in_urb);
335 		usb_put_urb(data_in_urb);
336 	}
337 	if (data_out_urb) {
338 		usb_unlink_urb(data_out_urb);
339 		usb_put_urb(data_out_urb);
340 	}
341 }
342 
343 static void uas_data_cmplt(struct urb *urb)
344 {
345 	struct scsi_cmnd *cmnd = urb->context;
346 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
347 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
348 	struct scsi_data_buffer *sdb = NULL;
349 	unsigned long flags;
350 	int status = urb->status;
351 
352 	spin_lock_irqsave(&devinfo->lock, flags);
353 
354 	if (cmdinfo->data_in_urb == urb) {
355 		sdb = scsi_in(cmnd);
356 		cmdinfo->state &= ~DATA_IN_URB_INFLIGHT;
357 		cmdinfo->data_in_urb = NULL;
358 	} else if (cmdinfo->data_out_urb == urb) {
359 		sdb = scsi_out(cmnd);
360 		cmdinfo->state &= ~DATA_OUT_URB_INFLIGHT;
361 		cmdinfo->data_out_urb = NULL;
362 	}
363 	if (sdb == NULL) {
364 		WARN_ON_ONCE(1);
365 		goto out;
366 	}
367 
368 	if (devinfo->resetting)
369 		goto out;
370 
371 	/* Data urbs should not complete before the cmd urb is submitted */
372 	if (cmdinfo->state & SUBMIT_CMD_URB) {
373 		uas_log_cmd_state(cmnd, "unexpected data cmplt", 0);
374 		goto out;
375 	}
376 
377 	if (status) {
378 		if (status != -ENOENT && status != -ECONNRESET && status != -ESHUTDOWN)
379 			uas_log_cmd_state(cmnd, "data cmplt err", status);
380 		/* error: no data transfered */
381 		sdb->resid = sdb->length;
382 	} else {
383 		sdb->resid = sdb->length - urb->actual_length;
384 	}
385 	uas_try_complete(cmnd, __func__);
386 out:
387 	usb_free_urb(urb);
388 	spin_unlock_irqrestore(&devinfo->lock, flags);
389 }
390 
391 static void uas_cmd_cmplt(struct urb *urb)
392 {
393 	if (urb->status)
394 		dev_err(&urb->dev->dev, "cmd cmplt err %d\n", urb->status);
395 
396 	usb_free_urb(urb);
397 }
398 
399 static struct urb *uas_alloc_data_urb(struct uas_dev_info *devinfo, gfp_t gfp,
400 				      struct scsi_cmnd *cmnd,
401 				      enum dma_data_direction dir)
402 {
403 	struct usb_device *udev = devinfo->udev;
404 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
405 	struct urb *urb = usb_alloc_urb(0, gfp);
406 	struct scsi_data_buffer *sdb = (dir == DMA_FROM_DEVICE)
407 		? scsi_in(cmnd) : scsi_out(cmnd);
408 	unsigned int pipe = (dir == DMA_FROM_DEVICE)
409 		? devinfo->data_in_pipe : devinfo->data_out_pipe;
410 
411 	if (!urb)
412 		goto out;
413 	usb_fill_bulk_urb(urb, udev, pipe, NULL, sdb->length,
414 			  uas_data_cmplt, cmnd);
415 	if (devinfo->use_streams)
416 		urb->stream_id = cmdinfo->uas_tag;
417 	urb->num_sgs = udev->bus->sg_tablesize ? sdb->table.nents : 0;
418 	urb->sg = sdb->table.sgl;
419  out:
420 	return urb;
421 }
422 
423 static struct urb *uas_alloc_sense_urb(struct uas_dev_info *devinfo, gfp_t gfp,
424 				       struct scsi_cmnd *cmnd)
425 {
426 	struct usb_device *udev = devinfo->udev;
427 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
428 	struct urb *urb = usb_alloc_urb(0, gfp);
429 	struct sense_iu *iu;
430 
431 	if (!urb)
432 		goto out;
433 
434 	iu = kzalloc(sizeof(*iu), gfp);
435 	if (!iu)
436 		goto free;
437 
438 	usb_fill_bulk_urb(urb, udev, devinfo->status_pipe, iu, sizeof(*iu),
439 			  uas_stat_cmplt, cmnd->device->host);
440 	if (devinfo->use_streams)
441 		urb->stream_id = cmdinfo->uas_tag;
442 	urb->transfer_flags |= URB_FREE_BUFFER;
443  out:
444 	return urb;
445  free:
446 	usb_free_urb(urb);
447 	return NULL;
448 }
449 
450 static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp,
451 					struct scsi_cmnd *cmnd)
452 {
453 	struct usb_device *udev = devinfo->udev;
454 	struct scsi_device *sdev = cmnd->device;
455 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
456 	struct urb *urb = usb_alloc_urb(0, gfp);
457 	struct command_iu *iu;
458 	int len;
459 
460 	if (!urb)
461 		goto out;
462 
463 	len = cmnd->cmd_len - 16;
464 	if (len < 0)
465 		len = 0;
466 	len = ALIGN(len, 4);
467 	iu = kzalloc(sizeof(*iu) + len, gfp);
468 	if (!iu)
469 		goto free;
470 
471 	iu->iu_id = IU_ID_COMMAND;
472 	iu->tag = cpu_to_be16(cmdinfo->uas_tag);
473 	iu->prio_attr = UAS_SIMPLE_TAG;
474 	iu->len = len;
475 	int_to_scsilun(sdev->lun, &iu->lun);
476 	memcpy(iu->cdb, cmnd->cmnd, cmnd->cmd_len);
477 
478 	usb_fill_bulk_urb(urb, udev, devinfo->cmd_pipe, iu, sizeof(*iu) + len,
479 							uas_cmd_cmplt, NULL);
480 	urb->transfer_flags |= URB_FREE_BUFFER;
481  out:
482 	return urb;
483  free:
484 	usb_free_urb(urb);
485 	return NULL;
486 }
487 
488 /*
489  * Why should I request the Status IU before sending the Command IU?  Spec
490  * says to, but also says the device may receive them in any order.  Seems
491  * daft to me.
492  */
493 
494 static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
495 {
496 	struct uas_dev_info *devinfo = cmnd->device->hostdata;
497 	struct urb *urb;
498 	int err;
499 
500 	urb = uas_alloc_sense_urb(devinfo, gfp, cmnd);
501 	if (!urb)
502 		return NULL;
503 	usb_anchor_urb(urb, &devinfo->sense_urbs);
504 	err = usb_submit_urb(urb, gfp);
505 	if (err) {
506 		usb_unanchor_urb(urb);
507 		uas_log_cmd_state(cmnd, "sense submit err", err);
508 		usb_free_urb(urb);
509 		return NULL;
510 	}
511 	return urb;
512 }
513 
514 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
515 			   struct uas_dev_info *devinfo, gfp_t gfp)
516 {
517 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
518 	struct urb *urb;
519 	int err;
520 
521 	lockdep_assert_held(&devinfo->lock);
522 	if (cmdinfo->state & SUBMIT_STATUS_URB) {
523 		urb = uas_submit_sense_urb(cmnd, gfp);
524 		if (!urb)
525 			return SCSI_MLQUEUE_DEVICE_BUSY;
526 		cmdinfo->state &= ~SUBMIT_STATUS_URB;
527 	}
528 
529 	if (cmdinfo->state & ALLOC_DATA_IN_URB) {
530 		cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, gfp,
531 							cmnd, DMA_FROM_DEVICE);
532 		if (!cmdinfo->data_in_urb)
533 			return SCSI_MLQUEUE_DEVICE_BUSY;
534 		cmdinfo->state &= ~ALLOC_DATA_IN_URB;
535 	}
536 
537 	if (cmdinfo->state & SUBMIT_DATA_IN_URB) {
538 		usb_anchor_urb(cmdinfo->data_in_urb, &devinfo->data_urbs);
539 		err = usb_submit_urb(cmdinfo->data_in_urb, gfp);
540 		if (err) {
541 			usb_unanchor_urb(cmdinfo->data_in_urb);
542 			uas_log_cmd_state(cmnd, "data in submit err", err);
543 			return SCSI_MLQUEUE_DEVICE_BUSY;
544 		}
545 		cmdinfo->state &= ~SUBMIT_DATA_IN_URB;
546 		cmdinfo->state |= DATA_IN_URB_INFLIGHT;
547 	}
548 
549 	if (cmdinfo->state & ALLOC_DATA_OUT_URB) {
550 		cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, gfp,
551 							cmnd, DMA_TO_DEVICE);
552 		if (!cmdinfo->data_out_urb)
553 			return SCSI_MLQUEUE_DEVICE_BUSY;
554 		cmdinfo->state &= ~ALLOC_DATA_OUT_URB;
555 	}
556 
557 	if (cmdinfo->state & SUBMIT_DATA_OUT_URB) {
558 		usb_anchor_urb(cmdinfo->data_out_urb, &devinfo->data_urbs);
559 		err = usb_submit_urb(cmdinfo->data_out_urb, gfp);
560 		if (err) {
561 			usb_unanchor_urb(cmdinfo->data_out_urb);
562 			uas_log_cmd_state(cmnd, "data out submit err", err);
563 			return SCSI_MLQUEUE_DEVICE_BUSY;
564 		}
565 		cmdinfo->state &= ~SUBMIT_DATA_OUT_URB;
566 		cmdinfo->state |= DATA_OUT_URB_INFLIGHT;
567 	}
568 
569 	if (cmdinfo->state & ALLOC_CMD_URB) {
570 		cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, gfp, cmnd);
571 		if (!cmdinfo->cmd_urb)
572 			return SCSI_MLQUEUE_DEVICE_BUSY;
573 		cmdinfo->state &= ~ALLOC_CMD_URB;
574 	}
575 
576 	if (cmdinfo->state & SUBMIT_CMD_URB) {
577 		usb_anchor_urb(cmdinfo->cmd_urb, &devinfo->cmd_urbs);
578 		err = usb_submit_urb(cmdinfo->cmd_urb, gfp);
579 		if (err) {
580 			usb_unanchor_urb(cmdinfo->cmd_urb);
581 			uas_log_cmd_state(cmnd, "cmd submit err", err);
582 			return SCSI_MLQUEUE_DEVICE_BUSY;
583 		}
584 		cmdinfo->cmd_urb = NULL;
585 		cmdinfo->state &= ~SUBMIT_CMD_URB;
586 		cmdinfo->state |= COMMAND_INFLIGHT;
587 	}
588 
589 	return 0;
590 }
591 
592 static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
593 					void (*done)(struct scsi_cmnd *))
594 {
595 	struct scsi_device *sdev = cmnd->device;
596 	struct uas_dev_info *devinfo = sdev->hostdata;
597 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
598 	unsigned long flags;
599 	int idx, err;
600 
601 	BUILD_BUG_ON(sizeof(struct uas_cmd_info) > sizeof(struct scsi_pointer));
602 
603 	/* Re-check scsi_block_requests now that we've the host-lock */
604 	if (cmnd->device->host->host_self_blocked)
605 		return SCSI_MLQUEUE_DEVICE_BUSY;
606 
607 	if ((devinfo->flags & US_FL_NO_ATA_1X) &&
608 			(cmnd->cmnd[0] == ATA_12 || cmnd->cmnd[0] == ATA_16)) {
609 		memcpy(cmnd->sense_buffer, usb_stor_sense_invalidCDB,
610 		       sizeof(usb_stor_sense_invalidCDB));
611 		cmnd->result = SAM_STAT_CHECK_CONDITION;
612 		cmnd->scsi_done(cmnd);
613 		return 0;
614 	}
615 
616 	spin_lock_irqsave(&devinfo->lock, flags);
617 
618 	if (devinfo->resetting) {
619 		cmnd->result = DID_ERROR << 16;
620 		cmnd->scsi_done(cmnd);
621 		spin_unlock_irqrestore(&devinfo->lock, flags);
622 		return 0;
623 	}
624 
625 	/* Find a free uas-tag */
626 	for (idx = 0; idx < devinfo->qdepth; idx++) {
627 		if (!devinfo->cmnd[idx])
628 			break;
629 	}
630 	if (idx == devinfo->qdepth) {
631 		spin_unlock_irqrestore(&devinfo->lock, flags);
632 		return SCSI_MLQUEUE_DEVICE_BUSY;
633 	}
634 
635 	cmnd->scsi_done = done;
636 
637 	memset(cmdinfo, 0, sizeof(*cmdinfo));
638 	cmdinfo->uas_tag = idx + 1; /* uas-tag == usb-stream-id, so 1 based */
639 	cmdinfo->state = SUBMIT_STATUS_URB | ALLOC_CMD_URB | SUBMIT_CMD_URB;
640 
641 	switch (cmnd->sc_data_direction) {
642 	case DMA_FROM_DEVICE:
643 		cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
644 		break;
645 	case DMA_BIDIRECTIONAL:
646 		cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
647 	case DMA_TO_DEVICE:
648 		cmdinfo->state |= ALLOC_DATA_OUT_URB | SUBMIT_DATA_OUT_URB;
649 	case DMA_NONE:
650 		break;
651 	}
652 
653 	if (!devinfo->use_streams)
654 		cmdinfo->state &= ~(SUBMIT_DATA_IN_URB | SUBMIT_DATA_OUT_URB);
655 
656 	err = uas_submit_urbs(cmnd, devinfo, GFP_ATOMIC);
657 	if (err) {
658 		/* If we did nothing, give up now */
659 		if (cmdinfo->state & SUBMIT_STATUS_URB) {
660 			spin_unlock_irqrestore(&devinfo->lock, flags);
661 			return SCSI_MLQUEUE_DEVICE_BUSY;
662 		}
663 		uas_add_work(cmdinfo);
664 	}
665 
666 	devinfo->cmnd[idx] = cmnd;
667 	spin_unlock_irqrestore(&devinfo->lock, flags);
668 	return 0;
669 }
670 
671 static DEF_SCSI_QCMD(uas_queuecommand)
672 
673 /*
674  * For now we do not support actually sending an abort to the device, so
675  * this eh always fails. Still we must define it to make sure that we've
676  * dropped all references to the cmnd in question once this function exits.
677  */
678 static int uas_eh_abort_handler(struct scsi_cmnd *cmnd)
679 {
680 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
681 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
682 	struct urb *data_in_urb = NULL;
683 	struct urb *data_out_urb = NULL;
684 	unsigned long flags;
685 
686 	spin_lock_irqsave(&devinfo->lock, flags);
687 
688 	uas_log_cmd_state(cmnd, __func__, 0);
689 
690 	/* Ensure that try_complete does not call scsi_done */
691 	cmdinfo->state |= COMMAND_ABORTED;
692 
693 	/* Drop all refs to this cmnd, kill data urbs to break their ref */
694 	devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
695 	if (cmdinfo->state & DATA_IN_URB_INFLIGHT)
696 		data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
697 	if (cmdinfo->state & DATA_OUT_URB_INFLIGHT)
698 		data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
699 
700 	uas_free_unsubmitted_urbs(cmnd);
701 
702 	spin_unlock_irqrestore(&devinfo->lock, flags);
703 
704 	if (data_in_urb) {
705 		usb_kill_urb(data_in_urb);
706 		usb_put_urb(data_in_urb);
707 	}
708 	if (data_out_urb) {
709 		usb_kill_urb(data_out_urb);
710 		usb_put_urb(data_out_urb);
711 	}
712 
713 	return FAILED;
714 }
715 
716 static int uas_eh_bus_reset_handler(struct scsi_cmnd *cmnd)
717 {
718 	struct scsi_device *sdev = cmnd->device;
719 	struct uas_dev_info *devinfo = sdev->hostdata;
720 	struct usb_device *udev = devinfo->udev;
721 	unsigned long flags;
722 	int err;
723 
724 	err = usb_lock_device_for_reset(udev, devinfo->intf);
725 	if (err) {
726 		shost_printk(KERN_ERR, sdev->host,
727 			     "%s FAILED to get lock err %d\n", __func__, err);
728 		return FAILED;
729 	}
730 
731 	shost_printk(KERN_INFO, sdev->host, "%s start\n", __func__);
732 
733 	spin_lock_irqsave(&devinfo->lock, flags);
734 	devinfo->resetting = 1;
735 	spin_unlock_irqrestore(&devinfo->lock, flags);
736 
737 	usb_kill_anchored_urbs(&devinfo->cmd_urbs);
738 	usb_kill_anchored_urbs(&devinfo->sense_urbs);
739 	usb_kill_anchored_urbs(&devinfo->data_urbs);
740 	uas_zap_pending(devinfo, DID_RESET);
741 
742 	err = usb_reset_device(udev);
743 
744 	spin_lock_irqsave(&devinfo->lock, flags);
745 	devinfo->resetting = 0;
746 	spin_unlock_irqrestore(&devinfo->lock, flags);
747 
748 	usb_unlock_device(udev);
749 
750 	if (err) {
751 		shost_printk(KERN_INFO, sdev->host, "%s FAILED err %d\n",
752 			     __func__, err);
753 		return FAILED;
754 	}
755 
756 	shost_printk(KERN_INFO, sdev->host, "%s success\n", __func__);
757 	return SUCCESS;
758 }
759 
760 static int uas_slave_alloc(struct scsi_device *sdev)
761 {
762 	struct uas_dev_info *devinfo =
763 		(struct uas_dev_info *)sdev->host->hostdata;
764 
765 	sdev->hostdata = devinfo;
766 
767 	/* USB has unusual DMA-alignment requirements: Although the
768 	 * starting address of each scatter-gather element doesn't matter,
769 	 * the length of each element except the last must be divisible
770 	 * by the Bulk maxpacket value.  There's currently no way to
771 	 * express this by block-layer constraints, so we'll cop out
772 	 * and simply require addresses to be aligned at 512-byte
773 	 * boundaries.  This is okay since most block I/O involves
774 	 * hardware sectors that are multiples of 512 bytes in length,
775 	 * and since host controllers up through USB 2.0 have maxpacket
776 	 * values no larger than 512.
777 	 *
778 	 * But it doesn't suffice for Wireless USB, where Bulk maxpacket
779 	 * values can be as large as 2048.  To make that work properly
780 	 * will require changes to the block layer.
781 	 */
782 	blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
783 
784 	if (devinfo->flags & US_FL_MAX_SECTORS_64)
785 		blk_queue_max_hw_sectors(sdev->request_queue, 64);
786 	else if (devinfo->flags & US_FL_MAX_SECTORS_240)
787 		blk_queue_max_hw_sectors(sdev->request_queue, 240);
788 
789 	return 0;
790 }
791 
792 static int uas_slave_configure(struct scsi_device *sdev)
793 {
794 	struct uas_dev_info *devinfo = sdev->hostdata;
795 
796 	if (devinfo->flags & US_FL_NO_REPORT_OPCODES)
797 		sdev->no_report_opcodes = 1;
798 
799 	scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
800 	return 0;
801 }
802 
803 static struct scsi_host_template uas_host_template = {
804 	.module = THIS_MODULE,
805 	.name = "uas",
806 	.queuecommand = uas_queuecommand,
807 	.slave_alloc = uas_slave_alloc,
808 	.slave_configure = uas_slave_configure,
809 	.eh_abort_handler = uas_eh_abort_handler,
810 	.eh_bus_reset_handler = uas_eh_bus_reset_handler,
811 	.can_queue = 65536,	/* Is there a limit on the _host_ ? */
812 	.this_id = -1,
813 	.sg_tablesize = SG_NONE,
814 	.skip_settle_delay = 1,
815 };
816 
817 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
818 		    vendorName, productName, useProtocol, useTransport, \
819 		    initFunction, flags) \
820 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
821 	.driver_info = (flags) }
822 
823 static struct usb_device_id uas_usb_ids[] = {
824 #	include "unusual_uas.h"
825 	{ USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_BULK) },
826 	{ USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_UAS) },
827 	{ }
828 };
829 MODULE_DEVICE_TABLE(usb, uas_usb_ids);
830 
831 #undef UNUSUAL_DEV
832 
833 static int uas_switch_interface(struct usb_device *udev,
834 				struct usb_interface *intf)
835 {
836 	int alt;
837 
838 	alt = uas_find_uas_alt_setting(intf);
839 	if (alt < 0)
840 		return alt;
841 
842 	return usb_set_interface(udev,
843 			intf->altsetting[0].desc.bInterfaceNumber, alt);
844 }
845 
846 static int uas_configure_endpoints(struct uas_dev_info *devinfo)
847 {
848 	struct usb_host_endpoint *eps[4] = { };
849 	struct usb_device *udev = devinfo->udev;
850 	int r;
851 
852 	r = uas_find_endpoints(devinfo->intf->cur_altsetting, eps);
853 	if (r)
854 		return r;
855 
856 	devinfo->cmd_pipe = usb_sndbulkpipe(udev,
857 					    usb_endpoint_num(&eps[0]->desc));
858 	devinfo->status_pipe = usb_rcvbulkpipe(udev,
859 					    usb_endpoint_num(&eps[1]->desc));
860 	devinfo->data_in_pipe = usb_rcvbulkpipe(udev,
861 					    usb_endpoint_num(&eps[2]->desc));
862 	devinfo->data_out_pipe = usb_sndbulkpipe(udev,
863 					    usb_endpoint_num(&eps[3]->desc));
864 
865 	if (udev->speed < USB_SPEED_SUPER) {
866 		devinfo->qdepth = 32;
867 		devinfo->use_streams = 0;
868 	} else {
869 		devinfo->qdepth = usb_alloc_streams(devinfo->intf, eps + 1,
870 						    3, MAX_CMNDS, GFP_NOIO);
871 		if (devinfo->qdepth < 0)
872 			return devinfo->qdepth;
873 		devinfo->use_streams = 1;
874 	}
875 
876 	return 0;
877 }
878 
879 static void uas_free_streams(struct uas_dev_info *devinfo)
880 {
881 	struct usb_device *udev = devinfo->udev;
882 	struct usb_host_endpoint *eps[3];
883 
884 	eps[0] = usb_pipe_endpoint(udev, devinfo->status_pipe);
885 	eps[1] = usb_pipe_endpoint(udev, devinfo->data_in_pipe);
886 	eps[2] = usb_pipe_endpoint(udev, devinfo->data_out_pipe);
887 	usb_free_streams(devinfo->intf, eps, 3, GFP_NOIO);
888 }
889 
890 static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
891 {
892 	int result = -ENOMEM;
893 	struct Scsi_Host *shost = NULL;
894 	struct uas_dev_info *devinfo;
895 	struct usb_device *udev = interface_to_usbdev(intf);
896 	unsigned long dev_flags;
897 
898 	if (!uas_use_uas_driver(intf, id, &dev_flags))
899 		return -ENODEV;
900 
901 	if (uas_switch_interface(udev, intf))
902 		return -ENODEV;
903 
904 	shost = scsi_host_alloc(&uas_host_template,
905 				sizeof(struct uas_dev_info));
906 	if (!shost)
907 		goto set_alt0;
908 
909 	shost->max_cmd_len = 16 + 252;
910 	shost->max_id = 1;
911 	shost->max_lun = 256;
912 	shost->max_channel = 0;
913 	shost->sg_tablesize = udev->bus->sg_tablesize;
914 
915 	devinfo = (struct uas_dev_info *)shost->hostdata;
916 	devinfo->intf = intf;
917 	devinfo->udev = udev;
918 	devinfo->resetting = 0;
919 	devinfo->shutdown = 0;
920 	devinfo->flags = dev_flags;
921 	init_usb_anchor(&devinfo->cmd_urbs);
922 	init_usb_anchor(&devinfo->sense_urbs);
923 	init_usb_anchor(&devinfo->data_urbs);
924 	spin_lock_init(&devinfo->lock);
925 	INIT_WORK(&devinfo->work, uas_do_work);
926 
927 	result = uas_configure_endpoints(devinfo);
928 	if (result)
929 		goto set_alt0;
930 
931 	usb_set_intfdata(intf, shost);
932 	result = scsi_add_host(shost, &intf->dev);
933 	if (result)
934 		goto free_streams;
935 
936 	scsi_scan_host(shost);
937 	return result;
938 
939 free_streams:
940 	uas_free_streams(devinfo);
941 	usb_set_intfdata(intf, NULL);
942 set_alt0:
943 	usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
944 	if (shost)
945 		scsi_host_put(shost);
946 	return result;
947 }
948 
949 static int uas_cmnd_list_empty(struct uas_dev_info *devinfo)
950 {
951 	unsigned long flags;
952 	int i, r = 1;
953 
954 	spin_lock_irqsave(&devinfo->lock, flags);
955 
956 	for (i = 0; i < devinfo->qdepth; i++) {
957 		if (devinfo->cmnd[i]) {
958 			r = 0; /* Not empty */
959 			break;
960 		}
961 	}
962 
963 	spin_unlock_irqrestore(&devinfo->lock, flags);
964 
965 	return r;
966 }
967 
968 /*
969  * Wait for any pending cmnds to complete, on usb-2 sense_urbs may temporarily
970  * get empty while there still is more work to do due to sense-urbs completing
971  * with a READ/WRITE_READY iu code, so keep waiting until the list gets empty.
972  */
973 static int uas_wait_for_pending_cmnds(struct uas_dev_info *devinfo)
974 {
975 	unsigned long start_time;
976 	int r;
977 
978 	start_time = jiffies;
979 	do {
980 		flush_work(&devinfo->work);
981 
982 		r = usb_wait_anchor_empty_timeout(&devinfo->sense_urbs, 5000);
983 		if (r == 0)
984 			return -ETIME;
985 
986 		r = usb_wait_anchor_empty_timeout(&devinfo->data_urbs, 500);
987 		if (r == 0)
988 			return -ETIME;
989 
990 		if (time_after(jiffies, start_time + 5 * HZ))
991 			return -ETIME;
992 	} while (!uas_cmnd_list_empty(devinfo));
993 
994 	return 0;
995 }
996 
997 static int uas_pre_reset(struct usb_interface *intf)
998 {
999 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1000 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1001 	unsigned long flags;
1002 
1003 	if (devinfo->shutdown)
1004 		return 0;
1005 
1006 	/* Block new requests */
1007 	spin_lock_irqsave(shost->host_lock, flags);
1008 	scsi_block_requests(shost);
1009 	spin_unlock_irqrestore(shost->host_lock, flags);
1010 
1011 	if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1012 		shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1013 		scsi_unblock_requests(shost);
1014 		return 1;
1015 	}
1016 
1017 	uas_free_streams(devinfo);
1018 
1019 	return 0;
1020 }
1021 
1022 static int uas_post_reset(struct usb_interface *intf)
1023 {
1024 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1025 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1026 	unsigned long flags;
1027 	int err;
1028 
1029 	if (devinfo->shutdown)
1030 		return 0;
1031 
1032 	err = uas_configure_endpoints(devinfo);
1033 	if (err) {
1034 		shost_printk(KERN_ERR, shost,
1035 			     "%s: alloc streams error %d after reset",
1036 			     __func__, err);
1037 		return 1;
1038 	}
1039 
1040 	spin_lock_irqsave(shost->host_lock, flags);
1041 	scsi_report_bus_reset(shost, 0);
1042 	spin_unlock_irqrestore(shost->host_lock, flags);
1043 
1044 	scsi_unblock_requests(shost);
1045 
1046 	return 0;
1047 }
1048 
1049 static int uas_suspend(struct usb_interface *intf, pm_message_t message)
1050 {
1051 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1052 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1053 
1054 	if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1055 		shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1056 		return -ETIME;
1057 	}
1058 
1059 	return 0;
1060 }
1061 
1062 static int uas_resume(struct usb_interface *intf)
1063 {
1064 	return 0;
1065 }
1066 
1067 static int uas_reset_resume(struct usb_interface *intf)
1068 {
1069 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1070 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1071 	unsigned long flags;
1072 	int err;
1073 
1074 	err = uas_configure_endpoints(devinfo);
1075 	if (err) {
1076 		shost_printk(KERN_ERR, shost,
1077 			     "%s: alloc streams error %d after reset",
1078 			     __func__, err);
1079 		return -EIO;
1080 	}
1081 
1082 	spin_lock_irqsave(shost->host_lock, flags);
1083 	scsi_report_bus_reset(shost, 0);
1084 	spin_unlock_irqrestore(shost->host_lock, flags);
1085 
1086 	return 0;
1087 }
1088 
1089 static void uas_disconnect(struct usb_interface *intf)
1090 {
1091 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1092 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1093 	unsigned long flags;
1094 
1095 	spin_lock_irqsave(&devinfo->lock, flags);
1096 	devinfo->resetting = 1;
1097 	spin_unlock_irqrestore(&devinfo->lock, flags);
1098 
1099 	cancel_work_sync(&devinfo->work);
1100 	usb_kill_anchored_urbs(&devinfo->cmd_urbs);
1101 	usb_kill_anchored_urbs(&devinfo->sense_urbs);
1102 	usb_kill_anchored_urbs(&devinfo->data_urbs);
1103 	uas_zap_pending(devinfo, DID_NO_CONNECT);
1104 
1105 	scsi_remove_host(shost);
1106 	uas_free_streams(devinfo);
1107 	scsi_host_put(shost);
1108 }
1109 
1110 /*
1111  * Put the device back in usb-storage mode on shutdown, as some BIOS-es
1112  * hang on reboot when the device is still in uas mode. Note the reset is
1113  * necessary as some devices won't revert to usb-storage mode without it.
1114  */
1115 static void uas_shutdown(struct device *dev)
1116 {
1117 	struct usb_interface *intf = to_usb_interface(dev);
1118 	struct usb_device *udev = interface_to_usbdev(intf);
1119 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1120 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1121 
1122 	if (system_state != SYSTEM_RESTART)
1123 		return;
1124 
1125 	devinfo->shutdown = 1;
1126 	uas_free_streams(devinfo);
1127 	usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
1128 	usb_reset_device(udev);
1129 }
1130 
1131 static struct usb_driver uas_driver = {
1132 	.name = "uas",
1133 	.probe = uas_probe,
1134 	.disconnect = uas_disconnect,
1135 	.pre_reset = uas_pre_reset,
1136 	.post_reset = uas_post_reset,
1137 	.suspend = uas_suspend,
1138 	.resume = uas_resume,
1139 	.reset_resume = uas_reset_resume,
1140 	.drvwrap.driver.shutdown = uas_shutdown,
1141 	.id_table = uas_usb_ids,
1142 };
1143 
1144 module_usb_driver(uas_driver);
1145 
1146 MODULE_LICENSE("GPL");
1147 MODULE_AUTHOR(
1148 	"Hans de Goede <hdegoede@redhat.com>, Matthew Wilcox and Sarah Sharp");
1149