1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/module.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 #include <scsi/scsi_device.h> 50 51 #include "usb.h" 52 #include "transport.h" 53 #include "protocol.h" 54 #include "debug.h" 55 56 57 static int usb_stor_sddr09_dpcm_init(struct us_data *us); 58 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us); 59 static int usb_stor_sddr09_init(struct us_data *us); 60 61 62 /* 63 * The table of devices 64 */ 65 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \ 66 vendorName, productName, useProtocol, useTransport, \ 67 initFunction, flags) \ 68 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \ 69 .driver_info = (flags)|(USB_US_TYPE_STOR<<24) } 70 71 struct usb_device_id sddr09_usb_ids[] = { 72 # include "unusual_sddr09.h" 73 { } /* Terminating entry */ 74 }; 75 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids); 76 77 #undef UNUSUAL_DEV 78 79 /* 80 * The flags table 81 */ 82 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \ 83 vendor_name, product_name, use_protocol, use_transport, \ 84 init_function, Flags) \ 85 { \ 86 .vendorName = vendor_name, \ 87 .productName = product_name, \ 88 .useProtocol = use_protocol, \ 89 .useTransport = use_transport, \ 90 .initFunction = init_function, \ 91 } 92 93 static struct us_unusual_dev sddr09_unusual_dev_list[] = { 94 # include "unusual_sddr09.h" 95 { } /* Terminating entry */ 96 }; 97 98 #undef UNUSUAL_DEV 99 100 101 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 102 #define LSB_of(s) ((s)&0xFF) 103 #define MSB_of(s) ((s)>>8) 104 105 /* #define US_DEBUGP printk */ 106 107 /* 108 * First some stuff that does not belong here: 109 * data on SmartMedia and other cards, completely 110 * unrelated to this driver. 111 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 112 */ 113 114 struct nand_flash_dev { 115 int model_id; 116 int chipshift; /* 1<<cs bytes total capacity */ 117 char pageshift; /* 1<<ps bytes in a page */ 118 char blockshift; /* 1<<bs pages in an erase block */ 119 char zoneshift; /* 1<<zs blocks in a zone */ 120 /* # of logical blocks is 125/128 of this */ 121 char pageadrlen; /* length of an address in bytes - 1 */ 122 }; 123 124 /* 125 * NAND Flash Manufacturer ID Codes 126 */ 127 #define NAND_MFR_AMD 0x01 128 #define NAND_MFR_NATSEMI 0x8f 129 #define NAND_MFR_TOSHIBA 0x98 130 #define NAND_MFR_SAMSUNG 0xec 131 132 static inline char *nand_flash_manufacturer(int manuf_id) { 133 switch(manuf_id) { 134 case NAND_MFR_AMD: 135 return "AMD"; 136 case NAND_MFR_NATSEMI: 137 return "NATSEMI"; 138 case NAND_MFR_TOSHIBA: 139 return "Toshiba"; 140 case NAND_MFR_SAMSUNG: 141 return "Samsung"; 142 default: 143 return "unknown"; 144 } 145 } 146 147 /* 148 * It looks like it is unnecessary to attach manufacturer to the 149 * remaining data: SSFDC prescribes manufacturer-independent id codes. 150 * 151 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 152 */ 153 154 static struct nand_flash_dev nand_flash_ids[] = { 155 /* NAND flash */ 156 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 157 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 158 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 159 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 160 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 161 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 162 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 163 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 164 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 165 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 166 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 167 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 168 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 169 170 /* MASK ROM */ 171 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 172 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 173 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 174 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 175 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 176 { 0,} 177 }; 178 179 static struct nand_flash_dev * 180 nand_find_id(unsigned char id) { 181 int i; 182 183 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 184 if (nand_flash_ids[i].model_id == id) 185 return &(nand_flash_ids[i]); 186 return NULL; 187 } 188 189 /* 190 * ECC computation. 191 */ 192 static unsigned char parity[256]; 193 static unsigned char ecc2[256]; 194 195 static void nand_init_ecc(void) { 196 int i, j, a; 197 198 parity[0] = 0; 199 for (i = 1; i < 256; i++) 200 parity[i] = (parity[i&(i-1)] ^ 1); 201 202 for (i = 0; i < 256; i++) { 203 a = 0; 204 for (j = 0; j < 8; j++) { 205 if (i & (1<<j)) { 206 if ((j & 1) == 0) 207 a ^= 0x04; 208 if ((j & 2) == 0) 209 a ^= 0x10; 210 if ((j & 4) == 0) 211 a ^= 0x40; 212 } 213 } 214 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 215 } 216 } 217 218 /* compute 3-byte ecc on 256 bytes */ 219 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 220 int i, j, a; 221 unsigned char par, bit, bits[8]; 222 223 par = 0; 224 for (j = 0; j < 8; j++) 225 bits[j] = 0; 226 227 /* collect 16 checksum bits */ 228 for (i = 0; i < 256; i++) { 229 par ^= data[i]; 230 bit = parity[data[i]]; 231 for (j = 0; j < 8; j++) 232 if ((i & (1<<j)) == 0) 233 bits[j] ^= bit; 234 } 235 236 /* put 4+4+4 = 12 bits in the ecc */ 237 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 238 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 239 240 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 241 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 242 243 ecc[2] = ecc2[par]; 244 } 245 246 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 247 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 248 } 249 250 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 251 memcpy(data, ecc, 3); 252 } 253 254 /* 255 * The actual driver starts here. 256 */ 257 258 struct sddr09_card_info { 259 unsigned long capacity; /* Size of card in bytes */ 260 int pagesize; /* Size of page in bytes */ 261 int pageshift; /* log2 of pagesize */ 262 int blocksize; /* Size of block in pages */ 263 int blockshift; /* log2 of blocksize */ 264 int blockmask; /* 2^blockshift - 1 */ 265 int *lba_to_pba; /* logical to physical map */ 266 int *pba_to_lba; /* physical to logical map */ 267 int lbact; /* number of available pages */ 268 int flags; 269 #define SDDR09_WP 1 /* write protected */ 270 }; 271 272 /* 273 * On my 16MB card, control blocks have size 64 (16 real control bytes, 274 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 275 * so the reader makes up the remaining 48. Don't know whether these numbers 276 * depend on the card. For now a constant. 277 */ 278 #define CONTROL_SHIFT 6 279 280 /* 281 * On my Combo CF/SM reader, the SM reader has LUN 1. 282 * (and things fail with LUN 0). 283 * It seems LUN is irrelevant for others. 284 */ 285 #define LUN 1 286 #define LUNBITS (LUN << 5) 287 288 /* 289 * LBA and PBA are unsigned ints. Special values. 290 */ 291 #define UNDEF 0xffffffff 292 #define SPARE 0xfffffffe 293 #define UNUSABLE 0xfffffffd 294 295 static const int erase_bad_lba_entries = 0; 296 297 /* send vendor interface command (0x41) */ 298 /* called for requests 0, 1, 8 */ 299 static int 300 sddr09_send_command(struct us_data *us, 301 unsigned char request, 302 unsigned char direction, 303 unsigned char *xfer_data, 304 unsigned int xfer_len) { 305 unsigned int pipe; 306 unsigned char requesttype = (0x41 | direction); 307 int rc; 308 309 // Get the receive or send control pipe number 310 311 if (direction == USB_DIR_IN) 312 pipe = us->recv_ctrl_pipe; 313 else 314 pipe = us->send_ctrl_pipe; 315 316 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 317 0, 0, xfer_data, xfer_len); 318 switch (rc) { 319 case USB_STOR_XFER_GOOD: return 0; 320 case USB_STOR_XFER_STALLED: return -EPIPE; 321 default: return -EIO; 322 } 323 } 324 325 static int 326 sddr09_send_scsi_command(struct us_data *us, 327 unsigned char *command, 328 unsigned int command_len) { 329 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 330 } 331 332 #if 0 333 /* 334 * Test Unit Ready Command: 12 bytes. 335 * byte 0: opcode: 00 336 */ 337 static int 338 sddr09_test_unit_ready(struct us_data *us) { 339 unsigned char *command = us->iobuf; 340 int result; 341 342 memset(command, 0, 6); 343 command[1] = LUNBITS; 344 345 result = sddr09_send_scsi_command(us, command, 6); 346 347 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 348 349 return result; 350 } 351 #endif 352 353 /* 354 * Request Sense Command: 12 bytes. 355 * byte 0: opcode: 03 356 * byte 4: data length 357 */ 358 static int 359 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 360 unsigned char *command = us->iobuf; 361 int result; 362 363 memset(command, 0, 12); 364 command[0] = 0x03; 365 command[1] = LUNBITS; 366 command[4] = buflen; 367 368 result = sddr09_send_scsi_command(us, command, 12); 369 if (result) 370 return result; 371 372 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 373 sensebuf, buflen, NULL); 374 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 375 } 376 377 /* 378 * Read Command: 12 bytes. 379 * byte 0: opcode: E8 380 * byte 1: last two bits: 00: read data, 01: read blockwise control, 381 * 10: read both, 11: read pagewise control. 382 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 383 * bytes 2-5: address (interpretation depends on byte 1, see below) 384 * bytes 10-11: count (idem) 385 * 386 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 387 * A read data command gets data in 512-byte pages. 388 * A read control command gets control in 64-byte chunks. 389 * A read both command gets data+control in 576-byte chunks. 390 * 391 * Blocks are groups of 32 pages, and read blockwise control jumps to the 392 * next block, while read pagewise control jumps to the next page after 393 * reading a group of 64 control bytes. 394 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 395 * 396 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 397 */ 398 399 static int 400 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 401 int nr_of_pages, int bulklen, unsigned char *buf, 402 int use_sg) { 403 404 unsigned char *command = us->iobuf; 405 int result; 406 407 command[0] = 0xE8; 408 command[1] = LUNBITS | x; 409 command[2] = MSB_of(fromaddress>>16); 410 command[3] = LSB_of(fromaddress>>16); 411 command[4] = MSB_of(fromaddress & 0xFFFF); 412 command[5] = LSB_of(fromaddress & 0xFFFF); 413 command[6] = 0; 414 command[7] = 0; 415 command[8] = 0; 416 command[9] = 0; 417 command[10] = MSB_of(nr_of_pages); 418 command[11] = LSB_of(nr_of_pages); 419 420 result = sddr09_send_scsi_command(us, command, 12); 421 422 if (result) { 423 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 424 x, result); 425 return result; 426 } 427 428 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 429 buf, bulklen, use_sg, NULL); 430 431 if (result != USB_STOR_XFER_GOOD) { 432 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 433 x, result); 434 return -EIO; 435 } 436 return 0; 437 } 438 439 /* 440 * Read Data 441 * 442 * fromaddress counts data shorts: 443 * increasing it by 256 shifts the bytestream by 512 bytes; 444 * the last 8 bits are ignored. 445 * 446 * nr_of_pages counts pages of size (1 << pageshift). 447 */ 448 static int 449 sddr09_read20(struct us_data *us, unsigned long fromaddress, 450 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 451 int bulklen = nr_of_pages << pageshift; 452 453 /* The last 8 bits of fromaddress are ignored. */ 454 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 455 buf, use_sg); 456 } 457 458 /* 459 * Read Blockwise Control 460 * 461 * fromaddress gives the starting position (as in read data; 462 * the last 8 bits are ignored); increasing it by 32*256 shifts 463 * the output stream by 64 bytes. 464 * 465 * count counts control groups of size (1 << controlshift). 466 * For me, controlshift = 6. Is this constant? 467 * 468 * After getting one control group, jump to the next block 469 * (fromaddress += 8192). 470 */ 471 static int 472 sddr09_read21(struct us_data *us, unsigned long fromaddress, 473 int count, int controlshift, unsigned char *buf, int use_sg) { 474 475 int bulklen = (count << controlshift); 476 return sddr09_readX(us, 1, fromaddress, count, bulklen, 477 buf, use_sg); 478 } 479 480 /* 481 * Read both Data and Control 482 * 483 * fromaddress counts data shorts, ignoring control: 484 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 485 * the last 8 bits are ignored. 486 * 487 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 488 */ 489 static int 490 sddr09_read22(struct us_data *us, unsigned long fromaddress, 491 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 492 493 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 494 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 495 nr_of_pages, bulklen); 496 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 497 buf, use_sg); 498 } 499 500 #if 0 501 /* 502 * Read Pagewise Control 503 * 504 * fromaddress gives the starting position (as in read data; 505 * the last 8 bits are ignored); increasing it by 256 shifts 506 * the output stream by 64 bytes. 507 * 508 * count counts control groups of size (1 << controlshift). 509 * For me, controlshift = 6. Is this constant? 510 * 511 * After getting one control group, jump to the next page 512 * (fromaddress += 256). 513 */ 514 static int 515 sddr09_read23(struct us_data *us, unsigned long fromaddress, 516 int count, int controlshift, unsigned char *buf, int use_sg) { 517 518 int bulklen = (count << controlshift); 519 return sddr09_readX(us, 3, fromaddress, count, bulklen, 520 buf, use_sg); 521 } 522 #endif 523 524 /* 525 * Erase Command: 12 bytes. 526 * byte 0: opcode: EA 527 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 528 * 529 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 530 * The byte address being erased is 2*Eaddress. 531 * The CIS cannot be erased. 532 */ 533 static int 534 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 535 unsigned char *command = us->iobuf; 536 int result; 537 538 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 539 540 memset(command, 0, 12); 541 command[0] = 0xEA; 542 command[1] = LUNBITS; 543 command[6] = MSB_of(Eaddress>>16); 544 command[7] = LSB_of(Eaddress>>16); 545 command[8] = MSB_of(Eaddress & 0xFFFF); 546 command[9] = LSB_of(Eaddress & 0xFFFF); 547 548 result = sddr09_send_scsi_command(us, command, 12); 549 550 if (result) 551 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 552 result); 553 554 return result; 555 } 556 557 /* 558 * Write CIS Command: 12 bytes. 559 * byte 0: opcode: EE 560 * bytes 2-5: write address in shorts 561 * bytes 10-11: sector count 562 * 563 * This writes at the indicated address. Don't know how it differs 564 * from E9. Maybe it does not erase? However, it will also write to 565 * the CIS. 566 * 567 * When two such commands on the same page follow each other directly, 568 * the second one is not done. 569 */ 570 571 /* 572 * Write Command: 12 bytes. 573 * byte 0: opcode: E9 574 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 575 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 576 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 577 * 578 * If write address equals erase address, the erase is done first, 579 * otherwise the write is done first. When erase address equals zero 580 * no erase is done? 581 */ 582 static int 583 sddr09_writeX(struct us_data *us, 584 unsigned long Waddress, unsigned long Eaddress, 585 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 586 587 unsigned char *command = us->iobuf; 588 int result; 589 590 command[0] = 0xE9; 591 command[1] = LUNBITS; 592 593 command[2] = MSB_of(Waddress>>16); 594 command[3] = LSB_of(Waddress>>16); 595 command[4] = MSB_of(Waddress & 0xFFFF); 596 command[5] = LSB_of(Waddress & 0xFFFF); 597 598 command[6] = MSB_of(Eaddress>>16); 599 command[7] = LSB_of(Eaddress>>16); 600 command[8] = MSB_of(Eaddress & 0xFFFF); 601 command[9] = LSB_of(Eaddress & 0xFFFF); 602 603 command[10] = MSB_of(nr_of_pages); 604 command[11] = LSB_of(nr_of_pages); 605 606 result = sddr09_send_scsi_command(us, command, 12); 607 608 if (result) { 609 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 610 result); 611 return result; 612 } 613 614 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 615 buf, bulklen, use_sg, NULL); 616 617 if (result != USB_STOR_XFER_GOOD) { 618 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 619 result); 620 return -EIO; 621 } 622 return 0; 623 } 624 625 /* erase address, write same address */ 626 static int 627 sddr09_write_inplace(struct us_data *us, unsigned long address, 628 int nr_of_pages, int pageshift, unsigned char *buf, 629 int use_sg) { 630 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 631 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 632 buf, use_sg); 633 } 634 635 #if 0 636 /* 637 * Read Scatter Gather Command: 3+4n bytes. 638 * byte 0: opcode E7 639 * byte 2: n 640 * bytes 4i-1,4i,4i+1: page address 641 * byte 4i+2: page count 642 * (i=1..n) 643 * 644 * This reads several pages from the card to a single memory buffer. 645 * The last two bits of byte 1 have the same meaning as for E8. 646 */ 647 static int 648 sddr09_read_sg_test_only(struct us_data *us) { 649 unsigned char *command = us->iobuf; 650 int result, bulklen, nsg, ct; 651 unsigned char *buf; 652 unsigned long address; 653 654 nsg = bulklen = 0; 655 command[0] = 0xE7; 656 command[1] = LUNBITS; 657 command[2] = 0; 658 address = 040000; ct = 1; 659 nsg++; 660 bulklen += (ct << 9); 661 command[4*nsg+2] = ct; 662 command[4*nsg+1] = ((address >> 9) & 0xFF); 663 command[4*nsg+0] = ((address >> 17) & 0xFF); 664 command[4*nsg-1] = ((address >> 25) & 0xFF); 665 666 address = 0340000; ct = 1; 667 nsg++; 668 bulklen += (ct << 9); 669 command[4*nsg+2] = ct; 670 command[4*nsg+1] = ((address >> 9) & 0xFF); 671 command[4*nsg+0] = ((address >> 17) & 0xFF); 672 command[4*nsg-1] = ((address >> 25) & 0xFF); 673 674 address = 01000000; ct = 2; 675 nsg++; 676 bulklen += (ct << 9); 677 command[4*nsg+2] = ct; 678 command[4*nsg+1] = ((address >> 9) & 0xFF); 679 command[4*nsg+0] = ((address >> 17) & 0xFF); 680 command[4*nsg-1] = ((address >> 25) & 0xFF); 681 682 command[2] = nsg; 683 684 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 685 686 if (result) { 687 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 688 result); 689 return result; 690 } 691 692 buf = kmalloc(bulklen, GFP_NOIO); 693 if (!buf) 694 return -ENOMEM; 695 696 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 697 buf, bulklen, NULL); 698 kfree(buf); 699 if (result != USB_STOR_XFER_GOOD) { 700 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 701 result); 702 return -EIO; 703 } 704 705 return 0; 706 } 707 #endif 708 709 /* 710 * Read Status Command: 12 bytes. 711 * byte 0: opcode: EC 712 * 713 * Returns 64 bytes, all zero except for the first. 714 * bit 0: 1: Error 715 * bit 5: 1: Suspended 716 * bit 6: 1: Ready 717 * bit 7: 1: Not write-protected 718 */ 719 720 static int 721 sddr09_read_status(struct us_data *us, unsigned char *status) { 722 723 unsigned char *command = us->iobuf; 724 unsigned char *data = us->iobuf; 725 int result; 726 727 US_DEBUGP("Reading status...\n"); 728 729 memset(command, 0, 12); 730 command[0] = 0xEC; 731 command[1] = LUNBITS; 732 733 result = sddr09_send_scsi_command(us, command, 12); 734 if (result) 735 return result; 736 737 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 738 data, 64, NULL); 739 *status = data[0]; 740 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 741 } 742 743 static int 744 sddr09_read_data(struct us_data *us, 745 unsigned long address, 746 unsigned int sectors) { 747 748 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 749 unsigned char *buffer; 750 unsigned int lba, maxlba, pba; 751 unsigned int page, pages; 752 unsigned int len, offset; 753 struct scatterlist *sg; 754 int result; 755 756 // Figure out the initial LBA and page 757 lba = address >> info->blockshift; 758 page = (address & info->blockmask); 759 maxlba = info->capacity >> (info->pageshift + info->blockshift); 760 if (lba >= maxlba) 761 return -EIO; 762 763 // Since we only read in one block at a time, we have to create 764 // a bounce buffer and move the data a piece at a time between the 765 // bounce buffer and the actual transfer buffer. 766 767 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 768 buffer = kmalloc(len, GFP_NOIO); 769 if (buffer == NULL) { 770 printk(KERN_WARNING "sddr09_read_data: Out of memory\n"); 771 return -ENOMEM; 772 } 773 774 // This could be made much more efficient by checking for 775 // contiguous LBA's. Another exercise left to the student. 776 777 result = 0; 778 offset = 0; 779 sg = NULL; 780 781 while (sectors > 0) { 782 783 /* Find number of pages we can read in this block */ 784 pages = min(sectors, info->blocksize - page); 785 len = pages << info->pageshift; 786 787 /* Not overflowing capacity? */ 788 if (lba >= maxlba) { 789 US_DEBUGP("Error: Requested lba %u exceeds " 790 "maximum %u\n", lba, maxlba); 791 result = -EIO; 792 break; 793 } 794 795 /* Find where this lba lives on disk */ 796 pba = info->lba_to_pba[lba]; 797 798 if (pba == UNDEF) { /* this lba was never written */ 799 800 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 801 pages, lba, page); 802 803 /* This is not really an error. It just means 804 that the block has never been written. 805 Instead of returning an error 806 it is better to return all zero data. */ 807 808 memset(buffer, 0, len); 809 810 } else { 811 US_DEBUGP("Read %d pages, from PBA %d" 812 " (LBA %d) page %d\n", 813 pages, pba, lba, page); 814 815 address = ((pba << info->blockshift) + page) << 816 info->pageshift; 817 818 result = sddr09_read20(us, address>>1, 819 pages, info->pageshift, buffer, 0); 820 if (result) 821 break; 822 } 823 824 // Store the data in the transfer buffer 825 usb_stor_access_xfer_buf(buffer, len, us->srb, 826 &sg, &offset, TO_XFER_BUF); 827 828 page = 0; 829 lba++; 830 sectors -= pages; 831 } 832 833 kfree(buffer); 834 return result; 835 } 836 837 static unsigned int 838 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 839 static unsigned int lastpba = 1; 840 int zonestart, end, i; 841 842 zonestart = (lba/1000) << 10; 843 end = info->capacity >> (info->blockshift + info->pageshift); 844 end -= zonestart; 845 if (end > 1024) 846 end = 1024; 847 848 for (i = lastpba+1; i < end; i++) { 849 if (info->pba_to_lba[zonestart+i] == UNDEF) { 850 lastpba = i; 851 return zonestart+i; 852 } 853 } 854 for (i = 0; i <= lastpba; i++) { 855 if (info->pba_to_lba[zonestart+i] == UNDEF) { 856 lastpba = i; 857 return zonestart+i; 858 } 859 } 860 return 0; 861 } 862 863 static int 864 sddr09_write_lba(struct us_data *us, unsigned int lba, 865 unsigned int page, unsigned int pages, 866 unsigned char *ptr, unsigned char *blockbuffer) { 867 868 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 869 unsigned long address; 870 unsigned int pba, lbap; 871 unsigned int pagelen; 872 unsigned char *bptr, *cptr, *xptr; 873 unsigned char ecc[3]; 874 int i, result, isnew; 875 876 lbap = ((lba % 1000) << 1) | 0x1000; 877 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 878 lbap ^= 1; 879 pba = info->lba_to_pba[lba]; 880 isnew = 0; 881 882 if (pba == UNDEF) { 883 pba = sddr09_find_unused_pba(info, lba); 884 if (!pba) { 885 printk(KERN_WARNING 886 "sddr09_write_lba: Out of unused blocks\n"); 887 return -ENOSPC; 888 } 889 info->pba_to_lba[pba] = lba; 890 info->lba_to_pba[lba] = pba; 891 isnew = 1; 892 } 893 894 if (pba == 1) { 895 /* Maybe it is impossible to write to PBA 1. 896 Fake success, but don't do anything. */ 897 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 898 return 0; 899 } 900 901 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 902 903 /* read old contents */ 904 address = (pba << (info->pageshift + info->blockshift)); 905 result = sddr09_read22(us, address>>1, info->blocksize, 906 info->pageshift, blockbuffer, 0); 907 if (result) 908 return result; 909 910 /* check old contents and fill lba */ 911 for (i = 0; i < info->blocksize; i++) { 912 bptr = blockbuffer + i*pagelen; 913 cptr = bptr + info->pagesize; 914 nand_compute_ecc(bptr, ecc); 915 if (!nand_compare_ecc(cptr+13, ecc)) { 916 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 917 i, pba); 918 nand_store_ecc(cptr+13, ecc); 919 } 920 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 921 if (!nand_compare_ecc(cptr+8, ecc)) { 922 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 923 i, pba); 924 nand_store_ecc(cptr+8, ecc); 925 } 926 cptr[6] = cptr[11] = MSB_of(lbap); 927 cptr[7] = cptr[12] = LSB_of(lbap); 928 } 929 930 /* copy in new stuff and compute ECC */ 931 xptr = ptr; 932 for (i = page; i < page+pages; i++) { 933 bptr = blockbuffer + i*pagelen; 934 cptr = bptr + info->pagesize; 935 memcpy(bptr, xptr, info->pagesize); 936 xptr += info->pagesize; 937 nand_compute_ecc(bptr, ecc); 938 nand_store_ecc(cptr+13, ecc); 939 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 940 nand_store_ecc(cptr+8, ecc); 941 } 942 943 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 944 945 result = sddr09_write_inplace(us, address>>1, info->blocksize, 946 info->pageshift, blockbuffer, 0); 947 948 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 949 950 #if 0 951 { 952 unsigned char status = 0; 953 int result2 = sddr09_read_status(us, &status); 954 if (result2) 955 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 956 else if (status != 0xc0) 957 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 958 status); 959 } 960 #endif 961 962 #if 0 963 { 964 int result2 = sddr09_test_unit_ready(us); 965 } 966 #endif 967 968 return result; 969 } 970 971 static int 972 sddr09_write_data(struct us_data *us, 973 unsigned long address, 974 unsigned int sectors) { 975 976 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 977 unsigned int lba, maxlba, page, pages; 978 unsigned int pagelen, blocklen; 979 unsigned char *blockbuffer; 980 unsigned char *buffer; 981 unsigned int len, offset; 982 struct scatterlist *sg; 983 int result; 984 985 // Figure out the initial LBA and page 986 lba = address >> info->blockshift; 987 page = (address & info->blockmask); 988 maxlba = info->capacity >> (info->pageshift + info->blockshift); 989 if (lba >= maxlba) 990 return -EIO; 991 992 // blockbuffer is used for reading in the old data, overwriting 993 // with the new data, and performing ECC calculations 994 995 /* TODO: instead of doing kmalloc/kfree for each write, 996 add a bufferpointer to the info structure */ 997 998 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 999 blocklen = (pagelen << info->blockshift); 1000 blockbuffer = kmalloc(blocklen, GFP_NOIO); 1001 if (!blockbuffer) { 1002 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1003 return -ENOMEM; 1004 } 1005 1006 // Since we don't write the user data directly to the device, 1007 // we have to create a bounce buffer and move the data a piece 1008 // at a time between the bounce buffer and the actual transfer buffer. 1009 1010 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 1011 buffer = kmalloc(len, GFP_NOIO); 1012 if (buffer == NULL) { 1013 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1014 kfree(blockbuffer); 1015 return -ENOMEM; 1016 } 1017 1018 result = 0; 1019 offset = 0; 1020 sg = NULL; 1021 1022 while (sectors > 0) { 1023 1024 // Write as many sectors as possible in this block 1025 1026 pages = min(sectors, info->blocksize - page); 1027 len = (pages << info->pageshift); 1028 1029 /* Not overflowing capacity? */ 1030 if (lba >= maxlba) { 1031 US_DEBUGP("Error: Requested lba %u exceeds " 1032 "maximum %u\n", lba, maxlba); 1033 result = -EIO; 1034 break; 1035 } 1036 1037 // Get the data from the transfer buffer 1038 usb_stor_access_xfer_buf(buffer, len, us->srb, 1039 &sg, &offset, FROM_XFER_BUF); 1040 1041 result = sddr09_write_lba(us, lba, page, pages, 1042 buffer, blockbuffer); 1043 if (result) 1044 break; 1045 1046 page = 0; 1047 lba++; 1048 sectors -= pages; 1049 } 1050 1051 kfree(buffer); 1052 kfree(blockbuffer); 1053 1054 return result; 1055 } 1056 1057 static int 1058 sddr09_read_control(struct us_data *us, 1059 unsigned long address, 1060 unsigned int blocks, 1061 unsigned char *content, 1062 int use_sg) { 1063 1064 US_DEBUGP("Read control address %lu, blocks %d\n", 1065 address, blocks); 1066 1067 return sddr09_read21(us, address, blocks, 1068 CONTROL_SHIFT, content, use_sg); 1069 } 1070 1071 /* 1072 * Read Device ID Command: 12 bytes. 1073 * byte 0: opcode: ED 1074 * 1075 * Returns 2 bytes: Manufacturer ID and Device ID. 1076 * On more recent cards 3 bytes: the third byte is an option code A5 1077 * signifying that the secret command to read an 128-bit ID is available. 1078 * On still more recent cards 4 bytes: the fourth byte C0 means that 1079 * a second read ID cmd is available. 1080 */ 1081 static int 1082 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1083 unsigned char *command = us->iobuf; 1084 unsigned char *content = us->iobuf; 1085 int result, i; 1086 1087 memset(command, 0, 12); 1088 command[0] = 0xED; 1089 command[1] = LUNBITS; 1090 1091 result = sddr09_send_scsi_command(us, command, 12); 1092 if (result) 1093 return result; 1094 1095 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1096 content, 64, NULL); 1097 1098 for (i = 0; i < 4; i++) 1099 deviceID[i] = content[i]; 1100 1101 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1102 } 1103 1104 static int 1105 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1106 int result; 1107 unsigned char status; 1108 1109 result = sddr09_read_status(us, &status); 1110 if (result) { 1111 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1112 return result; 1113 } 1114 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1115 if ((status & 0x80) == 0) { 1116 info->flags |= SDDR09_WP; /* write protected */ 1117 US_DEBUGP(" WP"); 1118 } 1119 if (status & 0x40) 1120 US_DEBUGP(" Ready"); 1121 if (status & LUNBITS) 1122 US_DEBUGP(" Suspended"); 1123 if (status & 0x1) 1124 US_DEBUGP(" Error"); 1125 US_DEBUGP("\n"); 1126 return 0; 1127 } 1128 1129 #if 0 1130 /* 1131 * Reset Command: 12 bytes. 1132 * byte 0: opcode: EB 1133 */ 1134 static int 1135 sddr09_reset(struct us_data *us) { 1136 1137 unsigned char *command = us->iobuf; 1138 1139 memset(command, 0, 12); 1140 command[0] = 0xEB; 1141 command[1] = LUNBITS; 1142 1143 return sddr09_send_scsi_command(us, command, 12); 1144 } 1145 #endif 1146 1147 static struct nand_flash_dev * 1148 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1149 struct nand_flash_dev *cardinfo; 1150 unsigned char deviceID[4]; 1151 char blurbtxt[256]; 1152 int result; 1153 1154 US_DEBUGP("Reading capacity...\n"); 1155 1156 result = sddr09_read_deviceID(us, deviceID); 1157 1158 if (result) { 1159 US_DEBUGP("Result of read_deviceID is %d\n", result); 1160 printk(KERN_WARNING "sddr09: could not read card info\n"); 1161 return NULL; 1162 } 1163 1164 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1165 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1166 1167 /* Byte 0 is the manufacturer */ 1168 sprintf(blurbtxt + strlen(blurbtxt), 1169 ": Manuf. %s", 1170 nand_flash_manufacturer(deviceID[0])); 1171 1172 /* Byte 1 is the device type */ 1173 cardinfo = nand_find_id(deviceID[1]); 1174 if (cardinfo) { 1175 /* MB or MiB? It is neither. A 16 MB card has 1176 17301504 raw bytes, of which 16384000 are 1177 usable for user data. */ 1178 sprintf(blurbtxt + strlen(blurbtxt), 1179 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1180 } else { 1181 sprintf(blurbtxt + strlen(blurbtxt), 1182 ", type unrecognized"); 1183 } 1184 1185 /* Byte 2 is code to signal availability of 128-bit ID */ 1186 if (deviceID[2] == 0xa5) { 1187 sprintf(blurbtxt + strlen(blurbtxt), 1188 ", 128-bit ID"); 1189 } 1190 1191 /* Byte 3 announces the availability of another read ID command */ 1192 if (deviceID[3] == 0xc0) { 1193 sprintf(blurbtxt + strlen(blurbtxt), 1194 ", extra cmd"); 1195 } 1196 1197 if (flags & SDDR09_WP) 1198 sprintf(blurbtxt + strlen(blurbtxt), 1199 ", WP"); 1200 1201 printk(KERN_WARNING "%s\n", blurbtxt); 1202 1203 return cardinfo; 1204 } 1205 1206 static int 1207 sddr09_read_map(struct us_data *us) { 1208 1209 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1210 int numblocks, alloc_len, alloc_blocks; 1211 int i, j, result; 1212 unsigned char *buffer, *buffer_end, *ptr; 1213 unsigned int lba, lbact; 1214 1215 if (!info->capacity) 1216 return -1; 1217 1218 // size of a block is 1 << (blockshift + pageshift) bytes 1219 // divide into the total capacity to get the number of blocks 1220 1221 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1222 1223 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1224 // but only use a 64 KB buffer 1225 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1226 #define SDDR09_READ_MAP_BUFSZ 65536 1227 1228 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1229 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1230 buffer = kmalloc(alloc_len, GFP_NOIO); 1231 if (buffer == NULL) { 1232 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1233 result = -1; 1234 goto done; 1235 } 1236 buffer_end = buffer + alloc_len; 1237 1238 #undef SDDR09_READ_MAP_BUFSZ 1239 1240 kfree(info->lba_to_pba); 1241 kfree(info->pba_to_lba); 1242 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1243 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1244 1245 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1246 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1247 result = -1; 1248 goto done; 1249 } 1250 1251 for (i = 0; i < numblocks; i++) 1252 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1253 1254 /* 1255 * Define lba-pba translation table 1256 */ 1257 1258 ptr = buffer_end; 1259 for (i = 0; i < numblocks; i++) { 1260 ptr += (1 << CONTROL_SHIFT); 1261 if (ptr >= buffer_end) { 1262 unsigned long address; 1263 1264 address = i << (info->pageshift + info->blockshift); 1265 result = sddr09_read_control( 1266 us, address>>1, 1267 min(alloc_blocks, numblocks - i), 1268 buffer, 0); 1269 if (result) { 1270 result = -1; 1271 goto done; 1272 } 1273 ptr = buffer; 1274 } 1275 1276 if (i == 0 || i == 1) { 1277 info->pba_to_lba[i] = UNUSABLE; 1278 continue; 1279 } 1280 1281 /* special PBAs have control field 0^16 */ 1282 for (j = 0; j < 16; j++) 1283 if (ptr[j] != 0) 1284 goto nonz; 1285 info->pba_to_lba[i] = UNUSABLE; 1286 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1287 i); 1288 continue; 1289 1290 nonz: 1291 /* unwritten PBAs have control field FF^16 */ 1292 for (j = 0; j < 16; j++) 1293 if (ptr[j] != 0xff) 1294 goto nonff; 1295 continue; 1296 1297 nonff: 1298 /* normal PBAs start with six FFs */ 1299 if (j < 6) { 1300 printk(KERN_WARNING 1301 "sddr09: PBA %d has no logical mapping: " 1302 "reserved area = %02X%02X%02X%02X " 1303 "data status %02X block status %02X\n", 1304 i, ptr[0], ptr[1], ptr[2], ptr[3], 1305 ptr[4], ptr[5]); 1306 info->pba_to_lba[i] = UNUSABLE; 1307 continue; 1308 } 1309 1310 if ((ptr[6] >> 4) != 0x01) { 1311 printk(KERN_WARNING 1312 "sddr09: PBA %d has invalid address field " 1313 "%02X%02X/%02X%02X\n", 1314 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1315 info->pba_to_lba[i] = UNUSABLE; 1316 continue; 1317 } 1318 1319 /* check even parity */ 1320 if (parity[ptr[6] ^ ptr[7]]) { 1321 printk(KERN_WARNING 1322 "sddr09: Bad parity in LBA for block %d" 1323 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1324 info->pba_to_lba[i] = UNUSABLE; 1325 continue; 1326 } 1327 1328 lba = short_pack(ptr[7], ptr[6]); 1329 lba = (lba & 0x07FF) >> 1; 1330 1331 /* 1332 * Every 1024 physical blocks ("zone"), the LBA numbers 1333 * go back to zero, but are within a higher block of LBA's. 1334 * Also, there is a maximum of 1000 LBA's per zone. 1335 * In other words, in PBA 1024-2047 you will find LBA 0-999 1336 * which are really LBA 1000-1999. This allows for 24 bad 1337 * or special physical blocks per zone. 1338 */ 1339 1340 if (lba >= 1000) { 1341 printk(KERN_WARNING 1342 "sddr09: Bad low LBA %d for block %d\n", 1343 lba, i); 1344 goto possibly_erase; 1345 } 1346 1347 lba += 1000*(i/0x400); 1348 1349 if (info->lba_to_pba[lba] != UNDEF) { 1350 printk(KERN_WARNING 1351 "sddr09: LBA %d seen for PBA %d and %d\n", 1352 lba, info->lba_to_pba[lba], i); 1353 goto possibly_erase; 1354 } 1355 1356 info->pba_to_lba[i] = lba; 1357 info->lba_to_pba[lba] = i; 1358 continue; 1359 1360 possibly_erase: 1361 if (erase_bad_lba_entries) { 1362 unsigned long address; 1363 1364 address = (i << (info->pageshift + info->blockshift)); 1365 sddr09_erase(us, address>>1); 1366 info->pba_to_lba[i] = UNDEF; 1367 } else 1368 info->pba_to_lba[i] = UNUSABLE; 1369 } 1370 1371 /* 1372 * Approximate capacity. This is not entirely correct yet, 1373 * since a zone with less than 1000 usable pages leads to 1374 * missing LBAs. Especially if it is the last zone, some 1375 * LBAs can be past capacity. 1376 */ 1377 lbact = 0; 1378 for (i = 0; i < numblocks; i += 1024) { 1379 int ct = 0; 1380 1381 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1382 if (info->pba_to_lba[i+j] != UNUSABLE) { 1383 if (ct >= 1000) 1384 info->pba_to_lba[i+j] = SPARE; 1385 else 1386 ct++; 1387 } 1388 } 1389 lbact += ct; 1390 } 1391 info->lbact = lbact; 1392 US_DEBUGP("Found %d LBA's\n", lbact); 1393 result = 0; 1394 1395 done: 1396 if (result != 0) { 1397 kfree(info->lba_to_pba); 1398 kfree(info->pba_to_lba); 1399 info->lba_to_pba = NULL; 1400 info->pba_to_lba = NULL; 1401 } 1402 kfree(buffer); 1403 return result; 1404 } 1405 1406 static void 1407 sddr09_card_info_destructor(void *extra) { 1408 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1409 1410 if (!info) 1411 return; 1412 1413 kfree(info->lba_to_pba); 1414 kfree(info->pba_to_lba); 1415 } 1416 1417 static int 1418 sddr09_common_init(struct us_data *us) { 1419 int result; 1420 1421 /* set the configuration -- STALL is an acceptable response here */ 1422 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1423 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1424 ->actconfig->desc.bConfigurationValue); 1425 return -EINVAL; 1426 } 1427 1428 result = usb_reset_configuration(us->pusb_dev); 1429 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1430 if (result == -EPIPE) { 1431 US_DEBUGP("-- stall on control interface\n"); 1432 } else if (result != 0) { 1433 /* it's not a stall, but another error -- time to bail */ 1434 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1435 return -EINVAL; 1436 } 1437 1438 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1439 if (!us->extra) 1440 return -ENOMEM; 1441 us->extra_destructor = sddr09_card_info_destructor; 1442 1443 nand_init_ecc(); 1444 return 0; 1445 } 1446 1447 1448 /* 1449 * This is needed at a very early stage. If this is not listed in the 1450 * unusual devices list but called from here then LUN 0 of the combo reader 1451 * is not recognized. But I do not know what precisely these calls do. 1452 */ 1453 static int 1454 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1455 int result; 1456 unsigned char *data = us->iobuf; 1457 1458 result = sddr09_common_init(us); 1459 if (result) 1460 return result; 1461 1462 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1463 if (result) { 1464 US_DEBUGP("sddr09_init: send_command fails\n"); 1465 return result; 1466 } 1467 1468 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1469 // get 07 02 1470 1471 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1472 if (result) { 1473 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1474 return result; 1475 } 1476 1477 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1478 // get 07 00 1479 1480 result = sddr09_request_sense(us, data, 18); 1481 if (result == 0 && data[2] != 0) { 1482 int j; 1483 for (j=0; j<18; j++) 1484 printk(" %02X", data[j]); 1485 printk("\n"); 1486 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1487 // 70: current command 1488 // sense key 0, sense code 0, extd sense code 0 1489 // additional transfer length * = sizeof(data) - 7 1490 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1491 // sense key 06, sense code 28: unit attention, 1492 // not ready to ready transition 1493 } 1494 1495 // test unit ready 1496 1497 return 0; /* not result */ 1498 } 1499 1500 /* 1501 * Transport for the Microtech DPCM-USB 1502 */ 1503 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1504 { 1505 int ret; 1506 1507 US_DEBUGP("dpcm_transport: LUN=%d\n", srb->device->lun); 1508 1509 switch (srb->device->lun) { 1510 case 0: 1511 1512 /* 1513 * LUN 0 corresponds to the CompactFlash card reader. 1514 */ 1515 ret = usb_stor_CB_transport(srb, us); 1516 break; 1517 1518 case 1: 1519 1520 /* 1521 * LUN 1 corresponds to the SmartMedia card reader. 1522 */ 1523 1524 /* 1525 * Set the LUN to 0 (just in case). 1526 */ 1527 srb->device->lun = 0; 1528 ret = sddr09_transport(srb, us); 1529 srb->device->lun = 1; 1530 break; 1531 1532 default: 1533 US_DEBUGP("dpcm_transport: Invalid LUN %d\n", 1534 srb->device->lun); 1535 ret = USB_STOR_TRANSPORT_ERROR; 1536 break; 1537 } 1538 return ret; 1539 } 1540 1541 1542 /* 1543 * Transport for the Sandisk SDDR-09 1544 */ 1545 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1546 { 1547 static unsigned char sensekey = 0, sensecode = 0; 1548 static unsigned char havefakesense = 0; 1549 int result, i; 1550 unsigned char *ptr = us->iobuf; 1551 unsigned long capacity; 1552 unsigned int page, pages; 1553 1554 struct sddr09_card_info *info; 1555 1556 static unsigned char inquiry_response[8] = { 1557 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1558 }; 1559 1560 /* note: no block descriptor support */ 1561 static unsigned char mode_page_01[19] = { 1562 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1563 0x01, 0x0A, 1564 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1565 }; 1566 1567 info = (struct sddr09_card_info *)us->extra; 1568 1569 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1570 /* for a faked command, we have to follow with a faked sense */ 1571 memset(ptr, 0, 18); 1572 ptr[0] = 0x70; 1573 ptr[2] = sensekey; 1574 ptr[7] = 11; 1575 ptr[12] = sensecode; 1576 usb_stor_set_xfer_buf(ptr, 18, srb); 1577 sensekey = sensecode = havefakesense = 0; 1578 return USB_STOR_TRANSPORT_GOOD; 1579 } 1580 1581 havefakesense = 1; 1582 1583 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1584 respond to INQUIRY commands */ 1585 1586 if (srb->cmnd[0] == INQUIRY) { 1587 memcpy(ptr, inquiry_response, 8); 1588 fill_inquiry_response(us, ptr, 36); 1589 return USB_STOR_TRANSPORT_GOOD; 1590 } 1591 1592 if (srb->cmnd[0] == READ_CAPACITY) { 1593 struct nand_flash_dev *cardinfo; 1594 1595 sddr09_get_wp(us, info); /* read WP bit */ 1596 1597 cardinfo = sddr09_get_cardinfo(us, info->flags); 1598 if (!cardinfo) { 1599 /* probably no media */ 1600 init_error: 1601 sensekey = 0x02; /* not ready */ 1602 sensecode = 0x3a; /* medium not present */ 1603 return USB_STOR_TRANSPORT_FAILED; 1604 } 1605 1606 info->capacity = (1 << cardinfo->chipshift); 1607 info->pageshift = cardinfo->pageshift; 1608 info->pagesize = (1 << info->pageshift); 1609 info->blockshift = cardinfo->blockshift; 1610 info->blocksize = (1 << info->blockshift); 1611 info->blockmask = info->blocksize - 1; 1612 1613 // map initialization, must follow get_cardinfo() 1614 if (sddr09_read_map(us)) { 1615 /* probably out of memory */ 1616 goto init_error; 1617 } 1618 1619 // Report capacity 1620 1621 capacity = (info->lbact << info->blockshift) - 1; 1622 1623 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1624 1625 // Report page size 1626 1627 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1628 usb_stor_set_xfer_buf(ptr, 8, srb); 1629 1630 return USB_STOR_TRANSPORT_GOOD; 1631 } 1632 1633 if (srb->cmnd[0] == MODE_SENSE_10) { 1634 int modepage = (srb->cmnd[2] & 0x3F); 1635 1636 /* They ask for the Read/Write error recovery page, 1637 or for all pages. */ 1638 /* %% We should check DBD %% */ 1639 if (modepage == 0x01 || modepage == 0x3F) { 1640 US_DEBUGP("SDDR09: Dummy up request for " 1641 "mode page 0x%x\n", modepage); 1642 1643 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1644 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1645 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1646 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1647 return USB_STOR_TRANSPORT_GOOD; 1648 } 1649 1650 sensekey = 0x05; /* illegal request */ 1651 sensecode = 0x24; /* invalid field in CDB */ 1652 return USB_STOR_TRANSPORT_FAILED; 1653 } 1654 1655 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1656 return USB_STOR_TRANSPORT_GOOD; 1657 1658 havefakesense = 0; 1659 1660 if (srb->cmnd[0] == READ_10) { 1661 1662 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1663 page <<= 16; 1664 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1665 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1666 1667 US_DEBUGP("READ_10: read page %d pagect %d\n", 1668 page, pages); 1669 1670 result = sddr09_read_data(us, page, pages); 1671 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1672 USB_STOR_TRANSPORT_ERROR); 1673 } 1674 1675 if (srb->cmnd[0] == WRITE_10) { 1676 1677 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1678 page <<= 16; 1679 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1680 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1681 1682 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1683 page, pages); 1684 1685 result = sddr09_write_data(us, page, pages); 1686 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1687 USB_STOR_TRANSPORT_ERROR); 1688 } 1689 1690 /* catch-all for all other commands, except 1691 * pass TEST_UNIT_READY and REQUEST_SENSE through 1692 */ 1693 if (srb->cmnd[0] != TEST_UNIT_READY && 1694 srb->cmnd[0] != REQUEST_SENSE) { 1695 sensekey = 0x05; /* illegal request */ 1696 sensecode = 0x20; /* invalid command */ 1697 havefakesense = 1; 1698 return USB_STOR_TRANSPORT_FAILED; 1699 } 1700 1701 for (; srb->cmd_len<12; srb->cmd_len++) 1702 srb->cmnd[srb->cmd_len] = 0; 1703 1704 srb->cmnd[1] = LUNBITS; 1705 1706 ptr[0] = 0; 1707 for (i=0; i<12; i++) 1708 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1709 1710 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1711 1712 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1713 if (result) { 1714 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1715 "returns %d\n", result); 1716 return USB_STOR_TRANSPORT_ERROR; 1717 } 1718 1719 if (scsi_bufflen(srb) == 0) 1720 return USB_STOR_TRANSPORT_GOOD; 1721 1722 if (srb->sc_data_direction == DMA_TO_DEVICE || 1723 srb->sc_data_direction == DMA_FROM_DEVICE) { 1724 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1725 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1726 1727 US_DEBUGP("SDDR09: %s %d bytes\n", 1728 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1729 "sending" : "receiving", 1730 scsi_bufflen(srb)); 1731 1732 result = usb_stor_bulk_srb(us, pipe, srb); 1733 1734 return (result == USB_STOR_XFER_GOOD ? 1735 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1736 } 1737 1738 return USB_STOR_TRANSPORT_GOOD; 1739 } 1740 1741 /* 1742 * Initialization routine for the sddr09 subdriver 1743 */ 1744 static int 1745 usb_stor_sddr09_init(struct us_data *us) { 1746 return sddr09_common_init(us); 1747 } 1748 1749 static int sddr09_probe(struct usb_interface *intf, 1750 const struct usb_device_id *id) 1751 { 1752 struct us_data *us; 1753 int result; 1754 1755 result = usb_stor_probe1(&us, intf, id, 1756 (id - sddr09_usb_ids) + sddr09_unusual_dev_list); 1757 if (result) 1758 return result; 1759 1760 if (us->protocol == US_PR_DPCM_USB) { 1761 us->transport_name = "Control/Bulk-EUSB/SDDR09"; 1762 us->transport = dpcm_transport; 1763 us->transport_reset = usb_stor_CB_reset; 1764 us->max_lun = 1; 1765 } else { 1766 us->transport_name = "EUSB/SDDR09"; 1767 us->transport = sddr09_transport; 1768 us->transport_reset = usb_stor_CB_reset; 1769 us->max_lun = 0; 1770 } 1771 1772 result = usb_stor_probe2(us); 1773 return result; 1774 } 1775 1776 static struct usb_driver sddr09_driver = { 1777 .name = "ums-sddr09", 1778 .probe = sddr09_probe, 1779 .disconnect = usb_stor_disconnect, 1780 .suspend = usb_stor_suspend, 1781 .resume = usb_stor_resume, 1782 .reset_resume = usb_stor_reset_resume, 1783 .pre_reset = usb_stor_pre_reset, 1784 .post_reset = usb_stor_post_reset, 1785 .id_table = sddr09_usb_ids, 1786 .soft_unbind = 1, 1787 }; 1788 1789 static int __init sddr09_init(void) 1790 { 1791 return usb_register(&sddr09_driver); 1792 } 1793 1794 static void __exit sddr09_exit(void) 1795 { 1796 usb_deregister(&sddr09_driver); 1797 } 1798 1799 module_init(sddr09_init); 1800 module_exit(sddr09_exit); 1801