1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $ 4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 5 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 6 * Developed with the assistance of: 7 * (c) 2002 Alan Stern <stern@rowland.org> 8 * 9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 10 * This chip is a programmable USB controller. In the SDDR-09, it has 11 * been programmed to obey a certain limited set of SCSI commands. 12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 13 * commands. 14 * 15 * This program is free software; you can redistribute it and/or modify it 16 * under the terms of the GNU General Public License as published by the 17 * Free Software Foundation; either version 2, or (at your option) any 18 * later version. 19 * 20 * This program is distributed in the hope that it will be useful, but 21 * WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 * General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License along 26 * with this program; if not, write to the Free Software Foundation, Inc., 27 * 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 /* 31 * Known vendor commands: 12 bytes, first byte is opcode 32 * 33 * E7: read scatter gather 34 * E8: read 35 * E9: write 36 * EA: erase 37 * EB: reset 38 * EC: read status 39 * ED: read ID 40 * EE: write CIS (?) 41 * EF: compute checksum (?) 42 */ 43 44 #include <linux/sched.h> 45 #include <linux/errno.h> 46 #include <linux/slab.h> 47 48 #include <scsi/scsi.h> 49 #include <scsi/scsi_cmnd.h> 50 51 #include "usb.h" 52 #include "transport.h" 53 #include "protocol.h" 54 #include "debug.h" 55 #include "sddr09.h" 56 57 58 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 59 #define LSB_of(s) ((s)&0xFF) 60 #define MSB_of(s) ((s)>>8) 61 62 /* #define US_DEBUGP printk */ 63 64 /* 65 * First some stuff that does not belong here: 66 * data on SmartMedia and other cards, completely 67 * unrelated to this driver. 68 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 69 */ 70 71 struct nand_flash_dev { 72 int model_id; 73 int chipshift; /* 1<<cs bytes total capacity */ 74 char pageshift; /* 1<<ps bytes in a page */ 75 char blockshift; /* 1<<bs pages in an erase block */ 76 char zoneshift; /* 1<<zs blocks in a zone */ 77 /* # of logical blocks is 125/128 of this */ 78 char pageadrlen; /* length of an address in bytes - 1 */ 79 }; 80 81 /* 82 * NAND Flash Manufacturer ID Codes 83 */ 84 #define NAND_MFR_AMD 0x01 85 #define NAND_MFR_NATSEMI 0x8f 86 #define NAND_MFR_TOSHIBA 0x98 87 #define NAND_MFR_SAMSUNG 0xec 88 89 static inline char *nand_flash_manufacturer(int manuf_id) { 90 switch(manuf_id) { 91 case NAND_MFR_AMD: 92 return "AMD"; 93 case NAND_MFR_NATSEMI: 94 return "NATSEMI"; 95 case NAND_MFR_TOSHIBA: 96 return "Toshiba"; 97 case NAND_MFR_SAMSUNG: 98 return "Samsung"; 99 default: 100 return "unknown"; 101 } 102 } 103 104 /* 105 * It looks like it is unnecessary to attach manufacturer to the 106 * remaining data: SSFDC prescribes manufacturer-independent id codes. 107 * 108 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 109 */ 110 111 static struct nand_flash_dev nand_flash_ids[] = { 112 /* NAND flash */ 113 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 114 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 115 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 116 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 117 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 118 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 119 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 120 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 121 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 122 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 123 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 124 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 125 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 126 127 /* MASK ROM */ 128 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 129 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 130 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 131 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 132 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 133 { 0,} 134 }; 135 136 #define SIZE(a) (sizeof(a)/sizeof((a)[0])) 137 138 static struct nand_flash_dev * 139 nand_find_id(unsigned char id) { 140 int i; 141 142 for (i = 0; i < SIZE(nand_flash_ids); i++) 143 if (nand_flash_ids[i].model_id == id) 144 return &(nand_flash_ids[i]); 145 return NULL; 146 } 147 148 /* 149 * ECC computation. 150 */ 151 static unsigned char parity[256]; 152 static unsigned char ecc2[256]; 153 154 static void nand_init_ecc(void) { 155 int i, j, a; 156 157 parity[0] = 0; 158 for (i = 1; i < 256; i++) 159 parity[i] = (parity[i&(i-1)] ^ 1); 160 161 for (i = 0; i < 256; i++) { 162 a = 0; 163 for (j = 0; j < 8; j++) { 164 if (i & (1<<j)) { 165 if ((j & 1) == 0) 166 a ^= 0x04; 167 if ((j & 2) == 0) 168 a ^= 0x10; 169 if ((j & 4) == 0) 170 a ^= 0x40; 171 } 172 } 173 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 174 } 175 } 176 177 /* compute 3-byte ecc on 256 bytes */ 178 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 179 int i, j, a; 180 unsigned char par, bit, bits[8]; 181 182 par = 0; 183 for (j = 0; j < 8; j++) 184 bits[j] = 0; 185 186 /* collect 16 checksum bits */ 187 for (i = 0; i < 256; i++) { 188 par ^= data[i]; 189 bit = parity[data[i]]; 190 for (j = 0; j < 8; j++) 191 if ((i & (1<<j)) == 0) 192 bits[j] ^= bit; 193 } 194 195 /* put 4+4+4 = 12 bits in the ecc */ 196 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 197 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 198 199 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 200 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 201 202 ecc[2] = ecc2[par]; 203 } 204 205 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 206 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 207 } 208 209 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 210 memcpy(data, ecc, 3); 211 } 212 213 /* 214 * The actual driver starts here. 215 */ 216 217 /* 218 * On my 16MB card, control blocks have size 64 (16 real control bytes, 219 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 220 * so the reader makes up the remaining 48. Don't know whether these numbers 221 * depend on the card. For now a constant. 222 */ 223 #define CONTROL_SHIFT 6 224 225 /* 226 * On my Combo CF/SM reader, the SM reader has LUN 1. 227 * (and things fail with LUN 0). 228 * It seems LUN is irrelevant for others. 229 */ 230 #define LUN 1 231 #define LUNBITS (LUN << 5) 232 233 /* 234 * LBA and PBA are unsigned ints. Special values. 235 */ 236 #define UNDEF 0xffffffff 237 #define SPARE 0xfffffffe 238 #define UNUSABLE 0xfffffffd 239 240 static int erase_bad_lba_entries = 0; 241 242 /* send vendor interface command (0x41) */ 243 /* called for requests 0, 1, 8 */ 244 static int 245 sddr09_send_command(struct us_data *us, 246 unsigned char request, 247 unsigned char direction, 248 unsigned char *xfer_data, 249 unsigned int xfer_len) { 250 unsigned int pipe; 251 unsigned char requesttype = (0x41 | direction); 252 int rc; 253 254 // Get the receive or send control pipe number 255 256 if (direction == USB_DIR_IN) 257 pipe = us->recv_ctrl_pipe; 258 else 259 pipe = us->send_ctrl_pipe; 260 261 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 262 0, 0, xfer_data, xfer_len); 263 return (rc == USB_STOR_XFER_GOOD ? USB_STOR_TRANSPORT_GOOD : 264 USB_STOR_TRANSPORT_ERROR); 265 } 266 267 static int 268 sddr09_send_scsi_command(struct us_data *us, 269 unsigned char *command, 270 unsigned int command_len) { 271 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 272 } 273 274 #if 0 275 /* 276 * Test Unit Ready Command: 12 bytes. 277 * byte 0: opcode: 00 278 */ 279 static int 280 sddr09_test_unit_ready(struct us_data *us) { 281 unsigned char *command = us->iobuf; 282 int result; 283 284 memset(command, 0, 6); 285 command[1] = LUNBITS; 286 287 result = sddr09_send_scsi_command(us, command, 6); 288 289 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 290 291 return result; 292 } 293 #endif 294 295 /* 296 * Request Sense Command: 12 bytes. 297 * byte 0: opcode: 03 298 * byte 4: data length 299 */ 300 static int 301 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 302 unsigned char *command = us->iobuf; 303 int result; 304 305 memset(command, 0, 12); 306 command[0] = 0x03; 307 command[1] = LUNBITS; 308 command[4] = buflen; 309 310 result = sddr09_send_scsi_command(us, command, 12); 311 if (result != USB_STOR_TRANSPORT_GOOD) { 312 US_DEBUGP("request sense failed\n"); 313 return result; 314 } 315 316 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 317 sensebuf, buflen, NULL); 318 if (result != USB_STOR_XFER_GOOD) { 319 US_DEBUGP("request sense bulk in failed\n"); 320 return USB_STOR_TRANSPORT_ERROR; 321 } else { 322 US_DEBUGP("request sense worked\n"); 323 return USB_STOR_TRANSPORT_GOOD; 324 } 325 } 326 327 /* 328 * Read Command: 12 bytes. 329 * byte 0: opcode: E8 330 * byte 1: last two bits: 00: read data, 01: read blockwise control, 331 * 10: read both, 11: read pagewise control. 332 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 333 * bytes 2-5: address (interpretation depends on byte 1, see below) 334 * bytes 10-11: count (idem) 335 * 336 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 337 * A read data command gets data in 512-byte pages. 338 * A read control command gets control in 64-byte chunks. 339 * A read both command gets data+control in 576-byte chunks. 340 * 341 * Blocks are groups of 32 pages, and read blockwise control jumps to the 342 * next block, while read pagewise control jumps to the next page after 343 * reading a group of 64 control bytes. 344 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 345 * 346 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 347 */ 348 349 static int 350 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 351 int nr_of_pages, int bulklen, unsigned char *buf, 352 int use_sg) { 353 354 unsigned char *command = us->iobuf; 355 int result; 356 357 command[0] = 0xE8; 358 command[1] = LUNBITS | x; 359 command[2] = MSB_of(fromaddress>>16); 360 command[3] = LSB_of(fromaddress>>16); 361 command[4] = MSB_of(fromaddress & 0xFFFF); 362 command[5] = LSB_of(fromaddress & 0xFFFF); 363 command[6] = 0; 364 command[7] = 0; 365 command[8] = 0; 366 command[9] = 0; 367 command[10] = MSB_of(nr_of_pages); 368 command[11] = LSB_of(nr_of_pages); 369 370 result = sddr09_send_scsi_command(us, command, 12); 371 372 if (result != USB_STOR_TRANSPORT_GOOD) { 373 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 374 x, result); 375 return result; 376 } 377 378 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 379 buf, bulklen, use_sg, NULL); 380 381 if (result != USB_STOR_XFER_GOOD) { 382 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 383 x, result); 384 return USB_STOR_TRANSPORT_ERROR; 385 } 386 return USB_STOR_TRANSPORT_GOOD; 387 } 388 389 /* 390 * Read Data 391 * 392 * fromaddress counts data shorts: 393 * increasing it by 256 shifts the bytestream by 512 bytes; 394 * the last 8 bits are ignored. 395 * 396 * nr_of_pages counts pages of size (1 << pageshift). 397 */ 398 static int 399 sddr09_read20(struct us_data *us, unsigned long fromaddress, 400 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 401 int bulklen = nr_of_pages << pageshift; 402 403 /* The last 8 bits of fromaddress are ignored. */ 404 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 405 buf, use_sg); 406 } 407 408 /* 409 * Read Blockwise Control 410 * 411 * fromaddress gives the starting position (as in read data; 412 * the last 8 bits are ignored); increasing it by 32*256 shifts 413 * the output stream by 64 bytes. 414 * 415 * count counts control groups of size (1 << controlshift). 416 * For me, controlshift = 6. Is this constant? 417 * 418 * After getting one control group, jump to the next block 419 * (fromaddress += 8192). 420 */ 421 static int 422 sddr09_read21(struct us_data *us, unsigned long fromaddress, 423 int count, int controlshift, unsigned char *buf, int use_sg) { 424 425 int bulklen = (count << controlshift); 426 return sddr09_readX(us, 1, fromaddress, count, bulklen, 427 buf, use_sg); 428 } 429 430 /* 431 * Read both Data and Control 432 * 433 * fromaddress counts data shorts, ignoring control: 434 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 435 * the last 8 bits are ignored. 436 * 437 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 438 */ 439 static int 440 sddr09_read22(struct us_data *us, unsigned long fromaddress, 441 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 442 443 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 444 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 445 nr_of_pages, bulklen); 446 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 447 buf, use_sg); 448 } 449 450 #if 0 451 /* 452 * Read Pagewise Control 453 * 454 * fromaddress gives the starting position (as in read data; 455 * the last 8 bits are ignored); increasing it by 256 shifts 456 * the output stream by 64 bytes. 457 * 458 * count counts control groups of size (1 << controlshift). 459 * For me, controlshift = 6. Is this constant? 460 * 461 * After getting one control group, jump to the next page 462 * (fromaddress += 256). 463 */ 464 static int 465 sddr09_read23(struct us_data *us, unsigned long fromaddress, 466 int count, int controlshift, unsigned char *buf, int use_sg) { 467 468 int bulklen = (count << controlshift); 469 return sddr09_readX(us, 3, fromaddress, count, bulklen, 470 buf, use_sg); 471 } 472 #endif 473 474 /* 475 * Erase Command: 12 bytes. 476 * byte 0: opcode: EA 477 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 478 * 479 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 480 * The byte address being erased is 2*Eaddress. 481 * The CIS cannot be erased. 482 */ 483 static int 484 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 485 unsigned char *command = us->iobuf; 486 int result; 487 488 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 489 490 memset(command, 0, 12); 491 command[0] = 0xEA; 492 command[1] = LUNBITS; 493 command[6] = MSB_of(Eaddress>>16); 494 command[7] = LSB_of(Eaddress>>16); 495 command[8] = MSB_of(Eaddress & 0xFFFF); 496 command[9] = LSB_of(Eaddress & 0xFFFF); 497 498 result = sddr09_send_scsi_command(us, command, 12); 499 500 if (result != USB_STOR_TRANSPORT_GOOD) 501 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 502 result); 503 504 return result; 505 } 506 507 /* 508 * Write CIS Command: 12 bytes. 509 * byte 0: opcode: EE 510 * bytes 2-5: write address in shorts 511 * bytes 10-11: sector count 512 * 513 * This writes at the indicated address. Don't know how it differs 514 * from E9. Maybe it does not erase? However, it will also write to 515 * the CIS. 516 * 517 * When two such commands on the same page follow each other directly, 518 * the second one is not done. 519 */ 520 521 /* 522 * Write Command: 12 bytes. 523 * byte 0: opcode: E9 524 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 525 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 526 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 527 * 528 * If write address equals erase address, the erase is done first, 529 * otherwise the write is done first. When erase address equals zero 530 * no erase is done? 531 */ 532 static int 533 sddr09_writeX(struct us_data *us, 534 unsigned long Waddress, unsigned long Eaddress, 535 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 536 537 unsigned char *command = us->iobuf; 538 int result; 539 540 command[0] = 0xE9; 541 command[1] = LUNBITS; 542 543 command[2] = MSB_of(Waddress>>16); 544 command[3] = LSB_of(Waddress>>16); 545 command[4] = MSB_of(Waddress & 0xFFFF); 546 command[5] = LSB_of(Waddress & 0xFFFF); 547 548 command[6] = MSB_of(Eaddress>>16); 549 command[7] = LSB_of(Eaddress>>16); 550 command[8] = MSB_of(Eaddress & 0xFFFF); 551 command[9] = LSB_of(Eaddress & 0xFFFF); 552 553 command[10] = MSB_of(nr_of_pages); 554 command[11] = LSB_of(nr_of_pages); 555 556 result = sddr09_send_scsi_command(us, command, 12); 557 558 if (result != USB_STOR_TRANSPORT_GOOD) { 559 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 560 result); 561 return result; 562 } 563 564 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 565 buf, bulklen, use_sg, NULL); 566 567 if (result != USB_STOR_XFER_GOOD) { 568 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 569 result); 570 return USB_STOR_TRANSPORT_ERROR; 571 } 572 return USB_STOR_TRANSPORT_GOOD; 573 } 574 575 /* erase address, write same address */ 576 static int 577 sddr09_write_inplace(struct us_data *us, unsigned long address, 578 int nr_of_pages, int pageshift, unsigned char *buf, 579 int use_sg) { 580 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 581 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 582 buf, use_sg); 583 } 584 585 #if 0 586 /* 587 * Read Scatter Gather Command: 3+4n bytes. 588 * byte 0: opcode E7 589 * byte 2: n 590 * bytes 4i-1,4i,4i+1: page address 591 * byte 4i+2: page count 592 * (i=1..n) 593 * 594 * This reads several pages from the card to a single memory buffer. 595 * The last two bits of byte 1 have the same meaning as for E8. 596 */ 597 static int 598 sddr09_read_sg_test_only(struct us_data *us) { 599 unsigned char *command = us->iobuf; 600 int result, bulklen, nsg, ct; 601 unsigned char *buf; 602 unsigned long address; 603 604 nsg = bulklen = 0; 605 command[0] = 0xE7; 606 command[1] = LUNBITS; 607 command[2] = 0; 608 address = 040000; ct = 1; 609 nsg++; 610 bulklen += (ct << 9); 611 command[4*nsg+2] = ct; 612 command[4*nsg+1] = ((address >> 9) & 0xFF); 613 command[4*nsg+0] = ((address >> 17) & 0xFF); 614 command[4*nsg-1] = ((address >> 25) & 0xFF); 615 616 address = 0340000; ct = 1; 617 nsg++; 618 bulklen += (ct << 9); 619 command[4*nsg+2] = ct; 620 command[4*nsg+1] = ((address >> 9) & 0xFF); 621 command[4*nsg+0] = ((address >> 17) & 0xFF); 622 command[4*nsg-1] = ((address >> 25) & 0xFF); 623 624 address = 01000000; ct = 2; 625 nsg++; 626 bulklen += (ct << 9); 627 command[4*nsg+2] = ct; 628 command[4*nsg+1] = ((address >> 9) & 0xFF); 629 command[4*nsg+0] = ((address >> 17) & 0xFF); 630 command[4*nsg-1] = ((address >> 25) & 0xFF); 631 632 command[2] = nsg; 633 634 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 635 636 if (result != USB_STOR_TRANSPORT_GOOD) { 637 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 638 result); 639 return result; 640 } 641 642 buf = (unsigned char *) kmalloc(bulklen, GFP_NOIO); 643 if (!buf) 644 return USB_STOR_TRANSPORT_ERROR; 645 646 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 647 buf, bulklen, NULL); 648 kfree(buf); 649 if (result != USB_STOR_XFER_GOOD) { 650 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 651 result); 652 return USB_STOR_TRANSPORT_ERROR; 653 } 654 655 return USB_STOR_TRANSPORT_GOOD; 656 } 657 #endif 658 659 /* 660 * Read Status Command: 12 bytes. 661 * byte 0: opcode: EC 662 * 663 * Returns 64 bytes, all zero except for the first. 664 * bit 0: 1: Error 665 * bit 5: 1: Suspended 666 * bit 6: 1: Ready 667 * bit 7: 1: Not write-protected 668 */ 669 670 static int 671 sddr09_read_status(struct us_data *us, unsigned char *status) { 672 673 unsigned char *command = us->iobuf; 674 unsigned char *data = us->iobuf; 675 int result; 676 677 US_DEBUGP("Reading status...\n"); 678 679 memset(command, 0, 12); 680 command[0] = 0xEC; 681 command[1] = LUNBITS; 682 683 result = sddr09_send_scsi_command(us, command, 12); 684 if (result != USB_STOR_TRANSPORT_GOOD) 685 return result; 686 687 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 688 data, 64, NULL); 689 *status = data[0]; 690 return (result == USB_STOR_XFER_GOOD ? 691 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 692 } 693 694 static int 695 sddr09_read_data(struct us_data *us, 696 unsigned long address, 697 unsigned int sectors) { 698 699 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 700 unsigned char *buffer; 701 unsigned int lba, maxlba, pba; 702 unsigned int page, pages; 703 unsigned int len, index, offset; 704 int result; 705 706 // Since we only read in one block at a time, we have to create 707 // a bounce buffer and move the data a piece at a time between the 708 // bounce buffer and the actual transfer buffer. 709 710 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 711 buffer = kmalloc(len, GFP_NOIO); 712 if (buffer == NULL) { 713 printk("sddr09_read_data: Out of memory\n"); 714 return USB_STOR_TRANSPORT_ERROR; 715 } 716 717 // Figure out the initial LBA and page 718 lba = address >> info->blockshift; 719 page = (address & info->blockmask); 720 maxlba = info->capacity >> (info->pageshift + info->blockshift); 721 722 // This could be made much more efficient by checking for 723 // contiguous LBA's. Another exercise left to the student. 724 725 result = USB_STOR_TRANSPORT_GOOD; 726 index = offset = 0; 727 728 while (sectors > 0) { 729 730 /* Find number of pages we can read in this block */ 731 pages = min(sectors, info->blocksize - page); 732 len = pages << info->pageshift; 733 734 /* Not overflowing capacity? */ 735 if (lba >= maxlba) { 736 US_DEBUGP("Error: Requested lba %u exceeds " 737 "maximum %u\n", lba, maxlba); 738 result = USB_STOR_TRANSPORT_ERROR; 739 break; 740 } 741 742 /* Find where this lba lives on disk */ 743 pba = info->lba_to_pba[lba]; 744 745 if (pba == UNDEF) { /* this lba was never written */ 746 747 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 748 pages, lba, page); 749 750 /* This is not really an error. It just means 751 that the block has never been written. 752 Instead of returning USB_STOR_TRANSPORT_ERROR 753 it is better to return all zero data. */ 754 755 memset(buffer, 0, len); 756 757 } else { 758 US_DEBUGP("Read %d pages, from PBA %d" 759 " (LBA %d) page %d\n", 760 pages, pba, lba, page); 761 762 address = ((pba << info->blockshift) + page) << 763 info->pageshift; 764 765 result = sddr09_read20(us, address>>1, 766 pages, info->pageshift, buffer, 0); 767 if (result != USB_STOR_TRANSPORT_GOOD) 768 break; 769 } 770 771 // Store the data in the transfer buffer 772 usb_stor_access_xfer_buf(buffer, len, us->srb, 773 &index, &offset, TO_XFER_BUF); 774 775 page = 0; 776 lba++; 777 sectors -= pages; 778 } 779 780 kfree(buffer); 781 return result; 782 } 783 784 static unsigned int 785 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 786 static unsigned int lastpba = 1; 787 int zonestart, end, i; 788 789 zonestart = (lba/1000) << 10; 790 end = info->capacity >> (info->blockshift + info->pageshift); 791 end -= zonestart; 792 if (end > 1024) 793 end = 1024; 794 795 for (i = lastpba+1; i < end; i++) { 796 if (info->pba_to_lba[zonestart+i] == UNDEF) { 797 lastpba = i; 798 return zonestart+i; 799 } 800 } 801 for (i = 0; i <= lastpba; i++) { 802 if (info->pba_to_lba[zonestart+i] == UNDEF) { 803 lastpba = i; 804 return zonestart+i; 805 } 806 } 807 return 0; 808 } 809 810 static int 811 sddr09_write_lba(struct us_data *us, unsigned int lba, 812 unsigned int page, unsigned int pages, 813 unsigned char *ptr, unsigned char *blockbuffer) { 814 815 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 816 unsigned long address; 817 unsigned int pba, lbap; 818 unsigned int pagelen; 819 unsigned char *bptr, *cptr, *xptr; 820 unsigned char ecc[3]; 821 int i, result, isnew; 822 823 lbap = ((lba % 1000) << 1) | 0x1000; 824 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 825 lbap ^= 1; 826 pba = info->lba_to_pba[lba]; 827 isnew = 0; 828 829 if (pba == UNDEF) { 830 pba = sddr09_find_unused_pba(info, lba); 831 if (!pba) { 832 printk("sddr09_write_lba: Out of unused blocks\n"); 833 return USB_STOR_TRANSPORT_ERROR; 834 } 835 info->pba_to_lba[pba] = lba; 836 info->lba_to_pba[lba] = pba; 837 isnew = 1; 838 } 839 840 if (pba == 1) { 841 /* Maybe it is impossible to write to PBA 1. 842 Fake success, but don't do anything. */ 843 printk("sddr09: avoid writing to pba 1\n"); 844 return USB_STOR_TRANSPORT_GOOD; 845 } 846 847 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 848 849 /* read old contents */ 850 address = (pba << (info->pageshift + info->blockshift)); 851 result = sddr09_read22(us, address>>1, info->blocksize, 852 info->pageshift, blockbuffer, 0); 853 if (result != USB_STOR_TRANSPORT_GOOD) 854 return result; 855 856 /* check old contents and fill lba */ 857 for (i = 0; i < info->blocksize; i++) { 858 bptr = blockbuffer + i*pagelen; 859 cptr = bptr + info->pagesize; 860 nand_compute_ecc(bptr, ecc); 861 if (!nand_compare_ecc(cptr+13, ecc)) { 862 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 863 i, pba); 864 nand_store_ecc(cptr+13, ecc); 865 } 866 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 867 if (!nand_compare_ecc(cptr+8, ecc)) { 868 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 869 i, pba); 870 nand_store_ecc(cptr+8, ecc); 871 } 872 cptr[6] = cptr[11] = MSB_of(lbap); 873 cptr[7] = cptr[12] = LSB_of(lbap); 874 } 875 876 /* copy in new stuff and compute ECC */ 877 xptr = ptr; 878 for (i = page; i < page+pages; i++) { 879 bptr = blockbuffer + i*pagelen; 880 cptr = bptr + info->pagesize; 881 memcpy(bptr, xptr, info->pagesize); 882 xptr += info->pagesize; 883 nand_compute_ecc(bptr, ecc); 884 nand_store_ecc(cptr+13, ecc); 885 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 886 nand_store_ecc(cptr+8, ecc); 887 } 888 889 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 890 891 result = sddr09_write_inplace(us, address>>1, info->blocksize, 892 info->pageshift, blockbuffer, 0); 893 894 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 895 896 #if 0 897 { 898 unsigned char status = 0; 899 int result2 = sddr09_read_status(us, &status); 900 if (result2 != USB_STOR_TRANSPORT_GOOD) 901 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 902 else if (status != 0xc0) 903 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 904 status); 905 } 906 #endif 907 908 #if 0 909 { 910 int result2 = sddr09_test_unit_ready(us); 911 } 912 #endif 913 914 return result; 915 } 916 917 static int 918 sddr09_write_data(struct us_data *us, 919 unsigned long address, 920 unsigned int sectors) { 921 922 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 923 unsigned int lba, page, pages; 924 unsigned int pagelen, blocklen; 925 unsigned char *blockbuffer; 926 unsigned char *buffer; 927 unsigned int len, index, offset; 928 int result; 929 930 // blockbuffer is used for reading in the old data, overwriting 931 // with the new data, and performing ECC calculations 932 933 /* TODO: instead of doing kmalloc/kfree for each write, 934 add a bufferpointer to the info structure */ 935 936 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 937 blocklen = (pagelen << info->blockshift); 938 blockbuffer = kmalloc(blocklen, GFP_NOIO); 939 if (!blockbuffer) { 940 printk("sddr09_write_data: Out of memory\n"); 941 return USB_STOR_TRANSPORT_ERROR; 942 } 943 944 // Since we don't write the user data directly to the device, 945 // we have to create a bounce buffer and move the data a piece 946 // at a time between the bounce buffer and the actual transfer buffer. 947 948 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 949 buffer = kmalloc(len, GFP_NOIO); 950 if (buffer == NULL) { 951 printk("sddr09_write_data: Out of memory\n"); 952 kfree(blockbuffer); 953 return USB_STOR_TRANSPORT_ERROR; 954 } 955 956 // Figure out the initial LBA and page 957 lba = address >> info->blockshift; 958 page = (address & info->blockmask); 959 960 result = USB_STOR_TRANSPORT_GOOD; 961 index = offset = 0; 962 963 while (sectors > 0) { 964 965 // Write as many sectors as possible in this block 966 967 pages = min(sectors, info->blocksize - page); 968 len = (pages << info->pageshift); 969 970 // Get the data from the transfer buffer 971 usb_stor_access_xfer_buf(buffer, len, us->srb, 972 &index, &offset, FROM_XFER_BUF); 973 974 result = sddr09_write_lba(us, lba, page, pages, 975 buffer, blockbuffer); 976 if (result != USB_STOR_TRANSPORT_GOOD) 977 break; 978 979 page = 0; 980 lba++; 981 sectors -= pages; 982 } 983 984 kfree(buffer); 985 kfree(blockbuffer); 986 987 return result; 988 } 989 990 static int 991 sddr09_read_control(struct us_data *us, 992 unsigned long address, 993 unsigned int blocks, 994 unsigned char *content, 995 int use_sg) { 996 997 US_DEBUGP("Read control address %lu, blocks %d\n", 998 address, blocks); 999 1000 return sddr09_read21(us, address, blocks, 1001 CONTROL_SHIFT, content, use_sg); 1002 } 1003 1004 /* 1005 * Read Device ID Command: 12 bytes. 1006 * byte 0: opcode: ED 1007 * 1008 * Returns 2 bytes: Manufacturer ID and Device ID. 1009 * On more recent cards 3 bytes: the third byte is an option code A5 1010 * signifying that the secret command to read an 128-bit ID is available. 1011 * On still more recent cards 4 bytes: the fourth byte C0 means that 1012 * a second read ID cmd is available. 1013 */ 1014 static int 1015 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1016 unsigned char *command = us->iobuf; 1017 unsigned char *content = us->iobuf; 1018 int result, i; 1019 1020 memset(command, 0, 12); 1021 command[0] = 0xED; 1022 command[1] = LUNBITS; 1023 1024 result = sddr09_send_scsi_command(us, command, 12); 1025 if (result != USB_STOR_TRANSPORT_GOOD) 1026 return result; 1027 1028 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1029 content, 64, NULL); 1030 1031 for (i = 0; i < 4; i++) 1032 deviceID[i] = content[i]; 1033 1034 return (result == USB_STOR_XFER_GOOD ? 1035 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1036 } 1037 1038 static int 1039 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1040 int result; 1041 unsigned char status; 1042 1043 result = sddr09_read_status(us, &status); 1044 if (result != USB_STOR_TRANSPORT_GOOD) { 1045 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1046 return result; 1047 } 1048 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1049 if ((status & 0x80) == 0) { 1050 info->flags |= SDDR09_WP; /* write protected */ 1051 US_DEBUGP(" WP"); 1052 } 1053 if (status & 0x40) 1054 US_DEBUGP(" Ready"); 1055 if (status & LUNBITS) 1056 US_DEBUGP(" Suspended"); 1057 if (status & 0x1) 1058 US_DEBUGP(" Error"); 1059 US_DEBUGP("\n"); 1060 return USB_STOR_TRANSPORT_GOOD; 1061 } 1062 1063 #if 0 1064 /* 1065 * Reset Command: 12 bytes. 1066 * byte 0: opcode: EB 1067 */ 1068 static int 1069 sddr09_reset(struct us_data *us) { 1070 1071 unsigned char *command = us->iobuf; 1072 1073 memset(command, 0, 12); 1074 command[0] = 0xEB; 1075 command[1] = LUNBITS; 1076 1077 return sddr09_send_scsi_command(us, command, 12); 1078 } 1079 #endif 1080 1081 static struct nand_flash_dev * 1082 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1083 struct nand_flash_dev *cardinfo; 1084 unsigned char deviceID[4]; 1085 char blurbtxt[256]; 1086 int result; 1087 1088 US_DEBUGP("Reading capacity...\n"); 1089 1090 result = sddr09_read_deviceID(us, deviceID); 1091 1092 if (result != USB_STOR_TRANSPORT_GOOD) { 1093 US_DEBUGP("Result of read_deviceID is %d\n", result); 1094 printk("sddr09: could not read card info\n"); 1095 return NULL; 1096 } 1097 1098 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1099 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1100 1101 /* Byte 0 is the manufacturer */ 1102 sprintf(blurbtxt + strlen(blurbtxt), 1103 ": Manuf. %s", 1104 nand_flash_manufacturer(deviceID[0])); 1105 1106 /* Byte 1 is the device type */ 1107 cardinfo = nand_find_id(deviceID[1]); 1108 if (cardinfo) { 1109 /* MB or MiB? It is neither. A 16 MB card has 1110 17301504 raw bytes, of which 16384000 are 1111 usable for user data. */ 1112 sprintf(blurbtxt + strlen(blurbtxt), 1113 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1114 } else { 1115 sprintf(blurbtxt + strlen(blurbtxt), 1116 ", type unrecognized"); 1117 } 1118 1119 /* Byte 2 is code to signal availability of 128-bit ID */ 1120 if (deviceID[2] == 0xa5) { 1121 sprintf(blurbtxt + strlen(blurbtxt), 1122 ", 128-bit ID"); 1123 } 1124 1125 /* Byte 3 announces the availability of another read ID command */ 1126 if (deviceID[3] == 0xc0) { 1127 sprintf(blurbtxt + strlen(blurbtxt), 1128 ", extra cmd"); 1129 } 1130 1131 if (flags & SDDR09_WP) 1132 sprintf(blurbtxt + strlen(blurbtxt), 1133 ", WP"); 1134 1135 printk("%s\n", blurbtxt); 1136 1137 return cardinfo; 1138 } 1139 1140 static int 1141 sddr09_read_map(struct us_data *us) { 1142 1143 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1144 int numblocks, alloc_len, alloc_blocks; 1145 int i, j, result; 1146 unsigned char *buffer, *buffer_end, *ptr; 1147 unsigned int lba, lbact; 1148 1149 if (!info->capacity) 1150 return -1; 1151 1152 // size of a block is 1 << (blockshift + pageshift) bytes 1153 // divide into the total capacity to get the number of blocks 1154 1155 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1156 1157 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1158 // but only use a 64 KB buffer 1159 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1160 #define SDDR09_READ_MAP_BUFSZ 65536 1161 1162 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1163 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1164 buffer = kmalloc(alloc_len, GFP_NOIO); 1165 if (buffer == NULL) { 1166 printk("sddr09_read_map: out of memory\n"); 1167 result = -1; 1168 goto done; 1169 } 1170 buffer_end = buffer + alloc_len; 1171 1172 #undef SDDR09_READ_MAP_BUFSZ 1173 1174 kfree(info->lba_to_pba); 1175 kfree(info->pba_to_lba); 1176 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1177 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1178 1179 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1180 printk("sddr09_read_map: out of memory\n"); 1181 result = -1; 1182 goto done; 1183 } 1184 1185 for (i = 0; i < numblocks; i++) 1186 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1187 1188 /* 1189 * Define lba-pba translation table 1190 */ 1191 1192 ptr = buffer_end; 1193 for (i = 0; i < numblocks; i++) { 1194 ptr += (1 << CONTROL_SHIFT); 1195 if (ptr >= buffer_end) { 1196 unsigned long address; 1197 1198 address = i << (info->pageshift + info->blockshift); 1199 result = sddr09_read_control( 1200 us, address>>1, 1201 min(alloc_blocks, numblocks - i), 1202 buffer, 0); 1203 if (result != USB_STOR_TRANSPORT_GOOD) { 1204 result = -1; 1205 goto done; 1206 } 1207 ptr = buffer; 1208 } 1209 1210 if (i == 0 || i == 1) { 1211 info->pba_to_lba[i] = UNUSABLE; 1212 continue; 1213 } 1214 1215 /* special PBAs have control field 0^16 */ 1216 for (j = 0; j < 16; j++) 1217 if (ptr[j] != 0) 1218 goto nonz; 1219 info->pba_to_lba[i] = UNUSABLE; 1220 printk("sddr09: PBA %d has no logical mapping\n", i); 1221 continue; 1222 1223 nonz: 1224 /* unwritten PBAs have control field FF^16 */ 1225 for (j = 0; j < 16; j++) 1226 if (ptr[j] != 0xff) 1227 goto nonff; 1228 continue; 1229 1230 nonff: 1231 /* normal PBAs start with six FFs */ 1232 if (j < 6) { 1233 printk("sddr09: PBA %d has no logical mapping: " 1234 "reserved area = %02X%02X%02X%02X " 1235 "data status %02X block status %02X\n", 1236 i, ptr[0], ptr[1], ptr[2], ptr[3], 1237 ptr[4], ptr[5]); 1238 info->pba_to_lba[i] = UNUSABLE; 1239 continue; 1240 } 1241 1242 if ((ptr[6] >> 4) != 0x01) { 1243 printk("sddr09: PBA %d has invalid address field " 1244 "%02X%02X/%02X%02X\n", 1245 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1246 info->pba_to_lba[i] = UNUSABLE; 1247 continue; 1248 } 1249 1250 /* check even parity */ 1251 if (parity[ptr[6] ^ ptr[7]]) { 1252 printk("sddr09: Bad parity in LBA for block %d" 1253 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1254 info->pba_to_lba[i] = UNUSABLE; 1255 continue; 1256 } 1257 1258 lba = short_pack(ptr[7], ptr[6]); 1259 lba = (lba & 0x07FF) >> 1; 1260 1261 /* 1262 * Every 1024 physical blocks ("zone"), the LBA numbers 1263 * go back to zero, but are within a higher block of LBA's. 1264 * Also, there is a maximum of 1000 LBA's per zone. 1265 * In other words, in PBA 1024-2047 you will find LBA 0-999 1266 * which are really LBA 1000-1999. This allows for 24 bad 1267 * or special physical blocks per zone. 1268 */ 1269 1270 if (lba >= 1000) { 1271 printk("sddr09: Bad low LBA %d for block %d\n", 1272 lba, i); 1273 goto possibly_erase; 1274 } 1275 1276 lba += 1000*(i/0x400); 1277 1278 if (info->lba_to_pba[lba] != UNDEF) { 1279 printk("sddr09: LBA %d seen for PBA %d and %d\n", 1280 lba, info->lba_to_pba[lba], i); 1281 goto possibly_erase; 1282 } 1283 1284 info->pba_to_lba[i] = lba; 1285 info->lba_to_pba[lba] = i; 1286 continue; 1287 1288 possibly_erase: 1289 if (erase_bad_lba_entries) { 1290 unsigned long address; 1291 1292 address = (i << (info->pageshift + info->blockshift)); 1293 sddr09_erase(us, address>>1); 1294 info->pba_to_lba[i] = UNDEF; 1295 } else 1296 info->pba_to_lba[i] = UNUSABLE; 1297 } 1298 1299 /* 1300 * Approximate capacity. This is not entirely correct yet, 1301 * since a zone with less than 1000 usable pages leads to 1302 * missing LBAs. Especially if it is the last zone, some 1303 * LBAs can be past capacity. 1304 */ 1305 lbact = 0; 1306 for (i = 0; i < numblocks; i += 1024) { 1307 int ct = 0; 1308 1309 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1310 if (info->pba_to_lba[i+j] != UNUSABLE) { 1311 if (ct >= 1000) 1312 info->pba_to_lba[i+j] = SPARE; 1313 else 1314 ct++; 1315 } 1316 } 1317 lbact += ct; 1318 } 1319 info->lbact = lbact; 1320 US_DEBUGP("Found %d LBA's\n", lbact); 1321 result = 0; 1322 1323 done: 1324 if (result != 0) { 1325 kfree(info->lba_to_pba); 1326 kfree(info->pba_to_lba); 1327 info->lba_to_pba = NULL; 1328 info->pba_to_lba = NULL; 1329 } 1330 kfree(buffer); 1331 return result; 1332 } 1333 1334 static void 1335 sddr09_card_info_destructor(void *extra) { 1336 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1337 1338 if (!info) 1339 return; 1340 1341 kfree(info->lba_to_pba); 1342 kfree(info->pba_to_lba); 1343 } 1344 1345 static void 1346 sddr09_init_card_info(struct us_data *us) { 1347 if (!us->extra) { 1348 us->extra = kmalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1349 if (us->extra) { 1350 memset(us->extra, 0, sizeof(struct sddr09_card_info)); 1351 us->extra_destructor = sddr09_card_info_destructor; 1352 } 1353 } 1354 } 1355 1356 /* 1357 * This is needed at a very early stage. If this is not listed in the 1358 * unusual devices list but called from here then LUN 0 of the combo reader 1359 * is not recognized. But I do not know what precisely these calls do. 1360 */ 1361 int 1362 sddr09_init(struct us_data *us) { 1363 int result; 1364 unsigned char *data = us->iobuf; 1365 1366 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1367 if (result != USB_STOR_TRANSPORT_GOOD) { 1368 US_DEBUGP("sddr09_init: send_command fails\n"); 1369 return result; 1370 } 1371 1372 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1373 // get 07 02 1374 1375 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1376 if (result != USB_STOR_TRANSPORT_GOOD) { 1377 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1378 return result; 1379 } 1380 1381 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1382 // get 07 00 1383 1384 result = sddr09_request_sense(us, data, 18); 1385 if (result == USB_STOR_TRANSPORT_GOOD && data[2] != 0) { 1386 int j; 1387 for (j=0; j<18; j++) 1388 printk(" %02X", data[j]); 1389 printk("\n"); 1390 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1391 // 70: current command 1392 // sense key 0, sense code 0, extd sense code 0 1393 // additional transfer length * = sizeof(data) - 7 1394 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1395 // sense key 06, sense code 28: unit attention, 1396 // not ready to ready transition 1397 } 1398 1399 // test unit ready 1400 1401 return USB_STOR_TRANSPORT_GOOD; /* not result */ 1402 } 1403 1404 /* 1405 * Transport for the Sandisk SDDR-09 1406 */ 1407 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1408 { 1409 static unsigned char sensekey = 0, sensecode = 0; 1410 static unsigned char havefakesense = 0; 1411 int result, i; 1412 unsigned char *ptr = us->iobuf; 1413 unsigned long capacity; 1414 unsigned int page, pages; 1415 1416 struct sddr09_card_info *info; 1417 1418 static unsigned char inquiry_response[8] = { 1419 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1420 }; 1421 1422 /* note: no block descriptor support */ 1423 static unsigned char mode_page_01[19] = { 1424 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1425 0x01, 0x0A, 1426 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1427 }; 1428 1429 info = (struct sddr09_card_info *)us->extra; 1430 if (!info) { 1431 nand_init_ecc(); 1432 sddr09_init_card_info(us); 1433 info = (struct sddr09_card_info *)us->extra; 1434 if (!info) 1435 return USB_STOR_TRANSPORT_ERROR; 1436 } 1437 1438 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1439 /* for a faked command, we have to follow with a faked sense */ 1440 memset(ptr, 0, 18); 1441 ptr[0] = 0x70; 1442 ptr[2] = sensekey; 1443 ptr[7] = 11; 1444 ptr[12] = sensecode; 1445 usb_stor_set_xfer_buf(ptr, 18, srb); 1446 sensekey = sensecode = havefakesense = 0; 1447 return USB_STOR_TRANSPORT_GOOD; 1448 } 1449 1450 havefakesense = 1; 1451 1452 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1453 respond to INQUIRY commands */ 1454 1455 if (srb->cmnd[0] == INQUIRY) { 1456 memcpy(ptr, inquiry_response, 8); 1457 fill_inquiry_response(us, ptr, 36); 1458 return USB_STOR_TRANSPORT_GOOD; 1459 } 1460 1461 if (srb->cmnd[0] == READ_CAPACITY) { 1462 struct nand_flash_dev *cardinfo; 1463 1464 sddr09_get_wp(us, info); /* read WP bit */ 1465 1466 cardinfo = sddr09_get_cardinfo(us, info->flags); 1467 if (!cardinfo) { 1468 /* probably no media */ 1469 init_error: 1470 sensekey = 0x02; /* not ready */ 1471 sensecode = 0x3a; /* medium not present */ 1472 return USB_STOR_TRANSPORT_FAILED; 1473 } 1474 1475 info->capacity = (1 << cardinfo->chipshift); 1476 info->pageshift = cardinfo->pageshift; 1477 info->pagesize = (1 << info->pageshift); 1478 info->blockshift = cardinfo->blockshift; 1479 info->blocksize = (1 << info->blockshift); 1480 info->blockmask = info->blocksize - 1; 1481 1482 // map initialization, must follow get_cardinfo() 1483 if (sddr09_read_map(us)) { 1484 /* probably out of memory */ 1485 goto init_error; 1486 } 1487 1488 // Report capacity 1489 1490 capacity = (info->lbact << info->blockshift) - 1; 1491 1492 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1493 1494 // Report page size 1495 1496 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1497 usb_stor_set_xfer_buf(ptr, 8, srb); 1498 1499 return USB_STOR_TRANSPORT_GOOD; 1500 } 1501 1502 if (srb->cmnd[0] == MODE_SENSE_10) { 1503 int modepage = (srb->cmnd[2] & 0x3F); 1504 1505 /* They ask for the Read/Write error recovery page, 1506 or for all pages. */ 1507 /* %% We should check DBD %% */ 1508 if (modepage == 0x01 || modepage == 0x3F) { 1509 US_DEBUGP("SDDR09: Dummy up request for " 1510 "mode page 0x%x\n", modepage); 1511 1512 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1513 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1514 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1515 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1516 return USB_STOR_TRANSPORT_GOOD; 1517 } 1518 1519 sensekey = 0x05; /* illegal request */ 1520 sensecode = 0x24; /* invalid field in CDB */ 1521 return USB_STOR_TRANSPORT_FAILED; 1522 } 1523 1524 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1525 return USB_STOR_TRANSPORT_GOOD; 1526 1527 havefakesense = 0; 1528 1529 if (srb->cmnd[0] == READ_10) { 1530 1531 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1532 page <<= 16; 1533 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1534 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1535 1536 US_DEBUGP("READ_10: read page %d pagect %d\n", 1537 page, pages); 1538 1539 return sddr09_read_data(us, page, pages); 1540 } 1541 1542 if (srb->cmnd[0] == WRITE_10) { 1543 1544 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1545 page <<= 16; 1546 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1547 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1548 1549 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1550 page, pages); 1551 1552 return sddr09_write_data(us, page, pages); 1553 } 1554 1555 /* catch-all for all other commands, except 1556 * pass TEST_UNIT_READY and REQUEST_SENSE through 1557 */ 1558 if (srb->cmnd[0] != TEST_UNIT_READY && 1559 srb->cmnd[0] != REQUEST_SENSE) { 1560 sensekey = 0x05; /* illegal request */ 1561 sensecode = 0x20; /* invalid command */ 1562 havefakesense = 1; 1563 return USB_STOR_TRANSPORT_FAILED; 1564 } 1565 1566 for (; srb->cmd_len<12; srb->cmd_len++) 1567 srb->cmnd[srb->cmd_len] = 0; 1568 1569 srb->cmnd[1] = LUNBITS; 1570 1571 ptr[0] = 0; 1572 for (i=0; i<12; i++) 1573 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1574 1575 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1576 1577 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1578 if (result != USB_STOR_TRANSPORT_GOOD) { 1579 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1580 "returns %d\n", result); 1581 return result; 1582 } 1583 1584 if (srb->request_bufflen == 0) 1585 return USB_STOR_TRANSPORT_GOOD; 1586 1587 if (srb->sc_data_direction == DMA_TO_DEVICE || 1588 srb->sc_data_direction == DMA_FROM_DEVICE) { 1589 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1590 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1591 1592 US_DEBUGP("SDDR09: %s %d bytes\n", 1593 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1594 "sending" : "receiving", 1595 srb->request_bufflen); 1596 1597 result = usb_stor_bulk_transfer_sg(us, pipe, 1598 srb->request_buffer, 1599 srb->request_bufflen, 1600 srb->use_sg, &srb->resid); 1601 1602 return (result == USB_STOR_XFER_GOOD ? 1603 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1604 } 1605 1606 return USB_STOR_TRANSPORT_GOOD; 1607 } 1608 1609