1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/slab.h> 45 46 #include <scsi/scsi.h> 47 #include <scsi/scsi_cmnd.h> 48 #include <scsi/scsi_device.h> 49 50 #include "usb.h" 51 #include "transport.h" 52 #include "protocol.h" 53 #include "debug.h" 54 #include "sddr09.h" 55 56 57 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 58 #define LSB_of(s) ((s)&0xFF) 59 #define MSB_of(s) ((s)>>8) 60 61 /* #define US_DEBUGP printk */ 62 63 /* 64 * First some stuff that does not belong here: 65 * data on SmartMedia and other cards, completely 66 * unrelated to this driver. 67 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 68 */ 69 70 struct nand_flash_dev { 71 int model_id; 72 int chipshift; /* 1<<cs bytes total capacity */ 73 char pageshift; /* 1<<ps bytes in a page */ 74 char blockshift; /* 1<<bs pages in an erase block */ 75 char zoneshift; /* 1<<zs blocks in a zone */ 76 /* # of logical blocks is 125/128 of this */ 77 char pageadrlen; /* length of an address in bytes - 1 */ 78 }; 79 80 /* 81 * NAND Flash Manufacturer ID Codes 82 */ 83 #define NAND_MFR_AMD 0x01 84 #define NAND_MFR_NATSEMI 0x8f 85 #define NAND_MFR_TOSHIBA 0x98 86 #define NAND_MFR_SAMSUNG 0xec 87 88 static inline char *nand_flash_manufacturer(int manuf_id) { 89 switch(manuf_id) { 90 case NAND_MFR_AMD: 91 return "AMD"; 92 case NAND_MFR_NATSEMI: 93 return "NATSEMI"; 94 case NAND_MFR_TOSHIBA: 95 return "Toshiba"; 96 case NAND_MFR_SAMSUNG: 97 return "Samsung"; 98 default: 99 return "unknown"; 100 } 101 } 102 103 /* 104 * It looks like it is unnecessary to attach manufacturer to the 105 * remaining data: SSFDC prescribes manufacturer-independent id codes. 106 * 107 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 108 */ 109 110 static struct nand_flash_dev nand_flash_ids[] = { 111 /* NAND flash */ 112 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 113 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 114 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 115 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 116 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 117 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 118 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 119 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 120 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 121 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 122 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 123 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 124 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 125 126 /* MASK ROM */ 127 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 128 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 129 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 130 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 131 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 132 { 0,} 133 }; 134 135 static struct nand_flash_dev * 136 nand_find_id(unsigned char id) { 137 int i; 138 139 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 140 if (nand_flash_ids[i].model_id == id) 141 return &(nand_flash_ids[i]); 142 return NULL; 143 } 144 145 /* 146 * ECC computation. 147 */ 148 static unsigned char parity[256]; 149 static unsigned char ecc2[256]; 150 151 static void nand_init_ecc(void) { 152 int i, j, a; 153 154 parity[0] = 0; 155 for (i = 1; i < 256; i++) 156 parity[i] = (parity[i&(i-1)] ^ 1); 157 158 for (i = 0; i < 256; i++) { 159 a = 0; 160 for (j = 0; j < 8; j++) { 161 if (i & (1<<j)) { 162 if ((j & 1) == 0) 163 a ^= 0x04; 164 if ((j & 2) == 0) 165 a ^= 0x10; 166 if ((j & 4) == 0) 167 a ^= 0x40; 168 } 169 } 170 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 171 } 172 } 173 174 /* compute 3-byte ecc on 256 bytes */ 175 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 176 int i, j, a; 177 unsigned char par, bit, bits[8]; 178 179 par = 0; 180 for (j = 0; j < 8; j++) 181 bits[j] = 0; 182 183 /* collect 16 checksum bits */ 184 for (i = 0; i < 256; i++) { 185 par ^= data[i]; 186 bit = parity[data[i]]; 187 for (j = 0; j < 8; j++) 188 if ((i & (1<<j)) == 0) 189 bits[j] ^= bit; 190 } 191 192 /* put 4+4+4 = 12 bits in the ecc */ 193 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 194 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 195 196 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 197 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 198 199 ecc[2] = ecc2[par]; 200 } 201 202 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 203 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 204 } 205 206 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 207 memcpy(data, ecc, 3); 208 } 209 210 /* 211 * The actual driver starts here. 212 */ 213 214 struct sddr09_card_info { 215 unsigned long capacity; /* Size of card in bytes */ 216 int pagesize; /* Size of page in bytes */ 217 int pageshift; /* log2 of pagesize */ 218 int blocksize; /* Size of block in pages */ 219 int blockshift; /* log2 of blocksize */ 220 int blockmask; /* 2^blockshift - 1 */ 221 int *lba_to_pba; /* logical to physical map */ 222 int *pba_to_lba; /* physical to logical map */ 223 int lbact; /* number of available pages */ 224 int flags; 225 #define SDDR09_WP 1 /* write protected */ 226 }; 227 228 /* 229 * On my 16MB card, control blocks have size 64 (16 real control bytes, 230 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 231 * so the reader makes up the remaining 48. Don't know whether these numbers 232 * depend on the card. For now a constant. 233 */ 234 #define CONTROL_SHIFT 6 235 236 /* 237 * On my Combo CF/SM reader, the SM reader has LUN 1. 238 * (and things fail with LUN 0). 239 * It seems LUN is irrelevant for others. 240 */ 241 #define LUN 1 242 #define LUNBITS (LUN << 5) 243 244 /* 245 * LBA and PBA are unsigned ints. Special values. 246 */ 247 #define UNDEF 0xffffffff 248 #define SPARE 0xfffffffe 249 #define UNUSABLE 0xfffffffd 250 251 static const int erase_bad_lba_entries = 0; 252 253 /* send vendor interface command (0x41) */ 254 /* called for requests 0, 1, 8 */ 255 static int 256 sddr09_send_command(struct us_data *us, 257 unsigned char request, 258 unsigned char direction, 259 unsigned char *xfer_data, 260 unsigned int xfer_len) { 261 unsigned int pipe; 262 unsigned char requesttype = (0x41 | direction); 263 int rc; 264 265 // Get the receive or send control pipe number 266 267 if (direction == USB_DIR_IN) 268 pipe = us->recv_ctrl_pipe; 269 else 270 pipe = us->send_ctrl_pipe; 271 272 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 273 0, 0, xfer_data, xfer_len); 274 switch (rc) { 275 case USB_STOR_XFER_GOOD: return 0; 276 case USB_STOR_XFER_STALLED: return -EPIPE; 277 default: return -EIO; 278 } 279 } 280 281 static int 282 sddr09_send_scsi_command(struct us_data *us, 283 unsigned char *command, 284 unsigned int command_len) { 285 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 286 } 287 288 #if 0 289 /* 290 * Test Unit Ready Command: 12 bytes. 291 * byte 0: opcode: 00 292 */ 293 static int 294 sddr09_test_unit_ready(struct us_data *us) { 295 unsigned char *command = us->iobuf; 296 int result; 297 298 memset(command, 0, 6); 299 command[1] = LUNBITS; 300 301 result = sddr09_send_scsi_command(us, command, 6); 302 303 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 304 305 return result; 306 } 307 #endif 308 309 /* 310 * Request Sense Command: 12 bytes. 311 * byte 0: opcode: 03 312 * byte 4: data length 313 */ 314 static int 315 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 316 unsigned char *command = us->iobuf; 317 int result; 318 319 memset(command, 0, 12); 320 command[0] = 0x03; 321 command[1] = LUNBITS; 322 command[4] = buflen; 323 324 result = sddr09_send_scsi_command(us, command, 12); 325 if (result) 326 return result; 327 328 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 329 sensebuf, buflen, NULL); 330 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 331 } 332 333 /* 334 * Read Command: 12 bytes. 335 * byte 0: opcode: E8 336 * byte 1: last two bits: 00: read data, 01: read blockwise control, 337 * 10: read both, 11: read pagewise control. 338 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 339 * bytes 2-5: address (interpretation depends on byte 1, see below) 340 * bytes 10-11: count (idem) 341 * 342 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 343 * A read data command gets data in 512-byte pages. 344 * A read control command gets control in 64-byte chunks. 345 * A read both command gets data+control in 576-byte chunks. 346 * 347 * Blocks are groups of 32 pages, and read blockwise control jumps to the 348 * next block, while read pagewise control jumps to the next page after 349 * reading a group of 64 control bytes. 350 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 351 * 352 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 353 */ 354 355 static int 356 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 357 int nr_of_pages, int bulklen, unsigned char *buf, 358 int use_sg) { 359 360 unsigned char *command = us->iobuf; 361 int result; 362 363 command[0] = 0xE8; 364 command[1] = LUNBITS | x; 365 command[2] = MSB_of(fromaddress>>16); 366 command[3] = LSB_of(fromaddress>>16); 367 command[4] = MSB_of(fromaddress & 0xFFFF); 368 command[5] = LSB_of(fromaddress & 0xFFFF); 369 command[6] = 0; 370 command[7] = 0; 371 command[8] = 0; 372 command[9] = 0; 373 command[10] = MSB_of(nr_of_pages); 374 command[11] = LSB_of(nr_of_pages); 375 376 result = sddr09_send_scsi_command(us, command, 12); 377 378 if (result) { 379 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 380 x, result); 381 return result; 382 } 383 384 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 385 buf, bulklen, use_sg, NULL); 386 387 if (result != USB_STOR_XFER_GOOD) { 388 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 389 x, result); 390 return -EIO; 391 } 392 return 0; 393 } 394 395 /* 396 * Read Data 397 * 398 * fromaddress counts data shorts: 399 * increasing it by 256 shifts the bytestream by 512 bytes; 400 * the last 8 bits are ignored. 401 * 402 * nr_of_pages counts pages of size (1 << pageshift). 403 */ 404 static int 405 sddr09_read20(struct us_data *us, unsigned long fromaddress, 406 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 407 int bulklen = nr_of_pages << pageshift; 408 409 /* The last 8 bits of fromaddress are ignored. */ 410 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 411 buf, use_sg); 412 } 413 414 /* 415 * Read Blockwise Control 416 * 417 * fromaddress gives the starting position (as in read data; 418 * the last 8 bits are ignored); increasing it by 32*256 shifts 419 * the output stream by 64 bytes. 420 * 421 * count counts control groups of size (1 << controlshift). 422 * For me, controlshift = 6. Is this constant? 423 * 424 * After getting one control group, jump to the next block 425 * (fromaddress += 8192). 426 */ 427 static int 428 sddr09_read21(struct us_data *us, unsigned long fromaddress, 429 int count, int controlshift, unsigned char *buf, int use_sg) { 430 431 int bulklen = (count << controlshift); 432 return sddr09_readX(us, 1, fromaddress, count, bulklen, 433 buf, use_sg); 434 } 435 436 /* 437 * Read both Data and Control 438 * 439 * fromaddress counts data shorts, ignoring control: 440 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 441 * the last 8 bits are ignored. 442 * 443 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 444 */ 445 static int 446 sddr09_read22(struct us_data *us, unsigned long fromaddress, 447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 448 449 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 450 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 451 nr_of_pages, bulklen); 452 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 453 buf, use_sg); 454 } 455 456 #if 0 457 /* 458 * Read Pagewise Control 459 * 460 * fromaddress gives the starting position (as in read data; 461 * the last 8 bits are ignored); increasing it by 256 shifts 462 * the output stream by 64 bytes. 463 * 464 * count counts control groups of size (1 << controlshift). 465 * For me, controlshift = 6. Is this constant? 466 * 467 * After getting one control group, jump to the next page 468 * (fromaddress += 256). 469 */ 470 static int 471 sddr09_read23(struct us_data *us, unsigned long fromaddress, 472 int count, int controlshift, unsigned char *buf, int use_sg) { 473 474 int bulklen = (count << controlshift); 475 return sddr09_readX(us, 3, fromaddress, count, bulklen, 476 buf, use_sg); 477 } 478 #endif 479 480 /* 481 * Erase Command: 12 bytes. 482 * byte 0: opcode: EA 483 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 484 * 485 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 486 * The byte address being erased is 2*Eaddress. 487 * The CIS cannot be erased. 488 */ 489 static int 490 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 491 unsigned char *command = us->iobuf; 492 int result; 493 494 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 495 496 memset(command, 0, 12); 497 command[0] = 0xEA; 498 command[1] = LUNBITS; 499 command[6] = MSB_of(Eaddress>>16); 500 command[7] = LSB_of(Eaddress>>16); 501 command[8] = MSB_of(Eaddress & 0xFFFF); 502 command[9] = LSB_of(Eaddress & 0xFFFF); 503 504 result = sddr09_send_scsi_command(us, command, 12); 505 506 if (result) 507 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 508 result); 509 510 return result; 511 } 512 513 /* 514 * Write CIS Command: 12 bytes. 515 * byte 0: opcode: EE 516 * bytes 2-5: write address in shorts 517 * bytes 10-11: sector count 518 * 519 * This writes at the indicated address. Don't know how it differs 520 * from E9. Maybe it does not erase? However, it will also write to 521 * the CIS. 522 * 523 * When two such commands on the same page follow each other directly, 524 * the second one is not done. 525 */ 526 527 /* 528 * Write Command: 12 bytes. 529 * byte 0: opcode: E9 530 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 531 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 532 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 533 * 534 * If write address equals erase address, the erase is done first, 535 * otherwise the write is done first. When erase address equals zero 536 * no erase is done? 537 */ 538 static int 539 sddr09_writeX(struct us_data *us, 540 unsigned long Waddress, unsigned long Eaddress, 541 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 542 543 unsigned char *command = us->iobuf; 544 int result; 545 546 command[0] = 0xE9; 547 command[1] = LUNBITS; 548 549 command[2] = MSB_of(Waddress>>16); 550 command[3] = LSB_of(Waddress>>16); 551 command[4] = MSB_of(Waddress & 0xFFFF); 552 command[5] = LSB_of(Waddress & 0xFFFF); 553 554 command[6] = MSB_of(Eaddress>>16); 555 command[7] = LSB_of(Eaddress>>16); 556 command[8] = MSB_of(Eaddress & 0xFFFF); 557 command[9] = LSB_of(Eaddress & 0xFFFF); 558 559 command[10] = MSB_of(nr_of_pages); 560 command[11] = LSB_of(nr_of_pages); 561 562 result = sddr09_send_scsi_command(us, command, 12); 563 564 if (result) { 565 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 566 result); 567 return result; 568 } 569 570 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 571 buf, bulklen, use_sg, NULL); 572 573 if (result != USB_STOR_XFER_GOOD) { 574 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 575 result); 576 return -EIO; 577 } 578 return 0; 579 } 580 581 /* erase address, write same address */ 582 static int 583 sddr09_write_inplace(struct us_data *us, unsigned long address, 584 int nr_of_pages, int pageshift, unsigned char *buf, 585 int use_sg) { 586 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 587 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 588 buf, use_sg); 589 } 590 591 #if 0 592 /* 593 * Read Scatter Gather Command: 3+4n bytes. 594 * byte 0: opcode E7 595 * byte 2: n 596 * bytes 4i-1,4i,4i+1: page address 597 * byte 4i+2: page count 598 * (i=1..n) 599 * 600 * This reads several pages from the card to a single memory buffer. 601 * The last two bits of byte 1 have the same meaning as for E8. 602 */ 603 static int 604 sddr09_read_sg_test_only(struct us_data *us) { 605 unsigned char *command = us->iobuf; 606 int result, bulklen, nsg, ct; 607 unsigned char *buf; 608 unsigned long address; 609 610 nsg = bulklen = 0; 611 command[0] = 0xE7; 612 command[1] = LUNBITS; 613 command[2] = 0; 614 address = 040000; ct = 1; 615 nsg++; 616 bulklen += (ct << 9); 617 command[4*nsg+2] = ct; 618 command[4*nsg+1] = ((address >> 9) & 0xFF); 619 command[4*nsg+0] = ((address >> 17) & 0xFF); 620 command[4*nsg-1] = ((address >> 25) & 0xFF); 621 622 address = 0340000; ct = 1; 623 nsg++; 624 bulklen += (ct << 9); 625 command[4*nsg+2] = ct; 626 command[4*nsg+1] = ((address >> 9) & 0xFF); 627 command[4*nsg+0] = ((address >> 17) & 0xFF); 628 command[4*nsg-1] = ((address >> 25) & 0xFF); 629 630 address = 01000000; ct = 2; 631 nsg++; 632 bulklen += (ct << 9); 633 command[4*nsg+2] = ct; 634 command[4*nsg+1] = ((address >> 9) & 0xFF); 635 command[4*nsg+0] = ((address >> 17) & 0xFF); 636 command[4*nsg-1] = ((address >> 25) & 0xFF); 637 638 command[2] = nsg; 639 640 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 641 642 if (result) { 643 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 644 result); 645 return result; 646 } 647 648 buf = kmalloc(bulklen, GFP_NOIO); 649 if (!buf) 650 return -ENOMEM; 651 652 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 653 buf, bulklen, NULL); 654 kfree(buf); 655 if (result != USB_STOR_XFER_GOOD) { 656 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 657 result); 658 return -EIO; 659 } 660 661 return 0; 662 } 663 #endif 664 665 /* 666 * Read Status Command: 12 bytes. 667 * byte 0: opcode: EC 668 * 669 * Returns 64 bytes, all zero except for the first. 670 * bit 0: 1: Error 671 * bit 5: 1: Suspended 672 * bit 6: 1: Ready 673 * bit 7: 1: Not write-protected 674 */ 675 676 static int 677 sddr09_read_status(struct us_data *us, unsigned char *status) { 678 679 unsigned char *command = us->iobuf; 680 unsigned char *data = us->iobuf; 681 int result; 682 683 US_DEBUGP("Reading status...\n"); 684 685 memset(command, 0, 12); 686 command[0] = 0xEC; 687 command[1] = LUNBITS; 688 689 result = sddr09_send_scsi_command(us, command, 12); 690 if (result) 691 return result; 692 693 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 694 data, 64, NULL); 695 *status = data[0]; 696 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 697 } 698 699 static int 700 sddr09_read_data(struct us_data *us, 701 unsigned long address, 702 unsigned int sectors) { 703 704 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 705 unsigned char *buffer; 706 unsigned int lba, maxlba, pba; 707 unsigned int page, pages; 708 unsigned int len, offset; 709 struct scatterlist *sg; 710 int result; 711 712 // Figure out the initial LBA and page 713 lba = address >> info->blockshift; 714 page = (address & info->blockmask); 715 maxlba = info->capacity >> (info->pageshift + info->blockshift); 716 if (lba >= maxlba) 717 return -EIO; 718 719 // Since we only read in one block at a time, we have to create 720 // a bounce buffer and move the data a piece at a time between the 721 // bounce buffer and the actual transfer buffer. 722 723 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 724 buffer = kmalloc(len, GFP_NOIO); 725 if (buffer == NULL) { 726 printk(KERN_WARNING "sddr09_read_data: Out of memory\n"); 727 return -ENOMEM; 728 } 729 730 // This could be made much more efficient by checking for 731 // contiguous LBA's. Another exercise left to the student. 732 733 result = 0; 734 offset = 0; 735 sg = NULL; 736 737 while (sectors > 0) { 738 739 /* Find number of pages we can read in this block */ 740 pages = min(sectors, info->blocksize - page); 741 len = pages << info->pageshift; 742 743 /* Not overflowing capacity? */ 744 if (lba >= maxlba) { 745 US_DEBUGP("Error: Requested lba %u exceeds " 746 "maximum %u\n", lba, maxlba); 747 result = -EIO; 748 break; 749 } 750 751 /* Find where this lba lives on disk */ 752 pba = info->lba_to_pba[lba]; 753 754 if (pba == UNDEF) { /* this lba was never written */ 755 756 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 757 pages, lba, page); 758 759 /* This is not really an error. It just means 760 that the block has never been written. 761 Instead of returning an error 762 it is better to return all zero data. */ 763 764 memset(buffer, 0, len); 765 766 } else { 767 US_DEBUGP("Read %d pages, from PBA %d" 768 " (LBA %d) page %d\n", 769 pages, pba, lba, page); 770 771 address = ((pba << info->blockshift) + page) << 772 info->pageshift; 773 774 result = sddr09_read20(us, address>>1, 775 pages, info->pageshift, buffer, 0); 776 if (result) 777 break; 778 } 779 780 // Store the data in the transfer buffer 781 usb_stor_access_xfer_buf(buffer, len, us->srb, 782 &sg, &offset, TO_XFER_BUF); 783 784 page = 0; 785 lba++; 786 sectors -= pages; 787 } 788 789 kfree(buffer); 790 return result; 791 } 792 793 static unsigned int 794 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 795 static unsigned int lastpba = 1; 796 int zonestart, end, i; 797 798 zonestart = (lba/1000) << 10; 799 end = info->capacity >> (info->blockshift + info->pageshift); 800 end -= zonestart; 801 if (end > 1024) 802 end = 1024; 803 804 for (i = lastpba+1; i < end; i++) { 805 if (info->pba_to_lba[zonestart+i] == UNDEF) { 806 lastpba = i; 807 return zonestart+i; 808 } 809 } 810 for (i = 0; i <= lastpba; i++) { 811 if (info->pba_to_lba[zonestart+i] == UNDEF) { 812 lastpba = i; 813 return zonestart+i; 814 } 815 } 816 return 0; 817 } 818 819 static int 820 sddr09_write_lba(struct us_data *us, unsigned int lba, 821 unsigned int page, unsigned int pages, 822 unsigned char *ptr, unsigned char *blockbuffer) { 823 824 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 825 unsigned long address; 826 unsigned int pba, lbap; 827 unsigned int pagelen; 828 unsigned char *bptr, *cptr, *xptr; 829 unsigned char ecc[3]; 830 int i, result, isnew; 831 832 lbap = ((lba % 1000) << 1) | 0x1000; 833 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 834 lbap ^= 1; 835 pba = info->lba_to_pba[lba]; 836 isnew = 0; 837 838 if (pba == UNDEF) { 839 pba = sddr09_find_unused_pba(info, lba); 840 if (!pba) { 841 printk(KERN_WARNING 842 "sddr09_write_lba: Out of unused blocks\n"); 843 return -ENOSPC; 844 } 845 info->pba_to_lba[pba] = lba; 846 info->lba_to_pba[lba] = pba; 847 isnew = 1; 848 } 849 850 if (pba == 1) { 851 /* Maybe it is impossible to write to PBA 1. 852 Fake success, but don't do anything. */ 853 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 854 return 0; 855 } 856 857 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 858 859 /* read old contents */ 860 address = (pba << (info->pageshift + info->blockshift)); 861 result = sddr09_read22(us, address>>1, info->blocksize, 862 info->pageshift, blockbuffer, 0); 863 if (result) 864 return result; 865 866 /* check old contents and fill lba */ 867 for (i = 0; i < info->blocksize; i++) { 868 bptr = blockbuffer + i*pagelen; 869 cptr = bptr + info->pagesize; 870 nand_compute_ecc(bptr, ecc); 871 if (!nand_compare_ecc(cptr+13, ecc)) { 872 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 873 i, pba); 874 nand_store_ecc(cptr+13, ecc); 875 } 876 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 877 if (!nand_compare_ecc(cptr+8, ecc)) { 878 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 879 i, pba); 880 nand_store_ecc(cptr+8, ecc); 881 } 882 cptr[6] = cptr[11] = MSB_of(lbap); 883 cptr[7] = cptr[12] = LSB_of(lbap); 884 } 885 886 /* copy in new stuff and compute ECC */ 887 xptr = ptr; 888 for (i = page; i < page+pages; i++) { 889 bptr = blockbuffer + i*pagelen; 890 cptr = bptr + info->pagesize; 891 memcpy(bptr, xptr, info->pagesize); 892 xptr += info->pagesize; 893 nand_compute_ecc(bptr, ecc); 894 nand_store_ecc(cptr+13, ecc); 895 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 896 nand_store_ecc(cptr+8, ecc); 897 } 898 899 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 900 901 result = sddr09_write_inplace(us, address>>1, info->blocksize, 902 info->pageshift, blockbuffer, 0); 903 904 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 905 906 #if 0 907 { 908 unsigned char status = 0; 909 int result2 = sddr09_read_status(us, &status); 910 if (result2) 911 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 912 else if (status != 0xc0) 913 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 914 status); 915 } 916 #endif 917 918 #if 0 919 { 920 int result2 = sddr09_test_unit_ready(us); 921 } 922 #endif 923 924 return result; 925 } 926 927 static int 928 sddr09_write_data(struct us_data *us, 929 unsigned long address, 930 unsigned int sectors) { 931 932 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 933 unsigned int lba, maxlba, page, pages; 934 unsigned int pagelen, blocklen; 935 unsigned char *blockbuffer; 936 unsigned char *buffer; 937 unsigned int len, offset; 938 struct scatterlist *sg; 939 int result; 940 941 // Figure out the initial LBA and page 942 lba = address >> info->blockshift; 943 page = (address & info->blockmask); 944 maxlba = info->capacity >> (info->pageshift + info->blockshift); 945 if (lba >= maxlba) 946 return -EIO; 947 948 // blockbuffer is used for reading in the old data, overwriting 949 // with the new data, and performing ECC calculations 950 951 /* TODO: instead of doing kmalloc/kfree for each write, 952 add a bufferpointer to the info structure */ 953 954 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 955 blocklen = (pagelen << info->blockshift); 956 blockbuffer = kmalloc(blocklen, GFP_NOIO); 957 if (!blockbuffer) { 958 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 959 return -ENOMEM; 960 } 961 962 // Since we don't write the user data directly to the device, 963 // we have to create a bounce buffer and move the data a piece 964 // at a time between the bounce buffer and the actual transfer buffer. 965 966 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 967 buffer = kmalloc(len, GFP_NOIO); 968 if (buffer == NULL) { 969 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 970 kfree(blockbuffer); 971 return -ENOMEM; 972 } 973 974 result = 0; 975 offset = 0; 976 sg = NULL; 977 978 while (sectors > 0) { 979 980 // Write as many sectors as possible in this block 981 982 pages = min(sectors, info->blocksize - page); 983 len = (pages << info->pageshift); 984 985 /* Not overflowing capacity? */ 986 if (lba >= maxlba) { 987 US_DEBUGP("Error: Requested lba %u exceeds " 988 "maximum %u\n", lba, maxlba); 989 result = -EIO; 990 break; 991 } 992 993 // Get the data from the transfer buffer 994 usb_stor_access_xfer_buf(buffer, len, us->srb, 995 &sg, &offset, FROM_XFER_BUF); 996 997 result = sddr09_write_lba(us, lba, page, pages, 998 buffer, blockbuffer); 999 if (result) 1000 break; 1001 1002 page = 0; 1003 lba++; 1004 sectors -= pages; 1005 } 1006 1007 kfree(buffer); 1008 kfree(blockbuffer); 1009 1010 return result; 1011 } 1012 1013 static int 1014 sddr09_read_control(struct us_data *us, 1015 unsigned long address, 1016 unsigned int blocks, 1017 unsigned char *content, 1018 int use_sg) { 1019 1020 US_DEBUGP("Read control address %lu, blocks %d\n", 1021 address, blocks); 1022 1023 return sddr09_read21(us, address, blocks, 1024 CONTROL_SHIFT, content, use_sg); 1025 } 1026 1027 /* 1028 * Read Device ID Command: 12 bytes. 1029 * byte 0: opcode: ED 1030 * 1031 * Returns 2 bytes: Manufacturer ID and Device ID. 1032 * On more recent cards 3 bytes: the third byte is an option code A5 1033 * signifying that the secret command to read an 128-bit ID is available. 1034 * On still more recent cards 4 bytes: the fourth byte C0 means that 1035 * a second read ID cmd is available. 1036 */ 1037 static int 1038 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1039 unsigned char *command = us->iobuf; 1040 unsigned char *content = us->iobuf; 1041 int result, i; 1042 1043 memset(command, 0, 12); 1044 command[0] = 0xED; 1045 command[1] = LUNBITS; 1046 1047 result = sddr09_send_scsi_command(us, command, 12); 1048 if (result) 1049 return result; 1050 1051 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1052 content, 64, NULL); 1053 1054 for (i = 0; i < 4; i++) 1055 deviceID[i] = content[i]; 1056 1057 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1058 } 1059 1060 static int 1061 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1062 int result; 1063 unsigned char status; 1064 1065 result = sddr09_read_status(us, &status); 1066 if (result) { 1067 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1068 return result; 1069 } 1070 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1071 if ((status & 0x80) == 0) { 1072 info->flags |= SDDR09_WP; /* write protected */ 1073 US_DEBUGP(" WP"); 1074 } 1075 if (status & 0x40) 1076 US_DEBUGP(" Ready"); 1077 if (status & LUNBITS) 1078 US_DEBUGP(" Suspended"); 1079 if (status & 0x1) 1080 US_DEBUGP(" Error"); 1081 US_DEBUGP("\n"); 1082 return 0; 1083 } 1084 1085 #if 0 1086 /* 1087 * Reset Command: 12 bytes. 1088 * byte 0: opcode: EB 1089 */ 1090 static int 1091 sddr09_reset(struct us_data *us) { 1092 1093 unsigned char *command = us->iobuf; 1094 1095 memset(command, 0, 12); 1096 command[0] = 0xEB; 1097 command[1] = LUNBITS; 1098 1099 return sddr09_send_scsi_command(us, command, 12); 1100 } 1101 #endif 1102 1103 static struct nand_flash_dev * 1104 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1105 struct nand_flash_dev *cardinfo; 1106 unsigned char deviceID[4]; 1107 char blurbtxt[256]; 1108 int result; 1109 1110 US_DEBUGP("Reading capacity...\n"); 1111 1112 result = sddr09_read_deviceID(us, deviceID); 1113 1114 if (result) { 1115 US_DEBUGP("Result of read_deviceID is %d\n", result); 1116 printk(KERN_WARNING "sddr09: could not read card info\n"); 1117 return NULL; 1118 } 1119 1120 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1121 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1122 1123 /* Byte 0 is the manufacturer */ 1124 sprintf(blurbtxt + strlen(blurbtxt), 1125 ": Manuf. %s", 1126 nand_flash_manufacturer(deviceID[0])); 1127 1128 /* Byte 1 is the device type */ 1129 cardinfo = nand_find_id(deviceID[1]); 1130 if (cardinfo) { 1131 /* MB or MiB? It is neither. A 16 MB card has 1132 17301504 raw bytes, of which 16384000 are 1133 usable for user data. */ 1134 sprintf(blurbtxt + strlen(blurbtxt), 1135 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1136 } else { 1137 sprintf(blurbtxt + strlen(blurbtxt), 1138 ", type unrecognized"); 1139 } 1140 1141 /* Byte 2 is code to signal availability of 128-bit ID */ 1142 if (deviceID[2] == 0xa5) { 1143 sprintf(blurbtxt + strlen(blurbtxt), 1144 ", 128-bit ID"); 1145 } 1146 1147 /* Byte 3 announces the availability of another read ID command */ 1148 if (deviceID[3] == 0xc0) { 1149 sprintf(blurbtxt + strlen(blurbtxt), 1150 ", extra cmd"); 1151 } 1152 1153 if (flags & SDDR09_WP) 1154 sprintf(blurbtxt + strlen(blurbtxt), 1155 ", WP"); 1156 1157 printk(KERN_WARNING "%s\n", blurbtxt); 1158 1159 return cardinfo; 1160 } 1161 1162 static int 1163 sddr09_read_map(struct us_data *us) { 1164 1165 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1166 int numblocks, alloc_len, alloc_blocks; 1167 int i, j, result; 1168 unsigned char *buffer, *buffer_end, *ptr; 1169 unsigned int lba, lbact; 1170 1171 if (!info->capacity) 1172 return -1; 1173 1174 // size of a block is 1 << (blockshift + pageshift) bytes 1175 // divide into the total capacity to get the number of blocks 1176 1177 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1178 1179 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1180 // but only use a 64 KB buffer 1181 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1182 #define SDDR09_READ_MAP_BUFSZ 65536 1183 1184 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1185 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1186 buffer = kmalloc(alloc_len, GFP_NOIO); 1187 if (buffer == NULL) { 1188 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1189 result = -1; 1190 goto done; 1191 } 1192 buffer_end = buffer + alloc_len; 1193 1194 #undef SDDR09_READ_MAP_BUFSZ 1195 1196 kfree(info->lba_to_pba); 1197 kfree(info->pba_to_lba); 1198 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1199 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1200 1201 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1202 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1203 result = -1; 1204 goto done; 1205 } 1206 1207 for (i = 0; i < numblocks; i++) 1208 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1209 1210 /* 1211 * Define lba-pba translation table 1212 */ 1213 1214 ptr = buffer_end; 1215 for (i = 0; i < numblocks; i++) { 1216 ptr += (1 << CONTROL_SHIFT); 1217 if (ptr >= buffer_end) { 1218 unsigned long address; 1219 1220 address = i << (info->pageshift + info->blockshift); 1221 result = sddr09_read_control( 1222 us, address>>1, 1223 min(alloc_blocks, numblocks - i), 1224 buffer, 0); 1225 if (result) { 1226 result = -1; 1227 goto done; 1228 } 1229 ptr = buffer; 1230 } 1231 1232 if (i == 0 || i == 1) { 1233 info->pba_to_lba[i] = UNUSABLE; 1234 continue; 1235 } 1236 1237 /* special PBAs have control field 0^16 */ 1238 for (j = 0; j < 16; j++) 1239 if (ptr[j] != 0) 1240 goto nonz; 1241 info->pba_to_lba[i] = UNUSABLE; 1242 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1243 i); 1244 continue; 1245 1246 nonz: 1247 /* unwritten PBAs have control field FF^16 */ 1248 for (j = 0; j < 16; j++) 1249 if (ptr[j] != 0xff) 1250 goto nonff; 1251 continue; 1252 1253 nonff: 1254 /* normal PBAs start with six FFs */ 1255 if (j < 6) { 1256 printk(KERN_WARNING 1257 "sddr09: PBA %d has no logical mapping: " 1258 "reserved area = %02X%02X%02X%02X " 1259 "data status %02X block status %02X\n", 1260 i, ptr[0], ptr[1], ptr[2], ptr[3], 1261 ptr[4], ptr[5]); 1262 info->pba_to_lba[i] = UNUSABLE; 1263 continue; 1264 } 1265 1266 if ((ptr[6] >> 4) != 0x01) { 1267 printk(KERN_WARNING 1268 "sddr09: PBA %d has invalid address field " 1269 "%02X%02X/%02X%02X\n", 1270 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1271 info->pba_to_lba[i] = UNUSABLE; 1272 continue; 1273 } 1274 1275 /* check even parity */ 1276 if (parity[ptr[6] ^ ptr[7]]) { 1277 printk(KERN_WARNING 1278 "sddr09: Bad parity in LBA for block %d" 1279 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1280 info->pba_to_lba[i] = UNUSABLE; 1281 continue; 1282 } 1283 1284 lba = short_pack(ptr[7], ptr[6]); 1285 lba = (lba & 0x07FF) >> 1; 1286 1287 /* 1288 * Every 1024 physical blocks ("zone"), the LBA numbers 1289 * go back to zero, but are within a higher block of LBA's. 1290 * Also, there is a maximum of 1000 LBA's per zone. 1291 * In other words, in PBA 1024-2047 you will find LBA 0-999 1292 * which are really LBA 1000-1999. This allows for 24 bad 1293 * or special physical blocks per zone. 1294 */ 1295 1296 if (lba >= 1000) { 1297 printk(KERN_WARNING 1298 "sddr09: Bad low LBA %d for block %d\n", 1299 lba, i); 1300 goto possibly_erase; 1301 } 1302 1303 lba += 1000*(i/0x400); 1304 1305 if (info->lba_to_pba[lba] != UNDEF) { 1306 printk(KERN_WARNING 1307 "sddr09: LBA %d seen for PBA %d and %d\n", 1308 lba, info->lba_to_pba[lba], i); 1309 goto possibly_erase; 1310 } 1311 1312 info->pba_to_lba[i] = lba; 1313 info->lba_to_pba[lba] = i; 1314 continue; 1315 1316 possibly_erase: 1317 if (erase_bad_lba_entries) { 1318 unsigned long address; 1319 1320 address = (i << (info->pageshift + info->blockshift)); 1321 sddr09_erase(us, address>>1); 1322 info->pba_to_lba[i] = UNDEF; 1323 } else 1324 info->pba_to_lba[i] = UNUSABLE; 1325 } 1326 1327 /* 1328 * Approximate capacity. This is not entirely correct yet, 1329 * since a zone with less than 1000 usable pages leads to 1330 * missing LBAs. Especially if it is the last zone, some 1331 * LBAs can be past capacity. 1332 */ 1333 lbact = 0; 1334 for (i = 0; i < numblocks; i += 1024) { 1335 int ct = 0; 1336 1337 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1338 if (info->pba_to_lba[i+j] != UNUSABLE) { 1339 if (ct >= 1000) 1340 info->pba_to_lba[i+j] = SPARE; 1341 else 1342 ct++; 1343 } 1344 } 1345 lbact += ct; 1346 } 1347 info->lbact = lbact; 1348 US_DEBUGP("Found %d LBA's\n", lbact); 1349 result = 0; 1350 1351 done: 1352 if (result != 0) { 1353 kfree(info->lba_to_pba); 1354 kfree(info->pba_to_lba); 1355 info->lba_to_pba = NULL; 1356 info->pba_to_lba = NULL; 1357 } 1358 kfree(buffer); 1359 return result; 1360 } 1361 1362 static void 1363 sddr09_card_info_destructor(void *extra) { 1364 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1365 1366 if (!info) 1367 return; 1368 1369 kfree(info->lba_to_pba); 1370 kfree(info->pba_to_lba); 1371 } 1372 1373 static int 1374 sddr09_common_init(struct us_data *us) { 1375 int result; 1376 1377 /* set the configuration -- STALL is an acceptable response here */ 1378 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1379 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1380 ->actconfig->desc.bConfigurationValue); 1381 return -EINVAL; 1382 } 1383 1384 result = usb_reset_configuration(us->pusb_dev); 1385 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1386 if (result == -EPIPE) { 1387 US_DEBUGP("-- stall on control interface\n"); 1388 } else if (result != 0) { 1389 /* it's not a stall, but another error -- time to bail */ 1390 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1391 return -EINVAL; 1392 } 1393 1394 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1395 if (!us->extra) 1396 return -ENOMEM; 1397 us->extra_destructor = sddr09_card_info_destructor; 1398 1399 nand_init_ecc(); 1400 return 0; 1401 } 1402 1403 1404 /* 1405 * This is needed at a very early stage. If this is not listed in the 1406 * unusual devices list but called from here then LUN 0 of the combo reader 1407 * is not recognized. But I do not know what precisely these calls do. 1408 */ 1409 int 1410 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1411 int result; 1412 unsigned char *data = us->iobuf; 1413 1414 result = sddr09_common_init(us); 1415 if (result) 1416 return result; 1417 1418 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1419 if (result) { 1420 US_DEBUGP("sddr09_init: send_command fails\n"); 1421 return result; 1422 } 1423 1424 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1425 // get 07 02 1426 1427 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1428 if (result) { 1429 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1430 return result; 1431 } 1432 1433 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1434 // get 07 00 1435 1436 result = sddr09_request_sense(us, data, 18); 1437 if (result == 0 && data[2] != 0) { 1438 int j; 1439 for (j=0; j<18; j++) 1440 printk(" %02X", data[j]); 1441 printk("\n"); 1442 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1443 // 70: current command 1444 // sense key 0, sense code 0, extd sense code 0 1445 // additional transfer length * = sizeof(data) - 7 1446 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1447 // sense key 06, sense code 28: unit attention, 1448 // not ready to ready transition 1449 } 1450 1451 // test unit ready 1452 1453 return 0; /* not result */ 1454 } 1455 1456 /* 1457 * Transport for the Microtech DPCM-USB 1458 */ 1459 int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1460 { 1461 int ret; 1462 1463 US_DEBUGP("dpcm_transport: LUN=%d\n", srb->device->lun); 1464 1465 switch (srb->device->lun) { 1466 case 0: 1467 1468 /* 1469 * LUN 0 corresponds to the CompactFlash card reader. 1470 */ 1471 ret = usb_stor_CB_transport(srb, us); 1472 break; 1473 1474 case 1: 1475 1476 /* 1477 * LUN 1 corresponds to the SmartMedia card reader. 1478 */ 1479 1480 /* 1481 * Set the LUN to 0 (just in case). 1482 */ 1483 srb->device->lun = 0; 1484 ret = sddr09_transport(srb, us); 1485 srb->device->lun = 1; 1486 break; 1487 1488 default: 1489 US_DEBUGP("dpcm_transport: Invalid LUN %d\n", 1490 srb->device->lun); 1491 ret = USB_STOR_TRANSPORT_ERROR; 1492 break; 1493 } 1494 return ret; 1495 } 1496 1497 1498 /* 1499 * Transport for the Sandisk SDDR-09 1500 */ 1501 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1502 { 1503 static unsigned char sensekey = 0, sensecode = 0; 1504 static unsigned char havefakesense = 0; 1505 int result, i; 1506 unsigned char *ptr = us->iobuf; 1507 unsigned long capacity; 1508 unsigned int page, pages; 1509 1510 struct sddr09_card_info *info; 1511 1512 static unsigned char inquiry_response[8] = { 1513 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1514 }; 1515 1516 /* note: no block descriptor support */ 1517 static unsigned char mode_page_01[19] = { 1518 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1519 0x01, 0x0A, 1520 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1521 }; 1522 1523 info = (struct sddr09_card_info *)us->extra; 1524 1525 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1526 /* for a faked command, we have to follow with a faked sense */ 1527 memset(ptr, 0, 18); 1528 ptr[0] = 0x70; 1529 ptr[2] = sensekey; 1530 ptr[7] = 11; 1531 ptr[12] = sensecode; 1532 usb_stor_set_xfer_buf(ptr, 18, srb); 1533 sensekey = sensecode = havefakesense = 0; 1534 return USB_STOR_TRANSPORT_GOOD; 1535 } 1536 1537 havefakesense = 1; 1538 1539 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1540 respond to INQUIRY commands */ 1541 1542 if (srb->cmnd[0] == INQUIRY) { 1543 memcpy(ptr, inquiry_response, 8); 1544 fill_inquiry_response(us, ptr, 36); 1545 return USB_STOR_TRANSPORT_GOOD; 1546 } 1547 1548 if (srb->cmnd[0] == READ_CAPACITY) { 1549 struct nand_flash_dev *cardinfo; 1550 1551 sddr09_get_wp(us, info); /* read WP bit */ 1552 1553 cardinfo = sddr09_get_cardinfo(us, info->flags); 1554 if (!cardinfo) { 1555 /* probably no media */ 1556 init_error: 1557 sensekey = 0x02; /* not ready */ 1558 sensecode = 0x3a; /* medium not present */ 1559 return USB_STOR_TRANSPORT_FAILED; 1560 } 1561 1562 info->capacity = (1 << cardinfo->chipshift); 1563 info->pageshift = cardinfo->pageshift; 1564 info->pagesize = (1 << info->pageshift); 1565 info->blockshift = cardinfo->blockshift; 1566 info->blocksize = (1 << info->blockshift); 1567 info->blockmask = info->blocksize - 1; 1568 1569 // map initialization, must follow get_cardinfo() 1570 if (sddr09_read_map(us)) { 1571 /* probably out of memory */ 1572 goto init_error; 1573 } 1574 1575 // Report capacity 1576 1577 capacity = (info->lbact << info->blockshift) - 1; 1578 1579 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1580 1581 // Report page size 1582 1583 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1584 usb_stor_set_xfer_buf(ptr, 8, srb); 1585 1586 return USB_STOR_TRANSPORT_GOOD; 1587 } 1588 1589 if (srb->cmnd[0] == MODE_SENSE_10) { 1590 int modepage = (srb->cmnd[2] & 0x3F); 1591 1592 /* They ask for the Read/Write error recovery page, 1593 or for all pages. */ 1594 /* %% We should check DBD %% */ 1595 if (modepage == 0x01 || modepage == 0x3F) { 1596 US_DEBUGP("SDDR09: Dummy up request for " 1597 "mode page 0x%x\n", modepage); 1598 1599 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1600 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1601 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1602 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1603 return USB_STOR_TRANSPORT_GOOD; 1604 } 1605 1606 sensekey = 0x05; /* illegal request */ 1607 sensecode = 0x24; /* invalid field in CDB */ 1608 return USB_STOR_TRANSPORT_FAILED; 1609 } 1610 1611 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1612 return USB_STOR_TRANSPORT_GOOD; 1613 1614 havefakesense = 0; 1615 1616 if (srb->cmnd[0] == READ_10) { 1617 1618 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1619 page <<= 16; 1620 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1621 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1622 1623 US_DEBUGP("READ_10: read page %d pagect %d\n", 1624 page, pages); 1625 1626 result = sddr09_read_data(us, page, pages); 1627 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1628 USB_STOR_TRANSPORT_ERROR); 1629 } 1630 1631 if (srb->cmnd[0] == WRITE_10) { 1632 1633 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1634 page <<= 16; 1635 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1636 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1637 1638 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1639 page, pages); 1640 1641 result = sddr09_write_data(us, page, pages); 1642 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1643 USB_STOR_TRANSPORT_ERROR); 1644 } 1645 1646 /* catch-all for all other commands, except 1647 * pass TEST_UNIT_READY and REQUEST_SENSE through 1648 */ 1649 if (srb->cmnd[0] != TEST_UNIT_READY && 1650 srb->cmnd[0] != REQUEST_SENSE) { 1651 sensekey = 0x05; /* illegal request */ 1652 sensecode = 0x20; /* invalid command */ 1653 havefakesense = 1; 1654 return USB_STOR_TRANSPORT_FAILED; 1655 } 1656 1657 for (; srb->cmd_len<12; srb->cmd_len++) 1658 srb->cmnd[srb->cmd_len] = 0; 1659 1660 srb->cmnd[1] = LUNBITS; 1661 1662 ptr[0] = 0; 1663 for (i=0; i<12; i++) 1664 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1665 1666 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1667 1668 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1669 if (result) { 1670 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1671 "returns %d\n", result); 1672 return USB_STOR_TRANSPORT_ERROR; 1673 } 1674 1675 if (scsi_bufflen(srb) == 0) 1676 return USB_STOR_TRANSPORT_GOOD; 1677 1678 if (srb->sc_data_direction == DMA_TO_DEVICE || 1679 srb->sc_data_direction == DMA_FROM_DEVICE) { 1680 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1681 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1682 1683 US_DEBUGP("SDDR09: %s %d bytes\n", 1684 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1685 "sending" : "receiving", 1686 scsi_bufflen(srb)); 1687 1688 result = usb_stor_bulk_srb(us, pipe, srb); 1689 1690 return (result == USB_STOR_XFER_GOOD ? 1691 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1692 } 1693 1694 return USB_STOR_TRANSPORT_GOOD; 1695 } 1696 1697 /* 1698 * Initialization routine for the sddr09 subdriver 1699 */ 1700 int 1701 usb_stor_sddr09_init(struct us_data *us) { 1702 return sddr09_common_init(us); 1703 } 1704