1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/module.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 #include <scsi/scsi_device.h> 50 51 #include "usb.h" 52 #include "transport.h" 53 #include "protocol.h" 54 #include "debug.h" 55 56 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader"); 57 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>"); 58 MODULE_LICENSE("GPL"); 59 60 static int usb_stor_sddr09_dpcm_init(struct us_data *us); 61 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us); 62 static int usb_stor_sddr09_init(struct us_data *us); 63 64 65 /* 66 * The table of devices 67 */ 68 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \ 69 vendorName, productName, useProtocol, useTransport, \ 70 initFunction, flags) \ 71 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \ 72 .driver_info = (flags)|(USB_US_TYPE_STOR<<24) } 73 74 struct usb_device_id sddr09_usb_ids[] = { 75 # include "unusual_sddr09.h" 76 { } /* Terminating entry */ 77 }; 78 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids); 79 80 #undef UNUSUAL_DEV 81 82 /* 83 * The flags table 84 */ 85 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \ 86 vendor_name, product_name, use_protocol, use_transport, \ 87 init_function, Flags) \ 88 { \ 89 .vendorName = vendor_name, \ 90 .productName = product_name, \ 91 .useProtocol = use_protocol, \ 92 .useTransport = use_transport, \ 93 .initFunction = init_function, \ 94 } 95 96 static struct us_unusual_dev sddr09_unusual_dev_list[] = { 97 # include "unusual_sddr09.h" 98 { } /* Terminating entry */ 99 }; 100 101 #undef UNUSUAL_DEV 102 103 104 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 105 #define LSB_of(s) ((s)&0xFF) 106 #define MSB_of(s) ((s)>>8) 107 108 /* #define US_DEBUGP printk */ 109 110 /* 111 * First some stuff that does not belong here: 112 * data on SmartMedia and other cards, completely 113 * unrelated to this driver. 114 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 115 */ 116 117 struct nand_flash_dev { 118 int model_id; 119 int chipshift; /* 1<<cs bytes total capacity */ 120 char pageshift; /* 1<<ps bytes in a page */ 121 char blockshift; /* 1<<bs pages in an erase block */ 122 char zoneshift; /* 1<<zs blocks in a zone */ 123 /* # of logical blocks is 125/128 of this */ 124 char pageadrlen; /* length of an address in bytes - 1 */ 125 }; 126 127 /* 128 * NAND Flash Manufacturer ID Codes 129 */ 130 #define NAND_MFR_AMD 0x01 131 #define NAND_MFR_NATSEMI 0x8f 132 #define NAND_MFR_TOSHIBA 0x98 133 #define NAND_MFR_SAMSUNG 0xec 134 135 static inline char *nand_flash_manufacturer(int manuf_id) { 136 switch(manuf_id) { 137 case NAND_MFR_AMD: 138 return "AMD"; 139 case NAND_MFR_NATSEMI: 140 return "NATSEMI"; 141 case NAND_MFR_TOSHIBA: 142 return "Toshiba"; 143 case NAND_MFR_SAMSUNG: 144 return "Samsung"; 145 default: 146 return "unknown"; 147 } 148 } 149 150 /* 151 * It looks like it is unnecessary to attach manufacturer to the 152 * remaining data: SSFDC prescribes manufacturer-independent id codes. 153 * 154 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 155 */ 156 157 static struct nand_flash_dev nand_flash_ids[] = { 158 /* NAND flash */ 159 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 160 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 161 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 162 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 163 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 164 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 165 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 166 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 167 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 168 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 169 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 170 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 171 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 172 173 /* MASK ROM */ 174 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 175 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 176 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 177 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 178 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 179 { 0,} 180 }; 181 182 static struct nand_flash_dev * 183 nand_find_id(unsigned char id) { 184 int i; 185 186 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 187 if (nand_flash_ids[i].model_id == id) 188 return &(nand_flash_ids[i]); 189 return NULL; 190 } 191 192 /* 193 * ECC computation. 194 */ 195 static unsigned char parity[256]; 196 static unsigned char ecc2[256]; 197 198 static void nand_init_ecc(void) { 199 int i, j, a; 200 201 parity[0] = 0; 202 for (i = 1; i < 256; i++) 203 parity[i] = (parity[i&(i-1)] ^ 1); 204 205 for (i = 0; i < 256; i++) { 206 a = 0; 207 for (j = 0; j < 8; j++) { 208 if (i & (1<<j)) { 209 if ((j & 1) == 0) 210 a ^= 0x04; 211 if ((j & 2) == 0) 212 a ^= 0x10; 213 if ((j & 4) == 0) 214 a ^= 0x40; 215 } 216 } 217 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 218 } 219 } 220 221 /* compute 3-byte ecc on 256 bytes */ 222 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 223 int i, j, a; 224 unsigned char par, bit, bits[8]; 225 226 par = 0; 227 for (j = 0; j < 8; j++) 228 bits[j] = 0; 229 230 /* collect 16 checksum bits */ 231 for (i = 0; i < 256; i++) { 232 par ^= data[i]; 233 bit = parity[data[i]]; 234 for (j = 0; j < 8; j++) 235 if ((i & (1<<j)) == 0) 236 bits[j] ^= bit; 237 } 238 239 /* put 4+4+4 = 12 bits in the ecc */ 240 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 241 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 242 243 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 244 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 245 246 ecc[2] = ecc2[par]; 247 } 248 249 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 250 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 251 } 252 253 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 254 memcpy(data, ecc, 3); 255 } 256 257 /* 258 * The actual driver starts here. 259 */ 260 261 struct sddr09_card_info { 262 unsigned long capacity; /* Size of card in bytes */ 263 int pagesize; /* Size of page in bytes */ 264 int pageshift; /* log2 of pagesize */ 265 int blocksize; /* Size of block in pages */ 266 int blockshift; /* log2 of blocksize */ 267 int blockmask; /* 2^blockshift - 1 */ 268 int *lba_to_pba; /* logical to physical map */ 269 int *pba_to_lba; /* physical to logical map */ 270 int lbact; /* number of available pages */ 271 int flags; 272 #define SDDR09_WP 1 /* write protected */ 273 }; 274 275 /* 276 * On my 16MB card, control blocks have size 64 (16 real control bytes, 277 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 278 * so the reader makes up the remaining 48. Don't know whether these numbers 279 * depend on the card. For now a constant. 280 */ 281 #define CONTROL_SHIFT 6 282 283 /* 284 * On my Combo CF/SM reader, the SM reader has LUN 1. 285 * (and things fail with LUN 0). 286 * It seems LUN is irrelevant for others. 287 */ 288 #define LUN 1 289 #define LUNBITS (LUN << 5) 290 291 /* 292 * LBA and PBA are unsigned ints. Special values. 293 */ 294 #define UNDEF 0xffffffff 295 #define SPARE 0xfffffffe 296 #define UNUSABLE 0xfffffffd 297 298 static const int erase_bad_lba_entries = 0; 299 300 /* send vendor interface command (0x41) */ 301 /* called for requests 0, 1, 8 */ 302 static int 303 sddr09_send_command(struct us_data *us, 304 unsigned char request, 305 unsigned char direction, 306 unsigned char *xfer_data, 307 unsigned int xfer_len) { 308 unsigned int pipe; 309 unsigned char requesttype = (0x41 | direction); 310 int rc; 311 312 // Get the receive or send control pipe number 313 314 if (direction == USB_DIR_IN) 315 pipe = us->recv_ctrl_pipe; 316 else 317 pipe = us->send_ctrl_pipe; 318 319 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 320 0, 0, xfer_data, xfer_len); 321 switch (rc) { 322 case USB_STOR_XFER_GOOD: return 0; 323 case USB_STOR_XFER_STALLED: return -EPIPE; 324 default: return -EIO; 325 } 326 } 327 328 static int 329 sddr09_send_scsi_command(struct us_data *us, 330 unsigned char *command, 331 unsigned int command_len) { 332 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 333 } 334 335 #if 0 336 /* 337 * Test Unit Ready Command: 12 bytes. 338 * byte 0: opcode: 00 339 */ 340 static int 341 sddr09_test_unit_ready(struct us_data *us) { 342 unsigned char *command = us->iobuf; 343 int result; 344 345 memset(command, 0, 6); 346 command[1] = LUNBITS; 347 348 result = sddr09_send_scsi_command(us, command, 6); 349 350 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 351 352 return result; 353 } 354 #endif 355 356 /* 357 * Request Sense Command: 12 bytes. 358 * byte 0: opcode: 03 359 * byte 4: data length 360 */ 361 static int 362 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 363 unsigned char *command = us->iobuf; 364 int result; 365 366 memset(command, 0, 12); 367 command[0] = 0x03; 368 command[1] = LUNBITS; 369 command[4] = buflen; 370 371 result = sddr09_send_scsi_command(us, command, 12); 372 if (result) 373 return result; 374 375 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 376 sensebuf, buflen, NULL); 377 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 378 } 379 380 /* 381 * Read Command: 12 bytes. 382 * byte 0: opcode: E8 383 * byte 1: last two bits: 00: read data, 01: read blockwise control, 384 * 10: read both, 11: read pagewise control. 385 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 386 * bytes 2-5: address (interpretation depends on byte 1, see below) 387 * bytes 10-11: count (idem) 388 * 389 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 390 * A read data command gets data in 512-byte pages. 391 * A read control command gets control in 64-byte chunks. 392 * A read both command gets data+control in 576-byte chunks. 393 * 394 * Blocks are groups of 32 pages, and read blockwise control jumps to the 395 * next block, while read pagewise control jumps to the next page after 396 * reading a group of 64 control bytes. 397 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 398 * 399 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 400 */ 401 402 static int 403 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 404 int nr_of_pages, int bulklen, unsigned char *buf, 405 int use_sg) { 406 407 unsigned char *command = us->iobuf; 408 int result; 409 410 command[0] = 0xE8; 411 command[1] = LUNBITS | x; 412 command[2] = MSB_of(fromaddress>>16); 413 command[3] = LSB_of(fromaddress>>16); 414 command[4] = MSB_of(fromaddress & 0xFFFF); 415 command[5] = LSB_of(fromaddress & 0xFFFF); 416 command[6] = 0; 417 command[7] = 0; 418 command[8] = 0; 419 command[9] = 0; 420 command[10] = MSB_of(nr_of_pages); 421 command[11] = LSB_of(nr_of_pages); 422 423 result = sddr09_send_scsi_command(us, command, 12); 424 425 if (result) { 426 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 427 x, result); 428 return result; 429 } 430 431 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 432 buf, bulklen, use_sg, NULL); 433 434 if (result != USB_STOR_XFER_GOOD) { 435 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 436 x, result); 437 return -EIO; 438 } 439 return 0; 440 } 441 442 /* 443 * Read Data 444 * 445 * fromaddress counts data shorts: 446 * increasing it by 256 shifts the bytestream by 512 bytes; 447 * the last 8 bits are ignored. 448 * 449 * nr_of_pages counts pages of size (1 << pageshift). 450 */ 451 static int 452 sddr09_read20(struct us_data *us, unsigned long fromaddress, 453 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 454 int bulklen = nr_of_pages << pageshift; 455 456 /* The last 8 bits of fromaddress are ignored. */ 457 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 458 buf, use_sg); 459 } 460 461 /* 462 * Read Blockwise Control 463 * 464 * fromaddress gives the starting position (as in read data; 465 * the last 8 bits are ignored); increasing it by 32*256 shifts 466 * the output stream by 64 bytes. 467 * 468 * count counts control groups of size (1 << controlshift). 469 * For me, controlshift = 6. Is this constant? 470 * 471 * After getting one control group, jump to the next block 472 * (fromaddress += 8192). 473 */ 474 static int 475 sddr09_read21(struct us_data *us, unsigned long fromaddress, 476 int count, int controlshift, unsigned char *buf, int use_sg) { 477 478 int bulklen = (count << controlshift); 479 return sddr09_readX(us, 1, fromaddress, count, bulklen, 480 buf, use_sg); 481 } 482 483 /* 484 * Read both Data and Control 485 * 486 * fromaddress counts data shorts, ignoring control: 487 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 488 * the last 8 bits are ignored. 489 * 490 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 491 */ 492 static int 493 sddr09_read22(struct us_data *us, unsigned long fromaddress, 494 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 495 496 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 497 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 498 nr_of_pages, bulklen); 499 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 500 buf, use_sg); 501 } 502 503 #if 0 504 /* 505 * Read Pagewise Control 506 * 507 * fromaddress gives the starting position (as in read data; 508 * the last 8 bits are ignored); increasing it by 256 shifts 509 * the output stream by 64 bytes. 510 * 511 * count counts control groups of size (1 << controlshift). 512 * For me, controlshift = 6. Is this constant? 513 * 514 * After getting one control group, jump to the next page 515 * (fromaddress += 256). 516 */ 517 static int 518 sddr09_read23(struct us_data *us, unsigned long fromaddress, 519 int count, int controlshift, unsigned char *buf, int use_sg) { 520 521 int bulklen = (count << controlshift); 522 return sddr09_readX(us, 3, fromaddress, count, bulklen, 523 buf, use_sg); 524 } 525 #endif 526 527 /* 528 * Erase Command: 12 bytes. 529 * byte 0: opcode: EA 530 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 531 * 532 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 533 * The byte address being erased is 2*Eaddress. 534 * The CIS cannot be erased. 535 */ 536 static int 537 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 538 unsigned char *command = us->iobuf; 539 int result; 540 541 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 542 543 memset(command, 0, 12); 544 command[0] = 0xEA; 545 command[1] = LUNBITS; 546 command[6] = MSB_of(Eaddress>>16); 547 command[7] = LSB_of(Eaddress>>16); 548 command[8] = MSB_of(Eaddress & 0xFFFF); 549 command[9] = LSB_of(Eaddress & 0xFFFF); 550 551 result = sddr09_send_scsi_command(us, command, 12); 552 553 if (result) 554 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 555 result); 556 557 return result; 558 } 559 560 /* 561 * Write CIS Command: 12 bytes. 562 * byte 0: opcode: EE 563 * bytes 2-5: write address in shorts 564 * bytes 10-11: sector count 565 * 566 * This writes at the indicated address. Don't know how it differs 567 * from E9. Maybe it does not erase? However, it will also write to 568 * the CIS. 569 * 570 * When two such commands on the same page follow each other directly, 571 * the second one is not done. 572 */ 573 574 /* 575 * Write Command: 12 bytes. 576 * byte 0: opcode: E9 577 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 578 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 579 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 580 * 581 * If write address equals erase address, the erase is done first, 582 * otherwise the write is done first. When erase address equals zero 583 * no erase is done? 584 */ 585 static int 586 sddr09_writeX(struct us_data *us, 587 unsigned long Waddress, unsigned long Eaddress, 588 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 589 590 unsigned char *command = us->iobuf; 591 int result; 592 593 command[0] = 0xE9; 594 command[1] = LUNBITS; 595 596 command[2] = MSB_of(Waddress>>16); 597 command[3] = LSB_of(Waddress>>16); 598 command[4] = MSB_of(Waddress & 0xFFFF); 599 command[5] = LSB_of(Waddress & 0xFFFF); 600 601 command[6] = MSB_of(Eaddress>>16); 602 command[7] = LSB_of(Eaddress>>16); 603 command[8] = MSB_of(Eaddress & 0xFFFF); 604 command[9] = LSB_of(Eaddress & 0xFFFF); 605 606 command[10] = MSB_of(nr_of_pages); 607 command[11] = LSB_of(nr_of_pages); 608 609 result = sddr09_send_scsi_command(us, command, 12); 610 611 if (result) { 612 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 613 result); 614 return result; 615 } 616 617 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 618 buf, bulklen, use_sg, NULL); 619 620 if (result != USB_STOR_XFER_GOOD) { 621 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 622 result); 623 return -EIO; 624 } 625 return 0; 626 } 627 628 /* erase address, write same address */ 629 static int 630 sddr09_write_inplace(struct us_data *us, unsigned long address, 631 int nr_of_pages, int pageshift, unsigned char *buf, 632 int use_sg) { 633 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 634 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 635 buf, use_sg); 636 } 637 638 #if 0 639 /* 640 * Read Scatter Gather Command: 3+4n bytes. 641 * byte 0: opcode E7 642 * byte 2: n 643 * bytes 4i-1,4i,4i+1: page address 644 * byte 4i+2: page count 645 * (i=1..n) 646 * 647 * This reads several pages from the card to a single memory buffer. 648 * The last two bits of byte 1 have the same meaning as for E8. 649 */ 650 static int 651 sddr09_read_sg_test_only(struct us_data *us) { 652 unsigned char *command = us->iobuf; 653 int result, bulklen, nsg, ct; 654 unsigned char *buf; 655 unsigned long address; 656 657 nsg = bulklen = 0; 658 command[0] = 0xE7; 659 command[1] = LUNBITS; 660 command[2] = 0; 661 address = 040000; ct = 1; 662 nsg++; 663 bulklen += (ct << 9); 664 command[4*nsg+2] = ct; 665 command[4*nsg+1] = ((address >> 9) & 0xFF); 666 command[4*nsg+0] = ((address >> 17) & 0xFF); 667 command[4*nsg-1] = ((address >> 25) & 0xFF); 668 669 address = 0340000; ct = 1; 670 nsg++; 671 bulklen += (ct << 9); 672 command[4*nsg+2] = ct; 673 command[4*nsg+1] = ((address >> 9) & 0xFF); 674 command[4*nsg+0] = ((address >> 17) & 0xFF); 675 command[4*nsg-1] = ((address >> 25) & 0xFF); 676 677 address = 01000000; ct = 2; 678 nsg++; 679 bulklen += (ct << 9); 680 command[4*nsg+2] = ct; 681 command[4*nsg+1] = ((address >> 9) & 0xFF); 682 command[4*nsg+0] = ((address >> 17) & 0xFF); 683 command[4*nsg-1] = ((address >> 25) & 0xFF); 684 685 command[2] = nsg; 686 687 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 688 689 if (result) { 690 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 691 result); 692 return result; 693 } 694 695 buf = kmalloc(bulklen, GFP_NOIO); 696 if (!buf) 697 return -ENOMEM; 698 699 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 700 buf, bulklen, NULL); 701 kfree(buf); 702 if (result != USB_STOR_XFER_GOOD) { 703 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 704 result); 705 return -EIO; 706 } 707 708 return 0; 709 } 710 #endif 711 712 /* 713 * Read Status Command: 12 bytes. 714 * byte 0: opcode: EC 715 * 716 * Returns 64 bytes, all zero except for the first. 717 * bit 0: 1: Error 718 * bit 5: 1: Suspended 719 * bit 6: 1: Ready 720 * bit 7: 1: Not write-protected 721 */ 722 723 static int 724 sddr09_read_status(struct us_data *us, unsigned char *status) { 725 726 unsigned char *command = us->iobuf; 727 unsigned char *data = us->iobuf; 728 int result; 729 730 US_DEBUGP("Reading status...\n"); 731 732 memset(command, 0, 12); 733 command[0] = 0xEC; 734 command[1] = LUNBITS; 735 736 result = sddr09_send_scsi_command(us, command, 12); 737 if (result) 738 return result; 739 740 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 741 data, 64, NULL); 742 *status = data[0]; 743 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 744 } 745 746 static int 747 sddr09_read_data(struct us_data *us, 748 unsigned long address, 749 unsigned int sectors) { 750 751 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 752 unsigned char *buffer; 753 unsigned int lba, maxlba, pba; 754 unsigned int page, pages; 755 unsigned int len, offset; 756 struct scatterlist *sg; 757 int result; 758 759 // Figure out the initial LBA and page 760 lba = address >> info->blockshift; 761 page = (address & info->blockmask); 762 maxlba = info->capacity >> (info->pageshift + info->blockshift); 763 if (lba >= maxlba) 764 return -EIO; 765 766 // Since we only read in one block at a time, we have to create 767 // a bounce buffer and move the data a piece at a time between the 768 // bounce buffer and the actual transfer buffer. 769 770 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 771 buffer = kmalloc(len, GFP_NOIO); 772 if (buffer == NULL) { 773 printk(KERN_WARNING "sddr09_read_data: Out of memory\n"); 774 return -ENOMEM; 775 } 776 777 // This could be made much more efficient by checking for 778 // contiguous LBA's. Another exercise left to the student. 779 780 result = 0; 781 offset = 0; 782 sg = NULL; 783 784 while (sectors > 0) { 785 786 /* Find number of pages we can read in this block */ 787 pages = min(sectors, info->blocksize - page); 788 len = pages << info->pageshift; 789 790 /* Not overflowing capacity? */ 791 if (lba >= maxlba) { 792 US_DEBUGP("Error: Requested lba %u exceeds " 793 "maximum %u\n", lba, maxlba); 794 result = -EIO; 795 break; 796 } 797 798 /* Find where this lba lives on disk */ 799 pba = info->lba_to_pba[lba]; 800 801 if (pba == UNDEF) { /* this lba was never written */ 802 803 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 804 pages, lba, page); 805 806 /* This is not really an error. It just means 807 that the block has never been written. 808 Instead of returning an error 809 it is better to return all zero data. */ 810 811 memset(buffer, 0, len); 812 813 } else { 814 US_DEBUGP("Read %d pages, from PBA %d" 815 " (LBA %d) page %d\n", 816 pages, pba, lba, page); 817 818 address = ((pba << info->blockshift) + page) << 819 info->pageshift; 820 821 result = sddr09_read20(us, address>>1, 822 pages, info->pageshift, buffer, 0); 823 if (result) 824 break; 825 } 826 827 // Store the data in the transfer buffer 828 usb_stor_access_xfer_buf(buffer, len, us->srb, 829 &sg, &offset, TO_XFER_BUF); 830 831 page = 0; 832 lba++; 833 sectors -= pages; 834 } 835 836 kfree(buffer); 837 return result; 838 } 839 840 static unsigned int 841 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 842 static unsigned int lastpba = 1; 843 int zonestart, end, i; 844 845 zonestart = (lba/1000) << 10; 846 end = info->capacity >> (info->blockshift + info->pageshift); 847 end -= zonestart; 848 if (end > 1024) 849 end = 1024; 850 851 for (i = lastpba+1; i < end; i++) { 852 if (info->pba_to_lba[zonestart+i] == UNDEF) { 853 lastpba = i; 854 return zonestart+i; 855 } 856 } 857 for (i = 0; i <= lastpba; i++) { 858 if (info->pba_to_lba[zonestart+i] == UNDEF) { 859 lastpba = i; 860 return zonestart+i; 861 } 862 } 863 return 0; 864 } 865 866 static int 867 sddr09_write_lba(struct us_data *us, unsigned int lba, 868 unsigned int page, unsigned int pages, 869 unsigned char *ptr, unsigned char *blockbuffer) { 870 871 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 872 unsigned long address; 873 unsigned int pba, lbap; 874 unsigned int pagelen; 875 unsigned char *bptr, *cptr, *xptr; 876 unsigned char ecc[3]; 877 int i, result, isnew; 878 879 lbap = ((lba % 1000) << 1) | 0x1000; 880 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 881 lbap ^= 1; 882 pba = info->lba_to_pba[lba]; 883 isnew = 0; 884 885 if (pba == UNDEF) { 886 pba = sddr09_find_unused_pba(info, lba); 887 if (!pba) { 888 printk(KERN_WARNING 889 "sddr09_write_lba: Out of unused blocks\n"); 890 return -ENOSPC; 891 } 892 info->pba_to_lba[pba] = lba; 893 info->lba_to_pba[lba] = pba; 894 isnew = 1; 895 } 896 897 if (pba == 1) { 898 /* Maybe it is impossible to write to PBA 1. 899 Fake success, but don't do anything. */ 900 printk(KERN_WARNING "sddr09: avoid writing to pba 1\n"); 901 return 0; 902 } 903 904 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 905 906 /* read old contents */ 907 address = (pba << (info->pageshift + info->blockshift)); 908 result = sddr09_read22(us, address>>1, info->blocksize, 909 info->pageshift, blockbuffer, 0); 910 if (result) 911 return result; 912 913 /* check old contents and fill lba */ 914 for (i = 0; i < info->blocksize; i++) { 915 bptr = blockbuffer + i*pagelen; 916 cptr = bptr + info->pagesize; 917 nand_compute_ecc(bptr, ecc); 918 if (!nand_compare_ecc(cptr+13, ecc)) { 919 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 920 i, pba); 921 nand_store_ecc(cptr+13, ecc); 922 } 923 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 924 if (!nand_compare_ecc(cptr+8, ecc)) { 925 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 926 i, pba); 927 nand_store_ecc(cptr+8, ecc); 928 } 929 cptr[6] = cptr[11] = MSB_of(lbap); 930 cptr[7] = cptr[12] = LSB_of(lbap); 931 } 932 933 /* copy in new stuff and compute ECC */ 934 xptr = ptr; 935 for (i = page; i < page+pages; i++) { 936 bptr = blockbuffer + i*pagelen; 937 cptr = bptr + info->pagesize; 938 memcpy(bptr, xptr, info->pagesize); 939 xptr += info->pagesize; 940 nand_compute_ecc(bptr, ecc); 941 nand_store_ecc(cptr+13, ecc); 942 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 943 nand_store_ecc(cptr+8, ecc); 944 } 945 946 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 947 948 result = sddr09_write_inplace(us, address>>1, info->blocksize, 949 info->pageshift, blockbuffer, 0); 950 951 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 952 953 #if 0 954 { 955 unsigned char status = 0; 956 int result2 = sddr09_read_status(us, &status); 957 if (result2) 958 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 959 else if (status != 0xc0) 960 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 961 status); 962 } 963 #endif 964 965 #if 0 966 { 967 int result2 = sddr09_test_unit_ready(us); 968 } 969 #endif 970 971 return result; 972 } 973 974 static int 975 sddr09_write_data(struct us_data *us, 976 unsigned long address, 977 unsigned int sectors) { 978 979 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 980 unsigned int lba, maxlba, page, pages; 981 unsigned int pagelen, blocklen; 982 unsigned char *blockbuffer; 983 unsigned char *buffer; 984 unsigned int len, offset; 985 struct scatterlist *sg; 986 int result; 987 988 // Figure out the initial LBA and page 989 lba = address >> info->blockshift; 990 page = (address & info->blockmask); 991 maxlba = info->capacity >> (info->pageshift + info->blockshift); 992 if (lba >= maxlba) 993 return -EIO; 994 995 // blockbuffer is used for reading in the old data, overwriting 996 // with the new data, and performing ECC calculations 997 998 /* TODO: instead of doing kmalloc/kfree for each write, 999 add a bufferpointer to the info structure */ 1000 1001 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 1002 blocklen = (pagelen << info->blockshift); 1003 blockbuffer = kmalloc(blocklen, GFP_NOIO); 1004 if (!blockbuffer) { 1005 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1006 return -ENOMEM; 1007 } 1008 1009 // Since we don't write the user data directly to the device, 1010 // we have to create a bounce buffer and move the data a piece 1011 // at a time between the bounce buffer and the actual transfer buffer. 1012 1013 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 1014 buffer = kmalloc(len, GFP_NOIO); 1015 if (buffer == NULL) { 1016 printk(KERN_WARNING "sddr09_write_data: Out of memory\n"); 1017 kfree(blockbuffer); 1018 return -ENOMEM; 1019 } 1020 1021 result = 0; 1022 offset = 0; 1023 sg = NULL; 1024 1025 while (sectors > 0) { 1026 1027 // Write as many sectors as possible in this block 1028 1029 pages = min(sectors, info->blocksize - page); 1030 len = (pages << info->pageshift); 1031 1032 /* Not overflowing capacity? */ 1033 if (lba >= maxlba) { 1034 US_DEBUGP("Error: Requested lba %u exceeds " 1035 "maximum %u\n", lba, maxlba); 1036 result = -EIO; 1037 break; 1038 } 1039 1040 // Get the data from the transfer buffer 1041 usb_stor_access_xfer_buf(buffer, len, us->srb, 1042 &sg, &offset, FROM_XFER_BUF); 1043 1044 result = sddr09_write_lba(us, lba, page, pages, 1045 buffer, blockbuffer); 1046 if (result) 1047 break; 1048 1049 page = 0; 1050 lba++; 1051 sectors -= pages; 1052 } 1053 1054 kfree(buffer); 1055 kfree(blockbuffer); 1056 1057 return result; 1058 } 1059 1060 static int 1061 sddr09_read_control(struct us_data *us, 1062 unsigned long address, 1063 unsigned int blocks, 1064 unsigned char *content, 1065 int use_sg) { 1066 1067 US_DEBUGP("Read control address %lu, blocks %d\n", 1068 address, blocks); 1069 1070 return sddr09_read21(us, address, blocks, 1071 CONTROL_SHIFT, content, use_sg); 1072 } 1073 1074 /* 1075 * Read Device ID Command: 12 bytes. 1076 * byte 0: opcode: ED 1077 * 1078 * Returns 2 bytes: Manufacturer ID and Device ID. 1079 * On more recent cards 3 bytes: the third byte is an option code A5 1080 * signifying that the secret command to read an 128-bit ID is available. 1081 * On still more recent cards 4 bytes: the fourth byte C0 means that 1082 * a second read ID cmd is available. 1083 */ 1084 static int 1085 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1086 unsigned char *command = us->iobuf; 1087 unsigned char *content = us->iobuf; 1088 int result, i; 1089 1090 memset(command, 0, 12); 1091 command[0] = 0xED; 1092 command[1] = LUNBITS; 1093 1094 result = sddr09_send_scsi_command(us, command, 12); 1095 if (result) 1096 return result; 1097 1098 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1099 content, 64, NULL); 1100 1101 for (i = 0; i < 4; i++) 1102 deviceID[i] = content[i]; 1103 1104 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1105 } 1106 1107 static int 1108 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1109 int result; 1110 unsigned char status; 1111 1112 result = sddr09_read_status(us, &status); 1113 if (result) { 1114 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1115 return result; 1116 } 1117 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1118 if ((status & 0x80) == 0) { 1119 info->flags |= SDDR09_WP; /* write protected */ 1120 US_DEBUGP(" WP"); 1121 } 1122 if (status & 0x40) 1123 US_DEBUGP(" Ready"); 1124 if (status & LUNBITS) 1125 US_DEBUGP(" Suspended"); 1126 if (status & 0x1) 1127 US_DEBUGP(" Error"); 1128 US_DEBUGP("\n"); 1129 return 0; 1130 } 1131 1132 #if 0 1133 /* 1134 * Reset Command: 12 bytes. 1135 * byte 0: opcode: EB 1136 */ 1137 static int 1138 sddr09_reset(struct us_data *us) { 1139 1140 unsigned char *command = us->iobuf; 1141 1142 memset(command, 0, 12); 1143 command[0] = 0xEB; 1144 command[1] = LUNBITS; 1145 1146 return sddr09_send_scsi_command(us, command, 12); 1147 } 1148 #endif 1149 1150 static struct nand_flash_dev * 1151 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1152 struct nand_flash_dev *cardinfo; 1153 unsigned char deviceID[4]; 1154 char blurbtxt[256]; 1155 int result; 1156 1157 US_DEBUGP("Reading capacity...\n"); 1158 1159 result = sddr09_read_deviceID(us, deviceID); 1160 1161 if (result) { 1162 US_DEBUGP("Result of read_deviceID is %d\n", result); 1163 printk(KERN_WARNING "sddr09: could not read card info\n"); 1164 return NULL; 1165 } 1166 1167 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1168 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1169 1170 /* Byte 0 is the manufacturer */ 1171 sprintf(blurbtxt + strlen(blurbtxt), 1172 ": Manuf. %s", 1173 nand_flash_manufacturer(deviceID[0])); 1174 1175 /* Byte 1 is the device type */ 1176 cardinfo = nand_find_id(deviceID[1]); 1177 if (cardinfo) { 1178 /* MB or MiB? It is neither. A 16 MB card has 1179 17301504 raw bytes, of which 16384000 are 1180 usable for user data. */ 1181 sprintf(blurbtxt + strlen(blurbtxt), 1182 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1183 } else { 1184 sprintf(blurbtxt + strlen(blurbtxt), 1185 ", type unrecognized"); 1186 } 1187 1188 /* Byte 2 is code to signal availability of 128-bit ID */ 1189 if (deviceID[2] == 0xa5) { 1190 sprintf(blurbtxt + strlen(blurbtxt), 1191 ", 128-bit ID"); 1192 } 1193 1194 /* Byte 3 announces the availability of another read ID command */ 1195 if (deviceID[3] == 0xc0) { 1196 sprintf(blurbtxt + strlen(blurbtxt), 1197 ", extra cmd"); 1198 } 1199 1200 if (flags & SDDR09_WP) 1201 sprintf(blurbtxt + strlen(blurbtxt), 1202 ", WP"); 1203 1204 printk(KERN_WARNING "%s\n", blurbtxt); 1205 1206 return cardinfo; 1207 } 1208 1209 static int 1210 sddr09_read_map(struct us_data *us) { 1211 1212 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1213 int numblocks, alloc_len, alloc_blocks; 1214 int i, j, result; 1215 unsigned char *buffer, *buffer_end, *ptr; 1216 unsigned int lba, lbact; 1217 1218 if (!info->capacity) 1219 return -1; 1220 1221 // size of a block is 1 << (blockshift + pageshift) bytes 1222 // divide into the total capacity to get the number of blocks 1223 1224 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1225 1226 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1227 // but only use a 64 KB buffer 1228 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1229 #define SDDR09_READ_MAP_BUFSZ 65536 1230 1231 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1232 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1233 buffer = kmalloc(alloc_len, GFP_NOIO); 1234 if (buffer == NULL) { 1235 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1236 result = -1; 1237 goto done; 1238 } 1239 buffer_end = buffer + alloc_len; 1240 1241 #undef SDDR09_READ_MAP_BUFSZ 1242 1243 kfree(info->lba_to_pba); 1244 kfree(info->pba_to_lba); 1245 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1246 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1247 1248 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1249 printk(KERN_WARNING "sddr09_read_map: out of memory\n"); 1250 result = -1; 1251 goto done; 1252 } 1253 1254 for (i = 0; i < numblocks; i++) 1255 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1256 1257 /* 1258 * Define lba-pba translation table 1259 */ 1260 1261 ptr = buffer_end; 1262 for (i = 0; i < numblocks; i++) { 1263 ptr += (1 << CONTROL_SHIFT); 1264 if (ptr >= buffer_end) { 1265 unsigned long address; 1266 1267 address = i << (info->pageshift + info->blockshift); 1268 result = sddr09_read_control( 1269 us, address>>1, 1270 min(alloc_blocks, numblocks - i), 1271 buffer, 0); 1272 if (result) { 1273 result = -1; 1274 goto done; 1275 } 1276 ptr = buffer; 1277 } 1278 1279 if (i == 0 || i == 1) { 1280 info->pba_to_lba[i] = UNUSABLE; 1281 continue; 1282 } 1283 1284 /* special PBAs have control field 0^16 */ 1285 for (j = 0; j < 16; j++) 1286 if (ptr[j] != 0) 1287 goto nonz; 1288 info->pba_to_lba[i] = UNUSABLE; 1289 printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n", 1290 i); 1291 continue; 1292 1293 nonz: 1294 /* unwritten PBAs have control field FF^16 */ 1295 for (j = 0; j < 16; j++) 1296 if (ptr[j] != 0xff) 1297 goto nonff; 1298 continue; 1299 1300 nonff: 1301 /* normal PBAs start with six FFs */ 1302 if (j < 6) { 1303 printk(KERN_WARNING 1304 "sddr09: PBA %d has no logical mapping: " 1305 "reserved area = %02X%02X%02X%02X " 1306 "data status %02X block status %02X\n", 1307 i, ptr[0], ptr[1], ptr[2], ptr[3], 1308 ptr[4], ptr[5]); 1309 info->pba_to_lba[i] = UNUSABLE; 1310 continue; 1311 } 1312 1313 if ((ptr[6] >> 4) != 0x01) { 1314 printk(KERN_WARNING 1315 "sddr09: PBA %d has invalid address field " 1316 "%02X%02X/%02X%02X\n", 1317 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1318 info->pba_to_lba[i] = UNUSABLE; 1319 continue; 1320 } 1321 1322 /* check even parity */ 1323 if (parity[ptr[6] ^ ptr[7]]) { 1324 printk(KERN_WARNING 1325 "sddr09: Bad parity in LBA for block %d" 1326 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1327 info->pba_to_lba[i] = UNUSABLE; 1328 continue; 1329 } 1330 1331 lba = short_pack(ptr[7], ptr[6]); 1332 lba = (lba & 0x07FF) >> 1; 1333 1334 /* 1335 * Every 1024 physical blocks ("zone"), the LBA numbers 1336 * go back to zero, but are within a higher block of LBA's. 1337 * Also, there is a maximum of 1000 LBA's per zone. 1338 * In other words, in PBA 1024-2047 you will find LBA 0-999 1339 * which are really LBA 1000-1999. This allows for 24 bad 1340 * or special physical blocks per zone. 1341 */ 1342 1343 if (lba >= 1000) { 1344 printk(KERN_WARNING 1345 "sddr09: Bad low LBA %d for block %d\n", 1346 lba, i); 1347 goto possibly_erase; 1348 } 1349 1350 lba += 1000*(i/0x400); 1351 1352 if (info->lba_to_pba[lba] != UNDEF) { 1353 printk(KERN_WARNING 1354 "sddr09: LBA %d seen for PBA %d and %d\n", 1355 lba, info->lba_to_pba[lba], i); 1356 goto possibly_erase; 1357 } 1358 1359 info->pba_to_lba[i] = lba; 1360 info->lba_to_pba[lba] = i; 1361 continue; 1362 1363 possibly_erase: 1364 if (erase_bad_lba_entries) { 1365 unsigned long address; 1366 1367 address = (i << (info->pageshift + info->blockshift)); 1368 sddr09_erase(us, address>>1); 1369 info->pba_to_lba[i] = UNDEF; 1370 } else 1371 info->pba_to_lba[i] = UNUSABLE; 1372 } 1373 1374 /* 1375 * Approximate capacity. This is not entirely correct yet, 1376 * since a zone with less than 1000 usable pages leads to 1377 * missing LBAs. Especially if it is the last zone, some 1378 * LBAs can be past capacity. 1379 */ 1380 lbact = 0; 1381 for (i = 0; i < numblocks; i += 1024) { 1382 int ct = 0; 1383 1384 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1385 if (info->pba_to_lba[i+j] != UNUSABLE) { 1386 if (ct >= 1000) 1387 info->pba_to_lba[i+j] = SPARE; 1388 else 1389 ct++; 1390 } 1391 } 1392 lbact += ct; 1393 } 1394 info->lbact = lbact; 1395 US_DEBUGP("Found %d LBA's\n", lbact); 1396 result = 0; 1397 1398 done: 1399 if (result != 0) { 1400 kfree(info->lba_to_pba); 1401 kfree(info->pba_to_lba); 1402 info->lba_to_pba = NULL; 1403 info->pba_to_lba = NULL; 1404 } 1405 kfree(buffer); 1406 return result; 1407 } 1408 1409 static void 1410 sddr09_card_info_destructor(void *extra) { 1411 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1412 1413 if (!info) 1414 return; 1415 1416 kfree(info->lba_to_pba); 1417 kfree(info->pba_to_lba); 1418 } 1419 1420 static int 1421 sddr09_common_init(struct us_data *us) { 1422 int result; 1423 1424 /* set the configuration -- STALL is an acceptable response here */ 1425 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1426 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1427 ->actconfig->desc.bConfigurationValue); 1428 return -EINVAL; 1429 } 1430 1431 result = usb_reset_configuration(us->pusb_dev); 1432 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1433 if (result == -EPIPE) { 1434 US_DEBUGP("-- stall on control interface\n"); 1435 } else if (result != 0) { 1436 /* it's not a stall, but another error -- time to bail */ 1437 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1438 return -EINVAL; 1439 } 1440 1441 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1442 if (!us->extra) 1443 return -ENOMEM; 1444 us->extra_destructor = sddr09_card_info_destructor; 1445 1446 nand_init_ecc(); 1447 return 0; 1448 } 1449 1450 1451 /* 1452 * This is needed at a very early stage. If this is not listed in the 1453 * unusual devices list but called from here then LUN 0 of the combo reader 1454 * is not recognized. But I do not know what precisely these calls do. 1455 */ 1456 static int 1457 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1458 int result; 1459 unsigned char *data = us->iobuf; 1460 1461 result = sddr09_common_init(us); 1462 if (result) 1463 return result; 1464 1465 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1466 if (result) { 1467 US_DEBUGP("sddr09_init: send_command fails\n"); 1468 return result; 1469 } 1470 1471 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1472 // get 07 02 1473 1474 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1475 if (result) { 1476 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1477 return result; 1478 } 1479 1480 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1481 // get 07 00 1482 1483 result = sddr09_request_sense(us, data, 18); 1484 if (result == 0 && data[2] != 0) { 1485 int j; 1486 for (j=0; j<18; j++) 1487 printk(" %02X", data[j]); 1488 printk("\n"); 1489 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1490 // 70: current command 1491 // sense key 0, sense code 0, extd sense code 0 1492 // additional transfer length * = sizeof(data) - 7 1493 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1494 // sense key 06, sense code 28: unit attention, 1495 // not ready to ready transition 1496 } 1497 1498 // test unit ready 1499 1500 return 0; /* not result */ 1501 } 1502 1503 /* 1504 * Transport for the Microtech DPCM-USB 1505 */ 1506 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us) 1507 { 1508 int ret; 1509 1510 US_DEBUGP("dpcm_transport: LUN=%d\n", srb->device->lun); 1511 1512 switch (srb->device->lun) { 1513 case 0: 1514 1515 /* 1516 * LUN 0 corresponds to the CompactFlash card reader. 1517 */ 1518 ret = usb_stor_CB_transport(srb, us); 1519 break; 1520 1521 case 1: 1522 1523 /* 1524 * LUN 1 corresponds to the SmartMedia card reader. 1525 */ 1526 1527 /* 1528 * Set the LUN to 0 (just in case). 1529 */ 1530 srb->device->lun = 0; 1531 ret = sddr09_transport(srb, us); 1532 srb->device->lun = 1; 1533 break; 1534 1535 default: 1536 US_DEBUGP("dpcm_transport: Invalid LUN %d\n", 1537 srb->device->lun); 1538 ret = USB_STOR_TRANSPORT_ERROR; 1539 break; 1540 } 1541 return ret; 1542 } 1543 1544 1545 /* 1546 * Transport for the Sandisk SDDR-09 1547 */ 1548 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1549 { 1550 static unsigned char sensekey = 0, sensecode = 0; 1551 static unsigned char havefakesense = 0; 1552 int result, i; 1553 unsigned char *ptr = us->iobuf; 1554 unsigned long capacity; 1555 unsigned int page, pages; 1556 1557 struct sddr09_card_info *info; 1558 1559 static unsigned char inquiry_response[8] = { 1560 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1561 }; 1562 1563 /* note: no block descriptor support */ 1564 static unsigned char mode_page_01[19] = { 1565 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1566 0x01, 0x0A, 1567 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1568 }; 1569 1570 info = (struct sddr09_card_info *)us->extra; 1571 1572 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1573 /* for a faked command, we have to follow with a faked sense */ 1574 memset(ptr, 0, 18); 1575 ptr[0] = 0x70; 1576 ptr[2] = sensekey; 1577 ptr[7] = 11; 1578 ptr[12] = sensecode; 1579 usb_stor_set_xfer_buf(ptr, 18, srb); 1580 sensekey = sensecode = havefakesense = 0; 1581 return USB_STOR_TRANSPORT_GOOD; 1582 } 1583 1584 havefakesense = 1; 1585 1586 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1587 respond to INQUIRY commands */ 1588 1589 if (srb->cmnd[0] == INQUIRY) { 1590 memcpy(ptr, inquiry_response, 8); 1591 fill_inquiry_response(us, ptr, 36); 1592 return USB_STOR_TRANSPORT_GOOD; 1593 } 1594 1595 if (srb->cmnd[0] == READ_CAPACITY) { 1596 struct nand_flash_dev *cardinfo; 1597 1598 sddr09_get_wp(us, info); /* read WP bit */ 1599 1600 cardinfo = sddr09_get_cardinfo(us, info->flags); 1601 if (!cardinfo) { 1602 /* probably no media */ 1603 init_error: 1604 sensekey = 0x02; /* not ready */ 1605 sensecode = 0x3a; /* medium not present */ 1606 return USB_STOR_TRANSPORT_FAILED; 1607 } 1608 1609 info->capacity = (1 << cardinfo->chipshift); 1610 info->pageshift = cardinfo->pageshift; 1611 info->pagesize = (1 << info->pageshift); 1612 info->blockshift = cardinfo->blockshift; 1613 info->blocksize = (1 << info->blockshift); 1614 info->blockmask = info->blocksize - 1; 1615 1616 // map initialization, must follow get_cardinfo() 1617 if (sddr09_read_map(us)) { 1618 /* probably out of memory */ 1619 goto init_error; 1620 } 1621 1622 // Report capacity 1623 1624 capacity = (info->lbact << info->blockshift) - 1; 1625 1626 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1627 1628 // Report page size 1629 1630 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1631 usb_stor_set_xfer_buf(ptr, 8, srb); 1632 1633 return USB_STOR_TRANSPORT_GOOD; 1634 } 1635 1636 if (srb->cmnd[0] == MODE_SENSE_10) { 1637 int modepage = (srb->cmnd[2] & 0x3F); 1638 1639 /* They ask for the Read/Write error recovery page, 1640 or for all pages. */ 1641 /* %% We should check DBD %% */ 1642 if (modepage == 0x01 || modepage == 0x3F) { 1643 US_DEBUGP("SDDR09: Dummy up request for " 1644 "mode page 0x%x\n", modepage); 1645 1646 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1647 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1648 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1649 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1650 return USB_STOR_TRANSPORT_GOOD; 1651 } 1652 1653 sensekey = 0x05; /* illegal request */ 1654 sensecode = 0x24; /* invalid field in CDB */ 1655 return USB_STOR_TRANSPORT_FAILED; 1656 } 1657 1658 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1659 return USB_STOR_TRANSPORT_GOOD; 1660 1661 havefakesense = 0; 1662 1663 if (srb->cmnd[0] == READ_10) { 1664 1665 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1666 page <<= 16; 1667 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1668 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1669 1670 US_DEBUGP("READ_10: read page %d pagect %d\n", 1671 page, pages); 1672 1673 result = sddr09_read_data(us, page, pages); 1674 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1675 USB_STOR_TRANSPORT_ERROR); 1676 } 1677 1678 if (srb->cmnd[0] == WRITE_10) { 1679 1680 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1681 page <<= 16; 1682 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1683 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1684 1685 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1686 page, pages); 1687 1688 result = sddr09_write_data(us, page, pages); 1689 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1690 USB_STOR_TRANSPORT_ERROR); 1691 } 1692 1693 /* catch-all for all other commands, except 1694 * pass TEST_UNIT_READY and REQUEST_SENSE through 1695 */ 1696 if (srb->cmnd[0] != TEST_UNIT_READY && 1697 srb->cmnd[0] != REQUEST_SENSE) { 1698 sensekey = 0x05; /* illegal request */ 1699 sensecode = 0x20; /* invalid command */ 1700 havefakesense = 1; 1701 return USB_STOR_TRANSPORT_FAILED; 1702 } 1703 1704 for (; srb->cmd_len<12; srb->cmd_len++) 1705 srb->cmnd[srb->cmd_len] = 0; 1706 1707 srb->cmnd[1] = LUNBITS; 1708 1709 ptr[0] = 0; 1710 for (i=0; i<12; i++) 1711 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1712 1713 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1714 1715 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1716 if (result) { 1717 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1718 "returns %d\n", result); 1719 return USB_STOR_TRANSPORT_ERROR; 1720 } 1721 1722 if (scsi_bufflen(srb) == 0) 1723 return USB_STOR_TRANSPORT_GOOD; 1724 1725 if (srb->sc_data_direction == DMA_TO_DEVICE || 1726 srb->sc_data_direction == DMA_FROM_DEVICE) { 1727 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1728 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1729 1730 US_DEBUGP("SDDR09: %s %d bytes\n", 1731 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1732 "sending" : "receiving", 1733 scsi_bufflen(srb)); 1734 1735 result = usb_stor_bulk_srb(us, pipe, srb); 1736 1737 return (result == USB_STOR_XFER_GOOD ? 1738 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1739 } 1740 1741 return USB_STOR_TRANSPORT_GOOD; 1742 } 1743 1744 /* 1745 * Initialization routine for the sddr09 subdriver 1746 */ 1747 static int 1748 usb_stor_sddr09_init(struct us_data *us) { 1749 return sddr09_common_init(us); 1750 } 1751 1752 static int sddr09_probe(struct usb_interface *intf, 1753 const struct usb_device_id *id) 1754 { 1755 struct us_data *us; 1756 int result; 1757 1758 result = usb_stor_probe1(&us, intf, id, 1759 (id - sddr09_usb_ids) + sddr09_unusual_dev_list); 1760 if (result) 1761 return result; 1762 1763 if (us->protocol == USB_PR_DPCM_USB) { 1764 us->transport_name = "Control/Bulk-EUSB/SDDR09"; 1765 us->transport = dpcm_transport; 1766 us->transport_reset = usb_stor_CB_reset; 1767 us->max_lun = 1; 1768 } else { 1769 us->transport_name = "EUSB/SDDR09"; 1770 us->transport = sddr09_transport; 1771 us->transport_reset = usb_stor_CB_reset; 1772 us->max_lun = 0; 1773 } 1774 1775 result = usb_stor_probe2(us); 1776 return result; 1777 } 1778 1779 static struct usb_driver sddr09_driver = { 1780 .name = "ums-sddr09", 1781 .probe = sddr09_probe, 1782 .disconnect = usb_stor_disconnect, 1783 .suspend = usb_stor_suspend, 1784 .resume = usb_stor_resume, 1785 .reset_resume = usb_stor_reset_resume, 1786 .pre_reset = usb_stor_pre_reset, 1787 .post_reset = usb_stor_post_reset, 1788 .id_table = sddr09_usb_ids, 1789 .soft_unbind = 1, 1790 }; 1791 1792 static int __init sddr09_init(void) 1793 { 1794 return usb_register(&sddr09_driver); 1795 } 1796 1797 static void __exit sddr09_exit(void) 1798 { 1799 usb_deregister(&sddr09_driver); 1800 } 1801 1802 module_init(sddr09_init); 1803 module_exit(sddr09_exit); 1804