1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $ 4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 5 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 6 * Developed with the assistance of: 7 * (c) 2002 Alan Stern <stern@rowland.org> 8 * 9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 10 * This chip is a programmable USB controller. In the SDDR-09, it has 11 * been programmed to obey a certain limited set of SCSI commands. 12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 13 * commands. 14 * 15 * This program is free software; you can redistribute it and/or modify it 16 * under the terms of the GNU General Public License as published by the 17 * Free Software Foundation; either version 2, or (at your option) any 18 * later version. 19 * 20 * This program is distributed in the hope that it will be useful, but 21 * WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 * General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License along 26 * with this program; if not, write to the Free Software Foundation, Inc., 27 * 675 Mass Ave, Cambridge, MA 02139, USA. 28 */ 29 30 /* 31 * Known vendor commands: 12 bytes, first byte is opcode 32 * 33 * E7: read scatter gather 34 * E8: read 35 * E9: write 36 * EA: erase 37 * EB: reset 38 * EC: read status 39 * ED: read ID 40 * EE: write CIS (?) 41 * EF: compute checksum (?) 42 */ 43 44 #include <linux/errno.h> 45 #include <linux/slab.h> 46 47 #include <scsi/scsi.h> 48 #include <scsi/scsi_cmnd.h> 49 50 #include "usb.h" 51 #include "transport.h" 52 #include "protocol.h" 53 #include "debug.h" 54 #include "sddr09.h" 55 56 57 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 58 #define LSB_of(s) ((s)&0xFF) 59 #define MSB_of(s) ((s)>>8) 60 61 /* #define US_DEBUGP printk */ 62 63 /* 64 * First some stuff that does not belong here: 65 * data on SmartMedia and other cards, completely 66 * unrelated to this driver. 67 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 68 */ 69 70 struct nand_flash_dev { 71 int model_id; 72 int chipshift; /* 1<<cs bytes total capacity */ 73 char pageshift; /* 1<<ps bytes in a page */ 74 char blockshift; /* 1<<bs pages in an erase block */ 75 char zoneshift; /* 1<<zs blocks in a zone */ 76 /* # of logical blocks is 125/128 of this */ 77 char pageadrlen; /* length of an address in bytes - 1 */ 78 }; 79 80 /* 81 * NAND Flash Manufacturer ID Codes 82 */ 83 #define NAND_MFR_AMD 0x01 84 #define NAND_MFR_NATSEMI 0x8f 85 #define NAND_MFR_TOSHIBA 0x98 86 #define NAND_MFR_SAMSUNG 0xec 87 88 static inline char *nand_flash_manufacturer(int manuf_id) { 89 switch(manuf_id) { 90 case NAND_MFR_AMD: 91 return "AMD"; 92 case NAND_MFR_NATSEMI: 93 return "NATSEMI"; 94 case NAND_MFR_TOSHIBA: 95 return "Toshiba"; 96 case NAND_MFR_SAMSUNG: 97 return "Samsung"; 98 default: 99 return "unknown"; 100 } 101 } 102 103 /* 104 * It looks like it is unnecessary to attach manufacturer to the 105 * remaining data: SSFDC prescribes manufacturer-independent id codes. 106 * 107 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 108 */ 109 110 static struct nand_flash_dev nand_flash_ids[] = { 111 /* NAND flash */ 112 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 113 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 114 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 115 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 116 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 117 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 118 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 119 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 120 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 121 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 122 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 123 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 124 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 125 126 /* MASK ROM */ 127 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 128 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 129 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 130 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 131 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 132 { 0,} 133 }; 134 135 static struct nand_flash_dev * 136 nand_find_id(unsigned char id) { 137 int i; 138 139 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 140 if (nand_flash_ids[i].model_id == id) 141 return &(nand_flash_ids[i]); 142 return NULL; 143 } 144 145 /* 146 * ECC computation. 147 */ 148 static unsigned char parity[256]; 149 static unsigned char ecc2[256]; 150 151 static void nand_init_ecc(void) { 152 int i, j, a; 153 154 parity[0] = 0; 155 for (i = 1; i < 256; i++) 156 parity[i] = (parity[i&(i-1)] ^ 1); 157 158 for (i = 0; i < 256; i++) { 159 a = 0; 160 for (j = 0; j < 8; j++) { 161 if (i & (1<<j)) { 162 if ((j & 1) == 0) 163 a ^= 0x04; 164 if ((j & 2) == 0) 165 a ^= 0x10; 166 if ((j & 4) == 0) 167 a ^= 0x40; 168 } 169 } 170 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 171 } 172 } 173 174 /* compute 3-byte ecc on 256 bytes */ 175 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 176 int i, j, a; 177 unsigned char par, bit, bits[8]; 178 179 par = 0; 180 for (j = 0; j < 8; j++) 181 bits[j] = 0; 182 183 /* collect 16 checksum bits */ 184 for (i = 0; i < 256; i++) { 185 par ^= data[i]; 186 bit = parity[data[i]]; 187 for (j = 0; j < 8; j++) 188 if ((i & (1<<j)) == 0) 189 bits[j] ^= bit; 190 } 191 192 /* put 4+4+4 = 12 bits in the ecc */ 193 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 194 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 195 196 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 197 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 198 199 ecc[2] = ecc2[par]; 200 } 201 202 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 203 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 204 } 205 206 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 207 memcpy(data, ecc, 3); 208 } 209 210 /* 211 * The actual driver starts here. 212 */ 213 214 struct sddr09_card_info { 215 unsigned long capacity; /* Size of card in bytes */ 216 int pagesize; /* Size of page in bytes */ 217 int pageshift; /* log2 of pagesize */ 218 int blocksize; /* Size of block in pages */ 219 int blockshift; /* log2 of blocksize */ 220 int blockmask; /* 2^blockshift - 1 */ 221 int *lba_to_pba; /* logical to physical map */ 222 int *pba_to_lba; /* physical to logical map */ 223 int lbact; /* number of available pages */ 224 int flags; 225 #define SDDR09_WP 1 /* write protected */ 226 }; 227 228 /* 229 * On my 16MB card, control blocks have size 64 (16 real control bytes, 230 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 231 * so the reader makes up the remaining 48. Don't know whether these numbers 232 * depend on the card. For now a constant. 233 */ 234 #define CONTROL_SHIFT 6 235 236 /* 237 * On my Combo CF/SM reader, the SM reader has LUN 1. 238 * (and things fail with LUN 0). 239 * It seems LUN is irrelevant for others. 240 */ 241 #define LUN 1 242 #define LUNBITS (LUN << 5) 243 244 /* 245 * LBA and PBA are unsigned ints. Special values. 246 */ 247 #define UNDEF 0xffffffff 248 #define SPARE 0xfffffffe 249 #define UNUSABLE 0xfffffffd 250 251 static const int erase_bad_lba_entries = 0; 252 253 /* send vendor interface command (0x41) */ 254 /* called for requests 0, 1, 8 */ 255 static int 256 sddr09_send_command(struct us_data *us, 257 unsigned char request, 258 unsigned char direction, 259 unsigned char *xfer_data, 260 unsigned int xfer_len) { 261 unsigned int pipe; 262 unsigned char requesttype = (0x41 | direction); 263 int rc; 264 265 // Get the receive or send control pipe number 266 267 if (direction == USB_DIR_IN) 268 pipe = us->recv_ctrl_pipe; 269 else 270 pipe = us->send_ctrl_pipe; 271 272 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 273 0, 0, xfer_data, xfer_len); 274 switch (rc) { 275 case USB_STOR_XFER_GOOD: return 0; 276 case USB_STOR_XFER_STALLED: return -EPIPE; 277 default: return -EIO; 278 } 279 } 280 281 static int 282 sddr09_send_scsi_command(struct us_data *us, 283 unsigned char *command, 284 unsigned int command_len) { 285 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 286 } 287 288 #if 0 289 /* 290 * Test Unit Ready Command: 12 bytes. 291 * byte 0: opcode: 00 292 */ 293 static int 294 sddr09_test_unit_ready(struct us_data *us) { 295 unsigned char *command = us->iobuf; 296 int result; 297 298 memset(command, 0, 6); 299 command[1] = LUNBITS; 300 301 result = sddr09_send_scsi_command(us, command, 6); 302 303 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 304 305 return result; 306 } 307 #endif 308 309 /* 310 * Request Sense Command: 12 bytes. 311 * byte 0: opcode: 03 312 * byte 4: data length 313 */ 314 static int 315 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 316 unsigned char *command = us->iobuf; 317 int result; 318 319 memset(command, 0, 12); 320 command[0] = 0x03; 321 command[1] = LUNBITS; 322 command[4] = buflen; 323 324 result = sddr09_send_scsi_command(us, command, 12); 325 if (result) 326 return result; 327 328 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 329 sensebuf, buflen, NULL); 330 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 331 } 332 333 /* 334 * Read Command: 12 bytes. 335 * byte 0: opcode: E8 336 * byte 1: last two bits: 00: read data, 01: read blockwise control, 337 * 10: read both, 11: read pagewise control. 338 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 339 * bytes 2-5: address (interpretation depends on byte 1, see below) 340 * bytes 10-11: count (idem) 341 * 342 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 343 * A read data command gets data in 512-byte pages. 344 * A read control command gets control in 64-byte chunks. 345 * A read both command gets data+control in 576-byte chunks. 346 * 347 * Blocks are groups of 32 pages, and read blockwise control jumps to the 348 * next block, while read pagewise control jumps to the next page after 349 * reading a group of 64 control bytes. 350 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 351 * 352 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 353 */ 354 355 static int 356 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 357 int nr_of_pages, int bulklen, unsigned char *buf, 358 int use_sg) { 359 360 unsigned char *command = us->iobuf; 361 int result; 362 363 command[0] = 0xE8; 364 command[1] = LUNBITS | x; 365 command[2] = MSB_of(fromaddress>>16); 366 command[3] = LSB_of(fromaddress>>16); 367 command[4] = MSB_of(fromaddress & 0xFFFF); 368 command[5] = LSB_of(fromaddress & 0xFFFF); 369 command[6] = 0; 370 command[7] = 0; 371 command[8] = 0; 372 command[9] = 0; 373 command[10] = MSB_of(nr_of_pages); 374 command[11] = LSB_of(nr_of_pages); 375 376 result = sddr09_send_scsi_command(us, command, 12); 377 378 if (result) { 379 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 380 x, result); 381 return result; 382 } 383 384 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 385 buf, bulklen, use_sg, NULL); 386 387 if (result != USB_STOR_XFER_GOOD) { 388 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 389 x, result); 390 return -EIO; 391 } 392 return 0; 393 } 394 395 /* 396 * Read Data 397 * 398 * fromaddress counts data shorts: 399 * increasing it by 256 shifts the bytestream by 512 bytes; 400 * the last 8 bits are ignored. 401 * 402 * nr_of_pages counts pages of size (1 << pageshift). 403 */ 404 static int 405 sddr09_read20(struct us_data *us, unsigned long fromaddress, 406 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 407 int bulklen = nr_of_pages << pageshift; 408 409 /* The last 8 bits of fromaddress are ignored. */ 410 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 411 buf, use_sg); 412 } 413 414 /* 415 * Read Blockwise Control 416 * 417 * fromaddress gives the starting position (as in read data; 418 * the last 8 bits are ignored); increasing it by 32*256 shifts 419 * the output stream by 64 bytes. 420 * 421 * count counts control groups of size (1 << controlshift). 422 * For me, controlshift = 6. Is this constant? 423 * 424 * After getting one control group, jump to the next block 425 * (fromaddress += 8192). 426 */ 427 static int 428 sddr09_read21(struct us_data *us, unsigned long fromaddress, 429 int count, int controlshift, unsigned char *buf, int use_sg) { 430 431 int bulklen = (count << controlshift); 432 return sddr09_readX(us, 1, fromaddress, count, bulklen, 433 buf, use_sg); 434 } 435 436 /* 437 * Read both Data and Control 438 * 439 * fromaddress counts data shorts, ignoring control: 440 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 441 * the last 8 bits are ignored. 442 * 443 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 444 */ 445 static int 446 sddr09_read22(struct us_data *us, unsigned long fromaddress, 447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 448 449 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 450 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 451 nr_of_pages, bulklen); 452 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 453 buf, use_sg); 454 } 455 456 #if 0 457 /* 458 * Read Pagewise Control 459 * 460 * fromaddress gives the starting position (as in read data; 461 * the last 8 bits are ignored); increasing it by 256 shifts 462 * the output stream by 64 bytes. 463 * 464 * count counts control groups of size (1 << controlshift). 465 * For me, controlshift = 6. Is this constant? 466 * 467 * After getting one control group, jump to the next page 468 * (fromaddress += 256). 469 */ 470 static int 471 sddr09_read23(struct us_data *us, unsigned long fromaddress, 472 int count, int controlshift, unsigned char *buf, int use_sg) { 473 474 int bulklen = (count << controlshift); 475 return sddr09_readX(us, 3, fromaddress, count, bulklen, 476 buf, use_sg); 477 } 478 #endif 479 480 /* 481 * Erase Command: 12 bytes. 482 * byte 0: opcode: EA 483 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 484 * 485 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 486 * The byte address being erased is 2*Eaddress. 487 * The CIS cannot be erased. 488 */ 489 static int 490 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 491 unsigned char *command = us->iobuf; 492 int result; 493 494 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 495 496 memset(command, 0, 12); 497 command[0] = 0xEA; 498 command[1] = LUNBITS; 499 command[6] = MSB_of(Eaddress>>16); 500 command[7] = LSB_of(Eaddress>>16); 501 command[8] = MSB_of(Eaddress & 0xFFFF); 502 command[9] = LSB_of(Eaddress & 0xFFFF); 503 504 result = sddr09_send_scsi_command(us, command, 12); 505 506 if (result) 507 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 508 result); 509 510 return result; 511 } 512 513 /* 514 * Write CIS Command: 12 bytes. 515 * byte 0: opcode: EE 516 * bytes 2-5: write address in shorts 517 * bytes 10-11: sector count 518 * 519 * This writes at the indicated address. Don't know how it differs 520 * from E9. Maybe it does not erase? However, it will also write to 521 * the CIS. 522 * 523 * When two such commands on the same page follow each other directly, 524 * the second one is not done. 525 */ 526 527 /* 528 * Write Command: 12 bytes. 529 * byte 0: opcode: E9 530 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 531 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 532 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 533 * 534 * If write address equals erase address, the erase is done first, 535 * otherwise the write is done first. When erase address equals zero 536 * no erase is done? 537 */ 538 static int 539 sddr09_writeX(struct us_data *us, 540 unsigned long Waddress, unsigned long Eaddress, 541 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 542 543 unsigned char *command = us->iobuf; 544 int result; 545 546 command[0] = 0xE9; 547 command[1] = LUNBITS; 548 549 command[2] = MSB_of(Waddress>>16); 550 command[3] = LSB_of(Waddress>>16); 551 command[4] = MSB_of(Waddress & 0xFFFF); 552 command[5] = LSB_of(Waddress & 0xFFFF); 553 554 command[6] = MSB_of(Eaddress>>16); 555 command[7] = LSB_of(Eaddress>>16); 556 command[8] = MSB_of(Eaddress & 0xFFFF); 557 command[9] = LSB_of(Eaddress & 0xFFFF); 558 559 command[10] = MSB_of(nr_of_pages); 560 command[11] = LSB_of(nr_of_pages); 561 562 result = sddr09_send_scsi_command(us, command, 12); 563 564 if (result) { 565 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 566 result); 567 return result; 568 } 569 570 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 571 buf, bulklen, use_sg, NULL); 572 573 if (result != USB_STOR_XFER_GOOD) { 574 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 575 result); 576 return -EIO; 577 } 578 return 0; 579 } 580 581 /* erase address, write same address */ 582 static int 583 sddr09_write_inplace(struct us_data *us, unsigned long address, 584 int nr_of_pages, int pageshift, unsigned char *buf, 585 int use_sg) { 586 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 587 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 588 buf, use_sg); 589 } 590 591 #if 0 592 /* 593 * Read Scatter Gather Command: 3+4n bytes. 594 * byte 0: opcode E7 595 * byte 2: n 596 * bytes 4i-1,4i,4i+1: page address 597 * byte 4i+2: page count 598 * (i=1..n) 599 * 600 * This reads several pages from the card to a single memory buffer. 601 * The last two bits of byte 1 have the same meaning as for E8. 602 */ 603 static int 604 sddr09_read_sg_test_only(struct us_data *us) { 605 unsigned char *command = us->iobuf; 606 int result, bulklen, nsg, ct; 607 unsigned char *buf; 608 unsigned long address; 609 610 nsg = bulklen = 0; 611 command[0] = 0xE7; 612 command[1] = LUNBITS; 613 command[2] = 0; 614 address = 040000; ct = 1; 615 nsg++; 616 bulklen += (ct << 9); 617 command[4*nsg+2] = ct; 618 command[4*nsg+1] = ((address >> 9) & 0xFF); 619 command[4*nsg+0] = ((address >> 17) & 0xFF); 620 command[4*nsg-1] = ((address >> 25) & 0xFF); 621 622 address = 0340000; ct = 1; 623 nsg++; 624 bulklen += (ct << 9); 625 command[4*nsg+2] = ct; 626 command[4*nsg+1] = ((address >> 9) & 0xFF); 627 command[4*nsg+0] = ((address >> 17) & 0xFF); 628 command[4*nsg-1] = ((address >> 25) & 0xFF); 629 630 address = 01000000; ct = 2; 631 nsg++; 632 bulklen += (ct << 9); 633 command[4*nsg+2] = ct; 634 command[4*nsg+1] = ((address >> 9) & 0xFF); 635 command[4*nsg+0] = ((address >> 17) & 0xFF); 636 command[4*nsg-1] = ((address >> 25) & 0xFF); 637 638 command[2] = nsg; 639 640 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 641 642 if (result) { 643 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 644 result); 645 return result; 646 } 647 648 buf = kmalloc(bulklen, GFP_NOIO); 649 if (!buf) 650 return -ENOMEM; 651 652 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 653 buf, bulklen, NULL); 654 kfree(buf); 655 if (result != USB_STOR_XFER_GOOD) { 656 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 657 result); 658 return -EIO; 659 } 660 661 return 0; 662 } 663 #endif 664 665 /* 666 * Read Status Command: 12 bytes. 667 * byte 0: opcode: EC 668 * 669 * Returns 64 bytes, all zero except for the first. 670 * bit 0: 1: Error 671 * bit 5: 1: Suspended 672 * bit 6: 1: Ready 673 * bit 7: 1: Not write-protected 674 */ 675 676 static int 677 sddr09_read_status(struct us_data *us, unsigned char *status) { 678 679 unsigned char *command = us->iobuf; 680 unsigned char *data = us->iobuf; 681 int result; 682 683 US_DEBUGP("Reading status...\n"); 684 685 memset(command, 0, 12); 686 command[0] = 0xEC; 687 command[1] = LUNBITS; 688 689 result = sddr09_send_scsi_command(us, command, 12); 690 if (result) 691 return result; 692 693 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 694 data, 64, NULL); 695 *status = data[0]; 696 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 697 } 698 699 static int 700 sddr09_read_data(struct us_data *us, 701 unsigned long address, 702 unsigned int sectors) { 703 704 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 705 unsigned char *buffer; 706 unsigned int lba, maxlba, pba; 707 unsigned int page, pages; 708 unsigned int len, offset; 709 struct scatterlist *sg; 710 int result; 711 712 // Figure out the initial LBA and page 713 lba = address >> info->blockshift; 714 page = (address & info->blockmask); 715 maxlba = info->capacity >> (info->pageshift + info->blockshift); 716 if (lba >= maxlba) 717 return -EIO; 718 719 // Since we only read in one block at a time, we have to create 720 // a bounce buffer and move the data a piece at a time between the 721 // bounce buffer and the actual transfer buffer. 722 723 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 724 buffer = kmalloc(len, GFP_NOIO); 725 if (buffer == NULL) { 726 printk("sddr09_read_data: Out of memory\n"); 727 return -ENOMEM; 728 } 729 730 // This could be made much more efficient by checking for 731 // contiguous LBA's. Another exercise left to the student. 732 733 result = 0; 734 offset = 0; 735 sg = NULL; 736 737 while (sectors > 0) { 738 739 /* Find number of pages we can read in this block */ 740 pages = min(sectors, info->blocksize - page); 741 len = pages << info->pageshift; 742 743 /* Not overflowing capacity? */ 744 if (lba >= maxlba) { 745 US_DEBUGP("Error: Requested lba %u exceeds " 746 "maximum %u\n", lba, maxlba); 747 result = -EIO; 748 break; 749 } 750 751 /* Find where this lba lives on disk */ 752 pba = info->lba_to_pba[lba]; 753 754 if (pba == UNDEF) { /* this lba was never written */ 755 756 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 757 pages, lba, page); 758 759 /* This is not really an error. It just means 760 that the block has never been written. 761 Instead of returning an error 762 it is better to return all zero data. */ 763 764 memset(buffer, 0, len); 765 766 } else { 767 US_DEBUGP("Read %d pages, from PBA %d" 768 " (LBA %d) page %d\n", 769 pages, pba, lba, page); 770 771 address = ((pba << info->blockshift) + page) << 772 info->pageshift; 773 774 result = sddr09_read20(us, address>>1, 775 pages, info->pageshift, buffer, 0); 776 if (result) 777 break; 778 } 779 780 // Store the data in the transfer buffer 781 usb_stor_access_xfer_buf(buffer, len, us->srb, 782 &sg, &offset, TO_XFER_BUF); 783 784 page = 0; 785 lba++; 786 sectors -= pages; 787 } 788 789 kfree(buffer); 790 return result; 791 } 792 793 static unsigned int 794 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 795 static unsigned int lastpba = 1; 796 int zonestart, end, i; 797 798 zonestart = (lba/1000) << 10; 799 end = info->capacity >> (info->blockshift + info->pageshift); 800 end -= zonestart; 801 if (end > 1024) 802 end = 1024; 803 804 for (i = lastpba+1; i < end; i++) { 805 if (info->pba_to_lba[zonestart+i] == UNDEF) { 806 lastpba = i; 807 return zonestart+i; 808 } 809 } 810 for (i = 0; i <= lastpba; i++) { 811 if (info->pba_to_lba[zonestart+i] == UNDEF) { 812 lastpba = i; 813 return zonestart+i; 814 } 815 } 816 return 0; 817 } 818 819 static int 820 sddr09_write_lba(struct us_data *us, unsigned int lba, 821 unsigned int page, unsigned int pages, 822 unsigned char *ptr, unsigned char *blockbuffer) { 823 824 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 825 unsigned long address; 826 unsigned int pba, lbap; 827 unsigned int pagelen; 828 unsigned char *bptr, *cptr, *xptr; 829 unsigned char ecc[3]; 830 int i, result, isnew; 831 832 lbap = ((lba % 1000) << 1) | 0x1000; 833 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 834 lbap ^= 1; 835 pba = info->lba_to_pba[lba]; 836 isnew = 0; 837 838 if (pba == UNDEF) { 839 pba = sddr09_find_unused_pba(info, lba); 840 if (!pba) { 841 printk("sddr09_write_lba: Out of unused blocks\n"); 842 return -ENOSPC; 843 } 844 info->pba_to_lba[pba] = lba; 845 info->lba_to_pba[lba] = pba; 846 isnew = 1; 847 } 848 849 if (pba == 1) { 850 /* Maybe it is impossible to write to PBA 1. 851 Fake success, but don't do anything. */ 852 printk("sddr09: avoid writing to pba 1\n"); 853 return 0; 854 } 855 856 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 857 858 /* read old contents */ 859 address = (pba << (info->pageshift + info->blockshift)); 860 result = sddr09_read22(us, address>>1, info->blocksize, 861 info->pageshift, blockbuffer, 0); 862 if (result) 863 return result; 864 865 /* check old contents and fill lba */ 866 for (i = 0; i < info->blocksize; i++) { 867 bptr = blockbuffer + i*pagelen; 868 cptr = bptr + info->pagesize; 869 nand_compute_ecc(bptr, ecc); 870 if (!nand_compare_ecc(cptr+13, ecc)) { 871 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 872 i, pba); 873 nand_store_ecc(cptr+13, ecc); 874 } 875 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 876 if (!nand_compare_ecc(cptr+8, ecc)) { 877 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 878 i, pba); 879 nand_store_ecc(cptr+8, ecc); 880 } 881 cptr[6] = cptr[11] = MSB_of(lbap); 882 cptr[7] = cptr[12] = LSB_of(lbap); 883 } 884 885 /* copy in new stuff and compute ECC */ 886 xptr = ptr; 887 for (i = page; i < page+pages; i++) { 888 bptr = blockbuffer + i*pagelen; 889 cptr = bptr + info->pagesize; 890 memcpy(bptr, xptr, info->pagesize); 891 xptr += info->pagesize; 892 nand_compute_ecc(bptr, ecc); 893 nand_store_ecc(cptr+13, ecc); 894 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 895 nand_store_ecc(cptr+8, ecc); 896 } 897 898 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 899 900 result = sddr09_write_inplace(us, address>>1, info->blocksize, 901 info->pageshift, blockbuffer, 0); 902 903 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 904 905 #if 0 906 { 907 unsigned char status = 0; 908 int result2 = sddr09_read_status(us, &status); 909 if (result2) 910 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 911 else if (status != 0xc0) 912 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 913 status); 914 } 915 #endif 916 917 #if 0 918 { 919 int result2 = sddr09_test_unit_ready(us); 920 } 921 #endif 922 923 return result; 924 } 925 926 static int 927 sddr09_write_data(struct us_data *us, 928 unsigned long address, 929 unsigned int sectors) { 930 931 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 932 unsigned int lba, maxlba, page, pages; 933 unsigned int pagelen, blocklen; 934 unsigned char *blockbuffer; 935 unsigned char *buffer; 936 unsigned int len, offset; 937 struct scatterlist *sg; 938 int result; 939 940 // Figure out the initial LBA and page 941 lba = address >> info->blockshift; 942 page = (address & info->blockmask); 943 maxlba = info->capacity >> (info->pageshift + info->blockshift); 944 if (lba >= maxlba) 945 return -EIO; 946 947 // blockbuffer is used for reading in the old data, overwriting 948 // with the new data, and performing ECC calculations 949 950 /* TODO: instead of doing kmalloc/kfree for each write, 951 add a bufferpointer to the info structure */ 952 953 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 954 blocklen = (pagelen << info->blockshift); 955 blockbuffer = kmalloc(blocklen, GFP_NOIO); 956 if (!blockbuffer) { 957 printk("sddr09_write_data: Out of memory\n"); 958 return -ENOMEM; 959 } 960 961 // Since we don't write the user data directly to the device, 962 // we have to create a bounce buffer and move the data a piece 963 // at a time between the bounce buffer and the actual transfer buffer. 964 965 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 966 buffer = kmalloc(len, GFP_NOIO); 967 if (buffer == NULL) { 968 printk("sddr09_write_data: Out of memory\n"); 969 kfree(blockbuffer); 970 return -ENOMEM; 971 } 972 973 result = 0; 974 offset = 0; 975 sg = NULL; 976 977 while (sectors > 0) { 978 979 // Write as many sectors as possible in this block 980 981 pages = min(sectors, info->blocksize - page); 982 len = (pages << info->pageshift); 983 984 /* Not overflowing capacity? */ 985 if (lba >= maxlba) { 986 US_DEBUGP("Error: Requested lba %u exceeds " 987 "maximum %u\n", lba, maxlba); 988 result = -EIO; 989 break; 990 } 991 992 // Get the data from the transfer buffer 993 usb_stor_access_xfer_buf(buffer, len, us->srb, 994 &sg, &offset, FROM_XFER_BUF); 995 996 result = sddr09_write_lba(us, lba, page, pages, 997 buffer, blockbuffer); 998 if (result) 999 break; 1000 1001 page = 0; 1002 lba++; 1003 sectors -= pages; 1004 } 1005 1006 kfree(buffer); 1007 kfree(blockbuffer); 1008 1009 return result; 1010 } 1011 1012 static int 1013 sddr09_read_control(struct us_data *us, 1014 unsigned long address, 1015 unsigned int blocks, 1016 unsigned char *content, 1017 int use_sg) { 1018 1019 US_DEBUGP("Read control address %lu, blocks %d\n", 1020 address, blocks); 1021 1022 return sddr09_read21(us, address, blocks, 1023 CONTROL_SHIFT, content, use_sg); 1024 } 1025 1026 /* 1027 * Read Device ID Command: 12 bytes. 1028 * byte 0: opcode: ED 1029 * 1030 * Returns 2 bytes: Manufacturer ID and Device ID. 1031 * On more recent cards 3 bytes: the third byte is an option code A5 1032 * signifying that the secret command to read an 128-bit ID is available. 1033 * On still more recent cards 4 bytes: the fourth byte C0 means that 1034 * a second read ID cmd is available. 1035 */ 1036 static int 1037 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1038 unsigned char *command = us->iobuf; 1039 unsigned char *content = us->iobuf; 1040 int result, i; 1041 1042 memset(command, 0, 12); 1043 command[0] = 0xED; 1044 command[1] = LUNBITS; 1045 1046 result = sddr09_send_scsi_command(us, command, 12); 1047 if (result) 1048 return result; 1049 1050 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1051 content, 64, NULL); 1052 1053 for (i = 0; i < 4; i++) 1054 deviceID[i] = content[i]; 1055 1056 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1057 } 1058 1059 static int 1060 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1061 int result; 1062 unsigned char status; 1063 1064 result = sddr09_read_status(us, &status); 1065 if (result) { 1066 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1067 return result; 1068 } 1069 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1070 if ((status & 0x80) == 0) { 1071 info->flags |= SDDR09_WP; /* write protected */ 1072 US_DEBUGP(" WP"); 1073 } 1074 if (status & 0x40) 1075 US_DEBUGP(" Ready"); 1076 if (status & LUNBITS) 1077 US_DEBUGP(" Suspended"); 1078 if (status & 0x1) 1079 US_DEBUGP(" Error"); 1080 US_DEBUGP("\n"); 1081 return 0; 1082 } 1083 1084 #if 0 1085 /* 1086 * Reset Command: 12 bytes. 1087 * byte 0: opcode: EB 1088 */ 1089 static int 1090 sddr09_reset(struct us_data *us) { 1091 1092 unsigned char *command = us->iobuf; 1093 1094 memset(command, 0, 12); 1095 command[0] = 0xEB; 1096 command[1] = LUNBITS; 1097 1098 return sddr09_send_scsi_command(us, command, 12); 1099 } 1100 #endif 1101 1102 static struct nand_flash_dev * 1103 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1104 struct nand_flash_dev *cardinfo; 1105 unsigned char deviceID[4]; 1106 char blurbtxt[256]; 1107 int result; 1108 1109 US_DEBUGP("Reading capacity...\n"); 1110 1111 result = sddr09_read_deviceID(us, deviceID); 1112 1113 if (result) { 1114 US_DEBUGP("Result of read_deviceID is %d\n", result); 1115 printk("sddr09: could not read card info\n"); 1116 return NULL; 1117 } 1118 1119 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1120 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1121 1122 /* Byte 0 is the manufacturer */ 1123 sprintf(blurbtxt + strlen(blurbtxt), 1124 ": Manuf. %s", 1125 nand_flash_manufacturer(deviceID[0])); 1126 1127 /* Byte 1 is the device type */ 1128 cardinfo = nand_find_id(deviceID[1]); 1129 if (cardinfo) { 1130 /* MB or MiB? It is neither. A 16 MB card has 1131 17301504 raw bytes, of which 16384000 are 1132 usable for user data. */ 1133 sprintf(blurbtxt + strlen(blurbtxt), 1134 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1135 } else { 1136 sprintf(blurbtxt + strlen(blurbtxt), 1137 ", type unrecognized"); 1138 } 1139 1140 /* Byte 2 is code to signal availability of 128-bit ID */ 1141 if (deviceID[2] == 0xa5) { 1142 sprintf(blurbtxt + strlen(blurbtxt), 1143 ", 128-bit ID"); 1144 } 1145 1146 /* Byte 3 announces the availability of another read ID command */ 1147 if (deviceID[3] == 0xc0) { 1148 sprintf(blurbtxt + strlen(blurbtxt), 1149 ", extra cmd"); 1150 } 1151 1152 if (flags & SDDR09_WP) 1153 sprintf(blurbtxt + strlen(blurbtxt), 1154 ", WP"); 1155 1156 printk("%s\n", blurbtxt); 1157 1158 return cardinfo; 1159 } 1160 1161 static int 1162 sddr09_read_map(struct us_data *us) { 1163 1164 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1165 int numblocks, alloc_len, alloc_blocks; 1166 int i, j, result; 1167 unsigned char *buffer, *buffer_end, *ptr; 1168 unsigned int lba, lbact; 1169 1170 if (!info->capacity) 1171 return -1; 1172 1173 // size of a block is 1 << (blockshift + pageshift) bytes 1174 // divide into the total capacity to get the number of blocks 1175 1176 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1177 1178 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1179 // but only use a 64 KB buffer 1180 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1181 #define SDDR09_READ_MAP_BUFSZ 65536 1182 1183 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1184 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1185 buffer = kmalloc(alloc_len, GFP_NOIO); 1186 if (buffer == NULL) { 1187 printk("sddr09_read_map: out of memory\n"); 1188 result = -1; 1189 goto done; 1190 } 1191 buffer_end = buffer + alloc_len; 1192 1193 #undef SDDR09_READ_MAP_BUFSZ 1194 1195 kfree(info->lba_to_pba); 1196 kfree(info->pba_to_lba); 1197 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1198 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1199 1200 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1201 printk("sddr09_read_map: out of memory\n"); 1202 result = -1; 1203 goto done; 1204 } 1205 1206 for (i = 0; i < numblocks; i++) 1207 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1208 1209 /* 1210 * Define lba-pba translation table 1211 */ 1212 1213 ptr = buffer_end; 1214 for (i = 0; i < numblocks; i++) { 1215 ptr += (1 << CONTROL_SHIFT); 1216 if (ptr >= buffer_end) { 1217 unsigned long address; 1218 1219 address = i << (info->pageshift + info->blockshift); 1220 result = sddr09_read_control( 1221 us, address>>1, 1222 min(alloc_blocks, numblocks - i), 1223 buffer, 0); 1224 if (result) { 1225 result = -1; 1226 goto done; 1227 } 1228 ptr = buffer; 1229 } 1230 1231 if (i == 0 || i == 1) { 1232 info->pba_to_lba[i] = UNUSABLE; 1233 continue; 1234 } 1235 1236 /* special PBAs have control field 0^16 */ 1237 for (j = 0; j < 16; j++) 1238 if (ptr[j] != 0) 1239 goto nonz; 1240 info->pba_to_lba[i] = UNUSABLE; 1241 printk("sddr09: PBA %d has no logical mapping\n", i); 1242 continue; 1243 1244 nonz: 1245 /* unwritten PBAs have control field FF^16 */ 1246 for (j = 0; j < 16; j++) 1247 if (ptr[j] != 0xff) 1248 goto nonff; 1249 continue; 1250 1251 nonff: 1252 /* normal PBAs start with six FFs */ 1253 if (j < 6) { 1254 printk("sddr09: PBA %d has no logical mapping: " 1255 "reserved area = %02X%02X%02X%02X " 1256 "data status %02X block status %02X\n", 1257 i, ptr[0], ptr[1], ptr[2], ptr[3], 1258 ptr[4], ptr[5]); 1259 info->pba_to_lba[i] = UNUSABLE; 1260 continue; 1261 } 1262 1263 if ((ptr[6] >> 4) != 0x01) { 1264 printk("sddr09: PBA %d has invalid address field " 1265 "%02X%02X/%02X%02X\n", 1266 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1267 info->pba_to_lba[i] = UNUSABLE; 1268 continue; 1269 } 1270 1271 /* check even parity */ 1272 if (parity[ptr[6] ^ ptr[7]]) { 1273 printk("sddr09: Bad parity in LBA for block %d" 1274 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1275 info->pba_to_lba[i] = UNUSABLE; 1276 continue; 1277 } 1278 1279 lba = short_pack(ptr[7], ptr[6]); 1280 lba = (lba & 0x07FF) >> 1; 1281 1282 /* 1283 * Every 1024 physical blocks ("zone"), the LBA numbers 1284 * go back to zero, but are within a higher block of LBA's. 1285 * Also, there is a maximum of 1000 LBA's per zone. 1286 * In other words, in PBA 1024-2047 you will find LBA 0-999 1287 * which are really LBA 1000-1999. This allows for 24 bad 1288 * or special physical blocks per zone. 1289 */ 1290 1291 if (lba >= 1000) { 1292 printk("sddr09: Bad low LBA %d for block %d\n", 1293 lba, i); 1294 goto possibly_erase; 1295 } 1296 1297 lba += 1000*(i/0x400); 1298 1299 if (info->lba_to_pba[lba] != UNDEF) { 1300 printk("sddr09: LBA %d seen for PBA %d and %d\n", 1301 lba, info->lba_to_pba[lba], i); 1302 goto possibly_erase; 1303 } 1304 1305 info->pba_to_lba[i] = lba; 1306 info->lba_to_pba[lba] = i; 1307 continue; 1308 1309 possibly_erase: 1310 if (erase_bad_lba_entries) { 1311 unsigned long address; 1312 1313 address = (i << (info->pageshift + info->blockshift)); 1314 sddr09_erase(us, address>>1); 1315 info->pba_to_lba[i] = UNDEF; 1316 } else 1317 info->pba_to_lba[i] = UNUSABLE; 1318 } 1319 1320 /* 1321 * Approximate capacity. This is not entirely correct yet, 1322 * since a zone with less than 1000 usable pages leads to 1323 * missing LBAs. Especially if it is the last zone, some 1324 * LBAs can be past capacity. 1325 */ 1326 lbact = 0; 1327 for (i = 0; i < numblocks; i += 1024) { 1328 int ct = 0; 1329 1330 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1331 if (info->pba_to_lba[i+j] != UNUSABLE) { 1332 if (ct >= 1000) 1333 info->pba_to_lba[i+j] = SPARE; 1334 else 1335 ct++; 1336 } 1337 } 1338 lbact += ct; 1339 } 1340 info->lbact = lbact; 1341 US_DEBUGP("Found %d LBA's\n", lbact); 1342 result = 0; 1343 1344 done: 1345 if (result != 0) { 1346 kfree(info->lba_to_pba); 1347 kfree(info->pba_to_lba); 1348 info->lba_to_pba = NULL; 1349 info->pba_to_lba = NULL; 1350 } 1351 kfree(buffer); 1352 return result; 1353 } 1354 1355 static void 1356 sddr09_card_info_destructor(void *extra) { 1357 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1358 1359 if (!info) 1360 return; 1361 1362 kfree(info->lba_to_pba); 1363 kfree(info->pba_to_lba); 1364 } 1365 1366 static int 1367 sddr09_common_init(struct us_data *us) { 1368 int result; 1369 1370 /* set the configuration -- STALL is an acceptable response here */ 1371 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1372 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1373 ->actconfig->desc.bConfigurationValue); 1374 return -EINVAL; 1375 } 1376 1377 result = usb_reset_configuration(us->pusb_dev); 1378 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1379 if (result == -EPIPE) { 1380 US_DEBUGP("-- stall on control interface\n"); 1381 } else if (result != 0) { 1382 /* it's not a stall, but another error -- time to bail */ 1383 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1384 return -EINVAL; 1385 } 1386 1387 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1388 if (!us->extra) 1389 return -ENOMEM; 1390 us->extra_destructor = sddr09_card_info_destructor; 1391 1392 nand_init_ecc(); 1393 return 0; 1394 } 1395 1396 1397 /* 1398 * This is needed at a very early stage. If this is not listed in the 1399 * unusual devices list but called from here then LUN 0 of the combo reader 1400 * is not recognized. But I do not know what precisely these calls do. 1401 */ 1402 int 1403 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1404 int result; 1405 unsigned char *data = us->iobuf; 1406 1407 result = sddr09_common_init(us); 1408 if (result) 1409 return result; 1410 1411 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1412 if (result) { 1413 US_DEBUGP("sddr09_init: send_command fails\n"); 1414 return result; 1415 } 1416 1417 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1418 // get 07 02 1419 1420 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1421 if (result) { 1422 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1423 return result; 1424 } 1425 1426 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1427 // get 07 00 1428 1429 result = sddr09_request_sense(us, data, 18); 1430 if (result == 0 && data[2] != 0) { 1431 int j; 1432 for (j=0; j<18; j++) 1433 printk(" %02X", data[j]); 1434 printk("\n"); 1435 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1436 // 70: current command 1437 // sense key 0, sense code 0, extd sense code 0 1438 // additional transfer length * = sizeof(data) - 7 1439 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1440 // sense key 06, sense code 28: unit attention, 1441 // not ready to ready transition 1442 } 1443 1444 // test unit ready 1445 1446 return 0; /* not result */ 1447 } 1448 1449 /* 1450 * Transport for the Sandisk SDDR-09 1451 */ 1452 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1453 { 1454 static unsigned char sensekey = 0, sensecode = 0; 1455 static unsigned char havefakesense = 0; 1456 int result, i; 1457 unsigned char *ptr = us->iobuf; 1458 unsigned long capacity; 1459 unsigned int page, pages; 1460 1461 struct sddr09_card_info *info; 1462 1463 static unsigned char inquiry_response[8] = { 1464 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1465 }; 1466 1467 /* note: no block descriptor support */ 1468 static unsigned char mode_page_01[19] = { 1469 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1470 0x01, 0x0A, 1471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1472 }; 1473 1474 info = (struct sddr09_card_info *)us->extra; 1475 1476 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1477 /* for a faked command, we have to follow with a faked sense */ 1478 memset(ptr, 0, 18); 1479 ptr[0] = 0x70; 1480 ptr[2] = sensekey; 1481 ptr[7] = 11; 1482 ptr[12] = sensecode; 1483 usb_stor_set_xfer_buf(ptr, 18, srb); 1484 sensekey = sensecode = havefakesense = 0; 1485 return USB_STOR_TRANSPORT_GOOD; 1486 } 1487 1488 havefakesense = 1; 1489 1490 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1491 respond to INQUIRY commands */ 1492 1493 if (srb->cmnd[0] == INQUIRY) { 1494 memcpy(ptr, inquiry_response, 8); 1495 fill_inquiry_response(us, ptr, 36); 1496 return USB_STOR_TRANSPORT_GOOD; 1497 } 1498 1499 if (srb->cmnd[0] == READ_CAPACITY) { 1500 struct nand_flash_dev *cardinfo; 1501 1502 sddr09_get_wp(us, info); /* read WP bit */ 1503 1504 cardinfo = sddr09_get_cardinfo(us, info->flags); 1505 if (!cardinfo) { 1506 /* probably no media */ 1507 init_error: 1508 sensekey = 0x02; /* not ready */ 1509 sensecode = 0x3a; /* medium not present */ 1510 return USB_STOR_TRANSPORT_FAILED; 1511 } 1512 1513 info->capacity = (1 << cardinfo->chipshift); 1514 info->pageshift = cardinfo->pageshift; 1515 info->pagesize = (1 << info->pageshift); 1516 info->blockshift = cardinfo->blockshift; 1517 info->blocksize = (1 << info->blockshift); 1518 info->blockmask = info->blocksize - 1; 1519 1520 // map initialization, must follow get_cardinfo() 1521 if (sddr09_read_map(us)) { 1522 /* probably out of memory */ 1523 goto init_error; 1524 } 1525 1526 // Report capacity 1527 1528 capacity = (info->lbact << info->blockshift) - 1; 1529 1530 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1531 1532 // Report page size 1533 1534 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1535 usb_stor_set_xfer_buf(ptr, 8, srb); 1536 1537 return USB_STOR_TRANSPORT_GOOD; 1538 } 1539 1540 if (srb->cmnd[0] == MODE_SENSE_10) { 1541 int modepage = (srb->cmnd[2] & 0x3F); 1542 1543 /* They ask for the Read/Write error recovery page, 1544 or for all pages. */ 1545 /* %% We should check DBD %% */ 1546 if (modepage == 0x01 || modepage == 0x3F) { 1547 US_DEBUGP("SDDR09: Dummy up request for " 1548 "mode page 0x%x\n", modepage); 1549 1550 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1551 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1552 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1553 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1554 return USB_STOR_TRANSPORT_GOOD; 1555 } 1556 1557 sensekey = 0x05; /* illegal request */ 1558 sensecode = 0x24; /* invalid field in CDB */ 1559 return USB_STOR_TRANSPORT_FAILED; 1560 } 1561 1562 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1563 return USB_STOR_TRANSPORT_GOOD; 1564 1565 havefakesense = 0; 1566 1567 if (srb->cmnd[0] == READ_10) { 1568 1569 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1570 page <<= 16; 1571 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1572 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1573 1574 US_DEBUGP("READ_10: read page %d pagect %d\n", 1575 page, pages); 1576 1577 result = sddr09_read_data(us, page, pages); 1578 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1579 USB_STOR_TRANSPORT_ERROR); 1580 } 1581 1582 if (srb->cmnd[0] == WRITE_10) { 1583 1584 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1585 page <<= 16; 1586 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1587 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1588 1589 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1590 page, pages); 1591 1592 result = sddr09_write_data(us, page, pages); 1593 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1594 USB_STOR_TRANSPORT_ERROR); 1595 } 1596 1597 /* catch-all for all other commands, except 1598 * pass TEST_UNIT_READY and REQUEST_SENSE through 1599 */ 1600 if (srb->cmnd[0] != TEST_UNIT_READY && 1601 srb->cmnd[0] != REQUEST_SENSE) { 1602 sensekey = 0x05; /* illegal request */ 1603 sensecode = 0x20; /* invalid command */ 1604 havefakesense = 1; 1605 return USB_STOR_TRANSPORT_FAILED; 1606 } 1607 1608 for (; srb->cmd_len<12; srb->cmd_len++) 1609 srb->cmnd[srb->cmd_len] = 0; 1610 1611 srb->cmnd[1] = LUNBITS; 1612 1613 ptr[0] = 0; 1614 for (i=0; i<12; i++) 1615 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1616 1617 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1618 1619 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1620 if (result) { 1621 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1622 "returns %d\n", result); 1623 return USB_STOR_TRANSPORT_ERROR; 1624 } 1625 1626 if (scsi_bufflen(srb) == 0) 1627 return USB_STOR_TRANSPORT_GOOD; 1628 1629 if (srb->sc_data_direction == DMA_TO_DEVICE || 1630 srb->sc_data_direction == DMA_FROM_DEVICE) { 1631 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1632 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1633 1634 US_DEBUGP("SDDR09: %s %d bytes\n", 1635 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1636 "sending" : "receiving", 1637 scsi_bufflen(srb)); 1638 1639 result = usb_stor_bulk_srb(us, pipe, srb); 1640 1641 return (result == USB_STOR_XFER_GOOD ? 1642 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1643 } 1644 1645 return USB_STOR_TRANSPORT_GOOD; 1646 } 1647 1648 /* 1649 * Initialization routine for the sddr09 subdriver 1650 */ 1651 int 1652 usb_stor_sddr09_init(struct us_data *us) { 1653 return sddr09_common_init(us); 1654 } 1655