xref: /openbmc/linux/drivers/usb/storage/sddr09.c (revision e983940270f10fe8551baf0098be76ea478294a3)
1 /*
2  * Driver for SanDisk SDDR-09 SmartMedia reader
3  *
4  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
6  * Developed with the assistance of:
7  *   (c) 2002 Alan Stern <stern@rowland.org>
8  *
9  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10  * This chip is a programmable USB controller. In the SDDR-09, it has
11  * been programmed to obey a certain limited set of SCSI commands.
12  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
13  * commands.
14  *
15  * This program is free software; you can redistribute it and/or modify it
16  * under the terms of the GNU General Public License as published by the
17  * Free Software Foundation; either version 2, or (at your option) any
18  * later version.
19  *
20  * This program is distributed in the hope that it will be useful, but
21  * WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
23  * General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License along
26  * with this program; if not, write to the Free Software Foundation, Inc.,
27  * 675 Mass Ave, Cambridge, MA 02139, USA.
28  */
29 
30 /*
31  * Known vendor commands: 12 bytes, first byte is opcode
32  *
33  * E7: read scatter gather
34  * E8: read
35  * E9: write
36  * EA: erase
37  * EB: reset
38  * EC: read status
39  * ED: read ID
40  * EE: write CIS (?)
41  * EF: compute checksum (?)
42  */
43 
44 #include <linux/errno.h>
45 #include <linux/module.h>
46 #include <linux/slab.h>
47 
48 #include <scsi/scsi.h>
49 #include <scsi/scsi_cmnd.h>
50 #include <scsi/scsi_device.h>
51 
52 #include "usb.h"
53 #include "transport.h"
54 #include "protocol.h"
55 #include "debug.h"
56 #include "scsiglue.h"
57 
58 #define DRV_NAME "ums-sddr09"
59 
60 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
61 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
62 MODULE_LICENSE("GPL");
63 
64 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
65 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
66 static int usb_stor_sddr09_init(struct us_data *us);
67 
68 
69 /*
70  * The table of devices
71  */
72 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
73 		    vendorName, productName, useProtocol, useTransport, \
74 		    initFunction, flags) \
75 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
76   .driver_info = (flags) }
77 
78 static struct usb_device_id sddr09_usb_ids[] = {
79 #	include "unusual_sddr09.h"
80 	{ }		/* Terminating entry */
81 };
82 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
83 
84 #undef UNUSUAL_DEV
85 
86 /*
87  * The flags table
88  */
89 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
90 		    vendor_name, product_name, use_protocol, use_transport, \
91 		    init_function, Flags) \
92 { \
93 	.vendorName = vendor_name,	\
94 	.productName = product_name,	\
95 	.useProtocol = use_protocol,	\
96 	.useTransport = use_transport,	\
97 	.initFunction = init_function,	\
98 }
99 
100 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
101 #	include "unusual_sddr09.h"
102 	{ }		/* Terminating entry */
103 };
104 
105 #undef UNUSUAL_DEV
106 
107 
108 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
109 #define LSB_of(s) ((s)&0xFF)
110 #define MSB_of(s) ((s)>>8)
111 
112 /*
113  * First some stuff that does not belong here:
114  * data on SmartMedia and other cards, completely
115  * unrelated to this driver.
116  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
117  */
118 
119 struct nand_flash_dev {
120 	int model_id;
121 	int chipshift;		/* 1<<cs bytes total capacity */
122 	char pageshift;		/* 1<<ps bytes in a page */
123 	char blockshift;	/* 1<<bs pages in an erase block */
124 	char zoneshift;		/* 1<<zs blocks in a zone */
125 				/* # of logical blocks is 125/128 of this */
126 	char pageadrlen;	/* length of an address in bytes - 1 */
127 };
128 
129 /*
130  * NAND Flash Manufacturer ID Codes
131  */
132 #define NAND_MFR_AMD		0x01
133 #define NAND_MFR_NATSEMI	0x8f
134 #define NAND_MFR_TOSHIBA	0x98
135 #define NAND_MFR_SAMSUNG	0xec
136 
137 static inline char *nand_flash_manufacturer(int manuf_id) {
138 	switch(manuf_id) {
139 	case NAND_MFR_AMD:
140 		return "AMD";
141 	case NAND_MFR_NATSEMI:
142 		return "NATSEMI";
143 	case NAND_MFR_TOSHIBA:
144 		return "Toshiba";
145 	case NAND_MFR_SAMSUNG:
146 		return "Samsung";
147 	default:
148 		return "unknown";
149 	}
150 }
151 
152 /*
153  * It looks like it is unnecessary to attach manufacturer to the
154  * remaining data: SSFDC prescribes manufacturer-independent id codes.
155  *
156  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
157  */
158 
159 static struct nand_flash_dev nand_flash_ids[] = {
160 	/* NAND flash */
161 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
162 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
163 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
164 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
165 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
166 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
167 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
168 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
169 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
170 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
171 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
172 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
173 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
174 
175 	/* MASK ROM */
176 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
177 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
178 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
179 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
180 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
181 	{ 0,}
182 };
183 
184 static struct nand_flash_dev *
185 nand_find_id(unsigned char id) {
186 	int i;
187 
188 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
189 		if (nand_flash_ids[i].model_id == id)
190 			return &(nand_flash_ids[i]);
191 	return NULL;
192 }
193 
194 /*
195  * ECC computation.
196  */
197 static unsigned char parity[256];
198 static unsigned char ecc2[256];
199 
200 static void nand_init_ecc(void) {
201 	int i, j, a;
202 
203 	parity[0] = 0;
204 	for (i = 1; i < 256; i++)
205 		parity[i] = (parity[i&(i-1)] ^ 1);
206 
207 	for (i = 0; i < 256; i++) {
208 		a = 0;
209 		for (j = 0; j < 8; j++) {
210 			if (i & (1<<j)) {
211 				if ((j & 1) == 0)
212 					a ^= 0x04;
213 				if ((j & 2) == 0)
214 					a ^= 0x10;
215 				if ((j & 4) == 0)
216 					a ^= 0x40;
217 			}
218 		}
219 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
220 	}
221 }
222 
223 /* compute 3-byte ecc on 256 bytes */
224 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
225 	int i, j, a;
226 	unsigned char par = 0, bit, bits[8] = {0};
227 
228 	/* collect 16 checksum bits */
229 	for (i = 0; i < 256; i++) {
230 		par ^= data[i];
231 		bit = parity[data[i]];
232 		for (j = 0; j < 8; j++)
233 			if ((i & (1<<j)) == 0)
234 				bits[j] ^= bit;
235 	}
236 
237 	/* put 4+4+4 = 12 bits in the ecc */
238 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
239 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
240 
241 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
242 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
243 
244 	ecc[2] = ecc2[par];
245 }
246 
247 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
248 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
249 }
250 
251 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
252 	memcpy(data, ecc, 3);
253 }
254 
255 /*
256  * The actual driver starts here.
257  */
258 
259 struct sddr09_card_info {
260 	unsigned long	capacity;	/* Size of card in bytes */
261 	int		pagesize;	/* Size of page in bytes */
262 	int		pageshift;	/* log2 of pagesize */
263 	int		blocksize;	/* Size of block in pages */
264 	int		blockshift;	/* log2 of blocksize */
265 	int		blockmask;	/* 2^blockshift - 1 */
266 	int		*lba_to_pba;	/* logical to physical map */
267 	int		*pba_to_lba;	/* physical to logical map */
268 	int		lbact;		/* number of available pages */
269 	int		flags;
270 #define	SDDR09_WP	1		/* write protected */
271 };
272 
273 /*
274  * On my 16MB card, control blocks have size 64 (16 real control bytes,
275  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
276  * so the reader makes up the remaining 48. Don't know whether these numbers
277  * depend on the card. For now a constant.
278  */
279 #define CONTROL_SHIFT 6
280 
281 /*
282  * On my Combo CF/SM reader, the SM reader has LUN 1.
283  * (and things fail with LUN 0).
284  * It seems LUN is irrelevant for others.
285  */
286 #define LUN	1
287 #define	LUNBITS	(LUN << 5)
288 
289 /*
290  * LBA and PBA are unsigned ints. Special values.
291  */
292 #define UNDEF    0xffffffff
293 #define SPARE    0xfffffffe
294 #define UNUSABLE 0xfffffffd
295 
296 static const int erase_bad_lba_entries = 0;
297 
298 /* send vendor interface command (0x41) */
299 /* called for requests 0, 1, 8 */
300 static int
301 sddr09_send_command(struct us_data *us,
302 		    unsigned char request,
303 		    unsigned char direction,
304 		    unsigned char *xfer_data,
305 		    unsigned int xfer_len) {
306 	unsigned int pipe;
307 	unsigned char requesttype = (0x41 | direction);
308 	int rc;
309 
310 	// Get the receive or send control pipe number
311 
312 	if (direction == USB_DIR_IN)
313 		pipe = us->recv_ctrl_pipe;
314 	else
315 		pipe = us->send_ctrl_pipe;
316 
317 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
318 				   0, 0, xfer_data, xfer_len);
319 	switch (rc) {
320 		case USB_STOR_XFER_GOOD:	return 0;
321 		case USB_STOR_XFER_STALLED:	return -EPIPE;
322 		default:			return -EIO;
323 	}
324 }
325 
326 static int
327 sddr09_send_scsi_command(struct us_data *us,
328 			 unsigned char *command,
329 			 unsigned int command_len) {
330 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
331 }
332 
333 #if 0
334 /*
335  * Test Unit Ready Command: 12 bytes.
336  * byte 0: opcode: 00
337  */
338 static int
339 sddr09_test_unit_ready(struct us_data *us) {
340 	unsigned char *command = us->iobuf;
341 	int result;
342 
343 	memset(command, 0, 6);
344 	command[1] = LUNBITS;
345 
346 	result = sddr09_send_scsi_command(us, command, 6);
347 
348 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
349 
350 	return result;
351 }
352 #endif
353 
354 /*
355  * Request Sense Command: 12 bytes.
356  * byte 0: opcode: 03
357  * byte 4: data length
358  */
359 static int
360 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
361 	unsigned char *command = us->iobuf;
362 	int result;
363 
364 	memset(command, 0, 12);
365 	command[0] = 0x03;
366 	command[1] = LUNBITS;
367 	command[4] = buflen;
368 
369 	result = sddr09_send_scsi_command(us, command, 12);
370 	if (result)
371 		return result;
372 
373 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
374 			sensebuf, buflen, NULL);
375 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
376 }
377 
378 /*
379  * Read Command: 12 bytes.
380  * byte 0: opcode: E8
381  * byte 1: last two bits: 00: read data, 01: read blockwise control,
382  *			10: read both, 11: read pagewise control.
383  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
384  * bytes 2-5: address (interpretation depends on byte 1, see below)
385  * bytes 10-11: count (idem)
386  *
387  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
388  * A read data command gets data in 512-byte pages.
389  * A read control command gets control in 64-byte chunks.
390  * A read both command gets data+control in 576-byte chunks.
391  *
392  * Blocks are groups of 32 pages, and read blockwise control jumps to the
393  * next block, while read pagewise control jumps to the next page after
394  * reading a group of 64 control bytes.
395  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
396  *
397  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
398  */
399 
400 static int
401 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
402 	     int nr_of_pages, int bulklen, unsigned char *buf,
403 	     int use_sg) {
404 
405 	unsigned char *command = us->iobuf;
406 	int result;
407 
408 	command[0] = 0xE8;
409 	command[1] = LUNBITS | x;
410 	command[2] = MSB_of(fromaddress>>16);
411 	command[3] = LSB_of(fromaddress>>16);
412 	command[4] = MSB_of(fromaddress & 0xFFFF);
413 	command[5] = LSB_of(fromaddress & 0xFFFF);
414 	command[6] = 0;
415 	command[7] = 0;
416 	command[8] = 0;
417 	command[9] = 0;
418 	command[10] = MSB_of(nr_of_pages);
419 	command[11] = LSB_of(nr_of_pages);
420 
421 	result = sddr09_send_scsi_command(us, command, 12);
422 
423 	if (result) {
424 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
425 			     x, result);
426 		return result;
427 	}
428 
429 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
430 				       buf, bulklen, use_sg, NULL);
431 
432 	if (result != USB_STOR_XFER_GOOD) {
433 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
434 			     x, result);
435 		return -EIO;
436 	}
437 	return 0;
438 }
439 
440 /*
441  * Read Data
442  *
443  * fromaddress counts data shorts:
444  * increasing it by 256 shifts the bytestream by 512 bytes;
445  * the last 8 bits are ignored.
446  *
447  * nr_of_pages counts pages of size (1 << pageshift).
448  */
449 static int
450 sddr09_read20(struct us_data *us, unsigned long fromaddress,
451 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
452 	int bulklen = nr_of_pages << pageshift;
453 
454 	/* The last 8 bits of fromaddress are ignored. */
455 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
456 			    buf, use_sg);
457 }
458 
459 /*
460  * Read Blockwise Control
461  *
462  * fromaddress gives the starting position (as in read data;
463  * the last 8 bits are ignored); increasing it by 32*256 shifts
464  * the output stream by 64 bytes.
465  *
466  * count counts control groups of size (1 << controlshift).
467  * For me, controlshift = 6. Is this constant?
468  *
469  * After getting one control group, jump to the next block
470  * (fromaddress += 8192).
471  */
472 static int
473 sddr09_read21(struct us_data *us, unsigned long fromaddress,
474 	      int count, int controlshift, unsigned char *buf, int use_sg) {
475 
476 	int bulklen = (count << controlshift);
477 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
478 			    buf, use_sg);
479 }
480 
481 /*
482  * Read both Data and Control
483  *
484  * fromaddress counts data shorts, ignoring control:
485  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
486  * the last 8 bits are ignored.
487  *
488  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
489  */
490 static int
491 sddr09_read22(struct us_data *us, unsigned long fromaddress,
492 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
493 
494 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
495 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
496 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
497 			    buf, use_sg);
498 }
499 
500 #if 0
501 /*
502  * Read Pagewise Control
503  *
504  * fromaddress gives the starting position (as in read data;
505  * the last 8 bits are ignored); increasing it by 256 shifts
506  * the output stream by 64 bytes.
507  *
508  * count counts control groups of size (1 << controlshift).
509  * For me, controlshift = 6. Is this constant?
510  *
511  * After getting one control group, jump to the next page
512  * (fromaddress += 256).
513  */
514 static int
515 sddr09_read23(struct us_data *us, unsigned long fromaddress,
516 	      int count, int controlshift, unsigned char *buf, int use_sg) {
517 
518 	int bulklen = (count << controlshift);
519 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
520 			    buf, use_sg);
521 }
522 #endif
523 
524 /*
525  * Erase Command: 12 bytes.
526  * byte 0: opcode: EA
527  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
528  *
529  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
530  * The byte address being erased is 2*Eaddress.
531  * The CIS cannot be erased.
532  */
533 static int
534 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
535 	unsigned char *command = us->iobuf;
536 	int result;
537 
538 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
539 
540 	memset(command, 0, 12);
541 	command[0] = 0xEA;
542 	command[1] = LUNBITS;
543 	command[6] = MSB_of(Eaddress>>16);
544 	command[7] = LSB_of(Eaddress>>16);
545 	command[8] = MSB_of(Eaddress & 0xFFFF);
546 	command[9] = LSB_of(Eaddress & 0xFFFF);
547 
548 	result = sddr09_send_scsi_command(us, command, 12);
549 
550 	if (result)
551 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
552 			     result);
553 
554 	return result;
555 }
556 
557 /*
558  * Write CIS Command: 12 bytes.
559  * byte 0: opcode: EE
560  * bytes 2-5: write address in shorts
561  * bytes 10-11: sector count
562  *
563  * This writes at the indicated address. Don't know how it differs
564  * from E9. Maybe it does not erase? However, it will also write to
565  * the CIS.
566  *
567  * When two such commands on the same page follow each other directly,
568  * the second one is not done.
569  */
570 
571 /*
572  * Write Command: 12 bytes.
573  * byte 0: opcode: E9
574  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
575  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
576  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
577  *
578  * If write address equals erase address, the erase is done first,
579  * otherwise the write is done first. When erase address equals zero
580  * no erase is done?
581  */
582 static int
583 sddr09_writeX(struct us_data *us,
584 	      unsigned long Waddress, unsigned long Eaddress,
585 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
586 
587 	unsigned char *command = us->iobuf;
588 	int result;
589 
590 	command[0] = 0xE9;
591 	command[1] = LUNBITS;
592 
593 	command[2] = MSB_of(Waddress>>16);
594 	command[3] = LSB_of(Waddress>>16);
595 	command[4] = MSB_of(Waddress & 0xFFFF);
596 	command[5] = LSB_of(Waddress & 0xFFFF);
597 
598 	command[6] = MSB_of(Eaddress>>16);
599 	command[7] = LSB_of(Eaddress>>16);
600 	command[8] = MSB_of(Eaddress & 0xFFFF);
601 	command[9] = LSB_of(Eaddress & 0xFFFF);
602 
603 	command[10] = MSB_of(nr_of_pages);
604 	command[11] = LSB_of(nr_of_pages);
605 
606 	result = sddr09_send_scsi_command(us, command, 12);
607 
608 	if (result) {
609 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
610 			     result);
611 		return result;
612 	}
613 
614 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
615 				       buf, bulklen, use_sg, NULL);
616 
617 	if (result != USB_STOR_XFER_GOOD) {
618 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
619 			     result);
620 		return -EIO;
621 	}
622 	return 0;
623 }
624 
625 /* erase address, write same address */
626 static int
627 sddr09_write_inplace(struct us_data *us, unsigned long address,
628 		     int nr_of_pages, int pageshift, unsigned char *buf,
629 		     int use_sg) {
630 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
631 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
632 			     buf, use_sg);
633 }
634 
635 #if 0
636 /*
637  * Read Scatter Gather Command: 3+4n bytes.
638  * byte 0: opcode E7
639  * byte 2: n
640  * bytes 4i-1,4i,4i+1: page address
641  * byte 4i+2: page count
642  * (i=1..n)
643  *
644  * This reads several pages from the card to a single memory buffer.
645  * The last two bits of byte 1 have the same meaning as for E8.
646  */
647 static int
648 sddr09_read_sg_test_only(struct us_data *us) {
649 	unsigned char *command = us->iobuf;
650 	int result, bulklen, nsg, ct;
651 	unsigned char *buf;
652 	unsigned long address;
653 
654 	nsg = bulklen = 0;
655 	command[0] = 0xE7;
656 	command[1] = LUNBITS;
657 	command[2] = 0;
658 	address = 040000; ct = 1;
659 	nsg++;
660 	bulklen += (ct << 9);
661 	command[4*nsg+2] = ct;
662 	command[4*nsg+1] = ((address >> 9) & 0xFF);
663 	command[4*nsg+0] = ((address >> 17) & 0xFF);
664 	command[4*nsg-1] = ((address >> 25) & 0xFF);
665 
666 	address = 0340000; ct = 1;
667 	nsg++;
668 	bulklen += (ct << 9);
669 	command[4*nsg+2] = ct;
670 	command[4*nsg+1] = ((address >> 9) & 0xFF);
671 	command[4*nsg+0] = ((address >> 17) & 0xFF);
672 	command[4*nsg-1] = ((address >> 25) & 0xFF);
673 
674 	address = 01000000; ct = 2;
675 	nsg++;
676 	bulklen += (ct << 9);
677 	command[4*nsg+2] = ct;
678 	command[4*nsg+1] = ((address >> 9) & 0xFF);
679 	command[4*nsg+0] = ((address >> 17) & 0xFF);
680 	command[4*nsg-1] = ((address >> 25) & 0xFF);
681 
682 	command[2] = nsg;
683 
684 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
685 
686 	if (result) {
687 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
688 			     result);
689 		return result;
690 	}
691 
692 	buf = kmalloc(bulklen, GFP_NOIO);
693 	if (!buf)
694 		return -ENOMEM;
695 
696 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
697 				       buf, bulklen, NULL);
698 	kfree(buf);
699 	if (result != USB_STOR_XFER_GOOD) {
700 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
701 			     result);
702 		return -EIO;
703 	}
704 
705 	return 0;
706 }
707 #endif
708 
709 /*
710  * Read Status Command: 12 bytes.
711  * byte 0: opcode: EC
712  *
713  * Returns 64 bytes, all zero except for the first.
714  * bit 0: 1: Error
715  * bit 5: 1: Suspended
716  * bit 6: 1: Ready
717  * bit 7: 1: Not write-protected
718  */
719 
720 static int
721 sddr09_read_status(struct us_data *us, unsigned char *status) {
722 
723 	unsigned char *command = us->iobuf;
724 	unsigned char *data = us->iobuf;
725 	int result;
726 
727 	usb_stor_dbg(us, "Reading status...\n");
728 
729 	memset(command, 0, 12);
730 	command[0] = 0xEC;
731 	command[1] = LUNBITS;
732 
733 	result = sddr09_send_scsi_command(us, command, 12);
734 	if (result)
735 		return result;
736 
737 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
738 				       data, 64, NULL);
739 	*status = data[0];
740 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
741 }
742 
743 static int
744 sddr09_read_data(struct us_data *us,
745 		 unsigned long address,
746 		 unsigned int sectors) {
747 
748 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
749 	unsigned char *buffer;
750 	unsigned int lba, maxlba, pba;
751 	unsigned int page, pages;
752 	unsigned int len, offset;
753 	struct scatterlist *sg;
754 	int result;
755 
756 	// Figure out the initial LBA and page
757 	lba = address >> info->blockshift;
758 	page = (address & info->blockmask);
759 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
760 	if (lba >= maxlba)
761 		return -EIO;
762 
763 	// Since we only read in one block at a time, we have to create
764 	// a bounce buffer and move the data a piece at a time between the
765 	// bounce buffer and the actual transfer buffer.
766 
767 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
768 	buffer = kmalloc(len, GFP_NOIO);
769 	if (!buffer)
770 		return -ENOMEM;
771 
772 	// This could be made much more efficient by checking for
773 	// contiguous LBA's. Another exercise left to the student.
774 
775 	result = 0;
776 	offset = 0;
777 	sg = NULL;
778 
779 	while (sectors > 0) {
780 
781 		/* Find number of pages we can read in this block */
782 		pages = min(sectors, info->blocksize - page);
783 		len = pages << info->pageshift;
784 
785 		/* Not overflowing capacity? */
786 		if (lba >= maxlba) {
787 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
788 				     lba, maxlba);
789 			result = -EIO;
790 			break;
791 		}
792 
793 		/* Find where this lba lives on disk */
794 		pba = info->lba_to_pba[lba];
795 
796 		if (pba == UNDEF) {	/* this lba was never written */
797 
798 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
799 				     pages, lba, page);
800 
801 			/*
802 			 * This is not really an error. It just means
803 			 * that the block has never been written.
804 			 * Instead of returning an error
805 			 * it is better to return all zero data.
806 			 */
807 
808 			memset(buffer, 0, len);
809 
810 		} else {
811 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
812 				     pages, pba, lba, page);
813 
814 			address = ((pba << info->blockshift) + page) <<
815 				info->pageshift;
816 
817 			result = sddr09_read20(us, address>>1,
818 					pages, info->pageshift, buffer, 0);
819 			if (result)
820 				break;
821 		}
822 
823 		// Store the data in the transfer buffer
824 		usb_stor_access_xfer_buf(buffer, len, us->srb,
825 				&sg, &offset, TO_XFER_BUF);
826 
827 		page = 0;
828 		lba++;
829 		sectors -= pages;
830 	}
831 
832 	kfree(buffer);
833 	return result;
834 }
835 
836 static unsigned int
837 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
838 	static unsigned int lastpba = 1;
839 	int zonestart, end, i;
840 
841 	zonestart = (lba/1000) << 10;
842 	end = info->capacity >> (info->blockshift + info->pageshift);
843 	end -= zonestart;
844 	if (end > 1024)
845 		end = 1024;
846 
847 	for (i = lastpba+1; i < end; i++) {
848 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
849 			lastpba = i;
850 			return zonestart+i;
851 		}
852 	}
853 	for (i = 0; i <= lastpba; i++) {
854 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
855 			lastpba = i;
856 			return zonestart+i;
857 		}
858 	}
859 	return 0;
860 }
861 
862 static int
863 sddr09_write_lba(struct us_data *us, unsigned int lba,
864 		 unsigned int page, unsigned int pages,
865 		 unsigned char *ptr, unsigned char *blockbuffer) {
866 
867 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
868 	unsigned long address;
869 	unsigned int pba, lbap;
870 	unsigned int pagelen;
871 	unsigned char *bptr, *cptr, *xptr;
872 	unsigned char ecc[3];
873 	int i, result, isnew;
874 
875 	lbap = ((lba % 1000) << 1) | 0x1000;
876 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
877 		lbap ^= 1;
878 	pba = info->lba_to_pba[lba];
879 	isnew = 0;
880 
881 	if (pba == UNDEF) {
882 		pba = sddr09_find_unused_pba(info, lba);
883 		if (!pba) {
884 			printk(KERN_WARNING
885 			       "sddr09_write_lba: Out of unused blocks\n");
886 			return -ENOSPC;
887 		}
888 		info->pba_to_lba[pba] = lba;
889 		info->lba_to_pba[lba] = pba;
890 		isnew = 1;
891 	}
892 
893 	if (pba == 1) {
894 		/*
895 		 * Maybe it is impossible to write to PBA 1.
896 		 * Fake success, but don't do anything.
897 		 */
898 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
899 		return 0;
900 	}
901 
902 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
903 
904 	/* read old contents */
905 	address = (pba << (info->pageshift + info->blockshift));
906 	result = sddr09_read22(us, address>>1, info->blocksize,
907 			       info->pageshift, blockbuffer, 0);
908 	if (result)
909 		return result;
910 
911 	/* check old contents and fill lba */
912 	for (i = 0; i < info->blocksize; i++) {
913 		bptr = blockbuffer + i*pagelen;
914 		cptr = bptr + info->pagesize;
915 		nand_compute_ecc(bptr, ecc);
916 		if (!nand_compare_ecc(cptr+13, ecc)) {
917 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
918 				     i, pba);
919 			nand_store_ecc(cptr+13, ecc);
920 		}
921 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
922 		if (!nand_compare_ecc(cptr+8, ecc)) {
923 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
924 				     i, pba);
925 			nand_store_ecc(cptr+8, ecc);
926 		}
927 		cptr[6] = cptr[11] = MSB_of(lbap);
928 		cptr[7] = cptr[12] = LSB_of(lbap);
929 	}
930 
931 	/* copy in new stuff and compute ECC */
932 	xptr = ptr;
933 	for (i = page; i < page+pages; i++) {
934 		bptr = blockbuffer + i*pagelen;
935 		cptr = bptr + info->pagesize;
936 		memcpy(bptr, xptr, info->pagesize);
937 		xptr += info->pagesize;
938 		nand_compute_ecc(bptr, ecc);
939 		nand_store_ecc(cptr+13, ecc);
940 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
941 		nand_store_ecc(cptr+8, ecc);
942 	}
943 
944 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
945 
946 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
947 				      info->pageshift, blockbuffer, 0);
948 
949 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
950 
951 #if 0
952 	{
953 		unsigned char status = 0;
954 		int result2 = sddr09_read_status(us, &status);
955 		if (result2)
956 			usb_stor_dbg(us, "cannot read status\n");
957 		else if (status != 0xc0)
958 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
959 	}
960 #endif
961 
962 #if 0
963 	{
964 		int result2 = sddr09_test_unit_ready(us);
965 	}
966 #endif
967 
968 	return result;
969 }
970 
971 static int
972 sddr09_write_data(struct us_data *us,
973 		  unsigned long address,
974 		  unsigned int sectors) {
975 
976 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
977 	unsigned int lba, maxlba, page, pages;
978 	unsigned int pagelen, blocklen;
979 	unsigned char *blockbuffer;
980 	unsigned char *buffer;
981 	unsigned int len, offset;
982 	struct scatterlist *sg;
983 	int result;
984 
985 	/* Figure out the initial LBA and page */
986 	lba = address >> info->blockshift;
987 	page = (address & info->blockmask);
988 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
989 	if (lba >= maxlba)
990 		return -EIO;
991 
992 	/*
993 	 * blockbuffer is used for reading in the old data, overwriting
994 	 * with the new data, and performing ECC calculations
995 	 */
996 
997 	/*
998 	 * TODO: instead of doing kmalloc/kfree for each write,
999 	 * add a bufferpointer to the info structure
1000 	 */
1001 
1002 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
1003 	blocklen = (pagelen << info->blockshift);
1004 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
1005 	if (!blockbuffer)
1006 		return -ENOMEM;
1007 
1008 	/*
1009 	 * Since we don't write the user data directly to the device,
1010 	 * we have to create a bounce buffer and move the data a piece
1011 	 * at a time between the bounce buffer and the actual transfer buffer.
1012 	 */
1013 
1014 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1015 	buffer = kmalloc(len, GFP_NOIO);
1016 	if (!buffer) {
1017 		kfree(blockbuffer);
1018 		return -ENOMEM;
1019 	}
1020 
1021 	result = 0;
1022 	offset = 0;
1023 	sg = NULL;
1024 
1025 	while (sectors > 0) {
1026 
1027 		/* Write as many sectors as possible in this block */
1028 
1029 		pages = min(sectors, info->blocksize - page);
1030 		len = (pages << info->pageshift);
1031 
1032 		/* Not overflowing capacity? */
1033 		if (lba >= maxlba) {
1034 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1035 				     lba, maxlba);
1036 			result = -EIO;
1037 			break;
1038 		}
1039 
1040 		/* Get the data from the transfer buffer */
1041 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1042 				&sg, &offset, FROM_XFER_BUF);
1043 
1044 		result = sddr09_write_lba(us, lba, page, pages,
1045 				buffer, blockbuffer);
1046 		if (result)
1047 			break;
1048 
1049 		page = 0;
1050 		lba++;
1051 		sectors -= pages;
1052 	}
1053 
1054 	kfree(buffer);
1055 	kfree(blockbuffer);
1056 
1057 	return result;
1058 }
1059 
1060 static int
1061 sddr09_read_control(struct us_data *us,
1062 		unsigned long address,
1063 		unsigned int blocks,
1064 		unsigned char *content,
1065 		int use_sg) {
1066 
1067 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1068 		     address, blocks);
1069 
1070 	return sddr09_read21(us, address, blocks,
1071 			     CONTROL_SHIFT, content, use_sg);
1072 }
1073 
1074 /*
1075  * Read Device ID Command: 12 bytes.
1076  * byte 0: opcode: ED
1077  *
1078  * Returns 2 bytes: Manufacturer ID and Device ID.
1079  * On more recent cards 3 bytes: the third byte is an option code A5
1080  * signifying that the secret command to read an 128-bit ID is available.
1081  * On still more recent cards 4 bytes: the fourth byte C0 means that
1082  * a second read ID cmd is available.
1083  */
1084 static int
1085 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1086 	unsigned char *command = us->iobuf;
1087 	unsigned char *content = us->iobuf;
1088 	int result, i;
1089 
1090 	memset(command, 0, 12);
1091 	command[0] = 0xED;
1092 	command[1] = LUNBITS;
1093 
1094 	result = sddr09_send_scsi_command(us, command, 12);
1095 	if (result)
1096 		return result;
1097 
1098 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1099 			content, 64, NULL);
1100 
1101 	for (i = 0; i < 4; i++)
1102 		deviceID[i] = content[i];
1103 
1104 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1105 }
1106 
1107 static int
1108 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1109 	int result;
1110 	unsigned char status;
1111 	const char *wp_fmt;
1112 
1113 	result = sddr09_read_status(us, &status);
1114 	if (result) {
1115 		usb_stor_dbg(us, "read_status fails\n");
1116 		return result;
1117 	}
1118 	if ((status & 0x80) == 0) {
1119 		info->flags |= SDDR09_WP;	/* write protected */
1120 		wp_fmt = " WP";
1121 	} else {
1122 		wp_fmt = "";
1123 	}
1124 	usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1125 		     status & 0x40 ? " Ready" : "",
1126 		     status & LUNBITS ? " Suspended" : "",
1127 		     status & 0x01 ? " Error" : "");
1128 
1129 	return 0;
1130 }
1131 
1132 #if 0
1133 /*
1134  * Reset Command: 12 bytes.
1135  * byte 0: opcode: EB
1136  */
1137 static int
1138 sddr09_reset(struct us_data *us) {
1139 
1140 	unsigned char *command = us->iobuf;
1141 
1142 	memset(command, 0, 12);
1143 	command[0] = 0xEB;
1144 	command[1] = LUNBITS;
1145 
1146 	return sddr09_send_scsi_command(us, command, 12);
1147 }
1148 #endif
1149 
1150 static struct nand_flash_dev *
1151 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1152 	struct nand_flash_dev *cardinfo;
1153 	unsigned char deviceID[4];
1154 	char blurbtxt[256];
1155 	int result;
1156 
1157 	usb_stor_dbg(us, "Reading capacity...\n");
1158 
1159 	result = sddr09_read_deviceID(us, deviceID);
1160 
1161 	if (result) {
1162 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1163 		printk(KERN_WARNING "sddr09: could not read card info\n");
1164 		return NULL;
1165 	}
1166 
1167 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1168 
1169 	/* Byte 0 is the manufacturer */
1170 	sprintf(blurbtxt + strlen(blurbtxt),
1171 		": Manuf. %s",
1172 		nand_flash_manufacturer(deviceID[0]));
1173 
1174 	/* Byte 1 is the device type */
1175 	cardinfo = nand_find_id(deviceID[1]);
1176 	if (cardinfo) {
1177 		/*
1178 		 * MB or MiB? It is neither. A 16 MB card has
1179 		 * 17301504 raw bytes, of which 16384000 are
1180 		 * usable for user data.
1181 		 */
1182 		sprintf(blurbtxt + strlen(blurbtxt),
1183 			", %d MB", 1<<(cardinfo->chipshift - 20));
1184 	} else {
1185 		sprintf(blurbtxt + strlen(blurbtxt),
1186 			", type unrecognized");
1187 	}
1188 
1189 	/* Byte 2 is code to signal availability of 128-bit ID */
1190 	if (deviceID[2] == 0xa5) {
1191 		sprintf(blurbtxt + strlen(blurbtxt),
1192 			", 128-bit ID");
1193 	}
1194 
1195 	/* Byte 3 announces the availability of another read ID command */
1196 	if (deviceID[3] == 0xc0) {
1197 		sprintf(blurbtxt + strlen(blurbtxt),
1198 			", extra cmd");
1199 	}
1200 
1201 	if (flags & SDDR09_WP)
1202 		sprintf(blurbtxt + strlen(blurbtxt),
1203 			", WP");
1204 
1205 	printk(KERN_WARNING "%s\n", blurbtxt);
1206 
1207 	return cardinfo;
1208 }
1209 
1210 static int
1211 sddr09_read_map(struct us_data *us) {
1212 
1213 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1214 	int numblocks, alloc_len, alloc_blocks;
1215 	int i, j, result;
1216 	unsigned char *buffer, *buffer_end, *ptr;
1217 	unsigned int lba, lbact;
1218 
1219 	if (!info->capacity)
1220 		return -1;
1221 
1222 	/*
1223 	 * size of a block is 1 << (blockshift + pageshift) bytes
1224 	 * divide into the total capacity to get the number of blocks
1225 	 */
1226 
1227 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1228 
1229 	/*
1230 	 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1231 	 * but only use a 64 KB buffer
1232 	 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1233 	 */
1234 #define SDDR09_READ_MAP_BUFSZ 65536
1235 
1236 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1237 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1238 	buffer = kmalloc(alloc_len, GFP_NOIO);
1239 	if (!buffer) {
1240 		result = -1;
1241 		goto done;
1242 	}
1243 	buffer_end = buffer + alloc_len;
1244 
1245 #undef SDDR09_READ_MAP_BUFSZ
1246 
1247 	kfree(info->lba_to_pba);
1248 	kfree(info->pba_to_lba);
1249 	info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1250 	info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1251 
1252 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1253 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1254 		result = -1;
1255 		goto done;
1256 	}
1257 
1258 	for (i = 0; i < numblocks; i++)
1259 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1260 
1261 	/*
1262 	 * Define lba-pba translation table
1263 	 */
1264 
1265 	ptr = buffer_end;
1266 	for (i = 0; i < numblocks; i++) {
1267 		ptr += (1 << CONTROL_SHIFT);
1268 		if (ptr >= buffer_end) {
1269 			unsigned long address;
1270 
1271 			address = i << (info->pageshift + info->blockshift);
1272 			result = sddr09_read_control(
1273 				us, address>>1,
1274 				min(alloc_blocks, numblocks - i),
1275 				buffer, 0);
1276 			if (result) {
1277 				result = -1;
1278 				goto done;
1279 			}
1280 			ptr = buffer;
1281 		}
1282 
1283 		if (i == 0 || i == 1) {
1284 			info->pba_to_lba[i] = UNUSABLE;
1285 			continue;
1286 		}
1287 
1288 		/* special PBAs have control field 0^16 */
1289 		for (j = 0; j < 16; j++)
1290 			if (ptr[j] != 0)
1291 				goto nonz;
1292 		info->pba_to_lba[i] = UNUSABLE;
1293 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1294 		       i);
1295 		continue;
1296 
1297 	nonz:
1298 		/* unwritten PBAs have control field FF^16 */
1299 		for (j = 0; j < 16; j++)
1300 			if (ptr[j] != 0xff)
1301 				goto nonff;
1302 		continue;
1303 
1304 	nonff:
1305 		/* normal PBAs start with six FFs */
1306 		if (j < 6) {
1307 			printk(KERN_WARNING
1308 			       "sddr09: PBA %d has no logical mapping: "
1309 			       "reserved area = %02X%02X%02X%02X "
1310 			       "data status %02X block status %02X\n",
1311 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1312 			       ptr[4], ptr[5]);
1313 			info->pba_to_lba[i] = UNUSABLE;
1314 			continue;
1315 		}
1316 
1317 		if ((ptr[6] >> 4) != 0x01) {
1318 			printk(KERN_WARNING
1319 			       "sddr09: PBA %d has invalid address field "
1320 			       "%02X%02X/%02X%02X\n",
1321 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1322 			info->pba_to_lba[i] = UNUSABLE;
1323 			continue;
1324 		}
1325 
1326 		/* check even parity */
1327 		if (parity[ptr[6] ^ ptr[7]]) {
1328 			printk(KERN_WARNING
1329 			       "sddr09: Bad parity in LBA for block %d"
1330 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1331 			info->pba_to_lba[i] = UNUSABLE;
1332 			continue;
1333 		}
1334 
1335 		lba = short_pack(ptr[7], ptr[6]);
1336 		lba = (lba & 0x07FF) >> 1;
1337 
1338 		/*
1339 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1340 		 * go back to zero, but are within a higher block of LBA's.
1341 		 * Also, there is a maximum of 1000 LBA's per zone.
1342 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1343 		 * which are really LBA 1000-1999. This allows for 24 bad
1344 		 * or special physical blocks per zone.
1345 		 */
1346 
1347 		if (lba >= 1000) {
1348 			printk(KERN_WARNING
1349 			       "sddr09: Bad low LBA %d for block %d\n",
1350 			       lba, i);
1351 			goto possibly_erase;
1352 		}
1353 
1354 		lba += 1000*(i/0x400);
1355 
1356 		if (info->lba_to_pba[lba] != UNDEF) {
1357 			printk(KERN_WARNING
1358 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1359 			       lba, info->lba_to_pba[lba], i);
1360 			goto possibly_erase;
1361 		}
1362 
1363 		info->pba_to_lba[i] = lba;
1364 		info->lba_to_pba[lba] = i;
1365 		continue;
1366 
1367 	possibly_erase:
1368 		if (erase_bad_lba_entries) {
1369 			unsigned long address;
1370 
1371 			address = (i << (info->pageshift + info->blockshift));
1372 			sddr09_erase(us, address>>1);
1373 			info->pba_to_lba[i] = UNDEF;
1374 		} else
1375 			info->pba_to_lba[i] = UNUSABLE;
1376 	}
1377 
1378 	/*
1379 	 * Approximate capacity. This is not entirely correct yet,
1380 	 * since a zone with less than 1000 usable pages leads to
1381 	 * missing LBAs. Especially if it is the last zone, some
1382 	 * LBAs can be past capacity.
1383 	 */
1384 	lbact = 0;
1385 	for (i = 0; i < numblocks; i += 1024) {
1386 		int ct = 0;
1387 
1388 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1389 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1390 				if (ct >= 1000)
1391 					info->pba_to_lba[i+j] = SPARE;
1392 				else
1393 					ct++;
1394 			}
1395 		}
1396 		lbact += ct;
1397 	}
1398 	info->lbact = lbact;
1399 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1400 	result = 0;
1401 
1402  done:
1403 	if (result != 0) {
1404 		kfree(info->lba_to_pba);
1405 		kfree(info->pba_to_lba);
1406 		info->lba_to_pba = NULL;
1407 		info->pba_to_lba = NULL;
1408 	}
1409 	kfree(buffer);
1410 	return result;
1411 }
1412 
1413 static void
1414 sddr09_card_info_destructor(void *extra) {
1415 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1416 
1417 	if (!info)
1418 		return;
1419 
1420 	kfree(info->lba_to_pba);
1421 	kfree(info->pba_to_lba);
1422 }
1423 
1424 static int
1425 sddr09_common_init(struct us_data *us) {
1426 	int result;
1427 
1428 	/* set the configuration -- STALL is an acceptable response here */
1429 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1430 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1431 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1432 		return -EINVAL;
1433 	}
1434 
1435 	result = usb_reset_configuration(us->pusb_dev);
1436 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1437 	if (result == -EPIPE) {
1438 		usb_stor_dbg(us, "-- stall on control interface\n");
1439 	} else if (result != 0) {
1440 		/* it's not a stall, but another error -- time to bail */
1441 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1442 		return -EINVAL;
1443 	}
1444 
1445 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1446 	if (!us->extra)
1447 		return -ENOMEM;
1448 	us->extra_destructor = sddr09_card_info_destructor;
1449 
1450 	nand_init_ecc();
1451 	return 0;
1452 }
1453 
1454 
1455 /*
1456  * This is needed at a very early stage. If this is not listed in the
1457  * unusual devices list but called from here then LUN 0 of the combo reader
1458  * is not recognized. But I do not know what precisely these calls do.
1459  */
1460 static int
1461 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1462 	int result;
1463 	unsigned char *data = us->iobuf;
1464 
1465 	result = sddr09_common_init(us);
1466 	if (result)
1467 		return result;
1468 
1469 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1470 	if (result) {
1471 		usb_stor_dbg(us, "send_command fails\n");
1472 		return result;
1473 	}
1474 
1475 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1476 	// get 07 02
1477 
1478 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1479 	if (result) {
1480 		usb_stor_dbg(us, "2nd send_command fails\n");
1481 		return result;
1482 	}
1483 
1484 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1485 	// get 07 00
1486 
1487 	result = sddr09_request_sense(us, data, 18);
1488 	if (result == 0 && data[2] != 0) {
1489 		int j;
1490 		for (j=0; j<18; j++)
1491 			printk(" %02X", data[j]);
1492 		printk("\n");
1493 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1494 		// 70: current command
1495 		// sense key 0, sense code 0, extd sense code 0
1496 		// additional transfer length * = sizeof(data) - 7
1497 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1498 		// sense key 06, sense code 28: unit attention,
1499 		// not ready to ready transition
1500 	}
1501 
1502 	// test unit ready
1503 
1504 	return 0;		/* not result */
1505 }
1506 
1507 /*
1508  * Transport for the Microtech DPCM-USB
1509  */
1510 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1511 {
1512 	int ret;
1513 
1514 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1515 
1516 	switch (srb->device->lun) {
1517 	case 0:
1518 
1519 		/*
1520 		 * LUN 0 corresponds to the CompactFlash card reader.
1521 		 */
1522 		ret = usb_stor_CB_transport(srb, us);
1523 		break;
1524 
1525 	case 1:
1526 
1527 		/*
1528 		 * LUN 1 corresponds to the SmartMedia card reader.
1529 		 */
1530 
1531 		/*
1532 		 * Set the LUN to 0 (just in case).
1533 		 */
1534 		srb->device->lun = 0;
1535 		ret = sddr09_transport(srb, us);
1536 		srb->device->lun = 1;
1537 		break;
1538 
1539 	default:
1540 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1541 		ret = USB_STOR_TRANSPORT_ERROR;
1542 		break;
1543 	}
1544 	return ret;
1545 }
1546 
1547 
1548 /*
1549  * Transport for the Sandisk SDDR-09
1550  */
1551 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1552 {
1553 	static unsigned char sensekey = 0, sensecode = 0;
1554 	static unsigned char havefakesense = 0;
1555 	int result, i;
1556 	unsigned char *ptr = us->iobuf;
1557 	unsigned long capacity;
1558 	unsigned int page, pages;
1559 
1560 	struct sddr09_card_info *info;
1561 
1562 	static unsigned char inquiry_response[8] = {
1563 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1564 	};
1565 
1566 	/* note: no block descriptor support */
1567 	static unsigned char mode_page_01[19] = {
1568 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1569 		0x01, 0x0A,
1570 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1571 	};
1572 
1573 	info = (struct sddr09_card_info *)us->extra;
1574 
1575 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1576 		/* for a faked command, we have to follow with a faked sense */
1577 		memset(ptr, 0, 18);
1578 		ptr[0] = 0x70;
1579 		ptr[2] = sensekey;
1580 		ptr[7] = 11;
1581 		ptr[12] = sensecode;
1582 		usb_stor_set_xfer_buf(ptr, 18, srb);
1583 		sensekey = sensecode = havefakesense = 0;
1584 		return USB_STOR_TRANSPORT_GOOD;
1585 	}
1586 
1587 	havefakesense = 1;
1588 
1589 	/*
1590 	 * Dummy up a response for INQUIRY since SDDR09 doesn't
1591 	 * respond to INQUIRY commands
1592 	 */
1593 
1594 	if (srb->cmnd[0] == INQUIRY) {
1595 		memcpy(ptr, inquiry_response, 8);
1596 		fill_inquiry_response(us, ptr, 36);
1597 		return USB_STOR_TRANSPORT_GOOD;
1598 	}
1599 
1600 	if (srb->cmnd[0] == READ_CAPACITY) {
1601 		struct nand_flash_dev *cardinfo;
1602 
1603 		sddr09_get_wp(us, info);	/* read WP bit */
1604 
1605 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1606 		if (!cardinfo) {
1607 			/* probably no media */
1608 		init_error:
1609 			sensekey = 0x02;	/* not ready */
1610 			sensecode = 0x3a;	/* medium not present */
1611 			return USB_STOR_TRANSPORT_FAILED;
1612 		}
1613 
1614 		info->capacity = (1 << cardinfo->chipshift);
1615 		info->pageshift = cardinfo->pageshift;
1616 		info->pagesize = (1 << info->pageshift);
1617 		info->blockshift = cardinfo->blockshift;
1618 		info->blocksize = (1 << info->blockshift);
1619 		info->blockmask = info->blocksize - 1;
1620 
1621 		// map initialization, must follow get_cardinfo()
1622 		if (sddr09_read_map(us)) {
1623 			/* probably out of memory */
1624 			goto init_error;
1625 		}
1626 
1627 		// Report capacity
1628 
1629 		capacity = (info->lbact << info->blockshift) - 1;
1630 
1631 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1632 
1633 		// Report page size
1634 
1635 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1636 		usb_stor_set_xfer_buf(ptr, 8, srb);
1637 
1638 		return USB_STOR_TRANSPORT_GOOD;
1639 	}
1640 
1641 	if (srb->cmnd[0] == MODE_SENSE_10) {
1642 		int modepage = (srb->cmnd[2] & 0x3F);
1643 
1644 		/*
1645 		 * They ask for the Read/Write error recovery page,
1646 		 * or for all pages.
1647 		 */
1648 		/* %% We should check DBD %% */
1649 		if (modepage == 0x01 || modepage == 0x3F) {
1650 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1651 				     modepage);
1652 
1653 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1654 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1655 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1656 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1657 			return USB_STOR_TRANSPORT_GOOD;
1658 		}
1659 
1660 		sensekey = 0x05;	/* illegal request */
1661 		sensecode = 0x24;	/* invalid field in CDB */
1662 		return USB_STOR_TRANSPORT_FAILED;
1663 	}
1664 
1665 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1666 		return USB_STOR_TRANSPORT_GOOD;
1667 
1668 	havefakesense = 0;
1669 
1670 	if (srb->cmnd[0] == READ_10) {
1671 
1672 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673 		page <<= 16;
1674 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676 
1677 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1678 			     page, pages);
1679 
1680 		result = sddr09_read_data(us, page, pages);
1681 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682 				USB_STOR_TRANSPORT_ERROR);
1683 	}
1684 
1685 	if (srb->cmnd[0] == WRITE_10) {
1686 
1687 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1688 		page <<= 16;
1689 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1690 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1691 
1692 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1693 			     page, pages);
1694 
1695 		result = sddr09_write_data(us, page, pages);
1696 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1697 				USB_STOR_TRANSPORT_ERROR);
1698 	}
1699 
1700 	/*
1701 	 * catch-all for all other commands, except
1702 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1703 	 */
1704 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1705 	    srb->cmnd[0] != REQUEST_SENSE) {
1706 		sensekey = 0x05;	/* illegal request */
1707 		sensecode = 0x20;	/* invalid command */
1708 		havefakesense = 1;
1709 		return USB_STOR_TRANSPORT_FAILED;
1710 	}
1711 
1712 	for (; srb->cmd_len<12; srb->cmd_len++)
1713 		srb->cmnd[srb->cmd_len] = 0;
1714 
1715 	srb->cmnd[1] = LUNBITS;
1716 
1717 	ptr[0] = 0;
1718 	for (i=0; i<12; i++)
1719 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1720 
1721 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1722 
1723 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1724 	if (result) {
1725 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1726 			     result);
1727 		return USB_STOR_TRANSPORT_ERROR;
1728 	}
1729 
1730 	if (scsi_bufflen(srb) == 0)
1731 		return USB_STOR_TRANSPORT_GOOD;
1732 
1733 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1734 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1735 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1736 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1737 
1738 		usb_stor_dbg(us, "%s %d bytes\n",
1739 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1740 			     "sending" : "receiving",
1741 			     scsi_bufflen(srb));
1742 
1743 		result = usb_stor_bulk_srb(us, pipe, srb);
1744 
1745 		return (result == USB_STOR_XFER_GOOD ?
1746 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1747 	}
1748 
1749 	return USB_STOR_TRANSPORT_GOOD;
1750 }
1751 
1752 /*
1753  * Initialization routine for the sddr09 subdriver
1754  */
1755 static int
1756 usb_stor_sddr09_init(struct us_data *us) {
1757 	return sddr09_common_init(us);
1758 }
1759 
1760 static struct scsi_host_template sddr09_host_template;
1761 
1762 static int sddr09_probe(struct usb_interface *intf,
1763 			 const struct usb_device_id *id)
1764 {
1765 	struct us_data *us;
1766 	int result;
1767 
1768 	result = usb_stor_probe1(&us, intf, id,
1769 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1770 			&sddr09_host_template);
1771 	if (result)
1772 		return result;
1773 
1774 	if (us->protocol == USB_PR_DPCM_USB) {
1775 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1776 		us->transport = dpcm_transport;
1777 		us->transport_reset = usb_stor_CB_reset;
1778 		us->max_lun = 1;
1779 	} else {
1780 		us->transport_name = "EUSB/SDDR09";
1781 		us->transport = sddr09_transport;
1782 		us->transport_reset = usb_stor_CB_reset;
1783 		us->max_lun = 0;
1784 	}
1785 
1786 	result = usb_stor_probe2(us);
1787 	return result;
1788 }
1789 
1790 static struct usb_driver sddr09_driver = {
1791 	.name =		DRV_NAME,
1792 	.probe =	sddr09_probe,
1793 	.disconnect =	usb_stor_disconnect,
1794 	.suspend =	usb_stor_suspend,
1795 	.resume =	usb_stor_resume,
1796 	.reset_resume =	usb_stor_reset_resume,
1797 	.pre_reset =	usb_stor_pre_reset,
1798 	.post_reset =	usb_stor_post_reset,
1799 	.id_table =	sddr09_usb_ids,
1800 	.soft_unbind =	1,
1801 	.no_dynamic_id = 1,
1802 };
1803 
1804 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1805