1 /* Driver for SanDisk SDDR-09 SmartMedia reader 2 * 3 * (c) 2000, 2001 Robert Baruch (autophile@starband.net) 4 * (c) 2002 Andries Brouwer (aeb@cwi.nl) 5 * Developed with the assistance of: 6 * (c) 2002 Alan Stern <stern@rowland.org> 7 * 8 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip. 9 * This chip is a programmable USB controller. In the SDDR-09, it has 10 * been programmed to obey a certain limited set of SCSI commands. 11 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI 12 * commands. 13 * 14 * This program is free software; you can redistribute it and/or modify it 15 * under the terms of the GNU General Public License as published by the 16 * Free Software Foundation; either version 2, or (at your option) any 17 * later version. 18 * 19 * This program is distributed in the hope that it will be useful, but 20 * WITHOUT ANY WARRANTY; without even the implied warranty of 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 * General Public License for more details. 23 * 24 * You should have received a copy of the GNU General Public License along 25 * with this program; if not, write to the Free Software Foundation, Inc., 26 * 675 Mass Ave, Cambridge, MA 02139, USA. 27 */ 28 29 /* 30 * Known vendor commands: 12 bytes, first byte is opcode 31 * 32 * E7: read scatter gather 33 * E8: read 34 * E9: write 35 * EA: erase 36 * EB: reset 37 * EC: read status 38 * ED: read ID 39 * EE: write CIS (?) 40 * EF: compute checksum (?) 41 */ 42 43 #include <linux/errno.h> 44 #include <linux/slab.h> 45 46 #include <scsi/scsi.h> 47 #include <scsi/scsi_cmnd.h> 48 49 #include "usb.h" 50 #include "transport.h" 51 #include "protocol.h" 52 #include "debug.h" 53 #include "sddr09.h" 54 55 56 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) ) 57 #define LSB_of(s) ((s)&0xFF) 58 #define MSB_of(s) ((s)>>8) 59 60 /* #define US_DEBUGP printk */ 61 62 /* 63 * First some stuff that does not belong here: 64 * data on SmartMedia and other cards, completely 65 * unrelated to this driver. 66 * Similar stuff occurs in <linux/mtd/nand_ids.h>. 67 */ 68 69 struct nand_flash_dev { 70 int model_id; 71 int chipshift; /* 1<<cs bytes total capacity */ 72 char pageshift; /* 1<<ps bytes in a page */ 73 char blockshift; /* 1<<bs pages in an erase block */ 74 char zoneshift; /* 1<<zs blocks in a zone */ 75 /* # of logical blocks is 125/128 of this */ 76 char pageadrlen; /* length of an address in bytes - 1 */ 77 }; 78 79 /* 80 * NAND Flash Manufacturer ID Codes 81 */ 82 #define NAND_MFR_AMD 0x01 83 #define NAND_MFR_NATSEMI 0x8f 84 #define NAND_MFR_TOSHIBA 0x98 85 #define NAND_MFR_SAMSUNG 0xec 86 87 static inline char *nand_flash_manufacturer(int manuf_id) { 88 switch(manuf_id) { 89 case NAND_MFR_AMD: 90 return "AMD"; 91 case NAND_MFR_NATSEMI: 92 return "NATSEMI"; 93 case NAND_MFR_TOSHIBA: 94 return "Toshiba"; 95 case NAND_MFR_SAMSUNG: 96 return "Samsung"; 97 default: 98 return "unknown"; 99 } 100 } 101 102 /* 103 * It looks like it is unnecessary to attach manufacturer to the 104 * remaining data: SSFDC prescribes manufacturer-independent id codes. 105 * 106 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda. 107 */ 108 109 static struct nand_flash_dev nand_flash_ids[] = { 110 /* NAND flash */ 111 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */ 112 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */ 113 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */ 114 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */ 115 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */ 116 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */ 117 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */ 118 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */ 119 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */ 120 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */ 121 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */ 122 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */ 123 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */ 124 125 /* MASK ROM */ 126 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */ 127 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */ 128 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */ 129 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */ 130 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */ 131 { 0,} 132 }; 133 134 static struct nand_flash_dev * 135 nand_find_id(unsigned char id) { 136 int i; 137 138 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++) 139 if (nand_flash_ids[i].model_id == id) 140 return &(nand_flash_ids[i]); 141 return NULL; 142 } 143 144 /* 145 * ECC computation. 146 */ 147 static unsigned char parity[256]; 148 static unsigned char ecc2[256]; 149 150 static void nand_init_ecc(void) { 151 int i, j, a; 152 153 parity[0] = 0; 154 for (i = 1; i < 256; i++) 155 parity[i] = (parity[i&(i-1)] ^ 1); 156 157 for (i = 0; i < 256; i++) { 158 a = 0; 159 for (j = 0; j < 8; j++) { 160 if (i & (1<<j)) { 161 if ((j & 1) == 0) 162 a ^= 0x04; 163 if ((j & 2) == 0) 164 a ^= 0x10; 165 if ((j & 4) == 0) 166 a ^= 0x40; 167 } 168 } 169 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0)); 170 } 171 } 172 173 /* compute 3-byte ecc on 256 bytes */ 174 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) { 175 int i, j, a; 176 unsigned char par, bit, bits[8]; 177 178 par = 0; 179 for (j = 0; j < 8; j++) 180 bits[j] = 0; 181 182 /* collect 16 checksum bits */ 183 for (i = 0; i < 256; i++) { 184 par ^= data[i]; 185 bit = parity[data[i]]; 186 for (j = 0; j < 8; j++) 187 if ((i & (1<<j)) == 0) 188 bits[j] ^= bit; 189 } 190 191 /* put 4+4+4 = 12 bits in the ecc */ 192 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0]; 193 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 194 195 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4]; 196 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0)); 197 198 ecc[2] = ecc2[par]; 199 } 200 201 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) { 202 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]); 203 } 204 205 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) { 206 memcpy(data, ecc, 3); 207 } 208 209 /* 210 * The actual driver starts here. 211 */ 212 213 struct sddr09_card_info { 214 unsigned long capacity; /* Size of card in bytes */ 215 int pagesize; /* Size of page in bytes */ 216 int pageshift; /* log2 of pagesize */ 217 int blocksize; /* Size of block in pages */ 218 int blockshift; /* log2 of blocksize */ 219 int blockmask; /* 2^blockshift - 1 */ 220 int *lba_to_pba; /* logical to physical map */ 221 int *pba_to_lba; /* physical to logical map */ 222 int lbact; /* number of available pages */ 223 int flags; 224 #define SDDR09_WP 1 /* write protected */ 225 }; 226 227 /* 228 * On my 16MB card, control blocks have size 64 (16 real control bytes, 229 * and 48 junk bytes). In reality of course the card uses 16 control bytes, 230 * so the reader makes up the remaining 48. Don't know whether these numbers 231 * depend on the card. For now a constant. 232 */ 233 #define CONTROL_SHIFT 6 234 235 /* 236 * On my Combo CF/SM reader, the SM reader has LUN 1. 237 * (and things fail with LUN 0). 238 * It seems LUN is irrelevant for others. 239 */ 240 #define LUN 1 241 #define LUNBITS (LUN << 5) 242 243 /* 244 * LBA and PBA are unsigned ints. Special values. 245 */ 246 #define UNDEF 0xffffffff 247 #define SPARE 0xfffffffe 248 #define UNUSABLE 0xfffffffd 249 250 static const int erase_bad_lba_entries = 0; 251 252 /* send vendor interface command (0x41) */ 253 /* called for requests 0, 1, 8 */ 254 static int 255 sddr09_send_command(struct us_data *us, 256 unsigned char request, 257 unsigned char direction, 258 unsigned char *xfer_data, 259 unsigned int xfer_len) { 260 unsigned int pipe; 261 unsigned char requesttype = (0x41 | direction); 262 int rc; 263 264 // Get the receive or send control pipe number 265 266 if (direction == USB_DIR_IN) 267 pipe = us->recv_ctrl_pipe; 268 else 269 pipe = us->send_ctrl_pipe; 270 271 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype, 272 0, 0, xfer_data, xfer_len); 273 switch (rc) { 274 case USB_STOR_XFER_GOOD: return 0; 275 case USB_STOR_XFER_STALLED: return -EPIPE; 276 default: return -EIO; 277 } 278 } 279 280 static int 281 sddr09_send_scsi_command(struct us_data *us, 282 unsigned char *command, 283 unsigned int command_len) { 284 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len); 285 } 286 287 #if 0 288 /* 289 * Test Unit Ready Command: 12 bytes. 290 * byte 0: opcode: 00 291 */ 292 static int 293 sddr09_test_unit_ready(struct us_data *us) { 294 unsigned char *command = us->iobuf; 295 int result; 296 297 memset(command, 0, 6); 298 command[1] = LUNBITS; 299 300 result = sddr09_send_scsi_command(us, command, 6); 301 302 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result); 303 304 return result; 305 } 306 #endif 307 308 /* 309 * Request Sense Command: 12 bytes. 310 * byte 0: opcode: 03 311 * byte 4: data length 312 */ 313 static int 314 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) { 315 unsigned char *command = us->iobuf; 316 int result; 317 318 memset(command, 0, 12); 319 command[0] = 0x03; 320 command[1] = LUNBITS; 321 command[4] = buflen; 322 323 result = sddr09_send_scsi_command(us, command, 12); 324 if (result) 325 return result; 326 327 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 328 sensebuf, buflen, NULL); 329 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 330 } 331 332 /* 333 * Read Command: 12 bytes. 334 * byte 0: opcode: E8 335 * byte 1: last two bits: 00: read data, 01: read blockwise control, 336 * 10: read both, 11: read pagewise control. 337 * It turns out we need values 20, 21, 22, 23 here (LUN 1). 338 * bytes 2-5: address (interpretation depends on byte 1, see below) 339 * bytes 10-11: count (idem) 340 * 341 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk). 342 * A read data command gets data in 512-byte pages. 343 * A read control command gets control in 64-byte chunks. 344 * A read both command gets data+control in 576-byte chunks. 345 * 346 * Blocks are groups of 32 pages, and read blockwise control jumps to the 347 * next block, while read pagewise control jumps to the next page after 348 * reading a group of 64 control bytes. 349 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?] 350 * 351 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.) 352 */ 353 354 static int 355 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress, 356 int nr_of_pages, int bulklen, unsigned char *buf, 357 int use_sg) { 358 359 unsigned char *command = us->iobuf; 360 int result; 361 362 command[0] = 0xE8; 363 command[1] = LUNBITS | x; 364 command[2] = MSB_of(fromaddress>>16); 365 command[3] = LSB_of(fromaddress>>16); 366 command[4] = MSB_of(fromaddress & 0xFFFF); 367 command[5] = LSB_of(fromaddress & 0xFFFF); 368 command[6] = 0; 369 command[7] = 0; 370 command[8] = 0; 371 command[9] = 0; 372 command[10] = MSB_of(nr_of_pages); 373 command[11] = LSB_of(nr_of_pages); 374 375 result = sddr09_send_scsi_command(us, command, 12); 376 377 if (result) { 378 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n", 379 x, result); 380 return result; 381 } 382 383 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, 384 buf, bulklen, use_sg, NULL); 385 386 if (result != USB_STOR_XFER_GOOD) { 387 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n", 388 x, result); 389 return -EIO; 390 } 391 return 0; 392 } 393 394 /* 395 * Read Data 396 * 397 * fromaddress counts data shorts: 398 * increasing it by 256 shifts the bytestream by 512 bytes; 399 * the last 8 bits are ignored. 400 * 401 * nr_of_pages counts pages of size (1 << pageshift). 402 */ 403 static int 404 sddr09_read20(struct us_data *us, unsigned long fromaddress, 405 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 406 int bulklen = nr_of_pages << pageshift; 407 408 /* The last 8 bits of fromaddress are ignored. */ 409 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen, 410 buf, use_sg); 411 } 412 413 /* 414 * Read Blockwise Control 415 * 416 * fromaddress gives the starting position (as in read data; 417 * the last 8 bits are ignored); increasing it by 32*256 shifts 418 * the output stream by 64 bytes. 419 * 420 * count counts control groups of size (1 << controlshift). 421 * For me, controlshift = 6. Is this constant? 422 * 423 * After getting one control group, jump to the next block 424 * (fromaddress += 8192). 425 */ 426 static int 427 sddr09_read21(struct us_data *us, unsigned long fromaddress, 428 int count, int controlshift, unsigned char *buf, int use_sg) { 429 430 int bulklen = (count << controlshift); 431 return sddr09_readX(us, 1, fromaddress, count, bulklen, 432 buf, use_sg); 433 } 434 435 /* 436 * Read both Data and Control 437 * 438 * fromaddress counts data shorts, ignoring control: 439 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes; 440 * the last 8 bits are ignored. 441 * 442 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift). 443 */ 444 static int 445 sddr09_read22(struct us_data *us, unsigned long fromaddress, 446 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) { 447 448 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 449 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n", 450 nr_of_pages, bulklen); 451 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen, 452 buf, use_sg); 453 } 454 455 #if 0 456 /* 457 * Read Pagewise Control 458 * 459 * fromaddress gives the starting position (as in read data; 460 * the last 8 bits are ignored); increasing it by 256 shifts 461 * the output stream by 64 bytes. 462 * 463 * count counts control groups of size (1 << controlshift). 464 * For me, controlshift = 6. Is this constant? 465 * 466 * After getting one control group, jump to the next page 467 * (fromaddress += 256). 468 */ 469 static int 470 sddr09_read23(struct us_data *us, unsigned long fromaddress, 471 int count, int controlshift, unsigned char *buf, int use_sg) { 472 473 int bulklen = (count << controlshift); 474 return sddr09_readX(us, 3, fromaddress, count, bulklen, 475 buf, use_sg); 476 } 477 #endif 478 479 /* 480 * Erase Command: 12 bytes. 481 * byte 0: opcode: EA 482 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 483 * 484 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored. 485 * The byte address being erased is 2*Eaddress. 486 * The CIS cannot be erased. 487 */ 488 static int 489 sddr09_erase(struct us_data *us, unsigned long Eaddress) { 490 unsigned char *command = us->iobuf; 491 int result; 492 493 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress); 494 495 memset(command, 0, 12); 496 command[0] = 0xEA; 497 command[1] = LUNBITS; 498 command[6] = MSB_of(Eaddress>>16); 499 command[7] = LSB_of(Eaddress>>16); 500 command[8] = MSB_of(Eaddress & 0xFFFF); 501 command[9] = LSB_of(Eaddress & 0xFFFF); 502 503 result = sddr09_send_scsi_command(us, command, 12); 504 505 if (result) 506 US_DEBUGP("Result for send_control in sddr09_erase %d\n", 507 result); 508 509 return result; 510 } 511 512 /* 513 * Write CIS Command: 12 bytes. 514 * byte 0: opcode: EE 515 * bytes 2-5: write address in shorts 516 * bytes 10-11: sector count 517 * 518 * This writes at the indicated address. Don't know how it differs 519 * from E9. Maybe it does not erase? However, it will also write to 520 * the CIS. 521 * 522 * When two such commands on the same page follow each other directly, 523 * the second one is not done. 524 */ 525 526 /* 527 * Write Command: 12 bytes. 528 * byte 0: opcode: E9 529 * bytes 2-5: write address (big-endian, counting shorts, sector aligned). 530 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned). 531 * bytes 10-11: sector count (big-endian, in 512-byte sectors). 532 * 533 * If write address equals erase address, the erase is done first, 534 * otherwise the write is done first. When erase address equals zero 535 * no erase is done? 536 */ 537 static int 538 sddr09_writeX(struct us_data *us, 539 unsigned long Waddress, unsigned long Eaddress, 540 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) { 541 542 unsigned char *command = us->iobuf; 543 int result; 544 545 command[0] = 0xE9; 546 command[1] = LUNBITS; 547 548 command[2] = MSB_of(Waddress>>16); 549 command[3] = LSB_of(Waddress>>16); 550 command[4] = MSB_of(Waddress & 0xFFFF); 551 command[5] = LSB_of(Waddress & 0xFFFF); 552 553 command[6] = MSB_of(Eaddress>>16); 554 command[7] = LSB_of(Eaddress>>16); 555 command[8] = MSB_of(Eaddress & 0xFFFF); 556 command[9] = LSB_of(Eaddress & 0xFFFF); 557 558 command[10] = MSB_of(nr_of_pages); 559 command[11] = LSB_of(nr_of_pages); 560 561 result = sddr09_send_scsi_command(us, command, 12); 562 563 if (result) { 564 US_DEBUGP("Result for send_control in sddr09_writeX %d\n", 565 result); 566 return result; 567 } 568 569 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, 570 buf, bulklen, use_sg, NULL); 571 572 if (result != USB_STOR_XFER_GOOD) { 573 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n", 574 result); 575 return -EIO; 576 } 577 return 0; 578 } 579 580 /* erase address, write same address */ 581 static int 582 sddr09_write_inplace(struct us_data *us, unsigned long address, 583 int nr_of_pages, int pageshift, unsigned char *buf, 584 int use_sg) { 585 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT); 586 return sddr09_writeX(us, address, address, nr_of_pages, bulklen, 587 buf, use_sg); 588 } 589 590 #if 0 591 /* 592 * Read Scatter Gather Command: 3+4n bytes. 593 * byte 0: opcode E7 594 * byte 2: n 595 * bytes 4i-1,4i,4i+1: page address 596 * byte 4i+2: page count 597 * (i=1..n) 598 * 599 * This reads several pages from the card to a single memory buffer. 600 * The last two bits of byte 1 have the same meaning as for E8. 601 */ 602 static int 603 sddr09_read_sg_test_only(struct us_data *us) { 604 unsigned char *command = us->iobuf; 605 int result, bulklen, nsg, ct; 606 unsigned char *buf; 607 unsigned long address; 608 609 nsg = bulklen = 0; 610 command[0] = 0xE7; 611 command[1] = LUNBITS; 612 command[2] = 0; 613 address = 040000; ct = 1; 614 nsg++; 615 bulklen += (ct << 9); 616 command[4*nsg+2] = ct; 617 command[4*nsg+1] = ((address >> 9) & 0xFF); 618 command[4*nsg+0] = ((address >> 17) & 0xFF); 619 command[4*nsg-1] = ((address >> 25) & 0xFF); 620 621 address = 0340000; ct = 1; 622 nsg++; 623 bulklen += (ct << 9); 624 command[4*nsg+2] = ct; 625 command[4*nsg+1] = ((address >> 9) & 0xFF); 626 command[4*nsg+0] = ((address >> 17) & 0xFF); 627 command[4*nsg-1] = ((address >> 25) & 0xFF); 628 629 address = 01000000; ct = 2; 630 nsg++; 631 bulklen += (ct << 9); 632 command[4*nsg+2] = ct; 633 command[4*nsg+1] = ((address >> 9) & 0xFF); 634 command[4*nsg+0] = ((address >> 17) & 0xFF); 635 command[4*nsg-1] = ((address >> 25) & 0xFF); 636 637 command[2] = nsg; 638 639 result = sddr09_send_scsi_command(us, command, 4*nsg+3); 640 641 if (result) { 642 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n", 643 result); 644 return result; 645 } 646 647 buf = kmalloc(bulklen, GFP_NOIO); 648 if (!buf) 649 return -ENOMEM; 650 651 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 652 buf, bulklen, NULL); 653 kfree(buf); 654 if (result != USB_STOR_XFER_GOOD) { 655 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n", 656 result); 657 return -EIO; 658 } 659 660 return 0; 661 } 662 #endif 663 664 /* 665 * Read Status Command: 12 bytes. 666 * byte 0: opcode: EC 667 * 668 * Returns 64 bytes, all zero except for the first. 669 * bit 0: 1: Error 670 * bit 5: 1: Suspended 671 * bit 6: 1: Ready 672 * bit 7: 1: Not write-protected 673 */ 674 675 static int 676 sddr09_read_status(struct us_data *us, unsigned char *status) { 677 678 unsigned char *command = us->iobuf; 679 unsigned char *data = us->iobuf; 680 int result; 681 682 US_DEBUGP("Reading status...\n"); 683 684 memset(command, 0, 12); 685 command[0] = 0xEC; 686 command[1] = LUNBITS; 687 688 result = sddr09_send_scsi_command(us, command, 12); 689 if (result) 690 return result; 691 692 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 693 data, 64, NULL); 694 *status = data[0]; 695 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 696 } 697 698 static int 699 sddr09_read_data(struct us_data *us, 700 unsigned long address, 701 unsigned int sectors) { 702 703 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 704 unsigned char *buffer; 705 unsigned int lba, maxlba, pba; 706 unsigned int page, pages; 707 unsigned int len, offset; 708 struct scatterlist *sg; 709 int result; 710 711 // Figure out the initial LBA and page 712 lba = address >> info->blockshift; 713 page = (address & info->blockmask); 714 maxlba = info->capacity >> (info->pageshift + info->blockshift); 715 if (lba >= maxlba) 716 return -EIO; 717 718 // Since we only read in one block at a time, we have to create 719 // a bounce buffer and move the data a piece at a time between the 720 // bounce buffer and the actual transfer buffer. 721 722 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 723 buffer = kmalloc(len, GFP_NOIO); 724 if (buffer == NULL) { 725 printk("sddr09_read_data: Out of memory\n"); 726 return -ENOMEM; 727 } 728 729 // This could be made much more efficient by checking for 730 // contiguous LBA's. Another exercise left to the student. 731 732 result = 0; 733 offset = 0; 734 sg = NULL; 735 736 while (sectors > 0) { 737 738 /* Find number of pages we can read in this block */ 739 pages = min(sectors, info->blocksize - page); 740 len = pages << info->pageshift; 741 742 /* Not overflowing capacity? */ 743 if (lba >= maxlba) { 744 US_DEBUGP("Error: Requested lba %u exceeds " 745 "maximum %u\n", lba, maxlba); 746 result = -EIO; 747 break; 748 } 749 750 /* Find where this lba lives on disk */ 751 pba = info->lba_to_pba[lba]; 752 753 if (pba == UNDEF) { /* this lba was never written */ 754 755 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n", 756 pages, lba, page); 757 758 /* This is not really an error. It just means 759 that the block has never been written. 760 Instead of returning an error 761 it is better to return all zero data. */ 762 763 memset(buffer, 0, len); 764 765 } else { 766 US_DEBUGP("Read %d pages, from PBA %d" 767 " (LBA %d) page %d\n", 768 pages, pba, lba, page); 769 770 address = ((pba << info->blockshift) + page) << 771 info->pageshift; 772 773 result = sddr09_read20(us, address>>1, 774 pages, info->pageshift, buffer, 0); 775 if (result) 776 break; 777 } 778 779 // Store the data in the transfer buffer 780 usb_stor_access_xfer_buf(buffer, len, us->srb, 781 &sg, &offset, TO_XFER_BUF); 782 783 page = 0; 784 lba++; 785 sectors -= pages; 786 } 787 788 kfree(buffer); 789 return result; 790 } 791 792 static unsigned int 793 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) { 794 static unsigned int lastpba = 1; 795 int zonestart, end, i; 796 797 zonestart = (lba/1000) << 10; 798 end = info->capacity >> (info->blockshift + info->pageshift); 799 end -= zonestart; 800 if (end > 1024) 801 end = 1024; 802 803 for (i = lastpba+1; i < end; i++) { 804 if (info->pba_to_lba[zonestart+i] == UNDEF) { 805 lastpba = i; 806 return zonestart+i; 807 } 808 } 809 for (i = 0; i <= lastpba; i++) { 810 if (info->pba_to_lba[zonestart+i] == UNDEF) { 811 lastpba = i; 812 return zonestart+i; 813 } 814 } 815 return 0; 816 } 817 818 static int 819 sddr09_write_lba(struct us_data *us, unsigned int lba, 820 unsigned int page, unsigned int pages, 821 unsigned char *ptr, unsigned char *blockbuffer) { 822 823 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 824 unsigned long address; 825 unsigned int pba, lbap; 826 unsigned int pagelen; 827 unsigned char *bptr, *cptr, *xptr; 828 unsigned char ecc[3]; 829 int i, result, isnew; 830 831 lbap = ((lba % 1000) << 1) | 0x1000; 832 if (parity[MSB_of(lbap) ^ LSB_of(lbap)]) 833 lbap ^= 1; 834 pba = info->lba_to_pba[lba]; 835 isnew = 0; 836 837 if (pba == UNDEF) { 838 pba = sddr09_find_unused_pba(info, lba); 839 if (!pba) { 840 printk("sddr09_write_lba: Out of unused blocks\n"); 841 return -ENOSPC; 842 } 843 info->pba_to_lba[pba] = lba; 844 info->lba_to_pba[lba] = pba; 845 isnew = 1; 846 } 847 848 if (pba == 1) { 849 /* Maybe it is impossible to write to PBA 1. 850 Fake success, but don't do anything. */ 851 printk("sddr09: avoid writing to pba 1\n"); 852 return 0; 853 } 854 855 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 856 857 /* read old contents */ 858 address = (pba << (info->pageshift + info->blockshift)); 859 result = sddr09_read22(us, address>>1, info->blocksize, 860 info->pageshift, blockbuffer, 0); 861 if (result) 862 return result; 863 864 /* check old contents and fill lba */ 865 for (i = 0; i < info->blocksize; i++) { 866 bptr = blockbuffer + i*pagelen; 867 cptr = bptr + info->pagesize; 868 nand_compute_ecc(bptr, ecc); 869 if (!nand_compare_ecc(cptr+13, ecc)) { 870 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n", 871 i, pba); 872 nand_store_ecc(cptr+13, ecc); 873 } 874 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 875 if (!nand_compare_ecc(cptr+8, ecc)) { 876 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n", 877 i, pba); 878 nand_store_ecc(cptr+8, ecc); 879 } 880 cptr[6] = cptr[11] = MSB_of(lbap); 881 cptr[7] = cptr[12] = LSB_of(lbap); 882 } 883 884 /* copy in new stuff and compute ECC */ 885 xptr = ptr; 886 for (i = page; i < page+pages; i++) { 887 bptr = blockbuffer + i*pagelen; 888 cptr = bptr + info->pagesize; 889 memcpy(bptr, xptr, info->pagesize); 890 xptr += info->pagesize; 891 nand_compute_ecc(bptr, ecc); 892 nand_store_ecc(cptr+13, ecc); 893 nand_compute_ecc(bptr+(info->pagesize / 2), ecc); 894 nand_store_ecc(cptr+8, ecc); 895 } 896 897 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba); 898 899 result = sddr09_write_inplace(us, address>>1, info->blocksize, 900 info->pageshift, blockbuffer, 0); 901 902 US_DEBUGP("sddr09_write_inplace returns %d\n", result); 903 904 #if 0 905 { 906 unsigned char status = 0; 907 int result2 = sddr09_read_status(us, &status); 908 if (result2) 909 US_DEBUGP("sddr09_write_inplace: cannot read status\n"); 910 else if (status != 0xc0) 911 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n", 912 status); 913 } 914 #endif 915 916 #if 0 917 { 918 int result2 = sddr09_test_unit_ready(us); 919 } 920 #endif 921 922 return result; 923 } 924 925 static int 926 sddr09_write_data(struct us_data *us, 927 unsigned long address, 928 unsigned int sectors) { 929 930 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 931 unsigned int lba, maxlba, page, pages; 932 unsigned int pagelen, blocklen; 933 unsigned char *blockbuffer; 934 unsigned char *buffer; 935 unsigned int len, offset; 936 struct scatterlist *sg; 937 int result; 938 939 // Figure out the initial LBA and page 940 lba = address >> info->blockshift; 941 page = (address & info->blockmask); 942 maxlba = info->capacity >> (info->pageshift + info->blockshift); 943 if (lba >= maxlba) 944 return -EIO; 945 946 // blockbuffer is used for reading in the old data, overwriting 947 // with the new data, and performing ECC calculations 948 949 /* TODO: instead of doing kmalloc/kfree for each write, 950 add a bufferpointer to the info structure */ 951 952 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT); 953 blocklen = (pagelen << info->blockshift); 954 blockbuffer = kmalloc(blocklen, GFP_NOIO); 955 if (!blockbuffer) { 956 printk("sddr09_write_data: Out of memory\n"); 957 return -ENOMEM; 958 } 959 960 // Since we don't write the user data directly to the device, 961 // we have to create a bounce buffer and move the data a piece 962 // at a time between the bounce buffer and the actual transfer buffer. 963 964 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize; 965 buffer = kmalloc(len, GFP_NOIO); 966 if (buffer == NULL) { 967 printk("sddr09_write_data: Out of memory\n"); 968 kfree(blockbuffer); 969 return -ENOMEM; 970 } 971 972 result = 0; 973 offset = 0; 974 sg = NULL; 975 976 while (sectors > 0) { 977 978 // Write as many sectors as possible in this block 979 980 pages = min(sectors, info->blocksize - page); 981 len = (pages << info->pageshift); 982 983 /* Not overflowing capacity? */ 984 if (lba >= maxlba) { 985 US_DEBUGP("Error: Requested lba %u exceeds " 986 "maximum %u\n", lba, maxlba); 987 result = -EIO; 988 break; 989 } 990 991 // Get the data from the transfer buffer 992 usb_stor_access_xfer_buf(buffer, len, us->srb, 993 &sg, &offset, FROM_XFER_BUF); 994 995 result = sddr09_write_lba(us, lba, page, pages, 996 buffer, blockbuffer); 997 if (result) 998 break; 999 1000 page = 0; 1001 lba++; 1002 sectors -= pages; 1003 } 1004 1005 kfree(buffer); 1006 kfree(blockbuffer); 1007 1008 return result; 1009 } 1010 1011 static int 1012 sddr09_read_control(struct us_data *us, 1013 unsigned long address, 1014 unsigned int blocks, 1015 unsigned char *content, 1016 int use_sg) { 1017 1018 US_DEBUGP("Read control address %lu, blocks %d\n", 1019 address, blocks); 1020 1021 return sddr09_read21(us, address, blocks, 1022 CONTROL_SHIFT, content, use_sg); 1023 } 1024 1025 /* 1026 * Read Device ID Command: 12 bytes. 1027 * byte 0: opcode: ED 1028 * 1029 * Returns 2 bytes: Manufacturer ID and Device ID. 1030 * On more recent cards 3 bytes: the third byte is an option code A5 1031 * signifying that the secret command to read an 128-bit ID is available. 1032 * On still more recent cards 4 bytes: the fourth byte C0 means that 1033 * a second read ID cmd is available. 1034 */ 1035 static int 1036 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) { 1037 unsigned char *command = us->iobuf; 1038 unsigned char *content = us->iobuf; 1039 int result, i; 1040 1041 memset(command, 0, 12); 1042 command[0] = 0xED; 1043 command[1] = LUNBITS; 1044 1045 result = sddr09_send_scsi_command(us, command, 12); 1046 if (result) 1047 return result; 1048 1049 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1050 content, 64, NULL); 1051 1052 for (i = 0; i < 4; i++) 1053 deviceID[i] = content[i]; 1054 1055 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO); 1056 } 1057 1058 static int 1059 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) { 1060 int result; 1061 unsigned char status; 1062 1063 result = sddr09_read_status(us, &status); 1064 if (result) { 1065 US_DEBUGP("sddr09_get_wp: read_status fails\n"); 1066 return result; 1067 } 1068 US_DEBUGP("sddr09_get_wp: status 0x%02X", status); 1069 if ((status & 0x80) == 0) { 1070 info->flags |= SDDR09_WP; /* write protected */ 1071 US_DEBUGP(" WP"); 1072 } 1073 if (status & 0x40) 1074 US_DEBUGP(" Ready"); 1075 if (status & LUNBITS) 1076 US_DEBUGP(" Suspended"); 1077 if (status & 0x1) 1078 US_DEBUGP(" Error"); 1079 US_DEBUGP("\n"); 1080 return 0; 1081 } 1082 1083 #if 0 1084 /* 1085 * Reset Command: 12 bytes. 1086 * byte 0: opcode: EB 1087 */ 1088 static int 1089 sddr09_reset(struct us_data *us) { 1090 1091 unsigned char *command = us->iobuf; 1092 1093 memset(command, 0, 12); 1094 command[0] = 0xEB; 1095 command[1] = LUNBITS; 1096 1097 return sddr09_send_scsi_command(us, command, 12); 1098 } 1099 #endif 1100 1101 static struct nand_flash_dev * 1102 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) { 1103 struct nand_flash_dev *cardinfo; 1104 unsigned char deviceID[4]; 1105 char blurbtxt[256]; 1106 int result; 1107 1108 US_DEBUGP("Reading capacity...\n"); 1109 1110 result = sddr09_read_deviceID(us, deviceID); 1111 1112 if (result) { 1113 US_DEBUGP("Result of read_deviceID is %d\n", result); 1114 printk("sddr09: could not read card info\n"); 1115 return NULL; 1116 } 1117 1118 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X", 1119 deviceID[0], deviceID[1], deviceID[2], deviceID[3]); 1120 1121 /* Byte 0 is the manufacturer */ 1122 sprintf(blurbtxt + strlen(blurbtxt), 1123 ": Manuf. %s", 1124 nand_flash_manufacturer(deviceID[0])); 1125 1126 /* Byte 1 is the device type */ 1127 cardinfo = nand_find_id(deviceID[1]); 1128 if (cardinfo) { 1129 /* MB or MiB? It is neither. A 16 MB card has 1130 17301504 raw bytes, of which 16384000 are 1131 usable for user data. */ 1132 sprintf(blurbtxt + strlen(blurbtxt), 1133 ", %d MB", 1<<(cardinfo->chipshift - 20)); 1134 } else { 1135 sprintf(blurbtxt + strlen(blurbtxt), 1136 ", type unrecognized"); 1137 } 1138 1139 /* Byte 2 is code to signal availability of 128-bit ID */ 1140 if (deviceID[2] == 0xa5) { 1141 sprintf(blurbtxt + strlen(blurbtxt), 1142 ", 128-bit ID"); 1143 } 1144 1145 /* Byte 3 announces the availability of another read ID command */ 1146 if (deviceID[3] == 0xc0) { 1147 sprintf(blurbtxt + strlen(blurbtxt), 1148 ", extra cmd"); 1149 } 1150 1151 if (flags & SDDR09_WP) 1152 sprintf(blurbtxt + strlen(blurbtxt), 1153 ", WP"); 1154 1155 printk("%s\n", blurbtxt); 1156 1157 return cardinfo; 1158 } 1159 1160 static int 1161 sddr09_read_map(struct us_data *us) { 1162 1163 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra; 1164 int numblocks, alloc_len, alloc_blocks; 1165 int i, j, result; 1166 unsigned char *buffer, *buffer_end, *ptr; 1167 unsigned int lba, lbact; 1168 1169 if (!info->capacity) 1170 return -1; 1171 1172 // size of a block is 1 << (blockshift + pageshift) bytes 1173 // divide into the total capacity to get the number of blocks 1174 1175 numblocks = info->capacity >> (info->blockshift + info->pageshift); 1176 1177 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT) 1178 // but only use a 64 KB buffer 1179 // buffer size used must be a multiple of (1 << CONTROL_SHIFT) 1180 #define SDDR09_READ_MAP_BUFSZ 65536 1181 1182 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT); 1183 alloc_len = (alloc_blocks << CONTROL_SHIFT); 1184 buffer = kmalloc(alloc_len, GFP_NOIO); 1185 if (buffer == NULL) { 1186 printk("sddr09_read_map: out of memory\n"); 1187 result = -1; 1188 goto done; 1189 } 1190 buffer_end = buffer + alloc_len; 1191 1192 #undef SDDR09_READ_MAP_BUFSZ 1193 1194 kfree(info->lba_to_pba); 1195 kfree(info->pba_to_lba); 1196 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1197 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO); 1198 1199 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) { 1200 printk("sddr09_read_map: out of memory\n"); 1201 result = -1; 1202 goto done; 1203 } 1204 1205 for (i = 0; i < numblocks; i++) 1206 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF; 1207 1208 /* 1209 * Define lba-pba translation table 1210 */ 1211 1212 ptr = buffer_end; 1213 for (i = 0; i < numblocks; i++) { 1214 ptr += (1 << CONTROL_SHIFT); 1215 if (ptr >= buffer_end) { 1216 unsigned long address; 1217 1218 address = i << (info->pageshift + info->blockshift); 1219 result = sddr09_read_control( 1220 us, address>>1, 1221 min(alloc_blocks, numblocks - i), 1222 buffer, 0); 1223 if (result) { 1224 result = -1; 1225 goto done; 1226 } 1227 ptr = buffer; 1228 } 1229 1230 if (i == 0 || i == 1) { 1231 info->pba_to_lba[i] = UNUSABLE; 1232 continue; 1233 } 1234 1235 /* special PBAs have control field 0^16 */ 1236 for (j = 0; j < 16; j++) 1237 if (ptr[j] != 0) 1238 goto nonz; 1239 info->pba_to_lba[i] = UNUSABLE; 1240 printk("sddr09: PBA %d has no logical mapping\n", i); 1241 continue; 1242 1243 nonz: 1244 /* unwritten PBAs have control field FF^16 */ 1245 for (j = 0; j < 16; j++) 1246 if (ptr[j] != 0xff) 1247 goto nonff; 1248 continue; 1249 1250 nonff: 1251 /* normal PBAs start with six FFs */ 1252 if (j < 6) { 1253 printk("sddr09: PBA %d has no logical mapping: " 1254 "reserved area = %02X%02X%02X%02X " 1255 "data status %02X block status %02X\n", 1256 i, ptr[0], ptr[1], ptr[2], ptr[3], 1257 ptr[4], ptr[5]); 1258 info->pba_to_lba[i] = UNUSABLE; 1259 continue; 1260 } 1261 1262 if ((ptr[6] >> 4) != 0x01) { 1263 printk("sddr09: PBA %d has invalid address field " 1264 "%02X%02X/%02X%02X\n", 1265 i, ptr[6], ptr[7], ptr[11], ptr[12]); 1266 info->pba_to_lba[i] = UNUSABLE; 1267 continue; 1268 } 1269 1270 /* check even parity */ 1271 if (parity[ptr[6] ^ ptr[7]]) { 1272 printk("sddr09: Bad parity in LBA for block %d" 1273 " (%02X %02X)\n", i, ptr[6], ptr[7]); 1274 info->pba_to_lba[i] = UNUSABLE; 1275 continue; 1276 } 1277 1278 lba = short_pack(ptr[7], ptr[6]); 1279 lba = (lba & 0x07FF) >> 1; 1280 1281 /* 1282 * Every 1024 physical blocks ("zone"), the LBA numbers 1283 * go back to zero, but are within a higher block of LBA's. 1284 * Also, there is a maximum of 1000 LBA's per zone. 1285 * In other words, in PBA 1024-2047 you will find LBA 0-999 1286 * which are really LBA 1000-1999. This allows for 24 bad 1287 * or special physical blocks per zone. 1288 */ 1289 1290 if (lba >= 1000) { 1291 printk("sddr09: Bad low LBA %d for block %d\n", 1292 lba, i); 1293 goto possibly_erase; 1294 } 1295 1296 lba += 1000*(i/0x400); 1297 1298 if (info->lba_to_pba[lba] != UNDEF) { 1299 printk("sddr09: LBA %d seen for PBA %d and %d\n", 1300 lba, info->lba_to_pba[lba], i); 1301 goto possibly_erase; 1302 } 1303 1304 info->pba_to_lba[i] = lba; 1305 info->lba_to_pba[lba] = i; 1306 continue; 1307 1308 possibly_erase: 1309 if (erase_bad_lba_entries) { 1310 unsigned long address; 1311 1312 address = (i << (info->pageshift + info->blockshift)); 1313 sddr09_erase(us, address>>1); 1314 info->pba_to_lba[i] = UNDEF; 1315 } else 1316 info->pba_to_lba[i] = UNUSABLE; 1317 } 1318 1319 /* 1320 * Approximate capacity. This is not entirely correct yet, 1321 * since a zone with less than 1000 usable pages leads to 1322 * missing LBAs. Especially if it is the last zone, some 1323 * LBAs can be past capacity. 1324 */ 1325 lbact = 0; 1326 for (i = 0; i < numblocks; i += 1024) { 1327 int ct = 0; 1328 1329 for (j = 0; j < 1024 && i+j < numblocks; j++) { 1330 if (info->pba_to_lba[i+j] != UNUSABLE) { 1331 if (ct >= 1000) 1332 info->pba_to_lba[i+j] = SPARE; 1333 else 1334 ct++; 1335 } 1336 } 1337 lbact += ct; 1338 } 1339 info->lbact = lbact; 1340 US_DEBUGP("Found %d LBA's\n", lbact); 1341 result = 0; 1342 1343 done: 1344 if (result != 0) { 1345 kfree(info->lba_to_pba); 1346 kfree(info->pba_to_lba); 1347 info->lba_to_pba = NULL; 1348 info->pba_to_lba = NULL; 1349 } 1350 kfree(buffer); 1351 return result; 1352 } 1353 1354 static void 1355 sddr09_card_info_destructor(void *extra) { 1356 struct sddr09_card_info *info = (struct sddr09_card_info *)extra; 1357 1358 if (!info) 1359 return; 1360 1361 kfree(info->lba_to_pba); 1362 kfree(info->pba_to_lba); 1363 } 1364 1365 static int 1366 sddr09_common_init(struct us_data *us) { 1367 int result; 1368 1369 /* set the configuration -- STALL is an acceptable response here */ 1370 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) { 1371 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev 1372 ->actconfig->desc.bConfigurationValue); 1373 return -EINVAL; 1374 } 1375 1376 result = usb_reset_configuration(us->pusb_dev); 1377 US_DEBUGP("Result of usb_reset_configuration is %d\n", result); 1378 if (result == -EPIPE) { 1379 US_DEBUGP("-- stall on control interface\n"); 1380 } else if (result != 0) { 1381 /* it's not a stall, but another error -- time to bail */ 1382 US_DEBUGP("-- Unknown error. Rejecting device\n"); 1383 return -EINVAL; 1384 } 1385 1386 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO); 1387 if (!us->extra) 1388 return -ENOMEM; 1389 us->extra_destructor = sddr09_card_info_destructor; 1390 1391 nand_init_ecc(); 1392 return 0; 1393 } 1394 1395 1396 /* 1397 * This is needed at a very early stage. If this is not listed in the 1398 * unusual devices list but called from here then LUN 0 of the combo reader 1399 * is not recognized. But I do not know what precisely these calls do. 1400 */ 1401 int 1402 usb_stor_sddr09_dpcm_init(struct us_data *us) { 1403 int result; 1404 unsigned char *data = us->iobuf; 1405 1406 result = sddr09_common_init(us); 1407 if (result) 1408 return result; 1409 1410 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2); 1411 if (result) { 1412 US_DEBUGP("sddr09_init: send_command fails\n"); 1413 return result; 1414 } 1415 1416 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1417 // get 07 02 1418 1419 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2); 1420 if (result) { 1421 US_DEBUGP("sddr09_init: 2nd send_command fails\n"); 1422 return result; 1423 } 1424 1425 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]); 1426 // get 07 00 1427 1428 result = sddr09_request_sense(us, data, 18); 1429 if (result == 0 && data[2] != 0) { 1430 int j; 1431 for (j=0; j<18; j++) 1432 printk(" %02X", data[j]); 1433 printk("\n"); 1434 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00 1435 // 70: current command 1436 // sense key 0, sense code 0, extd sense code 0 1437 // additional transfer length * = sizeof(data) - 7 1438 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00 1439 // sense key 06, sense code 28: unit attention, 1440 // not ready to ready transition 1441 } 1442 1443 // test unit ready 1444 1445 return 0; /* not result */ 1446 } 1447 1448 /* 1449 * Transport for the Sandisk SDDR-09 1450 */ 1451 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us) 1452 { 1453 static unsigned char sensekey = 0, sensecode = 0; 1454 static unsigned char havefakesense = 0; 1455 int result, i; 1456 unsigned char *ptr = us->iobuf; 1457 unsigned long capacity; 1458 unsigned int page, pages; 1459 1460 struct sddr09_card_info *info; 1461 1462 static unsigned char inquiry_response[8] = { 1463 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00 1464 }; 1465 1466 /* note: no block descriptor support */ 1467 static unsigned char mode_page_01[19] = { 1468 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00, 1469 0x01, 0x0A, 1470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1471 }; 1472 1473 info = (struct sddr09_card_info *)us->extra; 1474 1475 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) { 1476 /* for a faked command, we have to follow with a faked sense */ 1477 memset(ptr, 0, 18); 1478 ptr[0] = 0x70; 1479 ptr[2] = sensekey; 1480 ptr[7] = 11; 1481 ptr[12] = sensecode; 1482 usb_stor_set_xfer_buf(ptr, 18, srb); 1483 sensekey = sensecode = havefakesense = 0; 1484 return USB_STOR_TRANSPORT_GOOD; 1485 } 1486 1487 havefakesense = 1; 1488 1489 /* Dummy up a response for INQUIRY since SDDR09 doesn't 1490 respond to INQUIRY commands */ 1491 1492 if (srb->cmnd[0] == INQUIRY) { 1493 memcpy(ptr, inquiry_response, 8); 1494 fill_inquiry_response(us, ptr, 36); 1495 return USB_STOR_TRANSPORT_GOOD; 1496 } 1497 1498 if (srb->cmnd[0] == READ_CAPACITY) { 1499 struct nand_flash_dev *cardinfo; 1500 1501 sddr09_get_wp(us, info); /* read WP bit */ 1502 1503 cardinfo = sddr09_get_cardinfo(us, info->flags); 1504 if (!cardinfo) { 1505 /* probably no media */ 1506 init_error: 1507 sensekey = 0x02; /* not ready */ 1508 sensecode = 0x3a; /* medium not present */ 1509 return USB_STOR_TRANSPORT_FAILED; 1510 } 1511 1512 info->capacity = (1 << cardinfo->chipshift); 1513 info->pageshift = cardinfo->pageshift; 1514 info->pagesize = (1 << info->pageshift); 1515 info->blockshift = cardinfo->blockshift; 1516 info->blocksize = (1 << info->blockshift); 1517 info->blockmask = info->blocksize - 1; 1518 1519 // map initialization, must follow get_cardinfo() 1520 if (sddr09_read_map(us)) { 1521 /* probably out of memory */ 1522 goto init_error; 1523 } 1524 1525 // Report capacity 1526 1527 capacity = (info->lbact << info->blockshift) - 1; 1528 1529 ((__be32 *) ptr)[0] = cpu_to_be32(capacity); 1530 1531 // Report page size 1532 1533 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize); 1534 usb_stor_set_xfer_buf(ptr, 8, srb); 1535 1536 return USB_STOR_TRANSPORT_GOOD; 1537 } 1538 1539 if (srb->cmnd[0] == MODE_SENSE_10) { 1540 int modepage = (srb->cmnd[2] & 0x3F); 1541 1542 /* They ask for the Read/Write error recovery page, 1543 or for all pages. */ 1544 /* %% We should check DBD %% */ 1545 if (modepage == 0x01 || modepage == 0x3F) { 1546 US_DEBUGP("SDDR09: Dummy up request for " 1547 "mode page 0x%x\n", modepage); 1548 1549 memcpy(ptr, mode_page_01, sizeof(mode_page_01)); 1550 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2); 1551 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0; 1552 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb); 1553 return USB_STOR_TRANSPORT_GOOD; 1554 } 1555 1556 sensekey = 0x05; /* illegal request */ 1557 sensecode = 0x24; /* invalid field in CDB */ 1558 return USB_STOR_TRANSPORT_FAILED; 1559 } 1560 1561 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) 1562 return USB_STOR_TRANSPORT_GOOD; 1563 1564 havefakesense = 0; 1565 1566 if (srb->cmnd[0] == READ_10) { 1567 1568 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1569 page <<= 16; 1570 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1571 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1572 1573 US_DEBUGP("READ_10: read page %d pagect %d\n", 1574 page, pages); 1575 1576 result = sddr09_read_data(us, page, pages); 1577 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1578 USB_STOR_TRANSPORT_ERROR); 1579 } 1580 1581 if (srb->cmnd[0] == WRITE_10) { 1582 1583 page = short_pack(srb->cmnd[3], srb->cmnd[2]); 1584 page <<= 16; 1585 page |= short_pack(srb->cmnd[5], srb->cmnd[4]); 1586 pages = short_pack(srb->cmnd[8], srb->cmnd[7]); 1587 1588 US_DEBUGP("WRITE_10: write page %d pagect %d\n", 1589 page, pages); 1590 1591 result = sddr09_write_data(us, page, pages); 1592 return (result == 0 ? USB_STOR_TRANSPORT_GOOD : 1593 USB_STOR_TRANSPORT_ERROR); 1594 } 1595 1596 /* catch-all for all other commands, except 1597 * pass TEST_UNIT_READY and REQUEST_SENSE through 1598 */ 1599 if (srb->cmnd[0] != TEST_UNIT_READY && 1600 srb->cmnd[0] != REQUEST_SENSE) { 1601 sensekey = 0x05; /* illegal request */ 1602 sensecode = 0x20; /* invalid command */ 1603 havefakesense = 1; 1604 return USB_STOR_TRANSPORT_FAILED; 1605 } 1606 1607 for (; srb->cmd_len<12; srb->cmd_len++) 1608 srb->cmnd[srb->cmd_len] = 0; 1609 1610 srb->cmnd[1] = LUNBITS; 1611 1612 ptr[0] = 0; 1613 for (i=0; i<12; i++) 1614 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]); 1615 1616 US_DEBUGP("SDDR09: Send control for command %s\n", ptr); 1617 1618 result = sddr09_send_scsi_command(us, srb->cmnd, 12); 1619 if (result) { 1620 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command " 1621 "returns %d\n", result); 1622 return USB_STOR_TRANSPORT_ERROR; 1623 } 1624 1625 if (scsi_bufflen(srb) == 0) 1626 return USB_STOR_TRANSPORT_GOOD; 1627 1628 if (srb->sc_data_direction == DMA_TO_DEVICE || 1629 srb->sc_data_direction == DMA_FROM_DEVICE) { 1630 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE) 1631 ? us->send_bulk_pipe : us->recv_bulk_pipe; 1632 1633 US_DEBUGP("SDDR09: %s %d bytes\n", 1634 (srb->sc_data_direction == DMA_TO_DEVICE) ? 1635 "sending" : "receiving", 1636 scsi_bufflen(srb)); 1637 1638 result = usb_stor_bulk_srb(us, pipe, srb); 1639 1640 return (result == USB_STOR_XFER_GOOD ? 1641 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR); 1642 } 1643 1644 return USB_STOR_TRANSPORT_GOOD; 1645 } 1646 1647 /* 1648 * Initialization routine for the sddr09 subdriver 1649 */ 1650 int 1651 usb_stor_sddr09_init(struct us_data *us) { 1652 return sddr09_common_init(us); 1653 } 1654