1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Driver for USB Mass Storage compliant devices 4 * 5 * Current development and maintenance by: 6 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net) 7 * 8 * Developed with the assistance of: 9 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org) 10 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov) 11 * (c) 2002 Alan Stern <stern@rowland.org> 12 * 13 * Initial work by: 14 * (c) 1999 Michael Gee (michael@linuxspecific.com) 15 * 16 * This driver is based on the 'USB Mass Storage Class' document. This 17 * describes in detail the protocol used to communicate with such 18 * devices. Clearly, the designers had SCSI and ATAPI commands in 19 * mind when they created this document. The commands are all very 20 * similar to commands in the SCSI-II and ATAPI specifications. 21 * 22 * It is important to note that in a number of cases this class 23 * exhibits class-specific exemptions from the USB specification. 24 * Notably the usage of NAK, STALL and ACK differs from the norm, in 25 * that they are used to communicate wait, failed and OK on commands. 26 * 27 * Also, for certain devices, the interrupt endpoint is used to convey 28 * status of a command. 29 * 30 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more 31 * information about this driver. 32 */ 33 34 #include <linux/sched.h> 35 #include <linux/gfp.h> 36 #include <linux/errno.h> 37 #include <linux/export.h> 38 39 #include <linux/usb/quirks.h> 40 41 #include <scsi/scsi.h> 42 #include <scsi/scsi_eh.h> 43 #include <scsi/scsi_device.h> 44 45 #include "usb.h" 46 #include "transport.h" 47 #include "protocol.h" 48 #include "scsiglue.h" 49 #include "debug.h" 50 51 #include <linux/blkdev.h> 52 #include "../../scsi/sd.h" 53 54 55 /*********************************************************************** 56 * Data transfer routines 57 ***********************************************************************/ 58 59 /* 60 * This is subtle, so pay attention: 61 * --------------------------------- 62 * We're very concerned about races with a command abort. Hanging this code 63 * is a sure fire way to hang the kernel. (Note that this discussion applies 64 * only to transactions resulting from a scsi queued-command, since only 65 * these transactions are subject to a scsi abort. Other transactions, such 66 * as those occurring during device-specific initialization, must be handled 67 * by a separate code path.) 68 * 69 * The abort function (usb_storage_command_abort() in scsiglue.c) first 70 * sets the machine state and the ABORTING bit in us->dflags to prevent 71 * new URBs from being submitted. It then calls usb_stor_stop_transport() 72 * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags 73 * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE 74 * bit is tested to see if the current_sg scatter-gather request needs to be 75 * stopped. The timeout callback routine does much the same thing. 76 * 77 * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to 78 * prevent new URBs from being submitted, and usb_stor_stop_transport() is 79 * called to stop any ongoing requests. 80 * 81 * The submit function first verifies that the submitting is allowed 82 * (neither ABORTING nor DISCONNECTING bits are set) and that the submit 83 * completes without errors, and only then sets the URB_ACTIVE bit. This 84 * prevents the stop_transport() function from trying to cancel the URB 85 * while the submit call is underway. Next, the submit function must test 86 * the flags to see if an abort or disconnect occurred during the submission 87 * or before the URB_ACTIVE bit was set. If so, it's essential to cancel 88 * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit 89 * is still set). Either way, the function must then wait for the URB to 90 * finish. Note that the URB can still be in progress even after a call to 91 * usb_unlink_urb() returns. 92 * 93 * The idea is that (1) once the ABORTING or DISCONNECTING bit is set, 94 * either the stop_transport() function or the submitting function 95 * is guaranteed to call usb_unlink_urb() for an active URB, 96 * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being 97 * called more than once or from being called during usb_submit_urb(). 98 */ 99 100 /* 101 * This is the completion handler which will wake us up when an URB 102 * completes. 103 */ 104 static void usb_stor_blocking_completion(struct urb *urb) 105 { 106 struct completion *urb_done_ptr = urb->context; 107 108 complete(urb_done_ptr); 109 } 110 111 /* 112 * This is the common part of the URB message submission code 113 * 114 * All URBs from the usb-storage driver involved in handling a queued scsi 115 * command _must_ pass through this function (or something like it) for the 116 * abort mechanisms to work properly. 117 */ 118 static int usb_stor_msg_common(struct us_data *us, int timeout) 119 { 120 struct completion urb_done; 121 long timeleft; 122 int status; 123 124 /* don't submit URBs during abort processing */ 125 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) 126 return -EIO; 127 128 /* set up data structures for the wakeup system */ 129 init_completion(&urb_done); 130 131 /* fill the common fields in the URB */ 132 us->current_urb->context = &urb_done; 133 us->current_urb->transfer_flags = 0; 134 135 /* 136 * we assume that if transfer_buffer isn't us->iobuf then it 137 * hasn't been mapped for DMA. Yes, this is clunky, but it's 138 * easier than always having the caller tell us whether the 139 * transfer buffer has already been mapped. 140 */ 141 if (us->current_urb->transfer_buffer == us->iobuf) 142 us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; 143 us->current_urb->transfer_dma = us->iobuf_dma; 144 145 /* submit the URB */ 146 status = usb_submit_urb(us->current_urb, GFP_NOIO); 147 if (status) { 148 /* something went wrong */ 149 return status; 150 } 151 152 /* 153 * since the URB has been submitted successfully, it's now okay 154 * to cancel it 155 */ 156 set_bit(US_FLIDX_URB_ACTIVE, &us->dflags); 157 158 /* did an abort occur during the submission? */ 159 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { 160 161 /* cancel the URB, if it hasn't been cancelled already */ 162 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) { 163 usb_stor_dbg(us, "-- cancelling URB\n"); 164 usb_unlink_urb(us->current_urb); 165 } 166 } 167 168 /* wait for the completion of the URB */ 169 timeleft = wait_for_completion_interruptible_timeout( 170 &urb_done, timeout ? : MAX_SCHEDULE_TIMEOUT); 171 172 clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags); 173 174 if (timeleft <= 0) { 175 usb_stor_dbg(us, "%s -- cancelling URB\n", 176 timeleft == 0 ? "Timeout" : "Signal"); 177 usb_kill_urb(us->current_urb); 178 } 179 180 /* return the URB status */ 181 return us->current_urb->status; 182 } 183 184 /* 185 * Transfer one control message, with timeouts, and allowing early 186 * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx. 187 */ 188 int usb_stor_control_msg(struct us_data *us, unsigned int pipe, 189 u8 request, u8 requesttype, u16 value, u16 index, 190 void *data, u16 size, int timeout) 191 { 192 int status; 193 194 usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n", 195 request, requesttype, value, index, size); 196 197 /* fill in the devrequest structure */ 198 us->cr->bRequestType = requesttype; 199 us->cr->bRequest = request; 200 us->cr->wValue = cpu_to_le16(value); 201 us->cr->wIndex = cpu_to_le16(index); 202 us->cr->wLength = cpu_to_le16(size); 203 204 /* fill and submit the URB */ 205 usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 206 (unsigned char*) us->cr, data, size, 207 usb_stor_blocking_completion, NULL); 208 status = usb_stor_msg_common(us, timeout); 209 210 /* return the actual length of the data transferred if no error */ 211 if (status == 0) 212 status = us->current_urb->actual_length; 213 return status; 214 } 215 EXPORT_SYMBOL_GPL(usb_stor_control_msg); 216 217 /* 218 * This is a version of usb_clear_halt() that allows early termination and 219 * doesn't read the status from the device -- this is because some devices 220 * crash their internal firmware when the status is requested after a halt. 221 * 222 * A definitive list of these 'bad' devices is too difficult to maintain or 223 * make complete enough to be useful. This problem was first observed on the 224 * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither 225 * MacOS nor Windows checks the status after clearing a halt. 226 * 227 * Since many vendors in this space limit their testing to interoperability 228 * with these two OSes, specification violations like this one are common. 229 */ 230 int usb_stor_clear_halt(struct us_data *us, unsigned int pipe) 231 { 232 int result; 233 int endp = usb_pipeendpoint(pipe); 234 235 if (usb_pipein (pipe)) 236 endp |= USB_DIR_IN; 237 238 result = usb_stor_control_msg(us, us->send_ctrl_pipe, 239 USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT, 240 USB_ENDPOINT_HALT, endp, 241 NULL, 0, 3*HZ); 242 243 if (result >= 0) 244 usb_reset_endpoint(us->pusb_dev, endp); 245 246 usb_stor_dbg(us, "result = %d\n", result); 247 return result; 248 } 249 EXPORT_SYMBOL_GPL(usb_stor_clear_halt); 250 251 252 /* 253 * Interpret the results of a URB transfer 254 * 255 * This function prints appropriate debugging messages, clears halts on 256 * non-control endpoints, and translates the status to the corresponding 257 * USB_STOR_XFER_xxx return code. 258 */ 259 static int interpret_urb_result(struct us_data *us, unsigned int pipe, 260 unsigned int length, int result, unsigned int partial) 261 { 262 usb_stor_dbg(us, "Status code %d; transferred %u/%u\n", 263 result, partial, length); 264 switch (result) { 265 266 /* no error code; did we send all the data? */ 267 case 0: 268 if (partial != length) { 269 usb_stor_dbg(us, "-- short transfer\n"); 270 return USB_STOR_XFER_SHORT; 271 } 272 273 usb_stor_dbg(us, "-- transfer complete\n"); 274 return USB_STOR_XFER_GOOD; 275 276 /* stalled */ 277 case -EPIPE: 278 /* 279 * for control endpoints, (used by CB[I]) a stall indicates 280 * a failed command 281 */ 282 if (usb_pipecontrol(pipe)) { 283 usb_stor_dbg(us, "-- stall on control pipe\n"); 284 return USB_STOR_XFER_STALLED; 285 } 286 287 /* for other sorts of endpoint, clear the stall */ 288 usb_stor_dbg(us, "clearing endpoint halt for pipe 0x%x\n", 289 pipe); 290 if (usb_stor_clear_halt(us, pipe) < 0) 291 return USB_STOR_XFER_ERROR; 292 return USB_STOR_XFER_STALLED; 293 294 /* babble - the device tried to send more than we wanted to read */ 295 case -EOVERFLOW: 296 usb_stor_dbg(us, "-- babble\n"); 297 return USB_STOR_XFER_LONG; 298 299 /* the transfer was cancelled by abort, disconnect, or timeout */ 300 case -ECONNRESET: 301 usb_stor_dbg(us, "-- transfer cancelled\n"); 302 return USB_STOR_XFER_ERROR; 303 304 /* short scatter-gather read transfer */ 305 case -EREMOTEIO: 306 usb_stor_dbg(us, "-- short read transfer\n"); 307 return USB_STOR_XFER_SHORT; 308 309 /* abort or disconnect in progress */ 310 case -EIO: 311 usb_stor_dbg(us, "-- abort or disconnect in progress\n"); 312 return USB_STOR_XFER_ERROR; 313 314 /* the catch-all error case */ 315 default: 316 usb_stor_dbg(us, "-- unknown error\n"); 317 return USB_STOR_XFER_ERROR; 318 } 319 } 320 321 /* 322 * Transfer one control message, without timeouts, but allowing early 323 * termination. Return codes are USB_STOR_XFER_xxx. 324 */ 325 int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe, 326 u8 request, u8 requesttype, u16 value, u16 index, 327 void *data, u16 size) 328 { 329 int result; 330 331 usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n", 332 request, requesttype, value, index, size); 333 334 /* fill in the devrequest structure */ 335 us->cr->bRequestType = requesttype; 336 us->cr->bRequest = request; 337 us->cr->wValue = cpu_to_le16(value); 338 us->cr->wIndex = cpu_to_le16(index); 339 us->cr->wLength = cpu_to_le16(size); 340 341 /* fill and submit the URB */ 342 usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 343 (unsigned char*) us->cr, data, size, 344 usb_stor_blocking_completion, NULL); 345 result = usb_stor_msg_common(us, 0); 346 347 return interpret_urb_result(us, pipe, size, result, 348 us->current_urb->actual_length); 349 } 350 EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer); 351 352 /* 353 * Receive one interrupt buffer, without timeouts, but allowing early 354 * termination. Return codes are USB_STOR_XFER_xxx. 355 * 356 * This routine always uses us->recv_intr_pipe as the pipe and 357 * us->ep_bInterval as the interrupt interval. 358 */ 359 static int usb_stor_intr_transfer(struct us_data *us, void *buf, 360 unsigned int length) 361 { 362 int result; 363 unsigned int pipe = us->recv_intr_pipe; 364 unsigned int maxp; 365 366 usb_stor_dbg(us, "xfer %u bytes\n", length); 367 368 /* calculate the max packet size */ 369 maxp = usb_maxpacket(us->pusb_dev, pipe, usb_pipeout(pipe)); 370 if (maxp > length) 371 maxp = length; 372 373 /* fill and submit the URB */ 374 usb_fill_int_urb(us->current_urb, us->pusb_dev, pipe, buf, 375 maxp, usb_stor_blocking_completion, NULL, 376 us->ep_bInterval); 377 result = usb_stor_msg_common(us, 0); 378 379 return interpret_urb_result(us, pipe, length, result, 380 us->current_urb->actual_length); 381 } 382 383 /* 384 * Transfer one buffer via bulk pipe, without timeouts, but allowing early 385 * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe 386 * stalls during the transfer, the halt is automatically cleared. 387 */ 388 int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe, 389 void *buf, unsigned int length, unsigned int *act_len) 390 { 391 int result; 392 393 usb_stor_dbg(us, "xfer %u bytes\n", length); 394 395 /* fill and submit the URB */ 396 usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, buf, length, 397 usb_stor_blocking_completion, NULL); 398 result = usb_stor_msg_common(us, 0); 399 400 /* store the actual length of the data transferred */ 401 if (act_len) 402 *act_len = us->current_urb->actual_length; 403 return interpret_urb_result(us, pipe, length, result, 404 us->current_urb->actual_length); 405 } 406 EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf); 407 408 /* 409 * Transfer a scatter-gather list via bulk transfer 410 * 411 * This function does basically the same thing as usb_stor_bulk_transfer_buf() 412 * above, but it uses the usbcore scatter-gather library. 413 */ 414 static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe, 415 struct scatterlist *sg, int num_sg, unsigned int length, 416 unsigned int *act_len) 417 { 418 int result; 419 420 /* don't submit s-g requests during abort processing */ 421 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) 422 return USB_STOR_XFER_ERROR; 423 424 /* initialize the scatter-gather request block */ 425 usb_stor_dbg(us, "xfer %u bytes, %d entries\n", length, num_sg); 426 result = usb_sg_init(&us->current_sg, us->pusb_dev, pipe, 0, 427 sg, num_sg, length, GFP_NOIO); 428 if (result) { 429 usb_stor_dbg(us, "usb_sg_init returned %d\n", result); 430 return USB_STOR_XFER_ERROR; 431 } 432 433 /* 434 * since the block has been initialized successfully, it's now 435 * okay to cancel it 436 */ 437 set_bit(US_FLIDX_SG_ACTIVE, &us->dflags); 438 439 /* did an abort occur during the submission? */ 440 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { 441 442 /* cancel the request, if it hasn't been cancelled already */ 443 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) { 444 usb_stor_dbg(us, "-- cancelling sg request\n"); 445 usb_sg_cancel(&us->current_sg); 446 } 447 } 448 449 /* wait for the completion of the transfer */ 450 usb_sg_wait(&us->current_sg); 451 clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags); 452 453 result = us->current_sg.status; 454 if (act_len) 455 *act_len = us->current_sg.bytes; 456 return interpret_urb_result(us, pipe, length, result, 457 us->current_sg.bytes); 458 } 459 460 /* 461 * Common used function. Transfer a complete command 462 * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid 463 */ 464 int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe, 465 struct scsi_cmnd* srb) 466 { 467 unsigned int partial; 468 int result = usb_stor_bulk_transfer_sglist(us, pipe, scsi_sglist(srb), 469 scsi_sg_count(srb), scsi_bufflen(srb), 470 &partial); 471 472 scsi_set_resid(srb, scsi_bufflen(srb) - partial); 473 return result; 474 } 475 EXPORT_SYMBOL_GPL(usb_stor_bulk_srb); 476 477 /* 478 * Transfer an entire SCSI command's worth of data payload over the bulk 479 * pipe. 480 * 481 * Note that this uses usb_stor_bulk_transfer_buf() and 482 * usb_stor_bulk_transfer_sglist() to achieve its goals -- 483 * this function simply determines whether we're going to use 484 * scatter-gather or not, and acts appropriately. 485 */ 486 int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe, 487 void *buf, unsigned int length_left, int use_sg, int *residual) 488 { 489 int result; 490 unsigned int partial; 491 492 /* are we scatter-gathering? */ 493 if (use_sg) { 494 /* use the usb core scatter-gather primitives */ 495 result = usb_stor_bulk_transfer_sglist(us, pipe, 496 (struct scatterlist *) buf, use_sg, 497 length_left, &partial); 498 length_left -= partial; 499 } else { 500 /* no scatter-gather, just make the request */ 501 result = usb_stor_bulk_transfer_buf(us, pipe, buf, 502 length_left, &partial); 503 length_left -= partial; 504 } 505 506 /* store the residual and return the error code */ 507 if (residual) 508 *residual = length_left; 509 return result; 510 } 511 EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg); 512 513 /*********************************************************************** 514 * Transport routines 515 ***********************************************************************/ 516 517 /* 518 * There are so many devices that report the capacity incorrectly, 519 * this routine was written to counteract some of the resulting 520 * problems. 521 */ 522 static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb) 523 { 524 struct gendisk *disk; 525 struct scsi_disk *sdkp; 526 u32 sector; 527 528 /* To Report "Medium Error: Record Not Found */ 529 static unsigned char record_not_found[18] = { 530 [0] = 0x70, /* current error */ 531 [2] = MEDIUM_ERROR, /* = 0x03 */ 532 [7] = 0x0a, /* additional length */ 533 [12] = 0x14 /* Record Not Found */ 534 }; 535 536 /* 537 * If last-sector problems can't occur, whether because the 538 * capacity was already decremented or because the device is 539 * known to report the correct capacity, then we don't need 540 * to do anything. 541 */ 542 if (!us->use_last_sector_hacks) 543 return; 544 545 /* Was this command a READ(10) or a WRITE(10)? */ 546 if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10) 547 goto done; 548 549 /* Did this command access the last sector? */ 550 sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) | 551 (srb->cmnd[4] << 8) | (srb->cmnd[5]); 552 disk = srb->request->rq_disk; 553 if (!disk) 554 goto done; 555 sdkp = scsi_disk(disk); 556 if (!sdkp) 557 goto done; 558 if (sector + 1 != sdkp->capacity) 559 goto done; 560 561 if (srb->result == SAM_STAT_GOOD && scsi_get_resid(srb) == 0) { 562 563 /* 564 * The command succeeded. We know this device doesn't 565 * have the last-sector bug, so stop checking it. 566 */ 567 us->use_last_sector_hacks = 0; 568 569 } else { 570 /* 571 * The command failed. Allow up to 3 retries in case this 572 * is some normal sort of failure. After that, assume the 573 * capacity is wrong and we're trying to access the sector 574 * beyond the end. Replace the result code and sense data 575 * with values that will cause the SCSI core to fail the 576 * command immediately, instead of going into an infinite 577 * (or even just a very long) retry loop. 578 */ 579 if (++us->last_sector_retries < 3) 580 return; 581 srb->result = SAM_STAT_CHECK_CONDITION; 582 memcpy(srb->sense_buffer, record_not_found, 583 sizeof(record_not_found)); 584 } 585 586 done: 587 /* 588 * Don't reset the retry counter for TEST UNIT READY commands, 589 * because they get issued after device resets which might be 590 * caused by a failed last-sector access. 591 */ 592 if (srb->cmnd[0] != TEST_UNIT_READY) 593 us->last_sector_retries = 0; 594 } 595 596 /* 597 * Invoke the transport and basic error-handling/recovery methods 598 * 599 * This is used by the protocol layers to actually send the message to 600 * the device and receive the response. 601 */ 602 void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us) 603 { 604 int need_auto_sense; 605 int result; 606 607 /* send the command to the transport layer */ 608 scsi_set_resid(srb, 0); 609 result = us->transport(srb, us); 610 611 /* 612 * if the command gets aborted by the higher layers, we need to 613 * short-circuit all other processing 614 */ 615 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { 616 usb_stor_dbg(us, "-- command was aborted\n"); 617 srb->result = DID_ABORT << 16; 618 goto Handle_Errors; 619 } 620 621 /* if there is a transport error, reset and don't auto-sense */ 622 if (result == USB_STOR_TRANSPORT_ERROR) { 623 usb_stor_dbg(us, "-- transport indicates error, resetting\n"); 624 srb->result = DID_ERROR << 16; 625 goto Handle_Errors; 626 } 627 628 /* if the transport provided its own sense data, don't auto-sense */ 629 if (result == USB_STOR_TRANSPORT_NO_SENSE) { 630 srb->result = SAM_STAT_CHECK_CONDITION; 631 last_sector_hacks(us, srb); 632 return; 633 } 634 635 srb->result = SAM_STAT_GOOD; 636 637 /* 638 * Determine if we need to auto-sense 639 * 640 * I normally don't use a flag like this, but it's almost impossible 641 * to understand what's going on here if I don't. 642 */ 643 need_auto_sense = 0; 644 645 /* 646 * If we're running the CB transport, which is incapable 647 * of determining status on its own, we will auto-sense 648 * unless the operation involved a data-in transfer. Devices 649 * can signal most data-in errors by stalling the bulk-in pipe. 650 */ 651 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_DPCM_USB) && 652 srb->sc_data_direction != DMA_FROM_DEVICE) { 653 usb_stor_dbg(us, "-- CB transport device requiring auto-sense\n"); 654 need_auto_sense = 1; 655 } 656 657 /* 658 * If we have a failure, we're going to do a REQUEST_SENSE 659 * automatically. Note that we differentiate between a command 660 * "failure" and an "error" in the transport mechanism. 661 */ 662 if (result == USB_STOR_TRANSPORT_FAILED) { 663 usb_stor_dbg(us, "-- transport indicates command failure\n"); 664 need_auto_sense = 1; 665 } 666 667 /* 668 * Determine if this device is SAT by seeing if the 669 * command executed successfully. Otherwise we'll have 670 * to wait for at least one CHECK_CONDITION to determine 671 * SANE_SENSE support 672 */ 673 if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) && 674 result == USB_STOR_TRANSPORT_GOOD && 675 !(us->fflags & US_FL_SANE_SENSE) && 676 !(us->fflags & US_FL_BAD_SENSE) && 677 !(srb->cmnd[2] & 0x20))) { 678 usb_stor_dbg(us, "-- SAT supported, increasing auto-sense\n"); 679 us->fflags |= US_FL_SANE_SENSE; 680 } 681 682 /* 683 * A short transfer on a command where we don't expect it 684 * is unusual, but it doesn't mean we need to auto-sense. 685 */ 686 if ((scsi_get_resid(srb) > 0) && 687 !((srb->cmnd[0] == REQUEST_SENSE) || 688 (srb->cmnd[0] == INQUIRY) || 689 (srb->cmnd[0] == MODE_SENSE) || 690 (srb->cmnd[0] == LOG_SENSE) || 691 (srb->cmnd[0] == MODE_SENSE_10))) { 692 usb_stor_dbg(us, "-- unexpectedly short transfer\n"); 693 } 694 695 /* Now, if we need to do the auto-sense, let's do it */ 696 if (need_auto_sense) { 697 int temp_result; 698 struct scsi_eh_save ses; 699 int sense_size = US_SENSE_SIZE; 700 struct scsi_sense_hdr sshdr; 701 const u8 *scdd; 702 u8 fm_ili; 703 704 /* device supports and needs bigger sense buffer */ 705 if (us->fflags & US_FL_SANE_SENSE) 706 sense_size = ~0; 707 Retry_Sense: 708 usb_stor_dbg(us, "Issuing auto-REQUEST_SENSE\n"); 709 710 scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sense_size); 711 712 /* FIXME: we must do the protocol translation here */ 713 if (us->subclass == USB_SC_RBC || us->subclass == USB_SC_SCSI || 714 us->subclass == USB_SC_CYP_ATACB) 715 srb->cmd_len = 6; 716 else 717 srb->cmd_len = 12; 718 719 /* issue the auto-sense command */ 720 scsi_set_resid(srb, 0); 721 temp_result = us->transport(us->srb, us); 722 723 /* let's clean up right away */ 724 scsi_eh_restore_cmnd(srb, &ses); 725 726 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { 727 usb_stor_dbg(us, "-- auto-sense aborted\n"); 728 srb->result = DID_ABORT << 16; 729 730 /* If SANE_SENSE caused this problem, disable it */ 731 if (sense_size != US_SENSE_SIZE) { 732 us->fflags &= ~US_FL_SANE_SENSE; 733 us->fflags |= US_FL_BAD_SENSE; 734 } 735 goto Handle_Errors; 736 } 737 738 /* 739 * Some devices claim to support larger sense but fail when 740 * trying to request it. When a transport failure happens 741 * using US_FS_SANE_SENSE, we always retry with a standard 742 * (small) sense request. This fixes some USB GSM modems 743 */ 744 if (temp_result == USB_STOR_TRANSPORT_FAILED && 745 sense_size != US_SENSE_SIZE) { 746 usb_stor_dbg(us, "-- auto-sense failure, retry small sense\n"); 747 sense_size = US_SENSE_SIZE; 748 us->fflags &= ~US_FL_SANE_SENSE; 749 us->fflags |= US_FL_BAD_SENSE; 750 goto Retry_Sense; 751 } 752 753 /* Other failures */ 754 if (temp_result != USB_STOR_TRANSPORT_GOOD) { 755 usb_stor_dbg(us, "-- auto-sense failure\n"); 756 757 /* 758 * we skip the reset if this happens to be a 759 * multi-target device, since failure of an 760 * auto-sense is perfectly valid 761 */ 762 srb->result = DID_ERROR << 16; 763 if (!(us->fflags & US_FL_SCM_MULT_TARG)) 764 goto Handle_Errors; 765 return; 766 } 767 768 /* 769 * If the sense data returned is larger than 18-bytes then we 770 * assume this device supports requesting more in the future. 771 * The response code must be 70h through 73h inclusive. 772 */ 773 if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) && 774 !(us->fflags & US_FL_SANE_SENSE) && 775 !(us->fflags & US_FL_BAD_SENSE) && 776 (srb->sense_buffer[0] & 0x7C) == 0x70) { 777 usb_stor_dbg(us, "-- SANE_SENSE support enabled\n"); 778 us->fflags |= US_FL_SANE_SENSE; 779 780 /* 781 * Indicate to the user that we truncated their sense 782 * because we didn't know it supported larger sense. 783 */ 784 usb_stor_dbg(us, "-- Sense data truncated to %i from %i\n", 785 US_SENSE_SIZE, 786 srb->sense_buffer[7] + 8); 787 srb->sense_buffer[7] = (US_SENSE_SIZE - 8); 788 } 789 790 scsi_normalize_sense(srb->sense_buffer, SCSI_SENSE_BUFFERSIZE, 791 &sshdr); 792 793 usb_stor_dbg(us, "-- Result from auto-sense is %d\n", 794 temp_result); 795 usb_stor_dbg(us, "-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n", 796 sshdr.response_code, sshdr.sense_key, 797 sshdr.asc, sshdr.ascq); 798 #ifdef CONFIG_USB_STORAGE_DEBUG 799 usb_stor_show_sense(us, sshdr.sense_key, sshdr.asc, sshdr.ascq); 800 #endif 801 802 /* set the result so the higher layers expect this data */ 803 srb->result = SAM_STAT_CHECK_CONDITION; 804 805 scdd = scsi_sense_desc_find(srb->sense_buffer, 806 SCSI_SENSE_BUFFERSIZE, 4); 807 fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0; 808 809 /* 810 * We often get empty sense data. This could indicate that 811 * everything worked or that there was an unspecified 812 * problem. We have to decide which. 813 */ 814 if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 && 815 fm_ili == 0) { 816 /* 817 * If things are really okay, then let's show that. 818 * Zero out the sense buffer so the higher layers 819 * won't realize we did an unsolicited auto-sense. 820 */ 821 if (result == USB_STOR_TRANSPORT_GOOD) { 822 srb->result = SAM_STAT_GOOD; 823 srb->sense_buffer[0] = 0x0; 824 } 825 826 /* 827 * ATA-passthru commands use sense data to report 828 * the command completion status, and often devices 829 * return Check Condition status when nothing is 830 * wrong. 831 */ 832 else if (srb->cmnd[0] == ATA_16 || 833 srb->cmnd[0] == ATA_12) { 834 /* leave the data alone */ 835 } 836 837 /* 838 * If there was a problem, report an unspecified 839 * hardware error to prevent the higher layers from 840 * entering an infinite retry loop. 841 */ 842 else { 843 srb->result = DID_ERROR << 16; 844 if ((sshdr.response_code & 0x72) == 0x72) 845 srb->sense_buffer[1] = HARDWARE_ERROR; 846 else 847 srb->sense_buffer[2] = HARDWARE_ERROR; 848 } 849 } 850 } 851 852 /* 853 * Some devices don't work or return incorrect data the first 854 * time they get a READ(10) command, or for the first READ(10) 855 * after a media change. If the INITIAL_READ10 flag is set, 856 * keep track of whether READ(10) commands succeed. If the 857 * previous one succeeded and this one failed, set the REDO_READ10 858 * flag to force a retry. 859 */ 860 if (unlikely((us->fflags & US_FL_INITIAL_READ10) && 861 srb->cmnd[0] == READ_10)) { 862 if (srb->result == SAM_STAT_GOOD) { 863 set_bit(US_FLIDX_READ10_WORKED, &us->dflags); 864 } else if (test_bit(US_FLIDX_READ10_WORKED, &us->dflags)) { 865 clear_bit(US_FLIDX_READ10_WORKED, &us->dflags); 866 set_bit(US_FLIDX_REDO_READ10, &us->dflags); 867 } 868 869 /* 870 * Next, if the REDO_READ10 flag is set, return a result 871 * code that will cause the SCSI core to retry the READ(10) 872 * command immediately. 873 */ 874 if (test_bit(US_FLIDX_REDO_READ10, &us->dflags)) { 875 clear_bit(US_FLIDX_REDO_READ10, &us->dflags); 876 srb->result = DID_IMM_RETRY << 16; 877 srb->sense_buffer[0] = 0; 878 } 879 } 880 881 /* Did we transfer less than the minimum amount required? */ 882 if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) && 883 scsi_bufflen(srb) - scsi_get_resid(srb) < srb->underflow) 884 srb->result = DID_ERROR << 16; 885 886 last_sector_hacks(us, srb); 887 return; 888 889 /* 890 * Error and abort processing: try to resynchronize with the device 891 * by issuing a port reset. If that fails, try a class-specific 892 * device reset. 893 */ 894 Handle_Errors: 895 896 /* 897 * Set the RESETTING bit, and clear the ABORTING bit so that 898 * the reset may proceed. 899 */ 900 scsi_lock(us_to_host(us)); 901 set_bit(US_FLIDX_RESETTING, &us->dflags); 902 clear_bit(US_FLIDX_ABORTING, &us->dflags); 903 scsi_unlock(us_to_host(us)); 904 905 /* 906 * We must release the device lock because the pre_reset routine 907 * will want to acquire it. 908 */ 909 mutex_unlock(&us->dev_mutex); 910 result = usb_stor_port_reset(us); 911 mutex_lock(&us->dev_mutex); 912 913 if (result < 0) { 914 scsi_lock(us_to_host(us)); 915 usb_stor_report_device_reset(us); 916 scsi_unlock(us_to_host(us)); 917 us->transport_reset(us); 918 } 919 clear_bit(US_FLIDX_RESETTING, &us->dflags); 920 last_sector_hacks(us, srb); 921 } 922 923 /* Stop the current URB transfer */ 924 void usb_stor_stop_transport(struct us_data *us) 925 { 926 /* 927 * If the state machine is blocked waiting for an URB, 928 * let's wake it up. The test_and_clear_bit() call 929 * guarantees that if a URB has just been submitted, 930 * it won't be cancelled more than once. 931 */ 932 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) { 933 usb_stor_dbg(us, "-- cancelling URB\n"); 934 usb_unlink_urb(us->current_urb); 935 } 936 937 /* If we are waiting for a scatter-gather operation, cancel it. */ 938 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) { 939 usb_stor_dbg(us, "-- cancelling sg request\n"); 940 usb_sg_cancel(&us->current_sg); 941 } 942 } 943 944 /* 945 * Control/Bulk and Control/Bulk/Interrupt transport 946 */ 947 948 int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us) 949 { 950 unsigned int transfer_length = scsi_bufflen(srb); 951 unsigned int pipe = 0; 952 int result; 953 954 /* COMMAND STAGE */ 955 /* let's send the command via the control pipe */ 956 /* 957 * Command is sometime (f.e. after scsi_eh_prep_cmnd) on the stack. 958 * Stack may be vmallocated. So no DMA for us. Make a copy. 959 */ 960 memcpy(us->iobuf, srb->cmnd, srb->cmd_len); 961 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe, 962 US_CBI_ADSC, 963 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0, 964 us->ifnum, us->iobuf, srb->cmd_len); 965 966 /* check the return code for the command */ 967 usb_stor_dbg(us, "Call to usb_stor_ctrl_transfer() returned %d\n", 968 result); 969 970 /* if we stalled the command, it means command failed */ 971 if (result == USB_STOR_XFER_STALLED) { 972 return USB_STOR_TRANSPORT_FAILED; 973 } 974 975 /* Uh oh... serious problem here */ 976 if (result != USB_STOR_XFER_GOOD) { 977 return USB_STOR_TRANSPORT_ERROR; 978 } 979 980 /* DATA STAGE */ 981 /* transfer the data payload for this command, if one exists*/ 982 if (transfer_length) { 983 pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 984 us->recv_bulk_pipe : us->send_bulk_pipe; 985 result = usb_stor_bulk_srb(us, pipe, srb); 986 usb_stor_dbg(us, "CBI data stage result is 0x%x\n", result); 987 988 /* if we stalled the data transfer it means command failed */ 989 if (result == USB_STOR_XFER_STALLED) 990 return USB_STOR_TRANSPORT_FAILED; 991 if (result > USB_STOR_XFER_STALLED) 992 return USB_STOR_TRANSPORT_ERROR; 993 } 994 995 /* STATUS STAGE */ 996 997 /* 998 * NOTE: CB does not have a status stage. Silly, I know. So 999 * we have to catch this at a higher level. 1000 */ 1001 if (us->protocol != USB_PR_CBI) 1002 return USB_STOR_TRANSPORT_GOOD; 1003 1004 result = usb_stor_intr_transfer(us, us->iobuf, 2); 1005 usb_stor_dbg(us, "Got interrupt data (0x%x, 0x%x)\n", 1006 us->iobuf[0], us->iobuf[1]); 1007 if (result != USB_STOR_XFER_GOOD) 1008 return USB_STOR_TRANSPORT_ERROR; 1009 1010 /* 1011 * UFI gives us ASC and ASCQ, like a request sense 1012 * 1013 * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI 1014 * devices, so we ignore the information for those commands. Note 1015 * that this means we could be ignoring a real error on these 1016 * commands, but that can't be helped. 1017 */ 1018 if (us->subclass == USB_SC_UFI) { 1019 if (srb->cmnd[0] == REQUEST_SENSE || 1020 srb->cmnd[0] == INQUIRY) 1021 return USB_STOR_TRANSPORT_GOOD; 1022 if (us->iobuf[0]) 1023 goto Failed; 1024 return USB_STOR_TRANSPORT_GOOD; 1025 } 1026 1027 /* 1028 * If not UFI, we interpret the data as a result code 1029 * The first byte should always be a 0x0. 1030 * 1031 * Some bogus devices don't follow that rule. They stuff the ASC 1032 * into the first byte -- so if it's non-zero, call it a failure. 1033 */ 1034 if (us->iobuf[0]) { 1035 usb_stor_dbg(us, "CBI IRQ data showed reserved bType 0x%x\n", 1036 us->iobuf[0]); 1037 goto Failed; 1038 1039 } 1040 1041 /* The second byte & 0x0F should be 0x0 for good, otherwise error */ 1042 switch (us->iobuf[1] & 0x0F) { 1043 case 0x00: 1044 return USB_STOR_TRANSPORT_GOOD; 1045 case 0x01: 1046 goto Failed; 1047 } 1048 return USB_STOR_TRANSPORT_ERROR; 1049 1050 /* 1051 * the CBI spec requires that the bulk pipe must be cleared 1052 * following any data-in/out command failure (section 2.4.3.1.3) 1053 */ 1054 Failed: 1055 if (pipe) 1056 usb_stor_clear_halt(us, pipe); 1057 return USB_STOR_TRANSPORT_FAILED; 1058 } 1059 EXPORT_SYMBOL_GPL(usb_stor_CB_transport); 1060 1061 /* 1062 * Bulk only transport 1063 */ 1064 1065 /* Determine what the maximum LUN supported is */ 1066 int usb_stor_Bulk_max_lun(struct us_data *us) 1067 { 1068 int result; 1069 1070 /* issue the command */ 1071 us->iobuf[0] = 0; 1072 result = usb_stor_control_msg(us, us->recv_ctrl_pipe, 1073 US_BULK_GET_MAX_LUN, 1074 USB_DIR_IN | USB_TYPE_CLASS | 1075 USB_RECIP_INTERFACE, 1076 0, us->ifnum, us->iobuf, 1, 10*HZ); 1077 1078 usb_stor_dbg(us, "GetMaxLUN command result is %d, data is %d\n", 1079 result, us->iobuf[0]); 1080 1081 /* 1082 * If we have a successful request, return the result if valid. The 1083 * CBW LUN field is 4 bits wide, so the value reported by the device 1084 * should fit into that. 1085 */ 1086 if (result > 0) { 1087 if (us->iobuf[0] < 16) { 1088 return us->iobuf[0]; 1089 } else { 1090 dev_info(&us->pusb_intf->dev, 1091 "Max LUN %d is not valid, using 0 instead", 1092 us->iobuf[0]); 1093 } 1094 } 1095 1096 /* 1097 * Some devices don't like GetMaxLUN. They may STALL the control 1098 * pipe, they may return a zero-length result, they may do nothing at 1099 * all and timeout, or they may fail in even more bizarrely creative 1100 * ways. In these cases the best approach is to use the default 1101 * value: only one LUN. 1102 */ 1103 return 0; 1104 } 1105 1106 int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) 1107 { 1108 struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf; 1109 struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf; 1110 unsigned int transfer_length = scsi_bufflen(srb); 1111 unsigned int residue; 1112 int result; 1113 int fake_sense = 0; 1114 unsigned int cswlen; 1115 unsigned int cbwlen = US_BULK_CB_WRAP_LEN; 1116 1117 /* Take care of BULK32 devices; set extra byte to 0 */ 1118 if (unlikely(us->fflags & US_FL_BULK32)) { 1119 cbwlen = 32; 1120 us->iobuf[31] = 0; 1121 } 1122 1123 /* set up the command wrapper */ 1124 bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN); 1125 bcb->DataTransferLength = cpu_to_le32(transfer_length); 1126 bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ? 1127 US_BULK_FLAG_IN : 0; 1128 bcb->Tag = ++us->tag; 1129 bcb->Lun = srb->device->lun; 1130 if (us->fflags & US_FL_SCM_MULT_TARG) 1131 bcb->Lun |= srb->device->id << 4; 1132 bcb->Length = srb->cmd_len; 1133 1134 /* copy the command payload */ 1135 memset(bcb->CDB, 0, sizeof(bcb->CDB)); 1136 memcpy(bcb->CDB, srb->cmnd, bcb->Length); 1137 1138 /* send it to out endpoint */ 1139 usb_stor_dbg(us, "Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n", 1140 le32_to_cpu(bcb->Signature), bcb->Tag, 1141 le32_to_cpu(bcb->DataTransferLength), bcb->Flags, 1142 (bcb->Lun >> 4), (bcb->Lun & 0x0F), 1143 bcb->Length); 1144 result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, 1145 bcb, cbwlen, NULL); 1146 usb_stor_dbg(us, "Bulk command transfer result=%d\n", result); 1147 if (result != USB_STOR_XFER_GOOD) 1148 return USB_STOR_TRANSPORT_ERROR; 1149 1150 /* DATA STAGE */ 1151 /* send/receive data payload, if there is any */ 1152 1153 /* 1154 * Some USB-IDE converter chips need a 100us delay between the 1155 * command phase and the data phase. Some devices need a little 1156 * more than that, probably because of clock rate inaccuracies. 1157 */ 1158 if (unlikely(us->fflags & US_FL_GO_SLOW)) 1159 usleep_range(125, 150); 1160 1161 if (transfer_length) { 1162 unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 1163 us->recv_bulk_pipe : us->send_bulk_pipe; 1164 result = usb_stor_bulk_srb(us, pipe, srb); 1165 usb_stor_dbg(us, "Bulk data transfer result 0x%x\n", result); 1166 if (result == USB_STOR_XFER_ERROR) 1167 return USB_STOR_TRANSPORT_ERROR; 1168 1169 /* 1170 * If the device tried to send back more data than the 1171 * amount requested, the spec requires us to transfer 1172 * the CSW anyway. Since there's no point retrying the 1173 * the command, we'll return fake sense data indicating 1174 * Illegal Request, Invalid Field in CDB. 1175 */ 1176 if (result == USB_STOR_XFER_LONG) 1177 fake_sense = 1; 1178 1179 /* 1180 * Sometimes a device will mistakenly skip the data phase 1181 * and go directly to the status phase without sending a 1182 * zero-length packet. If we get a 13-byte response here, 1183 * check whether it really is a CSW. 1184 */ 1185 if (result == USB_STOR_XFER_SHORT && 1186 srb->sc_data_direction == DMA_FROM_DEVICE && 1187 transfer_length - scsi_get_resid(srb) == 1188 US_BULK_CS_WRAP_LEN) { 1189 struct scatterlist *sg = NULL; 1190 unsigned int offset = 0; 1191 1192 if (usb_stor_access_xfer_buf((unsigned char *) bcs, 1193 US_BULK_CS_WRAP_LEN, srb, &sg, 1194 &offset, FROM_XFER_BUF) == 1195 US_BULK_CS_WRAP_LEN && 1196 bcs->Signature == 1197 cpu_to_le32(US_BULK_CS_SIGN)) { 1198 usb_stor_dbg(us, "Device skipped data phase\n"); 1199 scsi_set_resid(srb, transfer_length); 1200 goto skipped_data_phase; 1201 } 1202 } 1203 } 1204 1205 /* 1206 * See flow chart on pg 15 of the Bulk Only Transport spec for 1207 * an explanation of how this code works. 1208 */ 1209 1210 /* get CSW for device status */ 1211 usb_stor_dbg(us, "Attempting to get CSW...\n"); 1212 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1213 bcs, US_BULK_CS_WRAP_LEN, &cswlen); 1214 1215 /* 1216 * Some broken devices add unnecessary zero-length packets to the 1217 * end of their data transfers. Such packets show up as 0-length 1218 * CSWs. If we encounter such a thing, try to read the CSW again. 1219 */ 1220 if (result == USB_STOR_XFER_SHORT && cswlen == 0) { 1221 usb_stor_dbg(us, "Received 0-length CSW; retrying...\n"); 1222 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1223 bcs, US_BULK_CS_WRAP_LEN, &cswlen); 1224 } 1225 1226 /* did the attempt to read the CSW fail? */ 1227 if (result == USB_STOR_XFER_STALLED) { 1228 1229 /* get the status again */ 1230 usb_stor_dbg(us, "Attempting to get CSW (2nd try)...\n"); 1231 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, 1232 bcs, US_BULK_CS_WRAP_LEN, NULL); 1233 } 1234 1235 /* if we still have a failure at this point, we're in trouble */ 1236 usb_stor_dbg(us, "Bulk status result = %d\n", result); 1237 if (result != USB_STOR_XFER_GOOD) 1238 return USB_STOR_TRANSPORT_ERROR; 1239 1240 skipped_data_phase: 1241 /* check bulk status */ 1242 residue = le32_to_cpu(bcs->Residue); 1243 usb_stor_dbg(us, "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n", 1244 le32_to_cpu(bcs->Signature), bcs->Tag, 1245 residue, bcs->Status); 1246 if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) || 1247 bcs->Status > US_BULK_STAT_PHASE) { 1248 usb_stor_dbg(us, "Bulk logical error\n"); 1249 return USB_STOR_TRANSPORT_ERROR; 1250 } 1251 1252 /* 1253 * Some broken devices report odd signatures, so we do not check them 1254 * for validity against the spec. We store the first one we see, 1255 * and check subsequent transfers for validity against this signature. 1256 */ 1257 if (!us->bcs_signature) { 1258 us->bcs_signature = bcs->Signature; 1259 if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN)) 1260 usb_stor_dbg(us, "Learnt BCS signature 0x%08X\n", 1261 le32_to_cpu(us->bcs_signature)); 1262 } else if (bcs->Signature != us->bcs_signature) { 1263 usb_stor_dbg(us, "Signature mismatch: got %08X, expecting %08X\n", 1264 le32_to_cpu(bcs->Signature), 1265 le32_to_cpu(us->bcs_signature)); 1266 return USB_STOR_TRANSPORT_ERROR; 1267 } 1268 1269 /* 1270 * try to compute the actual residue, based on how much data 1271 * was really transferred and what the device tells us 1272 */ 1273 if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) { 1274 1275 /* 1276 * Heuristically detect devices that generate bogus residues 1277 * by seeing what happens with INQUIRY and READ CAPACITY 1278 * commands. 1279 */ 1280 if (bcs->Status == US_BULK_STAT_OK && 1281 scsi_get_resid(srb) == 0 && 1282 ((srb->cmnd[0] == INQUIRY && 1283 transfer_length == 36) || 1284 (srb->cmnd[0] == READ_CAPACITY && 1285 transfer_length == 8))) { 1286 us->fflags |= US_FL_IGNORE_RESIDUE; 1287 1288 } else { 1289 residue = min(residue, transfer_length); 1290 scsi_set_resid(srb, max(scsi_get_resid(srb), 1291 (int) residue)); 1292 } 1293 } 1294 1295 /* based on the status code, we report good or bad */ 1296 switch (bcs->Status) { 1297 case US_BULK_STAT_OK: 1298 /* device babbled -- return fake sense data */ 1299 if (fake_sense) { 1300 memcpy(srb->sense_buffer, 1301 usb_stor_sense_invalidCDB, 1302 sizeof(usb_stor_sense_invalidCDB)); 1303 return USB_STOR_TRANSPORT_NO_SENSE; 1304 } 1305 1306 /* command good -- note that data could be short */ 1307 return USB_STOR_TRANSPORT_GOOD; 1308 1309 case US_BULK_STAT_FAIL: 1310 /* command failed */ 1311 return USB_STOR_TRANSPORT_FAILED; 1312 1313 case US_BULK_STAT_PHASE: 1314 /* 1315 * phase error -- note that a transport reset will be 1316 * invoked by the invoke_transport() function 1317 */ 1318 return USB_STOR_TRANSPORT_ERROR; 1319 } 1320 1321 /* we should never get here, but if we do, we're in trouble */ 1322 return USB_STOR_TRANSPORT_ERROR; 1323 } 1324 EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport); 1325 1326 /*********************************************************************** 1327 * Reset routines 1328 ***********************************************************************/ 1329 1330 /* 1331 * This is the common part of the device reset code. 1332 * 1333 * It's handy that every transport mechanism uses the control endpoint for 1334 * resets. 1335 * 1336 * Basically, we send a reset with a 5-second timeout, so we don't get 1337 * jammed attempting to do the reset. 1338 */ 1339 static int usb_stor_reset_common(struct us_data *us, 1340 u8 request, u8 requesttype, 1341 u16 value, u16 index, void *data, u16 size) 1342 { 1343 int result; 1344 int result2; 1345 1346 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1347 usb_stor_dbg(us, "No reset during disconnect\n"); 1348 return -EIO; 1349 } 1350 1351 result = usb_stor_control_msg(us, us->send_ctrl_pipe, 1352 request, requesttype, value, index, data, size, 1353 5*HZ); 1354 if (result < 0) { 1355 usb_stor_dbg(us, "Soft reset failed: %d\n", result); 1356 return result; 1357 } 1358 1359 /* 1360 * Give the device some time to recover from the reset, 1361 * but don't delay disconnect processing. 1362 */ 1363 wait_event_interruptible_timeout(us->delay_wait, 1364 test_bit(US_FLIDX_DISCONNECTING, &us->dflags), 1365 HZ*6); 1366 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1367 usb_stor_dbg(us, "Reset interrupted by disconnect\n"); 1368 return -EIO; 1369 } 1370 1371 usb_stor_dbg(us, "Soft reset: clearing bulk-in endpoint halt\n"); 1372 result = usb_stor_clear_halt(us, us->recv_bulk_pipe); 1373 1374 usb_stor_dbg(us, "Soft reset: clearing bulk-out endpoint halt\n"); 1375 result2 = usb_stor_clear_halt(us, us->send_bulk_pipe); 1376 1377 /* return a result code based on the result of the clear-halts */ 1378 if (result >= 0) 1379 result = result2; 1380 if (result < 0) 1381 usb_stor_dbg(us, "Soft reset failed\n"); 1382 else 1383 usb_stor_dbg(us, "Soft reset done\n"); 1384 return result; 1385 } 1386 1387 /* This issues a CB[I] Reset to the device in question */ 1388 #define CB_RESET_CMD_SIZE 12 1389 1390 int usb_stor_CB_reset(struct us_data *us) 1391 { 1392 memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE); 1393 us->iobuf[0] = SEND_DIAGNOSTIC; 1394 us->iobuf[1] = 4; 1395 return usb_stor_reset_common(us, US_CBI_ADSC, 1396 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1397 0, us->ifnum, us->iobuf, CB_RESET_CMD_SIZE); 1398 } 1399 EXPORT_SYMBOL_GPL(usb_stor_CB_reset); 1400 1401 /* 1402 * This issues a Bulk-only Reset to the device in question, including 1403 * clearing the subsequent endpoint halts that may occur. 1404 */ 1405 int usb_stor_Bulk_reset(struct us_data *us) 1406 { 1407 return usb_stor_reset_common(us, US_BULK_RESET_REQUEST, 1408 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1409 0, us->ifnum, NULL, 0); 1410 } 1411 EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset); 1412 1413 /* 1414 * Issue a USB port reset to the device. The caller must not hold 1415 * us->dev_mutex. 1416 */ 1417 int usb_stor_port_reset(struct us_data *us) 1418 { 1419 int result; 1420 1421 /*for these devices we must use the class specific method */ 1422 if (us->pusb_dev->quirks & USB_QUIRK_RESET) 1423 return -EPERM; 1424 1425 result = usb_lock_device_for_reset(us->pusb_dev, us->pusb_intf); 1426 if (result < 0) 1427 usb_stor_dbg(us, "unable to lock device for reset: %d\n", 1428 result); 1429 else { 1430 /* Were we disconnected while waiting for the lock? */ 1431 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { 1432 result = -EIO; 1433 usb_stor_dbg(us, "No reset during disconnect\n"); 1434 } else { 1435 result = usb_reset_device(us->pusb_dev); 1436 usb_stor_dbg(us, "usb_reset_device returns %d\n", 1437 result); 1438 } 1439 usb_unlock_device(us->pusb_dev); 1440 } 1441 return result; 1442 } 1443