xref: /openbmc/linux/drivers/usb/storage/uas.c (revision 63c43812ee99efe7903955bae8cd928e9582477a)
1 /*
2  * USB Attached SCSI
3  * Note that this is not the same as the USB Mass Storage driver
4  *
5  * Copyright Hans de Goede <hdegoede@redhat.com> for Red Hat, Inc. 2013 - 2014
6  * Copyright Matthew Wilcox for Intel Corp, 2010
7  * Copyright Sarah Sharp for Intel Corp, 2010
8  *
9  * Distributed under the terms of the GNU GPL, version two.
10  */
11 
12 #include <linux/blkdev.h>
13 #include <linux/slab.h>
14 #include <linux/types.h>
15 #include <linux/module.h>
16 #include <linux/usb.h>
17 #include <linux/usb_usual.h>
18 #include <linux/usb/hcd.h>
19 #include <linux/usb/storage.h>
20 #include <linux/usb/uas.h>
21 
22 #include <scsi/scsi.h>
23 #include <scsi/scsi_eh.h>
24 #include <scsi/scsi_dbg.h>
25 #include <scsi/scsi_cmnd.h>
26 #include <scsi/scsi_device.h>
27 #include <scsi/scsi_host.h>
28 #include <scsi/scsi_tcq.h>
29 
30 #include "uas-detect.h"
31 #include "scsiglue.h"
32 
33 #define MAX_CMNDS 256
34 
35 struct uas_dev_info {
36 	struct usb_interface *intf;
37 	struct usb_device *udev;
38 	struct usb_anchor cmd_urbs;
39 	struct usb_anchor sense_urbs;
40 	struct usb_anchor data_urbs;
41 	unsigned long flags;
42 	int qdepth, resetting;
43 	unsigned cmd_pipe, status_pipe, data_in_pipe, data_out_pipe;
44 	unsigned use_streams:1;
45 	unsigned shutdown:1;
46 	struct scsi_cmnd *cmnd[MAX_CMNDS];
47 	spinlock_t lock;
48 	struct work_struct work;
49 };
50 
51 enum {
52 	SUBMIT_STATUS_URB	= (1 << 1),
53 	ALLOC_DATA_IN_URB	= (1 << 2),
54 	SUBMIT_DATA_IN_URB	= (1 << 3),
55 	ALLOC_DATA_OUT_URB	= (1 << 4),
56 	SUBMIT_DATA_OUT_URB	= (1 << 5),
57 	ALLOC_CMD_URB		= (1 << 6),
58 	SUBMIT_CMD_URB		= (1 << 7),
59 	COMMAND_INFLIGHT        = (1 << 8),
60 	DATA_IN_URB_INFLIGHT    = (1 << 9),
61 	DATA_OUT_URB_INFLIGHT   = (1 << 10),
62 	COMMAND_ABORTED         = (1 << 11),
63 	IS_IN_WORK_LIST         = (1 << 12),
64 };
65 
66 /* Overrides scsi_pointer */
67 struct uas_cmd_info {
68 	unsigned int state;
69 	unsigned int uas_tag;
70 	struct urb *cmd_urb;
71 	struct urb *data_in_urb;
72 	struct urb *data_out_urb;
73 };
74 
75 /* I hate forward declarations, but I actually have a loop */
76 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
77 				struct uas_dev_info *devinfo, gfp_t gfp);
78 static void uas_do_work(struct work_struct *work);
79 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller);
80 static void uas_free_streams(struct uas_dev_info *devinfo);
81 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
82 				int status);
83 
84 static void uas_do_work(struct work_struct *work)
85 {
86 	struct uas_dev_info *devinfo =
87 		container_of(work, struct uas_dev_info, work);
88 	struct uas_cmd_info *cmdinfo;
89 	struct scsi_cmnd *cmnd;
90 	unsigned long flags;
91 	int i, err;
92 
93 	spin_lock_irqsave(&devinfo->lock, flags);
94 
95 	if (devinfo->resetting)
96 		goto out;
97 
98 	for (i = 0; i < devinfo->qdepth; i++) {
99 		if (!devinfo->cmnd[i])
100 			continue;
101 
102 		cmnd = devinfo->cmnd[i];
103 		cmdinfo = (void *)&cmnd->SCp;
104 
105 		if (!(cmdinfo->state & IS_IN_WORK_LIST))
106 			continue;
107 
108 		err = uas_submit_urbs(cmnd, cmnd->device->hostdata, GFP_ATOMIC);
109 		if (!err)
110 			cmdinfo->state &= ~IS_IN_WORK_LIST;
111 		else
112 			schedule_work(&devinfo->work);
113 	}
114 out:
115 	spin_unlock_irqrestore(&devinfo->lock, flags);
116 }
117 
118 static void uas_add_work(struct uas_cmd_info *cmdinfo)
119 {
120 	struct scsi_pointer *scp = (void *)cmdinfo;
121 	struct scsi_cmnd *cmnd = container_of(scp, struct scsi_cmnd, SCp);
122 	struct uas_dev_info *devinfo = cmnd->device->hostdata;
123 
124 	lockdep_assert_held(&devinfo->lock);
125 	cmdinfo->state |= IS_IN_WORK_LIST;
126 	schedule_work(&devinfo->work);
127 }
128 
129 static void uas_zap_pending(struct uas_dev_info *devinfo, int result)
130 {
131 	struct uas_cmd_info *cmdinfo;
132 	struct scsi_cmnd *cmnd;
133 	unsigned long flags;
134 	int i, err;
135 
136 	spin_lock_irqsave(&devinfo->lock, flags);
137 	for (i = 0; i < devinfo->qdepth; i++) {
138 		if (!devinfo->cmnd[i])
139 			continue;
140 
141 		cmnd = devinfo->cmnd[i];
142 		cmdinfo = (void *)&cmnd->SCp;
143 		uas_log_cmd_state(cmnd, __func__, 0);
144 		/* Sense urbs were killed, clear COMMAND_INFLIGHT manually */
145 		cmdinfo->state &= ~COMMAND_INFLIGHT;
146 		cmnd->result = result << 16;
147 		err = uas_try_complete(cmnd, __func__);
148 		WARN_ON(err != 0);
149 	}
150 	spin_unlock_irqrestore(&devinfo->lock, flags);
151 }
152 
153 static void uas_sense(struct urb *urb, struct scsi_cmnd *cmnd)
154 {
155 	struct sense_iu *sense_iu = urb->transfer_buffer;
156 	struct scsi_device *sdev = cmnd->device;
157 
158 	if (urb->actual_length > 16) {
159 		unsigned len = be16_to_cpup(&sense_iu->len);
160 		if (len + 16 != urb->actual_length) {
161 			int newlen = min(len + 16, urb->actual_length) - 16;
162 			if (newlen < 0)
163 				newlen = 0;
164 			sdev_printk(KERN_INFO, sdev, "%s: urb length %d "
165 				"disagrees with IU sense data length %d, "
166 				"using %d bytes of sense data\n", __func__,
167 					urb->actual_length, len, newlen);
168 			len = newlen;
169 		}
170 		memcpy(cmnd->sense_buffer, sense_iu->sense, len);
171 	}
172 
173 	cmnd->result = sense_iu->status;
174 }
175 
176 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
177 			      int status)
178 {
179 	struct uas_cmd_info *ci = (void *)&cmnd->SCp;
180 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
181 
182 	scmd_printk(KERN_INFO, cmnd,
183 		    "%s %d uas-tag %d inflight:%s%s%s%s%s%s%s%s%s%s%s%s ",
184 		    prefix, status, cmdinfo->uas_tag,
185 		    (ci->state & SUBMIT_STATUS_URB)     ? " s-st"  : "",
186 		    (ci->state & ALLOC_DATA_IN_URB)     ? " a-in"  : "",
187 		    (ci->state & SUBMIT_DATA_IN_URB)    ? " s-in"  : "",
188 		    (ci->state & ALLOC_DATA_OUT_URB)    ? " a-out" : "",
189 		    (ci->state & SUBMIT_DATA_OUT_URB)   ? " s-out" : "",
190 		    (ci->state & ALLOC_CMD_URB)         ? " a-cmd" : "",
191 		    (ci->state & SUBMIT_CMD_URB)        ? " s-cmd" : "",
192 		    (ci->state & COMMAND_INFLIGHT)      ? " CMD"   : "",
193 		    (ci->state & DATA_IN_URB_INFLIGHT)  ? " IN"    : "",
194 		    (ci->state & DATA_OUT_URB_INFLIGHT) ? " OUT"   : "",
195 		    (ci->state & COMMAND_ABORTED)       ? " abort" : "",
196 		    (ci->state & IS_IN_WORK_LIST)       ? " work"  : "");
197 	scsi_print_command(cmnd);
198 }
199 
200 static void uas_free_unsubmitted_urbs(struct scsi_cmnd *cmnd)
201 {
202 	struct uas_cmd_info *cmdinfo;
203 
204 	if (!cmnd)
205 		return;
206 
207 	cmdinfo = (void *)&cmnd->SCp;
208 
209 	if (cmdinfo->state & SUBMIT_CMD_URB)
210 		usb_free_urb(cmdinfo->cmd_urb);
211 
212 	/* data urbs may have never gotten their submit flag set */
213 	if (!(cmdinfo->state & DATA_IN_URB_INFLIGHT))
214 		usb_free_urb(cmdinfo->data_in_urb);
215 	if (!(cmdinfo->state & DATA_OUT_URB_INFLIGHT))
216 		usb_free_urb(cmdinfo->data_out_urb);
217 }
218 
219 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller)
220 {
221 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
222 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
223 
224 	lockdep_assert_held(&devinfo->lock);
225 	if (cmdinfo->state & (COMMAND_INFLIGHT |
226 			      DATA_IN_URB_INFLIGHT |
227 			      DATA_OUT_URB_INFLIGHT |
228 			      COMMAND_ABORTED))
229 		return -EBUSY;
230 	devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
231 	uas_free_unsubmitted_urbs(cmnd);
232 	cmnd->scsi_done(cmnd);
233 	return 0;
234 }
235 
236 static void uas_xfer_data(struct urb *urb, struct scsi_cmnd *cmnd,
237 			  unsigned direction)
238 {
239 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
240 	int err;
241 
242 	cmdinfo->state |= direction | SUBMIT_STATUS_URB;
243 	err = uas_submit_urbs(cmnd, cmnd->device->hostdata, GFP_ATOMIC);
244 	if (err) {
245 		uas_add_work(cmdinfo);
246 	}
247 }
248 
249 static void uas_stat_cmplt(struct urb *urb)
250 {
251 	struct iu *iu = urb->transfer_buffer;
252 	struct Scsi_Host *shost = urb->context;
253 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
254 	struct urb *data_in_urb = NULL;
255 	struct urb *data_out_urb = NULL;
256 	struct scsi_cmnd *cmnd;
257 	struct uas_cmd_info *cmdinfo;
258 	unsigned long flags;
259 	unsigned int idx;
260 
261 	spin_lock_irqsave(&devinfo->lock, flags);
262 
263 	if (devinfo->resetting)
264 		goto out;
265 
266 	if (urb->status) {
267 		if (urb->status != -ENOENT && urb->status != -ECONNRESET) {
268 			dev_err(&urb->dev->dev, "stat urb: status %d\n",
269 				urb->status);
270 		}
271 		goto out;
272 	}
273 
274 	idx = be16_to_cpup(&iu->tag) - 1;
275 	if (idx >= MAX_CMNDS || !devinfo->cmnd[idx]) {
276 		dev_err(&urb->dev->dev,
277 			"stat urb: no pending cmd for uas-tag %d\n", idx + 1);
278 		goto out;
279 	}
280 
281 	cmnd = devinfo->cmnd[idx];
282 	cmdinfo = (void *)&cmnd->SCp;
283 
284 	if (!(cmdinfo->state & COMMAND_INFLIGHT)) {
285 		uas_log_cmd_state(cmnd, "unexpected status cmplt", 0);
286 		goto out;
287 	}
288 
289 	switch (iu->iu_id) {
290 	case IU_ID_STATUS:
291 		uas_sense(urb, cmnd);
292 		if (cmnd->result != 0) {
293 			/* cancel data transfers on error */
294 			data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
295 			data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
296 		}
297 		cmdinfo->state &= ~COMMAND_INFLIGHT;
298 		uas_try_complete(cmnd, __func__);
299 		break;
300 	case IU_ID_READ_READY:
301 		if (!cmdinfo->data_in_urb ||
302 				(cmdinfo->state & DATA_IN_URB_INFLIGHT)) {
303 			uas_log_cmd_state(cmnd, "unexpected read rdy", 0);
304 			break;
305 		}
306 		uas_xfer_data(urb, cmnd, SUBMIT_DATA_IN_URB);
307 		break;
308 	case IU_ID_WRITE_READY:
309 		if (!cmdinfo->data_out_urb ||
310 				(cmdinfo->state & DATA_OUT_URB_INFLIGHT)) {
311 			uas_log_cmd_state(cmnd, "unexpected write rdy", 0);
312 			break;
313 		}
314 		uas_xfer_data(urb, cmnd, SUBMIT_DATA_OUT_URB);
315 		break;
316 	case IU_ID_RESPONSE:
317 		uas_log_cmd_state(cmnd, "unexpected response iu",
318 				  ((struct response_iu *)iu)->response_code);
319 		/* Error, cancel data transfers */
320 		data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
321 		data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
322 		cmdinfo->state &= ~COMMAND_INFLIGHT;
323 		cmnd->result = DID_ERROR << 16;
324 		uas_try_complete(cmnd, __func__);
325 		break;
326 	default:
327 		uas_log_cmd_state(cmnd, "bogus IU", iu->iu_id);
328 	}
329 out:
330 	usb_free_urb(urb);
331 	spin_unlock_irqrestore(&devinfo->lock, flags);
332 
333 	/* Unlinking of data urbs must be done without holding the lock */
334 	if (data_in_urb) {
335 		usb_unlink_urb(data_in_urb);
336 		usb_put_urb(data_in_urb);
337 	}
338 	if (data_out_urb) {
339 		usb_unlink_urb(data_out_urb);
340 		usb_put_urb(data_out_urb);
341 	}
342 }
343 
344 static void uas_data_cmplt(struct urb *urb)
345 {
346 	struct scsi_cmnd *cmnd = urb->context;
347 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
348 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
349 	struct scsi_data_buffer *sdb = NULL;
350 	unsigned long flags;
351 
352 	spin_lock_irqsave(&devinfo->lock, flags);
353 
354 	if (cmdinfo->data_in_urb == urb) {
355 		sdb = scsi_in(cmnd);
356 		cmdinfo->state &= ~DATA_IN_URB_INFLIGHT;
357 		cmdinfo->data_in_urb = NULL;
358 	} else if (cmdinfo->data_out_urb == urb) {
359 		sdb = scsi_out(cmnd);
360 		cmdinfo->state &= ~DATA_OUT_URB_INFLIGHT;
361 		cmdinfo->data_out_urb = NULL;
362 	}
363 	if (sdb == NULL) {
364 		WARN_ON_ONCE(1);
365 		goto out;
366 	}
367 
368 	if (devinfo->resetting)
369 		goto out;
370 
371 	/* Data urbs should not complete before the cmd urb is submitted */
372 	if (cmdinfo->state & SUBMIT_CMD_URB) {
373 		uas_log_cmd_state(cmnd, "unexpected data cmplt", 0);
374 		goto out;
375 	}
376 
377 	if (urb->status) {
378 		if (urb->status != -ENOENT && urb->status != -ECONNRESET)
379 			uas_log_cmd_state(cmnd, "data cmplt err", urb->status);
380 		/* error: no data transfered */
381 		sdb->resid = sdb->length;
382 	} else {
383 		sdb->resid = sdb->length - urb->actual_length;
384 	}
385 	uas_try_complete(cmnd, __func__);
386 out:
387 	usb_free_urb(urb);
388 	spin_unlock_irqrestore(&devinfo->lock, flags);
389 }
390 
391 static void uas_cmd_cmplt(struct urb *urb)
392 {
393 	if (urb->status)
394 		dev_err(&urb->dev->dev, "cmd cmplt err %d\n", urb->status);
395 
396 	usb_free_urb(urb);
397 }
398 
399 static struct urb *uas_alloc_data_urb(struct uas_dev_info *devinfo, gfp_t gfp,
400 				      struct scsi_cmnd *cmnd,
401 				      enum dma_data_direction dir)
402 {
403 	struct usb_device *udev = devinfo->udev;
404 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
405 	struct urb *urb = usb_alloc_urb(0, gfp);
406 	struct scsi_data_buffer *sdb = (dir == DMA_FROM_DEVICE)
407 		? scsi_in(cmnd) : scsi_out(cmnd);
408 	unsigned int pipe = (dir == DMA_FROM_DEVICE)
409 		? devinfo->data_in_pipe : devinfo->data_out_pipe;
410 
411 	if (!urb)
412 		goto out;
413 	usb_fill_bulk_urb(urb, udev, pipe, NULL, sdb->length,
414 			  uas_data_cmplt, cmnd);
415 	if (devinfo->use_streams)
416 		urb->stream_id = cmdinfo->uas_tag;
417 	urb->num_sgs = udev->bus->sg_tablesize ? sdb->table.nents : 0;
418 	urb->sg = sdb->table.sgl;
419  out:
420 	return urb;
421 }
422 
423 static struct urb *uas_alloc_sense_urb(struct uas_dev_info *devinfo, gfp_t gfp,
424 				       struct scsi_cmnd *cmnd)
425 {
426 	struct usb_device *udev = devinfo->udev;
427 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
428 	struct urb *urb = usb_alloc_urb(0, gfp);
429 	struct sense_iu *iu;
430 
431 	if (!urb)
432 		goto out;
433 
434 	iu = kzalloc(sizeof(*iu), gfp);
435 	if (!iu)
436 		goto free;
437 
438 	usb_fill_bulk_urb(urb, udev, devinfo->status_pipe, iu, sizeof(*iu),
439 			  uas_stat_cmplt, cmnd->device->host);
440 	if (devinfo->use_streams)
441 		urb->stream_id = cmdinfo->uas_tag;
442 	urb->transfer_flags |= URB_FREE_BUFFER;
443  out:
444 	return urb;
445  free:
446 	usb_free_urb(urb);
447 	return NULL;
448 }
449 
450 static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp,
451 					struct scsi_cmnd *cmnd)
452 {
453 	struct usb_device *udev = devinfo->udev;
454 	struct scsi_device *sdev = cmnd->device;
455 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
456 	struct urb *urb = usb_alloc_urb(0, gfp);
457 	struct command_iu *iu;
458 	int len;
459 
460 	if (!urb)
461 		goto out;
462 
463 	len = cmnd->cmd_len - 16;
464 	if (len < 0)
465 		len = 0;
466 	len = ALIGN(len, 4);
467 	iu = kzalloc(sizeof(*iu) + len, gfp);
468 	if (!iu)
469 		goto free;
470 
471 	iu->iu_id = IU_ID_COMMAND;
472 	iu->tag = cpu_to_be16(cmdinfo->uas_tag);
473 	iu->prio_attr = UAS_SIMPLE_TAG;
474 	iu->len = len;
475 	int_to_scsilun(sdev->lun, &iu->lun);
476 	memcpy(iu->cdb, cmnd->cmnd, cmnd->cmd_len);
477 
478 	usb_fill_bulk_urb(urb, udev, devinfo->cmd_pipe, iu, sizeof(*iu) + len,
479 							uas_cmd_cmplt, NULL);
480 	urb->transfer_flags |= URB_FREE_BUFFER;
481  out:
482 	return urb;
483  free:
484 	usb_free_urb(urb);
485 	return NULL;
486 }
487 
488 /*
489  * Why should I request the Status IU before sending the Command IU?  Spec
490  * says to, but also says the device may receive them in any order.  Seems
491  * daft to me.
492  */
493 
494 static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
495 {
496 	struct uas_dev_info *devinfo = cmnd->device->hostdata;
497 	struct urb *urb;
498 	int err;
499 
500 	urb = uas_alloc_sense_urb(devinfo, gfp, cmnd);
501 	if (!urb)
502 		return NULL;
503 	usb_anchor_urb(urb, &devinfo->sense_urbs);
504 	err = usb_submit_urb(urb, gfp);
505 	if (err) {
506 		usb_unanchor_urb(urb);
507 		uas_log_cmd_state(cmnd, "sense submit err", err);
508 		usb_free_urb(urb);
509 		return NULL;
510 	}
511 	return urb;
512 }
513 
514 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
515 			   struct uas_dev_info *devinfo, gfp_t gfp)
516 {
517 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
518 	struct urb *urb;
519 	int err;
520 
521 	lockdep_assert_held(&devinfo->lock);
522 	if (cmdinfo->state & SUBMIT_STATUS_URB) {
523 		urb = uas_submit_sense_urb(cmnd, gfp);
524 		if (!urb)
525 			return SCSI_MLQUEUE_DEVICE_BUSY;
526 		cmdinfo->state &= ~SUBMIT_STATUS_URB;
527 	}
528 
529 	if (cmdinfo->state & ALLOC_DATA_IN_URB) {
530 		cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, gfp,
531 							cmnd, DMA_FROM_DEVICE);
532 		if (!cmdinfo->data_in_urb)
533 			return SCSI_MLQUEUE_DEVICE_BUSY;
534 		cmdinfo->state &= ~ALLOC_DATA_IN_URB;
535 	}
536 
537 	if (cmdinfo->state & SUBMIT_DATA_IN_URB) {
538 		usb_anchor_urb(cmdinfo->data_in_urb, &devinfo->data_urbs);
539 		err = usb_submit_urb(cmdinfo->data_in_urb, gfp);
540 		if (err) {
541 			usb_unanchor_urb(cmdinfo->data_in_urb);
542 			uas_log_cmd_state(cmnd, "data in submit err", err);
543 			return SCSI_MLQUEUE_DEVICE_BUSY;
544 		}
545 		cmdinfo->state &= ~SUBMIT_DATA_IN_URB;
546 		cmdinfo->state |= DATA_IN_URB_INFLIGHT;
547 	}
548 
549 	if (cmdinfo->state & ALLOC_DATA_OUT_URB) {
550 		cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, gfp,
551 							cmnd, DMA_TO_DEVICE);
552 		if (!cmdinfo->data_out_urb)
553 			return SCSI_MLQUEUE_DEVICE_BUSY;
554 		cmdinfo->state &= ~ALLOC_DATA_OUT_URB;
555 	}
556 
557 	if (cmdinfo->state & SUBMIT_DATA_OUT_URB) {
558 		usb_anchor_urb(cmdinfo->data_out_urb, &devinfo->data_urbs);
559 		err = usb_submit_urb(cmdinfo->data_out_urb, gfp);
560 		if (err) {
561 			usb_unanchor_urb(cmdinfo->data_out_urb);
562 			uas_log_cmd_state(cmnd, "data out submit err", err);
563 			return SCSI_MLQUEUE_DEVICE_BUSY;
564 		}
565 		cmdinfo->state &= ~SUBMIT_DATA_OUT_URB;
566 		cmdinfo->state |= DATA_OUT_URB_INFLIGHT;
567 	}
568 
569 	if (cmdinfo->state & ALLOC_CMD_URB) {
570 		cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, gfp, cmnd);
571 		if (!cmdinfo->cmd_urb)
572 			return SCSI_MLQUEUE_DEVICE_BUSY;
573 		cmdinfo->state &= ~ALLOC_CMD_URB;
574 	}
575 
576 	if (cmdinfo->state & SUBMIT_CMD_URB) {
577 		usb_anchor_urb(cmdinfo->cmd_urb, &devinfo->cmd_urbs);
578 		err = usb_submit_urb(cmdinfo->cmd_urb, gfp);
579 		if (err) {
580 			usb_unanchor_urb(cmdinfo->cmd_urb);
581 			uas_log_cmd_state(cmnd, "cmd submit err", err);
582 			return SCSI_MLQUEUE_DEVICE_BUSY;
583 		}
584 		cmdinfo->cmd_urb = NULL;
585 		cmdinfo->state &= ~SUBMIT_CMD_URB;
586 		cmdinfo->state |= COMMAND_INFLIGHT;
587 	}
588 
589 	return 0;
590 }
591 
592 static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
593 					void (*done)(struct scsi_cmnd *))
594 {
595 	struct scsi_device *sdev = cmnd->device;
596 	struct uas_dev_info *devinfo = sdev->hostdata;
597 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
598 	unsigned long flags;
599 	int idx, err;
600 
601 	BUILD_BUG_ON(sizeof(struct uas_cmd_info) > sizeof(struct scsi_pointer));
602 
603 	/* Re-check scsi_block_requests now that we've the host-lock */
604 	if (cmnd->device->host->host_self_blocked)
605 		return SCSI_MLQUEUE_DEVICE_BUSY;
606 
607 	if ((devinfo->flags & US_FL_NO_ATA_1X) &&
608 			(cmnd->cmnd[0] == ATA_12 || cmnd->cmnd[0] == ATA_16)) {
609 		memcpy(cmnd->sense_buffer, usb_stor_sense_invalidCDB,
610 		       sizeof(usb_stor_sense_invalidCDB));
611 		cmnd->result = SAM_STAT_CHECK_CONDITION;
612 		cmnd->scsi_done(cmnd);
613 		return 0;
614 	}
615 
616 	spin_lock_irqsave(&devinfo->lock, flags);
617 
618 	if (devinfo->resetting) {
619 		cmnd->result = DID_ERROR << 16;
620 		cmnd->scsi_done(cmnd);
621 		spin_unlock_irqrestore(&devinfo->lock, flags);
622 		return 0;
623 	}
624 
625 	/* Find a free uas-tag */
626 	for (idx = 0; idx < devinfo->qdepth; idx++) {
627 		if (!devinfo->cmnd[idx])
628 			break;
629 	}
630 	if (idx == devinfo->qdepth) {
631 		spin_unlock_irqrestore(&devinfo->lock, flags);
632 		return SCSI_MLQUEUE_DEVICE_BUSY;
633 	}
634 
635 	cmnd->scsi_done = done;
636 
637 	memset(cmdinfo, 0, sizeof(*cmdinfo));
638 	cmdinfo->uas_tag = idx + 1; /* uas-tag == usb-stream-id, so 1 based */
639 	cmdinfo->state = SUBMIT_STATUS_URB | ALLOC_CMD_URB | SUBMIT_CMD_URB;
640 
641 	switch (cmnd->sc_data_direction) {
642 	case DMA_FROM_DEVICE:
643 		cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
644 		break;
645 	case DMA_BIDIRECTIONAL:
646 		cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
647 	case DMA_TO_DEVICE:
648 		cmdinfo->state |= ALLOC_DATA_OUT_URB | SUBMIT_DATA_OUT_URB;
649 	case DMA_NONE:
650 		break;
651 	}
652 
653 	if (!devinfo->use_streams)
654 		cmdinfo->state &= ~(SUBMIT_DATA_IN_URB | SUBMIT_DATA_OUT_URB);
655 
656 	err = uas_submit_urbs(cmnd, devinfo, GFP_ATOMIC);
657 	if (err) {
658 		/* If we did nothing, give up now */
659 		if (cmdinfo->state & SUBMIT_STATUS_URB) {
660 			spin_unlock_irqrestore(&devinfo->lock, flags);
661 			return SCSI_MLQUEUE_DEVICE_BUSY;
662 		}
663 		uas_add_work(cmdinfo);
664 	}
665 
666 	devinfo->cmnd[idx] = cmnd;
667 	spin_unlock_irqrestore(&devinfo->lock, flags);
668 	return 0;
669 }
670 
671 static DEF_SCSI_QCMD(uas_queuecommand)
672 
673 /*
674  * For now we do not support actually sending an abort to the device, so
675  * this eh always fails. Still we must define it to make sure that we've
676  * dropped all references to the cmnd in question once this function exits.
677  */
678 static int uas_eh_abort_handler(struct scsi_cmnd *cmnd)
679 {
680 	struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
681 	struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
682 	struct urb *data_in_urb = NULL;
683 	struct urb *data_out_urb = NULL;
684 	unsigned long flags;
685 
686 	spin_lock_irqsave(&devinfo->lock, flags);
687 
688 	uas_log_cmd_state(cmnd, __func__, 0);
689 
690 	/* Ensure that try_complete does not call scsi_done */
691 	cmdinfo->state |= COMMAND_ABORTED;
692 
693 	/* Drop all refs to this cmnd, kill data urbs to break their ref */
694 	devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
695 	if (cmdinfo->state & DATA_IN_URB_INFLIGHT)
696 		data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
697 	if (cmdinfo->state & DATA_OUT_URB_INFLIGHT)
698 		data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
699 
700 	uas_free_unsubmitted_urbs(cmnd);
701 
702 	spin_unlock_irqrestore(&devinfo->lock, flags);
703 
704 	if (data_in_urb) {
705 		usb_kill_urb(data_in_urb);
706 		usb_put_urb(data_in_urb);
707 	}
708 	if (data_out_urb) {
709 		usb_kill_urb(data_out_urb);
710 		usb_put_urb(data_out_urb);
711 	}
712 
713 	return FAILED;
714 }
715 
716 static int uas_eh_bus_reset_handler(struct scsi_cmnd *cmnd)
717 {
718 	struct scsi_device *sdev = cmnd->device;
719 	struct uas_dev_info *devinfo = sdev->hostdata;
720 	struct usb_device *udev = devinfo->udev;
721 	unsigned long flags;
722 	int err;
723 
724 	err = usb_lock_device_for_reset(udev, devinfo->intf);
725 	if (err) {
726 		shost_printk(KERN_ERR, sdev->host,
727 			     "%s FAILED to get lock err %d\n", __func__, err);
728 		return FAILED;
729 	}
730 
731 	shost_printk(KERN_INFO, sdev->host, "%s start\n", __func__);
732 
733 	spin_lock_irqsave(&devinfo->lock, flags);
734 	devinfo->resetting = 1;
735 	spin_unlock_irqrestore(&devinfo->lock, flags);
736 
737 	usb_kill_anchored_urbs(&devinfo->cmd_urbs);
738 	usb_kill_anchored_urbs(&devinfo->sense_urbs);
739 	usb_kill_anchored_urbs(&devinfo->data_urbs);
740 	uas_zap_pending(devinfo, DID_RESET);
741 
742 	err = usb_reset_device(udev);
743 
744 	spin_lock_irqsave(&devinfo->lock, flags);
745 	devinfo->resetting = 0;
746 	spin_unlock_irqrestore(&devinfo->lock, flags);
747 
748 	usb_unlock_device(udev);
749 
750 	if (err) {
751 		shost_printk(KERN_INFO, sdev->host, "%s FAILED err %d\n",
752 			     __func__, err);
753 		return FAILED;
754 	}
755 
756 	shost_printk(KERN_INFO, sdev->host, "%s success\n", __func__);
757 	return SUCCESS;
758 }
759 
760 static int uas_slave_alloc(struct scsi_device *sdev)
761 {
762 	struct uas_dev_info *devinfo =
763 		(struct uas_dev_info *)sdev->host->hostdata;
764 
765 	sdev->hostdata = devinfo;
766 
767 	/* USB has unusual DMA-alignment requirements: Although the
768 	 * starting address of each scatter-gather element doesn't matter,
769 	 * the length of each element except the last must be divisible
770 	 * by the Bulk maxpacket value.  There's currently no way to
771 	 * express this by block-layer constraints, so we'll cop out
772 	 * and simply require addresses to be aligned at 512-byte
773 	 * boundaries.  This is okay since most block I/O involves
774 	 * hardware sectors that are multiples of 512 bytes in length,
775 	 * and since host controllers up through USB 2.0 have maxpacket
776 	 * values no larger than 512.
777 	 *
778 	 * But it doesn't suffice for Wireless USB, where Bulk maxpacket
779 	 * values can be as large as 2048.  To make that work properly
780 	 * will require changes to the block layer.
781 	 */
782 	blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
783 
784 	if (devinfo->flags & US_FL_MAX_SECTORS_64)
785 		blk_queue_max_hw_sectors(sdev->request_queue, 64);
786 	else if (devinfo->flags & US_FL_MAX_SECTORS_240)
787 		blk_queue_max_hw_sectors(sdev->request_queue, 240);
788 
789 	return 0;
790 }
791 
792 static int uas_slave_configure(struct scsi_device *sdev)
793 {
794 	struct uas_dev_info *devinfo = sdev->hostdata;
795 
796 	if (devinfo->flags & US_FL_NO_REPORT_OPCODES)
797 		sdev->no_report_opcodes = 1;
798 
799 	scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
800 	return 0;
801 }
802 
803 static struct scsi_host_template uas_host_template = {
804 	.module = THIS_MODULE,
805 	.name = "uas",
806 	.queuecommand = uas_queuecommand,
807 	.slave_alloc = uas_slave_alloc,
808 	.slave_configure = uas_slave_configure,
809 	.eh_abort_handler = uas_eh_abort_handler,
810 	.eh_bus_reset_handler = uas_eh_bus_reset_handler,
811 	.can_queue = 65536,	/* Is there a limit on the _host_ ? */
812 	.this_id = -1,
813 	.sg_tablesize = SG_NONE,
814 	.cmd_per_lun = 1,	/* until we override it */
815 	.skip_settle_delay = 1,
816 	.use_blk_tags = 1,
817 };
818 
819 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
820 		    vendorName, productName, useProtocol, useTransport, \
821 		    initFunction, flags) \
822 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
823 	.driver_info = (flags) }
824 
825 static struct usb_device_id uas_usb_ids[] = {
826 #	include "unusual_uas.h"
827 	{ USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_BULK) },
828 	{ USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_UAS) },
829 	{ }
830 };
831 MODULE_DEVICE_TABLE(usb, uas_usb_ids);
832 
833 #undef UNUSUAL_DEV
834 
835 static int uas_switch_interface(struct usb_device *udev,
836 				struct usb_interface *intf)
837 {
838 	int alt;
839 
840 	alt = uas_find_uas_alt_setting(intf);
841 	if (alt < 0)
842 		return alt;
843 
844 	return usb_set_interface(udev,
845 			intf->altsetting[0].desc.bInterfaceNumber, alt);
846 }
847 
848 static int uas_configure_endpoints(struct uas_dev_info *devinfo)
849 {
850 	struct usb_host_endpoint *eps[4] = { };
851 	struct usb_device *udev = devinfo->udev;
852 	int r;
853 
854 	r = uas_find_endpoints(devinfo->intf->cur_altsetting, eps);
855 	if (r)
856 		return r;
857 
858 	devinfo->cmd_pipe = usb_sndbulkpipe(udev,
859 					    usb_endpoint_num(&eps[0]->desc));
860 	devinfo->status_pipe = usb_rcvbulkpipe(udev,
861 					    usb_endpoint_num(&eps[1]->desc));
862 	devinfo->data_in_pipe = usb_rcvbulkpipe(udev,
863 					    usb_endpoint_num(&eps[2]->desc));
864 	devinfo->data_out_pipe = usb_sndbulkpipe(udev,
865 					    usb_endpoint_num(&eps[3]->desc));
866 
867 	if (udev->speed < USB_SPEED_SUPER) {
868 		devinfo->qdepth = 32;
869 		devinfo->use_streams = 0;
870 	} else {
871 		devinfo->qdepth = usb_alloc_streams(devinfo->intf, eps + 1,
872 						    3, MAX_CMNDS, GFP_NOIO);
873 		if (devinfo->qdepth < 0)
874 			return devinfo->qdepth;
875 		devinfo->use_streams = 1;
876 	}
877 
878 	return 0;
879 }
880 
881 static void uas_free_streams(struct uas_dev_info *devinfo)
882 {
883 	struct usb_device *udev = devinfo->udev;
884 	struct usb_host_endpoint *eps[3];
885 
886 	eps[0] = usb_pipe_endpoint(udev, devinfo->status_pipe);
887 	eps[1] = usb_pipe_endpoint(udev, devinfo->data_in_pipe);
888 	eps[2] = usb_pipe_endpoint(udev, devinfo->data_out_pipe);
889 	usb_free_streams(devinfo->intf, eps, 3, GFP_NOIO);
890 }
891 
892 static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
893 {
894 	int result = -ENOMEM;
895 	struct Scsi_Host *shost = NULL;
896 	struct uas_dev_info *devinfo;
897 	struct usb_device *udev = interface_to_usbdev(intf);
898 	unsigned long dev_flags;
899 
900 	if (!uas_use_uas_driver(intf, id, &dev_flags))
901 		return -ENODEV;
902 
903 	if (uas_switch_interface(udev, intf))
904 		return -ENODEV;
905 
906 	shost = scsi_host_alloc(&uas_host_template,
907 				sizeof(struct uas_dev_info));
908 	if (!shost)
909 		goto set_alt0;
910 
911 	shost->max_cmd_len = 16 + 252;
912 	shost->max_id = 1;
913 	shost->max_lun = 256;
914 	shost->max_channel = 0;
915 	shost->sg_tablesize = udev->bus->sg_tablesize;
916 
917 	devinfo = (struct uas_dev_info *)shost->hostdata;
918 	devinfo->intf = intf;
919 	devinfo->udev = udev;
920 	devinfo->resetting = 0;
921 	devinfo->shutdown = 0;
922 	devinfo->flags = dev_flags;
923 	init_usb_anchor(&devinfo->cmd_urbs);
924 	init_usb_anchor(&devinfo->sense_urbs);
925 	init_usb_anchor(&devinfo->data_urbs);
926 	spin_lock_init(&devinfo->lock);
927 	INIT_WORK(&devinfo->work, uas_do_work);
928 
929 	result = uas_configure_endpoints(devinfo);
930 	if (result)
931 		goto set_alt0;
932 
933 	result = scsi_init_shared_tag_map(shost, devinfo->qdepth - 2);
934 	if (result)
935 		goto free_streams;
936 
937 	usb_set_intfdata(intf, shost);
938 	result = scsi_add_host(shost, &intf->dev);
939 	if (result)
940 		goto free_streams;
941 
942 	scsi_scan_host(shost);
943 	return result;
944 
945 free_streams:
946 	uas_free_streams(devinfo);
947 	usb_set_intfdata(intf, NULL);
948 set_alt0:
949 	usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
950 	if (shost)
951 		scsi_host_put(shost);
952 	return result;
953 }
954 
955 static int uas_cmnd_list_empty(struct uas_dev_info *devinfo)
956 {
957 	unsigned long flags;
958 	int i, r = 1;
959 
960 	spin_lock_irqsave(&devinfo->lock, flags);
961 
962 	for (i = 0; i < devinfo->qdepth; i++) {
963 		if (devinfo->cmnd[i]) {
964 			r = 0; /* Not empty */
965 			break;
966 		}
967 	}
968 
969 	spin_unlock_irqrestore(&devinfo->lock, flags);
970 
971 	return r;
972 }
973 
974 /*
975  * Wait for any pending cmnds to complete, on usb-2 sense_urbs may temporarily
976  * get empty while there still is more work to do due to sense-urbs completing
977  * with a READ/WRITE_READY iu code, so keep waiting until the list gets empty.
978  */
979 static int uas_wait_for_pending_cmnds(struct uas_dev_info *devinfo)
980 {
981 	unsigned long start_time;
982 	int r;
983 
984 	start_time = jiffies;
985 	do {
986 		flush_work(&devinfo->work);
987 
988 		r = usb_wait_anchor_empty_timeout(&devinfo->sense_urbs, 5000);
989 		if (r == 0)
990 			return -ETIME;
991 
992 		r = usb_wait_anchor_empty_timeout(&devinfo->data_urbs, 500);
993 		if (r == 0)
994 			return -ETIME;
995 
996 		if (time_after(jiffies, start_time + 5 * HZ))
997 			return -ETIME;
998 	} while (!uas_cmnd_list_empty(devinfo));
999 
1000 	return 0;
1001 }
1002 
1003 static int uas_pre_reset(struct usb_interface *intf)
1004 {
1005 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1006 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1007 	unsigned long flags;
1008 
1009 	if (devinfo->shutdown)
1010 		return 0;
1011 
1012 	/* Block new requests */
1013 	spin_lock_irqsave(shost->host_lock, flags);
1014 	scsi_block_requests(shost);
1015 	spin_unlock_irqrestore(shost->host_lock, flags);
1016 
1017 	if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1018 		shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1019 		scsi_unblock_requests(shost);
1020 		return 1;
1021 	}
1022 
1023 	uas_free_streams(devinfo);
1024 
1025 	return 0;
1026 }
1027 
1028 static int uas_post_reset(struct usb_interface *intf)
1029 {
1030 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1031 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1032 	unsigned long flags;
1033 	int err;
1034 
1035 	if (devinfo->shutdown)
1036 		return 0;
1037 
1038 	err = uas_configure_endpoints(devinfo);
1039 	if (err) {
1040 		shost_printk(KERN_ERR, shost,
1041 			     "%s: alloc streams error %d after reset",
1042 			     __func__, err);
1043 		return 1;
1044 	}
1045 
1046 	spin_lock_irqsave(shost->host_lock, flags);
1047 	scsi_report_bus_reset(shost, 0);
1048 	spin_unlock_irqrestore(shost->host_lock, flags);
1049 
1050 	scsi_unblock_requests(shost);
1051 
1052 	return 0;
1053 }
1054 
1055 static int uas_suspend(struct usb_interface *intf, pm_message_t message)
1056 {
1057 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1058 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1059 
1060 	if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1061 		shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1062 		return -ETIME;
1063 	}
1064 
1065 	return 0;
1066 }
1067 
1068 static int uas_resume(struct usb_interface *intf)
1069 {
1070 	return 0;
1071 }
1072 
1073 static int uas_reset_resume(struct usb_interface *intf)
1074 {
1075 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1076 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1077 	unsigned long flags;
1078 	int err;
1079 
1080 	err = uas_configure_endpoints(devinfo);
1081 	if (err) {
1082 		shost_printk(KERN_ERR, shost,
1083 			     "%s: alloc streams error %d after reset",
1084 			     __func__, err);
1085 		return -EIO;
1086 	}
1087 
1088 	spin_lock_irqsave(shost->host_lock, flags);
1089 	scsi_report_bus_reset(shost, 0);
1090 	spin_unlock_irqrestore(shost->host_lock, flags);
1091 
1092 	return 0;
1093 }
1094 
1095 static void uas_disconnect(struct usb_interface *intf)
1096 {
1097 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1098 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1099 	unsigned long flags;
1100 
1101 	spin_lock_irqsave(&devinfo->lock, flags);
1102 	devinfo->resetting = 1;
1103 	spin_unlock_irqrestore(&devinfo->lock, flags);
1104 
1105 	cancel_work_sync(&devinfo->work);
1106 	usb_kill_anchored_urbs(&devinfo->cmd_urbs);
1107 	usb_kill_anchored_urbs(&devinfo->sense_urbs);
1108 	usb_kill_anchored_urbs(&devinfo->data_urbs);
1109 	uas_zap_pending(devinfo, DID_NO_CONNECT);
1110 
1111 	scsi_remove_host(shost);
1112 	uas_free_streams(devinfo);
1113 	scsi_host_put(shost);
1114 }
1115 
1116 /*
1117  * Put the device back in usb-storage mode on shutdown, as some BIOS-es
1118  * hang on reboot when the device is still in uas mode. Note the reset is
1119  * necessary as some devices won't revert to usb-storage mode without it.
1120  */
1121 static void uas_shutdown(struct device *dev)
1122 {
1123 	struct usb_interface *intf = to_usb_interface(dev);
1124 	struct usb_device *udev = interface_to_usbdev(intf);
1125 	struct Scsi_Host *shost = usb_get_intfdata(intf);
1126 	struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1127 
1128 	if (system_state != SYSTEM_RESTART)
1129 		return;
1130 
1131 	devinfo->shutdown = 1;
1132 	uas_free_streams(devinfo);
1133 	usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
1134 	usb_reset_device(udev);
1135 }
1136 
1137 static struct usb_driver uas_driver = {
1138 	.name = "uas",
1139 	.probe = uas_probe,
1140 	.disconnect = uas_disconnect,
1141 	.pre_reset = uas_pre_reset,
1142 	.post_reset = uas_post_reset,
1143 	.suspend = uas_suspend,
1144 	.resume = uas_resume,
1145 	.reset_resume = uas_reset_resume,
1146 	.drvwrap.driver.shutdown = uas_shutdown,
1147 	.id_table = uas_usb_ids,
1148 };
1149 
1150 module_usb_driver(uas_driver);
1151 
1152 MODULE_LICENSE("GPL");
1153 MODULE_AUTHOR(
1154 	"Hans de Goede <hdegoede@redhat.com>, Matthew Wilcox and Sarah Sharp");
1155