1 /*
2 * Block driver for media (i.e., flash cards)
3 *
4 * Copyright 2002 Hewlett-Packard Company
5 * Copyright 2005-2008 Pierre Ossman
6 *
7 * Use consistent with the GNU GPL is permitted,
8 * provided that this copyright notice is
9 * preserved in its entirety in all copies and derived works.
10 *
11 * HEWLETT-PACKARD COMPANY MAKES NO WARRANTIES, EXPRESSED OR IMPLIED,
12 * AS TO THE USEFULNESS OR CORRECTNESS OF THIS CODE OR ITS
13 * FITNESS FOR ANY PARTICULAR PURPOSE.
14 *
15 * Many thanks to Alessandro Rubini and Jonathan Corbet!
16 *
17 * Author: Andrew Christian
18 * 28 May 2002
19 */
20 #include <linux/moduleparam.h>
21 #include <linux/module.h>
22 #include <linux/init.h>
23
24 #include <linux/kernel.h>
25 #include <linux/fs.h>
26 #include <linux/slab.h>
27 #include <linux/errno.h>
28 #include <linux/hdreg.h>
29 #include <linux/kdev_t.h>
30 #include <linux/blkdev.h>
31 #include <linux/cdev.h>
32 #include <linux/mutex.h>
33 #include <linux/scatterlist.h>
34 #include <linux/string_helpers.h>
35 #include <linux/delay.h>
36 #include <linux/capability.h>
37 #include <linux/compat.h>
38 #include <linux/pm_runtime.h>
39 #include <linux/idr.h>
40 #include <linux/debugfs.h>
41
42 #include <linux/mmc/ioctl.h>
43 #include <linux/mmc/card.h>
44 #include <linux/mmc/host.h>
45 #include <linux/mmc/mmc.h>
46 #include <linux/mmc/sd.h>
47
48 #include <linux/uaccess.h>
49
50 #include "queue.h"
51 #include "block.h"
52 #include "core.h"
53 #include "card.h"
54 #include "host.h"
55 #include "bus.h"
56 #include "mmc_ops.h"
57 #include "quirks.h"
58 #include "sd_ops.h"
59
60 MODULE_ALIAS("mmc:block");
61 #ifdef MODULE_PARAM_PREFIX
62 #undef MODULE_PARAM_PREFIX
63 #endif
64 #define MODULE_PARAM_PREFIX "mmcblk."
65
66 /*
67 * Set a 10 second timeout for polling write request busy state. Note, mmc core
68 * is setting a 3 second timeout for SD cards, and SDHCI has long had a 10
69 * second software timer to timeout the whole request, so 10 seconds should be
70 * ample.
71 */
72 #define MMC_BLK_TIMEOUT_MS (10 * 1000)
73 #define MMC_SANITIZE_REQ_TIMEOUT 240000
74 #define MMC_EXTRACT_INDEX_FROM_ARG(x) ((x & 0x00FF0000) >> 16)
75 #define MMC_EXTRACT_VALUE_FROM_ARG(x) ((x & 0x0000FF00) >> 8)
76
77 #define mmc_req_rel_wr(req) ((req->cmd_flags & REQ_FUA) && \
78 (rq_data_dir(req) == WRITE))
79 static DEFINE_MUTEX(block_mutex);
80
81 /*
82 * The defaults come from config options but can be overriden by module
83 * or bootarg options.
84 */
85 static int perdev_minors = CONFIG_MMC_BLOCK_MINORS;
86
87 /*
88 * We've only got one major, so number of mmcblk devices is
89 * limited to (1 << 20) / number of minors per device. It is also
90 * limited by the MAX_DEVICES below.
91 */
92 static int max_devices;
93
94 #define MAX_DEVICES 256
95
96 static DEFINE_IDA(mmc_blk_ida);
97 static DEFINE_IDA(mmc_rpmb_ida);
98
99 /*
100 * There is one mmc_blk_data per slot.
101 */
102 struct mmc_blk_data {
103 spinlock_t lock;
104 struct device *parent;
105 struct gendisk *disk;
106 struct mmc_queue queue;
107 struct list_head part;
108 struct list_head rpmbs;
109
110 unsigned int flags;
111 #define MMC_BLK_CMD23 (1 << 0) /* Can do SET_BLOCK_COUNT for multiblock */
112 #define MMC_BLK_REL_WR (1 << 1) /* MMC Reliable write support */
113
114 unsigned int usage;
115 unsigned int read_only;
116 unsigned int part_type;
117 unsigned int reset_done;
118 #define MMC_BLK_READ BIT(0)
119 #define MMC_BLK_WRITE BIT(1)
120 #define MMC_BLK_DISCARD BIT(2)
121 #define MMC_BLK_SECDISCARD BIT(3)
122 #define MMC_BLK_CQE_RECOVERY BIT(4)
123
124 /*
125 * Only set in main mmc_blk_data associated
126 * with mmc_card with dev_set_drvdata, and keeps
127 * track of the current selected device partition.
128 */
129 unsigned int part_curr;
130 struct device_attribute force_ro;
131 struct device_attribute power_ro_lock;
132 int area_type;
133
134 /* debugfs files (only in main mmc_blk_data) */
135 struct dentry *status_dentry;
136 struct dentry *ext_csd_dentry;
137 };
138
139 /* Device type for RPMB character devices */
140 static dev_t mmc_rpmb_devt;
141
142 /* Bus type for RPMB character devices */
143 static struct bus_type mmc_rpmb_bus_type = {
144 .name = "mmc_rpmb",
145 };
146
147 /**
148 * struct mmc_rpmb_data - special RPMB device type for these areas
149 * @dev: the device for the RPMB area
150 * @chrdev: character device for the RPMB area
151 * @id: unique device ID number
152 * @part_index: partition index (0 on first)
153 * @md: parent MMC block device
154 * @node: list item, so we can put this device on a list
155 */
156 struct mmc_rpmb_data {
157 struct device dev;
158 struct cdev chrdev;
159 int id;
160 unsigned int part_index;
161 struct mmc_blk_data *md;
162 struct list_head node;
163 };
164
165 static DEFINE_MUTEX(open_lock);
166
167 module_param(perdev_minors, int, 0444);
168 MODULE_PARM_DESC(perdev_minors, "Minors numbers to allocate per device");
169
170 static inline int mmc_blk_part_switch(struct mmc_card *card,
171 unsigned int part_type);
172
mmc_blk_get(struct gendisk * disk)173 static struct mmc_blk_data *mmc_blk_get(struct gendisk *disk)
174 {
175 struct mmc_blk_data *md;
176
177 mutex_lock(&open_lock);
178 md = disk->private_data;
179 if (md && md->usage == 0)
180 md = NULL;
181 if (md)
182 md->usage++;
183 mutex_unlock(&open_lock);
184
185 return md;
186 }
187
mmc_get_devidx(struct gendisk * disk)188 static inline int mmc_get_devidx(struct gendisk *disk)
189 {
190 int devidx = disk->first_minor / perdev_minors;
191 return devidx;
192 }
193
mmc_blk_put(struct mmc_blk_data * md)194 static void mmc_blk_put(struct mmc_blk_data *md)
195 {
196 mutex_lock(&open_lock);
197 md->usage--;
198 if (md->usage == 0) {
199 int devidx = mmc_get_devidx(md->disk);
200 blk_put_queue(md->queue.queue);
201 ida_simple_remove(&mmc_blk_ida, devidx);
202 put_disk(md->disk);
203 kfree(md);
204 }
205 mutex_unlock(&open_lock);
206 }
207
power_ro_lock_show(struct device * dev,struct device_attribute * attr,char * buf)208 static ssize_t power_ro_lock_show(struct device *dev,
209 struct device_attribute *attr, char *buf)
210 {
211 int ret;
212 struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
213 struct mmc_card *card = md->queue.card;
214 int locked = 0;
215
216 if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PERM_WP_EN)
217 locked = 2;
218 else if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PWR_WP_EN)
219 locked = 1;
220
221 ret = snprintf(buf, PAGE_SIZE, "%d\n", locked);
222
223 mmc_blk_put(md);
224
225 return ret;
226 }
227
power_ro_lock_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)228 static ssize_t power_ro_lock_store(struct device *dev,
229 struct device_attribute *attr, const char *buf, size_t count)
230 {
231 int ret;
232 struct mmc_blk_data *md, *part_md;
233 struct mmc_queue *mq;
234 struct request *req;
235 unsigned long set;
236
237 if (kstrtoul(buf, 0, &set))
238 return -EINVAL;
239
240 if (set != 1)
241 return count;
242
243 md = mmc_blk_get(dev_to_disk(dev));
244 mq = &md->queue;
245
246 /* Dispatch locking to the block layer */
247 req = blk_get_request(mq->queue, REQ_OP_DRV_OUT, 0);
248 if (IS_ERR(req)) {
249 count = PTR_ERR(req);
250 goto out_put;
251 }
252 req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_BOOT_WP;
253 blk_execute_rq(mq->queue, NULL, req, 0);
254 ret = req_to_mmc_queue_req(req)->drv_op_result;
255 blk_put_request(req);
256
257 if (!ret) {
258 pr_info("%s: Locking boot partition ro until next power on\n",
259 md->disk->disk_name);
260 set_disk_ro(md->disk, 1);
261
262 list_for_each_entry(part_md, &md->part, part)
263 if (part_md->area_type == MMC_BLK_DATA_AREA_BOOT) {
264 pr_info("%s: Locking boot partition ro until next power on\n", part_md->disk->disk_name);
265 set_disk_ro(part_md->disk, 1);
266 }
267 }
268 out_put:
269 mmc_blk_put(md);
270 return count;
271 }
272
force_ro_show(struct device * dev,struct device_attribute * attr,char * buf)273 static ssize_t force_ro_show(struct device *dev, struct device_attribute *attr,
274 char *buf)
275 {
276 int ret;
277 struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
278
279 ret = snprintf(buf, PAGE_SIZE, "%d\n",
280 get_disk_ro(dev_to_disk(dev)) ^
281 md->read_only);
282 mmc_blk_put(md);
283 return ret;
284 }
285
force_ro_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)286 static ssize_t force_ro_store(struct device *dev, struct device_attribute *attr,
287 const char *buf, size_t count)
288 {
289 int ret;
290 char *end;
291 struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev));
292 unsigned long set = simple_strtoul(buf, &end, 0);
293 if (end == buf) {
294 ret = -EINVAL;
295 goto out;
296 }
297
298 set_disk_ro(dev_to_disk(dev), set || md->read_only);
299 ret = count;
300 out:
301 mmc_blk_put(md);
302 return ret;
303 }
304
mmc_blk_open(struct block_device * bdev,fmode_t mode)305 static int mmc_blk_open(struct block_device *bdev, fmode_t mode)
306 {
307 struct mmc_blk_data *md = mmc_blk_get(bdev->bd_disk);
308 int ret = -ENXIO;
309
310 mutex_lock(&block_mutex);
311 if (md) {
312 if (md->usage == 2)
313 check_disk_change(bdev);
314 ret = 0;
315
316 if ((mode & FMODE_WRITE) && md->read_only) {
317 mmc_blk_put(md);
318 ret = -EROFS;
319 }
320 }
321 mutex_unlock(&block_mutex);
322
323 return ret;
324 }
325
mmc_blk_release(struct gendisk * disk,fmode_t mode)326 static void mmc_blk_release(struct gendisk *disk, fmode_t mode)
327 {
328 struct mmc_blk_data *md = disk->private_data;
329
330 mutex_lock(&block_mutex);
331 mmc_blk_put(md);
332 mutex_unlock(&block_mutex);
333 }
334
335 static int
mmc_blk_getgeo(struct block_device * bdev,struct hd_geometry * geo)336 mmc_blk_getgeo(struct block_device *bdev, struct hd_geometry *geo)
337 {
338 geo->cylinders = get_capacity(bdev->bd_disk) / (4 * 16);
339 geo->heads = 4;
340 geo->sectors = 16;
341 return 0;
342 }
343
344 struct mmc_blk_ioc_data {
345 struct mmc_ioc_cmd ic;
346 unsigned char *buf;
347 u64 buf_bytes;
348 struct mmc_rpmb_data *rpmb;
349 };
350
mmc_blk_ioctl_copy_from_user(struct mmc_ioc_cmd __user * user)351 static struct mmc_blk_ioc_data *mmc_blk_ioctl_copy_from_user(
352 struct mmc_ioc_cmd __user *user)
353 {
354 struct mmc_blk_ioc_data *idata;
355 int err;
356
357 idata = kmalloc(sizeof(*idata), GFP_KERNEL);
358 if (!idata) {
359 err = -ENOMEM;
360 goto out;
361 }
362
363 if (copy_from_user(&idata->ic, user, sizeof(idata->ic))) {
364 err = -EFAULT;
365 goto idata_err;
366 }
367
368 idata->buf_bytes = (u64) idata->ic.blksz * idata->ic.blocks;
369 if (idata->buf_bytes > MMC_IOC_MAX_BYTES) {
370 err = -EOVERFLOW;
371 goto idata_err;
372 }
373
374 if (!idata->buf_bytes) {
375 idata->buf = NULL;
376 return idata;
377 }
378
379 idata->buf = memdup_user((void __user *)(unsigned long)
380 idata->ic.data_ptr, idata->buf_bytes);
381 if (IS_ERR(idata->buf)) {
382 err = PTR_ERR(idata->buf);
383 goto idata_err;
384 }
385
386 return idata;
387
388 idata_err:
389 kfree(idata);
390 out:
391 return ERR_PTR(err);
392 }
393
mmc_blk_ioctl_copy_to_user(struct mmc_ioc_cmd __user * ic_ptr,struct mmc_blk_ioc_data * idata)394 static int mmc_blk_ioctl_copy_to_user(struct mmc_ioc_cmd __user *ic_ptr,
395 struct mmc_blk_ioc_data *idata)
396 {
397 struct mmc_ioc_cmd *ic = &idata->ic;
398
399 if (copy_to_user(&(ic_ptr->response), ic->response,
400 sizeof(ic->response)))
401 return -EFAULT;
402
403 if (!idata->ic.write_flag) {
404 if (copy_to_user((void __user *)(unsigned long)ic->data_ptr,
405 idata->buf, idata->buf_bytes))
406 return -EFAULT;
407 }
408
409 return 0;
410 }
411
ioctl_rpmb_card_status_poll(struct mmc_card * card,u32 * status,u32 retries_max)412 static int ioctl_rpmb_card_status_poll(struct mmc_card *card, u32 *status,
413 u32 retries_max)
414 {
415 int err;
416 u32 retry_count = 0;
417
418 if (!status || !retries_max)
419 return -EINVAL;
420
421 do {
422 err = __mmc_send_status(card, status, 5);
423 if (err)
424 break;
425
426 if (!R1_STATUS(*status) &&
427 (R1_CURRENT_STATE(*status) != R1_STATE_PRG))
428 break; /* RPMB programming operation complete */
429
430 /*
431 * Rechedule to give the MMC device a chance to continue
432 * processing the previous command without being polled too
433 * frequently.
434 */
435 usleep_range(1000, 5000);
436 } while (++retry_count < retries_max);
437
438 if (retry_count == retries_max)
439 err = -EPERM;
440
441 return err;
442 }
443
ioctl_do_sanitize(struct mmc_card * card)444 static int ioctl_do_sanitize(struct mmc_card *card)
445 {
446 int err;
447
448 if (!mmc_can_sanitize(card)) {
449 pr_warn("%s: %s - SANITIZE is not supported\n",
450 mmc_hostname(card->host), __func__);
451 err = -EOPNOTSUPP;
452 goto out;
453 }
454
455 pr_debug("%s: %s - SANITIZE IN PROGRESS...\n",
456 mmc_hostname(card->host), __func__);
457
458 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
459 EXT_CSD_SANITIZE_START, 1,
460 MMC_SANITIZE_REQ_TIMEOUT);
461
462 if (err)
463 pr_err("%s: %s - EXT_CSD_SANITIZE_START failed. err=%d\n",
464 mmc_hostname(card->host), __func__, err);
465
466 pr_debug("%s: %s - SANITIZE COMPLETED\n", mmc_hostname(card->host),
467 __func__);
468 out:
469 return err;
470 }
471
__mmc_blk_ioctl_cmd(struct mmc_card * card,struct mmc_blk_data * md,struct mmc_blk_ioc_data * idata)472 static int __mmc_blk_ioctl_cmd(struct mmc_card *card, struct mmc_blk_data *md,
473 struct mmc_blk_ioc_data *idata)
474 {
475 struct mmc_command cmd = {};
476 struct mmc_data data = {};
477 struct mmc_request mrq = {};
478 struct scatterlist sg;
479 int err;
480 unsigned int target_part;
481 u32 status = 0;
482
483 if (!card || !md || !idata)
484 return -EINVAL;
485
486 /*
487 * The RPMB accesses comes in from the character device, so we
488 * need to target these explicitly. Else we just target the
489 * partition type for the block device the ioctl() was issued
490 * on.
491 */
492 if (idata->rpmb) {
493 /* Support multiple RPMB partitions */
494 target_part = idata->rpmb->part_index;
495 target_part |= EXT_CSD_PART_CONFIG_ACC_RPMB;
496 } else {
497 target_part = md->part_type;
498 }
499
500 cmd.opcode = idata->ic.opcode;
501 cmd.arg = idata->ic.arg;
502 cmd.flags = idata->ic.flags;
503
504 if (idata->buf_bytes) {
505 data.sg = &sg;
506 data.sg_len = 1;
507 data.blksz = idata->ic.blksz;
508 data.blocks = idata->ic.blocks;
509
510 sg_init_one(data.sg, idata->buf, idata->buf_bytes);
511
512 if (idata->ic.write_flag)
513 data.flags = MMC_DATA_WRITE;
514 else
515 data.flags = MMC_DATA_READ;
516
517 /* data.flags must already be set before doing this. */
518 mmc_set_data_timeout(&data, card);
519
520 /* Allow overriding the timeout_ns for empirical tuning. */
521 if (idata->ic.data_timeout_ns)
522 data.timeout_ns = idata->ic.data_timeout_ns;
523
524 if ((cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) {
525 /*
526 * Pretend this is a data transfer and rely on the
527 * host driver to compute timeout. When all host
528 * drivers support cmd.cmd_timeout for R1B, this
529 * can be changed to:
530 *
531 * mrq.data = NULL;
532 * cmd.cmd_timeout = idata->ic.cmd_timeout_ms;
533 */
534 data.timeout_ns = idata->ic.cmd_timeout_ms * 1000000;
535 }
536
537 mrq.data = &data;
538 }
539
540 mrq.cmd = &cmd;
541
542 err = mmc_blk_part_switch(card, target_part);
543 if (err)
544 return err;
545
546 if (idata->ic.is_acmd) {
547 err = mmc_app_cmd(card->host, card);
548 if (err)
549 return err;
550 }
551
552 if (idata->rpmb) {
553 err = mmc_set_blockcount(card, data.blocks,
554 idata->ic.write_flag & (1 << 31));
555 if (err)
556 return err;
557 }
558
559 if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) &&
560 (cmd.opcode == MMC_SWITCH)) {
561 err = ioctl_do_sanitize(card);
562
563 if (err)
564 pr_err("%s: ioctl_do_sanitize() failed. err = %d",
565 __func__, err);
566
567 return err;
568 }
569
570 mmc_wait_for_req(card->host, &mrq);
571
572 if (cmd.error) {
573 dev_err(mmc_dev(card->host), "%s: cmd error %d\n",
574 __func__, cmd.error);
575 return cmd.error;
576 }
577 if (data.error) {
578 dev_err(mmc_dev(card->host), "%s: data error %d\n",
579 __func__, data.error);
580 return data.error;
581 }
582
583 /*
584 * Make sure the cache of the PARTITION_CONFIG register and
585 * PARTITION_ACCESS bits is updated in case the ioctl ext_csd write
586 * changed it successfully.
587 */
588 if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_PART_CONFIG) &&
589 (cmd.opcode == MMC_SWITCH)) {
590 struct mmc_blk_data *main_md = dev_get_drvdata(&card->dev);
591 u8 value = MMC_EXTRACT_VALUE_FROM_ARG(cmd.arg);
592
593 /*
594 * Update cache so the next mmc_blk_part_switch call operates
595 * on up-to-date data.
596 */
597 card->ext_csd.part_config = value;
598 main_md->part_curr = value & EXT_CSD_PART_CONFIG_ACC_MASK;
599 }
600
601 /*
602 * According to the SD specs, some commands require a delay after
603 * issuing the command.
604 */
605 if (idata->ic.postsleep_min_us)
606 usleep_range(idata->ic.postsleep_min_us, idata->ic.postsleep_max_us);
607
608 memcpy(&(idata->ic.response), cmd.resp, sizeof(cmd.resp));
609
610 if (idata->rpmb) {
611 /*
612 * Ensure RPMB command has completed by polling CMD13
613 * "Send Status".
614 */
615 err = ioctl_rpmb_card_status_poll(card, &status, 5);
616 if (err)
617 dev_err(mmc_dev(card->host),
618 "%s: Card Status=0x%08X, error %d\n",
619 __func__, status, err);
620 }
621
622 return err;
623 }
624
mmc_blk_ioctl_cmd(struct mmc_blk_data * md,struct mmc_ioc_cmd __user * ic_ptr,struct mmc_rpmb_data * rpmb)625 static int mmc_blk_ioctl_cmd(struct mmc_blk_data *md,
626 struct mmc_ioc_cmd __user *ic_ptr,
627 struct mmc_rpmb_data *rpmb)
628 {
629 struct mmc_blk_ioc_data *idata;
630 struct mmc_blk_ioc_data *idatas[1];
631 struct mmc_queue *mq;
632 struct mmc_card *card;
633 int err = 0, ioc_err = 0;
634 struct request *req;
635
636 idata = mmc_blk_ioctl_copy_from_user(ic_ptr);
637 if (IS_ERR(idata))
638 return PTR_ERR(idata);
639 /* This will be NULL on non-RPMB ioctl():s */
640 idata->rpmb = rpmb;
641
642 card = md->queue.card;
643 if (IS_ERR(card)) {
644 err = PTR_ERR(card);
645 goto cmd_done;
646 }
647
648 /*
649 * Dispatch the ioctl() into the block request queue.
650 */
651 mq = &md->queue;
652 req = blk_get_request(mq->queue,
653 idata->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
654 if (IS_ERR(req)) {
655 err = PTR_ERR(req);
656 goto cmd_done;
657 }
658 idatas[0] = idata;
659 req_to_mmc_queue_req(req)->drv_op =
660 rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL;
661 req_to_mmc_queue_req(req)->drv_op_data = idatas;
662 req_to_mmc_queue_req(req)->ioc_count = 1;
663 blk_execute_rq(mq->queue, NULL, req, 0);
664 ioc_err = req_to_mmc_queue_req(req)->drv_op_result;
665 err = mmc_blk_ioctl_copy_to_user(ic_ptr, idata);
666 blk_put_request(req);
667
668 cmd_done:
669 kfree(idata->buf);
670 kfree(idata);
671 return ioc_err ? ioc_err : err;
672 }
673
mmc_blk_ioctl_multi_cmd(struct mmc_blk_data * md,struct mmc_ioc_multi_cmd __user * user,struct mmc_rpmb_data * rpmb)674 static int mmc_blk_ioctl_multi_cmd(struct mmc_blk_data *md,
675 struct mmc_ioc_multi_cmd __user *user,
676 struct mmc_rpmb_data *rpmb)
677 {
678 struct mmc_blk_ioc_data **idata = NULL;
679 struct mmc_ioc_cmd __user *cmds = user->cmds;
680 struct mmc_card *card;
681 struct mmc_queue *mq;
682 int i, err = 0, ioc_err = 0;
683 __u64 num_of_cmds;
684 struct request *req;
685
686 if (copy_from_user(&num_of_cmds, &user->num_of_cmds,
687 sizeof(num_of_cmds)))
688 return -EFAULT;
689
690 if (!num_of_cmds)
691 return 0;
692
693 if (num_of_cmds > MMC_IOC_MAX_CMDS)
694 return -EINVAL;
695
696 idata = kcalloc(num_of_cmds, sizeof(*idata), GFP_KERNEL);
697 if (!idata)
698 return -ENOMEM;
699
700 for (i = 0; i < num_of_cmds; i++) {
701 idata[i] = mmc_blk_ioctl_copy_from_user(&cmds[i]);
702 if (IS_ERR(idata[i])) {
703 err = PTR_ERR(idata[i]);
704 num_of_cmds = i;
705 goto cmd_err;
706 }
707 /* This will be NULL on non-RPMB ioctl():s */
708 idata[i]->rpmb = rpmb;
709 }
710
711 card = md->queue.card;
712 if (IS_ERR(card)) {
713 err = PTR_ERR(card);
714 goto cmd_err;
715 }
716
717
718 /*
719 * Dispatch the ioctl()s into the block request queue.
720 */
721 mq = &md->queue;
722 req = blk_get_request(mq->queue,
723 idata[0]->ic.write_flag ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN, 0);
724 if (IS_ERR(req)) {
725 err = PTR_ERR(req);
726 goto cmd_err;
727 }
728 req_to_mmc_queue_req(req)->drv_op =
729 rpmb ? MMC_DRV_OP_IOCTL_RPMB : MMC_DRV_OP_IOCTL;
730 req_to_mmc_queue_req(req)->drv_op_data = idata;
731 req_to_mmc_queue_req(req)->ioc_count = num_of_cmds;
732 blk_execute_rq(mq->queue, NULL, req, 0);
733 ioc_err = req_to_mmc_queue_req(req)->drv_op_result;
734
735 /* copy to user if data and response */
736 for (i = 0; i < num_of_cmds && !err; i++)
737 err = mmc_blk_ioctl_copy_to_user(&cmds[i], idata[i]);
738
739 blk_put_request(req);
740
741 cmd_err:
742 for (i = 0; i < num_of_cmds; i++) {
743 kfree(idata[i]->buf);
744 kfree(idata[i]);
745 }
746 kfree(idata);
747 return ioc_err ? ioc_err : err;
748 }
749
mmc_blk_check_blkdev(struct block_device * bdev)750 static int mmc_blk_check_blkdev(struct block_device *bdev)
751 {
752 /*
753 * The caller must have CAP_SYS_RAWIO, and must be calling this on the
754 * whole block device, not on a partition. This prevents overspray
755 * between sibling partitions.
756 */
757 if ((!capable(CAP_SYS_RAWIO)) || (bdev != bdev->bd_contains))
758 return -EPERM;
759 return 0;
760 }
761
mmc_blk_ioctl(struct block_device * bdev,fmode_t mode,unsigned int cmd,unsigned long arg)762 static int mmc_blk_ioctl(struct block_device *bdev, fmode_t mode,
763 unsigned int cmd, unsigned long arg)
764 {
765 struct mmc_blk_data *md;
766 int ret;
767
768 switch (cmd) {
769 case MMC_IOC_CMD:
770 ret = mmc_blk_check_blkdev(bdev);
771 if (ret)
772 return ret;
773 md = mmc_blk_get(bdev->bd_disk);
774 if (!md)
775 return -EINVAL;
776 ret = mmc_blk_ioctl_cmd(md,
777 (struct mmc_ioc_cmd __user *)arg,
778 NULL);
779 mmc_blk_put(md);
780 return ret;
781 case MMC_IOC_MULTI_CMD:
782 ret = mmc_blk_check_blkdev(bdev);
783 if (ret)
784 return ret;
785 md = mmc_blk_get(bdev->bd_disk);
786 if (!md)
787 return -EINVAL;
788 ret = mmc_blk_ioctl_multi_cmd(md,
789 (struct mmc_ioc_multi_cmd __user *)arg,
790 NULL);
791 mmc_blk_put(md);
792 return ret;
793 default:
794 return -EINVAL;
795 }
796 }
797
798 #ifdef CONFIG_COMPAT
mmc_blk_compat_ioctl(struct block_device * bdev,fmode_t mode,unsigned int cmd,unsigned long arg)799 static int mmc_blk_compat_ioctl(struct block_device *bdev, fmode_t mode,
800 unsigned int cmd, unsigned long arg)
801 {
802 return mmc_blk_ioctl(bdev, mode, cmd, (unsigned long) compat_ptr(arg));
803 }
804 #endif
805
806 static const struct block_device_operations mmc_bdops = {
807 .open = mmc_blk_open,
808 .release = mmc_blk_release,
809 .getgeo = mmc_blk_getgeo,
810 .owner = THIS_MODULE,
811 .ioctl = mmc_blk_ioctl,
812 #ifdef CONFIG_COMPAT
813 .compat_ioctl = mmc_blk_compat_ioctl,
814 #endif
815 };
816
mmc_blk_part_switch_pre(struct mmc_card * card,unsigned int part_type)817 static int mmc_blk_part_switch_pre(struct mmc_card *card,
818 unsigned int part_type)
819 {
820 int ret = 0;
821
822 if (part_type == EXT_CSD_PART_CONFIG_ACC_RPMB) {
823 if (card->ext_csd.cmdq_en) {
824 ret = mmc_cmdq_disable(card);
825 if (ret)
826 return ret;
827 }
828 mmc_retune_pause(card->host);
829 }
830
831 return ret;
832 }
833
mmc_blk_part_switch_post(struct mmc_card * card,unsigned int part_type)834 static int mmc_blk_part_switch_post(struct mmc_card *card,
835 unsigned int part_type)
836 {
837 int ret = 0;
838
839 if (part_type == EXT_CSD_PART_CONFIG_ACC_RPMB) {
840 mmc_retune_unpause(card->host);
841 if (card->reenable_cmdq && !card->ext_csd.cmdq_en)
842 ret = mmc_cmdq_enable(card);
843 }
844
845 return ret;
846 }
847
mmc_blk_part_switch(struct mmc_card * card,unsigned int part_type)848 static inline int mmc_blk_part_switch(struct mmc_card *card,
849 unsigned int part_type)
850 {
851 int ret = 0;
852 struct mmc_blk_data *main_md = dev_get_drvdata(&card->dev);
853
854 if (main_md->part_curr == part_type)
855 return 0;
856
857 if (mmc_card_mmc(card)) {
858 u8 part_config = card->ext_csd.part_config;
859
860 ret = mmc_blk_part_switch_pre(card, part_type);
861 if (ret)
862 return ret;
863
864 part_config &= ~EXT_CSD_PART_CONFIG_ACC_MASK;
865 part_config |= part_type;
866
867 ret = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
868 EXT_CSD_PART_CONFIG, part_config,
869 card->ext_csd.part_time);
870 if (ret) {
871 mmc_blk_part_switch_post(card, part_type);
872 return ret;
873 }
874
875 card->ext_csd.part_config = part_config;
876
877 ret = mmc_blk_part_switch_post(card, main_md->part_curr);
878 }
879
880 main_md->part_curr = part_type;
881 return ret;
882 }
883
mmc_sd_num_wr_blocks(struct mmc_card * card,u32 * written_blocks)884 static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks)
885 {
886 int err;
887 u32 result;
888 __be32 *blocks;
889
890 struct mmc_request mrq = {};
891 struct mmc_command cmd = {};
892 struct mmc_data data = {};
893
894 struct scatterlist sg;
895
896 cmd.opcode = MMC_APP_CMD;
897 cmd.arg = card->rca << 16;
898 cmd.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_AC;
899
900 err = mmc_wait_for_cmd(card->host, &cmd, 0);
901 if (err)
902 return err;
903 if (!mmc_host_is_spi(card->host) && !(cmd.resp[0] & R1_APP_CMD))
904 return -EIO;
905
906 memset(&cmd, 0, sizeof(struct mmc_command));
907
908 cmd.opcode = SD_APP_SEND_NUM_WR_BLKS;
909 cmd.arg = 0;
910 cmd.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_ADTC;
911
912 data.blksz = 4;
913 data.blocks = 1;
914 data.flags = MMC_DATA_READ;
915 data.sg = &sg;
916 data.sg_len = 1;
917 mmc_set_data_timeout(&data, card);
918
919 mrq.cmd = &cmd;
920 mrq.data = &data;
921
922 blocks = kmalloc(4, GFP_KERNEL);
923 if (!blocks)
924 return -ENOMEM;
925
926 sg_init_one(&sg, blocks, 4);
927
928 mmc_wait_for_req(card->host, &mrq);
929
930 result = ntohl(*blocks);
931 kfree(blocks);
932
933 if (cmd.error || data.error)
934 return -EIO;
935
936 *written_blocks = result;
937
938 return 0;
939 }
940
mmc_blk_clock_khz(struct mmc_host * host)941 static unsigned int mmc_blk_clock_khz(struct mmc_host *host)
942 {
943 if (host->actual_clock)
944 return host->actual_clock / 1000;
945
946 /* Clock may be subject to a divisor, fudge it by a factor of 2. */
947 if (host->ios.clock)
948 return host->ios.clock / 2000;
949
950 /* How can there be no clock */
951 WARN_ON_ONCE(1);
952 return 100; /* 100 kHz is minimum possible value */
953 }
954
mmc_blk_data_timeout_ms(struct mmc_host * host,struct mmc_data * data)955 static unsigned int mmc_blk_data_timeout_ms(struct mmc_host *host,
956 struct mmc_data *data)
957 {
958 unsigned int ms = DIV_ROUND_UP(data->timeout_ns, 1000000);
959 unsigned int khz;
960
961 if (data->timeout_clks) {
962 khz = mmc_blk_clock_khz(host);
963 ms += DIV_ROUND_UP(data->timeout_clks, khz);
964 }
965
966 return ms;
967 }
968
mmc_blk_in_tran_state(u32 status)969 static inline bool mmc_blk_in_tran_state(u32 status)
970 {
971 /*
972 * Some cards mishandle the status bits, so make sure to check both the
973 * busy indication and the card state.
974 */
975 return status & R1_READY_FOR_DATA &&
976 (R1_CURRENT_STATE(status) == R1_STATE_TRAN);
977 }
978
card_busy_detect(struct mmc_card * card,unsigned int timeout_ms,struct request * req,u32 * resp_errs)979 static int card_busy_detect(struct mmc_card *card, unsigned int timeout_ms,
980 struct request *req, u32 *resp_errs)
981 {
982 unsigned long timeout = jiffies + msecs_to_jiffies(timeout_ms);
983 int err = 0;
984 u32 status;
985
986 do {
987 bool done = time_after(jiffies, timeout);
988
989 err = __mmc_send_status(card, &status, 5);
990 if (err) {
991 pr_err("%s: error %d requesting status\n",
992 req->rq_disk->disk_name, err);
993 return err;
994 }
995
996 /* Accumulate any response error bits seen */
997 if (resp_errs)
998 *resp_errs |= status;
999
1000 /*
1001 * Timeout if the device never becomes ready for data and never
1002 * leaves the program state.
1003 */
1004 if (done) {
1005 pr_err("%s: Card stuck in wrong state! %s %s status: %#x\n",
1006 mmc_hostname(card->host),
1007 req->rq_disk->disk_name, __func__, status);
1008 return -ETIMEDOUT;
1009 }
1010
1011 /*
1012 * Some cards mishandle the status bits,
1013 * so make sure to check both the busy
1014 * indication and the card state.
1015 */
1016 } while (!mmc_blk_in_tran_state(status));
1017
1018 return err;
1019 }
1020
mmc_blk_reset(struct mmc_blk_data * md,struct mmc_host * host,int type)1021 static int mmc_blk_reset(struct mmc_blk_data *md, struct mmc_host *host,
1022 int type)
1023 {
1024 int err;
1025
1026 if (md->reset_done & type)
1027 return -EEXIST;
1028
1029 md->reset_done |= type;
1030 err = mmc_hw_reset(host);
1031 /* Ensure we switch back to the correct partition */
1032 if (err != -EOPNOTSUPP) {
1033 struct mmc_blk_data *main_md =
1034 dev_get_drvdata(&host->card->dev);
1035 int part_err;
1036
1037 main_md->part_curr = main_md->part_type;
1038 part_err = mmc_blk_part_switch(host->card, md->part_type);
1039 if (part_err) {
1040 /*
1041 * We have failed to get back into the correct
1042 * partition, so we need to abort the whole request.
1043 */
1044 return -ENODEV;
1045 }
1046 }
1047 return err;
1048 }
1049
mmc_blk_reset_success(struct mmc_blk_data * md,int type)1050 static inline void mmc_blk_reset_success(struct mmc_blk_data *md, int type)
1051 {
1052 md->reset_done &= ~type;
1053 }
1054
1055 /*
1056 * The non-block commands come back from the block layer after it queued it and
1057 * processed it with all other requests and then they get issued in this
1058 * function.
1059 */
mmc_blk_issue_drv_op(struct mmc_queue * mq,struct request * req)1060 static void mmc_blk_issue_drv_op(struct mmc_queue *mq, struct request *req)
1061 {
1062 struct mmc_queue_req *mq_rq;
1063 struct mmc_card *card = mq->card;
1064 struct mmc_blk_data *md = mq->blkdata;
1065 struct mmc_blk_ioc_data **idata;
1066 bool rpmb_ioctl;
1067 u8 **ext_csd;
1068 u32 status;
1069 int ret;
1070 int i;
1071
1072 mq_rq = req_to_mmc_queue_req(req);
1073 rpmb_ioctl = (mq_rq->drv_op == MMC_DRV_OP_IOCTL_RPMB);
1074
1075 switch (mq_rq->drv_op) {
1076 case MMC_DRV_OP_IOCTL:
1077 case MMC_DRV_OP_IOCTL_RPMB:
1078 idata = mq_rq->drv_op_data;
1079 for (i = 0, ret = 0; i < mq_rq->ioc_count; i++) {
1080 ret = __mmc_blk_ioctl_cmd(card, md, idata[i]);
1081 if (ret)
1082 break;
1083 }
1084 /* Always switch back to main area after RPMB access */
1085 if (rpmb_ioctl)
1086 mmc_blk_part_switch(card, 0);
1087 break;
1088 case MMC_DRV_OP_BOOT_WP:
1089 ret = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP,
1090 card->ext_csd.boot_ro_lock |
1091 EXT_CSD_BOOT_WP_B_PWR_WP_EN,
1092 card->ext_csd.part_time);
1093 if (ret)
1094 pr_err("%s: Locking boot partition ro until next power on failed: %d\n",
1095 md->disk->disk_name, ret);
1096 else
1097 card->ext_csd.boot_ro_lock |=
1098 EXT_CSD_BOOT_WP_B_PWR_WP_EN;
1099 break;
1100 case MMC_DRV_OP_GET_CARD_STATUS:
1101 ret = mmc_send_status(card, &status);
1102 if (!ret)
1103 ret = status;
1104 break;
1105 case MMC_DRV_OP_GET_EXT_CSD:
1106 ext_csd = mq_rq->drv_op_data;
1107 ret = mmc_get_ext_csd(card, ext_csd);
1108 break;
1109 default:
1110 pr_err("%s: unknown driver specific operation\n",
1111 md->disk->disk_name);
1112 ret = -EINVAL;
1113 break;
1114 }
1115 mq_rq->drv_op_result = ret;
1116 blk_mq_end_request(req, ret ? BLK_STS_IOERR : BLK_STS_OK);
1117 }
1118
mmc_blk_issue_discard_rq(struct mmc_queue * mq,struct request * req)1119 static void mmc_blk_issue_discard_rq(struct mmc_queue *mq, struct request *req)
1120 {
1121 struct mmc_blk_data *md = mq->blkdata;
1122 struct mmc_card *card = md->queue.card;
1123 unsigned int from, nr, arg;
1124 int err = 0, type = MMC_BLK_DISCARD;
1125 blk_status_t status = BLK_STS_OK;
1126
1127 if (!mmc_can_erase(card)) {
1128 status = BLK_STS_NOTSUPP;
1129 goto fail;
1130 }
1131
1132 from = blk_rq_pos(req);
1133 nr = blk_rq_sectors(req);
1134
1135 if (mmc_can_discard(card))
1136 arg = MMC_DISCARD_ARG;
1137 else if (mmc_can_trim(card))
1138 arg = MMC_TRIM_ARG;
1139 else
1140 arg = MMC_ERASE_ARG;
1141 do {
1142 err = 0;
1143 if (card->quirks & MMC_QUIRK_INAND_CMD38) {
1144 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
1145 INAND_CMD38_ARG_EXT_CSD,
1146 arg == MMC_TRIM_ARG ?
1147 INAND_CMD38_ARG_TRIM :
1148 INAND_CMD38_ARG_ERASE,
1149 0);
1150 }
1151 if (!err)
1152 err = mmc_erase(card, from, nr, arg);
1153 } while (err == -EIO && !mmc_blk_reset(md, card->host, type));
1154 if (err)
1155 status = BLK_STS_IOERR;
1156 else
1157 mmc_blk_reset_success(md, type);
1158 fail:
1159 blk_mq_end_request(req, status);
1160 }
1161
mmc_blk_issue_secdiscard_rq(struct mmc_queue * mq,struct request * req)1162 static void mmc_blk_issue_secdiscard_rq(struct mmc_queue *mq,
1163 struct request *req)
1164 {
1165 struct mmc_blk_data *md = mq->blkdata;
1166 struct mmc_card *card = md->queue.card;
1167 unsigned int from, nr, arg;
1168 int err = 0, type = MMC_BLK_SECDISCARD;
1169 blk_status_t status = BLK_STS_OK;
1170
1171 if (!(mmc_can_secure_erase_trim(card))) {
1172 status = BLK_STS_NOTSUPP;
1173 goto out;
1174 }
1175
1176 from = blk_rq_pos(req);
1177 nr = blk_rq_sectors(req);
1178
1179 if (mmc_can_trim(card) && !mmc_erase_group_aligned(card, from, nr))
1180 arg = MMC_SECURE_TRIM1_ARG;
1181 else
1182 arg = MMC_SECURE_ERASE_ARG;
1183
1184 retry:
1185 if (card->quirks & MMC_QUIRK_INAND_CMD38) {
1186 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
1187 INAND_CMD38_ARG_EXT_CSD,
1188 arg == MMC_SECURE_TRIM1_ARG ?
1189 INAND_CMD38_ARG_SECTRIM1 :
1190 INAND_CMD38_ARG_SECERASE,
1191 0);
1192 if (err)
1193 goto out_retry;
1194 }
1195
1196 err = mmc_erase(card, from, nr, arg);
1197 if (err == -EIO)
1198 goto out_retry;
1199 if (err) {
1200 status = BLK_STS_IOERR;
1201 goto out;
1202 }
1203
1204 if (arg == MMC_SECURE_TRIM1_ARG) {
1205 if (card->quirks & MMC_QUIRK_INAND_CMD38) {
1206 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
1207 INAND_CMD38_ARG_EXT_CSD,
1208 INAND_CMD38_ARG_SECTRIM2,
1209 0);
1210 if (err)
1211 goto out_retry;
1212 }
1213
1214 err = mmc_erase(card, from, nr, MMC_SECURE_TRIM2_ARG);
1215 if (err == -EIO)
1216 goto out_retry;
1217 if (err) {
1218 status = BLK_STS_IOERR;
1219 goto out;
1220 }
1221 }
1222
1223 out_retry:
1224 if (err && !mmc_blk_reset(md, card->host, type))
1225 goto retry;
1226 if (!err)
1227 mmc_blk_reset_success(md, type);
1228 out:
1229 blk_mq_end_request(req, status);
1230 }
1231
mmc_blk_issue_flush(struct mmc_queue * mq,struct request * req)1232 static void mmc_blk_issue_flush(struct mmc_queue *mq, struct request *req)
1233 {
1234 struct mmc_blk_data *md = mq->blkdata;
1235 struct mmc_card *card = md->queue.card;
1236 int ret = 0;
1237
1238 ret = mmc_flush_cache(card);
1239 blk_mq_end_request(req, ret ? BLK_STS_IOERR : BLK_STS_OK);
1240 }
1241
1242 /*
1243 * Reformat current write as a reliable write, supporting
1244 * both legacy and the enhanced reliable write MMC cards.
1245 * In each transfer we'll handle only as much as a single
1246 * reliable write can handle, thus finish the request in
1247 * partial completions.
1248 */
mmc_apply_rel_rw(struct mmc_blk_request * brq,struct mmc_card * card,struct request * req)1249 static inline void mmc_apply_rel_rw(struct mmc_blk_request *brq,
1250 struct mmc_card *card,
1251 struct request *req)
1252 {
1253 if (!(card->ext_csd.rel_param & EXT_CSD_WR_REL_PARAM_EN)) {
1254 /* Legacy mode imposes restrictions on transfers. */
1255 if (!IS_ALIGNED(blk_rq_pos(req), card->ext_csd.rel_sectors))
1256 brq->data.blocks = 1;
1257
1258 if (brq->data.blocks > card->ext_csd.rel_sectors)
1259 brq->data.blocks = card->ext_csd.rel_sectors;
1260 else if (brq->data.blocks < card->ext_csd.rel_sectors)
1261 brq->data.blocks = 1;
1262 }
1263 }
1264
1265 #define CMD_ERRORS_EXCL_OOR \
1266 (R1_ADDRESS_ERROR | /* Misaligned address */ \
1267 R1_BLOCK_LEN_ERROR | /* Transferred block length incorrect */\
1268 R1_WP_VIOLATION | /* Tried to write to protected block */ \
1269 R1_CARD_ECC_FAILED | /* Card ECC failed */ \
1270 R1_CC_ERROR | /* Card controller error */ \
1271 R1_ERROR) /* General/unknown error */
1272
1273 #define CMD_ERRORS \
1274 (CMD_ERRORS_EXCL_OOR | \
1275 R1_OUT_OF_RANGE) /* Command argument out of range */ \
1276
mmc_blk_eval_resp_error(struct mmc_blk_request * brq)1277 static void mmc_blk_eval_resp_error(struct mmc_blk_request *brq)
1278 {
1279 u32 val;
1280
1281 /*
1282 * Per the SD specification(physical layer version 4.10)[1],
1283 * section 4.3.3, it explicitly states that "When the last
1284 * block of user area is read using CMD18, the host should
1285 * ignore OUT_OF_RANGE error that may occur even the sequence
1286 * is correct". And JESD84-B51 for eMMC also has a similar
1287 * statement on section 6.8.3.
1288 *
1289 * Multiple block read/write could be done by either predefined
1290 * method, namely CMD23, or open-ending mode. For open-ending mode,
1291 * we should ignore the OUT_OF_RANGE error as it's normal behaviour.
1292 *
1293 * However the spec[1] doesn't tell us whether we should also
1294 * ignore that for predefined method. But per the spec[1], section
1295 * 4.15 Set Block Count Command, it says"If illegal block count
1296 * is set, out of range error will be indicated during read/write
1297 * operation (For example, data transfer is stopped at user area
1298 * boundary)." In another word, we could expect a out of range error
1299 * in the response for the following CMD18/25. And if argument of
1300 * CMD23 + the argument of CMD18/25 exceed the max number of blocks,
1301 * we could also expect to get a -ETIMEDOUT or any error number from
1302 * the host drivers due to missing data response(for write)/data(for
1303 * read), as the cards will stop the data transfer by itself per the
1304 * spec. So we only need to check R1_OUT_OF_RANGE for open-ending mode.
1305 */
1306
1307 if (!brq->stop.error) {
1308 bool oor_with_open_end;
1309 /* If there is no error yet, check R1 response */
1310
1311 val = brq->stop.resp[0] & CMD_ERRORS;
1312 oor_with_open_end = val & R1_OUT_OF_RANGE && !brq->mrq.sbc;
1313
1314 if (val && !oor_with_open_end)
1315 brq->stop.error = -EIO;
1316 }
1317 }
1318
mmc_blk_data_prep(struct mmc_queue * mq,struct mmc_queue_req * mqrq,int disable_multi,bool * do_rel_wr_p,bool * do_data_tag_p)1319 static void mmc_blk_data_prep(struct mmc_queue *mq, struct mmc_queue_req *mqrq,
1320 int disable_multi, bool *do_rel_wr_p,
1321 bool *do_data_tag_p)
1322 {
1323 struct mmc_blk_data *md = mq->blkdata;
1324 struct mmc_card *card = md->queue.card;
1325 struct mmc_blk_request *brq = &mqrq->brq;
1326 struct request *req = mmc_queue_req_to_req(mqrq);
1327 bool do_rel_wr, do_data_tag;
1328
1329 /*
1330 * Reliable writes are used to implement Forced Unit Access and
1331 * are supported only on MMCs.
1332 */
1333 do_rel_wr = (req->cmd_flags & REQ_FUA) &&
1334 rq_data_dir(req) == WRITE &&
1335 (md->flags & MMC_BLK_REL_WR);
1336
1337 memset(brq, 0, sizeof(struct mmc_blk_request));
1338
1339 brq->mrq.data = &brq->data;
1340 brq->mrq.tag = req->tag;
1341
1342 brq->stop.opcode = MMC_STOP_TRANSMISSION;
1343 brq->stop.arg = 0;
1344
1345 if (rq_data_dir(req) == READ) {
1346 brq->data.flags = MMC_DATA_READ;
1347 brq->stop.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_AC;
1348 } else {
1349 brq->data.flags = MMC_DATA_WRITE;
1350 brq->stop.flags = MMC_RSP_SPI_R1B | MMC_RSP_R1B | MMC_CMD_AC;
1351 }
1352
1353 brq->data.blksz = 512;
1354 brq->data.blocks = blk_rq_sectors(req);
1355 brq->data.blk_addr = blk_rq_pos(req);
1356
1357 /*
1358 * The command queue supports 2 priorities: "high" (1) and "simple" (0).
1359 * The eMMC will give "high" priority tasks priority over "simple"
1360 * priority tasks. Here we always set "simple" priority by not setting
1361 * MMC_DATA_PRIO.
1362 */
1363
1364 /*
1365 * The block layer doesn't support all sector count
1366 * restrictions, so we need to be prepared for too big
1367 * requests.
1368 */
1369 if (brq->data.blocks > card->host->max_blk_count)
1370 brq->data.blocks = card->host->max_blk_count;
1371
1372 if (brq->data.blocks > 1) {
1373 /*
1374 * Some SD cards in SPI mode return a CRC error or even lock up
1375 * completely when trying to read the last block using a
1376 * multiblock read command.
1377 */
1378 if (mmc_host_is_spi(card->host) && (rq_data_dir(req) == READ) &&
1379 (blk_rq_pos(req) + blk_rq_sectors(req) ==
1380 get_capacity(md->disk)))
1381 brq->data.blocks--;
1382
1383 /*
1384 * After a read error, we redo the request one sector
1385 * at a time in order to accurately determine which
1386 * sectors can be read successfully.
1387 */
1388 if (disable_multi)
1389 brq->data.blocks = 1;
1390
1391 /*
1392 * Some controllers have HW issues while operating
1393 * in multiple I/O mode
1394 */
1395 if (card->host->ops->multi_io_quirk)
1396 brq->data.blocks = card->host->ops->multi_io_quirk(card,
1397 (rq_data_dir(req) == READ) ?
1398 MMC_DATA_READ : MMC_DATA_WRITE,
1399 brq->data.blocks);
1400 }
1401
1402 if (do_rel_wr) {
1403 mmc_apply_rel_rw(brq, card, req);
1404 brq->data.flags |= MMC_DATA_REL_WR;
1405 }
1406
1407 /*
1408 * Data tag is used only during writing meta data to speed
1409 * up write and any subsequent read of this meta data
1410 */
1411 do_data_tag = card->ext_csd.data_tag_unit_size &&
1412 (req->cmd_flags & REQ_META) &&
1413 (rq_data_dir(req) == WRITE) &&
1414 ((brq->data.blocks * brq->data.blksz) >=
1415 card->ext_csd.data_tag_unit_size);
1416
1417 if (do_data_tag)
1418 brq->data.flags |= MMC_DATA_DAT_TAG;
1419
1420 mmc_set_data_timeout(&brq->data, card);
1421
1422 brq->data.sg = mqrq->sg;
1423 brq->data.sg_len = mmc_queue_map_sg(mq, mqrq);
1424
1425 /*
1426 * Adjust the sg list so it is the same size as the
1427 * request.
1428 */
1429 if (brq->data.blocks != blk_rq_sectors(req)) {
1430 int i, data_size = brq->data.blocks << 9;
1431 struct scatterlist *sg;
1432
1433 for_each_sg(brq->data.sg, sg, brq->data.sg_len, i) {
1434 data_size -= sg->length;
1435 if (data_size <= 0) {
1436 sg->length += data_size;
1437 i++;
1438 break;
1439 }
1440 }
1441 brq->data.sg_len = i;
1442 }
1443
1444 if (do_rel_wr_p)
1445 *do_rel_wr_p = do_rel_wr;
1446
1447 if (do_data_tag_p)
1448 *do_data_tag_p = do_data_tag;
1449 }
1450
1451 #define MMC_CQE_RETRIES 2
1452
mmc_blk_cqe_complete_rq(struct mmc_queue * mq,struct request * req)1453 static void mmc_blk_cqe_complete_rq(struct mmc_queue *mq, struct request *req)
1454 {
1455 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1456 struct mmc_request *mrq = &mqrq->brq.mrq;
1457 struct request_queue *q = req->q;
1458 struct mmc_host *host = mq->card->host;
1459 unsigned long flags;
1460 bool put_card;
1461 int err;
1462
1463 mmc_cqe_post_req(host, mrq);
1464
1465 if (mrq->cmd && mrq->cmd->error)
1466 err = mrq->cmd->error;
1467 else if (mrq->data && mrq->data->error)
1468 err = mrq->data->error;
1469 else
1470 err = 0;
1471
1472 if (err) {
1473 if (mqrq->retries++ < MMC_CQE_RETRIES)
1474 blk_mq_requeue_request(req, true);
1475 else
1476 blk_mq_end_request(req, BLK_STS_IOERR);
1477 } else if (mrq->data) {
1478 if (blk_update_request(req, BLK_STS_OK, mrq->data->bytes_xfered))
1479 blk_mq_requeue_request(req, true);
1480 else
1481 __blk_mq_end_request(req, BLK_STS_OK);
1482 } else {
1483 blk_mq_end_request(req, BLK_STS_OK);
1484 }
1485
1486 spin_lock_irqsave(q->queue_lock, flags);
1487
1488 mq->in_flight[mmc_issue_type(mq, req)] -= 1;
1489
1490 put_card = (mmc_tot_in_flight(mq) == 0);
1491
1492 mmc_cqe_check_busy(mq);
1493
1494 spin_unlock_irqrestore(q->queue_lock, flags);
1495
1496 if (!mq->cqe_busy)
1497 blk_mq_run_hw_queues(q, true);
1498
1499 if (put_card)
1500 mmc_put_card(mq->card, &mq->ctx);
1501 }
1502
mmc_blk_cqe_recovery(struct mmc_queue * mq)1503 void mmc_blk_cqe_recovery(struct mmc_queue *mq)
1504 {
1505 struct mmc_card *card = mq->card;
1506 struct mmc_host *host = card->host;
1507 int err;
1508
1509 pr_debug("%s: CQE recovery start\n", mmc_hostname(host));
1510
1511 err = mmc_cqe_recovery(host);
1512 if (err)
1513 mmc_blk_reset(mq->blkdata, host, MMC_BLK_CQE_RECOVERY);
1514 else
1515 mmc_blk_reset_success(mq->blkdata, MMC_BLK_CQE_RECOVERY);
1516
1517 pr_debug("%s: CQE recovery done\n", mmc_hostname(host));
1518 }
1519
mmc_blk_cqe_req_done(struct mmc_request * mrq)1520 static void mmc_blk_cqe_req_done(struct mmc_request *mrq)
1521 {
1522 struct mmc_queue_req *mqrq = container_of(mrq, struct mmc_queue_req,
1523 brq.mrq);
1524 struct request *req = mmc_queue_req_to_req(mqrq);
1525 struct request_queue *q = req->q;
1526 struct mmc_queue *mq = q->queuedata;
1527
1528 /*
1529 * Block layer timeouts race with completions which means the normal
1530 * completion path cannot be used during recovery.
1531 */
1532 if (mq->in_recovery)
1533 mmc_blk_cqe_complete_rq(mq, req);
1534 else
1535 blk_mq_complete_request(req);
1536 }
1537
mmc_blk_cqe_start_req(struct mmc_host * host,struct mmc_request * mrq)1538 static int mmc_blk_cqe_start_req(struct mmc_host *host, struct mmc_request *mrq)
1539 {
1540 mrq->done = mmc_blk_cqe_req_done;
1541 mrq->recovery_notifier = mmc_cqe_recovery_notifier;
1542
1543 return mmc_cqe_start_req(host, mrq);
1544 }
1545
mmc_blk_cqe_prep_dcmd(struct mmc_queue_req * mqrq,struct request * req)1546 static struct mmc_request *mmc_blk_cqe_prep_dcmd(struct mmc_queue_req *mqrq,
1547 struct request *req)
1548 {
1549 struct mmc_blk_request *brq = &mqrq->brq;
1550
1551 memset(brq, 0, sizeof(*brq));
1552
1553 brq->mrq.cmd = &brq->cmd;
1554 brq->mrq.tag = req->tag;
1555
1556 return &brq->mrq;
1557 }
1558
mmc_blk_cqe_issue_flush(struct mmc_queue * mq,struct request * req)1559 static int mmc_blk_cqe_issue_flush(struct mmc_queue *mq, struct request *req)
1560 {
1561 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1562 struct mmc_request *mrq = mmc_blk_cqe_prep_dcmd(mqrq, req);
1563
1564 mrq->cmd->opcode = MMC_SWITCH;
1565 mrq->cmd->arg = (MMC_SWITCH_MODE_WRITE_BYTE << 24) |
1566 (EXT_CSD_FLUSH_CACHE << 16) |
1567 (1 << 8) |
1568 EXT_CSD_CMD_SET_NORMAL;
1569 mrq->cmd->flags = MMC_CMD_AC | MMC_RSP_R1B;
1570
1571 return mmc_blk_cqe_start_req(mq->card->host, mrq);
1572 }
1573
mmc_blk_cqe_issue_rw_rq(struct mmc_queue * mq,struct request * req)1574 static int mmc_blk_cqe_issue_rw_rq(struct mmc_queue *mq, struct request *req)
1575 {
1576 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1577
1578 mmc_blk_data_prep(mq, mqrq, 0, NULL, NULL);
1579
1580 return mmc_blk_cqe_start_req(mq->card->host, &mqrq->brq.mrq);
1581 }
1582
mmc_blk_rw_rq_prep(struct mmc_queue_req * mqrq,struct mmc_card * card,int disable_multi,struct mmc_queue * mq)1583 static void mmc_blk_rw_rq_prep(struct mmc_queue_req *mqrq,
1584 struct mmc_card *card,
1585 int disable_multi,
1586 struct mmc_queue *mq)
1587 {
1588 u32 readcmd, writecmd;
1589 struct mmc_blk_request *brq = &mqrq->brq;
1590 struct request *req = mmc_queue_req_to_req(mqrq);
1591 struct mmc_blk_data *md = mq->blkdata;
1592 bool do_rel_wr, do_data_tag;
1593
1594 mmc_blk_data_prep(mq, mqrq, disable_multi, &do_rel_wr, &do_data_tag);
1595
1596 brq->mrq.cmd = &brq->cmd;
1597
1598 brq->cmd.arg = blk_rq_pos(req);
1599 if (!mmc_card_blockaddr(card))
1600 brq->cmd.arg <<= 9;
1601 brq->cmd.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_ADTC;
1602
1603 if (brq->data.blocks > 1 || do_rel_wr) {
1604 /* SPI multiblock writes terminate using a special
1605 * token, not a STOP_TRANSMISSION request.
1606 */
1607 if (!mmc_host_is_spi(card->host) ||
1608 rq_data_dir(req) == READ)
1609 brq->mrq.stop = &brq->stop;
1610 readcmd = MMC_READ_MULTIPLE_BLOCK;
1611 writecmd = MMC_WRITE_MULTIPLE_BLOCK;
1612 } else {
1613 brq->mrq.stop = NULL;
1614 readcmd = MMC_READ_SINGLE_BLOCK;
1615 writecmd = MMC_WRITE_BLOCK;
1616 }
1617 brq->cmd.opcode = rq_data_dir(req) == READ ? readcmd : writecmd;
1618
1619 /*
1620 * Pre-defined multi-block transfers are preferable to
1621 * open ended-ones (and necessary for reliable writes).
1622 * However, it is not sufficient to just send CMD23,
1623 * and avoid the final CMD12, as on an error condition
1624 * CMD12 (stop) needs to be sent anyway. This, coupled
1625 * with Auto-CMD23 enhancements provided by some
1626 * hosts, means that the complexity of dealing
1627 * with this is best left to the host. If CMD23 is
1628 * supported by card and host, we'll fill sbc in and let
1629 * the host deal with handling it correctly. This means
1630 * that for hosts that don't expose MMC_CAP_CMD23, no
1631 * change of behavior will be observed.
1632 *
1633 * N.B: Some MMC cards experience perf degradation.
1634 * We'll avoid using CMD23-bounded multiblock writes for
1635 * these, while retaining features like reliable writes.
1636 */
1637 if ((md->flags & MMC_BLK_CMD23) && mmc_op_multi(brq->cmd.opcode) &&
1638 (do_rel_wr || !(card->quirks & MMC_QUIRK_BLK_NO_CMD23) ||
1639 do_data_tag)) {
1640 brq->sbc.opcode = MMC_SET_BLOCK_COUNT;
1641 brq->sbc.arg = brq->data.blocks |
1642 (do_rel_wr ? (1 << 31) : 0) |
1643 (do_data_tag ? (1 << 29) : 0);
1644 brq->sbc.flags = MMC_RSP_R1 | MMC_CMD_AC;
1645 brq->mrq.sbc = &brq->sbc;
1646 }
1647 }
1648
1649 #define MMC_MAX_RETRIES 5
1650 #define MMC_DATA_RETRIES 2
1651 #define MMC_NO_RETRIES (MMC_MAX_RETRIES + 1)
1652
mmc_blk_send_stop(struct mmc_card * card,unsigned int timeout)1653 static int mmc_blk_send_stop(struct mmc_card *card, unsigned int timeout)
1654 {
1655 struct mmc_command cmd = {
1656 .opcode = MMC_STOP_TRANSMISSION,
1657 .flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_AC,
1658 /* Some hosts wait for busy anyway, so provide a busy timeout */
1659 .busy_timeout = timeout,
1660 };
1661
1662 return mmc_wait_for_cmd(card->host, &cmd, 5);
1663 }
1664
mmc_blk_fix_state(struct mmc_card * card,struct request * req)1665 static int mmc_blk_fix_state(struct mmc_card *card, struct request *req)
1666 {
1667 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1668 struct mmc_blk_request *brq = &mqrq->brq;
1669 unsigned int timeout = mmc_blk_data_timeout_ms(card->host, &brq->data);
1670 int err;
1671
1672 mmc_retune_hold_now(card->host);
1673
1674 mmc_blk_send_stop(card, timeout);
1675
1676 err = card_busy_detect(card, timeout, req, NULL);
1677
1678 mmc_retune_release(card->host);
1679
1680 return err;
1681 }
1682
1683 #define MMC_READ_SINGLE_RETRIES 2
1684
1685 /* Single sector read during recovery */
mmc_blk_read_single(struct mmc_queue * mq,struct request * req)1686 static void mmc_blk_read_single(struct mmc_queue *mq, struct request *req)
1687 {
1688 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1689 struct mmc_request *mrq = &mqrq->brq.mrq;
1690 struct mmc_card *card = mq->card;
1691 struct mmc_host *host = card->host;
1692 blk_status_t error = BLK_STS_OK;
1693 int retries = 0;
1694
1695 do {
1696 u32 status;
1697 int err;
1698
1699 mmc_blk_rw_rq_prep(mqrq, card, 1, mq);
1700
1701 mmc_wait_for_req(host, mrq);
1702
1703 err = mmc_send_status(card, &status);
1704 if (err)
1705 goto error_exit;
1706
1707 if (!mmc_host_is_spi(host) &&
1708 !mmc_blk_in_tran_state(status)) {
1709 err = mmc_blk_fix_state(card, req);
1710 if (err)
1711 goto error_exit;
1712 }
1713
1714 if (mrq->cmd->error && retries++ < MMC_READ_SINGLE_RETRIES)
1715 continue;
1716
1717 retries = 0;
1718
1719 if (mrq->cmd->error ||
1720 mrq->data->error ||
1721 (!mmc_host_is_spi(host) &&
1722 (mrq->cmd->resp[0] & CMD_ERRORS || status & CMD_ERRORS)))
1723 error = BLK_STS_IOERR;
1724 else
1725 error = BLK_STS_OK;
1726
1727 } while (blk_update_request(req, error, 512));
1728
1729 return;
1730
1731 error_exit:
1732 mrq->data->bytes_xfered = 0;
1733 blk_update_request(req, BLK_STS_IOERR, 512);
1734 /* Let it try the remaining request again */
1735 if (mqrq->retries > MMC_MAX_RETRIES - 1)
1736 mqrq->retries = MMC_MAX_RETRIES - 1;
1737 }
1738
mmc_blk_oor_valid(struct mmc_blk_request * brq)1739 static inline bool mmc_blk_oor_valid(struct mmc_blk_request *brq)
1740 {
1741 return !!brq->mrq.sbc;
1742 }
1743
mmc_blk_stop_err_bits(struct mmc_blk_request * brq)1744 static inline u32 mmc_blk_stop_err_bits(struct mmc_blk_request *brq)
1745 {
1746 return mmc_blk_oor_valid(brq) ? CMD_ERRORS : CMD_ERRORS_EXCL_OOR;
1747 }
1748
1749 /*
1750 * Check for errors the host controller driver might not have seen such as
1751 * response mode errors or invalid card state.
1752 */
mmc_blk_status_error(struct request * req,u32 status)1753 static bool mmc_blk_status_error(struct request *req, u32 status)
1754 {
1755 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1756 struct mmc_blk_request *brq = &mqrq->brq;
1757 struct mmc_queue *mq = req->q->queuedata;
1758 u32 stop_err_bits;
1759
1760 if (mmc_host_is_spi(mq->card->host))
1761 return false;
1762
1763 stop_err_bits = mmc_blk_stop_err_bits(brq);
1764
1765 return brq->cmd.resp[0] & CMD_ERRORS ||
1766 brq->stop.resp[0] & stop_err_bits ||
1767 status & stop_err_bits ||
1768 (rq_data_dir(req) == WRITE && !mmc_blk_in_tran_state(status));
1769 }
1770
mmc_blk_cmd_started(struct mmc_blk_request * brq)1771 static inline bool mmc_blk_cmd_started(struct mmc_blk_request *brq)
1772 {
1773 return !brq->sbc.error && !brq->cmd.error &&
1774 !(brq->cmd.resp[0] & CMD_ERRORS);
1775 }
1776
1777 /*
1778 * Requests are completed by mmc_blk_mq_complete_rq() which sets simple
1779 * policy:
1780 * 1. A request that has transferred at least some data is considered
1781 * successful and will be requeued if there is remaining data to
1782 * transfer.
1783 * 2. Otherwise the number of retries is incremented and the request
1784 * will be requeued if there are remaining retries.
1785 * 3. Otherwise the request will be errored out.
1786 * That means mmc_blk_mq_complete_rq() is controlled by bytes_xfered and
1787 * mqrq->retries. So there are only 4 possible actions here:
1788 * 1. do not accept the bytes_xfered value i.e. set it to zero
1789 * 2. change mqrq->retries to determine the number of retries
1790 * 3. try to reset the card
1791 * 4. read one sector at a time
1792 */
mmc_blk_mq_rw_recovery(struct mmc_queue * mq,struct request * req)1793 static void mmc_blk_mq_rw_recovery(struct mmc_queue *mq, struct request *req)
1794 {
1795 int type = rq_data_dir(req) == READ ? MMC_BLK_READ : MMC_BLK_WRITE;
1796 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1797 struct mmc_blk_request *brq = &mqrq->brq;
1798 struct mmc_blk_data *md = mq->blkdata;
1799 struct mmc_card *card = mq->card;
1800 u32 status;
1801 u32 blocks;
1802 int err;
1803
1804 /*
1805 * Some errors the host driver might not have seen. Set the number of
1806 * bytes transferred to zero in that case.
1807 */
1808 err = __mmc_send_status(card, &status, 0);
1809 if (err || mmc_blk_status_error(req, status))
1810 brq->data.bytes_xfered = 0;
1811
1812 mmc_retune_release(card->host);
1813
1814 /*
1815 * Try again to get the status. This also provides an opportunity for
1816 * re-tuning.
1817 */
1818 if (err)
1819 err = __mmc_send_status(card, &status, 0);
1820
1821 /*
1822 * Nothing more to do after the number of bytes transferred has been
1823 * updated and there is no card.
1824 */
1825 if (err && mmc_detect_card_removed(card->host))
1826 return;
1827
1828 /* Try to get back to "tran" state */
1829 if (!mmc_host_is_spi(mq->card->host) &&
1830 (err || !mmc_blk_in_tran_state(status)))
1831 err = mmc_blk_fix_state(mq->card, req);
1832
1833 /*
1834 * Special case for SD cards where the card might record the number of
1835 * blocks written.
1836 */
1837 if (!err && mmc_blk_cmd_started(brq) && mmc_card_sd(card) &&
1838 rq_data_dir(req) == WRITE) {
1839 if (mmc_sd_num_wr_blocks(card, &blocks))
1840 brq->data.bytes_xfered = 0;
1841 else
1842 brq->data.bytes_xfered = blocks << 9;
1843 }
1844
1845 /* Reset if the card is in a bad state */
1846 if (!mmc_host_is_spi(mq->card->host) &&
1847 err && mmc_blk_reset(md, card->host, type)) {
1848 pr_err("%s: recovery failed!\n", req->rq_disk->disk_name);
1849 mqrq->retries = MMC_NO_RETRIES;
1850 return;
1851 }
1852
1853 /*
1854 * If anything was done, just return and if there is anything remaining
1855 * on the request it will get requeued.
1856 */
1857 if (brq->data.bytes_xfered)
1858 return;
1859
1860 /* Reset before last retry */
1861 if (mqrq->retries + 1 == MMC_MAX_RETRIES)
1862 mmc_blk_reset(md, card->host, type);
1863
1864 /* Command errors fail fast, so use all MMC_MAX_RETRIES */
1865 if (brq->sbc.error || brq->cmd.error)
1866 return;
1867
1868 /* Reduce the remaining retries for data errors */
1869 if (mqrq->retries < MMC_MAX_RETRIES - MMC_DATA_RETRIES) {
1870 mqrq->retries = MMC_MAX_RETRIES - MMC_DATA_RETRIES;
1871 return;
1872 }
1873
1874 /* FIXME: Missing single sector read for large sector size */
1875 if (!mmc_large_sector(card) && rq_data_dir(req) == READ &&
1876 brq->data.blocks > 1) {
1877 /* Read one sector at a time */
1878 mmc_blk_read_single(mq, req);
1879 return;
1880 }
1881 }
1882
mmc_blk_rq_error(struct mmc_blk_request * brq)1883 static inline bool mmc_blk_rq_error(struct mmc_blk_request *brq)
1884 {
1885 mmc_blk_eval_resp_error(brq);
1886
1887 return brq->sbc.error || brq->cmd.error || brq->stop.error ||
1888 brq->data.error || brq->cmd.resp[0] & CMD_ERRORS;
1889 }
1890
mmc_blk_card_busy(struct mmc_card * card,struct request * req)1891 static int mmc_blk_card_busy(struct mmc_card *card, struct request *req)
1892 {
1893 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1894 u32 status = 0;
1895 int err;
1896
1897 if (mmc_host_is_spi(card->host) || rq_data_dir(req) == READ)
1898 return 0;
1899
1900 err = card_busy_detect(card, MMC_BLK_TIMEOUT_MS, req, &status);
1901
1902 /*
1903 * Do not assume data transferred correctly if there are any error bits
1904 * set.
1905 */
1906 if (status & mmc_blk_stop_err_bits(&mqrq->brq)) {
1907 mqrq->brq.data.bytes_xfered = 0;
1908 err = err ? err : -EIO;
1909 }
1910
1911 /* Copy the exception bit so it will be seen later on */
1912 if (mmc_card_mmc(card) && status & R1_EXCEPTION_EVENT)
1913 mqrq->brq.cmd.resp[0] |= R1_EXCEPTION_EVENT;
1914
1915 return err;
1916 }
1917
mmc_blk_rw_reset_success(struct mmc_queue * mq,struct request * req)1918 static inline void mmc_blk_rw_reset_success(struct mmc_queue *mq,
1919 struct request *req)
1920 {
1921 int type = rq_data_dir(req) == READ ? MMC_BLK_READ : MMC_BLK_WRITE;
1922
1923 mmc_blk_reset_success(mq->blkdata, type);
1924 }
1925
mmc_blk_mq_complete_rq(struct mmc_queue * mq,struct request * req)1926 static void mmc_blk_mq_complete_rq(struct mmc_queue *mq, struct request *req)
1927 {
1928 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1929 unsigned int nr_bytes = mqrq->brq.data.bytes_xfered;
1930
1931 if (nr_bytes) {
1932 if (blk_update_request(req, BLK_STS_OK, nr_bytes))
1933 blk_mq_requeue_request(req, true);
1934 else
1935 __blk_mq_end_request(req, BLK_STS_OK);
1936 } else if (!blk_rq_bytes(req)) {
1937 __blk_mq_end_request(req, BLK_STS_IOERR);
1938 } else if (mqrq->retries++ < MMC_MAX_RETRIES) {
1939 blk_mq_requeue_request(req, true);
1940 } else {
1941 if (mmc_card_removed(mq->card))
1942 req->rq_flags |= RQF_QUIET;
1943 blk_mq_end_request(req, BLK_STS_IOERR);
1944 }
1945 }
1946
mmc_blk_urgent_bkops_needed(struct mmc_queue * mq,struct mmc_queue_req * mqrq)1947 static bool mmc_blk_urgent_bkops_needed(struct mmc_queue *mq,
1948 struct mmc_queue_req *mqrq)
1949 {
1950 return mmc_card_mmc(mq->card) && !mmc_host_is_spi(mq->card->host) &&
1951 (mqrq->brq.cmd.resp[0] & R1_EXCEPTION_EVENT ||
1952 mqrq->brq.stop.resp[0] & R1_EXCEPTION_EVENT);
1953 }
1954
mmc_blk_urgent_bkops(struct mmc_queue * mq,struct mmc_queue_req * mqrq)1955 static void mmc_blk_urgent_bkops(struct mmc_queue *mq,
1956 struct mmc_queue_req *mqrq)
1957 {
1958 if (mmc_blk_urgent_bkops_needed(mq, mqrq))
1959 mmc_start_bkops(mq->card, true);
1960 }
1961
mmc_blk_mq_complete(struct request * req)1962 void mmc_blk_mq_complete(struct request *req)
1963 {
1964 struct mmc_queue *mq = req->q->queuedata;
1965
1966 if (mq->use_cqe)
1967 mmc_blk_cqe_complete_rq(mq, req);
1968 else
1969 mmc_blk_mq_complete_rq(mq, req);
1970 }
1971
mmc_blk_mq_poll_completion(struct mmc_queue * mq,struct request * req)1972 static void mmc_blk_mq_poll_completion(struct mmc_queue *mq,
1973 struct request *req)
1974 {
1975 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
1976 struct mmc_host *host = mq->card->host;
1977
1978 if (mmc_blk_rq_error(&mqrq->brq) ||
1979 mmc_blk_card_busy(mq->card, req)) {
1980 mmc_blk_mq_rw_recovery(mq, req);
1981 } else {
1982 mmc_blk_rw_reset_success(mq, req);
1983 mmc_retune_release(host);
1984 }
1985
1986 mmc_blk_urgent_bkops(mq, mqrq);
1987 }
1988
mmc_blk_mq_dec_in_flight(struct mmc_queue * mq,struct request * req)1989 static void mmc_blk_mq_dec_in_flight(struct mmc_queue *mq, struct request *req)
1990 {
1991 struct request_queue *q = req->q;
1992 unsigned long flags;
1993 bool put_card;
1994
1995 spin_lock_irqsave(q->queue_lock, flags);
1996
1997 mq->in_flight[mmc_issue_type(mq, req)] -= 1;
1998
1999 put_card = (mmc_tot_in_flight(mq) == 0);
2000
2001 spin_unlock_irqrestore(q->queue_lock, flags);
2002
2003 if (put_card)
2004 mmc_put_card(mq->card, &mq->ctx);
2005 }
2006
mmc_blk_mq_post_req(struct mmc_queue * mq,struct request * req)2007 static void mmc_blk_mq_post_req(struct mmc_queue *mq, struct request *req)
2008 {
2009 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
2010 struct mmc_request *mrq = &mqrq->brq.mrq;
2011 struct mmc_host *host = mq->card->host;
2012
2013 mmc_post_req(host, mrq, 0);
2014
2015 /*
2016 * Block layer timeouts race with completions which means the normal
2017 * completion path cannot be used during recovery.
2018 */
2019 if (mq->in_recovery)
2020 mmc_blk_mq_complete_rq(mq, req);
2021 else
2022 blk_mq_complete_request(req);
2023
2024 mmc_blk_mq_dec_in_flight(mq, req);
2025 }
2026
mmc_blk_mq_recovery(struct mmc_queue * mq)2027 void mmc_blk_mq_recovery(struct mmc_queue *mq)
2028 {
2029 struct request *req = mq->recovery_req;
2030 struct mmc_host *host = mq->card->host;
2031 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
2032
2033 mq->recovery_req = NULL;
2034 mq->rw_wait = false;
2035
2036 if (mmc_blk_rq_error(&mqrq->brq)) {
2037 mmc_retune_hold_now(host);
2038 mmc_blk_mq_rw_recovery(mq, req);
2039 }
2040
2041 mmc_blk_urgent_bkops(mq, mqrq);
2042
2043 mmc_blk_mq_post_req(mq, req);
2044 }
2045
mmc_blk_mq_complete_prev_req(struct mmc_queue * mq,struct request ** prev_req)2046 static void mmc_blk_mq_complete_prev_req(struct mmc_queue *mq,
2047 struct request **prev_req)
2048 {
2049 if (mmc_host_done_complete(mq->card->host))
2050 return;
2051
2052 mutex_lock(&mq->complete_lock);
2053
2054 if (!mq->complete_req)
2055 goto out_unlock;
2056
2057 mmc_blk_mq_poll_completion(mq, mq->complete_req);
2058
2059 if (prev_req)
2060 *prev_req = mq->complete_req;
2061 else
2062 mmc_blk_mq_post_req(mq, mq->complete_req);
2063
2064 mq->complete_req = NULL;
2065
2066 out_unlock:
2067 mutex_unlock(&mq->complete_lock);
2068 }
2069
mmc_blk_mq_complete_work(struct work_struct * work)2070 void mmc_blk_mq_complete_work(struct work_struct *work)
2071 {
2072 struct mmc_queue *mq = container_of(work, struct mmc_queue,
2073 complete_work);
2074
2075 mmc_blk_mq_complete_prev_req(mq, NULL);
2076 }
2077
mmc_blk_mq_req_done(struct mmc_request * mrq)2078 static void mmc_blk_mq_req_done(struct mmc_request *mrq)
2079 {
2080 struct mmc_queue_req *mqrq = container_of(mrq, struct mmc_queue_req,
2081 brq.mrq);
2082 struct request *req = mmc_queue_req_to_req(mqrq);
2083 struct request_queue *q = req->q;
2084 struct mmc_queue *mq = q->queuedata;
2085 struct mmc_host *host = mq->card->host;
2086 unsigned long flags;
2087
2088 if (!mmc_host_done_complete(host)) {
2089 bool waiting;
2090
2091 /*
2092 * We cannot complete the request in this context, so record
2093 * that there is a request to complete, and that a following
2094 * request does not need to wait (although it does need to
2095 * complete complete_req first).
2096 */
2097 spin_lock_irqsave(q->queue_lock, flags);
2098 mq->complete_req = req;
2099 mq->rw_wait = false;
2100 waiting = mq->waiting;
2101 spin_unlock_irqrestore(q->queue_lock, flags);
2102
2103 /*
2104 * If 'waiting' then the waiting task will complete this
2105 * request, otherwise queue a work to do it. Note that
2106 * complete_work may still race with the dispatch of a following
2107 * request.
2108 */
2109 if (waiting)
2110 wake_up(&mq->wait);
2111 else
2112 kblockd_schedule_work(&mq->complete_work);
2113
2114 return;
2115 }
2116
2117 /* Take the recovery path for errors or urgent background operations */
2118 if (mmc_blk_rq_error(&mqrq->brq) ||
2119 mmc_blk_urgent_bkops_needed(mq, mqrq)) {
2120 spin_lock_irqsave(q->queue_lock, flags);
2121 mq->recovery_needed = true;
2122 mq->recovery_req = req;
2123 spin_unlock_irqrestore(q->queue_lock, flags);
2124 wake_up(&mq->wait);
2125 schedule_work(&mq->recovery_work);
2126 return;
2127 }
2128
2129 mmc_blk_rw_reset_success(mq, req);
2130
2131 mq->rw_wait = false;
2132 wake_up(&mq->wait);
2133
2134 mmc_blk_mq_post_req(mq, req);
2135 }
2136
mmc_blk_rw_wait_cond(struct mmc_queue * mq,int * err)2137 static bool mmc_blk_rw_wait_cond(struct mmc_queue *mq, int *err)
2138 {
2139 struct request_queue *q = mq->queue;
2140 unsigned long flags;
2141 bool done;
2142
2143 /*
2144 * Wait while there is another request in progress, but not if recovery
2145 * is needed. Also indicate whether there is a request waiting to start.
2146 */
2147 spin_lock_irqsave(q->queue_lock, flags);
2148 if (mq->recovery_needed) {
2149 *err = -EBUSY;
2150 done = true;
2151 } else {
2152 done = !mq->rw_wait;
2153 }
2154 mq->waiting = !done;
2155 spin_unlock_irqrestore(q->queue_lock, flags);
2156
2157 return done;
2158 }
2159
mmc_blk_rw_wait(struct mmc_queue * mq,struct request ** prev_req)2160 static int mmc_blk_rw_wait(struct mmc_queue *mq, struct request **prev_req)
2161 {
2162 int err = 0;
2163
2164 wait_event(mq->wait, mmc_blk_rw_wait_cond(mq, &err));
2165
2166 /* Always complete the previous request if there is one */
2167 mmc_blk_mq_complete_prev_req(mq, prev_req);
2168
2169 return err;
2170 }
2171
mmc_blk_mq_issue_rw_rq(struct mmc_queue * mq,struct request * req)2172 static int mmc_blk_mq_issue_rw_rq(struct mmc_queue *mq,
2173 struct request *req)
2174 {
2175 struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req);
2176 struct mmc_host *host = mq->card->host;
2177 struct request *prev_req = NULL;
2178 int err = 0;
2179
2180 mmc_blk_rw_rq_prep(mqrq, mq->card, 0, mq);
2181
2182 mqrq->brq.mrq.done = mmc_blk_mq_req_done;
2183
2184 mmc_pre_req(host, &mqrq->brq.mrq);
2185
2186 err = mmc_blk_rw_wait(mq, &prev_req);
2187 if (err)
2188 goto out_post_req;
2189
2190 mq->rw_wait = true;
2191
2192 err = mmc_start_request(host, &mqrq->brq.mrq);
2193
2194 if (prev_req)
2195 mmc_blk_mq_post_req(mq, prev_req);
2196
2197 if (err)
2198 mq->rw_wait = false;
2199
2200 /* Release re-tuning here where there is no synchronization required */
2201 if (err || mmc_host_done_complete(host))
2202 mmc_retune_release(host);
2203
2204 out_post_req:
2205 if (err)
2206 mmc_post_req(host, &mqrq->brq.mrq, err);
2207
2208 return err;
2209 }
2210
mmc_blk_wait_for_idle(struct mmc_queue * mq,struct mmc_host * host)2211 static int mmc_blk_wait_for_idle(struct mmc_queue *mq, struct mmc_host *host)
2212 {
2213 if (mq->use_cqe)
2214 return host->cqe_ops->cqe_wait_for_idle(host);
2215
2216 return mmc_blk_rw_wait(mq, NULL);
2217 }
2218
mmc_blk_mq_issue_rq(struct mmc_queue * mq,struct request * req)2219 enum mmc_issued mmc_blk_mq_issue_rq(struct mmc_queue *mq, struct request *req)
2220 {
2221 struct mmc_blk_data *md = mq->blkdata;
2222 struct mmc_card *card = md->queue.card;
2223 struct mmc_host *host = card->host;
2224 int ret;
2225
2226 ret = mmc_blk_part_switch(card, md->part_type);
2227 if (ret)
2228 return MMC_REQ_FAILED_TO_START;
2229
2230 switch (mmc_issue_type(mq, req)) {
2231 case MMC_ISSUE_SYNC:
2232 ret = mmc_blk_wait_for_idle(mq, host);
2233 if (ret)
2234 return MMC_REQ_BUSY;
2235 switch (req_op(req)) {
2236 case REQ_OP_DRV_IN:
2237 case REQ_OP_DRV_OUT:
2238 mmc_blk_issue_drv_op(mq, req);
2239 break;
2240 case REQ_OP_DISCARD:
2241 mmc_blk_issue_discard_rq(mq, req);
2242 break;
2243 case REQ_OP_SECURE_ERASE:
2244 mmc_blk_issue_secdiscard_rq(mq, req);
2245 break;
2246 case REQ_OP_FLUSH:
2247 mmc_blk_issue_flush(mq, req);
2248 break;
2249 default:
2250 WARN_ON_ONCE(1);
2251 return MMC_REQ_FAILED_TO_START;
2252 }
2253 return MMC_REQ_FINISHED;
2254 case MMC_ISSUE_DCMD:
2255 case MMC_ISSUE_ASYNC:
2256 switch (req_op(req)) {
2257 case REQ_OP_FLUSH:
2258 ret = mmc_blk_cqe_issue_flush(mq, req);
2259 break;
2260 case REQ_OP_READ:
2261 case REQ_OP_WRITE:
2262 if (mq->use_cqe)
2263 ret = mmc_blk_cqe_issue_rw_rq(mq, req);
2264 else
2265 ret = mmc_blk_mq_issue_rw_rq(mq, req);
2266 break;
2267 default:
2268 WARN_ON_ONCE(1);
2269 ret = -EINVAL;
2270 }
2271 if (!ret)
2272 return MMC_REQ_STARTED;
2273 return ret == -EBUSY ? MMC_REQ_BUSY : MMC_REQ_FAILED_TO_START;
2274 default:
2275 WARN_ON_ONCE(1);
2276 return MMC_REQ_FAILED_TO_START;
2277 }
2278 }
2279
mmc_blk_readonly(struct mmc_card * card)2280 static inline int mmc_blk_readonly(struct mmc_card *card)
2281 {
2282 return mmc_card_readonly(card) ||
2283 !(card->csd.cmdclass & CCC_BLOCK_WRITE);
2284 }
2285
mmc_blk_alloc_req(struct mmc_card * card,struct device * parent,sector_t size,bool default_ro,const char * subname,int area_type)2286 static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
2287 struct device *parent,
2288 sector_t size,
2289 bool default_ro,
2290 const char *subname,
2291 int area_type)
2292 {
2293 struct mmc_blk_data *md;
2294 int devidx, ret;
2295
2296 devidx = ida_simple_get(&mmc_blk_ida, 0, max_devices, GFP_KERNEL);
2297 if (devidx < 0) {
2298 /*
2299 * We get -ENOSPC because there are no more any available
2300 * devidx. The reason may be that, either userspace haven't yet
2301 * unmounted the partitions, which postpones mmc_blk_release()
2302 * from being called, or the device has more partitions than
2303 * what we support.
2304 */
2305 if (devidx == -ENOSPC)
2306 dev_err(mmc_dev(card->host),
2307 "no more device IDs available\n");
2308
2309 return ERR_PTR(devidx);
2310 }
2311
2312 md = kzalloc(sizeof(struct mmc_blk_data), GFP_KERNEL);
2313 if (!md) {
2314 ret = -ENOMEM;
2315 goto out;
2316 }
2317
2318 md->area_type = area_type;
2319
2320 /*
2321 * Set the read-only status based on the supported commands
2322 * and the write protect switch.
2323 */
2324 md->read_only = mmc_blk_readonly(card);
2325
2326 md->disk = alloc_disk(perdev_minors);
2327 if (md->disk == NULL) {
2328 ret = -ENOMEM;
2329 goto err_kfree;
2330 }
2331
2332 spin_lock_init(&md->lock);
2333 INIT_LIST_HEAD(&md->part);
2334 INIT_LIST_HEAD(&md->rpmbs);
2335 md->usage = 1;
2336
2337 ret = mmc_init_queue(&md->queue, card, &md->lock, subname);
2338 if (ret)
2339 goto err_putdisk;
2340
2341 md->queue.blkdata = md;
2342
2343 /*
2344 * Keep an extra reference to the queue so that we can shutdown the
2345 * queue (i.e. call blk_cleanup_queue()) while there are still
2346 * references to the 'md'. The corresponding blk_put_queue() is in
2347 * mmc_blk_put().
2348 */
2349 if (!blk_get_queue(md->queue.queue)) {
2350 mmc_cleanup_queue(&md->queue);
2351 ret = -ENODEV;
2352 goto err_putdisk;
2353 }
2354
2355 md->disk->major = MMC_BLOCK_MAJOR;
2356 md->disk->first_minor = devidx * perdev_minors;
2357 md->disk->fops = &mmc_bdops;
2358 md->disk->private_data = md;
2359 md->disk->queue = md->queue.queue;
2360 md->parent = parent;
2361 set_disk_ro(md->disk, md->read_only || default_ro);
2362 md->disk->flags = GENHD_FL_EXT_DEVT;
2363 if (area_type & (MMC_BLK_DATA_AREA_RPMB | MMC_BLK_DATA_AREA_BOOT))
2364 md->disk->flags |= GENHD_FL_NO_PART_SCAN
2365 | GENHD_FL_SUPPRESS_PARTITION_INFO;
2366
2367 /*
2368 * As discussed on lkml, GENHD_FL_REMOVABLE should:
2369 *
2370 * - be set for removable media with permanent block devices
2371 * - be unset for removable block devices with permanent media
2372 *
2373 * Since MMC block devices clearly fall under the second
2374 * case, we do not set GENHD_FL_REMOVABLE. Userspace
2375 * should use the block device creation/destruction hotplug
2376 * messages to tell when the card is present.
2377 */
2378
2379 snprintf(md->disk->disk_name, sizeof(md->disk->disk_name),
2380 "mmcblk%u%s", card->host->index, subname ? subname : "");
2381
2382 if (mmc_card_mmc(card))
2383 blk_queue_logical_block_size(md->queue.queue,
2384 card->ext_csd.data_sector_size);
2385 else
2386 blk_queue_logical_block_size(md->queue.queue, 512);
2387
2388 set_capacity(md->disk, size);
2389
2390 if (mmc_host_cmd23(card->host)) {
2391 if ((mmc_card_mmc(card) &&
2392 card->csd.mmca_vsn >= CSD_SPEC_VER_3) ||
2393 (mmc_card_sd(card) &&
2394 card->scr.cmds & SD_SCR_CMD23_SUPPORT))
2395 md->flags |= MMC_BLK_CMD23;
2396 }
2397
2398 if (mmc_card_mmc(card) &&
2399 md->flags & MMC_BLK_CMD23 &&
2400 ((card->ext_csd.rel_param & EXT_CSD_WR_REL_PARAM_EN) ||
2401 card->ext_csd.rel_sectors)) {
2402 md->flags |= MMC_BLK_REL_WR;
2403 blk_queue_write_cache(md->queue.queue, true, true);
2404 }
2405
2406 return md;
2407
2408 err_putdisk:
2409 put_disk(md->disk);
2410 err_kfree:
2411 kfree(md);
2412 out:
2413 ida_simple_remove(&mmc_blk_ida, devidx);
2414 return ERR_PTR(ret);
2415 }
2416
mmc_blk_alloc(struct mmc_card * card)2417 static struct mmc_blk_data *mmc_blk_alloc(struct mmc_card *card)
2418 {
2419 sector_t size;
2420
2421 if (!mmc_card_sd(card) && mmc_card_blockaddr(card)) {
2422 /*
2423 * The EXT_CSD sector count is in number or 512 byte
2424 * sectors.
2425 */
2426 size = card->ext_csd.sectors;
2427 } else {
2428 /*
2429 * The CSD capacity field is in units of read_blkbits.
2430 * set_capacity takes units of 512 bytes.
2431 */
2432 size = (typeof(sector_t))card->csd.capacity
2433 << (card->csd.read_blkbits - 9);
2434 }
2435
2436 return mmc_blk_alloc_req(card, &card->dev, size, false, NULL,
2437 MMC_BLK_DATA_AREA_MAIN);
2438 }
2439
mmc_blk_alloc_part(struct mmc_card * card,struct mmc_blk_data * md,unsigned int part_type,sector_t size,bool default_ro,const char * subname,int area_type)2440 static int mmc_blk_alloc_part(struct mmc_card *card,
2441 struct mmc_blk_data *md,
2442 unsigned int part_type,
2443 sector_t size,
2444 bool default_ro,
2445 const char *subname,
2446 int area_type)
2447 {
2448 char cap_str[10];
2449 struct mmc_blk_data *part_md;
2450
2451 part_md = mmc_blk_alloc_req(card, disk_to_dev(md->disk), size, default_ro,
2452 subname, area_type);
2453 if (IS_ERR(part_md))
2454 return PTR_ERR(part_md);
2455 part_md->part_type = part_type;
2456 list_add(&part_md->part, &md->part);
2457
2458 string_get_size((u64)get_capacity(part_md->disk), 512, STRING_UNITS_2,
2459 cap_str, sizeof(cap_str));
2460 pr_info("%s: %s %s partition %u %s\n",
2461 part_md->disk->disk_name, mmc_card_id(card),
2462 mmc_card_name(card), part_md->part_type, cap_str);
2463 return 0;
2464 }
2465
2466 /**
2467 * mmc_rpmb_ioctl() - ioctl handler for the RPMB chardev
2468 * @filp: the character device file
2469 * @cmd: the ioctl() command
2470 * @arg: the argument from userspace
2471 *
2472 * This will essentially just redirect the ioctl()s coming in over to
2473 * the main block device spawning the RPMB character device.
2474 */
mmc_rpmb_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)2475 static long mmc_rpmb_ioctl(struct file *filp, unsigned int cmd,
2476 unsigned long arg)
2477 {
2478 struct mmc_rpmb_data *rpmb = filp->private_data;
2479 int ret;
2480
2481 switch (cmd) {
2482 case MMC_IOC_CMD:
2483 ret = mmc_blk_ioctl_cmd(rpmb->md,
2484 (struct mmc_ioc_cmd __user *)arg,
2485 rpmb);
2486 break;
2487 case MMC_IOC_MULTI_CMD:
2488 ret = mmc_blk_ioctl_multi_cmd(rpmb->md,
2489 (struct mmc_ioc_multi_cmd __user *)arg,
2490 rpmb);
2491 break;
2492 default:
2493 ret = -EINVAL;
2494 break;
2495 }
2496
2497 return ret;
2498 }
2499
2500 #ifdef CONFIG_COMPAT
mmc_rpmb_ioctl_compat(struct file * filp,unsigned int cmd,unsigned long arg)2501 static long mmc_rpmb_ioctl_compat(struct file *filp, unsigned int cmd,
2502 unsigned long arg)
2503 {
2504 return mmc_rpmb_ioctl(filp, cmd, (unsigned long)compat_ptr(arg));
2505 }
2506 #endif
2507
mmc_rpmb_chrdev_open(struct inode * inode,struct file * filp)2508 static int mmc_rpmb_chrdev_open(struct inode *inode, struct file *filp)
2509 {
2510 struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
2511 struct mmc_rpmb_data, chrdev);
2512
2513 get_device(&rpmb->dev);
2514 filp->private_data = rpmb;
2515 mmc_blk_get(rpmb->md->disk);
2516
2517 return nonseekable_open(inode, filp);
2518 }
2519
mmc_rpmb_chrdev_release(struct inode * inode,struct file * filp)2520 static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
2521 {
2522 struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
2523 struct mmc_rpmb_data, chrdev);
2524
2525 put_device(&rpmb->dev);
2526 mmc_blk_put(rpmb->md);
2527
2528 return 0;
2529 }
2530
2531 static const struct file_operations mmc_rpmb_fileops = {
2532 .release = mmc_rpmb_chrdev_release,
2533 .open = mmc_rpmb_chrdev_open,
2534 .owner = THIS_MODULE,
2535 .llseek = no_llseek,
2536 .unlocked_ioctl = mmc_rpmb_ioctl,
2537 #ifdef CONFIG_COMPAT
2538 .compat_ioctl = mmc_rpmb_ioctl_compat,
2539 #endif
2540 };
2541
mmc_blk_rpmb_device_release(struct device * dev)2542 static void mmc_blk_rpmb_device_release(struct device *dev)
2543 {
2544 struct mmc_rpmb_data *rpmb = dev_get_drvdata(dev);
2545
2546 ida_simple_remove(&mmc_rpmb_ida, rpmb->id);
2547 kfree(rpmb);
2548 }
2549
mmc_blk_alloc_rpmb_part(struct mmc_card * card,struct mmc_blk_data * md,unsigned int part_index,sector_t size,const char * subname)2550 static int mmc_blk_alloc_rpmb_part(struct mmc_card *card,
2551 struct mmc_blk_data *md,
2552 unsigned int part_index,
2553 sector_t size,
2554 const char *subname)
2555 {
2556 int devidx, ret;
2557 char rpmb_name[DISK_NAME_LEN];
2558 char cap_str[10];
2559 struct mmc_rpmb_data *rpmb;
2560
2561 /* This creates the minor number for the RPMB char device */
2562 devidx = ida_simple_get(&mmc_rpmb_ida, 0, max_devices, GFP_KERNEL);
2563 if (devidx < 0)
2564 return devidx;
2565
2566 rpmb = kzalloc(sizeof(*rpmb), GFP_KERNEL);
2567 if (!rpmb) {
2568 ida_simple_remove(&mmc_rpmb_ida, devidx);
2569 return -ENOMEM;
2570 }
2571
2572 snprintf(rpmb_name, sizeof(rpmb_name),
2573 "mmcblk%u%s", card->host->index, subname ? subname : "");
2574
2575 rpmb->id = devidx;
2576 rpmb->part_index = part_index;
2577 rpmb->dev.init_name = rpmb_name;
2578 rpmb->dev.bus = &mmc_rpmb_bus_type;
2579 rpmb->dev.devt = MKDEV(MAJOR(mmc_rpmb_devt), rpmb->id);
2580 rpmb->dev.parent = &card->dev;
2581 rpmb->dev.release = mmc_blk_rpmb_device_release;
2582 device_initialize(&rpmb->dev);
2583 dev_set_drvdata(&rpmb->dev, rpmb);
2584 rpmb->md = md;
2585
2586 cdev_init(&rpmb->chrdev, &mmc_rpmb_fileops);
2587 rpmb->chrdev.owner = THIS_MODULE;
2588 ret = cdev_device_add(&rpmb->chrdev, &rpmb->dev);
2589 if (ret) {
2590 pr_err("%s: could not add character device\n", rpmb_name);
2591 goto out_put_device;
2592 }
2593
2594 list_add(&rpmb->node, &md->rpmbs);
2595
2596 string_get_size((u64)size, 512, STRING_UNITS_2,
2597 cap_str, sizeof(cap_str));
2598
2599 pr_info("%s: %s %s partition %u %s, chardev (%d:%d)\n",
2600 rpmb_name, mmc_card_id(card),
2601 mmc_card_name(card), EXT_CSD_PART_CONFIG_ACC_RPMB, cap_str,
2602 MAJOR(mmc_rpmb_devt), rpmb->id);
2603
2604 return 0;
2605
2606 out_put_device:
2607 put_device(&rpmb->dev);
2608 return ret;
2609 }
2610
mmc_blk_remove_rpmb_part(struct mmc_rpmb_data * rpmb)2611 static void mmc_blk_remove_rpmb_part(struct mmc_rpmb_data *rpmb)
2612
2613 {
2614 cdev_device_del(&rpmb->chrdev, &rpmb->dev);
2615 put_device(&rpmb->dev);
2616 }
2617
2618 /* MMC Physical partitions consist of two boot partitions and
2619 * up to four general purpose partitions.
2620 * For each partition enabled in EXT_CSD a block device will be allocatedi
2621 * to provide access to the partition.
2622 */
2623
mmc_blk_alloc_parts(struct mmc_card * card,struct mmc_blk_data * md)2624 static int mmc_blk_alloc_parts(struct mmc_card *card, struct mmc_blk_data *md)
2625 {
2626 int idx, ret;
2627
2628 if (!mmc_card_mmc(card))
2629 return 0;
2630
2631 for (idx = 0; idx < card->nr_parts; idx++) {
2632 if (card->part[idx].area_type & MMC_BLK_DATA_AREA_RPMB) {
2633 /*
2634 * RPMB partitions does not provide block access, they
2635 * are only accessed using ioctl():s. Thus create
2636 * special RPMB block devices that do not have a
2637 * backing block queue for these.
2638 */
2639 ret = mmc_blk_alloc_rpmb_part(card, md,
2640 card->part[idx].part_cfg,
2641 card->part[idx].size >> 9,
2642 card->part[idx].name);
2643 if (ret)
2644 return ret;
2645 } else if (card->part[idx].size) {
2646 ret = mmc_blk_alloc_part(card, md,
2647 card->part[idx].part_cfg,
2648 card->part[idx].size >> 9,
2649 card->part[idx].force_ro,
2650 card->part[idx].name,
2651 card->part[idx].area_type);
2652 if (ret)
2653 return ret;
2654 }
2655 }
2656
2657 return 0;
2658 }
2659
mmc_blk_remove_req(struct mmc_blk_data * md)2660 static void mmc_blk_remove_req(struct mmc_blk_data *md)
2661 {
2662 struct mmc_card *card;
2663
2664 if (md) {
2665 /*
2666 * Flush remaining requests and free queues. It
2667 * is freeing the queue that stops new requests
2668 * from being accepted.
2669 */
2670 card = md->queue.card;
2671 if (md->disk->flags & GENHD_FL_UP) {
2672 device_remove_file(disk_to_dev(md->disk), &md->force_ro);
2673 if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) &&
2674 card->ext_csd.boot_ro_lockable)
2675 device_remove_file(disk_to_dev(md->disk),
2676 &md->power_ro_lock);
2677
2678 del_gendisk(md->disk);
2679 }
2680 mmc_cleanup_queue(&md->queue);
2681 mmc_blk_put(md);
2682 }
2683 }
2684
mmc_blk_remove_parts(struct mmc_card * card,struct mmc_blk_data * md)2685 static void mmc_blk_remove_parts(struct mmc_card *card,
2686 struct mmc_blk_data *md)
2687 {
2688 struct list_head *pos, *q;
2689 struct mmc_blk_data *part_md;
2690 struct mmc_rpmb_data *rpmb;
2691
2692 /* Remove RPMB partitions */
2693 list_for_each_safe(pos, q, &md->rpmbs) {
2694 rpmb = list_entry(pos, struct mmc_rpmb_data, node);
2695 list_del(pos);
2696 mmc_blk_remove_rpmb_part(rpmb);
2697 }
2698 /* Remove block partitions */
2699 list_for_each_safe(pos, q, &md->part) {
2700 part_md = list_entry(pos, struct mmc_blk_data, part);
2701 list_del(pos);
2702 mmc_blk_remove_req(part_md);
2703 }
2704 }
2705
mmc_add_disk(struct mmc_blk_data * md)2706 static int mmc_add_disk(struct mmc_blk_data *md)
2707 {
2708 int ret;
2709 struct mmc_card *card = md->queue.card;
2710
2711 device_add_disk(md->parent, md->disk);
2712 md->force_ro.show = force_ro_show;
2713 md->force_ro.store = force_ro_store;
2714 sysfs_attr_init(&md->force_ro.attr);
2715 md->force_ro.attr.name = "force_ro";
2716 md->force_ro.attr.mode = S_IRUGO | S_IWUSR;
2717 ret = device_create_file(disk_to_dev(md->disk), &md->force_ro);
2718 if (ret)
2719 goto force_ro_fail;
2720
2721 if ((md->area_type & MMC_BLK_DATA_AREA_BOOT) &&
2722 card->ext_csd.boot_ro_lockable) {
2723 umode_t mode;
2724
2725 if (card->ext_csd.boot_ro_lock & EXT_CSD_BOOT_WP_B_PWR_WP_DIS)
2726 mode = S_IRUGO;
2727 else
2728 mode = S_IRUGO | S_IWUSR;
2729
2730 md->power_ro_lock.show = power_ro_lock_show;
2731 md->power_ro_lock.store = power_ro_lock_store;
2732 sysfs_attr_init(&md->power_ro_lock.attr);
2733 md->power_ro_lock.attr.mode = mode;
2734 md->power_ro_lock.attr.name =
2735 "ro_lock_until_next_power_on";
2736 ret = device_create_file(disk_to_dev(md->disk),
2737 &md->power_ro_lock);
2738 if (ret)
2739 goto power_ro_lock_fail;
2740 }
2741 return ret;
2742
2743 power_ro_lock_fail:
2744 device_remove_file(disk_to_dev(md->disk), &md->force_ro);
2745 force_ro_fail:
2746 del_gendisk(md->disk);
2747
2748 return ret;
2749 }
2750
2751 #ifdef CONFIG_DEBUG_FS
2752
mmc_dbg_card_status_get(void * data,u64 * val)2753 static int mmc_dbg_card_status_get(void *data, u64 *val)
2754 {
2755 struct mmc_card *card = data;
2756 struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
2757 struct mmc_queue *mq = &md->queue;
2758 struct request *req;
2759 int ret;
2760
2761 /* Ask the block layer about the card status */
2762 req = blk_get_request(mq->queue, REQ_OP_DRV_IN, 0);
2763 if (IS_ERR(req))
2764 return PTR_ERR(req);
2765 req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_CARD_STATUS;
2766 blk_execute_rq(mq->queue, NULL, req, 0);
2767 ret = req_to_mmc_queue_req(req)->drv_op_result;
2768 if (ret >= 0) {
2769 *val = ret;
2770 ret = 0;
2771 }
2772 blk_put_request(req);
2773
2774 return ret;
2775 }
2776 DEFINE_SIMPLE_ATTRIBUTE(mmc_dbg_card_status_fops, mmc_dbg_card_status_get,
2777 NULL, "%08llx\n");
2778
2779 /* That is two digits * 512 + 1 for newline */
2780 #define EXT_CSD_STR_LEN 1025
2781
mmc_ext_csd_open(struct inode * inode,struct file * filp)2782 static int mmc_ext_csd_open(struct inode *inode, struct file *filp)
2783 {
2784 struct mmc_card *card = inode->i_private;
2785 struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
2786 struct mmc_queue *mq = &md->queue;
2787 struct request *req;
2788 char *buf;
2789 ssize_t n = 0;
2790 u8 *ext_csd;
2791 int err, i;
2792
2793 buf = kmalloc(EXT_CSD_STR_LEN + 1, GFP_KERNEL);
2794 if (!buf)
2795 return -ENOMEM;
2796
2797 /* Ask the block layer for the EXT CSD */
2798 req = blk_get_request(mq->queue, REQ_OP_DRV_IN, 0);
2799 if (IS_ERR(req)) {
2800 err = PTR_ERR(req);
2801 goto out_free;
2802 }
2803 req_to_mmc_queue_req(req)->drv_op = MMC_DRV_OP_GET_EXT_CSD;
2804 req_to_mmc_queue_req(req)->drv_op_data = &ext_csd;
2805 blk_execute_rq(mq->queue, NULL, req, 0);
2806 err = req_to_mmc_queue_req(req)->drv_op_result;
2807 blk_put_request(req);
2808 if (err) {
2809 pr_err("FAILED %d\n", err);
2810 goto out_free;
2811 }
2812
2813 for (i = 0; i < 512; i++)
2814 n += sprintf(buf + n, "%02x", ext_csd[i]);
2815 n += sprintf(buf + n, "\n");
2816
2817 if (n != EXT_CSD_STR_LEN) {
2818 err = -EINVAL;
2819 kfree(ext_csd);
2820 goto out_free;
2821 }
2822
2823 filp->private_data = buf;
2824 kfree(ext_csd);
2825 return 0;
2826
2827 out_free:
2828 kfree(buf);
2829 return err;
2830 }
2831
mmc_ext_csd_read(struct file * filp,char __user * ubuf,size_t cnt,loff_t * ppos)2832 static ssize_t mmc_ext_csd_read(struct file *filp, char __user *ubuf,
2833 size_t cnt, loff_t *ppos)
2834 {
2835 char *buf = filp->private_data;
2836
2837 return simple_read_from_buffer(ubuf, cnt, ppos,
2838 buf, EXT_CSD_STR_LEN);
2839 }
2840
mmc_ext_csd_release(struct inode * inode,struct file * file)2841 static int mmc_ext_csd_release(struct inode *inode, struct file *file)
2842 {
2843 kfree(file->private_data);
2844 return 0;
2845 }
2846
2847 static const struct file_operations mmc_dbg_ext_csd_fops = {
2848 .open = mmc_ext_csd_open,
2849 .read = mmc_ext_csd_read,
2850 .release = mmc_ext_csd_release,
2851 .llseek = default_llseek,
2852 };
2853
mmc_blk_add_debugfs(struct mmc_card * card,struct mmc_blk_data * md)2854 static int mmc_blk_add_debugfs(struct mmc_card *card, struct mmc_blk_data *md)
2855 {
2856 struct dentry *root;
2857
2858 if (!card->debugfs_root)
2859 return 0;
2860
2861 root = card->debugfs_root;
2862
2863 if (mmc_card_mmc(card) || mmc_card_sd(card)) {
2864 md->status_dentry =
2865 debugfs_create_file("status", S_IRUSR, root, card,
2866 &mmc_dbg_card_status_fops);
2867 if (!md->status_dentry)
2868 return -EIO;
2869 }
2870
2871 if (mmc_card_mmc(card)) {
2872 md->ext_csd_dentry =
2873 debugfs_create_file("ext_csd", S_IRUSR, root, card,
2874 &mmc_dbg_ext_csd_fops);
2875 if (!md->ext_csd_dentry)
2876 return -EIO;
2877 }
2878
2879 return 0;
2880 }
2881
mmc_blk_remove_debugfs(struct mmc_card * card,struct mmc_blk_data * md)2882 static void mmc_blk_remove_debugfs(struct mmc_card *card,
2883 struct mmc_blk_data *md)
2884 {
2885 if (!card->debugfs_root)
2886 return;
2887
2888 if (!IS_ERR_OR_NULL(md->status_dentry)) {
2889 debugfs_remove(md->status_dentry);
2890 md->status_dentry = NULL;
2891 }
2892
2893 if (!IS_ERR_OR_NULL(md->ext_csd_dentry)) {
2894 debugfs_remove(md->ext_csd_dentry);
2895 md->ext_csd_dentry = NULL;
2896 }
2897 }
2898
2899 #else
2900
mmc_blk_add_debugfs(struct mmc_card * card,struct mmc_blk_data * md)2901 static int mmc_blk_add_debugfs(struct mmc_card *card, struct mmc_blk_data *md)
2902 {
2903 return 0;
2904 }
2905
mmc_blk_remove_debugfs(struct mmc_card * card,struct mmc_blk_data * md)2906 static void mmc_blk_remove_debugfs(struct mmc_card *card,
2907 struct mmc_blk_data *md)
2908 {
2909 }
2910
2911 #endif /* CONFIG_DEBUG_FS */
2912
mmc_blk_probe(struct mmc_card * card)2913 static int mmc_blk_probe(struct mmc_card *card)
2914 {
2915 struct mmc_blk_data *md, *part_md;
2916 char cap_str[10];
2917
2918 /*
2919 * Check that the card supports the command class(es) we need.
2920 */
2921 if (!(card->csd.cmdclass & CCC_BLOCK_READ))
2922 return -ENODEV;
2923
2924 mmc_fixup_device(card, mmc_blk_fixups);
2925
2926 md = mmc_blk_alloc(card);
2927 if (IS_ERR(md))
2928 return PTR_ERR(md);
2929
2930 string_get_size((u64)get_capacity(md->disk), 512, STRING_UNITS_2,
2931 cap_str, sizeof(cap_str));
2932 pr_info("%s: %s %s %s %s\n",
2933 md->disk->disk_name, mmc_card_id(card), mmc_card_name(card),
2934 cap_str, md->read_only ? "(ro)" : "");
2935
2936 if (mmc_blk_alloc_parts(card, md))
2937 goto out;
2938
2939 dev_set_drvdata(&card->dev, md);
2940
2941 if (mmc_add_disk(md))
2942 goto out;
2943
2944 list_for_each_entry(part_md, &md->part, part) {
2945 if (mmc_add_disk(part_md))
2946 goto out;
2947 }
2948
2949 /* Add two debugfs entries */
2950 mmc_blk_add_debugfs(card, md);
2951
2952 pm_runtime_set_autosuspend_delay(&card->dev, 3000);
2953 pm_runtime_use_autosuspend(&card->dev);
2954
2955 /*
2956 * Don't enable runtime PM for SD-combo cards here. Leave that
2957 * decision to be taken during the SDIO init sequence instead.
2958 */
2959 if (card->type != MMC_TYPE_SD_COMBO) {
2960 pm_runtime_set_active(&card->dev);
2961 pm_runtime_enable(&card->dev);
2962 }
2963
2964 return 0;
2965
2966 out:
2967 mmc_blk_remove_parts(card, md);
2968 mmc_blk_remove_req(md);
2969 return 0;
2970 }
2971
mmc_blk_remove(struct mmc_card * card)2972 static void mmc_blk_remove(struct mmc_card *card)
2973 {
2974 struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
2975
2976 mmc_blk_remove_debugfs(card, md);
2977 mmc_blk_remove_parts(card, md);
2978 pm_runtime_get_sync(&card->dev);
2979 if (md->part_curr != md->part_type) {
2980 mmc_claim_host(card->host);
2981 mmc_blk_part_switch(card, md->part_type);
2982 mmc_release_host(card->host);
2983 }
2984 if (card->type != MMC_TYPE_SD_COMBO)
2985 pm_runtime_disable(&card->dev);
2986 pm_runtime_put_noidle(&card->dev);
2987 mmc_blk_remove_req(md);
2988 dev_set_drvdata(&card->dev, NULL);
2989 }
2990
_mmc_blk_suspend(struct mmc_card * card)2991 static int _mmc_blk_suspend(struct mmc_card *card)
2992 {
2993 struct mmc_blk_data *part_md;
2994 struct mmc_blk_data *md = dev_get_drvdata(&card->dev);
2995
2996 if (md) {
2997 mmc_queue_suspend(&md->queue);
2998 list_for_each_entry(part_md, &md->part, part) {
2999 mmc_queue_suspend(&part_md->queue);
3000 }
3001 }
3002 return 0;
3003 }
3004
mmc_blk_shutdown(struct mmc_card * card)3005 static void mmc_blk_shutdown(struct mmc_card *card)
3006 {
3007 _mmc_blk_suspend(card);
3008 }
3009
3010 #ifdef CONFIG_PM_SLEEP
mmc_blk_suspend(struct device * dev)3011 static int mmc_blk_suspend(struct device *dev)
3012 {
3013 struct mmc_card *card = mmc_dev_to_card(dev);
3014
3015 return _mmc_blk_suspend(card);
3016 }
3017
mmc_blk_resume(struct device * dev)3018 static int mmc_blk_resume(struct device *dev)
3019 {
3020 struct mmc_blk_data *part_md;
3021 struct mmc_blk_data *md = dev_get_drvdata(dev);
3022
3023 if (md) {
3024 /*
3025 * Resume involves the card going into idle state,
3026 * so current partition is always the main one.
3027 */
3028 md->part_curr = md->part_type;
3029 mmc_queue_resume(&md->queue);
3030 list_for_each_entry(part_md, &md->part, part) {
3031 mmc_queue_resume(&part_md->queue);
3032 }
3033 }
3034 return 0;
3035 }
3036 #endif
3037
3038 static SIMPLE_DEV_PM_OPS(mmc_blk_pm_ops, mmc_blk_suspend, mmc_blk_resume);
3039
3040 static struct mmc_driver mmc_driver = {
3041 .drv = {
3042 .name = "mmcblk",
3043 .pm = &mmc_blk_pm_ops,
3044 },
3045 .probe = mmc_blk_probe,
3046 .remove = mmc_blk_remove,
3047 .shutdown = mmc_blk_shutdown,
3048 };
3049
mmc_blk_init(void)3050 static int __init mmc_blk_init(void)
3051 {
3052 int res;
3053
3054 res = bus_register(&mmc_rpmb_bus_type);
3055 if (res < 0) {
3056 pr_err("mmcblk: could not register RPMB bus type\n");
3057 return res;
3058 }
3059 res = alloc_chrdev_region(&mmc_rpmb_devt, 0, MAX_DEVICES, "rpmb");
3060 if (res < 0) {
3061 pr_err("mmcblk: failed to allocate rpmb chrdev region\n");
3062 goto out_bus_unreg;
3063 }
3064
3065 if (perdev_minors != CONFIG_MMC_BLOCK_MINORS)
3066 pr_info("mmcblk: using %d minors per device\n", perdev_minors);
3067
3068 max_devices = min(MAX_DEVICES, (1 << MINORBITS) / perdev_minors);
3069
3070 res = register_blkdev(MMC_BLOCK_MAJOR, "mmc");
3071 if (res)
3072 goto out_chrdev_unreg;
3073
3074 res = mmc_register_driver(&mmc_driver);
3075 if (res)
3076 goto out_blkdev_unreg;
3077
3078 return 0;
3079
3080 out_blkdev_unreg:
3081 unregister_blkdev(MMC_BLOCK_MAJOR, "mmc");
3082 out_chrdev_unreg:
3083 unregister_chrdev_region(mmc_rpmb_devt, MAX_DEVICES);
3084 out_bus_unreg:
3085 bus_unregister(&mmc_rpmb_bus_type);
3086 return res;
3087 }
3088
mmc_blk_exit(void)3089 static void __exit mmc_blk_exit(void)
3090 {
3091 mmc_unregister_driver(&mmc_driver);
3092 unregister_blkdev(MMC_BLOCK_MAJOR, "mmc");
3093 unregister_chrdev_region(mmc_rpmb_devt, MAX_DEVICES);
3094 bus_unregister(&mmc_rpmb_bus_type);
3095 }
3096
3097 module_init(mmc_blk_init);
3098 module_exit(mmc_blk_exit);
3099
3100 MODULE_LICENSE("GPL");
3101 MODULE_DESCRIPTION("Multimedia Card (MMC) block device driver");
3102
3103