1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Driver for SanDisk SDDR-09 SmartMedia reader
4  *
5  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
6  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
7  * Developed with the assistance of:
8  *   (c) 2002 Alan Stern <stern@rowland.org>
9  *
10  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
11  * This chip is a programmable USB controller. In the SDDR-09, it has
12  * been programmed to obey a certain limited set of SCSI commands.
13  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
14  * commands.
15  */
16 
17 /*
18  * Known vendor commands: 12 bytes, first byte is opcode
19  *
20  * E7: read scatter gather
21  * E8: read
22  * E9: write
23  * EA: erase
24  * EB: reset
25  * EC: read status
26  * ED: read ID
27  * EE: write CIS (?)
28  * EF: compute checksum (?)
29  */
30 
31 #include <linux/errno.h>
32 #include <linux/module.h>
33 #include <linux/slab.h>
34 
35 #include <scsi/scsi.h>
36 #include <scsi/scsi_cmnd.h>
37 #include <scsi/scsi_device.h>
38 
39 #include "usb.h"
40 #include "transport.h"
41 #include "protocol.h"
42 #include "debug.h"
43 #include "scsiglue.h"
44 
45 #define DRV_NAME "ums-sddr09"
46 
47 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
48 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
49 MODULE_LICENSE("GPL");
50 MODULE_IMPORT_NS(USB_STORAGE);
51 
52 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
53 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
54 static int usb_stor_sddr09_init(struct us_data *us);
55 
56 
57 /*
58  * The table of devices
59  */
60 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
61 		    vendorName, productName, useProtocol, useTransport, \
62 		    initFunction, flags) \
63 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
64   .driver_info = (flags) }
65 
66 static struct usb_device_id sddr09_usb_ids[] = {
67 #	include "unusual_sddr09.h"
68 	{ }		/* Terminating entry */
69 };
70 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
71 
72 #undef UNUSUAL_DEV
73 
74 /*
75  * The flags table
76  */
77 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
78 		    vendor_name, product_name, use_protocol, use_transport, \
79 		    init_function, Flags) \
80 { \
81 	.vendorName = vendor_name,	\
82 	.productName = product_name,	\
83 	.useProtocol = use_protocol,	\
84 	.useTransport = use_transport,	\
85 	.initFunction = init_function,	\
86 }
87 
88 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
89 #	include "unusual_sddr09.h"
90 	{ }		/* Terminating entry */
91 };
92 
93 #undef UNUSUAL_DEV
94 
95 
96 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
97 #define LSB_of(s) ((s)&0xFF)
98 #define MSB_of(s) ((s)>>8)
99 
100 /*
101  * First some stuff that does not belong here:
102  * data on SmartMedia and other cards, completely
103  * unrelated to this driver.
104  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
105  */
106 
107 struct nand_flash_dev {
108 	int model_id;
109 	int chipshift;		/* 1<<cs bytes total capacity */
110 	char pageshift;		/* 1<<ps bytes in a page */
111 	char blockshift;	/* 1<<bs pages in an erase block */
112 	char zoneshift;		/* 1<<zs blocks in a zone */
113 				/* # of logical blocks is 125/128 of this */
114 	char pageadrlen;	/* length of an address in bytes - 1 */
115 };
116 
117 /*
118  * NAND Flash Manufacturer ID Codes
119  */
120 #define NAND_MFR_AMD		0x01
121 #define NAND_MFR_NATSEMI	0x8f
122 #define NAND_MFR_TOSHIBA	0x98
123 #define NAND_MFR_SAMSUNG	0xec
124 
nand_flash_manufacturer(int manuf_id)125 static inline char *nand_flash_manufacturer(int manuf_id) {
126 	switch(manuf_id) {
127 	case NAND_MFR_AMD:
128 		return "AMD";
129 	case NAND_MFR_NATSEMI:
130 		return "NATSEMI";
131 	case NAND_MFR_TOSHIBA:
132 		return "Toshiba";
133 	case NAND_MFR_SAMSUNG:
134 		return "Samsung";
135 	default:
136 		return "unknown";
137 	}
138 }
139 
140 /*
141  * It looks like it is unnecessary to attach manufacturer to the
142  * remaining data: SSFDC prescribes manufacturer-independent id codes.
143  *
144  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
145  */
146 
147 static struct nand_flash_dev nand_flash_ids[] = {
148 	/* NAND flash */
149 	{ 0x6e, 20, 8, 4, 8, 2},	/* 1 MB */
150 	{ 0xe8, 20, 8, 4, 8, 2},	/* 1 MB */
151 	{ 0xec, 20, 8, 4, 8, 2},	/* 1 MB */
152 	{ 0x64, 21, 8, 4, 9, 2}, 	/* 2 MB */
153 	{ 0xea, 21, 8, 4, 9, 2},	/* 2 MB */
154 	{ 0x6b, 22, 9, 4, 9, 2},	/* 4 MB */
155 	{ 0xe3, 22, 9, 4, 9, 2},	/* 4 MB */
156 	{ 0xe5, 22, 9, 4, 9, 2},	/* 4 MB */
157 	{ 0xe6, 23, 9, 4, 10, 2},	/* 8 MB */
158 	{ 0x73, 24, 9, 5, 10, 2},	/* 16 MB */
159 	{ 0x75, 25, 9, 5, 10, 2},	/* 32 MB */
160 	{ 0x76, 26, 9, 5, 10, 3},	/* 64 MB */
161 	{ 0x79, 27, 9, 5, 10, 3},	/* 128 MB */
162 
163 	/* MASK ROM */
164 	{ 0x5d, 21, 9, 4, 8, 2},	/* 2 MB */
165 	{ 0xd5, 22, 9, 4, 9, 2},	/* 4 MB */
166 	{ 0xd6, 23, 9, 4, 10, 2},	/* 8 MB */
167 	{ 0x57, 24, 9, 4, 11, 2},	/* 16 MB */
168 	{ 0x58, 25, 9, 4, 12, 2},	/* 32 MB */
169 	{ 0,}
170 };
171 
172 static struct nand_flash_dev *
nand_find_id(unsigned char id)173 nand_find_id(unsigned char id) {
174 	int i;
175 
176 	for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
177 		if (nand_flash_ids[i].model_id == id)
178 			return &(nand_flash_ids[i]);
179 	return NULL;
180 }
181 
182 /*
183  * ECC computation.
184  */
185 static unsigned char parity[256];
186 static unsigned char ecc2[256];
187 
nand_init_ecc(void)188 static void nand_init_ecc(void) {
189 	int i, j, a;
190 
191 	parity[0] = 0;
192 	for (i = 1; i < 256; i++)
193 		parity[i] = (parity[i&(i-1)] ^ 1);
194 
195 	for (i = 0; i < 256; i++) {
196 		a = 0;
197 		for (j = 0; j < 8; j++) {
198 			if (i & (1<<j)) {
199 				if ((j & 1) == 0)
200 					a ^= 0x04;
201 				if ((j & 2) == 0)
202 					a ^= 0x10;
203 				if ((j & 4) == 0)
204 					a ^= 0x40;
205 			}
206 		}
207 		ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
208 	}
209 }
210 
211 /* compute 3-byte ecc on 256 bytes */
nand_compute_ecc(unsigned char * data,unsigned char * ecc)212 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
213 	int i, j, a;
214 	unsigned char par = 0, bit, bits[8] = {0};
215 
216 	/* collect 16 checksum bits */
217 	for (i = 0; i < 256; i++) {
218 		par ^= data[i];
219 		bit = parity[data[i]];
220 		for (j = 0; j < 8; j++)
221 			if ((i & (1<<j)) == 0)
222 				bits[j] ^= bit;
223 	}
224 
225 	/* put 4+4+4 = 12 bits in the ecc */
226 	a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
227 	ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
228 
229 	a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
230 	ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
231 
232 	ecc[2] = ecc2[par];
233 }
234 
nand_compare_ecc(unsigned char * data,unsigned char * ecc)235 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
236 	return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
237 }
238 
nand_store_ecc(unsigned char * data,unsigned char * ecc)239 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
240 	memcpy(data, ecc, 3);
241 }
242 
243 /*
244  * The actual driver starts here.
245  */
246 
247 struct sddr09_card_info {
248 	unsigned long	capacity;	/* Size of card in bytes */
249 	int		pagesize;	/* Size of page in bytes */
250 	int		pageshift;	/* log2 of pagesize */
251 	int		blocksize;	/* Size of block in pages */
252 	int		blockshift;	/* log2 of blocksize */
253 	int		blockmask;	/* 2^blockshift - 1 */
254 	int		*lba_to_pba;	/* logical to physical map */
255 	int		*pba_to_lba;	/* physical to logical map */
256 	int		lbact;		/* number of available pages */
257 	int		flags;
258 #define	SDDR09_WP	1		/* write protected */
259 };
260 
261 /*
262  * On my 16MB card, control blocks have size 64 (16 real control bytes,
263  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
264  * so the reader makes up the remaining 48. Don't know whether these numbers
265  * depend on the card. For now a constant.
266  */
267 #define CONTROL_SHIFT 6
268 
269 /*
270  * On my Combo CF/SM reader, the SM reader has LUN 1.
271  * (and things fail with LUN 0).
272  * It seems LUN is irrelevant for others.
273  */
274 #define LUN	1
275 #define	LUNBITS	(LUN << 5)
276 
277 /*
278  * LBA and PBA are unsigned ints. Special values.
279  */
280 #define UNDEF    0xffffffff
281 #define SPARE    0xfffffffe
282 #define UNUSABLE 0xfffffffd
283 
284 static const int erase_bad_lba_entries = 0;
285 
286 /* send vendor interface command (0x41) */
287 /* called for requests 0, 1, 8 */
288 static int
sddr09_send_command(struct us_data * us,unsigned char request,unsigned char direction,unsigned char * xfer_data,unsigned int xfer_len)289 sddr09_send_command(struct us_data *us,
290 		    unsigned char request,
291 		    unsigned char direction,
292 		    unsigned char *xfer_data,
293 		    unsigned int xfer_len) {
294 	unsigned int pipe;
295 	unsigned char requesttype = (0x41 | direction);
296 	int rc;
297 
298 	// Get the receive or send control pipe number
299 
300 	if (direction == USB_DIR_IN)
301 		pipe = us->recv_ctrl_pipe;
302 	else
303 		pipe = us->send_ctrl_pipe;
304 
305 	rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
306 				   0, 0, xfer_data, xfer_len);
307 	switch (rc) {
308 		case USB_STOR_XFER_GOOD:	return 0;
309 		case USB_STOR_XFER_STALLED:	return -EPIPE;
310 		default:			return -EIO;
311 	}
312 }
313 
314 static int
sddr09_send_scsi_command(struct us_data * us,unsigned char * command,unsigned int command_len)315 sddr09_send_scsi_command(struct us_data *us,
316 			 unsigned char *command,
317 			 unsigned int command_len) {
318 	return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
319 }
320 
321 #if 0
322 /*
323  * Test Unit Ready Command: 12 bytes.
324  * byte 0: opcode: 00
325  */
326 static int
327 sddr09_test_unit_ready(struct us_data *us) {
328 	unsigned char *command = us->iobuf;
329 	int result;
330 
331 	memset(command, 0, 6);
332 	command[1] = LUNBITS;
333 
334 	result = sddr09_send_scsi_command(us, command, 6);
335 
336 	usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
337 
338 	return result;
339 }
340 #endif
341 
342 /*
343  * Request Sense Command: 12 bytes.
344  * byte 0: opcode: 03
345  * byte 4: data length
346  */
347 static int
sddr09_request_sense(struct us_data * us,unsigned char * sensebuf,int buflen)348 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
349 	unsigned char *command = us->iobuf;
350 	int result;
351 
352 	memset(command, 0, 12);
353 	command[0] = 0x03;
354 	command[1] = LUNBITS;
355 	command[4] = buflen;
356 
357 	result = sddr09_send_scsi_command(us, command, 12);
358 	if (result)
359 		return result;
360 
361 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
362 			sensebuf, buflen, NULL);
363 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
364 }
365 
366 /*
367  * Read Command: 12 bytes.
368  * byte 0: opcode: E8
369  * byte 1: last two bits: 00: read data, 01: read blockwise control,
370  *			10: read both, 11: read pagewise control.
371  *	 It turns out we need values 20, 21, 22, 23 here (LUN 1).
372  * bytes 2-5: address (interpretation depends on byte 1, see below)
373  * bytes 10-11: count (idem)
374  *
375  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
376  * A read data command gets data in 512-byte pages.
377  * A read control command gets control in 64-byte chunks.
378  * A read both command gets data+control in 576-byte chunks.
379  *
380  * Blocks are groups of 32 pages, and read blockwise control jumps to the
381  * next block, while read pagewise control jumps to the next page after
382  * reading a group of 64 control bytes.
383  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
384  *
385  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
386  */
387 
388 static int
sddr09_readX(struct us_data * us,int x,unsigned long fromaddress,int nr_of_pages,int bulklen,unsigned char * buf,int use_sg)389 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
390 	     int nr_of_pages, int bulklen, unsigned char *buf,
391 	     int use_sg) {
392 
393 	unsigned char *command = us->iobuf;
394 	int result;
395 
396 	command[0] = 0xE8;
397 	command[1] = LUNBITS | x;
398 	command[2] = MSB_of(fromaddress>>16);
399 	command[3] = LSB_of(fromaddress>>16);
400 	command[4] = MSB_of(fromaddress & 0xFFFF);
401 	command[5] = LSB_of(fromaddress & 0xFFFF);
402 	command[6] = 0;
403 	command[7] = 0;
404 	command[8] = 0;
405 	command[9] = 0;
406 	command[10] = MSB_of(nr_of_pages);
407 	command[11] = LSB_of(nr_of_pages);
408 
409 	result = sddr09_send_scsi_command(us, command, 12);
410 
411 	if (result) {
412 		usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
413 			     x, result);
414 		return result;
415 	}
416 
417 	result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
418 				       buf, bulklen, use_sg, NULL);
419 
420 	if (result != USB_STOR_XFER_GOOD) {
421 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
422 			     x, result);
423 		return -EIO;
424 	}
425 	return 0;
426 }
427 
428 /*
429  * Read Data
430  *
431  * fromaddress counts data shorts:
432  * increasing it by 256 shifts the bytestream by 512 bytes;
433  * the last 8 bits are ignored.
434  *
435  * nr_of_pages counts pages of size (1 << pageshift).
436  */
437 static int
sddr09_read20(struct us_data * us,unsigned long fromaddress,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)438 sddr09_read20(struct us_data *us, unsigned long fromaddress,
439 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
440 	int bulklen = nr_of_pages << pageshift;
441 
442 	/* The last 8 bits of fromaddress are ignored. */
443 	return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
444 			    buf, use_sg);
445 }
446 
447 /*
448  * Read Blockwise Control
449  *
450  * fromaddress gives the starting position (as in read data;
451  * the last 8 bits are ignored); increasing it by 32*256 shifts
452  * the output stream by 64 bytes.
453  *
454  * count counts control groups of size (1 << controlshift).
455  * For me, controlshift = 6. Is this constant?
456  *
457  * After getting one control group, jump to the next block
458  * (fromaddress += 8192).
459  */
460 static int
sddr09_read21(struct us_data * us,unsigned long fromaddress,int count,int controlshift,unsigned char * buf,int use_sg)461 sddr09_read21(struct us_data *us, unsigned long fromaddress,
462 	      int count, int controlshift, unsigned char *buf, int use_sg) {
463 
464 	int bulklen = (count << controlshift);
465 	return sddr09_readX(us, 1, fromaddress, count, bulklen,
466 			    buf, use_sg);
467 }
468 
469 /*
470  * Read both Data and Control
471  *
472  * fromaddress counts data shorts, ignoring control:
473  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
474  * the last 8 bits are ignored.
475  *
476  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
477  */
478 static int
sddr09_read22(struct us_data * us,unsigned long fromaddress,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)479 sddr09_read22(struct us_data *us, unsigned long fromaddress,
480 	      int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
481 
482 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
483 	usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
484 	return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
485 			    buf, use_sg);
486 }
487 
488 #if 0
489 /*
490  * Read Pagewise Control
491  *
492  * fromaddress gives the starting position (as in read data;
493  * the last 8 bits are ignored); increasing it by 256 shifts
494  * the output stream by 64 bytes.
495  *
496  * count counts control groups of size (1 << controlshift).
497  * For me, controlshift = 6. Is this constant?
498  *
499  * After getting one control group, jump to the next page
500  * (fromaddress += 256).
501  */
502 static int
503 sddr09_read23(struct us_data *us, unsigned long fromaddress,
504 	      int count, int controlshift, unsigned char *buf, int use_sg) {
505 
506 	int bulklen = (count << controlshift);
507 	return sddr09_readX(us, 3, fromaddress, count, bulklen,
508 			    buf, use_sg);
509 }
510 #endif
511 
512 /*
513  * Erase Command: 12 bytes.
514  * byte 0: opcode: EA
515  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
516  *
517  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
518  * The byte address being erased is 2*Eaddress.
519  * The CIS cannot be erased.
520  */
521 static int
sddr09_erase(struct us_data * us,unsigned long Eaddress)522 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
523 	unsigned char *command = us->iobuf;
524 	int result;
525 
526 	usb_stor_dbg(us, "erase address %lu\n", Eaddress);
527 
528 	memset(command, 0, 12);
529 	command[0] = 0xEA;
530 	command[1] = LUNBITS;
531 	command[6] = MSB_of(Eaddress>>16);
532 	command[7] = LSB_of(Eaddress>>16);
533 	command[8] = MSB_of(Eaddress & 0xFFFF);
534 	command[9] = LSB_of(Eaddress & 0xFFFF);
535 
536 	result = sddr09_send_scsi_command(us, command, 12);
537 
538 	if (result)
539 		usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
540 			     result);
541 
542 	return result;
543 }
544 
545 /*
546  * Write CIS Command: 12 bytes.
547  * byte 0: opcode: EE
548  * bytes 2-5: write address in shorts
549  * bytes 10-11: sector count
550  *
551  * This writes at the indicated address. Don't know how it differs
552  * from E9. Maybe it does not erase? However, it will also write to
553  * the CIS.
554  *
555  * When two such commands on the same page follow each other directly,
556  * the second one is not done.
557  */
558 
559 /*
560  * Write Command: 12 bytes.
561  * byte 0: opcode: E9
562  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
563  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
564  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
565  *
566  * If write address equals erase address, the erase is done first,
567  * otherwise the write is done first. When erase address equals zero
568  * no erase is done?
569  */
570 static int
sddr09_writeX(struct us_data * us,unsigned long Waddress,unsigned long Eaddress,int nr_of_pages,int bulklen,unsigned char * buf,int use_sg)571 sddr09_writeX(struct us_data *us,
572 	      unsigned long Waddress, unsigned long Eaddress,
573 	      int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
574 
575 	unsigned char *command = us->iobuf;
576 	int result;
577 
578 	command[0] = 0xE9;
579 	command[1] = LUNBITS;
580 
581 	command[2] = MSB_of(Waddress>>16);
582 	command[3] = LSB_of(Waddress>>16);
583 	command[4] = MSB_of(Waddress & 0xFFFF);
584 	command[5] = LSB_of(Waddress & 0xFFFF);
585 
586 	command[6] = MSB_of(Eaddress>>16);
587 	command[7] = LSB_of(Eaddress>>16);
588 	command[8] = MSB_of(Eaddress & 0xFFFF);
589 	command[9] = LSB_of(Eaddress & 0xFFFF);
590 
591 	command[10] = MSB_of(nr_of_pages);
592 	command[11] = LSB_of(nr_of_pages);
593 
594 	result = sddr09_send_scsi_command(us, command, 12);
595 
596 	if (result) {
597 		usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
598 			     result);
599 		return result;
600 	}
601 
602 	result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
603 				       buf, bulklen, use_sg, NULL);
604 
605 	if (result != USB_STOR_XFER_GOOD) {
606 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
607 			     result);
608 		return -EIO;
609 	}
610 	return 0;
611 }
612 
613 /* erase address, write same address */
614 static int
sddr09_write_inplace(struct us_data * us,unsigned long address,int nr_of_pages,int pageshift,unsigned char * buf,int use_sg)615 sddr09_write_inplace(struct us_data *us, unsigned long address,
616 		     int nr_of_pages, int pageshift, unsigned char *buf,
617 		     int use_sg) {
618 	int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
619 	return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
620 			     buf, use_sg);
621 }
622 
623 #if 0
624 /*
625  * Read Scatter Gather Command: 3+4n bytes.
626  * byte 0: opcode E7
627  * byte 2: n
628  * bytes 4i-1,4i,4i+1: page address
629  * byte 4i+2: page count
630  * (i=1..n)
631  *
632  * This reads several pages from the card to a single memory buffer.
633  * The last two bits of byte 1 have the same meaning as for E8.
634  */
635 static int
636 sddr09_read_sg_test_only(struct us_data *us) {
637 	unsigned char *command = us->iobuf;
638 	int result, bulklen, nsg, ct;
639 	unsigned char *buf;
640 	unsigned long address;
641 
642 	nsg = bulklen = 0;
643 	command[0] = 0xE7;
644 	command[1] = LUNBITS;
645 	command[2] = 0;
646 	address = 040000; ct = 1;
647 	nsg++;
648 	bulklen += (ct << 9);
649 	command[4*nsg+2] = ct;
650 	command[4*nsg+1] = ((address >> 9) & 0xFF);
651 	command[4*nsg+0] = ((address >> 17) & 0xFF);
652 	command[4*nsg-1] = ((address >> 25) & 0xFF);
653 
654 	address = 0340000; ct = 1;
655 	nsg++;
656 	bulklen += (ct << 9);
657 	command[4*nsg+2] = ct;
658 	command[4*nsg+1] = ((address >> 9) & 0xFF);
659 	command[4*nsg+0] = ((address >> 17) & 0xFF);
660 	command[4*nsg-1] = ((address >> 25) & 0xFF);
661 
662 	address = 01000000; ct = 2;
663 	nsg++;
664 	bulklen += (ct << 9);
665 	command[4*nsg+2] = ct;
666 	command[4*nsg+1] = ((address >> 9) & 0xFF);
667 	command[4*nsg+0] = ((address >> 17) & 0xFF);
668 	command[4*nsg-1] = ((address >> 25) & 0xFF);
669 
670 	command[2] = nsg;
671 
672 	result = sddr09_send_scsi_command(us, command, 4*nsg+3);
673 
674 	if (result) {
675 		usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
676 			     result);
677 		return result;
678 	}
679 
680 	buf = kmalloc(bulklen, GFP_NOIO);
681 	if (!buf)
682 		return -ENOMEM;
683 
684 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
685 				       buf, bulklen, NULL);
686 	kfree(buf);
687 	if (result != USB_STOR_XFER_GOOD) {
688 		usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
689 			     result);
690 		return -EIO;
691 	}
692 
693 	return 0;
694 }
695 #endif
696 
697 /*
698  * Read Status Command: 12 bytes.
699  * byte 0: opcode: EC
700  *
701  * Returns 64 bytes, all zero except for the first.
702  * bit 0: 1: Error
703  * bit 5: 1: Suspended
704  * bit 6: 1: Ready
705  * bit 7: 1: Not write-protected
706  */
707 
708 static int
sddr09_read_status(struct us_data * us,unsigned char * status)709 sddr09_read_status(struct us_data *us, unsigned char *status) {
710 
711 	unsigned char *command = us->iobuf;
712 	unsigned char *data = us->iobuf;
713 	int result;
714 
715 	usb_stor_dbg(us, "Reading status...\n");
716 
717 	memset(command, 0, 12);
718 	command[0] = 0xEC;
719 	command[1] = LUNBITS;
720 
721 	result = sddr09_send_scsi_command(us, command, 12);
722 	if (result)
723 		return result;
724 
725 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
726 				       data, 64, NULL);
727 	*status = data[0];
728 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
729 }
730 
731 static int
sddr09_read_data(struct us_data * us,unsigned long address,unsigned int sectors)732 sddr09_read_data(struct us_data *us,
733 		 unsigned long address,
734 		 unsigned int sectors) {
735 
736 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
737 	unsigned char *buffer;
738 	unsigned int lba, maxlba, pba;
739 	unsigned int page, pages;
740 	unsigned int len, offset;
741 	struct scatterlist *sg;
742 	int result;
743 
744 	// Figure out the initial LBA and page
745 	lba = address >> info->blockshift;
746 	page = (address & info->blockmask);
747 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
748 	if (lba >= maxlba)
749 		return -EIO;
750 
751 	// Since we only read in one block at a time, we have to create
752 	// a bounce buffer and move the data a piece at a time between the
753 	// bounce buffer and the actual transfer buffer.
754 
755 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
756 	buffer = kmalloc(len, GFP_NOIO);
757 	if (!buffer)
758 		return -ENOMEM;
759 
760 	// This could be made much more efficient by checking for
761 	// contiguous LBA's. Another exercise left to the student.
762 
763 	result = 0;
764 	offset = 0;
765 	sg = NULL;
766 
767 	while (sectors > 0) {
768 
769 		/* Find number of pages we can read in this block */
770 		pages = min(sectors, info->blocksize - page);
771 		len = pages << info->pageshift;
772 
773 		/* Not overflowing capacity? */
774 		if (lba >= maxlba) {
775 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
776 				     lba, maxlba);
777 			result = -EIO;
778 			break;
779 		}
780 
781 		/* Find where this lba lives on disk */
782 		pba = info->lba_to_pba[lba];
783 
784 		if (pba == UNDEF) {	/* this lba was never written */
785 
786 			usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
787 				     pages, lba, page);
788 
789 			/*
790 			 * This is not really an error. It just means
791 			 * that the block has never been written.
792 			 * Instead of returning an error
793 			 * it is better to return all zero data.
794 			 */
795 
796 			memset(buffer, 0, len);
797 
798 		} else {
799 			usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
800 				     pages, pba, lba, page);
801 
802 			address = ((pba << info->blockshift) + page) <<
803 				info->pageshift;
804 
805 			result = sddr09_read20(us, address>>1,
806 					pages, info->pageshift, buffer, 0);
807 			if (result)
808 				break;
809 		}
810 
811 		// Store the data in the transfer buffer
812 		usb_stor_access_xfer_buf(buffer, len, us->srb,
813 				&sg, &offset, TO_XFER_BUF);
814 
815 		page = 0;
816 		lba++;
817 		sectors -= pages;
818 	}
819 
820 	kfree(buffer);
821 	return result;
822 }
823 
824 static unsigned int
sddr09_find_unused_pba(struct sddr09_card_info * info,unsigned int lba)825 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
826 	static unsigned int lastpba = 1;
827 	int zonestart, end, i;
828 
829 	zonestart = (lba/1000) << 10;
830 	end = info->capacity >> (info->blockshift + info->pageshift);
831 	end -= zonestart;
832 	if (end > 1024)
833 		end = 1024;
834 
835 	for (i = lastpba+1; i < end; i++) {
836 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
837 			lastpba = i;
838 			return zonestart+i;
839 		}
840 	}
841 	for (i = 0; i <= lastpba; i++) {
842 		if (info->pba_to_lba[zonestart+i] == UNDEF) {
843 			lastpba = i;
844 			return zonestart+i;
845 		}
846 	}
847 	return 0;
848 }
849 
850 static int
sddr09_write_lba(struct us_data * us,unsigned int lba,unsigned int page,unsigned int pages,unsigned char * ptr,unsigned char * blockbuffer)851 sddr09_write_lba(struct us_data *us, unsigned int lba,
852 		 unsigned int page, unsigned int pages,
853 		 unsigned char *ptr, unsigned char *blockbuffer) {
854 
855 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
856 	unsigned long address;
857 	unsigned int pba, lbap;
858 	unsigned int pagelen;
859 	unsigned char *bptr, *cptr, *xptr;
860 	unsigned char ecc[3];
861 	int i, result;
862 
863 	lbap = ((lba % 1000) << 1) | 0x1000;
864 	if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
865 		lbap ^= 1;
866 	pba = info->lba_to_pba[lba];
867 
868 	if (pba == UNDEF) {
869 		pba = sddr09_find_unused_pba(info, lba);
870 		if (!pba) {
871 			printk(KERN_WARNING
872 			       "sddr09_write_lba: Out of unused blocks\n");
873 			return -ENOSPC;
874 		}
875 		info->pba_to_lba[pba] = lba;
876 		info->lba_to_pba[lba] = pba;
877 	}
878 
879 	if (pba == 1) {
880 		/*
881 		 * Maybe it is impossible to write to PBA 1.
882 		 * Fake success, but don't do anything.
883 		 */
884 		printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
885 		return 0;
886 	}
887 
888 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
889 
890 	/* read old contents */
891 	address = (pba << (info->pageshift + info->blockshift));
892 	result = sddr09_read22(us, address>>1, info->blocksize,
893 			       info->pageshift, blockbuffer, 0);
894 	if (result)
895 		return result;
896 
897 	/* check old contents and fill lba */
898 	for (i = 0; i < info->blocksize; i++) {
899 		bptr = blockbuffer + i*pagelen;
900 		cptr = bptr + info->pagesize;
901 		nand_compute_ecc(bptr, ecc);
902 		if (!nand_compare_ecc(cptr+13, ecc)) {
903 			usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
904 				     i, pba);
905 			nand_store_ecc(cptr+13, ecc);
906 		}
907 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
908 		if (!nand_compare_ecc(cptr+8, ecc)) {
909 			usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
910 				     i, pba);
911 			nand_store_ecc(cptr+8, ecc);
912 		}
913 		cptr[6] = cptr[11] = MSB_of(lbap);
914 		cptr[7] = cptr[12] = LSB_of(lbap);
915 	}
916 
917 	/* copy in new stuff and compute ECC */
918 	xptr = ptr;
919 	for (i = page; i < page+pages; i++) {
920 		bptr = blockbuffer + i*pagelen;
921 		cptr = bptr + info->pagesize;
922 		memcpy(bptr, xptr, info->pagesize);
923 		xptr += info->pagesize;
924 		nand_compute_ecc(bptr, ecc);
925 		nand_store_ecc(cptr+13, ecc);
926 		nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
927 		nand_store_ecc(cptr+8, ecc);
928 	}
929 
930 	usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
931 
932 	result = sddr09_write_inplace(us, address>>1, info->blocksize,
933 				      info->pageshift, blockbuffer, 0);
934 
935 	usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
936 
937 #if 0
938 	{
939 		unsigned char status = 0;
940 		int result2 = sddr09_read_status(us, &status);
941 		if (result2)
942 			usb_stor_dbg(us, "cannot read status\n");
943 		else if (status != 0xc0)
944 			usb_stor_dbg(us, "status after write: 0x%x\n", status);
945 	}
946 #endif
947 
948 #if 0
949 	{
950 		int result2 = sddr09_test_unit_ready(us);
951 	}
952 #endif
953 
954 	return result;
955 }
956 
957 static int
sddr09_write_data(struct us_data * us,unsigned long address,unsigned int sectors)958 sddr09_write_data(struct us_data *us,
959 		  unsigned long address,
960 		  unsigned int sectors) {
961 
962 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
963 	unsigned int lba, maxlba, page, pages;
964 	unsigned int pagelen, blocklen;
965 	unsigned char *blockbuffer;
966 	unsigned char *buffer;
967 	unsigned int len, offset;
968 	struct scatterlist *sg;
969 	int result;
970 
971 	/* Figure out the initial LBA and page */
972 	lba = address >> info->blockshift;
973 	page = (address & info->blockmask);
974 	maxlba = info->capacity >> (info->pageshift + info->blockshift);
975 	if (lba >= maxlba)
976 		return -EIO;
977 
978 	/*
979 	 * blockbuffer is used for reading in the old data, overwriting
980 	 * with the new data, and performing ECC calculations
981 	 */
982 
983 	/*
984 	 * TODO: instead of doing kmalloc/kfree for each write,
985 	 * add a bufferpointer to the info structure
986 	 */
987 
988 	pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
989 	blocklen = (pagelen << info->blockshift);
990 	blockbuffer = kmalloc(blocklen, GFP_NOIO);
991 	if (!blockbuffer)
992 		return -ENOMEM;
993 
994 	/*
995 	 * Since we don't write the user data directly to the device,
996 	 * we have to create a bounce buffer and move the data a piece
997 	 * at a time between the bounce buffer and the actual transfer buffer.
998 	 */
999 
1000 	len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1001 	buffer = kmalloc(len, GFP_NOIO);
1002 	if (!buffer) {
1003 		kfree(blockbuffer);
1004 		return -ENOMEM;
1005 	}
1006 
1007 	result = 0;
1008 	offset = 0;
1009 	sg = NULL;
1010 
1011 	while (sectors > 0) {
1012 
1013 		/* Write as many sectors as possible in this block */
1014 
1015 		pages = min(sectors, info->blocksize - page);
1016 		len = (pages << info->pageshift);
1017 
1018 		/* Not overflowing capacity? */
1019 		if (lba >= maxlba) {
1020 			usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1021 				     lba, maxlba);
1022 			result = -EIO;
1023 			break;
1024 		}
1025 
1026 		/* Get the data from the transfer buffer */
1027 		usb_stor_access_xfer_buf(buffer, len, us->srb,
1028 				&sg, &offset, FROM_XFER_BUF);
1029 
1030 		result = sddr09_write_lba(us, lba, page, pages,
1031 				buffer, blockbuffer);
1032 		if (result)
1033 			break;
1034 
1035 		page = 0;
1036 		lba++;
1037 		sectors -= pages;
1038 	}
1039 
1040 	kfree(buffer);
1041 	kfree(blockbuffer);
1042 
1043 	return result;
1044 }
1045 
1046 static int
sddr09_read_control(struct us_data * us,unsigned long address,unsigned int blocks,unsigned char * content,int use_sg)1047 sddr09_read_control(struct us_data *us,
1048 		unsigned long address,
1049 		unsigned int blocks,
1050 		unsigned char *content,
1051 		int use_sg) {
1052 
1053 	usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1054 		     address, blocks);
1055 
1056 	return sddr09_read21(us, address, blocks,
1057 			     CONTROL_SHIFT, content, use_sg);
1058 }
1059 
1060 /*
1061  * Read Device ID Command: 12 bytes.
1062  * byte 0: opcode: ED
1063  *
1064  * Returns 2 bytes: Manufacturer ID and Device ID.
1065  * On more recent cards 3 bytes: the third byte is an option code A5
1066  * signifying that the secret command to read an 128-bit ID is available.
1067  * On still more recent cards 4 bytes: the fourth byte C0 means that
1068  * a second read ID cmd is available.
1069  */
1070 static int
sddr09_read_deviceID(struct us_data * us,unsigned char * deviceID)1071 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1072 	unsigned char *command = us->iobuf;
1073 	unsigned char *content = us->iobuf;
1074 	int result, i;
1075 
1076 	memset(command, 0, 12);
1077 	command[0] = 0xED;
1078 	command[1] = LUNBITS;
1079 
1080 	result = sddr09_send_scsi_command(us, command, 12);
1081 	if (result)
1082 		return result;
1083 
1084 	result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1085 			content, 64, NULL);
1086 
1087 	for (i = 0; i < 4; i++)
1088 		deviceID[i] = content[i];
1089 
1090 	return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1091 }
1092 
1093 static int
sddr09_get_wp(struct us_data * us,struct sddr09_card_info * info)1094 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1095 	int result;
1096 	unsigned char status;
1097 	const char *wp_fmt;
1098 
1099 	result = sddr09_read_status(us, &status);
1100 	if (result) {
1101 		usb_stor_dbg(us, "read_status fails\n");
1102 		return result;
1103 	}
1104 	if ((status & 0x80) == 0) {
1105 		info->flags |= SDDR09_WP;	/* write protected */
1106 		wp_fmt = " WP";
1107 	} else {
1108 		wp_fmt = "";
1109 	}
1110 	usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1111 		     status & 0x40 ? " Ready" : "",
1112 		     status & LUNBITS ? " Suspended" : "",
1113 		     status & 0x01 ? " Error" : "");
1114 
1115 	return 0;
1116 }
1117 
1118 #if 0
1119 /*
1120  * Reset Command: 12 bytes.
1121  * byte 0: opcode: EB
1122  */
1123 static int
1124 sddr09_reset(struct us_data *us) {
1125 
1126 	unsigned char *command = us->iobuf;
1127 
1128 	memset(command, 0, 12);
1129 	command[0] = 0xEB;
1130 	command[1] = LUNBITS;
1131 
1132 	return sddr09_send_scsi_command(us, command, 12);
1133 }
1134 #endif
1135 
1136 static struct nand_flash_dev *
sddr09_get_cardinfo(struct us_data * us,unsigned char flags)1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1138 	struct nand_flash_dev *cardinfo;
1139 	unsigned char deviceID[4];
1140 	char blurbtxt[256];
1141 	int result;
1142 
1143 	usb_stor_dbg(us, "Reading capacity...\n");
1144 
1145 	result = sddr09_read_deviceID(us, deviceID);
1146 
1147 	if (result) {
1148 		usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1149 		printk(KERN_WARNING "sddr09: could not read card info\n");
1150 		return NULL;
1151 	}
1152 
1153 	sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1154 
1155 	/* Byte 0 is the manufacturer */
1156 	sprintf(blurbtxt + strlen(blurbtxt),
1157 		": Manuf. %s",
1158 		nand_flash_manufacturer(deviceID[0]));
1159 
1160 	/* Byte 1 is the device type */
1161 	cardinfo = nand_find_id(deviceID[1]);
1162 	if (cardinfo) {
1163 		/*
1164 		 * MB or MiB? It is neither. A 16 MB card has
1165 		 * 17301504 raw bytes, of which 16384000 are
1166 		 * usable for user data.
1167 		 */
1168 		sprintf(blurbtxt + strlen(blurbtxt),
1169 			", %d MB", 1<<(cardinfo->chipshift - 20));
1170 	} else {
1171 		sprintf(blurbtxt + strlen(blurbtxt),
1172 			", type unrecognized");
1173 	}
1174 
1175 	/* Byte 2 is code to signal availability of 128-bit ID */
1176 	if (deviceID[2] == 0xa5) {
1177 		sprintf(blurbtxt + strlen(blurbtxt),
1178 			", 128-bit ID");
1179 	}
1180 
1181 	/* Byte 3 announces the availability of another read ID command */
1182 	if (deviceID[3] == 0xc0) {
1183 		sprintf(blurbtxt + strlen(blurbtxt),
1184 			", extra cmd");
1185 	}
1186 
1187 	if (flags & SDDR09_WP)
1188 		sprintf(blurbtxt + strlen(blurbtxt),
1189 			", WP");
1190 
1191 	printk(KERN_WARNING "%s\n", blurbtxt);
1192 
1193 	return cardinfo;
1194 }
1195 
1196 static int
sddr09_read_map(struct us_data * us)1197 sddr09_read_map(struct us_data *us) {
1198 
1199 	struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1200 	int numblocks, alloc_len, alloc_blocks;
1201 	int i, j, result;
1202 	unsigned char *buffer, *buffer_end, *ptr;
1203 	unsigned int lba, lbact;
1204 
1205 	if (!info->capacity)
1206 		return -1;
1207 
1208 	/*
1209 	 * size of a block is 1 << (blockshift + pageshift) bytes
1210 	 * divide into the total capacity to get the number of blocks
1211 	 */
1212 
1213 	numblocks = info->capacity >> (info->blockshift + info->pageshift);
1214 
1215 	/*
1216 	 * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1217 	 * but only use a 64 KB buffer
1218 	 * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1219 	 */
1220 #define SDDR09_READ_MAP_BUFSZ 65536
1221 
1222 	alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1223 	alloc_len = (alloc_blocks << CONTROL_SHIFT);
1224 	buffer = kmalloc(alloc_len, GFP_NOIO);
1225 	if (!buffer) {
1226 		result = -1;
1227 		goto done;
1228 	}
1229 	buffer_end = buffer + alloc_len;
1230 
1231 #undef SDDR09_READ_MAP_BUFSZ
1232 
1233 	kfree(info->lba_to_pba);
1234 	kfree(info->pba_to_lba);
1235 	info->lba_to_pba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1236 	info->pba_to_lba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1237 
1238 	if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1239 		printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1240 		result = -1;
1241 		goto done;
1242 	}
1243 
1244 	for (i = 0; i < numblocks; i++)
1245 		info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1246 
1247 	/*
1248 	 * Define lba-pba translation table
1249 	 */
1250 
1251 	ptr = buffer_end;
1252 	for (i = 0; i < numblocks; i++) {
1253 		ptr += (1 << CONTROL_SHIFT);
1254 		if (ptr >= buffer_end) {
1255 			unsigned long address;
1256 
1257 			address = i << (info->pageshift + info->blockshift);
1258 			result = sddr09_read_control(
1259 				us, address>>1,
1260 				min(alloc_blocks, numblocks - i),
1261 				buffer, 0);
1262 			if (result) {
1263 				result = -1;
1264 				goto done;
1265 			}
1266 			ptr = buffer;
1267 		}
1268 
1269 		if (i == 0 || i == 1) {
1270 			info->pba_to_lba[i] = UNUSABLE;
1271 			continue;
1272 		}
1273 
1274 		/* special PBAs have control field 0^16 */
1275 		for (j = 0; j < 16; j++)
1276 			if (ptr[j] != 0)
1277 				goto nonz;
1278 		info->pba_to_lba[i] = UNUSABLE;
1279 		printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1280 		       i);
1281 		continue;
1282 
1283 	nonz:
1284 		/* unwritten PBAs have control field FF^16 */
1285 		for (j = 0; j < 16; j++)
1286 			if (ptr[j] != 0xff)
1287 				goto nonff;
1288 		continue;
1289 
1290 	nonff:
1291 		/* normal PBAs start with six FFs */
1292 		if (j < 6) {
1293 			printk(KERN_WARNING
1294 			       "sddr09: PBA %d has no logical mapping: "
1295 			       "reserved area = %02X%02X%02X%02X "
1296 			       "data status %02X block status %02X\n",
1297 			       i, ptr[0], ptr[1], ptr[2], ptr[3],
1298 			       ptr[4], ptr[5]);
1299 			info->pba_to_lba[i] = UNUSABLE;
1300 			continue;
1301 		}
1302 
1303 		if ((ptr[6] >> 4) != 0x01) {
1304 			printk(KERN_WARNING
1305 			       "sddr09: PBA %d has invalid address field "
1306 			       "%02X%02X/%02X%02X\n",
1307 			       i, ptr[6], ptr[7], ptr[11], ptr[12]);
1308 			info->pba_to_lba[i] = UNUSABLE;
1309 			continue;
1310 		}
1311 
1312 		/* check even parity */
1313 		if (parity[ptr[6] ^ ptr[7]]) {
1314 			printk(KERN_WARNING
1315 			       "sddr09: Bad parity in LBA for block %d"
1316 			       " (%02X %02X)\n", i, ptr[6], ptr[7]);
1317 			info->pba_to_lba[i] = UNUSABLE;
1318 			continue;
1319 		}
1320 
1321 		lba = short_pack(ptr[7], ptr[6]);
1322 		lba = (lba & 0x07FF) >> 1;
1323 
1324 		/*
1325 		 * Every 1024 physical blocks ("zone"), the LBA numbers
1326 		 * go back to zero, but are within a higher block of LBA's.
1327 		 * Also, there is a maximum of 1000 LBA's per zone.
1328 		 * In other words, in PBA 1024-2047 you will find LBA 0-999
1329 		 * which are really LBA 1000-1999. This allows for 24 bad
1330 		 * or special physical blocks per zone.
1331 		 */
1332 
1333 		if (lba >= 1000) {
1334 			printk(KERN_WARNING
1335 			       "sddr09: Bad low LBA %d for block %d\n",
1336 			       lba, i);
1337 			goto possibly_erase;
1338 		}
1339 
1340 		lba += 1000*(i/0x400);
1341 
1342 		if (info->lba_to_pba[lba] != UNDEF) {
1343 			printk(KERN_WARNING
1344 			       "sddr09: LBA %d seen for PBA %d and %d\n",
1345 			       lba, info->lba_to_pba[lba], i);
1346 			goto possibly_erase;
1347 		}
1348 
1349 		info->pba_to_lba[i] = lba;
1350 		info->lba_to_pba[lba] = i;
1351 		continue;
1352 
1353 	possibly_erase:
1354 		if (erase_bad_lba_entries) {
1355 			unsigned long address;
1356 
1357 			address = (i << (info->pageshift + info->blockshift));
1358 			sddr09_erase(us, address>>1);
1359 			info->pba_to_lba[i] = UNDEF;
1360 		} else
1361 			info->pba_to_lba[i] = UNUSABLE;
1362 	}
1363 
1364 	/*
1365 	 * Approximate capacity. This is not entirely correct yet,
1366 	 * since a zone with less than 1000 usable pages leads to
1367 	 * missing LBAs. Especially if it is the last zone, some
1368 	 * LBAs can be past capacity.
1369 	 */
1370 	lbact = 0;
1371 	for (i = 0; i < numblocks; i += 1024) {
1372 		int ct = 0;
1373 
1374 		for (j = 0; j < 1024 && i+j < numblocks; j++) {
1375 			if (info->pba_to_lba[i+j] != UNUSABLE) {
1376 				if (ct >= 1000)
1377 					info->pba_to_lba[i+j] = SPARE;
1378 				else
1379 					ct++;
1380 			}
1381 		}
1382 		lbact += ct;
1383 	}
1384 	info->lbact = lbact;
1385 	usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1386 	result = 0;
1387 
1388  done:
1389 	if (result != 0) {
1390 		kfree(info->lba_to_pba);
1391 		kfree(info->pba_to_lba);
1392 		info->lba_to_pba = NULL;
1393 		info->pba_to_lba = NULL;
1394 	}
1395 	kfree(buffer);
1396 	return result;
1397 }
1398 
1399 static void
sddr09_card_info_destructor(void * extra)1400 sddr09_card_info_destructor(void *extra) {
1401 	struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1402 
1403 	if (!info)
1404 		return;
1405 
1406 	kfree(info->lba_to_pba);
1407 	kfree(info->pba_to_lba);
1408 }
1409 
1410 static int
sddr09_common_init(struct us_data * us)1411 sddr09_common_init(struct us_data *us) {
1412 	int result;
1413 
1414 	/* set the configuration -- STALL is an acceptable response here */
1415 	if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1416 		usb_stor_dbg(us, "active config #%d != 1 ??\n",
1417 			     us->pusb_dev->actconfig->desc.bConfigurationValue);
1418 		return -EINVAL;
1419 	}
1420 
1421 	result = usb_reset_configuration(us->pusb_dev);
1422 	usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1423 	if (result == -EPIPE) {
1424 		usb_stor_dbg(us, "-- stall on control interface\n");
1425 	} else if (result != 0) {
1426 		/* it's not a stall, but another error -- time to bail */
1427 		usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1428 		return -EINVAL;
1429 	}
1430 
1431 	us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1432 	if (!us->extra)
1433 		return -ENOMEM;
1434 	us->extra_destructor = sddr09_card_info_destructor;
1435 
1436 	nand_init_ecc();
1437 	return 0;
1438 }
1439 
1440 
1441 /*
1442  * This is needed at a very early stage. If this is not listed in the
1443  * unusual devices list but called from here then LUN 0 of the combo reader
1444  * is not recognized. But I do not know what precisely these calls do.
1445  */
1446 static int
usb_stor_sddr09_dpcm_init(struct us_data * us)1447 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1448 	int result;
1449 	unsigned char *data = us->iobuf;
1450 
1451 	result = sddr09_common_init(us);
1452 	if (result)
1453 		return result;
1454 
1455 	result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1456 	if (result) {
1457 		usb_stor_dbg(us, "send_command fails\n");
1458 		return result;
1459 	}
1460 
1461 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1462 	// get 07 02
1463 
1464 	result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1465 	if (result) {
1466 		usb_stor_dbg(us, "2nd send_command fails\n");
1467 		return result;
1468 	}
1469 
1470 	usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1471 	// get 07 00
1472 
1473 	result = sddr09_request_sense(us, data, 18);
1474 	if (result == 0 && data[2] != 0) {
1475 		int j;
1476 		for (j=0; j<18; j++)
1477 			printk(" %02X", data[j]);
1478 		printk("\n");
1479 		// get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1480 		// 70: current command
1481 		// sense key 0, sense code 0, extd sense code 0
1482 		// additional transfer length * = sizeof(data) - 7
1483 		// Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1484 		// sense key 06, sense code 28: unit attention,
1485 		// not ready to ready transition
1486 	}
1487 
1488 	// test unit ready
1489 
1490 	return 0;		/* not result */
1491 }
1492 
1493 /*
1494  * Transport for the Microtech DPCM-USB
1495  */
dpcm_transport(struct scsi_cmnd * srb,struct us_data * us)1496 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1497 {
1498 	int ret;
1499 
1500 	usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1501 
1502 	switch (srb->device->lun) {
1503 	case 0:
1504 
1505 		/*
1506 		 * LUN 0 corresponds to the CompactFlash card reader.
1507 		 */
1508 		ret = usb_stor_CB_transport(srb, us);
1509 		break;
1510 
1511 	case 1:
1512 
1513 		/*
1514 		 * LUN 1 corresponds to the SmartMedia card reader.
1515 		 */
1516 
1517 		/*
1518 		 * Set the LUN to 0 (just in case).
1519 		 */
1520 		srb->device->lun = 0;
1521 		ret = sddr09_transport(srb, us);
1522 		srb->device->lun = 1;
1523 		break;
1524 
1525 	default:
1526 	    usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1527 		ret = USB_STOR_TRANSPORT_ERROR;
1528 		break;
1529 	}
1530 	return ret;
1531 }
1532 
1533 
1534 /*
1535  * Transport for the Sandisk SDDR-09
1536  */
sddr09_transport(struct scsi_cmnd * srb,struct us_data * us)1537 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1538 {
1539 	static unsigned char sensekey = 0, sensecode = 0;
1540 	static unsigned char havefakesense = 0;
1541 	int result, i;
1542 	unsigned char *ptr = us->iobuf;
1543 	unsigned long capacity;
1544 	unsigned int page, pages;
1545 
1546 	struct sddr09_card_info *info;
1547 
1548 	static unsigned char inquiry_response[8] = {
1549 		0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1550 	};
1551 
1552 	/* note: no block descriptor support */
1553 	static unsigned char mode_page_01[19] = {
1554 		0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1555 		0x01, 0x0A,
1556 		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1557 	};
1558 
1559 	info = (struct sddr09_card_info *)us->extra;
1560 
1561 	if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1562 		/* for a faked command, we have to follow with a faked sense */
1563 		memset(ptr, 0, 18);
1564 		ptr[0] = 0x70;
1565 		ptr[2] = sensekey;
1566 		ptr[7] = 11;
1567 		ptr[12] = sensecode;
1568 		usb_stor_set_xfer_buf(ptr, 18, srb);
1569 		sensekey = sensecode = havefakesense = 0;
1570 		return USB_STOR_TRANSPORT_GOOD;
1571 	}
1572 
1573 	havefakesense = 1;
1574 
1575 	/*
1576 	 * Dummy up a response for INQUIRY since SDDR09 doesn't
1577 	 * respond to INQUIRY commands
1578 	 */
1579 
1580 	if (srb->cmnd[0] == INQUIRY) {
1581 		memcpy(ptr, inquiry_response, 8);
1582 		fill_inquiry_response(us, ptr, 36);
1583 		return USB_STOR_TRANSPORT_GOOD;
1584 	}
1585 
1586 	if (srb->cmnd[0] == READ_CAPACITY) {
1587 		struct nand_flash_dev *cardinfo;
1588 
1589 		sddr09_get_wp(us, info);	/* read WP bit */
1590 
1591 		cardinfo = sddr09_get_cardinfo(us, info->flags);
1592 		if (!cardinfo) {
1593 			/* probably no media */
1594 		init_error:
1595 			sensekey = 0x02;	/* not ready */
1596 			sensecode = 0x3a;	/* medium not present */
1597 			return USB_STOR_TRANSPORT_FAILED;
1598 		}
1599 
1600 		info->capacity = (1 << cardinfo->chipshift);
1601 		info->pageshift = cardinfo->pageshift;
1602 		info->pagesize = (1 << info->pageshift);
1603 		info->blockshift = cardinfo->blockshift;
1604 		info->blocksize = (1 << info->blockshift);
1605 		info->blockmask = info->blocksize - 1;
1606 
1607 		// map initialization, must follow get_cardinfo()
1608 		if (sddr09_read_map(us)) {
1609 			/* probably out of memory */
1610 			goto init_error;
1611 		}
1612 
1613 		// Report capacity
1614 
1615 		capacity = (info->lbact << info->blockshift) - 1;
1616 
1617 		((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1618 
1619 		// Report page size
1620 
1621 		((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1622 		usb_stor_set_xfer_buf(ptr, 8, srb);
1623 
1624 		return USB_STOR_TRANSPORT_GOOD;
1625 	}
1626 
1627 	if (srb->cmnd[0] == MODE_SENSE_10) {
1628 		int modepage = (srb->cmnd[2] & 0x3F);
1629 
1630 		/*
1631 		 * They ask for the Read/Write error recovery page,
1632 		 * or for all pages.
1633 		 */
1634 		/* %% We should check DBD %% */
1635 		if (modepage == 0x01 || modepage == 0x3F) {
1636 			usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1637 				     modepage);
1638 
1639 			memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1640 			((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1641 			ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1642 			usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1643 			return USB_STOR_TRANSPORT_GOOD;
1644 		}
1645 
1646 		sensekey = 0x05;	/* illegal request */
1647 		sensecode = 0x24;	/* invalid field in CDB */
1648 		return USB_STOR_TRANSPORT_FAILED;
1649 	}
1650 
1651 	if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1652 		return USB_STOR_TRANSPORT_GOOD;
1653 
1654 	havefakesense = 0;
1655 
1656 	if (srb->cmnd[0] == READ_10) {
1657 
1658 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1659 		page <<= 16;
1660 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1661 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1662 
1663 		usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1664 			     page, pages);
1665 
1666 		result = sddr09_read_data(us, page, pages);
1667 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1668 				USB_STOR_TRANSPORT_ERROR);
1669 	}
1670 
1671 	if (srb->cmnd[0] == WRITE_10) {
1672 
1673 		page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1674 		page <<= 16;
1675 		page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1676 		pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1677 
1678 		usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1679 			     page, pages);
1680 
1681 		result = sddr09_write_data(us, page, pages);
1682 		return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1683 				USB_STOR_TRANSPORT_ERROR);
1684 	}
1685 
1686 	/*
1687 	 * catch-all for all other commands, except
1688 	 * pass TEST_UNIT_READY and REQUEST_SENSE through
1689 	 */
1690 	if (srb->cmnd[0] != TEST_UNIT_READY &&
1691 	    srb->cmnd[0] != REQUEST_SENSE) {
1692 		sensekey = 0x05;	/* illegal request */
1693 		sensecode = 0x20;	/* invalid command */
1694 		havefakesense = 1;
1695 		return USB_STOR_TRANSPORT_FAILED;
1696 	}
1697 
1698 	for (; srb->cmd_len<12; srb->cmd_len++)
1699 		srb->cmnd[srb->cmd_len] = 0;
1700 
1701 	srb->cmnd[1] = LUNBITS;
1702 
1703 	ptr[0] = 0;
1704 	for (i=0; i<12; i++)
1705 		sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1706 
1707 	usb_stor_dbg(us, "Send control for command %s\n", ptr);
1708 
1709 	result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1710 	if (result) {
1711 		usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1712 			     result);
1713 		return USB_STOR_TRANSPORT_ERROR;
1714 	}
1715 
1716 	if (scsi_bufflen(srb) == 0)
1717 		return USB_STOR_TRANSPORT_GOOD;
1718 
1719 	if (srb->sc_data_direction == DMA_TO_DEVICE ||
1720 	    srb->sc_data_direction == DMA_FROM_DEVICE) {
1721 		unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1722 				? us->send_bulk_pipe : us->recv_bulk_pipe;
1723 
1724 		usb_stor_dbg(us, "%s %d bytes\n",
1725 			     (srb->sc_data_direction == DMA_TO_DEVICE) ?
1726 			     "sending" : "receiving",
1727 			     scsi_bufflen(srb));
1728 
1729 		result = usb_stor_bulk_srb(us, pipe, srb);
1730 
1731 		return (result == USB_STOR_XFER_GOOD ?
1732 			USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1733 	}
1734 
1735 	return USB_STOR_TRANSPORT_GOOD;
1736 }
1737 
1738 /*
1739  * Initialization routine for the sddr09 subdriver
1740  */
1741 static int
usb_stor_sddr09_init(struct us_data * us)1742 usb_stor_sddr09_init(struct us_data *us) {
1743 	return sddr09_common_init(us);
1744 }
1745 
1746 static struct scsi_host_template sddr09_host_template;
1747 
sddr09_probe(struct usb_interface * intf,const struct usb_device_id * id)1748 static int sddr09_probe(struct usb_interface *intf,
1749 			 const struct usb_device_id *id)
1750 {
1751 	struct us_data *us;
1752 	int result;
1753 
1754 	result = usb_stor_probe1(&us, intf, id,
1755 			(id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1756 			&sddr09_host_template);
1757 	if (result)
1758 		return result;
1759 
1760 	if (us->protocol == USB_PR_DPCM_USB) {
1761 		us->transport_name = "Control/Bulk-EUSB/SDDR09";
1762 		us->transport = dpcm_transport;
1763 		us->transport_reset = usb_stor_CB_reset;
1764 		us->max_lun = 1;
1765 	} else {
1766 		us->transport_name = "EUSB/SDDR09";
1767 		us->transport = sddr09_transport;
1768 		us->transport_reset = usb_stor_CB_reset;
1769 		us->max_lun = 0;
1770 	}
1771 
1772 	result = usb_stor_probe2(us);
1773 	return result;
1774 }
1775 
1776 static struct usb_driver sddr09_driver = {
1777 	.name =		DRV_NAME,
1778 	.probe =	sddr09_probe,
1779 	.disconnect =	usb_stor_disconnect,
1780 	.suspend =	usb_stor_suspend,
1781 	.resume =	usb_stor_resume,
1782 	.reset_resume =	usb_stor_reset_resume,
1783 	.pre_reset =	usb_stor_pre_reset,
1784 	.post_reset =	usb_stor_post_reset,
1785 	.id_table =	sddr09_usb_ids,
1786 	.soft_unbind =	1,
1787 	.no_dynamic_id = 1,
1788 };
1789 
1790 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1791