linux/drivers/usb/storage/sddr09.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Driver for SanDisk SDDR-09 SmartMedia reader
   4 *
   5 *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
   6 *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
   7 * Developed with the assistance of:
   8 *   (c) 2002 Alan Stern <stern@rowland.org>
   9 *
  10 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
  11 * This chip is a programmable USB controller. In the SDDR-09, it has
  12 * been programmed to obey a certain limited set of SCSI commands.
  13 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
  14 * commands.
  15 */
  16
  17/*
  18 * Known vendor commands: 12 bytes, first byte is opcode
  19 *
  20 * E7: read scatter gather
  21 * E8: read
  22 * E9: write
  23 * EA: erase
  24 * EB: reset
  25 * EC: read status
  26 * ED: read ID
  27 * EE: write CIS (?)
  28 * EF: compute checksum (?)
  29 */
  30
  31#include <linux/errno.h>
  32#include <linux/module.h>
  33#include <linux/slab.h>
  34
  35#include <scsi/scsi.h>
  36#include <scsi/scsi_cmnd.h>
  37#include <scsi/scsi_device.h>
  38
  39#include "usb.h"
  40#include "transport.h"
  41#include "protocol.h"
  42#include "debug.h"
  43#include "scsiglue.h"
  44
  45#define DRV_NAME "ums-sddr09"
  46
  47MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
  48MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
  49MODULE_LICENSE("GPL");
  50
  51static int usb_stor_sddr09_dpcm_init(struct us_data *us);
  52static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
  53static int usb_stor_sddr09_init(struct us_data *us);
  54
  55
  56/*
  57 * The table of devices
  58 */
  59#define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
  60                    vendorName, productName, useProtocol, useTransport, \
  61                    initFunction, flags) \
  62{ USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
  63  .driver_info = (flags) }
  64
  65static struct usb_device_id sddr09_usb_ids[] = {
  66#       include "unusual_sddr09.h"
  67        { }             /* Terminating entry */
  68};
  69MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
  70
  71#undef UNUSUAL_DEV
  72
  73/*
  74 * The flags table
  75 */
  76#define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
  77                    vendor_name, product_name, use_protocol, use_transport, \
  78                    init_function, Flags) \
  79{ \
  80        .vendorName = vendor_name,      \
  81        .productName = product_name,    \
  82        .useProtocol = use_protocol,    \
  83        .useTransport = use_transport,  \
  84        .initFunction = init_function,  \
  85}
  86
  87static struct us_unusual_dev sddr09_unusual_dev_list[] = {
  88#       include "unusual_sddr09.h"
  89        { }             /* Terminating entry */
  90};
  91
  92#undef UNUSUAL_DEV
  93
  94
  95#define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
  96#define LSB_of(s) ((s)&0xFF)
  97#define MSB_of(s) ((s)>>8)
  98
  99/*
 100 * First some stuff that does not belong here:
 101 * data on SmartMedia and other cards, completely
 102 * unrelated to this driver.
 103 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
 104 */
 105
 106struct nand_flash_dev {
 107        int model_id;
 108        int chipshift;          /* 1<<cs bytes total capacity */
 109        char pageshift;         /* 1<<ps bytes in a page */
 110        char blockshift;        /* 1<<bs pages in an erase block */
 111        char zoneshift;         /* 1<<zs blocks in a zone */
 112                                /* # of logical blocks is 125/128 of this */
 113        char pageadrlen;        /* length of an address in bytes - 1 */
 114};
 115
 116/*
 117 * NAND Flash Manufacturer ID Codes
 118 */
 119#define NAND_MFR_AMD            0x01
 120#define NAND_MFR_NATSEMI        0x8f
 121#define NAND_MFR_TOSHIBA        0x98
 122#define NAND_MFR_SAMSUNG        0xec
 123
 124static inline char *nand_flash_manufacturer(int manuf_id) {
 125        switch(manuf_id) {
 126        case NAND_MFR_AMD:
 127                return "AMD";
 128        case NAND_MFR_NATSEMI:
 129                return "NATSEMI";
 130        case NAND_MFR_TOSHIBA:
 131                return "Toshiba";
 132        case NAND_MFR_SAMSUNG:
 133                return "Samsung";
 134        default:
 135                return "unknown";
 136        }
 137}
 138
 139/*
 140 * It looks like it is unnecessary to attach manufacturer to the
 141 * remaining data: SSFDC prescribes manufacturer-independent id codes.
 142 *
 143 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
 144 */
 145
 146static struct nand_flash_dev nand_flash_ids[] = {
 147        /* NAND flash */
 148        { 0x6e, 20, 8, 4, 8, 2},        /* 1 MB */
 149        { 0xe8, 20, 8, 4, 8, 2},        /* 1 MB */
 150        { 0xec, 20, 8, 4, 8, 2},        /* 1 MB */
 151        { 0x64, 21, 8, 4, 9, 2},        /* 2 MB */
 152        { 0xea, 21, 8, 4, 9, 2},        /* 2 MB */
 153        { 0x6b, 22, 9, 4, 9, 2},        /* 4 MB */
 154        { 0xe3, 22, 9, 4, 9, 2},        /* 4 MB */
 155        { 0xe5, 22, 9, 4, 9, 2},        /* 4 MB */
 156        { 0xe6, 23, 9, 4, 10, 2},       /* 8 MB */
 157        { 0x73, 24, 9, 5, 10, 2},       /* 16 MB */
 158        { 0x75, 25, 9, 5, 10, 2},       /* 32 MB */
 159        { 0x76, 26, 9, 5, 10, 3},       /* 64 MB */
 160        { 0x79, 27, 9, 5, 10, 3},       /* 128 MB */
 161
 162        /* MASK ROM */
 163        { 0x5d, 21, 9, 4, 8, 2},        /* 2 MB */
 164        { 0xd5, 22, 9, 4, 9, 2},        /* 4 MB */
 165        { 0xd6, 23, 9, 4, 10, 2},       /* 8 MB */
 166        { 0x57, 24, 9, 4, 11, 2},       /* 16 MB */
 167        { 0x58, 25, 9, 4, 12, 2},       /* 32 MB */
 168        { 0,}
 169};
 170
 171static struct nand_flash_dev *
 172nand_find_id(unsigned char id) {
 173        int i;
 174
 175        for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
 176                if (nand_flash_ids[i].model_id == id)
 177                        return &(nand_flash_ids[i]);
 178        return NULL;
 179}
 180
 181/*
 182 * ECC computation.
 183 */
 184static unsigned char parity[256];
 185static unsigned char ecc2[256];
 186
 187static void nand_init_ecc(void) {
 188        int i, j, a;
 189
 190        parity[0] = 0;
 191        for (i = 1; i < 256; i++)
 192                parity[i] = (parity[i&(i-1)] ^ 1);
 193
 194        for (i = 0; i < 256; i++) {
 195                a = 0;
 196                for (j = 0; j < 8; j++) {
 197                        if (i & (1<<j)) {
 198                                if ((j & 1) == 0)
 199                                        a ^= 0x04;
 200                                if ((j & 2) == 0)
 201                                        a ^= 0x10;
 202                                if ((j & 4) == 0)
 203                                        a ^= 0x40;
 204                        }
 205                }
 206                ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
 207        }
 208}
 209
 210/* compute 3-byte ecc on 256 bytes */
 211static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
 212        int i, j, a;
 213        unsigned char par = 0, bit, bits[8] = {0};
 214
 215        /* collect 16 checksum bits */
 216        for (i = 0; i < 256; i++) {
 217                par ^= data[i];
 218                bit = parity[data[i]];
 219                for (j = 0; j < 8; j++)
 220                        if ((i & (1<<j)) == 0)
 221                                bits[j] ^= bit;
 222        }
 223
 224        /* put 4+4+4 = 12 bits in the ecc */
 225        a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
 226        ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
 227
 228        a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
 229        ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
 230
 231        ecc[2] = ecc2[par];
 232}
 233
 234static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
 235        return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
 236}
 237
 238static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
 239        memcpy(data, ecc, 3);
 240}
 241
 242/*
 243 * The actual driver starts here.
 244 */
 245
 246struct sddr09_card_info {
 247        unsigned long   capacity;       /* Size of card in bytes */
 248        int             pagesize;       /* Size of page in bytes */
 249        int             pageshift;      /* log2 of pagesize */
 250        int             blocksize;      /* Size of block in pages */
 251        int             blockshift;     /* log2 of blocksize */
 252        int             blockmask;      /* 2^blockshift - 1 */
 253        int             *lba_to_pba;    /* logical to physical map */
 254        int             *pba_to_lba;    /* physical to logical map */
 255        int             lbact;          /* number of available pages */
 256        int             flags;
 257#define SDDR09_WP       1               /* write protected */
 258};
 259
 260/*
 261 * On my 16MB card, control blocks have size 64 (16 real control bytes,
 262 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
 263 * so the reader makes up the remaining 48. Don't know whether these numbers
 264 * depend on the card. For now a constant.
 265 */
 266#define CONTROL_SHIFT 6
 267
 268/*
 269 * On my Combo CF/SM reader, the SM reader has LUN 1.
 270 * (and things fail with LUN 0).
 271 * It seems LUN is irrelevant for others.
 272 */
 273#define LUN     1
 274#define LUNBITS (LUN << 5)
 275
 276/*
 277 * LBA and PBA are unsigned ints. Special values.
 278 */
 279#define UNDEF    0xffffffff
 280#define SPARE    0xfffffffe
 281#define UNUSABLE 0xfffffffd
 282
 283static const int erase_bad_lba_entries = 0;
 284
 285/* send vendor interface command (0x41) */
 286/* called for requests 0, 1, 8 */
 287static int
 288sddr09_send_command(struct us_data *us,
 289                    unsigned char request,
 290                    unsigned char direction,
 291                    unsigned char *xfer_data,
 292                    unsigned int xfer_len) {
 293        unsigned int pipe;
 294        unsigned char requesttype = (0x41 | direction);
 295        int rc;
 296
 297        // Get the receive or send control pipe number
 298
 299        if (direction == USB_DIR_IN)
 300                pipe = us->recv_ctrl_pipe;
 301        else
 302                pipe = us->send_ctrl_pipe;
 303
 304        rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
 305                                   0, 0, xfer_data, xfer_len);
 306        switch (rc) {
 307                case USB_STOR_XFER_GOOD:        return 0;
 308                case USB_STOR_XFER_STALLED:     return -EPIPE;
 309                default:                        return -EIO;
 310        }
 311}
 312
 313static int
 314sddr09_send_scsi_command(struct us_data *us,
 315                         unsigned char *command,
 316                         unsigned int command_len) {
 317        return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
 318}
 319
 320#if 0
 321/*
 322 * Test Unit Ready Command: 12 bytes.
 323 * byte 0: opcode: 00
 324 */
 325static int
 326sddr09_test_unit_ready(struct us_data *us) {
 327        unsigned char *command = us->iobuf;
 328        int result;
 329
 330        memset(command, 0, 6);
 331        command[1] = LUNBITS;
 332
 333        result = sddr09_send_scsi_command(us, command, 6);
 334
 335        usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
 336
 337        return result;
 338}
 339#endif
 340
 341/*
 342 * Request Sense Command: 12 bytes.
 343 * byte 0: opcode: 03
 344 * byte 4: data length
 345 */
 346static int
 347sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
 348        unsigned char *command = us->iobuf;
 349        int result;
 350
 351        memset(command, 0, 12);
 352        command[0] = 0x03;
 353        command[1] = LUNBITS;
 354        command[4] = buflen;
 355
 356        result = sddr09_send_scsi_command(us, command, 12);
 357        if (result)
 358                return result;
 359
 360        result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
 361                        sensebuf, buflen, NULL);
 362        return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
 363}
 364
 365/*
 366 * Read Command: 12 bytes.
 367 * byte 0: opcode: E8
 368 * byte 1: last two bits: 00: read data, 01: read blockwise control,
 369 *                      10: read both, 11: read pagewise control.
 370 *       It turns out we need values 20, 21, 22, 23 here (LUN 1).
 371 * bytes 2-5: address (interpretation depends on byte 1, see below)
 372 * bytes 10-11: count (idem)
 373 *
 374 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
 375 * A read data command gets data in 512-byte pages.
 376 * A read control command gets control in 64-byte chunks.
 377 * A read both command gets data+control in 576-byte chunks.
 378 *
 379 * Blocks are groups of 32 pages, and read blockwise control jumps to the
 380 * next block, while read pagewise control jumps to the next page after
 381 * reading a group of 64 control bytes.
 382 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
 383 *
 384 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
 385 */
 386
 387static int
 388sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
 389             int nr_of_pages, int bulklen, unsigned char *buf,
 390             int use_sg) {
 391
 392        unsigned char *command = us->iobuf;
 393        int result;
 394
 395        command[0] = 0xE8;
 396        command[1] = LUNBITS | x;
 397        command[2] = MSB_of(fromaddress>>16);
 398        command[3] = LSB_of(fromaddress>>16); 
 399        command[4] = MSB_of(fromaddress & 0xFFFF);
 400        command[5] = LSB_of(fromaddress & 0xFFFF); 
 401        command[6] = 0;
 402        command[7] = 0;
 403        command[8] = 0;
 404        command[9] = 0;
 405        command[10] = MSB_of(nr_of_pages);
 406        command[11] = LSB_of(nr_of_pages);
 407
 408        result = sddr09_send_scsi_command(us, command, 12);
 409
 410        if (result) {
 411                usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
 412                             x, result);
 413                return result;
 414        }
 415
 416        result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
 417                                       buf, bulklen, use_sg, NULL);
 418
 419        if (result != USB_STOR_XFER_GOOD) {
 420                usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
 421                             x, result);
 422                return -EIO;
 423        }
 424        return 0;
 425}
 426
 427/*
 428 * Read Data
 429 *
 430 * fromaddress counts data shorts:
 431 * increasing it by 256 shifts the bytestream by 512 bytes;
 432 * the last 8 bits are ignored.
 433 *
 434 * nr_of_pages counts pages of size (1 << pageshift).
 435 */
 436static int
 437sddr09_read20(struct us_data *us, unsigned long fromaddress,
 438              int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
 439        int bulklen = nr_of_pages << pageshift;
 440
 441        /* The last 8 bits of fromaddress are ignored. */
 442        return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
 443                            buf, use_sg);
 444}
 445
 446/*
 447 * Read Blockwise Control
 448 *
 449 * fromaddress gives the starting position (as in read data;
 450 * the last 8 bits are ignored); increasing it by 32*256 shifts
 451 * the output stream by 64 bytes.
 452 *
 453 * count counts control groups of size (1 << controlshift).
 454 * For me, controlshift = 6. Is this constant?
 455 *
 456 * After getting one control group, jump to the next block
 457 * (fromaddress += 8192).
 458 */
 459static int
 460sddr09_read21(struct us_data *us, unsigned long fromaddress,
 461              int count, int controlshift, unsigned char *buf, int use_sg) {
 462
 463        int bulklen = (count << controlshift);
 464        return sddr09_readX(us, 1, fromaddress, count, bulklen,
 465                            buf, use_sg);
 466}
 467
 468/*
 469 * Read both Data and Control
 470 *
 471 * fromaddress counts data shorts, ignoring control:
 472 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
 473 * the last 8 bits are ignored.
 474 *
 475 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
 476 */
 477static int
 478sddr09_read22(struct us_data *us, unsigned long fromaddress,
 479              int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
 480
 481        int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
 482        usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
 483        return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
 484                            buf, use_sg);
 485}
 486
 487#if 0
 488/*
 489 * Read Pagewise Control
 490 *
 491 * fromaddress gives the starting position (as in read data;
 492 * the last 8 bits are ignored); increasing it by 256 shifts
 493 * the output stream by 64 bytes.
 494 *
 495 * count counts control groups of size (1 << controlshift).
 496 * For me, controlshift = 6. Is this constant?
 497 *
 498 * After getting one control group, jump to the next page
 499 * (fromaddress += 256).
 500 */
 501static int
 502sddr09_read23(struct us_data *us, unsigned long fromaddress,
 503              int count, int controlshift, unsigned char *buf, int use_sg) {
 504
 505        int bulklen = (count << controlshift);
 506        return sddr09_readX(us, 3, fromaddress, count, bulklen,
 507                            buf, use_sg);
 508}
 509#endif
 510
 511/*
 512 * Erase Command: 12 bytes.
 513 * byte 0: opcode: EA
 514 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
 515 * 
 516 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
 517 * The byte address being erased is 2*Eaddress.
 518 * The CIS cannot be erased.
 519 */
 520static int
 521sddr09_erase(struct us_data *us, unsigned long Eaddress) {
 522        unsigned char *command = us->iobuf;
 523        int result;
 524
 525        usb_stor_dbg(us, "erase address %lu\n", Eaddress);
 526
 527        memset(command, 0, 12);
 528        command[0] = 0xEA;
 529        command[1] = LUNBITS;
 530        command[6] = MSB_of(Eaddress>>16);
 531        command[7] = LSB_of(Eaddress>>16);
 532        command[8] = MSB_of(Eaddress & 0xFFFF);
 533        command[9] = LSB_of(Eaddress & 0xFFFF);
 534
 535        result = sddr09_send_scsi_command(us, command, 12);
 536
 537        if (result)
 538                usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
 539                             result);
 540
 541        return result;
 542}
 543
 544/*
 545 * Write CIS Command: 12 bytes.
 546 * byte 0: opcode: EE
 547 * bytes 2-5: write address in shorts
 548 * bytes 10-11: sector count
 549 *
 550 * This writes at the indicated address. Don't know how it differs
 551 * from E9. Maybe it does not erase? However, it will also write to
 552 * the CIS.
 553 *
 554 * When two such commands on the same page follow each other directly,
 555 * the second one is not done.
 556 */
 557
 558/*
 559 * Write Command: 12 bytes.
 560 * byte 0: opcode: E9
 561 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
 562 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
 563 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
 564 *
 565 * If write address equals erase address, the erase is done first,
 566 * otherwise the write is done first. When erase address equals zero
 567 * no erase is done?
 568 */
 569static int
 570sddr09_writeX(struct us_data *us,
 571              unsigned long Waddress, unsigned long Eaddress,
 572              int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
 573
 574        unsigned char *command = us->iobuf;
 575        int result;
 576
 577        command[0] = 0xE9;
 578        command[1] = LUNBITS;
 579
 580        command[2] = MSB_of(Waddress>>16);
 581        command[3] = LSB_of(Waddress>>16);
 582        command[4] = MSB_of(Waddress & 0xFFFF);
 583        command[5] = LSB_of(Waddress & 0xFFFF);
 584
 585        command[6] = MSB_of(Eaddress>>16);
 586        command[7] = LSB_of(Eaddress>>16);
 587        command[8] = MSB_of(Eaddress & 0xFFFF);
 588        command[9] = LSB_of(Eaddress & 0xFFFF);
 589
 590        command[10] = MSB_of(nr_of_pages);
 591        command[11] = LSB_of(nr_of_pages);
 592
 593        result = sddr09_send_scsi_command(us, command, 12);
 594
 595        if (result) {
 596                usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
 597                             result);
 598                return result;
 599        }
 600
 601        result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
 602                                       buf, bulklen, use_sg, NULL);
 603
 604        if (result != USB_STOR_XFER_GOOD) {
 605                usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
 606                             result);
 607                return -EIO;
 608        }
 609        return 0;
 610}
 611
 612/* erase address, write same address */
 613static int
 614sddr09_write_inplace(struct us_data *us, unsigned long address,
 615                     int nr_of_pages, int pageshift, unsigned char *buf,
 616                     int use_sg) {
 617        int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
 618        return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
 619                             buf, use_sg);
 620}
 621
 622#if 0
 623/*
 624 * Read Scatter Gather Command: 3+4n bytes.
 625 * byte 0: opcode E7
 626 * byte 2: n
 627 * bytes 4i-1,4i,4i+1: page address
 628 * byte 4i+2: page count
 629 * (i=1..n)
 630 *
 631 * This reads several pages from the card to a single memory buffer.
 632 * The last two bits of byte 1 have the same meaning as for E8.
 633 */
 634static int
 635sddr09_read_sg_test_only(struct us_data *us) {
 636        unsigned char *command = us->iobuf;
 637        int result, bulklen, nsg, ct;
 638        unsigned char *buf;
 639        unsigned long address;
 640
 641        nsg = bulklen = 0;
 642        command[0] = 0xE7;
 643        command[1] = LUNBITS;
 644        command[2] = 0;
 645        address = 040000; ct = 1;
 646        nsg++;
 647        bulklen += (ct << 9);
 648        command[4*nsg+2] = ct;
 649        command[4*nsg+1] = ((address >> 9) & 0xFF);
 650        command[4*nsg+0] = ((address >> 17) & 0xFF);
 651        command[4*nsg-1] = ((address >> 25) & 0xFF);
 652
 653        address = 0340000; ct = 1;
 654        nsg++;
 655        bulklen += (ct << 9);
 656        command[4*nsg+2] = ct;
 657        command[4*nsg+1] = ((address >> 9) & 0xFF);
 658        command[4*nsg+0] = ((address >> 17) & 0xFF);
 659        command[4*nsg-1] = ((address >> 25) & 0xFF);
 660
 661        address = 01000000; ct = 2;
 662        nsg++;
 663        bulklen += (ct << 9);
 664        command[4*nsg+2] = ct;
 665        command[4*nsg+1] = ((address >> 9) & 0xFF);
 666        command[4*nsg+0] = ((address >> 17) & 0xFF);
 667        command[4*nsg-1] = ((address >> 25) & 0xFF);
 668
 669        command[2] = nsg;
 670
 671        result = sddr09_send_scsi_command(us, command, 4*nsg+3);
 672
 673        if (result) {
 674                usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
 675                             result);
 676                return result;
 677        }
 678
 679        buf = kmalloc(bulklen, GFP_NOIO);
 680        if (!buf)
 681                return -ENOMEM;
 682
 683        result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
 684                                       buf, bulklen, NULL);
 685        kfree(buf);
 686        if (result != USB_STOR_XFER_GOOD) {
 687                usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
 688                             result);
 689                return -EIO;
 690        }
 691
 692        return 0;
 693}
 694#endif
 695
 696/*
 697 * Read Status Command: 12 bytes.
 698 * byte 0: opcode: EC
 699 *
 700 * Returns 64 bytes, all zero except for the first.
 701 * bit 0: 1: Error
 702 * bit 5: 1: Suspended
 703 * bit 6: 1: Ready
 704 * bit 7: 1: Not write-protected
 705 */
 706
 707static int
 708sddr09_read_status(struct us_data *us, unsigned char *status) {
 709
 710        unsigned char *command = us->iobuf;
 711        unsigned char *data = us->iobuf;
 712        int result;
 713
 714        usb_stor_dbg(us, "Reading status...\n");
 715
 716        memset(command, 0, 12);
 717        command[0] = 0xEC;
 718        command[1] = LUNBITS;
 719
 720        result = sddr09_send_scsi_command(us, command, 12);
 721        if (result)
 722                return result;
 723
 724        result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
 725                                       data, 64, NULL);
 726        *status = data[0];
 727        return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
 728}
 729
 730static int
 731sddr09_read_data(struct us_data *us,
 732                 unsigned long address,
 733                 unsigned int sectors) {
 734
 735        struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
 736        unsigned char *buffer;
 737        unsigned int lba, maxlba, pba;
 738        unsigned int page, pages;
 739        unsigned int len, offset;
 740        struct scatterlist *sg;
 741        int result;
 742
 743        // Figure out the initial LBA and page
 744        lba = address >> info->blockshift;
 745        page = (address & info->blockmask);
 746        maxlba = info->capacity >> (info->pageshift + info->blockshift);
 747        if (lba >= maxlba)
 748                return -EIO;
 749
 750        // Since we only read in one block at a time, we have to create
 751        // a bounce buffer and move the data a piece at a time between the
 752        // bounce buffer and the actual transfer buffer.
 753
 754        len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
 755        buffer = kmalloc(len, GFP_NOIO);
 756        if (!buffer)
 757                return -ENOMEM;
 758
 759        // This could be made much more efficient by checking for
 760        // contiguous LBA's. Another exercise left to the student.
 761
 762        result = 0;
 763        offset = 0;
 764        sg = NULL;
 765
 766        while (sectors > 0) {
 767
 768                /* Find number of pages we can read in this block */
 769                pages = min(sectors, info->blocksize - page);
 770                len = pages << info->pageshift;
 771
 772                /* Not overflowing capacity? */
 773                if (lba >= maxlba) {
 774                        usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
 775                                     lba, maxlba);
 776                        result = -EIO;
 777                        break;
 778                }
 779
 780                /* Find where this lba lives on disk */
 781                pba = info->lba_to_pba[lba];
 782
 783                if (pba == UNDEF) {     /* this lba was never written */
 784
 785                        usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
 786                                     pages, lba, page);
 787
 788                        /*
 789                         * This is not really an error. It just means
 790                         * that the block has never been written.
 791                         * Instead of returning an error
 792                         * it is better to return all zero data.
 793                         */
 794
 795                        memset(buffer, 0, len);
 796
 797                } else {
 798                        usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
 799                                     pages, pba, lba, page);
 800
 801                        address = ((pba << info->blockshift) + page) << 
 802                                info->pageshift;
 803
 804                        result = sddr09_read20(us, address>>1,
 805                                        pages, info->pageshift, buffer, 0);
 806                        if (result)
 807                                break;
 808                }
 809
 810                // Store the data in the transfer buffer
 811                usb_stor_access_xfer_buf(buffer, len, us->srb,
 812                                &sg, &offset, TO_XFER_BUF);
 813
 814                page = 0;
 815                lba++;
 816                sectors -= pages;
 817        }
 818
 819        kfree(buffer);
 820        return result;
 821}
 822
 823static unsigned int
 824sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
 825        static unsigned int lastpba = 1;
 826        int zonestart, end, i;
 827
 828        zonestart = (lba/1000) << 10;
 829        end = info->capacity >> (info->blockshift + info->pageshift);
 830        end -= zonestart;
 831        if (end > 1024)
 832                end = 1024;
 833
 834        for (i = lastpba+1; i < end; i++) {
 835                if (info->pba_to_lba[zonestart+i] == UNDEF) {
 836                        lastpba = i;
 837                        return zonestart+i;
 838                }
 839        }
 840        for (i = 0; i <= lastpba; i++) {
 841                if (info->pba_to_lba[zonestart+i] == UNDEF) {
 842                        lastpba = i;
 843                        return zonestart+i;
 844                }
 845        }
 846        return 0;
 847}
 848
 849static int
 850sddr09_write_lba(struct us_data *us, unsigned int lba,
 851                 unsigned int page, unsigned int pages,
 852                 unsigned char *ptr, unsigned char *blockbuffer) {
 853
 854        struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
 855        unsigned long address;
 856        unsigned int pba, lbap;
 857        unsigned int pagelen;
 858        unsigned char *bptr, *cptr, *xptr;
 859        unsigned char ecc[3];
 860        int i, result;
 861
 862        lbap = ((lba % 1000) << 1) | 0x1000;
 863        if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
 864                lbap ^= 1;
 865        pba = info->lba_to_pba[lba];
 866
 867        if (pba == UNDEF) {
 868                pba = sddr09_find_unused_pba(info, lba);
 869                if (!pba) {
 870                        printk(KERN_WARNING
 871                               "sddr09_write_lba: Out of unused blocks\n");
 872                        return -ENOSPC;
 873                }
 874                info->pba_to_lba[pba] = lba;
 875                info->lba_to_pba[lba] = pba;
 876        }
 877
 878        if (pba == 1) {
 879                /*
 880                 * Maybe it is impossible to write to PBA 1.
 881                 * Fake success, but don't do anything.
 882                 */
 883                printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
 884                return 0;
 885        }
 886
 887        pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
 888
 889        /* read old contents */
 890        address = (pba << (info->pageshift + info->blockshift));
 891        result = sddr09_read22(us, address>>1, info->blocksize,
 892                               info->pageshift, blockbuffer, 0);
 893        if (result)
 894                return result;
 895
 896        /* check old contents and fill lba */
 897        for (i = 0; i < info->blocksize; i++) {
 898                bptr = blockbuffer + i*pagelen;
 899                cptr = bptr + info->pagesize;
 900                nand_compute_ecc(bptr, ecc);
 901                if (!nand_compare_ecc(cptr+13, ecc)) {
 902                        usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
 903                                     i, pba);
 904                        nand_store_ecc(cptr+13, ecc);
 905                }
 906                nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
 907                if (!nand_compare_ecc(cptr+8, ecc)) {
 908                        usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
 909                                     i, pba);
 910                        nand_store_ecc(cptr+8, ecc);
 911                }
 912                cptr[6] = cptr[11] = MSB_of(lbap);
 913                cptr[7] = cptr[12] = LSB_of(lbap);
 914        }
 915
 916        /* copy in new stuff and compute ECC */
 917        xptr = ptr;
 918        for (i = page; i < page+pages; i++) {
 919                bptr = blockbuffer + i*pagelen;
 920                cptr = bptr + info->pagesize;
 921                memcpy(bptr, xptr, info->pagesize);
 922                xptr += info->pagesize;
 923                nand_compute_ecc(bptr, ecc);
 924                nand_store_ecc(cptr+13, ecc);
 925                nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
 926                nand_store_ecc(cptr+8, ecc);
 927        }
 928
 929        usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
 930
 931        result = sddr09_write_inplace(us, address>>1, info->blocksize,
 932                                      info->pageshift, blockbuffer, 0);
 933
 934        usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
 935
 936#if 0
 937        {
 938                unsigned char status = 0;
 939                int result2 = sddr09_read_status(us, &status);
 940                if (result2)
 941                        usb_stor_dbg(us, "cannot read status\n");
 942                else if (status != 0xc0)
 943                        usb_stor_dbg(us, "status after write: 0x%x\n", status);
 944        }
 945#endif
 946
 947#if 0
 948        {
 949                int result2 = sddr09_test_unit_ready(us);
 950        }
 951#endif
 952
 953        return result;
 954}
 955
 956static int
 957sddr09_write_data(struct us_data *us,
 958                  unsigned long address,
 959                  unsigned int sectors) {
 960
 961        struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
 962        unsigned int lba, maxlba, page, pages;
 963        unsigned int pagelen, blocklen;
 964        unsigned char *blockbuffer;
 965        unsigned char *buffer;
 966        unsigned int len, offset;
 967        struct scatterlist *sg;
 968        int result;
 969
 970        /* Figure out the initial LBA and page */
 971        lba = address >> info->blockshift;
 972        page = (address & info->blockmask);
 973        maxlba = info->capacity >> (info->pageshift + info->blockshift);
 974        if (lba >= maxlba)
 975                return -EIO;
 976
 977        /*
 978         * blockbuffer is used for reading in the old data, overwriting
 979         * with the new data, and performing ECC calculations
 980         */
 981
 982        /*
 983         * TODO: instead of doing kmalloc/kfree for each write,
 984         * add a bufferpointer to the info structure
 985         */
 986
 987        pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
 988        blocklen = (pagelen << info->blockshift);
 989        blockbuffer = kmalloc(blocklen, GFP_NOIO);
 990        if (!blockbuffer)
 991                return -ENOMEM;
 992
 993        /*
 994         * Since we don't write the user data directly to the device,
 995         * we have to create a bounce buffer and move the data a piece
 996         * at a time between the bounce buffer and the actual transfer buffer.
 997         */
 998
 999        len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1000        buffer = kmalloc(len, GFP_NOIO);
1001        if (!buffer) {
1002                kfree(blockbuffer);
1003                return -ENOMEM;
1004        }
1005
1006        result = 0;
1007        offset = 0;
1008        sg = NULL;
1009
1010        while (sectors > 0) {
1011
1012                /* Write as many sectors as possible in this block */
1013
1014                pages = min(sectors, info->blocksize - page);
1015                len = (pages << info->pageshift);
1016
1017                /* Not overflowing capacity? */
1018                if (lba >= maxlba) {
1019                        usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1020                                     lba, maxlba);
1021                        result = -EIO;
1022                        break;
1023                }
1024
1025                /* Get the data from the transfer buffer */
1026                usb_stor_access_xfer_buf(buffer, len, us->srb,
1027                                &sg, &offset, FROM_XFER_BUF);
1028
1029                result = sddr09_write_lba(us, lba, page, pages,
1030                                buffer, blockbuffer);
1031                if (result)
1032                        break;
1033
1034                page = 0;
1035                lba++;
1036                sectors -= pages;
1037        }
1038
1039        kfree(buffer);
1040        kfree(blockbuffer);
1041
1042        return result;
1043}
1044
1045static int
1046sddr09_read_control(struct us_data *us,
1047                unsigned long address,
1048                unsigned int blocks,
1049                unsigned char *content,
1050                int use_sg) {
1051
1052        usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1053                     address, blocks);
1054
1055        return sddr09_read21(us, address, blocks,
1056                             CONTROL_SHIFT, content, use_sg);
1057}
1058
1059/*
1060 * Read Device ID Command: 12 bytes.
1061 * byte 0: opcode: ED
1062 *
1063 * Returns 2 bytes: Manufacturer ID and Device ID.
1064 * On more recent cards 3 bytes: the third byte is an option code A5
1065 * signifying that the secret command to read an 128-bit ID is available.
1066 * On still more recent cards 4 bytes: the fourth byte C0 means that
1067 * a second read ID cmd is available.
1068 */
1069static int
1070sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1071        unsigned char *command = us->iobuf;
1072        unsigned char *content = us->iobuf;
1073        int result, i;
1074
1075        memset(command, 0, 12);
1076        command[0] = 0xED;
1077        command[1] = LUNBITS;
1078
1079        result = sddr09_send_scsi_command(us, command, 12);
1080        if (result)
1081                return result;
1082
1083        result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1084                        content, 64, NULL);
1085
1086        for (i = 0; i < 4; i++)
1087                deviceID[i] = content[i];
1088
1089        return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1090}
1091
1092static int
1093sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1094        int result;
1095        unsigned char status;
1096        const char *wp_fmt;
1097
1098        result = sddr09_read_status(us, &status);
1099        if (result) {
1100                usb_stor_dbg(us, "read_status fails\n");
1101                return result;
1102        }
1103        if ((status & 0x80) == 0) {
1104                info->flags |= SDDR09_WP;       /* write protected */
1105                wp_fmt = " WP";
1106        } else {
1107                wp_fmt = "";
1108        }
1109        usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1110                     status & 0x40 ? " Ready" : "",
1111                     status & LUNBITS ? " Suspended" : "",
1112                     status & 0x01 ? " Error" : "");
1113
1114        return 0;
1115}
1116
1117#if 0
1118/*
1119 * Reset Command: 12 bytes.
1120 * byte 0: opcode: EB
1121 */
1122static int
1123sddr09_reset(struct us_data *us) {
1124
1125        unsigned char *command = us->iobuf;
1126
1127        memset(command, 0, 12);
1128        command[0] = 0xEB;
1129        command[1] = LUNBITS;
1130
1131        return sddr09_send_scsi_command(us, command, 12);
1132}
1133#endif
1134
1135static struct nand_flash_dev *
1136sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1137        struct nand_flash_dev *cardinfo;
1138        unsigned char deviceID[4];
1139        char blurbtxt[256];
1140        int result;
1141
1142        usb_stor_dbg(us, "Reading capacity...\n");
1143
1144        result = sddr09_read_deviceID(us, deviceID);
1145
1146        if (result) {
1147                usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1148                printk(KERN_WARNING "sddr09: could not read card info\n");
1149                return NULL;
1150        }
1151
1152        sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1153
1154        /* Byte 0 is the manufacturer */
1155        sprintf(blurbtxt + strlen(blurbtxt),
1156                ": Manuf. %s",
1157                nand_flash_manufacturer(deviceID[0]));
1158
1159        /* Byte 1 is the device type */
1160        cardinfo = nand_find_id(deviceID[1]);
1161        if (cardinfo) {
1162                /*
1163                 * MB or MiB? It is neither. A 16 MB card has
1164                 * 17301504 raw bytes, of which 16384000 are
1165                 * usable for user data.
1166                 */
1167                sprintf(blurbtxt + strlen(blurbtxt),
1168                        ", %d MB", 1<<(cardinfo->chipshift - 20));
1169        } else {
1170                sprintf(blurbtxt + strlen(blurbtxt),
1171                        ", type unrecognized");
1172        }
1173
1174        /* Byte 2 is code to signal availability of 128-bit ID */
1175        if (deviceID[2] == 0xa5) {
1176                sprintf(blurbtxt + strlen(blurbtxt),
1177                        ", 128-bit ID");
1178        }
1179
1180        /* Byte 3 announces the availability of another read ID command */
1181        if (deviceID[3] == 0xc0) {
1182                sprintf(blurbtxt + strlen(blurbtxt),
1183                        ", extra cmd");
1184        }
1185
1186        if (flags & SDDR09_WP)
1187                sprintf(blurbtxt + strlen(blurbtxt),
1188                        ", WP");
1189
1190        printk(KERN_WARNING "%s\n", blurbtxt);
1191
1192        return cardinfo;
1193}
1194
1195static int
1196sddr09_read_map(struct us_data *us) {
1197
1198        struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1199        int numblocks, alloc_len, alloc_blocks;
1200        int i, j, result;
1201        unsigned char *buffer, *buffer_end, *ptr;
1202        unsigned int lba, lbact;
1203
1204        if (!info->capacity)
1205                return -1;
1206
1207        /*
1208         * size of a block is 1 << (blockshift + pageshift) bytes
1209         * divide into the total capacity to get the number of blocks
1210         */
1211
1212        numblocks = info->capacity >> (info->blockshift + info->pageshift);
1213
1214        /*
1215         * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1216         * but only use a 64 KB buffer
1217         * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1218         */
1219#define SDDR09_READ_MAP_BUFSZ 65536
1220
1221        alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1222        alloc_len = (alloc_blocks << CONTROL_SHIFT);
1223        buffer = kmalloc(alloc_len, GFP_NOIO);
1224        if (!buffer) {
1225                result = -1;
1226                goto done;
1227        }
1228        buffer_end = buffer + alloc_len;
1229
1230#undef SDDR09_READ_MAP_BUFSZ
1231
1232        kfree(info->lba_to_pba);
1233        kfree(info->pba_to_lba);
1234        info->lba_to_pba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1235        info->pba_to_lba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1236
1237        if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1238                printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1239                result = -1;
1240                goto done;
1241        }
1242
1243        for (i = 0; i < numblocks; i++)
1244                info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1245
1246        /*
1247         * Define lba-pba translation table
1248         */
1249
1250        ptr = buffer_end;
1251        for (i = 0; i < numblocks; i++) {
1252                ptr += (1 << CONTROL_SHIFT);
1253                if (ptr >= buffer_end) {
1254                        unsigned long address;
1255
1256                        address = i << (info->pageshift + info->blockshift);
1257                        result = sddr09_read_control(
1258                                us, address>>1,
1259                                min(alloc_blocks, numblocks - i),
1260                                buffer, 0);
1261                        if (result) {
1262                                result = -1;
1263                                goto done;
1264                        }
1265                        ptr = buffer;
1266                }
1267
1268                if (i == 0 || i == 1) {
1269                        info->pba_to_lba[i] = UNUSABLE;
1270                        continue;
1271                }
1272
1273                /* special PBAs have control field 0^16 */
1274                for (j = 0; j < 16; j++)
1275                        if (ptr[j] != 0)
1276                                goto nonz;
1277                info->pba_to_lba[i] = UNUSABLE;
1278                printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1279                       i);
1280                continue;
1281
1282        nonz:
1283                /* unwritten PBAs have control field FF^16 */
1284                for (j = 0; j < 16; j++)
1285                        if (ptr[j] != 0xff)
1286                                goto nonff;
1287                continue;
1288
1289        nonff:
1290                /* normal PBAs start with six FFs */
1291                if (j < 6) {
1292                        printk(KERN_WARNING
1293                               "sddr09: PBA %d has no logical mapping: "
1294                               "reserved area = %02X%02X%02X%02X "
1295                               "data status %02X block status %02X\n",
1296                               i, ptr[0], ptr[1], ptr[2], ptr[3],
1297                               ptr[4], ptr[5]);
1298                        info->pba_to_lba[i] = UNUSABLE;
1299                        continue;
1300                }
1301
1302                if ((ptr[6] >> 4) != 0x01) {
1303                        printk(KERN_WARNING
1304                               "sddr09: PBA %d has invalid address field "
1305                               "%02X%02X/%02X%02X\n",
1306                               i, ptr[6], ptr[7], ptr[11], ptr[12]);
1307                        info->pba_to_lba[i] = UNUSABLE;
1308                        continue;
1309                }
1310
1311                /* check even parity */
1312                if (parity[ptr[6] ^ ptr[7]]) {
1313                        printk(KERN_WARNING
1314                               "sddr09: Bad parity in LBA for block %d"
1315                               " (%02X %02X)\n", i, ptr[6], ptr[7]);
1316                        info->pba_to_lba[i] = UNUSABLE;
1317                        continue;
1318                }
1319
1320                lba = short_pack(ptr[7], ptr[6]);
1321                lba = (lba & 0x07FF) >> 1;
1322
1323                /*
1324                 * Every 1024 physical blocks ("zone"), the LBA numbers
1325                 * go back to zero, but are within a higher block of LBA's.
1326                 * Also, there is a maximum of 1000 LBA's per zone.
1327                 * In other words, in PBA 1024-2047 you will find LBA 0-999
1328                 * which are really LBA 1000-1999. This allows for 24 bad
1329                 * or special physical blocks per zone.
1330                 */
1331
1332                if (lba >= 1000) {
1333                        printk(KERN_WARNING
1334                               "sddr09: Bad low LBA %d for block %d\n",
1335                               lba, i);
1336                        goto possibly_erase;
1337                }
1338
1339                lba += 1000*(i/0x400);
1340
1341                if (info->lba_to_pba[lba] != UNDEF) {
1342                        printk(KERN_WARNING
1343                               "sddr09: LBA %d seen for PBA %d and %d\n",
1344                               lba, info->lba_to_pba[lba], i);
1345                        goto possibly_erase;
1346                }
1347
1348                info->pba_to_lba[i] = lba;
1349                info->lba_to_pba[lba] = i;
1350                continue;
1351
1352        possibly_erase:
1353                if (erase_bad_lba_entries) {
1354                        unsigned long address;
1355
1356                        address = (i << (info->pageshift + info->blockshift));
1357                        sddr09_erase(us, address>>1);
1358                        info->pba_to_lba[i] = UNDEF;
1359                } else
1360                        info->pba_to_lba[i] = UNUSABLE;
1361        }
1362
1363        /*
1364         * Approximate capacity. This is not entirely correct yet,
1365         * since a zone with less than 1000 usable pages leads to
1366         * missing LBAs. Especially if it is the last zone, some
1367         * LBAs can be past capacity.
1368         */
1369        lbact = 0;
1370        for (i = 0; i < numblocks; i += 1024) {
1371                int ct = 0;
1372
1373                for (j = 0; j < 1024 && i+j < numblocks; j++) {
1374                        if (info->pba_to_lba[i+j] != UNUSABLE) {
1375                                if (ct >= 1000)
1376                                        info->pba_to_lba[i+j] = SPARE;
1377                                else
1378                                        ct++;
1379                        }
1380                }
1381                lbact += ct;
1382        }
1383        info->lbact = lbact;
1384        usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1385        result = 0;
1386
1387 done:
1388        if (result != 0) {
1389                kfree(info->lba_to_pba);
1390                kfree(info->pba_to_lba);
1391                info->lba_to_pba = NULL;
1392                info->pba_to_lba = NULL;
1393        }
1394        kfree(buffer);
1395        return result;
1396}
1397
1398static void
1399sddr09_card_info_destructor(void *extra) {
1400        struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1401
1402        if (!info)
1403                return;
1404
1405        kfree(info->lba_to_pba);
1406        kfree(info->pba_to_lba);
1407}
1408
1409static int
1410sddr09_common_init(struct us_data *us) {
1411        int result;
1412
1413        /* set the configuration -- STALL is an acceptable response here */
1414        if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1415                usb_stor_dbg(us, "active config #%d != 1 ??\n",
1416                             us->pusb_dev->actconfig->desc.bConfigurationValue);
1417                return -EINVAL;
1418        }
1419
1420        result = usb_reset_configuration(us->pusb_dev);
1421        usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1422        if (result == -EPIPE) {
1423                usb_stor_dbg(us, "-- stall on control interface\n");
1424        } else if (result != 0) {
1425                /* it's not a stall, but another error -- time to bail */
1426                usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1427                return -EINVAL;
1428        }
1429
1430        us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1431        if (!us->extra)
1432                return -ENOMEM;
1433        us->extra_destructor = sddr09_card_info_destructor;
1434
1435        nand_init_ecc();
1436        return 0;
1437}
1438
1439
1440/*
1441 * This is needed at a very early stage. If this is not listed in the
1442 * unusual devices list but called from here then LUN 0 of the combo reader
1443 * is not recognized. But I do not know what precisely these calls do.
1444 */
1445static int
1446usb_stor_sddr09_dpcm_init(struct us_data *us) {
1447        int result;
1448        unsigned char *data = us->iobuf;
1449
1450        result = sddr09_common_init(us);
1451        if (result)
1452                return result;
1453
1454        result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1455        if (result) {
1456                usb_stor_dbg(us, "send_command fails\n");
1457                return result;
1458        }
1459
1460        usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1461        // get 07 02
1462
1463        result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1464        if (result) {
1465                usb_stor_dbg(us, "2nd send_command fails\n");
1466                return result;
1467        }
1468
1469        usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1470        // get 07 00
1471
1472        result = sddr09_request_sense(us, data, 18);
1473        if (result == 0 && data[2] != 0) {
1474                int j;
1475                for (j=0; j<18; j++)
1476                        printk(" %02X", data[j]);
1477                printk("\n");
1478                // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1479                // 70: current command
1480                // sense key 0, sense code 0, extd sense code 0
1481                // additional transfer length * = sizeof(data) - 7
1482                // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1483                // sense key 06, sense code 28: unit attention,
1484                // not ready to ready transition
1485        }
1486
1487        // test unit ready
1488
1489        return 0;               /* not result */
1490}
1491
1492/*
1493 * Transport for the Microtech DPCM-USB
1494 */
1495static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1496{
1497        int ret;
1498
1499        usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1500
1501        switch (srb->device->lun) {
1502        case 0:
1503
1504                /*
1505                 * LUN 0 corresponds to the CompactFlash card reader.
1506                 */
1507                ret = usb_stor_CB_transport(srb, us);
1508                break;
1509
1510        case 1:
1511
1512                /*
1513                 * LUN 1 corresponds to the SmartMedia card reader.
1514                 */
1515
1516                /*
1517                 * Set the LUN to 0 (just in case).
1518                 */
1519                srb->device->lun = 0;
1520                ret = sddr09_transport(srb, us);
1521                srb->device->lun = 1;
1522                break;
1523
1524        default:
1525            usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1526                ret = USB_STOR_TRANSPORT_ERROR;
1527                break;
1528        }
1529        return ret;
1530}
1531
1532
1533/*
1534 * Transport for the Sandisk SDDR-09
1535 */
1536static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1537{
1538        static unsigned char sensekey = 0, sensecode = 0;
1539        static unsigned char havefakesense = 0;
1540        int result, i;
1541        unsigned char *ptr = us->iobuf;
1542        unsigned long capacity;
1543        unsigned int page, pages;
1544
1545        struct sddr09_card_info *info;
1546
1547        static unsigned char inquiry_response[8] = {
1548                0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1549        };
1550
1551        /* note: no block descriptor support */
1552        static unsigned char mode_page_01[19] = {
1553                0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1554                0x01, 0x0A,
1555                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1556        };
1557
1558        info = (struct sddr09_card_info *)us->extra;
1559
1560        if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1561                /* for a faked command, we have to follow with a faked sense */
1562                memset(ptr, 0, 18);
1563                ptr[0] = 0x70;
1564                ptr[2] = sensekey;
1565                ptr[7] = 11;
1566                ptr[12] = sensecode;
1567                usb_stor_set_xfer_buf(ptr, 18, srb);
1568                sensekey = sensecode = havefakesense = 0;
1569                return USB_STOR_TRANSPORT_GOOD;
1570        }
1571
1572        havefakesense = 1;
1573
1574        /*
1575         * Dummy up a response for INQUIRY since SDDR09 doesn't
1576         * respond to INQUIRY commands
1577         */
1578
1579        if (srb->cmnd[0] == INQUIRY) {
1580                memcpy(ptr, inquiry_response, 8);
1581                fill_inquiry_response(us, ptr, 36);
1582                return USB_STOR_TRANSPORT_GOOD;
1583        }
1584
1585        if (srb->cmnd[0] == READ_CAPACITY) {
1586                struct nand_flash_dev *cardinfo;
1587
1588                sddr09_get_wp(us, info);        /* read WP bit */
1589
1590                cardinfo = sddr09_get_cardinfo(us, info->flags);
1591                if (!cardinfo) {
1592                        /* probably no media */
1593                init_error:
1594                        sensekey = 0x02;        /* not ready */
1595                        sensecode = 0x3a;       /* medium not present */
1596                        return USB_STOR_TRANSPORT_FAILED;
1597                }
1598
1599                info->capacity = (1 << cardinfo->chipshift);
1600                info->pageshift = cardinfo->pageshift;
1601                info->pagesize = (1 << info->pageshift);
1602                info->blockshift = cardinfo->blockshift;
1603                info->blocksize = (1 << info->blockshift);
1604                info->blockmask = info->blocksize - 1;
1605
1606                // map initialization, must follow get_cardinfo()
1607                if (sddr09_read_map(us)) {
1608                        /* probably out of memory */
1609                        goto init_error;
1610                }
1611
1612                // Report capacity
1613
1614                capacity = (info->lbact << info->blockshift) - 1;
1615
1616                ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1617
1618                // Report page size
1619
1620                ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1621                usb_stor_set_xfer_buf(ptr, 8, srb);
1622
1623                return USB_STOR_TRANSPORT_GOOD;
1624        }
1625
1626        if (srb->cmnd[0] == MODE_SENSE_10) {
1627                int modepage = (srb->cmnd[2] & 0x3F);
1628
1629                /*
1630                 * They ask for the Read/Write error recovery page,
1631                 * or for all pages.
1632                 */
1633                /* %% We should check DBD %% */
1634                if (modepage == 0x01 || modepage == 0x3F) {
1635                        usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1636                                     modepage);
1637
1638                        memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1639                        ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1640                        ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1641                        usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1642                        return USB_STOR_TRANSPORT_GOOD;
1643                }
1644
1645                sensekey = 0x05;        /* illegal request */
1646                sensecode = 0x24;       /* invalid field in CDB */
1647                return USB_STOR_TRANSPORT_FAILED;
1648        }
1649
1650        if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1651                return USB_STOR_TRANSPORT_GOOD;
1652
1653        havefakesense = 0;
1654
1655        if (srb->cmnd[0] == READ_10) {
1656
1657                page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1658                page <<= 16;
1659                page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1660                pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1661
1662                usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1663                             page, pages);
1664
1665                result = sddr09_read_data(us, page, pages);
1666                return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1667                                USB_STOR_TRANSPORT_ERROR);
1668        }
1669
1670        if (srb->cmnd[0] == WRITE_10) {
1671
1672                page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1673                page <<= 16;
1674                page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1675                pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1676
1677                usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1678                             page, pages);
1679
1680                result = sddr09_write_data(us, page, pages);
1681                return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1682                                USB_STOR_TRANSPORT_ERROR);
1683        }
1684
1685        /*
1686         * catch-all for all other commands, except
1687         * pass TEST_UNIT_READY and REQUEST_SENSE through
1688         */
1689        if (srb->cmnd[0] != TEST_UNIT_READY &&
1690            srb->cmnd[0] != REQUEST_SENSE) {
1691                sensekey = 0x05;        /* illegal request */
1692                sensecode = 0x20;       /* invalid command */
1693                havefakesense = 1;
1694                return USB_STOR_TRANSPORT_FAILED;
1695        }
1696
1697        for (; srb->cmd_len<12; srb->cmd_len++)
1698                srb->cmnd[srb->cmd_len] = 0;
1699
1700        srb->cmnd[1] = LUNBITS;
1701
1702        ptr[0] = 0;
1703        for (i=0; i<12; i++)
1704                sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1705
1706        usb_stor_dbg(us, "Send control for command %s\n", ptr);
1707
1708        result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1709        if (result) {
1710                usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1711                             result);
1712                return USB_STOR_TRANSPORT_ERROR;
1713        }
1714
1715        if (scsi_bufflen(srb) == 0)
1716                return USB_STOR_TRANSPORT_GOOD;
1717
1718        if (srb->sc_data_direction == DMA_TO_DEVICE ||
1719            srb->sc_data_direction == DMA_FROM_DEVICE) {
1720                unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1721                                ? us->send_bulk_pipe : us->recv_bulk_pipe;
1722
1723                usb_stor_dbg(us, "%s %d bytes\n",
1724                             (srb->sc_data_direction == DMA_TO_DEVICE) ?
1725                             "sending" : "receiving",
1726                             scsi_bufflen(srb));
1727
1728                result = usb_stor_bulk_srb(us, pipe, srb);
1729
1730                return (result == USB_STOR_XFER_GOOD ?
1731                        USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1732        } 
1733
1734        return USB_STOR_TRANSPORT_GOOD;
1735}
1736
1737/*
1738 * Initialization routine for the sddr09 subdriver
1739 */
1740static int
1741usb_stor_sddr09_init(struct us_data *us) {
1742        return sddr09_common_init(us);
1743}
1744
1745static struct scsi_host_template sddr09_host_template;
1746
1747static int sddr09_probe(struct usb_interface *intf,
1748                         const struct usb_device_id *id)
1749{
1750        struct us_data *us;
1751        int result;
1752
1753        result = usb_stor_probe1(&us, intf, id,
1754                        (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1755                        &sddr09_host_template);
1756        if (result)
1757                return result;
1758
1759        if (us->protocol == USB_PR_DPCM_USB) {
1760                us->transport_name = "Control/Bulk-EUSB/SDDR09";
1761                us->transport = dpcm_transport;
1762                us->transport_reset = usb_stor_CB_reset;
1763                us->max_lun = 1;
1764        } else {
1765                us->transport_name = "EUSB/SDDR09";
1766                us->transport = sddr09_transport;
1767                us->transport_reset = usb_stor_CB_reset;
1768                us->max_lun = 0;
1769        }
1770
1771        result = usb_stor_probe2(us);
1772        return result;
1773}
1774
1775static struct usb_driver sddr09_driver = {
1776        .name =         DRV_NAME,
1777        .probe =        sddr09_probe,
1778        .disconnect =   usb_stor_disconnect,
1779        .suspend =      usb_stor_suspend,
1780        .resume =       usb_stor_resume,
1781        .reset_resume = usb_stor_reset_resume,
1782        .pre_reset =    usb_stor_pre_reset,
1783        .post_reset =   usb_stor_post_reset,
1784        .id_table =     sddr09_usb_ids,
1785        .soft_unbind =  1,
1786        .no_dynamic_id = 1,
1787};
1788
1789module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);
1790