usb/storage/sddr09.c

0001 // SPDX-License-Identifier: GPL-2.0+
0002 /*
0003  * Driver for SanDisk SDDR-09 SmartMedia reader
0004  *
0005  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
0006  *   (c) 2002 Andries Brouwer (aeb@cwi.nl)
0007  * Developed with the assistance of:
0008  *   (c) 2002 Alan Stern <stern@rowland.org>
0009  *
0010  * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
0011  * This chip is a programmable USB controller. In the SDDR-09, it has
0012  * been programmed to obey a certain limited set of SCSI commands.
0013  * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
0014  * commands.
0015  */
0016
0017 /*
0018  * Known vendor commands: 12 bytes, first byte is opcode
0019  *
0020  * E7: read scatter gather
0021  * E8: read
0022  * E9: write
0023  * EA: erase
0024  * EB: reset
0025  * EC: read status
0026  * ED: read ID
0027  * EE: write CIS (?)
0028  * EF: compute checksum (?)
0029  */
0030
0031 #include <linux/errno.h>
0032 #include <linux/module.h>
0033 #include <linux/slab.h>
0034
0035 #include <scsi/scsi.h>
0036 #include <scsi/scsi_cmnd.h>
0037 #include <scsi/scsi_device.h>
0038
0039 #include "usb.h"
0040 #include "transport.h"
0041 #include "protocol.h"
0042 #include "debug.h"
0043 #include "scsiglue.h"
0044
0045 #define DRV_NAME "ums-sddr09"
0046
0047 MODULE_DESCRIPTION("Driver for SanDisk SDDR-09 SmartMedia reader");
0048 MODULE_AUTHOR("Andries Brouwer <aeb@cwi.nl>, Robert Baruch <autophile@starband.net>");
0049 MODULE_LICENSE("GPL");
0050 MODULE_IMPORT_NS(USB_STORAGE);
0051
0052 static int usb_stor_sddr09_dpcm_init(struct us_data *us);
0053 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us);
0054 static int usb_stor_sddr09_init(struct us_data *us);
0055
0056
0057 /*
0058  * The table of devices
0059  */
0060 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
0061             vendorName, productName, useProtocol, useTransport, \
0062             initFunction, flags) \
0063 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
0064   .driver_info = (flags) }
0065
0066 static struct usb_device_id sddr09_usb_ids[] = {
0067 #   include "unusual_sddr09.h"
0068     { }     /* Terminating entry */
0069 };
0070 MODULE_DEVICE_TABLE(usb, sddr09_usb_ids);
0071
0072 #undef UNUSUAL_DEV
0073
0074 /*
0075  * The flags table
0076  */
0077 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
0078             vendor_name, product_name, use_protocol, use_transport, \
0079             init_function, Flags) \
0080 { \
0081     .vendorName = vendor_name,  \
0082     .productName = product_name,    \
0083     .useProtocol = use_protocol,    \
0084     .useTransport = use_transport,  \
0085     .initFunction = init_function,  \
0086 }
0087
0088 static struct us_unusual_dev sddr09_unusual_dev_list[] = {
0089 #   include "unusual_sddr09.h"
0090     { }     /* Terminating entry */
0091 };
0092
0093 #undef UNUSUAL_DEV
0094
0095
0096 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
0097 #define LSB_of(s) ((s)&0xFF)
0098 #define MSB_of(s) ((s)>>8)
0099
0100 /*
0101  * First some stuff that does not belong here:
0102  * data on SmartMedia and other cards, completely
0103  * unrelated to this driver.
0104  * Similar stuff occurs in <linux/mtd/nand_ids.h>.
0105  */
0106
0107 struct nand_flash_dev {
0108     int model_id;
0109     int chipshift;      /* 1<<cs bytes total capacity */
0110     char pageshift;     /* 1<<ps bytes in a page */
0111     char blockshift;    /* 1<<bs pages in an erase block */
0112     char zoneshift;     /* 1<<zs blocks in a zone */
0113                 /* # of logical blocks is 125/128 of this */
0114     char pageadrlen;    /* length of an address in bytes - 1 */
0115 };
0116
0117 /*
0118  * NAND Flash Manufacturer ID Codes
0119  */
0120 #define NAND_MFR_AMD        0x01
0121 #define NAND_MFR_NATSEMI    0x8f
0122 #define NAND_MFR_TOSHIBA    0x98
0123 #define NAND_MFR_SAMSUNG    0xec
0124
0125 static inline char *nand_flash_manufacturer(int manuf_id) {
0126     switch(manuf_id) {
0127     case NAND_MFR_AMD:
0128         return "AMD";
0129     case NAND_MFR_NATSEMI:
0130         return "NATSEMI";
0131     case NAND_MFR_TOSHIBA:
0132         return "Toshiba";
0133     case NAND_MFR_SAMSUNG:
0134         return "Samsung";
0135     default:
0136         return "unknown";
0137     }
0138 }
0139
0140 /*
0141  * It looks like it is unnecessary to attach manufacturer to the
0142  * remaining data: SSFDC prescribes manufacturer-independent id codes.
0143  *
0144  * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
0145  */
0146
0147 static struct nand_flash_dev nand_flash_ids[] = {
0148     /* NAND flash */
0149     { 0x6e, 20, 8, 4, 8, 2},    /* 1 MB */
0150     { 0xe8, 20, 8, 4, 8, 2},    /* 1 MB */
0151     { 0xec, 20, 8, 4, 8, 2},    /* 1 MB */
0152     { 0x64, 21, 8, 4, 9, 2},    /* 2 MB */
0153     { 0xea, 21, 8, 4, 9, 2},    /* 2 MB */
0154     { 0x6b, 22, 9, 4, 9, 2},    /* 4 MB */
0155     { 0xe3, 22, 9, 4, 9, 2},    /* 4 MB */
0156     { 0xe5, 22, 9, 4, 9, 2},    /* 4 MB */
0157     { 0xe6, 23, 9, 4, 10, 2},   /* 8 MB */
0158     { 0x73, 24, 9, 5, 10, 2},   /* 16 MB */
0159     { 0x75, 25, 9, 5, 10, 2},   /* 32 MB */
0160     { 0x76, 26, 9, 5, 10, 3},   /* 64 MB */
0161     { 0x79, 27, 9, 5, 10, 3},   /* 128 MB */
0162
0163     /* MASK ROM */
0164     { 0x5d, 21, 9, 4, 8, 2},    /* 2 MB */
0165     { 0xd5, 22, 9, 4, 9, 2},    /* 4 MB */
0166     { 0xd6, 23, 9, 4, 10, 2},   /* 8 MB */
0167     { 0x57, 24, 9, 4, 11, 2},   /* 16 MB */
0168     { 0x58, 25, 9, 4, 12, 2},   /* 32 MB */
0169     { 0,}
0170 };
0171
0172 static struct nand_flash_dev *
0173 nand_find_id(unsigned char id) {
0174     int i;
0175
0176     for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
0177         if (nand_flash_ids[i].model_id == id)
0178             return &(nand_flash_ids[i]);
0179     return NULL;
0180 }
0181
0182 /*
0183  * ECC computation.
0184  */
0185 static unsigned char parity[256];
0186 static unsigned char ecc2[256];
0187
0188 static void nand_init_ecc(void) {
0189     int i, j, a;
0190
0191     parity[0] = 0;
0192     for (i = 1; i < 256; i++)
0193         parity[i] = (parity[i&(i-1)] ^ 1);
0194
0195     for (i = 0; i < 256; i++) {
0196         a = 0;
0197         for (j = 0; j < 8; j++) {
0198             if (i & (1<<j)) {
0199                 if ((j & 1) == 0)
0200                     a ^= 0x04;
0201                 if ((j & 2) == 0)
0202                     a ^= 0x10;
0203                 if ((j & 4) == 0)
0204                     a ^= 0x40;
0205             }
0206         }
0207         ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
0208     }
0209 }
0210
0211 /* compute 3-byte ecc on 256 bytes */
0212 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
0213     int i, j, a;
0214     unsigned char par = 0, bit, bits[8] = {0};
0215
0216     /* collect 16 checksum bits */
0217     for (i = 0; i < 256; i++) {
0218         par ^= data[i];
0219         bit = parity[data[i]];
0220         for (j = 0; j < 8; j++)
0221             if ((i & (1<<j)) == 0)
0222                 bits[j] ^= bit;
0223     }
0224
0225     /* put 4+4+4 = 12 bits in the ecc */
0226     a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
0227     ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
0228
0229     a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
0230     ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
0231
0232     ecc[2] = ecc2[par];
0233 }
0234
0235 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
0236     return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
0237 }
0238
0239 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
0240     memcpy(data, ecc, 3);
0241 }
0242
0243 /*
0244  * The actual driver starts here.
0245  */
0246
0247 struct sddr09_card_info {
0248     unsigned long   capacity;   /* Size of card in bytes */
0249     int     pagesize;   /* Size of page in bytes */
0250     int     pageshift;  /* log2 of pagesize */
0251     int     blocksize;  /* Size of block in pages */
0252     int     blockshift; /* log2 of blocksize */
0253     int     blockmask;  /* 2^blockshift - 1 */
0254     int     *lba_to_pba;    /* logical to physical map */
0255     int     *pba_to_lba;    /* physical to logical map */
0256     int     lbact;      /* number of available pages */
0257     int     flags;
0258 #define SDDR09_WP   1       /* write protected */
0259 };
0260
0261 /*
0262  * On my 16MB card, control blocks have size 64 (16 real control bytes,
0263  * and 48 junk bytes). In reality of course the card uses 16 control bytes,
0264  * so the reader makes up the remaining 48. Don't know whether these numbers
0265  * depend on the card. For now a constant.
0266  */
0267 #define CONTROL_SHIFT 6
0268
0269 /*
0270  * On my Combo CF/SM reader, the SM reader has LUN 1.
0271  * (and things fail with LUN 0).
0272  * It seems LUN is irrelevant for others.
0273  */
0274 #define LUN 1
0275 #define LUNBITS (LUN << 5)
0276
0277 /*
0278  * LBA and PBA are unsigned ints. Special values.
0279  */
0280 #define UNDEF    0xffffffff
0281 #define SPARE    0xfffffffe
0282 #define UNUSABLE 0xfffffffd
0283
0284 static const int erase_bad_lba_entries = 0;
0285
0286 /* send vendor interface command (0x41) */
0287 /* called for requests 0, 1, 8 */
0288 static int
0289 sddr09_send_command(struct us_data *us,
0290             unsigned char request,
0291             unsigned char direction,
0292             unsigned char *xfer_data,
0293             unsigned int xfer_len) {
0294     unsigned int pipe;
0295     unsigned char requesttype = (0x41 | direction);
0296     int rc;
0297
0298     // Get the receive or send control pipe number
0299
0300     if (direction == USB_DIR_IN)
0301         pipe = us->recv_ctrl_pipe;
0302     else
0303         pipe = us->send_ctrl_pipe;
0304
0305     rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
0306                    0, 0, xfer_data, xfer_len);
0307     switch (rc) {
0308         case USB_STOR_XFER_GOOD:    return 0;
0309         case USB_STOR_XFER_STALLED: return -EPIPE;
0310         default:            return -EIO;
0311     }
0312 }
0313
0314 static int
0315 sddr09_send_scsi_command(struct us_data *us,
0316              unsigned char *command,
0317              unsigned int command_len) {
0318     return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
0319 }
0320
0321 #if 0
0322 /*
0323  * Test Unit Ready Command: 12 bytes.
0324  * byte 0: opcode: 00
0325  */
0326 static int
0327 sddr09_test_unit_ready(struct us_data *us) {
0328     unsigned char *command = us->iobuf;
0329     int result;
0330
0331     memset(command, 0, 6);
0332     command[1] = LUNBITS;
0333
0334     result = sddr09_send_scsi_command(us, command, 6);
0335
0336     usb_stor_dbg(us, "sddr09_test_unit_ready returns %d\n", result);
0337
0338     return result;
0339 }
0340 #endif
0341
0342 /*
0343  * Request Sense Command: 12 bytes.
0344  * byte 0: opcode: 03
0345  * byte 4: data length
0346  */
0347 static int
0348 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
0349     unsigned char *command = us->iobuf;
0350     int result;
0351
0352     memset(command, 0, 12);
0353     command[0] = 0x03;
0354     command[1] = LUNBITS;
0355     command[4] = buflen;
0356
0357     result = sddr09_send_scsi_command(us, command, 12);
0358     if (result)
0359         return result;
0360
0361     result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
0362             sensebuf, buflen, NULL);
0363     return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
0364 }
0365
0366 /*
0367  * Read Command: 12 bytes.
0368  * byte 0: opcode: E8
0369  * byte 1: last two bits: 00: read data, 01: read blockwise control,
0370  *          10: read both, 11: read pagewise control.
0371  *   It turns out we need values 20, 21, 22, 23 here (LUN 1).
0372  * bytes 2-5: address (interpretation depends on byte 1, see below)
0373  * bytes 10-11: count (idem)
0374  *
0375  * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
0376  * A read data command gets data in 512-byte pages.
0377  * A read control command gets control in 64-byte chunks.
0378  * A read both command gets data+control in 576-byte chunks.
0379  *
0380  * Blocks are groups of 32 pages, and read blockwise control jumps to the
0381  * next block, while read pagewise control jumps to the next page after
0382  * reading a group of 64 control bytes.
0383  * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
0384  *
0385  * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
0386  */
0387
0388 static int
0389 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
0390          int nr_of_pages, int bulklen, unsigned char *buf,
0391          int use_sg) {
0392
0393     unsigned char *command = us->iobuf;
0394     int result;
0395
0396     command[0] = 0xE8;
0397     command[1] = LUNBITS | x;
0398     command[2] = MSB_of(fromaddress>>16);
0399     command[3] = LSB_of(fromaddress>>16);
0400     command[4] = MSB_of(fromaddress & 0xFFFF);
0401     command[5] = LSB_of(fromaddress & 0xFFFF);
0402     command[6] = 0;
0403     command[7] = 0;
0404     command[8] = 0;
0405     command[9] = 0;
0406     command[10] = MSB_of(nr_of_pages);
0407     command[11] = LSB_of(nr_of_pages);
0408
0409     result = sddr09_send_scsi_command(us, command, 12);
0410
0411     if (result) {
0412         usb_stor_dbg(us, "Result for send_control in sddr09_read2%d %d\n",
0413                  x, result);
0414         return result;
0415     }
0416
0417     result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
0418                        buf, bulklen, use_sg, NULL);
0419
0420     if (result != USB_STOR_XFER_GOOD) {
0421         usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read2%d %d\n",
0422                  x, result);
0423         return -EIO;
0424     }
0425     return 0;
0426 }
0427
0428 /*
0429  * Read Data
0430  *
0431  * fromaddress counts data shorts:
0432  * increasing it by 256 shifts the bytestream by 512 bytes;
0433  * the last 8 bits are ignored.
0434  *
0435  * nr_of_pages counts pages of size (1 << pageshift).
0436  */
0437 static int
0438 sddr09_read20(struct us_data *us, unsigned long fromaddress,
0439           int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
0440     int bulklen = nr_of_pages << pageshift;
0441
0442     /* The last 8 bits of fromaddress are ignored. */
0443     return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
0444                 buf, use_sg);
0445 }
0446
0447 /*
0448  * Read Blockwise Control
0449  *
0450  * fromaddress gives the starting position (as in read data;
0451  * the last 8 bits are ignored); increasing it by 32*256 shifts
0452  * the output stream by 64 bytes.
0453  *
0454  * count counts control groups of size (1 << controlshift).
0455  * For me, controlshift = 6. Is this constant?
0456  *
0457  * After getting one control group, jump to the next block
0458  * (fromaddress += 8192).
0459  */
0460 static int
0461 sddr09_read21(struct us_data *us, unsigned long fromaddress,
0462           int count, int controlshift, unsigned char *buf, int use_sg) {
0463
0464     int bulklen = (count << controlshift);
0465     return sddr09_readX(us, 1, fromaddress, count, bulklen,
0466                 buf, use_sg);
0467 }
0468
0469 /*
0470  * Read both Data and Control
0471  *
0472  * fromaddress counts data shorts, ignoring control:
0473  * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
0474  * the last 8 bits are ignored.
0475  *
0476  * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
0477  */
0478 static int
0479 sddr09_read22(struct us_data *us, unsigned long fromaddress,
0480           int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
0481
0482     int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
0483     usb_stor_dbg(us, "reading %d pages, %d bytes\n", nr_of_pages, bulklen);
0484     return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
0485                 buf, use_sg);
0486 }
0487
0488 #if 0
0489 /*
0490  * Read Pagewise Control
0491  *
0492  * fromaddress gives the starting position (as in read data;
0493  * the last 8 bits are ignored); increasing it by 256 shifts
0494  * the output stream by 64 bytes.
0495  *
0496  * count counts control groups of size (1 << controlshift).
0497  * For me, controlshift = 6. Is this constant?
0498  *
0499  * After getting one control group, jump to the next page
0500  * (fromaddress += 256).
0501  */
0502 static int
0503 sddr09_read23(struct us_data *us, unsigned long fromaddress,
0504           int count, int controlshift, unsigned char *buf, int use_sg) {
0505
0506     int bulklen = (count << controlshift);
0507     return sddr09_readX(us, 3, fromaddress, count, bulklen,
0508                 buf, use_sg);
0509 }
0510 #endif
0511
0512 /*
0513  * Erase Command: 12 bytes.
0514  * byte 0: opcode: EA
0515  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
0516  *
0517  * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
0518  * The byte address being erased is 2*Eaddress.
0519  * The CIS cannot be erased.
0520  */
0521 static int
0522 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
0523     unsigned char *command = us->iobuf;
0524     int result;
0525
0526     usb_stor_dbg(us, "erase address %lu\n", Eaddress);
0527
0528     memset(command, 0, 12);
0529     command[0] = 0xEA;
0530     command[1] = LUNBITS;
0531     command[6] = MSB_of(Eaddress>>16);
0532     command[7] = LSB_of(Eaddress>>16);
0533     command[8] = MSB_of(Eaddress & 0xFFFF);
0534     command[9] = LSB_of(Eaddress & 0xFFFF);
0535
0536     result = sddr09_send_scsi_command(us, command, 12);
0537
0538     if (result)
0539         usb_stor_dbg(us, "Result for send_control in sddr09_erase %d\n",
0540                  result);
0541
0542     return result;
0543 }
0544
0545 /*
0546  * Write CIS Command: 12 bytes.
0547  * byte 0: opcode: EE
0548  * bytes 2-5: write address in shorts
0549  * bytes 10-11: sector count
0550  *
0551  * This writes at the indicated address. Don't know how it differs
0552  * from E9. Maybe it does not erase? However, it will also write to
0553  * the CIS.
0554  *
0555  * When two such commands on the same page follow each other directly,
0556  * the second one is not done.
0557  */
0558
0559 /*
0560  * Write Command: 12 bytes.
0561  * byte 0: opcode: E9
0562  * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
0563  * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
0564  * bytes 10-11: sector count (big-endian, in 512-byte sectors).
0565  *
0566  * If write address equals erase address, the erase is done first,
0567  * otherwise the write is done first. When erase address equals zero
0568  * no erase is done?
0569  */
0570 static int
0571 sddr09_writeX(struct us_data *us,
0572           unsigned long Waddress, unsigned long Eaddress,
0573           int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
0574
0575     unsigned char *command = us->iobuf;
0576     int result;
0577
0578     command[0] = 0xE9;
0579     command[1] = LUNBITS;
0580
0581     command[2] = MSB_of(Waddress>>16);
0582     command[3] = LSB_of(Waddress>>16);
0583     command[4] = MSB_of(Waddress & 0xFFFF);
0584     command[5] = LSB_of(Waddress & 0xFFFF);
0585
0586     command[6] = MSB_of(Eaddress>>16);
0587     command[7] = LSB_of(Eaddress>>16);
0588     command[8] = MSB_of(Eaddress & 0xFFFF);
0589     command[9] = LSB_of(Eaddress & 0xFFFF);
0590
0591     command[10] = MSB_of(nr_of_pages);
0592     command[11] = LSB_of(nr_of_pages);
0593
0594     result = sddr09_send_scsi_command(us, command, 12);
0595
0596     if (result) {
0597         usb_stor_dbg(us, "Result for send_control in sddr09_writeX %d\n",
0598                  result);
0599         return result;
0600     }
0601
0602     result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
0603                        buf, bulklen, use_sg, NULL);
0604
0605     if (result != USB_STOR_XFER_GOOD) {
0606         usb_stor_dbg(us, "Result for bulk_transfer in sddr09_writeX %d\n",
0607                  result);
0608         return -EIO;
0609     }
0610     return 0;
0611 }
0612
0613 /* erase address, write same address */
0614 static int
0615 sddr09_write_inplace(struct us_data *us, unsigned long address,
0616              int nr_of_pages, int pageshift, unsigned char *buf,
0617              int use_sg) {
0618     int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
0619     return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
0620                  buf, use_sg);
0621 }
0622
0623 #if 0
0624 /*
0625  * Read Scatter Gather Command: 3+4n bytes.
0626  * byte 0: opcode E7
0627  * byte 2: n
0628  * bytes 4i-1,4i,4i+1: page address
0629  * byte 4i+2: page count
0630  * (i=1..n)
0631  *
0632  * This reads several pages from the card to a single memory buffer.
0633  * The last two bits of byte 1 have the same meaning as for E8.
0634  */
0635 static int
0636 sddr09_read_sg_test_only(struct us_data *us) {
0637     unsigned char *command = us->iobuf;
0638     int result, bulklen, nsg, ct;
0639     unsigned char *buf;
0640     unsigned long address;
0641
0642     nsg = bulklen = 0;
0643     command[0] = 0xE7;
0644     command[1] = LUNBITS;
0645     command[2] = 0;
0646     address = 040000; ct = 1;
0647     nsg++;
0648     bulklen += (ct << 9);
0649     command[4*nsg+2] = ct;
0650     command[4*nsg+1] = ((address >> 9) & 0xFF);
0651     command[4*nsg+0] = ((address >> 17) & 0xFF);
0652     command[4*nsg-1] = ((address >> 25) & 0xFF);
0653
0654     address = 0340000; ct = 1;
0655     nsg++;
0656     bulklen += (ct << 9);
0657     command[4*nsg+2] = ct;
0658     command[4*nsg+1] = ((address >> 9) & 0xFF);
0659     command[4*nsg+0] = ((address >> 17) & 0xFF);
0660     command[4*nsg-1] = ((address >> 25) & 0xFF);
0661
0662     address = 01000000; ct = 2;
0663     nsg++;
0664     bulklen += (ct << 9);
0665     command[4*nsg+2] = ct;
0666     command[4*nsg+1] = ((address >> 9) & 0xFF);
0667     command[4*nsg+0] = ((address >> 17) & 0xFF);
0668     command[4*nsg-1] = ((address >> 25) & 0xFF);
0669
0670     command[2] = nsg;
0671
0672     result = sddr09_send_scsi_command(us, command, 4*nsg+3);
0673
0674     if (result) {
0675         usb_stor_dbg(us, "Result for send_control in sddr09_read_sg %d\n",
0676                  result);
0677         return result;
0678     }
0679
0680     buf = kmalloc(bulklen, GFP_NOIO);
0681     if (!buf)
0682         return -ENOMEM;
0683
0684     result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
0685                        buf, bulklen, NULL);
0686     kfree(buf);
0687     if (result != USB_STOR_XFER_GOOD) {
0688         usb_stor_dbg(us, "Result for bulk_transfer in sddr09_read_sg %d\n",
0689                  result);
0690         return -EIO;
0691     }
0692
0693     return 0;
0694 }
0695 #endif
0696
0697 /*
0698  * Read Status Command: 12 bytes.
0699  * byte 0: opcode: EC
0700  *
0701  * Returns 64 bytes, all zero except for the first.
0702  * bit 0: 1: Error
0703  * bit 5: 1: Suspended
0704  * bit 6: 1: Ready
0705  * bit 7: 1: Not write-protected
0706  */
0707
0708 static int
0709 sddr09_read_status(struct us_data *us, unsigned char *status) {
0710
0711     unsigned char *command = us->iobuf;
0712     unsigned char *data = us->iobuf;
0713     int result;
0714
0715     usb_stor_dbg(us, "Reading status...\n");
0716
0717     memset(command, 0, 12);
0718     command[0] = 0xEC;
0719     command[1] = LUNBITS;
0720
0721     result = sddr09_send_scsi_command(us, command, 12);
0722     if (result)
0723         return result;
0724
0725     result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
0726                        data, 64, NULL);
0727     *status = data[0];
0728     return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
0729 }
0730
0731 static int
0732 sddr09_read_data(struct us_data *us,
0733          unsigned long address,
0734          unsigned int sectors) {
0735
0736     struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
0737     unsigned char *buffer;
0738     unsigned int lba, maxlba, pba;
0739     unsigned int page, pages;
0740     unsigned int len, offset;
0741     struct scatterlist *sg;
0742     int result;
0743
0744     // Figure out the initial LBA and page
0745     lba = address >> info->blockshift;
0746     page = (address & info->blockmask);
0747     maxlba = info->capacity >> (info->pageshift + info->blockshift);
0748     if (lba >= maxlba)
0749         return -EIO;
0750
0751     // Since we only read in one block at a time, we have to create
0752     // a bounce buffer and move the data a piece at a time between the
0753     // bounce buffer and the actual transfer buffer.
0754
0755     len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
0756     buffer = kmalloc(len, GFP_NOIO);
0757     if (!buffer)
0758         return -ENOMEM;
0759
0760     // This could be made much more efficient by checking for
0761     // contiguous LBA's. Another exercise left to the student.
0762
0763     result = 0;
0764     offset = 0;
0765     sg = NULL;
0766
0767     while (sectors > 0) {
0768
0769         /* Find number of pages we can read in this block */
0770         pages = min(sectors, info->blocksize - page);
0771         len = pages << info->pageshift;
0772
0773         /* Not overflowing capacity? */
0774         if (lba >= maxlba) {
0775             usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
0776                      lba, maxlba);
0777             result = -EIO;
0778             break;
0779         }
0780
0781         /* Find where this lba lives on disk */
0782         pba = info->lba_to_pba[lba];
0783
0784         if (pba == UNDEF) { /* this lba was never written */
0785
0786             usb_stor_dbg(us, "Read %d zero pages (LBA %d) page %d\n",
0787                      pages, lba, page);
0788
0789             /*
0790              * This is not really an error. It just means
0791              * that the block has never been written.
0792              * Instead of returning an error
0793              * it is better to return all zero data.
0794              */
0795
0796             memset(buffer, 0, len);
0797
0798         } else {
0799             usb_stor_dbg(us, "Read %d pages, from PBA %d (LBA %d) page %d\n",
0800                      pages, pba, lba, page);
0801
0802             address = ((pba << info->blockshift) + page) <<
0803                 info->pageshift;
0804
0805             result = sddr09_read20(us, address>>1,
0806                     pages, info->pageshift, buffer, 0);
0807             if (result)
0808                 break;
0809         }
0810
0811         // Store the data in the transfer buffer
0812         usb_stor_access_xfer_buf(buffer, len, us->srb,
0813                 &sg, &offset, TO_XFER_BUF);
0814
0815         page = 0;
0816         lba++;
0817         sectors -= pages;
0818     }
0819
0820     kfree(buffer);
0821     return result;
0822 }
0823
0824 static unsigned int
0825 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
0826     static unsigned int lastpba = 1;
0827     int zonestart, end, i;
0828
0829     zonestart = (lba/1000) << 10;
0830     end = info->capacity >> (info->blockshift + info->pageshift);
0831     end -= zonestart;
0832     if (end > 1024)
0833         end = 1024;
0834
0835     for (i = lastpba+1; i < end; i++) {
0836         if (info->pba_to_lba[zonestart+i] == UNDEF) {
0837             lastpba = i;
0838             return zonestart+i;
0839         }
0840     }
0841     for (i = 0; i <= lastpba; i++) {
0842         if (info->pba_to_lba[zonestart+i] == UNDEF) {
0843             lastpba = i;
0844             return zonestart+i;
0845         }
0846     }
0847     return 0;
0848 }
0849
0850 static int
0851 sddr09_write_lba(struct us_data *us, unsigned int lba,
0852          unsigned int page, unsigned int pages,
0853          unsigned char *ptr, unsigned char *blockbuffer) {
0854
0855     struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
0856     unsigned long address;
0857     unsigned int pba, lbap;
0858     unsigned int pagelen;
0859     unsigned char *bptr, *cptr, *xptr;
0860     unsigned char ecc[3];
0861     int i, result;
0862
0863     lbap = ((lba % 1000) << 1) | 0x1000;
0864     if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
0865         lbap ^= 1;
0866     pba = info->lba_to_pba[lba];
0867
0868     if (pba == UNDEF) {
0869         pba = sddr09_find_unused_pba(info, lba);
0870         if (!pba) {
0871             printk(KERN_WARNING
0872                    "sddr09_write_lba: Out of unused blocks\n");
0873             return -ENOSPC;
0874         }
0875         info->pba_to_lba[pba] = lba;
0876         info->lba_to_pba[lba] = pba;
0877     }
0878
0879     if (pba == 1) {
0880         /*
0881          * Maybe it is impossible to write to PBA 1.
0882          * Fake success, but don't do anything.
0883          */
0884         printk(KERN_WARNING "sddr09: avoid writing to pba 1\n");
0885         return 0;
0886     }
0887
0888     pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
0889
0890     /* read old contents */
0891     address = (pba << (info->pageshift + info->blockshift));
0892     result = sddr09_read22(us, address>>1, info->blocksize,
0893                    info->pageshift, blockbuffer, 0);
0894     if (result)
0895         return result;
0896
0897     /* check old contents and fill lba */
0898     for (i = 0; i < info->blocksize; i++) {
0899         bptr = blockbuffer + i*pagelen;
0900         cptr = bptr + info->pagesize;
0901         nand_compute_ecc(bptr, ecc);
0902         if (!nand_compare_ecc(cptr+13, ecc)) {
0903             usb_stor_dbg(us, "Warning: bad ecc in page %d- of pba %d\n",
0904                      i, pba);
0905             nand_store_ecc(cptr+13, ecc);
0906         }
0907         nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
0908         if (!nand_compare_ecc(cptr+8, ecc)) {
0909             usb_stor_dbg(us, "Warning: bad ecc in page %d+ of pba %d\n",
0910                      i, pba);
0911             nand_store_ecc(cptr+8, ecc);
0912         }
0913         cptr[6] = cptr[11] = MSB_of(lbap);
0914         cptr[7] = cptr[12] = LSB_of(lbap);
0915     }
0916
0917     /* copy in new stuff and compute ECC */
0918     xptr = ptr;
0919     for (i = page; i < page+pages; i++) {
0920         bptr = blockbuffer + i*pagelen;
0921         cptr = bptr + info->pagesize;
0922         memcpy(bptr, xptr, info->pagesize);
0923         xptr += info->pagesize;
0924         nand_compute_ecc(bptr, ecc);
0925         nand_store_ecc(cptr+13, ecc);
0926         nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
0927         nand_store_ecc(cptr+8, ecc);
0928     }
0929
0930     usb_stor_dbg(us, "Rewrite PBA %d (LBA %d)\n", pba, lba);
0931
0932     result = sddr09_write_inplace(us, address>>1, info->blocksize,
0933                       info->pageshift, blockbuffer, 0);
0934
0935     usb_stor_dbg(us, "sddr09_write_inplace returns %d\n", result);
0936
0937 #if 0
0938     {
0939         unsigned char status = 0;
0940         int result2 = sddr09_read_status(us, &status);
0941         if (result2)
0942             usb_stor_dbg(us, "cannot read status\n");
0943         else if (status != 0xc0)
0944             usb_stor_dbg(us, "status after write: 0x%x\n", status);
0945     }
0946 #endif
0947
0948 #if 0
0949     {
0950         int result2 = sddr09_test_unit_ready(us);
0951     }
0952 #endif
0953
0954     return result;
0955 }
0956
0957 static int
0958 sddr09_write_data(struct us_data *us,
0959           unsigned long address,
0960           unsigned int sectors) {
0961
0962     struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
0963     unsigned int lba, maxlba, page, pages;
0964     unsigned int pagelen, blocklen;
0965     unsigned char *blockbuffer;
0966     unsigned char *buffer;
0967     unsigned int len, offset;
0968     struct scatterlist *sg;
0969     int result;
0970
0971     /* Figure out the initial LBA and page */
0972     lba = address >> info->blockshift;
0973     page = (address & info->blockmask);
0974     maxlba = info->capacity >> (info->pageshift + info->blockshift);
0975     if (lba >= maxlba)
0976         return -EIO;
0977
0978     /*
0979      * blockbuffer is used for reading in the old data, overwriting
0980      * with the new data, and performing ECC calculations
0981      */
0982
0983     /*
0984      * TODO: instead of doing kmalloc/kfree for each write,
0985      * add a bufferpointer to the info structure
0986      */
0987
0988     pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
0989     blocklen = (pagelen << info->blockshift);
0990     blockbuffer = kmalloc(blocklen, GFP_NOIO);
0991     if (!blockbuffer)
0992         return -ENOMEM;
0993
0994     /*
0995      * Since we don't write the user data directly to the device,
0996      * we have to create a bounce buffer and move the data a piece
0997      * at a time between the bounce buffer and the actual transfer buffer.
0998      */
0999
1000     len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
1001     buffer = kmalloc(len, GFP_NOIO);
1002     if (!buffer) {
1003         kfree(blockbuffer);
1004         return -ENOMEM;
1005     }
1006
1007     result = 0;
1008     offset = 0;
1009     sg = NULL;
1010
1011     while (sectors > 0) {
1012
1013         /* Write as many sectors as possible in this block */
1014
1015         pages = min(sectors, info->blocksize - page);
1016         len = (pages << info->pageshift);
1017
1018         /* Not overflowing capacity? */
1019         if (lba >= maxlba) {
1020             usb_stor_dbg(us, "Error: Requested lba %u exceeds maximum %u\n",
1021                      lba, maxlba);
1022             result = -EIO;
1023             break;
1024         }
1025
1026         /* Get the data from the transfer buffer */
1027         usb_stor_access_xfer_buf(buffer, len, us->srb,
1028                 &sg, &offset, FROM_XFER_BUF);
1029
1030         result = sddr09_write_lba(us, lba, page, pages,
1031                 buffer, blockbuffer);
1032         if (result)
1033             break;
1034
1035         page = 0;
1036         lba++;
1037         sectors -= pages;
1038     }
1039
1040     kfree(buffer);
1041     kfree(blockbuffer);
1042
1043     return result;
1044 }
1045
1046 static int
1047 sddr09_read_control(struct us_data *us,
1048         unsigned long address,
1049         unsigned int blocks,
1050         unsigned char *content,
1051         int use_sg) {
1052
1053     usb_stor_dbg(us, "Read control address %lu, blocks %d\n",
1054              address, blocks);
1055
1056     return sddr09_read21(us, address, blocks,
1057                  CONTROL_SHIFT, content, use_sg);
1058 }
1059
1060 /*
1061  * Read Device ID Command: 12 bytes.
1062  * byte 0: opcode: ED
1063  *
1064  * Returns 2 bytes: Manufacturer ID and Device ID.
1065  * On more recent cards 3 bytes: the third byte is an option code A5
1066  * signifying that the secret command to read an 128-bit ID is available.
1067  * On still more recent cards 4 bytes: the fourth byte C0 means that
1068  * a second read ID cmd is available.
1069  */
1070 static int
1071 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1072     unsigned char *command = us->iobuf;
1073     unsigned char *content = us->iobuf;
1074     int result, i;
1075
1076     memset(command, 0, 12);
1077     command[0] = 0xED;
1078     command[1] = LUNBITS;
1079
1080     result = sddr09_send_scsi_command(us, command, 12);
1081     if (result)
1082         return result;
1083
1084     result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1085             content, 64, NULL);
1086
1087     for (i = 0; i < 4; i++)
1088         deviceID[i] = content[i];
1089
1090     return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1091 }
1092
1093 static int
1094 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1095     int result;
1096     unsigned char status;
1097     const char *wp_fmt;
1098
1099     result = sddr09_read_status(us, &status);
1100     if (result) {
1101         usb_stor_dbg(us, "read_status fails\n");
1102         return result;
1103     }
1104     if ((status & 0x80) == 0) {
1105         info->flags |= SDDR09_WP;   /* write protected */
1106         wp_fmt = " WP";
1107     } else {
1108         wp_fmt = "";
1109     }
1110     usb_stor_dbg(us, "status 0x%02X%s%s%s%s\n", status, wp_fmt,
1111              status & 0x40 ? " Ready" : "",
1112              status & LUNBITS ? " Suspended" : "",
1113              status & 0x01 ? " Error" : "");
1114
1115     return 0;
1116 }
1117
1118 #if 0
1119 /*
1120  * Reset Command: 12 bytes.
1121  * byte 0: opcode: EB
1122  */
1123 static int
1124 sddr09_reset(struct us_data *us) {
1125
1126     unsigned char *command = us->iobuf;
1127
1128     memset(command, 0, 12);
1129     command[0] = 0xEB;
1130     command[1] = LUNBITS;
1131
1132     return sddr09_send_scsi_command(us, command, 12);
1133 }
1134 #endif
1135
1136 static struct nand_flash_dev *
1137 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1138     struct nand_flash_dev *cardinfo;
1139     unsigned char deviceID[4];
1140     char blurbtxt[256];
1141     int result;
1142
1143     usb_stor_dbg(us, "Reading capacity...\n");
1144
1145     result = sddr09_read_deviceID(us, deviceID);
1146
1147     if (result) {
1148         usb_stor_dbg(us, "Result of read_deviceID is %d\n", result);
1149         printk(KERN_WARNING "sddr09: could not read card info\n");
1150         return NULL;
1151     }
1152
1153     sprintf(blurbtxt, "sddr09: Found Flash card, ID = %4ph", deviceID);
1154
1155     /* Byte 0 is the manufacturer */
1156     sprintf(blurbtxt + strlen(blurbtxt),
1157         ": Manuf. %s",
1158         nand_flash_manufacturer(deviceID[0]));
1159
1160     /* Byte 1 is the device type */
1161     cardinfo = nand_find_id(deviceID[1]);
1162     if (cardinfo) {
1163         /*
1164          * MB or MiB? It is neither. A 16 MB card has
1165          * 17301504 raw bytes, of which 16384000 are
1166          * usable for user data.
1167          */
1168         sprintf(blurbtxt + strlen(blurbtxt),
1169             ", %d MB", 1<<(cardinfo->chipshift - 20));
1170     } else {
1171         sprintf(blurbtxt + strlen(blurbtxt),
1172             ", type unrecognized");
1173     }
1174
1175     /* Byte 2 is code to signal availability of 128-bit ID */
1176     if (deviceID[2] == 0xa5) {
1177         sprintf(blurbtxt + strlen(blurbtxt),
1178             ", 128-bit ID");
1179     }
1180
1181     /* Byte 3 announces the availability of another read ID command */
1182     if (deviceID[3] == 0xc0) {
1183         sprintf(blurbtxt + strlen(blurbtxt),
1184             ", extra cmd");
1185     }
1186
1187     if (flags & SDDR09_WP)
1188         sprintf(blurbtxt + strlen(blurbtxt),
1189             ", WP");
1190
1191     printk(KERN_WARNING "%s\n", blurbtxt);
1192
1193     return cardinfo;
1194 }
1195
1196 static int
1197 sddr09_read_map(struct us_data *us) {
1198
1199     struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1200     int numblocks, alloc_len, alloc_blocks;
1201     int i, j, result;
1202     unsigned char *buffer, *buffer_end, *ptr;
1203     unsigned int lba, lbact;
1204
1205     if (!info->capacity)
1206         return -1;
1207
1208     /*
1209      * size of a block is 1 << (blockshift + pageshift) bytes
1210      * divide into the total capacity to get the number of blocks
1211      */
1212
1213     numblocks = info->capacity >> (info->blockshift + info->pageshift);
1214
1215     /*
1216      * read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1217      * but only use a 64 KB buffer
1218      * buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1219      */
1220 #define SDDR09_READ_MAP_BUFSZ 65536
1221
1222     alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1223     alloc_len = (alloc_blocks << CONTROL_SHIFT);
1224     buffer = kmalloc(alloc_len, GFP_NOIO);
1225     if (!buffer) {
1226         result = -1;
1227         goto done;
1228     }
1229     buffer_end = buffer + alloc_len;
1230
1231 #undef SDDR09_READ_MAP_BUFSZ
1232
1233     kfree(info->lba_to_pba);
1234     kfree(info->pba_to_lba);
1235     info->lba_to_pba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1236     info->pba_to_lba = kmalloc_array(numblocks, sizeof(int), GFP_NOIO);
1237
1238     if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1239         printk(KERN_WARNING "sddr09_read_map: out of memory\n");
1240         result = -1;
1241         goto done;
1242     }
1243
1244     for (i = 0; i < numblocks; i++)
1245         info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1246
1247     /*
1248      * Define lba-pba translation table
1249      */
1250
1251     ptr = buffer_end;
1252     for (i = 0; i < numblocks; i++) {
1253         ptr += (1 << CONTROL_SHIFT);
1254         if (ptr >= buffer_end) {
1255             unsigned long address;
1256
1257             address = i << (info->pageshift + info->blockshift);
1258             result = sddr09_read_control(
1259                 us, address>>1,
1260                 min(alloc_blocks, numblocks - i),
1261                 buffer, 0);
1262             if (result) {
1263                 result = -1;
1264                 goto done;
1265             }
1266             ptr = buffer;
1267         }
1268
1269         if (i == 0 || i == 1) {
1270             info->pba_to_lba[i] = UNUSABLE;
1271             continue;
1272         }
1273
1274         /* special PBAs have control field 0^16 */
1275         for (j = 0; j < 16; j++)
1276             if (ptr[j] != 0)
1277                 goto nonz;
1278         info->pba_to_lba[i] = UNUSABLE;
1279         printk(KERN_WARNING "sddr09: PBA %d has no logical mapping\n",
1280                i);
1281         continue;
1282
1283     nonz:
1284         /* unwritten PBAs have control field FF^16 */
1285         for (j = 0; j < 16; j++)
1286             if (ptr[j] != 0xff)
1287                 goto nonff;
1288         continue;
1289
1290     nonff:
1291         /* normal PBAs start with six FFs */
1292         if (j < 6) {
1293             printk(KERN_WARNING
1294                    "sddr09: PBA %d has no logical mapping: "
1295                    "reserved area = %02X%02X%02X%02X "
1296                    "data status %02X block status %02X\n",
1297                    i, ptr[0], ptr[1], ptr[2], ptr[3],
1298                    ptr[4], ptr[5]);
1299             info->pba_to_lba[i] = UNUSABLE;
1300             continue;
1301         }
1302
1303         if ((ptr[6] >> 4) != 0x01) {
1304             printk(KERN_WARNING
1305                    "sddr09: PBA %d has invalid address field "
1306                    "%02X%02X/%02X%02X\n",
1307                    i, ptr[6], ptr[7], ptr[11], ptr[12]);
1308             info->pba_to_lba[i] = UNUSABLE;
1309             continue;
1310         }
1311
1312         /* check even parity */
1313         if (parity[ptr[6] ^ ptr[7]]) {
1314             printk(KERN_WARNING
1315                    "sddr09: Bad parity in LBA for block %d"
1316                    " (%02X %02X)\n", i, ptr[6], ptr[7]);
1317             info->pba_to_lba[i] = UNUSABLE;
1318             continue;
1319         }
1320
1321         lba = short_pack(ptr[7], ptr[6]);
1322         lba = (lba & 0x07FF) >> 1;
1323
1324         /*
1325          * Every 1024 physical blocks ("zone"), the LBA numbers
1326          * go back to zero, but are within a higher block of LBA's.
1327          * Also, there is a maximum of 1000 LBA's per zone.
1328          * In other words, in PBA 1024-2047 you will find LBA 0-999
1329          * which are really LBA 1000-1999. This allows for 24 bad
1330          * or special physical blocks per zone.
1331          */
1332
1333         if (lba >= 1000) {
1334             printk(KERN_WARNING
1335                    "sddr09: Bad low LBA %d for block %d\n",
1336                    lba, i);
1337             goto possibly_erase;
1338         }
1339
1340         lba += 1000*(i/0x400);
1341
1342         if (info->lba_to_pba[lba] != UNDEF) {
1343             printk(KERN_WARNING
1344                    "sddr09: LBA %d seen for PBA %d and %d\n",
1345                    lba, info->lba_to_pba[lba], i);
1346             goto possibly_erase;
1347         }
1348
1349         info->pba_to_lba[i] = lba;
1350         info->lba_to_pba[lba] = i;
1351         continue;
1352
1353     possibly_erase:
1354         if (erase_bad_lba_entries) {
1355             unsigned long address;
1356
1357             address = (i << (info->pageshift + info->blockshift));
1358             sddr09_erase(us, address>>1);
1359             info->pba_to_lba[i] = UNDEF;
1360         } else
1361             info->pba_to_lba[i] = UNUSABLE;
1362     }
1363
1364     /*
1365      * Approximate capacity. This is not entirely correct yet,
1366      * since a zone with less than 1000 usable pages leads to
1367      * missing LBAs. Especially if it is the last zone, some
1368      * LBAs can be past capacity.
1369      */
1370     lbact = 0;
1371     for (i = 0; i < numblocks; i += 1024) {
1372         int ct = 0;
1373
1374         for (j = 0; j < 1024 && i+j < numblocks; j++) {
1375             if (info->pba_to_lba[i+j] != UNUSABLE) {
1376                 if (ct >= 1000)
1377                     info->pba_to_lba[i+j] = SPARE;
1378                 else
1379                     ct++;
1380             }
1381         }
1382         lbact += ct;
1383     }
1384     info->lbact = lbact;
1385     usb_stor_dbg(us, "Found %d LBA's\n", lbact);
1386     result = 0;
1387
1388  done:
1389     if (result != 0) {
1390         kfree(info->lba_to_pba);
1391         kfree(info->pba_to_lba);
1392         info->lba_to_pba = NULL;
1393         info->pba_to_lba = NULL;
1394     }
1395     kfree(buffer);
1396     return result;
1397 }
1398
1399 static void
1400 sddr09_card_info_destructor(void *extra) {
1401     struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1402
1403     if (!info)
1404         return;
1405
1406     kfree(info->lba_to_pba);
1407     kfree(info->pba_to_lba);
1408 }
1409
1410 static int
1411 sddr09_common_init(struct us_data *us) {
1412     int result;
1413
1414     /* set the configuration -- STALL is an acceptable response here */
1415     if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1416         usb_stor_dbg(us, "active config #%d != 1 ??\n",
1417                  us->pusb_dev->actconfig->desc.bConfigurationValue);
1418         return -EINVAL;
1419     }
1420
1421     result = usb_reset_configuration(us->pusb_dev);
1422     usb_stor_dbg(us, "Result of usb_reset_configuration is %d\n", result);
1423     if (result == -EPIPE) {
1424         usb_stor_dbg(us, "-- stall on control interface\n");
1425     } else if (result != 0) {
1426         /* it's not a stall, but another error -- time to bail */
1427         usb_stor_dbg(us, "-- Unknown error.  Rejecting device\n");
1428         return -EINVAL;
1429     }
1430
1431     us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1432     if (!us->extra)
1433         return -ENOMEM;
1434     us->extra_destructor = sddr09_card_info_destructor;
1435
1436     nand_init_ecc();
1437     return 0;
1438 }
1439
1440
1441 /*
1442  * This is needed at a very early stage. If this is not listed in the
1443  * unusual devices list but called from here then LUN 0 of the combo reader
1444  * is not recognized. But I do not know what precisely these calls do.
1445  */
1446 static int
1447 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1448     int result;
1449     unsigned char *data = us->iobuf;
1450
1451     result = sddr09_common_init(us);
1452     if (result)
1453         return result;
1454
1455     result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1456     if (result) {
1457         usb_stor_dbg(us, "send_command fails\n");
1458         return result;
1459     }
1460
1461     usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1462     // get 07 02
1463
1464     result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1465     if (result) {
1466         usb_stor_dbg(us, "2nd send_command fails\n");
1467         return result;
1468     }
1469
1470     usb_stor_dbg(us, "%02X %02X\n", data[0], data[1]);
1471     // get 07 00
1472
1473     result = sddr09_request_sense(us, data, 18);
1474     if (result == 0 && data[2] != 0) {
1475         int j;
1476         for (j=0; j<18; j++)
1477             printk(" %02X", data[j]);
1478         printk("\n");
1479         // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1480         // 70: current command
1481         // sense key 0, sense code 0, extd sense code 0
1482         // additional transfer length * = sizeof(data) - 7
1483         // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1484         // sense key 06, sense code 28: unit attention,
1485         // not ready to ready transition
1486     }
1487
1488     // test unit ready
1489
1490     return 0;       /* not result */
1491 }
1492
1493 /*
1494  * Transport for the Microtech DPCM-USB
1495  */
1496 static int dpcm_transport(struct scsi_cmnd *srb, struct us_data *us)
1497 {
1498     int ret;
1499
1500     usb_stor_dbg(us, "LUN=%d\n", (u8)srb->device->lun);
1501
1502     switch (srb->device->lun) {
1503     case 0:
1504
1505         /*
1506          * LUN 0 corresponds to the CompactFlash card reader.
1507          */
1508         ret = usb_stor_CB_transport(srb, us);
1509         break;
1510
1511     case 1:
1512
1513         /*
1514          * LUN 1 corresponds to the SmartMedia card reader.
1515          */
1516
1517         /*
1518          * Set the LUN to 0 (just in case).
1519          */
1520         srb->device->lun = 0;
1521         ret = sddr09_transport(srb, us);
1522         srb->device->lun = 1;
1523         break;
1524
1525     default:
1526         usb_stor_dbg(us, "Invalid LUN %d\n", (u8)srb->device->lun);
1527         ret = USB_STOR_TRANSPORT_ERROR;
1528         break;
1529     }
1530     return ret;
1531 }
1532
1533
1534 /*
1535  * Transport for the Sandisk SDDR-09
1536  */
1537 static int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1538 {
1539     static unsigned char sensekey = 0, sensecode = 0;
1540     static unsigned char havefakesense = 0;
1541     int result, i;
1542     unsigned char *ptr = us->iobuf;
1543     unsigned long capacity;
1544     unsigned int page, pages;
1545
1546     struct sddr09_card_info *info;
1547
1548     static unsigned char inquiry_response[8] = {
1549         0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1550     };
1551
1552     /* note: no block descriptor support */
1553     static unsigned char mode_page_01[19] = {
1554         0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1555         0x01, 0x0A,
1556         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1557     };
1558
1559     info = (struct sddr09_card_info *)us->extra;
1560
1561     if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1562         /* for a faked command, we have to follow with a faked sense */
1563         memset(ptr, 0, 18);
1564         ptr[0] = 0x70;
1565         ptr[2] = sensekey;
1566         ptr[7] = 11;
1567         ptr[12] = sensecode;
1568         usb_stor_set_xfer_buf(ptr, 18, srb);
1569         sensekey = sensecode = havefakesense = 0;
1570         return USB_STOR_TRANSPORT_GOOD;
1571     }
1572
1573     havefakesense = 1;
1574
1575     /*
1576      * Dummy up a response for INQUIRY since SDDR09 doesn't
1577      * respond to INQUIRY commands
1578      */
1579
1580     if (srb->cmnd[0] == INQUIRY) {
1581         memcpy(ptr, inquiry_response, 8);
1582         fill_inquiry_response(us, ptr, 36);
1583         return USB_STOR_TRANSPORT_GOOD;
1584     }
1585
1586     if (srb->cmnd[0] == READ_CAPACITY) {
1587         struct nand_flash_dev *cardinfo;
1588
1589         sddr09_get_wp(us, info);    /* read WP bit */
1590
1591         cardinfo = sddr09_get_cardinfo(us, info->flags);
1592         if (!cardinfo) {
1593             /* probably no media */
1594         init_error:
1595             sensekey = 0x02;    /* not ready */
1596             sensecode = 0x3a;   /* medium not present */
1597             return USB_STOR_TRANSPORT_FAILED;
1598         }
1599
1600         info->capacity = (1 << cardinfo->chipshift);
1601         info->pageshift = cardinfo->pageshift;
1602         info->pagesize = (1 << info->pageshift);
1603         info->blockshift = cardinfo->blockshift;
1604         info->blocksize = (1 << info->blockshift);
1605         info->blockmask = info->blocksize - 1;
1606
1607         // map initialization, must follow get_cardinfo()
1608         if (sddr09_read_map(us)) {
1609             /* probably out of memory */
1610             goto init_error;
1611         }
1612
1613         // Report capacity
1614
1615         capacity = (info->lbact << info->blockshift) - 1;
1616
1617         ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1618
1619         // Report page size
1620
1621         ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1622         usb_stor_set_xfer_buf(ptr, 8, srb);
1623
1624         return USB_STOR_TRANSPORT_GOOD;
1625     }
1626
1627     if (srb->cmnd[0] == MODE_SENSE_10) {
1628         int modepage = (srb->cmnd[2] & 0x3F);
1629
1630         /*
1631          * They ask for the Read/Write error recovery page,
1632          * or for all pages.
1633          */
1634         /* %% We should check DBD %% */
1635         if (modepage == 0x01 || modepage == 0x3F) {
1636             usb_stor_dbg(us, "Dummy up request for mode page 0x%x\n",
1637                      modepage);
1638
1639             memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1640             ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1641             ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1642             usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1643             return USB_STOR_TRANSPORT_GOOD;
1644         }
1645
1646         sensekey = 0x05;    /* illegal request */
1647         sensecode = 0x24;   /* invalid field in CDB */
1648         return USB_STOR_TRANSPORT_FAILED;
1649     }
1650
1651     if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1652         return USB_STOR_TRANSPORT_GOOD;
1653
1654     havefakesense = 0;
1655
1656     if (srb->cmnd[0] == READ_10) {
1657
1658         page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1659         page <<= 16;
1660         page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1661         pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1662
1663         usb_stor_dbg(us, "READ_10: read page %d pagect %d\n",
1664                  page, pages);
1665
1666         result = sddr09_read_data(us, page, pages);
1667         return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1668                 USB_STOR_TRANSPORT_ERROR);
1669     }
1670
1671     if (srb->cmnd[0] == WRITE_10) {
1672
1673         page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1674         page <<= 16;
1675         page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1676         pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1677
1678         usb_stor_dbg(us, "WRITE_10: write page %d pagect %d\n",
1679                  page, pages);
1680
1681         result = sddr09_write_data(us, page, pages);
1682         return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1683                 USB_STOR_TRANSPORT_ERROR);
1684     }
1685
1686     /*
1687      * catch-all for all other commands, except
1688      * pass TEST_UNIT_READY and REQUEST_SENSE through
1689      */
1690     if (srb->cmnd[0] != TEST_UNIT_READY &&
1691         srb->cmnd[0] != REQUEST_SENSE) {
1692         sensekey = 0x05;    /* illegal request */
1693         sensecode = 0x20;   /* invalid command */
1694         havefakesense = 1;
1695         return USB_STOR_TRANSPORT_FAILED;
1696     }
1697
1698     for (; srb->cmd_len<12; srb->cmd_len++)
1699         srb->cmnd[srb->cmd_len] = 0;
1700
1701     srb->cmnd[1] = LUNBITS;
1702
1703     ptr[0] = 0;
1704     for (i=0; i<12; i++)
1705         sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1706
1707     usb_stor_dbg(us, "Send control for command %s\n", ptr);
1708
1709     result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1710     if (result) {
1711         usb_stor_dbg(us, "sddr09_send_scsi_command returns %d\n",
1712                  result);
1713         return USB_STOR_TRANSPORT_ERROR;
1714     }
1715
1716     if (scsi_bufflen(srb) == 0)
1717         return USB_STOR_TRANSPORT_GOOD;
1718
1719     if (srb->sc_data_direction == DMA_TO_DEVICE ||
1720         srb->sc_data_direction == DMA_FROM_DEVICE) {
1721         unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1722                 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1723
1724         usb_stor_dbg(us, "%s %d bytes\n",
1725                  (srb->sc_data_direction == DMA_TO_DEVICE) ?
1726                  "sending" : "receiving",
1727                  scsi_bufflen(srb));
1728
1729         result = usb_stor_bulk_srb(us, pipe, srb);
1730
1731         return (result == USB_STOR_XFER_GOOD ?
1732             USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1733     }
1734
1735     return USB_STOR_TRANSPORT_GOOD;
1736 }
1737
1738 /*
1739  * Initialization routine for the sddr09 subdriver
1740  */
1741 static int
1742 usb_stor_sddr09_init(struct us_data *us) {
1743     return sddr09_common_init(us);
1744 }
1745
1746 static struct scsi_host_template sddr09_host_template;
1747
1748 static int sddr09_probe(struct usb_interface *intf,
1749              const struct usb_device_id *id)
1750 {
1751     struct us_data *us;
1752     int result;
1753
1754     result = usb_stor_probe1(&us, intf, id,
1755             (id - sddr09_usb_ids) + sddr09_unusual_dev_list,
1756             &sddr09_host_template);
1757     if (result)
1758         return result;
1759
1760     if (us->protocol == USB_PR_DPCM_USB) {
1761         us->transport_name = "Control/Bulk-EUSB/SDDR09";
1762         us->transport = dpcm_transport;
1763         us->transport_reset = usb_stor_CB_reset;
1764         us->max_lun = 1;
1765     } else {
1766         us->transport_name = "EUSB/SDDR09";
1767         us->transport = sddr09_transport;
1768         us->transport_reset = usb_stor_CB_reset;
1769         us->max_lun = 0;
1770     }
1771
1772     result = usb_stor_probe2(us);
1773     return result;
1774 }
1775
1776 static struct usb_driver sddr09_driver = {
1777     .name =     DRV_NAME,
1778     .probe =    sddr09_probe,
1779     .disconnect =   usb_stor_disconnect,
1780     .suspend =  usb_stor_suspend,
1781     .resume =   usb_stor_resume,
1782     .reset_resume = usb_stor_reset_resume,
1783     .pre_reset =    usb_stor_pre_reset,
1784     .post_reset =   usb_stor_post_reset,
1785     .id_table = sddr09_usb_ids,
1786     .soft_unbind =  1,
1787     .no_dynamic_id = 1,
1788 };
1789
1790 module_usb_stor_driver(sddr09_driver, sddr09_host_template, DRV_NAME);