2 * The low performance USB storage driver (ub).
4 * Copyright (c) 1999, 2000 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
5 * Copyright (C) 2004 Pete Zaitcev (zaitcev@yahoo.com)
7 * This work is a part of Linux kernel, is derived from it,
8 * and is not licensed separately. See file COPYING for details.
10 * TODO (sorted by decreasing priority)
11 * -- ZIP does "ub: resid 18 len 0 act 0" and whole transport quits (toggles?)
12 * -- set readonly flag for CDs, set removable flag for CF readers
13 * -- do inquiry and verify we got a disk and not a tape (for LUN mismatch)
14 * -- support pphaneuf's SDDR-75 with two LUNs (also broken capacity...)
15 * -- special case some senses, e.g. 3a/0 -> no media present, reduce retries
16 * -- do something about spin-down devices, they are extremely dangerous
17 * (ZIP is one. Needs spin-up command as well.)
18 * -- verify the 13 conditions and do bulk resets
19 * -- normal pool of commands instead of cmdv[]?
20 * -- kill last_pipe and simply do two-state clearing on both pipes
21 * -- verify protocol (bulk) from USB descriptors (maybe...)
23 * -- move top_sense and work_bcs into separate allocations (if they survive)
24 * for cache purists and esoteric architectures.
25 * -- prune comments, they are too volumnous
26 * -- Exterminate P3 printks
29 #include <linux/kernel.h>
30 #include <linux/module.h>
31 #include <linux/usb.h>
32 #include <linux/blkdev.h>
33 #include <linux/devfs_fs_kernel.h>
34 #include <linux/timer.h>
35 #include <scsi/scsi.h>
38 #define DEVFS_NAME DRV_NAME
40 #define UB_MAJOR 125 /* Stolen from Experimental range for a week - XXX */
43 * Definitions which have to be scattered once we understand the layout better.
46 /* Transport (despite PR in the name) */
47 #define US_PR_BULK 0x50 /* bulk only */
50 #define US_SC_SCSI 0x06 /* Transparent */
54 #define UB_MINORS_PER_MAJOR 8
56 #define UB_MAX_CDB_SIZE 16 /* Corresponds to Bulk */
58 #define UB_SENSE_SIZE 18
63 /* command block wrapper */
65 u32 Signature; /* contains 'USBC' */
66 u32 Tag; /* unique per command id */
67 u32 DataTransferLength; /* size of data */
68 u8 Flags; /* direction in bit 0 */
69 u8 Lun; /* LUN normally 0 */
70 u8 Length; /* of of the CDB */
71 u8 CDB[UB_MAX_CDB_SIZE]; /* max command */
74 #define US_BULK_CB_WRAP_LEN 31
75 #define US_BULK_CB_SIGN 0x43425355 /*spells out USBC */
76 #define US_BULK_FLAG_IN 1
77 #define US_BULK_FLAG_OUT 0
79 /* command status wrapper */
81 u32 Signature; /* should = 'USBS' */
82 u32 Tag; /* same as original command */
83 u32 Residue; /* amount not transferred */
84 u8 Status; /* see below */
87 #define US_BULK_CS_WRAP_LEN 13
88 #define US_BULK_CS_SIGN 0x53425355 /* spells out 'USBS' */
89 /* This is for Olympus Camedia digital cameras */
90 #define US_BULK_CS_OLYMPUS_SIGN 0x55425355 /* spells out 'USBU' */
91 #define US_BULK_STAT_OK 0
92 #define US_BULK_STAT_FAIL 1
93 #define US_BULK_STAT_PHASE 2
95 /* bulk-only class specific requests */
96 #define US_BULK_RESET_REQUEST 0xff
97 #define US_BULK_GET_MAX_LUN 0xfe
103 #define UB_MAX_REQ_SG 1
104 #define UB_MAX_SECTORS 64
107 * A second ought to be enough for a 32K transfer (UB_MAX_SECTORS)
108 * even if a webcam hogs the bus (famous last words).
109 * Some CDs need a second to spin up though.
110 * ZIP drive rejects commands when it's not spinning,
111 * so it does not need long timeouts either.
113 #define UB_URB_TIMEOUT (HZ*2)
114 #define UB_CTRL_TIMEOUT (HZ/2) /* 500ms ought to be enough to clear a stall */
117 * An instance of a SCSI command in transit.
119 #define UB_DIR_NONE 0
120 #define UB_DIR_READ 1
121 #define UB_DIR_ILLEGAL2 2
122 #define UB_DIR_WRITE 3
124 #define UB_DIR_CHAR(c) (((c)==UB_DIR_WRITE)? 'w': \
125 (((c)==UB_DIR_READ)? 'r': 'n'))
127 enum ub_scsi_cmd_state {
128 UB_CMDST_INIT, /* Initial state */
129 UB_CMDST_CMD, /* Command submitted */
130 UB_CMDST_DATA, /* Data phase */
131 UB_CMDST_CLR2STS, /* Clearing before requesting status */
132 UB_CMDST_STAT, /* Status phase */
133 UB_CMDST_CLEAR, /* Clearing a stall (halt, actually) */
134 UB_CMDST_SENSE, /* Sending Request Sense */
135 UB_CMDST_DONE /* Final state */
138 static char *ub_scsi_cmd_stname[] = {
150 unsigned char cdb[UB_MAX_CDB_SIZE];
151 unsigned char cdb_len;
153 unsigned char dir; /* 0 - none, 1 - read, 3 - write. */
154 unsigned char trace_index;
155 enum ub_scsi_cmd_state state;
157 struct ub_scsi_cmd *next;
159 int error; /* Return code - valid upon done */
160 int act_len; /* Return size */
162 int stat_count; /* Retries getting status. */
165 * We do not support transfers from highmem pages
166 * because the underlying USB framework does not do what we need.
168 char *data; /* Requested buffer */
169 unsigned int len; /* Requested length */
170 // struct scatterlist sgv[UB_MAX_REQ_SG];
172 void (*done)(struct ub_dev *, struct ub_scsi_cmd *);
179 unsigned long nsec; /* Linux size - 512 byte sectors */
180 unsigned int bsize; /* Linux hardsect_size */
181 unsigned int bshift; /* Shift between 512 and hard sects */
185 * The SCSI command tracing structure.
188 #define SCMD_ST_HIST_SZ 8
189 #define SCMD_TRACE_SZ 15 /* No more than 256 (trace_index) */
191 struct ub_scsi_cmd_trace {
194 unsigned int req_size, act_size;
197 unsigned char key, asc, ascq;
198 char st_hst[SCMD_ST_HIST_SZ];
201 struct ub_scsi_trace {
203 struct ub_scsi_cmd_trace vec[SCMD_TRACE_SZ];
207 * This is a direct take-off from linux/include/completion.h
208 * The difference is that I do not wait on this thing, just poll.
209 * When I want to wait (ub_probe), I just use the stock completion.
211 * Note that INIT_COMPLETION takes no lock. It is correct. But why
212 * in the bloody hell that thing takes struct instead of pointer to struct
213 * is quite beyond me. I just copied it from the stock completion.
215 struct ub_completion {
220 static inline void ub_init_completion(struct ub_completion *x)
223 spin_lock_init(&x->lock);
226 #define UB_INIT_COMPLETION(x) ((x).done = 0)
228 static void ub_complete(struct ub_completion *x)
232 spin_lock_irqsave(&x->lock, flags);
234 spin_unlock_irqrestore(&x->lock, flags);
237 static int ub_is_completed(struct ub_completion *x)
242 spin_lock_irqsave(&x->lock, flags);
244 spin_unlock_irqrestore(&x->lock, flags);
250 struct ub_scsi_cmd_queue {
252 struct ub_scsi_cmd *head, *tail;
256 * The UB device instance.
260 int id; /* Number among ub's */
261 atomic_t poison; /* The USB device is disconnected */
262 int openc; /* protected by ub_lock! */
263 /* kref is too implicit for our taste */
265 int changed; /* Media was changed */
269 struct usb_device *dev;
270 struct usb_interface *intf;
272 struct ub_capacity capacity;
273 struct gendisk *disk;
275 unsigned int send_bulk_pipe; /* cached pipe values */
276 unsigned int recv_bulk_pipe;
277 unsigned int send_ctrl_pipe;
278 unsigned int recv_ctrl_pipe;
280 struct tasklet_struct tasklet;
282 /* XXX Use Ingo's mempool (once we have more than one) */
284 struct ub_scsi_cmd cmdv[1];
286 struct ub_scsi_cmd_queue cmd_queue;
287 struct ub_scsi_cmd top_rqs_cmd; /* REQUEST SENSE */
288 unsigned char top_sense[UB_SENSE_SIZE];
290 struct ub_completion work_done;
292 struct timer_list work_timer;
293 int last_pipe; /* What might need clearing */
294 struct bulk_cb_wrap work_bcb;
295 struct bulk_cs_wrap work_bcs;
296 struct usb_ctrlrequest work_cr;
298 struct ub_scsi_trace tr;
303 static void ub_rw_cmd_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
304 static void ub_end_rq(struct request *rq, int uptodate);
305 static int ub_submit_scsi(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
306 static void ub_urb_complete(struct urb *urb, struct pt_regs *pt);
307 static void ub_scsi_action(unsigned long _dev);
308 static void ub_scsi_dispatch(struct ub_dev *sc);
309 static void ub_scsi_urb_compl(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
310 static void ub_state_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd, int rc);
311 static void ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
312 static void ub_state_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
313 static int ub_submit_clear_stall(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
315 static void ub_top_sense_done(struct ub_dev *sc, struct ub_scsi_cmd *scmd);
316 static int ub_sync_tur(struct ub_dev *sc);
317 static int ub_sync_read_cap(struct ub_dev *sc, struct ub_capacity *ret);
321 static struct usb_device_id ub_usb_ids[] = {
322 // { USB_DEVICE_VER(0x0781, 0x0002, 0x0009, 0x0009) }, /* SDDR-31 */
323 { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, US_SC_SCSI, US_PR_BULK) },
327 MODULE_DEVICE_TABLE(usb, ub_usb_ids);
330 * Find me a way to identify "next free minor" for add_disk(),
331 * and the array disappears the next day. However, the number of
332 * hosts has something to do with the naming and /proc/partitions.
333 * This has to be thought out in detail before changing.
334 * If UB_MAX_HOST was 1000, we'd use a bitmap. Or a better data structure.
336 #define UB_MAX_HOSTS 26
337 static char ub_hostv[UB_MAX_HOSTS];
338 static spinlock_t ub_lock = SPIN_LOCK_UNLOCKED; /* Locks globals and ->openc */
341 * The SCSI command tracing procedures.
344 static void ub_cmdtr_new(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
347 struct ub_scsi_cmd_trace *t;
349 if ((n = sc->tr.cur + 1) == SCMD_TRACE_SZ) n = 0;
352 memset(t, 0, sizeof(struct ub_scsi_cmd_trace));
356 t->req_size = cmd->len;
357 t->st_hst[0] = cmd->state;
360 cmd->trace_index = n;
363 static void ub_cmdtr_state(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
366 struct ub_scsi_cmd_trace *t;
368 t = &sc->tr.vec[cmd->trace_index];
369 if (t->tag == cmd->tag) {
370 if ((n = t->hcur + 1) == SCMD_ST_HIST_SZ) n = 0;
371 t->st_hst[n] = cmd->state;
376 static void ub_cmdtr_act_len(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
378 struct ub_scsi_cmd_trace *t;
380 t = &sc->tr.vec[cmd->trace_index];
381 if (t->tag == cmd->tag)
382 t->act_size = cmd->act_len;
385 static void ub_cmdtr_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
386 unsigned char *sense)
388 struct ub_scsi_cmd_trace *t;
390 t = &sc->tr.vec[cmd->trace_index];
391 if (t->tag == cmd->tag) {
392 t->key = sense[2] & 0x0F;
398 static ssize_t ub_diag_show(struct device *dev, char *page)
400 struct usb_interface *intf;
406 struct ub_scsi_cmd_trace *t;
408 intf = to_usb_interface(dev);
409 sc = usb_get_intfdata(intf);
414 spin_lock_irqsave(&sc->lock, flags);
416 cnt += sprintf(page + cnt,
417 "qlen %d qmax %d changed %d removable %d readonly %d\n",
418 sc->cmd_queue.qlen, sc->cmd_queue.qmax,
419 sc->changed, sc->removable, sc->readonly);
421 if ((nc = sc->tr.cur + 1) == SCMD_TRACE_SZ) nc = 0;
422 for (j = 0; j < SCMD_TRACE_SZ; j++) {
425 cnt += sprintf(page + cnt, "%08x %02x", t->tag, t->op);
426 if (t->op == REQUEST_SENSE) {
427 cnt += sprintf(page + cnt, " [sense %x %02x %02x]",
428 t->key, t->asc, t->ascq);
430 cnt += sprintf(page + cnt, " %c", UB_DIR_CHAR(t->dir));
431 cnt += sprintf(page + cnt, " [%5d %5d]",
432 t->req_size, t->act_size);
434 if ((nh = t->hcur + 1) == SCMD_ST_HIST_SZ) nh = 0;
435 for (i = 0; i < SCMD_ST_HIST_SZ; i++) {
436 cnt += sprintf(page + cnt, " %s",
437 ub_scsi_cmd_stname[(int)t->st_hst[nh]]);
438 if (++nh == SCMD_ST_HIST_SZ) nh = 0;
440 cnt += sprintf(page + cnt, "\n");
442 if (++nc == SCMD_TRACE_SZ) nc = 0;
445 spin_unlock_irqrestore(&sc->lock, flags);
449 static DEVICE_ATTR(diag, S_IRUGO, ub_diag_show, NULL); /* N.B. World readable */
454 * This also stores the host for indexing by minor, which is somewhat dirty.
456 static int ub_id_get(void)
461 spin_lock_irqsave(&ub_lock, flags);
462 for (i = 0; i < UB_MAX_HOSTS; i++) {
463 if (ub_hostv[i] == 0) {
465 spin_unlock_irqrestore(&ub_lock, flags);
469 spin_unlock_irqrestore(&ub_lock, flags);
473 static void ub_id_put(int id)
476 if (id < 0 || id >= UB_MAX_HOSTS) {
477 printk(KERN_ERR DRV_NAME ": bad host ID %d\n", id);
480 if (ub_hostv[id] == 0) {
481 printk(KERN_ERR DRV_NAME ": freeing free host ID %d\n", id);
488 * Final cleanup and deallocation.
489 * This must be called with ub_lock taken.
491 static void ub_cleanup(struct ub_dev *sc)
498 * The "command allocator".
500 static struct ub_scsi_cmd *ub_get_cmd(struct ub_dev *sc)
502 struct ub_scsi_cmd *ret;
511 static void ub_put_cmd(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
513 if (cmd != &sc->cmdv[0]) {
514 printk(KERN_WARNING "%s: releasing a foreign cmd %p\n",
519 printk(KERN_WARNING "%s: releasing a free cmd\n", sc->name);
528 static void ub_cmdq_add(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
530 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
532 if (t->qlen++ == 0) {
540 if (t->qlen > t->qmax)
544 static void ub_cmdq_insert(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
546 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
548 if (t->qlen++ == 0) {
556 if (t->qlen > t->qmax)
560 static struct ub_scsi_cmd *ub_cmdq_pop(struct ub_dev *sc)
562 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
563 struct ub_scsi_cmd *cmd;
575 #define ub_cmdq_peek(sc) ((sc)->cmd_queue.head)
578 * The request function is our main entry point
581 static inline int ub_bd_rq_fn_1(request_queue_t *q)
584 int writing = 0, pci_dir, i, n_elem;
586 unsigned int msg_size;
588 struct ub_dev *sc = q->queuedata;
590 #if 0 /* We use rq->buffer for now */
591 struct scatterlist *sg;
594 struct ub_scsi_cmd *cmd;
596 unsigned int block, nblks;
599 if ((rq = elv_next_request(q)) == NULL)
602 if (atomic_read(&sc->poison) || sc->changed) {
603 blkdev_dequeue_request(rq);
608 if ((cmd = ub_get_cmd(sc)) == NULL) {
613 blkdev_dequeue_request(rq);
615 if (rq_data_dir(rq) == WRITE)
616 ub_dir = UB_DIR_WRITE;
618 ub_dir = UB_DIR_READ;
621 * get scatterlist from block layer
623 #if 0 /* We use rq->buffer for now */
625 n_elem = blk_rq_map_sg(q, rq, sg);
630 return 0; /* request with no s/g entries? */
633 if (n_elem != 1) { /* Paranoia */
634 printk(KERN_WARNING "%s: request with %d segments\n",
643 * XXX Unfortunately, this check does not work. It is quite possible
644 * to get bogus non-null rq->buffer if you allow sg by mistake.
646 if (rq->buffer == NULL) {
648 * This must not happen if we set the queue right.
649 * The block level must create bounce buffers for us.
651 static int do_print = 1;
653 printk(KERN_WARNING "%s: unmapped request\n", sc->name);
666 nblks = rq->nr_sectors;
668 memset(cmd, 0, sizeof(struct ub_scsi_cmd));
669 cmd->cdb[0] = (ub_dir == UB_DIR_READ)? READ_10: WRITE_10;
670 /* 10-byte uses 4 bytes of LBA: 2147483648KB, 2097152MB, 2048GB */
671 cmd->cdb[2] = block >> 24;
672 cmd->cdb[3] = block >> 16;
673 cmd->cdb[4] = block >> 8;
675 cmd->cdb[7] = nblks >> 8;
679 cmd->state = UB_CMDST_INIT;
680 cmd->data = rq->buffer;
681 cmd->len = nblks * 512;
682 cmd->done = ub_rw_cmd_done;
685 cmd->tag = sc->tagcnt++;
686 if ((rc = ub_submit_scsi(sc, cmd)) != 0) {
696 static void ub_bd_rq_fn(request_queue_t *q)
698 do { } while (ub_bd_rq_fn_1(q) == 0);
701 static void ub_rw_cmd_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
703 struct request *rq = cmd->back;
704 struct gendisk *disk = sc->disk;
705 request_queue_t *q = disk->queue;
714 ub_end_rq(rq, uptodate);
718 static void ub_end_rq(struct request *rq, int uptodate)
722 rc = end_that_request_first(rq, uptodate, rq->hard_nr_sectors);
724 end_that_request_last(rq);
728 * Submit a regular SCSI operation (not an auto-sense).
730 * The Iron Law of Good Submit Routine is:
731 * Zero return - callback is done, Nonzero return - callback is not done.
734 * Host is assumed locked.
736 * XXX We only support Bulk for the moment.
738 static int ub_submit_scsi(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
741 if (cmd->state != UB_CMDST_INIT ||
742 (cmd->dir != UB_DIR_NONE && cmd->len == 0)) {
746 ub_cmdq_add(sc, cmd);
748 * We can call ub_scsi_dispatch(sc) right away here, but it's a little
749 * safer to jump to a tasklet, in case upper layers do something silly.
751 tasklet_schedule(&sc->tasklet);
756 * Submit the first URB for the queued command.
757 * This function does not deal with queueing in any way.
759 static int ub_scsi_cmd_start(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
761 struct bulk_cb_wrap *bcb;
766 /* set up the command wrapper */
767 bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
768 bcb->Tag = cmd->tag; /* Endianness is not important */
769 bcb->DataTransferLength = cpu_to_le32(cmd->len);
770 bcb->Flags = (cmd->dir == UB_DIR_READ) ? 0x80 : 0;
771 bcb->Lun = 0; /* No multi-LUN yet */
772 bcb->Length = cmd->cdb_len;
774 /* copy the command payload */
775 memcpy(bcb->CDB, cmd->cdb, UB_MAX_CDB_SIZE);
777 UB_INIT_COMPLETION(sc->work_done);
779 sc->last_pipe = sc->send_bulk_pipe;
780 usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->send_bulk_pipe,
781 bcb, US_BULK_CB_WRAP_LEN, ub_urb_complete, sc);
782 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
784 /* Fill what we shouldn't be filling, because usb-storage did so. */
785 sc->work_urb.actual_length = 0;
786 sc->work_urb.error_count = 0;
787 sc->work_urb.status = 0;
789 sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
790 add_timer(&sc->work_timer);
792 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
793 /* XXX Clear stalls */
794 printk("ub: cmd #%d start failed (%d)\n", cmd->tag, rc); /* P3 */
795 del_timer(&sc->work_timer);
796 ub_complete(&sc->work_done);
800 cmd->state = UB_CMDST_CMD;
801 ub_cmdtr_state(sc, cmd);
808 static void ub_urb_timeout(unsigned long arg)
810 struct ub_dev *sc = (struct ub_dev *) arg;
813 spin_lock_irqsave(&sc->lock, flags);
814 usb_unlink_urb(&sc->work_urb);
815 spin_unlock_irqrestore(&sc->lock, flags);
819 * Completion routine for the work URB.
821 * This can be called directly from usb_submit_urb (while we have
822 * the sc->lock taken) and from an interrupt (while we do NOT have
823 * the sc->lock taken). Therefore, bounce this off to a tasklet.
825 static void ub_urb_complete(struct urb *urb, struct pt_regs *pt)
827 struct ub_dev *sc = urb->context;
829 ub_complete(&sc->work_done);
830 tasklet_schedule(&sc->tasklet);
833 static void ub_scsi_action(unsigned long _dev)
835 struct ub_dev *sc = (struct ub_dev *) _dev;
838 spin_lock_irqsave(&sc->lock, flags);
839 ub_scsi_dispatch(sc);
840 spin_unlock_irqrestore(&sc->lock, flags);
843 static void ub_scsi_dispatch(struct ub_dev *sc)
845 struct ub_scsi_cmd *cmd;
848 while ((cmd = ub_cmdq_peek(sc)) != NULL) {
849 if (cmd->state == UB_CMDST_DONE) {
851 (*cmd->done)(sc, cmd);
852 } else if (cmd->state == UB_CMDST_INIT) {
853 ub_cmdtr_new(sc, cmd);
854 if ((rc = ub_scsi_cmd_start(sc, cmd)) == 0)
857 cmd->state = UB_CMDST_DONE;
858 ub_cmdtr_state(sc, cmd);
860 if (!ub_is_completed(&sc->work_done))
862 ub_scsi_urb_compl(sc, cmd);
867 static void ub_scsi_urb_compl(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
869 struct urb *urb = &sc->work_urb;
870 struct bulk_cs_wrap *bcs;
874 /* P3 */ /** printk("ub: urb status %d pipe 0x%08x len %d act %d\n",
875 urb->status, urb->pipe, urb->transfer_buffer_length, urb->actual_length); **/
877 if (atomic_read(&sc->poison)) {
878 /* A little too simplistic, I feel... */
882 if (cmd->state == UB_CMDST_CLEAR) {
883 if (urb->status == -EPIPE) {
885 * STALL while clearning STALL.
886 * A STALL is illegal on a control pipe!
887 * XXX Might try to reset the device here and retry.
889 printk(KERN_NOTICE "%s: "
890 "stall on control pipe for device %u\n",
891 sc->name, sc->dev->devnum);
896 * We ignore the result for the halt clear.
899 /* reset the endpoint toggle */
900 usb_settoggle(sc->dev, usb_pipeendpoint(sc->last_pipe),
901 usb_pipeout(sc->last_pipe), 0);
903 ub_state_sense(sc, cmd);
905 } else if (cmd->state == UB_CMDST_CLR2STS) {
906 if (urb->status == -EPIPE) {
908 * STALL while clearning STALL.
909 * A STALL is illegal on a control pipe!
910 * XXX Might try to reset the device here and retry.
912 printk(KERN_NOTICE "%s: "
913 "stall on control pipe for device %u\n",
914 sc->name, sc->dev->devnum);
919 * We ignore the result for the halt clear.
922 /* reset the endpoint toggle */
923 usb_settoggle(sc->dev, usb_pipeendpoint(sc->last_pipe),
924 usb_pipeout(sc->last_pipe), 0);
926 ub_state_stat(sc, cmd);
928 } else if (cmd->state == UB_CMDST_CMD) {
929 if (urb->status == -EPIPE) {
930 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
932 printk(KERN_NOTICE "%s: "
933 "unable to submit clear for device %u (%d)\n",
934 sc->name, sc->dev->devnum, rc);
936 * This is typically ENOMEM or some other such shit.
937 * Retrying is pointless. Just do Bad End on it...
941 cmd->state = UB_CMDST_CLEAR;
942 ub_cmdtr_state(sc, cmd);
945 if (urb->status != 0)
947 if (urb->actual_length != US_BULK_CB_WRAP_LEN) {
948 /* XXX Must do reset here to unconfuse the device */
952 if (cmd->dir == UB_DIR_NONE) {
953 ub_state_stat(sc, cmd);
957 UB_INIT_COMPLETION(sc->work_done);
959 if (cmd->dir == UB_DIR_READ)
960 pipe = sc->recv_bulk_pipe;
962 pipe = sc->send_bulk_pipe;
963 sc->last_pipe = pipe;
964 usb_fill_bulk_urb(&sc->work_urb, sc->dev, pipe,
965 cmd->data, cmd->len, ub_urb_complete, sc);
966 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
967 sc->work_urb.actual_length = 0;
968 sc->work_urb.error_count = 0;
969 sc->work_urb.status = 0;
971 sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
972 add_timer(&sc->work_timer);
974 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
975 /* XXX Clear stalls */
976 printk("ub: data #%d submit failed (%d)\n", cmd->tag, rc); /* P3 */
977 del_timer(&sc->work_timer);
978 ub_complete(&sc->work_done);
979 ub_state_done(sc, cmd, rc);
983 cmd->state = UB_CMDST_DATA;
984 ub_cmdtr_state(sc, cmd);
986 } else if (cmd->state == UB_CMDST_DATA) {
987 if (urb->status == -EPIPE) {
988 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
990 printk(KERN_NOTICE "%s: "
991 "unable to submit clear for device %u (%d)\n",
992 sc->name, sc->dev->devnum, rc);
994 * This is typically ENOMEM or some other such shit.
995 * Retrying is pointless. Just do Bad End on it...
999 cmd->state = UB_CMDST_CLR2STS;
1000 ub_cmdtr_state(sc, cmd);
1003 if (urb->status == -EOVERFLOW) {
1005 * A babble? Failure, but we must transfer CSW now.
1007 cmd->error = -EOVERFLOW; /* A cheap trick... */
1009 if (urb->status != 0)
1013 cmd->act_len = urb->actual_length;
1014 ub_cmdtr_act_len(sc, cmd);
1016 ub_state_stat(sc, cmd);
1018 } else if (cmd->state == UB_CMDST_STAT) {
1019 if (urb->status == -EPIPE) {
1020 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1022 printk(KERN_NOTICE "%s: "
1023 "unable to submit clear for device %u (%d)\n",
1024 sc->name, sc->dev->devnum, rc);
1026 * This is typically ENOMEM or some other such shit.
1027 * Retrying is pointless. Just do Bad End on it...
1031 cmd->state = UB_CMDST_CLEAR;
1032 ub_cmdtr_state(sc, cmd);
1035 if (urb->status != 0)
1038 if (urb->actual_length == 0) {
1040 * Some broken devices add unnecessary zero-length
1041 * packets to the end of their data transfers.
1042 * Such packets show up as 0-length CSWs. If we
1043 * encounter such a thing, try to read the CSW again.
1045 if (++cmd->stat_count >= 4) {
1046 printk(KERN_NOTICE "%s: "
1047 "unable to get CSW on device %u\n",
1048 sc->name, sc->dev->devnum);
1053 * ub_state_stat only not dropping the count...
1055 UB_INIT_COMPLETION(sc->work_done);
1057 sc->last_pipe = sc->recv_bulk_pipe;
1058 usb_fill_bulk_urb(&sc->work_urb, sc->dev,
1059 sc->recv_bulk_pipe, &sc->work_bcs,
1060 US_BULK_CS_WRAP_LEN, ub_urb_complete, sc);
1061 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1062 sc->work_urb.actual_length = 0;
1063 sc->work_urb.error_count = 0;
1064 sc->work_urb.status = 0;
1066 sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
1067 add_timer(&sc->work_timer);
1069 rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC);
1071 /* XXX Clear stalls */
1072 printk("%s: CSW #%d submit failed (%d)\n",
1073 sc->name, cmd->tag, rc); /* P3 */
1074 del_timer(&sc->work_timer);
1075 ub_complete(&sc->work_done);
1076 ub_state_done(sc, cmd, rc);
1083 * Check the returned Bulk protocol status.
1086 bcs = &sc->work_bcs;
1087 rc = le32_to_cpu(bcs->Residue);
1088 if (rc != cmd->len - cmd->act_len) {
1090 * It is all right to transfer less, the caller has
1091 * to check. But it's not all right if the device
1092 * counts disagree with our counts.
1094 /* P3 */ printk("%s: resid %d len %d act %d\n",
1095 sc->name, rc, cmd->len, cmd->act_len);
1099 if (bcs->Signature != cpu_to_le32(US_BULK_CS_SIGN) &&
1100 bcs->Signature != cpu_to_le32(US_BULK_CS_OLYMPUS_SIGN)) {
1101 /* XXX Rate-limit, even for P3 tagged */
1102 /* P3 */ printk("ub: signature 0x%x\n", bcs->Signature);
1103 /* Windows ignores signatures, so do we. */
1106 if (bcs->Tag != cmd->tag) {
1107 /* P3 */ printk("%s: tag orig 0x%x reply 0x%x\n",
1108 sc->name, cmd->tag, bcs->Tag);
1112 switch (bcs->Status) {
1113 case US_BULK_STAT_OK:
1115 case US_BULK_STAT_FAIL:
1116 ub_state_sense(sc, cmd);
1118 case US_BULK_STAT_PHASE:
1119 /* XXX We must reset the transport here */
1120 /* P3 */ printk("%s: status PHASE\n", sc->name);
1123 printk(KERN_INFO "%s: unknown CSW status 0x%x\n",
1124 sc->name, bcs->Status);
1128 /* Not zeroing error to preserve a babble indicator */
1129 cmd->state = UB_CMDST_DONE;
1130 ub_cmdtr_state(sc, cmd);
1132 (*cmd->done)(sc, cmd);
1134 } else if (cmd->state == UB_CMDST_SENSE) {
1136 * We do not look at sense, because even if there was no sense,
1137 * we get into UB_CMDST_SENSE from a STALL or CSW FAIL only.
1138 * We request sense because we want to clear CHECK CONDITION
1139 * on devices with delusions of SCSI, and not because we
1140 * are curious in any way about the sense itself.
1142 /* if ((cmd->top_sense[2] & 0x0F) == NO_SENSE) { foo } */
1144 ub_state_done(sc, cmd, -EIO);
1146 printk(KERN_WARNING "%s: "
1147 "wrong command state %d on device %u\n",
1148 sc->name, cmd->state, sc->dev->devnum);
1153 Bad_End: /* Little Excel is dead */
1154 ub_state_done(sc, cmd, -EIO);
1158 * Factorization helper for the command state machine:
1159 * Finish the command.
1161 static void ub_state_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd, int rc)
1165 cmd->state = UB_CMDST_DONE;
1166 ub_cmdtr_state(sc, cmd);
1168 (*cmd->done)(sc, cmd);
1172 * Factorization helper for the command state machine:
1173 * Submit a CSW read and go to STAT state.
1175 static void ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1179 UB_INIT_COMPLETION(sc->work_done);
1181 sc->last_pipe = sc->recv_bulk_pipe;
1182 usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->recv_bulk_pipe,
1183 &sc->work_bcs, US_BULK_CS_WRAP_LEN, ub_urb_complete, sc);
1184 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1185 sc->work_urb.actual_length = 0;
1186 sc->work_urb.error_count = 0;
1187 sc->work_urb.status = 0;
1189 sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
1190 add_timer(&sc->work_timer);
1192 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1193 /* XXX Clear stalls */
1194 printk("ub: CSW #%d submit failed (%d)\n", cmd->tag, rc); /* P3 */
1195 del_timer(&sc->work_timer);
1196 ub_complete(&sc->work_done);
1197 ub_state_done(sc, cmd, rc);
1201 cmd->stat_count = 0;
1202 cmd->state = UB_CMDST_STAT;
1203 ub_cmdtr_state(sc, cmd);
1207 * Factorization helper for the command state machine:
1208 * Submit a REQUEST SENSE and go to SENSE state.
1210 static void ub_state_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1212 struct ub_scsi_cmd *scmd;
1215 if (cmd->cdb[0] == REQUEST_SENSE) {
1220 memset(&sc->top_sense, 0, UB_SENSE_SIZE);
1221 scmd = &sc->top_rqs_cmd;
1222 scmd->cdb[0] = REQUEST_SENSE;
1224 scmd->dir = UB_DIR_READ;
1225 scmd->state = UB_CMDST_INIT;
1226 scmd->data = sc->top_sense;
1227 scmd->len = UB_SENSE_SIZE;
1228 scmd->done = ub_top_sense_done;
1231 scmd->tag = sc->tagcnt++;
1233 cmd->state = UB_CMDST_SENSE;
1234 ub_cmdtr_state(sc, cmd);
1236 ub_cmdq_insert(sc, scmd);
1240 ub_state_done(sc, cmd, rc);
1244 * A helper for the command's state machine:
1245 * Submit a stall clear.
1247 static int ub_submit_clear_stall(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
1251 struct usb_ctrlrequest *cr;
1254 endp = usb_pipeendpoint(stalled_pipe);
1255 if (usb_pipein (stalled_pipe))
1259 cr->bRequestType = USB_RECIP_ENDPOINT;
1260 cr->bRequest = USB_REQ_CLEAR_FEATURE;
1261 cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
1262 cr->wIndex = cpu_to_le16(endp);
1263 cr->wLength = cpu_to_le16(0);
1265 UB_INIT_COMPLETION(sc->work_done);
1267 usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1268 (unsigned char*) cr, NULL, 0, ub_urb_complete, sc);
1269 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1270 sc->work_urb.actual_length = 0;
1271 sc->work_urb.error_count = 0;
1272 sc->work_urb.status = 0;
1274 sc->work_timer.expires = jiffies + UB_CTRL_TIMEOUT;
1275 add_timer(&sc->work_timer);
1277 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1278 del_timer(&sc->work_timer);
1279 ub_complete(&sc->work_done);
1287 static void ub_top_sense_done(struct ub_dev *sc, struct ub_scsi_cmd *scmd)
1289 unsigned char *sense = scmd->data;
1290 struct ub_scsi_cmd *cmd;
1292 ub_cmdtr_sense(sc, scmd, sense);
1294 if ((cmd = ub_cmdq_peek(sc)) == NULL) {
1295 printk(KERN_WARNING "%s: sense done while idle\n", sc->name);
1298 if (cmd != scmd->back) {
1299 printk(KERN_WARNING "%s: "
1300 "sense done for wrong command 0x%x on device %u\n",
1301 sc->name, cmd->tag, sc->dev->devnum);
1304 if (cmd->state != UB_CMDST_SENSE) {
1305 printk(KERN_WARNING "%s: "
1306 "sense done with bad cmd state %d on device %u\n",
1307 sc->name, cmd->state, sc->dev->devnum);
1311 ub_scsi_urb_compl(sc, cmd);
1315 /* Determine what the maximum LUN supported is */
1316 int usb_stor_Bulk_max_lun(struct us_data *us)
1320 /* issue the command */
1321 result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
1322 US_BULK_GET_MAX_LUN,
1323 USB_DIR_IN | USB_TYPE_CLASS |
1324 USB_RECIP_INTERFACE,
1325 0, us->ifnum, us->iobuf, 1, HZ);
1328 * Some devices (i.e. Iomega Zip100) need this -- apparently
1329 * the bulk pipes get STALLed when the GetMaxLUN request is
1330 * processed. This is, in theory, harmless to all other devices
1331 * (regardless of if they stall or not).
1334 usb_stor_clear_halt(us, us->recv_bulk_pipe);
1335 usb_stor_clear_halt(us, us->send_bulk_pipe);
1338 US_DEBUGP("GetMaxLUN command result is %d, data is %d\n",
1339 result, us->iobuf[0]);
1341 /* if we have a successful request, return the result */
1343 return us->iobuf[0];
1345 /* return the default -- no LUNs */
1351 * This is called from a process context.
1353 static void ub_revalidate(struct ub_dev *sc)
1356 sc->readonly = 0; /* XXX Query this from the device */
1359 * XXX sd.c sets capacity to zero in such case. However, it doesn't
1360 * work for us. In case of zero capacity, block layer refuses to
1361 * have the /dev/uba opened (why?) Set capacity to some random value.
1363 sc->capacity.nsec = 50;
1364 sc->capacity.bsize = 512;
1365 sc->capacity.bshift = 0;
1367 if (ub_sync_tur(sc) != 0)
1368 return; /* Not ready */
1371 if (ub_sync_read_cap(sc, &sc->capacity) != 0) {
1373 * The retry here means something is wrong, either with the
1374 * device, with the transport, or with our code.
1375 * We keep this because sd.c has retries for capacity.
1377 if (ub_sync_read_cap(sc, &sc->capacity) != 0) {
1378 sc->capacity.nsec = 100;
1379 sc->capacity.bsize = 512;
1380 sc->capacity.bshift = 0;
1387 * This is mostly needed to keep refcounting, but also to support
1388 * media checks on removable media drives.
1390 static int ub_bd_open(struct inode *inode, struct file *filp)
1392 struct gendisk *disk = inode->i_bdev->bd_disk;
1394 unsigned long flags;
1397 if ((sc = disk->private_data) == NULL)
1399 spin_lock_irqsave(&ub_lock, flags);
1400 if (atomic_read(&sc->poison)) {
1401 spin_unlock_irqrestore(&ub_lock, flags);
1405 spin_unlock_irqrestore(&ub_lock, flags);
1407 if (sc->removable || sc->readonly)
1408 check_disk_change(inode->i_bdev);
1410 /* XXX sd.c and floppy.c bail on open if media is not present. */
1412 if (sc->readonly && (filp->f_mode & FMODE_WRITE)) {
1420 spin_lock_irqsave(&ub_lock, flags);
1422 if (sc->openc == 0 && atomic_read(&sc->poison))
1424 spin_unlock_irqrestore(&ub_lock, flags);
1430 static int ub_bd_release(struct inode *inode, struct file *filp)
1432 struct gendisk *disk = inode->i_bdev->bd_disk;
1433 struct ub_dev *sc = disk->private_data;
1434 unsigned long flags;
1436 spin_lock_irqsave(&ub_lock, flags);
1438 if (sc->openc == 0 && atomic_read(&sc->poison))
1440 spin_unlock_irqrestore(&ub_lock, flags);
1445 * The ioctl interface.
1447 static int ub_bd_ioctl(struct inode *inode, struct file *filp,
1448 unsigned int cmd, unsigned long arg)
1450 // void __user *usermem = (void *) arg;
1451 // struct carm_port *port = ino->i_bdev->bd_disk->private_data;
1452 // struct hd_geometry geom;
1457 if (usermem == NULL) // XXX Bizzare. Why?
1460 geom.heads = (u8) port->dev_geom_head;
1461 geom.sectors = (u8) port->dev_geom_sect;
1462 geom.cylinders = port->dev_geom_cyl;
1463 geom.start = get_start_sect(ino->i_bdev);
1465 if (copy_to_user(usermem, &geom, sizeof(geom)))
1477 * This is called once a new disk was seen by the block layer or by ub_probe().
1478 * The main onjective here is to discover the features of the media such as
1479 * the capacity, read-only status, etc. USB storage generally does not
1480 * need to be spun up, but if we needed it, this would be the place.
1482 * This call can sleep.
1484 * The return code is not used.
1486 static int ub_bd_revalidate(struct gendisk *disk)
1488 struct ub_dev *sc = disk->private_data;
1491 /* This is pretty much a long term P3 */
1492 printk(KERN_INFO "%s: device %u capacity nsec %ld bsize %u\n",
1493 sc->name, sc->dev->devnum, sc->capacity.nsec, sc->capacity.bsize);
1495 set_capacity(disk, sc->capacity.nsec);
1496 // set_disk_ro(sdkp->disk, sc->readonly);
1501 * The check is called by the block layer to verify if the media
1502 * is still available. It is supposed to be harmless, lightweight and
1503 * non-intrusive in case the media was not changed.
1505 * This call can sleep.
1507 * The return code is bool!
1509 static int ub_bd_media_changed(struct gendisk *disk)
1511 struct ub_dev *sc = disk->private_data;
1517 * We clean checks always after every command, so this is not
1518 * as dangerous as it looks. If the TEST_UNIT_READY fails here,
1519 * the device is actually not ready with operator or software
1520 * intervention required. One dangerous item might be a drive which
1521 * spins itself down, and come the time to write dirty pages, this
1522 * will fail, then block layer discards the data. Since we never
1523 * spin drives up, such devices simply cannot be used with ub anyway.
1525 if (ub_sync_tur(sc) != 0) {
1527 /* P3 */ printk("%s: made changed\n", sc->name);
1531 /* The sd.c clears this before returning (one-shot flag). Why? */
1532 /* P3 */ printk("%s: %s changed\n", sc->name,
1533 sc->changed? "is": "was not");
1537 static struct block_device_operations ub_bd_fops = {
1538 .owner = THIS_MODULE,
1540 .release = ub_bd_release,
1541 .ioctl = ub_bd_ioctl,
1542 .media_changed = ub_bd_media_changed,
1543 .revalidate_disk = ub_bd_revalidate,
1547 * Common ->done routine for commands executed synchronously.
1549 static void ub_probe_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1551 struct completion *cop = cmd->back;
1556 * Test if the device has a check condition on it, synchronously.
1558 static int ub_sync_tur(struct ub_dev *sc)
1560 struct ub_scsi_cmd *cmd;
1561 enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) };
1562 unsigned long flags;
1563 struct completion compl;
1566 init_completion(&compl);
1569 if ((cmd = kmalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1571 memset(cmd, 0, ALLOC_SIZE);
1573 cmd->cdb[0] = TEST_UNIT_READY;
1575 cmd->dir = UB_DIR_NONE;
1576 cmd->state = UB_CMDST_INIT;
1577 cmd->done = ub_probe_done;
1580 spin_lock_irqsave(&sc->lock, flags);
1581 cmd->tag = sc->tagcnt++;
1583 rc = ub_submit_scsi(sc, cmd);
1584 spin_unlock_irqrestore(&sc->lock, flags);
1587 printk("ub: testing ready: submit error (%d)\n", rc); /* P3 */
1591 wait_for_completion(&compl);
1602 * Read the SCSI capacity synchronously (for probing).
1604 static int ub_sync_read_cap(struct ub_dev *sc, struct ub_capacity *ret)
1606 struct ub_scsi_cmd *cmd;
1608 enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) + 8 };
1609 unsigned long flags;
1610 unsigned int bsize, shift;
1612 struct completion compl;
1615 init_completion(&compl);
1618 if ((cmd = kmalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1620 memset(cmd, 0, ALLOC_SIZE);
1621 p = (char *)cmd + sizeof(struct ub_scsi_cmd);
1625 cmd->dir = UB_DIR_READ;
1626 cmd->state = UB_CMDST_INIT;
1629 cmd->done = ub_probe_done;
1632 spin_lock_irqsave(&sc->lock, flags);
1633 cmd->tag = sc->tagcnt++;
1635 rc = ub_submit_scsi(sc, cmd);
1636 spin_unlock_irqrestore(&sc->lock, flags);
1639 printk("ub: reading capacity: submit error (%d)\n", rc); /* P3 */
1643 wait_for_completion(&compl);
1645 if (cmd->error != 0) {
1646 printk("ub: reading capacity: error %d\n", cmd->error); /* P3 */
1650 if (cmd->act_len != 8) {
1651 printk("ub: reading capacity: size %d\n", cmd->act_len); /* P3 */
1656 /* sd.c special-cases sector size of 0 to mean 512. Needed? Safe? */
1657 nsec = be32_to_cpu(*(u32 *)p) + 1;
1658 bsize = be32_to_cpu(*(u32 *)(p + 4));
1660 case 512: shift = 0; break;
1661 case 1024: shift = 1; break;
1662 case 2048: shift = 2; break;
1663 case 4096: shift = 3; break;
1665 printk("ub: Bad sector size %u\n", bsize); /* P3 */
1671 ret->bshift = shift;
1672 ret->nsec = nsec << shift;
1685 static void ub_probe_urb_complete(struct urb *urb, struct pt_regs *pt)
1687 struct completion *cop = urb->context;
1691 static void ub_probe_timeout(unsigned long arg)
1693 struct completion *cop = (struct completion *) arg;
1698 * Clear initial stalls.
1700 static int ub_probe_clear_stall(struct ub_dev *sc, int stalled_pipe)
1703 struct usb_ctrlrequest *cr;
1704 struct completion compl;
1705 struct timer_list timer;
1708 init_completion(&compl);
1710 endp = usb_pipeendpoint(stalled_pipe);
1711 if (usb_pipein (stalled_pipe))
1715 cr->bRequestType = USB_RECIP_ENDPOINT;
1716 cr->bRequest = USB_REQ_CLEAR_FEATURE;
1717 cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
1718 cr->wIndex = cpu_to_le16(endp);
1719 cr->wLength = cpu_to_le16(0);
1721 usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1722 (unsigned char*) cr, NULL, 0, ub_probe_urb_complete, &compl);
1723 sc->work_urb.transfer_flags = 0;
1724 sc->work_urb.actual_length = 0;
1725 sc->work_urb.error_count = 0;
1726 sc->work_urb.status = 0;
1729 timer.function = ub_probe_timeout;
1730 timer.data = (unsigned long) &compl;
1731 timer.expires = jiffies + UB_CTRL_TIMEOUT;
1734 if ((rc = usb_submit_urb(&sc->work_urb, GFP_KERNEL)) != 0) {
1736 "%s: Unable to submit a probe clear (%d)\n", sc->name, rc);
1737 del_timer_sync(&timer);
1741 wait_for_completion(&compl);
1743 del_timer_sync(&timer);
1745 * Most of the time, URB was done and dev set to NULL, and so
1746 * the unlink bounces out with ENODEV. We do not call usb_kill_urb
1747 * because we still think about a backport to 2.4.
1749 usb_unlink_urb(&sc->work_urb);
1751 /* reset the endpoint toggle */
1752 usb_settoggle(sc->dev, endp, usb_pipeout(sc->last_pipe), 0);
1758 * Get the pipe settings.
1760 static int ub_get_pipes(struct ub_dev *sc, struct usb_device *dev,
1761 struct usb_interface *intf)
1763 struct usb_host_interface *altsetting = intf->cur_altsetting;
1764 struct usb_endpoint_descriptor *ep_in = NULL;
1765 struct usb_endpoint_descriptor *ep_out = NULL;
1766 struct usb_endpoint_descriptor *ep;
1770 * Find the endpoints we need.
1771 * We are expecting a minimum of 2 endpoints - in and out (bulk).
1772 * We will ignore any others.
1774 for (i = 0; i < altsetting->desc.bNumEndpoints; i++) {
1775 ep = &altsetting->endpoint[i].desc;
1777 /* Is it a BULK endpoint? */
1778 if ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1779 == USB_ENDPOINT_XFER_BULK) {
1780 /* BULK in or out? */
1781 if (ep->bEndpointAddress & USB_DIR_IN)
1788 if (ep_in == NULL || ep_out == NULL) {
1789 printk(KERN_NOTICE "%s: device %u failed endpoint check\n",
1790 sc->name, sc->dev->devnum);
1794 /* Calculate and store the pipe values */
1795 sc->send_ctrl_pipe = usb_sndctrlpipe(dev, 0);
1796 sc->recv_ctrl_pipe = usb_rcvctrlpipe(dev, 0);
1797 sc->send_bulk_pipe = usb_sndbulkpipe(dev,
1798 ep_out->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1799 sc->recv_bulk_pipe = usb_rcvbulkpipe(dev,
1800 ep_in->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1806 * Probing is done in the process context, which allows us to cheat
1807 * and not to build a state machine for the discovery.
1809 static int ub_probe(struct usb_interface *intf,
1810 const struct usb_device_id *dev_id)
1814 struct gendisk *disk;
1818 if ((sc = kmalloc(sizeof(struct ub_dev), GFP_KERNEL)) == NULL)
1820 memset(sc, 0, sizeof(struct ub_dev));
1821 spin_lock_init(&sc->lock);
1822 usb_init_urb(&sc->work_urb);
1823 tasklet_init(&sc->tasklet, ub_scsi_action, (unsigned long)sc);
1824 atomic_set(&sc->poison, 0);
1826 init_timer(&sc->work_timer);
1827 sc->work_timer.data = (unsigned long) sc;
1828 sc->work_timer.function = ub_urb_timeout;
1830 ub_init_completion(&sc->work_done);
1831 sc->work_done.done = 1; /* A little yuk, but oh well... */
1834 if ((sc->id = ub_id_get()) == -1)
1836 snprintf(sc->name, 8, DRV_NAME "%c", sc->id + 'a');
1838 sc->dev = interface_to_usbdev(intf);
1840 // sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
1842 usb_set_intfdata(intf, sc);
1843 usb_get_dev(sc->dev);
1844 // usb_get_intf(sc->intf); /* Do we need this? */
1846 /* XXX Verify that we can handle the device (from descriptors) */
1848 ub_get_pipes(sc, sc->dev, intf);
1850 if (device_create_file(&sc->intf->dev, &dev_attr_diag) != 0)
1854 * At this point, all USB initialization is done, do upper layer.
1855 * We really hate halfway initialized structures, so from the
1856 * invariants perspective, this ub_dev is fully constructed at
1861 * This is needed to clear toggles. It is a problem only if we do
1862 * `rmmod ub && modprobe ub` without disconnects, but we like that.
1864 ub_probe_clear_stall(sc, sc->recv_bulk_pipe);
1865 ub_probe_clear_stall(sc, sc->send_bulk_pipe);
1868 * The way this is used by the startup code is a little specific.
1869 * A SCSI check causes a USB stall. Our common case code sees it
1870 * and clears the check, after which the device is ready for use.
1871 * But if a check was not present, any command other than
1872 * TEST_UNIT_READY ends with a lockup (including REQUEST_SENSE).
1874 * If we neglect to clear the SCSI check, the first real command fails
1875 * (which is the capacity readout). We clear that and retry, but why
1876 * causing spurious retries for no reason.
1878 * Revalidation may start with its own TEST_UNIT_READY, but that one
1879 * has to succeed, so we clear checks with an additional one here.
1880 * In any case it's not our business how revaliadation is implemented.
1884 sc->removable = 1; /* XXX Query this from the device */
1887 /* This is pretty much a long term P3 */
1888 printk(KERN_INFO "%s: device %u capacity nsec %ld bsize %u\n",
1889 sc->name, sc->dev->devnum, sc->capacity.nsec, sc->capacity.bsize);
1892 * Just one disk per sc currently, but maybe more.
1895 if ((disk = alloc_disk(UB_MINORS_PER_MAJOR)) == NULL)
1899 sprintf(disk->disk_name, DRV_NAME "%c", sc->id + 'a');
1900 sprintf(disk->devfs_name, DEVFS_NAME "/%c", sc->id + 'a');
1901 disk->major = UB_MAJOR;
1902 disk->first_minor = sc->id * UB_MINORS_PER_MAJOR;
1903 disk->fops = &ub_bd_fops;
1904 disk->private_data = sc;
1905 disk->driverfs_dev = &intf->dev;
1908 if ((q = blk_init_queue(ub_bd_rq_fn, &sc->lock)) == NULL)
1913 // blk_queue_bounce_limit(q, hba[i]->pdev->dma_mask);
1914 blk_queue_max_hw_segments(q, UB_MAX_REQ_SG);
1915 blk_queue_max_phys_segments(q, UB_MAX_REQ_SG);
1916 // blk_queue_segment_boundary(q, CARM_SG_BOUNDARY);
1917 blk_queue_max_sectors(q, UB_MAX_SECTORS);
1918 // blk_queue_hardsect_size(q, xxxxx);
1921 * This is a serious infraction, caused by a deficiency in the
1922 * USB sg interface (usb_sg_wait()). We plan to remove this once
1923 * we get mileage on the driver and can justify a change to USB API.
1924 * See blk_queue_bounce_limit() to understand this part.
1926 * XXX And I still need to be aware of the DMA mask in the HC.
1928 q->bounce_pfn = blk_max_low_pfn;
1929 q->bounce_gfp = GFP_NOIO;
1933 set_capacity(disk, sc->capacity.nsec);
1935 disk->flags |= GENHD_FL_REMOVABLE;
1944 device_remove_file(&sc->intf->dev, &dev_attr_diag);
1946 usb_set_intfdata(intf, NULL);
1947 // usb_put_intf(sc->intf);
1948 usb_put_dev(sc->dev);
1949 spin_lock_irq(&ub_lock);
1951 spin_unlock_irq(&ub_lock);
1958 static void ub_disconnect(struct usb_interface *intf)
1960 struct ub_dev *sc = usb_get_intfdata(intf);
1961 struct gendisk *disk = sc->disk;
1962 request_queue_t *q = disk->queue;
1963 unsigned long flags;
1966 * Fence stall clearnings, operations triggered by unlinkings and so on.
1967 * We do not attempt to unlink any URBs, because we do not trust the
1968 * unlink paths in HC drivers. Also, we get -84 upon disconnect anyway.
1970 atomic_set(&sc->poison, 1);
1973 * Blow away queued commands.
1975 * Actually, this never works, because before we get here
1976 * the HCD terminates outstanding URB(s). It causes our
1977 * SCSI command queue to advance, commands fail to submit,
1978 * and the whole queue drains. So, we just use this code to
1981 spin_lock_irqsave(&sc->lock, flags);
1983 struct ub_scsi_cmd *cmd;
1985 while ((cmd = ub_cmdq_pop(sc)) != NULL) {
1986 cmd->error = -ENOTCONN;
1987 cmd->state = UB_CMDST_DONE;
1988 ub_cmdtr_state(sc, cmd);
1990 (*cmd->done)(sc, cmd);
1994 printk(KERN_WARNING "%s: "
1995 "%d was queued after shutdown\n", sc->name, cnt);
1998 spin_unlock_irqrestore(&sc->lock, flags);
2001 * Unregister the upper layer, this waits for all commands to end.
2003 if (disk->flags & GENHD_FL_UP)
2006 blk_cleanup_queue(q);
2009 * If we zero disk->private_data BEFORE put_disk, we have to check
2010 * for NULL all over the place in open, release, check_media and
2011 * revalidate, because the block level semaphore is well inside the
2012 * put_disk. But we cannot zero after the call, because *disk is gone.
2013 * The sd.c is blatantly racy in this area.
2015 /* disk->private_data = NULL; */
2020 * We really expect blk_cleanup_queue() to wait, so no amount
2021 * of paranoya is too much.
2023 * Taking a lock on a structure which is about to be freed
2024 * is very nonsensual. Here it is largely a way to do a debug freeze,
2025 * and a bracket which shows where the nonsensual code segment ends.
2027 * Testing for -EINPROGRESS is always a bug, so we are bending
2028 * the rules a little.
2030 spin_lock_irqsave(&sc->lock, flags);
2031 if (sc->work_urb.status == -EINPROGRESS) { /* janitors: ignore */
2032 printk(KERN_WARNING "%s: "
2033 "URB is active after disconnect\n", sc->name);
2035 spin_unlock_irqrestore(&sc->lock, flags);
2038 * At this point there must be no commands coming from anyone
2039 * and no URBs left in transit.
2042 device_remove_file(&sc->intf->dev, &dev_attr_diag);
2043 usb_set_intfdata(intf, NULL);
2044 // usb_put_intf(sc->intf);
2046 usb_put_dev(sc->dev);
2049 spin_lock_irqsave(&ub_lock, flags);
2052 spin_unlock_irqrestore(&ub_lock, flags);
2055 struct usb_driver ub_driver = {
2056 .owner = THIS_MODULE,
2059 .disconnect = ub_disconnect,
2060 .id_table = ub_usb_ids,
2063 static int __init ub_init(void)
2067 /* P3 */ printk("ub: sizeof ub_scsi_cmd %zu ub_dev %zu\n",
2068 sizeof(struct ub_scsi_cmd), sizeof(struct ub_dev));
2070 if ((rc = register_blkdev(UB_MAJOR, DRV_NAME)) != 0)
2072 devfs_mk_dir(DEVFS_NAME);
2074 if ((rc = usb_register(&ub_driver)) != 0)
2080 devfs_remove(DEVFS_NAME);
2081 unregister_blkdev(UB_MAJOR, DRV_NAME);
2086 static void __exit ub_exit(void)
2088 usb_deregister(&ub_driver);
2090 devfs_remove(DEVFS_NAME);
2091 unregister_blkdev(UB_MAJOR, DRV_NAME);
2094 module_init(ub_init);
2095 module_exit(ub_exit);
2097 MODULE_LICENSE("GPL");
git://git.onelab.eu / linux-2.6.git / blob