1 /* Driver for SanDisk SDDR-09 SmartMedia reader
3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $
4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
6 * Developed with the assistance of:
7 * (c) 2002 Alan Stern <stern@rowland.org>
9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10 * This chip is a programmable USB controller. In the SDDR-09, it has
11 * been programmed to obey a certain limited set of SCSI commands.
12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2, or (at your option) any
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 675 Mass Ave, Cambridge, MA 02139, USA.
31 * Known vendor commands: 12 bytes, first byte is opcode
33 * E7: read scatter gather
41 * EF: compute checksum (?)
44 #include "transport.h"
50 #include <linux/version.h>
51 #include <linux/sched.h>
52 #include <linux/errno.h>
53 #include <linux/slab.h>
55 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
56 #define LSB_of(s) ((s)&0xFF)
57 #define MSB_of(s) ((s)>>8)
59 /* #define US_DEBUGP printk */
62 * First some stuff that does not belong here:
63 * data on SmartMedia and other cards, completely
64 * unrelated to this driver.
65 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
68 struct nand_flash_dev {
70 int chipshift; /* 1<<cs bytes total capacity */
71 char pageshift; /* 1<<ps bytes in a page */
72 char blockshift; /* 1<<bs pages in an erase block */
73 char zoneshift; /* 1<<zs blocks in a zone */
74 /* # of logical blocks is 125/128 of this */
75 char pageadrlen; /* length of an address in bytes - 1 */
79 * NAND Flash Manufacturer ID Codes
81 #define NAND_MFR_AMD 0x01
82 #define NAND_MFR_NATSEMI 0x8f
83 #define NAND_MFR_TOSHIBA 0x98
84 #define NAND_MFR_SAMSUNG 0xec
86 static inline char *nand_flash_manufacturer(int manuf_id) {
90 case NAND_MFR_NATSEMI:
92 case NAND_MFR_TOSHIBA:
94 case NAND_MFR_SAMSUNG:
102 * It looks like it is unnecessary to attach manufacturer to the
103 * remaining data: SSFDC prescribes manufacturer-independent id codes.
105 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
108 static struct nand_flash_dev nand_flash_ids[] = {
110 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
111 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
112 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
113 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
114 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
115 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
116 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
117 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
118 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
119 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
120 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
121 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
122 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
125 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
126 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
127 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
128 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
129 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
133 #define SIZE(a) (sizeof(a)/sizeof((a)[0]))
135 static struct nand_flash_dev *
136 nand_find_id(unsigned char id) {
139 for (i = 0; i < SIZE(nand_flash_ids); i++)
140 if (nand_flash_ids[i].model_id == id)
141 return &(nand_flash_ids[i]);
148 static unsigned char parity[256];
149 static unsigned char ecc2[256];
151 static void nand_init_ecc(void) {
155 for (i = 1; i < 256; i++)
156 parity[i] = (parity[i&(i-1)] ^ 1);
158 for (i = 0; i < 256; i++) {
160 for (j = 0; j < 8; j++) {
170 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
174 /* compute 3-byte ecc on 256 bytes */
175 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
177 unsigned char par, bit, bits[8];
180 for (j = 0; j < 8; j++)
183 /* collect 16 checksum bits */
184 for (i = 0; i < 256; i++) {
186 bit = parity[data[i]];
187 for (j = 0; j < 8; j++)
188 if ((i & (1<<j)) == 0)
192 /* put 4+4+4 = 12 bits in the ecc */
193 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
194 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
196 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
197 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
202 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
203 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
206 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
207 memcpy(data, ecc, 3);
211 * The actual driver starts here.
215 * On my 16MB card, control blocks have size 64 (16 real control bytes,
216 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
217 * so the reader makes up the remaining 48. Don't know whether these numbers
218 * depend on the card. For now a constant.
220 #define CONTROL_SHIFT 6
223 * On my Combo CF/SM reader, the SM reader has LUN 1.
224 * (and things fail with LUN 0).
225 * It seems LUN is irrelevant for others.
228 #define LUNBITS (LUN << 5)
231 * LBA and PBA are unsigned ints. Special values.
233 #define UNDEF 0xffffffff
234 #define SPARE 0xfffffffe
235 #define UNUSABLE 0xfffffffd
237 static int erase_bad_lba_entries = 0;
239 /* send vendor interface command (0x41) */
240 /* called for requests 0, 1, 8 */
242 sddr09_send_command(struct us_data *us,
243 unsigned char request,
244 unsigned char direction,
245 unsigned char *xfer_data,
246 unsigned int xfer_len) {
248 unsigned char requesttype = (0x41 | direction);
251 // Get the receive or send control pipe number
253 if (direction == USB_DIR_IN)
254 pipe = us->recv_ctrl_pipe;
256 pipe = us->send_ctrl_pipe;
258 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
259 0, 0, xfer_data, xfer_len);
260 return (rc == USB_STOR_XFER_GOOD ? USB_STOR_TRANSPORT_GOOD :
261 USB_STOR_TRANSPORT_ERROR);
265 sddr09_send_scsi_command(struct us_data *us,
266 unsigned char *command,
267 unsigned int command_len) {
268 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
273 * Test Unit Ready Command: 12 bytes.
277 sddr09_test_unit_ready(struct us_data *us) {
278 unsigned char *command = us->iobuf;
281 memset(command, 0, 6);
282 command[1] = LUNBITS;
284 result = sddr09_send_scsi_command(us, command, 6);
286 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result);
293 * Request Sense Command: 12 bytes.
295 * byte 4: data length
298 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
299 unsigned char *command = us->iobuf;
302 memset(command, 0, 12);
304 command[1] = LUNBITS;
307 result = sddr09_send_scsi_command(us, command, 12);
308 if (result != USB_STOR_TRANSPORT_GOOD) {
309 US_DEBUGP("request sense failed\n");
313 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
314 sensebuf, buflen, NULL);
315 if (result != USB_STOR_XFER_GOOD) {
316 US_DEBUGP("request sense bulk in failed\n");
317 return USB_STOR_TRANSPORT_ERROR;
319 US_DEBUGP("request sense worked\n");
320 return USB_STOR_TRANSPORT_GOOD;
325 * Read Command: 12 bytes.
327 * byte 1: last two bits: 00: read data, 01: read blockwise control,
328 * 10: read both, 11: read pagewise control.
329 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
330 * bytes 2-5: address (interpretation depends on byte 1, see below)
331 * bytes 10-11: count (idem)
333 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
334 * A read data command gets data in 512-byte pages.
335 * A read control command gets control in 64-byte chunks.
336 * A read both command gets data+control in 576-byte chunks.
338 * Blocks are groups of 32 pages, and read blockwise control jumps to the
339 * next block, while read pagewise control jumps to the next page after
340 * reading a group of 64 control bytes.
341 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
343 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
347 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
348 int nr_of_pages, int bulklen, unsigned char *buf,
351 unsigned char *command = us->iobuf;
355 command[1] = LUNBITS | x;
356 command[2] = MSB_of(fromaddress>>16);
357 command[3] = LSB_of(fromaddress>>16);
358 command[4] = MSB_of(fromaddress & 0xFFFF);
359 command[5] = LSB_of(fromaddress & 0xFFFF);
364 command[10] = MSB_of(nr_of_pages);
365 command[11] = LSB_of(nr_of_pages);
367 result = sddr09_send_scsi_command(us, command, 12);
369 if (result != USB_STOR_TRANSPORT_GOOD) {
370 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n",
375 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
376 buf, bulklen, use_sg, NULL);
378 if (result != USB_STOR_XFER_GOOD) {
379 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n",
381 return USB_STOR_TRANSPORT_ERROR;
383 return USB_STOR_TRANSPORT_GOOD;
389 * fromaddress counts data shorts:
390 * increasing it by 256 shifts the bytestream by 512 bytes;
391 * the last 8 bits are ignored.
393 * nr_of_pages counts pages of size (1 << pageshift).
396 sddr09_read20(struct us_data *us, unsigned long fromaddress,
397 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
398 int bulklen = nr_of_pages << pageshift;
400 /* The last 8 bits of fromaddress are ignored. */
401 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
406 * Read Blockwise Control
408 * fromaddress gives the starting position (as in read data;
409 * the last 8 bits are ignored); increasing it by 32*256 shifts
410 * the output stream by 64 bytes.
412 * count counts control groups of size (1 << controlshift).
413 * For me, controlshift = 6. Is this constant?
415 * After getting one control group, jump to the next block
416 * (fromaddress += 8192).
419 sddr09_read21(struct us_data *us, unsigned long fromaddress,
420 int count, int controlshift, unsigned char *buf, int use_sg) {
422 int bulklen = (count << controlshift);
423 return sddr09_readX(us, 1, fromaddress, count, bulklen,
428 * Read both Data and Control
430 * fromaddress counts data shorts, ignoring control:
431 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
432 * the last 8 bits are ignored.
434 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
437 sddr09_read22(struct us_data *us, unsigned long fromaddress,
438 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
440 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
441 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n",
442 nr_of_pages, bulklen);
443 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
449 * Read Pagewise Control
451 * fromaddress gives the starting position (as in read data;
452 * the last 8 bits are ignored); increasing it by 256 shifts
453 * the output stream by 64 bytes.
455 * count counts control groups of size (1 << controlshift).
456 * For me, controlshift = 6. Is this constant?
458 * After getting one control group, jump to the next page
459 * (fromaddress += 256).
462 sddr09_read23(struct us_data *us, unsigned long fromaddress,
463 int count, int controlshift, unsigned char *buf, int use_sg) {
465 int bulklen = (count << controlshift);
466 return sddr09_readX(us, 3, fromaddress, count, bulklen,
472 * Erase Command: 12 bytes.
474 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
476 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
477 * The byte address being erased is 2*Eaddress.
478 * The CIS cannot be erased.
481 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
482 unsigned char *command = us->iobuf;
485 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress);
487 memset(command, 0, 12);
489 command[1] = LUNBITS;
490 command[6] = MSB_of(Eaddress>>16);
491 command[7] = LSB_of(Eaddress>>16);
492 command[8] = MSB_of(Eaddress & 0xFFFF);
493 command[9] = LSB_of(Eaddress & 0xFFFF);
495 result = sddr09_send_scsi_command(us, command, 12);
497 if (result != USB_STOR_TRANSPORT_GOOD)
498 US_DEBUGP("Result for send_control in sddr09_erase %d\n",
505 * Write CIS Command: 12 bytes.
507 * bytes 2-5: write address in shorts
508 * bytes 10-11: sector count
510 * This writes at the indicated address. Don't know how it differs
511 * from E9. Maybe it does not erase? However, it will also write to
514 * When two such commands on the same page follow each other directly,
515 * the second one is not done.
519 * Write Command: 12 bytes.
521 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
522 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
523 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
525 * If write address equals erase address, the erase is done first,
526 * otherwise the write is done first. When erase address equals zero
530 sddr09_writeX(struct us_data *us,
531 unsigned long Waddress, unsigned long Eaddress,
532 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
534 unsigned char *command = us->iobuf;
538 command[1] = LUNBITS;
540 command[2] = MSB_of(Waddress>>16);
541 command[3] = LSB_of(Waddress>>16);
542 command[4] = MSB_of(Waddress & 0xFFFF);
543 command[5] = LSB_of(Waddress & 0xFFFF);
545 command[6] = MSB_of(Eaddress>>16);
546 command[7] = LSB_of(Eaddress>>16);
547 command[8] = MSB_of(Eaddress & 0xFFFF);
548 command[9] = LSB_of(Eaddress & 0xFFFF);
550 command[10] = MSB_of(nr_of_pages);
551 command[11] = LSB_of(nr_of_pages);
553 result = sddr09_send_scsi_command(us, command, 12);
555 if (result != USB_STOR_TRANSPORT_GOOD) {
556 US_DEBUGP("Result for send_control in sddr09_writeX %d\n",
561 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
562 buf, bulklen, use_sg, NULL);
564 if (result != USB_STOR_XFER_GOOD) {
565 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n",
567 return USB_STOR_TRANSPORT_ERROR;
569 return USB_STOR_TRANSPORT_GOOD;
572 /* erase address, write same address */
574 sddr09_write_inplace(struct us_data *us, unsigned long address,
575 int nr_of_pages, int pageshift, unsigned char *buf,
577 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
578 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
584 * Read Scatter Gather Command: 3+4n bytes.
587 * bytes 4i-1,4i,4i+1: page address
588 * byte 4i+2: page count
591 * This reads several pages from the card to a single memory buffer.
592 * The last two bits of byte 1 have the same meaning as for E8.
595 sddr09_read_sg_test_only(struct us_data *us) {
596 unsigned char *command = us->iobuf;
597 int result, bulklen, nsg, ct;
599 unsigned long address;
603 command[1] = LUNBITS;
605 address = 040000; ct = 1;
607 bulklen += (ct << 9);
608 command[4*nsg+2] = ct;
609 command[4*nsg+1] = ((address >> 9) & 0xFF);
610 command[4*nsg+0] = ((address >> 17) & 0xFF);
611 command[4*nsg-1] = ((address >> 25) & 0xFF);
613 address = 0340000; ct = 1;
615 bulklen += (ct << 9);
616 command[4*nsg+2] = ct;
617 command[4*nsg+1] = ((address >> 9) & 0xFF);
618 command[4*nsg+0] = ((address >> 17) & 0xFF);
619 command[4*nsg-1] = ((address >> 25) & 0xFF);
621 address = 01000000; ct = 2;
623 bulklen += (ct << 9);
624 command[4*nsg+2] = ct;
625 command[4*nsg+1] = ((address >> 9) & 0xFF);
626 command[4*nsg+0] = ((address >> 17) & 0xFF);
627 command[4*nsg-1] = ((address >> 25) & 0xFF);
631 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
633 if (result != USB_STOR_TRANSPORT_GOOD) {
634 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n",
639 buf = (unsigned char *) kmalloc(bulklen, GFP_NOIO);
641 return USB_STOR_TRANSPORT_ERROR;
643 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
646 if (result != USB_STOR_XFER_GOOD) {
647 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n",
649 return USB_STOR_TRANSPORT_ERROR;
652 return USB_STOR_TRANSPORT_GOOD;
657 * Read Status Command: 12 bytes.
660 * Returns 64 bytes, all zero except for the first.
662 * bit 5: 1: Suspended
664 * bit 7: 1: Not write-protected
668 sddr09_read_status(struct us_data *us, unsigned char *status) {
670 unsigned char *command = us->iobuf;
671 unsigned char *data = us->iobuf;
674 US_DEBUGP("Reading status...\n");
676 memset(command, 0, 12);
678 command[1] = LUNBITS;
680 result = sddr09_send_scsi_command(us, command, 12);
681 if (result != USB_STOR_TRANSPORT_GOOD)
684 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
687 return (result == USB_STOR_XFER_GOOD ?
688 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
692 sddr09_read_data(struct us_data *us,
693 unsigned long address,
694 unsigned int sectors) {
696 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
697 unsigned char *buffer;
698 unsigned int lba, maxlba, pba;
699 unsigned int page, pages;
700 unsigned int len, index, offset;
703 // Since we only read in one block at a time, we have to create
704 // a bounce buffer and move the data a piece at a time between the
705 // bounce buffer and the actual transfer buffer.
707 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
708 buffer = kmalloc(len, GFP_NOIO);
709 if (buffer == NULL) {
710 printk("sddr09_read_data: Out of memory\n");
711 return USB_STOR_TRANSPORT_ERROR;
714 // Figure out the initial LBA and page
715 lba = address >> info->blockshift;
716 page = (address & info->blockmask);
717 maxlba = info->capacity >> (info->pageshift + info->blockshift);
719 // This could be made much more efficient by checking for
720 // contiguous LBA's. Another exercise left to the student.
722 result = USB_STOR_TRANSPORT_GOOD;
725 while (sectors > 0) {
727 /* Find number of pages we can read in this block */
728 pages = min(sectors, info->blocksize - page);
729 len = pages << info->pageshift;
731 /* Not overflowing capacity? */
733 US_DEBUGP("Error: Requested lba %u exceeds "
734 "maximum %u\n", lba, maxlba);
735 result = USB_STOR_TRANSPORT_ERROR;
739 /* Find where this lba lives on disk */
740 pba = info->lba_to_pba[lba];
742 if (pba == UNDEF) { /* this lba was never written */
744 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n",
747 /* This is not really an error. It just means
748 that the block has never been written.
749 Instead of returning USB_STOR_TRANSPORT_ERROR
750 it is better to return all zero data. */
752 memset(buffer, 0, len);
755 US_DEBUGP("Read %d pages, from PBA %d"
756 " (LBA %d) page %d\n",
757 pages, pba, lba, page);
759 address = ((pba << info->blockshift) + page) <<
762 result = sddr09_read20(us, address>>1,
763 pages, info->pageshift, buffer, 0);
764 if (result != USB_STOR_TRANSPORT_GOOD)
768 // Store the data in the transfer buffer
769 usb_stor_access_xfer_buf(buffer, len, us->srb,
770 &index, &offset, TO_XFER_BUF);
782 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
783 static unsigned int lastpba = 1;
784 int zonestart, end, i;
786 zonestart = (lba/1000) << 10;
787 end = info->capacity >> (info->blockshift + info->pageshift);
792 for (i = lastpba+1; i < end; i++) {
793 if (info->pba_to_lba[zonestart+i] == UNDEF) {
798 for (i = 0; i <= lastpba; i++) {
799 if (info->pba_to_lba[zonestart+i] == UNDEF) {
808 sddr09_write_lba(struct us_data *us, unsigned int lba,
809 unsigned int page, unsigned int pages,
810 unsigned char *ptr, unsigned char *blockbuffer) {
812 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
813 unsigned long address;
814 unsigned int pba, lbap;
815 unsigned int pagelen;
816 unsigned char *bptr, *cptr, *xptr;
817 unsigned char ecc[3];
818 int i, result, isnew;
820 lbap = ((lba % 1000) << 1) | 0x1000;
821 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
823 pba = info->lba_to_pba[lba];
827 pba = sddr09_find_unused_pba(info, lba);
829 printk("sddr09_write_lba: Out of unused blocks\n");
830 return USB_STOR_TRANSPORT_ERROR;
832 info->pba_to_lba[pba] = lba;
833 info->lba_to_pba[lba] = pba;
838 /* Maybe it is impossible to write to PBA 1.
839 Fake success, but don't do anything. */
840 printk("sddr09: avoid writing to pba 1\n");
841 return USB_STOR_TRANSPORT_GOOD;
844 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
846 /* read old contents */
847 address = (pba << (info->pageshift + info->blockshift));
848 result = sddr09_read22(us, address>>1, info->blocksize,
849 info->pageshift, blockbuffer, 0);
850 if (result != USB_STOR_TRANSPORT_GOOD)
853 /* check old contents and fill lba */
854 for (i = 0; i < info->blocksize; i++) {
855 bptr = blockbuffer + i*pagelen;
856 cptr = bptr + info->pagesize;
857 nand_compute_ecc(bptr, ecc);
858 if (!nand_compare_ecc(cptr+13, ecc)) {
859 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n",
861 nand_store_ecc(cptr+13, ecc);
863 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
864 if (!nand_compare_ecc(cptr+8, ecc)) {
865 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n",
867 nand_store_ecc(cptr+8, ecc);
869 cptr[6] = cptr[11] = MSB_of(lbap);
870 cptr[7] = cptr[12] = LSB_of(lbap);
873 /* copy in new stuff and compute ECC */
875 for (i = page; i < page+pages; i++) {
876 bptr = blockbuffer + i*pagelen;
877 cptr = bptr + info->pagesize;
878 memcpy(bptr, xptr, info->pagesize);
879 xptr += info->pagesize;
880 nand_compute_ecc(bptr, ecc);
881 nand_store_ecc(cptr+13, ecc);
882 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
883 nand_store_ecc(cptr+8, ecc);
886 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba);
888 result = sddr09_write_inplace(us, address>>1, info->blocksize,
889 info->pageshift, blockbuffer, 0);
891 US_DEBUGP("sddr09_write_inplace returns %d\n", result);
895 unsigned char status = 0;
896 int result2 = sddr09_read_status(us, &status);
897 if (result2 != USB_STOR_TRANSPORT_GOOD)
898 US_DEBUGP("sddr09_write_inplace: cannot read status\n");
899 else if (status != 0xc0)
900 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n",
907 int result2 = sddr09_test_unit_ready(us);
915 sddr09_write_data(struct us_data *us,
916 unsigned long address,
917 unsigned int sectors) {
919 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
920 unsigned int lba, page, pages;
921 unsigned int pagelen, blocklen;
922 unsigned char *blockbuffer;
923 unsigned char *buffer;
924 unsigned int len, index, offset;
927 // blockbuffer is used for reading in the old data, overwriting
928 // with the new data, and performing ECC calculations
930 /* TODO: instead of doing kmalloc/kfree for each write,
931 add a bufferpointer to the info structure */
933 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
934 blocklen = (pagelen << info->blockshift);
935 blockbuffer = kmalloc(blocklen, GFP_NOIO);
937 printk("sddr09_write_data: Out of memory\n");
938 return USB_STOR_TRANSPORT_ERROR;
941 // Since we don't write the user data directly to the device,
942 // we have to create a bounce buffer and move the data a piece
943 // at a time between the bounce buffer and the actual transfer buffer.
945 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
946 buffer = kmalloc(len, GFP_NOIO);
947 if (buffer == NULL) {
948 printk("sddr09_write_data: Out of memory\n");
950 return USB_STOR_TRANSPORT_ERROR;
953 // Figure out the initial LBA and page
954 lba = address >> info->blockshift;
955 page = (address & info->blockmask);
957 result = USB_STOR_TRANSPORT_GOOD;
960 while (sectors > 0) {
962 // Write as many sectors as possible in this block
964 pages = min(sectors, info->blocksize - page);
965 len = (pages << info->pageshift);
967 // Get the data from the transfer buffer
968 usb_stor_access_xfer_buf(buffer, len, us->srb,
969 &index, &offset, FROM_XFER_BUF);
971 result = sddr09_write_lba(us, lba, page, pages,
972 buffer, blockbuffer);
973 if (result != USB_STOR_TRANSPORT_GOOD)
988 sddr09_read_control(struct us_data *us,
989 unsigned long address,
991 unsigned char *content,
994 US_DEBUGP("Read control address %lu, blocks %d\n",
997 return sddr09_read21(us, address, blocks,
998 CONTROL_SHIFT, content, use_sg);
1002 * Read Device ID Command: 12 bytes.
1003 * byte 0: opcode: ED
1005 * Returns 2 bytes: Manufacturer ID and Device ID.
1006 * On more recent cards 3 bytes: the third byte is an option code A5
1007 * signifying that the secret command to read an 128-bit ID is available.
1008 * On still more recent cards 4 bytes: the fourth byte C0 means that
1009 * a second read ID cmd is available.
1012 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1013 unsigned char *command = us->iobuf;
1014 unsigned char *content = us->iobuf;
1017 memset(command, 0, 12);
1019 command[1] = LUNBITS;
1021 result = sddr09_send_scsi_command(us, command, 12);
1022 if (result != USB_STOR_TRANSPORT_GOOD)
1025 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1028 for (i = 0; i < 4; i++)
1029 deviceID[i] = content[i];
1031 return (result == USB_STOR_XFER_GOOD ?
1032 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1036 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1038 unsigned char status;
1040 result = sddr09_read_status(us, &status);
1041 if (result != USB_STOR_TRANSPORT_GOOD) {
1042 US_DEBUGP("sddr09_get_wp: read_status fails\n");
1045 US_DEBUGP("sddr09_get_wp: status 0x%02X", status);
1046 if ((status & 0x80) == 0) {
1047 info->flags |= SDDR09_WP; /* write protected */
1051 US_DEBUGP(" Ready");
1052 if (status & LUNBITS)
1053 US_DEBUGP(" Suspended");
1055 US_DEBUGP(" Error");
1057 return USB_STOR_TRANSPORT_GOOD;
1062 * Reset Command: 12 bytes.
1063 * byte 0: opcode: EB
1066 sddr09_reset(struct us_data *us) {
1068 unsigned char *command = us->iobuf;
1070 memset(command, 0, 12);
1072 command[1] = LUNBITS;
1074 return sddr09_send_scsi_command(us, command, 12);
1078 static struct nand_flash_dev *
1079 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1080 struct nand_flash_dev *cardinfo;
1081 unsigned char deviceID[4];
1085 US_DEBUGP("Reading capacity...\n");
1087 result = sddr09_read_deviceID(us, deviceID);
1089 if (result != USB_STOR_TRANSPORT_GOOD) {
1090 US_DEBUGP("Result of read_deviceID is %d\n", result);
1091 printk("sddr09: could not read card info\n");
1095 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1096 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1098 /* Byte 0 is the manufacturer */
1099 sprintf(blurbtxt + strlen(blurbtxt),
1101 nand_flash_manufacturer(deviceID[0]));
1103 /* Byte 1 is the device type */
1104 cardinfo = nand_find_id(deviceID[1]);
1106 /* MB or MiB? It is neither. A 16 MB card has
1107 17301504 raw bytes, of which 16384000 are
1108 usable for user data. */
1109 sprintf(blurbtxt + strlen(blurbtxt),
1110 ", %d MB", 1<<(cardinfo->chipshift - 20));
1112 sprintf(blurbtxt + strlen(blurbtxt),
1113 ", type unrecognized");
1116 /* Byte 2 is code to signal availability of 128-bit ID */
1117 if (deviceID[2] == 0xa5) {
1118 sprintf(blurbtxt + strlen(blurbtxt),
1122 /* Byte 3 announces the availability of another read ID command */
1123 if (deviceID[3] == 0xc0) {
1124 sprintf(blurbtxt + strlen(blurbtxt),
1128 if (flags & SDDR09_WP)
1129 sprintf(blurbtxt + strlen(blurbtxt),
1132 printk("%s\n", blurbtxt);
1138 sddr09_read_map(struct us_data *us) {
1140 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1141 int numblocks, alloc_len, alloc_blocks;
1143 unsigned char *buffer, *buffer_end, *ptr;
1144 unsigned int lba, lbact;
1146 if (!info->capacity)
1149 // size of a block is 1 << (blockshift + pageshift) bytes
1150 // divide into the total capacity to get the number of blocks
1152 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1154 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1155 // but only use a 64 KB buffer
1156 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1157 #define SDDR09_READ_MAP_BUFSZ 65536
1159 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1160 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1161 buffer = kmalloc(alloc_len, GFP_NOIO);
1162 if (buffer == NULL) {
1163 printk("sddr09_read_map: out of memory\n");
1167 buffer_end = buffer + alloc_len;
1169 #undef SDDR09_READ_MAP_BUFSZ
1171 kfree(info->lba_to_pba);
1172 kfree(info->pba_to_lba);
1173 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1174 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1176 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1177 printk("sddr09_read_map: out of memory\n");
1182 for (i = 0; i < numblocks; i++)
1183 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1186 * Define lba-pba translation table
1190 for (i = 0; i < numblocks; i++) {
1191 ptr += (1 << CONTROL_SHIFT);
1192 if (ptr >= buffer_end) {
1193 unsigned long address;
1195 address = i << (info->pageshift + info->blockshift);
1196 result = sddr09_read_control(
1198 min(alloc_blocks, numblocks - i),
1200 if (result != USB_STOR_TRANSPORT_GOOD) {
1207 if (i == 0 || i == 1) {
1208 info->pba_to_lba[i] = UNUSABLE;
1212 /* special PBAs have control field 0^16 */
1213 for (j = 0; j < 16; j++)
1216 info->pba_to_lba[i] = UNUSABLE;
1217 printk("sddr09: PBA %d has no logical mapping\n", i);
1221 /* unwritten PBAs have control field FF^16 */
1222 for (j = 0; j < 16; j++)
1228 /* normal PBAs start with six FFs */
1230 printk("sddr09: PBA %d has no logical mapping: "
1231 "reserved area = %02X%02X%02X%02X "
1232 "data status %02X block status %02X\n",
1233 i, ptr[0], ptr[1], ptr[2], ptr[3],
1235 info->pba_to_lba[i] = UNUSABLE;
1239 if ((ptr[6] >> 4) != 0x01) {
1240 printk("sddr09: PBA %d has invalid address field "
1241 "%02X%02X/%02X%02X\n",
1242 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1243 info->pba_to_lba[i] = UNUSABLE;
1247 /* check even parity */
1248 if (parity[ptr[6] ^ ptr[7]]) {
1249 printk("sddr09: Bad parity in LBA for block %d"
1250 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1251 info->pba_to_lba[i] = UNUSABLE;
1255 lba = short_pack(ptr[7], ptr[6]);
1256 lba = (lba & 0x07FF) >> 1;
1259 * Every 1024 physical blocks ("zone"), the LBA numbers
1260 * go back to zero, but are within a higher block of LBA's.
1261 * Also, there is a maximum of 1000 LBA's per zone.
1262 * In other words, in PBA 1024-2047 you will find LBA 0-999
1263 * which are really LBA 1000-1999. This allows for 24 bad
1264 * or special physical blocks per zone.
1268 printk("sddr09: Bad low LBA %d for block %d\n",
1270 goto possibly_erase;
1273 lba += 1000*(i/0x400);
1275 if (info->lba_to_pba[lba] != UNDEF) {
1276 printk("sddr09: LBA %d seen for PBA %d and %d\n",
1277 lba, info->lba_to_pba[lba], i);
1278 goto possibly_erase;
1281 info->pba_to_lba[i] = lba;
1282 info->lba_to_pba[lba] = i;
1286 if (erase_bad_lba_entries) {
1287 unsigned long address;
1289 address = (i << (info->pageshift + info->blockshift));
1290 sddr09_erase(us, address>>1);
1291 info->pba_to_lba[i] = UNDEF;
1293 info->pba_to_lba[i] = UNUSABLE;
1297 * Approximate capacity. This is not entirely correct yet,
1298 * since a zone with less than 1000 usable pages leads to
1299 * missing LBAs. Especially if it is the last zone, some
1300 * LBAs can be past capacity.
1303 for (i = 0; i < numblocks; i += 1024) {
1306 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1307 if (info->pba_to_lba[i+j] != UNUSABLE) {
1309 info->pba_to_lba[i+j] = SPARE;
1316 info->lbact = lbact;
1317 US_DEBUGP("Found %d LBA's\n", lbact);
1322 kfree(info->lba_to_pba);
1323 kfree(info->pba_to_lba);
1324 info->lba_to_pba = NULL;
1325 info->pba_to_lba = NULL;
1332 sddr09_card_info_destructor(void *extra) {
1333 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1338 kfree(info->lba_to_pba);
1339 kfree(info->pba_to_lba);
1343 sddr09_init_card_info(struct us_data *us) {
1345 us->extra = kmalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1347 memset(us->extra, 0, sizeof(struct sddr09_card_info));
1348 us->extra_destructor = sddr09_card_info_destructor;
1354 * This is needed at a very early stage. If this is not listed in the
1355 * unusual devices list but called from here then LUN 0 of the combo reader
1356 * is not recognized. But I do not know what precisely these calls do.
1359 sddr09_init(struct us_data *us) {
1361 unsigned char *data = us->iobuf;
1363 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1364 if (result != USB_STOR_TRANSPORT_GOOD) {
1365 US_DEBUGP("sddr09_init: send_command fails\n");
1369 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1372 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1373 if (result != USB_STOR_TRANSPORT_GOOD) {
1374 US_DEBUGP("sddr09_init: 2nd send_command fails\n");
1378 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1381 result = sddr09_request_sense(us, data, 18);
1382 if (result == USB_STOR_TRANSPORT_GOOD && data[2] != 0) {
1384 for (j=0; j<18; j++)
1385 printk(" %02X", data[j]);
1387 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1388 // 70: current command
1389 // sense key 0, sense code 0, extd sense code 0
1390 // additional transfer length * = sizeof(data) - 7
1391 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1392 // sense key 06, sense code 28: unit attention,
1393 // not ready to ready transition
1398 return USB_STOR_TRANSPORT_GOOD; /* not result */
1402 * Transport for the Sandisk SDDR-09
1404 int sddr09_transport(Scsi_Cmnd *srb, struct us_data *us)
1406 static unsigned char sensekey = 0, sensecode = 0;
1407 static unsigned char havefakesense = 0;
1409 unsigned char *ptr = us->iobuf;
1410 unsigned long capacity;
1411 unsigned int page, pages;
1413 struct sddr09_card_info *info;
1415 static unsigned char inquiry_response[8] = {
1416 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1419 /* note: no block descriptor support */
1420 static unsigned char mode_page_01[19] = {
1421 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1426 info = (struct sddr09_card_info *)us->extra;
1429 sddr09_init_card_info(us);
1430 info = (struct sddr09_card_info *)us->extra;
1432 return USB_STOR_TRANSPORT_ERROR;
1435 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1436 /* for a faked command, we have to follow with a faked sense */
1441 ptr[12] = sensecode;
1442 usb_stor_set_xfer_buf(ptr, 18, srb);
1443 sensekey = sensecode = havefakesense = 0;
1444 return USB_STOR_TRANSPORT_GOOD;
1449 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1450 respond to INQUIRY commands */
1452 if (srb->cmnd[0] == INQUIRY) {
1453 memcpy(ptr, inquiry_response, 8);
1454 fill_inquiry_response(us, ptr, 36);
1455 return USB_STOR_TRANSPORT_GOOD;
1458 if (srb->cmnd[0] == READ_CAPACITY) {
1459 struct nand_flash_dev *cardinfo;
1461 sddr09_get_wp(us, info); /* read WP bit */
1463 cardinfo = sddr09_get_cardinfo(us, info->flags);
1465 /* probably no media */
1467 sensekey = 0x02; /* not ready */
1468 sensecode = 0x3a; /* medium not present */
1469 return USB_STOR_TRANSPORT_FAILED;
1472 info->capacity = (1 << cardinfo->chipshift);
1473 info->pageshift = cardinfo->pageshift;
1474 info->pagesize = (1 << info->pageshift);
1475 info->blockshift = cardinfo->blockshift;
1476 info->blocksize = (1 << info->blockshift);
1477 info->blockmask = info->blocksize - 1;
1479 // map initialization, must follow get_cardinfo()
1480 if (sddr09_read_map(us)) {
1481 /* probably out of memory */
1487 capacity = (info->lbact << info->blockshift) - 1;
1489 ((u32 *) ptr)[0] = cpu_to_be32(capacity);
1493 ((u32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1494 usb_stor_set_xfer_buf(ptr, 8, srb);
1496 return USB_STOR_TRANSPORT_GOOD;
1499 if (srb->cmnd[0] == MODE_SENSE_10) {
1500 int modepage = (srb->cmnd[2] & 0x3F);
1502 /* They ask for the Read/Write error recovery page,
1503 or for all pages. */
1504 /* %% We should check DBD %% */
1505 if (modepage == 0x01 || modepage == 0x3F) {
1506 US_DEBUGP("SDDR09: Dummy up request for "
1507 "mode page 0x%x\n", modepage);
1509 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1510 ((u16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1511 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1512 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1513 return USB_STOR_TRANSPORT_GOOD;
1516 sensekey = 0x05; /* illegal request */
1517 sensecode = 0x24; /* invalid field in CDB */
1518 return USB_STOR_TRANSPORT_FAILED;
1521 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1522 return USB_STOR_TRANSPORT_GOOD;
1526 if (srb->cmnd[0] == READ_10) {
1528 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1530 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1531 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1533 US_DEBUGP("READ_10: read page %d pagect %d\n",
1536 return sddr09_read_data(us, page, pages);
1539 if (srb->cmnd[0] == WRITE_10) {
1541 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1543 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1544 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1546 US_DEBUGP("WRITE_10: write page %d pagect %d\n",
1549 return sddr09_write_data(us, page, pages);
1552 /* catch-all for all other commands, except
1553 * pass TEST_UNIT_READY and REQUEST_SENSE through
1555 if (srb->cmnd[0] != TEST_UNIT_READY &&
1556 srb->cmnd[0] != REQUEST_SENSE) {
1557 sensekey = 0x05; /* illegal request */
1558 sensecode = 0x20; /* invalid command */
1560 return USB_STOR_TRANSPORT_FAILED;
1563 for (; srb->cmd_len<12; srb->cmd_len++)
1564 srb->cmnd[srb->cmd_len] = 0;
1566 srb->cmnd[1] = LUNBITS;
1569 for (i=0; i<12; i++)
1570 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1572 US_DEBUGP("SDDR09: Send control for command %s\n", ptr);
1574 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1575 if (result != USB_STOR_TRANSPORT_GOOD) {
1576 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command "
1577 "returns %d\n", result);
1581 if (srb->request_bufflen == 0)
1582 return USB_STOR_TRANSPORT_GOOD;
1584 if (srb->sc_data_direction == SCSI_DATA_WRITE ||
1585 srb->sc_data_direction == SCSI_DATA_READ) {
1586 unsigned int pipe = (srb->sc_data_direction == SCSI_DATA_WRITE)
1587 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1589 US_DEBUGP("SDDR09: %s %d bytes\n",
1590 (srb->sc_data_direction == SCSI_DATA_WRITE) ?
1591 "sending" : "receiving",
1592 srb->request_bufflen);
1594 result = usb_stor_bulk_transfer_sg(us, pipe,
1595 srb->request_buffer,
1596 srb->request_bufflen,
1597 srb->use_sg, &srb->resid);
1599 return (result == USB_STOR_XFER_GOOD ?
1600 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1603 return USB_STOR_TRANSPORT_GOOD;
git://git.onelab.eu / linux-2.6.git / blob