1 /* Driver for SanDisk SDDR-09 SmartMedia reader
3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $
4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
6 * Developed with the assistance of:
7 * (c) 2002 Alan Stern <stern@rowland.org>
9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10 * This chip is a programmable USB controller. In the SDDR-09, it has
11 * been programmed to obey a certain limited set of SCSI commands.
12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2, or (at your option) any
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 675 Mass Ave, Cambridge, MA 02139, USA.
31 * Known vendor commands: 12 bytes, first byte is opcode
33 * E7: read scatter gather
41 * EF: compute checksum (?)
44 #include <linux/errno.h>
45 #include <linux/slab.h>
47 #include <scsi/scsi.h>
48 #include <scsi/scsi_cmnd.h>
51 #include "transport.h"
57 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
58 #define LSB_of(s) ((s)&0xFF)
59 #define MSB_of(s) ((s)>>8)
61 /* #define US_DEBUGP printk */
64 * First some stuff that does not belong here:
65 * data on SmartMedia and other cards, completely
66 * unrelated to this driver.
67 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
70 struct nand_flash_dev {
72 int chipshift; /* 1<<cs bytes total capacity */
73 char pageshift; /* 1<<ps bytes in a page */
74 char blockshift; /* 1<<bs pages in an erase block */
75 char zoneshift; /* 1<<zs blocks in a zone */
76 /* # of logical blocks is 125/128 of this */
77 char pageadrlen; /* length of an address in bytes - 1 */
81 * NAND Flash Manufacturer ID Codes
83 #define NAND_MFR_AMD 0x01
84 #define NAND_MFR_NATSEMI 0x8f
85 #define NAND_MFR_TOSHIBA 0x98
86 #define NAND_MFR_SAMSUNG 0xec
88 static inline char *nand_flash_manufacturer(int manuf_id) {
92 case NAND_MFR_NATSEMI:
94 case NAND_MFR_TOSHIBA:
96 case NAND_MFR_SAMSUNG:
104 * It looks like it is unnecessary to attach manufacturer to the
105 * remaining data: SSFDC prescribes manufacturer-independent id codes.
107 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
110 static struct nand_flash_dev nand_flash_ids[] = {
112 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
113 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
114 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
115 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
116 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
117 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
118 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
119 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
120 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
121 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
122 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
123 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
124 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
127 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
128 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
129 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
130 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
131 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
135 static struct nand_flash_dev *
136 nand_find_id(unsigned char id) {
139 for (i = 0; i < ARRAY_SIZE(nand_flash_ids); i++)
140 if (nand_flash_ids[i].model_id == id)
141 return &(nand_flash_ids[i]);
148 static unsigned char parity[256];
149 static unsigned char ecc2[256];
151 static void nand_init_ecc(void) {
155 for (i = 1; i < 256; i++)
156 parity[i] = (parity[i&(i-1)] ^ 1);
158 for (i = 0; i < 256; i++) {
160 for (j = 0; j < 8; j++) {
170 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
174 /* compute 3-byte ecc on 256 bytes */
175 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
177 unsigned char par, bit, bits[8];
180 for (j = 0; j < 8; j++)
183 /* collect 16 checksum bits */
184 for (i = 0; i < 256; i++) {
186 bit = parity[data[i]];
187 for (j = 0; j < 8; j++)
188 if ((i & (1<<j)) == 0)
192 /* put 4+4+4 = 12 bits in the ecc */
193 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
194 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
196 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
197 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
202 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
203 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
206 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
207 memcpy(data, ecc, 3);
211 * The actual driver starts here.
214 struct sddr09_card_info {
215 unsigned long capacity; /* Size of card in bytes */
216 int pagesize; /* Size of page in bytes */
217 int pageshift; /* log2 of pagesize */
218 int blocksize; /* Size of block in pages */
219 int blockshift; /* log2 of blocksize */
220 int blockmask; /* 2^blockshift - 1 */
221 int *lba_to_pba; /* logical to physical map */
222 int *pba_to_lba; /* physical to logical map */
223 int lbact; /* number of available pages */
225 #define SDDR09_WP 1 /* write protected */
229 * On my 16MB card, control blocks have size 64 (16 real control bytes,
230 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
231 * so the reader makes up the remaining 48. Don't know whether these numbers
232 * depend on the card. For now a constant.
234 #define CONTROL_SHIFT 6
237 * On my Combo CF/SM reader, the SM reader has LUN 1.
238 * (and things fail with LUN 0).
239 * It seems LUN is irrelevant for others.
242 #define LUNBITS (LUN << 5)
245 * LBA and PBA are unsigned ints. Special values.
247 #define UNDEF 0xffffffff
248 #define SPARE 0xfffffffe
249 #define UNUSABLE 0xfffffffd
251 static const int erase_bad_lba_entries = 0;
253 /* send vendor interface command (0x41) */
254 /* called for requests 0, 1, 8 */
256 sddr09_send_command(struct us_data *us,
257 unsigned char request,
258 unsigned char direction,
259 unsigned char *xfer_data,
260 unsigned int xfer_len) {
262 unsigned char requesttype = (0x41 | direction);
265 // Get the receive or send control pipe number
267 if (direction == USB_DIR_IN)
268 pipe = us->recv_ctrl_pipe;
270 pipe = us->send_ctrl_pipe;
272 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
273 0, 0, xfer_data, xfer_len);
275 case USB_STOR_XFER_GOOD: return 0;
276 case USB_STOR_XFER_STALLED: return -EPIPE;
277 default: return -EIO;
282 sddr09_send_scsi_command(struct us_data *us,
283 unsigned char *command,
284 unsigned int command_len) {
285 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
290 * Test Unit Ready Command: 12 bytes.
294 sddr09_test_unit_ready(struct us_data *us) {
295 unsigned char *command = us->iobuf;
298 memset(command, 0, 6);
299 command[1] = LUNBITS;
301 result = sddr09_send_scsi_command(us, command, 6);
303 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result);
310 * Request Sense Command: 12 bytes.
312 * byte 4: data length
315 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
316 unsigned char *command = us->iobuf;
319 memset(command, 0, 12);
321 command[1] = LUNBITS;
324 result = sddr09_send_scsi_command(us, command, 12);
328 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
329 sensebuf, buflen, NULL);
330 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
334 * Read Command: 12 bytes.
336 * byte 1: last two bits: 00: read data, 01: read blockwise control,
337 * 10: read both, 11: read pagewise control.
338 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
339 * bytes 2-5: address (interpretation depends on byte 1, see below)
340 * bytes 10-11: count (idem)
342 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
343 * A read data command gets data in 512-byte pages.
344 * A read control command gets control in 64-byte chunks.
345 * A read both command gets data+control in 576-byte chunks.
347 * Blocks are groups of 32 pages, and read blockwise control jumps to the
348 * next block, while read pagewise control jumps to the next page after
349 * reading a group of 64 control bytes.
350 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
352 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
356 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
357 int nr_of_pages, int bulklen, unsigned char *buf,
360 unsigned char *command = us->iobuf;
364 command[1] = LUNBITS | x;
365 command[2] = MSB_of(fromaddress>>16);
366 command[3] = LSB_of(fromaddress>>16);
367 command[4] = MSB_of(fromaddress & 0xFFFF);
368 command[5] = LSB_of(fromaddress & 0xFFFF);
373 command[10] = MSB_of(nr_of_pages);
374 command[11] = LSB_of(nr_of_pages);
376 result = sddr09_send_scsi_command(us, command, 12);
379 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n",
384 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
385 buf, bulklen, use_sg, NULL);
387 if (result != USB_STOR_XFER_GOOD) {
388 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n",
398 * fromaddress counts data shorts:
399 * increasing it by 256 shifts the bytestream by 512 bytes;
400 * the last 8 bits are ignored.
402 * nr_of_pages counts pages of size (1 << pageshift).
405 sddr09_read20(struct us_data *us, unsigned long fromaddress,
406 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
407 int bulklen = nr_of_pages << pageshift;
409 /* The last 8 bits of fromaddress are ignored. */
410 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
415 * Read Blockwise Control
417 * fromaddress gives the starting position (as in read data;
418 * the last 8 bits are ignored); increasing it by 32*256 shifts
419 * the output stream by 64 bytes.
421 * count counts control groups of size (1 << controlshift).
422 * For me, controlshift = 6. Is this constant?
424 * After getting one control group, jump to the next block
425 * (fromaddress += 8192).
428 sddr09_read21(struct us_data *us, unsigned long fromaddress,
429 int count, int controlshift, unsigned char *buf, int use_sg) {
431 int bulklen = (count << controlshift);
432 return sddr09_readX(us, 1, fromaddress, count, bulklen,
437 * Read both Data and Control
439 * fromaddress counts data shorts, ignoring control:
440 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
441 * the last 8 bits are ignored.
443 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
446 sddr09_read22(struct us_data *us, unsigned long fromaddress,
447 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
449 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
450 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n",
451 nr_of_pages, bulklen);
452 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
458 * Read Pagewise Control
460 * fromaddress gives the starting position (as in read data;
461 * the last 8 bits are ignored); increasing it by 256 shifts
462 * the output stream by 64 bytes.
464 * count counts control groups of size (1 << controlshift).
465 * For me, controlshift = 6. Is this constant?
467 * After getting one control group, jump to the next page
468 * (fromaddress += 256).
471 sddr09_read23(struct us_data *us, unsigned long fromaddress,
472 int count, int controlshift, unsigned char *buf, int use_sg) {
474 int bulklen = (count << controlshift);
475 return sddr09_readX(us, 3, fromaddress, count, bulklen,
481 * Erase Command: 12 bytes.
483 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
485 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
486 * The byte address being erased is 2*Eaddress.
487 * The CIS cannot be erased.
490 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
491 unsigned char *command = us->iobuf;
494 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress);
496 memset(command, 0, 12);
498 command[1] = LUNBITS;
499 command[6] = MSB_of(Eaddress>>16);
500 command[7] = LSB_of(Eaddress>>16);
501 command[8] = MSB_of(Eaddress & 0xFFFF);
502 command[9] = LSB_of(Eaddress & 0xFFFF);
504 result = sddr09_send_scsi_command(us, command, 12);
507 US_DEBUGP("Result for send_control in sddr09_erase %d\n",
514 * Write CIS Command: 12 bytes.
516 * bytes 2-5: write address in shorts
517 * bytes 10-11: sector count
519 * This writes at the indicated address. Don't know how it differs
520 * from E9. Maybe it does not erase? However, it will also write to
523 * When two such commands on the same page follow each other directly,
524 * the second one is not done.
528 * Write Command: 12 bytes.
530 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
531 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
532 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
534 * If write address equals erase address, the erase is done first,
535 * otherwise the write is done first. When erase address equals zero
539 sddr09_writeX(struct us_data *us,
540 unsigned long Waddress, unsigned long Eaddress,
541 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
543 unsigned char *command = us->iobuf;
547 command[1] = LUNBITS;
549 command[2] = MSB_of(Waddress>>16);
550 command[3] = LSB_of(Waddress>>16);
551 command[4] = MSB_of(Waddress & 0xFFFF);
552 command[5] = LSB_of(Waddress & 0xFFFF);
554 command[6] = MSB_of(Eaddress>>16);
555 command[7] = LSB_of(Eaddress>>16);
556 command[8] = MSB_of(Eaddress & 0xFFFF);
557 command[9] = LSB_of(Eaddress & 0xFFFF);
559 command[10] = MSB_of(nr_of_pages);
560 command[11] = LSB_of(nr_of_pages);
562 result = sddr09_send_scsi_command(us, command, 12);
565 US_DEBUGP("Result for send_control in sddr09_writeX %d\n",
570 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
571 buf, bulklen, use_sg, NULL);
573 if (result != USB_STOR_XFER_GOOD) {
574 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n",
581 /* erase address, write same address */
583 sddr09_write_inplace(struct us_data *us, unsigned long address,
584 int nr_of_pages, int pageshift, unsigned char *buf,
586 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
587 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
593 * Read Scatter Gather Command: 3+4n bytes.
596 * bytes 4i-1,4i,4i+1: page address
597 * byte 4i+2: page count
600 * This reads several pages from the card to a single memory buffer.
601 * The last two bits of byte 1 have the same meaning as for E8.
604 sddr09_read_sg_test_only(struct us_data *us) {
605 unsigned char *command = us->iobuf;
606 int result, bulklen, nsg, ct;
608 unsigned long address;
612 command[1] = LUNBITS;
614 address = 040000; ct = 1;
616 bulklen += (ct << 9);
617 command[4*nsg+2] = ct;
618 command[4*nsg+1] = ((address >> 9) & 0xFF);
619 command[4*nsg+0] = ((address >> 17) & 0xFF);
620 command[4*nsg-1] = ((address >> 25) & 0xFF);
622 address = 0340000; ct = 1;
624 bulklen += (ct << 9);
625 command[4*nsg+2] = ct;
626 command[4*nsg+1] = ((address >> 9) & 0xFF);
627 command[4*nsg+0] = ((address >> 17) & 0xFF);
628 command[4*nsg-1] = ((address >> 25) & 0xFF);
630 address = 01000000; ct = 2;
632 bulklen += (ct << 9);
633 command[4*nsg+2] = ct;
634 command[4*nsg+1] = ((address >> 9) & 0xFF);
635 command[4*nsg+0] = ((address >> 17) & 0xFF);
636 command[4*nsg-1] = ((address >> 25) & 0xFF);
640 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
643 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n",
648 buf = kmalloc(bulklen, GFP_NOIO);
652 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
655 if (result != USB_STOR_XFER_GOOD) {
656 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n",
666 * Read Status Command: 12 bytes.
669 * Returns 64 bytes, all zero except for the first.
671 * bit 5: 1: Suspended
673 * bit 7: 1: Not write-protected
677 sddr09_read_status(struct us_data *us, unsigned char *status) {
679 unsigned char *command = us->iobuf;
680 unsigned char *data = us->iobuf;
683 US_DEBUGP("Reading status...\n");
685 memset(command, 0, 12);
687 command[1] = LUNBITS;
689 result = sddr09_send_scsi_command(us, command, 12);
693 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
696 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
700 sddr09_read_data(struct us_data *us,
701 unsigned long address,
702 unsigned int sectors) {
704 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
705 unsigned char *buffer;
706 unsigned int lba, maxlba, pba;
707 unsigned int page, pages;
708 unsigned int len, index, offset;
711 // Figure out the initial LBA and page
712 lba = address >> info->blockshift;
713 page = (address & info->blockmask);
714 maxlba = info->capacity >> (info->pageshift + info->blockshift);
718 // Since we only read in one block at a time, we have to create
719 // a bounce buffer and move the data a piece at a time between the
720 // bounce buffer and the actual transfer buffer.
722 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
723 buffer = kmalloc(len, GFP_NOIO);
724 if (buffer == NULL) {
725 printk("sddr09_read_data: Out of memory\n");
729 // This could be made much more efficient by checking for
730 // contiguous LBA's. Another exercise left to the student.
735 while (sectors > 0) {
737 /* Find number of pages we can read in this block */
738 pages = min(sectors, info->blocksize - page);
739 len = pages << info->pageshift;
741 /* Not overflowing capacity? */
743 US_DEBUGP("Error: Requested lba %u exceeds "
744 "maximum %u\n", lba, maxlba);
749 /* Find where this lba lives on disk */
750 pba = info->lba_to_pba[lba];
752 if (pba == UNDEF) { /* this lba was never written */
754 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n",
757 /* This is not really an error. It just means
758 that the block has never been written.
759 Instead of returning an error
760 it is better to return all zero data. */
762 memset(buffer, 0, len);
765 US_DEBUGP("Read %d pages, from PBA %d"
766 " (LBA %d) page %d\n",
767 pages, pba, lba, page);
769 address = ((pba << info->blockshift) + page) <<
772 result = sddr09_read20(us, address>>1,
773 pages, info->pageshift, buffer, 0);
778 // Store the data in the transfer buffer
779 usb_stor_access_xfer_buf(buffer, len, us->srb,
780 &index, &offset, TO_XFER_BUF);
792 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
793 static unsigned int lastpba = 1;
794 int zonestart, end, i;
796 zonestart = (lba/1000) << 10;
797 end = info->capacity >> (info->blockshift + info->pageshift);
802 for (i = lastpba+1; i < end; i++) {
803 if (info->pba_to_lba[zonestart+i] == UNDEF) {
808 for (i = 0; i <= lastpba; i++) {
809 if (info->pba_to_lba[zonestart+i] == UNDEF) {
818 sddr09_write_lba(struct us_data *us, unsigned int lba,
819 unsigned int page, unsigned int pages,
820 unsigned char *ptr, unsigned char *blockbuffer) {
822 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
823 unsigned long address;
824 unsigned int pba, lbap;
825 unsigned int pagelen;
826 unsigned char *bptr, *cptr, *xptr;
827 unsigned char ecc[3];
828 int i, result, isnew;
830 lbap = ((lba % 1000) << 1) | 0x1000;
831 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
833 pba = info->lba_to_pba[lba];
837 pba = sddr09_find_unused_pba(info, lba);
839 printk("sddr09_write_lba: Out of unused blocks\n");
842 info->pba_to_lba[pba] = lba;
843 info->lba_to_pba[lba] = pba;
848 /* Maybe it is impossible to write to PBA 1.
849 Fake success, but don't do anything. */
850 printk("sddr09: avoid writing to pba 1\n");
854 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
856 /* read old contents */
857 address = (pba << (info->pageshift + info->blockshift));
858 result = sddr09_read22(us, address>>1, info->blocksize,
859 info->pageshift, blockbuffer, 0);
863 /* check old contents and fill lba */
864 for (i = 0; i < info->blocksize; i++) {
865 bptr = blockbuffer + i*pagelen;
866 cptr = bptr + info->pagesize;
867 nand_compute_ecc(bptr, ecc);
868 if (!nand_compare_ecc(cptr+13, ecc)) {
869 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n",
871 nand_store_ecc(cptr+13, ecc);
873 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
874 if (!nand_compare_ecc(cptr+8, ecc)) {
875 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n",
877 nand_store_ecc(cptr+8, ecc);
879 cptr[6] = cptr[11] = MSB_of(lbap);
880 cptr[7] = cptr[12] = LSB_of(lbap);
883 /* copy in new stuff and compute ECC */
885 for (i = page; i < page+pages; i++) {
886 bptr = blockbuffer + i*pagelen;
887 cptr = bptr + info->pagesize;
888 memcpy(bptr, xptr, info->pagesize);
889 xptr += info->pagesize;
890 nand_compute_ecc(bptr, ecc);
891 nand_store_ecc(cptr+13, ecc);
892 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
893 nand_store_ecc(cptr+8, ecc);
896 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba);
898 result = sddr09_write_inplace(us, address>>1, info->blocksize,
899 info->pageshift, blockbuffer, 0);
901 US_DEBUGP("sddr09_write_inplace returns %d\n", result);
905 unsigned char status = 0;
906 int result2 = sddr09_read_status(us, &status);
908 US_DEBUGP("sddr09_write_inplace: cannot read status\n");
909 else if (status != 0xc0)
910 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n",
917 int result2 = sddr09_test_unit_ready(us);
925 sddr09_write_data(struct us_data *us,
926 unsigned long address,
927 unsigned int sectors) {
929 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
930 unsigned int lba, maxlba, page, pages;
931 unsigned int pagelen, blocklen;
932 unsigned char *blockbuffer;
933 unsigned char *buffer;
934 unsigned int len, index, offset;
937 // Figure out the initial LBA and page
938 lba = address >> info->blockshift;
939 page = (address & info->blockmask);
940 maxlba = info->capacity >> (info->pageshift + info->blockshift);
944 // blockbuffer is used for reading in the old data, overwriting
945 // with the new data, and performing ECC calculations
947 /* TODO: instead of doing kmalloc/kfree for each write,
948 add a bufferpointer to the info structure */
950 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
951 blocklen = (pagelen << info->blockshift);
952 blockbuffer = kmalloc(blocklen, GFP_NOIO);
954 printk("sddr09_write_data: Out of memory\n");
958 // Since we don't write the user data directly to the device,
959 // we have to create a bounce buffer and move the data a piece
960 // at a time between the bounce buffer and the actual transfer buffer.
962 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
963 buffer = kmalloc(len, GFP_NOIO);
964 if (buffer == NULL) {
965 printk("sddr09_write_data: Out of memory\n");
973 while (sectors > 0) {
975 // Write as many sectors as possible in this block
977 pages = min(sectors, info->blocksize - page);
978 len = (pages << info->pageshift);
980 /* Not overflowing capacity? */
982 US_DEBUGP("Error: Requested lba %u exceeds "
983 "maximum %u\n", lba, maxlba);
988 // Get the data from the transfer buffer
989 usb_stor_access_xfer_buf(buffer, len, us->srb,
990 &index, &offset, FROM_XFER_BUF);
992 result = sddr09_write_lba(us, lba, page, pages,
993 buffer, blockbuffer);
1009 sddr09_read_control(struct us_data *us,
1010 unsigned long address,
1011 unsigned int blocks,
1012 unsigned char *content,
1015 US_DEBUGP("Read control address %lu, blocks %d\n",
1018 return sddr09_read21(us, address, blocks,
1019 CONTROL_SHIFT, content, use_sg);
1023 * Read Device ID Command: 12 bytes.
1024 * byte 0: opcode: ED
1026 * Returns 2 bytes: Manufacturer ID and Device ID.
1027 * On more recent cards 3 bytes: the third byte is an option code A5
1028 * signifying that the secret command to read an 128-bit ID is available.
1029 * On still more recent cards 4 bytes: the fourth byte C0 means that
1030 * a second read ID cmd is available.
1033 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1034 unsigned char *command = us->iobuf;
1035 unsigned char *content = us->iobuf;
1038 memset(command, 0, 12);
1040 command[1] = LUNBITS;
1042 result = sddr09_send_scsi_command(us, command, 12);
1046 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1049 for (i = 0; i < 4; i++)
1050 deviceID[i] = content[i];
1052 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1056 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1058 unsigned char status;
1060 result = sddr09_read_status(us, &status);
1062 US_DEBUGP("sddr09_get_wp: read_status fails\n");
1065 US_DEBUGP("sddr09_get_wp: status 0x%02X", status);
1066 if ((status & 0x80) == 0) {
1067 info->flags |= SDDR09_WP; /* write protected */
1071 US_DEBUGP(" Ready");
1072 if (status & LUNBITS)
1073 US_DEBUGP(" Suspended");
1075 US_DEBUGP(" Error");
1082 * Reset Command: 12 bytes.
1083 * byte 0: opcode: EB
1086 sddr09_reset(struct us_data *us) {
1088 unsigned char *command = us->iobuf;
1090 memset(command, 0, 12);
1092 command[1] = LUNBITS;
1094 return sddr09_send_scsi_command(us, command, 12);
1098 static struct nand_flash_dev *
1099 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1100 struct nand_flash_dev *cardinfo;
1101 unsigned char deviceID[4];
1105 US_DEBUGP("Reading capacity...\n");
1107 result = sddr09_read_deviceID(us, deviceID);
1110 US_DEBUGP("Result of read_deviceID is %d\n", result);
1111 printk("sddr09: could not read card info\n");
1115 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1116 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1118 /* Byte 0 is the manufacturer */
1119 sprintf(blurbtxt + strlen(blurbtxt),
1121 nand_flash_manufacturer(deviceID[0]));
1123 /* Byte 1 is the device type */
1124 cardinfo = nand_find_id(deviceID[1]);
1126 /* MB or MiB? It is neither. A 16 MB card has
1127 17301504 raw bytes, of which 16384000 are
1128 usable for user data. */
1129 sprintf(blurbtxt + strlen(blurbtxt),
1130 ", %d MB", 1<<(cardinfo->chipshift - 20));
1132 sprintf(blurbtxt + strlen(blurbtxt),
1133 ", type unrecognized");
1136 /* Byte 2 is code to signal availability of 128-bit ID */
1137 if (deviceID[2] == 0xa5) {
1138 sprintf(blurbtxt + strlen(blurbtxt),
1142 /* Byte 3 announces the availability of another read ID command */
1143 if (deviceID[3] == 0xc0) {
1144 sprintf(blurbtxt + strlen(blurbtxt),
1148 if (flags & SDDR09_WP)
1149 sprintf(blurbtxt + strlen(blurbtxt),
1152 printk("%s\n", blurbtxt);
1158 sddr09_read_map(struct us_data *us) {
1160 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1161 int numblocks, alloc_len, alloc_blocks;
1163 unsigned char *buffer, *buffer_end, *ptr;
1164 unsigned int lba, lbact;
1166 if (!info->capacity)
1169 // size of a block is 1 << (blockshift + pageshift) bytes
1170 // divide into the total capacity to get the number of blocks
1172 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1174 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1175 // but only use a 64 KB buffer
1176 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1177 #define SDDR09_READ_MAP_BUFSZ 65536
1179 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1180 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1181 buffer = kmalloc(alloc_len, GFP_NOIO);
1182 if (buffer == NULL) {
1183 printk("sddr09_read_map: out of memory\n");
1187 buffer_end = buffer + alloc_len;
1189 #undef SDDR09_READ_MAP_BUFSZ
1191 kfree(info->lba_to_pba);
1192 kfree(info->pba_to_lba);
1193 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1194 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1196 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1197 printk("sddr09_read_map: out of memory\n");
1202 for (i = 0; i < numblocks; i++)
1203 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1206 * Define lba-pba translation table
1210 for (i = 0; i < numblocks; i++) {
1211 ptr += (1 << CONTROL_SHIFT);
1212 if (ptr >= buffer_end) {
1213 unsigned long address;
1215 address = i << (info->pageshift + info->blockshift);
1216 result = sddr09_read_control(
1218 min(alloc_blocks, numblocks - i),
1227 if (i == 0 || i == 1) {
1228 info->pba_to_lba[i] = UNUSABLE;
1232 /* special PBAs have control field 0^16 */
1233 for (j = 0; j < 16; j++)
1236 info->pba_to_lba[i] = UNUSABLE;
1237 printk("sddr09: PBA %d has no logical mapping\n", i);
1241 /* unwritten PBAs have control field FF^16 */
1242 for (j = 0; j < 16; j++)
1248 /* normal PBAs start with six FFs */
1250 printk("sddr09: PBA %d has no logical mapping: "
1251 "reserved area = %02X%02X%02X%02X "
1252 "data status %02X block status %02X\n",
1253 i, ptr[0], ptr[1], ptr[2], ptr[3],
1255 info->pba_to_lba[i] = UNUSABLE;
1259 if ((ptr[6] >> 4) != 0x01) {
1260 printk("sddr09: PBA %d has invalid address field "
1261 "%02X%02X/%02X%02X\n",
1262 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1263 info->pba_to_lba[i] = UNUSABLE;
1267 /* check even parity */
1268 if (parity[ptr[6] ^ ptr[7]]) {
1269 printk("sddr09: Bad parity in LBA for block %d"
1270 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1271 info->pba_to_lba[i] = UNUSABLE;
1275 lba = short_pack(ptr[7], ptr[6]);
1276 lba = (lba & 0x07FF) >> 1;
1279 * Every 1024 physical blocks ("zone"), the LBA numbers
1280 * go back to zero, but are within a higher block of LBA's.
1281 * Also, there is a maximum of 1000 LBA's per zone.
1282 * In other words, in PBA 1024-2047 you will find LBA 0-999
1283 * which are really LBA 1000-1999. This allows for 24 bad
1284 * or special physical blocks per zone.
1288 printk("sddr09: Bad low LBA %d for block %d\n",
1290 goto possibly_erase;
1293 lba += 1000*(i/0x400);
1295 if (info->lba_to_pba[lba] != UNDEF) {
1296 printk("sddr09: LBA %d seen for PBA %d and %d\n",
1297 lba, info->lba_to_pba[lba], i);
1298 goto possibly_erase;
1301 info->pba_to_lba[i] = lba;
1302 info->lba_to_pba[lba] = i;
1306 if (erase_bad_lba_entries) {
1307 unsigned long address;
1309 address = (i << (info->pageshift + info->blockshift));
1310 sddr09_erase(us, address>>1);
1311 info->pba_to_lba[i] = UNDEF;
1313 info->pba_to_lba[i] = UNUSABLE;
1317 * Approximate capacity. This is not entirely correct yet,
1318 * since a zone with less than 1000 usable pages leads to
1319 * missing LBAs. Especially if it is the last zone, some
1320 * LBAs can be past capacity.
1323 for (i = 0; i < numblocks; i += 1024) {
1326 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1327 if (info->pba_to_lba[i+j] != UNUSABLE) {
1329 info->pba_to_lba[i+j] = SPARE;
1336 info->lbact = lbact;
1337 US_DEBUGP("Found %d LBA's\n", lbact);
1342 kfree(info->lba_to_pba);
1343 kfree(info->pba_to_lba);
1344 info->lba_to_pba = NULL;
1345 info->pba_to_lba = NULL;
1352 sddr09_card_info_destructor(void *extra) {
1353 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1358 kfree(info->lba_to_pba);
1359 kfree(info->pba_to_lba);
1363 sddr09_common_init(struct us_data *us) {
1366 /* set the configuration -- STALL is an acceptable response here */
1367 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1368 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev
1369 ->actconfig->desc.bConfigurationValue);
1373 result = usb_reset_configuration(us->pusb_dev);
1374 US_DEBUGP("Result of usb_reset_configuration is %d\n", result);
1375 if (result == -EPIPE) {
1376 US_DEBUGP("-- stall on control interface\n");
1377 } else if (result != 0) {
1378 /* it's not a stall, but another error -- time to bail */
1379 US_DEBUGP("-- Unknown error. Rejecting device\n");
1383 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1386 us->extra_destructor = sddr09_card_info_destructor;
1394 * This is needed at a very early stage. If this is not listed in the
1395 * unusual devices list but called from here then LUN 0 of the combo reader
1396 * is not recognized. But I do not know what precisely these calls do.
1399 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1401 unsigned char *data = us->iobuf;
1403 result = sddr09_common_init(us);
1407 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1409 US_DEBUGP("sddr09_init: send_command fails\n");
1413 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1416 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1418 US_DEBUGP("sddr09_init: 2nd send_command fails\n");
1422 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1425 result = sddr09_request_sense(us, data, 18);
1426 if (result == 0 && data[2] != 0) {
1428 for (j=0; j<18; j++)
1429 printk(" %02X", data[j]);
1431 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1432 // 70: current command
1433 // sense key 0, sense code 0, extd sense code 0
1434 // additional transfer length * = sizeof(data) - 7
1435 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1436 // sense key 06, sense code 28: unit attention,
1437 // not ready to ready transition
1442 return 0; /* not result */
1446 * Transport for the Sandisk SDDR-09
1448 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1450 static unsigned char sensekey = 0, sensecode = 0;
1451 static unsigned char havefakesense = 0;
1453 unsigned char *ptr = us->iobuf;
1454 unsigned long capacity;
1455 unsigned int page, pages;
1457 struct sddr09_card_info *info;
1459 static unsigned char inquiry_response[8] = {
1460 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1463 /* note: no block descriptor support */
1464 static unsigned char mode_page_01[19] = {
1465 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1467 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1470 info = (struct sddr09_card_info *)us->extra;
1472 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1473 /* for a faked command, we have to follow with a faked sense */
1478 ptr[12] = sensecode;
1479 usb_stor_set_xfer_buf(ptr, 18, srb);
1480 sensekey = sensecode = havefakesense = 0;
1481 return USB_STOR_TRANSPORT_GOOD;
1486 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1487 respond to INQUIRY commands */
1489 if (srb->cmnd[0] == INQUIRY) {
1490 memcpy(ptr, inquiry_response, 8);
1491 fill_inquiry_response(us, ptr, 36);
1492 return USB_STOR_TRANSPORT_GOOD;
1495 if (srb->cmnd[0] == READ_CAPACITY) {
1496 struct nand_flash_dev *cardinfo;
1498 sddr09_get_wp(us, info); /* read WP bit */
1500 cardinfo = sddr09_get_cardinfo(us, info->flags);
1502 /* probably no media */
1504 sensekey = 0x02; /* not ready */
1505 sensecode = 0x3a; /* medium not present */
1506 return USB_STOR_TRANSPORT_FAILED;
1509 info->capacity = (1 << cardinfo->chipshift);
1510 info->pageshift = cardinfo->pageshift;
1511 info->pagesize = (1 << info->pageshift);
1512 info->blockshift = cardinfo->blockshift;
1513 info->blocksize = (1 << info->blockshift);
1514 info->blockmask = info->blocksize - 1;
1516 // map initialization, must follow get_cardinfo()
1517 if (sddr09_read_map(us)) {
1518 /* probably out of memory */
1524 capacity = (info->lbact << info->blockshift) - 1;
1526 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1530 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1531 usb_stor_set_xfer_buf(ptr, 8, srb);
1533 return USB_STOR_TRANSPORT_GOOD;
1536 if (srb->cmnd[0] == MODE_SENSE_10) {
1537 int modepage = (srb->cmnd[2] & 0x3F);
1539 /* They ask for the Read/Write error recovery page,
1540 or for all pages. */
1541 /* %% We should check DBD %% */
1542 if (modepage == 0x01 || modepage == 0x3F) {
1543 US_DEBUGP("SDDR09: Dummy up request for "
1544 "mode page 0x%x\n", modepage);
1546 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1547 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1548 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1549 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1550 return USB_STOR_TRANSPORT_GOOD;
1553 sensekey = 0x05; /* illegal request */
1554 sensecode = 0x24; /* invalid field in CDB */
1555 return USB_STOR_TRANSPORT_FAILED;
1558 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1559 return USB_STOR_TRANSPORT_GOOD;
1563 if (srb->cmnd[0] == READ_10) {
1565 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1567 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1568 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1570 US_DEBUGP("READ_10: read page %d pagect %d\n",
1573 result = sddr09_read_data(us, page, pages);
1574 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1575 USB_STOR_TRANSPORT_ERROR);
1578 if (srb->cmnd[0] == WRITE_10) {
1580 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1582 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1583 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1585 US_DEBUGP("WRITE_10: write page %d pagect %d\n",
1588 result = sddr09_write_data(us, page, pages);
1589 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1590 USB_STOR_TRANSPORT_ERROR);
1593 /* catch-all for all other commands, except
1594 * pass TEST_UNIT_READY and REQUEST_SENSE through
1596 if (srb->cmnd[0] != TEST_UNIT_READY &&
1597 srb->cmnd[0] != REQUEST_SENSE) {
1598 sensekey = 0x05; /* illegal request */
1599 sensecode = 0x20; /* invalid command */
1601 return USB_STOR_TRANSPORT_FAILED;
1604 for (; srb->cmd_len<12; srb->cmd_len++)
1605 srb->cmnd[srb->cmd_len] = 0;
1607 srb->cmnd[1] = LUNBITS;
1610 for (i=0; i<12; i++)
1611 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1613 US_DEBUGP("SDDR09: Send control for command %s\n", ptr);
1615 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1617 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command "
1618 "returns %d\n", result);
1619 return USB_STOR_TRANSPORT_ERROR;
1622 if (srb->request_bufflen == 0)
1623 return USB_STOR_TRANSPORT_GOOD;
1625 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1626 srb->sc_data_direction == DMA_FROM_DEVICE) {
1627 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1628 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1630 US_DEBUGP("SDDR09: %s %d bytes\n",
1631 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1632 "sending" : "receiving",
1633 srb->request_bufflen);
1635 result = usb_stor_bulk_transfer_sg(us, pipe,
1636 srb->request_buffer,
1637 srb->request_bufflen,
1638 srb->use_sg, &srb->resid);
1640 return (result == USB_STOR_XFER_GOOD ?
1641 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1644 return USB_STOR_TRANSPORT_GOOD;
1648 * Initialization routine for the sddr09 subdriver
1651 usb_stor_sddr09_init(struct us_data *us) {
1652 return sddr09_common_init(us);
projects / linux-2.6 / blob