[SCSI] fix BUG when sum(scatterlist) > bufflen
[linux-2.6] / drivers / usb / storage / shuttle_usbat.c
1 /* Driver for SCM Microsystems (a.k.a. Shuttle) USB-ATAPI cable
2  *
3  * $Id: shuttle_usbat.c,v 1.17 2002/04/22 03:39:43 mdharm Exp $
4  *
5  * Current development and maintenance by:
6  *   (c) 2000, 2001 Robert Baruch (autophile@starband.net)
7  *   (c) 2004, 2005 Daniel Drake <dsd@gentoo.org>
8  *
9  * Developed with the assistance of:
10  *   (c) 2002 Alan Stern <stern@rowland.org>
11  *
12  * Flash support based on earlier work by:
13  *   (c) 2002 Thomas Kreiling <usbdev@sm04.de>
14  *
15  * Many originally ATAPI devices were slightly modified to meet the USB
16  * market by using some kind of translation from ATAPI to USB on the host,
17  * and the peripheral would translate from USB back to ATAPI.
18  *
19  * SCM Microsystems (www.scmmicro.com) makes a device, sold to OEM's only, 
20  * which does the USB-to-ATAPI conversion.  By obtaining the data sheet on
21  * their device under nondisclosure agreement, I have been able to write
22  * this driver for Linux.
23  *
24  * The chip used in the device can also be used for EPP and ISA translation
25  * as well. This driver is only guaranteed to work with the ATAPI
26  * translation.
27  *
28  * See the Kconfig help text for a list of devices known to be supported by
29  * this driver.
30  *
31  * This program is free software; you can redistribute it and/or modify it
32  * under the terms of the GNU General Public License as published by the
33  * Free Software Foundation; either version 2, or (at your option) any
34  * later version.
35  *
36  * This program is distributed in the hope that it will be useful, but
37  * WITHOUT ANY WARRANTY; without even the implied warranty of
38  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
39  * General Public License for more details.
40  *
41  * You should have received a copy of the GNU General Public License along
42  * with this program; if not, write to the Free Software Foundation, Inc.,
43  * 675 Mass Ave, Cambridge, MA 02139, USA.
44  */
45
46 #include <linux/errno.h>
47 #include <linux/slab.h>
48 #include <linux/cdrom.h>
49
50 #include <scsi/scsi.h>
51 #include <scsi/scsi_cmnd.h>
52
53 #include "usb.h"
54 #include "transport.h"
55 #include "protocol.h"
56 #include "debug.h"
57 #include "shuttle_usbat.h"
58
59 #define short_pack(LSB,MSB) ( ((u16)(LSB)) | ( ((u16)(MSB))<<8 ) )
60 #define LSB_of(s) ((s)&0xFF)
61 #define MSB_of(s) ((s)>>8)
62
63 static int transferred = 0;
64
65 static int usbat_flash_transport(struct scsi_cmnd * srb, struct us_data *us);
66 static int usbat_hp8200e_transport(struct scsi_cmnd *srb, struct us_data *us);
67
68 /*
69  * Convenience function to produce an ATA read/write sectors command
70  * Use cmd=0x20 for read, cmd=0x30 for write
71  */
72 static void usbat_pack_ata_sector_cmd(unsigned char *buf,
73                                         unsigned char thistime,
74                                         u32 sector, unsigned char cmd)
75 {
76         buf[0] = 0;
77         buf[1] = thistime;
78         buf[2] = sector & 0xFF;
79         buf[3] = (sector >>  8) & 0xFF;
80         buf[4] = (sector >> 16) & 0xFF;
81         buf[5] = 0xE0 | ((sector >> 24) & 0x0F);
82         buf[6] = cmd;
83 }
84
85 /*
86  * Convenience function to get the device type (flash or hp8200)
87  */
88 static int usbat_get_device_type(struct us_data *us)
89 {
90         return ((struct usbat_info*)us->extra)->devicetype;
91 }
92
93 /*
94  * Read a register from the device
95  */
96 static int usbat_read(struct us_data *us,
97                       unsigned char access,
98                       unsigned char reg,
99                       unsigned char *content)
100 {
101         return usb_stor_ctrl_transfer(us,
102                 us->recv_ctrl_pipe,
103                 access | USBAT_CMD_READ_REG,
104                 0xC0,
105                 (u16)reg,
106                 0,
107                 content,
108                 1);
109 }
110
111 /*
112  * Write to a register on the device
113  */
114 static int usbat_write(struct us_data *us,
115                        unsigned char access,
116                        unsigned char reg,
117                        unsigned char content)
118 {
119         return usb_stor_ctrl_transfer(us,
120                 us->send_ctrl_pipe,
121                 access | USBAT_CMD_WRITE_REG,
122                 0x40,
123                 short_pack(reg, content),
124                 0,
125                 NULL,
126                 0);
127 }
128
129 /*
130  * Convenience function to perform a bulk read
131  */
132 static int usbat_bulk_read(struct us_data *us,
133                            void* buf,
134                            unsigned int len,
135                            int use_sg)
136 {
137         if (len == 0)
138                 return USB_STOR_XFER_GOOD;
139
140         US_DEBUGP("usbat_bulk_read: len = %d\n", len);
141         return usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe, buf, len, use_sg, NULL);
142 }
143
144 /*
145  * Convenience function to perform a bulk write
146  */
147 static int usbat_bulk_write(struct us_data *us,
148                             void* buf,
149                             unsigned int len,
150                             int use_sg)
151 {
152         if (len == 0)
153                 return USB_STOR_XFER_GOOD;
154
155         US_DEBUGP("usbat_bulk_write:  len = %d\n", len);
156         return usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe, buf, len, use_sg, NULL);
157 }
158
159 /*
160  * Some USBAT-specific commands can only be executed over a command transport
161  * This transport allows one (len=8) or two (len=16) vendor-specific commands
162  * to be executed.
163  */
164 static int usbat_execute_command(struct us_data *us,
165                                                                  unsigned char *commands,
166                                                                  unsigned int len)
167 {
168         return usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
169                                                                   USBAT_CMD_EXEC_CMD, 0x40, 0, 0,
170                                                                   commands, len);
171 }
172
173 /*
174  * Read the status register
175  */
176 static int usbat_get_status(struct us_data *us, unsigned char *status)
177 {
178         int rc;
179         rc = usbat_read(us, USBAT_ATA, USBAT_ATA_STATUS, status);
180
181         US_DEBUGP("usbat_get_status: 0x%02X\n", (unsigned short) (*status));
182         return rc;
183 }
184
185 /*
186  * Check the device status
187  */
188 static int usbat_check_status(struct us_data *us)
189 {
190         unsigned char *reply = us->iobuf;
191         int rc;
192
193         rc = usbat_get_status(us, reply);
194         if (rc != USB_STOR_XFER_GOOD)
195                 return USB_STOR_TRANSPORT_FAILED;
196
197         /* error/check condition (0x51 is ok) */
198         if (*reply & 0x01 && *reply != 0x51)
199                 return USB_STOR_TRANSPORT_FAILED;
200
201         /* device fault */
202         if (*reply & 0x20)
203                 return USB_STOR_TRANSPORT_FAILED;
204
205         return USB_STOR_TRANSPORT_GOOD;
206 }
207
208 /*
209  * Stores critical information in internal registers in prepartion for the execution
210  * of a conditional usbat_read_blocks or usbat_write_blocks call.
211  */
212 static int usbat_set_shuttle_features(struct us_data *us,
213                                       unsigned char external_trigger,
214                                       unsigned char epp_control,
215                                       unsigned char mask_byte,
216                                       unsigned char test_pattern,
217                                       unsigned char subcountH,
218                                       unsigned char subcountL)
219 {
220         unsigned char *command = us->iobuf;
221
222         command[0] = 0x40;
223         command[1] = USBAT_CMD_SET_FEAT;
224
225         /*
226          * The only bit relevant to ATA access is bit 6
227          * which defines 8 bit data access (set) or 16 bit (unset)
228          */
229         command[2] = epp_control;
230
231         /*
232          * If FCQ is set in the qualifier (defined in R/W cmd), then bits U0, U1,
233          * ET1 and ET2 define an external event to be checked for on event of a
234          * _read_blocks or _write_blocks operation. The read/write will not take
235          * place unless the defined trigger signal is active.
236          */
237         command[3] = external_trigger;
238
239         /*
240          * The resultant byte of the mask operation (see mask_byte) is compared for
241          * equivalence with this test pattern. If equal, the read/write will take
242          * place.
243          */
244         command[4] = test_pattern;
245
246         /*
247          * This value is logically ANDed with the status register field specified
248          * in the read/write command.
249          */
250         command[5] = mask_byte;
251
252         /*
253          * If ALQ is set in the qualifier, this field contains the address of the
254          * registers where the byte count should be read for transferring the data.
255          * If ALQ is not set, then this field contains the number of bytes to be
256          * transferred.
257          */
258         command[6] = subcountL;
259         command[7] = subcountH;
260
261         return usbat_execute_command(us, command, 8);
262 }
263
264 /*
265  * Block, waiting for an ATA device to become not busy or to report
266  * an error condition.
267  */
268 static int usbat_wait_not_busy(struct us_data *us, int minutes)
269 {
270         int i;
271         int result;
272         unsigned char *status = us->iobuf;
273
274         /* Synchronizing cache on a CDR could take a heck of a long time,
275          * but probably not more than 10 minutes or so. On the other hand,
276          * doing a full blank on a CDRW at speed 1 will take about 75
277          * minutes!
278          */
279
280         for (i=0; i<1200+minutes*60; i++) {
281
282                 result = usbat_get_status(us, status);
283
284                 if (result!=USB_STOR_XFER_GOOD)
285                         return USB_STOR_TRANSPORT_ERROR;
286                 if (*status & 0x01) { /* check condition */
287                         result = usbat_read(us, USBAT_ATA, 0x10, status);
288                         return USB_STOR_TRANSPORT_FAILED;
289                 }
290                 if (*status & 0x20) /* device fault */
291                         return USB_STOR_TRANSPORT_FAILED;
292
293                 if ((*status & 0x80)==0x00) { /* not busy */
294                         US_DEBUGP("Waited not busy for %d steps\n", i);
295                         return USB_STOR_TRANSPORT_GOOD;
296                 }
297
298                 if (i<500)
299                         msleep(10); /* 5 seconds */
300                 else if (i<700)
301                         msleep(50); /* 10 seconds */
302                 else if (i<1200)
303                         msleep(100); /* 50 seconds */
304                 else
305                         msleep(1000); /* X minutes */
306         }
307
308         US_DEBUGP("Waited not busy for %d minutes, timing out.\n",
309                 minutes);
310         return USB_STOR_TRANSPORT_FAILED;
311 }
312
313 /*
314  * Read block data from the data register
315  */
316 static int usbat_read_block(struct us_data *us,
317                             void* buf,
318                             unsigned short len,
319                             int use_sg)
320 {
321         int result;
322         unsigned char *command = us->iobuf;
323
324         if (!len)
325                 return USB_STOR_TRANSPORT_GOOD;
326
327         command[0] = 0xC0;
328         command[1] = USBAT_ATA | USBAT_CMD_READ_BLOCK;
329         command[2] = USBAT_ATA_DATA;
330         command[3] = 0;
331         command[4] = 0;
332         command[5] = 0;
333         command[6] = LSB_of(len);
334         command[7] = MSB_of(len);
335
336         result = usbat_execute_command(us, command, 8);
337         if (result != USB_STOR_XFER_GOOD)
338                 return USB_STOR_TRANSPORT_ERROR;
339
340         result = usbat_bulk_read(us, buf, len, use_sg);
341         return (result == USB_STOR_XFER_GOOD ?
342                         USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
343 }
344
345 /*
346  * Write block data via the data register
347  */
348 static int usbat_write_block(struct us_data *us,
349                              unsigned char access,
350                              void* buf,
351                              unsigned short len,
352                              int minutes,
353                              int use_sg)
354 {
355         int result;
356         unsigned char *command = us->iobuf;
357
358         if (!len)
359                 return USB_STOR_TRANSPORT_GOOD;
360
361         command[0] = 0x40;
362         command[1] = access | USBAT_CMD_WRITE_BLOCK;
363         command[2] = USBAT_ATA_DATA;
364         command[3] = 0;
365         command[4] = 0;
366         command[5] = 0;
367         command[6] = LSB_of(len);
368         command[7] = MSB_of(len);
369
370         result = usbat_execute_command(us, command, 8);
371
372         if (result != USB_STOR_XFER_GOOD)
373                 return USB_STOR_TRANSPORT_ERROR;
374
375         result = usbat_bulk_write(us, buf, len, use_sg);
376         if (result != USB_STOR_XFER_GOOD)
377                 return USB_STOR_TRANSPORT_ERROR;
378
379         return usbat_wait_not_busy(us, minutes);
380 }
381
382 /*
383  * Process read and write requests
384  */
385 static int usbat_hp8200e_rw_block_test(struct us_data *us,
386                                        unsigned char access,
387                                        unsigned char *registers,
388                                        unsigned char *data_out,
389                                        unsigned short num_registers,
390                                        unsigned char data_reg,
391                                        unsigned char status_reg,
392                                        unsigned char timeout,
393                                        unsigned char qualifier,
394                                        int direction,
395                                        void *buf,
396                                        unsigned short len,
397                                        int use_sg,
398                                        int minutes)
399 {
400         int result;
401         unsigned int pipe = (direction == DMA_FROM_DEVICE) ?
402                         us->recv_bulk_pipe : us->send_bulk_pipe;
403
404         unsigned char *command = us->iobuf;
405         int i, j;
406         int cmdlen;
407         unsigned char *data = us->iobuf;
408         unsigned char *status = us->iobuf;
409
410         BUG_ON(num_registers > US_IOBUF_SIZE/2);
411
412         for (i=0; i<20; i++) {
413
414                 /*
415                  * The first time we send the full command, which consists
416                  * of downloading the SCSI command followed by downloading
417                  * the data via a write-and-test.  Any other time we only
418                  * send the command to download the data -- the SCSI command
419                  * is still 'active' in some sense in the device.
420                  * 
421                  * We're only going to try sending the data 10 times. After
422                  * that, we just return a failure.
423                  */
424
425                 if (i==0) {
426                         cmdlen = 16;
427                         /*
428                          * Write to multiple registers
429                          * Not really sure the 0x07, 0x17, 0xfc, 0xe7 is
430                          * necessary here, but that's what came out of the
431                          * trace every single time.
432                          */
433                         command[0] = 0x40;
434                         command[1] = access | USBAT_CMD_WRITE_REGS;
435                         command[2] = 0x07;
436                         command[3] = 0x17;
437                         command[4] = 0xFC;
438                         command[5] = 0xE7;
439                         command[6] = LSB_of(num_registers*2);
440                         command[7] = MSB_of(num_registers*2);
441                 } else
442                         cmdlen = 8;
443
444                 /* Conditionally read or write blocks */
445                 command[cmdlen-8] = (direction==DMA_TO_DEVICE ? 0x40 : 0xC0);
446                 command[cmdlen-7] = access |
447                                 (direction==DMA_TO_DEVICE ?
448                                  USBAT_CMD_COND_WRITE_BLOCK : USBAT_CMD_COND_READ_BLOCK);
449                 command[cmdlen-6] = data_reg;
450                 command[cmdlen-5] = status_reg;
451                 command[cmdlen-4] = timeout;
452                 command[cmdlen-3] = qualifier;
453                 command[cmdlen-2] = LSB_of(len);
454                 command[cmdlen-1] = MSB_of(len);
455
456                 result = usbat_execute_command(us, command, cmdlen);
457
458                 if (result != USB_STOR_XFER_GOOD)
459                         return USB_STOR_TRANSPORT_ERROR;
460
461                 if (i==0) {
462
463                         for (j=0; j<num_registers; j++) {
464                                 data[j<<1] = registers[j];
465                                 data[1+(j<<1)] = data_out[j];
466                         }
467
468                         result = usbat_bulk_write(us, data, num_registers*2, 0);
469                         if (result != USB_STOR_XFER_GOOD)
470                                 return USB_STOR_TRANSPORT_ERROR;
471
472                 }
473
474                 result = usb_stor_bulk_transfer_sg(us,
475                         pipe, buf, len, use_sg, NULL);
476
477                 /*
478                  * If we get a stall on the bulk download, we'll retry
479                  * the bulk download -- but not the SCSI command because
480                  * in some sense the SCSI command is still 'active' and
481                  * waiting for the data. Don't ask me why this should be;
482                  * I'm only following what the Windoze driver did.
483                  *
484                  * Note that a stall for the test-and-read/write command means
485                  * that the test failed. In this case we're testing to make
486                  * sure that the device is error-free
487                  * (i.e. bit 0 -- CHK -- of status is 0). The most likely
488                  * hypothesis is that the USBAT chip somehow knows what
489                  * the device will accept, but doesn't give the device any
490                  * data until all data is received. Thus, the device would
491                  * still be waiting for the first byte of data if a stall
492                  * occurs, even if the stall implies that some data was
493                  * transferred.
494                  */
495
496                 if (result == USB_STOR_XFER_SHORT ||
497                                 result == USB_STOR_XFER_STALLED) {
498
499                         /*
500                          * If we're reading and we stalled, then clear
501                          * the bulk output pipe only the first time.
502                          */
503
504                         if (direction==DMA_FROM_DEVICE && i==0) {
505                                 if (usb_stor_clear_halt(us,
506                                                 us->send_bulk_pipe) < 0)
507                                         return USB_STOR_TRANSPORT_ERROR;
508                         }
509
510                         /*
511                          * Read status: is the device angry, or just busy?
512                          */
513
514                         result = usbat_read(us, USBAT_ATA, 
515                                 direction==DMA_TO_DEVICE ?
516                                         USBAT_ATA_STATUS : USBAT_ATA_ALTSTATUS,
517                                 status);
518
519                         if (result!=USB_STOR_XFER_GOOD)
520                                 return USB_STOR_TRANSPORT_ERROR;
521                         if (*status & 0x01) /* check condition */
522                                 return USB_STOR_TRANSPORT_FAILED;
523                         if (*status & 0x20) /* device fault */
524                                 return USB_STOR_TRANSPORT_FAILED;
525
526                         US_DEBUGP("Redoing %s\n",
527                           direction==DMA_TO_DEVICE ? "write" : "read");
528
529                 } else if (result != USB_STOR_XFER_GOOD)
530                         return USB_STOR_TRANSPORT_ERROR;
531                 else
532                         return usbat_wait_not_busy(us, minutes);
533
534         }
535
536         US_DEBUGP("Bummer! %s bulk data 20 times failed.\n",
537                 direction==DMA_TO_DEVICE ? "Writing" : "Reading");
538
539         return USB_STOR_TRANSPORT_FAILED;
540 }
541
542 /*
543  * Write to multiple registers:
544  * Allows us to write specific data to any registers. The data to be written
545  * gets packed in this sequence: reg0, data0, reg1, data1, ..., regN, dataN
546  * which gets sent through bulk out.
547  * Not designed for large transfers of data!
548  */
549 static int usbat_multiple_write(struct us_data *us,
550                                 unsigned char *registers,
551                                 unsigned char *data_out,
552                                 unsigned short num_registers)
553 {
554         int i, result;
555         unsigned char *data = us->iobuf;
556         unsigned char *command = us->iobuf;
557
558         BUG_ON(num_registers > US_IOBUF_SIZE/2);
559
560         /* Write to multiple registers, ATA access */
561         command[0] = 0x40;
562         command[1] = USBAT_ATA | USBAT_CMD_WRITE_REGS;
563
564         /* No relevance */
565         command[2] = 0;
566         command[3] = 0;
567         command[4] = 0;
568         command[5] = 0;
569
570         /* Number of bytes to be transferred (incl. addresses and data) */
571         command[6] = LSB_of(num_registers*2);
572         command[7] = MSB_of(num_registers*2);
573
574         /* The setup command */
575         result = usbat_execute_command(us, command, 8);
576         if (result != USB_STOR_XFER_GOOD)
577                 return USB_STOR_TRANSPORT_ERROR;
578
579         /* Create the reg/data, reg/data sequence */
580         for (i=0; i<num_registers; i++) {
581                 data[i<<1] = registers[i];
582                 data[1+(i<<1)] = data_out[i];
583         }
584
585         /* Send the data */
586         result = usbat_bulk_write(us, data, num_registers*2, 0);
587         if (result != USB_STOR_XFER_GOOD)
588                 return USB_STOR_TRANSPORT_ERROR;
589
590         if (usbat_get_device_type(us) == USBAT_DEV_HP8200)
591                 return usbat_wait_not_busy(us, 0);
592         else
593                 return USB_STOR_TRANSPORT_GOOD;
594 }
595
596 /*
597  * Conditionally read blocks from device:
598  * Allows us to read blocks from a specific data register, based upon the
599  * condition that a status register can be successfully masked with a status
600  * qualifier. If this condition is not initially met, the read will wait
601  * up until a maximum amount of time has elapsed, as specified by timeout.
602  * The read will start when the condition is met, otherwise the command aborts.
603  *
604  * The qualifier defined here is not the value that is masked, it defines
605  * conditions for the write to take place. The actual masked qualifier (and
606  * other related details) are defined beforehand with _set_shuttle_features().
607  */
608 static int usbat_read_blocks(struct us_data *us,
609                              void* buffer,
610                              int len,
611                              int use_sg)
612 {
613         int result;
614         unsigned char *command = us->iobuf;
615
616         command[0] = 0xC0;
617         command[1] = USBAT_ATA | USBAT_CMD_COND_READ_BLOCK;
618         command[2] = USBAT_ATA_DATA;
619         command[3] = USBAT_ATA_STATUS;
620         command[4] = 0xFD; /* Timeout (ms); */
621         command[5] = USBAT_QUAL_FCQ;
622         command[6] = LSB_of(len);
623         command[7] = MSB_of(len);
624
625         /* Multiple block read setup command */
626         result = usbat_execute_command(us, command, 8);
627         if (result != USB_STOR_XFER_GOOD)
628                 return USB_STOR_TRANSPORT_FAILED;
629         
630         /* Read the blocks we just asked for */
631         result = usbat_bulk_read(us, buffer, len, use_sg);
632         if (result != USB_STOR_XFER_GOOD)
633                 return USB_STOR_TRANSPORT_FAILED;
634
635         return USB_STOR_TRANSPORT_GOOD;
636 }
637
638 /*
639  * Conditionally write blocks to device:
640  * Allows us to write blocks to a specific data register, based upon the
641  * condition that a status register can be successfully masked with a status
642  * qualifier. If this condition is not initially met, the write will wait
643  * up until a maximum amount of time has elapsed, as specified by timeout.
644  * The read will start when the condition is met, otherwise the command aborts.
645  *
646  * The qualifier defined here is not the value that is masked, it defines
647  * conditions for the write to take place. The actual masked qualifier (and
648  * other related details) are defined beforehand with _set_shuttle_features().
649  */
650 static int usbat_write_blocks(struct us_data *us,
651                               void* buffer,
652                               int len,
653                               int use_sg)
654 {
655         int result;
656         unsigned char *command = us->iobuf;
657
658         command[0] = 0x40;
659         command[1] = USBAT_ATA | USBAT_CMD_COND_WRITE_BLOCK;
660         command[2] = USBAT_ATA_DATA;
661         command[3] = USBAT_ATA_STATUS;
662         command[4] = 0xFD; /* Timeout (ms) */
663         command[5] = USBAT_QUAL_FCQ;
664         command[6] = LSB_of(len);
665         command[7] = MSB_of(len);
666
667         /* Multiple block write setup command */
668         result = usbat_execute_command(us, command, 8);
669         if (result != USB_STOR_XFER_GOOD)
670                 return USB_STOR_TRANSPORT_FAILED;
671         
672         /* Write the data */
673         result = usbat_bulk_write(us, buffer, len, use_sg);
674         if (result != USB_STOR_XFER_GOOD)
675                 return USB_STOR_TRANSPORT_FAILED;
676
677         return USB_STOR_TRANSPORT_GOOD;
678 }
679
680 /*
681  * Read the User IO register
682  */
683 static int usbat_read_user_io(struct us_data *us, unsigned char *data_flags)
684 {
685         int result;
686
687         result = usb_stor_ctrl_transfer(us,
688                 us->recv_ctrl_pipe,
689                 USBAT_CMD_UIO,
690                 0xC0,
691                 0,
692                 0,
693                 data_flags,
694                 USBAT_UIO_READ);
695
696         US_DEBUGP("usbat_read_user_io: UIO register reads %02X\n", (unsigned short) (*data_flags));
697
698         return result;
699 }
700
701 /*
702  * Write to the User IO register
703  */
704 static int usbat_write_user_io(struct us_data *us,
705                                unsigned char enable_flags,
706                                unsigned char data_flags)
707 {
708         return usb_stor_ctrl_transfer(us,
709                 us->send_ctrl_pipe,
710                 USBAT_CMD_UIO,
711                 0x40,
712                 short_pack(enable_flags, data_flags),
713                 0,
714                 NULL,
715                 USBAT_UIO_WRITE);
716 }
717
718 /*
719  * Reset the device
720  * Often needed on media change.
721  */
722 static int usbat_device_reset(struct us_data *us)
723 {
724         int rc;
725
726         /*
727          * Reset peripheral, enable peripheral control signals
728          * (bring reset signal up)
729          */
730         rc = usbat_write_user_io(us,
731                                                          USBAT_UIO_DRVRST | USBAT_UIO_OE1 | USBAT_UIO_OE0,
732                                                          USBAT_UIO_EPAD | USBAT_UIO_1);
733         if (rc != USB_STOR_XFER_GOOD)
734                 return USB_STOR_TRANSPORT_ERROR;
735                         
736         /*
737          * Enable peripheral control signals
738          * (bring reset signal down)
739          */
740         rc = usbat_write_user_io(us,
741                                                          USBAT_UIO_OE1  | USBAT_UIO_OE0,
742                                                          USBAT_UIO_EPAD | USBAT_UIO_1);
743         if (rc != USB_STOR_XFER_GOOD)
744                 return USB_STOR_TRANSPORT_ERROR;
745
746         return USB_STOR_TRANSPORT_GOOD;
747 }
748
749 /*
750  * Enable card detect
751  */
752 static int usbat_device_enable_cdt(struct us_data *us)
753 {
754         int rc;
755
756         /* Enable peripheral control signals and card detect */
757         rc = usbat_write_user_io(us,
758                                                          USBAT_UIO_ACKD | USBAT_UIO_OE1  | USBAT_UIO_OE0,
759                                                          USBAT_UIO_EPAD | USBAT_UIO_1);
760         if (rc != USB_STOR_XFER_GOOD)
761                 return USB_STOR_TRANSPORT_ERROR;
762
763         return USB_STOR_TRANSPORT_GOOD;
764 }
765
766 /*
767  * Determine if media is present.
768  */
769 static int usbat_flash_check_media_present(unsigned char *uio)
770 {
771         if (*uio & USBAT_UIO_UI0) {
772                 US_DEBUGP("usbat_flash_check_media_present: no media detected\n");
773                 return USBAT_FLASH_MEDIA_NONE;
774         }
775
776         return USBAT_FLASH_MEDIA_CF;
777 }
778
779 /*
780  * Determine if media has changed since last operation
781  */
782 static int usbat_flash_check_media_changed(unsigned char *uio)
783 {
784         if (*uio & USBAT_UIO_0) {
785                 US_DEBUGP("usbat_flash_check_media_changed: media change detected\n");
786                 return USBAT_FLASH_MEDIA_CHANGED;
787         }
788
789         return USBAT_FLASH_MEDIA_SAME;
790 }
791
792 /*
793  * Check for media change / no media and handle the situation appropriately
794  */
795 static int usbat_flash_check_media(struct us_data *us,
796                                    struct usbat_info *info)
797 {
798         int rc;
799         unsigned char *uio = us->iobuf;
800
801         rc = usbat_read_user_io(us, uio);
802         if (rc != USB_STOR_XFER_GOOD)
803                 return USB_STOR_TRANSPORT_ERROR;
804
805         /* Check for media existence */
806         rc = usbat_flash_check_media_present(uio);
807         if (rc == USBAT_FLASH_MEDIA_NONE) {
808                 info->sense_key = 0x02;
809                 info->sense_asc = 0x3A;
810                 info->sense_ascq = 0x00;
811                 return USB_STOR_TRANSPORT_FAILED;
812         }
813
814         /* Check for media change */
815         rc = usbat_flash_check_media_changed(uio);
816         if (rc == USBAT_FLASH_MEDIA_CHANGED) {
817
818                 /* Reset and re-enable card detect */
819                 rc = usbat_device_reset(us);
820                 if (rc != USB_STOR_TRANSPORT_GOOD)
821                         return rc;
822                 rc = usbat_device_enable_cdt(us);
823                 if (rc != USB_STOR_TRANSPORT_GOOD)
824                         return rc;
825
826                 msleep(50);
827
828                 rc = usbat_read_user_io(us, uio);
829                 if (rc != USB_STOR_XFER_GOOD)
830                         return USB_STOR_TRANSPORT_ERROR;
831                 
832                 info->sense_key = UNIT_ATTENTION;
833                 info->sense_asc = 0x28;
834                 info->sense_ascq = 0x00;
835                 return USB_STOR_TRANSPORT_FAILED;
836         }
837
838         return USB_STOR_TRANSPORT_GOOD;
839 }
840
841 /*
842  * Determine whether we are controlling a flash-based reader/writer,
843  * or a HP8200-based CD drive.
844  * Sets transport functions as appropriate.
845  */
846 static int usbat_identify_device(struct us_data *us,
847                                  struct usbat_info *info)
848 {
849         int rc;
850         unsigned char status;
851
852         if (!us || !info)
853                 return USB_STOR_TRANSPORT_ERROR;
854
855         rc = usbat_device_reset(us);
856         if (rc != USB_STOR_TRANSPORT_GOOD)
857                 return rc;
858         msleep(500);
859
860         /*
861          * In attempt to distinguish between HP CDRW's and Flash readers, we now
862          * execute the IDENTIFY PACKET DEVICE command. On ATA devices (i.e. flash
863          * readers), this command should fail with error. On ATAPI devices (i.e.
864          * CDROM drives), it should succeed.
865          */
866         rc = usbat_write(us, USBAT_ATA, USBAT_ATA_CMD, 0xA1);
867         if (rc != USB_STOR_XFER_GOOD)
868                 return USB_STOR_TRANSPORT_ERROR;
869
870         rc = usbat_get_status(us, &status);
871         if (rc != USB_STOR_XFER_GOOD)
872                 return USB_STOR_TRANSPORT_ERROR;
873
874         /* Check for error bit, or if the command 'fell through' */
875         if (status == 0xA1 || !(status & 0x01)) {
876                 /* Device is HP 8200 */
877                 US_DEBUGP("usbat_identify_device: Detected HP8200 CDRW\n");
878                 info->devicetype = USBAT_DEV_HP8200;
879         } else {
880                 /* Device is a CompactFlash reader/writer */
881                 US_DEBUGP("usbat_identify_device: Detected Flash reader/writer\n");
882                 info->devicetype = USBAT_DEV_FLASH;
883         }
884
885         return USB_STOR_TRANSPORT_GOOD;
886 }
887
888 /*
889  * Set the transport function based on the device type
890  */
891 static int usbat_set_transport(struct us_data *us,
892                                struct usbat_info *info,
893                                int devicetype)
894 {
895
896         if (!info->devicetype)
897                 info->devicetype = devicetype;
898
899         if (!info->devicetype)
900                 usbat_identify_device(us, info);
901
902         switch (info->devicetype) {
903         default:
904                 return USB_STOR_TRANSPORT_ERROR;
905
906         case  USBAT_DEV_HP8200:
907                 us->transport = usbat_hp8200e_transport;
908                 break;
909
910         case USBAT_DEV_FLASH:
911                 us->transport = usbat_flash_transport;
912                 break;
913         }
914
915         return 0;
916 }
917
918 /*
919  * Read the media capacity
920  */
921 static int usbat_flash_get_sector_count(struct us_data *us,
922                                         struct usbat_info *info)
923 {
924         unsigned char registers[3] = {
925                 USBAT_ATA_SECCNT,
926                 USBAT_ATA_DEVICE,
927                 USBAT_ATA_CMD,
928         };
929         unsigned char  command[3] = { 0x01, 0xA0, 0xEC };
930         unsigned char *reply;
931         unsigned char status;
932         int rc;
933
934         if (!us || !info)
935                 return USB_STOR_TRANSPORT_ERROR;
936
937         reply = kmalloc(512, GFP_NOIO);
938         if (!reply)
939                 return USB_STOR_TRANSPORT_ERROR;
940
941         /* ATA command : IDENTIFY DEVICE */
942         rc = usbat_multiple_write(us, registers, command, 3);
943         if (rc != USB_STOR_XFER_GOOD) {
944                 US_DEBUGP("usbat_flash_get_sector_count: Gah! identify_device failed\n");
945                 rc = USB_STOR_TRANSPORT_ERROR;
946                 goto leave;
947         }
948
949         /* Read device status */
950         if (usbat_get_status(us, &status) != USB_STOR_XFER_GOOD) {
951                 rc = USB_STOR_TRANSPORT_ERROR;
952                 goto leave;
953         }
954
955         msleep(100);
956
957         /* Read the device identification data */
958         rc = usbat_read_block(us, reply, 512, 0);
959         if (rc != USB_STOR_TRANSPORT_GOOD)
960                 goto leave;
961
962         info->sectors = ((u32)(reply[117]) << 24) |
963                 ((u32)(reply[116]) << 16) |
964                 ((u32)(reply[115]) <<  8) |
965                 ((u32)(reply[114])      );
966
967         rc = USB_STOR_TRANSPORT_GOOD;
968
969  leave:
970         kfree(reply);
971         return rc;
972 }
973
974 /*
975  * Read data from device
976  */
977 static int usbat_flash_read_data(struct us_data *us,
978                                                                  struct usbat_info *info,
979                                                                  u32 sector,
980                                                                  u32 sectors)
981 {
982         unsigned char registers[7] = {
983                 USBAT_ATA_FEATURES,
984                 USBAT_ATA_SECCNT,
985                 USBAT_ATA_SECNUM,
986                 USBAT_ATA_LBA_ME,
987                 USBAT_ATA_LBA_HI,
988                 USBAT_ATA_DEVICE,
989                 USBAT_ATA_STATUS,
990         };
991         unsigned char command[7];
992         unsigned char *buffer;
993         unsigned char  thistime;
994         unsigned int totallen, alloclen;
995         int len, result;
996         unsigned int sg_offset = 0;
997         struct scatterlist *sg = NULL;
998
999         result = usbat_flash_check_media(us, info);
1000         if (result != USB_STOR_TRANSPORT_GOOD)
1001                 return result;
1002
1003         /*
1004          * we're working in LBA mode.  according to the ATA spec,
1005          * we can support up to 28-bit addressing.  I don't know if Jumpshot
1006          * supports beyond 24-bit addressing.  It's kind of hard to test
1007          * since it requires > 8GB CF card.
1008          */
1009
1010         if (sector > 0x0FFFFFFF)
1011                 return USB_STOR_TRANSPORT_ERROR;
1012
1013         totallen = sectors * info->ssize;
1014
1015         /*
1016          * Since we don't read more than 64 KB at a time, we have to create
1017          * a bounce buffer and move the data a piece at a time between the
1018          * bounce buffer and the actual transfer buffer.
1019          */
1020
1021         alloclen = min(totallen, 65536u);
1022         buffer = kmalloc(alloclen, GFP_NOIO);
1023         if (buffer == NULL)
1024                 return USB_STOR_TRANSPORT_ERROR;
1025
1026         do {
1027                 /*
1028                  * loop, never allocate or transfer more than 64k at once
1029                  * (min(128k, 255*info->ssize) is the real limit)
1030                  */
1031                 len = min(totallen, alloclen);
1032                 thistime = (len / info->ssize) & 0xff;
1033  
1034                 /* ATA command 0x20 (READ SECTORS) */
1035                 usbat_pack_ata_sector_cmd(command, thistime, sector, 0x20);
1036
1037                 /* Write/execute ATA read command */
1038                 result = usbat_multiple_write(us, registers, command, 7);
1039                 if (result != USB_STOR_TRANSPORT_GOOD)
1040                         goto leave;
1041
1042                 /* Read the data we just requested */
1043                 result = usbat_read_blocks(us, buffer, len, 0);
1044                 if (result != USB_STOR_TRANSPORT_GOOD)
1045                         goto leave;
1046          
1047                 US_DEBUGP("usbat_flash_read_data:  %d bytes\n", len);
1048         
1049                 /* Store the data in the transfer buffer */
1050                 usb_stor_access_xfer_buf(buffer, len, us->srb,
1051                                          &sg, &sg_offset, TO_XFER_BUF);
1052
1053                 sector += thistime;
1054                 totallen -= len;
1055         } while (totallen > 0);
1056
1057         kfree(buffer);
1058         return USB_STOR_TRANSPORT_GOOD;
1059
1060 leave:
1061         kfree(buffer);
1062         return USB_STOR_TRANSPORT_ERROR;
1063 }
1064
1065 /*
1066  * Write data to device
1067  */
1068 static int usbat_flash_write_data(struct us_data *us,
1069                                                                   struct usbat_info *info,
1070                                                                   u32 sector,
1071                                                                   u32 sectors)
1072 {
1073         unsigned char registers[7] = {
1074                 USBAT_ATA_FEATURES,
1075                 USBAT_ATA_SECCNT,
1076                 USBAT_ATA_SECNUM,
1077                 USBAT_ATA_LBA_ME,
1078                 USBAT_ATA_LBA_HI,
1079                 USBAT_ATA_DEVICE,
1080                 USBAT_ATA_STATUS,
1081         };
1082         unsigned char command[7];
1083         unsigned char *buffer;
1084         unsigned char  thistime;
1085         unsigned int totallen, alloclen;
1086         int len, result;
1087         unsigned int sg_offset = 0;
1088         struct scatterlist *sg = NULL;
1089
1090         result = usbat_flash_check_media(us, info);
1091         if (result != USB_STOR_TRANSPORT_GOOD)
1092                 return result;
1093
1094         /*
1095          * we're working in LBA mode.  according to the ATA spec,
1096          * we can support up to 28-bit addressing.  I don't know if the device
1097          * supports beyond 24-bit addressing.  It's kind of hard to test
1098          * since it requires > 8GB media.
1099          */
1100
1101         if (sector > 0x0FFFFFFF)
1102                 return USB_STOR_TRANSPORT_ERROR;
1103
1104         totallen = sectors * info->ssize;
1105
1106         /*
1107          * Since we don't write more than 64 KB at a time, we have to create
1108          * a bounce buffer and move the data a piece at a time between the
1109          * bounce buffer and the actual transfer buffer.
1110          */
1111
1112         alloclen = min(totallen, 65536u);
1113         buffer = kmalloc(alloclen, GFP_NOIO);
1114         if (buffer == NULL)
1115                 return USB_STOR_TRANSPORT_ERROR;
1116
1117         do {
1118                 /*
1119                  * loop, never allocate or transfer more than 64k at once
1120                  * (min(128k, 255*info->ssize) is the real limit)
1121                  */
1122                 len = min(totallen, alloclen);
1123                 thistime = (len / info->ssize) & 0xff;
1124
1125                 /* Get the data from the transfer buffer */
1126                 usb_stor_access_xfer_buf(buffer, len, us->srb,
1127                                          &sg, &sg_offset, FROM_XFER_BUF);
1128
1129                 /* ATA command 0x30 (WRITE SECTORS) */
1130                 usbat_pack_ata_sector_cmd(command, thistime, sector, 0x30);
1131
1132                 /* Write/execute ATA write command */
1133                 result = usbat_multiple_write(us, registers, command, 7);
1134                 if (result != USB_STOR_TRANSPORT_GOOD)
1135                         goto leave;
1136
1137                 /* Write the data */
1138                 result = usbat_write_blocks(us, buffer, len, 0);
1139                 if (result != USB_STOR_TRANSPORT_GOOD)
1140                         goto leave;
1141
1142                 sector += thistime;
1143                 totallen -= len;
1144         } while (totallen > 0);
1145
1146         kfree(buffer);
1147         return result;
1148
1149 leave:
1150         kfree(buffer);
1151         return USB_STOR_TRANSPORT_ERROR;
1152 }
1153
1154 /*
1155  * Squeeze a potentially huge (> 65535 byte) read10 command into
1156  * a little ( <= 65535 byte) ATAPI pipe
1157  */
1158 static int usbat_hp8200e_handle_read10(struct us_data *us,
1159                                        unsigned char *registers,
1160                                        unsigned char *data,
1161                                        struct scsi_cmnd *srb)
1162 {
1163         int result = USB_STOR_TRANSPORT_GOOD;
1164         unsigned char *buffer;
1165         unsigned int len;
1166         unsigned int sector;
1167         unsigned int sg_offset = 0;
1168         struct scatterlist *sg = NULL;
1169
1170         US_DEBUGP("handle_read10: transfersize %d\n",
1171                 srb->transfersize);
1172
1173         if (scsi_bufflen(srb) < 0x10000) {
1174
1175                 result = usbat_hp8200e_rw_block_test(us, USBAT_ATA, 
1176                         registers, data, 19,
1177                         USBAT_ATA_DATA, USBAT_ATA_STATUS, 0xFD,
1178                         (USBAT_QUAL_FCQ | USBAT_QUAL_ALQ),
1179                         DMA_FROM_DEVICE,
1180                         scsi_sglist(srb),
1181                         scsi_bufflen(srb), scsi_sg_count(srb), 1);
1182
1183                 return result;
1184         }
1185
1186         /*
1187          * Since we're requesting more data than we can handle in
1188          * a single read command (max is 64k-1), we will perform
1189          * multiple reads, but each read must be in multiples of
1190          * a sector.  Luckily the sector size is in srb->transfersize
1191          * (see linux/drivers/scsi/sr.c).
1192          */
1193
1194         if (data[7+0] == GPCMD_READ_CD) {
1195                 len = short_pack(data[7+9], data[7+8]);
1196                 len <<= 16;
1197                 len |= data[7+7];
1198                 US_DEBUGP("handle_read10: GPCMD_READ_CD: len %d\n", len);
1199                 srb->transfersize = scsi_bufflen(srb)/len;
1200         }
1201
1202         if (!srb->transfersize)  {
1203                 srb->transfersize = 2048; /* A guess */
1204                 US_DEBUGP("handle_read10: transfersize 0, forcing %d\n",
1205                         srb->transfersize);
1206         }
1207
1208         /*
1209          * Since we only read in one block at a time, we have to create
1210          * a bounce buffer and move the data a piece at a time between the
1211          * bounce buffer and the actual transfer buffer.
1212          */
1213
1214         len = (65535/srb->transfersize) * srb->transfersize;
1215         US_DEBUGP("Max read is %d bytes\n", len);
1216         len = min(len, scsi_bufflen(srb));
1217         buffer = kmalloc(len, GFP_NOIO);
1218         if (buffer == NULL) /* bloody hell! */
1219                 return USB_STOR_TRANSPORT_FAILED;
1220         sector = short_pack(data[7+3], data[7+2]);
1221         sector <<= 16;
1222         sector |= short_pack(data[7+5], data[7+4]);
1223         transferred = 0;
1224
1225         while (transferred != scsi_bufflen(srb)) {
1226
1227                 if (len > scsi_bufflen(srb) - transferred)
1228                         len = scsi_bufflen(srb) - transferred;
1229
1230                 data[3] = len&0xFF;       /* (cylL) = expected length (L) */
1231                 data[4] = (len>>8)&0xFF;  /* (cylH) = expected length (H) */
1232
1233                 /* Fix up the SCSI command sector and num sectors */
1234
1235                 data[7+2] = MSB_of(sector>>16); /* SCSI command sector */
1236                 data[7+3] = LSB_of(sector>>16);
1237                 data[7+4] = MSB_of(sector&0xFFFF);
1238                 data[7+5] = LSB_of(sector&0xFFFF);
1239                 if (data[7+0] == GPCMD_READ_CD)
1240                         data[7+6] = 0;
1241                 data[7+7] = MSB_of(len / srb->transfersize); /* SCSI command */
1242                 data[7+8] = LSB_of(len / srb->transfersize); /* num sectors */
1243
1244                 result = usbat_hp8200e_rw_block_test(us, USBAT_ATA, 
1245                         registers, data, 19,
1246                         USBAT_ATA_DATA, USBAT_ATA_STATUS, 0xFD, 
1247                         (USBAT_QUAL_FCQ | USBAT_QUAL_ALQ),
1248                         DMA_FROM_DEVICE,
1249                         buffer,
1250                         len, 0, 1);
1251
1252                 if (result != USB_STOR_TRANSPORT_GOOD)
1253                         break;
1254
1255                 /* Store the data in the transfer buffer */
1256                 usb_stor_access_xfer_buf(buffer, len, srb,
1257                                  &sg, &sg_offset, TO_XFER_BUF);
1258
1259                 /* Update the amount transferred and the sector number */
1260
1261                 transferred += len;
1262                 sector += len / srb->transfersize;
1263
1264         } /* while transferred != scsi_bufflen(srb) */
1265
1266         kfree(buffer);
1267         return result;
1268 }
1269
1270 static int usbat_select_and_test_registers(struct us_data *us)
1271 {
1272         int selector;
1273         unsigned char *status = us->iobuf;
1274
1275         /* try device = master, then device = slave. */
1276         for (selector = 0xA0; selector <= 0xB0; selector += 0x10) {
1277                 if (usbat_write(us, USBAT_ATA, USBAT_ATA_DEVICE, selector) !=
1278                                 USB_STOR_XFER_GOOD)
1279                         return USB_STOR_TRANSPORT_ERROR;
1280
1281                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_STATUS, status) != 
1282                                 USB_STOR_XFER_GOOD)
1283                         return USB_STOR_TRANSPORT_ERROR;
1284
1285                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_DEVICE, status) != 
1286                                 USB_STOR_XFER_GOOD)
1287                         return USB_STOR_TRANSPORT_ERROR;
1288
1289                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_ME, status) != 
1290                                 USB_STOR_XFER_GOOD)
1291                         return USB_STOR_TRANSPORT_ERROR;
1292
1293                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_HI, status) != 
1294                                 USB_STOR_XFER_GOOD)
1295                         return USB_STOR_TRANSPORT_ERROR;
1296
1297                 if (usbat_write(us, USBAT_ATA, USBAT_ATA_LBA_ME, 0x55) != 
1298                                 USB_STOR_XFER_GOOD)
1299                         return USB_STOR_TRANSPORT_ERROR;
1300
1301                 if (usbat_write(us, USBAT_ATA, USBAT_ATA_LBA_HI, 0xAA) != 
1302                                 USB_STOR_XFER_GOOD)
1303                         return USB_STOR_TRANSPORT_ERROR;
1304
1305                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_ME, status) != 
1306                                 USB_STOR_XFER_GOOD)
1307                         return USB_STOR_TRANSPORT_ERROR;
1308
1309                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_ME, status) != 
1310                                 USB_STOR_XFER_GOOD)
1311                         return USB_STOR_TRANSPORT_ERROR;
1312         }
1313
1314         return USB_STOR_TRANSPORT_GOOD;
1315 }
1316
1317 /*
1318  * Initialize the USBAT processor and the storage device
1319  */
1320 static int init_usbat(struct us_data *us, int devicetype)
1321 {
1322         int rc;
1323         struct usbat_info *info;
1324         unsigned char subcountH = USBAT_ATA_LBA_HI;
1325         unsigned char subcountL = USBAT_ATA_LBA_ME;
1326         unsigned char *status = us->iobuf;
1327
1328         us->extra = kzalloc(sizeof(struct usbat_info), GFP_NOIO);
1329         if (!us->extra) {
1330                 US_DEBUGP("init_usbat: Gah! Can't allocate storage for usbat info struct!\n");
1331                 return 1;
1332         }
1333         info = (struct usbat_info *) (us->extra);
1334
1335         /* Enable peripheral control signals */
1336         rc = usbat_write_user_io(us,
1337                                  USBAT_UIO_OE1 | USBAT_UIO_OE0,
1338                                  USBAT_UIO_EPAD | USBAT_UIO_1);
1339         if (rc != USB_STOR_XFER_GOOD)
1340                 return USB_STOR_TRANSPORT_ERROR;
1341
1342         US_DEBUGP("INIT 1\n");
1343
1344         msleep(2000);
1345
1346         rc = usbat_read_user_io(us, status);
1347         if (rc != USB_STOR_TRANSPORT_GOOD)
1348                 return rc;
1349
1350         US_DEBUGP("INIT 2\n");
1351
1352         rc = usbat_read_user_io(us, status);
1353         if (rc != USB_STOR_XFER_GOOD)
1354                 return USB_STOR_TRANSPORT_ERROR;
1355
1356         rc = usbat_read_user_io(us, status);
1357         if (rc != USB_STOR_XFER_GOOD)
1358                 return USB_STOR_TRANSPORT_ERROR;
1359
1360         US_DEBUGP("INIT 3\n");
1361
1362         rc = usbat_select_and_test_registers(us);
1363         if (rc != USB_STOR_TRANSPORT_GOOD)
1364                 return rc;
1365
1366         US_DEBUGP("INIT 4\n");
1367
1368         rc = usbat_read_user_io(us, status);
1369         if (rc != USB_STOR_XFER_GOOD)
1370                 return USB_STOR_TRANSPORT_ERROR;
1371
1372         US_DEBUGP("INIT 5\n");
1373
1374         /* Enable peripheral control signals and card detect */
1375         rc = usbat_device_enable_cdt(us);
1376         if (rc != USB_STOR_TRANSPORT_GOOD)
1377                 return rc;
1378
1379         US_DEBUGP("INIT 6\n");
1380
1381         rc = usbat_read_user_io(us, status);
1382         if (rc != USB_STOR_XFER_GOOD)
1383                 return USB_STOR_TRANSPORT_ERROR;
1384
1385         US_DEBUGP("INIT 7\n");
1386
1387         msleep(1400);
1388
1389         rc = usbat_read_user_io(us, status);
1390         if (rc != USB_STOR_XFER_GOOD)
1391                 return USB_STOR_TRANSPORT_ERROR;
1392
1393         US_DEBUGP("INIT 8\n");
1394
1395         rc = usbat_select_and_test_registers(us);
1396         if (rc != USB_STOR_TRANSPORT_GOOD)
1397                 return rc;
1398
1399         US_DEBUGP("INIT 9\n");
1400
1401         /* At this point, we need to detect which device we are using */
1402         if (usbat_set_transport(us, info, devicetype))
1403                 return USB_STOR_TRANSPORT_ERROR;
1404
1405         US_DEBUGP("INIT 10\n");
1406
1407         if (usbat_get_device_type(us) == USBAT_DEV_FLASH) { 
1408                 subcountH = 0x02;
1409                 subcountL = 0x00;
1410         }
1411         rc = usbat_set_shuttle_features(us, (USBAT_FEAT_ETEN | USBAT_FEAT_ET2 | USBAT_FEAT_ET1),
1412                                                                         0x00, 0x88, 0x08, subcountH, subcountL);
1413         if (rc != USB_STOR_XFER_GOOD)
1414                 return USB_STOR_TRANSPORT_ERROR;
1415
1416         US_DEBUGP("INIT 11\n");
1417
1418         return USB_STOR_TRANSPORT_GOOD;
1419 }
1420
1421 /*
1422  * Transport for the HP 8200e
1423  */
1424 static int usbat_hp8200e_transport(struct scsi_cmnd *srb, struct us_data *us)
1425 {
1426         int result;
1427         unsigned char *status = us->iobuf;
1428         unsigned char registers[32];
1429         unsigned char data[32];
1430         unsigned int len;
1431         int i;
1432
1433         len = scsi_bufflen(srb);
1434
1435         /* Send A0 (ATA PACKET COMMAND).
1436            Note: I guess we're never going to get any of the ATA
1437            commands... just ATA Packet Commands.
1438          */
1439
1440         registers[0] = USBAT_ATA_FEATURES;
1441         registers[1] = USBAT_ATA_SECCNT;
1442         registers[2] = USBAT_ATA_SECNUM;
1443         registers[3] = USBAT_ATA_LBA_ME;
1444         registers[4] = USBAT_ATA_LBA_HI;
1445         registers[5] = USBAT_ATA_DEVICE;
1446         registers[6] = USBAT_ATA_CMD;
1447         data[0] = 0x00;
1448         data[1] = 0x00;
1449         data[2] = 0x00;
1450         data[3] = len&0xFF;             /* (cylL) = expected length (L) */
1451         data[4] = (len>>8)&0xFF;        /* (cylH) = expected length (H) */
1452         data[5] = 0xB0;                 /* (device sel) = slave */
1453         data[6] = 0xA0;                 /* (command) = ATA PACKET COMMAND */
1454
1455         for (i=7; i<19; i++) {
1456                 registers[i] = 0x10;
1457                 data[i] = (i-7 >= srb->cmd_len) ? 0 : srb->cmnd[i-7];
1458         }
1459
1460         result = usbat_get_status(us, status);
1461         US_DEBUGP("Status = %02X\n", *status);
1462         if (result != USB_STOR_XFER_GOOD)
1463                 return USB_STOR_TRANSPORT_ERROR;
1464         if (srb->cmnd[0] == TEST_UNIT_READY)
1465                 transferred = 0;
1466
1467         if (srb->sc_data_direction == DMA_TO_DEVICE) {
1468
1469                 result = usbat_hp8200e_rw_block_test(us, USBAT_ATA, 
1470                         registers, data, 19,
1471                         USBAT_ATA_DATA, USBAT_ATA_STATUS, 0xFD,
1472                         (USBAT_QUAL_FCQ | USBAT_QUAL_ALQ),
1473                         DMA_TO_DEVICE,
1474                         scsi_sglist(srb),
1475                         len, scsi_sg_count(srb), 10);
1476
1477                 if (result == USB_STOR_TRANSPORT_GOOD) {
1478                         transferred += len;
1479                         US_DEBUGP("Wrote %08X bytes\n", transferred);
1480                 }
1481
1482                 return result;
1483
1484         } else if (srb->cmnd[0] == READ_10 ||
1485                    srb->cmnd[0] == GPCMD_READ_CD) {
1486
1487                 return usbat_hp8200e_handle_read10(us, registers, data, srb);
1488
1489         }
1490
1491         if (len > 0xFFFF) {
1492                 US_DEBUGP("Error: len = %08X... what do I do now?\n",
1493                         len);
1494                 return USB_STOR_TRANSPORT_ERROR;
1495         }
1496
1497         if ( (result = usbat_multiple_write(us, 
1498                         registers, data, 7)) != USB_STOR_TRANSPORT_GOOD) {
1499                 return result;
1500         }
1501
1502         /*
1503          * Write the 12-byte command header.
1504          *
1505          * If the command is BLANK then set the timer for 75 minutes.
1506          * Otherwise set it for 10 minutes.
1507          *
1508          * NOTE: THE 8200 DOCUMENTATION STATES THAT BLANKING A CDRW
1509          * AT SPEED 4 IS UNRELIABLE!!!
1510          */
1511
1512         if ((result = usbat_write_block(us,
1513                         USBAT_ATA, srb->cmnd, 12,
1514                                 (srb->cmnd[0]==GPCMD_BLANK ? 75 : 10), 0) !=
1515                              USB_STOR_TRANSPORT_GOOD)) {
1516                 return result;
1517         }
1518
1519         /* If there is response data to be read in then do it here. */
1520
1521         if (len != 0 && (srb->sc_data_direction == DMA_FROM_DEVICE)) {
1522
1523                 /* How many bytes to read in? Check cylL register */
1524
1525                 if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_ME, status) != 
1526                         USB_STOR_XFER_GOOD) {
1527                         return USB_STOR_TRANSPORT_ERROR;
1528                 }
1529
1530                 if (len > 0xFF) { /* need to read cylH also */
1531                         len = *status;
1532                         if (usbat_read(us, USBAT_ATA, USBAT_ATA_LBA_HI, status) !=
1533                                     USB_STOR_XFER_GOOD) {
1534                                 return USB_STOR_TRANSPORT_ERROR;
1535                         }
1536                         len += ((unsigned int) *status)<<8;
1537                 }
1538                 else
1539                         len = *status;
1540
1541
1542                 result = usbat_read_block(us, scsi_sglist(srb), len,
1543                                                            scsi_sg_count(srb));
1544         }
1545
1546         return result;
1547 }
1548
1549 /*
1550  * Transport for USBAT02-based CompactFlash and similar storage devices
1551  */
1552 static int usbat_flash_transport(struct scsi_cmnd * srb, struct us_data *us)
1553 {
1554         int rc;
1555         struct usbat_info *info = (struct usbat_info *) (us->extra);
1556         unsigned long block, blocks;
1557         unsigned char *ptr = us->iobuf;
1558         static unsigned char inquiry_response[36] = {
1559                 0x00, 0x80, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x00
1560         };
1561
1562         if (srb->cmnd[0] == INQUIRY) {
1563                 US_DEBUGP("usbat_flash_transport: INQUIRY. Returning bogus response.\n");
1564                 memcpy(ptr, inquiry_response, sizeof(inquiry_response));
1565                 fill_inquiry_response(us, ptr, 36);
1566                 return USB_STOR_TRANSPORT_GOOD;
1567         }
1568
1569         if (srb->cmnd[0] == READ_CAPACITY) {
1570                 rc = usbat_flash_check_media(us, info);
1571                 if (rc != USB_STOR_TRANSPORT_GOOD)
1572                         return rc;
1573
1574                 rc = usbat_flash_get_sector_count(us, info);
1575                 if (rc != USB_STOR_TRANSPORT_GOOD)
1576                         return rc;
1577
1578                 /* hard coded 512 byte sectors as per ATA spec */
1579                 info->ssize = 0x200;
1580                 US_DEBUGP("usbat_flash_transport: READ_CAPACITY: %ld sectors, %ld bytes per sector\n",
1581                           info->sectors, info->ssize);
1582
1583                 /*
1584                  * build the reply
1585                  * note: must return the sector number of the last sector,
1586                  * *not* the total number of sectors
1587                  */
1588                 ((__be32 *) ptr)[0] = cpu_to_be32(info->sectors - 1);
1589                 ((__be32 *) ptr)[1] = cpu_to_be32(info->ssize);
1590                 usb_stor_set_xfer_buf(ptr, 8, srb);
1591
1592                 return USB_STOR_TRANSPORT_GOOD;
1593         }
1594
1595         if (srb->cmnd[0] == MODE_SELECT_10) {
1596                 US_DEBUGP("usbat_flash_transport:  Gah! MODE_SELECT_10.\n");
1597                 return USB_STOR_TRANSPORT_ERROR;
1598         }
1599
1600         if (srb->cmnd[0] == READ_10) {
1601                 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
1602                                 ((u32)(srb->cmnd[4]) <<  8) | ((u32)(srb->cmnd[5]));
1603
1604                 blocks = ((u32)(srb->cmnd[7]) << 8) | ((u32)(srb->cmnd[8]));
1605
1606                 US_DEBUGP("usbat_flash_transport:  READ_10: read block 0x%04lx  count %ld\n", block, blocks);
1607                 return usbat_flash_read_data(us, info, block, blocks);
1608         }
1609
1610         if (srb->cmnd[0] == READ_12) {
1611                 /*
1612                  * I don't think we'll ever see a READ_12 but support it anyway
1613                  */
1614                 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
1615                         ((u32)(srb->cmnd[4]) <<  8) | ((u32)(srb->cmnd[5]));
1616
1617                 blocks = ((u32)(srb->cmnd[6]) << 24) | ((u32)(srb->cmnd[7]) << 16) |
1618                          ((u32)(srb->cmnd[8]) <<  8) | ((u32)(srb->cmnd[9]));
1619
1620                 US_DEBUGP("usbat_flash_transport: READ_12: read block 0x%04lx  count %ld\n", block, blocks);
1621                 return usbat_flash_read_data(us, info, block, blocks);
1622         }
1623
1624         if (srb->cmnd[0] == WRITE_10) {
1625                 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
1626                         ((u32)(srb->cmnd[4]) <<  8) | ((u32)(srb->cmnd[5]));
1627
1628                 blocks = ((u32)(srb->cmnd[7]) << 8) | ((u32)(srb->cmnd[8]));
1629
1630                 US_DEBUGP("usbat_flash_transport: WRITE_10: write block 0x%04lx  count %ld\n", block, blocks);
1631                 return usbat_flash_write_data(us, info, block, blocks);
1632         }
1633
1634         if (srb->cmnd[0] == WRITE_12) {
1635                 /*
1636                  * I don't think we'll ever see a WRITE_12 but support it anyway
1637                  */
1638                 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
1639                         ((u32)(srb->cmnd[4]) <<  8) | ((u32)(srb->cmnd[5]));
1640
1641                 blocks = ((u32)(srb->cmnd[6]) << 24) | ((u32)(srb->cmnd[7]) << 16) |
1642                          ((u32)(srb->cmnd[8]) <<  8) | ((u32)(srb->cmnd[9]));
1643
1644                 US_DEBUGP("usbat_flash_transport: WRITE_12: write block 0x%04lx  count %ld\n", block, blocks);
1645                 return usbat_flash_write_data(us, info, block, blocks);
1646         }
1647
1648
1649         if (srb->cmnd[0] == TEST_UNIT_READY) {
1650                 US_DEBUGP("usbat_flash_transport: TEST_UNIT_READY.\n");
1651
1652                 rc = usbat_flash_check_media(us, info);
1653                 if (rc != USB_STOR_TRANSPORT_GOOD)
1654                         return rc;
1655
1656                 return usbat_check_status(us);
1657         }
1658
1659         if (srb->cmnd[0] == REQUEST_SENSE) {
1660                 US_DEBUGP("usbat_flash_transport: REQUEST_SENSE.\n");
1661
1662                 memset(ptr, 0, 18);
1663                 ptr[0] = 0xF0;
1664                 ptr[2] = info->sense_key;
1665                 ptr[7] = 11;
1666                 ptr[12] = info->sense_asc;
1667                 ptr[13] = info->sense_ascq;
1668                 usb_stor_set_xfer_buf(ptr, 18, srb);
1669
1670                 return USB_STOR_TRANSPORT_GOOD;
1671         }
1672
1673         if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) {
1674                 /*
1675                  * sure.  whatever.  not like we can stop the user from popping
1676                  * the media out of the device (no locking doors, etc)
1677                  */
1678                 return USB_STOR_TRANSPORT_GOOD;
1679         }
1680
1681         US_DEBUGP("usbat_flash_transport: Gah! Unknown command: %d (0x%x)\n",
1682                           srb->cmnd[0], srb->cmnd[0]);
1683         info->sense_key = 0x05;
1684         info->sense_asc = 0x20;
1685         info->sense_ascq = 0x00;
1686         return USB_STOR_TRANSPORT_FAILED;
1687 }
1688
1689 int init_usbat_cd(struct us_data *us)
1690 {
1691         return init_usbat(us, USBAT_DEV_HP8200);
1692 }
1693
1694
1695 int init_usbat_flash(struct us_data *us)
1696 {
1697         return init_usbat(us, USBAT_DEV_FLASH);
1698 }
1699
1700 int init_usbat_probe(struct us_data *us)
1701 {
1702         return init_usbat(us, 0);
1703 }
1704
1705 /*
1706  * Default transport function. Attempts to detect which transport function
1707  * should be called, makes it the new default, and calls it.
1708  *
1709  * This function should never be called. Our usbat_init() function detects the
1710  * device type and changes the us->transport ptr to the transport function
1711  * relevant to the device.
1712  * However, we'll support this impossible(?) case anyway.
1713  */
1714 int usbat_transport(struct scsi_cmnd *srb, struct us_data *us)
1715 {
1716         struct usbat_info *info = (struct usbat_info*) (us->extra);
1717
1718         if (usbat_set_transport(us, info, 0))
1719                 return USB_STOR_TRANSPORT_ERROR;
1720
1721         return us->transport(srb, us);  
1722 }