1 /* Driver for SanDisk SDDR-09 SmartMedia reader
3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $
4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
6 * Developed with the assistance of:
7 * (c) 2002 Alan Stern <stern@rowland.org>
9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10 * This chip is a programmable USB controller. In the SDDR-09, it has
11 * been programmed to obey a certain limited set of SCSI commands.
12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2, or (at your option) any
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 675 Mass Ave, Cambridge, MA 02139, USA.
31 * Known vendor commands: 12 bytes, first byte is opcode
33 * E7: read scatter gather
41 * EF: compute checksum (?)
44 #include <linux/sched.h>
45 #include <linux/errno.h>
46 #include <linux/slab.h>
48 #include <scsi/scsi.h>
49 #include <scsi/scsi_cmnd.h>
52 #include "transport.h"
58 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
59 #define LSB_of(s) ((s)&0xFF)
60 #define MSB_of(s) ((s)>>8)
62 /* #define US_DEBUGP printk */
65 * First some stuff that does not belong here:
66 * data on SmartMedia and other cards, completely
67 * unrelated to this driver.
68 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
71 struct nand_flash_dev {
73 int chipshift; /* 1<<cs bytes total capacity */
74 char pageshift; /* 1<<ps bytes in a page */
75 char blockshift; /* 1<<bs pages in an erase block */
76 char zoneshift; /* 1<<zs blocks in a zone */
77 /* # of logical blocks is 125/128 of this */
78 char pageadrlen; /* length of an address in bytes - 1 */
82 * NAND Flash Manufacturer ID Codes
84 #define NAND_MFR_AMD 0x01
85 #define NAND_MFR_NATSEMI 0x8f
86 #define NAND_MFR_TOSHIBA 0x98
87 #define NAND_MFR_SAMSUNG 0xec
89 static inline char *nand_flash_manufacturer(int manuf_id) {
93 case NAND_MFR_NATSEMI:
95 case NAND_MFR_TOSHIBA:
97 case NAND_MFR_SAMSUNG:
105 * It looks like it is unnecessary to attach manufacturer to the
106 * remaining data: SSFDC prescribes manufacturer-independent id codes.
108 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
111 static struct nand_flash_dev nand_flash_ids[] = {
113 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
114 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
115 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
116 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
117 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
118 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
119 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
120 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
121 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
122 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
123 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
124 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
125 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
128 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
129 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
130 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
131 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
132 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
136 #define SIZE(a) (sizeof(a)/sizeof((a)[0]))
138 static struct nand_flash_dev *
139 nand_find_id(unsigned char id) {
142 for (i = 0; i < SIZE(nand_flash_ids); i++)
143 if (nand_flash_ids[i].model_id == id)
144 return &(nand_flash_ids[i]);
151 static unsigned char parity[256];
152 static unsigned char ecc2[256];
154 static void nand_init_ecc(void) {
158 for (i = 1; i < 256; i++)
159 parity[i] = (parity[i&(i-1)] ^ 1);
161 for (i = 0; i < 256; i++) {
163 for (j = 0; j < 8; j++) {
173 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
177 /* compute 3-byte ecc on 256 bytes */
178 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
180 unsigned char par, bit, bits[8];
183 for (j = 0; j < 8; j++)
186 /* collect 16 checksum bits */
187 for (i = 0; i < 256; i++) {
189 bit = parity[data[i]];
190 for (j = 0; j < 8; j++)
191 if ((i & (1<<j)) == 0)
195 /* put 4+4+4 = 12 bits in the ecc */
196 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
197 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
199 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
200 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
205 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
206 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
209 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
210 memcpy(data, ecc, 3);
214 * The actual driver starts here.
218 * On my 16MB card, control blocks have size 64 (16 real control bytes,
219 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
220 * so the reader makes up the remaining 48. Don't know whether these numbers
221 * depend on the card. For now a constant.
223 #define CONTROL_SHIFT 6
226 * On my Combo CF/SM reader, the SM reader has LUN 1.
227 * (and things fail with LUN 0).
228 * It seems LUN is irrelevant for others.
231 #define LUNBITS (LUN << 5)
234 * LBA and PBA are unsigned ints. Special values.
236 #define UNDEF 0xffffffff
237 #define SPARE 0xfffffffe
238 #define UNUSABLE 0xfffffffd
240 static int erase_bad_lba_entries = 0;
242 /* send vendor interface command (0x41) */
243 /* called for requests 0, 1, 8 */
245 sddr09_send_command(struct us_data *us,
246 unsigned char request,
247 unsigned char direction,
248 unsigned char *xfer_data,
249 unsigned int xfer_len) {
251 unsigned char requesttype = (0x41 | direction);
254 // Get the receive or send control pipe number
256 if (direction == USB_DIR_IN)
257 pipe = us->recv_ctrl_pipe;
259 pipe = us->send_ctrl_pipe;
261 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
262 0, 0, xfer_data, xfer_len);
263 return (rc == USB_STOR_XFER_GOOD ? USB_STOR_TRANSPORT_GOOD :
264 USB_STOR_TRANSPORT_ERROR);
268 sddr09_send_scsi_command(struct us_data *us,
269 unsigned char *command,
270 unsigned int command_len) {
271 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
276 * Test Unit Ready Command: 12 bytes.
280 sddr09_test_unit_ready(struct us_data *us) {
281 unsigned char *command = us->iobuf;
284 memset(command, 0, 6);
285 command[1] = LUNBITS;
287 result = sddr09_send_scsi_command(us, command, 6);
289 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result);
296 * Request Sense Command: 12 bytes.
298 * byte 4: data length
301 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
302 unsigned char *command = us->iobuf;
305 memset(command, 0, 12);
307 command[1] = LUNBITS;
310 result = sddr09_send_scsi_command(us, command, 12);
311 if (result != USB_STOR_TRANSPORT_GOOD) {
312 US_DEBUGP("request sense failed\n");
316 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
317 sensebuf, buflen, NULL);
318 if (result != USB_STOR_XFER_GOOD) {
319 US_DEBUGP("request sense bulk in failed\n");
320 return USB_STOR_TRANSPORT_ERROR;
322 US_DEBUGP("request sense worked\n");
323 return USB_STOR_TRANSPORT_GOOD;
328 * Read Command: 12 bytes.
330 * byte 1: last two bits: 00: read data, 01: read blockwise control,
331 * 10: read both, 11: read pagewise control.
332 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
333 * bytes 2-5: address (interpretation depends on byte 1, see below)
334 * bytes 10-11: count (idem)
336 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
337 * A read data command gets data in 512-byte pages.
338 * A read control command gets control in 64-byte chunks.
339 * A read both command gets data+control in 576-byte chunks.
341 * Blocks are groups of 32 pages, and read blockwise control jumps to the
342 * next block, while read pagewise control jumps to the next page after
343 * reading a group of 64 control bytes.
344 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
346 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
350 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
351 int nr_of_pages, int bulklen, unsigned char *buf,
354 unsigned char *command = us->iobuf;
358 command[1] = LUNBITS | x;
359 command[2] = MSB_of(fromaddress>>16);
360 command[3] = LSB_of(fromaddress>>16);
361 command[4] = MSB_of(fromaddress & 0xFFFF);
362 command[5] = LSB_of(fromaddress & 0xFFFF);
367 command[10] = MSB_of(nr_of_pages);
368 command[11] = LSB_of(nr_of_pages);
370 result = sddr09_send_scsi_command(us, command, 12);
372 if (result != USB_STOR_TRANSPORT_GOOD) {
373 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n",
378 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
379 buf, bulklen, use_sg, NULL);
381 if (result != USB_STOR_XFER_GOOD) {
382 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n",
384 return USB_STOR_TRANSPORT_ERROR;
386 return USB_STOR_TRANSPORT_GOOD;
392 * fromaddress counts data shorts:
393 * increasing it by 256 shifts the bytestream by 512 bytes;
394 * the last 8 bits are ignored.
396 * nr_of_pages counts pages of size (1 << pageshift).
399 sddr09_read20(struct us_data *us, unsigned long fromaddress,
400 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
401 int bulklen = nr_of_pages << pageshift;
403 /* The last 8 bits of fromaddress are ignored. */
404 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
409 * Read Blockwise Control
411 * fromaddress gives the starting position (as in read data;
412 * the last 8 bits are ignored); increasing it by 32*256 shifts
413 * the output stream by 64 bytes.
415 * count counts control groups of size (1 << controlshift).
416 * For me, controlshift = 6. Is this constant?
418 * After getting one control group, jump to the next block
419 * (fromaddress += 8192).
422 sddr09_read21(struct us_data *us, unsigned long fromaddress,
423 int count, int controlshift, unsigned char *buf, int use_sg) {
425 int bulklen = (count << controlshift);
426 return sddr09_readX(us, 1, fromaddress, count, bulklen,
431 * Read both Data and Control
433 * fromaddress counts data shorts, ignoring control:
434 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
435 * the last 8 bits are ignored.
437 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
440 sddr09_read22(struct us_data *us, unsigned long fromaddress,
441 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
443 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
444 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n",
445 nr_of_pages, bulklen);
446 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
452 * Read Pagewise Control
454 * fromaddress gives the starting position (as in read data;
455 * the last 8 bits are ignored); increasing it by 256 shifts
456 * the output stream by 64 bytes.
458 * count counts control groups of size (1 << controlshift).
459 * For me, controlshift = 6. Is this constant?
461 * After getting one control group, jump to the next page
462 * (fromaddress += 256).
465 sddr09_read23(struct us_data *us, unsigned long fromaddress,
466 int count, int controlshift, unsigned char *buf, int use_sg) {
468 int bulklen = (count << controlshift);
469 return sddr09_readX(us, 3, fromaddress, count, bulklen,
475 * Erase Command: 12 bytes.
477 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
479 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
480 * The byte address being erased is 2*Eaddress.
481 * The CIS cannot be erased.
484 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
485 unsigned char *command = us->iobuf;
488 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress);
490 memset(command, 0, 12);
492 command[1] = LUNBITS;
493 command[6] = MSB_of(Eaddress>>16);
494 command[7] = LSB_of(Eaddress>>16);
495 command[8] = MSB_of(Eaddress & 0xFFFF);
496 command[9] = LSB_of(Eaddress & 0xFFFF);
498 result = sddr09_send_scsi_command(us, command, 12);
500 if (result != USB_STOR_TRANSPORT_GOOD)
501 US_DEBUGP("Result for send_control in sddr09_erase %d\n",
508 * Write CIS Command: 12 bytes.
510 * bytes 2-5: write address in shorts
511 * bytes 10-11: sector count
513 * This writes at the indicated address. Don't know how it differs
514 * from E9. Maybe it does not erase? However, it will also write to
517 * When two such commands on the same page follow each other directly,
518 * the second one is not done.
522 * Write Command: 12 bytes.
524 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
525 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
526 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
528 * If write address equals erase address, the erase is done first,
529 * otherwise the write is done first. When erase address equals zero
533 sddr09_writeX(struct us_data *us,
534 unsigned long Waddress, unsigned long Eaddress,
535 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
537 unsigned char *command = us->iobuf;
541 command[1] = LUNBITS;
543 command[2] = MSB_of(Waddress>>16);
544 command[3] = LSB_of(Waddress>>16);
545 command[4] = MSB_of(Waddress & 0xFFFF);
546 command[5] = LSB_of(Waddress & 0xFFFF);
548 command[6] = MSB_of(Eaddress>>16);
549 command[7] = LSB_of(Eaddress>>16);
550 command[8] = MSB_of(Eaddress & 0xFFFF);
551 command[9] = LSB_of(Eaddress & 0xFFFF);
553 command[10] = MSB_of(nr_of_pages);
554 command[11] = LSB_of(nr_of_pages);
556 result = sddr09_send_scsi_command(us, command, 12);
558 if (result != USB_STOR_TRANSPORT_GOOD) {
559 US_DEBUGP("Result for send_control in sddr09_writeX %d\n",
564 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
565 buf, bulklen, use_sg, NULL);
567 if (result != USB_STOR_XFER_GOOD) {
568 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n",
570 return USB_STOR_TRANSPORT_ERROR;
572 return USB_STOR_TRANSPORT_GOOD;
575 /* erase address, write same address */
577 sddr09_write_inplace(struct us_data *us, unsigned long address,
578 int nr_of_pages, int pageshift, unsigned char *buf,
580 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
581 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
587 * Read Scatter Gather Command: 3+4n bytes.
590 * bytes 4i-1,4i,4i+1: page address
591 * byte 4i+2: page count
594 * This reads several pages from the card to a single memory buffer.
595 * The last two bits of byte 1 have the same meaning as for E8.
598 sddr09_read_sg_test_only(struct us_data *us) {
599 unsigned char *command = us->iobuf;
600 int result, bulklen, nsg, ct;
602 unsigned long address;
606 command[1] = LUNBITS;
608 address = 040000; ct = 1;
610 bulklen += (ct << 9);
611 command[4*nsg+2] = ct;
612 command[4*nsg+1] = ((address >> 9) & 0xFF);
613 command[4*nsg+0] = ((address >> 17) & 0xFF);
614 command[4*nsg-1] = ((address >> 25) & 0xFF);
616 address = 0340000; ct = 1;
618 bulklen += (ct << 9);
619 command[4*nsg+2] = ct;
620 command[4*nsg+1] = ((address >> 9) & 0xFF);
621 command[4*nsg+0] = ((address >> 17) & 0xFF);
622 command[4*nsg-1] = ((address >> 25) & 0xFF);
624 address = 01000000; ct = 2;
626 bulklen += (ct << 9);
627 command[4*nsg+2] = ct;
628 command[4*nsg+1] = ((address >> 9) & 0xFF);
629 command[4*nsg+0] = ((address >> 17) & 0xFF);
630 command[4*nsg-1] = ((address >> 25) & 0xFF);
634 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
636 if (result != USB_STOR_TRANSPORT_GOOD) {
637 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n",
642 buf = (unsigned char *) kmalloc(bulklen, GFP_NOIO);
644 return USB_STOR_TRANSPORT_ERROR;
646 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
649 if (result != USB_STOR_XFER_GOOD) {
650 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n",
652 return USB_STOR_TRANSPORT_ERROR;
655 return USB_STOR_TRANSPORT_GOOD;
660 * Read Status Command: 12 bytes.
663 * Returns 64 bytes, all zero except for the first.
665 * bit 5: 1: Suspended
667 * bit 7: 1: Not write-protected
671 sddr09_read_status(struct us_data *us, unsigned char *status) {
673 unsigned char *command = us->iobuf;
674 unsigned char *data = us->iobuf;
677 US_DEBUGP("Reading status...\n");
679 memset(command, 0, 12);
681 command[1] = LUNBITS;
683 result = sddr09_send_scsi_command(us, command, 12);
684 if (result != USB_STOR_TRANSPORT_GOOD)
687 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
690 return (result == USB_STOR_XFER_GOOD ?
691 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
695 sddr09_read_data(struct us_data *us,
696 unsigned long address,
697 unsigned int sectors) {
699 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
700 unsigned char *buffer;
701 unsigned int lba, maxlba, pba;
702 unsigned int page, pages;
703 unsigned int len, index, offset;
706 // Since we only read in one block at a time, we have to create
707 // a bounce buffer and move the data a piece at a time between the
708 // bounce buffer and the actual transfer buffer.
710 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
711 buffer = kmalloc(len, GFP_NOIO);
712 if (buffer == NULL) {
713 printk("sddr09_read_data: Out of memory\n");
714 return USB_STOR_TRANSPORT_ERROR;
717 // Figure out the initial LBA and page
718 lba = address >> info->blockshift;
719 page = (address & info->blockmask);
720 maxlba = info->capacity >> (info->pageshift + info->blockshift);
722 // This could be made much more efficient by checking for
723 // contiguous LBA's. Another exercise left to the student.
725 result = USB_STOR_TRANSPORT_GOOD;
728 while (sectors > 0) {
730 /* Find number of pages we can read in this block */
731 pages = min(sectors, info->blocksize - page);
732 len = pages << info->pageshift;
734 /* Not overflowing capacity? */
736 US_DEBUGP("Error: Requested lba %u exceeds "
737 "maximum %u\n", lba, maxlba);
738 result = USB_STOR_TRANSPORT_ERROR;
742 /* Find where this lba lives on disk */
743 pba = info->lba_to_pba[lba];
745 if (pba == UNDEF) { /* this lba was never written */
747 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n",
750 /* This is not really an error. It just means
751 that the block has never been written.
752 Instead of returning USB_STOR_TRANSPORT_ERROR
753 it is better to return all zero data. */
755 memset(buffer, 0, len);
758 US_DEBUGP("Read %d pages, from PBA %d"
759 " (LBA %d) page %d\n",
760 pages, pba, lba, page);
762 address = ((pba << info->blockshift) + page) <<
765 result = sddr09_read20(us, address>>1,
766 pages, info->pageshift, buffer, 0);
767 if (result != USB_STOR_TRANSPORT_GOOD)
771 // Store the data in the transfer buffer
772 usb_stor_access_xfer_buf(buffer, len, us->srb,
773 &index, &offset, TO_XFER_BUF);
785 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
786 static unsigned int lastpba = 1;
787 int zonestart, end, i;
789 zonestart = (lba/1000) << 10;
790 end = info->capacity >> (info->blockshift + info->pageshift);
795 for (i = lastpba+1; i < end; i++) {
796 if (info->pba_to_lba[zonestart+i] == UNDEF) {
801 for (i = 0; i <= lastpba; i++) {
802 if (info->pba_to_lba[zonestart+i] == UNDEF) {
811 sddr09_write_lba(struct us_data *us, unsigned int lba,
812 unsigned int page, unsigned int pages,
813 unsigned char *ptr, unsigned char *blockbuffer) {
815 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
816 unsigned long address;
817 unsigned int pba, lbap;
818 unsigned int pagelen;
819 unsigned char *bptr, *cptr, *xptr;
820 unsigned char ecc[3];
821 int i, result, isnew;
823 lbap = ((lba % 1000) << 1) | 0x1000;
824 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
826 pba = info->lba_to_pba[lba];
830 pba = sddr09_find_unused_pba(info, lba);
832 printk("sddr09_write_lba: Out of unused blocks\n");
833 return USB_STOR_TRANSPORT_ERROR;
835 info->pba_to_lba[pba] = lba;
836 info->lba_to_pba[lba] = pba;
841 /* Maybe it is impossible to write to PBA 1.
842 Fake success, but don't do anything. */
843 printk("sddr09: avoid writing to pba 1\n");
844 return USB_STOR_TRANSPORT_GOOD;
847 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
849 /* read old contents */
850 address = (pba << (info->pageshift + info->blockshift));
851 result = sddr09_read22(us, address>>1, info->blocksize,
852 info->pageshift, blockbuffer, 0);
853 if (result != USB_STOR_TRANSPORT_GOOD)
856 /* check old contents and fill lba */
857 for (i = 0; i < info->blocksize; i++) {
858 bptr = blockbuffer + i*pagelen;
859 cptr = bptr + info->pagesize;
860 nand_compute_ecc(bptr, ecc);
861 if (!nand_compare_ecc(cptr+13, ecc)) {
862 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n",
864 nand_store_ecc(cptr+13, ecc);
866 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
867 if (!nand_compare_ecc(cptr+8, ecc)) {
868 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n",
870 nand_store_ecc(cptr+8, ecc);
872 cptr[6] = cptr[11] = MSB_of(lbap);
873 cptr[7] = cptr[12] = LSB_of(lbap);
876 /* copy in new stuff and compute ECC */
878 for (i = page; i < page+pages; i++) {
879 bptr = blockbuffer + i*pagelen;
880 cptr = bptr + info->pagesize;
881 memcpy(bptr, xptr, info->pagesize);
882 xptr += info->pagesize;
883 nand_compute_ecc(bptr, ecc);
884 nand_store_ecc(cptr+13, ecc);
885 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
886 nand_store_ecc(cptr+8, ecc);
889 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba);
891 result = sddr09_write_inplace(us, address>>1, info->blocksize,
892 info->pageshift, blockbuffer, 0);
894 US_DEBUGP("sddr09_write_inplace returns %d\n", result);
898 unsigned char status = 0;
899 int result2 = sddr09_read_status(us, &status);
900 if (result2 != USB_STOR_TRANSPORT_GOOD)
901 US_DEBUGP("sddr09_write_inplace: cannot read status\n");
902 else if (status != 0xc0)
903 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n",
910 int result2 = sddr09_test_unit_ready(us);
918 sddr09_write_data(struct us_data *us,
919 unsigned long address,
920 unsigned int sectors) {
922 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
923 unsigned int lba, page, pages;
924 unsigned int pagelen, blocklen;
925 unsigned char *blockbuffer;
926 unsigned char *buffer;
927 unsigned int len, index, offset;
930 // blockbuffer is used for reading in the old data, overwriting
931 // with the new data, and performing ECC calculations
933 /* TODO: instead of doing kmalloc/kfree for each write,
934 add a bufferpointer to the info structure */
936 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
937 blocklen = (pagelen << info->blockshift);
938 blockbuffer = kmalloc(blocklen, GFP_NOIO);
940 printk("sddr09_write_data: Out of memory\n");
941 return USB_STOR_TRANSPORT_ERROR;
944 // Since we don't write the user data directly to the device,
945 // we have to create a bounce buffer and move the data a piece
946 // at a time between the bounce buffer and the actual transfer buffer.
948 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
949 buffer = kmalloc(len, GFP_NOIO);
950 if (buffer == NULL) {
951 printk("sddr09_write_data: Out of memory\n");
953 return USB_STOR_TRANSPORT_ERROR;
956 // Figure out the initial LBA and page
957 lba = address >> info->blockshift;
958 page = (address & info->blockmask);
960 result = USB_STOR_TRANSPORT_GOOD;
963 while (sectors > 0) {
965 // Write as many sectors as possible in this block
967 pages = min(sectors, info->blocksize - page);
968 len = (pages << info->pageshift);
970 // Get the data from the transfer buffer
971 usb_stor_access_xfer_buf(buffer, len, us->srb,
972 &index, &offset, FROM_XFER_BUF);
974 result = sddr09_write_lba(us, lba, page, pages,
975 buffer, blockbuffer);
976 if (result != USB_STOR_TRANSPORT_GOOD)
991 sddr09_read_control(struct us_data *us,
992 unsigned long address,
994 unsigned char *content,
997 US_DEBUGP("Read control address %lu, blocks %d\n",
1000 return sddr09_read21(us, address, blocks,
1001 CONTROL_SHIFT, content, use_sg);
1005 * Read Device ID Command: 12 bytes.
1006 * byte 0: opcode: ED
1008 * Returns 2 bytes: Manufacturer ID and Device ID.
1009 * On more recent cards 3 bytes: the third byte is an option code A5
1010 * signifying that the secret command to read an 128-bit ID is available.
1011 * On still more recent cards 4 bytes: the fourth byte C0 means that
1012 * a second read ID cmd is available.
1015 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1016 unsigned char *command = us->iobuf;
1017 unsigned char *content = us->iobuf;
1020 memset(command, 0, 12);
1022 command[1] = LUNBITS;
1024 result = sddr09_send_scsi_command(us, command, 12);
1025 if (result != USB_STOR_TRANSPORT_GOOD)
1028 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1031 for (i = 0; i < 4; i++)
1032 deviceID[i] = content[i];
1034 return (result == USB_STOR_XFER_GOOD ?
1035 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1039 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1041 unsigned char status;
1043 result = sddr09_read_status(us, &status);
1044 if (result != USB_STOR_TRANSPORT_GOOD) {
1045 US_DEBUGP("sddr09_get_wp: read_status fails\n");
1048 US_DEBUGP("sddr09_get_wp: status 0x%02X", status);
1049 if ((status & 0x80) == 0) {
1050 info->flags |= SDDR09_WP; /* write protected */
1054 US_DEBUGP(" Ready");
1055 if (status & LUNBITS)
1056 US_DEBUGP(" Suspended");
1058 US_DEBUGP(" Error");
1060 return USB_STOR_TRANSPORT_GOOD;
1065 * Reset Command: 12 bytes.
1066 * byte 0: opcode: EB
1069 sddr09_reset(struct us_data *us) {
1071 unsigned char *command = us->iobuf;
1073 memset(command, 0, 12);
1075 command[1] = LUNBITS;
1077 return sddr09_send_scsi_command(us, command, 12);
1081 static struct nand_flash_dev *
1082 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1083 struct nand_flash_dev *cardinfo;
1084 unsigned char deviceID[4];
1088 US_DEBUGP("Reading capacity...\n");
1090 result = sddr09_read_deviceID(us, deviceID);
1092 if (result != USB_STOR_TRANSPORT_GOOD) {
1093 US_DEBUGP("Result of read_deviceID is %d\n", result);
1094 printk("sddr09: could not read card info\n");
1098 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1099 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1101 /* Byte 0 is the manufacturer */
1102 sprintf(blurbtxt + strlen(blurbtxt),
1104 nand_flash_manufacturer(deviceID[0]));
1106 /* Byte 1 is the device type */
1107 cardinfo = nand_find_id(deviceID[1]);
1109 /* MB or MiB? It is neither. A 16 MB card has
1110 17301504 raw bytes, of which 16384000 are
1111 usable for user data. */
1112 sprintf(blurbtxt + strlen(blurbtxt),
1113 ", %d MB", 1<<(cardinfo->chipshift - 20));
1115 sprintf(blurbtxt + strlen(blurbtxt),
1116 ", type unrecognized");
1119 /* Byte 2 is code to signal availability of 128-bit ID */
1120 if (deviceID[2] == 0xa5) {
1121 sprintf(blurbtxt + strlen(blurbtxt),
1125 /* Byte 3 announces the availability of another read ID command */
1126 if (deviceID[3] == 0xc0) {
1127 sprintf(blurbtxt + strlen(blurbtxt),
1131 if (flags & SDDR09_WP)
1132 sprintf(blurbtxt + strlen(blurbtxt),
1135 printk("%s\n", blurbtxt);
1141 sddr09_read_map(struct us_data *us) {
1143 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1144 int numblocks, alloc_len, alloc_blocks;
1146 unsigned char *buffer, *buffer_end, *ptr;
1147 unsigned int lba, lbact;
1149 if (!info->capacity)
1152 // size of a block is 1 << (blockshift + pageshift) bytes
1153 // divide into the total capacity to get the number of blocks
1155 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1157 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1158 // but only use a 64 KB buffer
1159 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1160 #define SDDR09_READ_MAP_BUFSZ 65536
1162 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1163 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1164 buffer = kmalloc(alloc_len, GFP_NOIO);
1165 if (buffer == NULL) {
1166 printk("sddr09_read_map: out of memory\n");
1170 buffer_end = buffer + alloc_len;
1172 #undef SDDR09_READ_MAP_BUFSZ
1174 kfree(info->lba_to_pba);
1175 kfree(info->pba_to_lba);
1176 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1177 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1179 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1180 printk("sddr09_read_map: out of memory\n");
1185 for (i = 0; i < numblocks; i++)
1186 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1189 * Define lba-pba translation table
1193 for (i = 0; i < numblocks; i++) {
1194 ptr += (1 << CONTROL_SHIFT);
1195 if (ptr >= buffer_end) {
1196 unsigned long address;
1198 address = i << (info->pageshift + info->blockshift);
1199 result = sddr09_read_control(
1201 min(alloc_blocks, numblocks - i),
1203 if (result != USB_STOR_TRANSPORT_GOOD) {
1210 if (i == 0 || i == 1) {
1211 info->pba_to_lba[i] = UNUSABLE;
1215 /* special PBAs have control field 0^16 */
1216 for (j = 0; j < 16; j++)
1219 info->pba_to_lba[i] = UNUSABLE;
1220 printk("sddr09: PBA %d has no logical mapping\n", i);
1224 /* unwritten PBAs have control field FF^16 */
1225 for (j = 0; j < 16; j++)
1231 /* normal PBAs start with six FFs */
1233 printk("sddr09: PBA %d has no logical mapping: "
1234 "reserved area = %02X%02X%02X%02X "
1235 "data status %02X block status %02X\n",
1236 i, ptr[0], ptr[1], ptr[2], ptr[3],
1238 info->pba_to_lba[i] = UNUSABLE;
1242 if ((ptr[6] >> 4) != 0x01) {
1243 printk("sddr09: PBA %d has invalid address field "
1244 "%02X%02X/%02X%02X\n",
1245 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1246 info->pba_to_lba[i] = UNUSABLE;
1250 /* check even parity */
1251 if (parity[ptr[6] ^ ptr[7]]) {
1252 printk("sddr09: Bad parity in LBA for block %d"
1253 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1254 info->pba_to_lba[i] = UNUSABLE;
1258 lba = short_pack(ptr[7], ptr[6]);
1259 lba = (lba & 0x07FF) >> 1;
1262 * Every 1024 physical blocks ("zone"), the LBA numbers
1263 * go back to zero, but are within a higher block of LBA's.
1264 * Also, there is a maximum of 1000 LBA's per zone.
1265 * In other words, in PBA 1024-2047 you will find LBA 0-999
1266 * which are really LBA 1000-1999. This allows for 24 bad
1267 * or special physical blocks per zone.
1271 printk("sddr09: Bad low LBA %d for block %d\n",
1273 goto possibly_erase;
1276 lba += 1000*(i/0x400);
1278 if (info->lba_to_pba[lba] != UNDEF) {
1279 printk("sddr09: LBA %d seen for PBA %d and %d\n",
1280 lba, info->lba_to_pba[lba], i);
1281 goto possibly_erase;
1284 info->pba_to_lba[i] = lba;
1285 info->lba_to_pba[lba] = i;
1289 if (erase_bad_lba_entries) {
1290 unsigned long address;
1292 address = (i << (info->pageshift + info->blockshift));
1293 sddr09_erase(us, address>>1);
1294 info->pba_to_lba[i] = UNDEF;
1296 info->pba_to_lba[i] = UNUSABLE;
1300 * Approximate capacity. This is not entirely correct yet,
1301 * since a zone with less than 1000 usable pages leads to
1302 * missing LBAs. Especially if it is the last zone, some
1303 * LBAs can be past capacity.
1306 for (i = 0; i < numblocks; i += 1024) {
1309 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1310 if (info->pba_to_lba[i+j] != UNUSABLE) {
1312 info->pba_to_lba[i+j] = SPARE;
1319 info->lbact = lbact;
1320 US_DEBUGP("Found %d LBA's\n", lbact);
1325 kfree(info->lba_to_pba);
1326 kfree(info->pba_to_lba);
1327 info->lba_to_pba = NULL;
1328 info->pba_to_lba = NULL;
1335 sddr09_card_info_destructor(void *extra) {
1336 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1341 kfree(info->lba_to_pba);
1342 kfree(info->pba_to_lba);
1346 sddr09_init_card_info(struct us_data *us) {
1348 us->extra = kmalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1350 memset(us->extra, 0, sizeof(struct sddr09_card_info));
1351 us->extra_destructor = sddr09_card_info_destructor;
1357 * This is needed at a very early stage. If this is not listed in the
1358 * unusual devices list but called from here then LUN 0 of the combo reader
1359 * is not recognized. But I do not know what precisely these calls do.
1362 sddr09_init(struct us_data *us) {
1364 unsigned char *data = us->iobuf;
1366 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1367 if (result != USB_STOR_TRANSPORT_GOOD) {
1368 US_DEBUGP("sddr09_init: send_command fails\n");
1372 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1375 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1376 if (result != USB_STOR_TRANSPORT_GOOD) {
1377 US_DEBUGP("sddr09_init: 2nd send_command fails\n");
1381 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1384 result = sddr09_request_sense(us, data, 18);
1385 if (result == USB_STOR_TRANSPORT_GOOD && data[2] != 0) {
1387 for (j=0; j<18; j++)
1388 printk(" %02X", data[j]);
1390 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1391 // 70: current command
1392 // sense key 0, sense code 0, extd sense code 0
1393 // additional transfer length * = sizeof(data) - 7
1394 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1395 // sense key 06, sense code 28: unit attention,
1396 // not ready to ready transition
1401 return USB_STOR_TRANSPORT_GOOD; /* not result */
1405 * Transport for the Sandisk SDDR-09
1407 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1409 static unsigned char sensekey = 0, sensecode = 0;
1410 static unsigned char havefakesense = 0;
1412 unsigned char *ptr = us->iobuf;
1413 unsigned long capacity;
1414 unsigned int page, pages;
1416 struct sddr09_card_info *info;
1418 static unsigned char inquiry_response[8] = {
1419 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1422 /* note: no block descriptor support */
1423 static unsigned char mode_page_01[19] = {
1424 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1426 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1429 info = (struct sddr09_card_info *)us->extra;
1432 sddr09_init_card_info(us);
1433 info = (struct sddr09_card_info *)us->extra;
1435 return USB_STOR_TRANSPORT_ERROR;
1438 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1439 /* for a faked command, we have to follow with a faked sense */
1444 ptr[12] = sensecode;
1445 usb_stor_set_xfer_buf(ptr, 18, srb);
1446 sensekey = sensecode = havefakesense = 0;
1447 return USB_STOR_TRANSPORT_GOOD;
1452 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1453 respond to INQUIRY commands */
1455 if (srb->cmnd[0] == INQUIRY) {
1456 memcpy(ptr, inquiry_response, 8);
1457 fill_inquiry_response(us, ptr, 36);
1458 return USB_STOR_TRANSPORT_GOOD;
1461 if (srb->cmnd[0] == READ_CAPACITY) {
1462 struct nand_flash_dev *cardinfo;
1464 sddr09_get_wp(us, info); /* read WP bit */
1466 cardinfo = sddr09_get_cardinfo(us, info->flags);
1468 /* probably no media */
1470 sensekey = 0x02; /* not ready */
1471 sensecode = 0x3a; /* medium not present */
1472 return USB_STOR_TRANSPORT_FAILED;
1475 info->capacity = (1 << cardinfo->chipshift);
1476 info->pageshift = cardinfo->pageshift;
1477 info->pagesize = (1 << info->pageshift);
1478 info->blockshift = cardinfo->blockshift;
1479 info->blocksize = (1 << info->blockshift);
1480 info->blockmask = info->blocksize - 1;
1482 // map initialization, must follow get_cardinfo()
1483 if (sddr09_read_map(us)) {
1484 /* probably out of memory */
1490 capacity = (info->lbact << info->blockshift) - 1;
1492 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1496 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1497 usb_stor_set_xfer_buf(ptr, 8, srb);
1499 return USB_STOR_TRANSPORT_GOOD;
1502 if (srb->cmnd[0] == MODE_SENSE_10) {
1503 int modepage = (srb->cmnd[2] & 0x3F);
1505 /* They ask for the Read/Write error recovery page,
1506 or for all pages. */
1507 /* %% We should check DBD %% */
1508 if (modepage == 0x01 || modepage == 0x3F) {
1509 US_DEBUGP("SDDR09: Dummy up request for "
1510 "mode page 0x%x\n", modepage);
1512 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1513 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1514 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1515 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1516 return USB_STOR_TRANSPORT_GOOD;
1519 sensekey = 0x05; /* illegal request */
1520 sensecode = 0x24; /* invalid field in CDB */
1521 return USB_STOR_TRANSPORT_FAILED;
1524 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1525 return USB_STOR_TRANSPORT_GOOD;
1529 if (srb->cmnd[0] == READ_10) {
1531 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1533 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1534 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1536 US_DEBUGP("READ_10: read page %d pagect %d\n",
1539 return sddr09_read_data(us, page, pages);
1542 if (srb->cmnd[0] == WRITE_10) {
1544 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1546 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1547 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1549 US_DEBUGP("WRITE_10: write page %d pagect %d\n",
1552 return sddr09_write_data(us, page, pages);
1555 /* catch-all for all other commands, except
1556 * pass TEST_UNIT_READY and REQUEST_SENSE through
1558 if (srb->cmnd[0] != TEST_UNIT_READY &&
1559 srb->cmnd[0] != REQUEST_SENSE) {
1560 sensekey = 0x05; /* illegal request */
1561 sensecode = 0x20; /* invalid command */
1563 return USB_STOR_TRANSPORT_FAILED;
1566 for (; srb->cmd_len<12; srb->cmd_len++)
1567 srb->cmnd[srb->cmd_len] = 0;
1569 srb->cmnd[1] = LUNBITS;
1572 for (i=0; i<12; i++)
1573 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1575 US_DEBUGP("SDDR09: Send control for command %s\n", ptr);
1577 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1578 if (result != USB_STOR_TRANSPORT_GOOD) {
1579 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command "
1580 "returns %d\n", result);
1584 if (srb->request_bufflen == 0)
1585 return USB_STOR_TRANSPORT_GOOD;
1587 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1588 srb->sc_data_direction == DMA_FROM_DEVICE) {
1589 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1590 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1592 US_DEBUGP("SDDR09: %s %d bytes\n",
1593 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1594 "sending" : "receiving",
1595 srb->request_bufflen);
1597 result = usb_stor_bulk_transfer_sg(us, pipe,
1598 srb->request_buffer,
1599 srb->request_bufflen,
1600 srb->use_sg, &srb->resid);
1602 return (result == USB_STOR_XFER_GOOD ?
1603 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1606 return USB_STOR_TRANSPORT_GOOD;
projects / linux-2.6 / blob