[XFS] Fix double free of log tickets
[linux-2.6] / drivers / ide / ide-floppy.c
1 /*
2  * IDE ATAPI floppy driver.
3  *
4  * Copyright (C) 1996-1999  Gadi Oxman <gadio@netvision.net.il>
5  * Copyright (C) 2000-2002  Paul Bristow <paul@paulbristow.net>
6  * Copyright (C) 2005       Bartlomiej Zolnierkiewicz
7  *
8  * This driver supports the following IDE floppy drives:
9  *
10  * LS-120/240 SuperDisk
11  * Iomega Zip 100/250
12  * Iomega PC Card Clik!/PocketZip
13  *
14  * For a historical changelog see
15  * Documentation/ide/ChangeLog.ide-floppy.1996-2002
16  */
17
18 #include <linux/types.h>
19 #include <linux/string.h>
20 #include <linux/kernel.h>
21 #include <linux/delay.h>
22 #include <linux/timer.h>
23 #include <linux/mm.h>
24 #include <linux/interrupt.h>
25 #include <linux/major.h>
26 #include <linux/errno.h>
27 #include <linux/genhd.h>
28 #include <linux/slab.h>
29 #include <linux/cdrom.h>
30 #include <linux/ide.h>
31 #include <linux/hdreg.h>
32 #include <linux/bitops.h>
33 #include <linux/mutex.h>
34 #include <linux/scatterlist.h>
35
36 #include <scsi/scsi_ioctl.h>
37
38 #include <asm/byteorder.h>
39 #include <linux/irq.h>
40 #include <linux/uaccess.h>
41 #include <linux/io.h>
42 #include <asm/unaligned.h>
43
44 #include "ide-floppy.h"
45
46 /*
47  * After each failed packet command we issue a request sense command and retry
48  * the packet command IDEFLOPPY_MAX_PC_RETRIES times.
49  */
50 #define IDEFLOPPY_MAX_PC_RETRIES        3
51
52 /* format capacities descriptor codes */
53 #define CAPACITY_INVALID        0x00
54 #define CAPACITY_UNFORMATTED    0x01
55 #define CAPACITY_CURRENT        0x02
56 #define CAPACITY_NO_CARTRIDGE   0x03
57
58 /*
59  * The following delay solves a problem with ATAPI Zip 100 drive where BSY bit
60  * was apparently being deasserted before the unit was ready to receive data.
61  */
62 #define IDEFLOPPY_PC_DELAY      (HZ/20) /* default delay for ZIP 100 (50ms) */
63
64 /* Error code returned in rq->errors to the higher part of the driver. */
65 #define IDEFLOPPY_ERROR_GENERAL         101
66
67 /*
68  * Used to finish servicing a request. For read/write requests, we will call
69  * ide_end_request to pass to the next buffer.
70  */
71 static int ide_floppy_end_request(ide_drive_t *drive, int uptodate, int nsecs)
72 {
73         struct ide_disk_obj *floppy = drive->driver_data;
74         struct request *rq = HWGROUP(drive)->rq;
75         int error;
76
77         ide_debug_log(IDE_DBG_FUNC, "Call %s\n", __func__);
78
79         switch (uptodate) {
80         case 0:
81                 error = IDEFLOPPY_ERROR_GENERAL;
82                 break;
83
84         case 1:
85                 error = 0;
86                 break;
87
88         default:
89                 error = uptodate;
90         }
91
92         if (error)
93                 floppy->failed_pc = NULL;
94         /* Why does this happen? */
95         if (!rq)
96                 return 0;
97         if (!blk_special_request(rq)) {
98                 /* our real local end request function */
99                 ide_end_request(drive, uptodate, nsecs);
100                 return 0;
101         }
102         rq->errors = error;
103         /* fixme: need to move this local also */
104         ide_end_drive_cmd(drive, 0, 0);
105         return 0;
106 }
107
108 static void idefloppy_update_buffers(ide_drive_t *drive,
109                                 struct ide_atapi_pc *pc)
110 {
111         struct request *rq = pc->rq;
112         struct bio *bio = rq->bio;
113
114         while ((bio = rq->bio) != NULL)
115                 ide_floppy_end_request(drive, 1, 0);
116 }
117
118 static void ide_floppy_callback(ide_drive_t *drive, int dsc)
119 {
120         struct ide_disk_obj *floppy = drive->driver_data;
121         struct ide_atapi_pc *pc = drive->pc;
122         int uptodate = pc->error ? 0 : 1;
123
124         ide_debug_log(IDE_DBG_FUNC, "Call %s\n", __func__);
125
126         if (floppy->failed_pc == pc)
127                 floppy->failed_pc = NULL;
128
129         if (pc->c[0] == GPCMD_READ_10 || pc->c[0] == GPCMD_WRITE_10 ||
130             (pc->rq && blk_pc_request(pc->rq)))
131                 uptodate = 1; /* FIXME */
132         else if (pc->c[0] == GPCMD_REQUEST_SENSE) {
133                 u8 *buf = pc->buf;
134
135                 if (!pc->error) {
136                         floppy->sense_key = buf[2] & 0x0F;
137                         floppy->asc = buf[12];
138                         floppy->ascq = buf[13];
139                         floppy->progress_indication = buf[15] & 0x80 ?
140                                 (u16)get_unaligned((u16 *)&buf[16]) : 0x10000;
141
142                         if (floppy->failed_pc)
143                                 ide_debug_log(IDE_DBG_PC, "pc = %x, ",
144                                               floppy->failed_pc->c[0]);
145
146                         ide_debug_log(IDE_DBG_SENSE, "sense key = %x, asc = %x,"
147                                       "ascq = %x\n", floppy->sense_key,
148                                       floppy->asc, floppy->ascq);
149                 } else
150                         printk(KERN_ERR PFX "Error in REQUEST SENSE itself - "
151                                "Aborting request!\n");
152         }
153
154         ide_floppy_end_request(drive, uptodate, 0);
155 }
156
157 static void ide_floppy_report_error(struct ide_disk_obj *floppy,
158                                     struct ide_atapi_pc *pc)
159 {
160         /* supress error messages resulting from Medium not present */
161         if (floppy->sense_key == 0x02 &&
162             floppy->asc       == 0x3a &&
163             floppy->ascq      == 0x00)
164                 return;
165
166         printk(KERN_ERR PFX "%s: I/O error, pc = %2x, key = %2x, "
167                         "asc = %2x, ascq = %2x\n",
168                         floppy->drive->name, pc->c[0], floppy->sense_key,
169                         floppy->asc, floppy->ascq);
170
171 }
172
173 static ide_startstop_t idefloppy_issue_pc(ide_drive_t *drive,
174                 struct ide_atapi_pc *pc)
175 {
176         struct ide_disk_obj *floppy = drive->driver_data;
177
178         if (floppy->failed_pc == NULL &&
179             pc->c[0] != GPCMD_REQUEST_SENSE)
180                 floppy->failed_pc = pc;
181
182         /* Set the current packet command */
183         drive->pc = pc;
184
185         if (pc->retries > IDEFLOPPY_MAX_PC_RETRIES) {
186                 if (!(pc->flags & PC_FLAG_SUPPRESS_ERROR))
187                         ide_floppy_report_error(floppy, pc);
188                 /* Giving up */
189                 pc->error = IDEFLOPPY_ERROR_GENERAL;
190
191                 floppy->failed_pc = NULL;
192                 drive->pc_callback(drive, 0);
193                 return ide_stopped;
194         }
195
196         ide_debug_log(IDE_DBG_FUNC, "%s: Retry #%d\n", __func__, pc->retries);
197
198         pc->retries++;
199
200         return ide_issue_pc(drive, WAIT_FLOPPY_CMD, NULL);
201 }
202
203 void ide_floppy_create_read_capacity_cmd(struct ide_atapi_pc *pc)
204 {
205         ide_init_pc(pc);
206         pc->c[0] = GPCMD_READ_FORMAT_CAPACITIES;
207         pc->c[7] = 255;
208         pc->c[8] = 255;
209         pc->req_xfer = 255;
210 }
211
212 /* A mode sense command is used to "sense" floppy parameters. */
213 void ide_floppy_create_mode_sense_cmd(struct ide_atapi_pc *pc, u8 page_code)
214 {
215         u16 length = 8; /* sizeof(Mode Parameter Header) = 8 Bytes */
216
217         ide_init_pc(pc);
218         pc->c[0] = GPCMD_MODE_SENSE_10;
219         pc->c[1] = 0;
220         pc->c[2] = page_code;
221
222         switch (page_code) {
223         case IDEFLOPPY_CAPABILITIES_PAGE:
224                 length += 12;
225                 break;
226         case IDEFLOPPY_FLEXIBLE_DISK_PAGE:
227                 length += 32;
228                 break;
229         default:
230                 printk(KERN_ERR PFX "unsupported page code in %s\n", __func__);
231         }
232         put_unaligned(cpu_to_be16(length), (u16 *) &pc->c[7]);
233         pc->req_xfer = length;
234 }
235
236 static void idefloppy_create_rw_cmd(ide_drive_t *drive,
237                                     struct ide_atapi_pc *pc, struct request *rq,
238                                     unsigned long sector)
239 {
240         struct ide_disk_obj *floppy = drive->driver_data;
241         int block = sector / floppy->bs_factor;
242         int blocks = rq->nr_sectors / floppy->bs_factor;
243         int cmd = rq_data_dir(rq);
244
245         ide_debug_log(IDE_DBG_FUNC, "%s: block: %d, blocks: %d\n", __func__,
246                       block, blocks);
247
248         ide_init_pc(pc);
249         pc->c[0] = cmd == READ ? GPCMD_READ_10 : GPCMD_WRITE_10;
250         put_unaligned(cpu_to_be16(blocks), (unsigned short *)&pc->c[7]);
251         put_unaligned(cpu_to_be32(block), (unsigned int *) &pc->c[2]);
252
253         memcpy(rq->cmd, pc->c, 12);
254
255         pc->rq = rq;
256         pc->b_count = 0;
257         if (rq->cmd_flags & REQ_RW)
258                 pc->flags |= PC_FLAG_WRITING;
259         pc->buf = NULL;
260         pc->req_xfer = pc->buf_size = blocks * floppy->block_size;
261         pc->flags |= PC_FLAG_DMA_OK;
262 }
263
264 static void idefloppy_blockpc_cmd(struct ide_disk_obj *floppy,
265                 struct ide_atapi_pc *pc, struct request *rq)
266 {
267         ide_init_pc(pc);
268         memcpy(pc->c, rq->cmd, sizeof(pc->c));
269         pc->rq = rq;
270         pc->b_count = 0;
271         if (rq->data_len && rq_data_dir(rq) == WRITE)
272                 pc->flags |= PC_FLAG_WRITING;
273         pc->buf = rq->data;
274         if (rq->bio)
275                 pc->flags |= PC_FLAG_DMA_OK;
276         /*
277          * possibly problematic, doesn't look like ide-floppy correctly
278          * handled scattered requests if dma fails...
279          */
280         pc->req_xfer = pc->buf_size = rq->data_len;
281 }
282
283 static ide_startstop_t ide_floppy_do_request(ide_drive_t *drive,
284                                              struct request *rq, sector_t block)
285 {
286         struct ide_disk_obj *floppy = drive->driver_data;
287         ide_hwif_t *hwif = drive->hwif;
288         struct ide_atapi_pc *pc;
289
290         ide_debug_log(IDE_DBG_FUNC, "%s: dev: %s, cmd: 0x%x, cmd_type: %x, "
291                       "errors: %d\n",
292                       __func__, rq->rq_disk ? rq->rq_disk->disk_name : "?",
293                       rq->cmd[0], rq->cmd_type, rq->errors);
294
295         ide_debug_log(IDE_DBG_FUNC, "%s: sector: %ld, nr_sectors: %ld, "
296                       "current_nr_sectors: %d\n",
297                       __func__, (long)rq->sector, rq->nr_sectors,
298                       rq->current_nr_sectors);
299
300         if (rq->errors >= ERROR_MAX) {
301                 if (floppy->failed_pc)
302                         ide_floppy_report_error(floppy, floppy->failed_pc);
303                 else
304                         printk(KERN_ERR PFX "%s: I/O error\n", drive->name);
305
306                 ide_floppy_end_request(drive, 0, 0);
307                 return ide_stopped;
308         }
309         if (blk_fs_request(rq)) {
310                 if (((long)rq->sector % floppy->bs_factor) ||
311                     (rq->nr_sectors % floppy->bs_factor)) {
312                         printk(KERN_ERR PFX "%s: unsupported r/w rq size\n",
313                                 drive->name);
314                         ide_floppy_end_request(drive, 0, 0);
315                         return ide_stopped;
316                 }
317                 pc = &floppy->queued_pc;
318                 idefloppy_create_rw_cmd(drive, pc, rq, (unsigned long)block);
319         } else if (blk_special_request(rq)) {
320                 pc = (struct ide_atapi_pc *) rq->buffer;
321         } else if (blk_pc_request(rq)) {
322                 pc = &floppy->queued_pc;
323                 idefloppy_blockpc_cmd(floppy, pc, rq);
324         } else {
325                 blk_dump_rq_flags(rq, PFX "unsupported command in queue");
326                 ide_floppy_end_request(drive, 0, 0);
327                 return ide_stopped;
328         }
329
330         ide_init_sg_cmd(drive, rq);
331         ide_map_sg(drive, rq);
332
333         pc->sg = hwif->sg_table;
334         pc->sg_cnt = hwif->sg_nents;
335
336         pc->rq = rq;
337
338         return idefloppy_issue_pc(drive, pc);
339 }
340
341 /*
342  * Look at the flexible disk page parameters. We ignore the CHS capacity
343  * parameters and use the LBA parameters instead.
344  */
345 static int ide_floppy_get_flexible_disk_page(ide_drive_t *drive)
346 {
347         struct ide_disk_obj *floppy = drive->driver_data;
348         struct gendisk *disk = floppy->disk;
349         struct ide_atapi_pc pc;
350         u8 *page;
351         int capacity, lba_capacity;
352         u16 transfer_rate, sector_size, cyls, rpm;
353         u8 heads, sectors;
354
355         ide_floppy_create_mode_sense_cmd(&pc, IDEFLOPPY_FLEXIBLE_DISK_PAGE);
356
357         if (ide_queue_pc_tail(drive, disk, &pc)) {
358                 printk(KERN_ERR PFX "Can't get flexible disk page params\n");
359                 return 1;
360         }
361
362         if (pc.buf[3] & 0x80)
363                 drive->dev_flags |= IDE_DFLAG_WP;
364         else
365                 drive->dev_flags &= ~IDE_DFLAG_WP;
366
367         set_disk_ro(disk, !!(drive->dev_flags & IDE_DFLAG_WP));
368
369         page = &pc.buf[8];
370
371         transfer_rate = be16_to_cpup((__be16 *)&pc.buf[8 + 2]);
372         sector_size   = be16_to_cpup((__be16 *)&pc.buf[8 + 6]);
373         cyls          = be16_to_cpup((__be16 *)&pc.buf[8 + 8]);
374         rpm           = be16_to_cpup((__be16 *)&pc.buf[8 + 28]);
375         heads         = pc.buf[8 + 4];
376         sectors       = pc.buf[8 + 5];
377
378         capacity = cyls * heads * sectors * sector_size;
379
380         if (memcmp(page, &floppy->flexible_disk_page, 32))
381                 printk(KERN_INFO PFX "%s: %dkB, %d/%d/%d CHS, %d kBps, "
382                                 "%d sector size, %d rpm\n",
383                                 drive->name, capacity / 1024, cyls, heads,
384                                 sectors, transfer_rate / 8, sector_size, rpm);
385
386         memcpy(&floppy->flexible_disk_page, page, 32);
387         drive->bios_cyl = cyls;
388         drive->bios_head = heads;
389         drive->bios_sect = sectors;
390         lba_capacity = floppy->blocks * floppy->block_size;
391
392         if (capacity < lba_capacity) {
393                 printk(KERN_NOTICE PFX "%s: The disk reports a capacity of %d "
394                         "bytes, but the drive only handles %d\n",
395                         drive->name, lba_capacity, capacity);
396                 floppy->blocks = floppy->block_size ?
397                         capacity / floppy->block_size : 0;
398                 drive->capacity64 = floppy->blocks * floppy->bs_factor;
399         }
400
401         return 0;
402 }
403
404 /*
405  * Determine if a media is present in the floppy drive, and if so, its LBA
406  * capacity.
407  */
408 static int ide_floppy_get_capacity(ide_drive_t *drive)
409 {
410         struct ide_disk_obj *floppy = drive->driver_data;
411         struct gendisk *disk = floppy->disk;
412         struct ide_atapi_pc pc;
413         u8 *cap_desc;
414         u8 header_len, desc_cnt;
415         int i, rc = 1, blocks, length;
416
417         drive->bios_cyl = 0;
418         drive->bios_head = drive->bios_sect = 0;
419         floppy->blocks = 0;
420         floppy->bs_factor = 1;
421         drive->capacity64 = 0;
422
423         ide_floppy_create_read_capacity_cmd(&pc);
424         if (ide_queue_pc_tail(drive, disk, &pc)) {
425                 printk(KERN_ERR PFX "Can't get floppy parameters\n");
426                 return 1;
427         }
428         header_len = pc.buf[3];
429         cap_desc = &pc.buf[4];
430         desc_cnt = header_len / 8; /* capacity descriptor of 8 bytes */
431
432         for (i = 0; i < desc_cnt; i++) {
433                 unsigned int desc_start = 4 + i*8;
434
435                 blocks = be32_to_cpup((__be32 *)&pc.buf[desc_start]);
436                 length = be16_to_cpup((__be16 *)&pc.buf[desc_start + 6]);
437
438                 ide_debug_log(IDE_DBG_PROBE, "Descriptor %d: %dkB, %d blocks, "
439                               "%d sector size\n",
440                               i, blocks * length / 1024, blocks, length);
441
442                 if (i)
443                         continue;
444                 /*
445                  * the code below is valid only for the 1st descriptor, ie i=0
446                  */
447
448                 switch (pc.buf[desc_start + 4] & 0x03) {
449                 /* Clik! drive returns this instead of CAPACITY_CURRENT */
450                 case CAPACITY_UNFORMATTED:
451                         if (!(drive->atapi_flags & IDE_AFLAG_CLIK_DRIVE))
452                                 /*
453                                  * If it is not a clik drive, break out
454                                  * (maintains previous driver behaviour)
455                                  */
456                                 break;
457                 case CAPACITY_CURRENT:
458                         /* Normal Zip/LS-120 disks */
459                         if (memcmp(cap_desc, &floppy->cap_desc, 8))
460                                 printk(KERN_INFO PFX "%s: %dkB, %d blocks, %d "
461                                        "sector size\n",
462                                        drive->name, blocks * length / 1024,
463                                        blocks, length);
464                         memcpy(&floppy->cap_desc, cap_desc, 8);
465
466                         if (!length || length % 512) {
467                                 printk(KERN_NOTICE PFX "%s: %d bytes block size"
468                                        " not supported\n", drive->name, length);
469                         } else {
470                                 floppy->blocks = blocks;
471                                 floppy->block_size = length;
472                                 floppy->bs_factor = length / 512;
473                                 if (floppy->bs_factor != 1)
474                                         printk(KERN_NOTICE PFX "%s: Warning: "
475                                                "non 512 bytes block size not "
476                                                "fully supported\n",
477                                                drive->name);
478                                 drive->capacity64 =
479                                         floppy->blocks * floppy->bs_factor;
480                                 rc = 0;
481                         }
482                         break;
483                 case CAPACITY_NO_CARTRIDGE:
484                         /*
485                          * This is a KERN_ERR so it appears on screen
486                          * for the user to see
487                          */
488                         printk(KERN_ERR PFX "%s: No disk in drive\n",
489                                drive->name);
490                         break;
491                 case CAPACITY_INVALID:
492                         printk(KERN_ERR PFX "%s: Invalid capacity for disk "
493                                 "in drive\n", drive->name);
494                         break;
495                 }
496                 ide_debug_log(IDE_DBG_PROBE, "Descriptor 0 Code: %d\n",
497                               pc.buf[desc_start + 4] & 0x03);
498         }
499
500         /* Clik! disk does not support get_flexible_disk_page */
501         if (!(drive->atapi_flags & IDE_AFLAG_CLIK_DRIVE))
502                 (void) ide_floppy_get_flexible_disk_page(drive);
503
504         return rc;
505 }
506
507 static void ide_floppy_setup(ide_drive_t *drive)
508 {
509         struct ide_disk_obj *floppy = drive->driver_data;
510         u16 *id = drive->id;
511
512         drive->pc_callback       = ide_floppy_callback;
513         drive->pc_update_buffers = idefloppy_update_buffers;
514         drive->pc_io_buffers     = ide_io_buffers;
515
516         /*
517          * We used to check revisions here. At this point however I'm giving up.
518          * Just assume they are all broken, its easier.
519          *
520          * The actual reason for the workarounds was likely a driver bug after
521          * all rather than a firmware bug, and the workaround below used to hide
522          * it. It should be fixed as of version 1.9, but to be on the safe side
523          * we'll leave the limitation below for the 2.2.x tree.
524          */
525         if (!strncmp((char *)&id[ATA_ID_PROD], "IOMEGA ZIP 100 ATAPI", 20)) {
526                 drive->atapi_flags |= IDE_AFLAG_ZIP_DRIVE;
527                 /* This value will be visible in the /proc/ide/hdx/settings */
528                 drive->pc_delay = IDEFLOPPY_PC_DELAY;
529                 blk_queue_max_sectors(drive->queue, 64);
530         }
531
532         /*
533          * Guess what? The IOMEGA Clik! drive also needs the above fix. It makes
534          * nasty clicking noises without it, so please don't remove this.
535          */
536         if (strncmp((char *)&id[ATA_ID_PROD], "IOMEGA Clik!", 11) == 0) {
537                 blk_queue_max_sectors(drive->queue, 64);
538                 drive->atapi_flags |= IDE_AFLAG_CLIK_DRIVE;
539                 /* IOMEGA Clik! drives do not support lock/unlock commands */
540                 drive->dev_flags &= ~IDE_DFLAG_DOORLOCKING;
541         }
542
543         (void) ide_floppy_get_capacity(drive);
544
545         ide_proc_register_driver(drive, floppy->driver);
546
547         drive->dev_flags |= IDE_DFLAG_ATTACH;
548 }
549
550 static void ide_floppy_flush(ide_drive_t *drive)
551 {
552 }
553
554 static int ide_floppy_init_media(ide_drive_t *drive, struct gendisk *disk)
555 {
556         int ret = 0;
557
558         if (ide_do_test_unit_ready(drive, disk))
559                 ide_do_start_stop(drive, disk, 1);
560
561         ret = ide_floppy_get_capacity(drive);
562
563         set_capacity(disk, ide_gd_capacity(drive));
564
565         return ret;
566 }
567
568 const struct ide_disk_ops ide_atapi_disk_ops = {
569         .check          = ide_check_atapi_device,
570         .get_capacity   = ide_floppy_get_capacity,
571         .setup          = ide_floppy_setup,
572         .flush          = ide_floppy_flush,
573         .init_media     = ide_floppy_init_media,
574         .set_doorlock   = ide_set_media_lock,
575         .do_request     = ide_floppy_do_request,
576         .end_request    = ide_floppy_end_request,
577         .ioctl          = ide_floppy_ioctl,
578 };