1 /* Driver for SanDisk SDDR-09 SmartMedia reader
3 * $Id: sddr09.c,v 1.24 2002/04/22 03:39:43 mdharm Exp $
4 * (c) 2000, 2001 Robert Baruch (autophile@starband.net)
5 * (c) 2002 Andries Brouwer (aeb@cwi.nl)
6 * Developed with the assistance of:
7 * (c) 2002 Alan Stern <stern@rowland.org>
9 * The SanDisk SDDR-09 SmartMedia reader uses the Shuttle EUSB-01 chip.
10 * This chip is a programmable USB controller. In the SDDR-09, it has
11 * been programmed to obey a certain limited set of SCSI commands.
12 * This driver translates the "real" SCSI commands to the SDDR-09 SCSI
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2, or (at your option) any
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * General Public License for more details.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 675 Mass Ave, Cambridge, MA 02139, USA.
31 * Known vendor commands: 12 bytes, first byte is opcode
33 * E7: read scatter gather
41 * EF: compute checksum (?)
44 #include <linux/sched.h>
45 #include <linux/errno.h>
46 #include <linux/slab.h>
48 #include <scsi/scsi.h>
49 #include <scsi/scsi_cmnd.h>
52 #include "transport.h"
58 #define short_pack(lsb,msb) ( ((u16)(lsb)) | ( ((u16)(msb))<<8 ) )
59 #define LSB_of(s) ((s)&0xFF)
60 #define MSB_of(s) ((s)>>8)
62 /* #define US_DEBUGP printk */
65 * First some stuff that does not belong here:
66 * data on SmartMedia and other cards, completely
67 * unrelated to this driver.
68 * Similar stuff occurs in <linux/mtd/nand_ids.h>.
71 struct nand_flash_dev {
73 int chipshift; /* 1<<cs bytes total capacity */
74 char pageshift; /* 1<<ps bytes in a page */
75 char blockshift; /* 1<<bs pages in an erase block */
76 char zoneshift; /* 1<<zs blocks in a zone */
77 /* # of logical blocks is 125/128 of this */
78 char pageadrlen; /* length of an address in bytes - 1 */
82 * NAND Flash Manufacturer ID Codes
84 #define NAND_MFR_AMD 0x01
85 #define NAND_MFR_NATSEMI 0x8f
86 #define NAND_MFR_TOSHIBA 0x98
87 #define NAND_MFR_SAMSUNG 0xec
89 static inline char *nand_flash_manufacturer(int manuf_id) {
93 case NAND_MFR_NATSEMI:
95 case NAND_MFR_TOSHIBA:
97 case NAND_MFR_SAMSUNG:
105 * It looks like it is unnecessary to attach manufacturer to the
106 * remaining data: SSFDC prescribes manufacturer-independent id codes.
108 * 256 MB NAND flash has a 5-byte ID with 2nd byte 0xaa, 0xba, 0xca or 0xda.
111 static struct nand_flash_dev nand_flash_ids[] = {
113 { 0x6e, 20, 8, 4, 8, 2}, /* 1 MB */
114 { 0xe8, 20, 8, 4, 8, 2}, /* 1 MB */
115 { 0xec, 20, 8, 4, 8, 2}, /* 1 MB */
116 { 0x64, 21, 8, 4, 9, 2}, /* 2 MB */
117 { 0xea, 21, 8, 4, 9, 2}, /* 2 MB */
118 { 0x6b, 22, 9, 4, 9, 2}, /* 4 MB */
119 { 0xe3, 22, 9, 4, 9, 2}, /* 4 MB */
120 { 0xe5, 22, 9, 4, 9, 2}, /* 4 MB */
121 { 0xe6, 23, 9, 4, 10, 2}, /* 8 MB */
122 { 0x73, 24, 9, 5, 10, 2}, /* 16 MB */
123 { 0x75, 25, 9, 5, 10, 2}, /* 32 MB */
124 { 0x76, 26, 9, 5, 10, 3}, /* 64 MB */
125 { 0x79, 27, 9, 5, 10, 3}, /* 128 MB */
128 { 0x5d, 21, 9, 4, 8, 2}, /* 2 MB */
129 { 0xd5, 22, 9, 4, 9, 2}, /* 4 MB */
130 { 0xd6, 23, 9, 4, 10, 2}, /* 8 MB */
131 { 0x57, 24, 9, 4, 11, 2}, /* 16 MB */
132 { 0x58, 25, 9, 4, 12, 2}, /* 32 MB */
136 #define SIZE(a) (sizeof(a)/sizeof((a)[0]))
138 static struct nand_flash_dev *
139 nand_find_id(unsigned char id) {
142 for (i = 0; i < SIZE(nand_flash_ids); i++)
143 if (nand_flash_ids[i].model_id == id)
144 return &(nand_flash_ids[i]);
151 static unsigned char parity[256];
152 static unsigned char ecc2[256];
154 static void nand_init_ecc(void) {
158 for (i = 1; i < 256; i++)
159 parity[i] = (parity[i&(i-1)] ^ 1);
161 for (i = 0; i < 256; i++) {
163 for (j = 0; j < 8; j++) {
173 ecc2[i] = ~(a ^ (a<<1) ^ (parity[i] ? 0xa8 : 0));
177 /* compute 3-byte ecc on 256 bytes */
178 static void nand_compute_ecc(unsigned char *data, unsigned char *ecc) {
180 unsigned char par, bit, bits[8];
183 for (j = 0; j < 8; j++)
186 /* collect 16 checksum bits */
187 for (i = 0; i < 256; i++) {
189 bit = parity[data[i]];
190 for (j = 0; j < 8; j++)
191 if ((i & (1<<j)) == 0)
195 /* put 4+4+4 = 12 bits in the ecc */
196 a = (bits[3] << 6) + (bits[2] << 4) + (bits[1] << 2) + bits[0];
197 ecc[0] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
199 a = (bits[7] << 6) + (bits[6] << 4) + (bits[5] << 2) + bits[4];
200 ecc[1] = ~(a ^ (a<<1) ^ (parity[par] ? 0xaa : 0));
205 static int nand_compare_ecc(unsigned char *data, unsigned char *ecc) {
206 return (data[0] == ecc[0] && data[1] == ecc[1] && data[2] == ecc[2]);
209 static void nand_store_ecc(unsigned char *data, unsigned char *ecc) {
210 memcpy(data, ecc, 3);
214 * The actual driver starts here.
217 struct sddr09_card_info {
218 unsigned long capacity; /* Size of card in bytes */
219 int pagesize; /* Size of page in bytes */
220 int pageshift; /* log2 of pagesize */
221 int blocksize; /* Size of block in pages */
222 int blockshift; /* log2 of blocksize */
223 int blockmask; /* 2^blockshift - 1 */
224 int *lba_to_pba; /* logical to physical map */
225 int *pba_to_lba; /* physical to logical map */
226 int lbact; /* number of available pages */
228 #define SDDR09_WP 1 /* write protected */
232 * On my 16MB card, control blocks have size 64 (16 real control bytes,
233 * and 48 junk bytes). In reality of course the card uses 16 control bytes,
234 * so the reader makes up the remaining 48. Don't know whether these numbers
235 * depend on the card. For now a constant.
237 #define CONTROL_SHIFT 6
240 * On my Combo CF/SM reader, the SM reader has LUN 1.
241 * (and things fail with LUN 0).
242 * It seems LUN is irrelevant for others.
245 #define LUNBITS (LUN << 5)
248 * LBA and PBA are unsigned ints. Special values.
250 #define UNDEF 0xffffffff
251 #define SPARE 0xfffffffe
252 #define UNUSABLE 0xfffffffd
254 static const int erase_bad_lba_entries = 0;
256 /* send vendor interface command (0x41) */
257 /* called for requests 0, 1, 8 */
259 sddr09_send_command(struct us_data *us,
260 unsigned char request,
261 unsigned char direction,
262 unsigned char *xfer_data,
263 unsigned int xfer_len) {
265 unsigned char requesttype = (0x41 | direction);
268 // Get the receive or send control pipe number
270 if (direction == USB_DIR_IN)
271 pipe = us->recv_ctrl_pipe;
273 pipe = us->send_ctrl_pipe;
275 rc = usb_stor_ctrl_transfer(us, pipe, request, requesttype,
276 0, 0, xfer_data, xfer_len);
278 case USB_STOR_XFER_GOOD: return 0;
279 case USB_STOR_XFER_STALLED: return -EPIPE;
280 default: return -EIO;
285 sddr09_send_scsi_command(struct us_data *us,
286 unsigned char *command,
287 unsigned int command_len) {
288 return sddr09_send_command(us, 0, USB_DIR_OUT, command, command_len);
293 * Test Unit Ready Command: 12 bytes.
297 sddr09_test_unit_ready(struct us_data *us) {
298 unsigned char *command = us->iobuf;
301 memset(command, 0, 6);
302 command[1] = LUNBITS;
304 result = sddr09_send_scsi_command(us, command, 6);
306 US_DEBUGP("sddr09_test_unit_ready returns %d\n", result);
313 * Request Sense Command: 12 bytes.
315 * byte 4: data length
318 sddr09_request_sense(struct us_data *us, unsigned char *sensebuf, int buflen) {
319 unsigned char *command = us->iobuf;
322 memset(command, 0, 12);
324 command[1] = LUNBITS;
327 result = sddr09_send_scsi_command(us, command, 12);
331 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
332 sensebuf, buflen, NULL);
333 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
337 * Read Command: 12 bytes.
339 * byte 1: last two bits: 00: read data, 01: read blockwise control,
340 * 10: read both, 11: read pagewise control.
341 * It turns out we need values 20, 21, 22, 23 here (LUN 1).
342 * bytes 2-5: address (interpretation depends on byte 1, see below)
343 * bytes 10-11: count (idem)
345 * A page has 512 data bytes and 64 control bytes (16 control and 48 junk).
346 * A read data command gets data in 512-byte pages.
347 * A read control command gets control in 64-byte chunks.
348 * A read both command gets data+control in 576-byte chunks.
350 * Blocks are groups of 32 pages, and read blockwise control jumps to the
351 * next block, while read pagewise control jumps to the next page after
352 * reading a group of 64 control bytes.
353 * [Here 512 = 1<<pageshift, 32 = 1<<blockshift, 64 is constant?]
355 * (1 MB and 2 MB cards are a bit different, but I have only a 16 MB card.)
359 sddr09_readX(struct us_data *us, int x, unsigned long fromaddress,
360 int nr_of_pages, int bulklen, unsigned char *buf,
363 unsigned char *command = us->iobuf;
367 command[1] = LUNBITS | x;
368 command[2] = MSB_of(fromaddress>>16);
369 command[3] = LSB_of(fromaddress>>16);
370 command[4] = MSB_of(fromaddress & 0xFFFF);
371 command[5] = LSB_of(fromaddress & 0xFFFF);
376 command[10] = MSB_of(nr_of_pages);
377 command[11] = LSB_of(nr_of_pages);
379 result = sddr09_send_scsi_command(us, command, 12);
382 US_DEBUGP("Result for send_control in sddr09_read2%d %d\n",
387 result = usb_stor_bulk_transfer_sg(us, us->recv_bulk_pipe,
388 buf, bulklen, use_sg, NULL);
390 if (result != USB_STOR_XFER_GOOD) {
391 US_DEBUGP("Result for bulk_transfer in sddr09_read2%d %d\n",
401 * fromaddress counts data shorts:
402 * increasing it by 256 shifts the bytestream by 512 bytes;
403 * the last 8 bits are ignored.
405 * nr_of_pages counts pages of size (1 << pageshift).
408 sddr09_read20(struct us_data *us, unsigned long fromaddress,
409 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
410 int bulklen = nr_of_pages << pageshift;
412 /* The last 8 bits of fromaddress are ignored. */
413 return sddr09_readX(us, 0, fromaddress, nr_of_pages, bulklen,
418 * Read Blockwise Control
420 * fromaddress gives the starting position (as in read data;
421 * the last 8 bits are ignored); increasing it by 32*256 shifts
422 * the output stream by 64 bytes.
424 * count counts control groups of size (1 << controlshift).
425 * For me, controlshift = 6. Is this constant?
427 * After getting one control group, jump to the next block
428 * (fromaddress += 8192).
431 sddr09_read21(struct us_data *us, unsigned long fromaddress,
432 int count, int controlshift, unsigned char *buf, int use_sg) {
434 int bulklen = (count << controlshift);
435 return sddr09_readX(us, 1, fromaddress, count, bulklen,
440 * Read both Data and Control
442 * fromaddress counts data shorts, ignoring control:
443 * increasing it by 256 shifts the bytestream by 576 = 512+64 bytes;
444 * the last 8 bits are ignored.
446 * nr_of_pages counts pages of size (1 << pageshift) + (1 << controlshift).
449 sddr09_read22(struct us_data *us, unsigned long fromaddress,
450 int nr_of_pages, int pageshift, unsigned char *buf, int use_sg) {
452 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
453 US_DEBUGP("sddr09_read22: reading %d pages, %d bytes\n",
454 nr_of_pages, bulklen);
455 return sddr09_readX(us, 2, fromaddress, nr_of_pages, bulklen,
461 * Read Pagewise Control
463 * fromaddress gives the starting position (as in read data;
464 * the last 8 bits are ignored); increasing it by 256 shifts
465 * the output stream by 64 bytes.
467 * count counts control groups of size (1 << controlshift).
468 * For me, controlshift = 6. Is this constant?
470 * After getting one control group, jump to the next page
471 * (fromaddress += 256).
474 sddr09_read23(struct us_data *us, unsigned long fromaddress,
475 int count, int controlshift, unsigned char *buf, int use_sg) {
477 int bulklen = (count << controlshift);
478 return sddr09_readX(us, 3, fromaddress, count, bulklen,
484 * Erase Command: 12 bytes.
486 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
488 * Always precisely one block is erased; bytes 2-5 and 10-11 are ignored.
489 * The byte address being erased is 2*Eaddress.
490 * The CIS cannot be erased.
493 sddr09_erase(struct us_data *us, unsigned long Eaddress) {
494 unsigned char *command = us->iobuf;
497 US_DEBUGP("sddr09_erase: erase address %lu\n", Eaddress);
499 memset(command, 0, 12);
501 command[1] = LUNBITS;
502 command[6] = MSB_of(Eaddress>>16);
503 command[7] = LSB_of(Eaddress>>16);
504 command[8] = MSB_of(Eaddress & 0xFFFF);
505 command[9] = LSB_of(Eaddress & 0xFFFF);
507 result = sddr09_send_scsi_command(us, command, 12);
510 US_DEBUGP("Result for send_control in sddr09_erase %d\n",
517 * Write CIS Command: 12 bytes.
519 * bytes 2-5: write address in shorts
520 * bytes 10-11: sector count
522 * This writes at the indicated address. Don't know how it differs
523 * from E9. Maybe it does not erase? However, it will also write to
526 * When two such commands on the same page follow each other directly,
527 * the second one is not done.
531 * Write Command: 12 bytes.
533 * bytes 2-5: write address (big-endian, counting shorts, sector aligned).
534 * bytes 6-9: erase address (big-endian, counting shorts, sector aligned).
535 * bytes 10-11: sector count (big-endian, in 512-byte sectors).
537 * If write address equals erase address, the erase is done first,
538 * otherwise the write is done first. When erase address equals zero
542 sddr09_writeX(struct us_data *us,
543 unsigned long Waddress, unsigned long Eaddress,
544 int nr_of_pages, int bulklen, unsigned char *buf, int use_sg) {
546 unsigned char *command = us->iobuf;
550 command[1] = LUNBITS;
552 command[2] = MSB_of(Waddress>>16);
553 command[3] = LSB_of(Waddress>>16);
554 command[4] = MSB_of(Waddress & 0xFFFF);
555 command[5] = LSB_of(Waddress & 0xFFFF);
557 command[6] = MSB_of(Eaddress>>16);
558 command[7] = LSB_of(Eaddress>>16);
559 command[8] = MSB_of(Eaddress & 0xFFFF);
560 command[9] = LSB_of(Eaddress & 0xFFFF);
562 command[10] = MSB_of(nr_of_pages);
563 command[11] = LSB_of(nr_of_pages);
565 result = sddr09_send_scsi_command(us, command, 12);
568 US_DEBUGP("Result for send_control in sddr09_writeX %d\n",
573 result = usb_stor_bulk_transfer_sg(us, us->send_bulk_pipe,
574 buf, bulklen, use_sg, NULL);
576 if (result != USB_STOR_XFER_GOOD) {
577 US_DEBUGP("Result for bulk_transfer in sddr09_writeX %d\n",
584 /* erase address, write same address */
586 sddr09_write_inplace(struct us_data *us, unsigned long address,
587 int nr_of_pages, int pageshift, unsigned char *buf,
589 int bulklen = (nr_of_pages << pageshift) + (nr_of_pages << CONTROL_SHIFT);
590 return sddr09_writeX(us, address, address, nr_of_pages, bulklen,
596 * Read Scatter Gather Command: 3+4n bytes.
599 * bytes 4i-1,4i,4i+1: page address
600 * byte 4i+2: page count
603 * This reads several pages from the card to a single memory buffer.
604 * The last two bits of byte 1 have the same meaning as for E8.
607 sddr09_read_sg_test_only(struct us_data *us) {
608 unsigned char *command = us->iobuf;
609 int result, bulklen, nsg, ct;
611 unsigned long address;
615 command[1] = LUNBITS;
617 address = 040000; ct = 1;
619 bulklen += (ct << 9);
620 command[4*nsg+2] = ct;
621 command[4*nsg+1] = ((address >> 9) & 0xFF);
622 command[4*nsg+0] = ((address >> 17) & 0xFF);
623 command[4*nsg-1] = ((address >> 25) & 0xFF);
625 address = 0340000; ct = 1;
627 bulklen += (ct << 9);
628 command[4*nsg+2] = ct;
629 command[4*nsg+1] = ((address >> 9) & 0xFF);
630 command[4*nsg+0] = ((address >> 17) & 0xFF);
631 command[4*nsg-1] = ((address >> 25) & 0xFF);
633 address = 01000000; ct = 2;
635 bulklen += (ct << 9);
636 command[4*nsg+2] = ct;
637 command[4*nsg+1] = ((address >> 9) & 0xFF);
638 command[4*nsg+0] = ((address >> 17) & 0xFF);
639 command[4*nsg-1] = ((address >> 25) & 0xFF);
643 result = sddr09_send_scsi_command(us, command, 4*nsg+3);
646 US_DEBUGP("Result for send_control in sddr09_read_sg %d\n",
651 buf = (unsigned char *) kmalloc(bulklen, GFP_NOIO);
655 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
658 if (result != USB_STOR_XFER_GOOD) {
659 US_DEBUGP("Result for bulk_transfer in sddr09_read_sg %d\n",
669 * Read Status Command: 12 bytes.
672 * Returns 64 bytes, all zero except for the first.
674 * bit 5: 1: Suspended
676 * bit 7: 1: Not write-protected
680 sddr09_read_status(struct us_data *us, unsigned char *status) {
682 unsigned char *command = us->iobuf;
683 unsigned char *data = us->iobuf;
686 US_DEBUGP("Reading status...\n");
688 memset(command, 0, 12);
690 command[1] = LUNBITS;
692 result = sddr09_send_scsi_command(us, command, 12);
696 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
699 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
703 sddr09_read_data(struct us_data *us,
704 unsigned long address,
705 unsigned int sectors) {
707 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
708 unsigned char *buffer;
709 unsigned int lba, maxlba, pba;
710 unsigned int page, pages;
711 unsigned int len, index, offset;
714 // Since we only read in one block at a time, we have to create
715 // a bounce buffer and move the data a piece at a time between the
716 // bounce buffer and the actual transfer buffer.
718 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
719 buffer = kmalloc(len, GFP_NOIO);
720 if (buffer == NULL) {
721 printk("sddr09_read_data: Out of memory\n");
725 // Figure out the initial LBA and page
726 lba = address >> info->blockshift;
727 page = (address & info->blockmask);
728 maxlba = info->capacity >> (info->pageshift + info->blockshift);
730 // This could be made much more efficient by checking for
731 // contiguous LBA's. Another exercise left to the student.
736 while (sectors > 0) {
738 /* Find number of pages we can read in this block */
739 pages = min(sectors, info->blocksize - page);
740 len = pages << info->pageshift;
742 /* Not overflowing capacity? */
744 US_DEBUGP("Error: Requested lba %u exceeds "
745 "maximum %u\n", lba, maxlba);
750 /* Find where this lba lives on disk */
751 pba = info->lba_to_pba[lba];
753 if (pba == UNDEF) { /* this lba was never written */
755 US_DEBUGP("Read %d zero pages (LBA %d) page %d\n",
758 /* This is not really an error. It just means
759 that the block has never been written.
760 Instead of returning an error
761 it is better to return all zero data. */
763 memset(buffer, 0, len);
766 US_DEBUGP("Read %d pages, from PBA %d"
767 " (LBA %d) page %d\n",
768 pages, pba, lba, page);
770 address = ((pba << info->blockshift) + page) <<
773 result = sddr09_read20(us, address>>1,
774 pages, info->pageshift, buffer, 0);
779 // Store the data in the transfer buffer
780 usb_stor_access_xfer_buf(buffer, len, us->srb,
781 &index, &offset, TO_XFER_BUF);
793 sddr09_find_unused_pba(struct sddr09_card_info *info, unsigned int lba) {
794 static unsigned int lastpba = 1;
795 int zonestart, end, i;
797 zonestart = (lba/1000) << 10;
798 end = info->capacity >> (info->blockshift + info->pageshift);
803 for (i = lastpba+1; i < end; i++) {
804 if (info->pba_to_lba[zonestart+i] == UNDEF) {
809 for (i = 0; i <= lastpba; i++) {
810 if (info->pba_to_lba[zonestart+i] == UNDEF) {
819 sddr09_write_lba(struct us_data *us, unsigned int lba,
820 unsigned int page, unsigned int pages,
821 unsigned char *ptr, unsigned char *blockbuffer) {
823 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
824 unsigned long address;
825 unsigned int pba, lbap;
826 unsigned int pagelen;
827 unsigned char *bptr, *cptr, *xptr;
828 unsigned char ecc[3];
829 int i, result, isnew;
831 lbap = ((lba % 1000) << 1) | 0x1000;
832 if (parity[MSB_of(lbap) ^ LSB_of(lbap)])
834 pba = info->lba_to_pba[lba];
838 pba = sddr09_find_unused_pba(info, lba);
840 printk("sddr09_write_lba: Out of unused blocks\n");
843 info->pba_to_lba[pba] = lba;
844 info->lba_to_pba[lba] = pba;
849 /* Maybe it is impossible to write to PBA 1.
850 Fake success, but don't do anything. */
851 printk("sddr09: avoid writing to pba 1\n");
855 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
857 /* read old contents */
858 address = (pba << (info->pageshift + info->blockshift));
859 result = sddr09_read22(us, address>>1, info->blocksize,
860 info->pageshift, blockbuffer, 0);
864 /* check old contents and fill lba */
865 for (i = 0; i < info->blocksize; i++) {
866 bptr = blockbuffer + i*pagelen;
867 cptr = bptr + info->pagesize;
868 nand_compute_ecc(bptr, ecc);
869 if (!nand_compare_ecc(cptr+13, ecc)) {
870 US_DEBUGP("Warning: bad ecc in page %d- of pba %d\n",
872 nand_store_ecc(cptr+13, ecc);
874 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
875 if (!nand_compare_ecc(cptr+8, ecc)) {
876 US_DEBUGP("Warning: bad ecc in page %d+ of pba %d\n",
878 nand_store_ecc(cptr+8, ecc);
880 cptr[6] = cptr[11] = MSB_of(lbap);
881 cptr[7] = cptr[12] = LSB_of(lbap);
884 /* copy in new stuff and compute ECC */
886 for (i = page; i < page+pages; i++) {
887 bptr = blockbuffer + i*pagelen;
888 cptr = bptr + info->pagesize;
889 memcpy(bptr, xptr, info->pagesize);
890 xptr += info->pagesize;
891 nand_compute_ecc(bptr, ecc);
892 nand_store_ecc(cptr+13, ecc);
893 nand_compute_ecc(bptr+(info->pagesize / 2), ecc);
894 nand_store_ecc(cptr+8, ecc);
897 US_DEBUGP("Rewrite PBA %d (LBA %d)\n", pba, lba);
899 result = sddr09_write_inplace(us, address>>1, info->blocksize,
900 info->pageshift, blockbuffer, 0);
902 US_DEBUGP("sddr09_write_inplace returns %d\n", result);
906 unsigned char status = 0;
907 int result2 = sddr09_read_status(us, &status);
909 US_DEBUGP("sddr09_write_inplace: cannot read status\n");
910 else if (status != 0xc0)
911 US_DEBUGP("sddr09_write_inplace: status after write: 0x%x\n",
918 int result2 = sddr09_test_unit_ready(us);
926 sddr09_write_data(struct us_data *us,
927 unsigned long address,
928 unsigned int sectors) {
930 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
931 unsigned int lba, page, pages;
932 unsigned int pagelen, blocklen;
933 unsigned char *blockbuffer;
934 unsigned char *buffer;
935 unsigned int len, index, offset;
938 // blockbuffer is used for reading in the old data, overwriting
939 // with the new data, and performing ECC calculations
941 /* TODO: instead of doing kmalloc/kfree for each write,
942 add a bufferpointer to the info structure */
944 pagelen = (1 << info->pageshift) + (1 << CONTROL_SHIFT);
945 blocklen = (pagelen << info->blockshift);
946 blockbuffer = kmalloc(blocklen, GFP_NOIO);
948 printk("sddr09_write_data: Out of memory\n");
952 // Since we don't write the user data directly to the device,
953 // we have to create a bounce buffer and move the data a piece
954 // at a time between the bounce buffer and the actual transfer buffer.
956 len = min(sectors, (unsigned int) info->blocksize) * info->pagesize;
957 buffer = kmalloc(len, GFP_NOIO);
958 if (buffer == NULL) {
959 printk("sddr09_write_data: Out of memory\n");
964 // Figure out the initial LBA and page
965 lba = address >> info->blockshift;
966 page = (address & info->blockmask);
971 while (sectors > 0) {
973 // Write as many sectors as possible in this block
975 pages = min(sectors, info->blocksize - page);
976 len = (pages << info->pageshift);
978 // Get the data from the transfer buffer
979 usb_stor_access_xfer_buf(buffer, len, us->srb,
980 &index, &offset, FROM_XFER_BUF);
982 result = sddr09_write_lba(us, lba, page, pages,
983 buffer, blockbuffer);
999 sddr09_read_control(struct us_data *us,
1000 unsigned long address,
1001 unsigned int blocks,
1002 unsigned char *content,
1005 US_DEBUGP("Read control address %lu, blocks %d\n",
1008 return sddr09_read21(us, address, blocks,
1009 CONTROL_SHIFT, content, use_sg);
1013 * Read Device ID Command: 12 bytes.
1014 * byte 0: opcode: ED
1016 * Returns 2 bytes: Manufacturer ID and Device ID.
1017 * On more recent cards 3 bytes: the third byte is an option code A5
1018 * signifying that the secret command to read an 128-bit ID is available.
1019 * On still more recent cards 4 bytes: the fourth byte C0 means that
1020 * a second read ID cmd is available.
1023 sddr09_read_deviceID(struct us_data *us, unsigned char *deviceID) {
1024 unsigned char *command = us->iobuf;
1025 unsigned char *content = us->iobuf;
1028 memset(command, 0, 12);
1030 command[1] = LUNBITS;
1032 result = sddr09_send_scsi_command(us, command, 12);
1036 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1039 for (i = 0; i < 4; i++)
1040 deviceID[i] = content[i];
1042 return (result == USB_STOR_XFER_GOOD ? 0 : -EIO);
1046 sddr09_get_wp(struct us_data *us, struct sddr09_card_info *info) {
1048 unsigned char status;
1050 result = sddr09_read_status(us, &status);
1052 US_DEBUGP("sddr09_get_wp: read_status fails\n");
1055 US_DEBUGP("sddr09_get_wp: status 0x%02X", status);
1056 if ((status & 0x80) == 0) {
1057 info->flags |= SDDR09_WP; /* write protected */
1061 US_DEBUGP(" Ready");
1062 if (status & LUNBITS)
1063 US_DEBUGP(" Suspended");
1065 US_DEBUGP(" Error");
1072 * Reset Command: 12 bytes.
1073 * byte 0: opcode: EB
1076 sddr09_reset(struct us_data *us) {
1078 unsigned char *command = us->iobuf;
1080 memset(command, 0, 12);
1082 command[1] = LUNBITS;
1084 return sddr09_send_scsi_command(us, command, 12);
1088 static struct nand_flash_dev *
1089 sddr09_get_cardinfo(struct us_data *us, unsigned char flags) {
1090 struct nand_flash_dev *cardinfo;
1091 unsigned char deviceID[4];
1095 US_DEBUGP("Reading capacity...\n");
1097 result = sddr09_read_deviceID(us, deviceID);
1100 US_DEBUGP("Result of read_deviceID is %d\n", result);
1101 printk("sddr09: could not read card info\n");
1105 sprintf(blurbtxt, "sddr09: Found Flash card, ID = %02X %02X %02X %02X",
1106 deviceID[0], deviceID[1], deviceID[2], deviceID[3]);
1108 /* Byte 0 is the manufacturer */
1109 sprintf(blurbtxt + strlen(blurbtxt),
1111 nand_flash_manufacturer(deviceID[0]));
1113 /* Byte 1 is the device type */
1114 cardinfo = nand_find_id(deviceID[1]);
1116 /* MB or MiB? It is neither. A 16 MB card has
1117 17301504 raw bytes, of which 16384000 are
1118 usable for user data. */
1119 sprintf(blurbtxt + strlen(blurbtxt),
1120 ", %d MB", 1<<(cardinfo->chipshift - 20));
1122 sprintf(blurbtxt + strlen(blurbtxt),
1123 ", type unrecognized");
1126 /* Byte 2 is code to signal availability of 128-bit ID */
1127 if (deviceID[2] == 0xa5) {
1128 sprintf(blurbtxt + strlen(blurbtxt),
1132 /* Byte 3 announces the availability of another read ID command */
1133 if (deviceID[3] == 0xc0) {
1134 sprintf(blurbtxt + strlen(blurbtxt),
1138 if (flags & SDDR09_WP)
1139 sprintf(blurbtxt + strlen(blurbtxt),
1142 printk("%s\n", blurbtxt);
1148 sddr09_read_map(struct us_data *us) {
1150 struct sddr09_card_info *info = (struct sddr09_card_info *) us->extra;
1151 int numblocks, alloc_len, alloc_blocks;
1153 unsigned char *buffer, *buffer_end, *ptr;
1154 unsigned int lba, lbact;
1156 if (!info->capacity)
1159 // size of a block is 1 << (blockshift + pageshift) bytes
1160 // divide into the total capacity to get the number of blocks
1162 numblocks = info->capacity >> (info->blockshift + info->pageshift);
1164 // read 64 bytes for every block (actually 1 << CONTROL_SHIFT)
1165 // but only use a 64 KB buffer
1166 // buffer size used must be a multiple of (1 << CONTROL_SHIFT)
1167 #define SDDR09_READ_MAP_BUFSZ 65536
1169 alloc_blocks = min(numblocks, SDDR09_READ_MAP_BUFSZ >> CONTROL_SHIFT);
1170 alloc_len = (alloc_blocks << CONTROL_SHIFT);
1171 buffer = kmalloc(alloc_len, GFP_NOIO);
1172 if (buffer == NULL) {
1173 printk("sddr09_read_map: out of memory\n");
1177 buffer_end = buffer + alloc_len;
1179 #undef SDDR09_READ_MAP_BUFSZ
1181 kfree(info->lba_to_pba);
1182 kfree(info->pba_to_lba);
1183 info->lba_to_pba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1184 info->pba_to_lba = kmalloc(numblocks*sizeof(int), GFP_NOIO);
1186 if (info->lba_to_pba == NULL || info->pba_to_lba == NULL) {
1187 printk("sddr09_read_map: out of memory\n");
1192 for (i = 0; i < numblocks; i++)
1193 info->lba_to_pba[i] = info->pba_to_lba[i] = UNDEF;
1196 * Define lba-pba translation table
1200 for (i = 0; i < numblocks; i++) {
1201 ptr += (1 << CONTROL_SHIFT);
1202 if (ptr >= buffer_end) {
1203 unsigned long address;
1205 address = i << (info->pageshift + info->blockshift);
1206 result = sddr09_read_control(
1208 min(alloc_blocks, numblocks - i),
1217 if (i == 0 || i == 1) {
1218 info->pba_to_lba[i] = UNUSABLE;
1222 /* special PBAs have control field 0^16 */
1223 for (j = 0; j < 16; j++)
1226 info->pba_to_lba[i] = UNUSABLE;
1227 printk("sddr09: PBA %d has no logical mapping\n", i);
1231 /* unwritten PBAs have control field FF^16 */
1232 for (j = 0; j < 16; j++)
1238 /* normal PBAs start with six FFs */
1240 printk("sddr09: PBA %d has no logical mapping: "
1241 "reserved area = %02X%02X%02X%02X "
1242 "data status %02X block status %02X\n",
1243 i, ptr[0], ptr[1], ptr[2], ptr[3],
1245 info->pba_to_lba[i] = UNUSABLE;
1249 if ((ptr[6] >> 4) != 0x01) {
1250 printk("sddr09: PBA %d has invalid address field "
1251 "%02X%02X/%02X%02X\n",
1252 i, ptr[6], ptr[7], ptr[11], ptr[12]);
1253 info->pba_to_lba[i] = UNUSABLE;
1257 /* check even parity */
1258 if (parity[ptr[6] ^ ptr[7]]) {
1259 printk("sddr09: Bad parity in LBA for block %d"
1260 " (%02X %02X)\n", i, ptr[6], ptr[7]);
1261 info->pba_to_lba[i] = UNUSABLE;
1265 lba = short_pack(ptr[7], ptr[6]);
1266 lba = (lba & 0x07FF) >> 1;
1269 * Every 1024 physical blocks ("zone"), the LBA numbers
1270 * go back to zero, but are within a higher block of LBA's.
1271 * Also, there is a maximum of 1000 LBA's per zone.
1272 * In other words, in PBA 1024-2047 you will find LBA 0-999
1273 * which are really LBA 1000-1999. This allows for 24 bad
1274 * or special physical blocks per zone.
1278 printk("sddr09: Bad low LBA %d for block %d\n",
1280 goto possibly_erase;
1283 lba += 1000*(i/0x400);
1285 if (info->lba_to_pba[lba] != UNDEF) {
1286 printk("sddr09: LBA %d seen for PBA %d and %d\n",
1287 lba, info->lba_to_pba[lba], i);
1288 goto possibly_erase;
1291 info->pba_to_lba[i] = lba;
1292 info->lba_to_pba[lba] = i;
1296 if (erase_bad_lba_entries) {
1297 unsigned long address;
1299 address = (i << (info->pageshift + info->blockshift));
1300 sddr09_erase(us, address>>1);
1301 info->pba_to_lba[i] = UNDEF;
1303 info->pba_to_lba[i] = UNUSABLE;
1307 * Approximate capacity. This is not entirely correct yet,
1308 * since a zone with less than 1000 usable pages leads to
1309 * missing LBAs. Especially if it is the last zone, some
1310 * LBAs can be past capacity.
1313 for (i = 0; i < numblocks; i += 1024) {
1316 for (j = 0; j < 1024 && i+j < numblocks; j++) {
1317 if (info->pba_to_lba[i+j] != UNUSABLE) {
1319 info->pba_to_lba[i+j] = SPARE;
1326 info->lbact = lbact;
1327 US_DEBUGP("Found %d LBA's\n", lbact);
1332 kfree(info->lba_to_pba);
1333 kfree(info->pba_to_lba);
1334 info->lba_to_pba = NULL;
1335 info->pba_to_lba = NULL;
1342 sddr09_card_info_destructor(void *extra) {
1343 struct sddr09_card_info *info = (struct sddr09_card_info *)extra;
1348 kfree(info->lba_to_pba);
1349 kfree(info->pba_to_lba);
1353 sddr09_common_init(struct us_data *us) {
1356 /* set the configuration -- STALL is an acceptable response here */
1357 if (us->pusb_dev->actconfig->desc.bConfigurationValue != 1) {
1358 US_DEBUGP("active config #%d != 1 ??\n", us->pusb_dev
1359 ->actconfig->desc.bConfigurationValue);
1363 result = usb_reset_configuration(us->pusb_dev);
1364 US_DEBUGP("Result of usb_reset_configuration is %d\n", result);
1365 if (result == -EPIPE) {
1366 US_DEBUGP("-- stall on control interface\n");
1367 } else if (result != 0) {
1368 /* it's not a stall, but another error -- time to bail */
1369 US_DEBUGP("-- Unknown error. Rejecting device\n");
1373 us->extra = kzalloc(sizeof(struct sddr09_card_info), GFP_NOIO);
1376 us->extra_destructor = sddr09_card_info_destructor;
1384 * This is needed at a very early stage. If this is not listed in the
1385 * unusual devices list but called from here then LUN 0 of the combo reader
1386 * is not recognized. But I do not know what precisely these calls do.
1389 usb_stor_sddr09_dpcm_init(struct us_data *us) {
1391 unsigned char *data = us->iobuf;
1393 result = sddr09_common_init(us);
1397 result = sddr09_send_command(us, 0x01, USB_DIR_IN, data, 2);
1399 US_DEBUGP("sddr09_init: send_command fails\n");
1403 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1406 result = sddr09_send_command(us, 0x08, USB_DIR_IN, data, 2);
1408 US_DEBUGP("sddr09_init: 2nd send_command fails\n");
1412 US_DEBUGP("SDDR09init: %02X %02X\n", data[0], data[1]);
1415 result = sddr09_request_sense(us, data, 18);
1416 if (result == 0 && data[2] != 0) {
1418 for (j=0; j<18; j++)
1419 printk(" %02X", data[j]);
1421 // get 70 00 00 00 00 00 00 * 00 00 00 00 00 00
1422 // 70: current command
1423 // sense key 0, sense code 0, extd sense code 0
1424 // additional transfer length * = sizeof(data) - 7
1425 // Or: 70 00 06 00 00 00 00 0b 00 00 00 00 28 00 00 00 00 00
1426 // sense key 06, sense code 28: unit attention,
1427 // not ready to ready transition
1432 return 0; /* not result */
1436 * Transport for the Sandisk SDDR-09
1438 int sddr09_transport(struct scsi_cmnd *srb, struct us_data *us)
1440 static unsigned char sensekey = 0, sensecode = 0;
1441 static unsigned char havefakesense = 0;
1443 unsigned char *ptr = us->iobuf;
1444 unsigned long capacity;
1445 unsigned int page, pages;
1447 struct sddr09_card_info *info;
1449 static unsigned char inquiry_response[8] = {
1450 0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
1453 /* note: no block descriptor support */
1454 static unsigned char mode_page_01[19] = {
1455 0x00, 0x0F, 0x00, 0x0, 0x0, 0x0, 0x00,
1457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1460 info = (struct sddr09_card_info *)us->extra;
1462 if (srb->cmnd[0] == REQUEST_SENSE && havefakesense) {
1463 /* for a faked command, we have to follow with a faked sense */
1468 ptr[12] = sensecode;
1469 usb_stor_set_xfer_buf(ptr, 18, srb);
1470 sensekey = sensecode = havefakesense = 0;
1471 return USB_STOR_TRANSPORT_GOOD;
1476 /* Dummy up a response for INQUIRY since SDDR09 doesn't
1477 respond to INQUIRY commands */
1479 if (srb->cmnd[0] == INQUIRY) {
1480 memcpy(ptr, inquiry_response, 8);
1481 fill_inquiry_response(us, ptr, 36);
1482 return USB_STOR_TRANSPORT_GOOD;
1485 if (srb->cmnd[0] == READ_CAPACITY) {
1486 struct nand_flash_dev *cardinfo;
1488 sddr09_get_wp(us, info); /* read WP bit */
1490 cardinfo = sddr09_get_cardinfo(us, info->flags);
1492 /* probably no media */
1494 sensekey = 0x02; /* not ready */
1495 sensecode = 0x3a; /* medium not present */
1496 return USB_STOR_TRANSPORT_FAILED;
1499 info->capacity = (1 << cardinfo->chipshift);
1500 info->pageshift = cardinfo->pageshift;
1501 info->pagesize = (1 << info->pageshift);
1502 info->blockshift = cardinfo->blockshift;
1503 info->blocksize = (1 << info->blockshift);
1504 info->blockmask = info->blocksize - 1;
1506 // map initialization, must follow get_cardinfo()
1507 if (sddr09_read_map(us)) {
1508 /* probably out of memory */
1514 capacity = (info->lbact << info->blockshift) - 1;
1516 ((__be32 *) ptr)[0] = cpu_to_be32(capacity);
1520 ((__be32 *) ptr)[1] = cpu_to_be32(info->pagesize);
1521 usb_stor_set_xfer_buf(ptr, 8, srb);
1523 return USB_STOR_TRANSPORT_GOOD;
1526 if (srb->cmnd[0] == MODE_SENSE_10) {
1527 int modepage = (srb->cmnd[2] & 0x3F);
1529 /* They ask for the Read/Write error recovery page,
1530 or for all pages. */
1531 /* %% We should check DBD %% */
1532 if (modepage == 0x01 || modepage == 0x3F) {
1533 US_DEBUGP("SDDR09: Dummy up request for "
1534 "mode page 0x%x\n", modepage);
1536 memcpy(ptr, mode_page_01, sizeof(mode_page_01));
1537 ((__be16*)ptr)[0] = cpu_to_be16(sizeof(mode_page_01) - 2);
1538 ptr[3] = (info->flags & SDDR09_WP) ? 0x80 : 0;
1539 usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
1540 return USB_STOR_TRANSPORT_GOOD;
1543 sensekey = 0x05; /* illegal request */
1544 sensecode = 0x24; /* invalid field in CDB */
1545 return USB_STOR_TRANSPORT_FAILED;
1548 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL)
1549 return USB_STOR_TRANSPORT_GOOD;
1553 if (srb->cmnd[0] == READ_10) {
1555 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1557 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1558 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1560 US_DEBUGP("READ_10: read page %d pagect %d\n",
1563 result = sddr09_read_data(us, page, pages);
1564 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1565 USB_STOR_TRANSPORT_ERROR);
1568 if (srb->cmnd[0] == WRITE_10) {
1570 page = short_pack(srb->cmnd[3], srb->cmnd[2]);
1572 page |= short_pack(srb->cmnd[5], srb->cmnd[4]);
1573 pages = short_pack(srb->cmnd[8], srb->cmnd[7]);
1575 US_DEBUGP("WRITE_10: write page %d pagect %d\n",
1578 result = sddr09_write_data(us, page, pages);
1579 return (result == 0 ? USB_STOR_TRANSPORT_GOOD :
1580 USB_STOR_TRANSPORT_ERROR);
1583 /* catch-all for all other commands, except
1584 * pass TEST_UNIT_READY and REQUEST_SENSE through
1586 if (srb->cmnd[0] != TEST_UNIT_READY &&
1587 srb->cmnd[0] != REQUEST_SENSE) {
1588 sensekey = 0x05; /* illegal request */
1589 sensecode = 0x20; /* invalid command */
1591 return USB_STOR_TRANSPORT_FAILED;
1594 for (; srb->cmd_len<12; srb->cmd_len++)
1595 srb->cmnd[srb->cmd_len] = 0;
1597 srb->cmnd[1] = LUNBITS;
1600 for (i=0; i<12; i++)
1601 sprintf(ptr+strlen(ptr), "%02X ", srb->cmnd[i]);
1603 US_DEBUGP("SDDR09: Send control for command %s\n", ptr);
1605 result = sddr09_send_scsi_command(us, srb->cmnd, 12);
1607 US_DEBUGP("sddr09_transport: sddr09_send_scsi_command "
1608 "returns %d\n", result);
1609 return USB_STOR_TRANSPORT_ERROR;
1612 if (srb->request_bufflen == 0)
1613 return USB_STOR_TRANSPORT_GOOD;
1615 if (srb->sc_data_direction == DMA_TO_DEVICE ||
1616 srb->sc_data_direction == DMA_FROM_DEVICE) {
1617 unsigned int pipe = (srb->sc_data_direction == DMA_TO_DEVICE)
1618 ? us->send_bulk_pipe : us->recv_bulk_pipe;
1620 US_DEBUGP("SDDR09: %s %d bytes\n",
1621 (srb->sc_data_direction == DMA_TO_DEVICE) ?
1622 "sending" : "receiving",
1623 srb->request_bufflen);
1625 result = usb_stor_bulk_transfer_sg(us, pipe,
1626 srb->request_buffer,
1627 srb->request_bufflen,
1628 srb->use_sg, &srb->resid);
1630 return (result == USB_STOR_XFER_GOOD ?
1631 USB_STOR_TRANSPORT_GOOD : USB_STOR_TRANSPORT_ERROR);
1634 return USB_STOR_TRANSPORT_GOOD;
1638 * Initialization routine for the sddr09 subdriver
1641 usb_stor_sddr09_init(struct us_data *us) {
1642 return sddr09_common_init(us);