Branch data Line data Source code
1 : : // SPDX-License-Identifier: GPL-2.0+
2 : : /*
3 : : * Driver for USB Mass Storage compliant devices
4 : : *
5 : : * Current development and maintenance by:
6 : : * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
7 : : *
8 : : * Developed with the assistance of:
9 : : * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10 : : * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
11 : : * (c) 2002 Alan Stern <stern@rowland.org>
12 : : *
13 : : * Initial work by:
14 : : * (c) 1999 Michael Gee (michael@linuxspecific.com)
15 : : *
16 : : * This driver is based on the 'USB Mass Storage Class' document. This
17 : : * describes in detail the protocol used to communicate with such
18 : : * devices. Clearly, the designers had SCSI and ATAPI commands in
19 : : * mind when they created this document. The commands are all very
20 : : * similar to commands in the SCSI-II and ATAPI specifications.
21 : : *
22 : : * It is important to note that in a number of cases this class
23 : : * exhibits class-specific exemptions from the USB specification.
24 : : * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 : : * that they are used to communicate wait, failed and OK on commands.
26 : : *
27 : : * Also, for certain devices, the interrupt endpoint is used to convey
28 : : * status of a command.
29 : : */
30 : :
31 : : #include <linux/sched.h>
32 : : #include <linux/gfp.h>
33 : : #include <linux/errno.h>
34 : : #include <linux/export.h>
35 : :
36 : : #include <linux/usb/quirks.h>
37 : :
38 : : #include <scsi/scsi.h>
39 : : #include <scsi/scsi_eh.h>
40 : : #include <scsi/scsi_device.h>
41 : :
42 : : #include "usb.h"
43 : : #include "transport.h"
44 : : #include "protocol.h"
45 : : #include "scsiglue.h"
46 : : #include "debug.h"
47 : :
48 : : #include <linux/blkdev.h>
49 : : #include "../../scsi/sd.h"
50 : :
51 : :
52 : : /***********************************************************************
53 : : * Data transfer routines
54 : : ***********************************************************************/
55 : :
56 : : /*
57 : : * This is subtle, so pay attention:
58 : : * ---------------------------------
59 : : * We're very concerned about races with a command abort. Hanging this code
60 : : * is a sure fire way to hang the kernel. (Note that this discussion applies
61 : : * only to transactions resulting from a scsi queued-command, since only
62 : : * these transactions are subject to a scsi abort. Other transactions, such
63 : : * as those occurring during device-specific initialization, must be handled
64 : : * by a separate code path.)
65 : : *
66 : : * The abort function (usb_storage_command_abort() in scsiglue.c) first
67 : : * sets the machine state and the ABORTING bit in us->dflags to prevent
68 : : * new URBs from being submitted. It then calls usb_stor_stop_transport()
69 : : * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags
70 : : * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE
71 : : * bit is tested to see if the current_sg scatter-gather request needs to be
72 : : * stopped. The timeout callback routine does much the same thing.
73 : : *
74 : : * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to
75 : : * prevent new URBs from being submitted, and usb_stor_stop_transport() is
76 : : * called to stop any ongoing requests.
77 : : *
78 : : * The submit function first verifies that the submitting is allowed
79 : : * (neither ABORTING nor DISCONNECTING bits are set) and that the submit
80 : : * completes without errors, and only then sets the URB_ACTIVE bit. This
81 : : * prevents the stop_transport() function from trying to cancel the URB
82 : : * while the submit call is underway. Next, the submit function must test
83 : : * the flags to see if an abort or disconnect occurred during the submission
84 : : * or before the URB_ACTIVE bit was set. If so, it's essential to cancel
85 : : * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit
86 : : * is still set). Either way, the function must then wait for the URB to
87 : : * finish. Note that the URB can still be in progress even after a call to
88 : : * usb_unlink_urb() returns.
89 : : *
90 : : * The idea is that (1) once the ABORTING or DISCONNECTING bit is set,
91 : : * either the stop_transport() function or the submitting function
92 : : * is guaranteed to call usb_unlink_urb() for an active URB,
93 : : * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being
94 : : * called more than once or from being called during usb_submit_urb().
95 : : */
96 : :
97 : : /*
98 : : * This is the completion handler which will wake us up when an URB
99 : : * completes.
100 : : */
101 : 0 : static void usb_stor_blocking_completion(struct urb *urb)
102 : : {
103 : 0 : struct completion *urb_done_ptr = urb->context;
104 : :
105 : 0 : complete(urb_done_ptr);
106 : 0 : }
107 : :
108 : : /*
109 : : * This is the common part of the URB message submission code
110 : : *
111 : : * All URBs from the usb-storage driver involved in handling a queued scsi
112 : : * command _must_ pass through this function (or something like it) for the
113 : : * abort mechanisms to work properly.
114 : : */
115 : 0 : static int usb_stor_msg_common(struct us_data *us, int timeout)
116 : : {
117 : 0 : struct completion urb_done;
118 : 0 : long timeleft;
119 : 0 : int status;
120 : :
121 : : /* don't submit URBs during abort processing */
122 [ # # ]: 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags))
123 : : return -EIO;
124 : :
125 : : /* set up data structures for the wakeup system */
126 : 0 : init_completion(&urb_done);
127 : :
128 : : /* fill the common fields in the URB */
129 : 0 : us->current_urb->context = &urb_done;
130 : 0 : us->current_urb->transfer_flags = 0;
131 : :
132 : : /*
133 : : * we assume that if transfer_buffer isn't us->iobuf then it
134 : : * hasn't been mapped for DMA. Yes, this is clunky, but it's
135 : : * easier than always having the caller tell us whether the
136 : : * transfer buffer has already been mapped.
137 : : */
138 [ # # ]: 0 : if (us->current_urb->transfer_buffer == us->iobuf)
139 : 0 : us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
140 : 0 : us->current_urb->transfer_dma = us->iobuf_dma;
141 : :
142 : : /* submit the URB */
143 : 0 : status = usb_submit_urb(us->current_urb, GFP_NOIO);
144 [ # # ]: 0 : if (status) {
145 : : /* something went wrong */
146 : : return status;
147 : : }
148 : :
149 : : /*
150 : : * since the URB has been submitted successfully, it's now okay
151 : : * to cancel it
152 : : */
153 : 0 : set_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
154 : :
155 : : /* did an abort occur during the submission? */
156 [ # # ]: 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
157 : :
158 : : /* cancel the URB, if it hasn't been cancelled already */
159 [ # # ]: 0 : if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
160 : 0 : usb_stor_dbg(us, "-- cancelling URB\n");
161 : 0 : usb_unlink_urb(us->current_urb);
162 : : }
163 : : }
164 : :
165 : : /* wait for the completion of the URB */
166 [ # # ]: 0 : timeleft = wait_for_completion_interruptible_timeout(
167 : : &urb_done, timeout ? : MAX_SCHEDULE_TIMEOUT);
168 : :
169 : 0 : clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
170 : :
171 [ # # ]: 0 : if (timeleft <= 0) {
172 : 0 : usb_stor_dbg(us, "%s -- cancelling URB\n",
173 : : timeleft == 0 ? "Timeout" : "Signal");
174 : 0 : usb_kill_urb(us->current_urb);
175 : : }
176 : :
177 : : /* return the URB status */
178 : 0 : return us->current_urb->status;
179 : : }
180 : :
181 : : /*
182 : : * Transfer one control message, with timeouts, and allowing early
183 : : * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx.
184 : : */
185 : 0 : int usb_stor_control_msg(struct us_data *us, unsigned int pipe,
186 : : u8 request, u8 requesttype, u16 value, u16 index,
187 : : void *data, u16 size, int timeout)
188 : : {
189 : 0 : int status;
190 : :
191 : 0 : usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
192 : : request, requesttype, value, index, size);
193 : :
194 : : /* fill in the devrequest structure */
195 : 0 : us->cr->bRequestType = requesttype;
196 : 0 : us->cr->bRequest = request;
197 : 0 : us->cr->wValue = cpu_to_le16(value);
198 : 0 : us->cr->wIndex = cpu_to_le16(index);
199 : 0 : us->cr->wLength = cpu_to_le16(size);
200 : :
201 : : /* fill and submit the URB */
202 : 0 : usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe,
203 : 0 : (unsigned char*) us->cr, data, size,
204 : : usb_stor_blocking_completion, NULL);
205 : 0 : status = usb_stor_msg_common(us, timeout);
206 : :
207 : : /* return the actual length of the data transferred if no error */
208 [ # # ]: 0 : if (status == 0)
209 : 0 : status = us->current_urb->actual_length;
210 : 0 : return status;
211 : : }
212 : : EXPORT_SYMBOL_GPL(usb_stor_control_msg);
213 : :
214 : : /*
215 : : * This is a version of usb_clear_halt() that allows early termination and
216 : : * doesn't read the status from the device -- this is because some devices
217 : : * crash their internal firmware when the status is requested after a halt.
218 : : *
219 : : * A definitive list of these 'bad' devices is too difficult to maintain or
220 : : * make complete enough to be useful. This problem was first observed on the
221 : : * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither
222 : : * MacOS nor Windows checks the status after clearing a halt.
223 : : *
224 : : * Since many vendors in this space limit their testing to interoperability
225 : : * with these two OSes, specification violations like this one are common.
226 : : */
227 : 0 : int usb_stor_clear_halt(struct us_data *us, unsigned int pipe)
228 : : {
229 : 0 : int result;
230 : 0 : int endp = usb_pipeendpoint(pipe);
231 : :
232 [ # # ]: 0 : if (usb_pipein (pipe))
233 : 0 : endp |= USB_DIR_IN;
234 : :
235 : 0 : result = usb_stor_control_msg(us, us->send_ctrl_pipe,
236 : : USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT,
237 : : USB_ENDPOINT_HALT, endp,
238 : : NULL, 0, 3*HZ);
239 : :
240 [ # # ]: 0 : if (result >= 0)
241 : 0 : usb_reset_endpoint(us->pusb_dev, endp);
242 : :
243 : 0 : usb_stor_dbg(us, "result = %d\n", result);
244 : 0 : return result;
245 : : }
246 : : EXPORT_SYMBOL_GPL(usb_stor_clear_halt);
247 : :
248 : :
249 : : /*
250 : : * Interpret the results of a URB transfer
251 : : *
252 : : * This function prints appropriate debugging messages, clears halts on
253 : : * non-control endpoints, and translates the status to the corresponding
254 : : * USB_STOR_XFER_xxx return code.
255 : : */
256 : 0 : static int interpret_urb_result(struct us_data *us, unsigned int pipe,
257 : : unsigned int length, int result, unsigned int partial)
258 : : {
259 : 0 : usb_stor_dbg(us, "Status code %d; transferred %u/%u\n",
260 : : result, partial, length);
261 [ # # # # : 0 : switch (result) {
# # # ]
262 : :
263 : : /* no error code; did we send all the data? */
264 : 0 : case 0:
265 [ # # ]: 0 : if (partial != length) {
266 : 0 : usb_stor_dbg(us, "-- short transfer\n");
267 : 0 : return USB_STOR_XFER_SHORT;
268 : : }
269 : :
270 : : usb_stor_dbg(us, "-- transfer complete\n");
271 : : return USB_STOR_XFER_GOOD;
272 : :
273 : : /* stalled */
274 : 0 : case -EPIPE:
275 : : /*
276 : : * for control endpoints, (used by CB[I]) a stall indicates
277 : : * a failed command
278 : : */
279 [ # # ]: 0 : if (usb_pipecontrol(pipe)) {
280 : : usb_stor_dbg(us, "-- stall on control pipe\n");
281 : : return USB_STOR_XFER_STALLED;
282 : : }
283 : :
284 : : /* for other sorts of endpoint, clear the stall */
285 : 0 : usb_stor_dbg(us, "clearing endpoint halt for pipe 0x%x\n",
286 : : pipe);
287 [ # # ]: 0 : if (usb_stor_clear_halt(us, pipe) < 0)
288 : 0 : return USB_STOR_XFER_ERROR;
289 : : return USB_STOR_XFER_STALLED;
290 : :
291 : : /* babble - the device tried to send more than we wanted to read */
292 : : case -EOVERFLOW:
293 : : usb_stor_dbg(us, "-- babble\n");
294 : : return USB_STOR_XFER_LONG;
295 : :
296 : : /* the transfer was cancelled by abort, disconnect, or timeout */
297 : : case -ECONNRESET:
298 : 0 : usb_stor_dbg(us, "-- transfer cancelled\n");
299 : 0 : return USB_STOR_XFER_ERROR;
300 : :
301 : : /* short scatter-gather read transfer */
302 : : case -EREMOTEIO:
303 : 0 : usb_stor_dbg(us, "-- short read transfer\n");
304 : 0 : return USB_STOR_XFER_SHORT;
305 : :
306 : : /* abort or disconnect in progress */
307 : : case -EIO:
308 : 0 : usb_stor_dbg(us, "-- abort or disconnect in progress\n");
309 : 0 : return USB_STOR_XFER_ERROR;
310 : :
311 : : /* the catch-all error case */
312 : : default:
313 : 0 : usb_stor_dbg(us, "-- unknown error\n");
314 : 0 : return USB_STOR_XFER_ERROR;
315 : : }
316 : : }
317 : :
318 : : /*
319 : : * Transfer one control message, without timeouts, but allowing early
320 : : * termination. Return codes are USB_STOR_XFER_xxx.
321 : : */
322 : 0 : int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe,
323 : : u8 request, u8 requesttype, u16 value, u16 index,
324 : : void *data, u16 size)
325 : : {
326 : 0 : int result;
327 : :
328 : 0 : usb_stor_dbg(us, "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
329 : : request, requesttype, value, index, size);
330 : :
331 : : /* fill in the devrequest structure */
332 : 0 : us->cr->bRequestType = requesttype;
333 : 0 : us->cr->bRequest = request;
334 : 0 : us->cr->wValue = cpu_to_le16(value);
335 : 0 : us->cr->wIndex = cpu_to_le16(index);
336 : 0 : us->cr->wLength = cpu_to_le16(size);
337 : :
338 : : /* fill and submit the URB */
339 : 0 : usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe,
340 : 0 : (unsigned char*) us->cr, data, size,
341 : : usb_stor_blocking_completion, NULL);
342 : 0 : result = usb_stor_msg_common(us, 0);
343 : :
344 : 0 : return interpret_urb_result(us, pipe, size, result,
345 : 0 : us->current_urb->actual_length);
346 : : }
347 : : EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer);
348 : :
349 : : /*
350 : : * Receive one interrupt buffer, without timeouts, but allowing early
351 : : * termination. Return codes are USB_STOR_XFER_xxx.
352 : : *
353 : : * This routine always uses us->recv_intr_pipe as the pipe and
354 : : * us->ep_bInterval as the interrupt interval.
355 : : */
356 : 0 : static int usb_stor_intr_transfer(struct us_data *us, void *buf,
357 : : unsigned int length)
358 : : {
359 : 0 : int result;
360 : 0 : unsigned int pipe = us->recv_intr_pipe;
361 : 0 : unsigned int maxp;
362 : :
363 : 0 : usb_stor_dbg(us, "xfer %u bytes\n", length);
364 : :
365 : : /* calculate the max packet size */
366 : 0 : maxp = usb_maxpacket(us->pusb_dev, pipe, usb_pipeout(pipe));
367 : 0 : if (maxp > length)
368 : : maxp = length;
369 : :
370 : : /* fill and submit the URB */
371 : 0 : usb_fill_int_urb(us->current_urb, us->pusb_dev, pipe, buf,
372 : : maxp, usb_stor_blocking_completion, NULL,
373 [ # # ]: 0 : us->ep_bInterval);
374 : 0 : result = usb_stor_msg_common(us, 0);
375 : :
376 : 0 : return interpret_urb_result(us, pipe, length, result,
377 : 0 : us->current_urb->actual_length);
378 : : }
379 : :
380 : : /*
381 : : * Transfer one buffer via bulk pipe, without timeouts, but allowing early
382 : : * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe
383 : : * stalls during the transfer, the halt is automatically cleared.
384 : : */
385 : 0 : int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe,
386 : : void *buf, unsigned int length, unsigned int *act_len)
387 : : {
388 : 0 : int result;
389 : :
390 : 0 : usb_stor_dbg(us, "xfer %u bytes\n", length);
391 : :
392 : : /* fill and submit the URB */
393 : 0 : usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, buf, length,
394 : : usb_stor_blocking_completion, NULL);
395 : 0 : result = usb_stor_msg_common(us, 0);
396 : :
397 : : /* store the actual length of the data transferred */
398 [ # # ]: 0 : if (act_len)
399 : 0 : *act_len = us->current_urb->actual_length;
400 : 0 : return interpret_urb_result(us, pipe, length, result,
401 : 0 : us->current_urb->actual_length);
402 : : }
403 : : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf);
404 : :
405 : : /*
406 : : * Transfer a scatter-gather list via bulk transfer
407 : : *
408 : : * This function does basically the same thing as usb_stor_bulk_transfer_buf()
409 : : * above, but it uses the usbcore scatter-gather library.
410 : : */
411 : 0 : static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe,
412 : : struct scatterlist *sg, int num_sg, unsigned int length,
413 : : unsigned int *act_len)
414 : : {
415 : 0 : int result;
416 : :
417 : : /* don't submit s-g requests during abort processing */
418 [ # # ]: 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags))
419 : : return USB_STOR_XFER_ERROR;
420 : :
421 : : /* initialize the scatter-gather request block */
422 : 0 : usb_stor_dbg(us, "xfer %u bytes, %d entries\n", length, num_sg);
423 : 0 : result = usb_sg_init(&us->current_sg, us->pusb_dev, pipe, 0,
424 : : sg, num_sg, length, GFP_NOIO);
425 [ # # ]: 0 : if (result) {
426 : : usb_stor_dbg(us, "usb_sg_init returned %d\n", result);
427 : : return USB_STOR_XFER_ERROR;
428 : : }
429 : :
430 : : /*
431 : : * since the block has been initialized successfully, it's now
432 : : * okay to cancel it
433 : : */
434 : 0 : set_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
435 : :
436 : : /* did an abort occur during the submission? */
437 [ # # ]: 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
438 : :
439 : : /* cancel the request, if it hasn't been cancelled already */
440 [ # # ]: 0 : if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
441 : 0 : usb_stor_dbg(us, "-- cancelling sg request\n");
442 : 0 : usb_sg_cancel(&us->current_sg);
443 : : }
444 : : }
445 : :
446 : : /* wait for the completion of the transfer */
447 : 0 : usb_sg_wait(&us->current_sg);
448 : 0 : clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
449 : :
450 : 0 : result = us->current_sg.status;
451 [ # # ]: 0 : if (act_len)
452 : 0 : *act_len = us->current_sg.bytes;
453 : 0 : return interpret_urb_result(us, pipe, length, result,
454 : 0 : us->current_sg.bytes);
455 : : }
456 : :
457 : : /*
458 : : * Common used function. Transfer a complete command
459 : : * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid
460 : : */
461 : 0 : int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe,
462 : : struct scsi_cmnd* srb)
463 : : {
464 : 0 : unsigned int partial;
465 : 0 : int result = usb_stor_bulk_transfer_sglist(us, pipe, scsi_sglist(srb),
466 : : scsi_sg_count(srb), scsi_bufflen(srb),
467 : : &partial);
468 : :
469 : 0 : scsi_set_resid(srb, scsi_bufflen(srb) - partial);
470 : 0 : return result;
471 : : }
472 : : EXPORT_SYMBOL_GPL(usb_stor_bulk_srb);
473 : :
474 : : /*
475 : : * Transfer an entire SCSI command's worth of data payload over the bulk
476 : : * pipe.
477 : : *
478 : : * Note that this uses usb_stor_bulk_transfer_buf() and
479 : : * usb_stor_bulk_transfer_sglist() to achieve its goals --
480 : : * this function simply determines whether we're going to use
481 : : * scatter-gather or not, and acts appropriately.
482 : : */
483 : 0 : int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe,
484 : : void *buf, unsigned int length_left, int use_sg, int *residual)
485 : : {
486 : 0 : int result;
487 : 0 : unsigned int partial;
488 : :
489 : : /* are we scatter-gathering? */
490 [ # # ]: 0 : if (use_sg) {
491 : : /* use the usb core scatter-gather primitives */
492 : 0 : result = usb_stor_bulk_transfer_sglist(us, pipe,
493 : : (struct scatterlist *) buf, use_sg,
494 : : length_left, &partial);
495 : 0 : length_left -= partial;
496 : : } else {
497 : : /* no scatter-gather, just make the request */
498 : 0 : result = usb_stor_bulk_transfer_buf(us, pipe, buf,
499 : : length_left, &partial);
500 : 0 : length_left -= partial;
501 : : }
502 : :
503 : : /* store the residual and return the error code */
504 [ # # ]: 0 : if (residual)
505 : 0 : *residual = length_left;
506 : 0 : return result;
507 : : }
508 : : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg);
509 : :
510 : : /***********************************************************************
511 : : * Transport routines
512 : : ***********************************************************************/
513 : :
514 : : /*
515 : : * There are so many devices that report the capacity incorrectly,
516 : : * this routine was written to counteract some of the resulting
517 : : * problems.
518 : : */
519 : : static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb)
520 : : {
521 : : struct gendisk *disk;
522 : : struct scsi_disk *sdkp;
523 : : u32 sector;
524 : :
525 : : /* To Report "Medium Error: Record Not Found */
526 : : static unsigned char record_not_found[18] = {
527 : : [0] = 0x70, /* current error */
528 : : [2] = MEDIUM_ERROR, /* = 0x03 */
529 : : [7] = 0x0a, /* additional length */
530 : : [12] = 0x14 /* Record Not Found */
531 : : };
532 : :
533 : : /*
534 : : * If last-sector problems can't occur, whether because the
535 : : * capacity was already decremented or because the device is
536 : : * known to report the correct capacity, then we don't need
537 : : * to do anything.
538 : : */
539 : : if (!us->use_last_sector_hacks)
540 : : return;
541 : :
542 : : /* Was this command a READ(10) or a WRITE(10)? */
543 : : if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10)
544 : : goto done;
545 : :
546 : : /* Did this command access the last sector? */
547 : : sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) |
548 : : (srb->cmnd[4] << 8) | (srb->cmnd[5]);
549 : : disk = srb->request->rq_disk;
550 : : if (!disk)
551 : : goto done;
552 : : sdkp = scsi_disk(disk);
553 : : if (!sdkp)
554 : : goto done;
555 : : if (sector + 1 != sdkp->capacity)
556 : : goto done;
557 : :
558 : : if (srb->result == SAM_STAT_GOOD && scsi_get_resid(srb) == 0) {
559 : :
560 : : /*
561 : : * The command succeeded. We know this device doesn't
562 : : * have the last-sector bug, so stop checking it.
563 : : */
564 : : us->use_last_sector_hacks = 0;
565 : :
566 : : } else {
567 : : /*
568 : : * The command failed. Allow up to 3 retries in case this
569 : : * is some normal sort of failure. After that, assume the
570 : : * capacity is wrong and we're trying to access the sector
571 : : * beyond the end. Replace the result code and sense data
572 : : * with values that will cause the SCSI core to fail the
573 : : * command immediately, instead of going into an infinite
574 : : * (or even just a very long) retry loop.
575 : : */
576 : : if (++us->last_sector_retries < 3)
577 : : return;
578 : : srb->result = SAM_STAT_CHECK_CONDITION;
579 : : memcpy(srb->sense_buffer, record_not_found,
580 : : sizeof(record_not_found));
581 : : }
582 : :
583 : : done:
584 : : /*
585 : : * Don't reset the retry counter for TEST UNIT READY commands,
586 : : * because they get issued after device resets which might be
587 : : * caused by a failed last-sector access.
588 : : */
589 : : if (srb->cmnd[0] != TEST_UNIT_READY)
590 : : us->last_sector_retries = 0;
591 : : }
592 : :
593 : : /*
594 : : * Invoke the transport and basic error-handling/recovery methods
595 : : *
596 : : * This is used by the protocol layers to actually send the message to
597 : : * the device and receive the response.
598 : : */
599 : 0 : void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us)
600 : : {
601 : 0 : int need_auto_sense;
602 : 0 : int result;
603 : :
604 : : /* send the command to the transport layer */
605 : 0 : scsi_set_resid(srb, 0);
606 : 0 : result = us->transport(srb, us);
607 : :
608 : : /*
609 : : * if the command gets aborted by the higher layers, we need to
610 : : * short-circuit all other processing
611 : : */
612 [ # # ]: 0 : if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
613 : 0 : usb_stor_dbg(us, "-- command was aborted\n");
614 : 0 : srb->result = DID_ABORT << 16;
615 : 0 : goto Handle_Errors;
616 : : }
617 : :
618 : : /* if there is a transport error, reset and don't auto-sense */
619 [ # # ]: 0 : if (result == USB_STOR_TRANSPORT_ERROR) {
620 : 0 : usb_stor_dbg(us, "-- transport indicates error, resetting\n");
621 : 0 : srb->result = DID_ERROR << 16;
622 : 0 : goto Handle_Errors;
623 : : }
624 : :
625 : : /* if the transport provided its own sense data, don't auto-sense */
626 [ # # ]: 0 : if (result == USB_STOR_TRANSPORT_NO_SENSE) {
627 : 0 : srb->result = SAM_STAT_CHECK_CONDITION;
628 : 0 : last_sector_hacks(us, srb);
629 : 0 : return;
630 : : }
631 : :
632 : 0 : srb->result = SAM_STAT_GOOD;
633 : :
634 : : /*
635 : : * Determine if we need to auto-sense
636 : : *
637 : : * I normally don't use a flag like this, but it's almost impossible
638 : : * to understand what's going on here if I don't.
639 : : */
640 : 0 : need_auto_sense = 0;
641 : :
642 : : /*
643 : : * If we're running the CB transport, which is incapable
644 : : * of determining status on its own, we will auto-sense
645 : : * unless the operation involved a data-in transfer. Devices
646 : : * can signal most data-in errors by stalling the bulk-in pipe.
647 : : */
648 [ # # ]: 0 : if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_DPCM_USB) &&
649 [ # # ]: 0 : srb->sc_data_direction != DMA_FROM_DEVICE) {
650 : 0 : usb_stor_dbg(us, "-- CB transport device requiring auto-sense\n");
651 : 0 : need_auto_sense = 1;
652 : : }
653 : :
654 : : /*
655 : : * If we have a failure, we're going to do a REQUEST_SENSE
656 : : * automatically. Note that we differentiate between a command
657 : : * "failure" and an "error" in the transport mechanism.
658 : : */
659 [ # # ]: 0 : if (result == USB_STOR_TRANSPORT_FAILED) {
660 : 0 : usb_stor_dbg(us, "-- transport indicates command failure\n");
661 : 0 : need_auto_sense = 1;
662 : : }
663 : :
664 : : /*
665 : : * Determine if this device is SAT by seeing if the
666 : : * command executed successfully. Otherwise we'll have
667 : : * to wait for at least one CHECK_CONDITION to determine
668 : : * SANE_SENSE support
669 : : */
670 [ # # # # : 0 : if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) &&
# # # # ]
671 : : result == USB_STOR_TRANSPORT_GOOD &&
672 : : !(us->fflags & US_FL_SANE_SENSE) &&
673 : : !(us->fflags & US_FL_BAD_SENSE) &&
674 : : !(srb->cmnd[2] & 0x20))) {
675 : 0 : usb_stor_dbg(us, "-- SAT supported, increasing auto-sense\n");
676 : 0 : us->fflags |= US_FL_SANE_SENSE;
677 : : }
678 : :
679 : : /*
680 : : * A short transfer on a command where we don't expect it
681 : : * is unusual, but it doesn't mean we need to auto-sense.
682 : : */
683 [ # # ]: 0 : if ((scsi_get_resid(srb) > 0) &&
684 : : !((srb->cmnd[0] == REQUEST_SENSE) ||
685 : : (srb->cmnd[0] == INQUIRY) ||
686 : : (srb->cmnd[0] == MODE_SENSE) ||
687 : : (srb->cmnd[0] == LOG_SENSE) ||
688 : : (srb->cmnd[0] == MODE_SENSE_10))) {
689 : 0 : usb_stor_dbg(us, "-- unexpectedly short transfer\n");
690 : : }
691 : :
692 : : /* Now, if we need to do the auto-sense, let's do it */
693 [ # # ]: 0 : if (need_auto_sense) {
694 : 0 : int temp_result;
695 : 0 : struct scsi_eh_save ses;
696 : 0 : int sense_size = US_SENSE_SIZE;
697 : 0 : struct scsi_sense_hdr sshdr;
698 : 0 : const u8 *scdd;
699 : 0 : u8 fm_ili;
700 : :
701 : : /* device supports and needs bigger sense buffer */
702 [ # # ]: 0 : if (us->fflags & US_FL_SANE_SENSE)
703 : 0 : sense_size = ~0;
704 : 0 : Retry_Sense:
705 : 0 : usb_stor_dbg(us, "Issuing auto-REQUEST_SENSE\n");
706 : :
707 : 0 : scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sense_size);
708 : :
709 : : /* FIXME: we must do the protocol translation here */
710 [ # # # # ]: 0 : if (us->subclass == USB_SC_RBC || us->subclass == USB_SC_SCSI ||
711 : : us->subclass == USB_SC_CYP_ATACB)
712 : 0 : srb->cmd_len = 6;
713 : : else
714 : 0 : srb->cmd_len = 12;
715 : :
716 : : /* issue the auto-sense command */
717 : 0 : scsi_set_resid(srb, 0);
718 : 0 : temp_result = us->transport(us->srb, us);
719 : :
720 : : /* let's clean up right away */
721 : 0 : scsi_eh_restore_cmnd(srb, &ses);
722 : :
723 [ # # ]: 0 : if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
724 : 0 : usb_stor_dbg(us, "-- auto-sense aborted\n");
725 : 0 : srb->result = DID_ABORT << 16;
726 : :
727 : : /* If SANE_SENSE caused this problem, disable it */
728 [ # # ]: 0 : if (sense_size != US_SENSE_SIZE) {
729 : 0 : us->fflags &= ~US_FL_SANE_SENSE;
730 : 0 : us->fflags |= US_FL_BAD_SENSE;
731 : : }
732 : 0 : goto Handle_Errors;
733 : : }
734 : :
735 : : /*
736 : : * Some devices claim to support larger sense but fail when
737 : : * trying to request it. When a transport failure happens
738 : : * using US_FS_SANE_SENSE, we always retry with a standard
739 : : * (small) sense request. This fixes some USB GSM modems
740 : : */
741 : 0 : if (temp_result == USB_STOR_TRANSPORT_FAILED &&
742 [ # # ]: 0 : sense_size != US_SENSE_SIZE) {
743 : 0 : usb_stor_dbg(us, "-- auto-sense failure, retry small sense\n");
744 : 0 : sense_size = US_SENSE_SIZE;
745 : 0 : us->fflags &= ~US_FL_SANE_SENSE;
746 : 0 : us->fflags |= US_FL_BAD_SENSE;
747 : 0 : goto Retry_Sense;
748 : : }
749 : :
750 : : /* Other failures */
751 [ # # ]: 0 : if (temp_result != USB_STOR_TRANSPORT_GOOD) {
752 : 0 : usb_stor_dbg(us, "-- auto-sense failure\n");
753 : :
754 : : /*
755 : : * we skip the reset if this happens to be a
756 : : * multi-target device, since failure of an
757 : : * auto-sense is perfectly valid
758 : : */
759 : 0 : srb->result = DID_ERROR << 16;
760 [ # # ]: 0 : if (!(us->fflags & US_FL_SCM_MULT_TARG))
761 : 0 : goto Handle_Errors;
762 : 0 : return;
763 : : }
764 : :
765 : : /*
766 : : * If the sense data returned is larger than 18-bytes then we
767 : : * assume this device supports requesting more in the future.
768 : : * The response code must be 70h through 73h inclusive.
769 : : */
770 [ # # ]: 0 : if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) &&
771 [ # # ]: 0 : !(us->fflags & US_FL_SANE_SENSE) &&
772 : 0 : !(us->fflags & US_FL_BAD_SENSE) &&
773 [ # # ]: 0 : (srb->sense_buffer[0] & 0x7C) == 0x70) {
774 : 0 : usb_stor_dbg(us, "-- SANE_SENSE support enabled\n");
775 : 0 : us->fflags |= US_FL_SANE_SENSE;
776 : :
777 : : /*
778 : : * Indicate to the user that we truncated their sense
779 : : * because we didn't know it supported larger sense.
780 : : */
781 : 0 : usb_stor_dbg(us, "-- Sense data truncated to %i from %i\n",
782 : : US_SENSE_SIZE,
783 : : srb->sense_buffer[7] + 8);
784 : 0 : srb->sense_buffer[7] = (US_SENSE_SIZE - 8);
785 : : }
786 : :
787 : 0 : scsi_normalize_sense(srb->sense_buffer, SCSI_SENSE_BUFFERSIZE,
788 : : &sshdr);
789 : :
790 : 0 : usb_stor_dbg(us, "-- Result from auto-sense is %d\n",
791 : : temp_result);
792 : 0 : usb_stor_dbg(us, "-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
793 : : sshdr.response_code, sshdr.sense_key,
794 : : sshdr.asc, sshdr.ascq);
795 : : #ifdef CONFIG_USB_STORAGE_DEBUG
796 : : usb_stor_show_sense(us, sshdr.sense_key, sshdr.asc, sshdr.ascq);
797 : : #endif
798 : :
799 : : /* set the result so the higher layers expect this data */
800 : 0 : srb->result = SAM_STAT_CHECK_CONDITION;
801 : :
802 : 0 : scdd = scsi_sense_desc_find(srb->sense_buffer,
803 : : SCSI_SENSE_BUFFERSIZE, 4);
804 [ # # ]: 0 : fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0;
805 : :
806 : : /*
807 : : * We often get empty sense data. This could indicate that
808 : : * everything worked or that there was an unspecified
809 : : * problem. We have to decide which.
810 : : */
811 [ # # # # : 0 : if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 &&
# # ]
812 : : fm_ili == 0) {
813 : : /*
814 : : * If things are really okay, then let's show that.
815 : : * Zero out the sense buffer so the higher layers
816 : : * won't realize we did an unsolicited auto-sense.
817 : : */
818 [ # # ]: 0 : if (result == USB_STOR_TRANSPORT_GOOD) {
819 : 0 : srb->result = SAM_STAT_GOOD;
820 : 0 : srb->sense_buffer[0] = 0x0;
821 : : }
822 : :
823 : : /*
824 : : * ATA-passthru commands use sense data to report
825 : : * the command completion status, and often devices
826 : : * return Check Condition status when nothing is
827 : : * wrong.
828 : : */
829 [ # # ]: 0 : else if (srb->cmnd[0] == ATA_16 ||
830 : : srb->cmnd[0] == ATA_12) {
831 : : /* leave the data alone */
832 : : }
833 : :
834 : : /*
835 : : * If there was a problem, report an unspecified
836 : : * hardware error to prevent the higher layers from
837 : : * entering an infinite retry loop.
838 : : */
839 : : else {
840 : 0 : srb->result = DID_ERROR << 16;
841 [ # # ]: 0 : if ((sshdr.response_code & 0x72) == 0x72)
842 : 0 : srb->sense_buffer[1] = HARDWARE_ERROR;
843 : : else
844 : 0 : srb->sense_buffer[2] = HARDWARE_ERROR;
845 : : }
846 : : }
847 : : }
848 : :
849 : : /*
850 : : * Some devices don't work or return incorrect data the first
851 : : * time they get a READ(10) command, or for the first READ(10)
852 : : * after a media change. If the INITIAL_READ10 flag is set,
853 : : * keep track of whether READ(10) commands succeed. If the
854 : : * previous one succeeded and this one failed, set the REDO_READ10
855 : : * flag to force a retry.
856 : : */
857 [ # # # # ]: 0 : if (unlikely((us->fflags & US_FL_INITIAL_READ10) &&
858 : : srb->cmnd[0] == READ_10)) {
859 [ # # ]: 0 : if (srb->result == SAM_STAT_GOOD) {
860 : 0 : set_bit(US_FLIDX_READ10_WORKED, &us->dflags);
861 [ # # ]: 0 : } else if (test_bit(US_FLIDX_READ10_WORKED, &us->dflags)) {
862 : 0 : clear_bit(US_FLIDX_READ10_WORKED, &us->dflags);
863 : 0 : set_bit(US_FLIDX_REDO_READ10, &us->dflags);
864 : : }
865 : :
866 : : /*
867 : : * Next, if the REDO_READ10 flag is set, return a result
868 : : * code that will cause the SCSI core to retry the READ(10)
869 : : * command immediately.
870 : : */
871 [ # # ]: 0 : if (test_bit(US_FLIDX_REDO_READ10, &us->dflags)) {
872 : 0 : clear_bit(US_FLIDX_REDO_READ10, &us->dflags);
873 : 0 : srb->result = DID_IMM_RETRY << 16;
874 : 0 : srb->sense_buffer[0] = 0;
875 : : }
876 : : }
877 : :
878 : : /* Did we transfer less than the minimum amount required? */
879 [ # # # # ]: 0 : if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) &&
880 [ # # ]: 0 : scsi_bufflen(srb) - scsi_get_resid(srb) < srb->underflow)
881 : 0 : srb->result = DID_ERROR << 16;
882 : :
883 : 0 : last_sector_hacks(us, srb);
884 : 0 : return;
885 : :
886 : : /*
887 : : * Error and abort processing: try to resynchronize with the device
888 : : * by issuing a port reset. If that fails, try a class-specific
889 : : * device reset.
890 : : */
891 : 0 : Handle_Errors:
892 : :
893 : : /*
894 : : * Set the RESETTING bit, and clear the ABORTING bit so that
895 : : * the reset may proceed.
896 : : */
897 : 0 : scsi_lock(us_to_host(us));
898 : 0 : set_bit(US_FLIDX_RESETTING, &us->dflags);
899 : 0 : clear_bit(US_FLIDX_ABORTING, &us->dflags);
900 : 0 : scsi_unlock(us_to_host(us));
901 : :
902 : : /*
903 : : * We must release the device lock because the pre_reset routine
904 : : * will want to acquire it.
905 : : */
906 : 0 : mutex_unlock(&us->dev_mutex);
907 : 0 : result = usb_stor_port_reset(us);
908 : 0 : mutex_lock(&us->dev_mutex);
909 : :
910 [ # # ]: 0 : if (result < 0) {
911 : 0 : scsi_lock(us_to_host(us));
912 : 0 : usb_stor_report_device_reset(us);
913 : 0 : scsi_unlock(us_to_host(us));
914 : 0 : us->transport_reset(us);
915 : : }
916 : 0 : clear_bit(US_FLIDX_RESETTING, &us->dflags);
917 : 0 : last_sector_hacks(us, srb);
918 : : }
919 : :
920 : : /* Stop the current URB transfer */
921 : 0 : void usb_stor_stop_transport(struct us_data *us)
922 : : {
923 : : /*
924 : : * If the state machine is blocked waiting for an URB,
925 : : * let's wake it up. The test_and_clear_bit() call
926 : : * guarantees that if a URB has just been submitted,
927 : : * it won't be cancelled more than once.
928 : : */
929 [ # # ]: 0 : if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
930 : 0 : usb_stor_dbg(us, "-- cancelling URB\n");
931 : 0 : usb_unlink_urb(us->current_urb);
932 : : }
933 : :
934 : : /* If we are waiting for a scatter-gather operation, cancel it. */
935 [ # # ]: 0 : if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
936 : 0 : usb_stor_dbg(us, "-- cancelling sg request\n");
937 : 0 : usb_sg_cancel(&us->current_sg);
938 : : }
939 : 0 : }
940 : :
941 : : /*
942 : : * Control/Bulk and Control/Bulk/Interrupt transport
943 : : */
944 : :
945 : 0 : int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us)
946 : : {
947 : 0 : unsigned int transfer_length = scsi_bufflen(srb);
948 : 0 : unsigned int pipe = 0;
949 : 0 : int result;
950 : :
951 : : /* COMMAND STAGE */
952 : : /* let's send the command via the control pipe */
953 : : /*
954 : : * Command is sometime (f.e. after scsi_eh_prep_cmnd) on the stack.
955 : : * Stack may be vmallocated. So no DMA for us. Make a copy.
956 : : */
957 : 0 : memcpy(us->iobuf, srb->cmnd, srb->cmd_len);
958 : 0 : result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
959 : : US_CBI_ADSC,
960 : : USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0,
961 : 0 : us->ifnum, us->iobuf, srb->cmd_len);
962 : :
963 : : /* check the return code for the command */
964 : 0 : usb_stor_dbg(us, "Call to usb_stor_ctrl_transfer() returned %d\n",
965 : : result);
966 : :
967 : : /* if we stalled the command, it means command failed */
968 [ # # ]: 0 : if (result == USB_STOR_XFER_STALLED) {
969 : : return USB_STOR_TRANSPORT_FAILED;
970 : : }
971 : :
972 : : /* Uh oh... serious problem here */
973 [ # # ]: 0 : if (result != USB_STOR_XFER_GOOD) {
974 : : return USB_STOR_TRANSPORT_ERROR;
975 : : }
976 : :
977 : : /* DATA STAGE */
978 : : /* transfer the data payload for this command, if one exists*/
979 [ # # ]: 0 : if (transfer_length) {
980 : 0 : pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
981 [ # # ]: 0 : us->recv_bulk_pipe : us->send_bulk_pipe;
982 : 0 : result = usb_stor_bulk_srb(us, pipe, srb);
983 : 0 : usb_stor_dbg(us, "CBI data stage result is 0x%x\n", result);
984 : :
985 : : /* if we stalled the data transfer it means command failed */
986 [ # # ]: 0 : if (result == USB_STOR_XFER_STALLED)
987 : : return USB_STOR_TRANSPORT_FAILED;
988 [ # # ]: 0 : if (result > USB_STOR_XFER_STALLED)
989 : : return USB_STOR_TRANSPORT_ERROR;
990 : : }
991 : :
992 : : /* STATUS STAGE */
993 : :
994 : : /*
995 : : * NOTE: CB does not have a status stage. Silly, I know. So
996 : : * we have to catch this at a higher level.
997 : : */
998 [ # # ]: 0 : if (us->protocol != USB_PR_CBI)
999 : : return USB_STOR_TRANSPORT_GOOD;
1000 : :
1001 : 0 : result = usb_stor_intr_transfer(us, us->iobuf, 2);
1002 : 0 : usb_stor_dbg(us, "Got interrupt data (0x%x, 0x%x)\n",
1003 : : us->iobuf[0], us->iobuf[1]);
1004 [ # # ]: 0 : if (result != USB_STOR_XFER_GOOD)
1005 : : return USB_STOR_TRANSPORT_ERROR;
1006 : :
1007 : : /*
1008 : : * UFI gives us ASC and ASCQ, like a request sense
1009 : : *
1010 : : * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
1011 : : * devices, so we ignore the information for those commands. Note
1012 : : * that this means we could be ignoring a real error on these
1013 : : * commands, but that can't be helped.
1014 : : */
1015 [ # # ]: 0 : if (us->subclass == USB_SC_UFI) {
1016 [ # # ]: 0 : if (srb->cmnd[0] == REQUEST_SENSE ||
1017 : : srb->cmnd[0] == INQUIRY)
1018 : : return USB_STOR_TRANSPORT_GOOD;
1019 [ # # ]: 0 : if (us->iobuf[0])
1020 : 0 : goto Failed;
1021 : : return USB_STOR_TRANSPORT_GOOD;
1022 : : }
1023 : :
1024 : : /*
1025 : : * If not UFI, we interpret the data as a result code
1026 : : * The first byte should always be a 0x0.
1027 : : *
1028 : : * Some bogus devices don't follow that rule. They stuff the ASC
1029 : : * into the first byte -- so if it's non-zero, call it a failure.
1030 : : */
1031 [ # # ]: 0 : if (us->iobuf[0]) {
1032 : 0 : usb_stor_dbg(us, "CBI IRQ data showed reserved bType 0x%x\n",
1033 : : us->iobuf[0]);
1034 : 0 : goto Failed;
1035 : :
1036 : : }
1037 : :
1038 : : /* The second byte & 0x0F should be 0x0 for good, otherwise error */
1039 [ # # # ]: 0 : switch (us->iobuf[1] & 0x0F) {
1040 : : case 0x00:
1041 : : return USB_STOR_TRANSPORT_GOOD;
1042 : 0 : case 0x01:
1043 : 0 : goto Failed;
1044 : : }
1045 : 0 : return USB_STOR_TRANSPORT_ERROR;
1046 : :
1047 : : /*
1048 : : * the CBI spec requires that the bulk pipe must be cleared
1049 : : * following any data-in/out command failure (section 2.4.3.1.3)
1050 : : */
1051 : 0 : Failed:
1052 [ # # ]: 0 : if (pipe)
1053 : 0 : usb_stor_clear_halt(us, pipe);
1054 : : return USB_STOR_TRANSPORT_FAILED;
1055 : : }
1056 : : EXPORT_SYMBOL_GPL(usb_stor_CB_transport);
1057 : :
1058 : : /*
1059 : : * Bulk only transport
1060 : : */
1061 : :
1062 : : /* Determine what the maximum LUN supported is */
1063 : 0 : int usb_stor_Bulk_max_lun(struct us_data *us)
1064 : : {
1065 : 0 : int result;
1066 : :
1067 : : /* issue the command */
1068 : 0 : us->iobuf[0] = 0;
1069 : 0 : result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
1070 : : US_BULK_GET_MAX_LUN,
1071 : : USB_DIR_IN | USB_TYPE_CLASS |
1072 : : USB_RECIP_INTERFACE,
1073 : 0 : 0, us->ifnum, us->iobuf, 1, 10*HZ);
1074 : :
1075 : 0 : usb_stor_dbg(us, "GetMaxLUN command result is %d, data is %d\n",
1076 : : result, us->iobuf[0]);
1077 : :
1078 : : /*
1079 : : * If we have a successful request, return the result if valid. The
1080 : : * CBW LUN field is 4 bits wide, so the value reported by the device
1081 : : * should fit into that.
1082 : : */
1083 [ # # ]: 0 : if (result > 0) {
1084 [ # # ]: 0 : if (us->iobuf[0] < 16) {
1085 : 0 : return us->iobuf[0];
1086 : : } else {
1087 : 0 : dev_info(&us->pusb_intf->dev,
1088 : : "Max LUN %d is not valid, using 0 instead",
1089 : : us->iobuf[0]);
1090 : : }
1091 : : }
1092 : :
1093 : : /*
1094 : : * Some devices don't like GetMaxLUN. They may STALL the control
1095 : : * pipe, they may return a zero-length result, they may do nothing at
1096 : : * all and timeout, or they may fail in even more bizarrely creative
1097 : : * ways. In these cases the best approach is to use the default
1098 : : * value: only one LUN.
1099 : : */
1100 : : return 0;
1101 : : }
1102 : :
1103 : 0 : int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us)
1104 : : {
1105 : 0 : struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf;
1106 : 0 : struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf;
1107 [ # # ]: 0 : unsigned int transfer_length = scsi_bufflen(srb);
1108 : 0 : unsigned int residue;
1109 : 0 : int result;
1110 : 0 : int fake_sense = 0;
1111 : 0 : unsigned int cswlen;
1112 : 0 : unsigned int cbwlen = US_BULK_CB_WRAP_LEN;
1113 : :
1114 : : /* Take care of BULK32 devices; set extra byte to 0 */
1115 [ # # ]: 0 : if (unlikely(us->fflags & US_FL_BULK32)) {
1116 : 0 : cbwlen = 32;
1117 : 0 : us->iobuf[31] = 0;
1118 : : }
1119 : :
1120 : : /* set up the command wrapper */
1121 : 0 : bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
1122 : 0 : bcb->DataTransferLength = cpu_to_le32(transfer_length);
1123 [ # # ]: 0 : bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ?
1124 : : US_BULK_FLAG_IN : 0;
1125 : 0 : bcb->Tag = ++us->tag;
1126 : 0 : bcb->Lun = srb->device->lun;
1127 [ # # ]: 0 : if (us->fflags & US_FL_SCM_MULT_TARG)
1128 : 0 : bcb->Lun |= srb->device->id << 4;
1129 : 0 : bcb->Length = srb->cmd_len;
1130 : :
1131 : : /* copy the command payload */
1132 : 0 : memset(bcb->CDB, 0, sizeof(bcb->CDB));
1133 : 0 : memcpy(bcb->CDB, srb->cmnd, bcb->Length);
1134 : :
1135 : : /* send it to out endpoint */
1136 : 0 : usb_stor_dbg(us, "Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n",
1137 : : le32_to_cpu(bcb->Signature), bcb->Tag,
1138 : : le32_to_cpu(bcb->DataTransferLength), bcb->Flags,
1139 : : (bcb->Lun >> 4), (bcb->Lun & 0x0F),
1140 : : bcb->Length);
1141 : 0 : result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
1142 : : bcb, cbwlen, NULL);
1143 : 0 : usb_stor_dbg(us, "Bulk command transfer result=%d\n", result);
1144 [ # # ]: 0 : if (result != USB_STOR_XFER_GOOD)
1145 : : return USB_STOR_TRANSPORT_ERROR;
1146 : :
1147 : : /* DATA STAGE */
1148 : : /* send/receive data payload, if there is any */
1149 : :
1150 : : /*
1151 : : * Some USB-IDE converter chips need a 100us delay between the
1152 : : * command phase and the data phase. Some devices need a little
1153 : : * more than that, probably because of clock rate inaccuracies.
1154 : : */
1155 [ # # ]: 0 : if (unlikely(us->fflags & US_FL_GO_SLOW))
1156 : 0 : usleep_range(125, 150);
1157 : :
1158 [ # # ]: 0 : if (transfer_length) {
1159 : 0 : unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
1160 [ # # ]: 0 : us->recv_bulk_pipe : us->send_bulk_pipe;
1161 : 0 : result = usb_stor_bulk_srb(us, pipe, srb);
1162 : 0 : usb_stor_dbg(us, "Bulk data transfer result 0x%x\n", result);
1163 [ # # ]: 0 : if (result == USB_STOR_XFER_ERROR)
1164 : : return USB_STOR_TRANSPORT_ERROR;
1165 : :
1166 : : /*
1167 : : * If the device tried to send back more data than the
1168 : : * amount requested, the spec requires us to transfer
1169 : : * the CSW anyway. Since there's no point retrying the
1170 : : * the command, we'll return fake sense data indicating
1171 : : * Illegal Request, Invalid Field in CDB.
1172 : : */
1173 [ # # ]: 0 : if (result == USB_STOR_XFER_LONG)
1174 : 0 : fake_sense = 1;
1175 : :
1176 : : /*
1177 : : * Sometimes a device will mistakenly skip the data phase
1178 : : * and go directly to the status phase without sending a
1179 : : * zero-length packet. If we get a 13-byte response here,
1180 : : * check whether it really is a CSW.
1181 : : */
1182 [ # # ]: 0 : if (result == USB_STOR_XFER_SHORT &&
1183 [ # # ]: 0 : srb->sc_data_direction == DMA_FROM_DEVICE &&
1184 [ # # ]: 0 : transfer_length - scsi_get_resid(srb) ==
1185 : : US_BULK_CS_WRAP_LEN) {
1186 : 0 : struct scatterlist *sg = NULL;
1187 : 0 : unsigned int offset = 0;
1188 : :
1189 [ # # ]: 0 : if (usb_stor_access_xfer_buf((unsigned char *) bcs,
1190 : : US_BULK_CS_WRAP_LEN, srb, &sg,
1191 : : &offset, FROM_XFER_BUF) ==
1192 : 0 : US_BULK_CS_WRAP_LEN &&
1193 [ # # ]: 0 : bcs->Signature ==
1194 : : cpu_to_le32(US_BULK_CS_SIGN)) {
1195 : 0 : usb_stor_dbg(us, "Device skipped data phase\n");
1196 : 0 : scsi_set_resid(srb, transfer_length);
1197 : 0 : goto skipped_data_phase;
1198 : : }
1199 : : }
1200 : : }
1201 : :
1202 : : /*
1203 : : * See flow chart on pg 15 of the Bulk Only Transport spec for
1204 : : * an explanation of how this code works.
1205 : : */
1206 : :
1207 : : /* get CSW for device status */
1208 : 0 : usb_stor_dbg(us, "Attempting to get CSW...\n");
1209 : 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1210 : : bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1211 : :
1212 : : /*
1213 : : * Some broken devices add unnecessary zero-length packets to the
1214 : : * end of their data transfers. Such packets show up as 0-length
1215 : : * CSWs. If we encounter such a thing, try to read the CSW again.
1216 : : */
1217 [ # # # # ]: 0 : if (result == USB_STOR_XFER_SHORT && cswlen == 0) {
1218 : 0 : usb_stor_dbg(us, "Received 0-length CSW; retrying...\n");
1219 : 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1220 : : bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1221 : : }
1222 : :
1223 : : /* did the attempt to read the CSW fail? */
1224 [ # # ]: 0 : if (result == USB_STOR_XFER_STALLED) {
1225 : :
1226 : : /* get the status again */
1227 : 0 : usb_stor_dbg(us, "Attempting to get CSW (2nd try)...\n");
1228 : 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1229 : : bcs, US_BULK_CS_WRAP_LEN, NULL);
1230 : : }
1231 : :
1232 : : /* if we still have a failure at this point, we're in trouble */
1233 : 0 : usb_stor_dbg(us, "Bulk status result = %d\n", result);
1234 [ # # ]: 0 : if (result != USB_STOR_XFER_GOOD)
1235 : : return USB_STOR_TRANSPORT_ERROR;
1236 : :
1237 : 0 : skipped_data_phase:
1238 : : /* check bulk status */
1239 : 0 : residue = le32_to_cpu(bcs->Residue);
1240 : 0 : usb_stor_dbg(us, "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n",
1241 : : le32_to_cpu(bcs->Signature), bcs->Tag,
1242 : : residue, bcs->Status);
1243 [ # # # # ]: 0 : if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) ||
1244 [ # # ]: 0 : bcs->Status > US_BULK_STAT_PHASE) {
1245 : : usb_stor_dbg(us, "Bulk logical error\n");
1246 : : return USB_STOR_TRANSPORT_ERROR;
1247 : : }
1248 : :
1249 : : /*
1250 : : * Some broken devices report odd signatures, so we do not check them
1251 : : * for validity against the spec. We store the first one we see,
1252 : : * and check subsequent transfers for validity against this signature.
1253 : : */
1254 [ # # ]: 0 : if (!us->bcs_signature) {
1255 : 0 : us->bcs_signature = bcs->Signature;
1256 : 0 : if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN))
1257 : : usb_stor_dbg(us, "Learnt BCS signature 0x%08X\n",
1258 : : le32_to_cpu(us->bcs_signature));
1259 [ # # ]: 0 : } else if (bcs->Signature != us->bcs_signature) {
1260 : : usb_stor_dbg(us, "Signature mismatch: got %08X, expecting %08X\n",
1261 : : le32_to_cpu(bcs->Signature),
1262 : : le32_to_cpu(us->bcs_signature));
1263 : : return USB_STOR_TRANSPORT_ERROR;
1264 : : }
1265 : :
1266 : : /*
1267 : : * try to compute the actual residue, based on how much data
1268 : : * was really transferred and what the device tells us
1269 : : */
1270 [ # # # # ]: 0 : if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) {
1271 : :
1272 : : /*
1273 : : * Heuristically detect devices that generate bogus residues
1274 : : * by seeing what happens with INQUIRY and READ CAPACITY
1275 : : * commands.
1276 : : */
1277 [ # # # # ]: 0 : if (bcs->Status == US_BULK_STAT_OK &&
1278 : 0 : scsi_get_resid(srb) == 0 &&
1279 [ # # # # ]: 0 : ((srb->cmnd[0] == INQUIRY &&
1280 [ # # ]: 0 : transfer_length == 36) ||
1281 [ # # ]: 0 : (srb->cmnd[0] == READ_CAPACITY &&
1282 : : transfer_length == 8))) {
1283 : 0 : us->fflags |= US_FL_IGNORE_RESIDUE;
1284 : :
1285 : : } else {
1286 : 0 : residue = min(residue, transfer_length);
1287 : 0 : scsi_set_resid(srb, max(scsi_get_resid(srb), residue));
1288 : : }
1289 : : }
1290 : :
1291 : : /* based on the status code, we report good or bad */
1292 [ # # # # ]: 0 : switch (bcs->Status) {
1293 : 0 : case US_BULK_STAT_OK:
1294 : : /* device babbled -- return fake sense data */
1295 [ # # ]: 0 : if (fake_sense) {
1296 : 0 : memcpy(srb->sense_buffer,
1297 : : usb_stor_sense_invalidCDB,
1298 : : sizeof(usb_stor_sense_invalidCDB));
1299 : 0 : return USB_STOR_TRANSPORT_NO_SENSE;
1300 : : }
1301 : :
1302 : : /* command good -- note that data could be short */
1303 : : return USB_STOR_TRANSPORT_GOOD;
1304 : :
1305 : : case US_BULK_STAT_FAIL:
1306 : : /* command failed */
1307 : : return USB_STOR_TRANSPORT_FAILED;
1308 : :
1309 : 0 : case US_BULK_STAT_PHASE:
1310 : : /*
1311 : : * phase error -- note that a transport reset will be
1312 : : * invoked by the invoke_transport() function
1313 : : */
1314 : 0 : return USB_STOR_TRANSPORT_ERROR;
1315 : : }
1316 : :
1317 : : /* we should never get here, but if we do, we're in trouble */
1318 : 0 : return USB_STOR_TRANSPORT_ERROR;
1319 : : }
1320 : : EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport);
1321 : :
1322 : : /***********************************************************************
1323 : : * Reset routines
1324 : : ***********************************************************************/
1325 : :
1326 : : /*
1327 : : * This is the common part of the device reset code.
1328 : : *
1329 : : * It's handy that every transport mechanism uses the control endpoint for
1330 : : * resets.
1331 : : *
1332 : : * Basically, we send a reset with a 5-second timeout, so we don't get
1333 : : * jammed attempting to do the reset.
1334 : : */
1335 : 0 : static int usb_stor_reset_common(struct us_data *us,
1336 : : u8 request, u8 requesttype,
1337 : : u16 value, u16 index, void *data, u16 size)
1338 : : {
1339 : 0 : int result;
1340 : 0 : int result2;
1341 : :
1342 [ # # ]: 0 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1343 : : usb_stor_dbg(us, "No reset during disconnect\n");
1344 : : return -EIO;
1345 : : }
1346 : :
1347 : 0 : result = usb_stor_control_msg(us, us->send_ctrl_pipe,
1348 : : request, requesttype, value, index, data, size,
1349 : : 5*HZ);
1350 [ # # ]: 0 : if (result < 0) {
1351 : : usb_stor_dbg(us, "Soft reset failed: %d\n", result);
1352 : : return result;
1353 : : }
1354 : :
1355 : : /*
1356 : : * Give the device some time to recover from the reset,
1357 : : * but don't delay disconnect processing.
1358 : : */
1359 [ # # # # : 0 : wait_event_interruptible_timeout(us->delay_wait,
# # # # ]
1360 : : test_bit(US_FLIDX_DISCONNECTING, &us->dflags),
1361 : : HZ*6);
1362 [ # # ]: 0 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1363 : : usb_stor_dbg(us, "Reset interrupted by disconnect\n");
1364 : : return -EIO;
1365 : : }
1366 : :
1367 : 0 : usb_stor_dbg(us, "Soft reset: clearing bulk-in endpoint halt\n");
1368 : 0 : result = usb_stor_clear_halt(us, us->recv_bulk_pipe);
1369 : :
1370 : 0 : usb_stor_dbg(us, "Soft reset: clearing bulk-out endpoint halt\n");
1371 : 0 : result2 = usb_stor_clear_halt(us, us->send_bulk_pipe);
1372 : :
1373 : : /* return a result code based on the result of the clear-halts */
1374 [ # # ]: 0 : if (result >= 0)
1375 : 0 : result = result2;
1376 : : if (result < 0)
1377 : : usb_stor_dbg(us, "Soft reset failed\n");
1378 : : else
1379 : : usb_stor_dbg(us, "Soft reset done\n");
1380 : : return result;
1381 : : }
1382 : :
1383 : : /* This issues a CB[I] Reset to the device in question */
1384 : : #define CB_RESET_CMD_SIZE 12
1385 : :
1386 : 0 : int usb_stor_CB_reset(struct us_data *us)
1387 : : {
1388 : 0 : memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE);
1389 : 0 : us->iobuf[0] = SEND_DIAGNOSTIC;
1390 : 0 : us->iobuf[1] = 4;
1391 : 0 : return usb_stor_reset_common(us, US_CBI_ADSC,
1392 : : USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1393 : 0 : 0, us->ifnum, us->iobuf, CB_RESET_CMD_SIZE);
1394 : : }
1395 : : EXPORT_SYMBOL_GPL(usb_stor_CB_reset);
1396 : :
1397 : : /*
1398 : : * This issues a Bulk-only Reset to the device in question, including
1399 : : * clearing the subsequent endpoint halts that may occur.
1400 : : */
1401 : 0 : int usb_stor_Bulk_reset(struct us_data *us)
1402 : : {
1403 : 0 : return usb_stor_reset_common(us, US_BULK_RESET_REQUEST,
1404 : : USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1405 : 0 : 0, us->ifnum, NULL, 0);
1406 : : }
1407 : : EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset);
1408 : :
1409 : : /*
1410 : : * Issue a USB port reset to the device. The caller must not hold
1411 : : * us->dev_mutex.
1412 : : */
1413 : 0 : int usb_stor_port_reset(struct us_data *us)
1414 : : {
1415 : 0 : int result;
1416 : :
1417 : : /*for these devices we must use the class specific method */
1418 [ # # ]: 0 : if (us->pusb_dev->quirks & USB_QUIRK_RESET)
1419 : : return -EPERM;
1420 : :
1421 : 0 : result = usb_lock_device_for_reset(us->pusb_dev, us->pusb_intf);
1422 [ # # ]: 0 : if (result < 0)
1423 : : usb_stor_dbg(us, "unable to lock device for reset: %d\n",
1424 : : result);
1425 : : else {
1426 : : /* Were we disconnected while waiting for the lock? */
1427 [ # # ]: 0 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1428 : : result = -EIO;
1429 : : usb_stor_dbg(us, "No reset during disconnect\n");
1430 : : } else {
1431 : 0 : result = usb_reset_device(us->pusb_dev);
1432 : 0 : usb_stor_dbg(us, "usb_reset_device returns %d\n",
1433 : : result);
1434 : : }
1435 : 0 : usb_unlock_device(us->pusb_dev);
1436 : : }
1437 : : return result;
1438 : : }
|