search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge with Linux 2.5.48.
[linux-2.6/linux-mips.git] / drivers / usb / storage / transport.c
blobaefbefa0708590355416257a44702ecde92d8791
1 /* Driver for USB Mass Storage compliant devices
2 *
3 * $Id: transport.c,v 1.47 2002/04/22 03:39:43 mdharm Exp $
4 *
5 * Current development and maintenance by:
6 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
7 *
8 * Developed with the assistance of:
9 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
11 * (c) 2002 Alan Stern <stern@rowland.org>
12 *
13 * Initial work by:
14 * (c) 1999 Michael Gee (michael@linuxspecific.com)
15 *
16 * This driver is based on the 'USB Mass Storage Class' document. This
17 * describes in detail the protocol used to communicate with such
18 * devices. Clearly, the designers had SCSI and ATAPI commands in
19 * mind when they created this document. The commands are all very
20 * similar to commands in the SCSI-II and ATAPI specifications.
21 *
22 * It is important to note that in a number of cases this class
23 * exhibits class-specific exemptions from the USB specification.
24 * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 * that they are used to communicate wait, failed and OK on commands.
26 *
27 * Also, for certain devices, the interrupt endpoint is used to convey
28 * status of a command.
29 *
30 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
31 * information about this driver.
32 *
33 * This program is free software; you can redistribute it and/or modify it
34 * under the terms of the GNU General Public License as published by the
35 * Free Software Foundation; either version 2, or (at your option) any
36 * later version.
37 *
38 * This program is distributed in the hope that it will be useful, but
39 * WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41 * General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 675 Mass Ave, Cambridge, MA 02139, USA.
46 */
47
48 #include <linux/config.h>
49 #include "transport.h"
50 #include "protocol.h"
51 #include "usb.h"
52 #include "debug.h"
53
54 #include <linux/sched.h>
55 #include <linux/errno.h>
56 #include <linux/slab.h>
57
58 /***********************************************************************
59 * Helper routines
60 ***********************************************************************/
61
62 /* Calculate the length of the data transfer (not the command) for any
63 * given SCSI command
64 */
65 unsigned int usb_stor_transfer_length(Scsi_Cmnd *srb)
66 {
67 int i;
68 int doDefault = 0;
69 unsigned int len = 0;
70 unsigned int total = 0;
71 struct scatterlist *sg;
72
73 /* This table tells us:
74 X = command not supported
75 L = return length in cmnd[4] (8 bits).
76 M = return length in cmnd[8] (8 bits).
77 G = return length in cmnd[3] and cmnd[4] (16 bits)
78 H = return length in cmnd[7] and cmnd[8] (16 bits)
79 I = return length in cmnd[8] and cmnd[9] (16 bits)
80 C = return length in cmnd[2] to cmnd[5] (32 bits)
81 D = return length in cmnd[6] to cmnd[9] (32 bits)
82 B = return length in blocksize so we use buff_len
83 R = return length in cmnd[2] to cmnd[4] (24 bits)
84 S = return length in cmnd[3] to cmnd[5] (24 bits)
85 T = return length in cmnd[6] to cmnd[8] (24 bits)
86 U = return length in cmnd[7] to cmnd[9] (24 bits)
87 0-9 = fixed return length
88 V = 20 bytes
89 W = 24 bytes
90 Z = return length is mode dependant or not in command, use buff_len
91 */
92
93 static char *lengths =
94
95 /* 0123456789ABCDEF 0123456789ABCDEF */
96
97 "00XLZ6XZBXBBXXXB" "00LBBLG0R0L0GG0X" /* 00-1F */
98 "XXXXT8XXB4B0BBBB" "ZZZ0B00HCSSZTBHH" /* 20-3F */
99 "M0HHB0X000H0HH0X" "XHH0HHXX0TH0H0XX" /* 40-5F */
100 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* 60-7F */
101 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* 80-9F */
102 "X0XXX00XB0BXBXBB" "ZZZ0XUIDU000XHBX" /* A0-BF */
103 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* C0-DF */
104 "XDXXXXXXXXXXXXXX" "XXW00HXXXXXXXXXX"; /* E0-FF */
105
106 /* Commands checked in table:
107
108 CHANGE_DEFINITION 40
109 COMPARE 39
110 COPY 18
111 COPY_AND_VERIFY 3a
112 ERASE 19
113 ERASE_10 2c
114 ERASE_12 ac
115 EXCHANGE_MEDIUM a6
116 FORMAT_UNIT 04
117 GET_DATA_BUFFER_STATUS 34
118 GET_MESSAGE_10 28
119 GET_MESSAGE_12 a8
120 GET_WINDOW 25 !!! Has more data than READ_CAPACITY, need to fix table
121 INITIALIZE_ELEMENT_STATUS 07 !!! REASSIGN_BLOCKS luckily uses buff_len
122 INQUIRY 12
123 LOAD_UNLOAD 1b
124 LOCATE 2b
125 LOCK_UNLOCK_CACHE 36
126 LOG_SELECT 4c
127 LOG_SENSE 4d
128 MEDIUM_SCAN 38 !!! This was M
129 MODE_SELECT6 15
130 MODE_SELECT_10 55
131 MODE_SENSE_6 1a
132 MODE_SENSE_10 5a
133 MOVE_MEDIUM a5
134 OBJECT_POSITION 31 !!! Same as SEARCH_DATA_EQUAL
135 PAUSE_RESUME 4b
136 PLAY_AUDIO_10 45
137 PLAY_AUDIO_12 a5
138 PLAY_AUDIO_MSF 47
139 PLAY_AUDIO_TRACK_INDEX 48
140 PLAY_AUDIO_TRACK_RELATIVE_10 49
141 PLAY_AUDIO_TRACK_RELATIVE_12 a9
142 POSITION_TO_ELEMENT 2b
143 PRE-FETCH 34
144 PREVENT_ALLOW_MEDIUM_REMOVAL 1e
145 PRINT 0a !!! Same as WRITE_6 but is always in bytes
146 READ_6 08
147 READ_10 28
148 READ_12 a8
149 READ_BLOCK_LIMITS 05
150 READ_BUFFER 3c
151 READ_CAPACITY 25
152 READ_CDROM_CAPACITY 25
153 READ_DEFECT_DATA 37
154 READ_DEFECT_DATA_12 b7
155 READ_ELEMENT_STATUS b8 !!! Think this is in bytes
156 READ_GENERATION 29 !!! Could also be M?
157 READ_HEADER 44 !!! This was L
158 READ_LONG 3e
159 READ_POSITION 34 !!! This should be V but conflicts with PRE-FETCH
160 READ_REVERSE 0f
161 READ_SUB-CHANNEL 42 !!! Is this in bytes?
162 READ_TOC 43 !!! Is this in bytes?
163 READ_UPDATED_BLOCK 2d
164 REASSIGN_BLOCKS 07
165 RECEIVE 08 !!! Same as READ_6 probably in bytes though
166 RECEIVE_DIAGNOSTIC_RESULTS 1c
167 RECOVER_BUFFERED_DATA 14 !!! For PRINTERs this is bytes
168 RELEASE_UNIT 17
169 REQUEST_SENSE 03
170 REQUEST_VOLUME_ELEMENT_ADDRESS b5 !!! Think this is in bytes
171 RESERVE_UNIT 16
172 REWIND 01
173 REZERO_UNIT 01
174 SCAN 1b !!! Conflicts with various commands, should be L
175 SEARCH_DATA_EQUAL 31
176 SEARCH_DATA_EQUAL_12 b1
177 SEARCH_DATA_LOW 30
178 SEARCH_DATA_LOW_12 b0
179 SEARCH_DATA_HIGH 32
180 SEARCH_DATA_HIGH_12 b2
181 SEEK_6 0b !!! Conflicts with SLEW_AND_PRINT
182 SEEK_10 2b
183 SEND 0a !!! Same as WRITE_6, probably in bytes though
184 SEND 2a !!! Similar to WRITE_10 but for scanners
185 SEND_DIAGNOSTIC 1d
186 SEND_MESSAGE_6 0a !!! Same as WRITE_6 - is in bytes
187 SEND_MESSAGE_10 2a !!! Same as WRITE_10 - is in bytes
188 SEND_MESSAGE_12 aa !!! Same as WRITE_12 - is in bytes
189 SEND_OPC 54
190 SEND_VOLUME_TAG b6 !!! Think this is in bytes
191 SET_LIMITS 33
192 SET_LIMITS_12 b3
193 SET_WINDOW 24
194 SLEW_AND_PRINT 0b !!! Conflicts with SEEK_6
195 SPACE 11
196 START_STOP_UNIT 1b
197 STOP_PRINT 1b
198 SYNCHRONIZE_BUFFER 10
199 SYNCHRONIZE_CACHE 35
200 TEST_UNIT_READY 00
201 UPDATE_BLOCK 3d
202 VERIFY 13
203 VERIFY 2f
204 VERIFY_12 af
205 WRITE_6 0a
206 WRITE_10 2a
207 WRITE_12 aa
208 WRITE_AND_VERIFY 2e
209 WRITE_AND_VERIFY_12 ae
210 WRITE_BUFFER 3b
211 WRITE_FILEMARKS 10
212 WRITE_LONG 3f
213 WRITE_SAME 41
214 */
215
216 if (srb->sc_data_direction == SCSI_DATA_WRITE) {
217 doDefault = 1;
218 }
219 else
220 switch (lengths[srb->cmnd[0]]) {
221 case 'L':
222 len = srb->cmnd[4];
223 break;
224
225 case 'M':
226 len = srb->cmnd[8];
227 break;
228
229 case '0':
230 case '1':
231 case '2':
232 case '3':
233 case '4':
234 case '5':
235 case '6':
236 case '7':
237 case '8':
238 case '9':
239 len = lengths[srb->cmnd[0]]-'0';
240 break;
241
242 case 'G':
243 len = (((unsigned int)srb->cmnd[3])<<8) |
244 srb->cmnd[4];
245 break;
246
247 case 'H':
248 len = (((unsigned int)srb->cmnd[7])<<8) |
249 srb->cmnd[8];
250 break;
251
252 case 'I':
253 len = (((unsigned int)srb->cmnd[8])<<8) |
254 srb->cmnd[9];
255 break;
256
257 case 'R':
258 len = (((unsigned int)srb->cmnd[2])<<16) |
259 (((unsigned int)srb->cmnd[3])<<8) |
260 srb->cmnd[4];
261 break;
262
263 case 'S':
264 len = (((unsigned int)srb->cmnd[3])<<16) |
265 (((unsigned int)srb->cmnd[4])<<8) |
266 srb->cmnd[5];
267 break;
268
269 case 'T':
270 len = (((unsigned int)srb->cmnd[6])<<16) |
271 (((unsigned int)srb->cmnd[7])<<8) |
272 srb->cmnd[8];
273 break;
274
275 case 'U':
276 len = (((unsigned int)srb->cmnd[7])<<16) |
277 (((unsigned int)srb->cmnd[8])<<8) |
278 srb->cmnd[9];
279 break;
280
281 case 'C':
282 len = (((unsigned int)srb->cmnd[2])<<24) |
283 (((unsigned int)srb->cmnd[3])<<16) |
284 (((unsigned int)srb->cmnd[4])<<8) |
285 srb->cmnd[5];
286 break;
287
288 case 'D':
289 len = (((unsigned int)srb->cmnd[6])<<24) |
290 (((unsigned int)srb->cmnd[7])<<16) |
291 (((unsigned int)srb->cmnd[8])<<8) |
292 srb->cmnd[9];
293 break;
294
295 case 'V':
296 len = 20;
297 break;
298
299 case 'W':
300 len = 24;
301 break;
302
303 case 'B':
304 /* Use buffer size due to different block sizes */
305 doDefault = 1;
306 break;
307
308 case 'X':
309 US_DEBUGP("Error: UNSUPPORTED COMMAND %02X\n",
310 srb->cmnd[0]);
311 doDefault = 1;
312 break;
313
314 case 'Z':
315 /* Use buffer size due to mode dependence */
316 doDefault = 1;
317 break;
318
319 default:
320 US_DEBUGP("Error: COMMAND %02X out of range or table inconsistent (%c).\n",
321 srb->cmnd[0], lengths[srb->cmnd[0]] );
322 doDefault = 1;
323 }
324
325 if ( doDefault == 1 ) {
326 /* Are we going to scatter gather? */
327 if (srb->use_sg) {
328 /* Add up the sizes of all the sg segments */
329 sg = (struct scatterlist *) srb->request_buffer;
330 for (i = 0; i < srb->use_sg; i++)
331 total += sg[i].length;
332 len = total;
333
334 /* Double-check to see if the advertised buffer
335 * length less than the actual buffer length --
336 * in other words, we should tend towards the
337 * conservative side for data transfers.
338 */
339 if (len > srb->request_bufflen)
340 len = srb->request_bufflen;
341 }
342 else
343 /* Just return the length of the buffer */
344 len = srb->request_bufflen;
345 }
346
347 /* According to the linux-scsi people, any command sent which
348 * violates this invariant is a bug. In the hopes of removing
349 * all the complex logic above, let's find them and eliminate them.
350 */
351 if (len != srb->request_bufflen) {
352 printk(KERN_ERR "USB len=%d, request_bufflen=%d\n", len, srb->request_bufflen);
353 dump_stack();
354 }
355
356 return len;
357 }
358
359 /***********************************************************************
360 * Data transfer routines
361 ***********************************************************************/
362
363 /*
364 * This is subtle, so pay attention:
365 * ---------------------------------
366 * We're very concerned about races with a command abort. Hanging this code
367 * is a sure fire way to hang the kernel. (Note that this discussion applies
368 * only to transactions resulting from a scsi queued-command, since only
369 * these transactions are subject to a scsi abort. Other transactions, such
370 * as those occurring during device-specific initialization, must be handled
371 * by a separate code path.)
372 *
373 * The abort function first sets the machine state, then atomically
374 * tests-and-clears the CAN_CANCEL bit in us->flags to see if the current_urb
375 * needs to be aborted.
376 *
377 * The submit function first verifies that the submission completed without
378 * errors, and only then sets the CAN_CANCEL bit. This prevents the abort
379 * function from trying to cancel the URB while the submit call is underway.
380 * Next, the submit function must test the state to see if we got aborted
381 * before the submission or before setting the CAN_CANCEL bit. If so, it's
382 * essential to abort the URB if it hasn't been cancelled already (i.e.,
383 * if the CAN_CANCEL bit is still set). Either way, the function must then
384 * wait for the URB to finish. Note that because the URB_ASYNC_UNLINK flag
385 * is set, the URB can still be in progress even after a call to
386 * usb_unlink_urb() returns.
387 *
388 * (It's also permissible, but not necessary, to test the state -before-
389 * submitting the URB. Doing so would prevent an unnecessary submission if
390 * the transaction had already been aborted, but this is very unlikely to
391 * happen, because the abort would have to have been requested during actual
392 * kernel processing rather than during an I/O delay.)
393 *
394 * The idea is that (1) once the state is changed to ABORTING, either the
395 * aborting function or the submitting function is guaranteed to call
396 * usb_unlink_urb() for an active URB, and (2) test_and_clear_bit() prevents
397 * usb_unlink_urb() from being called more than once or from being called
398 * during usb_submit_urb().
399 */
400
401 /* This is the completion handler which will wake us up when an URB
402 * completes.
403 */
404 static void usb_stor_blocking_completion(struct urb *urb)
405 {
406 struct completion *urb_done_ptr = (struct completion *)urb->context;
407
408 complete(urb_done_ptr);
409 }
410
411 /* This is the common part of the URB message submission code
412 *
413 * All URBs from the usb-storage driver involved in handling a queued scsi
414 * command _must_ pass through this function (or something like it) for the
415 * abort mechanisms to work properly.
416 */
417 static int usb_stor_msg_common(struct us_data *us)
418 {
419 struct completion urb_done;
420 int status;
421
422 /* set up data structures for the wakeup system */
423 init_completion(&urb_done);
424
425 /* fill the common fields in the URB */
426 us->current_urb->context = &urb_done;
427 us->current_urb->actual_length = 0;
428 us->current_urb->error_count = 0;
429 us->current_urb->transfer_flags = URB_ASYNC_UNLINK;
430
431 /* submit the URB */
432 status = usb_submit_urb(us->current_urb, GFP_NOIO);
433 if (status) {
434 /* something went wrong */
435 return status;
436 }
437
438 /* since the URB has been submitted successfully, it's now okay
439 * to cancel it */
440 set_bit(US_FLIDX_CAN_CANCEL, &us->flags);
441
442 /* has the current command been aborted? */
443 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
444
445 /* cancel the URB, if it hasn't been cancelled already */
446 if (test_and_clear_bit(US_FLIDX_CAN_CANCEL, &us->flags)) {
447 US_DEBUGP("-- cancelling URB\n");
448 usb_unlink_urb(us->current_urb);
449 }
450 }
451
452 /* wait for the completion of the URB */
453 wait_for_completion(&urb_done);
454 clear_bit(US_FLIDX_CAN_CANCEL, &us->flags);
455
456 /* return the URB status */
457 return us->current_urb->status;
458 }
459
460 /* This is our function to emulate usb_control_msg() with enough control
461 * to make aborts/resets/timeouts work
462 */
463 int usb_stor_control_msg(struct us_data *us, unsigned int pipe,
464 u8 request, u8 requesttype, u16 value, u16 index,
465 void *data, u16 size)
466 {
467 int status;
468
469 /* fill in the devrequest structure */
470 us->dr->bRequestType = requesttype;
471 us->dr->bRequest = request;
472 us->dr->wValue = cpu_to_le16(value);
473 us->dr->wIndex = cpu_to_le16(index);
474 us->dr->wLength = cpu_to_le16(size);
475
476 /* fill and submit the URB */
477 usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe,
478 (unsigned char*) us->dr, data, size,
479 usb_stor_blocking_completion, NULL);
480 status = usb_stor_msg_common(us);
481
482 /* return the actual length of the data transferred if no error*/
483 if (status >= 0)
484 status = us->current_urb->actual_length;
485 return status;
486 }
487
488 /* This is our function to emulate usb_bulk_msg() with enough control
489 * to make aborts/resets/timeouts work
490 */
491 int usb_stor_bulk_msg(struct us_data *us, void *data, unsigned int pipe,
492 unsigned int len, unsigned int *act_len)
493 {
494 int status;
495
496 /* fill and submit the URB */
497 usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, data, len,
498 usb_stor_blocking_completion, NULL);
499 status = usb_stor_msg_common(us);
500
501 /* store the actual length of the data transferred */
502 *act_len = us->current_urb->actual_length;
503 return status;
504 }
505
506 /* This is a version of usb_clear_halt() that doesn't read the status from
507 * the device -- this is because some devices crash their internal firmware
508 * when the status is requested after a halt.
509 *
510 * A definitive list of these 'bad' devices is too difficult to maintain or
511 * make complete enough to be useful. This problem was first observed on the
512 * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither
513 * MacOS nor Windows checks the status after clearing a halt.
514 *
515 * Since many vendors in this space limit their testing to interoperability
516 * with these two OSes, specification violations like this one are common.
517 */
518 int usb_stor_clear_halt(struct us_data *us, unsigned int pipe)
519 {
520 int result;
521 int endp = usb_pipeendpoint(pipe);
522
523 if (usb_pipein (pipe))
524 endp |= USB_DIR_IN;
525
526 result = usb_stor_control_msg(us, us->send_ctrl_pipe,
527 USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT, 0,
528 endp, NULL, 0); /* note: no 3*HZ timeout */
529 US_DEBUGP("usb_stor_clear_halt: result=%d\n", result);
530
531 /* this is a failure case */
532 if (result < 0)
533 return result;
534
535 printk(KERN_ERR "usb_stor_clear_halt() WORKED!\n");
536
537 /* reset the toggles and endpoint flags */
538 usb_endpoint_running(us->pusb_dev, usb_pipeendpoint(pipe),
539 usb_pipeout(pipe));
540 usb_settoggle(us->pusb_dev, usb_pipeendpoint(pipe),
541 usb_pipeout(pipe), 0);
542
543 return 0;
544 }
545
546 /*
547 * Transfer one control message
548 *
549 * This function does basically the same thing as usb_stor_control_msg()
550 * above, except that return codes are USB_STOR_XFER_xxx rather than the
551 * urb status or transfer length.
552 */
553 int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe,
554 u8 request, u8 requesttype, u16 value, u16 index,
555 void *data, u16 size) {
556 int result;
557
558 US_DEBUGP("usb_stor_ctrl_transfer(): rq=%02x rqtype=%02x "
559 "value=%04x index=%02x len=%d\n",
560 request, requesttype, value, index, size);
561 result = usb_stor_control_msg(us, pipe, request, requesttype,
562 value, index, data, size);
563 US_DEBUGP("usb_stor_control_msg returned %d\n", result);
564
565 /* a stall indicates a protocol error */
566 if (result == -EPIPE) {
567 US_DEBUGP("-- stall on control pipe\n");
568 return USB_STOR_XFER_ERROR;
569 }
570
571 /* some other serious problem here */
572 if (result < 0) {
573 US_DEBUGP("-- unknown error\n");
574 return USB_STOR_XFER_ERROR;
575 }
576
577 /* was the entire command transferred? */
578 if (result < size) {
579 US_DEBUGP("-- transferred only %d bytes\n", result);
580 return USB_STOR_XFER_SHORT;
581 }
582
583 US_DEBUGP("-- transfer completed successfully\n");
584 return USB_STOR_XFER_GOOD;
585 }
586
587 /*
588 * Transfer one buffer via bulk transfer
589 *
590 * This function does basically the same thing as usb_stor_bulk_msg()
591 * above, except that:
592 *
593 * 1. If the bulk pipe stalls during the transfer, the halt is
594 * automatically cleared;
595 * 2. Return codes are USB_STOR_XFER_xxx rather than the
596 * urb status or transfer length.
597 */
598 int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe,
599 char *buf, unsigned int length, unsigned int *act_len)
600 {
601 int result;
602 int partial;
603
604 /* transfer the data */
605 US_DEBUGP("usb_stor_bulk_transfer_buf(): xfer %d bytes\n", length);
606 result = usb_stor_bulk_msg(us, buf, pipe, length, &partial);
607 US_DEBUGP("usb_stor_bulk_msg() returned %d xferred %d/%d\n",
608 result, partial, length);
609 if (act_len)
610 *act_len = partial;
611
612 /* if we stall, we need to clear it before we go on */
613 if (result == -EPIPE) {
614 US_DEBUGP("clearing endpoint halt for pipe 0x%x,"
615 " stalled at %d bytes\n", pipe, partial);
616 if (usb_stor_clear_halt(us, pipe) < 0)
617 return USB_STOR_XFER_ERROR;
618 return USB_STOR_XFER_STALLED;
619 }
620
621 /* NAK - that means we've retried a few times already */
622 if (result == -ETIMEDOUT) {
623 US_DEBUGP("-- device NAKed\n");
624 return USB_STOR_XFER_ERROR;
625 }
626
627 /* the catch-all error case */
628 if (result) {
629 US_DEBUGP("-- unknown error\n");
630 return USB_STOR_XFER_ERROR;
631 }
632
633 /* did we send all the data? */
634 if (partial == length) {
635 US_DEBUGP("-- transfer complete\n");
636 return USB_STOR_XFER_GOOD;
637 }
638
639 /* no error code, so we must have transferred some data,
640 * just not all of it */
641 US_DEBUGP("-- transferred only %d bytes\n", partial);
642 return USB_STOR_XFER_SHORT;
643 }
644
645 /*
646 * Transfer a scatter-gather list via bulk transfer
647 *
648 * This function does basically the same thing as usb_stor_bulk_transfer_buf()
649 * above, but it uses the usbcore scatter-gather primitives
650 */
651 int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe,
652 struct scatterlist *sg, int num_sg, unsigned int length,
653 unsigned int *act_len)
654 {
655 int result;
656 int partial;
657
658 /* initialize the scatter-gather request block */
659 US_DEBUGP("usb_stor_bulk_transfer_sglist(): xfer %d bytes, "
660 "%d entries\n", length, num_sg);
661 result = usb_sg_init(us->current_sg, us->pusb_dev, pipe, 0,
662 sg, num_sg, length, SLAB_NOIO);
663 if (result) {
664 US_DEBUGP("usb_sg_init returned %d\n", result);
665 return USB_STOR_XFER_ERROR;
666 }
667
668 /* since the block has been initialized successfully, it's now
669 * okay to cancel it */
670 set_bit(US_FLIDX_CANCEL_SG, &us->flags);
671
672 /* has the current command been aborted? */
673 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
674
675 /* cancel the request, if it hasn't been cancelled already */
676 if (test_and_clear_bit(US_FLIDX_CANCEL_SG, &us->flags)) {
677 US_DEBUGP("-- cancelling sg request\n");
678 usb_sg_cancel(us->current_sg);
679 }
680 }
681
682 /* wait for the completion of the transfer */
683 usb_sg_wait(us->current_sg);
684 clear_bit(US_FLIDX_CANCEL_SG, &us->flags);
685
686 result = us->current_sg->status;
687 partial = us->current_sg->bytes;
688 US_DEBUGP("usb_sg_wait() returned %d xferred %d/%d\n",
689 result, partial, length);
690 if (act_len)
691 *act_len = partial;
692
693 /* if we stall, we need to clear it before we go on */
694 if (result == -EPIPE) {
695 US_DEBUGP("clearing endpoint halt for pipe 0x%x, "
696 "stalled at %d bytes\n", pipe, partial);
697 if (usb_stor_clear_halt(us, pipe) < 0)
698 return USB_STOR_XFER_ERROR;
699 return USB_STOR_XFER_STALLED;
700 }
701
702 /* NAK - that means we've retried this a few times already */
703 if (result == -ETIMEDOUT) {
704 US_DEBUGP("-- device NAKed\n");
705 return USB_STOR_XFER_ERROR;
706 }
707
708 /* the catch-all error case */
709 if (result) {
710 US_DEBUGP("-- unknown error\n");
711 return USB_STOR_XFER_ERROR;
712 }
713
714 /* did we send all the data? */
715 if (partial == length) {
716 US_DEBUGP("-- transfer complete\n");
717 return USB_STOR_XFER_GOOD;
718 }
719
720 /* no error code, so we must have transferred some data,
721 * just not all of it */
722 US_DEBUGP("-- transferred only %d bytes\n", partial);
723 return USB_STOR_XFER_SHORT;
724 }
725
726 /*
727 * Transfer an entire SCSI command's worth of data payload over the bulk
728 * pipe.
729 *
730 * Nore that this uses usb_stor_bulk_transfer_buf() and
731 * usb_stor_bulk_transfer_sglist() to achieve its goals --
732 * this function simply determines whether we're going to use
733 * scatter-gather or not, and acts appropriately.
734 */
735 int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe,
736 char *buf, unsigned int length_left, int use_sg, int *residual)
737 {
738 int result;
739 unsigned int partial;
740
741 /* are we scatter-gathering? */
742 if (use_sg) {
743 /* use the usb core scatter-gather primitives */
744 result = usb_stor_bulk_transfer_sglist(us, pipe,
745 (struct scatterlist *) buf, use_sg,
746 length_left, &partial);
747 length_left -= partial;
748 } else {
749 /* no scatter-gather, just make the request */
750 result = usb_stor_bulk_transfer_buf(us, pipe, buf,
751 length_left, &partial);
752 length_left -= partial;
753 }
754
755 /* store the residual and return the error code */
756 if (residual)
757 *residual = length_left;
758 return result;
759 }
760
761 /***********************************************************************
762 * Transport routines
763 ***********************************************************************/
764
765 /* Invoke the transport and basic error-handling/recovery methods
766 *
767 * This is used by the protocol layers to actually send the message to
768 * the device and receive the response.
769 */
770 void usb_stor_invoke_transport(Scsi_Cmnd *srb, struct us_data *us)
771 {
772 int need_auto_sense;
773 int result;
774
775 /* send the command to the transport layer */
776 srb->resid = 0;
777 result = us->transport(srb, us);
778
779 /* if the command gets aborted by the higher layers, we need to
780 * short-circuit all other processing
781 */
782 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
783 US_DEBUGP("-- transport indicates command was aborted\n");
784 srb->result = DID_ABORT << 16;
785 return;
786 }
787
788 /* if there is a transport error, reset and don't auto-sense */
789 /* What if we want to abort during the reset? */
790 if (result == USB_STOR_TRANSPORT_ERROR) {
791 US_DEBUGP("-- transport indicates error, resetting\n");
792 us->transport_reset(us);
793 srb->result = DID_ERROR << 16;
794 return;
795 }
796
797 /* Determine if we need to auto-sense
798 *
799 * I normally don't use a flag like this, but it's almost impossible
800 * to understand what's going on here if I don't.
801 */
802 need_auto_sense = 0;
803
804 /*
805 * If we're running the CB transport, which is incapable
806 * of determining status on it's own, we need to auto-sense almost
807 * every time.
808 */
809 if (us->protocol == US_PR_CB || us->protocol == US_PR_DPCM_USB) {
810 US_DEBUGP("-- CB transport device requiring auto-sense\n");
811 need_auto_sense = 1;
812
813 /* There are some exceptions to this. Notably, if this is
814 * a UFI device and the command is REQUEST_SENSE or INQUIRY,
815 * then it is impossible to truly determine status.
816 */
817 if (us->subclass == US_SC_UFI &&
818 ((srb->cmnd[0] == REQUEST_SENSE) ||
819 (srb->cmnd[0] == INQUIRY))) {
820 US_DEBUGP("** no auto-sense for a special command\n");
821 need_auto_sense = 0;
822 }
823 }
824
825 /*
826 * If we have a failure, we're going to do a REQUEST_SENSE
827 * automatically. Note that we differentiate between a command
828 * "failure" and an "error" in the transport mechanism.
829 */
830 if (result == USB_STOR_TRANSPORT_FAILED) {
831 US_DEBUGP("-- transport indicates command failure\n");
832 need_auto_sense = 1;
833 }
834
835 /*
836 * Also, if we have a short transfer on a command that can't have
837 * a short transfer, we're going to do this.
838 */
839 if ((srb->resid > 0) &&
840 !((srb->cmnd[0] == REQUEST_SENSE) ||
841 (srb->cmnd[0] == INQUIRY) ||
842 (srb->cmnd[0] == MODE_SENSE) ||
843 (srb->cmnd[0] == LOG_SENSE) ||
844 (srb->cmnd[0] == MODE_SENSE_10))) {
845 US_DEBUGP("-- unexpectedly short transfer\n");
846 need_auto_sense = 1;
847 }
848
849 /* Now, if we need to do the auto-sense, let's do it */
850 if (need_auto_sense) {
851 int temp_result;
852 void* old_request_buffer;
853 unsigned short old_sg;
854 unsigned old_request_bufflen;
855 unsigned char old_sc_data_direction;
856 unsigned char old_cmnd[MAX_COMMAND_SIZE];
857
858 US_DEBUGP("Issuing auto-REQUEST_SENSE\n");
859
860 /* save the old command */
861 memcpy(old_cmnd, srb->cmnd, MAX_COMMAND_SIZE);
862
863 /* set the command and the LUN */
864 srb->cmnd[0] = REQUEST_SENSE;
865 srb->cmnd[1] = old_cmnd[1] & 0xE0;
866 srb->cmnd[2] = 0;
867 srb->cmnd[3] = 0;
868 srb->cmnd[4] = 18;
869 srb->cmnd[5] = 0;
870
871 /* set the transfer direction */
872 old_sc_data_direction = srb->sc_data_direction;
873 srb->sc_data_direction = SCSI_DATA_READ;
874
875 /* use the new buffer we have */
876 old_request_buffer = srb->request_buffer;
877 srb->request_buffer = srb->sense_buffer;
878
879 /* set the buffer length for transfer */
880 old_request_bufflen = srb->request_bufflen;
881 srb->request_bufflen = 18;
882
883 /* set up for no scatter-gather use */
884 old_sg = srb->use_sg;
885 srb->use_sg = 0;
886
887 /* issue the auto-sense command */
888 temp_result = us->transport(us->srb, us);
889
890 /* let's clean up right away */
891 srb->request_buffer = old_request_buffer;
892 srb->request_bufflen = old_request_bufflen;
893 srb->use_sg = old_sg;
894 srb->sc_data_direction = old_sc_data_direction;
895 memcpy(srb->cmnd, old_cmnd, MAX_COMMAND_SIZE);
896
897 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
898 US_DEBUGP("-- auto-sense aborted\n");
899 srb->result = DID_ABORT << 16;
900 return;
901 }
902 if (temp_result != USB_STOR_TRANSPORT_GOOD) {
903 US_DEBUGP("-- auto-sense failure\n");
904
905 /* we skip the reset if this happens to be a
906 * multi-target device, since failure of an
907 * auto-sense is perfectly valid
908 */
909 if (!(us->flags & US_FL_SCM_MULT_TARG)) {
910 /* What if we try to abort during the reset? */
911 us->transport_reset(us);
912 }
913 srb->result = DID_ERROR << 16;
914 return;
915 }
916
917 US_DEBUGP("-- Result from auto-sense is %d\n", temp_result);
918 US_DEBUGP("-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
919 srb->sense_buffer[0],
920 srb->sense_buffer[2] & 0xf,
921 srb->sense_buffer[12],
922 srb->sense_buffer[13]);
923 #ifdef CONFIG_USB_STORAGE_DEBUG
924 usb_stor_show_sense(
925 srb->sense_buffer[2] & 0xf,
926 srb->sense_buffer[12],
927 srb->sense_buffer[13]);
928 #endif
929
930 /* set the result so the higher layers expect this data */
931 srb->result = CHECK_CONDITION << 1;
932
933 /* If things are really okay, then let's show that */
934 if ((srb->sense_buffer[2] & 0xf) == 0x0)
935 srb->result = GOOD << 1;
936 } else /* if (need_auto_sense) */
937 srb->result = GOOD << 1;
938
939 /* Regardless of auto-sense, if we _know_ we have an error
940 * condition, show that in the result code
941 */
942 if (result == USB_STOR_TRANSPORT_FAILED)
943 srb->result = CHECK_CONDITION << 1;
944
945 /* If we think we're good, then make sure the sense data shows it.
946 * This is necessary because the auto-sense for some devices always
947 * sets byte 0 == 0x70, even if there is no error
948 */
949 if ((us->protocol == US_PR_CB || us->protocol == US_PR_DPCM_USB) &&
950 (result == USB_STOR_TRANSPORT_GOOD) &&
951 ((srb->sense_buffer[2] & 0xf) == 0x0))
952 srb->sense_buffer[0] = 0x0;
953 }
954
955 /* Abort the currently running scsi command or device reset.
956 * This must be called with scsi_lock(us->srb->host) held */
957 void usb_stor_abort_transport(struct us_data *us)
958 {
959 struct Scsi_Host *host;
960 int state = atomic_read(&us->sm_state);
961
962 US_DEBUGP("usb_stor_abort_transport called\n");
963
964 /* Normally the current state is RUNNING. If the control thread
965 * hasn't even started processing this command, the state will be
966 * IDLE. Anything else is a bug. */
967 BUG_ON((state != US_STATE_RUNNING && state != US_STATE_IDLE));
968
969 /* set state to abort and release the lock */
970 atomic_set(&us->sm_state, US_STATE_ABORTING);
971 host = us->srb->host;
972 scsi_unlock(host);
973
974 /* If the state machine is blocked waiting for an URB or an IRQ,
975 * let's wake it up */
976
977 /* If we have an URB pending, cancel it. The test_and_clear_bit()
978 * call guarantees that if a URB has just been submitted, it
979 * won't be cancelled more than once. */
980 if (test_and_clear_bit(US_FLIDX_CAN_CANCEL, &us->flags)) {
981 US_DEBUGP("-- cancelling URB\n");
982 usb_unlink_urb(us->current_urb);
983 }
984
985 /* If we are waiting for a scatter-gather operation, cancel it. */
986 if (test_and_clear_bit(US_FLIDX_CANCEL_SG, &us->flags)) {
987 US_DEBUGP("-- cancelling sg request\n");
988 usb_sg_cancel(us->current_sg);
989 }
990
991 /* If we are waiting for an IRQ, simulate it */
992 if (test_bit(US_FLIDX_IP_WANTED, &us->flags)) {
993 US_DEBUGP("-- simulating missing IRQ\n");
994 usb_stor_CBI_irq(us->irq_urb);
995 }
996
997 /* Wait for the aborted command to finish */
998 wait_for_completion(&us->notify);
999
1000 /* Reacquire the lock: note that us->srb is now NULL */
1001 scsi_lock(host);
1002 }
1003
1004 /*
1005 * Control/Bulk/Interrupt transport
1006 */
1007
1008 /* The interrupt handler for CBI devices */
1009 void usb_stor_CBI_irq(struct urb *urb)
1010 {
1011 struct us_data *us = (struct us_data *)urb->context;
1012 int status;
1013
1014 US_DEBUGP("USB IRQ received for device on host %d\n", us->host_no);
1015 US_DEBUGP("-- IRQ data length is %d\n", urb->actual_length);
1016 US_DEBUGP("-- IRQ state is %d\n", urb->status);
1017 US_DEBUGP("-- Interrupt Status (0x%x, 0x%x)\n",
1018 us->irqbuf[0], us->irqbuf[1]);
1019
1020 /* has the current command been aborted? */
1021 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
1022
1023 /* was this a wanted interrupt? */
1024 if (!test_and_clear_bit(US_FLIDX_IP_WANTED, &us->flags)) {
1025 US_DEBUGP("ERROR: Unwanted interrupt received!\n");
1026 goto exit;
1027 }
1028 US_DEBUGP("-- command aborted\n");
1029
1030 /* wake up the command thread */
1031 up(&us->ip_waitq);
1032 goto exit;
1033 }
1034
1035 /* is the device removed? */
1036 if (urb->status == -ENOENT) {
1037 US_DEBUGP("-- device has been removed\n");
1038
1039 /* was this a wanted interrupt? */
1040 if (!test_and_clear_bit(US_FLIDX_IP_WANTED, &us->flags))
1041 return;
1042
1043 /* indicate a transport error -- this is the best we can do */
1044 us->irqdata[0] = us->irqdata[1] = 0xFF;
1045
1046 /* wake up the command thread */
1047 up(&us->ip_waitq);
1048 return;
1049 }
1050
1051 /* reject improper IRQs */
1052 if (urb->actual_length != 2) {
1053 US_DEBUGP("-- IRQ too short\n");
1054 goto exit;
1055 }
1056
1057 /* was this a command-completion interrupt? */
1058 if (us->irqbuf[0] && (us->subclass != US_SC_UFI)) {
1059 US_DEBUGP("-- not a command-completion IRQ\n");
1060 goto exit;
1061 }
1062
1063 /* was this a wanted interrupt? */
1064 if (!test_and_clear_bit(US_FLIDX_IP_WANTED, &us->flags)) {
1065 US_DEBUGP("ERROR: Unwanted interrupt received!\n");
1066 goto exit;
1067 }
1068
1069 /* copy the valid data */
1070 us->irqdata[0] = us->irqbuf[0];
1071 us->irqdata[1] = us->irqbuf[1];
1072
1073 /* wake up the command thread */
1074 up(&(us->ip_waitq));
1075
1076 exit:
1077 /* resubmit the urb */
1078 status = usb_submit_urb (urb, GFP_ATOMIC);
1079 if (status)
1080 err ("%s - usb_submit_urb failed with result %d",
1081 __FUNCTION__, status);
1082 }
1083
1084 int usb_stor_CBI_transport(Scsi_Cmnd *srb, struct us_data *us)
1085 {
1086 unsigned int transfer_length = usb_stor_transfer_length(srb);
1087 int result;
1088
1089 /* re-initialize the mutex so that we avoid any races with
1090 * early/late IRQs from previous commands */
1091 init_MUTEX_LOCKED(&(us->ip_waitq));
1092
1093 /* Set up for status notification */
1094 set_bit(US_FLIDX_IP_WANTED, &us->flags);
1095
1096 /* COMMAND STAGE */
1097 /* let's send the command via the control pipe */
1098 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
1099 US_CBI_ADSC,
1100 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0,
1101 us->ifnum, srb->cmnd, srb->cmd_len);
1102
1103 /* check the return code for the command */
1104 US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result);
1105 if (result != USB_STOR_XFER_GOOD) {
1106 /* Reset flag for status notification */
1107 clear_bit(US_FLIDX_IP_WANTED, &us->flags);
1108 /* Uh oh... serious problem here */
1109 return USB_STOR_TRANSPORT_ERROR;
1110 }
1111
1112 /* DATA STAGE */
1113 /* transfer the data payload for this command, if one exists*/
1114 if (transfer_length) {
1115 unsigned int pipe = srb->sc_data_direction == SCSI_DATA_READ ?
1116 us->recv_bulk_pipe : us->send_bulk_pipe;
1117 result = usb_stor_bulk_transfer_srb(us, pipe, srb,
1118 transfer_length);
1119 US_DEBUGP("CBI data stage result is 0x%x\n", result);
1120 if (result == USB_STOR_XFER_ERROR) {
1121 clear_bit(US_FLIDX_IP_WANTED, &us->flags);
1122 return USB_STOR_TRANSPORT_ERROR;
1123 }
1124 }
1125
1126 /* STATUS STAGE */
1127
1128 /* go to sleep until we get this interrupt */
1129 down(&(us->ip_waitq));
1130
1131 /* has the current command been aborted? */
1132 if (atomic_read(&us->sm_state) == US_STATE_ABORTING) {
1133 US_DEBUGP("CBI interrupt aborted\n");
1134 return USB_STOR_TRANSPORT_ERROR;
1135 }
1136
1137 US_DEBUGP("Got interrupt data (0x%x, 0x%x)\n",
1138 us->irqdata[0], us->irqdata[1]);
1139
1140 /* UFI gives us ASC and ASCQ, like a request sense
1141 *
1142 * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
1143 * devices, so we ignore the information for those commands. Note
1144 * that this means we could be ignoring a real error on these
1145 * commands, but that can't be helped.
1146 */
1147 if (us->subclass == US_SC_UFI) {
1148 if (srb->cmnd[0] == REQUEST_SENSE ||
1149 srb->cmnd[0] == INQUIRY)
1150 return USB_STOR_TRANSPORT_GOOD;
1151 else {
1152 if (us->irqdata[0])
1153 return USB_STOR_TRANSPORT_FAILED;
1154 else
1155 return USB_STOR_TRANSPORT_GOOD;
1156 }
1157 }
1158
1159 /* If not UFI, we interpret the data as a result code
1160 * The first byte should always be a 0x0
1161 * The second byte & 0x0F should be 0x0 for good, otherwise error
1162 */
1163 if (us->irqdata[0]) {
1164 US_DEBUGP("CBI IRQ data showed reserved bType %d\n",
1165 us->irqdata[0]);
1166 return USB_STOR_TRANSPORT_ERROR;
1167 }
1168
1169 switch (us->irqdata[1] & 0x0F) {
1170 case 0x00:
1171 return USB_STOR_TRANSPORT_GOOD;
1172 case 0x01:
1173 return USB_STOR_TRANSPORT_FAILED;
1174 default:
1175 return USB_STOR_TRANSPORT_ERROR;
1176 }
1177
1178 /* we should never get here, but if we do, we're in trouble */
1179 return USB_STOR_TRANSPORT_ERROR;
1180 }
1181
1182 /*
1183 * Control/Bulk transport
1184 */
1185 int usb_stor_CB_transport(Scsi_Cmnd *srb, struct us_data *us)
1186 {
1187 unsigned int transfer_length = usb_stor_transfer_length(srb);
1188 int result;
1189
1190 /* COMMAND STAGE */
1191 /* let's send the command via the control pipe */
1192 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
1193 US_CBI_ADSC,
1194 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0,
1195 us->ifnum, srb->cmnd, srb->cmd_len);
1196
1197 /* check the return code for the command */
1198 US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result);
1199 if (result != USB_STOR_XFER_GOOD) {
1200 /* Uh oh... serious problem here */
1201 return USB_STOR_TRANSPORT_ERROR;
1202 }
1203
1204 /* DATA STAGE */
1205 /* transfer the data payload for this command, if one exists*/
1206 if (transfer_length) {
1207 unsigned int pipe = srb->sc_data_direction == SCSI_DATA_READ ?
1208 us->recv_bulk_pipe : us->send_bulk_pipe;
1209 result = usb_stor_bulk_transfer_srb(us, pipe, srb,
1210 transfer_length);
1211 US_DEBUGP("CB data stage result is 0x%x\n", result);
1212 if (result == USB_STOR_XFER_ERROR)
1213 return USB_STOR_TRANSPORT_ERROR;
1214 }
1215
1216 /* STATUS STAGE */
1217 /* NOTE: CB does not have a status stage. Silly, I know. So
1218 * we have to catch this at a higher level.
1219 */
1220 return USB_STOR_TRANSPORT_GOOD;
1221 }
1222
1223 /*
1224 * Bulk only transport
1225 */
1226
1227 /* Determine what the maximum LUN supported is */
1228 int usb_stor_Bulk_max_lun(struct us_data *us)
1229 {
1230 unsigned char data;
1231 int result;
1232
1233 /* Issue the command -- use usb_control_msg() because this is
1234 * not a scsi queued-command. Also note that at this point the
1235 * cached pipe values have not yet been stored. */
1236 result = usb_control_msg(us->pusb_dev,
1237 usb_rcvctrlpipe(us->pusb_dev, 0),
1238 US_BULK_GET_MAX_LUN,
1239 USB_DIR_IN | USB_TYPE_CLASS |
1240 USB_RECIP_INTERFACE,
1241 0, us->ifnum, &data, sizeof(data), HZ);
1242
1243 US_DEBUGP("GetMaxLUN command result is %d, data is %d\n",
1244 result, data);
1245
1246 /* if we have a successful request, return the result */
1247 if (result == 1)
1248 return data;
1249
1250 /* return the default -- no LUNs */
1251 return 0;
1252 }
1253
1254 int usb_stor_Bulk_transport(Scsi_Cmnd *srb, struct us_data *us)
1255 {
1256 struct bulk_cb_wrap bcb;
1257 struct bulk_cs_wrap bcs;
1258 unsigned int transfer_length = usb_stor_transfer_length(srb);
1259 int result;
1260
1261 /* set up the command wrapper */
1262 bcb.Signature = cpu_to_le32(US_BULK_CB_SIGN);
1263 bcb.DataTransferLength = cpu_to_le32(transfer_length);
1264 bcb.Flags = srb->sc_data_direction == SCSI_DATA_READ ? 1 << 7 : 0;
1265 bcb.Tag = srb->serial_number;
1266 bcb.Lun = srb->cmnd[1] >> 5;
1267 if (us->flags & US_FL_SCM_MULT_TARG)
1268 bcb.Lun |= srb->target << 4;
1269 bcb.Length = srb->cmd_len;
1270
1271 /* copy the command payload */
1272 memset(bcb.CDB, 0, sizeof(bcb.CDB));
1273 memcpy(bcb.CDB, srb->cmnd, bcb.Length);
1274
1275 /* send it to out endpoint */
1276 US_DEBUGP("Bulk command S 0x%x T 0x%x Trg %d LUN %d L %d F %d CL %d\n",
1277 le32_to_cpu(bcb.Signature), bcb.Tag,
1278 (bcb.Lun >> 4), (bcb.Lun & 0x0F),
1279 le32_to_cpu(bcb.DataTransferLength), bcb.Flags, bcb.Length);
1280 result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
1281 (char *) &bcb, US_BULK_CB_WRAP_LEN, NULL);
1282 US_DEBUGP("Bulk command transfer result=%d\n", result);
1283 if (result != USB_STOR_XFER_GOOD)
1284 return USB_STOR_TRANSPORT_ERROR;
1285
1286 /* DATA STAGE */
1287 /* send/receive data payload, if there is any */
1288 if (transfer_length) {
1289 unsigned int pipe = srb->sc_data_direction == SCSI_DATA_READ ?
1290 us->recv_bulk_pipe : us->send_bulk_pipe;
1291 result = usb_stor_bulk_transfer_srb(us, pipe, srb,
1292 transfer_length);
1293 US_DEBUGP("Bulk data transfer result 0x%x\n", result);
1294 if (result == USB_STOR_XFER_ERROR)
1295 return USB_STOR_TRANSPORT_ERROR;
1296 }
1297
1298 /* See flow chart on pg 15 of the Bulk Only Transport spec for
1299 * an explanation of how this code works.
1300 */
1301
1302 /* get CSW for device status */
1303 US_DEBUGP("Attempting to get CSW...\n");
1304 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1305 (char *) &bcs, US_BULK_CS_WRAP_LEN, NULL);
1306
1307 /* did the attempt to read the CSW fail? */
1308 if (result == USB_STOR_XFER_STALLED) {
1309
1310 /* get the status again */
1311 US_DEBUGP("Attempting to get CSW (2nd try)...\n");
1312 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1313 (char *) &bcs, US_BULK_CS_WRAP_LEN, NULL);
1314 }
1315
1316 /* if we still have a failure at this point, we're in trouble */
1317 US_DEBUGP("Bulk status result = %d\n", result);
1318 if (result != USB_STOR_XFER_GOOD)
1319 return USB_STOR_TRANSPORT_ERROR;
1320
1321 /* check bulk status */
1322 US_DEBUGP("Bulk status Sig 0x%x T 0x%x R %d Stat 0x%x\n",
1323 le32_to_cpu(bcs.Signature), bcs.Tag,
1324 bcs.Residue, bcs.Status);
1325 if (bcs.Signature != cpu_to_le32(US_BULK_CS_SIGN) ||
1326 bcs.Tag != bcb.Tag ||
1327 bcs.Status > US_BULK_STAT_PHASE) {
1328 US_DEBUGP("Bulk logical error\n");
1329 return USB_STOR_TRANSPORT_ERROR;
1330 }
1331
1332 /* based on the status code, we report good or bad */
1333 switch (bcs.Status) {
1334 case US_BULK_STAT_OK:
1335 /* command good -- note that data could be short */
1336 return USB_STOR_TRANSPORT_GOOD;
1337
1338 case US_BULK_STAT_FAIL:
1339 /* command failed */
1340 return USB_STOR_TRANSPORT_FAILED;
1341
1342 case US_BULK_STAT_PHASE:
1343 /* phase error -- note that a transport reset will be
1344 * invoked by the invoke_transport() function
1345 */
1346 return USB_STOR_TRANSPORT_ERROR;
1347 }
1348
1349 /* we should never get here, but if we do, we're in trouble */
1350 return USB_STOR_TRANSPORT_ERROR;
1351 }
1352
1353 /***********************************************************************
1354 * Reset routines
1355 ***********************************************************************/
1356
1357 /* This is the common part of the device reset code.
1358 *
1359 * It's handy that every transport mechanism uses the control endpoint for
1360 * resets.
1361 *
1362 * Basically, we send a reset with a 20-second timeout, so we don't get
1363 * jammed attempting to do the reset.
1364 */
1365 static int usb_stor_reset_common(struct us_data *us,
1366 u8 request, u8 requesttype,
1367 u16 value, u16 index, void *data, u16 size)
1368 {
1369 int result;
1370
1371 /* A 20-second timeout may seem rather long, but a LaCie
1372 * StudioDrive USB2 device takes 16+ seconds to get going
1373 * following a powerup or USB attach event. */
1374
1375 /* Use usb_control_msg() because this is not a queued-command */
1376 result = usb_control_msg(us->pusb_dev, us->send_ctrl_pipe,
1377 request, requesttype, value, index, data, size,
1378 20*HZ);
1379 if (result < 0)
1380 goto Done;
1381
1382 /* long wait for reset */
1383 set_current_state(TASK_UNINTERRUPTIBLE);
1384 schedule_timeout(HZ*6);
1385 set_current_state(TASK_RUNNING);
1386
1387 /* Use usb_clear_halt() because this is not a queued-command */
1388 US_DEBUGP("Soft reset: clearing bulk-in endpoint halt\n");
1389 result = usb_clear_halt(us->pusb_dev, us->recv_bulk_pipe);
1390 if (result < 0)
1391 goto Done;
1392
1393 US_DEBUGP("Soft reset: clearing bulk-out endpoint halt\n");
1394 result = usb_clear_halt(us->pusb_dev, us->send_bulk_pipe);
1395
1396 Done:
1397
1398 /* return a result code based on the result of the control message */
1399 if (result < 0) {
1400 US_DEBUGP("Soft reset failed: %d\n", result);
1401 result = FAILED;
1402 } else {
1403 US_DEBUGP("Soft reset done\n");
1404 result = SUCCESS;
1405 }
1406 return result;
1407 }
1408
1409 /* This issues a CB[I] Reset to the device in question
1410 */
1411 int usb_stor_CB_reset(struct us_data *us)
1412 {
1413 unsigned char cmd[12];
1414
1415 US_DEBUGP("CB_reset() called\n");
1416
1417 memset(cmd, 0xFF, sizeof(cmd));
1418 cmd[0] = SEND_DIAGNOSTIC;
1419 cmd[1] = 4;
1420 return usb_stor_reset_common(us, US_CBI_ADSC,
1421 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1422 0, us->ifnum, cmd, sizeof(cmd));
1423 }
1424
1425 /* This issues a Bulk-only Reset to the device in question, including
1426 * clearing the subsequent endpoint halts that may occur.
1427 */
1428 int usb_stor_Bulk_reset(struct us_data *us)
1429 {
1430 US_DEBUGP("Bulk reset requested\n");
1431
1432 return usb_stor_reset_common(us, US_BULK_RESET_REQUEST,
1433 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1434 0, us->ifnum, NULL, 0);
1435 }
Mirror of the linux-mips.org kernel tree