1 /* Driver for USB Mass Storage compliant devices
3 * $Id: transport.c,v 1.47 2002/04/22 03:39:43 mdharm Exp $
5 * Current development and maintenance by:
6 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
8 * Developed with the assistance of:
9 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
11 * (c) 2002 Alan Stern <stern@rowland.org>
14 * (c) 1999 Michael Gee (michael@linuxspecific.com)
16 * This driver is based on the 'USB Mass Storage Class' document. This
17 * describes in detail the protocol used to communicate with such
18 * devices. Clearly, the designers had SCSI and ATAPI commands in
19 * mind when they created this document. The commands are all very
20 * similar to commands in the SCSI-II and ATAPI specifications.
22 * It is important to note that in a number of cases this class
23 * exhibits class-specific exemptions from the USB specification.
24 * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 * that they are used to communicate wait, failed and OK on commands.
27 * Also, for certain devices, the interrupt endpoint is used to convey
28 * status of a command.
30 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
31 * information about this driver.
33 * This program is free software; you can redistribute it and/or modify it
34 * under the terms of the GNU General Public License as published by the
35 * Free Software Foundation; either version 2, or (at your option) any
38 * This program is distributed in the hope that it will be useful, but
39 * WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41 * General Public License for more details.
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 675 Mass Ave, Cambridge, MA 02139, USA.
48 #include <linux/config.h>
49 #include "transport.h"
54 #include <linux/sched.h>
55 #include <linux/errno.h>
56 #include <linux/slab.h>
58 /***********************************************************************
60 ***********************************************************************/
62 /* Calculate the length of the data transfer (not the command) for any
65 unsigned int usb_stor_transfer_length(Scsi_Cmnd
*srb
)
70 unsigned int total
= 0;
71 struct scatterlist
*sg
;
73 /* This table tells us:
74 X = command not supported
75 L = return length in cmnd[4] (8 bits).
76 M = return length in cmnd[8] (8 bits).
77 G = return length in cmnd[3] and cmnd[4] (16 bits)
78 H = return length in cmnd[7] and cmnd[8] (16 bits)
79 I = return length in cmnd[8] and cmnd[9] (16 bits)
80 C = return length in cmnd[2] to cmnd[5] (32 bits)
81 D = return length in cmnd[6] to cmnd[9] (32 bits)
82 B = return length in blocksize so we use buff_len
83 R = return length in cmnd[2] to cmnd[4] (24 bits)
84 S = return length in cmnd[3] to cmnd[5] (24 bits)
85 T = return length in cmnd[6] to cmnd[8] (24 bits)
86 U = return length in cmnd[7] to cmnd[9] (24 bits)
87 0-9 = fixed return length
90 Z = return length is mode dependant or not in command, use buff_len
93 static char *lengths
=
95 /* 0123456789ABCDEF 0123456789ABCDEF */
97 "00XLZ6XZBXBBXXXB" "00LBBLG0R0L0GG0X" /* 00-1F */
98 "XXXXT8XXB4B0BBBB" "ZZZ0B00HCSSZTBHH" /* 20-3F */
99 "M0HHB0X000H0HH0X" "XHH0HHXX0TH0H0XX" /* 40-5F */
100 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* 60-7F */
101 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* 80-9F */
102 "X0XXX00XB0BXBXBB" "ZZZ0XUIDU000XHBX" /* A0-BF */
103 "XXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" /* C0-DF */
104 "XDXXXXXXXXXXXXXX" "XXW00HXXXXXXXXXX"; /* E0-FF */
106 /* Commands checked in table:
117 GET_DATA_BUFFER_STATUS 34
120 GET_WINDOW 25 !!! Has more data than READ_CAPACITY, need to fix table
121 INITIALIZE_ELEMENT_STATUS 07 !!! REASSIGN_BLOCKS luckily uses buff_len
128 MEDIUM_SCAN 38 !!! This was M
134 OBJECT_POSITION 31 !!! Same as SEARCH_DATA_EQUAL
139 PLAY_AUDIO_TRACK_INDEX 48
140 PLAY_AUDIO_TRACK_RELATIVE_10 49
141 PLAY_AUDIO_TRACK_RELATIVE_12 a9
142 POSITION_TO_ELEMENT 2b
144 PREVENT_ALLOW_MEDIUM_REMOVAL 1e
145 PRINT 0a !!! Same as WRITE_6 but is always in bytes
152 READ_CDROM_CAPACITY 25
154 READ_DEFECT_DATA_12 b7
155 READ_ELEMENT_STATUS b8 !!! Think this is in bytes
156 READ_GENERATION 29 !!! Could also be M?
157 READ_HEADER 44 !!! This was L
159 READ_POSITION 34 !!! This should be V but conflicts with PRE-FETCH
161 READ_SUB-CHANNEL 42 !!! Is this in bytes?
162 READ_TOC 43 !!! Is this in bytes?
163 READ_UPDATED_BLOCK 2d
165 RECEIVE 08 !!! Same as READ_6 probably in bytes though
166 RECEIVE_DIAGNOSTIC_RESULTS 1c
167 RECOVER_BUFFERED_DATA 14 !!! For PRINTERs this is bytes
170 REQUEST_VOLUME_ELEMENT_ADDRESS b5 !!! Think this is in bytes
174 SCAN 1b !!! Conflicts with various commands, should be L
176 SEARCH_DATA_EQUAL_12 b1
178 SEARCH_DATA_LOW_12 b0
180 SEARCH_DATA_HIGH_12 b2
181 SEEK_6 0b !!! Conflicts with SLEW_AND_PRINT
183 SEND 0a !!! Same as WRITE_6, probably in bytes though
184 SEND 2a !!! Similar to WRITE_10 but for scanners
186 SEND_MESSAGE_6 0a !!! Same as WRITE_6 - is in bytes
187 SEND_MESSAGE_10 2a !!! Same as WRITE_10 - is in bytes
188 SEND_MESSAGE_12 aa !!! Same as WRITE_12 - is in bytes
190 SEND_VOLUME_TAG b6 !!! Think this is in bytes
194 SLEW_AND_PRINT 0b !!! Conflicts with SEEK_6
198 SYNCHRONIZE_BUFFER 10
209 WRITE_AND_VERIFY_12 ae
216 if (srb
->sc_data_direction
== SCSI_DATA_WRITE
) {
220 switch (lengths
[srb
->cmnd
[0]]) {
239 len
= lengths
[srb
->cmnd
[0]]-'0';
243 len
= (((unsigned int)srb
->cmnd
[3])<<8) |
248 len
= (((unsigned int)srb
->cmnd
[7])<<8) |
253 len
= (((unsigned int)srb
->cmnd
[8])<<8) |
258 len
= (((unsigned int)srb
->cmnd
[2])<<16) |
259 (((unsigned int)srb
->cmnd
[3])<<8) |
264 len
= (((unsigned int)srb
->cmnd
[3])<<16) |
265 (((unsigned int)srb
->cmnd
[4])<<8) |
270 len
= (((unsigned int)srb
->cmnd
[6])<<16) |
271 (((unsigned int)srb
->cmnd
[7])<<8) |
276 len
= (((unsigned int)srb
->cmnd
[7])<<16) |
277 (((unsigned int)srb
->cmnd
[8])<<8) |
282 len
= (((unsigned int)srb
->cmnd
[2])<<24) |
283 (((unsigned int)srb
->cmnd
[3])<<16) |
284 (((unsigned int)srb
->cmnd
[4])<<8) |
289 len
= (((unsigned int)srb
->cmnd
[6])<<24) |
290 (((unsigned int)srb
->cmnd
[7])<<16) |
291 (((unsigned int)srb
->cmnd
[8])<<8) |
304 /* Use buffer size due to different block sizes */
309 US_DEBUGP("Error: UNSUPPORTED COMMAND %02X\n",
315 /* Use buffer size due to mode dependence */
320 US_DEBUGP("Error: COMMAND %02X out of range or table inconsistent (%c).\n",
321 srb
->cmnd
[0], lengths
[srb
->cmnd
[0]] );
325 if ( doDefault
== 1 ) {
326 /* Are we going to scatter gather? */
328 /* Add up the sizes of all the sg segments */
329 sg
= (struct scatterlist
*) srb
->request_buffer
;
330 for (i
= 0; i
< srb
->use_sg
; i
++)
331 total
+= sg
[i
].length
;
334 /* Double-check to see if the advertised buffer
335 * length less than the actual buffer length --
336 * in other words, we should tend towards the
337 * conservative side for data transfers.
339 if (len
> srb
->request_bufflen
)
340 len
= srb
->request_bufflen
;
343 /* Just return the length of the buffer */
344 len
= srb
->request_bufflen
;
347 /* According to the linux-scsi people, any command sent which
348 * violates this invariant is a bug. In the hopes of removing
349 * all the complex logic above, let's find them and eliminate them.
351 if (len
!= srb
->request_bufflen
) {
352 printk(KERN_ERR
"USB len=%d, request_bufflen=%d\n", len
, srb
->request_bufflen
);
359 /***********************************************************************
360 * Data transfer routines
361 ***********************************************************************/
364 * This is subtle, so pay attention:
365 * ---------------------------------
366 * We're very concerned about races with a command abort. Hanging this code
367 * is a sure fire way to hang the kernel. (Note that this discussion applies
368 * only to transactions resulting from a scsi queued-command, since only
369 * these transactions are subject to a scsi abort. Other transactions, such
370 * as those occurring during device-specific initialization, must be handled
371 * by a separate code path.)
373 * The abort function first sets the machine state, then atomically
374 * tests-and-clears the CAN_CANCEL bit in us->flags to see if the current_urb
375 * needs to be aborted.
377 * The submit function first verifies that the submission completed without
378 * errors, and only then sets the CAN_CANCEL bit. This prevents the abort
379 * function from trying to cancel the URB while the submit call is underway.
380 * Next, the submit function must test the state to see if we got aborted
381 * before the submission or before setting the CAN_CANCEL bit. If so, it's
382 * essential to abort the URB if it hasn't been cancelled already (i.e.,
383 * if the CAN_CANCEL bit is still set). Either way, the function must then
384 * wait for the URB to finish. Note that because the URB_ASYNC_UNLINK flag
385 * is set, the URB can still be in progress even after a call to
386 * usb_unlink_urb() returns.
388 * (It's also permissible, but not necessary, to test the state -before-
389 * submitting the URB. Doing so would prevent an unnecessary submission if
390 * the transaction had already been aborted, but this is very unlikely to
391 * happen, because the abort would have to have been requested during actual
392 * kernel processing rather than during an I/O delay.)
394 * The idea is that (1) once the state is changed to ABORTING, either the
395 * aborting function or the submitting function is guaranteed to call
396 * usb_unlink_urb() for an active URB, and (2) test_and_clear_bit() prevents
397 * usb_unlink_urb() from being called more than once or from being called
398 * during usb_submit_urb().
401 /* This is the completion handler which will wake us up when an URB
404 static void usb_stor_blocking_completion(struct urb
*urb
)
406 struct completion
*urb_done_ptr
= (struct completion
*)urb
->context
;
408 complete(urb_done_ptr
);
411 /* This is the common part of the URB message submission code
413 * All URBs from the usb-storage driver involved in handling a queued scsi
414 * command _must_ pass through this function (or something like it) for the
415 * abort mechanisms to work properly.
417 static int usb_stor_msg_common(struct us_data
*us
)
419 struct completion urb_done
;
422 /* set up data structures for the wakeup system */
423 init_completion(&urb_done
);
425 /* fill the common fields in the URB */
426 us
->current_urb
->context
= &urb_done
;
427 us
->current_urb
->actual_length
= 0;
428 us
->current_urb
->error_count
= 0;
429 us
->current_urb
->transfer_flags
= URB_ASYNC_UNLINK
;
432 status
= usb_submit_urb(us
->current_urb
, GFP_NOIO
);
434 /* something went wrong */
438 /* since the URB has been submitted successfully, it's now okay
440 set_bit(US_FLIDX_CAN_CANCEL
, &us
->flags
);
442 /* has the current command been aborted? */
443 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
445 /* cancel the URB, if it hasn't been cancelled already */
446 if (test_and_clear_bit(US_FLIDX_CAN_CANCEL
, &us
->flags
)) {
447 US_DEBUGP("-- cancelling URB\n");
448 usb_unlink_urb(us
->current_urb
);
452 /* wait for the completion of the URB */
453 wait_for_completion(&urb_done
);
454 clear_bit(US_FLIDX_CAN_CANCEL
, &us
->flags
);
456 /* return the URB status */
457 return us
->current_urb
->status
;
460 /* This is our function to emulate usb_control_msg() with enough control
461 * to make aborts/resets/timeouts work
463 int usb_stor_control_msg(struct us_data
*us
, unsigned int pipe
,
464 u8 request
, u8 requesttype
, u16 value
, u16 index
,
465 void *data
, u16 size
)
469 /* fill in the devrequest structure */
470 us
->dr
->bRequestType
= requesttype
;
471 us
->dr
->bRequest
= request
;
472 us
->dr
->wValue
= cpu_to_le16(value
);
473 us
->dr
->wIndex
= cpu_to_le16(index
);
474 us
->dr
->wLength
= cpu_to_le16(size
);
476 /* fill and submit the URB */
477 usb_fill_control_urb(us
->current_urb
, us
->pusb_dev
, pipe
,
478 (unsigned char*) us
->dr
, data
, size
,
479 usb_stor_blocking_completion
, NULL
);
480 status
= usb_stor_msg_common(us
);
482 /* return the actual length of the data transferred if no error*/
484 status
= us
->current_urb
->actual_length
;
488 /* This is our function to emulate usb_bulk_msg() with enough control
489 * to make aborts/resets/timeouts work
491 int usb_stor_bulk_msg(struct us_data
*us
, void *data
, unsigned int pipe
,
492 unsigned int len
, unsigned int *act_len
)
496 /* fill and submit the URB */
497 usb_fill_bulk_urb(us
->current_urb
, us
->pusb_dev
, pipe
, data
, len
,
498 usb_stor_blocking_completion
, NULL
);
499 status
= usb_stor_msg_common(us
);
501 /* store the actual length of the data transferred */
502 *act_len
= us
->current_urb
->actual_length
;
506 /* This is a version of usb_clear_halt() that doesn't read the status from
507 * the device -- this is because some devices crash their internal firmware
508 * when the status is requested after a halt.
510 * A definitive list of these 'bad' devices is too difficult to maintain or
511 * make complete enough to be useful. This problem was first observed on the
512 * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither
513 * MacOS nor Windows checks the status after clearing a halt.
515 * Since many vendors in this space limit their testing to interoperability
516 * with these two OSes, specification violations like this one are common.
518 int usb_stor_clear_halt(struct us_data
*us
, unsigned int pipe
)
521 int endp
= usb_pipeendpoint(pipe
);
523 if (usb_pipein (pipe
))
526 result
= usb_stor_control_msg(us
, us
->send_ctrl_pipe
,
527 USB_REQ_CLEAR_FEATURE
, USB_RECIP_ENDPOINT
, 0,
528 endp
, NULL
, 0); /* note: no 3*HZ timeout */
529 US_DEBUGP("usb_stor_clear_halt: result=%d\n", result
);
531 /* this is a failure case */
535 printk(KERN_ERR
"usb_stor_clear_halt() WORKED!\n");
537 /* reset the toggles and endpoint flags */
538 usb_endpoint_running(us
->pusb_dev
, usb_pipeendpoint(pipe
),
540 usb_settoggle(us
->pusb_dev
, usb_pipeendpoint(pipe
),
541 usb_pipeout(pipe
), 0);
547 * Transfer one control message
549 * This function does basically the same thing as usb_stor_control_msg()
550 * above, except that return codes are USB_STOR_XFER_xxx rather than the
551 * urb status or transfer length.
553 int usb_stor_ctrl_transfer(struct us_data
*us
, unsigned int pipe
,
554 u8 request
, u8 requesttype
, u16 value
, u16 index
,
555 void *data
, u16 size
) {
558 US_DEBUGP("usb_stor_ctrl_transfer(): rq=%02x rqtype=%02x "
559 "value=%04x index=%02x len=%d\n",
560 request
, requesttype
, value
, index
, size
);
561 result
= usb_stor_control_msg(us
, pipe
, request
, requesttype
,
562 value
, index
, data
, size
);
563 US_DEBUGP("usb_stor_control_msg returned %d\n", result
);
565 /* a stall indicates a protocol error */
566 if (result
== -EPIPE
) {
567 US_DEBUGP("-- stall on control pipe\n");
568 return USB_STOR_XFER_ERROR
;
571 /* some other serious problem here */
573 US_DEBUGP("-- unknown error\n");
574 return USB_STOR_XFER_ERROR
;
577 /* was the entire command transferred? */
579 US_DEBUGP("-- transferred only %d bytes\n", result
);
580 return USB_STOR_XFER_SHORT
;
583 US_DEBUGP("-- transfer completed successfully\n");
584 return USB_STOR_XFER_GOOD
;
588 * Transfer one buffer via bulk transfer
590 * This function does basically the same thing as usb_stor_bulk_msg()
591 * above, except that:
593 * 1. If the bulk pipe stalls during the transfer, the halt is
594 * automatically cleared;
595 * 2. Return codes are USB_STOR_XFER_xxx rather than the
596 * urb status or transfer length.
598 int usb_stor_bulk_transfer_buf(struct us_data
*us
, unsigned int pipe
,
599 char *buf
, unsigned int length
, unsigned int *act_len
)
604 /* transfer the data */
605 US_DEBUGP("usb_stor_bulk_transfer_buf(): xfer %d bytes\n", length
);
606 result
= usb_stor_bulk_msg(us
, buf
, pipe
, length
, &partial
);
607 US_DEBUGP("usb_stor_bulk_msg() returned %d xferred %d/%d\n",
608 result
, partial
, length
);
612 /* if we stall, we need to clear it before we go on */
613 if (result
== -EPIPE
) {
614 US_DEBUGP("clearing endpoint halt for pipe 0x%x,"
615 " stalled at %d bytes\n", pipe
, partial
);
616 if (usb_stor_clear_halt(us
, pipe
) < 0)
617 return USB_STOR_XFER_ERROR
;
618 return USB_STOR_XFER_STALLED
;
621 /* NAK - that means we've retried a few times already */
622 if (result
== -ETIMEDOUT
) {
623 US_DEBUGP("-- device NAKed\n");
624 return USB_STOR_XFER_ERROR
;
627 /* the catch-all error case */
629 US_DEBUGP("-- unknown error\n");
630 return USB_STOR_XFER_ERROR
;
633 /* did we send all the data? */
634 if (partial
== length
) {
635 US_DEBUGP("-- transfer complete\n");
636 return USB_STOR_XFER_GOOD
;
639 /* no error code, so we must have transferred some data,
640 * just not all of it */
641 US_DEBUGP("-- transferred only %d bytes\n", partial
);
642 return USB_STOR_XFER_SHORT
;
646 * Transfer a scatter-gather list via bulk transfer
648 * This function does basically the same thing as usb_stor_bulk_transfer_buf()
649 * above, but it uses the usbcore scatter-gather primitives
651 int usb_stor_bulk_transfer_sglist(struct us_data
*us
, unsigned int pipe
,
652 struct scatterlist
*sg
, int num_sg
, unsigned int length
,
653 unsigned int *act_len
)
658 /* initialize the scatter-gather request block */
659 US_DEBUGP("usb_stor_bulk_transfer_sglist(): xfer %d bytes, "
660 "%d entries\n", length
, num_sg
);
661 result
= usb_sg_init(us
->current_sg
, us
->pusb_dev
, pipe
, 0,
662 sg
, num_sg
, length
, SLAB_NOIO
);
664 US_DEBUGP("usb_sg_init returned %d\n", result
);
665 return USB_STOR_XFER_ERROR
;
668 /* since the block has been initialized successfully, it's now
669 * okay to cancel it */
670 set_bit(US_FLIDX_CANCEL_SG
, &us
->flags
);
672 /* has the current command been aborted? */
673 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
675 /* cancel the request, if it hasn't been cancelled already */
676 if (test_and_clear_bit(US_FLIDX_CANCEL_SG
, &us
->flags
)) {
677 US_DEBUGP("-- cancelling sg request\n");
678 usb_sg_cancel(us
->current_sg
);
682 /* wait for the completion of the transfer */
683 usb_sg_wait(us
->current_sg
);
684 clear_bit(US_FLIDX_CANCEL_SG
, &us
->flags
);
686 result
= us
->current_sg
->status
;
687 partial
= us
->current_sg
->bytes
;
688 US_DEBUGP("usb_sg_wait() returned %d xferred %d/%d\n",
689 result
, partial
, length
);
693 /* if we stall, we need to clear it before we go on */
694 if (result
== -EPIPE
) {
695 US_DEBUGP("clearing endpoint halt for pipe 0x%x, "
696 "stalled at %d bytes\n", pipe
, partial
);
697 if (usb_stor_clear_halt(us
, pipe
) < 0)
698 return USB_STOR_XFER_ERROR
;
699 return USB_STOR_XFER_STALLED
;
702 /* NAK - that means we've retried this a few times already */
703 if (result
== -ETIMEDOUT
) {
704 US_DEBUGP("-- device NAKed\n");
705 return USB_STOR_XFER_ERROR
;
708 /* the catch-all error case */
710 US_DEBUGP("-- unknown error\n");
711 return USB_STOR_XFER_ERROR
;
714 /* did we send all the data? */
715 if (partial
== length
) {
716 US_DEBUGP("-- transfer complete\n");
717 return USB_STOR_XFER_GOOD
;
720 /* no error code, so we must have transferred some data,
721 * just not all of it */
722 US_DEBUGP("-- transferred only %d bytes\n", partial
);
723 return USB_STOR_XFER_SHORT
;
727 * Transfer an entire SCSI command's worth of data payload over the bulk
730 * Nore that this uses usb_stor_bulk_transfer_buf() and
731 * usb_stor_bulk_transfer_sglist() to achieve its goals --
732 * this function simply determines whether we're going to use
733 * scatter-gather or not, and acts appropriately.
735 int usb_stor_bulk_transfer_sg(struct us_data
* us
, unsigned int pipe
,
736 char *buf
, unsigned int length_left
, int use_sg
, int *residual
)
739 unsigned int partial
;
741 /* are we scatter-gathering? */
743 /* use the usb core scatter-gather primitives */
744 result
= usb_stor_bulk_transfer_sglist(us
, pipe
,
745 (struct scatterlist
*) buf
, use_sg
,
746 length_left
, &partial
);
747 length_left
-= partial
;
749 /* no scatter-gather, just make the request */
750 result
= usb_stor_bulk_transfer_buf(us
, pipe
, buf
,
751 length_left
, &partial
);
752 length_left
-= partial
;
755 /* store the residual and return the error code */
757 *residual
= length_left
;
761 /***********************************************************************
763 ***********************************************************************/
765 /* Invoke the transport and basic error-handling/recovery methods
767 * This is used by the protocol layers to actually send the message to
768 * the device and receive the response.
770 void usb_stor_invoke_transport(Scsi_Cmnd
*srb
, struct us_data
*us
)
775 /* send the command to the transport layer */
777 result
= us
->transport(srb
, us
);
779 /* if the command gets aborted by the higher layers, we need to
780 * short-circuit all other processing
782 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
783 US_DEBUGP("-- transport indicates command was aborted\n");
784 srb
->result
= DID_ABORT
<< 16;
788 /* if there is a transport error, reset and don't auto-sense */
789 /* What if we want to abort during the reset? */
790 if (result
== USB_STOR_TRANSPORT_ERROR
) {
791 US_DEBUGP("-- transport indicates error, resetting\n");
792 us
->transport_reset(us
);
793 srb
->result
= DID_ERROR
<< 16;
797 /* Determine if we need to auto-sense
799 * I normally don't use a flag like this, but it's almost impossible
800 * to understand what's going on here if I don't.
805 * If we're running the CB transport, which is incapable
806 * of determining status on it's own, we need to auto-sense almost
809 if (us
->protocol
== US_PR_CB
|| us
->protocol
== US_PR_DPCM_USB
) {
810 US_DEBUGP("-- CB transport device requiring auto-sense\n");
813 /* There are some exceptions to this. Notably, if this is
814 * a UFI device and the command is REQUEST_SENSE or INQUIRY,
815 * then it is impossible to truly determine status.
817 if (us
->subclass
== US_SC_UFI
&&
818 ((srb
->cmnd
[0] == REQUEST_SENSE
) ||
819 (srb
->cmnd
[0] == INQUIRY
))) {
820 US_DEBUGP("** no auto-sense for a special command\n");
826 * If we have a failure, we're going to do a REQUEST_SENSE
827 * automatically. Note that we differentiate between a command
828 * "failure" and an "error" in the transport mechanism.
830 if (result
== USB_STOR_TRANSPORT_FAILED
) {
831 US_DEBUGP("-- transport indicates command failure\n");
836 * Also, if we have a short transfer on a command that can't have
837 * a short transfer, we're going to do this.
839 if ((srb
->resid
> 0) &&
840 !((srb
->cmnd
[0] == REQUEST_SENSE
) ||
841 (srb
->cmnd
[0] == INQUIRY
) ||
842 (srb
->cmnd
[0] == MODE_SENSE
) ||
843 (srb
->cmnd
[0] == LOG_SENSE
) ||
844 (srb
->cmnd
[0] == MODE_SENSE_10
))) {
845 US_DEBUGP("-- unexpectedly short transfer\n");
849 /* Now, if we need to do the auto-sense, let's do it */
850 if (need_auto_sense
) {
852 void* old_request_buffer
;
853 unsigned short old_sg
;
854 unsigned old_request_bufflen
;
855 unsigned char old_sc_data_direction
;
856 unsigned char old_cmnd
[MAX_COMMAND_SIZE
];
858 US_DEBUGP("Issuing auto-REQUEST_SENSE\n");
860 /* save the old command */
861 memcpy(old_cmnd
, srb
->cmnd
, MAX_COMMAND_SIZE
);
863 /* set the command and the LUN */
864 srb
->cmnd
[0] = REQUEST_SENSE
;
865 srb
->cmnd
[1] = old_cmnd
[1] & 0xE0;
871 /* set the transfer direction */
872 old_sc_data_direction
= srb
->sc_data_direction
;
873 srb
->sc_data_direction
= SCSI_DATA_READ
;
875 /* use the new buffer we have */
876 old_request_buffer
= srb
->request_buffer
;
877 srb
->request_buffer
= srb
->sense_buffer
;
879 /* set the buffer length for transfer */
880 old_request_bufflen
= srb
->request_bufflen
;
881 srb
->request_bufflen
= 18;
883 /* set up for no scatter-gather use */
884 old_sg
= srb
->use_sg
;
887 /* issue the auto-sense command */
888 temp_result
= us
->transport(us
->srb
, us
);
890 /* let's clean up right away */
891 srb
->request_buffer
= old_request_buffer
;
892 srb
->request_bufflen
= old_request_bufflen
;
893 srb
->use_sg
= old_sg
;
894 srb
->sc_data_direction
= old_sc_data_direction
;
895 memcpy(srb
->cmnd
, old_cmnd
, MAX_COMMAND_SIZE
);
897 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
898 US_DEBUGP("-- auto-sense aborted\n");
899 srb
->result
= DID_ABORT
<< 16;
902 if (temp_result
!= USB_STOR_TRANSPORT_GOOD
) {
903 US_DEBUGP("-- auto-sense failure\n");
905 /* we skip the reset if this happens to be a
906 * multi-target device, since failure of an
907 * auto-sense is perfectly valid
909 if (!(us
->flags
& US_FL_SCM_MULT_TARG
)) {
910 /* What if we try to abort during the reset? */
911 us
->transport_reset(us
);
913 srb
->result
= DID_ERROR
<< 16;
917 US_DEBUGP("-- Result from auto-sense is %d\n", temp_result
);
918 US_DEBUGP("-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
919 srb
->sense_buffer
[0],
920 srb
->sense_buffer
[2] & 0xf,
921 srb
->sense_buffer
[12],
922 srb
->sense_buffer
[13]);
923 #ifdef CONFIG_USB_STORAGE_DEBUG
925 srb
->sense_buffer
[2] & 0xf,
926 srb
->sense_buffer
[12],
927 srb
->sense_buffer
[13]);
930 /* set the result so the higher layers expect this data */
931 srb
->result
= CHECK_CONDITION
<< 1;
933 /* If things are really okay, then let's show that */
934 if ((srb
->sense_buffer
[2] & 0xf) == 0x0)
935 srb
->result
= GOOD
<< 1;
936 } else /* if (need_auto_sense) */
937 srb
->result
= GOOD
<< 1;
939 /* Regardless of auto-sense, if we _know_ we have an error
940 * condition, show that in the result code
942 if (result
== USB_STOR_TRANSPORT_FAILED
)
943 srb
->result
= CHECK_CONDITION
<< 1;
945 /* If we think we're good, then make sure the sense data shows it.
946 * This is necessary because the auto-sense for some devices always
947 * sets byte 0 == 0x70, even if there is no error
949 if ((us
->protocol
== US_PR_CB
|| us
->protocol
== US_PR_DPCM_USB
) &&
950 (result
== USB_STOR_TRANSPORT_GOOD
) &&
951 ((srb
->sense_buffer
[2] & 0xf) == 0x0))
952 srb
->sense_buffer
[0] = 0x0;
955 /* Abort the currently running scsi command or device reset.
956 * This must be called with scsi_lock(us->srb->host) held */
957 void usb_stor_abort_transport(struct us_data
*us
)
959 struct Scsi_Host
*host
;
960 int state
= atomic_read(&us
->sm_state
);
962 US_DEBUGP("usb_stor_abort_transport called\n");
964 /* Normally the current state is RUNNING. If the control thread
965 * hasn't even started processing this command, the state will be
966 * IDLE. Anything else is a bug. */
967 BUG_ON((state
!= US_STATE_RUNNING
&& state
!= US_STATE_IDLE
));
969 /* set state to abort and release the lock */
970 atomic_set(&us
->sm_state
, US_STATE_ABORTING
);
971 host
= us
->srb
->host
;
974 /* If the state machine is blocked waiting for an URB or an IRQ,
975 * let's wake it up */
977 /* If we have an URB pending, cancel it. The test_and_clear_bit()
978 * call guarantees that if a URB has just been submitted, it
979 * won't be cancelled more than once. */
980 if (test_and_clear_bit(US_FLIDX_CAN_CANCEL
, &us
->flags
)) {
981 US_DEBUGP("-- cancelling URB\n");
982 usb_unlink_urb(us
->current_urb
);
985 /* If we are waiting for a scatter-gather operation, cancel it. */
986 if (test_and_clear_bit(US_FLIDX_CANCEL_SG
, &us
->flags
)) {
987 US_DEBUGP("-- cancelling sg request\n");
988 usb_sg_cancel(us
->current_sg
);
991 /* If we are waiting for an IRQ, simulate it */
992 if (test_bit(US_FLIDX_IP_WANTED
, &us
->flags
)) {
993 US_DEBUGP("-- simulating missing IRQ\n");
994 usb_stor_CBI_irq(us
->irq_urb
);
997 /* Wait for the aborted command to finish */
998 wait_for_completion(&us
->notify
);
1000 /* Reacquire the lock: note that us->srb is now NULL */
1005 * Control/Bulk/Interrupt transport
1008 /* The interrupt handler for CBI devices */
1009 void usb_stor_CBI_irq(struct urb
*urb
)
1011 struct us_data
*us
= (struct us_data
*)urb
->context
;
1014 US_DEBUGP("USB IRQ received for device on host %d\n", us
->host_no
);
1015 US_DEBUGP("-- IRQ data length is %d\n", urb
->actual_length
);
1016 US_DEBUGP("-- IRQ state is %d\n", urb
->status
);
1017 US_DEBUGP("-- Interrupt Status (0x%x, 0x%x)\n",
1018 us
->irqbuf
[0], us
->irqbuf
[1]);
1020 /* has the current command been aborted? */
1021 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
1023 /* was this a wanted interrupt? */
1024 if (!test_and_clear_bit(US_FLIDX_IP_WANTED
, &us
->flags
)) {
1025 US_DEBUGP("ERROR: Unwanted interrupt received!\n");
1028 US_DEBUGP("-- command aborted\n");
1030 /* wake up the command thread */
1035 /* is the device removed? */
1036 if (urb
->status
== -ENOENT
) {
1037 US_DEBUGP("-- device has been removed\n");
1039 /* was this a wanted interrupt? */
1040 if (!test_and_clear_bit(US_FLIDX_IP_WANTED
, &us
->flags
))
1043 /* indicate a transport error -- this is the best we can do */
1044 us
->irqdata
[0] = us
->irqdata
[1] = 0xFF;
1046 /* wake up the command thread */
1051 /* reject improper IRQs */
1052 if (urb
->actual_length
!= 2) {
1053 US_DEBUGP("-- IRQ too short\n");
1057 /* was this a command-completion interrupt? */
1058 if (us
->irqbuf
[0] && (us
->subclass
!= US_SC_UFI
)) {
1059 US_DEBUGP("-- not a command-completion IRQ\n");
1063 /* was this a wanted interrupt? */
1064 if (!test_and_clear_bit(US_FLIDX_IP_WANTED
, &us
->flags
)) {
1065 US_DEBUGP("ERROR: Unwanted interrupt received!\n");
1069 /* copy the valid data */
1070 us
->irqdata
[0] = us
->irqbuf
[0];
1071 us
->irqdata
[1] = us
->irqbuf
[1];
1073 /* wake up the command thread */
1074 up(&(us
->ip_waitq
));
1077 /* resubmit the urb */
1078 status
= usb_submit_urb (urb
, GFP_ATOMIC
);
1080 err ("%s - usb_submit_urb failed with result %d",
1081 __FUNCTION__
, status
);
1084 int usb_stor_CBI_transport(Scsi_Cmnd
*srb
, struct us_data
*us
)
1086 unsigned int transfer_length
= usb_stor_transfer_length(srb
);
1089 /* re-initialize the mutex so that we avoid any races with
1090 * early/late IRQs from previous commands */
1091 init_MUTEX_LOCKED(&(us
->ip_waitq
));
1093 /* Set up for status notification */
1094 set_bit(US_FLIDX_IP_WANTED
, &us
->flags
);
1097 /* let's send the command via the control pipe */
1098 result
= usb_stor_ctrl_transfer(us
, us
->send_ctrl_pipe
,
1100 USB_TYPE_CLASS
| USB_RECIP_INTERFACE
, 0,
1101 us
->ifnum
, srb
->cmnd
, srb
->cmd_len
);
1103 /* check the return code for the command */
1104 US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result
);
1105 if (result
!= USB_STOR_XFER_GOOD
) {
1106 /* Reset flag for status notification */
1107 clear_bit(US_FLIDX_IP_WANTED
, &us
->flags
);
1108 /* Uh oh... serious problem here */
1109 return USB_STOR_TRANSPORT_ERROR
;
1113 /* transfer the data payload for this command, if one exists*/
1114 if (transfer_length
) {
1115 unsigned int pipe
= srb
->sc_data_direction
== SCSI_DATA_READ
?
1116 us
->recv_bulk_pipe
: us
->send_bulk_pipe
;
1117 result
= usb_stor_bulk_transfer_srb(us
, pipe
, srb
,
1119 US_DEBUGP("CBI data stage result is 0x%x\n", result
);
1120 if (result
== USB_STOR_XFER_ERROR
) {
1121 clear_bit(US_FLIDX_IP_WANTED
, &us
->flags
);
1122 return USB_STOR_TRANSPORT_ERROR
;
1128 /* go to sleep until we get this interrupt */
1129 down(&(us
->ip_waitq
));
1131 /* has the current command been aborted? */
1132 if (atomic_read(&us
->sm_state
) == US_STATE_ABORTING
) {
1133 US_DEBUGP("CBI interrupt aborted\n");
1134 return USB_STOR_TRANSPORT_ERROR
;
1137 US_DEBUGP("Got interrupt data (0x%x, 0x%x)\n",
1138 us
->irqdata
[0], us
->irqdata
[1]);
1140 /* UFI gives us ASC and ASCQ, like a request sense
1142 * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
1143 * devices, so we ignore the information for those commands. Note
1144 * that this means we could be ignoring a real error on these
1145 * commands, but that can't be helped.
1147 if (us
->subclass
== US_SC_UFI
) {
1148 if (srb
->cmnd
[0] == REQUEST_SENSE
||
1149 srb
->cmnd
[0] == INQUIRY
)
1150 return USB_STOR_TRANSPORT_GOOD
;
1153 return USB_STOR_TRANSPORT_FAILED
;
1155 return USB_STOR_TRANSPORT_GOOD
;
1159 /* If not UFI, we interpret the data as a result code
1160 * The first byte should always be a 0x0
1161 * The second byte & 0x0F should be 0x0 for good, otherwise error
1163 if (us
->irqdata
[0]) {
1164 US_DEBUGP("CBI IRQ data showed reserved bType %d\n",
1166 return USB_STOR_TRANSPORT_ERROR
;
1169 switch (us
->irqdata
[1] & 0x0F) {
1171 return USB_STOR_TRANSPORT_GOOD
;
1173 return USB_STOR_TRANSPORT_FAILED
;
1175 return USB_STOR_TRANSPORT_ERROR
;
1178 /* we should never get here, but if we do, we're in trouble */
1179 return USB_STOR_TRANSPORT_ERROR
;
1183 * Control/Bulk transport
1185 int usb_stor_CB_transport(Scsi_Cmnd
*srb
, struct us_data
*us
)
1187 unsigned int transfer_length
= usb_stor_transfer_length(srb
);
1191 /* let's send the command via the control pipe */
1192 result
= usb_stor_ctrl_transfer(us
, us
->send_ctrl_pipe
,
1194 USB_TYPE_CLASS
| USB_RECIP_INTERFACE
, 0,
1195 us
->ifnum
, srb
->cmnd
, srb
->cmd_len
);
1197 /* check the return code for the command */
1198 US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result
);
1199 if (result
!= USB_STOR_XFER_GOOD
) {
1200 /* Uh oh... serious problem here */
1201 return USB_STOR_TRANSPORT_ERROR
;
1205 /* transfer the data payload for this command, if one exists*/
1206 if (transfer_length
) {
1207 unsigned int pipe
= srb
->sc_data_direction
== SCSI_DATA_READ
?
1208 us
->recv_bulk_pipe
: us
->send_bulk_pipe
;
1209 result
= usb_stor_bulk_transfer_srb(us
, pipe
, srb
,
1211 US_DEBUGP("CB data stage result is 0x%x\n", result
);
1212 if (result
== USB_STOR_XFER_ERROR
)
1213 return USB_STOR_TRANSPORT_ERROR
;
1217 /* NOTE: CB does not have a status stage. Silly, I know. So
1218 * we have to catch this at a higher level.
1220 return USB_STOR_TRANSPORT_GOOD
;
1224 * Bulk only transport
1227 /* Determine what the maximum LUN supported is */
1228 int usb_stor_Bulk_max_lun(struct us_data
*us
)
1233 /* Issue the command -- use usb_control_msg() because this is
1234 * not a scsi queued-command. Also note that at this point the
1235 * cached pipe values have not yet been stored. */
1236 result
= usb_control_msg(us
->pusb_dev
,
1237 usb_rcvctrlpipe(us
->pusb_dev
, 0),
1238 US_BULK_GET_MAX_LUN
,
1239 USB_DIR_IN
| USB_TYPE_CLASS
|
1240 USB_RECIP_INTERFACE
,
1241 0, us
->ifnum
, &data
, sizeof(data
), HZ
);
1243 US_DEBUGP("GetMaxLUN command result is %d, data is %d\n",
1246 /* if we have a successful request, return the result */
1250 /* return the default -- no LUNs */
1254 int usb_stor_Bulk_transport(Scsi_Cmnd
*srb
, struct us_data
*us
)
1256 struct bulk_cb_wrap bcb
;
1257 struct bulk_cs_wrap bcs
;
1258 unsigned int transfer_length
= usb_stor_transfer_length(srb
);
1261 /* set up the command wrapper */
1262 bcb
.Signature
= cpu_to_le32(US_BULK_CB_SIGN
);
1263 bcb
.DataTransferLength
= cpu_to_le32(transfer_length
);
1264 bcb
.Flags
= srb
->sc_data_direction
== SCSI_DATA_READ
? 1 << 7 : 0;
1265 bcb
.Tag
= srb
->serial_number
;
1266 bcb
.Lun
= srb
->cmnd
[1] >> 5;
1267 if (us
->flags
& US_FL_SCM_MULT_TARG
)
1268 bcb
.Lun
|= srb
->target
<< 4;
1269 bcb
.Length
= srb
->cmd_len
;
1271 /* copy the command payload */
1272 memset(bcb
.CDB
, 0, sizeof(bcb
.CDB
));
1273 memcpy(bcb
.CDB
, srb
->cmnd
, bcb
.Length
);
1275 /* send it to out endpoint */
1276 US_DEBUGP("Bulk command S 0x%x T 0x%x Trg %d LUN %d L %d F %d CL %d\n",
1277 le32_to_cpu(bcb
.Signature
), bcb
.Tag
,
1278 (bcb
.Lun
>> 4), (bcb
.Lun
& 0x0F),
1279 le32_to_cpu(bcb
.DataTransferLength
), bcb
.Flags
, bcb
.Length
);
1280 result
= usb_stor_bulk_transfer_buf(us
, us
->send_bulk_pipe
,
1281 (char *) &bcb
, US_BULK_CB_WRAP_LEN
, NULL
);
1282 US_DEBUGP("Bulk command transfer result=%d\n", result
);
1283 if (result
!= USB_STOR_XFER_GOOD
)
1284 return USB_STOR_TRANSPORT_ERROR
;
1287 /* send/receive data payload, if there is any */
1288 if (transfer_length
) {
1289 unsigned int pipe
= srb
->sc_data_direction
== SCSI_DATA_READ
?
1290 us
->recv_bulk_pipe
: us
->send_bulk_pipe
;
1291 result
= usb_stor_bulk_transfer_srb(us
, pipe
, srb
,
1293 US_DEBUGP("Bulk data transfer result 0x%x\n", result
);
1294 if (result
== USB_STOR_XFER_ERROR
)
1295 return USB_STOR_TRANSPORT_ERROR
;
1298 /* See flow chart on pg 15 of the Bulk Only Transport spec for
1299 * an explanation of how this code works.
1302 /* get CSW for device status */
1303 US_DEBUGP("Attempting to get CSW...\n");
1304 result
= usb_stor_bulk_transfer_buf(us
, us
->recv_bulk_pipe
,
1305 (char *) &bcs
, US_BULK_CS_WRAP_LEN
, NULL
);
1307 /* did the attempt to read the CSW fail? */
1308 if (result
== USB_STOR_XFER_STALLED
) {
1310 /* get the status again */
1311 US_DEBUGP("Attempting to get CSW (2nd try)...\n");
1312 result
= usb_stor_bulk_transfer_buf(us
, us
->recv_bulk_pipe
,
1313 (char *) &bcs
, US_BULK_CS_WRAP_LEN
, NULL
);
1316 /* if we still have a failure at this point, we're in trouble */
1317 US_DEBUGP("Bulk status result = %d\n", result
);
1318 if (result
!= USB_STOR_XFER_GOOD
)
1319 return USB_STOR_TRANSPORT_ERROR
;
1321 /* check bulk status */
1322 US_DEBUGP("Bulk status Sig 0x%x T 0x%x R %d Stat 0x%x\n",
1323 le32_to_cpu(bcs
.Signature
), bcs
.Tag
,
1324 bcs
.Residue
, bcs
.Status
);
1325 if (bcs
.Signature
!= cpu_to_le32(US_BULK_CS_SIGN
) ||
1326 bcs
.Tag
!= bcb
.Tag
||
1327 bcs
.Status
> US_BULK_STAT_PHASE
) {
1328 US_DEBUGP("Bulk logical error\n");
1329 return USB_STOR_TRANSPORT_ERROR
;
1332 /* based on the status code, we report good or bad */
1333 switch (bcs
.Status
) {
1334 case US_BULK_STAT_OK
:
1335 /* command good -- note that data could be short */
1336 return USB_STOR_TRANSPORT_GOOD
;
1338 case US_BULK_STAT_FAIL
:
1339 /* command failed */
1340 return USB_STOR_TRANSPORT_FAILED
;
1342 case US_BULK_STAT_PHASE
:
1343 /* phase error -- note that a transport reset will be
1344 * invoked by the invoke_transport() function
1346 return USB_STOR_TRANSPORT_ERROR
;
1349 /* we should never get here, but if we do, we're in trouble */
1350 return USB_STOR_TRANSPORT_ERROR
;
1353 /***********************************************************************
1355 ***********************************************************************/
1357 /* This is the common part of the device reset code.
1359 * It's handy that every transport mechanism uses the control endpoint for
1362 * Basically, we send a reset with a 20-second timeout, so we don't get
1363 * jammed attempting to do the reset.
1365 static int usb_stor_reset_common(struct us_data
*us
,
1366 u8 request
, u8 requesttype
,
1367 u16 value
, u16 index
, void *data
, u16 size
)
1371 /* A 20-second timeout may seem rather long, but a LaCie
1372 * StudioDrive USB2 device takes 16+ seconds to get going
1373 * following a powerup or USB attach event. */
1375 /* Use usb_control_msg() because this is not a queued-command */
1376 result
= usb_control_msg(us
->pusb_dev
, us
->send_ctrl_pipe
,
1377 request
, requesttype
, value
, index
, data
, size
,
1382 /* long wait for reset */
1383 set_current_state(TASK_UNINTERRUPTIBLE
);
1384 schedule_timeout(HZ
*6);
1385 set_current_state(TASK_RUNNING
);
1387 /* Use usb_clear_halt() because this is not a queued-command */
1388 US_DEBUGP("Soft reset: clearing bulk-in endpoint halt\n");
1389 result
= usb_clear_halt(us
->pusb_dev
, us
->recv_bulk_pipe
);
1393 US_DEBUGP("Soft reset: clearing bulk-out endpoint halt\n");
1394 result
= usb_clear_halt(us
->pusb_dev
, us
->send_bulk_pipe
);
1398 /* return a result code based on the result of the control message */
1400 US_DEBUGP("Soft reset failed: %d\n", result
);
1403 US_DEBUGP("Soft reset done\n");
1409 /* This issues a CB[I] Reset to the device in question
1411 int usb_stor_CB_reset(struct us_data
*us
)
1413 unsigned char cmd
[12];
1415 US_DEBUGP("CB_reset() called\n");
1417 memset(cmd
, 0xFF, sizeof(cmd
));
1418 cmd
[0] = SEND_DIAGNOSTIC
;
1420 return usb_stor_reset_common(us
, US_CBI_ADSC
,
1421 USB_TYPE_CLASS
| USB_RECIP_INTERFACE
,
1422 0, us
->ifnum
, cmd
, sizeof(cmd
));
1425 /* This issues a Bulk-only Reset to the device in question, including
1426 * clearing the subsequent endpoint halts that may occur.
1428 int usb_stor_Bulk_reset(struct us_data
*us
)
1430 US_DEBUGP("Bulk reset requested\n");
1432 return usb_stor_reset_common(us
, US_BULK_RESET_REQUEST
,
1433 USB_TYPE_CLASS
| USB_RECIP_INTERFACE
,
1434 0, us
->ifnum
, NULL
, 0);