bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / usb / storage / uas.c
blob6034c39b67d14ab43376b87eabbbc8e5bf87e0b1
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * USB Attached SCSI
4 * Note that this is not the same as the USB Mass Storage driver
6 * Copyright Hans de Goede <hdegoede@redhat.com> for Red Hat, Inc. 2013 - 2016
7 * Copyright Matthew Wilcox for Intel Corp, 2010
8 * Copyright Sarah Sharp for Intel Corp, 2010
9 */
11 #include <linux/blkdev.h>
12 #include <linux/slab.h>
13 #include <linux/types.h>
14 #include <linux/module.h>
15 #include <linux/usb.h>
16 #include <linux/usb_usual.h>
17 #include <linux/usb/hcd.h>
18 #include <linux/usb/storage.h>
19 #include <linux/usb/uas.h>
21 #include <scsi/scsi.h>
22 #include <scsi/scsi_eh.h>
23 #include <scsi/scsi_dbg.h>
24 #include <scsi/scsi_cmnd.h>
25 #include <scsi/scsi_device.h>
26 #include <scsi/scsi_host.h>
27 #include <scsi/scsi_tcq.h>
29 #include "uas-detect.h"
30 #include "scsiglue.h"
32 #define MAX_CMNDS 256
34 struct uas_dev_info {
35 struct usb_interface *intf;
36 struct usb_device *udev;
37 struct usb_anchor cmd_urbs;
38 struct usb_anchor sense_urbs;
39 struct usb_anchor data_urbs;
40 unsigned long flags;
41 int qdepth, resetting;
42 unsigned cmd_pipe, status_pipe, data_in_pipe, data_out_pipe;
43 unsigned use_streams:1;
44 unsigned shutdown:1;
45 struct scsi_cmnd *cmnd[MAX_CMNDS];
46 spinlock_t lock;
47 struct work_struct work;
50 enum {
51 SUBMIT_STATUS_URB = BIT(1),
52 ALLOC_DATA_IN_URB = BIT(2),
53 SUBMIT_DATA_IN_URB = BIT(3),
54 ALLOC_DATA_OUT_URB = BIT(4),
55 SUBMIT_DATA_OUT_URB = BIT(5),
56 ALLOC_CMD_URB = BIT(6),
57 SUBMIT_CMD_URB = BIT(7),
58 COMMAND_INFLIGHT = BIT(8),
59 DATA_IN_URB_INFLIGHT = BIT(9),
60 DATA_OUT_URB_INFLIGHT = BIT(10),
61 COMMAND_ABORTED = BIT(11),
62 IS_IN_WORK_LIST = BIT(12),
65 /* Overrides scsi_pointer */
66 struct uas_cmd_info {
67 unsigned int state;
68 unsigned int uas_tag;
69 struct urb *cmd_urb;
70 struct urb *data_in_urb;
71 struct urb *data_out_urb;
74 /* I hate forward declarations, but I actually have a loop */
75 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
76 struct uas_dev_info *devinfo);
77 static void uas_do_work(struct work_struct *work);
78 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller);
79 static void uas_free_streams(struct uas_dev_info *devinfo);
80 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
81 int status);
83 static void uas_do_work(struct work_struct *work)
85 struct uas_dev_info *devinfo =
86 container_of(work, struct uas_dev_info, work);
87 struct uas_cmd_info *cmdinfo;
88 struct scsi_cmnd *cmnd;
89 unsigned long flags;
90 int i, err;
92 spin_lock_irqsave(&devinfo->lock, flags);
94 if (devinfo->resetting)
95 goto out;
97 for (i = 0; i < devinfo->qdepth; i++) {
98 if (!devinfo->cmnd[i])
99 continue;
101 cmnd = devinfo->cmnd[i];
102 cmdinfo = (void *)&cmnd->SCp;
104 if (!(cmdinfo->state & IS_IN_WORK_LIST))
105 continue;
107 err = uas_submit_urbs(cmnd, cmnd->device->hostdata);
108 if (!err)
109 cmdinfo->state &= ~IS_IN_WORK_LIST;
110 else
111 schedule_work(&devinfo->work);
113 out:
114 spin_unlock_irqrestore(&devinfo->lock, flags);
117 static void uas_add_work(struct uas_cmd_info *cmdinfo)
119 struct scsi_pointer *scp = (void *)cmdinfo;
120 struct scsi_cmnd *cmnd = container_of(scp, struct scsi_cmnd, SCp);
121 struct uas_dev_info *devinfo = cmnd->device->hostdata;
123 lockdep_assert_held(&devinfo->lock);
124 cmdinfo->state |= IS_IN_WORK_LIST;
125 schedule_work(&devinfo->work);
128 static void uas_zap_pending(struct uas_dev_info *devinfo, int result)
130 struct uas_cmd_info *cmdinfo;
131 struct scsi_cmnd *cmnd;
132 unsigned long flags;
133 int i, err;
135 spin_lock_irqsave(&devinfo->lock, flags);
136 for (i = 0; i < devinfo->qdepth; i++) {
137 if (!devinfo->cmnd[i])
138 continue;
140 cmnd = devinfo->cmnd[i];
141 cmdinfo = (void *)&cmnd->SCp;
142 uas_log_cmd_state(cmnd, __func__, 0);
143 /* Sense urbs were killed, clear COMMAND_INFLIGHT manually */
144 cmdinfo->state &= ~COMMAND_INFLIGHT;
145 cmnd->result = result << 16;
146 err = uas_try_complete(cmnd, __func__);
147 WARN_ON(err != 0);
149 spin_unlock_irqrestore(&devinfo->lock, flags);
152 static void uas_sense(struct urb *urb, struct scsi_cmnd *cmnd)
154 struct sense_iu *sense_iu = urb->transfer_buffer;
155 struct scsi_device *sdev = cmnd->device;
157 if (urb->actual_length > 16) {
158 unsigned len = be16_to_cpup(&sense_iu->len);
159 if (len + 16 != urb->actual_length) {
160 int newlen = min(len + 16, urb->actual_length) - 16;
161 if (newlen < 0)
162 newlen = 0;
163 sdev_printk(KERN_INFO, sdev, "%s: urb length %d "
164 "disagrees with IU sense data length %d, "
165 "using %d bytes of sense data\n", __func__,
166 urb->actual_length, len, newlen);
167 len = newlen;
169 memcpy(cmnd->sense_buffer, sense_iu->sense, len);
172 cmnd->result = sense_iu->status;
175 static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
176 int status)
178 struct uas_cmd_info *ci = (void *)&cmnd->SCp;
179 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
181 scmd_printk(KERN_INFO, cmnd,
182 "%s %d uas-tag %d inflight:%s%s%s%s%s%s%s%s%s%s%s%s ",
183 prefix, status, cmdinfo->uas_tag,
184 (ci->state & SUBMIT_STATUS_URB) ? " s-st" : "",
185 (ci->state & ALLOC_DATA_IN_URB) ? " a-in" : "",
186 (ci->state & SUBMIT_DATA_IN_URB) ? " s-in" : "",
187 (ci->state & ALLOC_DATA_OUT_URB) ? " a-out" : "",
188 (ci->state & SUBMIT_DATA_OUT_URB) ? " s-out" : "",
189 (ci->state & ALLOC_CMD_URB) ? " a-cmd" : "",
190 (ci->state & SUBMIT_CMD_URB) ? " s-cmd" : "",
191 (ci->state & COMMAND_INFLIGHT) ? " CMD" : "",
192 (ci->state & DATA_IN_URB_INFLIGHT) ? " IN" : "",
193 (ci->state & DATA_OUT_URB_INFLIGHT) ? " OUT" : "",
194 (ci->state & COMMAND_ABORTED) ? " abort" : "",
195 (ci->state & IS_IN_WORK_LIST) ? " work" : "");
196 scsi_print_command(cmnd);
199 static void uas_free_unsubmitted_urbs(struct scsi_cmnd *cmnd)
201 struct uas_cmd_info *cmdinfo;
203 if (!cmnd)
204 return;
206 cmdinfo = (void *)&cmnd->SCp;
208 if (cmdinfo->state & SUBMIT_CMD_URB)
209 usb_free_urb(cmdinfo->cmd_urb);
211 /* data urbs may have never gotten their submit flag set */
212 if (!(cmdinfo->state & DATA_IN_URB_INFLIGHT))
213 usb_free_urb(cmdinfo->data_in_urb);
214 if (!(cmdinfo->state & DATA_OUT_URB_INFLIGHT))
215 usb_free_urb(cmdinfo->data_out_urb);
218 static int uas_try_complete(struct scsi_cmnd *cmnd, const char *caller)
220 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
221 struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
223 lockdep_assert_held(&devinfo->lock);
224 if (cmdinfo->state & (COMMAND_INFLIGHT |
225 DATA_IN_URB_INFLIGHT |
226 DATA_OUT_URB_INFLIGHT |
227 COMMAND_ABORTED))
228 return -EBUSY;
229 devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
230 uas_free_unsubmitted_urbs(cmnd);
231 cmnd->scsi_done(cmnd);
232 return 0;
235 static void uas_xfer_data(struct urb *urb, struct scsi_cmnd *cmnd,
236 unsigned direction)
238 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
239 int err;
241 cmdinfo->state |= direction | SUBMIT_STATUS_URB;
242 err = uas_submit_urbs(cmnd, cmnd->device->hostdata);
243 if (err) {
244 uas_add_work(cmdinfo);
248 static bool uas_evaluate_response_iu(struct response_iu *riu, struct scsi_cmnd *cmnd)
250 u8 response_code = riu->response_code;
252 switch (response_code) {
253 case RC_INCORRECT_LUN:
254 cmnd->result = DID_BAD_TARGET << 16;
255 break;
256 case RC_TMF_SUCCEEDED:
257 cmnd->result = DID_OK << 16;
258 break;
259 case RC_TMF_NOT_SUPPORTED:
260 cmnd->result = DID_TARGET_FAILURE << 16;
261 break;
262 default:
263 uas_log_cmd_state(cmnd, "response iu", response_code);
264 cmnd->result = DID_ERROR << 16;
265 break;
268 return response_code == RC_TMF_SUCCEEDED;
271 static void uas_stat_cmplt(struct urb *urb)
273 struct iu *iu = urb->transfer_buffer;
274 struct Scsi_Host *shost = urb->context;
275 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
276 struct urb *data_in_urb = NULL;
277 struct urb *data_out_urb = NULL;
278 struct scsi_cmnd *cmnd;
279 struct uas_cmd_info *cmdinfo;
280 unsigned long flags;
281 unsigned int idx;
282 int status = urb->status;
283 bool success;
285 spin_lock_irqsave(&devinfo->lock, flags);
287 if (devinfo->resetting)
288 goto out;
290 if (status) {
291 if (status != -ENOENT && status != -ECONNRESET && status != -ESHUTDOWN)
292 dev_err(&urb->dev->dev, "stat urb: status %d\n", status);
293 goto out;
296 idx = be16_to_cpup(&iu->tag) - 1;
297 if (idx >= MAX_CMNDS || !devinfo->cmnd[idx]) {
298 dev_err(&urb->dev->dev,
299 "stat urb: no pending cmd for uas-tag %d\n", idx + 1);
300 goto out;
303 cmnd = devinfo->cmnd[idx];
304 cmdinfo = (void *)&cmnd->SCp;
306 if (!(cmdinfo->state & COMMAND_INFLIGHT)) {
307 uas_log_cmd_state(cmnd, "unexpected status cmplt", 0);
308 goto out;
311 switch (iu->iu_id) {
312 case IU_ID_STATUS:
313 uas_sense(urb, cmnd);
314 if (cmnd->result != 0) {
315 /* cancel data transfers on error */
316 data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
317 data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
319 cmdinfo->state &= ~COMMAND_INFLIGHT;
320 uas_try_complete(cmnd, __func__);
321 break;
322 case IU_ID_READ_READY:
323 if (!cmdinfo->data_in_urb ||
324 (cmdinfo->state & DATA_IN_URB_INFLIGHT)) {
325 uas_log_cmd_state(cmnd, "unexpected read rdy", 0);
326 break;
328 uas_xfer_data(urb, cmnd, SUBMIT_DATA_IN_URB);
329 break;
330 case IU_ID_WRITE_READY:
331 if (!cmdinfo->data_out_urb ||
332 (cmdinfo->state & DATA_OUT_URB_INFLIGHT)) {
333 uas_log_cmd_state(cmnd, "unexpected write rdy", 0);
334 break;
336 uas_xfer_data(urb, cmnd, SUBMIT_DATA_OUT_URB);
337 break;
338 case IU_ID_RESPONSE:
339 cmdinfo->state &= ~COMMAND_INFLIGHT;
340 success = uas_evaluate_response_iu((struct response_iu *)iu, cmnd);
341 if (!success) {
342 /* Error, cancel data transfers */
343 data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
344 data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
346 uas_try_complete(cmnd, __func__);
347 break;
348 default:
349 uas_log_cmd_state(cmnd, "bogus IU", iu->iu_id);
351 out:
352 usb_free_urb(urb);
353 spin_unlock_irqrestore(&devinfo->lock, flags);
355 /* Unlinking of data urbs must be done without holding the lock */
356 if (data_in_urb) {
357 usb_unlink_urb(data_in_urb);
358 usb_put_urb(data_in_urb);
360 if (data_out_urb) {
361 usb_unlink_urb(data_out_urb);
362 usb_put_urb(data_out_urb);
366 static void uas_data_cmplt(struct urb *urb)
368 struct scsi_cmnd *cmnd = urb->context;
369 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
370 struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
371 struct scsi_data_buffer *sdb = NULL;
372 unsigned long flags;
373 int status = urb->status;
375 spin_lock_irqsave(&devinfo->lock, flags);
377 if (cmdinfo->data_in_urb == urb) {
378 sdb = scsi_in(cmnd);
379 cmdinfo->state &= ~DATA_IN_URB_INFLIGHT;
380 cmdinfo->data_in_urb = NULL;
381 } else if (cmdinfo->data_out_urb == urb) {
382 sdb = scsi_out(cmnd);
383 cmdinfo->state &= ~DATA_OUT_URB_INFLIGHT;
384 cmdinfo->data_out_urb = NULL;
386 if (sdb == NULL) {
387 WARN_ON_ONCE(1);
388 goto out;
391 if (devinfo->resetting)
392 goto out;
394 /* Data urbs should not complete before the cmd urb is submitted */
395 if (cmdinfo->state & SUBMIT_CMD_URB) {
396 uas_log_cmd_state(cmnd, "unexpected data cmplt", 0);
397 goto out;
400 if (status) {
401 if (status != -ENOENT && status != -ECONNRESET && status != -ESHUTDOWN)
402 uas_log_cmd_state(cmnd, "data cmplt err", status);
403 /* error: no data transfered */
404 sdb->resid = sdb->length;
405 } else {
406 sdb->resid = sdb->length - urb->actual_length;
408 uas_try_complete(cmnd, __func__);
409 out:
410 usb_free_urb(urb);
411 spin_unlock_irqrestore(&devinfo->lock, flags);
414 static void uas_cmd_cmplt(struct urb *urb)
416 if (urb->status)
417 dev_err(&urb->dev->dev, "cmd cmplt err %d\n", urb->status);
419 usb_free_urb(urb);
422 static struct urb *uas_alloc_data_urb(struct uas_dev_info *devinfo, gfp_t gfp,
423 struct scsi_cmnd *cmnd,
424 enum dma_data_direction dir)
426 struct usb_device *udev = devinfo->udev;
427 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
428 struct urb *urb = usb_alloc_urb(0, gfp);
429 struct scsi_data_buffer *sdb = (dir == DMA_FROM_DEVICE)
430 ? scsi_in(cmnd) : scsi_out(cmnd);
431 unsigned int pipe = (dir == DMA_FROM_DEVICE)
432 ? devinfo->data_in_pipe : devinfo->data_out_pipe;
434 if (!urb)
435 goto out;
436 usb_fill_bulk_urb(urb, udev, pipe, NULL, sdb->length,
437 uas_data_cmplt, cmnd);
438 if (devinfo->use_streams)
439 urb->stream_id = cmdinfo->uas_tag;
440 urb->num_sgs = udev->bus->sg_tablesize ? sdb->table.nents : 0;
441 urb->sg = sdb->table.sgl;
442 out:
443 return urb;
446 static struct urb *uas_alloc_sense_urb(struct uas_dev_info *devinfo, gfp_t gfp,
447 struct scsi_cmnd *cmnd)
449 struct usb_device *udev = devinfo->udev;
450 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
451 struct urb *urb = usb_alloc_urb(0, gfp);
452 struct sense_iu *iu;
454 if (!urb)
455 goto out;
457 iu = kzalloc(sizeof(*iu), gfp);
458 if (!iu)
459 goto free;
461 usb_fill_bulk_urb(urb, udev, devinfo->status_pipe, iu, sizeof(*iu),
462 uas_stat_cmplt, cmnd->device->host);
463 if (devinfo->use_streams)
464 urb->stream_id = cmdinfo->uas_tag;
465 urb->transfer_flags |= URB_FREE_BUFFER;
466 out:
467 return urb;
468 free:
469 usb_free_urb(urb);
470 return NULL;
473 static struct urb *uas_alloc_cmd_urb(struct uas_dev_info *devinfo, gfp_t gfp,
474 struct scsi_cmnd *cmnd)
476 struct usb_device *udev = devinfo->udev;
477 struct scsi_device *sdev = cmnd->device;
478 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
479 struct urb *urb = usb_alloc_urb(0, gfp);
480 struct command_iu *iu;
481 int len;
483 if (!urb)
484 goto out;
486 len = cmnd->cmd_len - 16;
487 if (len < 0)
488 len = 0;
489 len = ALIGN(len, 4);
490 iu = kzalloc(sizeof(*iu) + len, gfp);
491 if (!iu)
492 goto free;
494 iu->iu_id = IU_ID_COMMAND;
495 iu->tag = cpu_to_be16(cmdinfo->uas_tag);
496 iu->prio_attr = UAS_SIMPLE_TAG;
497 iu->len = len;
498 int_to_scsilun(sdev->lun, &iu->lun);
499 memcpy(iu->cdb, cmnd->cmnd, cmnd->cmd_len);
501 usb_fill_bulk_urb(urb, udev, devinfo->cmd_pipe, iu, sizeof(*iu) + len,
502 uas_cmd_cmplt, NULL);
503 urb->transfer_flags |= URB_FREE_BUFFER;
504 out:
505 return urb;
506 free:
507 usb_free_urb(urb);
508 return NULL;
512 * Why should I request the Status IU before sending the Command IU? Spec
513 * says to, but also says the device may receive them in any order. Seems
514 * daft to me.
517 static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
519 struct uas_dev_info *devinfo = cmnd->device->hostdata;
520 struct urb *urb;
521 int err;
523 urb = uas_alloc_sense_urb(devinfo, gfp, cmnd);
524 if (!urb)
525 return NULL;
526 usb_anchor_urb(urb, &devinfo->sense_urbs);
527 err = usb_submit_urb(urb, gfp);
528 if (err) {
529 usb_unanchor_urb(urb);
530 uas_log_cmd_state(cmnd, "sense submit err", err);
531 usb_free_urb(urb);
532 return NULL;
534 return urb;
537 static int uas_submit_urbs(struct scsi_cmnd *cmnd,
538 struct uas_dev_info *devinfo)
540 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
541 struct urb *urb;
542 int err;
544 lockdep_assert_held(&devinfo->lock);
545 if (cmdinfo->state & SUBMIT_STATUS_URB) {
546 urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC);
547 if (!urb)
548 return SCSI_MLQUEUE_DEVICE_BUSY;
549 cmdinfo->state &= ~SUBMIT_STATUS_URB;
552 if (cmdinfo->state & ALLOC_DATA_IN_URB) {
553 cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC,
554 cmnd, DMA_FROM_DEVICE);
555 if (!cmdinfo->data_in_urb)
556 return SCSI_MLQUEUE_DEVICE_BUSY;
557 cmdinfo->state &= ~ALLOC_DATA_IN_URB;
560 if (cmdinfo->state & SUBMIT_DATA_IN_URB) {
561 usb_anchor_urb(cmdinfo->data_in_urb, &devinfo->data_urbs);
562 err = usb_submit_urb(cmdinfo->data_in_urb, GFP_ATOMIC);
563 if (err) {
564 usb_unanchor_urb(cmdinfo->data_in_urb);
565 uas_log_cmd_state(cmnd, "data in submit err", err);
566 return SCSI_MLQUEUE_DEVICE_BUSY;
568 cmdinfo->state &= ~SUBMIT_DATA_IN_URB;
569 cmdinfo->state |= DATA_IN_URB_INFLIGHT;
572 if (cmdinfo->state & ALLOC_DATA_OUT_URB) {
573 cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC,
574 cmnd, DMA_TO_DEVICE);
575 if (!cmdinfo->data_out_urb)
576 return SCSI_MLQUEUE_DEVICE_BUSY;
577 cmdinfo->state &= ~ALLOC_DATA_OUT_URB;
580 if (cmdinfo->state & SUBMIT_DATA_OUT_URB) {
581 usb_anchor_urb(cmdinfo->data_out_urb, &devinfo->data_urbs);
582 err = usb_submit_urb(cmdinfo->data_out_urb, GFP_ATOMIC);
583 if (err) {
584 usb_unanchor_urb(cmdinfo->data_out_urb);
585 uas_log_cmd_state(cmnd, "data out submit err", err);
586 return SCSI_MLQUEUE_DEVICE_BUSY;
588 cmdinfo->state &= ~SUBMIT_DATA_OUT_URB;
589 cmdinfo->state |= DATA_OUT_URB_INFLIGHT;
592 if (cmdinfo->state & ALLOC_CMD_URB) {
593 cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd);
594 if (!cmdinfo->cmd_urb)
595 return SCSI_MLQUEUE_DEVICE_BUSY;
596 cmdinfo->state &= ~ALLOC_CMD_URB;
599 if (cmdinfo->state & SUBMIT_CMD_URB) {
600 usb_anchor_urb(cmdinfo->cmd_urb, &devinfo->cmd_urbs);
601 err = usb_submit_urb(cmdinfo->cmd_urb, GFP_ATOMIC);
602 if (err) {
603 usb_unanchor_urb(cmdinfo->cmd_urb);
604 uas_log_cmd_state(cmnd, "cmd submit err", err);
605 return SCSI_MLQUEUE_DEVICE_BUSY;
607 cmdinfo->cmd_urb = NULL;
608 cmdinfo->state &= ~SUBMIT_CMD_URB;
609 cmdinfo->state |= COMMAND_INFLIGHT;
612 return 0;
615 static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
616 void (*done)(struct scsi_cmnd *))
618 struct scsi_device *sdev = cmnd->device;
619 struct uas_dev_info *devinfo = sdev->hostdata;
620 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
621 unsigned long flags;
622 int idx, err;
624 BUILD_BUG_ON(sizeof(struct uas_cmd_info) > sizeof(struct scsi_pointer));
626 /* Re-check scsi_block_requests now that we've the host-lock */
627 if (cmnd->device->host->host_self_blocked)
628 return SCSI_MLQUEUE_DEVICE_BUSY;
630 if ((devinfo->flags & US_FL_NO_ATA_1X) &&
631 (cmnd->cmnd[0] == ATA_12 || cmnd->cmnd[0] == ATA_16)) {
632 memcpy(cmnd->sense_buffer, usb_stor_sense_invalidCDB,
633 sizeof(usb_stor_sense_invalidCDB));
634 cmnd->result = SAM_STAT_CHECK_CONDITION;
635 cmnd->scsi_done(cmnd);
636 return 0;
639 spin_lock_irqsave(&devinfo->lock, flags);
641 if (devinfo->resetting) {
642 cmnd->result = DID_ERROR << 16;
643 cmnd->scsi_done(cmnd);
644 spin_unlock_irqrestore(&devinfo->lock, flags);
645 return 0;
648 /* Find a free uas-tag */
649 for (idx = 0; idx < devinfo->qdepth; idx++) {
650 if (!devinfo->cmnd[idx])
651 break;
653 if (idx == devinfo->qdepth) {
654 spin_unlock_irqrestore(&devinfo->lock, flags);
655 return SCSI_MLQUEUE_DEVICE_BUSY;
658 cmnd->scsi_done = done;
660 memset(cmdinfo, 0, sizeof(*cmdinfo));
661 cmdinfo->uas_tag = idx + 1; /* uas-tag == usb-stream-id, so 1 based */
662 cmdinfo->state = SUBMIT_STATUS_URB | ALLOC_CMD_URB | SUBMIT_CMD_URB;
664 switch (cmnd->sc_data_direction) {
665 case DMA_FROM_DEVICE:
666 cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
667 break;
668 case DMA_BIDIRECTIONAL:
669 cmdinfo->state |= ALLOC_DATA_IN_URB | SUBMIT_DATA_IN_URB;
670 /* fall through */
671 case DMA_TO_DEVICE:
672 cmdinfo->state |= ALLOC_DATA_OUT_URB | SUBMIT_DATA_OUT_URB;
673 case DMA_NONE:
674 break;
677 if (!devinfo->use_streams)
678 cmdinfo->state &= ~(SUBMIT_DATA_IN_URB | SUBMIT_DATA_OUT_URB);
680 err = uas_submit_urbs(cmnd, devinfo);
681 if (err) {
682 /* If we did nothing, give up now */
683 if (cmdinfo->state & SUBMIT_STATUS_URB) {
684 spin_unlock_irqrestore(&devinfo->lock, flags);
685 return SCSI_MLQUEUE_DEVICE_BUSY;
687 uas_add_work(cmdinfo);
690 devinfo->cmnd[idx] = cmnd;
691 spin_unlock_irqrestore(&devinfo->lock, flags);
692 return 0;
695 static DEF_SCSI_QCMD(uas_queuecommand)
698 * For now we do not support actually sending an abort to the device, so
699 * this eh always fails. Still we must define it to make sure that we've
700 * dropped all references to the cmnd in question once this function exits.
702 static int uas_eh_abort_handler(struct scsi_cmnd *cmnd)
704 struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
705 struct uas_dev_info *devinfo = (void *)cmnd->device->hostdata;
706 struct urb *data_in_urb = NULL;
707 struct urb *data_out_urb = NULL;
708 unsigned long flags;
710 spin_lock_irqsave(&devinfo->lock, flags);
712 uas_log_cmd_state(cmnd, __func__, 0);
714 /* Ensure that try_complete does not call scsi_done */
715 cmdinfo->state |= COMMAND_ABORTED;
717 /* Drop all refs to this cmnd, kill data urbs to break their ref */
718 devinfo->cmnd[cmdinfo->uas_tag - 1] = NULL;
719 if (cmdinfo->state & DATA_IN_URB_INFLIGHT)
720 data_in_urb = usb_get_urb(cmdinfo->data_in_urb);
721 if (cmdinfo->state & DATA_OUT_URB_INFLIGHT)
722 data_out_urb = usb_get_urb(cmdinfo->data_out_urb);
724 uas_free_unsubmitted_urbs(cmnd);
726 spin_unlock_irqrestore(&devinfo->lock, flags);
728 if (data_in_urb) {
729 usb_kill_urb(data_in_urb);
730 usb_put_urb(data_in_urb);
732 if (data_out_urb) {
733 usb_kill_urb(data_out_urb);
734 usb_put_urb(data_out_urb);
737 return FAILED;
740 static int uas_eh_device_reset_handler(struct scsi_cmnd *cmnd)
742 struct scsi_device *sdev = cmnd->device;
743 struct uas_dev_info *devinfo = sdev->hostdata;
744 struct usb_device *udev = devinfo->udev;
745 unsigned long flags;
746 int err;
748 err = usb_lock_device_for_reset(udev, devinfo->intf);
749 if (err) {
750 shost_printk(KERN_ERR, sdev->host,
751 "%s FAILED to get lock err %d\n", __func__, err);
752 return FAILED;
755 shost_printk(KERN_INFO, sdev->host, "%s start\n", __func__);
757 spin_lock_irqsave(&devinfo->lock, flags);
758 devinfo->resetting = 1;
759 spin_unlock_irqrestore(&devinfo->lock, flags);
761 usb_kill_anchored_urbs(&devinfo->cmd_urbs);
762 usb_kill_anchored_urbs(&devinfo->sense_urbs);
763 usb_kill_anchored_urbs(&devinfo->data_urbs);
764 uas_zap_pending(devinfo, DID_RESET);
766 err = usb_reset_device(udev);
768 spin_lock_irqsave(&devinfo->lock, flags);
769 devinfo->resetting = 0;
770 spin_unlock_irqrestore(&devinfo->lock, flags);
772 usb_unlock_device(udev);
774 if (err) {
775 shost_printk(KERN_INFO, sdev->host, "%s FAILED err %d\n",
776 __func__, err);
777 return FAILED;
780 shost_printk(KERN_INFO, sdev->host, "%s success\n", __func__);
781 return SUCCESS;
784 static int uas_target_alloc(struct scsi_target *starget)
786 struct uas_dev_info *devinfo = (struct uas_dev_info *)
787 dev_to_shost(starget->dev.parent)->hostdata;
789 if (devinfo->flags & US_FL_NO_REPORT_LUNS)
790 starget->no_report_luns = 1;
792 return 0;
795 static int uas_slave_alloc(struct scsi_device *sdev)
797 struct uas_dev_info *devinfo =
798 (struct uas_dev_info *)sdev->host->hostdata;
800 sdev->hostdata = devinfo;
803 * USB has unusual DMA-alignment requirements: Although the
804 * starting address of each scatter-gather element doesn't matter,
805 * the length of each element except the last must be divisible
806 * by the Bulk maxpacket value. There's currently no way to
807 * express this by block-layer constraints, so we'll cop out
808 * and simply require addresses to be aligned at 512-byte
809 * boundaries. This is okay since most block I/O involves
810 * hardware sectors that are multiples of 512 bytes in length,
811 * and since host controllers up through USB 2.0 have maxpacket
812 * values no larger than 512.
814 * But it doesn't suffice for Wireless USB, where Bulk maxpacket
815 * values can be as large as 2048. To make that work properly
816 * will require changes to the block layer.
818 blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
820 if (devinfo->flags & US_FL_MAX_SECTORS_64)
821 blk_queue_max_hw_sectors(sdev->request_queue, 64);
822 else if (devinfo->flags & US_FL_MAX_SECTORS_240)
823 blk_queue_max_hw_sectors(sdev->request_queue, 240);
825 return 0;
828 static int uas_slave_configure(struct scsi_device *sdev)
830 struct uas_dev_info *devinfo = sdev->hostdata;
832 if (devinfo->flags & US_FL_NO_REPORT_OPCODES)
833 sdev->no_report_opcodes = 1;
835 /* A few buggy USB-ATA bridges don't understand FUA */
836 if (devinfo->flags & US_FL_BROKEN_FUA)
837 sdev->broken_fua = 1;
839 scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
840 return 0;
843 static struct scsi_host_template uas_host_template = {
844 .module = THIS_MODULE,
845 .name = "uas",
846 .queuecommand = uas_queuecommand,
847 .target_alloc = uas_target_alloc,
848 .slave_alloc = uas_slave_alloc,
849 .slave_configure = uas_slave_configure,
850 .eh_abort_handler = uas_eh_abort_handler,
851 .eh_device_reset_handler = uas_eh_device_reset_handler,
852 .this_id = -1,
853 .sg_tablesize = SG_NONE,
854 .skip_settle_delay = 1,
857 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
858 vendorName, productName, useProtocol, useTransport, \
859 initFunction, flags) \
860 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
861 .driver_info = (flags) }
863 static struct usb_device_id uas_usb_ids[] = {
864 # include "unusual_uas.h"
865 { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_BULK) },
866 { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_UAS) },
869 MODULE_DEVICE_TABLE(usb, uas_usb_ids);
871 #undef UNUSUAL_DEV
873 static int uas_switch_interface(struct usb_device *udev,
874 struct usb_interface *intf)
876 struct usb_host_interface *alt;
878 alt = uas_find_uas_alt_setting(intf);
879 if (!alt)
880 return -ENODEV;
882 return usb_set_interface(udev, alt->desc.bInterfaceNumber,
883 alt->desc.bAlternateSetting);
886 static int uas_configure_endpoints(struct uas_dev_info *devinfo)
888 struct usb_host_endpoint *eps[4] = { };
889 struct usb_device *udev = devinfo->udev;
890 int r;
892 r = uas_find_endpoints(devinfo->intf->cur_altsetting, eps);
893 if (r)
894 return r;
896 devinfo->cmd_pipe = usb_sndbulkpipe(udev,
897 usb_endpoint_num(&eps[0]->desc));
898 devinfo->status_pipe = usb_rcvbulkpipe(udev,
899 usb_endpoint_num(&eps[1]->desc));
900 devinfo->data_in_pipe = usb_rcvbulkpipe(udev,
901 usb_endpoint_num(&eps[2]->desc));
902 devinfo->data_out_pipe = usb_sndbulkpipe(udev,
903 usb_endpoint_num(&eps[3]->desc));
905 if (udev->speed < USB_SPEED_SUPER) {
906 devinfo->qdepth = 32;
907 devinfo->use_streams = 0;
908 } else {
909 devinfo->qdepth = usb_alloc_streams(devinfo->intf, eps + 1,
910 3, MAX_CMNDS, GFP_NOIO);
911 if (devinfo->qdepth < 0)
912 return devinfo->qdepth;
913 devinfo->use_streams = 1;
916 return 0;
919 static void uas_free_streams(struct uas_dev_info *devinfo)
921 struct usb_device *udev = devinfo->udev;
922 struct usb_host_endpoint *eps[3];
924 eps[0] = usb_pipe_endpoint(udev, devinfo->status_pipe);
925 eps[1] = usb_pipe_endpoint(udev, devinfo->data_in_pipe);
926 eps[2] = usb_pipe_endpoint(udev, devinfo->data_out_pipe);
927 usb_free_streams(devinfo->intf, eps, 3, GFP_NOIO);
930 static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
932 int result = -ENOMEM;
933 struct Scsi_Host *shost = NULL;
934 struct uas_dev_info *devinfo;
935 struct usb_device *udev = interface_to_usbdev(intf);
936 unsigned long dev_flags;
938 if (!uas_use_uas_driver(intf, id, &dev_flags))
939 return -ENODEV;
941 if (uas_switch_interface(udev, intf))
942 return -ENODEV;
944 shost = scsi_host_alloc(&uas_host_template,
945 sizeof(struct uas_dev_info));
946 if (!shost)
947 goto set_alt0;
949 shost->max_cmd_len = 16 + 252;
950 shost->max_id = 1;
951 shost->max_lun = 256;
952 shost->max_channel = 0;
953 shost->sg_tablesize = udev->bus->sg_tablesize;
955 devinfo = (struct uas_dev_info *)shost->hostdata;
956 devinfo->intf = intf;
957 devinfo->udev = udev;
958 devinfo->resetting = 0;
959 devinfo->shutdown = 0;
960 devinfo->flags = dev_flags;
961 init_usb_anchor(&devinfo->cmd_urbs);
962 init_usb_anchor(&devinfo->sense_urbs);
963 init_usb_anchor(&devinfo->data_urbs);
964 spin_lock_init(&devinfo->lock);
965 INIT_WORK(&devinfo->work, uas_do_work);
967 result = uas_configure_endpoints(devinfo);
968 if (result)
969 goto set_alt0;
972 * 1 tag is reserved for untagged commands +
973 * 1 tag to avoid off by one errors in some bridge firmwares
975 shost->can_queue = devinfo->qdepth - 2;
977 usb_set_intfdata(intf, shost);
978 result = scsi_add_host(shost, &intf->dev);
979 if (result)
980 goto free_streams;
982 scsi_scan_host(shost);
983 return result;
985 free_streams:
986 uas_free_streams(devinfo);
987 usb_set_intfdata(intf, NULL);
988 set_alt0:
989 usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
990 if (shost)
991 scsi_host_put(shost);
992 return result;
995 static int uas_cmnd_list_empty(struct uas_dev_info *devinfo)
997 unsigned long flags;
998 int i, r = 1;
1000 spin_lock_irqsave(&devinfo->lock, flags);
1002 for (i = 0; i < devinfo->qdepth; i++) {
1003 if (devinfo->cmnd[i]) {
1004 r = 0; /* Not empty */
1005 break;
1009 spin_unlock_irqrestore(&devinfo->lock, flags);
1011 return r;
1015 * Wait for any pending cmnds to complete, on usb-2 sense_urbs may temporarily
1016 * get empty while there still is more work to do due to sense-urbs completing
1017 * with a READ/WRITE_READY iu code, so keep waiting until the list gets empty.
1019 static int uas_wait_for_pending_cmnds(struct uas_dev_info *devinfo)
1021 unsigned long start_time;
1022 int r;
1024 start_time = jiffies;
1025 do {
1026 flush_work(&devinfo->work);
1028 r = usb_wait_anchor_empty_timeout(&devinfo->sense_urbs, 5000);
1029 if (r == 0)
1030 return -ETIME;
1032 r = usb_wait_anchor_empty_timeout(&devinfo->data_urbs, 500);
1033 if (r == 0)
1034 return -ETIME;
1036 if (time_after(jiffies, start_time + 5 * HZ))
1037 return -ETIME;
1038 } while (!uas_cmnd_list_empty(devinfo));
1040 return 0;
1043 static int uas_pre_reset(struct usb_interface *intf)
1045 struct Scsi_Host *shost = usb_get_intfdata(intf);
1046 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1047 unsigned long flags;
1049 if (devinfo->shutdown)
1050 return 0;
1052 /* Block new requests */
1053 spin_lock_irqsave(shost->host_lock, flags);
1054 scsi_block_requests(shost);
1055 spin_unlock_irqrestore(shost->host_lock, flags);
1057 if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1058 shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1059 scsi_unblock_requests(shost);
1060 return 1;
1063 uas_free_streams(devinfo);
1065 return 0;
1068 static int uas_post_reset(struct usb_interface *intf)
1070 struct Scsi_Host *shost = usb_get_intfdata(intf);
1071 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1072 unsigned long flags;
1073 int err;
1075 if (devinfo->shutdown)
1076 return 0;
1078 err = uas_configure_endpoints(devinfo);
1079 if (err && err != -ENODEV)
1080 shost_printk(KERN_ERR, shost,
1081 "%s: alloc streams error %d after reset",
1082 __func__, err);
1084 /* we must unblock the host in every case lest we deadlock */
1085 spin_lock_irqsave(shost->host_lock, flags);
1086 scsi_report_bus_reset(shost, 0);
1087 spin_unlock_irqrestore(shost->host_lock, flags);
1089 scsi_unblock_requests(shost);
1091 return err ? 1 : 0;
1094 static int uas_suspend(struct usb_interface *intf, pm_message_t message)
1096 struct Scsi_Host *shost = usb_get_intfdata(intf);
1097 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1099 if (uas_wait_for_pending_cmnds(devinfo) != 0) {
1100 shost_printk(KERN_ERR, shost, "%s: timed out\n", __func__);
1101 return -ETIME;
1104 return 0;
1107 static int uas_resume(struct usb_interface *intf)
1109 return 0;
1112 static int uas_reset_resume(struct usb_interface *intf)
1114 struct Scsi_Host *shost = usb_get_intfdata(intf);
1115 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1116 unsigned long flags;
1117 int err;
1119 err = uas_configure_endpoints(devinfo);
1120 if (err) {
1121 shost_printk(KERN_ERR, shost,
1122 "%s: alloc streams error %d after reset",
1123 __func__, err);
1124 return -EIO;
1127 spin_lock_irqsave(shost->host_lock, flags);
1128 scsi_report_bus_reset(shost, 0);
1129 spin_unlock_irqrestore(shost->host_lock, flags);
1131 return 0;
1134 static void uas_disconnect(struct usb_interface *intf)
1136 struct Scsi_Host *shost = usb_get_intfdata(intf);
1137 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1138 unsigned long flags;
1140 spin_lock_irqsave(&devinfo->lock, flags);
1141 devinfo->resetting = 1;
1142 spin_unlock_irqrestore(&devinfo->lock, flags);
1144 cancel_work_sync(&devinfo->work);
1145 usb_kill_anchored_urbs(&devinfo->cmd_urbs);
1146 usb_kill_anchored_urbs(&devinfo->sense_urbs);
1147 usb_kill_anchored_urbs(&devinfo->data_urbs);
1148 uas_zap_pending(devinfo, DID_NO_CONNECT);
1150 scsi_remove_host(shost);
1151 uas_free_streams(devinfo);
1152 scsi_host_put(shost);
1156 * Put the device back in usb-storage mode on shutdown, as some BIOS-es
1157 * hang on reboot when the device is still in uas mode. Note the reset is
1158 * necessary as some devices won't revert to usb-storage mode without it.
1160 static void uas_shutdown(struct device *dev)
1162 struct usb_interface *intf = to_usb_interface(dev);
1163 struct usb_device *udev = interface_to_usbdev(intf);
1164 struct Scsi_Host *shost = usb_get_intfdata(intf);
1165 struct uas_dev_info *devinfo = (struct uas_dev_info *)shost->hostdata;
1167 if (system_state != SYSTEM_RESTART)
1168 return;
1170 devinfo->shutdown = 1;
1171 uas_free_streams(devinfo);
1172 usb_set_interface(udev, intf->altsetting[0].desc.bInterfaceNumber, 0);
1173 usb_reset_device(udev);
1176 static struct usb_driver uas_driver = {
1177 .name = "uas",
1178 .probe = uas_probe,
1179 .disconnect = uas_disconnect,
1180 .pre_reset = uas_pre_reset,
1181 .post_reset = uas_post_reset,
1182 .suspend = uas_suspend,
1183 .resume = uas_resume,
1184 .reset_resume = uas_reset_resume,
1185 .drvwrap.driver.shutdown = uas_shutdown,
1186 .id_table = uas_usb_ids,
1189 module_usb_driver(uas_driver);
1191 MODULE_LICENSE("GPL");
1192 MODULE_AUTHOR(
1193 "Hans de Goede <hdegoede@redhat.com>, Matthew Wilcox and Sarah Sharp");