bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / usb / storage / usb.c
blob9a79cd9762f31d50821cb84942a24e0e19290b57
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Driver for USB Mass Storage compliant devices
5 * Current development and maintenance by:
6 * (c) 1999-2003 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
8 * Developed with the assistance of:
9 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10 * (c) 2003-2009 Alan Stern (stern@rowland.harvard.edu)
12 * Initial work by:
13 * (c) 1999 Michael Gee (michael@linuxspecific.com)
15 * usb_device_id support by Adam J. Richter (adam@yggdrasil.com):
16 * (c) 2000 Yggdrasil Computing, Inc.
18 * This driver is based on the 'USB Mass Storage Class' document. This
19 * describes in detail the protocol used to communicate with such
20 * devices. Clearly, the designers had SCSI and ATAPI commands in
21 * mind when they created this document. The commands are all very
22 * similar to commands in the SCSI-II and ATAPI specifications.
24 * It is important to note that in a number of cases this class
25 * exhibits class-specific exemptions from the USB specification.
26 * Notably the usage of NAK, STALL and ACK differs from the norm, in
27 * that they are used to communicate wait, failed and OK on commands.
29 * Also, for certain devices, the interrupt endpoint is used to convey
30 * status of a command.
33 #ifdef CONFIG_USB_STORAGE_DEBUG
34 #define DEBUG
35 #endif
37 #include <linux/sched.h>
38 #include <linux/errno.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41 #include <linux/kthread.h>
42 #include <linux/mutex.h>
43 #include <linux/utsname.h>
45 #include <scsi/scsi.h>
46 #include <scsi/scsi_cmnd.h>
47 #include <scsi/scsi_device.h>
49 #include "usb.h"
50 #include "scsiglue.h"
51 #include "transport.h"
52 #include "protocol.h"
53 #include "debug.h"
54 #include "initializers.h"
56 #include "sierra_ms.h"
57 #include "option_ms.h"
59 #if IS_ENABLED(CONFIG_USB_UAS)
60 #include "uas-detect.h"
61 #endif
63 #define DRV_NAME "usb-storage"
65 /* Some informational data */
66 MODULE_AUTHOR("Matthew Dharm <mdharm-usb@one-eyed-alien.net>");
67 MODULE_DESCRIPTION("USB Mass Storage driver for Linux");
68 MODULE_LICENSE("GPL");
70 static unsigned int delay_use = 1;
71 module_param(delay_use, uint, S_IRUGO | S_IWUSR);
72 MODULE_PARM_DESC(delay_use, "seconds to delay before using a new device");
74 static char quirks[128];
75 module_param_string(quirks, quirks, sizeof(quirks), S_IRUGO | S_IWUSR);
76 MODULE_PARM_DESC(quirks, "supplemental list of device IDs and their quirks");
80 * The entries in this table correspond, line for line,
81 * with the entries in usb_storage_usb_ids[], defined in usual-tables.c.
85 *The vendor name should be kept at eight characters or less, and
86 * the product name should be kept at 16 characters or less. If a device
87 * has the US_FL_FIX_INQUIRY flag, then the vendor and product names
88 * normally generated by a device through the INQUIRY response will be
89 * taken from this list, and this is the reason for the above size
90 * restriction. However, if the flag is not present, then you
91 * are free to use as many characters as you like.
94 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
95 vendor_name, product_name, use_protocol, use_transport, \
96 init_function, Flags) \
97 { \
98 .vendorName = vendor_name, \
99 .productName = product_name, \
100 .useProtocol = use_protocol, \
101 .useTransport = use_transport, \
102 .initFunction = init_function, \
105 #define COMPLIANT_DEV UNUSUAL_DEV
107 #define USUAL_DEV(use_protocol, use_transport) \
109 .useProtocol = use_protocol, \
110 .useTransport = use_transport, \
113 #define UNUSUAL_VENDOR_INTF(idVendor, cl, sc, pr, \
114 vendor_name, product_name, use_protocol, use_transport, \
115 init_function, Flags) \
117 .vendorName = vendor_name, \
118 .productName = product_name, \
119 .useProtocol = use_protocol, \
120 .useTransport = use_transport, \
121 .initFunction = init_function, \
124 static struct us_unusual_dev us_unusual_dev_list[] = {
125 # include "unusual_devs.h"
126 { } /* Terminating entry */
129 static struct us_unusual_dev for_dynamic_ids =
130 USUAL_DEV(USB_SC_SCSI, USB_PR_BULK);
132 #undef UNUSUAL_DEV
133 #undef COMPLIANT_DEV
134 #undef USUAL_DEV
135 #undef UNUSUAL_VENDOR_INTF
137 #ifdef CONFIG_LOCKDEP
139 static struct lock_class_key us_interface_key[USB_MAXINTERFACES];
141 static void us_set_lock_class(struct mutex *mutex,
142 struct usb_interface *intf)
144 struct usb_device *udev = interface_to_usbdev(intf);
145 struct usb_host_config *config = udev->actconfig;
146 int i;
148 for (i = 0; i < config->desc.bNumInterfaces; i++) {
149 if (config->interface[i] == intf)
150 break;
153 BUG_ON(i == config->desc.bNumInterfaces);
155 lockdep_set_class(mutex, &us_interface_key[i]);
158 #else
160 static void us_set_lock_class(struct mutex *mutex,
161 struct usb_interface *intf)
165 #endif
167 #ifdef CONFIG_PM /* Minimal support for suspend and resume */
169 int usb_stor_suspend(struct usb_interface *iface, pm_message_t message)
171 struct us_data *us = usb_get_intfdata(iface);
173 /* Wait until no command is running */
174 mutex_lock(&us->dev_mutex);
176 if (us->suspend_resume_hook)
177 (us->suspend_resume_hook)(us, US_SUSPEND);
180 * When runtime PM is working, we'll set a flag to indicate
181 * whether we should autoresume when a SCSI request arrives.
184 mutex_unlock(&us->dev_mutex);
185 return 0;
187 EXPORT_SYMBOL_GPL(usb_stor_suspend);
189 int usb_stor_resume(struct usb_interface *iface)
191 struct us_data *us = usb_get_intfdata(iface);
193 mutex_lock(&us->dev_mutex);
195 if (us->suspend_resume_hook)
196 (us->suspend_resume_hook)(us, US_RESUME);
198 mutex_unlock(&us->dev_mutex);
199 return 0;
201 EXPORT_SYMBOL_GPL(usb_stor_resume);
203 int usb_stor_reset_resume(struct usb_interface *iface)
205 struct us_data *us = usb_get_intfdata(iface);
207 /* Report the reset to the SCSI core */
208 usb_stor_report_bus_reset(us);
211 * If any of the subdrivers implemented a reinitialization scheme,
212 * this is where the callback would be invoked.
214 return 0;
216 EXPORT_SYMBOL_GPL(usb_stor_reset_resume);
218 #endif /* CONFIG_PM */
221 * The next two routines get called just before and just after
222 * a USB port reset, whether from this driver or a different one.
225 int usb_stor_pre_reset(struct usb_interface *iface)
227 struct us_data *us = usb_get_intfdata(iface);
229 /* Make sure no command runs during the reset */
230 mutex_lock(&us->dev_mutex);
231 return 0;
233 EXPORT_SYMBOL_GPL(usb_stor_pre_reset);
235 int usb_stor_post_reset(struct usb_interface *iface)
237 struct us_data *us = usb_get_intfdata(iface);
239 /* Report the reset to the SCSI core */
240 usb_stor_report_bus_reset(us);
243 * If any of the subdrivers implemented a reinitialization scheme,
244 * this is where the callback would be invoked.
247 mutex_unlock(&us->dev_mutex);
248 return 0;
250 EXPORT_SYMBOL_GPL(usb_stor_post_reset);
253 * fill_inquiry_response takes an unsigned char array (which must
254 * be at least 36 characters) and populates the vendor name,
255 * product name, and revision fields. Then the array is copied
256 * into the SCSI command's response buffer (oddly enough
257 * called request_buffer). data_len contains the length of the
258 * data array, which again must be at least 36.
261 void fill_inquiry_response(struct us_data *us, unsigned char *data,
262 unsigned int data_len)
264 if (data_len < 36) /* You lose. */
265 return;
267 memset(data+8, ' ', 28);
268 if (data[0]&0x20) { /*
269 * USB device currently not connected. Return
270 * peripheral qualifier 001b ("...however, the
271 * physical device is not currently connected
272 * to this logical unit") and leave vendor and
273 * product identification empty. ("If the target
274 * does store some of the INQUIRY data on the
275 * device, it may return zeros or ASCII spaces
276 * (20h) in those fields until the data is
277 * available from the device.").
279 } else {
280 u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice);
281 int n;
283 n = strlen(us->unusual_dev->vendorName);
284 memcpy(data+8, us->unusual_dev->vendorName, min(8, n));
285 n = strlen(us->unusual_dev->productName);
286 memcpy(data+16, us->unusual_dev->productName, min(16, n));
288 data[32] = 0x30 + ((bcdDevice>>12) & 0x0F);
289 data[33] = 0x30 + ((bcdDevice>>8) & 0x0F);
290 data[34] = 0x30 + ((bcdDevice>>4) & 0x0F);
291 data[35] = 0x30 + ((bcdDevice) & 0x0F);
294 usb_stor_set_xfer_buf(data, data_len, us->srb);
296 EXPORT_SYMBOL_GPL(fill_inquiry_response);
298 static int usb_stor_control_thread(void * __us)
300 struct us_data *us = (struct us_data *)__us;
301 struct Scsi_Host *host = us_to_host(us);
302 struct scsi_cmnd *srb;
304 for (;;) {
305 usb_stor_dbg(us, "*** thread sleeping\n");
306 if (wait_for_completion_interruptible(&us->cmnd_ready))
307 break;
309 usb_stor_dbg(us, "*** thread awakened\n");
311 /* lock the device pointers */
312 mutex_lock(&(us->dev_mutex));
314 /* lock access to the state */
315 scsi_lock(host);
317 /* When we are called with no command pending, we're done */
318 srb = us->srb;
319 if (srb == NULL) {
320 scsi_unlock(host);
321 mutex_unlock(&us->dev_mutex);
322 usb_stor_dbg(us, "-- exiting\n");
323 break;
326 /* has the command timed out *already* ? */
327 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
328 srb->result = DID_ABORT << 16;
329 goto SkipForAbort;
332 scsi_unlock(host);
335 * reject the command if the direction indicator
336 * is UNKNOWN
338 if (srb->sc_data_direction == DMA_BIDIRECTIONAL) {
339 usb_stor_dbg(us, "UNKNOWN data direction\n");
340 srb->result = DID_ERROR << 16;
344 * reject if target != 0 or if LUN is higher than
345 * the maximum known LUN
347 else if (srb->device->id &&
348 !(us->fflags & US_FL_SCM_MULT_TARG)) {
349 usb_stor_dbg(us, "Bad target number (%d:%llu)\n",
350 srb->device->id,
351 srb->device->lun);
352 srb->result = DID_BAD_TARGET << 16;
355 else if (srb->device->lun > us->max_lun) {
356 usb_stor_dbg(us, "Bad LUN (%d:%llu)\n",
357 srb->device->id,
358 srb->device->lun);
359 srb->result = DID_BAD_TARGET << 16;
363 * Handle those devices which need us to fake
364 * their inquiry data
366 else if ((srb->cmnd[0] == INQUIRY) &&
367 (us->fflags & US_FL_FIX_INQUIRY)) {
368 unsigned char data_ptr[36] = {
369 0x00, 0x80, 0x02, 0x02,
370 0x1F, 0x00, 0x00, 0x00};
372 usb_stor_dbg(us, "Faking INQUIRY command\n");
373 fill_inquiry_response(us, data_ptr, 36);
374 srb->result = SAM_STAT_GOOD;
377 /* we've got a command, let's do it! */
378 else {
379 US_DEBUG(usb_stor_show_command(us, srb));
380 us->proto_handler(srb, us);
381 usb_mark_last_busy(us->pusb_dev);
384 /* lock access to the state */
385 scsi_lock(host);
387 /* was the command aborted? */
388 if (srb->result == DID_ABORT << 16) {
389 SkipForAbort:
390 usb_stor_dbg(us, "scsi command aborted\n");
391 srb = NULL; /* Don't call srb->scsi_done() */
395 * If an abort request was received we need to signal that
396 * the abort has finished. The proper test for this is
397 * the TIMED_OUT flag, not srb->result == DID_ABORT, because
398 * the timeout might have occurred after the command had
399 * already completed with a different result code.
401 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
402 complete(&(us->notify));
404 /* Allow USB transfers to resume */
405 clear_bit(US_FLIDX_ABORTING, &us->dflags);
406 clear_bit(US_FLIDX_TIMED_OUT, &us->dflags);
409 /* finished working on this command */
410 us->srb = NULL;
411 scsi_unlock(host);
413 /* unlock the device pointers */
414 mutex_unlock(&us->dev_mutex);
416 /* now that the locks are released, notify the SCSI core */
417 if (srb) {
418 usb_stor_dbg(us, "scsi cmd done, result=0x%x\n",
419 srb->result);
420 srb->scsi_done(srb);
422 } /* for (;;) */
424 /* Wait until we are told to stop */
425 for (;;) {
426 set_current_state(TASK_INTERRUPTIBLE);
427 if (kthread_should_stop())
428 break;
429 schedule();
431 __set_current_state(TASK_RUNNING);
432 return 0;
435 /***********************************************************************
436 * Device probing and disconnecting
437 ***********************************************************************/
439 /* Associate our private data with the USB device */
440 static int associate_dev(struct us_data *us, struct usb_interface *intf)
442 /* Fill in the device-related fields */
443 us->pusb_dev = interface_to_usbdev(intf);
444 us->pusb_intf = intf;
445 us->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
446 usb_stor_dbg(us, "Vendor: 0x%04x, Product: 0x%04x, Revision: 0x%04x\n",
447 le16_to_cpu(us->pusb_dev->descriptor.idVendor),
448 le16_to_cpu(us->pusb_dev->descriptor.idProduct),
449 le16_to_cpu(us->pusb_dev->descriptor.bcdDevice));
450 usb_stor_dbg(us, "Interface Subclass: 0x%02x, Protocol: 0x%02x\n",
451 intf->cur_altsetting->desc.bInterfaceSubClass,
452 intf->cur_altsetting->desc.bInterfaceProtocol);
454 /* Store our private data in the interface */
455 usb_set_intfdata(intf, us);
457 /* Allocate the control/setup and DMA-mapped buffers */
458 us->cr = kmalloc(sizeof(*us->cr), GFP_KERNEL);
459 if (!us->cr)
460 return -ENOMEM;
462 us->iobuf = usb_alloc_coherent(us->pusb_dev, US_IOBUF_SIZE,
463 GFP_KERNEL, &us->iobuf_dma);
464 if (!us->iobuf) {
465 usb_stor_dbg(us, "I/O buffer allocation failed\n");
466 return -ENOMEM;
468 return 0;
471 /* Works only for digits and letters, but small and fast */
472 #define TOLOWER(x) ((x) | 0x20)
474 /* Adjust device flags based on the "quirks=" module parameter */
475 void usb_stor_adjust_quirks(struct usb_device *udev, unsigned long *fflags)
477 char *p;
478 u16 vid = le16_to_cpu(udev->descriptor.idVendor);
479 u16 pid = le16_to_cpu(udev->descriptor.idProduct);
480 unsigned f = 0;
481 unsigned int mask = (US_FL_SANE_SENSE | US_FL_BAD_SENSE |
482 US_FL_FIX_CAPACITY | US_FL_IGNORE_UAS |
483 US_FL_CAPACITY_HEURISTICS | US_FL_IGNORE_DEVICE |
484 US_FL_NOT_LOCKABLE | US_FL_MAX_SECTORS_64 |
485 US_FL_CAPACITY_OK | US_FL_IGNORE_RESIDUE |
486 US_FL_SINGLE_LUN | US_FL_NO_WP_DETECT |
487 US_FL_NO_READ_DISC_INFO | US_FL_NO_READ_CAPACITY_16 |
488 US_FL_INITIAL_READ10 | US_FL_WRITE_CACHE |
489 US_FL_NO_ATA_1X | US_FL_NO_REPORT_OPCODES |
490 US_FL_MAX_SECTORS_240 | US_FL_NO_REPORT_LUNS |
491 US_FL_ALWAYS_SYNC);
493 p = quirks;
494 while (*p) {
495 /* Each entry consists of VID:PID:flags */
496 if (vid == simple_strtoul(p, &p, 16) &&
497 *p == ':' &&
498 pid == simple_strtoul(p+1, &p, 16) &&
499 *p == ':')
500 break;
502 /* Move forward to the next entry */
503 while (*p) {
504 if (*p++ == ',')
505 break;
508 if (!*p) /* No match */
509 return;
511 /* Collect the flags */
512 while (*++p && *p != ',') {
513 switch (TOLOWER(*p)) {
514 case 'a':
515 f |= US_FL_SANE_SENSE;
516 break;
517 case 'b':
518 f |= US_FL_BAD_SENSE;
519 break;
520 case 'c':
521 f |= US_FL_FIX_CAPACITY;
522 break;
523 case 'd':
524 f |= US_FL_NO_READ_DISC_INFO;
525 break;
526 case 'e':
527 f |= US_FL_NO_READ_CAPACITY_16;
528 break;
529 case 'f':
530 f |= US_FL_NO_REPORT_OPCODES;
531 break;
532 case 'g':
533 f |= US_FL_MAX_SECTORS_240;
534 break;
535 case 'h':
536 f |= US_FL_CAPACITY_HEURISTICS;
537 break;
538 case 'i':
539 f |= US_FL_IGNORE_DEVICE;
540 break;
541 case 'j':
542 f |= US_FL_NO_REPORT_LUNS;
543 break;
544 case 'l':
545 f |= US_FL_NOT_LOCKABLE;
546 break;
547 case 'm':
548 f |= US_FL_MAX_SECTORS_64;
549 break;
550 case 'n':
551 f |= US_FL_INITIAL_READ10;
552 break;
553 case 'o':
554 f |= US_FL_CAPACITY_OK;
555 break;
556 case 'p':
557 f |= US_FL_WRITE_CACHE;
558 break;
559 case 'r':
560 f |= US_FL_IGNORE_RESIDUE;
561 break;
562 case 's':
563 f |= US_FL_SINGLE_LUN;
564 break;
565 case 't':
566 f |= US_FL_NO_ATA_1X;
567 break;
568 case 'u':
569 f |= US_FL_IGNORE_UAS;
570 break;
571 case 'w':
572 f |= US_FL_NO_WP_DETECT;
573 break;
574 case 'y':
575 f |= US_FL_ALWAYS_SYNC;
576 break;
577 /* Ignore unrecognized flag characters */
580 *fflags = (*fflags & ~mask) | f;
582 EXPORT_SYMBOL_GPL(usb_stor_adjust_quirks);
584 /* Get the unusual_devs entries and the string descriptors */
585 static int get_device_info(struct us_data *us, const struct usb_device_id *id,
586 struct us_unusual_dev *unusual_dev)
588 struct usb_device *dev = us->pusb_dev;
589 struct usb_interface_descriptor *idesc =
590 &us->pusb_intf->cur_altsetting->desc;
591 struct device *pdev = &us->pusb_intf->dev;
593 /* Store the entries */
594 us->unusual_dev = unusual_dev;
595 us->subclass = (unusual_dev->useProtocol == USB_SC_DEVICE) ?
596 idesc->bInterfaceSubClass :
597 unusual_dev->useProtocol;
598 us->protocol = (unusual_dev->useTransport == USB_PR_DEVICE) ?
599 idesc->bInterfaceProtocol :
600 unusual_dev->useTransport;
601 us->fflags = id->driver_info;
602 usb_stor_adjust_quirks(us->pusb_dev, &us->fflags);
604 if (us->fflags & US_FL_IGNORE_DEVICE) {
605 dev_info(pdev, "device ignored\n");
606 return -ENODEV;
610 * This flag is only needed when we're in high-speed, so let's
611 * disable it if we're in full-speed
613 if (dev->speed != USB_SPEED_HIGH)
614 us->fflags &= ~US_FL_GO_SLOW;
616 if (us->fflags)
617 dev_info(pdev, "Quirks match for vid %04x pid %04x: %lx\n",
618 le16_to_cpu(dev->descriptor.idVendor),
619 le16_to_cpu(dev->descriptor.idProduct),
620 us->fflags);
623 * Log a message if a non-generic unusual_dev entry contains an
624 * unnecessary subclass or protocol override. This may stimulate
625 * reports from users that will help us remove unneeded entries
626 * from the unusual_devs.h table.
628 if (id->idVendor || id->idProduct) {
629 static const char *msgs[3] = {
630 "an unneeded SubClass entry",
631 "an unneeded Protocol entry",
632 "unneeded SubClass and Protocol entries"};
633 struct usb_device_descriptor *ddesc = &dev->descriptor;
634 int msg = -1;
636 if (unusual_dev->useProtocol != USB_SC_DEVICE &&
637 us->subclass == idesc->bInterfaceSubClass)
638 msg += 1;
639 if (unusual_dev->useTransport != USB_PR_DEVICE &&
640 us->protocol == idesc->bInterfaceProtocol)
641 msg += 2;
642 if (msg >= 0 && !(us->fflags & US_FL_NEED_OVERRIDE))
643 dev_notice(pdev, "This device "
644 "(%04x,%04x,%04x S %02x P %02x)"
645 " has %s in unusual_devs.h (kernel"
646 " %s)\n"
647 " Please send a copy of this message to "
648 "<linux-usb@vger.kernel.org> and "
649 "<usb-storage@lists.one-eyed-alien.net>\n",
650 le16_to_cpu(ddesc->idVendor),
651 le16_to_cpu(ddesc->idProduct),
652 le16_to_cpu(ddesc->bcdDevice),
653 idesc->bInterfaceSubClass,
654 idesc->bInterfaceProtocol,
655 msgs[msg],
656 utsname()->release);
659 return 0;
662 /* Get the transport settings */
663 static void get_transport(struct us_data *us)
665 switch (us->protocol) {
666 case USB_PR_CB:
667 us->transport_name = "Control/Bulk";
668 us->transport = usb_stor_CB_transport;
669 us->transport_reset = usb_stor_CB_reset;
670 us->max_lun = 7;
671 break;
673 case USB_PR_CBI:
674 us->transport_name = "Control/Bulk/Interrupt";
675 us->transport = usb_stor_CB_transport;
676 us->transport_reset = usb_stor_CB_reset;
677 us->max_lun = 7;
678 break;
680 case USB_PR_BULK:
681 us->transport_name = "Bulk";
682 us->transport = usb_stor_Bulk_transport;
683 us->transport_reset = usb_stor_Bulk_reset;
684 break;
688 /* Get the protocol settings */
689 static void get_protocol(struct us_data *us)
691 switch (us->subclass) {
692 case USB_SC_RBC:
693 us->protocol_name = "Reduced Block Commands (RBC)";
694 us->proto_handler = usb_stor_transparent_scsi_command;
695 break;
697 case USB_SC_8020:
698 us->protocol_name = "8020i";
699 us->proto_handler = usb_stor_pad12_command;
700 us->max_lun = 0;
701 break;
703 case USB_SC_QIC:
704 us->protocol_name = "QIC-157";
705 us->proto_handler = usb_stor_pad12_command;
706 us->max_lun = 0;
707 break;
709 case USB_SC_8070:
710 us->protocol_name = "8070i";
711 us->proto_handler = usb_stor_pad12_command;
712 us->max_lun = 0;
713 break;
715 case USB_SC_SCSI:
716 us->protocol_name = "Transparent SCSI";
717 us->proto_handler = usb_stor_transparent_scsi_command;
718 break;
720 case USB_SC_UFI:
721 us->protocol_name = "Uniform Floppy Interface (UFI)";
722 us->proto_handler = usb_stor_ufi_command;
723 break;
727 /* Get the pipe settings */
728 static int get_pipes(struct us_data *us)
730 struct usb_host_interface *alt = us->pusb_intf->cur_altsetting;
731 struct usb_endpoint_descriptor *ep_in;
732 struct usb_endpoint_descriptor *ep_out;
733 struct usb_endpoint_descriptor *ep_int;
734 int res;
737 * Find the first endpoint of each type we need.
738 * We are expecting a minimum of 2 endpoints - in and out (bulk).
739 * An optional interrupt-in is OK (necessary for CBI protocol).
740 * We will ignore any others.
742 res = usb_find_common_endpoints(alt, &ep_in, &ep_out, NULL, NULL);
743 if (res) {
744 usb_stor_dbg(us, "bulk endpoints not found\n");
745 return res;
748 res = usb_find_int_in_endpoint(alt, &ep_int);
749 if (res && us->protocol == USB_PR_CBI) {
750 usb_stor_dbg(us, "interrupt endpoint not found\n");
751 return res;
754 /* Calculate and store the pipe values */
755 us->send_ctrl_pipe = usb_sndctrlpipe(us->pusb_dev, 0);
756 us->recv_ctrl_pipe = usb_rcvctrlpipe(us->pusb_dev, 0);
757 us->send_bulk_pipe = usb_sndbulkpipe(us->pusb_dev,
758 usb_endpoint_num(ep_out));
759 us->recv_bulk_pipe = usb_rcvbulkpipe(us->pusb_dev,
760 usb_endpoint_num(ep_in));
761 if (ep_int) {
762 us->recv_intr_pipe = usb_rcvintpipe(us->pusb_dev,
763 usb_endpoint_num(ep_int));
764 us->ep_bInterval = ep_int->bInterval;
766 return 0;
769 /* Initialize all the dynamic resources we need */
770 static int usb_stor_acquire_resources(struct us_data *us)
772 int p;
773 struct task_struct *th;
775 us->current_urb = usb_alloc_urb(0, GFP_KERNEL);
776 if (!us->current_urb)
777 return -ENOMEM;
780 * Just before we start our control thread, initialize
781 * the device if it needs initialization
783 if (us->unusual_dev->initFunction) {
784 p = us->unusual_dev->initFunction(us);
785 if (p)
786 return p;
789 /* Start up our control thread */
790 th = kthread_run(usb_stor_control_thread, us, "usb-storage");
791 if (IS_ERR(th)) {
792 dev_warn(&us->pusb_intf->dev,
793 "Unable to start control thread\n");
794 return PTR_ERR(th);
796 us->ctl_thread = th;
798 return 0;
801 /* Release all our dynamic resources */
802 static void usb_stor_release_resources(struct us_data *us)
805 * Tell the control thread to exit. The SCSI host must
806 * already have been removed and the DISCONNECTING flag set
807 * so that we won't accept any more commands.
809 usb_stor_dbg(us, "-- sending exit command to thread\n");
810 complete(&us->cmnd_ready);
811 if (us->ctl_thread)
812 kthread_stop(us->ctl_thread);
814 /* Call the destructor routine, if it exists */
815 if (us->extra_destructor) {
816 usb_stor_dbg(us, "-- calling extra_destructor()\n");
817 us->extra_destructor(us->extra);
820 /* Free the extra data and the URB */
821 kfree(us->extra);
822 usb_free_urb(us->current_urb);
825 /* Dissociate from the USB device */
826 static void dissociate_dev(struct us_data *us)
828 /* Free the buffers */
829 kfree(us->cr);
830 usb_free_coherent(us->pusb_dev, US_IOBUF_SIZE, us->iobuf, us->iobuf_dma);
832 /* Remove our private data from the interface */
833 usb_set_intfdata(us->pusb_intf, NULL);
837 * First stage of disconnect processing: stop SCSI scanning,
838 * remove the host, and stop accepting new commands
840 static void quiesce_and_remove_host(struct us_data *us)
842 struct Scsi_Host *host = us_to_host(us);
844 /* If the device is really gone, cut short reset delays */
845 if (us->pusb_dev->state == USB_STATE_NOTATTACHED) {
846 set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
847 wake_up(&us->delay_wait);
851 * Prevent SCSI scanning (if it hasn't started yet)
852 * or wait for the SCSI-scanning routine to stop.
854 cancel_delayed_work_sync(&us->scan_dwork);
856 /* Balance autopm calls if scanning was cancelled */
857 if (test_bit(US_FLIDX_SCAN_PENDING, &us->dflags))
858 usb_autopm_put_interface_no_suspend(us->pusb_intf);
861 * Removing the host will perform an orderly shutdown: caches
862 * synchronized, disks spun down, etc.
864 scsi_remove_host(host);
867 * Prevent any new commands from being accepted and cut short
868 * reset delays.
870 scsi_lock(host);
871 set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
872 scsi_unlock(host);
873 wake_up(&us->delay_wait);
876 /* Second stage of disconnect processing: deallocate all resources */
877 static void release_everything(struct us_data *us)
879 usb_stor_release_resources(us);
880 dissociate_dev(us);
883 * Drop our reference to the host; the SCSI core will free it
884 * (and "us" along with it) when the refcount becomes 0.
886 scsi_host_put(us_to_host(us));
889 /* Delayed-work routine to carry out SCSI-device scanning */
890 static void usb_stor_scan_dwork(struct work_struct *work)
892 struct us_data *us = container_of(work, struct us_data,
893 scan_dwork.work);
894 struct device *dev = &us->pusb_intf->dev;
896 dev_dbg(dev, "starting scan\n");
898 /* For bulk-only devices, determine the max LUN value */
899 if (us->protocol == USB_PR_BULK &&
900 !(us->fflags & US_FL_SINGLE_LUN) &&
901 !(us->fflags & US_FL_SCM_MULT_TARG)) {
902 mutex_lock(&us->dev_mutex);
903 us->max_lun = usb_stor_Bulk_max_lun(us);
905 * Allow proper scanning of devices that present more than 8 LUNs
906 * While not affecting other devices that may need the previous
907 * behavior
909 if (us->max_lun >= 8)
910 us_to_host(us)->max_lun = us->max_lun+1;
911 mutex_unlock(&us->dev_mutex);
913 scsi_scan_host(us_to_host(us));
914 dev_dbg(dev, "scan complete\n");
916 /* Should we unbind if no devices were detected? */
918 usb_autopm_put_interface(us->pusb_intf);
919 clear_bit(US_FLIDX_SCAN_PENDING, &us->dflags);
922 static unsigned int usb_stor_sg_tablesize(struct usb_interface *intf)
924 struct usb_device *usb_dev = interface_to_usbdev(intf);
926 if (usb_dev->bus->sg_tablesize) {
927 return usb_dev->bus->sg_tablesize;
929 return SG_ALL;
932 /* First part of general USB mass-storage probing */
933 int usb_stor_probe1(struct us_data **pus,
934 struct usb_interface *intf,
935 const struct usb_device_id *id,
936 struct us_unusual_dev *unusual_dev,
937 struct scsi_host_template *sht)
939 struct Scsi_Host *host;
940 struct us_data *us;
941 int result;
943 dev_info(&intf->dev, "USB Mass Storage device detected\n");
946 * Ask the SCSI layer to allocate a host structure, with extra
947 * space at the end for our private us_data structure.
949 host = scsi_host_alloc(sht, sizeof(*us));
950 if (!host) {
951 dev_warn(&intf->dev, "Unable to allocate the scsi host\n");
952 return -ENOMEM;
956 * Allow 16-byte CDBs and thus > 2TB
958 host->max_cmd_len = 16;
959 host->sg_tablesize = usb_stor_sg_tablesize(intf);
960 *pus = us = host_to_us(host);
961 mutex_init(&(us->dev_mutex));
962 us_set_lock_class(&us->dev_mutex, intf);
963 init_completion(&us->cmnd_ready);
964 init_completion(&(us->notify));
965 init_waitqueue_head(&us->delay_wait);
966 INIT_DELAYED_WORK(&us->scan_dwork, usb_stor_scan_dwork);
968 /* Associate the us_data structure with the USB device */
969 result = associate_dev(us, intf);
970 if (result)
971 goto BadDevice;
973 /* Get the unusual_devs entries and the descriptors */
974 result = get_device_info(us, id, unusual_dev);
975 if (result)
976 goto BadDevice;
978 /* Get standard transport and protocol settings */
979 get_transport(us);
980 get_protocol(us);
983 * Give the caller a chance to fill in specialized transport
984 * or protocol settings.
986 return 0;
988 BadDevice:
989 usb_stor_dbg(us, "storage_probe() failed\n");
990 release_everything(us);
991 return result;
993 EXPORT_SYMBOL_GPL(usb_stor_probe1);
995 /* Second part of general USB mass-storage probing */
996 int usb_stor_probe2(struct us_data *us)
998 int result;
999 struct device *dev = &us->pusb_intf->dev;
1001 /* Make sure the transport and protocol have both been set */
1002 if (!us->transport || !us->proto_handler) {
1003 result = -ENXIO;
1004 goto BadDevice;
1006 usb_stor_dbg(us, "Transport: %s\n", us->transport_name);
1007 usb_stor_dbg(us, "Protocol: %s\n", us->protocol_name);
1009 if (us->fflags & US_FL_SCM_MULT_TARG) {
1011 * SCM eUSCSI bridge devices can have different numbers
1012 * of LUNs on different targets; allow all to be probed.
1014 us->max_lun = 7;
1015 /* The eUSCSI itself has ID 7, so avoid scanning that */
1016 us_to_host(us)->this_id = 7;
1017 /* max_id is 8 initially, so no need to set it here */
1018 } else {
1019 /* In the normal case there is only a single target */
1020 us_to_host(us)->max_id = 1;
1022 * Like Windows, we won't store the LUN bits in CDB[1] for
1023 * SCSI-2 devices using the Bulk-Only transport (even though
1024 * this violates the SCSI spec).
1026 if (us->transport == usb_stor_Bulk_transport)
1027 us_to_host(us)->no_scsi2_lun_in_cdb = 1;
1030 /* fix for single-lun devices */
1031 if (us->fflags & US_FL_SINGLE_LUN)
1032 us->max_lun = 0;
1034 /* Find the endpoints and calculate pipe values */
1035 result = get_pipes(us);
1036 if (result)
1037 goto BadDevice;
1040 * If the device returns invalid data for the first READ(10)
1041 * command, indicate the command should be retried.
1043 if (us->fflags & US_FL_INITIAL_READ10)
1044 set_bit(US_FLIDX_REDO_READ10, &us->dflags);
1046 /* Acquire all the other resources and add the host */
1047 result = usb_stor_acquire_resources(us);
1048 if (result)
1049 goto BadDevice;
1050 usb_autopm_get_interface_no_resume(us->pusb_intf);
1051 snprintf(us->scsi_name, sizeof(us->scsi_name), "usb-storage %s",
1052 dev_name(&us->pusb_intf->dev));
1053 result = scsi_add_host(us_to_host(us), dev);
1054 if (result) {
1055 dev_warn(dev,
1056 "Unable to add the scsi host\n");
1057 goto HostAddErr;
1060 /* Submit the delayed_work for SCSI-device scanning */
1061 set_bit(US_FLIDX_SCAN_PENDING, &us->dflags);
1063 if (delay_use > 0)
1064 dev_dbg(dev, "waiting for device to settle before scanning\n");
1065 queue_delayed_work(system_freezable_wq, &us->scan_dwork,
1066 delay_use * HZ);
1067 return 0;
1069 /* We come here if there are any problems */
1070 HostAddErr:
1071 usb_autopm_put_interface_no_suspend(us->pusb_intf);
1072 BadDevice:
1073 usb_stor_dbg(us, "storage_probe() failed\n");
1074 release_everything(us);
1075 return result;
1077 EXPORT_SYMBOL_GPL(usb_stor_probe2);
1079 /* Handle a USB mass-storage disconnect */
1080 void usb_stor_disconnect(struct usb_interface *intf)
1082 struct us_data *us = usb_get_intfdata(intf);
1084 quiesce_and_remove_host(us);
1085 release_everything(us);
1087 EXPORT_SYMBOL_GPL(usb_stor_disconnect);
1089 static struct scsi_host_template usb_stor_host_template;
1091 /* The main probe routine for standard devices */
1092 static int storage_probe(struct usb_interface *intf,
1093 const struct usb_device_id *id)
1095 struct us_unusual_dev *unusual_dev;
1096 struct us_data *us;
1097 int result;
1098 int size;
1100 /* If uas is enabled and this device can do uas then ignore it. */
1101 #if IS_ENABLED(CONFIG_USB_UAS)
1102 if (uas_use_uas_driver(intf, id, NULL))
1103 return -ENXIO;
1104 #endif
1107 * If the device isn't standard (is handled by a subdriver
1108 * module) then don't accept it.
1110 if (usb_usual_ignore_device(intf))
1111 return -ENXIO;
1114 * Call the general probe procedures.
1116 * The unusual_dev_list array is parallel to the usb_storage_usb_ids
1117 * table, so we use the index of the id entry to find the
1118 * corresponding unusual_devs entry.
1121 size = ARRAY_SIZE(us_unusual_dev_list);
1122 if (id >= usb_storage_usb_ids && id < usb_storage_usb_ids + size) {
1123 unusual_dev = (id - usb_storage_usb_ids) + us_unusual_dev_list;
1124 } else {
1125 unusual_dev = &for_dynamic_ids;
1127 dev_dbg(&intf->dev, "Use Bulk-Only transport with the Transparent SCSI protocol for dynamic id: 0x%04x 0x%04x\n",
1128 id->idVendor, id->idProduct);
1131 result = usb_stor_probe1(&us, intf, id, unusual_dev,
1132 &usb_stor_host_template);
1133 if (result)
1134 return result;
1136 /* No special transport or protocol settings in the main module */
1138 result = usb_stor_probe2(us);
1139 return result;
1142 static struct usb_driver usb_storage_driver = {
1143 .name = DRV_NAME,
1144 .probe = storage_probe,
1145 .disconnect = usb_stor_disconnect,
1146 .suspend = usb_stor_suspend,
1147 .resume = usb_stor_resume,
1148 .reset_resume = usb_stor_reset_resume,
1149 .pre_reset = usb_stor_pre_reset,
1150 .post_reset = usb_stor_post_reset,
1151 .id_table = usb_storage_usb_ids,
1152 .supports_autosuspend = 1,
1153 .soft_unbind = 1,
1156 module_usb_stor_driver(usb_storage_driver, usb_stor_host_template, DRV_NAME);