net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
[linux/fpc-iii.git] / drivers / usb / storage / jumpshot.c
blob229bf0c1afc91f0f00cd0b3b1f21f6b0e19b3b18
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Driver for Lexar "Jumpshot" Compact Flash reader
5 * jumpshot driver v0.1:
7 * First release
9 * Current development and maintenance by:
10 * (c) 2000 Jimmie Mayfield (mayfield+usb@sackheads.org)
12 * Many thanks to Robert Baruch for the SanDisk SmartMedia reader driver
13 * which I used as a template for this driver.
15 * Some bugfixes and scatter-gather code by Gregory P. Smith
16 * (greg-usb@electricrain.com)
18 * Fix for media change by Joerg Schneider (js@joergschneider.com)
20 * Developed with the assistance of:
22 * (C) 2002 Alan Stern <stern@rowland.org>
26 * This driver attempts to support the Lexar Jumpshot USB CompactFlash
27 * reader. Like many other USB CompactFlash readers, the Jumpshot contains
28 * a USB-to-ATA chip.
30 * This driver supports reading and writing. If you're truly paranoid,
31 * however, you can force the driver into a write-protected state by setting
32 * the WP enable bits in jumpshot_handle_mode_sense. See the comments
33 * in that routine.
36 #include <linux/errno.h>
37 #include <linux/module.h>
38 #include <linux/slab.h>
40 #include <scsi/scsi.h>
41 #include <scsi/scsi_cmnd.h>
43 #include "usb.h"
44 #include "transport.h"
45 #include "protocol.h"
46 #include "debug.h"
47 #include "scsiglue.h"
49 #define DRV_NAME "ums-jumpshot"
51 MODULE_DESCRIPTION("Driver for Lexar \"Jumpshot\" Compact Flash reader");
52 MODULE_AUTHOR("Jimmie Mayfield <mayfield+usb@sackheads.org>");
53 MODULE_LICENSE("GPL");
54 MODULE_IMPORT_NS(USB_STORAGE);
57 * The table of devices
59 #define UNUSUAL_DEV(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax, \
60 vendorName, productName, useProtocol, useTransport, \
61 initFunction, flags) \
62 { USB_DEVICE_VER(id_vendor, id_product, bcdDeviceMin, bcdDeviceMax), \
63 .driver_info = (flags) }
65 static struct usb_device_id jumpshot_usb_ids[] = {
66 # include "unusual_jumpshot.h"
67 { } /* Terminating entry */
69 MODULE_DEVICE_TABLE(usb, jumpshot_usb_ids);
71 #undef UNUSUAL_DEV
74 * The flags table
76 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
77 vendor_name, product_name, use_protocol, use_transport, \
78 init_function, Flags) \
79 { \
80 .vendorName = vendor_name, \
81 .productName = product_name, \
82 .useProtocol = use_protocol, \
83 .useTransport = use_transport, \
84 .initFunction = init_function, \
87 static struct us_unusual_dev jumpshot_unusual_dev_list[] = {
88 # include "unusual_jumpshot.h"
89 { } /* Terminating entry */
92 #undef UNUSUAL_DEV
95 struct jumpshot_info {
96 unsigned long sectors; /* total sector count */
97 unsigned long ssize; /* sector size in bytes */
99 /* the following aren't used yet */
100 unsigned char sense_key;
101 unsigned long sense_asc; /* additional sense code */
102 unsigned long sense_ascq; /* additional sense code qualifier */
105 static inline int jumpshot_bulk_read(struct us_data *us,
106 unsigned char *data,
107 unsigned int len)
109 if (len == 0)
110 return USB_STOR_XFER_GOOD;
112 usb_stor_dbg(us, "len = %d\n", len);
113 return usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
114 data, len, NULL);
118 static inline int jumpshot_bulk_write(struct us_data *us,
119 unsigned char *data,
120 unsigned int len)
122 if (len == 0)
123 return USB_STOR_XFER_GOOD;
125 usb_stor_dbg(us, "len = %d\n", len);
126 return usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
127 data, len, NULL);
131 static int jumpshot_get_status(struct us_data *us)
133 int rc;
135 if (!us)
136 return USB_STOR_TRANSPORT_ERROR;
138 // send the setup
139 rc = usb_stor_ctrl_transfer(us, us->recv_ctrl_pipe,
140 0, 0xA0, 0, 7, us->iobuf, 1);
142 if (rc != USB_STOR_XFER_GOOD)
143 return USB_STOR_TRANSPORT_ERROR;
145 if (us->iobuf[0] != 0x50) {
146 usb_stor_dbg(us, "0x%2x\n", us->iobuf[0]);
147 return USB_STOR_TRANSPORT_ERROR;
150 return USB_STOR_TRANSPORT_GOOD;
153 static int jumpshot_read_data(struct us_data *us,
154 struct jumpshot_info *info,
155 u32 sector,
156 u32 sectors)
158 unsigned char *command = us->iobuf;
159 unsigned char *buffer;
160 unsigned char thistime;
161 unsigned int totallen, alloclen;
162 int len, result;
163 unsigned int sg_offset = 0;
164 struct scatterlist *sg = NULL;
166 // we're working in LBA mode. according to the ATA spec,
167 // we can support up to 28-bit addressing. I don't know if Jumpshot
168 // supports beyond 24-bit addressing. It's kind of hard to test
169 // since it requires > 8GB CF card.
171 if (sector > 0x0FFFFFFF)
172 return USB_STOR_TRANSPORT_ERROR;
174 totallen = sectors * info->ssize;
176 // Since we don't read more than 64 KB at a time, we have to create
177 // a bounce buffer and move the data a piece at a time between the
178 // bounce buffer and the actual transfer buffer.
180 alloclen = min(totallen, 65536u);
181 buffer = kmalloc(alloclen, GFP_NOIO);
182 if (buffer == NULL)
183 return USB_STOR_TRANSPORT_ERROR;
185 do {
186 // loop, never allocate or transfer more than 64k at once
187 // (min(128k, 255*info->ssize) is the real limit)
188 len = min(totallen, alloclen);
189 thistime = (len / info->ssize) & 0xff;
191 command[0] = 0;
192 command[1] = thistime;
193 command[2] = sector & 0xFF;
194 command[3] = (sector >> 8) & 0xFF;
195 command[4] = (sector >> 16) & 0xFF;
197 command[5] = 0xE0 | ((sector >> 24) & 0x0F);
198 command[6] = 0x20;
200 // send the setup + command
201 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
202 0, 0x20, 0, 1, command, 7);
203 if (result != USB_STOR_XFER_GOOD)
204 goto leave;
206 // read the result
207 result = jumpshot_bulk_read(us, buffer, len);
208 if (result != USB_STOR_XFER_GOOD)
209 goto leave;
211 usb_stor_dbg(us, "%d bytes\n", len);
213 // Store the data in the transfer buffer
214 usb_stor_access_xfer_buf(buffer, len, us->srb,
215 &sg, &sg_offset, TO_XFER_BUF);
217 sector += thistime;
218 totallen -= len;
219 } while (totallen > 0);
221 kfree(buffer);
222 return USB_STOR_TRANSPORT_GOOD;
224 leave:
225 kfree(buffer);
226 return USB_STOR_TRANSPORT_ERROR;
230 static int jumpshot_write_data(struct us_data *us,
231 struct jumpshot_info *info,
232 u32 sector,
233 u32 sectors)
235 unsigned char *command = us->iobuf;
236 unsigned char *buffer;
237 unsigned char thistime;
238 unsigned int totallen, alloclen;
239 int len, result, waitcount;
240 unsigned int sg_offset = 0;
241 struct scatterlist *sg = NULL;
243 // we're working in LBA mode. according to the ATA spec,
244 // we can support up to 28-bit addressing. I don't know if Jumpshot
245 // supports beyond 24-bit addressing. It's kind of hard to test
246 // since it requires > 8GB CF card.
248 if (sector > 0x0FFFFFFF)
249 return USB_STOR_TRANSPORT_ERROR;
251 totallen = sectors * info->ssize;
253 // Since we don't write more than 64 KB at a time, we have to create
254 // a bounce buffer and move the data a piece at a time between the
255 // bounce buffer and the actual transfer buffer.
257 alloclen = min(totallen, 65536u);
258 buffer = kmalloc(alloclen, GFP_NOIO);
259 if (buffer == NULL)
260 return USB_STOR_TRANSPORT_ERROR;
262 do {
263 // loop, never allocate or transfer more than 64k at once
264 // (min(128k, 255*info->ssize) is the real limit)
266 len = min(totallen, alloclen);
267 thistime = (len / info->ssize) & 0xff;
269 // Get the data from the transfer buffer
270 usb_stor_access_xfer_buf(buffer, len, us->srb,
271 &sg, &sg_offset, FROM_XFER_BUF);
273 command[0] = 0;
274 command[1] = thistime;
275 command[2] = sector & 0xFF;
276 command[3] = (sector >> 8) & 0xFF;
277 command[4] = (sector >> 16) & 0xFF;
279 command[5] = 0xE0 | ((sector >> 24) & 0x0F);
280 command[6] = 0x30;
282 // send the setup + command
283 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
284 0, 0x20, 0, 1, command, 7);
285 if (result != USB_STOR_XFER_GOOD)
286 goto leave;
288 // send the data
289 result = jumpshot_bulk_write(us, buffer, len);
290 if (result != USB_STOR_XFER_GOOD)
291 goto leave;
293 // read the result. apparently the bulk write can complete
294 // before the jumpshot drive is finished writing. so we loop
295 // here until we get a good return code
296 waitcount = 0;
297 do {
298 result = jumpshot_get_status(us);
299 if (result != USB_STOR_TRANSPORT_GOOD) {
300 // I have not experimented to find the smallest value.
302 msleep(50);
304 } while ((result != USB_STOR_TRANSPORT_GOOD) && (waitcount < 10));
306 if (result != USB_STOR_TRANSPORT_GOOD)
307 usb_stor_dbg(us, "Gah! Waitcount = 10. Bad write!?\n");
309 sector += thistime;
310 totallen -= len;
311 } while (totallen > 0);
313 kfree(buffer);
314 return result;
316 leave:
317 kfree(buffer);
318 return USB_STOR_TRANSPORT_ERROR;
321 static int jumpshot_id_device(struct us_data *us,
322 struct jumpshot_info *info)
324 unsigned char *command = us->iobuf;
325 unsigned char *reply;
326 int rc;
328 if (!info)
329 return USB_STOR_TRANSPORT_ERROR;
331 command[0] = 0xE0;
332 command[1] = 0xEC;
333 reply = kmalloc(512, GFP_NOIO);
334 if (!reply)
335 return USB_STOR_TRANSPORT_ERROR;
337 // send the setup
338 rc = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
339 0, 0x20, 0, 6, command, 2);
341 if (rc != USB_STOR_XFER_GOOD) {
342 usb_stor_dbg(us, "Gah! send_control for read_capacity failed\n");
343 rc = USB_STOR_TRANSPORT_ERROR;
344 goto leave;
347 // read the reply
348 rc = jumpshot_bulk_read(us, reply, 512);
349 if (rc != USB_STOR_XFER_GOOD) {
350 rc = USB_STOR_TRANSPORT_ERROR;
351 goto leave;
354 info->sectors = ((u32)(reply[117]) << 24) |
355 ((u32)(reply[116]) << 16) |
356 ((u32)(reply[115]) << 8) |
357 ((u32)(reply[114]) );
359 rc = USB_STOR_TRANSPORT_GOOD;
361 leave:
362 kfree(reply);
363 return rc;
366 static int jumpshot_handle_mode_sense(struct us_data *us,
367 struct scsi_cmnd * srb,
368 int sense_6)
370 static unsigned char rw_err_page[12] = {
371 0x1, 0xA, 0x21, 1, 0, 0, 0, 0, 1, 0, 0, 0
373 static unsigned char cache_page[12] = {
374 0x8, 0xA, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0
376 static unsigned char rbac_page[12] = {
377 0x1B, 0xA, 0, 0x81, 0, 0, 0, 0, 0, 0, 0, 0
379 static unsigned char timer_page[8] = {
380 0x1C, 0x6, 0, 0, 0, 0
382 unsigned char pc, page_code;
383 unsigned int i = 0;
384 struct jumpshot_info *info = (struct jumpshot_info *) (us->extra);
385 unsigned char *ptr = us->iobuf;
387 pc = srb->cmnd[2] >> 6;
388 page_code = srb->cmnd[2] & 0x3F;
390 switch (pc) {
391 case 0x0:
392 usb_stor_dbg(us, "Current values\n");
393 break;
394 case 0x1:
395 usb_stor_dbg(us, "Changeable values\n");
396 break;
397 case 0x2:
398 usb_stor_dbg(us, "Default values\n");
399 break;
400 case 0x3:
401 usb_stor_dbg(us, "Saves values\n");
402 break;
405 memset(ptr, 0, 8);
406 if (sense_6) {
407 ptr[2] = 0x00; // WP enable: 0x80
408 i = 4;
409 } else {
410 ptr[3] = 0x00; // WP enable: 0x80
411 i = 8;
414 switch (page_code) {
415 case 0x0:
416 // vendor-specific mode
417 info->sense_key = 0x05;
418 info->sense_asc = 0x24;
419 info->sense_ascq = 0x00;
420 return USB_STOR_TRANSPORT_FAILED;
422 case 0x1:
423 memcpy(ptr + i, rw_err_page, sizeof(rw_err_page));
424 i += sizeof(rw_err_page);
425 break;
427 case 0x8:
428 memcpy(ptr + i, cache_page, sizeof(cache_page));
429 i += sizeof(cache_page);
430 break;
432 case 0x1B:
433 memcpy(ptr + i, rbac_page, sizeof(rbac_page));
434 i += sizeof(rbac_page);
435 break;
437 case 0x1C:
438 memcpy(ptr + i, timer_page, sizeof(timer_page));
439 i += sizeof(timer_page);
440 break;
442 case 0x3F:
443 memcpy(ptr + i, timer_page, sizeof(timer_page));
444 i += sizeof(timer_page);
445 memcpy(ptr + i, rbac_page, sizeof(rbac_page));
446 i += sizeof(rbac_page);
447 memcpy(ptr + i, cache_page, sizeof(cache_page));
448 i += sizeof(cache_page);
449 memcpy(ptr + i, rw_err_page, sizeof(rw_err_page));
450 i += sizeof(rw_err_page);
451 break;
454 if (sense_6)
455 ptr[0] = i - 1;
456 else
457 ((__be16 *) ptr)[0] = cpu_to_be16(i - 2);
458 usb_stor_set_xfer_buf(ptr, i, srb);
460 return USB_STOR_TRANSPORT_GOOD;
464 static void jumpshot_info_destructor(void *extra)
466 // this routine is a placeholder...
467 // currently, we don't allocate any extra blocks so we're okay
472 // Transport for the Lexar 'Jumpshot'
474 static int jumpshot_transport(struct scsi_cmnd *srb, struct us_data *us)
476 struct jumpshot_info *info;
477 int rc;
478 unsigned long block, blocks;
479 unsigned char *ptr = us->iobuf;
480 static unsigned char inquiry_response[8] = {
481 0x00, 0x80, 0x00, 0x01, 0x1F, 0x00, 0x00, 0x00
484 if (!us->extra) {
485 us->extra = kzalloc(sizeof(struct jumpshot_info), GFP_NOIO);
486 if (!us->extra)
487 return USB_STOR_TRANSPORT_ERROR;
489 us->extra_destructor = jumpshot_info_destructor;
492 info = (struct jumpshot_info *) (us->extra);
494 if (srb->cmnd[0] == INQUIRY) {
495 usb_stor_dbg(us, "INQUIRY - Returning bogus response\n");
496 memcpy(ptr, inquiry_response, sizeof(inquiry_response));
497 fill_inquiry_response(us, ptr, 36);
498 return USB_STOR_TRANSPORT_GOOD;
501 if (srb->cmnd[0] == READ_CAPACITY) {
502 info->ssize = 0x200; // hard coded 512 byte sectors as per ATA spec
504 rc = jumpshot_get_status(us);
505 if (rc != USB_STOR_TRANSPORT_GOOD)
506 return rc;
508 rc = jumpshot_id_device(us, info);
509 if (rc != USB_STOR_TRANSPORT_GOOD)
510 return rc;
512 usb_stor_dbg(us, "READ_CAPACITY: %ld sectors, %ld bytes per sector\n",
513 info->sectors, info->ssize);
515 // build the reply
517 ((__be32 *) ptr)[0] = cpu_to_be32(info->sectors - 1);
518 ((__be32 *) ptr)[1] = cpu_to_be32(info->ssize);
519 usb_stor_set_xfer_buf(ptr, 8, srb);
521 return USB_STOR_TRANSPORT_GOOD;
524 if (srb->cmnd[0] == MODE_SELECT_10) {
525 usb_stor_dbg(us, "Gah! MODE_SELECT_10\n");
526 return USB_STOR_TRANSPORT_ERROR;
529 if (srb->cmnd[0] == READ_10) {
530 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
531 ((u32)(srb->cmnd[4]) << 8) | ((u32)(srb->cmnd[5]));
533 blocks = ((u32)(srb->cmnd[7]) << 8) | ((u32)(srb->cmnd[8]));
535 usb_stor_dbg(us, "READ_10: read block 0x%04lx count %ld\n",
536 block, blocks);
537 return jumpshot_read_data(us, info, block, blocks);
540 if (srb->cmnd[0] == READ_12) {
541 // I don't think we'll ever see a READ_12 but support it anyway...
543 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
544 ((u32)(srb->cmnd[4]) << 8) | ((u32)(srb->cmnd[5]));
546 blocks = ((u32)(srb->cmnd[6]) << 24) | ((u32)(srb->cmnd[7]) << 16) |
547 ((u32)(srb->cmnd[8]) << 8) | ((u32)(srb->cmnd[9]));
549 usb_stor_dbg(us, "READ_12: read block 0x%04lx count %ld\n",
550 block, blocks);
551 return jumpshot_read_data(us, info, block, blocks);
554 if (srb->cmnd[0] == WRITE_10) {
555 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
556 ((u32)(srb->cmnd[4]) << 8) | ((u32)(srb->cmnd[5]));
558 blocks = ((u32)(srb->cmnd[7]) << 8) | ((u32)(srb->cmnd[8]));
560 usb_stor_dbg(us, "WRITE_10: write block 0x%04lx count %ld\n",
561 block, blocks);
562 return jumpshot_write_data(us, info, block, blocks);
565 if (srb->cmnd[0] == WRITE_12) {
566 // I don't think we'll ever see a WRITE_12 but support it anyway...
568 block = ((u32)(srb->cmnd[2]) << 24) | ((u32)(srb->cmnd[3]) << 16) |
569 ((u32)(srb->cmnd[4]) << 8) | ((u32)(srb->cmnd[5]));
571 blocks = ((u32)(srb->cmnd[6]) << 24) | ((u32)(srb->cmnd[7]) << 16) |
572 ((u32)(srb->cmnd[8]) << 8) | ((u32)(srb->cmnd[9]));
574 usb_stor_dbg(us, "WRITE_12: write block 0x%04lx count %ld\n",
575 block, blocks);
576 return jumpshot_write_data(us, info, block, blocks);
580 if (srb->cmnd[0] == TEST_UNIT_READY) {
581 usb_stor_dbg(us, "TEST_UNIT_READY\n");
582 return jumpshot_get_status(us);
585 if (srb->cmnd[0] == REQUEST_SENSE) {
586 usb_stor_dbg(us, "REQUEST_SENSE\n");
588 memset(ptr, 0, 18);
589 ptr[0] = 0xF0;
590 ptr[2] = info->sense_key;
591 ptr[7] = 11;
592 ptr[12] = info->sense_asc;
593 ptr[13] = info->sense_ascq;
594 usb_stor_set_xfer_buf(ptr, 18, srb);
596 return USB_STOR_TRANSPORT_GOOD;
599 if (srb->cmnd[0] == MODE_SENSE) {
600 usb_stor_dbg(us, "MODE_SENSE_6 detected\n");
601 return jumpshot_handle_mode_sense(us, srb, 1);
604 if (srb->cmnd[0] == MODE_SENSE_10) {
605 usb_stor_dbg(us, "MODE_SENSE_10 detected\n");
606 return jumpshot_handle_mode_sense(us, srb, 0);
609 if (srb->cmnd[0] == ALLOW_MEDIUM_REMOVAL) {
611 * sure. whatever. not like we can stop the user from popping
612 * the media out of the device (no locking doors, etc)
614 return USB_STOR_TRANSPORT_GOOD;
617 if (srb->cmnd[0] == START_STOP) {
619 * this is used by sd.c'check_scsidisk_media_change to detect
620 * media change
622 usb_stor_dbg(us, "START_STOP\n");
624 * the first jumpshot_id_device after a media change returns
625 * an error (determined experimentally)
627 rc = jumpshot_id_device(us, info);
628 if (rc == USB_STOR_TRANSPORT_GOOD) {
629 info->sense_key = NO_SENSE;
630 srb->result = SUCCESS;
631 } else {
632 info->sense_key = UNIT_ATTENTION;
633 srb->result = SAM_STAT_CHECK_CONDITION;
635 return rc;
638 usb_stor_dbg(us, "Gah! Unknown command: %d (0x%x)\n",
639 srb->cmnd[0], srb->cmnd[0]);
640 info->sense_key = 0x05;
641 info->sense_asc = 0x20;
642 info->sense_ascq = 0x00;
643 return USB_STOR_TRANSPORT_FAILED;
646 static struct scsi_host_template jumpshot_host_template;
648 static int jumpshot_probe(struct usb_interface *intf,
649 const struct usb_device_id *id)
651 struct us_data *us;
652 int result;
654 result = usb_stor_probe1(&us, intf, id,
655 (id - jumpshot_usb_ids) + jumpshot_unusual_dev_list,
656 &jumpshot_host_template);
657 if (result)
658 return result;
660 us->transport_name = "Lexar Jumpshot Control/Bulk";
661 us->transport = jumpshot_transport;
662 us->transport_reset = usb_stor_Bulk_reset;
663 us->max_lun = 1;
665 result = usb_stor_probe2(us);
666 return result;
669 static struct usb_driver jumpshot_driver = {
670 .name = DRV_NAME,
671 .probe = jumpshot_probe,
672 .disconnect = usb_stor_disconnect,
673 .suspend = usb_stor_suspend,
674 .resume = usb_stor_resume,
675 .reset_resume = usb_stor_reset_resume,
676 .pre_reset = usb_stor_pre_reset,
677 .post_reset = usb_stor_post_reset,
678 .id_table = jumpshot_usb_ids,
679 .soft_unbind = 1,
680 .no_dynamic_id = 1,
683 module_usb_stor_driver(jumpshot_driver, jumpshot_host_template, DRV_NAME);