net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
[linux/fpc-iii.git] / drivers / usb / storage / scsiglue.c
blob2adcabe060c502b5d5586eb811becb37ab9f77c5
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Driver for USB Mass Storage compliant devices
4 * SCSI layer glue code
6 * Current development and maintenance by:
7 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
9 * Developed with the assistance of:
10 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
11 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
13 * Initial work by:
14 * (c) 1999 Michael Gee (michael@linuxspecific.com)
16 * This driver is based on the 'USB Mass Storage Class' document. This
17 * describes in detail the protocol used to communicate with such
18 * devices. Clearly, the designers had SCSI and ATAPI commands in
19 * mind when they created this document. The commands are all very
20 * similar to commands in the SCSI-II and ATAPI specifications.
22 * It is important to note that in a number of cases this class
23 * exhibits class-specific exemptions from the USB specification.
24 * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 * that they are used to communicate wait, failed and OK on commands.
27 * Also, for certain devices, the interrupt endpoint is used to convey
28 * status of a command.
31 #include <linux/blkdev.h>
32 #include <linux/dma-mapping.h>
33 #include <linux/module.h>
34 #include <linux/mutex.h>
36 #include <scsi/scsi.h>
37 #include <scsi/scsi_cmnd.h>
38 #include <scsi/scsi_devinfo.h>
39 #include <scsi/scsi_device.h>
40 #include <scsi/scsi_eh.h>
42 #include "usb.h"
43 #include <linux/usb/hcd.h>
44 #include "scsiglue.h"
45 #include "debug.h"
46 #include "transport.h"
47 #include "protocol.h"
50 * Vendor IDs for companies that seem to include the READ CAPACITY bug
51 * in all their devices
53 #define VENDOR_ID_NOKIA 0x0421
54 #define VENDOR_ID_NIKON 0x04b0
55 #define VENDOR_ID_PENTAX 0x0a17
56 #define VENDOR_ID_MOTOROLA 0x22b8
58 /***********************************************************************
59 * Host functions
60 ***********************************************************************/
62 static const char* host_info(struct Scsi_Host *host)
64 struct us_data *us = host_to_us(host);
65 return us->scsi_name;
68 static int slave_alloc (struct scsi_device *sdev)
70 struct us_data *us = host_to_us(sdev->host);
73 * Set the INQUIRY transfer length to 36. We don't use any of
74 * the extra data and many devices choke if asked for more or
75 * less than 36 bytes.
77 sdev->inquiry_len = 36;
80 * Some host controllers may have alignment requirements.
81 * We'll play it safe by requiring 512-byte alignment always.
83 blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
85 /* Tell the SCSI layer if we know there is more than one LUN */
86 if (us->protocol == USB_PR_BULK && us->max_lun > 0)
87 sdev->sdev_bflags |= BLIST_FORCELUN;
89 return 0;
92 static int slave_configure(struct scsi_device *sdev)
94 struct us_data *us = host_to_us(sdev->host);
95 struct device *dev = us->pusb_dev->bus->sysdev;
98 * Many devices have trouble transferring more than 32KB at a time,
99 * while others have trouble with more than 64K. At this time we
100 * are limiting both to 32K (64 sectores).
102 if (us->fflags & (US_FL_MAX_SECTORS_64 | US_FL_MAX_SECTORS_MIN)) {
103 unsigned int max_sectors = 64;
105 if (us->fflags & US_FL_MAX_SECTORS_MIN)
106 max_sectors = PAGE_SIZE >> 9;
107 if (queue_max_hw_sectors(sdev->request_queue) > max_sectors)
108 blk_queue_max_hw_sectors(sdev->request_queue,
109 max_sectors);
110 } else if (sdev->type == TYPE_TAPE) {
112 * Tapes need much higher max_sector limits, so just
113 * raise it to the maximum possible (4 GB / 512) and
114 * let the queue segment size sort out the real limit.
116 blk_queue_max_hw_sectors(sdev->request_queue, 0x7FFFFF);
117 } else if (us->pusb_dev->speed >= USB_SPEED_SUPER) {
119 * USB3 devices will be limited to 2048 sectors. This gives us
120 * better throughput on most devices.
122 blk_queue_max_hw_sectors(sdev->request_queue, 2048);
126 * The max_hw_sectors should be up to maximum size of a mapping for
127 * the device. Otherwise, a DMA API might fail on swiotlb environment.
129 blk_queue_max_hw_sectors(sdev->request_queue,
130 min_t(size_t, queue_max_hw_sectors(sdev->request_queue),
131 dma_max_mapping_size(dev) >> SECTOR_SHIFT));
134 * Some USB host controllers can't do DMA; they have to use PIO.
135 * For such controllers we need to make sure the block layer sets
136 * up bounce buffers in addressable memory.
138 if (!hcd_uses_dma(bus_to_hcd(us->pusb_dev->bus)) ||
139 (bus_to_hcd(us->pusb_dev->bus)->localmem_pool != NULL))
140 blk_queue_bounce_limit(sdev->request_queue, BLK_BOUNCE_HIGH);
143 * We can't put these settings in slave_alloc() because that gets
144 * called before the device type is known. Consequently these
145 * settings can't be overridden via the scsi devinfo mechanism.
147 if (sdev->type == TYPE_DISK) {
150 * Some vendors seem to put the READ CAPACITY bug into
151 * all their devices -- primarily makers of cell phones
152 * and digital cameras. Since these devices always use
153 * flash media and can be expected to have an even number
154 * of sectors, we will always enable the CAPACITY_HEURISTICS
155 * flag unless told otherwise.
157 switch (le16_to_cpu(us->pusb_dev->descriptor.idVendor)) {
158 case VENDOR_ID_NOKIA:
159 case VENDOR_ID_NIKON:
160 case VENDOR_ID_PENTAX:
161 case VENDOR_ID_MOTOROLA:
162 if (!(us->fflags & (US_FL_FIX_CAPACITY |
163 US_FL_CAPACITY_OK)))
164 us->fflags |= US_FL_CAPACITY_HEURISTICS;
165 break;
169 * Disk-type devices use MODE SENSE(6) if the protocol
170 * (SubClass) is Transparent SCSI, otherwise they use
171 * MODE SENSE(10).
173 if (us->subclass != USB_SC_SCSI && us->subclass != USB_SC_CYP_ATACB)
174 sdev->use_10_for_ms = 1;
177 *Many disks only accept MODE SENSE transfer lengths of
178 * 192 bytes (that's what Windows uses).
180 sdev->use_192_bytes_for_3f = 1;
183 * Some devices don't like MODE SENSE with page=0x3f,
184 * which is the command used for checking if a device
185 * is write-protected. Now that we tell the sd driver
186 * to do a 192-byte transfer with this command the
187 * majority of devices work fine, but a few still can't
188 * handle it. The sd driver will simply assume those
189 * devices are write-enabled.
191 if (us->fflags & US_FL_NO_WP_DETECT)
192 sdev->skip_ms_page_3f = 1;
195 * A number of devices have problems with MODE SENSE for
196 * page x08, so we will skip it.
198 sdev->skip_ms_page_8 = 1;
201 * Some devices don't handle VPD pages correctly, so skip vpd
202 * pages if not forced by SCSI layer.
204 sdev->skip_vpd_pages = !sdev->try_vpd_pages;
206 /* Do not attempt to use REPORT SUPPORTED OPERATION CODES */
207 sdev->no_report_opcodes = 1;
209 /* Do not attempt to use WRITE SAME */
210 sdev->no_write_same = 1;
213 * Some disks return the total number of blocks in response
214 * to READ CAPACITY rather than the highest block number.
215 * If this device makes that mistake, tell the sd driver.
217 if (us->fflags & US_FL_FIX_CAPACITY)
218 sdev->fix_capacity = 1;
221 * A few disks have two indistinguishable version, one of
222 * which reports the correct capacity and the other does not.
223 * The sd driver has to guess which is the case.
225 if (us->fflags & US_FL_CAPACITY_HEURISTICS)
226 sdev->guess_capacity = 1;
228 /* Some devices cannot handle READ_CAPACITY_16 */
229 if (us->fflags & US_FL_NO_READ_CAPACITY_16)
230 sdev->no_read_capacity_16 = 1;
233 * Many devices do not respond properly to READ_CAPACITY_16.
234 * Tell the SCSI layer to try READ_CAPACITY_10 first.
235 * However some USB 3.0 drive enclosures return capacity
236 * modulo 2TB. Those must use READ_CAPACITY_16
238 if (!(us->fflags & US_FL_NEEDS_CAP16))
239 sdev->try_rc_10_first = 1;
242 * assume SPC3 or latter devices support sense size > 18
243 * unless US_FL_BAD_SENSE quirk is specified.
245 if (sdev->scsi_level > SCSI_SPC_2 &&
246 !(us->fflags & US_FL_BAD_SENSE))
247 us->fflags |= US_FL_SANE_SENSE;
250 * USB-IDE bridges tend to report SK = 0x04 (Non-recoverable
251 * Hardware Error) when any low-level error occurs,
252 * recoverable or not. Setting this flag tells the SCSI
253 * midlayer to retry such commands, which frequently will
254 * succeed and fix the error. The worst this can lead to
255 * is an occasional series of retries that will all fail.
257 sdev->retry_hwerror = 1;
260 * USB disks should allow restart. Some drives spin down
261 * automatically, requiring a START-STOP UNIT command.
263 sdev->allow_restart = 1;
266 * Some USB cardreaders have trouble reading an sdcard's last
267 * sector in a larger then 1 sector read, since the performance
268 * impact is negligible we set this flag for all USB disks
270 sdev->last_sector_bug = 1;
273 * Enable last-sector hacks for single-target devices using
274 * the Bulk-only transport, unless we already know the
275 * capacity will be decremented or is correct.
277 if (!(us->fflags & (US_FL_FIX_CAPACITY | US_FL_CAPACITY_OK |
278 US_FL_SCM_MULT_TARG)) &&
279 us->protocol == USB_PR_BULK)
280 us->use_last_sector_hacks = 1;
282 /* Check if write cache default on flag is set or not */
283 if (us->fflags & US_FL_WRITE_CACHE)
284 sdev->wce_default_on = 1;
286 /* A few buggy USB-ATA bridges don't understand FUA */
287 if (us->fflags & US_FL_BROKEN_FUA)
288 sdev->broken_fua = 1;
290 /* Some even totally fail to indicate a cache */
291 if (us->fflags & US_FL_ALWAYS_SYNC) {
292 /* don't read caching information */
293 sdev->skip_ms_page_8 = 1;
294 sdev->skip_ms_page_3f = 1;
295 /* assume sync is needed */
296 sdev->wce_default_on = 1;
298 } else {
301 * Non-disk-type devices don't need to blacklist any pages
302 * or to force 192-byte transfer lengths for MODE SENSE.
303 * But they do need to use MODE SENSE(10).
305 sdev->use_10_for_ms = 1;
307 /* Some (fake) usb cdrom devices don't like READ_DISC_INFO */
308 if (us->fflags & US_FL_NO_READ_DISC_INFO)
309 sdev->no_read_disc_info = 1;
313 * The CB and CBI transports have no way to pass LUN values
314 * other than the bits in the second byte of a CDB. But those
315 * bits don't get set to the LUN value if the device reports
316 * scsi_level == 0 (UNKNOWN). Hence such devices must necessarily
317 * be single-LUN.
319 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_CBI) &&
320 sdev->scsi_level == SCSI_UNKNOWN)
321 us->max_lun = 0;
324 * Some devices choke when they receive a PREVENT-ALLOW MEDIUM
325 * REMOVAL command, so suppress those commands.
327 if (us->fflags & US_FL_NOT_LOCKABLE)
328 sdev->lockable = 0;
331 * this is to satisfy the compiler, tho I don't think the
332 * return code is ever checked anywhere.
334 return 0;
337 static int target_alloc(struct scsi_target *starget)
339 struct us_data *us = host_to_us(dev_to_shost(starget->dev.parent));
342 * Some USB drives don't support REPORT LUNS, even though they
343 * report a SCSI revision level above 2. Tell the SCSI layer
344 * not to issue that command; it will perform a normal sequential
345 * scan instead.
347 starget->no_report_luns = 1;
350 * The UFI spec treats the Peripheral Qualifier bits in an
351 * INQUIRY result as reserved and requires devices to set them
352 * to 0. However the SCSI spec requires these bits to be set
353 * to 3 to indicate when a LUN is not present.
355 * Let the scanning code know if this target merely sets
356 * Peripheral Device Type to 0x1f to indicate no LUN.
358 if (us->subclass == USB_SC_UFI)
359 starget->pdt_1f_for_no_lun = 1;
361 return 0;
364 /* queue a command */
365 /* This is always called with scsi_lock(host) held */
366 static int queuecommand_lck(struct scsi_cmnd *srb,
367 void (*done)(struct scsi_cmnd *))
369 struct us_data *us = host_to_us(srb->device->host);
371 /* check for state-transition errors */
372 if (us->srb != NULL) {
373 printk(KERN_ERR "usb-storage: Error in %s: us->srb = %p\n",
374 __func__, us->srb);
375 return SCSI_MLQUEUE_HOST_BUSY;
378 /* fail the command if we are disconnecting */
379 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
380 usb_stor_dbg(us, "Fail command during disconnect\n");
381 srb->result = DID_NO_CONNECT << 16;
382 done(srb);
383 return 0;
386 if ((us->fflags & US_FL_NO_ATA_1X) &&
387 (srb->cmnd[0] == ATA_12 || srb->cmnd[0] == ATA_16)) {
388 memcpy(srb->sense_buffer, usb_stor_sense_invalidCDB,
389 sizeof(usb_stor_sense_invalidCDB));
390 srb->result = SAM_STAT_CHECK_CONDITION;
391 done(srb);
392 return 0;
395 /* enqueue the command and wake up the control thread */
396 srb->scsi_done = done;
397 us->srb = srb;
398 complete(&us->cmnd_ready);
400 return 0;
403 static DEF_SCSI_QCMD(queuecommand)
405 /***********************************************************************
406 * Error handling functions
407 ***********************************************************************/
409 /* Command timeout and abort */
410 static int command_abort(struct scsi_cmnd *srb)
412 struct us_data *us = host_to_us(srb->device->host);
414 usb_stor_dbg(us, "%s called\n", __func__);
417 * us->srb together with the TIMED_OUT, RESETTING, and ABORTING
418 * bits are protected by the host lock.
420 scsi_lock(us_to_host(us));
422 /* Is this command still active? */
423 if (us->srb != srb) {
424 scsi_unlock(us_to_host(us));
425 usb_stor_dbg(us, "-- nothing to abort\n");
426 return FAILED;
430 * Set the TIMED_OUT bit. Also set the ABORTING bit, but only if
431 * a device reset isn't already in progress (to avoid interfering
432 * with the reset). Note that we must retain the host lock while
433 * calling usb_stor_stop_transport(); otherwise it might interfere
434 * with an auto-reset that begins as soon as we release the lock.
436 set_bit(US_FLIDX_TIMED_OUT, &us->dflags);
437 if (!test_bit(US_FLIDX_RESETTING, &us->dflags)) {
438 set_bit(US_FLIDX_ABORTING, &us->dflags);
439 usb_stor_stop_transport(us);
441 scsi_unlock(us_to_host(us));
443 /* Wait for the aborted command to finish */
444 wait_for_completion(&us->notify);
445 return SUCCESS;
449 * This invokes the transport reset mechanism to reset the state of the
450 * device
452 static int device_reset(struct scsi_cmnd *srb)
454 struct us_data *us = host_to_us(srb->device->host);
455 int result;
457 usb_stor_dbg(us, "%s called\n", __func__);
459 /* lock the device pointers and do the reset */
460 mutex_lock(&(us->dev_mutex));
461 result = us->transport_reset(us);
462 mutex_unlock(&us->dev_mutex);
464 return result < 0 ? FAILED : SUCCESS;
467 /* Simulate a SCSI bus reset by resetting the device's USB port. */
468 static int bus_reset(struct scsi_cmnd *srb)
470 struct us_data *us = host_to_us(srb->device->host);
471 int result;
473 usb_stor_dbg(us, "%s called\n", __func__);
475 result = usb_stor_port_reset(us);
476 return result < 0 ? FAILED : SUCCESS;
480 * Report a driver-initiated device reset to the SCSI layer.
481 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
482 * The caller must own the SCSI host lock.
484 void usb_stor_report_device_reset(struct us_data *us)
486 int i;
487 struct Scsi_Host *host = us_to_host(us);
489 scsi_report_device_reset(host, 0, 0);
490 if (us->fflags & US_FL_SCM_MULT_TARG) {
491 for (i = 1; i < host->max_id; ++i)
492 scsi_report_device_reset(host, 0, i);
497 * Report a driver-initiated bus reset to the SCSI layer.
498 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
499 * The caller must not own the SCSI host lock.
501 void usb_stor_report_bus_reset(struct us_data *us)
503 struct Scsi_Host *host = us_to_host(us);
505 scsi_lock(host);
506 scsi_report_bus_reset(host, 0);
507 scsi_unlock(host);
510 /***********************************************************************
511 * /proc/scsi/ functions
512 ***********************************************************************/
514 static int write_info(struct Scsi_Host *host, char *buffer, int length)
516 /* if someone is sending us data, just throw it away */
517 return length;
520 static int show_info (struct seq_file *m, struct Scsi_Host *host)
522 struct us_data *us = host_to_us(host);
523 const char *string;
525 /* print the controller name */
526 seq_printf(m, " Host scsi%d: usb-storage\n", host->host_no);
528 /* print product, vendor, and serial number strings */
529 if (us->pusb_dev->manufacturer)
530 string = us->pusb_dev->manufacturer;
531 else if (us->unusual_dev->vendorName)
532 string = us->unusual_dev->vendorName;
533 else
534 string = "Unknown";
535 seq_printf(m, " Vendor: %s\n", string);
536 if (us->pusb_dev->product)
537 string = us->pusb_dev->product;
538 else if (us->unusual_dev->productName)
539 string = us->unusual_dev->productName;
540 else
541 string = "Unknown";
542 seq_printf(m, " Product: %s\n", string);
543 if (us->pusb_dev->serial)
544 string = us->pusb_dev->serial;
545 else
546 string = "None";
547 seq_printf(m, "Serial Number: %s\n", string);
549 /* show the protocol and transport */
550 seq_printf(m, " Protocol: %s\n", us->protocol_name);
551 seq_printf(m, " Transport: %s\n", us->transport_name);
553 /* show the device flags */
554 seq_printf(m, " Quirks:");
556 #define US_FLAG(name, value) \
557 if (us->fflags & value) seq_printf(m, " " #name);
558 US_DO_ALL_FLAGS
559 #undef US_FLAG
560 seq_putc(m, '\n');
561 return 0;
564 /***********************************************************************
565 * Sysfs interface
566 ***********************************************************************/
568 /* Output routine for the sysfs max_sectors file */
569 static ssize_t max_sectors_show(struct device *dev, struct device_attribute *attr, char *buf)
571 struct scsi_device *sdev = to_scsi_device(dev);
573 return sprintf(buf, "%u\n", queue_max_hw_sectors(sdev->request_queue));
576 /* Input routine for the sysfs max_sectors file */
577 static ssize_t max_sectors_store(struct device *dev, struct device_attribute *attr, const char *buf,
578 size_t count)
580 struct scsi_device *sdev = to_scsi_device(dev);
581 unsigned short ms;
583 if (sscanf(buf, "%hu", &ms) > 0) {
584 blk_queue_max_hw_sectors(sdev->request_queue, ms);
585 return count;
587 return -EINVAL;
589 static DEVICE_ATTR_RW(max_sectors);
591 static struct device_attribute *sysfs_device_attr_list[] = {
592 &dev_attr_max_sectors,
593 NULL,
597 * this defines our host template, with which we'll allocate hosts
600 static const struct scsi_host_template usb_stor_host_template = {
601 /* basic userland interface stuff */
602 .name = "usb-storage",
603 .proc_name = "usb-storage",
604 .show_info = show_info,
605 .write_info = write_info,
606 .info = host_info,
608 /* command interface -- queued only */
609 .queuecommand = queuecommand,
611 /* error and abort handlers */
612 .eh_abort_handler = command_abort,
613 .eh_device_reset_handler = device_reset,
614 .eh_bus_reset_handler = bus_reset,
616 /* queue commands only, only one command per LUN */
617 .can_queue = 1,
619 /* unknown initiator id */
620 .this_id = -1,
622 .slave_alloc = slave_alloc,
623 .slave_configure = slave_configure,
624 .target_alloc = target_alloc,
626 /* lots of sg segments can be handled */
627 .sg_tablesize = SG_MAX_SEGMENTS,
631 * Limit the total size of a transfer to 120 KB.
633 * Some devices are known to choke with anything larger. It seems like
634 * the problem stems from the fact that original IDE controllers had
635 * only an 8-bit register to hold the number of sectors in one transfer
636 * and even those couldn't handle a full 256 sectors.
638 * Because we want to make sure we interoperate with as many devices as
639 * possible, we will maintain a 240 sector transfer size limit for USB
640 * Mass Storage devices.
642 * Tests show that other operating have similar limits with Microsoft
643 * Windows 7 limiting transfers to 128 sectors for both USB2 and USB3
644 * and Apple Mac OS X 10.11 limiting transfers to 256 sectors for USB2
645 * and 2048 for USB3 devices.
647 .max_sectors = 240,
649 /* emulated HBA */
650 .emulated = 1,
652 /* we do our own delay after a device or bus reset */
653 .skip_settle_delay = 1,
655 /* sysfs device attributes */
656 .sdev_attrs = sysfs_device_attr_list,
658 /* module management */
659 .module = THIS_MODULE
662 void usb_stor_host_template_init(struct scsi_host_template *sht,
663 const char *name, struct module *owner)
665 *sht = usb_stor_host_template;
666 sht->name = name;
667 sht->proc_name = name;
668 sht->module = owner;
670 EXPORT_SYMBOL_GPL(usb_stor_host_template_init);
672 /* To Report "Illegal Request: Invalid Field in CDB */
673 unsigned char usb_stor_sense_invalidCDB[18] = {
674 [0] = 0x70, /* current error */
675 [2] = ILLEGAL_REQUEST, /* Illegal Request = 0x05 */
676 [7] = 0x0a, /* additional length */
677 [12] = 0x24 /* Invalid Field in CDB */
679 EXPORT_SYMBOL_GPL(usb_stor_sense_invalidCDB);