Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / staging / keucr / usb.c
blob4833034027351cdadafbe2ee3ee954c8d7e6b914
1 #include <linux/sched.h>
2 #include <linux/errno.h>
3 #include <linux/freezer.h>
4 #include <linux/module.h>
5 #include <linux/init.h>
6 #include <linux/slab.h>
7 #include <linux/kthread.h>
8 #include <linux/mutex.h>
9 #include <linux/utsname.h>
11 #include <scsi/scsi.h>
12 #include <scsi/scsi_cmnd.h>
13 #include <scsi/scsi_device.h>
15 #include "usb.h"
16 #include "scsiglue.h"
17 #include "smil.h"
18 #include "transport.h"
20 /* Some informational data */
21 MODULE_AUTHOR("Domao");
22 MODULE_DESCRIPTION("ENE USB Mass Storage driver for Linux");
23 MODULE_LICENSE("GPL");
25 static unsigned int delay_use = 1;
27 static struct usb_device_id eucr_usb_ids [] = {
28 { USB_DEVICE(0x058f, 0x6366) },
29 { USB_DEVICE(0x0cf2, 0x6230) },
30 { USB_DEVICE(0x0cf2, 0x6250) },
31 { } /* Terminating entry */
33 MODULE_DEVICE_TABLE (usb, eucr_usb_ids);
36 #ifdef CONFIG_PM
38 static int eucr_suspend(struct usb_interface *iface, pm_message_t message)
40 struct us_data *us = usb_get_intfdata(iface);
41 pr_info("--- eucr_suspend ---\n");
42 /* Wait until no command is running */
43 mutex_lock(&us->dev_mutex);
45 //US_DEBUGP("%s\n", __func__);
46 if (us->suspend_resume_hook)
47 (us->suspend_resume_hook)(us, US_SUSPEND);
49 /* When runtime PM is working, we'll set a flag to indicate
50 * whether we should autoresume when a SCSI request arrives. */
51 // us->Power_IsResum = true;
52 //us->SD_Status.Ready = 0;
54 mutex_unlock(&us->dev_mutex);
55 return 0;
57 //EXPORT_SYMBOL_GPL(eucr_suspend);
59 static int eucr_resume(struct usb_interface *iface)
61 BYTE tmp = 0;
63 struct us_data *us = usb_get_intfdata(iface);
64 pr_info("--- eucr_resume---\n");
65 mutex_lock(&us->dev_mutex);
67 //US_DEBUGP("%s\n", __func__);
68 if (us->suspend_resume_hook)
69 (us->suspend_resume_hook)(us, US_RESUME);
72 mutex_unlock(&us->dev_mutex);
75 us->Power_IsResum = true;
77 //us->SD_Status.Ready = 0; //??
78 us->SM_Status = *(PSM_STATUS)&tmp;
80 return 0;
82 //EXPORT_SYMBOL_GPL(eucr_resume);
83 static int eucr_reset_resume(struct usb_interface *iface)
85 BYTE tmp = 0;
86 struct us_data *us = usb_get_intfdata(iface);
88 pr_info("--- eucr_reset_resume---\n");
89 //US_DEBUGP("%s\n", __func__);
91 /* Report the reset to the SCSI core */
92 usb_stor_report_bus_reset(us);
94 /* FIXME: Notify the subdrivers that they need to reinitialize
95 * the device */
96 //ENE_InitMedia(us);
97 us->Power_IsResum = true;
99 //us->SD_Status.Ready = 0; //??
100 us->SM_Status = *(PSM_STATUS)&tmp;
101 return 0;
103 //EXPORT_SYMBOL_GPL(usb_stor_reset_resume);
105 #else
107 #define eucr_suspend NULL
108 #define eucr_resume NULL
109 #define eucr_reset_resume NULL
111 #endif
113 //----- eucr_pre_reset() ---------------------
114 static int eucr_pre_reset(struct usb_interface *iface)
116 struct us_data *us = usb_get_intfdata(iface);
118 pr_info("usb --- eucr_pre_reset\n");
120 /* Make sure no command runs during the reset */
121 mutex_lock(&us->dev_mutex);
122 return 0;
125 //----- eucr_post_reset() ---------------------
126 static int eucr_post_reset(struct usb_interface *iface)
128 struct us_data *us = usb_get_intfdata(iface);
130 pr_info("usb --- eucr_post_reset\n");
132 /* Report the reset to the SCSI core */
133 usb_stor_report_bus_reset(us);
135 mutex_unlock(&us->dev_mutex);
136 return 0;
139 //----- fill_inquiry_response() ---------------------
140 void fill_inquiry_response(struct us_data *us, unsigned char *data, unsigned int data_len)
142 pr_info("usb --- fill_inquiry_response\n");
143 if (data_len<36) // You lose.
144 return;
146 if (data[0]&0x20)
148 memset(data+8,0,28);
150 else
152 u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice);
153 memcpy(data+8, us->unusual_dev->vendorName,
154 strlen(us->unusual_dev->vendorName) > 8 ? 8 :
155 strlen(us->unusual_dev->vendorName));
156 memcpy(data+16, us->unusual_dev->productName,
157 strlen(us->unusual_dev->productName) > 16 ? 16 :
158 strlen(us->unusual_dev->productName));
159 data[32] = 0x30 + ((bcdDevice>>12) & 0x0F);
160 data[33] = 0x30 + ((bcdDevice>>8) & 0x0F);
161 data[34] = 0x30 + ((bcdDevice>>4) & 0x0F);
162 data[35] = 0x30 + ((bcdDevice) & 0x0F);
164 usb_stor_set_xfer_buf(us, data, data_len, us->srb, TO_XFER_BUF);
167 //----- usb_stor_control_thread() ---------------------
168 static int usb_stor_control_thread(void * __us)
170 struct us_data *us = (struct us_data *)__us;
171 struct Scsi_Host *host = us_to_host(us);
173 pr_info("usb --- usb_stor_control_thread\n");
174 for(;;)
176 if (wait_for_completion_interruptible(&us->cmnd_ready))
177 break;
179 /* lock the device pointers */
180 mutex_lock(&(us->dev_mutex));
182 /* if the device has disconnected, we are free to exit */
183 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
184 mutex_unlock(&us->dev_mutex);
185 break;
188 /* lock access to the state */
189 scsi_lock(host);
191 /* When we are called with no command pending, we're done */
192 if (us->srb == NULL)
194 scsi_unlock(host);
195 mutex_unlock(&us->dev_mutex);
196 //US_DEBUGP("-- exiting\n");
197 break;
200 /* has the command timed out *already* ? */
201 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags))
203 us->srb->result = DID_ABORT << 16;
204 goto SkipForAbort;
207 scsi_unlock(host);
209 if (us->srb->sc_data_direction == DMA_BIDIRECTIONAL)
211 us->srb->result = DID_ERROR << 16;
213 else if (us->srb->device->id && !(us->fflags & US_FL_SCM_MULT_TARG))
215 us->srb->result = DID_BAD_TARGET << 16;
217 else if (us->srb->device->lun > us->max_lun)
219 us->srb->result = DID_BAD_TARGET << 16;
221 else if ((us->srb->cmnd[0] == INQUIRY) && (us->fflags & US_FL_FIX_INQUIRY))
223 unsigned char data_ptr[36] = {0x00, 0x80, 0x02, 0x02, 0x1F, 0x00, 0x00, 0x00};
225 fill_inquiry_response(us, data_ptr, 36);
226 us->srb->result = SAM_STAT_GOOD;
228 else
230 us->proto_handler(us->srb, us);
233 /* lock access to the state */
234 scsi_lock(host);
236 /* indicate that the command is done */
237 if (us->srb->result != DID_ABORT << 16)
239 us->srb->scsi_done(us->srb);
241 else
243 SkipForAbort:
244 pr_info("scsi command aborted\n");
247 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags))
249 complete(&(us->notify));
251 /* Allow USB transfers to resume */
252 clear_bit(US_FLIDX_ABORTING, &us->dflags);
253 clear_bit(US_FLIDX_TIMED_OUT, &us->dflags);
256 /* finished working on this command */
257 us->srb = NULL;
258 scsi_unlock(host);
260 /* unlock the device pointers */
261 mutex_unlock(&us->dev_mutex);
262 } /* for (;;) */
264 /* Wait until we are told to stop */
265 for (;;)
267 set_current_state(TASK_INTERRUPTIBLE);
268 if (kthread_should_stop())
269 break;
270 schedule();
272 __set_current_state(TASK_RUNNING);
273 return 0;
276 //----- associate_dev() ---------------------
277 static int associate_dev(struct us_data *us, struct usb_interface *intf)
279 pr_info("usb --- associate_dev\n");
281 /* Fill in the device-related fields */
282 us->pusb_dev = interface_to_usbdev(intf);
283 us->pusb_intf = intf;
284 us->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
286 /* Store our private data in the interface */
287 usb_set_intfdata(intf, us);
289 /* Allocate the device-related DMA-mapped buffers */
290 us->cr = usb_alloc_coherent(us->pusb_dev, sizeof(*us->cr), GFP_KERNEL, &us->cr_dma);
291 if (!us->cr)
293 pr_info("usb_ctrlrequest allocation failed\n");
294 return -ENOMEM;
297 us->iobuf = usb_alloc_coherent(us->pusb_dev, US_IOBUF_SIZE, GFP_KERNEL, &us->iobuf_dma);
298 if (!us->iobuf)
300 pr_info("I/O buffer allocation failed\n");
301 return -ENOMEM;
304 us->sensebuf = kmalloc(US_SENSE_SIZE, GFP_KERNEL);
305 if (!us->sensebuf)
307 pr_info("Sense buffer allocation failed\n");
308 return -ENOMEM;
310 return 0;
313 //----- get_device_info() ---------------------
314 static int get_device_info(struct us_data *us, const struct usb_device_id *id)
316 struct usb_device *dev = us->pusb_dev;
317 struct usb_interface_descriptor *idesc = &us->pusb_intf->cur_altsetting->desc;
319 pr_info("usb --- get_device_info\n");
321 us->subclass = idesc->bInterfaceSubClass;
322 us->protocol = idesc->bInterfaceProtocol;
323 us->fflags = USB_US_ORIG_FLAGS(id->driver_info);
324 us->Power_IsResum = false;
326 if (us->fflags & US_FL_IGNORE_DEVICE)
328 pr_info("device ignored\n");
329 return -ENODEV;
332 if (dev->speed != USB_SPEED_HIGH)
333 us->fflags &= ~US_FL_GO_SLOW;
335 return 0;
338 //----- get_transport() ---------------------
339 static int get_transport(struct us_data *us)
341 pr_info("usb --- get_transport\n");
342 switch (us->protocol) {
343 case USB_PR_BULK:
344 us->transport_name = "Bulk";
345 us->transport = usb_stor_Bulk_transport;
346 us->transport_reset = usb_stor_Bulk_reset;
347 break;
349 default:
350 return -EIO;
352 /* pr_info("Transport: %s\n", us->transport_name); */
354 /* fix for single-lun devices */
355 if (us->fflags & US_FL_SINGLE_LUN)
356 us->max_lun = 0;
357 return 0;
360 //----- get_protocol() ---------------------
361 static int get_protocol(struct us_data *us)
363 pr_info("usb --- get_protocol\n");
364 pr_info("us->pusb_dev->descriptor.idVendor = %x\n",
365 us->pusb_dev->descriptor.idVendor);
366 pr_info("us->pusb_dev->descriptor.idProduct = %x\n",
367 us->pusb_dev->descriptor.idProduct);
368 switch (us->subclass) {
369 case USB_SC_SCSI:
370 us->protocol_name = "Transparent SCSI";
371 if( (us->pusb_dev->descriptor.idVendor == 0x0CF2) && (us->pusb_dev->descriptor.idProduct == 0x6250) )
372 us->proto_handler = ENE_stor_invoke_transport;
373 else
374 us->proto_handler = usb_stor_invoke_transport;
375 break;
377 default:
378 return -EIO;
380 /* pr_info("Protocol: %s\n", us->protocol_name); */
381 return 0;
384 //----- get_pipes() ---------------------
385 static int get_pipes(struct us_data *us)
387 struct usb_host_interface *altsetting = us->pusb_intf->cur_altsetting;
388 int i;
389 struct usb_endpoint_descriptor *ep;
390 struct usb_endpoint_descriptor *ep_in = NULL;
391 struct usb_endpoint_descriptor *ep_out = NULL;
392 struct usb_endpoint_descriptor *ep_int = NULL;
394 pr_info("usb --- get_pipes\n");
396 for (i = 0; i < altsetting->desc.bNumEndpoints; i++)
398 ep = &altsetting->endpoint[i].desc;
400 if (usb_endpoint_xfer_bulk(ep))
402 if (usb_endpoint_dir_in(ep))
404 if (!ep_in)
405 ep_in = ep;
407 else
409 if (!ep_out)
410 ep_out = ep;
413 else if (usb_endpoint_is_int_in(ep))
415 if (!ep_int)
416 ep_int = ep;
420 if (!ep_in || !ep_out || (us->protocol == USB_PR_CBI && !ep_int))
422 pr_info("Endpoint sanity check failed! Rejecting dev.\n");
423 return -EIO;
426 /* Calculate and store the pipe values */
427 us->send_ctrl_pipe = usb_sndctrlpipe(us->pusb_dev, 0);
428 us->recv_ctrl_pipe = usb_rcvctrlpipe(us->pusb_dev, 0);
429 us->send_bulk_pipe = usb_sndbulkpipe(us->pusb_dev, ep_out->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
430 us->recv_bulk_pipe = usb_rcvbulkpipe(us->pusb_dev, ep_in->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
431 if (ep_int)
433 us->recv_intr_pipe = usb_rcvintpipe(us->pusb_dev, ep_int->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
434 us->ep_bInterval = ep_int->bInterval;
436 return 0;
439 //----- usb_stor_acquire_resources() ---------------------
440 static int usb_stor_acquire_resources(struct us_data *us)
442 struct task_struct *th;
444 pr_info("usb --- usb_stor_acquire_resources\n");
445 us->current_urb = usb_alloc_urb(0, GFP_KERNEL);
446 if (!us->current_urb)
448 pr_info("URB allocation failed\n");
449 return -ENOMEM;
452 /* Start up our control thread */
453 th = kthread_run(usb_stor_control_thread, us, "eucr-storage");
454 if (IS_ERR(th))
456 pr_info("Unable to start control thread\n");
457 return PTR_ERR(th);
459 us->ctl_thread = th;
461 return 0;
464 //----- usb_stor_release_resources() ---------------------
465 static void usb_stor_release_resources(struct us_data *us)
467 pr_info("usb --- usb_stor_release_resources\n");
469 SM_FreeMem();
471 complete(&us->cmnd_ready);
472 if (us->ctl_thread)
473 kthread_stop(us->ctl_thread);
475 /* Call the destructor routine, if it exists */
476 if (us->extra_destructor)
478 pr_info("-- calling extra_destructor()\n");
479 us->extra_destructor(us->extra);
482 /* Free the extra data and the URB */
483 kfree(us->extra);
484 usb_free_urb(us->current_urb);
487 //----- dissociate_dev() ---------------------
488 static void dissociate_dev(struct us_data *us)
490 pr_info("usb --- dissociate_dev\n");
492 kfree(us->sensebuf);
494 /* Free the device-related DMA-mapped buffers */
495 if (us->cr)
496 usb_free_coherent(us->pusb_dev, sizeof(*us->cr), us->cr, us->cr_dma);
497 if (us->iobuf)
498 usb_free_coherent(us->pusb_dev, US_IOBUF_SIZE, us->iobuf, us->iobuf_dma);
500 /* Remove our private data from the interface */
501 usb_set_intfdata(us->pusb_intf, NULL);
504 //----- quiesce_and_remove_host() ---------------------
505 static void quiesce_and_remove_host(struct us_data *us)
507 struct Scsi_Host *host = us_to_host(us);
509 pr_info("usb --- quiesce_and_remove_host\n");
511 /* If the device is really gone, cut short reset delays */
512 if (us->pusb_dev->state == USB_STATE_NOTATTACHED)
513 set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
515 /* Prevent SCSI-scanning (if it hasn't started yet)
516 * and wait for the SCSI-scanning thread to stop.
518 set_bit(US_FLIDX_DONT_SCAN, &us->dflags);
519 wake_up(&us->delay_wait);
520 wait_for_completion(&us->scanning_done);
522 /* Removing the host will perform an orderly shutdown: caches
523 * synchronized, disks spun down, etc.
525 scsi_remove_host(host);
527 /* Prevent any new commands from being accepted and cut short
528 * reset delays.
530 scsi_lock(host);
531 set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
532 scsi_unlock(host);
533 wake_up(&us->delay_wait);
536 //----- release_everything() ---------------------
537 static void release_everything(struct us_data *us)
539 pr_info("usb --- release_everything\n");
541 usb_stor_release_resources(us);
542 dissociate_dev(us);
543 scsi_host_put(us_to_host(us));
546 //----- usb_stor_scan_thread() ---------------------
547 static int usb_stor_scan_thread(void * __us)
549 struct us_data *us = (struct us_data *)__us;
551 pr_info("usb --- usb_stor_scan_thread\n");
552 pr_info("EUCR : device found at %d\n", us->pusb_dev->devnum);
554 set_freezable();
555 /* Wait for the timeout to expire or for a disconnect */
556 if (delay_use > 0) {
557 wait_event_freezable_timeout(us->delay_wait,
558 test_bit(US_FLIDX_DONT_SCAN, &us->dflags),
559 delay_use * HZ);
562 /* If the device is still connected, perform the scanning */
563 if (!test_bit(US_FLIDX_DONT_SCAN, &us->dflags))
565 /* For bulk-only devices, determine the max LUN value */
566 if (us->protocol == USB_PR_BULK && !(us->fflags & US_FL_SINGLE_LUN))
568 mutex_lock(&us->dev_mutex);
569 us->max_lun = usb_stor_Bulk_max_lun(us);
570 mutex_unlock(&us->dev_mutex);
572 scsi_scan_host(us_to_host(us));
573 pr_info("EUCR : device scan complete\n");
575 complete_and_exit(&us->scanning_done, 0);
578 //----- eucr_probe() ---------------------
579 static int eucr_probe(struct usb_interface *intf, const struct usb_device_id *id)
581 struct Scsi_Host *host;
582 struct us_data *us;
583 int result;
584 BYTE MiscReg03 = 0;
585 struct task_struct *th;
587 pr_info("usb --- eucr_probe\n");
589 host = scsi_host_alloc(&usb_stor_host_template, sizeof(*us));
590 if (!host)
592 pr_info("Unable to allocate the scsi host\n");
593 return -ENOMEM;
596 /* Allow 16-byte CDBs and thus > 2TB */
597 host->max_cmd_len = 16;
598 us = host_to_us(host);
599 memset(us, 0, sizeof(struct us_data));
600 mutex_init(&(us->dev_mutex));
601 init_completion(&us->cmnd_ready);
602 init_completion(&(us->notify));
603 init_waitqueue_head(&us->delay_wait);
604 init_completion(&us->scanning_done);
606 /* Associate the us_data structure with the USB device */
607 result = associate_dev(us, intf);
608 if (result)
609 goto BadDevice;
611 /* Get Device info */
612 result = get_device_info(us, id);
613 if (result)
614 goto BadDevice;
616 /* Get the transport, protocol, and pipe settings */
617 result = get_transport(us);
618 if (result)
619 goto BadDevice;
620 result = get_protocol(us);
621 if (result)
622 goto BadDevice;
623 result = get_pipes(us);
624 if (result)
625 goto BadDevice;
627 /* Acquire all the other resources and add the host */
628 result = usb_stor_acquire_resources(us);
629 if (result)
630 goto BadDevice;
632 result = scsi_add_host(host, &intf->dev);
633 if (result)
635 pr_info("Unable to add the scsi host\n");
636 goto BadDevice;
639 /* Start up the thread for delayed SCSI-device scanning */
640 th = kthread_create(usb_stor_scan_thread, us, "eucr-stor-scan");
641 if (IS_ERR(th)) {
642 pr_info("Unable to start the device-scanning thread\n");
643 complete(&us->scanning_done);
644 quiesce_and_remove_host(us);
645 result = PTR_ERR(th);
646 goto BadDevice;
648 wake_up_process(th);
650 /* probe card type */
651 result = ENE_Read_BYTE(us, REG_CARD_STATUS, &MiscReg03);
652 if (result != USB_STOR_XFER_GOOD) {
653 result = USB_STOR_TRANSPORT_ERROR;
654 quiesce_and_remove_host(us);
655 goto BadDevice;
658 if (!(MiscReg03 & 0x02)) {
659 result = -ENODEV;
660 quiesce_and_remove_host(us);
661 pr_info("keucr: The driver only supports SM/MS card.\
662 To use SD card, \
663 please build driver/usb/storage/ums-eneub6250.ko\n");
664 goto BadDevice;
667 return 0;
669 /* We come here if there are any problems */
670 BadDevice:
671 pr_info("usb --- eucr_probe failed\n");
672 release_everything(us);
673 return result;
676 //----- eucr_disconnect() ---------------------
677 static void eucr_disconnect(struct usb_interface *intf)
679 struct us_data *us = usb_get_intfdata(intf);
681 pr_info("usb --- eucr_disconnect\n");
682 quiesce_and_remove_host(us);
683 release_everything(us);
686 /***********************************************************************
687 * Initialization and registration
688 ***********************************************************************/
690 //----- usb_storage_driver() ---------------------
691 static struct usb_driver usb_storage_driver = {
692 .name = "eucr",
693 .probe = eucr_probe,
694 .suspend = eucr_suspend,
695 .resume = eucr_resume,
696 .reset_resume = eucr_reset_resume,
697 .disconnect = eucr_disconnect,
698 .pre_reset = eucr_pre_reset,
699 .post_reset = eucr_post_reset,
700 .id_table = eucr_usb_ids,
701 .soft_unbind = 1,
704 module_usb_driver(usb_storage_driver);