Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / usb / storage / protocol.c
blob82dd834709c78f7627b82a53d5e268fb006744a2
1 /* Driver for USB Mass Storage compliant devices
3 * Current development and maintenance by:
4 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
6 * Developed with the assistance of:
7 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
8 * (c) 2002 Alan Stern (stern@rowland.org)
10 * Initial work by:
11 * (c) 1999 Michael Gee (michael@linuxspecific.com)
13 * This driver is based on the 'USB Mass Storage Class' document. This
14 * describes in detail the protocol used to communicate with such
15 * devices. Clearly, the designers had SCSI and ATAPI commands in
16 * mind when they created this document. The commands are all very
17 * similar to commands in the SCSI-II and ATAPI specifications.
19 * It is important to note that in a number of cases this class
20 * exhibits class-specific exemptions from the USB specification.
21 * Notably the usage of NAK, STALL and ACK differs from the norm, in
22 * that they are used to communicate wait, failed and OK on commands.
24 * Also, for certain devices, the interrupt endpoint is used to convey
25 * status of a command.
27 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
28 * information about this driver.
30 * This program is free software; you can redistribute it and/or modify it
31 * under the terms of the GNU General Public License as published by the
32 * Free Software Foundation; either version 2, or (at your option) any
33 * later version.
35 * This program is distributed in the hope that it will be useful, but
36 * WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
38 * General Public License for more details.
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 675 Mass Ave, Cambridge, MA 02139, USA.
45 #include <linux/highmem.h>
46 #include <linux/export.h>
47 #include <scsi/scsi.h>
48 #include <scsi/scsi_cmnd.h>
50 #include "usb.h"
51 #include "protocol.h"
52 #include "debug.h"
53 #include "scsiglue.h"
54 #include "transport.h"
56 /***********************************************************************
57 * Protocol routines
58 ***********************************************************************/
60 void usb_stor_pad12_command(struct scsi_cmnd *srb, struct us_data *us)
63 * Pad the SCSI command with zeros out to 12 bytes. If the
64 * command already is 12 bytes or longer, leave it alone.
66 * NOTE: This only works because a scsi_cmnd struct field contains
67 * a unsigned char cmnd[16], so we know we have storage available
69 for (; srb->cmd_len<12; srb->cmd_len++)
70 srb->cmnd[srb->cmd_len] = 0;
72 /* send the command to the transport layer */
73 usb_stor_invoke_transport(srb, us);
76 void usb_stor_ufi_command(struct scsi_cmnd *srb, struct us_data *us)
78 /* fix some commands -- this is a form of mode translation
79 * UFI devices only accept 12 byte long commands
81 * NOTE: This only works because a scsi_cmnd struct field contains
82 * a unsigned char cmnd[16], so we know we have storage available
85 /* Pad the ATAPI command with zeros */
86 for (; srb->cmd_len<12; srb->cmd_len++)
87 srb->cmnd[srb->cmd_len] = 0;
89 /* set command length to 12 bytes (this affects the transport layer) */
90 srb->cmd_len = 12;
92 /* XXX We should be constantly re-evaluating the need for these */
94 /* determine the correct data length for these commands */
95 switch (srb->cmnd[0]) {
97 /* for INQUIRY, UFI devices only ever return 36 bytes */
98 case INQUIRY:
99 srb->cmnd[4] = 36;
100 break;
102 /* again, for MODE_SENSE_10, we get the minimum (8) */
103 case MODE_SENSE_10:
104 srb->cmnd[7] = 0;
105 srb->cmnd[8] = 8;
106 break;
108 /* for REQUEST_SENSE, UFI devices only ever return 18 bytes */
109 case REQUEST_SENSE:
110 srb->cmnd[4] = 18;
111 break;
112 } /* end switch on cmnd[0] */
114 /* send the command to the transport layer */
115 usb_stor_invoke_transport(srb, us);
118 void usb_stor_transparent_scsi_command(struct scsi_cmnd *srb,
119 struct us_data *us)
121 /* send the command to the transport layer */
122 usb_stor_invoke_transport(srb, us);
124 EXPORT_SYMBOL_GPL(usb_stor_transparent_scsi_command);
126 /***********************************************************************
127 * Scatter-gather transfer buffer access routines
128 ***********************************************************************/
130 /* Copy a buffer of length buflen to/from the srb's transfer buffer.
131 * Update the **sgptr and *offset variables so that the next copy will
132 * pick up from where this one left off.
134 unsigned int usb_stor_access_xfer_buf(unsigned char *buffer,
135 unsigned int buflen, struct scsi_cmnd *srb, struct scatterlist **sgptr,
136 unsigned int *offset, enum xfer_buf_dir dir)
138 unsigned int cnt;
139 struct scatterlist *sg = *sgptr;
141 /* We have to go through the list one entry
142 * at a time. Each s-g entry contains some number of pages, and
143 * each page has to be kmap()'ed separately. If the page is already
144 * in kernel-addressable memory then kmap() will return its address.
145 * If the page is not directly accessible -- such as a user buffer
146 * located in high memory -- then kmap() will map it to a temporary
147 * position in the kernel's virtual address space.
150 if (!sg)
151 sg = scsi_sglist(srb);
153 /* This loop handles a single s-g list entry, which may
154 * include multiple pages. Find the initial page structure
155 * and the starting offset within the page, and update
156 * the *offset and **sgptr values for the next loop.
158 cnt = 0;
159 while (cnt < buflen && sg) {
160 struct page *page = sg_page(sg) +
161 ((sg->offset + *offset) >> PAGE_SHIFT);
162 unsigned int poff = (sg->offset + *offset) & (PAGE_SIZE-1);
163 unsigned int sglen = sg->length - *offset;
165 if (sglen > buflen - cnt) {
167 /* Transfer ends within this s-g entry */
168 sglen = buflen - cnt;
169 *offset += sglen;
170 } else {
172 /* Transfer continues to next s-g entry */
173 *offset = 0;
174 sg = sg_next(sg);
177 /* Transfer the data for all the pages in this
178 * s-g entry. For each page: call kmap(), do the
179 * transfer, and call kunmap() immediately after. */
180 while (sglen > 0) {
181 unsigned int plen = min(sglen, (unsigned int)
182 PAGE_SIZE - poff);
183 unsigned char *ptr = kmap(page);
185 if (dir == TO_XFER_BUF)
186 memcpy(ptr + poff, buffer + cnt, plen);
187 else
188 memcpy(buffer + cnt, ptr + poff, plen);
189 kunmap(page);
191 /* Start at the beginning of the next page */
192 poff = 0;
193 ++page;
194 cnt += plen;
195 sglen -= plen;
198 *sgptr = sg;
200 /* Return the amount actually transferred */
201 return cnt;
203 EXPORT_SYMBOL_GPL(usb_stor_access_xfer_buf);
205 /* Store the contents of buffer into srb's transfer buffer and set the
206 * SCSI residue.
208 void usb_stor_set_xfer_buf(unsigned char *buffer,
209 unsigned int buflen, struct scsi_cmnd *srb)
211 unsigned int offset = 0;
212 struct scatterlist *sg = NULL;
214 buflen = min(buflen, scsi_bufflen(srb));
215 buflen = usb_stor_access_xfer_buf(buffer, buflen, srb, &sg, &offset,
216 TO_XFER_BUF);
217 if (buflen < scsi_bufflen(srb))
218 scsi_set_resid(srb, scsi_bufflen(srb) - buflen);
220 EXPORT_SYMBOL_GPL(usb_stor_set_xfer_buf);