Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / usb / storage / scsiglue.c
blob13b8bcdf3dbafd675a49501dd532b330beb2ecfa
1 /* Driver for USB Mass Storage compliant devices
2 * SCSI layer glue code
4 * Current development and maintenance by:
5 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
7 * Developed with the assistance of:
8 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
9 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
11 * Initial work by:
12 * (c) 1999 Michael Gee (michael@linuxspecific.com)
14 * This driver is based on the 'USB Mass Storage Class' document. This
15 * describes in detail the protocol used to communicate with such
16 * devices. Clearly, the designers had SCSI and ATAPI commands in
17 * mind when they created this document. The commands are all very
18 * similar to commands in the SCSI-II and ATAPI specifications.
20 * It is important to note that in a number of cases this class
21 * exhibits class-specific exemptions from the USB specification.
22 * Notably the usage of NAK, STALL and ACK differs from the norm, in
23 * that they are used to communicate wait, failed and OK on commands.
25 * Also, for certain devices, the interrupt endpoint is used to convey
26 * status of a command.
28 * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
29 * information about this driver.
31 * This program is free software; you can redistribute it and/or modify it
32 * under the terms of the GNU General Public License as published by the
33 * Free Software Foundation; either version 2, or (at your option) any
34 * later version.
36 * This program is distributed in the hope that it will be useful, but
37 * WITHOUT ANY WARRANTY; without even the implied warranty of
38 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
39 * General Public License for more details.
41 * You should have received a copy of the GNU General Public License along
42 * with this program; if not, write to the Free Software Foundation, Inc.,
43 * 675 Mass Ave, Cambridge, MA 02139, USA.
46 #include <linux/module.h>
47 #include <linux/mutex.h>
49 #include <scsi/scsi.h>
50 #include <scsi/scsi_cmnd.h>
51 #include <scsi/scsi_devinfo.h>
52 #include <scsi/scsi_device.h>
53 #include <scsi/scsi_eh.h>
55 #include "usb.h"
56 #include "scsiglue.h"
57 #include "debug.h"
58 #include "transport.h"
59 #include "protocol.h"
61 /* Vendor IDs for companies that seem to include the READ CAPACITY bug
62 * in all their devices
64 #define VENDOR_ID_NOKIA 0x0421
65 #define VENDOR_ID_NIKON 0x04b0
66 #define VENDOR_ID_PENTAX 0x0a17
67 #define VENDOR_ID_MOTOROLA 0x22b8
69 /***********************************************************************
70 * Host functions
71 ***********************************************************************/
73 static const char* host_info(struct Scsi_Host *host)
75 struct us_data *us = host_to_us(host);
76 return us->scsi_name;
79 static int slave_alloc (struct scsi_device *sdev)
81 struct us_data *us = host_to_us(sdev->host);
84 * Set the INQUIRY transfer length to 36. We don't use any of
85 * the extra data and many devices choke if asked for more or
86 * less than 36 bytes.
88 sdev->inquiry_len = 36;
90 /* USB has unusual DMA-alignment requirements: Although the
91 * starting address of each scatter-gather element doesn't matter,
92 * the length of each element except the last must be divisible
93 * by the Bulk maxpacket value. There's currently no way to
94 * express this by block-layer constraints, so we'll cop out
95 * and simply require addresses to be aligned at 512-byte
96 * boundaries. This is okay since most block I/O involves
97 * hardware sectors that are multiples of 512 bytes in length,
98 * and since host controllers up through USB 2.0 have maxpacket
99 * values no larger than 512.
101 * But it doesn't suffice for Wireless USB, where Bulk maxpacket
102 * values can be as large as 2048. To make that work properly
103 * will require changes to the block layer.
105 blk_queue_update_dma_alignment(sdev->request_queue, (512 - 1));
108 * The UFI spec treates the Peripheral Qualifier bits in an
109 * INQUIRY result as reserved and requires devices to set them
110 * to 0. However the SCSI spec requires these bits to be set
111 * to 3 to indicate when a LUN is not present.
113 * Let the scanning code know if this target merely sets
114 * Peripheral Device Type to 0x1f to indicate no LUN.
116 if (us->subclass == USB_SC_UFI)
117 sdev->sdev_target->pdt_1f_for_no_lun = 1;
119 return 0;
122 static int slave_configure(struct scsi_device *sdev)
124 struct us_data *us = host_to_us(sdev->host);
126 /* Many devices have trouble transferring more than 32KB at a time,
127 * while others have trouble with more than 64K. At this time we
128 * are limiting both to 32K (64 sectores).
130 if (us->fflags & (US_FL_MAX_SECTORS_64 | US_FL_MAX_SECTORS_MIN)) {
131 unsigned int max_sectors = 64;
133 if (us->fflags & US_FL_MAX_SECTORS_MIN)
134 max_sectors = PAGE_CACHE_SIZE >> 9;
135 if (queue_max_hw_sectors(sdev->request_queue) > max_sectors)
136 blk_queue_max_hw_sectors(sdev->request_queue,
137 max_sectors);
138 } else if (sdev->type == TYPE_TAPE) {
139 /* Tapes need much higher max_sector limits, so just
140 * raise it to the maximum possible (4 GB / 512) and
141 * let the queue segment size sort out the real limit.
143 blk_queue_max_hw_sectors(sdev->request_queue, 0x7FFFFF);
146 /* Some USB host controllers can't do DMA; they have to use PIO.
147 * They indicate this by setting their dma_mask to NULL. For
148 * such controllers we need to make sure the block layer sets
149 * up bounce buffers in addressable memory.
151 if (!us->pusb_dev->bus->controller->dma_mask)
152 blk_queue_bounce_limit(sdev->request_queue, BLK_BOUNCE_HIGH);
154 /* We can't put these settings in slave_alloc() because that gets
155 * called before the device type is known. Consequently these
156 * settings can't be overridden via the scsi devinfo mechanism. */
157 if (sdev->type == TYPE_DISK) {
159 /* Some vendors seem to put the READ CAPACITY bug into
160 * all their devices -- primarily makers of cell phones
161 * and digital cameras. Since these devices always use
162 * flash media and can be expected to have an even number
163 * of sectors, we will always enable the CAPACITY_HEURISTICS
164 * flag unless told otherwise. */
165 switch (le16_to_cpu(us->pusb_dev->descriptor.idVendor)) {
166 case VENDOR_ID_NOKIA:
167 case VENDOR_ID_NIKON:
168 case VENDOR_ID_PENTAX:
169 case VENDOR_ID_MOTOROLA:
170 if (!(us->fflags & (US_FL_FIX_CAPACITY |
171 US_FL_CAPACITY_OK)))
172 us->fflags |= US_FL_CAPACITY_HEURISTICS;
173 break;
176 /* Disk-type devices use MODE SENSE(6) if the protocol
177 * (SubClass) is Transparent SCSI, otherwise they use
178 * MODE SENSE(10). */
179 if (us->subclass != USB_SC_SCSI && us->subclass != USB_SC_CYP_ATACB)
180 sdev->use_10_for_ms = 1;
182 /* Many disks only accept MODE SENSE transfer lengths of
183 * 192 bytes (that's what Windows uses). */
184 sdev->use_192_bytes_for_3f = 1;
186 /* Some devices don't like MODE SENSE with page=0x3f,
187 * which is the command used for checking if a device
188 * is write-protected. Now that we tell the sd driver
189 * to do a 192-byte transfer with this command the
190 * majority of devices work fine, but a few still can't
191 * handle it. The sd driver will simply assume those
192 * devices are write-enabled. */
193 if (us->fflags & US_FL_NO_WP_DETECT)
194 sdev->skip_ms_page_3f = 1;
196 /* A number of devices have problems with MODE SENSE for
197 * page x08, so we will skip it. */
198 sdev->skip_ms_page_8 = 1;
200 /* Some disks return the total number of blocks in response
201 * to READ CAPACITY rather than the highest block number.
202 * If this device makes that mistake, tell the sd driver. */
203 if (us->fflags & US_FL_FIX_CAPACITY)
204 sdev->fix_capacity = 1;
206 /* A few disks have two indistinguishable version, one of
207 * which reports the correct capacity and the other does not.
208 * The sd driver has to guess which is the case. */
209 if (us->fflags & US_FL_CAPACITY_HEURISTICS)
210 sdev->guess_capacity = 1;
212 /* Some devices cannot handle READ_CAPACITY_16 */
213 if (us->fflags & US_FL_NO_READ_CAPACITY_16)
214 sdev->no_read_capacity_16 = 1;
216 /* assume SPC3 or latter devices support sense size > 18 */
217 if (sdev->scsi_level > SCSI_SPC_2)
218 us->fflags |= US_FL_SANE_SENSE;
220 /* Some devices report a SCSI revision level above 2 but are
221 * unable to handle the REPORT LUNS command (for which
222 * support is mandatory at level 3). Since we already have
223 * a Get-Max-LUN request, we won't lose much by setting the
224 * revision level down to 2. The only devices that would be
225 * affected are those with sparse LUNs. */
226 if (sdev->scsi_level > SCSI_2)
227 sdev->sdev_target->scsi_level =
228 sdev->scsi_level = SCSI_2;
230 /* USB-IDE bridges tend to report SK = 0x04 (Non-recoverable
231 * Hardware Error) when any low-level error occurs,
232 * recoverable or not. Setting this flag tells the SCSI
233 * midlayer to retry such commands, which frequently will
234 * succeed and fix the error. The worst this can lead to
235 * is an occasional series of retries that will all fail. */
236 sdev->retry_hwerror = 1;
238 /* USB disks should allow restart. Some drives spin down
239 * automatically, requiring a START-STOP UNIT command. */
240 sdev->allow_restart = 1;
242 /* Some USB cardreaders have trouble reading an sdcard's last
243 * sector in a larger then 1 sector read, since the performance
244 * impact is negible we set this flag for all USB disks */
245 sdev->last_sector_bug = 1;
247 /* Enable last-sector hacks for single-target devices using
248 * the Bulk-only transport, unless we already know the
249 * capacity will be decremented or is correct. */
250 if (!(us->fflags & (US_FL_FIX_CAPACITY | US_FL_CAPACITY_OK |
251 US_FL_SCM_MULT_TARG)) &&
252 us->protocol == USB_PR_BULK)
253 us->use_last_sector_hacks = 1;
254 } else {
256 /* Non-disk-type devices don't need to blacklist any pages
257 * or to force 192-byte transfer lengths for MODE SENSE.
258 * But they do need to use MODE SENSE(10). */
259 sdev->use_10_for_ms = 1;
261 /* Some (fake) usb cdrom devices don't like READ_DISC_INFO */
262 if (us->fflags & US_FL_NO_READ_DISC_INFO)
263 sdev->no_read_disc_info = 1;
266 /* The CB and CBI transports have no way to pass LUN values
267 * other than the bits in the second byte of a CDB. But those
268 * bits don't get set to the LUN value if the device reports
269 * scsi_level == 0 (UNKNOWN). Hence such devices must necessarily
270 * be single-LUN.
272 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_CBI) &&
273 sdev->scsi_level == SCSI_UNKNOWN)
274 us->max_lun = 0;
276 /* Some devices choke when they receive a PREVENT-ALLOW MEDIUM
277 * REMOVAL command, so suppress those commands. */
278 if (us->fflags & US_FL_NOT_LOCKABLE)
279 sdev->lockable = 0;
281 /* this is to satisfy the compiler, tho I don't think the
282 * return code is ever checked anywhere. */
283 return 0;
286 /* queue a command */
287 /* This is always called with scsi_lock(host) held */
288 static int queuecommand_lck(struct scsi_cmnd *srb,
289 void (*done)(struct scsi_cmnd *))
291 struct us_data *us = host_to_us(srb->device->host);
293 US_DEBUGP("%s called\n", __func__);
295 /* check for state-transition errors */
296 if (us->srb != NULL) {
297 printk(KERN_ERR USB_STORAGE "Error in %s: us->srb = %p\n",
298 __func__, us->srb);
299 return SCSI_MLQUEUE_HOST_BUSY;
302 /* fail the command if we are disconnecting */
303 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
304 US_DEBUGP("Fail command during disconnect\n");
305 srb->result = DID_NO_CONNECT << 16;
306 done(srb);
307 return 0;
310 /* enqueue the command and wake up the control thread */
311 srb->scsi_done = done;
312 us->srb = srb;
313 complete(&us->cmnd_ready);
315 return 0;
318 static DEF_SCSI_QCMD(queuecommand)
320 /***********************************************************************
321 * Error handling functions
322 ***********************************************************************/
324 /* Command timeout and abort */
325 static int command_abort(struct scsi_cmnd *srb)
327 struct us_data *us = host_to_us(srb->device->host);
329 US_DEBUGP("%s called\n", __func__);
331 /* us->srb together with the TIMED_OUT, RESETTING, and ABORTING
332 * bits are protected by the host lock. */
333 scsi_lock(us_to_host(us));
335 /* Is this command still active? */
336 if (us->srb != srb) {
337 scsi_unlock(us_to_host(us));
338 US_DEBUGP ("-- nothing to abort\n");
339 return FAILED;
342 /* Set the TIMED_OUT bit. Also set the ABORTING bit, but only if
343 * a device reset isn't already in progress (to avoid interfering
344 * with the reset). Note that we must retain the host lock while
345 * calling usb_stor_stop_transport(); otherwise it might interfere
346 * with an auto-reset that begins as soon as we release the lock. */
347 set_bit(US_FLIDX_TIMED_OUT, &us->dflags);
348 if (!test_bit(US_FLIDX_RESETTING, &us->dflags)) {
349 set_bit(US_FLIDX_ABORTING, &us->dflags);
350 usb_stor_stop_transport(us);
352 scsi_unlock(us_to_host(us));
354 /* Wait for the aborted command to finish */
355 wait_for_completion(&us->notify);
356 return SUCCESS;
359 /* This invokes the transport reset mechanism to reset the state of the
360 * device */
361 static int device_reset(struct scsi_cmnd *srb)
363 struct us_data *us = host_to_us(srb->device->host);
364 int result;
366 US_DEBUGP("%s called\n", __func__);
368 /* lock the device pointers and do the reset */
369 mutex_lock(&(us->dev_mutex));
370 result = us->transport_reset(us);
371 mutex_unlock(&us->dev_mutex);
373 return result < 0 ? FAILED : SUCCESS;
376 /* Simulate a SCSI bus reset by resetting the device's USB port. */
377 static int bus_reset(struct scsi_cmnd *srb)
379 struct us_data *us = host_to_us(srb->device->host);
380 int result;
382 US_DEBUGP("%s called\n", __func__);
383 result = usb_stor_port_reset(us);
384 return result < 0 ? FAILED : SUCCESS;
387 /* Report a driver-initiated device reset to the SCSI layer.
388 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
389 * The caller must own the SCSI host lock. */
390 void usb_stor_report_device_reset(struct us_data *us)
392 int i;
393 struct Scsi_Host *host = us_to_host(us);
395 scsi_report_device_reset(host, 0, 0);
396 if (us->fflags & US_FL_SCM_MULT_TARG) {
397 for (i = 1; i < host->max_id; ++i)
398 scsi_report_device_reset(host, 0, i);
402 /* Report a driver-initiated bus reset to the SCSI layer.
403 * Calling this for a SCSI-initiated reset is unnecessary but harmless.
404 * The caller must not own the SCSI host lock. */
405 void usb_stor_report_bus_reset(struct us_data *us)
407 struct Scsi_Host *host = us_to_host(us);
409 scsi_lock(host);
410 scsi_report_bus_reset(host, 0);
411 scsi_unlock(host);
414 /***********************************************************************
415 * /proc/scsi/ functions
416 ***********************************************************************/
418 /* we use this macro to help us write into the buffer */
419 #undef SPRINTF
420 #define SPRINTF(args...) \
421 do { if (pos < buffer+length) pos += sprintf(pos, ## args); } while (0)
423 static int proc_info (struct Scsi_Host *host, char *buffer,
424 char **start, off_t offset, int length, int inout)
426 struct us_data *us = host_to_us(host);
427 char *pos = buffer;
428 const char *string;
430 /* if someone is sending us data, just throw it away */
431 if (inout)
432 return length;
434 /* print the controller name */
435 SPRINTF(" Host scsi%d: usb-storage\n", host->host_no);
437 /* print product, vendor, and serial number strings */
438 if (us->pusb_dev->manufacturer)
439 string = us->pusb_dev->manufacturer;
440 else if (us->unusual_dev->vendorName)
441 string = us->unusual_dev->vendorName;
442 else
443 string = "Unknown";
444 SPRINTF(" Vendor: %s\n", string);
445 if (us->pusb_dev->product)
446 string = us->pusb_dev->product;
447 else if (us->unusual_dev->productName)
448 string = us->unusual_dev->productName;
449 else
450 string = "Unknown";
451 SPRINTF(" Product: %s\n", string);
452 if (us->pusb_dev->serial)
453 string = us->pusb_dev->serial;
454 else
455 string = "None";
456 SPRINTF("Serial Number: %s\n", string);
458 /* show the protocol and transport */
459 SPRINTF(" Protocol: %s\n", us->protocol_name);
460 SPRINTF(" Transport: %s\n", us->transport_name);
462 /* show the device flags */
463 if (pos < buffer + length) {
464 pos += sprintf(pos, " Quirks:");
466 #define US_FLAG(name, value) \
467 if (us->fflags & value) pos += sprintf(pos, " " #name);
468 US_DO_ALL_FLAGS
469 #undef US_FLAG
471 *(pos++) = '\n';
475 * Calculate start of next buffer, and return value.
477 *start = buffer + offset;
479 if ((pos - buffer) < offset)
480 return (0);
481 else if ((pos - buffer - offset) < length)
482 return (pos - buffer - offset);
483 else
484 return (length);
487 /***********************************************************************
488 * Sysfs interface
489 ***********************************************************************/
491 /* Output routine for the sysfs max_sectors file */
492 static ssize_t show_max_sectors(struct device *dev, struct device_attribute *attr, char *buf)
494 struct scsi_device *sdev = to_scsi_device(dev);
496 return sprintf(buf, "%u\n", queue_max_hw_sectors(sdev->request_queue));
499 /* Input routine for the sysfs max_sectors file */
500 static ssize_t store_max_sectors(struct device *dev, struct device_attribute *attr, const char *buf,
501 size_t count)
503 struct scsi_device *sdev = to_scsi_device(dev);
504 unsigned short ms;
506 if (sscanf(buf, "%hu", &ms) > 0) {
507 blk_queue_max_hw_sectors(sdev->request_queue, ms);
508 return count;
510 return -EINVAL;
513 static DEVICE_ATTR(max_sectors, S_IRUGO | S_IWUSR, show_max_sectors,
514 store_max_sectors);
516 static struct device_attribute *sysfs_device_attr_list[] = {
517 &dev_attr_max_sectors,
518 NULL,
522 * this defines our host template, with which we'll allocate hosts
525 struct scsi_host_template usb_stor_host_template = {
526 /* basic userland interface stuff */
527 .name = "usb-storage",
528 .proc_name = "usb-storage",
529 .proc_info = proc_info,
530 .info = host_info,
532 /* command interface -- queued only */
533 .queuecommand = queuecommand,
535 /* error and abort handlers */
536 .eh_abort_handler = command_abort,
537 .eh_device_reset_handler = device_reset,
538 .eh_bus_reset_handler = bus_reset,
540 /* queue commands only, only one command per LUN */
541 .can_queue = 1,
542 .cmd_per_lun = 1,
544 /* unknown initiator id */
545 .this_id = -1,
547 .slave_alloc = slave_alloc,
548 .slave_configure = slave_configure,
550 /* lots of sg segments can be handled */
551 .sg_tablesize = SCSI_MAX_SG_CHAIN_SEGMENTS,
553 /* limit the total size of a transfer to 120 KB */
554 .max_sectors = 240,
556 /* merge commands... this seems to help performance, but
557 * periodically someone should test to see which setting is more
558 * optimal.
560 .use_clustering = 1,
562 /* emulated HBA */
563 .emulated = 1,
565 /* we do our own delay after a device or bus reset */
566 .skip_settle_delay = 1,
568 /* sysfs device attributes */
569 .sdev_attrs = sysfs_device_attr_list,
571 /* module management */
572 .module = THIS_MODULE
575 /* To Report "Illegal Request: Invalid Field in CDB */
576 unsigned char usb_stor_sense_invalidCDB[18] = {
577 [0] = 0x70, /* current error */
578 [2] = ILLEGAL_REQUEST, /* Illegal Request = 0x05 */
579 [7] = 0x0a, /* additional length */
580 [12] = 0x24 /* Invalid Field in CDB */
582 EXPORT_SYMBOL_GPL(usb_stor_sense_invalidCDB);