1 | // SPDX-License-Identifier: GPL-2.0+ |
2 | /* |
3 | * Driver for USB Mass Storage compliant devices |
4 | * |
5 | * Current development and maintenance by: |
6 | * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net) |
7 | * |
8 | * Developed with the assistance of: |
9 | * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org) |
10 | * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov) |
11 | * (c) 2002 Alan Stern <stern@rowland.org> |
12 | * |
13 | * Initial work by: |
14 | * (c) 1999 Michael Gee (michael@linuxspecific.com) |
15 | * |
16 | * This driver is based on the 'USB Mass Storage Class' document. This |
17 | * describes in detail the protocol used to communicate with such |
18 | * devices. Clearly, the designers had SCSI and ATAPI commands in |
19 | * mind when they created this document. The commands are all very |
20 | * similar to commands in the SCSI-II and ATAPI specifications. |
21 | * |
22 | * It is important to note that in a number of cases this class |
23 | * exhibits class-specific exemptions from the USB specification. |
24 | * Notably the usage of NAK, STALL and ACK differs from the norm, in |
25 | * that they are used to communicate wait, failed and OK on commands. |
26 | * |
27 | * Also, for certain devices, the interrupt endpoint is used to convey |
28 | * status of a command. |
29 | */ |
30 | |
31 | #include <linux/sched.h> |
32 | #include <linux/gfp.h> |
33 | #include <linux/errno.h> |
34 | #include <linux/export.h> |
35 | |
36 | #include <linux/usb/quirks.h> |
37 | |
38 | #include <scsi/scsi.h> |
39 | #include <scsi/scsi_eh.h> |
40 | #include <scsi/scsi_device.h> |
41 | |
42 | #include "usb.h" |
43 | #include "transport.h" |
44 | #include "protocol.h" |
45 | #include "scsiglue.h" |
46 | #include "debug.h" |
47 | |
48 | #include <linux/blkdev.h> |
49 | #include "../../scsi/sd.h" |
50 | |
51 | |
52 | /*********************************************************************** |
53 | * Data transfer routines |
54 | ***********************************************************************/ |
55 | |
56 | /* |
57 | * This is subtle, so pay attention: |
58 | * --------------------------------- |
59 | * We're very concerned about races with a command abort. Hanging this code |
60 | * is a sure fire way to hang the kernel. (Note that this discussion applies |
61 | * only to transactions resulting from a scsi queued-command, since only |
62 | * these transactions are subject to a scsi abort. Other transactions, such |
63 | * as those occurring during device-specific initialization, must be handled |
64 | * by a separate code path.) |
65 | * |
66 | * The abort function (usb_storage_command_abort() in scsiglue.c) first |
67 | * sets the machine state and the ABORTING bit in us->dflags to prevent |
68 | * new URBs from being submitted. It then calls usb_stor_stop_transport() |
69 | * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags |
70 | * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE |
71 | * bit is tested to see if the current_sg scatter-gather request needs to be |
72 | * stopped. The timeout callback routine does much the same thing. |
73 | * |
74 | * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to |
75 | * prevent new URBs from being submitted, and usb_stor_stop_transport() is |
76 | * called to stop any ongoing requests. |
77 | * |
78 | * The submit function first verifies that the submitting is allowed |
79 | * (neither ABORTING nor DISCONNECTING bits are set) and that the submit |
80 | * completes without errors, and only then sets the URB_ACTIVE bit. This |
81 | * prevents the stop_transport() function from trying to cancel the URB |
82 | * while the submit call is underway. Next, the submit function must test |
83 | * the flags to see if an abort or disconnect occurred during the submission |
84 | * or before the URB_ACTIVE bit was set. If so, it's essential to cancel |
85 | * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit |
86 | * is still set). Either way, the function must then wait for the URB to |
87 | * finish. Note that the URB can still be in progress even after a call to |
88 | * usb_unlink_urb() returns. |
89 | * |
90 | * The idea is that (1) once the ABORTING or DISCONNECTING bit is set, |
91 | * either the stop_transport() function or the submitting function |
92 | * is guaranteed to call usb_unlink_urb() for an active URB, |
93 | * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being |
94 | * called more than once or from being called during usb_submit_urb(). |
95 | */ |
96 | |
97 | /* |
98 | * This is the completion handler which will wake us up when an URB |
99 | * completes. |
100 | */ |
101 | static void usb_stor_blocking_completion(struct urb *urb) |
102 | { |
103 | struct completion *urb_done_ptr = urb->context; |
104 | |
105 | complete(urb_done_ptr); |
106 | } |
107 | |
108 | /* |
109 | * This is the common part of the URB message submission code |
110 | * |
111 | * All URBs from the usb-storage driver involved in handling a queued scsi |
112 | * command _must_ pass through this function (or something like it) for the |
113 | * abort mechanisms to work properly. |
114 | */ |
115 | static int usb_stor_msg_common(struct us_data *us, int timeout) |
116 | { |
117 | struct completion urb_done; |
118 | long timeleft; |
119 | int status; |
120 | |
121 | /* don't submit URBs during abort processing */ |
122 | if (test_bit(US_FLIDX_ABORTING, &us->dflags)) |
123 | return -EIO; |
124 | |
125 | /* set up data structures for the wakeup system */ |
126 | init_completion(x: &urb_done); |
127 | |
128 | /* fill the common fields in the URB */ |
129 | us->current_urb->context = &urb_done; |
130 | us->current_urb->transfer_flags = 0; |
131 | |
132 | /* |
133 | * we assume that if transfer_buffer isn't us->iobuf then it |
134 | * hasn't been mapped for DMA. Yes, this is clunky, but it's |
135 | * easier than always having the caller tell us whether the |
136 | * transfer buffer has already been mapped. |
137 | */ |
138 | if (us->current_urb->transfer_buffer == us->iobuf) |
139 | us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; |
140 | us->current_urb->transfer_dma = us->iobuf_dma; |
141 | |
142 | /* submit the URB */ |
143 | status = usb_submit_urb(urb: us->current_urb, GFP_NOIO); |
144 | if (status) { |
145 | /* something went wrong */ |
146 | return status; |
147 | } |
148 | |
149 | /* |
150 | * since the URB has been submitted successfully, it's now okay |
151 | * to cancel it |
152 | */ |
153 | set_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags); |
154 | |
155 | /* did an abort occur during the submission? */ |
156 | if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { |
157 | |
158 | /* cancel the URB, if it hasn't been cancelled already */ |
159 | if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags)) { |
160 | usb_stor_dbg(us, fmt: "-- cancelling URB\n" ); |
161 | usb_unlink_urb(urb: us->current_urb); |
162 | } |
163 | } |
164 | |
165 | /* wait for the completion of the URB */ |
166 | timeleft = wait_for_completion_interruptible_timeout( |
167 | x: &urb_done, timeout: timeout ? : MAX_SCHEDULE_TIMEOUT); |
168 | |
169 | clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags); |
170 | |
171 | if (timeleft <= 0) { |
172 | usb_stor_dbg(us, fmt: "%s -- cancelling URB\n" , |
173 | timeleft == 0 ? "Timeout" : "Signal" ); |
174 | usb_kill_urb(urb: us->current_urb); |
175 | } |
176 | |
177 | /* return the URB status */ |
178 | return us->current_urb->status; |
179 | } |
180 | |
181 | /* |
182 | * Transfer one control message, with timeouts, and allowing early |
183 | * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx. |
184 | */ |
185 | int usb_stor_control_msg(struct us_data *us, unsigned int pipe, |
186 | u8 request, u8 requesttype, u16 value, u16 index, |
187 | void *data, u16 size, int timeout) |
188 | { |
189 | int status; |
190 | |
191 | usb_stor_dbg(us, fmt: "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n" , |
192 | request, requesttype, value, index, size); |
193 | |
194 | /* fill in the devrequest structure */ |
195 | us->cr->bRequestType = requesttype; |
196 | us->cr->bRequest = request; |
197 | us->cr->wValue = cpu_to_le16(value); |
198 | us->cr->wIndex = cpu_to_le16(index); |
199 | us->cr->wLength = cpu_to_le16(size); |
200 | |
201 | /* fill and submit the URB */ |
202 | usb_fill_control_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, |
203 | setup_packet: (unsigned char*) us->cr, transfer_buffer: data, buffer_length: size, |
204 | complete_fn: usb_stor_blocking_completion, NULL); |
205 | status = usb_stor_msg_common(us, timeout); |
206 | |
207 | /* return the actual length of the data transferred if no error */ |
208 | if (status == 0) |
209 | status = us->current_urb->actual_length; |
210 | return status; |
211 | } |
212 | EXPORT_SYMBOL_GPL(usb_stor_control_msg); |
213 | |
214 | /* |
215 | * This is a version of usb_clear_halt() that allows early termination and |
216 | * doesn't read the status from the device -- this is because some devices |
217 | * crash their internal firmware when the status is requested after a halt. |
218 | * |
219 | * A definitive list of these 'bad' devices is too difficult to maintain or |
220 | * make complete enough to be useful. This problem was first observed on the |
221 | * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither |
222 | * MacOS nor Windows checks the status after clearing a halt. |
223 | * |
224 | * Since many vendors in this space limit their testing to interoperability |
225 | * with these two OSes, specification violations like this one are common. |
226 | */ |
227 | int usb_stor_clear_halt(struct us_data *us, unsigned int pipe) |
228 | { |
229 | int result; |
230 | int endp = usb_pipeendpoint(pipe); |
231 | |
232 | if (usb_pipein (pipe)) |
233 | endp |= USB_DIR_IN; |
234 | |
235 | result = usb_stor_control_msg(us, us->send_ctrl_pipe, |
236 | USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT, |
237 | USB_ENDPOINT_HALT, endp, |
238 | NULL, 0, 3*HZ); |
239 | |
240 | if (result >= 0) |
241 | usb_reset_endpoint(dev: us->pusb_dev, epaddr: endp); |
242 | |
243 | usb_stor_dbg(us, fmt: "result = %d\n" , result); |
244 | return result; |
245 | } |
246 | EXPORT_SYMBOL_GPL(usb_stor_clear_halt); |
247 | |
248 | |
249 | /* |
250 | * Interpret the results of a URB transfer |
251 | * |
252 | * This function prints appropriate debugging messages, clears halts on |
253 | * non-control endpoints, and translates the status to the corresponding |
254 | * USB_STOR_XFER_xxx return code. |
255 | */ |
256 | static int interpret_urb_result(struct us_data *us, unsigned int pipe, |
257 | unsigned int length, int result, unsigned int partial) |
258 | { |
259 | usb_stor_dbg(us, fmt: "Status code %d; transferred %u/%u\n" , |
260 | result, partial, length); |
261 | switch (result) { |
262 | |
263 | /* no error code; did we send all the data? */ |
264 | case 0: |
265 | if (partial != length) { |
266 | usb_stor_dbg(us, fmt: "-- short transfer\n" ); |
267 | return USB_STOR_XFER_SHORT; |
268 | } |
269 | |
270 | usb_stor_dbg(us, fmt: "-- transfer complete\n" ); |
271 | return USB_STOR_XFER_GOOD; |
272 | |
273 | /* stalled */ |
274 | case -EPIPE: |
275 | /* |
276 | * for control endpoints, (used by CB[I]) a stall indicates |
277 | * a failed command |
278 | */ |
279 | if (usb_pipecontrol(pipe)) { |
280 | usb_stor_dbg(us, fmt: "-- stall on control pipe\n" ); |
281 | return USB_STOR_XFER_STALLED; |
282 | } |
283 | |
284 | /* for other sorts of endpoint, clear the stall */ |
285 | usb_stor_dbg(us, fmt: "clearing endpoint halt for pipe 0x%x\n" , |
286 | pipe); |
287 | if (usb_stor_clear_halt(us, pipe) < 0) |
288 | return USB_STOR_XFER_ERROR; |
289 | return USB_STOR_XFER_STALLED; |
290 | |
291 | /* babble - the device tried to send more than we wanted to read */ |
292 | case -EOVERFLOW: |
293 | usb_stor_dbg(us, fmt: "-- babble\n" ); |
294 | return USB_STOR_XFER_LONG; |
295 | |
296 | /* the transfer was cancelled by abort, disconnect, or timeout */ |
297 | case -ECONNRESET: |
298 | usb_stor_dbg(us, fmt: "-- transfer cancelled\n" ); |
299 | return USB_STOR_XFER_ERROR; |
300 | |
301 | /* short scatter-gather read transfer */ |
302 | case -EREMOTEIO: |
303 | usb_stor_dbg(us, fmt: "-- short read transfer\n" ); |
304 | return USB_STOR_XFER_SHORT; |
305 | |
306 | /* abort or disconnect in progress */ |
307 | case -EIO: |
308 | usb_stor_dbg(us, fmt: "-- abort or disconnect in progress\n" ); |
309 | return USB_STOR_XFER_ERROR; |
310 | |
311 | /* the catch-all error case */ |
312 | default: |
313 | usb_stor_dbg(us, fmt: "-- unknown error\n" ); |
314 | return USB_STOR_XFER_ERROR; |
315 | } |
316 | } |
317 | |
318 | /* |
319 | * Transfer one control message, without timeouts, but allowing early |
320 | * termination. Return codes are USB_STOR_XFER_xxx. |
321 | */ |
322 | int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe, |
323 | u8 request, u8 requesttype, u16 value, u16 index, |
324 | void *data, u16 size) |
325 | { |
326 | int result; |
327 | |
328 | usb_stor_dbg(us, fmt: "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n" , |
329 | request, requesttype, value, index, size); |
330 | |
331 | /* fill in the devrequest structure */ |
332 | us->cr->bRequestType = requesttype; |
333 | us->cr->bRequest = request; |
334 | us->cr->wValue = cpu_to_le16(value); |
335 | us->cr->wIndex = cpu_to_le16(index); |
336 | us->cr->wLength = cpu_to_le16(size); |
337 | |
338 | /* fill and submit the URB */ |
339 | usb_fill_control_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, |
340 | setup_packet: (unsigned char*) us->cr, transfer_buffer: data, buffer_length: size, |
341 | complete_fn: usb_stor_blocking_completion, NULL); |
342 | result = usb_stor_msg_common(us, timeout: 0); |
343 | |
344 | return interpret_urb_result(us, pipe, length: size, result, |
345 | partial: us->current_urb->actual_length); |
346 | } |
347 | EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer); |
348 | |
349 | /* |
350 | * Receive one interrupt buffer, without timeouts, but allowing early |
351 | * termination. Return codes are USB_STOR_XFER_xxx. |
352 | * |
353 | * This routine always uses us->recv_intr_pipe as the pipe and |
354 | * us->ep_bInterval as the interrupt interval. |
355 | */ |
356 | static int usb_stor_intr_transfer(struct us_data *us, void *buf, |
357 | unsigned int length) |
358 | { |
359 | int result; |
360 | unsigned int pipe = us->recv_intr_pipe; |
361 | unsigned int maxp; |
362 | |
363 | usb_stor_dbg(us, fmt: "xfer %u bytes\n" , length); |
364 | |
365 | /* calculate the max packet size */ |
366 | maxp = usb_maxpacket(udev: us->pusb_dev, pipe); |
367 | if (maxp > length) |
368 | maxp = length; |
369 | |
370 | /* fill and submit the URB */ |
371 | usb_fill_int_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, transfer_buffer: buf, |
372 | buffer_length: maxp, complete_fn: usb_stor_blocking_completion, NULL, |
373 | interval: us->ep_bInterval); |
374 | result = usb_stor_msg_common(us, timeout: 0); |
375 | |
376 | return interpret_urb_result(us, pipe, length, result, |
377 | partial: us->current_urb->actual_length); |
378 | } |
379 | |
380 | /* |
381 | * Transfer one buffer via bulk pipe, without timeouts, but allowing early |
382 | * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe |
383 | * stalls during the transfer, the halt is automatically cleared. |
384 | */ |
385 | int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe, |
386 | void *buf, unsigned int length, unsigned int *act_len) |
387 | { |
388 | int result; |
389 | |
390 | usb_stor_dbg(us, fmt: "xfer %u bytes\n" , length); |
391 | |
392 | /* fill and submit the URB */ |
393 | usb_fill_bulk_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, transfer_buffer: buf, buffer_length: length, |
394 | complete_fn: usb_stor_blocking_completion, NULL); |
395 | result = usb_stor_msg_common(us, timeout: 0); |
396 | |
397 | /* store the actual length of the data transferred */ |
398 | if (act_len) |
399 | *act_len = us->current_urb->actual_length; |
400 | return interpret_urb_result(us, pipe, length, result, |
401 | partial: us->current_urb->actual_length); |
402 | } |
403 | EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf); |
404 | |
405 | /* |
406 | * Transfer a scatter-gather list via bulk transfer |
407 | * |
408 | * This function does basically the same thing as usb_stor_bulk_transfer_buf() |
409 | * above, but it uses the usbcore scatter-gather library. |
410 | */ |
411 | static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe, |
412 | struct scatterlist *sg, int num_sg, unsigned int length, |
413 | unsigned int *act_len) |
414 | { |
415 | int result; |
416 | |
417 | /* don't submit s-g requests during abort processing */ |
418 | if (test_bit(US_FLIDX_ABORTING, &us->dflags)) |
419 | goto usb_stor_xfer_error; |
420 | |
421 | /* initialize the scatter-gather request block */ |
422 | usb_stor_dbg(us, fmt: "xfer %u bytes, %d entries\n" , length, num_sg); |
423 | result = usb_sg_init(io: &us->current_sg, dev: us->pusb_dev, pipe, period: 0, |
424 | sg, nents: num_sg, length, GFP_NOIO); |
425 | if (result) { |
426 | usb_stor_dbg(us, fmt: "usb_sg_init returned %d\n" , result); |
427 | goto usb_stor_xfer_error; |
428 | } |
429 | |
430 | /* |
431 | * since the block has been initialized successfully, it's now |
432 | * okay to cancel it |
433 | */ |
434 | set_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags); |
435 | |
436 | /* did an abort occur during the submission? */ |
437 | if (test_bit(US_FLIDX_ABORTING, &us->dflags)) { |
438 | |
439 | /* cancel the request, if it hasn't been cancelled already */ |
440 | if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags)) { |
441 | usb_stor_dbg(us, fmt: "-- cancelling sg request\n" ); |
442 | usb_sg_cancel(io: &us->current_sg); |
443 | } |
444 | } |
445 | |
446 | /* wait for the completion of the transfer */ |
447 | usb_sg_wait(io: &us->current_sg); |
448 | clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags); |
449 | |
450 | result = us->current_sg.status; |
451 | if (act_len) |
452 | *act_len = us->current_sg.bytes; |
453 | return interpret_urb_result(us, pipe, length, result, |
454 | partial: us->current_sg.bytes); |
455 | |
456 | usb_stor_xfer_error: |
457 | if (act_len) |
458 | *act_len = 0; |
459 | return USB_STOR_XFER_ERROR; |
460 | } |
461 | |
462 | /* |
463 | * Common used function. Transfer a complete command |
464 | * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid |
465 | */ |
466 | int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe, |
467 | struct scsi_cmnd* srb) |
468 | { |
469 | unsigned int partial; |
470 | int result = usb_stor_bulk_transfer_sglist(us, pipe, sg: scsi_sglist(cmd: srb), |
471 | num_sg: scsi_sg_count(cmd: srb), length: scsi_bufflen(cmd: srb), |
472 | act_len: &partial); |
473 | |
474 | scsi_set_resid(cmd: srb, resid: scsi_bufflen(cmd: srb) - partial); |
475 | return result; |
476 | } |
477 | EXPORT_SYMBOL_GPL(usb_stor_bulk_srb); |
478 | |
479 | /* |
480 | * Transfer an entire SCSI command's worth of data payload over the bulk |
481 | * pipe. |
482 | * |
483 | * Note that this uses usb_stor_bulk_transfer_buf() and |
484 | * usb_stor_bulk_transfer_sglist() to achieve its goals -- |
485 | * this function simply determines whether we're going to use |
486 | * scatter-gather or not, and acts appropriately. |
487 | */ |
488 | int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe, |
489 | void *buf, unsigned int length_left, int use_sg, int *residual) |
490 | { |
491 | int result; |
492 | unsigned int partial; |
493 | |
494 | /* are we scatter-gathering? */ |
495 | if (use_sg) { |
496 | /* use the usb core scatter-gather primitives */ |
497 | result = usb_stor_bulk_transfer_sglist(us, pipe, |
498 | sg: (struct scatterlist *) buf, num_sg: use_sg, |
499 | length: length_left, act_len: &partial); |
500 | length_left -= partial; |
501 | } else { |
502 | /* no scatter-gather, just make the request */ |
503 | result = usb_stor_bulk_transfer_buf(us, pipe, buf, |
504 | length_left, &partial); |
505 | length_left -= partial; |
506 | } |
507 | |
508 | /* store the residual and return the error code */ |
509 | if (residual) |
510 | *residual = length_left; |
511 | return result; |
512 | } |
513 | EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg); |
514 | |
515 | /*********************************************************************** |
516 | * Transport routines |
517 | ***********************************************************************/ |
518 | |
519 | /* |
520 | * There are so many devices that report the capacity incorrectly, |
521 | * this routine was written to counteract some of the resulting |
522 | * problems. |
523 | */ |
524 | static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb) |
525 | { |
526 | struct gendisk *disk; |
527 | struct scsi_disk *sdkp; |
528 | u32 sector; |
529 | |
530 | /* To Report "Medium Error: Record Not Found */ |
531 | static unsigned char record_not_found[18] = { |
532 | [0] = 0x70, /* current error */ |
533 | [2] = MEDIUM_ERROR, /* = 0x03 */ |
534 | [7] = 0x0a, /* additional length */ |
535 | [12] = 0x14 /* Record Not Found */ |
536 | }; |
537 | |
538 | /* |
539 | * If last-sector problems can't occur, whether because the |
540 | * capacity was already decremented or because the device is |
541 | * known to report the correct capacity, then we don't need |
542 | * to do anything. |
543 | */ |
544 | if (!us->use_last_sector_hacks) |
545 | return; |
546 | |
547 | /* Was this command a READ(10) or a WRITE(10)? */ |
548 | if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10) |
549 | goto done; |
550 | |
551 | /* Did this command access the last sector? */ |
552 | sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) | |
553 | (srb->cmnd[4] << 8) | (srb->cmnd[5]); |
554 | disk = scsi_cmd_to_rq(scmd: srb)->q->disk; |
555 | if (!disk) |
556 | goto done; |
557 | sdkp = scsi_disk(disk); |
558 | if (!sdkp) |
559 | goto done; |
560 | if (sector + 1 != sdkp->capacity) |
561 | goto done; |
562 | |
563 | if (srb->result == SAM_STAT_GOOD && scsi_get_resid(cmd: srb) == 0) { |
564 | |
565 | /* |
566 | * The command succeeded. We know this device doesn't |
567 | * have the last-sector bug, so stop checking it. |
568 | */ |
569 | us->use_last_sector_hacks = 0; |
570 | |
571 | } else { |
572 | /* |
573 | * The command failed. Allow up to 3 retries in case this |
574 | * is some normal sort of failure. After that, assume the |
575 | * capacity is wrong and we're trying to access the sector |
576 | * beyond the end. Replace the result code and sense data |
577 | * with values that will cause the SCSI core to fail the |
578 | * command immediately, instead of going into an infinite |
579 | * (or even just a very long) retry loop. |
580 | */ |
581 | if (++us->last_sector_retries < 3) |
582 | return; |
583 | srb->result = SAM_STAT_CHECK_CONDITION; |
584 | memcpy(srb->sense_buffer, record_not_found, |
585 | sizeof(record_not_found)); |
586 | } |
587 | |
588 | done: |
589 | /* |
590 | * Don't reset the retry counter for TEST UNIT READY commands, |
591 | * because they get issued after device resets which might be |
592 | * caused by a failed last-sector access. |
593 | */ |
594 | if (srb->cmnd[0] != TEST_UNIT_READY) |
595 | us->last_sector_retries = 0; |
596 | } |
597 | |
598 | /* |
599 | * Invoke the transport and basic error-handling/recovery methods |
600 | * |
601 | * This is used by the protocol layers to actually send the message to |
602 | * the device and receive the response. |
603 | */ |
604 | void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us) |
605 | { |
606 | int need_auto_sense; |
607 | int result; |
608 | |
609 | /* send the command to the transport layer */ |
610 | scsi_set_resid(cmd: srb, resid: 0); |
611 | result = us->transport(srb, us); |
612 | |
613 | /* |
614 | * if the command gets aborted by the higher layers, we need to |
615 | * short-circuit all other processing |
616 | */ |
617 | if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { |
618 | usb_stor_dbg(us, fmt: "-- command was aborted\n" ); |
619 | srb->result = DID_ABORT << 16; |
620 | goto Handle_Errors; |
621 | } |
622 | |
623 | /* if there is a transport error, reset and don't auto-sense */ |
624 | if (result == USB_STOR_TRANSPORT_ERROR) { |
625 | usb_stor_dbg(us, fmt: "-- transport indicates error, resetting\n" ); |
626 | srb->result = DID_ERROR << 16; |
627 | goto Handle_Errors; |
628 | } |
629 | |
630 | /* if the transport provided its own sense data, don't auto-sense */ |
631 | if (result == USB_STOR_TRANSPORT_NO_SENSE) { |
632 | srb->result = SAM_STAT_CHECK_CONDITION; |
633 | last_sector_hacks(us, srb); |
634 | return; |
635 | } |
636 | |
637 | srb->result = SAM_STAT_GOOD; |
638 | |
639 | /* |
640 | * Determine if we need to auto-sense |
641 | * |
642 | * I normally don't use a flag like this, but it's almost impossible |
643 | * to understand what's going on here if I don't. |
644 | */ |
645 | need_auto_sense = 0; |
646 | |
647 | /* |
648 | * If we're running the CB transport, which is incapable |
649 | * of determining status on its own, we will auto-sense |
650 | * unless the operation involved a data-in transfer. Devices |
651 | * can signal most data-in errors by stalling the bulk-in pipe. |
652 | */ |
653 | if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_DPCM_USB) && |
654 | srb->sc_data_direction != DMA_FROM_DEVICE) { |
655 | usb_stor_dbg(us, fmt: "-- CB transport device requiring auto-sense\n" ); |
656 | need_auto_sense = 1; |
657 | } |
658 | |
659 | /* Some devices (Kindle) require another command after SYNC CACHE */ |
660 | if ((us->fflags & US_FL_SENSE_AFTER_SYNC) && |
661 | srb->cmnd[0] == SYNCHRONIZE_CACHE) { |
662 | usb_stor_dbg(us, fmt: "-- sense after SYNC CACHE\n" ); |
663 | need_auto_sense = 1; |
664 | } |
665 | |
666 | /* |
667 | * If we have a failure, we're going to do a REQUEST_SENSE |
668 | * automatically. Note that we differentiate between a command |
669 | * "failure" and an "error" in the transport mechanism. |
670 | */ |
671 | if (result == USB_STOR_TRANSPORT_FAILED) { |
672 | usb_stor_dbg(us, fmt: "-- transport indicates command failure\n" ); |
673 | need_auto_sense = 1; |
674 | } |
675 | |
676 | /* |
677 | * Determine if this device is SAT by seeing if the |
678 | * command executed successfully. Otherwise we'll have |
679 | * to wait for at least one CHECK_CONDITION to determine |
680 | * SANE_SENSE support |
681 | */ |
682 | if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) && |
683 | result == USB_STOR_TRANSPORT_GOOD && |
684 | !(us->fflags & US_FL_SANE_SENSE) && |
685 | !(us->fflags & US_FL_BAD_SENSE) && |
686 | !(srb->cmnd[2] & 0x20))) { |
687 | usb_stor_dbg(us, fmt: "-- SAT supported, increasing auto-sense\n" ); |
688 | us->fflags |= US_FL_SANE_SENSE; |
689 | } |
690 | |
691 | /* |
692 | * A short transfer on a command where we don't expect it |
693 | * is unusual, but it doesn't mean we need to auto-sense. |
694 | */ |
695 | if ((scsi_get_resid(cmd: srb) > 0) && |
696 | !((srb->cmnd[0] == REQUEST_SENSE) || |
697 | (srb->cmnd[0] == INQUIRY) || |
698 | (srb->cmnd[0] == MODE_SENSE) || |
699 | (srb->cmnd[0] == LOG_SENSE) || |
700 | (srb->cmnd[0] == MODE_SENSE_10))) { |
701 | usb_stor_dbg(us, fmt: "-- unexpectedly short transfer\n" ); |
702 | } |
703 | |
704 | /* Now, if we need to do the auto-sense, let's do it */ |
705 | if (need_auto_sense) { |
706 | int temp_result; |
707 | struct scsi_eh_save ses; |
708 | int sense_size = US_SENSE_SIZE; |
709 | struct scsi_sense_hdr sshdr; |
710 | const u8 *scdd; |
711 | u8 fm_ili; |
712 | |
713 | /* device supports and needs bigger sense buffer */ |
714 | if (us->fflags & US_FL_SANE_SENSE) |
715 | sense_size = ~0; |
716 | Retry_Sense: |
717 | usb_stor_dbg(us, fmt: "Issuing auto-REQUEST_SENSE\n" ); |
718 | |
719 | scsi_eh_prep_cmnd(scmd: srb, ses: &ses, NULL, cmnd_size: 0, sense_bytes: sense_size); |
720 | |
721 | /* FIXME: we must do the protocol translation here */ |
722 | if (us->subclass == USB_SC_RBC || us->subclass == USB_SC_SCSI || |
723 | us->subclass == USB_SC_CYP_ATACB) |
724 | srb->cmd_len = 6; |
725 | else |
726 | srb->cmd_len = 12; |
727 | |
728 | /* issue the auto-sense command */ |
729 | scsi_set_resid(cmd: srb, resid: 0); |
730 | temp_result = us->transport(us->srb, us); |
731 | |
732 | /* let's clean up right away */ |
733 | scsi_eh_restore_cmnd(scmd: srb, ses: &ses); |
734 | |
735 | if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) { |
736 | usb_stor_dbg(us, fmt: "-- auto-sense aborted\n" ); |
737 | srb->result = DID_ABORT << 16; |
738 | |
739 | /* If SANE_SENSE caused this problem, disable it */ |
740 | if (sense_size != US_SENSE_SIZE) { |
741 | us->fflags &= ~US_FL_SANE_SENSE; |
742 | us->fflags |= US_FL_BAD_SENSE; |
743 | } |
744 | goto Handle_Errors; |
745 | } |
746 | |
747 | /* |
748 | * Some devices claim to support larger sense but fail when |
749 | * trying to request it. When a transport failure happens |
750 | * using US_FS_SANE_SENSE, we always retry with a standard |
751 | * (small) sense request. This fixes some USB GSM modems |
752 | */ |
753 | if (temp_result == USB_STOR_TRANSPORT_FAILED && |
754 | sense_size != US_SENSE_SIZE) { |
755 | usb_stor_dbg(us, fmt: "-- auto-sense failure, retry small sense\n" ); |
756 | sense_size = US_SENSE_SIZE; |
757 | us->fflags &= ~US_FL_SANE_SENSE; |
758 | us->fflags |= US_FL_BAD_SENSE; |
759 | goto Retry_Sense; |
760 | } |
761 | |
762 | /* Other failures */ |
763 | if (temp_result != USB_STOR_TRANSPORT_GOOD) { |
764 | usb_stor_dbg(us, fmt: "-- auto-sense failure\n" ); |
765 | |
766 | /* |
767 | * we skip the reset if this happens to be a |
768 | * multi-target device, since failure of an |
769 | * auto-sense is perfectly valid |
770 | */ |
771 | srb->result = DID_ERROR << 16; |
772 | if (!(us->fflags & US_FL_SCM_MULT_TARG)) |
773 | goto Handle_Errors; |
774 | return; |
775 | } |
776 | |
777 | /* |
778 | * If the sense data returned is larger than 18-bytes then we |
779 | * assume this device supports requesting more in the future. |
780 | * The response code must be 70h through 73h inclusive. |
781 | */ |
782 | if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) && |
783 | !(us->fflags & US_FL_SANE_SENSE) && |
784 | !(us->fflags & US_FL_BAD_SENSE) && |
785 | (srb->sense_buffer[0] & 0x7C) == 0x70) { |
786 | usb_stor_dbg(us, fmt: "-- SANE_SENSE support enabled\n" ); |
787 | us->fflags |= US_FL_SANE_SENSE; |
788 | |
789 | /* |
790 | * Indicate to the user that we truncated their sense |
791 | * because we didn't know it supported larger sense. |
792 | */ |
793 | usb_stor_dbg(us, fmt: "-- Sense data truncated to %i from %i\n" , |
794 | US_SENSE_SIZE, |
795 | srb->sense_buffer[7] + 8); |
796 | srb->sense_buffer[7] = (US_SENSE_SIZE - 8); |
797 | } |
798 | |
799 | scsi_normalize_sense(sense_buffer: srb->sense_buffer, SCSI_SENSE_BUFFERSIZE, |
800 | sshdr: &sshdr); |
801 | |
802 | usb_stor_dbg(us, fmt: "-- Result from auto-sense is %d\n" , |
803 | temp_result); |
804 | usb_stor_dbg(us, fmt: "-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n" , |
805 | sshdr.response_code, sshdr.sense_key, |
806 | sshdr.asc, sshdr.ascq); |
807 | #ifdef CONFIG_USB_STORAGE_DEBUG |
808 | usb_stor_show_sense(us, key: sshdr.sense_key, asc: sshdr.asc, ascq: sshdr.ascq); |
809 | #endif |
810 | |
811 | /* set the result so the higher layers expect this data */ |
812 | srb->result = SAM_STAT_CHECK_CONDITION; |
813 | |
814 | scdd = scsi_sense_desc_find(sense_buffer: srb->sense_buffer, |
815 | SCSI_SENSE_BUFFERSIZE, desc_type: 4); |
816 | fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0; |
817 | |
818 | /* |
819 | * We often get empty sense data. This could indicate that |
820 | * everything worked or that there was an unspecified |
821 | * problem. We have to decide which. |
822 | */ |
823 | if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 && |
824 | fm_ili == 0) { |
825 | /* |
826 | * If things are really okay, then let's show that. |
827 | * Zero out the sense buffer so the higher layers |
828 | * won't realize we did an unsolicited auto-sense. |
829 | */ |
830 | if (result == USB_STOR_TRANSPORT_GOOD) { |
831 | srb->result = SAM_STAT_GOOD; |
832 | srb->sense_buffer[0] = 0x0; |
833 | } |
834 | |
835 | /* |
836 | * ATA-passthru commands use sense data to report |
837 | * the command completion status, and often devices |
838 | * return Check Condition status when nothing is |
839 | * wrong. |
840 | */ |
841 | else if (srb->cmnd[0] == ATA_16 || |
842 | srb->cmnd[0] == ATA_12) { |
843 | /* leave the data alone */ |
844 | } |
845 | |
846 | /* |
847 | * If there was a problem, report an unspecified |
848 | * hardware error to prevent the higher layers from |
849 | * entering an infinite retry loop. |
850 | */ |
851 | else { |
852 | srb->result = DID_ERROR << 16; |
853 | if ((sshdr.response_code & 0x72) == 0x72) |
854 | srb->sense_buffer[1] = HARDWARE_ERROR; |
855 | else |
856 | srb->sense_buffer[2] = HARDWARE_ERROR; |
857 | } |
858 | } |
859 | } |
860 | |
861 | /* |
862 | * Some devices don't work or return incorrect data the first |
863 | * time they get a READ(10) command, or for the first READ(10) |
864 | * after a media change. If the INITIAL_READ10 flag is set, |
865 | * keep track of whether READ(10) commands succeed. If the |
866 | * previous one succeeded and this one failed, set the REDO_READ10 |
867 | * flag to force a retry. |
868 | */ |
869 | if (unlikely((us->fflags & US_FL_INITIAL_READ10) && |
870 | srb->cmnd[0] == READ_10)) { |
871 | if (srb->result == SAM_STAT_GOOD) { |
872 | set_bit(US_FLIDX_READ10_WORKED, addr: &us->dflags); |
873 | } else if (test_bit(US_FLIDX_READ10_WORKED, &us->dflags)) { |
874 | clear_bit(US_FLIDX_READ10_WORKED, addr: &us->dflags); |
875 | set_bit(US_FLIDX_REDO_READ10, addr: &us->dflags); |
876 | } |
877 | |
878 | /* |
879 | * Next, if the REDO_READ10 flag is set, return a result |
880 | * code that will cause the SCSI core to retry the READ(10) |
881 | * command immediately. |
882 | */ |
883 | if (test_bit(US_FLIDX_REDO_READ10, &us->dflags)) { |
884 | clear_bit(US_FLIDX_REDO_READ10, addr: &us->dflags); |
885 | srb->result = DID_IMM_RETRY << 16; |
886 | srb->sense_buffer[0] = 0; |
887 | } |
888 | } |
889 | |
890 | /* Did we transfer less than the minimum amount required? */ |
891 | if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) && |
892 | scsi_bufflen(cmd: srb) - scsi_get_resid(cmd: srb) < srb->underflow) |
893 | srb->result = DID_ERROR << 16; |
894 | |
895 | last_sector_hacks(us, srb); |
896 | return; |
897 | |
898 | /* |
899 | * Error and abort processing: try to resynchronize with the device |
900 | * by issuing a port reset. If that fails, try a class-specific |
901 | * device reset. |
902 | */ |
903 | Handle_Errors: |
904 | |
905 | /* |
906 | * Set the RESETTING bit, and clear the ABORTING bit so that |
907 | * the reset may proceed. |
908 | */ |
909 | scsi_lock(us_to_host(us)); |
910 | set_bit(US_FLIDX_RESETTING, addr: &us->dflags); |
911 | clear_bit(US_FLIDX_ABORTING, addr: &us->dflags); |
912 | scsi_unlock(us_to_host(us)); |
913 | |
914 | /* |
915 | * We must release the device lock because the pre_reset routine |
916 | * will want to acquire it. |
917 | */ |
918 | mutex_unlock(lock: &us->dev_mutex); |
919 | result = usb_stor_port_reset(us); |
920 | mutex_lock(&us->dev_mutex); |
921 | |
922 | if (result < 0) { |
923 | scsi_lock(us_to_host(us)); |
924 | usb_stor_report_device_reset(us); |
925 | scsi_unlock(us_to_host(us)); |
926 | us->transport_reset(us); |
927 | } |
928 | clear_bit(US_FLIDX_RESETTING, addr: &us->dflags); |
929 | last_sector_hacks(us, srb); |
930 | } |
931 | |
932 | /* Stop the current URB transfer */ |
933 | void usb_stor_stop_transport(struct us_data *us) |
934 | { |
935 | /* |
936 | * If the state machine is blocked waiting for an URB, |
937 | * let's wake it up. The test_and_clear_bit() call |
938 | * guarantees that if a URB has just been submitted, |
939 | * it won't be cancelled more than once. |
940 | */ |
941 | if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags)) { |
942 | usb_stor_dbg(us, fmt: "-- cancelling URB\n" ); |
943 | usb_unlink_urb(urb: us->current_urb); |
944 | } |
945 | |
946 | /* If we are waiting for a scatter-gather operation, cancel it. */ |
947 | if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags)) { |
948 | usb_stor_dbg(us, fmt: "-- cancelling sg request\n" ); |
949 | usb_sg_cancel(io: &us->current_sg); |
950 | } |
951 | } |
952 | |
953 | /* |
954 | * Control/Bulk and Control/Bulk/Interrupt transport |
955 | */ |
956 | |
957 | int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us) |
958 | { |
959 | unsigned int transfer_length = scsi_bufflen(cmd: srb); |
960 | unsigned int pipe = 0; |
961 | int result; |
962 | |
963 | /* COMMAND STAGE */ |
964 | /* let's send the command via the control pipe */ |
965 | /* |
966 | * Command is sometime (f.e. after scsi_eh_prep_cmnd) on the stack. |
967 | * Stack may be vmallocated. So no DMA for us. Make a copy. |
968 | */ |
969 | memcpy(us->iobuf, srb->cmnd, srb->cmd_len); |
970 | result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe, |
971 | US_CBI_ADSC, |
972 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0, |
973 | us->ifnum, us->iobuf, srb->cmd_len); |
974 | |
975 | /* check the return code for the command */ |
976 | usb_stor_dbg(us, fmt: "Call to usb_stor_ctrl_transfer() returned %d\n" , |
977 | result); |
978 | |
979 | /* if we stalled the command, it means command failed */ |
980 | if (result == USB_STOR_XFER_STALLED) { |
981 | return USB_STOR_TRANSPORT_FAILED; |
982 | } |
983 | |
984 | /* Uh oh... serious problem here */ |
985 | if (result != USB_STOR_XFER_GOOD) { |
986 | return USB_STOR_TRANSPORT_ERROR; |
987 | } |
988 | |
989 | /* DATA STAGE */ |
990 | /* transfer the data payload for this command, if one exists*/ |
991 | if (transfer_length) { |
992 | pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? |
993 | us->recv_bulk_pipe : us->send_bulk_pipe; |
994 | result = usb_stor_bulk_srb(us, pipe, srb); |
995 | usb_stor_dbg(us, fmt: "CBI data stage result is 0x%x\n" , result); |
996 | |
997 | /* if we stalled the data transfer it means command failed */ |
998 | if (result == USB_STOR_XFER_STALLED) |
999 | return USB_STOR_TRANSPORT_FAILED; |
1000 | if (result > USB_STOR_XFER_STALLED) |
1001 | return USB_STOR_TRANSPORT_ERROR; |
1002 | } |
1003 | |
1004 | /* STATUS STAGE */ |
1005 | |
1006 | /* |
1007 | * NOTE: CB does not have a status stage. Silly, I know. So |
1008 | * we have to catch this at a higher level. |
1009 | */ |
1010 | if (us->protocol != USB_PR_CBI) |
1011 | return USB_STOR_TRANSPORT_GOOD; |
1012 | |
1013 | result = usb_stor_intr_transfer(us, buf: us->iobuf, length: 2); |
1014 | usb_stor_dbg(us, fmt: "Got interrupt data (0x%x, 0x%x)\n" , |
1015 | us->iobuf[0], us->iobuf[1]); |
1016 | if (result != USB_STOR_XFER_GOOD) |
1017 | return USB_STOR_TRANSPORT_ERROR; |
1018 | |
1019 | /* |
1020 | * UFI gives us ASC and ASCQ, like a request sense |
1021 | * |
1022 | * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI |
1023 | * devices, so we ignore the information for those commands. Note |
1024 | * that this means we could be ignoring a real error on these |
1025 | * commands, but that can't be helped. |
1026 | */ |
1027 | if (us->subclass == USB_SC_UFI) { |
1028 | if (srb->cmnd[0] == REQUEST_SENSE || |
1029 | srb->cmnd[0] == INQUIRY) |
1030 | return USB_STOR_TRANSPORT_GOOD; |
1031 | if (us->iobuf[0]) |
1032 | goto Failed; |
1033 | return USB_STOR_TRANSPORT_GOOD; |
1034 | } |
1035 | |
1036 | /* |
1037 | * If not UFI, we interpret the data as a result code |
1038 | * The first byte should always be a 0x0. |
1039 | * |
1040 | * Some bogus devices don't follow that rule. They stuff the ASC |
1041 | * into the first byte -- so if it's non-zero, call it a failure. |
1042 | */ |
1043 | if (us->iobuf[0]) { |
1044 | usb_stor_dbg(us, fmt: "CBI IRQ data showed reserved bType 0x%x\n" , |
1045 | us->iobuf[0]); |
1046 | goto Failed; |
1047 | |
1048 | } |
1049 | |
1050 | /* The second byte & 0x0F should be 0x0 for good, otherwise error */ |
1051 | switch (us->iobuf[1] & 0x0F) { |
1052 | case 0x00: |
1053 | return USB_STOR_TRANSPORT_GOOD; |
1054 | case 0x01: |
1055 | goto Failed; |
1056 | } |
1057 | return USB_STOR_TRANSPORT_ERROR; |
1058 | |
1059 | /* |
1060 | * the CBI spec requires that the bulk pipe must be cleared |
1061 | * following any data-in/out command failure (section 2.4.3.1.3) |
1062 | */ |
1063 | Failed: |
1064 | if (pipe) |
1065 | usb_stor_clear_halt(us, pipe); |
1066 | return USB_STOR_TRANSPORT_FAILED; |
1067 | } |
1068 | EXPORT_SYMBOL_GPL(usb_stor_CB_transport); |
1069 | |
1070 | /* |
1071 | * Bulk only transport |
1072 | */ |
1073 | |
1074 | /* Determine what the maximum LUN supported is */ |
1075 | int usb_stor_Bulk_max_lun(struct us_data *us) |
1076 | { |
1077 | int result; |
1078 | |
1079 | /* issue the command */ |
1080 | us->iobuf[0] = 0; |
1081 | result = usb_stor_control_msg(us, us->recv_ctrl_pipe, |
1082 | US_BULK_GET_MAX_LUN, |
1083 | USB_DIR_IN | USB_TYPE_CLASS | |
1084 | USB_RECIP_INTERFACE, |
1085 | 0, us->ifnum, us->iobuf, 1, 10*HZ); |
1086 | |
1087 | usb_stor_dbg(us, fmt: "GetMaxLUN command result is %d, data is %d\n" , |
1088 | result, us->iobuf[0]); |
1089 | |
1090 | /* |
1091 | * If we have a successful request, return the result if valid. The |
1092 | * CBW LUN field is 4 bits wide, so the value reported by the device |
1093 | * should fit into that. |
1094 | */ |
1095 | if (result > 0) { |
1096 | if (us->iobuf[0] < 16) { |
1097 | return us->iobuf[0]; |
1098 | } else { |
1099 | dev_info(&us->pusb_intf->dev, |
1100 | "Max LUN %d is not valid, using 0 instead" , |
1101 | us->iobuf[0]); |
1102 | } |
1103 | } |
1104 | |
1105 | /* |
1106 | * Some devices don't like GetMaxLUN. They may STALL the control |
1107 | * pipe, they may return a zero-length result, they may do nothing at |
1108 | * all and timeout, or they may fail in even more bizarrely creative |
1109 | * ways. In these cases the best approach is to use the default |
1110 | * value: only one LUN. |
1111 | */ |
1112 | return 0; |
1113 | } |
1114 | |
1115 | int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us) |
1116 | { |
1117 | struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf; |
1118 | struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf; |
1119 | unsigned int transfer_length = scsi_bufflen(cmd: srb); |
1120 | unsigned int residue; |
1121 | int result; |
1122 | int fake_sense = 0; |
1123 | unsigned int cswlen; |
1124 | unsigned int cbwlen = US_BULK_CB_WRAP_LEN; |
1125 | |
1126 | /* Take care of BULK32 devices; set extra byte to 0 */ |
1127 | if (unlikely(us->fflags & US_FL_BULK32)) { |
1128 | cbwlen = 32; |
1129 | us->iobuf[31] = 0; |
1130 | } |
1131 | |
1132 | /* set up the command wrapper */ |
1133 | bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN); |
1134 | bcb->DataTransferLength = cpu_to_le32(transfer_length); |
1135 | bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ? |
1136 | US_BULK_FLAG_IN : 0; |
1137 | bcb->Tag = ++us->tag; |
1138 | bcb->Lun = srb->device->lun; |
1139 | if (us->fflags & US_FL_SCM_MULT_TARG) |
1140 | bcb->Lun |= srb->device->id << 4; |
1141 | bcb->Length = srb->cmd_len; |
1142 | |
1143 | /* copy the command payload */ |
1144 | memset(bcb->CDB, 0, sizeof(bcb->CDB)); |
1145 | memcpy(bcb->CDB, srb->cmnd, bcb->Length); |
1146 | |
1147 | /* send it to out endpoint */ |
1148 | usb_stor_dbg(us, fmt: "Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n" , |
1149 | le32_to_cpu(bcb->Signature), bcb->Tag, |
1150 | le32_to_cpu(bcb->DataTransferLength), bcb->Flags, |
1151 | (bcb->Lun >> 4), (bcb->Lun & 0x0F), |
1152 | bcb->Length); |
1153 | result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, |
1154 | bcb, cbwlen, NULL); |
1155 | usb_stor_dbg(us, fmt: "Bulk command transfer result=%d\n" , result); |
1156 | if (result != USB_STOR_XFER_GOOD) |
1157 | return USB_STOR_TRANSPORT_ERROR; |
1158 | |
1159 | /* DATA STAGE */ |
1160 | /* send/receive data payload, if there is any */ |
1161 | |
1162 | /* |
1163 | * Some USB-IDE converter chips need a 100us delay between the |
1164 | * command phase and the data phase. Some devices need a little |
1165 | * more than that, probably because of clock rate inaccuracies. |
1166 | */ |
1167 | if (unlikely(us->fflags & US_FL_GO_SLOW)) |
1168 | usleep_range(min: 125, max: 150); |
1169 | |
1170 | if (transfer_length) { |
1171 | unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? |
1172 | us->recv_bulk_pipe : us->send_bulk_pipe; |
1173 | result = usb_stor_bulk_srb(us, pipe, srb); |
1174 | usb_stor_dbg(us, fmt: "Bulk data transfer result 0x%x\n" , result); |
1175 | if (result == USB_STOR_XFER_ERROR) |
1176 | return USB_STOR_TRANSPORT_ERROR; |
1177 | |
1178 | /* |
1179 | * If the device tried to send back more data than the |
1180 | * amount requested, the spec requires us to transfer |
1181 | * the CSW anyway. Since there's no point retrying |
1182 | * the command, we'll return fake sense data indicating |
1183 | * Illegal Request, Invalid Field in CDB. |
1184 | */ |
1185 | if (result == USB_STOR_XFER_LONG) |
1186 | fake_sense = 1; |
1187 | |
1188 | /* |
1189 | * Sometimes a device will mistakenly skip the data phase |
1190 | * and go directly to the status phase without sending a |
1191 | * zero-length packet. If we get a 13-byte response here, |
1192 | * check whether it really is a CSW. |
1193 | */ |
1194 | if (result == USB_STOR_XFER_SHORT && |
1195 | srb->sc_data_direction == DMA_FROM_DEVICE && |
1196 | transfer_length - scsi_get_resid(cmd: srb) == |
1197 | US_BULK_CS_WRAP_LEN) { |
1198 | struct scatterlist *sg = NULL; |
1199 | unsigned int offset = 0; |
1200 | |
1201 | if (usb_stor_access_xfer_buf(buffer: (unsigned char *) bcs, |
1202 | US_BULK_CS_WRAP_LEN, srb, &sg, |
1203 | offset: &offset, dir: FROM_XFER_BUF) == |
1204 | US_BULK_CS_WRAP_LEN && |
1205 | bcs->Signature == |
1206 | cpu_to_le32(US_BULK_CS_SIGN)) { |
1207 | usb_stor_dbg(us, fmt: "Device skipped data phase\n" ); |
1208 | scsi_set_resid(cmd: srb, resid: transfer_length); |
1209 | goto skipped_data_phase; |
1210 | } |
1211 | } |
1212 | } |
1213 | |
1214 | /* |
1215 | * See flow chart on pg 15 of the Bulk Only Transport spec for |
1216 | * an explanation of how this code works. |
1217 | */ |
1218 | |
1219 | /* get CSW for device status */ |
1220 | usb_stor_dbg(us, fmt: "Attempting to get CSW...\n" ); |
1221 | result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, |
1222 | bcs, US_BULK_CS_WRAP_LEN, &cswlen); |
1223 | |
1224 | /* |
1225 | * Some broken devices add unnecessary zero-length packets to the |
1226 | * end of their data transfers. Such packets show up as 0-length |
1227 | * CSWs. If we encounter such a thing, try to read the CSW again. |
1228 | */ |
1229 | if (result == USB_STOR_XFER_SHORT && cswlen == 0) { |
1230 | usb_stor_dbg(us, fmt: "Received 0-length CSW; retrying...\n" ); |
1231 | result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, |
1232 | bcs, US_BULK_CS_WRAP_LEN, &cswlen); |
1233 | } |
1234 | |
1235 | /* did the attempt to read the CSW fail? */ |
1236 | if (result == USB_STOR_XFER_STALLED) { |
1237 | |
1238 | /* get the status again */ |
1239 | usb_stor_dbg(us, fmt: "Attempting to get CSW (2nd try)...\n" ); |
1240 | result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe, |
1241 | bcs, US_BULK_CS_WRAP_LEN, NULL); |
1242 | } |
1243 | |
1244 | /* if we still have a failure at this point, we're in trouble */ |
1245 | usb_stor_dbg(us, fmt: "Bulk status result = %d\n" , result); |
1246 | if (result != USB_STOR_XFER_GOOD) |
1247 | return USB_STOR_TRANSPORT_ERROR; |
1248 | |
1249 | skipped_data_phase: |
1250 | /* check bulk status */ |
1251 | residue = le32_to_cpu(bcs->Residue); |
1252 | usb_stor_dbg(us, fmt: "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n" , |
1253 | le32_to_cpu(bcs->Signature), bcs->Tag, |
1254 | residue, bcs->Status); |
1255 | if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) || |
1256 | bcs->Status > US_BULK_STAT_PHASE) { |
1257 | usb_stor_dbg(us, fmt: "Bulk logical error\n" ); |
1258 | return USB_STOR_TRANSPORT_ERROR; |
1259 | } |
1260 | |
1261 | /* |
1262 | * Some broken devices report odd signatures, so we do not check them |
1263 | * for validity against the spec. We store the first one we see, |
1264 | * and check subsequent transfers for validity against this signature. |
1265 | */ |
1266 | if (!us->bcs_signature) { |
1267 | us->bcs_signature = bcs->Signature; |
1268 | if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN)) |
1269 | usb_stor_dbg(us, fmt: "Learnt BCS signature 0x%08X\n" , |
1270 | le32_to_cpu(us->bcs_signature)); |
1271 | } else if (bcs->Signature != us->bcs_signature) { |
1272 | usb_stor_dbg(us, fmt: "Signature mismatch: got %08X, expecting %08X\n" , |
1273 | le32_to_cpu(bcs->Signature), |
1274 | le32_to_cpu(us->bcs_signature)); |
1275 | return USB_STOR_TRANSPORT_ERROR; |
1276 | } |
1277 | |
1278 | /* |
1279 | * try to compute the actual residue, based on how much data |
1280 | * was really transferred and what the device tells us |
1281 | */ |
1282 | if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) { |
1283 | |
1284 | /* |
1285 | * Heuristically detect devices that generate bogus residues |
1286 | * by seeing what happens with INQUIRY and READ CAPACITY |
1287 | * commands. |
1288 | */ |
1289 | if (bcs->Status == US_BULK_STAT_OK && |
1290 | scsi_get_resid(cmd: srb) == 0 && |
1291 | ((srb->cmnd[0] == INQUIRY && |
1292 | transfer_length == 36) || |
1293 | (srb->cmnd[0] == READ_CAPACITY && |
1294 | transfer_length == 8))) { |
1295 | us->fflags |= US_FL_IGNORE_RESIDUE; |
1296 | |
1297 | } else { |
1298 | residue = min(residue, transfer_length); |
1299 | scsi_set_resid(cmd: srb, max(scsi_get_resid(srb), residue)); |
1300 | } |
1301 | } |
1302 | |
1303 | /* based on the status code, we report good or bad */ |
1304 | switch (bcs->Status) { |
1305 | case US_BULK_STAT_OK: |
1306 | /* device babbled -- return fake sense data */ |
1307 | if (fake_sense) { |
1308 | memcpy(srb->sense_buffer, |
1309 | usb_stor_sense_invalidCDB, |
1310 | sizeof(usb_stor_sense_invalidCDB)); |
1311 | return USB_STOR_TRANSPORT_NO_SENSE; |
1312 | } |
1313 | |
1314 | /* command good -- note that data could be short */ |
1315 | return USB_STOR_TRANSPORT_GOOD; |
1316 | |
1317 | case US_BULK_STAT_FAIL: |
1318 | /* command failed */ |
1319 | return USB_STOR_TRANSPORT_FAILED; |
1320 | |
1321 | case US_BULK_STAT_PHASE: |
1322 | /* |
1323 | * phase error -- note that a transport reset will be |
1324 | * invoked by the invoke_transport() function |
1325 | */ |
1326 | return USB_STOR_TRANSPORT_ERROR; |
1327 | } |
1328 | |
1329 | /* we should never get here, but if we do, we're in trouble */ |
1330 | return USB_STOR_TRANSPORT_ERROR; |
1331 | } |
1332 | EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport); |
1333 | |
1334 | /*********************************************************************** |
1335 | * Reset routines |
1336 | ***********************************************************************/ |
1337 | |
1338 | /* |
1339 | * This is the common part of the device reset code. |
1340 | * |
1341 | * It's handy that every transport mechanism uses the control endpoint for |
1342 | * resets. |
1343 | * |
1344 | * Basically, we send a reset with a 5-second timeout, so we don't get |
1345 | * jammed attempting to do the reset. |
1346 | */ |
1347 | static int usb_stor_reset_common(struct us_data *us, |
1348 | u8 request, u8 requesttype, |
1349 | u16 value, u16 index, void *data, u16 size) |
1350 | { |
1351 | int result; |
1352 | int result2; |
1353 | |
1354 | if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { |
1355 | usb_stor_dbg(us, fmt: "No reset during disconnect\n" ); |
1356 | return -EIO; |
1357 | } |
1358 | |
1359 | result = usb_stor_control_msg(us, us->send_ctrl_pipe, |
1360 | request, requesttype, value, index, data, size, |
1361 | 5*HZ); |
1362 | if (result < 0) { |
1363 | usb_stor_dbg(us, fmt: "Soft reset failed: %d\n" , result); |
1364 | return result; |
1365 | } |
1366 | |
1367 | /* |
1368 | * Give the device some time to recover from the reset, |
1369 | * but don't delay disconnect processing. |
1370 | */ |
1371 | wait_event_interruptible_timeout(us->delay_wait, |
1372 | test_bit(US_FLIDX_DISCONNECTING, &us->dflags), |
1373 | HZ*6); |
1374 | if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { |
1375 | usb_stor_dbg(us, fmt: "Reset interrupted by disconnect\n" ); |
1376 | return -EIO; |
1377 | } |
1378 | |
1379 | usb_stor_dbg(us, fmt: "Soft reset: clearing bulk-in endpoint halt\n" ); |
1380 | result = usb_stor_clear_halt(us, us->recv_bulk_pipe); |
1381 | |
1382 | usb_stor_dbg(us, fmt: "Soft reset: clearing bulk-out endpoint halt\n" ); |
1383 | result2 = usb_stor_clear_halt(us, us->send_bulk_pipe); |
1384 | |
1385 | /* return a result code based on the result of the clear-halts */ |
1386 | if (result >= 0) |
1387 | result = result2; |
1388 | if (result < 0) |
1389 | usb_stor_dbg(us, fmt: "Soft reset failed\n" ); |
1390 | else |
1391 | usb_stor_dbg(us, fmt: "Soft reset done\n" ); |
1392 | return result; |
1393 | } |
1394 | |
1395 | /* This issues a CB[I] Reset to the device in question */ |
1396 | #define CB_RESET_CMD_SIZE 12 |
1397 | |
1398 | int usb_stor_CB_reset(struct us_data *us) |
1399 | { |
1400 | memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE); |
1401 | us->iobuf[0] = SEND_DIAGNOSTIC; |
1402 | us->iobuf[1] = 4; |
1403 | return usb_stor_reset_common(us, US_CBI_ADSC, |
1404 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, |
1405 | value: 0, index: us->ifnum, data: us->iobuf, CB_RESET_CMD_SIZE); |
1406 | } |
1407 | EXPORT_SYMBOL_GPL(usb_stor_CB_reset); |
1408 | |
1409 | /* |
1410 | * This issues a Bulk-only Reset to the device in question, including |
1411 | * clearing the subsequent endpoint halts that may occur. |
1412 | */ |
1413 | int usb_stor_Bulk_reset(struct us_data *us) |
1414 | { |
1415 | return usb_stor_reset_common(us, US_BULK_RESET_REQUEST, |
1416 | USB_TYPE_CLASS | USB_RECIP_INTERFACE, |
1417 | value: 0, index: us->ifnum, NULL, size: 0); |
1418 | } |
1419 | EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset); |
1420 | |
1421 | /* |
1422 | * Issue a USB port reset to the device. The caller must not hold |
1423 | * us->dev_mutex. |
1424 | */ |
1425 | int usb_stor_port_reset(struct us_data *us) |
1426 | { |
1427 | int result; |
1428 | |
1429 | /*for these devices we must use the class specific method */ |
1430 | if (us->pusb_dev->quirks & USB_QUIRK_RESET) |
1431 | return -EPERM; |
1432 | |
1433 | result = usb_lock_device_for_reset(udev: us->pusb_dev, iface: us->pusb_intf); |
1434 | if (result < 0) |
1435 | usb_stor_dbg(us, fmt: "unable to lock device for reset: %d\n" , |
1436 | result); |
1437 | else { |
1438 | /* Were we disconnected while waiting for the lock? */ |
1439 | if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) { |
1440 | result = -EIO; |
1441 | usb_stor_dbg(us, fmt: "No reset during disconnect\n" ); |
1442 | } else { |
1443 | result = usb_reset_device(dev: us->pusb_dev); |
1444 | usb_stor_dbg(us, fmt: "usb_reset_device returns %d\n" , |
1445 | result); |
1446 | } |
1447 | usb_unlock_device(us->pusb_dev); |
1448 | } |
1449 | return result; |
1450 | } |
1451 | |