1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Driver for USB Mass Storage compliant devices
4 *
5 * Current development and maintenance by:
6 * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
7 *
8 * Developed with the assistance of:
9 * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10 * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
11 * (c) 2002 Alan Stern <stern@rowland.org>
12 *
13 * Initial work by:
14 * (c) 1999 Michael Gee (michael@linuxspecific.com)
15 *
16 * This driver is based on the 'USB Mass Storage Class' document. This
17 * describes in detail the protocol used to communicate with such
18 * devices. Clearly, the designers had SCSI and ATAPI commands in
19 * mind when they created this document. The commands are all very
20 * similar to commands in the SCSI-II and ATAPI specifications.
21 *
22 * It is important to note that in a number of cases this class
23 * exhibits class-specific exemptions from the USB specification.
24 * Notably the usage of NAK, STALL and ACK differs from the norm, in
25 * that they are used to communicate wait, failed and OK on commands.
26 *
27 * Also, for certain devices, the interrupt endpoint is used to convey
28 * status of a command.
29 */
30
31#include <linux/sched.h>
32#include <linux/gfp.h>
33#include <linux/errno.h>
34#include <linux/export.h>
35
36#include <linux/usb/quirks.h>
37
38#include <scsi/scsi.h>
39#include <scsi/scsi_eh.h>
40#include <scsi/scsi_device.h>
41
42#include "usb.h"
43#include "transport.h"
44#include "protocol.h"
45#include "scsiglue.h"
46#include "debug.h"
47
48#include <linux/blkdev.h>
49#include "../../scsi/sd.h"
50
51
52/***********************************************************************
53 * Data transfer routines
54 ***********************************************************************/
55
56/*
57 * This is subtle, so pay attention:
58 * ---------------------------------
59 * We're very concerned about races with a command abort. Hanging this code
60 * is a sure fire way to hang the kernel. (Note that this discussion applies
61 * only to transactions resulting from a scsi queued-command, since only
62 * these transactions are subject to a scsi abort. Other transactions, such
63 * as those occurring during device-specific initialization, must be handled
64 * by a separate code path.)
65 *
66 * The abort function (usb_storage_command_abort() in scsiglue.c) first
67 * sets the machine state and the ABORTING bit in us->dflags to prevent
68 * new URBs from being submitted. It then calls usb_stor_stop_transport()
69 * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags
70 * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE
71 * bit is tested to see if the current_sg scatter-gather request needs to be
72 * stopped. The timeout callback routine does much the same thing.
73 *
74 * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to
75 * prevent new URBs from being submitted, and usb_stor_stop_transport() is
76 * called to stop any ongoing requests.
77 *
78 * The submit function first verifies that the submitting is allowed
79 * (neither ABORTING nor DISCONNECTING bits are set) and that the submit
80 * completes without errors, and only then sets the URB_ACTIVE bit. This
81 * prevents the stop_transport() function from trying to cancel the URB
82 * while the submit call is underway. Next, the submit function must test
83 * the flags to see if an abort or disconnect occurred during the submission
84 * or before the URB_ACTIVE bit was set. If so, it's essential to cancel
85 * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit
86 * is still set). Either way, the function must then wait for the URB to
87 * finish. Note that the URB can still be in progress even after a call to
88 * usb_unlink_urb() returns.
89 *
90 * The idea is that (1) once the ABORTING or DISCONNECTING bit is set,
91 * either the stop_transport() function or the submitting function
92 * is guaranteed to call usb_unlink_urb() for an active URB,
93 * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being
94 * called more than once or from being called during usb_submit_urb().
95 */
96
97/*
98 * This is the completion handler which will wake us up when an URB
99 * completes.
100 */
101static void usb_stor_blocking_completion(struct urb *urb)
102{
103 struct completion *urb_done_ptr = urb->context;
104
105 complete(urb_done_ptr);
106}
107
108/*
109 * This is the common part of the URB message submission code
110 *
111 * All URBs from the usb-storage driver involved in handling a queued scsi
112 * command _must_ pass through this function (or something like it) for the
113 * abort mechanisms to work properly.
114 */
115static int usb_stor_msg_common(struct us_data *us, int timeout)
116{
117 struct completion urb_done;
118 long timeleft;
119 int status;
120
121 /* don't submit URBs during abort processing */
122 if (test_bit(US_FLIDX_ABORTING, &us->dflags))
123 return -EIO;
124
125 /* set up data structures for the wakeup system */
126 init_completion(x: &urb_done);
127
128 /* fill the common fields in the URB */
129 us->current_urb->context = &urb_done;
130 us->current_urb->transfer_flags = 0;
131
132 /*
133 * we assume that if transfer_buffer isn't us->iobuf then it
134 * hasn't been mapped for DMA. Yes, this is clunky, but it's
135 * easier than always having the caller tell us whether the
136 * transfer buffer has already been mapped.
137 */
138 if (us->current_urb->transfer_buffer == us->iobuf)
139 us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
140 us->current_urb->transfer_dma = us->iobuf_dma;
141
142 /* submit the URB */
143 status = usb_submit_urb(urb: us->current_urb, GFP_NOIO);
144 if (status) {
145 /* something went wrong */
146 return status;
147 }
148
149 /*
150 * since the URB has been submitted successfully, it's now okay
151 * to cancel it
152 */
153 set_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags);
154
155 /* did an abort occur during the submission? */
156 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
157
158 /* cancel the URB, if it hasn't been cancelled already */
159 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags)) {
160 usb_stor_dbg(us, fmt: "-- cancelling URB\n");
161 usb_unlink_urb(urb: us->current_urb);
162 }
163 }
164
165 /* wait for the completion of the URB */
166 timeleft = wait_for_completion_interruptible_timeout(
167 x: &urb_done, timeout: timeout ? : MAX_SCHEDULE_TIMEOUT);
168
169 clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags);
170
171 if (timeleft <= 0) {
172 usb_stor_dbg(us, fmt: "%s -- cancelling URB\n",
173 timeleft == 0 ? "Timeout" : "Signal");
174 usb_kill_urb(urb: us->current_urb);
175 }
176
177 /* return the URB status */
178 return us->current_urb->status;
179}
180
181/*
182 * Transfer one control message, with timeouts, and allowing early
183 * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx.
184 */
185int usb_stor_control_msg(struct us_data *us, unsigned int pipe,
186 u8 request, u8 requesttype, u16 value, u16 index,
187 void *data, u16 size, int timeout)
188{
189 int status;
190
191 usb_stor_dbg(us, fmt: "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
192 request, requesttype, value, index, size);
193
194 /* fill in the devrequest structure */
195 us->cr->bRequestType = requesttype;
196 us->cr->bRequest = request;
197 us->cr->wValue = cpu_to_le16(value);
198 us->cr->wIndex = cpu_to_le16(index);
199 us->cr->wLength = cpu_to_le16(size);
200
201 /* fill and submit the URB */
202 usb_fill_control_urb(urb: us->current_urb, dev: us->pusb_dev, pipe,
203 setup_packet: (unsigned char*) us->cr, transfer_buffer: data, buffer_length: size,
204 complete_fn: usb_stor_blocking_completion, NULL);
205 status = usb_stor_msg_common(us, timeout);
206
207 /* return the actual length of the data transferred if no error */
208 if (status == 0)
209 status = us->current_urb->actual_length;
210 return status;
211}
212EXPORT_SYMBOL_GPL(usb_stor_control_msg);
213
214/*
215 * This is a version of usb_clear_halt() that allows early termination and
216 * doesn't read the status from the device -- this is because some devices
217 * crash their internal firmware when the status is requested after a halt.
218 *
219 * A definitive list of these 'bad' devices is too difficult to maintain or
220 * make complete enough to be useful. This problem was first observed on the
221 * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither
222 * MacOS nor Windows checks the status after clearing a halt.
223 *
224 * Since many vendors in this space limit their testing to interoperability
225 * with these two OSes, specification violations like this one are common.
226 */
227int usb_stor_clear_halt(struct us_data *us, unsigned int pipe)
228{
229 int result;
230 int endp = usb_pipeendpoint(pipe);
231
232 if (usb_pipein (pipe))
233 endp |= USB_DIR_IN;
234
235 result = usb_stor_control_msg(us, us->send_ctrl_pipe,
236 USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT,
237 USB_ENDPOINT_HALT, endp,
238 NULL, 0, 3*HZ);
239
240 if (result >= 0)
241 usb_reset_endpoint(dev: us->pusb_dev, epaddr: endp);
242
243 usb_stor_dbg(us, fmt: "result = %d\n", result);
244 return result;
245}
246EXPORT_SYMBOL_GPL(usb_stor_clear_halt);
247
248
249/*
250 * Interpret the results of a URB transfer
251 *
252 * This function prints appropriate debugging messages, clears halts on
253 * non-control endpoints, and translates the status to the corresponding
254 * USB_STOR_XFER_xxx return code.
255 */
256static int interpret_urb_result(struct us_data *us, unsigned int pipe,
257 unsigned int length, int result, unsigned int partial)
258{
259 usb_stor_dbg(us, fmt: "Status code %d; transferred %u/%u\n",
260 result, partial, length);
261 switch (result) {
262
263 /* no error code; did we send all the data? */
264 case 0:
265 if (partial != length) {
266 usb_stor_dbg(us, fmt: "-- short transfer\n");
267 return USB_STOR_XFER_SHORT;
268 }
269
270 usb_stor_dbg(us, fmt: "-- transfer complete\n");
271 return USB_STOR_XFER_GOOD;
272
273 /* stalled */
274 case -EPIPE:
275 /*
276 * for control endpoints, (used by CB[I]) a stall indicates
277 * a failed command
278 */
279 if (usb_pipecontrol(pipe)) {
280 usb_stor_dbg(us, fmt: "-- stall on control pipe\n");
281 return USB_STOR_XFER_STALLED;
282 }
283
284 /* for other sorts of endpoint, clear the stall */
285 usb_stor_dbg(us, fmt: "clearing endpoint halt for pipe 0x%x\n",
286 pipe);
287 if (usb_stor_clear_halt(us, pipe) < 0)
288 return USB_STOR_XFER_ERROR;
289 return USB_STOR_XFER_STALLED;
290
291 /* babble - the device tried to send more than we wanted to read */
292 case -EOVERFLOW:
293 usb_stor_dbg(us, fmt: "-- babble\n");
294 return USB_STOR_XFER_LONG;
295
296 /* the transfer was cancelled by abort, disconnect, or timeout */
297 case -ECONNRESET:
298 usb_stor_dbg(us, fmt: "-- transfer cancelled\n");
299 return USB_STOR_XFER_ERROR;
300
301 /* short scatter-gather read transfer */
302 case -EREMOTEIO:
303 usb_stor_dbg(us, fmt: "-- short read transfer\n");
304 return USB_STOR_XFER_SHORT;
305
306 /* abort or disconnect in progress */
307 case -EIO:
308 usb_stor_dbg(us, fmt: "-- abort or disconnect in progress\n");
309 return USB_STOR_XFER_ERROR;
310
311 /* the catch-all error case */
312 default:
313 usb_stor_dbg(us, fmt: "-- unknown error\n");
314 return USB_STOR_XFER_ERROR;
315 }
316}
317
318/*
319 * Transfer one control message, without timeouts, but allowing early
320 * termination. Return codes are USB_STOR_XFER_xxx.
321 */
322int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe,
323 u8 request, u8 requesttype, u16 value, u16 index,
324 void *data, u16 size)
325{
326 int result;
327
328 usb_stor_dbg(us, fmt: "rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
329 request, requesttype, value, index, size);
330
331 /* fill in the devrequest structure */
332 us->cr->bRequestType = requesttype;
333 us->cr->bRequest = request;
334 us->cr->wValue = cpu_to_le16(value);
335 us->cr->wIndex = cpu_to_le16(index);
336 us->cr->wLength = cpu_to_le16(size);
337
338 /* fill and submit the URB */
339 usb_fill_control_urb(urb: us->current_urb, dev: us->pusb_dev, pipe,
340 setup_packet: (unsigned char*) us->cr, transfer_buffer: data, buffer_length: size,
341 complete_fn: usb_stor_blocking_completion, NULL);
342 result = usb_stor_msg_common(us, timeout: 0);
343
344 return interpret_urb_result(us, pipe, length: size, result,
345 partial: us->current_urb->actual_length);
346}
347EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer);
348
349/*
350 * Receive one interrupt buffer, without timeouts, but allowing early
351 * termination. Return codes are USB_STOR_XFER_xxx.
352 *
353 * This routine always uses us->recv_intr_pipe as the pipe and
354 * us->ep_bInterval as the interrupt interval.
355 */
356static int usb_stor_intr_transfer(struct us_data *us, void *buf,
357 unsigned int length)
358{
359 int result;
360 unsigned int pipe = us->recv_intr_pipe;
361 unsigned int maxp;
362
363 usb_stor_dbg(us, fmt: "xfer %u bytes\n", length);
364
365 /* calculate the max packet size */
366 maxp = usb_maxpacket(udev: us->pusb_dev, pipe);
367 if (maxp > length)
368 maxp = length;
369
370 /* fill and submit the URB */
371 usb_fill_int_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, transfer_buffer: buf,
372 buffer_length: maxp, complete_fn: usb_stor_blocking_completion, NULL,
373 interval: us->ep_bInterval);
374 result = usb_stor_msg_common(us, timeout: 0);
375
376 return interpret_urb_result(us, pipe, length, result,
377 partial: us->current_urb->actual_length);
378}
379
380/*
381 * Transfer one buffer via bulk pipe, without timeouts, but allowing early
382 * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe
383 * stalls during the transfer, the halt is automatically cleared.
384 */
385int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe,
386 void *buf, unsigned int length, unsigned int *act_len)
387{
388 int result;
389
390 usb_stor_dbg(us, fmt: "xfer %u bytes\n", length);
391
392 /* fill and submit the URB */
393 usb_fill_bulk_urb(urb: us->current_urb, dev: us->pusb_dev, pipe, transfer_buffer: buf, buffer_length: length,
394 complete_fn: usb_stor_blocking_completion, NULL);
395 result = usb_stor_msg_common(us, timeout: 0);
396
397 /* store the actual length of the data transferred */
398 if (act_len)
399 *act_len = us->current_urb->actual_length;
400 return interpret_urb_result(us, pipe, length, result,
401 partial: us->current_urb->actual_length);
402}
403EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf);
404
405/*
406 * Transfer a scatter-gather list via bulk transfer
407 *
408 * This function does basically the same thing as usb_stor_bulk_transfer_buf()
409 * above, but it uses the usbcore scatter-gather library.
410 */
411static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe,
412 struct scatterlist *sg, int num_sg, unsigned int length,
413 unsigned int *act_len)
414{
415 int result;
416
417 /* don't submit s-g requests during abort processing */
418 if (test_bit(US_FLIDX_ABORTING, &us->dflags))
419 goto usb_stor_xfer_error;
420
421 /* initialize the scatter-gather request block */
422 usb_stor_dbg(us, fmt: "xfer %u bytes, %d entries\n", length, num_sg);
423 result = usb_sg_init(io: &us->current_sg, dev: us->pusb_dev, pipe, period: 0,
424 sg, nents: num_sg, length, GFP_NOIO);
425 if (result) {
426 usb_stor_dbg(us, fmt: "usb_sg_init returned %d\n", result);
427 goto usb_stor_xfer_error;
428 }
429
430 /*
431 * since the block has been initialized successfully, it's now
432 * okay to cancel it
433 */
434 set_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags);
435
436 /* did an abort occur during the submission? */
437 if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
438
439 /* cancel the request, if it hasn't been cancelled already */
440 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags)) {
441 usb_stor_dbg(us, fmt: "-- cancelling sg request\n");
442 usb_sg_cancel(io: &us->current_sg);
443 }
444 }
445
446 /* wait for the completion of the transfer */
447 usb_sg_wait(io: &us->current_sg);
448 clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags);
449
450 result = us->current_sg.status;
451 if (act_len)
452 *act_len = us->current_sg.bytes;
453 return interpret_urb_result(us, pipe, length, result,
454 partial: us->current_sg.bytes);
455
456usb_stor_xfer_error:
457 if (act_len)
458 *act_len = 0;
459 return USB_STOR_XFER_ERROR;
460}
461
462/*
463 * Common used function. Transfer a complete command
464 * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid
465 */
466int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe,
467 struct scsi_cmnd* srb)
468{
469 unsigned int partial;
470 int result = usb_stor_bulk_transfer_sglist(us, pipe, sg: scsi_sglist(cmd: srb),
471 num_sg: scsi_sg_count(cmd: srb), length: scsi_bufflen(cmd: srb),
472 act_len: &partial);
473
474 scsi_set_resid(cmd: srb, resid: scsi_bufflen(cmd: srb) - partial);
475 return result;
476}
477EXPORT_SYMBOL_GPL(usb_stor_bulk_srb);
478
479/*
480 * Transfer an entire SCSI command's worth of data payload over the bulk
481 * pipe.
482 *
483 * Note that this uses usb_stor_bulk_transfer_buf() and
484 * usb_stor_bulk_transfer_sglist() to achieve its goals --
485 * this function simply determines whether we're going to use
486 * scatter-gather or not, and acts appropriately.
487 */
488int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe,
489 void *buf, unsigned int length_left, int use_sg, int *residual)
490{
491 int result;
492 unsigned int partial;
493
494 /* are we scatter-gathering? */
495 if (use_sg) {
496 /* use the usb core scatter-gather primitives */
497 result = usb_stor_bulk_transfer_sglist(us, pipe,
498 sg: (struct scatterlist *) buf, num_sg: use_sg,
499 length: length_left, act_len: &partial);
500 length_left -= partial;
501 } else {
502 /* no scatter-gather, just make the request */
503 result = usb_stor_bulk_transfer_buf(us, pipe, buf,
504 length_left, &partial);
505 length_left -= partial;
506 }
507
508 /* store the residual and return the error code */
509 if (residual)
510 *residual = length_left;
511 return result;
512}
513EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg);
514
515/***********************************************************************
516 * Transport routines
517 ***********************************************************************/
518
519/*
520 * There are so many devices that report the capacity incorrectly,
521 * this routine was written to counteract some of the resulting
522 * problems.
523 */
524static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb)
525{
526 struct gendisk *disk;
527 struct scsi_disk *sdkp;
528 u32 sector;
529
530 /* To Report "Medium Error: Record Not Found */
531 static unsigned char record_not_found[18] = {
532 [0] = 0x70, /* current error */
533 [2] = MEDIUM_ERROR, /* = 0x03 */
534 [7] = 0x0a, /* additional length */
535 [12] = 0x14 /* Record Not Found */
536 };
537
538 /*
539 * If last-sector problems can't occur, whether because the
540 * capacity was already decremented or because the device is
541 * known to report the correct capacity, then we don't need
542 * to do anything.
543 */
544 if (!us->use_last_sector_hacks)
545 return;
546
547 /* Was this command a READ(10) or a WRITE(10)? */
548 if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10)
549 goto done;
550
551 /* Did this command access the last sector? */
552 sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) |
553 (srb->cmnd[4] << 8) | (srb->cmnd[5]);
554 disk = scsi_cmd_to_rq(scmd: srb)->q->disk;
555 if (!disk)
556 goto done;
557 sdkp = scsi_disk(disk);
558 if (!sdkp)
559 goto done;
560 if (sector + 1 != sdkp->capacity)
561 goto done;
562
563 if (srb->result == SAM_STAT_GOOD && scsi_get_resid(cmd: srb) == 0) {
564
565 /*
566 * The command succeeded. We know this device doesn't
567 * have the last-sector bug, so stop checking it.
568 */
569 us->use_last_sector_hacks = 0;
570
571 } else {
572 /*
573 * The command failed. Allow up to 3 retries in case this
574 * is some normal sort of failure. After that, assume the
575 * capacity is wrong and we're trying to access the sector
576 * beyond the end. Replace the result code and sense data
577 * with values that will cause the SCSI core to fail the
578 * command immediately, instead of going into an infinite
579 * (or even just a very long) retry loop.
580 */
581 if (++us->last_sector_retries < 3)
582 return;
583 srb->result = SAM_STAT_CHECK_CONDITION;
584 memcpy(srb->sense_buffer, record_not_found,
585 sizeof(record_not_found));
586 }
587
588 done:
589 /*
590 * Don't reset the retry counter for TEST UNIT READY commands,
591 * because they get issued after device resets which might be
592 * caused by a failed last-sector access.
593 */
594 if (srb->cmnd[0] != TEST_UNIT_READY)
595 us->last_sector_retries = 0;
596}
597
598/*
599 * Invoke the transport and basic error-handling/recovery methods
600 *
601 * This is used by the protocol layers to actually send the message to
602 * the device and receive the response.
603 */
604void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us)
605{
606 int need_auto_sense;
607 int result;
608
609 /* send the command to the transport layer */
610 scsi_set_resid(cmd: srb, resid: 0);
611 result = us->transport(srb, us);
612
613 /*
614 * if the command gets aborted by the higher layers, we need to
615 * short-circuit all other processing
616 */
617 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
618 usb_stor_dbg(us, fmt: "-- command was aborted\n");
619 srb->result = DID_ABORT << 16;
620 goto Handle_Errors;
621 }
622
623 /* if there is a transport error, reset and don't auto-sense */
624 if (result == USB_STOR_TRANSPORT_ERROR) {
625 usb_stor_dbg(us, fmt: "-- transport indicates error, resetting\n");
626 srb->result = DID_ERROR << 16;
627 goto Handle_Errors;
628 }
629
630 /* if the transport provided its own sense data, don't auto-sense */
631 if (result == USB_STOR_TRANSPORT_NO_SENSE) {
632 srb->result = SAM_STAT_CHECK_CONDITION;
633 last_sector_hacks(us, srb);
634 return;
635 }
636
637 srb->result = SAM_STAT_GOOD;
638
639 /*
640 * Determine if we need to auto-sense
641 *
642 * I normally don't use a flag like this, but it's almost impossible
643 * to understand what's going on here if I don't.
644 */
645 need_auto_sense = 0;
646
647 /*
648 * If we're running the CB transport, which is incapable
649 * of determining status on its own, we will auto-sense
650 * unless the operation involved a data-in transfer. Devices
651 * can signal most data-in errors by stalling the bulk-in pipe.
652 */
653 if ((us->protocol == USB_PR_CB || us->protocol == USB_PR_DPCM_USB) &&
654 srb->sc_data_direction != DMA_FROM_DEVICE) {
655 usb_stor_dbg(us, fmt: "-- CB transport device requiring auto-sense\n");
656 need_auto_sense = 1;
657 }
658
659 /* Some devices (Kindle) require another command after SYNC CACHE */
660 if ((us->fflags & US_FL_SENSE_AFTER_SYNC) &&
661 srb->cmnd[0] == SYNCHRONIZE_CACHE) {
662 usb_stor_dbg(us, fmt: "-- sense after SYNC CACHE\n");
663 need_auto_sense = 1;
664 }
665
666 /*
667 * If we have a failure, we're going to do a REQUEST_SENSE
668 * automatically. Note that we differentiate between a command
669 * "failure" and an "error" in the transport mechanism.
670 */
671 if (result == USB_STOR_TRANSPORT_FAILED) {
672 usb_stor_dbg(us, fmt: "-- transport indicates command failure\n");
673 need_auto_sense = 1;
674 }
675
676 /*
677 * Determine if this device is SAT by seeing if the
678 * command executed successfully. Otherwise we'll have
679 * to wait for at least one CHECK_CONDITION to determine
680 * SANE_SENSE support
681 */
682 if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) &&
683 result == USB_STOR_TRANSPORT_GOOD &&
684 !(us->fflags & US_FL_SANE_SENSE) &&
685 !(us->fflags & US_FL_BAD_SENSE) &&
686 !(srb->cmnd[2] & 0x20))) {
687 usb_stor_dbg(us, fmt: "-- SAT supported, increasing auto-sense\n");
688 us->fflags |= US_FL_SANE_SENSE;
689 }
690
691 /*
692 * A short transfer on a command where we don't expect it
693 * is unusual, but it doesn't mean we need to auto-sense.
694 */
695 if ((scsi_get_resid(cmd: srb) > 0) &&
696 !((srb->cmnd[0] == REQUEST_SENSE) ||
697 (srb->cmnd[0] == INQUIRY) ||
698 (srb->cmnd[0] == MODE_SENSE) ||
699 (srb->cmnd[0] == LOG_SENSE) ||
700 (srb->cmnd[0] == MODE_SENSE_10))) {
701 usb_stor_dbg(us, fmt: "-- unexpectedly short transfer\n");
702 }
703
704 /* Now, if we need to do the auto-sense, let's do it */
705 if (need_auto_sense) {
706 int temp_result;
707 struct scsi_eh_save ses;
708 int sense_size = US_SENSE_SIZE;
709 struct scsi_sense_hdr sshdr;
710 const u8 *scdd;
711 u8 fm_ili;
712
713 /* device supports and needs bigger sense buffer */
714 if (us->fflags & US_FL_SANE_SENSE)
715 sense_size = ~0;
716Retry_Sense:
717 usb_stor_dbg(us, fmt: "Issuing auto-REQUEST_SENSE\n");
718
719 scsi_eh_prep_cmnd(scmd: srb, ses: &ses, NULL, cmnd_size: 0, sense_bytes: sense_size);
720
721 /* FIXME: we must do the protocol translation here */
722 if (us->subclass == USB_SC_RBC || us->subclass == USB_SC_SCSI ||
723 us->subclass == USB_SC_CYP_ATACB)
724 srb->cmd_len = 6;
725 else
726 srb->cmd_len = 12;
727
728 /* issue the auto-sense command */
729 scsi_set_resid(cmd: srb, resid: 0);
730 temp_result = us->transport(us->srb, us);
731
732 /* let's clean up right away */
733 scsi_eh_restore_cmnd(scmd: srb, ses: &ses);
734
735 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
736 usb_stor_dbg(us, fmt: "-- auto-sense aborted\n");
737 srb->result = DID_ABORT << 16;
738
739 /* If SANE_SENSE caused this problem, disable it */
740 if (sense_size != US_SENSE_SIZE) {
741 us->fflags &= ~US_FL_SANE_SENSE;
742 us->fflags |= US_FL_BAD_SENSE;
743 }
744 goto Handle_Errors;
745 }
746
747 /*
748 * Some devices claim to support larger sense but fail when
749 * trying to request it. When a transport failure happens
750 * using US_FS_SANE_SENSE, we always retry with a standard
751 * (small) sense request. This fixes some USB GSM modems
752 */
753 if (temp_result == USB_STOR_TRANSPORT_FAILED &&
754 sense_size != US_SENSE_SIZE) {
755 usb_stor_dbg(us, fmt: "-- auto-sense failure, retry small sense\n");
756 sense_size = US_SENSE_SIZE;
757 us->fflags &= ~US_FL_SANE_SENSE;
758 us->fflags |= US_FL_BAD_SENSE;
759 goto Retry_Sense;
760 }
761
762 /* Other failures */
763 if (temp_result != USB_STOR_TRANSPORT_GOOD) {
764 usb_stor_dbg(us, fmt: "-- auto-sense failure\n");
765
766 /*
767 * we skip the reset if this happens to be a
768 * multi-target device, since failure of an
769 * auto-sense is perfectly valid
770 */
771 srb->result = DID_ERROR << 16;
772 if (!(us->fflags & US_FL_SCM_MULT_TARG))
773 goto Handle_Errors;
774 return;
775 }
776
777 /*
778 * If the sense data returned is larger than 18-bytes then we
779 * assume this device supports requesting more in the future.
780 * The response code must be 70h through 73h inclusive.
781 */
782 if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) &&
783 !(us->fflags & US_FL_SANE_SENSE) &&
784 !(us->fflags & US_FL_BAD_SENSE) &&
785 (srb->sense_buffer[0] & 0x7C) == 0x70) {
786 usb_stor_dbg(us, fmt: "-- SANE_SENSE support enabled\n");
787 us->fflags |= US_FL_SANE_SENSE;
788
789 /*
790 * Indicate to the user that we truncated their sense
791 * because we didn't know it supported larger sense.
792 */
793 usb_stor_dbg(us, fmt: "-- Sense data truncated to %i from %i\n",
794 US_SENSE_SIZE,
795 srb->sense_buffer[7] + 8);
796 srb->sense_buffer[7] = (US_SENSE_SIZE - 8);
797 }
798
799 scsi_normalize_sense(sense_buffer: srb->sense_buffer, SCSI_SENSE_BUFFERSIZE,
800 sshdr: &sshdr);
801
802 usb_stor_dbg(us, fmt: "-- Result from auto-sense is %d\n",
803 temp_result);
804 usb_stor_dbg(us, fmt: "-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
805 sshdr.response_code, sshdr.sense_key,
806 sshdr.asc, sshdr.ascq);
807#ifdef CONFIG_USB_STORAGE_DEBUG
808 usb_stor_show_sense(us, key: sshdr.sense_key, asc: sshdr.asc, ascq: sshdr.ascq);
809#endif
810
811 /* set the result so the higher layers expect this data */
812 srb->result = SAM_STAT_CHECK_CONDITION;
813
814 scdd = scsi_sense_desc_find(sense_buffer: srb->sense_buffer,
815 SCSI_SENSE_BUFFERSIZE, desc_type: 4);
816 fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0;
817
818 /*
819 * We often get empty sense data. This could indicate that
820 * everything worked or that there was an unspecified
821 * problem. We have to decide which.
822 */
823 if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 &&
824 fm_ili == 0) {
825 /*
826 * If things are really okay, then let's show that.
827 * Zero out the sense buffer so the higher layers
828 * won't realize we did an unsolicited auto-sense.
829 */
830 if (result == USB_STOR_TRANSPORT_GOOD) {
831 srb->result = SAM_STAT_GOOD;
832 srb->sense_buffer[0] = 0x0;
833 }
834
835 /*
836 * ATA-passthru commands use sense data to report
837 * the command completion status, and often devices
838 * return Check Condition status when nothing is
839 * wrong.
840 */
841 else if (srb->cmnd[0] == ATA_16 ||
842 srb->cmnd[0] == ATA_12) {
843 /* leave the data alone */
844 }
845
846 /*
847 * If there was a problem, report an unspecified
848 * hardware error to prevent the higher layers from
849 * entering an infinite retry loop.
850 */
851 else {
852 srb->result = DID_ERROR << 16;
853 if ((sshdr.response_code & 0x72) == 0x72)
854 srb->sense_buffer[1] = HARDWARE_ERROR;
855 else
856 srb->sense_buffer[2] = HARDWARE_ERROR;
857 }
858 }
859 }
860
861 /*
862 * Some devices don't work or return incorrect data the first
863 * time they get a READ(10) command, or for the first READ(10)
864 * after a media change. If the INITIAL_READ10 flag is set,
865 * keep track of whether READ(10) commands succeed. If the
866 * previous one succeeded and this one failed, set the REDO_READ10
867 * flag to force a retry.
868 */
869 if (unlikely((us->fflags & US_FL_INITIAL_READ10) &&
870 srb->cmnd[0] == READ_10)) {
871 if (srb->result == SAM_STAT_GOOD) {
872 set_bit(US_FLIDX_READ10_WORKED, addr: &us->dflags);
873 } else if (test_bit(US_FLIDX_READ10_WORKED, &us->dflags)) {
874 clear_bit(US_FLIDX_READ10_WORKED, addr: &us->dflags);
875 set_bit(US_FLIDX_REDO_READ10, addr: &us->dflags);
876 }
877
878 /*
879 * Next, if the REDO_READ10 flag is set, return a result
880 * code that will cause the SCSI core to retry the READ(10)
881 * command immediately.
882 */
883 if (test_bit(US_FLIDX_REDO_READ10, &us->dflags)) {
884 clear_bit(US_FLIDX_REDO_READ10, addr: &us->dflags);
885 srb->result = DID_IMM_RETRY << 16;
886 srb->sense_buffer[0] = 0;
887 }
888 }
889
890 /* Did we transfer less than the minimum amount required? */
891 if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) &&
892 scsi_bufflen(cmd: srb) - scsi_get_resid(cmd: srb) < srb->underflow)
893 srb->result = DID_ERROR << 16;
894
895 last_sector_hacks(us, srb);
896 return;
897
898 /*
899 * Error and abort processing: try to resynchronize with the device
900 * by issuing a port reset. If that fails, try a class-specific
901 * device reset.
902 */
903 Handle_Errors:
904
905 /*
906 * Set the RESETTING bit, and clear the ABORTING bit so that
907 * the reset may proceed.
908 */
909 scsi_lock(us_to_host(us));
910 set_bit(US_FLIDX_RESETTING, addr: &us->dflags);
911 clear_bit(US_FLIDX_ABORTING, addr: &us->dflags);
912 scsi_unlock(us_to_host(us));
913
914 /*
915 * We must release the device lock because the pre_reset routine
916 * will want to acquire it.
917 */
918 mutex_unlock(lock: &us->dev_mutex);
919 result = usb_stor_port_reset(us);
920 mutex_lock(&us->dev_mutex);
921
922 if (result < 0) {
923 scsi_lock(us_to_host(us));
924 usb_stor_report_device_reset(us);
925 scsi_unlock(us_to_host(us));
926 us->transport_reset(us);
927 }
928 clear_bit(US_FLIDX_RESETTING, addr: &us->dflags);
929 last_sector_hacks(us, srb);
930}
931
932/* Stop the current URB transfer */
933void usb_stor_stop_transport(struct us_data *us)
934{
935 /*
936 * If the state machine is blocked waiting for an URB,
937 * let's wake it up. The test_and_clear_bit() call
938 * guarantees that if a URB has just been submitted,
939 * it won't be cancelled more than once.
940 */
941 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, addr: &us->dflags)) {
942 usb_stor_dbg(us, fmt: "-- cancelling URB\n");
943 usb_unlink_urb(urb: us->current_urb);
944 }
945
946 /* If we are waiting for a scatter-gather operation, cancel it. */
947 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, addr: &us->dflags)) {
948 usb_stor_dbg(us, fmt: "-- cancelling sg request\n");
949 usb_sg_cancel(io: &us->current_sg);
950 }
951}
952
953/*
954 * Control/Bulk and Control/Bulk/Interrupt transport
955 */
956
957int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us)
958{
959 unsigned int transfer_length = scsi_bufflen(cmd: srb);
960 unsigned int pipe = 0;
961 int result;
962
963 /* COMMAND STAGE */
964 /* let's send the command via the control pipe */
965 /*
966 * Command is sometime (f.e. after scsi_eh_prep_cmnd) on the stack.
967 * Stack may be vmallocated. So no DMA for us. Make a copy.
968 */
969 memcpy(us->iobuf, srb->cmnd, srb->cmd_len);
970 result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
971 US_CBI_ADSC,
972 USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0,
973 us->ifnum, us->iobuf, srb->cmd_len);
974
975 /* check the return code for the command */
976 usb_stor_dbg(us, fmt: "Call to usb_stor_ctrl_transfer() returned %d\n",
977 result);
978
979 /* if we stalled the command, it means command failed */
980 if (result == USB_STOR_XFER_STALLED) {
981 return USB_STOR_TRANSPORT_FAILED;
982 }
983
984 /* Uh oh... serious problem here */
985 if (result != USB_STOR_XFER_GOOD) {
986 return USB_STOR_TRANSPORT_ERROR;
987 }
988
989 /* DATA STAGE */
990 /* transfer the data payload for this command, if one exists*/
991 if (transfer_length) {
992 pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
993 us->recv_bulk_pipe : us->send_bulk_pipe;
994 result = usb_stor_bulk_srb(us, pipe, srb);
995 usb_stor_dbg(us, fmt: "CBI data stage result is 0x%x\n", result);
996
997 /* if we stalled the data transfer it means command failed */
998 if (result == USB_STOR_XFER_STALLED)
999 return USB_STOR_TRANSPORT_FAILED;
1000 if (result > USB_STOR_XFER_STALLED)
1001 return USB_STOR_TRANSPORT_ERROR;
1002 }
1003
1004 /* STATUS STAGE */
1005
1006 /*
1007 * NOTE: CB does not have a status stage. Silly, I know. So
1008 * we have to catch this at a higher level.
1009 */
1010 if (us->protocol != USB_PR_CBI)
1011 return USB_STOR_TRANSPORT_GOOD;
1012
1013 result = usb_stor_intr_transfer(us, buf: us->iobuf, length: 2);
1014 usb_stor_dbg(us, fmt: "Got interrupt data (0x%x, 0x%x)\n",
1015 us->iobuf[0], us->iobuf[1]);
1016 if (result != USB_STOR_XFER_GOOD)
1017 return USB_STOR_TRANSPORT_ERROR;
1018
1019 /*
1020 * UFI gives us ASC and ASCQ, like a request sense
1021 *
1022 * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
1023 * devices, so we ignore the information for those commands. Note
1024 * that this means we could be ignoring a real error on these
1025 * commands, but that can't be helped.
1026 */
1027 if (us->subclass == USB_SC_UFI) {
1028 if (srb->cmnd[0] == REQUEST_SENSE ||
1029 srb->cmnd[0] == INQUIRY)
1030 return USB_STOR_TRANSPORT_GOOD;
1031 if (us->iobuf[0])
1032 goto Failed;
1033 return USB_STOR_TRANSPORT_GOOD;
1034 }
1035
1036 /*
1037 * If not UFI, we interpret the data as a result code
1038 * The first byte should always be a 0x0.
1039 *
1040 * Some bogus devices don't follow that rule. They stuff the ASC
1041 * into the first byte -- so if it's non-zero, call it a failure.
1042 */
1043 if (us->iobuf[0]) {
1044 usb_stor_dbg(us, fmt: "CBI IRQ data showed reserved bType 0x%x\n",
1045 us->iobuf[0]);
1046 goto Failed;
1047
1048 }
1049
1050 /* The second byte & 0x0F should be 0x0 for good, otherwise error */
1051 switch (us->iobuf[1] & 0x0F) {
1052 case 0x00:
1053 return USB_STOR_TRANSPORT_GOOD;
1054 case 0x01:
1055 goto Failed;
1056 }
1057 return USB_STOR_TRANSPORT_ERROR;
1058
1059 /*
1060 * the CBI spec requires that the bulk pipe must be cleared
1061 * following any data-in/out command failure (section 2.4.3.1.3)
1062 */
1063 Failed:
1064 if (pipe)
1065 usb_stor_clear_halt(us, pipe);
1066 return USB_STOR_TRANSPORT_FAILED;
1067}
1068EXPORT_SYMBOL_GPL(usb_stor_CB_transport);
1069
1070/*
1071 * Bulk only transport
1072 */
1073
1074/* Determine what the maximum LUN supported is */
1075int usb_stor_Bulk_max_lun(struct us_data *us)
1076{
1077 int result;
1078
1079 /* issue the command */
1080 us->iobuf[0] = 0;
1081 result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
1082 US_BULK_GET_MAX_LUN,
1083 USB_DIR_IN | USB_TYPE_CLASS |
1084 USB_RECIP_INTERFACE,
1085 0, us->ifnum, us->iobuf, 1, 10*HZ);
1086
1087 usb_stor_dbg(us, fmt: "GetMaxLUN command result is %d, data is %d\n",
1088 result, us->iobuf[0]);
1089
1090 /*
1091 * If we have a successful request, return the result if valid. The
1092 * CBW LUN field is 4 bits wide, so the value reported by the device
1093 * should fit into that.
1094 */
1095 if (result > 0) {
1096 if (us->iobuf[0] < 16) {
1097 return us->iobuf[0];
1098 } else {
1099 dev_info(&us->pusb_intf->dev,
1100 "Max LUN %d is not valid, using 0 instead",
1101 us->iobuf[0]);
1102 }
1103 }
1104
1105 /*
1106 * Some devices don't like GetMaxLUN. They may STALL the control
1107 * pipe, they may return a zero-length result, they may do nothing at
1108 * all and timeout, or they may fail in even more bizarrely creative
1109 * ways. In these cases the best approach is to use the default
1110 * value: only one LUN.
1111 */
1112 return 0;
1113}
1114
1115int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us)
1116{
1117 struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf;
1118 struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf;
1119 unsigned int transfer_length = scsi_bufflen(cmd: srb);
1120 unsigned int residue;
1121 int result;
1122 int fake_sense = 0;
1123 unsigned int cswlen;
1124 unsigned int cbwlen = US_BULK_CB_WRAP_LEN;
1125
1126 /* Take care of BULK32 devices; set extra byte to 0 */
1127 if (unlikely(us->fflags & US_FL_BULK32)) {
1128 cbwlen = 32;
1129 us->iobuf[31] = 0;
1130 }
1131
1132 /* set up the command wrapper */
1133 bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
1134 bcb->DataTransferLength = cpu_to_le32(transfer_length);
1135 bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ?
1136 US_BULK_FLAG_IN : 0;
1137 bcb->Tag = ++us->tag;
1138 bcb->Lun = srb->device->lun;
1139 if (us->fflags & US_FL_SCM_MULT_TARG)
1140 bcb->Lun |= srb->device->id << 4;
1141 bcb->Length = srb->cmd_len;
1142
1143 /* copy the command payload */
1144 memset(bcb->CDB, 0, sizeof(bcb->CDB));
1145 memcpy(bcb->CDB, srb->cmnd, bcb->Length);
1146
1147 /* send it to out endpoint */
1148 usb_stor_dbg(us, fmt: "Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n",
1149 le32_to_cpu(bcb->Signature), bcb->Tag,
1150 le32_to_cpu(bcb->DataTransferLength), bcb->Flags,
1151 (bcb->Lun >> 4), (bcb->Lun & 0x0F),
1152 bcb->Length);
1153 result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
1154 bcb, cbwlen, NULL);
1155 usb_stor_dbg(us, fmt: "Bulk command transfer result=%d\n", result);
1156 if (result != USB_STOR_XFER_GOOD)
1157 return USB_STOR_TRANSPORT_ERROR;
1158
1159 /* DATA STAGE */
1160 /* send/receive data payload, if there is any */
1161
1162 /*
1163 * Some USB-IDE converter chips need a 100us delay between the
1164 * command phase and the data phase. Some devices need a little
1165 * more than that, probably because of clock rate inaccuracies.
1166 */
1167 if (unlikely(us->fflags & US_FL_GO_SLOW))
1168 usleep_range(min: 125, max: 150);
1169
1170 if (transfer_length) {
1171 unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
1172 us->recv_bulk_pipe : us->send_bulk_pipe;
1173 result = usb_stor_bulk_srb(us, pipe, srb);
1174 usb_stor_dbg(us, fmt: "Bulk data transfer result 0x%x\n", result);
1175 if (result == USB_STOR_XFER_ERROR)
1176 return USB_STOR_TRANSPORT_ERROR;
1177
1178 /*
1179 * If the device tried to send back more data than the
1180 * amount requested, the spec requires us to transfer
1181 * the CSW anyway. Since there's no point retrying
1182 * the command, we'll return fake sense data indicating
1183 * Illegal Request, Invalid Field in CDB.
1184 */
1185 if (result == USB_STOR_XFER_LONG)
1186 fake_sense = 1;
1187
1188 /*
1189 * Sometimes a device will mistakenly skip the data phase
1190 * and go directly to the status phase without sending a
1191 * zero-length packet. If we get a 13-byte response here,
1192 * check whether it really is a CSW.
1193 */
1194 if (result == USB_STOR_XFER_SHORT &&
1195 srb->sc_data_direction == DMA_FROM_DEVICE &&
1196 transfer_length - scsi_get_resid(cmd: srb) ==
1197 US_BULK_CS_WRAP_LEN) {
1198 struct scatterlist *sg = NULL;
1199 unsigned int offset = 0;
1200
1201 if (usb_stor_access_xfer_buf(buffer: (unsigned char *) bcs,
1202 US_BULK_CS_WRAP_LEN, srb, &sg,
1203 offset: &offset, dir: FROM_XFER_BUF) ==
1204 US_BULK_CS_WRAP_LEN &&
1205 bcs->Signature ==
1206 cpu_to_le32(US_BULK_CS_SIGN)) {
1207 usb_stor_dbg(us, fmt: "Device skipped data phase\n");
1208 scsi_set_resid(cmd: srb, resid: transfer_length);
1209 goto skipped_data_phase;
1210 }
1211 }
1212 }
1213
1214 /*
1215 * See flow chart on pg 15 of the Bulk Only Transport spec for
1216 * an explanation of how this code works.
1217 */
1218
1219 /* get CSW for device status */
1220 usb_stor_dbg(us, fmt: "Attempting to get CSW...\n");
1221 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1222 bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1223
1224 /*
1225 * Some broken devices add unnecessary zero-length packets to the
1226 * end of their data transfers. Such packets show up as 0-length
1227 * CSWs. If we encounter such a thing, try to read the CSW again.
1228 */
1229 if (result == USB_STOR_XFER_SHORT && cswlen == 0) {
1230 usb_stor_dbg(us, fmt: "Received 0-length CSW; retrying...\n");
1231 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1232 bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1233 }
1234
1235 /* did the attempt to read the CSW fail? */
1236 if (result == USB_STOR_XFER_STALLED) {
1237
1238 /* get the status again */
1239 usb_stor_dbg(us, fmt: "Attempting to get CSW (2nd try)...\n");
1240 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1241 bcs, US_BULK_CS_WRAP_LEN, NULL);
1242 }
1243
1244 /* if we still have a failure at this point, we're in trouble */
1245 usb_stor_dbg(us, fmt: "Bulk status result = %d\n", result);
1246 if (result != USB_STOR_XFER_GOOD)
1247 return USB_STOR_TRANSPORT_ERROR;
1248
1249 skipped_data_phase:
1250 /* check bulk status */
1251 residue = le32_to_cpu(bcs->Residue);
1252 usb_stor_dbg(us, fmt: "Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n",
1253 le32_to_cpu(bcs->Signature), bcs->Tag,
1254 residue, bcs->Status);
1255 if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) ||
1256 bcs->Status > US_BULK_STAT_PHASE) {
1257 usb_stor_dbg(us, fmt: "Bulk logical error\n");
1258 return USB_STOR_TRANSPORT_ERROR;
1259 }
1260
1261 /*
1262 * Some broken devices report odd signatures, so we do not check them
1263 * for validity against the spec. We store the first one we see,
1264 * and check subsequent transfers for validity against this signature.
1265 */
1266 if (!us->bcs_signature) {
1267 us->bcs_signature = bcs->Signature;
1268 if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN))
1269 usb_stor_dbg(us, fmt: "Learnt BCS signature 0x%08X\n",
1270 le32_to_cpu(us->bcs_signature));
1271 } else if (bcs->Signature != us->bcs_signature) {
1272 usb_stor_dbg(us, fmt: "Signature mismatch: got %08X, expecting %08X\n",
1273 le32_to_cpu(bcs->Signature),
1274 le32_to_cpu(us->bcs_signature));
1275 return USB_STOR_TRANSPORT_ERROR;
1276 }
1277
1278 /*
1279 * try to compute the actual residue, based on how much data
1280 * was really transferred and what the device tells us
1281 */
1282 if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) {
1283
1284 /*
1285 * Heuristically detect devices that generate bogus residues
1286 * by seeing what happens with INQUIRY and READ CAPACITY
1287 * commands.
1288 */
1289 if (bcs->Status == US_BULK_STAT_OK &&
1290 scsi_get_resid(cmd: srb) == 0 &&
1291 ((srb->cmnd[0] == INQUIRY &&
1292 transfer_length == 36) ||
1293 (srb->cmnd[0] == READ_CAPACITY &&
1294 transfer_length == 8))) {
1295 us->fflags |= US_FL_IGNORE_RESIDUE;
1296
1297 } else {
1298 residue = min(residue, transfer_length);
1299 scsi_set_resid(cmd: srb, max(scsi_get_resid(srb), residue));
1300 }
1301 }
1302
1303 /* based on the status code, we report good or bad */
1304 switch (bcs->Status) {
1305 case US_BULK_STAT_OK:
1306 /* device babbled -- return fake sense data */
1307 if (fake_sense) {
1308 memcpy(srb->sense_buffer,
1309 usb_stor_sense_invalidCDB,
1310 sizeof(usb_stor_sense_invalidCDB));
1311 return USB_STOR_TRANSPORT_NO_SENSE;
1312 }
1313
1314 /* command good -- note that data could be short */
1315 return USB_STOR_TRANSPORT_GOOD;
1316
1317 case US_BULK_STAT_FAIL:
1318 /* command failed */
1319 return USB_STOR_TRANSPORT_FAILED;
1320
1321 case US_BULK_STAT_PHASE:
1322 /*
1323 * phase error -- note that a transport reset will be
1324 * invoked by the invoke_transport() function
1325 */
1326 return USB_STOR_TRANSPORT_ERROR;
1327 }
1328
1329 /* we should never get here, but if we do, we're in trouble */
1330 return USB_STOR_TRANSPORT_ERROR;
1331}
1332EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport);
1333
1334/***********************************************************************
1335 * Reset routines
1336 ***********************************************************************/
1337
1338/*
1339 * This is the common part of the device reset code.
1340 *
1341 * It's handy that every transport mechanism uses the control endpoint for
1342 * resets.
1343 *
1344 * Basically, we send a reset with a 5-second timeout, so we don't get
1345 * jammed attempting to do the reset.
1346 */
1347static int usb_stor_reset_common(struct us_data *us,
1348 u8 request, u8 requesttype,
1349 u16 value, u16 index, void *data, u16 size)
1350{
1351 int result;
1352 int result2;
1353
1354 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1355 usb_stor_dbg(us, fmt: "No reset during disconnect\n");
1356 return -EIO;
1357 }
1358
1359 result = usb_stor_control_msg(us, us->send_ctrl_pipe,
1360 request, requesttype, value, index, data, size,
1361 5*HZ);
1362 if (result < 0) {
1363 usb_stor_dbg(us, fmt: "Soft reset failed: %d\n", result);
1364 return result;
1365 }
1366
1367 /*
1368 * Give the device some time to recover from the reset,
1369 * but don't delay disconnect processing.
1370 */
1371 wait_event_interruptible_timeout(us->delay_wait,
1372 test_bit(US_FLIDX_DISCONNECTING, &us->dflags),
1373 HZ*6);
1374 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1375 usb_stor_dbg(us, fmt: "Reset interrupted by disconnect\n");
1376 return -EIO;
1377 }
1378
1379 usb_stor_dbg(us, fmt: "Soft reset: clearing bulk-in endpoint halt\n");
1380 result = usb_stor_clear_halt(us, us->recv_bulk_pipe);
1381
1382 usb_stor_dbg(us, fmt: "Soft reset: clearing bulk-out endpoint halt\n");
1383 result2 = usb_stor_clear_halt(us, us->send_bulk_pipe);
1384
1385 /* return a result code based on the result of the clear-halts */
1386 if (result >= 0)
1387 result = result2;
1388 if (result < 0)
1389 usb_stor_dbg(us, fmt: "Soft reset failed\n");
1390 else
1391 usb_stor_dbg(us, fmt: "Soft reset done\n");
1392 return result;
1393}
1394
1395/* This issues a CB[I] Reset to the device in question */
1396#define CB_RESET_CMD_SIZE 12
1397
1398int usb_stor_CB_reset(struct us_data *us)
1399{
1400 memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE);
1401 us->iobuf[0] = SEND_DIAGNOSTIC;
1402 us->iobuf[1] = 4;
1403 return usb_stor_reset_common(us, US_CBI_ADSC,
1404 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1405 value: 0, index: us->ifnum, data: us->iobuf, CB_RESET_CMD_SIZE);
1406}
1407EXPORT_SYMBOL_GPL(usb_stor_CB_reset);
1408
1409/*
1410 * This issues a Bulk-only Reset to the device in question, including
1411 * clearing the subsequent endpoint halts that may occur.
1412 */
1413int usb_stor_Bulk_reset(struct us_data *us)
1414{
1415 return usb_stor_reset_common(us, US_BULK_RESET_REQUEST,
1416 USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1417 value: 0, index: us->ifnum, NULL, size: 0);
1418}
1419EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset);
1420
1421/*
1422 * Issue a USB port reset to the device. The caller must not hold
1423 * us->dev_mutex.
1424 */
1425int usb_stor_port_reset(struct us_data *us)
1426{
1427 int result;
1428
1429 /*for these devices we must use the class specific method */
1430 if (us->pusb_dev->quirks & USB_QUIRK_RESET)
1431 return -EPERM;
1432
1433 result = usb_lock_device_for_reset(udev: us->pusb_dev, iface: us->pusb_intf);
1434 if (result < 0)
1435 usb_stor_dbg(us, fmt: "unable to lock device for reset: %d\n",
1436 result);
1437 else {
1438 /* Were we disconnected while waiting for the lock? */
1439 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1440 result = -EIO;
1441 usb_stor_dbg(us, fmt: "No reset during disconnect\n");
1442 } else {
1443 result = usb_reset_device(dev: us->pusb_dev);
1444 usb_stor_dbg(us, fmt: "usb_reset_device returns %d\n",
1445 result);
1446 }
1447 usb_unlock_device(us->pusb_dev);
1448 }
1449 return result;
1450}
1451

source code of linux/drivers/usb/storage/transport.c