Line data Source code
1 : /* Driver for USB Mass Storage compliant devices
2 : *
3 : * Current development and maintenance by:
4 : * (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
5 : *
6 : * Developed with the assistance of:
7 : * (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
8 : * (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
9 : * (c) 2002 Alan Stern <stern@rowland.org>
10 : *
11 : * Initial work by:
12 : * (c) 1999 Michael Gee (michael@linuxspecific.com)
13 : *
14 : * This driver is based on the 'USB Mass Storage Class' document. This
15 : * describes in detail the protocol used to communicate with such
16 : * devices. Clearly, the designers had SCSI and ATAPI commands in
17 : * mind when they created this document. The commands are all very
18 : * similar to commands in the SCSI-II and ATAPI specifications.
19 : *
20 : * It is important to note that in a number of cases this class
21 : * exhibits class-specific exemptions from the USB specification.
22 : * Notably the usage of NAK, STALL and ACK differs from the norm, in
23 : * that they are used to communicate wait, failed and OK on commands.
24 : *
25 : * Also, for certain devices, the interrupt endpoint is used to convey
26 : * status of a command.
27 : *
28 : * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
29 : * information about this driver.
30 : *
31 : * This program is free software; you can redistribute it and/or modify it
32 : * under the terms of the GNU General Public License as published by the
33 : * Free Software Foundation; either version 2, or (at your option) any
34 : * later version.
35 : *
36 : * This program is distributed in the hope that it will be useful, but
37 : * WITHOUT ANY WARRANTY; without even the implied warranty of
38 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
39 : * General Public License for more details.
40 : *
41 : * You should have received a copy of the GNU General Public License along
42 : * with this program; if not, write to the Free Software Foundation, Inc.,
43 : * 675 Mass Ave, Cambridge, MA 02139, USA.
44 : */
45 :
46 : #include <linux/sched.h>
47 : #include <linux/errno.h>
48 : #include <linux/slab.h>
49 :
50 : #include <scsi/scsi.h>
51 : #include <scsi/scsi_eh.h>
52 : #include <scsi/scsi_device.h>
53 :
54 : #include "usb.h"
55 : #include "transport.h"
56 : #include "protocol.h"
57 : #include "scsiglue.h"
58 : #include "debug.h"
59 :
60 : #include <linux/blkdev.h>
61 : #include "../../scsi/sd.h"
62 :
63 :
64 : /***********************************************************************
65 : * Data transfer routines
66 : ***********************************************************************/
67 :
68 : /*
69 : * This is subtle, so pay attention:
70 : * ---------------------------------
71 : * We're very concerned about races with a command abort. Hanging this code
72 : * is a sure fire way to hang the kernel. (Note that this discussion applies
73 : * only to transactions resulting from a scsi queued-command, since only
74 : * these transactions are subject to a scsi abort. Other transactions, such
75 : * as those occurring during device-specific initialization, must be handled
76 : * by a separate code path.)
77 : *
78 : * The abort function (usb_storage_command_abort() in scsiglue.c) first
79 : * sets the machine state and the ABORTING bit in us->dflags to prevent
80 : * new URBs from being submitted. It then calls usb_stor_stop_transport()
81 : * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags
82 : * to see if the current_urb needs to be stopped. Likewise, the SG_ACTIVE
83 : * bit is tested to see if the current_sg scatter-gather request needs to be
84 : * stopped. The timeout callback routine does much the same thing.
85 : *
86 : * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to
87 : * prevent new URBs from being submitted, and usb_stor_stop_transport() is
88 : * called to stop any ongoing requests.
89 : *
90 : * The submit function first verifies that the submitting is allowed
91 : * (neither ABORTING nor DISCONNECTING bits are set) and that the submit
92 : * completes without errors, and only then sets the URB_ACTIVE bit. This
93 : * prevents the stop_transport() function from trying to cancel the URB
94 : * while the submit call is underway. Next, the submit function must test
95 : * the flags to see if an abort or disconnect occurred during the submission
96 : * or before the URB_ACTIVE bit was set. If so, it's essential to cancel
97 : * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit
98 : * is still set). Either way, the function must then wait for the URB to
99 : * finish. Note that the URB can still be in progress even after a call to
100 : * usb_unlink_urb() returns.
101 : *
102 : * The idea is that (1) once the ABORTING or DISCONNECTING bit is set,
103 : * either the stop_transport() function or the submitting function
104 : * is guaranteed to call usb_unlink_urb() for an active URB,
105 : * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being
106 : * called more than once or from being called during usb_submit_urb().
107 : */
108 :
109 : /* This is the completion handler which will wake us up when an URB
110 : * completes.
111 : */
112 : static void usb_stor_blocking_completion(struct urb *urb)
113 : {
114 0 : struct completion *urb_done_ptr = urb->context;
115 :
116 0 : complete(urb_done_ptr);
117 0 : }
118 :
119 : /* This is the common part of the URB message submission code
120 : *
121 : * All URBs from the usb-storage driver involved in handling a queued scsi
122 : * command _must_ pass through this function (or something like it) for the
123 : * abort mechanisms to work properly.
124 : */
125 : static int usb_stor_msg_common(struct us_data *us, int timeout)
126 : {
127 18 : struct completion urb_done;
128 18 : long timeleft;
129 18 : int status;
130 18 :
131 18 : /* don't submit URBs during abort processing */
132 90 : if (test_bit(US_FLIDX_ABORTING, &us->dflags))
133 36 : return -EIO;
134 :
135 : /* set up data structures for the wakeup system */
136 36 : init_completion(&urb_done);
137 :
138 : /* fill the common fields in the URB */
139 18 : us->current_urb->context = &urb_done;
140 18 : us->current_urb->actual_length = 0;
141 18 : us->current_urb->error_count = 0;
142 18 : us->current_urb->status = 0;
143 :
144 : /* we assume that if transfer_buffer isn't us->iobuf then it
145 : * hasn't been mapped for DMA. Yes, this is clunky, but it's
146 : * easier than always having the caller tell us whether the
147 : * transfer buffer has already been mapped. */
148 18 : us->current_urb->transfer_flags = URB_NO_SETUP_DMA_MAP;
149 72 : if (us->current_urb->transfer_buffer == us->iobuf)
150 18 : us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
151 18 : us->current_urb->transfer_dma = us->iobuf_dma;
152 18 : us->current_urb->setup_dma = us->cr_dma;
153 :
154 : /* submit the URB */
155 18 : status = usb_submit_urb(us->current_urb, GFP_NOIO);
156 36 : if (status) {
157 : /* something went wrong */
158 18 : return status;
159 : }
160 :
161 : /* since the URB has been submitted successfully, it's now okay
162 : * to cancel it */
163 36 : set_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
164 :
165 : /* did an abort occur during the submission? */
166 72 : if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
167 :
168 : /* cancel the URB, if it hasn't been cancelled already */
169 72 : if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
170 : US_DEBUGP("-- cancelling URB\n");
171 18 : usb_unlink_urb(us->current_urb);
172 : }
173 : }
174 :
175 : /* wait for the completion of the URB */
176 252 : timeleft = wait_for_completion_interruptible_timeout(
177 : &urb_done, timeout ? : MAX_SCHEDULE_TIMEOUT);
178 :
179 72 : clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
180 :
181 36 : if (timeleft <= 0) {
182 : US_DEBUGP("%s -- cancelling URB\n",
183 : timeleft == 0 ? "Timeout" : "Signal");
184 18 : usb_kill_urb(us->current_urb);
185 : }
186 :
187 : /* return the URB status */
188 18 : return us->current_urb->status;
189 : }
190 :
191 : /*
192 : * Transfer one control message, with timeouts, and allowing early
193 : * termination. Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx.
194 : */
195 : int usb_stor_control_msg(struct us_data *us, unsigned int pipe,
196 : u8 request, u8 requesttype, u16 value, u16 index,
197 : void *data, u16 size, int timeout)
198 10 : {
199 : int status;
200 :
201 : US_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
202 : __func__, request, requesttype,
203 : value, index, size);
204 :
205 : /* fill in the devrequest structure */
206 10 : us->cr->bRequestType = requesttype;
207 10 : us->cr->bRequest = request;
208 10 : us->cr->wValue = cpu_to_le16(value);
209 10 : us->cr->wIndex = cpu_to_le16(index);
210 10 : us->cr->wLength = cpu_to_le16(size);
211 :
212 : /* fill and submit the URB */
213 30 : usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe,
214 : (unsigned char*) us->cr, data, size,
215 : usb_stor_blocking_completion, NULL);
216 40 : status = usb_stor_msg_common(us, timeout);
217 :
218 : /* return the actual length of the data transferred if no error */
219 20 : if (status == 0)
220 20 : status = us->current_urb->actual_length;
221 10 : return status;
222 : }
223 : EXPORT_SYMBOL_GPL(usb_stor_control_msg);
224 :
225 : /* This is a version of usb_clear_halt() that allows early termination and
226 : * doesn't read the status from the device -- this is because some devices
227 : * crash their internal firmware when the status is requested after a halt.
228 : *
229 : * A definitive list of these 'bad' devices is too difficult to maintain or
230 : * make complete enough to be useful. This problem was first observed on the
231 : * Hagiwara FlashGate DUAL unit. However, bus traces reveal that neither
232 : * MacOS nor Windows checks the status after clearing a halt.
233 : *
234 : * Since many vendors in this space limit their testing to interoperability
235 : * with these two OSes, specification violations like this one are common.
236 : */
237 : int usb_stor_clear_halt(struct us_data *us, unsigned int pipe)
238 : {
239 8 : int result;
240 16 : int endp = usb_pipeendpoint(pipe);
241 :
242 16 : if (usb_pipein (pipe))
243 8 : endp |= USB_DIR_IN;
244 :
245 16 : result = usb_stor_control_msg(us, us->send_ctrl_pipe,
246 : USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT,
247 : USB_ENDPOINT_HALT, endp,
248 : NULL, 0, 3*HZ);
249 :
250 16 : if (result >= 0)
251 8 : usb_reset_endpoint(us->pusb_dev, endp);
252 :
253 : US_DEBUGP("%s: result = %d\n", __func__, result);
254 8 : return result;
255 : }
256 : EXPORT_SYMBOL_GPL(usb_stor_clear_halt);
257 :
258 :
259 : /*
260 : * Interpret the results of a URB transfer
261 : *
262 : * This function prints appropriate debugging messages, clears halts on
263 : * non-control endpoints, and translates the status to the corresponding
264 : * USB_STOR_XFER_xxx return code.
265 : */
266 : static int interpret_urb_result(struct us_data *us, unsigned int pipe,
267 : unsigned int length, int result, unsigned int partial)
268 : {
269 8 : US_DEBUGP("Status code %d; transferred %u/%u\n",
270 : result, partial, length);
271 : switch (result) {
272 :
273 : /* no error code; did we send all the data? */
274 24 : case 0:
275 16 : if (partial != length) {
276 : US_DEBUGP("-- short transfer\n");
277 8 : return USB_STOR_XFER_SHORT;
278 : }
279 :
280 : US_DEBUGP("-- transfer complete\n");
281 8 : return USB_STOR_XFER_GOOD;
282 8 :
283 : /* stalled */
284 24 : case -EPIPE:
285 : /* for control endpoints, (used by CB[I]) a stall indicates
286 : * a failed command */
287 16 : if (usb_pipecontrol(pipe)) {
288 : US_DEBUGP("-- stall on control pipe\n");
289 8 : return USB_STOR_XFER_STALLED;
290 : }
291 :
292 : /* for other sorts of endpoint, clear the stall */
293 : US_DEBUGP("clearing endpoint halt for pipe 0x%x\n", pipe);
294 32 : if (usb_stor_clear_halt(us, pipe) < 0)
295 8 : return USB_STOR_XFER_ERROR;
296 8 : return USB_STOR_XFER_STALLED;
297 8 :
298 : /* babble - the device tried to send more than we wanted to read */
299 24 : case -EOVERFLOW:
300 : US_DEBUGP("-- babble\n");
301 8 : return USB_STOR_XFER_LONG;
302 8 :
303 : /* the transfer was cancelled by abort, disconnect, or timeout */
304 24 : case -ECONNRESET:
305 : US_DEBUGP("-- transfer cancelled\n");
306 8 : return USB_STOR_XFER_ERROR;
307 8 :
308 : /* short scatter-gather read transfer */
309 24 : case -EREMOTEIO:
310 : US_DEBUGP("-- short read transfer\n");
311 8 : return USB_STOR_XFER_SHORT;
312 8 :
313 : /* abort or disconnect in progress */
314 24 : case -EIO:
315 : US_DEBUGP("-- abort or disconnect in progress\n");
316 8 : return USB_STOR_XFER_ERROR;
317 8 :
318 : /* the catch-all error case */
319 8 : default:
320 8 : US_DEBUGP("-- unknown error\n");
321 8 : return USB_STOR_XFER_ERROR;
322 : }
323 : }
324 :
325 : /*
326 : * Transfer one control message, without timeouts, but allowing early
327 : * termination. Return codes are USB_STOR_XFER_xxx.
328 : */
329 : int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe,
330 : u8 request, u8 requesttype, u16 value, u16 index,
331 : void *data, u16 size)
332 0 : {
333 0 : int result;
334 :
335 : US_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
336 : __func__, request, requesttype,
337 : value, index, size);
338 :
339 : /* fill in the devrequest structure */
340 0 : us->cr->bRequestType = requesttype;
341 0 : us->cr->bRequest = request;
342 0 : us->cr->wValue = cpu_to_le16(value);
343 0 : us->cr->wIndex = cpu_to_le16(index);
344 0 : us->cr->wLength = cpu_to_le16(size);
345 :
346 : /* fill and submit the URB */
347 0 : usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe,
348 : (unsigned char*) us->cr, data, size,
349 : usb_stor_blocking_completion, NULL);
350 0 : result = usb_stor_msg_common(us, 0);
351 :
352 0 : return interpret_urb_result(us, pipe, size, result,
353 : us->current_urb->actual_length);
354 : }
355 : EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer);
356 :
357 : /*
358 : * Receive one interrupt buffer, without timeouts, but allowing early
359 : * termination. Return codes are USB_STOR_XFER_xxx.
360 : *
361 : * This routine always uses us->recv_intr_pipe as the pipe and
362 : * us->ep_bInterval as the interrupt interval.
363 : */
364 : static int usb_stor_intr_transfer(struct us_data *us, void *buf,
365 : unsigned int length)
366 0 : {
367 0 : int result;
368 0 : unsigned int pipe = us->recv_intr_pipe;
369 0 : unsigned int maxp;
370 0 :
371 : US_DEBUGP("%s: xfer %u bytes\n", __func__, length);
372 :
373 : /* calculate the max packet size */
374 0 : maxp = usb_maxpacket(us->pusb_dev, pipe, usb_pipeout(pipe));
375 0 : if (maxp > length)
376 0 : maxp = length;
377 :
378 : /* fill and submit the URB */
379 0 : usb_fill_int_urb(us->current_urb, us->pusb_dev, pipe, buf,
380 : maxp, usb_stor_blocking_completion, NULL,
381 : us->ep_bInterval);
382 0 : result = usb_stor_msg_common(us, 0);
383 :
384 0 : return interpret_urb_result(us, pipe, length, result,
385 : us->current_urb->actual_length);
386 : }
387 :
388 : /*
389 : * Transfer one buffer via bulk pipe, without timeouts, but allowing early
390 : * termination. Return codes are USB_STOR_XFER_xxx. If the bulk pipe
391 : * stalls during the transfer, the halt is automatically cleared.
392 : */
393 : int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe,
394 : void *buf, unsigned int length, unsigned int *act_len)
395 : {
396 8 : int result;
397 8 :
398 : US_DEBUGP("%s: xfer %u bytes\n", __func__, length);
399 :
400 : /* fill and submit the URB */
401 16 : usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, buf, length,
402 : usb_stor_blocking_completion, NULL);
403 32 : result = usb_stor_msg_common(us, 0);
404 :
405 : /* store the actual length of the data transferred */
406 16 : if (act_len)
407 8 : *act_len = us->current_urb->actual_length;
408 32 : return interpret_urb_result(us, pipe, length, result,
409 : us->current_urb->actual_length);
410 : }
411 : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf);
412 :
413 : /*
414 : * Transfer a scatter-gather list via bulk transfer
415 : *
416 : * This function does basically the same thing as usb_stor_bulk_transfer_buf()
417 : * above, but it uses the usbcore scatter-gather library.
418 : */
419 : static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe,
420 : struct scatterlist *sg, int num_sg, unsigned int length,
421 : unsigned int *act_len)
422 : {
423 0 : int result;
424 0 :
425 0 : /* don't submit s-g requests during abort processing */
426 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags))
427 0 : return USB_STOR_XFER_ERROR;
428 :
429 : /* initialize the scatter-gather request block */
430 : US_DEBUGP("%s: xfer %u bytes, %d entries\n", __func__,
431 : length, num_sg);
432 0 : result = usb_sg_init(&us->current_sg, us->pusb_dev, pipe, 0,
433 : sg, num_sg, length, GFP_NOIO);
434 0 : if (result) {
435 : US_DEBUGP("usb_sg_init returned %d\n", result);
436 0 : return USB_STOR_XFER_ERROR;
437 : }
438 :
439 : /* since the block has been initialized successfully, it's now
440 : * okay to cancel it */
441 0 : set_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
442 :
443 : /* did an abort occur during the submission? */
444 0 : if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
445 :
446 : /* cancel the request, if it hasn't been cancelled already */
447 0 : if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
448 : US_DEBUGP("-- cancelling sg request\n");
449 0 : usb_sg_cancel(&us->current_sg);
450 : }
451 : }
452 :
453 : /* wait for the completion of the transfer */
454 0 : usb_sg_wait(&us->current_sg);
455 0 : clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
456 :
457 0 : result = us->current_sg.status;
458 0 : if (act_len)
459 0 : *act_len = us->current_sg.bytes;
460 0 : return interpret_urb_result(us, pipe, length, result,
461 : us->current_sg.bytes);
462 : }
463 :
464 : /*
465 : * Common used function. Transfer a complete command
466 : * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid
467 : */
468 : int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe,
469 : struct scsi_cmnd* srb)
470 0 : {
471 0 : unsigned int partial;
472 0 : int result = usb_stor_bulk_transfer_sglist(us, pipe, scsi_sglist(srb),
473 0 : scsi_sg_count(srb), scsi_bufflen(srb),
474 0 : &partial);
475 0 :
476 0 : scsi_set_resid(srb, scsi_bufflen(srb) - partial);
477 0 : return result;
478 : }
479 : EXPORT_SYMBOL_GPL(usb_stor_bulk_srb);
480 :
481 : /*
482 : * Transfer an entire SCSI command's worth of data payload over the bulk
483 : * pipe.
484 : *
485 : * Note that this uses usb_stor_bulk_transfer_buf() and
486 : * usb_stor_bulk_transfer_sglist() to achieve its goals --
487 : * this function simply determines whether we're going to use
488 : * scatter-gather or not, and acts appropriately.
489 : */
490 : int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe,
491 : void *buf, unsigned int length_left, int use_sg, int *residual)
492 : {
493 0 : int result;
494 0 : unsigned int partial;
495 :
496 : /* are we scatter-gathering? */
497 0 : if (use_sg) {
498 : /* use the usb core scatter-gather primitives */
499 0 : result = usb_stor_bulk_transfer_sglist(us, pipe,
500 : (struct scatterlist *) buf, use_sg,
501 : length_left, &partial);
502 0 : length_left -= partial;
503 : } else {
504 : /* no scatter-gather, just make the request */
505 0 : result = usb_stor_bulk_transfer_buf(us, pipe, buf,
506 : length_left, &partial);
507 0 : length_left -= partial;
508 : }
509 :
510 : /* store the residual and return the error code */
511 0 : if (residual)
512 0 : *residual = length_left;
513 0 : return result;
514 : }
515 : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg);
516 :
517 : /***********************************************************************
518 : * Transport routines
519 : ***********************************************************************/
520 :
521 : /* There are so many devices that report the capacity incorrectly,
522 : * this routine was written to counteract some of the resulting
523 : * problems.
524 : */
525 : static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb)
526 : {
527 0 : struct gendisk *disk;
528 0 : struct scsi_disk *sdkp;
529 0 : u32 sector;
530 0 :
531 0 : /* To Report "Medium Error: Record Not Found */
532 0 : static unsigned char record_not_found[18] = {
533 0 : [0] = 0x70, /* current error */
534 0 : [2] = MEDIUM_ERROR, /* = 0x03 */
535 : [7] = 0x0a, /* additional length */
536 : [12] = 0x14 /* Record Not Found */
537 : };
538 :
539 : /* If last-sector problems can't occur, whether because the
540 : * capacity was already decremented or because the device is
541 : * known to report the correct capacity, then we don't need
542 : * to do anything.
543 : */
544 0 : if (!us->use_last_sector_hacks)
545 0 : return;
546 :
547 : /* Was this command a READ(10) or a WRITE(10)? */
548 0 : if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10)
549 0 : goto done;
550 :
551 : /* Did this command access the last sector? */
552 0 : sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) |
553 : (srb->cmnd[4] << 8) | (srb->cmnd[5]);
554 0 : disk = srb->request->rq_disk;
555 0 : if (!disk)
556 0 : goto done;
557 0 : sdkp = scsi_disk(disk);
558 0 : if (!sdkp)
559 0 : goto done;
560 0 : if (sector + 1 != sdkp->capacity)
561 0 : goto done;
562 :
563 0 : if (srb->result == SAM_STAT_GOOD && scsi_get_resid(srb) == 0) {
564 :
565 : /* The command succeeded. We know this device doesn't
566 0 : * have the last-sector bug, so stop checking it.
567 : */
568 0 : us->use_last_sector_hacks = 0;
569 :
570 : } else {
571 : /* The command failed. Allow up to 3 retries in case this
572 : * is some normal sort of failure. After that, assume the
573 : * capacity is wrong and we're trying to access the sector
574 : * beyond the end. Replace the result code and sense data
575 : * with values that will cause the SCSI core to fail the
576 : * command immediately, instead of going into an infinite
577 : * (or even just a very long) retry loop.
578 : */
579 0 : if (++us->last_sector_retries < 3)
580 0 : return;
581 0 : srb->result = SAM_STAT_CHECK_CONDITION;
582 0 : memcpy(srb->sense_buffer, record_not_found,
583 : sizeof(record_not_found));
584 : }
585 0 :
586 : done:
587 : /* Don't reset the retry counter for TEST UNIT READY commands,
588 : * because they get issued after device resets which might be
589 : * caused by a failed last-sector access.
590 : */
591 0 : if (srb->cmnd[0] != TEST_UNIT_READY)
592 0 : us->last_sector_retries = 0;
593 0 : }
594 :
595 : /* Invoke the transport and basic error-handling/recovery methods
596 : *
597 : * This is used by the protocol layers to actually send the message to
598 : * the device and receive the response.
599 : */
600 : void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us)
601 : {
602 0 : int need_auto_sense;
603 0 : int result;
604 0 :
605 0 : /* send the command to the transport layer */
606 0 : scsi_set_resid(srb, 0);
607 0 : result = us->transport(srb, us);
608 0 :
609 0 : /* if the command gets aborted by the higher layers, we need to
610 0 : * short-circuit all other processing
611 0 : */
612 0 : if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
613 0 : US_DEBUGP("-- command was aborted\n");
614 0 : srb->result = DID_ABORT << 16;
615 0 : goto Handle_Errors;
616 0 : }
617 0 :
618 0 : /* if there is a transport error, reset and don't auto-sense */
619 0 : if (result == USB_STOR_TRANSPORT_ERROR) {
620 0 : US_DEBUGP("-- transport indicates error, resetting\n");
621 0 : srb->result = DID_ERROR << 16;
622 0 : goto Handle_Errors;
623 0 : }
624 0 :
625 : /* if the transport provided its own sense data, don't auto-sense */
626 0 : if (result == USB_STOR_TRANSPORT_NO_SENSE) {
627 0 : srb->result = SAM_STAT_CHECK_CONDITION;
628 0 : last_sector_hacks(us, srb);
629 0 : return;
630 : }
631 :
632 0 : srb->result = SAM_STAT_GOOD;
633 :
634 : /* Determine if we need to auto-sense
635 : *
636 : * I normally don't use a flag like this, but it's almost impossible
637 : * to understand what's going on here if I don't.
638 : */
639 0 : need_auto_sense = 0;
640 :
641 : /*
642 : * If we're running the CB transport, which is incapable
643 : * of determining status on its own, we will auto-sense
644 : * unless the operation involved a data-in transfer. Devices
645 : * can signal most data-in errors by stalling the bulk-in pipe.
646 : */
647 0 : if ((us->protocol == US_PR_CB || us->protocol == US_PR_DPCM_USB) &&
648 : srb->sc_data_direction != DMA_FROM_DEVICE) {
649 : US_DEBUGP("-- CB transport device requiring auto-sense\n");
650 0 : need_auto_sense = 1;
651 : }
652 :
653 : /*
654 : * If we have a failure, we're going to do a REQUEST_SENSE
655 : * automatically. Note that we differentiate between a command
656 : * "failure" and an "error" in the transport mechanism.
657 : */
658 0 : if (result == USB_STOR_TRANSPORT_FAILED) {
659 : US_DEBUGP("-- transport indicates command failure\n");
660 0 : need_auto_sense = 1;
661 : }
662 :
663 : /*
664 : * Determine if this device is SAT by seeing if the
665 : * command executed successfully. Otherwise we'll have
666 : * to wait for at least one CHECK_CONDITION to determine
667 : * SANE_SENSE support
668 : */
669 0 : if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) &&
670 : result == USB_STOR_TRANSPORT_GOOD &&
671 : !(us->fflags & US_FL_SANE_SENSE) &&
672 : !(us->fflags & US_FL_BAD_SENSE) &&
673 : !(srb->cmnd[2] & 0x20))) {
674 : US_DEBUGP("-- SAT supported, increasing auto-sense\n");
675 0 : us->fflags |= US_FL_SANE_SENSE;
676 : }
677 :
678 : /*
679 : * A short transfer on a command where we don't expect it
680 : * is unusual, but it doesn't mean we need to auto-sense.
681 : */
682 0 : if ((scsi_get_resid(srb) > 0) &&
683 : !((srb->cmnd[0] == REQUEST_SENSE) ||
684 : (srb->cmnd[0] == INQUIRY) ||
685 : (srb->cmnd[0] == MODE_SENSE) ||
686 : (srb->cmnd[0] == LOG_SENSE) ||
687 : (srb->cmnd[0] == MODE_SENSE_10))) {
688 : US_DEBUGP("-- unexpectedly short transfer\n");
689 : }
690 :
691 : /* Now, if we need to do the auto-sense, let's do it */
692 0 : if (need_auto_sense) {
693 : int temp_result;
694 : struct scsi_eh_save ses;
695 0 : int sense_size = US_SENSE_SIZE;
696 : struct scsi_sense_hdr sshdr;
697 : const u8 *scdd;
698 : u8 fm_ili;
699 :
700 : /* device supports and needs bigger sense buffer */
701 0 : if (us->fflags & US_FL_SANE_SENSE)
702 0 : sense_size = ~0;
703 : Retry_Sense:
704 : US_DEBUGP("Issuing auto-REQUEST_SENSE\n");
705 :
706 0 : scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sense_size);
707 :
708 : /* FIXME: we must do the protocol translation here */
709 0 : if (us->subclass == US_SC_RBC || us->subclass == US_SC_SCSI ||
710 : us->subclass == US_SC_CYP_ATACB)
711 0 : srb->cmd_len = 6;
712 : else
713 0 : srb->cmd_len = 12;
714 :
715 : /* issue the auto-sense command */
716 0 : scsi_set_resid(srb, 0);
717 0 : temp_result = us->transport(us->srb, us);
718 :
719 : /* let's clean up right away */
720 0 : scsi_eh_restore_cmnd(srb, &ses);
721 :
722 0 : if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
723 : US_DEBUGP("-- auto-sense aborted\n");
724 0 : srb->result = DID_ABORT << 16;
725 :
726 : /* If SANE_SENSE caused this problem, disable it */
727 0 : if (sense_size != US_SENSE_SIZE) {
728 0 : us->fflags &= ~US_FL_SANE_SENSE;
729 0 : us->fflags |= US_FL_BAD_SENSE;
730 : }
731 0 : goto Handle_Errors;
732 : }
733 :
734 : /* Some devices claim to support larger sense but fail when
735 : * trying to request it. When a transport failure happens
736 : * using US_FS_SANE_SENSE, we always retry with a standard
737 : * (small) sense request. This fixes some USB GSM modems
738 : */
739 0 : if (temp_result == USB_STOR_TRANSPORT_FAILED &&
740 : sense_size != US_SENSE_SIZE) {
741 : US_DEBUGP("-- auto-sense failure, retry small sense\n");
742 0 : sense_size = US_SENSE_SIZE;
743 0 : us->fflags &= ~US_FL_SANE_SENSE;
744 0 : us->fflags |= US_FL_BAD_SENSE;
745 0 : goto Retry_Sense;
746 : }
747 :
748 : /* Other failures */
749 0 : if (temp_result != USB_STOR_TRANSPORT_GOOD) {
750 : US_DEBUGP("-- auto-sense failure\n");
751 :
752 : /* we skip the reset if this happens to be a
753 : * multi-target device, since failure of an
754 : * auto-sense is perfectly valid
755 : */
756 0 : srb->result = DID_ERROR << 16;
757 0 : if (!(us->fflags & US_FL_SCM_MULT_TARG))
758 0 : goto Handle_Errors;
759 0 : return;
760 : }
761 :
762 : /* If the sense data returned is larger than 18-bytes then we
763 : * assume this device supports requesting more in the future.
764 : * The response code must be 70h through 73h inclusive.
765 : */
766 0 : if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) &&
767 : !(us->fflags & US_FL_SANE_SENSE) &&
768 : !(us->fflags & US_FL_BAD_SENSE) &&
769 : (srb->sense_buffer[0] & 0x7C) == 0x70) {
770 : US_DEBUGP("-- SANE_SENSE support enabled\n");
771 0 : us->fflags |= US_FL_SANE_SENSE;
772 :
773 : /* Indicate to the user that we truncated their sense
774 : * because we didn't know it supported larger sense.
775 : */
776 : US_DEBUGP("-- Sense data truncated to %i from %i\n",
777 : US_SENSE_SIZE,
778 : srb->sense_buffer[7] + 8);
779 0 : srb->sense_buffer[7] = (US_SENSE_SIZE - 8);
780 : }
781 :
782 0 : scsi_normalize_sense(srb->sense_buffer, SCSI_SENSE_BUFFERSIZE,
783 : &sshdr);
784 :
785 : US_DEBUGP("-- Result from auto-sense is %d\n", temp_result);
786 : US_DEBUGP("-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
787 : sshdr.response_code, sshdr.sense_key,
788 : sshdr.asc, sshdr.ascq);
789 : #ifdef CONFIG_USB_STORAGE_DEBUG
790 : usb_stor_show_sense(sshdr.sense_key, sshdr.asc, sshdr.ascq);
791 : #endif
792 :
793 : /* set the result so the higher layers expect this data */
794 0 : srb->result = SAM_STAT_CHECK_CONDITION;
795 :
796 0 : scdd = scsi_sense_desc_find(srb->sense_buffer,
797 : SCSI_SENSE_BUFFERSIZE, 4);
798 0 : fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0;
799 :
800 : /* We often get empty sense data. This could indicate that
801 : * everything worked or that there was an unspecified
802 : * problem. We have to decide which.
803 : */
804 0 : if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 &&
805 : fm_ili == 0) {
806 : /* If things are really okay, then let's show that.
807 : * Zero out the sense buffer so the higher layers
808 : * won't realize we did an unsolicited auto-sense.
809 : */
810 0 : if (result == USB_STOR_TRANSPORT_GOOD) {
811 0 : srb->result = SAM_STAT_GOOD;
812 0 : srb->sense_buffer[0] = 0x0;
813 :
814 : /* If there was a problem, report an unspecified
815 : * hardware error to prevent the higher layers from
816 : * entering an infinite retry loop.
817 : */
818 : } else {
819 0 : srb->result = DID_ERROR << 16;
820 0 : if ((sshdr.response_code & 0x72) == 0x72)
821 0 : srb->sense_buffer[1] = HARDWARE_ERROR;
822 : else
823 0 : srb->sense_buffer[2] = HARDWARE_ERROR;
824 : }
825 : }
826 : }
827 :
828 : /* Did we transfer less than the minimum amount required? */
829 0 : if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) &&
830 : scsi_bufflen(srb) - scsi_get_resid(srb) < srb->underflow)
831 0 : srb->result = DID_ERROR << 16;
832 :
833 0 : last_sector_hacks(us, srb);
834 0 : return;
835 0 :
836 : /* Error and abort processing: try to resynchronize with the device
837 : * by issuing a port reset. If that fails, try a class-specific
838 : * device reset. */
839 : Handle_Errors:
840 :
841 : /* Set the RESETTING bit, and clear the ABORTING bit so that
842 : * the reset may proceed. */
843 0 : scsi_lock(us_to_host(us));
844 0 : set_bit(US_FLIDX_RESETTING, &us->dflags);
845 0 : clear_bit(US_FLIDX_ABORTING, &us->dflags);
846 0 : scsi_unlock(us_to_host(us));
847 :
848 : /* We must release the device lock because the pre_reset routine
849 : * will want to acquire it. */
850 0 : mutex_unlock(&us->dev_mutex);
851 0 : result = usb_stor_port_reset(us);
852 0 : mutex_lock(&us->dev_mutex);
853 :
854 0 : if (result < 0) {
855 0 : scsi_lock(us_to_host(us));
856 0 : usb_stor_report_device_reset(us);
857 0 : scsi_unlock(us_to_host(us));
858 0 : us->transport_reset(us);
859 : }
860 0 : clear_bit(US_FLIDX_RESETTING, &us->dflags);
861 0 : last_sector_hacks(us, srb);
862 0 : }
863 :
864 : /* Stop the current URB transfer */
865 : void usb_stor_stop_transport(struct us_data *us)
866 : {
867 1 : US_DEBUGP("%s called\n", __func__);
868 1 :
869 : /* If the state machine is blocked waiting for an URB,
870 : * let's wake it up. The test_and_clear_bit() call
871 : * guarantees that if a URB has just been submitted,
872 : * it won't be cancelled more than once. */
873 4 : if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
874 : US_DEBUGP("-- cancelling URB\n");
875 1 : usb_unlink_urb(us->current_urb);
876 : }
877 :
878 : /* If we are waiting for a scatter-gather operation, cancel it. */
879 4 : if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
880 : US_DEBUGP("-- cancelling sg request\n");
881 1 : usb_sg_cancel(&us->current_sg);
882 1 : }
883 : }
884 :
885 : /*
886 : * Control/Bulk and Control/Bulk/Interrupt transport
887 : */
888 :
889 : int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us)
890 : {
891 0 : unsigned int transfer_length = scsi_bufflen(srb);
892 0 : unsigned int pipe = 0;
893 0 : int result;
894 0 :
895 : /* COMMAND STAGE */
896 : /* let's send the command via the control pipe */
897 0 : result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
898 : US_CBI_ADSC,
899 : USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0,
900 : us->ifnum, srb->cmnd, srb->cmd_len);
901 :
902 : /* check the return code for the command */
903 : US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result);
904 :
905 : /* if we stalled the command, it means command failed */
906 0 : if (result == USB_STOR_XFER_STALLED) {
907 0 : return USB_STOR_TRANSPORT_FAILED;
908 : }
909 :
910 : /* Uh oh... serious problem here */
911 0 : if (result != USB_STOR_XFER_GOOD) {
912 0 : return USB_STOR_TRANSPORT_ERROR;
913 : }
914 :
915 : /* DATA STAGE */
916 : /* transfer the data payload for this command, if one exists*/
917 0 : if (transfer_length) {
918 0 : pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
919 : us->recv_bulk_pipe : us->send_bulk_pipe;
920 0 : result = usb_stor_bulk_srb(us, pipe, srb);
921 : US_DEBUGP("CBI data stage result is 0x%x\n", result);
922 :
923 : /* if we stalled the data transfer it means command failed */
924 0 : if (result == USB_STOR_XFER_STALLED)
925 0 : return USB_STOR_TRANSPORT_FAILED;
926 0 : if (result > USB_STOR_XFER_STALLED)
927 0 : return USB_STOR_TRANSPORT_ERROR;
928 : }
929 :
930 : /* STATUS STAGE */
931 :
932 : /* NOTE: CB does not have a status stage. Silly, I know. So
933 : * we have to catch this at a higher level.
934 : */
935 0 : if (us->protocol != US_PR_CBI)
936 0 : return USB_STOR_TRANSPORT_GOOD;
937 :
938 0 : result = usb_stor_intr_transfer(us, us->iobuf, 2);
939 : US_DEBUGP("Got interrupt data (0x%x, 0x%x)\n",
940 : us->iobuf[0], us->iobuf[1]);
941 0 : if (result != USB_STOR_XFER_GOOD)
942 0 : return USB_STOR_TRANSPORT_ERROR;
943 :
944 : /* UFI gives us ASC and ASCQ, like a request sense
945 : *
946 : * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
947 : * devices, so we ignore the information for those commands. Note
948 : * that this means we could be ignoring a real error on these
949 : * commands, but that can't be helped.
950 : */
951 0 : if (us->subclass == US_SC_UFI) {
952 0 : if (srb->cmnd[0] == REQUEST_SENSE ||
953 : srb->cmnd[0] == INQUIRY)
954 0 : return USB_STOR_TRANSPORT_GOOD;
955 0 : if (us->iobuf[0])
956 0 : goto Failed;
957 0 : return USB_STOR_TRANSPORT_GOOD;
958 : }
959 :
960 : /* If not UFI, we interpret the data as a result code
961 : * The first byte should always be a 0x0.
962 : *
963 : * Some bogus devices don't follow that rule. They stuff the ASC
964 : * into the first byte -- so if it's non-zero, call it a failure.
965 : */
966 0 : if (us->iobuf[0]) {
967 : US_DEBUGP("CBI IRQ data showed reserved bType 0x%x\n",
968 : us->iobuf[0]);
969 0 : goto Failed;
970 :
971 : }
972 :
973 : /* The second byte & 0x0F should be 0x0 for good, otherwise error */
974 0 : switch (us->iobuf[1] & 0x0F) {
975 0 : case 0x00:
976 0 : return USB_STOR_TRANSPORT_GOOD;
977 0 : case 0x01:
978 0 : goto Failed;
979 0 : }
980 0 : return USB_STOR_TRANSPORT_ERROR;
981 0 :
982 : /* the CBI spec requires that the bulk pipe must be cleared
983 : * following any data-in/out command failure (section 2.4.3.1.3)
984 : */
985 : Failed:
986 0 : if (pipe)
987 0 : usb_stor_clear_halt(us, pipe);
988 0 : return USB_STOR_TRANSPORT_FAILED;
989 : }
990 : EXPORT_SYMBOL_GPL(usb_stor_CB_transport);
991 :
992 : /*
993 : * Bulk only transport
994 : */
995 :
996 : /* Determine what the maximum LUN supported is */
997 : int usb_stor_Bulk_max_lun(struct us_data *us)
998 : {
999 0 : int result;
1000 :
1001 : /* issue the command */
1002 0 : us->iobuf[0] = 0;
1003 0 : result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
1004 : US_BULK_GET_MAX_LUN,
1005 : USB_DIR_IN | USB_TYPE_CLASS |
1006 : USB_RECIP_INTERFACE,
1007 : 0, us->ifnum, us->iobuf, 1, 10*HZ);
1008 :
1009 : US_DEBUGP("GetMaxLUN command result is %d, data is %d\n",
1010 : result, us->iobuf[0]);
1011 :
1012 : /* if we have a successful request, return the result */
1013 0 : if (result > 0)
1014 0 : return us->iobuf[0];
1015 :
1016 : /*
1017 : * Some devices don't like GetMaxLUN. They may STALL the control
1018 : * pipe, they may return a zero-length result, they may do nothing at
1019 : * all and timeout, or they may fail in even more bizarrely creative
1020 : * ways. In these cases the best approach is to use the default
1021 : * value: only one LUN.
1022 : */
1023 0 : return 0;
1024 : }
1025 :
1026 : int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us)
1027 : {
1028 0 : struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf;
1029 0 : struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf;
1030 0 : unsigned int transfer_length = scsi_bufflen(srb);
1031 0 : unsigned int residue;
1032 0 : int result;
1033 0 : int fake_sense = 0;
1034 0 : unsigned int cswlen;
1035 0 : unsigned int cbwlen = US_BULK_CB_WRAP_LEN;
1036 0 :
1037 0 : /* Take care of BULK32 devices; set extra byte to 0 */
1038 0 : if (unlikely(us->fflags & US_FL_BULK32)) {
1039 0 : cbwlen = 32;
1040 0 : us->iobuf[31] = 0;
1041 0 : }
1042 0 :
1043 0 : /* set up the command wrapper */
1044 0 : bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
1045 0 : bcb->DataTransferLength = cpu_to_le32(transfer_length);
1046 0 : bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ? 1 << 7 : 0;
1047 0 : bcb->Tag = ++us->tag;
1048 0 : bcb->Lun = srb->device->lun;
1049 0 : if (us->fflags & US_FL_SCM_MULT_TARG)
1050 0 : bcb->Lun |= srb->device->id << 4;
1051 0 : bcb->Length = srb->cmd_len;
1052 :
1053 : /* copy the command payload */
1054 0 : memset(bcb->CDB, 0, sizeof(bcb->CDB));
1055 0 : memcpy(bcb->CDB, srb->cmnd, bcb->Length);
1056 :
1057 : /* send it to out endpoint */
1058 : US_DEBUGP("Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n",
1059 : le32_to_cpu(bcb->Signature), bcb->Tag,
1060 : le32_to_cpu(bcb->DataTransferLength), bcb->Flags,
1061 : (bcb->Lun >> 4), (bcb->Lun & 0x0F),
1062 : bcb->Length);
1063 0 : result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
1064 : bcb, cbwlen, NULL);
1065 : US_DEBUGP("Bulk command transfer result=%d\n", result);
1066 0 : if (result != USB_STOR_XFER_GOOD)
1067 0 : return USB_STOR_TRANSPORT_ERROR;
1068 :
1069 : /* DATA STAGE */
1070 : /* send/receive data payload, if there is any */
1071 :
1072 : /* Some USB-IDE converter chips need a 100us delay between the
1073 : * command phase and the data phase. Some devices need a little
1074 : * more than that, probably because of clock rate inaccuracies. */
1075 0 : if (unlikely(us->fflags & US_FL_GO_SLOW))
1076 0 : udelay(125);
1077 :
1078 0 : if (transfer_length) {
1079 0 : unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ?
1080 : us->recv_bulk_pipe : us->send_bulk_pipe;
1081 0 : result = usb_stor_bulk_srb(us, pipe, srb);
1082 : US_DEBUGP("Bulk data transfer result 0x%x\n", result);
1083 0 : if (result == USB_STOR_XFER_ERROR)
1084 0 : return USB_STOR_TRANSPORT_ERROR;
1085 :
1086 : /* If the device tried to send back more data than the
1087 : * amount requested, the spec requires us to transfer
1088 : * the CSW anyway. Since there's no point retrying the
1089 : * the command, we'll return fake sense data indicating
1090 : * Illegal Request, Invalid Field in CDB.
1091 : */
1092 0 : if (result == USB_STOR_XFER_LONG)
1093 0 : fake_sense = 1;
1094 : }
1095 :
1096 : /* See flow chart on pg 15 of the Bulk Only Transport spec for
1097 : * an explanation of how this code works.
1098 : */
1099 :
1100 : /* get CSW for device status */
1101 : US_DEBUGP("Attempting to get CSW...\n");
1102 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1103 : bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1104 :
1105 : /* Some broken devices add unnecessary zero-length packets to the
1106 : * end of their data transfers. Such packets show up as 0-length
1107 : * CSWs. If we encounter such a thing, try to read the CSW again.
1108 : */
1109 0 : if (result == USB_STOR_XFER_SHORT && cswlen == 0) {
1110 : US_DEBUGP("Received 0-length CSW; retrying...\n");
1111 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1112 : bcs, US_BULK_CS_WRAP_LEN, &cswlen);
1113 : }
1114 :
1115 : /* did the attempt to read the CSW fail? */
1116 0 : if (result == USB_STOR_XFER_STALLED) {
1117 :
1118 : /* get the status again */
1119 : US_DEBUGP("Attempting to get CSW (2nd try)...\n");
1120 0 : result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
1121 : bcs, US_BULK_CS_WRAP_LEN, NULL);
1122 : }
1123 :
1124 : /* if we still have a failure at this point, we're in trouble */
1125 : US_DEBUGP("Bulk status result = %d\n", result);
1126 0 : if (result != USB_STOR_XFER_GOOD)
1127 0 : return USB_STOR_TRANSPORT_ERROR;
1128 :
1129 : /* check bulk status */
1130 0 : residue = le32_to_cpu(bcs->Residue);
1131 : US_DEBUGP("Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n",
1132 : le32_to_cpu(bcs->Signature), bcs->Tag,
1133 : residue, bcs->Status);
1134 0 : if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) ||
1135 : bcs->Status > US_BULK_STAT_PHASE) {
1136 : US_DEBUGP("Bulk logical error\n");
1137 0 : return USB_STOR_TRANSPORT_ERROR;
1138 : }
1139 :
1140 : /* Some broken devices report odd signatures, so we do not check them
1141 : * for validity against the spec. We store the first one we see,
1142 : * and check subsequent transfers for validity against this signature.
1143 : */
1144 0 : if (!us->bcs_signature) {
1145 0 : us->bcs_signature = bcs->Signature;
1146 : if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN))
1147 : US_DEBUGP("Learnt BCS signature 0x%08X\n",
1148 : le32_to_cpu(us->bcs_signature));
1149 0 : } else if (bcs->Signature != us->bcs_signature) {
1150 : US_DEBUGP("Signature mismatch: got %08X, expecting %08X\n",
1151 : le32_to_cpu(bcs->Signature),
1152 : le32_to_cpu(us->bcs_signature));
1153 0 : return USB_STOR_TRANSPORT_ERROR;
1154 : }
1155 :
1156 : /* try to compute the actual residue, based on how much data
1157 : * was really transferred and what the device tells us */
1158 0 : if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) {
1159 :
1160 : /* Heuristically detect devices that generate bogus residues
1161 : * by seeing what happens with INQUIRY and READ CAPACITY
1162 : * commands.
1163 : */
1164 0 : if (bcs->Status == US_BULK_STAT_OK &&
1165 : scsi_get_resid(srb) == 0 &&
1166 : ((srb->cmnd[0] == INQUIRY &&
1167 0 : transfer_length == 36) ||
1168 : (srb->cmnd[0] == READ_CAPACITY &&
1169 : transfer_length == 8))) {
1170 0 : us->fflags |= US_FL_IGNORE_RESIDUE;
1171 :
1172 : } else {
1173 0 : residue = min(residue, transfer_length);
1174 0 : scsi_set_resid(srb, max(scsi_get_resid(srb),
1175 : (int) residue));
1176 : }
1177 : }
1178 :
1179 : /* based on the status code, we report good or bad */
1180 0 : switch (bcs->Status) {
1181 0 : case US_BULK_STAT_OK:
1182 : /* device babbled -- return fake sense data */
1183 0 : if (fake_sense) {
1184 0 : memcpy(srb->sense_buffer,
1185 : usb_stor_sense_invalidCDB,
1186 : sizeof(usb_stor_sense_invalidCDB));
1187 0 : return USB_STOR_TRANSPORT_NO_SENSE;
1188 : }
1189 :
1190 : /* command good -- note that data could be short */
1191 0 : return USB_STOR_TRANSPORT_GOOD;
1192 0 :
1193 0 : case US_BULK_STAT_FAIL:
1194 : /* command failed */
1195 0 : return USB_STOR_TRANSPORT_FAILED;
1196 0 :
1197 0 : case US_BULK_STAT_PHASE:
1198 : /* phase error -- note that a transport reset will be
1199 : * invoked by the invoke_transport() function
1200 : */
1201 0 : return USB_STOR_TRANSPORT_ERROR;
1202 0 : }
1203 :
1204 : /* we should never get here, but if we do, we're in trouble */
1205 0 : return USB_STOR_TRANSPORT_ERROR;
1206 : }
1207 : EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport);
1208 :
1209 : /***********************************************************************
1210 : * Reset routines
1211 : ***********************************************************************/
1212 :
1213 : /* This is the common part of the device reset code.
1214 : *
1215 : * It's handy that every transport mechanism uses the control endpoint for
1216 : * resets.
1217 : *
1218 : * Basically, we send a reset with a 5-second timeout, so we don't get
1219 : * jammed attempting to do the reset.
1220 : */
1221 : static int usb_stor_reset_common(struct us_data *us,
1222 : u8 request, u8 requesttype,
1223 : u16 value, u16 index, void *data, u16 size)
1224 0 : {
1225 0 : int result;
1226 0 : int result2;
1227 0 :
1228 0 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1229 0 : US_DEBUGP("No reset during disconnect\n");
1230 0 : return -EIO;
1231 0 : }
1232 0 :
1233 0 : result = usb_stor_control_msg(us, us->send_ctrl_pipe,
1234 0 : request, requesttype, value, index, data, size,
1235 : 5*HZ);
1236 0 : if (result < 0) {
1237 : US_DEBUGP("Soft reset failed: %d\n", result);
1238 0 : return result;
1239 : }
1240 :
1241 : /* Give the device some time to recover from the reset,
1242 : * but don't delay disconnect processing. */
1243 0 : wait_event_interruptible_timeout(us->delay_wait,
1244 0 : test_bit(US_FLIDX_DISCONNECTING, &us->dflags),
1245 0 : HZ*6);
1246 0 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1247 : US_DEBUGP("Reset interrupted by disconnect\n");
1248 0 : return -EIO;
1249 : }
1250 :
1251 : US_DEBUGP("Soft reset: clearing bulk-in endpoint halt\n");
1252 0 : result = usb_stor_clear_halt(us, us->recv_bulk_pipe);
1253 :
1254 : US_DEBUGP("Soft reset: clearing bulk-out endpoint halt\n");
1255 0 : result2 = usb_stor_clear_halt(us, us->send_bulk_pipe);
1256 :
1257 : /* return a result code based on the result of the clear-halts */
1258 0 : if (result >= 0)
1259 0 : result = result2;
1260 : if (result < 0)
1261 : US_DEBUGP("Soft reset failed\n");
1262 : else
1263 : US_DEBUGP("Soft reset done\n");
1264 0 : return result;
1265 : }
1266 :
1267 : /* This issues a CB[I] Reset to the device in question
1268 : */
1269 : #define CB_RESET_CMD_SIZE 12
1270 :
1271 : int usb_stor_CB_reset(struct us_data *us)
1272 : {
1273 0 : US_DEBUGP("%s called\n", __func__);
1274 :
1275 0 : memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE);
1276 0 : us->iobuf[0] = SEND_DIAGNOSTIC;
1277 0 : us->iobuf[1] = 4;
1278 0 : return usb_stor_reset_common(us, US_CBI_ADSC,
1279 : USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1280 : 0, us->ifnum, us->iobuf, CB_RESET_CMD_SIZE);
1281 : }
1282 : EXPORT_SYMBOL_GPL(usb_stor_CB_reset);
1283 :
1284 : /* This issues a Bulk-only Reset to the device in question, including
1285 : * clearing the subsequent endpoint halts that may occur.
1286 : */
1287 : int usb_stor_Bulk_reset(struct us_data *us)
1288 : {
1289 0 : US_DEBUGP("%s called\n", __func__);
1290 :
1291 0 : return usb_stor_reset_common(us, US_BULK_RESET_REQUEST,
1292 : USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1293 : 0, us->ifnum, NULL, 0);
1294 : }
1295 : EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset);
1296 :
1297 : /* Issue a USB port reset to the device. The caller must not hold
1298 : * us->dev_mutex.
1299 : */
1300 : int usb_stor_port_reset(struct us_data *us)
1301 : {
1302 1 : int result;
1303 1 :
1304 2 : result = usb_lock_device_for_reset(us->pusb_dev, us->pusb_intf);
1305 2 : if (result < 0)
1306 : US_DEBUGP("unable to lock device for reset: %d\n", result);
1307 : else {
1308 : /* Were we disconnected while waiting for the lock? */
1309 4 : if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
1310 1 : result = -EIO;
1311 : US_DEBUGP("No reset during disconnect\n");
1312 : } else {
1313 2 : result = usb_reset_device(us->pusb_dev);
1314 : US_DEBUGP("usb_reset_device returns %d\n",
1315 : result);
1316 : }
1317 2 : usb_unlock_device(us->pusb_dev);
1318 : }
1319 3 : return result;
1320 : }
|