LCOV - code coverage report
Current view: top level - lkbce/drivers/usb/storage - transport.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 100 438 22.8 %
Date: 2017-01-25 Functions: 7 21 33.3 %

          Line data    Source code
       1             : /* Driver for USB Mass Storage compliant devices
       2             :  *
       3             :  * Current development and maintenance by:
       4             :  *   (c) 1999-2002 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
       5             :  *
       6             :  * Developed with the assistance of:
       7             :  *   (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
       8             :  *   (c) 2000 Stephen J. Gowdy (SGowdy@lbl.gov)
       9             :  *   (c) 2002 Alan Stern <stern@rowland.org>
      10             :  *
      11             :  * Initial work by:
      12             :  *   (c) 1999 Michael Gee (michael@linuxspecific.com)
      13             :  *
      14             :  * This driver is based on the 'USB Mass Storage Class' document. This
      15             :  * describes in detail the protocol used to communicate with such
      16             :  * devices.  Clearly, the designers had SCSI and ATAPI commands in
      17             :  * mind when they created this document.  The commands are all very
      18             :  * similar to commands in the SCSI-II and ATAPI specifications.
      19             :  *
      20             :  * It is important to note that in a number of cases this class
      21             :  * exhibits class-specific exemptions from the USB specification.
      22             :  * Notably the usage of NAK, STALL and ACK differs from the norm, in
      23             :  * that they are used to communicate wait, failed and OK on commands.
      24             :  *
      25             :  * Also, for certain devices, the interrupt endpoint is used to convey
      26             :  * status of a command.
      27             :  *
      28             :  * Please see http://www.one-eyed-alien.net/~mdharm/linux-usb for more
      29             :  * information about this driver.
      30             :  *
      31             :  * This program is free software; you can redistribute it and/or modify it
      32             :  * under the terms of the GNU General Public License as published by the
      33             :  * Free Software Foundation; either version 2, or (at your option) any
      34             :  * later version.
      35             :  *
      36             :  * This program is distributed in the hope that it will be useful, but
      37             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      38             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      39             :  * General Public License for more details.
      40             :  *
      41             :  * You should have received a copy of the GNU General Public License along
      42             :  * with this program; if not, write to the Free Software Foundation, Inc.,
      43             :  * 675 Mass Ave, Cambridge, MA 02139, USA.
      44             :  */
      45             : 
      46             : #include <linux/sched.h>
      47             : #include <linux/errno.h>
      48             : #include <linux/slab.h>
      49             : 
      50             : #include <scsi/scsi.h>
      51             : #include <scsi/scsi_eh.h>
      52             : #include <scsi/scsi_device.h>
      53             : 
      54             : #include "usb.h"
      55             : #include "transport.h"
      56             : #include "protocol.h"
      57             : #include "scsiglue.h"
      58             : #include "debug.h"
      59             : 
      60             : #include <linux/blkdev.h>
      61             : #include "../../scsi/sd.h"
      62             : 
      63             : 
      64             : /***********************************************************************
      65             :  * Data transfer routines
      66             :  ***********************************************************************/
      67             : 
      68             : /*
      69             :  * This is subtle, so pay attention:
      70             :  * ---------------------------------
      71             :  * We're very concerned about races with a command abort.  Hanging this code
      72             :  * is a sure fire way to hang the kernel.  (Note that this discussion applies
      73             :  * only to transactions resulting from a scsi queued-command, since only
      74             :  * these transactions are subject to a scsi abort.  Other transactions, such
      75             :  * as those occurring during device-specific initialization, must be handled
      76             :  * by a separate code path.)
      77             :  *
      78             :  * The abort function (usb_storage_command_abort() in scsiglue.c) first
      79             :  * sets the machine state and the ABORTING bit in us->dflags to prevent
      80             :  * new URBs from being submitted.  It then calls usb_stor_stop_transport()
      81             :  * below, which atomically tests-and-clears the URB_ACTIVE bit in us->dflags
      82             :  * to see if the current_urb needs to be stopped.  Likewise, the SG_ACTIVE
      83             :  * bit is tested to see if the current_sg scatter-gather request needs to be
      84             :  * stopped.  The timeout callback routine does much the same thing.
      85             :  *
      86             :  * When a disconnect occurs, the DISCONNECTING bit in us->dflags is set to
      87             :  * prevent new URBs from being submitted, and usb_stor_stop_transport() is
      88             :  * called to stop any ongoing requests.
      89             :  *
      90             :  * The submit function first verifies that the submitting is allowed
      91             :  * (neither ABORTING nor DISCONNECTING bits are set) and that the submit
      92             :  * completes without errors, and only then sets the URB_ACTIVE bit.  This
      93             :  * prevents the stop_transport() function from trying to cancel the URB
      94             :  * while the submit call is underway.  Next, the submit function must test
      95             :  * the flags to see if an abort or disconnect occurred during the submission
      96             :  * or before the URB_ACTIVE bit was set.  If so, it's essential to cancel
      97             :  * the URB if it hasn't been cancelled already (i.e., if the URB_ACTIVE bit
      98             :  * is still set).  Either way, the function must then wait for the URB to
      99             :  * finish.  Note that the URB can still be in progress even after a call to
     100             :  * usb_unlink_urb() returns.
     101             :  *
     102             :  * The idea is that (1) once the ABORTING or DISCONNECTING bit is set,
     103             :  * either the stop_transport() function or the submitting function
     104             :  * is guaranteed to call usb_unlink_urb() for an active URB,
     105             :  * and (2) test_and_clear_bit() prevents usb_unlink_urb() from being
     106             :  * called more than once or from being called during usb_submit_urb().
     107             :  */
     108             : 
     109             : /* This is the completion handler which will wake us up when an URB
     110             :  * completes.
     111             :  */
     112             : static void usb_stor_blocking_completion(struct urb *urb)
     113             : {
     114           0 :         struct completion *urb_done_ptr = urb->context;
     115             : 
     116           0 :         complete(urb_done_ptr);
     117           0 : }
     118             : 
     119             : /* This is the common part of the URB message submission code
     120             :  *
     121             :  * All URBs from the usb-storage driver involved in handling a queued scsi
     122             :  * command _must_ pass through this function (or something like it) for the
     123             :  * abort mechanisms to work properly.
     124             :  */
     125             : static int usb_stor_msg_common(struct us_data *us, int timeout)
     126             : {
     127          18 :         struct completion urb_done;
     128          18 :         long timeleft;
     129          18 :         int status;
     130          18 : 
     131          18 :         /* don't submit URBs during abort processing */
     132          90 :         if (test_bit(US_FLIDX_ABORTING, &us->dflags))
     133          36 :                 return -EIO;
     134             : 
     135             :         /* set up data structures for the wakeup system */
     136          36 :         init_completion(&urb_done);
     137             : 
     138             :         /* fill the common fields in the URB */
     139          18 :         us->current_urb->context = &urb_done;
     140          18 :         us->current_urb->actual_length = 0;
     141          18 :         us->current_urb->error_count = 0;
     142          18 :         us->current_urb->status = 0;
     143             : 
     144             :         /* we assume that if transfer_buffer isn't us->iobuf then it
     145             :          * hasn't been mapped for DMA.  Yes, this is clunky, but it's
     146             :          * easier than always having the caller tell us whether the
     147             :          * transfer buffer has already been mapped. */
     148          18 :         us->current_urb->transfer_flags = URB_NO_SETUP_DMA_MAP;
     149          72 :         if (us->current_urb->transfer_buffer == us->iobuf)
     150          18 :                 us->current_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
     151          18 :         us->current_urb->transfer_dma = us->iobuf_dma;
     152          18 :         us->current_urb->setup_dma = us->cr_dma;
     153             : 
     154             :         /* submit the URB */
     155          18 :         status = usb_submit_urb(us->current_urb, GFP_NOIO);
     156          36 :         if (status) {
     157             :                 /* something went wrong */
     158          18 :                 return status;
     159             :         }
     160             : 
     161             :         /* since the URB has been submitted successfully, it's now okay
     162             :          * to cancel it */
     163          36 :         set_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
     164             : 
     165             :         /* did an abort occur during the submission? */
     166          72 :         if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
     167             : 
     168             :                 /* cancel the URB, if it hasn't been cancelled already */
     169          72 :                 if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
     170             :                         US_DEBUGP("-- cancelling URB\n");
     171          18 :                         usb_unlink_urb(us->current_urb);
     172             :                 }
     173             :         }
     174             :  
     175             :         /* wait for the completion of the URB */
     176         252 :         timeleft = wait_for_completion_interruptible_timeout(
     177             :                         &urb_done, timeout ? : MAX_SCHEDULE_TIMEOUT);
     178             :  
     179          72 :         clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags);
     180             : 
     181          36 :         if (timeleft <= 0) {
     182             :                 US_DEBUGP("%s -- cancelling URB\n",
     183             :                           timeleft == 0 ? "Timeout" : "Signal");
     184          18 :                 usb_kill_urb(us->current_urb);
     185             :         }
     186             : 
     187             :         /* return the URB status */
     188          18 :         return us->current_urb->status;
     189             : }
     190             : 
     191             : /*
     192             :  * Transfer one control message, with timeouts, and allowing early
     193             :  * termination.  Return codes are usual -Exxx, *not* USB_STOR_XFER_xxx.
     194             :  */
     195             : int usb_stor_control_msg(struct us_data *us, unsigned int pipe,
     196             :                  u8 request, u8 requesttype, u16 value, u16 index, 
     197             :                  void *data, u16 size, int timeout)
     198          10 : {
     199             :         int status;
     200             : 
     201             :         US_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
     202             :                         __func__, request, requesttype,
     203             :                         value, index, size);
     204             : 
     205             :         /* fill in the devrequest structure */
     206          10 :         us->cr->bRequestType = requesttype;
     207          10 :         us->cr->bRequest = request;
     208          10 :         us->cr->wValue = cpu_to_le16(value);
     209          10 :         us->cr->wIndex = cpu_to_le16(index);
     210          10 :         us->cr->wLength = cpu_to_le16(size);
     211             : 
     212             :         /* fill and submit the URB */
     213          30 :         usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 
     214             :                          (unsigned char*) us->cr, data, size, 
     215             :                          usb_stor_blocking_completion, NULL);
     216          40 :         status = usb_stor_msg_common(us, timeout);
     217             : 
     218             :         /* return the actual length of the data transferred if no error */
     219          20 :         if (status == 0)
     220          20 :                 status = us->current_urb->actual_length;
     221          10 :         return status;
     222             : }
     223             : EXPORT_SYMBOL_GPL(usb_stor_control_msg);
     224             : 
     225             : /* This is a version of usb_clear_halt() that allows early termination and
     226             :  * doesn't read the status from the device -- this is because some devices
     227             :  * crash their internal firmware when the status is requested after a halt.
     228             :  *
     229             :  * A definitive list of these 'bad' devices is too difficult to maintain or
     230             :  * make complete enough to be useful.  This problem was first observed on the
     231             :  * Hagiwara FlashGate DUAL unit.  However, bus traces reveal that neither
     232             :  * MacOS nor Windows checks the status after clearing a halt.
     233             :  *
     234             :  * Since many vendors in this space limit their testing to interoperability
     235             :  * with these two OSes, specification violations like this one are common.
     236             :  */
     237             : int usb_stor_clear_halt(struct us_data *us, unsigned int pipe)
     238             : {
     239           8 :         int result;
     240          16 :         int endp = usb_pipeendpoint(pipe);
     241             : 
     242          16 :         if (usb_pipein (pipe))
     243           8 :                 endp |= USB_DIR_IN;
     244             : 
     245          16 :         result = usb_stor_control_msg(us, us->send_ctrl_pipe,
     246             :                 USB_REQ_CLEAR_FEATURE, USB_RECIP_ENDPOINT,
     247             :                 USB_ENDPOINT_HALT, endp,
     248             :                 NULL, 0, 3*HZ);
     249             : 
     250          16 :         if (result >= 0)
     251           8 :                 usb_reset_endpoint(us->pusb_dev, endp);
     252             : 
     253             :         US_DEBUGP("%s: result = %d\n", __func__, result);
     254           8 :         return result;
     255             : }
     256             : EXPORT_SYMBOL_GPL(usb_stor_clear_halt);
     257             : 
     258             : 
     259             : /*
     260             :  * Interpret the results of a URB transfer
     261             :  *
     262             :  * This function prints appropriate debugging messages, clears halts on
     263             :  * non-control endpoints, and translates the status to the corresponding
     264             :  * USB_STOR_XFER_xxx return code.
     265             :  */
     266             : static int interpret_urb_result(struct us_data *us, unsigned int pipe,
     267             :                 unsigned int length, int result, unsigned int partial)
     268             : {
     269           8 :         US_DEBUGP("Status code %d; transferred %u/%u\n",
     270             :                         result, partial, length);
     271             :         switch (result) {
     272             : 
     273             :         /* no error code; did we send all the data? */
     274          24 :         case 0:
     275          16 :                 if (partial != length) {
     276             :                         US_DEBUGP("-- short transfer\n");
     277           8 :                         return USB_STOR_XFER_SHORT;
     278             :                 }
     279             : 
     280             :                 US_DEBUGP("-- transfer complete\n");
     281           8 :                 return USB_STOR_XFER_GOOD;
     282           8 : 
     283             :         /* stalled */
     284          24 :         case -EPIPE:
     285             :                 /* for control endpoints, (used by CB[I]) a stall indicates
     286             :                  * a failed command */
     287          16 :                 if (usb_pipecontrol(pipe)) {
     288             :                         US_DEBUGP("-- stall on control pipe\n");
     289           8 :                         return USB_STOR_XFER_STALLED;
     290             :                 }
     291             : 
     292             :                 /* for other sorts of endpoint, clear the stall */
     293             :                 US_DEBUGP("clearing endpoint halt for pipe 0x%x\n", pipe);
     294          32 :                 if (usb_stor_clear_halt(us, pipe) < 0)
     295           8 :                         return USB_STOR_XFER_ERROR;
     296           8 :                 return USB_STOR_XFER_STALLED;
     297           8 : 
     298             :         /* babble - the device tried to send more than we wanted to read */
     299          24 :         case -EOVERFLOW:
     300             :                 US_DEBUGP("-- babble\n");
     301           8 :                 return USB_STOR_XFER_LONG;
     302           8 : 
     303             :         /* the transfer was cancelled by abort, disconnect, or timeout */
     304          24 :         case -ECONNRESET:
     305             :                 US_DEBUGP("-- transfer cancelled\n");
     306           8 :                 return USB_STOR_XFER_ERROR;
     307           8 : 
     308             :         /* short scatter-gather read transfer */
     309          24 :         case -EREMOTEIO:
     310             :                 US_DEBUGP("-- short read transfer\n");
     311           8 :                 return USB_STOR_XFER_SHORT;
     312           8 : 
     313             :         /* abort or disconnect in progress */
     314          24 :         case -EIO:
     315             :                 US_DEBUGP("-- abort or disconnect in progress\n");
     316           8 :                 return USB_STOR_XFER_ERROR;
     317           8 : 
     318             :         /* the catch-all error case */
     319           8 :         default:
     320           8 :                 US_DEBUGP("-- unknown error\n");
     321           8 :                 return USB_STOR_XFER_ERROR;
     322             :         }
     323             : }
     324             : 
     325             : /*
     326             :  * Transfer one control message, without timeouts, but allowing early
     327             :  * termination.  Return codes are USB_STOR_XFER_xxx.
     328             :  */
     329             : int usb_stor_ctrl_transfer(struct us_data *us, unsigned int pipe,
     330             :                 u8 request, u8 requesttype, u16 value, u16 index,
     331             :                 void *data, u16 size)
     332           0 : {
     333           0 :         int result;
     334             : 
     335             :         US_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n",
     336             :                         __func__, request, requesttype,
     337             :                         value, index, size);
     338             : 
     339             :         /* fill in the devrequest structure */
     340           0 :         us->cr->bRequestType = requesttype;
     341           0 :         us->cr->bRequest = request;
     342           0 :         us->cr->wValue = cpu_to_le16(value);
     343           0 :         us->cr->wIndex = cpu_to_le16(index);
     344           0 :         us->cr->wLength = cpu_to_le16(size);
     345             : 
     346             :         /* fill and submit the URB */
     347           0 :         usb_fill_control_urb(us->current_urb, us->pusb_dev, pipe, 
     348             :                          (unsigned char*) us->cr, data, size, 
     349             :                          usb_stor_blocking_completion, NULL);
     350           0 :         result = usb_stor_msg_common(us, 0);
     351             : 
     352           0 :         return interpret_urb_result(us, pipe, size, result,
     353             :                         us->current_urb->actual_length);
     354             : }
     355             : EXPORT_SYMBOL_GPL(usb_stor_ctrl_transfer);
     356             : 
     357             : /*
     358             :  * Receive one interrupt buffer, without timeouts, but allowing early
     359             :  * termination.  Return codes are USB_STOR_XFER_xxx.
     360             :  *
     361             :  * This routine always uses us->recv_intr_pipe as the pipe and
     362             :  * us->ep_bInterval as the interrupt interval.
     363             :  */
     364             : static int usb_stor_intr_transfer(struct us_data *us, void *buf,
     365             :                                   unsigned int length)
     366           0 : {
     367           0 :         int result;
     368           0 :         unsigned int pipe = us->recv_intr_pipe;
     369           0 :         unsigned int maxp;
     370           0 : 
     371             :         US_DEBUGP("%s: xfer %u bytes\n", __func__, length);
     372             : 
     373             :         /* calculate the max packet size */
     374           0 :         maxp = usb_maxpacket(us->pusb_dev, pipe, usb_pipeout(pipe));
     375           0 :         if (maxp > length)
     376           0 :                 maxp = length;
     377             : 
     378             :         /* fill and submit the URB */
     379           0 :         usb_fill_int_urb(us->current_urb, us->pusb_dev, pipe, buf,
     380             :                         maxp, usb_stor_blocking_completion, NULL,
     381             :                         us->ep_bInterval);
     382           0 :         result = usb_stor_msg_common(us, 0);
     383             : 
     384           0 :         return interpret_urb_result(us, pipe, length, result,
     385             :                         us->current_urb->actual_length);
     386             : }
     387             : 
     388             : /*
     389             :  * Transfer one buffer via bulk pipe, without timeouts, but allowing early
     390             :  * termination.  Return codes are USB_STOR_XFER_xxx.  If the bulk pipe
     391             :  * stalls during the transfer, the halt is automatically cleared.
     392             :  */
     393             : int usb_stor_bulk_transfer_buf(struct us_data *us, unsigned int pipe,
     394             :         void *buf, unsigned int length, unsigned int *act_len)
     395             : {
     396           8 :         int result;
     397           8 : 
     398             :         US_DEBUGP("%s: xfer %u bytes\n", __func__, length);
     399             : 
     400             :         /* fill and submit the URB */
     401          16 :         usb_fill_bulk_urb(us->current_urb, us->pusb_dev, pipe, buf, length,
     402             :                       usb_stor_blocking_completion, NULL);
     403          32 :         result = usb_stor_msg_common(us, 0);
     404             : 
     405             :         /* store the actual length of the data transferred */
     406          16 :         if (act_len)
     407           8 :                 *act_len = us->current_urb->actual_length;
     408          32 :         return interpret_urb_result(us, pipe, length, result, 
     409             :                         us->current_urb->actual_length);
     410             : }
     411             : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_buf);
     412             : 
     413             : /*
     414             :  * Transfer a scatter-gather list via bulk transfer
     415             :  *
     416             :  * This function does basically the same thing as usb_stor_bulk_transfer_buf()
     417             :  * above, but it uses the usbcore scatter-gather library.
     418             :  */
     419             : static int usb_stor_bulk_transfer_sglist(struct us_data *us, unsigned int pipe,
     420             :                 struct scatterlist *sg, int num_sg, unsigned int length,
     421             :                 unsigned int *act_len)
     422             : {
     423           0 :         int result;
     424           0 : 
     425           0 :         /* don't submit s-g requests during abort processing */
     426           0 :         if (test_bit(US_FLIDX_ABORTING, &us->dflags))
     427           0 :                 return USB_STOR_XFER_ERROR;
     428             : 
     429             :         /* initialize the scatter-gather request block */
     430             :         US_DEBUGP("%s: xfer %u bytes, %d entries\n", __func__,
     431             :                         length, num_sg);
     432           0 :         result = usb_sg_init(&us->current_sg, us->pusb_dev, pipe, 0,
     433             :                         sg, num_sg, length, GFP_NOIO);
     434           0 :         if (result) {
     435             :                 US_DEBUGP("usb_sg_init returned %d\n", result);
     436           0 :                 return USB_STOR_XFER_ERROR;
     437             :         }
     438             : 
     439             :         /* since the block has been initialized successfully, it's now
     440             :          * okay to cancel it */
     441           0 :         set_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
     442             : 
     443             :         /* did an abort occur during the submission? */
     444           0 :         if (test_bit(US_FLIDX_ABORTING, &us->dflags)) {
     445             : 
     446             :                 /* cancel the request, if it hasn't been cancelled already */
     447           0 :                 if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
     448             :                         US_DEBUGP("-- cancelling sg request\n");
     449           0 :                         usb_sg_cancel(&us->current_sg);
     450             :                 }
     451             :         }
     452             : 
     453             :         /* wait for the completion of the transfer */
     454           0 :         usb_sg_wait(&us->current_sg);
     455           0 :         clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags);
     456             : 
     457           0 :         result = us->current_sg.status;
     458           0 :         if (act_len)
     459           0 :                 *act_len = us->current_sg.bytes;
     460           0 :         return interpret_urb_result(us, pipe, length, result,
     461             :                         us->current_sg.bytes);
     462             : }
     463             : 
     464             : /*
     465             :  * Common used function. Transfer a complete command
     466             :  * via usb_stor_bulk_transfer_sglist() above. Set cmnd resid
     467             :  */
     468             : int usb_stor_bulk_srb(struct us_data* us, unsigned int pipe,
     469             :                       struct scsi_cmnd* srb)
     470           0 : {
     471           0 :         unsigned int partial;
     472           0 :         int result = usb_stor_bulk_transfer_sglist(us, pipe, scsi_sglist(srb),
     473           0 :                                       scsi_sg_count(srb), scsi_bufflen(srb),
     474           0 :                                       &partial);
     475           0 : 
     476           0 :         scsi_set_resid(srb, scsi_bufflen(srb) - partial);
     477           0 :         return result;
     478             : }
     479             : EXPORT_SYMBOL_GPL(usb_stor_bulk_srb);
     480             : 
     481             : /*
     482             :  * Transfer an entire SCSI command's worth of data payload over the bulk
     483             :  * pipe.
     484             :  *
     485             :  * Note that this uses usb_stor_bulk_transfer_buf() and
     486             :  * usb_stor_bulk_transfer_sglist() to achieve its goals --
     487             :  * this function simply determines whether we're going to use
     488             :  * scatter-gather or not, and acts appropriately.
     489             :  */
     490             : int usb_stor_bulk_transfer_sg(struct us_data* us, unsigned int pipe,
     491             :                 void *buf, unsigned int length_left, int use_sg, int *residual)
     492             : {
     493           0 :         int result;
     494           0 :         unsigned int partial;
     495             : 
     496             :         /* are we scatter-gathering? */
     497           0 :         if (use_sg) {
     498             :                 /* use the usb core scatter-gather primitives */
     499           0 :                 result = usb_stor_bulk_transfer_sglist(us, pipe,
     500             :                                 (struct scatterlist *) buf, use_sg,
     501             :                                 length_left, &partial);
     502           0 :                 length_left -= partial;
     503             :         } else {
     504             :                 /* no scatter-gather, just make the request */
     505           0 :                 result = usb_stor_bulk_transfer_buf(us, pipe, buf, 
     506             :                                 length_left, &partial);
     507           0 :                 length_left -= partial;
     508             :         }
     509             : 
     510             :         /* store the residual and return the error code */
     511           0 :         if (residual)
     512           0 :                 *residual = length_left;
     513           0 :         return result;
     514             : }
     515             : EXPORT_SYMBOL_GPL(usb_stor_bulk_transfer_sg);
     516             : 
     517             : /***********************************************************************
     518             :  * Transport routines
     519             :  ***********************************************************************/
     520             : 
     521             : /* There are so many devices that report the capacity incorrectly,
     522             :  * this routine was written to counteract some of the resulting
     523             :  * problems.
     524             :  */
     525             : static void last_sector_hacks(struct us_data *us, struct scsi_cmnd *srb)
     526             : {
     527           0 :         struct gendisk *disk;
     528           0 :         struct scsi_disk *sdkp;
     529           0 :         u32 sector;
     530           0 : 
     531           0 :         /* To Report "Medium Error: Record Not Found */
     532           0 :         static unsigned char record_not_found[18] = {
     533           0 :                 [0]     = 0x70,                 /* current error */
     534           0 :                 [2]     = MEDIUM_ERROR,         /* = 0x03 */
     535             :                 [7]     = 0x0a,                 /* additional length */
     536             :                 [12]    = 0x14                  /* Record Not Found */
     537             :         };
     538             : 
     539             :         /* If last-sector problems can't occur, whether because the
     540             :          * capacity was already decremented or because the device is
     541             :          * known to report the correct capacity, then we don't need
     542             :          * to do anything.
     543             :          */
     544           0 :         if (!us->use_last_sector_hacks)
     545           0 :                 return;
     546             : 
     547             :         /* Was this command a READ(10) or a WRITE(10)? */
     548           0 :         if (srb->cmnd[0] != READ_10 && srb->cmnd[0] != WRITE_10)
     549           0 :                 goto done;
     550             : 
     551             :         /* Did this command access the last sector? */
     552           0 :         sector = (srb->cmnd[2] << 24) | (srb->cmnd[3] << 16) |
     553             :                         (srb->cmnd[4] << 8) | (srb->cmnd[5]);
     554           0 :         disk = srb->request->rq_disk;
     555           0 :         if (!disk)
     556           0 :                 goto done;
     557           0 :         sdkp = scsi_disk(disk);
     558           0 :         if (!sdkp)
     559           0 :                 goto done;
     560           0 :         if (sector + 1 != sdkp->capacity)
     561           0 :                 goto done;
     562             : 
     563           0 :         if (srb->result == SAM_STAT_GOOD && scsi_get_resid(srb) == 0) {
     564             : 
     565             :                 /* The command succeeded.  We know this device doesn't
     566           0 :                  * have the last-sector bug, so stop checking it.
     567             :                  */
     568           0 :                 us->use_last_sector_hacks = 0;
     569             : 
     570             :         } else {
     571             :                 /* The command failed.  Allow up to 3 retries in case this
     572             :                  * is some normal sort of failure.  After that, assume the
     573             :                  * capacity is wrong and we're trying to access the sector
     574             :                  * beyond the end.  Replace the result code and sense data
     575             :                  * with values that will cause the SCSI core to fail the
     576             :                  * command immediately, instead of going into an infinite
     577             :                  * (or even just a very long) retry loop.
     578             :                  */
     579           0 :                 if (++us->last_sector_retries < 3)
     580           0 :                         return;
     581           0 :                 srb->result = SAM_STAT_CHECK_CONDITION;
     582           0 :                 memcpy(srb->sense_buffer, record_not_found,
     583             :                                 sizeof(record_not_found));
     584             :         }
     585           0 : 
     586             :  done:
     587             :         /* Don't reset the retry counter for TEST UNIT READY commands,
     588             :          * because they get issued after device resets which might be
     589             :          * caused by a failed last-sector access.
     590             :          */
     591           0 :         if (srb->cmnd[0] != TEST_UNIT_READY)
     592           0 :                 us->last_sector_retries = 0;
     593           0 : }
     594             : 
     595             : /* Invoke the transport and basic error-handling/recovery methods
     596             :  *
     597             :  * This is used by the protocol layers to actually send the message to
     598             :  * the device and receive the response.
     599             :  */
     600             : void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us)
     601             : {
     602           0 :         int need_auto_sense;
     603           0 :         int result;
     604           0 : 
     605           0 :         /* send the command to the transport layer */
     606           0 :         scsi_set_resid(srb, 0);
     607           0 :         result = us->transport(srb, us);
     608           0 : 
     609           0 :         /* if the command gets aborted by the higher layers, we need to
     610           0 :          * short-circuit all other processing
     611           0 :          */
     612           0 :         if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
     613           0 :                 US_DEBUGP("-- command was aborted\n");
     614           0 :                 srb->result = DID_ABORT << 16;
     615           0 :                 goto Handle_Errors;
     616           0 :         }
     617           0 : 
     618           0 :         /* if there is a transport error, reset and don't auto-sense */
     619           0 :         if (result == USB_STOR_TRANSPORT_ERROR) {
     620           0 :                 US_DEBUGP("-- transport indicates error, resetting\n");
     621           0 :                 srb->result = DID_ERROR << 16;
     622           0 :                 goto Handle_Errors;
     623           0 :         }
     624           0 : 
     625             :         /* if the transport provided its own sense data, don't auto-sense */
     626           0 :         if (result == USB_STOR_TRANSPORT_NO_SENSE) {
     627           0 :                 srb->result = SAM_STAT_CHECK_CONDITION;
     628           0 :                 last_sector_hacks(us, srb);
     629           0 :                 return;
     630             :         }
     631             : 
     632           0 :         srb->result = SAM_STAT_GOOD;
     633             : 
     634             :         /* Determine if we need to auto-sense
     635             :          *
     636             :          * I normally don't use a flag like this, but it's almost impossible
     637             :          * to understand what's going on here if I don't.
     638             :          */
     639           0 :         need_auto_sense = 0;
     640             : 
     641             :         /*
     642             :          * If we're running the CB transport, which is incapable
     643             :          * of determining status on its own, we will auto-sense
     644             :          * unless the operation involved a data-in transfer.  Devices
     645             :          * can signal most data-in errors by stalling the bulk-in pipe.
     646             :          */
     647           0 :         if ((us->protocol == US_PR_CB || us->protocol == US_PR_DPCM_USB) &&
     648             :                         srb->sc_data_direction != DMA_FROM_DEVICE) {
     649             :                 US_DEBUGP("-- CB transport device requiring auto-sense\n");
     650           0 :                 need_auto_sense = 1;
     651             :         }
     652             : 
     653             :         /*
     654             :          * If we have a failure, we're going to do a REQUEST_SENSE 
     655             :          * automatically.  Note that we differentiate between a command
     656             :          * "failure" and an "error" in the transport mechanism.
     657             :          */
     658           0 :         if (result == USB_STOR_TRANSPORT_FAILED) {
     659             :                 US_DEBUGP("-- transport indicates command failure\n");
     660           0 :                 need_auto_sense = 1;
     661             :         }
     662             : 
     663             :         /*
     664             :          * Determine if this device is SAT by seeing if the
     665             :          * command executed successfully.  Otherwise we'll have
     666             :          * to wait for at least one CHECK_CONDITION to determine
     667             :          * SANE_SENSE support
     668             :          */
     669           0 :         if (unlikely((srb->cmnd[0] == ATA_16 || srb->cmnd[0] == ATA_12) &&
     670             :             result == USB_STOR_TRANSPORT_GOOD &&
     671             :             !(us->fflags & US_FL_SANE_SENSE) &&
     672             :             !(us->fflags & US_FL_BAD_SENSE) &&
     673             :             !(srb->cmnd[2] & 0x20))) {
     674             :                 US_DEBUGP("-- SAT supported, increasing auto-sense\n");
     675           0 :                 us->fflags |= US_FL_SANE_SENSE;
     676             :         }
     677             : 
     678             :         /*
     679             :          * A short transfer on a command where we don't expect it
     680             :          * is unusual, but it doesn't mean we need to auto-sense.
     681             :          */
     682           0 :         if ((scsi_get_resid(srb) > 0) &&
     683             :             !((srb->cmnd[0] == REQUEST_SENSE) ||
     684             :               (srb->cmnd[0] == INQUIRY) ||
     685             :               (srb->cmnd[0] == MODE_SENSE) ||
     686             :               (srb->cmnd[0] == LOG_SENSE) ||
     687             :               (srb->cmnd[0] == MODE_SENSE_10))) {
     688             :                 US_DEBUGP("-- unexpectedly short transfer\n");
     689             :         }
     690             : 
     691             :         /* Now, if we need to do the auto-sense, let's do it */
     692           0 :         if (need_auto_sense) {
     693             :                 int temp_result;
     694             :                 struct scsi_eh_save ses;
     695           0 :                 int sense_size = US_SENSE_SIZE;
     696             :                 struct scsi_sense_hdr sshdr;
     697             :                 const u8 *scdd;
     698             :                 u8 fm_ili;
     699             : 
     700             :                 /* device supports and needs bigger sense buffer */
     701           0 :                 if (us->fflags & US_FL_SANE_SENSE)
     702           0 :                         sense_size = ~0;
     703             : Retry_Sense:
     704             :                 US_DEBUGP("Issuing auto-REQUEST_SENSE\n");
     705             : 
     706           0 :                 scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sense_size);
     707             : 
     708             :                 /* FIXME: we must do the protocol translation here */
     709           0 :                 if (us->subclass == US_SC_RBC || us->subclass == US_SC_SCSI ||
     710             :                                 us->subclass == US_SC_CYP_ATACB)
     711           0 :                         srb->cmd_len = 6;
     712             :                 else
     713           0 :                         srb->cmd_len = 12;
     714             : 
     715             :                 /* issue the auto-sense command */
     716           0 :                 scsi_set_resid(srb, 0);
     717           0 :                 temp_result = us->transport(us->srb, us);
     718             : 
     719             :                 /* let's clean up right away */
     720           0 :                 scsi_eh_restore_cmnd(srb, &ses);
     721             : 
     722           0 :                 if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
     723             :                         US_DEBUGP("-- auto-sense aborted\n");
     724           0 :                         srb->result = DID_ABORT << 16;
     725             : 
     726             :                         /* If SANE_SENSE caused this problem, disable it */
     727           0 :                         if (sense_size != US_SENSE_SIZE) {
     728           0 :                                 us->fflags &= ~US_FL_SANE_SENSE;
     729           0 :                                 us->fflags |= US_FL_BAD_SENSE;
     730             :                         }
     731           0 :                         goto Handle_Errors;
     732             :                 }
     733             : 
     734             :                 /* Some devices claim to support larger sense but fail when
     735             :                  * trying to request it. When a transport failure happens
     736             :                  * using US_FS_SANE_SENSE, we always retry with a standard
     737             :                  * (small) sense request. This fixes some USB GSM modems
     738             :                  */
     739           0 :                 if (temp_result == USB_STOR_TRANSPORT_FAILED &&
     740             :                                 sense_size != US_SENSE_SIZE) {
     741             :                         US_DEBUGP("-- auto-sense failure, retry small sense\n");
     742           0 :                         sense_size = US_SENSE_SIZE;
     743           0 :                         us->fflags &= ~US_FL_SANE_SENSE;
     744           0 :                         us->fflags |= US_FL_BAD_SENSE;
     745           0 :                         goto Retry_Sense;
     746             :                 }
     747             : 
     748             :                 /* Other failures */
     749           0 :                 if (temp_result != USB_STOR_TRANSPORT_GOOD) {
     750             :                         US_DEBUGP("-- auto-sense failure\n");
     751             : 
     752             :                         /* we skip the reset if this happens to be a
     753             :                          * multi-target device, since failure of an
     754             :                          * auto-sense is perfectly valid
     755             :                          */
     756           0 :                         srb->result = DID_ERROR << 16;
     757           0 :                         if (!(us->fflags & US_FL_SCM_MULT_TARG))
     758           0 :                                 goto Handle_Errors;
     759           0 :                         return;
     760             :                 }
     761             : 
     762             :                 /* If the sense data returned is larger than 18-bytes then we
     763             :                  * assume this device supports requesting more in the future.
     764             :                  * The response code must be 70h through 73h inclusive.
     765             :                  */
     766           0 :                 if (srb->sense_buffer[7] > (US_SENSE_SIZE - 8) &&
     767             :                     !(us->fflags & US_FL_SANE_SENSE) &&
     768             :                     !(us->fflags & US_FL_BAD_SENSE) &&
     769             :                     (srb->sense_buffer[0] & 0x7C) == 0x70) {
     770             :                         US_DEBUGP("-- SANE_SENSE support enabled\n");
     771           0 :                         us->fflags |= US_FL_SANE_SENSE;
     772             : 
     773             :                         /* Indicate to the user that we truncated their sense
     774             :                          * because we didn't know it supported larger sense.
     775             :                          */
     776             :                         US_DEBUGP("-- Sense data truncated to %i from %i\n",
     777             :                                   US_SENSE_SIZE,
     778             :                                   srb->sense_buffer[7] + 8);
     779           0 :                         srb->sense_buffer[7] = (US_SENSE_SIZE - 8);
     780             :                 }
     781             : 
     782           0 :                 scsi_normalize_sense(srb->sense_buffer, SCSI_SENSE_BUFFERSIZE,
     783             :                                      &sshdr);
     784             : 
     785             :                 US_DEBUGP("-- Result from auto-sense is %d\n", temp_result);
     786             :                 US_DEBUGP("-- code: 0x%x, key: 0x%x, ASC: 0x%x, ASCQ: 0x%x\n",
     787             :                           sshdr.response_code, sshdr.sense_key,
     788             :                           sshdr.asc, sshdr.ascq);
     789             : #ifdef CONFIG_USB_STORAGE_DEBUG
     790             :                 usb_stor_show_sense(sshdr.sense_key, sshdr.asc, sshdr.ascq);
     791             : #endif
     792             : 
     793             :                 /* set the result so the higher layers expect this data */
     794           0 :                 srb->result = SAM_STAT_CHECK_CONDITION;
     795             : 
     796           0 :                 scdd = scsi_sense_desc_find(srb->sense_buffer,
     797             :                                             SCSI_SENSE_BUFFERSIZE, 4);
     798           0 :                 fm_ili = (scdd ? scdd[3] : srb->sense_buffer[2]) & 0xA0;
     799             : 
     800             :                 /* We often get empty sense data.  This could indicate that
     801             :                  * everything worked or that there was an unspecified
     802             :                  * problem.  We have to decide which.
     803             :                  */
     804           0 :                 if (sshdr.sense_key == 0 && sshdr.asc == 0 && sshdr.ascq == 0 &&
     805             :                     fm_ili == 0) {
     806             :                         /* If things are really okay, then let's show that.
     807             :                          * Zero out the sense buffer so the higher layers
     808             :                          * won't realize we did an unsolicited auto-sense.
     809             :                          */
     810           0 :                         if (result == USB_STOR_TRANSPORT_GOOD) {
     811           0 :                                 srb->result = SAM_STAT_GOOD;
     812           0 :                                 srb->sense_buffer[0] = 0x0;
     813             : 
     814             :                         /* If there was a problem, report an unspecified
     815             :                          * hardware error to prevent the higher layers from
     816             :                          * entering an infinite retry loop.
     817             :                          */
     818             :                         } else {
     819           0 :                                 srb->result = DID_ERROR << 16;
     820           0 :                                 if ((sshdr.response_code & 0x72) == 0x72)
     821           0 :                                         srb->sense_buffer[1] = HARDWARE_ERROR;
     822             :                                 else
     823           0 :                                         srb->sense_buffer[2] = HARDWARE_ERROR;
     824             :                         }
     825             :                 }
     826             :         }
     827             : 
     828             :         /* Did we transfer less than the minimum amount required? */
     829           0 :         if ((srb->result == SAM_STAT_GOOD || srb->sense_buffer[2] == 0) &&
     830             :                         scsi_bufflen(srb) - scsi_get_resid(srb) < srb->underflow)
     831           0 :                 srb->result = DID_ERROR << 16;
     832             : 
     833           0 :         last_sector_hacks(us, srb);
     834           0 :         return;
     835           0 : 
     836             :         /* Error and abort processing: try to resynchronize with the device
     837             :          * by issuing a port reset.  If that fails, try a class-specific
     838             :          * device reset. */
     839             :   Handle_Errors:
     840             : 
     841             :         /* Set the RESETTING bit, and clear the ABORTING bit so that
     842             :          * the reset may proceed. */
     843           0 :         scsi_lock(us_to_host(us));
     844           0 :         set_bit(US_FLIDX_RESETTING, &us->dflags);
     845           0 :         clear_bit(US_FLIDX_ABORTING, &us->dflags);
     846           0 :         scsi_unlock(us_to_host(us));
     847             : 
     848             :         /* We must release the device lock because the pre_reset routine
     849             :          * will want to acquire it. */
     850           0 :         mutex_unlock(&us->dev_mutex);
     851           0 :         result = usb_stor_port_reset(us);
     852           0 :         mutex_lock(&us->dev_mutex);
     853             : 
     854           0 :         if (result < 0) {
     855           0 :                 scsi_lock(us_to_host(us));
     856           0 :                 usb_stor_report_device_reset(us);
     857           0 :                 scsi_unlock(us_to_host(us));
     858           0 :                 us->transport_reset(us);
     859             :         }
     860           0 :         clear_bit(US_FLIDX_RESETTING, &us->dflags);
     861           0 :         last_sector_hacks(us, srb);
     862           0 : }
     863             : 
     864             : /* Stop the current URB transfer */
     865             : void usb_stor_stop_transport(struct us_data *us)
     866             : {
     867           1 :         US_DEBUGP("%s called\n", __func__);
     868           1 : 
     869             :         /* If the state machine is blocked waiting for an URB,
     870             :          * let's wake it up.  The test_and_clear_bit() call
     871             :          * guarantees that if a URB has just been submitted,
     872             :          * it won't be cancelled more than once. */
     873           4 :         if (test_and_clear_bit(US_FLIDX_URB_ACTIVE, &us->dflags)) {
     874             :                 US_DEBUGP("-- cancelling URB\n");
     875           1 :                 usb_unlink_urb(us->current_urb);
     876             :         }
     877             : 
     878             :         /* If we are waiting for a scatter-gather operation, cancel it. */
     879           4 :         if (test_and_clear_bit(US_FLIDX_SG_ACTIVE, &us->dflags)) {
     880             :                 US_DEBUGP("-- cancelling sg request\n");
     881           1 :                 usb_sg_cancel(&us->current_sg);
     882           1 :         }
     883             : }
     884             : 
     885             : /*
     886             :  * Control/Bulk and Control/Bulk/Interrupt transport
     887             :  */
     888             : 
     889             : int usb_stor_CB_transport(struct scsi_cmnd *srb, struct us_data *us)
     890             : {
     891           0 :         unsigned int transfer_length = scsi_bufflen(srb);
     892           0 :         unsigned int pipe = 0;
     893           0 :         int result;
     894           0 : 
     895             :         /* COMMAND STAGE */
     896             :         /* let's send the command via the control pipe */
     897           0 :         result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
     898             :                                       US_CBI_ADSC, 
     899             :                                       USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0, 
     900             :                                       us->ifnum, srb->cmnd, srb->cmd_len);
     901             : 
     902             :         /* check the return code for the command */
     903             :         US_DEBUGP("Call to usb_stor_ctrl_transfer() returned %d\n", result);
     904             : 
     905             :         /* if we stalled the command, it means command failed */
     906           0 :         if (result == USB_STOR_XFER_STALLED) {
     907           0 :                 return USB_STOR_TRANSPORT_FAILED;
     908             :         }
     909             : 
     910             :         /* Uh oh... serious problem here */
     911           0 :         if (result != USB_STOR_XFER_GOOD) {
     912           0 :                 return USB_STOR_TRANSPORT_ERROR;
     913             :         }
     914             : 
     915             :         /* DATA STAGE */
     916             :         /* transfer the data payload for this command, if one exists*/
     917           0 :         if (transfer_length) {
     918           0 :                 pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 
     919             :                                 us->recv_bulk_pipe : us->send_bulk_pipe;
     920           0 :                 result = usb_stor_bulk_srb(us, pipe, srb);
     921             :                 US_DEBUGP("CBI data stage result is 0x%x\n", result);
     922             : 
     923             :                 /* if we stalled the data transfer it means command failed */
     924           0 :                 if (result == USB_STOR_XFER_STALLED)
     925           0 :                         return USB_STOR_TRANSPORT_FAILED;
     926           0 :                 if (result > USB_STOR_XFER_STALLED)
     927           0 :                         return USB_STOR_TRANSPORT_ERROR;
     928             :         }
     929             : 
     930             :         /* STATUS STAGE */
     931             : 
     932             :         /* NOTE: CB does not have a status stage.  Silly, I know.  So
     933             :          * we have to catch this at a higher level.
     934             :          */
     935           0 :         if (us->protocol != US_PR_CBI)
     936           0 :                 return USB_STOR_TRANSPORT_GOOD;
     937             : 
     938           0 :         result = usb_stor_intr_transfer(us, us->iobuf, 2);
     939             :         US_DEBUGP("Got interrupt data (0x%x, 0x%x)\n", 
     940             :                         us->iobuf[0], us->iobuf[1]);
     941           0 :         if (result != USB_STOR_XFER_GOOD)
     942           0 :                 return USB_STOR_TRANSPORT_ERROR;
     943             : 
     944             :         /* UFI gives us ASC and ASCQ, like a request sense
     945             :          *
     946             :          * REQUEST_SENSE and INQUIRY don't affect the sense data on UFI
     947             :          * devices, so we ignore the information for those commands.  Note
     948             :          * that this means we could be ignoring a real error on these
     949             :          * commands, but that can't be helped.
     950             :          */
     951           0 :         if (us->subclass == US_SC_UFI) {
     952           0 :                 if (srb->cmnd[0] == REQUEST_SENSE ||
     953             :                     srb->cmnd[0] == INQUIRY)
     954           0 :                         return USB_STOR_TRANSPORT_GOOD;
     955           0 :                 if (us->iobuf[0])
     956           0 :                         goto Failed;
     957           0 :                 return USB_STOR_TRANSPORT_GOOD;
     958             :         }
     959             : 
     960             :         /* If not UFI, we interpret the data as a result code 
     961             :          * The first byte should always be a 0x0.
     962             :          *
     963             :          * Some bogus devices don't follow that rule.  They stuff the ASC
     964             :          * into the first byte -- so if it's non-zero, call it a failure.
     965             :          */
     966           0 :         if (us->iobuf[0]) {
     967             :                 US_DEBUGP("CBI IRQ data showed reserved bType 0x%x\n",
     968             :                                 us->iobuf[0]);
     969           0 :                 goto Failed;
     970             : 
     971             :         }
     972             : 
     973             :         /* The second byte & 0x0F should be 0x0 for good, otherwise error */
     974           0 :         switch (us->iobuf[1] & 0x0F) {
     975           0 :                 case 0x00: 
     976           0 :                         return USB_STOR_TRANSPORT_GOOD;
     977           0 :                 case 0x01: 
     978           0 :                         goto Failed;
     979           0 :         }
     980           0 :         return USB_STOR_TRANSPORT_ERROR;
     981           0 : 
     982             :         /* the CBI spec requires that the bulk pipe must be cleared
     983             :          * following any data-in/out command failure (section 2.4.3.1.3)
     984             :          */
     985             :   Failed:
     986           0 :         if (pipe)
     987           0 :                 usb_stor_clear_halt(us, pipe);
     988           0 :         return USB_STOR_TRANSPORT_FAILED;
     989             : }
     990             : EXPORT_SYMBOL_GPL(usb_stor_CB_transport);
     991             : 
     992             : /*
     993             :  * Bulk only transport
     994             :  */
     995             : 
     996             : /* Determine what the maximum LUN supported is */
     997             : int usb_stor_Bulk_max_lun(struct us_data *us)
     998             : {
     999           0 :         int result;
    1000             : 
    1001             :         /* issue the command */
    1002           0 :         us->iobuf[0] = 0;
    1003           0 :         result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
    1004             :                                  US_BULK_GET_MAX_LUN, 
    1005             :                                  USB_DIR_IN | USB_TYPE_CLASS | 
    1006             :                                  USB_RECIP_INTERFACE,
    1007             :                                  0, us->ifnum, us->iobuf, 1, 10*HZ);
    1008             : 
    1009             :         US_DEBUGP("GetMaxLUN command result is %d, data is %d\n", 
    1010             :                   result, us->iobuf[0]);
    1011             : 
    1012             :         /* if we have a successful request, return the result */
    1013           0 :         if (result > 0)
    1014           0 :                 return us->iobuf[0];
    1015             : 
    1016             :         /*
    1017             :          * Some devices don't like GetMaxLUN.  They may STALL the control
    1018             :          * pipe, they may return a zero-length result, they may do nothing at
    1019             :          * all and timeout, or they may fail in even more bizarrely creative
    1020             :          * ways.  In these cases the best approach is to use the default
    1021             :          * value: only one LUN.
    1022             :          */
    1023           0 :         return 0;
    1024             : }
    1025             : 
    1026             : int usb_stor_Bulk_transport(struct scsi_cmnd *srb, struct us_data *us)
    1027             : {
    1028           0 :         struct bulk_cb_wrap *bcb = (struct bulk_cb_wrap *) us->iobuf;
    1029           0 :         struct bulk_cs_wrap *bcs = (struct bulk_cs_wrap *) us->iobuf;
    1030           0 :         unsigned int transfer_length = scsi_bufflen(srb);
    1031           0 :         unsigned int residue;
    1032           0 :         int result;
    1033           0 :         int fake_sense = 0;
    1034           0 :         unsigned int cswlen;
    1035           0 :         unsigned int cbwlen = US_BULK_CB_WRAP_LEN;
    1036           0 : 
    1037           0 :         /* Take care of BULK32 devices; set extra byte to 0 */
    1038           0 :         if (unlikely(us->fflags & US_FL_BULK32)) {
    1039           0 :                 cbwlen = 32;
    1040           0 :                 us->iobuf[31] = 0;
    1041           0 :         }
    1042           0 : 
    1043           0 :         /* set up the command wrapper */
    1044           0 :         bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
    1045           0 :         bcb->DataTransferLength = cpu_to_le32(transfer_length);
    1046           0 :         bcb->Flags = srb->sc_data_direction == DMA_FROM_DEVICE ? 1 << 7 : 0;
    1047           0 :         bcb->Tag = ++us->tag;
    1048           0 :         bcb->Lun = srb->device->lun;
    1049           0 :         if (us->fflags & US_FL_SCM_MULT_TARG)
    1050           0 :                 bcb->Lun |= srb->device->id << 4;
    1051           0 :         bcb->Length = srb->cmd_len;
    1052             : 
    1053             :         /* copy the command payload */
    1054           0 :         memset(bcb->CDB, 0, sizeof(bcb->CDB));
    1055           0 :         memcpy(bcb->CDB, srb->cmnd, bcb->Length);
    1056             : 
    1057             :         /* send it to out endpoint */
    1058             :         US_DEBUGP("Bulk Command S 0x%x T 0x%x L %d F %d Trg %d LUN %d CL %d\n",
    1059             :                         le32_to_cpu(bcb->Signature), bcb->Tag,
    1060             :                         le32_to_cpu(bcb->DataTransferLength), bcb->Flags,
    1061             :                         (bcb->Lun >> 4), (bcb->Lun & 0x0F), 
    1062             :                         bcb->Length);
    1063           0 :         result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
    1064             :                                 bcb, cbwlen, NULL);
    1065             :         US_DEBUGP("Bulk command transfer result=%d\n", result);
    1066           0 :         if (result != USB_STOR_XFER_GOOD)
    1067           0 :                 return USB_STOR_TRANSPORT_ERROR;
    1068             : 
    1069             :         /* DATA STAGE */
    1070             :         /* send/receive data payload, if there is any */
    1071             : 
    1072             :         /* Some USB-IDE converter chips need a 100us delay between the
    1073             :          * command phase and the data phase.  Some devices need a little
    1074             :          * more than that, probably because of clock rate inaccuracies. */
    1075           0 :         if (unlikely(us->fflags & US_FL_GO_SLOW))
    1076           0 :                 udelay(125);
    1077             : 
    1078           0 :         if (transfer_length) {
    1079           0 :                 unsigned int pipe = srb->sc_data_direction == DMA_FROM_DEVICE ? 
    1080             :                                 us->recv_bulk_pipe : us->send_bulk_pipe;
    1081           0 :                 result = usb_stor_bulk_srb(us, pipe, srb);
    1082             :                 US_DEBUGP("Bulk data transfer result 0x%x\n", result);
    1083           0 :                 if (result == USB_STOR_XFER_ERROR)
    1084           0 :                         return USB_STOR_TRANSPORT_ERROR;
    1085             : 
    1086             :                 /* If the device tried to send back more data than the
    1087             :                  * amount requested, the spec requires us to transfer
    1088             :                  * the CSW anyway.  Since there's no point retrying the
    1089             :                  * the command, we'll return fake sense data indicating
    1090             :                  * Illegal Request, Invalid Field in CDB.
    1091             :                  */
    1092           0 :                 if (result == USB_STOR_XFER_LONG)
    1093           0 :                         fake_sense = 1;
    1094             :         }
    1095             : 
    1096             :         /* See flow chart on pg 15 of the Bulk Only Transport spec for
    1097             :          * an explanation of how this code works.
    1098             :          */
    1099             : 
    1100             :         /* get CSW for device status */
    1101             :         US_DEBUGP("Attempting to get CSW...\n");
    1102           0 :         result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
    1103             :                                 bcs, US_BULK_CS_WRAP_LEN, &cswlen);
    1104             : 
    1105             :         /* Some broken devices add unnecessary zero-length packets to the
    1106             :          * end of their data transfers.  Such packets show up as 0-length
    1107             :          * CSWs.  If we encounter such a thing, try to read the CSW again.
    1108             :          */
    1109           0 :         if (result == USB_STOR_XFER_SHORT && cswlen == 0) {
    1110             :                 US_DEBUGP("Received 0-length CSW; retrying...\n");
    1111           0 :                 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
    1112             :                                 bcs, US_BULK_CS_WRAP_LEN, &cswlen);
    1113             :         }
    1114             : 
    1115             :         /* did the attempt to read the CSW fail? */
    1116           0 :         if (result == USB_STOR_XFER_STALLED) {
    1117             : 
    1118             :                 /* get the status again */
    1119             :                 US_DEBUGP("Attempting to get CSW (2nd try)...\n");
    1120           0 :                 result = usb_stor_bulk_transfer_buf(us, us->recv_bulk_pipe,
    1121             :                                 bcs, US_BULK_CS_WRAP_LEN, NULL);
    1122             :         }
    1123             : 
    1124             :         /* if we still have a failure at this point, we're in trouble */
    1125             :         US_DEBUGP("Bulk status result = %d\n", result);
    1126           0 :         if (result != USB_STOR_XFER_GOOD)
    1127           0 :                 return USB_STOR_TRANSPORT_ERROR;
    1128             : 
    1129             :         /* check bulk status */
    1130           0 :         residue = le32_to_cpu(bcs->Residue);
    1131             :         US_DEBUGP("Bulk Status S 0x%x T 0x%x R %u Stat 0x%x\n",
    1132             :                         le32_to_cpu(bcs->Signature), bcs->Tag, 
    1133             :                         residue, bcs->Status);
    1134           0 :         if (!(bcs->Tag == us->tag || (us->fflags & US_FL_BULK_IGNORE_TAG)) ||
    1135             :                 bcs->Status > US_BULK_STAT_PHASE) {
    1136             :                 US_DEBUGP("Bulk logical error\n");
    1137           0 :                 return USB_STOR_TRANSPORT_ERROR;
    1138             :         }
    1139             : 
    1140             :         /* Some broken devices report odd signatures, so we do not check them
    1141             :          * for validity against the spec. We store the first one we see,
    1142             :          * and check subsequent transfers for validity against this signature.
    1143             :          */
    1144           0 :         if (!us->bcs_signature) {
    1145           0 :                 us->bcs_signature = bcs->Signature;
    1146             :                 if (us->bcs_signature != cpu_to_le32(US_BULK_CS_SIGN))
    1147             :                         US_DEBUGP("Learnt BCS signature 0x%08X\n",
    1148             :                                         le32_to_cpu(us->bcs_signature));
    1149           0 :         } else if (bcs->Signature != us->bcs_signature) {
    1150             :                 US_DEBUGP("Signature mismatch: got %08X, expecting %08X\n",
    1151             :                           le32_to_cpu(bcs->Signature),
    1152             :                           le32_to_cpu(us->bcs_signature));
    1153           0 :                 return USB_STOR_TRANSPORT_ERROR;
    1154             :         }
    1155             : 
    1156             :         /* try to compute the actual residue, based on how much data
    1157             :          * was really transferred and what the device tells us */
    1158           0 :         if (residue && !(us->fflags & US_FL_IGNORE_RESIDUE)) {
    1159             : 
    1160             :                 /* Heuristically detect devices that generate bogus residues
    1161             :                  * by seeing what happens with INQUIRY and READ CAPACITY
    1162             :                  * commands.
    1163             :                  */
    1164           0 :                 if (bcs->Status == US_BULK_STAT_OK &&
    1165             :                                 scsi_get_resid(srb) == 0 &&
    1166             :                                         ((srb->cmnd[0] == INQUIRY &&
    1167           0 :                                                 transfer_length == 36) ||
    1168             :                                         (srb->cmnd[0] == READ_CAPACITY &&
    1169             :                                                 transfer_length == 8))) {
    1170           0 :                         us->fflags |= US_FL_IGNORE_RESIDUE;
    1171             : 
    1172             :                 } else {
    1173           0 :                         residue = min(residue, transfer_length);
    1174           0 :                         scsi_set_resid(srb, max(scsi_get_resid(srb),
    1175             :                                                                (int) residue));
    1176             :                 }
    1177             :         }
    1178             : 
    1179             :         /* based on the status code, we report good or bad */
    1180           0 :         switch (bcs->Status) {
    1181           0 :                 case US_BULK_STAT_OK:
    1182             :                         /* device babbled -- return fake sense data */
    1183           0 :                         if (fake_sense) {
    1184           0 :                                 memcpy(srb->sense_buffer, 
    1185             :                                        usb_stor_sense_invalidCDB, 
    1186             :                                        sizeof(usb_stor_sense_invalidCDB));
    1187           0 :                                 return USB_STOR_TRANSPORT_NO_SENSE;
    1188             :                         }
    1189             : 
    1190             :                         /* command good -- note that data could be short */
    1191           0 :                         return USB_STOR_TRANSPORT_GOOD;
    1192           0 : 
    1193           0 :                 case US_BULK_STAT_FAIL:
    1194             :                         /* command failed */
    1195           0 :                         return USB_STOR_TRANSPORT_FAILED;
    1196           0 : 
    1197           0 :                 case US_BULK_STAT_PHASE:
    1198             :                         /* phase error -- note that a transport reset will be
    1199             :                          * invoked by the invoke_transport() function
    1200             :                          */
    1201           0 :                         return USB_STOR_TRANSPORT_ERROR;
    1202           0 :         }
    1203             : 
    1204             :         /* we should never get here, but if we do, we're in trouble */
    1205           0 :         return USB_STOR_TRANSPORT_ERROR;
    1206             : }
    1207             : EXPORT_SYMBOL_GPL(usb_stor_Bulk_transport);
    1208             : 
    1209             : /***********************************************************************
    1210             :  * Reset routines
    1211             :  ***********************************************************************/
    1212             : 
    1213             : /* This is the common part of the device reset code.
    1214             :  *
    1215             :  * It's handy that every transport mechanism uses the control endpoint for
    1216             :  * resets.
    1217             :  *
    1218             :  * Basically, we send a reset with a 5-second timeout, so we don't get
    1219             :  * jammed attempting to do the reset.
    1220             :  */
    1221             : static int usb_stor_reset_common(struct us_data *us,
    1222             :                 u8 request, u8 requesttype,
    1223             :                 u16 value, u16 index, void *data, u16 size)
    1224           0 : {
    1225           0 :         int result;
    1226           0 :         int result2;
    1227           0 : 
    1228           0 :         if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
    1229           0 :                 US_DEBUGP("No reset during disconnect\n");
    1230           0 :                 return -EIO;
    1231           0 :         }
    1232           0 : 
    1233           0 :         result = usb_stor_control_msg(us, us->send_ctrl_pipe,
    1234           0 :                         request, requesttype, value, index, data, size,
    1235             :                         5*HZ);
    1236           0 :         if (result < 0) {
    1237             :                 US_DEBUGP("Soft reset failed: %d\n", result);
    1238           0 :                 return result;
    1239             :         }
    1240             : 
    1241             :         /* Give the device some time to recover from the reset,
    1242             :          * but don't delay disconnect processing. */
    1243           0 :         wait_event_interruptible_timeout(us->delay_wait,
    1244           0 :                         test_bit(US_FLIDX_DISCONNECTING, &us->dflags),
    1245           0 :                         HZ*6);
    1246           0 :         if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
    1247             :                 US_DEBUGP("Reset interrupted by disconnect\n");
    1248           0 :                 return -EIO;
    1249             :         }
    1250             : 
    1251             :         US_DEBUGP("Soft reset: clearing bulk-in endpoint halt\n");
    1252           0 :         result = usb_stor_clear_halt(us, us->recv_bulk_pipe);
    1253             : 
    1254             :         US_DEBUGP("Soft reset: clearing bulk-out endpoint halt\n");
    1255           0 :         result2 = usb_stor_clear_halt(us, us->send_bulk_pipe);
    1256             : 
    1257             :         /* return a result code based on the result of the clear-halts */
    1258           0 :         if (result >= 0)
    1259           0 :                 result = result2;
    1260             :         if (result < 0)
    1261             :                 US_DEBUGP("Soft reset failed\n");
    1262             :         else
    1263             :                 US_DEBUGP("Soft reset done\n");
    1264           0 :         return result;
    1265             : }
    1266             : 
    1267             : /* This issues a CB[I] Reset to the device in question
    1268             :  */
    1269             : #define CB_RESET_CMD_SIZE       12
    1270             : 
    1271             : int usb_stor_CB_reset(struct us_data *us)
    1272             : {
    1273           0 :         US_DEBUGP("%s called\n", __func__);
    1274             : 
    1275           0 :         memset(us->iobuf, 0xFF, CB_RESET_CMD_SIZE);
    1276           0 :         us->iobuf[0] = SEND_DIAGNOSTIC;
    1277           0 :         us->iobuf[1] = 4;
    1278           0 :         return usb_stor_reset_common(us, US_CBI_ADSC, 
    1279             :                                  USB_TYPE_CLASS | USB_RECIP_INTERFACE,
    1280             :                                  0, us->ifnum, us->iobuf, CB_RESET_CMD_SIZE);
    1281             : }
    1282             : EXPORT_SYMBOL_GPL(usb_stor_CB_reset);
    1283             : 
    1284             : /* This issues a Bulk-only Reset to the device in question, including
    1285             :  * clearing the subsequent endpoint halts that may occur.
    1286             :  */
    1287             : int usb_stor_Bulk_reset(struct us_data *us)
    1288             : {
    1289           0 :         US_DEBUGP("%s called\n", __func__);
    1290             : 
    1291           0 :         return usb_stor_reset_common(us, US_BULK_RESET_REQUEST, 
    1292             :                                  USB_TYPE_CLASS | USB_RECIP_INTERFACE,
    1293             :                                  0, us->ifnum, NULL, 0);
    1294             : }
    1295             : EXPORT_SYMBOL_GPL(usb_stor_Bulk_reset);
    1296             : 
    1297             : /* Issue a USB port reset to the device.  The caller must not hold
    1298             :  * us->dev_mutex.
    1299             :  */
    1300             : int usb_stor_port_reset(struct us_data *us)
    1301             : {
    1302           1 :         int result;
    1303           1 : 
    1304           2 :         result = usb_lock_device_for_reset(us->pusb_dev, us->pusb_intf);
    1305           2 :         if (result < 0)
    1306             :                 US_DEBUGP("unable to lock device for reset: %d\n", result);
    1307             :         else {
    1308             :                 /* Were we disconnected while waiting for the lock? */
    1309           4 :                 if (test_bit(US_FLIDX_DISCONNECTING, &us->dflags)) {
    1310           1 :                         result = -EIO;
    1311             :                         US_DEBUGP("No reset during disconnect\n");
    1312             :                 } else {
    1313           2 :                         result = usb_reset_device(us->pusb_dev);
    1314             :                         US_DEBUGP("usb_reset_device returns %d\n",
    1315             :                                         result);
    1316             :                 }
    1317           2 :                 usb_unlock_device(us->pusb_dev);
    1318             :         }
    1319           3 :         return result;
    1320             : }

Generated by: LCOV version 1.10