Kernel

Kernel Git Source Tree

Root/drivers/block/ub.c

1	/*
2	* The low performance USB storage driver (ub).
3	*
4	* Copyright (c) 1999, 2000 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
5	* Copyright (C) 2004 Pete Zaitcev (zaitcev@yahoo.com)
6	*
7	* This work is a part of Linux kernel, is derived from it,
8	* and is not licensed separately. See file COPYING for details.
9	*
10	* TODO (sorted by decreasing priority)
11	* -- Return sense now that rq allows it (we always auto-sense anyway).
12	* -- set readonly flag for CDs, set removable flag for CF readers
13	* -- do inquiry and verify we got a disk and not a tape (for LUN mismatch)
14	* -- verify the 13 conditions and do bulk resets
15	* -- highmem
16	* -- move top_sense and work_bcs into separate allocations (if they survive)
17	* for cache purists and esoteric architectures.
18	* -- Allocate structure for LUN 0 before the first ub_sync_tur, avoid NULL. ?
19	* -- prune comments, they are too volumnous
20	* -- Resove XXX's
21	* -- CLEAR, CLR2STS, CLRRS seem to be ripe for refactoring.
22	*/
23	#include <linux/kernel.h>
24	#include <linux/module.h>
25	#include <linux/usb.h>
26	#include <linux/usb_usual.h>
27	#include <linux/blkdev.h>
28	#include <linux/timer.h>
29	#include <linux/scatterlist.h>
30	#include <linux/slab.h>
31	#include <linux/mutex.h>
32	#include <scsi/scsi.h>
33
34	#define DRV_NAME "ub"
35
36	#define UB_MAJOR 180
37
38	/*
39	* The command state machine is the key model for understanding of this driver.
40	*
41	* The general rule is that all transitions are done towards the bottom
42	* of the diagram, thus preventing any loops.
43	*
44	* An exception to that is how the STAT state is handled. A counter allows it
45	* to be re-entered along the path marked with [C].
46	*
47	* +--------+
48	* ! INIT !
49	* +--------+
50	* !
51	* ub_scsi_cmd_start fails ->--------------------------------------\
52	* ! !
53	* V !
54	* +--------+ !
55	* ! CMD ! !
56	* +--------+ !
57	* ! +--------+ !
58	* was -EPIPE -->-------------------------------->! CLEAR ! !
59	* ! +--------+ !
60	* ! ! !
61	* was error -->------------------------------------- ! --------->\
62	* ! ! !
63	* /--<-- cmd->dir == NONE ? ! !
64	* ! ! ! !
65	* ! V ! !
66	* ! +--------+ ! !
67	* ! ! DATA ! ! !
68	* ! +--------+ ! !
69	* ! ! +---------+ ! !
70	* ! was -EPIPE -->--------------->! CLR2STS ! ! !
71	* ! ! +---------+ ! !
72	* ! ! ! ! !
73	* ! ! was error -->---- ! --------->\
74	* ! was error -->--------------------- ! ------------- ! --------->\
75	* ! ! ! ! !
76	* ! V ! ! !
77	* \--->+--------+ ! ! !
78	* ! STAT !<--------------------------/ ! !
79	* /--->+--------+ ! !
80	* ! ! ! !
81	* [C] was -EPIPE -->-----------\ ! !
82	* ! ! ! ! !
83	* +<---- len == 0 ! ! !
84	* ! ! ! ! !
85	* ! was error -->--------------------------------------!---------->\
86	* ! ! ! ! !
87	* +<---- bad CSW ! ! !
88	* +<---- bad tag ! ! !
89	* ! ! V ! !
90	* ! ! +--------+ ! !
91	* ! ! ! CLRRS ! ! !
92	* ! ! +--------+ ! !
93	* ! ! ! ! !
94	* \------- ! --------------------[C]--------\ ! !
95	* ! ! ! !
96	* cmd->error---\ +--------+ ! !
97	* ! +--------------->! SENSE !<----------/ !
98	* STAT_FAIL----/ +--------+ !
99	* ! ! V
100	* ! V +--------+
101	* \--------------------------------\--------------------->! DONE !
102	* +--------+
103	*/
104
105	/*
106	* This many LUNs per USB device.
107	* Every one of them takes a host, see UB_MAX_HOSTS.
108	*/
109	#define UB_MAX_LUNS 9
110
111	/*
112	*/
113
114	#define UB_PARTS_PER_LUN 8
115
116	#define UB_MAX_CDB_SIZE 16 /* Corresponds to Bulk */
117
118	#define UB_SENSE_SIZE 18
119
120	/*
121	*/
122	struct ub_dev;
123
124	#define UB_MAX_REQ_SG 9 /* cdrecord requires 32KB and maybe a header */
125	#define UB_MAX_SECTORS 64
126
127	/*
128	* A second is more than enough for a 32K transfer (UB_MAX_SECTORS)
129	* even if a webcam hogs the bus, but some devices need time to spin up.
130	*/
131	#define UB_URB_TIMEOUT (HZ*2)
132	#define UB_DATA_TIMEOUT (HZ5) / ZIP does spin-ups in the data phase */
133	#define UB_STAT_TIMEOUT (HZ5) / Same spinups and eject for a dataless cmd. */
134	#define UB_CTRL_TIMEOUT (HZ/2) /* 500ms ought to be enough to clear a stall */
135
136	/*
137	* An instance of a SCSI command in transit.
138	*/
139	#define UB_DIR_NONE 0
140	#define UB_DIR_READ 1
141	#define UB_DIR_ILLEGAL2 2
142	#define UB_DIR_WRITE 3
143
144	#define UB_DIR_CHAR(c) (((c)==UB_DIR_WRITE)? 'w': \
145	(((c)==UB_DIR_READ)? 'r': 'n'))
146
147	enum ub_scsi_cmd_state {
148	UB_CMDST_INIT, /* Initial state */
149	UB_CMDST_CMD, /* Command submitted */
150	UB_CMDST_DATA, /* Data phase */
151	UB_CMDST_CLR2STS, /* Clearing before requesting status */
152	UB_CMDST_STAT, /* Status phase */
153	UB_CMDST_CLEAR, /* Clearing a stall (halt, actually) */
154	UB_CMDST_CLRRS, /* Clearing before retrying status */
155	UB_CMDST_SENSE, /* Sending Request Sense */
156	UB_CMDST_DONE /* Final state */
157	};
158
159	struct ub_scsi_cmd {
160	unsigned char cdb[UB_MAX_CDB_SIZE];
161	unsigned char cdb_len;
162
163	unsigned char dir; /* 0 - none, 1 - read, 3 - write. */
164	enum ub_scsi_cmd_state state;
165	unsigned int tag;
166	struct ub_scsi_cmd *next;
167
168	int error; /* Return code - valid upon done */
169	unsigned int act_len; /* Return size */
170	unsigned char key, asc, ascq; /* May be valid if error==-EIO */
171
172	int stat_count; /* Retries getting status. */
173	unsigned int timeo; /* jiffies until rq->timeout changes */
174
175	unsigned int len; /* Requested length */
176	unsigned int current_sg;
177	unsigned int nsg; /* sgv[nsg] */
178	struct scatterlist sgv[UB_MAX_REQ_SG];
179
180	struct ub_lun *lun;
181	void (done)(struct ub_dev , struct ub_scsi_cmd *);
182	void *back;
183	};
184
185	struct ub_request {
186	struct request *rq;
187	unsigned int current_try;
188	unsigned int nsg; /* sgv[nsg] */
189	struct scatterlist sgv[UB_MAX_REQ_SG];
190	};
191
192	/*
193	*/
194	struct ub_capacity {
195	unsigned long nsec; /* Linux size - 512 byte sectors */
196	unsigned int bsize; /* Linux hardsect_size */
197	unsigned int bshift; /* Shift between 512 and hard sects */
198	};
199
200	/*
201	* This is a direct take-off from linux/include/completion.h
202	* The difference is that I do not wait on this thing, just poll.
203	* When I want to wait (ub_probe), I just use the stock completion.
204	*
205	* Note that INIT_COMPLETION takes no lock. It is correct. But why
206	* in the bloody hell that thing takes struct instead of pointer to struct
207	* is quite beyond me. I just copied it from the stock completion.
208	*/
209	struct ub_completion {
210	unsigned int done;
211	spinlock_t lock;
212	};
213
214	static DEFINE_MUTEX(ub_mutex);
215	static inline void ub_init_completion(struct ub_completion *x)
216	{
217	x->done = 0;
218	spin_lock_init(&x->lock);
219	}
220
221	#define UB_INIT_COMPLETION(x) ((x).done = 0)
222
223	static void ub_complete(struct ub_completion *x)
224	{
225	unsigned long flags;
226
227	spin_lock_irqsave(&x->lock, flags);
228	x->done++;
229	spin_unlock_irqrestore(&x->lock, flags);
230	}
231
232	static int ub_is_completed(struct ub_completion *x)
233	{
234	unsigned long flags;
235	int ret;
236
237	spin_lock_irqsave(&x->lock, flags);
238	ret = x->done;
239	spin_unlock_irqrestore(&x->lock, flags);
240	return ret;
241	}
242
243	/*
244	*/
245	struct ub_scsi_cmd_queue {
246	int qlen, qmax;
247	struct ub_scsi_cmd head, tail;
248	};
249
250	/*
251	* The block device instance (one per LUN).
252	*/
253	struct ub_lun {
254	struct ub_dev *udev;
255	struct list_head link;
256	struct gendisk *disk;
257	int id; /* Host index */
258	int num; /* LUN number */
259	char name[16];
260
261	int changed; /* Media was changed */
262	int removable;
263	int readonly;
264
265	struct ub_request urq;
266
267	/* Use Ingo's mempool if or when we have more than one command. */
268	/*
269	* Currently we never need more than one command for the whole device.
270	* However, giving every LUN a command is a cheap and automatic way
271	* to enforce fairness between them.
272	*/
273	int cmda[1];
274	struct ub_scsi_cmd cmdv[1];
275
276	struct ub_capacity capacity;
277	};
278
279	/*
280	* The USB device instance.
281	*/
282	struct ub_dev {
283	spinlock_t *lock;
284	atomic_t poison; /* The USB device is disconnected */
285	int openc; /* protected by ub_lock! */
286	/* kref is too implicit for our taste */
287	int reset; /* Reset is running */
288	int bad_resid;
289	unsigned int tagcnt;
290	char name[12];
291	struct usb_device *dev;
292	struct usb_interface *intf;
293
294	struct list_head luns;
295
296	unsigned int send_bulk_pipe; /* cached pipe values */
297	unsigned int recv_bulk_pipe;
298	unsigned int send_ctrl_pipe;
299	unsigned int recv_ctrl_pipe;
300
301	struct tasklet_struct tasklet;
302
303	struct ub_scsi_cmd_queue cmd_queue;
304	struct ub_scsi_cmd top_rqs_cmd; /* REQUEST SENSE */
305	unsigned char top_sense[UB_SENSE_SIZE];
306
307	struct ub_completion work_done;
308	struct urb work_urb;
309	struct timer_list work_timer;
310	int last_pipe; /* What might need clearing */
311	__le32 signature; /* Learned signature */
312	struct bulk_cb_wrap work_bcb;
313	struct bulk_cs_wrap work_bcs;
314	struct usb_ctrlrequest work_cr;
315
316	struct work_struct reset_work;
317	wait_queue_head_t reset_wait;
318	};
319
320	/*
321	*/
322	static void ub_cleanup(struct ub_dev *sc);
323	static int ub_request_fn_1(struct ub_lun lun, struct request rq);
324	static void ub_cmd_build_block(struct ub_dev sc, struct ub_lun lun,
325	struct ub_scsi_cmd cmd, struct ub_request urq);
326	static void ub_cmd_build_packet(struct ub_dev sc, struct ub_lun lun,
327	struct ub_scsi_cmd cmd, struct ub_request urq);
328	static void ub_rw_cmd_done(struct ub_dev sc, struct ub_scsi_cmd cmd);
329	static void ub_end_rq(struct request *rq, unsigned int status);
330	static int ub_rw_cmd_retry(struct ub_dev sc, struct ub_lun lun,
331	struct ub_request urq, struct ub_scsi_cmd cmd);
332	static int ub_submit_scsi(struct ub_dev sc, struct ub_scsi_cmd cmd);
333	static void ub_urb_complete(struct urb *urb);
334	static void ub_scsi_action(unsigned long _dev);
335	static void ub_scsi_dispatch(struct ub_dev *sc);
336	static void ub_scsi_urb_compl(struct ub_dev sc, struct ub_scsi_cmd cmd);
337	static void ub_data_start(struct ub_dev sc, struct ub_scsi_cmd cmd);
338	static void ub_state_done(struct ub_dev sc, struct ub_scsi_cmd cmd, int rc);
339	static int __ub_state_stat(struct ub_dev sc, struct ub_scsi_cmd cmd);
340	static void ub_state_stat(struct ub_dev sc, struct ub_scsi_cmd cmd);
341	static void ub_state_stat_counted(struct ub_dev sc, struct ub_scsi_cmd cmd);
342	static void ub_state_sense(struct ub_dev sc, struct ub_scsi_cmd cmd);
343	static int ub_submit_clear_stall(struct ub_dev sc, struct ub_scsi_cmd cmd,
344	int stalled_pipe);
345	static void ub_top_sense_done(struct ub_dev sc, struct ub_scsi_cmd scmd);
346	static void ub_reset_enter(struct ub_dev *sc, int try);
347	static void ub_reset_task(struct work_struct *work);
348	static int ub_sync_tur(struct ub_dev sc, struct ub_lun lun);
349	static int ub_sync_read_cap(struct ub_dev sc, struct ub_lun lun,
350	struct ub_capacity *ret);
351	static int ub_sync_reset(struct ub_dev *sc);
352	static int ub_probe_clear_stall(struct ub_dev *sc, int stalled_pipe);
353	static int ub_probe_lun(struct ub_dev *sc, int lnum);
354
355	/*
356	*/
357	#ifdef CONFIG_USB_LIBUSUAL
358
359	#define ub_usb_ids usb_storage_usb_ids
360	#else
361
362	static const struct usb_device_id ub_usb_ids[] = {
363	{ USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, USB_SC_SCSI, USB_PR_BULK) },
364	{ }
365	};
366
367	MODULE_DEVICE_TABLE(usb, ub_usb_ids);
368	#endif /* CONFIG_USB_LIBUSUAL */
369
370	/*
371	* Find me a way to identify "next free minor" for add_disk(),
372	* and the array disappears the next day. However, the number of
373	* hosts has something to do with the naming and /proc/partitions.
374	* This has to be thought out in detail before changing.
375	* If UB_MAX_HOST was 1000, we'd use a bitmap. Or a better data structure.
376	*/
377	#define UB_MAX_HOSTS 26
378	static char ub_hostv[UB_MAX_HOSTS];
379
380	#define UB_QLOCK_NUM 5
381	static spinlock_t ub_qlockv[UB_QLOCK_NUM];
382	static int ub_qlock_next = 0;
383
384	static DEFINE_SPINLOCK(ub_lock); /* Locks globals and ->openc */
385
386	/*
387	* The id allocator.
388	*
389	* This also stores the host for indexing by minor, which is somewhat dirty.
390	*/
391	static int ub_id_get(void)
392	{
393	unsigned long flags;
394	int i;
395
396	spin_lock_irqsave(&ub_lock, flags);
397	for (i = 0; i < UB_MAX_HOSTS; i++) {
398	if (ub_hostv[i] == 0) {
399	ub_hostv[i] = 1;
400	spin_unlock_irqrestore(&ub_lock, flags);
401	return i;
402	}
403	}
404	spin_unlock_irqrestore(&ub_lock, flags);
405	return -1;
406	}
407
408	static void ub_id_put(int id)
409	{
410	unsigned long flags;
411
412	if (id < 0 \|\| id >= UB_MAX_HOSTS) {
413	printk(KERN_ERR DRV_NAME ": bad host ID %d\n", id);
414	return;
415	}
416
417	spin_lock_irqsave(&ub_lock, flags);
418	if (ub_hostv[id] == 0) {
419	spin_unlock_irqrestore(&ub_lock, flags);
420	printk(KERN_ERR DRV_NAME ": freeing free host ID %d\n", id);
421	return;
422	}
423	ub_hostv[id] = 0;
424	spin_unlock_irqrestore(&ub_lock, flags);
425	}
426
427	/*
428	* This is necessitated by the fact that blk_cleanup_queue does not
429	* necesserily destroy the queue. Instead, it may merely decrease q->refcnt.
430	* Since our blk_init_queue() passes a spinlock common with ub_dev,
431	* we have life time issues when ub_cleanup frees ub_dev.
432	*/
433	static spinlock_t *ub_next_lock(void)
434	{
435	unsigned long flags;
436	spinlock_t *ret;
437
438	spin_lock_irqsave(&ub_lock, flags);
439	ret = &ub_qlockv[ub_qlock_next];
440	ub_qlock_next = (ub_qlock_next + 1) % UB_QLOCK_NUM;
441	spin_unlock_irqrestore(&ub_lock, flags);
442	return ret;
443	}
444
445	/*
446	* Downcount for deallocation. This rides on two assumptions:
447	* - once something is poisoned, its refcount cannot grow
448	* - opens cannot happen at this time (del_gendisk was done)
449	* If the above is true, we can drop the lock, which we need for
450	* blk_cleanup_queue(): the silly thing may attempt to sleep.
451	* [Actually, it never needs to sleep for us, but it calls might_sleep()]
452	*/
453	static void ub_put(struct ub_dev *sc)
454	{
455	unsigned long flags;
456
457	spin_lock_irqsave(&ub_lock, flags);
458	--sc->openc;
459	if (sc->openc == 0 && atomic_read(&sc->poison)) {
460	spin_unlock_irqrestore(&ub_lock, flags);
461	ub_cleanup(sc);
462	} else {
463	spin_unlock_irqrestore(&ub_lock, flags);
464	}
465	}
466
467	/*
468	* Final cleanup and deallocation.
469	*/
470	static void ub_cleanup(struct ub_dev *sc)
471	{
472	struct list_head *p;
473	struct ub_lun *lun;
474	struct request_queue *q;
475
476	while (!list_empty(&sc->luns)) {
477	p = sc->luns.next;
478	lun = list_entry(p, struct ub_lun, link);
479	list_del(p);
480
481	/* I don't think queue can be NULL. But... Stolen from sx8.c */
482	if ((q = lun->disk->queue) != NULL)
483	blk_cleanup_queue(q);
484	/*
485	* If we zero disk->private_data BEFORE put_disk, we have
486	* to check for NULL all over the place in open, release,
487	* check_media and revalidate, because the block level
488	* semaphore is well inside the put_disk.
489	* But we cannot zero after the call, because *disk is gone.
490	* The sd.c is blatantly racy in this area.
491	*/
492	/* disk->private_data = NULL; */
493	put_disk(lun->disk);
494	lun->disk = NULL;
495
496	ub_id_put(lun->id);
497	kfree(lun);
498	}
499
500	usb_set_intfdata(sc->intf, NULL);
501	usb_put_intf(sc->intf);
502	usb_put_dev(sc->dev);
503	kfree(sc);
504	}
505
506	/*
507	* The "command allocator".
508	*/
509	static struct ub_scsi_cmd ub_get_cmd(struct ub_lun lun)
510	{
511	struct ub_scsi_cmd *ret;
512
513	if (lun->cmda[0])
514	return NULL;
515	ret = &lun->cmdv[0];
516	lun->cmda[0] = 1;
517	return ret;
518	}
519
520	static void ub_put_cmd(struct ub_lun lun, struct ub_scsi_cmd cmd)
521	{
522	if (cmd != &lun->cmdv[0]) {
523	printk(KERN_WARNING "%s: releasing a foreign cmd %p\n",
524	lun->name, cmd);
525	return;
526	}
527	if (!lun->cmda[0]) {
528	printk(KERN_WARNING "%s: releasing a free cmd\n", lun->name);
529	return;
530	}
531	lun->cmda[0] = 0;
532	}
533
534	/*
535	* The command queue.
536	*/
537	static void ub_cmdq_add(struct ub_dev sc, struct ub_scsi_cmd cmd)
538	{
539	struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
540
541	if (t->qlen++ == 0) {
542	t->head = cmd;
543	t->tail = cmd;
544	} else {
545	t->tail->next = cmd;
546	t->tail = cmd;
547	}
548
549	if (t->qlen > t->qmax)
550	t->qmax = t->qlen;
551	}
552
553	static void ub_cmdq_insert(struct ub_dev sc, struct ub_scsi_cmd cmd)
554	{
555	struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
556
557	if (t->qlen++ == 0) {
558	t->head = cmd;
559	t->tail = cmd;
560	} else {
561	cmd->next = t->head;
562	t->head = cmd;
563	}
564
565	if (t->qlen > t->qmax)
566	t->qmax = t->qlen;
567	}
568
569	static struct ub_scsi_cmd ub_cmdq_pop(struct ub_dev sc)
570	{
571	struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
572	struct ub_scsi_cmd *cmd;
573
574	if (t->qlen == 0)
575	return NULL;
576	if (--t->qlen == 0)
577	t->tail = NULL;
578	cmd = t->head;
579	t->head = cmd->next;
580	cmd->next = NULL;
581	return cmd;
582	}
583
584	#define ub_cmdq_peek(sc) ((sc)->cmd_queue.head)
585
586	/*
587	* The request function is our main entry point
588	*/
589
590	static void ub_request_fn(struct request_queue *q)
591	{
592	struct ub_lun *lun = q->queuedata;
593	struct request *rq;
594
595	while ((rq = blk_peek_request(q)) != NULL) {
596	if (ub_request_fn_1(lun, rq) != 0) {
597	blk_stop_queue(q);
598	break;
599	}
600	}
601	}
602
603	static int ub_request_fn_1(struct ub_lun lun, struct request rq)
604	{
605	struct ub_dev *sc = lun->udev;
606	struct ub_scsi_cmd *cmd;
607	struct ub_request *urq;
608	int n_elem;
609
610	if (atomic_read(&sc->poison)) {
611	blk_start_request(rq);
612	ub_end_rq(rq, DID_NO_CONNECT << 16);
613	return 0;
614	}
615
616	if (lun->changed && rq->cmd_type != REQ_TYPE_BLOCK_PC) {
617	blk_start_request(rq);
618	ub_end_rq(rq, SAM_STAT_CHECK_CONDITION);
619	return 0;
620	}
621
622	if (lun->urq.rq != NULL)
623	return -1;
624	if ((cmd = ub_get_cmd(lun)) == NULL)
625	return -1;
626	memset(cmd, 0, sizeof(struct ub_scsi_cmd));
627
628	blk_start_request(rq);
629
630	urq = &lun->urq;
631	memset(urq, 0, sizeof(struct ub_request));
632	urq->rq = rq;
633
634	/*
635	* get scatterlist from block layer
636	*/
637	sg_init_table(&urq->sgv[0], UB_MAX_REQ_SG);
638	n_elem = blk_rq_map_sg(lun->disk->queue, rq, &urq->sgv[0]);
639	if (n_elem < 0) {
640	/* Impossible, because blk_rq_map_sg should not hit ENOMEM. */
641	printk(KERN_INFO "%s: failed request map (%d)\n",
642	lun->name, n_elem);
643	goto drop;
644	}
645	if (n_elem > UB_MAX_REQ_SG) { /* Paranoia */
646	printk(KERN_WARNING "%s: request with %d segments\n",
647	lun->name, n_elem);
648	goto drop;
649	}
650	urq->nsg = n_elem;
651
652	if (rq->cmd_type == REQ_TYPE_BLOCK_PC) {
653	ub_cmd_build_packet(sc, lun, cmd, urq);
654	} else {
655	ub_cmd_build_block(sc, lun, cmd, urq);
656	}
657	cmd->state = UB_CMDST_INIT;
658	cmd->lun = lun;
659	cmd->done = ub_rw_cmd_done;
660	cmd->back = urq;
661
662	cmd->tag = sc->tagcnt++;
663	if (ub_submit_scsi(sc, cmd) != 0)
664	goto drop;
665
666	return 0;
667
668	drop:
669	ub_put_cmd(lun, cmd);
670	ub_end_rq(rq, DID_ERROR << 16);
671	return 0;
672	}
673
674	static void ub_cmd_build_block(struct ub_dev sc, struct ub_lun lun,
675	struct ub_scsi_cmd cmd, struct ub_request urq)
676	{
677	struct request *rq = urq->rq;
678	unsigned int block, nblks;
679
680	if (rq_data_dir(rq) == WRITE)
681	cmd->dir = UB_DIR_WRITE;
682	else
683	cmd->dir = UB_DIR_READ;
684
685	cmd->nsg = urq->nsg;
686	memcpy(cmd->sgv, urq->sgv, sizeof(struct scatterlist) * cmd->nsg);
687
688	/*
689	* build the command
690	*
691	* The call to blk_queue_logical_block_size() guarantees that request
692	* is aligned, but it is given in terms of 512 byte units, always.
693	*/
694	block = blk_rq_pos(rq) >> lun->capacity.bshift;
695	nblks = blk_rq_sectors(rq) >> lun->capacity.bshift;
696
697	cmd->cdb[0] = (cmd->dir == UB_DIR_READ)? READ_10: WRITE_10;
698	/* 10-byte uses 4 bytes of LBA: 2147483648KB, 2097152MB, 2048GB */
699	cmd->cdb[2] = block >> 24;
700	cmd->cdb[3] = block >> 16;
701	cmd->cdb[4] = block >> 8;
702	cmd->cdb[5] = block;
703	cmd->cdb[7] = nblks >> 8;
704	cmd->cdb[8] = nblks;
705	cmd->cdb_len = 10;
706
707	cmd->len = blk_rq_bytes(rq);
708	}
709
710	static void ub_cmd_build_packet(struct ub_dev sc, struct ub_lun lun,
711	struct ub_scsi_cmd cmd, struct ub_request urq)
712	{
713	struct request *rq = urq->rq;
714
715	if (blk_rq_bytes(rq) == 0) {
716	cmd->dir = UB_DIR_NONE;
717	} else {
718	if (rq_data_dir(rq) == WRITE)
719	cmd->dir = UB_DIR_WRITE;
720	else
721	cmd->dir = UB_DIR_READ;
722	}
723
724	cmd->nsg = urq->nsg;
725	memcpy(cmd->sgv, urq->sgv, sizeof(struct scatterlist) * cmd->nsg);
726
727	memcpy(&cmd->cdb, rq->cmd, rq->cmd_len);
728	cmd->cdb_len = rq->cmd_len;
729
730	cmd->len = blk_rq_bytes(rq);
731
732	/*
733	* To reapply this to every URB is not as incorrect as it looks.
734	* In return, we avoid any complicated tracking calculations.
735	*/
736	cmd->timeo = rq->timeout;
737	}
738
739	static void ub_rw_cmd_done(struct ub_dev sc, struct ub_scsi_cmd cmd)
740	{
741	struct ub_lun *lun = cmd->lun;
742	struct ub_request *urq = cmd->back;
743	struct request *rq;
744	unsigned int scsi_status;
745
746	rq = urq->rq;
747
748	if (cmd->error == 0) {
749	if (rq->cmd_type == REQ_TYPE_BLOCK_PC) {
750	if (cmd->act_len >= rq->resid_len)
751	rq->resid_len = 0;
752	else
753	rq->resid_len -= cmd->act_len;
754	scsi_status = 0;
755	} else {
756	if (cmd->act_len != cmd->len) {
757	scsi_status = SAM_STAT_CHECK_CONDITION;
758	} else {
759	scsi_status = 0;
760	}
761	}
762	} else {
763	if (rq->cmd_type == REQ_TYPE_BLOCK_PC) {
764	/* UB_SENSE_SIZE is smaller than SCSI_SENSE_BUFFERSIZE */
765	memcpy(rq->sense, sc->top_sense, UB_SENSE_SIZE);
766	rq->sense_len = UB_SENSE_SIZE;
767	if (sc->top_sense[0] != 0)
768	scsi_status = SAM_STAT_CHECK_CONDITION;
769	else
770	scsi_status = DID_ERROR << 16;
771	} else {
772	if (cmd->error == -EIO &&
773	(cmd->key == 0 \|\|
774	cmd->key == MEDIUM_ERROR \|\|
775	cmd->key == UNIT_ATTENTION)) {
776	if (ub_rw_cmd_retry(sc, lun, urq, cmd) == 0)
777	return;
778	}
779	scsi_status = SAM_STAT_CHECK_CONDITION;
780	}
781	}
782
783	urq->rq = NULL;
784
785	ub_put_cmd(lun, cmd);
786	ub_end_rq(rq, scsi_status);
787	blk_start_queue(lun->disk->queue);
788	}
789
790	static void ub_end_rq(struct request *rq, unsigned int scsi_status)
791	{
792	int error;
793
794	if (scsi_status == 0) {
795	error = 0;
796	} else {
797	error = -EIO;
798	rq->errors = scsi_status;
799	}
800	__blk_end_request_all(rq, error);
801	}
802
803	static int ub_rw_cmd_retry(struct ub_dev sc, struct ub_lun lun,
804	struct ub_request urq, struct ub_scsi_cmd cmd)
805	{
806
807	if (atomic_read(&sc->poison))
808	return -ENXIO;
809
810	ub_reset_enter(sc, urq->current_try);
811
812	if (urq->current_try >= 3)
813	return -EIO;
814	urq->current_try++;
815
816	/* Remove this if anyone complains of flooding. */
817	printk(KERN_DEBUG "%s: dir %c len/act %d/%d "
818	"[sense %x %02x %02x] retry %d\n",
819	sc->name, UB_DIR_CHAR(cmd->dir), cmd->len, cmd->act_len,
820	cmd->key, cmd->asc, cmd->ascq, urq->current_try);
821
822	memset(cmd, 0, sizeof(struct ub_scsi_cmd));
823	ub_cmd_build_block(sc, lun, cmd, urq);
824
825	cmd->state = UB_CMDST_INIT;
826	cmd->lun = lun;
827	cmd->done = ub_rw_cmd_done;
828	cmd->back = urq;
829
830	cmd->tag = sc->tagcnt++;
831
832	#if 0 /* Wasteful */
833	return ub_submit_scsi(sc, cmd);
834	#else
835	ub_cmdq_add(sc, cmd);
836	return 0;
837	#endif
838	}
839
840	/*
841	* Submit a regular SCSI operation (not an auto-sense).
842	*
843	* The Iron Law of Good Submit Routine is:
844	* Zero return - callback is done, Nonzero return - callback is not done.
845	* No exceptions.
846	*
847	* Host is assumed locked.
848	*/
849	static int ub_submit_scsi(struct ub_dev sc, struct ub_scsi_cmd cmd)
850	{
851
852	if (cmd->state != UB_CMDST_INIT \|\|
853	(cmd->dir != UB_DIR_NONE && cmd->len == 0)) {
854	return -EINVAL;
855	}
856
857	ub_cmdq_add(sc, cmd);
858	/*
859	* We can call ub_scsi_dispatch(sc) right away here, but it's a little
860	* safer to jump to a tasklet, in case upper layers do something silly.
861	*/
862	tasklet_schedule(&sc->tasklet);
863	return 0;
864	}
865
866	/*
867	* Submit the first URB for the queued command.
868	* This function does not deal with queueing in any way.
869	*/
870	static int ub_scsi_cmd_start(struct ub_dev sc, struct ub_scsi_cmd cmd)
871	{
872	struct bulk_cb_wrap *bcb;
873	int rc;
874
875	bcb = &sc->work_bcb;
876
877	/*
878	* ``If the allocation length is eighteen or greater, and a device
879	* server returns less than eithteen bytes of data, the application
880	* client should assume that the bytes not transferred would have been
881	* zeroes had the device server returned those bytes.''
882	*
883	* We zero sense for all commands so that when a packet request
884	* fails it does not return a stale sense.
885	*/
886	memset(&sc->top_sense, 0, UB_SENSE_SIZE);
887
888	/* set up the command wrapper */
889	bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
890	bcb->Tag = cmd->tag; /* Endianness is not important */
891	bcb->DataTransferLength = cpu_to_le32(cmd->len);
892	bcb->Flags = (cmd->dir == UB_DIR_READ) ? 0x80 : 0;
893	bcb->Lun = (cmd->lun != NULL) ? cmd->lun->num : 0;
894	bcb->Length = cmd->cdb_len;
895
896	/* copy the command payload */
897	memcpy(bcb->CDB, cmd->cdb, UB_MAX_CDB_SIZE);
898
899	UB_INIT_COMPLETION(sc->work_done);
900
901	sc->last_pipe = sc->send_bulk_pipe;
902	usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->send_bulk_pipe,
903	bcb, US_BULK_CB_WRAP_LEN, ub_urb_complete, sc);
904
905	if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
906	/* XXX Clear stalls */
907	ub_complete(&sc->work_done);
908	return rc;
909	}
910
911	sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
912	add_timer(&sc->work_timer);
913
914	cmd->state = UB_CMDST_CMD;
915	return 0;
916	}
917
918	/*
919	* Timeout handler.
920	*/
921	static void ub_urb_timeout(unsigned long arg)
922	{
923	struct ub_dev sc = (struct ub_dev ) arg;
924	unsigned long flags;
925
926	spin_lock_irqsave(sc->lock, flags);
927	if (!ub_is_completed(&sc->work_done))
928	usb_unlink_urb(&sc->work_urb);
929	spin_unlock_irqrestore(sc->lock, flags);
930	}
931
932	/*
933	* Completion routine for the work URB.
934	*
935	* This can be called directly from usb_submit_urb (while we have
936	* the sc->lock taken) and from an interrupt (while we do NOT have
937	* the sc->lock taken). Therefore, bounce this off to a tasklet.
938	*/
939	static void ub_urb_complete(struct urb *urb)
940	{
941	struct ub_dev *sc = urb->context;
942
943	ub_complete(&sc->work_done);
944	tasklet_schedule(&sc->tasklet);
945	}
946
947	static void ub_scsi_action(unsigned long _dev)
948	{
949	struct ub_dev sc = (struct ub_dev ) _dev;
950	unsigned long flags;
951
952	spin_lock_irqsave(sc->lock, flags);
953	ub_scsi_dispatch(sc);
954	spin_unlock_irqrestore(sc->lock, flags);
955	}
956
957	static void ub_scsi_dispatch(struct ub_dev *sc)
958	{
959	struct ub_scsi_cmd *cmd;
960	int rc;
961
962	while (!sc->reset && (cmd = ub_cmdq_peek(sc)) != NULL) {
963	if (cmd->state == UB_CMDST_DONE) {
964	ub_cmdq_pop(sc);
965	(*cmd->done)(sc, cmd);
966	} else if (cmd->state == UB_CMDST_INIT) {
967	if ((rc = ub_scsi_cmd_start(sc, cmd)) == 0)
968	break;
969	cmd->error = rc;
970	cmd->state = UB_CMDST_DONE;
971	} else {
972	if (!ub_is_completed(&sc->work_done))
973	break;
974	del_timer(&sc->work_timer);
975	ub_scsi_urb_compl(sc, cmd);
976	}
977	}
978	}
979
980	static void ub_scsi_urb_compl(struct ub_dev sc, struct ub_scsi_cmd cmd)
981	{
982	struct urb *urb = &sc->work_urb;
983	struct bulk_cs_wrap *bcs;
984	int endp;
985	int len;
986	int rc;
987
988	if (atomic_read(&sc->poison)) {
989	ub_state_done(sc, cmd, -ENODEV);
990	return;
991	}
992
993	endp = usb_pipeendpoint(sc->last_pipe);
994	if (usb_pipein(sc->last_pipe))
995	endp \|= USB_DIR_IN;
996
997	if (cmd->state == UB_CMDST_CLEAR) {
998	if (urb->status == -EPIPE) {
999	/*
1000	* STALL while clearning STALL.
1001	* The control pipe clears itself - nothing to do.
1002	*/
1003	printk(KERN_NOTICE "%s: stall on control pipe\n",
1004	sc->name);
1005	goto Bad_End;
1006	}
1007
1008	/*
1009	* We ignore the result for the halt clear.
1010	*/
1011
1012	usb_reset_endpoint(sc->dev, endp);
1013
1014	ub_state_sense(sc, cmd);
1015
1016	} else if (cmd->state == UB_CMDST_CLR2STS) {
1017	if (urb->status == -EPIPE) {
1018	printk(KERN_NOTICE "%s: stall on control pipe\n",
1019	sc->name);
1020	goto Bad_End;
1021	}
1022
1023	/*
1024	* We ignore the result for the halt clear.
1025	*/
1026
1027	usb_reset_endpoint(sc->dev, endp);
1028
1029	ub_state_stat(sc, cmd);
1030
1031	} else if (cmd->state == UB_CMDST_CLRRS) {
1032	if (urb->status == -EPIPE) {
1033	printk(KERN_NOTICE "%s: stall on control pipe\n",
1034	sc->name);
1035	goto Bad_End;
1036	}
1037
1038	/*
1039	* We ignore the result for the halt clear.
1040	*/
1041
1042	usb_reset_endpoint(sc->dev, endp);
1043
1044	ub_state_stat_counted(sc, cmd);
1045
1046	} else if (cmd->state == UB_CMDST_CMD) {
1047	switch (urb->status) {
1048	case 0:
1049	break;
1050	case -EOVERFLOW:
1051	goto Bad_End;
1052	case -EPIPE:
1053	rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1054	if (rc != 0) {
1055	printk(KERN_NOTICE "%s: "
1056	"unable to submit clear (%d)\n",
1057	sc->name, rc);
1058	/*
1059	* This is typically ENOMEM or some other such shit.
1060	* Retrying is pointless. Just do Bad End on it...
1061	*/
1062	ub_state_done(sc, cmd, rc);
1063	return;
1064	}
1065	cmd->state = UB_CMDST_CLEAR;
1066	return;
1067	case -ESHUTDOWN: /* unplug */
1068	case -EILSEQ: /* unplug timeout on uhci */
1069	ub_state_done(sc, cmd, -ENODEV);
1070	return;
1071	default:
1072	goto Bad_End;
1073	}
1074	if (urb->actual_length != US_BULK_CB_WRAP_LEN) {
1075	goto Bad_End;
1076	}
1077
1078	if (cmd->dir == UB_DIR_NONE \|\| cmd->nsg < 1) {
1079	ub_state_stat(sc, cmd);
1080	return;
1081	}
1082
1083	// udelay(125); // usb-storage has this
1084	ub_data_start(sc, cmd);
1085
1086	} else if (cmd->state == UB_CMDST_DATA) {
1087	if (urb->status == -EPIPE) {
1088	rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1089	if (rc != 0) {
1090	printk(KERN_NOTICE "%s: "
1091	"unable to submit clear (%d)\n",
1092	sc->name, rc);
1093	ub_state_done(sc, cmd, rc);
1094	return;
1095	}
1096	cmd->state = UB_CMDST_CLR2STS;
1097	return;
1098	}
1099	if (urb->status == -EOVERFLOW) {
1100	/*
1101	* A babble? Failure, but we must transfer CSW now.
1102	*/
1103	cmd->error = -EOVERFLOW; /* A cheap trick... */
1104	ub_state_stat(sc, cmd);
1105	return;
1106	}
1107
1108	if (cmd->dir == UB_DIR_WRITE) {
1109	/*
1110	* Do not continue writes in case of a failure.
1111	* Doing so would cause sectors to be mixed up,
1112	* which is worse than sectors lost.
1113	*
1114	* We must try to read the CSW, or many devices
1115	* get confused.
1116	*/
1117	len = urb->actual_length;
1118	if (urb->status != 0 \|\|
1119	len != cmd->sgv[cmd->current_sg].length) {
1120	cmd->act_len += len;
1121
1122	cmd->error = -EIO;
1123	ub_state_stat(sc, cmd);
1124	return;
1125	}
1126
1127	} else {
1128	/*
1129	* If an error occurs on read, we record it, and
1130	* continue to fetch data in order to avoid bubble.
1131	*
1132	* As a small shortcut, we stop if we detect that
1133	* a CSW mixed into data.
1134	*/
1135	if (urb->status != 0)
1136	cmd->error = -EIO;
1137
1138	len = urb->actual_length;
1139	if (urb->status != 0 \|\|
1140	len != cmd->sgv[cmd->current_sg].length) {
1141	if ((len & 0x1FF) == US_BULK_CS_WRAP_LEN)
1142	goto Bad_End;
1143	}
1144	}
1145
1146	cmd->act_len += urb->actual_length;
1147
1148	if (++cmd->current_sg < cmd->nsg) {
1149	ub_data_start(sc, cmd);
1150	return;
1151	}
1152	ub_state_stat(sc, cmd);
1153
1154	} else if (cmd->state == UB_CMDST_STAT) {
1155	if (urb->status == -EPIPE) {
1156	rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1157	if (rc != 0) {
1158	printk(KERN_NOTICE "%s: "
1159	"unable to submit clear (%d)\n",
1160	sc->name, rc);
1161	ub_state_done(sc, cmd, rc);
1162	return;
1163	}
1164
1165	/*
1166	* Having a stall when getting CSW is an error, so
1167	* make sure uppper levels are not oblivious to it.
1168	*/
1169	cmd->error = -EIO; /* A cheap trick... */
1170
1171	cmd->state = UB_CMDST_CLRRS;
1172	return;
1173	}
1174
1175	/* Catch everything, including -EOVERFLOW and other nasties. */
1176	if (urb->status != 0)
1177	goto Bad_End;
1178
1179	if (urb->actual_length == 0) {
1180	ub_state_stat_counted(sc, cmd);
1181	return;
1182	}
1183
1184	/*
1185	* Check the returned Bulk protocol status.
1186	* The status block has to be validated first.
1187	*/
1188
1189	bcs = &sc->work_bcs;
1190
1191	if (sc->signature == cpu_to_le32(0)) {
1192	/*
1193	* This is the first reply, so do not perform the check.
1194	* Instead, remember the signature the device uses
1195	* for future checks. But do not allow a nul.
1196	*/
1197	sc->signature = bcs->Signature;
1198	if (sc->signature == cpu_to_le32(0)) {
1199	ub_state_stat_counted(sc, cmd);
1200	return;
1201	}
1202	} else {
1203	if (bcs->Signature != sc->signature) {
1204	ub_state_stat_counted(sc, cmd);
1205	return;
1206	}
1207	}
1208
1209	if (bcs->Tag != cmd->tag) {
1210	/*
1211	* This usually happens when we disagree with the
1212	* device's microcode about something. For instance,
1213	* a few of them throw this after timeouts. They buffer
1214	* commands and reply at commands we timed out before.
1215	* Without flushing these replies we loop forever.
1216	*/
1217	ub_state_stat_counted(sc, cmd);
1218	return;
1219	}
1220
1221	if (!sc->bad_resid) {
1222	len = le32_to_cpu(bcs->Residue);
1223	if (len != cmd->len - cmd->act_len) {
1224	/*
1225	* Only start ignoring if this cmd ended well.
1226	*/
1227	if (cmd->len == cmd->act_len) {
1228	printk(KERN_NOTICE "%s: "
1229	"bad residual %d of %d, ignoring\n",
1230	sc->name, len, cmd->len);
1231	sc->bad_resid = 1;
1232	}
1233	}
1234	}
1235
1236	switch (bcs->Status) {
1237	case US_BULK_STAT_OK:
1238	break;
1239	case US_BULK_STAT_FAIL:
1240	ub_state_sense(sc, cmd);
1241	return;
1242	case US_BULK_STAT_PHASE:
1243	goto Bad_End;
1244	default:
1245	printk(KERN_INFO "%s: unknown CSW status 0x%x\n",
1246	sc->name, bcs->Status);
1247	ub_state_done(sc, cmd, -EINVAL);
1248	return;
1249	}
1250
1251	/* Not zeroing error to preserve a babble indicator */
1252	if (cmd->error != 0) {
1253	ub_state_sense(sc, cmd);
1254	return;
1255	}
1256	cmd->state = UB_CMDST_DONE;
1257	ub_cmdq_pop(sc);
1258	(*cmd->done)(sc, cmd);
1259
1260	} else if (cmd->state == UB_CMDST_SENSE) {
1261	ub_state_done(sc, cmd, -EIO);
1262
1263	} else {
1264	printk(KERN_WARNING "%s: wrong command state %d\n",
1265	sc->name, cmd->state);
1266	ub_state_done(sc, cmd, -EINVAL);
1267	return;
1268	}
1269	return;
1270
1271	Bad_End: /* Little Excel is dead */
1272	ub_state_done(sc, cmd, -EIO);
1273	}
1274
1275	/*
1276	* Factorization helper for the command state machine:
1277	* Initiate a data segment transfer.
1278	*/
1279	static void ub_data_start(struct ub_dev sc, struct ub_scsi_cmd cmd)
1280	{
1281	struct scatterlist *sg = &cmd->sgv[cmd->current_sg];
1282	int pipe;
1283	int rc;
1284
1285	UB_INIT_COMPLETION(sc->work_done);
1286
1287	if (cmd->dir == UB_DIR_READ)
1288	pipe = sc->recv_bulk_pipe;
1289	else
1290	pipe = sc->send_bulk_pipe;
1291	sc->last_pipe = pipe;
1292	usb_fill_bulk_urb(&sc->work_urb, sc->dev, pipe, sg_virt(sg),
1293	sg->length, ub_urb_complete, sc);
1294
1295	if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1296	/* XXX Clear stalls */
1297	ub_complete(&sc->work_done);
1298	ub_state_done(sc, cmd, rc);
1299	return;
1300	}
1301
1302	if (cmd->timeo)
1303	sc->work_timer.expires = jiffies + cmd->timeo;
1304	else
1305	sc->work_timer.expires = jiffies + UB_DATA_TIMEOUT;
1306	add_timer(&sc->work_timer);
1307
1308	cmd->state = UB_CMDST_DATA;
1309	}
1310
1311	/*
1312	* Factorization helper for the command state machine:
1313	* Finish the command.
1314	*/
1315	static void ub_state_done(struct ub_dev sc, struct ub_scsi_cmd cmd, int rc)
1316	{
1317
1318	cmd->error = rc;
1319	cmd->state = UB_CMDST_DONE;
1320	ub_cmdq_pop(sc);
1321	(*cmd->done)(sc, cmd);
1322	}
1323
1324	/*
1325	* Factorization helper for the command state machine:
1326	* Submit a CSW read.
1327	*/
1328	static int __ub_state_stat(struct ub_dev sc, struct ub_scsi_cmd cmd)
1329	{
1330	int rc;
1331
1332	UB_INIT_COMPLETION(sc->work_done);
1333
1334	sc->last_pipe = sc->recv_bulk_pipe;
1335	usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->recv_bulk_pipe,
1336	&sc->work_bcs, US_BULK_CS_WRAP_LEN, ub_urb_complete, sc);
1337
1338	if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1339	/* XXX Clear stalls */
1340	ub_complete(&sc->work_done);
1341	ub_state_done(sc, cmd, rc);
1342	return -1;
1343	}
1344
1345	if (cmd->timeo)
1346	sc->work_timer.expires = jiffies + cmd->timeo;
1347	else
1348	sc->work_timer.expires = jiffies + UB_STAT_TIMEOUT;
1349	add_timer(&sc->work_timer);
1350	return 0;
1351	}
1352
1353	/*
1354	* Factorization helper for the command state machine:
1355	* Submit a CSW read and go to STAT state.
1356	*/
1357	static void ub_state_stat(struct ub_dev sc, struct ub_scsi_cmd cmd)
1358	{
1359
1360	if (__ub_state_stat(sc, cmd) != 0)
1361	return;
1362
1363	cmd->stat_count = 0;
1364	cmd->state = UB_CMDST_STAT;
1365	}
1366
1367	/*
1368	* Factorization helper for the command state machine:
1369	* Submit a CSW read and go to STAT state with counter (along [C] path).
1370	*/
1371	static void ub_state_stat_counted(struct ub_dev sc, struct ub_scsi_cmd cmd)
1372	{
1373
1374	if (++cmd->stat_count >= 4) {
1375	ub_state_sense(sc, cmd);
1376	return;
1377	}
1378
1379	if (__ub_state_stat(sc, cmd) != 0)
1380	return;
1381
1382	cmd->state = UB_CMDST_STAT;
1383	}
1384
1385	/*
1386	* Factorization helper for the command state machine:
1387	* Submit a REQUEST SENSE and go to SENSE state.
1388	*/
1389	static void ub_state_sense(struct ub_dev sc, struct ub_scsi_cmd cmd)
1390	{
1391	struct ub_scsi_cmd *scmd;
1392	struct scatterlist *sg;
1393	int rc;
1394
1395	if (cmd->cdb[0] == REQUEST_SENSE) {
1396	rc = -EPIPE;
1397	goto error;
1398	}
1399
1400	scmd = &sc->top_rqs_cmd;
1401	memset(scmd, 0, sizeof(struct ub_scsi_cmd));
1402	scmd->cdb[0] = REQUEST_SENSE;
1403	scmd->cdb[4] = UB_SENSE_SIZE;
1404	scmd->cdb_len = 6;
1405	scmd->dir = UB_DIR_READ;
1406	scmd->state = UB_CMDST_INIT;
1407	scmd->nsg = 1;
1408	sg = &scmd->sgv[0];
1409	sg_init_table(sg, UB_MAX_REQ_SG);
1410	sg_set_page(sg, virt_to_page(sc->top_sense), UB_SENSE_SIZE,
1411	(unsigned long)sc->top_sense & (PAGE_SIZE-1));
1412	scmd->len = UB_SENSE_SIZE;
1413	scmd->lun = cmd->lun;
1414	scmd->done = ub_top_sense_done;
1415	scmd->back = cmd;
1416
1417	scmd->tag = sc->tagcnt++;
1418
1419	cmd->state = UB_CMDST_SENSE;
1420
1421	ub_cmdq_insert(sc, scmd);
1422	return;
1423
1424	error:
1425	ub_state_done(sc, cmd, rc);
1426	}
1427
1428	/*
1429	* A helper for the command's state machine:
1430	* Submit a stall clear.
1431	*/
1432	static int ub_submit_clear_stall(struct ub_dev sc, struct ub_scsi_cmd cmd,
1433	int stalled_pipe)
1434	{
1435	int endp;
1436	struct usb_ctrlrequest *cr;
1437	int rc;
1438
1439	endp = usb_pipeendpoint(stalled_pipe);
1440	if (usb_pipein (stalled_pipe))
1441	endp \|= USB_DIR_IN;
1442
1443	cr = &sc->work_cr;
1444	cr->bRequestType = USB_RECIP_ENDPOINT;
1445	cr->bRequest = USB_REQ_CLEAR_FEATURE;
1446	cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
1447	cr->wIndex = cpu_to_le16(endp);
1448	cr->wLength = cpu_to_le16(0);
1449
1450	UB_INIT_COMPLETION(sc->work_done);
1451
1452	usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1453	(unsigned char*) cr, NULL, 0, ub_urb_complete, sc);
1454
1455	if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1456	ub_complete(&sc->work_done);
1457	return rc;
1458	}
1459
1460	sc->work_timer.expires = jiffies + UB_CTRL_TIMEOUT;
1461	add_timer(&sc->work_timer);
1462	return 0;
1463	}
1464
1465	/*
1466	*/
1467	static void ub_top_sense_done(struct ub_dev sc, struct ub_scsi_cmd scmd)
1468	{
1469	unsigned char *sense = sc->top_sense;
1470	struct ub_scsi_cmd *cmd;
1471
1472	/*
1473	* Find the command which triggered the unit attention or a check,
1474	* save the sense into it, and advance its state machine.
1475	*/
1476	if ((cmd = ub_cmdq_peek(sc)) == NULL) {
1477	printk(KERN_WARNING "%s: sense done while idle\n", sc->name);
1478	return;
1479	}
1480	if (cmd != scmd->back) {
1481	printk(KERN_WARNING "%s: "
1482	"sense done for wrong command 0x%x\n",
1483	sc->name, cmd->tag);
1484	return;
1485	}
1486	if (cmd->state != UB_CMDST_SENSE) {
1487	printk(KERN_WARNING "%s: sense done with bad cmd state %d\n",
1488	sc->name, cmd->state);
1489	return;
1490	}
1491
1492	/*
1493	* Ignoring scmd->act_len, because the buffer was pre-zeroed.
1494	*/
1495	cmd->key = sense[2] & 0x0F;
1496	cmd->asc = sense[12];
1497	cmd->ascq = sense[13];
1498
1499	ub_scsi_urb_compl(sc, cmd);
1500	}
1501
1502	/*
1503	* Reset management
1504	*/
1505
1506	static void ub_reset_enter(struct ub_dev *sc, int try)
1507	{
1508
1509	if (sc->reset) {
1510	/* This happens often on multi-LUN devices. */
1511	return;
1512	}
1513	sc->reset = try + 1;
1514
1515	#if 0 /* Not needed because the disconnect waits for us. */
1516	unsigned long flags;
1517	spin_lock_irqsave(&ub_lock, flags);
1518	sc->openc++;
1519	spin_unlock_irqrestore(&ub_lock, flags);
1520	#endif
1521
1522	#if 0 /* We let them stop themselves. */
1523	struct ub_lun *lun;
1524	list_for_each_entry(lun, &sc->luns, link) {
1525	blk_stop_queue(lun->disk->queue);
1526	}
1527	#endif
1528
1529	schedule_work(&sc->reset_work);
1530	}
1531
1532	static void ub_reset_task(struct work_struct *work)
1533	{
1534	struct ub_dev *sc = container_of(work, struct ub_dev, reset_work);
1535	unsigned long flags;
1536	struct ub_lun *lun;
1537	int rc;
1538
1539	if (!sc->reset) {
1540	printk(KERN_WARNING "%s: Running reset unrequested\n",
1541	sc->name);
1542	return;
1543	}
1544
1545	if (atomic_read(&sc->poison)) {
1546	;
1547	} else if ((sc->reset & 1) == 0) {
1548	ub_sync_reset(sc);
1549	msleep(700); /* usb-storage sleeps 6s (!) */
1550	ub_probe_clear_stall(sc, sc->recv_bulk_pipe);
1551	ub_probe_clear_stall(sc, sc->send_bulk_pipe);
1552	} else if (sc->dev->actconfig->desc.bNumInterfaces != 1) {
1553	;
1554	} else {
1555	rc = usb_lock_device_for_reset(sc->dev, sc->intf);
1556	if (rc < 0) {
1557	printk(KERN_NOTICE
1558	"%s: usb_lock_device_for_reset failed (%d)\n",
1559	sc->name, rc);
1560	} else {
1561	rc = usb_reset_device(sc->dev);
1562	if (rc < 0) {
1563	printk(KERN_NOTICE "%s: "
1564	"usb_lock_device_for_reset failed (%d)\n",
1565	sc->name, rc);
1566	}
1567	usb_unlock_device(sc->dev);
1568	}
1569	}
1570
1571	/*
1572	* In theory, no commands can be running while reset is active,
1573	* so nobody can ask for another reset, and so we do not need any
1574	* queues of resets or anything. We do need a spinlock though,
1575	* to interact with block layer.
1576	*/
1577	spin_lock_irqsave(sc->lock, flags);
1578	sc->reset = 0;
1579	tasklet_schedule(&sc->tasklet);
1580	list_for_each_entry(lun, &sc->luns, link) {
1581	blk_start_queue(lun->disk->queue);
1582	}
1583	wake_up(&sc->reset_wait);
1584	spin_unlock_irqrestore(sc->lock, flags);
1585	}
1586
1587	/*
1588	* XXX Reset brackets are too much hassle to implement, so just stub them
1589	* in order to prevent forced unbinding (which deadlocks solid when our
1590	* ->disconnect method waits for the reset to complete and this kills keventd).
1591	*
1592	* XXX Tell Alan to move usb_unlock_device inside of usb_reset_device,
1593	* or else the post_reset is invoked, and restats I/O on a locked device.
1594	*/
1595	static int ub_pre_reset(struct usb_interface *iface) {
1596	return 0;
1597	}
1598
1599	static int ub_post_reset(struct usb_interface *iface) {
1600	return 0;
1601	}
1602
1603	/*
1604	* This is called from a process context.
1605	*/
1606	static void ub_revalidate(struct ub_dev sc, struct ub_lun lun)
1607	{
1608
1609	lun->readonly = 0; /* XXX Query this from the device */
1610
1611	lun->capacity.nsec = 0;
1612	lun->capacity.bsize = 512;
1613	lun->capacity.bshift = 0;
1614
1615	if (ub_sync_tur(sc, lun) != 0)
1616	return; /* Not ready */
1617	lun->changed = 0;
1618
1619	if (ub_sync_read_cap(sc, lun, &lun->capacity) != 0) {
1620	/*
1621	* The retry here means something is wrong, either with the
1622	* device, with the transport, or with our code.
1623	* We keep this because sd.c has retries for capacity.
1624	*/
1625	if (ub_sync_read_cap(sc, lun, &lun->capacity) != 0) {
1626	lun->capacity.nsec = 0;
1627	lun->capacity.bsize = 512;
1628	lun->capacity.bshift = 0;
1629	}
1630	}
1631	}
1632
1633	/*
1634	* The open funcion.
1635	* This is mostly needed to keep refcounting, but also to support
1636	* media checks on removable media drives.
1637	*/
1638	static int ub_bd_open(struct block_device *bdev, fmode_t mode)
1639	{
1640	struct ub_lun *lun = bdev->bd_disk->private_data;
1641	struct ub_dev *sc = lun->udev;
1642	unsigned long flags;
1643	int rc;
1644
1645	spin_lock_irqsave(&ub_lock, flags);
1646	if (atomic_read(&sc->poison)) {
1647	spin_unlock_irqrestore(&ub_lock, flags);
1648	return -ENXIO;
1649	}
1650	sc->openc++;
1651	spin_unlock_irqrestore(&ub_lock, flags);
1652
1653	if (lun->removable \|\| lun->readonly)
1654	check_disk_change(bdev);
1655
1656	/*
1657	* The sd.c considers ->media_present and ->changed not equivalent,
1658	* under some pretty murky conditions (a failure of READ CAPACITY).
1659	* We may need it one day.
1660	*/
1661	if (lun->removable && lun->changed && !(mode & FMODE_NDELAY)) {
1662	rc = -ENOMEDIUM;
1663	goto err_open;
1664	}
1665
1666	if (lun->readonly && (mode & FMODE_WRITE)) {
1667	rc = -EROFS;
1668	goto err_open;
1669	}
1670
1671	return 0;
1672
1673	err_open:
1674	ub_put(sc);
1675	return rc;
1676	}
1677
1678	static int ub_bd_unlocked_open(struct block_device *bdev, fmode_t mode)
1679	{
1680	int ret;
1681
1682	mutex_lock(&ub_mutex);
1683	ret = ub_bd_open(bdev, mode);
1684	mutex_unlock(&ub_mutex);
1685
1686	return ret;
1687	}
1688
1689
1690	/*
1691	*/
1692	static int ub_bd_release(struct gendisk *disk, fmode_t mode)
1693	{
1694	struct ub_lun *lun = disk->private_data;
1695	struct ub_dev *sc = lun->udev;
1696
1697	mutex_lock(&ub_mutex);
1698	ub_put(sc);
1699	mutex_unlock(&ub_mutex);
1700
1701	return 0;
1702	}
1703
1704	/*
1705	* The ioctl interface.
1706	*/
1707	static int ub_bd_ioctl(struct block_device *bdev, fmode_t mode,
1708	unsigned int cmd, unsigned long arg)
1709	{
1710	void __user usermem = (void __user ) arg;
1711	int ret;
1712
1713	mutex_lock(&ub_mutex);
1714	ret = scsi_cmd_blk_ioctl(bdev, mode, cmd, usermem);
1715	mutex_unlock(&ub_mutex);
1716
1717	return ret;
1718	}
1719
1720	/*
1721	* This is called by check_disk_change if we reported a media change.
1722	* The main onjective here is to discover the features of the media such as
1723	* the capacity, read-only status, etc. USB storage generally does not
1724	* need to be spun up, but if we needed it, this would be the place.
1725	*
1726	* This call can sleep.
1727	*
1728	* The return code is not used.
1729	*/
1730	static int ub_bd_revalidate(struct gendisk *disk)
1731	{
1732	struct ub_lun *lun = disk->private_data;
1733
1734	ub_revalidate(lun->udev, lun);
1735
1736	/* XXX Support sector size switching like in sr.c */
1737	blk_queue_logical_block_size(disk->queue, lun->capacity.bsize);
1738	set_capacity(disk, lun->capacity.nsec);
1739	// set_disk_ro(sdkp->disk, lun->readonly);
1740
1741	return 0;
1742	}
1743
1744	/*
1745	* The check is called by the block layer to verify if the media
1746	* is still available. It is supposed to be harmless, lightweight and
1747	* non-intrusive in case the media was not changed.
1748	*
1749	* This call can sleep.
1750	*
1751	* The return code is bool!
1752	*/
1753	static unsigned int ub_bd_check_events(struct gendisk *disk,
1754	unsigned int clearing)
1755	{
1756	struct ub_lun *lun = disk->private_data;
1757
1758	if (!lun->removable)
1759	return 0;
1760
1761	/*
1762	* We clean checks always after every command, so this is not
1763	* as dangerous as it looks. If the TEST_UNIT_READY fails here,
1764	* the device is actually not ready with operator or software
1765	* intervention required. One dangerous item might be a drive which
1766	* spins itself down, and come the time to write dirty pages, this
1767	* will fail, then block layer discards the data. Since we never
1768	* spin drives up, such devices simply cannot be used with ub anyway.
1769	*/
1770	if (ub_sync_tur(lun->udev, lun) != 0) {
1771	lun->changed = 1;
1772	return DISK_EVENT_MEDIA_CHANGE;
1773	}
1774
1775	return lun->changed ? DISK_EVENT_MEDIA_CHANGE : 0;
1776	}
1777
1778	static const struct block_device_operations ub_bd_fops = {
1779	.owner = THIS_MODULE,
1780	.open = ub_bd_unlocked_open,
1781	.release = ub_bd_release,
1782	.ioctl = ub_bd_ioctl,
1783	.check_events = ub_bd_check_events,
1784	.revalidate_disk = ub_bd_revalidate,
1785	};
1786
1787	/*
1788	* Common ->done routine for commands executed synchronously.
1789	*/
1790	static void ub_probe_done(struct ub_dev sc, struct ub_scsi_cmd cmd)
1791	{
1792	struct completion *cop = cmd->back;
1793	complete(cop);
1794	}
1795
1796	/*
1797	* Test if the device has a check condition on it, synchronously.
1798	*/
1799	static int ub_sync_tur(struct ub_dev sc, struct ub_lun lun)
1800	{
1801	struct ub_scsi_cmd *cmd;
1802	enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) };
1803	unsigned long flags;
1804	struct completion compl;
1805	int rc;
1806
1807	init_completion(&compl);
1808
1809	rc = -ENOMEM;
1810	if ((cmd = kzalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1811	goto err_alloc;
1812
1813	cmd->cdb[0] = TEST_UNIT_READY;
1814	cmd->cdb_len = 6;
1815	cmd->dir = UB_DIR_NONE;
1816	cmd->state = UB_CMDST_INIT;
1817	cmd->lun = lun; /* This may be NULL, but that's ok */
1818	cmd->done = ub_probe_done;
1819	cmd->back = &compl;
1820
1821	spin_lock_irqsave(sc->lock, flags);
1822	cmd->tag = sc->tagcnt++;
1823
1824	rc = ub_submit_scsi(sc, cmd);
1825	spin_unlock_irqrestore(sc->lock, flags);
1826
1827	if (rc != 0)
1828	goto err_submit;
1829
1830	wait_for_completion(&compl);
1831
1832	rc = cmd->error;
1833
1834	if (rc == -EIO && cmd->key != 0) /* Retries for benh's key */
1835	rc = cmd->key;
1836
1837	err_submit:
1838	kfree(cmd);
1839	err_alloc:
1840	return rc;
1841	}
1842
1843	/*
1844	* Read the SCSI capacity synchronously (for probing).
1845	*/
1846	static int ub_sync_read_cap(struct ub_dev sc, struct ub_lun lun,
1847	struct ub_capacity *ret)
1848	{
1849	struct ub_scsi_cmd *cmd;
1850	struct scatterlist *sg;
1851	char *p;
1852	enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) + 8 };
1853	unsigned long flags;
1854	unsigned int bsize, shift;
1855	unsigned long nsec;
1856	struct completion compl;
1857	int rc;
1858
1859	init_completion(&compl);
1860
1861	rc = -ENOMEM;
1862	if ((cmd = kzalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1863	goto err_alloc;
1864	p = (char *)cmd + sizeof(struct ub_scsi_cmd);
1865
1866	cmd->cdb[0] = 0x25;
1867	cmd->cdb_len = 10;
1868	cmd->dir = UB_DIR_READ;
1869	cmd->state = UB_CMDST_INIT;
1870	cmd->nsg = 1;
1871	sg = &cmd->sgv[0];
1872	sg_init_table(sg, UB_MAX_REQ_SG);
1873	sg_set_page(sg, virt_to_page(p), 8, (unsigned long)p & (PAGE_SIZE-1));
1874	cmd->len = 8;
1875	cmd->lun = lun;
1876	cmd->done = ub_probe_done;
1877	cmd->back = &compl;
1878
1879	spin_lock_irqsave(sc->lock, flags);
1880	cmd->tag = sc->tagcnt++;
1881
1882	rc = ub_submit_scsi(sc, cmd);
1883	spin_unlock_irqrestore(sc->lock, flags);
1884
1885	if (rc != 0)
1886	goto err_submit;
1887
1888	wait_for_completion(&compl);
1889
1890	if (cmd->error != 0) {
1891	rc = -EIO;
1892	goto err_read;
1893	}
1894	if (cmd->act_len != 8) {
1895	rc = -EIO;
1896	goto err_read;
1897	}
1898
1899	/* sd.c special-cases sector size of 0 to mean 512. Needed? Safe? */
1900	nsec = be32_to_cpu((__be32 )p) + 1;
1901	bsize = be32_to_cpu((__be32 )(p + 4));
1902	switch (bsize) {
1903	case 512: shift = 0; break;
1904	case 1024: shift = 1; break;
1905	case 2048: shift = 2; break;
1906	case 4096: shift = 3; break;
1907	default:
1908	rc = -EDOM;
1909	goto err_inv_bsize;
1910	}
1911
1912	ret->bsize = bsize;
1913	ret->bshift = shift;
1914	ret->nsec = nsec << shift;
1915	rc = 0;
1916
1917	err_inv_bsize:
1918	err_read:
1919	err_submit:
1920	kfree(cmd);
1921	err_alloc:
1922	return rc;
1923	}
1924
1925	/*
1926	*/
1927	static void ub_probe_urb_complete(struct urb *urb)
1928	{
1929	struct completion *cop = urb->context;
1930	complete(cop);
1931	}
1932
1933	static void ub_probe_timeout(unsigned long arg)
1934	{
1935	struct completion cop = (struct completion ) arg;
1936	complete(cop);
1937	}
1938
1939	/*
1940	* Reset with a Bulk reset.
1941	*/
1942	static int ub_sync_reset(struct ub_dev *sc)
1943	{
1944	int ifnum = sc->intf->cur_altsetting->desc.bInterfaceNumber;
1945	struct usb_ctrlrequest *cr;
1946	struct completion compl;
1947	struct timer_list timer;
1948	int rc;
1949
1950	init_completion(&compl);
1951
1952	cr = &sc->work_cr;
1953	cr->bRequestType = USB_TYPE_CLASS \| USB_RECIP_INTERFACE;
1954	cr->bRequest = US_BULK_RESET_REQUEST;
1955	cr->wValue = cpu_to_le16(0);
1956	cr->wIndex = cpu_to_le16(ifnum);
1957	cr->wLength = cpu_to_le16(0);
1958
1959	usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1960	(unsigned char*) cr, NULL, 0, ub_probe_urb_complete, &compl);
1961
1962	if ((rc = usb_submit_urb(&sc->work_urb, GFP_KERNEL)) != 0) {
1963	printk(KERN_WARNING
1964	"%s: Unable to submit a bulk reset (%d)\n", sc->name, rc);
1965	return rc;
1966	}
1967
1968	init_timer(&timer);
1969	timer.function = ub_probe_timeout;
1970	timer.data = (unsigned long) &compl;
1971	timer.expires = jiffies + UB_CTRL_TIMEOUT;
1972	add_timer(&timer);
1973
1974	wait_for_completion(&compl);
1975
1976	del_timer_sync(&timer);
1977	usb_kill_urb(&sc->work_urb);
1978
1979	return sc->work_urb.status;
1980	}
1981
1982	/*
1983	* Get number of LUNs by the way of Bulk GetMaxLUN command.
1984	*/
1985	static int ub_sync_getmaxlun(struct ub_dev *sc)
1986	{
1987	int ifnum = sc->intf->cur_altsetting->desc.bInterfaceNumber;
1988	unsigned char *p;
1989	enum { ALLOC_SIZE = 1 };
1990	struct usb_ctrlrequest *cr;
1991	struct completion compl;
1992	struct timer_list timer;
1993	int nluns;
1994	int rc;
1995
1996	init_completion(&compl);
1997
1998	rc = -ENOMEM;
1999	if ((p = kmalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
2000	goto err_alloc;
2001	*p = 55;
2002
2003	cr = &sc->work_cr;
2004	cr->bRequestType = USB_DIR_IN \| USB_TYPE_CLASS \| USB_RECIP_INTERFACE;
2005	cr->bRequest = US_BULK_GET_MAX_LUN;
2006	cr->wValue = cpu_to_le16(0);
2007	cr->wIndex = cpu_to_le16(ifnum);
2008	cr->wLength = cpu_to_le16(1);
2009
2010	usb_fill_control_urb(&sc->work_urb, sc->dev, sc->recv_ctrl_pipe,
2011	(unsigned char*) cr, p, 1, ub_probe_urb_complete, &compl);
2012
2013	if ((rc = usb_submit_urb(&sc->work_urb, GFP_KERNEL)) != 0)
2014	goto err_submit;
2015
2016	init_timer(&timer);
2017	timer.function = ub_probe_timeout;
2018	timer.data = (unsigned long) &compl;
2019	timer.expires = jiffies + UB_CTRL_TIMEOUT;
2020	add_timer(&timer);
2021
2022	wait_for_completion(&compl);
2023
2024	del_timer_sync(&timer);
2025	usb_kill_urb(&sc->work_urb);
2026
2027	if ((rc = sc->work_urb.status) < 0)
2028	goto err_io;
2029
2030	if (sc->work_urb.actual_length != 1) {
2031	nluns = 0;
2032	} else {
2033	if ((nluns = *p) == 55) {
2034	nluns = 0;
2035	} else {
2036	/* GetMaxLUN returns the maximum LUN number */
2037	nluns += 1;
2038	if (nluns > UB_MAX_LUNS)
2039	nluns = UB_MAX_LUNS;
2040	}
2041	}
2042
2043	kfree(p);
2044	return nluns;
2045
2046	err_io:
2047	err_submit:
2048	kfree(p);
2049	err_alloc:
2050	return rc;
2051	}
2052
2053	/*
2054	* Clear initial stalls.
2055	*/
2056	static int ub_probe_clear_stall(struct ub_dev *sc, int stalled_pipe)
2057	{
2058	int endp;
2059	struct usb_ctrlrequest *cr;
2060	struct completion compl;
2061	struct timer_list timer;
2062	int rc;
2063
2064	init_completion(&compl);
2065
2066	endp = usb_pipeendpoint(stalled_pipe);
2067	if (usb_pipein (stalled_pipe))
2068	endp \|= USB_DIR_IN;
2069
2070	cr = &sc->work_cr;
2071	cr->bRequestType = USB_RECIP_ENDPOINT;
2072	cr->bRequest = USB_REQ_CLEAR_FEATURE;
2073	cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
2074	cr->wIndex = cpu_to_le16(endp);
2075	cr->wLength = cpu_to_le16(0);
2076
2077	usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
2078	(unsigned char*) cr, NULL, 0, ub_probe_urb_complete, &compl);
2079
2080	if ((rc = usb_submit_urb(&sc->work_urb, GFP_KERNEL)) != 0) {
2081	printk(KERN_WARNING
2082	"%s: Unable to submit a probe clear (%d)\n", sc->name, rc);
2083	return rc;
2084	}
2085
2086	init_timer(&timer);
2087	timer.function = ub_probe_timeout;
2088	timer.data = (unsigned long) &compl;
2089	timer.expires = jiffies + UB_CTRL_TIMEOUT;
2090	add_timer(&timer);
2091
2092	wait_for_completion(&compl);
2093
2094	del_timer_sync(&timer);
2095	usb_kill_urb(&sc->work_urb);
2096
2097	usb_reset_endpoint(sc->dev, endp);
2098
2099	return 0;
2100	}
2101
2102	/*
2103	* Get the pipe settings.
2104	*/
2105	static int ub_get_pipes(struct ub_dev sc, struct usb_device dev,
2106	struct usb_interface *intf)
2107	{
2108	struct usb_host_interface *altsetting = intf->cur_altsetting;
2109	struct usb_endpoint_descriptor *ep_in = NULL;
2110	struct usb_endpoint_descriptor *ep_out = NULL;
2111	struct usb_endpoint_descriptor *ep;
2112	int i;
2113
2114	/*
2115	* Find the endpoints we need.
2116	* We are expecting a minimum of 2 endpoints - in and out (bulk).
2117	* We will ignore any others.
2118	*/
2119	for (i = 0; i < altsetting->desc.bNumEndpoints; i++) {
2120	ep = &altsetting->endpoint[i].desc;
2121
2122	/* Is it a BULK endpoint? */
2123	if (usb_endpoint_xfer_bulk(ep)) {
2124	/* BULK in or out? */
2125	if (usb_endpoint_dir_in(ep)) {
2126	if (ep_in == NULL)
2127	ep_in = ep;
2128	} else {
2129	if (ep_out == NULL)
2130	ep_out = ep;
2131	}
2132	}
2133	}
2134
2135	if (ep_in == NULL \|\| ep_out == NULL) {
2136	printk(KERN_NOTICE "%s: failed endpoint check\n", sc->name);
2137	return -ENODEV;
2138	}
2139
2140	/* Calculate and store the pipe values */
2141	sc->send_ctrl_pipe = usb_sndctrlpipe(dev, 0);
2142	sc->recv_ctrl_pipe = usb_rcvctrlpipe(dev, 0);
2143	sc->send_bulk_pipe = usb_sndbulkpipe(dev,
2144	usb_endpoint_num(ep_out));
2145	sc->recv_bulk_pipe = usb_rcvbulkpipe(dev,
2146	usb_endpoint_num(ep_in));
2147
2148	return 0;
2149	}
2150
2151	/*
2152	* Probing is done in the process context, which allows us to cheat
2153	* and not to build a state machine for the discovery.
2154	*/
2155	static int ub_probe(struct usb_interface *intf,
2156	const struct usb_device_id *dev_id)
2157	{
2158	struct ub_dev *sc;
2159	int nluns;
2160	int rc;
2161	int i;
2162
2163	if (usb_usual_check_type(dev_id, USB_US_TYPE_UB))
2164	return -ENXIO;
2165
2166	rc = -ENOMEM;
2167	if ((sc = kzalloc(sizeof(struct ub_dev), GFP_KERNEL)) == NULL)
2168	goto err_core;
2169	sc->lock = ub_next_lock();
2170	INIT_LIST_HEAD(&sc->luns);
2171	usb_init_urb(&sc->work_urb);
2172	tasklet_init(&sc->tasklet, ub_scsi_action, (unsigned long)sc);
2173	atomic_set(&sc->poison, 0);
2174	INIT_WORK(&sc->reset_work, ub_reset_task);
2175	init_waitqueue_head(&sc->reset_wait);
2176
2177	init_timer(&sc->work_timer);
2178	sc->work_timer.data = (unsigned long) sc;
2179	sc->work_timer.function = ub_urb_timeout;
2180
2181	ub_init_completion(&sc->work_done);
2182	sc->work_done.done = 1; /* A little yuk, but oh well... */
2183
2184	sc->dev = interface_to_usbdev(intf);
2185	sc->intf = intf;
2186	// sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
2187	usb_set_intfdata(intf, sc);
2188	usb_get_dev(sc->dev);
2189	/*
2190	* Since we give the interface struct to the block level through
2191	* disk->driverfs_dev, we have to pin it. Otherwise, block_uevent
2192	* oopses on close after a disconnect (kernels 2.6.16 and up).
2193	*/
2194	usb_get_intf(sc->intf);
2195
2196	snprintf(sc->name, 12, DRV_NAME "(%d.%d)",
2197	sc->dev->bus->busnum, sc->dev->devnum);
2198
2199	/* XXX Verify that we can handle the device (from descriptors) */
2200
2201	if (ub_get_pipes(sc, sc->dev, intf) != 0)
2202	goto err_dev_desc;
2203
2204	/*
2205	* At this point, all USB initialization is done, do upper layer.
2206	* We really hate halfway initialized structures, so from the
2207	* invariants perspective, this ub_dev is fully constructed at
2208	* this point.
2209	*/
2210
2211	/*
2212	* This is needed to clear toggles. It is a problem only if we do
2213	* `rmmod ub && modprobe ub` without disconnects, but we like that.
2214	*/
2215	#if 0 /* iPod Mini fails if we do this (big white iPod works) */
2216	ub_probe_clear_stall(sc, sc->recv_bulk_pipe);
2217	ub_probe_clear_stall(sc, sc->send_bulk_pipe);
2218	#endif
2219
2220	/*
2221	* The way this is used by the startup code is a little specific.
2222	* A SCSI check causes a USB stall. Our common case code sees it
2223	* and clears the check, after which the device is ready for use.
2224	* But if a check was not present, any command other than
2225	* TEST_UNIT_READY ends with a lockup (including REQUEST_SENSE).
2226	*
2227	* If we neglect to clear the SCSI check, the first real command fails
2228	* (which is the capacity readout). We clear that and retry, but why
2229	* causing spurious retries for no reason.
2230	*
2231	* Revalidation may start with its own TEST_UNIT_READY, but that one
2232	* has to succeed, so we clear checks with an additional one here.
2233	* In any case it's not our business how revaliadation is implemented.
2234	*/
2235	for (i = 0; i < 3; i++) { /* Retries for the schwag key from KS'04 */
2236	if ((rc = ub_sync_tur(sc, NULL)) <= 0) break;
2237	if (rc != 0x6) break;
2238	msleep(10);
2239	}
2240
2241	nluns = 1;
2242	for (i = 0; i < 3; i++) {
2243	if ((rc = ub_sync_getmaxlun(sc)) < 0)
2244	break;
2245	if (rc != 0) {
2246	nluns = rc;
2247	break;
2248	}
2249	msleep(100);
2250	}
2251
2252	for (i = 0; i < nluns; i++) {
2253	ub_probe_lun(sc, i);
2254	}
2255	return 0;
2256
2257	err_dev_desc:
2258	usb_set_intfdata(intf, NULL);
2259	usb_put_intf(sc->intf);
2260	usb_put_dev(sc->dev);
2261	kfree(sc);
2262	err_core:
2263	return rc;
2264	}
2265
2266	static int ub_probe_lun(struct ub_dev *sc, int lnum)
2267	{
2268	struct ub_lun *lun;
2269	struct request_queue *q;
2270	struct gendisk *disk;
2271	int rc;
2272
2273	rc = -ENOMEM;
2274	if ((lun = kzalloc(sizeof(struct ub_lun), GFP_KERNEL)) == NULL)
2275	goto err_alloc;
2276	lun->num = lnum;
2277
2278	rc = -ENOSR;
2279	if ((lun->id = ub_id_get()) == -1)
2280	goto err_id;
2281
2282	lun->udev = sc;
2283
2284	snprintf(lun->name, 16, DRV_NAME "%c(%d.%d.%d)",
2285	lun->id + 'a', sc->dev->bus->busnum, sc->dev->devnum, lun->num);
2286
2287	lun->removable = 1; /* XXX Query this from the device */
2288	lun->changed = 1; /* ub_revalidate clears only */
2289	ub_revalidate(sc, lun);
2290
2291	rc = -ENOMEM;
2292	if ((disk = alloc_disk(UB_PARTS_PER_LUN)) == NULL)
2293	goto err_diskalloc;
2294
2295	sprintf(disk->disk_name, DRV_NAME "%c", lun->id + 'a');
2296	disk->major = UB_MAJOR;
2297	disk->first_minor = lun->id * UB_PARTS_PER_LUN;
2298	disk->fops = &ub_bd_fops;
2299	disk->private_data = lun;
2300	disk->driverfs_dev = &sc->intf->dev;
2301
2302	rc = -ENOMEM;
2303	if ((q = blk_init_queue(ub_request_fn, sc->lock)) == NULL)
2304	goto err_blkqinit;
2305
2306	disk->queue = q;
2307
2308	blk_queue_bounce_limit(q, BLK_BOUNCE_HIGH);
2309	blk_queue_max_segments(q, UB_MAX_REQ_SG);
2310	blk_queue_segment_boundary(q, 0xffffffff); /* Dubious. */
2311	blk_queue_max_hw_sectors(q, UB_MAX_SECTORS);
2312	blk_queue_logical_block_size(q, lun->capacity.bsize);
2313
2314	lun->disk = disk;
2315	q->queuedata = lun;
2316	list_add(&lun->link, &sc->luns);
2317
2318	set_capacity(disk, lun->capacity.nsec);
2319	if (lun->removable)
2320	disk->flags \|= GENHD_FL_REMOVABLE;
2321
2322	add_disk(disk);
2323
2324	return 0;
2325
2326	err_blkqinit:
2327	put_disk(disk);
2328	err_diskalloc:
2329	ub_id_put(lun->id);
2330	err_id:
2331	kfree(lun);
2332	err_alloc:
2333	return rc;
2334	}
2335
2336	static void ub_disconnect(struct usb_interface *intf)
2337	{
2338	struct ub_dev *sc = usb_get_intfdata(intf);
2339	struct ub_lun *lun;
2340	unsigned long flags;
2341
2342	/*
2343	* Prevent ub_bd_release from pulling the rug from under us.
2344	* XXX This is starting to look like a kref.
2345	* XXX Why not to take this ref at probe time?
2346	*/
2347	spin_lock_irqsave(&ub_lock, flags);
2348	sc->openc++;
2349	spin_unlock_irqrestore(&ub_lock, flags);
2350
2351	/*
2352	* Fence stall clearings, operations triggered by unlinkings and so on.
2353	* We do not attempt to unlink any URBs, because we do not trust the
2354	* unlink paths in HC drivers. Also, we get -84 upon disconnect anyway.
2355	*/
2356	atomic_set(&sc->poison, 1);
2357
2358	/*
2359	* Wait for reset to end, if any.
2360	*/
2361	wait_event(sc->reset_wait, !sc->reset);
2362
2363	/*
2364	* Blow away queued commands.
2365	*
2366	* Actually, this never works, because before we get here
2367	* the HCD terminates outstanding URB(s). It causes our
2368	* SCSI command queue to advance, commands fail to submit,
2369	* and the whole queue drains. So, we just use this code to
2370	* print warnings.
2371	*/
2372	spin_lock_irqsave(sc->lock, flags);
2373	{
2374	struct ub_scsi_cmd *cmd;
2375	int cnt = 0;
2376	while ((cmd = ub_cmdq_peek(sc)) != NULL) {
2377	cmd->error = -ENOTCONN;
2378	cmd->state = UB_CMDST_DONE;
2379	ub_cmdq_pop(sc);
2380	(*cmd->done)(sc, cmd);
2381	cnt++;
2382	}
2383	if (cnt != 0) {
2384	printk(KERN_WARNING "%s: "
2385	"%d was queued after shutdown\n", sc->name, cnt);
2386	}
2387	}
2388	spin_unlock_irqrestore(sc->lock, flags);
2389
2390	/*
2391	* Unregister the upper layer.
2392	*/
2393	list_for_each_entry(lun, &sc->luns, link) {
2394	del_gendisk(lun->disk);
2395	/*
2396	* I wish I could do:
2397	* queue_flag_set(QUEUE_FLAG_DEAD, q);
2398	* As it is, we rely on our internal poisoning and let
2399	* the upper levels to spin furiously failing all the I/O.
2400	*/
2401	}
2402
2403	/*
2404	* Testing for -EINPROGRESS is always a bug, so we are bending
2405	* the rules a little.
2406	*/
2407	spin_lock_irqsave(sc->lock, flags);
2408	if (sc->work_urb.status == -EINPROGRESS) { /* janitors: ignore */
2409	printk(KERN_WARNING "%s: "
2410	"URB is active after disconnect\n", sc->name);
2411	}
2412	spin_unlock_irqrestore(sc->lock, flags);
2413
2414	/*
2415	* There is virtually no chance that other CPU runs a timeout so long
2416	* after ub_urb_complete should have called del_timer, but only if HCD
2417	* didn't forget to deliver a callback on unlink.
2418	*/
2419	del_timer_sync(&sc->work_timer);
2420
2421	/*
2422	* At this point there must be no commands coming from anyone
2423	* and no URBs left in transit.
2424	*/
2425
2426	ub_put(sc);
2427	}
2428
2429	static struct usb_driver ub_driver = {
2430	.name = "ub",
2431	.probe = ub_probe,
2432	.disconnect = ub_disconnect,
2433	.id_table = ub_usb_ids,
2434	.pre_reset = ub_pre_reset,
2435	.post_reset = ub_post_reset,
2436	};
2437
2438	static int __init ub_init(void)
2439	{
2440	int rc;
2441	int i;
2442
2443	pr_info("'Low Performance USB Block' driver is deprecated. "
2444	"Please switch to usb-storage\n");
2445	for (i = 0; i < UB_QLOCK_NUM; i++)
2446	spin_lock_init(&ub_qlockv[i]);
2447
2448	if ((rc = register_blkdev(UB_MAJOR, DRV_NAME)) != 0)
2449	goto err_regblkdev;
2450
2451	if ((rc = usb_register(&ub_driver)) != 0)
2452	goto err_register;
2453
2454	usb_usual_set_present(USB_US_TYPE_UB);
2455	return 0;
2456
2457	err_register:
2458	unregister_blkdev(UB_MAJOR, DRV_NAME);
2459	err_regblkdev:
2460	return rc;
2461	}
2462
2463	static void __exit ub_exit(void)
2464	{
2465	usb_deregister(&ub_driver);
2466
2467	unregister_blkdev(UB_MAJOR, DRV_NAME);
2468	usb_usual_clear_present(USB_US_TYPE_UB);
2469	}
2470
2471	module_init(ub_init);
2472	module_exit(ub_exit);
2473
2474	MODULE_LICENSE("GPL");
2475

Download this file

Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master

Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9

Kernel

Kernel Git Source Tree

Root/drivers/block/ub.c

interactive