aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block/ub.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/block/ub.c')
-rw-r--r--drivers/block/ub.c2215
1 files changed, 2215 insertions, 0 deletions
diff --git a/drivers/block/ub.c b/drivers/block/ub.c
new file mode 100644
index 000000000000..ce42889f98fb
--- /dev/null
+++ b/drivers/block/ub.c
@@ -0,0 +1,2215 @@
1/*
2 * The low performance USB storage driver (ub).
3 *
4 * Copyright (c) 1999, 2000 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
5 * Copyright (C) 2004 Pete Zaitcev (zaitcev@yahoo.com)
6 *
7 * This work is a part of Linux kernel, is derived from it,
8 * and is not licensed separately. See file COPYING for details.
9 *
10 * TODO (sorted by decreasing priority)
11 * -- Do resets with usb_device_reset (needs a thread context, use khubd)
12 * -- set readonly flag for CDs, set removable flag for CF readers
13 * -- do inquiry and verify we got a disk and not a tape (for LUN mismatch)
14 * -- support pphaneuf's SDDR-75 with two LUNs (also broken capacity...)
15 * -- special case some senses, e.g. 3a/0 -> no media present, reduce retries
16 * -- verify the 13 conditions and do bulk resets
17 * -- normal pool of commands instead of cmdv[]?
18 * -- kill last_pipe and simply do two-state clearing on both pipes
19 * -- verify protocol (bulk) from USB descriptors (maybe...)
20 * -- highmem and sg
21 * -- move top_sense and work_bcs into separate allocations (if they survive)
22 * for cache purists and esoteric architectures.
23 * -- prune comments, they are too volumnous
24 * -- Exterminate P3 printks
25 * -- Resove XXX's
26 * -- Redo "benh's retries", perhaps have spin-up code to handle them. V:D=?
27 */
28#include <linux/kernel.h>
29#include <linux/module.h>
30#include <linux/usb.h>
31#include <linux/blkdev.h>
32#include <linux/devfs_fs_kernel.h>
33#include <linux/timer.h>
34#include <scsi/scsi.h>
35
36#define DRV_NAME "ub"
37#define DEVFS_NAME DRV_NAME
38
39#define UB_MAJOR 180
40
41/*
42 * Definitions which have to be scattered once we understand the layout better.
43 */
44
45/* Transport (despite PR in the name) */
46#define US_PR_BULK 0x50 /* bulk only */
47
48/* Protocol */
49#define US_SC_SCSI 0x06 /* Transparent */
50
51/*
52 */
53#define UB_MINORS_PER_MAJOR 8
54
55#define UB_MAX_CDB_SIZE 16 /* Corresponds to Bulk */
56
57#define UB_SENSE_SIZE 18
58
59/*
60 */
61
62/* command block wrapper */
63struct bulk_cb_wrap {
64 __le32 Signature; /* contains 'USBC' */
65 u32 Tag; /* unique per command id */
66 __le32 DataTransferLength; /* size of data */
67 u8 Flags; /* direction in bit 0 */
68 u8 Lun; /* LUN normally 0 */
69 u8 Length; /* of of the CDB */
70 u8 CDB[UB_MAX_CDB_SIZE]; /* max command */
71};
72
73#define US_BULK_CB_WRAP_LEN 31
74#define US_BULK_CB_SIGN 0x43425355 /*spells out USBC */
75#define US_BULK_FLAG_IN 1
76#define US_BULK_FLAG_OUT 0
77
78/* command status wrapper */
79struct bulk_cs_wrap {
80 __le32 Signature; /* should = 'USBS' */
81 u32 Tag; /* same as original command */
82 __le32 Residue; /* amount not transferred */
83 u8 Status; /* see below */
84};
85
86#define US_BULK_CS_WRAP_LEN 13
87#define US_BULK_CS_SIGN 0x53425355 /* spells out 'USBS' */
88/* This is for Olympus Camedia digital cameras */
89#define US_BULK_CS_OLYMPUS_SIGN 0x55425355 /* spells out 'USBU' */
90#define US_BULK_STAT_OK 0
91#define US_BULK_STAT_FAIL 1
92#define US_BULK_STAT_PHASE 2
93
94/* bulk-only class specific requests */
95#define US_BULK_RESET_REQUEST 0xff
96#define US_BULK_GET_MAX_LUN 0xfe
97
98/*
99 */
100struct ub_dev;
101
102#define UB_MAX_REQ_SG 1
103#define UB_MAX_SECTORS 64
104
105/*
106 * A second is more than enough for a 32K transfer (UB_MAX_SECTORS)
107 * even if a webcam hogs the bus, but some devices need time to spin up.
108 */
109#define UB_URB_TIMEOUT (HZ*2)
110#define UB_DATA_TIMEOUT (HZ*5) /* ZIP does spin-ups in the data phase */
111#define UB_STAT_TIMEOUT (HZ*5) /* Same spinups and eject for a dataless cmd. */
112#define UB_CTRL_TIMEOUT (HZ/2) /* 500ms ought to be enough to clear a stall */
113
114/*
115 * An instance of a SCSI command in transit.
116 */
117#define UB_DIR_NONE 0
118#define UB_DIR_READ 1
119#define UB_DIR_ILLEGAL2 2
120#define UB_DIR_WRITE 3
121
122#define UB_DIR_CHAR(c) (((c)==UB_DIR_WRITE)? 'w': \
123 (((c)==UB_DIR_READ)? 'r': 'n'))
124
125enum ub_scsi_cmd_state {
126 UB_CMDST_INIT, /* Initial state */
127 UB_CMDST_CMD, /* Command submitted */
128 UB_CMDST_DATA, /* Data phase */
129 UB_CMDST_CLR2STS, /* Clearing before requesting status */
130 UB_CMDST_STAT, /* Status phase */
131 UB_CMDST_CLEAR, /* Clearing a stall (halt, actually) */
132 UB_CMDST_SENSE, /* Sending Request Sense */
133 UB_CMDST_DONE /* Final state */
134};
135
136static char *ub_scsi_cmd_stname[] = {
137 ". ",
138 "Cmd",
139 "dat",
140 "c2s",
141 "sts",
142 "clr",
143 "Sen",
144 "fin"
145};
146
147struct ub_scsi_cmd {
148 unsigned char cdb[UB_MAX_CDB_SIZE];
149 unsigned char cdb_len;
150
151 unsigned char dir; /* 0 - none, 1 - read, 3 - write. */
152 unsigned char trace_index;
153 enum ub_scsi_cmd_state state;
154 unsigned int tag;
155 struct ub_scsi_cmd *next;
156
157 int error; /* Return code - valid upon done */
158 unsigned int act_len; /* Return size */
159 unsigned char key, asc, ascq; /* May be valid if error==-EIO */
160
161 int stat_count; /* Retries getting status. */
162
163 /*
164 * We do not support transfers from highmem pages
165 * because the underlying USB framework does not do what we need.
166 */
167 char *data; /* Requested buffer */
168 unsigned int len; /* Requested length */
169 // struct scatterlist sgv[UB_MAX_REQ_SG];
170
171 void (*done)(struct ub_dev *, struct ub_scsi_cmd *);
172 void *back;
173};
174
175/*
176 */
177struct ub_capacity {
178 unsigned long nsec; /* Linux size - 512 byte sectors */
179 unsigned int bsize; /* Linux hardsect_size */
180 unsigned int bshift; /* Shift between 512 and hard sects */
181};
182
183/*
184 * The SCSI command tracing structure.
185 */
186
187#define SCMD_ST_HIST_SZ 8
188#define SCMD_TRACE_SZ 63 /* Less than 4KB of 61-byte lines */
189
190struct ub_scsi_cmd_trace {
191 int hcur;
192 unsigned int tag;
193 unsigned int req_size, act_size;
194 unsigned char op;
195 unsigned char dir;
196 unsigned char key, asc, ascq;
197 char st_hst[SCMD_ST_HIST_SZ];
198};
199
200struct ub_scsi_trace {
201 int cur;
202 struct ub_scsi_cmd_trace vec[SCMD_TRACE_SZ];
203};
204
205/*
206 * This is a direct take-off from linux/include/completion.h
207 * The difference is that I do not wait on this thing, just poll.
208 * When I want to wait (ub_probe), I just use the stock completion.
209 *
210 * Note that INIT_COMPLETION takes no lock. It is correct. But why
211 * in the bloody hell that thing takes struct instead of pointer to struct
212 * is quite beyond me. I just copied it from the stock completion.
213 */
214struct ub_completion {
215 unsigned int done;
216 spinlock_t lock;
217};
218
219static inline void ub_init_completion(struct ub_completion *x)
220{
221 x->done = 0;
222 spin_lock_init(&x->lock);
223}
224
225#define UB_INIT_COMPLETION(x) ((x).done = 0)
226
227static void ub_complete(struct ub_completion *x)
228{
229 unsigned long flags;
230
231 spin_lock_irqsave(&x->lock, flags);
232 x->done++;
233 spin_unlock_irqrestore(&x->lock, flags);
234}
235
236static int ub_is_completed(struct ub_completion *x)
237{
238 unsigned long flags;
239 int ret;
240
241 spin_lock_irqsave(&x->lock, flags);
242 ret = x->done;
243 spin_unlock_irqrestore(&x->lock, flags);
244 return ret;
245}
246
247/*
248 */
249struct ub_scsi_cmd_queue {
250 int qlen, qmax;
251 struct ub_scsi_cmd *head, *tail;
252};
253
254/*
255 * The UB device instance.
256 */
257struct ub_dev {
258 spinlock_t lock;
259 int id; /* Number among ub's */
260 atomic_t poison; /* The USB device is disconnected */
261 int openc; /* protected by ub_lock! */
262 /* kref is too implicit for our taste */
263 unsigned int tagcnt;
264 int changed; /* Media was changed */
265 int removable;
266 int readonly;
267 int first_open; /* Kludge. See ub_bd_open. */
268 char name[8];
269 struct usb_device *dev;
270 struct usb_interface *intf;
271
272 struct ub_capacity capacity;
273 struct gendisk *disk;
274
275 unsigned int send_bulk_pipe; /* cached pipe values */
276 unsigned int recv_bulk_pipe;
277 unsigned int send_ctrl_pipe;
278 unsigned int recv_ctrl_pipe;
279
280 struct tasklet_struct tasklet;
281
282 /* XXX Use Ingo's mempool (once we have more than one) */
283 int cmda[1];
284 struct ub_scsi_cmd cmdv[1];
285
286 struct ub_scsi_cmd_queue cmd_queue;
287 struct ub_scsi_cmd top_rqs_cmd; /* REQUEST SENSE */
288 unsigned char top_sense[UB_SENSE_SIZE];
289
290 struct ub_completion work_done;
291 struct urb work_urb;
292 struct timer_list work_timer;
293 int last_pipe; /* What might need clearing */
294 struct bulk_cb_wrap work_bcb;
295 struct bulk_cs_wrap work_bcs;
296 struct usb_ctrlrequest work_cr;
297
298 struct ub_scsi_trace tr;
299};
300
301/*
302 */
303static void ub_cleanup(struct ub_dev *sc);
304static int ub_bd_rq_fn_1(struct ub_dev *sc, struct request *rq);
305static int ub_cmd_build_block(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
306 struct request *rq);
307static int ub_cmd_build_packet(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
308 struct request *rq);
309static void ub_rw_cmd_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
310static void ub_end_rq(struct request *rq, int uptodate);
311static int ub_submit_scsi(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
312static void ub_urb_complete(struct urb *urb, struct pt_regs *pt);
313static void ub_scsi_action(unsigned long _dev);
314static void ub_scsi_dispatch(struct ub_dev *sc);
315static void ub_scsi_urb_compl(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
316static void ub_state_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd, int rc);
317static void __ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
318static void ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
319static void ub_state_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd);
320static int ub_submit_clear_stall(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
321 int stalled_pipe);
322static void ub_top_sense_done(struct ub_dev *sc, struct ub_scsi_cmd *scmd);
323static int ub_sync_tur(struct ub_dev *sc);
324static int ub_sync_read_cap(struct ub_dev *sc, struct ub_capacity *ret);
325
326/*
327 */
328static struct usb_device_id ub_usb_ids[] = {
329 // { USB_DEVICE_VER(0x0781, 0x0002, 0x0009, 0x0009) }, /* SDDR-31 */
330 { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, US_SC_SCSI, US_PR_BULK) },
331 { }
332};
333
334MODULE_DEVICE_TABLE(usb, ub_usb_ids);
335
336/*
337 * Find me a way to identify "next free minor" for add_disk(),
338 * and the array disappears the next day. However, the number of
339 * hosts has something to do with the naming and /proc/partitions.
340 * This has to be thought out in detail before changing.
341 * If UB_MAX_HOST was 1000, we'd use a bitmap. Or a better data structure.
342 */
343#define UB_MAX_HOSTS 26
344static char ub_hostv[UB_MAX_HOSTS];
345static DEFINE_SPINLOCK(ub_lock); /* Locks globals and ->openc */
346
347/*
348 * The SCSI command tracing procedures.
349 */
350
351static void ub_cmdtr_new(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
352{
353 int n;
354 struct ub_scsi_cmd_trace *t;
355
356 if ((n = sc->tr.cur + 1) == SCMD_TRACE_SZ) n = 0;
357 t = &sc->tr.vec[n];
358
359 memset(t, 0, sizeof(struct ub_scsi_cmd_trace));
360 t->tag = cmd->tag;
361 t->op = cmd->cdb[0];
362 t->dir = cmd->dir;
363 t->req_size = cmd->len;
364 t->st_hst[0] = cmd->state;
365
366 sc->tr.cur = n;
367 cmd->trace_index = n;
368}
369
370static void ub_cmdtr_state(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
371{
372 int n;
373 struct ub_scsi_cmd_trace *t;
374
375 t = &sc->tr.vec[cmd->trace_index];
376 if (t->tag == cmd->tag) {
377 if ((n = t->hcur + 1) == SCMD_ST_HIST_SZ) n = 0;
378 t->st_hst[n] = cmd->state;
379 t->hcur = n;
380 }
381}
382
383static void ub_cmdtr_act_len(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
384{
385 struct ub_scsi_cmd_trace *t;
386
387 t = &sc->tr.vec[cmd->trace_index];
388 if (t->tag == cmd->tag)
389 t->act_size = cmd->act_len;
390}
391
392static void ub_cmdtr_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
393 unsigned char *sense)
394{
395 struct ub_scsi_cmd_trace *t;
396
397 t = &sc->tr.vec[cmd->trace_index];
398 if (t->tag == cmd->tag) {
399 t->key = sense[2] & 0x0F;
400 t->asc = sense[12];
401 t->ascq = sense[13];
402 }
403}
404
405static ssize_t ub_diag_show(struct device *dev, char *page)
406{
407 struct usb_interface *intf;
408 struct ub_dev *sc;
409 int cnt;
410 unsigned long flags;
411 int nc, nh;
412 int i, j;
413 struct ub_scsi_cmd_trace *t;
414
415 intf = to_usb_interface(dev);
416 sc = usb_get_intfdata(intf);
417 if (sc == NULL)
418 return 0;
419
420 cnt = 0;
421 spin_lock_irqsave(&sc->lock, flags);
422
423 cnt += sprintf(page + cnt,
424 "qlen %d qmax %d changed %d removable %d readonly %d\n",
425 sc->cmd_queue.qlen, sc->cmd_queue.qmax,
426 sc->changed, sc->removable, sc->readonly);
427
428 if ((nc = sc->tr.cur + 1) == SCMD_TRACE_SZ) nc = 0;
429 for (j = 0; j < SCMD_TRACE_SZ; j++) {
430 t = &sc->tr.vec[nc];
431
432 cnt += sprintf(page + cnt, "%08x %02x", t->tag, t->op);
433 if (t->op == REQUEST_SENSE) {
434 cnt += sprintf(page + cnt, " [sense %x %02x %02x]",
435 t->key, t->asc, t->ascq);
436 } else {
437 cnt += sprintf(page + cnt, " %c", UB_DIR_CHAR(t->dir));
438 cnt += sprintf(page + cnt, " [%5d %5d]",
439 t->req_size, t->act_size);
440 }
441 if ((nh = t->hcur + 1) == SCMD_ST_HIST_SZ) nh = 0;
442 for (i = 0; i < SCMD_ST_HIST_SZ; i++) {
443 cnt += sprintf(page + cnt, " %s",
444 ub_scsi_cmd_stname[(int)t->st_hst[nh]]);
445 if (++nh == SCMD_ST_HIST_SZ) nh = 0;
446 }
447 cnt += sprintf(page + cnt, "\n");
448
449 if (++nc == SCMD_TRACE_SZ) nc = 0;
450 }
451
452 spin_unlock_irqrestore(&sc->lock, flags);
453 return cnt;
454}
455
456static DEVICE_ATTR(diag, S_IRUGO, ub_diag_show, NULL); /* N.B. World readable */
457
458/*
459 * The id allocator.
460 *
461 * This also stores the host for indexing by minor, which is somewhat dirty.
462 */
463static int ub_id_get(void)
464{
465 unsigned long flags;
466 int i;
467
468 spin_lock_irqsave(&ub_lock, flags);
469 for (i = 0; i < UB_MAX_HOSTS; i++) {
470 if (ub_hostv[i] == 0) {
471 ub_hostv[i] = 1;
472 spin_unlock_irqrestore(&ub_lock, flags);
473 return i;
474 }
475 }
476 spin_unlock_irqrestore(&ub_lock, flags);
477 return -1;
478}
479
480static void ub_id_put(int id)
481{
482 unsigned long flags;
483
484 if (id < 0 || id >= UB_MAX_HOSTS) {
485 printk(KERN_ERR DRV_NAME ": bad host ID %d\n", id);
486 return;
487 }
488
489 spin_lock_irqsave(&ub_lock, flags);
490 if (ub_hostv[id] == 0) {
491 spin_unlock_irqrestore(&ub_lock, flags);
492 printk(KERN_ERR DRV_NAME ": freeing free host ID %d\n", id);
493 return;
494 }
495 ub_hostv[id] = 0;
496 spin_unlock_irqrestore(&ub_lock, flags);
497}
498
499/*
500 * Downcount for deallocation. This rides on two assumptions:
501 * - once something is poisoned, its refcount cannot grow
502 * - opens cannot happen at this time (del_gendisk was done)
503 * If the above is true, we can drop the lock, which we need for
504 * blk_cleanup_queue(): the silly thing may attempt to sleep.
505 * [Actually, it never needs to sleep for us, but it calls might_sleep()]
506 */
507static void ub_put(struct ub_dev *sc)
508{
509 unsigned long flags;
510
511 spin_lock_irqsave(&ub_lock, flags);
512 --sc->openc;
513 if (sc->openc == 0 && atomic_read(&sc->poison)) {
514 spin_unlock_irqrestore(&ub_lock, flags);
515 ub_cleanup(sc);
516 } else {
517 spin_unlock_irqrestore(&ub_lock, flags);
518 }
519}
520
521/*
522 * Final cleanup and deallocation.
523 */
524static void ub_cleanup(struct ub_dev *sc)
525{
526 request_queue_t *q;
527
528 /* I don't think queue can be NULL. But... Stolen from sx8.c */
529 if ((q = sc->disk->queue) != NULL)
530 blk_cleanup_queue(q);
531
532 /*
533 * If we zero disk->private_data BEFORE put_disk, we have to check
534 * for NULL all over the place in open, release, check_media and
535 * revalidate, because the block level semaphore is well inside the
536 * put_disk. But we cannot zero after the call, because *disk is gone.
537 * The sd.c is blatantly racy in this area.
538 */
539 /* disk->private_data = NULL; */
540 put_disk(sc->disk);
541 sc->disk = NULL;
542
543 ub_id_put(sc->id);
544 kfree(sc);
545}
546
547/*
548 * The "command allocator".
549 */
550static struct ub_scsi_cmd *ub_get_cmd(struct ub_dev *sc)
551{
552 struct ub_scsi_cmd *ret;
553
554 if (sc->cmda[0])
555 return NULL;
556 ret = &sc->cmdv[0];
557 sc->cmda[0] = 1;
558 return ret;
559}
560
561static void ub_put_cmd(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
562{
563 if (cmd != &sc->cmdv[0]) {
564 printk(KERN_WARNING "%s: releasing a foreign cmd %p\n",
565 sc->name, cmd);
566 return;
567 }
568 if (!sc->cmda[0]) {
569 printk(KERN_WARNING "%s: releasing a free cmd\n", sc->name);
570 return;
571 }
572 sc->cmda[0] = 0;
573}
574
575/*
576 * The command queue.
577 */
578static void ub_cmdq_add(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
579{
580 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
581
582 if (t->qlen++ == 0) {
583 t->head = cmd;
584 t->tail = cmd;
585 } else {
586 t->tail->next = cmd;
587 t->tail = cmd;
588 }
589
590 if (t->qlen > t->qmax)
591 t->qmax = t->qlen;
592}
593
594static void ub_cmdq_insert(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
595{
596 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
597
598 if (t->qlen++ == 0) {
599 t->head = cmd;
600 t->tail = cmd;
601 } else {
602 cmd->next = t->head;
603 t->head = cmd;
604 }
605
606 if (t->qlen > t->qmax)
607 t->qmax = t->qlen;
608}
609
610static struct ub_scsi_cmd *ub_cmdq_pop(struct ub_dev *sc)
611{
612 struct ub_scsi_cmd_queue *t = &sc->cmd_queue;
613 struct ub_scsi_cmd *cmd;
614
615 if (t->qlen == 0)
616 return NULL;
617 if (--t->qlen == 0)
618 t->tail = NULL;
619 cmd = t->head;
620 t->head = cmd->next;
621 cmd->next = NULL;
622 return cmd;
623}
624
625#define ub_cmdq_peek(sc) ((sc)->cmd_queue.head)
626
627/*
628 * The request function is our main entry point
629 */
630
631static void ub_bd_rq_fn(request_queue_t *q)
632{
633 struct ub_dev *sc = q->queuedata;
634 struct request *rq;
635
636 while ((rq = elv_next_request(q)) != NULL) {
637 if (ub_bd_rq_fn_1(sc, rq) != 0) {
638 blk_stop_queue(q);
639 break;
640 }
641 }
642}
643
644static int ub_bd_rq_fn_1(struct ub_dev *sc, struct request *rq)
645{
646 struct ub_scsi_cmd *cmd;
647 int rc;
648
649 if (atomic_read(&sc->poison) || sc->changed) {
650 blkdev_dequeue_request(rq);
651 ub_end_rq(rq, 0);
652 return 0;
653 }
654
655 if ((cmd = ub_get_cmd(sc)) == NULL)
656 return -1;
657 memset(cmd, 0, sizeof(struct ub_scsi_cmd));
658
659 blkdev_dequeue_request(rq);
660
661 if (blk_pc_request(rq)) {
662 rc = ub_cmd_build_packet(sc, cmd, rq);
663 } else {
664 rc = ub_cmd_build_block(sc, cmd, rq);
665 }
666 if (rc != 0) {
667 ub_put_cmd(sc, cmd);
668 ub_end_rq(rq, 0);
669 blk_start_queue(sc->disk->queue);
670 return 0;
671 }
672
673 cmd->state = UB_CMDST_INIT;
674 cmd->done = ub_rw_cmd_done;
675 cmd->back = rq;
676
677 cmd->tag = sc->tagcnt++;
678 if ((rc = ub_submit_scsi(sc, cmd)) != 0) {
679 ub_put_cmd(sc, cmd);
680 ub_end_rq(rq, 0);
681 blk_start_queue(sc->disk->queue);
682 return 0;
683 }
684
685 return 0;
686}
687
688static int ub_cmd_build_block(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
689 struct request *rq)
690{
691 int ub_dir;
692#if 0 /* We use rq->buffer for now */
693 struct scatterlist *sg;
694 int n_elem;
695#endif
696 unsigned int block, nblks;
697
698 if (rq_data_dir(rq) == WRITE)
699 ub_dir = UB_DIR_WRITE;
700 else
701 ub_dir = UB_DIR_READ;
702
703 /*
704 * get scatterlist from block layer
705 */
706#if 0 /* We use rq->buffer for now */
707 sg = &cmd->sgv[0];
708 n_elem = blk_rq_map_sg(q, rq, sg);
709 if (n_elem <= 0) {
710 ub_put_cmd(sc, cmd);
711 ub_end_rq(rq, 0);
712 blk_start_queue(q);
713 return 0; /* request with no s/g entries? */
714 }
715
716 if (n_elem != 1) { /* Paranoia */
717 printk(KERN_WARNING "%s: request with %d segments\n",
718 sc->name, n_elem);
719 ub_put_cmd(sc, cmd);
720 ub_end_rq(rq, 0);
721 blk_start_queue(q);
722 return 0;
723 }
724#endif
725
726 /*
727 * XXX Unfortunately, this check does not work. It is quite possible
728 * to get bogus non-null rq->buffer if you allow sg by mistake.
729 */
730 if (rq->buffer == NULL) {
731 /*
732 * This must not happen if we set the queue right.
733 * The block level must create bounce buffers for us.
734 */
735 static int do_print = 1;
736 if (do_print) {
737 printk(KERN_WARNING "%s: unmapped block request"
738 " flags 0x%lx sectors %lu\n",
739 sc->name, rq->flags, rq->nr_sectors);
740 do_print = 0;
741 }
742 return -1;
743 }
744
745 /*
746 * build the command
747 *
748 * The call to blk_queue_hardsect_size() guarantees that request
749 * is aligned, but it is given in terms of 512 byte units, always.
750 */
751 block = rq->sector >> sc->capacity.bshift;
752 nblks = rq->nr_sectors >> sc->capacity.bshift;
753
754 cmd->cdb[0] = (ub_dir == UB_DIR_READ)? READ_10: WRITE_10;
755 /* 10-byte uses 4 bytes of LBA: 2147483648KB, 2097152MB, 2048GB */
756 cmd->cdb[2] = block >> 24;
757 cmd->cdb[3] = block >> 16;
758 cmd->cdb[4] = block >> 8;
759 cmd->cdb[5] = block;
760 cmd->cdb[7] = nblks >> 8;
761 cmd->cdb[8] = nblks;
762 cmd->cdb_len = 10;
763
764 cmd->dir = ub_dir;
765 cmd->data = rq->buffer;
766 cmd->len = rq->nr_sectors * 512;
767
768 return 0;
769}
770
771static int ub_cmd_build_packet(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
772 struct request *rq)
773{
774
775 if (rq->data_len != 0 && rq->data == NULL) {
776 static int do_print = 1;
777 if (do_print) {
778 printk(KERN_WARNING "%s: unmapped packet request"
779 " flags 0x%lx length %d\n",
780 sc->name, rq->flags, rq->data_len);
781 do_print = 0;
782 }
783 return -1;
784 }
785
786 memcpy(&cmd->cdb, rq->cmd, rq->cmd_len);
787 cmd->cdb_len = rq->cmd_len;
788
789 if (rq->data_len == 0) {
790 cmd->dir = UB_DIR_NONE;
791 } else {
792 if (rq_data_dir(rq) == WRITE)
793 cmd->dir = UB_DIR_WRITE;
794 else
795 cmd->dir = UB_DIR_READ;
796 }
797 cmd->data = rq->data;
798 cmd->len = rq->data_len;
799
800 return 0;
801}
802
803static void ub_rw_cmd_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
804{
805 struct request *rq = cmd->back;
806 struct gendisk *disk = sc->disk;
807 request_queue_t *q = disk->queue;
808 int uptodate;
809
810 if (blk_pc_request(rq)) {
811 /* UB_SENSE_SIZE is smaller than SCSI_SENSE_BUFFERSIZE */
812 memcpy(rq->sense, sc->top_sense, UB_SENSE_SIZE);
813 rq->sense_len = UB_SENSE_SIZE;
814 }
815
816 if (cmd->error == 0)
817 uptodate = 1;
818 else
819 uptodate = 0;
820
821 ub_put_cmd(sc, cmd);
822 ub_end_rq(rq, uptodate);
823 blk_start_queue(q);
824}
825
826static void ub_end_rq(struct request *rq, int uptodate)
827{
828 int rc;
829
830 rc = end_that_request_first(rq, uptodate, rq->hard_nr_sectors);
831 // assert(rc == 0);
832 end_that_request_last(rq);
833}
834
835/*
836 * Submit a regular SCSI operation (not an auto-sense).
837 *
838 * The Iron Law of Good Submit Routine is:
839 * Zero return - callback is done, Nonzero return - callback is not done.
840 * No exceptions.
841 *
842 * Host is assumed locked.
843 *
844 * XXX We only support Bulk for the moment.
845 */
846static int ub_submit_scsi(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
847{
848
849 if (cmd->state != UB_CMDST_INIT ||
850 (cmd->dir != UB_DIR_NONE && cmd->len == 0)) {
851 return -EINVAL;
852 }
853
854 ub_cmdq_add(sc, cmd);
855 /*
856 * We can call ub_scsi_dispatch(sc) right away here, but it's a little
857 * safer to jump to a tasklet, in case upper layers do something silly.
858 */
859 tasklet_schedule(&sc->tasklet);
860 return 0;
861}
862
863/*
864 * Submit the first URB for the queued command.
865 * This function does not deal with queueing in any way.
866 */
867static int ub_scsi_cmd_start(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
868{
869 struct bulk_cb_wrap *bcb;
870 int rc;
871
872 bcb = &sc->work_bcb;
873
874 /*
875 * ``If the allocation length is eighteen or greater, and a device
876 * server returns less than eithteen bytes of data, the application
877 * client should assume that the bytes not transferred would have been
878 * zeroes had the device server returned those bytes.''
879 *
880 * We zero sense for all commands so that when a packet request
881 * fails it does not return a stale sense.
882 */
883 memset(&sc->top_sense, 0, UB_SENSE_SIZE);
884
885 /* set up the command wrapper */
886 bcb->Signature = cpu_to_le32(US_BULK_CB_SIGN);
887 bcb->Tag = cmd->tag; /* Endianness is not important */
888 bcb->DataTransferLength = cpu_to_le32(cmd->len);
889 bcb->Flags = (cmd->dir == UB_DIR_READ) ? 0x80 : 0;
890 bcb->Lun = 0; /* No multi-LUN yet */
891 bcb->Length = cmd->cdb_len;
892
893 /* copy the command payload */
894 memcpy(bcb->CDB, cmd->cdb, UB_MAX_CDB_SIZE);
895
896 UB_INIT_COMPLETION(sc->work_done);
897
898 sc->last_pipe = sc->send_bulk_pipe;
899 usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->send_bulk_pipe,
900 bcb, US_BULK_CB_WRAP_LEN, ub_urb_complete, sc);
901 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
902
903 /* Fill what we shouldn't be filling, because usb-storage did so. */
904 sc->work_urb.actual_length = 0;
905 sc->work_urb.error_count = 0;
906 sc->work_urb.status = 0;
907
908 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
909 /* XXX Clear stalls */
910 printk("ub: cmd #%d start failed (%d)\n", cmd->tag, rc); /* P3 */
911 ub_complete(&sc->work_done);
912 return rc;
913 }
914
915 sc->work_timer.expires = jiffies + UB_URB_TIMEOUT;
916 add_timer(&sc->work_timer);
917
918 cmd->state = UB_CMDST_CMD;
919 ub_cmdtr_state(sc, cmd);
920 return 0;
921}
922
923/*
924 * Timeout handler.
925 */
926static void ub_urb_timeout(unsigned long arg)
927{
928 struct ub_dev *sc = (struct ub_dev *) arg;
929 unsigned long flags;
930
931 spin_lock_irqsave(&sc->lock, flags);
932 usb_unlink_urb(&sc->work_urb);
933 spin_unlock_irqrestore(&sc->lock, flags);
934}
935
936/*
937 * Completion routine for the work URB.
938 *
939 * This can be called directly from usb_submit_urb (while we have
940 * the sc->lock taken) and from an interrupt (while we do NOT have
941 * the sc->lock taken). Therefore, bounce this off to a tasklet.
942 */
943static void ub_urb_complete(struct urb *urb, struct pt_regs *pt)
944{
945 struct ub_dev *sc = urb->context;
946
947 ub_complete(&sc->work_done);
948 tasklet_schedule(&sc->tasklet);
949}
950
951static void ub_scsi_action(unsigned long _dev)
952{
953 struct ub_dev *sc = (struct ub_dev *) _dev;
954 unsigned long flags;
955
956 spin_lock_irqsave(&sc->lock, flags);
957 del_timer(&sc->work_timer);
958 ub_scsi_dispatch(sc);
959 spin_unlock_irqrestore(&sc->lock, flags);
960}
961
962static void ub_scsi_dispatch(struct ub_dev *sc)
963{
964 struct ub_scsi_cmd *cmd;
965 int rc;
966
967 while ((cmd = ub_cmdq_peek(sc)) != NULL) {
968 if (cmd->state == UB_CMDST_DONE) {
969 ub_cmdq_pop(sc);
970 (*cmd->done)(sc, cmd);
971 } else if (cmd->state == UB_CMDST_INIT) {
972 ub_cmdtr_new(sc, cmd);
973 if ((rc = ub_scsi_cmd_start(sc, cmd)) == 0)
974 break;
975 cmd->error = rc;
976 cmd->state = UB_CMDST_DONE;
977 ub_cmdtr_state(sc, cmd);
978 } else {
979 if (!ub_is_completed(&sc->work_done))
980 break;
981 ub_scsi_urb_compl(sc, cmd);
982 }
983 }
984}
985
986static void ub_scsi_urb_compl(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
987{
988 struct urb *urb = &sc->work_urb;
989 struct bulk_cs_wrap *bcs;
990 int pipe;
991 int rc;
992
993 if (atomic_read(&sc->poison)) {
994 /* A little too simplistic, I feel... */
995 goto Bad_End;
996 }
997
998 if (cmd->state == UB_CMDST_CLEAR) {
999 if (urb->status == -EPIPE) {
1000 /*
1001 * STALL while clearning STALL.
1002 * The control pipe clears itself - nothing to do.
1003 * XXX Might try to reset the device here and retry.
1004 */
1005 printk(KERN_NOTICE "%s: "
1006 "stall on control pipe for device %u\n",
1007 sc->name, sc->dev->devnum);
1008 goto Bad_End;
1009 }
1010
1011 /*
1012 * We ignore the result for the halt clear.
1013 */
1014
1015 /* reset the endpoint toggle */
1016 usb_settoggle(sc->dev, usb_pipeendpoint(sc->last_pipe),
1017 usb_pipeout(sc->last_pipe), 0);
1018
1019 ub_state_sense(sc, cmd);
1020
1021 } else if (cmd->state == UB_CMDST_CLR2STS) {
1022 if (urb->status == -EPIPE) {
1023 /*
1024 * STALL while clearning STALL.
1025 * The control pipe clears itself - nothing to do.
1026 * XXX Might try to reset the device here and retry.
1027 */
1028 printk(KERN_NOTICE "%s: "
1029 "stall on control pipe for device %u\n",
1030 sc->name, sc->dev->devnum);
1031 goto Bad_End;
1032 }
1033
1034 /*
1035 * We ignore the result for the halt clear.
1036 */
1037
1038 /* reset the endpoint toggle */
1039 usb_settoggle(sc->dev, usb_pipeendpoint(sc->last_pipe),
1040 usb_pipeout(sc->last_pipe), 0);
1041
1042 ub_state_stat(sc, cmd);
1043
1044 } else if (cmd->state == UB_CMDST_CMD) {
1045 if (urb->status == -EPIPE) {
1046 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1047 if (rc != 0) {
1048 printk(KERN_NOTICE "%s: "
1049 "unable to submit clear for device %u"
1050 " (code %d)\n",
1051 sc->name, sc->dev->devnum, rc);
1052 /*
1053 * This is typically ENOMEM or some other such shit.
1054 * Retrying is pointless. Just do Bad End on it...
1055 */
1056 goto Bad_End;
1057 }
1058 cmd->state = UB_CMDST_CLEAR;
1059 ub_cmdtr_state(sc, cmd);
1060 return;
1061 }
1062 if (urb->status != 0) {
1063 printk("ub: cmd #%d cmd status (%d)\n", cmd->tag, urb->status); /* P3 */
1064 goto Bad_End;
1065 }
1066 if (urb->actual_length != US_BULK_CB_WRAP_LEN) {
1067 printk("ub: cmd #%d xferred %d\n", cmd->tag, urb->actual_length); /* P3 */
1068 /* XXX Must do reset here to unconfuse the device */
1069 goto Bad_End;
1070 }
1071
1072 if (cmd->dir == UB_DIR_NONE) {
1073 ub_state_stat(sc, cmd);
1074 return;
1075 }
1076
1077 UB_INIT_COMPLETION(sc->work_done);
1078
1079 if (cmd->dir == UB_DIR_READ)
1080 pipe = sc->recv_bulk_pipe;
1081 else
1082 pipe = sc->send_bulk_pipe;
1083 sc->last_pipe = pipe;
1084 usb_fill_bulk_urb(&sc->work_urb, sc->dev, pipe,
1085 cmd->data, cmd->len, ub_urb_complete, sc);
1086 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1087 sc->work_urb.actual_length = 0;
1088 sc->work_urb.error_count = 0;
1089 sc->work_urb.status = 0;
1090
1091 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1092 /* XXX Clear stalls */
1093 printk("ub: data #%d submit failed (%d)\n", cmd->tag, rc); /* P3 */
1094 ub_complete(&sc->work_done);
1095 ub_state_done(sc, cmd, rc);
1096 return;
1097 }
1098
1099 sc->work_timer.expires = jiffies + UB_DATA_TIMEOUT;
1100 add_timer(&sc->work_timer);
1101
1102 cmd->state = UB_CMDST_DATA;
1103 ub_cmdtr_state(sc, cmd);
1104
1105 } else if (cmd->state == UB_CMDST_DATA) {
1106 if (urb->status == -EPIPE) {
1107 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1108 if (rc != 0) {
1109 printk(KERN_NOTICE "%s: "
1110 "unable to submit clear for device %u"
1111 " (code %d)\n",
1112 sc->name, sc->dev->devnum, rc);
1113 /*
1114 * This is typically ENOMEM or some other such shit.
1115 * Retrying is pointless. Just do Bad End on it...
1116 */
1117 goto Bad_End;
1118 }
1119 cmd->state = UB_CMDST_CLR2STS;
1120 ub_cmdtr_state(sc, cmd);
1121 return;
1122 }
1123 if (urb->status == -EOVERFLOW) {
1124 /*
1125 * A babble? Failure, but we must transfer CSW now.
1126 */
1127 cmd->error = -EOVERFLOW; /* A cheap trick... */
1128 } else {
1129 if (urb->status != 0)
1130 goto Bad_End;
1131 }
1132
1133 cmd->act_len = urb->actual_length;
1134 ub_cmdtr_act_len(sc, cmd);
1135
1136 ub_state_stat(sc, cmd);
1137
1138 } else if (cmd->state == UB_CMDST_STAT) {
1139 if (urb->status == -EPIPE) {
1140 rc = ub_submit_clear_stall(sc, cmd, sc->last_pipe);
1141 if (rc != 0) {
1142 printk(KERN_NOTICE "%s: "
1143 "unable to submit clear for device %u"
1144 " (code %d)\n",
1145 sc->name, sc->dev->devnum, rc);
1146 /*
1147 * This is typically ENOMEM or some other such shit.
1148 * Retrying is pointless. Just do Bad End on it...
1149 */
1150 goto Bad_End;
1151 }
1152 cmd->state = UB_CMDST_CLEAR;
1153 ub_cmdtr_state(sc, cmd);
1154 return;
1155 }
1156 if (urb->status != 0)
1157 goto Bad_End;
1158
1159 if (urb->actual_length == 0) {
1160 /*
1161 * Some broken devices add unnecessary zero-length
1162 * packets to the end of their data transfers.
1163 * Such packets show up as 0-length CSWs. If we
1164 * encounter such a thing, try to read the CSW again.
1165 */
1166 if (++cmd->stat_count >= 4) {
1167 printk(KERN_NOTICE "%s: "
1168 "unable to get CSW on device %u\n",
1169 sc->name, sc->dev->devnum);
1170 goto Bad_End;
1171 }
1172 __ub_state_stat(sc, cmd);
1173 return;
1174 }
1175
1176 /*
1177 * Check the returned Bulk protocol status.
1178 */
1179
1180 bcs = &sc->work_bcs;
1181 rc = le32_to_cpu(bcs->Residue);
1182 if (rc != cmd->len - cmd->act_len) {
1183 /*
1184 * It is all right to transfer less, the caller has
1185 * to check. But it's not all right if the device
1186 * counts disagree with our counts.
1187 */
1188 /* P3 */ printk("%s: resid %d len %d act %d\n",
1189 sc->name, rc, cmd->len, cmd->act_len);
1190 goto Bad_End;
1191 }
1192
1193#if 0
1194 if (bcs->Signature != cpu_to_le32(US_BULK_CS_SIGN) &&
1195 bcs->Signature != cpu_to_le32(US_BULK_CS_OLYMPUS_SIGN)) {
1196 /* Windows ignores signatures, so do we. */
1197 }
1198#endif
1199
1200 if (bcs->Tag != cmd->tag) {
1201 /*
1202 * This usually happens when we disagree with the
1203 * device's microcode about something. For instance,
1204 * a few of them throw this after timeouts. They buffer
1205 * commands and reply at commands we timed out before.
1206 * Without flushing these replies we loop forever.
1207 */
1208 if (++cmd->stat_count >= 4) {
1209 printk(KERN_NOTICE "%s: "
1210 "tag mismatch orig 0x%x reply 0x%x "
1211 "on device %u\n",
1212 sc->name, cmd->tag, bcs->Tag,
1213 sc->dev->devnum);
1214 goto Bad_End;
1215 }
1216 __ub_state_stat(sc, cmd);
1217 return;
1218 }
1219
1220 switch (bcs->Status) {
1221 case US_BULK_STAT_OK:
1222 break;
1223 case US_BULK_STAT_FAIL:
1224 ub_state_sense(sc, cmd);
1225 return;
1226 case US_BULK_STAT_PHASE:
1227 /* XXX We must reset the transport here */
1228 /* P3 */ printk("%s: status PHASE\n", sc->name);
1229 goto Bad_End;
1230 default:
1231 printk(KERN_INFO "%s: unknown CSW status 0x%x\n",
1232 sc->name, bcs->Status);
1233 goto Bad_End;
1234 }
1235
1236 /* Not zeroing error to preserve a babble indicator */
1237 cmd->state = UB_CMDST_DONE;
1238 ub_cmdtr_state(sc, cmd);
1239 ub_cmdq_pop(sc);
1240 (*cmd->done)(sc, cmd);
1241
1242 } else if (cmd->state == UB_CMDST_SENSE) {
1243 ub_state_done(sc, cmd, -EIO);
1244
1245 } else {
1246 printk(KERN_WARNING "%s: "
1247 "wrong command state %d on device %u\n",
1248 sc->name, cmd->state, sc->dev->devnum);
1249 goto Bad_End;
1250 }
1251 return;
1252
1253Bad_End: /* Little Excel is dead */
1254 ub_state_done(sc, cmd, -EIO);
1255}
1256
1257/*
1258 * Factorization helper for the command state machine:
1259 * Finish the command.
1260 */
1261static void ub_state_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd, int rc)
1262{
1263
1264 cmd->error = rc;
1265 cmd->state = UB_CMDST_DONE;
1266 ub_cmdtr_state(sc, cmd);
1267 ub_cmdq_pop(sc);
1268 (*cmd->done)(sc, cmd);
1269}
1270
1271/*
1272 * Factorization helper for the command state machine:
1273 * Submit a CSW read.
1274 */
1275static void __ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1276{
1277 int rc;
1278
1279 UB_INIT_COMPLETION(sc->work_done);
1280
1281 sc->last_pipe = sc->recv_bulk_pipe;
1282 usb_fill_bulk_urb(&sc->work_urb, sc->dev, sc->recv_bulk_pipe,
1283 &sc->work_bcs, US_BULK_CS_WRAP_LEN, ub_urb_complete, sc);
1284 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1285 sc->work_urb.actual_length = 0;
1286 sc->work_urb.error_count = 0;
1287 sc->work_urb.status = 0;
1288
1289 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1290 /* XXX Clear stalls */
1291 printk("%s: CSW #%d submit failed (%d)\n", sc->name, cmd->tag, rc); /* P3 */
1292 ub_complete(&sc->work_done);
1293 ub_state_done(sc, cmd, rc);
1294 return;
1295 }
1296
1297 sc->work_timer.expires = jiffies + UB_STAT_TIMEOUT;
1298 add_timer(&sc->work_timer);
1299}
1300
1301/*
1302 * Factorization helper for the command state machine:
1303 * Submit a CSW read and go to STAT state.
1304 */
1305static void ub_state_stat(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1306{
1307 __ub_state_stat(sc, cmd);
1308
1309 cmd->stat_count = 0;
1310 cmd->state = UB_CMDST_STAT;
1311 ub_cmdtr_state(sc, cmd);
1312}
1313
1314/*
1315 * Factorization helper for the command state machine:
1316 * Submit a REQUEST SENSE and go to SENSE state.
1317 */
1318static void ub_state_sense(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1319{
1320 struct ub_scsi_cmd *scmd;
1321 int rc;
1322
1323 if (cmd->cdb[0] == REQUEST_SENSE) {
1324 rc = -EPIPE;
1325 goto error;
1326 }
1327
1328 scmd = &sc->top_rqs_cmd;
1329 scmd->cdb[0] = REQUEST_SENSE;
1330 scmd->cdb[4] = UB_SENSE_SIZE;
1331 scmd->cdb_len = 6;
1332 scmd->dir = UB_DIR_READ;
1333 scmd->state = UB_CMDST_INIT;
1334 scmd->data = sc->top_sense;
1335 scmd->len = UB_SENSE_SIZE;
1336 scmd->done = ub_top_sense_done;
1337 scmd->back = cmd;
1338
1339 scmd->tag = sc->tagcnt++;
1340
1341 cmd->state = UB_CMDST_SENSE;
1342 ub_cmdtr_state(sc, cmd);
1343
1344 ub_cmdq_insert(sc, scmd);
1345 return;
1346
1347error:
1348 ub_state_done(sc, cmd, rc);
1349}
1350
1351/*
1352 * A helper for the command's state machine:
1353 * Submit a stall clear.
1354 */
1355static int ub_submit_clear_stall(struct ub_dev *sc, struct ub_scsi_cmd *cmd,
1356 int stalled_pipe)
1357{
1358 int endp;
1359 struct usb_ctrlrequest *cr;
1360 int rc;
1361
1362 endp = usb_pipeendpoint(stalled_pipe);
1363 if (usb_pipein (stalled_pipe))
1364 endp |= USB_DIR_IN;
1365
1366 cr = &sc->work_cr;
1367 cr->bRequestType = USB_RECIP_ENDPOINT;
1368 cr->bRequest = USB_REQ_CLEAR_FEATURE;
1369 cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
1370 cr->wIndex = cpu_to_le16(endp);
1371 cr->wLength = cpu_to_le16(0);
1372
1373 UB_INIT_COMPLETION(sc->work_done);
1374
1375 usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1376 (unsigned char*) cr, NULL, 0, ub_urb_complete, sc);
1377 sc->work_urb.transfer_flags = URB_ASYNC_UNLINK;
1378 sc->work_urb.actual_length = 0;
1379 sc->work_urb.error_count = 0;
1380 sc->work_urb.status = 0;
1381
1382 if ((rc = usb_submit_urb(&sc->work_urb, GFP_ATOMIC)) != 0) {
1383 ub_complete(&sc->work_done);
1384 return rc;
1385 }
1386
1387 sc->work_timer.expires = jiffies + UB_CTRL_TIMEOUT;
1388 add_timer(&sc->work_timer);
1389 return 0;
1390}
1391
1392/*
1393 */
1394static void ub_top_sense_done(struct ub_dev *sc, struct ub_scsi_cmd *scmd)
1395{
1396 unsigned char *sense = scmd->data;
1397 struct ub_scsi_cmd *cmd;
1398
1399 /*
1400 * Ignoring scmd->act_len, because the buffer was pre-zeroed.
1401 */
1402 ub_cmdtr_sense(sc, scmd, sense);
1403
1404 /*
1405 * Find the command which triggered the unit attention or a check,
1406 * save the sense into it, and advance its state machine.
1407 */
1408 if ((cmd = ub_cmdq_peek(sc)) == NULL) {
1409 printk(KERN_WARNING "%s: sense done while idle\n", sc->name);
1410 return;
1411 }
1412 if (cmd != scmd->back) {
1413 printk(KERN_WARNING "%s: "
1414 "sense done for wrong command 0x%x on device %u\n",
1415 sc->name, cmd->tag, sc->dev->devnum);
1416 return;
1417 }
1418 if (cmd->state != UB_CMDST_SENSE) {
1419 printk(KERN_WARNING "%s: "
1420 "sense done with bad cmd state %d on device %u\n",
1421 sc->name, cmd->state, sc->dev->devnum);
1422 return;
1423 }
1424
1425 cmd->key = sense[2] & 0x0F;
1426 cmd->asc = sense[12];
1427 cmd->ascq = sense[13];
1428
1429 ub_scsi_urb_compl(sc, cmd);
1430}
1431
1432#if 0
1433/* Determine what the maximum LUN supported is */
1434int usb_stor_Bulk_max_lun(struct us_data *us)
1435{
1436 int result;
1437
1438 /* issue the command */
1439 result = usb_stor_control_msg(us, us->recv_ctrl_pipe,
1440 US_BULK_GET_MAX_LUN,
1441 USB_DIR_IN | USB_TYPE_CLASS |
1442 USB_RECIP_INTERFACE,
1443 0, us->ifnum, us->iobuf, 1, HZ);
1444
1445 /*
1446 * Some devices (i.e. Iomega Zip100) need this -- apparently
1447 * the bulk pipes get STALLed when the GetMaxLUN request is
1448 * processed. This is, in theory, harmless to all other devices
1449 * (regardless of if they stall or not).
1450 */
1451 if (result < 0) {
1452 usb_stor_clear_halt(us, us->recv_bulk_pipe);
1453 usb_stor_clear_halt(us, us->send_bulk_pipe);
1454 }
1455
1456 US_DEBUGP("GetMaxLUN command result is %d, data is %d\n",
1457 result, us->iobuf[0]);
1458
1459 /* if we have a successful request, return the result */
1460 if (result == 1)
1461 return us->iobuf[0];
1462
1463 /* return the default -- no LUNs */
1464 return 0;
1465}
1466#endif
1467
1468/*
1469 * This is called from a process context.
1470 */
1471static void ub_revalidate(struct ub_dev *sc)
1472{
1473
1474 sc->readonly = 0; /* XXX Query this from the device */
1475
1476 sc->capacity.nsec = 0;
1477 sc->capacity.bsize = 512;
1478 sc->capacity.bshift = 0;
1479
1480 if (ub_sync_tur(sc) != 0)
1481 return; /* Not ready */
1482 sc->changed = 0;
1483
1484 if (ub_sync_read_cap(sc, &sc->capacity) != 0) {
1485 /*
1486 * The retry here means something is wrong, either with the
1487 * device, with the transport, or with our code.
1488 * We keep this because sd.c has retries for capacity.
1489 */
1490 if (ub_sync_read_cap(sc, &sc->capacity) != 0) {
1491 sc->capacity.nsec = 0;
1492 sc->capacity.bsize = 512;
1493 sc->capacity.bshift = 0;
1494 }
1495 }
1496}
1497
1498/*
1499 * The open funcion.
1500 * This is mostly needed to keep refcounting, but also to support
1501 * media checks on removable media drives.
1502 */
1503static int ub_bd_open(struct inode *inode, struct file *filp)
1504{
1505 struct gendisk *disk = inode->i_bdev->bd_disk;
1506 struct ub_dev *sc;
1507 unsigned long flags;
1508 int rc;
1509
1510 if ((sc = disk->private_data) == NULL)
1511 return -ENXIO;
1512 spin_lock_irqsave(&ub_lock, flags);
1513 if (atomic_read(&sc->poison)) {
1514 spin_unlock_irqrestore(&ub_lock, flags);
1515 return -ENXIO;
1516 }
1517 sc->openc++;
1518 spin_unlock_irqrestore(&ub_lock, flags);
1519
1520 /*
1521 * This is a workaround for a specific problem in our block layer.
1522 * In 2.6.9, register_disk duplicates the code from rescan_partitions.
1523 * However, if we do add_disk with a device which persistently reports
1524 * a changed media, add_disk calls register_disk, which does do_open,
1525 * which will call rescan_paritions for changed media. After that,
1526 * register_disk attempts to do it all again and causes double kobject
1527 * registration and a eventually an oops on module removal.
1528 *
1529 * The bottom line is, Al Viro says that we should not allow
1530 * bdev->bd_invalidated to be set when doing add_disk no matter what.
1531 */
1532 if (sc->first_open) {
1533 if (sc->changed) {
1534 sc->first_open = 0;
1535 rc = -ENOMEDIUM;
1536 goto err_open;
1537 }
1538 }
1539
1540 if (sc->removable || sc->readonly)
1541 check_disk_change(inode->i_bdev);
1542
1543 /*
1544 * The sd.c considers ->media_present and ->changed not equivalent,
1545 * under some pretty murky conditions (a failure of READ CAPACITY).
1546 * We may need it one day.
1547 */
1548 if (sc->removable && sc->changed && !(filp->f_flags & O_NDELAY)) {
1549 rc = -ENOMEDIUM;
1550 goto err_open;
1551 }
1552
1553 if (sc->readonly && (filp->f_mode & FMODE_WRITE)) {
1554 rc = -EROFS;
1555 goto err_open;
1556 }
1557
1558 return 0;
1559
1560err_open:
1561 ub_put(sc);
1562 return rc;
1563}
1564
1565/*
1566 */
1567static int ub_bd_release(struct inode *inode, struct file *filp)
1568{
1569 struct gendisk *disk = inode->i_bdev->bd_disk;
1570 struct ub_dev *sc = disk->private_data;
1571
1572 ub_put(sc);
1573 return 0;
1574}
1575
1576/*
1577 * The ioctl interface.
1578 */
1579static int ub_bd_ioctl(struct inode *inode, struct file *filp,
1580 unsigned int cmd, unsigned long arg)
1581{
1582 struct gendisk *disk = inode->i_bdev->bd_disk;
1583 void __user *usermem = (void __user *) arg;
1584
1585 return scsi_cmd_ioctl(filp, disk, cmd, usermem);
1586}
1587
1588/*
1589 * This is called once a new disk was seen by the block layer or by ub_probe().
1590 * The main onjective here is to discover the features of the media such as
1591 * the capacity, read-only status, etc. USB storage generally does not
1592 * need to be spun up, but if we needed it, this would be the place.
1593 *
1594 * This call can sleep.
1595 *
1596 * The return code is not used.
1597 */
1598static int ub_bd_revalidate(struct gendisk *disk)
1599{
1600 struct ub_dev *sc = disk->private_data;
1601
1602 ub_revalidate(sc);
1603 /* This is pretty much a long term P3 */
1604 if (!atomic_read(&sc->poison)) { /* Cover sc->dev */
1605 printk(KERN_INFO "%s: device %u capacity nsec %ld bsize %u\n",
1606 sc->name, sc->dev->devnum,
1607 sc->capacity.nsec, sc->capacity.bsize);
1608 }
1609
1610 /* XXX Support sector size switching like in sr.c */
1611 blk_queue_hardsect_size(disk->queue, sc->capacity.bsize);
1612 set_capacity(disk, sc->capacity.nsec);
1613 // set_disk_ro(sdkp->disk, sc->readonly);
1614
1615 return 0;
1616}
1617
1618/*
1619 * The check is called by the block layer to verify if the media
1620 * is still available. It is supposed to be harmless, lightweight and
1621 * non-intrusive in case the media was not changed.
1622 *
1623 * This call can sleep.
1624 *
1625 * The return code is bool!
1626 */
1627static int ub_bd_media_changed(struct gendisk *disk)
1628{
1629 struct ub_dev *sc = disk->private_data;
1630
1631 if (!sc->removable)
1632 return 0;
1633
1634 /*
1635 * We clean checks always after every command, so this is not
1636 * as dangerous as it looks. If the TEST_UNIT_READY fails here,
1637 * the device is actually not ready with operator or software
1638 * intervention required. One dangerous item might be a drive which
1639 * spins itself down, and come the time to write dirty pages, this
1640 * will fail, then block layer discards the data. Since we never
1641 * spin drives up, such devices simply cannot be used with ub anyway.
1642 */
1643 if (ub_sync_tur(sc) != 0) {
1644 sc->changed = 1;
1645 return 1;
1646 }
1647
1648 return sc->changed;
1649}
1650
1651static struct block_device_operations ub_bd_fops = {
1652 .owner = THIS_MODULE,
1653 .open = ub_bd_open,
1654 .release = ub_bd_release,
1655 .ioctl = ub_bd_ioctl,
1656 .media_changed = ub_bd_media_changed,
1657 .revalidate_disk = ub_bd_revalidate,
1658};
1659
1660/*
1661 * Common ->done routine for commands executed synchronously.
1662 */
1663static void ub_probe_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
1664{
1665 struct completion *cop = cmd->back;
1666 complete(cop);
1667}
1668
1669/*
1670 * Test if the device has a check condition on it, synchronously.
1671 */
1672static int ub_sync_tur(struct ub_dev *sc)
1673{
1674 struct ub_scsi_cmd *cmd;
1675 enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) };
1676 unsigned long flags;
1677 struct completion compl;
1678 int rc;
1679
1680 init_completion(&compl);
1681
1682 rc = -ENOMEM;
1683 if ((cmd = kmalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1684 goto err_alloc;
1685 memset(cmd, 0, ALLOC_SIZE);
1686
1687 cmd->cdb[0] = TEST_UNIT_READY;
1688 cmd->cdb_len = 6;
1689 cmd->dir = UB_DIR_NONE;
1690 cmd->state = UB_CMDST_INIT;
1691 cmd->done = ub_probe_done;
1692 cmd->back = &compl;
1693
1694 spin_lock_irqsave(&sc->lock, flags);
1695 cmd->tag = sc->tagcnt++;
1696
1697 rc = ub_submit_scsi(sc, cmd);
1698 spin_unlock_irqrestore(&sc->lock, flags);
1699
1700 if (rc != 0) {
1701 printk("ub: testing ready: submit error (%d)\n", rc); /* P3 */
1702 goto err_submit;
1703 }
1704
1705 wait_for_completion(&compl);
1706
1707 rc = cmd->error;
1708
1709 if (rc == -EIO && cmd->key != 0) /* Retries for benh's key */
1710 rc = cmd->key;
1711
1712err_submit:
1713 kfree(cmd);
1714err_alloc:
1715 return rc;
1716}
1717
1718/*
1719 * Read the SCSI capacity synchronously (for probing).
1720 */
1721static int ub_sync_read_cap(struct ub_dev *sc, struct ub_capacity *ret)
1722{
1723 struct ub_scsi_cmd *cmd;
1724 char *p;
1725 enum { ALLOC_SIZE = sizeof(struct ub_scsi_cmd) + 8 };
1726 unsigned long flags;
1727 unsigned int bsize, shift;
1728 unsigned long nsec;
1729 struct completion compl;
1730 int rc;
1731
1732 init_completion(&compl);
1733
1734 rc = -ENOMEM;
1735 if ((cmd = kmalloc(ALLOC_SIZE, GFP_KERNEL)) == NULL)
1736 goto err_alloc;
1737 memset(cmd, 0, ALLOC_SIZE);
1738 p = (char *)cmd + sizeof(struct ub_scsi_cmd);
1739
1740 cmd->cdb[0] = 0x25;
1741 cmd->cdb_len = 10;
1742 cmd->dir = UB_DIR_READ;
1743 cmd->state = UB_CMDST_INIT;
1744 cmd->data = p;
1745 cmd->len = 8;
1746 cmd->done = ub_probe_done;
1747 cmd->back = &compl;
1748
1749 spin_lock_irqsave(&sc->lock, flags);
1750 cmd->tag = sc->tagcnt++;
1751
1752 rc = ub_submit_scsi(sc, cmd);
1753 spin_unlock_irqrestore(&sc->lock, flags);
1754
1755 if (rc != 0) {
1756 printk("ub: reading capacity: submit error (%d)\n", rc); /* P3 */
1757 goto err_submit;
1758 }
1759
1760 wait_for_completion(&compl);
1761
1762 if (cmd->error != 0) {
1763 printk("ub: reading capacity: error %d\n", cmd->error); /* P3 */
1764 rc = -EIO;
1765 goto err_read;
1766 }
1767 if (cmd->act_len != 8) {
1768 printk("ub: reading capacity: size %d\n", cmd->act_len); /* P3 */
1769 rc = -EIO;
1770 goto err_read;
1771 }
1772
1773 /* sd.c special-cases sector size of 0 to mean 512. Needed? Safe? */
1774 nsec = be32_to_cpu(*(__be32 *)p) + 1;
1775 bsize = be32_to_cpu(*(__be32 *)(p + 4));
1776 switch (bsize) {
1777 case 512: shift = 0; break;
1778 case 1024: shift = 1; break;
1779 case 2048: shift = 2; break;
1780 case 4096: shift = 3; break;
1781 default:
1782 printk("ub: Bad sector size %u\n", bsize); /* P3 */
1783 rc = -EDOM;
1784 goto err_inv_bsize;
1785 }
1786
1787 ret->bsize = bsize;
1788 ret->bshift = shift;
1789 ret->nsec = nsec << shift;
1790 rc = 0;
1791
1792err_inv_bsize:
1793err_read:
1794err_submit:
1795 kfree(cmd);
1796err_alloc:
1797 return rc;
1798}
1799
1800/*
1801 */
1802static void ub_probe_urb_complete(struct urb *urb, struct pt_regs *pt)
1803{
1804 struct completion *cop = urb->context;
1805 complete(cop);
1806}
1807
1808static void ub_probe_timeout(unsigned long arg)
1809{
1810 struct completion *cop = (struct completion *) arg;
1811 complete(cop);
1812}
1813
1814/*
1815 * Clear initial stalls.
1816 */
1817static int ub_probe_clear_stall(struct ub_dev *sc, int stalled_pipe)
1818{
1819 int endp;
1820 struct usb_ctrlrequest *cr;
1821 struct completion compl;
1822 struct timer_list timer;
1823 int rc;
1824
1825 init_completion(&compl);
1826
1827 endp = usb_pipeendpoint(stalled_pipe);
1828 if (usb_pipein (stalled_pipe))
1829 endp |= USB_DIR_IN;
1830
1831 cr = &sc->work_cr;
1832 cr->bRequestType = USB_RECIP_ENDPOINT;
1833 cr->bRequest = USB_REQ_CLEAR_FEATURE;
1834 cr->wValue = cpu_to_le16(USB_ENDPOINT_HALT);
1835 cr->wIndex = cpu_to_le16(endp);
1836 cr->wLength = cpu_to_le16(0);
1837
1838 usb_fill_control_urb(&sc->work_urb, sc->dev, sc->send_ctrl_pipe,
1839 (unsigned char*) cr, NULL, 0, ub_probe_urb_complete, &compl);
1840 sc->work_urb.transfer_flags = 0;
1841 sc->work_urb.actual_length = 0;
1842 sc->work_urb.error_count = 0;
1843 sc->work_urb.status = 0;
1844
1845 if ((rc = usb_submit_urb(&sc->work_urb, GFP_KERNEL)) != 0) {
1846 printk(KERN_WARNING
1847 "%s: Unable to submit a probe clear (%d)\n", sc->name, rc);
1848 return rc;
1849 }
1850
1851 init_timer(&timer);
1852 timer.function = ub_probe_timeout;
1853 timer.data = (unsigned long) &compl;
1854 timer.expires = jiffies + UB_CTRL_TIMEOUT;
1855 add_timer(&timer);
1856
1857 wait_for_completion(&compl);
1858
1859 del_timer_sync(&timer);
1860 usb_kill_urb(&sc->work_urb);
1861
1862 /* reset the endpoint toggle */
1863 usb_settoggle(sc->dev, endp, usb_pipeout(sc->last_pipe), 0);
1864
1865 return 0;
1866}
1867
1868/*
1869 * Get the pipe settings.
1870 */
1871static int ub_get_pipes(struct ub_dev *sc, struct usb_device *dev,
1872 struct usb_interface *intf)
1873{
1874 struct usb_host_interface *altsetting = intf->cur_altsetting;
1875 struct usb_endpoint_descriptor *ep_in = NULL;
1876 struct usb_endpoint_descriptor *ep_out = NULL;
1877 struct usb_endpoint_descriptor *ep;
1878 int i;
1879
1880 /*
1881 * Find the endpoints we need.
1882 * We are expecting a minimum of 2 endpoints - in and out (bulk).
1883 * We will ignore any others.
1884 */
1885 for (i = 0; i < altsetting->desc.bNumEndpoints; i++) {
1886 ep = &altsetting->endpoint[i].desc;
1887
1888 /* Is it a BULK endpoint? */
1889 if ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1890 == USB_ENDPOINT_XFER_BULK) {
1891 /* BULK in or out? */
1892 if (ep->bEndpointAddress & USB_DIR_IN)
1893 ep_in = ep;
1894 else
1895 ep_out = ep;
1896 }
1897 }
1898
1899 if (ep_in == NULL || ep_out == NULL) {
1900 printk(KERN_NOTICE "%s: device %u failed endpoint check\n",
1901 sc->name, sc->dev->devnum);
1902 return -EIO;
1903 }
1904
1905 /* Calculate and store the pipe values */
1906 sc->send_ctrl_pipe = usb_sndctrlpipe(dev, 0);
1907 sc->recv_ctrl_pipe = usb_rcvctrlpipe(dev, 0);
1908 sc->send_bulk_pipe = usb_sndbulkpipe(dev,
1909 ep_out->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1910 sc->recv_bulk_pipe = usb_rcvbulkpipe(dev,
1911 ep_in->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1912
1913 return 0;
1914}
1915
1916/*
1917 * Probing is done in the process context, which allows us to cheat
1918 * and not to build a state machine for the discovery.
1919 */
1920static int ub_probe(struct usb_interface *intf,
1921 const struct usb_device_id *dev_id)
1922{
1923 struct ub_dev *sc;
1924 request_queue_t *q;
1925 struct gendisk *disk;
1926 int rc;
1927 int i;
1928
1929 rc = -ENOMEM;
1930 if ((sc = kmalloc(sizeof(struct ub_dev), GFP_KERNEL)) == NULL)
1931 goto err_core;
1932 memset(sc, 0, sizeof(struct ub_dev));
1933 spin_lock_init(&sc->lock);
1934 usb_init_urb(&sc->work_urb);
1935 tasklet_init(&sc->tasklet, ub_scsi_action, (unsigned long)sc);
1936 atomic_set(&sc->poison, 0);
1937
1938 init_timer(&sc->work_timer);
1939 sc->work_timer.data = (unsigned long) sc;
1940 sc->work_timer.function = ub_urb_timeout;
1941
1942 ub_init_completion(&sc->work_done);
1943 sc->work_done.done = 1; /* A little yuk, but oh well... */
1944
1945 rc = -ENOSR;
1946 if ((sc->id = ub_id_get()) == -1)
1947 goto err_id;
1948 snprintf(sc->name, 8, DRV_NAME "%c", sc->id + 'a');
1949
1950 sc->dev = interface_to_usbdev(intf);
1951 sc->intf = intf;
1952 // sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
1953
1954 usb_set_intfdata(intf, sc);
1955 usb_get_dev(sc->dev);
1956 // usb_get_intf(sc->intf); /* Do we need this? */
1957
1958 /* XXX Verify that we can handle the device (from descriptors) */
1959
1960 ub_get_pipes(sc, sc->dev, intf);
1961
1962 if (device_create_file(&sc->intf->dev, &dev_attr_diag) != 0)
1963 goto err_diag;
1964
1965 /*
1966 * At this point, all USB initialization is done, do upper layer.
1967 * We really hate halfway initialized structures, so from the
1968 * invariants perspective, this ub_dev is fully constructed at
1969 * this point.
1970 */
1971
1972 /*
1973 * This is needed to clear toggles. It is a problem only if we do
1974 * `rmmod ub && modprobe ub` without disconnects, but we like that.
1975 */
1976 ub_probe_clear_stall(sc, sc->recv_bulk_pipe);
1977 ub_probe_clear_stall(sc, sc->send_bulk_pipe);
1978
1979 /*
1980 * The way this is used by the startup code is a little specific.
1981 * A SCSI check causes a USB stall. Our common case code sees it
1982 * and clears the check, after which the device is ready for use.
1983 * But if a check was not present, any command other than
1984 * TEST_UNIT_READY ends with a lockup (including REQUEST_SENSE).
1985 *
1986 * If we neglect to clear the SCSI check, the first real command fails
1987 * (which is the capacity readout). We clear that and retry, but why
1988 * causing spurious retries for no reason.
1989 *
1990 * Revalidation may start with its own TEST_UNIT_READY, but that one
1991 * has to succeed, so we clear checks with an additional one here.
1992 * In any case it's not our business how revaliadation is implemented.
1993 */
1994 for (i = 0; i < 3; i++) { /* Retries for benh's key */
1995 if ((rc = ub_sync_tur(sc)) <= 0) break;
1996 if (rc != 0x6) break;
1997 msleep(10);
1998 }
1999
2000 sc->removable = 1; /* XXX Query this from the device */
2001 sc->changed = 1; /* ub_revalidate clears only */
2002 sc->first_open = 1;
2003
2004 ub_revalidate(sc);
2005 /* This is pretty much a long term P3 */
2006 printk(KERN_INFO "%s: device %u capacity nsec %ld bsize %u\n",
2007 sc->name, sc->dev->devnum, sc->capacity.nsec, sc->capacity.bsize);
2008
2009 /*
2010 * Just one disk per sc currently, but maybe more.
2011 */
2012 rc = -ENOMEM;
2013 if ((disk = alloc_disk(UB_MINORS_PER_MAJOR)) == NULL)
2014 goto err_diskalloc;
2015
2016 sc->disk = disk;
2017 sprintf(disk->disk_name, DRV_NAME "%c", sc->id + 'a');
2018 sprintf(disk->devfs_name, DEVFS_NAME "/%c", sc->id + 'a');
2019 disk->major = UB_MAJOR;
2020 disk->first_minor = sc->id * UB_MINORS_PER_MAJOR;
2021 disk->fops = &ub_bd_fops;
2022 disk->private_data = sc;
2023 disk->driverfs_dev = &intf->dev;
2024
2025 rc = -ENOMEM;
2026 if ((q = blk_init_queue(ub_bd_rq_fn, &sc->lock)) == NULL)
2027 goto err_blkqinit;
2028
2029 disk->queue = q;
2030
2031 // blk_queue_bounce_limit(q, hba[i]->pdev->dma_mask);
2032 blk_queue_max_hw_segments(q, UB_MAX_REQ_SG);
2033 blk_queue_max_phys_segments(q, UB_MAX_REQ_SG);
2034 // blk_queue_segment_boundary(q, CARM_SG_BOUNDARY);
2035 blk_queue_max_sectors(q, UB_MAX_SECTORS);
2036 blk_queue_hardsect_size(q, sc->capacity.bsize);
2037
2038 /*
2039 * This is a serious infraction, caused by a deficiency in the
2040 * USB sg interface (usb_sg_wait()). We plan to remove this once
2041 * we get mileage on the driver and can justify a change to USB API.
2042 * See blk_queue_bounce_limit() to understand this part.
2043 *
2044 * XXX And I still need to be aware of the DMA mask in the HC.
2045 */
2046 q->bounce_pfn = blk_max_low_pfn;
2047 q->bounce_gfp = GFP_NOIO;
2048
2049 q->queuedata = sc;
2050
2051 set_capacity(disk, sc->capacity.nsec);
2052 if (sc->removable)
2053 disk->flags |= GENHD_FL_REMOVABLE;
2054
2055 add_disk(disk);
2056
2057 return 0;
2058
2059err_blkqinit:
2060 put_disk(disk);
2061err_diskalloc:
2062 device_remove_file(&sc->intf->dev, &dev_attr_diag);
2063err_diag:
2064 usb_set_intfdata(intf, NULL);
2065 // usb_put_intf(sc->intf);
2066 usb_put_dev(sc->dev);
2067 ub_id_put(sc->id);
2068err_id:
2069 kfree(sc);
2070err_core:
2071 return rc;
2072}
2073
2074static void ub_disconnect(struct usb_interface *intf)
2075{
2076 struct ub_dev *sc = usb_get_intfdata(intf);
2077 struct gendisk *disk = sc->disk;
2078 unsigned long flags;
2079
2080 /*
2081 * Prevent ub_bd_release from pulling the rug from under us.
2082 * XXX This is starting to look like a kref.
2083 * XXX Why not to take this ref at probe time?
2084 */
2085 spin_lock_irqsave(&ub_lock, flags);
2086 sc->openc++;
2087 spin_unlock_irqrestore(&ub_lock, flags);
2088
2089 /*
2090 * Fence stall clearnings, operations triggered by unlinkings and so on.
2091 * We do not attempt to unlink any URBs, because we do not trust the
2092 * unlink paths in HC drivers. Also, we get -84 upon disconnect anyway.
2093 */
2094 atomic_set(&sc->poison, 1);
2095
2096 /*
2097 * Blow away queued commands.
2098 *
2099 * Actually, this never works, because before we get here
2100 * the HCD terminates outstanding URB(s). It causes our
2101 * SCSI command queue to advance, commands fail to submit,
2102 * and the whole queue drains. So, we just use this code to
2103 * print warnings.
2104 */
2105 spin_lock_irqsave(&sc->lock, flags);
2106 {
2107 struct ub_scsi_cmd *cmd;
2108 int cnt = 0;
2109 while ((cmd = ub_cmdq_pop(sc)) != NULL) {
2110 cmd->error = -ENOTCONN;
2111 cmd->state = UB_CMDST_DONE;
2112 ub_cmdtr_state(sc, cmd);
2113 ub_cmdq_pop(sc);
2114 (*cmd->done)(sc, cmd);
2115 cnt++;
2116 }
2117 if (cnt != 0) {
2118 printk(KERN_WARNING "%s: "
2119 "%d was queued after shutdown\n", sc->name, cnt);
2120 }
2121 }
2122 spin_unlock_irqrestore(&sc->lock, flags);
2123
2124 /*
2125 * Unregister the upper layer.
2126 */
2127 if (disk->flags & GENHD_FL_UP)
2128 del_gendisk(disk);
2129 /*
2130 * I wish I could do:
2131 * set_bit(QUEUE_FLAG_DEAD, &q->queue_flags);
2132 * As it is, we rely on our internal poisoning and let
2133 * the upper levels to spin furiously failing all the I/O.
2134 */
2135
2136 /*
2137 * Taking a lock on a structure which is about to be freed
2138 * is very nonsensual. Here it is largely a way to do a debug freeze,
2139 * and a bracket which shows where the nonsensual code segment ends.
2140 *
2141 * Testing for -EINPROGRESS is always a bug, so we are bending
2142 * the rules a little.
2143 */
2144 spin_lock_irqsave(&sc->lock, flags);
2145 if (sc->work_urb.status == -EINPROGRESS) { /* janitors: ignore */
2146 printk(KERN_WARNING "%s: "
2147 "URB is active after disconnect\n", sc->name);
2148 }
2149 spin_unlock_irqrestore(&sc->lock, flags);
2150
2151 /*
2152 * There is virtually no chance that other CPU runs times so long
2153 * after ub_urb_complete should have called del_timer, but only if HCD
2154 * didn't forget to deliver a callback on unlink.
2155 */
2156 del_timer_sync(&sc->work_timer);
2157
2158 /*
2159 * At this point there must be no commands coming from anyone
2160 * and no URBs left in transit.
2161 */
2162
2163 device_remove_file(&sc->intf->dev, &dev_attr_diag);
2164 usb_set_intfdata(intf, NULL);
2165 // usb_put_intf(sc->intf);
2166 sc->intf = NULL;
2167 usb_put_dev(sc->dev);
2168 sc->dev = NULL;
2169
2170 ub_put(sc);
2171}
2172
2173static struct usb_driver ub_driver = {
2174 .owner = THIS_MODULE,
2175 .name = "ub",
2176 .probe = ub_probe,
2177 .disconnect = ub_disconnect,
2178 .id_table = ub_usb_ids,
2179};
2180
2181static int __init ub_init(void)
2182{
2183 int rc;
2184
2185 /* P3 */ printk("ub: sizeof ub_scsi_cmd %zu ub_dev %zu\n",
2186 sizeof(struct ub_scsi_cmd), sizeof(struct ub_dev));
2187
2188 if ((rc = register_blkdev(UB_MAJOR, DRV_NAME)) != 0)
2189 goto err_regblkdev;
2190 devfs_mk_dir(DEVFS_NAME);
2191
2192 if ((rc = usb_register(&ub_driver)) != 0)
2193 goto err_register;
2194
2195 return 0;
2196
2197err_register:
2198 devfs_remove(DEVFS_NAME);
2199 unregister_blkdev(UB_MAJOR, DRV_NAME);
2200err_regblkdev:
2201 return rc;
2202}
2203
2204static void __exit ub_exit(void)
2205{
2206 usb_deregister(&ub_driver);
2207
2208 devfs_remove(DEVFS_NAME);
2209 unregister_blkdev(UB_MAJOR, DRV_NAME);
2210}
2211
2212module_init(ub_init);
2213module_exit(ub_exit);
2214
2215MODULE_LICENSE("GPL");