1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Driver for USB Mass Storage compliant devices
4  *
5  * Current development and maintenance by:
6  *   (c) 1999-2003 Matthew Dharm (mdharm-usb@one-eyed-alien.net)
7  *
8  * Developed with the assistance of:
9  *   (c) 2000 David L. Brown, Jr. (usb-storage@davidb.org)
10  *   (c) 2003-2009 Alan Stern (stern@rowland.harvard.edu)
11  *
12  * Initial work by:
13  *   (c) 1999 Michael Gee (michael@linuxspecific.com)
14  *
15  * usb_device_id support by Adam J. Richter (adam@yggdrasil.com):
16  *   (c) 2000 Yggdrasil Computing, Inc.
17  *
18  * This driver is based on the 'USB Mass Storage Class' document. This
19  * describes in detail the protocol used to communicate with such
20  * devices.  Clearly, the designers had SCSI and ATAPI commands in
21  * mind when they created this document.  The commands are all very
22  * similar to commands in the SCSI-II and ATAPI specifications.
23  *
24  * It is important to note that in a number of cases this class
25  * exhibits class-specific exemptions from the USB specification.
26  * Notably the usage of NAK, STALL and ACK differs from the norm, in
27  * that they are used to communicate wait, failed and OK on commands.
28  *
29  * Also, for certain devices, the interrupt endpoint is used to convey
30  * status of a command.
31  */
32 
33 #ifdef CONFIG_USB_STORAGE_DEBUG
34 #define DEBUG
35 #endif
36 
37 #include <linux/sched.h>
38 #include <linux/errno.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41 #include <linux/kthread.h>
42 #include <linux/mutex.h>
43 #include <linux/utsname.h>
44 
45 #include <scsi/scsi.h>
46 #include <scsi/scsi_cmnd.h>
47 #include <scsi/scsi_device.h>
48 
49 #include "usb.h"
50 #include <linux/usb/hcd.h>
51 #include "scsiglue.h"
52 #include "transport.h"
53 #include "protocol.h"
54 #include "debug.h"
55 #include "initializers.h"
56 
57 #include "sierra_ms.h"
58 #include "option_ms.h"
59 
60 #if IS_ENABLED(CONFIG_USB_UAS)
61 #include "uas-detect.h"
62 #endif
63 
64 #define DRV_NAME "usb-storage"
65 
66 /* Some informational data */
67 MODULE_AUTHOR("Matthew Dharm <mdharm-usb@one-eyed-alien.net>");
68 MODULE_DESCRIPTION("USB Mass Storage driver for Linux");
69 MODULE_LICENSE("GPL");
70 
71 static unsigned int delay_use = 1 * MSEC_PER_SEC;
72 
73 /**
74  * parse_delay_str - parse an unsigned decimal integer delay
75  * @str: String to parse.
76  * @ndecimals: Number of decimal to scale up.
77  * @suffix: Suffix string to parse.
78  * @val: Where to store the parsed value.
79  *
80  * Parse an unsigned decimal value in @str, optionally end with @suffix.
81  * Stores the parsed value in @val just as it is if @str ends with @suffix.
82  * Otherwise store the value scale up by 10^(@ndecimal).
83  *
84  * Returns 0 on success, a negative error code otherwise.
85  */
parse_delay_str(const char * str,int ndecimals,const char * suffix,unsigned int * val)86 static int parse_delay_str(const char *str, int ndecimals, const char *suffix,
87 			unsigned int *val)
88 {
89 	int n, n2, l;
90 	char buf[16];
91 
92 	l = strlen(suffix);
93 	n = strlen(str);
94 	if (n > 0 && str[n - 1] == '\n')
95 		--n;
96 	if (n >= l && !strncmp(&str[n - l], suffix, l)) {
97 		n -= l;
98 		n2 = 0;
99 	} else
100 		n2 = ndecimals;
101 
102 	if (n + n2 > sizeof(buf) - 1)
103 		return -EINVAL;
104 
105 	memcpy(buf, str, n);
106 	while (n2-- > 0)
107 		buf[n++] = '0';
108 	buf[n] = 0;
109 
110 	return kstrtouint(buf, 10, val);
111 }
112 
113 /**
114  * format_delay_ms - format an integer value into a delay string
115  * @val: The integer value to format, scaled by 10^(@ndecimals).
116  * @ndecimals: Number of decimal to scale down.
117  * @suffix: Suffix string to format.
118  * @str: Where to store the formatted string.
119  * @size: The size of buffer for @str.
120  *
121  * Format an integer value in @val scale down by 10^(@ndecimals) without @suffix
122  * if @val is divisible by 10^(@ndecimals).
123  * Otherwise format a value in @val just as it is with @suffix
124  *
125  * Returns the number of characters written into @str.
126  */
format_delay_ms(unsigned int val,int ndecimals,const char * suffix,char * str,int size)127 static int format_delay_ms(unsigned int val, int ndecimals, const char *suffix,
128 			char *str, int size)
129 {
130 	u64 delay_ms = val;
131 	unsigned int rem = do_div(delay_ms, int_pow(10, ndecimals));
132 	int ret;
133 
134 	if (rem)
135 		ret = scnprintf(str, size, "%u%s\n", val, suffix);
136 	else
137 		ret = scnprintf(str, size, "%u\n", (unsigned int)delay_ms);
138 	return ret;
139 }
140 
delay_use_set(const char * s,const struct kernel_param * kp)141 static int delay_use_set(const char *s, const struct kernel_param *kp)
142 {
143 	unsigned int delay_ms;
144 	int ret;
145 
146 	ret = parse_delay_str(skip_spaces(s), 3, "ms", &delay_ms);
147 	if (ret < 0)
148 		return ret;
149 
150 	*((unsigned int *)kp->arg) = delay_ms;
151 	return 0;
152 }
153 
delay_use_get(char * s,const struct kernel_param * kp)154 static int delay_use_get(char *s, const struct kernel_param *kp)
155 {
156 	unsigned int delay_ms = *((unsigned int *)kp->arg);
157 
158 	return format_delay_ms(delay_ms, 3, "ms", s, PAGE_SIZE);
159 }
160 
161 static const struct kernel_param_ops delay_use_ops = {
162 	.set = delay_use_set,
163 	.get = delay_use_get,
164 };
165 module_param_cb(delay_use, &delay_use_ops, &delay_use, 0644);
166 MODULE_PARM_DESC(delay_use, "time to delay before using a new device");
167 
168 static char quirks[128];
169 module_param_string(quirks, quirks, sizeof(quirks), S_IRUGO | S_IWUSR);
170 MODULE_PARM_DESC(quirks, "supplemental list of device IDs and their quirks");
171 
172 
173 /*
174  * The entries in this table correspond, line for line,
175  * with the entries in usb_storage_usb_ids[], defined in usual-tables.c.
176  */
177 
178 /*
179  *The vendor name should be kept at eight characters or less, and
180  * the product name should be kept at 16 characters or less. If a device
181  * has the US_FL_FIX_INQUIRY flag, then the vendor and product names
182  * normally generated by a device through the INQUIRY response will be
183  * taken from this list, and this is the reason for the above size
184  * restriction. However, if the flag is not present, then you
185  * are free to use as many characters as you like.
186  */
187 
188 #define UNUSUAL_DEV(idVendor, idProduct, bcdDeviceMin, bcdDeviceMax, \
189 		    vendor_name, product_name, use_protocol, use_transport, \
190 		    init_function, Flags) \
191 { \
192 	.vendorName = vendor_name,	\
193 	.productName = product_name,	\
194 	.useProtocol = use_protocol,	\
195 	.useTransport = use_transport,	\
196 	.initFunction = init_function,	\
197 }
198 
199 #define COMPLIANT_DEV	UNUSUAL_DEV
200 
201 #define USUAL_DEV(use_protocol, use_transport) \
202 { \
203 	.useProtocol = use_protocol,	\
204 	.useTransport = use_transport,	\
205 }
206 
207 static const struct us_unusual_dev us_unusual_dev_list[] = {
208 #	include "unusual_devs.h"
209 	{ }		/* Terminating entry */
210 };
211 
212 static const struct us_unusual_dev for_dynamic_ids =
213 		USUAL_DEV(USB_SC_SCSI, USB_PR_BULK);
214 
215 #undef UNUSUAL_DEV
216 #undef COMPLIANT_DEV
217 #undef USUAL_DEV
218 
219 #ifdef CONFIG_LOCKDEP
220 
221 static struct lock_class_key us_interface_key[USB_MAXINTERFACES];
222 
us_set_lock_class(struct mutex * mutex,struct usb_interface * intf)223 static void us_set_lock_class(struct mutex *mutex,
224 		struct usb_interface *intf)
225 {
226 	struct usb_device *udev = interface_to_usbdev(intf);
227 	struct usb_host_config *config = udev->actconfig;
228 	int i;
229 
230 	for (i = 0; i < config->desc.bNumInterfaces; i++) {
231 		if (config->interface[i] == intf)
232 			break;
233 	}
234 
235 	BUG_ON(i == config->desc.bNumInterfaces);
236 
237 	lockdep_set_class(mutex, &us_interface_key[i]);
238 }
239 
240 #else
241 
us_set_lock_class(struct mutex * mutex,struct usb_interface * intf)242 static void us_set_lock_class(struct mutex *mutex,
243 		struct usb_interface *intf)
244 {
245 }
246 
247 #endif
248 
249 #ifdef CONFIG_PM	/* Minimal support for suspend and resume */
250 
usb_stor_suspend(struct usb_interface * iface,pm_message_t message)251 int usb_stor_suspend(struct usb_interface *iface, pm_message_t message)
252 {
253 	struct us_data *us = usb_get_intfdata(iface);
254 
255 	/* Wait until no command is running */
256 	mutex_lock(&us->dev_mutex);
257 
258 	if (us->suspend_resume_hook)
259 		(us->suspend_resume_hook)(us, US_SUSPEND);
260 
261 	/*
262 	 * When runtime PM is working, we'll set a flag to indicate
263 	 * whether we should autoresume when a SCSI request arrives.
264 	 */
265 
266 	mutex_unlock(&us->dev_mutex);
267 	return 0;
268 }
269 EXPORT_SYMBOL_GPL(usb_stor_suspend);
270 
usb_stor_resume(struct usb_interface * iface)271 int usb_stor_resume(struct usb_interface *iface)
272 {
273 	struct us_data *us = usb_get_intfdata(iface);
274 
275 	mutex_lock(&us->dev_mutex);
276 
277 	if (us->suspend_resume_hook)
278 		(us->suspend_resume_hook)(us, US_RESUME);
279 
280 	mutex_unlock(&us->dev_mutex);
281 	return 0;
282 }
283 EXPORT_SYMBOL_GPL(usb_stor_resume);
284 
usb_stor_reset_resume(struct usb_interface * iface)285 int usb_stor_reset_resume(struct usb_interface *iface)
286 {
287 	struct us_data *us = usb_get_intfdata(iface);
288 
289 	/* Report the reset to the SCSI core */
290 	usb_stor_report_bus_reset(us);
291 
292 	/*
293 	 * If any of the subdrivers implemented a reinitialization scheme,
294 	 * this is where the callback would be invoked.
295 	 */
296 	return 0;
297 }
298 EXPORT_SYMBOL_GPL(usb_stor_reset_resume);
299 
300 #endif /* CONFIG_PM */
301 
302 /*
303  * The next two routines get called just before and just after
304  * a USB port reset, whether from this driver or a different one.
305  */
306 
usb_stor_pre_reset(struct usb_interface * iface)307 int usb_stor_pre_reset(struct usb_interface *iface)
308 {
309 	struct us_data *us = usb_get_intfdata(iface);
310 
311 	/* Make sure no command runs during the reset */
312 	mutex_lock(&us->dev_mutex);
313 	return 0;
314 }
315 EXPORT_SYMBOL_GPL(usb_stor_pre_reset);
316 
usb_stor_post_reset(struct usb_interface * iface)317 int usb_stor_post_reset(struct usb_interface *iface)
318 {
319 	struct us_data *us = usb_get_intfdata(iface);
320 
321 	/* Report the reset to the SCSI core */
322 	usb_stor_report_bus_reset(us);
323 
324 	/*
325 	 * If any of the subdrivers implemented a reinitialization scheme,
326 	 * this is where the callback would be invoked.
327 	 */
328 
329 	mutex_unlock(&us->dev_mutex);
330 	return 0;
331 }
332 EXPORT_SYMBOL_GPL(usb_stor_post_reset);
333 
334 /*
335  * fill_inquiry_response takes an unsigned char array (which must
336  * be at least 36 characters) and populates the vendor name,
337  * product name, and revision fields. Then the array is copied
338  * into the SCSI command's response buffer (oddly enough
339  * called request_buffer). data_len contains the length of the
340  * data array, which again must be at least 36.
341  */
342 
fill_inquiry_response(struct us_data * us,unsigned char * data,unsigned int data_len)343 void fill_inquiry_response(struct us_data *us, unsigned char *data,
344 		unsigned int data_len)
345 {
346 	if (data_len < 36) /* You lose. */
347 		return;
348 
349 	memset(data+8, ' ', 28);
350 	if (data[0]&0x20) { /*
351 			     * USB device currently not connected. Return
352 			     * peripheral qualifier 001b ("...however, the
353 			     * physical device is not currently connected
354 			     * to this logical unit") and leave vendor and
355 			     * product identification empty. ("If the target
356 			     * does store some of the INQUIRY data on the
357 			     * device, it may return zeros or ASCII spaces
358 			     * (20h) in those fields until the data is
359 			     * available from the device.").
360 			     */
361 	} else {
362 		u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice);
363 		int n;
364 
365 		n = strlen(us->unusual_dev->vendorName);
366 		memcpy(data+8, us->unusual_dev->vendorName, min(8, n));
367 		n = strlen(us->unusual_dev->productName);
368 		memcpy(data+16, us->unusual_dev->productName, min(16, n));
369 
370 		data[32] = 0x30 + ((bcdDevice>>12) & 0x0F);
371 		data[33] = 0x30 + ((bcdDevice>>8) & 0x0F);
372 		data[34] = 0x30 + ((bcdDevice>>4) & 0x0F);
373 		data[35] = 0x30 + ((bcdDevice) & 0x0F);
374 	}
375 
376 	usb_stor_set_xfer_buf(data, data_len, us->srb);
377 }
378 EXPORT_SYMBOL_GPL(fill_inquiry_response);
379 
usb_stor_control_thread(void * __us)380 static int usb_stor_control_thread(void * __us)
381 {
382 	struct us_data *us = (struct us_data *)__us;
383 	struct Scsi_Host *host = us_to_host(us);
384 	struct scsi_cmnd *srb;
385 
386 	for (;;) {
387 		usb_stor_dbg(us, "*** thread sleeping\n");
388 		if (wait_for_completion_interruptible(&us->cmnd_ready))
389 			break;
390 
391 		usb_stor_dbg(us, "*** thread awakened\n");
392 
393 		/* lock the device pointers */
394 		mutex_lock(&(us->dev_mutex));
395 
396 		/* lock access to the state */
397 		scsi_lock(host);
398 
399 		/* When we are called with no command pending, we're done */
400 		srb = us->srb;
401 		if (srb == NULL) {
402 			scsi_unlock(host);
403 			mutex_unlock(&us->dev_mutex);
404 			usb_stor_dbg(us, "-- exiting\n");
405 			break;
406 		}
407 
408 		/* has the command timed out *already* ? */
409 		if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
410 			srb->result = DID_ABORT << 16;
411 			goto SkipForAbort;
412 		}
413 
414 		scsi_unlock(host);
415 
416 		/*
417 		 * reject the command if the direction indicator
418 		 * is UNKNOWN
419 		 */
420 		if (srb->sc_data_direction == DMA_BIDIRECTIONAL) {
421 			usb_stor_dbg(us, "UNKNOWN data direction\n");
422 			srb->result = DID_ERROR << 16;
423 		}
424 
425 		/*
426 		 * reject if target != 0 or if LUN is higher than
427 		 * the maximum known LUN
428 		 */
429 		else if (srb->device->id &&
430 				!(us->fflags & US_FL_SCM_MULT_TARG)) {
431 			usb_stor_dbg(us, "Bad target number (%d:%llu)\n",
432 				     srb->device->id,
433 				     srb->device->lun);
434 			srb->result = DID_BAD_TARGET << 16;
435 		}
436 
437 		else if (srb->device->lun > us->max_lun) {
438 			usb_stor_dbg(us, "Bad LUN (%d:%llu)\n",
439 				     srb->device->id,
440 				     srb->device->lun);
441 			srb->result = DID_BAD_TARGET << 16;
442 		}
443 
444 		/*
445 		 * Handle those devices which need us to fake
446 		 * their inquiry data
447 		 */
448 		else if ((srb->cmnd[0] == INQUIRY) &&
449 			    (us->fflags & US_FL_FIX_INQUIRY)) {
450 			unsigned char data_ptr[36] = {
451 			    0x00, 0x80, 0x02, 0x02,
452 			    0x1F, 0x00, 0x00, 0x00};
453 
454 			usb_stor_dbg(us, "Faking INQUIRY command\n");
455 			fill_inquiry_response(us, data_ptr, 36);
456 			srb->result = SAM_STAT_GOOD;
457 		}
458 
459 		/* we've got a command, let's do it! */
460 		else {
461 			US_DEBUG(usb_stor_show_command(us, srb));
462 			us->proto_handler(srb, us);
463 			usb_mark_last_busy(us->pusb_dev);
464 		}
465 
466 		/* lock access to the state */
467 		scsi_lock(host);
468 
469 		/* was the command aborted? */
470 		if (srb->result == DID_ABORT << 16) {
471 SkipForAbort:
472 			usb_stor_dbg(us, "scsi command aborted\n");
473 			srb = NULL;	/* Don't call scsi_done() */
474 		}
475 
476 		/*
477 		 * If an abort request was received we need to signal that
478 		 * the abort has finished.  The proper test for this is
479 		 * the TIMED_OUT flag, not srb->result == DID_ABORT, because
480 		 * the timeout might have occurred after the command had
481 		 * already completed with a different result code.
482 		 */
483 		if (test_bit(US_FLIDX_TIMED_OUT, &us->dflags)) {
484 			complete(&(us->notify));
485 
486 			/* Allow USB transfers to resume */
487 			clear_bit(US_FLIDX_ABORTING, &us->dflags);
488 			clear_bit(US_FLIDX_TIMED_OUT, &us->dflags);
489 		}
490 
491 		/* finished working on this command */
492 		us->srb = NULL;
493 		scsi_unlock(host);
494 
495 		/* unlock the device pointers */
496 		mutex_unlock(&us->dev_mutex);
497 
498 		/* now that the locks are released, notify the SCSI core */
499 		if (srb) {
500 			usb_stor_dbg(us, "scsi cmd done, result=0x%x\n",
501 					srb->result);
502 			scsi_done_direct(srb);
503 		}
504 	} /* for (;;) */
505 
506 	/* Wait until we are told to stop */
507 	for (;;) {
508 		set_current_state(TASK_INTERRUPTIBLE);
509 		if (kthread_should_stop())
510 			break;
511 		schedule();
512 	}
513 	__set_current_state(TASK_RUNNING);
514 	return 0;
515 }
516 
517 /***********************************************************************
518  * Device probing and disconnecting
519  ***********************************************************************/
520 
521 /* Associate our private data with the USB device */
associate_dev(struct us_data * us,struct usb_interface * intf)522 static int associate_dev(struct us_data *us, struct usb_interface *intf)
523 {
524 	/* Fill in the device-related fields */
525 	us->pusb_dev = interface_to_usbdev(intf);
526 	us->pusb_intf = intf;
527 	us->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
528 	usb_stor_dbg(us, "Vendor: 0x%04x, Product: 0x%04x, Revision: 0x%04x\n",
529 		     le16_to_cpu(us->pusb_dev->descriptor.idVendor),
530 		     le16_to_cpu(us->pusb_dev->descriptor.idProduct),
531 		     le16_to_cpu(us->pusb_dev->descriptor.bcdDevice));
532 	usb_stor_dbg(us, "Interface Subclass: 0x%02x, Protocol: 0x%02x\n",
533 		     intf->cur_altsetting->desc.bInterfaceSubClass,
534 		     intf->cur_altsetting->desc.bInterfaceProtocol);
535 
536 	/* Store our private data in the interface */
537 	usb_set_intfdata(intf, us);
538 
539 	/* Allocate the control/setup and DMA-mapped buffers */
540 	us->cr = kmalloc(sizeof(*us->cr), GFP_KERNEL);
541 	if (!us->cr)
542 		return -ENOMEM;
543 
544 	us->iobuf = usb_alloc_coherent(us->pusb_dev, US_IOBUF_SIZE,
545 			GFP_KERNEL, &us->iobuf_dma);
546 	if (!us->iobuf) {
547 		usb_stor_dbg(us, "I/O buffer allocation failed\n");
548 		return -ENOMEM;
549 	}
550 	return 0;
551 }
552 
553 /* Works only for digits and letters, but small and fast */
554 #define TOLOWER(x) ((x) | 0x20)
555 
556 /* Adjust device flags based on the "quirks=" module parameter */
usb_stor_adjust_quirks(struct usb_device * udev,u64 * fflags)557 void usb_stor_adjust_quirks(struct usb_device *udev, u64 *fflags)
558 {
559 	char *p;
560 	u16 vid = le16_to_cpu(udev->descriptor.idVendor);
561 	u16 pid = le16_to_cpu(udev->descriptor.idProduct);
562 	u64 f = 0;
563 	u64 mask = (US_FL_SANE_SENSE | US_FL_BAD_SENSE |
564 			US_FL_FIX_CAPACITY | US_FL_IGNORE_UAS |
565 			US_FL_CAPACITY_HEURISTICS | US_FL_IGNORE_DEVICE |
566 			US_FL_NOT_LOCKABLE | US_FL_MAX_SECTORS_64 |
567 			US_FL_CAPACITY_OK | US_FL_IGNORE_RESIDUE |
568 			US_FL_SINGLE_LUN | US_FL_NO_WP_DETECT |
569 			US_FL_NO_READ_DISC_INFO | US_FL_NO_READ_CAPACITY_16 |
570 			US_FL_INITIAL_READ10 | US_FL_WRITE_CACHE |
571 			US_FL_NO_ATA_1X | US_FL_NO_REPORT_OPCODES |
572 			US_FL_MAX_SECTORS_240 | US_FL_NO_REPORT_LUNS |
573 			US_FL_ALWAYS_SYNC);
574 
575 	p = quirks;
576 	while (*p) {
577 		/* Each entry consists of VID:PID:flags */
578 		if (vid == simple_strtoul(p, &p, 16) &&
579 				*p == ':' &&
580 				pid == simple_strtoul(p+1, &p, 16) &&
581 				*p == ':')
582 			break;
583 
584 		/* Move forward to the next entry */
585 		while (*p) {
586 			if (*p++ == ',')
587 				break;
588 		}
589 	}
590 	if (!*p)	/* No match */
591 		return;
592 
593 	/* Collect the flags */
594 	while (*++p && *p != ',') {
595 		switch (TOLOWER(*p)) {
596 		case 'a':
597 			f |= US_FL_SANE_SENSE;
598 			break;
599 		case 'b':
600 			f |= US_FL_BAD_SENSE;
601 			break;
602 		case 'c':
603 			f |= US_FL_FIX_CAPACITY;
604 			break;
605 		case 'd':
606 			f |= US_FL_NO_READ_DISC_INFO;
607 			break;
608 		case 'e':
609 			f |= US_FL_NO_READ_CAPACITY_16;
610 			break;
611 		case 'f':
612 			f |= US_FL_NO_REPORT_OPCODES;
613 			break;
614 		case 'g':
615 			f |= US_FL_MAX_SECTORS_240;
616 			break;
617 		case 'h':
618 			f |= US_FL_CAPACITY_HEURISTICS;
619 			break;
620 		case 'i':
621 			f |= US_FL_IGNORE_DEVICE;
622 			break;
623 		case 'j':
624 			f |= US_FL_NO_REPORT_LUNS;
625 			break;
626 		case 'k':
627 			f |= US_FL_NO_SAME;
628 			break;
629 		case 'l':
630 			f |= US_FL_NOT_LOCKABLE;
631 			break;
632 		case 'm':
633 			f |= US_FL_MAX_SECTORS_64;
634 			break;
635 		case 'n':
636 			f |= US_FL_INITIAL_READ10;
637 			break;
638 		case 'o':
639 			f |= US_FL_CAPACITY_OK;
640 			break;
641 		case 'p':
642 			f |= US_FL_WRITE_CACHE;
643 			break;
644 		case 'r':
645 			f |= US_FL_IGNORE_RESIDUE;
646 			break;
647 		case 's':
648 			f |= US_FL_SINGLE_LUN;
649 			break;
650 		case 't':
651 			f |= US_FL_NO_ATA_1X;
652 			break;
653 		case 'u':
654 			f |= US_FL_IGNORE_UAS;
655 			break;
656 		case 'w':
657 			f |= US_FL_NO_WP_DETECT;
658 			break;
659 		case 'y':
660 			f |= US_FL_ALWAYS_SYNC;
661 			break;
662 		/* Ignore unrecognized flag characters */
663 		}
664 	}
665 	*fflags = (*fflags & ~mask) | f;
666 }
667 EXPORT_SYMBOL_GPL(usb_stor_adjust_quirks);
668 
669 /* Get the unusual_devs entries and the string descriptors */
get_device_info(struct us_data * us,const struct usb_device_id * id,const struct us_unusual_dev * unusual_dev)670 static int get_device_info(struct us_data *us, const struct usb_device_id *id,
671 		const struct us_unusual_dev *unusual_dev)
672 {
673 	struct usb_device *dev = us->pusb_dev;
674 	struct usb_interface_descriptor *idesc =
675 		&us->pusb_intf->cur_altsetting->desc;
676 	struct device *pdev = &us->pusb_intf->dev;
677 
678 	/* Store the entries */
679 	us->unusual_dev = unusual_dev;
680 	us->subclass = (unusual_dev->useProtocol == USB_SC_DEVICE) ?
681 			idesc->bInterfaceSubClass :
682 			unusual_dev->useProtocol;
683 	us->protocol = (unusual_dev->useTransport == USB_PR_DEVICE) ?
684 			idesc->bInterfaceProtocol :
685 			unusual_dev->useTransport;
686 	us->fflags = id->driver_info;
687 	usb_stor_adjust_quirks(us->pusb_dev, &us->fflags);
688 
689 	if (us->fflags & US_FL_IGNORE_DEVICE) {
690 		dev_info(pdev, "device ignored\n");
691 		return -ENODEV;
692 	}
693 
694 	/*
695 	 * This flag is only needed when we're in high-speed, so let's
696 	 * disable it if we're in full-speed
697 	 */
698 	if (dev->speed != USB_SPEED_HIGH)
699 		us->fflags &= ~US_FL_GO_SLOW;
700 
701 	if (us->fflags)
702 		dev_info(pdev, "Quirks match for vid %04x pid %04x: %llx\n",
703 				le16_to_cpu(dev->descriptor.idVendor),
704 				le16_to_cpu(dev->descriptor.idProduct),
705 				us->fflags);
706 
707 	/*
708 	 * Log a message if a non-generic unusual_dev entry contains an
709 	 * unnecessary subclass or protocol override.  This may stimulate
710 	 * reports from users that will help us remove unneeded entries
711 	 * from the unusual_devs.h table.
712 	 */
713 	if (id->idVendor || id->idProduct) {
714 		static const char *msgs[3] = {
715 			"an unneeded SubClass entry",
716 			"an unneeded Protocol entry",
717 			"unneeded SubClass and Protocol entries"};
718 		struct usb_device_descriptor *ddesc = &dev->descriptor;
719 		int msg = -1;
720 
721 		if (unusual_dev->useProtocol != USB_SC_DEVICE &&
722 			us->subclass == idesc->bInterfaceSubClass)
723 			msg += 1;
724 		if (unusual_dev->useTransport != USB_PR_DEVICE &&
725 			us->protocol == idesc->bInterfaceProtocol)
726 			msg += 2;
727 		if (msg >= 0 && !(us->fflags & US_FL_NEED_OVERRIDE))
728 			dev_notice(pdev, "This device "
729 					"(%04x,%04x,%04x S %02x P %02x)"
730 					" has %s in unusual_devs.h (kernel"
731 					" %s)\n"
732 					"   Please send a copy of this message to "
733 					"<linux-usb@vger.kernel.org> and "
734 					"<usb-storage@lists.one-eyed-alien.net>\n",
735 					le16_to_cpu(ddesc->idVendor),
736 					le16_to_cpu(ddesc->idProduct),
737 					le16_to_cpu(ddesc->bcdDevice),
738 					idesc->bInterfaceSubClass,
739 					idesc->bInterfaceProtocol,
740 					msgs[msg],
741 					utsname()->release);
742 	}
743 
744 	return 0;
745 }
746 
747 /* Get the transport settings */
get_transport(struct us_data * us)748 static void get_transport(struct us_data *us)
749 {
750 	switch (us->protocol) {
751 	case USB_PR_CB:
752 		us->transport_name = "Control/Bulk";
753 		us->transport = usb_stor_CB_transport;
754 		us->transport_reset = usb_stor_CB_reset;
755 		us->max_lun = 7;
756 		break;
757 
758 	case USB_PR_CBI:
759 		us->transport_name = "Control/Bulk/Interrupt";
760 		us->transport = usb_stor_CB_transport;
761 		us->transport_reset = usb_stor_CB_reset;
762 		us->max_lun = 7;
763 		break;
764 
765 	case USB_PR_BULK:
766 		us->transport_name = "Bulk";
767 		us->transport = usb_stor_Bulk_transport;
768 		us->transport_reset = usb_stor_Bulk_reset;
769 		break;
770 	}
771 }
772 
773 /* Get the protocol settings */
get_protocol(struct us_data * us)774 static void get_protocol(struct us_data *us)
775 {
776 	switch (us->subclass) {
777 	case USB_SC_RBC:
778 		us->protocol_name = "Reduced Block Commands (RBC)";
779 		us->proto_handler = usb_stor_transparent_scsi_command;
780 		break;
781 
782 	case USB_SC_8020:
783 		us->protocol_name = "8020i";
784 		us->proto_handler = usb_stor_pad12_command;
785 		us->max_lun = 0;
786 		break;
787 
788 	case USB_SC_QIC:
789 		us->protocol_name = "QIC-157";
790 		us->proto_handler = usb_stor_pad12_command;
791 		us->max_lun = 0;
792 		break;
793 
794 	case USB_SC_8070:
795 		us->protocol_name = "8070i";
796 		us->proto_handler = usb_stor_pad12_command;
797 		us->max_lun = 0;
798 		break;
799 
800 	case USB_SC_SCSI:
801 		us->protocol_name = "Transparent SCSI";
802 		us->proto_handler = usb_stor_transparent_scsi_command;
803 		break;
804 
805 	case USB_SC_UFI:
806 		us->protocol_name = "Uniform Floppy Interface (UFI)";
807 		us->proto_handler = usb_stor_ufi_command;
808 		break;
809 	}
810 }
811 
812 /* Get the pipe settings */
get_pipes(struct us_data * us)813 static int get_pipes(struct us_data *us)
814 {
815 	struct usb_host_interface *alt = us->pusb_intf->cur_altsetting;
816 	struct usb_endpoint_descriptor *ep_in;
817 	struct usb_endpoint_descriptor *ep_out;
818 	struct usb_endpoint_descriptor *ep_int;
819 	int res;
820 
821 	/*
822 	 * Find the first endpoint of each type we need.
823 	 * We are expecting a minimum of 2 endpoints - in and out (bulk).
824 	 * An optional interrupt-in is OK (necessary for CBI protocol).
825 	 * We will ignore any others.
826 	 */
827 	res = usb_find_common_endpoints(alt, &ep_in, &ep_out, NULL, NULL);
828 	if (res) {
829 		usb_stor_dbg(us, "bulk endpoints not found\n");
830 		return res;
831 	}
832 
833 	res = usb_find_int_in_endpoint(alt, &ep_int);
834 	if (res && us->protocol == USB_PR_CBI) {
835 		usb_stor_dbg(us, "interrupt endpoint not found\n");
836 		return res;
837 	}
838 
839 	/* Calculate and store the pipe values */
840 	us->send_ctrl_pipe = usb_sndctrlpipe(us->pusb_dev, 0);
841 	us->recv_ctrl_pipe = usb_rcvctrlpipe(us->pusb_dev, 0);
842 	us->send_bulk_pipe = usb_sndbulkpipe(us->pusb_dev,
843 		usb_endpoint_num(ep_out));
844 	us->recv_bulk_pipe = usb_rcvbulkpipe(us->pusb_dev,
845 		usb_endpoint_num(ep_in));
846 	if (ep_int) {
847 		us->recv_intr_pipe = usb_rcvintpipe(us->pusb_dev,
848 			usb_endpoint_num(ep_int));
849 		us->ep_bInterval = ep_int->bInterval;
850 	}
851 	return 0;
852 }
853 
854 /* Initialize all the dynamic resources we need */
usb_stor_acquire_resources(struct us_data * us)855 static int usb_stor_acquire_resources(struct us_data *us)
856 {
857 	int p;
858 	struct task_struct *th;
859 
860 	us->current_urb = usb_alloc_urb(0, GFP_KERNEL);
861 	if (!us->current_urb)
862 		return -ENOMEM;
863 
864 	/*
865 	 * Just before we start our control thread, initialize
866 	 * the device if it needs initialization
867 	 */
868 	if (us->unusual_dev->initFunction) {
869 		p = us->unusual_dev->initFunction(us);
870 		if (p)
871 			return p;
872 	}
873 
874 	/* Start up our control thread */
875 	th = kthread_run(usb_stor_control_thread, us, "usb-storage");
876 	if (IS_ERR(th)) {
877 		dev_warn(&us->pusb_intf->dev,
878 				"Unable to start control thread\n");
879 		return PTR_ERR(th);
880 	}
881 	us->ctl_thread = th;
882 
883 	return 0;
884 }
885 
886 /* Release all our dynamic resources */
usb_stor_release_resources(struct us_data * us)887 static void usb_stor_release_resources(struct us_data *us)
888 {
889 	/*
890 	 * Tell the control thread to exit.  The SCSI host must
891 	 * already have been removed and the DISCONNECTING flag set
892 	 * so that we won't accept any more commands.
893 	 */
894 	usb_stor_dbg(us, "-- sending exit command to thread\n");
895 	complete(&us->cmnd_ready);
896 	if (us->ctl_thread)
897 		kthread_stop(us->ctl_thread);
898 
899 	/* Call the destructor routine, if it exists */
900 	if (us->extra_destructor) {
901 		usb_stor_dbg(us, "-- calling extra_destructor()\n");
902 		us->extra_destructor(us->extra);
903 	}
904 
905 	/* Free the extra data and the URB */
906 	kfree(us->extra);
907 	usb_free_urb(us->current_urb);
908 }
909 
910 /* Dissociate from the USB device */
dissociate_dev(struct us_data * us)911 static void dissociate_dev(struct us_data *us)
912 {
913 	/* Free the buffers */
914 	kfree(us->cr);
915 	usb_free_coherent(us->pusb_dev, US_IOBUF_SIZE, us->iobuf, us->iobuf_dma);
916 
917 	/* Remove our private data from the interface */
918 	usb_set_intfdata(us->pusb_intf, NULL);
919 }
920 
921 /*
922  * First stage of disconnect processing: stop SCSI scanning,
923  * remove the host, and stop accepting new commands
924  */
quiesce_and_remove_host(struct us_data * us)925 static void quiesce_and_remove_host(struct us_data *us)
926 {
927 	struct Scsi_Host *host = us_to_host(us);
928 
929 	/* If the device is really gone, cut short reset delays */
930 	if (us->pusb_dev->state == USB_STATE_NOTATTACHED) {
931 		set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
932 		wake_up(&us->delay_wait);
933 	}
934 
935 	/*
936 	 * Prevent SCSI scanning (if it hasn't started yet)
937 	 * or wait for the SCSI-scanning routine to stop.
938 	 */
939 	cancel_delayed_work_sync(&us->scan_dwork);
940 
941 	/* Balance autopm calls if scanning was cancelled */
942 	if (test_bit(US_FLIDX_SCAN_PENDING, &us->dflags))
943 		usb_autopm_put_interface_no_suspend(us->pusb_intf);
944 
945 	/*
946 	 * Removing the host will perform an orderly shutdown: caches
947 	 * synchronized, disks spun down, etc.
948 	 */
949 	scsi_remove_host(host);
950 
951 	/*
952 	 * Prevent any new commands from being accepted and cut short
953 	 * reset delays.
954 	 */
955 	scsi_lock(host);
956 	set_bit(US_FLIDX_DISCONNECTING, &us->dflags);
957 	scsi_unlock(host);
958 	wake_up(&us->delay_wait);
959 }
960 
961 /* Second stage of disconnect processing: deallocate all resources */
release_everything(struct us_data * us)962 static void release_everything(struct us_data *us)
963 {
964 	usb_stor_release_resources(us);
965 	dissociate_dev(us);
966 
967 	/*
968 	 * Drop our reference to the host; the SCSI core will free it
969 	 * (and "us" along with it) when the refcount becomes 0.
970 	 */
971 	scsi_host_put(us_to_host(us));
972 }
973 
974 /* Delayed-work routine to carry out SCSI-device scanning */
usb_stor_scan_dwork(struct work_struct * work)975 static void usb_stor_scan_dwork(struct work_struct *work)
976 {
977 	struct us_data *us = container_of(work, struct us_data,
978 			scan_dwork.work);
979 	struct device *dev = &us->pusb_intf->dev;
980 
981 	dev_dbg(dev, "starting scan\n");
982 
983 	/* For bulk-only devices, determine the max LUN value */
984 	if (us->protocol == USB_PR_BULK &&
985 	    !(us->fflags & US_FL_SINGLE_LUN) &&
986 	    !(us->fflags & US_FL_SCM_MULT_TARG)) {
987 		mutex_lock(&us->dev_mutex);
988 		us->max_lun = usb_stor_Bulk_max_lun(us);
989 		/*
990 		 * Allow proper scanning of devices that present more than 8 LUNs
991 		 * While not affecting other devices that may need the previous
992 		 * behavior
993 		 */
994 		if (us->max_lun >= 8)
995 			us_to_host(us)->max_lun = us->max_lun+1;
996 		mutex_unlock(&us->dev_mutex);
997 	}
998 	scsi_scan_host(us_to_host(us));
999 	dev_dbg(dev, "scan complete\n");
1000 
1001 	/* Should we unbind if no devices were detected? */
1002 
1003 	usb_autopm_put_interface(us->pusb_intf);
1004 	clear_bit(US_FLIDX_SCAN_PENDING, &us->dflags);
1005 }
1006 
usb_stor_sg_tablesize(struct usb_interface * intf)1007 static unsigned int usb_stor_sg_tablesize(struct usb_interface *intf)
1008 {
1009 	struct usb_device *usb_dev = interface_to_usbdev(intf);
1010 
1011 	if (usb_dev->bus->sg_tablesize) {
1012 		return usb_dev->bus->sg_tablesize;
1013 	}
1014 	return SG_ALL;
1015 }
1016 
1017 /* First part of general USB mass-storage probing */
usb_stor_probe1(struct us_data ** pus,struct usb_interface * intf,const struct usb_device_id * id,const struct us_unusual_dev * unusual_dev,const struct scsi_host_template * sht)1018 int usb_stor_probe1(struct us_data **pus,
1019 		struct usb_interface *intf,
1020 		const struct usb_device_id *id,
1021 		const struct us_unusual_dev *unusual_dev,
1022 		const struct scsi_host_template *sht)
1023 {
1024 	struct Scsi_Host *host;
1025 	struct us_data *us;
1026 	int result;
1027 
1028 	dev_info(&intf->dev, "USB Mass Storage device detected\n");
1029 
1030 	/*
1031 	 * Ask the SCSI layer to allocate a host structure, with extra
1032 	 * space at the end for our private us_data structure.
1033 	 */
1034 	host = scsi_host_alloc(sht, sizeof(*us));
1035 	if (!host) {
1036 		dev_warn(&intf->dev, "Unable to allocate the scsi host\n");
1037 		return -ENOMEM;
1038 	}
1039 
1040 	/*
1041 	 * Allow 16-byte CDBs and thus > 2TB
1042 	 */
1043 	host->max_cmd_len = 16;
1044 	host->sg_tablesize = usb_stor_sg_tablesize(intf);
1045 	*pus = us = host_to_us(host);
1046 	mutex_init(&(us->dev_mutex));
1047 	us_set_lock_class(&us->dev_mutex, intf);
1048 	init_completion(&us->cmnd_ready);
1049 	init_completion(&(us->notify));
1050 	init_waitqueue_head(&us->delay_wait);
1051 	INIT_DELAYED_WORK(&us->scan_dwork, usb_stor_scan_dwork);
1052 
1053 	/* Associate the us_data structure with the USB device */
1054 	result = associate_dev(us, intf);
1055 	if (result)
1056 		goto BadDevice;
1057 
1058 	/*
1059 	 * Some USB host controllers can't do DMA; they have to use PIO.
1060 	 * For such controllers we need to make sure the block layer sets
1061 	 * up bounce buffers in addressable memory.
1062 	 */
1063 	if (!hcd_uses_dma(bus_to_hcd(us->pusb_dev->bus)) ||
1064 	    bus_to_hcd(us->pusb_dev->bus)->localmem_pool)
1065 		host->no_highmem = true;
1066 
1067 	/* Get the unusual_devs entries and the descriptors */
1068 	result = get_device_info(us, id, unusual_dev);
1069 	if (result)
1070 		goto BadDevice;
1071 
1072 	/* Get standard transport and protocol settings */
1073 	get_transport(us);
1074 	get_protocol(us);
1075 
1076 	/*
1077 	 * Give the caller a chance to fill in specialized transport
1078 	 * or protocol settings.
1079 	 */
1080 	return 0;
1081 
1082 BadDevice:
1083 	usb_stor_dbg(us, "storage_probe() failed\n");
1084 	release_everything(us);
1085 	return result;
1086 }
1087 EXPORT_SYMBOL_GPL(usb_stor_probe1);
1088 
1089 /* Second part of general USB mass-storage probing */
usb_stor_probe2(struct us_data * us)1090 int usb_stor_probe2(struct us_data *us)
1091 {
1092 	int result;
1093 	struct device *dev = &us->pusb_intf->dev;
1094 
1095 	/* Make sure the transport and protocol have both been set */
1096 	if (!us->transport || !us->proto_handler) {
1097 		result = -ENXIO;
1098 		goto BadDevice;
1099 	}
1100 	usb_stor_dbg(us, "Transport: %s\n", us->transport_name);
1101 	usb_stor_dbg(us, "Protocol: %s\n", us->protocol_name);
1102 
1103 	if (us->fflags & US_FL_SCM_MULT_TARG) {
1104 		/*
1105 		 * SCM eUSCSI bridge devices can have different numbers
1106 		 * of LUNs on different targets; allow all to be probed.
1107 		 */
1108 		us->max_lun = 7;
1109 		/* The eUSCSI itself has ID 7, so avoid scanning that */
1110 		us_to_host(us)->this_id = 7;
1111 		/* max_id is 8 initially, so no need to set it here */
1112 	} else {
1113 		/* In the normal case there is only a single target */
1114 		us_to_host(us)->max_id = 1;
1115 		/*
1116 		 * Like Windows, we won't store the LUN bits in CDB[1] for
1117 		 * SCSI-2 devices using the Bulk-Only transport (even though
1118 		 * this violates the SCSI spec).
1119 		 */
1120 		if (us->transport == usb_stor_Bulk_transport)
1121 			us_to_host(us)->no_scsi2_lun_in_cdb = 1;
1122 	}
1123 
1124 	/* fix for single-lun devices */
1125 	if (us->fflags & US_FL_SINGLE_LUN)
1126 		us->max_lun = 0;
1127 
1128 	/* Find the endpoints and calculate pipe values */
1129 	result = get_pipes(us);
1130 	if (result)
1131 		goto BadDevice;
1132 
1133 	/*
1134 	 * If the device returns invalid data for the first READ(10)
1135 	 * command, indicate the command should be retried.
1136 	 */
1137 	if (us->fflags & US_FL_INITIAL_READ10)
1138 		set_bit(US_FLIDX_REDO_READ10, &us->dflags);
1139 
1140 	/* Acquire all the other resources and add the host */
1141 	result = usb_stor_acquire_resources(us);
1142 	if (result)
1143 		goto BadDevice;
1144 	usb_autopm_get_interface_no_resume(us->pusb_intf);
1145 	snprintf(us->scsi_name, sizeof(us->scsi_name), "usb-storage %s",
1146 					dev_name(&us->pusb_intf->dev));
1147 	result = scsi_add_host(us_to_host(us), dev);
1148 	if (result) {
1149 		dev_warn(dev,
1150 				"Unable to add the scsi host\n");
1151 		goto HostAddErr;
1152 	}
1153 
1154 	/* Submit the delayed_work for SCSI-device scanning */
1155 	set_bit(US_FLIDX_SCAN_PENDING, &us->dflags);
1156 
1157 	if (delay_use > 0)
1158 		dev_dbg(dev, "waiting for device to settle before scanning\n");
1159 	queue_delayed_work(system_freezable_wq, &us->scan_dwork,
1160 			msecs_to_jiffies(delay_use));
1161 	return 0;
1162 
1163 	/* We come here if there are any problems */
1164 HostAddErr:
1165 	usb_autopm_put_interface_no_suspend(us->pusb_intf);
1166 BadDevice:
1167 	usb_stor_dbg(us, "storage_probe() failed\n");
1168 	release_everything(us);
1169 	return result;
1170 }
1171 EXPORT_SYMBOL_GPL(usb_stor_probe2);
1172 
1173 /* Handle a USB mass-storage disconnect */
usb_stor_disconnect(struct usb_interface * intf)1174 void usb_stor_disconnect(struct usb_interface *intf)
1175 {
1176 	struct us_data *us = usb_get_intfdata(intf);
1177 
1178 	quiesce_and_remove_host(us);
1179 	release_everything(us);
1180 }
1181 EXPORT_SYMBOL_GPL(usb_stor_disconnect);
1182 
1183 static struct scsi_host_template usb_stor_host_template;
1184 
1185 /* The main probe routine for standard devices */
storage_probe(struct usb_interface * intf,const struct usb_device_id * id)1186 static int storage_probe(struct usb_interface *intf,
1187 			 const struct usb_device_id *id)
1188 {
1189 	const struct us_unusual_dev *unusual_dev;
1190 	struct us_data *us;
1191 	int result;
1192 	int size;
1193 
1194 	/* If uas is enabled and this device can do uas then ignore it. */
1195 #if IS_ENABLED(CONFIG_USB_UAS)
1196 	if (uas_use_uas_driver(intf, id, NULL))
1197 		return -ENXIO;
1198 #endif
1199 
1200 	/*
1201 	 * If the device isn't standard (is handled by a subdriver
1202 	 * module) then don't accept it.
1203 	 */
1204 	if (usb_usual_ignore_device(intf))
1205 		return -ENXIO;
1206 
1207 	/*
1208 	 * Call the general probe procedures.
1209 	 *
1210 	 * The unusual_dev_list array is parallel to the usb_storage_usb_ids
1211 	 * table, so we use the index of the id entry to find the
1212 	 * corresponding unusual_devs entry.
1213 	 */
1214 
1215 	size = ARRAY_SIZE(us_unusual_dev_list);
1216 	if (id >= usb_storage_usb_ids && id < usb_storage_usb_ids + size) {
1217 		unusual_dev = (id - usb_storage_usb_ids) + us_unusual_dev_list;
1218 	} else {
1219 		unusual_dev = &for_dynamic_ids;
1220 
1221 		dev_dbg(&intf->dev, "Use Bulk-Only transport with the Transparent SCSI protocol for dynamic id: 0x%04x 0x%04x\n",
1222 			id->idVendor, id->idProduct);
1223 	}
1224 
1225 	result = usb_stor_probe1(&us, intf, id, unusual_dev,
1226 				 &usb_stor_host_template);
1227 	if (result)
1228 		return result;
1229 
1230 	/* No special transport or protocol settings in the main module */
1231 
1232 	result = usb_stor_probe2(us);
1233 	return result;
1234 }
1235 
1236 static struct usb_driver usb_storage_driver = {
1237 	.name =		DRV_NAME,
1238 	.probe =	storage_probe,
1239 	.disconnect =	usb_stor_disconnect,
1240 	.suspend =	usb_stor_suspend,
1241 	.resume =	usb_stor_resume,
1242 	.reset_resume =	usb_stor_reset_resume,
1243 	.pre_reset =	usb_stor_pre_reset,
1244 	.post_reset =	usb_stor_post_reset,
1245 	.id_table =	usb_storage_usb_ids,
1246 	.supports_autosuspend = 1,
1247 	.soft_unbind =	1,
1248 };
1249 
1250 module_usb_stor_driver(usb_storage_driver, usb_stor_host_template, DRV_NAME);
1251