Loading...
1/*
2 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
3 * Copyright (C) 1992 Eric Youngdale
4 * Simulate a host adapter with 2 disks attached. Do a lot of checking
5 * to make sure that we are not getting blocks mixed up, and PANIC if
6 * anything out of the ordinary is seen.
7 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
8 *
9 * Copyright (C) 2001 - 2016 Douglas Gilbert
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2, or (at your option)
14 * any later version.
15 *
16 * For documentation see http://sg.danny.cz/sg/sdebug26.html
17 *
18 */
19
20
21#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
22
23#include <linux/module.h>
24
25#include <linux/kernel.h>
26#include <linux/errno.h>
27#include <linux/jiffies.h>
28#include <linux/slab.h>
29#include <linux/types.h>
30#include <linux/string.h>
31#include <linux/genhd.h>
32#include <linux/fs.h>
33#include <linux/init.h>
34#include <linux/proc_fs.h>
35#include <linux/vmalloc.h>
36#include <linux/moduleparam.h>
37#include <linux/scatterlist.h>
38#include <linux/blkdev.h>
39#include <linux/crc-t10dif.h>
40#include <linux/spinlock.h>
41#include <linux/interrupt.h>
42#include <linux/atomic.h>
43#include <linux/hrtimer.h>
44#include <linux/uuid.h>
45#include <linux/t10-pi.h>
46
47#include <net/checksum.h>
48
49#include <asm/unaligned.h>
50
51#include <scsi/scsi.h>
52#include <scsi/scsi_cmnd.h>
53#include <scsi/scsi_device.h>
54#include <scsi/scsi_host.h>
55#include <scsi/scsicam.h>
56#include <scsi/scsi_eh.h>
57#include <scsi/scsi_tcq.h>
58#include <scsi/scsi_dbg.h>
59
60#include "sd.h"
61#include "scsi_logging.h"
62
63/* make sure inq_product_rev string corresponds to this version */
64#define SDEBUG_VERSION "1.86"
65static const char *sdebug_version_date = "20160430";
66
67#define MY_NAME "scsi_debug"
68
69/* Additional Sense Code (ASC) */
70#define NO_ADDITIONAL_SENSE 0x0
71#define LOGICAL_UNIT_NOT_READY 0x4
72#define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
73#define UNRECOVERED_READ_ERR 0x11
74#define PARAMETER_LIST_LENGTH_ERR 0x1a
75#define INVALID_OPCODE 0x20
76#define LBA_OUT_OF_RANGE 0x21
77#define INVALID_FIELD_IN_CDB 0x24
78#define INVALID_FIELD_IN_PARAM_LIST 0x26
79#define UA_RESET_ASC 0x29
80#define UA_CHANGED_ASC 0x2a
81#define TARGET_CHANGED_ASC 0x3f
82#define LUNS_CHANGED_ASCQ 0x0e
83#define INSUFF_RES_ASC 0x55
84#define INSUFF_RES_ASCQ 0x3
85#define POWER_ON_RESET_ASCQ 0x0
86#define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
87#define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
88#define CAPACITY_CHANGED_ASCQ 0x9
89#define SAVING_PARAMS_UNSUP 0x39
90#define TRANSPORT_PROBLEM 0x4b
91#define THRESHOLD_EXCEEDED 0x5d
92#define LOW_POWER_COND_ON 0x5e
93#define MISCOMPARE_VERIFY_ASC 0x1d
94#define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
95#define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
96
97/* Additional Sense Code Qualifier (ASCQ) */
98#define ACK_NAK_TO 0x3
99
100/* Default values for driver parameters */
101#define DEF_NUM_HOST 1
102#define DEF_NUM_TGTS 1
103#define DEF_MAX_LUNS 1
104/* With these defaults, this driver will make 1 host with 1 target
105 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
106 */
107#define DEF_ATO 1
108#define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
109#define DEF_DEV_SIZE_MB 8
110#define DEF_DIF 0
111#define DEF_DIX 0
112#define DEF_D_SENSE 0
113#define DEF_EVERY_NTH 0
114#define DEF_FAKE_RW 0
115#define DEF_GUARD 0
116#define DEF_HOST_LOCK 0
117#define DEF_LBPU 0
118#define DEF_LBPWS 0
119#define DEF_LBPWS10 0
120#define DEF_LBPRZ 1
121#define DEF_LOWEST_ALIGNED 0
122#define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
123#define DEF_NO_LUN_0 0
124#define DEF_NUM_PARTS 0
125#define DEF_OPTS 0
126#define DEF_OPT_BLKS 1024
127#define DEF_PHYSBLK_EXP 0
128#define DEF_PTYPE TYPE_DISK
129#define DEF_REMOVABLE false
130#define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
131#define DEF_SECTOR_SIZE 512
132#define DEF_UNMAP_ALIGNMENT 0
133#define DEF_UNMAP_GRANULARITY 1
134#define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
135#define DEF_UNMAP_MAX_DESC 256
136#define DEF_VIRTUAL_GB 0
137#define DEF_VPD_USE_HOSTNO 1
138#define DEF_WRITESAME_LENGTH 0xFFFF
139#define DEF_STRICT 0
140#define DEF_STATISTICS false
141#define DEF_SUBMIT_QUEUES 1
142#define DEF_UUID_CTL 0
143#define JDELAY_OVERRIDDEN -9999
144
145#define SDEBUG_LUN_0_VAL 0
146
147/* bit mask values for sdebug_opts */
148#define SDEBUG_OPT_NOISE 1
149#define SDEBUG_OPT_MEDIUM_ERR 2
150#define SDEBUG_OPT_TIMEOUT 4
151#define SDEBUG_OPT_RECOVERED_ERR 8
152#define SDEBUG_OPT_TRANSPORT_ERR 16
153#define SDEBUG_OPT_DIF_ERR 32
154#define SDEBUG_OPT_DIX_ERR 64
155#define SDEBUG_OPT_MAC_TIMEOUT 128
156#define SDEBUG_OPT_SHORT_TRANSFER 0x100
157#define SDEBUG_OPT_Q_NOISE 0x200
158#define SDEBUG_OPT_ALL_TSF 0x400
159#define SDEBUG_OPT_RARE_TSF 0x800
160#define SDEBUG_OPT_N_WCE 0x1000
161#define SDEBUG_OPT_RESET_NOISE 0x2000
162#define SDEBUG_OPT_NO_CDB_NOISE 0x4000
163#define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
164 SDEBUG_OPT_RESET_NOISE)
165#define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
166 SDEBUG_OPT_TRANSPORT_ERR | \
167 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
168 SDEBUG_OPT_SHORT_TRANSFER)
169/* When "every_nth" > 0 then modulo "every_nth" commands:
170 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
171 * - a RECOVERED_ERROR is simulated on successful read and write
172 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
173 * - a TRANSPORT_ERROR is simulated on successful read and write
174 * commands if SDEBUG_OPT_TRANSPORT_ERR is set.
175 *
176 * When "every_nth" < 0 then after "- every_nth" commands:
177 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
178 * - a RECOVERED_ERROR is simulated on successful read and write
179 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
180 * - a TRANSPORT_ERROR is simulated on successful read and write
181 * commands if _DEBUG_OPT_TRANSPORT_ERR is set.
182 * This will continue on every subsequent command until some other action
183 * occurs (e.g. the user * writing a new value (other than -1 or 1) to
184 * every_nth via sysfs).
185 */
186
187/* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
188 * priority order. In the subset implemented here lower numbers have higher
189 * priority. The UA numbers should be a sequence starting from 0 with
190 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
191#define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
192#define SDEBUG_UA_BUS_RESET 1
193#define SDEBUG_UA_MODE_CHANGED 2
194#define SDEBUG_UA_CAPACITY_CHANGED 3
195#define SDEBUG_UA_LUNS_CHANGED 4
196#define SDEBUG_UA_MICROCODE_CHANGED 5 /* simulate firmware change */
197#define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
198#define SDEBUG_NUM_UAS 7
199
200/* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
201 * sector on read commands: */
202#define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
203#define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
204
205/* If REPORT LUNS has luns >= 256 it can choose "flat space" (value 1)
206 * or "peripheral device" addressing (value 0) */
207#define SAM2_LUN_ADDRESS_METHOD 0
208
209/* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
210 * (for response) per submit queue at one time. Can be reduced by max_queue
211 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
212 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
213 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
214 * but cannot exceed SDEBUG_CANQUEUE .
215 */
216#define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
217#define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
218#define DEF_CMD_PER_LUN 255
219
220#define F_D_IN 1
221#define F_D_OUT 2
222#define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
223#define F_D_UNKN 8
224#define F_RL_WLUN_OK 0x10
225#define F_SKIP_UA 0x20
226#define F_DELAY_OVERR 0x40
227#define F_SA_LOW 0x80 /* cdb byte 1, bits 4 to 0 */
228#define F_SA_HIGH 0x100 /* as used by variable length cdbs */
229#define F_INV_OP 0x200
230#define F_FAKE_RW 0x400
231#define F_M_ACCESS 0x800 /* media access */
232
233#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
234#define FF_DIRECT_IO (F_M_ACCESS | F_FAKE_RW)
235#define FF_SA (F_SA_HIGH | F_SA_LOW)
236
237#define SDEBUG_MAX_PARTS 4
238
239#define SDEBUG_MAX_CMD_LEN 32
240
241
242struct sdebug_dev_info {
243 struct list_head dev_list;
244 unsigned int channel;
245 unsigned int target;
246 u64 lun;
247 uuid_be lu_name;
248 struct sdebug_host_info *sdbg_host;
249 unsigned long uas_bm[1];
250 atomic_t num_in_q;
251 atomic_t stopped;
252 bool used;
253};
254
255struct sdebug_host_info {
256 struct list_head host_list;
257 struct Scsi_Host *shost;
258 struct device dev;
259 struct list_head dev_info_list;
260};
261
262#define to_sdebug_host(d) \
263 container_of(d, struct sdebug_host_info, dev)
264
265struct sdebug_defer {
266 struct hrtimer hrt;
267 struct execute_work ew;
268 int sqa_idx; /* index of sdebug_queue array */
269 int qc_idx; /* index of sdebug_queued_cmd array within sqa_idx */
270 int issuing_cpu;
271};
272
273struct sdebug_queued_cmd {
274 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
275 * instance indicates this slot is in use.
276 */
277 struct sdebug_defer *sd_dp;
278 struct scsi_cmnd *a_cmnd;
279 unsigned int inj_recovered:1;
280 unsigned int inj_transport:1;
281 unsigned int inj_dif:1;
282 unsigned int inj_dix:1;
283 unsigned int inj_short:1;
284};
285
286struct sdebug_queue {
287 struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
288 unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
289 spinlock_t qc_lock;
290 atomic_t blocked; /* to temporarily stop more being queued */
291};
292
293static atomic_t sdebug_cmnd_count; /* number of incoming commands */
294static atomic_t sdebug_completions; /* count of deferred completions */
295static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
296static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
297
298struct opcode_info_t {
299 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
300 /* for terminating element */
301 u8 opcode; /* if num_attached > 0, preferred */
302 u16 sa; /* service action */
303 u32 flags; /* OR-ed set of SDEB_F_* */
304 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
305 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
306 u8 len_mask[16]; /* len=len_mask[0], then mask for cdb[1]... */
307 /* ignore cdb bytes after position 15 */
308};
309
310/* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
311enum sdeb_opcode_index {
312 SDEB_I_INVALID_OPCODE = 0,
313 SDEB_I_INQUIRY = 1,
314 SDEB_I_REPORT_LUNS = 2,
315 SDEB_I_REQUEST_SENSE = 3,
316 SDEB_I_TEST_UNIT_READY = 4,
317 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
318 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
319 SDEB_I_LOG_SENSE = 7,
320 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
321 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
322 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
323 SDEB_I_START_STOP = 11,
324 SDEB_I_SERV_ACT_IN = 12, /* 12, 16 */
325 SDEB_I_SERV_ACT_OUT = 13, /* 12, 16 */
326 SDEB_I_MAINT_IN = 14,
327 SDEB_I_MAINT_OUT = 15,
328 SDEB_I_VERIFY = 16, /* 10 only */
329 SDEB_I_VARIABLE_LEN = 17,
330 SDEB_I_RESERVE = 18, /* 6, 10 */
331 SDEB_I_RELEASE = 19, /* 6, 10 */
332 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
333 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
334 SDEB_I_ATA_PT = 22, /* 12, 16 */
335 SDEB_I_SEND_DIAG = 23,
336 SDEB_I_UNMAP = 24,
337 SDEB_I_XDWRITEREAD = 25, /* 10 only */
338 SDEB_I_WRITE_BUFFER = 26,
339 SDEB_I_WRITE_SAME = 27, /* 10, 16 */
340 SDEB_I_SYNC_CACHE = 28, /* 10 only */
341 SDEB_I_COMP_WRITE = 29,
342 SDEB_I_LAST_ELEMENT = 30, /* keep this last */
343};
344
345
346static const unsigned char opcode_ind_arr[256] = {
347/* 0x0; 0x0->0x1f: 6 byte cdbs */
348 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
349 0, 0, 0, 0,
350 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
351 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
352 SDEB_I_RELEASE,
353 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
354 SDEB_I_ALLOW_REMOVAL, 0,
355/* 0x20; 0x20->0x3f: 10 byte cdbs */
356 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
357 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
358 0, 0, 0, 0, 0, SDEB_I_SYNC_CACHE, 0, 0,
359 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
360/* 0x40; 0x40->0x5f: 10 byte cdbs */
361 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
362 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
363 0, 0, 0, SDEB_I_XDWRITEREAD, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
364 SDEB_I_RELEASE,
365 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
366/* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
367 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
368 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
369 0, SDEB_I_VARIABLE_LEN,
370/* 0x80; 0x80->0x9f: 16 byte cdbs */
371 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
372 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0, 0, 0, 0, 0,
373 0, 0, 0, SDEB_I_WRITE_SAME, 0, 0, 0, 0,
374 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN, SDEB_I_SERV_ACT_OUT,
375/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
376 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
377 SDEB_I_MAINT_OUT, 0, 0, 0,
378 SDEB_I_READ, SDEB_I_SERV_ACT_OUT, SDEB_I_WRITE, SDEB_I_SERV_ACT_IN,
379 0, 0, 0, 0,
380 0, 0, 0, 0, 0, 0, 0, 0,
381 0, 0, 0, 0, 0, 0, 0, 0,
382/* 0xc0; 0xc0->0xff: vendor specific */
383 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
384 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
385 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
386 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
387};
388
389static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
390static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
391static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
392static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
393static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
394static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
395static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
396static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
397static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
398static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
399static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
400static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
401static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
402static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
403static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
404static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
405static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
406static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
407static int resp_xdwriteread_10(struct scsi_cmnd *, struct sdebug_dev_info *);
408static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
409static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
410
411static const struct opcode_info_t msense_iarr[1] = {
412 {0, 0x1a, 0, F_D_IN, NULL, NULL,
413 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
414};
415
416static const struct opcode_info_t mselect_iarr[1] = {
417 {0, 0x15, 0, F_D_OUT, NULL, NULL,
418 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
419};
420
421static const struct opcode_info_t read_iarr[3] = {
422 {0, 0x28, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(10) */
423 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
424 0, 0, 0, 0} },
425 {0, 0x8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL, /* READ(6) */
426 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
427 {0, 0xa8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(12) */
428 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
429 0xc7, 0, 0, 0, 0} },
430};
431
432static const struct opcode_info_t write_iarr[3] = {
433 {0, 0x2a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 10 */
434 {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
435 0, 0, 0, 0} },
436 {0, 0xa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 6 */
437 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
438 {0, 0xaa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 12 */
439 {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
440 0xc7, 0, 0, 0, 0} },
441};
442
443static const struct opcode_info_t sa_in_iarr[1] = {
444 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
445 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
446 0xff, 0xff, 0xff, 0, 0xc7} },
447};
448
449static const struct opcode_info_t vl_iarr[1] = { /* VARIABLE LENGTH */
450 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_DIRECT_IO, resp_write_dt0,
451 NULL, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0xb, 0xfa,
452 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
453};
454
455static const struct opcode_info_t maint_in_iarr[2] = {
456 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
457 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
458 0xc7, 0, 0, 0, 0} },
459 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
460 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
461 0, 0} },
462};
463
464static const struct opcode_info_t write_same_iarr[1] = {
465 {0, 0x93, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_16, NULL,
466 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
467 0xff, 0xff, 0xff, 0x1f, 0xc7} },
468};
469
470static const struct opcode_info_t reserve_iarr[1] = {
471 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
472 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
473};
474
475static const struct opcode_info_t release_iarr[1] = {
476 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
477 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
478};
479
480
481/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
482 * plus the terminating elements for logic that scans this table such as
483 * REPORT SUPPORTED OPERATION CODES. */
484static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = {
485/* 0 */
486 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,
487 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
488 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL,
489 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
490 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
491 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
492 0, 0} },
493 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
494 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
495 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
496 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
497 {1, 0x5a, 0, F_D_IN, resp_mode_sense, msense_iarr,
498 {10, 0xf8, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
499 0} },
500 {1, 0x55, 0, F_D_OUT, resp_mode_select, mselect_iarr,
501 {10, 0xf1, 0, 0, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
502 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,
503 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
504 0, 0, 0} },
505 {0, 0x25, 0, F_D_IN, resp_readcap, NULL,
506 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
507 0, 0} },
508 {3, 0x88, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, read_iarr,
509 {16, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
510 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* READ(16) */
511/* 10 */
512 {3, 0x8a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, write_iarr,
513 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
514 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* WRITE(16) */
515 {0, 0x1b, 0, 0, resp_start_stop, NULL, /* START STOP UNIT */
516 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
517 {1, 0x9e, 0x10, F_SA_LOW | F_D_IN, resp_readcap16, sa_in_iarr,
518 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
519 0xff, 0xff, 0xff, 0x1, 0xc7} }, /* READ CAPACITY(16) */
520 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* SA OUT */
521 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
522 {2, 0xa3, 0xa, F_SA_LOW | F_D_IN, resp_report_tgtpgs, maint_in_iarr,
523 {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0, 0,
524 0} },
525 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
526 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
527 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, NULL, NULL, /* VERIFY(10) */
528 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7,
529 0, 0, 0, 0, 0, 0} },
530 {1, 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_DIRECT_IO, resp_read_dt0,
531 vl_iarr, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0x9, 0xfe, 0,
532 0xff, 0xff, 0xff, 0xff} },/* VARIABLE LENGTH, READ(32) */
533 {1, 0x56, 0, F_D_OUT, NULL, reserve_iarr, /* RESERVE(10) */
534 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
535 0} },
536 {1, 0x57, 0, F_D_OUT, NULL, release_iarr, /* RELEASE(10) */
537 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
538 0} },
539/* 20 */
540 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
541 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
542 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
543 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
544 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
545 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
546 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
547 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
548 {0, 0x42, 0, F_D_OUT | FF_DIRECT_IO, resp_unmap, NULL, /* UNMAP */
549 {10, 0x1, 0, 0, 0, 0, 0x1f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
550 {0, 0x53, 0, F_D_IN | F_D_OUT | FF_DIRECT_IO, resp_xdwriteread_10,
551 NULL, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7,
552 0, 0, 0, 0, 0, 0} },
553 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
554 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
555 0, 0, 0, 0} }, /* WRITE_BUFFER */
556 {1, 0x41, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_10,
557 write_same_iarr, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff,
558 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
559 {0, 0x35, 0, F_DELAY_OVERR | FF_DIRECT_IO, NULL, NULL, /* SYNC_CACHE */
560 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
561 0, 0, 0, 0} },
562 {0, 0x89, 0, F_D_OUT | FF_DIRECT_IO, resp_comp_write, NULL,
563 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
564 0, 0xff, 0x1f, 0xc7} }, /* COMPARE AND WRITE */
565
566/* 30 */
567 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
568 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
569};
570
571static int sdebug_add_host = DEF_NUM_HOST;
572static int sdebug_ato = DEF_ATO;
573static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
574static int sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
575static int sdebug_dif = DEF_DIF;
576static int sdebug_dix = DEF_DIX;
577static int sdebug_dsense = DEF_D_SENSE;
578static int sdebug_every_nth = DEF_EVERY_NTH;
579static int sdebug_fake_rw = DEF_FAKE_RW;
580static unsigned int sdebug_guard = DEF_GUARD;
581static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
582static int sdebug_max_luns = DEF_MAX_LUNS;
583static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
584static atomic_t retired_max_queue; /* if > 0 then was prior max_queue */
585static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
586static int sdebug_no_lun_0 = DEF_NO_LUN_0;
587static int sdebug_no_uld;
588static int sdebug_num_parts = DEF_NUM_PARTS;
589static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
590static int sdebug_opt_blks = DEF_OPT_BLKS;
591static int sdebug_opts = DEF_OPTS;
592static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
593static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
594static int sdebug_scsi_level = DEF_SCSI_LEVEL;
595static int sdebug_sector_size = DEF_SECTOR_SIZE;
596static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
597static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
598static unsigned int sdebug_lbpu = DEF_LBPU;
599static unsigned int sdebug_lbpws = DEF_LBPWS;
600static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
601static unsigned int sdebug_lbprz = DEF_LBPRZ;
602static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
603static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
604static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
605static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
606static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
607static int sdebug_uuid_ctl = DEF_UUID_CTL;
608static bool sdebug_removable = DEF_REMOVABLE;
609static bool sdebug_clustering;
610static bool sdebug_host_lock = DEF_HOST_LOCK;
611static bool sdebug_strict = DEF_STRICT;
612static bool sdebug_any_injecting_opt;
613static bool sdebug_verbose;
614static bool have_dif_prot;
615static bool sdebug_statistics = DEF_STATISTICS;
616static bool sdebug_mq_active;
617
618static unsigned int sdebug_store_sectors;
619static sector_t sdebug_capacity; /* in sectors */
620
621/* old BIOS stuff, kernel may get rid of them but some mode sense pages
622 may still need them */
623static int sdebug_heads; /* heads per disk */
624static int sdebug_cylinders_per; /* cylinders per surface */
625static int sdebug_sectors_per; /* sectors per cylinder */
626
627static LIST_HEAD(sdebug_host_list);
628static DEFINE_SPINLOCK(sdebug_host_list_lock);
629
630static unsigned char *fake_storep; /* ramdisk storage */
631static struct t10_pi_tuple *dif_storep; /* protection info */
632static void *map_storep; /* provisioning map */
633
634static unsigned long map_size;
635static int num_aborts;
636static int num_dev_resets;
637static int num_target_resets;
638static int num_bus_resets;
639static int num_host_resets;
640static int dix_writes;
641static int dix_reads;
642static int dif_errors;
643
644static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
645static struct sdebug_queue *sdebug_q_arr; /* ptr to array of submit queues */
646
647static DEFINE_RWLOCK(atomic_rw);
648
649static char sdebug_proc_name[] = MY_NAME;
650static const char *my_name = MY_NAME;
651
652static struct bus_type pseudo_lld_bus;
653
654static struct device_driver sdebug_driverfs_driver = {
655 .name = sdebug_proc_name,
656 .bus = &pseudo_lld_bus,
657};
658
659static const int check_condition_result =
660 (DRIVER_SENSE << 24) | SAM_STAT_CHECK_CONDITION;
661
662static const int illegal_condition_result =
663 (DRIVER_SENSE << 24) | (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
664
665static const int device_qfull_result =
666 (DID_OK << 16) | (COMMAND_COMPLETE << 8) | SAM_STAT_TASK_SET_FULL;
667
668
669/* Only do the extra work involved in logical block provisioning if one or
670 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
671 * real reads and writes (i.e. not skipping them for speed).
672 */
673static inline bool scsi_debug_lbp(void)
674{
675 return 0 == sdebug_fake_rw &&
676 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
677}
678
679static void *fake_store(unsigned long long lba)
680{
681 lba = do_div(lba, sdebug_store_sectors);
682
683 return fake_storep + lba * sdebug_sector_size;
684}
685
686static struct t10_pi_tuple *dif_store(sector_t sector)
687{
688 sector = sector_div(sector, sdebug_store_sectors);
689
690 return dif_storep + sector;
691}
692
693static void sdebug_max_tgts_luns(void)
694{
695 struct sdebug_host_info *sdbg_host;
696 struct Scsi_Host *hpnt;
697
698 spin_lock(&sdebug_host_list_lock);
699 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
700 hpnt = sdbg_host->shost;
701 if ((hpnt->this_id >= 0) &&
702 (sdebug_num_tgts > hpnt->this_id))
703 hpnt->max_id = sdebug_num_tgts + 1;
704 else
705 hpnt->max_id = sdebug_num_tgts;
706 /* sdebug_max_luns; */
707 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
708 }
709 spin_unlock(&sdebug_host_list_lock);
710}
711
712enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
713
714/* Set in_bit to -1 to indicate no bit position of invalid field */
715static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
716 enum sdeb_cmd_data c_d,
717 int in_byte, int in_bit)
718{
719 unsigned char *sbuff;
720 u8 sks[4];
721 int sl, asc;
722
723 sbuff = scp->sense_buffer;
724 if (!sbuff) {
725 sdev_printk(KERN_ERR, scp->device,
726 "%s: sense_buffer is NULL\n", __func__);
727 return;
728 }
729 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
730 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
731 scsi_build_sense_buffer(sdebug_dsense, sbuff, ILLEGAL_REQUEST, asc, 0);
732 memset(sks, 0, sizeof(sks));
733 sks[0] = 0x80;
734 if (c_d)
735 sks[0] |= 0x40;
736 if (in_bit >= 0) {
737 sks[0] |= 0x8;
738 sks[0] |= 0x7 & in_bit;
739 }
740 put_unaligned_be16(in_byte, sks + 1);
741 if (sdebug_dsense) {
742 sl = sbuff[7] + 8;
743 sbuff[7] = sl;
744 sbuff[sl] = 0x2;
745 sbuff[sl + 1] = 0x6;
746 memcpy(sbuff + sl + 4, sks, 3);
747 } else
748 memcpy(sbuff + 15, sks, 3);
749 if (sdebug_verbose)
750 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
751 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
752 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
753}
754
755static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
756{
757 unsigned char *sbuff;
758
759 sbuff = scp->sense_buffer;
760 if (!sbuff) {
761 sdev_printk(KERN_ERR, scp->device,
762 "%s: sense_buffer is NULL\n", __func__);
763 return;
764 }
765 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
766
767 scsi_build_sense_buffer(sdebug_dsense, sbuff, key, asc, asq);
768
769 if (sdebug_verbose)
770 sdev_printk(KERN_INFO, scp->device,
771 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
772 my_name, key, asc, asq);
773}
774
775static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
776{
777 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
778}
779
780static int scsi_debug_ioctl(struct scsi_device *dev, int cmd, void __user *arg)
781{
782 if (sdebug_verbose) {
783 if (0x1261 == cmd)
784 sdev_printk(KERN_INFO, dev,
785 "%s: BLKFLSBUF [0x1261]\n", __func__);
786 else if (0x5331 == cmd)
787 sdev_printk(KERN_INFO, dev,
788 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
789 __func__);
790 else
791 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
792 __func__, cmd);
793 }
794 return -EINVAL;
795 /* return -ENOTTY; // correct return but upsets fdisk */
796}
797
798static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
799{
800 struct sdebug_host_info *sdhp;
801 struct sdebug_dev_info *dp;
802
803 spin_lock(&sdebug_host_list_lock);
804 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
805 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
806 if ((devip->sdbg_host == dp->sdbg_host) &&
807 (devip->target == dp->target))
808 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
809 }
810 }
811 spin_unlock(&sdebug_host_list_lock);
812}
813
814static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
815{
816 int k;
817
818 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
819 if (k != SDEBUG_NUM_UAS) {
820 const char *cp = NULL;
821
822 switch (k) {
823 case SDEBUG_UA_POR:
824 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
825 POWER_ON_RESET_ASCQ);
826 if (sdebug_verbose)
827 cp = "power on reset";
828 break;
829 case SDEBUG_UA_BUS_RESET:
830 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
831 BUS_RESET_ASCQ);
832 if (sdebug_verbose)
833 cp = "bus reset";
834 break;
835 case SDEBUG_UA_MODE_CHANGED:
836 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
837 MODE_CHANGED_ASCQ);
838 if (sdebug_verbose)
839 cp = "mode parameters changed";
840 break;
841 case SDEBUG_UA_CAPACITY_CHANGED:
842 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
843 CAPACITY_CHANGED_ASCQ);
844 if (sdebug_verbose)
845 cp = "capacity data changed";
846 break;
847 case SDEBUG_UA_MICROCODE_CHANGED:
848 mk_sense_buffer(scp, UNIT_ATTENTION,
849 TARGET_CHANGED_ASC,
850 MICROCODE_CHANGED_ASCQ);
851 if (sdebug_verbose)
852 cp = "microcode has been changed";
853 break;
854 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
855 mk_sense_buffer(scp, UNIT_ATTENTION,
856 TARGET_CHANGED_ASC,
857 MICROCODE_CHANGED_WO_RESET_ASCQ);
858 if (sdebug_verbose)
859 cp = "microcode has been changed without reset";
860 break;
861 case SDEBUG_UA_LUNS_CHANGED:
862 /*
863 * SPC-3 behavior is to report a UNIT ATTENTION with
864 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
865 * on the target, until a REPORT LUNS command is
866 * received. SPC-4 behavior is to report it only once.
867 * NOTE: sdebug_scsi_level does not use the same
868 * values as struct scsi_device->scsi_level.
869 */
870 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
871 clear_luns_changed_on_target(devip);
872 mk_sense_buffer(scp, UNIT_ATTENTION,
873 TARGET_CHANGED_ASC,
874 LUNS_CHANGED_ASCQ);
875 if (sdebug_verbose)
876 cp = "reported luns data has changed";
877 break;
878 default:
879 pr_warn("unexpected unit attention code=%d\n", k);
880 if (sdebug_verbose)
881 cp = "unknown";
882 break;
883 }
884 clear_bit(k, devip->uas_bm);
885 if (sdebug_verbose)
886 sdev_printk(KERN_INFO, scp->device,
887 "%s reports: Unit attention: %s\n",
888 my_name, cp);
889 return check_condition_result;
890 }
891 return 0;
892}
893
894/* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
895static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
896 int arr_len)
897{
898 int act_len;
899 struct scsi_data_buffer *sdb = scsi_in(scp);
900
901 if (!sdb->length)
902 return 0;
903 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_FROM_DEVICE))
904 return DID_ERROR << 16;
905
906 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
907 arr, arr_len);
908 sdb->resid = scsi_bufflen(scp) - act_len;
909
910 return 0;
911}
912
913/* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
914 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
915 * calls, not required to write in ascending offset order. Assumes resid
916 * set to scsi_bufflen() prior to any calls.
917 */
918static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
919 int arr_len, unsigned int off_dst)
920{
921 int act_len, n;
922 struct scsi_data_buffer *sdb = scsi_in(scp);
923 off_t skip = off_dst;
924
925 if (sdb->length <= off_dst)
926 return 0;
927 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_FROM_DEVICE))
928 return DID_ERROR << 16;
929
930 act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
931 arr, arr_len, skip);
932 pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
933 __func__, off_dst, scsi_bufflen(scp), act_len, sdb->resid);
934 n = (int)scsi_bufflen(scp) - ((int)off_dst + act_len);
935 sdb->resid = min(sdb->resid, n);
936 return 0;
937}
938
939/* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
940 * 'arr' or -1 if error.
941 */
942static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
943 int arr_len)
944{
945 if (!scsi_bufflen(scp))
946 return 0;
947 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_TO_DEVICE))
948 return -1;
949
950 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
951}
952
953
954static const char * inq_vendor_id = "Linux ";
955static const char * inq_product_id = "scsi_debug ";
956static const char *inq_product_rev = "0186"; /* version less '.' */
957/* Use some locally assigned NAAs for SAS addresses. */
958static const u64 naa3_comp_a = 0x3222222000000000ULL;
959static const u64 naa3_comp_b = 0x3333333000000000ULL;
960static const u64 naa3_comp_c = 0x3111111000000000ULL;
961
962/* Device identification VPD page. Returns number of bytes placed in arr */
963static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
964 int target_dev_id, int dev_id_num,
965 const char *dev_id_str, int dev_id_str_len,
966 const uuid_be *lu_name)
967{
968 int num, port_a;
969 char b[32];
970
971 port_a = target_dev_id + 1;
972 /* T10 vendor identifier field format (faked) */
973 arr[0] = 0x2; /* ASCII */
974 arr[1] = 0x1;
975 arr[2] = 0x0;
976 memcpy(&arr[4], inq_vendor_id, 8);
977 memcpy(&arr[12], inq_product_id, 16);
978 memcpy(&arr[28], dev_id_str, dev_id_str_len);
979 num = 8 + 16 + dev_id_str_len;
980 arr[3] = num;
981 num += 4;
982 if (dev_id_num >= 0) {
983 if (sdebug_uuid_ctl) {
984 /* Locally assigned UUID */
985 arr[num++] = 0x1; /* binary (not necessarily sas) */
986 arr[num++] = 0xa; /* PIV=0, lu, naa */
987 arr[num++] = 0x0;
988 arr[num++] = 0x12;
989 arr[num++] = 0x10; /* uuid type=1, locally assigned */
990 arr[num++] = 0x0;
991 memcpy(arr + num, lu_name, 16);
992 num += 16;
993 } else {
994 /* NAA-3, Logical unit identifier (binary) */
995 arr[num++] = 0x1; /* binary (not necessarily sas) */
996 arr[num++] = 0x3; /* PIV=0, lu, naa */
997 arr[num++] = 0x0;
998 arr[num++] = 0x8;
999 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1000 num += 8;
1001 }
1002 /* Target relative port number */
1003 arr[num++] = 0x61; /* proto=sas, binary */
1004 arr[num++] = 0x94; /* PIV=1, target port, rel port */
1005 arr[num++] = 0x0; /* reserved */
1006 arr[num++] = 0x4; /* length */
1007 arr[num++] = 0x0; /* reserved */
1008 arr[num++] = 0x0; /* reserved */
1009 arr[num++] = 0x0;
1010 arr[num++] = 0x1; /* relative port A */
1011 }
1012 /* NAA-3, Target port identifier */
1013 arr[num++] = 0x61; /* proto=sas, binary */
1014 arr[num++] = 0x93; /* piv=1, target port, naa */
1015 arr[num++] = 0x0;
1016 arr[num++] = 0x8;
1017 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1018 num += 8;
1019 /* NAA-3, Target port group identifier */
1020 arr[num++] = 0x61; /* proto=sas, binary */
1021 arr[num++] = 0x95; /* piv=1, target port group id */
1022 arr[num++] = 0x0;
1023 arr[num++] = 0x4;
1024 arr[num++] = 0;
1025 arr[num++] = 0;
1026 put_unaligned_be16(port_group_id, arr + num);
1027 num += 2;
1028 /* NAA-3, Target device identifier */
1029 arr[num++] = 0x61; /* proto=sas, binary */
1030 arr[num++] = 0xa3; /* piv=1, target device, naa */
1031 arr[num++] = 0x0;
1032 arr[num++] = 0x8;
1033 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1034 num += 8;
1035 /* SCSI name string: Target device identifier */
1036 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1037 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1038 arr[num++] = 0x0;
1039 arr[num++] = 24;
1040 memcpy(arr + num, "naa.32222220", 12);
1041 num += 12;
1042 snprintf(b, sizeof(b), "%08X", target_dev_id);
1043 memcpy(arr + num, b, 8);
1044 num += 8;
1045 memset(arr + num, 0, 4);
1046 num += 4;
1047 return num;
1048}
1049
1050static unsigned char vpd84_data[] = {
1051/* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1052 0x22,0x22,0x22,0x0,0xbb,0x1,
1053 0x22,0x22,0x22,0x0,0xbb,0x2,
1054};
1055
1056/* Software interface identification VPD page */
1057static int inquiry_vpd_84(unsigned char *arr)
1058{
1059 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1060 return sizeof(vpd84_data);
1061}
1062
1063/* Management network addresses VPD page */
1064static int inquiry_vpd_85(unsigned char *arr)
1065{
1066 int num = 0;
1067 const char * na1 = "https://www.kernel.org/config";
1068 const char * na2 = "http://www.kernel.org/log";
1069 int plen, olen;
1070
1071 arr[num++] = 0x1; /* lu, storage config */
1072 arr[num++] = 0x0; /* reserved */
1073 arr[num++] = 0x0;
1074 olen = strlen(na1);
1075 plen = olen + 1;
1076 if (plen % 4)
1077 plen = ((plen / 4) + 1) * 4;
1078 arr[num++] = plen; /* length, null termianted, padded */
1079 memcpy(arr + num, na1, olen);
1080 memset(arr + num + olen, 0, plen - olen);
1081 num += plen;
1082
1083 arr[num++] = 0x4; /* lu, logging */
1084 arr[num++] = 0x0; /* reserved */
1085 arr[num++] = 0x0;
1086 olen = strlen(na2);
1087 plen = olen + 1;
1088 if (plen % 4)
1089 plen = ((plen / 4) + 1) * 4;
1090 arr[num++] = plen; /* length, null terminated, padded */
1091 memcpy(arr + num, na2, olen);
1092 memset(arr + num + olen, 0, plen - olen);
1093 num += plen;
1094
1095 return num;
1096}
1097
1098/* SCSI ports VPD page */
1099static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1100{
1101 int num = 0;
1102 int port_a, port_b;
1103
1104 port_a = target_dev_id + 1;
1105 port_b = port_a + 1;
1106 arr[num++] = 0x0; /* reserved */
1107 arr[num++] = 0x0; /* reserved */
1108 arr[num++] = 0x0;
1109 arr[num++] = 0x1; /* relative port 1 (primary) */
1110 memset(arr + num, 0, 6);
1111 num += 6;
1112 arr[num++] = 0x0;
1113 arr[num++] = 12; /* length tp descriptor */
1114 /* naa-5 target port identifier (A) */
1115 arr[num++] = 0x61; /* proto=sas, binary */
1116 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1117 arr[num++] = 0x0; /* reserved */
1118 arr[num++] = 0x8; /* length */
1119 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1120 num += 8;
1121 arr[num++] = 0x0; /* reserved */
1122 arr[num++] = 0x0; /* reserved */
1123 arr[num++] = 0x0;
1124 arr[num++] = 0x2; /* relative port 2 (secondary) */
1125 memset(arr + num, 0, 6);
1126 num += 6;
1127 arr[num++] = 0x0;
1128 arr[num++] = 12; /* length tp descriptor */
1129 /* naa-5 target port identifier (B) */
1130 arr[num++] = 0x61; /* proto=sas, binary */
1131 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1132 arr[num++] = 0x0; /* reserved */
1133 arr[num++] = 0x8; /* length */
1134 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1135 num += 8;
1136
1137 return num;
1138}
1139
1140
1141static unsigned char vpd89_data[] = {
1142/* from 4th byte */ 0,0,0,0,
1143'l','i','n','u','x',' ',' ',' ',
1144'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1145'1','2','3','4',
11460x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
11470xec,0,0,0,
11480x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
11490,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
11500x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
11510x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
11520x53,0x41,
11530x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
11540x20,0x20,
11550x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
11560x10,0x80,
11570,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
11580x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
11590x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
11600,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
11610x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
11620x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
11630,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
11640,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11650,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11660,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11670x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
11680,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
11690xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
11700,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
11710,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11720,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11730,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11740,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11750,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11760,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11770,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11780,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11790,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11800,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11810,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
11820,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1183};
1184
1185/* ATA Information VPD page */
1186static int inquiry_vpd_89(unsigned char *arr)
1187{
1188 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1189 return sizeof(vpd89_data);
1190}
1191
1192
1193static unsigned char vpdb0_data[] = {
1194 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1195 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1196 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1197 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1198};
1199
1200/* Block limits VPD page (SBC-3) */
1201static int inquiry_vpd_b0(unsigned char *arr)
1202{
1203 unsigned int gran;
1204
1205 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1206
1207 /* Optimal transfer length granularity */
1208 gran = 1 << sdebug_physblk_exp;
1209 put_unaligned_be16(gran, arr + 2);
1210
1211 /* Maximum Transfer Length */
1212 if (sdebug_store_sectors > 0x400)
1213 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1214
1215 /* Optimal Transfer Length */
1216 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1217
1218 if (sdebug_lbpu) {
1219 /* Maximum Unmap LBA Count */
1220 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1221
1222 /* Maximum Unmap Block Descriptor Count */
1223 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1224 }
1225
1226 /* Unmap Granularity Alignment */
1227 if (sdebug_unmap_alignment) {
1228 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1229 arr[28] |= 0x80; /* UGAVALID */
1230 }
1231
1232 /* Optimal Unmap Granularity */
1233 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1234
1235 /* Maximum WRITE SAME Length */
1236 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1237
1238 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1239
1240 return sizeof(vpdb0_data);
1241}
1242
1243/* Block device characteristics VPD page (SBC-3) */
1244static int inquiry_vpd_b1(unsigned char *arr)
1245{
1246 memset(arr, 0, 0x3c);
1247 arr[0] = 0;
1248 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1249 arr[2] = 0;
1250 arr[3] = 5; /* less than 1.8" */
1251
1252 return 0x3c;
1253}
1254
1255/* Logical block provisioning VPD page (SBC-4) */
1256static int inquiry_vpd_b2(unsigned char *arr)
1257{
1258 memset(arr, 0, 0x4);
1259 arr[0] = 0; /* threshold exponent */
1260 if (sdebug_lbpu)
1261 arr[1] = 1 << 7;
1262 if (sdebug_lbpws)
1263 arr[1] |= 1 << 6;
1264 if (sdebug_lbpws10)
1265 arr[1] |= 1 << 5;
1266 if (sdebug_lbprz && scsi_debug_lbp())
1267 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1268 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1269 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1270 /* threshold_percentage=0 */
1271 return 0x4;
1272}
1273
1274#define SDEBUG_LONG_INQ_SZ 96
1275#define SDEBUG_MAX_INQ_ARR_SZ 584
1276
1277static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1278{
1279 unsigned char pq_pdt;
1280 unsigned char * arr;
1281 unsigned char *cmd = scp->cmnd;
1282 int alloc_len, n, ret;
1283 bool have_wlun, is_disk;
1284
1285 alloc_len = get_unaligned_be16(cmd + 3);
1286 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1287 if (! arr)
1288 return DID_REQUEUE << 16;
1289 is_disk = (sdebug_ptype == TYPE_DISK);
1290 have_wlun = scsi_is_wlun(scp->device->lun);
1291 if (have_wlun)
1292 pq_pdt = TYPE_WLUN; /* present, wlun */
1293 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1294 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1295 else
1296 pq_pdt = (sdebug_ptype & 0x1f);
1297 arr[0] = pq_pdt;
1298 if (0x2 & cmd[1]) { /* CMDDT bit set */
1299 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1300 kfree(arr);
1301 return check_condition_result;
1302 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1303 int lu_id_num, port_group_id, target_dev_id, len;
1304 char lu_id_str[6];
1305 int host_no = devip->sdbg_host->shost->host_no;
1306
1307 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1308 (devip->channel & 0x7f);
1309 if (sdebug_vpd_use_hostno == 0)
1310 host_no = 0;
1311 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1312 (devip->target * 1000) + devip->lun);
1313 target_dev_id = ((host_no + 1) * 2000) +
1314 (devip->target * 1000) - 3;
1315 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1316 if (0 == cmd[2]) { /* supported vital product data pages */
1317 arr[1] = cmd[2]; /*sanity */
1318 n = 4;
1319 arr[n++] = 0x0; /* this page */
1320 arr[n++] = 0x80; /* unit serial number */
1321 arr[n++] = 0x83; /* device identification */
1322 arr[n++] = 0x84; /* software interface ident. */
1323 arr[n++] = 0x85; /* management network addresses */
1324 arr[n++] = 0x86; /* extended inquiry */
1325 arr[n++] = 0x87; /* mode page policy */
1326 arr[n++] = 0x88; /* SCSI ports */
1327 if (is_disk) { /* SBC only */
1328 arr[n++] = 0x89; /* ATA information */
1329 arr[n++] = 0xb0; /* Block limits */
1330 arr[n++] = 0xb1; /* Block characteristics */
1331 arr[n++] = 0xb2; /* Logical Block Prov */
1332 }
1333 arr[3] = n - 4; /* number of supported VPD pages */
1334 } else if (0x80 == cmd[2]) { /* unit serial number */
1335 arr[1] = cmd[2]; /*sanity */
1336 arr[3] = len;
1337 memcpy(&arr[4], lu_id_str, len);
1338 } else if (0x83 == cmd[2]) { /* device identification */
1339 arr[1] = cmd[2]; /*sanity */
1340 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1341 target_dev_id, lu_id_num,
1342 lu_id_str, len,
1343 &devip->lu_name);
1344 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1345 arr[1] = cmd[2]; /*sanity */
1346 arr[3] = inquiry_vpd_84(&arr[4]);
1347 } else if (0x85 == cmd[2]) { /* Management network addresses */
1348 arr[1] = cmd[2]; /*sanity */
1349 arr[3] = inquiry_vpd_85(&arr[4]);
1350 } else if (0x86 == cmd[2]) { /* extended inquiry */
1351 arr[1] = cmd[2]; /*sanity */
1352 arr[3] = 0x3c; /* number of following entries */
1353 if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1354 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1355 else if (have_dif_prot)
1356 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1357 else
1358 arr[4] = 0x0; /* no protection stuff */
1359 arr[5] = 0x7; /* head of q, ordered + simple q's */
1360 } else if (0x87 == cmd[2]) { /* mode page policy */
1361 arr[1] = cmd[2]; /*sanity */
1362 arr[3] = 0x8; /* number of following entries */
1363 arr[4] = 0x2; /* disconnect-reconnect mp */
1364 arr[6] = 0x80; /* mlus, shared */
1365 arr[8] = 0x18; /* protocol specific lu */
1366 arr[10] = 0x82; /* mlus, per initiator port */
1367 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1368 arr[1] = cmd[2]; /*sanity */
1369 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1370 } else if (is_disk && 0x89 == cmd[2]) { /* ATA information */
1371 arr[1] = cmd[2]; /*sanity */
1372 n = inquiry_vpd_89(&arr[4]);
1373 put_unaligned_be16(n, arr + 2);
1374 } else if (is_disk && 0xb0 == cmd[2]) { /* Block limits */
1375 arr[1] = cmd[2]; /*sanity */
1376 arr[3] = inquiry_vpd_b0(&arr[4]);
1377 } else if (is_disk && 0xb1 == cmd[2]) { /* Block char. */
1378 arr[1] = cmd[2]; /*sanity */
1379 arr[3] = inquiry_vpd_b1(&arr[4]);
1380 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1381 arr[1] = cmd[2]; /*sanity */
1382 arr[3] = inquiry_vpd_b2(&arr[4]);
1383 } else {
1384 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1385 kfree(arr);
1386 return check_condition_result;
1387 }
1388 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1389 ret = fill_from_dev_buffer(scp, arr,
1390 min(len, SDEBUG_MAX_INQ_ARR_SZ));
1391 kfree(arr);
1392 return ret;
1393 }
1394 /* drops through here for a standard inquiry */
1395 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
1396 arr[2] = sdebug_scsi_level;
1397 arr[3] = 2; /* response_data_format==2 */
1398 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1399 arr[5] = (int)have_dif_prot; /* PROTECT bit */
1400 if (sdebug_vpd_use_hostno == 0)
1401 arr[5] = 0x10; /* claim: implicit TGPS */
1402 arr[6] = 0x10; /* claim: MultiP */
1403 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1404 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1405 memcpy(&arr[8], inq_vendor_id, 8);
1406 memcpy(&arr[16], inq_product_id, 16);
1407 memcpy(&arr[32], inq_product_rev, 4);
1408 /* version descriptors (2 bytes each) follow */
1409 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
1410 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
1411 n = 62;
1412 if (is_disk) { /* SBC-4 no version claimed */
1413 put_unaligned_be16(0x600, arr + n);
1414 n += 2;
1415 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1416 put_unaligned_be16(0x525, arr + n);
1417 n += 2;
1418 }
1419 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
1420 ret = fill_from_dev_buffer(scp, arr,
1421 min(alloc_len, SDEBUG_LONG_INQ_SZ));
1422 kfree(arr);
1423 return ret;
1424}
1425
1426static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1427 0, 0, 0x0, 0x0};
1428
1429static int resp_requests(struct scsi_cmnd * scp,
1430 struct sdebug_dev_info * devip)
1431{
1432 unsigned char * sbuff;
1433 unsigned char *cmd = scp->cmnd;
1434 unsigned char arr[SCSI_SENSE_BUFFERSIZE];
1435 bool dsense;
1436 int len = 18;
1437
1438 memset(arr, 0, sizeof(arr));
1439 dsense = !!(cmd[1] & 1);
1440 sbuff = scp->sense_buffer;
1441 if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1442 if (dsense) {
1443 arr[0] = 0x72;
1444 arr[1] = 0x0; /* NO_SENSE in sense_key */
1445 arr[2] = THRESHOLD_EXCEEDED;
1446 arr[3] = 0xff; /* TEST set and MRIE==6 */
1447 len = 8;
1448 } else {
1449 arr[0] = 0x70;
1450 arr[2] = 0x0; /* NO_SENSE in sense_key */
1451 arr[7] = 0xa; /* 18 byte sense buffer */
1452 arr[12] = THRESHOLD_EXCEEDED;
1453 arr[13] = 0xff; /* TEST set and MRIE==6 */
1454 }
1455 } else {
1456 memcpy(arr, sbuff, SCSI_SENSE_BUFFERSIZE);
1457 if (arr[0] >= 0x70 && dsense == sdebug_dsense)
1458 ; /* have sense and formats match */
1459 else if (arr[0] <= 0x70) {
1460 if (dsense) {
1461 memset(arr, 0, 8);
1462 arr[0] = 0x72;
1463 len = 8;
1464 } else {
1465 memset(arr, 0, 18);
1466 arr[0] = 0x70;
1467 arr[7] = 0xa;
1468 }
1469 } else if (dsense) {
1470 memset(arr, 0, 8);
1471 arr[0] = 0x72;
1472 arr[1] = sbuff[2]; /* sense key */
1473 arr[2] = sbuff[12]; /* asc */
1474 arr[3] = sbuff[13]; /* ascq */
1475 len = 8;
1476 } else {
1477 memset(arr, 0, 18);
1478 arr[0] = 0x70;
1479 arr[2] = sbuff[1];
1480 arr[7] = 0xa;
1481 arr[12] = sbuff[1];
1482 arr[13] = sbuff[3];
1483 }
1484
1485 }
1486 mk_sense_buffer(scp, 0, NO_ADDITIONAL_SENSE, 0);
1487 return fill_from_dev_buffer(scp, arr, len);
1488}
1489
1490static int resp_start_stop(struct scsi_cmnd * scp,
1491 struct sdebug_dev_info * devip)
1492{
1493 unsigned char *cmd = scp->cmnd;
1494 int power_cond, stop;
1495
1496 power_cond = (cmd[4] & 0xf0) >> 4;
1497 if (power_cond) {
1498 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1499 return check_condition_result;
1500 }
1501 stop = !(cmd[4] & 1);
1502 atomic_xchg(&devip->stopped, stop);
1503 return 0;
1504}
1505
1506static sector_t get_sdebug_capacity(void)
1507{
1508 static const unsigned int gibibyte = 1073741824;
1509
1510 if (sdebug_virtual_gb > 0)
1511 return (sector_t)sdebug_virtual_gb *
1512 (gibibyte / sdebug_sector_size);
1513 else
1514 return sdebug_store_sectors;
1515}
1516
1517#define SDEBUG_READCAP_ARR_SZ 8
1518static int resp_readcap(struct scsi_cmnd * scp,
1519 struct sdebug_dev_info * devip)
1520{
1521 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1522 unsigned int capac;
1523
1524 /* following just in case virtual_gb changed */
1525 sdebug_capacity = get_sdebug_capacity();
1526 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1527 if (sdebug_capacity < 0xffffffff) {
1528 capac = (unsigned int)sdebug_capacity - 1;
1529 put_unaligned_be32(capac, arr + 0);
1530 } else
1531 put_unaligned_be32(0xffffffff, arr + 0);
1532 put_unaligned_be16(sdebug_sector_size, arr + 6);
1533 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1534}
1535
1536#define SDEBUG_READCAP16_ARR_SZ 32
1537static int resp_readcap16(struct scsi_cmnd * scp,
1538 struct sdebug_dev_info * devip)
1539{
1540 unsigned char *cmd = scp->cmnd;
1541 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1542 int alloc_len;
1543
1544 alloc_len = get_unaligned_be32(cmd + 10);
1545 /* following just in case virtual_gb changed */
1546 sdebug_capacity = get_sdebug_capacity();
1547 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1548 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1549 put_unaligned_be32(sdebug_sector_size, arr + 8);
1550 arr[13] = sdebug_physblk_exp & 0xf;
1551 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1552
1553 if (scsi_debug_lbp()) {
1554 arr[14] |= 0x80; /* LBPME */
1555 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1556 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1557 * in the wider field maps to 0 in this field.
1558 */
1559 if (sdebug_lbprz & 1) /* precisely what the draft requires */
1560 arr[14] |= 0x40;
1561 }
1562
1563 arr[15] = sdebug_lowest_aligned & 0xff;
1564
1565 if (have_dif_prot) {
1566 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1567 arr[12] |= 1; /* PROT_EN */
1568 }
1569
1570 return fill_from_dev_buffer(scp, arr,
1571 min(alloc_len, SDEBUG_READCAP16_ARR_SZ));
1572}
1573
1574#define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1575
1576static int resp_report_tgtpgs(struct scsi_cmnd * scp,
1577 struct sdebug_dev_info * devip)
1578{
1579 unsigned char *cmd = scp->cmnd;
1580 unsigned char * arr;
1581 int host_no = devip->sdbg_host->shost->host_no;
1582 int n, ret, alen, rlen;
1583 int port_group_a, port_group_b, port_a, port_b;
1584
1585 alen = get_unaligned_be32(cmd + 6);
1586 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1587 if (! arr)
1588 return DID_REQUEUE << 16;
1589 /*
1590 * EVPD page 0x88 states we have two ports, one
1591 * real and a fake port with no device connected.
1592 * So we create two port groups with one port each
1593 * and set the group with port B to unavailable.
1594 */
1595 port_a = 0x1; /* relative port A */
1596 port_b = 0x2; /* relative port B */
1597 port_group_a = (((host_no + 1) & 0x7f) << 8) +
1598 (devip->channel & 0x7f);
1599 port_group_b = (((host_no + 1) & 0x7f) << 8) +
1600 (devip->channel & 0x7f) + 0x80;
1601
1602 /*
1603 * The asymmetric access state is cycled according to the host_id.
1604 */
1605 n = 4;
1606 if (sdebug_vpd_use_hostno == 0) {
1607 arr[n++] = host_no % 3; /* Asymm access state */
1608 arr[n++] = 0x0F; /* claim: all states are supported */
1609 } else {
1610 arr[n++] = 0x0; /* Active/Optimized path */
1611 arr[n++] = 0x01; /* only support active/optimized paths */
1612 }
1613 put_unaligned_be16(port_group_a, arr + n);
1614 n += 2;
1615 arr[n++] = 0; /* Reserved */
1616 arr[n++] = 0; /* Status code */
1617 arr[n++] = 0; /* Vendor unique */
1618 arr[n++] = 0x1; /* One port per group */
1619 arr[n++] = 0; /* Reserved */
1620 arr[n++] = 0; /* Reserved */
1621 put_unaligned_be16(port_a, arr + n);
1622 n += 2;
1623 arr[n++] = 3; /* Port unavailable */
1624 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1625 put_unaligned_be16(port_group_b, arr + n);
1626 n += 2;
1627 arr[n++] = 0; /* Reserved */
1628 arr[n++] = 0; /* Status code */
1629 arr[n++] = 0; /* Vendor unique */
1630 arr[n++] = 0x1; /* One port per group */
1631 arr[n++] = 0; /* Reserved */
1632 arr[n++] = 0; /* Reserved */
1633 put_unaligned_be16(port_b, arr + n);
1634 n += 2;
1635
1636 rlen = n - 4;
1637 put_unaligned_be32(rlen, arr + 0);
1638
1639 /*
1640 * Return the smallest value of either
1641 * - The allocated length
1642 * - The constructed command length
1643 * - The maximum array size
1644 */
1645 rlen = min(alen,n);
1646 ret = fill_from_dev_buffer(scp, arr,
1647 min(rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1648 kfree(arr);
1649 return ret;
1650}
1651
1652static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1653 struct sdebug_dev_info *devip)
1654{
1655 bool rctd;
1656 u8 reporting_opts, req_opcode, sdeb_i, supp;
1657 u16 req_sa, u;
1658 u32 alloc_len, a_len;
1659 int k, offset, len, errsts, count, bump, na;
1660 const struct opcode_info_t *oip;
1661 const struct opcode_info_t *r_oip;
1662 u8 *arr;
1663 u8 *cmd = scp->cmnd;
1664
1665 rctd = !!(cmd[2] & 0x80);
1666 reporting_opts = cmd[2] & 0x7;
1667 req_opcode = cmd[3];
1668 req_sa = get_unaligned_be16(cmd + 4);
1669 alloc_len = get_unaligned_be32(cmd + 6);
1670 if (alloc_len < 4 || alloc_len > 0xffff) {
1671 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1672 return check_condition_result;
1673 }
1674 if (alloc_len > 8192)
1675 a_len = 8192;
1676 else
1677 a_len = alloc_len;
1678 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1679 if (NULL == arr) {
1680 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1681 INSUFF_RES_ASCQ);
1682 return check_condition_result;
1683 }
1684 switch (reporting_opts) {
1685 case 0: /* all commands */
1686 /* count number of commands */
1687 for (count = 0, oip = opcode_info_arr;
1688 oip->num_attached != 0xff; ++oip) {
1689 if (F_INV_OP & oip->flags)
1690 continue;
1691 count += (oip->num_attached + 1);
1692 }
1693 bump = rctd ? 20 : 8;
1694 put_unaligned_be32(count * bump, arr);
1695 for (offset = 4, oip = opcode_info_arr;
1696 oip->num_attached != 0xff && offset < a_len; ++oip) {
1697 if (F_INV_OP & oip->flags)
1698 continue;
1699 na = oip->num_attached;
1700 arr[offset] = oip->opcode;
1701 put_unaligned_be16(oip->sa, arr + offset + 2);
1702 if (rctd)
1703 arr[offset + 5] |= 0x2;
1704 if (FF_SA & oip->flags)
1705 arr[offset + 5] |= 0x1;
1706 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
1707 if (rctd)
1708 put_unaligned_be16(0xa, arr + offset + 8);
1709 r_oip = oip;
1710 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
1711 if (F_INV_OP & oip->flags)
1712 continue;
1713 offset += bump;
1714 arr[offset] = oip->opcode;
1715 put_unaligned_be16(oip->sa, arr + offset + 2);
1716 if (rctd)
1717 arr[offset + 5] |= 0x2;
1718 if (FF_SA & oip->flags)
1719 arr[offset + 5] |= 0x1;
1720 put_unaligned_be16(oip->len_mask[0],
1721 arr + offset + 6);
1722 if (rctd)
1723 put_unaligned_be16(0xa,
1724 arr + offset + 8);
1725 }
1726 oip = r_oip;
1727 offset += bump;
1728 }
1729 break;
1730 case 1: /* one command: opcode only */
1731 case 2: /* one command: opcode plus service action */
1732 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
1733 sdeb_i = opcode_ind_arr[req_opcode];
1734 oip = &opcode_info_arr[sdeb_i];
1735 if (F_INV_OP & oip->flags) {
1736 supp = 1;
1737 offset = 4;
1738 } else {
1739 if (1 == reporting_opts) {
1740 if (FF_SA & oip->flags) {
1741 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
1742 2, 2);
1743 kfree(arr);
1744 return check_condition_result;
1745 }
1746 req_sa = 0;
1747 } else if (2 == reporting_opts &&
1748 0 == (FF_SA & oip->flags)) {
1749 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
1750 kfree(arr); /* point at requested sa */
1751 return check_condition_result;
1752 }
1753 if (0 == (FF_SA & oip->flags) &&
1754 req_opcode == oip->opcode)
1755 supp = 3;
1756 else if (0 == (FF_SA & oip->flags)) {
1757 na = oip->num_attached;
1758 for (k = 0, oip = oip->arrp; k < na;
1759 ++k, ++oip) {
1760 if (req_opcode == oip->opcode)
1761 break;
1762 }
1763 supp = (k >= na) ? 1 : 3;
1764 } else if (req_sa != oip->sa) {
1765 na = oip->num_attached;
1766 for (k = 0, oip = oip->arrp; k < na;
1767 ++k, ++oip) {
1768 if (req_sa == oip->sa)
1769 break;
1770 }
1771 supp = (k >= na) ? 1 : 3;
1772 } else
1773 supp = 3;
1774 if (3 == supp) {
1775 u = oip->len_mask[0];
1776 put_unaligned_be16(u, arr + 2);
1777 arr[4] = oip->opcode;
1778 for (k = 1; k < u; ++k)
1779 arr[4 + k] = (k < 16) ?
1780 oip->len_mask[k] : 0xff;
1781 offset = 4 + u;
1782 } else
1783 offset = 4;
1784 }
1785 arr[1] = (rctd ? 0x80 : 0) | supp;
1786 if (rctd) {
1787 put_unaligned_be16(0xa, arr + offset);
1788 offset += 12;
1789 }
1790 break;
1791 default:
1792 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
1793 kfree(arr);
1794 return check_condition_result;
1795 }
1796 offset = (offset < a_len) ? offset : a_len;
1797 len = (offset < alloc_len) ? offset : alloc_len;
1798 errsts = fill_from_dev_buffer(scp, arr, len);
1799 kfree(arr);
1800 return errsts;
1801}
1802
1803static int resp_rsup_tmfs(struct scsi_cmnd *scp,
1804 struct sdebug_dev_info *devip)
1805{
1806 bool repd;
1807 u32 alloc_len, len;
1808 u8 arr[16];
1809 u8 *cmd = scp->cmnd;
1810
1811 memset(arr, 0, sizeof(arr));
1812 repd = !!(cmd[2] & 0x80);
1813 alloc_len = get_unaligned_be32(cmd + 6);
1814 if (alloc_len < 4) {
1815 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1816 return check_condition_result;
1817 }
1818 arr[0] = 0xc8; /* ATS | ATSS | LURS */
1819 arr[1] = 0x1; /* ITNRS */
1820 if (repd) {
1821 arr[3] = 0xc;
1822 len = 16;
1823 } else
1824 len = 4;
1825
1826 len = (len < alloc_len) ? len : alloc_len;
1827 return fill_from_dev_buffer(scp, arr, len);
1828}
1829
1830/* <<Following mode page info copied from ST318451LW>> */
1831
1832static int resp_err_recov_pg(unsigned char * p, int pcontrol, int target)
1833{ /* Read-Write Error Recovery page for mode_sense */
1834 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
1835 5, 0, 0xff, 0xff};
1836
1837 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
1838 if (1 == pcontrol)
1839 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
1840 return sizeof(err_recov_pg);
1841}
1842
1843static int resp_disconnect_pg(unsigned char * p, int pcontrol, int target)
1844{ /* Disconnect-Reconnect page for mode_sense */
1845 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
1846 0, 0, 0, 0, 0, 0, 0, 0};
1847
1848 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
1849 if (1 == pcontrol)
1850 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
1851 return sizeof(disconnect_pg);
1852}
1853
1854static int resp_format_pg(unsigned char * p, int pcontrol, int target)
1855{ /* Format device page for mode_sense */
1856 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
1857 0, 0, 0, 0, 0, 0, 0, 0,
1858 0, 0, 0, 0, 0x40, 0, 0, 0};
1859
1860 memcpy(p, format_pg, sizeof(format_pg));
1861 put_unaligned_be16(sdebug_sectors_per, p + 10);
1862 put_unaligned_be16(sdebug_sector_size, p + 12);
1863 if (sdebug_removable)
1864 p[20] |= 0x20; /* should agree with INQUIRY */
1865 if (1 == pcontrol)
1866 memset(p + 2, 0, sizeof(format_pg) - 2);
1867 return sizeof(format_pg);
1868}
1869
1870static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1871 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
1872 0, 0, 0, 0};
1873
1874static int resp_caching_pg(unsigned char * p, int pcontrol, int target)
1875{ /* Caching page for mode_sense */
1876 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
1877 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1878 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1879 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
1880
1881 if (SDEBUG_OPT_N_WCE & sdebug_opts)
1882 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
1883 memcpy(p, caching_pg, sizeof(caching_pg));
1884 if (1 == pcontrol)
1885 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
1886 else if (2 == pcontrol)
1887 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
1888 return sizeof(caching_pg);
1889}
1890
1891static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1892 0, 0, 0x2, 0x4b};
1893
1894static int resp_ctrl_m_pg(unsigned char * p, int pcontrol, int target)
1895{ /* Control mode page for mode_sense */
1896 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
1897 0, 0, 0, 0};
1898 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1899 0, 0, 0x2, 0x4b};
1900
1901 if (sdebug_dsense)
1902 ctrl_m_pg[2] |= 0x4;
1903 else
1904 ctrl_m_pg[2] &= ~0x4;
1905
1906 if (sdebug_ato)
1907 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
1908
1909 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
1910 if (1 == pcontrol)
1911 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
1912 else if (2 == pcontrol)
1913 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
1914 return sizeof(ctrl_m_pg);
1915}
1916
1917
1918static int resp_iec_m_pg(unsigned char * p, int pcontrol, int target)
1919{ /* Informational Exceptions control mode page for mode_sense */
1920 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
1921 0, 0, 0x0, 0x0};
1922 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1923 0, 0, 0x0, 0x0};
1924
1925 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
1926 if (1 == pcontrol)
1927 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
1928 else if (2 == pcontrol)
1929 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
1930 return sizeof(iec_m_pg);
1931}
1932
1933static int resp_sas_sf_m_pg(unsigned char * p, int pcontrol, int target)
1934{ /* SAS SSP mode page - short format for mode_sense */
1935 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
1936 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
1937
1938 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
1939 if (1 == pcontrol)
1940 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
1941 return sizeof(sas_sf_m_pg);
1942}
1943
1944
1945static int resp_sas_pcd_m_spg(unsigned char * p, int pcontrol, int target,
1946 int target_dev_id)
1947{ /* SAS phy control and discover mode page for mode_sense */
1948 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
1949 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
1950 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1951 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1952 0x2, 0, 0, 0, 0, 0, 0, 0,
1953 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1954 0, 0, 0, 0, 0, 0, 0, 0,
1955 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
1956 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1957 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1958 0x3, 0, 0, 0, 0, 0, 0, 0,
1959 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1960 0, 0, 0, 0, 0, 0, 0, 0,
1961 };
1962 int port_a, port_b;
1963
1964 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
1965 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
1966 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
1967 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
1968 port_a = target_dev_id + 1;
1969 port_b = port_a + 1;
1970 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
1971 put_unaligned_be32(port_a, p + 20);
1972 put_unaligned_be32(port_b, p + 48 + 20);
1973 if (1 == pcontrol)
1974 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
1975 return sizeof(sas_pcd_m_pg);
1976}
1977
1978static int resp_sas_sha_m_spg(unsigned char * p, int pcontrol)
1979{ /* SAS SSP shared protocol specific port mode subpage */
1980 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
1981 0, 0, 0, 0, 0, 0, 0, 0,
1982 };
1983
1984 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
1985 if (1 == pcontrol)
1986 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
1987 return sizeof(sas_sha_m_pg);
1988}
1989
1990#define SDEBUG_MAX_MSENSE_SZ 256
1991
1992static int resp_mode_sense(struct scsi_cmnd *scp,
1993 struct sdebug_dev_info *devip)
1994{
1995 int pcontrol, pcode, subpcode, bd_len;
1996 unsigned char dev_spec;
1997 int alloc_len, offset, len, target_dev_id;
1998 int target = scp->device->id;
1999 unsigned char * ap;
2000 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2001 unsigned char *cmd = scp->cmnd;
2002 bool dbd, llbaa, msense_6, is_disk, bad_pcode;
2003
2004 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
2005 pcontrol = (cmd[2] & 0xc0) >> 6;
2006 pcode = cmd[2] & 0x3f;
2007 subpcode = cmd[3];
2008 msense_6 = (MODE_SENSE == cmd[0]);
2009 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2010 is_disk = (sdebug_ptype == TYPE_DISK);
2011 if (is_disk && !dbd)
2012 bd_len = llbaa ? 16 : 8;
2013 else
2014 bd_len = 0;
2015 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2016 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2017 if (0x3 == pcontrol) { /* Saving values not supported */
2018 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2019 return check_condition_result;
2020 }
2021 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2022 (devip->target * 1000) - 3;
2023 /* for disks set DPOFUA bit and clear write protect (WP) bit */
2024 if (is_disk)
2025 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
2026 else
2027 dev_spec = 0x0;
2028 if (msense_6) {
2029 arr[2] = dev_spec;
2030 arr[3] = bd_len;
2031 offset = 4;
2032 } else {
2033 arr[3] = dev_spec;
2034 if (16 == bd_len)
2035 arr[4] = 0x1; /* set LONGLBA bit */
2036 arr[7] = bd_len; /* assume 255 or less */
2037 offset = 8;
2038 }
2039 ap = arr + offset;
2040 if ((bd_len > 0) && (!sdebug_capacity))
2041 sdebug_capacity = get_sdebug_capacity();
2042
2043 if (8 == bd_len) {
2044 if (sdebug_capacity > 0xfffffffe)
2045 put_unaligned_be32(0xffffffff, ap + 0);
2046 else
2047 put_unaligned_be32(sdebug_capacity, ap + 0);
2048 put_unaligned_be16(sdebug_sector_size, ap + 6);
2049 offset += bd_len;
2050 ap = arr + offset;
2051 } else if (16 == bd_len) {
2052 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2053 put_unaligned_be32(sdebug_sector_size, ap + 12);
2054 offset += bd_len;
2055 ap = arr + offset;
2056 }
2057
2058 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2059 /* TODO: Control Extension page */
2060 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2061 return check_condition_result;
2062 }
2063 bad_pcode = false;
2064
2065 switch (pcode) {
2066 case 0x1: /* Read-Write error recovery page, direct access */
2067 len = resp_err_recov_pg(ap, pcontrol, target);
2068 offset += len;
2069 break;
2070 case 0x2: /* Disconnect-Reconnect page, all devices */
2071 len = resp_disconnect_pg(ap, pcontrol, target);
2072 offset += len;
2073 break;
2074 case 0x3: /* Format device page, direct access */
2075 if (is_disk) {
2076 len = resp_format_pg(ap, pcontrol, target);
2077 offset += len;
2078 } else
2079 bad_pcode = true;
2080 break;
2081 case 0x8: /* Caching page, direct access */
2082 if (is_disk) {
2083 len = resp_caching_pg(ap, pcontrol, target);
2084 offset += len;
2085 } else
2086 bad_pcode = true;
2087 break;
2088 case 0xa: /* Control Mode page, all devices */
2089 len = resp_ctrl_m_pg(ap, pcontrol, target);
2090 offset += len;
2091 break;
2092 case 0x19: /* if spc==1 then sas phy, control+discover */
2093 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2094 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2095 return check_condition_result;
2096 }
2097 len = 0;
2098 if ((0x0 == subpcode) || (0xff == subpcode))
2099 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2100 if ((0x1 == subpcode) || (0xff == subpcode))
2101 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2102 target_dev_id);
2103 if ((0x2 == subpcode) || (0xff == subpcode))
2104 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2105 offset += len;
2106 break;
2107 case 0x1c: /* Informational Exceptions Mode page, all devices */
2108 len = resp_iec_m_pg(ap, pcontrol, target);
2109 offset += len;
2110 break;
2111 case 0x3f: /* Read all Mode pages */
2112 if ((0 == subpcode) || (0xff == subpcode)) {
2113 len = resp_err_recov_pg(ap, pcontrol, target);
2114 len += resp_disconnect_pg(ap + len, pcontrol, target);
2115 if (is_disk) {
2116 len += resp_format_pg(ap + len, pcontrol,
2117 target);
2118 len += resp_caching_pg(ap + len, pcontrol,
2119 target);
2120 }
2121 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2122 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2123 if (0xff == subpcode) {
2124 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2125 target, target_dev_id);
2126 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2127 }
2128 len += resp_iec_m_pg(ap + len, pcontrol, target);
2129 offset += len;
2130 } else {
2131 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2132 return check_condition_result;
2133 }
2134 break;
2135 default:
2136 bad_pcode = true;
2137 break;
2138 }
2139 if (bad_pcode) {
2140 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2141 return check_condition_result;
2142 }
2143 if (msense_6)
2144 arr[0] = offset - 1;
2145 else
2146 put_unaligned_be16((offset - 2), arr + 0);
2147 return fill_from_dev_buffer(scp, arr, min(alloc_len, offset));
2148}
2149
2150#define SDEBUG_MAX_MSELECT_SZ 512
2151
2152static int resp_mode_select(struct scsi_cmnd *scp,
2153 struct sdebug_dev_info *devip)
2154{
2155 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2156 int param_len, res, mpage;
2157 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2158 unsigned char *cmd = scp->cmnd;
2159 int mselect6 = (MODE_SELECT == cmd[0]);
2160
2161 memset(arr, 0, sizeof(arr));
2162 pf = cmd[1] & 0x10;
2163 sp = cmd[1] & 0x1;
2164 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2165 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2166 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2167 return check_condition_result;
2168 }
2169 res = fetch_to_dev_buffer(scp, arr, param_len);
2170 if (-1 == res)
2171 return DID_ERROR << 16;
2172 else if (sdebug_verbose && (res < param_len))
2173 sdev_printk(KERN_INFO, scp->device,
2174 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2175 __func__, param_len, res);
2176 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2177 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2178 if (md_len > 2) {
2179 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2180 return check_condition_result;
2181 }
2182 off = bd_len + (mselect6 ? 4 : 8);
2183 mpage = arr[off] & 0x3f;
2184 ps = !!(arr[off] & 0x80);
2185 if (ps) {
2186 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2187 return check_condition_result;
2188 }
2189 spf = !!(arr[off] & 0x40);
2190 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2191 (arr[off + 1] + 2);
2192 if ((pg_len + off) > param_len) {
2193 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2194 PARAMETER_LIST_LENGTH_ERR, 0);
2195 return check_condition_result;
2196 }
2197 switch (mpage) {
2198 case 0x8: /* Caching Mode page */
2199 if (caching_pg[1] == arr[off + 1]) {
2200 memcpy(caching_pg + 2, arr + off + 2,
2201 sizeof(caching_pg) - 2);
2202 goto set_mode_changed_ua;
2203 }
2204 break;
2205 case 0xa: /* Control Mode page */
2206 if (ctrl_m_pg[1] == arr[off + 1]) {
2207 memcpy(ctrl_m_pg + 2, arr + off + 2,
2208 sizeof(ctrl_m_pg) - 2);
2209 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2210 goto set_mode_changed_ua;
2211 }
2212 break;
2213 case 0x1c: /* Informational Exceptions Mode page */
2214 if (iec_m_pg[1] == arr[off + 1]) {
2215 memcpy(iec_m_pg + 2, arr + off + 2,
2216 sizeof(iec_m_pg) - 2);
2217 goto set_mode_changed_ua;
2218 }
2219 break;
2220 default:
2221 break;
2222 }
2223 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2224 return check_condition_result;
2225set_mode_changed_ua:
2226 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2227 return 0;
2228}
2229
2230static int resp_temp_l_pg(unsigned char * arr)
2231{
2232 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2233 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2234 };
2235
2236 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2237 return sizeof(temp_l_pg);
2238}
2239
2240static int resp_ie_l_pg(unsigned char * arr)
2241{
2242 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2243 };
2244
2245 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2246 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2247 arr[4] = THRESHOLD_EXCEEDED;
2248 arr[5] = 0xff;
2249 }
2250 return sizeof(ie_l_pg);
2251}
2252
2253#define SDEBUG_MAX_LSENSE_SZ 512
2254
2255static int resp_log_sense(struct scsi_cmnd * scp,
2256 struct sdebug_dev_info * devip)
2257{
2258 int ppc, sp, pcontrol, pcode, subpcode, alloc_len, len, n;
2259 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2260 unsigned char *cmd = scp->cmnd;
2261
2262 memset(arr, 0, sizeof(arr));
2263 ppc = cmd[1] & 0x2;
2264 sp = cmd[1] & 0x1;
2265 if (ppc || sp) {
2266 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2267 return check_condition_result;
2268 }
2269 pcontrol = (cmd[2] & 0xc0) >> 6;
2270 pcode = cmd[2] & 0x3f;
2271 subpcode = cmd[3] & 0xff;
2272 alloc_len = get_unaligned_be16(cmd + 7);
2273 arr[0] = pcode;
2274 if (0 == subpcode) {
2275 switch (pcode) {
2276 case 0x0: /* Supported log pages log page */
2277 n = 4;
2278 arr[n++] = 0x0; /* this page */
2279 arr[n++] = 0xd; /* Temperature */
2280 arr[n++] = 0x2f; /* Informational exceptions */
2281 arr[3] = n - 4;
2282 break;
2283 case 0xd: /* Temperature log page */
2284 arr[3] = resp_temp_l_pg(arr + 4);
2285 break;
2286 case 0x2f: /* Informational exceptions log page */
2287 arr[3] = resp_ie_l_pg(arr + 4);
2288 break;
2289 default:
2290 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2291 return check_condition_result;
2292 }
2293 } else if (0xff == subpcode) {
2294 arr[0] |= 0x40;
2295 arr[1] = subpcode;
2296 switch (pcode) {
2297 case 0x0: /* Supported log pages and subpages log page */
2298 n = 4;
2299 arr[n++] = 0x0;
2300 arr[n++] = 0x0; /* 0,0 page */
2301 arr[n++] = 0x0;
2302 arr[n++] = 0xff; /* this page */
2303 arr[n++] = 0xd;
2304 arr[n++] = 0x0; /* Temperature */
2305 arr[n++] = 0x2f;
2306 arr[n++] = 0x0; /* Informational exceptions */
2307 arr[3] = n - 4;
2308 break;
2309 case 0xd: /* Temperature subpages */
2310 n = 4;
2311 arr[n++] = 0xd;
2312 arr[n++] = 0x0; /* Temperature */
2313 arr[3] = n - 4;
2314 break;
2315 case 0x2f: /* Informational exceptions subpages */
2316 n = 4;
2317 arr[n++] = 0x2f;
2318 arr[n++] = 0x0; /* Informational exceptions */
2319 arr[3] = n - 4;
2320 break;
2321 default:
2322 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2323 return check_condition_result;
2324 }
2325 } else {
2326 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2327 return check_condition_result;
2328 }
2329 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
2330 return fill_from_dev_buffer(scp, arr,
2331 min(len, SDEBUG_MAX_INQ_ARR_SZ));
2332}
2333
2334static int check_device_access_params(struct scsi_cmnd *scp,
2335 unsigned long long lba, unsigned int num)
2336{
2337 if (lba + num > sdebug_capacity) {
2338 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2339 return check_condition_result;
2340 }
2341 /* transfer length excessive (tie in to block limits VPD page) */
2342 if (num > sdebug_store_sectors) {
2343 /* needs work to find which cdb byte 'num' comes from */
2344 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2345 return check_condition_result;
2346 }
2347 return 0;
2348}
2349
2350/* Returns number of bytes copied or -1 if error. */
2351static int do_device_access(struct scsi_cmnd *scmd, u64 lba, u32 num,
2352 bool do_write)
2353{
2354 int ret;
2355 u64 block, rest = 0;
2356 struct scsi_data_buffer *sdb;
2357 enum dma_data_direction dir;
2358
2359 if (do_write) {
2360 sdb = scsi_out(scmd);
2361 dir = DMA_TO_DEVICE;
2362 } else {
2363 sdb = scsi_in(scmd);
2364 dir = DMA_FROM_DEVICE;
2365 }
2366
2367 if (!sdb->length)
2368 return 0;
2369 if (!(scsi_bidi_cmnd(scmd) || scmd->sc_data_direction == dir))
2370 return -1;
2371
2372 block = do_div(lba, sdebug_store_sectors);
2373 if (block + num > sdebug_store_sectors)
2374 rest = block + num - sdebug_store_sectors;
2375
2376 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2377 fake_storep + (block * sdebug_sector_size),
2378 (num - rest) * sdebug_sector_size, 0, do_write);
2379 if (ret != (num - rest) * sdebug_sector_size)
2380 return ret;
2381
2382 if (rest) {
2383 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2384 fake_storep, rest * sdebug_sector_size,
2385 (num - rest) * sdebug_sector_size, do_write);
2386 }
2387
2388 return ret;
2389}
2390
2391/* If fake_store(lba,num) compares equal to arr(num), then copy top half of
2392 * arr into fake_store(lba,num) and return true. If comparison fails then
2393 * return false. */
2394static bool comp_write_worker(u64 lba, u32 num, const u8 *arr)
2395{
2396 bool res;
2397 u64 block, rest = 0;
2398 u32 store_blks = sdebug_store_sectors;
2399 u32 lb_size = sdebug_sector_size;
2400
2401 block = do_div(lba, store_blks);
2402 if (block + num > store_blks)
2403 rest = block + num - store_blks;
2404
2405 res = !memcmp(fake_storep + (block * lb_size), arr,
2406 (num - rest) * lb_size);
2407 if (!res)
2408 return res;
2409 if (rest)
2410 res = memcmp(fake_storep, arr + ((num - rest) * lb_size),
2411 rest * lb_size);
2412 if (!res)
2413 return res;
2414 arr += num * lb_size;
2415 memcpy(fake_storep + (block * lb_size), arr, (num - rest) * lb_size);
2416 if (rest)
2417 memcpy(fake_storep, arr + ((num - rest) * lb_size),
2418 rest * lb_size);
2419 return res;
2420}
2421
2422static __be16 dif_compute_csum(const void *buf, int len)
2423{
2424 __be16 csum;
2425
2426 if (sdebug_guard)
2427 csum = (__force __be16)ip_compute_csum(buf, len);
2428 else
2429 csum = cpu_to_be16(crc_t10dif(buf, len));
2430
2431 return csum;
2432}
2433
2434static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
2435 sector_t sector, u32 ei_lba)
2436{
2437 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
2438
2439 if (sdt->guard_tag != csum) {
2440 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
2441 (unsigned long)sector,
2442 be16_to_cpu(sdt->guard_tag),
2443 be16_to_cpu(csum));
2444 return 0x01;
2445 }
2446 if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
2447 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
2448 pr_err("REF check failed on sector %lu\n",
2449 (unsigned long)sector);
2450 return 0x03;
2451 }
2452 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2453 be32_to_cpu(sdt->ref_tag) != ei_lba) {
2454 pr_err("REF check failed on sector %lu\n",
2455 (unsigned long)sector);
2456 return 0x03;
2457 }
2458 return 0;
2459}
2460
2461static void dif_copy_prot(struct scsi_cmnd *SCpnt, sector_t sector,
2462 unsigned int sectors, bool read)
2463{
2464 size_t resid;
2465 void *paddr;
2466 const void *dif_store_end = dif_storep + sdebug_store_sectors;
2467 struct sg_mapping_iter miter;
2468
2469 /* Bytes of protection data to copy into sgl */
2470 resid = sectors * sizeof(*dif_storep);
2471
2472 sg_miter_start(&miter, scsi_prot_sglist(SCpnt),
2473 scsi_prot_sg_count(SCpnt), SG_MITER_ATOMIC |
2474 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
2475
2476 while (sg_miter_next(&miter) && resid > 0) {
2477 size_t len = min(miter.length, resid);
2478 void *start = dif_store(sector);
2479 size_t rest = 0;
2480
2481 if (dif_store_end < start + len)
2482 rest = start + len - dif_store_end;
2483
2484 paddr = miter.addr;
2485
2486 if (read)
2487 memcpy(paddr, start, len - rest);
2488 else
2489 memcpy(start, paddr, len - rest);
2490
2491 if (rest) {
2492 if (read)
2493 memcpy(paddr + len - rest, dif_storep, rest);
2494 else
2495 memcpy(dif_storep, paddr + len - rest, rest);
2496 }
2497
2498 sector += len / sizeof(*dif_storep);
2499 resid -= len;
2500 }
2501 sg_miter_stop(&miter);
2502}
2503
2504static int prot_verify_read(struct scsi_cmnd *SCpnt, sector_t start_sec,
2505 unsigned int sectors, u32 ei_lba)
2506{
2507 unsigned int i;
2508 struct t10_pi_tuple *sdt;
2509 sector_t sector;
2510
2511 for (i = 0; i < sectors; i++, ei_lba++) {
2512 int ret;
2513
2514 sector = start_sec + i;
2515 sdt = dif_store(sector);
2516
2517 if (sdt->app_tag == cpu_to_be16(0xffff))
2518 continue;
2519
2520 ret = dif_verify(sdt, fake_store(sector), sector, ei_lba);
2521 if (ret) {
2522 dif_errors++;
2523 return ret;
2524 }
2525 }
2526
2527 dif_copy_prot(SCpnt, start_sec, sectors, true);
2528 dix_reads++;
2529
2530 return 0;
2531}
2532
2533static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2534{
2535 u8 *cmd = scp->cmnd;
2536 struct sdebug_queued_cmd *sqcp;
2537 u64 lba;
2538 u32 num;
2539 u32 ei_lba;
2540 unsigned long iflags;
2541 int ret;
2542 bool check_prot;
2543
2544 switch (cmd[0]) {
2545 case READ_16:
2546 ei_lba = 0;
2547 lba = get_unaligned_be64(cmd + 2);
2548 num = get_unaligned_be32(cmd + 10);
2549 check_prot = true;
2550 break;
2551 case READ_10:
2552 ei_lba = 0;
2553 lba = get_unaligned_be32(cmd + 2);
2554 num = get_unaligned_be16(cmd + 7);
2555 check_prot = true;
2556 break;
2557 case READ_6:
2558 ei_lba = 0;
2559 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2560 (u32)(cmd[1] & 0x1f) << 16;
2561 num = (0 == cmd[4]) ? 256 : cmd[4];
2562 check_prot = true;
2563 break;
2564 case READ_12:
2565 ei_lba = 0;
2566 lba = get_unaligned_be32(cmd + 2);
2567 num = get_unaligned_be32(cmd + 6);
2568 check_prot = true;
2569 break;
2570 case XDWRITEREAD_10:
2571 ei_lba = 0;
2572 lba = get_unaligned_be32(cmd + 2);
2573 num = get_unaligned_be16(cmd + 7);
2574 check_prot = false;
2575 break;
2576 default: /* assume READ(32) */
2577 lba = get_unaligned_be64(cmd + 12);
2578 ei_lba = get_unaligned_be32(cmd + 20);
2579 num = get_unaligned_be32(cmd + 28);
2580 check_prot = false;
2581 break;
2582 }
2583 if (unlikely(have_dif_prot && check_prot)) {
2584 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2585 (cmd[1] & 0xe0)) {
2586 mk_sense_invalid_opcode(scp);
2587 return check_condition_result;
2588 }
2589 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
2590 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
2591 (cmd[1] & 0xe0) == 0)
2592 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
2593 "to DIF device\n");
2594 }
2595 if (unlikely(sdebug_any_injecting_opt)) {
2596 sqcp = (struct sdebug_queued_cmd *)scp->host_scribble;
2597
2598 if (sqcp) {
2599 if (sqcp->inj_short)
2600 num /= 2;
2601 }
2602 } else
2603 sqcp = NULL;
2604
2605 /* inline check_device_access_params() */
2606 if (unlikely(lba + num > sdebug_capacity)) {
2607 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2608 return check_condition_result;
2609 }
2610 /* transfer length excessive (tie in to block limits VPD page) */
2611 if (unlikely(num > sdebug_store_sectors)) {
2612 /* needs work to find which cdb byte 'num' comes from */
2613 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2614 return check_condition_result;
2615 }
2616
2617 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
2618 (lba <= (OPT_MEDIUM_ERR_ADDR + OPT_MEDIUM_ERR_NUM - 1)) &&
2619 ((lba + num) > OPT_MEDIUM_ERR_ADDR))) {
2620 /* claim unrecoverable read error */
2621 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
2622 /* set info field and valid bit for fixed descriptor */
2623 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
2624 scp->sense_buffer[0] |= 0x80; /* Valid bit */
2625 ret = (lba < OPT_MEDIUM_ERR_ADDR)
2626 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
2627 put_unaligned_be32(ret, scp->sense_buffer + 3);
2628 }
2629 scsi_set_resid(scp, scsi_bufflen(scp));
2630 return check_condition_result;
2631 }
2632
2633 read_lock_irqsave(&atomic_rw, iflags);
2634
2635 /* DIX + T10 DIF */
2636 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2637 int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
2638
2639 if (prot_ret) {
2640 read_unlock_irqrestore(&atomic_rw, iflags);
2641 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
2642 return illegal_condition_result;
2643 }
2644 }
2645
2646 ret = do_device_access(scp, lba, num, false);
2647 read_unlock_irqrestore(&atomic_rw, iflags);
2648 if (unlikely(ret == -1))
2649 return DID_ERROR << 16;
2650
2651 scsi_in(scp)->resid = scsi_bufflen(scp) - ret;
2652
2653 if (unlikely(sqcp)) {
2654 if (sqcp->inj_recovered) {
2655 mk_sense_buffer(scp, RECOVERED_ERROR,
2656 THRESHOLD_EXCEEDED, 0);
2657 return check_condition_result;
2658 } else if (sqcp->inj_transport) {
2659 mk_sense_buffer(scp, ABORTED_COMMAND,
2660 TRANSPORT_PROBLEM, ACK_NAK_TO);
2661 return check_condition_result;
2662 } else if (sqcp->inj_dif) {
2663 /* Logical block guard check failed */
2664 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2665 return illegal_condition_result;
2666 } else if (sqcp->inj_dix) {
2667 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2668 return illegal_condition_result;
2669 }
2670 }
2671 return 0;
2672}
2673
2674static void dump_sector(unsigned char *buf, int len)
2675{
2676 int i, j, n;
2677
2678 pr_err(">>> Sector Dump <<<\n");
2679 for (i = 0 ; i < len ; i += 16) {
2680 char b[128];
2681
2682 for (j = 0, n = 0; j < 16; j++) {
2683 unsigned char c = buf[i+j];
2684
2685 if (c >= 0x20 && c < 0x7e)
2686 n += scnprintf(b + n, sizeof(b) - n,
2687 " %c ", buf[i+j]);
2688 else
2689 n += scnprintf(b + n, sizeof(b) - n,
2690 "%02x ", buf[i+j]);
2691 }
2692 pr_err("%04d: %s\n", i, b);
2693 }
2694}
2695
2696static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
2697 unsigned int sectors, u32 ei_lba)
2698{
2699 int ret;
2700 struct t10_pi_tuple *sdt;
2701 void *daddr;
2702 sector_t sector = start_sec;
2703 int ppage_offset;
2704 int dpage_offset;
2705 struct sg_mapping_iter diter;
2706 struct sg_mapping_iter piter;
2707
2708 BUG_ON(scsi_sg_count(SCpnt) == 0);
2709 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
2710
2711 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
2712 scsi_prot_sg_count(SCpnt),
2713 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2714 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
2715 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2716
2717 /* For each protection page */
2718 while (sg_miter_next(&piter)) {
2719 dpage_offset = 0;
2720 if (WARN_ON(!sg_miter_next(&diter))) {
2721 ret = 0x01;
2722 goto out;
2723 }
2724
2725 for (ppage_offset = 0; ppage_offset < piter.length;
2726 ppage_offset += sizeof(struct t10_pi_tuple)) {
2727 /* If we're at the end of the current
2728 * data page advance to the next one
2729 */
2730 if (dpage_offset >= diter.length) {
2731 if (WARN_ON(!sg_miter_next(&diter))) {
2732 ret = 0x01;
2733 goto out;
2734 }
2735 dpage_offset = 0;
2736 }
2737
2738 sdt = piter.addr + ppage_offset;
2739 daddr = diter.addr + dpage_offset;
2740
2741 ret = dif_verify(sdt, daddr, sector, ei_lba);
2742 if (ret) {
2743 dump_sector(daddr, sdebug_sector_size);
2744 goto out;
2745 }
2746
2747 sector++;
2748 ei_lba++;
2749 dpage_offset += sdebug_sector_size;
2750 }
2751 diter.consumed = dpage_offset;
2752 sg_miter_stop(&diter);
2753 }
2754 sg_miter_stop(&piter);
2755
2756 dif_copy_prot(SCpnt, start_sec, sectors, false);
2757 dix_writes++;
2758
2759 return 0;
2760
2761out:
2762 dif_errors++;
2763 sg_miter_stop(&diter);
2764 sg_miter_stop(&piter);
2765 return ret;
2766}
2767
2768static unsigned long lba_to_map_index(sector_t lba)
2769{
2770 if (sdebug_unmap_alignment)
2771 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
2772 sector_div(lba, sdebug_unmap_granularity);
2773 return lba;
2774}
2775
2776static sector_t map_index_to_lba(unsigned long index)
2777{
2778 sector_t lba = index * sdebug_unmap_granularity;
2779
2780 if (sdebug_unmap_alignment)
2781 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
2782 return lba;
2783}
2784
2785static unsigned int map_state(sector_t lba, unsigned int *num)
2786{
2787 sector_t end;
2788 unsigned int mapped;
2789 unsigned long index;
2790 unsigned long next;
2791
2792 index = lba_to_map_index(lba);
2793 mapped = test_bit(index, map_storep);
2794
2795 if (mapped)
2796 next = find_next_zero_bit(map_storep, map_size, index);
2797 else
2798 next = find_next_bit(map_storep, map_size, index);
2799
2800 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
2801 *num = end - lba;
2802 return mapped;
2803}
2804
2805static void map_region(sector_t lba, unsigned int len)
2806{
2807 sector_t end = lba + len;
2808
2809 while (lba < end) {
2810 unsigned long index = lba_to_map_index(lba);
2811
2812 if (index < map_size)
2813 set_bit(index, map_storep);
2814
2815 lba = map_index_to_lba(index + 1);
2816 }
2817}
2818
2819static void unmap_region(sector_t lba, unsigned int len)
2820{
2821 sector_t end = lba + len;
2822
2823 while (lba < end) {
2824 unsigned long index = lba_to_map_index(lba);
2825
2826 if (lba == map_index_to_lba(index) &&
2827 lba + sdebug_unmap_granularity <= end &&
2828 index < map_size) {
2829 clear_bit(index, map_storep);
2830 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
2831 memset(fake_storep +
2832 lba * sdebug_sector_size,
2833 (sdebug_lbprz & 1) ? 0 : 0xff,
2834 sdebug_sector_size *
2835 sdebug_unmap_granularity);
2836 }
2837 if (dif_storep) {
2838 memset(dif_storep + lba, 0xff,
2839 sizeof(*dif_storep) *
2840 sdebug_unmap_granularity);
2841 }
2842 }
2843 lba = map_index_to_lba(index + 1);
2844 }
2845}
2846
2847static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2848{
2849 u8 *cmd = scp->cmnd;
2850 u64 lba;
2851 u32 num;
2852 u32 ei_lba;
2853 unsigned long iflags;
2854 int ret;
2855 bool check_prot;
2856
2857 switch (cmd[0]) {
2858 case WRITE_16:
2859 ei_lba = 0;
2860 lba = get_unaligned_be64(cmd + 2);
2861 num = get_unaligned_be32(cmd + 10);
2862 check_prot = true;
2863 break;
2864 case WRITE_10:
2865 ei_lba = 0;
2866 lba = get_unaligned_be32(cmd + 2);
2867 num = get_unaligned_be16(cmd + 7);
2868 check_prot = true;
2869 break;
2870 case WRITE_6:
2871 ei_lba = 0;
2872 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2873 (u32)(cmd[1] & 0x1f) << 16;
2874 num = (0 == cmd[4]) ? 256 : cmd[4];
2875 check_prot = true;
2876 break;
2877 case WRITE_12:
2878 ei_lba = 0;
2879 lba = get_unaligned_be32(cmd + 2);
2880 num = get_unaligned_be32(cmd + 6);
2881 check_prot = true;
2882 break;
2883 case 0x53: /* XDWRITEREAD(10) */
2884 ei_lba = 0;
2885 lba = get_unaligned_be32(cmd + 2);
2886 num = get_unaligned_be16(cmd + 7);
2887 check_prot = false;
2888 break;
2889 default: /* assume WRITE(32) */
2890 lba = get_unaligned_be64(cmd + 12);
2891 ei_lba = get_unaligned_be32(cmd + 20);
2892 num = get_unaligned_be32(cmd + 28);
2893 check_prot = false;
2894 break;
2895 }
2896 if (unlikely(have_dif_prot && check_prot)) {
2897 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2898 (cmd[1] & 0xe0)) {
2899 mk_sense_invalid_opcode(scp);
2900 return check_condition_result;
2901 }
2902 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
2903 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
2904 (cmd[1] & 0xe0) == 0)
2905 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
2906 "to DIF device\n");
2907 }
2908
2909 /* inline check_device_access_params() */
2910 if (unlikely(lba + num > sdebug_capacity)) {
2911 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2912 return check_condition_result;
2913 }
2914 /* transfer length excessive (tie in to block limits VPD page) */
2915 if (unlikely(num > sdebug_store_sectors)) {
2916 /* needs work to find which cdb byte 'num' comes from */
2917 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2918 return check_condition_result;
2919 }
2920
2921 write_lock_irqsave(&atomic_rw, iflags);
2922
2923 /* DIX + T10 DIF */
2924 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2925 int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
2926
2927 if (prot_ret) {
2928 write_unlock_irqrestore(&atomic_rw, iflags);
2929 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
2930 return illegal_condition_result;
2931 }
2932 }
2933
2934 ret = do_device_access(scp, lba, num, true);
2935 if (unlikely(scsi_debug_lbp()))
2936 map_region(lba, num);
2937 write_unlock_irqrestore(&atomic_rw, iflags);
2938 if (unlikely(-1 == ret))
2939 return DID_ERROR << 16;
2940 else if (unlikely(sdebug_verbose &&
2941 (ret < (num * sdebug_sector_size))))
2942 sdev_printk(KERN_INFO, scp->device,
2943 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
2944 my_name, num * sdebug_sector_size, ret);
2945
2946 if (unlikely(sdebug_any_injecting_opt)) {
2947 struct sdebug_queued_cmd *sqcp =
2948 (struct sdebug_queued_cmd *)scp->host_scribble;
2949
2950 if (sqcp) {
2951 if (sqcp->inj_recovered) {
2952 mk_sense_buffer(scp, RECOVERED_ERROR,
2953 THRESHOLD_EXCEEDED, 0);
2954 return check_condition_result;
2955 } else if (sqcp->inj_dif) {
2956 /* Logical block guard check failed */
2957 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2958 return illegal_condition_result;
2959 } else if (sqcp->inj_dix) {
2960 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2961 return illegal_condition_result;
2962 }
2963 }
2964 }
2965 return 0;
2966}
2967
2968static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
2969 u32 ei_lba, bool unmap, bool ndob)
2970{
2971 unsigned long iflags;
2972 unsigned long long i;
2973 int ret;
2974 u64 lba_off;
2975
2976 ret = check_device_access_params(scp, lba, num);
2977 if (ret)
2978 return ret;
2979
2980 write_lock_irqsave(&atomic_rw, iflags);
2981
2982 if (unmap && scsi_debug_lbp()) {
2983 unmap_region(lba, num);
2984 goto out;
2985 }
2986
2987 lba_off = lba * sdebug_sector_size;
2988 /* if ndob then zero 1 logical block, else fetch 1 logical block */
2989 if (ndob) {
2990 memset(fake_storep + lba_off, 0, sdebug_sector_size);
2991 ret = 0;
2992 } else
2993 ret = fetch_to_dev_buffer(scp, fake_storep + lba_off,
2994 sdebug_sector_size);
2995
2996 if (-1 == ret) {
2997 write_unlock_irqrestore(&atomic_rw, iflags);
2998 return DID_ERROR << 16;
2999 } else if (sdebug_verbose && (ret < (num * sdebug_sector_size)))
3000 sdev_printk(KERN_INFO, scp->device,
3001 "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
3002 my_name, "write same",
3003 num * sdebug_sector_size, ret);
3004
3005 /* Copy first sector to remaining blocks */
3006 for (i = 1 ; i < num ; i++)
3007 memcpy(fake_storep + ((lba + i) * sdebug_sector_size),
3008 fake_storep + lba_off,
3009 sdebug_sector_size);
3010
3011 if (scsi_debug_lbp())
3012 map_region(lba, num);
3013out:
3014 write_unlock_irqrestore(&atomic_rw, iflags);
3015
3016 return 0;
3017}
3018
3019static int resp_write_same_10(struct scsi_cmnd *scp,
3020 struct sdebug_dev_info *devip)
3021{
3022 u8 *cmd = scp->cmnd;
3023 u32 lba;
3024 u16 num;
3025 u32 ei_lba = 0;
3026 bool unmap = false;
3027
3028 if (cmd[1] & 0x8) {
3029 if (sdebug_lbpws10 == 0) {
3030 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3031 return check_condition_result;
3032 } else
3033 unmap = true;
3034 }
3035 lba = get_unaligned_be32(cmd + 2);
3036 num = get_unaligned_be16(cmd + 7);
3037 if (num > sdebug_write_same_length) {
3038 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3039 return check_condition_result;
3040 }
3041 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3042}
3043
3044static int resp_write_same_16(struct scsi_cmnd *scp,
3045 struct sdebug_dev_info *devip)
3046{
3047 u8 *cmd = scp->cmnd;
3048 u64 lba;
3049 u32 num;
3050 u32 ei_lba = 0;
3051 bool unmap = false;
3052 bool ndob = false;
3053
3054 if (cmd[1] & 0x8) { /* UNMAP */
3055 if (sdebug_lbpws == 0) {
3056 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3057 return check_condition_result;
3058 } else
3059 unmap = true;
3060 }
3061 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
3062 ndob = true;
3063 lba = get_unaligned_be64(cmd + 2);
3064 num = get_unaligned_be32(cmd + 10);
3065 if (num > sdebug_write_same_length) {
3066 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3067 return check_condition_result;
3068 }
3069 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3070}
3071
3072/* Note the mode field is in the same position as the (lower) service action
3073 * field. For the Report supported operation codes command, SPC-4 suggests
3074 * each mode of this command should be reported separately; for future. */
3075static int resp_write_buffer(struct scsi_cmnd *scp,
3076 struct sdebug_dev_info *devip)
3077{
3078 u8 *cmd = scp->cmnd;
3079 struct scsi_device *sdp = scp->device;
3080 struct sdebug_dev_info *dp;
3081 u8 mode;
3082
3083 mode = cmd[1] & 0x1f;
3084 switch (mode) {
3085 case 0x4: /* download microcode (MC) and activate (ACT) */
3086 /* set UAs on this device only */
3087 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3088 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3089 break;
3090 case 0x5: /* download MC, save and ACT */
3091 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3092 break;
3093 case 0x6: /* download MC with offsets and ACT */
3094 /* set UAs on most devices (LUs) in this target */
3095 list_for_each_entry(dp,
3096 &devip->sdbg_host->dev_info_list,
3097 dev_list)
3098 if (dp->target == sdp->id) {
3099 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3100 if (devip != dp)
3101 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3102 dp->uas_bm);
3103 }
3104 break;
3105 case 0x7: /* download MC with offsets, save, and ACT */
3106 /* set UA on all devices (LUs) in this target */
3107 list_for_each_entry(dp,
3108 &devip->sdbg_host->dev_info_list,
3109 dev_list)
3110 if (dp->target == sdp->id)
3111 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3112 dp->uas_bm);
3113 break;
3114 default:
3115 /* do nothing for this command for other mode values */
3116 break;
3117 }
3118 return 0;
3119}
3120
3121static int resp_comp_write(struct scsi_cmnd *scp,
3122 struct sdebug_dev_info *devip)
3123{
3124 u8 *cmd = scp->cmnd;
3125 u8 *arr;
3126 u8 *fake_storep_hold;
3127 u64 lba;
3128 u32 dnum;
3129 u32 lb_size = sdebug_sector_size;
3130 u8 num;
3131 unsigned long iflags;
3132 int ret;
3133 int retval = 0;
3134
3135 lba = get_unaligned_be64(cmd + 2);
3136 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
3137 if (0 == num)
3138 return 0; /* degenerate case, not an error */
3139 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3140 (cmd[1] & 0xe0)) {
3141 mk_sense_invalid_opcode(scp);
3142 return check_condition_result;
3143 }
3144 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3145 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3146 (cmd[1] & 0xe0) == 0)
3147 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3148 "to DIF device\n");
3149
3150 /* inline check_device_access_params() */
3151 if (lba + num > sdebug_capacity) {
3152 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3153 return check_condition_result;
3154 }
3155 /* transfer length excessive (tie in to block limits VPD page) */
3156 if (num > sdebug_store_sectors) {
3157 /* needs work to find which cdb byte 'num' comes from */
3158 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3159 return check_condition_result;
3160 }
3161 dnum = 2 * num;
3162 arr = kzalloc(dnum * lb_size, GFP_ATOMIC);
3163 if (NULL == arr) {
3164 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3165 INSUFF_RES_ASCQ);
3166 return check_condition_result;
3167 }
3168
3169 write_lock_irqsave(&atomic_rw, iflags);
3170
3171 /* trick do_device_access() to fetch both compare and write buffers
3172 * from data-in into arr. Safe (atomic) since write_lock held. */
3173 fake_storep_hold = fake_storep;
3174 fake_storep = arr;
3175 ret = do_device_access(scp, 0, dnum, true);
3176 fake_storep = fake_storep_hold;
3177 if (ret == -1) {
3178 retval = DID_ERROR << 16;
3179 goto cleanup;
3180 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3181 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3182 "indicated=%u, IO sent=%d bytes\n", my_name,
3183 dnum * lb_size, ret);
3184 if (!comp_write_worker(lba, num, arr)) {
3185 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3186 retval = check_condition_result;
3187 goto cleanup;
3188 }
3189 if (scsi_debug_lbp())
3190 map_region(lba, num);
3191cleanup:
3192 write_unlock_irqrestore(&atomic_rw, iflags);
3193 kfree(arr);
3194 return retval;
3195}
3196
3197struct unmap_block_desc {
3198 __be64 lba;
3199 __be32 blocks;
3200 __be32 __reserved;
3201};
3202
3203static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3204{
3205 unsigned char *buf;
3206 struct unmap_block_desc *desc;
3207 unsigned int i, payload_len, descriptors;
3208 int ret;
3209 unsigned long iflags;
3210
3211
3212 if (!scsi_debug_lbp())
3213 return 0; /* fib and say its done */
3214 payload_len = get_unaligned_be16(scp->cmnd + 7);
3215 BUG_ON(scsi_bufflen(scp) != payload_len);
3216
3217 descriptors = (payload_len - 8) / 16;
3218 if (descriptors > sdebug_unmap_max_desc) {
3219 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3220 return check_condition_result;
3221 }
3222
3223 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3224 if (!buf) {
3225 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3226 INSUFF_RES_ASCQ);
3227 return check_condition_result;
3228 }
3229
3230 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3231
3232 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3233 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3234
3235 desc = (void *)&buf[8];
3236
3237 write_lock_irqsave(&atomic_rw, iflags);
3238
3239 for (i = 0 ; i < descriptors ; i++) {
3240 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3241 unsigned int num = get_unaligned_be32(&desc[i].blocks);
3242
3243 ret = check_device_access_params(scp, lba, num);
3244 if (ret)
3245 goto out;
3246
3247 unmap_region(lba, num);
3248 }
3249
3250 ret = 0;
3251
3252out:
3253 write_unlock_irqrestore(&atomic_rw, iflags);
3254 kfree(buf);
3255
3256 return ret;
3257}
3258
3259#define SDEBUG_GET_LBA_STATUS_LEN 32
3260
3261static int resp_get_lba_status(struct scsi_cmnd *scp,
3262 struct sdebug_dev_info *devip)
3263{
3264 u8 *cmd = scp->cmnd;
3265 u64 lba;
3266 u32 alloc_len, mapped, num;
3267 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3268 int ret;
3269
3270 lba = get_unaligned_be64(cmd + 2);
3271 alloc_len = get_unaligned_be32(cmd + 10);
3272
3273 if (alloc_len < 24)
3274 return 0;
3275
3276 ret = check_device_access_params(scp, lba, 1);
3277 if (ret)
3278 return ret;
3279
3280 if (scsi_debug_lbp())
3281 mapped = map_state(lba, &num);
3282 else {
3283 mapped = 1;
3284 /* following just in case virtual_gb changed */
3285 sdebug_capacity = get_sdebug_capacity();
3286 if (sdebug_capacity - lba <= 0xffffffff)
3287 num = sdebug_capacity - lba;
3288 else
3289 num = 0xffffffff;
3290 }
3291
3292 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
3293 put_unaligned_be32(20, arr); /* Parameter Data Length */
3294 put_unaligned_be64(lba, arr + 8); /* LBA */
3295 put_unaligned_be32(num, arr + 16); /* Number of blocks */
3296 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
3297
3298 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
3299}
3300
3301#define RL_BUCKET_ELEMS 8
3302
3303/* Even though each pseudo target has a REPORT LUNS "well known logical unit"
3304 * (W-LUN), the normal Linux scanning logic does not associate it with a
3305 * device (e.g. /dev/sg7). The following magic will make that association:
3306 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
3307 * where <n> is a host number. If there are multiple targets in a host then
3308 * the above will associate a W-LUN to each target. To only get a W-LUN
3309 * for target 2, then use "echo '- 2 49409' > scan" .
3310 */
3311static int resp_report_luns(struct scsi_cmnd *scp,
3312 struct sdebug_dev_info *devip)
3313{
3314 unsigned char *cmd = scp->cmnd;
3315 unsigned int alloc_len;
3316 unsigned char select_report;
3317 u64 lun;
3318 struct scsi_lun *lun_p;
3319 u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
3320 unsigned int lun_cnt; /* normal LUN count (max: 256) */
3321 unsigned int wlun_cnt; /* report luns W-LUN count */
3322 unsigned int tlun_cnt; /* total LUN count */
3323 unsigned int rlen; /* response length (in bytes) */
3324 int k, j, n, res;
3325 unsigned int off_rsp = 0;
3326 const int sz_lun = sizeof(struct scsi_lun);
3327
3328 clear_luns_changed_on_target(devip);
3329
3330 select_report = cmd[2];
3331 alloc_len = get_unaligned_be32(cmd + 6);
3332
3333 if (alloc_len < 4) {
3334 pr_err("alloc len too small %d\n", alloc_len);
3335 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
3336 return check_condition_result;
3337 }
3338
3339 switch (select_report) {
3340 case 0: /* all LUNs apart from W-LUNs */
3341 lun_cnt = sdebug_max_luns;
3342 wlun_cnt = 0;
3343 break;
3344 case 1: /* only W-LUNs */
3345 lun_cnt = 0;
3346 wlun_cnt = 1;
3347 break;
3348 case 2: /* all LUNs */
3349 lun_cnt = sdebug_max_luns;
3350 wlun_cnt = 1;
3351 break;
3352 case 0x10: /* only administrative LUs */
3353 case 0x11: /* see SPC-5 */
3354 case 0x12: /* only subsiduary LUs owned by referenced LU */
3355 default:
3356 pr_debug("select report invalid %d\n", select_report);
3357 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
3358 return check_condition_result;
3359 }
3360
3361 if (sdebug_no_lun_0 && (lun_cnt > 0))
3362 --lun_cnt;
3363
3364 tlun_cnt = lun_cnt + wlun_cnt;
3365 rlen = tlun_cnt * sz_lun; /* excluding 8 byte header */
3366 scsi_set_resid(scp, scsi_bufflen(scp));
3367 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
3368 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
3369
3370 /* loops rely on sizeof response header same as sizeof lun (both 8) */
3371 lun = sdebug_no_lun_0 ? 1 : 0;
3372 for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
3373 memset(arr, 0, sizeof(arr));
3374 lun_p = (struct scsi_lun *)&arr[0];
3375 if (k == 0) {
3376 put_unaligned_be32(rlen, &arr[0]);
3377 ++lun_p;
3378 j = 1;
3379 }
3380 for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
3381 if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
3382 break;
3383 int_to_scsilun(lun++, lun_p);
3384 }
3385 if (j < RL_BUCKET_ELEMS)
3386 break;
3387 n = j * sz_lun;
3388 res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
3389 if (res)
3390 return res;
3391 off_rsp += n;
3392 }
3393 if (wlun_cnt) {
3394 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
3395 ++j;
3396 }
3397 if (j > 0)
3398 res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
3399 return res;
3400}
3401
3402static int resp_xdwriteread(struct scsi_cmnd *scp, unsigned long long lba,
3403 unsigned int num, struct sdebug_dev_info *devip)
3404{
3405 int j;
3406 unsigned char *kaddr, *buf;
3407 unsigned int offset;
3408 struct scsi_data_buffer *sdb = scsi_in(scp);
3409 struct sg_mapping_iter miter;
3410
3411 /* better not to use temporary buffer. */
3412 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3413 if (!buf) {
3414 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3415 INSUFF_RES_ASCQ);
3416 return check_condition_result;
3417 }
3418
3419 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3420
3421 offset = 0;
3422 sg_miter_start(&miter, sdb->table.sgl, sdb->table.nents,
3423 SG_MITER_ATOMIC | SG_MITER_TO_SG);
3424
3425 while (sg_miter_next(&miter)) {
3426 kaddr = miter.addr;
3427 for (j = 0; j < miter.length; j++)
3428 *(kaddr + j) ^= *(buf + offset + j);
3429
3430 offset += miter.length;
3431 }
3432 sg_miter_stop(&miter);
3433 kfree(buf);
3434
3435 return 0;
3436}
3437
3438static int resp_xdwriteread_10(struct scsi_cmnd *scp,
3439 struct sdebug_dev_info *devip)
3440{
3441 u8 *cmd = scp->cmnd;
3442 u64 lba;
3443 u32 num;
3444 int errsts;
3445
3446 if (!scsi_bidi_cmnd(scp)) {
3447 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3448 INSUFF_RES_ASCQ);
3449 return check_condition_result;
3450 }
3451 errsts = resp_read_dt0(scp, devip);
3452 if (errsts)
3453 return errsts;
3454 if (!(cmd[1] & 0x4)) { /* DISABLE_WRITE is not set */
3455 errsts = resp_write_dt0(scp, devip);
3456 if (errsts)
3457 return errsts;
3458 }
3459 lba = get_unaligned_be32(cmd + 2);
3460 num = get_unaligned_be16(cmd + 7);
3461 return resp_xdwriteread(scp, lba, num, devip);
3462}
3463
3464static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
3465{
3466 struct sdebug_queue *sqp = sdebug_q_arr;
3467
3468 if (sdebug_mq_active) {
3469 u32 tag = blk_mq_unique_tag(cmnd->request);
3470 u16 hwq = blk_mq_unique_tag_to_hwq(tag);
3471
3472 if (unlikely(hwq >= submit_queues)) {
3473 pr_warn("Unexpected hwq=%d, apply modulo\n", hwq);
3474 hwq %= submit_queues;
3475 }
3476 pr_debug("tag=%u, hwq=%d\n", tag, hwq);
3477 return sqp + hwq;
3478 } else
3479 return sqp;
3480}
3481
3482/* Queued (deferred) command completions converge here. */
3483static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
3484{
3485 int qc_idx;
3486 int retiring = 0;
3487 unsigned long iflags;
3488 struct sdebug_queue *sqp;
3489 struct sdebug_queued_cmd *sqcp;
3490 struct scsi_cmnd *scp;
3491 struct sdebug_dev_info *devip;
3492
3493 qc_idx = sd_dp->qc_idx;
3494 sqp = sdebug_q_arr + sd_dp->sqa_idx;
3495 if (sdebug_statistics) {
3496 atomic_inc(&sdebug_completions);
3497 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
3498 atomic_inc(&sdebug_miss_cpus);
3499 }
3500 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
3501 pr_err("wild qc_idx=%d\n", qc_idx);
3502 return;
3503 }
3504 spin_lock_irqsave(&sqp->qc_lock, iflags);
3505 sqcp = &sqp->qc_arr[qc_idx];
3506 scp = sqcp->a_cmnd;
3507 if (unlikely(scp == NULL)) {
3508 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3509 pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d\n",
3510 sd_dp->sqa_idx, qc_idx);
3511 return;
3512 }
3513 devip = (struct sdebug_dev_info *)scp->device->hostdata;
3514 if (likely(devip))
3515 atomic_dec(&devip->num_in_q);
3516 else
3517 pr_err("devip=NULL\n");
3518 if (unlikely(atomic_read(&retired_max_queue) > 0))
3519 retiring = 1;
3520
3521 sqcp->a_cmnd = NULL;
3522 if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
3523 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3524 pr_err("Unexpected completion\n");
3525 return;
3526 }
3527
3528 if (unlikely(retiring)) { /* user has reduced max_queue */
3529 int k, retval;
3530
3531 retval = atomic_read(&retired_max_queue);
3532 if (qc_idx >= retval) {
3533 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3534 pr_err("index %d too large\n", retval);
3535 return;
3536 }
3537 k = find_last_bit(sqp->in_use_bm, retval);
3538 if ((k < sdebug_max_queue) || (k == retval))
3539 atomic_set(&retired_max_queue, 0);
3540 else
3541 atomic_set(&retired_max_queue, k + 1);
3542 }
3543 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3544 scp->scsi_done(scp); /* callback to mid level */
3545}
3546
3547/* When high resolution timer goes off this function is called. */
3548static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
3549{
3550 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
3551 hrt);
3552 sdebug_q_cmd_complete(sd_dp);
3553 return HRTIMER_NORESTART;
3554}
3555
3556/* When work queue schedules work, it calls this function. */
3557static void sdebug_q_cmd_wq_complete(struct work_struct *work)
3558{
3559 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
3560 ew.work);
3561 sdebug_q_cmd_complete(sd_dp);
3562}
3563
3564static bool got_shared_uuid;
3565static uuid_be shared_uuid;
3566
3567static struct sdebug_dev_info *sdebug_device_create(
3568 struct sdebug_host_info *sdbg_host, gfp_t flags)
3569{
3570 struct sdebug_dev_info *devip;
3571
3572 devip = kzalloc(sizeof(*devip), flags);
3573 if (devip) {
3574 if (sdebug_uuid_ctl == 1)
3575 uuid_be_gen(&devip->lu_name);
3576 else if (sdebug_uuid_ctl == 2) {
3577 if (got_shared_uuid)
3578 devip->lu_name = shared_uuid;
3579 else {
3580 uuid_be_gen(&shared_uuid);
3581 got_shared_uuid = true;
3582 devip->lu_name = shared_uuid;
3583 }
3584 }
3585 devip->sdbg_host = sdbg_host;
3586 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
3587 }
3588 return devip;
3589}
3590
3591static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
3592{
3593 struct sdebug_host_info *sdbg_host;
3594 struct sdebug_dev_info *open_devip = NULL;
3595 struct sdebug_dev_info *devip;
3596
3597 sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
3598 if (!sdbg_host) {
3599 pr_err("Host info NULL\n");
3600 return NULL;
3601 }
3602 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
3603 if ((devip->used) && (devip->channel == sdev->channel) &&
3604 (devip->target == sdev->id) &&
3605 (devip->lun == sdev->lun))
3606 return devip;
3607 else {
3608 if ((!devip->used) && (!open_devip))
3609 open_devip = devip;
3610 }
3611 }
3612 if (!open_devip) { /* try and make a new one */
3613 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
3614 if (!open_devip) {
3615 pr_err("out of memory at line %d\n", __LINE__);
3616 return NULL;
3617 }
3618 }
3619
3620 open_devip->channel = sdev->channel;
3621 open_devip->target = sdev->id;
3622 open_devip->lun = sdev->lun;
3623 open_devip->sdbg_host = sdbg_host;
3624 atomic_set(&open_devip->num_in_q, 0);
3625 set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
3626 open_devip->used = true;
3627 return open_devip;
3628}
3629
3630static int scsi_debug_slave_alloc(struct scsi_device *sdp)
3631{
3632 if (sdebug_verbose)
3633 pr_info("slave_alloc <%u %u %u %llu>\n",
3634 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3635 queue_flag_set_unlocked(QUEUE_FLAG_BIDI, sdp->request_queue);
3636 return 0;
3637}
3638
3639static int scsi_debug_slave_configure(struct scsi_device *sdp)
3640{
3641 struct sdebug_dev_info *devip =
3642 (struct sdebug_dev_info *)sdp->hostdata;
3643
3644 if (sdebug_verbose)
3645 pr_info("slave_configure <%u %u %u %llu>\n",
3646 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3647 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
3648 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
3649 if (devip == NULL) {
3650 devip = find_build_dev_info(sdp);
3651 if (devip == NULL)
3652 return 1; /* no resources, will be marked offline */
3653 }
3654 sdp->hostdata = devip;
3655 blk_queue_max_segment_size(sdp->request_queue, -1U);
3656 if (sdebug_no_uld)
3657 sdp->no_uld_attach = 1;
3658 return 0;
3659}
3660
3661static void scsi_debug_slave_destroy(struct scsi_device *sdp)
3662{
3663 struct sdebug_dev_info *devip =
3664 (struct sdebug_dev_info *)sdp->hostdata;
3665
3666 if (sdebug_verbose)
3667 pr_info("slave_destroy <%u %u %u %llu>\n",
3668 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3669 if (devip) {
3670 /* make this slot available for re-use */
3671 devip->used = false;
3672 sdp->hostdata = NULL;
3673 }
3674}
3675
3676static void stop_qc_helper(struct sdebug_defer *sd_dp)
3677{
3678 if (!sd_dp)
3679 return;
3680 if ((sdebug_jdelay > 0) || (sdebug_ndelay > 0))
3681 hrtimer_cancel(&sd_dp->hrt);
3682 else if (sdebug_jdelay < 0)
3683 cancel_work_sync(&sd_dp->ew.work);
3684}
3685
3686/* If @cmnd found deletes its timer or work queue and returns true; else
3687 returns false */
3688static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
3689{
3690 unsigned long iflags;
3691 int j, k, qmax, r_qmax;
3692 struct sdebug_queue *sqp;
3693 struct sdebug_queued_cmd *sqcp;
3694 struct sdebug_dev_info *devip;
3695 struct sdebug_defer *sd_dp;
3696
3697 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3698 spin_lock_irqsave(&sqp->qc_lock, iflags);
3699 qmax = sdebug_max_queue;
3700 r_qmax = atomic_read(&retired_max_queue);
3701 if (r_qmax > qmax)
3702 qmax = r_qmax;
3703 for (k = 0; k < qmax; ++k) {
3704 if (test_bit(k, sqp->in_use_bm)) {
3705 sqcp = &sqp->qc_arr[k];
3706 if (cmnd != sqcp->a_cmnd)
3707 continue;
3708 /* found */
3709 devip = (struct sdebug_dev_info *)
3710 cmnd->device->hostdata;
3711 if (devip)
3712 atomic_dec(&devip->num_in_q);
3713 sqcp->a_cmnd = NULL;
3714 sd_dp = sqcp->sd_dp;
3715 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3716 stop_qc_helper(sd_dp);
3717 clear_bit(k, sqp->in_use_bm);
3718 return true;
3719 }
3720 }
3721 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3722 }
3723 return false;
3724}
3725
3726/* Deletes (stops) timers or work queues of all queued commands */
3727static void stop_all_queued(void)
3728{
3729 unsigned long iflags;
3730 int j, k;
3731 struct sdebug_queue *sqp;
3732 struct sdebug_queued_cmd *sqcp;
3733 struct sdebug_dev_info *devip;
3734 struct sdebug_defer *sd_dp;
3735
3736 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3737 spin_lock_irqsave(&sqp->qc_lock, iflags);
3738 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3739 if (test_bit(k, sqp->in_use_bm)) {
3740 sqcp = &sqp->qc_arr[k];
3741 if (sqcp->a_cmnd == NULL)
3742 continue;
3743 devip = (struct sdebug_dev_info *)
3744 sqcp->a_cmnd->device->hostdata;
3745 if (devip)
3746 atomic_dec(&devip->num_in_q);
3747 sqcp->a_cmnd = NULL;
3748 sd_dp = sqcp->sd_dp;
3749 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3750 stop_qc_helper(sd_dp);
3751 clear_bit(k, sqp->in_use_bm);
3752 spin_lock_irqsave(&sqp->qc_lock, iflags);
3753 }
3754 }
3755 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3756 }
3757}
3758
3759/* Free queued command memory on heap */
3760static void free_all_queued(void)
3761{
3762 int j, k;
3763 struct sdebug_queue *sqp;
3764 struct sdebug_queued_cmd *sqcp;
3765
3766 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3767 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3768 sqcp = &sqp->qc_arr[k];
3769 kfree(sqcp->sd_dp);
3770 sqcp->sd_dp = NULL;
3771 }
3772 }
3773}
3774
3775static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
3776{
3777 bool ok;
3778
3779 ++num_aborts;
3780 if (SCpnt) {
3781 ok = stop_queued_cmnd(SCpnt);
3782 if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3783 sdev_printk(KERN_INFO, SCpnt->device,
3784 "%s: command%s found\n", __func__,
3785 ok ? "" : " not");
3786 }
3787 return SUCCESS;
3788}
3789
3790static int scsi_debug_device_reset(struct scsi_cmnd * SCpnt)
3791{
3792 ++num_dev_resets;
3793 if (SCpnt && SCpnt->device) {
3794 struct scsi_device *sdp = SCpnt->device;
3795 struct sdebug_dev_info *devip =
3796 (struct sdebug_dev_info *)sdp->hostdata;
3797
3798 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3799 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3800 if (devip)
3801 set_bit(SDEBUG_UA_POR, devip->uas_bm);
3802 }
3803 return SUCCESS;
3804}
3805
3806static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
3807{
3808 struct sdebug_host_info *sdbg_host;
3809 struct sdebug_dev_info *devip;
3810 struct scsi_device *sdp;
3811 struct Scsi_Host *hp;
3812 int k = 0;
3813
3814 ++num_target_resets;
3815 if (!SCpnt)
3816 goto lie;
3817 sdp = SCpnt->device;
3818 if (!sdp)
3819 goto lie;
3820 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3821 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3822 hp = sdp->host;
3823 if (!hp)
3824 goto lie;
3825 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3826 if (sdbg_host) {
3827 list_for_each_entry(devip,
3828 &sdbg_host->dev_info_list,
3829 dev_list)
3830 if (devip->target == sdp->id) {
3831 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3832 ++k;
3833 }
3834 }
3835 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3836 sdev_printk(KERN_INFO, sdp,
3837 "%s: %d device(s) found in target\n", __func__, k);
3838lie:
3839 return SUCCESS;
3840}
3841
3842static int scsi_debug_bus_reset(struct scsi_cmnd * SCpnt)
3843{
3844 struct sdebug_host_info *sdbg_host;
3845 struct sdebug_dev_info *devip;
3846 struct scsi_device * sdp;
3847 struct Scsi_Host * hp;
3848 int k = 0;
3849
3850 ++num_bus_resets;
3851 if (!(SCpnt && SCpnt->device))
3852 goto lie;
3853 sdp = SCpnt->device;
3854 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3855 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3856 hp = sdp->host;
3857 if (hp) {
3858 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3859 if (sdbg_host) {
3860 list_for_each_entry(devip,
3861 &sdbg_host->dev_info_list,
3862 dev_list) {
3863 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3864 ++k;
3865 }
3866 }
3867 }
3868 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3869 sdev_printk(KERN_INFO, sdp,
3870 "%s: %d device(s) found in host\n", __func__, k);
3871lie:
3872 return SUCCESS;
3873}
3874
3875static int scsi_debug_host_reset(struct scsi_cmnd * SCpnt)
3876{
3877 struct sdebug_host_info * sdbg_host;
3878 struct sdebug_dev_info *devip;
3879 int k = 0;
3880
3881 ++num_host_resets;
3882 if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3883 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
3884 spin_lock(&sdebug_host_list_lock);
3885 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
3886 list_for_each_entry(devip, &sdbg_host->dev_info_list,
3887 dev_list) {
3888 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3889 ++k;
3890 }
3891 }
3892 spin_unlock(&sdebug_host_list_lock);
3893 stop_all_queued();
3894 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3895 sdev_printk(KERN_INFO, SCpnt->device,
3896 "%s: %d device(s) found\n", __func__, k);
3897 return SUCCESS;
3898}
3899
3900static void __init sdebug_build_parts(unsigned char *ramp,
3901 unsigned long store_size)
3902{
3903 struct partition * pp;
3904 int starts[SDEBUG_MAX_PARTS + 2];
3905 int sectors_per_part, num_sectors, k;
3906 int heads_by_sects, start_sec, end_sec;
3907
3908 /* assume partition table already zeroed */
3909 if ((sdebug_num_parts < 1) || (store_size < 1048576))
3910 return;
3911 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
3912 sdebug_num_parts = SDEBUG_MAX_PARTS;
3913 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
3914 }
3915 num_sectors = (int)sdebug_store_sectors;
3916 sectors_per_part = (num_sectors - sdebug_sectors_per)
3917 / sdebug_num_parts;
3918 heads_by_sects = sdebug_heads * sdebug_sectors_per;
3919 starts[0] = sdebug_sectors_per;
3920 for (k = 1; k < sdebug_num_parts; ++k)
3921 starts[k] = ((k * sectors_per_part) / heads_by_sects)
3922 * heads_by_sects;
3923 starts[sdebug_num_parts] = num_sectors;
3924 starts[sdebug_num_parts + 1] = 0;
3925
3926 ramp[510] = 0x55; /* magic partition markings */
3927 ramp[511] = 0xAA;
3928 pp = (struct partition *)(ramp + 0x1be);
3929 for (k = 0; starts[k + 1]; ++k, ++pp) {
3930 start_sec = starts[k];
3931 end_sec = starts[k + 1] - 1;
3932 pp->boot_ind = 0;
3933
3934 pp->cyl = start_sec / heads_by_sects;
3935 pp->head = (start_sec - (pp->cyl * heads_by_sects))
3936 / sdebug_sectors_per;
3937 pp->sector = (start_sec % sdebug_sectors_per) + 1;
3938
3939 pp->end_cyl = end_sec / heads_by_sects;
3940 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
3941 / sdebug_sectors_per;
3942 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
3943
3944 pp->start_sect = cpu_to_le32(start_sec);
3945 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
3946 pp->sys_ind = 0x83; /* plain Linux partition */
3947 }
3948}
3949
3950static void block_unblock_all_queues(bool block)
3951{
3952 int j;
3953 struct sdebug_queue *sqp;
3954
3955 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
3956 atomic_set(&sqp->blocked, (int)block);
3957}
3958
3959/* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
3960 * commands will be processed normally before triggers occur.
3961 */
3962static void tweak_cmnd_count(void)
3963{
3964 int count, modulo;
3965
3966 modulo = abs(sdebug_every_nth);
3967 if (modulo < 2)
3968 return;
3969 block_unblock_all_queues(true);
3970 count = atomic_read(&sdebug_cmnd_count);
3971 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
3972 block_unblock_all_queues(false);
3973}
3974
3975static void clear_queue_stats(void)
3976{
3977 atomic_set(&sdebug_cmnd_count, 0);
3978 atomic_set(&sdebug_completions, 0);
3979 atomic_set(&sdebug_miss_cpus, 0);
3980 atomic_set(&sdebug_a_tsf, 0);
3981}
3982
3983static void setup_inject(struct sdebug_queue *sqp,
3984 struct sdebug_queued_cmd *sqcp)
3985{
3986 if ((atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0)
3987 return;
3988 sqcp->inj_recovered = !!(SDEBUG_OPT_RECOVERED_ERR & sdebug_opts);
3989 sqcp->inj_transport = !!(SDEBUG_OPT_TRANSPORT_ERR & sdebug_opts);
3990 sqcp->inj_dif = !!(SDEBUG_OPT_DIF_ERR & sdebug_opts);
3991 sqcp->inj_dix = !!(SDEBUG_OPT_DIX_ERR & sdebug_opts);
3992 sqcp->inj_short = !!(SDEBUG_OPT_SHORT_TRANSFER & sdebug_opts);
3993}
3994
3995/* Complete the processing of the thread that queued a SCSI command to this
3996 * driver. It either completes the command by calling cmnd_done() or
3997 * schedules a hr timer or work queue then returns 0. Returns
3998 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
3999 */
4000static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
4001 int scsi_result, int delta_jiff)
4002{
4003 unsigned long iflags;
4004 int k, num_in_q, qdepth, inject;
4005 struct sdebug_queue *sqp;
4006 struct sdebug_queued_cmd *sqcp;
4007 struct scsi_device *sdp;
4008 struct sdebug_defer *sd_dp;
4009
4010 if (unlikely(devip == NULL)) {
4011 if (scsi_result == 0)
4012 scsi_result = DID_NO_CONNECT << 16;
4013 goto respond_in_thread;
4014 }
4015 sdp = cmnd->device;
4016
4017 if (unlikely(sdebug_verbose && scsi_result))
4018 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
4019 __func__, scsi_result);
4020 if (delta_jiff == 0)
4021 goto respond_in_thread;
4022
4023 /* schedule the response at a later time if resources permit */
4024 sqp = get_queue(cmnd);
4025 spin_lock_irqsave(&sqp->qc_lock, iflags);
4026 if (unlikely(atomic_read(&sqp->blocked))) {
4027 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4028 return SCSI_MLQUEUE_HOST_BUSY;
4029 }
4030 num_in_q = atomic_read(&devip->num_in_q);
4031 qdepth = cmnd->device->queue_depth;
4032 inject = 0;
4033 if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
4034 if (scsi_result) {
4035 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4036 goto respond_in_thread;
4037 } else
4038 scsi_result = device_qfull_result;
4039 } else if (unlikely(sdebug_every_nth &&
4040 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
4041 (scsi_result == 0))) {
4042 if ((num_in_q == (qdepth - 1)) &&
4043 (atomic_inc_return(&sdebug_a_tsf) >=
4044 abs(sdebug_every_nth))) {
4045 atomic_set(&sdebug_a_tsf, 0);
4046 inject = 1;
4047 scsi_result = device_qfull_result;
4048 }
4049 }
4050
4051 k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
4052 if (unlikely(k >= sdebug_max_queue)) {
4053 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4054 if (scsi_result)
4055 goto respond_in_thread;
4056 else if (SDEBUG_OPT_ALL_TSF & sdebug_opts)
4057 scsi_result = device_qfull_result;
4058 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
4059 sdev_printk(KERN_INFO, sdp,
4060 "%s: max_queue=%d exceeded, %s\n",
4061 __func__, sdebug_max_queue,
4062 (scsi_result ? "status: TASK SET FULL" :
4063 "report: host busy"));
4064 if (scsi_result)
4065 goto respond_in_thread;
4066 else
4067 return SCSI_MLQUEUE_HOST_BUSY;
4068 }
4069 __set_bit(k, sqp->in_use_bm);
4070 atomic_inc(&devip->num_in_q);
4071 sqcp = &sqp->qc_arr[k];
4072 sqcp->a_cmnd = cmnd;
4073 cmnd->host_scribble = (unsigned char *)sqcp;
4074 cmnd->result = scsi_result;
4075 sd_dp = sqcp->sd_dp;
4076 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4077 if (unlikely(sdebug_every_nth && sdebug_any_injecting_opt))
4078 setup_inject(sqp, sqcp);
4079 if (delta_jiff > 0 || sdebug_ndelay > 0) {
4080 ktime_t kt;
4081
4082 if (delta_jiff > 0) {
4083 struct timespec ts;
4084
4085 jiffies_to_timespec(delta_jiff, &ts);
4086 kt = ktime_set(ts.tv_sec, ts.tv_nsec);
4087 } else
4088 kt = sdebug_ndelay;
4089 if (NULL == sd_dp) {
4090 sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
4091 if (NULL == sd_dp)
4092 return SCSI_MLQUEUE_HOST_BUSY;
4093 sqcp->sd_dp = sd_dp;
4094 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
4095 HRTIMER_MODE_REL_PINNED);
4096 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
4097 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4098 sd_dp->qc_idx = k;
4099 }
4100 if (sdebug_statistics)
4101 sd_dp->issuing_cpu = raw_smp_processor_id();
4102 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
4103 } else { /* jdelay < 0, use work queue */
4104 if (NULL == sd_dp) {
4105 sd_dp = kzalloc(sizeof(*sqcp->sd_dp), GFP_ATOMIC);
4106 if (NULL == sd_dp)
4107 return SCSI_MLQUEUE_HOST_BUSY;
4108 sqcp->sd_dp = sd_dp;
4109 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4110 sd_dp->qc_idx = k;
4111 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
4112 }
4113 if (sdebug_statistics)
4114 sd_dp->issuing_cpu = raw_smp_processor_id();
4115 schedule_work(&sd_dp->ew.work);
4116 }
4117 if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) &&
4118 (scsi_result == device_qfull_result)))
4119 sdev_printk(KERN_INFO, sdp,
4120 "%s: num_in_q=%d +1, %s%s\n", __func__,
4121 num_in_q, (inject ? "<inject> " : ""),
4122 "status: TASK SET FULL");
4123 return 0;
4124
4125respond_in_thread: /* call back to mid-layer using invocation thread */
4126 cmnd->result = scsi_result;
4127 cmnd->scsi_done(cmnd);
4128 return 0;
4129}
4130
4131/* Note: The following macros create attribute files in the
4132 /sys/module/scsi_debug/parameters directory. Unfortunately this
4133 driver is unaware of a change and cannot trigger auxiliary actions
4134 as it can when the corresponding attribute in the
4135 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
4136 */
4137module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
4138module_param_named(ato, sdebug_ato, int, S_IRUGO);
4139module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
4140module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
4141module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
4142module_param_named(dif, sdebug_dif, int, S_IRUGO);
4143module_param_named(dix, sdebug_dix, int, S_IRUGO);
4144module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
4145module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
4146module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
4147module_param_named(guard, sdebug_guard, uint, S_IRUGO);
4148module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
4149module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
4150module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
4151module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
4152module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
4153module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
4154module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
4155module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
4156module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
4157module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
4158module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
4159module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
4160module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
4161module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
4162module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
4163module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
4164module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
4165module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
4166module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
4167module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
4168module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
4169module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
4170module_param_named(submit_queues, submit_queues, int, S_IRUGO);
4171module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
4172module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
4173module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
4174module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
4175module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
4176module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
4177module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
4178 S_IRUGO | S_IWUSR);
4179module_param_named(write_same_length, sdebug_write_same_length, int,
4180 S_IRUGO | S_IWUSR);
4181
4182MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
4183MODULE_DESCRIPTION("SCSI debug adapter driver");
4184MODULE_LICENSE("GPL");
4185MODULE_VERSION(SDEBUG_VERSION);
4186
4187MODULE_PARM_DESC(add_host, "0..127 hosts allowed(def=1)");
4188MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
4189MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
4190MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
4191MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
4192MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
4193MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
4194MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
4195MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
4196MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
4197MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
4198MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
4199MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
4200MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
4201MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
4202MODULE_PARM_DESC(lbprz,
4203 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
4204MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
4205MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
4206MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
4207MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
4208MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
4209MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
4210MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
4211MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
4212MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
4213MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
4214MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
4215MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
4216MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
4217MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
4218MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
4219MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
4220MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
4221MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
4222MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
4223MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
4224MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
4225MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
4226MODULE_PARM_DESC(uuid_ctl,
4227 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
4228MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
4229MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
4230MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
4231
4232#define SDEBUG_INFO_LEN 256
4233static char sdebug_info[SDEBUG_INFO_LEN];
4234
4235static const char * scsi_debug_info(struct Scsi_Host * shp)
4236{
4237 int k;
4238
4239 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
4240 my_name, SDEBUG_VERSION, sdebug_version_date);
4241 if (k >= (SDEBUG_INFO_LEN - 1))
4242 return sdebug_info;
4243 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
4244 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
4245 sdebug_dev_size_mb, sdebug_opts, submit_queues,
4246 "statistics", (int)sdebug_statistics);
4247 return sdebug_info;
4248}
4249
4250/* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
4251static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
4252 int length)
4253{
4254 char arr[16];
4255 int opts;
4256 int minLen = length > 15 ? 15 : length;
4257
4258 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
4259 return -EACCES;
4260 memcpy(arr, buffer, minLen);
4261 arr[minLen] = '\0';
4262 if (1 != sscanf(arr, "%d", &opts))
4263 return -EINVAL;
4264 sdebug_opts = opts;
4265 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4266 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4267 if (sdebug_every_nth != 0)
4268 tweak_cmnd_count();
4269 return length;
4270}
4271
4272/* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
4273 * same for each scsi_debug host (if more than one). Some of the counters
4274 * output are not atomics so might be inaccurate in a busy system. */
4275static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
4276{
4277 int f, j, l;
4278 struct sdebug_queue *sqp;
4279
4280 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
4281 SDEBUG_VERSION, sdebug_version_date);
4282 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
4283 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
4284 sdebug_opts, sdebug_every_nth);
4285 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
4286 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
4287 sdebug_sector_size, "bytes");
4288 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
4289 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
4290 num_aborts);
4291 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
4292 num_dev_resets, num_target_resets, num_bus_resets,
4293 num_host_resets);
4294 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
4295 dix_reads, dix_writes, dif_errors);
4296 seq_printf(m, "usec_in_jiffy=%lu, %s=%d, mq_active=%d\n",
4297 TICK_NSEC / 1000, "statistics", sdebug_statistics,
4298 sdebug_mq_active);
4299 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
4300 atomic_read(&sdebug_cmnd_count),
4301 atomic_read(&sdebug_completions),
4302 "miss_cpus", atomic_read(&sdebug_miss_cpus),
4303 atomic_read(&sdebug_a_tsf));
4304
4305 seq_printf(m, "submit_queues=%d\n", submit_queues);
4306 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
4307 seq_printf(m, " queue %d:\n", j);
4308 f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
4309 if (f != sdebug_max_queue) {
4310 l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
4311 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
4312 "first,last bits", f, l);
4313 }
4314 }
4315 return 0;
4316}
4317
4318static ssize_t delay_show(struct device_driver *ddp, char *buf)
4319{
4320 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
4321}
4322/* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
4323 * of delay is jiffies.
4324 */
4325static ssize_t delay_store(struct device_driver *ddp, const char *buf,
4326 size_t count)
4327{
4328 int jdelay, res;
4329
4330 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
4331 res = count;
4332 if (sdebug_jdelay != jdelay) {
4333 int j, k;
4334 struct sdebug_queue *sqp;
4335
4336 block_unblock_all_queues(true);
4337 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4338 ++j, ++sqp) {
4339 k = find_first_bit(sqp->in_use_bm,
4340 sdebug_max_queue);
4341 if (k != sdebug_max_queue) {
4342 res = -EBUSY; /* queued commands */
4343 break;
4344 }
4345 }
4346 if (res > 0) {
4347 /* make sure sdebug_defer instances get
4348 * re-allocated for new delay variant */
4349 free_all_queued();
4350 sdebug_jdelay = jdelay;
4351 sdebug_ndelay = 0;
4352 }
4353 block_unblock_all_queues(false);
4354 }
4355 return res;
4356 }
4357 return -EINVAL;
4358}
4359static DRIVER_ATTR_RW(delay);
4360
4361static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
4362{
4363 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
4364}
4365/* Returns -EBUSY if ndelay is being changed and commands are queued */
4366/* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
4367static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
4368 size_t count)
4369{
4370 int ndelay, res;
4371
4372 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
4373 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
4374 res = count;
4375 if (sdebug_ndelay != ndelay) {
4376 int j, k;
4377 struct sdebug_queue *sqp;
4378
4379 block_unblock_all_queues(true);
4380 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4381 ++j, ++sqp) {
4382 k = find_first_bit(sqp->in_use_bm,
4383 sdebug_max_queue);
4384 if (k != sdebug_max_queue) {
4385 res = -EBUSY; /* queued commands */
4386 break;
4387 }
4388 }
4389 if (res > 0) {
4390 /* make sure sdebug_defer instances get
4391 * re-allocated for new delay variant */
4392 free_all_queued();
4393 sdebug_ndelay = ndelay;
4394 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
4395 : DEF_JDELAY;
4396 }
4397 block_unblock_all_queues(false);
4398 }
4399 return res;
4400 }
4401 return -EINVAL;
4402}
4403static DRIVER_ATTR_RW(ndelay);
4404
4405static ssize_t opts_show(struct device_driver *ddp, char *buf)
4406{
4407 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
4408}
4409
4410static ssize_t opts_store(struct device_driver *ddp, const char *buf,
4411 size_t count)
4412{
4413 int opts;
4414 char work[20];
4415
4416 if (1 == sscanf(buf, "%10s", work)) {
4417 if (0 == strncasecmp(work,"0x", 2)) {
4418 if (1 == sscanf(&work[2], "%x", &opts))
4419 goto opts_done;
4420 } else {
4421 if (1 == sscanf(work, "%d", &opts))
4422 goto opts_done;
4423 }
4424 }
4425 return -EINVAL;
4426opts_done:
4427 sdebug_opts = opts;
4428 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4429 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4430 tweak_cmnd_count();
4431 return count;
4432}
4433static DRIVER_ATTR_RW(opts);
4434
4435static ssize_t ptype_show(struct device_driver *ddp, char *buf)
4436{
4437 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
4438}
4439static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
4440 size_t count)
4441{
4442 int n;
4443
4444 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4445 sdebug_ptype = n;
4446 return count;
4447 }
4448 return -EINVAL;
4449}
4450static DRIVER_ATTR_RW(ptype);
4451
4452static ssize_t dsense_show(struct device_driver *ddp, char *buf)
4453{
4454 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
4455}
4456static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
4457 size_t count)
4458{
4459 int n;
4460
4461 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4462 sdebug_dsense = n;
4463 return count;
4464 }
4465 return -EINVAL;
4466}
4467static DRIVER_ATTR_RW(dsense);
4468
4469static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
4470{
4471 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
4472}
4473static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
4474 size_t count)
4475{
4476 int n;
4477
4478 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4479 n = (n > 0);
4480 sdebug_fake_rw = (sdebug_fake_rw > 0);
4481 if (sdebug_fake_rw != n) {
4482 if ((0 == n) && (NULL == fake_storep)) {
4483 unsigned long sz =
4484 (unsigned long)sdebug_dev_size_mb *
4485 1048576;
4486
4487 fake_storep = vmalloc(sz);
4488 if (NULL == fake_storep) {
4489 pr_err("out of memory, 9\n");
4490 return -ENOMEM;
4491 }
4492 memset(fake_storep, 0, sz);
4493 }
4494 sdebug_fake_rw = n;
4495 }
4496 return count;
4497 }
4498 return -EINVAL;
4499}
4500static DRIVER_ATTR_RW(fake_rw);
4501
4502static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
4503{
4504 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
4505}
4506static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
4507 size_t count)
4508{
4509 int n;
4510
4511 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4512 sdebug_no_lun_0 = n;
4513 return count;
4514 }
4515 return -EINVAL;
4516}
4517static DRIVER_ATTR_RW(no_lun_0);
4518
4519static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
4520{
4521 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
4522}
4523static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
4524 size_t count)
4525{
4526 int n;
4527
4528 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4529 sdebug_num_tgts = n;
4530 sdebug_max_tgts_luns();
4531 return count;
4532 }
4533 return -EINVAL;
4534}
4535static DRIVER_ATTR_RW(num_tgts);
4536
4537static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
4538{
4539 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
4540}
4541static DRIVER_ATTR_RO(dev_size_mb);
4542
4543static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
4544{
4545 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
4546}
4547static DRIVER_ATTR_RO(num_parts);
4548
4549static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
4550{
4551 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
4552}
4553static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
4554 size_t count)
4555{
4556 int nth;
4557
4558 if ((count > 0) && (1 == sscanf(buf, "%d", &nth))) {
4559 sdebug_every_nth = nth;
4560 if (nth && !sdebug_statistics) {
4561 pr_info("every_nth needs statistics=1, set it\n");
4562 sdebug_statistics = true;
4563 }
4564 tweak_cmnd_count();
4565 return count;
4566 }
4567 return -EINVAL;
4568}
4569static DRIVER_ATTR_RW(every_nth);
4570
4571static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
4572{
4573 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
4574}
4575static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
4576 size_t count)
4577{
4578 int n;
4579 bool changed;
4580
4581 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4582 if (n > 256) {
4583 pr_warn("max_luns can be no more than 256\n");
4584 return -EINVAL;
4585 }
4586 changed = (sdebug_max_luns != n);
4587 sdebug_max_luns = n;
4588 sdebug_max_tgts_luns();
4589 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
4590 struct sdebug_host_info *sdhp;
4591 struct sdebug_dev_info *dp;
4592
4593 spin_lock(&sdebug_host_list_lock);
4594 list_for_each_entry(sdhp, &sdebug_host_list,
4595 host_list) {
4596 list_for_each_entry(dp, &sdhp->dev_info_list,
4597 dev_list) {
4598 set_bit(SDEBUG_UA_LUNS_CHANGED,
4599 dp->uas_bm);
4600 }
4601 }
4602 spin_unlock(&sdebug_host_list_lock);
4603 }
4604 return count;
4605 }
4606 return -EINVAL;
4607}
4608static DRIVER_ATTR_RW(max_luns);
4609
4610static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
4611{
4612 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
4613}
4614/* N.B. max_queue can be changed while there are queued commands. In flight
4615 * commands beyond the new max_queue will be completed. */
4616static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
4617 size_t count)
4618{
4619 int j, n, k, a;
4620 struct sdebug_queue *sqp;
4621
4622 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
4623 (n <= SDEBUG_CANQUEUE)) {
4624 block_unblock_all_queues(true);
4625 k = 0;
4626 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4627 ++j, ++sqp) {
4628 a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
4629 if (a > k)
4630 k = a;
4631 }
4632 sdebug_max_queue = n;
4633 if (k == SDEBUG_CANQUEUE)
4634 atomic_set(&retired_max_queue, 0);
4635 else if (k >= n)
4636 atomic_set(&retired_max_queue, k + 1);
4637 else
4638 atomic_set(&retired_max_queue, 0);
4639 block_unblock_all_queues(false);
4640 return count;
4641 }
4642 return -EINVAL;
4643}
4644static DRIVER_ATTR_RW(max_queue);
4645
4646static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
4647{
4648 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
4649}
4650static DRIVER_ATTR_RO(no_uld);
4651
4652static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
4653{
4654 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
4655}
4656static DRIVER_ATTR_RO(scsi_level);
4657
4658static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
4659{
4660 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
4661}
4662static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
4663 size_t count)
4664{
4665 int n;
4666 bool changed;
4667
4668 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4669 changed = (sdebug_virtual_gb != n);
4670 sdebug_virtual_gb = n;
4671 sdebug_capacity = get_sdebug_capacity();
4672 if (changed) {
4673 struct sdebug_host_info *sdhp;
4674 struct sdebug_dev_info *dp;
4675
4676 spin_lock(&sdebug_host_list_lock);
4677 list_for_each_entry(sdhp, &sdebug_host_list,
4678 host_list) {
4679 list_for_each_entry(dp, &sdhp->dev_info_list,
4680 dev_list) {
4681 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
4682 dp->uas_bm);
4683 }
4684 }
4685 spin_unlock(&sdebug_host_list_lock);
4686 }
4687 return count;
4688 }
4689 return -EINVAL;
4690}
4691static DRIVER_ATTR_RW(virtual_gb);
4692
4693static ssize_t add_host_show(struct device_driver *ddp, char *buf)
4694{
4695 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_add_host);
4696}
4697
4698static int sdebug_add_adapter(void);
4699static void sdebug_remove_adapter(void);
4700
4701static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
4702 size_t count)
4703{
4704 int delta_hosts;
4705
4706 if (sscanf(buf, "%d", &delta_hosts) != 1)
4707 return -EINVAL;
4708 if (delta_hosts > 0) {
4709 do {
4710 sdebug_add_adapter();
4711 } while (--delta_hosts);
4712 } else if (delta_hosts < 0) {
4713 do {
4714 sdebug_remove_adapter();
4715 } while (++delta_hosts);
4716 }
4717 return count;
4718}
4719static DRIVER_ATTR_RW(add_host);
4720
4721static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
4722{
4723 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
4724}
4725static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
4726 size_t count)
4727{
4728 int n;
4729
4730 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4731 sdebug_vpd_use_hostno = n;
4732 return count;
4733 }
4734 return -EINVAL;
4735}
4736static DRIVER_ATTR_RW(vpd_use_hostno);
4737
4738static ssize_t statistics_show(struct device_driver *ddp, char *buf)
4739{
4740 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
4741}
4742static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
4743 size_t count)
4744{
4745 int n;
4746
4747 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
4748 if (n > 0)
4749 sdebug_statistics = true;
4750 else {
4751 clear_queue_stats();
4752 sdebug_statistics = false;
4753 }
4754 return count;
4755 }
4756 return -EINVAL;
4757}
4758static DRIVER_ATTR_RW(statistics);
4759
4760static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
4761{
4762 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
4763}
4764static DRIVER_ATTR_RO(sector_size);
4765
4766static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
4767{
4768 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
4769}
4770static DRIVER_ATTR_RO(submit_queues);
4771
4772static ssize_t dix_show(struct device_driver *ddp, char *buf)
4773{
4774 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
4775}
4776static DRIVER_ATTR_RO(dix);
4777
4778static ssize_t dif_show(struct device_driver *ddp, char *buf)
4779{
4780 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
4781}
4782static DRIVER_ATTR_RO(dif);
4783
4784static ssize_t guard_show(struct device_driver *ddp, char *buf)
4785{
4786 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
4787}
4788static DRIVER_ATTR_RO(guard);
4789
4790static ssize_t ato_show(struct device_driver *ddp, char *buf)
4791{
4792 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
4793}
4794static DRIVER_ATTR_RO(ato);
4795
4796static ssize_t map_show(struct device_driver *ddp, char *buf)
4797{
4798 ssize_t count;
4799
4800 if (!scsi_debug_lbp())
4801 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
4802 sdebug_store_sectors);
4803
4804 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
4805 (int)map_size, map_storep);
4806 buf[count++] = '\n';
4807 buf[count] = '\0';
4808
4809 return count;
4810}
4811static DRIVER_ATTR_RO(map);
4812
4813static ssize_t removable_show(struct device_driver *ddp, char *buf)
4814{
4815 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
4816}
4817static ssize_t removable_store(struct device_driver *ddp, const char *buf,
4818 size_t count)
4819{
4820 int n;
4821
4822 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4823 sdebug_removable = (n > 0);
4824 return count;
4825 }
4826 return -EINVAL;
4827}
4828static DRIVER_ATTR_RW(removable);
4829
4830static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
4831{
4832 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
4833}
4834/* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
4835static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
4836 size_t count)
4837{
4838 int n;
4839
4840 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4841 sdebug_host_lock = (n > 0);
4842 return count;
4843 }
4844 return -EINVAL;
4845}
4846static DRIVER_ATTR_RW(host_lock);
4847
4848static ssize_t strict_show(struct device_driver *ddp, char *buf)
4849{
4850 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
4851}
4852static ssize_t strict_store(struct device_driver *ddp, const char *buf,
4853 size_t count)
4854{
4855 int n;
4856
4857 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4858 sdebug_strict = (n > 0);
4859 return count;
4860 }
4861 return -EINVAL;
4862}
4863static DRIVER_ATTR_RW(strict);
4864
4865static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
4866{
4867 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
4868}
4869static DRIVER_ATTR_RO(uuid_ctl);
4870
4871
4872/* Note: The following array creates attribute files in the
4873 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
4874 files (over those found in the /sys/module/scsi_debug/parameters
4875 directory) is that auxiliary actions can be triggered when an attribute
4876 is changed. For example see: sdebug_add_host_store() above.
4877 */
4878
4879static struct attribute *sdebug_drv_attrs[] = {
4880 &driver_attr_delay.attr,
4881 &driver_attr_opts.attr,
4882 &driver_attr_ptype.attr,
4883 &driver_attr_dsense.attr,
4884 &driver_attr_fake_rw.attr,
4885 &driver_attr_no_lun_0.attr,
4886 &driver_attr_num_tgts.attr,
4887 &driver_attr_dev_size_mb.attr,
4888 &driver_attr_num_parts.attr,
4889 &driver_attr_every_nth.attr,
4890 &driver_attr_max_luns.attr,
4891 &driver_attr_max_queue.attr,
4892 &driver_attr_no_uld.attr,
4893 &driver_attr_scsi_level.attr,
4894 &driver_attr_virtual_gb.attr,
4895 &driver_attr_add_host.attr,
4896 &driver_attr_vpd_use_hostno.attr,
4897 &driver_attr_sector_size.attr,
4898 &driver_attr_statistics.attr,
4899 &driver_attr_submit_queues.attr,
4900 &driver_attr_dix.attr,
4901 &driver_attr_dif.attr,
4902 &driver_attr_guard.attr,
4903 &driver_attr_ato.attr,
4904 &driver_attr_map.attr,
4905 &driver_attr_removable.attr,
4906 &driver_attr_host_lock.attr,
4907 &driver_attr_ndelay.attr,
4908 &driver_attr_strict.attr,
4909 &driver_attr_uuid_ctl.attr,
4910 NULL,
4911};
4912ATTRIBUTE_GROUPS(sdebug_drv);
4913
4914static struct device *pseudo_primary;
4915
4916static int __init scsi_debug_init(void)
4917{
4918 unsigned long sz;
4919 int host_to_add;
4920 int k;
4921 int ret;
4922
4923 atomic_set(&retired_max_queue, 0);
4924
4925 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
4926 pr_warn("ndelay must be less than 1 second, ignored\n");
4927 sdebug_ndelay = 0;
4928 } else if (sdebug_ndelay > 0)
4929 sdebug_jdelay = JDELAY_OVERRIDDEN;
4930
4931 switch (sdebug_sector_size) {
4932 case 512:
4933 case 1024:
4934 case 2048:
4935 case 4096:
4936 break;
4937 default:
4938 pr_err("invalid sector_size %d\n", sdebug_sector_size);
4939 return -EINVAL;
4940 }
4941
4942 switch (sdebug_dif) {
4943 case T10_PI_TYPE0_PROTECTION:
4944 break;
4945 case T10_PI_TYPE1_PROTECTION:
4946 case T10_PI_TYPE2_PROTECTION:
4947 case T10_PI_TYPE3_PROTECTION:
4948 have_dif_prot = true;
4949 break;
4950
4951 default:
4952 pr_err("dif must be 0, 1, 2 or 3\n");
4953 return -EINVAL;
4954 }
4955
4956 if (sdebug_guard > 1) {
4957 pr_err("guard must be 0 or 1\n");
4958 return -EINVAL;
4959 }
4960
4961 if (sdebug_ato > 1) {
4962 pr_err("ato must be 0 or 1\n");
4963 return -EINVAL;
4964 }
4965
4966 if (sdebug_physblk_exp > 15) {
4967 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
4968 return -EINVAL;
4969 }
4970 if (sdebug_max_luns > 256) {
4971 pr_warn("max_luns can be no more than 256, use default\n");
4972 sdebug_max_luns = DEF_MAX_LUNS;
4973 }
4974
4975 if (sdebug_lowest_aligned > 0x3fff) {
4976 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
4977 return -EINVAL;
4978 }
4979
4980 if (submit_queues < 1) {
4981 pr_err("submit_queues must be 1 or more\n");
4982 return -EINVAL;
4983 }
4984 sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
4985 GFP_KERNEL);
4986 if (sdebug_q_arr == NULL)
4987 return -ENOMEM;
4988 for (k = 0; k < submit_queues; ++k)
4989 spin_lock_init(&sdebug_q_arr[k].qc_lock);
4990
4991 if (sdebug_dev_size_mb < 1)
4992 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
4993 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
4994 sdebug_store_sectors = sz / sdebug_sector_size;
4995 sdebug_capacity = get_sdebug_capacity();
4996
4997 /* play around with geometry, don't waste too much on track 0 */
4998 sdebug_heads = 8;
4999 sdebug_sectors_per = 32;
5000 if (sdebug_dev_size_mb >= 256)
5001 sdebug_heads = 64;
5002 else if (sdebug_dev_size_mb >= 16)
5003 sdebug_heads = 32;
5004 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5005 (sdebug_sectors_per * sdebug_heads);
5006 if (sdebug_cylinders_per >= 1024) {
5007 /* other LLDs do this; implies >= 1GB ram disk ... */
5008 sdebug_heads = 255;
5009 sdebug_sectors_per = 63;
5010 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5011 (sdebug_sectors_per * sdebug_heads);
5012 }
5013
5014 if (sdebug_fake_rw == 0) {
5015 fake_storep = vmalloc(sz);
5016 if (NULL == fake_storep) {
5017 pr_err("out of memory, 1\n");
5018 ret = -ENOMEM;
5019 goto free_q_arr;
5020 }
5021 memset(fake_storep, 0, sz);
5022 if (sdebug_num_parts > 0)
5023 sdebug_build_parts(fake_storep, sz);
5024 }
5025
5026 if (sdebug_dix) {
5027 int dif_size;
5028
5029 dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
5030 dif_storep = vmalloc(dif_size);
5031
5032 pr_err("dif_storep %u bytes @ %p\n", dif_size, dif_storep);
5033
5034 if (dif_storep == NULL) {
5035 pr_err("out of mem. (DIX)\n");
5036 ret = -ENOMEM;
5037 goto free_vm;
5038 }
5039
5040 memset(dif_storep, 0xff, dif_size);
5041 }
5042
5043 /* Logical Block Provisioning */
5044 if (scsi_debug_lbp()) {
5045 sdebug_unmap_max_blocks =
5046 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
5047
5048 sdebug_unmap_max_desc =
5049 clamp(sdebug_unmap_max_desc, 0U, 256U);
5050
5051 sdebug_unmap_granularity =
5052 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
5053
5054 if (sdebug_unmap_alignment &&
5055 sdebug_unmap_granularity <=
5056 sdebug_unmap_alignment) {
5057 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
5058 ret = -EINVAL;
5059 goto free_vm;
5060 }
5061
5062 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
5063 map_storep = vmalloc(BITS_TO_LONGS(map_size) * sizeof(long));
5064
5065 pr_info("%lu provisioning blocks\n", map_size);
5066
5067 if (map_storep == NULL) {
5068 pr_err("out of mem. (MAP)\n");
5069 ret = -ENOMEM;
5070 goto free_vm;
5071 }
5072
5073 bitmap_zero(map_storep, map_size);
5074
5075 /* Map first 1KB for partition table */
5076 if (sdebug_num_parts)
5077 map_region(0, 2);
5078 }
5079
5080 pseudo_primary = root_device_register("pseudo_0");
5081 if (IS_ERR(pseudo_primary)) {
5082 pr_warn("root_device_register() error\n");
5083 ret = PTR_ERR(pseudo_primary);
5084 goto free_vm;
5085 }
5086 ret = bus_register(&pseudo_lld_bus);
5087 if (ret < 0) {
5088 pr_warn("bus_register error: %d\n", ret);
5089 goto dev_unreg;
5090 }
5091 ret = driver_register(&sdebug_driverfs_driver);
5092 if (ret < 0) {
5093 pr_warn("driver_register error: %d\n", ret);
5094 goto bus_unreg;
5095 }
5096
5097 host_to_add = sdebug_add_host;
5098 sdebug_add_host = 0;
5099
5100 for (k = 0; k < host_to_add; k++) {
5101 if (sdebug_add_adapter()) {
5102 pr_err("sdebug_add_adapter failed k=%d\n", k);
5103 break;
5104 }
5105 }
5106
5107 if (sdebug_verbose)
5108 pr_info("built %d host(s)\n", sdebug_add_host);
5109
5110 return 0;
5111
5112bus_unreg:
5113 bus_unregister(&pseudo_lld_bus);
5114dev_unreg:
5115 root_device_unregister(pseudo_primary);
5116free_vm:
5117 vfree(map_storep);
5118 vfree(dif_storep);
5119 vfree(fake_storep);
5120free_q_arr:
5121 kfree(sdebug_q_arr);
5122 return ret;
5123}
5124
5125static void __exit scsi_debug_exit(void)
5126{
5127 int k = sdebug_add_host;
5128
5129 stop_all_queued();
5130 free_all_queued();
5131 for (; k; k--)
5132 sdebug_remove_adapter();
5133 driver_unregister(&sdebug_driverfs_driver);
5134 bus_unregister(&pseudo_lld_bus);
5135 root_device_unregister(pseudo_primary);
5136
5137 vfree(map_storep);
5138 vfree(dif_storep);
5139 vfree(fake_storep);
5140 kfree(sdebug_q_arr);
5141}
5142
5143device_initcall(scsi_debug_init);
5144module_exit(scsi_debug_exit);
5145
5146static void sdebug_release_adapter(struct device * dev)
5147{
5148 struct sdebug_host_info *sdbg_host;
5149
5150 sdbg_host = to_sdebug_host(dev);
5151 kfree(sdbg_host);
5152}
5153
5154static int sdebug_add_adapter(void)
5155{
5156 int k, devs_per_host;
5157 int error = 0;
5158 struct sdebug_host_info *sdbg_host;
5159 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5160
5161 sdbg_host = kzalloc(sizeof(*sdbg_host),GFP_KERNEL);
5162 if (NULL == sdbg_host) {
5163 pr_err("out of memory at line %d\n", __LINE__);
5164 return -ENOMEM;
5165 }
5166
5167 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
5168
5169 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
5170 for (k = 0; k < devs_per_host; k++) {
5171 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
5172 if (!sdbg_devinfo) {
5173 pr_err("out of memory at line %d\n", __LINE__);
5174 error = -ENOMEM;
5175 goto clean;
5176 }
5177 }
5178
5179 spin_lock(&sdebug_host_list_lock);
5180 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
5181 spin_unlock(&sdebug_host_list_lock);
5182
5183 sdbg_host->dev.bus = &pseudo_lld_bus;
5184 sdbg_host->dev.parent = pseudo_primary;
5185 sdbg_host->dev.release = &sdebug_release_adapter;
5186 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_add_host);
5187
5188 error = device_register(&sdbg_host->dev);
5189
5190 if (error)
5191 goto clean;
5192
5193 ++sdebug_add_host;
5194 return error;
5195
5196clean:
5197 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5198 dev_list) {
5199 list_del(&sdbg_devinfo->dev_list);
5200 kfree(sdbg_devinfo);
5201 }
5202
5203 kfree(sdbg_host);
5204 return error;
5205}
5206
5207static void sdebug_remove_adapter(void)
5208{
5209 struct sdebug_host_info * sdbg_host = NULL;
5210
5211 spin_lock(&sdebug_host_list_lock);
5212 if (!list_empty(&sdebug_host_list)) {
5213 sdbg_host = list_entry(sdebug_host_list.prev,
5214 struct sdebug_host_info, host_list);
5215 list_del(&sdbg_host->host_list);
5216 }
5217 spin_unlock(&sdebug_host_list_lock);
5218
5219 if (!sdbg_host)
5220 return;
5221
5222 device_unregister(&sdbg_host->dev);
5223 --sdebug_add_host;
5224}
5225
5226static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
5227{
5228 int num_in_q = 0;
5229 struct sdebug_dev_info *devip;
5230
5231 block_unblock_all_queues(true);
5232 devip = (struct sdebug_dev_info *)sdev->hostdata;
5233 if (NULL == devip) {
5234 block_unblock_all_queues(false);
5235 return -ENODEV;
5236 }
5237 num_in_q = atomic_read(&devip->num_in_q);
5238
5239 if (qdepth < 1)
5240 qdepth = 1;
5241 /* allow to exceed max host qc_arr elements for testing */
5242 if (qdepth > SDEBUG_CANQUEUE + 10)
5243 qdepth = SDEBUG_CANQUEUE + 10;
5244 scsi_change_queue_depth(sdev, qdepth);
5245
5246 if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
5247 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
5248 __func__, qdepth, num_in_q);
5249 }
5250 block_unblock_all_queues(false);
5251 return sdev->queue_depth;
5252}
5253
5254static bool fake_timeout(struct scsi_cmnd *scp)
5255{
5256 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
5257 if (sdebug_every_nth < -1)
5258 sdebug_every_nth = -1;
5259 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
5260 return true; /* ignore command causing timeout */
5261 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
5262 scsi_medium_access_command(scp))
5263 return true; /* time out reads and writes */
5264 }
5265 return false;
5266}
5267
5268static int scsi_debug_queuecommand(struct Scsi_Host *shost,
5269 struct scsi_cmnd *scp)
5270{
5271 u8 sdeb_i;
5272 struct scsi_device *sdp = scp->device;
5273 const struct opcode_info_t *oip;
5274 const struct opcode_info_t *r_oip;
5275 struct sdebug_dev_info *devip;
5276 u8 *cmd = scp->cmnd;
5277 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
5278 int k, na;
5279 int errsts = 0;
5280 u32 flags;
5281 u16 sa;
5282 u8 opcode = cmd[0];
5283 bool has_wlun_rl;
5284
5285 scsi_set_resid(scp, 0);
5286 if (sdebug_statistics)
5287 atomic_inc(&sdebug_cmnd_count);
5288 if (unlikely(sdebug_verbose &&
5289 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
5290 char b[120];
5291 int n, len, sb;
5292
5293 len = scp->cmd_len;
5294 sb = (int)sizeof(b);
5295 if (len > 32)
5296 strcpy(b, "too long, over 32 bytes");
5297 else {
5298 for (k = 0, n = 0; k < len && n < sb; ++k)
5299 n += scnprintf(b + n, sb - n, "%02x ",
5300 (u32)cmd[k]);
5301 }
5302 if (sdebug_mq_active)
5303 sdev_printk(KERN_INFO, sdp, "%s: tag=%u, cmd %s\n",
5304 my_name, blk_mq_unique_tag(scp->request),
5305 b);
5306 else
5307 sdev_printk(KERN_INFO, sdp, "%s: cmd %s\n", my_name,
5308 b);
5309 }
5310 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
5311 if (unlikely((sdp->lun >= sdebug_max_luns) && !has_wlun_rl))
5312 goto err_out;
5313
5314 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
5315 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
5316 devip = (struct sdebug_dev_info *)sdp->hostdata;
5317 if (unlikely(!devip)) {
5318 devip = find_build_dev_info(sdp);
5319 if (NULL == devip)
5320 goto err_out;
5321 }
5322 na = oip->num_attached;
5323 r_pfp = oip->pfp;
5324 if (na) { /* multiple commands with this opcode */
5325 r_oip = oip;
5326 if (FF_SA & r_oip->flags) {
5327 if (F_SA_LOW & oip->flags)
5328 sa = 0x1f & cmd[1];
5329 else
5330 sa = get_unaligned_be16(cmd + 8);
5331 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5332 if (opcode == oip->opcode && sa == oip->sa)
5333 break;
5334 }
5335 } else { /* since no service action only check opcode */
5336 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5337 if (opcode == oip->opcode)
5338 break;
5339 }
5340 }
5341 if (k > na) {
5342 if (F_SA_LOW & r_oip->flags)
5343 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
5344 else if (F_SA_HIGH & r_oip->flags)
5345 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
5346 else
5347 mk_sense_invalid_opcode(scp);
5348 goto check_cond;
5349 }
5350 } /* else (when na==0) we assume the oip is a match */
5351 flags = oip->flags;
5352 if (unlikely(F_INV_OP & flags)) {
5353 mk_sense_invalid_opcode(scp);
5354 goto check_cond;
5355 }
5356 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
5357 if (sdebug_verbose)
5358 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
5359 my_name, opcode, " supported for wlun");
5360 mk_sense_invalid_opcode(scp);
5361 goto check_cond;
5362 }
5363 if (unlikely(sdebug_strict)) { /* check cdb against mask */
5364 u8 rem;
5365 int j;
5366
5367 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
5368 rem = ~oip->len_mask[k] & cmd[k];
5369 if (rem) {
5370 for (j = 7; j >= 0; --j, rem <<= 1) {
5371 if (0x80 & rem)
5372 break;
5373 }
5374 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
5375 goto check_cond;
5376 }
5377 }
5378 }
5379 if (unlikely(!(F_SKIP_UA & flags) &&
5380 find_first_bit(devip->uas_bm,
5381 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
5382 errsts = make_ua(scp, devip);
5383 if (errsts)
5384 goto check_cond;
5385 }
5386 if (unlikely((F_M_ACCESS & flags) && atomic_read(&devip->stopped))) {
5387 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
5388 if (sdebug_verbose)
5389 sdev_printk(KERN_INFO, sdp, "%s reports: Not ready: "
5390 "%s\n", my_name, "initializing command "
5391 "required");
5392 errsts = check_condition_result;
5393 goto fini;
5394 }
5395 if (sdebug_fake_rw && (F_FAKE_RW & flags))
5396 goto fini;
5397 if (unlikely(sdebug_every_nth)) {
5398 if (fake_timeout(scp))
5399 return 0; /* ignore command: make trouble */
5400 }
5401 if (likely(oip->pfp))
5402 errsts = oip->pfp(scp, devip); /* calls a resp_* function */
5403 else if (r_pfp) /* if leaf function ptr NULL, try the root's */
5404 errsts = r_pfp(scp, devip);
5405
5406fini:
5407 return schedule_resp(scp, devip, errsts,
5408 ((F_DELAY_OVERR & flags) ? 0 : sdebug_jdelay));
5409check_cond:
5410 return schedule_resp(scp, devip, check_condition_result, 0);
5411err_out:
5412 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, 0);
5413}
5414
5415static struct scsi_host_template sdebug_driver_template = {
5416 .show_info = scsi_debug_show_info,
5417 .write_info = scsi_debug_write_info,
5418 .proc_name = sdebug_proc_name,
5419 .name = "SCSI DEBUG",
5420 .info = scsi_debug_info,
5421 .slave_alloc = scsi_debug_slave_alloc,
5422 .slave_configure = scsi_debug_slave_configure,
5423 .slave_destroy = scsi_debug_slave_destroy,
5424 .ioctl = scsi_debug_ioctl,
5425 .queuecommand = scsi_debug_queuecommand,
5426 .change_queue_depth = sdebug_change_qdepth,
5427 .eh_abort_handler = scsi_debug_abort,
5428 .eh_device_reset_handler = scsi_debug_device_reset,
5429 .eh_target_reset_handler = scsi_debug_target_reset,
5430 .eh_bus_reset_handler = scsi_debug_bus_reset,
5431 .eh_host_reset_handler = scsi_debug_host_reset,
5432 .can_queue = SDEBUG_CANQUEUE,
5433 .this_id = 7,
5434 .sg_tablesize = SG_MAX_SEGMENTS,
5435 .cmd_per_lun = DEF_CMD_PER_LUN,
5436 .max_sectors = -1U,
5437 .use_clustering = DISABLE_CLUSTERING,
5438 .module = THIS_MODULE,
5439 .track_queue_depth = 1,
5440};
5441
5442static int sdebug_driver_probe(struct device * dev)
5443{
5444 int error = 0;
5445 struct sdebug_host_info *sdbg_host;
5446 struct Scsi_Host *hpnt;
5447 int hprot;
5448
5449 sdbg_host = to_sdebug_host(dev);
5450
5451 sdebug_driver_template.can_queue = sdebug_max_queue;
5452 if (sdebug_clustering)
5453 sdebug_driver_template.use_clustering = ENABLE_CLUSTERING;
5454 hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
5455 if (NULL == hpnt) {
5456 pr_err("scsi_host_alloc failed\n");
5457 error = -ENODEV;
5458 return error;
5459 }
5460 if (submit_queues > nr_cpu_ids) {
5461 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%d\n",
5462 my_name, submit_queues, nr_cpu_ids);
5463 submit_queues = nr_cpu_ids;
5464 }
5465 /* Decide whether to tell scsi subsystem that we want mq */
5466 /* Following should give the same answer for each host */
5467 sdebug_mq_active = shost_use_blk_mq(hpnt) && (submit_queues > 1);
5468 if (sdebug_mq_active)
5469 hpnt->nr_hw_queues = submit_queues;
5470
5471 sdbg_host->shost = hpnt;
5472 *((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
5473 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
5474 hpnt->max_id = sdebug_num_tgts + 1;
5475 else
5476 hpnt->max_id = sdebug_num_tgts;
5477 /* = sdebug_max_luns; */
5478 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
5479
5480 hprot = 0;
5481
5482 switch (sdebug_dif) {
5483
5484 case T10_PI_TYPE1_PROTECTION:
5485 hprot = SHOST_DIF_TYPE1_PROTECTION;
5486 if (sdebug_dix)
5487 hprot |= SHOST_DIX_TYPE1_PROTECTION;
5488 break;
5489
5490 case T10_PI_TYPE2_PROTECTION:
5491 hprot = SHOST_DIF_TYPE2_PROTECTION;
5492 if (sdebug_dix)
5493 hprot |= SHOST_DIX_TYPE2_PROTECTION;
5494 break;
5495
5496 case T10_PI_TYPE3_PROTECTION:
5497 hprot = SHOST_DIF_TYPE3_PROTECTION;
5498 if (sdebug_dix)
5499 hprot |= SHOST_DIX_TYPE3_PROTECTION;
5500 break;
5501
5502 default:
5503 if (sdebug_dix)
5504 hprot |= SHOST_DIX_TYPE0_PROTECTION;
5505 break;
5506 }
5507
5508 scsi_host_set_prot(hpnt, hprot);
5509
5510 if (have_dif_prot || sdebug_dix)
5511 pr_info("host protection%s%s%s%s%s%s%s\n",
5512 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
5513 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
5514 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
5515 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
5516 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
5517 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
5518 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
5519
5520 if (sdebug_guard == 1)
5521 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
5522 else
5523 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
5524
5525 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
5526 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
5527 if (sdebug_every_nth) /* need stats counters for every_nth */
5528 sdebug_statistics = true;
5529 error = scsi_add_host(hpnt, &sdbg_host->dev);
5530 if (error) {
5531 pr_err("scsi_add_host failed\n");
5532 error = -ENODEV;
5533 scsi_host_put(hpnt);
5534 } else
5535 scsi_scan_host(hpnt);
5536
5537 return error;
5538}
5539
5540static int sdebug_driver_remove(struct device * dev)
5541{
5542 struct sdebug_host_info *sdbg_host;
5543 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5544
5545 sdbg_host = to_sdebug_host(dev);
5546
5547 if (!sdbg_host) {
5548 pr_err("Unable to locate host info\n");
5549 return -ENODEV;
5550 }
5551
5552 scsi_remove_host(sdbg_host->shost);
5553
5554 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5555 dev_list) {
5556 list_del(&sdbg_devinfo->dev_list);
5557 kfree(sdbg_devinfo);
5558 }
5559
5560 scsi_host_put(sdbg_host->shost);
5561 return 0;
5562}
5563
5564static int pseudo_lld_bus_match(struct device *dev,
5565 struct device_driver *dev_driver)
5566{
5567 return 1;
5568}
5569
5570static struct bus_type pseudo_lld_bus = {
5571 .name = "pseudo",
5572 .match = pseudo_lld_bus_match,
5573 .probe = sdebug_driver_probe,
5574 .remove = sdebug_driver_remove,
5575 .drv_groups = sdebug_drv_groups,
5576};
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
4 * Copyright (C) 1992 Eric Youngdale
5 * Simulate a host adapter with 2 disks attached. Do a lot of checking
6 * to make sure that we are not getting blocks mixed up, and PANIC if
7 * anything out of the ordinary is seen.
8 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9 *
10 * Copyright (C) 2001 - 2021 Douglas Gilbert
11 *
12 * For documentation see http://sg.danny.cz/sg/scsi_debug.html
13 */
14
15
16#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
17
18#include <linux/module.h>
19#include <linux/align.h>
20#include <linux/kernel.h>
21#include <linux/errno.h>
22#include <linux/jiffies.h>
23#include <linux/slab.h>
24#include <linux/types.h>
25#include <linux/string.h>
26#include <linux/fs.h>
27#include <linux/init.h>
28#include <linux/proc_fs.h>
29#include <linux/vmalloc.h>
30#include <linux/moduleparam.h>
31#include <linux/scatterlist.h>
32#include <linux/blkdev.h>
33#include <linux/crc-t10dif.h>
34#include <linux/spinlock.h>
35#include <linux/interrupt.h>
36#include <linux/atomic.h>
37#include <linux/hrtimer.h>
38#include <linux/uuid.h>
39#include <linux/t10-pi.h>
40#include <linux/msdos_partition.h>
41#include <linux/random.h>
42#include <linux/xarray.h>
43#include <linux/prefetch.h>
44#include <linux/debugfs.h>
45#include <linux/async.h>
46
47#include <net/checksum.h>
48
49#include <asm/unaligned.h>
50
51#include <scsi/scsi.h>
52#include <scsi/scsi_cmnd.h>
53#include <scsi/scsi_device.h>
54#include <scsi/scsi_host.h>
55#include <scsi/scsicam.h>
56#include <scsi/scsi_eh.h>
57#include <scsi/scsi_tcq.h>
58#include <scsi/scsi_dbg.h>
59
60#include "sd.h"
61#include "scsi_logging.h"
62
63/* make sure inq_product_rev string corresponds to this version */
64#define SDEBUG_VERSION "0191" /* format to fit INQUIRY revision field */
65static const char *sdebug_version_date = "20210520";
66
67#define MY_NAME "scsi_debug"
68
69/* Additional Sense Code (ASC) */
70#define NO_ADDITIONAL_SENSE 0x0
71#define LOGICAL_UNIT_NOT_READY 0x4
72#define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
73#define UNRECOVERED_READ_ERR 0x11
74#define PARAMETER_LIST_LENGTH_ERR 0x1a
75#define INVALID_OPCODE 0x20
76#define LBA_OUT_OF_RANGE 0x21
77#define INVALID_FIELD_IN_CDB 0x24
78#define INVALID_FIELD_IN_PARAM_LIST 0x26
79#define WRITE_PROTECTED 0x27
80#define UA_RESET_ASC 0x29
81#define UA_CHANGED_ASC 0x2a
82#define TARGET_CHANGED_ASC 0x3f
83#define LUNS_CHANGED_ASCQ 0x0e
84#define INSUFF_RES_ASC 0x55
85#define INSUFF_RES_ASCQ 0x3
86#define POWER_ON_RESET_ASCQ 0x0
87#define POWER_ON_OCCURRED_ASCQ 0x1
88#define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
89#define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
90#define CAPACITY_CHANGED_ASCQ 0x9
91#define SAVING_PARAMS_UNSUP 0x39
92#define TRANSPORT_PROBLEM 0x4b
93#define THRESHOLD_EXCEEDED 0x5d
94#define LOW_POWER_COND_ON 0x5e
95#define MISCOMPARE_VERIFY_ASC 0x1d
96#define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
97#define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
98#define WRITE_ERROR_ASC 0xc
99#define UNALIGNED_WRITE_ASCQ 0x4
100#define WRITE_BOUNDARY_ASCQ 0x5
101#define READ_INVDATA_ASCQ 0x6
102#define READ_BOUNDARY_ASCQ 0x7
103#define ATTEMPT_ACCESS_GAP 0x9
104#define INSUFF_ZONE_ASCQ 0xe
105
106/* Additional Sense Code Qualifier (ASCQ) */
107#define ACK_NAK_TO 0x3
108
109/* Default values for driver parameters */
110#define DEF_NUM_HOST 1
111#define DEF_NUM_TGTS 1
112#define DEF_MAX_LUNS 1
113/* With these defaults, this driver will make 1 host with 1 target
114 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
115 */
116#define DEF_ATO 1
117#define DEF_CDB_LEN 10
118#define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
119#define DEF_DEV_SIZE_PRE_INIT 0
120#define DEF_DEV_SIZE_MB 8
121#define DEF_ZBC_DEV_SIZE_MB 128
122#define DEF_DIF 0
123#define DEF_DIX 0
124#define DEF_PER_HOST_STORE false
125#define DEF_D_SENSE 0
126#define DEF_EVERY_NTH 0
127#define DEF_FAKE_RW 0
128#define DEF_GUARD 0
129#define DEF_HOST_LOCK 0
130#define DEF_LBPU 0
131#define DEF_LBPWS 0
132#define DEF_LBPWS10 0
133#define DEF_LBPRZ 1
134#define DEF_LOWEST_ALIGNED 0
135#define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
136#define DEF_NO_LUN_0 0
137#define DEF_NUM_PARTS 0
138#define DEF_OPTS 0
139#define DEF_OPT_BLKS 1024
140#define DEF_PHYSBLK_EXP 0
141#define DEF_OPT_XFERLEN_EXP 0
142#define DEF_PTYPE TYPE_DISK
143#define DEF_RANDOM false
144#define DEF_REMOVABLE false
145#define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
146#define DEF_SECTOR_SIZE 512
147#define DEF_UNMAP_ALIGNMENT 0
148#define DEF_UNMAP_GRANULARITY 1
149#define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
150#define DEF_UNMAP_MAX_DESC 256
151#define DEF_VIRTUAL_GB 0
152#define DEF_VPD_USE_HOSTNO 1
153#define DEF_WRITESAME_LENGTH 0xFFFF
154#define DEF_STRICT 0
155#define DEF_STATISTICS false
156#define DEF_SUBMIT_QUEUES 1
157#define DEF_TUR_MS_TO_READY 0
158#define DEF_UUID_CTL 0
159#define JDELAY_OVERRIDDEN -9999
160
161/* Default parameters for ZBC drives */
162#define DEF_ZBC_ZONE_SIZE_MB 128
163#define DEF_ZBC_MAX_OPEN_ZONES 8
164#define DEF_ZBC_NR_CONV_ZONES 1
165
166#define SDEBUG_LUN_0_VAL 0
167
168/* bit mask values for sdebug_opts */
169#define SDEBUG_OPT_NOISE 1
170#define SDEBUG_OPT_MEDIUM_ERR 2
171#define SDEBUG_OPT_TIMEOUT 4
172#define SDEBUG_OPT_RECOVERED_ERR 8
173#define SDEBUG_OPT_TRANSPORT_ERR 16
174#define SDEBUG_OPT_DIF_ERR 32
175#define SDEBUG_OPT_DIX_ERR 64
176#define SDEBUG_OPT_MAC_TIMEOUT 128
177#define SDEBUG_OPT_SHORT_TRANSFER 0x100
178#define SDEBUG_OPT_Q_NOISE 0x200
179#define SDEBUG_OPT_ALL_TSF 0x400 /* ignore */
180#define SDEBUG_OPT_RARE_TSF 0x800
181#define SDEBUG_OPT_N_WCE 0x1000
182#define SDEBUG_OPT_RESET_NOISE 0x2000
183#define SDEBUG_OPT_NO_CDB_NOISE 0x4000
184#define SDEBUG_OPT_HOST_BUSY 0x8000
185#define SDEBUG_OPT_CMD_ABORT 0x10000
186#define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
187 SDEBUG_OPT_RESET_NOISE)
188#define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
189 SDEBUG_OPT_TRANSPORT_ERR | \
190 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
191 SDEBUG_OPT_SHORT_TRANSFER | \
192 SDEBUG_OPT_HOST_BUSY | \
193 SDEBUG_OPT_CMD_ABORT)
194#define SDEBUG_OPT_RECOV_DIF_DIX (SDEBUG_OPT_RECOVERED_ERR | \
195 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR)
196
197/* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
198 * priority order. In the subset implemented here lower numbers have higher
199 * priority. The UA numbers should be a sequence starting from 0 with
200 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
201#define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
202#define SDEBUG_UA_POOCCUR 1 /* Power on occurred */
203#define SDEBUG_UA_BUS_RESET 2
204#define SDEBUG_UA_MODE_CHANGED 3
205#define SDEBUG_UA_CAPACITY_CHANGED 4
206#define SDEBUG_UA_LUNS_CHANGED 5
207#define SDEBUG_UA_MICROCODE_CHANGED 6 /* simulate firmware change */
208#define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 7
209#define SDEBUG_NUM_UAS 8
210
211/* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
212 * sector on read commands: */
213#define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
214#define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
215
216/* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
217 * (for response) per submit queue at one time. Can be reduced by max_queue
218 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
219 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
220 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
221 * but cannot exceed SDEBUG_CANQUEUE .
222 */
223#define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
224#define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
225#define DEF_CMD_PER_LUN SDEBUG_CANQUEUE
226
227/* UA - Unit Attention; SA - Service Action; SSU - Start Stop Unit */
228#define F_D_IN 1 /* Data-in command (e.g. READ) */
229#define F_D_OUT 2 /* Data-out command (e.g. WRITE) */
230#define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
231#define F_D_UNKN 8
232#define F_RL_WLUN_OK 0x10 /* allowed with REPORT LUNS W-LUN */
233#define F_SKIP_UA 0x20 /* bypass UAs (e.g. INQUIRY command) */
234#define F_DELAY_OVERR 0x40 /* for commands like INQUIRY */
235#define F_SA_LOW 0x80 /* SA is in cdb byte 1, bits 4 to 0 */
236#define F_SA_HIGH 0x100 /* SA is in cdb bytes 8 and 9 */
237#define F_INV_OP 0x200 /* invalid opcode (not supported) */
238#define F_FAKE_RW 0x400 /* bypass resp_*() when fake_rw set */
239#define F_M_ACCESS 0x800 /* media access, reacts to SSU state */
240#define F_SSU_DELAY 0x1000 /* SSU command delay (long-ish) */
241#define F_SYNC_DELAY 0x2000 /* SYNCHRONIZE CACHE delay */
242
243/* Useful combinations of the above flags */
244#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
245#define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
246#define FF_SA (F_SA_HIGH | F_SA_LOW)
247#define F_LONG_DELAY (F_SSU_DELAY | F_SYNC_DELAY)
248
249#define SDEBUG_MAX_PARTS 4
250
251#define SDEBUG_MAX_CMD_LEN 32
252
253#define SDEB_XA_NOT_IN_USE XA_MARK_1
254
255static struct kmem_cache *queued_cmd_cache;
256
257#define TO_QUEUED_CMD(scmd) ((void *)(scmd)->host_scribble)
258#define ASSIGN_QUEUED_CMD(scmnd, qc) { (scmnd)->host_scribble = (void *) qc; }
259
260/* Zone types (zbcr05 table 25) */
261enum sdebug_z_type {
262 ZBC_ZTYPE_CNV = 0x1,
263 ZBC_ZTYPE_SWR = 0x2,
264 ZBC_ZTYPE_SWP = 0x3,
265 /* ZBC_ZTYPE_SOBR = 0x4, */
266 ZBC_ZTYPE_GAP = 0x5,
267};
268
269/* enumeration names taken from table 26, zbcr05 */
270enum sdebug_z_cond {
271 ZBC_NOT_WRITE_POINTER = 0x0,
272 ZC1_EMPTY = 0x1,
273 ZC2_IMPLICIT_OPEN = 0x2,
274 ZC3_EXPLICIT_OPEN = 0x3,
275 ZC4_CLOSED = 0x4,
276 ZC6_READ_ONLY = 0xd,
277 ZC5_FULL = 0xe,
278 ZC7_OFFLINE = 0xf,
279};
280
281struct sdeb_zone_state { /* ZBC: per zone state */
282 enum sdebug_z_type z_type;
283 enum sdebug_z_cond z_cond;
284 bool z_non_seq_resource;
285 unsigned int z_size;
286 sector_t z_start;
287 sector_t z_wp;
288};
289
290enum sdebug_err_type {
291 ERR_TMOUT_CMD = 0, /* make specific scsi command timeout */
292 ERR_FAIL_QUEUE_CMD = 1, /* make specific scsi command's */
293 /* queuecmd return failed */
294 ERR_FAIL_CMD = 2, /* make specific scsi command's */
295 /* queuecmd return succeed but */
296 /* with errors set in scsi_cmnd */
297 ERR_ABORT_CMD_FAILED = 3, /* control return FAILED from */
298 /* scsi_debug_abort() */
299 ERR_LUN_RESET_FAILED = 4, /* control return FAILED from */
300 /* scsi_debug_device_reseLUN_RESET_FAILEDt() */
301};
302
303struct sdebug_err_inject {
304 int type;
305 struct list_head list;
306 int cnt;
307 unsigned char cmd;
308 struct rcu_head rcu;
309
310 union {
311 /*
312 * For ERR_FAIL_QUEUE_CMD
313 */
314 int queuecmd_ret;
315
316 /*
317 * For ERR_FAIL_CMD
318 */
319 struct {
320 unsigned char host_byte;
321 unsigned char driver_byte;
322 unsigned char status_byte;
323 unsigned char sense_key;
324 unsigned char asc;
325 unsigned char asq;
326 };
327 };
328};
329
330struct sdebug_dev_info {
331 struct list_head dev_list;
332 unsigned int channel;
333 unsigned int target;
334 u64 lun;
335 uuid_t lu_name;
336 struct sdebug_host_info *sdbg_host;
337 unsigned long uas_bm[1];
338 atomic_t stopped; /* 1: by SSU, 2: device start */
339 bool used;
340
341 /* For ZBC devices */
342 bool zoned;
343 unsigned int zcap;
344 unsigned int zsize;
345 unsigned int zsize_shift;
346 unsigned int nr_zones;
347 unsigned int nr_conv_zones;
348 unsigned int nr_seq_zones;
349 unsigned int nr_imp_open;
350 unsigned int nr_exp_open;
351 unsigned int nr_closed;
352 unsigned int max_open;
353 ktime_t create_ts; /* time since bootup that this device was created */
354 struct sdeb_zone_state *zstate;
355
356 struct dentry *debugfs_entry;
357 struct spinlock list_lock;
358 struct list_head inject_err_list;
359};
360
361struct sdebug_target_info {
362 bool reset_fail;
363 struct dentry *debugfs_entry;
364};
365
366struct sdebug_host_info {
367 struct list_head host_list;
368 int si_idx; /* sdeb_store_info (per host) xarray index */
369 struct Scsi_Host *shost;
370 struct device dev;
371 struct list_head dev_info_list;
372};
373
374/* There is an xarray of pointers to this struct's objects, one per host */
375struct sdeb_store_info {
376 rwlock_t macc_lck; /* for atomic media access on this store */
377 u8 *storep; /* user data storage (ram) */
378 struct t10_pi_tuple *dif_storep; /* protection info */
379 void *map_storep; /* provisioning map */
380};
381
382#define dev_to_sdebug_host(d) \
383 container_of(d, struct sdebug_host_info, dev)
384
385#define shost_to_sdebug_host(shost) \
386 dev_to_sdebug_host(shost->dma_dev)
387
388enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
389 SDEB_DEFER_WQ = 2, SDEB_DEFER_POLL = 3};
390
391struct sdebug_defer {
392 struct hrtimer hrt;
393 struct execute_work ew;
394 ktime_t cmpl_ts;/* time since boot to complete this cmd */
395 int issuing_cpu;
396 bool aborted; /* true when blk_abort_request() already called */
397 enum sdeb_defer_type defer_t;
398};
399
400struct sdebug_queued_cmd {
401 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
402 * instance indicates this slot is in use.
403 */
404 struct sdebug_defer sd_dp;
405 struct scsi_cmnd *scmd;
406};
407
408struct sdebug_scsi_cmd {
409 spinlock_t lock;
410};
411
412static atomic_t sdebug_cmnd_count; /* number of incoming commands */
413static atomic_t sdebug_completions; /* count of deferred completions */
414static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
415static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
416static atomic_t sdeb_inject_pending;
417static atomic_t sdeb_mq_poll_count; /* bumped when mq_poll returns > 0 */
418
419struct opcode_info_t {
420 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
421 /* for terminating element */
422 u8 opcode; /* if num_attached > 0, preferred */
423 u16 sa; /* service action */
424 u32 flags; /* OR-ed set of SDEB_F_* */
425 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
426 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
427 u8 len_mask[16]; /* len_mask[0]-->cdb_len, then mask for cdb */
428 /* 1 to min(cdb_len, 15); ignore cdb[15...] */
429};
430
431/* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
432enum sdeb_opcode_index {
433 SDEB_I_INVALID_OPCODE = 0,
434 SDEB_I_INQUIRY = 1,
435 SDEB_I_REPORT_LUNS = 2,
436 SDEB_I_REQUEST_SENSE = 3,
437 SDEB_I_TEST_UNIT_READY = 4,
438 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
439 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
440 SDEB_I_LOG_SENSE = 7,
441 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
442 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
443 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
444 SDEB_I_START_STOP = 11,
445 SDEB_I_SERV_ACT_IN_16 = 12, /* add ...SERV_ACT_IN_12 if needed */
446 SDEB_I_SERV_ACT_OUT_16 = 13, /* add ...SERV_ACT_OUT_12 if needed */
447 SDEB_I_MAINT_IN = 14,
448 SDEB_I_MAINT_OUT = 15,
449 SDEB_I_VERIFY = 16, /* VERIFY(10), VERIFY(16) */
450 SDEB_I_VARIABLE_LEN = 17, /* READ(32), WRITE(32), WR_SCAT(32) */
451 SDEB_I_RESERVE = 18, /* 6, 10 */
452 SDEB_I_RELEASE = 19, /* 6, 10 */
453 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
454 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
455 SDEB_I_ATA_PT = 22, /* 12, 16 */
456 SDEB_I_SEND_DIAG = 23,
457 SDEB_I_UNMAP = 24,
458 SDEB_I_WRITE_BUFFER = 25,
459 SDEB_I_WRITE_SAME = 26, /* 10, 16 */
460 SDEB_I_SYNC_CACHE = 27, /* 10, 16 */
461 SDEB_I_COMP_WRITE = 28,
462 SDEB_I_PRE_FETCH = 29, /* 10, 16 */
463 SDEB_I_ZONE_OUT = 30, /* 0x94+SA; includes no data xfer */
464 SDEB_I_ZONE_IN = 31, /* 0x95+SA; all have data-in */
465 SDEB_I_LAST_ELEM_P1 = 32, /* keep this last (previous + 1) */
466};
467
468
469static const unsigned char opcode_ind_arr[256] = {
470/* 0x0; 0x0->0x1f: 6 byte cdbs */
471 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
472 0, 0, 0, 0,
473 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
474 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
475 SDEB_I_RELEASE,
476 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
477 SDEB_I_ALLOW_REMOVAL, 0,
478/* 0x20; 0x20->0x3f: 10 byte cdbs */
479 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
480 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
481 0, 0, 0, 0, SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, 0,
482 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
483/* 0x40; 0x40->0x5f: 10 byte cdbs */
484 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
485 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
486 0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
487 SDEB_I_RELEASE,
488 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
489/* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
490 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
491 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
492 0, SDEB_I_VARIABLE_LEN,
493/* 0x80; 0x80->0x9f: 16 byte cdbs */
494 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
495 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0,
496 0, 0, 0, SDEB_I_VERIFY,
497 SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME,
498 SDEB_I_ZONE_OUT, SDEB_I_ZONE_IN, 0, 0,
499 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
500/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
501 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
502 SDEB_I_MAINT_OUT, 0, 0, 0,
503 SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
504 0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
505 0, 0, 0, 0, 0, 0, 0, 0,
506 0, 0, 0, 0, 0, 0, 0, 0,
507/* 0xc0; 0xc0->0xff: vendor specific */
508 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
509 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
510 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
511 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
512};
513
514/*
515 * The following "response" functions return the SCSI mid-level's 4 byte
516 * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
517 * command completion, they can mask their return value with
518 * SDEG_RES_IMMED_MASK .
519 */
520#define SDEG_RES_IMMED_MASK 0x40000000
521
522static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
523static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
524static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
525static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
526static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
527static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
528static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
529static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
530static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
531static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
532static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
533static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
534static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
535static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
536static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
537static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
538static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
539static int resp_verify(struct scsi_cmnd *, struct sdebug_dev_info *);
540static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
541static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
542static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
543static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
544static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
545static int resp_pre_fetch(struct scsi_cmnd *, struct sdebug_dev_info *);
546static int resp_report_zones(struct scsi_cmnd *, struct sdebug_dev_info *);
547static int resp_open_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
548static int resp_close_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
549static int resp_finish_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
550static int resp_rwp_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
551
552static int sdebug_do_add_host(bool mk_new_store);
553static int sdebug_add_host_helper(int per_host_idx);
554static void sdebug_do_remove_host(bool the_end);
555static int sdebug_add_store(void);
556static void sdebug_erase_store(int idx, struct sdeb_store_info *sip);
557static void sdebug_erase_all_stores(bool apart_from_first);
558
559static void sdebug_free_queued_cmd(struct sdebug_queued_cmd *sqcp);
560
561/*
562 * The following are overflow arrays for cdbs that "hit" the same index in
563 * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
564 * should be placed in opcode_info_arr[], the others should be placed here.
565 */
566static const struct opcode_info_t msense_iarr[] = {
567 {0, 0x1a, 0, F_D_IN, NULL, NULL,
568 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
569};
570
571static const struct opcode_info_t mselect_iarr[] = {
572 {0, 0x15, 0, F_D_OUT, NULL, NULL,
573 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
574};
575
576static const struct opcode_info_t read_iarr[] = {
577 {0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
578 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
579 0, 0, 0, 0} },
580 {0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
581 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
582 {0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
583 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
584 0xc7, 0, 0, 0, 0} },
585};
586
587static const struct opcode_info_t write_iarr[] = {
588 {0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(10) */
589 NULL, {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
590 0, 0, 0, 0, 0, 0} },
591 {0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(6) */
592 NULL, {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
593 0, 0, 0} },
594 {0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(12) */
595 NULL, {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
596 0xbf, 0xc7, 0, 0, 0, 0} },
597};
598
599static const struct opcode_info_t verify_iarr[] = {
600 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,/* VERIFY(10) */
601 NULL, {10, 0xf7, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xff, 0xff, 0xc7,
602 0, 0, 0, 0, 0, 0} },
603};
604
605static const struct opcode_info_t sa_in_16_iarr[] = {
606 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
607 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
608 0xff, 0xff, 0xff, 0, 0xc7} }, /* GET LBA STATUS(16) */
609};
610
611static const struct opcode_info_t vl_iarr[] = { /* VARIABLE LENGTH */
612 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
613 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
614 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
615 {0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
616 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
617 0, 0xff, 0xff, 0x0, 0x0} }, /* WRITE SCATTERED(32) */
618};
619
620static const struct opcode_info_t maint_in_iarr[] = { /* MAINT IN */
621 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
622 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
623 0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
624 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
625 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
626 0, 0} }, /* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
627};
628
629static const struct opcode_info_t write_same_iarr[] = {
630 {0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
631 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
632 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* WRITE SAME(16) */
633};
634
635static const struct opcode_info_t reserve_iarr[] = {
636 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
637 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
638};
639
640static const struct opcode_info_t release_iarr[] = {
641 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
642 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
643};
644
645static const struct opcode_info_t sync_cache_iarr[] = {
646 {0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
647 {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
648 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* SYNC_CACHE (16) */
649};
650
651static const struct opcode_info_t pre_fetch_iarr[] = {
652 {0, 0x90, 0, F_SYNC_DELAY | FF_MEDIA_IO, resp_pre_fetch, NULL,
653 {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
654 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* PRE-FETCH (16) */
655};
656
657static const struct opcode_info_t zone_out_iarr[] = { /* ZONE OUT(16) */
658 {0, 0x94, 0x1, F_SA_LOW | F_M_ACCESS, resp_close_zone, NULL,
659 {16, 0x1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
660 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* CLOSE ZONE */
661 {0, 0x94, 0x2, F_SA_LOW | F_M_ACCESS, resp_finish_zone, NULL,
662 {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
663 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* FINISH ZONE */
664 {0, 0x94, 0x4, F_SA_LOW | F_M_ACCESS, resp_rwp_zone, NULL,
665 {16, 0x4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
666 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* RESET WRITE POINTER */
667};
668
669static const struct opcode_info_t zone_in_iarr[] = { /* ZONE IN(16) */
670 {0, 0x95, 0x6, F_SA_LOW | F_D_IN | F_M_ACCESS, NULL, NULL,
671 {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
672 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* REPORT ZONES */
673};
674
675
676/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
677 * plus the terminating elements for logic that scans this table such as
678 * REPORT SUPPORTED OPERATION CODES. */
679static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEM_P1 + 1] = {
680/* 0 */
681 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* unknown opcodes */
682 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
683 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
684 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
685 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
686 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
687 0, 0} }, /* REPORT LUNS */
688 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
689 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
690 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
691 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
692/* 5 */
693 {ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN, /* MODE SENSE(10) */
694 resp_mode_sense, msense_iarr, {10, 0xf8, 0xff, 0xff, 0, 0, 0,
695 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
696 {ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT, /* MODE SELECT(10) */
697 resp_mode_select, mselect_iarr, {10, 0xf1, 0, 0, 0, 0, 0, 0xff,
698 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
699 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL, /* LOG SENSE */
700 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
701 0, 0, 0} },
702 {0, 0x25, 0, F_D_IN, resp_readcap, NULL, /* READ CAPACITY(10) */
703 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
704 0, 0} },
705 {ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
706 resp_read_dt0, read_iarr, {16, 0xfe, 0xff, 0xff, 0xff, 0xff,
707 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
708/* 10 */
709 {ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
710 resp_write_dt0, write_iarr, /* WRITE(16) */
711 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
712 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
713 {0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
714 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
715 {ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
716 resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
717 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
718 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
719 {0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
720 NULL, {16, 0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
721 0xff, 0xff, 0xff, 0xff, 0xc7} }, /* SA_OUT(16), WRITE SCAT(16) */
722 {ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
723 resp_report_tgtpgs, /* MAINT IN, REPORT TARGET PORT GROUPS */
724 maint_in_iarr, {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
725 0xff, 0, 0xc7, 0, 0, 0, 0} },
726/* 15 */
727 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
728 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
729 {ARRAY_SIZE(verify_iarr), 0x8f, 0,
730 F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify, /* VERIFY(16) */
731 verify_iarr, {16, 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
732 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },
733 {ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
734 resp_read_dt0, vl_iarr, /* VARIABLE LENGTH, READ(32) */
735 {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
736 0xff, 0xff} },
737 {ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
738 NULL, reserve_iarr, /* RESERVE(10) <no response function> */
739 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
740 0} },
741 {ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
742 NULL, release_iarr, /* RELEASE(10) <no response function> */
743 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
744 0} },
745/* 20 */
746 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
747 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
748 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
749 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
750 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
751 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
752 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
753 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
754 {0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
755 {10, 0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
756/* 25 */
757 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
758 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
759 0, 0, 0, 0} }, /* WRITE_BUFFER */
760 {ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
761 resp_write_same_10, write_same_iarr, /* WRITE SAME(10) */
762 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
763 0, 0, 0, 0, 0} },
764 {ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
765 resp_sync_cache, sync_cache_iarr,
766 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
767 0, 0, 0, 0} }, /* SYNC_CACHE (10) */
768 {0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
769 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
770 0, 0xff, 0x3f, 0xc7} }, /* COMPARE AND WRITE */
771 {ARRAY_SIZE(pre_fetch_iarr), 0x34, 0, F_SYNC_DELAY | FF_MEDIA_IO,
772 resp_pre_fetch, pre_fetch_iarr,
773 {10, 0x2, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
774 0, 0, 0, 0} }, /* PRE-FETCH (10) */
775
776/* 30 */
777 {ARRAY_SIZE(zone_out_iarr), 0x94, 0x3, F_SA_LOW | F_M_ACCESS,
778 resp_open_zone, zone_out_iarr, /* ZONE_OUT(16), OPEN ZONE) */
779 {16, 0x3 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
780 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0x1, 0xc7} },
781 {ARRAY_SIZE(zone_in_iarr), 0x95, 0x0, F_SA_LOW | F_M_ACCESS,
782 resp_report_zones, zone_in_iarr, /* ZONE_IN(16), REPORT ZONES) */
783 {16, 0x0 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
784 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xc7} },
785/* sentinel */
786 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
787 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
788};
789
790static int sdebug_num_hosts;
791static int sdebug_add_host = DEF_NUM_HOST; /* in sysfs this is relative */
792static int sdebug_ato = DEF_ATO;
793static int sdebug_cdb_len = DEF_CDB_LEN;
794static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
795static int sdebug_dev_size_mb = DEF_DEV_SIZE_PRE_INIT;
796static int sdebug_dif = DEF_DIF;
797static int sdebug_dix = DEF_DIX;
798static int sdebug_dsense = DEF_D_SENSE;
799static int sdebug_every_nth = DEF_EVERY_NTH;
800static int sdebug_fake_rw = DEF_FAKE_RW;
801static unsigned int sdebug_guard = DEF_GUARD;
802static int sdebug_host_max_queue; /* per host */
803static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
804static int sdebug_max_luns = DEF_MAX_LUNS;
805static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
806static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
807static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
808static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
809static int sdebug_no_lun_0 = DEF_NO_LUN_0;
810static int sdebug_no_uld;
811static int sdebug_num_parts = DEF_NUM_PARTS;
812static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
813static int sdebug_opt_blks = DEF_OPT_BLKS;
814static int sdebug_opts = DEF_OPTS;
815static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
816static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
817static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
818static int sdebug_scsi_level = DEF_SCSI_LEVEL;
819static int sdebug_sector_size = DEF_SECTOR_SIZE;
820static int sdeb_tur_ms_to_ready = DEF_TUR_MS_TO_READY;
821static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
822static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
823static unsigned int sdebug_lbpu = DEF_LBPU;
824static unsigned int sdebug_lbpws = DEF_LBPWS;
825static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
826static unsigned int sdebug_lbprz = DEF_LBPRZ;
827static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
828static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
829static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
830static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
831static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
832static int sdebug_uuid_ctl = DEF_UUID_CTL;
833static bool sdebug_random = DEF_RANDOM;
834static bool sdebug_per_host_store = DEF_PER_HOST_STORE;
835static bool sdebug_removable = DEF_REMOVABLE;
836static bool sdebug_clustering;
837static bool sdebug_host_lock = DEF_HOST_LOCK;
838static bool sdebug_strict = DEF_STRICT;
839static bool sdebug_any_injecting_opt;
840static bool sdebug_no_rwlock;
841static bool sdebug_verbose;
842static bool have_dif_prot;
843static bool write_since_sync;
844static bool sdebug_statistics = DEF_STATISTICS;
845static bool sdebug_wp;
846static bool sdebug_allow_restart;
847static enum {
848 BLK_ZONED_NONE = 0,
849 BLK_ZONED_HA = 1,
850 BLK_ZONED_HM = 2,
851} sdeb_zbc_model = BLK_ZONED_NONE;
852static char *sdeb_zbc_model_s;
853
854enum sam_lun_addr_method {SAM_LUN_AM_PERIPHERAL = 0x0,
855 SAM_LUN_AM_FLAT = 0x1,
856 SAM_LUN_AM_LOGICAL_UNIT = 0x2,
857 SAM_LUN_AM_EXTENDED = 0x3};
858static enum sam_lun_addr_method sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
859static int sdebug_lun_am_i = (int)SAM_LUN_AM_PERIPHERAL;
860
861static unsigned int sdebug_store_sectors;
862static sector_t sdebug_capacity; /* in sectors */
863
864/* old BIOS stuff, kernel may get rid of them but some mode sense pages
865 may still need them */
866static int sdebug_heads; /* heads per disk */
867static int sdebug_cylinders_per; /* cylinders per surface */
868static int sdebug_sectors_per; /* sectors per cylinder */
869
870static LIST_HEAD(sdebug_host_list);
871static DEFINE_MUTEX(sdebug_host_list_mutex);
872
873static struct xarray per_store_arr;
874static struct xarray *per_store_ap = &per_store_arr;
875static int sdeb_first_idx = -1; /* invalid index ==> none created */
876static int sdeb_most_recent_idx = -1;
877static DEFINE_RWLOCK(sdeb_fake_rw_lck); /* need a RW lock when fake_rw=1 */
878
879static unsigned long map_size;
880static int num_aborts;
881static int num_dev_resets;
882static int num_target_resets;
883static int num_bus_resets;
884static int num_host_resets;
885static int dix_writes;
886static int dix_reads;
887static int dif_errors;
888
889/* ZBC global data */
890static bool sdeb_zbc_in_use; /* true for host-aware and host-managed disks */
891static int sdeb_zbc_zone_cap_mb;
892static int sdeb_zbc_zone_size_mb;
893static int sdeb_zbc_max_open = DEF_ZBC_MAX_OPEN_ZONES;
894static int sdeb_zbc_nr_conv = DEF_ZBC_NR_CONV_ZONES;
895
896static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
897static int poll_queues; /* iouring iopoll interface.*/
898
899static char sdebug_proc_name[] = MY_NAME;
900static const char *my_name = MY_NAME;
901
902static struct bus_type pseudo_lld_bus;
903
904static struct device_driver sdebug_driverfs_driver = {
905 .name = sdebug_proc_name,
906 .bus = &pseudo_lld_bus,
907};
908
909static const int check_condition_result =
910 SAM_STAT_CHECK_CONDITION;
911
912static const int illegal_condition_result =
913 (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
914
915static const int device_qfull_result =
916 (DID_ABORT << 16) | SAM_STAT_TASK_SET_FULL;
917
918static const int condition_met_result = SAM_STAT_CONDITION_MET;
919
920static struct dentry *sdebug_debugfs_root;
921
922static void sdebug_err_free(struct rcu_head *head)
923{
924 struct sdebug_err_inject *inject =
925 container_of(head, typeof(*inject), rcu);
926
927 kfree(inject);
928}
929
930static void sdebug_err_add(struct scsi_device *sdev, struct sdebug_err_inject *new)
931{
932 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
933 struct sdebug_err_inject *err;
934
935 spin_lock(&devip->list_lock);
936 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
937 if (err->type == new->type && err->cmd == new->cmd) {
938 list_del_rcu(&err->list);
939 call_rcu(&err->rcu, sdebug_err_free);
940 }
941 }
942
943 list_add_tail_rcu(&new->list, &devip->inject_err_list);
944 spin_unlock(&devip->list_lock);
945}
946
947static int sdebug_err_remove(struct scsi_device *sdev, const char *buf, size_t count)
948{
949 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
950 struct sdebug_err_inject *err;
951 int type;
952 unsigned char cmd;
953
954 if (sscanf(buf, "- %d %hhx", &type, &cmd) != 2) {
955 kfree(buf);
956 return -EINVAL;
957 }
958
959 spin_lock(&devip->list_lock);
960 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
961 if (err->type == type && err->cmd == cmd) {
962 list_del_rcu(&err->list);
963 call_rcu(&err->rcu, sdebug_err_free);
964 spin_unlock(&devip->list_lock);
965 kfree(buf);
966 return count;
967 }
968 }
969 spin_unlock(&devip->list_lock);
970
971 kfree(buf);
972 return -EINVAL;
973}
974
975static int sdebug_error_show(struct seq_file *m, void *p)
976{
977 struct scsi_device *sdev = (struct scsi_device *)m->private;
978 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
979 struct sdebug_err_inject *err;
980
981 seq_puts(m, "Type\tCount\tCommand\n");
982
983 rcu_read_lock();
984 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
985 switch (err->type) {
986 case ERR_TMOUT_CMD:
987 case ERR_ABORT_CMD_FAILED:
988 case ERR_LUN_RESET_FAILED:
989 seq_printf(m, "%d\t%d\t0x%x\n", err->type, err->cnt,
990 err->cmd);
991 break;
992
993 case ERR_FAIL_QUEUE_CMD:
994 seq_printf(m, "%d\t%d\t0x%x\t0x%x\n", err->type,
995 err->cnt, err->cmd, err->queuecmd_ret);
996 break;
997
998 case ERR_FAIL_CMD:
999 seq_printf(m, "%d\t%d\t0x%x\t0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
1000 err->type, err->cnt, err->cmd,
1001 err->host_byte, err->driver_byte,
1002 err->status_byte, err->sense_key,
1003 err->asc, err->asq);
1004 break;
1005 }
1006 }
1007 rcu_read_unlock();
1008
1009 return 0;
1010}
1011
1012static int sdebug_error_open(struct inode *inode, struct file *file)
1013{
1014 return single_open(file, sdebug_error_show, inode->i_private);
1015}
1016
1017static ssize_t sdebug_error_write(struct file *file, const char __user *ubuf,
1018 size_t count, loff_t *ppos)
1019{
1020 char *buf;
1021 unsigned int inject_type;
1022 struct sdebug_err_inject *inject;
1023 struct scsi_device *sdev = (struct scsi_device *)file->f_inode->i_private;
1024
1025 buf = kzalloc(count + 1, GFP_KERNEL);
1026 if (!buf)
1027 return -ENOMEM;
1028
1029 if (copy_from_user(buf, ubuf, count)) {
1030 kfree(buf);
1031 return -EFAULT;
1032 }
1033
1034 if (buf[0] == '-')
1035 return sdebug_err_remove(sdev, buf, count);
1036
1037 if (sscanf(buf, "%d", &inject_type) != 1) {
1038 kfree(buf);
1039 return -EINVAL;
1040 }
1041
1042 inject = kzalloc(sizeof(struct sdebug_err_inject), GFP_KERNEL);
1043 if (!inject) {
1044 kfree(buf);
1045 return -ENOMEM;
1046 }
1047
1048 switch (inject_type) {
1049 case ERR_TMOUT_CMD:
1050 case ERR_ABORT_CMD_FAILED:
1051 case ERR_LUN_RESET_FAILED:
1052 if (sscanf(buf, "%d %d %hhx", &inject->type, &inject->cnt,
1053 &inject->cmd) != 3)
1054 goto out_error;
1055 break;
1056
1057 case ERR_FAIL_QUEUE_CMD:
1058 if (sscanf(buf, "%d %d %hhx %x", &inject->type, &inject->cnt,
1059 &inject->cmd, &inject->queuecmd_ret) != 4)
1060 goto out_error;
1061 break;
1062
1063 case ERR_FAIL_CMD:
1064 if (sscanf(buf, "%d %d %hhx %hhx %hhx %hhx %hhx %hhx %hhx",
1065 &inject->type, &inject->cnt, &inject->cmd,
1066 &inject->host_byte, &inject->driver_byte,
1067 &inject->status_byte, &inject->sense_key,
1068 &inject->asc, &inject->asq) != 9)
1069 goto out_error;
1070 break;
1071
1072 default:
1073 goto out_error;
1074 break;
1075 }
1076
1077 kfree(buf);
1078 sdebug_err_add(sdev, inject);
1079
1080 return count;
1081
1082out_error:
1083 kfree(buf);
1084 kfree(inject);
1085 return -EINVAL;
1086}
1087
1088static const struct file_operations sdebug_error_fops = {
1089 .open = sdebug_error_open,
1090 .read = seq_read,
1091 .write = sdebug_error_write,
1092 .release = single_release,
1093};
1094
1095static int sdebug_target_reset_fail_show(struct seq_file *m, void *p)
1096{
1097 struct scsi_target *starget = (struct scsi_target *)m->private;
1098 struct sdebug_target_info *targetip =
1099 (struct sdebug_target_info *)starget->hostdata;
1100
1101 if (targetip)
1102 seq_printf(m, "%c\n", targetip->reset_fail ? 'Y' : 'N');
1103
1104 return 0;
1105}
1106
1107static int sdebug_target_reset_fail_open(struct inode *inode, struct file *file)
1108{
1109 return single_open(file, sdebug_target_reset_fail_show, inode->i_private);
1110}
1111
1112static ssize_t sdebug_target_reset_fail_write(struct file *file,
1113 const char __user *ubuf, size_t count, loff_t *ppos)
1114{
1115 int ret;
1116 struct scsi_target *starget =
1117 (struct scsi_target *)file->f_inode->i_private;
1118 struct sdebug_target_info *targetip =
1119 (struct sdebug_target_info *)starget->hostdata;
1120
1121 if (targetip) {
1122 ret = kstrtobool_from_user(ubuf, count, &targetip->reset_fail);
1123 return ret < 0 ? ret : count;
1124 }
1125 return -ENODEV;
1126}
1127
1128static const struct file_operations sdebug_target_reset_fail_fops = {
1129 .open = sdebug_target_reset_fail_open,
1130 .read = seq_read,
1131 .write = sdebug_target_reset_fail_write,
1132 .release = single_release,
1133};
1134
1135static int sdebug_target_alloc(struct scsi_target *starget)
1136{
1137 struct sdebug_target_info *targetip;
1138
1139 targetip = kzalloc(sizeof(struct sdebug_target_info), GFP_KERNEL);
1140 if (!targetip)
1141 return -ENOMEM;
1142
1143 targetip->debugfs_entry = debugfs_create_dir(dev_name(&starget->dev),
1144 sdebug_debugfs_root);
1145
1146 debugfs_create_file("fail_reset", 0600, targetip->debugfs_entry, starget,
1147 &sdebug_target_reset_fail_fops);
1148
1149 starget->hostdata = targetip;
1150
1151 return 0;
1152}
1153
1154static void sdebug_tartget_cleanup_async(void *data, async_cookie_t cookie)
1155{
1156 struct sdebug_target_info *targetip = data;
1157
1158 debugfs_remove(targetip->debugfs_entry);
1159 kfree(targetip);
1160}
1161
1162static void sdebug_target_destroy(struct scsi_target *starget)
1163{
1164 struct sdebug_target_info *targetip;
1165
1166 targetip = (struct sdebug_target_info *)starget->hostdata;
1167 if (targetip) {
1168 starget->hostdata = NULL;
1169 async_schedule(sdebug_tartget_cleanup_async, targetip);
1170 }
1171}
1172
1173/* Only do the extra work involved in logical block provisioning if one or
1174 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
1175 * real reads and writes (i.e. not skipping them for speed).
1176 */
1177static inline bool scsi_debug_lbp(void)
1178{
1179 return 0 == sdebug_fake_rw &&
1180 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
1181}
1182
1183static void *lba2fake_store(struct sdeb_store_info *sip,
1184 unsigned long long lba)
1185{
1186 struct sdeb_store_info *lsip = sip;
1187
1188 lba = do_div(lba, sdebug_store_sectors);
1189 if (!sip || !sip->storep) {
1190 WARN_ON_ONCE(true);
1191 lsip = xa_load(per_store_ap, 0); /* should never be NULL */
1192 }
1193 return lsip->storep + lba * sdebug_sector_size;
1194}
1195
1196static struct t10_pi_tuple *dif_store(struct sdeb_store_info *sip,
1197 sector_t sector)
1198{
1199 sector = sector_div(sector, sdebug_store_sectors);
1200
1201 return sip->dif_storep + sector;
1202}
1203
1204static void sdebug_max_tgts_luns(void)
1205{
1206 struct sdebug_host_info *sdbg_host;
1207 struct Scsi_Host *hpnt;
1208
1209 mutex_lock(&sdebug_host_list_mutex);
1210 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1211 hpnt = sdbg_host->shost;
1212 if ((hpnt->this_id >= 0) &&
1213 (sdebug_num_tgts > hpnt->this_id))
1214 hpnt->max_id = sdebug_num_tgts + 1;
1215 else
1216 hpnt->max_id = sdebug_num_tgts;
1217 /* sdebug_max_luns; */
1218 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
1219 }
1220 mutex_unlock(&sdebug_host_list_mutex);
1221}
1222
1223enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
1224
1225/* Set in_bit to -1 to indicate no bit position of invalid field */
1226static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
1227 enum sdeb_cmd_data c_d,
1228 int in_byte, int in_bit)
1229{
1230 unsigned char *sbuff;
1231 u8 sks[4];
1232 int sl, asc;
1233
1234 sbuff = scp->sense_buffer;
1235 if (!sbuff) {
1236 sdev_printk(KERN_ERR, scp->device,
1237 "%s: sense_buffer is NULL\n", __func__);
1238 return;
1239 }
1240 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
1241 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
1242 scsi_build_sense(scp, sdebug_dsense, ILLEGAL_REQUEST, asc, 0);
1243 memset(sks, 0, sizeof(sks));
1244 sks[0] = 0x80;
1245 if (c_d)
1246 sks[0] |= 0x40;
1247 if (in_bit >= 0) {
1248 sks[0] |= 0x8;
1249 sks[0] |= 0x7 & in_bit;
1250 }
1251 put_unaligned_be16(in_byte, sks + 1);
1252 if (sdebug_dsense) {
1253 sl = sbuff[7] + 8;
1254 sbuff[7] = sl;
1255 sbuff[sl] = 0x2;
1256 sbuff[sl + 1] = 0x6;
1257 memcpy(sbuff + sl + 4, sks, 3);
1258 } else
1259 memcpy(sbuff + 15, sks, 3);
1260 if (sdebug_verbose)
1261 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
1262 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
1263 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
1264}
1265
1266static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
1267{
1268 if (!scp->sense_buffer) {
1269 sdev_printk(KERN_ERR, scp->device,
1270 "%s: sense_buffer is NULL\n", __func__);
1271 return;
1272 }
1273 memset(scp->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
1274
1275 scsi_build_sense(scp, sdebug_dsense, key, asc, asq);
1276
1277 if (sdebug_verbose)
1278 sdev_printk(KERN_INFO, scp->device,
1279 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
1280 my_name, key, asc, asq);
1281}
1282
1283static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
1284{
1285 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
1286}
1287
1288static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
1289 void __user *arg)
1290{
1291 if (sdebug_verbose) {
1292 if (0x1261 == cmd)
1293 sdev_printk(KERN_INFO, dev,
1294 "%s: BLKFLSBUF [0x1261]\n", __func__);
1295 else if (0x5331 == cmd)
1296 sdev_printk(KERN_INFO, dev,
1297 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
1298 __func__);
1299 else
1300 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
1301 __func__, cmd);
1302 }
1303 return -EINVAL;
1304 /* return -ENOTTY; // correct return but upsets fdisk */
1305}
1306
1307static void config_cdb_len(struct scsi_device *sdev)
1308{
1309 switch (sdebug_cdb_len) {
1310 case 6: /* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
1311 sdev->use_10_for_rw = false;
1312 sdev->use_16_for_rw = false;
1313 sdev->use_10_for_ms = false;
1314 break;
1315 case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
1316 sdev->use_10_for_rw = true;
1317 sdev->use_16_for_rw = false;
1318 sdev->use_10_for_ms = false;
1319 break;
1320 case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
1321 sdev->use_10_for_rw = true;
1322 sdev->use_16_for_rw = false;
1323 sdev->use_10_for_ms = true;
1324 break;
1325 case 16:
1326 sdev->use_10_for_rw = false;
1327 sdev->use_16_for_rw = true;
1328 sdev->use_10_for_ms = true;
1329 break;
1330 case 32: /* No knobs to suggest this so same as 16 for now */
1331 sdev->use_10_for_rw = false;
1332 sdev->use_16_for_rw = true;
1333 sdev->use_10_for_ms = true;
1334 break;
1335 default:
1336 pr_warn("unexpected cdb_len=%d, force to 10\n",
1337 sdebug_cdb_len);
1338 sdev->use_10_for_rw = true;
1339 sdev->use_16_for_rw = false;
1340 sdev->use_10_for_ms = false;
1341 sdebug_cdb_len = 10;
1342 break;
1343 }
1344}
1345
1346static void all_config_cdb_len(void)
1347{
1348 struct sdebug_host_info *sdbg_host;
1349 struct Scsi_Host *shost;
1350 struct scsi_device *sdev;
1351
1352 mutex_lock(&sdebug_host_list_mutex);
1353 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1354 shost = sdbg_host->shost;
1355 shost_for_each_device(sdev, shost) {
1356 config_cdb_len(sdev);
1357 }
1358 }
1359 mutex_unlock(&sdebug_host_list_mutex);
1360}
1361
1362static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
1363{
1364 struct sdebug_host_info *sdhp = devip->sdbg_host;
1365 struct sdebug_dev_info *dp;
1366
1367 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
1368 if ((devip->sdbg_host == dp->sdbg_host) &&
1369 (devip->target == dp->target)) {
1370 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
1371 }
1372 }
1373}
1374
1375static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1376{
1377 int k;
1378
1379 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
1380 if (k != SDEBUG_NUM_UAS) {
1381 const char *cp = NULL;
1382
1383 switch (k) {
1384 case SDEBUG_UA_POR:
1385 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1386 POWER_ON_RESET_ASCQ);
1387 if (sdebug_verbose)
1388 cp = "power on reset";
1389 break;
1390 case SDEBUG_UA_POOCCUR:
1391 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1392 POWER_ON_OCCURRED_ASCQ);
1393 if (sdebug_verbose)
1394 cp = "power on occurred";
1395 break;
1396 case SDEBUG_UA_BUS_RESET:
1397 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1398 BUS_RESET_ASCQ);
1399 if (sdebug_verbose)
1400 cp = "bus reset";
1401 break;
1402 case SDEBUG_UA_MODE_CHANGED:
1403 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1404 MODE_CHANGED_ASCQ);
1405 if (sdebug_verbose)
1406 cp = "mode parameters changed";
1407 break;
1408 case SDEBUG_UA_CAPACITY_CHANGED:
1409 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1410 CAPACITY_CHANGED_ASCQ);
1411 if (sdebug_verbose)
1412 cp = "capacity data changed";
1413 break;
1414 case SDEBUG_UA_MICROCODE_CHANGED:
1415 mk_sense_buffer(scp, UNIT_ATTENTION,
1416 TARGET_CHANGED_ASC,
1417 MICROCODE_CHANGED_ASCQ);
1418 if (sdebug_verbose)
1419 cp = "microcode has been changed";
1420 break;
1421 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
1422 mk_sense_buffer(scp, UNIT_ATTENTION,
1423 TARGET_CHANGED_ASC,
1424 MICROCODE_CHANGED_WO_RESET_ASCQ);
1425 if (sdebug_verbose)
1426 cp = "microcode has been changed without reset";
1427 break;
1428 case SDEBUG_UA_LUNS_CHANGED:
1429 /*
1430 * SPC-3 behavior is to report a UNIT ATTENTION with
1431 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
1432 * on the target, until a REPORT LUNS command is
1433 * received. SPC-4 behavior is to report it only once.
1434 * NOTE: sdebug_scsi_level does not use the same
1435 * values as struct scsi_device->scsi_level.
1436 */
1437 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
1438 clear_luns_changed_on_target(devip);
1439 mk_sense_buffer(scp, UNIT_ATTENTION,
1440 TARGET_CHANGED_ASC,
1441 LUNS_CHANGED_ASCQ);
1442 if (sdebug_verbose)
1443 cp = "reported luns data has changed";
1444 break;
1445 default:
1446 pr_warn("unexpected unit attention code=%d\n", k);
1447 if (sdebug_verbose)
1448 cp = "unknown";
1449 break;
1450 }
1451 clear_bit(k, devip->uas_bm);
1452 if (sdebug_verbose)
1453 sdev_printk(KERN_INFO, scp->device,
1454 "%s reports: Unit attention: %s\n",
1455 my_name, cp);
1456 return check_condition_result;
1457 }
1458 return 0;
1459}
1460
1461/* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1462static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1463 int arr_len)
1464{
1465 int act_len;
1466 struct scsi_data_buffer *sdb = &scp->sdb;
1467
1468 if (!sdb->length)
1469 return 0;
1470 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1471 return DID_ERROR << 16;
1472
1473 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1474 arr, arr_len);
1475 scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1476
1477 return 0;
1478}
1479
1480/* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1481 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1482 * calls, not required to write in ascending offset order. Assumes resid
1483 * set to scsi_bufflen() prior to any calls.
1484 */
1485static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1486 int arr_len, unsigned int off_dst)
1487{
1488 unsigned int act_len, n;
1489 struct scsi_data_buffer *sdb = &scp->sdb;
1490 off_t skip = off_dst;
1491
1492 if (sdb->length <= off_dst)
1493 return 0;
1494 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1495 return DID_ERROR << 16;
1496
1497 act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1498 arr, arr_len, skip);
1499 pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1500 __func__, off_dst, scsi_bufflen(scp), act_len,
1501 scsi_get_resid(scp));
1502 n = scsi_bufflen(scp) - (off_dst + act_len);
1503 scsi_set_resid(scp, min_t(u32, scsi_get_resid(scp), n));
1504 return 0;
1505}
1506
1507/* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1508 * 'arr' or -1 if error.
1509 */
1510static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1511 int arr_len)
1512{
1513 if (!scsi_bufflen(scp))
1514 return 0;
1515 if (scp->sc_data_direction != DMA_TO_DEVICE)
1516 return -1;
1517
1518 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1519}
1520
1521
1522static char sdebug_inq_vendor_id[9] = "Linux ";
1523static char sdebug_inq_product_id[17] = "scsi_debug ";
1524static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1525/* Use some locally assigned NAAs for SAS addresses. */
1526static const u64 naa3_comp_a = 0x3222222000000000ULL;
1527static const u64 naa3_comp_b = 0x3333333000000000ULL;
1528static const u64 naa3_comp_c = 0x3111111000000000ULL;
1529
1530/* Device identification VPD page. Returns number of bytes placed in arr */
1531static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1532 int target_dev_id, int dev_id_num,
1533 const char *dev_id_str, int dev_id_str_len,
1534 const uuid_t *lu_name)
1535{
1536 int num, port_a;
1537 char b[32];
1538
1539 port_a = target_dev_id + 1;
1540 /* T10 vendor identifier field format (faked) */
1541 arr[0] = 0x2; /* ASCII */
1542 arr[1] = 0x1;
1543 arr[2] = 0x0;
1544 memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1545 memcpy(&arr[12], sdebug_inq_product_id, 16);
1546 memcpy(&arr[28], dev_id_str, dev_id_str_len);
1547 num = 8 + 16 + dev_id_str_len;
1548 arr[3] = num;
1549 num += 4;
1550 if (dev_id_num >= 0) {
1551 if (sdebug_uuid_ctl) {
1552 /* Locally assigned UUID */
1553 arr[num++] = 0x1; /* binary (not necessarily sas) */
1554 arr[num++] = 0xa; /* PIV=0, lu, naa */
1555 arr[num++] = 0x0;
1556 arr[num++] = 0x12;
1557 arr[num++] = 0x10; /* uuid type=1, locally assigned */
1558 arr[num++] = 0x0;
1559 memcpy(arr + num, lu_name, 16);
1560 num += 16;
1561 } else {
1562 /* NAA-3, Logical unit identifier (binary) */
1563 arr[num++] = 0x1; /* binary (not necessarily sas) */
1564 arr[num++] = 0x3; /* PIV=0, lu, naa */
1565 arr[num++] = 0x0;
1566 arr[num++] = 0x8;
1567 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1568 num += 8;
1569 }
1570 /* Target relative port number */
1571 arr[num++] = 0x61; /* proto=sas, binary */
1572 arr[num++] = 0x94; /* PIV=1, target port, rel port */
1573 arr[num++] = 0x0; /* reserved */
1574 arr[num++] = 0x4; /* length */
1575 arr[num++] = 0x0; /* reserved */
1576 arr[num++] = 0x0; /* reserved */
1577 arr[num++] = 0x0;
1578 arr[num++] = 0x1; /* relative port A */
1579 }
1580 /* NAA-3, Target port identifier */
1581 arr[num++] = 0x61; /* proto=sas, binary */
1582 arr[num++] = 0x93; /* piv=1, target port, naa */
1583 arr[num++] = 0x0;
1584 arr[num++] = 0x8;
1585 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1586 num += 8;
1587 /* NAA-3, Target port group identifier */
1588 arr[num++] = 0x61; /* proto=sas, binary */
1589 arr[num++] = 0x95; /* piv=1, target port group id */
1590 arr[num++] = 0x0;
1591 arr[num++] = 0x4;
1592 arr[num++] = 0;
1593 arr[num++] = 0;
1594 put_unaligned_be16(port_group_id, arr + num);
1595 num += 2;
1596 /* NAA-3, Target device identifier */
1597 arr[num++] = 0x61; /* proto=sas, binary */
1598 arr[num++] = 0xa3; /* piv=1, target device, naa */
1599 arr[num++] = 0x0;
1600 arr[num++] = 0x8;
1601 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1602 num += 8;
1603 /* SCSI name string: Target device identifier */
1604 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1605 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1606 arr[num++] = 0x0;
1607 arr[num++] = 24;
1608 memcpy(arr + num, "naa.32222220", 12);
1609 num += 12;
1610 snprintf(b, sizeof(b), "%08X", target_dev_id);
1611 memcpy(arr + num, b, 8);
1612 num += 8;
1613 memset(arr + num, 0, 4);
1614 num += 4;
1615 return num;
1616}
1617
1618static unsigned char vpd84_data[] = {
1619/* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1620 0x22,0x22,0x22,0x0,0xbb,0x1,
1621 0x22,0x22,0x22,0x0,0xbb,0x2,
1622};
1623
1624/* Software interface identification VPD page */
1625static int inquiry_vpd_84(unsigned char *arr)
1626{
1627 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1628 return sizeof(vpd84_data);
1629}
1630
1631/* Management network addresses VPD page */
1632static int inquiry_vpd_85(unsigned char *arr)
1633{
1634 int num = 0;
1635 const char *na1 = "https://www.kernel.org/config";
1636 const char *na2 = "http://www.kernel.org/log";
1637 int plen, olen;
1638
1639 arr[num++] = 0x1; /* lu, storage config */
1640 arr[num++] = 0x0; /* reserved */
1641 arr[num++] = 0x0;
1642 olen = strlen(na1);
1643 plen = olen + 1;
1644 if (plen % 4)
1645 plen = ((plen / 4) + 1) * 4;
1646 arr[num++] = plen; /* length, null termianted, padded */
1647 memcpy(arr + num, na1, olen);
1648 memset(arr + num + olen, 0, plen - olen);
1649 num += plen;
1650
1651 arr[num++] = 0x4; /* lu, logging */
1652 arr[num++] = 0x0; /* reserved */
1653 arr[num++] = 0x0;
1654 olen = strlen(na2);
1655 plen = olen + 1;
1656 if (plen % 4)
1657 plen = ((plen / 4) + 1) * 4;
1658 arr[num++] = plen; /* length, null terminated, padded */
1659 memcpy(arr + num, na2, olen);
1660 memset(arr + num + olen, 0, plen - olen);
1661 num += plen;
1662
1663 return num;
1664}
1665
1666/* SCSI ports VPD page */
1667static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1668{
1669 int num = 0;
1670 int port_a, port_b;
1671
1672 port_a = target_dev_id + 1;
1673 port_b = port_a + 1;
1674 arr[num++] = 0x0; /* reserved */
1675 arr[num++] = 0x0; /* reserved */
1676 arr[num++] = 0x0;
1677 arr[num++] = 0x1; /* relative port 1 (primary) */
1678 memset(arr + num, 0, 6);
1679 num += 6;
1680 arr[num++] = 0x0;
1681 arr[num++] = 12; /* length tp descriptor */
1682 /* naa-5 target port identifier (A) */
1683 arr[num++] = 0x61; /* proto=sas, binary */
1684 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1685 arr[num++] = 0x0; /* reserved */
1686 arr[num++] = 0x8; /* length */
1687 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1688 num += 8;
1689 arr[num++] = 0x0; /* reserved */
1690 arr[num++] = 0x0; /* reserved */
1691 arr[num++] = 0x0;
1692 arr[num++] = 0x2; /* relative port 2 (secondary) */
1693 memset(arr + num, 0, 6);
1694 num += 6;
1695 arr[num++] = 0x0;
1696 arr[num++] = 12; /* length tp descriptor */
1697 /* naa-5 target port identifier (B) */
1698 arr[num++] = 0x61; /* proto=sas, binary */
1699 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1700 arr[num++] = 0x0; /* reserved */
1701 arr[num++] = 0x8; /* length */
1702 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1703 num += 8;
1704
1705 return num;
1706}
1707
1708
1709static unsigned char vpd89_data[] = {
1710/* from 4th byte */ 0,0,0,0,
1711'l','i','n','u','x',' ',' ',' ',
1712'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1713'1','2','3','4',
17140x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
17150xec,0,0,0,
17160x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
17170,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
17180x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
17190x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
17200x53,0x41,
17210x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
17220x20,0x20,
17230x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
17240x10,0x80,
17250,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
17260x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
17270x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
17280,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
17290x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
17300x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
17310,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
17320,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17330,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17340,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17350x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
17360,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
17370xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
17380,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
17390,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17400,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17410,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17420,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17430,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17440,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17450,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17460,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17470,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17480,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17490,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
17500,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1751};
1752
1753/* ATA Information VPD page */
1754static int inquiry_vpd_89(unsigned char *arr)
1755{
1756 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1757 return sizeof(vpd89_data);
1758}
1759
1760
1761static unsigned char vpdb0_data[] = {
1762 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1763 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1764 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1765 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1766};
1767
1768/* Block limits VPD page (SBC-3) */
1769static int inquiry_vpd_b0(unsigned char *arr)
1770{
1771 unsigned int gran;
1772
1773 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1774
1775 /* Optimal transfer length granularity */
1776 if (sdebug_opt_xferlen_exp != 0 &&
1777 sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1778 gran = 1 << sdebug_opt_xferlen_exp;
1779 else
1780 gran = 1 << sdebug_physblk_exp;
1781 put_unaligned_be16(gran, arr + 2);
1782
1783 /* Maximum Transfer Length */
1784 if (sdebug_store_sectors > 0x400)
1785 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1786
1787 /* Optimal Transfer Length */
1788 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1789
1790 if (sdebug_lbpu) {
1791 /* Maximum Unmap LBA Count */
1792 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1793
1794 /* Maximum Unmap Block Descriptor Count */
1795 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1796 }
1797
1798 /* Unmap Granularity Alignment */
1799 if (sdebug_unmap_alignment) {
1800 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1801 arr[28] |= 0x80; /* UGAVALID */
1802 }
1803
1804 /* Optimal Unmap Granularity */
1805 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1806
1807 /* Maximum WRITE SAME Length */
1808 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1809
1810 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1811}
1812
1813/* Block device characteristics VPD page (SBC-3) */
1814static int inquiry_vpd_b1(struct sdebug_dev_info *devip, unsigned char *arr)
1815{
1816 memset(arr, 0, 0x3c);
1817 arr[0] = 0;
1818 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1819 arr[2] = 0;
1820 arr[3] = 5; /* less than 1.8" */
1821
1822 return 0x3c;
1823}
1824
1825/* Logical block provisioning VPD page (SBC-4) */
1826static int inquiry_vpd_b2(unsigned char *arr)
1827{
1828 memset(arr, 0, 0x4);
1829 arr[0] = 0; /* threshold exponent */
1830 if (sdebug_lbpu)
1831 arr[1] = 1 << 7;
1832 if (sdebug_lbpws)
1833 arr[1] |= 1 << 6;
1834 if (sdebug_lbpws10)
1835 arr[1] |= 1 << 5;
1836 if (sdebug_lbprz && scsi_debug_lbp())
1837 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1838 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1839 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1840 /* threshold_percentage=0 */
1841 return 0x4;
1842}
1843
1844/* Zoned block device characteristics VPD page (ZBC mandatory) */
1845static int inquiry_vpd_b6(struct sdebug_dev_info *devip, unsigned char *arr)
1846{
1847 memset(arr, 0, 0x3c);
1848 arr[0] = 0x1; /* set URSWRZ (unrestricted read in seq. wr req zone) */
1849 /*
1850 * Set Optimal number of open sequential write preferred zones and
1851 * Optimal number of non-sequentially written sequential write
1852 * preferred zones fields to 'not reported' (0xffffffff). Leave other
1853 * fields set to zero, apart from Max. number of open swrz_s field.
1854 */
1855 put_unaligned_be32(0xffffffff, &arr[4]);
1856 put_unaligned_be32(0xffffffff, &arr[8]);
1857 if (sdeb_zbc_model == BLK_ZONED_HM && devip->max_open)
1858 put_unaligned_be32(devip->max_open, &arr[12]);
1859 else
1860 put_unaligned_be32(0xffffffff, &arr[12]);
1861 if (devip->zcap < devip->zsize) {
1862 arr[19] = ZBC_CONSTANT_ZONE_START_OFFSET;
1863 put_unaligned_be64(devip->zsize, &arr[20]);
1864 } else {
1865 arr[19] = 0;
1866 }
1867 return 0x3c;
1868}
1869
1870#define SDEBUG_LONG_INQ_SZ 96
1871#define SDEBUG_MAX_INQ_ARR_SZ 584
1872
1873static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1874{
1875 unsigned char pq_pdt;
1876 unsigned char *arr;
1877 unsigned char *cmd = scp->cmnd;
1878 u32 alloc_len, n;
1879 int ret;
1880 bool have_wlun, is_disk, is_zbc, is_disk_zbc;
1881
1882 alloc_len = get_unaligned_be16(cmd + 3);
1883 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1884 if (! arr)
1885 return DID_REQUEUE << 16;
1886 is_disk = (sdebug_ptype == TYPE_DISK);
1887 is_zbc = devip->zoned;
1888 is_disk_zbc = (is_disk || is_zbc);
1889 have_wlun = scsi_is_wlun(scp->device->lun);
1890 if (have_wlun)
1891 pq_pdt = TYPE_WLUN; /* present, wlun */
1892 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1893 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1894 else
1895 pq_pdt = (sdebug_ptype & 0x1f);
1896 arr[0] = pq_pdt;
1897 if (0x2 & cmd[1]) { /* CMDDT bit set */
1898 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1899 kfree(arr);
1900 return check_condition_result;
1901 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1902 int lu_id_num, port_group_id, target_dev_id;
1903 u32 len;
1904 char lu_id_str[6];
1905 int host_no = devip->sdbg_host->shost->host_no;
1906
1907 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1908 (devip->channel & 0x7f);
1909 if (sdebug_vpd_use_hostno == 0)
1910 host_no = 0;
1911 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1912 (devip->target * 1000) + devip->lun);
1913 target_dev_id = ((host_no + 1) * 2000) +
1914 (devip->target * 1000) - 3;
1915 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1916 if (0 == cmd[2]) { /* supported vital product data pages */
1917 arr[1] = cmd[2]; /*sanity */
1918 n = 4;
1919 arr[n++] = 0x0; /* this page */
1920 arr[n++] = 0x80; /* unit serial number */
1921 arr[n++] = 0x83; /* device identification */
1922 arr[n++] = 0x84; /* software interface ident. */
1923 arr[n++] = 0x85; /* management network addresses */
1924 arr[n++] = 0x86; /* extended inquiry */
1925 arr[n++] = 0x87; /* mode page policy */
1926 arr[n++] = 0x88; /* SCSI ports */
1927 if (is_disk_zbc) { /* SBC or ZBC */
1928 arr[n++] = 0x89; /* ATA information */
1929 arr[n++] = 0xb0; /* Block limits */
1930 arr[n++] = 0xb1; /* Block characteristics */
1931 if (is_disk)
1932 arr[n++] = 0xb2; /* LB Provisioning */
1933 if (is_zbc)
1934 arr[n++] = 0xb6; /* ZB dev. char. */
1935 }
1936 arr[3] = n - 4; /* number of supported VPD pages */
1937 } else if (0x80 == cmd[2]) { /* unit serial number */
1938 arr[1] = cmd[2]; /*sanity */
1939 arr[3] = len;
1940 memcpy(&arr[4], lu_id_str, len);
1941 } else if (0x83 == cmd[2]) { /* device identification */
1942 arr[1] = cmd[2]; /*sanity */
1943 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1944 target_dev_id, lu_id_num,
1945 lu_id_str, len,
1946 &devip->lu_name);
1947 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1948 arr[1] = cmd[2]; /*sanity */
1949 arr[3] = inquiry_vpd_84(&arr[4]);
1950 } else if (0x85 == cmd[2]) { /* Management network addresses */
1951 arr[1] = cmd[2]; /*sanity */
1952 arr[3] = inquiry_vpd_85(&arr[4]);
1953 } else if (0x86 == cmd[2]) { /* extended inquiry */
1954 arr[1] = cmd[2]; /*sanity */
1955 arr[3] = 0x3c; /* number of following entries */
1956 if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1957 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1958 else if (have_dif_prot)
1959 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1960 else
1961 arr[4] = 0x0; /* no protection stuff */
1962 arr[5] = 0x7; /* head of q, ordered + simple q's */
1963 } else if (0x87 == cmd[2]) { /* mode page policy */
1964 arr[1] = cmd[2]; /*sanity */
1965 arr[3] = 0x8; /* number of following entries */
1966 arr[4] = 0x2; /* disconnect-reconnect mp */
1967 arr[6] = 0x80; /* mlus, shared */
1968 arr[8] = 0x18; /* protocol specific lu */
1969 arr[10] = 0x82; /* mlus, per initiator port */
1970 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1971 arr[1] = cmd[2]; /*sanity */
1972 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1973 } else if (is_disk_zbc && 0x89 == cmd[2]) { /* ATA info */
1974 arr[1] = cmd[2]; /*sanity */
1975 n = inquiry_vpd_89(&arr[4]);
1976 put_unaligned_be16(n, arr + 2);
1977 } else if (is_disk_zbc && 0xb0 == cmd[2]) { /* Block limits */
1978 arr[1] = cmd[2]; /*sanity */
1979 arr[3] = inquiry_vpd_b0(&arr[4]);
1980 } else if (is_disk_zbc && 0xb1 == cmd[2]) { /* Block char. */
1981 arr[1] = cmd[2]; /*sanity */
1982 arr[3] = inquiry_vpd_b1(devip, &arr[4]);
1983 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1984 arr[1] = cmd[2]; /*sanity */
1985 arr[3] = inquiry_vpd_b2(&arr[4]);
1986 } else if (is_zbc && cmd[2] == 0xb6) { /* ZB dev. charact. */
1987 arr[1] = cmd[2]; /*sanity */
1988 arr[3] = inquiry_vpd_b6(devip, &arr[4]);
1989 } else {
1990 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1991 kfree(arr);
1992 return check_condition_result;
1993 }
1994 len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
1995 ret = fill_from_dev_buffer(scp, arr,
1996 min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
1997 kfree(arr);
1998 return ret;
1999 }
2000 /* drops through here for a standard inquiry */
2001 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
2002 arr[2] = sdebug_scsi_level;
2003 arr[3] = 2; /* response_data_format==2 */
2004 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
2005 arr[5] = (int)have_dif_prot; /* PROTECT bit */
2006 if (sdebug_vpd_use_hostno == 0)
2007 arr[5] |= 0x10; /* claim: implicit TPGS */
2008 arr[6] = 0x10; /* claim: MultiP */
2009 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
2010 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
2011 memcpy(&arr[8], sdebug_inq_vendor_id, 8);
2012 memcpy(&arr[16], sdebug_inq_product_id, 16);
2013 memcpy(&arr[32], sdebug_inq_product_rev, 4);
2014 /* Use Vendor Specific area to place driver date in ASCII hex */
2015 memcpy(&arr[36], sdebug_version_date, 8);
2016 /* version descriptors (2 bytes each) follow */
2017 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
2018 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
2019 n = 62;
2020 if (is_disk) { /* SBC-4 no version claimed */
2021 put_unaligned_be16(0x600, arr + n);
2022 n += 2;
2023 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
2024 put_unaligned_be16(0x525, arr + n);
2025 n += 2;
2026 } else if (is_zbc) { /* ZBC BSR INCITS 536 revision 05 */
2027 put_unaligned_be16(0x624, arr + n);
2028 n += 2;
2029 }
2030 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
2031 ret = fill_from_dev_buffer(scp, arr,
2032 min_t(u32, alloc_len, SDEBUG_LONG_INQ_SZ));
2033 kfree(arr);
2034 return ret;
2035}
2036
2037/* See resp_iec_m_pg() for how this data is manipulated */
2038static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2039 0, 0, 0x0, 0x0};
2040
2041static int resp_requests(struct scsi_cmnd *scp,
2042 struct sdebug_dev_info *devip)
2043{
2044 unsigned char *cmd = scp->cmnd;
2045 unsigned char arr[SCSI_SENSE_BUFFERSIZE]; /* assume >= 18 bytes */
2046 bool dsense = !!(cmd[1] & 1);
2047 u32 alloc_len = cmd[4];
2048 u32 len = 18;
2049 int stopped_state = atomic_read(&devip->stopped);
2050
2051 memset(arr, 0, sizeof(arr));
2052 if (stopped_state > 0) { /* some "pollable" data [spc6r02: 5.12.2] */
2053 if (dsense) {
2054 arr[0] = 0x72;
2055 arr[1] = NOT_READY;
2056 arr[2] = LOGICAL_UNIT_NOT_READY;
2057 arr[3] = (stopped_state == 2) ? 0x1 : 0x2;
2058 len = 8;
2059 } else {
2060 arr[0] = 0x70;
2061 arr[2] = NOT_READY; /* NO_SENSE in sense_key */
2062 arr[7] = 0xa; /* 18 byte sense buffer */
2063 arr[12] = LOGICAL_UNIT_NOT_READY;
2064 arr[13] = (stopped_state == 2) ? 0x1 : 0x2;
2065 }
2066 } else if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
2067 /* Information exceptions control mode page: TEST=1, MRIE=6 */
2068 if (dsense) {
2069 arr[0] = 0x72;
2070 arr[1] = 0x0; /* NO_SENSE in sense_key */
2071 arr[2] = THRESHOLD_EXCEEDED;
2072 arr[3] = 0xff; /* Failure prediction(false) */
2073 len = 8;
2074 } else {
2075 arr[0] = 0x70;
2076 arr[2] = 0x0; /* NO_SENSE in sense_key */
2077 arr[7] = 0xa; /* 18 byte sense buffer */
2078 arr[12] = THRESHOLD_EXCEEDED;
2079 arr[13] = 0xff; /* Failure prediction(false) */
2080 }
2081 } else { /* nothing to report */
2082 if (dsense) {
2083 len = 8;
2084 memset(arr, 0, len);
2085 arr[0] = 0x72;
2086 } else {
2087 memset(arr, 0, len);
2088 arr[0] = 0x70;
2089 arr[7] = 0xa;
2090 }
2091 }
2092 return fill_from_dev_buffer(scp, arr, min_t(u32, len, alloc_len));
2093}
2094
2095static int resp_start_stop(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2096{
2097 unsigned char *cmd = scp->cmnd;
2098 int power_cond, want_stop, stopped_state;
2099 bool changing;
2100
2101 power_cond = (cmd[4] & 0xf0) >> 4;
2102 if (power_cond) {
2103 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
2104 return check_condition_result;
2105 }
2106 want_stop = !(cmd[4] & 1);
2107 stopped_state = atomic_read(&devip->stopped);
2108 if (stopped_state == 2) {
2109 ktime_t now_ts = ktime_get_boottime();
2110
2111 if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
2112 u64 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
2113
2114 if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
2115 /* tur_ms_to_ready timer extinguished */
2116 atomic_set(&devip->stopped, 0);
2117 stopped_state = 0;
2118 }
2119 }
2120 if (stopped_state == 2) {
2121 if (want_stop) {
2122 stopped_state = 1; /* dummy up success */
2123 } else { /* Disallow tur_ms_to_ready delay to be overridden */
2124 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 0 /* START bit */);
2125 return check_condition_result;
2126 }
2127 }
2128 }
2129 changing = (stopped_state != want_stop);
2130 if (changing)
2131 atomic_xchg(&devip->stopped, want_stop);
2132 if (!changing || (cmd[1] & 0x1)) /* state unchanged or IMMED bit set in cdb */
2133 return SDEG_RES_IMMED_MASK;
2134 else
2135 return 0;
2136}
2137
2138static sector_t get_sdebug_capacity(void)
2139{
2140 static const unsigned int gibibyte = 1073741824;
2141
2142 if (sdebug_virtual_gb > 0)
2143 return (sector_t)sdebug_virtual_gb *
2144 (gibibyte / sdebug_sector_size);
2145 else
2146 return sdebug_store_sectors;
2147}
2148
2149#define SDEBUG_READCAP_ARR_SZ 8
2150static int resp_readcap(struct scsi_cmnd *scp,
2151 struct sdebug_dev_info *devip)
2152{
2153 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
2154 unsigned int capac;
2155
2156 /* following just in case virtual_gb changed */
2157 sdebug_capacity = get_sdebug_capacity();
2158 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
2159 if (sdebug_capacity < 0xffffffff) {
2160 capac = (unsigned int)sdebug_capacity - 1;
2161 put_unaligned_be32(capac, arr + 0);
2162 } else
2163 put_unaligned_be32(0xffffffff, arr + 0);
2164 put_unaligned_be16(sdebug_sector_size, arr + 6);
2165 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
2166}
2167
2168#define SDEBUG_READCAP16_ARR_SZ 32
2169static int resp_readcap16(struct scsi_cmnd *scp,
2170 struct sdebug_dev_info *devip)
2171{
2172 unsigned char *cmd = scp->cmnd;
2173 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
2174 u32 alloc_len;
2175
2176 alloc_len = get_unaligned_be32(cmd + 10);
2177 /* following just in case virtual_gb changed */
2178 sdebug_capacity = get_sdebug_capacity();
2179 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
2180 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
2181 put_unaligned_be32(sdebug_sector_size, arr + 8);
2182 arr[13] = sdebug_physblk_exp & 0xf;
2183 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
2184
2185 if (scsi_debug_lbp()) {
2186 arr[14] |= 0x80; /* LBPME */
2187 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
2188 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
2189 * in the wider field maps to 0 in this field.
2190 */
2191 if (sdebug_lbprz & 1) /* precisely what the draft requires */
2192 arr[14] |= 0x40;
2193 }
2194
2195 /*
2196 * Since the scsi_debug READ CAPACITY implementation always reports the
2197 * total disk capacity, set RC BASIS = 1 for host-managed ZBC devices.
2198 */
2199 if (devip->zoned)
2200 arr[12] |= 1 << 4;
2201
2202 arr[15] = sdebug_lowest_aligned & 0xff;
2203
2204 if (have_dif_prot) {
2205 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
2206 arr[12] |= 1; /* PROT_EN */
2207 }
2208
2209 return fill_from_dev_buffer(scp, arr,
2210 min_t(u32, alloc_len, SDEBUG_READCAP16_ARR_SZ));
2211}
2212
2213#define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
2214
2215static int resp_report_tgtpgs(struct scsi_cmnd *scp,
2216 struct sdebug_dev_info *devip)
2217{
2218 unsigned char *cmd = scp->cmnd;
2219 unsigned char *arr;
2220 int host_no = devip->sdbg_host->shost->host_no;
2221 int port_group_a, port_group_b, port_a, port_b;
2222 u32 alen, n, rlen;
2223 int ret;
2224
2225 alen = get_unaligned_be32(cmd + 6);
2226 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
2227 if (! arr)
2228 return DID_REQUEUE << 16;
2229 /*
2230 * EVPD page 0x88 states we have two ports, one
2231 * real and a fake port with no device connected.
2232 * So we create two port groups with one port each
2233 * and set the group with port B to unavailable.
2234 */
2235 port_a = 0x1; /* relative port A */
2236 port_b = 0x2; /* relative port B */
2237 port_group_a = (((host_no + 1) & 0x7f) << 8) +
2238 (devip->channel & 0x7f);
2239 port_group_b = (((host_no + 1) & 0x7f) << 8) +
2240 (devip->channel & 0x7f) + 0x80;
2241
2242 /*
2243 * The asymmetric access state is cycled according to the host_id.
2244 */
2245 n = 4;
2246 if (sdebug_vpd_use_hostno == 0) {
2247 arr[n++] = host_no % 3; /* Asymm access state */
2248 arr[n++] = 0x0F; /* claim: all states are supported */
2249 } else {
2250 arr[n++] = 0x0; /* Active/Optimized path */
2251 arr[n++] = 0x01; /* only support active/optimized paths */
2252 }
2253 put_unaligned_be16(port_group_a, arr + n);
2254 n += 2;
2255 arr[n++] = 0; /* Reserved */
2256 arr[n++] = 0; /* Status code */
2257 arr[n++] = 0; /* Vendor unique */
2258 arr[n++] = 0x1; /* One port per group */
2259 arr[n++] = 0; /* Reserved */
2260 arr[n++] = 0; /* Reserved */
2261 put_unaligned_be16(port_a, arr + n);
2262 n += 2;
2263 arr[n++] = 3; /* Port unavailable */
2264 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
2265 put_unaligned_be16(port_group_b, arr + n);
2266 n += 2;
2267 arr[n++] = 0; /* Reserved */
2268 arr[n++] = 0; /* Status code */
2269 arr[n++] = 0; /* Vendor unique */
2270 arr[n++] = 0x1; /* One port per group */
2271 arr[n++] = 0; /* Reserved */
2272 arr[n++] = 0; /* Reserved */
2273 put_unaligned_be16(port_b, arr + n);
2274 n += 2;
2275
2276 rlen = n - 4;
2277 put_unaligned_be32(rlen, arr + 0);
2278
2279 /*
2280 * Return the smallest value of either
2281 * - The allocated length
2282 * - The constructed command length
2283 * - The maximum array size
2284 */
2285 rlen = min(alen, n);
2286 ret = fill_from_dev_buffer(scp, arr,
2287 min_t(u32, rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
2288 kfree(arr);
2289 return ret;
2290}
2291
2292static int resp_rsup_opcodes(struct scsi_cmnd *scp,
2293 struct sdebug_dev_info *devip)
2294{
2295 bool rctd;
2296 u8 reporting_opts, req_opcode, sdeb_i, supp;
2297 u16 req_sa, u;
2298 u32 alloc_len, a_len;
2299 int k, offset, len, errsts, count, bump, na;
2300 const struct opcode_info_t *oip;
2301 const struct opcode_info_t *r_oip;
2302 u8 *arr;
2303 u8 *cmd = scp->cmnd;
2304
2305 rctd = !!(cmd[2] & 0x80);
2306 reporting_opts = cmd[2] & 0x7;
2307 req_opcode = cmd[3];
2308 req_sa = get_unaligned_be16(cmd + 4);
2309 alloc_len = get_unaligned_be32(cmd + 6);
2310 if (alloc_len < 4 || alloc_len > 0xffff) {
2311 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2312 return check_condition_result;
2313 }
2314 if (alloc_len > 8192)
2315 a_len = 8192;
2316 else
2317 a_len = alloc_len;
2318 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
2319 if (NULL == arr) {
2320 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
2321 INSUFF_RES_ASCQ);
2322 return check_condition_result;
2323 }
2324 switch (reporting_opts) {
2325 case 0: /* all commands */
2326 /* count number of commands */
2327 for (count = 0, oip = opcode_info_arr;
2328 oip->num_attached != 0xff; ++oip) {
2329 if (F_INV_OP & oip->flags)
2330 continue;
2331 count += (oip->num_attached + 1);
2332 }
2333 bump = rctd ? 20 : 8;
2334 put_unaligned_be32(count * bump, arr);
2335 for (offset = 4, oip = opcode_info_arr;
2336 oip->num_attached != 0xff && offset < a_len; ++oip) {
2337 if (F_INV_OP & oip->flags)
2338 continue;
2339 na = oip->num_attached;
2340 arr[offset] = oip->opcode;
2341 put_unaligned_be16(oip->sa, arr + offset + 2);
2342 if (rctd)
2343 arr[offset + 5] |= 0x2;
2344 if (FF_SA & oip->flags)
2345 arr[offset + 5] |= 0x1;
2346 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
2347 if (rctd)
2348 put_unaligned_be16(0xa, arr + offset + 8);
2349 r_oip = oip;
2350 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
2351 if (F_INV_OP & oip->flags)
2352 continue;
2353 offset += bump;
2354 arr[offset] = oip->opcode;
2355 put_unaligned_be16(oip->sa, arr + offset + 2);
2356 if (rctd)
2357 arr[offset + 5] |= 0x2;
2358 if (FF_SA & oip->flags)
2359 arr[offset + 5] |= 0x1;
2360 put_unaligned_be16(oip->len_mask[0],
2361 arr + offset + 6);
2362 if (rctd)
2363 put_unaligned_be16(0xa,
2364 arr + offset + 8);
2365 }
2366 oip = r_oip;
2367 offset += bump;
2368 }
2369 break;
2370 case 1: /* one command: opcode only */
2371 case 2: /* one command: opcode plus service action */
2372 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
2373 sdeb_i = opcode_ind_arr[req_opcode];
2374 oip = &opcode_info_arr[sdeb_i];
2375 if (F_INV_OP & oip->flags) {
2376 supp = 1;
2377 offset = 4;
2378 } else {
2379 if (1 == reporting_opts) {
2380 if (FF_SA & oip->flags) {
2381 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
2382 2, 2);
2383 kfree(arr);
2384 return check_condition_result;
2385 }
2386 req_sa = 0;
2387 } else if (2 == reporting_opts &&
2388 0 == (FF_SA & oip->flags)) {
2389 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
2390 kfree(arr); /* point at requested sa */
2391 return check_condition_result;
2392 }
2393 if (0 == (FF_SA & oip->flags) &&
2394 req_opcode == oip->opcode)
2395 supp = 3;
2396 else if (0 == (FF_SA & oip->flags)) {
2397 na = oip->num_attached;
2398 for (k = 0, oip = oip->arrp; k < na;
2399 ++k, ++oip) {
2400 if (req_opcode == oip->opcode)
2401 break;
2402 }
2403 supp = (k >= na) ? 1 : 3;
2404 } else if (req_sa != oip->sa) {
2405 na = oip->num_attached;
2406 for (k = 0, oip = oip->arrp; k < na;
2407 ++k, ++oip) {
2408 if (req_sa == oip->sa)
2409 break;
2410 }
2411 supp = (k >= na) ? 1 : 3;
2412 } else
2413 supp = 3;
2414 if (3 == supp) {
2415 u = oip->len_mask[0];
2416 put_unaligned_be16(u, arr + 2);
2417 arr[4] = oip->opcode;
2418 for (k = 1; k < u; ++k)
2419 arr[4 + k] = (k < 16) ?
2420 oip->len_mask[k] : 0xff;
2421 offset = 4 + u;
2422 } else
2423 offset = 4;
2424 }
2425 arr[1] = (rctd ? 0x80 : 0) | supp;
2426 if (rctd) {
2427 put_unaligned_be16(0xa, arr + offset);
2428 offset += 12;
2429 }
2430 break;
2431 default:
2432 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
2433 kfree(arr);
2434 return check_condition_result;
2435 }
2436 offset = (offset < a_len) ? offset : a_len;
2437 len = (offset < alloc_len) ? offset : alloc_len;
2438 errsts = fill_from_dev_buffer(scp, arr, len);
2439 kfree(arr);
2440 return errsts;
2441}
2442
2443static int resp_rsup_tmfs(struct scsi_cmnd *scp,
2444 struct sdebug_dev_info *devip)
2445{
2446 bool repd;
2447 u32 alloc_len, len;
2448 u8 arr[16];
2449 u8 *cmd = scp->cmnd;
2450
2451 memset(arr, 0, sizeof(arr));
2452 repd = !!(cmd[2] & 0x80);
2453 alloc_len = get_unaligned_be32(cmd + 6);
2454 if (alloc_len < 4) {
2455 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2456 return check_condition_result;
2457 }
2458 arr[0] = 0xc8; /* ATS | ATSS | LURS */
2459 arr[1] = 0x1; /* ITNRS */
2460 if (repd) {
2461 arr[3] = 0xc;
2462 len = 16;
2463 } else
2464 len = 4;
2465
2466 len = (len < alloc_len) ? len : alloc_len;
2467 return fill_from_dev_buffer(scp, arr, len);
2468}
2469
2470/* <<Following mode page info copied from ST318451LW>> */
2471
2472static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
2473{ /* Read-Write Error Recovery page for mode_sense */
2474 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
2475 5, 0, 0xff, 0xff};
2476
2477 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
2478 if (1 == pcontrol)
2479 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
2480 return sizeof(err_recov_pg);
2481}
2482
2483static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
2484{ /* Disconnect-Reconnect page for mode_sense */
2485 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
2486 0, 0, 0, 0, 0, 0, 0, 0};
2487
2488 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
2489 if (1 == pcontrol)
2490 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
2491 return sizeof(disconnect_pg);
2492}
2493
2494static int resp_format_pg(unsigned char *p, int pcontrol, int target)
2495{ /* Format device page for mode_sense */
2496 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
2497 0, 0, 0, 0, 0, 0, 0, 0,
2498 0, 0, 0, 0, 0x40, 0, 0, 0};
2499
2500 memcpy(p, format_pg, sizeof(format_pg));
2501 put_unaligned_be16(sdebug_sectors_per, p + 10);
2502 put_unaligned_be16(sdebug_sector_size, p + 12);
2503 if (sdebug_removable)
2504 p[20] |= 0x20; /* should agree with INQUIRY */
2505 if (1 == pcontrol)
2506 memset(p + 2, 0, sizeof(format_pg) - 2);
2507 return sizeof(format_pg);
2508}
2509
2510static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2511 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
2512 0, 0, 0, 0};
2513
2514static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
2515{ /* Caching page for mode_sense */
2516 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
2517 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2518 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2519 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
2520
2521 if (SDEBUG_OPT_N_WCE & sdebug_opts)
2522 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
2523 memcpy(p, caching_pg, sizeof(caching_pg));
2524 if (1 == pcontrol)
2525 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2526 else if (2 == pcontrol)
2527 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2528 return sizeof(caching_pg);
2529}
2530
2531static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2532 0, 0, 0x2, 0x4b};
2533
2534static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2535{ /* Control mode page for mode_sense */
2536 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2537 0, 0, 0, 0};
2538 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2539 0, 0, 0x2, 0x4b};
2540
2541 if (sdebug_dsense)
2542 ctrl_m_pg[2] |= 0x4;
2543 else
2544 ctrl_m_pg[2] &= ~0x4;
2545
2546 if (sdebug_ato)
2547 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2548
2549 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2550 if (1 == pcontrol)
2551 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2552 else if (2 == pcontrol)
2553 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2554 return sizeof(ctrl_m_pg);
2555}
2556
2557
2558static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2559{ /* Informational Exceptions control mode page for mode_sense */
2560 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2561 0, 0, 0x0, 0x0};
2562 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2563 0, 0, 0x0, 0x0};
2564
2565 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2566 if (1 == pcontrol)
2567 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2568 else if (2 == pcontrol)
2569 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2570 return sizeof(iec_m_pg);
2571}
2572
2573static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2574{ /* SAS SSP mode page - short format for mode_sense */
2575 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2576 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2577
2578 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2579 if (1 == pcontrol)
2580 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2581 return sizeof(sas_sf_m_pg);
2582}
2583
2584
2585static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2586 int target_dev_id)
2587{ /* SAS phy control and discover mode page for mode_sense */
2588 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2589 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2590 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2591 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2592 0x2, 0, 0, 0, 0, 0, 0, 0,
2593 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2594 0, 0, 0, 0, 0, 0, 0, 0,
2595 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2596 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2597 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2598 0x3, 0, 0, 0, 0, 0, 0, 0,
2599 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2600 0, 0, 0, 0, 0, 0, 0, 0,
2601 };
2602 int port_a, port_b;
2603
2604 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2605 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2606 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2607 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2608 port_a = target_dev_id + 1;
2609 port_b = port_a + 1;
2610 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2611 put_unaligned_be32(port_a, p + 20);
2612 put_unaligned_be32(port_b, p + 48 + 20);
2613 if (1 == pcontrol)
2614 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2615 return sizeof(sas_pcd_m_pg);
2616}
2617
2618static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2619{ /* SAS SSP shared protocol specific port mode subpage */
2620 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2621 0, 0, 0, 0, 0, 0, 0, 0,
2622 };
2623
2624 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2625 if (1 == pcontrol)
2626 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2627 return sizeof(sas_sha_m_pg);
2628}
2629
2630#define SDEBUG_MAX_MSENSE_SZ 256
2631
2632static int resp_mode_sense(struct scsi_cmnd *scp,
2633 struct sdebug_dev_info *devip)
2634{
2635 int pcontrol, pcode, subpcode, bd_len;
2636 unsigned char dev_spec;
2637 u32 alloc_len, offset, len;
2638 int target_dev_id;
2639 int target = scp->device->id;
2640 unsigned char *ap;
2641 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2642 unsigned char *cmd = scp->cmnd;
2643 bool dbd, llbaa, msense_6, is_disk, is_zbc, bad_pcode;
2644
2645 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
2646 pcontrol = (cmd[2] & 0xc0) >> 6;
2647 pcode = cmd[2] & 0x3f;
2648 subpcode = cmd[3];
2649 msense_6 = (MODE_SENSE == cmd[0]);
2650 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2651 is_disk = (sdebug_ptype == TYPE_DISK);
2652 is_zbc = devip->zoned;
2653 if ((is_disk || is_zbc) && !dbd)
2654 bd_len = llbaa ? 16 : 8;
2655 else
2656 bd_len = 0;
2657 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2658 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2659 if (0x3 == pcontrol) { /* Saving values not supported */
2660 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2661 return check_condition_result;
2662 }
2663 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2664 (devip->target * 1000) - 3;
2665 /* for disks+zbc set DPOFUA bit and clear write protect (WP) bit */
2666 if (is_disk || is_zbc) {
2667 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
2668 if (sdebug_wp)
2669 dev_spec |= 0x80;
2670 } else
2671 dev_spec = 0x0;
2672 if (msense_6) {
2673 arr[2] = dev_spec;
2674 arr[3] = bd_len;
2675 offset = 4;
2676 } else {
2677 arr[3] = dev_spec;
2678 if (16 == bd_len)
2679 arr[4] = 0x1; /* set LONGLBA bit */
2680 arr[7] = bd_len; /* assume 255 or less */
2681 offset = 8;
2682 }
2683 ap = arr + offset;
2684 if ((bd_len > 0) && (!sdebug_capacity))
2685 sdebug_capacity = get_sdebug_capacity();
2686
2687 if (8 == bd_len) {
2688 if (sdebug_capacity > 0xfffffffe)
2689 put_unaligned_be32(0xffffffff, ap + 0);
2690 else
2691 put_unaligned_be32(sdebug_capacity, ap + 0);
2692 put_unaligned_be16(sdebug_sector_size, ap + 6);
2693 offset += bd_len;
2694 ap = arr + offset;
2695 } else if (16 == bd_len) {
2696 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2697 put_unaligned_be32(sdebug_sector_size, ap + 12);
2698 offset += bd_len;
2699 ap = arr + offset;
2700 }
2701
2702 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2703 /* TODO: Control Extension page */
2704 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2705 return check_condition_result;
2706 }
2707 bad_pcode = false;
2708
2709 switch (pcode) {
2710 case 0x1: /* Read-Write error recovery page, direct access */
2711 len = resp_err_recov_pg(ap, pcontrol, target);
2712 offset += len;
2713 break;
2714 case 0x2: /* Disconnect-Reconnect page, all devices */
2715 len = resp_disconnect_pg(ap, pcontrol, target);
2716 offset += len;
2717 break;
2718 case 0x3: /* Format device page, direct access */
2719 if (is_disk) {
2720 len = resp_format_pg(ap, pcontrol, target);
2721 offset += len;
2722 } else
2723 bad_pcode = true;
2724 break;
2725 case 0x8: /* Caching page, direct access */
2726 if (is_disk || is_zbc) {
2727 len = resp_caching_pg(ap, pcontrol, target);
2728 offset += len;
2729 } else
2730 bad_pcode = true;
2731 break;
2732 case 0xa: /* Control Mode page, all devices */
2733 len = resp_ctrl_m_pg(ap, pcontrol, target);
2734 offset += len;
2735 break;
2736 case 0x19: /* if spc==1 then sas phy, control+discover */
2737 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2738 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2739 return check_condition_result;
2740 }
2741 len = 0;
2742 if ((0x0 == subpcode) || (0xff == subpcode))
2743 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2744 if ((0x1 == subpcode) || (0xff == subpcode))
2745 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2746 target_dev_id);
2747 if ((0x2 == subpcode) || (0xff == subpcode))
2748 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2749 offset += len;
2750 break;
2751 case 0x1c: /* Informational Exceptions Mode page, all devices */
2752 len = resp_iec_m_pg(ap, pcontrol, target);
2753 offset += len;
2754 break;
2755 case 0x3f: /* Read all Mode pages */
2756 if ((0 == subpcode) || (0xff == subpcode)) {
2757 len = resp_err_recov_pg(ap, pcontrol, target);
2758 len += resp_disconnect_pg(ap + len, pcontrol, target);
2759 if (is_disk) {
2760 len += resp_format_pg(ap + len, pcontrol,
2761 target);
2762 len += resp_caching_pg(ap + len, pcontrol,
2763 target);
2764 } else if (is_zbc) {
2765 len += resp_caching_pg(ap + len, pcontrol,
2766 target);
2767 }
2768 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2769 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2770 if (0xff == subpcode) {
2771 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2772 target, target_dev_id);
2773 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2774 }
2775 len += resp_iec_m_pg(ap + len, pcontrol, target);
2776 offset += len;
2777 } else {
2778 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2779 return check_condition_result;
2780 }
2781 break;
2782 default:
2783 bad_pcode = true;
2784 break;
2785 }
2786 if (bad_pcode) {
2787 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2788 return check_condition_result;
2789 }
2790 if (msense_6)
2791 arr[0] = offset - 1;
2792 else
2793 put_unaligned_be16((offset - 2), arr + 0);
2794 return fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, offset));
2795}
2796
2797#define SDEBUG_MAX_MSELECT_SZ 512
2798
2799static int resp_mode_select(struct scsi_cmnd *scp,
2800 struct sdebug_dev_info *devip)
2801{
2802 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2803 int param_len, res, mpage;
2804 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2805 unsigned char *cmd = scp->cmnd;
2806 int mselect6 = (MODE_SELECT == cmd[0]);
2807
2808 memset(arr, 0, sizeof(arr));
2809 pf = cmd[1] & 0x10;
2810 sp = cmd[1] & 0x1;
2811 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2812 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2813 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2814 return check_condition_result;
2815 }
2816 res = fetch_to_dev_buffer(scp, arr, param_len);
2817 if (-1 == res)
2818 return DID_ERROR << 16;
2819 else if (sdebug_verbose && (res < param_len))
2820 sdev_printk(KERN_INFO, scp->device,
2821 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2822 __func__, param_len, res);
2823 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2824 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2825 off = bd_len + (mselect6 ? 4 : 8);
2826 if (md_len > 2 || off >= res) {
2827 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2828 return check_condition_result;
2829 }
2830 mpage = arr[off] & 0x3f;
2831 ps = !!(arr[off] & 0x80);
2832 if (ps) {
2833 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2834 return check_condition_result;
2835 }
2836 spf = !!(arr[off] & 0x40);
2837 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2838 (arr[off + 1] + 2);
2839 if ((pg_len + off) > param_len) {
2840 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2841 PARAMETER_LIST_LENGTH_ERR, 0);
2842 return check_condition_result;
2843 }
2844 switch (mpage) {
2845 case 0x8: /* Caching Mode page */
2846 if (caching_pg[1] == arr[off + 1]) {
2847 memcpy(caching_pg + 2, arr + off + 2,
2848 sizeof(caching_pg) - 2);
2849 goto set_mode_changed_ua;
2850 }
2851 break;
2852 case 0xa: /* Control Mode page */
2853 if (ctrl_m_pg[1] == arr[off + 1]) {
2854 memcpy(ctrl_m_pg + 2, arr + off + 2,
2855 sizeof(ctrl_m_pg) - 2);
2856 if (ctrl_m_pg[4] & 0x8)
2857 sdebug_wp = true;
2858 else
2859 sdebug_wp = false;
2860 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2861 goto set_mode_changed_ua;
2862 }
2863 break;
2864 case 0x1c: /* Informational Exceptions Mode page */
2865 if (iec_m_pg[1] == arr[off + 1]) {
2866 memcpy(iec_m_pg + 2, arr + off + 2,
2867 sizeof(iec_m_pg) - 2);
2868 goto set_mode_changed_ua;
2869 }
2870 break;
2871 default:
2872 break;
2873 }
2874 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2875 return check_condition_result;
2876set_mode_changed_ua:
2877 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2878 return 0;
2879}
2880
2881static int resp_temp_l_pg(unsigned char *arr)
2882{
2883 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2884 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2885 };
2886
2887 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2888 return sizeof(temp_l_pg);
2889}
2890
2891static int resp_ie_l_pg(unsigned char *arr)
2892{
2893 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2894 };
2895
2896 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2897 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2898 arr[4] = THRESHOLD_EXCEEDED;
2899 arr[5] = 0xff;
2900 }
2901 return sizeof(ie_l_pg);
2902}
2903
2904static int resp_env_rep_l_spg(unsigned char *arr)
2905{
2906 unsigned char env_rep_l_spg[] = {0x0, 0x0, 0x23, 0x8,
2907 0x0, 40, 72, 0xff, 45, 18, 0, 0,
2908 0x1, 0x0, 0x23, 0x8,
2909 0x0, 55, 72, 35, 55, 45, 0, 0,
2910 };
2911
2912 memcpy(arr, env_rep_l_spg, sizeof(env_rep_l_spg));
2913 return sizeof(env_rep_l_spg);
2914}
2915
2916#define SDEBUG_MAX_LSENSE_SZ 512
2917
2918static int resp_log_sense(struct scsi_cmnd *scp,
2919 struct sdebug_dev_info *devip)
2920{
2921 int ppc, sp, pcode, subpcode;
2922 u32 alloc_len, len, n;
2923 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2924 unsigned char *cmd = scp->cmnd;
2925
2926 memset(arr, 0, sizeof(arr));
2927 ppc = cmd[1] & 0x2;
2928 sp = cmd[1] & 0x1;
2929 if (ppc || sp) {
2930 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2931 return check_condition_result;
2932 }
2933 pcode = cmd[2] & 0x3f;
2934 subpcode = cmd[3] & 0xff;
2935 alloc_len = get_unaligned_be16(cmd + 7);
2936 arr[0] = pcode;
2937 if (0 == subpcode) {
2938 switch (pcode) {
2939 case 0x0: /* Supported log pages log page */
2940 n = 4;
2941 arr[n++] = 0x0; /* this page */
2942 arr[n++] = 0xd; /* Temperature */
2943 arr[n++] = 0x2f; /* Informational exceptions */
2944 arr[3] = n - 4;
2945 break;
2946 case 0xd: /* Temperature log page */
2947 arr[3] = resp_temp_l_pg(arr + 4);
2948 break;
2949 case 0x2f: /* Informational exceptions log page */
2950 arr[3] = resp_ie_l_pg(arr + 4);
2951 break;
2952 default:
2953 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2954 return check_condition_result;
2955 }
2956 } else if (0xff == subpcode) {
2957 arr[0] |= 0x40;
2958 arr[1] = subpcode;
2959 switch (pcode) {
2960 case 0x0: /* Supported log pages and subpages log page */
2961 n = 4;
2962 arr[n++] = 0x0;
2963 arr[n++] = 0x0; /* 0,0 page */
2964 arr[n++] = 0x0;
2965 arr[n++] = 0xff; /* this page */
2966 arr[n++] = 0xd;
2967 arr[n++] = 0x0; /* Temperature */
2968 arr[n++] = 0xd;
2969 arr[n++] = 0x1; /* Environment reporting */
2970 arr[n++] = 0xd;
2971 arr[n++] = 0xff; /* all 0xd subpages */
2972 arr[n++] = 0x2f;
2973 arr[n++] = 0x0; /* Informational exceptions */
2974 arr[n++] = 0x2f;
2975 arr[n++] = 0xff; /* all 0x2f subpages */
2976 arr[3] = n - 4;
2977 break;
2978 case 0xd: /* Temperature subpages */
2979 n = 4;
2980 arr[n++] = 0xd;
2981 arr[n++] = 0x0; /* Temperature */
2982 arr[n++] = 0xd;
2983 arr[n++] = 0x1; /* Environment reporting */
2984 arr[n++] = 0xd;
2985 arr[n++] = 0xff; /* these subpages */
2986 arr[3] = n - 4;
2987 break;
2988 case 0x2f: /* Informational exceptions subpages */
2989 n = 4;
2990 arr[n++] = 0x2f;
2991 arr[n++] = 0x0; /* Informational exceptions */
2992 arr[n++] = 0x2f;
2993 arr[n++] = 0xff; /* these subpages */
2994 arr[3] = n - 4;
2995 break;
2996 default:
2997 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2998 return check_condition_result;
2999 }
3000 } else if (subpcode > 0) {
3001 arr[0] |= 0x40;
3002 arr[1] = subpcode;
3003 if (pcode == 0xd && subpcode == 1)
3004 arr[3] = resp_env_rep_l_spg(arr + 4);
3005 else {
3006 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
3007 return check_condition_result;
3008 }
3009 } else {
3010 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
3011 return check_condition_result;
3012 }
3013 len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
3014 return fill_from_dev_buffer(scp, arr,
3015 min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
3016}
3017
3018static inline bool sdebug_dev_is_zoned(struct sdebug_dev_info *devip)
3019{
3020 return devip->nr_zones != 0;
3021}
3022
3023static struct sdeb_zone_state *zbc_zone(struct sdebug_dev_info *devip,
3024 unsigned long long lba)
3025{
3026 u32 zno = lba >> devip->zsize_shift;
3027 struct sdeb_zone_state *zsp;
3028
3029 if (devip->zcap == devip->zsize || zno < devip->nr_conv_zones)
3030 return &devip->zstate[zno];
3031
3032 /*
3033 * If the zone capacity is less than the zone size, adjust for gap
3034 * zones.
3035 */
3036 zno = 2 * zno - devip->nr_conv_zones;
3037 WARN_ONCE(zno >= devip->nr_zones, "%u > %u\n", zno, devip->nr_zones);
3038 zsp = &devip->zstate[zno];
3039 if (lba >= zsp->z_start + zsp->z_size)
3040 zsp++;
3041 WARN_ON_ONCE(lba >= zsp->z_start + zsp->z_size);
3042 return zsp;
3043}
3044
3045static inline bool zbc_zone_is_conv(struct sdeb_zone_state *zsp)
3046{
3047 return zsp->z_type == ZBC_ZTYPE_CNV;
3048}
3049
3050static inline bool zbc_zone_is_gap(struct sdeb_zone_state *zsp)
3051{
3052 return zsp->z_type == ZBC_ZTYPE_GAP;
3053}
3054
3055static inline bool zbc_zone_is_seq(struct sdeb_zone_state *zsp)
3056{
3057 return !zbc_zone_is_conv(zsp) && !zbc_zone_is_gap(zsp);
3058}
3059
3060static void zbc_close_zone(struct sdebug_dev_info *devip,
3061 struct sdeb_zone_state *zsp)
3062{
3063 enum sdebug_z_cond zc;
3064
3065 if (!zbc_zone_is_seq(zsp))
3066 return;
3067
3068 zc = zsp->z_cond;
3069 if (!(zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN))
3070 return;
3071
3072 if (zc == ZC2_IMPLICIT_OPEN)
3073 devip->nr_imp_open--;
3074 else
3075 devip->nr_exp_open--;
3076
3077 if (zsp->z_wp == zsp->z_start) {
3078 zsp->z_cond = ZC1_EMPTY;
3079 } else {
3080 zsp->z_cond = ZC4_CLOSED;
3081 devip->nr_closed++;
3082 }
3083}
3084
3085static void zbc_close_imp_open_zone(struct sdebug_dev_info *devip)
3086{
3087 struct sdeb_zone_state *zsp = &devip->zstate[0];
3088 unsigned int i;
3089
3090 for (i = 0; i < devip->nr_zones; i++, zsp++) {
3091 if (zsp->z_cond == ZC2_IMPLICIT_OPEN) {
3092 zbc_close_zone(devip, zsp);
3093 return;
3094 }
3095 }
3096}
3097
3098static void zbc_open_zone(struct sdebug_dev_info *devip,
3099 struct sdeb_zone_state *zsp, bool explicit)
3100{
3101 enum sdebug_z_cond zc;
3102
3103 if (!zbc_zone_is_seq(zsp))
3104 return;
3105
3106 zc = zsp->z_cond;
3107 if ((explicit && zc == ZC3_EXPLICIT_OPEN) ||
3108 (!explicit && zc == ZC2_IMPLICIT_OPEN))
3109 return;
3110
3111 /* Close an implicit open zone if necessary */
3112 if (explicit && zsp->z_cond == ZC2_IMPLICIT_OPEN)
3113 zbc_close_zone(devip, zsp);
3114 else if (devip->max_open &&
3115 devip->nr_imp_open + devip->nr_exp_open >= devip->max_open)
3116 zbc_close_imp_open_zone(devip);
3117
3118 if (zsp->z_cond == ZC4_CLOSED)
3119 devip->nr_closed--;
3120 if (explicit) {
3121 zsp->z_cond = ZC3_EXPLICIT_OPEN;
3122 devip->nr_exp_open++;
3123 } else {
3124 zsp->z_cond = ZC2_IMPLICIT_OPEN;
3125 devip->nr_imp_open++;
3126 }
3127}
3128
3129static inline void zbc_set_zone_full(struct sdebug_dev_info *devip,
3130 struct sdeb_zone_state *zsp)
3131{
3132 switch (zsp->z_cond) {
3133 case ZC2_IMPLICIT_OPEN:
3134 devip->nr_imp_open--;
3135 break;
3136 case ZC3_EXPLICIT_OPEN:
3137 devip->nr_exp_open--;
3138 break;
3139 default:
3140 WARN_ONCE(true, "Invalid zone %llu condition %x\n",
3141 zsp->z_start, zsp->z_cond);
3142 break;
3143 }
3144 zsp->z_cond = ZC5_FULL;
3145}
3146
3147static void zbc_inc_wp(struct sdebug_dev_info *devip,
3148 unsigned long long lba, unsigned int num)
3149{
3150 struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
3151 unsigned long long n, end, zend = zsp->z_start + zsp->z_size;
3152
3153 if (!zbc_zone_is_seq(zsp))
3154 return;
3155
3156 if (zsp->z_type == ZBC_ZTYPE_SWR) {
3157 zsp->z_wp += num;
3158 if (zsp->z_wp >= zend)
3159 zbc_set_zone_full(devip, zsp);
3160 return;
3161 }
3162
3163 while (num) {
3164 if (lba != zsp->z_wp)
3165 zsp->z_non_seq_resource = true;
3166
3167 end = lba + num;
3168 if (end >= zend) {
3169 n = zend - lba;
3170 zsp->z_wp = zend;
3171 } else if (end > zsp->z_wp) {
3172 n = num;
3173 zsp->z_wp = end;
3174 } else {
3175 n = num;
3176 }
3177 if (zsp->z_wp >= zend)
3178 zbc_set_zone_full(devip, zsp);
3179
3180 num -= n;
3181 lba += n;
3182 if (num) {
3183 zsp++;
3184 zend = zsp->z_start + zsp->z_size;
3185 }
3186 }
3187}
3188
3189static int check_zbc_access_params(struct scsi_cmnd *scp,
3190 unsigned long long lba, unsigned int num, bool write)
3191{
3192 struct scsi_device *sdp = scp->device;
3193 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3194 struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
3195 struct sdeb_zone_state *zsp_end = zbc_zone(devip, lba + num - 1);
3196
3197 if (!write) {
3198 /* For host-managed, reads cannot cross zone types boundaries */
3199 if (zsp->z_type != zsp_end->z_type) {
3200 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3201 LBA_OUT_OF_RANGE,
3202 READ_INVDATA_ASCQ);
3203 return check_condition_result;
3204 }
3205 return 0;
3206 }
3207
3208 /* Writing into a gap zone is not allowed */
3209 if (zbc_zone_is_gap(zsp)) {
3210 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE,
3211 ATTEMPT_ACCESS_GAP);
3212 return check_condition_result;
3213 }
3214
3215 /* No restrictions for writes within conventional zones */
3216 if (zbc_zone_is_conv(zsp)) {
3217 if (!zbc_zone_is_conv(zsp_end)) {
3218 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3219 LBA_OUT_OF_RANGE,
3220 WRITE_BOUNDARY_ASCQ);
3221 return check_condition_result;
3222 }
3223 return 0;
3224 }
3225
3226 if (zsp->z_type == ZBC_ZTYPE_SWR) {
3227 /* Writes cannot cross sequential zone boundaries */
3228 if (zsp_end != zsp) {
3229 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3230 LBA_OUT_OF_RANGE,
3231 WRITE_BOUNDARY_ASCQ);
3232 return check_condition_result;
3233 }
3234 /* Cannot write full zones */
3235 if (zsp->z_cond == ZC5_FULL) {
3236 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3237 INVALID_FIELD_IN_CDB, 0);
3238 return check_condition_result;
3239 }
3240 /* Writes must be aligned to the zone WP */
3241 if (lba != zsp->z_wp) {
3242 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3243 LBA_OUT_OF_RANGE,
3244 UNALIGNED_WRITE_ASCQ);
3245 return check_condition_result;
3246 }
3247 }
3248
3249 /* Handle implicit open of closed and empty zones */
3250 if (zsp->z_cond == ZC1_EMPTY || zsp->z_cond == ZC4_CLOSED) {
3251 if (devip->max_open &&
3252 devip->nr_exp_open >= devip->max_open) {
3253 mk_sense_buffer(scp, DATA_PROTECT,
3254 INSUFF_RES_ASC,
3255 INSUFF_ZONE_ASCQ);
3256 return check_condition_result;
3257 }
3258 zbc_open_zone(devip, zsp, false);
3259 }
3260
3261 return 0;
3262}
3263
3264static inline int check_device_access_params
3265 (struct scsi_cmnd *scp, unsigned long long lba,
3266 unsigned int num, bool write)
3267{
3268 struct scsi_device *sdp = scp->device;
3269 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3270
3271 if (lba + num > sdebug_capacity) {
3272 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3273 return check_condition_result;
3274 }
3275 /* transfer length excessive (tie in to block limits VPD page) */
3276 if (num > sdebug_store_sectors) {
3277 /* needs work to find which cdb byte 'num' comes from */
3278 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3279 return check_condition_result;
3280 }
3281 if (write && unlikely(sdebug_wp)) {
3282 mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
3283 return check_condition_result;
3284 }
3285 if (sdebug_dev_is_zoned(devip))
3286 return check_zbc_access_params(scp, lba, num, write);
3287
3288 return 0;
3289}
3290
3291/*
3292 * Note: if BUG_ON() fires it usually indicates a problem with the parser
3293 * tables. Perhaps a missing F_FAKE_RW or FF_MEDIA_IO flag. Response functions
3294 * that access any of the "stores" in struct sdeb_store_info should call this
3295 * function with bug_if_fake_rw set to true.
3296 */
3297static inline struct sdeb_store_info *devip2sip(struct sdebug_dev_info *devip,
3298 bool bug_if_fake_rw)
3299{
3300 if (sdebug_fake_rw) {
3301 BUG_ON(bug_if_fake_rw); /* See note above */
3302 return NULL;
3303 }
3304 return xa_load(per_store_ap, devip->sdbg_host->si_idx);
3305}
3306
3307/* Returns number of bytes copied or -1 if error. */
3308static int do_device_access(struct sdeb_store_info *sip, struct scsi_cmnd *scp,
3309 u32 sg_skip, u64 lba, u32 num, bool do_write)
3310{
3311 int ret;
3312 u64 block, rest = 0;
3313 enum dma_data_direction dir;
3314 struct scsi_data_buffer *sdb = &scp->sdb;
3315 u8 *fsp;
3316
3317 if (do_write) {
3318 dir = DMA_TO_DEVICE;
3319 write_since_sync = true;
3320 } else {
3321 dir = DMA_FROM_DEVICE;
3322 }
3323
3324 if (!sdb->length || !sip)
3325 return 0;
3326 if (scp->sc_data_direction != dir)
3327 return -1;
3328 fsp = sip->storep;
3329
3330 block = do_div(lba, sdebug_store_sectors);
3331 if (block + num > sdebug_store_sectors)
3332 rest = block + num - sdebug_store_sectors;
3333
3334 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
3335 fsp + (block * sdebug_sector_size),
3336 (num - rest) * sdebug_sector_size, sg_skip, do_write);
3337 if (ret != (num - rest) * sdebug_sector_size)
3338 return ret;
3339
3340 if (rest) {
3341 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
3342 fsp, rest * sdebug_sector_size,
3343 sg_skip + ((num - rest) * sdebug_sector_size),
3344 do_write);
3345 }
3346
3347 return ret;
3348}
3349
3350/* Returns number of bytes copied or -1 if error. */
3351static int do_dout_fetch(struct scsi_cmnd *scp, u32 num, u8 *doutp)
3352{
3353 struct scsi_data_buffer *sdb = &scp->sdb;
3354
3355 if (!sdb->length)
3356 return 0;
3357 if (scp->sc_data_direction != DMA_TO_DEVICE)
3358 return -1;
3359 return sg_copy_buffer(sdb->table.sgl, sdb->table.nents, doutp,
3360 num * sdebug_sector_size, 0, true);
3361}
3362
3363/* If sip->storep+lba compares equal to arr(num), then copy top half of
3364 * arr into sip->storep+lba and return true. If comparison fails then
3365 * return false. */
3366static bool comp_write_worker(struct sdeb_store_info *sip, u64 lba, u32 num,
3367 const u8 *arr, bool compare_only)
3368{
3369 bool res;
3370 u64 block, rest = 0;
3371 u32 store_blks = sdebug_store_sectors;
3372 u32 lb_size = sdebug_sector_size;
3373 u8 *fsp = sip->storep;
3374
3375 block = do_div(lba, store_blks);
3376 if (block + num > store_blks)
3377 rest = block + num - store_blks;
3378
3379 res = !memcmp(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3380 if (!res)
3381 return res;
3382 if (rest)
3383 res = memcmp(fsp, arr + ((num - rest) * lb_size),
3384 rest * lb_size);
3385 if (!res)
3386 return res;
3387 if (compare_only)
3388 return true;
3389 arr += num * lb_size;
3390 memcpy(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3391 if (rest)
3392 memcpy(fsp, arr + ((num - rest) * lb_size), rest * lb_size);
3393 return res;
3394}
3395
3396static __be16 dif_compute_csum(const void *buf, int len)
3397{
3398 __be16 csum;
3399
3400 if (sdebug_guard)
3401 csum = (__force __be16)ip_compute_csum(buf, len);
3402 else
3403 csum = cpu_to_be16(crc_t10dif(buf, len));
3404
3405 return csum;
3406}
3407
3408static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
3409 sector_t sector, u32 ei_lba)
3410{
3411 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
3412
3413 if (sdt->guard_tag != csum) {
3414 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
3415 (unsigned long)sector,
3416 be16_to_cpu(sdt->guard_tag),
3417 be16_to_cpu(csum));
3418 return 0x01;
3419 }
3420 if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
3421 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
3422 pr_err("REF check failed on sector %lu\n",
3423 (unsigned long)sector);
3424 return 0x03;
3425 }
3426 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3427 be32_to_cpu(sdt->ref_tag) != ei_lba) {
3428 pr_err("REF check failed on sector %lu\n",
3429 (unsigned long)sector);
3430 return 0x03;
3431 }
3432 return 0;
3433}
3434
3435static void dif_copy_prot(struct scsi_cmnd *scp, sector_t sector,
3436 unsigned int sectors, bool read)
3437{
3438 size_t resid;
3439 void *paddr;
3440 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3441 scp->device->hostdata, true);
3442 struct t10_pi_tuple *dif_storep = sip->dif_storep;
3443 const void *dif_store_end = dif_storep + sdebug_store_sectors;
3444 struct sg_mapping_iter miter;
3445
3446 /* Bytes of protection data to copy into sgl */
3447 resid = sectors * sizeof(*dif_storep);
3448
3449 sg_miter_start(&miter, scsi_prot_sglist(scp),
3450 scsi_prot_sg_count(scp), SG_MITER_ATOMIC |
3451 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
3452
3453 while (sg_miter_next(&miter) && resid > 0) {
3454 size_t len = min_t(size_t, miter.length, resid);
3455 void *start = dif_store(sip, sector);
3456 size_t rest = 0;
3457
3458 if (dif_store_end < start + len)
3459 rest = start + len - dif_store_end;
3460
3461 paddr = miter.addr;
3462
3463 if (read)
3464 memcpy(paddr, start, len - rest);
3465 else
3466 memcpy(start, paddr, len - rest);
3467
3468 if (rest) {
3469 if (read)
3470 memcpy(paddr + len - rest, dif_storep, rest);
3471 else
3472 memcpy(dif_storep, paddr + len - rest, rest);
3473 }
3474
3475 sector += len / sizeof(*dif_storep);
3476 resid -= len;
3477 }
3478 sg_miter_stop(&miter);
3479}
3480
3481static int prot_verify_read(struct scsi_cmnd *scp, sector_t start_sec,
3482 unsigned int sectors, u32 ei_lba)
3483{
3484 int ret = 0;
3485 unsigned int i;
3486 sector_t sector;
3487 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3488 scp->device->hostdata, true);
3489 struct t10_pi_tuple *sdt;
3490
3491 for (i = 0; i < sectors; i++, ei_lba++) {
3492 sector = start_sec + i;
3493 sdt = dif_store(sip, sector);
3494
3495 if (sdt->app_tag == cpu_to_be16(0xffff))
3496 continue;
3497
3498 /*
3499 * Because scsi_debug acts as both initiator and
3500 * target we proceed to verify the PI even if
3501 * RDPROTECT=3. This is done so the "initiator" knows
3502 * which type of error to return. Otherwise we would
3503 * have to iterate over the PI twice.
3504 */
3505 if (scp->cmnd[1] >> 5) { /* RDPROTECT */
3506 ret = dif_verify(sdt, lba2fake_store(sip, sector),
3507 sector, ei_lba);
3508 if (ret) {
3509 dif_errors++;
3510 break;
3511 }
3512 }
3513 }
3514
3515 dif_copy_prot(scp, start_sec, sectors, true);
3516 dix_reads++;
3517
3518 return ret;
3519}
3520
3521static inline void
3522sdeb_read_lock(struct sdeb_store_info *sip)
3523{
3524 if (sdebug_no_rwlock) {
3525 if (sip)
3526 __acquire(&sip->macc_lck);
3527 else
3528 __acquire(&sdeb_fake_rw_lck);
3529 } else {
3530 if (sip)
3531 read_lock(&sip->macc_lck);
3532 else
3533 read_lock(&sdeb_fake_rw_lck);
3534 }
3535}
3536
3537static inline void
3538sdeb_read_unlock(struct sdeb_store_info *sip)
3539{
3540 if (sdebug_no_rwlock) {
3541 if (sip)
3542 __release(&sip->macc_lck);
3543 else
3544 __release(&sdeb_fake_rw_lck);
3545 } else {
3546 if (sip)
3547 read_unlock(&sip->macc_lck);
3548 else
3549 read_unlock(&sdeb_fake_rw_lck);
3550 }
3551}
3552
3553static inline void
3554sdeb_write_lock(struct sdeb_store_info *sip)
3555{
3556 if (sdebug_no_rwlock) {
3557 if (sip)
3558 __acquire(&sip->macc_lck);
3559 else
3560 __acquire(&sdeb_fake_rw_lck);
3561 } else {
3562 if (sip)
3563 write_lock(&sip->macc_lck);
3564 else
3565 write_lock(&sdeb_fake_rw_lck);
3566 }
3567}
3568
3569static inline void
3570sdeb_write_unlock(struct sdeb_store_info *sip)
3571{
3572 if (sdebug_no_rwlock) {
3573 if (sip)
3574 __release(&sip->macc_lck);
3575 else
3576 __release(&sdeb_fake_rw_lck);
3577 } else {
3578 if (sip)
3579 write_unlock(&sip->macc_lck);
3580 else
3581 write_unlock(&sdeb_fake_rw_lck);
3582 }
3583}
3584
3585static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3586{
3587 bool check_prot;
3588 u32 num;
3589 u32 ei_lba;
3590 int ret;
3591 u64 lba;
3592 struct sdeb_store_info *sip = devip2sip(devip, true);
3593 u8 *cmd = scp->cmnd;
3594
3595 switch (cmd[0]) {
3596 case READ_16:
3597 ei_lba = 0;
3598 lba = get_unaligned_be64(cmd + 2);
3599 num = get_unaligned_be32(cmd + 10);
3600 check_prot = true;
3601 break;
3602 case READ_10:
3603 ei_lba = 0;
3604 lba = get_unaligned_be32(cmd + 2);
3605 num = get_unaligned_be16(cmd + 7);
3606 check_prot = true;
3607 break;
3608 case READ_6:
3609 ei_lba = 0;
3610 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3611 (u32)(cmd[1] & 0x1f) << 16;
3612 num = (0 == cmd[4]) ? 256 : cmd[4];
3613 check_prot = true;
3614 break;
3615 case READ_12:
3616 ei_lba = 0;
3617 lba = get_unaligned_be32(cmd + 2);
3618 num = get_unaligned_be32(cmd + 6);
3619 check_prot = true;
3620 break;
3621 case XDWRITEREAD_10:
3622 ei_lba = 0;
3623 lba = get_unaligned_be32(cmd + 2);
3624 num = get_unaligned_be16(cmd + 7);
3625 check_prot = false;
3626 break;
3627 default: /* assume READ(32) */
3628 lba = get_unaligned_be64(cmd + 12);
3629 ei_lba = get_unaligned_be32(cmd + 20);
3630 num = get_unaligned_be32(cmd + 28);
3631 check_prot = false;
3632 break;
3633 }
3634 if (unlikely(have_dif_prot && check_prot)) {
3635 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3636 (cmd[1] & 0xe0)) {
3637 mk_sense_invalid_opcode(scp);
3638 return check_condition_result;
3639 }
3640 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3641 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3642 (cmd[1] & 0xe0) == 0)
3643 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
3644 "to DIF device\n");
3645 }
3646 if (unlikely((sdebug_opts & SDEBUG_OPT_SHORT_TRANSFER) &&
3647 atomic_read(&sdeb_inject_pending))) {
3648 num /= 2;
3649 atomic_set(&sdeb_inject_pending, 0);
3650 }
3651
3652 ret = check_device_access_params(scp, lba, num, false);
3653 if (ret)
3654 return ret;
3655 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
3656 (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
3657 ((lba + num) > sdebug_medium_error_start))) {
3658 /* claim unrecoverable read error */
3659 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
3660 /* set info field and valid bit for fixed descriptor */
3661 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
3662 scp->sense_buffer[0] |= 0x80; /* Valid bit */
3663 ret = (lba < OPT_MEDIUM_ERR_ADDR)
3664 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
3665 put_unaligned_be32(ret, scp->sense_buffer + 3);
3666 }
3667 scsi_set_resid(scp, scsi_bufflen(scp));
3668 return check_condition_result;
3669 }
3670
3671 sdeb_read_lock(sip);
3672
3673 /* DIX + T10 DIF */
3674 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3675 switch (prot_verify_read(scp, lba, num, ei_lba)) {
3676 case 1: /* Guard tag error */
3677 if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3678 sdeb_read_unlock(sip);
3679 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3680 return check_condition_result;
3681 } else if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
3682 sdeb_read_unlock(sip);
3683 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3684 return illegal_condition_result;
3685 }
3686 break;
3687 case 3: /* Reference tag error */
3688 if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3689 sdeb_read_unlock(sip);
3690 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
3691 return check_condition_result;
3692 } else if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
3693 sdeb_read_unlock(sip);
3694 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
3695 return illegal_condition_result;
3696 }
3697 break;
3698 }
3699 }
3700
3701 ret = do_device_access(sip, scp, 0, lba, num, false);
3702 sdeb_read_unlock(sip);
3703 if (unlikely(ret == -1))
3704 return DID_ERROR << 16;
3705
3706 scsi_set_resid(scp, scsi_bufflen(scp) - ret);
3707
3708 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3709 atomic_read(&sdeb_inject_pending))) {
3710 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3711 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3712 atomic_set(&sdeb_inject_pending, 0);
3713 return check_condition_result;
3714 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3715 /* Logical block guard check failed */
3716 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3717 atomic_set(&sdeb_inject_pending, 0);
3718 return illegal_condition_result;
3719 } else if (SDEBUG_OPT_DIX_ERR & sdebug_opts) {
3720 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3721 atomic_set(&sdeb_inject_pending, 0);
3722 return illegal_condition_result;
3723 }
3724 }
3725 return 0;
3726}
3727
3728static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
3729 unsigned int sectors, u32 ei_lba)
3730{
3731 int ret;
3732 struct t10_pi_tuple *sdt;
3733 void *daddr;
3734 sector_t sector = start_sec;
3735 int ppage_offset;
3736 int dpage_offset;
3737 struct sg_mapping_iter diter;
3738 struct sg_mapping_iter piter;
3739
3740 BUG_ON(scsi_sg_count(SCpnt) == 0);
3741 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
3742
3743 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
3744 scsi_prot_sg_count(SCpnt),
3745 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3746 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
3747 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3748
3749 /* For each protection page */
3750 while (sg_miter_next(&piter)) {
3751 dpage_offset = 0;
3752 if (WARN_ON(!sg_miter_next(&diter))) {
3753 ret = 0x01;
3754 goto out;
3755 }
3756
3757 for (ppage_offset = 0; ppage_offset < piter.length;
3758 ppage_offset += sizeof(struct t10_pi_tuple)) {
3759 /* If we're at the end of the current
3760 * data page advance to the next one
3761 */
3762 if (dpage_offset >= diter.length) {
3763 if (WARN_ON(!sg_miter_next(&diter))) {
3764 ret = 0x01;
3765 goto out;
3766 }
3767 dpage_offset = 0;
3768 }
3769
3770 sdt = piter.addr + ppage_offset;
3771 daddr = diter.addr + dpage_offset;
3772
3773 if (SCpnt->cmnd[1] >> 5 != 3) { /* WRPROTECT */
3774 ret = dif_verify(sdt, daddr, sector, ei_lba);
3775 if (ret)
3776 goto out;
3777 }
3778
3779 sector++;
3780 ei_lba++;
3781 dpage_offset += sdebug_sector_size;
3782 }
3783 diter.consumed = dpage_offset;
3784 sg_miter_stop(&diter);
3785 }
3786 sg_miter_stop(&piter);
3787
3788 dif_copy_prot(SCpnt, start_sec, sectors, false);
3789 dix_writes++;
3790
3791 return 0;
3792
3793out:
3794 dif_errors++;
3795 sg_miter_stop(&diter);
3796 sg_miter_stop(&piter);
3797 return ret;
3798}
3799
3800static unsigned long lba_to_map_index(sector_t lba)
3801{
3802 if (sdebug_unmap_alignment)
3803 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
3804 sector_div(lba, sdebug_unmap_granularity);
3805 return lba;
3806}
3807
3808static sector_t map_index_to_lba(unsigned long index)
3809{
3810 sector_t lba = index * sdebug_unmap_granularity;
3811
3812 if (sdebug_unmap_alignment)
3813 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
3814 return lba;
3815}
3816
3817static unsigned int map_state(struct sdeb_store_info *sip, sector_t lba,
3818 unsigned int *num)
3819{
3820 sector_t end;
3821 unsigned int mapped;
3822 unsigned long index;
3823 unsigned long next;
3824
3825 index = lba_to_map_index(lba);
3826 mapped = test_bit(index, sip->map_storep);
3827
3828 if (mapped)
3829 next = find_next_zero_bit(sip->map_storep, map_size, index);
3830 else
3831 next = find_next_bit(sip->map_storep, map_size, index);
3832
3833 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
3834 *num = end - lba;
3835 return mapped;
3836}
3837
3838static void map_region(struct sdeb_store_info *sip, sector_t lba,
3839 unsigned int len)
3840{
3841 sector_t end = lba + len;
3842
3843 while (lba < end) {
3844 unsigned long index = lba_to_map_index(lba);
3845
3846 if (index < map_size)
3847 set_bit(index, sip->map_storep);
3848
3849 lba = map_index_to_lba(index + 1);
3850 }
3851}
3852
3853static void unmap_region(struct sdeb_store_info *sip, sector_t lba,
3854 unsigned int len)
3855{
3856 sector_t end = lba + len;
3857 u8 *fsp = sip->storep;
3858
3859 while (lba < end) {
3860 unsigned long index = lba_to_map_index(lba);
3861
3862 if (lba == map_index_to_lba(index) &&
3863 lba + sdebug_unmap_granularity <= end &&
3864 index < map_size) {
3865 clear_bit(index, sip->map_storep);
3866 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
3867 memset(fsp + lba * sdebug_sector_size,
3868 (sdebug_lbprz & 1) ? 0 : 0xff,
3869 sdebug_sector_size *
3870 sdebug_unmap_granularity);
3871 }
3872 if (sip->dif_storep) {
3873 memset(sip->dif_storep + lba, 0xff,
3874 sizeof(*sip->dif_storep) *
3875 sdebug_unmap_granularity);
3876 }
3877 }
3878 lba = map_index_to_lba(index + 1);
3879 }
3880}
3881
3882static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3883{
3884 bool check_prot;
3885 u32 num;
3886 u32 ei_lba;
3887 int ret;
3888 u64 lba;
3889 struct sdeb_store_info *sip = devip2sip(devip, true);
3890 u8 *cmd = scp->cmnd;
3891
3892 switch (cmd[0]) {
3893 case WRITE_16:
3894 ei_lba = 0;
3895 lba = get_unaligned_be64(cmd + 2);
3896 num = get_unaligned_be32(cmd + 10);
3897 check_prot = true;
3898 break;
3899 case WRITE_10:
3900 ei_lba = 0;
3901 lba = get_unaligned_be32(cmd + 2);
3902 num = get_unaligned_be16(cmd + 7);
3903 check_prot = true;
3904 break;
3905 case WRITE_6:
3906 ei_lba = 0;
3907 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3908 (u32)(cmd[1] & 0x1f) << 16;
3909 num = (0 == cmd[4]) ? 256 : cmd[4];
3910 check_prot = true;
3911 break;
3912 case WRITE_12:
3913 ei_lba = 0;
3914 lba = get_unaligned_be32(cmd + 2);
3915 num = get_unaligned_be32(cmd + 6);
3916 check_prot = true;
3917 break;
3918 case 0x53: /* XDWRITEREAD(10) */
3919 ei_lba = 0;
3920 lba = get_unaligned_be32(cmd + 2);
3921 num = get_unaligned_be16(cmd + 7);
3922 check_prot = false;
3923 break;
3924 default: /* assume WRITE(32) */
3925 lba = get_unaligned_be64(cmd + 12);
3926 ei_lba = get_unaligned_be32(cmd + 20);
3927 num = get_unaligned_be32(cmd + 28);
3928 check_prot = false;
3929 break;
3930 }
3931 if (unlikely(have_dif_prot && check_prot)) {
3932 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3933 (cmd[1] & 0xe0)) {
3934 mk_sense_invalid_opcode(scp);
3935 return check_condition_result;
3936 }
3937 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3938 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3939 (cmd[1] & 0xe0) == 0)
3940 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3941 "to DIF device\n");
3942 }
3943
3944 sdeb_write_lock(sip);
3945 ret = check_device_access_params(scp, lba, num, true);
3946 if (ret) {
3947 sdeb_write_unlock(sip);
3948 return ret;
3949 }
3950
3951 /* DIX + T10 DIF */
3952 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3953 switch (prot_verify_write(scp, lba, num, ei_lba)) {
3954 case 1: /* Guard tag error */
3955 if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
3956 sdeb_write_unlock(sip);
3957 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3958 return illegal_condition_result;
3959 } else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
3960 sdeb_write_unlock(sip);
3961 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3962 return check_condition_result;
3963 }
3964 break;
3965 case 3: /* Reference tag error */
3966 if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
3967 sdeb_write_unlock(sip);
3968 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
3969 return illegal_condition_result;
3970 } else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
3971 sdeb_write_unlock(sip);
3972 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
3973 return check_condition_result;
3974 }
3975 break;
3976 }
3977 }
3978
3979 ret = do_device_access(sip, scp, 0, lba, num, true);
3980 if (unlikely(scsi_debug_lbp()))
3981 map_region(sip, lba, num);
3982 /* If ZBC zone then bump its write pointer */
3983 if (sdebug_dev_is_zoned(devip))
3984 zbc_inc_wp(devip, lba, num);
3985 sdeb_write_unlock(sip);
3986 if (unlikely(-1 == ret))
3987 return DID_ERROR << 16;
3988 else if (unlikely(sdebug_verbose &&
3989 (ret < (num * sdebug_sector_size))))
3990 sdev_printk(KERN_INFO, scp->device,
3991 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3992 my_name, num * sdebug_sector_size, ret);
3993
3994 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3995 atomic_read(&sdeb_inject_pending))) {
3996 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3997 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3998 atomic_set(&sdeb_inject_pending, 0);
3999 return check_condition_result;
4000 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
4001 /* Logical block guard check failed */
4002 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4003 atomic_set(&sdeb_inject_pending, 0);
4004 return illegal_condition_result;
4005 } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
4006 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4007 atomic_set(&sdeb_inject_pending, 0);
4008 return illegal_condition_result;
4009 }
4010 }
4011 return 0;
4012}
4013
4014/*
4015 * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
4016 * No READ GATHERED yet (requires bidi or long cdb holding gather list).
4017 */
4018static int resp_write_scat(struct scsi_cmnd *scp,
4019 struct sdebug_dev_info *devip)
4020{
4021 u8 *cmd = scp->cmnd;
4022 u8 *lrdp = NULL;
4023 u8 *up;
4024 struct sdeb_store_info *sip = devip2sip(devip, true);
4025 u8 wrprotect;
4026 u16 lbdof, num_lrd, k;
4027 u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
4028 u32 lb_size = sdebug_sector_size;
4029 u32 ei_lba;
4030 u64 lba;
4031 int ret, res;
4032 bool is_16;
4033 static const u32 lrd_size = 32; /* + parameter list header size */
4034
4035 if (cmd[0] == VARIABLE_LENGTH_CMD) {
4036 is_16 = false;
4037 wrprotect = (cmd[10] >> 5) & 0x7;
4038 lbdof = get_unaligned_be16(cmd + 12);
4039 num_lrd = get_unaligned_be16(cmd + 16);
4040 bt_len = get_unaligned_be32(cmd + 28);
4041 } else { /* that leaves WRITE SCATTERED(16) */
4042 is_16 = true;
4043 wrprotect = (cmd[2] >> 5) & 0x7;
4044 lbdof = get_unaligned_be16(cmd + 4);
4045 num_lrd = get_unaligned_be16(cmd + 8);
4046 bt_len = get_unaligned_be32(cmd + 10);
4047 if (unlikely(have_dif_prot)) {
4048 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4049 wrprotect) {
4050 mk_sense_invalid_opcode(scp);
4051 return illegal_condition_result;
4052 }
4053 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4054 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4055 wrprotect == 0)
4056 sdev_printk(KERN_ERR, scp->device,
4057 "Unprotected WR to DIF device\n");
4058 }
4059 }
4060 if ((num_lrd == 0) || (bt_len == 0))
4061 return 0; /* T10 says these do-nothings are not errors */
4062 if (lbdof == 0) {
4063 if (sdebug_verbose)
4064 sdev_printk(KERN_INFO, scp->device,
4065 "%s: %s: LB Data Offset field bad\n",
4066 my_name, __func__);
4067 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4068 return illegal_condition_result;
4069 }
4070 lbdof_blen = lbdof * lb_size;
4071 if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
4072 if (sdebug_verbose)
4073 sdev_printk(KERN_INFO, scp->device,
4074 "%s: %s: LBA range descriptors don't fit\n",
4075 my_name, __func__);
4076 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4077 return illegal_condition_result;
4078 }
4079 lrdp = kzalloc(lbdof_blen, GFP_ATOMIC | __GFP_NOWARN);
4080 if (lrdp == NULL)
4081 return SCSI_MLQUEUE_HOST_BUSY;
4082 if (sdebug_verbose)
4083 sdev_printk(KERN_INFO, scp->device,
4084 "%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
4085 my_name, __func__, lbdof_blen);
4086 res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
4087 if (res == -1) {
4088 ret = DID_ERROR << 16;
4089 goto err_out;
4090 }
4091
4092 sdeb_write_lock(sip);
4093 sg_off = lbdof_blen;
4094 /* Spec says Buffer xfer Length field in number of LBs in dout */
4095 cum_lb = 0;
4096 for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
4097 lba = get_unaligned_be64(up + 0);
4098 num = get_unaligned_be32(up + 8);
4099 if (sdebug_verbose)
4100 sdev_printk(KERN_INFO, scp->device,
4101 "%s: %s: k=%d LBA=0x%llx num=%u sg_off=%u\n",
4102 my_name, __func__, k, lba, num, sg_off);
4103 if (num == 0)
4104 continue;
4105 ret = check_device_access_params(scp, lba, num, true);
4106 if (ret)
4107 goto err_out_unlock;
4108 num_by = num * lb_size;
4109 ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
4110
4111 if ((cum_lb + num) > bt_len) {
4112 if (sdebug_verbose)
4113 sdev_printk(KERN_INFO, scp->device,
4114 "%s: %s: sum of blocks > data provided\n",
4115 my_name, __func__);
4116 mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
4117 0);
4118 ret = illegal_condition_result;
4119 goto err_out_unlock;
4120 }
4121
4122 /* DIX + T10 DIF */
4123 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
4124 int prot_ret = prot_verify_write(scp, lba, num,
4125 ei_lba);
4126
4127 if (prot_ret) {
4128 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
4129 prot_ret);
4130 ret = illegal_condition_result;
4131 goto err_out_unlock;
4132 }
4133 }
4134
4135 ret = do_device_access(sip, scp, sg_off, lba, num, true);
4136 /* If ZBC zone then bump its write pointer */
4137 if (sdebug_dev_is_zoned(devip))
4138 zbc_inc_wp(devip, lba, num);
4139 if (unlikely(scsi_debug_lbp()))
4140 map_region(sip, lba, num);
4141 if (unlikely(-1 == ret)) {
4142 ret = DID_ERROR << 16;
4143 goto err_out_unlock;
4144 } else if (unlikely(sdebug_verbose && (ret < num_by)))
4145 sdev_printk(KERN_INFO, scp->device,
4146 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
4147 my_name, num_by, ret);
4148
4149 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
4150 atomic_read(&sdeb_inject_pending))) {
4151 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
4152 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
4153 atomic_set(&sdeb_inject_pending, 0);
4154 ret = check_condition_result;
4155 goto err_out_unlock;
4156 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
4157 /* Logical block guard check failed */
4158 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4159 atomic_set(&sdeb_inject_pending, 0);
4160 ret = illegal_condition_result;
4161 goto err_out_unlock;
4162 } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
4163 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4164 atomic_set(&sdeb_inject_pending, 0);
4165 ret = illegal_condition_result;
4166 goto err_out_unlock;
4167 }
4168 }
4169 sg_off += num_by;
4170 cum_lb += num;
4171 }
4172 ret = 0;
4173err_out_unlock:
4174 sdeb_write_unlock(sip);
4175err_out:
4176 kfree(lrdp);
4177 return ret;
4178}
4179
4180static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
4181 u32 ei_lba, bool unmap, bool ndob)
4182{
4183 struct scsi_device *sdp = scp->device;
4184 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
4185 unsigned long long i;
4186 u64 block, lbaa;
4187 u32 lb_size = sdebug_sector_size;
4188 int ret;
4189 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
4190 scp->device->hostdata, true);
4191 u8 *fs1p;
4192 u8 *fsp;
4193
4194 sdeb_write_lock(sip);
4195
4196 ret = check_device_access_params(scp, lba, num, true);
4197 if (ret) {
4198 sdeb_write_unlock(sip);
4199 return ret;
4200 }
4201
4202 if (unmap && scsi_debug_lbp()) {
4203 unmap_region(sip, lba, num);
4204 goto out;
4205 }
4206 lbaa = lba;
4207 block = do_div(lbaa, sdebug_store_sectors);
4208 /* if ndob then zero 1 logical block, else fetch 1 logical block */
4209 fsp = sip->storep;
4210 fs1p = fsp + (block * lb_size);
4211 if (ndob) {
4212 memset(fs1p, 0, lb_size);
4213 ret = 0;
4214 } else
4215 ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
4216
4217 if (-1 == ret) {
4218 sdeb_write_unlock(sip);
4219 return DID_ERROR << 16;
4220 } else if (sdebug_verbose && !ndob && (ret < lb_size))
4221 sdev_printk(KERN_INFO, scp->device,
4222 "%s: %s: lb size=%u, IO sent=%d bytes\n",
4223 my_name, "write same", lb_size, ret);
4224
4225 /* Copy first sector to remaining blocks */
4226 for (i = 1 ; i < num ; i++) {
4227 lbaa = lba + i;
4228 block = do_div(lbaa, sdebug_store_sectors);
4229 memmove(fsp + (block * lb_size), fs1p, lb_size);
4230 }
4231 if (scsi_debug_lbp())
4232 map_region(sip, lba, num);
4233 /* If ZBC zone then bump its write pointer */
4234 if (sdebug_dev_is_zoned(devip))
4235 zbc_inc_wp(devip, lba, num);
4236out:
4237 sdeb_write_unlock(sip);
4238
4239 return 0;
4240}
4241
4242static int resp_write_same_10(struct scsi_cmnd *scp,
4243 struct sdebug_dev_info *devip)
4244{
4245 u8 *cmd = scp->cmnd;
4246 u32 lba;
4247 u16 num;
4248 u32 ei_lba = 0;
4249 bool unmap = false;
4250
4251 if (cmd[1] & 0x8) {
4252 if (sdebug_lbpws10 == 0) {
4253 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
4254 return check_condition_result;
4255 } else
4256 unmap = true;
4257 }
4258 lba = get_unaligned_be32(cmd + 2);
4259 num = get_unaligned_be16(cmd + 7);
4260 if (num > sdebug_write_same_length) {
4261 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
4262 return check_condition_result;
4263 }
4264 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
4265}
4266
4267static int resp_write_same_16(struct scsi_cmnd *scp,
4268 struct sdebug_dev_info *devip)
4269{
4270 u8 *cmd = scp->cmnd;
4271 u64 lba;
4272 u32 num;
4273 u32 ei_lba = 0;
4274 bool unmap = false;
4275 bool ndob = false;
4276
4277 if (cmd[1] & 0x8) { /* UNMAP */
4278 if (sdebug_lbpws == 0) {
4279 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
4280 return check_condition_result;
4281 } else
4282 unmap = true;
4283 }
4284 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
4285 ndob = true;
4286 lba = get_unaligned_be64(cmd + 2);
4287 num = get_unaligned_be32(cmd + 10);
4288 if (num > sdebug_write_same_length) {
4289 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
4290 return check_condition_result;
4291 }
4292 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
4293}
4294
4295/* Note the mode field is in the same position as the (lower) service action
4296 * field. For the Report supported operation codes command, SPC-4 suggests
4297 * each mode of this command should be reported separately; for future. */
4298static int resp_write_buffer(struct scsi_cmnd *scp,
4299 struct sdebug_dev_info *devip)
4300{
4301 u8 *cmd = scp->cmnd;
4302 struct scsi_device *sdp = scp->device;
4303 struct sdebug_dev_info *dp;
4304 u8 mode;
4305
4306 mode = cmd[1] & 0x1f;
4307 switch (mode) {
4308 case 0x4: /* download microcode (MC) and activate (ACT) */
4309 /* set UAs on this device only */
4310 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4311 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
4312 break;
4313 case 0x5: /* download MC, save and ACT */
4314 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
4315 break;
4316 case 0x6: /* download MC with offsets and ACT */
4317 /* set UAs on most devices (LUs) in this target */
4318 list_for_each_entry(dp,
4319 &devip->sdbg_host->dev_info_list,
4320 dev_list)
4321 if (dp->target == sdp->id) {
4322 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
4323 if (devip != dp)
4324 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
4325 dp->uas_bm);
4326 }
4327 break;
4328 case 0x7: /* download MC with offsets, save, and ACT */
4329 /* set UA on all devices (LUs) in this target */
4330 list_for_each_entry(dp,
4331 &devip->sdbg_host->dev_info_list,
4332 dev_list)
4333 if (dp->target == sdp->id)
4334 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
4335 dp->uas_bm);
4336 break;
4337 default:
4338 /* do nothing for this command for other mode values */
4339 break;
4340 }
4341 return 0;
4342}
4343
4344static int resp_comp_write(struct scsi_cmnd *scp,
4345 struct sdebug_dev_info *devip)
4346{
4347 u8 *cmd = scp->cmnd;
4348 u8 *arr;
4349 struct sdeb_store_info *sip = devip2sip(devip, true);
4350 u64 lba;
4351 u32 dnum;
4352 u32 lb_size = sdebug_sector_size;
4353 u8 num;
4354 int ret;
4355 int retval = 0;
4356
4357 lba = get_unaligned_be64(cmd + 2);
4358 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
4359 if (0 == num)
4360 return 0; /* degenerate case, not an error */
4361 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4362 (cmd[1] & 0xe0)) {
4363 mk_sense_invalid_opcode(scp);
4364 return check_condition_result;
4365 }
4366 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4367 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4368 (cmd[1] & 0xe0) == 0)
4369 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
4370 "to DIF device\n");
4371 ret = check_device_access_params(scp, lba, num, false);
4372 if (ret)
4373 return ret;
4374 dnum = 2 * num;
4375 arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
4376 if (NULL == arr) {
4377 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4378 INSUFF_RES_ASCQ);
4379 return check_condition_result;
4380 }
4381
4382 sdeb_write_lock(sip);
4383
4384 ret = do_dout_fetch(scp, dnum, arr);
4385 if (ret == -1) {
4386 retval = DID_ERROR << 16;
4387 goto cleanup;
4388 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
4389 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
4390 "indicated=%u, IO sent=%d bytes\n", my_name,
4391 dnum * lb_size, ret);
4392 if (!comp_write_worker(sip, lba, num, arr, false)) {
4393 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4394 retval = check_condition_result;
4395 goto cleanup;
4396 }
4397 if (scsi_debug_lbp())
4398 map_region(sip, lba, num);
4399cleanup:
4400 sdeb_write_unlock(sip);
4401 kfree(arr);
4402 return retval;
4403}
4404
4405struct unmap_block_desc {
4406 __be64 lba;
4407 __be32 blocks;
4408 __be32 __reserved;
4409};
4410
4411static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4412{
4413 unsigned char *buf;
4414 struct unmap_block_desc *desc;
4415 struct sdeb_store_info *sip = devip2sip(devip, true);
4416 unsigned int i, payload_len, descriptors;
4417 int ret;
4418
4419 if (!scsi_debug_lbp())
4420 return 0; /* fib and say its done */
4421 payload_len = get_unaligned_be16(scp->cmnd + 7);
4422 BUG_ON(scsi_bufflen(scp) != payload_len);
4423
4424 descriptors = (payload_len - 8) / 16;
4425 if (descriptors > sdebug_unmap_max_desc) {
4426 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
4427 return check_condition_result;
4428 }
4429
4430 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
4431 if (!buf) {
4432 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4433 INSUFF_RES_ASCQ);
4434 return check_condition_result;
4435 }
4436
4437 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
4438
4439 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
4440 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
4441
4442 desc = (void *)&buf[8];
4443
4444 sdeb_write_lock(sip);
4445
4446 for (i = 0 ; i < descriptors ; i++) {
4447 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
4448 unsigned int num = get_unaligned_be32(&desc[i].blocks);
4449
4450 ret = check_device_access_params(scp, lba, num, true);
4451 if (ret)
4452 goto out;
4453
4454 unmap_region(sip, lba, num);
4455 }
4456
4457 ret = 0;
4458
4459out:
4460 sdeb_write_unlock(sip);
4461 kfree(buf);
4462
4463 return ret;
4464}
4465
4466#define SDEBUG_GET_LBA_STATUS_LEN 32
4467
4468static int resp_get_lba_status(struct scsi_cmnd *scp,
4469 struct sdebug_dev_info *devip)
4470{
4471 u8 *cmd = scp->cmnd;
4472 u64 lba;
4473 u32 alloc_len, mapped, num;
4474 int ret;
4475 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
4476
4477 lba = get_unaligned_be64(cmd + 2);
4478 alloc_len = get_unaligned_be32(cmd + 10);
4479
4480 if (alloc_len < 24)
4481 return 0;
4482
4483 ret = check_device_access_params(scp, lba, 1, false);
4484 if (ret)
4485 return ret;
4486
4487 if (scsi_debug_lbp()) {
4488 struct sdeb_store_info *sip = devip2sip(devip, true);
4489
4490 mapped = map_state(sip, lba, &num);
4491 } else {
4492 mapped = 1;
4493 /* following just in case virtual_gb changed */
4494 sdebug_capacity = get_sdebug_capacity();
4495 if (sdebug_capacity - lba <= 0xffffffff)
4496 num = sdebug_capacity - lba;
4497 else
4498 num = 0xffffffff;
4499 }
4500
4501 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
4502 put_unaligned_be32(20, arr); /* Parameter Data Length */
4503 put_unaligned_be64(lba, arr + 8); /* LBA */
4504 put_unaligned_be32(num, arr + 16); /* Number of blocks */
4505 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
4506
4507 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
4508}
4509
4510static int resp_sync_cache(struct scsi_cmnd *scp,
4511 struct sdebug_dev_info *devip)
4512{
4513 int res = 0;
4514 u64 lba;
4515 u32 num_blocks;
4516 u8 *cmd = scp->cmnd;
4517
4518 if (cmd[0] == SYNCHRONIZE_CACHE) { /* 10 byte cdb */
4519 lba = get_unaligned_be32(cmd + 2);
4520 num_blocks = get_unaligned_be16(cmd + 7);
4521 } else { /* SYNCHRONIZE_CACHE(16) */
4522 lba = get_unaligned_be64(cmd + 2);
4523 num_blocks = get_unaligned_be32(cmd + 10);
4524 }
4525 if (lba + num_blocks > sdebug_capacity) {
4526 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4527 return check_condition_result;
4528 }
4529 if (!write_since_sync || (cmd[1] & 0x2))
4530 res = SDEG_RES_IMMED_MASK;
4531 else /* delay if write_since_sync and IMMED clear */
4532 write_since_sync = false;
4533 return res;
4534}
4535
4536/*
4537 * Assuming the LBA+num_blocks is not out-of-range, this function will return
4538 * CONDITION MET if the specified blocks will/have fitted in the cache, and
4539 * a GOOD status otherwise. Model a disk with a big cache and yield
4540 * CONDITION MET. Actually tries to bring range in main memory into the
4541 * cache associated with the CPU(s).
4542 */
4543static int resp_pre_fetch(struct scsi_cmnd *scp,
4544 struct sdebug_dev_info *devip)
4545{
4546 int res = 0;
4547 u64 lba;
4548 u64 block, rest = 0;
4549 u32 nblks;
4550 u8 *cmd = scp->cmnd;
4551 struct sdeb_store_info *sip = devip2sip(devip, true);
4552 u8 *fsp = sip->storep;
4553
4554 if (cmd[0] == PRE_FETCH) { /* 10 byte cdb */
4555 lba = get_unaligned_be32(cmd + 2);
4556 nblks = get_unaligned_be16(cmd + 7);
4557 } else { /* PRE-FETCH(16) */
4558 lba = get_unaligned_be64(cmd + 2);
4559 nblks = get_unaligned_be32(cmd + 10);
4560 }
4561 if (lba + nblks > sdebug_capacity) {
4562 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4563 return check_condition_result;
4564 }
4565 if (!fsp)
4566 goto fini;
4567 /* PRE-FETCH spec says nothing about LBP or PI so skip them */
4568 block = do_div(lba, sdebug_store_sectors);
4569 if (block + nblks > sdebug_store_sectors)
4570 rest = block + nblks - sdebug_store_sectors;
4571
4572 /* Try to bring the PRE-FETCH range into CPU's cache */
4573 sdeb_read_lock(sip);
4574 prefetch_range(fsp + (sdebug_sector_size * block),
4575 (nblks - rest) * sdebug_sector_size);
4576 if (rest)
4577 prefetch_range(fsp, rest * sdebug_sector_size);
4578 sdeb_read_unlock(sip);
4579fini:
4580 if (cmd[1] & 0x2)
4581 res = SDEG_RES_IMMED_MASK;
4582 return res | condition_met_result;
4583}
4584
4585#define RL_BUCKET_ELEMS 8
4586
4587/* Even though each pseudo target has a REPORT LUNS "well known logical unit"
4588 * (W-LUN), the normal Linux scanning logic does not associate it with a
4589 * device (e.g. /dev/sg7). The following magic will make that association:
4590 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
4591 * where <n> is a host number. If there are multiple targets in a host then
4592 * the above will associate a W-LUN to each target. To only get a W-LUN
4593 * for target 2, then use "echo '- 2 49409' > scan" .
4594 */
4595static int resp_report_luns(struct scsi_cmnd *scp,
4596 struct sdebug_dev_info *devip)
4597{
4598 unsigned char *cmd = scp->cmnd;
4599 unsigned int alloc_len;
4600 unsigned char select_report;
4601 u64 lun;
4602 struct scsi_lun *lun_p;
4603 u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
4604 unsigned int lun_cnt; /* normal LUN count (max: 256) */
4605 unsigned int wlun_cnt; /* report luns W-LUN count */
4606 unsigned int tlun_cnt; /* total LUN count */
4607 unsigned int rlen; /* response length (in bytes) */
4608 int k, j, n, res;
4609 unsigned int off_rsp = 0;
4610 const int sz_lun = sizeof(struct scsi_lun);
4611
4612 clear_luns_changed_on_target(devip);
4613
4614 select_report = cmd[2];
4615 alloc_len = get_unaligned_be32(cmd + 6);
4616
4617 if (alloc_len < 4) {
4618 pr_err("alloc len too small %d\n", alloc_len);
4619 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
4620 return check_condition_result;
4621 }
4622
4623 switch (select_report) {
4624 case 0: /* all LUNs apart from W-LUNs */
4625 lun_cnt = sdebug_max_luns;
4626 wlun_cnt = 0;
4627 break;
4628 case 1: /* only W-LUNs */
4629 lun_cnt = 0;
4630 wlun_cnt = 1;
4631 break;
4632 case 2: /* all LUNs */
4633 lun_cnt = sdebug_max_luns;
4634 wlun_cnt = 1;
4635 break;
4636 case 0x10: /* only administrative LUs */
4637 case 0x11: /* see SPC-5 */
4638 case 0x12: /* only subsiduary LUs owned by referenced LU */
4639 default:
4640 pr_debug("select report invalid %d\n", select_report);
4641 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
4642 return check_condition_result;
4643 }
4644
4645 if (sdebug_no_lun_0 && (lun_cnt > 0))
4646 --lun_cnt;
4647
4648 tlun_cnt = lun_cnt + wlun_cnt;
4649 rlen = tlun_cnt * sz_lun; /* excluding 8 byte header */
4650 scsi_set_resid(scp, scsi_bufflen(scp));
4651 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
4652 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
4653
4654 /* loops rely on sizeof response header same as sizeof lun (both 8) */
4655 lun = sdebug_no_lun_0 ? 1 : 0;
4656 for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
4657 memset(arr, 0, sizeof(arr));
4658 lun_p = (struct scsi_lun *)&arr[0];
4659 if (k == 0) {
4660 put_unaligned_be32(rlen, &arr[0]);
4661 ++lun_p;
4662 j = 1;
4663 }
4664 for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
4665 if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
4666 break;
4667 int_to_scsilun(lun++, lun_p);
4668 if (lun > 1 && sdebug_lun_am == SAM_LUN_AM_FLAT)
4669 lun_p->scsi_lun[0] |= 0x40;
4670 }
4671 if (j < RL_BUCKET_ELEMS)
4672 break;
4673 n = j * sz_lun;
4674 res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
4675 if (res)
4676 return res;
4677 off_rsp += n;
4678 }
4679 if (wlun_cnt) {
4680 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
4681 ++j;
4682 }
4683 if (j > 0)
4684 res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
4685 return res;
4686}
4687
4688static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4689{
4690 bool is_bytchk3 = false;
4691 u8 bytchk;
4692 int ret, j;
4693 u32 vnum, a_num, off;
4694 const u32 lb_size = sdebug_sector_size;
4695 u64 lba;
4696 u8 *arr;
4697 u8 *cmd = scp->cmnd;
4698 struct sdeb_store_info *sip = devip2sip(devip, true);
4699
4700 bytchk = (cmd[1] >> 1) & 0x3;
4701 if (bytchk == 0) {
4702 return 0; /* always claim internal verify okay */
4703 } else if (bytchk == 2) {
4704 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
4705 return check_condition_result;
4706 } else if (bytchk == 3) {
4707 is_bytchk3 = true; /* 1 block sent, compared repeatedly */
4708 }
4709 switch (cmd[0]) {
4710 case VERIFY_16:
4711 lba = get_unaligned_be64(cmd + 2);
4712 vnum = get_unaligned_be32(cmd + 10);
4713 break;
4714 case VERIFY: /* is VERIFY(10) */
4715 lba = get_unaligned_be32(cmd + 2);
4716 vnum = get_unaligned_be16(cmd + 7);
4717 break;
4718 default:
4719 mk_sense_invalid_opcode(scp);
4720 return check_condition_result;
4721 }
4722 if (vnum == 0)
4723 return 0; /* not an error */
4724 a_num = is_bytchk3 ? 1 : vnum;
4725 /* Treat following check like one for read (i.e. no write) access */
4726 ret = check_device_access_params(scp, lba, a_num, false);
4727 if (ret)
4728 return ret;
4729
4730 arr = kcalloc(lb_size, vnum, GFP_ATOMIC | __GFP_NOWARN);
4731 if (!arr) {
4732 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4733 INSUFF_RES_ASCQ);
4734 return check_condition_result;
4735 }
4736 /* Not changing store, so only need read access */
4737 sdeb_read_lock(sip);
4738
4739 ret = do_dout_fetch(scp, a_num, arr);
4740 if (ret == -1) {
4741 ret = DID_ERROR << 16;
4742 goto cleanup;
4743 } else if (sdebug_verbose && (ret < (a_num * lb_size))) {
4744 sdev_printk(KERN_INFO, scp->device,
4745 "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
4746 my_name, __func__, a_num * lb_size, ret);
4747 }
4748 if (is_bytchk3) {
4749 for (j = 1, off = lb_size; j < vnum; ++j, off += lb_size)
4750 memcpy(arr + off, arr, lb_size);
4751 }
4752 ret = 0;
4753 if (!comp_write_worker(sip, lba, vnum, arr, true)) {
4754 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4755 ret = check_condition_result;
4756 goto cleanup;
4757 }
4758cleanup:
4759 sdeb_read_unlock(sip);
4760 kfree(arr);
4761 return ret;
4762}
4763
4764#define RZONES_DESC_HD 64
4765
4766/* Report zones depending on start LBA and reporting options */
4767static int resp_report_zones(struct scsi_cmnd *scp,
4768 struct sdebug_dev_info *devip)
4769{
4770 unsigned int rep_max_zones, nrz = 0;
4771 int ret = 0;
4772 u32 alloc_len, rep_opts, rep_len;
4773 bool partial;
4774 u64 lba, zs_lba;
4775 u8 *arr = NULL, *desc;
4776 u8 *cmd = scp->cmnd;
4777 struct sdeb_zone_state *zsp = NULL;
4778 struct sdeb_store_info *sip = devip2sip(devip, false);
4779
4780 if (!sdebug_dev_is_zoned(devip)) {
4781 mk_sense_invalid_opcode(scp);
4782 return check_condition_result;
4783 }
4784 zs_lba = get_unaligned_be64(cmd + 2);
4785 alloc_len = get_unaligned_be32(cmd + 10);
4786 if (alloc_len == 0)
4787 return 0; /* not an error */
4788 rep_opts = cmd[14] & 0x3f;
4789 partial = cmd[14] & 0x80;
4790
4791 if (zs_lba >= sdebug_capacity) {
4792 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4793 return check_condition_result;
4794 }
4795
4796 rep_max_zones = (alloc_len - 64) >> ilog2(RZONES_DESC_HD);
4797
4798 arr = kzalloc(alloc_len, GFP_ATOMIC | __GFP_NOWARN);
4799 if (!arr) {
4800 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4801 INSUFF_RES_ASCQ);
4802 return check_condition_result;
4803 }
4804
4805 sdeb_read_lock(sip);
4806
4807 desc = arr + 64;
4808 for (lba = zs_lba; lba < sdebug_capacity;
4809 lba = zsp->z_start + zsp->z_size) {
4810 if (WARN_ONCE(zbc_zone(devip, lba) == zsp, "lba = %llu\n", lba))
4811 break;
4812 zsp = zbc_zone(devip, lba);
4813 switch (rep_opts) {
4814 case 0x00:
4815 /* All zones */
4816 break;
4817 case 0x01:
4818 /* Empty zones */
4819 if (zsp->z_cond != ZC1_EMPTY)
4820 continue;
4821 break;
4822 case 0x02:
4823 /* Implicit open zones */
4824 if (zsp->z_cond != ZC2_IMPLICIT_OPEN)
4825 continue;
4826 break;
4827 case 0x03:
4828 /* Explicit open zones */
4829 if (zsp->z_cond != ZC3_EXPLICIT_OPEN)
4830 continue;
4831 break;
4832 case 0x04:
4833 /* Closed zones */
4834 if (zsp->z_cond != ZC4_CLOSED)
4835 continue;
4836 break;
4837 case 0x05:
4838 /* Full zones */
4839 if (zsp->z_cond != ZC5_FULL)
4840 continue;
4841 break;
4842 case 0x06:
4843 case 0x07:
4844 case 0x10:
4845 /*
4846 * Read-only, offline, reset WP recommended are
4847 * not emulated: no zones to report;
4848 */
4849 continue;
4850 case 0x11:
4851 /* non-seq-resource set */
4852 if (!zsp->z_non_seq_resource)
4853 continue;
4854 break;
4855 case 0x3e:
4856 /* All zones except gap zones. */
4857 if (zbc_zone_is_gap(zsp))
4858 continue;
4859 break;
4860 case 0x3f:
4861 /* Not write pointer (conventional) zones */
4862 if (zbc_zone_is_seq(zsp))
4863 continue;
4864 break;
4865 default:
4866 mk_sense_buffer(scp, ILLEGAL_REQUEST,
4867 INVALID_FIELD_IN_CDB, 0);
4868 ret = check_condition_result;
4869 goto fini;
4870 }
4871
4872 if (nrz < rep_max_zones) {
4873 /* Fill zone descriptor */
4874 desc[0] = zsp->z_type;
4875 desc[1] = zsp->z_cond << 4;
4876 if (zsp->z_non_seq_resource)
4877 desc[1] |= 1 << 1;
4878 put_unaligned_be64((u64)zsp->z_size, desc + 8);
4879 put_unaligned_be64((u64)zsp->z_start, desc + 16);
4880 put_unaligned_be64((u64)zsp->z_wp, desc + 24);
4881 desc += 64;
4882 }
4883
4884 if (partial && nrz >= rep_max_zones)
4885 break;
4886
4887 nrz++;
4888 }
4889
4890 /* Report header */
4891 /* Zone list length. */
4892 put_unaligned_be32(nrz * RZONES_DESC_HD, arr + 0);
4893 /* Maximum LBA */
4894 put_unaligned_be64(sdebug_capacity - 1, arr + 8);
4895 /* Zone starting LBA granularity. */
4896 if (devip->zcap < devip->zsize)
4897 put_unaligned_be64(devip->zsize, arr + 16);
4898
4899 rep_len = (unsigned long)desc - (unsigned long)arr;
4900 ret = fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, rep_len));
4901
4902fini:
4903 sdeb_read_unlock(sip);
4904 kfree(arr);
4905 return ret;
4906}
4907
4908/* Logic transplanted from tcmu-runner, file_zbc.c */
4909static void zbc_open_all(struct sdebug_dev_info *devip)
4910{
4911 struct sdeb_zone_state *zsp = &devip->zstate[0];
4912 unsigned int i;
4913
4914 for (i = 0; i < devip->nr_zones; i++, zsp++) {
4915 if (zsp->z_cond == ZC4_CLOSED)
4916 zbc_open_zone(devip, &devip->zstate[i], true);
4917 }
4918}
4919
4920static int resp_open_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4921{
4922 int res = 0;
4923 u64 z_id;
4924 enum sdebug_z_cond zc;
4925 u8 *cmd = scp->cmnd;
4926 struct sdeb_zone_state *zsp;
4927 bool all = cmd[14] & 0x01;
4928 struct sdeb_store_info *sip = devip2sip(devip, false);
4929
4930 if (!sdebug_dev_is_zoned(devip)) {
4931 mk_sense_invalid_opcode(scp);
4932 return check_condition_result;
4933 }
4934
4935 sdeb_write_lock(sip);
4936
4937 if (all) {
4938 /* Check if all closed zones can be open */
4939 if (devip->max_open &&
4940 devip->nr_exp_open + devip->nr_closed > devip->max_open) {
4941 mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4942 INSUFF_ZONE_ASCQ);
4943 res = check_condition_result;
4944 goto fini;
4945 }
4946 /* Open all closed zones */
4947 zbc_open_all(devip);
4948 goto fini;
4949 }
4950
4951 /* Open the specified zone */
4952 z_id = get_unaligned_be64(cmd + 2);
4953 if (z_id >= sdebug_capacity) {
4954 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4955 res = check_condition_result;
4956 goto fini;
4957 }
4958
4959 zsp = zbc_zone(devip, z_id);
4960 if (z_id != zsp->z_start) {
4961 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4962 res = check_condition_result;
4963 goto fini;
4964 }
4965 if (zbc_zone_is_conv(zsp)) {
4966 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4967 res = check_condition_result;
4968 goto fini;
4969 }
4970
4971 zc = zsp->z_cond;
4972 if (zc == ZC3_EXPLICIT_OPEN || zc == ZC5_FULL)
4973 goto fini;
4974
4975 if (devip->max_open && devip->nr_exp_open >= devip->max_open) {
4976 mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4977 INSUFF_ZONE_ASCQ);
4978 res = check_condition_result;
4979 goto fini;
4980 }
4981
4982 zbc_open_zone(devip, zsp, true);
4983fini:
4984 sdeb_write_unlock(sip);
4985 return res;
4986}
4987
4988static void zbc_close_all(struct sdebug_dev_info *devip)
4989{
4990 unsigned int i;
4991
4992 for (i = 0; i < devip->nr_zones; i++)
4993 zbc_close_zone(devip, &devip->zstate[i]);
4994}
4995
4996static int resp_close_zone(struct scsi_cmnd *scp,
4997 struct sdebug_dev_info *devip)
4998{
4999 int res = 0;
5000 u64 z_id;
5001 u8 *cmd = scp->cmnd;
5002 struct sdeb_zone_state *zsp;
5003 bool all = cmd[14] & 0x01;
5004 struct sdeb_store_info *sip = devip2sip(devip, false);
5005
5006 if (!sdebug_dev_is_zoned(devip)) {
5007 mk_sense_invalid_opcode(scp);
5008 return check_condition_result;
5009 }
5010
5011 sdeb_write_lock(sip);
5012
5013 if (all) {
5014 zbc_close_all(devip);
5015 goto fini;
5016 }
5017
5018 /* Close specified zone */
5019 z_id = get_unaligned_be64(cmd + 2);
5020 if (z_id >= sdebug_capacity) {
5021 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5022 res = check_condition_result;
5023 goto fini;
5024 }
5025
5026 zsp = zbc_zone(devip, z_id);
5027 if (z_id != zsp->z_start) {
5028 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5029 res = check_condition_result;
5030 goto fini;
5031 }
5032 if (zbc_zone_is_conv(zsp)) {
5033 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5034 res = check_condition_result;
5035 goto fini;
5036 }
5037
5038 zbc_close_zone(devip, zsp);
5039fini:
5040 sdeb_write_unlock(sip);
5041 return res;
5042}
5043
5044static void zbc_finish_zone(struct sdebug_dev_info *devip,
5045 struct sdeb_zone_state *zsp, bool empty)
5046{
5047 enum sdebug_z_cond zc = zsp->z_cond;
5048
5049 if (zc == ZC4_CLOSED || zc == ZC2_IMPLICIT_OPEN ||
5050 zc == ZC3_EXPLICIT_OPEN || (empty && zc == ZC1_EMPTY)) {
5051 if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
5052 zbc_close_zone(devip, zsp);
5053 if (zsp->z_cond == ZC4_CLOSED)
5054 devip->nr_closed--;
5055 zsp->z_wp = zsp->z_start + zsp->z_size;
5056 zsp->z_cond = ZC5_FULL;
5057 }
5058}
5059
5060static void zbc_finish_all(struct sdebug_dev_info *devip)
5061{
5062 unsigned int i;
5063
5064 for (i = 0; i < devip->nr_zones; i++)
5065 zbc_finish_zone(devip, &devip->zstate[i], false);
5066}
5067
5068static int resp_finish_zone(struct scsi_cmnd *scp,
5069 struct sdebug_dev_info *devip)
5070{
5071 struct sdeb_zone_state *zsp;
5072 int res = 0;
5073 u64 z_id;
5074 u8 *cmd = scp->cmnd;
5075 bool all = cmd[14] & 0x01;
5076 struct sdeb_store_info *sip = devip2sip(devip, false);
5077
5078 if (!sdebug_dev_is_zoned(devip)) {
5079 mk_sense_invalid_opcode(scp);
5080 return check_condition_result;
5081 }
5082
5083 sdeb_write_lock(sip);
5084
5085 if (all) {
5086 zbc_finish_all(devip);
5087 goto fini;
5088 }
5089
5090 /* Finish the specified zone */
5091 z_id = get_unaligned_be64(cmd + 2);
5092 if (z_id >= sdebug_capacity) {
5093 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5094 res = check_condition_result;
5095 goto fini;
5096 }
5097
5098 zsp = zbc_zone(devip, z_id);
5099 if (z_id != zsp->z_start) {
5100 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5101 res = check_condition_result;
5102 goto fini;
5103 }
5104 if (zbc_zone_is_conv(zsp)) {
5105 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5106 res = check_condition_result;
5107 goto fini;
5108 }
5109
5110 zbc_finish_zone(devip, zsp, true);
5111fini:
5112 sdeb_write_unlock(sip);
5113 return res;
5114}
5115
5116static void zbc_rwp_zone(struct sdebug_dev_info *devip,
5117 struct sdeb_zone_state *zsp)
5118{
5119 enum sdebug_z_cond zc;
5120 struct sdeb_store_info *sip = devip2sip(devip, false);
5121
5122 if (!zbc_zone_is_seq(zsp))
5123 return;
5124
5125 zc = zsp->z_cond;
5126 if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
5127 zbc_close_zone(devip, zsp);
5128
5129 if (zsp->z_cond == ZC4_CLOSED)
5130 devip->nr_closed--;
5131
5132 if (zsp->z_wp > zsp->z_start)
5133 memset(sip->storep + zsp->z_start * sdebug_sector_size, 0,
5134 (zsp->z_wp - zsp->z_start) * sdebug_sector_size);
5135
5136 zsp->z_non_seq_resource = false;
5137 zsp->z_wp = zsp->z_start;
5138 zsp->z_cond = ZC1_EMPTY;
5139}
5140
5141static void zbc_rwp_all(struct sdebug_dev_info *devip)
5142{
5143 unsigned int i;
5144
5145 for (i = 0; i < devip->nr_zones; i++)
5146 zbc_rwp_zone(devip, &devip->zstate[i]);
5147}
5148
5149static int resp_rwp_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
5150{
5151 struct sdeb_zone_state *zsp;
5152 int res = 0;
5153 u64 z_id;
5154 u8 *cmd = scp->cmnd;
5155 bool all = cmd[14] & 0x01;
5156 struct sdeb_store_info *sip = devip2sip(devip, false);
5157
5158 if (!sdebug_dev_is_zoned(devip)) {
5159 mk_sense_invalid_opcode(scp);
5160 return check_condition_result;
5161 }
5162
5163 sdeb_write_lock(sip);
5164
5165 if (all) {
5166 zbc_rwp_all(devip);
5167 goto fini;
5168 }
5169
5170 z_id = get_unaligned_be64(cmd + 2);
5171 if (z_id >= sdebug_capacity) {
5172 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5173 res = check_condition_result;
5174 goto fini;
5175 }
5176
5177 zsp = zbc_zone(devip, z_id);
5178 if (z_id != zsp->z_start) {
5179 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5180 res = check_condition_result;
5181 goto fini;
5182 }
5183 if (zbc_zone_is_conv(zsp)) {
5184 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5185 res = check_condition_result;
5186 goto fini;
5187 }
5188
5189 zbc_rwp_zone(devip, zsp);
5190fini:
5191 sdeb_write_unlock(sip);
5192 return res;
5193}
5194
5195static u32 get_tag(struct scsi_cmnd *cmnd)
5196{
5197 return blk_mq_unique_tag(scsi_cmd_to_rq(cmnd));
5198}
5199
5200/* Queued (deferred) command completions converge here. */
5201static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
5202{
5203 struct sdebug_queued_cmd *sqcp = container_of(sd_dp, struct sdebug_queued_cmd, sd_dp);
5204 unsigned long flags;
5205 struct scsi_cmnd *scp = sqcp->scmd;
5206 struct sdebug_scsi_cmd *sdsc;
5207 bool aborted;
5208
5209 if (sdebug_statistics) {
5210 atomic_inc(&sdebug_completions);
5211 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
5212 atomic_inc(&sdebug_miss_cpus);
5213 }
5214
5215 if (!scp) {
5216 pr_err("scmd=NULL\n");
5217 goto out;
5218 }
5219
5220 sdsc = scsi_cmd_priv(scp);
5221 spin_lock_irqsave(&sdsc->lock, flags);
5222 aborted = sd_dp->aborted;
5223 if (unlikely(aborted))
5224 sd_dp->aborted = false;
5225 ASSIGN_QUEUED_CMD(scp, NULL);
5226
5227 spin_unlock_irqrestore(&sdsc->lock, flags);
5228
5229 if (aborted) {
5230 pr_info("bypassing scsi_done() due to aborted cmd, kicking-off EH\n");
5231 blk_abort_request(scsi_cmd_to_rq(scp));
5232 goto out;
5233 }
5234
5235 scsi_done(scp); /* callback to mid level */
5236out:
5237 sdebug_free_queued_cmd(sqcp);
5238}
5239
5240/* When high resolution timer goes off this function is called. */
5241static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
5242{
5243 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
5244 hrt);
5245 sdebug_q_cmd_complete(sd_dp);
5246 return HRTIMER_NORESTART;
5247}
5248
5249/* When work queue schedules work, it calls this function. */
5250static void sdebug_q_cmd_wq_complete(struct work_struct *work)
5251{
5252 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
5253 ew.work);
5254 sdebug_q_cmd_complete(sd_dp);
5255}
5256
5257static bool got_shared_uuid;
5258static uuid_t shared_uuid;
5259
5260static int sdebug_device_create_zones(struct sdebug_dev_info *devip)
5261{
5262 struct sdeb_zone_state *zsp;
5263 sector_t capacity = get_sdebug_capacity();
5264 sector_t conv_capacity;
5265 sector_t zstart = 0;
5266 unsigned int i;
5267
5268 /*
5269 * Set the zone size: if sdeb_zbc_zone_size_mb is not set, figure out
5270 * a zone size allowing for at least 4 zones on the device. Otherwise,
5271 * use the specified zone size checking that at least 2 zones can be
5272 * created for the device.
5273 */
5274 if (!sdeb_zbc_zone_size_mb) {
5275 devip->zsize = (DEF_ZBC_ZONE_SIZE_MB * SZ_1M)
5276 >> ilog2(sdebug_sector_size);
5277 while (capacity < devip->zsize << 2 && devip->zsize >= 2)
5278 devip->zsize >>= 1;
5279 if (devip->zsize < 2) {
5280 pr_err("Device capacity too small\n");
5281 return -EINVAL;
5282 }
5283 } else {
5284 if (!is_power_of_2(sdeb_zbc_zone_size_mb)) {
5285 pr_err("Zone size is not a power of 2\n");
5286 return -EINVAL;
5287 }
5288 devip->zsize = (sdeb_zbc_zone_size_mb * SZ_1M)
5289 >> ilog2(sdebug_sector_size);
5290 if (devip->zsize >= capacity) {
5291 pr_err("Zone size too large for device capacity\n");
5292 return -EINVAL;
5293 }
5294 }
5295
5296 devip->zsize_shift = ilog2(devip->zsize);
5297 devip->nr_zones = (capacity + devip->zsize - 1) >> devip->zsize_shift;
5298
5299 if (sdeb_zbc_zone_cap_mb == 0) {
5300 devip->zcap = devip->zsize;
5301 } else {
5302 devip->zcap = (sdeb_zbc_zone_cap_mb * SZ_1M) >>
5303 ilog2(sdebug_sector_size);
5304 if (devip->zcap > devip->zsize) {
5305 pr_err("Zone capacity too large\n");
5306 return -EINVAL;
5307 }
5308 }
5309
5310 conv_capacity = (sector_t)sdeb_zbc_nr_conv << devip->zsize_shift;
5311 if (conv_capacity >= capacity) {
5312 pr_err("Number of conventional zones too large\n");
5313 return -EINVAL;
5314 }
5315 devip->nr_conv_zones = sdeb_zbc_nr_conv;
5316 devip->nr_seq_zones = ALIGN(capacity - conv_capacity, devip->zsize) >>
5317 devip->zsize_shift;
5318 devip->nr_zones = devip->nr_conv_zones + devip->nr_seq_zones;
5319
5320 /* Add gap zones if zone capacity is smaller than the zone size */
5321 if (devip->zcap < devip->zsize)
5322 devip->nr_zones += devip->nr_seq_zones;
5323
5324 if (devip->zoned) {
5325 /* zbc_max_open_zones can be 0, meaning "not reported" */
5326 if (sdeb_zbc_max_open >= devip->nr_zones - 1)
5327 devip->max_open = (devip->nr_zones - 1) / 2;
5328 else
5329 devip->max_open = sdeb_zbc_max_open;
5330 }
5331
5332 devip->zstate = kcalloc(devip->nr_zones,
5333 sizeof(struct sdeb_zone_state), GFP_KERNEL);
5334 if (!devip->zstate)
5335 return -ENOMEM;
5336
5337 for (i = 0; i < devip->nr_zones; i++) {
5338 zsp = &devip->zstate[i];
5339
5340 zsp->z_start = zstart;
5341
5342 if (i < devip->nr_conv_zones) {
5343 zsp->z_type = ZBC_ZTYPE_CNV;
5344 zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5345 zsp->z_wp = (sector_t)-1;
5346 zsp->z_size =
5347 min_t(u64, devip->zsize, capacity - zstart);
5348 } else if ((zstart & (devip->zsize - 1)) == 0) {
5349 if (devip->zoned)
5350 zsp->z_type = ZBC_ZTYPE_SWR;
5351 else
5352 zsp->z_type = ZBC_ZTYPE_SWP;
5353 zsp->z_cond = ZC1_EMPTY;
5354 zsp->z_wp = zsp->z_start;
5355 zsp->z_size =
5356 min_t(u64, devip->zcap, capacity - zstart);
5357 } else {
5358 zsp->z_type = ZBC_ZTYPE_GAP;
5359 zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5360 zsp->z_wp = (sector_t)-1;
5361 zsp->z_size = min_t(u64, devip->zsize - devip->zcap,
5362 capacity - zstart);
5363 }
5364
5365 WARN_ON_ONCE((int)zsp->z_size <= 0);
5366 zstart += zsp->z_size;
5367 }
5368
5369 return 0;
5370}
5371
5372static struct sdebug_dev_info *sdebug_device_create(
5373 struct sdebug_host_info *sdbg_host, gfp_t flags)
5374{
5375 struct sdebug_dev_info *devip;
5376
5377 devip = kzalloc(sizeof(*devip), flags);
5378 if (devip) {
5379 if (sdebug_uuid_ctl == 1)
5380 uuid_gen(&devip->lu_name);
5381 else if (sdebug_uuid_ctl == 2) {
5382 if (got_shared_uuid)
5383 devip->lu_name = shared_uuid;
5384 else {
5385 uuid_gen(&shared_uuid);
5386 got_shared_uuid = true;
5387 devip->lu_name = shared_uuid;
5388 }
5389 }
5390 devip->sdbg_host = sdbg_host;
5391 if (sdeb_zbc_in_use) {
5392 devip->zoned = sdeb_zbc_model == BLK_ZONED_HM;
5393 if (sdebug_device_create_zones(devip)) {
5394 kfree(devip);
5395 return NULL;
5396 }
5397 } else {
5398 devip->zoned = false;
5399 }
5400 devip->create_ts = ktime_get_boottime();
5401 atomic_set(&devip->stopped, (sdeb_tur_ms_to_ready > 0 ? 2 : 0));
5402 spin_lock_init(&devip->list_lock);
5403 INIT_LIST_HEAD(&devip->inject_err_list);
5404 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
5405 }
5406 return devip;
5407}
5408
5409static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
5410{
5411 struct sdebug_host_info *sdbg_host;
5412 struct sdebug_dev_info *open_devip = NULL;
5413 struct sdebug_dev_info *devip;
5414
5415 sdbg_host = shost_to_sdebug_host(sdev->host);
5416
5417 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
5418 if ((devip->used) && (devip->channel == sdev->channel) &&
5419 (devip->target == sdev->id) &&
5420 (devip->lun == sdev->lun))
5421 return devip;
5422 else {
5423 if ((!devip->used) && (!open_devip))
5424 open_devip = devip;
5425 }
5426 }
5427 if (!open_devip) { /* try and make a new one */
5428 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
5429 if (!open_devip) {
5430 pr_err("out of memory at line %d\n", __LINE__);
5431 return NULL;
5432 }
5433 }
5434
5435 open_devip->channel = sdev->channel;
5436 open_devip->target = sdev->id;
5437 open_devip->lun = sdev->lun;
5438 open_devip->sdbg_host = sdbg_host;
5439 set_bit(SDEBUG_UA_POOCCUR, open_devip->uas_bm);
5440 open_devip->used = true;
5441 return open_devip;
5442}
5443
5444static int scsi_debug_slave_alloc(struct scsi_device *sdp)
5445{
5446 if (sdebug_verbose)
5447 pr_info("slave_alloc <%u %u %u %llu>\n",
5448 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5449
5450 return 0;
5451}
5452
5453static int scsi_debug_slave_configure(struct scsi_device *sdp)
5454{
5455 struct sdebug_dev_info *devip =
5456 (struct sdebug_dev_info *)sdp->hostdata;
5457 struct dentry *dentry;
5458
5459 if (sdebug_verbose)
5460 pr_info("slave_configure <%u %u %u %llu>\n",
5461 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5462 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
5463 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
5464 if (devip == NULL) {
5465 devip = find_build_dev_info(sdp);
5466 if (devip == NULL)
5467 return 1; /* no resources, will be marked offline */
5468 }
5469 sdp->hostdata = devip;
5470 if (sdebug_no_uld)
5471 sdp->no_uld_attach = 1;
5472 config_cdb_len(sdp);
5473
5474 if (sdebug_allow_restart)
5475 sdp->allow_restart = 1;
5476
5477 devip->debugfs_entry = debugfs_create_dir(dev_name(&sdp->sdev_dev),
5478 sdebug_debugfs_root);
5479 if (IS_ERR_OR_NULL(devip->debugfs_entry))
5480 pr_info("%s: failed to create debugfs directory for device %s\n",
5481 __func__, dev_name(&sdp->sdev_gendev));
5482
5483 dentry = debugfs_create_file("error", 0600, devip->debugfs_entry, sdp,
5484 &sdebug_error_fops);
5485 if (IS_ERR_OR_NULL(dentry))
5486 pr_info("%s: failed to create error file for device %s\n",
5487 __func__, dev_name(&sdp->sdev_gendev));
5488
5489 return 0;
5490}
5491
5492static void scsi_debug_slave_destroy(struct scsi_device *sdp)
5493{
5494 struct sdebug_dev_info *devip =
5495 (struct sdebug_dev_info *)sdp->hostdata;
5496 struct sdebug_err_inject *err;
5497
5498 if (sdebug_verbose)
5499 pr_info("slave_destroy <%u %u %u %llu>\n",
5500 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5501
5502 if (!devip)
5503 return;
5504
5505 spin_lock(&devip->list_lock);
5506 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
5507 list_del_rcu(&err->list);
5508 call_rcu(&err->rcu, sdebug_err_free);
5509 }
5510 spin_unlock(&devip->list_lock);
5511
5512 debugfs_remove(devip->debugfs_entry);
5513
5514 /* make this slot available for re-use */
5515 devip->used = false;
5516 sdp->hostdata = NULL;
5517}
5518
5519/* Returns true if we require the queued memory to be freed by the caller. */
5520static bool stop_qc_helper(struct sdebug_defer *sd_dp,
5521 enum sdeb_defer_type defer_t)
5522{
5523 if (defer_t == SDEB_DEFER_HRT) {
5524 int res = hrtimer_try_to_cancel(&sd_dp->hrt);
5525
5526 switch (res) {
5527 case 0: /* Not active, it must have already run */
5528 case -1: /* -1 It's executing the CB */
5529 return false;
5530 case 1: /* Was active, we've now cancelled */
5531 default:
5532 return true;
5533 }
5534 } else if (defer_t == SDEB_DEFER_WQ) {
5535 /* Cancel if pending */
5536 if (cancel_work_sync(&sd_dp->ew.work))
5537 return true;
5538 /* Was not pending, so it must have run */
5539 return false;
5540 } else if (defer_t == SDEB_DEFER_POLL) {
5541 return true;
5542 }
5543
5544 return false;
5545}
5546
5547
5548static bool scsi_debug_stop_cmnd(struct scsi_cmnd *cmnd)
5549{
5550 enum sdeb_defer_type l_defer_t;
5551 struct sdebug_defer *sd_dp;
5552 struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
5553 struct sdebug_queued_cmd *sqcp = TO_QUEUED_CMD(cmnd);
5554
5555 lockdep_assert_held(&sdsc->lock);
5556
5557 if (!sqcp)
5558 return false;
5559 sd_dp = &sqcp->sd_dp;
5560 l_defer_t = READ_ONCE(sd_dp->defer_t);
5561 ASSIGN_QUEUED_CMD(cmnd, NULL);
5562
5563 if (stop_qc_helper(sd_dp, l_defer_t))
5564 sdebug_free_queued_cmd(sqcp);
5565
5566 return true;
5567}
5568
5569/*
5570 * Called from scsi_debug_abort() only, which is for timed-out cmd.
5571 */
5572static bool scsi_debug_abort_cmnd(struct scsi_cmnd *cmnd)
5573{
5574 struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
5575 unsigned long flags;
5576 bool res;
5577
5578 spin_lock_irqsave(&sdsc->lock, flags);
5579 res = scsi_debug_stop_cmnd(cmnd);
5580 spin_unlock_irqrestore(&sdsc->lock, flags);
5581
5582 return res;
5583}
5584
5585/*
5586 * All we can do is set the cmnd as internally aborted and wait for it to
5587 * finish. We cannot call scsi_done() as normal completion path may do that.
5588 */
5589static bool sdebug_stop_cmnd(struct request *rq, void *data)
5590{
5591 scsi_debug_abort_cmnd(blk_mq_rq_to_pdu(rq));
5592
5593 return true;
5594}
5595
5596/* Deletes (stops) timers or work queues of all queued commands */
5597static void stop_all_queued(void)
5598{
5599 struct sdebug_host_info *sdhp;
5600
5601 mutex_lock(&sdebug_host_list_mutex);
5602 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
5603 struct Scsi_Host *shost = sdhp->shost;
5604
5605 blk_mq_tagset_busy_iter(&shost->tag_set, sdebug_stop_cmnd, NULL);
5606 }
5607 mutex_unlock(&sdebug_host_list_mutex);
5608}
5609
5610static int sdebug_fail_abort(struct scsi_cmnd *cmnd)
5611{
5612 struct scsi_device *sdp = cmnd->device;
5613 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
5614 struct sdebug_err_inject *err;
5615 unsigned char *cmd = cmnd->cmnd;
5616 int ret = 0;
5617
5618 if (devip == NULL)
5619 return 0;
5620
5621 rcu_read_lock();
5622 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
5623 if (err->type == ERR_ABORT_CMD_FAILED &&
5624 (err->cmd == cmd[0] || err->cmd == 0xff)) {
5625 ret = !!err->cnt;
5626 if (err->cnt < 0)
5627 err->cnt++;
5628
5629 rcu_read_unlock();
5630 return ret;
5631 }
5632 }
5633 rcu_read_unlock();
5634
5635 return 0;
5636}
5637
5638static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
5639{
5640 bool ok = scsi_debug_abort_cmnd(SCpnt);
5641 u8 *cmd = SCpnt->cmnd;
5642 u8 opcode = cmd[0];
5643
5644 ++num_aborts;
5645
5646 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5647 sdev_printk(KERN_INFO, SCpnt->device,
5648 "%s: command%s found\n", __func__,
5649 ok ? "" : " not");
5650
5651 if (sdebug_fail_abort(SCpnt)) {
5652 scmd_printk(KERN_INFO, SCpnt, "fail abort command 0x%x\n",
5653 opcode);
5654 return FAILED;
5655 }
5656
5657 return SUCCESS;
5658}
5659
5660static bool scsi_debug_stop_all_queued_iter(struct request *rq, void *data)
5661{
5662 struct scsi_device *sdp = data;
5663 struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
5664
5665 if (scmd->device == sdp)
5666 scsi_debug_abort_cmnd(scmd);
5667
5668 return true;
5669}
5670
5671/* Deletes (stops) timers or work queues of all queued commands per sdev */
5672static void scsi_debug_stop_all_queued(struct scsi_device *sdp)
5673{
5674 struct Scsi_Host *shost = sdp->host;
5675
5676 blk_mq_tagset_busy_iter(&shost->tag_set,
5677 scsi_debug_stop_all_queued_iter, sdp);
5678}
5679
5680static int sdebug_fail_lun_reset(struct scsi_cmnd *cmnd)
5681{
5682 struct scsi_device *sdp = cmnd->device;
5683 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
5684 struct sdebug_err_inject *err;
5685 unsigned char *cmd = cmnd->cmnd;
5686 int ret = 0;
5687
5688 if (devip == NULL)
5689 return 0;
5690
5691 rcu_read_lock();
5692 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
5693 if (err->type == ERR_LUN_RESET_FAILED &&
5694 (err->cmd == cmd[0] || err->cmd == 0xff)) {
5695 ret = !!err->cnt;
5696 if (err->cnt < 0)
5697 err->cnt++;
5698
5699 rcu_read_unlock();
5700 return ret;
5701 }
5702 }
5703 rcu_read_unlock();
5704
5705 return 0;
5706}
5707
5708static int scsi_debug_device_reset(struct scsi_cmnd *SCpnt)
5709{
5710 struct scsi_device *sdp = SCpnt->device;
5711 struct sdebug_dev_info *devip = sdp->hostdata;
5712 u8 *cmd = SCpnt->cmnd;
5713 u8 opcode = cmd[0];
5714
5715 ++num_dev_resets;
5716
5717 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5718 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5719
5720 scsi_debug_stop_all_queued(sdp);
5721 if (devip)
5722 set_bit(SDEBUG_UA_POR, devip->uas_bm);
5723
5724 if (sdebug_fail_lun_reset(SCpnt)) {
5725 scmd_printk(KERN_INFO, SCpnt, "fail lun reset 0x%x\n", opcode);
5726 return FAILED;
5727 }
5728
5729 return SUCCESS;
5730}
5731
5732static int sdebug_fail_target_reset(struct scsi_cmnd *cmnd)
5733{
5734 struct scsi_target *starget = scsi_target(cmnd->device);
5735 struct sdebug_target_info *targetip =
5736 (struct sdebug_target_info *)starget->hostdata;
5737
5738 if (targetip)
5739 return targetip->reset_fail;
5740
5741 return 0;
5742}
5743
5744static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
5745{
5746 struct scsi_device *sdp = SCpnt->device;
5747 struct sdebug_host_info *sdbg_host = shost_to_sdebug_host(sdp->host);
5748 struct sdebug_dev_info *devip;
5749 u8 *cmd = SCpnt->cmnd;
5750 u8 opcode = cmd[0];
5751 int k = 0;
5752
5753 ++num_target_resets;
5754 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5755 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5756
5757 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
5758 if (devip->target == sdp->id) {
5759 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5760 ++k;
5761 }
5762 }
5763
5764 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5765 sdev_printk(KERN_INFO, sdp,
5766 "%s: %d device(s) found in target\n", __func__, k);
5767
5768 if (sdebug_fail_target_reset(SCpnt)) {
5769 scmd_printk(KERN_INFO, SCpnt, "fail target reset 0x%x\n",
5770 opcode);
5771 return FAILED;
5772 }
5773
5774 return SUCCESS;
5775}
5776
5777static int scsi_debug_bus_reset(struct scsi_cmnd *SCpnt)
5778{
5779 struct scsi_device *sdp = SCpnt->device;
5780 struct sdebug_host_info *sdbg_host = shost_to_sdebug_host(sdp->host);
5781 struct sdebug_dev_info *devip;
5782 int k = 0;
5783
5784 ++num_bus_resets;
5785
5786 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5787 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5788
5789 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
5790 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5791 ++k;
5792 }
5793
5794 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5795 sdev_printk(KERN_INFO, sdp,
5796 "%s: %d device(s) found in host\n", __func__, k);
5797 return SUCCESS;
5798}
5799
5800static int scsi_debug_host_reset(struct scsi_cmnd *SCpnt)
5801{
5802 struct sdebug_host_info *sdbg_host;
5803 struct sdebug_dev_info *devip;
5804 int k = 0;
5805
5806 ++num_host_resets;
5807 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5808 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
5809 mutex_lock(&sdebug_host_list_mutex);
5810 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
5811 list_for_each_entry(devip, &sdbg_host->dev_info_list,
5812 dev_list) {
5813 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5814 ++k;
5815 }
5816 }
5817 mutex_unlock(&sdebug_host_list_mutex);
5818 stop_all_queued();
5819 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5820 sdev_printk(KERN_INFO, SCpnt->device,
5821 "%s: %d device(s) found\n", __func__, k);
5822 return SUCCESS;
5823}
5824
5825static void sdebug_build_parts(unsigned char *ramp, unsigned long store_size)
5826{
5827 struct msdos_partition *pp;
5828 int starts[SDEBUG_MAX_PARTS + 2], max_part_secs;
5829 int sectors_per_part, num_sectors, k;
5830 int heads_by_sects, start_sec, end_sec;
5831
5832 /* assume partition table already zeroed */
5833 if ((sdebug_num_parts < 1) || (store_size < 1048576))
5834 return;
5835 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
5836 sdebug_num_parts = SDEBUG_MAX_PARTS;
5837 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
5838 }
5839 num_sectors = (int)get_sdebug_capacity();
5840 sectors_per_part = (num_sectors - sdebug_sectors_per)
5841 / sdebug_num_parts;
5842 heads_by_sects = sdebug_heads * sdebug_sectors_per;
5843 starts[0] = sdebug_sectors_per;
5844 max_part_secs = sectors_per_part;
5845 for (k = 1; k < sdebug_num_parts; ++k) {
5846 starts[k] = ((k * sectors_per_part) / heads_by_sects)
5847 * heads_by_sects;
5848 if (starts[k] - starts[k - 1] < max_part_secs)
5849 max_part_secs = starts[k] - starts[k - 1];
5850 }
5851 starts[sdebug_num_parts] = num_sectors;
5852 starts[sdebug_num_parts + 1] = 0;
5853
5854 ramp[510] = 0x55; /* magic partition markings */
5855 ramp[511] = 0xAA;
5856 pp = (struct msdos_partition *)(ramp + 0x1be);
5857 for (k = 0; starts[k + 1]; ++k, ++pp) {
5858 start_sec = starts[k];
5859 end_sec = starts[k] + max_part_secs - 1;
5860 pp->boot_ind = 0;
5861
5862 pp->cyl = start_sec / heads_by_sects;
5863 pp->head = (start_sec - (pp->cyl * heads_by_sects))
5864 / sdebug_sectors_per;
5865 pp->sector = (start_sec % sdebug_sectors_per) + 1;
5866
5867 pp->end_cyl = end_sec / heads_by_sects;
5868 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
5869 / sdebug_sectors_per;
5870 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
5871
5872 pp->start_sect = cpu_to_le32(start_sec);
5873 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
5874 pp->sys_ind = 0x83; /* plain Linux partition */
5875 }
5876}
5877
5878static void block_unblock_all_queues(bool block)
5879{
5880 struct sdebug_host_info *sdhp;
5881
5882 lockdep_assert_held(&sdebug_host_list_mutex);
5883
5884 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
5885 struct Scsi_Host *shost = sdhp->shost;
5886
5887 if (block)
5888 scsi_block_requests(shost);
5889 else
5890 scsi_unblock_requests(shost);
5891 }
5892}
5893
5894/* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
5895 * commands will be processed normally before triggers occur.
5896 */
5897static void tweak_cmnd_count(void)
5898{
5899 int count, modulo;
5900
5901 modulo = abs(sdebug_every_nth);
5902 if (modulo < 2)
5903 return;
5904
5905 mutex_lock(&sdebug_host_list_mutex);
5906 block_unblock_all_queues(true);
5907 count = atomic_read(&sdebug_cmnd_count);
5908 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
5909 block_unblock_all_queues(false);
5910 mutex_unlock(&sdebug_host_list_mutex);
5911}
5912
5913static void clear_queue_stats(void)
5914{
5915 atomic_set(&sdebug_cmnd_count, 0);
5916 atomic_set(&sdebug_completions, 0);
5917 atomic_set(&sdebug_miss_cpus, 0);
5918 atomic_set(&sdebug_a_tsf, 0);
5919}
5920
5921static bool inject_on_this_cmd(void)
5922{
5923 if (sdebug_every_nth == 0)
5924 return false;
5925 return (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) == 0;
5926}
5927
5928#define INCLUSIVE_TIMING_MAX_NS 1000000 /* 1 millisecond */
5929
5930
5931void sdebug_free_queued_cmd(struct sdebug_queued_cmd *sqcp)
5932{
5933 if (sqcp)
5934 kmem_cache_free(queued_cmd_cache, sqcp);
5935}
5936
5937static struct sdebug_queued_cmd *sdebug_alloc_queued_cmd(struct scsi_cmnd *scmd)
5938{
5939 struct sdebug_queued_cmd *sqcp;
5940 struct sdebug_defer *sd_dp;
5941
5942 sqcp = kmem_cache_zalloc(queued_cmd_cache, GFP_ATOMIC);
5943 if (!sqcp)
5944 return NULL;
5945
5946 sd_dp = &sqcp->sd_dp;
5947
5948 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
5949 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
5950 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
5951
5952 sqcp->scmd = scmd;
5953
5954 return sqcp;
5955}
5956
5957/* Complete the processing of the thread that queued a SCSI command to this
5958 * driver. It either completes the command by calling cmnd_done() or
5959 * schedules a hr timer or work queue then returns 0. Returns
5960 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
5961 */
5962static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
5963 int scsi_result,
5964 int (*pfp)(struct scsi_cmnd *,
5965 struct sdebug_dev_info *),
5966 int delta_jiff, int ndelay)
5967{
5968 struct request *rq = scsi_cmd_to_rq(cmnd);
5969 bool polled = rq->cmd_flags & REQ_POLLED;
5970 struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
5971 unsigned long flags;
5972 u64 ns_from_boot = 0;
5973 struct sdebug_queued_cmd *sqcp;
5974 struct scsi_device *sdp;
5975 struct sdebug_defer *sd_dp;
5976
5977 if (unlikely(devip == NULL)) {
5978 if (scsi_result == 0)
5979 scsi_result = DID_NO_CONNECT << 16;
5980 goto respond_in_thread;
5981 }
5982 sdp = cmnd->device;
5983
5984 if (delta_jiff == 0)
5985 goto respond_in_thread;
5986
5987
5988 if (unlikely(sdebug_every_nth && (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
5989 (scsi_result == 0))) {
5990 int num_in_q = scsi_device_busy(sdp);
5991 int qdepth = cmnd->device->queue_depth;
5992
5993 if ((num_in_q == qdepth) &&
5994 (atomic_inc_return(&sdebug_a_tsf) >=
5995 abs(sdebug_every_nth))) {
5996 atomic_set(&sdebug_a_tsf, 0);
5997 scsi_result = device_qfull_result;
5998
5999 if (unlikely(SDEBUG_OPT_Q_NOISE & sdebug_opts))
6000 sdev_printk(KERN_INFO, sdp, "%s: num_in_q=%d +1, <inject> status: TASK SET FULL\n",
6001 __func__, num_in_q);
6002 }
6003 }
6004
6005 sqcp = sdebug_alloc_queued_cmd(cmnd);
6006 if (!sqcp) {
6007 pr_err("%s no alloc\n", __func__);
6008 return SCSI_MLQUEUE_HOST_BUSY;
6009 }
6010 sd_dp = &sqcp->sd_dp;
6011
6012 if (polled)
6013 ns_from_boot = ktime_get_boottime_ns();
6014
6015 /* one of the resp_*() response functions is called here */
6016 cmnd->result = pfp ? pfp(cmnd, devip) : 0;
6017 if (cmnd->result & SDEG_RES_IMMED_MASK) {
6018 cmnd->result &= ~SDEG_RES_IMMED_MASK;
6019 delta_jiff = ndelay = 0;
6020 }
6021 if (cmnd->result == 0 && scsi_result != 0)
6022 cmnd->result = scsi_result;
6023 if (cmnd->result == 0 && unlikely(sdebug_opts & SDEBUG_OPT_TRANSPORT_ERR)) {
6024 if (atomic_read(&sdeb_inject_pending)) {
6025 mk_sense_buffer(cmnd, ABORTED_COMMAND, TRANSPORT_PROBLEM, ACK_NAK_TO);
6026 atomic_set(&sdeb_inject_pending, 0);
6027 cmnd->result = check_condition_result;
6028 }
6029 }
6030
6031 if (unlikely(sdebug_verbose && cmnd->result))
6032 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
6033 __func__, cmnd->result);
6034
6035 if (delta_jiff > 0 || ndelay > 0) {
6036 ktime_t kt;
6037
6038 if (delta_jiff > 0) {
6039 u64 ns = jiffies_to_nsecs(delta_jiff);
6040
6041 if (sdebug_random && ns < U32_MAX) {
6042 ns = get_random_u32_below((u32)ns);
6043 } else if (sdebug_random) {
6044 ns >>= 12; /* scale to 4 usec precision */
6045 if (ns < U32_MAX) /* over 4 hours max */
6046 ns = get_random_u32_below((u32)ns);
6047 ns <<= 12;
6048 }
6049 kt = ns_to_ktime(ns);
6050 } else { /* ndelay has a 4.2 second max */
6051 kt = sdebug_random ? get_random_u32_below((u32)ndelay) :
6052 (u32)ndelay;
6053 if (ndelay < INCLUSIVE_TIMING_MAX_NS) {
6054 u64 d = ktime_get_boottime_ns() - ns_from_boot;
6055
6056 if (kt <= d) { /* elapsed duration >= kt */
6057 /* call scsi_done() from this thread */
6058 sdebug_free_queued_cmd(sqcp);
6059 scsi_done(cmnd);
6060 return 0;
6061 }
6062 /* otherwise reduce kt by elapsed time */
6063 kt -= d;
6064 }
6065 }
6066 if (sdebug_statistics)
6067 sd_dp->issuing_cpu = raw_smp_processor_id();
6068 if (polled) {
6069 spin_lock_irqsave(&sdsc->lock, flags);
6070 sd_dp->cmpl_ts = ktime_add(ns_to_ktime(ns_from_boot), kt);
6071 ASSIGN_QUEUED_CMD(cmnd, sqcp);
6072 WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
6073 spin_unlock_irqrestore(&sdsc->lock, flags);
6074 } else {
6075 /* schedule the invocation of scsi_done() for a later time */
6076 spin_lock_irqsave(&sdsc->lock, flags);
6077 ASSIGN_QUEUED_CMD(cmnd, sqcp);
6078 WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_HRT);
6079 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
6080 /*
6081 * The completion handler will try to grab sqcp->lock,
6082 * so there is no chance that the completion handler
6083 * will call scsi_done() until we release the lock
6084 * here (so ok to keep referencing sdsc).
6085 */
6086 spin_unlock_irqrestore(&sdsc->lock, flags);
6087 }
6088 } else { /* jdelay < 0, use work queue */
6089 if (unlikely((sdebug_opts & SDEBUG_OPT_CMD_ABORT) &&
6090 atomic_read(&sdeb_inject_pending))) {
6091 sd_dp->aborted = true;
6092 atomic_set(&sdeb_inject_pending, 0);
6093 sdev_printk(KERN_INFO, sdp, "abort request tag=%#x\n",
6094 blk_mq_unique_tag_to_tag(get_tag(cmnd)));
6095 }
6096
6097 if (sdebug_statistics)
6098 sd_dp->issuing_cpu = raw_smp_processor_id();
6099 if (polled) {
6100 spin_lock_irqsave(&sdsc->lock, flags);
6101 ASSIGN_QUEUED_CMD(cmnd, sqcp);
6102 sd_dp->cmpl_ts = ns_to_ktime(ns_from_boot);
6103 WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
6104 spin_unlock_irqrestore(&sdsc->lock, flags);
6105 } else {
6106 spin_lock_irqsave(&sdsc->lock, flags);
6107 ASSIGN_QUEUED_CMD(cmnd, sqcp);
6108 WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_WQ);
6109 schedule_work(&sd_dp->ew.work);
6110 spin_unlock_irqrestore(&sdsc->lock, flags);
6111 }
6112 }
6113
6114 return 0;
6115
6116respond_in_thread: /* call back to mid-layer using invocation thread */
6117 cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
6118 cmnd->result &= ~SDEG_RES_IMMED_MASK;
6119 if (cmnd->result == 0 && scsi_result != 0)
6120 cmnd->result = scsi_result;
6121 scsi_done(cmnd);
6122 return 0;
6123}
6124
6125/* Note: The following macros create attribute files in the
6126 /sys/module/scsi_debug/parameters directory. Unfortunately this
6127 driver is unaware of a change and cannot trigger auxiliary actions
6128 as it can when the corresponding attribute in the
6129 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
6130 */
6131module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
6132module_param_named(ato, sdebug_ato, int, S_IRUGO);
6133module_param_named(cdb_len, sdebug_cdb_len, int, 0644);
6134module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
6135module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
6136module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
6137module_param_named(dif, sdebug_dif, int, S_IRUGO);
6138module_param_named(dix, sdebug_dix, int, S_IRUGO);
6139module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
6140module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
6141module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
6142module_param_named(guard, sdebug_guard, uint, S_IRUGO);
6143module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
6144module_param_named(host_max_queue, sdebug_host_max_queue, int, S_IRUGO);
6145module_param_string(inq_product, sdebug_inq_product_id,
6146 sizeof(sdebug_inq_product_id), S_IRUGO | S_IWUSR);
6147module_param_string(inq_rev, sdebug_inq_product_rev,
6148 sizeof(sdebug_inq_product_rev), S_IRUGO | S_IWUSR);
6149module_param_string(inq_vendor, sdebug_inq_vendor_id,
6150 sizeof(sdebug_inq_vendor_id), S_IRUGO | S_IWUSR);
6151module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
6152module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
6153module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
6154module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
6155module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
6156module_param_named(lun_format, sdebug_lun_am_i, int, S_IRUGO | S_IWUSR);
6157module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
6158module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
6159module_param_named(medium_error_count, sdebug_medium_error_count, int,
6160 S_IRUGO | S_IWUSR);
6161module_param_named(medium_error_start, sdebug_medium_error_start, int,
6162 S_IRUGO | S_IWUSR);
6163module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
6164module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
6165module_param_named(no_rwlock, sdebug_no_rwlock, bool, S_IRUGO | S_IWUSR);
6166module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
6167module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
6168module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
6169module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
6170module_param_named(opt_xferlen_exp, sdebug_opt_xferlen_exp, int, S_IRUGO);
6171module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
6172module_param_named(per_host_store, sdebug_per_host_store, bool,
6173 S_IRUGO | S_IWUSR);
6174module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
6175module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
6176module_param_named(random, sdebug_random, bool, S_IRUGO | S_IWUSR);
6177module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
6178module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
6179module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
6180module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
6181module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
6182module_param_named(submit_queues, submit_queues, int, S_IRUGO);
6183module_param_named(poll_queues, poll_queues, int, S_IRUGO);
6184module_param_named(tur_ms_to_ready, sdeb_tur_ms_to_ready, int, S_IRUGO);
6185module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
6186module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
6187module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
6188module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
6189module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
6190module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
6191module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
6192 S_IRUGO | S_IWUSR);
6193module_param_named(wp, sdebug_wp, bool, S_IRUGO | S_IWUSR);
6194module_param_named(write_same_length, sdebug_write_same_length, int,
6195 S_IRUGO | S_IWUSR);
6196module_param_named(zbc, sdeb_zbc_model_s, charp, S_IRUGO);
6197module_param_named(zone_cap_mb, sdeb_zbc_zone_cap_mb, int, S_IRUGO);
6198module_param_named(zone_max_open, sdeb_zbc_max_open, int, S_IRUGO);
6199module_param_named(zone_nr_conv, sdeb_zbc_nr_conv, int, S_IRUGO);
6200module_param_named(zone_size_mb, sdeb_zbc_zone_size_mb, int, S_IRUGO);
6201module_param_named(allow_restart, sdebug_allow_restart, bool, S_IRUGO | S_IWUSR);
6202
6203MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
6204MODULE_DESCRIPTION("SCSI debug adapter driver");
6205MODULE_LICENSE("GPL");
6206MODULE_VERSION(SDEBUG_VERSION);
6207
6208MODULE_PARM_DESC(add_host, "add n hosts, in sysfs if negative remove host(s) (def=1)");
6209MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
6210MODULE_PARM_DESC(cdb_len, "suggest CDB lengths to drivers (def=10)");
6211MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
6212MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
6213MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
6214MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
6215MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
6216MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
6217MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
6218MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
6219MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
6220MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
6221MODULE_PARM_DESC(host_max_queue,
6222 "host max # of queued cmds (0 to max(def) [max_queue fixed equal for !0])");
6223MODULE_PARM_DESC(inq_product, "SCSI INQUIRY product string (def=\"scsi_debug\")");
6224MODULE_PARM_DESC(inq_rev, "SCSI INQUIRY revision string (def=\""
6225 SDEBUG_VERSION "\")");
6226MODULE_PARM_DESC(inq_vendor, "SCSI INQUIRY vendor string (def=\"Linux\")");
6227MODULE_PARM_DESC(lbprz,
6228 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
6229MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
6230MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
6231MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
6232MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
6233MODULE_PARM_DESC(lun_format, "LUN format: 0->peripheral (def); 1 --> flat address method");
6234MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
6235MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
6236MODULE_PARM_DESC(medium_error_count, "count of sectors to return follow on MEDIUM error");
6237MODULE_PARM_DESC(medium_error_start, "starting sector number to return MEDIUM error");
6238MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
6239MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
6240MODULE_PARM_DESC(no_rwlock, "don't protect user data reads+writes (def=0)");
6241MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
6242MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
6243MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
6244MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
6245MODULE_PARM_DESC(opt_xferlen_exp, "optimal transfer length granularity exponent (def=physblk_exp)");
6246MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
6247MODULE_PARM_DESC(per_host_store, "If set, next positive add_host will get new store (def=0)");
6248MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
6249MODULE_PARM_DESC(poll_queues, "support for iouring iopoll queues (1 to max(submit_queues - 1))");
6250MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
6251MODULE_PARM_DESC(random, "If set, uniformly randomize command duration between 0 and delay_in_ns");
6252MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
6253MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
6254MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
6255MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
6256MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
6257MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
6258MODULE_PARM_DESC(tur_ms_to_ready, "TEST UNIT READY millisecs before initial good status (def=0)");
6259MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
6260MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
6261MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
6262MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
6263MODULE_PARM_DESC(uuid_ctl,
6264 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
6265MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
6266MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
6267MODULE_PARM_DESC(wp, "Write Protect (def=0)");
6268MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
6269MODULE_PARM_DESC(zbc, "'none' [0]; 'aware' [1]; 'managed' [2] (def=0). Can have 'host-' prefix");
6270MODULE_PARM_DESC(zone_cap_mb, "Zone capacity in MiB (def=zone size)");
6271MODULE_PARM_DESC(zone_max_open, "Maximum number of open zones; [0] for no limit (def=auto)");
6272MODULE_PARM_DESC(zone_nr_conv, "Number of conventional zones (def=1)");
6273MODULE_PARM_DESC(zone_size_mb, "Zone size in MiB (def=auto)");
6274MODULE_PARM_DESC(allow_restart, "Set scsi_device's allow_restart flag(def=0)");
6275
6276#define SDEBUG_INFO_LEN 256
6277static char sdebug_info[SDEBUG_INFO_LEN];
6278
6279static const char *scsi_debug_info(struct Scsi_Host *shp)
6280{
6281 int k;
6282
6283 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
6284 my_name, SDEBUG_VERSION, sdebug_version_date);
6285 if (k >= (SDEBUG_INFO_LEN - 1))
6286 return sdebug_info;
6287 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
6288 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
6289 sdebug_dev_size_mb, sdebug_opts, submit_queues,
6290 "statistics", (int)sdebug_statistics);
6291 return sdebug_info;
6292}
6293
6294/* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
6295static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
6296 int length)
6297{
6298 char arr[16];
6299 int opts;
6300 int minLen = length > 15 ? 15 : length;
6301
6302 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
6303 return -EACCES;
6304 memcpy(arr, buffer, minLen);
6305 arr[minLen] = '\0';
6306 if (1 != sscanf(arr, "%d", &opts))
6307 return -EINVAL;
6308 sdebug_opts = opts;
6309 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
6310 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
6311 if (sdebug_every_nth != 0)
6312 tweak_cmnd_count();
6313 return length;
6314}
6315
6316struct sdebug_submit_queue_data {
6317 int *first;
6318 int *last;
6319 int queue_num;
6320};
6321
6322static bool sdebug_submit_queue_iter(struct request *rq, void *opaque)
6323{
6324 struct sdebug_submit_queue_data *data = opaque;
6325 u32 unique_tag = blk_mq_unique_tag(rq);
6326 u16 hwq = blk_mq_unique_tag_to_hwq(unique_tag);
6327 u16 tag = blk_mq_unique_tag_to_tag(unique_tag);
6328 int queue_num = data->queue_num;
6329
6330 if (hwq != queue_num)
6331 return true;
6332
6333 /* Rely on iter'ing in ascending tag order */
6334 if (*data->first == -1)
6335 *data->first = *data->last = tag;
6336 else
6337 *data->last = tag;
6338
6339 return true;
6340}
6341
6342/* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
6343 * same for each scsi_debug host (if more than one). Some of the counters
6344 * output are not atomics so might be inaccurate in a busy system. */
6345static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
6346{
6347 struct sdebug_host_info *sdhp;
6348 int j;
6349
6350 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
6351 SDEBUG_VERSION, sdebug_version_date);
6352 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
6353 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
6354 sdebug_opts, sdebug_every_nth);
6355 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
6356 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
6357 sdebug_sector_size, "bytes");
6358 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
6359 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
6360 num_aborts);
6361 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
6362 num_dev_resets, num_target_resets, num_bus_resets,
6363 num_host_resets);
6364 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
6365 dix_reads, dix_writes, dif_errors);
6366 seq_printf(m, "usec_in_jiffy=%lu, statistics=%d\n", TICK_NSEC / 1000,
6367 sdebug_statistics);
6368 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d, mq_polls=%d\n",
6369 atomic_read(&sdebug_cmnd_count),
6370 atomic_read(&sdebug_completions),
6371 "miss_cpus", atomic_read(&sdebug_miss_cpus),
6372 atomic_read(&sdebug_a_tsf),
6373 atomic_read(&sdeb_mq_poll_count));
6374
6375 seq_printf(m, "submit_queues=%d\n", submit_queues);
6376 for (j = 0; j < submit_queues; ++j) {
6377 int f = -1, l = -1;
6378 struct sdebug_submit_queue_data data = {
6379 .queue_num = j,
6380 .first = &f,
6381 .last = &l,
6382 };
6383 seq_printf(m, " queue %d:\n", j);
6384 blk_mq_tagset_busy_iter(&host->tag_set, sdebug_submit_queue_iter,
6385 &data);
6386 if (f >= 0) {
6387 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
6388 "first,last bits", f, l);
6389 }
6390 }
6391
6392 seq_printf(m, "this host_no=%d\n", host->host_no);
6393 if (!xa_empty(per_store_ap)) {
6394 bool niu;
6395 int idx;
6396 unsigned long l_idx;
6397 struct sdeb_store_info *sip;
6398
6399 seq_puts(m, "\nhost list:\n");
6400 j = 0;
6401 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6402 idx = sdhp->si_idx;
6403 seq_printf(m, " %d: host_no=%d, si_idx=%d\n", j,
6404 sdhp->shost->host_no, idx);
6405 ++j;
6406 }
6407 seq_printf(m, "\nper_store array [most_recent_idx=%d]:\n",
6408 sdeb_most_recent_idx);
6409 j = 0;
6410 xa_for_each(per_store_ap, l_idx, sip) {
6411 niu = xa_get_mark(per_store_ap, l_idx,
6412 SDEB_XA_NOT_IN_USE);
6413 idx = (int)l_idx;
6414 seq_printf(m, " %d: idx=%d%s\n", j, idx,
6415 (niu ? " not_in_use" : ""));
6416 ++j;
6417 }
6418 }
6419 return 0;
6420}
6421
6422static ssize_t delay_show(struct device_driver *ddp, char *buf)
6423{
6424 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
6425}
6426/* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
6427 * of delay is jiffies.
6428 */
6429static ssize_t delay_store(struct device_driver *ddp, const char *buf,
6430 size_t count)
6431{
6432 int jdelay, res;
6433
6434 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
6435 res = count;
6436 if (sdebug_jdelay != jdelay) {
6437 struct sdebug_host_info *sdhp;
6438
6439 mutex_lock(&sdebug_host_list_mutex);
6440 block_unblock_all_queues(true);
6441
6442 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6443 struct Scsi_Host *shost = sdhp->shost;
6444
6445 if (scsi_host_busy(shost)) {
6446 res = -EBUSY; /* queued commands */
6447 break;
6448 }
6449 }
6450 if (res > 0) {
6451 sdebug_jdelay = jdelay;
6452 sdebug_ndelay = 0;
6453 }
6454 block_unblock_all_queues(false);
6455 mutex_unlock(&sdebug_host_list_mutex);
6456 }
6457 return res;
6458 }
6459 return -EINVAL;
6460}
6461static DRIVER_ATTR_RW(delay);
6462
6463static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
6464{
6465 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
6466}
6467/* Returns -EBUSY if ndelay is being changed and commands are queued */
6468/* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
6469static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
6470 size_t count)
6471{
6472 int ndelay, res;
6473
6474 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
6475 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
6476 res = count;
6477 if (sdebug_ndelay != ndelay) {
6478 struct sdebug_host_info *sdhp;
6479
6480 mutex_lock(&sdebug_host_list_mutex);
6481 block_unblock_all_queues(true);
6482
6483 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6484 struct Scsi_Host *shost = sdhp->shost;
6485
6486 if (scsi_host_busy(shost)) {
6487 res = -EBUSY; /* queued commands */
6488 break;
6489 }
6490 }
6491
6492 if (res > 0) {
6493 sdebug_ndelay = ndelay;
6494 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
6495 : DEF_JDELAY;
6496 }
6497 block_unblock_all_queues(false);
6498 mutex_unlock(&sdebug_host_list_mutex);
6499 }
6500 return res;
6501 }
6502 return -EINVAL;
6503}
6504static DRIVER_ATTR_RW(ndelay);
6505
6506static ssize_t opts_show(struct device_driver *ddp, char *buf)
6507{
6508 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
6509}
6510
6511static ssize_t opts_store(struct device_driver *ddp, const char *buf,
6512 size_t count)
6513{
6514 int opts;
6515 char work[20];
6516
6517 if (sscanf(buf, "%10s", work) == 1) {
6518 if (strncasecmp(work, "0x", 2) == 0) {
6519 if (kstrtoint(work + 2, 16, &opts) == 0)
6520 goto opts_done;
6521 } else {
6522 if (kstrtoint(work, 10, &opts) == 0)
6523 goto opts_done;
6524 }
6525 }
6526 return -EINVAL;
6527opts_done:
6528 sdebug_opts = opts;
6529 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
6530 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
6531 tweak_cmnd_count();
6532 return count;
6533}
6534static DRIVER_ATTR_RW(opts);
6535
6536static ssize_t ptype_show(struct device_driver *ddp, char *buf)
6537{
6538 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
6539}
6540static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
6541 size_t count)
6542{
6543 int n;
6544
6545 /* Cannot change from or to TYPE_ZBC with sysfs */
6546 if (sdebug_ptype == TYPE_ZBC)
6547 return -EINVAL;
6548
6549 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6550 if (n == TYPE_ZBC)
6551 return -EINVAL;
6552 sdebug_ptype = n;
6553 return count;
6554 }
6555 return -EINVAL;
6556}
6557static DRIVER_ATTR_RW(ptype);
6558
6559static ssize_t dsense_show(struct device_driver *ddp, char *buf)
6560{
6561 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
6562}
6563static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
6564 size_t count)
6565{
6566 int n;
6567
6568 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6569 sdebug_dsense = n;
6570 return count;
6571 }
6572 return -EINVAL;
6573}
6574static DRIVER_ATTR_RW(dsense);
6575
6576static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
6577{
6578 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
6579}
6580static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
6581 size_t count)
6582{
6583 int n, idx;
6584
6585 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6586 bool want_store = (n == 0);
6587 struct sdebug_host_info *sdhp;
6588
6589 n = (n > 0);
6590 sdebug_fake_rw = (sdebug_fake_rw > 0);
6591 if (sdebug_fake_rw == n)
6592 return count; /* not transitioning so do nothing */
6593
6594 if (want_store) { /* 1 --> 0 transition, set up store */
6595 if (sdeb_first_idx < 0) {
6596 idx = sdebug_add_store();
6597 if (idx < 0)
6598 return idx;
6599 } else {
6600 idx = sdeb_first_idx;
6601 xa_clear_mark(per_store_ap, idx,
6602 SDEB_XA_NOT_IN_USE);
6603 }
6604 /* make all hosts use same store */
6605 list_for_each_entry(sdhp, &sdebug_host_list,
6606 host_list) {
6607 if (sdhp->si_idx != idx) {
6608 xa_set_mark(per_store_ap, sdhp->si_idx,
6609 SDEB_XA_NOT_IN_USE);
6610 sdhp->si_idx = idx;
6611 }
6612 }
6613 sdeb_most_recent_idx = idx;
6614 } else { /* 0 --> 1 transition is trigger for shrink */
6615 sdebug_erase_all_stores(true /* apart from first */);
6616 }
6617 sdebug_fake_rw = n;
6618 return count;
6619 }
6620 return -EINVAL;
6621}
6622static DRIVER_ATTR_RW(fake_rw);
6623
6624static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
6625{
6626 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
6627}
6628static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
6629 size_t count)
6630{
6631 int n;
6632
6633 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6634 sdebug_no_lun_0 = n;
6635 return count;
6636 }
6637 return -EINVAL;
6638}
6639static DRIVER_ATTR_RW(no_lun_0);
6640
6641static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
6642{
6643 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
6644}
6645static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
6646 size_t count)
6647{
6648 int n;
6649
6650 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6651 sdebug_num_tgts = n;
6652 sdebug_max_tgts_luns();
6653 return count;
6654 }
6655 return -EINVAL;
6656}
6657static DRIVER_ATTR_RW(num_tgts);
6658
6659static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
6660{
6661 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
6662}
6663static DRIVER_ATTR_RO(dev_size_mb);
6664
6665static ssize_t per_host_store_show(struct device_driver *ddp, char *buf)
6666{
6667 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_per_host_store);
6668}
6669
6670static ssize_t per_host_store_store(struct device_driver *ddp, const char *buf,
6671 size_t count)
6672{
6673 bool v;
6674
6675 if (kstrtobool(buf, &v))
6676 return -EINVAL;
6677
6678 sdebug_per_host_store = v;
6679 return count;
6680}
6681static DRIVER_ATTR_RW(per_host_store);
6682
6683static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
6684{
6685 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
6686}
6687static DRIVER_ATTR_RO(num_parts);
6688
6689static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
6690{
6691 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
6692}
6693static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
6694 size_t count)
6695{
6696 int nth;
6697 char work[20];
6698
6699 if (sscanf(buf, "%10s", work) == 1) {
6700 if (strncasecmp(work, "0x", 2) == 0) {
6701 if (kstrtoint(work + 2, 16, &nth) == 0)
6702 goto every_nth_done;
6703 } else {
6704 if (kstrtoint(work, 10, &nth) == 0)
6705 goto every_nth_done;
6706 }
6707 }
6708 return -EINVAL;
6709
6710every_nth_done:
6711 sdebug_every_nth = nth;
6712 if (nth && !sdebug_statistics) {
6713 pr_info("every_nth needs statistics=1, set it\n");
6714 sdebug_statistics = true;
6715 }
6716 tweak_cmnd_count();
6717 return count;
6718}
6719static DRIVER_ATTR_RW(every_nth);
6720
6721static ssize_t lun_format_show(struct device_driver *ddp, char *buf)
6722{
6723 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_lun_am);
6724}
6725static ssize_t lun_format_store(struct device_driver *ddp, const char *buf,
6726 size_t count)
6727{
6728 int n;
6729 bool changed;
6730
6731 if (kstrtoint(buf, 0, &n))
6732 return -EINVAL;
6733 if (n >= 0) {
6734 if (n > (int)SAM_LUN_AM_FLAT) {
6735 pr_warn("only LUN address methods 0 and 1 are supported\n");
6736 return -EINVAL;
6737 }
6738 changed = ((int)sdebug_lun_am != n);
6739 sdebug_lun_am = n;
6740 if (changed && sdebug_scsi_level >= 5) { /* >= SPC-3 */
6741 struct sdebug_host_info *sdhp;
6742 struct sdebug_dev_info *dp;
6743
6744 mutex_lock(&sdebug_host_list_mutex);
6745 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6746 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
6747 set_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
6748 }
6749 }
6750 mutex_unlock(&sdebug_host_list_mutex);
6751 }
6752 return count;
6753 }
6754 return -EINVAL;
6755}
6756static DRIVER_ATTR_RW(lun_format);
6757
6758static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
6759{
6760 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
6761}
6762static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
6763 size_t count)
6764{
6765 int n;
6766 bool changed;
6767
6768 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6769 if (n > 256) {
6770 pr_warn("max_luns can be no more than 256\n");
6771 return -EINVAL;
6772 }
6773 changed = (sdebug_max_luns != n);
6774 sdebug_max_luns = n;
6775 sdebug_max_tgts_luns();
6776 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
6777 struct sdebug_host_info *sdhp;
6778 struct sdebug_dev_info *dp;
6779
6780 mutex_lock(&sdebug_host_list_mutex);
6781 list_for_each_entry(sdhp, &sdebug_host_list,
6782 host_list) {
6783 list_for_each_entry(dp, &sdhp->dev_info_list,
6784 dev_list) {
6785 set_bit(SDEBUG_UA_LUNS_CHANGED,
6786 dp->uas_bm);
6787 }
6788 }
6789 mutex_unlock(&sdebug_host_list_mutex);
6790 }
6791 return count;
6792 }
6793 return -EINVAL;
6794}
6795static DRIVER_ATTR_RW(max_luns);
6796
6797static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
6798{
6799 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
6800}
6801/* N.B. max_queue can be changed while there are queued commands. In flight
6802 * commands beyond the new max_queue will be completed. */
6803static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
6804 size_t count)
6805{
6806 int n;
6807
6808 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
6809 (n <= SDEBUG_CANQUEUE) &&
6810 (sdebug_host_max_queue == 0)) {
6811 mutex_lock(&sdebug_host_list_mutex);
6812
6813 /* We may only change sdebug_max_queue when we have no shosts */
6814 if (list_empty(&sdebug_host_list))
6815 sdebug_max_queue = n;
6816 else
6817 count = -EBUSY;
6818 mutex_unlock(&sdebug_host_list_mutex);
6819 return count;
6820 }
6821 return -EINVAL;
6822}
6823static DRIVER_ATTR_RW(max_queue);
6824
6825static ssize_t host_max_queue_show(struct device_driver *ddp, char *buf)
6826{
6827 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_host_max_queue);
6828}
6829
6830static ssize_t no_rwlock_show(struct device_driver *ddp, char *buf)
6831{
6832 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_rwlock);
6833}
6834
6835static ssize_t no_rwlock_store(struct device_driver *ddp, const char *buf, size_t count)
6836{
6837 bool v;
6838
6839 if (kstrtobool(buf, &v))
6840 return -EINVAL;
6841
6842 sdebug_no_rwlock = v;
6843 return count;
6844}
6845static DRIVER_ATTR_RW(no_rwlock);
6846
6847/*
6848 * Since this is used for .can_queue, and we get the hc_idx tag from the bitmap
6849 * in range [0, sdebug_host_max_queue), we can't change it.
6850 */
6851static DRIVER_ATTR_RO(host_max_queue);
6852
6853static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
6854{
6855 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
6856}
6857static DRIVER_ATTR_RO(no_uld);
6858
6859static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
6860{
6861 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
6862}
6863static DRIVER_ATTR_RO(scsi_level);
6864
6865static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
6866{
6867 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
6868}
6869static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
6870 size_t count)
6871{
6872 int n;
6873 bool changed;
6874
6875 /* Ignore capacity change for ZBC drives for now */
6876 if (sdeb_zbc_in_use)
6877 return -ENOTSUPP;
6878
6879 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6880 changed = (sdebug_virtual_gb != n);
6881 sdebug_virtual_gb = n;
6882 sdebug_capacity = get_sdebug_capacity();
6883 if (changed) {
6884 struct sdebug_host_info *sdhp;
6885 struct sdebug_dev_info *dp;
6886
6887 mutex_lock(&sdebug_host_list_mutex);
6888 list_for_each_entry(sdhp, &sdebug_host_list,
6889 host_list) {
6890 list_for_each_entry(dp, &sdhp->dev_info_list,
6891 dev_list) {
6892 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
6893 dp->uas_bm);
6894 }
6895 }
6896 mutex_unlock(&sdebug_host_list_mutex);
6897 }
6898 return count;
6899 }
6900 return -EINVAL;
6901}
6902static DRIVER_ATTR_RW(virtual_gb);
6903
6904static ssize_t add_host_show(struct device_driver *ddp, char *buf)
6905{
6906 /* absolute number of hosts currently active is what is shown */
6907 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_hosts);
6908}
6909
6910static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
6911 size_t count)
6912{
6913 bool found;
6914 unsigned long idx;
6915 struct sdeb_store_info *sip;
6916 bool want_phs = (sdebug_fake_rw == 0) && sdebug_per_host_store;
6917 int delta_hosts;
6918
6919 if (sscanf(buf, "%d", &delta_hosts) != 1)
6920 return -EINVAL;
6921 if (delta_hosts > 0) {
6922 do {
6923 found = false;
6924 if (want_phs) {
6925 xa_for_each_marked(per_store_ap, idx, sip,
6926 SDEB_XA_NOT_IN_USE) {
6927 sdeb_most_recent_idx = (int)idx;
6928 found = true;
6929 break;
6930 }
6931 if (found) /* re-use case */
6932 sdebug_add_host_helper((int)idx);
6933 else
6934 sdebug_do_add_host(true);
6935 } else {
6936 sdebug_do_add_host(false);
6937 }
6938 } while (--delta_hosts);
6939 } else if (delta_hosts < 0) {
6940 do {
6941 sdebug_do_remove_host(false);
6942 } while (++delta_hosts);
6943 }
6944 return count;
6945}
6946static DRIVER_ATTR_RW(add_host);
6947
6948static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
6949{
6950 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
6951}
6952static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
6953 size_t count)
6954{
6955 int n;
6956
6957 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6958 sdebug_vpd_use_hostno = n;
6959 return count;
6960 }
6961 return -EINVAL;
6962}
6963static DRIVER_ATTR_RW(vpd_use_hostno);
6964
6965static ssize_t statistics_show(struct device_driver *ddp, char *buf)
6966{
6967 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
6968}
6969static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
6970 size_t count)
6971{
6972 int n;
6973
6974 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
6975 if (n > 0)
6976 sdebug_statistics = true;
6977 else {
6978 clear_queue_stats();
6979 sdebug_statistics = false;
6980 }
6981 return count;
6982 }
6983 return -EINVAL;
6984}
6985static DRIVER_ATTR_RW(statistics);
6986
6987static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
6988{
6989 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
6990}
6991static DRIVER_ATTR_RO(sector_size);
6992
6993static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
6994{
6995 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
6996}
6997static DRIVER_ATTR_RO(submit_queues);
6998
6999static ssize_t dix_show(struct device_driver *ddp, char *buf)
7000{
7001 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
7002}
7003static DRIVER_ATTR_RO(dix);
7004
7005static ssize_t dif_show(struct device_driver *ddp, char *buf)
7006{
7007 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
7008}
7009static DRIVER_ATTR_RO(dif);
7010
7011static ssize_t guard_show(struct device_driver *ddp, char *buf)
7012{
7013 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
7014}
7015static DRIVER_ATTR_RO(guard);
7016
7017static ssize_t ato_show(struct device_driver *ddp, char *buf)
7018{
7019 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
7020}
7021static DRIVER_ATTR_RO(ato);
7022
7023static ssize_t map_show(struct device_driver *ddp, char *buf)
7024{
7025 ssize_t count = 0;
7026
7027 if (!scsi_debug_lbp())
7028 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
7029 sdebug_store_sectors);
7030
7031 if (sdebug_fake_rw == 0 && !xa_empty(per_store_ap)) {
7032 struct sdeb_store_info *sip = xa_load(per_store_ap, 0);
7033
7034 if (sip)
7035 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
7036 (int)map_size, sip->map_storep);
7037 }
7038 buf[count++] = '\n';
7039 buf[count] = '\0';
7040
7041 return count;
7042}
7043static DRIVER_ATTR_RO(map);
7044
7045static ssize_t random_show(struct device_driver *ddp, char *buf)
7046{
7047 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_random);
7048}
7049
7050static ssize_t random_store(struct device_driver *ddp, const char *buf,
7051 size_t count)
7052{
7053 bool v;
7054
7055 if (kstrtobool(buf, &v))
7056 return -EINVAL;
7057
7058 sdebug_random = v;
7059 return count;
7060}
7061static DRIVER_ATTR_RW(random);
7062
7063static ssize_t removable_show(struct device_driver *ddp, char *buf)
7064{
7065 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
7066}
7067static ssize_t removable_store(struct device_driver *ddp, const char *buf,
7068 size_t count)
7069{
7070 int n;
7071
7072 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7073 sdebug_removable = (n > 0);
7074 return count;
7075 }
7076 return -EINVAL;
7077}
7078static DRIVER_ATTR_RW(removable);
7079
7080static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
7081{
7082 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
7083}
7084/* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
7085static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
7086 size_t count)
7087{
7088 int n;
7089
7090 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7091 sdebug_host_lock = (n > 0);
7092 return count;
7093 }
7094 return -EINVAL;
7095}
7096static DRIVER_ATTR_RW(host_lock);
7097
7098static ssize_t strict_show(struct device_driver *ddp, char *buf)
7099{
7100 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
7101}
7102static ssize_t strict_store(struct device_driver *ddp, const char *buf,
7103 size_t count)
7104{
7105 int n;
7106
7107 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7108 sdebug_strict = (n > 0);
7109 return count;
7110 }
7111 return -EINVAL;
7112}
7113static DRIVER_ATTR_RW(strict);
7114
7115static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
7116{
7117 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
7118}
7119static DRIVER_ATTR_RO(uuid_ctl);
7120
7121static ssize_t cdb_len_show(struct device_driver *ddp, char *buf)
7122{
7123 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_cdb_len);
7124}
7125static ssize_t cdb_len_store(struct device_driver *ddp, const char *buf,
7126 size_t count)
7127{
7128 int ret, n;
7129
7130 ret = kstrtoint(buf, 0, &n);
7131 if (ret)
7132 return ret;
7133 sdebug_cdb_len = n;
7134 all_config_cdb_len();
7135 return count;
7136}
7137static DRIVER_ATTR_RW(cdb_len);
7138
7139static const char * const zbc_model_strs_a[] = {
7140 [BLK_ZONED_NONE] = "none",
7141 [BLK_ZONED_HA] = "host-aware",
7142 [BLK_ZONED_HM] = "host-managed",
7143};
7144
7145static const char * const zbc_model_strs_b[] = {
7146 [BLK_ZONED_NONE] = "no",
7147 [BLK_ZONED_HA] = "aware",
7148 [BLK_ZONED_HM] = "managed",
7149};
7150
7151static const char * const zbc_model_strs_c[] = {
7152 [BLK_ZONED_NONE] = "0",
7153 [BLK_ZONED_HA] = "1",
7154 [BLK_ZONED_HM] = "2",
7155};
7156
7157static int sdeb_zbc_model_str(const char *cp)
7158{
7159 int res = sysfs_match_string(zbc_model_strs_a, cp);
7160
7161 if (res < 0) {
7162 res = sysfs_match_string(zbc_model_strs_b, cp);
7163 if (res < 0) {
7164 res = sysfs_match_string(zbc_model_strs_c, cp);
7165 if (res < 0)
7166 return -EINVAL;
7167 }
7168 }
7169 return res;
7170}
7171
7172static ssize_t zbc_show(struct device_driver *ddp, char *buf)
7173{
7174 return scnprintf(buf, PAGE_SIZE, "%s\n",
7175 zbc_model_strs_a[sdeb_zbc_model]);
7176}
7177static DRIVER_ATTR_RO(zbc);
7178
7179static ssize_t tur_ms_to_ready_show(struct device_driver *ddp, char *buf)
7180{
7181 return scnprintf(buf, PAGE_SIZE, "%d\n", sdeb_tur_ms_to_ready);
7182}
7183static DRIVER_ATTR_RO(tur_ms_to_ready);
7184
7185/* Note: The following array creates attribute files in the
7186 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
7187 files (over those found in the /sys/module/scsi_debug/parameters
7188 directory) is that auxiliary actions can be triggered when an attribute
7189 is changed. For example see: add_host_store() above.
7190 */
7191
7192static struct attribute *sdebug_drv_attrs[] = {
7193 &driver_attr_delay.attr,
7194 &driver_attr_opts.attr,
7195 &driver_attr_ptype.attr,
7196 &driver_attr_dsense.attr,
7197 &driver_attr_fake_rw.attr,
7198 &driver_attr_host_max_queue.attr,
7199 &driver_attr_no_lun_0.attr,
7200 &driver_attr_num_tgts.attr,
7201 &driver_attr_dev_size_mb.attr,
7202 &driver_attr_num_parts.attr,
7203 &driver_attr_every_nth.attr,
7204 &driver_attr_lun_format.attr,
7205 &driver_attr_max_luns.attr,
7206 &driver_attr_max_queue.attr,
7207 &driver_attr_no_rwlock.attr,
7208 &driver_attr_no_uld.attr,
7209 &driver_attr_scsi_level.attr,
7210 &driver_attr_virtual_gb.attr,
7211 &driver_attr_add_host.attr,
7212 &driver_attr_per_host_store.attr,
7213 &driver_attr_vpd_use_hostno.attr,
7214 &driver_attr_sector_size.attr,
7215 &driver_attr_statistics.attr,
7216 &driver_attr_submit_queues.attr,
7217 &driver_attr_dix.attr,
7218 &driver_attr_dif.attr,
7219 &driver_attr_guard.attr,
7220 &driver_attr_ato.attr,
7221 &driver_attr_map.attr,
7222 &driver_attr_random.attr,
7223 &driver_attr_removable.attr,
7224 &driver_attr_host_lock.attr,
7225 &driver_attr_ndelay.attr,
7226 &driver_attr_strict.attr,
7227 &driver_attr_uuid_ctl.attr,
7228 &driver_attr_cdb_len.attr,
7229 &driver_attr_tur_ms_to_ready.attr,
7230 &driver_attr_zbc.attr,
7231 NULL,
7232};
7233ATTRIBUTE_GROUPS(sdebug_drv);
7234
7235static struct device *pseudo_primary;
7236
7237static int __init scsi_debug_init(void)
7238{
7239 bool want_store = (sdebug_fake_rw == 0);
7240 unsigned long sz;
7241 int k, ret, hosts_to_add;
7242 int idx = -1;
7243
7244 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
7245 pr_warn("ndelay must be less than 1 second, ignored\n");
7246 sdebug_ndelay = 0;
7247 } else if (sdebug_ndelay > 0)
7248 sdebug_jdelay = JDELAY_OVERRIDDEN;
7249
7250 switch (sdebug_sector_size) {
7251 case 512:
7252 case 1024:
7253 case 2048:
7254 case 4096:
7255 break;
7256 default:
7257 pr_err("invalid sector_size %d\n", sdebug_sector_size);
7258 return -EINVAL;
7259 }
7260
7261 switch (sdebug_dif) {
7262 case T10_PI_TYPE0_PROTECTION:
7263 break;
7264 case T10_PI_TYPE1_PROTECTION:
7265 case T10_PI_TYPE2_PROTECTION:
7266 case T10_PI_TYPE3_PROTECTION:
7267 have_dif_prot = true;
7268 break;
7269
7270 default:
7271 pr_err("dif must be 0, 1, 2 or 3\n");
7272 return -EINVAL;
7273 }
7274
7275 if (sdebug_num_tgts < 0) {
7276 pr_err("num_tgts must be >= 0\n");
7277 return -EINVAL;
7278 }
7279
7280 if (sdebug_guard > 1) {
7281 pr_err("guard must be 0 or 1\n");
7282 return -EINVAL;
7283 }
7284
7285 if (sdebug_ato > 1) {
7286 pr_err("ato must be 0 or 1\n");
7287 return -EINVAL;
7288 }
7289
7290 if (sdebug_physblk_exp > 15) {
7291 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
7292 return -EINVAL;
7293 }
7294
7295 sdebug_lun_am = sdebug_lun_am_i;
7296 if (sdebug_lun_am > SAM_LUN_AM_FLAT) {
7297 pr_warn("Invalid LUN format %u, using default\n", (int)sdebug_lun_am);
7298 sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
7299 }
7300
7301 if (sdebug_max_luns > 256) {
7302 if (sdebug_max_luns > 16384) {
7303 pr_warn("max_luns can be no more than 16384, use default\n");
7304 sdebug_max_luns = DEF_MAX_LUNS;
7305 }
7306 sdebug_lun_am = SAM_LUN_AM_FLAT;
7307 }
7308
7309 if (sdebug_lowest_aligned > 0x3fff) {
7310 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
7311 return -EINVAL;
7312 }
7313
7314 if (submit_queues < 1) {
7315 pr_err("submit_queues must be 1 or more\n");
7316 return -EINVAL;
7317 }
7318
7319 if ((sdebug_max_queue > SDEBUG_CANQUEUE) || (sdebug_max_queue < 1)) {
7320 pr_err("max_queue must be in range [1, %d]\n", SDEBUG_CANQUEUE);
7321 return -EINVAL;
7322 }
7323
7324 if ((sdebug_host_max_queue > SDEBUG_CANQUEUE) ||
7325 (sdebug_host_max_queue < 0)) {
7326 pr_err("host_max_queue must be in range [0 %d]\n",
7327 SDEBUG_CANQUEUE);
7328 return -EINVAL;
7329 }
7330
7331 if (sdebug_host_max_queue &&
7332 (sdebug_max_queue != sdebug_host_max_queue)) {
7333 sdebug_max_queue = sdebug_host_max_queue;
7334 pr_warn("fixing max submit queue depth to host max queue depth, %d\n",
7335 sdebug_max_queue);
7336 }
7337
7338 /*
7339 * check for host managed zoned block device specified with
7340 * ptype=0x14 or zbc=XXX.
7341 */
7342 if (sdebug_ptype == TYPE_ZBC) {
7343 sdeb_zbc_model = BLK_ZONED_HM;
7344 } else if (sdeb_zbc_model_s && *sdeb_zbc_model_s) {
7345 k = sdeb_zbc_model_str(sdeb_zbc_model_s);
7346 if (k < 0)
7347 return k;
7348 sdeb_zbc_model = k;
7349 switch (sdeb_zbc_model) {
7350 case BLK_ZONED_NONE:
7351 case BLK_ZONED_HA:
7352 sdebug_ptype = TYPE_DISK;
7353 break;
7354 case BLK_ZONED_HM:
7355 sdebug_ptype = TYPE_ZBC;
7356 break;
7357 default:
7358 pr_err("Invalid ZBC model\n");
7359 return -EINVAL;
7360 }
7361 }
7362 if (sdeb_zbc_model != BLK_ZONED_NONE) {
7363 sdeb_zbc_in_use = true;
7364 if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7365 sdebug_dev_size_mb = DEF_ZBC_DEV_SIZE_MB;
7366 }
7367
7368 if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7369 sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
7370 if (sdebug_dev_size_mb < 1)
7371 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
7372 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
7373 sdebug_store_sectors = sz / sdebug_sector_size;
7374 sdebug_capacity = get_sdebug_capacity();
7375
7376 /* play around with geometry, don't waste too much on track 0 */
7377 sdebug_heads = 8;
7378 sdebug_sectors_per = 32;
7379 if (sdebug_dev_size_mb >= 256)
7380 sdebug_heads = 64;
7381 else if (sdebug_dev_size_mb >= 16)
7382 sdebug_heads = 32;
7383 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7384 (sdebug_sectors_per * sdebug_heads);
7385 if (sdebug_cylinders_per >= 1024) {
7386 /* other LLDs do this; implies >= 1GB ram disk ... */
7387 sdebug_heads = 255;
7388 sdebug_sectors_per = 63;
7389 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7390 (sdebug_sectors_per * sdebug_heads);
7391 }
7392 if (scsi_debug_lbp()) {
7393 sdebug_unmap_max_blocks =
7394 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
7395
7396 sdebug_unmap_max_desc =
7397 clamp(sdebug_unmap_max_desc, 0U, 256U);
7398
7399 sdebug_unmap_granularity =
7400 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
7401
7402 if (sdebug_unmap_alignment &&
7403 sdebug_unmap_granularity <=
7404 sdebug_unmap_alignment) {
7405 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
7406 return -EINVAL;
7407 }
7408 }
7409 xa_init_flags(per_store_ap, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
7410 if (want_store) {
7411 idx = sdebug_add_store();
7412 if (idx < 0)
7413 return idx;
7414 }
7415
7416 pseudo_primary = root_device_register("pseudo_0");
7417 if (IS_ERR(pseudo_primary)) {
7418 pr_warn("root_device_register() error\n");
7419 ret = PTR_ERR(pseudo_primary);
7420 goto free_vm;
7421 }
7422 ret = bus_register(&pseudo_lld_bus);
7423 if (ret < 0) {
7424 pr_warn("bus_register error: %d\n", ret);
7425 goto dev_unreg;
7426 }
7427 ret = driver_register(&sdebug_driverfs_driver);
7428 if (ret < 0) {
7429 pr_warn("driver_register error: %d\n", ret);
7430 goto bus_unreg;
7431 }
7432
7433 hosts_to_add = sdebug_add_host;
7434 sdebug_add_host = 0;
7435
7436 queued_cmd_cache = KMEM_CACHE(sdebug_queued_cmd, SLAB_HWCACHE_ALIGN);
7437 if (!queued_cmd_cache) {
7438 ret = -ENOMEM;
7439 goto driver_unreg;
7440 }
7441
7442 sdebug_debugfs_root = debugfs_create_dir("scsi_debug", NULL);
7443 if (IS_ERR_OR_NULL(sdebug_debugfs_root))
7444 pr_info("%s: failed to create initial debugfs directory\n", __func__);
7445
7446 for (k = 0; k < hosts_to_add; k++) {
7447 if (want_store && k == 0) {
7448 ret = sdebug_add_host_helper(idx);
7449 if (ret < 0) {
7450 pr_err("add_host_helper k=%d, error=%d\n",
7451 k, -ret);
7452 break;
7453 }
7454 } else {
7455 ret = sdebug_do_add_host(want_store &&
7456 sdebug_per_host_store);
7457 if (ret < 0) {
7458 pr_err("add_host k=%d error=%d\n", k, -ret);
7459 break;
7460 }
7461 }
7462 }
7463 if (sdebug_verbose)
7464 pr_info("built %d host(s)\n", sdebug_num_hosts);
7465
7466 return 0;
7467
7468driver_unreg:
7469 driver_unregister(&sdebug_driverfs_driver);
7470bus_unreg:
7471 bus_unregister(&pseudo_lld_bus);
7472dev_unreg:
7473 root_device_unregister(pseudo_primary);
7474free_vm:
7475 sdebug_erase_store(idx, NULL);
7476 return ret;
7477}
7478
7479static void __exit scsi_debug_exit(void)
7480{
7481 int k = sdebug_num_hosts;
7482
7483 for (; k; k--)
7484 sdebug_do_remove_host(true);
7485 kmem_cache_destroy(queued_cmd_cache);
7486 driver_unregister(&sdebug_driverfs_driver);
7487 bus_unregister(&pseudo_lld_bus);
7488 root_device_unregister(pseudo_primary);
7489
7490 sdebug_erase_all_stores(false);
7491 xa_destroy(per_store_ap);
7492 debugfs_remove(sdebug_debugfs_root);
7493}
7494
7495device_initcall(scsi_debug_init);
7496module_exit(scsi_debug_exit);
7497
7498static void sdebug_release_adapter(struct device *dev)
7499{
7500 struct sdebug_host_info *sdbg_host;
7501
7502 sdbg_host = dev_to_sdebug_host(dev);
7503 kfree(sdbg_host);
7504}
7505
7506/* idx must be valid, if sip is NULL then it will be obtained using idx */
7507static void sdebug_erase_store(int idx, struct sdeb_store_info *sip)
7508{
7509 if (idx < 0)
7510 return;
7511 if (!sip) {
7512 if (xa_empty(per_store_ap))
7513 return;
7514 sip = xa_load(per_store_ap, idx);
7515 if (!sip)
7516 return;
7517 }
7518 vfree(sip->map_storep);
7519 vfree(sip->dif_storep);
7520 vfree(sip->storep);
7521 xa_erase(per_store_ap, idx);
7522 kfree(sip);
7523}
7524
7525/* Assume apart_from_first==false only in shutdown case. */
7526static void sdebug_erase_all_stores(bool apart_from_first)
7527{
7528 unsigned long idx;
7529 struct sdeb_store_info *sip = NULL;
7530
7531 xa_for_each(per_store_ap, idx, sip) {
7532 if (apart_from_first)
7533 apart_from_first = false;
7534 else
7535 sdebug_erase_store(idx, sip);
7536 }
7537 if (apart_from_first)
7538 sdeb_most_recent_idx = sdeb_first_idx;
7539}
7540
7541/*
7542 * Returns store xarray new element index (idx) if >=0 else negated errno.
7543 * Limit the number of stores to 65536.
7544 */
7545static int sdebug_add_store(void)
7546{
7547 int res;
7548 u32 n_idx;
7549 unsigned long iflags;
7550 unsigned long sz = (unsigned long)sdebug_dev_size_mb * 1048576;
7551 struct sdeb_store_info *sip = NULL;
7552 struct xa_limit xal = { .max = 1 << 16, .min = 0 };
7553
7554 sip = kzalloc(sizeof(*sip), GFP_KERNEL);
7555 if (!sip)
7556 return -ENOMEM;
7557
7558 xa_lock_irqsave(per_store_ap, iflags);
7559 res = __xa_alloc(per_store_ap, &n_idx, sip, xal, GFP_ATOMIC);
7560 if (unlikely(res < 0)) {
7561 xa_unlock_irqrestore(per_store_ap, iflags);
7562 kfree(sip);
7563 pr_warn("%s: xa_alloc() errno=%d\n", __func__, -res);
7564 return res;
7565 }
7566 sdeb_most_recent_idx = n_idx;
7567 if (sdeb_first_idx < 0)
7568 sdeb_first_idx = n_idx;
7569 xa_unlock_irqrestore(per_store_ap, iflags);
7570
7571 res = -ENOMEM;
7572 sip->storep = vzalloc(sz);
7573 if (!sip->storep) {
7574 pr_err("user data oom\n");
7575 goto err;
7576 }
7577 if (sdebug_num_parts > 0)
7578 sdebug_build_parts(sip->storep, sz);
7579
7580 /* DIF/DIX: what T10 calls Protection Information (PI) */
7581 if (sdebug_dix) {
7582 int dif_size;
7583
7584 dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
7585 sip->dif_storep = vmalloc(dif_size);
7586
7587 pr_info("dif_storep %u bytes @ %pK\n", dif_size,
7588 sip->dif_storep);
7589
7590 if (!sip->dif_storep) {
7591 pr_err("DIX oom\n");
7592 goto err;
7593 }
7594 memset(sip->dif_storep, 0xff, dif_size);
7595 }
7596 /* Logical Block Provisioning */
7597 if (scsi_debug_lbp()) {
7598 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
7599 sip->map_storep = vmalloc(array_size(sizeof(long),
7600 BITS_TO_LONGS(map_size)));
7601
7602 pr_info("%lu provisioning blocks\n", map_size);
7603
7604 if (!sip->map_storep) {
7605 pr_err("LBP map oom\n");
7606 goto err;
7607 }
7608
7609 bitmap_zero(sip->map_storep, map_size);
7610
7611 /* Map first 1KB for partition table */
7612 if (sdebug_num_parts)
7613 map_region(sip, 0, 2);
7614 }
7615
7616 rwlock_init(&sip->macc_lck);
7617 return (int)n_idx;
7618err:
7619 sdebug_erase_store((int)n_idx, sip);
7620 pr_warn("%s: failed, errno=%d\n", __func__, -res);
7621 return res;
7622}
7623
7624static int sdebug_add_host_helper(int per_host_idx)
7625{
7626 int k, devs_per_host, idx;
7627 int error = -ENOMEM;
7628 struct sdebug_host_info *sdbg_host;
7629 struct sdebug_dev_info *sdbg_devinfo, *tmp;
7630
7631 sdbg_host = kzalloc(sizeof(*sdbg_host), GFP_KERNEL);
7632 if (!sdbg_host)
7633 return -ENOMEM;
7634 idx = (per_host_idx < 0) ? sdeb_first_idx : per_host_idx;
7635 if (xa_get_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE))
7636 xa_clear_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
7637 sdbg_host->si_idx = idx;
7638
7639 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
7640
7641 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
7642 for (k = 0; k < devs_per_host; k++) {
7643 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
7644 if (!sdbg_devinfo)
7645 goto clean;
7646 }
7647
7648 mutex_lock(&sdebug_host_list_mutex);
7649 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
7650 mutex_unlock(&sdebug_host_list_mutex);
7651
7652 sdbg_host->dev.bus = &pseudo_lld_bus;
7653 sdbg_host->dev.parent = pseudo_primary;
7654 sdbg_host->dev.release = &sdebug_release_adapter;
7655 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_num_hosts);
7656
7657 error = device_register(&sdbg_host->dev);
7658 if (error) {
7659 mutex_lock(&sdebug_host_list_mutex);
7660 list_del(&sdbg_host->host_list);
7661 mutex_unlock(&sdebug_host_list_mutex);
7662 goto clean;
7663 }
7664
7665 ++sdebug_num_hosts;
7666 return 0;
7667
7668clean:
7669 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
7670 dev_list) {
7671 list_del(&sdbg_devinfo->dev_list);
7672 kfree(sdbg_devinfo->zstate);
7673 kfree(sdbg_devinfo);
7674 }
7675 if (sdbg_host->dev.release)
7676 put_device(&sdbg_host->dev);
7677 else
7678 kfree(sdbg_host);
7679 pr_warn("%s: failed, errno=%d\n", __func__, -error);
7680 return error;
7681}
7682
7683static int sdebug_do_add_host(bool mk_new_store)
7684{
7685 int ph_idx = sdeb_most_recent_idx;
7686
7687 if (mk_new_store) {
7688 ph_idx = sdebug_add_store();
7689 if (ph_idx < 0)
7690 return ph_idx;
7691 }
7692 return sdebug_add_host_helper(ph_idx);
7693}
7694
7695static void sdebug_do_remove_host(bool the_end)
7696{
7697 int idx = -1;
7698 struct sdebug_host_info *sdbg_host = NULL;
7699 struct sdebug_host_info *sdbg_host2;
7700
7701 mutex_lock(&sdebug_host_list_mutex);
7702 if (!list_empty(&sdebug_host_list)) {
7703 sdbg_host = list_entry(sdebug_host_list.prev,
7704 struct sdebug_host_info, host_list);
7705 idx = sdbg_host->si_idx;
7706 }
7707 if (!the_end && idx >= 0) {
7708 bool unique = true;
7709
7710 list_for_each_entry(sdbg_host2, &sdebug_host_list, host_list) {
7711 if (sdbg_host2 == sdbg_host)
7712 continue;
7713 if (idx == sdbg_host2->si_idx) {
7714 unique = false;
7715 break;
7716 }
7717 }
7718 if (unique) {
7719 xa_set_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
7720 if (idx == sdeb_most_recent_idx)
7721 --sdeb_most_recent_idx;
7722 }
7723 }
7724 if (sdbg_host)
7725 list_del(&sdbg_host->host_list);
7726 mutex_unlock(&sdebug_host_list_mutex);
7727
7728 if (!sdbg_host)
7729 return;
7730
7731 device_unregister(&sdbg_host->dev);
7732 --sdebug_num_hosts;
7733}
7734
7735static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
7736{
7737 struct sdebug_dev_info *devip = sdev->hostdata;
7738
7739 if (!devip)
7740 return -ENODEV;
7741
7742 mutex_lock(&sdebug_host_list_mutex);
7743 block_unblock_all_queues(true);
7744
7745 if (qdepth > SDEBUG_CANQUEUE) {
7746 qdepth = SDEBUG_CANQUEUE;
7747 pr_warn("%s: requested qdepth [%d] exceeds canqueue [%d], trim\n", __func__,
7748 qdepth, SDEBUG_CANQUEUE);
7749 }
7750 if (qdepth < 1)
7751 qdepth = 1;
7752 if (qdepth != sdev->queue_depth)
7753 scsi_change_queue_depth(sdev, qdepth);
7754
7755 block_unblock_all_queues(false);
7756 mutex_unlock(&sdebug_host_list_mutex);
7757
7758 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
7759 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d\n", __func__, qdepth);
7760
7761 return sdev->queue_depth;
7762}
7763
7764static bool fake_timeout(struct scsi_cmnd *scp)
7765{
7766 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
7767 if (sdebug_every_nth < -1)
7768 sdebug_every_nth = -1;
7769 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
7770 return true; /* ignore command causing timeout */
7771 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
7772 scsi_medium_access_command(scp))
7773 return true; /* time out reads and writes */
7774 }
7775 return false;
7776}
7777
7778/* Response to TUR or media access command when device stopped */
7779static int resp_not_ready(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
7780{
7781 int stopped_state;
7782 u64 diff_ns = 0;
7783 ktime_t now_ts = ktime_get_boottime();
7784 struct scsi_device *sdp = scp->device;
7785
7786 stopped_state = atomic_read(&devip->stopped);
7787 if (stopped_state == 2) {
7788 if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
7789 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
7790 if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
7791 /* tur_ms_to_ready timer extinguished */
7792 atomic_set(&devip->stopped, 0);
7793 return 0;
7794 }
7795 }
7796 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x1);
7797 if (sdebug_verbose)
7798 sdev_printk(KERN_INFO, sdp,
7799 "%s: Not ready: in process of becoming ready\n", my_name);
7800 if (scp->cmnd[0] == TEST_UNIT_READY) {
7801 u64 tur_nanosecs_to_ready = (u64)sdeb_tur_ms_to_ready * 1000000;
7802
7803 if (diff_ns <= tur_nanosecs_to_ready)
7804 diff_ns = tur_nanosecs_to_ready - diff_ns;
7805 else
7806 diff_ns = tur_nanosecs_to_ready;
7807 /* As per 20-061r2 approved for spc6 by T10 on 20200716 */
7808 do_div(diff_ns, 1000000); /* diff_ns becomes milliseconds */
7809 scsi_set_sense_information(scp->sense_buffer, SCSI_SENSE_BUFFERSIZE,
7810 diff_ns);
7811 return check_condition_result;
7812 }
7813 }
7814 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
7815 if (sdebug_verbose)
7816 sdev_printk(KERN_INFO, sdp, "%s: Not ready: initializing command required\n",
7817 my_name);
7818 return check_condition_result;
7819}
7820
7821static void sdebug_map_queues(struct Scsi_Host *shost)
7822{
7823 int i, qoff;
7824
7825 if (shost->nr_hw_queues == 1)
7826 return;
7827
7828 for (i = 0, qoff = 0; i < HCTX_MAX_TYPES; i++) {
7829 struct blk_mq_queue_map *map = &shost->tag_set.map[i];
7830
7831 map->nr_queues = 0;
7832
7833 if (i == HCTX_TYPE_DEFAULT)
7834 map->nr_queues = submit_queues - poll_queues;
7835 else if (i == HCTX_TYPE_POLL)
7836 map->nr_queues = poll_queues;
7837
7838 if (!map->nr_queues) {
7839 BUG_ON(i == HCTX_TYPE_DEFAULT);
7840 continue;
7841 }
7842
7843 map->queue_offset = qoff;
7844 blk_mq_map_queues(map);
7845
7846 qoff += map->nr_queues;
7847 }
7848}
7849
7850struct sdebug_blk_mq_poll_data {
7851 unsigned int queue_num;
7852 int *num_entries;
7853};
7854
7855/*
7856 * We don't handle aborted commands here, but it does not seem possible to have
7857 * aborted polled commands from schedule_resp()
7858 */
7859static bool sdebug_blk_mq_poll_iter(struct request *rq, void *opaque)
7860{
7861 struct sdebug_blk_mq_poll_data *data = opaque;
7862 struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(rq);
7863 struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmd);
7864 struct sdebug_defer *sd_dp;
7865 u32 unique_tag = blk_mq_unique_tag(rq);
7866 u16 hwq = blk_mq_unique_tag_to_hwq(unique_tag);
7867 struct sdebug_queued_cmd *sqcp;
7868 unsigned long flags;
7869 int queue_num = data->queue_num;
7870 ktime_t time;
7871
7872 /* We're only interested in one queue for this iteration */
7873 if (hwq != queue_num)
7874 return true;
7875
7876 /* Subsequent checks would fail if this failed, but check anyway */
7877 if (!test_bit(SCMD_STATE_INFLIGHT, &cmd->state))
7878 return true;
7879
7880 time = ktime_get_boottime();
7881
7882 spin_lock_irqsave(&sdsc->lock, flags);
7883 sqcp = TO_QUEUED_CMD(cmd);
7884 if (!sqcp) {
7885 spin_unlock_irqrestore(&sdsc->lock, flags);
7886 return true;
7887 }
7888
7889 sd_dp = &sqcp->sd_dp;
7890 if (READ_ONCE(sd_dp->defer_t) != SDEB_DEFER_POLL) {
7891 spin_unlock_irqrestore(&sdsc->lock, flags);
7892 return true;
7893 }
7894
7895 if (time < sd_dp->cmpl_ts) {
7896 spin_unlock_irqrestore(&sdsc->lock, flags);
7897 return true;
7898 }
7899
7900 ASSIGN_QUEUED_CMD(cmd, NULL);
7901 spin_unlock_irqrestore(&sdsc->lock, flags);
7902
7903 if (sdebug_statistics) {
7904 atomic_inc(&sdebug_completions);
7905 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
7906 atomic_inc(&sdebug_miss_cpus);
7907 }
7908
7909 sdebug_free_queued_cmd(sqcp);
7910
7911 scsi_done(cmd); /* callback to mid level */
7912 (*data->num_entries)++;
7913 return true;
7914}
7915
7916static int sdebug_blk_mq_poll(struct Scsi_Host *shost, unsigned int queue_num)
7917{
7918 int num_entries = 0;
7919 struct sdebug_blk_mq_poll_data data = {
7920 .queue_num = queue_num,
7921 .num_entries = &num_entries,
7922 };
7923
7924 blk_mq_tagset_busy_iter(&shost->tag_set, sdebug_blk_mq_poll_iter,
7925 &data);
7926
7927 if (num_entries > 0)
7928 atomic_add(num_entries, &sdeb_mq_poll_count);
7929 return num_entries;
7930}
7931
7932static int sdebug_timeout_cmd(struct scsi_cmnd *cmnd)
7933{
7934 struct scsi_device *sdp = cmnd->device;
7935 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
7936 struct sdebug_err_inject *err;
7937 unsigned char *cmd = cmnd->cmnd;
7938 int ret = 0;
7939
7940 if (devip == NULL)
7941 return 0;
7942
7943 rcu_read_lock();
7944 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
7945 if (err->type == ERR_TMOUT_CMD &&
7946 (err->cmd == cmd[0] || err->cmd == 0xff)) {
7947 ret = !!err->cnt;
7948 if (err->cnt < 0)
7949 err->cnt++;
7950
7951 rcu_read_unlock();
7952 return ret;
7953 }
7954 }
7955 rcu_read_unlock();
7956
7957 return 0;
7958}
7959
7960static int sdebug_fail_queue_cmd(struct scsi_cmnd *cmnd)
7961{
7962 struct scsi_device *sdp = cmnd->device;
7963 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
7964 struct sdebug_err_inject *err;
7965 unsigned char *cmd = cmnd->cmnd;
7966 int ret = 0;
7967
7968 if (devip == NULL)
7969 return 0;
7970
7971 rcu_read_lock();
7972 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
7973 if (err->type == ERR_FAIL_QUEUE_CMD &&
7974 (err->cmd == cmd[0] || err->cmd == 0xff)) {
7975 ret = err->cnt ? err->queuecmd_ret : 0;
7976 if (err->cnt < 0)
7977 err->cnt++;
7978
7979 rcu_read_unlock();
7980 return ret;
7981 }
7982 }
7983 rcu_read_unlock();
7984
7985 return 0;
7986}
7987
7988static int sdebug_fail_cmd(struct scsi_cmnd *cmnd, int *retval,
7989 struct sdebug_err_inject *info)
7990{
7991 struct scsi_device *sdp = cmnd->device;
7992 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
7993 struct sdebug_err_inject *err;
7994 unsigned char *cmd = cmnd->cmnd;
7995 int ret = 0;
7996 int result;
7997
7998 if (devip == NULL)
7999 return 0;
8000
8001 rcu_read_lock();
8002 list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
8003 if (err->type == ERR_FAIL_CMD &&
8004 (err->cmd == cmd[0] || err->cmd == 0xff)) {
8005 if (!err->cnt) {
8006 rcu_read_unlock();
8007 return 0;
8008 }
8009
8010 ret = !!err->cnt;
8011 rcu_read_unlock();
8012 goto out_handle;
8013 }
8014 }
8015 rcu_read_unlock();
8016
8017 return 0;
8018
8019out_handle:
8020 if (err->cnt < 0)
8021 err->cnt++;
8022 mk_sense_buffer(cmnd, err->sense_key, err->asc, err->asq);
8023 result = err->status_byte | err->host_byte << 16 | err->driver_byte << 24;
8024 *info = *err;
8025 *retval = schedule_resp(cmnd, devip, result, NULL, 0, 0);
8026
8027 return ret;
8028}
8029
8030static int scsi_debug_queuecommand(struct Scsi_Host *shost,
8031 struct scsi_cmnd *scp)
8032{
8033 u8 sdeb_i;
8034 struct scsi_device *sdp = scp->device;
8035 const struct opcode_info_t *oip;
8036 const struct opcode_info_t *r_oip;
8037 struct sdebug_dev_info *devip;
8038 u8 *cmd = scp->cmnd;
8039 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
8040 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *) = NULL;
8041 int k, na;
8042 int errsts = 0;
8043 u64 lun_index = sdp->lun & 0x3FFF;
8044 u32 flags;
8045 u16 sa;
8046 u8 opcode = cmd[0];
8047 bool has_wlun_rl;
8048 bool inject_now;
8049 int ret = 0;
8050 struct sdebug_err_inject err;
8051
8052 scsi_set_resid(scp, 0);
8053 if (sdebug_statistics) {
8054 atomic_inc(&sdebug_cmnd_count);
8055 inject_now = inject_on_this_cmd();
8056 } else {
8057 inject_now = false;
8058 }
8059 if (unlikely(sdebug_verbose &&
8060 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
8061 char b[120];
8062 int n, len, sb;
8063
8064 len = scp->cmd_len;
8065 sb = (int)sizeof(b);
8066 if (len > 32)
8067 strcpy(b, "too long, over 32 bytes");
8068 else {
8069 for (k = 0, n = 0; k < len && n < sb; ++k)
8070 n += scnprintf(b + n, sb - n, "%02x ",
8071 (u32)cmd[k]);
8072 }
8073 sdev_printk(KERN_INFO, sdp, "%s: tag=%#x, cmd %s\n", my_name,
8074 blk_mq_unique_tag(scsi_cmd_to_rq(scp)), b);
8075 }
8076 if (unlikely(inject_now && (sdebug_opts & SDEBUG_OPT_HOST_BUSY)))
8077 return SCSI_MLQUEUE_HOST_BUSY;
8078 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
8079 if (unlikely(lun_index >= sdebug_max_luns && !has_wlun_rl))
8080 goto err_out;
8081
8082 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
8083 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
8084 devip = (struct sdebug_dev_info *)sdp->hostdata;
8085 if (unlikely(!devip)) {
8086 devip = find_build_dev_info(sdp);
8087 if (NULL == devip)
8088 goto err_out;
8089 }
8090
8091 if (sdebug_timeout_cmd(scp)) {
8092 scmd_printk(KERN_INFO, scp, "timeout command 0x%x\n", opcode);
8093 return 0;
8094 }
8095
8096 ret = sdebug_fail_queue_cmd(scp);
8097 if (ret) {
8098 scmd_printk(KERN_INFO, scp, "fail queue command 0x%x with 0x%x\n",
8099 opcode, ret);
8100 return ret;
8101 }
8102
8103 if (sdebug_fail_cmd(scp, &ret, &err)) {
8104 scmd_printk(KERN_INFO, scp,
8105 "fail command 0x%x with hostbyte=0x%x, "
8106 "driverbyte=0x%x, statusbyte=0x%x, "
8107 "sense_key=0x%x, asc=0x%x, asq=0x%x\n",
8108 opcode, err.host_byte, err.driver_byte,
8109 err.status_byte, err.sense_key, err.asc, err.asq);
8110 return ret;
8111 }
8112
8113 if (unlikely(inject_now && !atomic_read(&sdeb_inject_pending)))
8114 atomic_set(&sdeb_inject_pending, 1);
8115
8116 na = oip->num_attached;
8117 r_pfp = oip->pfp;
8118 if (na) { /* multiple commands with this opcode */
8119 r_oip = oip;
8120 if (FF_SA & r_oip->flags) {
8121 if (F_SA_LOW & oip->flags)
8122 sa = 0x1f & cmd[1];
8123 else
8124 sa = get_unaligned_be16(cmd + 8);
8125 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
8126 if (opcode == oip->opcode && sa == oip->sa)
8127 break;
8128 }
8129 } else { /* since no service action only check opcode */
8130 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
8131 if (opcode == oip->opcode)
8132 break;
8133 }
8134 }
8135 if (k > na) {
8136 if (F_SA_LOW & r_oip->flags)
8137 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
8138 else if (F_SA_HIGH & r_oip->flags)
8139 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
8140 else
8141 mk_sense_invalid_opcode(scp);
8142 goto check_cond;
8143 }
8144 } /* else (when na==0) we assume the oip is a match */
8145 flags = oip->flags;
8146 if (unlikely(F_INV_OP & flags)) {
8147 mk_sense_invalid_opcode(scp);
8148 goto check_cond;
8149 }
8150 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
8151 if (sdebug_verbose)
8152 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
8153 my_name, opcode, " supported for wlun");
8154 mk_sense_invalid_opcode(scp);
8155 goto check_cond;
8156 }
8157 if (unlikely(sdebug_strict)) { /* check cdb against mask */
8158 u8 rem;
8159 int j;
8160
8161 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
8162 rem = ~oip->len_mask[k] & cmd[k];
8163 if (rem) {
8164 for (j = 7; j >= 0; --j, rem <<= 1) {
8165 if (0x80 & rem)
8166 break;
8167 }
8168 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
8169 goto check_cond;
8170 }
8171 }
8172 }
8173 if (unlikely(!(F_SKIP_UA & flags) &&
8174 find_first_bit(devip->uas_bm,
8175 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
8176 errsts = make_ua(scp, devip);
8177 if (errsts)
8178 goto check_cond;
8179 }
8180 if (unlikely(((F_M_ACCESS & flags) || scp->cmnd[0] == TEST_UNIT_READY) &&
8181 atomic_read(&devip->stopped))) {
8182 errsts = resp_not_ready(scp, devip);
8183 if (errsts)
8184 goto fini;
8185 }
8186 if (sdebug_fake_rw && (F_FAKE_RW & flags))
8187 goto fini;
8188 if (unlikely(sdebug_every_nth)) {
8189 if (fake_timeout(scp))
8190 return 0; /* ignore command: make trouble */
8191 }
8192 if (likely(oip->pfp))
8193 pfp = oip->pfp; /* calls a resp_* function */
8194 else
8195 pfp = r_pfp; /* if leaf function ptr NULL, try the root's */
8196
8197fini:
8198 if (F_DELAY_OVERR & flags) /* cmds like INQUIRY respond asap */
8199 return schedule_resp(scp, devip, errsts, pfp, 0, 0);
8200 else if ((flags & F_LONG_DELAY) && (sdebug_jdelay > 0 ||
8201 sdebug_ndelay > 10000)) {
8202 /*
8203 * Skip long delays if ndelay <= 10 microseconds. Otherwise
8204 * for Start Stop Unit (SSU) want at least 1 second delay and
8205 * if sdebug_jdelay>1 want a long delay of that many seconds.
8206 * For Synchronize Cache want 1/20 of SSU's delay.
8207 */
8208 int jdelay = (sdebug_jdelay < 2) ? 1 : sdebug_jdelay;
8209 int denom = (flags & F_SYNC_DELAY) ? 20 : 1;
8210
8211 jdelay = mult_frac(USER_HZ * jdelay, HZ, denom * USER_HZ);
8212 return schedule_resp(scp, devip, errsts, pfp, jdelay, 0);
8213 } else
8214 return schedule_resp(scp, devip, errsts, pfp, sdebug_jdelay,
8215 sdebug_ndelay);
8216check_cond:
8217 return schedule_resp(scp, devip, check_condition_result, NULL, 0, 0);
8218err_out:
8219 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, NULL, 0, 0);
8220}
8221
8222static int sdebug_init_cmd_priv(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
8223{
8224 struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmd);
8225
8226 spin_lock_init(&sdsc->lock);
8227
8228 return 0;
8229}
8230
8231static struct scsi_host_template sdebug_driver_template = {
8232 .show_info = scsi_debug_show_info,
8233 .write_info = scsi_debug_write_info,
8234 .proc_name = sdebug_proc_name,
8235 .name = "SCSI DEBUG",
8236 .info = scsi_debug_info,
8237 .slave_alloc = scsi_debug_slave_alloc,
8238 .slave_configure = scsi_debug_slave_configure,
8239 .slave_destroy = scsi_debug_slave_destroy,
8240 .ioctl = scsi_debug_ioctl,
8241 .queuecommand = scsi_debug_queuecommand,
8242 .change_queue_depth = sdebug_change_qdepth,
8243 .map_queues = sdebug_map_queues,
8244 .mq_poll = sdebug_blk_mq_poll,
8245 .eh_abort_handler = scsi_debug_abort,
8246 .eh_device_reset_handler = scsi_debug_device_reset,
8247 .eh_target_reset_handler = scsi_debug_target_reset,
8248 .eh_bus_reset_handler = scsi_debug_bus_reset,
8249 .eh_host_reset_handler = scsi_debug_host_reset,
8250 .can_queue = SDEBUG_CANQUEUE,
8251 .this_id = 7,
8252 .sg_tablesize = SG_MAX_SEGMENTS,
8253 .cmd_per_lun = DEF_CMD_PER_LUN,
8254 .max_sectors = -1U,
8255 .max_segment_size = -1U,
8256 .module = THIS_MODULE,
8257 .track_queue_depth = 1,
8258 .cmd_size = sizeof(struct sdebug_scsi_cmd),
8259 .init_cmd_priv = sdebug_init_cmd_priv,
8260 .target_alloc = sdebug_target_alloc,
8261 .target_destroy = sdebug_target_destroy,
8262};
8263
8264static int sdebug_driver_probe(struct device *dev)
8265{
8266 int error = 0;
8267 struct sdebug_host_info *sdbg_host;
8268 struct Scsi_Host *hpnt;
8269 int hprot;
8270
8271 sdbg_host = dev_to_sdebug_host(dev);
8272
8273 sdebug_driver_template.can_queue = sdebug_max_queue;
8274 sdebug_driver_template.cmd_per_lun = sdebug_max_queue;
8275 if (!sdebug_clustering)
8276 sdebug_driver_template.dma_boundary = PAGE_SIZE - 1;
8277
8278 hpnt = scsi_host_alloc(&sdebug_driver_template, 0);
8279 if (NULL == hpnt) {
8280 pr_err("scsi_host_alloc failed\n");
8281 error = -ENODEV;
8282 return error;
8283 }
8284 if (submit_queues > nr_cpu_ids) {
8285 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%u\n",
8286 my_name, submit_queues, nr_cpu_ids);
8287 submit_queues = nr_cpu_ids;
8288 }
8289 /*
8290 * Decide whether to tell scsi subsystem that we want mq. The
8291 * following should give the same answer for each host.
8292 */
8293 hpnt->nr_hw_queues = submit_queues;
8294 if (sdebug_host_max_queue)
8295 hpnt->host_tagset = 1;
8296
8297 /* poll queues are possible for nr_hw_queues > 1 */
8298 if (hpnt->nr_hw_queues == 1 || (poll_queues < 1)) {
8299 pr_warn("%s: trim poll_queues to 0. poll_q/nr_hw = (%d/%d)\n",
8300 my_name, poll_queues, hpnt->nr_hw_queues);
8301 poll_queues = 0;
8302 }
8303
8304 /*
8305 * Poll queues don't need interrupts, but we need at least one I/O queue
8306 * left over for non-polled I/O.
8307 * If condition not met, trim poll_queues to 1 (just for simplicity).
8308 */
8309 if (poll_queues >= submit_queues) {
8310 if (submit_queues < 3)
8311 pr_warn("%s: trim poll_queues to 1\n", my_name);
8312 else
8313 pr_warn("%s: trim poll_queues to 1. Perhaps try poll_queues=%d\n",
8314 my_name, submit_queues - 1);
8315 poll_queues = 1;
8316 }
8317 if (poll_queues)
8318 hpnt->nr_maps = 3;
8319
8320 sdbg_host->shost = hpnt;
8321 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
8322 hpnt->max_id = sdebug_num_tgts + 1;
8323 else
8324 hpnt->max_id = sdebug_num_tgts;
8325 /* = sdebug_max_luns; */
8326 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
8327
8328 hprot = 0;
8329
8330 switch (sdebug_dif) {
8331
8332 case T10_PI_TYPE1_PROTECTION:
8333 hprot = SHOST_DIF_TYPE1_PROTECTION;
8334 if (sdebug_dix)
8335 hprot |= SHOST_DIX_TYPE1_PROTECTION;
8336 break;
8337
8338 case T10_PI_TYPE2_PROTECTION:
8339 hprot = SHOST_DIF_TYPE2_PROTECTION;
8340 if (sdebug_dix)
8341 hprot |= SHOST_DIX_TYPE2_PROTECTION;
8342 break;
8343
8344 case T10_PI_TYPE3_PROTECTION:
8345 hprot = SHOST_DIF_TYPE3_PROTECTION;
8346 if (sdebug_dix)
8347 hprot |= SHOST_DIX_TYPE3_PROTECTION;
8348 break;
8349
8350 default:
8351 if (sdebug_dix)
8352 hprot |= SHOST_DIX_TYPE0_PROTECTION;
8353 break;
8354 }
8355
8356 scsi_host_set_prot(hpnt, hprot);
8357
8358 if (have_dif_prot || sdebug_dix)
8359 pr_info("host protection%s%s%s%s%s%s%s\n",
8360 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
8361 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
8362 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
8363 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
8364 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
8365 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
8366 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
8367
8368 if (sdebug_guard == 1)
8369 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
8370 else
8371 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
8372
8373 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
8374 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
8375 if (sdebug_every_nth) /* need stats counters for every_nth */
8376 sdebug_statistics = true;
8377 error = scsi_add_host(hpnt, &sdbg_host->dev);
8378 if (error) {
8379 pr_err("scsi_add_host failed\n");
8380 error = -ENODEV;
8381 scsi_host_put(hpnt);
8382 } else {
8383 scsi_scan_host(hpnt);
8384 }
8385
8386 return error;
8387}
8388
8389static void sdebug_driver_remove(struct device *dev)
8390{
8391 struct sdebug_host_info *sdbg_host;
8392 struct sdebug_dev_info *sdbg_devinfo, *tmp;
8393
8394 sdbg_host = dev_to_sdebug_host(dev);
8395
8396 scsi_remove_host(sdbg_host->shost);
8397
8398 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
8399 dev_list) {
8400 list_del(&sdbg_devinfo->dev_list);
8401 kfree(sdbg_devinfo->zstate);
8402 kfree(sdbg_devinfo);
8403 }
8404
8405 scsi_host_put(sdbg_host->shost);
8406}
8407
8408static struct bus_type pseudo_lld_bus = {
8409 .name = "pseudo",
8410 .probe = sdebug_driver_probe,
8411 .remove = sdebug_driver_remove,
8412 .drv_groups = sdebug_drv_groups,
8413};