Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
4 * Copyright (C) 1992 Eric Youngdale
5 * Simulate a host adapter with 2 disks attached. Do a lot of checking
6 * to make sure that we are not getting blocks mixed up, and PANIC if
7 * anything out of the ordinary is seen.
8 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9 *
10 * Copyright (C) 2001 - 2020 Douglas Gilbert
11 *
12 * For documentation see http://sg.danny.cz/sg/scsi_debug.html
13 */
14
15
16#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
17
18#include <linux/module.h>
19
20#include <linux/kernel.h>
21#include <linux/errno.h>
22#include <linux/jiffies.h>
23#include <linux/slab.h>
24#include <linux/types.h>
25#include <linux/string.h>
26#include <linux/genhd.h>
27#include <linux/fs.h>
28#include <linux/init.h>
29#include <linux/proc_fs.h>
30#include <linux/vmalloc.h>
31#include <linux/moduleparam.h>
32#include <linux/scatterlist.h>
33#include <linux/blkdev.h>
34#include <linux/crc-t10dif.h>
35#include <linux/spinlock.h>
36#include <linux/interrupt.h>
37#include <linux/atomic.h>
38#include <linux/hrtimer.h>
39#include <linux/uuid.h>
40#include <linux/t10-pi.h>
41#include <linux/msdos_partition.h>
42#include <linux/random.h>
43#include <linux/xarray.h>
44#include <linux/prefetch.h>
45
46#include <net/checksum.h>
47
48#include <asm/unaligned.h>
49
50#include <scsi/scsi.h>
51#include <scsi/scsi_cmnd.h>
52#include <scsi/scsi_device.h>
53#include <scsi/scsi_host.h>
54#include <scsi/scsicam.h>
55#include <scsi/scsi_eh.h>
56#include <scsi/scsi_tcq.h>
57#include <scsi/scsi_dbg.h>
58
59#include "sd.h"
60#include "scsi_logging.h"
61
62/* make sure inq_product_rev string corresponds to this version */
63#define SDEBUG_VERSION "0190" /* format to fit INQUIRY revision field */
64static const char *sdebug_version_date = "20200710";
65
66#define MY_NAME "scsi_debug"
67
68/* Additional Sense Code (ASC) */
69#define NO_ADDITIONAL_SENSE 0x0
70#define LOGICAL_UNIT_NOT_READY 0x4
71#define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
72#define UNRECOVERED_READ_ERR 0x11
73#define PARAMETER_LIST_LENGTH_ERR 0x1a
74#define INVALID_OPCODE 0x20
75#define LBA_OUT_OF_RANGE 0x21
76#define INVALID_FIELD_IN_CDB 0x24
77#define INVALID_FIELD_IN_PARAM_LIST 0x26
78#define WRITE_PROTECTED 0x27
79#define UA_RESET_ASC 0x29
80#define UA_CHANGED_ASC 0x2a
81#define TARGET_CHANGED_ASC 0x3f
82#define LUNS_CHANGED_ASCQ 0x0e
83#define INSUFF_RES_ASC 0x55
84#define INSUFF_RES_ASCQ 0x3
85#define POWER_ON_RESET_ASCQ 0x0
86#define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
87#define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
88#define CAPACITY_CHANGED_ASCQ 0x9
89#define SAVING_PARAMS_UNSUP 0x39
90#define TRANSPORT_PROBLEM 0x4b
91#define THRESHOLD_EXCEEDED 0x5d
92#define LOW_POWER_COND_ON 0x5e
93#define MISCOMPARE_VERIFY_ASC 0x1d
94#define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
95#define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
96#define WRITE_ERROR_ASC 0xc
97#define UNALIGNED_WRITE_ASCQ 0x4
98#define WRITE_BOUNDARY_ASCQ 0x5
99#define READ_INVDATA_ASCQ 0x6
100#define READ_BOUNDARY_ASCQ 0x7
101#define INSUFF_ZONE_ASCQ 0xe
102
103/* Additional Sense Code Qualifier (ASCQ) */
104#define ACK_NAK_TO 0x3
105
106/* Default values for driver parameters */
107#define DEF_NUM_HOST 1
108#define DEF_NUM_TGTS 1
109#define DEF_MAX_LUNS 1
110/* With these defaults, this driver will make 1 host with 1 target
111 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
112 */
113#define DEF_ATO 1
114#define DEF_CDB_LEN 10
115#define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
116#define DEF_DEV_SIZE_PRE_INIT 0
117#define DEF_DEV_SIZE_MB 8
118#define DEF_ZBC_DEV_SIZE_MB 128
119#define DEF_DIF 0
120#define DEF_DIX 0
121#define DEF_PER_HOST_STORE false
122#define DEF_D_SENSE 0
123#define DEF_EVERY_NTH 0
124#define DEF_FAKE_RW 0
125#define DEF_GUARD 0
126#define DEF_HOST_LOCK 0
127#define DEF_LBPU 0
128#define DEF_LBPWS 0
129#define DEF_LBPWS10 0
130#define DEF_LBPRZ 1
131#define DEF_LOWEST_ALIGNED 0
132#define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
133#define DEF_NO_LUN_0 0
134#define DEF_NUM_PARTS 0
135#define DEF_OPTS 0
136#define DEF_OPT_BLKS 1024
137#define DEF_PHYSBLK_EXP 0
138#define DEF_OPT_XFERLEN_EXP 0
139#define DEF_PTYPE TYPE_DISK
140#define DEF_RANDOM false
141#define DEF_REMOVABLE false
142#define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
143#define DEF_SECTOR_SIZE 512
144#define DEF_UNMAP_ALIGNMENT 0
145#define DEF_UNMAP_GRANULARITY 1
146#define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
147#define DEF_UNMAP_MAX_DESC 256
148#define DEF_VIRTUAL_GB 0
149#define DEF_VPD_USE_HOSTNO 1
150#define DEF_WRITESAME_LENGTH 0xFFFF
151#define DEF_STRICT 0
152#define DEF_STATISTICS false
153#define DEF_SUBMIT_QUEUES 1
154#define DEF_TUR_MS_TO_READY 0
155#define DEF_UUID_CTL 0
156#define JDELAY_OVERRIDDEN -9999
157
158/* Default parameters for ZBC drives */
159#define DEF_ZBC_ZONE_SIZE_MB 128
160#define DEF_ZBC_MAX_OPEN_ZONES 8
161#define DEF_ZBC_NR_CONV_ZONES 1
162
163#define SDEBUG_LUN_0_VAL 0
164
165/* bit mask values for sdebug_opts */
166#define SDEBUG_OPT_NOISE 1
167#define SDEBUG_OPT_MEDIUM_ERR 2
168#define SDEBUG_OPT_TIMEOUT 4
169#define SDEBUG_OPT_RECOVERED_ERR 8
170#define SDEBUG_OPT_TRANSPORT_ERR 16
171#define SDEBUG_OPT_DIF_ERR 32
172#define SDEBUG_OPT_DIX_ERR 64
173#define SDEBUG_OPT_MAC_TIMEOUT 128
174#define SDEBUG_OPT_SHORT_TRANSFER 0x100
175#define SDEBUG_OPT_Q_NOISE 0x200
176#define SDEBUG_OPT_ALL_TSF 0x400
177#define SDEBUG_OPT_RARE_TSF 0x800
178#define SDEBUG_OPT_N_WCE 0x1000
179#define SDEBUG_OPT_RESET_NOISE 0x2000
180#define SDEBUG_OPT_NO_CDB_NOISE 0x4000
181#define SDEBUG_OPT_HOST_BUSY 0x8000
182#define SDEBUG_OPT_CMD_ABORT 0x10000
183#define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
184 SDEBUG_OPT_RESET_NOISE)
185#define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
186 SDEBUG_OPT_TRANSPORT_ERR | \
187 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
188 SDEBUG_OPT_SHORT_TRANSFER | \
189 SDEBUG_OPT_HOST_BUSY | \
190 SDEBUG_OPT_CMD_ABORT)
191#define SDEBUG_OPT_RECOV_DIF_DIX (SDEBUG_OPT_RECOVERED_ERR | \
192 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR)
193
194/* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
195 * priority order. In the subset implemented here lower numbers have higher
196 * priority. The UA numbers should be a sequence starting from 0 with
197 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
198#define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
199#define SDEBUG_UA_BUS_RESET 1
200#define SDEBUG_UA_MODE_CHANGED 2
201#define SDEBUG_UA_CAPACITY_CHANGED 3
202#define SDEBUG_UA_LUNS_CHANGED 4
203#define SDEBUG_UA_MICROCODE_CHANGED 5 /* simulate firmware change */
204#define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
205#define SDEBUG_NUM_UAS 7
206
207/* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
208 * sector on read commands: */
209#define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
210#define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
211
212/* If REPORT LUNS has luns >= 256 it can choose "flat space" (value 1)
213 * or "peripheral device" addressing (value 0) */
214#define SAM2_LUN_ADDRESS_METHOD 0
215
216/* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
217 * (for response) per submit queue at one time. Can be reduced by max_queue
218 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
219 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
220 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
221 * but cannot exceed SDEBUG_CANQUEUE .
222 */
223#define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
224#define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
225#define DEF_CMD_PER_LUN 255
226
227/* UA - Unit Attention; SA - Service Action; SSU - Start Stop Unit */
228#define F_D_IN 1 /* Data-in command (e.g. READ) */
229#define F_D_OUT 2 /* Data-out command (e.g. WRITE) */
230#define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
231#define F_D_UNKN 8
232#define F_RL_WLUN_OK 0x10 /* allowed with REPORT LUNS W-LUN */
233#define F_SKIP_UA 0x20 /* bypass UAs (e.g. INQUIRY command) */
234#define F_DELAY_OVERR 0x40 /* for commands like INQUIRY */
235#define F_SA_LOW 0x80 /* SA is in cdb byte 1, bits 4 to 0 */
236#define F_SA_HIGH 0x100 /* SA is in cdb bytes 8 and 9 */
237#define F_INV_OP 0x200 /* invalid opcode (not supported) */
238#define F_FAKE_RW 0x400 /* bypass resp_*() when fake_rw set */
239#define F_M_ACCESS 0x800 /* media access, reacts to SSU state */
240#define F_SSU_DELAY 0x1000 /* SSU command delay (long-ish) */
241#define F_SYNC_DELAY 0x2000 /* SYNCHRONIZE CACHE delay */
242
243/* Useful combinations of the above flags */
244#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
245#define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
246#define FF_SA (F_SA_HIGH | F_SA_LOW)
247#define F_LONG_DELAY (F_SSU_DELAY | F_SYNC_DELAY)
248
249#define SDEBUG_MAX_PARTS 4
250
251#define SDEBUG_MAX_CMD_LEN 32
252
253#define SDEB_XA_NOT_IN_USE XA_MARK_1
254
255/* Zone types (zbcr05 table 25) */
256enum sdebug_z_type {
257 ZBC_ZONE_TYPE_CNV = 0x1,
258 ZBC_ZONE_TYPE_SWR = 0x2,
259 ZBC_ZONE_TYPE_SWP = 0x3,
260};
261
262/* enumeration names taken from table 26, zbcr05 */
263enum sdebug_z_cond {
264 ZBC_NOT_WRITE_POINTER = 0x0,
265 ZC1_EMPTY = 0x1,
266 ZC2_IMPLICIT_OPEN = 0x2,
267 ZC3_EXPLICIT_OPEN = 0x3,
268 ZC4_CLOSED = 0x4,
269 ZC6_READ_ONLY = 0xd,
270 ZC5_FULL = 0xe,
271 ZC7_OFFLINE = 0xf,
272};
273
274struct sdeb_zone_state { /* ZBC: per zone state */
275 enum sdebug_z_type z_type;
276 enum sdebug_z_cond z_cond;
277 bool z_non_seq_resource;
278 unsigned int z_size;
279 sector_t z_start;
280 sector_t z_wp;
281};
282
283struct sdebug_dev_info {
284 struct list_head dev_list;
285 unsigned int channel;
286 unsigned int target;
287 u64 lun;
288 uuid_t lu_name;
289 struct sdebug_host_info *sdbg_host;
290 unsigned long uas_bm[1];
291 atomic_t num_in_q;
292 atomic_t stopped; /* 1: by SSU, 2: device start */
293 bool used;
294
295 /* For ZBC devices */
296 enum blk_zoned_model zmodel;
297 unsigned int zsize;
298 unsigned int zsize_shift;
299 unsigned int nr_zones;
300 unsigned int nr_conv_zones;
301 unsigned int nr_imp_open;
302 unsigned int nr_exp_open;
303 unsigned int nr_closed;
304 unsigned int max_open;
305 ktime_t create_ts; /* time since bootup that this device was created */
306 struct sdeb_zone_state *zstate;
307};
308
309struct sdebug_host_info {
310 struct list_head host_list;
311 int si_idx; /* sdeb_store_info (per host) xarray index */
312 struct Scsi_Host *shost;
313 struct device dev;
314 struct list_head dev_info_list;
315};
316
317/* There is an xarray of pointers to this struct's objects, one per host */
318struct sdeb_store_info {
319 rwlock_t macc_lck; /* for atomic media access on this store */
320 u8 *storep; /* user data storage (ram) */
321 struct t10_pi_tuple *dif_storep; /* protection info */
322 void *map_storep; /* provisioning map */
323};
324
325#define to_sdebug_host(d) \
326 container_of(d, struct sdebug_host_info, dev)
327
328enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
329 SDEB_DEFER_WQ = 2};
330
331struct sdebug_defer {
332 struct hrtimer hrt;
333 struct execute_work ew;
334 int sqa_idx; /* index of sdebug_queue array */
335 int qc_idx; /* index of sdebug_queued_cmd array within sqa_idx */
336 int hc_idx; /* hostwide tag index */
337 int issuing_cpu;
338 bool init_hrt;
339 bool init_wq;
340 bool aborted; /* true when blk_abort_request() already called */
341 enum sdeb_defer_type defer_t;
342};
343
344struct sdebug_queued_cmd {
345 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
346 * instance indicates this slot is in use.
347 */
348 struct sdebug_defer *sd_dp;
349 struct scsi_cmnd *a_cmnd;
350};
351
352struct sdebug_queue {
353 struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
354 unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
355 spinlock_t qc_lock;
356 atomic_t blocked; /* to temporarily stop more being queued */
357};
358
359static atomic_t sdebug_cmnd_count; /* number of incoming commands */
360static atomic_t sdebug_completions; /* count of deferred completions */
361static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
362static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
363static atomic_t sdeb_inject_pending;
364
365struct opcode_info_t {
366 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
367 /* for terminating element */
368 u8 opcode; /* if num_attached > 0, preferred */
369 u16 sa; /* service action */
370 u32 flags; /* OR-ed set of SDEB_F_* */
371 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
372 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
373 u8 len_mask[16]; /* len_mask[0]-->cdb_len, then mask for cdb */
374 /* 1 to min(cdb_len, 15); ignore cdb[15...] */
375};
376
377/* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
378enum sdeb_opcode_index {
379 SDEB_I_INVALID_OPCODE = 0,
380 SDEB_I_INQUIRY = 1,
381 SDEB_I_REPORT_LUNS = 2,
382 SDEB_I_REQUEST_SENSE = 3,
383 SDEB_I_TEST_UNIT_READY = 4,
384 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
385 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
386 SDEB_I_LOG_SENSE = 7,
387 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
388 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
389 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
390 SDEB_I_START_STOP = 11,
391 SDEB_I_SERV_ACT_IN_16 = 12, /* add ...SERV_ACT_IN_12 if needed */
392 SDEB_I_SERV_ACT_OUT_16 = 13, /* add ...SERV_ACT_OUT_12 if needed */
393 SDEB_I_MAINT_IN = 14,
394 SDEB_I_MAINT_OUT = 15,
395 SDEB_I_VERIFY = 16, /* VERIFY(10), VERIFY(16) */
396 SDEB_I_VARIABLE_LEN = 17, /* READ(32), WRITE(32), WR_SCAT(32) */
397 SDEB_I_RESERVE = 18, /* 6, 10 */
398 SDEB_I_RELEASE = 19, /* 6, 10 */
399 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
400 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
401 SDEB_I_ATA_PT = 22, /* 12, 16 */
402 SDEB_I_SEND_DIAG = 23,
403 SDEB_I_UNMAP = 24,
404 SDEB_I_WRITE_BUFFER = 25,
405 SDEB_I_WRITE_SAME = 26, /* 10, 16 */
406 SDEB_I_SYNC_CACHE = 27, /* 10, 16 */
407 SDEB_I_COMP_WRITE = 28,
408 SDEB_I_PRE_FETCH = 29, /* 10, 16 */
409 SDEB_I_ZONE_OUT = 30, /* 0x94+SA; includes no data xfer */
410 SDEB_I_ZONE_IN = 31, /* 0x95+SA; all have data-in */
411 SDEB_I_LAST_ELEM_P1 = 32, /* keep this last (previous + 1) */
412};
413
414
415static const unsigned char opcode_ind_arr[256] = {
416/* 0x0; 0x0->0x1f: 6 byte cdbs */
417 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
418 0, 0, 0, 0,
419 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
420 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
421 SDEB_I_RELEASE,
422 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
423 SDEB_I_ALLOW_REMOVAL, 0,
424/* 0x20; 0x20->0x3f: 10 byte cdbs */
425 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
426 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
427 0, 0, 0, 0, SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, 0,
428 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
429/* 0x40; 0x40->0x5f: 10 byte cdbs */
430 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
431 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
432 0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
433 SDEB_I_RELEASE,
434 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
435/* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
436 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
437 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
438 0, SDEB_I_VARIABLE_LEN,
439/* 0x80; 0x80->0x9f: 16 byte cdbs */
440 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
441 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0,
442 0, 0, 0, SDEB_I_VERIFY,
443 SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME,
444 SDEB_I_ZONE_OUT, SDEB_I_ZONE_IN, 0, 0,
445 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
446/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
447 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
448 SDEB_I_MAINT_OUT, 0, 0, 0,
449 SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
450 0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
451 0, 0, 0, 0, 0, 0, 0, 0,
452 0, 0, 0, 0, 0, 0, 0, 0,
453/* 0xc0; 0xc0->0xff: vendor specific */
454 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
455 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
456 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
457 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
458};
459
460/*
461 * The following "response" functions return the SCSI mid-level's 4 byte
462 * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
463 * command completion, they can mask their return value with
464 * SDEG_RES_IMMED_MASK .
465 */
466#define SDEG_RES_IMMED_MASK 0x40000000
467
468static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
469static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
470static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
471static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
472static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
473static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
474static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
475static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
476static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
477static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
478static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
479static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
480static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
481static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
482static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
483static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
484static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
485static int resp_verify(struct scsi_cmnd *, struct sdebug_dev_info *);
486static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
487static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
488static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
489static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
490static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
491static int resp_pre_fetch(struct scsi_cmnd *, struct sdebug_dev_info *);
492static int resp_report_zones(struct scsi_cmnd *, struct sdebug_dev_info *);
493static int resp_open_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
494static int resp_close_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
495static int resp_finish_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
496static int resp_rwp_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
497
498static int sdebug_do_add_host(bool mk_new_store);
499static int sdebug_add_host_helper(int per_host_idx);
500static void sdebug_do_remove_host(bool the_end);
501static int sdebug_add_store(void);
502static void sdebug_erase_store(int idx, struct sdeb_store_info *sip);
503static void sdebug_erase_all_stores(bool apart_from_first);
504
505/*
506 * The following are overflow arrays for cdbs that "hit" the same index in
507 * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
508 * should be placed in opcode_info_arr[], the others should be placed here.
509 */
510static const struct opcode_info_t msense_iarr[] = {
511 {0, 0x1a, 0, F_D_IN, NULL, NULL,
512 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
513};
514
515static const struct opcode_info_t mselect_iarr[] = {
516 {0, 0x15, 0, F_D_OUT, NULL, NULL,
517 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
518};
519
520static const struct opcode_info_t read_iarr[] = {
521 {0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
522 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
523 0, 0, 0, 0} },
524 {0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
525 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
526 {0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
527 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
528 0xc7, 0, 0, 0, 0} },
529};
530
531static const struct opcode_info_t write_iarr[] = {
532 {0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(10) */
533 NULL, {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
534 0, 0, 0, 0, 0, 0} },
535 {0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(6) */
536 NULL, {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
537 0, 0, 0} },
538 {0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(12) */
539 NULL, {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
540 0xbf, 0xc7, 0, 0, 0, 0} },
541};
542
543static const struct opcode_info_t verify_iarr[] = {
544 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,/* VERIFY(10) */
545 NULL, {10, 0xf7, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xff, 0xff, 0xc7,
546 0, 0, 0, 0, 0, 0} },
547};
548
549static const struct opcode_info_t sa_in_16_iarr[] = {
550 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
551 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
552 0xff, 0xff, 0xff, 0, 0xc7} }, /* GET LBA STATUS(16) */
553};
554
555static const struct opcode_info_t vl_iarr[] = { /* VARIABLE LENGTH */
556 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
557 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
558 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
559 {0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
560 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
561 0, 0xff, 0xff, 0x0, 0x0} }, /* WRITE SCATTERED(32) */
562};
563
564static const struct opcode_info_t maint_in_iarr[] = { /* MAINT IN */
565 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
566 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
567 0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
568 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
569 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
570 0, 0} }, /* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
571};
572
573static const struct opcode_info_t write_same_iarr[] = {
574 {0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
575 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
576 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* WRITE SAME(16) */
577};
578
579static const struct opcode_info_t reserve_iarr[] = {
580 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
581 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
582};
583
584static const struct opcode_info_t release_iarr[] = {
585 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
586 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
587};
588
589static const struct opcode_info_t sync_cache_iarr[] = {
590 {0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
591 {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
592 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* SYNC_CACHE (16) */
593};
594
595static const struct opcode_info_t pre_fetch_iarr[] = {
596 {0, 0x90, 0, F_SYNC_DELAY | FF_MEDIA_IO, resp_pre_fetch, NULL,
597 {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
598 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* PRE-FETCH (16) */
599};
600
601static const struct opcode_info_t zone_out_iarr[] = { /* ZONE OUT(16) */
602 {0, 0x94, 0x1, F_SA_LOW | F_M_ACCESS, resp_close_zone, NULL,
603 {16, 0x1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
604 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* CLOSE ZONE */
605 {0, 0x94, 0x2, F_SA_LOW | F_M_ACCESS, resp_finish_zone, NULL,
606 {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
607 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* FINISH ZONE */
608 {0, 0x94, 0x4, F_SA_LOW | F_M_ACCESS, resp_rwp_zone, NULL,
609 {16, 0x4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
610 0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} }, /* RESET WRITE POINTER */
611};
612
613static const struct opcode_info_t zone_in_iarr[] = { /* ZONE IN(16) */
614 {0, 0x95, 0x6, F_SA_LOW | F_D_IN | F_M_ACCESS, NULL, NULL,
615 {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
616 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* REPORT ZONES */
617};
618
619
620/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
621 * plus the terminating elements for logic that scans this table such as
622 * REPORT SUPPORTED OPERATION CODES. */
623static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEM_P1 + 1] = {
624/* 0 */
625 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* unknown opcodes */
626 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
627 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
628 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
629 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
630 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
631 0, 0} }, /* REPORT LUNS */
632 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
633 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
634 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
635 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
636/* 5 */
637 {ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN, /* MODE SENSE(10) */
638 resp_mode_sense, msense_iarr, {10, 0xf8, 0xff, 0xff, 0, 0, 0,
639 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
640 {ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT, /* MODE SELECT(10) */
641 resp_mode_select, mselect_iarr, {10, 0xf1, 0, 0, 0, 0, 0, 0xff,
642 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
643 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL, /* LOG SENSE */
644 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
645 0, 0, 0} },
646 {0, 0x25, 0, F_D_IN, resp_readcap, NULL, /* READ CAPACITY(10) */
647 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
648 0, 0} },
649 {ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
650 resp_read_dt0, read_iarr, {16, 0xfe, 0xff, 0xff, 0xff, 0xff,
651 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
652/* 10 */
653 {ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
654 resp_write_dt0, write_iarr, /* WRITE(16) */
655 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
656 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
657 {0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
658 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
659 {ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
660 resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
661 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
662 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
663 {0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
664 NULL, {16, 0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
665 0xff, 0xff, 0xff, 0xff, 0xc7} }, /* SA_OUT(16), WRITE SCAT(16) */
666 {ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
667 resp_report_tgtpgs, /* MAINT IN, REPORT TARGET PORT GROUPS */
668 maint_in_iarr, {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
669 0xff, 0, 0xc7, 0, 0, 0, 0} },
670/* 15 */
671 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
672 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
673 {ARRAY_SIZE(verify_iarr), 0x8f, 0,
674 F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify, /* VERIFY(16) */
675 verify_iarr, {16, 0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
676 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },
677 {ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
678 resp_read_dt0, vl_iarr, /* VARIABLE LENGTH, READ(32) */
679 {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
680 0xff, 0xff} },
681 {ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
682 NULL, reserve_iarr, /* RESERVE(10) <no response function> */
683 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
684 0} },
685 {ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
686 NULL, release_iarr, /* RELEASE(10) <no response function> */
687 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
688 0} },
689/* 20 */
690 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
691 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
692 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
693 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
694 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
695 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
696 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
697 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
698 {0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
699 {10, 0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
700/* 25 */
701 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
702 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
703 0, 0, 0, 0} }, /* WRITE_BUFFER */
704 {ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
705 resp_write_same_10, write_same_iarr, /* WRITE SAME(10) */
706 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
707 0, 0, 0, 0, 0} },
708 {ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
709 resp_sync_cache, sync_cache_iarr,
710 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
711 0, 0, 0, 0} }, /* SYNC_CACHE (10) */
712 {0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
713 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
714 0, 0xff, 0x3f, 0xc7} }, /* COMPARE AND WRITE */
715 {ARRAY_SIZE(pre_fetch_iarr), 0x34, 0, F_SYNC_DELAY | FF_MEDIA_IO,
716 resp_pre_fetch, pre_fetch_iarr,
717 {10, 0x2, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
718 0, 0, 0, 0} }, /* PRE-FETCH (10) */
719
720/* 30 */
721 {ARRAY_SIZE(zone_out_iarr), 0x94, 0x3, F_SA_LOW | F_M_ACCESS,
722 resp_open_zone, zone_out_iarr, /* ZONE_OUT(16), OPEN ZONE) */
723 {16, 0x3 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
724 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0x1, 0xc7} },
725 {ARRAY_SIZE(zone_in_iarr), 0x95, 0x0, F_SA_LOW | F_M_ACCESS,
726 resp_report_zones, zone_in_iarr, /* ZONE_IN(16), REPORT ZONES) */
727 {16, 0x0 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
728 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xc7} },
729/* sentinel */
730 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
731 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
732};
733
734static int sdebug_num_hosts;
735static int sdebug_add_host = DEF_NUM_HOST; /* in sysfs this is relative */
736static int sdebug_ato = DEF_ATO;
737static int sdebug_cdb_len = DEF_CDB_LEN;
738static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
739static int sdebug_dev_size_mb = DEF_DEV_SIZE_PRE_INIT;
740static int sdebug_dif = DEF_DIF;
741static int sdebug_dix = DEF_DIX;
742static int sdebug_dsense = DEF_D_SENSE;
743static int sdebug_every_nth = DEF_EVERY_NTH;
744static int sdebug_fake_rw = DEF_FAKE_RW;
745static unsigned int sdebug_guard = DEF_GUARD;
746static int sdebug_host_max_queue; /* per host */
747static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
748static int sdebug_max_luns = DEF_MAX_LUNS;
749static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
750static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
751static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
752static atomic_t retired_max_queue; /* if > 0 then was prior max_queue */
753static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
754static int sdebug_no_lun_0 = DEF_NO_LUN_0;
755static int sdebug_no_uld;
756static int sdebug_num_parts = DEF_NUM_PARTS;
757static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
758static int sdebug_opt_blks = DEF_OPT_BLKS;
759static int sdebug_opts = DEF_OPTS;
760static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
761static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
762static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
763static int sdebug_scsi_level = DEF_SCSI_LEVEL;
764static int sdebug_sector_size = DEF_SECTOR_SIZE;
765static int sdeb_tur_ms_to_ready = DEF_TUR_MS_TO_READY;
766static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
767static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
768static unsigned int sdebug_lbpu = DEF_LBPU;
769static unsigned int sdebug_lbpws = DEF_LBPWS;
770static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
771static unsigned int sdebug_lbprz = DEF_LBPRZ;
772static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
773static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
774static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
775static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
776static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
777static int sdebug_uuid_ctl = DEF_UUID_CTL;
778static bool sdebug_random = DEF_RANDOM;
779static bool sdebug_per_host_store = DEF_PER_HOST_STORE;
780static bool sdebug_removable = DEF_REMOVABLE;
781static bool sdebug_clustering;
782static bool sdebug_host_lock = DEF_HOST_LOCK;
783static bool sdebug_strict = DEF_STRICT;
784static bool sdebug_any_injecting_opt;
785static bool sdebug_verbose;
786static bool have_dif_prot;
787static bool write_since_sync;
788static bool sdebug_statistics = DEF_STATISTICS;
789static bool sdebug_wp;
790/* Following enum: 0: no zbc, def; 1: host aware; 2: host managed */
791static enum blk_zoned_model sdeb_zbc_model = BLK_ZONED_NONE;
792static char *sdeb_zbc_model_s;
793
794static unsigned int sdebug_store_sectors;
795static sector_t sdebug_capacity; /* in sectors */
796
797/* old BIOS stuff, kernel may get rid of them but some mode sense pages
798 may still need them */
799static int sdebug_heads; /* heads per disk */
800static int sdebug_cylinders_per; /* cylinders per surface */
801static int sdebug_sectors_per; /* sectors per cylinder */
802
803static LIST_HEAD(sdebug_host_list);
804static DEFINE_SPINLOCK(sdebug_host_list_lock);
805
806static struct xarray per_store_arr;
807static struct xarray *per_store_ap = &per_store_arr;
808static int sdeb_first_idx = -1; /* invalid index ==> none created */
809static int sdeb_most_recent_idx = -1;
810static DEFINE_RWLOCK(sdeb_fake_rw_lck); /* need a RW lock when fake_rw=1 */
811
812static unsigned long map_size;
813static int num_aborts;
814static int num_dev_resets;
815static int num_target_resets;
816static int num_bus_resets;
817static int num_host_resets;
818static int dix_writes;
819static int dix_reads;
820static int dif_errors;
821
822/* ZBC global data */
823static bool sdeb_zbc_in_use; /* true for host-aware and host-managed disks */
824static int sdeb_zbc_zone_size_mb;
825static int sdeb_zbc_max_open = DEF_ZBC_MAX_OPEN_ZONES;
826static int sdeb_zbc_nr_conv = DEF_ZBC_NR_CONV_ZONES;
827
828static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
829static struct sdebug_queue *sdebug_q_arr; /* ptr to array of submit queues */
830
831static DEFINE_RWLOCK(atomic_rw);
832static DEFINE_RWLOCK(atomic_rw2);
833
834static rwlock_t *ramdisk_lck_a[2];
835
836static char sdebug_proc_name[] = MY_NAME;
837static const char *my_name = MY_NAME;
838
839static struct bus_type pseudo_lld_bus;
840
841static struct device_driver sdebug_driverfs_driver = {
842 .name = sdebug_proc_name,
843 .bus = &pseudo_lld_bus,
844};
845
846static const int check_condition_result =
847 (DRIVER_SENSE << 24) | SAM_STAT_CHECK_CONDITION;
848
849static const int illegal_condition_result =
850 (DRIVER_SENSE << 24) | (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
851
852static const int device_qfull_result =
853 (DID_OK << 16) | (COMMAND_COMPLETE << 8) | SAM_STAT_TASK_SET_FULL;
854
855static const int condition_met_result = SAM_STAT_CONDITION_MET;
856
857
858/* Only do the extra work involved in logical block provisioning if one or
859 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
860 * real reads and writes (i.e. not skipping them for speed).
861 */
862static inline bool scsi_debug_lbp(void)
863{
864 return 0 == sdebug_fake_rw &&
865 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
866}
867
868static void *lba2fake_store(struct sdeb_store_info *sip,
869 unsigned long long lba)
870{
871 struct sdeb_store_info *lsip = sip;
872
873 lba = do_div(lba, sdebug_store_sectors);
874 if (!sip || !sip->storep) {
875 WARN_ON_ONCE(true);
876 lsip = xa_load(per_store_ap, 0); /* should never be NULL */
877 }
878 return lsip->storep + lba * sdebug_sector_size;
879}
880
881static struct t10_pi_tuple *dif_store(struct sdeb_store_info *sip,
882 sector_t sector)
883{
884 sector = sector_div(sector, sdebug_store_sectors);
885
886 return sip->dif_storep + sector;
887}
888
889static void sdebug_max_tgts_luns(void)
890{
891 struct sdebug_host_info *sdbg_host;
892 struct Scsi_Host *hpnt;
893
894 spin_lock(&sdebug_host_list_lock);
895 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
896 hpnt = sdbg_host->shost;
897 if ((hpnt->this_id >= 0) &&
898 (sdebug_num_tgts > hpnt->this_id))
899 hpnt->max_id = sdebug_num_tgts + 1;
900 else
901 hpnt->max_id = sdebug_num_tgts;
902 /* sdebug_max_luns; */
903 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
904 }
905 spin_unlock(&sdebug_host_list_lock);
906}
907
908enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
909
910/* Set in_bit to -1 to indicate no bit position of invalid field */
911static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
912 enum sdeb_cmd_data c_d,
913 int in_byte, int in_bit)
914{
915 unsigned char *sbuff;
916 u8 sks[4];
917 int sl, asc;
918
919 sbuff = scp->sense_buffer;
920 if (!sbuff) {
921 sdev_printk(KERN_ERR, scp->device,
922 "%s: sense_buffer is NULL\n", __func__);
923 return;
924 }
925 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
926 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
927 scsi_build_sense_buffer(sdebug_dsense, sbuff, ILLEGAL_REQUEST, asc, 0);
928 memset(sks, 0, sizeof(sks));
929 sks[0] = 0x80;
930 if (c_d)
931 sks[0] |= 0x40;
932 if (in_bit >= 0) {
933 sks[0] |= 0x8;
934 sks[0] |= 0x7 & in_bit;
935 }
936 put_unaligned_be16(in_byte, sks + 1);
937 if (sdebug_dsense) {
938 sl = sbuff[7] + 8;
939 sbuff[7] = sl;
940 sbuff[sl] = 0x2;
941 sbuff[sl + 1] = 0x6;
942 memcpy(sbuff + sl + 4, sks, 3);
943 } else
944 memcpy(sbuff + 15, sks, 3);
945 if (sdebug_verbose)
946 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
947 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
948 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
949}
950
951static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
952{
953 unsigned char *sbuff;
954
955 sbuff = scp->sense_buffer;
956 if (!sbuff) {
957 sdev_printk(KERN_ERR, scp->device,
958 "%s: sense_buffer is NULL\n", __func__);
959 return;
960 }
961 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
962
963 scsi_build_sense_buffer(sdebug_dsense, sbuff, key, asc, asq);
964
965 if (sdebug_verbose)
966 sdev_printk(KERN_INFO, scp->device,
967 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
968 my_name, key, asc, asq);
969}
970
971static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
972{
973 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
974}
975
976static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
977 void __user *arg)
978{
979 if (sdebug_verbose) {
980 if (0x1261 == cmd)
981 sdev_printk(KERN_INFO, dev,
982 "%s: BLKFLSBUF [0x1261]\n", __func__);
983 else if (0x5331 == cmd)
984 sdev_printk(KERN_INFO, dev,
985 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
986 __func__);
987 else
988 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
989 __func__, cmd);
990 }
991 return -EINVAL;
992 /* return -ENOTTY; // correct return but upsets fdisk */
993}
994
995static void config_cdb_len(struct scsi_device *sdev)
996{
997 switch (sdebug_cdb_len) {
998 case 6: /* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
999 sdev->use_10_for_rw = false;
1000 sdev->use_16_for_rw = false;
1001 sdev->use_10_for_ms = false;
1002 break;
1003 case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
1004 sdev->use_10_for_rw = true;
1005 sdev->use_16_for_rw = false;
1006 sdev->use_10_for_ms = false;
1007 break;
1008 case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
1009 sdev->use_10_for_rw = true;
1010 sdev->use_16_for_rw = false;
1011 sdev->use_10_for_ms = true;
1012 break;
1013 case 16:
1014 sdev->use_10_for_rw = false;
1015 sdev->use_16_for_rw = true;
1016 sdev->use_10_for_ms = true;
1017 break;
1018 case 32: /* No knobs to suggest this so same as 16 for now */
1019 sdev->use_10_for_rw = false;
1020 sdev->use_16_for_rw = true;
1021 sdev->use_10_for_ms = true;
1022 break;
1023 default:
1024 pr_warn("unexpected cdb_len=%d, force to 10\n",
1025 sdebug_cdb_len);
1026 sdev->use_10_for_rw = true;
1027 sdev->use_16_for_rw = false;
1028 sdev->use_10_for_ms = false;
1029 sdebug_cdb_len = 10;
1030 break;
1031 }
1032}
1033
1034static void all_config_cdb_len(void)
1035{
1036 struct sdebug_host_info *sdbg_host;
1037 struct Scsi_Host *shost;
1038 struct scsi_device *sdev;
1039
1040 spin_lock(&sdebug_host_list_lock);
1041 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1042 shost = sdbg_host->shost;
1043 shost_for_each_device(sdev, shost) {
1044 config_cdb_len(sdev);
1045 }
1046 }
1047 spin_unlock(&sdebug_host_list_lock);
1048}
1049
1050static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
1051{
1052 struct sdebug_host_info *sdhp;
1053 struct sdebug_dev_info *dp;
1054
1055 spin_lock(&sdebug_host_list_lock);
1056 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
1057 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
1058 if ((devip->sdbg_host == dp->sdbg_host) &&
1059 (devip->target == dp->target))
1060 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
1061 }
1062 }
1063 spin_unlock(&sdebug_host_list_lock);
1064}
1065
1066static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1067{
1068 int k;
1069
1070 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
1071 if (k != SDEBUG_NUM_UAS) {
1072 const char *cp = NULL;
1073
1074 switch (k) {
1075 case SDEBUG_UA_POR:
1076 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1077 POWER_ON_RESET_ASCQ);
1078 if (sdebug_verbose)
1079 cp = "power on reset";
1080 break;
1081 case SDEBUG_UA_BUS_RESET:
1082 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1083 BUS_RESET_ASCQ);
1084 if (sdebug_verbose)
1085 cp = "bus reset";
1086 break;
1087 case SDEBUG_UA_MODE_CHANGED:
1088 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1089 MODE_CHANGED_ASCQ);
1090 if (sdebug_verbose)
1091 cp = "mode parameters changed";
1092 break;
1093 case SDEBUG_UA_CAPACITY_CHANGED:
1094 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1095 CAPACITY_CHANGED_ASCQ);
1096 if (sdebug_verbose)
1097 cp = "capacity data changed";
1098 break;
1099 case SDEBUG_UA_MICROCODE_CHANGED:
1100 mk_sense_buffer(scp, UNIT_ATTENTION,
1101 TARGET_CHANGED_ASC,
1102 MICROCODE_CHANGED_ASCQ);
1103 if (sdebug_verbose)
1104 cp = "microcode has been changed";
1105 break;
1106 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
1107 mk_sense_buffer(scp, UNIT_ATTENTION,
1108 TARGET_CHANGED_ASC,
1109 MICROCODE_CHANGED_WO_RESET_ASCQ);
1110 if (sdebug_verbose)
1111 cp = "microcode has been changed without reset";
1112 break;
1113 case SDEBUG_UA_LUNS_CHANGED:
1114 /*
1115 * SPC-3 behavior is to report a UNIT ATTENTION with
1116 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
1117 * on the target, until a REPORT LUNS command is
1118 * received. SPC-4 behavior is to report it only once.
1119 * NOTE: sdebug_scsi_level does not use the same
1120 * values as struct scsi_device->scsi_level.
1121 */
1122 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
1123 clear_luns_changed_on_target(devip);
1124 mk_sense_buffer(scp, UNIT_ATTENTION,
1125 TARGET_CHANGED_ASC,
1126 LUNS_CHANGED_ASCQ);
1127 if (sdebug_verbose)
1128 cp = "reported luns data has changed";
1129 break;
1130 default:
1131 pr_warn("unexpected unit attention code=%d\n", k);
1132 if (sdebug_verbose)
1133 cp = "unknown";
1134 break;
1135 }
1136 clear_bit(k, devip->uas_bm);
1137 if (sdebug_verbose)
1138 sdev_printk(KERN_INFO, scp->device,
1139 "%s reports: Unit attention: %s\n",
1140 my_name, cp);
1141 return check_condition_result;
1142 }
1143 return 0;
1144}
1145
1146/* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1147static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1148 int arr_len)
1149{
1150 int act_len;
1151 struct scsi_data_buffer *sdb = &scp->sdb;
1152
1153 if (!sdb->length)
1154 return 0;
1155 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1156 return DID_ERROR << 16;
1157
1158 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1159 arr, arr_len);
1160 scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1161
1162 return 0;
1163}
1164
1165/* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1166 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1167 * calls, not required to write in ascending offset order. Assumes resid
1168 * set to scsi_bufflen() prior to any calls.
1169 */
1170static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1171 int arr_len, unsigned int off_dst)
1172{
1173 unsigned int act_len, n;
1174 struct scsi_data_buffer *sdb = &scp->sdb;
1175 off_t skip = off_dst;
1176
1177 if (sdb->length <= off_dst)
1178 return 0;
1179 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1180 return DID_ERROR << 16;
1181
1182 act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1183 arr, arr_len, skip);
1184 pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1185 __func__, off_dst, scsi_bufflen(scp), act_len,
1186 scsi_get_resid(scp));
1187 n = scsi_bufflen(scp) - (off_dst + act_len);
1188 scsi_set_resid(scp, min_t(int, scsi_get_resid(scp), n));
1189 return 0;
1190}
1191
1192/* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1193 * 'arr' or -1 if error.
1194 */
1195static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1196 int arr_len)
1197{
1198 if (!scsi_bufflen(scp))
1199 return 0;
1200 if (scp->sc_data_direction != DMA_TO_DEVICE)
1201 return -1;
1202
1203 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1204}
1205
1206
1207static char sdebug_inq_vendor_id[9] = "Linux ";
1208static char sdebug_inq_product_id[17] = "scsi_debug ";
1209static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1210/* Use some locally assigned NAAs for SAS addresses. */
1211static const u64 naa3_comp_a = 0x3222222000000000ULL;
1212static const u64 naa3_comp_b = 0x3333333000000000ULL;
1213static const u64 naa3_comp_c = 0x3111111000000000ULL;
1214
1215/* Device identification VPD page. Returns number of bytes placed in arr */
1216static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1217 int target_dev_id, int dev_id_num,
1218 const char *dev_id_str, int dev_id_str_len,
1219 const uuid_t *lu_name)
1220{
1221 int num, port_a;
1222 char b[32];
1223
1224 port_a = target_dev_id + 1;
1225 /* T10 vendor identifier field format (faked) */
1226 arr[0] = 0x2; /* ASCII */
1227 arr[1] = 0x1;
1228 arr[2] = 0x0;
1229 memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1230 memcpy(&arr[12], sdebug_inq_product_id, 16);
1231 memcpy(&arr[28], dev_id_str, dev_id_str_len);
1232 num = 8 + 16 + dev_id_str_len;
1233 arr[3] = num;
1234 num += 4;
1235 if (dev_id_num >= 0) {
1236 if (sdebug_uuid_ctl) {
1237 /* Locally assigned UUID */
1238 arr[num++] = 0x1; /* binary (not necessarily sas) */
1239 arr[num++] = 0xa; /* PIV=0, lu, naa */
1240 arr[num++] = 0x0;
1241 arr[num++] = 0x12;
1242 arr[num++] = 0x10; /* uuid type=1, locally assigned */
1243 arr[num++] = 0x0;
1244 memcpy(arr + num, lu_name, 16);
1245 num += 16;
1246 } else {
1247 /* NAA-3, Logical unit identifier (binary) */
1248 arr[num++] = 0x1; /* binary (not necessarily sas) */
1249 arr[num++] = 0x3; /* PIV=0, lu, naa */
1250 arr[num++] = 0x0;
1251 arr[num++] = 0x8;
1252 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1253 num += 8;
1254 }
1255 /* Target relative port number */
1256 arr[num++] = 0x61; /* proto=sas, binary */
1257 arr[num++] = 0x94; /* PIV=1, target port, rel port */
1258 arr[num++] = 0x0; /* reserved */
1259 arr[num++] = 0x4; /* length */
1260 arr[num++] = 0x0; /* reserved */
1261 arr[num++] = 0x0; /* reserved */
1262 arr[num++] = 0x0;
1263 arr[num++] = 0x1; /* relative port A */
1264 }
1265 /* NAA-3, Target port identifier */
1266 arr[num++] = 0x61; /* proto=sas, binary */
1267 arr[num++] = 0x93; /* piv=1, target port, naa */
1268 arr[num++] = 0x0;
1269 arr[num++] = 0x8;
1270 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1271 num += 8;
1272 /* NAA-3, Target port group identifier */
1273 arr[num++] = 0x61; /* proto=sas, binary */
1274 arr[num++] = 0x95; /* piv=1, target port group id */
1275 arr[num++] = 0x0;
1276 arr[num++] = 0x4;
1277 arr[num++] = 0;
1278 arr[num++] = 0;
1279 put_unaligned_be16(port_group_id, arr + num);
1280 num += 2;
1281 /* NAA-3, Target device identifier */
1282 arr[num++] = 0x61; /* proto=sas, binary */
1283 arr[num++] = 0xa3; /* piv=1, target device, naa */
1284 arr[num++] = 0x0;
1285 arr[num++] = 0x8;
1286 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1287 num += 8;
1288 /* SCSI name string: Target device identifier */
1289 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1290 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1291 arr[num++] = 0x0;
1292 arr[num++] = 24;
1293 memcpy(arr + num, "naa.32222220", 12);
1294 num += 12;
1295 snprintf(b, sizeof(b), "%08X", target_dev_id);
1296 memcpy(arr + num, b, 8);
1297 num += 8;
1298 memset(arr + num, 0, 4);
1299 num += 4;
1300 return num;
1301}
1302
1303static unsigned char vpd84_data[] = {
1304/* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1305 0x22,0x22,0x22,0x0,0xbb,0x1,
1306 0x22,0x22,0x22,0x0,0xbb,0x2,
1307};
1308
1309/* Software interface identification VPD page */
1310static int inquiry_vpd_84(unsigned char *arr)
1311{
1312 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1313 return sizeof(vpd84_data);
1314}
1315
1316/* Management network addresses VPD page */
1317static int inquiry_vpd_85(unsigned char *arr)
1318{
1319 int num = 0;
1320 const char *na1 = "https://www.kernel.org/config";
1321 const char *na2 = "http://www.kernel.org/log";
1322 int plen, olen;
1323
1324 arr[num++] = 0x1; /* lu, storage config */
1325 arr[num++] = 0x0; /* reserved */
1326 arr[num++] = 0x0;
1327 olen = strlen(na1);
1328 plen = olen + 1;
1329 if (plen % 4)
1330 plen = ((plen / 4) + 1) * 4;
1331 arr[num++] = plen; /* length, null termianted, padded */
1332 memcpy(arr + num, na1, olen);
1333 memset(arr + num + olen, 0, plen - olen);
1334 num += plen;
1335
1336 arr[num++] = 0x4; /* lu, logging */
1337 arr[num++] = 0x0; /* reserved */
1338 arr[num++] = 0x0;
1339 olen = strlen(na2);
1340 plen = olen + 1;
1341 if (plen % 4)
1342 plen = ((plen / 4) + 1) * 4;
1343 arr[num++] = plen; /* length, null terminated, padded */
1344 memcpy(arr + num, na2, olen);
1345 memset(arr + num + olen, 0, plen - olen);
1346 num += plen;
1347
1348 return num;
1349}
1350
1351/* SCSI ports VPD page */
1352static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1353{
1354 int num = 0;
1355 int port_a, port_b;
1356
1357 port_a = target_dev_id + 1;
1358 port_b = port_a + 1;
1359 arr[num++] = 0x0; /* reserved */
1360 arr[num++] = 0x0; /* reserved */
1361 arr[num++] = 0x0;
1362 arr[num++] = 0x1; /* relative port 1 (primary) */
1363 memset(arr + num, 0, 6);
1364 num += 6;
1365 arr[num++] = 0x0;
1366 arr[num++] = 12; /* length tp descriptor */
1367 /* naa-5 target port identifier (A) */
1368 arr[num++] = 0x61; /* proto=sas, binary */
1369 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1370 arr[num++] = 0x0; /* reserved */
1371 arr[num++] = 0x8; /* length */
1372 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1373 num += 8;
1374 arr[num++] = 0x0; /* reserved */
1375 arr[num++] = 0x0; /* reserved */
1376 arr[num++] = 0x0;
1377 arr[num++] = 0x2; /* relative port 2 (secondary) */
1378 memset(arr + num, 0, 6);
1379 num += 6;
1380 arr[num++] = 0x0;
1381 arr[num++] = 12; /* length tp descriptor */
1382 /* naa-5 target port identifier (B) */
1383 arr[num++] = 0x61; /* proto=sas, binary */
1384 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1385 arr[num++] = 0x0; /* reserved */
1386 arr[num++] = 0x8; /* length */
1387 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1388 num += 8;
1389
1390 return num;
1391}
1392
1393
1394static unsigned char vpd89_data[] = {
1395/* from 4th byte */ 0,0,0,0,
1396'l','i','n','u','x',' ',' ',' ',
1397'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1398'1','2','3','4',
13990x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
14000xec,0,0,0,
14010x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
14020,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
14030x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
14040x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
14050x53,0x41,
14060x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
14070x20,0x20,
14080x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
14090x10,0x80,
14100,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
14110x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
14120x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
14130,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
14140x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
14150x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
14160,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
14170,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14180,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14190,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14200x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
14210,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
14220xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
14230,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
14240,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14250,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14260,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14270,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14280,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14290,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14300,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14310,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14320,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14330,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14340,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14350,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1436};
1437
1438/* ATA Information VPD page */
1439static int inquiry_vpd_89(unsigned char *arr)
1440{
1441 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1442 return sizeof(vpd89_data);
1443}
1444
1445
1446static unsigned char vpdb0_data[] = {
1447 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1448 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1449 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1450 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1451};
1452
1453/* Block limits VPD page (SBC-3) */
1454static int inquiry_vpd_b0(unsigned char *arr)
1455{
1456 unsigned int gran;
1457
1458 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1459
1460 /* Optimal transfer length granularity */
1461 if (sdebug_opt_xferlen_exp != 0 &&
1462 sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1463 gran = 1 << sdebug_opt_xferlen_exp;
1464 else
1465 gran = 1 << sdebug_physblk_exp;
1466 put_unaligned_be16(gran, arr + 2);
1467
1468 /* Maximum Transfer Length */
1469 if (sdebug_store_sectors > 0x400)
1470 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1471
1472 /* Optimal Transfer Length */
1473 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1474
1475 if (sdebug_lbpu) {
1476 /* Maximum Unmap LBA Count */
1477 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1478
1479 /* Maximum Unmap Block Descriptor Count */
1480 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1481 }
1482
1483 /* Unmap Granularity Alignment */
1484 if (sdebug_unmap_alignment) {
1485 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1486 arr[28] |= 0x80; /* UGAVALID */
1487 }
1488
1489 /* Optimal Unmap Granularity */
1490 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1491
1492 /* Maximum WRITE SAME Length */
1493 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1494
1495 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1496
1497 return sizeof(vpdb0_data);
1498}
1499
1500/* Block device characteristics VPD page (SBC-3) */
1501static int inquiry_vpd_b1(struct sdebug_dev_info *devip, unsigned char *arr)
1502{
1503 memset(arr, 0, 0x3c);
1504 arr[0] = 0;
1505 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1506 arr[2] = 0;
1507 arr[3] = 5; /* less than 1.8" */
1508 if (devip->zmodel == BLK_ZONED_HA)
1509 arr[4] = 1 << 4; /* zoned field = 01b */
1510
1511 return 0x3c;
1512}
1513
1514/* Logical block provisioning VPD page (SBC-4) */
1515static int inquiry_vpd_b2(unsigned char *arr)
1516{
1517 memset(arr, 0, 0x4);
1518 arr[0] = 0; /* threshold exponent */
1519 if (sdebug_lbpu)
1520 arr[1] = 1 << 7;
1521 if (sdebug_lbpws)
1522 arr[1] |= 1 << 6;
1523 if (sdebug_lbpws10)
1524 arr[1] |= 1 << 5;
1525 if (sdebug_lbprz && scsi_debug_lbp())
1526 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1527 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1528 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1529 /* threshold_percentage=0 */
1530 return 0x4;
1531}
1532
1533/* Zoned block device characteristics VPD page (ZBC mandatory) */
1534static int inquiry_vpd_b6(struct sdebug_dev_info *devip, unsigned char *arr)
1535{
1536 memset(arr, 0, 0x3c);
1537 arr[0] = 0x1; /* set URSWRZ (unrestricted read in seq. wr req zone) */
1538 /*
1539 * Set Optimal number of open sequential write preferred zones and
1540 * Optimal number of non-sequentially written sequential write
1541 * preferred zones fields to 'not reported' (0xffffffff). Leave other
1542 * fields set to zero, apart from Max. number of open swrz_s field.
1543 */
1544 put_unaligned_be32(0xffffffff, &arr[4]);
1545 put_unaligned_be32(0xffffffff, &arr[8]);
1546 if (sdeb_zbc_model == BLK_ZONED_HM && devip->max_open)
1547 put_unaligned_be32(devip->max_open, &arr[12]);
1548 else
1549 put_unaligned_be32(0xffffffff, &arr[12]);
1550 return 0x3c;
1551}
1552
1553#define SDEBUG_LONG_INQ_SZ 96
1554#define SDEBUG_MAX_INQ_ARR_SZ 584
1555
1556static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1557{
1558 unsigned char pq_pdt;
1559 unsigned char *arr;
1560 unsigned char *cmd = scp->cmnd;
1561 int alloc_len, n, ret;
1562 bool have_wlun, is_disk, is_zbc, is_disk_zbc;
1563
1564 alloc_len = get_unaligned_be16(cmd + 3);
1565 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1566 if (! arr)
1567 return DID_REQUEUE << 16;
1568 is_disk = (sdebug_ptype == TYPE_DISK);
1569 is_zbc = (devip->zmodel != BLK_ZONED_NONE);
1570 is_disk_zbc = (is_disk || is_zbc);
1571 have_wlun = scsi_is_wlun(scp->device->lun);
1572 if (have_wlun)
1573 pq_pdt = TYPE_WLUN; /* present, wlun */
1574 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1575 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1576 else
1577 pq_pdt = (sdebug_ptype & 0x1f);
1578 arr[0] = pq_pdt;
1579 if (0x2 & cmd[1]) { /* CMDDT bit set */
1580 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1581 kfree(arr);
1582 return check_condition_result;
1583 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1584 int lu_id_num, port_group_id, target_dev_id, len;
1585 char lu_id_str[6];
1586 int host_no = devip->sdbg_host->shost->host_no;
1587
1588 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1589 (devip->channel & 0x7f);
1590 if (sdebug_vpd_use_hostno == 0)
1591 host_no = 0;
1592 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1593 (devip->target * 1000) + devip->lun);
1594 target_dev_id = ((host_no + 1) * 2000) +
1595 (devip->target * 1000) - 3;
1596 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1597 if (0 == cmd[2]) { /* supported vital product data pages */
1598 arr[1] = cmd[2]; /*sanity */
1599 n = 4;
1600 arr[n++] = 0x0; /* this page */
1601 arr[n++] = 0x80; /* unit serial number */
1602 arr[n++] = 0x83; /* device identification */
1603 arr[n++] = 0x84; /* software interface ident. */
1604 arr[n++] = 0x85; /* management network addresses */
1605 arr[n++] = 0x86; /* extended inquiry */
1606 arr[n++] = 0x87; /* mode page policy */
1607 arr[n++] = 0x88; /* SCSI ports */
1608 if (is_disk_zbc) { /* SBC or ZBC */
1609 arr[n++] = 0x89; /* ATA information */
1610 arr[n++] = 0xb0; /* Block limits */
1611 arr[n++] = 0xb1; /* Block characteristics */
1612 if (is_disk)
1613 arr[n++] = 0xb2; /* LB Provisioning */
1614 if (is_zbc)
1615 arr[n++] = 0xb6; /* ZB dev. char. */
1616 }
1617 arr[3] = n - 4; /* number of supported VPD pages */
1618 } else if (0x80 == cmd[2]) { /* unit serial number */
1619 arr[1] = cmd[2]; /*sanity */
1620 arr[3] = len;
1621 memcpy(&arr[4], lu_id_str, len);
1622 } else if (0x83 == cmd[2]) { /* device identification */
1623 arr[1] = cmd[2]; /*sanity */
1624 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1625 target_dev_id, lu_id_num,
1626 lu_id_str, len,
1627 &devip->lu_name);
1628 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1629 arr[1] = cmd[2]; /*sanity */
1630 arr[3] = inquiry_vpd_84(&arr[4]);
1631 } else if (0x85 == cmd[2]) { /* Management network addresses */
1632 arr[1] = cmd[2]; /*sanity */
1633 arr[3] = inquiry_vpd_85(&arr[4]);
1634 } else if (0x86 == cmd[2]) { /* extended inquiry */
1635 arr[1] = cmd[2]; /*sanity */
1636 arr[3] = 0x3c; /* number of following entries */
1637 if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1638 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1639 else if (have_dif_prot)
1640 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1641 else
1642 arr[4] = 0x0; /* no protection stuff */
1643 arr[5] = 0x7; /* head of q, ordered + simple q's */
1644 } else if (0x87 == cmd[2]) { /* mode page policy */
1645 arr[1] = cmd[2]; /*sanity */
1646 arr[3] = 0x8; /* number of following entries */
1647 arr[4] = 0x2; /* disconnect-reconnect mp */
1648 arr[6] = 0x80; /* mlus, shared */
1649 arr[8] = 0x18; /* protocol specific lu */
1650 arr[10] = 0x82; /* mlus, per initiator port */
1651 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1652 arr[1] = cmd[2]; /*sanity */
1653 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1654 } else if (is_disk_zbc && 0x89 == cmd[2]) { /* ATA info */
1655 arr[1] = cmd[2]; /*sanity */
1656 n = inquiry_vpd_89(&arr[4]);
1657 put_unaligned_be16(n, arr + 2);
1658 } else if (is_disk_zbc && 0xb0 == cmd[2]) { /* Block limits */
1659 arr[1] = cmd[2]; /*sanity */
1660 arr[3] = inquiry_vpd_b0(&arr[4]);
1661 } else if (is_disk_zbc && 0xb1 == cmd[2]) { /* Block char. */
1662 arr[1] = cmd[2]; /*sanity */
1663 arr[3] = inquiry_vpd_b1(devip, &arr[4]);
1664 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1665 arr[1] = cmd[2]; /*sanity */
1666 arr[3] = inquiry_vpd_b2(&arr[4]);
1667 } else if (is_zbc && cmd[2] == 0xb6) { /* ZB dev. charact. */
1668 arr[1] = cmd[2]; /*sanity */
1669 arr[3] = inquiry_vpd_b6(devip, &arr[4]);
1670 } else {
1671 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1672 kfree(arr);
1673 return check_condition_result;
1674 }
1675 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1676 ret = fill_from_dev_buffer(scp, arr,
1677 min(len, SDEBUG_MAX_INQ_ARR_SZ));
1678 kfree(arr);
1679 return ret;
1680 }
1681 /* drops through here for a standard inquiry */
1682 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
1683 arr[2] = sdebug_scsi_level;
1684 arr[3] = 2; /* response_data_format==2 */
1685 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1686 arr[5] = (int)have_dif_prot; /* PROTECT bit */
1687 if (sdebug_vpd_use_hostno == 0)
1688 arr[5] |= 0x10; /* claim: implicit TPGS */
1689 arr[6] = 0x10; /* claim: MultiP */
1690 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1691 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1692 memcpy(&arr[8], sdebug_inq_vendor_id, 8);
1693 memcpy(&arr[16], sdebug_inq_product_id, 16);
1694 memcpy(&arr[32], sdebug_inq_product_rev, 4);
1695 /* Use Vendor Specific area to place driver date in ASCII hex */
1696 memcpy(&arr[36], sdebug_version_date, 8);
1697 /* version descriptors (2 bytes each) follow */
1698 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
1699 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
1700 n = 62;
1701 if (is_disk) { /* SBC-4 no version claimed */
1702 put_unaligned_be16(0x600, arr + n);
1703 n += 2;
1704 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1705 put_unaligned_be16(0x525, arr + n);
1706 n += 2;
1707 } else if (is_zbc) { /* ZBC BSR INCITS 536 revision 05 */
1708 put_unaligned_be16(0x624, arr + n);
1709 n += 2;
1710 }
1711 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
1712 ret = fill_from_dev_buffer(scp, arr,
1713 min_t(int, alloc_len, SDEBUG_LONG_INQ_SZ));
1714 kfree(arr);
1715 return ret;
1716}
1717
1718/* See resp_iec_m_pg() for how this data is manipulated */
1719static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1720 0, 0, 0x0, 0x0};
1721
1722static int resp_requests(struct scsi_cmnd *scp,
1723 struct sdebug_dev_info *devip)
1724{
1725 unsigned char *cmd = scp->cmnd;
1726 unsigned char arr[SCSI_SENSE_BUFFERSIZE]; /* assume >= 18 bytes */
1727 bool dsense = !!(cmd[1] & 1);
1728 int alloc_len = cmd[4];
1729 int len = 18;
1730 int stopped_state = atomic_read(&devip->stopped);
1731
1732 memset(arr, 0, sizeof(arr));
1733 if (stopped_state > 0) { /* some "pollable" data [spc6r02: 5.12.2] */
1734 if (dsense) {
1735 arr[0] = 0x72;
1736 arr[1] = NOT_READY;
1737 arr[2] = LOGICAL_UNIT_NOT_READY;
1738 arr[3] = (stopped_state == 2) ? 0x1 : 0x2;
1739 len = 8;
1740 } else {
1741 arr[0] = 0x70;
1742 arr[2] = NOT_READY; /* NO_SENSE in sense_key */
1743 arr[7] = 0xa; /* 18 byte sense buffer */
1744 arr[12] = LOGICAL_UNIT_NOT_READY;
1745 arr[13] = (stopped_state == 2) ? 0x1 : 0x2;
1746 }
1747 } else if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1748 /* Information exceptions control mode page: TEST=1, MRIE=6 */
1749 if (dsense) {
1750 arr[0] = 0x72;
1751 arr[1] = 0x0; /* NO_SENSE in sense_key */
1752 arr[2] = THRESHOLD_EXCEEDED;
1753 arr[3] = 0xff; /* Failure prediction(false) */
1754 len = 8;
1755 } else {
1756 arr[0] = 0x70;
1757 arr[2] = 0x0; /* NO_SENSE in sense_key */
1758 arr[7] = 0xa; /* 18 byte sense buffer */
1759 arr[12] = THRESHOLD_EXCEEDED;
1760 arr[13] = 0xff; /* Failure prediction(false) */
1761 }
1762 } else { /* nothing to report */
1763 if (dsense) {
1764 len = 8;
1765 memset(arr, 0, len);
1766 arr[0] = 0x72;
1767 } else {
1768 memset(arr, 0, len);
1769 arr[0] = 0x70;
1770 arr[7] = 0xa;
1771 }
1772 }
1773 return fill_from_dev_buffer(scp, arr, min_t(int, len, alloc_len));
1774}
1775
1776static int resp_start_stop(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1777{
1778 unsigned char *cmd = scp->cmnd;
1779 int power_cond, want_stop, stopped_state;
1780 bool changing;
1781
1782 power_cond = (cmd[4] & 0xf0) >> 4;
1783 if (power_cond) {
1784 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1785 return check_condition_result;
1786 }
1787 want_stop = !(cmd[4] & 1);
1788 stopped_state = atomic_read(&devip->stopped);
1789 if (stopped_state == 2) {
1790 ktime_t now_ts = ktime_get_boottime();
1791
1792 if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
1793 u64 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
1794
1795 if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
1796 /* tur_ms_to_ready timer extinguished */
1797 atomic_set(&devip->stopped, 0);
1798 stopped_state = 0;
1799 }
1800 }
1801 if (stopped_state == 2) {
1802 if (want_stop) {
1803 stopped_state = 1; /* dummy up success */
1804 } else { /* Disallow tur_ms_to_ready delay to be overridden */
1805 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 0 /* START bit */);
1806 return check_condition_result;
1807 }
1808 }
1809 }
1810 changing = (stopped_state != want_stop);
1811 if (changing)
1812 atomic_xchg(&devip->stopped, want_stop);
1813 if (!changing || (cmd[1] & 0x1)) /* state unchanged or IMMED bit set in cdb */
1814 return SDEG_RES_IMMED_MASK;
1815 else
1816 return 0;
1817}
1818
1819static sector_t get_sdebug_capacity(void)
1820{
1821 static const unsigned int gibibyte = 1073741824;
1822
1823 if (sdebug_virtual_gb > 0)
1824 return (sector_t)sdebug_virtual_gb *
1825 (gibibyte / sdebug_sector_size);
1826 else
1827 return sdebug_store_sectors;
1828}
1829
1830#define SDEBUG_READCAP_ARR_SZ 8
1831static int resp_readcap(struct scsi_cmnd *scp,
1832 struct sdebug_dev_info *devip)
1833{
1834 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1835 unsigned int capac;
1836
1837 /* following just in case virtual_gb changed */
1838 sdebug_capacity = get_sdebug_capacity();
1839 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1840 if (sdebug_capacity < 0xffffffff) {
1841 capac = (unsigned int)sdebug_capacity - 1;
1842 put_unaligned_be32(capac, arr + 0);
1843 } else
1844 put_unaligned_be32(0xffffffff, arr + 0);
1845 put_unaligned_be16(sdebug_sector_size, arr + 6);
1846 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1847}
1848
1849#define SDEBUG_READCAP16_ARR_SZ 32
1850static int resp_readcap16(struct scsi_cmnd *scp,
1851 struct sdebug_dev_info *devip)
1852{
1853 unsigned char *cmd = scp->cmnd;
1854 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1855 int alloc_len;
1856
1857 alloc_len = get_unaligned_be32(cmd + 10);
1858 /* following just in case virtual_gb changed */
1859 sdebug_capacity = get_sdebug_capacity();
1860 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1861 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1862 put_unaligned_be32(sdebug_sector_size, arr + 8);
1863 arr[13] = sdebug_physblk_exp & 0xf;
1864 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1865
1866 if (scsi_debug_lbp()) {
1867 arr[14] |= 0x80; /* LBPME */
1868 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1869 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1870 * in the wider field maps to 0 in this field.
1871 */
1872 if (sdebug_lbprz & 1) /* precisely what the draft requires */
1873 arr[14] |= 0x40;
1874 }
1875
1876 arr[15] = sdebug_lowest_aligned & 0xff;
1877
1878 if (have_dif_prot) {
1879 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1880 arr[12] |= 1; /* PROT_EN */
1881 }
1882
1883 return fill_from_dev_buffer(scp, arr,
1884 min_t(int, alloc_len, SDEBUG_READCAP16_ARR_SZ));
1885}
1886
1887#define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1888
1889static int resp_report_tgtpgs(struct scsi_cmnd *scp,
1890 struct sdebug_dev_info *devip)
1891{
1892 unsigned char *cmd = scp->cmnd;
1893 unsigned char *arr;
1894 int host_no = devip->sdbg_host->shost->host_no;
1895 int n, ret, alen, rlen;
1896 int port_group_a, port_group_b, port_a, port_b;
1897
1898 alen = get_unaligned_be32(cmd + 6);
1899 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1900 if (! arr)
1901 return DID_REQUEUE << 16;
1902 /*
1903 * EVPD page 0x88 states we have two ports, one
1904 * real and a fake port with no device connected.
1905 * So we create two port groups with one port each
1906 * and set the group with port B to unavailable.
1907 */
1908 port_a = 0x1; /* relative port A */
1909 port_b = 0x2; /* relative port B */
1910 port_group_a = (((host_no + 1) & 0x7f) << 8) +
1911 (devip->channel & 0x7f);
1912 port_group_b = (((host_no + 1) & 0x7f) << 8) +
1913 (devip->channel & 0x7f) + 0x80;
1914
1915 /*
1916 * The asymmetric access state is cycled according to the host_id.
1917 */
1918 n = 4;
1919 if (sdebug_vpd_use_hostno == 0) {
1920 arr[n++] = host_no % 3; /* Asymm access state */
1921 arr[n++] = 0x0F; /* claim: all states are supported */
1922 } else {
1923 arr[n++] = 0x0; /* Active/Optimized path */
1924 arr[n++] = 0x01; /* only support active/optimized paths */
1925 }
1926 put_unaligned_be16(port_group_a, arr + n);
1927 n += 2;
1928 arr[n++] = 0; /* Reserved */
1929 arr[n++] = 0; /* Status code */
1930 arr[n++] = 0; /* Vendor unique */
1931 arr[n++] = 0x1; /* One port per group */
1932 arr[n++] = 0; /* Reserved */
1933 arr[n++] = 0; /* Reserved */
1934 put_unaligned_be16(port_a, arr + n);
1935 n += 2;
1936 arr[n++] = 3; /* Port unavailable */
1937 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1938 put_unaligned_be16(port_group_b, arr + n);
1939 n += 2;
1940 arr[n++] = 0; /* Reserved */
1941 arr[n++] = 0; /* Status code */
1942 arr[n++] = 0; /* Vendor unique */
1943 arr[n++] = 0x1; /* One port per group */
1944 arr[n++] = 0; /* Reserved */
1945 arr[n++] = 0; /* Reserved */
1946 put_unaligned_be16(port_b, arr + n);
1947 n += 2;
1948
1949 rlen = n - 4;
1950 put_unaligned_be32(rlen, arr + 0);
1951
1952 /*
1953 * Return the smallest value of either
1954 * - The allocated length
1955 * - The constructed command length
1956 * - The maximum array size
1957 */
1958 rlen = min_t(int, alen, n);
1959 ret = fill_from_dev_buffer(scp, arr,
1960 min_t(int, rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1961 kfree(arr);
1962 return ret;
1963}
1964
1965static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1966 struct sdebug_dev_info *devip)
1967{
1968 bool rctd;
1969 u8 reporting_opts, req_opcode, sdeb_i, supp;
1970 u16 req_sa, u;
1971 u32 alloc_len, a_len;
1972 int k, offset, len, errsts, count, bump, na;
1973 const struct opcode_info_t *oip;
1974 const struct opcode_info_t *r_oip;
1975 u8 *arr;
1976 u8 *cmd = scp->cmnd;
1977
1978 rctd = !!(cmd[2] & 0x80);
1979 reporting_opts = cmd[2] & 0x7;
1980 req_opcode = cmd[3];
1981 req_sa = get_unaligned_be16(cmd + 4);
1982 alloc_len = get_unaligned_be32(cmd + 6);
1983 if (alloc_len < 4 || alloc_len > 0xffff) {
1984 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1985 return check_condition_result;
1986 }
1987 if (alloc_len > 8192)
1988 a_len = 8192;
1989 else
1990 a_len = alloc_len;
1991 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1992 if (NULL == arr) {
1993 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1994 INSUFF_RES_ASCQ);
1995 return check_condition_result;
1996 }
1997 switch (reporting_opts) {
1998 case 0: /* all commands */
1999 /* count number of commands */
2000 for (count = 0, oip = opcode_info_arr;
2001 oip->num_attached != 0xff; ++oip) {
2002 if (F_INV_OP & oip->flags)
2003 continue;
2004 count += (oip->num_attached + 1);
2005 }
2006 bump = rctd ? 20 : 8;
2007 put_unaligned_be32(count * bump, arr);
2008 for (offset = 4, oip = opcode_info_arr;
2009 oip->num_attached != 0xff && offset < a_len; ++oip) {
2010 if (F_INV_OP & oip->flags)
2011 continue;
2012 na = oip->num_attached;
2013 arr[offset] = oip->opcode;
2014 put_unaligned_be16(oip->sa, arr + offset + 2);
2015 if (rctd)
2016 arr[offset + 5] |= 0x2;
2017 if (FF_SA & oip->flags)
2018 arr[offset + 5] |= 0x1;
2019 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
2020 if (rctd)
2021 put_unaligned_be16(0xa, arr + offset + 8);
2022 r_oip = oip;
2023 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
2024 if (F_INV_OP & oip->flags)
2025 continue;
2026 offset += bump;
2027 arr[offset] = oip->opcode;
2028 put_unaligned_be16(oip->sa, arr + offset + 2);
2029 if (rctd)
2030 arr[offset + 5] |= 0x2;
2031 if (FF_SA & oip->flags)
2032 arr[offset + 5] |= 0x1;
2033 put_unaligned_be16(oip->len_mask[0],
2034 arr + offset + 6);
2035 if (rctd)
2036 put_unaligned_be16(0xa,
2037 arr + offset + 8);
2038 }
2039 oip = r_oip;
2040 offset += bump;
2041 }
2042 break;
2043 case 1: /* one command: opcode only */
2044 case 2: /* one command: opcode plus service action */
2045 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
2046 sdeb_i = opcode_ind_arr[req_opcode];
2047 oip = &opcode_info_arr[sdeb_i];
2048 if (F_INV_OP & oip->flags) {
2049 supp = 1;
2050 offset = 4;
2051 } else {
2052 if (1 == reporting_opts) {
2053 if (FF_SA & oip->flags) {
2054 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
2055 2, 2);
2056 kfree(arr);
2057 return check_condition_result;
2058 }
2059 req_sa = 0;
2060 } else if (2 == reporting_opts &&
2061 0 == (FF_SA & oip->flags)) {
2062 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
2063 kfree(arr); /* point at requested sa */
2064 return check_condition_result;
2065 }
2066 if (0 == (FF_SA & oip->flags) &&
2067 req_opcode == oip->opcode)
2068 supp = 3;
2069 else if (0 == (FF_SA & oip->flags)) {
2070 na = oip->num_attached;
2071 for (k = 0, oip = oip->arrp; k < na;
2072 ++k, ++oip) {
2073 if (req_opcode == oip->opcode)
2074 break;
2075 }
2076 supp = (k >= na) ? 1 : 3;
2077 } else if (req_sa != oip->sa) {
2078 na = oip->num_attached;
2079 for (k = 0, oip = oip->arrp; k < na;
2080 ++k, ++oip) {
2081 if (req_sa == oip->sa)
2082 break;
2083 }
2084 supp = (k >= na) ? 1 : 3;
2085 } else
2086 supp = 3;
2087 if (3 == supp) {
2088 u = oip->len_mask[0];
2089 put_unaligned_be16(u, arr + 2);
2090 arr[4] = oip->opcode;
2091 for (k = 1; k < u; ++k)
2092 arr[4 + k] = (k < 16) ?
2093 oip->len_mask[k] : 0xff;
2094 offset = 4 + u;
2095 } else
2096 offset = 4;
2097 }
2098 arr[1] = (rctd ? 0x80 : 0) | supp;
2099 if (rctd) {
2100 put_unaligned_be16(0xa, arr + offset);
2101 offset += 12;
2102 }
2103 break;
2104 default:
2105 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
2106 kfree(arr);
2107 return check_condition_result;
2108 }
2109 offset = (offset < a_len) ? offset : a_len;
2110 len = (offset < alloc_len) ? offset : alloc_len;
2111 errsts = fill_from_dev_buffer(scp, arr, len);
2112 kfree(arr);
2113 return errsts;
2114}
2115
2116static int resp_rsup_tmfs(struct scsi_cmnd *scp,
2117 struct sdebug_dev_info *devip)
2118{
2119 bool repd;
2120 u32 alloc_len, len;
2121 u8 arr[16];
2122 u8 *cmd = scp->cmnd;
2123
2124 memset(arr, 0, sizeof(arr));
2125 repd = !!(cmd[2] & 0x80);
2126 alloc_len = get_unaligned_be32(cmd + 6);
2127 if (alloc_len < 4) {
2128 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2129 return check_condition_result;
2130 }
2131 arr[0] = 0xc8; /* ATS | ATSS | LURS */
2132 arr[1] = 0x1; /* ITNRS */
2133 if (repd) {
2134 arr[3] = 0xc;
2135 len = 16;
2136 } else
2137 len = 4;
2138
2139 len = (len < alloc_len) ? len : alloc_len;
2140 return fill_from_dev_buffer(scp, arr, len);
2141}
2142
2143/* <<Following mode page info copied from ST318451LW>> */
2144
2145static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
2146{ /* Read-Write Error Recovery page for mode_sense */
2147 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
2148 5, 0, 0xff, 0xff};
2149
2150 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
2151 if (1 == pcontrol)
2152 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
2153 return sizeof(err_recov_pg);
2154}
2155
2156static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
2157{ /* Disconnect-Reconnect page for mode_sense */
2158 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
2159 0, 0, 0, 0, 0, 0, 0, 0};
2160
2161 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
2162 if (1 == pcontrol)
2163 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
2164 return sizeof(disconnect_pg);
2165}
2166
2167static int resp_format_pg(unsigned char *p, int pcontrol, int target)
2168{ /* Format device page for mode_sense */
2169 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
2170 0, 0, 0, 0, 0, 0, 0, 0,
2171 0, 0, 0, 0, 0x40, 0, 0, 0};
2172
2173 memcpy(p, format_pg, sizeof(format_pg));
2174 put_unaligned_be16(sdebug_sectors_per, p + 10);
2175 put_unaligned_be16(sdebug_sector_size, p + 12);
2176 if (sdebug_removable)
2177 p[20] |= 0x20; /* should agree with INQUIRY */
2178 if (1 == pcontrol)
2179 memset(p + 2, 0, sizeof(format_pg) - 2);
2180 return sizeof(format_pg);
2181}
2182
2183static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2184 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
2185 0, 0, 0, 0};
2186
2187static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
2188{ /* Caching page for mode_sense */
2189 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
2190 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2191 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2192 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
2193
2194 if (SDEBUG_OPT_N_WCE & sdebug_opts)
2195 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
2196 memcpy(p, caching_pg, sizeof(caching_pg));
2197 if (1 == pcontrol)
2198 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2199 else if (2 == pcontrol)
2200 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2201 return sizeof(caching_pg);
2202}
2203
2204static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2205 0, 0, 0x2, 0x4b};
2206
2207static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2208{ /* Control mode page for mode_sense */
2209 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2210 0, 0, 0, 0};
2211 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2212 0, 0, 0x2, 0x4b};
2213
2214 if (sdebug_dsense)
2215 ctrl_m_pg[2] |= 0x4;
2216 else
2217 ctrl_m_pg[2] &= ~0x4;
2218
2219 if (sdebug_ato)
2220 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2221
2222 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2223 if (1 == pcontrol)
2224 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2225 else if (2 == pcontrol)
2226 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2227 return sizeof(ctrl_m_pg);
2228}
2229
2230
2231static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2232{ /* Informational Exceptions control mode page for mode_sense */
2233 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2234 0, 0, 0x0, 0x0};
2235 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2236 0, 0, 0x0, 0x0};
2237
2238 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2239 if (1 == pcontrol)
2240 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2241 else if (2 == pcontrol)
2242 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2243 return sizeof(iec_m_pg);
2244}
2245
2246static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2247{ /* SAS SSP mode page - short format for mode_sense */
2248 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2249 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2250
2251 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2252 if (1 == pcontrol)
2253 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2254 return sizeof(sas_sf_m_pg);
2255}
2256
2257
2258static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2259 int target_dev_id)
2260{ /* SAS phy control and discover mode page for mode_sense */
2261 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2262 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2263 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2264 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2265 0x2, 0, 0, 0, 0, 0, 0, 0,
2266 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2267 0, 0, 0, 0, 0, 0, 0, 0,
2268 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2269 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2270 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2271 0x3, 0, 0, 0, 0, 0, 0, 0,
2272 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2273 0, 0, 0, 0, 0, 0, 0, 0,
2274 };
2275 int port_a, port_b;
2276
2277 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2278 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2279 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2280 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2281 port_a = target_dev_id + 1;
2282 port_b = port_a + 1;
2283 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2284 put_unaligned_be32(port_a, p + 20);
2285 put_unaligned_be32(port_b, p + 48 + 20);
2286 if (1 == pcontrol)
2287 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2288 return sizeof(sas_pcd_m_pg);
2289}
2290
2291static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2292{ /* SAS SSP shared protocol specific port mode subpage */
2293 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2294 0, 0, 0, 0, 0, 0, 0, 0,
2295 };
2296
2297 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2298 if (1 == pcontrol)
2299 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2300 return sizeof(sas_sha_m_pg);
2301}
2302
2303#define SDEBUG_MAX_MSENSE_SZ 256
2304
2305static int resp_mode_sense(struct scsi_cmnd *scp,
2306 struct sdebug_dev_info *devip)
2307{
2308 int pcontrol, pcode, subpcode, bd_len;
2309 unsigned char dev_spec;
2310 int alloc_len, offset, len, target_dev_id;
2311 int target = scp->device->id;
2312 unsigned char *ap;
2313 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2314 unsigned char *cmd = scp->cmnd;
2315 bool dbd, llbaa, msense_6, is_disk, is_zbc, bad_pcode;
2316
2317 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
2318 pcontrol = (cmd[2] & 0xc0) >> 6;
2319 pcode = cmd[2] & 0x3f;
2320 subpcode = cmd[3];
2321 msense_6 = (MODE_SENSE == cmd[0]);
2322 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2323 is_disk = (sdebug_ptype == TYPE_DISK);
2324 is_zbc = (devip->zmodel != BLK_ZONED_NONE);
2325 if ((is_disk || is_zbc) && !dbd)
2326 bd_len = llbaa ? 16 : 8;
2327 else
2328 bd_len = 0;
2329 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2330 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2331 if (0x3 == pcontrol) { /* Saving values not supported */
2332 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2333 return check_condition_result;
2334 }
2335 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2336 (devip->target * 1000) - 3;
2337 /* for disks+zbc set DPOFUA bit and clear write protect (WP) bit */
2338 if (is_disk || is_zbc) {
2339 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
2340 if (sdebug_wp)
2341 dev_spec |= 0x80;
2342 } else
2343 dev_spec = 0x0;
2344 if (msense_6) {
2345 arr[2] = dev_spec;
2346 arr[3] = bd_len;
2347 offset = 4;
2348 } else {
2349 arr[3] = dev_spec;
2350 if (16 == bd_len)
2351 arr[4] = 0x1; /* set LONGLBA bit */
2352 arr[7] = bd_len; /* assume 255 or less */
2353 offset = 8;
2354 }
2355 ap = arr + offset;
2356 if ((bd_len > 0) && (!sdebug_capacity))
2357 sdebug_capacity = get_sdebug_capacity();
2358
2359 if (8 == bd_len) {
2360 if (sdebug_capacity > 0xfffffffe)
2361 put_unaligned_be32(0xffffffff, ap + 0);
2362 else
2363 put_unaligned_be32(sdebug_capacity, ap + 0);
2364 put_unaligned_be16(sdebug_sector_size, ap + 6);
2365 offset += bd_len;
2366 ap = arr + offset;
2367 } else if (16 == bd_len) {
2368 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2369 put_unaligned_be32(sdebug_sector_size, ap + 12);
2370 offset += bd_len;
2371 ap = arr + offset;
2372 }
2373
2374 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2375 /* TODO: Control Extension page */
2376 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2377 return check_condition_result;
2378 }
2379 bad_pcode = false;
2380
2381 switch (pcode) {
2382 case 0x1: /* Read-Write error recovery page, direct access */
2383 len = resp_err_recov_pg(ap, pcontrol, target);
2384 offset += len;
2385 break;
2386 case 0x2: /* Disconnect-Reconnect page, all devices */
2387 len = resp_disconnect_pg(ap, pcontrol, target);
2388 offset += len;
2389 break;
2390 case 0x3: /* Format device page, direct access */
2391 if (is_disk) {
2392 len = resp_format_pg(ap, pcontrol, target);
2393 offset += len;
2394 } else
2395 bad_pcode = true;
2396 break;
2397 case 0x8: /* Caching page, direct access */
2398 if (is_disk || is_zbc) {
2399 len = resp_caching_pg(ap, pcontrol, target);
2400 offset += len;
2401 } else
2402 bad_pcode = true;
2403 break;
2404 case 0xa: /* Control Mode page, all devices */
2405 len = resp_ctrl_m_pg(ap, pcontrol, target);
2406 offset += len;
2407 break;
2408 case 0x19: /* if spc==1 then sas phy, control+discover */
2409 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2410 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2411 return check_condition_result;
2412 }
2413 len = 0;
2414 if ((0x0 == subpcode) || (0xff == subpcode))
2415 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2416 if ((0x1 == subpcode) || (0xff == subpcode))
2417 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2418 target_dev_id);
2419 if ((0x2 == subpcode) || (0xff == subpcode))
2420 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2421 offset += len;
2422 break;
2423 case 0x1c: /* Informational Exceptions Mode page, all devices */
2424 len = resp_iec_m_pg(ap, pcontrol, target);
2425 offset += len;
2426 break;
2427 case 0x3f: /* Read all Mode pages */
2428 if ((0 == subpcode) || (0xff == subpcode)) {
2429 len = resp_err_recov_pg(ap, pcontrol, target);
2430 len += resp_disconnect_pg(ap + len, pcontrol, target);
2431 if (is_disk) {
2432 len += resp_format_pg(ap + len, pcontrol,
2433 target);
2434 len += resp_caching_pg(ap + len, pcontrol,
2435 target);
2436 } else if (is_zbc) {
2437 len += resp_caching_pg(ap + len, pcontrol,
2438 target);
2439 }
2440 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2441 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2442 if (0xff == subpcode) {
2443 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2444 target, target_dev_id);
2445 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2446 }
2447 len += resp_iec_m_pg(ap + len, pcontrol, target);
2448 offset += len;
2449 } else {
2450 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2451 return check_condition_result;
2452 }
2453 break;
2454 default:
2455 bad_pcode = true;
2456 break;
2457 }
2458 if (bad_pcode) {
2459 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2460 return check_condition_result;
2461 }
2462 if (msense_6)
2463 arr[0] = offset - 1;
2464 else
2465 put_unaligned_be16((offset - 2), arr + 0);
2466 return fill_from_dev_buffer(scp, arr, min_t(int, alloc_len, offset));
2467}
2468
2469#define SDEBUG_MAX_MSELECT_SZ 512
2470
2471static int resp_mode_select(struct scsi_cmnd *scp,
2472 struct sdebug_dev_info *devip)
2473{
2474 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2475 int param_len, res, mpage;
2476 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2477 unsigned char *cmd = scp->cmnd;
2478 int mselect6 = (MODE_SELECT == cmd[0]);
2479
2480 memset(arr, 0, sizeof(arr));
2481 pf = cmd[1] & 0x10;
2482 sp = cmd[1] & 0x1;
2483 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2484 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2485 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2486 return check_condition_result;
2487 }
2488 res = fetch_to_dev_buffer(scp, arr, param_len);
2489 if (-1 == res)
2490 return DID_ERROR << 16;
2491 else if (sdebug_verbose && (res < param_len))
2492 sdev_printk(KERN_INFO, scp->device,
2493 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2494 __func__, param_len, res);
2495 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2496 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2497 if (md_len > 2) {
2498 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2499 return check_condition_result;
2500 }
2501 off = bd_len + (mselect6 ? 4 : 8);
2502 mpage = arr[off] & 0x3f;
2503 ps = !!(arr[off] & 0x80);
2504 if (ps) {
2505 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2506 return check_condition_result;
2507 }
2508 spf = !!(arr[off] & 0x40);
2509 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2510 (arr[off + 1] + 2);
2511 if ((pg_len + off) > param_len) {
2512 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2513 PARAMETER_LIST_LENGTH_ERR, 0);
2514 return check_condition_result;
2515 }
2516 switch (mpage) {
2517 case 0x8: /* Caching Mode page */
2518 if (caching_pg[1] == arr[off + 1]) {
2519 memcpy(caching_pg + 2, arr + off + 2,
2520 sizeof(caching_pg) - 2);
2521 goto set_mode_changed_ua;
2522 }
2523 break;
2524 case 0xa: /* Control Mode page */
2525 if (ctrl_m_pg[1] == arr[off + 1]) {
2526 memcpy(ctrl_m_pg + 2, arr + off + 2,
2527 sizeof(ctrl_m_pg) - 2);
2528 if (ctrl_m_pg[4] & 0x8)
2529 sdebug_wp = true;
2530 else
2531 sdebug_wp = false;
2532 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2533 goto set_mode_changed_ua;
2534 }
2535 break;
2536 case 0x1c: /* Informational Exceptions Mode page */
2537 if (iec_m_pg[1] == arr[off + 1]) {
2538 memcpy(iec_m_pg + 2, arr + off + 2,
2539 sizeof(iec_m_pg) - 2);
2540 goto set_mode_changed_ua;
2541 }
2542 break;
2543 default:
2544 break;
2545 }
2546 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2547 return check_condition_result;
2548set_mode_changed_ua:
2549 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2550 return 0;
2551}
2552
2553static int resp_temp_l_pg(unsigned char *arr)
2554{
2555 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2556 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2557 };
2558
2559 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2560 return sizeof(temp_l_pg);
2561}
2562
2563static int resp_ie_l_pg(unsigned char *arr)
2564{
2565 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2566 };
2567
2568 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2569 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2570 arr[4] = THRESHOLD_EXCEEDED;
2571 arr[5] = 0xff;
2572 }
2573 return sizeof(ie_l_pg);
2574}
2575
2576#define SDEBUG_MAX_LSENSE_SZ 512
2577
2578static int resp_log_sense(struct scsi_cmnd *scp,
2579 struct sdebug_dev_info *devip)
2580{
2581 int ppc, sp, pcode, subpcode, alloc_len, len, n;
2582 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2583 unsigned char *cmd = scp->cmnd;
2584
2585 memset(arr, 0, sizeof(arr));
2586 ppc = cmd[1] & 0x2;
2587 sp = cmd[1] & 0x1;
2588 if (ppc || sp) {
2589 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2590 return check_condition_result;
2591 }
2592 pcode = cmd[2] & 0x3f;
2593 subpcode = cmd[3] & 0xff;
2594 alloc_len = get_unaligned_be16(cmd + 7);
2595 arr[0] = pcode;
2596 if (0 == subpcode) {
2597 switch (pcode) {
2598 case 0x0: /* Supported log pages log page */
2599 n = 4;
2600 arr[n++] = 0x0; /* this page */
2601 arr[n++] = 0xd; /* Temperature */
2602 arr[n++] = 0x2f; /* Informational exceptions */
2603 arr[3] = n - 4;
2604 break;
2605 case 0xd: /* Temperature log page */
2606 arr[3] = resp_temp_l_pg(arr + 4);
2607 break;
2608 case 0x2f: /* Informational exceptions log page */
2609 arr[3] = resp_ie_l_pg(arr + 4);
2610 break;
2611 default:
2612 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2613 return check_condition_result;
2614 }
2615 } else if (0xff == subpcode) {
2616 arr[0] |= 0x40;
2617 arr[1] = subpcode;
2618 switch (pcode) {
2619 case 0x0: /* Supported log pages and subpages log page */
2620 n = 4;
2621 arr[n++] = 0x0;
2622 arr[n++] = 0x0; /* 0,0 page */
2623 arr[n++] = 0x0;
2624 arr[n++] = 0xff; /* this page */
2625 arr[n++] = 0xd;
2626 arr[n++] = 0x0; /* Temperature */
2627 arr[n++] = 0x2f;
2628 arr[n++] = 0x0; /* Informational exceptions */
2629 arr[3] = n - 4;
2630 break;
2631 case 0xd: /* Temperature subpages */
2632 n = 4;
2633 arr[n++] = 0xd;
2634 arr[n++] = 0x0; /* Temperature */
2635 arr[3] = n - 4;
2636 break;
2637 case 0x2f: /* Informational exceptions subpages */
2638 n = 4;
2639 arr[n++] = 0x2f;
2640 arr[n++] = 0x0; /* Informational exceptions */
2641 arr[3] = n - 4;
2642 break;
2643 default:
2644 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2645 return check_condition_result;
2646 }
2647 } else {
2648 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2649 return check_condition_result;
2650 }
2651 len = min_t(int, get_unaligned_be16(arr + 2) + 4, alloc_len);
2652 return fill_from_dev_buffer(scp, arr,
2653 min_t(int, len, SDEBUG_MAX_INQ_ARR_SZ));
2654}
2655
2656static inline bool sdebug_dev_is_zoned(struct sdebug_dev_info *devip)
2657{
2658 return devip->nr_zones != 0;
2659}
2660
2661static struct sdeb_zone_state *zbc_zone(struct sdebug_dev_info *devip,
2662 unsigned long long lba)
2663{
2664 return &devip->zstate[lba >> devip->zsize_shift];
2665}
2666
2667static inline bool zbc_zone_is_conv(struct sdeb_zone_state *zsp)
2668{
2669 return zsp->z_type == ZBC_ZONE_TYPE_CNV;
2670}
2671
2672static void zbc_close_zone(struct sdebug_dev_info *devip,
2673 struct sdeb_zone_state *zsp)
2674{
2675 enum sdebug_z_cond zc;
2676
2677 if (zbc_zone_is_conv(zsp))
2678 return;
2679
2680 zc = zsp->z_cond;
2681 if (!(zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN))
2682 return;
2683
2684 if (zc == ZC2_IMPLICIT_OPEN)
2685 devip->nr_imp_open--;
2686 else
2687 devip->nr_exp_open--;
2688
2689 if (zsp->z_wp == zsp->z_start) {
2690 zsp->z_cond = ZC1_EMPTY;
2691 } else {
2692 zsp->z_cond = ZC4_CLOSED;
2693 devip->nr_closed++;
2694 }
2695}
2696
2697static void zbc_close_imp_open_zone(struct sdebug_dev_info *devip)
2698{
2699 struct sdeb_zone_state *zsp = &devip->zstate[0];
2700 unsigned int i;
2701
2702 for (i = 0; i < devip->nr_zones; i++, zsp++) {
2703 if (zsp->z_cond == ZC2_IMPLICIT_OPEN) {
2704 zbc_close_zone(devip, zsp);
2705 return;
2706 }
2707 }
2708}
2709
2710static void zbc_open_zone(struct sdebug_dev_info *devip,
2711 struct sdeb_zone_state *zsp, bool explicit)
2712{
2713 enum sdebug_z_cond zc;
2714
2715 if (zbc_zone_is_conv(zsp))
2716 return;
2717
2718 zc = zsp->z_cond;
2719 if ((explicit && zc == ZC3_EXPLICIT_OPEN) ||
2720 (!explicit && zc == ZC2_IMPLICIT_OPEN))
2721 return;
2722
2723 /* Close an implicit open zone if necessary */
2724 if (explicit && zsp->z_cond == ZC2_IMPLICIT_OPEN)
2725 zbc_close_zone(devip, zsp);
2726 else if (devip->max_open &&
2727 devip->nr_imp_open + devip->nr_exp_open >= devip->max_open)
2728 zbc_close_imp_open_zone(devip);
2729
2730 if (zsp->z_cond == ZC4_CLOSED)
2731 devip->nr_closed--;
2732 if (explicit) {
2733 zsp->z_cond = ZC3_EXPLICIT_OPEN;
2734 devip->nr_exp_open++;
2735 } else {
2736 zsp->z_cond = ZC2_IMPLICIT_OPEN;
2737 devip->nr_imp_open++;
2738 }
2739}
2740
2741static void zbc_inc_wp(struct sdebug_dev_info *devip,
2742 unsigned long long lba, unsigned int num)
2743{
2744 struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2745 unsigned long long n, end, zend = zsp->z_start + zsp->z_size;
2746
2747 if (zbc_zone_is_conv(zsp))
2748 return;
2749
2750 if (zsp->z_type == ZBC_ZONE_TYPE_SWR) {
2751 zsp->z_wp += num;
2752 if (zsp->z_wp >= zend)
2753 zsp->z_cond = ZC5_FULL;
2754 return;
2755 }
2756
2757 while (num) {
2758 if (lba != zsp->z_wp)
2759 zsp->z_non_seq_resource = true;
2760
2761 end = lba + num;
2762 if (end >= zend) {
2763 n = zend - lba;
2764 zsp->z_wp = zend;
2765 } else if (end > zsp->z_wp) {
2766 n = num;
2767 zsp->z_wp = end;
2768 } else {
2769 n = num;
2770 }
2771 if (zsp->z_wp >= zend)
2772 zsp->z_cond = ZC5_FULL;
2773
2774 num -= n;
2775 lba += n;
2776 if (num) {
2777 zsp++;
2778 zend = zsp->z_start + zsp->z_size;
2779 }
2780 }
2781}
2782
2783static int check_zbc_access_params(struct scsi_cmnd *scp,
2784 unsigned long long lba, unsigned int num, bool write)
2785{
2786 struct scsi_device *sdp = scp->device;
2787 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2788 struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2789 struct sdeb_zone_state *zsp_end = zbc_zone(devip, lba + num - 1);
2790
2791 if (!write) {
2792 if (devip->zmodel == BLK_ZONED_HA)
2793 return 0;
2794 /* For host-managed, reads cannot cross zone types boundaries */
2795 if (zsp_end != zsp &&
2796 zbc_zone_is_conv(zsp) &&
2797 !zbc_zone_is_conv(zsp_end)) {
2798 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2799 LBA_OUT_OF_RANGE,
2800 READ_INVDATA_ASCQ);
2801 return check_condition_result;
2802 }
2803 return 0;
2804 }
2805
2806 /* No restrictions for writes within conventional zones */
2807 if (zbc_zone_is_conv(zsp)) {
2808 if (!zbc_zone_is_conv(zsp_end)) {
2809 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2810 LBA_OUT_OF_RANGE,
2811 WRITE_BOUNDARY_ASCQ);
2812 return check_condition_result;
2813 }
2814 return 0;
2815 }
2816
2817 if (zsp->z_type == ZBC_ZONE_TYPE_SWR) {
2818 /* Writes cannot cross sequential zone boundaries */
2819 if (zsp_end != zsp) {
2820 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2821 LBA_OUT_OF_RANGE,
2822 WRITE_BOUNDARY_ASCQ);
2823 return check_condition_result;
2824 }
2825 /* Cannot write full zones */
2826 if (zsp->z_cond == ZC5_FULL) {
2827 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2828 INVALID_FIELD_IN_CDB, 0);
2829 return check_condition_result;
2830 }
2831 /* Writes must be aligned to the zone WP */
2832 if (lba != zsp->z_wp) {
2833 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2834 LBA_OUT_OF_RANGE,
2835 UNALIGNED_WRITE_ASCQ);
2836 return check_condition_result;
2837 }
2838 }
2839
2840 /* Handle implicit open of closed and empty zones */
2841 if (zsp->z_cond == ZC1_EMPTY || zsp->z_cond == ZC4_CLOSED) {
2842 if (devip->max_open &&
2843 devip->nr_exp_open >= devip->max_open) {
2844 mk_sense_buffer(scp, DATA_PROTECT,
2845 INSUFF_RES_ASC,
2846 INSUFF_ZONE_ASCQ);
2847 return check_condition_result;
2848 }
2849 zbc_open_zone(devip, zsp, false);
2850 }
2851
2852 return 0;
2853}
2854
2855static inline int check_device_access_params
2856 (struct scsi_cmnd *scp, unsigned long long lba,
2857 unsigned int num, bool write)
2858{
2859 struct scsi_device *sdp = scp->device;
2860 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2861
2862 if (lba + num > sdebug_capacity) {
2863 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2864 return check_condition_result;
2865 }
2866 /* transfer length excessive (tie in to block limits VPD page) */
2867 if (num > sdebug_store_sectors) {
2868 /* needs work to find which cdb byte 'num' comes from */
2869 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2870 return check_condition_result;
2871 }
2872 if (write && unlikely(sdebug_wp)) {
2873 mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
2874 return check_condition_result;
2875 }
2876 if (sdebug_dev_is_zoned(devip))
2877 return check_zbc_access_params(scp, lba, num, write);
2878
2879 return 0;
2880}
2881
2882/*
2883 * Note: if BUG_ON() fires it usually indicates a problem with the parser
2884 * tables. Perhaps a missing F_FAKE_RW or FF_MEDIA_IO flag. Response functions
2885 * that access any of the "stores" in struct sdeb_store_info should call this
2886 * function with bug_if_fake_rw set to true.
2887 */
2888static inline struct sdeb_store_info *devip2sip(struct sdebug_dev_info *devip,
2889 bool bug_if_fake_rw)
2890{
2891 if (sdebug_fake_rw) {
2892 BUG_ON(bug_if_fake_rw); /* See note above */
2893 return NULL;
2894 }
2895 return xa_load(per_store_ap, devip->sdbg_host->si_idx);
2896}
2897
2898/* Returns number of bytes copied or -1 if error. */
2899static int do_device_access(struct sdeb_store_info *sip, struct scsi_cmnd *scp,
2900 u32 sg_skip, u64 lba, u32 num, bool do_write)
2901{
2902 int ret;
2903 u64 block, rest = 0;
2904 enum dma_data_direction dir;
2905 struct scsi_data_buffer *sdb = &scp->sdb;
2906 u8 *fsp;
2907
2908 if (do_write) {
2909 dir = DMA_TO_DEVICE;
2910 write_since_sync = true;
2911 } else {
2912 dir = DMA_FROM_DEVICE;
2913 }
2914
2915 if (!sdb->length || !sip)
2916 return 0;
2917 if (scp->sc_data_direction != dir)
2918 return -1;
2919 fsp = sip->storep;
2920
2921 block = do_div(lba, sdebug_store_sectors);
2922 if (block + num > sdebug_store_sectors)
2923 rest = block + num - sdebug_store_sectors;
2924
2925 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2926 fsp + (block * sdebug_sector_size),
2927 (num - rest) * sdebug_sector_size, sg_skip, do_write);
2928 if (ret != (num - rest) * sdebug_sector_size)
2929 return ret;
2930
2931 if (rest) {
2932 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2933 fsp, rest * sdebug_sector_size,
2934 sg_skip + ((num - rest) * sdebug_sector_size),
2935 do_write);
2936 }
2937
2938 return ret;
2939}
2940
2941/* Returns number of bytes copied or -1 if error. */
2942static int do_dout_fetch(struct scsi_cmnd *scp, u32 num, u8 *doutp)
2943{
2944 struct scsi_data_buffer *sdb = &scp->sdb;
2945
2946 if (!sdb->length)
2947 return 0;
2948 if (scp->sc_data_direction != DMA_TO_DEVICE)
2949 return -1;
2950 return sg_copy_buffer(sdb->table.sgl, sdb->table.nents, doutp,
2951 num * sdebug_sector_size, 0, true);
2952}
2953
2954/* If sip->storep+lba compares equal to arr(num), then copy top half of
2955 * arr into sip->storep+lba and return true. If comparison fails then
2956 * return false. */
2957static bool comp_write_worker(struct sdeb_store_info *sip, u64 lba, u32 num,
2958 const u8 *arr, bool compare_only)
2959{
2960 bool res;
2961 u64 block, rest = 0;
2962 u32 store_blks = sdebug_store_sectors;
2963 u32 lb_size = sdebug_sector_size;
2964 u8 *fsp = sip->storep;
2965
2966 block = do_div(lba, store_blks);
2967 if (block + num > store_blks)
2968 rest = block + num - store_blks;
2969
2970 res = !memcmp(fsp + (block * lb_size), arr, (num - rest) * lb_size);
2971 if (!res)
2972 return res;
2973 if (rest)
2974 res = memcmp(fsp, arr + ((num - rest) * lb_size),
2975 rest * lb_size);
2976 if (!res)
2977 return res;
2978 if (compare_only)
2979 return true;
2980 arr += num * lb_size;
2981 memcpy(fsp + (block * lb_size), arr, (num - rest) * lb_size);
2982 if (rest)
2983 memcpy(fsp, arr + ((num - rest) * lb_size), rest * lb_size);
2984 return res;
2985}
2986
2987static __be16 dif_compute_csum(const void *buf, int len)
2988{
2989 __be16 csum;
2990
2991 if (sdebug_guard)
2992 csum = (__force __be16)ip_compute_csum(buf, len);
2993 else
2994 csum = cpu_to_be16(crc_t10dif(buf, len));
2995
2996 return csum;
2997}
2998
2999static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
3000 sector_t sector, u32 ei_lba)
3001{
3002 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
3003
3004 if (sdt->guard_tag != csum) {
3005 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
3006 (unsigned long)sector,
3007 be16_to_cpu(sdt->guard_tag),
3008 be16_to_cpu(csum));
3009 return 0x01;
3010 }
3011 if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
3012 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
3013 pr_err("REF check failed on sector %lu\n",
3014 (unsigned long)sector);
3015 return 0x03;
3016 }
3017 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3018 be32_to_cpu(sdt->ref_tag) != ei_lba) {
3019 pr_err("REF check failed on sector %lu\n",
3020 (unsigned long)sector);
3021 return 0x03;
3022 }
3023 return 0;
3024}
3025
3026static void dif_copy_prot(struct scsi_cmnd *scp, sector_t sector,
3027 unsigned int sectors, bool read)
3028{
3029 size_t resid;
3030 void *paddr;
3031 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3032 scp->device->hostdata, true);
3033 struct t10_pi_tuple *dif_storep = sip->dif_storep;
3034 const void *dif_store_end = dif_storep + sdebug_store_sectors;
3035 struct sg_mapping_iter miter;
3036
3037 /* Bytes of protection data to copy into sgl */
3038 resid = sectors * sizeof(*dif_storep);
3039
3040 sg_miter_start(&miter, scsi_prot_sglist(scp),
3041 scsi_prot_sg_count(scp), SG_MITER_ATOMIC |
3042 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
3043
3044 while (sg_miter_next(&miter) && resid > 0) {
3045 size_t len = min_t(size_t, miter.length, resid);
3046 void *start = dif_store(sip, sector);
3047 size_t rest = 0;
3048
3049 if (dif_store_end < start + len)
3050 rest = start + len - dif_store_end;
3051
3052 paddr = miter.addr;
3053
3054 if (read)
3055 memcpy(paddr, start, len - rest);
3056 else
3057 memcpy(start, paddr, len - rest);
3058
3059 if (rest) {
3060 if (read)
3061 memcpy(paddr + len - rest, dif_storep, rest);
3062 else
3063 memcpy(dif_storep, paddr + len - rest, rest);
3064 }
3065
3066 sector += len / sizeof(*dif_storep);
3067 resid -= len;
3068 }
3069 sg_miter_stop(&miter);
3070}
3071
3072static int prot_verify_read(struct scsi_cmnd *scp, sector_t start_sec,
3073 unsigned int sectors, u32 ei_lba)
3074{
3075 unsigned int i;
3076 sector_t sector;
3077 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3078 scp->device->hostdata, true);
3079 struct t10_pi_tuple *sdt;
3080
3081 for (i = 0; i < sectors; i++, ei_lba++) {
3082 int ret;
3083
3084 sector = start_sec + i;
3085 sdt = dif_store(sip, sector);
3086
3087 if (sdt->app_tag == cpu_to_be16(0xffff))
3088 continue;
3089
3090 ret = dif_verify(sdt, lba2fake_store(sip, sector), sector,
3091 ei_lba);
3092 if (ret) {
3093 dif_errors++;
3094 return ret;
3095 }
3096 }
3097
3098 dif_copy_prot(scp, start_sec, sectors, true);
3099 dix_reads++;
3100
3101 return 0;
3102}
3103
3104static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3105{
3106 bool check_prot;
3107 u32 num;
3108 u32 ei_lba;
3109 int ret;
3110 u64 lba;
3111 struct sdeb_store_info *sip = devip2sip(devip, true);
3112 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
3113 u8 *cmd = scp->cmnd;
3114
3115 switch (cmd[0]) {
3116 case READ_16:
3117 ei_lba = 0;
3118 lba = get_unaligned_be64(cmd + 2);
3119 num = get_unaligned_be32(cmd + 10);
3120 check_prot = true;
3121 break;
3122 case READ_10:
3123 ei_lba = 0;
3124 lba = get_unaligned_be32(cmd + 2);
3125 num = get_unaligned_be16(cmd + 7);
3126 check_prot = true;
3127 break;
3128 case READ_6:
3129 ei_lba = 0;
3130 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3131 (u32)(cmd[1] & 0x1f) << 16;
3132 num = (0 == cmd[4]) ? 256 : cmd[4];
3133 check_prot = true;
3134 break;
3135 case READ_12:
3136 ei_lba = 0;
3137 lba = get_unaligned_be32(cmd + 2);
3138 num = get_unaligned_be32(cmd + 6);
3139 check_prot = true;
3140 break;
3141 case XDWRITEREAD_10:
3142 ei_lba = 0;
3143 lba = get_unaligned_be32(cmd + 2);
3144 num = get_unaligned_be16(cmd + 7);
3145 check_prot = false;
3146 break;
3147 default: /* assume READ(32) */
3148 lba = get_unaligned_be64(cmd + 12);
3149 ei_lba = get_unaligned_be32(cmd + 20);
3150 num = get_unaligned_be32(cmd + 28);
3151 check_prot = false;
3152 break;
3153 }
3154 if (unlikely(have_dif_prot && check_prot)) {
3155 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3156 (cmd[1] & 0xe0)) {
3157 mk_sense_invalid_opcode(scp);
3158 return check_condition_result;
3159 }
3160 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3161 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3162 (cmd[1] & 0xe0) == 0)
3163 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
3164 "to DIF device\n");
3165 }
3166 if (unlikely((sdebug_opts & SDEBUG_OPT_SHORT_TRANSFER) &&
3167 atomic_read(&sdeb_inject_pending))) {
3168 num /= 2;
3169 atomic_set(&sdeb_inject_pending, 0);
3170 }
3171
3172 ret = check_device_access_params(scp, lba, num, false);
3173 if (ret)
3174 return ret;
3175 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
3176 (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
3177 ((lba + num) > sdebug_medium_error_start))) {
3178 /* claim unrecoverable read error */
3179 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
3180 /* set info field and valid bit for fixed descriptor */
3181 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
3182 scp->sense_buffer[0] |= 0x80; /* Valid bit */
3183 ret = (lba < OPT_MEDIUM_ERR_ADDR)
3184 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
3185 put_unaligned_be32(ret, scp->sense_buffer + 3);
3186 }
3187 scsi_set_resid(scp, scsi_bufflen(scp));
3188 return check_condition_result;
3189 }
3190
3191 read_lock(macc_lckp);
3192
3193 /* DIX + T10 DIF */
3194 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3195 int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
3196
3197 if (prot_ret) {
3198 read_unlock(macc_lckp);
3199 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
3200 return illegal_condition_result;
3201 }
3202 }
3203
3204 ret = do_device_access(sip, scp, 0, lba, num, false);
3205 read_unlock(macc_lckp);
3206 if (unlikely(ret == -1))
3207 return DID_ERROR << 16;
3208
3209 scsi_set_resid(scp, scsi_bufflen(scp) - ret);
3210
3211 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3212 atomic_read(&sdeb_inject_pending))) {
3213 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3214 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3215 atomic_set(&sdeb_inject_pending, 0);
3216 return check_condition_result;
3217 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3218 /* Logical block guard check failed */
3219 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3220 atomic_set(&sdeb_inject_pending, 0);
3221 return illegal_condition_result;
3222 } else if (SDEBUG_OPT_DIX_ERR & sdebug_opts) {
3223 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3224 atomic_set(&sdeb_inject_pending, 0);
3225 return illegal_condition_result;
3226 }
3227 }
3228 return 0;
3229}
3230
3231static void dump_sector(unsigned char *buf, int len)
3232{
3233 int i, j, n;
3234
3235 pr_err(">>> Sector Dump <<<\n");
3236 for (i = 0 ; i < len ; i += 16) {
3237 char b[128];
3238
3239 for (j = 0, n = 0; j < 16; j++) {
3240 unsigned char c = buf[i+j];
3241
3242 if (c >= 0x20 && c < 0x7e)
3243 n += scnprintf(b + n, sizeof(b) - n,
3244 " %c ", buf[i+j]);
3245 else
3246 n += scnprintf(b + n, sizeof(b) - n,
3247 "%02x ", buf[i+j]);
3248 }
3249 pr_err("%04d: %s\n", i, b);
3250 }
3251}
3252
3253static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
3254 unsigned int sectors, u32 ei_lba)
3255{
3256 int ret;
3257 struct t10_pi_tuple *sdt;
3258 void *daddr;
3259 sector_t sector = start_sec;
3260 int ppage_offset;
3261 int dpage_offset;
3262 struct sg_mapping_iter diter;
3263 struct sg_mapping_iter piter;
3264
3265 BUG_ON(scsi_sg_count(SCpnt) == 0);
3266 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
3267
3268 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
3269 scsi_prot_sg_count(SCpnt),
3270 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3271 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
3272 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3273
3274 /* For each protection page */
3275 while (sg_miter_next(&piter)) {
3276 dpage_offset = 0;
3277 if (WARN_ON(!sg_miter_next(&diter))) {
3278 ret = 0x01;
3279 goto out;
3280 }
3281
3282 for (ppage_offset = 0; ppage_offset < piter.length;
3283 ppage_offset += sizeof(struct t10_pi_tuple)) {
3284 /* If we're at the end of the current
3285 * data page advance to the next one
3286 */
3287 if (dpage_offset >= diter.length) {
3288 if (WARN_ON(!sg_miter_next(&diter))) {
3289 ret = 0x01;
3290 goto out;
3291 }
3292 dpage_offset = 0;
3293 }
3294
3295 sdt = piter.addr + ppage_offset;
3296 daddr = diter.addr + dpage_offset;
3297
3298 ret = dif_verify(sdt, daddr, sector, ei_lba);
3299 if (ret) {
3300 dump_sector(daddr, sdebug_sector_size);
3301 goto out;
3302 }
3303
3304 sector++;
3305 ei_lba++;
3306 dpage_offset += sdebug_sector_size;
3307 }
3308 diter.consumed = dpage_offset;
3309 sg_miter_stop(&diter);
3310 }
3311 sg_miter_stop(&piter);
3312
3313 dif_copy_prot(SCpnt, start_sec, sectors, false);
3314 dix_writes++;
3315
3316 return 0;
3317
3318out:
3319 dif_errors++;
3320 sg_miter_stop(&diter);
3321 sg_miter_stop(&piter);
3322 return ret;
3323}
3324
3325static unsigned long lba_to_map_index(sector_t lba)
3326{
3327 if (sdebug_unmap_alignment)
3328 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
3329 sector_div(lba, sdebug_unmap_granularity);
3330 return lba;
3331}
3332
3333static sector_t map_index_to_lba(unsigned long index)
3334{
3335 sector_t lba = index * sdebug_unmap_granularity;
3336
3337 if (sdebug_unmap_alignment)
3338 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
3339 return lba;
3340}
3341
3342static unsigned int map_state(struct sdeb_store_info *sip, sector_t lba,
3343 unsigned int *num)
3344{
3345 sector_t end;
3346 unsigned int mapped;
3347 unsigned long index;
3348 unsigned long next;
3349
3350 index = lba_to_map_index(lba);
3351 mapped = test_bit(index, sip->map_storep);
3352
3353 if (mapped)
3354 next = find_next_zero_bit(sip->map_storep, map_size, index);
3355 else
3356 next = find_next_bit(sip->map_storep, map_size, index);
3357
3358 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
3359 *num = end - lba;
3360 return mapped;
3361}
3362
3363static void map_region(struct sdeb_store_info *sip, sector_t lba,
3364 unsigned int len)
3365{
3366 sector_t end = lba + len;
3367
3368 while (lba < end) {
3369 unsigned long index = lba_to_map_index(lba);
3370
3371 if (index < map_size)
3372 set_bit(index, sip->map_storep);
3373
3374 lba = map_index_to_lba(index + 1);
3375 }
3376}
3377
3378static void unmap_region(struct sdeb_store_info *sip, sector_t lba,
3379 unsigned int len)
3380{
3381 sector_t end = lba + len;
3382 u8 *fsp = sip->storep;
3383
3384 while (lba < end) {
3385 unsigned long index = lba_to_map_index(lba);
3386
3387 if (lba == map_index_to_lba(index) &&
3388 lba + sdebug_unmap_granularity <= end &&
3389 index < map_size) {
3390 clear_bit(index, sip->map_storep);
3391 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
3392 memset(fsp + lba * sdebug_sector_size,
3393 (sdebug_lbprz & 1) ? 0 : 0xff,
3394 sdebug_sector_size *
3395 sdebug_unmap_granularity);
3396 }
3397 if (sip->dif_storep) {
3398 memset(sip->dif_storep + lba, 0xff,
3399 sizeof(*sip->dif_storep) *
3400 sdebug_unmap_granularity);
3401 }
3402 }
3403 lba = map_index_to_lba(index + 1);
3404 }
3405}
3406
3407static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3408{
3409 bool check_prot;
3410 u32 num;
3411 u32 ei_lba;
3412 int ret;
3413 u64 lba;
3414 struct sdeb_store_info *sip = devip2sip(devip, true);
3415 rwlock_t *macc_lckp = &sip->macc_lck;
3416 u8 *cmd = scp->cmnd;
3417
3418 switch (cmd[0]) {
3419 case WRITE_16:
3420 ei_lba = 0;
3421 lba = get_unaligned_be64(cmd + 2);
3422 num = get_unaligned_be32(cmd + 10);
3423 check_prot = true;
3424 break;
3425 case WRITE_10:
3426 ei_lba = 0;
3427 lba = get_unaligned_be32(cmd + 2);
3428 num = get_unaligned_be16(cmd + 7);
3429 check_prot = true;
3430 break;
3431 case WRITE_6:
3432 ei_lba = 0;
3433 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3434 (u32)(cmd[1] & 0x1f) << 16;
3435 num = (0 == cmd[4]) ? 256 : cmd[4];
3436 check_prot = true;
3437 break;
3438 case WRITE_12:
3439 ei_lba = 0;
3440 lba = get_unaligned_be32(cmd + 2);
3441 num = get_unaligned_be32(cmd + 6);
3442 check_prot = true;
3443 break;
3444 case 0x53: /* XDWRITEREAD(10) */
3445 ei_lba = 0;
3446 lba = get_unaligned_be32(cmd + 2);
3447 num = get_unaligned_be16(cmd + 7);
3448 check_prot = false;
3449 break;
3450 default: /* assume WRITE(32) */
3451 lba = get_unaligned_be64(cmd + 12);
3452 ei_lba = get_unaligned_be32(cmd + 20);
3453 num = get_unaligned_be32(cmd + 28);
3454 check_prot = false;
3455 break;
3456 }
3457 if (unlikely(have_dif_prot && check_prot)) {
3458 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3459 (cmd[1] & 0xe0)) {
3460 mk_sense_invalid_opcode(scp);
3461 return check_condition_result;
3462 }
3463 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3464 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3465 (cmd[1] & 0xe0) == 0)
3466 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3467 "to DIF device\n");
3468 }
3469
3470 write_lock(macc_lckp);
3471 ret = check_device_access_params(scp, lba, num, true);
3472 if (ret) {
3473 write_unlock(macc_lckp);
3474 return ret;
3475 }
3476
3477 /* DIX + T10 DIF */
3478 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3479 int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
3480
3481 if (prot_ret) {
3482 write_unlock(macc_lckp);
3483 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
3484 return illegal_condition_result;
3485 }
3486 }
3487
3488 ret = do_device_access(sip, scp, 0, lba, num, true);
3489 if (unlikely(scsi_debug_lbp()))
3490 map_region(sip, lba, num);
3491 /* If ZBC zone then bump its write pointer */
3492 if (sdebug_dev_is_zoned(devip))
3493 zbc_inc_wp(devip, lba, num);
3494 write_unlock(macc_lckp);
3495 if (unlikely(-1 == ret))
3496 return DID_ERROR << 16;
3497 else if (unlikely(sdebug_verbose &&
3498 (ret < (num * sdebug_sector_size))))
3499 sdev_printk(KERN_INFO, scp->device,
3500 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3501 my_name, num * sdebug_sector_size, ret);
3502
3503 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3504 atomic_read(&sdeb_inject_pending))) {
3505 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3506 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3507 atomic_set(&sdeb_inject_pending, 0);
3508 return check_condition_result;
3509 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3510 /* Logical block guard check failed */
3511 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3512 atomic_set(&sdeb_inject_pending, 0);
3513 return illegal_condition_result;
3514 } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3515 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3516 atomic_set(&sdeb_inject_pending, 0);
3517 return illegal_condition_result;
3518 }
3519 }
3520 return 0;
3521}
3522
3523/*
3524 * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
3525 * No READ GATHERED yet (requires bidi or long cdb holding gather list).
3526 */
3527static int resp_write_scat(struct scsi_cmnd *scp,
3528 struct sdebug_dev_info *devip)
3529{
3530 u8 *cmd = scp->cmnd;
3531 u8 *lrdp = NULL;
3532 u8 *up;
3533 struct sdeb_store_info *sip = devip2sip(devip, true);
3534 rwlock_t *macc_lckp = &sip->macc_lck;
3535 u8 wrprotect;
3536 u16 lbdof, num_lrd, k;
3537 u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
3538 u32 lb_size = sdebug_sector_size;
3539 u32 ei_lba;
3540 u64 lba;
3541 int ret, res;
3542 bool is_16;
3543 static const u32 lrd_size = 32; /* + parameter list header size */
3544
3545 if (cmd[0] == VARIABLE_LENGTH_CMD) {
3546 is_16 = false;
3547 wrprotect = (cmd[10] >> 5) & 0x7;
3548 lbdof = get_unaligned_be16(cmd + 12);
3549 num_lrd = get_unaligned_be16(cmd + 16);
3550 bt_len = get_unaligned_be32(cmd + 28);
3551 } else { /* that leaves WRITE SCATTERED(16) */
3552 is_16 = true;
3553 wrprotect = (cmd[2] >> 5) & 0x7;
3554 lbdof = get_unaligned_be16(cmd + 4);
3555 num_lrd = get_unaligned_be16(cmd + 8);
3556 bt_len = get_unaligned_be32(cmd + 10);
3557 if (unlikely(have_dif_prot)) {
3558 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3559 wrprotect) {
3560 mk_sense_invalid_opcode(scp);
3561 return illegal_condition_result;
3562 }
3563 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3564 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3565 wrprotect == 0)
3566 sdev_printk(KERN_ERR, scp->device,
3567 "Unprotected WR to DIF device\n");
3568 }
3569 }
3570 if ((num_lrd == 0) || (bt_len == 0))
3571 return 0; /* T10 says these do-nothings are not errors */
3572 if (lbdof == 0) {
3573 if (sdebug_verbose)
3574 sdev_printk(KERN_INFO, scp->device,
3575 "%s: %s: LB Data Offset field bad\n",
3576 my_name, __func__);
3577 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3578 return illegal_condition_result;
3579 }
3580 lbdof_blen = lbdof * lb_size;
3581 if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
3582 if (sdebug_verbose)
3583 sdev_printk(KERN_INFO, scp->device,
3584 "%s: %s: LBA range descriptors don't fit\n",
3585 my_name, __func__);
3586 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3587 return illegal_condition_result;
3588 }
3589 lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
3590 if (lrdp == NULL)
3591 return SCSI_MLQUEUE_HOST_BUSY;
3592 if (sdebug_verbose)
3593 sdev_printk(KERN_INFO, scp->device,
3594 "%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
3595 my_name, __func__, lbdof_blen);
3596 res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
3597 if (res == -1) {
3598 ret = DID_ERROR << 16;
3599 goto err_out;
3600 }
3601
3602 write_lock(macc_lckp);
3603 sg_off = lbdof_blen;
3604 /* Spec says Buffer xfer Length field in number of LBs in dout */
3605 cum_lb = 0;
3606 for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
3607 lba = get_unaligned_be64(up + 0);
3608 num = get_unaligned_be32(up + 8);
3609 if (sdebug_verbose)
3610 sdev_printk(KERN_INFO, scp->device,
3611 "%s: %s: k=%d LBA=0x%llx num=%u sg_off=%u\n",
3612 my_name, __func__, k, lba, num, sg_off);
3613 if (num == 0)
3614 continue;
3615 ret = check_device_access_params(scp, lba, num, true);
3616 if (ret)
3617 goto err_out_unlock;
3618 num_by = num * lb_size;
3619 ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
3620
3621 if ((cum_lb + num) > bt_len) {
3622 if (sdebug_verbose)
3623 sdev_printk(KERN_INFO, scp->device,
3624 "%s: %s: sum of blocks > data provided\n",
3625 my_name, __func__);
3626 mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
3627 0);
3628 ret = illegal_condition_result;
3629 goto err_out_unlock;
3630 }
3631
3632 /* DIX + T10 DIF */
3633 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3634 int prot_ret = prot_verify_write(scp, lba, num,
3635 ei_lba);
3636
3637 if (prot_ret) {
3638 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
3639 prot_ret);
3640 ret = illegal_condition_result;
3641 goto err_out_unlock;
3642 }
3643 }
3644
3645 ret = do_device_access(sip, scp, sg_off, lba, num, true);
3646 /* If ZBC zone then bump its write pointer */
3647 if (sdebug_dev_is_zoned(devip))
3648 zbc_inc_wp(devip, lba, num);
3649 if (unlikely(scsi_debug_lbp()))
3650 map_region(sip, lba, num);
3651 if (unlikely(-1 == ret)) {
3652 ret = DID_ERROR << 16;
3653 goto err_out_unlock;
3654 } else if (unlikely(sdebug_verbose && (ret < num_by)))
3655 sdev_printk(KERN_INFO, scp->device,
3656 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3657 my_name, num_by, ret);
3658
3659 if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3660 atomic_read(&sdeb_inject_pending))) {
3661 if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3662 mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3663 atomic_set(&sdeb_inject_pending, 0);
3664 ret = check_condition_result;
3665 goto err_out_unlock;
3666 } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3667 /* Logical block guard check failed */
3668 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3669 atomic_set(&sdeb_inject_pending, 0);
3670 ret = illegal_condition_result;
3671 goto err_out_unlock;
3672 } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3673 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3674 atomic_set(&sdeb_inject_pending, 0);
3675 ret = illegal_condition_result;
3676 goto err_out_unlock;
3677 }
3678 }
3679 sg_off += num_by;
3680 cum_lb += num;
3681 }
3682 ret = 0;
3683err_out_unlock:
3684 write_unlock(macc_lckp);
3685err_out:
3686 kfree(lrdp);
3687 return ret;
3688}
3689
3690static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
3691 u32 ei_lba, bool unmap, bool ndob)
3692{
3693 struct scsi_device *sdp = scp->device;
3694 struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3695 unsigned long long i;
3696 u64 block, lbaa;
3697 u32 lb_size = sdebug_sector_size;
3698 int ret;
3699 struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3700 scp->device->hostdata, true);
3701 rwlock_t *macc_lckp = &sip->macc_lck;
3702 u8 *fs1p;
3703 u8 *fsp;
3704
3705 write_lock(macc_lckp);
3706
3707 ret = check_device_access_params(scp, lba, num, true);
3708 if (ret) {
3709 write_unlock(macc_lckp);
3710 return ret;
3711 }
3712
3713 if (unmap && scsi_debug_lbp()) {
3714 unmap_region(sip, lba, num);
3715 goto out;
3716 }
3717 lbaa = lba;
3718 block = do_div(lbaa, sdebug_store_sectors);
3719 /* if ndob then zero 1 logical block, else fetch 1 logical block */
3720 fsp = sip->storep;
3721 fs1p = fsp + (block * lb_size);
3722 if (ndob) {
3723 memset(fs1p, 0, lb_size);
3724 ret = 0;
3725 } else
3726 ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
3727
3728 if (-1 == ret) {
3729 write_unlock(&sip->macc_lck);
3730 return DID_ERROR << 16;
3731 } else if (sdebug_verbose && !ndob && (ret < lb_size))
3732 sdev_printk(KERN_INFO, scp->device,
3733 "%s: %s: lb size=%u, IO sent=%d bytes\n",
3734 my_name, "write same", lb_size, ret);
3735
3736 /* Copy first sector to remaining blocks */
3737 for (i = 1 ; i < num ; i++) {
3738 lbaa = lba + i;
3739 block = do_div(lbaa, sdebug_store_sectors);
3740 memmove(fsp + (block * lb_size), fs1p, lb_size);
3741 }
3742 if (scsi_debug_lbp())
3743 map_region(sip, lba, num);
3744 /* If ZBC zone then bump its write pointer */
3745 if (sdebug_dev_is_zoned(devip))
3746 zbc_inc_wp(devip, lba, num);
3747out:
3748 write_unlock(macc_lckp);
3749
3750 return 0;
3751}
3752
3753static int resp_write_same_10(struct scsi_cmnd *scp,
3754 struct sdebug_dev_info *devip)
3755{
3756 u8 *cmd = scp->cmnd;
3757 u32 lba;
3758 u16 num;
3759 u32 ei_lba = 0;
3760 bool unmap = false;
3761
3762 if (cmd[1] & 0x8) {
3763 if (sdebug_lbpws10 == 0) {
3764 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3765 return check_condition_result;
3766 } else
3767 unmap = true;
3768 }
3769 lba = get_unaligned_be32(cmd + 2);
3770 num = get_unaligned_be16(cmd + 7);
3771 if (num > sdebug_write_same_length) {
3772 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3773 return check_condition_result;
3774 }
3775 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3776}
3777
3778static int resp_write_same_16(struct scsi_cmnd *scp,
3779 struct sdebug_dev_info *devip)
3780{
3781 u8 *cmd = scp->cmnd;
3782 u64 lba;
3783 u32 num;
3784 u32 ei_lba = 0;
3785 bool unmap = false;
3786 bool ndob = false;
3787
3788 if (cmd[1] & 0x8) { /* UNMAP */
3789 if (sdebug_lbpws == 0) {
3790 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3791 return check_condition_result;
3792 } else
3793 unmap = true;
3794 }
3795 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
3796 ndob = true;
3797 lba = get_unaligned_be64(cmd + 2);
3798 num = get_unaligned_be32(cmd + 10);
3799 if (num > sdebug_write_same_length) {
3800 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3801 return check_condition_result;
3802 }
3803 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3804}
3805
3806/* Note the mode field is in the same position as the (lower) service action
3807 * field. For the Report supported operation codes command, SPC-4 suggests
3808 * each mode of this command should be reported separately; for future. */
3809static int resp_write_buffer(struct scsi_cmnd *scp,
3810 struct sdebug_dev_info *devip)
3811{
3812 u8 *cmd = scp->cmnd;
3813 struct scsi_device *sdp = scp->device;
3814 struct sdebug_dev_info *dp;
3815 u8 mode;
3816
3817 mode = cmd[1] & 0x1f;
3818 switch (mode) {
3819 case 0x4: /* download microcode (MC) and activate (ACT) */
3820 /* set UAs on this device only */
3821 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3822 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3823 break;
3824 case 0x5: /* download MC, save and ACT */
3825 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3826 break;
3827 case 0x6: /* download MC with offsets and ACT */
3828 /* set UAs on most devices (LUs) in this target */
3829 list_for_each_entry(dp,
3830 &devip->sdbg_host->dev_info_list,
3831 dev_list)
3832 if (dp->target == sdp->id) {
3833 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3834 if (devip != dp)
3835 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3836 dp->uas_bm);
3837 }
3838 break;
3839 case 0x7: /* download MC with offsets, save, and ACT */
3840 /* set UA on all devices (LUs) in this target */
3841 list_for_each_entry(dp,
3842 &devip->sdbg_host->dev_info_list,
3843 dev_list)
3844 if (dp->target == sdp->id)
3845 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3846 dp->uas_bm);
3847 break;
3848 default:
3849 /* do nothing for this command for other mode values */
3850 break;
3851 }
3852 return 0;
3853}
3854
3855static int resp_comp_write(struct scsi_cmnd *scp,
3856 struct sdebug_dev_info *devip)
3857{
3858 u8 *cmd = scp->cmnd;
3859 u8 *arr;
3860 struct sdeb_store_info *sip = devip2sip(devip, true);
3861 rwlock_t *macc_lckp = &sip->macc_lck;
3862 u64 lba;
3863 u32 dnum;
3864 u32 lb_size = sdebug_sector_size;
3865 u8 num;
3866 int ret;
3867 int retval = 0;
3868
3869 lba = get_unaligned_be64(cmd + 2);
3870 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
3871 if (0 == num)
3872 return 0; /* degenerate case, not an error */
3873 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3874 (cmd[1] & 0xe0)) {
3875 mk_sense_invalid_opcode(scp);
3876 return check_condition_result;
3877 }
3878 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3879 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3880 (cmd[1] & 0xe0) == 0)
3881 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3882 "to DIF device\n");
3883 ret = check_device_access_params(scp, lba, num, false);
3884 if (ret)
3885 return ret;
3886 dnum = 2 * num;
3887 arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
3888 if (NULL == arr) {
3889 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3890 INSUFF_RES_ASCQ);
3891 return check_condition_result;
3892 }
3893
3894 write_lock(macc_lckp);
3895
3896 ret = do_dout_fetch(scp, dnum, arr);
3897 if (ret == -1) {
3898 retval = DID_ERROR << 16;
3899 goto cleanup;
3900 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3901 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3902 "indicated=%u, IO sent=%d bytes\n", my_name,
3903 dnum * lb_size, ret);
3904 if (!comp_write_worker(sip, lba, num, arr, false)) {
3905 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3906 retval = check_condition_result;
3907 goto cleanup;
3908 }
3909 if (scsi_debug_lbp())
3910 map_region(sip, lba, num);
3911cleanup:
3912 write_unlock(macc_lckp);
3913 kfree(arr);
3914 return retval;
3915}
3916
3917struct unmap_block_desc {
3918 __be64 lba;
3919 __be32 blocks;
3920 __be32 __reserved;
3921};
3922
3923static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3924{
3925 unsigned char *buf;
3926 struct unmap_block_desc *desc;
3927 struct sdeb_store_info *sip = devip2sip(devip, true);
3928 rwlock_t *macc_lckp = &sip->macc_lck;
3929 unsigned int i, payload_len, descriptors;
3930 int ret;
3931
3932 if (!scsi_debug_lbp())
3933 return 0; /* fib and say its done */
3934 payload_len = get_unaligned_be16(scp->cmnd + 7);
3935 BUG_ON(scsi_bufflen(scp) != payload_len);
3936
3937 descriptors = (payload_len - 8) / 16;
3938 if (descriptors > sdebug_unmap_max_desc) {
3939 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3940 return check_condition_result;
3941 }
3942
3943 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3944 if (!buf) {
3945 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3946 INSUFF_RES_ASCQ);
3947 return check_condition_result;
3948 }
3949
3950 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3951
3952 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3953 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3954
3955 desc = (void *)&buf[8];
3956
3957 write_lock(macc_lckp);
3958
3959 for (i = 0 ; i < descriptors ; i++) {
3960 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3961 unsigned int num = get_unaligned_be32(&desc[i].blocks);
3962
3963 ret = check_device_access_params(scp, lba, num, true);
3964 if (ret)
3965 goto out;
3966
3967 unmap_region(sip, lba, num);
3968 }
3969
3970 ret = 0;
3971
3972out:
3973 write_unlock(macc_lckp);
3974 kfree(buf);
3975
3976 return ret;
3977}
3978
3979#define SDEBUG_GET_LBA_STATUS_LEN 32
3980
3981static int resp_get_lba_status(struct scsi_cmnd *scp,
3982 struct sdebug_dev_info *devip)
3983{
3984 u8 *cmd = scp->cmnd;
3985 u64 lba;
3986 u32 alloc_len, mapped, num;
3987 int ret;
3988 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3989
3990 lba = get_unaligned_be64(cmd + 2);
3991 alloc_len = get_unaligned_be32(cmd + 10);
3992
3993 if (alloc_len < 24)
3994 return 0;
3995
3996 ret = check_device_access_params(scp, lba, 1, false);
3997 if (ret)
3998 return ret;
3999
4000 if (scsi_debug_lbp()) {
4001 struct sdeb_store_info *sip = devip2sip(devip, true);
4002
4003 mapped = map_state(sip, lba, &num);
4004 } else {
4005 mapped = 1;
4006 /* following just in case virtual_gb changed */
4007 sdebug_capacity = get_sdebug_capacity();
4008 if (sdebug_capacity - lba <= 0xffffffff)
4009 num = sdebug_capacity - lba;
4010 else
4011 num = 0xffffffff;
4012 }
4013
4014 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
4015 put_unaligned_be32(20, arr); /* Parameter Data Length */
4016 put_unaligned_be64(lba, arr + 8); /* LBA */
4017 put_unaligned_be32(num, arr + 16); /* Number of blocks */
4018 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
4019
4020 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
4021}
4022
4023static int resp_sync_cache(struct scsi_cmnd *scp,
4024 struct sdebug_dev_info *devip)
4025{
4026 int res = 0;
4027 u64 lba;
4028 u32 num_blocks;
4029 u8 *cmd = scp->cmnd;
4030
4031 if (cmd[0] == SYNCHRONIZE_CACHE) { /* 10 byte cdb */
4032 lba = get_unaligned_be32(cmd + 2);
4033 num_blocks = get_unaligned_be16(cmd + 7);
4034 } else { /* SYNCHRONIZE_CACHE(16) */
4035 lba = get_unaligned_be64(cmd + 2);
4036 num_blocks = get_unaligned_be32(cmd + 10);
4037 }
4038 if (lba + num_blocks > sdebug_capacity) {
4039 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4040 return check_condition_result;
4041 }
4042 if (!write_since_sync || (cmd[1] & 0x2))
4043 res = SDEG_RES_IMMED_MASK;
4044 else /* delay if write_since_sync and IMMED clear */
4045 write_since_sync = false;
4046 return res;
4047}
4048
4049/*
4050 * Assuming the LBA+num_blocks is not out-of-range, this function will return
4051 * CONDITION MET if the specified blocks will/have fitted in the cache, and
4052 * a GOOD status otherwise. Model a disk with a big cache and yield
4053 * CONDITION MET. Actually tries to bring range in main memory into the
4054 * cache associated with the CPU(s).
4055 */
4056static int resp_pre_fetch(struct scsi_cmnd *scp,
4057 struct sdebug_dev_info *devip)
4058{
4059 int res = 0;
4060 u64 lba;
4061 u64 block, rest = 0;
4062 u32 nblks;
4063 u8 *cmd = scp->cmnd;
4064 struct sdeb_store_info *sip = devip2sip(devip, true);
4065 rwlock_t *macc_lckp = &sip->macc_lck;
4066 u8 *fsp = sip->storep;
4067
4068 if (cmd[0] == PRE_FETCH) { /* 10 byte cdb */
4069 lba = get_unaligned_be32(cmd + 2);
4070 nblks = get_unaligned_be16(cmd + 7);
4071 } else { /* PRE-FETCH(16) */
4072 lba = get_unaligned_be64(cmd + 2);
4073 nblks = get_unaligned_be32(cmd + 10);
4074 }
4075 if (lba + nblks > sdebug_capacity) {
4076 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4077 return check_condition_result;
4078 }
4079 if (!fsp)
4080 goto fini;
4081 /* PRE-FETCH spec says nothing about LBP or PI so skip them */
4082 block = do_div(lba, sdebug_store_sectors);
4083 if (block + nblks > sdebug_store_sectors)
4084 rest = block + nblks - sdebug_store_sectors;
4085
4086 /* Try to bring the PRE-FETCH range into CPU's cache */
4087 read_lock(macc_lckp);
4088 prefetch_range(fsp + (sdebug_sector_size * block),
4089 (nblks - rest) * sdebug_sector_size);
4090 if (rest)
4091 prefetch_range(fsp, rest * sdebug_sector_size);
4092 read_unlock(macc_lckp);
4093fini:
4094 if (cmd[1] & 0x2)
4095 res = SDEG_RES_IMMED_MASK;
4096 return res | condition_met_result;
4097}
4098
4099#define RL_BUCKET_ELEMS 8
4100
4101/* Even though each pseudo target has a REPORT LUNS "well known logical unit"
4102 * (W-LUN), the normal Linux scanning logic does not associate it with a
4103 * device (e.g. /dev/sg7). The following magic will make that association:
4104 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
4105 * where <n> is a host number. If there are multiple targets in a host then
4106 * the above will associate a W-LUN to each target. To only get a W-LUN
4107 * for target 2, then use "echo '- 2 49409' > scan" .
4108 */
4109static int resp_report_luns(struct scsi_cmnd *scp,
4110 struct sdebug_dev_info *devip)
4111{
4112 unsigned char *cmd = scp->cmnd;
4113 unsigned int alloc_len;
4114 unsigned char select_report;
4115 u64 lun;
4116 struct scsi_lun *lun_p;
4117 u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
4118 unsigned int lun_cnt; /* normal LUN count (max: 256) */
4119 unsigned int wlun_cnt; /* report luns W-LUN count */
4120 unsigned int tlun_cnt; /* total LUN count */
4121 unsigned int rlen; /* response length (in bytes) */
4122 int k, j, n, res;
4123 unsigned int off_rsp = 0;
4124 const int sz_lun = sizeof(struct scsi_lun);
4125
4126 clear_luns_changed_on_target(devip);
4127
4128 select_report = cmd[2];
4129 alloc_len = get_unaligned_be32(cmd + 6);
4130
4131 if (alloc_len < 4) {
4132 pr_err("alloc len too small %d\n", alloc_len);
4133 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
4134 return check_condition_result;
4135 }
4136
4137 switch (select_report) {
4138 case 0: /* all LUNs apart from W-LUNs */
4139 lun_cnt = sdebug_max_luns;
4140 wlun_cnt = 0;
4141 break;
4142 case 1: /* only W-LUNs */
4143 lun_cnt = 0;
4144 wlun_cnt = 1;
4145 break;
4146 case 2: /* all LUNs */
4147 lun_cnt = sdebug_max_luns;
4148 wlun_cnt = 1;
4149 break;
4150 case 0x10: /* only administrative LUs */
4151 case 0x11: /* see SPC-5 */
4152 case 0x12: /* only subsiduary LUs owned by referenced LU */
4153 default:
4154 pr_debug("select report invalid %d\n", select_report);
4155 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
4156 return check_condition_result;
4157 }
4158
4159 if (sdebug_no_lun_0 && (lun_cnt > 0))
4160 --lun_cnt;
4161
4162 tlun_cnt = lun_cnt + wlun_cnt;
4163 rlen = tlun_cnt * sz_lun; /* excluding 8 byte header */
4164 scsi_set_resid(scp, scsi_bufflen(scp));
4165 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
4166 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
4167
4168 /* loops rely on sizeof response header same as sizeof lun (both 8) */
4169 lun = sdebug_no_lun_0 ? 1 : 0;
4170 for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
4171 memset(arr, 0, sizeof(arr));
4172 lun_p = (struct scsi_lun *)&arr[0];
4173 if (k == 0) {
4174 put_unaligned_be32(rlen, &arr[0]);
4175 ++lun_p;
4176 j = 1;
4177 }
4178 for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
4179 if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
4180 break;
4181 int_to_scsilun(lun++, lun_p);
4182 }
4183 if (j < RL_BUCKET_ELEMS)
4184 break;
4185 n = j * sz_lun;
4186 res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
4187 if (res)
4188 return res;
4189 off_rsp += n;
4190 }
4191 if (wlun_cnt) {
4192 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
4193 ++j;
4194 }
4195 if (j > 0)
4196 res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
4197 return res;
4198}
4199
4200static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4201{
4202 bool is_bytchk3 = false;
4203 u8 bytchk;
4204 int ret, j;
4205 u32 vnum, a_num, off;
4206 const u32 lb_size = sdebug_sector_size;
4207 u64 lba;
4208 u8 *arr;
4209 u8 *cmd = scp->cmnd;
4210 struct sdeb_store_info *sip = devip2sip(devip, true);
4211 rwlock_t *macc_lckp = &sip->macc_lck;
4212
4213 bytchk = (cmd[1] >> 1) & 0x3;
4214 if (bytchk == 0) {
4215 return 0; /* always claim internal verify okay */
4216 } else if (bytchk == 2) {
4217 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
4218 return check_condition_result;
4219 } else if (bytchk == 3) {
4220 is_bytchk3 = true; /* 1 block sent, compared repeatedly */
4221 }
4222 switch (cmd[0]) {
4223 case VERIFY_16:
4224 lba = get_unaligned_be64(cmd + 2);
4225 vnum = get_unaligned_be32(cmd + 10);
4226 break;
4227 case VERIFY: /* is VERIFY(10) */
4228 lba = get_unaligned_be32(cmd + 2);
4229 vnum = get_unaligned_be16(cmd + 7);
4230 break;
4231 default:
4232 mk_sense_invalid_opcode(scp);
4233 return check_condition_result;
4234 }
4235 a_num = is_bytchk3 ? 1 : vnum;
4236 /* Treat following check like one for read (i.e. no write) access */
4237 ret = check_device_access_params(scp, lba, a_num, false);
4238 if (ret)
4239 return ret;
4240
4241 arr = kcalloc(lb_size, vnum, GFP_ATOMIC);
4242 if (!arr) {
4243 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4244 INSUFF_RES_ASCQ);
4245 return check_condition_result;
4246 }
4247 /* Not changing store, so only need read access */
4248 read_lock(macc_lckp);
4249
4250 ret = do_dout_fetch(scp, a_num, arr);
4251 if (ret == -1) {
4252 ret = DID_ERROR << 16;
4253 goto cleanup;
4254 } else if (sdebug_verbose && (ret < (a_num * lb_size))) {
4255 sdev_printk(KERN_INFO, scp->device,
4256 "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
4257 my_name, __func__, a_num * lb_size, ret);
4258 }
4259 if (is_bytchk3) {
4260 for (j = 1, off = lb_size; j < vnum; ++j, off += lb_size)
4261 memcpy(arr + off, arr, lb_size);
4262 }
4263 ret = 0;
4264 if (!comp_write_worker(sip, lba, vnum, arr, true)) {
4265 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4266 ret = check_condition_result;
4267 goto cleanup;
4268 }
4269cleanup:
4270 read_unlock(macc_lckp);
4271 kfree(arr);
4272 return ret;
4273}
4274
4275#define RZONES_DESC_HD 64
4276
4277/* Report zones depending on start LBA nad reporting options */
4278static int resp_report_zones(struct scsi_cmnd *scp,
4279 struct sdebug_dev_info *devip)
4280{
4281 unsigned int i, max_zones, rep_max_zones, nrz = 0;
4282 int ret = 0;
4283 u32 alloc_len, rep_opts, rep_len;
4284 bool partial;
4285 u64 lba, zs_lba;
4286 u8 *arr = NULL, *desc;
4287 u8 *cmd = scp->cmnd;
4288 struct sdeb_zone_state *zsp;
4289 struct sdeb_store_info *sip = devip2sip(devip, false);
4290 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
4291
4292 if (!sdebug_dev_is_zoned(devip)) {
4293 mk_sense_invalid_opcode(scp);
4294 return check_condition_result;
4295 }
4296 zs_lba = get_unaligned_be64(cmd + 2);
4297 alloc_len = get_unaligned_be32(cmd + 10);
4298 rep_opts = cmd[14] & 0x3f;
4299 partial = cmd[14] & 0x80;
4300
4301 if (zs_lba >= sdebug_capacity) {
4302 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4303 return check_condition_result;
4304 }
4305
4306 max_zones = devip->nr_zones - (zs_lba >> devip->zsize_shift);
4307 rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
4308 max_zones);
4309
4310 arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
4311 if (!arr) {
4312 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4313 INSUFF_RES_ASCQ);
4314 return check_condition_result;
4315 }
4316
4317 read_lock(macc_lckp);
4318
4319 desc = arr + 64;
4320 for (i = 0; i < max_zones; i++) {
4321 lba = zs_lba + devip->zsize * i;
4322 if (lba > sdebug_capacity)
4323 break;
4324 zsp = zbc_zone(devip, lba);
4325 switch (rep_opts) {
4326 case 0x00:
4327 /* All zones */
4328 break;
4329 case 0x01:
4330 /* Empty zones */
4331 if (zsp->z_cond != ZC1_EMPTY)
4332 continue;
4333 break;
4334 case 0x02:
4335 /* Implicit open zones */
4336 if (zsp->z_cond != ZC2_IMPLICIT_OPEN)
4337 continue;
4338 break;
4339 case 0x03:
4340 /* Explicit open zones */
4341 if (zsp->z_cond != ZC3_EXPLICIT_OPEN)
4342 continue;
4343 break;
4344 case 0x04:
4345 /* Closed zones */
4346 if (zsp->z_cond != ZC4_CLOSED)
4347 continue;
4348 break;
4349 case 0x05:
4350 /* Full zones */
4351 if (zsp->z_cond != ZC5_FULL)
4352 continue;
4353 break;
4354 case 0x06:
4355 case 0x07:
4356 case 0x10:
4357 /*
4358 * Read-only, offline, reset WP recommended are
4359 * not emulated: no zones to report;
4360 */
4361 continue;
4362 case 0x11:
4363 /* non-seq-resource set */
4364 if (!zsp->z_non_seq_resource)
4365 continue;
4366 break;
4367 case 0x3f:
4368 /* Not write pointer (conventional) zones */
4369 if (!zbc_zone_is_conv(zsp))
4370 continue;
4371 break;
4372 default:
4373 mk_sense_buffer(scp, ILLEGAL_REQUEST,
4374 INVALID_FIELD_IN_CDB, 0);
4375 ret = check_condition_result;
4376 goto fini;
4377 }
4378
4379 if (nrz < rep_max_zones) {
4380 /* Fill zone descriptor */
4381 desc[0] = zsp->z_type;
4382 desc[1] = zsp->z_cond << 4;
4383 if (zsp->z_non_seq_resource)
4384 desc[1] |= 1 << 1;
4385 put_unaligned_be64((u64)zsp->z_size, desc + 8);
4386 put_unaligned_be64((u64)zsp->z_start, desc + 16);
4387 put_unaligned_be64((u64)zsp->z_wp, desc + 24);
4388 desc += 64;
4389 }
4390
4391 if (partial && nrz >= rep_max_zones)
4392 break;
4393
4394 nrz++;
4395 }
4396
4397 /* Report header */
4398 put_unaligned_be32(nrz * RZONES_DESC_HD, arr + 0);
4399 put_unaligned_be64(sdebug_capacity - 1, arr + 8);
4400
4401 rep_len = (unsigned long)desc - (unsigned long)arr;
4402 ret = fill_from_dev_buffer(scp, arr, min_t(int, alloc_len, rep_len));
4403
4404fini:
4405 read_unlock(macc_lckp);
4406 kfree(arr);
4407 return ret;
4408}
4409
4410/* Logic transplanted from tcmu-runner, file_zbc.c */
4411static void zbc_open_all(struct sdebug_dev_info *devip)
4412{
4413 struct sdeb_zone_state *zsp = &devip->zstate[0];
4414 unsigned int i;
4415
4416 for (i = 0; i < devip->nr_zones; i++, zsp++) {
4417 if (zsp->z_cond == ZC4_CLOSED)
4418 zbc_open_zone(devip, &devip->zstate[i], true);
4419 }
4420}
4421
4422static int resp_open_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4423{
4424 int res = 0;
4425 u64 z_id;
4426 enum sdebug_z_cond zc;
4427 u8 *cmd = scp->cmnd;
4428 struct sdeb_zone_state *zsp;
4429 bool all = cmd[14] & 0x01;
4430 struct sdeb_store_info *sip = devip2sip(devip, false);
4431 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
4432
4433 if (!sdebug_dev_is_zoned(devip)) {
4434 mk_sense_invalid_opcode(scp);
4435 return check_condition_result;
4436 }
4437
4438 write_lock(macc_lckp);
4439
4440 if (all) {
4441 /* Check if all closed zones can be open */
4442 if (devip->max_open &&
4443 devip->nr_exp_open + devip->nr_closed > devip->max_open) {
4444 mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4445 INSUFF_ZONE_ASCQ);
4446 res = check_condition_result;
4447 goto fini;
4448 }
4449 /* Open all closed zones */
4450 zbc_open_all(devip);
4451 goto fini;
4452 }
4453
4454 /* Open the specified zone */
4455 z_id = get_unaligned_be64(cmd + 2);
4456 if (z_id >= sdebug_capacity) {
4457 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4458 res = check_condition_result;
4459 goto fini;
4460 }
4461
4462 zsp = zbc_zone(devip, z_id);
4463 if (z_id != zsp->z_start) {
4464 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4465 res = check_condition_result;
4466 goto fini;
4467 }
4468 if (zbc_zone_is_conv(zsp)) {
4469 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4470 res = check_condition_result;
4471 goto fini;
4472 }
4473
4474 zc = zsp->z_cond;
4475 if (zc == ZC3_EXPLICIT_OPEN || zc == ZC5_FULL)
4476 goto fini;
4477
4478 if (devip->max_open && devip->nr_exp_open >= devip->max_open) {
4479 mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4480 INSUFF_ZONE_ASCQ);
4481 res = check_condition_result;
4482 goto fini;
4483 }
4484
4485 zbc_open_zone(devip, zsp, true);
4486fini:
4487 write_unlock(macc_lckp);
4488 return res;
4489}
4490
4491static void zbc_close_all(struct sdebug_dev_info *devip)
4492{
4493 unsigned int i;
4494
4495 for (i = 0; i < devip->nr_zones; i++)
4496 zbc_close_zone(devip, &devip->zstate[i]);
4497}
4498
4499static int resp_close_zone(struct scsi_cmnd *scp,
4500 struct sdebug_dev_info *devip)
4501{
4502 int res = 0;
4503 u64 z_id;
4504 u8 *cmd = scp->cmnd;
4505 struct sdeb_zone_state *zsp;
4506 bool all = cmd[14] & 0x01;
4507 struct sdeb_store_info *sip = devip2sip(devip, false);
4508 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
4509
4510 if (!sdebug_dev_is_zoned(devip)) {
4511 mk_sense_invalid_opcode(scp);
4512 return check_condition_result;
4513 }
4514
4515 write_lock(macc_lckp);
4516
4517 if (all) {
4518 zbc_close_all(devip);
4519 goto fini;
4520 }
4521
4522 /* Close specified zone */
4523 z_id = get_unaligned_be64(cmd + 2);
4524 if (z_id >= sdebug_capacity) {
4525 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4526 res = check_condition_result;
4527 goto fini;
4528 }
4529
4530 zsp = zbc_zone(devip, z_id);
4531 if (z_id != zsp->z_start) {
4532 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4533 res = check_condition_result;
4534 goto fini;
4535 }
4536 if (zbc_zone_is_conv(zsp)) {
4537 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4538 res = check_condition_result;
4539 goto fini;
4540 }
4541
4542 zbc_close_zone(devip, zsp);
4543fini:
4544 write_unlock(macc_lckp);
4545 return res;
4546}
4547
4548static void zbc_finish_zone(struct sdebug_dev_info *devip,
4549 struct sdeb_zone_state *zsp, bool empty)
4550{
4551 enum sdebug_z_cond zc = zsp->z_cond;
4552
4553 if (zc == ZC4_CLOSED || zc == ZC2_IMPLICIT_OPEN ||
4554 zc == ZC3_EXPLICIT_OPEN || (empty && zc == ZC1_EMPTY)) {
4555 if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
4556 zbc_close_zone(devip, zsp);
4557 if (zsp->z_cond == ZC4_CLOSED)
4558 devip->nr_closed--;
4559 zsp->z_wp = zsp->z_start + zsp->z_size;
4560 zsp->z_cond = ZC5_FULL;
4561 }
4562}
4563
4564static void zbc_finish_all(struct sdebug_dev_info *devip)
4565{
4566 unsigned int i;
4567
4568 for (i = 0; i < devip->nr_zones; i++)
4569 zbc_finish_zone(devip, &devip->zstate[i], false);
4570}
4571
4572static int resp_finish_zone(struct scsi_cmnd *scp,
4573 struct sdebug_dev_info *devip)
4574{
4575 struct sdeb_zone_state *zsp;
4576 int res = 0;
4577 u64 z_id;
4578 u8 *cmd = scp->cmnd;
4579 bool all = cmd[14] & 0x01;
4580 struct sdeb_store_info *sip = devip2sip(devip, false);
4581 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
4582
4583 if (!sdebug_dev_is_zoned(devip)) {
4584 mk_sense_invalid_opcode(scp);
4585 return check_condition_result;
4586 }
4587
4588 write_lock(macc_lckp);
4589
4590 if (all) {
4591 zbc_finish_all(devip);
4592 goto fini;
4593 }
4594
4595 /* Finish the specified zone */
4596 z_id = get_unaligned_be64(cmd + 2);
4597 if (z_id >= sdebug_capacity) {
4598 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4599 res = check_condition_result;
4600 goto fini;
4601 }
4602
4603 zsp = zbc_zone(devip, z_id);
4604 if (z_id != zsp->z_start) {
4605 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4606 res = check_condition_result;
4607 goto fini;
4608 }
4609 if (zbc_zone_is_conv(zsp)) {
4610 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4611 res = check_condition_result;
4612 goto fini;
4613 }
4614
4615 zbc_finish_zone(devip, zsp, true);
4616fini:
4617 write_unlock(macc_lckp);
4618 return res;
4619}
4620
4621static void zbc_rwp_zone(struct sdebug_dev_info *devip,
4622 struct sdeb_zone_state *zsp)
4623{
4624 enum sdebug_z_cond zc;
4625
4626 if (zbc_zone_is_conv(zsp))
4627 return;
4628
4629 zc = zsp->z_cond;
4630 if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
4631 zbc_close_zone(devip, zsp);
4632
4633 if (zsp->z_cond == ZC4_CLOSED)
4634 devip->nr_closed--;
4635
4636 zsp->z_non_seq_resource = false;
4637 zsp->z_wp = zsp->z_start;
4638 zsp->z_cond = ZC1_EMPTY;
4639}
4640
4641static void zbc_rwp_all(struct sdebug_dev_info *devip)
4642{
4643 unsigned int i;
4644
4645 for (i = 0; i < devip->nr_zones; i++)
4646 zbc_rwp_zone(devip, &devip->zstate[i]);
4647}
4648
4649static int resp_rwp_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4650{
4651 struct sdeb_zone_state *zsp;
4652 int res = 0;
4653 u64 z_id;
4654 u8 *cmd = scp->cmnd;
4655 bool all = cmd[14] & 0x01;
4656 struct sdeb_store_info *sip = devip2sip(devip, false);
4657 rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
4658
4659 if (!sdebug_dev_is_zoned(devip)) {
4660 mk_sense_invalid_opcode(scp);
4661 return check_condition_result;
4662 }
4663
4664 write_lock(macc_lckp);
4665
4666 if (all) {
4667 zbc_rwp_all(devip);
4668 goto fini;
4669 }
4670
4671 z_id = get_unaligned_be64(cmd + 2);
4672 if (z_id >= sdebug_capacity) {
4673 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4674 res = check_condition_result;
4675 goto fini;
4676 }
4677
4678 zsp = zbc_zone(devip, z_id);
4679 if (z_id != zsp->z_start) {
4680 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4681 res = check_condition_result;
4682 goto fini;
4683 }
4684 if (zbc_zone_is_conv(zsp)) {
4685 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4686 res = check_condition_result;
4687 goto fini;
4688 }
4689
4690 zbc_rwp_zone(devip, zsp);
4691fini:
4692 write_unlock(macc_lckp);
4693 return res;
4694}
4695
4696static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
4697{
4698 u16 hwq;
4699
4700 if (sdebug_host_max_queue) {
4701 /* Provide a simple method to choose the hwq */
4702 hwq = smp_processor_id() % submit_queues;
4703 } else {
4704 u32 tag = blk_mq_unique_tag(cmnd->request);
4705
4706 hwq = blk_mq_unique_tag_to_hwq(tag);
4707
4708 pr_debug("tag=%#x, hwq=%d\n", tag, hwq);
4709 if (WARN_ON_ONCE(hwq >= submit_queues))
4710 hwq = 0;
4711 }
4712 return sdebug_q_arr + hwq;
4713}
4714
4715static u32 get_tag(struct scsi_cmnd *cmnd)
4716{
4717 return blk_mq_unique_tag(cmnd->request);
4718}
4719
4720/* Queued (deferred) command completions converge here. */
4721static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
4722{
4723 bool aborted = sd_dp->aborted;
4724 int qc_idx;
4725 int retiring = 0;
4726 unsigned long iflags;
4727 struct sdebug_queue *sqp;
4728 struct sdebug_queued_cmd *sqcp;
4729 struct scsi_cmnd *scp;
4730 struct sdebug_dev_info *devip;
4731
4732 sd_dp->defer_t = SDEB_DEFER_NONE;
4733 if (unlikely(aborted))
4734 sd_dp->aborted = false;
4735 qc_idx = sd_dp->qc_idx;
4736 sqp = sdebug_q_arr + sd_dp->sqa_idx;
4737 if (sdebug_statistics) {
4738 atomic_inc(&sdebug_completions);
4739 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
4740 atomic_inc(&sdebug_miss_cpus);
4741 }
4742 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
4743 pr_err("wild qc_idx=%d\n", qc_idx);
4744 return;
4745 }
4746 spin_lock_irqsave(&sqp->qc_lock, iflags);
4747 sqcp = &sqp->qc_arr[qc_idx];
4748 scp = sqcp->a_cmnd;
4749 if (unlikely(scp == NULL)) {
4750 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4751 pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d, hc_idx=%d\n",
4752 sd_dp->sqa_idx, qc_idx, sd_dp->hc_idx);
4753 return;
4754 }
4755 devip = (struct sdebug_dev_info *)scp->device->hostdata;
4756 if (likely(devip))
4757 atomic_dec(&devip->num_in_q);
4758 else
4759 pr_err("devip=NULL\n");
4760 if (unlikely(atomic_read(&retired_max_queue) > 0))
4761 retiring = 1;
4762
4763 sqcp->a_cmnd = NULL;
4764 if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
4765 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4766 pr_err("Unexpected completion\n");
4767 return;
4768 }
4769
4770 if (unlikely(retiring)) { /* user has reduced max_queue */
4771 int k, retval;
4772
4773 retval = atomic_read(&retired_max_queue);
4774 if (qc_idx >= retval) {
4775 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4776 pr_err("index %d too large\n", retval);
4777 return;
4778 }
4779 k = find_last_bit(sqp->in_use_bm, retval);
4780 if ((k < sdebug_max_queue) || (k == retval))
4781 atomic_set(&retired_max_queue, 0);
4782 else
4783 atomic_set(&retired_max_queue, k + 1);
4784 }
4785 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4786 if (unlikely(aborted)) {
4787 if (sdebug_verbose)
4788 pr_info("bypassing scsi_done() due to aborted cmd\n");
4789 return;
4790 }
4791 scp->scsi_done(scp); /* callback to mid level */
4792}
4793
4794/* When high resolution timer goes off this function is called. */
4795static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
4796{
4797 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
4798 hrt);
4799 sdebug_q_cmd_complete(sd_dp);
4800 return HRTIMER_NORESTART;
4801}
4802
4803/* When work queue schedules work, it calls this function. */
4804static void sdebug_q_cmd_wq_complete(struct work_struct *work)
4805{
4806 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
4807 ew.work);
4808 sdebug_q_cmd_complete(sd_dp);
4809}
4810
4811static bool got_shared_uuid;
4812static uuid_t shared_uuid;
4813
4814static int sdebug_device_create_zones(struct sdebug_dev_info *devip)
4815{
4816 struct sdeb_zone_state *zsp;
4817 sector_t capacity = get_sdebug_capacity();
4818 sector_t zstart = 0;
4819 unsigned int i;
4820
4821 /*
4822 * Set the zone size: if sdeb_zbc_zone_size_mb is not set, figure out
4823 * a zone size allowing for at least 4 zones on the device. Otherwise,
4824 * use the specified zone size checking that at least 2 zones can be
4825 * created for the device.
4826 */
4827 if (!sdeb_zbc_zone_size_mb) {
4828 devip->zsize = (DEF_ZBC_ZONE_SIZE_MB * SZ_1M)
4829 >> ilog2(sdebug_sector_size);
4830 while (capacity < devip->zsize << 2 && devip->zsize >= 2)
4831 devip->zsize >>= 1;
4832 if (devip->zsize < 2) {
4833 pr_err("Device capacity too small\n");
4834 return -EINVAL;
4835 }
4836 } else {
4837 if (!is_power_of_2(sdeb_zbc_zone_size_mb)) {
4838 pr_err("Zone size is not a power of 2\n");
4839 return -EINVAL;
4840 }
4841 devip->zsize = (sdeb_zbc_zone_size_mb * SZ_1M)
4842 >> ilog2(sdebug_sector_size);
4843 if (devip->zsize >= capacity) {
4844 pr_err("Zone size too large for device capacity\n");
4845 return -EINVAL;
4846 }
4847 }
4848
4849 devip->zsize_shift = ilog2(devip->zsize);
4850 devip->nr_zones = (capacity + devip->zsize - 1) >> devip->zsize_shift;
4851
4852 if (sdeb_zbc_nr_conv >= devip->nr_zones) {
4853 pr_err("Number of conventional zones too large\n");
4854 return -EINVAL;
4855 }
4856 devip->nr_conv_zones = sdeb_zbc_nr_conv;
4857
4858 if (devip->zmodel == BLK_ZONED_HM) {
4859 /* zbc_max_open_zones can be 0, meaning "not reported" */
4860 if (sdeb_zbc_max_open >= devip->nr_zones - 1)
4861 devip->max_open = (devip->nr_zones - 1) / 2;
4862 else
4863 devip->max_open = sdeb_zbc_max_open;
4864 }
4865
4866 devip->zstate = kcalloc(devip->nr_zones,
4867 sizeof(struct sdeb_zone_state), GFP_KERNEL);
4868 if (!devip->zstate)
4869 return -ENOMEM;
4870
4871 for (i = 0; i < devip->nr_zones; i++) {
4872 zsp = &devip->zstate[i];
4873
4874 zsp->z_start = zstart;
4875
4876 if (i < devip->nr_conv_zones) {
4877 zsp->z_type = ZBC_ZONE_TYPE_CNV;
4878 zsp->z_cond = ZBC_NOT_WRITE_POINTER;
4879 zsp->z_wp = (sector_t)-1;
4880 } else {
4881 if (devip->zmodel == BLK_ZONED_HM)
4882 zsp->z_type = ZBC_ZONE_TYPE_SWR;
4883 else
4884 zsp->z_type = ZBC_ZONE_TYPE_SWP;
4885 zsp->z_cond = ZC1_EMPTY;
4886 zsp->z_wp = zsp->z_start;
4887 }
4888
4889 if (zsp->z_start + devip->zsize < capacity)
4890 zsp->z_size = devip->zsize;
4891 else
4892 zsp->z_size = capacity - zsp->z_start;
4893
4894 zstart += zsp->z_size;
4895 }
4896
4897 return 0;
4898}
4899
4900static struct sdebug_dev_info *sdebug_device_create(
4901 struct sdebug_host_info *sdbg_host, gfp_t flags)
4902{
4903 struct sdebug_dev_info *devip;
4904
4905 devip = kzalloc(sizeof(*devip), flags);
4906 if (devip) {
4907 if (sdebug_uuid_ctl == 1)
4908 uuid_gen(&devip->lu_name);
4909 else if (sdebug_uuid_ctl == 2) {
4910 if (got_shared_uuid)
4911 devip->lu_name = shared_uuid;
4912 else {
4913 uuid_gen(&shared_uuid);
4914 got_shared_uuid = true;
4915 devip->lu_name = shared_uuid;
4916 }
4917 }
4918 devip->sdbg_host = sdbg_host;
4919 if (sdeb_zbc_in_use) {
4920 devip->zmodel = sdeb_zbc_model;
4921 if (sdebug_device_create_zones(devip)) {
4922 kfree(devip);
4923 return NULL;
4924 }
4925 } else {
4926 devip->zmodel = BLK_ZONED_NONE;
4927 }
4928 devip->sdbg_host = sdbg_host;
4929 devip->create_ts = ktime_get_boottime();
4930 atomic_set(&devip->stopped, (sdeb_tur_ms_to_ready > 0 ? 2 : 0));
4931 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
4932 }
4933 return devip;
4934}
4935
4936static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
4937{
4938 struct sdebug_host_info *sdbg_host;
4939 struct sdebug_dev_info *open_devip = NULL;
4940 struct sdebug_dev_info *devip;
4941
4942 sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
4943 if (!sdbg_host) {
4944 pr_err("Host info NULL\n");
4945 return NULL;
4946 }
4947 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
4948 if ((devip->used) && (devip->channel == sdev->channel) &&
4949 (devip->target == sdev->id) &&
4950 (devip->lun == sdev->lun))
4951 return devip;
4952 else {
4953 if ((!devip->used) && (!open_devip))
4954 open_devip = devip;
4955 }
4956 }
4957 if (!open_devip) { /* try and make a new one */
4958 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
4959 if (!open_devip) {
4960 pr_err("out of memory at line %d\n", __LINE__);
4961 return NULL;
4962 }
4963 }
4964
4965 open_devip->channel = sdev->channel;
4966 open_devip->target = sdev->id;
4967 open_devip->lun = sdev->lun;
4968 open_devip->sdbg_host = sdbg_host;
4969 atomic_set(&open_devip->num_in_q, 0);
4970 set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
4971 open_devip->used = true;
4972 return open_devip;
4973}
4974
4975static int scsi_debug_slave_alloc(struct scsi_device *sdp)
4976{
4977 if (sdebug_verbose)
4978 pr_info("slave_alloc <%u %u %u %llu>\n",
4979 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
4980 return 0;
4981}
4982
4983static int scsi_debug_slave_configure(struct scsi_device *sdp)
4984{
4985 struct sdebug_dev_info *devip =
4986 (struct sdebug_dev_info *)sdp->hostdata;
4987
4988 if (sdebug_verbose)
4989 pr_info("slave_configure <%u %u %u %llu>\n",
4990 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
4991 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
4992 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
4993 if (devip == NULL) {
4994 devip = find_build_dev_info(sdp);
4995 if (devip == NULL)
4996 return 1; /* no resources, will be marked offline */
4997 }
4998 sdp->hostdata = devip;
4999 if (sdebug_no_uld)
5000 sdp->no_uld_attach = 1;
5001 config_cdb_len(sdp);
5002 return 0;
5003}
5004
5005static void scsi_debug_slave_destroy(struct scsi_device *sdp)
5006{
5007 struct sdebug_dev_info *devip =
5008 (struct sdebug_dev_info *)sdp->hostdata;
5009
5010 if (sdebug_verbose)
5011 pr_info("slave_destroy <%u %u %u %llu>\n",
5012 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5013 if (devip) {
5014 /* make this slot available for re-use */
5015 devip->used = false;
5016 sdp->hostdata = NULL;
5017 }
5018}
5019
5020static void stop_qc_helper(struct sdebug_defer *sd_dp,
5021 enum sdeb_defer_type defer_t)
5022{
5023 if (!sd_dp)
5024 return;
5025 if (defer_t == SDEB_DEFER_HRT)
5026 hrtimer_cancel(&sd_dp->hrt);
5027 else if (defer_t == SDEB_DEFER_WQ)
5028 cancel_work_sync(&sd_dp->ew.work);
5029}
5030
5031/* If @cmnd found deletes its timer or work queue and returns true; else
5032 returns false */
5033static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
5034{
5035 unsigned long iflags;
5036 int j, k, qmax, r_qmax;
5037 enum sdeb_defer_type l_defer_t;
5038 struct sdebug_queue *sqp;
5039 struct sdebug_queued_cmd *sqcp;
5040 struct sdebug_dev_info *devip;
5041 struct sdebug_defer *sd_dp;
5042
5043 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5044 spin_lock_irqsave(&sqp->qc_lock, iflags);
5045 qmax = sdebug_max_queue;
5046 r_qmax = atomic_read(&retired_max_queue);
5047 if (r_qmax > qmax)
5048 qmax = r_qmax;
5049 for (k = 0; k < qmax; ++k) {
5050 if (test_bit(k, sqp->in_use_bm)) {
5051 sqcp = &sqp->qc_arr[k];
5052 if (cmnd != sqcp->a_cmnd)
5053 continue;
5054 /* found */
5055 devip = (struct sdebug_dev_info *)
5056 cmnd->device->hostdata;
5057 if (devip)
5058 atomic_dec(&devip->num_in_q);
5059 sqcp->a_cmnd = NULL;
5060 sd_dp = sqcp->sd_dp;
5061 if (sd_dp) {
5062 l_defer_t = sd_dp->defer_t;
5063 sd_dp->defer_t = SDEB_DEFER_NONE;
5064 } else
5065 l_defer_t = SDEB_DEFER_NONE;
5066 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5067 stop_qc_helper(sd_dp, l_defer_t);
5068 clear_bit(k, sqp->in_use_bm);
5069 return true;
5070 }
5071 }
5072 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5073 }
5074 return false;
5075}
5076
5077/* Deletes (stops) timers or work queues of all queued commands */
5078static void stop_all_queued(void)
5079{
5080 unsigned long iflags;
5081 int j, k;
5082 enum sdeb_defer_type l_defer_t;
5083 struct sdebug_queue *sqp;
5084 struct sdebug_queued_cmd *sqcp;
5085 struct sdebug_dev_info *devip;
5086 struct sdebug_defer *sd_dp;
5087
5088 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5089 spin_lock_irqsave(&sqp->qc_lock, iflags);
5090 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
5091 if (test_bit(k, sqp->in_use_bm)) {
5092 sqcp = &sqp->qc_arr[k];
5093 if (sqcp->a_cmnd == NULL)
5094 continue;
5095 devip = (struct sdebug_dev_info *)
5096 sqcp->a_cmnd->device->hostdata;
5097 if (devip)
5098 atomic_dec(&devip->num_in_q);
5099 sqcp->a_cmnd = NULL;
5100 sd_dp = sqcp->sd_dp;
5101 if (sd_dp) {
5102 l_defer_t = sd_dp->defer_t;
5103 sd_dp->defer_t = SDEB_DEFER_NONE;
5104 } else
5105 l_defer_t = SDEB_DEFER_NONE;
5106 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5107 stop_qc_helper(sd_dp, l_defer_t);
5108 clear_bit(k, sqp->in_use_bm);
5109 spin_lock_irqsave(&sqp->qc_lock, iflags);
5110 }
5111 }
5112 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5113 }
5114}
5115
5116/* Free queued command memory on heap */
5117static void free_all_queued(void)
5118{
5119 int j, k;
5120 struct sdebug_queue *sqp;
5121 struct sdebug_queued_cmd *sqcp;
5122
5123 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5124 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
5125 sqcp = &sqp->qc_arr[k];
5126 kfree(sqcp->sd_dp);
5127 sqcp->sd_dp = NULL;
5128 }
5129 }
5130}
5131
5132static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
5133{
5134 bool ok;
5135
5136 ++num_aborts;
5137 if (SCpnt) {
5138 ok = stop_queued_cmnd(SCpnt);
5139 if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
5140 sdev_printk(KERN_INFO, SCpnt->device,
5141 "%s: command%s found\n", __func__,
5142 ok ? "" : " not");
5143 }
5144 return SUCCESS;
5145}
5146
5147static int scsi_debug_device_reset(struct scsi_cmnd *SCpnt)
5148{
5149 ++num_dev_resets;
5150 if (SCpnt && SCpnt->device) {
5151 struct scsi_device *sdp = SCpnt->device;
5152 struct sdebug_dev_info *devip =
5153 (struct sdebug_dev_info *)sdp->hostdata;
5154
5155 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5156 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5157 if (devip)
5158 set_bit(SDEBUG_UA_POR, devip->uas_bm);
5159 }
5160 return SUCCESS;
5161}
5162
5163static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
5164{
5165 struct sdebug_host_info *sdbg_host;
5166 struct sdebug_dev_info *devip;
5167 struct scsi_device *sdp;
5168 struct Scsi_Host *hp;
5169 int k = 0;
5170
5171 ++num_target_resets;
5172 if (!SCpnt)
5173 goto lie;
5174 sdp = SCpnt->device;
5175 if (!sdp)
5176 goto lie;
5177 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5178 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5179 hp = sdp->host;
5180 if (!hp)
5181 goto lie;
5182 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
5183 if (sdbg_host) {
5184 list_for_each_entry(devip,
5185 &sdbg_host->dev_info_list,
5186 dev_list)
5187 if (devip->target == sdp->id) {
5188 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5189 ++k;
5190 }
5191 }
5192 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5193 sdev_printk(KERN_INFO, sdp,
5194 "%s: %d device(s) found in target\n", __func__, k);
5195lie:
5196 return SUCCESS;
5197}
5198
5199static int scsi_debug_bus_reset(struct scsi_cmnd *SCpnt)
5200{
5201 struct sdebug_host_info *sdbg_host;
5202 struct sdebug_dev_info *devip;
5203 struct scsi_device *sdp;
5204 struct Scsi_Host *hp;
5205 int k = 0;
5206
5207 ++num_bus_resets;
5208 if (!(SCpnt && SCpnt->device))
5209 goto lie;
5210 sdp = SCpnt->device;
5211 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5212 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5213 hp = sdp->host;
5214 if (hp) {
5215 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
5216 if (sdbg_host) {
5217 list_for_each_entry(devip,
5218 &sdbg_host->dev_info_list,
5219 dev_list) {
5220 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5221 ++k;
5222 }
5223 }
5224 }
5225 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5226 sdev_printk(KERN_INFO, sdp,
5227 "%s: %d device(s) found in host\n", __func__, k);
5228lie:
5229 return SUCCESS;
5230}
5231
5232static int scsi_debug_host_reset(struct scsi_cmnd *SCpnt)
5233{
5234 struct sdebug_host_info *sdbg_host;
5235 struct sdebug_dev_info *devip;
5236 int k = 0;
5237
5238 ++num_host_resets;
5239 if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
5240 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
5241 spin_lock(&sdebug_host_list_lock);
5242 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
5243 list_for_each_entry(devip, &sdbg_host->dev_info_list,
5244 dev_list) {
5245 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5246 ++k;
5247 }
5248 }
5249 spin_unlock(&sdebug_host_list_lock);
5250 stop_all_queued();
5251 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5252 sdev_printk(KERN_INFO, SCpnt->device,
5253 "%s: %d device(s) found\n", __func__, k);
5254 return SUCCESS;
5255}
5256
5257static void sdebug_build_parts(unsigned char *ramp, unsigned long store_size)
5258{
5259 struct msdos_partition *pp;
5260 int starts[SDEBUG_MAX_PARTS + 2];
5261 int sectors_per_part, num_sectors, k;
5262 int heads_by_sects, start_sec, end_sec;
5263
5264 /* assume partition table already zeroed */
5265 if ((sdebug_num_parts < 1) || (store_size < 1048576))
5266 return;
5267 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
5268 sdebug_num_parts = SDEBUG_MAX_PARTS;
5269 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
5270 }
5271 num_sectors = (int)sdebug_store_sectors;
5272 sectors_per_part = (num_sectors - sdebug_sectors_per)
5273 / sdebug_num_parts;
5274 heads_by_sects = sdebug_heads * sdebug_sectors_per;
5275 starts[0] = sdebug_sectors_per;
5276 for (k = 1; k < sdebug_num_parts; ++k)
5277 starts[k] = ((k * sectors_per_part) / heads_by_sects)
5278 * heads_by_sects;
5279 starts[sdebug_num_parts] = num_sectors;
5280 starts[sdebug_num_parts + 1] = 0;
5281
5282 ramp[510] = 0x55; /* magic partition markings */
5283 ramp[511] = 0xAA;
5284 pp = (struct msdos_partition *)(ramp + 0x1be);
5285 for (k = 0; starts[k + 1]; ++k, ++pp) {
5286 start_sec = starts[k];
5287 end_sec = starts[k + 1] - 1;
5288 pp->boot_ind = 0;
5289
5290 pp->cyl = start_sec / heads_by_sects;
5291 pp->head = (start_sec - (pp->cyl * heads_by_sects))
5292 / sdebug_sectors_per;
5293 pp->sector = (start_sec % sdebug_sectors_per) + 1;
5294
5295 pp->end_cyl = end_sec / heads_by_sects;
5296 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
5297 / sdebug_sectors_per;
5298 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
5299
5300 pp->start_sect = cpu_to_le32(start_sec);
5301 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
5302 pp->sys_ind = 0x83; /* plain Linux partition */
5303 }
5304}
5305
5306static void block_unblock_all_queues(bool block)
5307{
5308 int j;
5309 struct sdebug_queue *sqp;
5310
5311 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
5312 atomic_set(&sqp->blocked, (int)block);
5313}
5314
5315/* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
5316 * commands will be processed normally before triggers occur.
5317 */
5318static void tweak_cmnd_count(void)
5319{
5320 int count, modulo;
5321
5322 modulo = abs(sdebug_every_nth);
5323 if (modulo < 2)
5324 return;
5325 block_unblock_all_queues(true);
5326 count = atomic_read(&sdebug_cmnd_count);
5327 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
5328 block_unblock_all_queues(false);
5329}
5330
5331static void clear_queue_stats(void)
5332{
5333 atomic_set(&sdebug_cmnd_count, 0);
5334 atomic_set(&sdebug_completions, 0);
5335 atomic_set(&sdebug_miss_cpus, 0);
5336 atomic_set(&sdebug_a_tsf, 0);
5337}
5338
5339static bool inject_on_this_cmd(void)
5340{
5341 if (sdebug_every_nth == 0)
5342 return false;
5343 return (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) == 0;
5344}
5345
5346#define INCLUSIVE_TIMING_MAX_NS 1000000 /* 1 millisecond */
5347
5348/* Complete the processing of the thread that queued a SCSI command to this
5349 * driver. It either completes the command by calling cmnd_done() or
5350 * schedules a hr timer or work queue then returns 0. Returns
5351 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
5352 */
5353static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
5354 int scsi_result,
5355 int (*pfp)(struct scsi_cmnd *,
5356 struct sdebug_dev_info *),
5357 int delta_jiff, int ndelay)
5358{
5359 bool new_sd_dp;
5360 bool inject = false;
5361 int k, num_in_q, qdepth;
5362 unsigned long iflags;
5363 u64 ns_from_boot = 0;
5364 struct sdebug_queue *sqp;
5365 struct sdebug_queued_cmd *sqcp;
5366 struct scsi_device *sdp;
5367 struct sdebug_defer *sd_dp;
5368
5369 if (unlikely(devip == NULL)) {
5370 if (scsi_result == 0)
5371 scsi_result = DID_NO_CONNECT << 16;
5372 goto respond_in_thread;
5373 }
5374 sdp = cmnd->device;
5375
5376 if (delta_jiff == 0)
5377 goto respond_in_thread;
5378
5379 sqp = get_queue(cmnd);
5380 spin_lock_irqsave(&sqp->qc_lock, iflags);
5381 if (unlikely(atomic_read(&sqp->blocked))) {
5382 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5383 return SCSI_MLQUEUE_HOST_BUSY;
5384 }
5385 num_in_q = atomic_read(&devip->num_in_q);
5386 qdepth = cmnd->device->queue_depth;
5387 if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
5388 if (scsi_result) {
5389 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5390 goto respond_in_thread;
5391 } else
5392 scsi_result = device_qfull_result;
5393 } else if (unlikely(sdebug_every_nth &&
5394 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
5395 (scsi_result == 0))) {
5396 if ((num_in_q == (qdepth - 1)) &&
5397 (atomic_inc_return(&sdebug_a_tsf) >=
5398 abs(sdebug_every_nth))) {
5399 atomic_set(&sdebug_a_tsf, 0);
5400 inject = true;
5401 scsi_result = device_qfull_result;
5402 }
5403 }
5404
5405 k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
5406 if (unlikely(k >= sdebug_max_queue)) {
5407 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5408 if (scsi_result)
5409 goto respond_in_thread;
5410 else if (SDEBUG_OPT_ALL_TSF & sdebug_opts)
5411 scsi_result = device_qfull_result;
5412 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
5413 sdev_printk(KERN_INFO, sdp,
5414 "%s: max_queue=%d exceeded, %s\n",
5415 __func__, sdebug_max_queue,
5416 (scsi_result ? "status: TASK SET FULL" :
5417 "report: host busy"));
5418 if (scsi_result)
5419 goto respond_in_thread;
5420 else
5421 return SCSI_MLQUEUE_HOST_BUSY;
5422 }
5423 set_bit(k, sqp->in_use_bm);
5424 atomic_inc(&devip->num_in_q);
5425 sqcp = &sqp->qc_arr[k];
5426 sqcp->a_cmnd = cmnd;
5427 cmnd->host_scribble = (unsigned char *)sqcp;
5428 sd_dp = sqcp->sd_dp;
5429 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5430 if (!sd_dp) {
5431 sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
5432 if (!sd_dp) {
5433 atomic_dec(&devip->num_in_q);
5434 clear_bit(k, sqp->in_use_bm);
5435 return SCSI_MLQUEUE_HOST_BUSY;
5436 }
5437 new_sd_dp = true;
5438 } else {
5439 new_sd_dp = false;
5440 }
5441
5442 /* Set the hostwide tag */
5443 if (sdebug_host_max_queue)
5444 sd_dp->hc_idx = get_tag(cmnd);
5445
5446 if (ndelay > 0 && ndelay < INCLUSIVE_TIMING_MAX_NS)
5447 ns_from_boot = ktime_get_boottime_ns();
5448
5449 /* one of the resp_*() response functions is called here */
5450 cmnd->result = pfp ? pfp(cmnd, devip) : 0;
5451 if (cmnd->result & SDEG_RES_IMMED_MASK) {
5452 cmnd->result &= ~SDEG_RES_IMMED_MASK;
5453 delta_jiff = ndelay = 0;
5454 }
5455 if (cmnd->result == 0 && scsi_result != 0)
5456 cmnd->result = scsi_result;
5457 if (cmnd->result == 0 && unlikely(sdebug_opts & SDEBUG_OPT_TRANSPORT_ERR)) {
5458 if (atomic_read(&sdeb_inject_pending)) {
5459 mk_sense_buffer(cmnd, ABORTED_COMMAND, TRANSPORT_PROBLEM, ACK_NAK_TO);
5460 atomic_set(&sdeb_inject_pending, 0);
5461 cmnd->result = check_condition_result;
5462 }
5463 }
5464
5465 if (unlikely(sdebug_verbose && cmnd->result))
5466 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
5467 __func__, cmnd->result);
5468
5469 if (delta_jiff > 0 || ndelay > 0) {
5470 ktime_t kt;
5471
5472 if (delta_jiff > 0) {
5473 u64 ns = jiffies_to_nsecs(delta_jiff);
5474
5475 if (sdebug_random && ns < U32_MAX) {
5476 ns = prandom_u32_max((u32)ns);
5477 } else if (sdebug_random) {
5478 ns >>= 12; /* scale to 4 usec precision */
5479 if (ns < U32_MAX) /* over 4 hours max */
5480 ns = prandom_u32_max((u32)ns);
5481 ns <<= 12;
5482 }
5483 kt = ns_to_ktime(ns);
5484 } else { /* ndelay has a 4.2 second max */
5485 kt = sdebug_random ? prandom_u32_max((u32)ndelay) :
5486 (u32)ndelay;
5487 if (ndelay < INCLUSIVE_TIMING_MAX_NS) {
5488 u64 d = ktime_get_boottime_ns() - ns_from_boot;
5489
5490 if (kt <= d) { /* elapsed duration >= kt */
5491 spin_lock_irqsave(&sqp->qc_lock, iflags);
5492 sqcp->a_cmnd = NULL;
5493 atomic_dec(&devip->num_in_q);
5494 clear_bit(k, sqp->in_use_bm);
5495 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5496 if (new_sd_dp)
5497 kfree(sd_dp);
5498 /* call scsi_done() from this thread */
5499 cmnd->scsi_done(cmnd);
5500 return 0;
5501 }
5502 /* otherwise reduce kt by elapsed time */
5503 kt -= d;
5504 }
5505 }
5506 if (!sd_dp->init_hrt) {
5507 sd_dp->init_hrt = true;
5508 sqcp->sd_dp = sd_dp;
5509 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
5510 HRTIMER_MODE_REL_PINNED);
5511 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
5512 sd_dp->sqa_idx = sqp - sdebug_q_arr;
5513 sd_dp->qc_idx = k;
5514 }
5515 if (sdebug_statistics)
5516 sd_dp->issuing_cpu = raw_smp_processor_id();
5517 sd_dp->defer_t = SDEB_DEFER_HRT;
5518 /* schedule the invocation of scsi_done() for a later time */
5519 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
5520 } else { /* jdelay < 0, use work queue */
5521 if (!sd_dp->init_wq) {
5522 sd_dp->init_wq = true;
5523 sqcp->sd_dp = sd_dp;
5524 sd_dp->sqa_idx = sqp - sdebug_q_arr;
5525 sd_dp->qc_idx = k;
5526 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
5527 }
5528 if (sdebug_statistics)
5529 sd_dp->issuing_cpu = raw_smp_processor_id();
5530 sd_dp->defer_t = SDEB_DEFER_WQ;
5531 if (unlikely((sdebug_opts & SDEBUG_OPT_CMD_ABORT) &&
5532 atomic_read(&sdeb_inject_pending)))
5533 sd_dp->aborted = true;
5534 schedule_work(&sd_dp->ew.work);
5535 if (unlikely((sdebug_opts & SDEBUG_OPT_CMD_ABORT) &&
5536 atomic_read(&sdeb_inject_pending))) {
5537 sdev_printk(KERN_INFO, sdp, "abort request tag %d\n", cmnd->request->tag);
5538 blk_abort_request(cmnd->request);
5539 atomic_set(&sdeb_inject_pending, 0);
5540 }
5541 }
5542 if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) && scsi_result == device_qfull_result))
5543 sdev_printk(KERN_INFO, sdp, "%s: num_in_q=%d +1, %s%s\n", __func__,
5544 num_in_q, (inject ? "<inject> " : ""), "status: TASK SET FULL");
5545 return 0;
5546
5547respond_in_thread: /* call back to mid-layer using invocation thread */
5548 cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
5549 cmnd->result &= ~SDEG_RES_IMMED_MASK;
5550 if (cmnd->result == 0 && scsi_result != 0)
5551 cmnd->result = scsi_result;
5552 cmnd->scsi_done(cmnd);
5553 return 0;
5554}
5555
5556/* Note: The following macros create attribute files in the
5557 /sys/module/scsi_debug/parameters directory. Unfortunately this
5558 driver is unaware of a change and cannot trigger auxiliary actions
5559 as it can when the corresponding attribute in the
5560 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
5561 */
5562module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
5563module_param_named(ato, sdebug_ato, int, S_IRUGO);
5564module_param_named(cdb_len, sdebug_cdb_len, int, 0644);
5565module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
5566module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
5567module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
5568module_param_named(dif, sdebug_dif, int, S_IRUGO);
5569module_param_named(dix, sdebug_dix, int, S_IRUGO);
5570module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
5571module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
5572module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
5573module_param_named(guard, sdebug_guard, uint, S_IRUGO);
5574module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
5575module_param_named(host_max_queue, sdebug_host_max_queue, int, S_IRUGO);
5576module_param_string(inq_product, sdebug_inq_product_id,
5577 sizeof(sdebug_inq_product_id), S_IRUGO | S_IWUSR);
5578module_param_string(inq_rev, sdebug_inq_product_rev,
5579 sizeof(sdebug_inq_product_rev), S_IRUGO | S_IWUSR);
5580module_param_string(inq_vendor, sdebug_inq_vendor_id,
5581 sizeof(sdebug_inq_vendor_id), S_IRUGO | S_IWUSR);
5582module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
5583module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
5584module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
5585module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
5586module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
5587module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
5588module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
5589module_param_named(medium_error_count, sdebug_medium_error_count, int,
5590 S_IRUGO | S_IWUSR);
5591module_param_named(medium_error_start, sdebug_medium_error_start, int,
5592 S_IRUGO | S_IWUSR);
5593module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
5594module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
5595module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
5596module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
5597module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
5598module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
5599module_param_named(opt_xferlen_exp, sdebug_opt_xferlen_exp, int, S_IRUGO);
5600module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
5601module_param_named(per_host_store, sdebug_per_host_store, bool,
5602 S_IRUGO | S_IWUSR);
5603module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
5604module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
5605module_param_named(random, sdebug_random, bool, S_IRUGO | S_IWUSR);
5606module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
5607module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
5608module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
5609module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
5610module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
5611module_param_named(submit_queues, submit_queues, int, S_IRUGO);
5612module_param_named(tur_ms_to_ready, sdeb_tur_ms_to_ready, int, S_IRUGO);
5613module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
5614module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
5615module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
5616module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
5617module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
5618module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
5619module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
5620 S_IRUGO | S_IWUSR);
5621module_param_named(wp, sdebug_wp, bool, S_IRUGO | S_IWUSR);
5622module_param_named(write_same_length, sdebug_write_same_length, int,
5623 S_IRUGO | S_IWUSR);
5624module_param_named(zbc, sdeb_zbc_model_s, charp, S_IRUGO);
5625module_param_named(zone_max_open, sdeb_zbc_max_open, int, S_IRUGO);
5626module_param_named(zone_nr_conv, sdeb_zbc_nr_conv, int, S_IRUGO);
5627module_param_named(zone_size_mb, sdeb_zbc_zone_size_mb, int, S_IRUGO);
5628
5629MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
5630MODULE_DESCRIPTION("SCSI debug adapter driver");
5631MODULE_LICENSE("GPL");
5632MODULE_VERSION(SDEBUG_VERSION);
5633
5634MODULE_PARM_DESC(add_host, "add n hosts, in sysfs if negative remove host(s) (def=1)");
5635MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
5636MODULE_PARM_DESC(cdb_len, "suggest CDB lengths to drivers (def=10)");
5637MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
5638MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
5639MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
5640MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
5641MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
5642MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
5643MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
5644MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
5645MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
5646MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
5647MODULE_PARM_DESC(host_max_queue,
5648 "host max # of queued cmds (0 to max(def) [max_queue fixed equal for !0])");
5649MODULE_PARM_DESC(inq_product, "SCSI INQUIRY product string (def=\"scsi_debug\")");
5650MODULE_PARM_DESC(inq_rev, "SCSI INQUIRY revision string (def=\""
5651 SDEBUG_VERSION "\")");
5652MODULE_PARM_DESC(inq_vendor, "SCSI INQUIRY vendor string (def=\"Linux\")");
5653MODULE_PARM_DESC(lbprz,
5654 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
5655MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
5656MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
5657MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
5658MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
5659MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
5660MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
5661MODULE_PARM_DESC(medium_error_count, "count of sectors to return follow on MEDIUM error");
5662MODULE_PARM_DESC(medium_error_start, "starting sector number to return MEDIUM error");
5663MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
5664MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
5665MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
5666MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
5667MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
5668MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
5669MODULE_PARM_DESC(opt_xferlen_exp, "optimal transfer length granularity exponent (def=physblk_exp)");
5670MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
5671MODULE_PARM_DESC(per_host_store, "If set, next positive add_host will get new store (def=0)");
5672MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
5673MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
5674MODULE_PARM_DESC(random, "If set, uniformly randomize command duration between 0 and delay_in_ns");
5675MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
5676MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
5677MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
5678MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
5679MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
5680MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
5681MODULE_PARM_DESC(tur_ms_to_ready, "TEST UNIT READY millisecs before initial good status (def=0)");
5682MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
5683MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
5684MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
5685MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
5686MODULE_PARM_DESC(uuid_ctl,
5687 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
5688MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
5689MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
5690MODULE_PARM_DESC(wp, "Write Protect (def=0)");
5691MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
5692MODULE_PARM_DESC(zbc, "'none' [0]; 'aware' [1]; 'managed' [2] (def=0). Can have 'host-' prefix");
5693MODULE_PARM_DESC(zone_max_open, "Maximum number of open zones; [0] for no limit (def=auto)");
5694MODULE_PARM_DESC(zone_nr_conv, "Number of conventional zones (def=1)");
5695MODULE_PARM_DESC(zone_size_mb, "Zone size in MiB (def=auto)");
5696
5697#define SDEBUG_INFO_LEN 256
5698static char sdebug_info[SDEBUG_INFO_LEN];
5699
5700static const char *scsi_debug_info(struct Scsi_Host *shp)
5701{
5702 int k;
5703
5704 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
5705 my_name, SDEBUG_VERSION, sdebug_version_date);
5706 if (k >= (SDEBUG_INFO_LEN - 1))
5707 return sdebug_info;
5708 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
5709 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
5710 sdebug_dev_size_mb, sdebug_opts, submit_queues,
5711 "statistics", (int)sdebug_statistics);
5712 return sdebug_info;
5713}
5714
5715/* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
5716static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
5717 int length)
5718{
5719 char arr[16];
5720 int opts;
5721 int minLen = length > 15 ? 15 : length;
5722
5723 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
5724 return -EACCES;
5725 memcpy(arr, buffer, minLen);
5726 arr[minLen] = '\0';
5727 if (1 != sscanf(arr, "%d", &opts))
5728 return -EINVAL;
5729 sdebug_opts = opts;
5730 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
5731 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
5732 if (sdebug_every_nth != 0)
5733 tweak_cmnd_count();
5734 return length;
5735}
5736
5737/* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
5738 * same for each scsi_debug host (if more than one). Some of the counters
5739 * output are not atomics so might be inaccurate in a busy system. */
5740static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
5741{
5742 int f, j, l;
5743 struct sdebug_queue *sqp;
5744 struct sdebug_host_info *sdhp;
5745
5746 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
5747 SDEBUG_VERSION, sdebug_version_date);
5748 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
5749 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
5750 sdebug_opts, sdebug_every_nth);
5751 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
5752 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
5753 sdebug_sector_size, "bytes");
5754 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
5755 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
5756 num_aborts);
5757 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
5758 num_dev_resets, num_target_resets, num_bus_resets,
5759 num_host_resets);
5760 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
5761 dix_reads, dix_writes, dif_errors);
5762 seq_printf(m, "usec_in_jiffy=%lu, statistics=%d\n", TICK_NSEC / 1000,
5763 sdebug_statistics);
5764 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
5765 atomic_read(&sdebug_cmnd_count),
5766 atomic_read(&sdebug_completions),
5767 "miss_cpus", atomic_read(&sdebug_miss_cpus),
5768 atomic_read(&sdebug_a_tsf));
5769
5770 seq_printf(m, "submit_queues=%d\n", submit_queues);
5771 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5772 seq_printf(m, " queue %d:\n", j);
5773 f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
5774 if (f != sdebug_max_queue) {
5775 l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
5776 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
5777 "first,last bits", f, l);
5778 }
5779 }
5780
5781 seq_printf(m, "this host_no=%d\n", host->host_no);
5782 if (!xa_empty(per_store_ap)) {
5783 bool niu;
5784 int idx;
5785 unsigned long l_idx;
5786 struct sdeb_store_info *sip;
5787
5788 seq_puts(m, "\nhost list:\n");
5789 j = 0;
5790 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
5791 idx = sdhp->si_idx;
5792 seq_printf(m, " %d: host_no=%d, si_idx=%d\n", j,
5793 sdhp->shost->host_no, idx);
5794 ++j;
5795 }
5796 seq_printf(m, "\nper_store array [most_recent_idx=%d]:\n",
5797 sdeb_most_recent_idx);
5798 j = 0;
5799 xa_for_each(per_store_ap, l_idx, sip) {
5800 niu = xa_get_mark(per_store_ap, l_idx,
5801 SDEB_XA_NOT_IN_USE);
5802 idx = (int)l_idx;
5803 seq_printf(m, " %d: idx=%d%s\n", j, idx,
5804 (niu ? " not_in_use" : ""));
5805 ++j;
5806 }
5807 }
5808 return 0;
5809}
5810
5811static ssize_t delay_show(struct device_driver *ddp, char *buf)
5812{
5813 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
5814}
5815/* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
5816 * of delay is jiffies.
5817 */
5818static ssize_t delay_store(struct device_driver *ddp, const char *buf,
5819 size_t count)
5820{
5821 int jdelay, res;
5822
5823 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
5824 res = count;
5825 if (sdebug_jdelay != jdelay) {
5826 int j, k;
5827 struct sdebug_queue *sqp;
5828
5829 block_unblock_all_queues(true);
5830 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
5831 ++j, ++sqp) {
5832 k = find_first_bit(sqp->in_use_bm,
5833 sdebug_max_queue);
5834 if (k != sdebug_max_queue) {
5835 res = -EBUSY; /* queued commands */
5836 break;
5837 }
5838 }
5839 if (res > 0) {
5840 sdebug_jdelay = jdelay;
5841 sdebug_ndelay = 0;
5842 }
5843 block_unblock_all_queues(false);
5844 }
5845 return res;
5846 }
5847 return -EINVAL;
5848}
5849static DRIVER_ATTR_RW(delay);
5850
5851static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
5852{
5853 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
5854}
5855/* Returns -EBUSY if ndelay is being changed and commands are queued */
5856/* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
5857static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
5858 size_t count)
5859{
5860 int ndelay, res;
5861
5862 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
5863 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
5864 res = count;
5865 if (sdebug_ndelay != ndelay) {
5866 int j, k;
5867 struct sdebug_queue *sqp;
5868
5869 block_unblock_all_queues(true);
5870 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
5871 ++j, ++sqp) {
5872 k = find_first_bit(sqp->in_use_bm,
5873 sdebug_max_queue);
5874 if (k != sdebug_max_queue) {
5875 res = -EBUSY; /* queued commands */
5876 break;
5877 }
5878 }
5879 if (res > 0) {
5880 sdebug_ndelay = ndelay;
5881 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
5882 : DEF_JDELAY;
5883 }
5884 block_unblock_all_queues(false);
5885 }
5886 return res;
5887 }
5888 return -EINVAL;
5889}
5890static DRIVER_ATTR_RW(ndelay);
5891
5892static ssize_t opts_show(struct device_driver *ddp, char *buf)
5893{
5894 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
5895}
5896
5897static ssize_t opts_store(struct device_driver *ddp, const char *buf,
5898 size_t count)
5899{
5900 int opts;
5901 char work[20];
5902
5903 if (sscanf(buf, "%10s", work) == 1) {
5904 if (strncasecmp(work, "0x", 2) == 0) {
5905 if (kstrtoint(work + 2, 16, &opts) == 0)
5906 goto opts_done;
5907 } else {
5908 if (kstrtoint(work, 10, &opts) == 0)
5909 goto opts_done;
5910 }
5911 }
5912 return -EINVAL;
5913opts_done:
5914 sdebug_opts = opts;
5915 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
5916 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
5917 tweak_cmnd_count();
5918 return count;
5919}
5920static DRIVER_ATTR_RW(opts);
5921
5922static ssize_t ptype_show(struct device_driver *ddp, char *buf)
5923{
5924 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
5925}
5926static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
5927 size_t count)
5928{
5929 int n;
5930
5931 /* Cannot change from or to TYPE_ZBC with sysfs */
5932 if (sdebug_ptype == TYPE_ZBC)
5933 return -EINVAL;
5934
5935 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5936 if (n == TYPE_ZBC)
5937 return -EINVAL;
5938 sdebug_ptype = n;
5939 return count;
5940 }
5941 return -EINVAL;
5942}
5943static DRIVER_ATTR_RW(ptype);
5944
5945static ssize_t dsense_show(struct device_driver *ddp, char *buf)
5946{
5947 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
5948}
5949static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
5950 size_t count)
5951{
5952 int n;
5953
5954 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5955 sdebug_dsense = n;
5956 return count;
5957 }
5958 return -EINVAL;
5959}
5960static DRIVER_ATTR_RW(dsense);
5961
5962static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
5963{
5964 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
5965}
5966static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
5967 size_t count)
5968{
5969 int n, idx;
5970
5971 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5972 bool want_store = (n == 0);
5973 struct sdebug_host_info *sdhp;
5974
5975 n = (n > 0);
5976 sdebug_fake_rw = (sdebug_fake_rw > 0);
5977 if (sdebug_fake_rw == n)
5978 return count; /* not transitioning so do nothing */
5979
5980 if (want_store) { /* 1 --> 0 transition, set up store */
5981 if (sdeb_first_idx < 0) {
5982 idx = sdebug_add_store();
5983 if (idx < 0)
5984 return idx;
5985 } else {
5986 idx = sdeb_first_idx;
5987 xa_clear_mark(per_store_ap, idx,
5988 SDEB_XA_NOT_IN_USE);
5989 }
5990 /* make all hosts use same store */
5991 list_for_each_entry(sdhp, &sdebug_host_list,
5992 host_list) {
5993 if (sdhp->si_idx != idx) {
5994 xa_set_mark(per_store_ap, sdhp->si_idx,
5995 SDEB_XA_NOT_IN_USE);
5996 sdhp->si_idx = idx;
5997 }
5998 }
5999 sdeb_most_recent_idx = idx;
6000 } else { /* 0 --> 1 transition is trigger for shrink */
6001 sdebug_erase_all_stores(true /* apart from first */);
6002 }
6003 sdebug_fake_rw = n;
6004 return count;
6005 }
6006 return -EINVAL;
6007}
6008static DRIVER_ATTR_RW(fake_rw);
6009
6010static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
6011{
6012 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
6013}
6014static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
6015 size_t count)
6016{
6017 int n;
6018
6019 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6020 sdebug_no_lun_0 = n;
6021 return count;
6022 }
6023 return -EINVAL;
6024}
6025static DRIVER_ATTR_RW(no_lun_0);
6026
6027static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
6028{
6029 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
6030}
6031static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
6032 size_t count)
6033{
6034 int n;
6035
6036 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6037 sdebug_num_tgts = n;
6038 sdebug_max_tgts_luns();
6039 return count;
6040 }
6041 return -EINVAL;
6042}
6043static DRIVER_ATTR_RW(num_tgts);
6044
6045static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
6046{
6047 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
6048}
6049static DRIVER_ATTR_RO(dev_size_mb);
6050
6051static ssize_t per_host_store_show(struct device_driver *ddp, char *buf)
6052{
6053 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_per_host_store);
6054}
6055
6056static ssize_t per_host_store_store(struct device_driver *ddp, const char *buf,
6057 size_t count)
6058{
6059 bool v;
6060
6061 if (kstrtobool(buf, &v))
6062 return -EINVAL;
6063
6064 sdebug_per_host_store = v;
6065 return count;
6066}
6067static DRIVER_ATTR_RW(per_host_store);
6068
6069static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
6070{
6071 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
6072}
6073static DRIVER_ATTR_RO(num_parts);
6074
6075static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
6076{
6077 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
6078}
6079static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
6080 size_t count)
6081{
6082 int nth;
6083 char work[20];
6084
6085 if (sscanf(buf, "%10s", work) == 1) {
6086 if (strncasecmp(work, "0x", 2) == 0) {
6087 if (kstrtoint(work + 2, 16, &nth) == 0)
6088 goto every_nth_done;
6089 } else {
6090 if (kstrtoint(work, 10, &nth) == 0)
6091 goto every_nth_done;
6092 }
6093 }
6094 return -EINVAL;
6095
6096every_nth_done:
6097 sdebug_every_nth = nth;
6098 if (nth && !sdebug_statistics) {
6099 pr_info("every_nth needs statistics=1, set it\n");
6100 sdebug_statistics = true;
6101 }
6102 tweak_cmnd_count();
6103 return count;
6104}
6105static DRIVER_ATTR_RW(every_nth);
6106
6107static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
6108{
6109 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
6110}
6111static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
6112 size_t count)
6113{
6114 int n;
6115 bool changed;
6116
6117 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6118 if (n > 256) {
6119 pr_warn("max_luns can be no more than 256\n");
6120 return -EINVAL;
6121 }
6122 changed = (sdebug_max_luns != n);
6123 sdebug_max_luns = n;
6124 sdebug_max_tgts_luns();
6125 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
6126 struct sdebug_host_info *sdhp;
6127 struct sdebug_dev_info *dp;
6128
6129 spin_lock(&sdebug_host_list_lock);
6130 list_for_each_entry(sdhp, &sdebug_host_list,
6131 host_list) {
6132 list_for_each_entry(dp, &sdhp->dev_info_list,
6133 dev_list) {
6134 set_bit(SDEBUG_UA_LUNS_CHANGED,
6135 dp->uas_bm);
6136 }
6137 }
6138 spin_unlock(&sdebug_host_list_lock);
6139 }
6140 return count;
6141 }
6142 return -EINVAL;
6143}
6144static DRIVER_ATTR_RW(max_luns);
6145
6146static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
6147{
6148 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
6149}
6150/* N.B. max_queue can be changed while there are queued commands. In flight
6151 * commands beyond the new max_queue will be completed. */
6152static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
6153 size_t count)
6154{
6155 int j, n, k, a;
6156 struct sdebug_queue *sqp;
6157
6158 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
6159 (n <= SDEBUG_CANQUEUE) &&
6160 (sdebug_host_max_queue == 0)) {
6161 block_unblock_all_queues(true);
6162 k = 0;
6163 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
6164 ++j, ++sqp) {
6165 a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
6166 if (a > k)
6167 k = a;
6168 }
6169 sdebug_max_queue = n;
6170 if (k == SDEBUG_CANQUEUE)
6171 atomic_set(&retired_max_queue, 0);
6172 else if (k >= n)
6173 atomic_set(&retired_max_queue, k + 1);
6174 else
6175 atomic_set(&retired_max_queue, 0);
6176 block_unblock_all_queues(false);
6177 return count;
6178 }
6179 return -EINVAL;
6180}
6181static DRIVER_ATTR_RW(max_queue);
6182
6183static ssize_t host_max_queue_show(struct device_driver *ddp, char *buf)
6184{
6185 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_host_max_queue);
6186}
6187
6188/*
6189 * Since this is used for .can_queue, and we get the hc_idx tag from the bitmap
6190 * in range [0, sdebug_host_max_queue), we can't change it.
6191 */
6192static DRIVER_ATTR_RO(host_max_queue);
6193
6194static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
6195{
6196 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
6197}
6198static DRIVER_ATTR_RO(no_uld);
6199
6200static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
6201{
6202 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
6203}
6204static DRIVER_ATTR_RO(scsi_level);
6205
6206static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
6207{
6208 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
6209}
6210static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
6211 size_t count)
6212{
6213 int n;
6214 bool changed;
6215
6216 /* Ignore capacity change for ZBC drives for now */
6217 if (sdeb_zbc_in_use)
6218 return -ENOTSUPP;
6219
6220 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6221 changed = (sdebug_virtual_gb != n);
6222 sdebug_virtual_gb = n;
6223 sdebug_capacity = get_sdebug_capacity();
6224 if (changed) {
6225 struct sdebug_host_info *sdhp;
6226 struct sdebug_dev_info *dp;
6227
6228 spin_lock(&sdebug_host_list_lock);
6229 list_for_each_entry(sdhp, &sdebug_host_list,
6230 host_list) {
6231 list_for_each_entry(dp, &sdhp->dev_info_list,
6232 dev_list) {
6233 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
6234 dp->uas_bm);
6235 }
6236 }
6237 spin_unlock(&sdebug_host_list_lock);
6238 }
6239 return count;
6240 }
6241 return -EINVAL;
6242}
6243static DRIVER_ATTR_RW(virtual_gb);
6244
6245static ssize_t add_host_show(struct device_driver *ddp, char *buf)
6246{
6247 /* absolute number of hosts currently active is what is shown */
6248 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_hosts);
6249}
6250
6251static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
6252 size_t count)
6253{
6254 bool found;
6255 unsigned long idx;
6256 struct sdeb_store_info *sip;
6257 bool want_phs = (sdebug_fake_rw == 0) && sdebug_per_host_store;
6258 int delta_hosts;
6259
6260 if (sscanf(buf, "%d", &delta_hosts) != 1)
6261 return -EINVAL;
6262 if (delta_hosts > 0) {
6263 do {
6264 found = false;
6265 if (want_phs) {
6266 xa_for_each_marked(per_store_ap, idx, sip,
6267 SDEB_XA_NOT_IN_USE) {
6268 sdeb_most_recent_idx = (int)idx;
6269 found = true;
6270 break;
6271 }
6272 if (found) /* re-use case */
6273 sdebug_add_host_helper((int)idx);
6274 else
6275 sdebug_do_add_host(true);
6276 } else {
6277 sdebug_do_add_host(false);
6278 }
6279 } while (--delta_hosts);
6280 } else if (delta_hosts < 0) {
6281 do {
6282 sdebug_do_remove_host(false);
6283 } while (++delta_hosts);
6284 }
6285 return count;
6286}
6287static DRIVER_ATTR_RW(add_host);
6288
6289static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
6290{
6291 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
6292}
6293static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
6294 size_t count)
6295{
6296 int n;
6297
6298 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6299 sdebug_vpd_use_hostno = n;
6300 return count;
6301 }
6302 return -EINVAL;
6303}
6304static DRIVER_ATTR_RW(vpd_use_hostno);
6305
6306static ssize_t statistics_show(struct device_driver *ddp, char *buf)
6307{
6308 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
6309}
6310static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
6311 size_t count)
6312{
6313 int n;
6314
6315 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
6316 if (n > 0)
6317 sdebug_statistics = true;
6318 else {
6319 clear_queue_stats();
6320 sdebug_statistics = false;
6321 }
6322 return count;
6323 }
6324 return -EINVAL;
6325}
6326static DRIVER_ATTR_RW(statistics);
6327
6328static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
6329{
6330 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
6331}
6332static DRIVER_ATTR_RO(sector_size);
6333
6334static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
6335{
6336 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
6337}
6338static DRIVER_ATTR_RO(submit_queues);
6339
6340static ssize_t dix_show(struct device_driver *ddp, char *buf)
6341{
6342 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
6343}
6344static DRIVER_ATTR_RO(dix);
6345
6346static ssize_t dif_show(struct device_driver *ddp, char *buf)
6347{
6348 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
6349}
6350static DRIVER_ATTR_RO(dif);
6351
6352static ssize_t guard_show(struct device_driver *ddp, char *buf)
6353{
6354 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
6355}
6356static DRIVER_ATTR_RO(guard);
6357
6358static ssize_t ato_show(struct device_driver *ddp, char *buf)
6359{
6360 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
6361}
6362static DRIVER_ATTR_RO(ato);
6363
6364static ssize_t map_show(struct device_driver *ddp, char *buf)
6365{
6366 ssize_t count = 0;
6367
6368 if (!scsi_debug_lbp())
6369 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
6370 sdebug_store_sectors);
6371
6372 if (sdebug_fake_rw == 0 && !xa_empty(per_store_ap)) {
6373 struct sdeb_store_info *sip = xa_load(per_store_ap, 0);
6374
6375 if (sip)
6376 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
6377 (int)map_size, sip->map_storep);
6378 }
6379 buf[count++] = '\n';
6380 buf[count] = '\0';
6381
6382 return count;
6383}
6384static DRIVER_ATTR_RO(map);
6385
6386static ssize_t random_show(struct device_driver *ddp, char *buf)
6387{
6388 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_random);
6389}
6390
6391static ssize_t random_store(struct device_driver *ddp, const char *buf,
6392 size_t count)
6393{
6394 bool v;
6395
6396 if (kstrtobool(buf, &v))
6397 return -EINVAL;
6398
6399 sdebug_random = v;
6400 return count;
6401}
6402static DRIVER_ATTR_RW(random);
6403
6404static ssize_t removable_show(struct device_driver *ddp, char *buf)
6405{
6406 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
6407}
6408static ssize_t removable_store(struct device_driver *ddp, const char *buf,
6409 size_t count)
6410{
6411 int n;
6412
6413 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6414 sdebug_removable = (n > 0);
6415 return count;
6416 }
6417 return -EINVAL;
6418}
6419static DRIVER_ATTR_RW(removable);
6420
6421static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
6422{
6423 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
6424}
6425/* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
6426static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
6427 size_t count)
6428{
6429 int n;
6430
6431 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6432 sdebug_host_lock = (n > 0);
6433 return count;
6434 }
6435 return -EINVAL;
6436}
6437static DRIVER_ATTR_RW(host_lock);
6438
6439static ssize_t strict_show(struct device_driver *ddp, char *buf)
6440{
6441 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
6442}
6443static ssize_t strict_store(struct device_driver *ddp, const char *buf,
6444 size_t count)
6445{
6446 int n;
6447
6448 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6449 sdebug_strict = (n > 0);
6450 return count;
6451 }
6452 return -EINVAL;
6453}
6454static DRIVER_ATTR_RW(strict);
6455
6456static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
6457{
6458 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
6459}
6460static DRIVER_ATTR_RO(uuid_ctl);
6461
6462static ssize_t cdb_len_show(struct device_driver *ddp, char *buf)
6463{
6464 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_cdb_len);
6465}
6466static ssize_t cdb_len_store(struct device_driver *ddp, const char *buf,
6467 size_t count)
6468{
6469 int ret, n;
6470
6471 ret = kstrtoint(buf, 0, &n);
6472 if (ret)
6473 return ret;
6474 sdebug_cdb_len = n;
6475 all_config_cdb_len();
6476 return count;
6477}
6478static DRIVER_ATTR_RW(cdb_len);
6479
6480static const char * const zbc_model_strs_a[] = {
6481 [BLK_ZONED_NONE] = "none",
6482 [BLK_ZONED_HA] = "host-aware",
6483 [BLK_ZONED_HM] = "host-managed",
6484};
6485
6486static const char * const zbc_model_strs_b[] = {
6487 [BLK_ZONED_NONE] = "no",
6488 [BLK_ZONED_HA] = "aware",
6489 [BLK_ZONED_HM] = "managed",
6490};
6491
6492static const char * const zbc_model_strs_c[] = {
6493 [BLK_ZONED_NONE] = "0",
6494 [BLK_ZONED_HA] = "1",
6495 [BLK_ZONED_HM] = "2",
6496};
6497
6498static int sdeb_zbc_model_str(const char *cp)
6499{
6500 int res = sysfs_match_string(zbc_model_strs_a, cp);
6501
6502 if (res < 0) {
6503 res = sysfs_match_string(zbc_model_strs_b, cp);
6504 if (res < 0) {
6505 res = sysfs_match_string(zbc_model_strs_c, cp);
6506 if (res < 0)
6507 return -EINVAL;
6508 }
6509 }
6510 return res;
6511}
6512
6513static ssize_t zbc_show(struct device_driver *ddp, char *buf)
6514{
6515 return scnprintf(buf, PAGE_SIZE, "%s\n",
6516 zbc_model_strs_a[sdeb_zbc_model]);
6517}
6518static DRIVER_ATTR_RO(zbc);
6519
6520static ssize_t tur_ms_to_ready_show(struct device_driver *ddp, char *buf)
6521{
6522 return scnprintf(buf, PAGE_SIZE, "%d\n", sdeb_tur_ms_to_ready);
6523}
6524static DRIVER_ATTR_RO(tur_ms_to_ready);
6525
6526/* Note: The following array creates attribute files in the
6527 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
6528 files (over those found in the /sys/module/scsi_debug/parameters
6529 directory) is that auxiliary actions can be triggered when an attribute
6530 is changed. For example see: add_host_store() above.
6531 */
6532
6533static struct attribute *sdebug_drv_attrs[] = {
6534 &driver_attr_delay.attr,
6535 &driver_attr_opts.attr,
6536 &driver_attr_ptype.attr,
6537 &driver_attr_dsense.attr,
6538 &driver_attr_fake_rw.attr,
6539 &driver_attr_host_max_queue.attr,
6540 &driver_attr_no_lun_0.attr,
6541 &driver_attr_num_tgts.attr,
6542 &driver_attr_dev_size_mb.attr,
6543 &driver_attr_num_parts.attr,
6544 &driver_attr_every_nth.attr,
6545 &driver_attr_max_luns.attr,
6546 &driver_attr_max_queue.attr,
6547 &driver_attr_no_uld.attr,
6548 &driver_attr_scsi_level.attr,
6549 &driver_attr_virtual_gb.attr,
6550 &driver_attr_add_host.attr,
6551 &driver_attr_per_host_store.attr,
6552 &driver_attr_vpd_use_hostno.attr,
6553 &driver_attr_sector_size.attr,
6554 &driver_attr_statistics.attr,
6555 &driver_attr_submit_queues.attr,
6556 &driver_attr_dix.attr,
6557 &driver_attr_dif.attr,
6558 &driver_attr_guard.attr,
6559 &driver_attr_ato.attr,
6560 &driver_attr_map.attr,
6561 &driver_attr_random.attr,
6562 &driver_attr_removable.attr,
6563 &driver_attr_host_lock.attr,
6564 &driver_attr_ndelay.attr,
6565 &driver_attr_strict.attr,
6566 &driver_attr_uuid_ctl.attr,
6567 &driver_attr_cdb_len.attr,
6568 &driver_attr_tur_ms_to_ready.attr,
6569 &driver_attr_zbc.attr,
6570 NULL,
6571};
6572ATTRIBUTE_GROUPS(sdebug_drv);
6573
6574static struct device *pseudo_primary;
6575
6576static int __init scsi_debug_init(void)
6577{
6578 bool want_store = (sdebug_fake_rw == 0);
6579 unsigned long sz;
6580 int k, ret, hosts_to_add;
6581 int idx = -1;
6582
6583 ramdisk_lck_a[0] = &atomic_rw;
6584 ramdisk_lck_a[1] = &atomic_rw2;
6585 atomic_set(&retired_max_queue, 0);
6586
6587 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
6588 pr_warn("ndelay must be less than 1 second, ignored\n");
6589 sdebug_ndelay = 0;
6590 } else if (sdebug_ndelay > 0)
6591 sdebug_jdelay = JDELAY_OVERRIDDEN;
6592
6593 switch (sdebug_sector_size) {
6594 case 512:
6595 case 1024:
6596 case 2048:
6597 case 4096:
6598 break;
6599 default:
6600 pr_err("invalid sector_size %d\n", sdebug_sector_size);
6601 return -EINVAL;
6602 }
6603
6604 switch (sdebug_dif) {
6605 case T10_PI_TYPE0_PROTECTION:
6606 break;
6607 case T10_PI_TYPE1_PROTECTION:
6608 case T10_PI_TYPE2_PROTECTION:
6609 case T10_PI_TYPE3_PROTECTION:
6610 have_dif_prot = true;
6611 break;
6612
6613 default:
6614 pr_err("dif must be 0, 1, 2 or 3\n");
6615 return -EINVAL;
6616 }
6617
6618 if (sdebug_num_tgts < 0) {
6619 pr_err("num_tgts must be >= 0\n");
6620 return -EINVAL;
6621 }
6622
6623 if (sdebug_guard > 1) {
6624 pr_err("guard must be 0 or 1\n");
6625 return -EINVAL;
6626 }
6627
6628 if (sdebug_ato > 1) {
6629 pr_err("ato must be 0 or 1\n");
6630 return -EINVAL;
6631 }
6632
6633 if (sdebug_physblk_exp > 15) {
6634 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
6635 return -EINVAL;
6636 }
6637 if (sdebug_max_luns > 256) {
6638 pr_warn("max_luns can be no more than 256, use default\n");
6639 sdebug_max_luns = DEF_MAX_LUNS;
6640 }
6641
6642 if (sdebug_lowest_aligned > 0x3fff) {
6643 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
6644 return -EINVAL;
6645 }
6646
6647 if (submit_queues < 1) {
6648 pr_err("submit_queues must be 1 or more\n");
6649 return -EINVAL;
6650 }
6651
6652 if ((sdebug_max_queue > SDEBUG_CANQUEUE) || (sdebug_max_queue < 1)) {
6653 pr_err("max_queue must be in range [1, %d]\n", SDEBUG_CANQUEUE);
6654 return -EINVAL;
6655 }
6656
6657 if ((sdebug_host_max_queue > SDEBUG_CANQUEUE) ||
6658 (sdebug_host_max_queue < 0)) {
6659 pr_err("host_max_queue must be in range [0 %d]\n",
6660 SDEBUG_CANQUEUE);
6661 return -EINVAL;
6662 }
6663
6664 if (sdebug_host_max_queue &&
6665 (sdebug_max_queue != sdebug_host_max_queue)) {
6666 sdebug_max_queue = sdebug_host_max_queue;
6667 pr_warn("fixing max submit queue depth to host max queue depth, %d\n",
6668 sdebug_max_queue);
6669 }
6670
6671 sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
6672 GFP_KERNEL);
6673 if (sdebug_q_arr == NULL)
6674 return -ENOMEM;
6675 for (k = 0; k < submit_queues; ++k)
6676 spin_lock_init(&sdebug_q_arr[k].qc_lock);
6677
6678 /*
6679 * check for host managed zoned block device specified with
6680 * ptype=0x14 or zbc=XXX.
6681 */
6682 if (sdebug_ptype == TYPE_ZBC) {
6683 sdeb_zbc_model = BLK_ZONED_HM;
6684 } else if (sdeb_zbc_model_s && *sdeb_zbc_model_s) {
6685 k = sdeb_zbc_model_str(sdeb_zbc_model_s);
6686 if (k < 0) {
6687 ret = k;
6688 goto free_vm;
6689 }
6690 sdeb_zbc_model = k;
6691 switch (sdeb_zbc_model) {
6692 case BLK_ZONED_NONE:
6693 case BLK_ZONED_HA:
6694 sdebug_ptype = TYPE_DISK;
6695 break;
6696 case BLK_ZONED_HM:
6697 sdebug_ptype = TYPE_ZBC;
6698 break;
6699 default:
6700 pr_err("Invalid ZBC model\n");
6701 return -EINVAL;
6702 }
6703 }
6704 if (sdeb_zbc_model != BLK_ZONED_NONE) {
6705 sdeb_zbc_in_use = true;
6706 if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
6707 sdebug_dev_size_mb = DEF_ZBC_DEV_SIZE_MB;
6708 }
6709
6710 if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
6711 sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
6712 if (sdebug_dev_size_mb < 1)
6713 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
6714 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
6715 sdebug_store_sectors = sz / sdebug_sector_size;
6716 sdebug_capacity = get_sdebug_capacity();
6717
6718 /* play around with geometry, don't waste too much on track 0 */
6719 sdebug_heads = 8;
6720 sdebug_sectors_per = 32;
6721 if (sdebug_dev_size_mb >= 256)
6722 sdebug_heads = 64;
6723 else if (sdebug_dev_size_mb >= 16)
6724 sdebug_heads = 32;
6725 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
6726 (sdebug_sectors_per * sdebug_heads);
6727 if (sdebug_cylinders_per >= 1024) {
6728 /* other LLDs do this; implies >= 1GB ram disk ... */
6729 sdebug_heads = 255;
6730 sdebug_sectors_per = 63;
6731 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
6732 (sdebug_sectors_per * sdebug_heads);
6733 }
6734 if (scsi_debug_lbp()) {
6735 sdebug_unmap_max_blocks =
6736 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
6737
6738 sdebug_unmap_max_desc =
6739 clamp(sdebug_unmap_max_desc, 0U, 256U);
6740
6741 sdebug_unmap_granularity =
6742 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
6743
6744 if (sdebug_unmap_alignment &&
6745 sdebug_unmap_granularity <=
6746 sdebug_unmap_alignment) {
6747 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
6748 ret = -EINVAL;
6749 goto free_q_arr;
6750 }
6751 }
6752 xa_init_flags(per_store_ap, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
6753 if (want_store) {
6754 idx = sdebug_add_store();
6755 if (idx < 0) {
6756 ret = idx;
6757 goto free_q_arr;
6758 }
6759 }
6760
6761 pseudo_primary = root_device_register("pseudo_0");
6762 if (IS_ERR(pseudo_primary)) {
6763 pr_warn("root_device_register() error\n");
6764 ret = PTR_ERR(pseudo_primary);
6765 goto free_vm;
6766 }
6767 ret = bus_register(&pseudo_lld_bus);
6768 if (ret < 0) {
6769 pr_warn("bus_register error: %d\n", ret);
6770 goto dev_unreg;
6771 }
6772 ret = driver_register(&sdebug_driverfs_driver);
6773 if (ret < 0) {
6774 pr_warn("driver_register error: %d\n", ret);
6775 goto bus_unreg;
6776 }
6777
6778 hosts_to_add = sdebug_add_host;
6779 sdebug_add_host = 0;
6780
6781 for (k = 0; k < hosts_to_add; k++) {
6782 if (want_store && k == 0) {
6783 ret = sdebug_add_host_helper(idx);
6784 if (ret < 0) {
6785 pr_err("add_host_helper k=%d, error=%d\n",
6786 k, -ret);
6787 break;
6788 }
6789 } else {
6790 ret = sdebug_do_add_host(want_store &&
6791 sdebug_per_host_store);
6792 if (ret < 0) {
6793 pr_err("add_host k=%d error=%d\n", k, -ret);
6794 break;
6795 }
6796 }
6797 }
6798 if (sdebug_verbose)
6799 pr_info("built %d host(s)\n", sdebug_num_hosts);
6800
6801 return 0;
6802
6803bus_unreg:
6804 bus_unregister(&pseudo_lld_bus);
6805dev_unreg:
6806 root_device_unregister(pseudo_primary);
6807free_vm:
6808 sdebug_erase_store(idx, NULL);
6809free_q_arr:
6810 kfree(sdebug_q_arr);
6811 return ret;
6812}
6813
6814static void __exit scsi_debug_exit(void)
6815{
6816 int k = sdebug_num_hosts;
6817
6818 stop_all_queued();
6819 for (; k; k--)
6820 sdebug_do_remove_host(true);
6821 free_all_queued();
6822 driver_unregister(&sdebug_driverfs_driver);
6823 bus_unregister(&pseudo_lld_bus);
6824 root_device_unregister(pseudo_primary);
6825
6826 sdebug_erase_all_stores(false);
6827 xa_destroy(per_store_ap);
6828}
6829
6830device_initcall(scsi_debug_init);
6831module_exit(scsi_debug_exit);
6832
6833static void sdebug_release_adapter(struct device *dev)
6834{
6835 struct sdebug_host_info *sdbg_host;
6836
6837 sdbg_host = to_sdebug_host(dev);
6838 kfree(sdbg_host);
6839}
6840
6841/* idx must be valid, if sip is NULL then it will be obtained using idx */
6842static void sdebug_erase_store(int idx, struct sdeb_store_info *sip)
6843{
6844 if (idx < 0)
6845 return;
6846 if (!sip) {
6847 if (xa_empty(per_store_ap))
6848 return;
6849 sip = xa_load(per_store_ap, idx);
6850 if (!sip)
6851 return;
6852 }
6853 vfree(sip->map_storep);
6854 vfree(sip->dif_storep);
6855 vfree(sip->storep);
6856 xa_erase(per_store_ap, idx);
6857 kfree(sip);
6858}
6859
6860/* Assume apart_from_first==false only in shutdown case. */
6861static void sdebug_erase_all_stores(bool apart_from_first)
6862{
6863 unsigned long idx;
6864 struct sdeb_store_info *sip = NULL;
6865
6866 xa_for_each(per_store_ap, idx, sip) {
6867 if (apart_from_first)
6868 apart_from_first = false;
6869 else
6870 sdebug_erase_store(idx, sip);
6871 }
6872 if (apart_from_first)
6873 sdeb_most_recent_idx = sdeb_first_idx;
6874}
6875
6876/*
6877 * Returns store xarray new element index (idx) if >=0 else negated errno.
6878 * Limit the number of stores to 65536.
6879 */
6880static int sdebug_add_store(void)
6881{
6882 int res;
6883 u32 n_idx;
6884 unsigned long iflags;
6885 unsigned long sz = (unsigned long)sdebug_dev_size_mb * 1048576;
6886 struct sdeb_store_info *sip = NULL;
6887 struct xa_limit xal = { .max = 1 << 16, .min = 0 };
6888
6889 sip = kzalloc(sizeof(*sip), GFP_KERNEL);
6890 if (!sip)
6891 return -ENOMEM;
6892
6893 xa_lock_irqsave(per_store_ap, iflags);
6894 res = __xa_alloc(per_store_ap, &n_idx, sip, xal, GFP_ATOMIC);
6895 if (unlikely(res < 0)) {
6896 xa_unlock_irqrestore(per_store_ap, iflags);
6897 kfree(sip);
6898 pr_warn("%s: xa_alloc() errno=%d\n", __func__, -res);
6899 return res;
6900 }
6901 sdeb_most_recent_idx = n_idx;
6902 if (sdeb_first_idx < 0)
6903 sdeb_first_idx = n_idx;
6904 xa_unlock_irqrestore(per_store_ap, iflags);
6905
6906 res = -ENOMEM;
6907 sip->storep = vzalloc(sz);
6908 if (!sip->storep) {
6909 pr_err("user data oom\n");
6910 goto err;
6911 }
6912 if (sdebug_num_parts > 0)
6913 sdebug_build_parts(sip->storep, sz);
6914
6915 /* DIF/DIX: what T10 calls Protection Information (PI) */
6916 if (sdebug_dix) {
6917 int dif_size;
6918
6919 dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
6920 sip->dif_storep = vmalloc(dif_size);
6921
6922 pr_info("dif_storep %u bytes @ %pK\n", dif_size,
6923 sip->dif_storep);
6924
6925 if (!sip->dif_storep) {
6926 pr_err("DIX oom\n");
6927 goto err;
6928 }
6929 memset(sip->dif_storep, 0xff, dif_size);
6930 }
6931 /* Logical Block Provisioning */
6932 if (scsi_debug_lbp()) {
6933 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
6934 sip->map_storep = vmalloc(array_size(sizeof(long),
6935 BITS_TO_LONGS(map_size)));
6936
6937 pr_info("%lu provisioning blocks\n", map_size);
6938
6939 if (!sip->map_storep) {
6940 pr_err("LBP map oom\n");
6941 goto err;
6942 }
6943
6944 bitmap_zero(sip->map_storep, map_size);
6945
6946 /* Map first 1KB for partition table */
6947 if (sdebug_num_parts)
6948 map_region(sip, 0, 2);
6949 }
6950
6951 rwlock_init(&sip->macc_lck);
6952 return (int)n_idx;
6953err:
6954 sdebug_erase_store((int)n_idx, sip);
6955 pr_warn("%s: failed, errno=%d\n", __func__, -res);
6956 return res;
6957}
6958
6959static int sdebug_add_host_helper(int per_host_idx)
6960{
6961 int k, devs_per_host, idx;
6962 int error = -ENOMEM;
6963 struct sdebug_host_info *sdbg_host;
6964 struct sdebug_dev_info *sdbg_devinfo, *tmp;
6965
6966 sdbg_host = kzalloc(sizeof(*sdbg_host), GFP_KERNEL);
6967 if (!sdbg_host)
6968 return -ENOMEM;
6969 idx = (per_host_idx < 0) ? sdeb_first_idx : per_host_idx;
6970 if (xa_get_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE))
6971 xa_clear_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
6972 sdbg_host->si_idx = idx;
6973
6974 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
6975
6976 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
6977 for (k = 0; k < devs_per_host; k++) {
6978 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
6979 if (!sdbg_devinfo)
6980 goto clean;
6981 }
6982
6983 spin_lock(&sdebug_host_list_lock);
6984 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
6985 spin_unlock(&sdebug_host_list_lock);
6986
6987 sdbg_host->dev.bus = &pseudo_lld_bus;
6988 sdbg_host->dev.parent = pseudo_primary;
6989 sdbg_host->dev.release = &sdebug_release_adapter;
6990 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_num_hosts);
6991
6992 error = device_register(&sdbg_host->dev);
6993 if (error)
6994 goto clean;
6995
6996 ++sdebug_num_hosts;
6997 return 0;
6998
6999clean:
7000 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
7001 dev_list) {
7002 list_del(&sdbg_devinfo->dev_list);
7003 kfree(sdbg_devinfo->zstate);
7004 kfree(sdbg_devinfo);
7005 }
7006 kfree(sdbg_host);
7007 pr_warn("%s: failed, errno=%d\n", __func__, -error);
7008 return error;
7009}
7010
7011static int sdebug_do_add_host(bool mk_new_store)
7012{
7013 int ph_idx = sdeb_most_recent_idx;
7014
7015 if (mk_new_store) {
7016 ph_idx = sdebug_add_store();
7017 if (ph_idx < 0)
7018 return ph_idx;
7019 }
7020 return sdebug_add_host_helper(ph_idx);
7021}
7022
7023static void sdebug_do_remove_host(bool the_end)
7024{
7025 int idx = -1;
7026 struct sdebug_host_info *sdbg_host = NULL;
7027 struct sdebug_host_info *sdbg_host2;
7028
7029 spin_lock(&sdebug_host_list_lock);
7030 if (!list_empty(&sdebug_host_list)) {
7031 sdbg_host = list_entry(sdebug_host_list.prev,
7032 struct sdebug_host_info, host_list);
7033 idx = sdbg_host->si_idx;
7034 }
7035 if (!the_end && idx >= 0) {
7036 bool unique = true;
7037
7038 list_for_each_entry(sdbg_host2, &sdebug_host_list, host_list) {
7039 if (sdbg_host2 == sdbg_host)
7040 continue;
7041 if (idx == sdbg_host2->si_idx) {
7042 unique = false;
7043 break;
7044 }
7045 }
7046 if (unique) {
7047 xa_set_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
7048 if (idx == sdeb_most_recent_idx)
7049 --sdeb_most_recent_idx;
7050 }
7051 }
7052 if (sdbg_host)
7053 list_del(&sdbg_host->host_list);
7054 spin_unlock(&sdebug_host_list_lock);
7055
7056 if (!sdbg_host)
7057 return;
7058
7059 device_unregister(&sdbg_host->dev);
7060 --sdebug_num_hosts;
7061}
7062
7063static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
7064{
7065 int num_in_q = 0;
7066 struct sdebug_dev_info *devip;
7067
7068 block_unblock_all_queues(true);
7069 devip = (struct sdebug_dev_info *)sdev->hostdata;
7070 if (NULL == devip) {
7071 block_unblock_all_queues(false);
7072 return -ENODEV;
7073 }
7074 num_in_q = atomic_read(&devip->num_in_q);
7075
7076 if (qdepth < 1)
7077 qdepth = 1;
7078 /* allow to exceed max host qc_arr elements for testing */
7079 if (qdepth > SDEBUG_CANQUEUE + 10)
7080 qdepth = SDEBUG_CANQUEUE + 10;
7081 scsi_change_queue_depth(sdev, qdepth);
7082
7083 if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
7084 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
7085 __func__, qdepth, num_in_q);
7086 }
7087 block_unblock_all_queues(false);
7088 return sdev->queue_depth;
7089}
7090
7091static bool fake_timeout(struct scsi_cmnd *scp)
7092{
7093 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
7094 if (sdebug_every_nth < -1)
7095 sdebug_every_nth = -1;
7096 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
7097 return true; /* ignore command causing timeout */
7098 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
7099 scsi_medium_access_command(scp))
7100 return true; /* time out reads and writes */
7101 }
7102 return false;
7103}
7104
7105/* Response to TUR or media access command when device stopped */
7106static int resp_not_ready(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
7107{
7108 int stopped_state;
7109 u64 diff_ns = 0;
7110 ktime_t now_ts = ktime_get_boottime();
7111 struct scsi_device *sdp = scp->device;
7112
7113 stopped_state = atomic_read(&devip->stopped);
7114 if (stopped_state == 2) {
7115 if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
7116 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
7117 if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
7118 /* tur_ms_to_ready timer extinguished */
7119 atomic_set(&devip->stopped, 0);
7120 return 0;
7121 }
7122 }
7123 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x1);
7124 if (sdebug_verbose)
7125 sdev_printk(KERN_INFO, sdp,
7126 "%s: Not ready: in process of becoming ready\n", my_name);
7127 if (scp->cmnd[0] == TEST_UNIT_READY) {
7128 u64 tur_nanosecs_to_ready = (u64)sdeb_tur_ms_to_ready * 1000000;
7129
7130 if (diff_ns <= tur_nanosecs_to_ready)
7131 diff_ns = tur_nanosecs_to_ready - diff_ns;
7132 else
7133 diff_ns = tur_nanosecs_to_ready;
7134 /* As per 20-061r2 approved for spc6 by T10 on 20200716 */
7135 do_div(diff_ns, 1000000); /* diff_ns becomes milliseconds */
7136 scsi_set_sense_information(scp->sense_buffer, SCSI_SENSE_BUFFERSIZE,
7137 diff_ns);
7138 return check_condition_result;
7139 }
7140 }
7141 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
7142 if (sdebug_verbose)
7143 sdev_printk(KERN_INFO, sdp, "%s: Not ready: initializing command required\n",
7144 my_name);
7145 return check_condition_result;
7146}
7147
7148static int scsi_debug_queuecommand(struct Scsi_Host *shost,
7149 struct scsi_cmnd *scp)
7150{
7151 u8 sdeb_i;
7152 struct scsi_device *sdp = scp->device;
7153 const struct opcode_info_t *oip;
7154 const struct opcode_info_t *r_oip;
7155 struct sdebug_dev_info *devip;
7156 u8 *cmd = scp->cmnd;
7157 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
7158 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *) = NULL;
7159 int k, na;
7160 int errsts = 0;
7161 u32 flags;
7162 u16 sa;
7163 u8 opcode = cmd[0];
7164 bool has_wlun_rl;
7165 bool inject_now;
7166
7167 scsi_set_resid(scp, 0);
7168 if (sdebug_statistics) {
7169 atomic_inc(&sdebug_cmnd_count);
7170 inject_now = inject_on_this_cmd();
7171 } else {
7172 inject_now = false;
7173 }
7174 if (unlikely(sdebug_verbose &&
7175 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
7176 char b[120];
7177 int n, len, sb;
7178
7179 len = scp->cmd_len;
7180 sb = (int)sizeof(b);
7181 if (len > 32)
7182 strcpy(b, "too long, over 32 bytes");
7183 else {
7184 for (k = 0, n = 0; k < len && n < sb; ++k)
7185 n += scnprintf(b + n, sb - n, "%02x ",
7186 (u32)cmd[k]);
7187 }
7188 sdev_printk(KERN_INFO, sdp, "%s: tag=%#x, cmd %s\n", my_name,
7189 blk_mq_unique_tag(scp->request), b);
7190 }
7191 if (unlikely(inject_now && (sdebug_opts & SDEBUG_OPT_HOST_BUSY)))
7192 return SCSI_MLQUEUE_HOST_BUSY;
7193 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
7194 if (unlikely((sdp->lun >= sdebug_max_luns) && !has_wlun_rl))
7195 goto err_out;
7196
7197 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
7198 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
7199 devip = (struct sdebug_dev_info *)sdp->hostdata;
7200 if (unlikely(!devip)) {
7201 devip = find_build_dev_info(sdp);
7202 if (NULL == devip)
7203 goto err_out;
7204 }
7205 if (unlikely(inject_now && !atomic_read(&sdeb_inject_pending)))
7206 atomic_set(&sdeb_inject_pending, 1);
7207
7208 na = oip->num_attached;
7209 r_pfp = oip->pfp;
7210 if (na) { /* multiple commands with this opcode */
7211 r_oip = oip;
7212 if (FF_SA & r_oip->flags) {
7213 if (F_SA_LOW & oip->flags)
7214 sa = 0x1f & cmd[1];
7215 else
7216 sa = get_unaligned_be16(cmd + 8);
7217 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
7218 if (opcode == oip->opcode && sa == oip->sa)
7219 break;
7220 }
7221 } else { /* since no service action only check opcode */
7222 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
7223 if (opcode == oip->opcode)
7224 break;
7225 }
7226 }
7227 if (k > na) {
7228 if (F_SA_LOW & r_oip->flags)
7229 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
7230 else if (F_SA_HIGH & r_oip->flags)
7231 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
7232 else
7233 mk_sense_invalid_opcode(scp);
7234 goto check_cond;
7235 }
7236 } /* else (when na==0) we assume the oip is a match */
7237 flags = oip->flags;
7238 if (unlikely(F_INV_OP & flags)) {
7239 mk_sense_invalid_opcode(scp);
7240 goto check_cond;
7241 }
7242 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
7243 if (sdebug_verbose)
7244 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
7245 my_name, opcode, " supported for wlun");
7246 mk_sense_invalid_opcode(scp);
7247 goto check_cond;
7248 }
7249 if (unlikely(sdebug_strict)) { /* check cdb against mask */
7250 u8 rem;
7251 int j;
7252
7253 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
7254 rem = ~oip->len_mask[k] & cmd[k];
7255 if (rem) {
7256 for (j = 7; j >= 0; --j, rem <<= 1) {
7257 if (0x80 & rem)
7258 break;
7259 }
7260 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
7261 goto check_cond;
7262 }
7263 }
7264 }
7265 if (unlikely(!(F_SKIP_UA & flags) &&
7266 find_first_bit(devip->uas_bm,
7267 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
7268 errsts = make_ua(scp, devip);
7269 if (errsts)
7270 goto check_cond;
7271 }
7272 if (unlikely(((F_M_ACCESS & flags) || scp->cmnd[0] == TEST_UNIT_READY) &&
7273 atomic_read(&devip->stopped))) {
7274 errsts = resp_not_ready(scp, devip);
7275 if (errsts)
7276 goto fini;
7277 }
7278 if (sdebug_fake_rw && (F_FAKE_RW & flags))
7279 goto fini;
7280 if (unlikely(sdebug_every_nth)) {
7281 if (fake_timeout(scp))
7282 return 0; /* ignore command: make trouble */
7283 }
7284 if (likely(oip->pfp))
7285 pfp = oip->pfp; /* calls a resp_* function */
7286 else
7287 pfp = r_pfp; /* if leaf function ptr NULL, try the root's */
7288
7289fini:
7290 if (F_DELAY_OVERR & flags) /* cmds like INQUIRY respond asap */
7291 return schedule_resp(scp, devip, errsts, pfp, 0, 0);
7292 else if ((flags & F_LONG_DELAY) && (sdebug_jdelay > 0 ||
7293 sdebug_ndelay > 10000)) {
7294 /*
7295 * Skip long delays if ndelay <= 10 microseconds. Otherwise
7296 * for Start Stop Unit (SSU) want at least 1 second delay and
7297 * if sdebug_jdelay>1 want a long delay of that many seconds.
7298 * For Synchronize Cache want 1/20 of SSU's delay.
7299 */
7300 int jdelay = (sdebug_jdelay < 2) ? 1 : sdebug_jdelay;
7301 int denom = (flags & F_SYNC_DELAY) ? 20 : 1;
7302
7303 jdelay = mult_frac(USER_HZ * jdelay, HZ, denom * USER_HZ);
7304 return schedule_resp(scp, devip, errsts, pfp, jdelay, 0);
7305 } else
7306 return schedule_resp(scp, devip, errsts, pfp, sdebug_jdelay,
7307 sdebug_ndelay);
7308check_cond:
7309 return schedule_resp(scp, devip, check_condition_result, NULL, 0, 0);
7310err_out:
7311 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, NULL, 0, 0);
7312}
7313
7314static struct scsi_host_template sdebug_driver_template = {
7315 .show_info = scsi_debug_show_info,
7316 .write_info = scsi_debug_write_info,
7317 .proc_name = sdebug_proc_name,
7318 .name = "SCSI DEBUG",
7319 .info = scsi_debug_info,
7320 .slave_alloc = scsi_debug_slave_alloc,
7321 .slave_configure = scsi_debug_slave_configure,
7322 .slave_destroy = scsi_debug_slave_destroy,
7323 .ioctl = scsi_debug_ioctl,
7324 .queuecommand = scsi_debug_queuecommand,
7325 .change_queue_depth = sdebug_change_qdepth,
7326 .eh_abort_handler = scsi_debug_abort,
7327 .eh_device_reset_handler = scsi_debug_device_reset,
7328 .eh_target_reset_handler = scsi_debug_target_reset,
7329 .eh_bus_reset_handler = scsi_debug_bus_reset,
7330 .eh_host_reset_handler = scsi_debug_host_reset,
7331 .can_queue = SDEBUG_CANQUEUE,
7332 .this_id = 7,
7333 .sg_tablesize = SG_MAX_SEGMENTS,
7334 .cmd_per_lun = DEF_CMD_PER_LUN,
7335 .max_sectors = -1U,
7336 .max_segment_size = -1U,
7337 .module = THIS_MODULE,
7338 .track_queue_depth = 1,
7339};
7340
7341static int sdebug_driver_probe(struct device *dev)
7342{
7343 int error = 0;
7344 struct sdebug_host_info *sdbg_host;
7345 struct Scsi_Host *hpnt;
7346 int hprot;
7347
7348 sdbg_host = to_sdebug_host(dev);
7349
7350 if (sdebug_host_max_queue)
7351 sdebug_driver_template.can_queue = sdebug_host_max_queue;
7352 else
7353 sdebug_driver_template.can_queue = sdebug_max_queue;
7354 if (!sdebug_clustering)
7355 sdebug_driver_template.dma_boundary = PAGE_SIZE - 1;
7356
7357 hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
7358 if (NULL == hpnt) {
7359 pr_err("scsi_host_alloc failed\n");
7360 error = -ENODEV;
7361 return error;
7362 }
7363 if (submit_queues > nr_cpu_ids) {
7364 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%u\n",
7365 my_name, submit_queues, nr_cpu_ids);
7366 submit_queues = nr_cpu_ids;
7367 }
7368 /*
7369 * Decide whether to tell scsi subsystem that we want mq. The
7370 * following should give the same answer for each host. If the host
7371 * has a limit of hostwide max commands, then do not set.
7372 */
7373 if (!sdebug_host_max_queue)
7374 hpnt->nr_hw_queues = submit_queues;
7375
7376 sdbg_host->shost = hpnt;
7377 *((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
7378 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
7379 hpnt->max_id = sdebug_num_tgts + 1;
7380 else
7381 hpnt->max_id = sdebug_num_tgts;
7382 /* = sdebug_max_luns; */
7383 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
7384
7385 hprot = 0;
7386
7387 switch (sdebug_dif) {
7388
7389 case T10_PI_TYPE1_PROTECTION:
7390 hprot = SHOST_DIF_TYPE1_PROTECTION;
7391 if (sdebug_dix)
7392 hprot |= SHOST_DIX_TYPE1_PROTECTION;
7393 break;
7394
7395 case T10_PI_TYPE2_PROTECTION:
7396 hprot = SHOST_DIF_TYPE2_PROTECTION;
7397 if (sdebug_dix)
7398 hprot |= SHOST_DIX_TYPE2_PROTECTION;
7399 break;
7400
7401 case T10_PI_TYPE3_PROTECTION:
7402 hprot = SHOST_DIF_TYPE3_PROTECTION;
7403 if (sdebug_dix)
7404 hprot |= SHOST_DIX_TYPE3_PROTECTION;
7405 break;
7406
7407 default:
7408 if (sdebug_dix)
7409 hprot |= SHOST_DIX_TYPE0_PROTECTION;
7410 break;
7411 }
7412
7413 scsi_host_set_prot(hpnt, hprot);
7414
7415 if (have_dif_prot || sdebug_dix)
7416 pr_info("host protection%s%s%s%s%s%s%s\n",
7417 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
7418 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
7419 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
7420 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
7421 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
7422 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
7423 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
7424
7425 if (sdebug_guard == 1)
7426 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
7427 else
7428 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
7429
7430 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
7431 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
7432 if (sdebug_every_nth) /* need stats counters for every_nth */
7433 sdebug_statistics = true;
7434 error = scsi_add_host(hpnt, &sdbg_host->dev);
7435 if (error) {
7436 pr_err("scsi_add_host failed\n");
7437 error = -ENODEV;
7438 scsi_host_put(hpnt);
7439 } else {
7440 scsi_scan_host(hpnt);
7441 }
7442
7443 return error;
7444}
7445
7446static int sdebug_driver_remove(struct device *dev)
7447{
7448 struct sdebug_host_info *sdbg_host;
7449 struct sdebug_dev_info *sdbg_devinfo, *tmp;
7450
7451 sdbg_host = to_sdebug_host(dev);
7452
7453 if (!sdbg_host) {
7454 pr_err("Unable to locate host info\n");
7455 return -ENODEV;
7456 }
7457
7458 scsi_remove_host(sdbg_host->shost);
7459
7460 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
7461 dev_list) {
7462 list_del(&sdbg_devinfo->dev_list);
7463 kfree(sdbg_devinfo->zstate);
7464 kfree(sdbg_devinfo);
7465 }
7466
7467 scsi_host_put(sdbg_host->shost);
7468 return 0;
7469}
7470
7471static int pseudo_lld_bus_match(struct device *dev,
7472 struct device_driver *dev_driver)
7473{
7474 return 1;
7475}
7476
7477static struct bus_type pseudo_lld_bus = {
7478 .name = "pseudo",
7479 .match = pseudo_lld_bus_match,
7480 .probe = sdebug_driver_probe,
7481 .remove = sdebug_driver_remove,
7482 .drv_groups = sdebug_drv_groups,
7483};
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
4 * Copyright (C) 1992 Eric Youngdale
5 * Simulate a host adapter with 2 disks attached. Do a lot of checking
6 * to make sure that we are not getting blocks mixed up, and PANIC if
7 * anything out of the ordinary is seen.
8 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9 *
10 * Copyright (C) 2001 - 2018 Douglas Gilbert
11 *
12 * For documentation see http://sg.danny.cz/sg/sdebug26.html
13 */
14
15
16#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
17
18#include <linux/module.h>
19
20#include <linux/kernel.h>
21#include <linux/errno.h>
22#include <linux/jiffies.h>
23#include <linux/slab.h>
24#include <linux/types.h>
25#include <linux/string.h>
26#include <linux/genhd.h>
27#include <linux/fs.h>
28#include <linux/init.h>
29#include <linux/proc_fs.h>
30#include <linux/vmalloc.h>
31#include <linux/moduleparam.h>
32#include <linux/scatterlist.h>
33#include <linux/blkdev.h>
34#include <linux/crc-t10dif.h>
35#include <linux/spinlock.h>
36#include <linux/interrupt.h>
37#include <linux/atomic.h>
38#include <linux/hrtimer.h>
39#include <linux/uuid.h>
40#include <linux/t10-pi.h>
41
42#include <net/checksum.h>
43
44#include <asm/unaligned.h>
45
46#include <scsi/scsi.h>
47#include <scsi/scsi_cmnd.h>
48#include <scsi/scsi_device.h>
49#include <scsi/scsi_host.h>
50#include <scsi/scsicam.h>
51#include <scsi/scsi_eh.h>
52#include <scsi/scsi_tcq.h>
53#include <scsi/scsi_dbg.h>
54
55#include "sd.h"
56#include "scsi_logging.h"
57
58/* make sure inq_product_rev string corresponds to this version */
59#define SDEBUG_VERSION "0188" /* format to fit INQUIRY revision field */
60static const char *sdebug_version_date = "20190125";
61
62#define MY_NAME "scsi_debug"
63
64/* Additional Sense Code (ASC) */
65#define NO_ADDITIONAL_SENSE 0x0
66#define LOGICAL_UNIT_NOT_READY 0x4
67#define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
68#define UNRECOVERED_READ_ERR 0x11
69#define PARAMETER_LIST_LENGTH_ERR 0x1a
70#define INVALID_OPCODE 0x20
71#define LBA_OUT_OF_RANGE 0x21
72#define INVALID_FIELD_IN_CDB 0x24
73#define INVALID_FIELD_IN_PARAM_LIST 0x26
74#define WRITE_PROTECTED 0x27
75#define UA_RESET_ASC 0x29
76#define UA_CHANGED_ASC 0x2a
77#define TARGET_CHANGED_ASC 0x3f
78#define LUNS_CHANGED_ASCQ 0x0e
79#define INSUFF_RES_ASC 0x55
80#define INSUFF_RES_ASCQ 0x3
81#define POWER_ON_RESET_ASCQ 0x0
82#define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
83#define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
84#define CAPACITY_CHANGED_ASCQ 0x9
85#define SAVING_PARAMS_UNSUP 0x39
86#define TRANSPORT_PROBLEM 0x4b
87#define THRESHOLD_EXCEEDED 0x5d
88#define LOW_POWER_COND_ON 0x5e
89#define MISCOMPARE_VERIFY_ASC 0x1d
90#define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
91#define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
92#define WRITE_ERROR_ASC 0xc
93
94/* Additional Sense Code Qualifier (ASCQ) */
95#define ACK_NAK_TO 0x3
96
97/* Default values for driver parameters */
98#define DEF_NUM_HOST 1
99#define DEF_NUM_TGTS 1
100#define DEF_MAX_LUNS 1
101/* With these defaults, this driver will make 1 host with 1 target
102 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
103 */
104#define DEF_ATO 1
105#define DEF_CDB_LEN 10
106#define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
107#define DEF_DEV_SIZE_MB 8
108#define DEF_DIF 0
109#define DEF_DIX 0
110#define DEF_D_SENSE 0
111#define DEF_EVERY_NTH 0
112#define DEF_FAKE_RW 0
113#define DEF_GUARD 0
114#define DEF_HOST_LOCK 0
115#define DEF_LBPU 0
116#define DEF_LBPWS 0
117#define DEF_LBPWS10 0
118#define DEF_LBPRZ 1
119#define DEF_LOWEST_ALIGNED 0
120#define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
121#define DEF_NO_LUN_0 0
122#define DEF_NUM_PARTS 0
123#define DEF_OPTS 0
124#define DEF_OPT_BLKS 1024
125#define DEF_PHYSBLK_EXP 0
126#define DEF_OPT_XFERLEN_EXP 0
127#define DEF_PTYPE TYPE_DISK
128#define DEF_REMOVABLE false
129#define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
130#define DEF_SECTOR_SIZE 512
131#define DEF_UNMAP_ALIGNMENT 0
132#define DEF_UNMAP_GRANULARITY 1
133#define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
134#define DEF_UNMAP_MAX_DESC 256
135#define DEF_VIRTUAL_GB 0
136#define DEF_VPD_USE_HOSTNO 1
137#define DEF_WRITESAME_LENGTH 0xFFFF
138#define DEF_STRICT 0
139#define DEF_STATISTICS false
140#define DEF_SUBMIT_QUEUES 1
141#define DEF_UUID_CTL 0
142#define JDELAY_OVERRIDDEN -9999
143
144#define SDEBUG_LUN_0_VAL 0
145
146/* bit mask values for sdebug_opts */
147#define SDEBUG_OPT_NOISE 1
148#define SDEBUG_OPT_MEDIUM_ERR 2
149#define SDEBUG_OPT_TIMEOUT 4
150#define SDEBUG_OPT_RECOVERED_ERR 8
151#define SDEBUG_OPT_TRANSPORT_ERR 16
152#define SDEBUG_OPT_DIF_ERR 32
153#define SDEBUG_OPT_DIX_ERR 64
154#define SDEBUG_OPT_MAC_TIMEOUT 128
155#define SDEBUG_OPT_SHORT_TRANSFER 0x100
156#define SDEBUG_OPT_Q_NOISE 0x200
157#define SDEBUG_OPT_ALL_TSF 0x400
158#define SDEBUG_OPT_RARE_TSF 0x800
159#define SDEBUG_OPT_N_WCE 0x1000
160#define SDEBUG_OPT_RESET_NOISE 0x2000
161#define SDEBUG_OPT_NO_CDB_NOISE 0x4000
162#define SDEBUG_OPT_HOST_BUSY 0x8000
163#define SDEBUG_OPT_CMD_ABORT 0x10000
164#define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
165 SDEBUG_OPT_RESET_NOISE)
166#define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
167 SDEBUG_OPT_TRANSPORT_ERR | \
168 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
169 SDEBUG_OPT_SHORT_TRANSFER | \
170 SDEBUG_OPT_HOST_BUSY | \
171 SDEBUG_OPT_CMD_ABORT)
172/* When "every_nth" > 0 then modulo "every_nth" commands:
173 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
174 * - a RECOVERED_ERROR is simulated on successful read and write
175 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
176 * - a TRANSPORT_ERROR is simulated on successful read and write
177 * commands if SDEBUG_OPT_TRANSPORT_ERR is set.
178 * - similarly for DIF_ERR, DIX_ERR, SHORT_TRANSFER, HOST_BUSY and
179 * CMD_ABORT
180 *
181 * When "every_nth" < 0 then after "- every_nth" commands the selected
182 * error will be injected. The error will be injected on every subsequent
183 * command until some other action occurs; for example, the user writing
184 * a new value (other than -1 or 1) to every_nth:
185 * echo 0 > /sys/bus/pseudo/drivers/scsi_debug/every_nth
186 */
187
188/* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
189 * priority order. In the subset implemented here lower numbers have higher
190 * priority. The UA numbers should be a sequence starting from 0 with
191 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
192#define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
193#define SDEBUG_UA_BUS_RESET 1
194#define SDEBUG_UA_MODE_CHANGED 2
195#define SDEBUG_UA_CAPACITY_CHANGED 3
196#define SDEBUG_UA_LUNS_CHANGED 4
197#define SDEBUG_UA_MICROCODE_CHANGED 5 /* simulate firmware change */
198#define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
199#define SDEBUG_NUM_UAS 7
200
201/* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
202 * sector on read commands: */
203#define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
204#define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
205
206/* If REPORT LUNS has luns >= 256 it can choose "flat space" (value 1)
207 * or "peripheral device" addressing (value 0) */
208#define SAM2_LUN_ADDRESS_METHOD 0
209
210/* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
211 * (for response) per submit queue at one time. Can be reduced by max_queue
212 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
213 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
214 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
215 * but cannot exceed SDEBUG_CANQUEUE .
216 */
217#define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
218#define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
219#define DEF_CMD_PER_LUN 255
220
221#define F_D_IN 1
222#define F_D_OUT 2
223#define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
224#define F_D_UNKN 8
225#define F_RL_WLUN_OK 0x10
226#define F_SKIP_UA 0x20
227#define F_DELAY_OVERR 0x40
228#define F_SA_LOW 0x80 /* cdb byte 1, bits 4 to 0 */
229#define F_SA_HIGH 0x100 /* as used by variable length cdbs */
230#define F_INV_OP 0x200
231#define F_FAKE_RW 0x400
232#define F_M_ACCESS 0x800 /* media access */
233#define F_SSU_DELAY 0x1000
234#define F_SYNC_DELAY 0x2000
235
236#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
237#define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
238#define FF_SA (F_SA_HIGH | F_SA_LOW)
239#define F_LONG_DELAY (F_SSU_DELAY | F_SYNC_DELAY)
240
241#define SDEBUG_MAX_PARTS 4
242
243#define SDEBUG_MAX_CMD_LEN 32
244
245
246struct sdebug_dev_info {
247 struct list_head dev_list;
248 unsigned int channel;
249 unsigned int target;
250 u64 lun;
251 uuid_t lu_name;
252 struct sdebug_host_info *sdbg_host;
253 unsigned long uas_bm[1];
254 atomic_t num_in_q;
255 atomic_t stopped;
256 bool used;
257};
258
259struct sdebug_host_info {
260 struct list_head host_list;
261 struct Scsi_Host *shost;
262 struct device dev;
263 struct list_head dev_info_list;
264};
265
266#define to_sdebug_host(d) \
267 container_of(d, struct sdebug_host_info, dev)
268
269enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
270 SDEB_DEFER_WQ = 2};
271
272struct sdebug_defer {
273 struct hrtimer hrt;
274 struct execute_work ew;
275 int sqa_idx; /* index of sdebug_queue array */
276 int qc_idx; /* index of sdebug_queued_cmd array within sqa_idx */
277 int issuing_cpu;
278 bool init_hrt;
279 bool init_wq;
280 bool aborted; /* true when blk_abort_request() already called */
281 enum sdeb_defer_type defer_t;
282};
283
284struct sdebug_queued_cmd {
285 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
286 * instance indicates this slot is in use.
287 */
288 struct sdebug_defer *sd_dp;
289 struct scsi_cmnd *a_cmnd;
290 unsigned int inj_recovered:1;
291 unsigned int inj_transport:1;
292 unsigned int inj_dif:1;
293 unsigned int inj_dix:1;
294 unsigned int inj_short:1;
295 unsigned int inj_host_busy:1;
296 unsigned int inj_cmd_abort:1;
297};
298
299struct sdebug_queue {
300 struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
301 unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
302 spinlock_t qc_lock;
303 atomic_t blocked; /* to temporarily stop more being queued */
304};
305
306static atomic_t sdebug_cmnd_count; /* number of incoming commands */
307static atomic_t sdebug_completions; /* count of deferred completions */
308static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
309static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
310
311struct opcode_info_t {
312 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
313 /* for terminating element */
314 u8 opcode; /* if num_attached > 0, preferred */
315 u16 sa; /* service action */
316 u32 flags; /* OR-ed set of SDEB_F_* */
317 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
318 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
319 u8 len_mask[16]; /* len_mask[0]-->cdb_len, then mask for cdb */
320 /* 1 to min(cdb_len, 15); ignore cdb[15...] */
321};
322
323/* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
324enum sdeb_opcode_index {
325 SDEB_I_INVALID_OPCODE = 0,
326 SDEB_I_INQUIRY = 1,
327 SDEB_I_REPORT_LUNS = 2,
328 SDEB_I_REQUEST_SENSE = 3,
329 SDEB_I_TEST_UNIT_READY = 4,
330 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
331 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
332 SDEB_I_LOG_SENSE = 7,
333 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
334 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
335 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
336 SDEB_I_START_STOP = 11,
337 SDEB_I_SERV_ACT_IN_16 = 12, /* add ...SERV_ACT_IN_12 if needed */
338 SDEB_I_SERV_ACT_OUT_16 = 13, /* add ...SERV_ACT_OUT_12 if needed */
339 SDEB_I_MAINT_IN = 14,
340 SDEB_I_MAINT_OUT = 15,
341 SDEB_I_VERIFY = 16, /* 10 only */
342 SDEB_I_VARIABLE_LEN = 17, /* READ(32), WRITE(32), WR_SCAT(32) */
343 SDEB_I_RESERVE = 18, /* 6, 10 */
344 SDEB_I_RELEASE = 19, /* 6, 10 */
345 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
346 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
347 SDEB_I_ATA_PT = 22, /* 12, 16 */
348 SDEB_I_SEND_DIAG = 23,
349 SDEB_I_UNMAP = 24,
350 SDEB_I_WRITE_BUFFER = 25,
351 SDEB_I_WRITE_SAME = 26, /* 10, 16 */
352 SDEB_I_SYNC_CACHE = 27, /* 10, 16 */
353 SDEB_I_COMP_WRITE = 28,
354 SDEB_I_LAST_ELEMENT = 29, /* keep this last (previous + 1) */
355};
356
357
358static const unsigned char opcode_ind_arr[256] = {
359/* 0x0; 0x0->0x1f: 6 byte cdbs */
360 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
361 0, 0, 0, 0,
362 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
363 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
364 SDEB_I_RELEASE,
365 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
366 SDEB_I_ALLOW_REMOVAL, 0,
367/* 0x20; 0x20->0x3f: 10 byte cdbs */
368 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
369 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
370 0, 0, 0, 0, 0, SDEB_I_SYNC_CACHE, 0, 0,
371 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
372/* 0x40; 0x40->0x5f: 10 byte cdbs */
373 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
374 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
375 0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
376 SDEB_I_RELEASE,
377 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
378/* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
379 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
380 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
381 0, SDEB_I_VARIABLE_LEN,
382/* 0x80; 0x80->0x9f: 16 byte cdbs */
383 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
384 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0, 0, 0, 0, 0,
385 0, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME, 0, 0, 0, 0,
386 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
387/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
388 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
389 SDEB_I_MAINT_OUT, 0, 0, 0,
390 SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
391 0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
392 0, 0, 0, 0, 0, 0, 0, 0,
393 0, 0, 0, 0, 0, 0, 0, 0,
394/* 0xc0; 0xc0->0xff: vendor specific */
395 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
396 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
397 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
398 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
399};
400
401/*
402 * The following "response" functions return the SCSI mid-level's 4 byte
403 * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
404 * command completion, they can mask their return value with
405 * SDEG_RES_IMMED_MASK .
406 */
407#define SDEG_RES_IMMED_MASK 0x40000000
408
409static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
410static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
411static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
412static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
413static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
414static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
415static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
416static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
417static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
418static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
419static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
420static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
421static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
422static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
423static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
424static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
425static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
426static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
427static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
428static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
429static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
430static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
431
432/*
433 * The following are overflow arrays for cdbs that "hit" the same index in
434 * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
435 * should be placed in opcode_info_arr[], the others should be placed here.
436 */
437static const struct opcode_info_t msense_iarr[] = {
438 {0, 0x1a, 0, F_D_IN, NULL, NULL,
439 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
440};
441
442static const struct opcode_info_t mselect_iarr[] = {
443 {0, 0x15, 0, F_D_OUT, NULL, NULL,
444 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
445};
446
447static const struct opcode_info_t read_iarr[] = {
448 {0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
449 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
450 0, 0, 0, 0} },
451 {0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
452 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
453 {0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
454 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
455 0xc7, 0, 0, 0, 0} },
456};
457
458static const struct opcode_info_t write_iarr[] = {
459 {0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(10) */
460 NULL, {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
461 0, 0, 0, 0, 0, 0} },
462 {0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(6) */
463 NULL, {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
464 0, 0, 0} },
465 {0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0, /* WRITE(12) */
466 NULL, {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
467 0xbf, 0xc7, 0, 0, 0, 0} },
468};
469
470static const struct opcode_info_t sa_in_16_iarr[] = {
471 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
472 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
473 0xff, 0xff, 0xff, 0, 0xc7} }, /* GET LBA STATUS(16) */
474};
475
476static const struct opcode_info_t vl_iarr[] = { /* VARIABLE LENGTH */
477 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
478 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
479 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
480 {0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
481 NULL, {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
482 0, 0xff, 0xff, 0x0, 0x0} }, /* WRITE SCATTERED(32) */
483};
484
485static const struct opcode_info_t maint_in_iarr[] = { /* MAINT IN */
486 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
487 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
488 0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
489 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
490 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
491 0, 0} }, /* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
492};
493
494static const struct opcode_info_t write_same_iarr[] = {
495 {0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
496 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
497 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* WRITE SAME(16) */
498};
499
500static const struct opcode_info_t reserve_iarr[] = {
501 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
502 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
503};
504
505static const struct opcode_info_t release_iarr[] = {
506 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
507 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
508};
509
510static const struct opcode_info_t sync_cache_iarr[] = {
511 {0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
512 {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
513 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* SYNC_CACHE (16) */
514};
515
516
517/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
518 * plus the terminating elements for logic that scans this table such as
519 * REPORT SUPPORTED OPERATION CODES. */
520static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = {
521/* 0 */
522 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* unknown opcodes */
523 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
524 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
525 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
526 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
527 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
528 0, 0} }, /* REPORT LUNS */
529 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
530 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
531 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
532 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
533/* 5 */
534 {ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN, /* MODE SENSE(10) */
535 resp_mode_sense, msense_iarr, {10, 0xf8, 0xff, 0xff, 0, 0, 0,
536 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
537 {ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT, /* MODE SELECT(10) */
538 resp_mode_select, mselect_iarr, {10, 0xf1, 0, 0, 0, 0, 0, 0xff,
539 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
540 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL, /* LOG SENSE */
541 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
542 0, 0, 0} },
543 {0, 0x25, 0, F_D_IN, resp_readcap, NULL, /* READ CAPACITY(10) */
544 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
545 0, 0} },
546 {ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
547 resp_read_dt0, read_iarr, {16, 0xfe, 0xff, 0xff, 0xff, 0xff,
548 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
549/* 10 */
550 {ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
551 resp_write_dt0, write_iarr, /* WRITE(16) */
552 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
553 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
554 {0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
555 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
556 {ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
557 resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
558 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
559 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
560 {0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
561 NULL, {16, 0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
562 0xff, 0xff, 0xff, 0xff, 0xc7} }, /* SA_OUT(16), WRITE SCAT(16) */
563 {ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
564 resp_report_tgtpgs, /* MAINT IN, REPORT TARGET PORT GROUPS */
565 maint_in_iarr, {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
566 0xff, 0, 0xc7, 0, 0, 0, 0} },
567/* 15 */
568 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
569 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
570 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, NULL, NULL, /* VERIFY(10) */
571 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7,
572 0, 0, 0, 0, 0, 0} },
573 {ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
574 resp_read_dt0, vl_iarr, /* VARIABLE LENGTH, READ(32) */
575 {32, 0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
576 0xff, 0xff} },
577 {ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
578 NULL, reserve_iarr, /* RESERVE(10) <no response function> */
579 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
580 0} },
581 {ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
582 NULL, release_iarr, /* RELEASE(10) <no response function> */
583 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
584 0} },
585/* 20 */
586 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
587 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
588 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
589 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
590 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
591 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
592 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
593 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
594 {0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
595 {10, 0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
596/* 25 */
597 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
598 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
599 0, 0, 0, 0} }, /* WRITE_BUFFER */
600 {ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
601 resp_write_same_10, write_same_iarr, /* WRITE SAME(10) */
602 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
603 0, 0, 0, 0, 0} },
604 {ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
605 resp_sync_cache, sync_cache_iarr,
606 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
607 0, 0, 0, 0} }, /* SYNC_CACHE (10) */
608 {0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
609 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
610 0, 0xff, 0x3f, 0xc7} }, /* COMPARE AND WRITE */
611
612/* 29 */
613 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
614 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
615};
616
617static int sdebug_add_host = DEF_NUM_HOST;
618static int sdebug_ato = DEF_ATO;
619static int sdebug_cdb_len = DEF_CDB_LEN;
620static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
621static int sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
622static int sdebug_dif = DEF_DIF;
623static int sdebug_dix = DEF_DIX;
624static int sdebug_dsense = DEF_D_SENSE;
625static int sdebug_every_nth = DEF_EVERY_NTH;
626static int sdebug_fake_rw = DEF_FAKE_RW;
627static unsigned int sdebug_guard = DEF_GUARD;
628static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
629static int sdebug_max_luns = DEF_MAX_LUNS;
630static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
631static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
632static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
633static atomic_t retired_max_queue; /* if > 0 then was prior max_queue */
634static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
635static int sdebug_no_lun_0 = DEF_NO_LUN_0;
636static int sdebug_no_uld;
637static int sdebug_num_parts = DEF_NUM_PARTS;
638static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
639static int sdebug_opt_blks = DEF_OPT_BLKS;
640static int sdebug_opts = DEF_OPTS;
641static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
642static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
643static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
644static int sdebug_scsi_level = DEF_SCSI_LEVEL;
645static int sdebug_sector_size = DEF_SECTOR_SIZE;
646static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
647static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
648static unsigned int sdebug_lbpu = DEF_LBPU;
649static unsigned int sdebug_lbpws = DEF_LBPWS;
650static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
651static unsigned int sdebug_lbprz = DEF_LBPRZ;
652static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
653static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
654static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
655static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
656static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
657static int sdebug_uuid_ctl = DEF_UUID_CTL;
658static bool sdebug_removable = DEF_REMOVABLE;
659static bool sdebug_clustering;
660static bool sdebug_host_lock = DEF_HOST_LOCK;
661static bool sdebug_strict = DEF_STRICT;
662static bool sdebug_any_injecting_opt;
663static bool sdebug_verbose;
664static bool have_dif_prot;
665static bool write_since_sync;
666static bool sdebug_statistics = DEF_STATISTICS;
667static bool sdebug_wp;
668
669static unsigned int sdebug_store_sectors;
670static sector_t sdebug_capacity; /* in sectors */
671
672/* old BIOS stuff, kernel may get rid of them but some mode sense pages
673 may still need them */
674static int sdebug_heads; /* heads per disk */
675static int sdebug_cylinders_per; /* cylinders per surface */
676static int sdebug_sectors_per; /* sectors per cylinder */
677
678static LIST_HEAD(sdebug_host_list);
679static DEFINE_SPINLOCK(sdebug_host_list_lock);
680
681static unsigned char *fake_storep; /* ramdisk storage */
682static struct t10_pi_tuple *dif_storep; /* protection info */
683static void *map_storep; /* provisioning map */
684
685static unsigned long map_size;
686static int num_aborts;
687static int num_dev_resets;
688static int num_target_resets;
689static int num_bus_resets;
690static int num_host_resets;
691static int dix_writes;
692static int dix_reads;
693static int dif_errors;
694
695static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
696static struct sdebug_queue *sdebug_q_arr; /* ptr to array of submit queues */
697
698static DEFINE_RWLOCK(atomic_rw);
699
700static char sdebug_proc_name[] = MY_NAME;
701static const char *my_name = MY_NAME;
702
703static struct bus_type pseudo_lld_bus;
704
705static struct device_driver sdebug_driverfs_driver = {
706 .name = sdebug_proc_name,
707 .bus = &pseudo_lld_bus,
708};
709
710static const int check_condition_result =
711 (DRIVER_SENSE << 24) | SAM_STAT_CHECK_CONDITION;
712
713static const int illegal_condition_result =
714 (DRIVER_SENSE << 24) | (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
715
716static const int device_qfull_result =
717 (DID_OK << 16) | (COMMAND_COMPLETE << 8) | SAM_STAT_TASK_SET_FULL;
718
719
720/* Only do the extra work involved in logical block provisioning if one or
721 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
722 * real reads and writes (i.e. not skipping them for speed).
723 */
724static inline bool scsi_debug_lbp(void)
725{
726 return 0 == sdebug_fake_rw &&
727 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
728}
729
730static void *lba2fake_store(unsigned long long lba)
731{
732 lba = do_div(lba, sdebug_store_sectors);
733
734 return fake_storep + lba * sdebug_sector_size;
735}
736
737static struct t10_pi_tuple *dif_store(sector_t sector)
738{
739 sector = sector_div(sector, sdebug_store_sectors);
740
741 return dif_storep + sector;
742}
743
744static void sdebug_max_tgts_luns(void)
745{
746 struct sdebug_host_info *sdbg_host;
747 struct Scsi_Host *hpnt;
748
749 spin_lock(&sdebug_host_list_lock);
750 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
751 hpnt = sdbg_host->shost;
752 if ((hpnt->this_id >= 0) &&
753 (sdebug_num_tgts > hpnt->this_id))
754 hpnt->max_id = sdebug_num_tgts + 1;
755 else
756 hpnt->max_id = sdebug_num_tgts;
757 /* sdebug_max_luns; */
758 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
759 }
760 spin_unlock(&sdebug_host_list_lock);
761}
762
763enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
764
765/* Set in_bit to -1 to indicate no bit position of invalid field */
766static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
767 enum sdeb_cmd_data c_d,
768 int in_byte, int in_bit)
769{
770 unsigned char *sbuff;
771 u8 sks[4];
772 int sl, asc;
773
774 sbuff = scp->sense_buffer;
775 if (!sbuff) {
776 sdev_printk(KERN_ERR, scp->device,
777 "%s: sense_buffer is NULL\n", __func__);
778 return;
779 }
780 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
781 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
782 scsi_build_sense_buffer(sdebug_dsense, sbuff, ILLEGAL_REQUEST, asc, 0);
783 memset(sks, 0, sizeof(sks));
784 sks[0] = 0x80;
785 if (c_d)
786 sks[0] |= 0x40;
787 if (in_bit >= 0) {
788 sks[0] |= 0x8;
789 sks[0] |= 0x7 & in_bit;
790 }
791 put_unaligned_be16(in_byte, sks + 1);
792 if (sdebug_dsense) {
793 sl = sbuff[7] + 8;
794 sbuff[7] = sl;
795 sbuff[sl] = 0x2;
796 sbuff[sl + 1] = 0x6;
797 memcpy(sbuff + sl + 4, sks, 3);
798 } else
799 memcpy(sbuff + 15, sks, 3);
800 if (sdebug_verbose)
801 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
802 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
803 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
804}
805
806static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
807{
808 unsigned char *sbuff;
809
810 sbuff = scp->sense_buffer;
811 if (!sbuff) {
812 sdev_printk(KERN_ERR, scp->device,
813 "%s: sense_buffer is NULL\n", __func__);
814 return;
815 }
816 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
817
818 scsi_build_sense_buffer(sdebug_dsense, sbuff, key, asc, asq);
819
820 if (sdebug_verbose)
821 sdev_printk(KERN_INFO, scp->device,
822 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
823 my_name, key, asc, asq);
824}
825
826static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
827{
828 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
829}
830
831static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
832 void __user *arg)
833{
834 if (sdebug_verbose) {
835 if (0x1261 == cmd)
836 sdev_printk(KERN_INFO, dev,
837 "%s: BLKFLSBUF [0x1261]\n", __func__);
838 else if (0x5331 == cmd)
839 sdev_printk(KERN_INFO, dev,
840 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
841 __func__);
842 else
843 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
844 __func__, cmd);
845 }
846 return -EINVAL;
847 /* return -ENOTTY; // correct return but upsets fdisk */
848}
849
850static void config_cdb_len(struct scsi_device *sdev)
851{
852 switch (sdebug_cdb_len) {
853 case 6: /* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
854 sdev->use_10_for_rw = false;
855 sdev->use_16_for_rw = false;
856 sdev->use_10_for_ms = false;
857 break;
858 case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
859 sdev->use_10_for_rw = true;
860 sdev->use_16_for_rw = false;
861 sdev->use_10_for_ms = false;
862 break;
863 case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
864 sdev->use_10_for_rw = true;
865 sdev->use_16_for_rw = false;
866 sdev->use_10_for_ms = true;
867 break;
868 case 16:
869 sdev->use_10_for_rw = false;
870 sdev->use_16_for_rw = true;
871 sdev->use_10_for_ms = true;
872 break;
873 case 32: /* No knobs to suggest this so same as 16 for now */
874 sdev->use_10_for_rw = false;
875 sdev->use_16_for_rw = true;
876 sdev->use_10_for_ms = true;
877 break;
878 default:
879 pr_warn("unexpected cdb_len=%d, force to 10\n",
880 sdebug_cdb_len);
881 sdev->use_10_for_rw = true;
882 sdev->use_16_for_rw = false;
883 sdev->use_10_for_ms = false;
884 sdebug_cdb_len = 10;
885 break;
886 }
887}
888
889static void all_config_cdb_len(void)
890{
891 struct sdebug_host_info *sdbg_host;
892 struct Scsi_Host *shost;
893 struct scsi_device *sdev;
894
895 spin_lock(&sdebug_host_list_lock);
896 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
897 shost = sdbg_host->shost;
898 shost_for_each_device(sdev, shost) {
899 config_cdb_len(sdev);
900 }
901 }
902 spin_unlock(&sdebug_host_list_lock);
903}
904
905static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
906{
907 struct sdebug_host_info *sdhp;
908 struct sdebug_dev_info *dp;
909
910 spin_lock(&sdebug_host_list_lock);
911 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
912 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
913 if ((devip->sdbg_host == dp->sdbg_host) &&
914 (devip->target == dp->target))
915 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
916 }
917 }
918 spin_unlock(&sdebug_host_list_lock);
919}
920
921static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
922{
923 int k;
924
925 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
926 if (k != SDEBUG_NUM_UAS) {
927 const char *cp = NULL;
928
929 switch (k) {
930 case SDEBUG_UA_POR:
931 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
932 POWER_ON_RESET_ASCQ);
933 if (sdebug_verbose)
934 cp = "power on reset";
935 break;
936 case SDEBUG_UA_BUS_RESET:
937 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
938 BUS_RESET_ASCQ);
939 if (sdebug_verbose)
940 cp = "bus reset";
941 break;
942 case SDEBUG_UA_MODE_CHANGED:
943 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
944 MODE_CHANGED_ASCQ);
945 if (sdebug_verbose)
946 cp = "mode parameters changed";
947 break;
948 case SDEBUG_UA_CAPACITY_CHANGED:
949 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
950 CAPACITY_CHANGED_ASCQ);
951 if (sdebug_verbose)
952 cp = "capacity data changed";
953 break;
954 case SDEBUG_UA_MICROCODE_CHANGED:
955 mk_sense_buffer(scp, UNIT_ATTENTION,
956 TARGET_CHANGED_ASC,
957 MICROCODE_CHANGED_ASCQ);
958 if (sdebug_verbose)
959 cp = "microcode has been changed";
960 break;
961 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
962 mk_sense_buffer(scp, UNIT_ATTENTION,
963 TARGET_CHANGED_ASC,
964 MICROCODE_CHANGED_WO_RESET_ASCQ);
965 if (sdebug_verbose)
966 cp = "microcode has been changed without reset";
967 break;
968 case SDEBUG_UA_LUNS_CHANGED:
969 /*
970 * SPC-3 behavior is to report a UNIT ATTENTION with
971 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
972 * on the target, until a REPORT LUNS command is
973 * received. SPC-4 behavior is to report it only once.
974 * NOTE: sdebug_scsi_level does not use the same
975 * values as struct scsi_device->scsi_level.
976 */
977 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
978 clear_luns_changed_on_target(devip);
979 mk_sense_buffer(scp, UNIT_ATTENTION,
980 TARGET_CHANGED_ASC,
981 LUNS_CHANGED_ASCQ);
982 if (sdebug_verbose)
983 cp = "reported luns data has changed";
984 break;
985 default:
986 pr_warn("unexpected unit attention code=%d\n", k);
987 if (sdebug_verbose)
988 cp = "unknown";
989 break;
990 }
991 clear_bit(k, devip->uas_bm);
992 if (sdebug_verbose)
993 sdev_printk(KERN_INFO, scp->device,
994 "%s reports: Unit attention: %s\n",
995 my_name, cp);
996 return check_condition_result;
997 }
998 return 0;
999}
1000
1001/* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1002static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1003 int arr_len)
1004{
1005 int act_len;
1006 struct scsi_data_buffer *sdb = &scp->sdb;
1007
1008 if (!sdb->length)
1009 return 0;
1010 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1011 return DID_ERROR << 16;
1012
1013 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1014 arr, arr_len);
1015 scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1016
1017 return 0;
1018}
1019
1020/* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1021 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1022 * calls, not required to write in ascending offset order. Assumes resid
1023 * set to scsi_bufflen() prior to any calls.
1024 */
1025static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1026 int arr_len, unsigned int off_dst)
1027{
1028 int act_len, n;
1029 struct scsi_data_buffer *sdb = &scp->sdb;
1030 off_t skip = off_dst;
1031
1032 if (sdb->length <= off_dst)
1033 return 0;
1034 if (scp->sc_data_direction != DMA_FROM_DEVICE)
1035 return DID_ERROR << 16;
1036
1037 act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1038 arr, arr_len, skip);
1039 pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1040 __func__, off_dst, scsi_bufflen(scp), act_len,
1041 scsi_get_resid(scp));
1042 n = (int)scsi_bufflen(scp) - ((int)off_dst + act_len);
1043 scsi_set_resid(scp, min(scsi_get_resid(scp), n));
1044 return 0;
1045}
1046
1047/* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1048 * 'arr' or -1 if error.
1049 */
1050static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1051 int arr_len)
1052{
1053 if (!scsi_bufflen(scp))
1054 return 0;
1055 if (scp->sc_data_direction != DMA_TO_DEVICE)
1056 return -1;
1057
1058 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1059}
1060
1061
1062static char sdebug_inq_vendor_id[9] = "Linux ";
1063static char sdebug_inq_product_id[17] = "scsi_debug ";
1064static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1065/* Use some locally assigned NAAs for SAS addresses. */
1066static const u64 naa3_comp_a = 0x3222222000000000ULL;
1067static const u64 naa3_comp_b = 0x3333333000000000ULL;
1068static const u64 naa3_comp_c = 0x3111111000000000ULL;
1069
1070/* Device identification VPD page. Returns number of bytes placed in arr */
1071static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1072 int target_dev_id, int dev_id_num,
1073 const char *dev_id_str, int dev_id_str_len,
1074 const uuid_t *lu_name)
1075{
1076 int num, port_a;
1077 char b[32];
1078
1079 port_a = target_dev_id + 1;
1080 /* T10 vendor identifier field format (faked) */
1081 arr[0] = 0x2; /* ASCII */
1082 arr[1] = 0x1;
1083 arr[2] = 0x0;
1084 memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1085 memcpy(&arr[12], sdebug_inq_product_id, 16);
1086 memcpy(&arr[28], dev_id_str, dev_id_str_len);
1087 num = 8 + 16 + dev_id_str_len;
1088 arr[3] = num;
1089 num += 4;
1090 if (dev_id_num >= 0) {
1091 if (sdebug_uuid_ctl) {
1092 /* Locally assigned UUID */
1093 arr[num++] = 0x1; /* binary (not necessarily sas) */
1094 arr[num++] = 0xa; /* PIV=0, lu, naa */
1095 arr[num++] = 0x0;
1096 arr[num++] = 0x12;
1097 arr[num++] = 0x10; /* uuid type=1, locally assigned */
1098 arr[num++] = 0x0;
1099 memcpy(arr + num, lu_name, 16);
1100 num += 16;
1101 } else {
1102 /* NAA-3, Logical unit identifier (binary) */
1103 arr[num++] = 0x1; /* binary (not necessarily sas) */
1104 arr[num++] = 0x3; /* PIV=0, lu, naa */
1105 arr[num++] = 0x0;
1106 arr[num++] = 0x8;
1107 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1108 num += 8;
1109 }
1110 /* Target relative port number */
1111 arr[num++] = 0x61; /* proto=sas, binary */
1112 arr[num++] = 0x94; /* PIV=1, target port, rel port */
1113 arr[num++] = 0x0; /* reserved */
1114 arr[num++] = 0x4; /* length */
1115 arr[num++] = 0x0; /* reserved */
1116 arr[num++] = 0x0; /* reserved */
1117 arr[num++] = 0x0;
1118 arr[num++] = 0x1; /* relative port A */
1119 }
1120 /* NAA-3, Target port identifier */
1121 arr[num++] = 0x61; /* proto=sas, binary */
1122 arr[num++] = 0x93; /* piv=1, target port, naa */
1123 arr[num++] = 0x0;
1124 arr[num++] = 0x8;
1125 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1126 num += 8;
1127 /* NAA-3, Target port group identifier */
1128 arr[num++] = 0x61; /* proto=sas, binary */
1129 arr[num++] = 0x95; /* piv=1, target port group id */
1130 arr[num++] = 0x0;
1131 arr[num++] = 0x4;
1132 arr[num++] = 0;
1133 arr[num++] = 0;
1134 put_unaligned_be16(port_group_id, arr + num);
1135 num += 2;
1136 /* NAA-3, Target device identifier */
1137 arr[num++] = 0x61; /* proto=sas, binary */
1138 arr[num++] = 0xa3; /* piv=1, target device, naa */
1139 arr[num++] = 0x0;
1140 arr[num++] = 0x8;
1141 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1142 num += 8;
1143 /* SCSI name string: Target device identifier */
1144 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1145 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1146 arr[num++] = 0x0;
1147 arr[num++] = 24;
1148 memcpy(arr + num, "naa.32222220", 12);
1149 num += 12;
1150 snprintf(b, sizeof(b), "%08X", target_dev_id);
1151 memcpy(arr + num, b, 8);
1152 num += 8;
1153 memset(arr + num, 0, 4);
1154 num += 4;
1155 return num;
1156}
1157
1158static unsigned char vpd84_data[] = {
1159/* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1160 0x22,0x22,0x22,0x0,0xbb,0x1,
1161 0x22,0x22,0x22,0x0,0xbb,0x2,
1162};
1163
1164/* Software interface identification VPD page */
1165static int inquiry_vpd_84(unsigned char *arr)
1166{
1167 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1168 return sizeof(vpd84_data);
1169}
1170
1171/* Management network addresses VPD page */
1172static int inquiry_vpd_85(unsigned char *arr)
1173{
1174 int num = 0;
1175 const char *na1 = "https://www.kernel.org/config";
1176 const char *na2 = "http://www.kernel.org/log";
1177 int plen, olen;
1178
1179 arr[num++] = 0x1; /* lu, storage config */
1180 arr[num++] = 0x0; /* reserved */
1181 arr[num++] = 0x0;
1182 olen = strlen(na1);
1183 plen = olen + 1;
1184 if (plen % 4)
1185 plen = ((plen / 4) + 1) * 4;
1186 arr[num++] = plen; /* length, null termianted, padded */
1187 memcpy(arr + num, na1, olen);
1188 memset(arr + num + olen, 0, plen - olen);
1189 num += plen;
1190
1191 arr[num++] = 0x4; /* lu, logging */
1192 arr[num++] = 0x0; /* reserved */
1193 arr[num++] = 0x0;
1194 olen = strlen(na2);
1195 plen = olen + 1;
1196 if (plen % 4)
1197 plen = ((plen / 4) + 1) * 4;
1198 arr[num++] = plen; /* length, null terminated, padded */
1199 memcpy(arr + num, na2, olen);
1200 memset(arr + num + olen, 0, plen - olen);
1201 num += plen;
1202
1203 return num;
1204}
1205
1206/* SCSI ports VPD page */
1207static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1208{
1209 int num = 0;
1210 int port_a, port_b;
1211
1212 port_a = target_dev_id + 1;
1213 port_b = port_a + 1;
1214 arr[num++] = 0x0; /* reserved */
1215 arr[num++] = 0x0; /* reserved */
1216 arr[num++] = 0x0;
1217 arr[num++] = 0x1; /* relative port 1 (primary) */
1218 memset(arr + num, 0, 6);
1219 num += 6;
1220 arr[num++] = 0x0;
1221 arr[num++] = 12; /* length tp descriptor */
1222 /* naa-5 target port identifier (A) */
1223 arr[num++] = 0x61; /* proto=sas, binary */
1224 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1225 arr[num++] = 0x0; /* reserved */
1226 arr[num++] = 0x8; /* length */
1227 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1228 num += 8;
1229 arr[num++] = 0x0; /* reserved */
1230 arr[num++] = 0x0; /* reserved */
1231 arr[num++] = 0x0;
1232 arr[num++] = 0x2; /* relative port 2 (secondary) */
1233 memset(arr + num, 0, 6);
1234 num += 6;
1235 arr[num++] = 0x0;
1236 arr[num++] = 12; /* length tp descriptor */
1237 /* naa-5 target port identifier (B) */
1238 arr[num++] = 0x61; /* proto=sas, binary */
1239 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1240 arr[num++] = 0x0; /* reserved */
1241 arr[num++] = 0x8; /* length */
1242 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1243 num += 8;
1244
1245 return num;
1246}
1247
1248
1249static unsigned char vpd89_data[] = {
1250/* from 4th byte */ 0,0,0,0,
1251'l','i','n','u','x',' ',' ',' ',
1252'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1253'1','2','3','4',
12540x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
12550xec,0,0,0,
12560x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
12570,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
12580x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
12590x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
12600x53,0x41,
12610x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
12620x20,0x20,
12630x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
12640x10,0x80,
12650,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
12660x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
12670x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
12680,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
12690x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
12700x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
12710,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
12720,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12730,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12740,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12750x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
12760,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
12770xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
12780,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
12790,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12800,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12810,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12820,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12830,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12840,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12850,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12860,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12870,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12880,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12890,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
12900,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1291};
1292
1293/* ATA Information VPD page */
1294static int inquiry_vpd_89(unsigned char *arr)
1295{
1296 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1297 return sizeof(vpd89_data);
1298}
1299
1300
1301static unsigned char vpdb0_data[] = {
1302 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1303 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1304 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1305 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1306};
1307
1308/* Block limits VPD page (SBC-3) */
1309static int inquiry_vpd_b0(unsigned char *arr)
1310{
1311 unsigned int gran;
1312
1313 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1314
1315 /* Optimal transfer length granularity */
1316 if (sdebug_opt_xferlen_exp != 0 &&
1317 sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1318 gran = 1 << sdebug_opt_xferlen_exp;
1319 else
1320 gran = 1 << sdebug_physblk_exp;
1321 put_unaligned_be16(gran, arr + 2);
1322
1323 /* Maximum Transfer Length */
1324 if (sdebug_store_sectors > 0x400)
1325 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1326
1327 /* Optimal Transfer Length */
1328 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1329
1330 if (sdebug_lbpu) {
1331 /* Maximum Unmap LBA Count */
1332 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1333
1334 /* Maximum Unmap Block Descriptor Count */
1335 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1336 }
1337
1338 /* Unmap Granularity Alignment */
1339 if (sdebug_unmap_alignment) {
1340 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1341 arr[28] |= 0x80; /* UGAVALID */
1342 }
1343
1344 /* Optimal Unmap Granularity */
1345 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1346
1347 /* Maximum WRITE SAME Length */
1348 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1349
1350 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1351
1352 return sizeof(vpdb0_data);
1353}
1354
1355/* Block device characteristics VPD page (SBC-3) */
1356static int inquiry_vpd_b1(unsigned char *arr)
1357{
1358 memset(arr, 0, 0x3c);
1359 arr[0] = 0;
1360 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1361 arr[2] = 0;
1362 arr[3] = 5; /* less than 1.8" */
1363
1364 return 0x3c;
1365}
1366
1367/* Logical block provisioning VPD page (SBC-4) */
1368static int inquiry_vpd_b2(unsigned char *arr)
1369{
1370 memset(arr, 0, 0x4);
1371 arr[0] = 0; /* threshold exponent */
1372 if (sdebug_lbpu)
1373 arr[1] = 1 << 7;
1374 if (sdebug_lbpws)
1375 arr[1] |= 1 << 6;
1376 if (sdebug_lbpws10)
1377 arr[1] |= 1 << 5;
1378 if (sdebug_lbprz && scsi_debug_lbp())
1379 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1380 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1381 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1382 /* threshold_percentage=0 */
1383 return 0x4;
1384}
1385
1386#define SDEBUG_LONG_INQ_SZ 96
1387#define SDEBUG_MAX_INQ_ARR_SZ 584
1388
1389static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1390{
1391 unsigned char pq_pdt;
1392 unsigned char *arr;
1393 unsigned char *cmd = scp->cmnd;
1394 int alloc_len, n, ret;
1395 bool have_wlun, is_disk;
1396
1397 alloc_len = get_unaligned_be16(cmd + 3);
1398 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1399 if (! arr)
1400 return DID_REQUEUE << 16;
1401 is_disk = (sdebug_ptype == TYPE_DISK);
1402 have_wlun = scsi_is_wlun(scp->device->lun);
1403 if (have_wlun)
1404 pq_pdt = TYPE_WLUN; /* present, wlun */
1405 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1406 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1407 else
1408 pq_pdt = (sdebug_ptype & 0x1f);
1409 arr[0] = pq_pdt;
1410 if (0x2 & cmd[1]) { /* CMDDT bit set */
1411 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1412 kfree(arr);
1413 return check_condition_result;
1414 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1415 int lu_id_num, port_group_id, target_dev_id, len;
1416 char lu_id_str[6];
1417 int host_no = devip->sdbg_host->shost->host_no;
1418
1419 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1420 (devip->channel & 0x7f);
1421 if (sdebug_vpd_use_hostno == 0)
1422 host_no = 0;
1423 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1424 (devip->target * 1000) + devip->lun);
1425 target_dev_id = ((host_no + 1) * 2000) +
1426 (devip->target * 1000) - 3;
1427 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1428 if (0 == cmd[2]) { /* supported vital product data pages */
1429 arr[1] = cmd[2]; /*sanity */
1430 n = 4;
1431 arr[n++] = 0x0; /* this page */
1432 arr[n++] = 0x80; /* unit serial number */
1433 arr[n++] = 0x83; /* device identification */
1434 arr[n++] = 0x84; /* software interface ident. */
1435 arr[n++] = 0x85; /* management network addresses */
1436 arr[n++] = 0x86; /* extended inquiry */
1437 arr[n++] = 0x87; /* mode page policy */
1438 arr[n++] = 0x88; /* SCSI ports */
1439 if (is_disk) { /* SBC only */
1440 arr[n++] = 0x89; /* ATA information */
1441 arr[n++] = 0xb0; /* Block limits */
1442 arr[n++] = 0xb1; /* Block characteristics */
1443 arr[n++] = 0xb2; /* Logical Block Prov */
1444 }
1445 arr[3] = n - 4; /* number of supported VPD pages */
1446 } else if (0x80 == cmd[2]) { /* unit serial number */
1447 arr[1] = cmd[2]; /*sanity */
1448 arr[3] = len;
1449 memcpy(&arr[4], lu_id_str, len);
1450 } else if (0x83 == cmd[2]) { /* device identification */
1451 arr[1] = cmd[2]; /*sanity */
1452 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1453 target_dev_id, lu_id_num,
1454 lu_id_str, len,
1455 &devip->lu_name);
1456 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1457 arr[1] = cmd[2]; /*sanity */
1458 arr[3] = inquiry_vpd_84(&arr[4]);
1459 } else if (0x85 == cmd[2]) { /* Management network addresses */
1460 arr[1] = cmd[2]; /*sanity */
1461 arr[3] = inquiry_vpd_85(&arr[4]);
1462 } else if (0x86 == cmd[2]) { /* extended inquiry */
1463 arr[1] = cmd[2]; /*sanity */
1464 arr[3] = 0x3c; /* number of following entries */
1465 if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1466 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1467 else if (have_dif_prot)
1468 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1469 else
1470 arr[4] = 0x0; /* no protection stuff */
1471 arr[5] = 0x7; /* head of q, ordered + simple q's */
1472 } else if (0x87 == cmd[2]) { /* mode page policy */
1473 arr[1] = cmd[2]; /*sanity */
1474 arr[3] = 0x8; /* number of following entries */
1475 arr[4] = 0x2; /* disconnect-reconnect mp */
1476 arr[6] = 0x80; /* mlus, shared */
1477 arr[8] = 0x18; /* protocol specific lu */
1478 arr[10] = 0x82; /* mlus, per initiator port */
1479 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1480 arr[1] = cmd[2]; /*sanity */
1481 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1482 } else if (is_disk && 0x89 == cmd[2]) { /* ATA information */
1483 arr[1] = cmd[2]; /*sanity */
1484 n = inquiry_vpd_89(&arr[4]);
1485 put_unaligned_be16(n, arr + 2);
1486 } else if (is_disk && 0xb0 == cmd[2]) { /* Block limits */
1487 arr[1] = cmd[2]; /*sanity */
1488 arr[3] = inquiry_vpd_b0(&arr[4]);
1489 } else if (is_disk && 0xb1 == cmd[2]) { /* Block char. */
1490 arr[1] = cmd[2]; /*sanity */
1491 arr[3] = inquiry_vpd_b1(&arr[4]);
1492 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1493 arr[1] = cmd[2]; /*sanity */
1494 arr[3] = inquiry_vpd_b2(&arr[4]);
1495 } else {
1496 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1497 kfree(arr);
1498 return check_condition_result;
1499 }
1500 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1501 ret = fill_from_dev_buffer(scp, arr,
1502 min(len, SDEBUG_MAX_INQ_ARR_SZ));
1503 kfree(arr);
1504 return ret;
1505 }
1506 /* drops through here for a standard inquiry */
1507 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
1508 arr[2] = sdebug_scsi_level;
1509 arr[3] = 2; /* response_data_format==2 */
1510 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1511 arr[5] = (int)have_dif_prot; /* PROTECT bit */
1512 if (sdebug_vpd_use_hostno == 0)
1513 arr[5] |= 0x10; /* claim: implicit TPGS */
1514 arr[6] = 0x10; /* claim: MultiP */
1515 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1516 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1517 memcpy(&arr[8], sdebug_inq_vendor_id, 8);
1518 memcpy(&arr[16], sdebug_inq_product_id, 16);
1519 memcpy(&arr[32], sdebug_inq_product_rev, 4);
1520 /* Use Vendor Specific area to place driver date in ASCII hex */
1521 memcpy(&arr[36], sdebug_version_date, 8);
1522 /* version descriptors (2 bytes each) follow */
1523 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
1524 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
1525 n = 62;
1526 if (is_disk) { /* SBC-4 no version claimed */
1527 put_unaligned_be16(0x600, arr + n);
1528 n += 2;
1529 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1530 put_unaligned_be16(0x525, arr + n);
1531 n += 2;
1532 }
1533 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
1534 ret = fill_from_dev_buffer(scp, arr,
1535 min(alloc_len, SDEBUG_LONG_INQ_SZ));
1536 kfree(arr);
1537 return ret;
1538}
1539
1540static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1541 0, 0, 0x0, 0x0};
1542
1543static int resp_requests(struct scsi_cmnd *scp,
1544 struct sdebug_dev_info *devip)
1545{
1546 unsigned char *sbuff;
1547 unsigned char *cmd = scp->cmnd;
1548 unsigned char arr[SCSI_SENSE_BUFFERSIZE];
1549 bool dsense;
1550 int len = 18;
1551
1552 memset(arr, 0, sizeof(arr));
1553 dsense = !!(cmd[1] & 1);
1554 sbuff = scp->sense_buffer;
1555 if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1556 if (dsense) {
1557 arr[0] = 0x72;
1558 arr[1] = 0x0; /* NO_SENSE in sense_key */
1559 arr[2] = THRESHOLD_EXCEEDED;
1560 arr[3] = 0xff; /* TEST set and MRIE==6 */
1561 len = 8;
1562 } else {
1563 arr[0] = 0x70;
1564 arr[2] = 0x0; /* NO_SENSE in sense_key */
1565 arr[7] = 0xa; /* 18 byte sense buffer */
1566 arr[12] = THRESHOLD_EXCEEDED;
1567 arr[13] = 0xff; /* TEST set and MRIE==6 */
1568 }
1569 } else {
1570 memcpy(arr, sbuff, SCSI_SENSE_BUFFERSIZE);
1571 if (arr[0] >= 0x70 && dsense == sdebug_dsense)
1572 ; /* have sense and formats match */
1573 else if (arr[0] <= 0x70) {
1574 if (dsense) {
1575 memset(arr, 0, 8);
1576 arr[0] = 0x72;
1577 len = 8;
1578 } else {
1579 memset(arr, 0, 18);
1580 arr[0] = 0x70;
1581 arr[7] = 0xa;
1582 }
1583 } else if (dsense) {
1584 memset(arr, 0, 8);
1585 arr[0] = 0x72;
1586 arr[1] = sbuff[2]; /* sense key */
1587 arr[2] = sbuff[12]; /* asc */
1588 arr[3] = sbuff[13]; /* ascq */
1589 len = 8;
1590 } else {
1591 memset(arr, 0, 18);
1592 arr[0] = 0x70;
1593 arr[2] = sbuff[1];
1594 arr[7] = 0xa;
1595 arr[12] = sbuff[1];
1596 arr[13] = sbuff[3];
1597 }
1598
1599 }
1600 mk_sense_buffer(scp, 0, NO_ADDITIONAL_SENSE, 0);
1601 return fill_from_dev_buffer(scp, arr, len);
1602}
1603
1604static int resp_start_stop(struct scsi_cmnd *scp,
1605 struct sdebug_dev_info *devip)
1606{
1607 unsigned char *cmd = scp->cmnd;
1608 int power_cond, stop;
1609 bool changing;
1610
1611 power_cond = (cmd[4] & 0xf0) >> 4;
1612 if (power_cond) {
1613 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1614 return check_condition_result;
1615 }
1616 stop = !(cmd[4] & 1);
1617 changing = atomic_read(&devip->stopped) == !stop;
1618 atomic_xchg(&devip->stopped, stop);
1619 if (!changing || cmd[1] & 0x1) /* state unchanged or IMMED set */
1620 return SDEG_RES_IMMED_MASK;
1621 else
1622 return 0;
1623}
1624
1625static sector_t get_sdebug_capacity(void)
1626{
1627 static const unsigned int gibibyte = 1073741824;
1628
1629 if (sdebug_virtual_gb > 0)
1630 return (sector_t)sdebug_virtual_gb *
1631 (gibibyte / sdebug_sector_size);
1632 else
1633 return sdebug_store_sectors;
1634}
1635
1636#define SDEBUG_READCAP_ARR_SZ 8
1637static int resp_readcap(struct scsi_cmnd *scp,
1638 struct sdebug_dev_info *devip)
1639{
1640 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1641 unsigned int capac;
1642
1643 /* following just in case virtual_gb changed */
1644 sdebug_capacity = get_sdebug_capacity();
1645 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1646 if (sdebug_capacity < 0xffffffff) {
1647 capac = (unsigned int)sdebug_capacity - 1;
1648 put_unaligned_be32(capac, arr + 0);
1649 } else
1650 put_unaligned_be32(0xffffffff, arr + 0);
1651 put_unaligned_be16(sdebug_sector_size, arr + 6);
1652 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1653}
1654
1655#define SDEBUG_READCAP16_ARR_SZ 32
1656static int resp_readcap16(struct scsi_cmnd *scp,
1657 struct sdebug_dev_info *devip)
1658{
1659 unsigned char *cmd = scp->cmnd;
1660 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1661 int alloc_len;
1662
1663 alloc_len = get_unaligned_be32(cmd + 10);
1664 /* following just in case virtual_gb changed */
1665 sdebug_capacity = get_sdebug_capacity();
1666 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1667 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1668 put_unaligned_be32(sdebug_sector_size, arr + 8);
1669 arr[13] = sdebug_physblk_exp & 0xf;
1670 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1671
1672 if (scsi_debug_lbp()) {
1673 arr[14] |= 0x80; /* LBPME */
1674 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1675 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1676 * in the wider field maps to 0 in this field.
1677 */
1678 if (sdebug_lbprz & 1) /* precisely what the draft requires */
1679 arr[14] |= 0x40;
1680 }
1681
1682 arr[15] = sdebug_lowest_aligned & 0xff;
1683
1684 if (have_dif_prot) {
1685 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1686 arr[12] |= 1; /* PROT_EN */
1687 }
1688
1689 return fill_from_dev_buffer(scp, arr,
1690 min(alloc_len, SDEBUG_READCAP16_ARR_SZ));
1691}
1692
1693#define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1694
1695static int resp_report_tgtpgs(struct scsi_cmnd *scp,
1696 struct sdebug_dev_info *devip)
1697{
1698 unsigned char *cmd = scp->cmnd;
1699 unsigned char *arr;
1700 int host_no = devip->sdbg_host->shost->host_no;
1701 int n, ret, alen, rlen;
1702 int port_group_a, port_group_b, port_a, port_b;
1703
1704 alen = get_unaligned_be32(cmd + 6);
1705 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1706 if (! arr)
1707 return DID_REQUEUE << 16;
1708 /*
1709 * EVPD page 0x88 states we have two ports, one
1710 * real and a fake port with no device connected.
1711 * So we create two port groups with one port each
1712 * and set the group with port B to unavailable.
1713 */
1714 port_a = 0x1; /* relative port A */
1715 port_b = 0x2; /* relative port B */
1716 port_group_a = (((host_no + 1) & 0x7f) << 8) +
1717 (devip->channel & 0x7f);
1718 port_group_b = (((host_no + 1) & 0x7f) << 8) +
1719 (devip->channel & 0x7f) + 0x80;
1720
1721 /*
1722 * The asymmetric access state is cycled according to the host_id.
1723 */
1724 n = 4;
1725 if (sdebug_vpd_use_hostno == 0) {
1726 arr[n++] = host_no % 3; /* Asymm access state */
1727 arr[n++] = 0x0F; /* claim: all states are supported */
1728 } else {
1729 arr[n++] = 0x0; /* Active/Optimized path */
1730 arr[n++] = 0x01; /* only support active/optimized paths */
1731 }
1732 put_unaligned_be16(port_group_a, arr + n);
1733 n += 2;
1734 arr[n++] = 0; /* Reserved */
1735 arr[n++] = 0; /* Status code */
1736 arr[n++] = 0; /* Vendor unique */
1737 arr[n++] = 0x1; /* One port per group */
1738 arr[n++] = 0; /* Reserved */
1739 arr[n++] = 0; /* Reserved */
1740 put_unaligned_be16(port_a, arr + n);
1741 n += 2;
1742 arr[n++] = 3; /* Port unavailable */
1743 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1744 put_unaligned_be16(port_group_b, arr + n);
1745 n += 2;
1746 arr[n++] = 0; /* Reserved */
1747 arr[n++] = 0; /* Status code */
1748 arr[n++] = 0; /* Vendor unique */
1749 arr[n++] = 0x1; /* One port per group */
1750 arr[n++] = 0; /* Reserved */
1751 arr[n++] = 0; /* Reserved */
1752 put_unaligned_be16(port_b, arr + n);
1753 n += 2;
1754
1755 rlen = n - 4;
1756 put_unaligned_be32(rlen, arr + 0);
1757
1758 /*
1759 * Return the smallest value of either
1760 * - The allocated length
1761 * - The constructed command length
1762 * - The maximum array size
1763 */
1764 rlen = min(alen,n);
1765 ret = fill_from_dev_buffer(scp, arr,
1766 min(rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1767 kfree(arr);
1768 return ret;
1769}
1770
1771static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1772 struct sdebug_dev_info *devip)
1773{
1774 bool rctd;
1775 u8 reporting_opts, req_opcode, sdeb_i, supp;
1776 u16 req_sa, u;
1777 u32 alloc_len, a_len;
1778 int k, offset, len, errsts, count, bump, na;
1779 const struct opcode_info_t *oip;
1780 const struct opcode_info_t *r_oip;
1781 u8 *arr;
1782 u8 *cmd = scp->cmnd;
1783
1784 rctd = !!(cmd[2] & 0x80);
1785 reporting_opts = cmd[2] & 0x7;
1786 req_opcode = cmd[3];
1787 req_sa = get_unaligned_be16(cmd + 4);
1788 alloc_len = get_unaligned_be32(cmd + 6);
1789 if (alloc_len < 4 || alloc_len > 0xffff) {
1790 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1791 return check_condition_result;
1792 }
1793 if (alloc_len > 8192)
1794 a_len = 8192;
1795 else
1796 a_len = alloc_len;
1797 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1798 if (NULL == arr) {
1799 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1800 INSUFF_RES_ASCQ);
1801 return check_condition_result;
1802 }
1803 switch (reporting_opts) {
1804 case 0: /* all commands */
1805 /* count number of commands */
1806 for (count = 0, oip = opcode_info_arr;
1807 oip->num_attached != 0xff; ++oip) {
1808 if (F_INV_OP & oip->flags)
1809 continue;
1810 count += (oip->num_attached + 1);
1811 }
1812 bump = rctd ? 20 : 8;
1813 put_unaligned_be32(count * bump, arr);
1814 for (offset = 4, oip = opcode_info_arr;
1815 oip->num_attached != 0xff && offset < a_len; ++oip) {
1816 if (F_INV_OP & oip->flags)
1817 continue;
1818 na = oip->num_attached;
1819 arr[offset] = oip->opcode;
1820 put_unaligned_be16(oip->sa, arr + offset + 2);
1821 if (rctd)
1822 arr[offset + 5] |= 0x2;
1823 if (FF_SA & oip->flags)
1824 arr[offset + 5] |= 0x1;
1825 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
1826 if (rctd)
1827 put_unaligned_be16(0xa, arr + offset + 8);
1828 r_oip = oip;
1829 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
1830 if (F_INV_OP & oip->flags)
1831 continue;
1832 offset += bump;
1833 arr[offset] = oip->opcode;
1834 put_unaligned_be16(oip->sa, arr + offset + 2);
1835 if (rctd)
1836 arr[offset + 5] |= 0x2;
1837 if (FF_SA & oip->flags)
1838 arr[offset + 5] |= 0x1;
1839 put_unaligned_be16(oip->len_mask[0],
1840 arr + offset + 6);
1841 if (rctd)
1842 put_unaligned_be16(0xa,
1843 arr + offset + 8);
1844 }
1845 oip = r_oip;
1846 offset += bump;
1847 }
1848 break;
1849 case 1: /* one command: opcode only */
1850 case 2: /* one command: opcode plus service action */
1851 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
1852 sdeb_i = opcode_ind_arr[req_opcode];
1853 oip = &opcode_info_arr[sdeb_i];
1854 if (F_INV_OP & oip->flags) {
1855 supp = 1;
1856 offset = 4;
1857 } else {
1858 if (1 == reporting_opts) {
1859 if (FF_SA & oip->flags) {
1860 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
1861 2, 2);
1862 kfree(arr);
1863 return check_condition_result;
1864 }
1865 req_sa = 0;
1866 } else if (2 == reporting_opts &&
1867 0 == (FF_SA & oip->flags)) {
1868 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
1869 kfree(arr); /* point at requested sa */
1870 return check_condition_result;
1871 }
1872 if (0 == (FF_SA & oip->flags) &&
1873 req_opcode == oip->opcode)
1874 supp = 3;
1875 else if (0 == (FF_SA & oip->flags)) {
1876 na = oip->num_attached;
1877 for (k = 0, oip = oip->arrp; k < na;
1878 ++k, ++oip) {
1879 if (req_opcode == oip->opcode)
1880 break;
1881 }
1882 supp = (k >= na) ? 1 : 3;
1883 } else if (req_sa != oip->sa) {
1884 na = oip->num_attached;
1885 for (k = 0, oip = oip->arrp; k < na;
1886 ++k, ++oip) {
1887 if (req_sa == oip->sa)
1888 break;
1889 }
1890 supp = (k >= na) ? 1 : 3;
1891 } else
1892 supp = 3;
1893 if (3 == supp) {
1894 u = oip->len_mask[0];
1895 put_unaligned_be16(u, arr + 2);
1896 arr[4] = oip->opcode;
1897 for (k = 1; k < u; ++k)
1898 arr[4 + k] = (k < 16) ?
1899 oip->len_mask[k] : 0xff;
1900 offset = 4 + u;
1901 } else
1902 offset = 4;
1903 }
1904 arr[1] = (rctd ? 0x80 : 0) | supp;
1905 if (rctd) {
1906 put_unaligned_be16(0xa, arr + offset);
1907 offset += 12;
1908 }
1909 break;
1910 default:
1911 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
1912 kfree(arr);
1913 return check_condition_result;
1914 }
1915 offset = (offset < a_len) ? offset : a_len;
1916 len = (offset < alloc_len) ? offset : alloc_len;
1917 errsts = fill_from_dev_buffer(scp, arr, len);
1918 kfree(arr);
1919 return errsts;
1920}
1921
1922static int resp_rsup_tmfs(struct scsi_cmnd *scp,
1923 struct sdebug_dev_info *devip)
1924{
1925 bool repd;
1926 u32 alloc_len, len;
1927 u8 arr[16];
1928 u8 *cmd = scp->cmnd;
1929
1930 memset(arr, 0, sizeof(arr));
1931 repd = !!(cmd[2] & 0x80);
1932 alloc_len = get_unaligned_be32(cmd + 6);
1933 if (alloc_len < 4) {
1934 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1935 return check_condition_result;
1936 }
1937 arr[0] = 0xc8; /* ATS | ATSS | LURS */
1938 arr[1] = 0x1; /* ITNRS */
1939 if (repd) {
1940 arr[3] = 0xc;
1941 len = 16;
1942 } else
1943 len = 4;
1944
1945 len = (len < alloc_len) ? len : alloc_len;
1946 return fill_from_dev_buffer(scp, arr, len);
1947}
1948
1949/* <<Following mode page info copied from ST318451LW>> */
1950
1951static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
1952{ /* Read-Write Error Recovery page for mode_sense */
1953 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
1954 5, 0, 0xff, 0xff};
1955
1956 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
1957 if (1 == pcontrol)
1958 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
1959 return sizeof(err_recov_pg);
1960}
1961
1962static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
1963{ /* Disconnect-Reconnect page for mode_sense */
1964 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
1965 0, 0, 0, 0, 0, 0, 0, 0};
1966
1967 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
1968 if (1 == pcontrol)
1969 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
1970 return sizeof(disconnect_pg);
1971}
1972
1973static int resp_format_pg(unsigned char *p, int pcontrol, int target)
1974{ /* Format device page for mode_sense */
1975 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
1976 0, 0, 0, 0, 0, 0, 0, 0,
1977 0, 0, 0, 0, 0x40, 0, 0, 0};
1978
1979 memcpy(p, format_pg, sizeof(format_pg));
1980 put_unaligned_be16(sdebug_sectors_per, p + 10);
1981 put_unaligned_be16(sdebug_sector_size, p + 12);
1982 if (sdebug_removable)
1983 p[20] |= 0x20; /* should agree with INQUIRY */
1984 if (1 == pcontrol)
1985 memset(p + 2, 0, sizeof(format_pg) - 2);
1986 return sizeof(format_pg);
1987}
1988
1989static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1990 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
1991 0, 0, 0, 0};
1992
1993static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
1994{ /* Caching page for mode_sense */
1995 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
1996 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1997 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1998 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
1999
2000 if (SDEBUG_OPT_N_WCE & sdebug_opts)
2001 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
2002 memcpy(p, caching_pg, sizeof(caching_pg));
2003 if (1 == pcontrol)
2004 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2005 else if (2 == pcontrol)
2006 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2007 return sizeof(caching_pg);
2008}
2009
2010static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2011 0, 0, 0x2, 0x4b};
2012
2013static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2014{ /* Control mode page for mode_sense */
2015 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2016 0, 0, 0, 0};
2017 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2018 0, 0, 0x2, 0x4b};
2019
2020 if (sdebug_dsense)
2021 ctrl_m_pg[2] |= 0x4;
2022 else
2023 ctrl_m_pg[2] &= ~0x4;
2024
2025 if (sdebug_ato)
2026 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2027
2028 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2029 if (1 == pcontrol)
2030 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2031 else if (2 == pcontrol)
2032 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2033 return sizeof(ctrl_m_pg);
2034}
2035
2036
2037static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2038{ /* Informational Exceptions control mode page for mode_sense */
2039 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2040 0, 0, 0x0, 0x0};
2041 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2042 0, 0, 0x0, 0x0};
2043
2044 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2045 if (1 == pcontrol)
2046 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2047 else if (2 == pcontrol)
2048 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2049 return sizeof(iec_m_pg);
2050}
2051
2052static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2053{ /* SAS SSP mode page - short format for mode_sense */
2054 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2055 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2056
2057 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2058 if (1 == pcontrol)
2059 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2060 return sizeof(sas_sf_m_pg);
2061}
2062
2063
2064static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2065 int target_dev_id)
2066{ /* SAS phy control and discover mode page for mode_sense */
2067 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2068 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2069 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2070 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2071 0x2, 0, 0, 0, 0, 0, 0, 0,
2072 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2073 0, 0, 0, 0, 0, 0, 0, 0,
2074 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2075 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2076 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
2077 0x3, 0, 0, 0, 0, 0, 0, 0,
2078 0x88, 0x99, 0, 0, 0, 0, 0, 0,
2079 0, 0, 0, 0, 0, 0, 0, 0,
2080 };
2081 int port_a, port_b;
2082
2083 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2084 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2085 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2086 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2087 port_a = target_dev_id + 1;
2088 port_b = port_a + 1;
2089 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2090 put_unaligned_be32(port_a, p + 20);
2091 put_unaligned_be32(port_b, p + 48 + 20);
2092 if (1 == pcontrol)
2093 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2094 return sizeof(sas_pcd_m_pg);
2095}
2096
2097static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2098{ /* SAS SSP shared protocol specific port mode subpage */
2099 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2100 0, 0, 0, 0, 0, 0, 0, 0,
2101 };
2102
2103 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2104 if (1 == pcontrol)
2105 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2106 return sizeof(sas_sha_m_pg);
2107}
2108
2109#define SDEBUG_MAX_MSENSE_SZ 256
2110
2111static int resp_mode_sense(struct scsi_cmnd *scp,
2112 struct sdebug_dev_info *devip)
2113{
2114 int pcontrol, pcode, subpcode, bd_len;
2115 unsigned char dev_spec;
2116 int alloc_len, offset, len, target_dev_id;
2117 int target = scp->device->id;
2118 unsigned char *ap;
2119 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2120 unsigned char *cmd = scp->cmnd;
2121 bool dbd, llbaa, msense_6, is_disk, bad_pcode;
2122
2123 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
2124 pcontrol = (cmd[2] & 0xc0) >> 6;
2125 pcode = cmd[2] & 0x3f;
2126 subpcode = cmd[3];
2127 msense_6 = (MODE_SENSE == cmd[0]);
2128 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2129 is_disk = (sdebug_ptype == TYPE_DISK);
2130 if (is_disk && !dbd)
2131 bd_len = llbaa ? 16 : 8;
2132 else
2133 bd_len = 0;
2134 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2135 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2136 if (0x3 == pcontrol) { /* Saving values not supported */
2137 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2138 return check_condition_result;
2139 }
2140 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2141 (devip->target * 1000) - 3;
2142 /* for disks set DPOFUA bit and clear write protect (WP) bit */
2143 if (is_disk) {
2144 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
2145 if (sdebug_wp)
2146 dev_spec |= 0x80;
2147 } else
2148 dev_spec = 0x0;
2149 if (msense_6) {
2150 arr[2] = dev_spec;
2151 arr[3] = bd_len;
2152 offset = 4;
2153 } else {
2154 arr[3] = dev_spec;
2155 if (16 == bd_len)
2156 arr[4] = 0x1; /* set LONGLBA bit */
2157 arr[7] = bd_len; /* assume 255 or less */
2158 offset = 8;
2159 }
2160 ap = arr + offset;
2161 if ((bd_len > 0) && (!sdebug_capacity))
2162 sdebug_capacity = get_sdebug_capacity();
2163
2164 if (8 == bd_len) {
2165 if (sdebug_capacity > 0xfffffffe)
2166 put_unaligned_be32(0xffffffff, ap + 0);
2167 else
2168 put_unaligned_be32(sdebug_capacity, ap + 0);
2169 put_unaligned_be16(sdebug_sector_size, ap + 6);
2170 offset += bd_len;
2171 ap = arr + offset;
2172 } else if (16 == bd_len) {
2173 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2174 put_unaligned_be32(sdebug_sector_size, ap + 12);
2175 offset += bd_len;
2176 ap = arr + offset;
2177 }
2178
2179 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2180 /* TODO: Control Extension page */
2181 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2182 return check_condition_result;
2183 }
2184 bad_pcode = false;
2185
2186 switch (pcode) {
2187 case 0x1: /* Read-Write error recovery page, direct access */
2188 len = resp_err_recov_pg(ap, pcontrol, target);
2189 offset += len;
2190 break;
2191 case 0x2: /* Disconnect-Reconnect page, all devices */
2192 len = resp_disconnect_pg(ap, pcontrol, target);
2193 offset += len;
2194 break;
2195 case 0x3: /* Format device page, direct access */
2196 if (is_disk) {
2197 len = resp_format_pg(ap, pcontrol, target);
2198 offset += len;
2199 } else
2200 bad_pcode = true;
2201 break;
2202 case 0x8: /* Caching page, direct access */
2203 if (is_disk) {
2204 len = resp_caching_pg(ap, pcontrol, target);
2205 offset += len;
2206 } else
2207 bad_pcode = true;
2208 break;
2209 case 0xa: /* Control Mode page, all devices */
2210 len = resp_ctrl_m_pg(ap, pcontrol, target);
2211 offset += len;
2212 break;
2213 case 0x19: /* if spc==1 then sas phy, control+discover */
2214 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2215 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2216 return check_condition_result;
2217 }
2218 len = 0;
2219 if ((0x0 == subpcode) || (0xff == subpcode))
2220 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2221 if ((0x1 == subpcode) || (0xff == subpcode))
2222 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2223 target_dev_id);
2224 if ((0x2 == subpcode) || (0xff == subpcode))
2225 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2226 offset += len;
2227 break;
2228 case 0x1c: /* Informational Exceptions Mode page, all devices */
2229 len = resp_iec_m_pg(ap, pcontrol, target);
2230 offset += len;
2231 break;
2232 case 0x3f: /* Read all Mode pages */
2233 if ((0 == subpcode) || (0xff == subpcode)) {
2234 len = resp_err_recov_pg(ap, pcontrol, target);
2235 len += resp_disconnect_pg(ap + len, pcontrol, target);
2236 if (is_disk) {
2237 len += resp_format_pg(ap + len, pcontrol,
2238 target);
2239 len += resp_caching_pg(ap + len, pcontrol,
2240 target);
2241 }
2242 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2243 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2244 if (0xff == subpcode) {
2245 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2246 target, target_dev_id);
2247 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2248 }
2249 len += resp_iec_m_pg(ap + len, pcontrol, target);
2250 offset += len;
2251 } else {
2252 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2253 return check_condition_result;
2254 }
2255 break;
2256 default:
2257 bad_pcode = true;
2258 break;
2259 }
2260 if (bad_pcode) {
2261 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2262 return check_condition_result;
2263 }
2264 if (msense_6)
2265 arr[0] = offset - 1;
2266 else
2267 put_unaligned_be16((offset - 2), arr + 0);
2268 return fill_from_dev_buffer(scp, arr, min(alloc_len, offset));
2269}
2270
2271#define SDEBUG_MAX_MSELECT_SZ 512
2272
2273static int resp_mode_select(struct scsi_cmnd *scp,
2274 struct sdebug_dev_info *devip)
2275{
2276 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2277 int param_len, res, mpage;
2278 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2279 unsigned char *cmd = scp->cmnd;
2280 int mselect6 = (MODE_SELECT == cmd[0]);
2281
2282 memset(arr, 0, sizeof(arr));
2283 pf = cmd[1] & 0x10;
2284 sp = cmd[1] & 0x1;
2285 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2286 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2287 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2288 return check_condition_result;
2289 }
2290 res = fetch_to_dev_buffer(scp, arr, param_len);
2291 if (-1 == res)
2292 return DID_ERROR << 16;
2293 else if (sdebug_verbose && (res < param_len))
2294 sdev_printk(KERN_INFO, scp->device,
2295 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2296 __func__, param_len, res);
2297 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2298 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2299 if (md_len > 2) {
2300 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2301 return check_condition_result;
2302 }
2303 off = bd_len + (mselect6 ? 4 : 8);
2304 mpage = arr[off] & 0x3f;
2305 ps = !!(arr[off] & 0x80);
2306 if (ps) {
2307 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2308 return check_condition_result;
2309 }
2310 spf = !!(arr[off] & 0x40);
2311 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2312 (arr[off + 1] + 2);
2313 if ((pg_len + off) > param_len) {
2314 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2315 PARAMETER_LIST_LENGTH_ERR, 0);
2316 return check_condition_result;
2317 }
2318 switch (mpage) {
2319 case 0x8: /* Caching Mode page */
2320 if (caching_pg[1] == arr[off + 1]) {
2321 memcpy(caching_pg + 2, arr + off + 2,
2322 sizeof(caching_pg) - 2);
2323 goto set_mode_changed_ua;
2324 }
2325 break;
2326 case 0xa: /* Control Mode page */
2327 if (ctrl_m_pg[1] == arr[off + 1]) {
2328 memcpy(ctrl_m_pg + 2, arr + off + 2,
2329 sizeof(ctrl_m_pg) - 2);
2330 if (ctrl_m_pg[4] & 0x8)
2331 sdebug_wp = true;
2332 else
2333 sdebug_wp = false;
2334 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2335 goto set_mode_changed_ua;
2336 }
2337 break;
2338 case 0x1c: /* Informational Exceptions Mode page */
2339 if (iec_m_pg[1] == arr[off + 1]) {
2340 memcpy(iec_m_pg + 2, arr + off + 2,
2341 sizeof(iec_m_pg) - 2);
2342 goto set_mode_changed_ua;
2343 }
2344 break;
2345 default:
2346 break;
2347 }
2348 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2349 return check_condition_result;
2350set_mode_changed_ua:
2351 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2352 return 0;
2353}
2354
2355static int resp_temp_l_pg(unsigned char *arr)
2356{
2357 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2358 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2359 };
2360
2361 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2362 return sizeof(temp_l_pg);
2363}
2364
2365static int resp_ie_l_pg(unsigned char *arr)
2366{
2367 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2368 };
2369
2370 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2371 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2372 arr[4] = THRESHOLD_EXCEEDED;
2373 arr[5] = 0xff;
2374 }
2375 return sizeof(ie_l_pg);
2376}
2377
2378#define SDEBUG_MAX_LSENSE_SZ 512
2379
2380static int resp_log_sense(struct scsi_cmnd *scp,
2381 struct sdebug_dev_info *devip)
2382{
2383 int ppc, sp, pcode, subpcode, alloc_len, len, n;
2384 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2385 unsigned char *cmd = scp->cmnd;
2386
2387 memset(arr, 0, sizeof(arr));
2388 ppc = cmd[1] & 0x2;
2389 sp = cmd[1] & 0x1;
2390 if (ppc || sp) {
2391 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2392 return check_condition_result;
2393 }
2394 pcode = cmd[2] & 0x3f;
2395 subpcode = cmd[3] & 0xff;
2396 alloc_len = get_unaligned_be16(cmd + 7);
2397 arr[0] = pcode;
2398 if (0 == subpcode) {
2399 switch (pcode) {
2400 case 0x0: /* Supported log pages log page */
2401 n = 4;
2402 arr[n++] = 0x0; /* this page */
2403 arr[n++] = 0xd; /* Temperature */
2404 arr[n++] = 0x2f; /* Informational exceptions */
2405 arr[3] = n - 4;
2406 break;
2407 case 0xd: /* Temperature log page */
2408 arr[3] = resp_temp_l_pg(arr + 4);
2409 break;
2410 case 0x2f: /* Informational exceptions log page */
2411 arr[3] = resp_ie_l_pg(arr + 4);
2412 break;
2413 default:
2414 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2415 return check_condition_result;
2416 }
2417 } else if (0xff == subpcode) {
2418 arr[0] |= 0x40;
2419 arr[1] = subpcode;
2420 switch (pcode) {
2421 case 0x0: /* Supported log pages and subpages log page */
2422 n = 4;
2423 arr[n++] = 0x0;
2424 arr[n++] = 0x0; /* 0,0 page */
2425 arr[n++] = 0x0;
2426 arr[n++] = 0xff; /* this page */
2427 arr[n++] = 0xd;
2428 arr[n++] = 0x0; /* Temperature */
2429 arr[n++] = 0x2f;
2430 arr[n++] = 0x0; /* Informational exceptions */
2431 arr[3] = n - 4;
2432 break;
2433 case 0xd: /* Temperature subpages */
2434 n = 4;
2435 arr[n++] = 0xd;
2436 arr[n++] = 0x0; /* Temperature */
2437 arr[3] = n - 4;
2438 break;
2439 case 0x2f: /* Informational exceptions subpages */
2440 n = 4;
2441 arr[n++] = 0x2f;
2442 arr[n++] = 0x0; /* Informational exceptions */
2443 arr[3] = n - 4;
2444 break;
2445 default:
2446 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2447 return check_condition_result;
2448 }
2449 } else {
2450 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2451 return check_condition_result;
2452 }
2453 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
2454 return fill_from_dev_buffer(scp, arr,
2455 min(len, SDEBUG_MAX_INQ_ARR_SZ));
2456}
2457
2458static inline int check_device_access_params(struct scsi_cmnd *scp,
2459 unsigned long long lba, unsigned int num, bool write)
2460{
2461 if (lba + num > sdebug_capacity) {
2462 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2463 return check_condition_result;
2464 }
2465 /* transfer length excessive (tie in to block limits VPD page) */
2466 if (num > sdebug_store_sectors) {
2467 /* needs work to find which cdb byte 'num' comes from */
2468 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2469 return check_condition_result;
2470 }
2471 if (write && unlikely(sdebug_wp)) {
2472 mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
2473 return check_condition_result;
2474 }
2475 return 0;
2476}
2477
2478/* Returns number of bytes copied or -1 if error. */
2479static int do_device_access(struct scsi_cmnd *scmd, u32 sg_skip, u64 lba,
2480 u32 num, bool do_write)
2481{
2482 int ret;
2483 u64 block, rest = 0;
2484 struct scsi_data_buffer *sdb = &scmd->sdb;
2485 enum dma_data_direction dir;
2486
2487 if (do_write) {
2488 dir = DMA_TO_DEVICE;
2489 write_since_sync = true;
2490 } else {
2491 dir = DMA_FROM_DEVICE;
2492 }
2493
2494 if (!sdb->length)
2495 return 0;
2496 if (scmd->sc_data_direction != dir)
2497 return -1;
2498
2499 block = do_div(lba, sdebug_store_sectors);
2500 if (block + num > sdebug_store_sectors)
2501 rest = block + num - sdebug_store_sectors;
2502
2503 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2504 fake_storep + (block * sdebug_sector_size),
2505 (num - rest) * sdebug_sector_size, sg_skip, do_write);
2506 if (ret != (num - rest) * sdebug_sector_size)
2507 return ret;
2508
2509 if (rest) {
2510 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2511 fake_storep, rest * sdebug_sector_size,
2512 sg_skip + ((num - rest) * sdebug_sector_size),
2513 do_write);
2514 }
2515
2516 return ret;
2517}
2518
2519/* If lba2fake_store(lba,num) compares equal to arr(num), then copy top half of
2520 * arr into lba2fake_store(lba,num) and return true. If comparison fails then
2521 * return false. */
2522static bool comp_write_worker(u64 lba, u32 num, const u8 *arr)
2523{
2524 bool res;
2525 u64 block, rest = 0;
2526 u32 store_blks = sdebug_store_sectors;
2527 u32 lb_size = sdebug_sector_size;
2528
2529 block = do_div(lba, store_blks);
2530 if (block + num > store_blks)
2531 rest = block + num - store_blks;
2532
2533 res = !memcmp(fake_storep + (block * lb_size), arr,
2534 (num - rest) * lb_size);
2535 if (!res)
2536 return res;
2537 if (rest)
2538 res = memcmp(fake_storep, arr + ((num - rest) * lb_size),
2539 rest * lb_size);
2540 if (!res)
2541 return res;
2542 arr += num * lb_size;
2543 memcpy(fake_storep + (block * lb_size), arr, (num - rest) * lb_size);
2544 if (rest)
2545 memcpy(fake_storep, arr + ((num - rest) * lb_size),
2546 rest * lb_size);
2547 return res;
2548}
2549
2550static __be16 dif_compute_csum(const void *buf, int len)
2551{
2552 __be16 csum;
2553
2554 if (sdebug_guard)
2555 csum = (__force __be16)ip_compute_csum(buf, len);
2556 else
2557 csum = cpu_to_be16(crc_t10dif(buf, len));
2558
2559 return csum;
2560}
2561
2562static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
2563 sector_t sector, u32 ei_lba)
2564{
2565 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
2566
2567 if (sdt->guard_tag != csum) {
2568 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
2569 (unsigned long)sector,
2570 be16_to_cpu(sdt->guard_tag),
2571 be16_to_cpu(csum));
2572 return 0x01;
2573 }
2574 if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
2575 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
2576 pr_err("REF check failed on sector %lu\n",
2577 (unsigned long)sector);
2578 return 0x03;
2579 }
2580 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2581 be32_to_cpu(sdt->ref_tag) != ei_lba) {
2582 pr_err("REF check failed on sector %lu\n",
2583 (unsigned long)sector);
2584 return 0x03;
2585 }
2586 return 0;
2587}
2588
2589static void dif_copy_prot(struct scsi_cmnd *SCpnt, sector_t sector,
2590 unsigned int sectors, bool read)
2591{
2592 size_t resid;
2593 void *paddr;
2594 const void *dif_store_end = dif_storep + sdebug_store_sectors;
2595 struct sg_mapping_iter miter;
2596
2597 /* Bytes of protection data to copy into sgl */
2598 resid = sectors * sizeof(*dif_storep);
2599
2600 sg_miter_start(&miter, scsi_prot_sglist(SCpnt),
2601 scsi_prot_sg_count(SCpnt), SG_MITER_ATOMIC |
2602 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
2603
2604 while (sg_miter_next(&miter) && resid > 0) {
2605 size_t len = min(miter.length, resid);
2606 void *start = dif_store(sector);
2607 size_t rest = 0;
2608
2609 if (dif_store_end < start + len)
2610 rest = start + len - dif_store_end;
2611
2612 paddr = miter.addr;
2613
2614 if (read)
2615 memcpy(paddr, start, len - rest);
2616 else
2617 memcpy(start, paddr, len - rest);
2618
2619 if (rest) {
2620 if (read)
2621 memcpy(paddr + len - rest, dif_storep, rest);
2622 else
2623 memcpy(dif_storep, paddr + len - rest, rest);
2624 }
2625
2626 sector += len / sizeof(*dif_storep);
2627 resid -= len;
2628 }
2629 sg_miter_stop(&miter);
2630}
2631
2632static int prot_verify_read(struct scsi_cmnd *SCpnt, sector_t start_sec,
2633 unsigned int sectors, u32 ei_lba)
2634{
2635 unsigned int i;
2636 struct t10_pi_tuple *sdt;
2637 sector_t sector;
2638
2639 for (i = 0; i < sectors; i++, ei_lba++) {
2640 int ret;
2641
2642 sector = start_sec + i;
2643 sdt = dif_store(sector);
2644
2645 if (sdt->app_tag == cpu_to_be16(0xffff))
2646 continue;
2647
2648 ret = dif_verify(sdt, lba2fake_store(sector), sector, ei_lba);
2649 if (ret) {
2650 dif_errors++;
2651 return ret;
2652 }
2653 }
2654
2655 dif_copy_prot(SCpnt, start_sec, sectors, true);
2656 dix_reads++;
2657
2658 return 0;
2659}
2660
2661static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2662{
2663 u8 *cmd = scp->cmnd;
2664 struct sdebug_queued_cmd *sqcp;
2665 u64 lba;
2666 u32 num;
2667 u32 ei_lba;
2668 unsigned long iflags;
2669 int ret;
2670 bool check_prot;
2671
2672 switch (cmd[0]) {
2673 case READ_16:
2674 ei_lba = 0;
2675 lba = get_unaligned_be64(cmd + 2);
2676 num = get_unaligned_be32(cmd + 10);
2677 check_prot = true;
2678 break;
2679 case READ_10:
2680 ei_lba = 0;
2681 lba = get_unaligned_be32(cmd + 2);
2682 num = get_unaligned_be16(cmd + 7);
2683 check_prot = true;
2684 break;
2685 case READ_6:
2686 ei_lba = 0;
2687 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2688 (u32)(cmd[1] & 0x1f) << 16;
2689 num = (0 == cmd[4]) ? 256 : cmd[4];
2690 check_prot = true;
2691 break;
2692 case READ_12:
2693 ei_lba = 0;
2694 lba = get_unaligned_be32(cmd + 2);
2695 num = get_unaligned_be32(cmd + 6);
2696 check_prot = true;
2697 break;
2698 case XDWRITEREAD_10:
2699 ei_lba = 0;
2700 lba = get_unaligned_be32(cmd + 2);
2701 num = get_unaligned_be16(cmd + 7);
2702 check_prot = false;
2703 break;
2704 default: /* assume READ(32) */
2705 lba = get_unaligned_be64(cmd + 12);
2706 ei_lba = get_unaligned_be32(cmd + 20);
2707 num = get_unaligned_be32(cmd + 28);
2708 check_prot = false;
2709 break;
2710 }
2711 if (unlikely(have_dif_prot && check_prot)) {
2712 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2713 (cmd[1] & 0xe0)) {
2714 mk_sense_invalid_opcode(scp);
2715 return check_condition_result;
2716 }
2717 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
2718 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
2719 (cmd[1] & 0xe0) == 0)
2720 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
2721 "to DIF device\n");
2722 }
2723 if (unlikely(sdebug_any_injecting_opt)) {
2724 sqcp = (struct sdebug_queued_cmd *)scp->host_scribble;
2725
2726 if (sqcp) {
2727 if (sqcp->inj_short)
2728 num /= 2;
2729 }
2730 } else
2731 sqcp = NULL;
2732
2733 ret = check_device_access_params(scp, lba, num, false);
2734 if (ret)
2735 return ret;
2736 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
2737 (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
2738 ((lba + num) > sdebug_medium_error_start))) {
2739 /* claim unrecoverable read error */
2740 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
2741 /* set info field and valid bit for fixed descriptor */
2742 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
2743 scp->sense_buffer[0] |= 0x80; /* Valid bit */
2744 ret = (lba < OPT_MEDIUM_ERR_ADDR)
2745 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
2746 put_unaligned_be32(ret, scp->sense_buffer + 3);
2747 }
2748 scsi_set_resid(scp, scsi_bufflen(scp));
2749 return check_condition_result;
2750 }
2751
2752 read_lock_irqsave(&atomic_rw, iflags);
2753
2754 /* DIX + T10 DIF */
2755 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2756 int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
2757
2758 if (prot_ret) {
2759 read_unlock_irqrestore(&atomic_rw, iflags);
2760 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
2761 return illegal_condition_result;
2762 }
2763 }
2764
2765 ret = do_device_access(scp, 0, lba, num, false);
2766 read_unlock_irqrestore(&atomic_rw, iflags);
2767 if (unlikely(ret == -1))
2768 return DID_ERROR << 16;
2769
2770 scsi_set_resid(scp, scsi_bufflen(scp) - ret);
2771
2772 if (unlikely(sqcp)) {
2773 if (sqcp->inj_recovered) {
2774 mk_sense_buffer(scp, RECOVERED_ERROR,
2775 THRESHOLD_EXCEEDED, 0);
2776 return check_condition_result;
2777 } else if (sqcp->inj_transport) {
2778 mk_sense_buffer(scp, ABORTED_COMMAND,
2779 TRANSPORT_PROBLEM, ACK_NAK_TO);
2780 return check_condition_result;
2781 } else if (sqcp->inj_dif) {
2782 /* Logical block guard check failed */
2783 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2784 return illegal_condition_result;
2785 } else if (sqcp->inj_dix) {
2786 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2787 return illegal_condition_result;
2788 }
2789 }
2790 return 0;
2791}
2792
2793static void dump_sector(unsigned char *buf, int len)
2794{
2795 int i, j, n;
2796
2797 pr_err(">>> Sector Dump <<<\n");
2798 for (i = 0 ; i < len ; i += 16) {
2799 char b[128];
2800
2801 for (j = 0, n = 0; j < 16; j++) {
2802 unsigned char c = buf[i+j];
2803
2804 if (c >= 0x20 && c < 0x7e)
2805 n += scnprintf(b + n, sizeof(b) - n,
2806 " %c ", buf[i+j]);
2807 else
2808 n += scnprintf(b + n, sizeof(b) - n,
2809 "%02x ", buf[i+j]);
2810 }
2811 pr_err("%04d: %s\n", i, b);
2812 }
2813}
2814
2815static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
2816 unsigned int sectors, u32 ei_lba)
2817{
2818 int ret;
2819 struct t10_pi_tuple *sdt;
2820 void *daddr;
2821 sector_t sector = start_sec;
2822 int ppage_offset;
2823 int dpage_offset;
2824 struct sg_mapping_iter diter;
2825 struct sg_mapping_iter piter;
2826
2827 BUG_ON(scsi_sg_count(SCpnt) == 0);
2828 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
2829
2830 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
2831 scsi_prot_sg_count(SCpnt),
2832 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2833 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
2834 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2835
2836 /* For each protection page */
2837 while (sg_miter_next(&piter)) {
2838 dpage_offset = 0;
2839 if (WARN_ON(!sg_miter_next(&diter))) {
2840 ret = 0x01;
2841 goto out;
2842 }
2843
2844 for (ppage_offset = 0; ppage_offset < piter.length;
2845 ppage_offset += sizeof(struct t10_pi_tuple)) {
2846 /* If we're at the end of the current
2847 * data page advance to the next one
2848 */
2849 if (dpage_offset >= diter.length) {
2850 if (WARN_ON(!sg_miter_next(&diter))) {
2851 ret = 0x01;
2852 goto out;
2853 }
2854 dpage_offset = 0;
2855 }
2856
2857 sdt = piter.addr + ppage_offset;
2858 daddr = diter.addr + dpage_offset;
2859
2860 ret = dif_verify(sdt, daddr, sector, ei_lba);
2861 if (ret) {
2862 dump_sector(daddr, sdebug_sector_size);
2863 goto out;
2864 }
2865
2866 sector++;
2867 ei_lba++;
2868 dpage_offset += sdebug_sector_size;
2869 }
2870 diter.consumed = dpage_offset;
2871 sg_miter_stop(&diter);
2872 }
2873 sg_miter_stop(&piter);
2874
2875 dif_copy_prot(SCpnt, start_sec, sectors, false);
2876 dix_writes++;
2877
2878 return 0;
2879
2880out:
2881 dif_errors++;
2882 sg_miter_stop(&diter);
2883 sg_miter_stop(&piter);
2884 return ret;
2885}
2886
2887static unsigned long lba_to_map_index(sector_t lba)
2888{
2889 if (sdebug_unmap_alignment)
2890 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
2891 sector_div(lba, sdebug_unmap_granularity);
2892 return lba;
2893}
2894
2895static sector_t map_index_to_lba(unsigned long index)
2896{
2897 sector_t lba = index * sdebug_unmap_granularity;
2898
2899 if (sdebug_unmap_alignment)
2900 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
2901 return lba;
2902}
2903
2904static unsigned int map_state(sector_t lba, unsigned int *num)
2905{
2906 sector_t end;
2907 unsigned int mapped;
2908 unsigned long index;
2909 unsigned long next;
2910
2911 index = lba_to_map_index(lba);
2912 mapped = test_bit(index, map_storep);
2913
2914 if (mapped)
2915 next = find_next_zero_bit(map_storep, map_size, index);
2916 else
2917 next = find_next_bit(map_storep, map_size, index);
2918
2919 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
2920 *num = end - lba;
2921 return mapped;
2922}
2923
2924static void map_region(sector_t lba, unsigned int len)
2925{
2926 sector_t end = lba + len;
2927
2928 while (lba < end) {
2929 unsigned long index = lba_to_map_index(lba);
2930
2931 if (index < map_size)
2932 set_bit(index, map_storep);
2933
2934 lba = map_index_to_lba(index + 1);
2935 }
2936}
2937
2938static void unmap_region(sector_t lba, unsigned int len)
2939{
2940 sector_t end = lba + len;
2941
2942 while (lba < end) {
2943 unsigned long index = lba_to_map_index(lba);
2944
2945 if (lba == map_index_to_lba(index) &&
2946 lba + sdebug_unmap_granularity <= end &&
2947 index < map_size) {
2948 clear_bit(index, map_storep);
2949 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
2950 memset(fake_storep +
2951 lba * sdebug_sector_size,
2952 (sdebug_lbprz & 1) ? 0 : 0xff,
2953 sdebug_sector_size *
2954 sdebug_unmap_granularity);
2955 }
2956 if (dif_storep) {
2957 memset(dif_storep + lba, 0xff,
2958 sizeof(*dif_storep) *
2959 sdebug_unmap_granularity);
2960 }
2961 }
2962 lba = map_index_to_lba(index + 1);
2963 }
2964}
2965
2966static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2967{
2968 u8 *cmd = scp->cmnd;
2969 u64 lba;
2970 u32 num;
2971 u32 ei_lba;
2972 unsigned long iflags;
2973 int ret;
2974 bool check_prot;
2975
2976 switch (cmd[0]) {
2977 case WRITE_16:
2978 ei_lba = 0;
2979 lba = get_unaligned_be64(cmd + 2);
2980 num = get_unaligned_be32(cmd + 10);
2981 check_prot = true;
2982 break;
2983 case WRITE_10:
2984 ei_lba = 0;
2985 lba = get_unaligned_be32(cmd + 2);
2986 num = get_unaligned_be16(cmd + 7);
2987 check_prot = true;
2988 break;
2989 case WRITE_6:
2990 ei_lba = 0;
2991 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2992 (u32)(cmd[1] & 0x1f) << 16;
2993 num = (0 == cmd[4]) ? 256 : cmd[4];
2994 check_prot = true;
2995 break;
2996 case WRITE_12:
2997 ei_lba = 0;
2998 lba = get_unaligned_be32(cmd + 2);
2999 num = get_unaligned_be32(cmd + 6);
3000 check_prot = true;
3001 break;
3002 case 0x53: /* XDWRITEREAD(10) */
3003 ei_lba = 0;
3004 lba = get_unaligned_be32(cmd + 2);
3005 num = get_unaligned_be16(cmd + 7);
3006 check_prot = false;
3007 break;
3008 default: /* assume WRITE(32) */
3009 lba = get_unaligned_be64(cmd + 12);
3010 ei_lba = get_unaligned_be32(cmd + 20);
3011 num = get_unaligned_be32(cmd + 28);
3012 check_prot = false;
3013 break;
3014 }
3015 if (unlikely(have_dif_prot && check_prot)) {
3016 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3017 (cmd[1] & 0xe0)) {
3018 mk_sense_invalid_opcode(scp);
3019 return check_condition_result;
3020 }
3021 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3022 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3023 (cmd[1] & 0xe0) == 0)
3024 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3025 "to DIF device\n");
3026 }
3027 ret = check_device_access_params(scp, lba, num, true);
3028 if (ret)
3029 return ret;
3030 write_lock_irqsave(&atomic_rw, iflags);
3031
3032 /* DIX + T10 DIF */
3033 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3034 int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
3035
3036 if (prot_ret) {
3037 write_unlock_irqrestore(&atomic_rw, iflags);
3038 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
3039 return illegal_condition_result;
3040 }
3041 }
3042
3043 ret = do_device_access(scp, 0, lba, num, true);
3044 if (unlikely(scsi_debug_lbp()))
3045 map_region(lba, num);
3046 write_unlock_irqrestore(&atomic_rw, iflags);
3047 if (unlikely(-1 == ret))
3048 return DID_ERROR << 16;
3049 else if (unlikely(sdebug_verbose &&
3050 (ret < (num * sdebug_sector_size))))
3051 sdev_printk(KERN_INFO, scp->device,
3052 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3053 my_name, num * sdebug_sector_size, ret);
3054
3055 if (unlikely(sdebug_any_injecting_opt)) {
3056 struct sdebug_queued_cmd *sqcp =
3057 (struct sdebug_queued_cmd *)scp->host_scribble;
3058
3059 if (sqcp) {
3060 if (sqcp->inj_recovered) {
3061 mk_sense_buffer(scp, RECOVERED_ERROR,
3062 THRESHOLD_EXCEEDED, 0);
3063 return check_condition_result;
3064 } else if (sqcp->inj_dif) {
3065 /* Logical block guard check failed */
3066 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3067 return illegal_condition_result;
3068 } else if (sqcp->inj_dix) {
3069 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3070 return illegal_condition_result;
3071 }
3072 }
3073 }
3074 return 0;
3075}
3076
3077/*
3078 * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
3079 * No READ GATHERED yet (requires bidi or long cdb holding gather list).
3080 */
3081static int resp_write_scat(struct scsi_cmnd *scp,
3082 struct sdebug_dev_info *devip)
3083{
3084 u8 *cmd = scp->cmnd;
3085 u8 *lrdp = NULL;
3086 u8 *up;
3087 u8 wrprotect;
3088 u16 lbdof, num_lrd, k;
3089 u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
3090 u32 lb_size = sdebug_sector_size;
3091 u32 ei_lba;
3092 u64 lba;
3093 unsigned long iflags;
3094 int ret, res;
3095 bool is_16;
3096 static const u32 lrd_size = 32; /* + parameter list header size */
3097
3098 if (cmd[0] == VARIABLE_LENGTH_CMD) {
3099 is_16 = false;
3100 wrprotect = (cmd[10] >> 5) & 0x7;
3101 lbdof = get_unaligned_be16(cmd + 12);
3102 num_lrd = get_unaligned_be16(cmd + 16);
3103 bt_len = get_unaligned_be32(cmd + 28);
3104 } else { /* that leaves WRITE SCATTERED(16) */
3105 is_16 = true;
3106 wrprotect = (cmd[2] >> 5) & 0x7;
3107 lbdof = get_unaligned_be16(cmd + 4);
3108 num_lrd = get_unaligned_be16(cmd + 8);
3109 bt_len = get_unaligned_be32(cmd + 10);
3110 if (unlikely(have_dif_prot)) {
3111 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3112 wrprotect) {
3113 mk_sense_invalid_opcode(scp);
3114 return illegal_condition_result;
3115 }
3116 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3117 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3118 wrprotect == 0)
3119 sdev_printk(KERN_ERR, scp->device,
3120 "Unprotected WR to DIF device\n");
3121 }
3122 }
3123 if ((num_lrd == 0) || (bt_len == 0))
3124 return 0; /* T10 says these do-nothings are not errors */
3125 if (lbdof == 0) {
3126 if (sdebug_verbose)
3127 sdev_printk(KERN_INFO, scp->device,
3128 "%s: %s: LB Data Offset field bad\n",
3129 my_name, __func__);
3130 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3131 return illegal_condition_result;
3132 }
3133 lbdof_blen = lbdof * lb_size;
3134 if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
3135 if (sdebug_verbose)
3136 sdev_printk(KERN_INFO, scp->device,
3137 "%s: %s: LBA range descriptors don't fit\n",
3138 my_name, __func__);
3139 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3140 return illegal_condition_result;
3141 }
3142 lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
3143 if (lrdp == NULL)
3144 return SCSI_MLQUEUE_HOST_BUSY;
3145 if (sdebug_verbose)
3146 sdev_printk(KERN_INFO, scp->device,
3147 "%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
3148 my_name, __func__, lbdof_blen);
3149 res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
3150 if (res == -1) {
3151 ret = DID_ERROR << 16;
3152 goto err_out;
3153 }
3154
3155 write_lock_irqsave(&atomic_rw, iflags);
3156 sg_off = lbdof_blen;
3157 /* Spec says Buffer xfer Length field in number of LBs in dout */
3158 cum_lb = 0;
3159 for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
3160 lba = get_unaligned_be64(up + 0);
3161 num = get_unaligned_be32(up + 8);
3162 if (sdebug_verbose)
3163 sdev_printk(KERN_INFO, scp->device,
3164 "%s: %s: k=%d LBA=0x%llx num=%u sg_off=%u\n",
3165 my_name, __func__, k, lba, num, sg_off);
3166 if (num == 0)
3167 continue;
3168 ret = check_device_access_params(scp, lba, num, true);
3169 if (ret)
3170 goto err_out_unlock;
3171 num_by = num * lb_size;
3172 ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
3173
3174 if ((cum_lb + num) > bt_len) {
3175 if (sdebug_verbose)
3176 sdev_printk(KERN_INFO, scp->device,
3177 "%s: %s: sum of blocks > data provided\n",
3178 my_name, __func__);
3179 mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
3180 0);
3181 ret = illegal_condition_result;
3182 goto err_out_unlock;
3183 }
3184
3185 /* DIX + T10 DIF */
3186 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3187 int prot_ret = prot_verify_write(scp, lba, num,
3188 ei_lba);
3189
3190 if (prot_ret) {
3191 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
3192 prot_ret);
3193 ret = illegal_condition_result;
3194 goto err_out_unlock;
3195 }
3196 }
3197
3198 ret = do_device_access(scp, sg_off, lba, num, true);
3199 if (unlikely(scsi_debug_lbp()))
3200 map_region(lba, num);
3201 if (unlikely(-1 == ret)) {
3202 ret = DID_ERROR << 16;
3203 goto err_out_unlock;
3204 } else if (unlikely(sdebug_verbose && (ret < num_by)))
3205 sdev_printk(KERN_INFO, scp->device,
3206 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3207 my_name, num_by, ret);
3208
3209 if (unlikely(sdebug_any_injecting_opt)) {
3210 struct sdebug_queued_cmd *sqcp =
3211 (struct sdebug_queued_cmd *)scp->host_scribble;
3212
3213 if (sqcp) {
3214 if (sqcp->inj_recovered) {
3215 mk_sense_buffer(scp, RECOVERED_ERROR,
3216 THRESHOLD_EXCEEDED, 0);
3217 ret = illegal_condition_result;
3218 goto err_out_unlock;
3219 } else if (sqcp->inj_dif) {
3220 /* Logical block guard check failed */
3221 mk_sense_buffer(scp, ABORTED_COMMAND,
3222 0x10, 1);
3223 ret = illegal_condition_result;
3224 goto err_out_unlock;
3225 } else if (sqcp->inj_dix) {
3226 mk_sense_buffer(scp, ILLEGAL_REQUEST,
3227 0x10, 1);
3228 ret = illegal_condition_result;
3229 goto err_out_unlock;
3230 }
3231 }
3232 }
3233 sg_off += num_by;
3234 cum_lb += num;
3235 }
3236 ret = 0;
3237err_out_unlock:
3238 write_unlock_irqrestore(&atomic_rw, iflags);
3239err_out:
3240 kfree(lrdp);
3241 return ret;
3242}
3243
3244static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
3245 u32 ei_lba, bool unmap, bool ndob)
3246{
3247 int ret;
3248 unsigned long iflags;
3249 unsigned long long i;
3250 u32 lb_size = sdebug_sector_size;
3251 u64 block, lbaa;
3252 u8 *fs1p;
3253
3254 ret = check_device_access_params(scp, lba, num, true);
3255 if (ret)
3256 return ret;
3257
3258 write_lock_irqsave(&atomic_rw, iflags);
3259
3260 if (unmap && scsi_debug_lbp()) {
3261 unmap_region(lba, num);
3262 goto out;
3263 }
3264 lbaa = lba;
3265 block = do_div(lbaa, sdebug_store_sectors);
3266 /* if ndob then zero 1 logical block, else fetch 1 logical block */
3267 fs1p = fake_storep + (block * lb_size);
3268 if (ndob) {
3269 memset(fs1p, 0, lb_size);
3270 ret = 0;
3271 } else
3272 ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
3273
3274 if (-1 == ret) {
3275 write_unlock_irqrestore(&atomic_rw, iflags);
3276 return DID_ERROR << 16;
3277 } else if (sdebug_verbose && !ndob && (ret < lb_size))
3278 sdev_printk(KERN_INFO, scp->device,
3279 "%s: %s: lb size=%u, IO sent=%d bytes\n",
3280 my_name, "write same", lb_size, ret);
3281
3282 /* Copy first sector to remaining blocks */
3283 for (i = 1 ; i < num ; i++) {
3284 lbaa = lba + i;
3285 block = do_div(lbaa, sdebug_store_sectors);
3286 memmove(fake_storep + (block * lb_size), fs1p, lb_size);
3287 }
3288 if (scsi_debug_lbp())
3289 map_region(lba, num);
3290out:
3291 write_unlock_irqrestore(&atomic_rw, iflags);
3292
3293 return 0;
3294}
3295
3296static int resp_write_same_10(struct scsi_cmnd *scp,
3297 struct sdebug_dev_info *devip)
3298{
3299 u8 *cmd = scp->cmnd;
3300 u32 lba;
3301 u16 num;
3302 u32 ei_lba = 0;
3303 bool unmap = false;
3304
3305 if (cmd[1] & 0x8) {
3306 if (sdebug_lbpws10 == 0) {
3307 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3308 return check_condition_result;
3309 } else
3310 unmap = true;
3311 }
3312 lba = get_unaligned_be32(cmd + 2);
3313 num = get_unaligned_be16(cmd + 7);
3314 if (num > sdebug_write_same_length) {
3315 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3316 return check_condition_result;
3317 }
3318 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3319}
3320
3321static int resp_write_same_16(struct scsi_cmnd *scp,
3322 struct sdebug_dev_info *devip)
3323{
3324 u8 *cmd = scp->cmnd;
3325 u64 lba;
3326 u32 num;
3327 u32 ei_lba = 0;
3328 bool unmap = false;
3329 bool ndob = false;
3330
3331 if (cmd[1] & 0x8) { /* UNMAP */
3332 if (sdebug_lbpws == 0) {
3333 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3334 return check_condition_result;
3335 } else
3336 unmap = true;
3337 }
3338 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
3339 ndob = true;
3340 lba = get_unaligned_be64(cmd + 2);
3341 num = get_unaligned_be32(cmd + 10);
3342 if (num > sdebug_write_same_length) {
3343 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3344 return check_condition_result;
3345 }
3346 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3347}
3348
3349/* Note the mode field is in the same position as the (lower) service action
3350 * field. For the Report supported operation codes command, SPC-4 suggests
3351 * each mode of this command should be reported separately; for future. */
3352static int resp_write_buffer(struct scsi_cmnd *scp,
3353 struct sdebug_dev_info *devip)
3354{
3355 u8 *cmd = scp->cmnd;
3356 struct scsi_device *sdp = scp->device;
3357 struct sdebug_dev_info *dp;
3358 u8 mode;
3359
3360 mode = cmd[1] & 0x1f;
3361 switch (mode) {
3362 case 0x4: /* download microcode (MC) and activate (ACT) */
3363 /* set UAs on this device only */
3364 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3365 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3366 break;
3367 case 0x5: /* download MC, save and ACT */
3368 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3369 break;
3370 case 0x6: /* download MC with offsets and ACT */
3371 /* set UAs on most devices (LUs) in this target */
3372 list_for_each_entry(dp,
3373 &devip->sdbg_host->dev_info_list,
3374 dev_list)
3375 if (dp->target == sdp->id) {
3376 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3377 if (devip != dp)
3378 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3379 dp->uas_bm);
3380 }
3381 break;
3382 case 0x7: /* download MC with offsets, save, and ACT */
3383 /* set UA on all devices (LUs) in this target */
3384 list_for_each_entry(dp,
3385 &devip->sdbg_host->dev_info_list,
3386 dev_list)
3387 if (dp->target == sdp->id)
3388 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3389 dp->uas_bm);
3390 break;
3391 default:
3392 /* do nothing for this command for other mode values */
3393 break;
3394 }
3395 return 0;
3396}
3397
3398static int resp_comp_write(struct scsi_cmnd *scp,
3399 struct sdebug_dev_info *devip)
3400{
3401 u8 *cmd = scp->cmnd;
3402 u8 *arr;
3403 u8 *fake_storep_hold;
3404 u64 lba;
3405 u32 dnum;
3406 u32 lb_size = sdebug_sector_size;
3407 u8 num;
3408 unsigned long iflags;
3409 int ret;
3410 int retval = 0;
3411
3412 lba = get_unaligned_be64(cmd + 2);
3413 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
3414 if (0 == num)
3415 return 0; /* degenerate case, not an error */
3416 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3417 (cmd[1] & 0xe0)) {
3418 mk_sense_invalid_opcode(scp);
3419 return check_condition_result;
3420 }
3421 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3422 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3423 (cmd[1] & 0xe0) == 0)
3424 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3425 "to DIF device\n");
3426 ret = check_device_access_params(scp, lba, num, false);
3427 if (ret)
3428 return ret;
3429 dnum = 2 * num;
3430 arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
3431 if (NULL == arr) {
3432 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3433 INSUFF_RES_ASCQ);
3434 return check_condition_result;
3435 }
3436
3437 write_lock_irqsave(&atomic_rw, iflags);
3438
3439 /* trick do_device_access() to fetch both compare and write buffers
3440 * from data-in into arr. Safe (atomic) since write_lock held. */
3441 fake_storep_hold = fake_storep;
3442 fake_storep = arr;
3443 ret = do_device_access(scp, 0, 0, dnum, true);
3444 fake_storep = fake_storep_hold;
3445 if (ret == -1) {
3446 retval = DID_ERROR << 16;
3447 goto cleanup;
3448 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3449 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3450 "indicated=%u, IO sent=%d bytes\n", my_name,
3451 dnum * lb_size, ret);
3452 if (!comp_write_worker(lba, num, arr)) {
3453 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3454 retval = check_condition_result;
3455 goto cleanup;
3456 }
3457 if (scsi_debug_lbp())
3458 map_region(lba, num);
3459cleanup:
3460 write_unlock_irqrestore(&atomic_rw, iflags);
3461 kfree(arr);
3462 return retval;
3463}
3464
3465struct unmap_block_desc {
3466 __be64 lba;
3467 __be32 blocks;
3468 __be32 __reserved;
3469};
3470
3471static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3472{
3473 unsigned char *buf;
3474 struct unmap_block_desc *desc;
3475 unsigned int i, payload_len, descriptors;
3476 int ret;
3477 unsigned long iflags;
3478
3479
3480 if (!scsi_debug_lbp())
3481 return 0; /* fib and say its done */
3482 payload_len = get_unaligned_be16(scp->cmnd + 7);
3483 BUG_ON(scsi_bufflen(scp) != payload_len);
3484
3485 descriptors = (payload_len - 8) / 16;
3486 if (descriptors > sdebug_unmap_max_desc) {
3487 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3488 return check_condition_result;
3489 }
3490
3491 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3492 if (!buf) {
3493 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3494 INSUFF_RES_ASCQ);
3495 return check_condition_result;
3496 }
3497
3498 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3499
3500 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3501 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3502
3503 desc = (void *)&buf[8];
3504
3505 write_lock_irqsave(&atomic_rw, iflags);
3506
3507 for (i = 0 ; i < descriptors ; i++) {
3508 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3509 unsigned int num = get_unaligned_be32(&desc[i].blocks);
3510
3511 ret = check_device_access_params(scp, lba, num, true);
3512 if (ret)
3513 goto out;
3514
3515 unmap_region(lba, num);
3516 }
3517
3518 ret = 0;
3519
3520out:
3521 write_unlock_irqrestore(&atomic_rw, iflags);
3522 kfree(buf);
3523
3524 return ret;
3525}
3526
3527#define SDEBUG_GET_LBA_STATUS_LEN 32
3528
3529static int resp_get_lba_status(struct scsi_cmnd *scp,
3530 struct sdebug_dev_info *devip)
3531{
3532 u8 *cmd = scp->cmnd;
3533 u64 lba;
3534 u32 alloc_len, mapped, num;
3535 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3536 int ret;
3537
3538 lba = get_unaligned_be64(cmd + 2);
3539 alloc_len = get_unaligned_be32(cmd + 10);
3540
3541 if (alloc_len < 24)
3542 return 0;
3543
3544 ret = check_device_access_params(scp, lba, 1, false);
3545 if (ret)
3546 return ret;
3547
3548 if (scsi_debug_lbp())
3549 mapped = map_state(lba, &num);
3550 else {
3551 mapped = 1;
3552 /* following just in case virtual_gb changed */
3553 sdebug_capacity = get_sdebug_capacity();
3554 if (sdebug_capacity - lba <= 0xffffffff)
3555 num = sdebug_capacity - lba;
3556 else
3557 num = 0xffffffff;
3558 }
3559
3560 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
3561 put_unaligned_be32(20, arr); /* Parameter Data Length */
3562 put_unaligned_be64(lba, arr + 8); /* LBA */
3563 put_unaligned_be32(num, arr + 16); /* Number of blocks */
3564 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
3565
3566 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
3567}
3568
3569static int resp_sync_cache(struct scsi_cmnd *scp,
3570 struct sdebug_dev_info *devip)
3571{
3572 int res = 0;
3573 u64 lba;
3574 u32 num_blocks;
3575 u8 *cmd = scp->cmnd;
3576
3577 if (cmd[0] == SYNCHRONIZE_CACHE) { /* 10 byte cdb */
3578 lba = get_unaligned_be32(cmd + 2);
3579 num_blocks = get_unaligned_be16(cmd + 7);
3580 } else { /* SYNCHRONIZE_CACHE(16) */
3581 lba = get_unaligned_be64(cmd + 2);
3582 num_blocks = get_unaligned_be32(cmd + 10);
3583 }
3584 if (lba + num_blocks > sdebug_capacity) {
3585 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3586 return check_condition_result;
3587 }
3588 if (!write_since_sync || cmd[1] & 0x2)
3589 res = SDEG_RES_IMMED_MASK;
3590 else /* delay if write_since_sync and IMMED clear */
3591 write_since_sync = false;
3592 return res;
3593}
3594
3595#define RL_BUCKET_ELEMS 8
3596
3597/* Even though each pseudo target has a REPORT LUNS "well known logical unit"
3598 * (W-LUN), the normal Linux scanning logic does not associate it with a
3599 * device (e.g. /dev/sg7). The following magic will make that association:
3600 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
3601 * where <n> is a host number. If there are multiple targets in a host then
3602 * the above will associate a W-LUN to each target. To only get a W-LUN
3603 * for target 2, then use "echo '- 2 49409' > scan" .
3604 */
3605static int resp_report_luns(struct scsi_cmnd *scp,
3606 struct sdebug_dev_info *devip)
3607{
3608 unsigned char *cmd = scp->cmnd;
3609 unsigned int alloc_len;
3610 unsigned char select_report;
3611 u64 lun;
3612 struct scsi_lun *lun_p;
3613 u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
3614 unsigned int lun_cnt; /* normal LUN count (max: 256) */
3615 unsigned int wlun_cnt; /* report luns W-LUN count */
3616 unsigned int tlun_cnt; /* total LUN count */
3617 unsigned int rlen; /* response length (in bytes) */
3618 int k, j, n, res;
3619 unsigned int off_rsp = 0;
3620 const int sz_lun = sizeof(struct scsi_lun);
3621
3622 clear_luns_changed_on_target(devip);
3623
3624 select_report = cmd[2];
3625 alloc_len = get_unaligned_be32(cmd + 6);
3626
3627 if (alloc_len < 4) {
3628 pr_err("alloc len too small %d\n", alloc_len);
3629 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
3630 return check_condition_result;
3631 }
3632
3633 switch (select_report) {
3634 case 0: /* all LUNs apart from W-LUNs */
3635 lun_cnt = sdebug_max_luns;
3636 wlun_cnt = 0;
3637 break;
3638 case 1: /* only W-LUNs */
3639 lun_cnt = 0;
3640 wlun_cnt = 1;
3641 break;
3642 case 2: /* all LUNs */
3643 lun_cnt = sdebug_max_luns;
3644 wlun_cnt = 1;
3645 break;
3646 case 0x10: /* only administrative LUs */
3647 case 0x11: /* see SPC-5 */
3648 case 0x12: /* only subsiduary LUs owned by referenced LU */
3649 default:
3650 pr_debug("select report invalid %d\n", select_report);
3651 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
3652 return check_condition_result;
3653 }
3654
3655 if (sdebug_no_lun_0 && (lun_cnt > 0))
3656 --lun_cnt;
3657
3658 tlun_cnt = lun_cnt + wlun_cnt;
3659 rlen = tlun_cnt * sz_lun; /* excluding 8 byte header */
3660 scsi_set_resid(scp, scsi_bufflen(scp));
3661 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
3662 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
3663
3664 /* loops rely on sizeof response header same as sizeof lun (both 8) */
3665 lun = sdebug_no_lun_0 ? 1 : 0;
3666 for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
3667 memset(arr, 0, sizeof(arr));
3668 lun_p = (struct scsi_lun *)&arr[0];
3669 if (k == 0) {
3670 put_unaligned_be32(rlen, &arr[0]);
3671 ++lun_p;
3672 j = 1;
3673 }
3674 for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
3675 if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
3676 break;
3677 int_to_scsilun(lun++, lun_p);
3678 }
3679 if (j < RL_BUCKET_ELEMS)
3680 break;
3681 n = j * sz_lun;
3682 res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
3683 if (res)
3684 return res;
3685 off_rsp += n;
3686 }
3687 if (wlun_cnt) {
3688 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
3689 ++j;
3690 }
3691 if (j > 0)
3692 res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
3693 return res;
3694}
3695
3696static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
3697{
3698 u32 tag = blk_mq_unique_tag(cmnd->request);
3699 u16 hwq = blk_mq_unique_tag_to_hwq(tag);
3700
3701 pr_debug("tag=%#x, hwq=%d\n", tag, hwq);
3702 if (WARN_ON_ONCE(hwq >= submit_queues))
3703 hwq = 0;
3704 return sdebug_q_arr + hwq;
3705}
3706
3707/* Queued (deferred) command completions converge here. */
3708static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
3709{
3710 bool aborted = sd_dp->aborted;
3711 int qc_idx;
3712 int retiring = 0;
3713 unsigned long iflags;
3714 struct sdebug_queue *sqp;
3715 struct sdebug_queued_cmd *sqcp;
3716 struct scsi_cmnd *scp;
3717 struct sdebug_dev_info *devip;
3718
3719 sd_dp->defer_t = SDEB_DEFER_NONE;
3720 if (unlikely(aborted))
3721 sd_dp->aborted = false;
3722 qc_idx = sd_dp->qc_idx;
3723 sqp = sdebug_q_arr + sd_dp->sqa_idx;
3724 if (sdebug_statistics) {
3725 atomic_inc(&sdebug_completions);
3726 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
3727 atomic_inc(&sdebug_miss_cpus);
3728 }
3729 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
3730 pr_err("wild qc_idx=%d\n", qc_idx);
3731 return;
3732 }
3733 spin_lock_irqsave(&sqp->qc_lock, iflags);
3734 sqcp = &sqp->qc_arr[qc_idx];
3735 scp = sqcp->a_cmnd;
3736 if (unlikely(scp == NULL)) {
3737 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3738 pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d\n",
3739 sd_dp->sqa_idx, qc_idx);
3740 return;
3741 }
3742 devip = (struct sdebug_dev_info *)scp->device->hostdata;
3743 if (likely(devip))
3744 atomic_dec(&devip->num_in_q);
3745 else
3746 pr_err("devip=NULL\n");
3747 if (unlikely(atomic_read(&retired_max_queue) > 0))
3748 retiring = 1;
3749
3750 sqcp->a_cmnd = NULL;
3751 if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
3752 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3753 pr_err("Unexpected completion\n");
3754 return;
3755 }
3756
3757 if (unlikely(retiring)) { /* user has reduced max_queue */
3758 int k, retval;
3759
3760 retval = atomic_read(&retired_max_queue);
3761 if (qc_idx >= retval) {
3762 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3763 pr_err("index %d too large\n", retval);
3764 return;
3765 }
3766 k = find_last_bit(sqp->in_use_bm, retval);
3767 if ((k < sdebug_max_queue) || (k == retval))
3768 atomic_set(&retired_max_queue, 0);
3769 else
3770 atomic_set(&retired_max_queue, k + 1);
3771 }
3772 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3773 if (unlikely(aborted)) {
3774 if (sdebug_verbose)
3775 pr_info("bypassing scsi_done() due to aborted cmd\n");
3776 return;
3777 }
3778 scp->scsi_done(scp); /* callback to mid level */
3779}
3780
3781/* When high resolution timer goes off this function is called. */
3782static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
3783{
3784 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
3785 hrt);
3786 sdebug_q_cmd_complete(sd_dp);
3787 return HRTIMER_NORESTART;
3788}
3789
3790/* When work queue schedules work, it calls this function. */
3791static void sdebug_q_cmd_wq_complete(struct work_struct *work)
3792{
3793 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
3794 ew.work);
3795 sdebug_q_cmd_complete(sd_dp);
3796}
3797
3798static bool got_shared_uuid;
3799static uuid_t shared_uuid;
3800
3801static struct sdebug_dev_info *sdebug_device_create(
3802 struct sdebug_host_info *sdbg_host, gfp_t flags)
3803{
3804 struct sdebug_dev_info *devip;
3805
3806 devip = kzalloc(sizeof(*devip), flags);
3807 if (devip) {
3808 if (sdebug_uuid_ctl == 1)
3809 uuid_gen(&devip->lu_name);
3810 else if (sdebug_uuid_ctl == 2) {
3811 if (got_shared_uuid)
3812 devip->lu_name = shared_uuid;
3813 else {
3814 uuid_gen(&shared_uuid);
3815 got_shared_uuid = true;
3816 devip->lu_name = shared_uuid;
3817 }
3818 }
3819 devip->sdbg_host = sdbg_host;
3820 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
3821 }
3822 return devip;
3823}
3824
3825static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
3826{
3827 struct sdebug_host_info *sdbg_host;
3828 struct sdebug_dev_info *open_devip = NULL;
3829 struct sdebug_dev_info *devip;
3830
3831 sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
3832 if (!sdbg_host) {
3833 pr_err("Host info NULL\n");
3834 return NULL;
3835 }
3836 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
3837 if ((devip->used) && (devip->channel == sdev->channel) &&
3838 (devip->target == sdev->id) &&
3839 (devip->lun == sdev->lun))
3840 return devip;
3841 else {
3842 if ((!devip->used) && (!open_devip))
3843 open_devip = devip;
3844 }
3845 }
3846 if (!open_devip) { /* try and make a new one */
3847 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
3848 if (!open_devip) {
3849 pr_err("out of memory at line %d\n", __LINE__);
3850 return NULL;
3851 }
3852 }
3853
3854 open_devip->channel = sdev->channel;
3855 open_devip->target = sdev->id;
3856 open_devip->lun = sdev->lun;
3857 open_devip->sdbg_host = sdbg_host;
3858 atomic_set(&open_devip->num_in_q, 0);
3859 set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
3860 open_devip->used = true;
3861 return open_devip;
3862}
3863
3864static int scsi_debug_slave_alloc(struct scsi_device *sdp)
3865{
3866 if (sdebug_verbose)
3867 pr_info("slave_alloc <%u %u %u %llu>\n",
3868 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3869 return 0;
3870}
3871
3872static int scsi_debug_slave_configure(struct scsi_device *sdp)
3873{
3874 struct sdebug_dev_info *devip =
3875 (struct sdebug_dev_info *)sdp->hostdata;
3876
3877 if (sdebug_verbose)
3878 pr_info("slave_configure <%u %u %u %llu>\n",
3879 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3880 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
3881 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
3882 if (devip == NULL) {
3883 devip = find_build_dev_info(sdp);
3884 if (devip == NULL)
3885 return 1; /* no resources, will be marked offline */
3886 }
3887 sdp->hostdata = devip;
3888 if (sdebug_no_uld)
3889 sdp->no_uld_attach = 1;
3890 config_cdb_len(sdp);
3891 return 0;
3892}
3893
3894static void scsi_debug_slave_destroy(struct scsi_device *sdp)
3895{
3896 struct sdebug_dev_info *devip =
3897 (struct sdebug_dev_info *)sdp->hostdata;
3898
3899 if (sdebug_verbose)
3900 pr_info("slave_destroy <%u %u %u %llu>\n",
3901 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3902 if (devip) {
3903 /* make this slot available for re-use */
3904 devip->used = false;
3905 sdp->hostdata = NULL;
3906 }
3907}
3908
3909static void stop_qc_helper(struct sdebug_defer *sd_dp,
3910 enum sdeb_defer_type defer_t)
3911{
3912 if (!sd_dp)
3913 return;
3914 if (defer_t == SDEB_DEFER_HRT)
3915 hrtimer_cancel(&sd_dp->hrt);
3916 else if (defer_t == SDEB_DEFER_WQ)
3917 cancel_work_sync(&sd_dp->ew.work);
3918}
3919
3920/* If @cmnd found deletes its timer or work queue and returns true; else
3921 returns false */
3922static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
3923{
3924 unsigned long iflags;
3925 int j, k, qmax, r_qmax;
3926 enum sdeb_defer_type l_defer_t;
3927 struct sdebug_queue *sqp;
3928 struct sdebug_queued_cmd *sqcp;
3929 struct sdebug_dev_info *devip;
3930 struct sdebug_defer *sd_dp;
3931
3932 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3933 spin_lock_irqsave(&sqp->qc_lock, iflags);
3934 qmax = sdebug_max_queue;
3935 r_qmax = atomic_read(&retired_max_queue);
3936 if (r_qmax > qmax)
3937 qmax = r_qmax;
3938 for (k = 0; k < qmax; ++k) {
3939 if (test_bit(k, sqp->in_use_bm)) {
3940 sqcp = &sqp->qc_arr[k];
3941 if (cmnd != sqcp->a_cmnd)
3942 continue;
3943 /* found */
3944 devip = (struct sdebug_dev_info *)
3945 cmnd->device->hostdata;
3946 if (devip)
3947 atomic_dec(&devip->num_in_q);
3948 sqcp->a_cmnd = NULL;
3949 sd_dp = sqcp->sd_dp;
3950 if (sd_dp) {
3951 l_defer_t = sd_dp->defer_t;
3952 sd_dp->defer_t = SDEB_DEFER_NONE;
3953 } else
3954 l_defer_t = SDEB_DEFER_NONE;
3955 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3956 stop_qc_helper(sd_dp, l_defer_t);
3957 clear_bit(k, sqp->in_use_bm);
3958 return true;
3959 }
3960 }
3961 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3962 }
3963 return false;
3964}
3965
3966/* Deletes (stops) timers or work queues of all queued commands */
3967static void stop_all_queued(void)
3968{
3969 unsigned long iflags;
3970 int j, k;
3971 enum sdeb_defer_type l_defer_t;
3972 struct sdebug_queue *sqp;
3973 struct sdebug_queued_cmd *sqcp;
3974 struct sdebug_dev_info *devip;
3975 struct sdebug_defer *sd_dp;
3976
3977 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3978 spin_lock_irqsave(&sqp->qc_lock, iflags);
3979 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3980 if (test_bit(k, sqp->in_use_bm)) {
3981 sqcp = &sqp->qc_arr[k];
3982 if (sqcp->a_cmnd == NULL)
3983 continue;
3984 devip = (struct sdebug_dev_info *)
3985 sqcp->a_cmnd->device->hostdata;
3986 if (devip)
3987 atomic_dec(&devip->num_in_q);
3988 sqcp->a_cmnd = NULL;
3989 sd_dp = sqcp->sd_dp;
3990 if (sd_dp) {
3991 l_defer_t = sd_dp->defer_t;
3992 sd_dp->defer_t = SDEB_DEFER_NONE;
3993 } else
3994 l_defer_t = SDEB_DEFER_NONE;
3995 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3996 stop_qc_helper(sd_dp, l_defer_t);
3997 clear_bit(k, sqp->in_use_bm);
3998 spin_lock_irqsave(&sqp->qc_lock, iflags);
3999 }
4000 }
4001 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4002 }
4003}
4004
4005/* Free queued command memory on heap */
4006static void free_all_queued(void)
4007{
4008 int j, k;
4009 struct sdebug_queue *sqp;
4010 struct sdebug_queued_cmd *sqcp;
4011
4012 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
4013 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
4014 sqcp = &sqp->qc_arr[k];
4015 kfree(sqcp->sd_dp);
4016 sqcp->sd_dp = NULL;
4017 }
4018 }
4019}
4020
4021static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
4022{
4023 bool ok;
4024
4025 ++num_aborts;
4026 if (SCpnt) {
4027 ok = stop_queued_cmnd(SCpnt);
4028 if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
4029 sdev_printk(KERN_INFO, SCpnt->device,
4030 "%s: command%s found\n", __func__,
4031 ok ? "" : " not");
4032 }
4033 return SUCCESS;
4034}
4035
4036static int scsi_debug_device_reset(struct scsi_cmnd *SCpnt)
4037{
4038 ++num_dev_resets;
4039 if (SCpnt && SCpnt->device) {
4040 struct scsi_device *sdp = SCpnt->device;
4041 struct sdebug_dev_info *devip =
4042 (struct sdebug_dev_info *)sdp->hostdata;
4043
4044 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
4045 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
4046 if (devip)
4047 set_bit(SDEBUG_UA_POR, devip->uas_bm);
4048 }
4049 return SUCCESS;
4050}
4051
4052static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
4053{
4054 struct sdebug_host_info *sdbg_host;
4055 struct sdebug_dev_info *devip;
4056 struct scsi_device *sdp;
4057 struct Scsi_Host *hp;
4058 int k = 0;
4059
4060 ++num_target_resets;
4061 if (!SCpnt)
4062 goto lie;
4063 sdp = SCpnt->device;
4064 if (!sdp)
4065 goto lie;
4066 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
4067 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
4068 hp = sdp->host;
4069 if (!hp)
4070 goto lie;
4071 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
4072 if (sdbg_host) {
4073 list_for_each_entry(devip,
4074 &sdbg_host->dev_info_list,
4075 dev_list)
4076 if (devip->target == sdp->id) {
4077 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4078 ++k;
4079 }
4080 }
4081 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
4082 sdev_printk(KERN_INFO, sdp,
4083 "%s: %d device(s) found in target\n", __func__, k);
4084lie:
4085 return SUCCESS;
4086}
4087
4088static int scsi_debug_bus_reset(struct scsi_cmnd *SCpnt)
4089{
4090 struct sdebug_host_info *sdbg_host;
4091 struct sdebug_dev_info *devip;
4092 struct scsi_device *sdp;
4093 struct Scsi_Host *hp;
4094 int k = 0;
4095
4096 ++num_bus_resets;
4097 if (!(SCpnt && SCpnt->device))
4098 goto lie;
4099 sdp = SCpnt->device;
4100 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
4101 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
4102 hp = sdp->host;
4103 if (hp) {
4104 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
4105 if (sdbg_host) {
4106 list_for_each_entry(devip,
4107 &sdbg_host->dev_info_list,
4108 dev_list) {
4109 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4110 ++k;
4111 }
4112 }
4113 }
4114 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
4115 sdev_printk(KERN_INFO, sdp,
4116 "%s: %d device(s) found in host\n", __func__, k);
4117lie:
4118 return SUCCESS;
4119}
4120
4121static int scsi_debug_host_reset(struct scsi_cmnd *SCpnt)
4122{
4123 struct sdebug_host_info *sdbg_host;
4124 struct sdebug_dev_info *devip;
4125 int k = 0;
4126
4127 ++num_host_resets;
4128 if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
4129 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
4130 spin_lock(&sdebug_host_list_lock);
4131 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
4132 list_for_each_entry(devip, &sdbg_host->dev_info_list,
4133 dev_list) {
4134 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4135 ++k;
4136 }
4137 }
4138 spin_unlock(&sdebug_host_list_lock);
4139 stop_all_queued();
4140 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
4141 sdev_printk(KERN_INFO, SCpnt->device,
4142 "%s: %d device(s) found\n", __func__, k);
4143 return SUCCESS;
4144}
4145
4146static void __init sdebug_build_parts(unsigned char *ramp,
4147 unsigned long store_size)
4148{
4149 struct partition *pp;
4150 int starts[SDEBUG_MAX_PARTS + 2];
4151 int sectors_per_part, num_sectors, k;
4152 int heads_by_sects, start_sec, end_sec;
4153
4154 /* assume partition table already zeroed */
4155 if ((sdebug_num_parts < 1) || (store_size < 1048576))
4156 return;
4157 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
4158 sdebug_num_parts = SDEBUG_MAX_PARTS;
4159 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
4160 }
4161 num_sectors = (int)sdebug_store_sectors;
4162 sectors_per_part = (num_sectors - sdebug_sectors_per)
4163 / sdebug_num_parts;
4164 heads_by_sects = sdebug_heads * sdebug_sectors_per;
4165 starts[0] = sdebug_sectors_per;
4166 for (k = 1; k < sdebug_num_parts; ++k)
4167 starts[k] = ((k * sectors_per_part) / heads_by_sects)
4168 * heads_by_sects;
4169 starts[sdebug_num_parts] = num_sectors;
4170 starts[sdebug_num_parts + 1] = 0;
4171
4172 ramp[510] = 0x55; /* magic partition markings */
4173 ramp[511] = 0xAA;
4174 pp = (struct partition *)(ramp + 0x1be);
4175 for (k = 0; starts[k + 1]; ++k, ++pp) {
4176 start_sec = starts[k];
4177 end_sec = starts[k + 1] - 1;
4178 pp->boot_ind = 0;
4179
4180 pp->cyl = start_sec / heads_by_sects;
4181 pp->head = (start_sec - (pp->cyl * heads_by_sects))
4182 / sdebug_sectors_per;
4183 pp->sector = (start_sec % sdebug_sectors_per) + 1;
4184
4185 pp->end_cyl = end_sec / heads_by_sects;
4186 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
4187 / sdebug_sectors_per;
4188 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
4189
4190 pp->start_sect = cpu_to_le32(start_sec);
4191 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
4192 pp->sys_ind = 0x83; /* plain Linux partition */
4193 }
4194}
4195
4196static void block_unblock_all_queues(bool block)
4197{
4198 int j;
4199 struct sdebug_queue *sqp;
4200
4201 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
4202 atomic_set(&sqp->blocked, (int)block);
4203}
4204
4205/* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
4206 * commands will be processed normally before triggers occur.
4207 */
4208static void tweak_cmnd_count(void)
4209{
4210 int count, modulo;
4211
4212 modulo = abs(sdebug_every_nth);
4213 if (modulo < 2)
4214 return;
4215 block_unblock_all_queues(true);
4216 count = atomic_read(&sdebug_cmnd_count);
4217 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
4218 block_unblock_all_queues(false);
4219}
4220
4221static void clear_queue_stats(void)
4222{
4223 atomic_set(&sdebug_cmnd_count, 0);
4224 atomic_set(&sdebug_completions, 0);
4225 atomic_set(&sdebug_miss_cpus, 0);
4226 atomic_set(&sdebug_a_tsf, 0);
4227}
4228
4229static void setup_inject(struct sdebug_queue *sqp,
4230 struct sdebug_queued_cmd *sqcp)
4231{
4232 if ((atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0) {
4233 if (sdebug_every_nth > 0)
4234 sqcp->inj_recovered = sqcp->inj_transport
4235 = sqcp->inj_dif
4236 = sqcp->inj_dix = sqcp->inj_short
4237 = sqcp->inj_host_busy = sqcp->inj_cmd_abort = 0;
4238 return;
4239 }
4240 sqcp->inj_recovered = !!(SDEBUG_OPT_RECOVERED_ERR & sdebug_opts);
4241 sqcp->inj_transport = !!(SDEBUG_OPT_TRANSPORT_ERR & sdebug_opts);
4242 sqcp->inj_dif = !!(SDEBUG_OPT_DIF_ERR & sdebug_opts);
4243 sqcp->inj_dix = !!(SDEBUG_OPT_DIX_ERR & sdebug_opts);
4244 sqcp->inj_short = !!(SDEBUG_OPT_SHORT_TRANSFER & sdebug_opts);
4245 sqcp->inj_host_busy = !!(SDEBUG_OPT_HOST_BUSY & sdebug_opts);
4246 sqcp->inj_cmd_abort = !!(SDEBUG_OPT_CMD_ABORT & sdebug_opts);
4247}
4248
4249/* Complete the processing of the thread that queued a SCSI command to this
4250 * driver. It either completes the command by calling cmnd_done() or
4251 * schedules a hr timer or work queue then returns 0. Returns
4252 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
4253 */
4254static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
4255 int scsi_result,
4256 int (*pfp)(struct scsi_cmnd *,
4257 struct sdebug_dev_info *),
4258 int delta_jiff, int ndelay)
4259{
4260 unsigned long iflags;
4261 int k, num_in_q, qdepth, inject;
4262 struct sdebug_queue *sqp;
4263 struct sdebug_queued_cmd *sqcp;
4264 struct scsi_device *sdp;
4265 struct sdebug_defer *sd_dp;
4266
4267 if (unlikely(devip == NULL)) {
4268 if (scsi_result == 0)
4269 scsi_result = DID_NO_CONNECT << 16;
4270 goto respond_in_thread;
4271 }
4272 sdp = cmnd->device;
4273
4274 if (delta_jiff == 0)
4275 goto respond_in_thread;
4276
4277 /* schedule the response at a later time if resources permit */
4278 sqp = get_queue(cmnd);
4279 spin_lock_irqsave(&sqp->qc_lock, iflags);
4280 if (unlikely(atomic_read(&sqp->blocked))) {
4281 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4282 return SCSI_MLQUEUE_HOST_BUSY;
4283 }
4284 num_in_q = atomic_read(&devip->num_in_q);
4285 qdepth = cmnd->device->queue_depth;
4286 inject = 0;
4287 if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
4288 if (scsi_result) {
4289 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4290 goto respond_in_thread;
4291 } else
4292 scsi_result = device_qfull_result;
4293 } else if (unlikely(sdebug_every_nth &&
4294 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
4295 (scsi_result == 0))) {
4296 if ((num_in_q == (qdepth - 1)) &&
4297 (atomic_inc_return(&sdebug_a_tsf) >=
4298 abs(sdebug_every_nth))) {
4299 atomic_set(&sdebug_a_tsf, 0);
4300 inject = 1;
4301 scsi_result = device_qfull_result;
4302 }
4303 }
4304
4305 k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
4306 if (unlikely(k >= sdebug_max_queue)) {
4307 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4308 if (scsi_result)
4309 goto respond_in_thread;
4310 else if (SDEBUG_OPT_ALL_TSF & sdebug_opts)
4311 scsi_result = device_qfull_result;
4312 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
4313 sdev_printk(KERN_INFO, sdp,
4314 "%s: max_queue=%d exceeded, %s\n",
4315 __func__, sdebug_max_queue,
4316 (scsi_result ? "status: TASK SET FULL" :
4317 "report: host busy"));
4318 if (scsi_result)
4319 goto respond_in_thread;
4320 else
4321 return SCSI_MLQUEUE_HOST_BUSY;
4322 }
4323 __set_bit(k, sqp->in_use_bm);
4324 atomic_inc(&devip->num_in_q);
4325 sqcp = &sqp->qc_arr[k];
4326 sqcp->a_cmnd = cmnd;
4327 cmnd->host_scribble = (unsigned char *)sqcp;
4328 sd_dp = sqcp->sd_dp;
4329 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4330 if (unlikely(sdebug_every_nth && sdebug_any_injecting_opt))
4331 setup_inject(sqp, sqcp);
4332 if (sd_dp == NULL) {
4333 sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
4334 if (sd_dp == NULL)
4335 return SCSI_MLQUEUE_HOST_BUSY;
4336 }
4337
4338 cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
4339 if (cmnd->result & SDEG_RES_IMMED_MASK) {
4340 /*
4341 * This is the F_DELAY_OVERR case. No delay.
4342 */
4343 cmnd->result &= ~SDEG_RES_IMMED_MASK;
4344 delta_jiff = ndelay = 0;
4345 }
4346 if (cmnd->result == 0 && scsi_result != 0)
4347 cmnd->result = scsi_result;
4348
4349 if (unlikely(sdebug_verbose && cmnd->result))
4350 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
4351 __func__, cmnd->result);
4352
4353 if (delta_jiff > 0 || ndelay > 0) {
4354 ktime_t kt;
4355
4356 if (delta_jiff > 0) {
4357 kt = ns_to_ktime((u64)delta_jiff * (NSEC_PER_SEC / HZ));
4358 } else
4359 kt = ndelay;
4360 if (!sd_dp->init_hrt) {
4361 sd_dp->init_hrt = true;
4362 sqcp->sd_dp = sd_dp;
4363 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
4364 HRTIMER_MODE_REL_PINNED);
4365 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
4366 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4367 sd_dp->qc_idx = k;
4368 }
4369 if (sdebug_statistics)
4370 sd_dp->issuing_cpu = raw_smp_processor_id();
4371 sd_dp->defer_t = SDEB_DEFER_HRT;
4372 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
4373 } else { /* jdelay < 0, use work queue */
4374 if (!sd_dp->init_wq) {
4375 sd_dp->init_wq = true;
4376 sqcp->sd_dp = sd_dp;
4377 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4378 sd_dp->qc_idx = k;
4379 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
4380 }
4381 if (sdebug_statistics)
4382 sd_dp->issuing_cpu = raw_smp_processor_id();
4383 sd_dp->defer_t = SDEB_DEFER_WQ;
4384 if (unlikely(sqcp->inj_cmd_abort))
4385 sd_dp->aborted = true;
4386 schedule_work(&sd_dp->ew.work);
4387 if (unlikely(sqcp->inj_cmd_abort)) {
4388 sdev_printk(KERN_INFO, sdp, "abort request tag %d\n",
4389 cmnd->request->tag);
4390 blk_abort_request(cmnd->request);
4391 }
4392 }
4393 if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) &&
4394 (scsi_result == device_qfull_result)))
4395 sdev_printk(KERN_INFO, sdp,
4396 "%s: num_in_q=%d +1, %s%s\n", __func__,
4397 num_in_q, (inject ? "<inject> " : ""),
4398 "status: TASK SET FULL");
4399 return 0;
4400
4401respond_in_thread: /* call back to mid-layer using invocation thread */
4402 cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
4403 cmnd->result &= ~SDEG_RES_IMMED_MASK;
4404 if (cmnd->result == 0 && scsi_result != 0)
4405 cmnd->result = scsi_result;
4406 cmnd->scsi_done(cmnd);
4407 return 0;
4408}
4409
4410/* Note: The following macros create attribute files in the
4411 /sys/module/scsi_debug/parameters directory. Unfortunately this
4412 driver is unaware of a change and cannot trigger auxiliary actions
4413 as it can when the corresponding attribute in the
4414 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
4415 */
4416module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
4417module_param_named(ato, sdebug_ato, int, S_IRUGO);
4418module_param_named(cdb_len, sdebug_cdb_len, int, 0644);
4419module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
4420module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
4421module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
4422module_param_named(dif, sdebug_dif, int, S_IRUGO);
4423module_param_named(dix, sdebug_dix, int, S_IRUGO);
4424module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
4425module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
4426module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
4427module_param_named(guard, sdebug_guard, uint, S_IRUGO);
4428module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
4429module_param_string(inq_vendor, sdebug_inq_vendor_id,
4430 sizeof(sdebug_inq_vendor_id), S_IRUGO|S_IWUSR);
4431module_param_string(inq_product, sdebug_inq_product_id,
4432 sizeof(sdebug_inq_product_id), S_IRUGO|S_IWUSR);
4433module_param_string(inq_rev, sdebug_inq_product_rev,
4434 sizeof(sdebug_inq_product_rev), S_IRUGO|S_IWUSR);
4435module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
4436module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
4437module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
4438module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
4439module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
4440module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
4441module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
4442module_param_named(medium_error_start, sdebug_medium_error_start, int, S_IRUGO | S_IWUSR);
4443module_param_named(medium_error_count, sdebug_medium_error_count, int, S_IRUGO | S_IWUSR);
4444module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
4445module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
4446module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
4447module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
4448module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
4449module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
4450module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
4451module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
4452module_param_named(opt_xferlen_exp, sdebug_opt_xferlen_exp, int, S_IRUGO);
4453module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
4454module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
4455module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
4456module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
4457module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
4458module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
4459module_param_named(submit_queues, submit_queues, int, S_IRUGO);
4460module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
4461module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
4462module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
4463module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
4464module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
4465module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
4466module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
4467 S_IRUGO | S_IWUSR);
4468module_param_named(wp, sdebug_wp, bool, S_IRUGO | S_IWUSR);
4469module_param_named(write_same_length, sdebug_write_same_length, int,
4470 S_IRUGO | S_IWUSR);
4471
4472MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
4473MODULE_DESCRIPTION("SCSI debug adapter driver");
4474MODULE_LICENSE("GPL");
4475MODULE_VERSION(SDEBUG_VERSION);
4476
4477MODULE_PARM_DESC(add_host, "0..127 hosts allowed(def=1)");
4478MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
4479MODULE_PARM_DESC(cdb_len, "suggest CDB lengths to drivers (def=10)");
4480MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
4481MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
4482MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
4483MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
4484MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
4485MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
4486MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
4487MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
4488MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
4489MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
4490MODULE_PARM_DESC(inq_vendor, "SCSI INQUIRY vendor string (def=\"Linux\")");
4491MODULE_PARM_DESC(inq_product, "SCSI INQUIRY product string (def=\"scsi_debug\")");
4492MODULE_PARM_DESC(inq_rev, "SCSI INQUIRY revision string (def=\""
4493 SDEBUG_VERSION "\")");
4494MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
4495MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
4496MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
4497MODULE_PARM_DESC(lbprz,
4498 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
4499MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
4500MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
4501MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
4502MODULE_PARM_DESC(medium_error_start, "starting sector number to return MEDIUM error");
4503MODULE_PARM_DESC(medium_error_count, "count of sectors to return follow on MEDIUM error");
4504MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
4505MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
4506MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
4507MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
4508MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
4509MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
4510MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
4511MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
4512MODULE_PARM_DESC(opt_xferlen_exp, "optimal transfer length granularity exponent (def=physblk_exp)");
4513MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
4514MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
4515MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
4516MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
4517MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
4518MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
4519MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
4520MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
4521MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
4522MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
4523MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
4524MODULE_PARM_DESC(uuid_ctl,
4525 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
4526MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
4527MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
4528MODULE_PARM_DESC(wp, "Write Protect (def=0)");
4529MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
4530
4531#define SDEBUG_INFO_LEN 256
4532static char sdebug_info[SDEBUG_INFO_LEN];
4533
4534static const char *scsi_debug_info(struct Scsi_Host *shp)
4535{
4536 int k;
4537
4538 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
4539 my_name, SDEBUG_VERSION, sdebug_version_date);
4540 if (k >= (SDEBUG_INFO_LEN - 1))
4541 return sdebug_info;
4542 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
4543 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
4544 sdebug_dev_size_mb, sdebug_opts, submit_queues,
4545 "statistics", (int)sdebug_statistics);
4546 return sdebug_info;
4547}
4548
4549/* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
4550static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
4551 int length)
4552{
4553 char arr[16];
4554 int opts;
4555 int minLen = length > 15 ? 15 : length;
4556
4557 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
4558 return -EACCES;
4559 memcpy(arr, buffer, minLen);
4560 arr[minLen] = '\0';
4561 if (1 != sscanf(arr, "%d", &opts))
4562 return -EINVAL;
4563 sdebug_opts = opts;
4564 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4565 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4566 if (sdebug_every_nth != 0)
4567 tweak_cmnd_count();
4568 return length;
4569}
4570
4571/* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
4572 * same for each scsi_debug host (if more than one). Some of the counters
4573 * output are not atomics so might be inaccurate in a busy system. */
4574static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
4575{
4576 int f, j, l;
4577 struct sdebug_queue *sqp;
4578
4579 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
4580 SDEBUG_VERSION, sdebug_version_date);
4581 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
4582 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
4583 sdebug_opts, sdebug_every_nth);
4584 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
4585 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
4586 sdebug_sector_size, "bytes");
4587 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
4588 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
4589 num_aborts);
4590 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
4591 num_dev_resets, num_target_resets, num_bus_resets,
4592 num_host_resets);
4593 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
4594 dix_reads, dix_writes, dif_errors);
4595 seq_printf(m, "usec_in_jiffy=%lu, statistics=%d\n", TICK_NSEC / 1000,
4596 sdebug_statistics);
4597 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
4598 atomic_read(&sdebug_cmnd_count),
4599 atomic_read(&sdebug_completions),
4600 "miss_cpus", atomic_read(&sdebug_miss_cpus),
4601 atomic_read(&sdebug_a_tsf));
4602
4603 seq_printf(m, "submit_queues=%d\n", submit_queues);
4604 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
4605 seq_printf(m, " queue %d:\n", j);
4606 f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
4607 if (f != sdebug_max_queue) {
4608 l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
4609 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
4610 "first,last bits", f, l);
4611 }
4612 }
4613 return 0;
4614}
4615
4616static ssize_t delay_show(struct device_driver *ddp, char *buf)
4617{
4618 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
4619}
4620/* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
4621 * of delay is jiffies.
4622 */
4623static ssize_t delay_store(struct device_driver *ddp, const char *buf,
4624 size_t count)
4625{
4626 int jdelay, res;
4627
4628 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
4629 res = count;
4630 if (sdebug_jdelay != jdelay) {
4631 int j, k;
4632 struct sdebug_queue *sqp;
4633
4634 block_unblock_all_queues(true);
4635 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4636 ++j, ++sqp) {
4637 k = find_first_bit(sqp->in_use_bm,
4638 sdebug_max_queue);
4639 if (k != sdebug_max_queue) {
4640 res = -EBUSY; /* queued commands */
4641 break;
4642 }
4643 }
4644 if (res > 0) {
4645 sdebug_jdelay = jdelay;
4646 sdebug_ndelay = 0;
4647 }
4648 block_unblock_all_queues(false);
4649 }
4650 return res;
4651 }
4652 return -EINVAL;
4653}
4654static DRIVER_ATTR_RW(delay);
4655
4656static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
4657{
4658 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
4659}
4660/* Returns -EBUSY if ndelay is being changed and commands are queued */
4661/* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
4662static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
4663 size_t count)
4664{
4665 int ndelay, res;
4666
4667 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
4668 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
4669 res = count;
4670 if (sdebug_ndelay != ndelay) {
4671 int j, k;
4672 struct sdebug_queue *sqp;
4673
4674 block_unblock_all_queues(true);
4675 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4676 ++j, ++sqp) {
4677 k = find_first_bit(sqp->in_use_bm,
4678 sdebug_max_queue);
4679 if (k != sdebug_max_queue) {
4680 res = -EBUSY; /* queued commands */
4681 break;
4682 }
4683 }
4684 if (res > 0) {
4685 sdebug_ndelay = ndelay;
4686 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
4687 : DEF_JDELAY;
4688 }
4689 block_unblock_all_queues(false);
4690 }
4691 return res;
4692 }
4693 return -EINVAL;
4694}
4695static DRIVER_ATTR_RW(ndelay);
4696
4697static ssize_t opts_show(struct device_driver *ddp, char *buf)
4698{
4699 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
4700}
4701
4702static ssize_t opts_store(struct device_driver *ddp, const char *buf,
4703 size_t count)
4704{
4705 int opts;
4706 char work[20];
4707
4708 if (sscanf(buf, "%10s", work) == 1) {
4709 if (strncasecmp(work, "0x", 2) == 0) {
4710 if (kstrtoint(work + 2, 16, &opts) == 0)
4711 goto opts_done;
4712 } else {
4713 if (kstrtoint(work, 10, &opts) == 0)
4714 goto opts_done;
4715 }
4716 }
4717 return -EINVAL;
4718opts_done:
4719 sdebug_opts = opts;
4720 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4721 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4722 tweak_cmnd_count();
4723 return count;
4724}
4725static DRIVER_ATTR_RW(opts);
4726
4727static ssize_t ptype_show(struct device_driver *ddp, char *buf)
4728{
4729 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
4730}
4731static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
4732 size_t count)
4733{
4734 int n;
4735
4736 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4737 sdebug_ptype = n;
4738 return count;
4739 }
4740 return -EINVAL;
4741}
4742static DRIVER_ATTR_RW(ptype);
4743
4744static ssize_t dsense_show(struct device_driver *ddp, char *buf)
4745{
4746 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
4747}
4748static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
4749 size_t count)
4750{
4751 int n;
4752
4753 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4754 sdebug_dsense = n;
4755 return count;
4756 }
4757 return -EINVAL;
4758}
4759static DRIVER_ATTR_RW(dsense);
4760
4761static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
4762{
4763 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
4764}
4765static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
4766 size_t count)
4767{
4768 int n;
4769
4770 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4771 n = (n > 0);
4772 sdebug_fake_rw = (sdebug_fake_rw > 0);
4773 if (sdebug_fake_rw != n) {
4774 if ((0 == n) && (NULL == fake_storep)) {
4775 unsigned long sz =
4776 (unsigned long)sdebug_dev_size_mb *
4777 1048576;
4778
4779 fake_storep = vzalloc(sz);
4780 if (NULL == fake_storep) {
4781 pr_err("out of memory, 9\n");
4782 return -ENOMEM;
4783 }
4784 }
4785 sdebug_fake_rw = n;
4786 }
4787 return count;
4788 }
4789 return -EINVAL;
4790}
4791static DRIVER_ATTR_RW(fake_rw);
4792
4793static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
4794{
4795 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
4796}
4797static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
4798 size_t count)
4799{
4800 int n;
4801
4802 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4803 sdebug_no_lun_0 = n;
4804 return count;
4805 }
4806 return -EINVAL;
4807}
4808static DRIVER_ATTR_RW(no_lun_0);
4809
4810static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
4811{
4812 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
4813}
4814static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
4815 size_t count)
4816{
4817 int n;
4818
4819 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4820 sdebug_num_tgts = n;
4821 sdebug_max_tgts_luns();
4822 return count;
4823 }
4824 return -EINVAL;
4825}
4826static DRIVER_ATTR_RW(num_tgts);
4827
4828static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
4829{
4830 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
4831}
4832static DRIVER_ATTR_RO(dev_size_mb);
4833
4834static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
4835{
4836 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
4837}
4838static DRIVER_ATTR_RO(num_parts);
4839
4840static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
4841{
4842 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
4843}
4844static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
4845 size_t count)
4846{
4847 int nth;
4848
4849 if ((count > 0) && (1 == sscanf(buf, "%d", &nth))) {
4850 sdebug_every_nth = nth;
4851 if (nth && !sdebug_statistics) {
4852 pr_info("every_nth needs statistics=1, set it\n");
4853 sdebug_statistics = true;
4854 }
4855 tweak_cmnd_count();
4856 return count;
4857 }
4858 return -EINVAL;
4859}
4860static DRIVER_ATTR_RW(every_nth);
4861
4862static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
4863{
4864 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
4865}
4866static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
4867 size_t count)
4868{
4869 int n;
4870 bool changed;
4871
4872 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4873 if (n > 256) {
4874 pr_warn("max_luns can be no more than 256\n");
4875 return -EINVAL;
4876 }
4877 changed = (sdebug_max_luns != n);
4878 sdebug_max_luns = n;
4879 sdebug_max_tgts_luns();
4880 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
4881 struct sdebug_host_info *sdhp;
4882 struct sdebug_dev_info *dp;
4883
4884 spin_lock(&sdebug_host_list_lock);
4885 list_for_each_entry(sdhp, &sdebug_host_list,
4886 host_list) {
4887 list_for_each_entry(dp, &sdhp->dev_info_list,
4888 dev_list) {
4889 set_bit(SDEBUG_UA_LUNS_CHANGED,
4890 dp->uas_bm);
4891 }
4892 }
4893 spin_unlock(&sdebug_host_list_lock);
4894 }
4895 return count;
4896 }
4897 return -EINVAL;
4898}
4899static DRIVER_ATTR_RW(max_luns);
4900
4901static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
4902{
4903 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
4904}
4905/* N.B. max_queue can be changed while there are queued commands. In flight
4906 * commands beyond the new max_queue will be completed. */
4907static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
4908 size_t count)
4909{
4910 int j, n, k, a;
4911 struct sdebug_queue *sqp;
4912
4913 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
4914 (n <= SDEBUG_CANQUEUE)) {
4915 block_unblock_all_queues(true);
4916 k = 0;
4917 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4918 ++j, ++sqp) {
4919 a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
4920 if (a > k)
4921 k = a;
4922 }
4923 sdebug_max_queue = n;
4924 if (k == SDEBUG_CANQUEUE)
4925 atomic_set(&retired_max_queue, 0);
4926 else if (k >= n)
4927 atomic_set(&retired_max_queue, k + 1);
4928 else
4929 atomic_set(&retired_max_queue, 0);
4930 block_unblock_all_queues(false);
4931 return count;
4932 }
4933 return -EINVAL;
4934}
4935static DRIVER_ATTR_RW(max_queue);
4936
4937static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
4938{
4939 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
4940}
4941static DRIVER_ATTR_RO(no_uld);
4942
4943static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
4944{
4945 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
4946}
4947static DRIVER_ATTR_RO(scsi_level);
4948
4949static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
4950{
4951 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
4952}
4953static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
4954 size_t count)
4955{
4956 int n;
4957 bool changed;
4958
4959 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4960 changed = (sdebug_virtual_gb != n);
4961 sdebug_virtual_gb = n;
4962 sdebug_capacity = get_sdebug_capacity();
4963 if (changed) {
4964 struct sdebug_host_info *sdhp;
4965 struct sdebug_dev_info *dp;
4966
4967 spin_lock(&sdebug_host_list_lock);
4968 list_for_each_entry(sdhp, &sdebug_host_list,
4969 host_list) {
4970 list_for_each_entry(dp, &sdhp->dev_info_list,
4971 dev_list) {
4972 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
4973 dp->uas_bm);
4974 }
4975 }
4976 spin_unlock(&sdebug_host_list_lock);
4977 }
4978 return count;
4979 }
4980 return -EINVAL;
4981}
4982static DRIVER_ATTR_RW(virtual_gb);
4983
4984static ssize_t add_host_show(struct device_driver *ddp, char *buf)
4985{
4986 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_add_host);
4987}
4988
4989static int sdebug_add_adapter(void);
4990static void sdebug_remove_adapter(void);
4991
4992static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
4993 size_t count)
4994{
4995 int delta_hosts;
4996
4997 if (sscanf(buf, "%d", &delta_hosts) != 1)
4998 return -EINVAL;
4999 if (delta_hosts > 0) {
5000 do {
5001 sdebug_add_adapter();
5002 } while (--delta_hosts);
5003 } else if (delta_hosts < 0) {
5004 do {
5005 sdebug_remove_adapter();
5006 } while (++delta_hosts);
5007 }
5008 return count;
5009}
5010static DRIVER_ATTR_RW(add_host);
5011
5012static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
5013{
5014 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
5015}
5016static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
5017 size_t count)
5018{
5019 int n;
5020
5021 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5022 sdebug_vpd_use_hostno = n;
5023 return count;
5024 }
5025 return -EINVAL;
5026}
5027static DRIVER_ATTR_RW(vpd_use_hostno);
5028
5029static ssize_t statistics_show(struct device_driver *ddp, char *buf)
5030{
5031 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
5032}
5033static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
5034 size_t count)
5035{
5036 int n;
5037
5038 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
5039 if (n > 0)
5040 sdebug_statistics = true;
5041 else {
5042 clear_queue_stats();
5043 sdebug_statistics = false;
5044 }
5045 return count;
5046 }
5047 return -EINVAL;
5048}
5049static DRIVER_ATTR_RW(statistics);
5050
5051static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
5052{
5053 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
5054}
5055static DRIVER_ATTR_RO(sector_size);
5056
5057static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
5058{
5059 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
5060}
5061static DRIVER_ATTR_RO(submit_queues);
5062
5063static ssize_t dix_show(struct device_driver *ddp, char *buf)
5064{
5065 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
5066}
5067static DRIVER_ATTR_RO(dix);
5068
5069static ssize_t dif_show(struct device_driver *ddp, char *buf)
5070{
5071 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
5072}
5073static DRIVER_ATTR_RO(dif);
5074
5075static ssize_t guard_show(struct device_driver *ddp, char *buf)
5076{
5077 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
5078}
5079static DRIVER_ATTR_RO(guard);
5080
5081static ssize_t ato_show(struct device_driver *ddp, char *buf)
5082{
5083 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
5084}
5085static DRIVER_ATTR_RO(ato);
5086
5087static ssize_t map_show(struct device_driver *ddp, char *buf)
5088{
5089 ssize_t count;
5090
5091 if (!scsi_debug_lbp())
5092 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
5093 sdebug_store_sectors);
5094
5095 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
5096 (int)map_size, map_storep);
5097 buf[count++] = '\n';
5098 buf[count] = '\0';
5099
5100 return count;
5101}
5102static DRIVER_ATTR_RO(map);
5103
5104static ssize_t removable_show(struct device_driver *ddp, char *buf)
5105{
5106 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
5107}
5108static ssize_t removable_store(struct device_driver *ddp, const char *buf,
5109 size_t count)
5110{
5111 int n;
5112
5113 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5114 sdebug_removable = (n > 0);
5115 return count;
5116 }
5117 return -EINVAL;
5118}
5119static DRIVER_ATTR_RW(removable);
5120
5121static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
5122{
5123 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
5124}
5125/* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
5126static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
5127 size_t count)
5128{
5129 int n;
5130
5131 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5132 sdebug_host_lock = (n > 0);
5133 return count;
5134 }
5135 return -EINVAL;
5136}
5137static DRIVER_ATTR_RW(host_lock);
5138
5139static ssize_t strict_show(struct device_driver *ddp, char *buf)
5140{
5141 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
5142}
5143static ssize_t strict_store(struct device_driver *ddp, const char *buf,
5144 size_t count)
5145{
5146 int n;
5147
5148 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
5149 sdebug_strict = (n > 0);
5150 return count;
5151 }
5152 return -EINVAL;
5153}
5154static DRIVER_ATTR_RW(strict);
5155
5156static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
5157{
5158 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
5159}
5160static DRIVER_ATTR_RO(uuid_ctl);
5161
5162static ssize_t cdb_len_show(struct device_driver *ddp, char *buf)
5163{
5164 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_cdb_len);
5165}
5166static ssize_t cdb_len_store(struct device_driver *ddp, const char *buf,
5167 size_t count)
5168{
5169 int ret, n;
5170
5171 ret = kstrtoint(buf, 0, &n);
5172 if (ret)
5173 return ret;
5174 sdebug_cdb_len = n;
5175 all_config_cdb_len();
5176 return count;
5177}
5178static DRIVER_ATTR_RW(cdb_len);
5179
5180
5181/* Note: The following array creates attribute files in the
5182 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
5183 files (over those found in the /sys/module/scsi_debug/parameters
5184 directory) is that auxiliary actions can be triggered when an attribute
5185 is changed. For example see: sdebug_add_host_store() above.
5186 */
5187
5188static struct attribute *sdebug_drv_attrs[] = {
5189 &driver_attr_delay.attr,
5190 &driver_attr_opts.attr,
5191 &driver_attr_ptype.attr,
5192 &driver_attr_dsense.attr,
5193 &driver_attr_fake_rw.attr,
5194 &driver_attr_no_lun_0.attr,
5195 &driver_attr_num_tgts.attr,
5196 &driver_attr_dev_size_mb.attr,
5197 &driver_attr_num_parts.attr,
5198 &driver_attr_every_nth.attr,
5199 &driver_attr_max_luns.attr,
5200 &driver_attr_max_queue.attr,
5201 &driver_attr_no_uld.attr,
5202 &driver_attr_scsi_level.attr,
5203 &driver_attr_virtual_gb.attr,
5204 &driver_attr_add_host.attr,
5205 &driver_attr_vpd_use_hostno.attr,
5206 &driver_attr_sector_size.attr,
5207 &driver_attr_statistics.attr,
5208 &driver_attr_submit_queues.attr,
5209 &driver_attr_dix.attr,
5210 &driver_attr_dif.attr,
5211 &driver_attr_guard.attr,
5212 &driver_attr_ato.attr,
5213 &driver_attr_map.attr,
5214 &driver_attr_removable.attr,
5215 &driver_attr_host_lock.attr,
5216 &driver_attr_ndelay.attr,
5217 &driver_attr_strict.attr,
5218 &driver_attr_uuid_ctl.attr,
5219 &driver_attr_cdb_len.attr,
5220 NULL,
5221};
5222ATTRIBUTE_GROUPS(sdebug_drv);
5223
5224static struct device *pseudo_primary;
5225
5226static int __init scsi_debug_init(void)
5227{
5228 unsigned long sz;
5229 int host_to_add;
5230 int k;
5231 int ret;
5232
5233 atomic_set(&retired_max_queue, 0);
5234
5235 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
5236 pr_warn("ndelay must be less than 1 second, ignored\n");
5237 sdebug_ndelay = 0;
5238 } else if (sdebug_ndelay > 0)
5239 sdebug_jdelay = JDELAY_OVERRIDDEN;
5240
5241 switch (sdebug_sector_size) {
5242 case 512:
5243 case 1024:
5244 case 2048:
5245 case 4096:
5246 break;
5247 default:
5248 pr_err("invalid sector_size %d\n", sdebug_sector_size);
5249 return -EINVAL;
5250 }
5251
5252 switch (sdebug_dif) {
5253 case T10_PI_TYPE0_PROTECTION:
5254 break;
5255 case T10_PI_TYPE1_PROTECTION:
5256 case T10_PI_TYPE2_PROTECTION:
5257 case T10_PI_TYPE3_PROTECTION:
5258 have_dif_prot = true;
5259 break;
5260
5261 default:
5262 pr_err("dif must be 0, 1, 2 or 3\n");
5263 return -EINVAL;
5264 }
5265
5266 if (sdebug_guard > 1) {
5267 pr_err("guard must be 0 or 1\n");
5268 return -EINVAL;
5269 }
5270
5271 if (sdebug_ato > 1) {
5272 pr_err("ato must be 0 or 1\n");
5273 return -EINVAL;
5274 }
5275
5276 if (sdebug_physblk_exp > 15) {
5277 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
5278 return -EINVAL;
5279 }
5280 if (sdebug_max_luns > 256) {
5281 pr_warn("max_luns can be no more than 256, use default\n");
5282 sdebug_max_luns = DEF_MAX_LUNS;
5283 }
5284
5285 if (sdebug_lowest_aligned > 0x3fff) {
5286 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
5287 return -EINVAL;
5288 }
5289
5290 if (submit_queues < 1) {
5291 pr_err("submit_queues must be 1 or more\n");
5292 return -EINVAL;
5293 }
5294 sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
5295 GFP_KERNEL);
5296 if (sdebug_q_arr == NULL)
5297 return -ENOMEM;
5298 for (k = 0; k < submit_queues; ++k)
5299 spin_lock_init(&sdebug_q_arr[k].qc_lock);
5300
5301 if (sdebug_dev_size_mb < 1)
5302 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
5303 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
5304 sdebug_store_sectors = sz / sdebug_sector_size;
5305 sdebug_capacity = get_sdebug_capacity();
5306
5307 /* play around with geometry, don't waste too much on track 0 */
5308 sdebug_heads = 8;
5309 sdebug_sectors_per = 32;
5310 if (sdebug_dev_size_mb >= 256)
5311 sdebug_heads = 64;
5312 else if (sdebug_dev_size_mb >= 16)
5313 sdebug_heads = 32;
5314 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5315 (sdebug_sectors_per * sdebug_heads);
5316 if (sdebug_cylinders_per >= 1024) {
5317 /* other LLDs do this; implies >= 1GB ram disk ... */
5318 sdebug_heads = 255;
5319 sdebug_sectors_per = 63;
5320 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5321 (sdebug_sectors_per * sdebug_heads);
5322 }
5323
5324 if (sdebug_fake_rw == 0) {
5325 fake_storep = vzalloc(sz);
5326 if (NULL == fake_storep) {
5327 pr_err("out of memory, 1\n");
5328 ret = -ENOMEM;
5329 goto free_q_arr;
5330 }
5331 if (sdebug_num_parts > 0)
5332 sdebug_build_parts(fake_storep, sz);
5333 }
5334
5335 if (sdebug_dix) {
5336 int dif_size;
5337
5338 dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
5339 dif_storep = vmalloc(dif_size);
5340
5341 pr_err("dif_storep %u bytes @ %p\n", dif_size, dif_storep);
5342
5343 if (dif_storep == NULL) {
5344 pr_err("out of mem. (DIX)\n");
5345 ret = -ENOMEM;
5346 goto free_vm;
5347 }
5348
5349 memset(dif_storep, 0xff, dif_size);
5350 }
5351
5352 /* Logical Block Provisioning */
5353 if (scsi_debug_lbp()) {
5354 sdebug_unmap_max_blocks =
5355 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
5356
5357 sdebug_unmap_max_desc =
5358 clamp(sdebug_unmap_max_desc, 0U, 256U);
5359
5360 sdebug_unmap_granularity =
5361 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
5362
5363 if (sdebug_unmap_alignment &&
5364 sdebug_unmap_granularity <=
5365 sdebug_unmap_alignment) {
5366 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
5367 ret = -EINVAL;
5368 goto free_vm;
5369 }
5370
5371 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
5372 map_storep = vmalloc(array_size(sizeof(long),
5373 BITS_TO_LONGS(map_size)));
5374
5375 pr_info("%lu provisioning blocks\n", map_size);
5376
5377 if (map_storep == NULL) {
5378 pr_err("out of mem. (MAP)\n");
5379 ret = -ENOMEM;
5380 goto free_vm;
5381 }
5382
5383 bitmap_zero(map_storep, map_size);
5384
5385 /* Map first 1KB for partition table */
5386 if (sdebug_num_parts)
5387 map_region(0, 2);
5388 }
5389
5390 pseudo_primary = root_device_register("pseudo_0");
5391 if (IS_ERR(pseudo_primary)) {
5392 pr_warn("root_device_register() error\n");
5393 ret = PTR_ERR(pseudo_primary);
5394 goto free_vm;
5395 }
5396 ret = bus_register(&pseudo_lld_bus);
5397 if (ret < 0) {
5398 pr_warn("bus_register error: %d\n", ret);
5399 goto dev_unreg;
5400 }
5401 ret = driver_register(&sdebug_driverfs_driver);
5402 if (ret < 0) {
5403 pr_warn("driver_register error: %d\n", ret);
5404 goto bus_unreg;
5405 }
5406
5407 host_to_add = sdebug_add_host;
5408 sdebug_add_host = 0;
5409
5410 for (k = 0; k < host_to_add; k++) {
5411 if (sdebug_add_adapter()) {
5412 pr_err("sdebug_add_adapter failed k=%d\n", k);
5413 break;
5414 }
5415 }
5416
5417 if (sdebug_verbose)
5418 pr_info("built %d host(s)\n", sdebug_add_host);
5419
5420 return 0;
5421
5422bus_unreg:
5423 bus_unregister(&pseudo_lld_bus);
5424dev_unreg:
5425 root_device_unregister(pseudo_primary);
5426free_vm:
5427 vfree(map_storep);
5428 vfree(dif_storep);
5429 vfree(fake_storep);
5430free_q_arr:
5431 kfree(sdebug_q_arr);
5432 return ret;
5433}
5434
5435static void __exit scsi_debug_exit(void)
5436{
5437 int k = sdebug_add_host;
5438
5439 stop_all_queued();
5440 for (; k; k--)
5441 sdebug_remove_adapter();
5442 free_all_queued();
5443 driver_unregister(&sdebug_driverfs_driver);
5444 bus_unregister(&pseudo_lld_bus);
5445 root_device_unregister(pseudo_primary);
5446
5447 vfree(map_storep);
5448 vfree(dif_storep);
5449 vfree(fake_storep);
5450 kfree(sdebug_q_arr);
5451}
5452
5453device_initcall(scsi_debug_init);
5454module_exit(scsi_debug_exit);
5455
5456static void sdebug_release_adapter(struct device *dev)
5457{
5458 struct sdebug_host_info *sdbg_host;
5459
5460 sdbg_host = to_sdebug_host(dev);
5461 kfree(sdbg_host);
5462}
5463
5464static int sdebug_add_adapter(void)
5465{
5466 int k, devs_per_host;
5467 int error = 0;
5468 struct sdebug_host_info *sdbg_host;
5469 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5470
5471 sdbg_host = kzalloc(sizeof(*sdbg_host), GFP_KERNEL);
5472 if (sdbg_host == NULL) {
5473 pr_err("out of memory at line %d\n", __LINE__);
5474 return -ENOMEM;
5475 }
5476
5477 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
5478
5479 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
5480 for (k = 0; k < devs_per_host; k++) {
5481 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
5482 if (!sdbg_devinfo) {
5483 pr_err("out of memory at line %d\n", __LINE__);
5484 error = -ENOMEM;
5485 goto clean;
5486 }
5487 }
5488
5489 spin_lock(&sdebug_host_list_lock);
5490 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
5491 spin_unlock(&sdebug_host_list_lock);
5492
5493 sdbg_host->dev.bus = &pseudo_lld_bus;
5494 sdbg_host->dev.parent = pseudo_primary;
5495 sdbg_host->dev.release = &sdebug_release_adapter;
5496 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_add_host);
5497
5498 error = device_register(&sdbg_host->dev);
5499
5500 if (error)
5501 goto clean;
5502
5503 ++sdebug_add_host;
5504 return error;
5505
5506clean:
5507 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5508 dev_list) {
5509 list_del(&sdbg_devinfo->dev_list);
5510 kfree(sdbg_devinfo);
5511 }
5512
5513 kfree(sdbg_host);
5514 return error;
5515}
5516
5517static void sdebug_remove_adapter(void)
5518{
5519 struct sdebug_host_info *sdbg_host = NULL;
5520
5521 spin_lock(&sdebug_host_list_lock);
5522 if (!list_empty(&sdebug_host_list)) {
5523 sdbg_host = list_entry(sdebug_host_list.prev,
5524 struct sdebug_host_info, host_list);
5525 list_del(&sdbg_host->host_list);
5526 }
5527 spin_unlock(&sdebug_host_list_lock);
5528
5529 if (!sdbg_host)
5530 return;
5531
5532 device_unregister(&sdbg_host->dev);
5533 --sdebug_add_host;
5534}
5535
5536static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
5537{
5538 int num_in_q = 0;
5539 struct sdebug_dev_info *devip;
5540
5541 block_unblock_all_queues(true);
5542 devip = (struct sdebug_dev_info *)sdev->hostdata;
5543 if (NULL == devip) {
5544 block_unblock_all_queues(false);
5545 return -ENODEV;
5546 }
5547 num_in_q = atomic_read(&devip->num_in_q);
5548
5549 if (qdepth < 1)
5550 qdepth = 1;
5551 /* allow to exceed max host qc_arr elements for testing */
5552 if (qdepth > SDEBUG_CANQUEUE + 10)
5553 qdepth = SDEBUG_CANQUEUE + 10;
5554 scsi_change_queue_depth(sdev, qdepth);
5555
5556 if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
5557 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
5558 __func__, qdepth, num_in_q);
5559 }
5560 block_unblock_all_queues(false);
5561 return sdev->queue_depth;
5562}
5563
5564static bool fake_timeout(struct scsi_cmnd *scp)
5565{
5566 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
5567 if (sdebug_every_nth < -1)
5568 sdebug_every_nth = -1;
5569 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
5570 return true; /* ignore command causing timeout */
5571 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
5572 scsi_medium_access_command(scp))
5573 return true; /* time out reads and writes */
5574 }
5575 return false;
5576}
5577
5578static bool fake_host_busy(struct scsi_cmnd *scp)
5579{
5580 return (sdebug_opts & SDEBUG_OPT_HOST_BUSY) &&
5581 (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) == 0;
5582}
5583
5584static int scsi_debug_queuecommand(struct Scsi_Host *shost,
5585 struct scsi_cmnd *scp)
5586{
5587 u8 sdeb_i;
5588 struct scsi_device *sdp = scp->device;
5589 const struct opcode_info_t *oip;
5590 const struct opcode_info_t *r_oip;
5591 struct sdebug_dev_info *devip;
5592 u8 *cmd = scp->cmnd;
5593 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
5594 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *) = NULL;
5595 int k, na;
5596 int errsts = 0;
5597 u32 flags;
5598 u16 sa;
5599 u8 opcode = cmd[0];
5600 bool has_wlun_rl;
5601
5602 scsi_set_resid(scp, 0);
5603 if (sdebug_statistics)
5604 atomic_inc(&sdebug_cmnd_count);
5605 if (unlikely(sdebug_verbose &&
5606 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
5607 char b[120];
5608 int n, len, sb;
5609
5610 len = scp->cmd_len;
5611 sb = (int)sizeof(b);
5612 if (len > 32)
5613 strcpy(b, "too long, over 32 bytes");
5614 else {
5615 for (k = 0, n = 0; k < len && n < sb; ++k)
5616 n += scnprintf(b + n, sb - n, "%02x ",
5617 (u32)cmd[k]);
5618 }
5619 sdev_printk(KERN_INFO, sdp, "%s: tag=%#x, cmd %s\n", my_name,
5620 blk_mq_unique_tag(scp->request), b);
5621 }
5622 if (fake_host_busy(scp))
5623 return SCSI_MLQUEUE_HOST_BUSY;
5624 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
5625 if (unlikely((sdp->lun >= sdebug_max_luns) && !has_wlun_rl))
5626 goto err_out;
5627
5628 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
5629 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
5630 devip = (struct sdebug_dev_info *)sdp->hostdata;
5631 if (unlikely(!devip)) {
5632 devip = find_build_dev_info(sdp);
5633 if (NULL == devip)
5634 goto err_out;
5635 }
5636 na = oip->num_attached;
5637 r_pfp = oip->pfp;
5638 if (na) { /* multiple commands with this opcode */
5639 r_oip = oip;
5640 if (FF_SA & r_oip->flags) {
5641 if (F_SA_LOW & oip->flags)
5642 sa = 0x1f & cmd[1];
5643 else
5644 sa = get_unaligned_be16(cmd + 8);
5645 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5646 if (opcode == oip->opcode && sa == oip->sa)
5647 break;
5648 }
5649 } else { /* since no service action only check opcode */
5650 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5651 if (opcode == oip->opcode)
5652 break;
5653 }
5654 }
5655 if (k > na) {
5656 if (F_SA_LOW & r_oip->flags)
5657 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
5658 else if (F_SA_HIGH & r_oip->flags)
5659 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
5660 else
5661 mk_sense_invalid_opcode(scp);
5662 goto check_cond;
5663 }
5664 } /* else (when na==0) we assume the oip is a match */
5665 flags = oip->flags;
5666 if (unlikely(F_INV_OP & flags)) {
5667 mk_sense_invalid_opcode(scp);
5668 goto check_cond;
5669 }
5670 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
5671 if (sdebug_verbose)
5672 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
5673 my_name, opcode, " supported for wlun");
5674 mk_sense_invalid_opcode(scp);
5675 goto check_cond;
5676 }
5677 if (unlikely(sdebug_strict)) { /* check cdb against mask */
5678 u8 rem;
5679 int j;
5680
5681 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
5682 rem = ~oip->len_mask[k] & cmd[k];
5683 if (rem) {
5684 for (j = 7; j >= 0; --j, rem <<= 1) {
5685 if (0x80 & rem)
5686 break;
5687 }
5688 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
5689 goto check_cond;
5690 }
5691 }
5692 }
5693 if (unlikely(!(F_SKIP_UA & flags) &&
5694 find_first_bit(devip->uas_bm,
5695 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
5696 errsts = make_ua(scp, devip);
5697 if (errsts)
5698 goto check_cond;
5699 }
5700 if (unlikely((F_M_ACCESS & flags) && atomic_read(&devip->stopped))) {
5701 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
5702 if (sdebug_verbose)
5703 sdev_printk(KERN_INFO, sdp, "%s reports: Not ready: "
5704 "%s\n", my_name, "initializing command "
5705 "required");
5706 errsts = check_condition_result;
5707 goto fini;
5708 }
5709 if (sdebug_fake_rw && (F_FAKE_RW & flags))
5710 goto fini;
5711 if (unlikely(sdebug_every_nth)) {
5712 if (fake_timeout(scp))
5713 return 0; /* ignore command: make trouble */
5714 }
5715 if (likely(oip->pfp))
5716 pfp = oip->pfp; /* calls a resp_* function */
5717 else
5718 pfp = r_pfp; /* if leaf function ptr NULL, try the root's */
5719
5720fini:
5721 if (F_DELAY_OVERR & flags)
5722 return schedule_resp(scp, devip, errsts, pfp, 0, 0);
5723 else if ((flags & F_LONG_DELAY) && (sdebug_jdelay > 0 ||
5724 sdebug_ndelay > 10000)) {
5725 /*
5726 * Skip long delays if ndelay <= 10 microseconds. Otherwise
5727 * for Start Stop Unit (SSU) want at least 1 second delay and
5728 * if sdebug_jdelay>1 want a long delay of that many seconds.
5729 * For Synchronize Cache want 1/20 of SSU's delay.
5730 */
5731 int jdelay = (sdebug_jdelay < 2) ? 1 : sdebug_jdelay;
5732 int denom = (flags & F_SYNC_DELAY) ? 20 : 1;
5733
5734 jdelay = mult_frac(USER_HZ * jdelay, HZ, denom * USER_HZ);
5735 return schedule_resp(scp, devip, errsts, pfp, jdelay, 0);
5736 } else
5737 return schedule_resp(scp, devip, errsts, pfp, sdebug_jdelay,
5738 sdebug_ndelay);
5739check_cond:
5740 return schedule_resp(scp, devip, check_condition_result, NULL, 0, 0);
5741err_out:
5742 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, NULL, 0, 0);
5743}
5744
5745static struct scsi_host_template sdebug_driver_template = {
5746 .show_info = scsi_debug_show_info,
5747 .write_info = scsi_debug_write_info,
5748 .proc_name = sdebug_proc_name,
5749 .name = "SCSI DEBUG",
5750 .info = scsi_debug_info,
5751 .slave_alloc = scsi_debug_slave_alloc,
5752 .slave_configure = scsi_debug_slave_configure,
5753 .slave_destroy = scsi_debug_slave_destroy,
5754 .ioctl = scsi_debug_ioctl,
5755 .queuecommand = scsi_debug_queuecommand,
5756 .change_queue_depth = sdebug_change_qdepth,
5757 .eh_abort_handler = scsi_debug_abort,
5758 .eh_device_reset_handler = scsi_debug_device_reset,
5759 .eh_target_reset_handler = scsi_debug_target_reset,
5760 .eh_bus_reset_handler = scsi_debug_bus_reset,
5761 .eh_host_reset_handler = scsi_debug_host_reset,
5762 .can_queue = SDEBUG_CANQUEUE,
5763 .this_id = 7,
5764 .sg_tablesize = SG_MAX_SEGMENTS,
5765 .cmd_per_lun = DEF_CMD_PER_LUN,
5766 .max_sectors = -1U,
5767 .max_segment_size = -1U,
5768 .module = THIS_MODULE,
5769 .track_queue_depth = 1,
5770};
5771
5772static int sdebug_driver_probe(struct device *dev)
5773{
5774 int error = 0;
5775 struct sdebug_host_info *sdbg_host;
5776 struct Scsi_Host *hpnt;
5777 int hprot;
5778
5779 sdbg_host = to_sdebug_host(dev);
5780
5781 sdebug_driver_template.can_queue = sdebug_max_queue;
5782 if (!sdebug_clustering)
5783 sdebug_driver_template.dma_boundary = PAGE_SIZE - 1;
5784
5785 hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
5786 if (NULL == hpnt) {
5787 pr_err("scsi_host_alloc failed\n");
5788 error = -ENODEV;
5789 return error;
5790 }
5791 if (submit_queues > nr_cpu_ids) {
5792 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%u\n",
5793 my_name, submit_queues, nr_cpu_ids);
5794 submit_queues = nr_cpu_ids;
5795 }
5796 /* Decide whether to tell scsi subsystem that we want mq */
5797 /* Following should give the same answer for each host */
5798 hpnt->nr_hw_queues = submit_queues;
5799
5800 sdbg_host->shost = hpnt;
5801 *((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
5802 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
5803 hpnt->max_id = sdebug_num_tgts + 1;
5804 else
5805 hpnt->max_id = sdebug_num_tgts;
5806 /* = sdebug_max_luns; */
5807 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
5808
5809 hprot = 0;
5810
5811 switch (sdebug_dif) {
5812
5813 case T10_PI_TYPE1_PROTECTION:
5814 hprot = SHOST_DIF_TYPE1_PROTECTION;
5815 if (sdebug_dix)
5816 hprot |= SHOST_DIX_TYPE1_PROTECTION;
5817 break;
5818
5819 case T10_PI_TYPE2_PROTECTION:
5820 hprot = SHOST_DIF_TYPE2_PROTECTION;
5821 if (sdebug_dix)
5822 hprot |= SHOST_DIX_TYPE2_PROTECTION;
5823 break;
5824
5825 case T10_PI_TYPE3_PROTECTION:
5826 hprot = SHOST_DIF_TYPE3_PROTECTION;
5827 if (sdebug_dix)
5828 hprot |= SHOST_DIX_TYPE3_PROTECTION;
5829 break;
5830
5831 default:
5832 if (sdebug_dix)
5833 hprot |= SHOST_DIX_TYPE0_PROTECTION;
5834 break;
5835 }
5836
5837 scsi_host_set_prot(hpnt, hprot);
5838
5839 if (have_dif_prot || sdebug_dix)
5840 pr_info("host protection%s%s%s%s%s%s%s\n",
5841 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
5842 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
5843 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
5844 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
5845 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
5846 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
5847 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
5848
5849 if (sdebug_guard == 1)
5850 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
5851 else
5852 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
5853
5854 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
5855 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
5856 if (sdebug_every_nth) /* need stats counters for every_nth */
5857 sdebug_statistics = true;
5858 error = scsi_add_host(hpnt, &sdbg_host->dev);
5859 if (error) {
5860 pr_err("scsi_add_host failed\n");
5861 error = -ENODEV;
5862 scsi_host_put(hpnt);
5863 } else
5864 scsi_scan_host(hpnt);
5865
5866 return error;
5867}
5868
5869static int sdebug_driver_remove(struct device *dev)
5870{
5871 struct sdebug_host_info *sdbg_host;
5872 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5873
5874 sdbg_host = to_sdebug_host(dev);
5875
5876 if (!sdbg_host) {
5877 pr_err("Unable to locate host info\n");
5878 return -ENODEV;
5879 }
5880
5881 scsi_remove_host(sdbg_host->shost);
5882
5883 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5884 dev_list) {
5885 list_del(&sdbg_devinfo->dev_list);
5886 kfree(sdbg_devinfo);
5887 }
5888
5889 scsi_host_put(sdbg_host->shost);
5890 return 0;
5891}
5892
5893static int pseudo_lld_bus_match(struct device *dev,
5894 struct device_driver *dev_driver)
5895{
5896 return 1;
5897}
5898
5899static struct bus_type pseudo_lld_bus = {
5900 .name = "pseudo",
5901 .match = pseudo_lld_bus_match,
5902 .probe = sdebug_driver_probe,
5903 .remove = sdebug_driver_remove,
5904 .drv_groups = sdebug_drv_groups,
5905};