linux/drivers/scsi/scsi_debug.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
   4 *  Copyright (C) 1992  Eric Youngdale
   5 *  Simulate a host adapter with 2 disks attached.  Do a lot of checking
   6 *  to make sure that we are not getting blocks mixed up, and PANIC if
   7 *  anything out of the ordinary is seen.
   8 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   9 *
  10 * Copyright (C) 2001 - 2020 Douglas Gilbert
  11 *
  12 *  For documentation see http://sg.danny.cz/sg/scsi_debug.html
  13 */
  14
  15
  16#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
  17
  18#include <linux/module.h>
  19
  20#include <linux/kernel.h>
  21#include <linux/errno.h>
  22#include <linux/jiffies.h>
  23#include <linux/slab.h>
  24#include <linux/types.h>
  25#include <linux/string.h>
  26#include <linux/genhd.h>
  27#include <linux/fs.h>
  28#include <linux/init.h>
  29#include <linux/proc_fs.h>
  30#include <linux/vmalloc.h>
  31#include <linux/moduleparam.h>
  32#include <linux/scatterlist.h>
  33#include <linux/blkdev.h>
  34#include <linux/crc-t10dif.h>
  35#include <linux/spinlock.h>
  36#include <linux/interrupt.h>
  37#include <linux/atomic.h>
  38#include <linux/hrtimer.h>
  39#include <linux/uuid.h>
  40#include <linux/t10-pi.h>
  41#include <linux/msdos_partition.h>
  42#include <linux/random.h>
  43#include <linux/xarray.h>
  44#include <linux/prefetch.h>
  45
  46#include <net/checksum.h>
  47
  48#include <asm/unaligned.h>
  49
  50#include <scsi/scsi.h>
  51#include <scsi/scsi_cmnd.h>
  52#include <scsi/scsi_device.h>
  53#include <scsi/scsi_host.h>
  54#include <scsi/scsicam.h>
  55#include <scsi/scsi_eh.h>
  56#include <scsi/scsi_tcq.h>
  57#include <scsi/scsi_dbg.h>
  58
  59#include "sd.h"
  60#include "scsi_logging.h"
  61
  62/* make sure inq_product_rev string corresponds to this version */
  63#define SDEBUG_VERSION "0190"   /* format to fit INQUIRY revision field */
  64static const char *sdebug_version_date = "20200710";
  65
  66#define MY_NAME "scsi_debug"
  67
  68/* Additional Sense Code (ASC) */
  69#define NO_ADDITIONAL_SENSE 0x0
  70#define LOGICAL_UNIT_NOT_READY 0x4
  71#define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
  72#define UNRECOVERED_READ_ERR 0x11
  73#define PARAMETER_LIST_LENGTH_ERR 0x1a
  74#define INVALID_OPCODE 0x20
  75#define LBA_OUT_OF_RANGE 0x21
  76#define INVALID_FIELD_IN_CDB 0x24
  77#define INVALID_FIELD_IN_PARAM_LIST 0x26
  78#define WRITE_PROTECTED 0x27
  79#define UA_RESET_ASC 0x29
  80#define UA_CHANGED_ASC 0x2a
  81#define TARGET_CHANGED_ASC 0x3f
  82#define LUNS_CHANGED_ASCQ 0x0e
  83#define INSUFF_RES_ASC 0x55
  84#define INSUFF_RES_ASCQ 0x3
  85#define POWER_ON_RESET_ASCQ 0x0
  86#define BUS_RESET_ASCQ 0x2      /* scsi bus reset occurred */
  87#define MODE_CHANGED_ASCQ 0x1   /* mode parameters changed */
  88#define CAPACITY_CHANGED_ASCQ 0x9
  89#define SAVING_PARAMS_UNSUP 0x39
  90#define TRANSPORT_PROBLEM 0x4b
  91#define THRESHOLD_EXCEEDED 0x5d
  92#define LOW_POWER_COND_ON 0x5e
  93#define MISCOMPARE_VERIFY_ASC 0x1d
  94#define MICROCODE_CHANGED_ASCQ 0x1      /* with TARGET_CHANGED_ASC */
  95#define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
  96#define WRITE_ERROR_ASC 0xc
  97#define UNALIGNED_WRITE_ASCQ 0x4
  98#define WRITE_BOUNDARY_ASCQ 0x5
  99#define READ_INVDATA_ASCQ 0x6
 100#define READ_BOUNDARY_ASCQ 0x7
 101#define INSUFF_ZONE_ASCQ 0xe
 102
 103/* Additional Sense Code Qualifier (ASCQ) */
 104#define ACK_NAK_TO 0x3
 105
 106/* Default values for driver parameters */
 107#define DEF_NUM_HOST   1
 108#define DEF_NUM_TGTS   1
 109#define DEF_MAX_LUNS   1
 110/* With these defaults, this driver will make 1 host with 1 target
 111 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
 112 */
 113#define DEF_ATO 1
 114#define DEF_CDB_LEN 10
 115#define DEF_JDELAY   1          /* if > 0 unit is a jiffy */
 116#define DEF_DEV_SIZE_PRE_INIT   0
 117#define DEF_DEV_SIZE_MB   8
 118#define DEF_ZBC_DEV_SIZE_MB   128
 119#define DEF_DIF 0
 120#define DEF_DIX 0
 121#define DEF_PER_HOST_STORE false
 122#define DEF_D_SENSE   0
 123#define DEF_EVERY_NTH   0
 124#define DEF_FAKE_RW     0
 125#define DEF_GUARD 0
 126#define DEF_HOST_LOCK 0
 127#define DEF_LBPU 0
 128#define DEF_LBPWS 0
 129#define DEF_LBPWS10 0
 130#define DEF_LBPRZ 1
 131#define DEF_LOWEST_ALIGNED 0
 132#define DEF_NDELAY   0          /* if > 0 unit is a nanosecond */
 133#define DEF_NO_LUN_0   0
 134#define DEF_NUM_PARTS   0
 135#define DEF_OPTS   0
 136#define DEF_OPT_BLKS 1024
 137#define DEF_PHYSBLK_EXP 0
 138#define DEF_OPT_XFERLEN_EXP 0
 139#define DEF_PTYPE   TYPE_DISK
 140#define DEF_RANDOM false
 141#define DEF_REMOVABLE false
 142#define DEF_SCSI_LEVEL   7    /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
 143#define DEF_SECTOR_SIZE 512
 144#define DEF_UNMAP_ALIGNMENT 0
 145#define DEF_UNMAP_GRANULARITY 1
 146#define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
 147#define DEF_UNMAP_MAX_DESC 256
 148#define DEF_VIRTUAL_GB   0
 149#define DEF_VPD_USE_HOSTNO 1
 150#define DEF_WRITESAME_LENGTH 0xFFFF
 151#define DEF_STRICT 0
 152#define DEF_STATISTICS false
 153#define DEF_SUBMIT_QUEUES 1
 154#define DEF_TUR_MS_TO_READY 0
 155#define DEF_UUID_CTL 0
 156#define JDELAY_OVERRIDDEN -9999
 157
 158/* Default parameters for ZBC drives */
 159#define DEF_ZBC_ZONE_SIZE_MB    128
 160#define DEF_ZBC_MAX_OPEN_ZONES  8
 161#define DEF_ZBC_NR_CONV_ZONES   1
 162
 163#define SDEBUG_LUN_0_VAL 0
 164
 165/* bit mask values for sdebug_opts */
 166#define SDEBUG_OPT_NOISE                1
 167#define SDEBUG_OPT_MEDIUM_ERR           2
 168#define SDEBUG_OPT_TIMEOUT              4
 169#define SDEBUG_OPT_RECOVERED_ERR        8
 170#define SDEBUG_OPT_TRANSPORT_ERR        16
 171#define SDEBUG_OPT_DIF_ERR              32
 172#define SDEBUG_OPT_DIX_ERR              64
 173#define SDEBUG_OPT_MAC_TIMEOUT          128
 174#define SDEBUG_OPT_SHORT_TRANSFER       0x100
 175#define SDEBUG_OPT_Q_NOISE              0x200
 176#define SDEBUG_OPT_ALL_TSF              0x400
 177#define SDEBUG_OPT_RARE_TSF             0x800
 178#define SDEBUG_OPT_N_WCE                0x1000
 179#define SDEBUG_OPT_RESET_NOISE          0x2000
 180#define SDEBUG_OPT_NO_CDB_NOISE         0x4000
 181#define SDEBUG_OPT_HOST_BUSY            0x8000
 182#define SDEBUG_OPT_CMD_ABORT            0x10000
 183#define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
 184                              SDEBUG_OPT_RESET_NOISE)
 185#define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
 186                                  SDEBUG_OPT_TRANSPORT_ERR | \
 187                                  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
 188                                  SDEBUG_OPT_SHORT_TRANSFER | \
 189                                  SDEBUG_OPT_HOST_BUSY | \
 190                                  SDEBUG_OPT_CMD_ABORT)
 191#define SDEBUG_OPT_RECOV_DIF_DIX (SDEBUG_OPT_RECOVERED_ERR | \
 192                                  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR)
 193
 194/* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
 195 * priority order. In the subset implemented here lower numbers have higher
 196 * priority. The UA numbers should be a sequence starting from 0 with
 197 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
 198#define SDEBUG_UA_POR 0         /* Power on, reset, or bus device reset */
 199#define SDEBUG_UA_BUS_RESET 1
 200#define SDEBUG_UA_MODE_CHANGED 2
 201#define SDEBUG_UA_CAPACITY_CHANGED 3
 202#define SDEBUG_UA_LUNS_CHANGED 4
 203#define SDEBUG_UA_MICROCODE_CHANGED 5   /* simulate firmware change */
 204#define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
 205#define SDEBUG_NUM_UAS 7
 206
 207/* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
 208 * sector on read commands: */
 209#define OPT_MEDIUM_ERR_ADDR   0x1234 /* that's sector 4660 in decimal */
 210#define OPT_MEDIUM_ERR_NUM    10     /* number of consecutive medium errs */
 211
 212/* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
 213 * (for response) per submit queue at one time. Can be reduced by max_queue
 214 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
 215 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
 216 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
 217 * but cannot exceed SDEBUG_CANQUEUE .
 218 */
 219#define SDEBUG_CANQUEUE_WORDS  3        /* a WORD is bits in a long */
 220#define SDEBUG_CANQUEUE  (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
 221#define DEF_CMD_PER_LUN  SDEBUG_CANQUEUE
 222
 223/* UA - Unit Attention; SA - Service Action; SSU - Start Stop Unit */
 224#define F_D_IN                  1       /* Data-in command (e.g. READ) */
 225#define F_D_OUT                 2       /* Data-out command (e.g. WRITE) */
 226#define F_D_OUT_MAYBE           4       /* WRITE SAME, NDOB bit */
 227#define F_D_UNKN                8
 228#define F_RL_WLUN_OK            0x10    /* allowed with REPORT LUNS W-LUN */
 229#define F_SKIP_UA               0x20    /* bypass UAs (e.g. INQUIRY command) */
 230#define F_DELAY_OVERR           0x40    /* for commands like INQUIRY */
 231#define F_SA_LOW                0x80    /* SA is in cdb byte 1, bits 4 to 0 */
 232#define F_SA_HIGH               0x100   /* SA is in cdb bytes 8 and 9 */
 233#define F_INV_OP                0x200   /* invalid opcode (not supported) */
 234#define F_FAKE_RW               0x400   /* bypass resp_*() when fake_rw set */
 235#define F_M_ACCESS              0x800   /* media access, reacts to SSU state */
 236#define F_SSU_DELAY             0x1000  /* SSU command delay (long-ish) */
 237#define F_SYNC_DELAY            0x2000  /* SYNCHRONIZE CACHE delay */
 238
 239/* Useful combinations of the above flags */
 240#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
 241#define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
 242#define FF_SA (F_SA_HIGH | F_SA_LOW)
 243#define F_LONG_DELAY            (F_SSU_DELAY | F_SYNC_DELAY)
 244
 245#define SDEBUG_MAX_PARTS 4
 246
 247#define SDEBUG_MAX_CMD_LEN 32
 248
 249#define SDEB_XA_NOT_IN_USE XA_MARK_1
 250
 251/* Zone types (zbcr05 table 25) */
 252enum sdebug_z_type {
 253        ZBC_ZONE_TYPE_CNV       = 0x1,
 254        ZBC_ZONE_TYPE_SWR       = 0x2,
 255        ZBC_ZONE_TYPE_SWP       = 0x3,
 256};
 257
 258/* enumeration names taken from table 26, zbcr05 */
 259enum sdebug_z_cond {
 260        ZBC_NOT_WRITE_POINTER   = 0x0,
 261        ZC1_EMPTY               = 0x1,
 262        ZC2_IMPLICIT_OPEN       = 0x2,
 263        ZC3_EXPLICIT_OPEN       = 0x3,
 264        ZC4_CLOSED              = 0x4,
 265        ZC6_READ_ONLY           = 0xd,
 266        ZC5_FULL                = 0xe,
 267        ZC7_OFFLINE             = 0xf,
 268};
 269
 270struct sdeb_zone_state {        /* ZBC: per zone state */
 271        enum sdebug_z_type z_type;
 272        enum sdebug_z_cond z_cond;
 273        bool z_non_seq_resource;
 274        unsigned int z_size;
 275        sector_t z_start;
 276        sector_t z_wp;
 277};
 278
 279struct sdebug_dev_info {
 280        struct list_head dev_list;
 281        unsigned int channel;
 282        unsigned int target;
 283        u64 lun;
 284        uuid_t lu_name;
 285        struct sdebug_host_info *sdbg_host;
 286        unsigned long uas_bm[1];
 287        atomic_t num_in_q;
 288        atomic_t stopped;       /* 1: by SSU, 2: device start */
 289        bool used;
 290
 291        /* For ZBC devices */
 292        enum blk_zoned_model zmodel;
 293        unsigned int zsize;
 294        unsigned int zsize_shift;
 295        unsigned int nr_zones;
 296        unsigned int nr_conv_zones;
 297        unsigned int nr_imp_open;
 298        unsigned int nr_exp_open;
 299        unsigned int nr_closed;
 300        unsigned int max_open;
 301        ktime_t create_ts;      /* time since bootup that this device was created */
 302        struct sdeb_zone_state *zstate;
 303};
 304
 305struct sdebug_host_info {
 306        struct list_head host_list;
 307        int si_idx;     /* sdeb_store_info (per host) xarray index */
 308        struct Scsi_Host *shost;
 309        struct device dev;
 310        struct list_head dev_info_list;
 311};
 312
 313/* There is an xarray of pointers to this struct's objects, one per host */
 314struct sdeb_store_info {
 315        rwlock_t macc_lck;      /* for atomic media access on this store */
 316        u8 *storep;             /* user data storage (ram) */
 317        struct t10_pi_tuple *dif_storep; /* protection info */
 318        void *map_storep;       /* provisioning map */
 319};
 320
 321#define to_sdebug_host(d)       \
 322        container_of(d, struct sdebug_host_info, dev)
 323
 324enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
 325                      SDEB_DEFER_WQ = 2, SDEB_DEFER_POLL = 3};
 326
 327struct sdebug_defer {
 328        struct hrtimer hrt;
 329        struct execute_work ew;
 330        ktime_t cmpl_ts;/* time since boot to complete this cmd */
 331        int sqa_idx;    /* index of sdebug_queue array */
 332        int qc_idx;     /* index of sdebug_queued_cmd array within sqa_idx */
 333        int hc_idx;     /* hostwide tag index */
 334        int issuing_cpu;
 335        bool init_hrt;
 336        bool init_wq;
 337        bool init_poll;
 338        bool aborted;   /* true when blk_abort_request() already called */
 339        enum sdeb_defer_type defer_t;
 340};
 341
 342struct sdebug_queued_cmd {
 343        /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
 344         * instance indicates this slot is in use.
 345         */
 346        struct sdebug_defer *sd_dp;
 347        struct scsi_cmnd *a_cmnd;
 348};
 349
 350struct sdebug_queue {
 351        struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
 352        unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
 353        spinlock_t qc_lock;
 354        atomic_t blocked;       /* to temporarily stop more being queued */
 355};
 356
 357static atomic_t sdebug_cmnd_count;   /* number of incoming commands */
 358static atomic_t sdebug_completions;  /* count of deferred completions */
 359static atomic_t sdebug_miss_cpus;    /* submission + completion cpus differ */
 360static atomic_t sdebug_a_tsf;        /* 'almost task set full' counter */
 361static atomic_t sdeb_inject_pending;
 362static atomic_t sdeb_mq_poll_count;  /* bumped when mq_poll returns > 0 */
 363
 364struct opcode_info_t {
 365        u8 num_attached;        /* 0 if this is it (i.e. a leaf); use 0xff */
 366                                /* for terminating element */
 367        u8 opcode;              /* if num_attached > 0, preferred */
 368        u16 sa;                 /* service action */
 369        u32 flags;              /* OR-ed set of SDEB_F_* */
 370        int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
 371        const struct opcode_info_t *arrp;  /* num_attached elements or NULL */
 372        u8 len_mask[16];        /* len_mask[0]-->cdb_len, then mask for cdb */
 373                                /* 1 to min(cdb_len, 15); ignore cdb[15...] */
 374};
 375
 376/* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
 377enum sdeb_opcode_index {
 378        SDEB_I_INVALID_OPCODE = 0,
 379        SDEB_I_INQUIRY = 1,
 380        SDEB_I_REPORT_LUNS = 2,
 381        SDEB_I_REQUEST_SENSE = 3,
 382        SDEB_I_TEST_UNIT_READY = 4,
 383        SDEB_I_MODE_SENSE = 5,          /* 6, 10 */
 384        SDEB_I_MODE_SELECT = 6,         /* 6, 10 */
 385        SDEB_I_LOG_SENSE = 7,
 386        SDEB_I_READ_CAPACITY = 8,       /* 10; 16 is in SA_IN(16) */
 387        SDEB_I_READ = 9,                /* 6, 10, 12, 16 */
 388        SDEB_I_WRITE = 10,              /* 6, 10, 12, 16 */
 389        SDEB_I_START_STOP = 11,
 390        SDEB_I_SERV_ACT_IN_16 = 12,     /* add ...SERV_ACT_IN_12 if needed */
 391        SDEB_I_SERV_ACT_OUT_16 = 13,    /* add ...SERV_ACT_OUT_12 if needed */
 392        SDEB_I_MAINT_IN = 14,
 393        SDEB_I_MAINT_OUT = 15,
 394        SDEB_I_VERIFY = 16,             /* VERIFY(10), VERIFY(16) */
 395        SDEB_I_VARIABLE_LEN = 17,       /* READ(32), WRITE(32), WR_SCAT(32) */
 396        SDEB_I_RESERVE = 18,            /* 6, 10 */
 397        SDEB_I_RELEASE = 19,            /* 6, 10 */
 398        SDEB_I_ALLOW_REMOVAL = 20,      /* PREVENT ALLOW MEDIUM REMOVAL */
 399        SDEB_I_REZERO_UNIT = 21,        /* REWIND in SSC */
 400        SDEB_I_ATA_PT = 22,             /* 12, 16 */
 401        SDEB_I_SEND_DIAG = 23,
 402        SDEB_I_UNMAP = 24,
 403        SDEB_I_WRITE_BUFFER = 25,
 404        SDEB_I_WRITE_SAME = 26,         /* 10, 16 */
 405        SDEB_I_SYNC_CACHE = 27,         /* 10, 16 */
 406        SDEB_I_COMP_WRITE = 28,
 407        SDEB_I_PRE_FETCH = 29,          /* 10, 16 */
 408        SDEB_I_ZONE_OUT = 30,           /* 0x94+SA; includes no data xfer */
 409        SDEB_I_ZONE_IN = 31,            /* 0x95+SA; all have data-in */
 410        SDEB_I_LAST_ELEM_P1 = 32,       /* keep this last (previous + 1) */
 411};
 412
 413
 414static const unsigned char opcode_ind_arr[256] = {
 415/* 0x0; 0x0->0x1f: 6 byte cdbs */
 416        SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
 417            0, 0, 0, 0,
 418        SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
 419        0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
 420            SDEB_I_RELEASE,
 421        0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
 422            SDEB_I_ALLOW_REMOVAL, 0,
 423/* 0x20; 0x20->0x3f: 10 byte cdbs */
 424        0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
 425        SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
 426        0, 0, 0, 0, SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, 0,
 427        0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
 428/* 0x40; 0x40->0x5f: 10 byte cdbs */
 429        0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
 430        0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
 431        0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
 432            SDEB_I_RELEASE,
 433        0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
 434/* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
 435        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 436        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 437        0, SDEB_I_VARIABLE_LEN,
 438/* 0x80; 0x80->0x9f: 16 byte cdbs */
 439        0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
 440        SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0,
 441        0, 0, 0, SDEB_I_VERIFY,
 442        SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME,
 443        SDEB_I_ZONE_OUT, SDEB_I_ZONE_IN, 0, 0,
 444        0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
 445/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
 446        SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
 447             SDEB_I_MAINT_OUT, 0, 0, 0,
 448        SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
 449             0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
 450        0, 0, 0, 0, 0, 0, 0, 0,
 451        0, 0, 0, 0, 0, 0, 0, 0,
 452/* 0xc0; 0xc0->0xff: vendor specific */
 453        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 454        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 455        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 456        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 457};
 458
 459/*
 460 * The following "response" functions return the SCSI mid-level's 4 byte
 461 * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
 462 * command completion, they can mask their return value with
 463 * SDEG_RES_IMMED_MASK .
 464 */
 465#define SDEG_RES_IMMED_MASK 0x40000000
 466
 467static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
 468static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
 469static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
 470static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
 471static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
 472static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
 473static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
 474static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
 475static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
 476static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
 477static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
 478static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
 479static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
 480static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
 481static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
 482static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
 483static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
 484static int resp_verify(struct scsi_cmnd *, struct sdebug_dev_info *);
 485static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
 486static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
 487static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
 488static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
 489static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
 490static int resp_pre_fetch(struct scsi_cmnd *, struct sdebug_dev_info *);
 491static int resp_report_zones(struct scsi_cmnd *, struct sdebug_dev_info *);
 492static int resp_open_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
 493static int resp_close_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
 494static int resp_finish_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
 495static int resp_rwp_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
 496
 497static int sdebug_do_add_host(bool mk_new_store);
 498static int sdebug_add_host_helper(int per_host_idx);
 499static void sdebug_do_remove_host(bool the_end);
 500static int sdebug_add_store(void);
 501static void sdebug_erase_store(int idx, struct sdeb_store_info *sip);
 502static void sdebug_erase_all_stores(bool apart_from_first);
 503
 504/*
 505 * The following are overflow arrays for cdbs that "hit" the same index in
 506 * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
 507 * should be placed in opcode_info_arr[], the others should be placed here.
 508 */
 509static const struct opcode_info_t msense_iarr[] = {
 510        {0, 0x1a, 0, F_D_IN, NULL, NULL,
 511            {6,  0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 512};
 513
 514static const struct opcode_info_t mselect_iarr[] = {
 515        {0, 0x15, 0, F_D_OUT, NULL, NULL,
 516            {6,  0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 517};
 518
 519static const struct opcode_info_t read_iarr[] = {
 520        {0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
 521            {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
 522             0, 0, 0, 0} },
 523        {0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
 524            {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 525        {0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
 526            {12,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
 527             0xc7, 0, 0, 0, 0} },
 528};
 529
 530static const struct opcode_info_t write_iarr[] = {
 531        {0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(10) */
 532            NULL, {10,  0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
 533                   0, 0, 0, 0, 0, 0} },
 534        {0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,   /* WRITE(6) */
 535            NULL, {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
 536                   0, 0, 0} },
 537        {0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(12) */
 538            NULL, {12,  0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 539                   0xbf, 0xc7, 0, 0, 0, 0} },
 540};
 541
 542static const struct opcode_info_t verify_iarr[] = {
 543        {0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,/* VERIFY(10) */
 544            NULL, {10,  0xf7, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xff, 0xff, 0xc7,
 545                   0, 0, 0, 0, 0, 0} },
 546};
 547
 548static const struct opcode_info_t sa_in_16_iarr[] = {
 549        {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
 550            {16,  0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 551             0xff, 0xff, 0xff, 0, 0xc7} },      /* GET LBA STATUS(16) */
 552};
 553
 554static const struct opcode_info_t vl_iarr[] = { /* VARIABLE LENGTH */
 555        {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
 556            NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
 557                   0, 0xff, 0xff, 0xff, 0xff} },        /* WRITE(32) */
 558        {0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
 559            NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
 560                   0, 0xff, 0xff, 0x0, 0x0} },  /* WRITE SCATTERED(32) */
 561};
 562
 563static const struct opcode_info_t maint_in_iarr[] = {   /* MAINT IN */
 564        {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
 565            {12,  0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
 566             0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
 567        {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
 568            {12,  0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
 569             0, 0} },   /* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
 570};
 571
 572static const struct opcode_info_t write_same_iarr[] = {
 573        {0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
 574            {16,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 575             0xff, 0xff, 0xff, 0x3f, 0xc7} },           /* WRITE SAME(16) */
 576};
 577
 578static const struct opcode_info_t reserve_iarr[] = {
 579        {0, 0x16, 0, F_D_OUT, NULL, NULL,               /* RESERVE(6) */
 580            {6,  0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 581};
 582
 583static const struct opcode_info_t release_iarr[] = {
 584        {0, 0x17, 0, F_D_OUT, NULL, NULL,               /* RELEASE(6) */
 585            {6,  0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 586};
 587
 588static const struct opcode_info_t sync_cache_iarr[] = {
 589        {0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
 590            {16,  0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 591             0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },     /* SYNC_CACHE (16) */
 592};
 593
 594static const struct opcode_info_t pre_fetch_iarr[] = {
 595        {0, 0x90, 0, F_SYNC_DELAY | FF_MEDIA_IO, resp_pre_fetch, NULL,
 596            {16,  0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 597             0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },     /* PRE-FETCH (16) */
 598};
 599
 600static const struct opcode_info_t zone_out_iarr[] = {   /* ZONE OUT(16) */
 601        {0, 0x94, 0x1, F_SA_LOW | F_M_ACCESS, resp_close_zone, NULL,
 602            {16, 0x1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 603             0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },      /* CLOSE ZONE */
 604        {0, 0x94, 0x2, F_SA_LOW | F_M_ACCESS, resp_finish_zone, NULL,
 605            {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 606             0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },      /* FINISH ZONE */
 607        {0, 0x94, 0x4, F_SA_LOW | F_M_ACCESS, resp_rwp_zone, NULL,
 608            {16, 0x4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 609             0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },  /* RESET WRITE POINTER */
 610};
 611
 612static const struct opcode_info_t zone_in_iarr[] = {    /* ZONE IN(16) */
 613        {0, 0x95, 0x6, F_SA_LOW | F_D_IN | F_M_ACCESS, NULL, NULL,
 614            {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 615             0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* REPORT ZONES */
 616};
 617
 618
 619/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
 620 * plus the terminating elements for logic that scans this table such as
 621 * REPORT SUPPORTED OPERATION CODES. */
 622static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEM_P1 + 1] = {
 623/* 0 */
 624        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,    /* unknown opcodes */
 625            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 626        {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
 627            {6,  0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 628        {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
 629            {12,  0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
 630             0, 0} },                                   /* REPORT LUNS */
 631        {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
 632            {6,  0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 633        {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
 634            {6,  0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 635/* 5 */
 636        {ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN,      /* MODE SENSE(10) */
 637            resp_mode_sense, msense_iarr, {10,  0xf8, 0xff, 0xff, 0, 0, 0,
 638                0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
 639        {ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT,    /* MODE SELECT(10) */
 640            resp_mode_select, mselect_iarr, {10,  0xf1, 0, 0, 0, 0, 0, 0xff,
 641                0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
 642        {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,      /* LOG SENSE */
 643            {10,  0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
 644             0, 0, 0} },
 645        {0, 0x25, 0, F_D_IN, resp_readcap, NULL,    /* READ CAPACITY(10) */
 646            {10,  0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
 647             0, 0} },
 648        {ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
 649            resp_read_dt0, read_iarr, {16,  0xfe, 0xff, 0xff, 0xff, 0xff,
 650            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
 651/* 10 */
 652        {ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
 653            resp_write_dt0, write_iarr,                 /* WRITE(16) */
 654                {16,  0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 655                 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
 656        {0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
 657            {6,  0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 658        {ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
 659            resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
 660                {16,  0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 661                 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
 662        {0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
 663            NULL, {16,  0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
 664            0xff, 0xff, 0xff, 0xff, 0xc7} },  /* SA_OUT(16), WRITE SCAT(16) */
 665        {ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
 666            resp_report_tgtpgs, /* MAINT IN, REPORT TARGET PORT GROUPS */
 667                maint_in_iarr, {12,  0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
 668                                0xff, 0, 0xc7, 0, 0, 0, 0} },
 669/* 15 */
 670        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
 671            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 672        {ARRAY_SIZE(verify_iarr), 0x8f, 0,
 673            F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,   /* VERIFY(16) */
 674            verify_iarr, {16,  0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 675                          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },
 676        {ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
 677            resp_read_dt0, vl_iarr,     /* VARIABLE LENGTH, READ(32) */
 678            {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
 679             0xff, 0xff} },
 680        {ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
 681            NULL, reserve_iarr, /* RESERVE(10) <no response function> */
 682            {10,  0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
 683             0} },
 684        {ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
 685            NULL, release_iarr, /* RELEASE(10) <no response function> */
 686            {10,  0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
 687             0} },
 688/* 20 */
 689        {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
 690            {6,  0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 691        {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
 692            {6,  0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 693        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
 694            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 695        {0, 0x1d, F_D_OUT, 0, NULL, NULL,       /* SEND DIAGNOSTIC */
 696            {6,  0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 697        {0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
 698            {10,  0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
 699/* 25 */
 700        {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
 701            {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
 702             0, 0, 0, 0} },                     /* WRITE_BUFFER */
 703        {ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
 704            resp_write_same_10, write_same_iarr,        /* WRITE SAME(10) */
 705                {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
 706                 0, 0, 0, 0, 0} },
 707        {ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
 708            resp_sync_cache, sync_cache_iarr,
 709            {10,  0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
 710             0, 0, 0, 0} },                     /* SYNC_CACHE (10) */
 711        {0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
 712            {16,  0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
 713             0, 0xff, 0x3f, 0xc7} },            /* COMPARE AND WRITE */
 714        {ARRAY_SIZE(pre_fetch_iarr), 0x34, 0, F_SYNC_DELAY | FF_MEDIA_IO,
 715            resp_pre_fetch, pre_fetch_iarr,
 716            {10,  0x2, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
 717             0, 0, 0, 0} },                     /* PRE-FETCH (10) */
 718
 719/* 30 */
 720        {ARRAY_SIZE(zone_out_iarr), 0x94, 0x3, F_SA_LOW | F_M_ACCESS,
 721            resp_open_zone, zone_out_iarr, /* ZONE_OUT(16), OPEN ZONE) */
 722                {16,  0x3 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 723                 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0x1, 0xc7} },
 724        {ARRAY_SIZE(zone_in_iarr), 0x95, 0x0, F_SA_LOW | F_M_ACCESS,
 725            resp_report_zones, zone_in_iarr, /* ZONE_IN(16), REPORT ZONES) */
 726                {16,  0x0 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 727                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xc7} },
 728/* sentinel */
 729        {0xff, 0, 0, 0, NULL, NULL,             /* terminating element */
 730            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
 731};
 732
 733static int sdebug_num_hosts;
 734static int sdebug_add_host = DEF_NUM_HOST;  /* in sysfs this is relative */
 735static int sdebug_ato = DEF_ATO;
 736static int sdebug_cdb_len = DEF_CDB_LEN;
 737static int sdebug_jdelay = DEF_JDELAY;  /* if > 0 then unit is jiffies */
 738static int sdebug_dev_size_mb = DEF_DEV_SIZE_PRE_INIT;
 739static int sdebug_dif = DEF_DIF;
 740static int sdebug_dix = DEF_DIX;
 741static int sdebug_dsense = DEF_D_SENSE;
 742static int sdebug_every_nth = DEF_EVERY_NTH;
 743static int sdebug_fake_rw = DEF_FAKE_RW;
 744static unsigned int sdebug_guard = DEF_GUARD;
 745static int sdebug_host_max_queue;       /* per host */
 746static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
 747static int sdebug_max_luns = DEF_MAX_LUNS;
 748static int sdebug_max_queue = SDEBUG_CANQUEUE;  /* per submit queue */
 749static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
 750static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
 751static atomic_t retired_max_queue;      /* if > 0 then was prior max_queue */
 752static int sdebug_ndelay = DEF_NDELAY;  /* if > 0 then unit is nanoseconds */
 753static int sdebug_no_lun_0 = DEF_NO_LUN_0;
 754static int sdebug_no_uld;
 755static int sdebug_num_parts = DEF_NUM_PARTS;
 756static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
 757static int sdebug_opt_blks = DEF_OPT_BLKS;
 758static int sdebug_opts = DEF_OPTS;
 759static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
 760static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
 761static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
 762static int sdebug_scsi_level = DEF_SCSI_LEVEL;
 763static int sdebug_sector_size = DEF_SECTOR_SIZE;
 764static int sdeb_tur_ms_to_ready = DEF_TUR_MS_TO_READY;
 765static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
 766static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
 767static unsigned int sdebug_lbpu = DEF_LBPU;
 768static unsigned int sdebug_lbpws = DEF_LBPWS;
 769static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
 770static unsigned int sdebug_lbprz = DEF_LBPRZ;
 771static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
 772static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
 773static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
 774static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
 775static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
 776static int sdebug_uuid_ctl = DEF_UUID_CTL;
 777static bool sdebug_random = DEF_RANDOM;
 778static bool sdebug_per_host_store = DEF_PER_HOST_STORE;
 779static bool sdebug_removable = DEF_REMOVABLE;
 780static bool sdebug_clustering;
 781static bool sdebug_host_lock = DEF_HOST_LOCK;
 782static bool sdebug_strict = DEF_STRICT;
 783static bool sdebug_any_injecting_opt;
 784static bool sdebug_verbose;
 785static bool have_dif_prot;
 786static bool write_since_sync;
 787static bool sdebug_statistics = DEF_STATISTICS;
 788static bool sdebug_wp;
 789/* Following enum: 0: no zbc, def; 1: host aware; 2: host managed */
 790static enum blk_zoned_model sdeb_zbc_model = BLK_ZONED_NONE;
 791static char *sdeb_zbc_model_s;
 792
 793enum sam_lun_addr_method {SAM_LUN_AM_PERIPHERAL = 0x0,
 794                          SAM_LUN_AM_FLAT = 0x1,
 795                          SAM_LUN_AM_LOGICAL_UNIT = 0x2,
 796                          SAM_LUN_AM_EXTENDED = 0x3};
 797static enum sam_lun_addr_method sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
 798static int sdebug_lun_am_i = (int)SAM_LUN_AM_PERIPHERAL;
 799
 800static unsigned int sdebug_store_sectors;
 801static sector_t sdebug_capacity;        /* in sectors */
 802
 803/* old BIOS stuff, kernel may get rid of them but some mode sense pages
 804   may still need them */
 805static int sdebug_heads;                /* heads per disk */
 806static int sdebug_cylinders_per;        /* cylinders per surface */
 807static int sdebug_sectors_per;          /* sectors per cylinder */
 808
 809static LIST_HEAD(sdebug_host_list);
 810static DEFINE_SPINLOCK(sdebug_host_list_lock);
 811
 812static struct xarray per_store_arr;
 813static struct xarray *per_store_ap = &per_store_arr;
 814static int sdeb_first_idx = -1;         /* invalid index ==> none created */
 815static int sdeb_most_recent_idx = -1;
 816static DEFINE_RWLOCK(sdeb_fake_rw_lck); /* need a RW lock when fake_rw=1 */
 817
 818static unsigned long map_size;
 819static int num_aborts;
 820static int num_dev_resets;
 821static int num_target_resets;
 822static int num_bus_resets;
 823static int num_host_resets;
 824static int dix_writes;
 825static int dix_reads;
 826static int dif_errors;
 827
 828/* ZBC global data */
 829static bool sdeb_zbc_in_use;    /* true for host-aware and host-managed disks */
 830static int sdeb_zbc_zone_size_mb;
 831static int sdeb_zbc_max_open = DEF_ZBC_MAX_OPEN_ZONES;
 832static int sdeb_zbc_nr_conv = DEF_ZBC_NR_CONV_ZONES;
 833
 834static int submit_queues = DEF_SUBMIT_QUEUES;  /* > 1 for multi-queue (mq) */
 835static int poll_queues; /* iouring iopoll interface.*/
 836static struct sdebug_queue *sdebug_q_arr;  /* ptr to array of submit queues */
 837
 838static DEFINE_RWLOCK(atomic_rw);
 839static DEFINE_RWLOCK(atomic_rw2);
 840
 841static rwlock_t *ramdisk_lck_a[2];
 842
 843static char sdebug_proc_name[] = MY_NAME;
 844static const char *my_name = MY_NAME;
 845
 846static struct bus_type pseudo_lld_bus;
 847
 848static struct device_driver sdebug_driverfs_driver = {
 849        .name           = sdebug_proc_name,
 850        .bus            = &pseudo_lld_bus,
 851};
 852
 853static const int check_condition_result =
 854        SAM_STAT_CHECK_CONDITION;
 855
 856static const int illegal_condition_result =
 857        (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
 858
 859static const int device_qfull_result =
 860        (DID_OK << 16) | SAM_STAT_TASK_SET_FULL;
 861
 862static const int condition_met_result = SAM_STAT_CONDITION_MET;
 863
 864
 865/* Only do the extra work involved in logical block provisioning if one or
 866 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
 867 * real reads and writes (i.e. not skipping them for speed).
 868 */
 869static inline bool scsi_debug_lbp(void)
 870{
 871        return 0 == sdebug_fake_rw &&
 872                (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
 873}
 874
 875static void *lba2fake_store(struct sdeb_store_info *sip,
 876                            unsigned long long lba)
 877{
 878        struct sdeb_store_info *lsip = sip;
 879
 880        lba = do_div(lba, sdebug_store_sectors);
 881        if (!sip || !sip->storep) {
 882                WARN_ON_ONCE(true);
 883                lsip = xa_load(per_store_ap, 0);  /* should never be NULL */
 884        }
 885        return lsip->storep + lba * sdebug_sector_size;
 886}
 887
 888static struct t10_pi_tuple *dif_store(struct sdeb_store_info *sip,
 889                                      sector_t sector)
 890{
 891        sector = sector_div(sector, sdebug_store_sectors);
 892
 893        return sip->dif_storep + sector;
 894}
 895
 896static void sdebug_max_tgts_luns(void)
 897{
 898        struct sdebug_host_info *sdbg_host;
 899        struct Scsi_Host *hpnt;
 900
 901        spin_lock(&sdebug_host_list_lock);
 902        list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
 903                hpnt = sdbg_host->shost;
 904                if ((hpnt->this_id >= 0) &&
 905                    (sdebug_num_tgts > hpnt->this_id))
 906                        hpnt->max_id = sdebug_num_tgts + 1;
 907                else
 908                        hpnt->max_id = sdebug_num_tgts;
 909                /* sdebug_max_luns; */
 910                hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
 911        }
 912        spin_unlock(&sdebug_host_list_lock);
 913}
 914
 915enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
 916
 917/* Set in_bit to -1 to indicate no bit position of invalid field */
 918static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
 919                                 enum sdeb_cmd_data c_d,
 920                                 int in_byte, int in_bit)
 921{
 922        unsigned char *sbuff;
 923        u8 sks[4];
 924        int sl, asc;
 925
 926        sbuff = scp->sense_buffer;
 927        if (!sbuff) {
 928                sdev_printk(KERN_ERR, scp->device,
 929                            "%s: sense_buffer is NULL\n", __func__);
 930                return;
 931        }
 932        asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
 933        memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
 934        scsi_build_sense(scp, sdebug_dsense, ILLEGAL_REQUEST, asc, 0);
 935        memset(sks, 0, sizeof(sks));
 936        sks[0] = 0x80;
 937        if (c_d)
 938                sks[0] |= 0x40;
 939        if (in_bit >= 0) {
 940                sks[0] |= 0x8;
 941                sks[0] |= 0x7 & in_bit;
 942        }
 943        put_unaligned_be16(in_byte, sks + 1);
 944        if (sdebug_dsense) {
 945                sl = sbuff[7] + 8;
 946                sbuff[7] = sl;
 947                sbuff[sl] = 0x2;
 948                sbuff[sl + 1] = 0x6;
 949                memcpy(sbuff + sl + 4, sks, 3);
 950        } else
 951                memcpy(sbuff + 15, sks, 3);
 952        if (sdebug_verbose)
 953                sdev_printk(KERN_INFO, scp->device, "%s:  [sense_key,asc,ascq"
 954                            "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
 955                            my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
 956}
 957
 958static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
 959{
 960        if (!scp->sense_buffer) {
 961                sdev_printk(KERN_ERR, scp->device,
 962                            "%s: sense_buffer is NULL\n", __func__);
 963                return;
 964        }
 965        memset(scp->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
 966
 967        scsi_build_sense(scp, sdebug_dsense, key, asc, asq);
 968
 969        if (sdebug_verbose)
 970                sdev_printk(KERN_INFO, scp->device,
 971                            "%s:  [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
 972                            my_name, key, asc, asq);
 973}
 974
 975static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
 976{
 977        mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
 978}
 979
 980static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
 981                            void __user *arg)
 982{
 983        if (sdebug_verbose) {
 984                if (0x1261 == cmd)
 985                        sdev_printk(KERN_INFO, dev,
 986                                    "%s: BLKFLSBUF [0x1261]\n", __func__);
 987                else if (0x5331 == cmd)
 988                        sdev_printk(KERN_INFO, dev,
 989                                    "%s: CDROM_GET_CAPABILITY [0x5331]\n",
 990                                    __func__);
 991                else
 992                        sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
 993                                    __func__, cmd);
 994        }
 995        return -EINVAL;
 996        /* return -ENOTTY; // correct return but upsets fdisk */
 997}
 998
 999static void config_cdb_len(struct scsi_device *sdev)
1000{
1001        switch (sdebug_cdb_len) {
1002        case 6: /* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
1003                sdev->use_10_for_rw = false;
1004                sdev->use_16_for_rw = false;
1005                sdev->use_10_for_ms = false;
1006                break;
1007        case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
1008                sdev->use_10_for_rw = true;
1009                sdev->use_16_for_rw = false;
1010                sdev->use_10_for_ms = false;
1011                break;
1012        case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
1013                sdev->use_10_for_rw = true;
1014                sdev->use_16_for_rw = false;
1015                sdev->use_10_for_ms = true;
1016                break;
1017        case 16:
1018                sdev->use_10_for_rw = false;
1019                sdev->use_16_for_rw = true;
1020                sdev->use_10_for_ms = true;
1021                break;
1022        case 32: /* No knobs to suggest this so same as 16 for now */
1023                sdev->use_10_for_rw = false;
1024                sdev->use_16_for_rw = true;
1025                sdev->use_10_for_ms = true;
1026                break;
1027        default:
1028                pr_warn("unexpected cdb_len=%d, force to 10\n",
1029                        sdebug_cdb_len);
1030                sdev->use_10_for_rw = true;
1031                sdev->use_16_for_rw = false;
1032                sdev->use_10_for_ms = false;
1033                sdebug_cdb_len = 10;
1034                break;
1035        }
1036}
1037
1038static void all_config_cdb_len(void)
1039{
1040        struct sdebug_host_info *sdbg_host;
1041        struct Scsi_Host *shost;
1042        struct scsi_device *sdev;
1043
1044        spin_lock(&sdebug_host_list_lock);
1045        list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1046                shost = sdbg_host->shost;
1047                shost_for_each_device(sdev, shost) {
1048                        config_cdb_len(sdev);
1049                }
1050        }
1051        spin_unlock(&sdebug_host_list_lock);
1052}
1053
1054static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
1055{
1056        struct sdebug_host_info *sdhp;
1057        struct sdebug_dev_info *dp;
1058
1059        spin_lock(&sdebug_host_list_lock);
1060        list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
1061                list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
1062                        if ((devip->sdbg_host == dp->sdbg_host) &&
1063                            (devip->target == dp->target))
1064                                clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
1065                }
1066        }
1067        spin_unlock(&sdebug_host_list_lock);
1068}
1069
1070static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1071{
1072        int k;
1073
1074        k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
1075        if (k != SDEBUG_NUM_UAS) {
1076                const char *cp = NULL;
1077
1078                switch (k) {
1079                case SDEBUG_UA_POR:
1080                        mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1081                                        POWER_ON_RESET_ASCQ);
1082                        if (sdebug_verbose)
1083                                cp = "power on reset";
1084                        break;
1085                case SDEBUG_UA_BUS_RESET:
1086                        mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1087                                        BUS_RESET_ASCQ);
1088                        if (sdebug_verbose)
1089                                cp = "bus reset";
1090                        break;
1091                case SDEBUG_UA_MODE_CHANGED:
1092                        mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1093                                        MODE_CHANGED_ASCQ);
1094                        if (sdebug_verbose)
1095                                cp = "mode parameters changed";
1096                        break;
1097                case SDEBUG_UA_CAPACITY_CHANGED:
1098                        mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1099                                        CAPACITY_CHANGED_ASCQ);
1100                        if (sdebug_verbose)
1101                                cp = "capacity data changed";
1102                        break;
1103                case SDEBUG_UA_MICROCODE_CHANGED:
1104                        mk_sense_buffer(scp, UNIT_ATTENTION,
1105                                        TARGET_CHANGED_ASC,
1106                                        MICROCODE_CHANGED_ASCQ);
1107                        if (sdebug_verbose)
1108                                cp = "microcode has been changed";
1109                        break;
1110                case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
1111                        mk_sense_buffer(scp, UNIT_ATTENTION,
1112                                        TARGET_CHANGED_ASC,
1113                                        MICROCODE_CHANGED_WO_RESET_ASCQ);
1114                        if (sdebug_verbose)
1115                                cp = "microcode has been changed without reset";
1116                        break;
1117                case SDEBUG_UA_LUNS_CHANGED:
1118                        /*
1119                         * SPC-3 behavior is to report a UNIT ATTENTION with
1120                         * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
1121                         * on the target, until a REPORT LUNS command is
1122                         * received.  SPC-4 behavior is to report it only once.
1123                         * NOTE:  sdebug_scsi_level does not use the same
1124                         * values as struct scsi_device->scsi_level.
1125                         */
1126                        if (sdebug_scsi_level >= 6)     /* SPC-4 and above */
1127                                clear_luns_changed_on_target(devip);
1128                        mk_sense_buffer(scp, UNIT_ATTENTION,
1129                                        TARGET_CHANGED_ASC,
1130                                        LUNS_CHANGED_ASCQ);
1131                        if (sdebug_verbose)
1132                                cp = "reported luns data has changed";
1133                        break;
1134                default:
1135                        pr_warn("unexpected unit attention code=%d\n", k);
1136                        if (sdebug_verbose)
1137                                cp = "unknown";
1138                        break;
1139                }
1140                clear_bit(k, devip->uas_bm);
1141                if (sdebug_verbose)
1142                        sdev_printk(KERN_INFO, scp->device,
1143                                   "%s reports: Unit attention: %s\n",
1144                                   my_name, cp);
1145                return check_condition_result;
1146        }
1147        return 0;
1148}
1149
1150/* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1151static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1152                                int arr_len)
1153{
1154        int act_len;
1155        struct scsi_data_buffer *sdb = &scp->sdb;
1156
1157        if (!sdb->length)
1158                return 0;
1159        if (scp->sc_data_direction != DMA_FROM_DEVICE)
1160                return DID_ERROR << 16;
1161
1162        act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1163                                      arr, arr_len);
1164        scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1165
1166        return 0;
1167}
1168
1169/* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1170 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1171 * calls, not required to write in ascending offset order. Assumes resid
1172 * set to scsi_bufflen() prior to any calls.
1173 */
1174static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1175                                  int arr_len, unsigned int off_dst)
1176{
1177        unsigned int act_len, n;
1178        struct scsi_data_buffer *sdb = &scp->sdb;
1179        off_t skip = off_dst;
1180
1181        if (sdb->length <= off_dst)
1182                return 0;
1183        if (scp->sc_data_direction != DMA_FROM_DEVICE)
1184                return DID_ERROR << 16;
1185
1186        act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1187                                       arr, arr_len, skip);
1188        pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1189                 __func__, off_dst, scsi_bufflen(scp), act_len,
1190                 scsi_get_resid(scp));
1191        n = scsi_bufflen(scp) - (off_dst + act_len);
1192        scsi_set_resid(scp, min_t(int, scsi_get_resid(scp), n));
1193        return 0;
1194}
1195
1196/* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1197 * 'arr' or -1 if error.
1198 */
1199static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1200                               int arr_len)
1201{
1202        if (!scsi_bufflen(scp))
1203                return 0;
1204        if (scp->sc_data_direction != DMA_TO_DEVICE)
1205                return -1;
1206
1207        return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1208}
1209
1210
1211static char sdebug_inq_vendor_id[9] = "Linux   ";
1212static char sdebug_inq_product_id[17] = "scsi_debug      ";
1213static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1214/* Use some locally assigned NAAs for SAS addresses. */
1215static const u64 naa3_comp_a = 0x3222222000000000ULL;
1216static const u64 naa3_comp_b = 0x3333333000000000ULL;
1217static const u64 naa3_comp_c = 0x3111111000000000ULL;
1218
1219/* Device identification VPD page. Returns number of bytes placed in arr */
1220static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1221                          int target_dev_id, int dev_id_num,
1222                          const char *dev_id_str, int dev_id_str_len,
1223                          const uuid_t *lu_name)
1224{
1225        int num, port_a;
1226        char b[32];
1227
1228        port_a = target_dev_id + 1;
1229        /* T10 vendor identifier field format (faked) */
1230        arr[0] = 0x2;   /* ASCII */
1231        arr[1] = 0x1;
1232        arr[2] = 0x0;
1233        memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1234        memcpy(&arr[12], sdebug_inq_product_id, 16);
1235        memcpy(&arr[28], dev_id_str, dev_id_str_len);
1236        num = 8 + 16 + dev_id_str_len;
1237        arr[3] = num;
1238        num += 4;
1239        if (dev_id_num >= 0) {
1240                if (sdebug_uuid_ctl) {
1241                        /* Locally assigned UUID */
1242                        arr[num++] = 0x1;  /* binary (not necessarily sas) */
1243                        arr[num++] = 0xa;  /* PIV=0, lu, naa */
1244                        arr[num++] = 0x0;
1245                        arr[num++] = 0x12;
1246                        arr[num++] = 0x10; /* uuid type=1, locally assigned */
1247                        arr[num++] = 0x0;
1248                        memcpy(arr + num, lu_name, 16);
1249                        num += 16;
1250                } else {
1251                        /* NAA-3, Logical unit identifier (binary) */
1252                        arr[num++] = 0x1;  /* binary (not necessarily sas) */
1253                        arr[num++] = 0x3;  /* PIV=0, lu, naa */
1254                        arr[num++] = 0x0;
1255                        arr[num++] = 0x8;
1256                        put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1257                        num += 8;
1258                }
1259                /* Target relative port number */
1260                arr[num++] = 0x61;      /* proto=sas, binary */
1261                arr[num++] = 0x94;      /* PIV=1, target port, rel port */
1262                arr[num++] = 0x0;       /* reserved */
1263                arr[num++] = 0x4;       /* length */
1264                arr[num++] = 0x0;       /* reserved */
1265                arr[num++] = 0x0;       /* reserved */
1266                arr[num++] = 0x0;
1267                arr[num++] = 0x1;       /* relative port A */
1268        }
1269        /* NAA-3, Target port identifier */
1270        arr[num++] = 0x61;      /* proto=sas, binary */
1271        arr[num++] = 0x93;      /* piv=1, target port, naa */
1272        arr[num++] = 0x0;
1273        arr[num++] = 0x8;
1274        put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1275        num += 8;
1276        /* NAA-3, Target port group identifier */
1277        arr[num++] = 0x61;      /* proto=sas, binary */
1278        arr[num++] = 0x95;      /* piv=1, target port group id */
1279        arr[num++] = 0x0;
1280        arr[num++] = 0x4;
1281        arr[num++] = 0;
1282        arr[num++] = 0;
1283        put_unaligned_be16(port_group_id, arr + num);
1284        num += 2;
1285        /* NAA-3, Target device identifier */
1286        arr[num++] = 0x61;      /* proto=sas, binary */
1287        arr[num++] = 0xa3;      /* piv=1, target device, naa */
1288        arr[num++] = 0x0;
1289        arr[num++] = 0x8;
1290        put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1291        num += 8;
1292        /* SCSI name string: Target device identifier */
1293        arr[num++] = 0x63;      /* proto=sas, UTF-8 */
1294        arr[num++] = 0xa8;      /* piv=1, target device, SCSI name string */
1295        arr[num++] = 0x0;
1296        arr[num++] = 24;
1297        memcpy(arr + num, "naa.32222220", 12);
1298        num += 12;
1299        snprintf(b, sizeof(b), "%08X", target_dev_id);
1300        memcpy(arr + num, b, 8);
1301        num += 8;
1302        memset(arr + num, 0, 4);
1303        num += 4;
1304        return num;
1305}
1306
1307static unsigned char vpd84_data[] = {
1308/* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1309    0x22,0x22,0x22,0x0,0xbb,0x1,
1310    0x22,0x22,0x22,0x0,0xbb,0x2,
1311};
1312
1313/*  Software interface identification VPD page */
1314static int inquiry_vpd_84(unsigned char *arr)
1315{
1316        memcpy(arr, vpd84_data, sizeof(vpd84_data));
1317        return sizeof(vpd84_data);
1318}
1319
1320/* Management network addresses VPD page */
1321static int inquiry_vpd_85(unsigned char *arr)
1322{
1323        int num = 0;
1324        const char *na1 = "https://www.kernel.org/config";
1325        const char *na2 = "http://www.kernel.org/log";
1326        int plen, olen;
1327
1328        arr[num++] = 0x1;       /* lu, storage config */
1329        arr[num++] = 0x0;       /* reserved */
1330        arr[num++] = 0x0;
1331        olen = strlen(na1);
1332        plen = olen + 1;
1333        if (plen % 4)
1334                plen = ((plen / 4) + 1) * 4;
1335        arr[num++] = plen;      /* length, null termianted, padded */
1336        memcpy(arr + num, na1, olen);
1337        memset(arr + num + olen, 0, plen - olen);
1338        num += plen;
1339
1340        arr[num++] = 0x4;       /* lu, logging */
1341        arr[num++] = 0x0;       /* reserved */
1342        arr[num++] = 0x0;
1343        olen = strlen(na2);
1344        plen = olen + 1;
1345        if (plen % 4)
1346                plen = ((plen / 4) + 1) * 4;
1347        arr[num++] = plen;      /* length, null terminated, padded */
1348        memcpy(arr + num, na2, olen);
1349        memset(arr + num + olen, 0, plen - olen);
1350        num += plen;
1351
1352        return num;
1353}
1354
1355/* SCSI ports VPD page */
1356static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1357{
1358        int num = 0;
1359        int port_a, port_b;
1360
1361        port_a = target_dev_id + 1;
1362        port_b = port_a + 1;
1363        arr[num++] = 0x0;       /* reserved */
1364        arr[num++] = 0x0;       /* reserved */
1365        arr[num++] = 0x0;
1366        arr[num++] = 0x1;       /* relative port 1 (primary) */
1367        memset(arr + num, 0, 6);
1368        num += 6;
1369        arr[num++] = 0x0;
1370        arr[num++] = 12;        /* length tp descriptor */
1371        /* naa-5 target port identifier (A) */
1372        arr[num++] = 0x61;      /* proto=sas, binary */
1373        arr[num++] = 0x93;      /* PIV=1, target port, NAA */
1374        arr[num++] = 0x0;       /* reserved */
1375        arr[num++] = 0x8;       /* length */
1376        put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1377        num += 8;
1378        arr[num++] = 0x0;       /* reserved */
1379        arr[num++] = 0x0;       /* reserved */
1380        arr[num++] = 0x0;
1381        arr[num++] = 0x2;       /* relative port 2 (secondary) */
1382        memset(arr + num, 0, 6);
1383        num += 6;
1384        arr[num++] = 0x0;
1385        arr[num++] = 12;        /* length tp descriptor */
1386        /* naa-5 target port identifier (B) */
1387        arr[num++] = 0x61;      /* proto=sas, binary */
1388        arr[num++] = 0x93;      /* PIV=1, target port, NAA */
1389        arr[num++] = 0x0;       /* reserved */
1390        arr[num++] = 0x8;       /* length */
1391        put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1392        num += 8;
1393
1394        return num;
1395}
1396
1397
1398static unsigned char vpd89_data[] = {
1399/* from 4th byte */ 0,0,0,0,
1400'l','i','n','u','x',' ',' ',' ',
1401'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1402'1','2','3','4',
14030x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
14040xec,0,0,0,
14050x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
14060,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
14070x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
14080x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
14090x53,0x41,
14100x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
14110x20,0x20,
14120x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
14130x10,0x80,
14140,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
14150x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
14160x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
14170,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
14180x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
14190x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
14200,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
14210,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14220,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14230,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14240x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
14250,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
14260xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
14270,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
14280,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14290,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14300,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14310,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14320,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14330,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14340,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14350,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14360,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14370,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14380,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
14390,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1440};
1441
1442/* ATA Information VPD page */
1443static int inquiry_vpd_89(unsigned char *arr)
1444{
1445        memcpy(arr, vpd89_data, sizeof(vpd89_data));
1446        return sizeof(vpd89_data);
1447}
1448
1449
1450static unsigned char vpdb0_data[] = {
1451        /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1452        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1453        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1454        0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1455};
1456
1457/* Block limits VPD page (SBC-3) */
1458static int inquiry_vpd_b0(unsigned char *arr)
1459{
1460        unsigned int gran;
1461
1462        memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1463
1464        /* Optimal transfer length granularity */
1465        if (sdebug_opt_xferlen_exp != 0 &&
1466            sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1467                gran = 1 << sdebug_opt_xferlen_exp;
1468        else
1469                gran = 1 << sdebug_physblk_exp;
1470        put_unaligned_be16(gran, arr + 2);
1471
1472        /* Maximum Transfer Length */
1473        if (sdebug_store_sectors > 0x400)
1474                put_unaligned_be32(sdebug_store_sectors, arr + 4);
1475
1476        /* Optimal Transfer Length */
1477        put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1478
1479        if (sdebug_lbpu) {
1480                /* Maximum Unmap LBA Count */
1481                put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1482
1483                /* Maximum Unmap Block Descriptor Count */
1484                put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1485        }
1486
1487        /* Unmap Granularity Alignment */
1488        if (sdebug_unmap_alignment) {
1489                put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1490                arr[28] |= 0x80; /* UGAVALID */
1491        }
1492
1493        /* Optimal Unmap Granularity */
1494        put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1495
1496        /* Maximum WRITE SAME Length */
1497        put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1498
1499        return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1500
1501        return sizeof(vpdb0_data);
1502}
1503
1504/* Block device characteristics VPD page (SBC-3) */
1505static int inquiry_vpd_b1(struct sdebug_dev_info *devip, unsigned char *arr)
1506{
1507        memset(arr, 0, 0x3c);
1508        arr[0] = 0;
1509        arr[1] = 1;     /* non rotating medium (e.g. solid state) */
1510        arr[2] = 0;
1511        arr[3] = 5;     /* less than 1.8" */
1512        if (devip->zmodel == BLK_ZONED_HA)
1513                arr[4] = 1 << 4;        /* zoned field = 01b */
1514
1515        return 0x3c;
1516}
1517
1518/* Logical block provisioning VPD page (SBC-4) */
1519static int inquiry_vpd_b2(unsigned char *arr)
1520{
1521        memset(arr, 0, 0x4);
1522        arr[0] = 0;                     /* threshold exponent */
1523        if (sdebug_lbpu)
1524                arr[1] = 1 << 7;
1525        if (sdebug_lbpws)
1526                arr[1] |= 1 << 6;
1527        if (sdebug_lbpws10)
1528                arr[1] |= 1 << 5;
1529        if (sdebug_lbprz && scsi_debug_lbp())
1530                arr[1] |= (sdebug_lbprz & 0x7) << 2;  /* sbc4r07 and later */
1531        /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1532        /* minimum_percentage=0; provisioning_type=0 (unknown) */
1533        /* threshold_percentage=0 */
1534        return 0x4;
1535}
1536
1537/* Zoned block device characteristics VPD page (ZBC mandatory) */
1538static int inquiry_vpd_b6(struct sdebug_dev_info *devip, unsigned char *arr)
1539{
1540        memset(arr, 0, 0x3c);
1541        arr[0] = 0x1; /* set URSWRZ (unrestricted read in seq. wr req zone) */
1542        /*
1543         * Set Optimal number of open sequential write preferred zones and
1544         * Optimal number of non-sequentially written sequential write
1545         * preferred zones fields to 'not reported' (0xffffffff). Leave other
1546         * fields set to zero, apart from Max. number of open swrz_s field.
1547         */
1548        put_unaligned_be32(0xffffffff, &arr[4]);
1549        put_unaligned_be32(0xffffffff, &arr[8]);
1550        if (sdeb_zbc_model == BLK_ZONED_HM && devip->max_open)
1551                put_unaligned_be32(devip->max_open, &arr[12]);
1552        else
1553                put_unaligned_be32(0xffffffff, &arr[12]);
1554        return 0x3c;
1555}
1556
1557#define SDEBUG_LONG_INQ_SZ 96
1558#define SDEBUG_MAX_INQ_ARR_SZ 584
1559
1560static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1561{
1562        unsigned char pq_pdt;
1563        unsigned char *arr;
1564        unsigned char *cmd = scp->cmnd;
1565        int alloc_len, n, ret;
1566        bool have_wlun, is_disk, is_zbc, is_disk_zbc;
1567
1568        alloc_len = get_unaligned_be16(cmd + 3);
1569        arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1570        if (! arr)
1571                return DID_REQUEUE << 16;
1572        is_disk = (sdebug_ptype == TYPE_DISK);
1573        is_zbc = (devip->zmodel != BLK_ZONED_NONE);
1574        is_disk_zbc = (is_disk || is_zbc);
1575        have_wlun = scsi_is_wlun(scp->device->lun);
1576        if (have_wlun)
1577                pq_pdt = TYPE_WLUN;     /* present, wlun */
1578        else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1579                pq_pdt = 0x7f;  /* not present, PQ=3, PDT=0x1f */
1580        else
1581                pq_pdt = (sdebug_ptype & 0x1f);
1582        arr[0] = pq_pdt;
1583        if (0x2 & cmd[1]) {  /* CMDDT bit set */
1584                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1585                kfree(arr);
1586                return check_condition_result;
1587        } else if (0x1 & cmd[1]) {  /* EVPD bit set */
1588                int lu_id_num, port_group_id, target_dev_id, len;
1589                char lu_id_str[6];
1590                int host_no = devip->sdbg_host->shost->host_no;
1591                
1592                port_group_id = (((host_no + 1) & 0x7f) << 8) +
1593                    (devip->channel & 0x7f);
1594                if (sdebug_vpd_use_hostno == 0)
1595                        host_no = 0;
1596                lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1597                            (devip->target * 1000) + devip->lun);
1598                target_dev_id = ((host_no + 1) * 2000) +
1599                                 (devip->target * 1000) - 3;
1600                len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1601                if (0 == cmd[2]) { /* supported vital product data pages */
1602                        arr[1] = cmd[2];        /*sanity */
1603                        n = 4;
1604                        arr[n++] = 0x0;   /* this page */
1605                        arr[n++] = 0x80;  /* unit serial number */
1606                        arr[n++] = 0x83;  /* device identification */
1607                        arr[n++] = 0x84;  /* software interface ident. */
1608                        arr[n++] = 0x85;  /* management network addresses */
1609                        arr[n++] = 0x86;  /* extended inquiry */
1610                        arr[n++] = 0x87;  /* mode page policy */
1611                        arr[n++] = 0x88;  /* SCSI ports */
1612                        if (is_disk_zbc) {        /* SBC or ZBC */
1613                                arr[n++] = 0x89;  /* ATA information */
1614                                arr[n++] = 0xb0;  /* Block limits */
1615                                arr[n++] = 0xb1;  /* Block characteristics */
1616                                if (is_disk)
1617                                        arr[n++] = 0xb2;  /* LB Provisioning */
1618                                if (is_zbc)
1619                                        arr[n++] = 0xb6;  /* ZB dev. char. */
1620                        }
1621                        arr[3] = n - 4;   /* number of supported VPD pages */
1622                } else if (0x80 == cmd[2]) { /* unit serial number */
1623                        arr[1] = cmd[2];        /*sanity */
1624                        arr[3] = len;
1625                        memcpy(&arr[4], lu_id_str, len);
1626                } else if (0x83 == cmd[2]) { /* device identification */
1627                        arr[1] = cmd[2];        /*sanity */
1628                        arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1629                                                target_dev_id, lu_id_num,
1630                                                lu_id_str, len,
1631                                                &devip->lu_name);
1632                } else if (0x84 == cmd[2]) { /* Software interface ident. */
1633                        arr[1] = cmd[2];        /*sanity */
1634                        arr[3] = inquiry_vpd_84(&arr[4]);
1635                } else if (0x85 == cmd[2]) { /* Management network addresses */
1636                        arr[1] = cmd[2];        /*sanity */
1637                        arr[3] = inquiry_vpd_85(&arr[4]);
1638                } else if (0x86 == cmd[2]) { /* extended inquiry */
1639                        arr[1] = cmd[2];        /*sanity */
1640                        arr[3] = 0x3c;  /* number of following entries */
1641                        if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1642                                arr[4] = 0x4;   /* SPT: GRD_CHK:1 */
1643                        else if (have_dif_prot)
1644                                arr[4] = 0x5;   /* SPT: GRD_CHK:1, REF_CHK:1 */
1645                        else
1646                                arr[4] = 0x0;   /* no protection stuff */
1647                        arr[5] = 0x7;   /* head of q, ordered + simple q's */
1648                } else if (0x87 == cmd[2]) { /* mode page policy */
1649                        arr[1] = cmd[2];        /*sanity */
1650                        arr[3] = 0x8;   /* number of following entries */
1651                        arr[4] = 0x2;   /* disconnect-reconnect mp */
1652                        arr[6] = 0x80;  /* mlus, shared */
1653                        arr[8] = 0x18;   /* protocol specific lu */
1654                        arr[10] = 0x82;  /* mlus, per initiator port */
1655                } else if (0x88 == cmd[2]) { /* SCSI Ports */
1656                        arr[1] = cmd[2];        /*sanity */
1657                        arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1658                } else if (is_disk_zbc && 0x89 == cmd[2]) { /* ATA info */
1659                        arr[1] = cmd[2];        /*sanity */
1660                        n = inquiry_vpd_89(&arr[4]);
1661                        put_unaligned_be16(n, arr + 2);
1662                } else if (is_disk_zbc && 0xb0 == cmd[2]) { /* Block limits */
1663                        arr[1] = cmd[2];        /*sanity */
1664                        arr[3] = inquiry_vpd_b0(&arr[4]);
1665                } else if (is_disk_zbc && 0xb1 == cmd[2]) { /* Block char. */
1666                        arr[1] = cmd[2];        /*sanity */
1667                        arr[3] = inquiry_vpd_b1(devip, &arr[4]);
1668                } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1669                        arr[1] = cmd[2];        /*sanity */
1670                        arr[3] = inquiry_vpd_b2(&arr[4]);
1671                } else if (is_zbc && cmd[2] == 0xb6) { /* ZB dev. charact. */
1672                        arr[1] = cmd[2];        /*sanity */
1673                        arr[3] = inquiry_vpd_b6(devip, &arr[4]);
1674                } else {
1675                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1676                        kfree(arr);
1677                        return check_condition_result;
1678                }
1679                len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1680                ret = fill_from_dev_buffer(scp, arr,
1681                            min(len, SDEBUG_MAX_INQ_ARR_SZ));
1682                kfree(arr);
1683                return ret;
1684        }
1685        /* drops through here for a standard inquiry */
1686        arr[1] = sdebug_removable ? 0x80 : 0;   /* Removable disk */
1687        arr[2] = sdebug_scsi_level;
1688        arr[3] = 2;    /* response_data_format==2 */
1689        arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1690        arr[5] = (int)have_dif_prot;    /* PROTECT bit */
1691        if (sdebug_vpd_use_hostno == 0)
1692                arr[5] |= 0x10; /* claim: implicit TPGS */
1693        arr[6] = 0x10; /* claim: MultiP */
1694        /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1695        arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1696        memcpy(&arr[8], sdebug_inq_vendor_id, 8);
1697        memcpy(&arr[16], sdebug_inq_product_id, 16);
1698        memcpy(&arr[32], sdebug_inq_product_rev, 4);
1699        /* Use Vendor Specific area to place driver date in ASCII hex */
1700        memcpy(&arr[36], sdebug_version_date, 8);
1701        /* version descriptors (2 bytes each) follow */
1702        put_unaligned_be16(0xc0, arr + 58);   /* SAM-6 no version claimed */
1703        put_unaligned_be16(0x5c0, arr + 60);  /* SPC-5 no version claimed */
1704        n = 62;
1705        if (is_disk) {          /* SBC-4 no version claimed */
1706                put_unaligned_be16(0x600, arr + n);
1707                n += 2;
1708        } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1709                put_unaligned_be16(0x525, arr + n);
1710                n += 2;
1711        } else if (is_zbc) {    /* ZBC BSR INCITS 536 revision 05 */
1712                put_unaligned_be16(0x624, arr + n);
1713                n += 2;
1714        }
1715        put_unaligned_be16(0x2100, arr + n);    /* SPL-4 no version claimed */
1716        ret = fill_from_dev_buffer(scp, arr,
1717                            min_t(int, alloc_len, SDEBUG_LONG_INQ_SZ));
1718        kfree(arr);
1719        return ret;
1720}
1721
1722/* See resp_iec_m_pg() for how this data is manipulated */
1723static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1724                                   0, 0, 0x0, 0x0};
1725
1726static int resp_requests(struct scsi_cmnd *scp,
1727                         struct sdebug_dev_info *devip)
1728{
1729        unsigned char *cmd = scp->cmnd;
1730        unsigned char arr[SCSI_SENSE_BUFFERSIZE];       /* assume >= 18 bytes */
1731        bool dsense = !!(cmd[1] & 1);
1732        int alloc_len = cmd[4];
1733        int len = 18;
1734        int stopped_state = atomic_read(&devip->stopped);
1735
1736        memset(arr, 0, sizeof(arr));
1737        if (stopped_state > 0) {        /* some "pollable" data [spc6r02: 5.12.2] */
1738                if (dsense) {
1739                        arr[0] = 0x72;
1740                        arr[1] = NOT_READY;
1741                        arr[2] = LOGICAL_UNIT_NOT_READY;
1742                        arr[3] = (stopped_state == 2) ? 0x1 : 0x2;
1743                        len = 8;
1744                } else {
1745                        arr[0] = 0x70;
1746                        arr[2] = NOT_READY;             /* NO_SENSE in sense_key */
1747                        arr[7] = 0xa;                   /* 18 byte sense buffer */
1748                        arr[12] = LOGICAL_UNIT_NOT_READY;
1749                        arr[13] = (stopped_state == 2) ? 0x1 : 0x2;
1750                }
1751        } else if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1752                /* Information exceptions control mode page: TEST=1, MRIE=6 */
1753                if (dsense) {
1754                        arr[0] = 0x72;
1755                        arr[1] = 0x0;           /* NO_SENSE in sense_key */
1756                        arr[2] = THRESHOLD_EXCEEDED;
1757                        arr[3] = 0xff;          /* Failure prediction(false) */
1758                        len = 8;
1759                } else {
1760                        arr[0] = 0x70;
1761                        arr[2] = 0x0;           /* NO_SENSE in sense_key */
1762                        arr[7] = 0xa;           /* 18 byte sense buffer */
1763                        arr[12] = THRESHOLD_EXCEEDED;
1764                        arr[13] = 0xff;         /* Failure prediction(false) */
1765                }
1766        } else {        /* nothing to report */
1767                if (dsense) {
1768                        len = 8;
1769                        memset(arr, 0, len);
1770                        arr[0] = 0x72;
1771                } else {
1772                        memset(arr, 0, len);
1773                        arr[0] = 0x70;
1774                        arr[7] = 0xa;
1775                }
1776        }
1777        return fill_from_dev_buffer(scp, arr, min_t(int, len, alloc_len));
1778}
1779
1780static int resp_start_stop(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1781{
1782        unsigned char *cmd = scp->cmnd;
1783        int power_cond, want_stop, stopped_state;
1784        bool changing;
1785
1786        power_cond = (cmd[4] & 0xf0) >> 4;
1787        if (power_cond) {
1788                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1789                return check_condition_result;
1790        }
1791        want_stop = !(cmd[4] & 1);
1792        stopped_state = atomic_read(&devip->stopped);
1793        if (stopped_state == 2) {
1794                ktime_t now_ts = ktime_get_boottime();
1795
1796                if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
1797                        u64 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
1798
1799                        if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
1800                                /* tur_ms_to_ready timer extinguished */
1801                                atomic_set(&devip->stopped, 0);
1802                                stopped_state = 0;
1803                        }
1804                }
1805                if (stopped_state == 2) {
1806                        if (want_stop) {
1807                                stopped_state = 1;      /* dummy up success */
1808                        } else {        /* Disallow tur_ms_to_ready delay to be overridden */
1809                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 0 /* START bit */);
1810                                return check_condition_result;
1811                        }
1812                }
1813        }
1814        changing = (stopped_state != want_stop);
1815        if (changing)
1816                atomic_xchg(&devip->stopped, want_stop);
1817        if (!changing || (cmd[1] & 0x1))  /* state unchanged or IMMED bit set in cdb */
1818                return SDEG_RES_IMMED_MASK;
1819        else
1820                return 0;
1821}
1822
1823static sector_t get_sdebug_capacity(void)
1824{
1825        static const unsigned int gibibyte = 1073741824;
1826
1827        if (sdebug_virtual_gb > 0)
1828                return (sector_t)sdebug_virtual_gb *
1829                        (gibibyte / sdebug_sector_size);
1830        else
1831                return sdebug_store_sectors;
1832}
1833
1834#define SDEBUG_READCAP_ARR_SZ 8
1835static int resp_readcap(struct scsi_cmnd *scp,
1836                        struct sdebug_dev_info *devip)
1837{
1838        unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1839        unsigned int capac;
1840
1841        /* following just in case virtual_gb changed */
1842        sdebug_capacity = get_sdebug_capacity();
1843        memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1844        if (sdebug_capacity < 0xffffffff) {
1845                capac = (unsigned int)sdebug_capacity - 1;
1846                put_unaligned_be32(capac, arr + 0);
1847        } else
1848                put_unaligned_be32(0xffffffff, arr + 0);
1849        put_unaligned_be16(sdebug_sector_size, arr + 6);
1850        return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1851}
1852
1853#define SDEBUG_READCAP16_ARR_SZ 32
1854static int resp_readcap16(struct scsi_cmnd *scp,
1855                          struct sdebug_dev_info *devip)
1856{
1857        unsigned char *cmd = scp->cmnd;
1858        unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1859        int alloc_len;
1860
1861        alloc_len = get_unaligned_be32(cmd + 10);
1862        /* following just in case virtual_gb changed */
1863        sdebug_capacity = get_sdebug_capacity();
1864        memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1865        put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1866        put_unaligned_be32(sdebug_sector_size, arr + 8);
1867        arr[13] = sdebug_physblk_exp & 0xf;
1868        arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1869
1870        if (scsi_debug_lbp()) {
1871                arr[14] |= 0x80; /* LBPME */
1872                /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1873                 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1874                 * in the wider field maps to 0 in this field.
1875                 */
1876                if (sdebug_lbprz & 1)   /* precisely what the draft requires */
1877                        arr[14] |= 0x40;
1878        }
1879
1880        arr[15] = sdebug_lowest_aligned & 0xff;
1881
1882        if (have_dif_prot) {
1883                arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1884                arr[12] |= 1; /* PROT_EN */
1885        }
1886
1887        return fill_from_dev_buffer(scp, arr,
1888                            min_t(int, alloc_len, SDEBUG_READCAP16_ARR_SZ));
1889}
1890
1891#define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1892
1893static int resp_report_tgtpgs(struct scsi_cmnd *scp,
1894                              struct sdebug_dev_info *devip)
1895{
1896        unsigned char *cmd = scp->cmnd;
1897        unsigned char *arr;
1898        int host_no = devip->sdbg_host->shost->host_no;
1899        int n, ret, alen, rlen;
1900        int port_group_a, port_group_b, port_a, port_b;
1901
1902        alen = get_unaligned_be32(cmd + 6);
1903        arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1904        if (! arr)
1905                return DID_REQUEUE << 16;
1906        /*
1907         * EVPD page 0x88 states we have two ports, one
1908         * real and a fake port with no device connected.
1909         * So we create two port groups with one port each
1910         * and set the group with port B to unavailable.
1911         */
1912        port_a = 0x1; /* relative port A */
1913        port_b = 0x2; /* relative port B */
1914        port_group_a = (((host_no + 1) & 0x7f) << 8) +
1915                        (devip->channel & 0x7f);
1916        port_group_b = (((host_no + 1) & 0x7f) << 8) +
1917                        (devip->channel & 0x7f) + 0x80;
1918
1919        /*
1920         * The asymmetric access state is cycled according to the host_id.
1921         */
1922        n = 4;
1923        if (sdebug_vpd_use_hostno == 0) {
1924                arr[n++] = host_no % 3; /* Asymm access state */
1925                arr[n++] = 0x0F; /* claim: all states are supported */
1926        } else {
1927                arr[n++] = 0x0; /* Active/Optimized path */
1928                arr[n++] = 0x01; /* only support active/optimized paths */
1929        }
1930        put_unaligned_be16(port_group_a, arr + n);
1931        n += 2;
1932        arr[n++] = 0;    /* Reserved */
1933        arr[n++] = 0;    /* Status code */
1934        arr[n++] = 0;    /* Vendor unique */
1935        arr[n++] = 0x1;  /* One port per group */
1936        arr[n++] = 0;    /* Reserved */
1937        arr[n++] = 0;    /* Reserved */
1938        put_unaligned_be16(port_a, arr + n);
1939        n += 2;
1940        arr[n++] = 3;    /* Port unavailable */
1941        arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1942        put_unaligned_be16(port_group_b, arr + n);
1943        n += 2;
1944        arr[n++] = 0;    /* Reserved */
1945        arr[n++] = 0;    /* Status code */
1946        arr[n++] = 0;    /* Vendor unique */
1947        arr[n++] = 0x1;  /* One port per group */
1948        arr[n++] = 0;    /* Reserved */
1949        arr[n++] = 0;    /* Reserved */
1950        put_unaligned_be16(port_b, arr + n);
1951        n += 2;
1952
1953        rlen = n - 4;
1954        put_unaligned_be32(rlen, arr + 0);
1955
1956        /*
1957         * Return the smallest value of either
1958         * - The allocated length
1959         * - The constructed command length
1960         * - The maximum array size
1961         */
1962        rlen = min_t(int, alen, n);
1963        ret = fill_from_dev_buffer(scp, arr,
1964                           min_t(int, rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1965        kfree(arr);
1966        return ret;
1967}
1968
1969static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1970                             struct sdebug_dev_info *devip)
1971{
1972        bool rctd;
1973        u8 reporting_opts, req_opcode, sdeb_i, supp;
1974        u16 req_sa, u;
1975        u32 alloc_len, a_len;
1976        int k, offset, len, errsts, count, bump, na;
1977        const struct opcode_info_t *oip;
1978        const struct opcode_info_t *r_oip;
1979        u8 *arr;
1980        u8 *cmd = scp->cmnd;
1981
1982        rctd = !!(cmd[2] & 0x80);
1983        reporting_opts = cmd[2] & 0x7;
1984        req_opcode = cmd[3];
1985        req_sa = get_unaligned_be16(cmd + 4);
1986        alloc_len = get_unaligned_be32(cmd + 6);
1987        if (alloc_len < 4 || alloc_len > 0xffff) {
1988                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1989                return check_condition_result;
1990        }
1991        if (alloc_len > 8192)
1992                a_len = 8192;
1993        else
1994                a_len = alloc_len;
1995        arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1996        if (NULL == arr) {
1997                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1998                                INSUFF_RES_ASCQ);
1999                return check_condition_result;
2000        }
2001        switch (reporting_opts) {
2002        case 0: /* all commands */
2003                /* count number of commands */
2004                for (count = 0, oip = opcode_info_arr;
2005                     oip->num_attached != 0xff; ++oip) {
2006                        if (F_INV_OP & oip->flags)
2007                                continue;
2008                        count += (oip->num_attached + 1);
2009                }
2010                bump = rctd ? 20 : 8;
2011                put_unaligned_be32(count * bump, arr);
2012                for (offset = 4, oip = opcode_info_arr;
2013                     oip->num_attached != 0xff && offset < a_len; ++oip) {
2014                        if (F_INV_OP & oip->flags)
2015                                continue;
2016                        na = oip->num_attached;
2017                        arr[offset] = oip->opcode;
2018                        put_unaligned_be16(oip->sa, arr + offset + 2);
2019                        if (rctd)
2020                                arr[offset + 5] |= 0x2;
2021                        if (FF_SA & oip->flags)
2022                                arr[offset + 5] |= 0x1;
2023                        put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
2024                        if (rctd)
2025                                put_unaligned_be16(0xa, arr + offset + 8);
2026                        r_oip = oip;
2027                        for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
2028                                if (F_INV_OP & oip->flags)
2029                                        continue;
2030                                offset += bump;
2031                                arr[offset] = oip->opcode;
2032                                put_unaligned_be16(oip->sa, arr + offset + 2);
2033                                if (rctd)
2034                                        arr[offset + 5] |= 0x2;
2035                                if (FF_SA & oip->flags)
2036                                        arr[offset + 5] |= 0x1;
2037                                put_unaligned_be16(oip->len_mask[0],
2038                                                   arr + offset + 6);
2039                                if (rctd)
2040                                        put_unaligned_be16(0xa,
2041                                                           arr + offset + 8);
2042                        }
2043                        oip = r_oip;
2044                        offset += bump;
2045                }
2046                break;
2047        case 1: /* one command: opcode only */
2048        case 2: /* one command: opcode plus service action */
2049        case 3: /* one command: if sa==0 then opcode only else opcode+sa */
2050                sdeb_i = opcode_ind_arr[req_opcode];
2051                oip = &opcode_info_arr[sdeb_i];
2052                if (F_INV_OP & oip->flags) {
2053                        supp = 1;
2054                        offset = 4;
2055                } else {
2056                        if (1 == reporting_opts) {
2057                                if (FF_SA & oip->flags) {
2058                                        mk_sense_invalid_fld(scp, SDEB_IN_CDB,
2059                                                             2, 2);
2060                                        kfree(arr);
2061                                        return check_condition_result;
2062                                }
2063                                req_sa = 0;
2064                        } else if (2 == reporting_opts &&
2065                                   0 == (FF_SA & oip->flags)) {
2066                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
2067                                kfree(arr);     /* point at requested sa */
2068                                return check_condition_result;
2069                        }
2070                        if (0 == (FF_SA & oip->flags) &&
2071                            req_opcode == oip->opcode)
2072                                supp = 3;
2073                        else if (0 == (FF_SA & oip->flags)) {
2074                                na = oip->num_attached;
2075                                for (k = 0, oip = oip->arrp; k < na;
2076                                     ++k, ++oip) {
2077                                        if (req_opcode == oip->opcode)
2078                                                break;
2079                                }
2080                                supp = (k >= na) ? 1 : 3;
2081                        } else if (req_sa != oip->sa) {
2082                                na = oip->num_attached;
2083                                for (k = 0, oip = oip->arrp; k < na;
2084                                     ++k, ++oip) {
2085                                        if (req_sa == oip->sa)
2086                                                break;
2087                                }
2088                                supp = (k >= na) ? 1 : 3;
2089                        } else
2090                                supp = 3;
2091                        if (3 == supp) {
2092                                u = oip->len_mask[0];
2093                                put_unaligned_be16(u, arr + 2);
2094                                arr[4] = oip->opcode;
2095                                for (k = 1; k < u; ++k)
2096                                        arr[4 + k] = (k < 16) ?
2097                                                 oip->len_mask[k] : 0xff;
2098                                offset = 4 + u;
2099                        } else
2100                                offset = 4;
2101                }
2102                arr[1] = (rctd ? 0x80 : 0) | supp;
2103                if (rctd) {
2104                        put_unaligned_be16(0xa, arr + offset);
2105                        offset += 12;
2106                }
2107                break;
2108        default:
2109                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
2110                kfree(arr);
2111                return check_condition_result;
2112        }
2113        offset = (offset < a_len) ? offset : a_len;
2114        len = (offset < alloc_len) ? offset : alloc_len;
2115        errsts = fill_from_dev_buffer(scp, arr, len);
2116        kfree(arr);
2117        return errsts;
2118}
2119
2120static int resp_rsup_tmfs(struct scsi_cmnd *scp,
2121                          struct sdebug_dev_info *devip)
2122{
2123        bool repd;
2124        u32 alloc_len, len;
2125        u8 arr[16];
2126        u8 *cmd = scp->cmnd;
2127
2128        memset(arr, 0, sizeof(arr));
2129        repd = !!(cmd[2] & 0x80);
2130        alloc_len = get_unaligned_be32(cmd + 6);
2131        if (alloc_len < 4) {
2132                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2133                return check_condition_result;
2134        }
2135        arr[0] = 0xc8;          /* ATS | ATSS | LURS */
2136        arr[1] = 0x1;           /* ITNRS */
2137        if (repd) {
2138                arr[3] = 0xc;
2139                len = 16;
2140        } else
2141                len = 4;
2142
2143        len = (len < alloc_len) ? len : alloc_len;
2144        return fill_from_dev_buffer(scp, arr, len);
2145}
2146
2147/* <<Following mode page info copied from ST318451LW>> */
2148
2149static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
2150{       /* Read-Write Error Recovery page for mode_sense */
2151        unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
2152                                        5, 0, 0xff, 0xff};
2153
2154        memcpy(p, err_recov_pg, sizeof(err_recov_pg));
2155        if (1 == pcontrol)
2156                memset(p + 2, 0, sizeof(err_recov_pg) - 2);
2157        return sizeof(err_recov_pg);
2158}
2159
2160static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
2161{       /* Disconnect-Reconnect page for mode_sense */
2162        unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
2163                                         0, 0, 0, 0, 0, 0, 0, 0};
2164
2165        memcpy(p, disconnect_pg, sizeof(disconnect_pg));
2166        if (1 == pcontrol)
2167                memset(p + 2, 0, sizeof(disconnect_pg) - 2);
2168        return sizeof(disconnect_pg);
2169}
2170
2171static int resp_format_pg(unsigned char *p, int pcontrol, int target)
2172{       /* Format device page for mode_sense */
2173        unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
2174                                     0, 0, 0, 0, 0, 0, 0, 0,
2175                                     0, 0, 0, 0, 0x40, 0, 0, 0};
2176
2177        memcpy(p, format_pg, sizeof(format_pg));
2178        put_unaligned_be16(sdebug_sectors_per, p + 10);
2179        put_unaligned_be16(sdebug_sector_size, p + 12);
2180        if (sdebug_removable)
2181                p[20] |= 0x20; /* should agree with INQUIRY */
2182        if (1 == pcontrol)
2183                memset(p + 2, 0, sizeof(format_pg) - 2);
2184        return sizeof(format_pg);
2185}
2186
2187static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2188                                     0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
2189                                     0, 0, 0, 0};
2190
2191static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
2192{       /* Caching page for mode_sense */
2193        unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
2194                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2195        unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2196                0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,     0, 0, 0, 0};
2197
2198        if (SDEBUG_OPT_N_WCE & sdebug_opts)
2199                caching_pg[2] &= ~0x4;  /* set WCE=0 (default WCE=1) */
2200        memcpy(p, caching_pg, sizeof(caching_pg));
2201        if (1 == pcontrol)
2202                memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2203        else if (2 == pcontrol)
2204                memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2205        return sizeof(caching_pg);
2206}
2207
2208static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2209                                    0, 0, 0x2, 0x4b};
2210
2211static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2212{       /* Control mode page for mode_sense */
2213        unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2214                                        0, 0, 0, 0};
2215        unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2216                                     0, 0, 0x2, 0x4b};
2217
2218        if (sdebug_dsense)
2219                ctrl_m_pg[2] |= 0x4;
2220        else
2221                ctrl_m_pg[2] &= ~0x4;
2222
2223        if (sdebug_ato)
2224                ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2225
2226        memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2227        if (1 == pcontrol)
2228                memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2229        else if (2 == pcontrol)
2230                memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2231        return sizeof(ctrl_m_pg);
2232}
2233
2234
2235static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2236{       /* Informational Exceptions control mode page for mode_sense */
2237        unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2238                                       0, 0, 0x0, 0x0};
2239        unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2240                                      0, 0, 0x0, 0x0};
2241
2242        memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2243        if (1 == pcontrol)
2244                memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2245        else if (2 == pcontrol)
2246                memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2247        return sizeof(iec_m_pg);
2248}
2249
2250static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2251{       /* SAS SSP mode page - short format for mode_sense */
2252        unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2253                0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2254
2255        memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2256        if (1 == pcontrol)
2257                memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2258        return sizeof(sas_sf_m_pg);
2259}
2260
2261
2262static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2263                              int target_dev_id)
2264{       /* SAS phy control and discover mode page for mode_sense */
2265        unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2266                    0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2267                    0, 0, 0, 0, 0, 0, 0, 0,     /* insert SAS addr */
2268                    0, 0, 0, 0, 0, 0, 0, 0,     /* insert SAS addr */
2269                    0x2, 0, 0, 0, 0, 0, 0, 0,
2270                    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2271                    0, 0, 0, 0, 0, 0, 0, 0,
2272                    0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2273                    0, 0, 0, 0, 0, 0, 0, 0,     /* insert SAS addr */
2274                    0, 0, 0, 0, 0, 0, 0, 0,     /* insert SAS addr */
2275                    0x3, 0, 0, 0, 0, 0, 0, 0,
2276                    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2277                    0, 0, 0, 0, 0, 0, 0, 0,
2278                };
2279        int port_a, port_b;
2280
2281        put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2282        put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2283        put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2284        put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2285        port_a = target_dev_id + 1;
2286        port_b = port_a + 1;
2287        memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2288        put_unaligned_be32(port_a, p + 20);
2289        put_unaligned_be32(port_b, p + 48 + 20);
2290        if (1 == pcontrol)
2291                memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2292        return sizeof(sas_pcd_m_pg);
2293}
2294
2295static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2296{       /* SAS SSP shared protocol specific port mode subpage */
2297        unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2298                    0, 0, 0, 0, 0, 0, 0, 0,
2299                };
2300
2301        memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2302        if (1 == pcontrol)
2303                memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2304        return sizeof(sas_sha_m_pg);
2305}
2306
2307#define SDEBUG_MAX_MSENSE_SZ 256
2308
2309static int resp_mode_sense(struct scsi_cmnd *scp,
2310                           struct sdebug_dev_info *devip)
2311{
2312        int pcontrol, pcode, subpcode, bd_len;
2313        unsigned char dev_spec;
2314        int alloc_len, offset, len, target_dev_id;
2315        int target = scp->device->id;
2316        unsigned char *ap;
2317        unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2318        unsigned char *cmd = scp->cmnd;
2319        bool dbd, llbaa, msense_6, is_disk, is_zbc, bad_pcode;
2320
2321        dbd = !!(cmd[1] & 0x8);         /* disable block descriptors */
2322        pcontrol = (cmd[2] & 0xc0) >> 6;
2323        pcode = cmd[2] & 0x3f;
2324        subpcode = cmd[3];
2325        msense_6 = (MODE_SENSE == cmd[0]);
2326        llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2327        is_disk = (sdebug_ptype == TYPE_DISK);
2328        is_zbc = (devip->zmodel != BLK_ZONED_NONE);
2329        if ((is_disk || is_zbc) && !dbd)
2330                bd_len = llbaa ? 16 : 8;
2331        else
2332                bd_len = 0;
2333        alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2334        memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2335        if (0x3 == pcontrol) {  /* Saving values not supported */
2336                mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2337                return check_condition_result;
2338        }
2339        target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2340                        (devip->target * 1000) - 3;
2341        /* for disks+zbc set DPOFUA bit and clear write protect (WP) bit */
2342        if (is_disk || is_zbc) {
2343                dev_spec = 0x10;        /* =0x90 if WP=1 implies read-only */
2344                if (sdebug_wp)
2345                        dev_spec |= 0x80;
2346        } else
2347                dev_spec = 0x0;
2348        if (msense_6) {
2349                arr[2] = dev_spec;
2350                arr[3] = bd_len;
2351                offset = 4;
2352        } else {
2353                arr[3] = dev_spec;
2354                if (16 == bd_len)
2355                        arr[4] = 0x1;   /* set LONGLBA bit */
2356                arr[7] = bd_len;        /* assume 255 or less */
2357                offset = 8;
2358        }
2359        ap = arr + offset;
2360        if ((bd_len > 0) && (!sdebug_capacity))
2361                sdebug_capacity = get_sdebug_capacity();
2362
2363        if (8 == bd_len) {
2364                if (sdebug_capacity > 0xfffffffe)
2365                        put_unaligned_be32(0xffffffff, ap + 0);
2366                else
2367                        put_unaligned_be32(sdebug_capacity, ap + 0);
2368                put_unaligned_be16(sdebug_sector_size, ap + 6);
2369                offset += bd_len;
2370                ap = arr + offset;
2371        } else if (16 == bd_len) {
2372                put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2373                put_unaligned_be32(sdebug_sector_size, ap + 12);
2374                offset += bd_len;
2375                ap = arr + offset;
2376        }
2377
2378        if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2379                /* TODO: Control Extension page */
2380                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2381                return check_condition_result;
2382        }
2383        bad_pcode = false;
2384
2385        switch (pcode) {
2386        case 0x1:       /* Read-Write error recovery page, direct access */
2387                len = resp_err_recov_pg(ap, pcontrol, target);
2388                offset += len;
2389                break;
2390        case 0x2:       /* Disconnect-Reconnect page, all devices */
2391                len = resp_disconnect_pg(ap, pcontrol, target);
2392                offset += len;
2393                break;
2394        case 0x3:       /* Format device page, direct access */
2395                if (is_disk) {
2396                        len = resp_format_pg(ap, pcontrol, target);
2397                        offset += len;
2398                } else
2399                        bad_pcode = true;
2400                break;
2401        case 0x8:       /* Caching page, direct access */
2402                if (is_disk || is_zbc) {
2403                        len = resp_caching_pg(ap, pcontrol, target);
2404                        offset += len;
2405                } else
2406                        bad_pcode = true;
2407                break;
2408        case 0xa:       /* Control Mode page, all devices */
2409                len = resp_ctrl_m_pg(ap, pcontrol, target);
2410                offset += len;
2411                break;
2412        case 0x19:      /* if spc==1 then sas phy, control+discover */
2413                if ((subpcode > 0x2) && (subpcode < 0xff)) {
2414                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2415                        return check_condition_result;
2416                }
2417                len = 0;
2418                if ((0x0 == subpcode) || (0xff == subpcode))
2419                        len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2420                if ((0x1 == subpcode) || (0xff == subpcode))
2421                        len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2422                                                  target_dev_id);
2423                if ((0x2 == subpcode) || (0xff == subpcode))
2424                        len += resp_sas_sha_m_spg(ap + len, pcontrol);
2425                offset += len;
2426                break;
2427        case 0x1c:      /* Informational Exceptions Mode page, all devices */
2428                len = resp_iec_m_pg(ap, pcontrol, target);
2429                offset += len;
2430                break;
2431        case 0x3f:      /* Read all Mode pages */
2432                if ((0 == subpcode) || (0xff == subpcode)) {
2433                        len = resp_err_recov_pg(ap, pcontrol, target);
2434                        len += resp_disconnect_pg(ap + len, pcontrol, target);
2435                        if (is_disk) {
2436                                len += resp_format_pg(ap + len, pcontrol,
2437                                                      target);
2438                                len += resp_caching_pg(ap + len, pcontrol,
2439                                                       target);
2440                        } else if (is_zbc) {
2441                                len += resp_caching_pg(ap + len, pcontrol,
2442                                                       target);
2443                        }
2444                        len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2445                        len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2446                        if (0xff == subpcode) {
2447                                len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2448                                                  target, target_dev_id);
2449                                len += resp_sas_sha_m_spg(ap + len, pcontrol);
2450                        }
2451                        len += resp_iec_m_pg(ap + len, pcontrol, target);
2452                        offset += len;
2453                } else {
2454                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2455                        return check_condition_result;
2456                }
2457                break;
2458        default:
2459                bad_pcode = true;
2460                break;
2461        }
2462        if (bad_pcode) {
2463                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2464                return check_condition_result;
2465        }
2466        if (msense_6)
2467                arr[0] = offset - 1;
2468        else
2469                put_unaligned_be16((offset - 2), arr + 0);
2470        return fill_from_dev_buffer(scp, arr, min_t(int, alloc_len, offset));
2471}
2472
2473#define SDEBUG_MAX_MSELECT_SZ 512
2474
2475static int resp_mode_select(struct scsi_cmnd *scp,
2476                            struct sdebug_dev_info *devip)
2477{
2478        int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2479        int param_len, res, mpage;
2480        unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2481        unsigned char *cmd = scp->cmnd;
2482        int mselect6 = (MODE_SELECT == cmd[0]);
2483
2484        memset(arr, 0, sizeof(arr));
2485        pf = cmd[1] & 0x10;
2486        sp = cmd[1] & 0x1;
2487        param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2488        if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2489                mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2490                return check_condition_result;
2491        }
2492        res = fetch_to_dev_buffer(scp, arr, param_len);
2493        if (-1 == res)
2494                return DID_ERROR << 16;
2495        else if (sdebug_verbose && (res < param_len))
2496                sdev_printk(KERN_INFO, scp->device,
2497                            "%s: cdb indicated=%d, IO sent=%d bytes\n",
2498                            __func__, param_len, res);
2499        md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2500        bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2501        if (md_len > 2) {
2502                mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2503                return check_condition_result;
2504        }
2505        off = bd_len + (mselect6 ? 4 : 8);
2506        mpage = arr[off] & 0x3f;
2507        ps = !!(arr[off] & 0x80);
2508        if (ps) {
2509                mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2510                return check_condition_result;
2511        }
2512        spf = !!(arr[off] & 0x40);
2513        pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2514                       (arr[off + 1] + 2);
2515        if ((pg_len + off) > param_len) {
2516                mk_sense_buffer(scp, ILLEGAL_REQUEST,
2517                                PARAMETER_LIST_LENGTH_ERR, 0);
2518                return check_condition_result;
2519        }
2520        switch (mpage) {
2521        case 0x8:      /* Caching Mode page */
2522                if (caching_pg[1] == arr[off + 1]) {
2523                        memcpy(caching_pg + 2, arr + off + 2,
2524                               sizeof(caching_pg) - 2);
2525                        goto set_mode_changed_ua;
2526                }
2527                break;
2528        case 0xa:      /* Control Mode page */
2529                if (ctrl_m_pg[1] == arr[off + 1]) {
2530                        memcpy(ctrl_m_pg + 2, arr + off + 2,
2531                               sizeof(ctrl_m_pg) - 2);
2532                        if (ctrl_m_pg[4] & 0x8)
2533                                sdebug_wp = true;
2534                        else
2535                                sdebug_wp = false;
2536                        sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2537                        goto set_mode_changed_ua;
2538                }
2539                break;
2540        case 0x1c:      /* Informational Exceptions Mode page */
2541                if (iec_m_pg[1] == arr[off + 1]) {
2542                        memcpy(iec_m_pg + 2, arr + off + 2,
2543                               sizeof(iec_m_pg) - 2);
2544                        goto set_mode_changed_ua;
2545                }
2546                break;
2547        default:
2548                break;
2549        }
2550        mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2551        return check_condition_result;
2552set_mode_changed_ua:
2553        set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2554        return 0;
2555}
2556
2557static int resp_temp_l_pg(unsigned char *arr)
2558{
2559        unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2560                                     0x0, 0x1, 0x3, 0x2, 0x0, 65,
2561                };
2562
2563        memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2564        return sizeof(temp_l_pg);
2565}
2566
2567static int resp_ie_l_pg(unsigned char *arr)
2568{
2569        unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2570                };
2571
2572        memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2573        if (iec_m_pg[2] & 0x4) {        /* TEST bit set */
2574                arr[4] = THRESHOLD_EXCEEDED;
2575                arr[5] = 0xff;
2576        }
2577        return sizeof(ie_l_pg);
2578}
2579
2580#define SDEBUG_MAX_LSENSE_SZ 512
2581
2582static int resp_log_sense(struct scsi_cmnd *scp,
2583                          struct sdebug_dev_info *devip)
2584{
2585        int ppc, sp, pcode, subpcode, alloc_len, len, n;
2586        unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2587        unsigned char *cmd = scp->cmnd;
2588
2589        memset(arr, 0, sizeof(arr));
2590        ppc = cmd[1] & 0x2;
2591        sp = cmd[1] & 0x1;
2592        if (ppc || sp) {
2593                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2594                return check_condition_result;
2595        }
2596        pcode = cmd[2] & 0x3f;
2597        subpcode = cmd[3] & 0xff;
2598        alloc_len = get_unaligned_be16(cmd + 7);
2599        arr[0] = pcode;
2600        if (0 == subpcode) {
2601                switch (pcode) {
2602                case 0x0:       /* Supported log pages log page */
2603                        n = 4;
2604                        arr[n++] = 0x0;         /* this page */
2605                        arr[n++] = 0xd;         /* Temperature */
2606                        arr[n++] = 0x2f;        /* Informational exceptions */
2607                        arr[3] = n - 4;
2608                        break;
2609                case 0xd:       /* Temperature log page */
2610                        arr[3] = resp_temp_l_pg(arr + 4);
2611                        break;
2612                case 0x2f:      /* Informational exceptions log page */
2613                        arr[3] = resp_ie_l_pg(arr + 4);
2614                        break;
2615                default:
2616                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2617                        return check_condition_result;
2618                }
2619        } else if (0xff == subpcode) {
2620                arr[0] |= 0x40;
2621                arr[1] = subpcode;
2622                switch (pcode) {
2623                case 0x0:       /* Supported log pages and subpages log page */
2624                        n = 4;
2625                        arr[n++] = 0x0;
2626                        arr[n++] = 0x0;         /* 0,0 page */
2627                        arr[n++] = 0x0;
2628                        arr[n++] = 0xff;        /* this page */
2629                        arr[n++] = 0xd;
2630                        arr[n++] = 0x0;         /* Temperature */
2631                        arr[n++] = 0x2f;
2632                        arr[n++] = 0x0; /* Informational exceptions */
2633                        arr[3] = n - 4;
2634                        break;
2635                case 0xd:       /* Temperature subpages */
2636                        n = 4;
2637                        arr[n++] = 0xd;
2638                        arr[n++] = 0x0;         /* Temperature */
2639                        arr[3] = n - 4;
2640                        break;
2641                case 0x2f:      /* Informational exceptions subpages */
2642                        n = 4;
2643                        arr[n++] = 0x2f;
2644                        arr[n++] = 0x0;         /* Informational exceptions */
2645                        arr[3] = n - 4;
2646                        break;
2647                default:
2648                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2649                        return check_condition_result;
2650                }
2651        } else {
2652                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2653                return check_condition_result;
2654        }
2655        len = min_t(int, get_unaligned_be16(arr + 2) + 4, alloc_len);
2656        return fill_from_dev_buffer(scp, arr,
2657                    min_t(int, len, SDEBUG_MAX_INQ_ARR_SZ));
2658}
2659
2660static inline bool sdebug_dev_is_zoned(struct sdebug_dev_info *devip)
2661{
2662        return devip->nr_zones != 0;
2663}
2664
2665static struct sdeb_zone_state *zbc_zone(struct sdebug_dev_info *devip,
2666                                        unsigned long long lba)
2667{
2668        return &devip->zstate[lba >> devip->zsize_shift];
2669}
2670
2671static inline bool zbc_zone_is_conv(struct sdeb_zone_state *zsp)
2672{
2673        return zsp->z_type == ZBC_ZONE_TYPE_CNV;
2674}
2675
2676static void zbc_close_zone(struct sdebug_dev_info *devip,
2677                           struct sdeb_zone_state *zsp)
2678{
2679        enum sdebug_z_cond zc;
2680
2681        if (zbc_zone_is_conv(zsp))
2682                return;
2683
2684        zc = zsp->z_cond;
2685        if (!(zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN))
2686                return;
2687
2688        if (zc == ZC2_IMPLICIT_OPEN)
2689                devip->nr_imp_open--;
2690        else
2691                devip->nr_exp_open--;
2692
2693        if (zsp->z_wp == zsp->z_start) {
2694                zsp->z_cond = ZC1_EMPTY;
2695        } else {
2696                zsp->z_cond = ZC4_CLOSED;
2697                devip->nr_closed++;
2698        }
2699}
2700
2701static void zbc_close_imp_open_zone(struct sdebug_dev_info *devip)
2702{
2703        struct sdeb_zone_state *zsp = &devip->zstate[0];
2704        unsigned int i;
2705
2706        for (i = 0; i < devip->nr_zones; i++, zsp++) {
2707                if (zsp->z_cond == ZC2_IMPLICIT_OPEN) {
2708                        zbc_close_zone(devip, zsp);
2709                        return;
2710                }
2711        }
2712}
2713
2714static void zbc_open_zone(struct sdebug_dev_info *devip,
2715                          struct sdeb_zone_state *zsp, bool explicit)
2716{
2717        enum sdebug_z_cond zc;
2718
2719        if (zbc_zone_is_conv(zsp))
2720                return;
2721
2722        zc = zsp->z_cond;
2723        if ((explicit && zc == ZC3_EXPLICIT_OPEN) ||
2724            (!explicit && zc == ZC2_IMPLICIT_OPEN))
2725                return;
2726
2727        /* Close an implicit open zone if necessary */
2728        if (explicit && zsp->z_cond == ZC2_IMPLICIT_OPEN)
2729                zbc_close_zone(devip, zsp);
2730        else if (devip->max_open &&
2731                 devip->nr_imp_open + devip->nr_exp_open >= devip->max_open)
2732                zbc_close_imp_open_zone(devip);
2733
2734        if (zsp->z_cond == ZC4_CLOSED)
2735                devip->nr_closed--;
2736        if (explicit) {
2737                zsp->z_cond = ZC3_EXPLICIT_OPEN;
2738                devip->nr_exp_open++;
2739        } else {
2740                zsp->z_cond = ZC2_IMPLICIT_OPEN;
2741                devip->nr_imp_open++;
2742        }
2743}
2744
2745static void zbc_inc_wp(struct sdebug_dev_info *devip,
2746                       unsigned long long lba, unsigned int num)
2747{
2748        struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2749        unsigned long long n, end, zend = zsp->z_start + zsp->z_size;
2750
2751        if (zbc_zone_is_conv(zsp))
2752                return;
2753
2754        if (zsp->z_type == ZBC_ZONE_TYPE_SWR) {
2755                zsp->z_wp += num;
2756                if (zsp->z_wp >= zend)
2757                        zsp->z_cond = ZC5_FULL;
2758                return;
2759        }
2760
2761        while (num) {
2762                if (lba != zsp->z_wp)
2763                        zsp->z_non_seq_resource = true;
2764
2765                end = lba + num;
2766                if (end >= zend) {
2767                        n = zend - lba;
2768                        zsp->z_wp = zend;
2769                } else if (end > zsp->z_wp) {
2770                        n = num;
2771                        zsp->z_wp = end;
2772                } else {
2773                        n = num;
2774                }
2775                if (zsp->z_wp >= zend)
2776                        zsp->z_cond = ZC5_FULL;
2777
2778                num -= n;
2779                lba += n;
2780                if (num) {
2781                        zsp++;
2782                        zend = zsp->z_start + zsp->z_size;
2783                }
2784        }
2785}
2786
2787static int check_zbc_access_params(struct scsi_cmnd *scp,
2788                        unsigned long long lba, unsigned int num, bool write)
2789{
2790        struct scsi_device *sdp = scp->device;
2791        struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2792        struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2793        struct sdeb_zone_state *zsp_end = zbc_zone(devip, lba + num - 1);
2794
2795        if (!write) {
2796                if (devip->zmodel == BLK_ZONED_HA)
2797                        return 0;
2798                /* For host-managed, reads cannot cross zone types boundaries */
2799                if (zsp_end != zsp &&
2800                    zbc_zone_is_conv(zsp) &&
2801                    !zbc_zone_is_conv(zsp_end)) {
2802                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
2803                                        LBA_OUT_OF_RANGE,
2804                                        READ_INVDATA_ASCQ);
2805                        return check_condition_result;
2806                }
2807                return 0;
2808        }
2809
2810        /* No restrictions for writes within conventional zones */
2811        if (zbc_zone_is_conv(zsp)) {
2812                if (!zbc_zone_is_conv(zsp_end)) {
2813                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
2814                                        LBA_OUT_OF_RANGE,
2815                                        WRITE_BOUNDARY_ASCQ);
2816                        return check_condition_result;
2817                }
2818                return 0;
2819        }
2820
2821        if (zsp->z_type == ZBC_ZONE_TYPE_SWR) {
2822                /* Writes cannot cross sequential zone boundaries */
2823                if (zsp_end != zsp) {
2824                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
2825                                        LBA_OUT_OF_RANGE,
2826                                        WRITE_BOUNDARY_ASCQ);
2827                        return check_condition_result;
2828                }
2829                /* Cannot write full zones */
2830                if (zsp->z_cond == ZC5_FULL) {
2831                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
2832                                        INVALID_FIELD_IN_CDB, 0);
2833                        return check_condition_result;
2834                }
2835                /* Writes must be aligned to the zone WP */
2836                if (lba != zsp->z_wp) {
2837                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
2838                                        LBA_OUT_OF_RANGE,
2839                                        UNALIGNED_WRITE_ASCQ);
2840                        return check_condition_result;
2841                }
2842        }
2843
2844        /* Handle implicit open of closed and empty zones */
2845        if (zsp->z_cond == ZC1_EMPTY || zsp->z_cond == ZC4_CLOSED) {
2846                if (devip->max_open &&
2847                    devip->nr_exp_open >= devip->max_open) {
2848                        mk_sense_buffer(scp, DATA_PROTECT,
2849                                        INSUFF_RES_ASC,
2850                                        INSUFF_ZONE_ASCQ);
2851                        return check_condition_result;
2852                }
2853                zbc_open_zone(devip, zsp, false);
2854        }
2855
2856        return 0;
2857}
2858
2859static inline int check_device_access_params
2860                        (struct scsi_cmnd *scp, unsigned long long lba,
2861                         unsigned int num, bool write)
2862{
2863        struct scsi_device *sdp = scp->device;
2864        struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2865
2866        if (lba + num > sdebug_capacity) {
2867                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2868                return check_condition_result;
2869        }
2870        /* transfer length excessive (tie in to block limits VPD page) */
2871        if (num > sdebug_store_sectors) {
2872                /* needs work to find which cdb byte 'num' comes from */
2873                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2874                return check_condition_result;
2875        }
2876        if (write && unlikely(sdebug_wp)) {
2877                mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
2878                return check_condition_result;
2879        }
2880        if (sdebug_dev_is_zoned(devip))
2881                return check_zbc_access_params(scp, lba, num, write);
2882
2883        return 0;
2884}
2885
2886/*
2887 * Note: if BUG_ON() fires it usually indicates a problem with the parser
2888 * tables. Perhaps a missing F_FAKE_RW or FF_MEDIA_IO flag. Response functions
2889 * that access any of the "stores" in struct sdeb_store_info should call this
2890 * function with bug_if_fake_rw set to true.
2891 */
2892static inline struct sdeb_store_info *devip2sip(struct sdebug_dev_info *devip,
2893                                                bool bug_if_fake_rw)
2894{
2895        if (sdebug_fake_rw) {
2896                BUG_ON(bug_if_fake_rw); /* See note above */
2897                return NULL;
2898        }
2899        return xa_load(per_store_ap, devip->sdbg_host->si_idx);
2900}
2901
2902/* Returns number of bytes copied or -1 if error. */
2903static int do_device_access(struct sdeb_store_info *sip, struct scsi_cmnd *scp,
2904                            u32 sg_skip, u64 lba, u32 num, bool do_write)
2905{
2906        int ret;
2907        u64 block, rest = 0;
2908        enum dma_data_direction dir;
2909        struct scsi_data_buffer *sdb = &scp->sdb;
2910        u8 *fsp;
2911
2912        if (do_write) {
2913                dir = DMA_TO_DEVICE;
2914                write_since_sync = true;
2915        } else {
2916                dir = DMA_FROM_DEVICE;
2917        }
2918
2919        if (!sdb->length || !sip)
2920                return 0;
2921        if (scp->sc_data_direction != dir)
2922                return -1;
2923        fsp = sip->storep;
2924
2925        block = do_div(lba, sdebug_store_sectors);
2926        if (block + num > sdebug_store_sectors)
2927                rest = block + num - sdebug_store_sectors;
2928
2929        ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2930                   fsp + (block * sdebug_sector_size),
2931                   (num - rest) * sdebug_sector_size, sg_skip, do_write);
2932        if (ret != (num - rest) * sdebug_sector_size)
2933                return ret;
2934
2935        if (rest) {
2936                ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2937                            fsp, rest * sdebug_sector_size,
2938                            sg_skip + ((num - rest) * sdebug_sector_size),
2939                            do_write);
2940        }
2941
2942        return ret;
2943}
2944
2945/* Returns number of bytes copied or -1 if error. */
2946static int do_dout_fetch(struct scsi_cmnd *scp, u32 num, u8 *doutp)
2947{
2948        struct scsi_data_buffer *sdb = &scp->sdb;
2949
2950        if (!sdb->length)
2951                return 0;
2952        if (scp->sc_data_direction != DMA_TO_DEVICE)
2953                return -1;
2954        return sg_copy_buffer(sdb->table.sgl, sdb->table.nents, doutp,
2955                              num * sdebug_sector_size, 0, true);
2956}
2957
2958/* If sip->storep+lba compares equal to arr(num), then copy top half of
2959 * arr into sip->storep+lba and return true. If comparison fails then
2960 * return false. */
2961static bool comp_write_worker(struct sdeb_store_info *sip, u64 lba, u32 num,
2962                              const u8 *arr, bool compare_only)
2963{
2964        bool res;
2965        u64 block, rest = 0;
2966        u32 store_blks = sdebug_store_sectors;
2967        u32 lb_size = sdebug_sector_size;
2968        u8 *fsp = sip->storep;
2969
2970        block = do_div(lba, store_blks);
2971        if (block + num > store_blks)
2972                rest = block + num - store_blks;
2973
2974        res = !memcmp(fsp + (block * lb_size), arr, (num - rest) * lb_size);
2975        if (!res)
2976                return res;
2977        if (rest)
2978                res = memcmp(fsp, arr + ((num - rest) * lb_size),
2979                             rest * lb_size);
2980        if (!res)
2981                return res;
2982        if (compare_only)
2983                return true;
2984        arr += num * lb_size;
2985        memcpy(fsp + (block * lb_size), arr, (num - rest) * lb_size);
2986        if (rest)
2987                memcpy(fsp, arr + ((num - rest) * lb_size), rest * lb_size);
2988        return res;
2989}
2990
2991static __be16 dif_compute_csum(const void *buf, int len)
2992{
2993        __be16 csum;
2994
2995        if (sdebug_guard)
2996                csum = (__force __be16)ip_compute_csum(buf, len);
2997        else
2998                csum = cpu_to_be16(crc_t10dif(buf, len));
2999
3000        return csum;
3001}
3002
3003static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
3004                      sector_t sector, u32 ei_lba)
3005{
3006        __be16 csum = dif_compute_csum(data, sdebug_sector_size);
3007
3008        if (sdt->guard_tag != csum) {
3009                pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
3010                        (unsigned long)sector,
3011                        be16_to_cpu(sdt->guard_tag),
3012                        be16_to_cpu(csum));
3013                return 0x01;
3014        }
3015        if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
3016            be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
3017                pr_err("REF check failed on sector %lu\n",
3018                        (unsigned long)sector);
3019                return 0x03;
3020        }
3021        if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3022            be32_to_cpu(sdt->ref_tag) != ei_lba) {
3023                pr_err("REF check failed on sector %lu\n",
3024                        (unsigned long)sector);
3025                return 0x03;
3026        }
3027        return 0;
3028}
3029
3030static void dif_copy_prot(struct scsi_cmnd *scp, sector_t sector,
3031                          unsigned int sectors, bool read)
3032{
3033        size_t resid;
3034        void *paddr;
3035        struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3036                                                scp->device->hostdata, true);
3037        struct t10_pi_tuple *dif_storep = sip->dif_storep;
3038        const void *dif_store_end = dif_storep + sdebug_store_sectors;
3039        struct sg_mapping_iter miter;
3040
3041        /* Bytes of protection data to copy into sgl */
3042        resid = sectors * sizeof(*dif_storep);
3043
3044        sg_miter_start(&miter, scsi_prot_sglist(scp),
3045                       scsi_prot_sg_count(scp), SG_MITER_ATOMIC |
3046                       (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
3047
3048        while (sg_miter_next(&miter) && resid > 0) {
3049                size_t len = min_t(size_t, miter.length, resid);
3050                void *start = dif_store(sip, sector);
3051                size_t rest = 0;
3052
3053                if (dif_store_end < start + len)
3054                        rest = start + len - dif_store_end;
3055
3056                paddr = miter.addr;
3057
3058                if (read)
3059                        memcpy(paddr, start, len - rest);
3060                else
3061                        memcpy(start, paddr, len - rest);
3062
3063                if (rest) {
3064                        if (read)
3065                                memcpy(paddr + len - rest, dif_storep, rest);
3066                        else
3067                                memcpy(dif_storep, paddr + len - rest, rest);
3068                }
3069
3070                sector += len / sizeof(*dif_storep);
3071                resid -= len;
3072        }
3073        sg_miter_stop(&miter);
3074}
3075
3076static int prot_verify_read(struct scsi_cmnd *scp, sector_t start_sec,
3077                            unsigned int sectors, u32 ei_lba)
3078{
3079        unsigned int i;
3080        sector_t sector;
3081        struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3082                                                scp->device->hostdata, true);
3083        struct t10_pi_tuple *sdt;
3084
3085        for (i = 0; i < sectors; i++, ei_lba++) {
3086                int ret;
3087
3088                sector = start_sec + i;
3089                sdt = dif_store(sip, sector);
3090
3091                if (sdt->app_tag == cpu_to_be16(0xffff))
3092                        continue;
3093
3094                ret = dif_verify(sdt, lba2fake_store(sip, sector), sector,
3095                                 ei_lba);
3096                if (ret) {
3097                        dif_errors++;
3098                        return ret;
3099                }
3100        }
3101
3102        dif_copy_prot(scp, start_sec, sectors, true);
3103        dix_reads++;
3104
3105        return 0;
3106}
3107
3108static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3109{
3110        bool check_prot;
3111        u32 num;
3112        u32 ei_lba;
3113        int ret;
3114        u64 lba;
3115        struct sdeb_store_info *sip = devip2sip(devip, true);
3116        rwlock_t *macc_lckp = sip ? &sip->macc_lck : &sdeb_fake_rw_lck;
3117        u8 *cmd = scp->cmnd;
3118
3119        switch (cmd[0]) {
3120        case READ_16:
3121                ei_lba = 0;
3122                lba = get_unaligned_be64(cmd + 2);
3123                num = get_unaligned_be32(cmd + 10);
3124                check_prot = true;
3125                break;
3126        case READ_10:
3127                ei_lba = 0;
3128                lba = get_unaligned_be32(cmd + 2);
3129                num = get_unaligned_be16(cmd + 7);
3130                check_prot = true;
3131                break;
3132        case READ_6:
3133                ei_lba = 0;
3134                lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3135                      (u32)(cmd[1] & 0x1f) << 16;
3136                num = (0 == cmd[4]) ? 256 : cmd[4];
3137                check_prot = true;
3138                break;
3139        case READ_12:
3140                ei_lba = 0;
3141                lba = get_unaligned_be32(cmd + 2);
3142                num = get_unaligned_be32(cmd + 6);
3143                check_prot = true;
3144                break;
3145        case XDWRITEREAD_10:
3146                ei_lba = 0;
3147                lba = get_unaligned_be32(cmd + 2);
3148                num = get_unaligned_be16(cmd + 7);
3149                check_prot = false;
3150                break;
3151        default:        /* assume READ(32) */
3152                lba = get_unaligned_be64(cmd + 12);
3153                ei_lba = get_unaligned_be32(cmd + 20);
3154                num = get_unaligned_be32(cmd + 28);
3155                check_prot = false;
3156                break;
3157        }
3158        if (unlikely(have_dif_prot && check_prot)) {
3159                if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3160                    (cmd[1] & 0xe0)) {
3161                        mk_sense_invalid_opcode(scp);
3162                        return check_condition_result;
3163                }
3164                if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3165                     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3166                    (cmd[1] & 0xe0) == 0)
3167                        sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
3168                                    "to DIF device\n");
3169        }
3170        if (unlikely((sdebug_opts & SDEBUG_OPT_SHORT_TRANSFER) &&
3171                     atomic_read(&sdeb_inject_pending))) {
3172                num /= 2;
3173                atomic_set(&sdeb_inject_pending, 0);
3174        }
3175
3176        ret = check_device_access_params(scp, lba, num, false);
3177        if (ret)
3178                return ret;
3179        if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
3180                     (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
3181                     ((lba + num) > sdebug_medium_error_start))) {
3182                /* claim unrecoverable read error */
3183                mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
3184                /* set info field and valid bit for fixed descriptor */
3185                if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
3186                        scp->sense_buffer[0] |= 0x80;   /* Valid bit */
3187                        ret = (lba < OPT_MEDIUM_ERR_ADDR)
3188                              ? OPT_MEDIUM_ERR_ADDR : (int)lba;
3189                        put_unaligned_be32(ret, scp->sense_buffer + 3);
3190                }
3191                scsi_set_resid(scp, scsi_bufflen(scp));
3192                return check_condition_result;
3193        }
3194
3195        read_lock(macc_lckp);
3196
3197        /* DIX + T10 DIF */
3198        if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3199                int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
3200
3201                if (prot_ret) {
3202                        read_unlock(macc_lckp);
3203                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
3204                        return illegal_condition_result;
3205                }
3206        }
3207
3208        ret = do_device_access(sip, scp, 0, lba, num, false);
3209        read_unlock(macc_lckp);
3210        if (unlikely(ret == -1))
3211                return DID_ERROR << 16;
3212
3213        scsi_set_resid(scp, scsi_bufflen(scp) - ret);
3214
3215        if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3216                     atomic_read(&sdeb_inject_pending))) {
3217                if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3218                        mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3219                        atomic_set(&sdeb_inject_pending, 0);
3220                        return check_condition_result;
3221                } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3222                        /* Logical block guard check failed */
3223                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3224                        atomic_set(&sdeb_inject_pending, 0);
3225                        return illegal_condition_result;
3226                } else if (SDEBUG_OPT_DIX_ERR & sdebug_opts) {
3227                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3228                        atomic_set(&sdeb_inject_pending, 0);
3229                        return illegal_condition_result;
3230                }
3231        }
3232        return 0;
3233}
3234
3235static void dump_sector(unsigned char *buf, int len)
3236{
3237        int i, j, n;
3238
3239        pr_err(">>> Sector Dump <<<\n");
3240        for (i = 0 ; i < len ; i += 16) {
3241                char b[128];
3242
3243                for (j = 0, n = 0; j < 16; j++) {
3244                        unsigned char c = buf[i+j];
3245
3246                        if (c >= 0x20 && c < 0x7e)
3247                                n += scnprintf(b + n, sizeof(b) - n,
3248                                               " %c ", buf[i+j]);
3249                        else
3250                                n += scnprintf(b + n, sizeof(b) - n,
3251                                               "%02x ", buf[i+j]);
3252                }
3253                pr_err("%04d: %s\n", i, b);
3254        }
3255}
3256
3257static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
3258                             unsigned int sectors, u32 ei_lba)
3259{
3260        int ret;
3261        struct t10_pi_tuple *sdt;
3262        void *daddr;
3263        sector_t sector = start_sec;
3264        int ppage_offset;
3265        int dpage_offset;
3266        struct sg_mapping_iter diter;
3267        struct sg_mapping_iter piter;
3268
3269        BUG_ON(scsi_sg_count(SCpnt) == 0);
3270        BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
3271
3272        sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
3273                        scsi_prot_sg_count(SCpnt),
3274                        SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3275        sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
3276                        SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3277
3278        /* For each protection page */
3279        while (sg_miter_next(&piter)) {
3280                dpage_offset = 0;
3281                if (WARN_ON(!sg_miter_next(&diter))) {
3282                        ret = 0x01;
3283                        goto out;
3284                }
3285
3286                for (ppage_offset = 0; ppage_offset < piter.length;
3287                     ppage_offset += sizeof(struct t10_pi_tuple)) {
3288                        /* If we're at the end of the current
3289                         * data page advance to the next one
3290                         */
3291                        if (dpage_offset >= diter.length) {
3292                                if (WARN_ON(!sg_miter_next(&diter))) {
3293                                        ret = 0x01;
3294                                        goto out;
3295                                }
3296                                dpage_offset = 0;
3297                        }
3298
3299                        sdt = piter.addr + ppage_offset;
3300                        daddr = diter.addr + dpage_offset;
3301
3302                        ret = dif_verify(sdt, daddr, sector, ei_lba);
3303                        if (ret) {
3304                                dump_sector(daddr, sdebug_sector_size);
3305                                goto out;
3306                        }
3307
3308                        sector++;
3309                        ei_lba++;
3310                        dpage_offset += sdebug_sector_size;
3311                }
3312                diter.consumed = dpage_offset;
3313                sg_miter_stop(&diter);
3314        }
3315        sg_miter_stop(&piter);
3316
3317        dif_copy_prot(SCpnt, start_sec, sectors, false);
3318        dix_writes++;
3319
3320        return 0;
3321
3322out:
3323        dif_errors++;
3324        sg_miter_stop(&diter);
3325        sg_miter_stop(&piter);
3326        return ret;
3327}
3328
3329static unsigned long lba_to_map_index(sector_t lba)
3330{
3331        if (sdebug_unmap_alignment)
3332                lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
3333        sector_div(lba, sdebug_unmap_granularity);
3334        return lba;
3335}
3336
3337static sector_t map_index_to_lba(unsigned long index)
3338{
3339        sector_t lba = index * sdebug_unmap_granularity;
3340
3341        if (sdebug_unmap_alignment)
3342                lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
3343        return lba;
3344}
3345
3346static unsigned int map_state(struct sdeb_store_info *sip, sector_t lba,
3347                              unsigned int *num)
3348{
3349        sector_t end;
3350        unsigned int mapped;
3351        unsigned long index;
3352        unsigned long next;
3353
3354        index = lba_to_map_index(lba);
3355        mapped = test_bit(index, sip->map_storep);
3356
3357        if (mapped)
3358                next = find_next_zero_bit(sip->map_storep, map_size, index);
3359        else
3360                next = find_next_bit(sip->map_storep, map_size, index);
3361
3362        end = min_t(sector_t, sdebug_store_sectors,  map_index_to_lba(next));
3363        *num = end - lba;
3364        return mapped;
3365}
3366
3367static void map_region(struct sdeb_store_info *sip, sector_t lba,
3368                       unsigned int len)
3369{
3370        sector_t end = lba + len;
3371
3372        while (lba < end) {
3373                unsigned long index = lba_to_map_index(lba);
3374
3375                if (index < map_size)
3376                        set_bit(index, sip->map_storep);
3377
3378                lba = map_index_to_lba(index + 1);
3379        }
3380}
3381
3382static void unmap_region(struct sdeb_store_info *sip, sector_t lba,
3383                         unsigned int len)
3384{
3385        sector_t end = lba + len;
3386        u8 *fsp = sip->storep;
3387
3388        while (lba < end) {
3389                unsigned long index = lba_to_map_index(lba);
3390
3391                if (lba == map_index_to_lba(index) &&
3392                    lba + sdebug_unmap_granularity <= end &&
3393                    index < map_size) {
3394                        clear_bit(index, sip->map_storep);
3395                        if (sdebug_lbprz) {  /* for LBPRZ=2 return 0xff_s */
3396                                memset(fsp + lba * sdebug_sector_size,
3397                                       (sdebug_lbprz & 1) ? 0 : 0xff,
3398                                       sdebug_sector_size *
3399                                       sdebug_unmap_granularity);
3400                        }
3401                        if (sip->dif_storep) {
3402                                memset(sip->dif_storep + lba, 0xff,
3403                                       sizeof(*sip->dif_storep) *
3404                                       sdebug_unmap_granularity);
3405                        }
3406                }
3407                lba = map_index_to_lba(index + 1);
3408        }
3409}
3410
3411static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3412{
3413        bool check_prot;
3414        u32 num;
3415        u32 ei_lba;
3416        int ret;
3417        u64 lba;
3418        struct sdeb_store_info *sip = devip2sip(devip, true);
3419        rwlock_t *macc_lckp = &sip->macc_lck;
3420        u8 *cmd = scp->cmnd;
3421
3422        switch (cmd[0]) {
3423        case WRITE_16:
3424                ei_lba = 0;
3425                lba = get_unaligned_be64(cmd + 2);
3426                num = get_unaligned_be32(cmd + 10);
3427                check_prot = true;
3428                break;
3429        case WRITE_10:
3430                ei_lba = 0;
3431                lba = get_unaligned_be32(cmd + 2);
3432                num = get_unaligned_be16(cmd + 7);
3433                check_prot = true;
3434                break;
3435        case WRITE_6:
3436                ei_lba = 0;
3437                lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3438                      (u32)(cmd[1] & 0x1f) << 16;
3439                num = (0 == cmd[4]) ? 256 : cmd[4];
3440                check_prot = true;
3441                break;
3442        case WRITE_12:
3443                ei_lba = 0;
3444                lba = get_unaligned_be32(cmd + 2);
3445                num = get_unaligned_be32(cmd + 6);
3446                check_prot = true;
3447                break;
3448        case 0x53:      /* XDWRITEREAD(10) */
3449                ei_lba = 0;
3450                lba = get_unaligned_be32(cmd + 2);
3451                num = get_unaligned_be16(cmd + 7);
3452                check_prot = false;
3453                break;
3454        default:        /* assume WRITE(32) */
3455                lba = get_unaligned_be64(cmd + 12);
3456                ei_lba = get_unaligned_be32(cmd + 20);
3457                num = get_unaligned_be32(cmd + 28);
3458                check_prot = false;
3459                break;
3460        }
3461        if (unlikely(have_dif_prot && check_prot)) {
3462                if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3463                    (cmd[1] & 0xe0)) {
3464                        mk_sense_invalid_opcode(scp);
3465                        return check_condition_result;
3466                }
3467                if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3468                     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3469                    (cmd[1] & 0xe0) == 0)
3470                        sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3471                                    "to DIF device\n");
3472        }
3473
3474        write_lock(macc_lckp);
3475        ret = check_device_access_params(scp, lba, num, true);
3476        if (ret) {
3477                write_unlock(macc_lckp);
3478                return ret;
3479        }
3480
3481        /* DIX + T10 DIF */
3482        if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3483                int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
3484
3485                if (prot_ret) {
3486                        write_unlock(macc_lckp);
3487                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
3488                        return illegal_condition_result;
3489                }
3490        }
3491
3492        ret = do_device_access(sip, scp, 0, lba, num, true);
3493        if (unlikely(scsi_debug_lbp()))
3494                map_region(sip, lba, num);
3495        /* If ZBC zone then bump its write pointer */
3496        if (sdebug_dev_is_zoned(devip))
3497                zbc_inc_wp(devip, lba, num);
3498        write_unlock(macc_lckp);
3499        if (unlikely(-1 == ret))
3500                return DID_ERROR << 16;
3501        else if (unlikely(sdebug_verbose &&
3502                          (ret < (num * sdebug_sector_size))))
3503                sdev_printk(KERN_INFO, scp->device,
3504                            "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3505                            my_name, num * sdebug_sector_size, ret);
3506
3507        if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3508                     atomic_read(&sdeb_inject_pending))) {
3509                if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3510                        mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3511                        atomic_set(&sdeb_inject_pending, 0);
3512                        return check_condition_result;
3513                } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3514                        /* Logical block guard check failed */
3515                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3516                        atomic_set(&sdeb_inject_pending, 0);
3517                        return illegal_condition_result;
3518                } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3519                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3520                        atomic_set(&sdeb_inject_pending, 0);
3521                        return illegal_condition_result;
3522                }
3523        }
3524        return 0;
3525}
3526
3527/*
3528 * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
3529 * No READ GATHERED yet (requires bidi or long cdb holding gather list).
3530 */
3531static int resp_write_scat(struct scsi_cmnd *scp,
3532                           struct sdebug_dev_info *devip)
3533{
3534        u8 *cmd = scp->cmnd;
3535        u8 *lrdp = NULL;
3536        u8 *up;
3537        struct sdeb_store_info *sip = devip2sip(devip, true);
3538        rwlock_t *macc_lckp = &sip->macc_lck;
3539        u8 wrprotect;
3540        u16 lbdof, num_lrd, k;
3541        u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
3542        u32 lb_size = sdebug_sector_size;
3543        u32 ei_lba;
3544        u64 lba;
3545        int ret, res;
3546        bool is_16;
3547        static const u32 lrd_size = 32; /* + parameter list header size */
3548
3549        if (cmd[0] == VARIABLE_LENGTH_CMD) {
3550                is_16 = false;
3551                wrprotect = (cmd[10] >> 5) & 0x7;
3552                lbdof = get_unaligned_be16(cmd + 12);
3553                num_lrd = get_unaligned_be16(cmd + 16);
3554                bt_len = get_unaligned_be32(cmd + 28);
3555        } else {        /* that leaves WRITE SCATTERED(16) */
3556                is_16 = true;
3557                wrprotect = (cmd[2] >> 5) & 0x7;
3558                lbdof = get_unaligned_be16(cmd + 4);
3559                num_lrd = get_unaligned_be16(cmd + 8);
3560                bt_len = get_unaligned_be32(cmd + 10);
3561                if (unlikely(have_dif_prot)) {
3562                        if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3563                            wrprotect) {
3564                                mk_sense_invalid_opcode(scp);
3565                                return illegal_condition_result;
3566                        }
3567                        if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3568                             sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3569                             wrprotect == 0)
3570                                sdev_printk(KERN_ERR, scp->device,
3571                                            "Unprotected WR to DIF device\n");
3572                }
3573        }
3574        if ((num_lrd == 0) || (bt_len == 0))
3575                return 0;       /* T10 says these do-nothings are not errors */
3576        if (lbdof == 0) {
3577                if (sdebug_verbose)
3578                        sdev_printk(KERN_INFO, scp->device,
3579                                "%s: %s: LB Data Offset field bad\n",
3580                                my_name, __func__);
3581                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3582                return illegal_condition_result;
3583        }
3584        lbdof_blen = lbdof * lb_size;
3585        if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
3586                if (sdebug_verbose)
3587                        sdev_printk(KERN_INFO, scp->device,
3588                                "%s: %s: LBA range descriptors don't fit\n",
3589                                my_name, __func__);
3590                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3591                return illegal_condition_result;
3592        }
3593        lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
3594        if (lrdp == NULL)
3595                return SCSI_MLQUEUE_HOST_BUSY;
3596        if (sdebug_verbose)
3597                sdev_printk(KERN_INFO, scp->device,
3598                        "%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
3599                        my_name, __func__, lbdof_blen);
3600        res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
3601        if (res == -1) {
3602                ret = DID_ERROR << 16;
3603                goto err_out;
3604        }
3605
3606        write_lock(macc_lckp);
3607        sg_off = lbdof_blen;
3608        /* Spec says Buffer xfer Length field in number of LBs in dout */
3609        cum_lb = 0;
3610        for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
3611                lba = get_unaligned_be64(up + 0);
3612                num = get_unaligned_be32(up + 8);
3613                if (sdebug_verbose)
3614                        sdev_printk(KERN_INFO, scp->device,
3615                                "%s: %s: k=%d  LBA=0x%llx num=%u  sg_off=%u\n",
3616                                my_name, __func__, k, lba, num, sg_off);
3617                if (num == 0)
3618                        continue;
3619                ret = check_device_access_params(scp, lba, num, true);
3620                if (ret)
3621                        goto err_out_unlock;
3622                num_by = num * lb_size;
3623                ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
3624
3625                if ((cum_lb + num) > bt_len) {
3626                        if (sdebug_verbose)
3627                                sdev_printk(KERN_INFO, scp->device,
3628                                    "%s: %s: sum of blocks > data provided\n",
3629                                    my_name, __func__);
3630                        mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
3631                                        0);
3632                        ret = illegal_condition_result;
3633                        goto err_out_unlock;
3634                }
3635
3636                /* DIX + T10 DIF */
3637                if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3638                        int prot_ret = prot_verify_write(scp, lba, num,
3639                                                         ei_lba);
3640
3641                        if (prot_ret) {
3642                                mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
3643                                                prot_ret);
3644                                ret = illegal_condition_result;
3645                                goto err_out_unlock;
3646                        }
3647                }
3648
3649                ret = do_device_access(sip, scp, sg_off, lba, num, true);
3650                /* If ZBC zone then bump its write pointer */
3651                if (sdebug_dev_is_zoned(devip))
3652                        zbc_inc_wp(devip, lba, num);
3653                if (unlikely(scsi_debug_lbp()))
3654                        map_region(sip, lba, num);
3655                if (unlikely(-1 == ret)) {
3656                        ret = DID_ERROR << 16;
3657                        goto err_out_unlock;
3658                } else if (unlikely(sdebug_verbose && (ret < num_by)))
3659                        sdev_printk(KERN_INFO, scp->device,
3660                            "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3661                            my_name, num_by, ret);
3662
3663                if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3664                             atomic_read(&sdeb_inject_pending))) {
3665                        if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3666                                mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3667                                atomic_set(&sdeb_inject_pending, 0);
3668                                ret = check_condition_result;
3669                                goto err_out_unlock;
3670                        } else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3671                                /* Logical block guard check failed */
3672                                mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3673                                atomic_set(&sdeb_inject_pending, 0);
3674                                ret = illegal_condition_result;
3675                                goto err_out_unlock;
3676                        } else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3677                                mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3678                                atomic_set(&sdeb_inject_pending, 0);
3679                                ret = illegal_condition_result;
3680                                goto err_out_unlock;
3681                        }
3682                }
3683                sg_off += num_by;
3684                cum_lb += num;
3685        }
3686        ret = 0;
3687err_out_unlock:
3688        write_unlock(macc_lckp);
3689err_out:
3690        kfree(lrdp);
3691        return ret;
3692}
3693
3694static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
3695                           u32 ei_lba, bool unmap, bool ndob)
3696{
3697        struct scsi_device *sdp = scp->device;
3698        struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3699        unsigned long long i;
3700        u64 block, lbaa;
3701        u32 lb_size = sdebug_sector_size;
3702        int ret;
3703        struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3704                                                scp->device->hostdata, true);
3705        rwlock_t *macc_lckp = &sip->macc_lck;
3706        u8 *fs1p;
3707        u8 *fsp;
3708
3709        write_lock(macc_lckp);
3710
3711        ret = check_device_access_params(scp, lba, num, true);
3712        if (ret) {
3713                write_unlock(macc_lckp);
3714                return ret;
3715        }
3716
3717        if (unmap && scsi_debug_lbp()) {
3718                unmap_region(sip, lba, num);
3719                goto out;
3720        }
3721        lbaa = lba;
3722        block = do_div(lbaa, sdebug_store_sectors);
3723        /* if ndob then zero 1 logical block, else fetch 1 logical block */
3724        fsp = sip->storep;
3725        fs1p = fsp + (block * lb_size);
3726        if (ndob) {
3727                memset(fs1p, 0, lb_size);
3728                ret = 0;
3729        } else
3730                ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
3731
3732        if (-1 == ret) {
3733                write_unlock(&sip->macc_lck);
3734                return DID_ERROR << 16;
3735        } else if (sdebug_verbose && !ndob && (ret < lb_size))
3736                sdev_printk(KERN_INFO, scp->device,
3737                            "%s: %s: lb size=%u, IO sent=%d bytes\n",
3738                            my_name, "write same", lb_size, ret);
3739
3740        /* Copy first sector to remaining blocks */
3741        for (i = 1 ; i < num ; i++) {
3742                lbaa = lba + i;
3743                block = do_div(lbaa, sdebug_store_sectors);
3744                memmove(fsp + (block * lb_size), fs1p, lb_size);
3745        }
3746        if (scsi_debug_lbp())
3747                map_region(sip, lba, num);
3748        /* If ZBC zone then bump its write pointer */
3749        if (sdebug_dev_is_zoned(devip))
3750                zbc_inc_wp(devip, lba, num);
3751out:
3752        write_unlock(macc_lckp);
3753
3754        return 0;
3755}
3756
3757static int resp_write_same_10(struct scsi_cmnd *scp,
3758                              struct sdebug_dev_info *devip)
3759{
3760        u8 *cmd = scp->cmnd;
3761        u32 lba;
3762        u16 num;
3763        u32 ei_lba = 0;
3764        bool unmap = false;
3765
3766        if (cmd[1] & 0x8) {
3767                if (sdebug_lbpws10 == 0) {
3768                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3769                        return check_condition_result;
3770                } else
3771                        unmap = true;
3772        }
3773        lba = get_unaligned_be32(cmd + 2);
3774        num = get_unaligned_be16(cmd + 7);
3775        if (num > sdebug_write_same_length) {
3776                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3777                return check_condition_result;
3778        }
3779        return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3780}
3781
3782static int resp_write_same_16(struct scsi_cmnd *scp,
3783                              struct sdebug_dev_info *devip)
3784{
3785        u8 *cmd = scp->cmnd;
3786        u64 lba;
3787        u32 num;
3788        u32 ei_lba = 0;
3789        bool unmap = false;
3790        bool ndob = false;
3791
3792        if (cmd[1] & 0x8) {     /* UNMAP */
3793                if (sdebug_lbpws == 0) {
3794                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3795                        return check_condition_result;
3796                } else
3797                        unmap = true;
3798        }
3799        if (cmd[1] & 0x1)  /* NDOB (no data-out buffer, assumes zeroes) */
3800                ndob = true;
3801        lba = get_unaligned_be64(cmd + 2);
3802        num = get_unaligned_be32(cmd + 10);
3803        if (num > sdebug_write_same_length) {
3804                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3805                return check_condition_result;
3806        }
3807        return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3808}
3809
3810/* Note the mode field is in the same position as the (lower) service action
3811 * field. For the Report supported operation codes command, SPC-4 suggests
3812 * each mode of this command should be reported separately; for future. */
3813static int resp_write_buffer(struct scsi_cmnd *scp,
3814                             struct sdebug_dev_info *devip)
3815{
3816        u8 *cmd = scp->cmnd;
3817        struct scsi_device *sdp = scp->device;
3818        struct sdebug_dev_info *dp;
3819        u8 mode;
3820
3821        mode = cmd[1] & 0x1f;
3822        switch (mode) {
3823        case 0x4:       /* download microcode (MC) and activate (ACT) */
3824                /* set UAs on this device only */
3825                set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3826                set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3827                break;
3828        case 0x5:       /* download MC, save and ACT */
3829                set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3830                break;
3831        case 0x6:       /* download MC with offsets and ACT */
3832                /* set UAs on most devices (LUs) in this target */
3833                list_for_each_entry(dp,
3834                                    &devip->sdbg_host->dev_info_list,
3835                                    dev_list)
3836                        if (dp->target == sdp->id) {
3837                                set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3838                                if (devip != dp)
3839                                        set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3840                                                dp->uas_bm);
3841                        }
3842                break;
3843        case 0x7:       /* download MC with offsets, save, and ACT */
3844                /* set UA on all devices (LUs) in this target */
3845                list_for_each_entry(dp,
3846                                    &devip->sdbg_host->dev_info_list,
3847                                    dev_list)
3848                        if (dp->target == sdp->id)
3849                                set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3850                                        dp->uas_bm);
3851                break;
3852        default:
3853                /* do nothing for this command for other mode values */
3854                break;
3855        }
3856        return 0;
3857}
3858
3859static int resp_comp_write(struct scsi_cmnd *scp,
3860                           struct sdebug_dev_info *devip)
3861{
3862        u8 *cmd = scp->cmnd;
3863        u8 *arr;
3864        struct sdeb_store_info *sip = devip2sip(devip, true);
3865        rwlock_t *macc_lckp = &sip->macc_lck;
3866        u64 lba;
3867        u32 dnum;
3868        u32 lb_size = sdebug_sector_size;
3869        u8 num;
3870        int ret;
3871        int retval = 0;
3872
3873        lba = get_unaligned_be64(cmd + 2);
3874        num = cmd[13];          /* 1 to a maximum of 255 logical blocks */
3875        if (0 == num)
3876                return 0;       /* degenerate case, not an error */
3877        if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3878            (cmd[1] & 0xe0)) {
3879                mk_sense_invalid_opcode(scp);
3880                return check_condition_result;
3881        }
3882        if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3883             sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3884            (cmd[1] & 0xe0) == 0)
3885                sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3886                            "to DIF device\n");
3887        ret = check_device_access_params(scp, lba, num, false);
3888        if (ret)
3889                return ret;
3890        dnum = 2 * num;
3891        arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
3892        if (NULL == arr) {
3893                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3894                                INSUFF_RES_ASCQ);
3895                return check_condition_result;
3896        }
3897
3898        write_lock(macc_lckp);
3899
3900        ret = do_dout_fetch(scp, dnum, arr);
3901        if (ret == -1) {
3902                retval = DID_ERROR << 16;
3903                goto cleanup;
3904        } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3905                sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3906                            "indicated=%u, IO sent=%d bytes\n", my_name,
3907                            dnum * lb_size, ret);
3908        if (!comp_write_worker(sip, lba, num, arr, false)) {
3909                mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3910                retval = check_condition_result;
3911                goto cleanup;
3912        }
3913        if (scsi_debug_lbp())
3914                map_region(sip, lba, num);
3915cleanup:
3916        write_unlock(macc_lckp);
3917        kfree(arr);
3918        return retval;
3919}
3920
3921struct unmap_block_desc {
3922        __be64  lba;
3923        __be32  blocks;
3924        __be32  __reserved;
3925};
3926
3927static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3928{
3929        unsigned char *buf;
3930        struct unmap_block_desc *desc;
3931        struct sdeb_store_info *sip = devip2sip(devip, true);
3932        rwlock_t *macc_lckp = &sip->macc_lck;
3933        unsigned int i, payload_len, descriptors;
3934        int ret;
3935
3936        if (!scsi_debug_lbp())
3937                return 0;       /* fib and say its done */
3938        payload_len = get_unaligned_be16(scp->cmnd + 7);
3939        BUG_ON(scsi_bufflen(scp) != payload_len);
3940
3941        descriptors = (payload_len - 8) / 16;
3942        if (descriptors > sdebug_unmap_max_desc) {
3943                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3944                return check_condition_result;
3945        }
3946
3947        buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3948        if (!buf) {
3949                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3950                                INSUFF_RES_ASCQ);
3951                return check_condition_result;
3952        }
3953
3954        scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3955
3956        BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3957        BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3958
3959        desc = (void *)&buf[8];
3960
3961        write_lock(macc_lckp);
3962
3963        for (i = 0 ; i < descriptors ; i++) {
3964                unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3965                unsigned int num = get_unaligned_be32(&desc[i].blocks);
3966
3967                ret = check_device_access_params(scp, lba, num, true);
3968                if (ret)
3969                        goto out;
3970
3971                unmap_region(sip, lba, num);
3972        }
3973
3974        ret = 0;
3975
3976out:
3977        write_unlock(macc_lckp);
3978        kfree(buf);
3979
3980        return ret;
3981}
3982
3983#define SDEBUG_GET_LBA_STATUS_LEN 32
3984
3985static int resp_get_lba_status(struct scsi_cmnd *scp,
3986                               struct sdebug_dev_info *devip)
3987{
3988        u8 *cmd = scp->cmnd;
3989        u64 lba;
3990        u32 alloc_len, mapped, num;
3991        int ret;
3992        u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3993
3994        lba = get_unaligned_be64(cmd + 2);
3995        alloc_len = get_unaligned_be32(cmd + 10);
3996
3997        if (alloc_len < 24)
3998                return 0;
3999
4000        ret = check_device_access_params(scp, lba, 1, false);
4001        if (ret)
4002                return ret;
4003
4004        if (scsi_debug_lbp()) {
4005                struct sdeb_store_info *sip = devip2sip(devip, true);
4006
4007                mapped = map_state(sip, lba, &num);
4008        } else {
4009                mapped = 1;
4010                /* following just in case virtual_gb changed */
4011                sdebug_capacity = get_sdebug_capacity();
4012                if (sdebug_capacity - lba <= 0xffffffff)
4013                        num = sdebug_capacity - lba;
4014                else
4015                        num = 0xffffffff;
4016        }
4017
4018        memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
4019        put_unaligned_be32(20, arr);            /* Parameter Data Length */
4020        put_unaligned_be64(lba, arr + 8);       /* LBA */
4021        put_unaligned_be32(num, arr + 16);      /* Number of blocks */
4022        arr[20] = !mapped;              /* prov_stat=0: mapped; 1: dealloc */
4023
4024        return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
4025}
4026
4027static int resp_sync_cache(struct scsi_cmnd *scp,
4028                           struct sdebug_dev_info *devip)
4029{
4030        int res = 0;
4031        u64 lba;
4032        u32 num_blocks;
4033        u8 *cmd = scp->cmnd;
4034
4035        if (cmd[0] == SYNCHRONIZE_CACHE) {      /* 10 byte cdb */
4036                lba = get_unaligned_be32(cmd + 2);
4037                num_blocks = get_unaligned_be16(cmd + 7);
4038        } else {                                /* SYNCHRONIZE_CACHE(16) */
4039                lba = get_unaligned_be64(cmd + 2);
4040                num_blocks = get_unaligned_be32(cmd + 10);
4041        }
4042        if (lba + num_blocks > sdebug_capacity) {
4043                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4044                return check_condition_result;
4045        }
4046        if (!write_since_sync || (cmd[1] & 0x2))
4047                res = SDEG_RES_IMMED_MASK;
4048        else            /* delay if write_since_sync and IMMED clear */
4049                write_since_sync = false;
4050        return res;
4051}
4052
4053/*
4054 * Assuming the LBA+num_blocks is not out-of-range, this function will return
4055 * CONDITION MET if the specified blocks will/have fitted in the cache, and
4056 * a GOOD status otherwise. Model a disk with a big cache and yield
4057 * CONDITION MET. Actually tries to bring range in main memory into the
4058 * cache associated with the CPU(s).
4059 */
4060static int resp_pre_fetch(struct scsi_cmnd *scp,
4061                          struct sdebug_dev_info *devip)
4062{
4063        int res = 0;
4064        u64 lba;
4065        u64 block, rest = 0;
4066        u32 nblks;
4067        u8 *cmd = scp->cmnd;
4068        struct sdeb_store_info *sip = devip2sip(devip, true);
4069        rwlock_t *macc_lckp = &sip->macc_lck;
4070        u8 *fsp = sip->storep;
4071
4072        if (cmd[0] == PRE_FETCH) {      /* 10 byte cdb */
4073                lba = get_unaligned_be32(cmd + 2);
4074                nblks = get_unaligned_be16(cmd + 7);
4075        } else {                        /* PRE-FETCH(16) */
4076                lba = get_unaligned_be64(cmd + 2);
4077                nblks = get_unaligned_be32(cmd + 10);
4078        }
4079        if (lba + nblks > sdebug_capacity) {
4080                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4081                return check_condition_result;
4082        }
4083        if (!fsp)
4084                goto fini;
4085        /* PRE-FETCH spec says nothing about LBP or PI so skip them */
4086        block = do_div(lba, sdebug_store_sectors);
4087        if (block + nblks > sdebug_store_sectors)
4088                rest = block + nblks - sdebug_store_sectors;
4089
4090        /* Try to bring the PRE-FETCH range into CPU's cache */
4091        read_lock(macc_lckp);
4092        prefetch_range(fsp + (sdebug_sector_size * block),
4093                       (nblks - rest) * sdebug_sector_size);
4094        if (rest)
4095                prefetch_range(fsp, rest * sdebug_sector_size);
4096        read_unlock(macc_lckp);
4097fini:
4098        if (cmd[1] & 0x2)
4099                res = SDEG_RES_IMMED_MASK;
4100        return res | condition_met_result;
4101}
4102
4103#define RL_BUCKET_ELEMS 8
4104
4105/* Even though each pseudo target has a REPORT LUNS "well known logical unit"
4106 * (W-LUN), the normal Linux scanning logic does not associate it with a
4107 * device (e.g. /dev/sg7). The following magic will make that association:
4108 *   "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
4109 * where <n> is a host number. If there are multiple targets in a host then
4110 * the above will associate a W-LUN to each target. To only get a W-LUN
4111 * for target 2, then use "echo '- 2 49409' > scan" .
4112 */
4113static int resp_report_luns(struct scsi_cmnd *scp,
4114                            struct sdebug_dev_info *devip)
4115{
4116        unsigned char *cmd = scp->cmnd;
4117        unsigned int alloc_len;
4118        unsigned char select_report;
4119        u64 lun;
4120        struct scsi_lun *lun_p;
4121        u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
4122        unsigned int lun_cnt;   /* normal LUN count (max: 256) */
4123        unsigned int wlun_cnt;  /* report luns W-LUN count */
4124        unsigned int tlun_cnt;  /* total LUN count */
4125        unsigned int rlen;      /* response length (in bytes) */
4126        int k, j, n, res;
4127        unsigned int off_rsp = 0;
4128        const int sz_lun = sizeof(struct scsi_lun);
4129
4130        clear_luns_changed_on_target(devip);
4131
4132        select_report = cmd[2];
4133        alloc_len = get_unaligned_be32(cmd + 6);
4134
4135        if (alloc_len < 4) {
4136                pr_err("alloc len too small %d\n", alloc_len);
4137                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
4138                return check_condition_result;
4139        }
4140
4141        switch (select_report) {
4142        case 0:         /* all LUNs apart from W-LUNs */
4143                lun_cnt = sdebug_max_luns;
4144                wlun_cnt = 0;
4145                break;
4146        case 1:         /* only W-LUNs */
4147                lun_cnt = 0;
4148                wlun_cnt = 1;
4149                break;
4150        case 2:         /* all LUNs */
4151                lun_cnt = sdebug_max_luns;
4152                wlun_cnt = 1;
4153                break;
4154        case 0x10:      /* only administrative LUs */
4155        case 0x11:      /* see SPC-5 */
4156        case 0x12:      /* only subsiduary LUs owned by referenced LU */
4157        default:
4158                pr_debug("select report invalid %d\n", select_report);
4159                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
4160                return check_condition_result;
4161        }
4162
4163        if (sdebug_no_lun_0 && (lun_cnt > 0))
4164                --lun_cnt;
4165
4166        tlun_cnt = lun_cnt + wlun_cnt;
4167        rlen = tlun_cnt * sz_lun;       /* excluding 8 byte header */
4168        scsi_set_resid(scp, scsi_bufflen(scp));
4169        pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
4170                 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
4171
4172        /* loops rely on sizeof response header same as sizeof lun (both 8) */
4173        lun = sdebug_no_lun_0 ? 1 : 0;
4174        for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
4175                memset(arr, 0, sizeof(arr));
4176                lun_p = (struct scsi_lun *)&arr[0];
4177                if (k == 0) {
4178                        put_unaligned_be32(rlen, &arr[0]);
4179                        ++lun_p;
4180                        j = 1;
4181                }
4182                for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
4183                        if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
4184                                break;
4185                        int_to_scsilun(lun++, lun_p);
4186                        if (lun > 1 && sdebug_lun_am == SAM_LUN_AM_FLAT)
4187                                lun_p->scsi_lun[0] |= 0x40;
4188                }
4189                if (j < RL_BUCKET_ELEMS)
4190                        break;
4191                n = j * sz_lun;
4192                res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
4193                if (res)
4194                        return res;
4195                off_rsp += n;
4196        }
4197        if (wlun_cnt) {
4198                int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
4199                ++j;
4200        }
4201        if (j > 0)
4202                res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
4203        return res;
4204}
4205
4206static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4207{
4208        bool is_bytchk3 = false;
4209        u8 bytchk;
4210        int ret, j;
4211        u32 vnum, a_num, off;
4212        const u32 lb_size = sdebug_sector_size;
4213        u64 lba;
4214        u8 *arr;
4215        u8 *cmd = scp->cmnd;
4216        struct sdeb_store_info *sip = devip2sip(devip, true);
4217        rwlock_t *macc_lckp = &sip->macc_lck;
4218
4219        bytchk = (cmd[1] >> 1) & 0x3;
4220        if (bytchk == 0) {
4221                return 0;       /* always claim internal verify okay */
4222        } else if (bytchk == 2) {
4223                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
4224                return check_condition_result;
4225        } else if (bytchk == 3) {
4226                is_bytchk3 = true;      /* 1 block sent, compared repeatedly */
4227        }
4228        switch (cmd[0]) {
4229        case VERIFY_16:
4230                lba = get_unaligned_be64(cmd + 2);
4231                vnum = get_unaligned_be32(cmd + 10);
4232                break;
4233        case VERIFY:            /* is VERIFY(10) */
4234                lba = get_unaligned_be32(cmd + 2);
4235                vnum = get_unaligned_be16(cmd + 7);
4236                break;
4237        default:
4238                mk_sense_invalid_opcode(scp);
4239                return check_condition_result;
4240        }
4241        a_num = is_bytchk3 ? 1 : vnum;
4242        /* Treat following check like one for read (i.e. no write) access */
4243        ret = check_device_access_params(scp, lba, a_num, false);
4244        if (ret)
4245                return ret;
4246
4247        arr = kcalloc(lb_size, vnum, GFP_ATOMIC);
4248        if (!arr) {
4249                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4250                                INSUFF_RES_ASCQ);
4251                return check_condition_result;
4252        }
4253        /* Not changing store, so only need read access */
4254        read_lock(macc_lckp);
4255
4256        ret = do_dout_fetch(scp, a_num, arr);
4257        if (ret == -1) {
4258                ret = DID_ERROR << 16;
4259                goto cleanup;
4260        } else if (sdebug_verbose && (ret < (a_num * lb_size))) {
4261                sdev_printk(KERN_INFO, scp->device,
4262                            "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
4263                            my_name, __func__, a_num * lb_size, ret);
4264        }
4265        if (is_bytchk3) {
4266                for (j = 1, off = lb_size; j < vnum; ++j, off += lb_size)
4267                        memcpy(arr + off, arr, lb_size);
4268        }
4269        ret = 0;
4270        if (!comp_write_worker(sip, lba, vnum, arr, true)) {
4271                mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4272                ret = check_condition_result;
4273                goto cleanup;
4274        }
4275cleanup:
4276        read_unlock(macc_lckp);
4277        kfree(arr);
4278        return ret;
4279}
4280
4281#define RZONES_DESC_HD 64
4282
4283/* Report zones depending on start LBA nad reporting options */
4284static int resp_report_zones(struct scsi_cmnd *scp,
4285                             struct sdebug_dev_info *devip)
4286{
4287        unsigned int i, max_zones, rep_max_zones, nrz = 0;
4288        int ret = 0;
4289        u32 alloc_len, rep_opts, rep_len;
4290        bool partial;
4291        u64 lba, zs_lba;
4292        u8 *arr = NULL, *desc;