xref: /linux/drivers/scsi/scsi_debug.c (revision 5c2e7736e20d9b348a44cafbfa639fe2653fbc34)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
4  *  Copyright (C) 1992  Eric Youngdale
5  *  Simulate a host adapter with 2 disks attached.  Do a lot of checking
6  *  to make sure that we are not getting blocks mixed up, and PANIC if
7  *  anything out of the ordinary is seen.
8  * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9  *
10  * Copyright (C) 2001 - 2021 Douglas Gilbert
11  *
12  *  For documentation see http://sg.danny.cz/sg/scsi_debug.html
13  */
14 
15 
16 #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
17 
18 #include <linux/module.h>
19 #include <linux/align.h>
20 #include <linux/kernel.h>
21 #include <linux/errno.h>
22 #include <linux/jiffies.h>
23 #include <linux/slab.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
26 #include <linux/fs.h>
27 #include <linux/init.h>
28 #include <linux/proc_fs.h>
29 #include <linux/vmalloc.h>
30 #include <linux/moduleparam.h>
31 #include <linux/scatterlist.h>
32 #include <linux/blkdev.h>
33 #include <linux/crc-t10dif.h>
34 #include <linux/spinlock.h>
35 #include <linux/interrupt.h>
36 #include <linux/atomic.h>
37 #include <linux/hrtimer.h>
38 #include <linux/uuid.h>
39 #include <linux/t10-pi.h>
40 #include <linux/msdos_partition.h>
41 #include <linux/random.h>
42 #include <linux/xarray.h>
43 #include <linux/prefetch.h>
44 #include <linux/debugfs.h>
45 #include <linux/async.h>
46 #include <linux/cleanup.h>
47 
48 #include <net/checksum.h>
49 
50 #include <linux/unaligned.h>
51 
52 #include <scsi/scsi.h>
53 #include <scsi/scsi_cmnd.h>
54 #include <scsi/scsi_device.h>
55 #include <scsi/scsi_host.h>
56 #include <scsi/scsicam.h>
57 #include <scsi/scsi_eh.h>
58 #include <scsi/scsi_tcq.h>
59 #include <scsi/scsi_dbg.h>
60 
61 #include "sd.h"
62 #include "scsi_logging.h"
63 
64 /* make sure inq_product_rev string corresponds to this version */
65 #define SDEBUG_VERSION "0191"	/* format to fit INQUIRY revision field */
66 static const char *sdebug_version_date = "20210520";
67 
68 #define MY_NAME "scsi_debug"
69 
70 /* Additional Sense Code (ASC) */
71 #define NO_ADDITIONAL_SENSE 0x0
72 #define OVERLAP_ATOMIC_COMMAND_ASC 0x0
73 #define OVERLAP_ATOMIC_COMMAND_ASCQ 0x23
74 #define LOGICAL_UNIT_NOT_READY 0x4
75 #define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
76 #define UNRECOVERED_READ_ERR 0x11
77 #define PARAMETER_LIST_LENGTH_ERR 0x1a
78 #define INVALID_OPCODE 0x20
79 #define LBA_OUT_OF_RANGE 0x21
80 #define INVALID_FIELD_IN_CDB 0x24
81 #define INVALID_FIELD_IN_PARAM_LIST 0x26
82 #define WRITE_PROTECTED 0x27
83 #define UA_RESET_ASC 0x29
84 #define UA_CHANGED_ASC 0x2a
85 #define TARGET_CHANGED_ASC 0x3f
86 #define LUNS_CHANGED_ASCQ 0x0e
87 #define INSUFF_RES_ASC 0x55
88 #define INSUFF_RES_ASCQ 0x3
89 #define POWER_ON_RESET_ASCQ 0x0
90 #define POWER_ON_OCCURRED_ASCQ 0x1
91 #define BUS_RESET_ASCQ 0x2	/* scsi bus reset occurred */
92 #define MODE_CHANGED_ASCQ 0x1	/* mode parameters changed */
93 #define CAPACITY_CHANGED_ASCQ 0x9
94 #define SAVING_PARAMS_UNSUP 0x39
95 #define TRANSPORT_PROBLEM 0x4b
96 #define THRESHOLD_EXCEEDED 0x5d
97 #define LOW_POWER_COND_ON 0x5e
98 #define MISCOMPARE_VERIFY_ASC 0x1d
99 #define MICROCODE_CHANGED_ASCQ 0x1	/* with TARGET_CHANGED_ASC */
100 #define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
101 #define WRITE_ERROR_ASC 0xc
102 #define UNALIGNED_WRITE_ASCQ 0x4
103 #define WRITE_BOUNDARY_ASCQ 0x5
104 #define READ_INVDATA_ASCQ 0x6
105 #define READ_BOUNDARY_ASCQ 0x7
106 #define ATTEMPT_ACCESS_GAP 0x9
107 #define INSUFF_ZONE_ASCQ 0xe
108 /* see drivers/scsi/sense_codes.h */
109 
110 /* Additional Sense Code Qualifier (ASCQ) */
111 #define ACK_NAK_TO 0x3
112 
113 /* Default values for driver parameters */
114 #define DEF_NUM_HOST   1
115 #define DEF_NUM_TGTS   1
116 #define DEF_MAX_LUNS   1
117 /* With these defaults, this driver will make 1 host with 1 target
118  * (id 0) containing 1 logical unit (lun 0). That is 1 device.
119  */
120 #define DEF_ATO 1
121 #define DEF_CDB_LEN 10
122 #define DEF_JDELAY   1		/* if > 0 unit is a jiffy */
123 #define DEF_DEV_SIZE_PRE_INIT   0
124 #define DEF_DEV_SIZE_MB   8
125 #define DEF_ZBC_DEV_SIZE_MB   128
126 #define DEF_DIF 0
127 #define DEF_DIX 0
128 #define DEF_PER_HOST_STORE false
129 #define DEF_D_SENSE   0
130 #define DEF_EVERY_NTH   0
131 #define DEF_FAKE_RW	0
132 #define DEF_GUARD 0
133 #define DEF_HOST_LOCK 0
134 #define DEF_LBPU 0
135 #define DEF_LBPWS 0
136 #define DEF_LBPWS10 0
137 #define DEF_LBPRZ 1
138 #define DEF_LOWEST_ALIGNED 0
139 #define DEF_NDELAY   0		/* if > 0 unit is a nanosecond */
140 #define DEF_NO_LUN_0   0
141 #define DEF_NUM_PARTS   0
142 #define DEF_OPTS   0
143 #define DEF_OPT_BLKS 1024
144 #define DEF_PHYSBLK_EXP 0
145 #define DEF_OPT_XFERLEN_EXP 0
146 #define DEF_PTYPE   TYPE_DISK
147 #define DEF_RANDOM false
148 #define DEF_REMOVABLE false
149 #define DEF_SCSI_LEVEL   7    /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
150 #define DEF_SECTOR_SIZE 512
151 #define DEF_UNMAP_ALIGNMENT 0
152 #define DEF_UNMAP_GRANULARITY 1
153 #define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
154 #define DEF_UNMAP_MAX_DESC 256
155 #define DEF_VIRTUAL_GB   0
156 #define DEF_VPD_USE_HOSTNO 1
157 #define DEF_WRITESAME_LENGTH 0xFFFF
158 #define DEF_ATOMIC_WR 0
159 #define DEF_ATOMIC_WR_MAX_LENGTH 8192
160 #define DEF_ATOMIC_WR_ALIGN 2
161 #define DEF_ATOMIC_WR_GRAN 2
162 #define DEF_ATOMIC_WR_MAX_LENGTH_BNDRY (DEF_ATOMIC_WR_MAX_LENGTH)
163 #define DEF_ATOMIC_WR_MAX_BNDRY 128
164 #define DEF_STRICT 0
165 #define DEF_STATISTICS false
166 #define DEF_SUBMIT_QUEUES 1
167 #define DEF_TUR_MS_TO_READY 0
168 #define DEF_UUID_CTL 0
169 #define JDELAY_OVERRIDDEN -9999
170 
171 /* Default parameters for ZBC drives */
172 #define DEF_ZBC_ZONE_SIZE_MB	128
173 #define DEF_ZBC_MAX_OPEN_ZONES	8
174 #define DEF_ZBC_NR_CONV_ZONES	1
175 
176 #define SDEBUG_LUN_0_VAL 0
177 
178 /* bit mask values for sdebug_opts */
179 #define SDEBUG_OPT_NOISE		1
180 #define SDEBUG_OPT_MEDIUM_ERR		2
181 #define SDEBUG_OPT_TIMEOUT		4
182 #define SDEBUG_OPT_RECOVERED_ERR	8
183 #define SDEBUG_OPT_TRANSPORT_ERR	16
184 #define SDEBUG_OPT_DIF_ERR		32
185 #define SDEBUG_OPT_DIX_ERR		64
186 #define SDEBUG_OPT_MAC_TIMEOUT		128
187 #define SDEBUG_OPT_SHORT_TRANSFER	0x100
188 #define SDEBUG_OPT_Q_NOISE		0x200
189 #define SDEBUG_OPT_ALL_TSF		0x400	/* ignore */
190 #define SDEBUG_OPT_RARE_TSF		0x800
191 #define SDEBUG_OPT_N_WCE		0x1000
192 #define SDEBUG_OPT_RESET_NOISE		0x2000
193 #define SDEBUG_OPT_NO_CDB_NOISE		0x4000
194 #define SDEBUG_OPT_HOST_BUSY		0x8000
195 #define SDEBUG_OPT_CMD_ABORT		0x10000
196 #define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
197 			      SDEBUG_OPT_RESET_NOISE)
198 #define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
199 				  SDEBUG_OPT_TRANSPORT_ERR | \
200 				  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
201 				  SDEBUG_OPT_SHORT_TRANSFER | \
202 				  SDEBUG_OPT_HOST_BUSY | \
203 				  SDEBUG_OPT_CMD_ABORT)
204 #define SDEBUG_OPT_RECOV_DIF_DIX (SDEBUG_OPT_RECOVERED_ERR | \
205 				  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR)
206 
207 /* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
208  * priority order. In the subset implemented here lower numbers have higher
209  * priority. The UA numbers should be a sequence starting from 0 with
210  * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
211 #define SDEBUG_UA_POR 0		/* Power on, reset, or bus device reset */
212 #define SDEBUG_UA_POOCCUR 1	/* Power on occurred */
213 #define SDEBUG_UA_BUS_RESET 2
214 #define SDEBUG_UA_MODE_CHANGED 3
215 #define SDEBUG_UA_CAPACITY_CHANGED 4
216 #define SDEBUG_UA_LUNS_CHANGED 5
217 #define SDEBUG_UA_MICROCODE_CHANGED 6	/* simulate firmware change */
218 #define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 7
219 #define SDEBUG_NUM_UAS 8
220 
221 /* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
222  * sector on read commands: */
223 #define OPT_MEDIUM_ERR_ADDR   0x1234 /* that's sector 4660 in decimal */
224 #define OPT_MEDIUM_ERR_NUM    10     /* number of consecutive medium errs */
225 
226 /* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
227  * (for response) per submit queue at one time. Can be reduced by max_queue
228  * option. Command responses are not queued when jdelay=0 and ndelay=0. The
229  * per-device DEF_CMD_PER_LUN can be changed via sysfs:
230  * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
231  * but cannot exceed SDEBUG_CANQUEUE .
232  */
233 #define SDEBUG_CANQUEUE_WORDS  3	/* a WORD is bits in a long */
234 #define SDEBUG_CANQUEUE  (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
235 #define DEF_CMD_PER_LUN  SDEBUG_CANQUEUE
236 
237 /* UA - Unit Attention; SA - Service Action; SSU - Start Stop Unit */
238 #define F_D_IN			1	/* Data-in command (e.g. READ) */
239 #define F_D_OUT			2	/* Data-out command (e.g. WRITE) */
240 #define F_D_OUT_MAYBE		4	/* WRITE SAME, NDOB bit */
241 #define F_D_UNKN		8
242 #define F_RL_WLUN_OK		0x10	/* allowed with REPORT LUNS W-LUN */
243 #define F_SKIP_UA		0x20	/* bypass UAs (e.g. INQUIRY command) */
244 #define F_DELAY_OVERR		0x40	/* for commands like INQUIRY */
245 #define F_SA_LOW		0x80	/* SA is in cdb byte 1, bits 4 to 0 */
246 #define F_SA_HIGH		0x100	/* SA is in cdb bytes 8 and 9 */
247 #define F_INV_OP		0x200	/* invalid opcode (not supported) */
248 #define F_FAKE_RW		0x400	/* bypass resp_*() when fake_rw set */
249 #define F_M_ACCESS		0x800	/* media access, reacts to SSU state */
250 #define F_SSU_DELAY		0x1000	/* SSU command delay (long-ish) */
251 #define F_SYNC_DELAY		0x2000	/* SYNCHRONIZE CACHE delay */
252 
253 /* Useful combinations of the above flags */
254 #define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
255 #define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
256 #define FF_SA (F_SA_HIGH | F_SA_LOW)
257 #define F_LONG_DELAY		(F_SSU_DELAY | F_SYNC_DELAY)
258 
259 #define SDEBUG_MAX_PARTS 4
260 
261 #define SDEBUG_MAX_CMD_LEN 32
262 
263 #define SDEB_XA_NOT_IN_USE XA_MARK_1
264 
265 static struct kmem_cache *queued_cmd_cache;
266 
267 #define TO_QUEUED_CMD(scmd)  ((void *)(scmd)->host_scribble)
268 #define ASSIGN_QUEUED_CMD(scmnd, qc) { (scmnd)->host_scribble = (void *) qc; }
269 
270 /* Zone types (zbcr05 table 25) */
271 enum sdebug_z_type {
272 	ZBC_ZTYPE_CNV	= 0x1,
273 	ZBC_ZTYPE_SWR	= 0x2,
274 	ZBC_ZTYPE_SWP	= 0x3,
275 	/* ZBC_ZTYPE_SOBR = 0x4, */
276 	ZBC_ZTYPE_GAP	= 0x5,
277 };
278 
279 /* enumeration names taken from table 26, zbcr05 */
280 enum sdebug_z_cond {
281 	ZBC_NOT_WRITE_POINTER	= 0x0,
282 	ZC1_EMPTY		= 0x1,
283 	ZC2_IMPLICIT_OPEN	= 0x2,
284 	ZC3_EXPLICIT_OPEN	= 0x3,
285 	ZC4_CLOSED		= 0x4,
286 	ZC6_READ_ONLY		= 0xd,
287 	ZC5_FULL		= 0xe,
288 	ZC7_OFFLINE		= 0xf,
289 };
290 
291 struct sdeb_zone_state {	/* ZBC: per zone state */
292 	enum sdebug_z_type z_type;
293 	enum sdebug_z_cond z_cond;
294 	bool z_non_seq_resource;
295 	unsigned int z_size;
296 	sector_t z_start;
297 	sector_t z_wp;
298 };
299 
300 enum sdebug_err_type {
301 	ERR_TMOUT_CMD		= 0,	/* make specific scsi command timeout */
302 	ERR_FAIL_QUEUE_CMD	= 1,	/* make specific scsi command's */
303 					/* queuecmd return failed */
304 	ERR_FAIL_CMD		= 2,	/* make specific scsi command's */
305 					/* queuecmd return succeed but */
306 					/* with errors set in scsi_cmnd */
307 	ERR_ABORT_CMD_FAILED	= 3,	/* control return FAILED from */
308 					/* scsi_debug_abort() */
309 	ERR_LUN_RESET_FAILED	= 4,	/* control return FAILED from */
310 					/* scsi_debug_device_reseLUN_RESET_FAILEDt() */
311 };
312 
313 struct sdebug_err_inject {
314 	int type;
315 	struct list_head list;
316 	int cnt;
317 	unsigned char cmd;
318 	struct rcu_head rcu;
319 
320 	union {
321 		/*
322 		 * For ERR_FAIL_QUEUE_CMD
323 		 */
324 		int queuecmd_ret;
325 
326 		/*
327 		 * For ERR_FAIL_CMD
328 		 */
329 		struct {
330 			unsigned char host_byte;
331 			unsigned char driver_byte;
332 			unsigned char status_byte;
333 			unsigned char sense_key;
334 			unsigned char asc;
335 			unsigned char asq;
336 		};
337 	};
338 };
339 
340 struct sdebug_dev_info {
341 	struct list_head dev_list;
342 	unsigned int channel;
343 	unsigned int target;
344 	u64 lun;
345 	uuid_t lu_name;
346 	struct sdebug_host_info *sdbg_host;
347 	unsigned long uas_bm[1];
348 	atomic_t stopped;	/* 1: by SSU, 2: device start */
349 	bool used;
350 
351 	/* For ZBC devices */
352 	bool zoned;
353 	unsigned int zcap;
354 	unsigned int zsize;
355 	unsigned int zsize_shift;
356 	unsigned int nr_zones;
357 	unsigned int nr_conv_zones;
358 	unsigned int nr_seq_zones;
359 	unsigned int nr_imp_open;
360 	unsigned int nr_exp_open;
361 	unsigned int nr_closed;
362 	unsigned int max_open;
363 	ktime_t create_ts;	/* time since bootup that this device was created */
364 	struct sdeb_zone_state *zstate;
365 
366 	struct dentry *debugfs_entry;
367 	struct spinlock list_lock;
368 	struct list_head inject_err_list;
369 };
370 
371 struct sdebug_target_info {
372 	bool reset_fail;
373 	struct dentry *debugfs_entry;
374 };
375 
376 struct sdebug_host_info {
377 	struct list_head host_list;
378 	int si_idx;	/* sdeb_store_info (per host) xarray index */
379 	struct Scsi_Host *shost;
380 	struct device dev;
381 	struct list_head dev_info_list;
382 };
383 
384 /* There is an xarray of pointers to this struct's objects, one per host */
385 struct sdeb_store_info {
386 	rwlock_t macc_data_lck;	/* for media data access on this store */
387 	rwlock_t macc_meta_lck;	/* for atomic media meta access on this store */
388 	rwlock_t macc_sector_lck;	/* per-sector media data access on this store */
389 	u8 *storep;		/* user data storage (ram) */
390 	struct t10_pi_tuple *dif_storep; /* protection info */
391 	void *map_storep;	/* provisioning map */
392 };
393 
394 #define dev_to_sdebug_host(d)	\
395 	container_of(d, struct sdebug_host_info, dev)
396 
397 #define shost_to_sdebug_host(shost)	\
398 	dev_to_sdebug_host(shost->dma_dev)
399 
400 enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
401 		      SDEB_DEFER_WQ = 2, SDEB_DEFER_POLL = 3};
402 
403 struct sdebug_defer {
404 	struct hrtimer hrt;
405 	struct execute_work ew;
406 	ktime_t cmpl_ts;/* time since boot to complete this cmd */
407 	int issuing_cpu;
408 	bool aborted;	/* true when blk_abort_request() already called */
409 	enum sdeb_defer_type defer_t;
410 };
411 
412 struct sdebug_device_access_info {
413 	bool atomic_write;
414 	u64 lba;
415 	u32 num;
416 	struct scsi_cmnd *self;
417 };
418 
419 struct sdebug_queued_cmd {
420 	/* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
421 	 * instance indicates this slot is in use.
422 	 */
423 	struct sdebug_defer sd_dp;
424 	struct scsi_cmnd *scmd;
425 	struct sdebug_device_access_info *i;
426 };
427 
428 struct sdebug_scsi_cmd {
429 	spinlock_t   lock;
430 };
431 
432 static atomic_t sdebug_cmnd_count;   /* number of incoming commands */
433 static atomic_t sdebug_completions;  /* count of deferred completions */
434 static atomic_t sdebug_miss_cpus;    /* submission + completion cpus differ */
435 static atomic_t sdebug_a_tsf;	     /* 'almost task set full' counter */
436 static atomic_t sdeb_inject_pending;
437 static atomic_t sdeb_mq_poll_count;  /* bumped when mq_poll returns > 0 */
438 
439 struct opcode_info_t {
440 	u8 num_attached;	/* 0 if this is it (i.e. a leaf); use 0xff */
441 				/* for terminating element */
442 	u8 opcode;		/* if num_attached > 0, preferred */
443 	u16 sa;			/* service action */
444 	u32 flags;		/* OR-ed set of SDEB_F_* */
445 	int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
446 	const struct opcode_info_t *arrp;  /* num_attached elements or NULL */
447 	u8 len_mask[16];	/* len_mask[0]-->cdb_len, then mask for cdb */
448 				/* 1 to min(cdb_len, 15); ignore cdb[15...] */
449 };
450 
451 /* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
452 enum sdeb_opcode_index {
453 	SDEB_I_INVALID_OPCODE =	0,
454 	SDEB_I_INQUIRY = 1,
455 	SDEB_I_REPORT_LUNS = 2,
456 	SDEB_I_REQUEST_SENSE = 3,
457 	SDEB_I_TEST_UNIT_READY = 4,
458 	SDEB_I_MODE_SENSE = 5,		/* 6, 10 */
459 	SDEB_I_MODE_SELECT = 6,		/* 6, 10 */
460 	SDEB_I_LOG_SENSE = 7,
461 	SDEB_I_READ_CAPACITY = 8,	/* 10; 16 is in SA_IN(16) */
462 	SDEB_I_READ = 9,		/* 6, 10, 12, 16 */
463 	SDEB_I_WRITE = 10,		/* 6, 10, 12, 16 */
464 	SDEB_I_START_STOP = 11,
465 	SDEB_I_SERV_ACT_IN_16 = 12,	/* add ...SERV_ACT_IN_12 if needed */
466 	SDEB_I_SERV_ACT_OUT_16 = 13,	/* add ...SERV_ACT_OUT_12 if needed */
467 	SDEB_I_MAINT_IN = 14,
468 	SDEB_I_MAINT_OUT = 15,
469 	SDEB_I_VERIFY = 16,		/* VERIFY(10), VERIFY(16) */
470 	SDEB_I_VARIABLE_LEN = 17,	/* READ(32), WRITE(32), WR_SCAT(32) */
471 	SDEB_I_RESERVE = 18,		/* 6, 10 */
472 	SDEB_I_RELEASE = 19,		/* 6, 10 */
473 	SDEB_I_ALLOW_REMOVAL = 20,	/* PREVENT ALLOW MEDIUM REMOVAL */
474 	SDEB_I_REZERO_UNIT = 21,	/* REWIND in SSC */
475 	SDEB_I_ATA_PT = 22,		/* 12, 16 */
476 	SDEB_I_SEND_DIAG = 23,
477 	SDEB_I_UNMAP = 24,
478 	SDEB_I_WRITE_BUFFER = 25,
479 	SDEB_I_WRITE_SAME = 26,		/* 10, 16 */
480 	SDEB_I_SYNC_CACHE = 27,		/* 10, 16 */
481 	SDEB_I_COMP_WRITE = 28,
482 	SDEB_I_PRE_FETCH = 29,		/* 10, 16 */
483 	SDEB_I_ZONE_OUT = 30,		/* 0x94+SA; includes no data xfer */
484 	SDEB_I_ZONE_IN = 31,		/* 0x95+SA; all have data-in */
485 	SDEB_I_ATOMIC_WRITE_16 = 32,
486 	SDEB_I_LAST_ELEM_P1 = 33,	/* keep this last (previous + 1) */
487 };
488 
489 
490 static const unsigned char opcode_ind_arr[256] = {
491 /* 0x0; 0x0->0x1f: 6 byte cdbs */
492 	SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
493 	    0, 0, 0, 0,
494 	SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
495 	0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
496 	    SDEB_I_RELEASE,
497 	0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
498 	    SDEB_I_ALLOW_REMOVAL, 0,
499 /* 0x20; 0x20->0x3f: 10 byte cdbs */
500 	0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
501 	SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
502 	0, 0, 0, 0, SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, 0,
503 	0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
504 /* 0x40; 0x40->0x5f: 10 byte cdbs */
505 	0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
506 	0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
507 	0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
508 	    SDEB_I_RELEASE,
509 	0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
510 /* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
511 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
512 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
513 	0, SDEB_I_VARIABLE_LEN,
514 /* 0x80; 0x80->0x9f: 16 byte cdbs */
515 	0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
516 	SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0,
517 	0, 0, 0, SDEB_I_VERIFY,
518 	SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME,
519 	SDEB_I_ZONE_OUT, SDEB_I_ZONE_IN, 0, 0,
520 	0, 0, 0, 0,
521 	SDEB_I_ATOMIC_WRITE_16, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
522 /* 0xa0; 0xa0->0xbf: 12 byte cdbs */
523 	SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
524 	     SDEB_I_MAINT_OUT, 0, 0, 0,
525 	SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
526 	     0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
527 	0, 0, 0, 0, 0, 0, 0, 0,
528 	0, 0, 0, 0, 0, 0, 0, 0,
529 /* 0xc0; 0xc0->0xff: vendor specific */
530 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
531 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
532 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
533 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
534 };
535 
536 /*
537  * The following "response" functions return the SCSI mid-level's 4 byte
538  * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
539  * command completion, they can mask their return value with
540  * SDEG_RES_IMMED_MASK .
541  */
542 #define SDEG_RES_IMMED_MASK 0x40000000
543 
544 static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
545 static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
546 static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
547 static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
548 static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
549 static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
550 static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
551 static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
552 static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
553 static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
554 static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
555 static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
556 static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
557 static int resp_get_stream_status(struct scsi_cmnd *scp,
558 				  struct sdebug_dev_info *devip);
559 static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
560 static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
561 static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
562 static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
563 static int resp_verify(struct scsi_cmnd *, struct sdebug_dev_info *);
564 static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
565 static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
566 static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
567 static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
568 static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
569 static int resp_pre_fetch(struct scsi_cmnd *, struct sdebug_dev_info *);
570 static int resp_report_zones(struct scsi_cmnd *, struct sdebug_dev_info *);
571 static int resp_atomic_write(struct scsi_cmnd *, struct sdebug_dev_info *);
572 static int resp_open_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
573 static int resp_close_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
574 static int resp_finish_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
575 static int resp_rwp_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
576 
577 static int sdebug_do_add_host(bool mk_new_store);
578 static int sdebug_add_host_helper(int per_host_idx);
579 static void sdebug_do_remove_host(bool the_end);
580 static int sdebug_add_store(void);
581 static void sdebug_erase_store(int idx, struct sdeb_store_info *sip);
582 static void sdebug_erase_all_stores(bool apart_from_first);
583 
584 static void sdebug_free_queued_cmd(struct sdebug_queued_cmd *sqcp);
585 
586 /*
587  * The following are overflow arrays for cdbs that "hit" the same index in
588  * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
589  * should be placed in opcode_info_arr[], the others should be placed here.
590  */
591 static const struct opcode_info_t msense_iarr[] = {
592 	{0, 0x1a, 0, F_D_IN, NULL, NULL,
593 	    {6,  0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
594 };
595 
596 static const struct opcode_info_t mselect_iarr[] = {
597 	{0, 0x15, 0, F_D_OUT, NULL, NULL,
598 	    {6,  0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
599 };
600 
601 static const struct opcode_info_t read_iarr[] = {
602 	{0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
603 	    {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
604 	     0, 0, 0, 0} },
605 	{0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
606 	    {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
607 	{0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
608 	    {12,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
609 	     0xc7, 0, 0, 0, 0} },
610 };
611 
612 static const struct opcode_info_t write_iarr[] = {
613 	{0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(10) */
614 	    NULL, {10,  0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
615 		   0, 0, 0, 0, 0, 0} },
616 	{0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,   /* WRITE(6) */
617 	    NULL, {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
618 		   0, 0, 0} },
619 	{0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(12) */
620 	    NULL, {12,  0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
621 		   0xbf, 0xc7, 0, 0, 0, 0} },
622 };
623 
624 static const struct opcode_info_t verify_iarr[] = {
625 	{0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,/* VERIFY(10) */
626 	    NULL, {10,  0xf7, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xff, 0xff, 0xc7,
627 		   0, 0, 0, 0, 0, 0} },
628 };
629 
630 static const struct opcode_info_t sa_in_16_iarr[] = {
631 	{0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
632 	    {16,  0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
633 	     0xff, 0xff, 0xff, 0, 0xc7} },	/* GET LBA STATUS(16) */
634 	{0, 0x9e, 0x16, F_SA_LOW | F_D_IN, resp_get_stream_status, NULL,
635 	    {16, 0x16, 0, 0, 0xff, 0xff, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff,
636 	     0, 0} },	/* GET STREAM STATUS */
637 };
638 
639 static const struct opcode_info_t vl_iarr[] = {	/* VARIABLE LENGTH */
640 	{0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
641 	    NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
642 		   0, 0xff, 0xff, 0xff, 0xff} },	/* WRITE(32) */
643 	{0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
644 	    NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
645 		   0, 0xff, 0xff, 0x0, 0x0} },	/* WRITE SCATTERED(32) */
646 };
647 
648 static const struct opcode_info_t maint_in_iarr[] = {	/* MAINT IN */
649 	{0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
650 	    {12,  0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
651 	     0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
652 	{0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
653 	    {12,  0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
654 	     0, 0} },	/* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
655 };
656 
657 static const struct opcode_info_t write_same_iarr[] = {
658 	{0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
659 	    {16,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
660 	     0xff, 0xff, 0xff, 0x3f, 0xc7} },		/* WRITE SAME(16) */
661 };
662 
663 static const struct opcode_info_t reserve_iarr[] = {
664 	{0, 0x16, 0, F_D_OUT, NULL, NULL,		/* RESERVE(6) */
665 	    {6,  0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
666 };
667 
668 static const struct opcode_info_t release_iarr[] = {
669 	{0, 0x17, 0, F_D_OUT, NULL, NULL,		/* RELEASE(6) */
670 	    {6,  0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
671 };
672 
673 static const struct opcode_info_t sync_cache_iarr[] = {
674 	{0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
675 	    {16,  0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
676 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },	/* SYNC_CACHE (16) */
677 };
678 
679 static const struct opcode_info_t pre_fetch_iarr[] = {
680 	{0, 0x90, 0, F_SYNC_DELAY | FF_MEDIA_IO, resp_pre_fetch, NULL,
681 	    {16,  0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
682 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },	/* PRE-FETCH (16) */
683 };
684 
685 static const struct opcode_info_t zone_out_iarr[] = {	/* ZONE OUT(16) */
686 	{0, 0x94, 0x1, F_SA_LOW | F_M_ACCESS, resp_close_zone, NULL,
687 	    {16, 0x1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
688 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },	/* CLOSE ZONE */
689 	{0, 0x94, 0x2, F_SA_LOW | F_M_ACCESS, resp_finish_zone, NULL,
690 	    {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
691 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },	/* FINISH ZONE */
692 	{0, 0x94, 0x4, F_SA_LOW | F_M_ACCESS, resp_rwp_zone, NULL,
693 	    {16, 0x4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
694 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },  /* RESET WRITE POINTER */
695 };
696 
697 static const struct opcode_info_t zone_in_iarr[] = {	/* ZONE IN(16) */
698 	{0, 0x95, 0x6, F_SA_LOW | F_D_IN | F_M_ACCESS, NULL, NULL,
699 	    {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
700 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* REPORT ZONES */
701 };
702 
703 
704 /* This array is accessed via SDEB_I_* values. Make sure all are mapped,
705  * plus the terminating elements for logic that scans this table such as
706  * REPORT SUPPORTED OPERATION CODES. */
707 static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEM_P1 + 1] = {
708 /* 0 */
709 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,	/* unknown opcodes */
710 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
711 	{0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
712 	    {6,  0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
713 	{0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
714 	    {12,  0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
715 	     0, 0} },					/* REPORT LUNS */
716 	{0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
717 	    {6,  0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
718 	{0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
719 	    {6,  0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
720 /* 5 */
721 	{ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN,	/* MODE SENSE(10) */
722 	    resp_mode_sense, msense_iarr, {10,  0xf8, 0xff, 0xff, 0, 0, 0,
723 		0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
724 	{ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT,	/* MODE SELECT(10) */
725 	    resp_mode_select, mselect_iarr, {10,  0xf1, 0, 0, 0, 0, 0, 0xff,
726 		0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
727 	{0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,	/* LOG SENSE */
728 	    {10,  0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
729 	     0, 0, 0} },
730 	{0, 0x25, 0, F_D_IN, resp_readcap, NULL,    /* READ CAPACITY(10) */
731 	    {10,  0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
732 	     0, 0} },
733 	{ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
734 	    resp_read_dt0, read_iarr, {16,  0xfe, 0xff, 0xff, 0xff, 0xff,
735 	    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
736 /* 10 */
737 	{ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
738 	    resp_write_dt0, write_iarr,			/* WRITE(16) */
739 		{16,  0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
740 		 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
741 	{0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
742 	    {6,  0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
743 	{ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
744 	    resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
745 		{16,  0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
746 		 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
747 	{0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
748 	    NULL, {16,  0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
749 	    0xff, 0xff, 0xff, 0xff, 0xc7} },  /* SA_OUT(16), WRITE SCAT(16) */
750 	{ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
751 	    resp_report_tgtpgs,	/* MAINT IN, REPORT TARGET PORT GROUPS */
752 		maint_in_iarr, {12,  0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
753 				0xff, 0, 0xc7, 0, 0, 0, 0} },
754 /* 15 */
755 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
756 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
757 	{ARRAY_SIZE(verify_iarr), 0x8f, 0,
758 	    F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,	/* VERIFY(16) */
759 	    verify_iarr, {16,  0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
760 			  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },
761 	{ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
762 	    resp_read_dt0, vl_iarr,	/* VARIABLE LENGTH, READ(32) */
763 	    {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
764 	     0xff, 0xff} },
765 	{ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
766 	    NULL, reserve_iarr,	/* RESERVE(10) <no response function> */
767 	    {10,  0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
768 	     0} },
769 	{ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
770 	    NULL, release_iarr, /* RELEASE(10) <no response function> */
771 	    {10,  0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
772 	     0} },
773 /* 20 */
774 	{0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
775 	    {6,  0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
776 	{0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
777 	    {6,  0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
778 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
779 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
780 	{0, 0x1d, F_D_OUT, 0, NULL, NULL,	/* SEND DIAGNOSTIC */
781 	    {6,  0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
782 	{0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
783 	    {10,  0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
784 /* 25 */
785 	{0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
786 	    {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
787 	     0, 0, 0, 0} },			/* WRITE_BUFFER */
788 	{ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
789 	    resp_write_same_10, write_same_iarr,	/* WRITE SAME(10) */
790 		{10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
791 		 0, 0, 0, 0, 0} },
792 	{ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
793 	    resp_sync_cache, sync_cache_iarr,
794 	    {10,  0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
795 	     0, 0, 0, 0} },			/* SYNC_CACHE (10) */
796 	{0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
797 	    {16,  0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
798 	     0, 0xff, 0x3f, 0xc7} },		/* COMPARE AND WRITE */
799 	{ARRAY_SIZE(pre_fetch_iarr), 0x34, 0, F_SYNC_DELAY | FF_MEDIA_IO,
800 	    resp_pre_fetch, pre_fetch_iarr,
801 	    {10,  0x2, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
802 	     0, 0, 0, 0} },			/* PRE-FETCH (10) */
803 
804 /* 30 */
805 	{ARRAY_SIZE(zone_out_iarr), 0x94, 0x3, F_SA_LOW | F_M_ACCESS,
806 	    resp_open_zone, zone_out_iarr, /* ZONE_OUT(16), OPEN ZONE) */
807 		{16,  0x3 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
808 		 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0x1, 0xc7} },
809 	{ARRAY_SIZE(zone_in_iarr), 0x95, 0x0, F_SA_LOW | F_M_ACCESS,
810 	    resp_report_zones, zone_in_iarr, /* ZONE_IN(16), REPORT ZONES) */
811 		{16,  0x0 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
812 		 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xc7} },
813 /* 31 */
814 	{0, 0x0, 0x0, F_D_OUT | FF_MEDIA_IO,
815 	    resp_atomic_write, NULL, /* ATOMIC WRITE 16 */
816 		{16,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
817 		 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff} },
818 /* sentinel */
819 	{0xff, 0, 0, 0, NULL, NULL,		/* terminating element */
820 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
821 };
822 
823 static int sdebug_num_hosts;
824 static int sdebug_add_host = DEF_NUM_HOST;  /* in sysfs this is relative */
825 static int sdebug_ato = DEF_ATO;
826 static int sdebug_cdb_len = DEF_CDB_LEN;
827 static int sdebug_jdelay = DEF_JDELAY;	/* if > 0 then unit is jiffies */
828 static int sdebug_dev_size_mb = DEF_DEV_SIZE_PRE_INIT;
829 static int sdebug_dif = DEF_DIF;
830 static int sdebug_dix = DEF_DIX;
831 static int sdebug_dsense = DEF_D_SENSE;
832 static int sdebug_every_nth = DEF_EVERY_NTH;
833 static int sdebug_fake_rw = DEF_FAKE_RW;
834 static unsigned int sdebug_guard = DEF_GUARD;
835 static int sdebug_host_max_queue;	/* per host */
836 static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
837 static int sdebug_max_luns = DEF_MAX_LUNS;
838 static int sdebug_max_queue = SDEBUG_CANQUEUE;	/* per submit queue */
839 static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
840 static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
841 static int sdebug_ndelay = DEF_NDELAY;	/* if > 0 then unit is nanoseconds */
842 static int sdebug_no_lun_0 = DEF_NO_LUN_0;
843 static int sdebug_no_uld;
844 static int sdebug_num_parts = DEF_NUM_PARTS;
845 static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
846 static int sdebug_opt_blks = DEF_OPT_BLKS;
847 static int sdebug_opts = DEF_OPTS;
848 static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
849 static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
850 static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
851 static int sdebug_scsi_level = DEF_SCSI_LEVEL;
852 static int sdebug_sector_size = DEF_SECTOR_SIZE;
853 static int sdeb_tur_ms_to_ready = DEF_TUR_MS_TO_READY;
854 static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
855 static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
856 static unsigned int sdebug_lbpu = DEF_LBPU;
857 static unsigned int sdebug_lbpws = DEF_LBPWS;
858 static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
859 static unsigned int sdebug_lbprz = DEF_LBPRZ;
860 static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
861 static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
862 static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
863 static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
864 static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
865 static unsigned int sdebug_atomic_wr = DEF_ATOMIC_WR;
866 static unsigned int sdebug_atomic_wr_max_length = DEF_ATOMIC_WR_MAX_LENGTH;
867 static unsigned int sdebug_atomic_wr_align = DEF_ATOMIC_WR_ALIGN;
868 static unsigned int sdebug_atomic_wr_gran = DEF_ATOMIC_WR_GRAN;
869 static unsigned int sdebug_atomic_wr_max_length_bndry =
870 			DEF_ATOMIC_WR_MAX_LENGTH_BNDRY;
871 static unsigned int sdebug_atomic_wr_max_bndry = DEF_ATOMIC_WR_MAX_BNDRY;
872 static int sdebug_uuid_ctl = DEF_UUID_CTL;
873 static bool sdebug_random = DEF_RANDOM;
874 static bool sdebug_per_host_store = DEF_PER_HOST_STORE;
875 static bool sdebug_removable = DEF_REMOVABLE;
876 static bool sdebug_clustering;
877 static bool sdebug_host_lock = DEF_HOST_LOCK;
878 static bool sdebug_strict = DEF_STRICT;
879 static bool sdebug_any_injecting_opt;
880 static bool sdebug_no_rwlock;
881 static bool sdebug_verbose;
882 static bool have_dif_prot;
883 static bool write_since_sync;
884 static bool sdebug_statistics = DEF_STATISTICS;
885 static bool sdebug_wp;
886 static bool sdebug_allow_restart;
887 static enum {
888 	BLK_ZONED_NONE	= 0,
889 	BLK_ZONED_HA	= 1,
890 	BLK_ZONED_HM	= 2,
891 } sdeb_zbc_model = BLK_ZONED_NONE;
892 static char *sdeb_zbc_model_s;
893 
894 enum sam_lun_addr_method {SAM_LUN_AM_PERIPHERAL = 0x0,
895 			  SAM_LUN_AM_FLAT = 0x1,
896 			  SAM_LUN_AM_LOGICAL_UNIT = 0x2,
897 			  SAM_LUN_AM_EXTENDED = 0x3};
898 static enum sam_lun_addr_method sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
899 static int sdebug_lun_am_i = (int)SAM_LUN_AM_PERIPHERAL;
900 
901 static unsigned int sdebug_store_sectors;
902 static sector_t sdebug_capacity;	/* in sectors */
903 
904 /* old BIOS stuff, kernel may get rid of them but some mode sense pages
905    may still need them */
906 static int sdebug_heads;		/* heads per disk */
907 static int sdebug_cylinders_per;	/* cylinders per surface */
908 static int sdebug_sectors_per;		/* sectors per cylinder */
909 
910 static LIST_HEAD(sdebug_host_list);
911 static DEFINE_MUTEX(sdebug_host_list_mutex);
912 
913 static struct xarray per_store_arr;
914 static struct xarray *per_store_ap = &per_store_arr;
915 static int sdeb_first_idx = -1;		/* invalid index ==> none created */
916 static int sdeb_most_recent_idx = -1;
917 static DEFINE_RWLOCK(sdeb_fake_rw_lck);	/* need a RW lock when fake_rw=1 */
918 
919 static unsigned long map_size;
920 static int num_aborts;
921 static int num_dev_resets;
922 static int num_target_resets;
923 static int num_bus_resets;
924 static int num_host_resets;
925 static int dix_writes;
926 static int dix_reads;
927 static int dif_errors;
928 
929 /* ZBC global data */
930 static bool sdeb_zbc_in_use;	/* true for host-aware and host-managed disks */
931 static int sdeb_zbc_zone_cap_mb;
932 static int sdeb_zbc_zone_size_mb;
933 static int sdeb_zbc_max_open = DEF_ZBC_MAX_OPEN_ZONES;
934 static int sdeb_zbc_nr_conv = DEF_ZBC_NR_CONV_ZONES;
935 
936 static int submit_queues = DEF_SUBMIT_QUEUES;  /* > 1 for multi-queue (mq) */
937 static int poll_queues; /* iouring iopoll interface.*/
938 
939 static atomic_long_t writes_by_group_number[64];
940 
941 static char sdebug_proc_name[] = MY_NAME;
942 static const char *my_name = MY_NAME;
943 
944 static const struct bus_type pseudo_lld_bus;
945 
946 static struct device_driver sdebug_driverfs_driver = {
947 	.name 		= sdebug_proc_name,
948 	.bus		= &pseudo_lld_bus,
949 };
950 
951 static const int check_condition_result =
952 	SAM_STAT_CHECK_CONDITION;
953 
954 static const int illegal_condition_result =
955 	(DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
956 
957 static const int device_qfull_result =
958 	(DID_ABORT << 16) | SAM_STAT_TASK_SET_FULL;
959 
960 static const int condition_met_result = SAM_STAT_CONDITION_MET;
961 
962 static struct dentry *sdebug_debugfs_root;
963 static ASYNC_DOMAIN_EXCLUSIVE(sdebug_async_domain);
964 
965 static void sdebug_err_free(struct rcu_head *head)
966 {
967 	struct sdebug_err_inject *inject =
968 		container_of(head, typeof(*inject), rcu);
969 
970 	kfree(inject);
971 }
972 
973 static void sdebug_err_add(struct scsi_device *sdev, struct sdebug_err_inject *new)
974 {
975 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
976 	struct sdebug_err_inject *err;
977 
978 	spin_lock(&devip->list_lock);
979 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
980 		if (err->type == new->type && err->cmd == new->cmd) {
981 			list_del_rcu(&err->list);
982 			call_rcu(&err->rcu, sdebug_err_free);
983 		}
984 	}
985 
986 	list_add_tail_rcu(&new->list, &devip->inject_err_list);
987 	spin_unlock(&devip->list_lock);
988 }
989 
990 static int sdebug_err_remove(struct scsi_device *sdev, const char *buf, size_t count)
991 {
992 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
993 	struct sdebug_err_inject *err;
994 	int type;
995 	unsigned char cmd;
996 
997 	if (sscanf(buf, "- %d %hhx", &type, &cmd) != 2) {
998 		kfree(buf);
999 		return -EINVAL;
1000 	}
1001 
1002 	spin_lock(&devip->list_lock);
1003 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
1004 		if (err->type == type && err->cmd == cmd) {
1005 			list_del_rcu(&err->list);
1006 			call_rcu(&err->rcu, sdebug_err_free);
1007 			spin_unlock(&devip->list_lock);
1008 			kfree(buf);
1009 			return count;
1010 		}
1011 	}
1012 	spin_unlock(&devip->list_lock);
1013 
1014 	kfree(buf);
1015 	return -EINVAL;
1016 }
1017 
1018 static int sdebug_error_show(struct seq_file *m, void *p)
1019 {
1020 	struct scsi_device *sdev = (struct scsi_device *)m->private;
1021 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdev->hostdata;
1022 	struct sdebug_err_inject *err;
1023 
1024 	seq_puts(m, "Type\tCount\tCommand\n");
1025 
1026 	rcu_read_lock();
1027 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
1028 		switch (err->type) {
1029 		case ERR_TMOUT_CMD:
1030 		case ERR_ABORT_CMD_FAILED:
1031 		case ERR_LUN_RESET_FAILED:
1032 			seq_printf(m, "%d\t%d\t0x%x\n", err->type, err->cnt,
1033 				err->cmd);
1034 		break;
1035 
1036 		case ERR_FAIL_QUEUE_CMD:
1037 			seq_printf(m, "%d\t%d\t0x%x\t0x%x\n", err->type,
1038 				err->cnt, err->cmd, err->queuecmd_ret);
1039 		break;
1040 
1041 		case ERR_FAIL_CMD:
1042 			seq_printf(m, "%d\t%d\t0x%x\t0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
1043 				err->type, err->cnt, err->cmd,
1044 				err->host_byte, err->driver_byte,
1045 				err->status_byte, err->sense_key,
1046 				err->asc, err->asq);
1047 		break;
1048 		}
1049 	}
1050 	rcu_read_unlock();
1051 
1052 	return 0;
1053 }
1054 
1055 static int sdebug_error_open(struct inode *inode, struct file *file)
1056 {
1057 	return single_open(file, sdebug_error_show, inode->i_private);
1058 }
1059 
1060 static ssize_t sdebug_error_write(struct file *file, const char __user *ubuf,
1061 		size_t count, loff_t *ppos)
1062 {
1063 	char *buf;
1064 	unsigned int inject_type;
1065 	struct sdebug_err_inject *inject;
1066 	struct scsi_device *sdev = (struct scsi_device *)file->f_inode->i_private;
1067 
1068 	buf = kzalloc(count + 1, GFP_KERNEL);
1069 	if (!buf)
1070 		return -ENOMEM;
1071 
1072 	if (copy_from_user(buf, ubuf, count)) {
1073 		kfree(buf);
1074 		return -EFAULT;
1075 	}
1076 
1077 	if (buf[0] == '-')
1078 		return sdebug_err_remove(sdev, buf, count);
1079 
1080 	if (sscanf(buf, "%d", &inject_type) != 1) {
1081 		kfree(buf);
1082 		return -EINVAL;
1083 	}
1084 
1085 	inject = kzalloc(sizeof(struct sdebug_err_inject), GFP_KERNEL);
1086 	if (!inject) {
1087 		kfree(buf);
1088 		return -ENOMEM;
1089 	}
1090 
1091 	switch (inject_type) {
1092 	case ERR_TMOUT_CMD:
1093 	case ERR_ABORT_CMD_FAILED:
1094 	case ERR_LUN_RESET_FAILED:
1095 		if (sscanf(buf, "%d %d %hhx", &inject->type, &inject->cnt,
1096 			   &inject->cmd) != 3)
1097 			goto out_error;
1098 	break;
1099 
1100 	case ERR_FAIL_QUEUE_CMD:
1101 		if (sscanf(buf, "%d %d %hhx %x", &inject->type, &inject->cnt,
1102 			   &inject->cmd, &inject->queuecmd_ret) != 4)
1103 			goto out_error;
1104 	break;
1105 
1106 	case ERR_FAIL_CMD:
1107 		if (sscanf(buf, "%d %d %hhx %hhx %hhx %hhx %hhx %hhx %hhx",
1108 			   &inject->type, &inject->cnt, &inject->cmd,
1109 			   &inject->host_byte, &inject->driver_byte,
1110 			   &inject->status_byte, &inject->sense_key,
1111 			   &inject->asc, &inject->asq) != 9)
1112 			goto out_error;
1113 	break;
1114 
1115 	default:
1116 		goto out_error;
1117 	break;
1118 	}
1119 
1120 	kfree(buf);
1121 	sdebug_err_add(sdev, inject);
1122 
1123 	return count;
1124 
1125 out_error:
1126 	kfree(buf);
1127 	kfree(inject);
1128 	return -EINVAL;
1129 }
1130 
1131 static const struct file_operations sdebug_error_fops = {
1132 	.open	= sdebug_error_open,
1133 	.read	= seq_read,
1134 	.write	= sdebug_error_write,
1135 	.release = single_release,
1136 };
1137 
1138 static int sdebug_target_reset_fail_show(struct seq_file *m, void *p)
1139 {
1140 	struct scsi_target *starget = (struct scsi_target *)m->private;
1141 	struct sdebug_target_info *targetip =
1142 		(struct sdebug_target_info *)starget->hostdata;
1143 
1144 	if (targetip)
1145 		seq_printf(m, "%c\n", targetip->reset_fail ? 'Y' : 'N');
1146 
1147 	return 0;
1148 }
1149 
1150 static int sdebug_target_reset_fail_open(struct inode *inode, struct file *file)
1151 {
1152 	return single_open(file, sdebug_target_reset_fail_show, inode->i_private);
1153 }
1154 
1155 static ssize_t sdebug_target_reset_fail_write(struct file *file,
1156 		const char __user *ubuf, size_t count, loff_t *ppos)
1157 {
1158 	int ret;
1159 	struct scsi_target *starget =
1160 		(struct scsi_target *)file->f_inode->i_private;
1161 	struct sdebug_target_info *targetip =
1162 		(struct sdebug_target_info *)starget->hostdata;
1163 
1164 	if (targetip) {
1165 		ret = kstrtobool_from_user(ubuf, count, &targetip->reset_fail);
1166 		return ret < 0 ? ret : count;
1167 	}
1168 	return -ENODEV;
1169 }
1170 
1171 static const struct file_operations sdebug_target_reset_fail_fops = {
1172 	.open	= sdebug_target_reset_fail_open,
1173 	.read	= seq_read,
1174 	.write	= sdebug_target_reset_fail_write,
1175 	.release = single_release,
1176 };
1177 
1178 static int sdebug_target_alloc(struct scsi_target *starget)
1179 {
1180 	struct sdebug_target_info *targetip;
1181 
1182 	targetip = kzalloc(sizeof(struct sdebug_target_info), GFP_KERNEL);
1183 	if (!targetip)
1184 		return -ENOMEM;
1185 
1186 	async_synchronize_full_domain(&sdebug_async_domain);
1187 
1188 	targetip->debugfs_entry = debugfs_create_dir(dev_name(&starget->dev),
1189 				sdebug_debugfs_root);
1190 
1191 	debugfs_create_file("fail_reset", 0600, targetip->debugfs_entry, starget,
1192 				&sdebug_target_reset_fail_fops);
1193 
1194 	starget->hostdata = targetip;
1195 
1196 	return 0;
1197 }
1198 
1199 static void sdebug_tartget_cleanup_async(void *data, async_cookie_t cookie)
1200 {
1201 	struct sdebug_target_info *targetip = data;
1202 
1203 	debugfs_remove(targetip->debugfs_entry);
1204 	kfree(targetip);
1205 }
1206 
1207 static void sdebug_target_destroy(struct scsi_target *starget)
1208 {
1209 	struct sdebug_target_info *targetip;
1210 
1211 	targetip = (struct sdebug_target_info *)starget->hostdata;
1212 	if (targetip) {
1213 		starget->hostdata = NULL;
1214 		async_schedule_domain(sdebug_tartget_cleanup_async, targetip,
1215 				&sdebug_async_domain);
1216 	}
1217 }
1218 
1219 /* Only do the extra work involved in logical block provisioning if one or
1220  * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
1221  * real reads and writes (i.e. not skipping them for speed).
1222  */
1223 static inline bool scsi_debug_lbp(void)
1224 {
1225 	return 0 == sdebug_fake_rw &&
1226 		(sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
1227 }
1228 
1229 static inline bool scsi_debug_atomic_write(void)
1230 {
1231 	return sdebug_fake_rw == 0 && sdebug_atomic_wr;
1232 }
1233 
1234 static void *lba2fake_store(struct sdeb_store_info *sip,
1235 			    unsigned long long lba)
1236 {
1237 	struct sdeb_store_info *lsip = sip;
1238 
1239 	lba = do_div(lba, sdebug_store_sectors);
1240 	if (!sip || !sip->storep) {
1241 		WARN_ON_ONCE(true);
1242 		lsip = xa_load(per_store_ap, 0);  /* should never be NULL */
1243 	}
1244 	return lsip->storep + lba * sdebug_sector_size;
1245 }
1246 
1247 static struct t10_pi_tuple *dif_store(struct sdeb_store_info *sip,
1248 				      sector_t sector)
1249 {
1250 	sector = sector_div(sector, sdebug_store_sectors);
1251 
1252 	return sip->dif_storep + sector;
1253 }
1254 
1255 static void sdebug_max_tgts_luns(void)
1256 {
1257 	struct sdebug_host_info *sdbg_host;
1258 	struct Scsi_Host *hpnt;
1259 
1260 	mutex_lock(&sdebug_host_list_mutex);
1261 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1262 		hpnt = sdbg_host->shost;
1263 		if ((hpnt->this_id >= 0) &&
1264 		    (sdebug_num_tgts > hpnt->this_id))
1265 			hpnt->max_id = sdebug_num_tgts + 1;
1266 		else
1267 			hpnt->max_id = sdebug_num_tgts;
1268 		/* sdebug_max_luns; */
1269 		hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
1270 	}
1271 	mutex_unlock(&sdebug_host_list_mutex);
1272 }
1273 
1274 enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
1275 
1276 /* Set in_bit to -1 to indicate no bit position of invalid field */
1277 static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
1278 				 enum sdeb_cmd_data c_d,
1279 				 int in_byte, int in_bit)
1280 {
1281 	unsigned char *sbuff;
1282 	u8 sks[4];
1283 	int sl, asc;
1284 
1285 	sbuff = scp->sense_buffer;
1286 	if (!sbuff) {
1287 		sdev_printk(KERN_ERR, scp->device,
1288 			    "%s: sense_buffer is NULL\n", __func__);
1289 		return;
1290 	}
1291 	asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
1292 	memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
1293 	scsi_build_sense(scp, sdebug_dsense, ILLEGAL_REQUEST, asc, 0);
1294 	memset(sks, 0, sizeof(sks));
1295 	sks[0] = 0x80;
1296 	if (c_d)
1297 		sks[0] |= 0x40;
1298 	if (in_bit >= 0) {
1299 		sks[0] |= 0x8;
1300 		sks[0] |= 0x7 & in_bit;
1301 	}
1302 	put_unaligned_be16(in_byte, sks + 1);
1303 	if (sdebug_dsense) {
1304 		sl = sbuff[7] + 8;
1305 		sbuff[7] = sl;
1306 		sbuff[sl] = 0x2;
1307 		sbuff[sl + 1] = 0x6;
1308 		memcpy(sbuff + sl + 4, sks, 3);
1309 	} else
1310 		memcpy(sbuff + 15, sks, 3);
1311 	if (sdebug_verbose)
1312 		sdev_printk(KERN_INFO, scp->device, "%s:  [sense_key,asc,ascq"
1313 			    "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
1314 			    my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
1315 }
1316 
1317 static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
1318 {
1319 	if (!scp->sense_buffer) {
1320 		sdev_printk(KERN_ERR, scp->device,
1321 			    "%s: sense_buffer is NULL\n", __func__);
1322 		return;
1323 	}
1324 	memset(scp->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
1325 
1326 	scsi_build_sense(scp, sdebug_dsense, key, asc, asq);
1327 
1328 	if (sdebug_verbose)
1329 		sdev_printk(KERN_INFO, scp->device,
1330 			    "%s:  [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
1331 			    my_name, key, asc, asq);
1332 }
1333 
1334 static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
1335 {
1336 	mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
1337 }
1338 
1339 static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
1340 			    void __user *arg)
1341 {
1342 	if (sdebug_verbose) {
1343 		if (0x1261 == cmd)
1344 			sdev_printk(KERN_INFO, dev,
1345 				    "%s: BLKFLSBUF [0x1261]\n", __func__);
1346 		else if (0x5331 == cmd)
1347 			sdev_printk(KERN_INFO, dev,
1348 				    "%s: CDROM_GET_CAPABILITY [0x5331]\n",
1349 				    __func__);
1350 		else
1351 			sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
1352 				    __func__, cmd);
1353 	}
1354 	return -EINVAL;
1355 	/* return -ENOTTY; // correct return but upsets fdisk */
1356 }
1357 
1358 static void config_cdb_len(struct scsi_device *sdev)
1359 {
1360 	switch (sdebug_cdb_len) {
1361 	case 6:	/* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
1362 		sdev->use_10_for_rw = false;
1363 		sdev->use_16_for_rw = false;
1364 		sdev->use_10_for_ms = false;
1365 		break;
1366 	case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
1367 		sdev->use_10_for_rw = true;
1368 		sdev->use_16_for_rw = false;
1369 		sdev->use_10_for_ms = false;
1370 		break;
1371 	case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
1372 		sdev->use_10_for_rw = true;
1373 		sdev->use_16_for_rw = false;
1374 		sdev->use_10_for_ms = true;
1375 		break;
1376 	case 16:
1377 		sdev->use_10_for_rw = false;
1378 		sdev->use_16_for_rw = true;
1379 		sdev->use_10_for_ms = true;
1380 		break;
1381 	case 32: /* No knobs to suggest this so same as 16 for now */
1382 		sdev->use_10_for_rw = false;
1383 		sdev->use_16_for_rw = true;
1384 		sdev->use_10_for_ms = true;
1385 		break;
1386 	default:
1387 		pr_warn("unexpected cdb_len=%d, force to 10\n",
1388 			sdebug_cdb_len);
1389 		sdev->use_10_for_rw = true;
1390 		sdev->use_16_for_rw = false;
1391 		sdev->use_10_for_ms = false;
1392 		sdebug_cdb_len = 10;
1393 		break;
1394 	}
1395 }
1396 
1397 static void all_config_cdb_len(void)
1398 {
1399 	struct sdebug_host_info *sdbg_host;
1400 	struct Scsi_Host *shost;
1401 	struct scsi_device *sdev;
1402 
1403 	mutex_lock(&sdebug_host_list_mutex);
1404 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1405 		shost = sdbg_host->shost;
1406 		shost_for_each_device(sdev, shost) {
1407 			config_cdb_len(sdev);
1408 		}
1409 	}
1410 	mutex_unlock(&sdebug_host_list_mutex);
1411 }
1412 
1413 static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
1414 {
1415 	struct sdebug_host_info *sdhp = devip->sdbg_host;
1416 	struct sdebug_dev_info *dp;
1417 
1418 	list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
1419 		if ((devip->sdbg_host == dp->sdbg_host) &&
1420 		    (devip->target == dp->target)) {
1421 			clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
1422 		}
1423 	}
1424 }
1425 
1426 static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1427 {
1428 	int k;
1429 
1430 	k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
1431 	if (k != SDEBUG_NUM_UAS) {
1432 		const char *cp = NULL;
1433 
1434 		switch (k) {
1435 		case SDEBUG_UA_POR:
1436 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1437 					POWER_ON_RESET_ASCQ);
1438 			if (sdebug_verbose)
1439 				cp = "power on reset";
1440 			break;
1441 		case SDEBUG_UA_POOCCUR:
1442 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1443 					POWER_ON_OCCURRED_ASCQ);
1444 			if (sdebug_verbose)
1445 				cp = "power on occurred";
1446 			break;
1447 		case SDEBUG_UA_BUS_RESET:
1448 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1449 					BUS_RESET_ASCQ);
1450 			if (sdebug_verbose)
1451 				cp = "bus reset";
1452 			break;
1453 		case SDEBUG_UA_MODE_CHANGED:
1454 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1455 					MODE_CHANGED_ASCQ);
1456 			if (sdebug_verbose)
1457 				cp = "mode parameters changed";
1458 			break;
1459 		case SDEBUG_UA_CAPACITY_CHANGED:
1460 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1461 					CAPACITY_CHANGED_ASCQ);
1462 			if (sdebug_verbose)
1463 				cp = "capacity data changed";
1464 			break;
1465 		case SDEBUG_UA_MICROCODE_CHANGED:
1466 			mk_sense_buffer(scp, UNIT_ATTENTION,
1467 					TARGET_CHANGED_ASC,
1468 					MICROCODE_CHANGED_ASCQ);
1469 			if (sdebug_verbose)
1470 				cp = "microcode has been changed";
1471 			break;
1472 		case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
1473 			mk_sense_buffer(scp, UNIT_ATTENTION,
1474 					TARGET_CHANGED_ASC,
1475 					MICROCODE_CHANGED_WO_RESET_ASCQ);
1476 			if (sdebug_verbose)
1477 				cp = "microcode has been changed without reset";
1478 			break;
1479 		case SDEBUG_UA_LUNS_CHANGED:
1480 			/*
1481 			 * SPC-3 behavior is to report a UNIT ATTENTION with
1482 			 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
1483 			 * on the target, until a REPORT LUNS command is
1484 			 * received.  SPC-4 behavior is to report it only once.
1485 			 * NOTE:  sdebug_scsi_level does not use the same
1486 			 * values as struct scsi_device->scsi_level.
1487 			 */
1488 			if (sdebug_scsi_level >= 6)	/* SPC-4 and above */
1489 				clear_luns_changed_on_target(devip);
1490 			mk_sense_buffer(scp, UNIT_ATTENTION,
1491 					TARGET_CHANGED_ASC,
1492 					LUNS_CHANGED_ASCQ);
1493 			if (sdebug_verbose)
1494 				cp = "reported luns data has changed";
1495 			break;
1496 		default:
1497 			pr_warn("unexpected unit attention code=%d\n", k);
1498 			if (sdebug_verbose)
1499 				cp = "unknown";
1500 			break;
1501 		}
1502 		clear_bit(k, devip->uas_bm);
1503 		if (sdebug_verbose)
1504 			sdev_printk(KERN_INFO, scp->device,
1505 				   "%s reports: Unit attention: %s\n",
1506 				   my_name, cp);
1507 		return check_condition_result;
1508 	}
1509 	return 0;
1510 }
1511 
1512 /* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1513 static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1514 				int arr_len)
1515 {
1516 	int act_len;
1517 	struct scsi_data_buffer *sdb = &scp->sdb;
1518 
1519 	if (!sdb->length)
1520 		return 0;
1521 	if (scp->sc_data_direction != DMA_FROM_DEVICE)
1522 		return DID_ERROR << 16;
1523 
1524 	act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1525 				      arr, arr_len);
1526 	scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1527 
1528 	return 0;
1529 }
1530 
1531 /* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1532  * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1533  * calls, not required to write in ascending offset order. Assumes resid
1534  * set to scsi_bufflen() prior to any calls.
1535  */
1536 static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1537 				  int arr_len, unsigned int off_dst)
1538 {
1539 	unsigned int act_len, n;
1540 	struct scsi_data_buffer *sdb = &scp->sdb;
1541 	off_t skip = off_dst;
1542 
1543 	if (sdb->length <= off_dst)
1544 		return 0;
1545 	if (scp->sc_data_direction != DMA_FROM_DEVICE)
1546 		return DID_ERROR << 16;
1547 
1548 	act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1549 				       arr, arr_len, skip);
1550 	pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1551 		 __func__, off_dst, scsi_bufflen(scp), act_len,
1552 		 scsi_get_resid(scp));
1553 	n = scsi_bufflen(scp) - (off_dst + act_len);
1554 	scsi_set_resid(scp, min_t(u32, scsi_get_resid(scp), n));
1555 	return 0;
1556 }
1557 
1558 /* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1559  * 'arr' or -1 if error.
1560  */
1561 static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1562 			       int arr_len)
1563 {
1564 	if (!scsi_bufflen(scp))
1565 		return 0;
1566 	if (scp->sc_data_direction != DMA_TO_DEVICE)
1567 		return -1;
1568 
1569 	return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1570 }
1571 
1572 
1573 static char sdebug_inq_vendor_id[9] = "Linux   ";
1574 static char sdebug_inq_product_id[17] = "scsi_debug      ";
1575 static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1576 /* Use some locally assigned NAAs for SAS addresses. */
1577 static const u64 naa3_comp_a = 0x3222222000000000ULL;
1578 static const u64 naa3_comp_b = 0x3333333000000000ULL;
1579 static const u64 naa3_comp_c = 0x3111111000000000ULL;
1580 
1581 /* Device identification VPD page. Returns number of bytes placed in arr */
1582 static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1583 			  int target_dev_id, int dev_id_num,
1584 			  const char *dev_id_str, int dev_id_str_len,
1585 			  const uuid_t *lu_name)
1586 {
1587 	int num, port_a;
1588 	char b[32];
1589 
1590 	port_a = target_dev_id + 1;
1591 	/* T10 vendor identifier field format (faked) */
1592 	arr[0] = 0x2;	/* ASCII */
1593 	arr[1] = 0x1;
1594 	arr[2] = 0x0;
1595 	memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1596 	memcpy(&arr[12], sdebug_inq_product_id, 16);
1597 	memcpy(&arr[28], dev_id_str, dev_id_str_len);
1598 	num = 8 + 16 + dev_id_str_len;
1599 	arr[3] = num;
1600 	num += 4;
1601 	if (dev_id_num >= 0) {
1602 		if (sdebug_uuid_ctl) {
1603 			/* Locally assigned UUID */
1604 			arr[num++] = 0x1;  /* binary (not necessarily sas) */
1605 			arr[num++] = 0xa;  /* PIV=0, lu, naa */
1606 			arr[num++] = 0x0;
1607 			arr[num++] = 0x12;
1608 			arr[num++] = 0x10; /* uuid type=1, locally assigned */
1609 			arr[num++] = 0x0;
1610 			memcpy(arr + num, lu_name, 16);
1611 			num += 16;
1612 		} else {
1613 			/* NAA-3, Logical unit identifier (binary) */
1614 			arr[num++] = 0x1;  /* binary (not necessarily sas) */
1615 			arr[num++] = 0x3;  /* PIV=0, lu, naa */
1616 			arr[num++] = 0x0;
1617 			arr[num++] = 0x8;
1618 			put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1619 			num += 8;
1620 		}
1621 		/* Target relative port number */
1622 		arr[num++] = 0x61;	/* proto=sas, binary */
1623 		arr[num++] = 0x94;	/* PIV=1, target port, rel port */
1624 		arr[num++] = 0x0;	/* reserved */
1625 		arr[num++] = 0x4;	/* length */
1626 		arr[num++] = 0x0;	/* reserved */
1627 		arr[num++] = 0x0;	/* reserved */
1628 		arr[num++] = 0x0;
1629 		arr[num++] = 0x1;	/* relative port A */
1630 	}
1631 	/* NAA-3, Target port identifier */
1632 	arr[num++] = 0x61;	/* proto=sas, binary */
1633 	arr[num++] = 0x93;	/* piv=1, target port, naa */
1634 	arr[num++] = 0x0;
1635 	arr[num++] = 0x8;
1636 	put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1637 	num += 8;
1638 	/* NAA-3, Target port group identifier */
1639 	arr[num++] = 0x61;	/* proto=sas, binary */
1640 	arr[num++] = 0x95;	/* piv=1, target port group id */
1641 	arr[num++] = 0x0;
1642 	arr[num++] = 0x4;
1643 	arr[num++] = 0;
1644 	arr[num++] = 0;
1645 	put_unaligned_be16(port_group_id, arr + num);
1646 	num += 2;
1647 	/* NAA-3, Target device identifier */
1648 	arr[num++] = 0x61;	/* proto=sas, binary */
1649 	arr[num++] = 0xa3;	/* piv=1, target device, naa */
1650 	arr[num++] = 0x0;
1651 	arr[num++] = 0x8;
1652 	put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1653 	num += 8;
1654 	/* SCSI name string: Target device identifier */
1655 	arr[num++] = 0x63;	/* proto=sas, UTF-8 */
1656 	arr[num++] = 0xa8;	/* piv=1, target device, SCSI name string */
1657 	arr[num++] = 0x0;
1658 	arr[num++] = 24;
1659 	memcpy(arr + num, "naa.32222220", 12);
1660 	num += 12;
1661 	snprintf(b, sizeof(b), "%08X", target_dev_id);
1662 	memcpy(arr + num, b, 8);
1663 	num += 8;
1664 	memset(arr + num, 0, 4);
1665 	num += 4;
1666 	return num;
1667 }
1668 
1669 static unsigned char vpd84_data[] = {
1670 /* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1671     0x22,0x22,0x22,0x0,0xbb,0x1,
1672     0x22,0x22,0x22,0x0,0xbb,0x2,
1673 };
1674 
1675 /*  Software interface identification VPD page */
1676 static int inquiry_vpd_84(unsigned char *arr)
1677 {
1678 	memcpy(arr, vpd84_data, sizeof(vpd84_data));
1679 	return sizeof(vpd84_data);
1680 }
1681 
1682 /* Management network addresses VPD page */
1683 static int inquiry_vpd_85(unsigned char *arr)
1684 {
1685 	int num = 0;
1686 	const char *na1 = "https://www.kernel.org/config";
1687 	const char *na2 = "http://www.kernel.org/log";
1688 	int plen, olen;
1689 
1690 	arr[num++] = 0x1;	/* lu, storage config */
1691 	arr[num++] = 0x0;	/* reserved */
1692 	arr[num++] = 0x0;
1693 	olen = strlen(na1);
1694 	plen = olen + 1;
1695 	if (plen % 4)
1696 		plen = ((plen / 4) + 1) * 4;
1697 	arr[num++] = plen;	/* length, null termianted, padded */
1698 	memcpy(arr + num, na1, olen);
1699 	memset(arr + num + olen, 0, plen - olen);
1700 	num += plen;
1701 
1702 	arr[num++] = 0x4;	/* lu, logging */
1703 	arr[num++] = 0x0;	/* reserved */
1704 	arr[num++] = 0x0;
1705 	olen = strlen(na2);
1706 	plen = olen + 1;
1707 	if (plen % 4)
1708 		plen = ((plen / 4) + 1) * 4;
1709 	arr[num++] = plen;	/* length, null terminated, padded */
1710 	memcpy(arr + num, na2, olen);
1711 	memset(arr + num + olen, 0, plen - olen);
1712 	num += plen;
1713 
1714 	return num;
1715 }
1716 
1717 /* SCSI ports VPD page */
1718 static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1719 {
1720 	int num = 0;
1721 	int port_a, port_b;
1722 
1723 	port_a = target_dev_id + 1;
1724 	port_b = port_a + 1;
1725 	arr[num++] = 0x0;	/* reserved */
1726 	arr[num++] = 0x0;	/* reserved */
1727 	arr[num++] = 0x0;
1728 	arr[num++] = 0x1;	/* relative port 1 (primary) */
1729 	memset(arr + num, 0, 6);
1730 	num += 6;
1731 	arr[num++] = 0x0;
1732 	arr[num++] = 12;	/* length tp descriptor */
1733 	/* naa-5 target port identifier (A) */
1734 	arr[num++] = 0x61;	/* proto=sas, binary */
1735 	arr[num++] = 0x93;	/* PIV=1, target port, NAA */
1736 	arr[num++] = 0x0;	/* reserved */
1737 	arr[num++] = 0x8;	/* length */
1738 	put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1739 	num += 8;
1740 	arr[num++] = 0x0;	/* reserved */
1741 	arr[num++] = 0x0;	/* reserved */
1742 	arr[num++] = 0x0;
1743 	arr[num++] = 0x2;	/* relative port 2 (secondary) */
1744 	memset(arr + num, 0, 6);
1745 	num += 6;
1746 	arr[num++] = 0x0;
1747 	arr[num++] = 12;	/* length tp descriptor */
1748 	/* naa-5 target port identifier (B) */
1749 	arr[num++] = 0x61;	/* proto=sas, binary */
1750 	arr[num++] = 0x93;	/* PIV=1, target port, NAA */
1751 	arr[num++] = 0x0;	/* reserved */
1752 	arr[num++] = 0x8;	/* length */
1753 	put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1754 	num += 8;
1755 
1756 	return num;
1757 }
1758 
1759 
1760 static unsigned char vpd89_data[] = {
1761 /* from 4th byte */ 0,0,0,0,
1762 'l','i','n','u','x',' ',' ',' ',
1763 'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1764 '1','2','3','4',
1765 0x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
1766 0xec,0,0,0,
1767 0x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
1768 0,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
1769 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
1770 0x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
1771 0x53,0x41,
1772 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1773 0x20,0x20,
1774 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1775 0x10,0x80,
1776 0,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
1777 0x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
1778 0x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
1779 0,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
1780 0x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
1781 0x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
1782 0,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
1783 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1784 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1785 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1786 0x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
1787 0,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
1788 0xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
1789 0,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
1790 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1791 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1792 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1793 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1794 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1795 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1796 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1797 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1798 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1799 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1800 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1801 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1802 };
1803 
1804 /* ATA Information VPD page */
1805 static int inquiry_vpd_89(unsigned char *arr)
1806 {
1807 	memcpy(arr, vpd89_data, sizeof(vpd89_data));
1808 	return sizeof(vpd89_data);
1809 }
1810 
1811 
1812 static unsigned char vpdb0_data[] = {
1813 	/* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1814 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1815 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1816 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1817 };
1818 
1819 /* Block limits VPD page (SBC-3) */
1820 static int inquiry_vpd_b0(unsigned char *arr)
1821 {
1822 	unsigned int gran;
1823 
1824 	memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1825 
1826 	/* Optimal transfer length granularity */
1827 	if (sdebug_opt_xferlen_exp != 0 &&
1828 	    sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1829 		gran = 1 << sdebug_opt_xferlen_exp;
1830 	else
1831 		gran = 1 << sdebug_physblk_exp;
1832 	put_unaligned_be16(gran, arr + 2);
1833 
1834 	/* Maximum Transfer Length */
1835 	if (sdebug_store_sectors > 0x400)
1836 		put_unaligned_be32(sdebug_store_sectors, arr + 4);
1837 
1838 	/* Optimal Transfer Length */
1839 	put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1840 
1841 	if (sdebug_lbpu) {
1842 		/* Maximum Unmap LBA Count */
1843 		put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1844 
1845 		/* Maximum Unmap Block Descriptor Count */
1846 		put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1847 	}
1848 
1849 	/* Unmap Granularity Alignment */
1850 	if (sdebug_unmap_alignment) {
1851 		put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1852 		arr[28] |= 0x80; /* UGAVALID */
1853 	}
1854 
1855 	/* Optimal Unmap Granularity */
1856 	put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1857 
1858 	/* Maximum WRITE SAME Length */
1859 	put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1860 
1861 	if (sdebug_atomic_wr) {
1862 		put_unaligned_be32(sdebug_atomic_wr_max_length, &arr[40]);
1863 		put_unaligned_be32(sdebug_atomic_wr_align, &arr[44]);
1864 		put_unaligned_be32(sdebug_atomic_wr_gran, &arr[48]);
1865 		put_unaligned_be32(sdebug_atomic_wr_max_length_bndry, &arr[52]);
1866 		put_unaligned_be32(sdebug_atomic_wr_max_bndry, &arr[56]);
1867 	}
1868 
1869 	return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1870 }
1871 
1872 /* Block device characteristics VPD page (SBC-3) */
1873 static int inquiry_vpd_b1(struct sdebug_dev_info *devip, unsigned char *arr)
1874 {
1875 	memset(arr, 0, 0x3c);
1876 	arr[0] = 0;
1877 	arr[1] = 1;	/* non rotating medium (e.g. solid state) */
1878 	arr[2] = 0;
1879 	arr[3] = 5;	/* less than 1.8" */
1880 
1881 	return 0x3c;
1882 }
1883 
1884 /* Logical block provisioning VPD page (SBC-4) */
1885 static int inquiry_vpd_b2(unsigned char *arr)
1886 {
1887 	memset(arr, 0, 0x4);
1888 	arr[0] = 0;			/* threshold exponent */
1889 	if (sdebug_lbpu)
1890 		arr[1] = 1 << 7;
1891 	if (sdebug_lbpws)
1892 		arr[1] |= 1 << 6;
1893 	if (sdebug_lbpws10)
1894 		arr[1] |= 1 << 5;
1895 	if (sdebug_lbprz && scsi_debug_lbp())
1896 		arr[1] |= (sdebug_lbprz & 0x7) << 2;  /* sbc4r07 and later */
1897 	/* anc_sup=0; dp=0 (no provisioning group descriptor) */
1898 	/* minimum_percentage=0; provisioning_type=0 (unknown) */
1899 	/* threshold_percentage=0 */
1900 	return 0x4;
1901 }
1902 
1903 /* Zoned block device characteristics VPD page (ZBC mandatory) */
1904 static int inquiry_vpd_b6(struct sdebug_dev_info *devip, unsigned char *arr)
1905 {
1906 	memset(arr, 0, 0x3c);
1907 	arr[0] = 0x1; /* set URSWRZ (unrestricted read in seq. wr req zone) */
1908 	/*
1909 	 * Set Optimal number of open sequential write preferred zones and
1910 	 * Optimal number of non-sequentially written sequential write
1911 	 * preferred zones fields to 'not reported' (0xffffffff). Leave other
1912 	 * fields set to zero, apart from Max. number of open swrz_s field.
1913 	 */
1914 	put_unaligned_be32(0xffffffff, &arr[4]);
1915 	put_unaligned_be32(0xffffffff, &arr[8]);
1916 	if (sdeb_zbc_model == BLK_ZONED_HM && devip->max_open)
1917 		put_unaligned_be32(devip->max_open, &arr[12]);
1918 	else
1919 		put_unaligned_be32(0xffffffff, &arr[12]);
1920 	if (devip->zcap < devip->zsize) {
1921 		arr[19] = ZBC_CONSTANT_ZONE_START_OFFSET;
1922 		put_unaligned_be64(devip->zsize, &arr[20]);
1923 	} else {
1924 		arr[19] = 0;
1925 	}
1926 	return 0x3c;
1927 }
1928 
1929 #define SDEBUG_BLE_LEN_AFTER_B4 28	/* thus vpage 32 bytes long */
1930 
1931 enum { MAXIMUM_NUMBER_OF_STREAMS = 6, PERMANENT_STREAM_COUNT = 5 };
1932 
1933 /* Block limits extension VPD page (SBC-4) */
1934 static int inquiry_vpd_b7(unsigned char *arrb4)
1935 {
1936 	memset(arrb4, 0, SDEBUG_BLE_LEN_AFTER_B4);
1937 	arrb4[1] = 1; /* Reduced stream control support (RSCS) */
1938 	put_unaligned_be16(MAXIMUM_NUMBER_OF_STREAMS, &arrb4[2]);
1939 	return SDEBUG_BLE_LEN_AFTER_B4;
1940 }
1941 
1942 #define SDEBUG_LONG_INQ_SZ 96
1943 #define SDEBUG_MAX_INQ_ARR_SZ 584
1944 
1945 static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1946 {
1947 	unsigned char pq_pdt;
1948 	unsigned char *arr;
1949 	unsigned char *cmd = scp->cmnd;
1950 	u32 alloc_len, n;
1951 	int ret;
1952 	bool have_wlun, is_disk, is_zbc, is_disk_zbc;
1953 
1954 	alloc_len = get_unaligned_be16(cmd + 3);
1955 	arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1956 	if (! arr)
1957 		return DID_REQUEUE << 16;
1958 	is_disk = (sdebug_ptype == TYPE_DISK);
1959 	is_zbc = devip->zoned;
1960 	is_disk_zbc = (is_disk || is_zbc);
1961 	have_wlun = scsi_is_wlun(scp->device->lun);
1962 	if (have_wlun)
1963 		pq_pdt = TYPE_WLUN;	/* present, wlun */
1964 	else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1965 		pq_pdt = 0x7f;	/* not present, PQ=3, PDT=0x1f */
1966 	else
1967 		pq_pdt = (sdebug_ptype & 0x1f);
1968 	arr[0] = pq_pdt;
1969 	if (0x2 & cmd[1]) {  /* CMDDT bit set */
1970 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1971 		kfree(arr);
1972 		return check_condition_result;
1973 	} else if (0x1 & cmd[1]) {  /* EVPD bit set */
1974 		int lu_id_num, port_group_id, target_dev_id;
1975 		u32 len;
1976 		char lu_id_str[6];
1977 		int host_no = devip->sdbg_host->shost->host_no;
1978 
1979 		arr[1] = cmd[2];
1980 		port_group_id = (((host_no + 1) & 0x7f) << 8) +
1981 		    (devip->channel & 0x7f);
1982 		if (sdebug_vpd_use_hostno == 0)
1983 			host_no = 0;
1984 		lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1985 			    (devip->target * 1000) + devip->lun);
1986 		target_dev_id = ((host_no + 1) * 2000) +
1987 				 (devip->target * 1000) - 3;
1988 		len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1989 		if (0 == cmd[2]) { /* supported vital product data pages */
1990 			n = 4;
1991 			arr[n++] = 0x0;   /* this page */
1992 			arr[n++] = 0x80;  /* unit serial number */
1993 			arr[n++] = 0x83;  /* device identification */
1994 			arr[n++] = 0x84;  /* software interface ident. */
1995 			arr[n++] = 0x85;  /* management network addresses */
1996 			arr[n++] = 0x86;  /* extended inquiry */
1997 			arr[n++] = 0x87;  /* mode page policy */
1998 			arr[n++] = 0x88;  /* SCSI ports */
1999 			if (is_disk_zbc) {	  /* SBC or ZBC */
2000 				arr[n++] = 0x89;  /* ATA information */
2001 				arr[n++] = 0xb0;  /* Block limits */
2002 				arr[n++] = 0xb1;  /* Block characteristics */
2003 				if (is_disk)
2004 					arr[n++] = 0xb2;  /* LB Provisioning */
2005 				if (is_zbc)
2006 					arr[n++] = 0xb6;  /* ZB dev. char. */
2007 				arr[n++] = 0xb7;  /* Block limits extension */
2008 			}
2009 			arr[3] = n - 4;	  /* number of supported VPD pages */
2010 		} else if (0x80 == cmd[2]) { /* unit serial number */
2011 			arr[3] = len;
2012 			memcpy(&arr[4], lu_id_str, len);
2013 		} else if (0x83 == cmd[2]) { /* device identification */
2014 			arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
2015 						target_dev_id, lu_id_num,
2016 						lu_id_str, len,
2017 						&devip->lu_name);
2018 		} else if (0x84 == cmd[2]) { /* Software interface ident. */
2019 			arr[3] = inquiry_vpd_84(&arr[4]);
2020 		} else if (0x85 == cmd[2]) { /* Management network addresses */
2021 			arr[3] = inquiry_vpd_85(&arr[4]);
2022 		} else if (0x86 == cmd[2]) { /* extended inquiry */
2023 			arr[3] = 0x3c;	/* number of following entries */
2024 			if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
2025 				arr[4] = 0x4;	/* SPT: GRD_CHK:1 */
2026 			else if (have_dif_prot)
2027 				arr[4] = 0x5;   /* SPT: GRD_CHK:1, REF_CHK:1 */
2028 			else
2029 				arr[4] = 0x0;   /* no protection stuff */
2030 			/*
2031 			 * GROUP_SUP=1; HEADSUP=1 (HEAD OF QUEUE); ORDSUP=1
2032 			 * (ORDERED queuing); SIMPSUP=1 (SIMPLE queuing).
2033 			 */
2034 			arr[5] = 0x17;
2035 		} else if (0x87 == cmd[2]) { /* mode page policy */
2036 			arr[3] = 0x8;	/* number of following entries */
2037 			arr[4] = 0x2;	/* disconnect-reconnect mp */
2038 			arr[6] = 0x80;	/* mlus, shared */
2039 			arr[8] = 0x18;	 /* protocol specific lu */
2040 			arr[10] = 0x82;	 /* mlus, per initiator port */
2041 		} else if (0x88 == cmd[2]) { /* SCSI Ports */
2042 			arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
2043 		} else if (is_disk_zbc && 0x89 == cmd[2]) { /* ATA info */
2044 			n = inquiry_vpd_89(&arr[4]);
2045 			put_unaligned_be16(n, arr + 2);
2046 		} else if (is_disk_zbc && 0xb0 == cmd[2]) { /* Block limits */
2047 			arr[3] = inquiry_vpd_b0(&arr[4]);
2048 		} else if (is_disk_zbc && 0xb1 == cmd[2]) { /* Block char. */
2049 			arr[3] = inquiry_vpd_b1(devip, &arr[4]);
2050 		} else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
2051 			arr[3] = inquiry_vpd_b2(&arr[4]);
2052 		} else if (is_zbc && cmd[2] == 0xb6) { /* ZB dev. charact. */
2053 			arr[3] = inquiry_vpd_b6(devip, &arr[4]);
2054 		} else if (cmd[2] == 0xb7) { /* block limits extension page */
2055 			arr[3] = inquiry_vpd_b7(&arr[4]);
2056 		} else {
2057 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
2058 			kfree(arr);
2059 			return check_condition_result;
2060 		}
2061 		len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
2062 		ret = fill_from_dev_buffer(scp, arr,
2063 			    min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
2064 		kfree(arr);
2065 		return ret;
2066 	}
2067 	/* drops through here for a standard inquiry */
2068 	arr[1] = sdebug_removable ? 0x80 : 0;	/* Removable disk */
2069 	arr[2] = sdebug_scsi_level;
2070 	arr[3] = 2;    /* response_data_format==2 */
2071 	arr[4] = SDEBUG_LONG_INQ_SZ - 5;
2072 	arr[5] = (int)have_dif_prot;	/* PROTECT bit */
2073 	if (sdebug_vpd_use_hostno == 0)
2074 		arr[5] |= 0x10; /* claim: implicit TPGS */
2075 	arr[6] = 0x10; /* claim: MultiP */
2076 	/* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
2077 	arr[7] = 0xa; /* claim: LINKED + CMDQUE */
2078 	memcpy(&arr[8], sdebug_inq_vendor_id, 8);
2079 	memcpy(&arr[16], sdebug_inq_product_id, 16);
2080 	memcpy(&arr[32], sdebug_inq_product_rev, 4);
2081 	/* Use Vendor Specific area to place driver date in ASCII hex */
2082 	memcpy(&arr[36], sdebug_version_date, 8);
2083 	/* version descriptors (2 bytes each) follow */
2084 	put_unaligned_be16(0xc0, arr + 58);   /* SAM-6 no version claimed */
2085 	put_unaligned_be16(0x5c0, arr + 60);  /* SPC-5 no version claimed */
2086 	n = 62;
2087 	if (is_disk) {		/* SBC-4 no version claimed */
2088 		put_unaligned_be16(0x600, arr + n);
2089 		n += 2;
2090 	} else if (sdebug_ptype == TYPE_TAPE) {	/* SSC-4 rev 3 */
2091 		put_unaligned_be16(0x525, arr + n);
2092 		n += 2;
2093 	} else if (is_zbc) {	/* ZBC BSR INCITS 536 revision 05 */
2094 		put_unaligned_be16(0x624, arr + n);
2095 		n += 2;
2096 	}
2097 	put_unaligned_be16(0x2100, arr + n);	/* SPL-4 no version claimed */
2098 	ret = fill_from_dev_buffer(scp, arr,
2099 			    min_t(u32, alloc_len, SDEBUG_LONG_INQ_SZ));
2100 	kfree(arr);
2101 	return ret;
2102 }
2103 
2104 /* See resp_iec_m_pg() for how this data is manipulated */
2105 static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2106 				   0, 0, 0x0, 0x0};
2107 
2108 static int resp_requests(struct scsi_cmnd *scp,
2109 			 struct sdebug_dev_info *devip)
2110 {
2111 	unsigned char *cmd = scp->cmnd;
2112 	unsigned char arr[SCSI_SENSE_BUFFERSIZE];	/* assume >= 18 bytes */
2113 	bool dsense = !!(cmd[1] & 1);
2114 	u32 alloc_len = cmd[4];
2115 	u32 len = 18;
2116 	int stopped_state = atomic_read(&devip->stopped);
2117 
2118 	memset(arr, 0, sizeof(arr));
2119 	if (stopped_state > 0) {	/* some "pollable" data [spc6r02: 5.12.2] */
2120 		if (dsense) {
2121 			arr[0] = 0x72;
2122 			arr[1] = NOT_READY;
2123 			arr[2] = LOGICAL_UNIT_NOT_READY;
2124 			arr[3] = (stopped_state == 2) ? 0x1 : 0x2;
2125 			len = 8;
2126 		} else {
2127 			arr[0] = 0x70;
2128 			arr[2] = NOT_READY;		/* NO_SENSE in sense_key */
2129 			arr[7] = 0xa;			/* 18 byte sense buffer */
2130 			arr[12] = LOGICAL_UNIT_NOT_READY;
2131 			arr[13] = (stopped_state == 2) ? 0x1 : 0x2;
2132 		}
2133 	} else if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
2134 		/* Information exceptions control mode page: TEST=1, MRIE=6 */
2135 		if (dsense) {
2136 			arr[0] = 0x72;
2137 			arr[1] = 0x0;		/* NO_SENSE in sense_key */
2138 			arr[2] = THRESHOLD_EXCEEDED;
2139 			arr[3] = 0xff;		/* Failure prediction(false) */
2140 			len = 8;
2141 		} else {
2142 			arr[0] = 0x70;
2143 			arr[2] = 0x0;		/* NO_SENSE in sense_key */
2144 			arr[7] = 0xa;   	/* 18 byte sense buffer */
2145 			arr[12] = THRESHOLD_EXCEEDED;
2146 			arr[13] = 0xff;		/* Failure prediction(false) */
2147 		}
2148 	} else {	/* nothing to report */
2149 		if (dsense) {
2150 			len = 8;
2151 			memset(arr, 0, len);
2152 			arr[0] = 0x72;
2153 		} else {
2154 			memset(arr, 0, len);
2155 			arr[0] = 0x70;
2156 			arr[7] = 0xa;
2157 		}
2158 	}
2159 	return fill_from_dev_buffer(scp, arr, min_t(u32, len, alloc_len));
2160 }
2161 
2162 static int resp_start_stop(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2163 {
2164 	unsigned char *cmd = scp->cmnd;
2165 	int power_cond, want_stop, stopped_state;
2166 	bool changing;
2167 
2168 	power_cond = (cmd[4] & 0xf0) >> 4;
2169 	if (power_cond) {
2170 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
2171 		return check_condition_result;
2172 	}
2173 	want_stop = !(cmd[4] & 1);
2174 	stopped_state = atomic_read(&devip->stopped);
2175 	if (stopped_state == 2) {
2176 		ktime_t now_ts = ktime_get_boottime();
2177 
2178 		if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
2179 			u64 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
2180 
2181 			if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
2182 				/* tur_ms_to_ready timer extinguished */
2183 				atomic_set(&devip->stopped, 0);
2184 				stopped_state = 0;
2185 			}
2186 		}
2187 		if (stopped_state == 2) {
2188 			if (want_stop) {
2189 				stopped_state = 1;	/* dummy up success */
2190 			} else {	/* Disallow tur_ms_to_ready delay to be overridden */
2191 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 0 /* START bit */);
2192 				return check_condition_result;
2193 			}
2194 		}
2195 	}
2196 	changing = (stopped_state != want_stop);
2197 	if (changing)
2198 		atomic_xchg(&devip->stopped, want_stop);
2199 	if (!changing || (cmd[1] & 0x1))  /* state unchanged or IMMED bit set in cdb */
2200 		return SDEG_RES_IMMED_MASK;
2201 	else
2202 		return 0;
2203 }
2204 
2205 static sector_t get_sdebug_capacity(void)
2206 {
2207 	static const unsigned int gibibyte = 1073741824;
2208 
2209 	if (sdebug_virtual_gb > 0)
2210 		return (sector_t)sdebug_virtual_gb *
2211 			(gibibyte / sdebug_sector_size);
2212 	else
2213 		return sdebug_store_sectors;
2214 }
2215 
2216 #define SDEBUG_READCAP_ARR_SZ 8
2217 static int resp_readcap(struct scsi_cmnd *scp,
2218 			struct sdebug_dev_info *devip)
2219 {
2220 	unsigned char arr[SDEBUG_READCAP_ARR_SZ];
2221 	unsigned int capac;
2222 
2223 	/* following just in case virtual_gb changed */
2224 	sdebug_capacity = get_sdebug_capacity();
2225 	memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
2226 	if (sdebug_capacity < 0xffffffff) {
2227 		capac = (unsigned int)sdebug_capacity - 1;
2228 		put_unaligned_be32(capac, arr + 0);
2229 	} else
2230 		put_unaligned_be32(0xffffffff, arr + 0);
2231 	put_unaligned_be16(sdebug_sector_size, arr + 6);
2232 	return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
2233 }
2234 
2235 #define SDEBUG_READCAP16_ARR_SZ 32
2236 static int resp_readcap16(struct scsi_cmnd *scp,
2237 			  struct sdebug_dev_info *devip)
2238 {
2239 	unsigned char *cmd = scp->cmnd;
2240 	unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
2241 	u32 alloc_len;
2242 
2243 	alloc_len = get_unaligned_be32(cmd + 10);
2244 	/* following just in case virtual_gb changed */
2245 	sdebug_capacity = get_sdebug_capacity();
2246 	memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
2247 	put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
2248 	put_unaligned_be32(sdebug_sector_size, arr + 8);
2249 	arr[13] = sdebug_physblk_exp & 0xf;
2250 	arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
2251 
2252 	if (scsi_debug_lbp()) {
2253 		arr[14] |= 0x80; /* LBPME */
2254 		/* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
2255 		 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
2256 		 * in the wider field maps to 0 in this field.
2257 		 */
2258 		if (sdebug_lbprz & 1)	/* precisely what the draft requires */
2259 			arr[14] |= 0x40;
2260 	}
2261 
2262 	/*
2263 	 * Since the scsi_debug READ CAPACITY implementation always reports the
2264 	 * total disk capacity, set RC BASIS = 1 for host-managed ZBC devices.
2265 	 */
2266 	if (devip->zoned)
2267 		arr[12] |= 1 << 4;
2268 
2269 	arr[15] = sdebug_lowest_aligned & 0xff;
2270 
2271 	if (have_dif_prot) {
2272 		arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
2273 		arr[12] |= 1; /* PROT_EN */
2274 	}
2275 
2276 	return fill_from_dev_buffer(scp, arr,
2277 			    min_t(u32, alloc_len, SDEBUG_READCAP16_ARR_SZ));
2278 }
2279 
2280 #define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
2281 
2282 static int resp_report_tgtpgs(struct scsi_cmnd *scp,
2283 			      struct sdebug_dev_info *devip)
2284 {
2285 	unsigned char *cmd = scp->cmnd;
2286 	unsigned char *arr;
2287 	int host_no = devip->sdbg_host->shost->host_no;
2288 	int port_group_a, port_group_b, port_a, port_b;
2289 	u32 alen, n, rlen;
2290 	int ret;
2291 
2292 	alen = get_unaligned_be32(cmd + 6);
2293 	arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
2294 	if (! arr)
2295 		return DID_REQUEUE << 16;
2296 	/*
2297 	 * EVPD page 0x88 states we have two ports, one
2298 	 * real and a fake port with no device connected.
2299 	 * So we create two port groups with one port each
2300 	 * and set the group with port B to unavailable.
2301 	 */
2302 	port_a = 0x1; /* relative port A */
2303 	port_b = 0x2; /* relative port B */
2304 	port_group_a = (((host_no + 1) & 0x7f) << 8) +
2305 			(devip->channel & 0x7f);
2306 	port_group_b = (((host_no + 1) & 0x7f) << 8) +
2307 			(devip->channel & 0x7f) + 0x80;
2308 
2309 	/*
2310 	 * The asymmetric access state is cycled according to the host_id.
2311 	 */
2312 	n = 4;
2313 	if (sdebug_vpd_use_hostno == 0) {
2314 		arr[n++] = host_no % 3; /* Asymm access state */
2315 		arr[n++] = 0x0F; /* claim: all states are supported */
2316 	} else {
2317 		arr[n++] = 0x0; /* Active/Optimized path */
2318 		arr[n++] = 0x01; /* only support active/optimized paths */
2319 	}
2320 	put_unaligned_be16(port_group_a, arr + n);
2321 	n += 2;
2322 	arr[n++] = 0;    /* Reserved */
2323 	arr[n++] = 0;    /* Status code */
2324 	arr[n++] = 0;    /* Vendor unique */
2325 	arr[n++] = 0x1;  /* One port per group */
2326 	arr[n++] = 0;    /* Reserved */
2327 	arr[n++] = 0;    /* Reserved */
2328 	put_unaligned_be16(port_a, arr + n);
2329 	n += 2;
2330 	arr[n++] = 3;    /* Port unavailable */
2331 	arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
2332 	put_unaligned_be16(port_group_b, arr + n);
2333 	n += 2;
2334 	arr[n++] = 0;    /* Reserved */
2335 	arr[n++] = 0;    /* Status code */
2336 	arr[n++] = 0;    /* Vendor unique */
2337 	arr[n++] = 0x1;  /* One port per group */
2338 	arr[n++] = 0;    /* Reserved */
2339 	arr[n++] = 0;    /* Reserved */
2340 	put_unaligned_be16(port_b, arr + n);
2341 	n += 2;
2342 
2343 	rlen = n - 4;
2344 	put_unaligned_be32(rlen, arr + 0);
2345 
2346 	/*
2347 	 * Return the smallest value of either
2348 	 * - The allocated length
2349 	 * - The constructed command length
2350 	 * - The maximum array size
2351 	 */
2352 	rlen = min(alen, n);
2353 	ret = fill_from_dev_buffer(scp, arr,
2354 			   min_t(u32, rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
2355 	kfree(arr);
2356 	return ret;
2357 }
2358 
2359 static int resp_rsup_opcodes(struct scsi_cmnd *scp,
2360 			     struct sdebug_dev_info *devip)
2361 {
2362 	bool rctd;
2363 	u8 reporting_opts, req_opcode, sdeb_i, supp;
2364 	u16 req_sa, u;
2365 	u32 alloc_len, a_len;
2366 	int k, offset, len, errsts, count, bump, na;
2367 	const struct opcode_info_t *oip;
2368 	const struct opcode_info_t *r_oip;
2369 	u8 *arr;
2370 	u8 *cmd = scp->cmnd;
2371 
2372 	rctd = !!(cmd[2] & 0x80);
2373 	reporting_opts = cmd[2] & 0x7;
2374 	req_opcode = cmd[3];
2375 	req_sa = get_unaligned_be16(cmd + 4);
2376 	alloc_len = get_unaligned_be32(cmd + 6);
2377 	if (alloc_len < 4 || alloc_len > 0xffff) {
2378 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2379 		return check_condition_result;
2380 	}
2381 	if (alloc_len > 8192)
2382 		a_len = 8192;
2383 	else
2384 		a_len = alloc_len;
2385 	arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
2386 	if (NULL == arr) {
2387 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
2388 				INSUFF_RES_ASCQ);
2389 		return check_condition_result;
2390 	}
2391 	switch (reporting_opts) {
2392 	case 0:	/* all commands */
2393 		/* count number of commands */
2394 		for (count = 0, oip = opcode_info_arr;
2395 		     oip->num_attached != 0xff; ++oip) {
2396 			if (F_INV_OP & oip->flags)
2397 				continue;
2398 			count += (oip->num_attached + 1);
2399 		}
2400 		bump = rctd ? 20 : 8;
2401 		put_unaligned_be32(count * bump, arr);
2402 		for (offset = 4, oip = opcode_info_arr;
2403 		     oip->num_attached != 0xff && offset < a_len; ++oip) {
2404 			if (F_INV_OP & oip->flags)
2405 				continue;
2406 			na = oip->num_attached;
2407 			arr[offset] = oip->opcode;
2408 			put_unaligned_be16(oip->sa, arr + offset + 2);
2409 			if (rctd)
2410 				arr[offset + 5] |= 0x2;
2411 			if (FF_SA & oip->flags)
2412 				arr[offset + 5] |= 0x1;
2413 			put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
2414 			if (rctd)
2415 				put_unaligned_be16(0xa, arr + offset + 8);
2416 			r_oip = oip;
2417 			for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
2418 				if (F_INV_OP & oip->flags)
2419 					continue;
2420 				offset += bump;
2421 				arr[offset] = oip->opcode;
2422 				put_unaligned_be16(oip->sa, arr + offset + 2);
2423 				if (rctd)
2424 					arr[offset + 5] |= 0x2;
2425 				if (FF_SA & oip->flags)
2426 					arr[offset + 5] |= 0x1;
2427 				put_unaligned_be16(oip->len_mask[0],
2428 						   arr + offset + 6);
2429 				if (rctd)
2430 					put_unaligned_be16(0xa,
2431 							   arr + offset + 8);
2432 			}
2433 			oip = r_oip;
2434 			offset += bump;
2435 		}
2436 		break;
2437 	case 1:	/* one command: opcode only */
2438 	case 2:	/* one command: opcode plus service action */
2439 	case 3:	/* one command: if sa==0 then opcode only else opcode+sa */
2440 		sdeb_i = opcode_ind_arr[req_opcode];
2441 		oip = &opcode_info_arr[sdeb_i];
2442 		if (F_INV_OP & oip->flags) {
2443 			supp = 1;
2444 			offset = 4;
2445 		} else {
2446 			if (1 == reporting_opts) {
2447 				if (FF_SA & oip->flags) {
2448 					mk_sense_invalid_fld(scp, SDEB_IN_CDB,
2449 							     2, 2);
2450 					kfree(arr);
2451 					return check_condition_result;
2452 				}
2453 				req_sa = 0;
2454 			} else if (2 == reporting_opts &&
2455 				   0 == (FF_SA & oip->flags)) {
2456 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
2457 				kfree(arr);	/* point at requested sa */
2458 				return check_condition_result;
2459 			}
2460 			if (0 == (FF_SA & oip->flags) &&
2461 			    req_opcode == oip->opcode)
2462 				supp = 3;
2463 			else if (0 == (FF_SA & oip->flags)) {
2464 				na = oip->num_attached;
2465 				for (k = 0, oip = oip->arrp; k < na;
2466 				     ++k, ++oip) {
2467 					if (req_opcode == oip->opcode)
2468 						break;
2469 				}
2470 				supp = (k >= na) ? 1 : 3;
2471 			} else if (req_sa != oip->sa) {
2472 				na = oip->num_attached;
2473 				for (k = 0, oip = oip->arrp; k < na;
2474 				     ++k, ++oip) {
2475 					if (req_sa == oip->sa)
2476 						break;
2477 				}
2478 				supp = (k >= na) ? 1 : 3;
2479 			} else
2480 				supp = 3;
2481 			if (3 == supp) {
2482 				u = oip->len_mask[0];
2483 				put_unaligned_be16(u, arr + 2);
2484 				arr[4] = oip->opcode;
2485 				for (k = 1; k < u; ++k)
2486 					arr[4 + k] = (k < 16) ?
2487 						 oip->len_mask[k] : 0xff;
2488 				offset = 4 + u;
2489 			} else
2490 				offset = 4;
2491 		}
2492 		arr[1] = (rctd ? 0x80 : 0) | supp;
2493 		if (rctd) {
2494 			put_unaligned_be16(0xa, arr + offset);
2495 			offset += 12;
2496 		}
2497 		break;
2498 	default:
2499 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
2500 		kfree(arr);
2501 		return check_condition_result;
2502 	}
2503 	offset = (offset < a_len) ? offset : a_len;
2504 	len = (offset < alloc_len) ? offset : alloc_len;
2505 	errsts = fill_from_dev_buffer(scp, arr, len);
2506 	kfree(arr);
2507 	return errsts;
2508 }
2509 
2510 static int resp_rsup_tmfs(struct scsi_cmnd *scp,
2511 			  struct sdebug_dev_info *devip)
2512 {
2513 	bool repd;
2514 	u32 alloc_len, len;
2515 	u8 arr[16];
2516 	u8 *cmd = scp->cmnd;
2517 
2518 	memset(arr, 0, sizeof(arr));
2519 	repd = !!(cmd[2] & 0x80);
2520 	alloc_len = get_unaligned_be32(cmd + 6);
2521 	if (alloc_len < 4) {
2522 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2523 		return check_condition_result;
2524 	}
2525 	arr[0] = 0xc8;		/* ATS | ATSS | LURS */
2526 	arr[1] = 0x1;		/* ITNRS */
2527 	if (repd) {
2528 		arr[3] = 0xc;
2529 		len = 16;
2530 	} else
2531 		len = 4;
2532 
2533 	len = (len < alloc_len) ? len : alloc_len;
2534 	return fill_from_dev_buffer(scp, arr, len);
2535 }
2536 
2537 /* <<Following mode page info copied from ST318451LW>> */
2538 
2539 static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
2540 {	/* Read-Write Error Recovery page for mode_sense */
2541 	unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
2542 					5, 0, 0xff, 0xff};
2543 
2544 	memcpy(p, err_recov_pg, sizeof(err_recov_pg));
2545 	if (1 == pcontrol)
2546 		memset(p + 2, 0, sizeof(err_recov_pg) - 2);
2547 	return sizeof(err_recov_pg);
2548 }
2549 
2550 static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
2551 { 	/* Disconnect-Reconnect page for mode_sense */
2552 	unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
2553 					 0, 0, 0, 0, 0, 0, 0, 0};
2554 
2555 	memcpy(p, disconnect_pg, sizeof(disconnect_pg));
2556 	if (1 == pcontrol)
2557 		memset(p + 2, 0, sizeof(disconnect_pg) - 2);
2558 	return sizeof(disconnect_pg);
2559 }
2560 
2561 static int resp_format_pg(unsigned char *p, int pcontrol, int target)
2562 {       /* Format device page for mode_sense */
2563 	unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
2564 				     0, 0, 0, 0, 0, 0, 0, 0,
2565 				     0, 0, 0, 0, 0x40, 0, 0, 0};
2566 
2567 	memcpy(p, format_pg, sizeof(format_pg));
2568 	put_unaligned_be16(sdebug_sectors_per, p + 10);
2569 	put_unaligned_be16(sdebug_sector_size, p + 12);
2570 	if (sdebug_removable)
2571 		p[20] |= 0x20; /* should agree with INQUIRY */
2572 	if (1 == pcontrol)
2573 		memset(p + 2, 0, sizeof(format_pg) - 2);
2574 	return sizeof(format_pg);
2575 }
2576 
2577 static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2578 				     0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
2579 				     0, 0, 0, 0};
2580 
2581 static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
2582 { 	/* Caching page for mode_sense */
2583 	unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
2584 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2585 	unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2586 		0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,     0, 0, 0, 0};
2587 
2588 	if (SDEBUG_OPT_N_WCE & sdebug_opts)
2589 		caching_pg[2] &= ~0x4;	/* set WCE=0 (default WCE=1) */
2590 	memcpy(p, caching_pg, sizeof(caching_pg));
2591 	if (1 == pcontrol)
2592 		memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2593 	else if (2 == pcontrol)
2594 		memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2595 	return sizeof(caching_pg);
2596 }
2597 
2598 static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2599 				    0, 0, 0x2, 0x4b};
2600 
2601 static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2602 { 	/* Control mode page for mode_sense */
2603 	unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2604 					0, 0, 0, 0};
2605 	unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2606 				     0, 0, 0x2, 0x4b};
2607 
2608 	if (sdebug_dsense)
2609 		ctrl_m_pg[2] |= 0x4;
2610 	else
2611 		ctrl_m_pg[2] &= ~0x4;
2612 
2613 	if (sdebug_ato)
2614 		ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2615 
2616 	memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2617 	if (1 == pcontrol)
2618 		memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2619 	else if (2 == pcontrol)
2620 		memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2621 	return sizeof(ctrl_m_pg);
2622 }
2623 
2624 /* IO Advice Hints Grouping mode page */
2625 static int resp_grouping_m_pg(unsigned char *p, int pcontrol, int target)
2626 {
2627 	/* IO Advice Hints Grouping mode page */
2628 	struct grouping_m_pg {
2629 		u8 page_code;	/* OR 0x40 when subpage_code > 0 */
2630 		u8 subpage_code;
2631 		__be16 page_length;
2632 		u8 reserved[12];
2633 		struct scsi_io_group_descriptor descr[MAXIMUM_NUMBER_OF_STREAMS];
2634 	};
2635 	static const struct grouping_m_pg gr_m_pg = {
2636 		.page_code = 0xa | 0x40,
2637 		.subpage_code = 5,
2638 		.page_length = cpu_to_be16(sizeof(gr_m_pg) - 4),
2639 		.descr = {
2640 			{ .st_enble = 1 },
2641 			{ .st_enble = 1 },
2642 			{ .st_enble = 1 },
2643 			{ .st_enble = 1 },
2644 			{ .st_enble = 1 },
2645 			{ .st_enble = 0 },
2646 		}
2647 	};
2648 
2649 	BUILD_BUG_ON(sizeof(struct grouping_m_pg) !=
2650 		     16 + MAXIMUM_NUMBER_OF_STREAMS * 16);
2651 	memcpy(p, &gr_m_pg, sizeof(gr_m_pg));
2652 	if (1 == pcontrol) {
2653 		/* There are no changeable values so clear from byte 4 on. */
2654 		memset(p + 4, 0, sizeof(gr_m_pg) - 4);
2655 	}
2656 	return sizeof(gr_m_pg);
2657 }
2658 
2659 static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2660 {	/* Informational Exceptions control mode page for mode_sense */
2661 	unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2662 				       0, 0, 0x0, 0x0};
2663 	unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2664 				      0, 0, 0x0, 0x0};
2665 
2666 	memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2667 	if (1 == pcontrol)
2668 		memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2669 	else if (2 == pcontrol)
2670 		memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2671 	return sizeof(iec_m_pg);
2672 }
2673 
2674 static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2675 {	/* SAS SSP mode page - short format for mode_sense */
2676 	unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2677 		0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2678 
2679 	memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2680 	if (1 == pcontrol)
2681 		memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2682 	return sizeof(sas_sf_m_pg);
2683 }
2684 
2685 
2686 static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2687 			      int target_dev_id)
2688 {	/* SAS phy control and discover mode page for mode_sense */
2689 	unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2690 		    0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2691 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2692 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2693 		    0x2, 0, 0, 0, 0, 0, 0, 0,
2694 		    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2695 		    0, 0, 0, 0, 0, 0, 0, 0,
2696 		    0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2697 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2698 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2699 		    0x3, 0, 0, 0, 0, 0, 0, 0,
2700 		    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2701 		    0, 0, 0, 0, 0, 0, 0, 0,
2702 		};
2703 	int port_a, port_b;
2704 
2705 	put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2706 	put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2707 	put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2708 	put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2709 	port_a = target_dev_id + 1;
2710 	port_b = port_a + 1;
2711 	memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2712 	put_unaligned_be32(port_a, p + 20);
2713 	put_unaligned_be32(port_b, p + 48 + 20);
2714 	if (1 == pcontrol)
2715 		memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2716 	return sizeof(sas_pcd_m_pg);
2717 }
2718 
2719 static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2720 {	/* SAS SSP shared protocol specific port mode subpage */
2721 	unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2722 		    0, 0, 0, 0, 0, 0, 0, 0,
2723 		};
2724 
2725 	memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2726 	if (1 == pcontrol)
2727 		memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2728 	return sizeof(sas_sha_m_pg);
2729 }
2730 
2731 /* PAGE_SIZE is more than necessary but provides room for future expansion. */
2732 #define SDEBUG_MAX_MSENSE_SZ PAGE_SIZE
2733 
2734 static int resp_mode_sense(struct scsi_cmnd *scp,
2735 			   struct sdebug_dev_info *devip)
2736 {
2737 	int pcontrol, pcode, subpcode, bd_len;
2738 	unsigned char dev_spec;
2739 	u32 alloc_len, offset, len;
2740 	int target_dev_id;
2741 	int target = scp->device->id;
2742 	unsigned char *ap;
2743 	unsigned char *arr __free(kfree);
2744 	unsigned char *cmd = scp->cmnd;
2745 	bool dbd, llbaa, msense_6, is_disk, is_zbc;
2746 
2747 	arr = kzalloc(SDEBUG_MAX_MSENSE_SZ, GFP_ATOMIC);
2748 	if (!arr)
2749 		return -ENOMEM;
2750 	dbd = !!(cmd[1] & 0x8);		/* disable block descriptors */
2751 	pcontrol = (cmd[2] & 0xc0) >> 6;
2752 	pcode = cmd[2] & 0x3f;
2753 	subpcode = cmd[3];
2754 	msense_6 = (MODE_SENSE == cmd[0]);
2755 	llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2756 	is_disk = (sdebug_ptype == TYPE_DISK);
2757 	is_zbc = devip->zoned;
2758 	if ((is_disk || is_zbc) && !dbd)
2759 		bd_len = llbaa ? 16 : 8;
2760 	else
2761 		bd_len = 0;
2762 	alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2763 	if (0x3 == pcontrol) {  /* Saving values not supported */
2764 		mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2765 		return check_condition_result;
2766 	}
2767 	target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2768 			(devip->target * 1000) - 3;
2769 	/* for disks+zbc set DPOFUA bit and clear write protect (WP) bit */
2770 	if (is_disk || is_zbc) {
2771 		dev_spec = 0x10;	/* =0x90 if WP=1 implies read-only */
2772 		if (sdebug_wp)
2773 			dev_spec |= 0x80;
2774 	} else
2775 		dev_spec = 0x0;
2776 	if (msense_6) {
2777 		arr[2] = dev_spec;
2778 		arr[3] = bd_len;
2779 		offset = 4;
2780 	} else {
2781 		arr[3] = dev_spec;
2782 		if (16 == bd_len)
2783 			arr[4] = 0x1;	/* set LONGLBA bit */
2784 		arr[7] = bd_len;	/* assume 255 or less */
2785 		offset = 8;
2786 	}
2787 	ap = arr + offset;
2788 	if ((bd_len > 0) && (!sdebug_capacity))
2789 		sdebug_capacity = get_sdebug_capacity();
2790 
2791 	if (8 == bd_len) {
2792 		if (sdebug_capacity > 0xfffffffe)
2793 			put_unaligned_be32(0xffffffff, ap + 0);
2794 		else
2795 			put_unaligned_be32(sdebug_capacity, ap + 0);
2796 		put_unaligned_be16(sdebug_sector_size, ap + 6);
2797 		offset += bd_len;
2798 		ap = arr + offset;
2799 	} else if (16 == bd_len) {
2800 		put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2801 		put_unaligned_be32(sdebug_sector_size, ap + 12);
2802 		offset += bd_len;
2803 		ap = arr + offset;
2804 	}
2805 
2806 	/*
2807 	 * N.B. If len>0 before resp_*_pg() call, then form of that call should be:
2808 	 *        len += resp_*_pg(ap + len, pcontrol, target);
2809 	 */
2810 	switch (pcode) {
2811 	case 0x1:	/* Read-Write error recovery page, direct access */
2812 		if (subpcode > 0x0 && subpcode < 0xff)
2813 			goto bad_subpcode;
2814 		len = resp_err_recov_pg(ap, pcontrol, target);
2815 		offset += len;
2816 		break;
2817 	case 0x2:	/* Disconnect-Reconnect page, all devices */
2818 		if (subpcode > 0x0 && subpcode < 0xff)
2819 			goto bad_subpcode;
2820 		len = resp_disconnect_pg(ap, pcontrol, target);
2821 		offset += len;
2822 		break;
2823 	case 0x3:       /* Format device page, direct access */
2824 		if (subpcode > 0x0 && subpcode < 0xff)
2825 			goto bad_subpcode;
2826 		if (is_disk) {
2827 			len = resp_format_pg(ap, pcontrol, target);
2828 			offset += len;
2829 		} else {
2830 			goto bad_pcode;
2831 		}
2832 		break;
2833 	case 0x8:	/* Caching page, direct access */
2834 		if (subpcode > 0x0 && subpcode < 0xff)
2835 			goto bad_subpcode;
2836 		if (is_disk || is_zbc) {
2837 			len = resp_caching_pg(ap, pcontrol, target);
2838 			offset += len;
2839 		} else {
2840 			goto bad_pcode;
2841 		}
2842 		break;
2843 	case 0xa:	/* Control Mode page, all devices */
2844 		switch (subpcode) {
2845 		case 0:
2846 			len = resp_ctrl_m_pg(ap, pcontrol, target);
2847 			break;
2848 		case 0x05:
2849 			len = resp_grouping_m_pg(ap, pcontrol, target);
2850 			break;
2851 		case 0xff:
2852 			len = resp_ctrl_m_pg(ap, pcontrol, target);
2853 			len += resp_grouping_m_pg(ap + len, pcontrol, target);
2854 			break;
2855 		default:
2856 			goto bad_subpcode;
2857 		}
2858 		offset += len;
2859 		break;
2860 	case 0x19:	/* if spc==1 then sas phy, control+discover */
2861 		if (subpcode > 0x2 && subpcode < 0xff)
2862 			goto bad_subpcode;
2863 		len = 0;
2864 		if ((0x0 == subpcode) || (0xff == subpcode))
2865 			len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2866 		if ((0x1 == subpcode) || (0xff == subpcode))
2867 			len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2868 						  target_dev_id);
2869 		if ((0x2 == subpcode) || (0xff == subpcode))
2870 			len += resp_sas_sha_m_spg(ap + len, pcontrol);
2871 		offset += len;
2872 		break;
2873 	case 0x1c:	/* Informational Exceptions Mode page, all devices */
2874 		if (subpcode > 0x0 && subpcode < 0xff)
2875 			goto bad_subpcode;
2876 		len = resp_iec_m_pg(ap, pcontrol, target);
2877 		offset += len;
2878 		break;
2879 	case 0x3f:	/* Read all Mode pages */
2880 		if (subpcode > 0x0 && subpcode < 0xff)
2881 			goto bad_subpcode;
2882 		len = resp_err_recov_pg(ap, pcontrol, target);
2883 		len += resp_disconnect_pg(ap + len, pcontrol, target);
2884 		if (is_disk) {
2885 			len += resp_format_pg(ap + len, pcontrol, target);
2886 			len += resp_caching_pg(ap + len, pcontrol, target);
2887 		} else if (is_zbc) {
2888 			len += resp_caching_pg(ap + len, pcontrol, target);
2889 		}
2890 		len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2891 		if (0xff == subpcode)
2892 			len += resp_grouping_m_pg(ap + len, pcontrol, target);
2893 		len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2894 		if (0xff == subpcode) {
2895 			len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2896 						  target_dev_id);
2897 			len += resp_sas_sha_m_spg(ap + len, pcontrol);
2898 		}
2899 		len += resp_iec_m_pg(ap + len, pcontrol, target);
2900 		offset += len;
2901 		break;
2902 	default:
2903 		goto bad_pcode;
2904 	}
2905 	if (msense_6)
2906 		arr[0] = offset - 1;
2907 	else
2908 		put_unaligned_be16((offset - 2), arr + 0);
2909 	return fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, offset));
2910 
2911 bad_pcode:
2912 	mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2913 	return check_condition_result;
2914 
2915 bad_subpcode:
2916 	mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2917 	return check_condition_result;
2918 }
2919 
2920 #define SDEBUG_MAX_MSELECT_SZ 512
2921 
2922 static int resp_mode_select(struct scsi_cmnd *scp,
2923 			    struct sdebug_dev_info *devip)
2924 {
2925 	int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2926 	int param_len, res, mpage;
2927 	unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2928 	unsigned char *cmd = scp->cmnd;
2929 	int mselect6 = (MODE_SELECT == cmd[0]);
2930 
2931 	memset(arr, 0, sizeof(arr));
2932 	pf = cmd[1] & 0x10;
2933 	sp = cmd[1] & 0x1;
2934 	param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2935 	if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2936 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2937 		return check_condition_result;
2938 	}
2939 	res = fetch_to_dev_buffer(scp, arr, param_len);
2940 	if (-1 == res)
2941 		return DID_ERROR << 16;
2942 	else if (sdebug_verbose && (res < param_len))
2943 		sdev_printk(KERN_INFO, scp->device,
2944 			    "%s: cdb indicated=%d, IO sent=%d bytes\n",
2945 			    __func__, param_len, res);
2946 	md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2947 	bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2948 	off = bd_len + (mselect6 ? 4 : 8);
2949 	if (md_len > 2 || off >= res) {
2950 		mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2951 		return check_condition_result;
2952 	}
2953 	mpage = arr[off] & 0x3f;
2954 	ps = !!(arr[off] & 0x80);
2955 	if (ps) {
2956 		mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2957 		return check_condition_result;
2958 	}
2959 	spf = !!(arr[off] & 0x40);
2960 	pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2961 		       (arr[off + 1] + 2);
2962 	if ((pg_len + off) > param_len) {
2963 		mk_sense_buffer(scp, ILLEGAL_REQUEST,
2964 				PARAMETER_LIST_LENGTH_ERR, 0);
2965 		return check_condition_result;
2966 	}
2967 	switch (mpage) {
2968 	case 0x8:      /* Caching Mode page */
2969 		if (caching_pg[1] == arr[off + 1]) {
2970 			memcpy(caching_pg + 2, arr + off + 2,
2971 			       sizeof(caching_pg) - 2);
2972 			goto set_mode_changed_ua;
2973 		}
2974 		break;
2975 	case 0xa:      /* Control Mode page */
2976 		if (ctrl_m_pg[1] == arr[off + 1]) {
2977 			memcpy(ctrl_m_pg + 2, arr + off + 2,
2978 			       sizeof(ctrl_m_pg) - 2);
2979 			if (ctrl_m_pg[4] & 0x8)
2980 				sdebug_wp = true;
2981 			else
2982 				sdebug_wp = false;
2983 			sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2984 			goto set_mode_changed_ua;
2985 		}
2986 		break;
2987 	case 0x1c:      /* Informational Exceptions Mode page */
2988 		if (iec_m_pg[1] == arr[off + 1]) {
2989 			memcpy(iec_m_pg + 2, arr + off + 2,
2990 			       sizeof(iec_m_pg) - 2);
2991 			goto set_mode_changed_ua;
2992 		}
2993 		break;
2994 	default:
2995 		break;
2996 	}
2997 	mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2998 	return check_condition_result;
2999 set_mode_changed_ua:
3000 	set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
3001 	return 0;
3002 }
3003 
3004 static int resp_temp_l_pg(unsigned char *arr)
3005 {
3006 	unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
3007 				     0x0, 0x1, 0x3, 0x2, 0x0, 65,
3008 		};
3009 
3010 	memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
3011 	return sizeof(temp_l_pg);
3012 }
3013 
3014 static int resp_ie_l_pg(unsigned char *arr)
3015 {
3016 	unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
3017 		};
3018 
3019 	memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
3020 	if (iec_m_pg[2] & 0x4) {	/* TEST bit set */
3021 		arr[4] = THRESHOLD_EXCEEDED;
3022 		arr[5] = 0xff;
3023 	}
3024 	return sizeof(ie_l_pg);
3025 }
3026 
3027 static int resp_env_rep_l_spg(unsigned char *arr)
3028 {
3029 	unsigned char env_rep_l_spg[] = {0x0, 0x0, 0x23, 0x8,
3030 					 0x0, 40, 72, 0xff, 45, 18, 0, 0,
3031 					 0x1, 0x0, 0x23, 0x8,
3032 					 0x0, 55, 72, 35, 55, 45, 0, 0,
3033 		};
3034 
3035 	memcpy(arr, env_rep_l_spg, sizeof(env_rep_l_spg));
3036 	return sizeof(env_rep_l_spg);
3037 }
3038 
3039 #define SDEBUG_MAX_LSENSE_SZ 512
3040 
3041 static int resp_log_sense(struct scsi_cmnd *scp,
3042 			  struct sdebug_dev_info *devip)
3043 {
3044 	int ppc, sp, pcode, subpcode;
3045 	u32 alloc_len, len, n;
3046 	unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
3047 	unsigned char *cmd = scp->cmnd;
3048 
3049 	memset(arr, 0, sizeof(arr));
3050 	ppc = cmd[1] & 0x2;
3051 	sp = cmd[1] & 0x1;
3052 	if (ppc || sp) {
3053 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
3054 		return check_condition_result;
3055 	}
3056 	pcode = cmd[2] & 0x3f;
3057 	subpcode = cmd[3] & 0xff;
3058 	alloc_len = get_unaligned_be16(cmd + 7);
3059 	arr[0] = pcode;
3060 	if (0 == subpcode) {
3061 		switch (pcode) {
3062 		case 0x0:	/* Supported log pages log page */
3063 			n = 4;
3064 			arr[n++] = 0x0;		/* this page */
3065 			arr[n++] = 0xd;		/* Temperature */
3066 			arr[n++] = 0x2f;	/* Informational exceptions */
3067 			arr[3] = n - 4;
3068 			break;
3069 		case 0xd:	/* Temperature log page */
3070 			arr[3] = resp_temp_l_pg(arr + 4);
3071 			break;
3072 		case 0x2f:	/* Informational exceptions log page */
3073 			arr[3] = resp_ie_l_pg(arr + 4);
3074 			break;
3075 		default:
3076 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
3077 			return check_condition_result;
3078 		}
3079 	} else if (0xff == subpcode) {
3080 		arr[0] |= 0x40;
3081 		arr[1] = subpcode;
3082 		switch (pcode) {
3083 		case 0x0:	/* Supported log pages and subpages log page */
3084 			n = 4;
3085 			arr[n++] = 0x0;
3086 			arr[n++] = 0x0;		/* 0,0 page */
3087 			arr[n++] = 0x0;
3088 			arr[n++] = 0xff;	/* this page */
3089 			arr[n++] = 0xd;
3090 			arr[n++] = 0x0;		/* Temperature */
3091 			arr[n++] = 0xd;
3092 			arr[n++] = 0x1;		/* Environment reporting */
3093 			arr[n++] = 0xd;
3094 			arr[n++] = 0xff;	/* all 0xd subpages */
3095 			arr[n++] = 0x2f;
3096 			arr[n++] = 0x0;	/* Informational exceptions */
3097 			arr[n++] = 0x2f;
3098 			arr[n++] = 0xff;	/* all 0x2f subpages */
3099 			arr[3] = n - 4;
3100 			break;
3101 		case 0xd:	/* Temperature subpages */
3102 			n = 4;
3103 			arr[n++] = 0xd;
3104 			arr[n++] = 0x0;		/* Temperature */
3105 			arr[n++] = 0xd;
3106 			arr[n++] = 0x1;		/* Environment reporting */
3107 			arr[n++] = 0xd;
3108 			arr[n++] = 0xff;	/* these subpages */
3109 			arr[3] = n - 4;
3110 			break;
3111 		case 0x2f:	/* Informational exceptions subpages */
3112 			n = 4;
3113 			arr[n++] = 0x2f;
3114 			arr[n++] = 0x0;		/* Informational exceptions */
3115 			arr[n++] = 0x2f;
3116 			arr[n++] = 0xff;	/* these subpages */
3117 			arr[3] = n - 4;
3118 			break;
3119 		default:
3120 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
3121 			return check_condition_result;
3122 		}
3123 	} else if (subpcode > 0) {
3124 		arr[0] |= 0x40;
3125 		arr[1] = subpcode;
3126 		if (pcode == 0xd && subpcode == 1)
3127 			arr[3] = resp_env_rep_l_spg(arr + 4);
3128 		else {
3129 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
3130 			return check_condition_result;
3131 		}
3132 	} else {
3133 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
3134 		return check_condition_result;
3135 	}
3136 	len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
3137 	return fill_from_dev_buffer(scp, arr,
3138 		    min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
3139 }
3140 
3141 static inline bool sdebug_dev_is_zoned(struct sdebug_dev_info *devip)
3142 {
3143 	return devip->nr_zones != 0;
3144 }
3145 
3146 static struct sdeb_zone_state *zbc_zone(struct sdebug_dev_info *devip,
3147 					unsigned long long lba)
3148 {
3149 	u32 zno = lba >> devip->zsize_shift;
3150 	struct sdeb_zone_state *zsp;
3151 
3152 	if (devip->zcap == devip->zsize || zno < devip->nr_conv_zones)
3153 		return &devip->zstate[zno];
3154 
3155 	/*
3156 	 * If the zone capacity is less than the zone size, adjust for gap
3157 	 * zones.
3158 	 */
3159 	zno = 2 * zno - devip->nr_conv_zones;
3160 	WARN_ONCE(zno >= devip->nr_zones, "%u > %u\n", zno, devip->nr_zones);
3161 	zsp = &devip->zstate[zno];
3162 	if (lba >= zsp->z_start + zsp->z_size)
3163 		zsp++;
3164 	WARN_ON_ONCE(lba >= zsp->z_start + zsp->z_size);
3165 	return zsp;
3166 }
3167 
3168 static inline bool zbc_zone_is_conv(struct sdeb_zone_state *zsp)
3169 {
3170 	return zsp->z_type == ZBC_ZTYPE_CNV;
3171 }
3172 
3173 static inline bool zbc_zone_is_gap(struct sdeb_zone_state *zsp)
3174 {
3175 	return zsp->z_type == ZBC_ZTYPE_GAP;
3176 }
3177 
3178 static inline bool zbc_zone_is_seq(struct sdeb_zone_state *zsp)
3179 {
3180 	return !zbc_zone_is_conv(zsp) && !zbc_zone_is_gap(zsp);
3181 }
3182 
3183 static void zbc_close_zone(struct sdebug_dev_info *devip,
3184 			   struct sdeb_zone_state *zsp)
3185 {
3186 	enum sdebug_z_cond zc;
3187 
3188 	if (!zbc_zone_is_seq(zsp))
3189 		return;
3190 
3191 	zc = zsp->z_cond;
3192 	if (!(zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN))
3193 		return;
3194 
3195 	if (zc == ZC2_IMPLICIT_OPEN)
3196 		devip->nr_imp_open--;
3197 	else
3198 		devip->nr_exp_open--;
3199 
3200 	if (zsp->z_wp == zsp->z_start) {
3201 		zsp->z_cond = ZC1_EMPTY;
3202 	} else {
3203 		zsp->z_cond = ZC4_CLOSED;
3204 		devip->nr_closed++;
3205 	}
3206 }
3207 
3208 static void zbc_close_imp_open_zone(struct sdebug_dev_info *devip)
3209 {
3210 	struct sdeb_zone_state *zsp = &devip->zstate[0];
3211 	unsigned int i;
3212 
3213 	for (i = 0; i < devip->nr_zones; i++, zsp++) {
3214 		if (zsp->z_cond == ZC2_IMPLICIT_OPEN) {
3215 			zbc_close_zone(devip, zsp);
3216 			return;
3217 		}
3218 	}
3219 }
3220 
3221 static void zbc_open_zone(struct sdebug_dev_info *devip,
3222 			  struct sdeb_zone_state *zsp, bool explicit)
3223 {
3224 	enum sdebug_z_cond zc;
3225 
3226 	if (!zbc_zone_is_seq(zsp))
3227 		return;
3228 
3229 	zc = zsp->z_cond;
3230 	if ((explicit && zc == ZC3_EXPLICIT_OPEN) ||
3231 	    (!explicit && zc == ZC2_IMPLICIT_OPEN))
3232 		return;
3233 
3234 	/* Close an implicit open zone if necessary */
3235 	if (explicit && zsp->z_cond == ZC2_IMPLICIT_OPEN)
3236 		zbc_close_zone(devip, zsp);
3237 	else if (devip->max_open &&
3238 		 devip->nr_imp_open + devip->nr_exp_open >= devip->max_open)
3239 		zbc_close_imp_open_zone(devip);
3240 
3241 	if (zsp->z_cond == ZC4_CLOSED)
3242 		devip->nr_closed--;
3243 	if (explicit) {
3244 		zsp->z_cond = ZC3_EXPLICIT_OPEN;
3245 		devip->nr_exp_open++;
3246 	} else {
3247 		zsp->z_cond = ZC2_IMPLICIT_OPEN;
3248 		devip->nr_imp_open++;
3249 	}
3250 }
3251 
3252 static inline void zbc_set_zone_full(struct sdebug_dev_info *devip,
3253 				     struct sdeb_zone_state *zsp)
3254 {
3255 	switch (zsp->z_cond) {
3256 	case ZC2_IMPLICIT_OPEN:
3257 		devip->nr_imp_open--;
3258 		break;
3259 	case ZC3_EXPLICIT_OPEN:
3260 		devip->nr_exp_open--;
3261 		break;
3262 	default:
3263 		WARN_ONCE(true, "Invalid zone %llu condition %x\n",
3264 			  zsp->z_start, zsp->z_cond);
3265 		break;
3266 	}
3267 	zsp->z_cond = ZC5_FULL;
3268 }
3269 
3270 static void zbc_inc_wp(struct sdebug_dev_info *devip,
3271 		       unsigned long long lba, unsigned int num)
3272 {
3273 	struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
3274 	unsigned long long n, end, zend = zsp->z_start + zsp->z_size;
3275 
3276 	if (!zbc_zone_is_seq(zsp))
3277 		return;
3278 
3279 	if (zsp->z_type == ZBC_ZTYPE_SWR) {
3280 		zsp->z_wp += num;
3281 		if (zsp->z_wp >= zend)
3282 			zbc_set_zone_full(devip, zsp);
3283 		return;
3284 	}
3285 
3286 	while (num) {
3287 		if (lba != zsp->z_wp)
3288 			zsp->z_non_seq_resource = true;
3289 
3290 		end = lba + num;
3291 		if (end >= zend) {
3292 			n = zend - lba;
3293 			zsp->z_wp = zend;
3294 		} else if (end > zsp->z_wp) {
3295 			n = num;
3296 			zsp->z_wp = end;
3297 		} else {
3298 			n = num;
3299 		}
3300 		if (zsp->z_wp >= zend)
3301 			zbc_set_zone_full(devip, zsp);
3302 
3303 		num -= n;
3304 		lba += n;
3305 		if (num) {
3306 			zsp++;
3307 			zend = zsp->z_start + zsp->z_size;
3308 		}
3309 	}
3310 }
3311 
3312 static int check_zbc_access_params(struct scsi_cmnd *scp,
3313 			unsigned long long lba, unsigned int num, bool write)
3314 {
3315 	struct scsi_device *sdp = scp->device;
3316 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3317 	struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
3318 	struct sdeb_zone_state *zsp_end = zbc_zone(devip, lba + num - 1);
3319 
3320 	if (!write) {
3321 		/* For host-managed, reads cannot cross zone types boundaries */
3322 		if (zsp->z_type != zsp_end->z_type) {
3323 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
3324 					LBA_OUT_OF_RANGE,
3325 					READ_INVDATA_ASCQ);
3326 			return check_condition_result;
3327 		}
3328 		return 0;
3329 	}
3330 
3331 	/* Writing into a gap zone is not allowed */
3332 	if (zbc_zone_is_gap(zsp)) {
3333 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE,
3334 				ATTEMPT_ACCESS_GAP);
3335 		return check_condition_result;
3336 	}
3337 
3338 	/* No restrictions for writes within conventional zones */
3339 	if (zbc_zone_is_conv(zsp)) {
3340 		if (!zbc_zone_is_conv(zsp_end)) {
3341 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
3342 					LBA_OUT_OF_RANGE,
3343 					WRITE_BOUNDARY_ASCQ);
3344 			return check_condition_result;
3345 		}
3346 		return 0;
3347 	}
3348 
3349 	if (zsp->z_type == ZBC_ZTYPE_SWR) {
3350 		/* Writes cannot cross sequential zone boundaries */
3351 		if (zsp_end != zsp) {
3352 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
3353 					LBA_OUT_OF_RANGE,
3354 					WRITE_BOUNDARY_ASCQ);
3355 			return check_condition_result;
3356 		}
3357 		/* Cannot write full zones */
3358 		if (zsp->z_cond == ZC5_FULL) {
3359 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
3360 					INVALID_FIELD_IN_CDB, 0);
3361 			return check_condition_result;
3362 		}
3363 		/* Writes must be aligned to the zone WP */
3364 		if (lba != zsp->z_wp) {
3365 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
3366 					LBA_OUT_OF_RANGE,
3367 					UNALIGNED_WRITE_ASCQ);
3368 			return check_condition_result;
3369 		}
3370 	}
3371 
3372 	/* Handle implicit open of closed and empty zones */
3373 	if (zsp->z_cond == ZC1_EMPTY || zsp->z_cond == ZC4_CLOSED) {
3374 		if (devip->max_open &&
3375 		    devip->nr_exp_open >= devip->max_open) {
3376 			mk_sense_buffer(scp, DATA_PROTECT,
3377 					INSUFF_RES_ASC,
3378 					INSUFF_ZONE_ASCQ);
3379 			return check_condition_result;
3380 		}
3381 		zbc_open_zone(devip, zsp, false);
3382 	}
3383 
3384 	return 0;
3385 }
3386 
3387 static inline int check_device_access_params
3388 			(struct scsi_cmnd *scp, unsigned long long lba,
3389 			 unsigned int num, bool write)
3390 {
3391 	struct scsi_device *sdp = scp->device;
3392 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3393 
3394 	if (lba + num > sdebug_capacity) {
3395 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3396 		return check_condition_result;
3397 	}
3398 	/* transfer length excessive (tie in to block limits VPD page) */
3399 	if (num > sdebug_store_sectors) {
3400 		/* needs work to find which cdb byte 'num' comes from */
3401 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3402 		return check_condition_result;
3403 	}
3404 	if (write && unlikely(sdebug_wp)) {
3405 		mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
3406 		return check_condition_result;
3407 	}
3408 	if (sdebug_dev_is_zoned(devip))
3409 		return check_zbc_access_params(scp, lba, num, write);
3410 
3411 	return 0;
3412 }
3413 
3414 /*
3415  * Note: if BUG_ON() fires it usually indicates a problem with the parser
3416  * tables. Perhaps a missing F_FAKE_RW or FF_MEDIA_IO flag. Response functions
3417  * that access any of the "stores" in struct sdeb_store_info should call this
3418  * function with bug_if_fake_rw set to true.
3419  */
3420 static inline struct sdeb_store_info *devip2sip(struct sdebug_dev_info *devip,
3421 						bool bug_if_fake_rw)
3422 {
3423 	if (sdebug_fake_rw) {
3424 		BUG_ON(bug_if_fake_rw);	/* See note above */
3425 		return NULL;
3426 	}
3427 	return xa_load(per_store_ap, devip->sdbg_host->si_idx);
3428 }
3429 
3430 static inline void
3431 sdeb_read_lock(rwlock_t *lock)
3432 {
3433 	if (sdebug_no_rwlock)
3434 		__acquire(lock);
3435 	else
3436 		read_lock(lock);
3437 }
3438 
3439 static inline void
3440 sdeb_read_unlock(rwlock_t *lock)
3441 {
3442 	if (sdebug_no_rwlock)
3443 		__release(lock);
3444 	else
3445 		read_unlock(lock);
3446 }
3447 
3448 static inline void
3449 sdeb_write_lock(rwlock_t *lock)
3450 {
3451 	if (sdebug_no_rwlock)
3452 		__acquire(lock);
3453 	else
3454 		write_lock(lock);
3455 }
3456 
3457 static inline void
3458 sdeb_write_unlock(rwlock_t *lock)
3459 {
3460 	if (sdebug_no_rwlock)
3461 		__release(lock);
3462 	else
3463 		write_unlock(lock);
3464 }
3465 
3466 static inline void
3467 sdeb_data_read_lock(struct sdeb_store_info *sip)
3468 {
3469 	BUG_ON(!sip);
3470 
3471 	sdeb_read_lock(&sip->macc_data_lck);
3472 }
3473 
3474 static inline void
3475 sdeb_data_read_unlock(struct sdeb_store_info *sip)
3476 {
3477 	BUG_ON(!sip);
3478 
3479 	sdeb_read_unlock(&sip->macc_data_lck);
3480 }
3481 
3482 static inline void
3483 sdeb_data_write_lock(struct sdeb_store_info *sip)
3484 {
3485 	BUG_ON(!sip);
3486 
3487 	sdeb_write_lock(&sip->macc_data_lck);
3488 }
3489 
3490 static inline void
3491 sdeb_data_write_unlock(struct sdeb_store_info *sip)
3492 {
3493 	BUG_ON(!sip);
3494 
3495 	sdeb_write_unlock(&sip->macc_data_lck);
3496 }
3497 
3498 static inline void
3499 sdeb_data_sector_read_lock(struct sdeb_store_info *sip)
3500 {
3501 	BUG_ON(!sip);
3502 
3503 	sdeb_read_lock(&sip->macc_sector_lck);
3504 }
3505 
3506 static inline void
3507 sdeb_data_sector_read_unlock(struct sdeb_store_info *sip)
3508 {
3509 	BUG_ON(!sip);
3510 
3511 	sdeb_read_unlock(&sip->macc_sector_lck);
3512 }
3513 
3514 static inline void
3515 sdeb_data_sector_write_lock(struct sdeb_store_info *sip)
3516 {
3517 	BUG_ON(!sip);
3518 
3519 	sdeb_write_lock(&sip->macc_sector_lck);
3520 }
3521 
3522 static inline void
3523 sdeb_data_sector_write_unlock(struct sdeb_store_info *sip)
3524 {
3525 	BUG_ON(!sip);
3526 
3527 	sdeb_write_unlock(&sip->macc_sector_lck);
3528 }
3529 
3530 /*
3531  * Atomic locking:
3532  * We simplify the atomic model to allow only 1x atomic write and many non-
3533  * atomic reads or writes for all LBAs.
3534 
3535  * A RW lock has a similar bahaviour:
3536  * Only 1x writer and many readers.
3537 
3538  * So use a RW lock for per-device read and write locking:
3539  * An atomic access grabs the lock as a writer and non-atomic grabs the lock
3540  * as a reader.
3541  */
3542 
3543 static inline void
3544 sdeb_data_lock(struct sdeb_store_info *sip, bool atomic)
3545 {
3546 	if (atomic)
3547 		sdeb_data_write_lock(sip);
3548 	else
3549 		sdeb_data_read_lock(sip);
3550 }
3551 
3552 static inline void
3553 sdeb_data_unlock(struct sdeb_store_info *sip, bool atomic)
3554 {
3555 	if (atomic)
3556 		sdeb_data_write_unlock(sip);
3557 	else
3558 		sdeb_data_read_unlock(sip);
3559 }
3560 
3561 /* Allow many reads but only 1x write per sector */
3562 static inline void
3563 sdeb_data_sector_lock(struct sdeb_store_info *sip, bool do_write)
3564 {
3565 	if (do_write)
3566 		sdeb_data_sector_write_lock(sip);
3567 	else
3568 		sdeb_data_sector_read_lock(sip);
3569 }
3570 
3571 static inline void
3572 sdeb_data_sector_unlock(struct sdeb_store_info *sip, bool do_write)
3573 {
3574 	if (do_write)
3575 		sdeb_data_sector_write_unlock(sip);
3576 	else
3577 		sdeb_data_sector_read_unlock(sip);
3578 }
3579 
3580 static inline void
3581 sdeb_meta_read_lock(struct sdeb_store_info *sip)
3582 {
3583 	if (sdebug_no_rwlock) {
3584 		if (sip)
3585 			__acquire(&sip->macc_meta_lck);
3586 		else
3587 			__acquire(&sdeb_fake_rw_lck);
3588 	} else {
3589 		if (sip)
3590 			read_lock(&sip->macc_meta_lck);
3591 		else
3592 			read_lock(&sdeb_fake_rw_lck);
3593 	}
3594 }
3595 
3596 static inline void
3597 sdeb_meta_read_unlock(struct sdeb_store_info *sip)
3598 {
3599 	if (sdebug_no_rwlock) {
3600 		if (sip)
3601 			__release(&sip->macc_meta_lck);
3602 		else
3603 			__release(&sdeb_fake_rw_lck);
3604 	} else {
3605 		if (sip)
3606 			read_unlock(&sip->macc_meta_lck);
3607 		else
3608 			read_unlock(&sdeb_fake_rw_lck);
3609 	}
3610 }
3611 
3612 static inline void
3613 sdeb_meta_write_lock(struct sdeb_store_info *sip)
3614 {
3615 	if (sdebug_no_rwlock) {
3616 		if (sip)
3617 			__acquire(&sip->macc_meta_lck);
3618 		else
3619 			__acquire(&sdeb_fake_rw_lck);
3620 	} else {
3621 		if (sip)
3622 			write_lock(&sip->macc_meta_lck);
3623 		else
3624 			write_lock(&sdeb_fake_rw_lck);
3625 	}
3626 }
3627 
3628 static inline void
3629 sdeb_meta_write_unlock(struct sdeb_store_info *sip)
3630 {
3631 	if (sdebug_no_rwlock) {
3632 		if (sip)
3633 			__release(&sip->macc_meta_lck);
3634 		else
3635 			__release(&sdeb_fake_rw_lck);
3636 	} else {
3637 		if (sip)
3638 			write_unlock(&sip->macc_meta_lck);
3639 		else
3640 			write_unlock(&sdeb_fake_rw_lck);
3641 	}
3642 }
3643 
3644 /* Returns number of bytes copied or -1 if error. */
3645 static int do_device_access(struct sdeb_store_info *sip, struct scsi_cmnd *scp,
3646 			    u32 sg_skip, u64 lba, u32 num, u8 group_number,
3647 			    bool do_write, bool atomic)
3648 {
3649 	int ret;
3650 	u64 block;
3651 	enum dma_data_direction dir;
3652 	struct scsi_data_buffer *sdb = &scp->sdb;
3653 	u8 *fsp;
3654 	int i;
3655 
3656 	/*
3657 	 * Even though reads are inherently atomic (in this driver), we expect
3658 	 * the atomic flag only for writes.
3659 	 */
3660 	if (!do_write && atomic)
3661 		return -1;
3662 
3663 	if (do_write) {
3664 		dir = DMA_TO_DEVICE;
3665 		write_since_sync = true;
3666 	} else {
3667 		dir = DMA_FROM_DEVICE;
3668 	}
3669 
3670 	if (!sdb->length || !sip)
3671 		return 0;
3672 	if (scp->sc_data_direction != dir)
3673 		return -1;
3674 
3675 	if (do_write && group_number < ARRAY_SIZE(writes_by_group_number))
3676 		atomic_long_inc(&writes_by_group_number[group_number]);
3677 
3678 	fsp = sip->storep;
3679 
3680 	block = do_div(lba, sdebug_store_sectors);
3681 
3682 	/* Only allow 1x atomic write or multiple non-atomic writes at any given time */
3683 	sdeb_data_lock(sip, atomic);
3684 	for (i = 0; i < num; i++) {
3685 		/* We shouldn't need to lock for atomic writes, but do it anyway */
3686 		sdeb_data_sector_lock(sip, do_write);
3687 		ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
3688 		   fsp + (block * sdebug_sector_size),
3689 		   sdebug_sector_size, sg_skip, do_write);
3690 		sdeb_data_sector_unlock(sip, do_write);
3691 		if (ret != sdebug_sector_size) {
3692 			ret += (i * sdebug_sector_size);
3693 			break;
3694 		}
3695 		sg_skip += sdebug_sector_size;
3696 		if (++block >= sdebug_store_sectors)
3697 			block = 0;
3698 	}
3699 	ret = num * sdebug_sector_size;
3700 	sdeb_data_unlock(sip, atomic);
3701 
3702 	return ret;
3703 }
3704 
3705 /* Returns number of bytes copied or -1 if error. */
3706 static int do_dout_fetch(struct scsi_cmnd *scp, u32 num, u8 *doutp)
3707 {
3708 	struct scsi_data_buffer *sdb = &scp->sdb;
3709 
3710 	if (!sdb->length)
3711 		return 0;
3712 	if (scp->sc_data_direction != DMA_TO_DEVICE)
3713 		return -1;
3714 	return sg_copy_buffer(sdb->table.sgl, sdb->table.nents, doutp,
3715 			      num * sdebug_sector_size, 0, true);
3716 }
3717 
3718 /* If sip->storep+lba compares equal to arr(num), then copy top half of
3719  * arr into sip->storep+lba and return true. If comparison fails then
3720  * return false. */
3721 static bool comp_write_worker(struct sdeb_store_info *sip, u64 lba, u32 num,
3722 			      const u8 *arr, bool compare_only)
3723 {
3724 	bool res;
3725 	u64 block, rest = 0;
3726 	u32 store_blks = sdebug_store_sectors;
3727 	u32 lb_size = sdebug_sector_size;
3728 	u8 *fsp = sip->storep;
3729 
3730 	block = do_div(lba, store_blks);
3731 	if (block + num > store_blks)
3732 		rest = block + num - store_blks;
3733 
3734 	res = !memcmp(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3735 	if (!res)
3736 		return res;
3737 	if (rest)
3738 		res = memcmp(fsp, arr + ((num - rest) * lb_size),
3739 			     rest * lb_size);
3740 	if (!res)
3741 		return res;
3742 	if (compare_only)
3743 		return true;
3744 	arr += num * lb_size;
3745 	memcpy(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3746 	if (rest)
3747 		memcpy(fsp, arr + ((num - rest) * lb_size), rest * lb_size);
3748 	return res;
3749 }
3750 
3751 static __be16 dif_compute_csum(const void *buf, int len)
3752 {
3753 	__be16 csum;
3754 
3755 	if (sdebug_guard)
3756 		csum = (__force __be16)ip_compute_csum(buf, len);
3757 	else
3758 		csum = cpu_to_be16(crc_t10dif(buf, len));
3759 
3760 	return csum;
3761 }
3762 
3763 static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
3764 		      sector_t sector, u32 ei_lba)
3765 {
3766 	__be16 csum = dif_compute_csum(data, sdebug_sector_size);
3767 
3768 	if (sdt->guard_tag != csum) {
3769 		pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
3770 			(unsigned long)sector,
3771 			be16_to_cpu(sdt->guard_tag),
3772 			be16_to_cpu(csum));
3773 		return 0x01;
3774 	}
3775 	if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
3776 	    be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
3777 		pr_err("REF check failed on sector %lu\n",
3778 			(unsigned long)sector);
3779 		return 0x03;
3780 	}
3781 	if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3782 	    be32_to_cpu(sdt->ref_tag) != ei_lba) {
3783 		pr_err("REF check failed on sector %lu\n",
3784 			(unsigned long)sector);
3785 		return 0x03;
3786 	}
3787 	return 0;
3788 }
3789 
3790 static void dif_copy_prot(struct scsi_cmnd *scp, sector_t sector,
3791 			  unsigned int sectors, bool read)
3792 {
3793 	size_t resid;
3794 	void *paddr;
3795 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3796 						scp->device->hostdata, true);
3797 	struct t10_pi_tuple *dif_storep = sip->dif_storep;
3798 	const void *dif_store_end = dif_storep + sdebug_store_sectors;
3799 	struct sg_mapping_iter miter;
3800 
3801 	/* Bytes of protection data to copy into sgl */
3802 	resid = sectors * sizeof(*dif_storep);
3803 
3804 	sg_miter_start(&miter, scsi_prot_sglist(scp),
3805 		       scsi_prot_sg_count(scp), SG_MITER_ATOMIC |
3806 		       (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
3807 
3808 	while (sg_miter_next(&miter) && resid > 0) {
3809 		size_t len = min_t(size_t, miter.length, resid);
3810 		void *start = dif_store(sip, sector);
3811 		size_t rest = 0;
3812 
3813 		if (dif_store_end < start + len)
3814 			rest = start + len - dif_store_end;
3815 
3816 		paddr = miter.addr;
3817 
3818 		if (read)
3819 			memcpy(paddr, start, len - rest);
3820 		else
3821 			memcpy(start, paddr, len - rest);
3822 
3823 		if (rest) {
3824 			if (read)
3825 				memcpy(paddr + len - rest, dif_storep, rest);
3826 			else
3827 				memcpy(dif_storep, paddr + len - rest, rest);
3828 		}
3829 
3830 		sector += len / sizeof(*dif_storep);
3831 		resid -= len;
3832 	}
3833 	sg_miter_stop(&miter);
3834 }
3835 
3836 static int prot_verify_read(struct scsi_cmnd *scp, sector_t start_sec,
3837 			    unsigned int sectors, u32 ei_lba)
3838 {
3839 	int ret = 0;
3840 	unsigned int i;
3841 	sector_t sector;
3842 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3843 						scp->device->hostdata, true);
3844 	struct t10_pi_tuple *sdt;
3845 
3846 	for (i = 0; i < sectors; i++, ei_lba++) {
3847 		sector = start_sec + i;
3848 		sdt = dif_store(sip, sector);
3849 
3850 		if (sdt->app_tag == cpu_to_be16(0xffff))
3851 			continue;
3852 
3853 		/*
3854 		 * Because scsi_debug acts as both initiator and
3855 		 * target we proceed to verify the PI even if
3856 		 * RDPROTECT=3. This is done so the "initiator" knows
3857 		 * which type of error to return. Otherwise we would
3858 		 * have to iterate over the PI twice.
3859 		 */
3860 		if (scp->cmnd[1] >> 5) { /* RDPROTECT */
3861 			ret = dif_verify(sdt, lba2fake_store(sip, sector),
3862 					 sector, ei_lba);
3863 			if (ret) {
3864 				dif_errors++;
3865 				break;
3866 			}
3867 		}
3868 	}
3869 
3870 	dif_copy_prot(scp, start_sec, sectors, true);
3871 	dix_reads++;
3872 
3873 	return ret;
3874 }
3875 
3876 static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3877 {
3878 	bool check_prot;
3879 	u32 num;
3880 	u32 ei_lba;
3881 	int ret;
3882 	u64 lba;
3883 	struct sdeb_store_info *sip = devip2sip(devip, true);
3884 	u8 *cmd = scp->cmnd;
3885 	bool meta_data_locked = false;
3886 
3887 	switch (cmd[0]) {
3888 	case READ_16:
3889 		ei_lba = 0;
3890 		lba = get_unaligned_be64(cmd + 2);
3891 		num = get_unaligned_be32(cmd + 10);
3892 		check_prot = true;
3893 		break;
3894 	case READ_10:
3895 		ei_lba = 0;
3896 		lba = get_unaligned_be32(cmd + 2);
3897 		num = get_unaligned_be16(cmd + 7);
3898 		check_prot = true;
3899 		break;
3900 	case READ_6:
3901 		ei_lba = 0;
3902 		lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3903 		      (u32)(cmd[1] & 0x1f) << 16;
3904 		num = (0 == cmd[4]) ? 256 : cmd[4];
3905 		check_prot = true;
3906 		break;
3907 	case READ_12:
3908 		ei_lba = 0;
3909 		lba = get_unaligned_be32(cmd + 2);
3910 		num = get_unaligned_be32(cmd + 6);
3911 		check_prot = true;
3912 		break;
3913 	case XDWRITEREAD_10:
3914 		ei_lba = 0;
3915 		lba = get_unaligned_be32(cmd + 2);
3916 		num = get_unaligned_be16(cmd + 7);
3917 		check_prot = false;
3918 		break;
3919 	default:	/* assume READ(32) */
3920 		lba = get_unaligned_be64(cmd + 12);
3921 		ei_lba = get_unaligned_be32(cmd + 20);
3922 		num = get_unaligned_be32(cmd + 28);
3923 		check_prot = false;
3924 		break;
3925 	}
3926 	if (unlikely(have_dif_prot && check_prot)) {
3927 		if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3928 		    (cmd[1] & 0xe0)) {
3929 			mk_sense_invalid_opcode(scp);
3930 			return check_condition_result;
3931 		}
3932 		if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3933 		     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3934 		    (cmd[1] & 0xe0) == 0)
3935 			sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
3936 				    "to DIF device\n");
3937 	}
3938 	if (unlikely((sdebug_opts & SDEBUG_OPT_SHORT_TRANSFER) &&
3939 		     atomic_read(&sdeb_inject_pending))) {
3940 		num /= 2;
3941 		atomic_set(&sdeb_inject_pending, 0);
3942 	}
3943 
3944 	/*
3945 	 * When checking device access params, for reads we only check data
3946 	 * versus what is set at init time, so no need to lock.
3947 	 */
3948 	ret = check_device_access_params(scp, lba, num, false);
3949 	if (ret)
3950 		return ret;
3951 	if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
3952 		     (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
3953 		     ((lba + num) > sdebug_medium_error_start))) {
3954 		/* claim unrecoverable read error */
3955 		mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
3956 		/* set info field and valid bit for fixed descriptor */
3957 		if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
3958 			scp->sense_buffer[0] |= 0x80;	/* Valid bit */
3959 			ret = (lba < OPT_MEDIUM_ERR_ADDR)
3960 			      ? OPT_MEDIUM_ERR_ADDR : (int)lba;
3961 			put_unaligned_be32(ret, scp->sense_buffer + 3);
3962 		}
3963 		scsi_set_resid(scp, scsi_bufflen(scp));
3964 		return check_condition_result;
3965 	}
3966 
3967 	if (sdebug_dev_is_zoned(devip) ||
3968 	    (sdebug_dix && scsi_prot_sg_count(scp)))  {
3969 		sdeb_meta_read_lock(sip);
3970 		meta_data_locked = true;
3971 	}
3972 
3973 	/* DIX + T10 DIF */
3974 	if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3975 		switch (prot_verify_read(scp, lba, num, ei_lba)) {
3976 		case 1: /* Guard tag error */
3977 			if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3978 				sdeb_meta_read_unlock(sip);
3979 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3980 				return check_condition_result;
3981 			} else if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
3982 				sdeb_meta_read_unlock(sip);
3983 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3984 				return illegal_condition_result;
3985 			}
3986 			break;
3987 		case 3: /* Reference tag error */
3988 			if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3989 				sdeb_meta_read_unlock(sip);
3990 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
3991 				return check_condition_result;
3992 			} else if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
3993 				sdeb_meta_read_unlock(sip);
3994 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
3995 				return illegal_condition_result;
3996 			}
3997 			break;
3998 		}
3999 	}
4000 
4001 	ret = do_device_access(sip, scp, 0, lba, num, 0, false, false);
4002 	if (meta_data_locked)
4003 		sdeb_meta_read_unlock(sip);
4004 	if (unlikely(ret == -1))
4005 		return DID_ERROR << 16;
4006 
4007 	scsi_set_resid(scp, scsi_bufflen(scp) - ret);
4008 
4009 	if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
4010 		     atomic_read(&sdeb_inject_pending))) {
4011 		if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
4012 			mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
4013 			atomic_set(&sdeb_inject_pending, 0);
4014 			return check_condition_result;
4015 		} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
4016 			/* Logical block guard check failed */
4017 			mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4018 			atomic_set(&sdeb_inject_pending, 0);
4019 			return illegal_condition_result;
4020 		} else if (SDEBUG_OPT_DIX_ERR & sdebug_opts) {
4021 			mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4022 			atomic_set(&sdeb_inject_pending, 0);
4023 			return illegal_condition_result;
4024 		}
4025 	}
4026 	return 0;
4027 }
4028 
4029 static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
4030 			     unsigned int sectors, u32 ei_lba)
4031 {
4032 	int ret;
4033 	struct t10_pi_tuple *sdt;
4034 	void *daddr;
4035 	sector_t sector = start_sec;
4036 	int ppage_offset;
4037 	int dpage_offset;
4038 	struct sg_mapping_iter diter;
4039 	struct sg_mapping_iter piter;
4040 
4041 	BUG_ON(scsi_sg_count(SCpnt) == 0);
4042 	BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
4043 
4044 	sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
4045 			scsi_prot_sg_count(SCpnt),
4046 			SG_MITER_ATOMIC | SG_MITER_FROM_SG);
4047 	sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
4048 			SG_MITER_ATOMIC | SG_MITER_FROM_SG);
4049 
4050 	/* For each protection page */
4051 	while (sg_miter_next(&piter)) {
4052 		dpage_offset = 0;
4053 		if (WARN_ON(!sg_miter_next(&diter))) {
4054 			ret = 0x01;
4055 			goto out;
4056 		}
4057 
4058 		for (ppage_offset = 0; ppage_offset < piter.length;
4059 		     ppage_offset += sizeof(struct t10_pi_tuple)) {
4060 			/* If we're at the end of the current
4061 			 * data page advance to the next one
4062 			 */
4063 			if (dpage_offset >= diter.length) {
4064 				if (WARN_ON(!sg_miter_next(&diter))) {
4065 					ret = 0x01;
4066 					goto out;
4067 				}
4068 				dpage_offset = 0;
4069 			}
4070 
4071 			sdt = piter.addr + ppage_offset;
4072 			daddr = diter.addr + dpage_offset;
4073 
4074 			if (SCpnt->cmnd[1] >> 5 != 3) { /* WRPROTECT */
4075 				ret = dif_verify(sdt, daddr, sector, ei_lba);
4076 				if (ret)
4077 					goto out;
4078 			}
4079 
4080 			sector++;
4081 			ei_lba++;
4082 			dpage_offset += sdebug_sector_size;
4083 		}
4084 		diter.consumed = dpage_offset;
4085 		sg_miter_stop(&diter);
4086 	}
4087 	sg_miter_stop(&piter);
4088 
4089 	dif_copy_prot(SCpnt, start_sec, sectors, false);
4090 	dix_writes++;
4091 
4092 	return 0;
4093 
4094 out:
4095 	dif_errors++;
4096 	sg_miter_stop(&diter);
4097 	sg_miter_stop(&piter);
4098 	return ret;
4099 }
4100 
4101 static unsigned long lba_to_map_index(sector_t lba)
4102 {
4103 	if (sdebug_unmap_alignment)
4104 		lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
4105 	sector_div(lba, sdebug_unmap_granularity);
4106 	return lba;
4107 }
4108 
4109 static sector_t map_index_to_lba(unsigned long index)
4110 {
4111 	sector_t lba = index * sdebug_unmap_granularity;
4112 
4113 	if (sdebug_unmap_alignment)
4114 		lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
4115 	return lba;
4116 }
4117 
4118 static unsigned int map_state(struct sdeb_store_info *sip, sector_t lba,
4119 			      unsigned int *num)
4120 {
4121 	sector_t end;
4122 	unsigned int mapped;
4123 	unsigned long index;
4124 	unsigned long next;
4125 
4126 	index = lba_to_map_index(lba);
4127 	mapped = test_bit(index, sip->map_storep);
4128 
4129 	if (mapped)
4130 		next = find_next_zero_bit(sip->map_storep, map_size, index);
4131 	else
4132 		next = find_next_bit(sip->map_storep, map_size, index);
4133 
4134 	end = min_t(sector_t, sdebug_store_sectors,  map_index_to_lba(next));
4135 	*num = end - lba;
4136 	return mapped;
4137 }
4138 
4139 static void map_region(struct sdeb_store_info *sip, sector_t lba,
4140 		       unsigned int len)
4141 {
4142 	sector_t end = lba + len;
4143 
4144 	while (lba < end) {
4145 		unsigned long index = lba_to_map_index(lba);
4146 
4147 		if (index < map_size)
4148 			set_bit(index, sip->map_storep);
4149 
4150 		lba = map_index_to_lba(index + 1);
4151 	}
4152 }
4153 
4154 static void unmap_region(struct sdeb_store_info *sip, sector_t lba,
4155 			 unsigned int len)
4156 {
4157 	sector_t end = lba + len;
4158 	u8 *fsp = sip->storep;
4159 
4160 	while (lba < end) {
4161 		unsigned long index = lba_to_map_index(lba);
4162 
4163 		if (lba == map_index_to_lba(index) &&
4164 		    lba + sdebug_unmap_granularity <= end &&
4165 		    index < map_size) {
4166 			clear_bit(index, sip->map_storep);
4167 			if (sdebug_lbprz) {  /* for LBPRZ=2 return 0xff_s */
4168 				memset(fsp + lba * sdebug_sector_size,
4169 				       (sdebug_lbprz & 1) ? 0 : 0xff,
4170 				       sdebug_sector_size *
4171 				       sdebug_unmap_granularity);
4172 			}
4173 			if (sip->dif_storep) {
4174 				memset(sip->dif_storep + lba, 0xff,
4175 				       sizeof(*sip->dif_storep) *
4176 				       sdebug_unmap_granularity);
4177 			}
4178 		}
4179 		lba = map_index_to_lba(index + 1);
4180 	}
4181 }
4182 
4183 static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4184 {
4185 	bool check_prot;
4186 	u32 num;
4187 	u8 group = 0;
4188 	u32 ei_lba;
4189 	int ret;
4190 	u64 lba;
4191 	struct sdeb_store_info *sip = devip2sip(devip, true);
4192 	u8 *cmd = scp->cmnd;
4193 	bool meta_data_locked = false;
4194 
4195 	switch (cmd[0]) {
4196 	case WRITE_16:
4197 		ei_lba = 0;
4198 		lba = get_unaligned_be64(cmd + 2);
4199 		num = get_unaligned_be32(cmd + 10);
4200 		group = cmd[14] & 0x3f;
4201 		check_prot = true;
4202 		break;
4203 	case WRITE_10:
4204 		ei_lba = 0;
4205 		lba = get_unaligned_be32(cmd + 2);
4206 		group = cmd[6] & 0x3f;
4207 		num = get_unaligned_be16(cmd + 7);
4208 		check_prot = true;
4209 		break;
4210 	case WRITE_6:
4211 		ei_lba = 0;
4212 		lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
4213 		      (u32)(cmd[1] & 0x1f) << 16;
4214 		num = (0 == cmd[4]) ? 256 : cmd[4];
4215 		check_prot = true;
4216 		break;
4217 	case WRITE_12:
4218 		ei_lba = 0;
4219 		lba = get_unaligned_be32(cmd + 2);
4220 		num = get_unaligned_be32(cmd + 6);
4221 		group = cmd[6] & 0x3f;
4222 		check_prot = true;
4223 		break;
4224 	case 0x53:	/* XDWRITEREAD(10) */
4225 		ei_lba = 0;
4226 		lba = get_unaligned_be32(cmd + 2);
4227 		group = cmd[6] & 0x1f;
4228 		num = get_unaligned_be16(cmd + 7);
4229 		check_prot = false;
4230 		break;
4231 	default:	/* assume WRITE(32) */
4232 		group = cmd[6] & 0x3f;
4233 		lba = get_unaligned_be64(cmd + 12);
4234 		ei_lba = get_unaligned_be32(cmd + 20);
4235 		num = get_unaligned_be32(cmd + 28);
4236 		check_prot = false;
4237 		break;
4238 	}
4239 	if (unlikely(have_dif_prot && check_prot)) {
4240 		if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4241 		    (cmd[1] & 0xe0)) {
4242 			mk_sense_invalid_opcode(scp);
4243 			return check_condition_result;
4244 		}
4245 		if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4246 		     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4247 		    (cmd[1] & 0xe0) == 0)
4248 			sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
4249 				    "to DIF device\n");
4250 	}
4251 
4252 	if (sdebug_dev_is_zoned(devip) ||
4253 	    (sdebug_dix && scsi_prot_sg_count(scp)) ||
4254 	    scsi_debug_lbp())  {
4255 		sdeb_meta_write_lock(sip);
4256 		meta_data_locked = true;
4257 	}
4258 
4259 	ret = check_device_access_params(scp, lba, num, true);
4260 	if (ret) {
4261 		if (meta_data_locked)
4262 			sdeb_meta_write_unlock(sip);
4263 		return ret;
4264 	}
4265 
4266 	/* DIX + T10 DIF */
4267 	if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
4268 		switch (prot_verify_write(scp, lba, num, ei_lba)) {
4269 		case 1: /* Guard tag error */
4270 			if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
4271 				sdeb_meta_write_unlock(sip);
4272 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4273 				return illegal_condition_result;
4274 			} else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
4275 				sdeb_meta_write_unlock(sip);
4276 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4277 				return check_condition_result;
4278 			}
4279 			break;
4280 		case 3: /* Reference tag error */
4281 			if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
4282 				sdeb_meta_write_unlock(sip);
4283 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
4284 				return illegal_condition_result;
4285 			} else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
4286 				sdeb_meta_write_unlock(sip);
4287 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
4288 				return check_condition_result;
4289 			}
4290 			break;
4291 		}
4292 	}
4293 
4294 	ret = do_device_access(sip, scp, 0, lba, num, group, true, false);
4295 	if (unlikely(scsi_debug_lbp()))
4296 		map_region(sip, lba, num);
4297 
4298 	/* If ZBC zone then bump its write pointer */
4299 	if (sdebug_dev_is_zoned(devip))
4300 		zbc_inc_wp(devip, lba, num);
4301 	if (meta_data_locked)
4302 		sdeb_meta_write_unlock(sip);
4303 
4304 	if (unlikely(-1 == ret))
4305 		return DID_ERROR << 16;
4306 	else if (unlikely(sdebug_verbose &&
4307 			  (ret < (num * sdebug_sector_size))))
4308 		sdev_printk(KERN_INFO, scp->device,
4309 			    "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
4310 			    my_name, num * sdebug_sector_size, ret);
4311 
4312 	if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
4313 		     atomic_read(&sdeb_inject_pending))) {
4314 		if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
4315 			mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
4316 			atomic_set(&sdeb_inject_pending, 0);
4317 			return check_condition_result;
4318 		} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
4319 			/* Logical block guard check failed */
4320 			mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4321 			atomic_set(&sdeb_inject_pending, 0);
4322 			return illegal_condition_result;
4323 		} else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
4324 			mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4325 			atomic_set(&sdeb_inject_pending, 0);
4326 			return illegal_condition_result;
4327 		}
4328 	}
4329 	return 0;
4330 }
4331 
4332 /*
4333  * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
4334  * No READ GATHERED yet (requires bidi or long cdb holding gather list).
4335  */
4336 static int resp_write_scat(struct scsi_cmnd *scp,
4337 			   struct sdebug_dev_info *devip)
4338 {
4339 	u8 *cmd = scp->cmnd;
4340 	u8 *lrdp = NULL;
4341 	u8 *up;
4342 	struct sdeb_store_info *sip = devip2sip(devip, true);
4343 	u8 wrprotect;
4344 	u16 lbdof, num_lrd, k;
4345 	u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
4346 	u32 lb_size = sdebug_sector_size;
4347 	u32 ei_lba;
4348 	u64 lba;
4349 	u8 group;
4350 	int ret, res;
4351 	bool is_16;
4352 	static const u32 lrd_size = 32; /* + parameter list header size */
4353 
4354 	if (cmd[0] == VARIABLE_LENGTH_CMD) {
4355 		is_16 = false;
4356 		group = cmd[6] & 0x3f;
4357 		wrprotect = (cmd[10] >> 5) & 0x7;
4358 		lbdof = get_unaligned_be16(cmd + 12);
4359 		num_lrd = get_unaligned_be16(cmd + 16);
4360 		bt_len = get_unaligned_be32(cmd + 28);
4361 	} else {        /* that leaves WRITE SCATTERED(16) */
4362 		is_16 = true;
4363 		wrprotect = (cmd[2] >> 5) & 0x7;
4364 		lbdof = get_unaligned_be16(cmd + 4);
4365 		num_lrd = get_unaligned_be16(cmd + 8);
4366 		bt_len = get_unaligned_be32(cmd + 10);
4367 		group = cmd[14] & 0x3f;
4368 		if (unlikely(have_dif_prot)) {
4369 			if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4370 			    wrprotect) {
4371 				mk_sense_invalid_opcode(scp);
4372 				return illegal_condition_result;
4373 			}
4374 			if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4375 			     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4376 			     wrprotect == 0)
4377 				sdev_printk(KERN_ERR, scp->device,
4378 					    "Unprotected WR to DIF device\n");
4379 		}
4380 	}
4381 	if ((num_lrd == 0) || (bt_len == 0))
4382 		return 0;       /* T10 says these do-nothings are not errors */
4383 	if (lbdof == 0) {
4384 		if (sdebug_verbose)
4385 			sdev_printk(KERN_INFO, scp->device,
4386 				"%s: %s: LB Data Offset field bad\n",
4387 				my_name, __func__);
4388 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4389 		return illegal_condition_result;
4390 	}
4391 	lbdof_blen = lbdof * lb_size;
4392 	if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
4393 		if (sdebug_verbose)
4394 			sdev_printk(KERN_INFO, scp->device,
4395 				"%s: %s: LBA range descriptors don't fit\n",
4396 				my_name, __func__);
4397 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4398 		return illegal_condition_result;
4399 	}
4400 	lrdp = kzalloc(lbdof_blen, GFP_ATOMIC | __GFP_NOWARN);
4401 	if (lrdp == NULL)
4402 		return SCSI_MLQUEUE_HOST_BUSY;
4403 	if (sdebug_verbose)
4404 		sdev_printk(KERN_INFO, scp->device,
4405 			"%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
4406 			my_name, __func__, lbdof_blen);
4407 	res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
4408 	if (res == -1) {
4409 		ret = DID_ERROR << 16;
4410 		goto err_out;
4411 	}
4412 
4413 	/* Just keep it simple and always lock for now */
4414 	sdeb_meta_write_lock(sip);
4415 	sg_off = lbdof_blen;
4416 	/* Spec says Buffer xfer Length field in number of LBs in dout */
4417 	cum_lb = 0;
4418 	for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
4419 		lba = get_unaligned_be64(up + 0);
4420 		num = get_unaligned_be32(up + 8);
4421 		if (sdebug_verbose)
4422 			sdev_printk(KERN_INFO, scp->device,
4423 				"%s: %s: k=%d  LBA=0x%llx num=%u  sg_off=%u\n",
4424 				my_name, __func__, k, lba, num, sg_off);
4425 		if (num == 0)
4426 			continue;
4427 		ret = check_device_access_params(scp, lba, num, true);
4428 		if (ret)
4429 			goto err_out_unlock;
4430 		num_by = num * lb_size;
4431 		ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
4432 
4433 		if ((cum_lb + num) > bt_len) {
4434 			if (sdebug_verbose)
4435 				sdev_printk(KERN_INFO, scp->device,
4436 				    "%s: %s: sum of blocks > data provided\n",
4437 				    my_name, __func__);
4438 			mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
4439 					0);
4440 			ret = illegal_condition_result;
4441 			goto err_out_unlock;
4442 		}
4443 
4444 		/* DIX + T10 DIF */
4445 		if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
4446 			int prot_ret = prot_verify_write(scp, lba, num,
4447 							 ei_lba);
4448 
4449 			if (prot_ret) {
4450 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
4451 						prot_ret);
4452 				ret = illegal_condition_result;
4453 				goto err_out_unlock;
4454 			}
4455 		}
4456 
4457 		/*
4458 		 * Write ranges atomically to keep as close to pre-atomic
4459 		 * writes behaviour as possible.
4460 		 */
4461 		ret = do_device_access(sip, scp, sg_off, lba, num, group, true, true);
4462 		/* If ZBC zone then bump its write pointer */
4463 		if (sdebug_dev_is_zoned(devip))
4464 			zbc_inc_wp(devip, lba, num);
4465 		if (unlikely(scsi_debug_lbp()))
4466 			map_region(sip, lba, num);
4467 		if (unlikely(-1 == ret)) {
4468 			ret = DID_ERROR << 16;
4469 			goto err_out_unlock;
4470 		} else if (unlikely(sdebug_verbose && (ret < num_by)))
4471 			sdev_printk(KERN_INFO, scp->device,
4472 			    "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
4473 			    my_name, num_by, ret);
4474 
4475 		if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
4476 			     atomic_read(&sdeb_inject_pending))) {
4477 			if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
4478 				mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
4479 				atomic_set(&sdeb_inject_pending, 0);
4480 				ret = check_condition_result;
4481 				goto err_out_unlock;
4482 			} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
4483 				/* Logical block guard check failed */
4484 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
4485 				atomic_set(&sdeb_inject_pending, 0);
4486 				ret = illegal_condition_result;
4487 				goto err_out_unlock;
4488 			} else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
4489 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
4490 				atomic_set(&sdeb_inject_pending, 0);
4491 				ret = illegal_condition_result;
4492 				goto err_out_unlock;
4493 			}
4494 		}
4495 		sg_off += num_by;
4496 		cum_lb += num;
4497 	}
4498 	ret = 0;
4499 err_out_unlock:
4500 	sdeb_meta_write_unlock(sip);
4501 err_out:
4502 	kfree(lrdp);
4503 	return ret;
4504 }
4505 
4506 static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
4507 			   u32 ei_lba, bool unmap, bool ndob)
4508 {
4509 	struct scsi_device *sdp = scp->device;
4510 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
4511 	unsigned long long i;
4512 	u64 block, lbaa;
4513 	u32 lb_size = sdebug_sector_size;
4514 	int ret;
4515 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
4516 						scp->device->hostdata, true);
4517 	u8 *fs1p;
4518 	u8 *fsp;
4519 	bool meta_data_locked = false;
4520 
4521 	if (sdebug_dev_is_zoned(devip) || scsi_debug_lbp()) {
4522 		sdeb_meta_write_lock(sip);
4523 		meta_data_locked = true;
4524 	}
4525 
4526 	ret = check_device_access_params(scp, lba, num, true);
4527 	if (ret)
4528 		goto out;
4529 
4530 	if (unmap && scsi_debug_lbp()) {
4531 		unmap_region(sip, lba, num);
4532 		goto out;
4533 	}
4534 	lbaa = lba;
4535 	block = do_div(lbaa, sdebug_store_sectors);
4536 	/* if ndob then zero 1 logical block, else fetch 1 logical block */
4537 	fsp = sip->storep;
4538 	fs1p = fsp + (block * lb_size);
4539 	sdeb_data_write_lock(sip);
4540 	if (ndob) {
4541 		memset(fs1p, 0, lb_size);
4542 		ret = 0;
4543 	} else
4544 		ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
4545 
4546 	if (-1 == ret) {
4547 		ret = DID_ERROR << 16;
4548 		goto out;
4549 	} else if (sdebug_verbose && !ndob && (ret < lb_size))
4550 		sdev_printk(KERN_INFO, scp->device,
4551 			    "%s: %s: lb size=%u, IO sent=%d bytes\n",
4552 			    my_name, "write same", lb_size, ret);
4553 
4554 	/* Copy first sector to remaining blocks */
4555 	for (i = 1 ; i < num ; i++) {
4556 		lbaa = lba + i;
4557 		block = do_div(lbaa, sdebug_store_sectors);
4558 		memmove(fsp + (block * lb_size), fs1p, lb_size);
4559 	}
4560 	if (scsi_debug_lbp())
4561 		map_region(sip, lba, num);
4562 	/* If ZBC zone then bump its write pointer */
4563 	if (sdebug_dev_is_zoned(devip))
4564 		zbc_inc_wp(devip, lba, num);
4565 	sdeb_data_write_unlock(sip);
4566 	ret = 0;
4567 out:
4568 	if (meta_data_locked)
4569 		sdeb_meta_write_unlock(sip);
4570 	return ret;
4571 }
4572 
4573 static int resp_write_same_10(struct scsi_cmnd *scp,
4574 			      struct sdebug_dev_info *devip)
4575 {
4576 	u8 *cmd = scp->cmnd;
4577 	u32 lba;
4578 	u16 num;
4579 	u32 ei_lba = 0;
4580 	bool unmap = false;
4581 
4582 	if (cmd[1] & 0x8) {
4583 		if (sdebug_lbpws10 == 0) {
4584 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
4585 			return check_condition_result;
4586 		} else
4587 			unmap = true;
4588 	}
4589 	lba = get_unaligned_be32(cmd + 2);
4590 	num = get_unaligned_be16(cmd + 7);
4591 	if (num > sdebug_write_same_length) {
4592 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
4593 		return check_condition_result;
4594 	}
4595 	return resp_write_same(scp, lba, num, ei_lba, unmap, false);
4596 }
4597 
4598 static int resp_write_same_16(struct scsi_cmnd *scp,
4599 			      struct sdebug_dev_info *devip)
4600 {
4601 	u8 *cmd = scp->cmnd;
4602 	u64 lba;
4603 	u32 num;
4604 	u32 ei_lba = 0;
4605 	bool unmap = false;
4606 	bool ndob = false;
4607 
4608 	if (cmd[1] & 0x8) {	/* UNMAP */
4609 		if (sdebug_lbpws == 0) {
4610 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
4611 			return check_condition_result;
4612 		} else
4613 			unmap = true;
4614 	}
4615 	if (cmd[1] & 0x1)  /* NDOB (no data-out buffer, assumes zeroes) */
4616 		ndob = true;
4617 	lba = get_unaligned_be64(cmd + 2);
4618 	num = get_unaligned_be32(cmd + 10);
4619 	if (num > sdebug_write_same_length) {
4620 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
4621 		return check_condition_result;
4622 	}
4623 	return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
4624 }
4625 
4626 /* Note the mode field is in the same position as the (lower) service action
4627  * field. For the Report supported operation codes command, SPC-4 suggests
4628  * each mode of this command should be reported separately; for future. */
4629 static int resp_write_buffer(struct scsi_cmnd *scp,
4630 			     struct sdebug_dev_info *devip)
4631 {
4632 	u8 *cmd = scp->cmnd;
4633 	struct scsi_device *sdp = scp->device;
4634 	struct sdebug_dev_info *dp;
4635 	u8 mode;
4636 
4637 	mode = cmd[1] & 0x1f;
4638 	switch (mode) {
4639 	case 0x4:	/* download microcode (MC) and activate (ACT) */
4640 		/* set UAs on this device only */
4641 		set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4642 		set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
4643 		break;
4644 	case 0x5:	/* download MC, save and ACT */
4645 		set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
4646 		break;
4647 	case 0x6:	/* download MC with offsets and ACT */
4648 		/* set UAs on most devices (LUs) in this target */
4649 		list_for_each_entry(dp,
4650 				    &devip->sdbg_host->dev_info_list,
4651 				    dev_list)
4652 			if (dp->target == sdp->id) {
4653 				set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
4654 				if (devip != dp)
4655 					set_bit(SDEBUG_UA_MICROCODE_CHANGED,
4656 						dp->uas_bm);
4657 			}
4658 		break;
4659 	case 0x7:	/* download MC with offsets, save, and ACT */
4660 		/* set UA on all devices (LUs) in this target */
4661 		list_for_each_entry(dp,
4662 				    &devip->sdbg_host->dev_info_list,
4663 				    dev_list)
4664 			if (dp->target == sdp->id)
4665 				set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
4666 					dp->uas_bm);
4667 		break;
4668 	default:
4669 		/* do nothing for this command for other mode values */
4670 		break;
4671 	}
4672 	return 0;
4673 }
4674 
4675 static int resp_comp_write(struct scsi_cmnd *scp,
4676 			   struct sdebug_dev_info *devip)
4677 {
4678 	u8 *cmd = scp->cmnd;
4679 	u8 *arr;
4680 	struct sdeb_store_info *sip = devip2sip(devip, true);
4681 	u64 lba;
4682 	u32 dnum;
4683 	u32 lb_size = sdebug_sector_size;
4684 	u8 num;
4685 	int ret;
4686 	int retval = 0;
4687 
4688 	lba = get_unaligned_be64(cmd + 2);
4689 	num = cmd[13];		/* 1 to a maximum of 255 logical blocks */
4690 	if (0 == num)
4691 		return 0;	/* degenerate case, not an error */
4692 	if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4693 	    (cmd[1] & 0xe0)) {
4694 		mk_sense_invalid_opcode(scp);
4695 		return check_condition_result;
4696 	}
4697 	if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4698 	     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4699 	    (cmd[1] & 0xe0) == 0)
4700 		sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
4701 			    "to DIF device\n");
4702 	ret = check_device_access_params(scp, lba, num, false);
4703 	if (ret)
4704 		return ret;
4705 	dnum = 2 * num;
4706 	arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
4707 	if (NULL == arr) {
4708 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4709 				INSUFF_RES_ASCQ);
4710 		return check_condition_result;
4711 	}
4712 
4713 	ret = do_dout_fetch(scp, dnum, arr);
4714 	if (ret == -1) {
4715 		retval = DID_ERROR << 16;
4716 		goto cleanup_free;
4717 	} else if (sdebug_verbose && (ret < (dnum * lb_size)))
4718 		sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
4719 			    "indicated=%u, IO sent=%d bytes\n", my_name,
4720 			    dnum * lb_size, ret);
4721 
4722 	sdeb_data_write_lock(sip);
4723 	sdeb_meta_write_lock(sip);
4724 	if (!comp_write_worker(sip, lba, num, arr, false)) {
4725 		mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4726 		retval = check_condition_result;
4727 		goto cleanup_unlock;
4728 	}
4729 
4730 	/* Cover sip->map_storep (which map_region()) sets with data lock */
4731 	if (scsi_debug_lbp())
4732 		map_region(sip, lba, num);
4733 cleanup_unlock:
4734 	sdeb_meta_write_unlock(sip);
4735 	sdeb_data_write_unlock(sip);
4736 cleanup_free:
4737 	kfree(arr);
4738 	return retval;
4739 }
4740 
4741 struct unmap_block_desc {
4742 	__be64	lba;
4743 	__be32	blocks;
4744 	__be32	__reserved;
4745 };
4746 
4747 static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4748 {
4749 	unsigned char *buf;
4750 	struct unmap_block_desc *desc;
4751 	struct sdeb_store_info *sip = devip2sip(devip, true);
4752 	unsigned int i, payload_len, descriptors;
4753 	int ret;
4754 
4755 	if (!scsi_debug_lbp())
4756 		return 0;	/* fib and say its done */
4757 	payload_len = get_unaligned_be16(scp->cmnd + 7);
4758 	BUG_ON(scsi_bufflen(scp) != payload_len);
4759 
4760 	descriptors = (payload_len - 8) / 16;
4761 	if (descriptors > sdebug_unmap_max_desc) {
4762 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
4763 		return check_condition_result;
4764 	}
4765 
4766 	buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
4767 	if (!buf) {
4768 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4769 				INSUFF_RES_ASCQ);
4770 		return check_condition_result;
4771 	}
4772 
4773 	scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
4774 
4775 	BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
4776 	BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
4777 
4778 	desc = (void *)&buf[8];
4779 
4780 	sdeb_meta_write_lock(sip);
4781 
4782 	for (i = 0 ; i < descriptors ; i++) {
4783 		unsigned long long lba = get_unaligned_be64(&desc[i].lba);
4784 		unsigned int num = get_unaligned_be32(&desc[i].blocks);
4785 
4786 		ret = check_device_access_params(scp, lba, num, true);
4787 		if (ret)
4788 			goto out;
4789 
4790 		unmap_region(sip, lba, num);
4791 	}
4792 
4793 	ret = 0;
4794 
4795 out:
4796 	sdeb_meta_write_unlock(sip);
4797 	kfree(buf);
4798 
4799 	return ret;
4800 }
4801 
4802 #define SDEBUG_GET_LBA_STATUS_LEN 32
4803 
4804 static int resp_get_lba_status(struct scsi_cmnd *scp,
4805 			       struct sdebug_dev_info *devip)
4806 {
4807 	u8 *cmd = scp->cmnd;
4808 	u64 lba;
4809 	u32 alloc_len, mapped, num;
4810 	int ret;
4811 	u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
4812 
4813 	lba = get_unaligned_be64(cmd + 2);
4814 	alloc_len = get_unaligned_be32(cmd + 10);
4815 
4816 	if (alloc_len < 24)
4817 		return 0;
4818 
4819 	ret = check_device_access_params(scp, lba, 1, false);
4820 	if (ret)
4821 		return ret;
4822 
4823 	if (scsi_debug_lbp()) {
4824 		struct sdeb_store_info *sip = devip2sip(devip, true);
4825 
4826 		mapped = map_state(sip, lba, &num);
4827 	} else {
4828 		mapped = 1;
4829 		/* following just in case virtual_gb changed */
4830 		sdebug_capacity = get_sdebug_capacity();
4831 		if (sdebug_capacity - lba <= 0xffffffff)
4832 			num = sdebug_capacity - lba;
4833 		else
4834 			num = 0xffffffff;
4835 	}
4836 
4837 	memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
4838 	put_unaligned_be32(20, arr);		/* Parameter Data Length */
4839 	put_unaligned_be64(lba, arr + 8);	/* LBA */
4840 	put_unaligned_be32(num, arr + 16);	/* Number of blocks */
4841 	arr[20] = !mapped;		/* prov_stat=0: mapped; 1: dealloc */
4842 
4843 	return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
4844 }
4845 
4846 static int resp_get_stream_status(struct scsi_cmnd *scp,
4847 				  struct sdebug_dev_info *devip)
4848 {
4849 	u16 starting_stream_id, stream_id;
4850 	const u8 *cmd = scp->cmnd;
4851 	u32 alloc_len, offset;
4852 	u8 arr[256] = {};
4853 	struct scsi_stream_status_header *h = (void *)arr;
4854 
4855 	starting_stream_id = get_unaligned_be16(cmd + 4);
4856 	alloc_len = get_unaligned_be32(cmd + 10);
4857 
4858 	if (alloc_len < 8) {
4859 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
4860 		return check_condition_result;
4861 	}
4862 
4863 	if (starting_stream_id >= MAXIMUM_NUMBER_OF_STREAMS) {
4864 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
4865 		return check_condition_result;
4866 	}
4867 
4868 	/*
4869 	 * The GET STREAM STATUS command only reports status information
4870 	 * about open streams. Treat the non-permanent stream as open.
4871 	 */
4872 	put_unaligned_be16(MAXIMUM_NUMBER_OF_STREAMS,
4873 			   &h->number_of_open_streams);
4874 
4875 	for (offset = 8, stream_id = starting_stream_id;
4876 	     offset + 8 <= min_t(u32, alloc_len, sizeof(arr)) &&
4877 		     stream_id < MAXIMUM_NUMBER_OF_STREAMS;
4878 	     offset += 8, stream_id++) {
4879 		struct scsi_stream_status *stream_status = (void *)arr + offset;
4880 
4881 		stream_status->perm = stream_id < PERMANENT_STREAM_COUNT;
4882 		put_unaligned_be16(stream_id,
4883 				   &stream_status->stream_identifier);
4884 		stream_status->rel_lifetime = stream_id + 1;
4885 	}
4886 	put_unaligned_be32(offset - 8, &h->len); /* PARAMETER DATA LENGTH */
4887 
4888 	return fill_from_dev_buffer(scp, arr, min(offset, alloc_len));
4889 }
4890 
4891 static int resp_sync_cache(struct scsi_cmnd *scp,
4892 			   struct sdebug_dev_info *devip)
4893 {
4894 	int res = 0;
4895 	u64 lba;
4896 	u32 num_blocks;
4897 	u8 *cmd = scp->cmnd;
4898 
4899 	if (cmd[0] == SYNCHRONIZE_CACHE) {	/* 10 byte cdb */
4900 		lba = get_unaligned_be32(cmd + 2);
4901 		num_blocks = get_unaligned_be16(cmd + 7);
4902 	} else {				/* SYNCHRONIZE_CACHE(16) */
4903 		lba = get_unaligned_be64(cmd + 2);
4904 		num_blocks = get_unaligned_be32(cmd + 10);
4905 	}
4906 	if (lba + num_blocks > sdebug_capacity) {
4907 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4908 		return check_condition_result;
4909 	}
4910 	if (!write_since_sync || (cmd[1] & 0x2))
4911 		res = SDEG_RES_IMMED_MASK;
4912 	else		/* delay if write_since_sync and IMMED clear */
4913 		write_since_sync = false;
4914 	return res;
4915 }
4916 
4917 /*
4918  * Assuming the LBA+num_blocks is not out-of-range, this function will return
4919  * CONDITION MET if the specified blocks will/have fitted in the cache, and
4920  * a GOOD status otherwise. Model a disk with a big cache and yield
4921  * CONDITION MET. Actually tries to bring range in main memory into the
4922  * cache associated with the CPU(s).
4923  */
4924 static int resp_pre_fetch(struct scsi_cmnd *scp,
4925 			  struct sdebug_dev_info *devip)
4926 {
4927 	int res = 0;
4928 	u64 lba;
4929 	u64 block, rest = 0;
4930 	u32 nblks;
4931 	u8 *cmd = scp->cmnd;
4932 	struct sdeb_store_info *sip = devip2sip(devip, true);
4933 	u8 *fsp = sip->storep;
4934 
4935 	if (cmd[0] == PRE_FETCH) {	/* 10 byte cdb */
4936 		lba = get_unaligned_be32(cmd + 2);
4937 		nblks = get_unaligned_be16(cmd + 7);
4938 	} else {			/* PRE-FETCH(16) */
4939 		lba = get_unaligned_be64(cmd + 2);
4940 		nblks = get_unaligned_be32(cmd + 10);
4941 	}
4942 	if (lba + nblks > sdebug_capacity) {
4943 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4944 		return check_condition_result;
4945 	}
4946 	if (!fsp)
4947 		goto fini;
4948 	/* PRE-FETCH spec says nothing about LBP or PI so skip them */
4949 	block = do_div(lba, sdebug_store_sectors);
4950 	if (block + nblks > sdebug_store_sectors)
4951 		rest = block + nblks - sdebug_store_sectors;
4952 
4953 	/* Try to bring the PRE-FETCH range into CPU's cache */
4954 	sdeb_data_read_lock(sip);
4955 	prefetch_range(fsp + (sdebug_sector_size * block),
4956 		       (nblks - rest) * sdebug_sector_size);
4957 	if (rest)
4958 		prefetch_range(fsp, rest * sdebug_sector_size);
4959 
4960 	sdeb_data_read_unlock(sip);
4961 fini:
4962 	if (cmd[1] & 0x2)
4963 		res = SDEG_RES_IMMED_MASK;
4964 	return res | condition_met_result;
4965 }
4966 
4967 #define RL_BUCKET_ELEMS 8
4968 
4969 /* Even though each pseudo target has a REPORT LUNS "well known logical unit"
4970  * (W-LUN), the normal Linux scanning logic does not associate it with a
4971  * device (e.g. /dev/sg7). The following magic will make that association:
4972  *   "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
4973  * where <n> is a host number. If there are multiple targets in a host then
4974  * the above will associate a W-LUN to each target. To only get a W-LUN
4975  * for target 2, then use "echo '- 2 49409' > scan" .
4976  */
4977 static int resp_report_luns(struct scsi_cmnd *scp,
4978 			    struct sdebug_dev_info *devip)
4979 {
4980 	unsigned char *cmd = scp->cmnd;
4981 	unsigned int alloc_len;
4982 	unsigned char select_report;
4983 	u64 lun;
4984 	struct scsi_lun *lun_p;
4985 	u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
4986 	unsigned int lun_cnt;	/* normal LUN count (max: 256) */
4987 	unsigned int wlun_cnt;	/* report luns W-LUN count */
4988 	unsigned int tlun_cnt;	/* total LUN count */
4989 	unsigned int rlen;	/* response length (in bytes) */
4990 	int k, j, n, res;
4991 	unsigned int off_rsp = 0;
4992 	const int sz_lun = sizeof(struct scsi_lun);
4993 
4994 	clear_luns_changed_on_target(devip);
4995 
4996 	select_report = cmd[2];
4997 	alloc_len = get_unaligned_be32(cmd + 6);
4998 
4999 	if (alloc_len < 4) {
5000 		pr_err("alloc len too small %d\n", alloc_len);
5001 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
5002 		return check_condition_result;
5003 	}
5004 
5005 	switch (select_report) {
5006 	case 0:		/* all LUNs apart from W-LUNs */
5007 		lun_cnt = sdebug_max_luns;
5008 		wlun_cnt = 0;
5009 		break;
5010 	case 1:		/* only W-LUNs */
5011 		lun_cnt = 0;
5012 		wlun_cnt = 1;
5013 		break;
5014 	case 2:		/* all LUNs */
5015 		lun_cnt = sdebug_max_luns;
5016 		wlun_cnt = 1;
5017 		break;
5018 	case 0x10:	/* only administrative LUs */
5019 	case 0x11:	/* see SPC-5 */
5020 	case 0x12:	/* only subsiduary LUs owned by referenced LU */
5021 	default:
5022 		pr_debug("select report invalid %d\n", select_report);
5023 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
5024 		return check_condition_result;
5025 	}
5026 
5027 	if (sdebug_no_lun_0 && (lun_cnt > 0))
5028 		--lun_cnt;
5029 
5030 	tlun_cnt = lun_cnt + wlun_cnt;
5031 	rlen = tlun_cnt * sz_lun;	/* excluding 8 byte header */
5032 	scsi_set_resid(scp, scsi_bufflen(scp));
5033 	pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
5034 		 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
5035 
5036 	/* loops rely on sizeof response header same as sizeof lun (both 8) */
5037 	lun = sdebug_no_lun_0 ? 1 : 0;
5038 	for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
5039 		memset(arr, 0, sizeof(arr));
5040 		lun_p = (struct scsi_lun *)&arr[0];
5041 		if (k == 0) {
5042 			put_unaligned_be32(rlen, &arr[0]);
5043 			++lun_p;
5044 			j = 1;
5045 		}
5046 		for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
5047 			if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
5048 				break;
5049 			int_to_scsilun(lun++, lun_p);
5050 			if (lun > 1 && sdebug_lun_am == SAM_LUN_AM_FLAT)
5051 				lun_p->scsi_lun[0] |= 0x40;
5052 		}
5053 		if (j < RL_BUCKET_ELEMS)
5054 			break;
5055 		n = j * sz_lun;
5056 		res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
5057 		if (res)
5058 			return res;
5059 		off_rsp += n;
5060 	}
5061 	if (wlun_cnt) {
5062 		int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
5063 		++j;
5064 	}
5065 	if (j > 0)
5066 		res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
5067 	return res;
5068 }
5069 
5070 static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
5071 {
5072 	bool is_bytchk3 = false;
5073 	u8 bytchk;
5074 	int ret, j;
5075 	u32 vnum, a_num, off;
5076 	const u32 lb_size = sdebug_sector_size;
5077 	u64 lba;
5078 	u8 *arr;
5079 	u8 *cmd = scp->cmnd;
5080 	struct sdeb_store_info *sip = devip2sip(devip, true);
5081 
5082 	bytchk = (cmd[1] >> 1) & 0x3;
5083 	if (bytchk == 0) {
5084 		return 0;	/* always claim internal verify okay */
5085 	} else if (bytchk == 2) {
5086 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
5087 		return check_condition_result;
5088 	} else if (bytchk == 3) {
5089 		is_bytchk3 = true;	/* 1 block sent, compared repeatedly */
5090 	}
5091 	switch (cmd[0]) {
5092 	case VERIFY_16:
5093 		lba = get_unaligned_be64(cmd + 2);
5094 		vnum = get_unaligned_be32(cmd + 10);
5095 		break;
5096 	case VERIFY:		/* is VERIFY(10) */
5097 		lba = get_unaligned_be32(cmd + 2);
5098 		vnum = get_unaligned_be16(cmd + 7);
5099 		break;
5100 	default:
5101 		mk_sense_invalid_opcode(scp);
5102 		return check_condition_result;
5103 	}
5104 	if (vnum == 0)
5105 		return 0;	/* not an error */
5106 	a_num = is_bytchk3 ? 1 : vnum;
5107 	/* Treat following check like one for read (i.e. no write) access */
5108 	ret = check_device_access_params(scp, lba, a_num, false);
5109 	if (ret)
5110 		return ret;
5111 
5112 	arr = kcalloc(lb_size, vnum, GFP_ATOMIC | __GFP_NOWARN);
5113 	if (!arr) {
5114 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
5115 				INSUFF_RES_ASCQ);
5116 		return check_condition_result;
5117 	}
5118 	/* Not changing store, so only need read access */
5119 	sdeb_data_read_lock(sip);
5120 
5121 	ret = do_dout_fetch(scp, a_num, arr);
5122 	if (ret == -1) {
5123 		ret = DID_ERROR << 16;
5124 		goto cleanup;
5125 	} else if (sdebug_verbose && (ret < (a_num * lb_size))) {
5126 		sdev_printk(KERN_INFO, scp->device,
5127 			    "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
5128 			    my_name, __func__, a_num * lb_size, ret);
5129 	}
5130 	if (is_bytchk3) {
5131 		for (j = 1, off = lb_size; j < vnum; ++j, off += lb_size)
5132 			memcpy(arr + off, arr, lb_size);
5133 	}
5134 	ret = 0;
5135 	if (!comp_write_worker(sip, lba, vnum, arr, true)) {
5136 		mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
5137 		ret = check_condition_result;
5138 		goto cleanup;
5139 	}
5140 cleanup:
5141 	sdeb_data_read_unlock(sip);
5142 	kfree(arr);
5143 	return ret;
5144 }
5145 
5146 #define RZONES_DESC_HD 64
5147 
5148 /* Report zones depending on start LBA and reporting options */
5149 static int resp_report_zones(struct scsi_cmnd *scp,
5150 			     struct sdebug_dev_info *devip)
5151 {
5152 	unsigned int rep_max_zones, nrz = 0;
5153 	int ret = 0;
5154 	u32 alloc_len, rep_opts, rep_len;
5155 	bool partial;
5156 	u64 lba, zs_lba;
5157 	u8 *arr = NULL, *desc;
5158 	u8 *cmd = scp->cmnd;
5159 	struct sdeb_zone_state *zsp = NULL;
5160 	struct sdeb_store_info *sip = devip2sip(devip, false);
5161 
5162 	if (!sdebug_dev_is_zoned(devip)) {
5163 		mk_sense_invalid_opcode(scp);
5164 		return check_condition_result;
5165 	}
5166 	zs_lba = get_unaligned_be64(cmd + 2);
5167 	alloc_len = get_unaligned_be32(cmd + 10);
5168 	if (alloc_len == 0)
5169 		return 0;	/* not an error */
5170 	rep_opts = cmd[14] & 0x3f;
5171 	partial = cmd[14] & 0x80;
5172 
5173 	if (zs_lba >= sdebug_capacity) {
5174 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5175 		return check_condition_result;
5176 	}
5177 
5178 	rep_max_zones = (alloc_len - 64) >> ilog2(RZONES_DESC_HD);
5179 
5180 	arr = kzalloc(alloc_len, GFP_ATOMIC | __GFP_NOWARN);
5181 	if (!arr) {
5182 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
5183 				INSUFF_RES_ASCQ);
5184 		return check_condition_result;
5185 	}
5186 
5187 	sdeb_meta_read_lock(sip);
5188 
5189 	desc = arr + 64;
5190 	for (lba = zs_lba; lba < sdebug_capacity;
5191 	     lba = zsp->z_start + zsp->z_size) {
5192 		if (WARN_ONCE(zbc_zone(devip, lba) == zsp, "lba = %llu\n", lba))
5193 			break;
5194 		zsp = zbc_zone(devip, lba);
5195 		switch (rep_opts) {
5196 		case 0x00:
5197 			/* All zones */
5198 			break;
5199 		case 0x01:
5200 			/* Empty zones */
5201 			if (zsp->z_cond != ZC1_EMPTY)
5202 				continue;
5203 			break;
5204 		case 0x02:
5205 			/* Implicit open zones */
5206 			if (zsp->z_cond != ZC2_IMPLICIT_OPEN)
5207 				continue;
5208 			break;
5209 		case 0x03:
5210 			/* Explicit open zones */
5211 			if (zsp->z_cond != ZC3_EXPLICIT_OPEN)
5212 				continue;
5213 			break;
5214 		case 0x04:
5215 			/* Closed zones */
5216 			if (zsp->z_cond != ZC4_CLOSED)
5217 				continue;
5218 			break;
5219 		case 0x05:
5220 			/* Full zones */
5221 			if (zsp->z_cond != ZC5_FULL)
5222 				continue;
5223 			break;
5224 		case 0x06:
5225 		case 0x07:
5226 		case 0x10:
5227 			/*
5228 			 * Read-only, offline, reset WP recommended are
5229 			 * not emulated: no zones to report;
5230 			 */
5231 			continue;
5232 		case 0x11:
5233 			/* non-seq-resource set */
5234 			if (!zsp->z_non_seq_resource)
5235 				continue;
5236 			break;
5237 		case 0x3e:
5238 			/* All zones except gap zones. */
5239 			if (zbc_zone_is_gap(zsp))
5240 				continue;
5241 			break;
5242 		case 0x3f:
5243 			/* Not write pointer (conventional) zones */
5244 			if (zbc_zone_is_seq(zsp))
5245 				continue;
5246 			break;
5247 		default:
5248 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
5249 					INVALID_FIELD_IN_CDB, 0);
5250 			ret = check_condition_result;
5251 			goto fini;
5252 		}
5253 
5254 		if (nrz < rep_max_zones) {
5255 			/* Fill zone descriptor */
5256 			desc[0] = zsp->z_type;
5257 			desc[1] = zsp->z_cond << 4;
5258 			if (zsp->z_non_seq_resource)
5259 				desc[1] |= 1 << 1;
5260 			put_unaligned_be64((u64)zsp->z_size, desc + 8);
5261 			put_unaligned_be64((u64)zsp->z_start, desc + 16);
5262 			put_unaligned_be64((u64)zsp->z_wp, desc + 24);
5263 			desc += 64;
5264 		}
5265 
5266 		if (partial && nrz >= rep_max_zones)
5267 			break;
5268 
5269 		nrz++;
5270 	}
5271 
5272 	/* Report header */
5273 	/* Zone list length. */
5274 	put_unaligned_be32(nrz * RZONES_DESC_HD, arr + 0);
5275 	/* Maximum LBA */
5276 	put_unaligned_be64(sdebug_capacity - 1, arr + 8);
5277 	/* Zone starting LBA granularity. */
5278 	if (devip->zcap < devip->zsize)
5279 		put_unaligned_be64(devip->zsize, arr + 16);
5280 
5281 	rep_len = (unsigned long)desc - (unsigned long)arr;
5282 	ret = fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, rep_len));
5283 
5284 fini:
5285 	sdeb_meta_read_unlock(sip);
5286 	kfree(arr);
5287 	return ret;
5288 }
5289 
5290 static int resp_atomic_write(struct scsi_cmnd *scp,
5291 			     struct sdebug_dev_info *devip)
5292 {
5293 	struct sdeb_store_info *sip;
5294 	u8 *cmd = scp->cmnd;
5295 	u16 boundary, len;
5296 	u64 lba, lba_tmp;
5297 	int ret;
5298 
5299 	if (!scsi_debug_atomic_write()) {
5300 		mk_sense_invalid_opcode(scp);
5301 		return check_condition_result;
5302 	}
5303 
5304 	sip = devip2sip(devip, true);
5305 
5306 	lba = get_unaligned_be64(cmd + 2);
5307 	boundary = get_unaligned_be16(cmd + 10);
5308 	len = get_unaligned_be16(cmd + 12);
5309 
5310 	lba_tmp = lba;
5311 	if (sdebug_atomic_wr_align &&
5312 	    do_div(lba_tmp, sdebug_atomic_wr_align)) {
5313 		/* Does not meet alignment requirement */
5314 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5315 		return check_condition_result;
5316 	}
5317 
5318 	if (sdebug_atomic_wr_gran && len % sdebug_atomic_wr_gran) {
5319 		/* Does not meet alignment requirement */
5320 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5321 		return check_condition_result;
5322 	}
5323 
5324 	if (boundary > 0) {
5325 		if (boundary > sdebug_atomic_wr_max_bndry) {
5326 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 12, -1);
5327 			return check_condition_result;
5328 		}
5329 
5330 		if (len > sdebug_atomic_wr_max_length_bndry) {
5331 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 12, -1);
5332 			return check_condition_result;
5333 		}
5334 	} else {
5335 		if (len > sdebug_atomic_wr_max_length) {
5336 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 12, -1);
5337 			return check_condition_result;
5338 		}
5339 	}
5340 
5341 	ret = do_device_access(sip, scp, 0, lba, len, 0, true, true);
5342 	if (unlikely(ret == -1))
5343 		return DID_ERROR << 16;
5344 	if (unlikely(ret != len * sdebug_sector_size))
5345 		return DID_ERROR << 16;
5346 	return 0;
5347 }
5348 
5349 /* Logic transplanted from tcmu-runner, file_zbc.c */
5350 static void zbc_open_all(struct sdebug_dev_info *devip)
5351 {
5352 	struct sdeb_zone_state *zsp = &devip->zstate[0];
5353 	unsigned int i;
5354 
5355 	for (i = 0; i < devip->nr_zones; i++, zsp++) {
5356 		if (zsp->z_cond == ZC4_CLOSED)
5357 			zbc_open_zone(devip, &devip->zstate[i], true);
5358 	}
5359 }
5360 
5361 static int resp_open_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
5362 {
5363 	int res = 0;
5364 	u64 z_id;
5365 	enum sdebug_z_cond zc;
5366 	u8 *cmd = scp->cmnd;
5367 	struct sdeb_zone_state *zsp;
5368 	bool all = cmd[14] & 0x01;
5369 	struct sdeb_store_info *sip = devip2sip(devip, false);
5370 
5371 	if (!sdebug_dev_is_zoned(devip)) {
5372 		mk_sense_invalid_opcode(scp);
5373 		return check_condition_result;
5374 	}
5375 	sdeb_meta_write_lock(sip);
5376 
5377 	if (all) {
5378 		/* Check if all closed zones can be open */
5379 		if (devip->max_open &&
5380 		    devip->nr_exp_open + devip->nr_closed > devip->max_open) {
5381 			mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
5382 					INSUFF_ZONE_ASCQ);
5383 			res = check_condition_result;
5384 			goto fini;
5385 		}
5386 		/* Open all closed zones */
5387 		zbc_open_all(devip);
5388 		goto fini;
5389 	}
5390 
5391 	/* Open the specified zone */
5392 	z_id = get_unaligned_be64(cmd + 2);
5393 	if (z_id >= sdebug_capacity) {
5394 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5395 		res = check_condition_result;
5396 		goto fini;
5397 	}
5398 
5399 	zsp = zbc_zone(devip, z_id);
5400 	if (z_id != zsp->z_start) {
5401 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5402 		res = check_condition_result;
5403 		goto fini;
5404 	}
5405 	if (zbc_zone_is_conv(zsp)) {
5406 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5407 		res = check_condition_result;
5408 		goto fini;
5409 	}
5410 
5411 	zc = zsp->z_cond;
5412 	if (zc == ZC3_EXPLICIT_OPEN || zc == ZC5_FULL)
5413 		goto fini;
5414 
5415 	if (devip->max_open && devip->nr_exp_open >= devip->max_open) {
5416 		mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
5417 				INSUFF_ZONE_ASCQ);
5418 		res = check_condition_result;
5419 		goto fini;
5420 	}
5421 
5422 	zbc_open_zone(devip, zsp, true);
5423 fini:
5424 	sdeb_meta_write_unlock(sip);
5425 	return res;
5426 }
5427 
5428 static void zbc_close_all(struct sdebug_dev_info *devip)
5429 {
5430 	unsigned int i;
5431 
5432 	for (i = 0; i < devip->nr_zones; i++)
5433 		zbc_close_zone(devip, &devip->zstate[i]);
5434 }
5435 
5436 static int resp_close_zone(struct scsi_cmnd *scp,
5437 			   struct sdebug_dev_info *devip)
5438 {
5439 	int res = 0;
5440 	u64 z_id;
5441 	u8 *cmd = scp->cmnd;
5442 	struct sdeb_zone_state *zsp;
5443 	bool all = cmd[14] & 0x01;
5444 	struct sdeb_store_info *sip = devip2sip(devip, false);
5445 
5446 	if (!sdebug_dev_is_zoned(devip)) {
5447 		mk_sense_invalid_opcode(scp);
5448 		return check_condition_result;
5449 	}
5450 
5451 	sdeb_meta_write_lock(sip);
5452 
5453 	if (all) {
5454 		zbc_close_all(devip);
5455 		goto fini;
5456 	}
5457 
5458 	/* Close specified zone */
5459 	z_id = get_unaligned_be64(cmd + 2);
5460 	if (z_id >= sdebug_capacity) {
5461 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5462 		res = check_condition_result;
5463 		goto fini;
5464 	}
5465 
5466 	zsp = zbc_zone(devip, z_id);
5467 	if (z_id != zsp->z_start) {
5468 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5469 		res = check_condition_result;
5470 		goto fini;
5471 	}
5472 	if (zbc_zone_is_conv(zsp)) {
5473 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5474 		res = check_condition_result;
5475 		goto fini;
5476 	}
5477 
5478 	zbc_close_zone(devip, zsp);
5479 fini:
5480 	sdeb_meta_write_unlock(sip);
5481 	return res;
5482 }
5483 
5484 static void zbc_finish_zone(struct sdebug_dev_info *devip,
5485 			    struct sdeb_zone_state *zsp, bool empty)
5486 {
5487 	enum sdebug_z_cond zc = zsp->z_cond;
5488 
5489 	if (zc == ZC4_CLOSED || zc == ZC2_IMPLICIT_OPEN ||
5490 	    zc == ZC3_EXPLICIT_OPEN || (empty && zc == ZC1_EMPTY)) {
5491 		if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
5492 			zbc_close_zone(devip, zsp);
5493 		if (zsp->z_cond == ZC4_CLOSED)
5494 			devip->nr_closed--;
5495 		zsp->z_wp = zsp->z_start + zsp->z_size;
5496 		zsp->z_cond = ZC5_FULL;
5497 	}
5498 }
5499 
5500 static void zbc_finish_all(struct sdebug_dev_info *devip)
5501 {
5502 	unsigned int i;
5503 
5504 	for (i = 0; i < devip->nr_zones; i++)
5505 		zbc_finish_zone(devip, &devip->zstate[i], false);
5506 }
5507 
5508 static int resp_finish_zone(struct scsi_cmnd *scp,
5509 			    struct sdebug_dev_info *devip)
5510 {
5511 	struct sdeb_zone_state *zsp;
5512 	int res = 0;
5513 	u64 z_id;
5514 	u8 *cmd = scp->cmnd;
5515 	bool all = cmd[14] & 0x01;
5516 	struct sdeb_store_info *sip = devip2sip(devip, false);
5517 
5518 	if (!sdebug_dev_is_zoned(devip)) {
5519 		mk_sense_invalid_opcode(scp);
5520 		return check_condition_result;
5521 	}
5522 
5523 	sdeb_meta_write_lock(sip);
5524 
5525 	if (all) {
5526 		zbc_finish_all(devip);
5527 		goto fini;
5528 	}
5529 
5530 	/* Finish the specified zone */
5531 	z_id = get_unaligned_be64(cmd + 2);
5532 	if (z_id >= sdebug_capacity) {
5533 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5534 		res = check_condition_result;
5535 		goto fini;
5536 	}
5537 
5538 	zsp = zbc_zone(devip, z_id);
5539 	if (z_id != zsp->z_start) {
5540 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5541 		res = check_condition_result;
5542 		goto fini;
5543 	}
5544 	if (zbc_zone_is_conv(zsp)) {
5545 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5546 		res = check_condition_result;
5547 		goto fini;
5548 	}
5549 
5550 	zbc_finish_zone(devip, zsp, true);
5551 fini:
5552 	sdeb_meta_write_unlock(sip);
5553 	return res;
5554 }
5555 
5556 static void zbc_rwp_zone(struct sdebug_dev_info *devip,
5557 			 struct sdeb_zone_state *zsp)
5558 {
5559 	enum sdebug_z_cond zc;
5560 	struct sdeb_store_info *sip = devip2sip(devip, false);
5561 
5562 	if (!zbc_zone_is_seq(zsp))
5563 		return;
5564 
5565 	zc = zsp->z_cond;
5566 	if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
5567 		zbc_close_zone(devip, zsp);
5568 
5569 	if (zsp->z_cond == ZC4_CLOSED)
5570 		devip->nr_closed--;
5571 
5572 	if (zsp->z_wp > zsp->z_start)
5573 		memset(sip->storep + zsp->z_start * sdebug_sector_size, 0,
5574 		       (zsp->z_wp - zsp->z_start) * sdebug_sector_size);
5575 
5576 	zsp->z_non_seq_resource = false;
5577 	zsp->z_wp = zsp->z_start;
5578 	zsp->z_cond = ZC1_EMPTY;
5579 }
5580 
5581 static void zbc_rwp_all(struct sdebug_dev_info *devip)
5582 {
5583 	unsigned int i;
5584 
5585 	for (i = 0; i < devip->nr_zones; i++)
5586 		zbc_rwp_zone(devip, &devip->zstate[i]);
5587 }
5588 
5589 static int resp_rwp_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
5590 {
5591 	struct sdeb_zone_state *zsp;
5592 	int res = 0;
5593 	u64 z_id;
5594 	u8 *cmd = scp->cmnd;
5595 	bool all = cmd[14] & 0x01;
5596 	struct sdeb_store_info *sip = devip2sip(devip, false);
5597 
5598 	if (!sdebug_dev_is_zoned(devip)) {
5599 		mk_sense_invalid_opcode(scp);
5600 		return check_condition_result;
5601 	}
5602 
5603 	sdeb_meta_write_lock(sip);
5604 
5605 	if (all) {
5606 		zbc_rwp_all(devip);
5607 		goto fini;
5608 	}
5609 
5610 	z_id = get_unaligned_be64(cmd + 2);
5611 	if (z_id >= sdebug_capacity) {
5612 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
5613 		res = check_condition_result;
5614 		goto fini;
5615 	}
5616 
5617 	zsp = zbc_zone(devip, z_id);
5618 	if (z_id != zsp->z_start) {
5619 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5620 		res = check_condition_result;
5621 		goto fini;
5622 	}
5623 	if (zbc_zone_is_conv(zsp)) {
5624 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
5625 		res = check_condition_result;
5626 		goto fini;
5627 	}
5628 
5629 	zbc_rwp_zone(devip, zsp);
5630 fini:
5631 	sdeb_meta_write_unlock(sip);
5632 	return res;
5633 }
5634 
5635 static u32 get_tag(struct scsi_cmnd *cmnd)
5636 {
5637 	return blk_mq_unique_tag(scsi_cmd_to_rq(cmnd));
5638 }
5639 
5640 /* Queued (deferred) command completions converge here. */
5641 static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
5642 {
5643 	struct sdebug_queued_cmd *sqcp = container_of(sd_dp, struct sdebug_queued_cmd, sd_dp);
5644 	unsigned long flags;
5645 	struct scsi_cmnd *scp = sqcp->scmd;
5646 	struct sdebug_scsi_cmd *sdsc;
5647 	bool aborted;
5648 
5649 	if (sdebug_statistics) {
5650 		atomic_inc(&sdebug_completions);
5651 		if (raw_smp_processor_id() != sd_dp->issuing_cpu)
5652 			atomic_inc(&sdebug_miss_cpus);
5653 	}
5654 
5655 	if (!scp) {
5656 		pr_err("scmd=NULL\n");
5657 		goto out;
5658 	}
5659 
5660 	sdsc = scsi_cmd_priv(scp);
5661 	spin_lock_irqsave(&sdsc->lock, flags);
5662 	aborted = sd_dp->aborted;
5663 	if (unlikely(aborted))
5664 		sd_dp->aborted = false;
5665 	ASSIGN_QUEUED_CMD(scp, NULL);
5666 
5667 	spin_unlock_irqrestore(&sdsc->lock, flags);
5668 
5669 	if (aborted) {
5670 		pr_info("bypassing scsi_done() due to aborted cmd, kicking-off EH\n");
5671 		blk_abort_request(scsi_cmd_to_rq(scp));
5672 		goto out;
5673 	}
5674 
5675 	scsi_done(scp); /* callback to mid level */
5676 out:
5677 	sdebug_free_queued_cmd(sqcp);
5678 }
5679 
5680 /* When high resolution timer goes off this function is called. */
5681 static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
5682 {
5683 	struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
5684 						  hrt);
5685 	sdebug_q_cmd_complete(sd_dp);
5686 	return HRTIMER_NORESTART;
5687 }
5688 
5689 /* When work queue schedules work, it calls this function. */
5690 static void sdebug_q_cmd_wq_complete(struct work_struct *work)
5691 {
5692 	struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
5693 						  ew.work);
5694 	sdebug_q_cmd_complete(sd_dp);
5695 }
5696 
5697 static bool got_shared_uuid;
5698 static uuid_t shared_uuid;
5699 
5700 static int sdebug_device_create_zones(struct sdebug_dev_info *devip)
5701 {
5702 	struct sdeb_zone_state *zsp;
5703 	sector_t capacity = get_sdebug_capacity();
5704 	sector_t conv_capacity;
5705 	sector_t zstart = 0;
5706 	unsigned int i;
5707 
5708 	/*
5709 	 * Set the zone size: if sdeb_zbc_zone_size_mb is not set, figure out
5710 	 * a zone size allowing for at least 4 zones on the device. Otherwise,
5711 	 * use the specified zone size checking that at least 2 zones can be
5712 	 * created for the device.
5713 	 */
5714 	if (!sdeb_zbc_zone_size_mb) {
5715 		devip->zsize = (DEF_ZBC_ZONE_SIZE_MB * SZ_1M)
5716 			>> ilog2(sdebug_sector_size);
5717 		while (capacity < devip->zsize << 2 && devip->zsize >= 2)
5718 			devip->zsize >>= 1;
5719 		if (devip->zsize < 2) {
5720 			pr_err("Device capacity too small\n");
5721 			return -EINVAL;
5722 		}
5723 	} else {
5724 		if (!is_power_of_2(sdeb_zbc_zone_size_mb)) {
5725 			pr_err("Zone size is not a power of 2\n");
5726 			return -EINVAL;
5727 		}
5728 		devip->zsize = (sdeb_zbc_zone_size_mb * SZ_1M)
5729 			>> ilog2(sdebug_sector_size);
5730 		if (devip->zsize >= capacity) {
5731 			pr_err("Zone size too large for device capacity\n");
5732 			return -EINVAL;
5733 		}
5734 	}
5735 
5736 	devip->zsize_shift = ilog2(devip->zsize);
5737 	devip->nr_zones = (capacity + devip->zsize - 1) >> devip->zsize_shift;
5738 
5739 	if (sdeb_zbc_zone_cap_mb == 0) {
5740 		devip->zcap = devip->zsize;
5741 	} else {
5742 		devip->zcap = (sdeb_zbc_zone_cap_mb * SZ_1M) >>
5743 			      ilog2(sdebug_sector_size);
5744 		if (devip->zcap > devip->zsize) {
5745 			pr_err("Zone capacity too large\n");
5746 			return -EINVAL;
5747 		}
5748 	}
5749 
5750 	conv_capacity = (sector_t)sdeb_zbc_nr_conv << devip->zsize_shift;
5751 	if (conv_capacity >= capacity) {
5752 		pr_err("Number of conventional zones too large\n");
5753 		return -EINVAL;
5754 	}
5755 	devip->nr_conv_zones = sdeb_zbc_nr_conv;
5756 	devip->nr_seq_zones = ALIGN(capacity - conv_capacity, devip->zsize) >>
5757 			      devip->zsize_shift;
5758 	devip->nr_zones = devip->nr_conv_zones + devip->nr_seq_zones;
5759 
5760 	/* Add gap zones if zone capacity is smaller than the zone size */
5761 	if (devip->zcap < devip->zsize)
5762 		devip->nr_zones += devip->nr_seq_zones;
5763 
5764 	if (devip->zoned) {
5765 		/* zbc_max_open_zones can be 0, meaning "not reported" */
5766 		if (sdeb_zbc_max_open >= devip->nr_zones - 1)
5767 			devip->max_open = (devip->nr_zones - 1) / 2;
5768 		else
5769 			devip->max_open = sdeb_zbc_max_open;
5770 	}
5771 
5772 	devip->zstate = kcalloc(devip->nr_zones,
5773 				sizeof(struct sdeb_zone_state), GFP_KERNEL);
5774 	if (!devip->zstate)
5775 		return -ENOMEM;
5776 
5777 	for (i = 0; i < devip->nr_zones; i++) {
5778 		zsp = &devip->zstate[i];
5779 
5780 		zsp->z_start = zstart;
5781 
5782 		if (i < devip->nr_conv_zones) {
5783 			zsp->z_type = ZBC_ZTYPE_CNV;
5784 			zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5785 			zsp->z_wp = (sector_t)-1;
5786 			zsp->z_size =
5787 				min_t(u64, devip->zsize, capacity - zstart);
5788 		} else if ((zstart & (devip->zsize - 1)) == 0) {
5789 			if (devip->zoned)
5790 				zsp->z_type = ZBC_ZTYPE_SWR;
5791 			else
5792 				zsp->z_type = ZBC_ZTYPE_SWP;
5793 			zsp->z_cond = ZC1_EMPTY;
5794 			zsp->z_wp = zsp->z_start;
5795 			zsp->z_size =
5796 				min_t(u64, devip->zcap, capacity - zstart);
5797 		} else {
5798 			zsp->z_type = ZBC_ZTYPE_GAP;
5799 			zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5800 			zsp->z_wp = (sector_t)-1;
5801 			zsp->z_size = min_t(u64, devip->zsize - devip->zcap,
5802 					    capacity - zstart);
5803 		}
5804 
5805 		WARN_ON_ONCE((int)zsp->z_size <= 0);
5806 		zstart += zsp->z_size;
5807 	}
5808 
5809 	return 0;
5810 }
5811 
5812 static struct sdebug_dev_info *sdebug_device_create(
5813 			struct sdebug_host_info *sdbg_host, gfp_t flags)
5814 {
5815 	struct sdebug_dev_info *devip;
5816 
5817 	devip = kzalloc(sizeof(*devip), flags);
5818 	if (devip) {
5819 		if (sdebug_uuid_ctl == 1)
5820 			uuid_gen(&devip->lu_name);
5821 		else if (sdebug_uuid_ctl == 2) {
5822 			if (got_shared_uuid)
5823 				devip->lu_name = shared_uuid;
5824 			else {
5825 				uuid_gen(&shared_uuid);
5826 				got_shared_uuid = true;
5827 				devip->lu_name = shared_uuid;
5828 			}
5829 		}
5830 		devip->sdbg_host = sdbg_host;
5831 		if (sdeb_zbc_in_use) {
5832 			devip->zoned = sdeb_zbc_model == BLK_ZONED_HM;
5833 			if (sdebug_device_create_zones(devip)) {
5834 				kfree(devip);
5835 				return NULL;
5836 			}
5837 		} else {
5838 			devip->zoned = false;
5839 		}
5840 		devip->create_ts = ktime_get_boottime();
5841 		atomic_set(&devip->stopped, (sdeb_tur_ms_to_ready > 0 ? 2 : 0));
5842 		spin_lock_init(&devip->list_lock);
5843 		INIT_LIST_HEAD(&devip->inject_err_list);
5844 		list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
5845 	}
5846 	return devip;
5847 }
5848 
5849 static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
5850 {
5851 	struct sdebug_host_info *sdbg_host;
5852 	struct sdebug_dev_info *open_devip = NULL;
5853 	struct sdebug_dev_info *devip;
5854 
5855 	sdbg_host = shost_to_sdebug_host(sdev->host);
5856 
5857 	list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
5858 		if ((devip->used) && (devip->channel == sdev->channel) &&
5859 		    (devip->target == sdev->id) &&
5860 		    (devip->lun == sdev->lun))
5861 			return devip;
5862 		else {
5863 			if ((!devip->used) && (!open_devip))
5864 				open_devip = devip;
5865 		}
5866 	}
5867 	if (!open_devip) { /* try and make a new one */
5868 		open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
5869 		if (!open_devip) {
5870 			pr_err("out of memory at line %d\n", __LINE__);
5871 			return NULL;
5872 		}
5873 	}
5874 
5875 	open_devip->channel = sdev->channel;
5876 	open_devip->target = sdev->id;
5877 	open_devip->lun = sdev->lun;
5878 	open_devip->sdbg_host = sdbg_host;
5879 	set_bit(SDEBUG_UA_POOCCUR, open_devip->uas_bm);
5880 	open_devip->used = true;
5881 	return open_devip;
5882 }
5883 
5884 static int scsi_debug_slave_alloc(struct scsi_device *sdp)
5885 {
5886 	if (sdebug_verbose)
5887 		pr_info("slave_alloc <%u %u %u %llu>\n",
5888 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5889 
5890 	return 0;
5891 }
5892 
5893 static int scsi_debug_slave_configure(struct scsi_device *sdp)
5894 {
5895 	struct sdebug_dev_info *devip =
5896 			(struct sdebug_dev_info *)sdp->hostdata;
5897 	struct dentry *dentry;
5898 
5899 	if (sdebug_verbose)
5900 		pr_info("slave_configure <%u %u %u %llu>\n",
5901 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5902 	if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
5903 		sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
5904 	if (devip == NULL) {
5905 		devip = find_build_dev_info(sdp);
5906 		if (devip == NULL)
5907 			return 1;  /* no resources, will be marked offline */
5908 	}
5909 	sdp->hostdata = devip;
5910 	if (sdebug_no_uld)
5911 		sdp->no_uld_attach = 1;
5912 	config_cdb_len(sdp);
5913 
5914 	if (sdebug_allow_restart)
5915 		sdp->allow_restart = 1;
5916 
5917 	devip->debugfs_entry = debugfs_create_dir(dev_name(&sdp->sdev_dev),
5918 				sdebug_debugfs_root);
5919 	if (IS_ERR_OR_NULL(devip->debugfs_entry))
5920 		pr_info("%s: failed to create debugfs directory for device %s\n",
5921 			__func__, dev_name(&sdp->sdev_gendev));
5922 
5923 	dentry = debugfs_create_file("error", 0600, devip->debugfs_entry, sdp,
5924 				&sdebug_error_fops);
5925 	if (IS_ERR_OR_NULL(dentry))
5926 		pr_info("%s: failed to create error file for device %s\n",
5927 			__func__, dev_name(&sdp->sdev_gendev));
5928 
5929 	return 0;
5930 }
5931 
5932 static void scsi_debug_slave_destroy(struct scsi_device *sdp)
5933 {
5934 	struct sdebug_dev_info *devip =
5935 		(struct sdebug_dev_info *)sdp->hostdata;
5936 	struct sdebug_err_inject *err;
5937 
5938 	if (sdebug_verbose)
5939 		pr_info("slave_destroy <%u %u %u %llu>\n",
5940 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5941 
5942 	if (!devip)
5943 		return;
5944 
5945 	spin_lock(&devip->list_lock);
5946 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
5947 		list_del_rcu(&err->list);
5948 		call_rcu(&err->rcu, sdebug_err_free);
5949 	}
5950 	spin_unlock(&devip->list_lock);
5951 
5952 	debugfs_remove(devip->debugfs_entry);
5953 
5954 	/* make this slot available for re-use */
5955 	devip->used = false;
5956 	sdp->hostdata = NULL;
5957 }
5958 
5959 /* Returns true if we require the queued memory to be freed by the caller. */
5960 static bool stop_qc_helper(struct sdebug_defer *sd_dp,
5961 			   enum sdeb_defer_type defer_t)
5962 {
5963 	if (defer_t == SDEB_DEFER_HRT) {
5964 		int res = hrtimer_try_to_cancel(&sd_dp->hrt);
5965 
5966 		switch (res) {
5967 		case 0: /* Not active, it must have already run */
5968 		case -1: /* -1 It's executing the CB */
5969 			return false;
5970 		case 1: /* Was active, we've now cancelled */
5971 		default:
5972 			return true;
5973 		}
5974 	} else if (defer_t == SDEB_DEFER_WQ) {
5975 		/* Cancel if pending */
5976 		if (cancel_work_sync(&sd_dp->ew.work))
5977 			return true;
5978 		/* Was not pending, so it must have run */
5979 		return false;
5980 	} else if (defer_t == SDEB_DEFER_POLL) {
5981 		return true;
5982 	}
5983 
5984 	return false;
5985 }
5986 
5987 
5988 static bool scsi_debug_stop_cmnd(struct scsi_cmnd *cmnd)
5989 {
5990 	enum sdeb_defer_type l_defer_t;
5991 	struct sdebug_defer *sd_dp;
5992 	struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
5993 	struct sdebug_queued_cmd *sqcp = TO_QUEUED_CMD(cmnd);
5994 
5995 	lockdep_assert_held(&sdsc->lock);
5996 
5997 	if (!sqcp)
5998 		return false;
5999 	sd_dp = &sqcp->sd_dp;
6000 	l_defer_t = READ_ONCE(sd_dp->defer_t);
6001 	ASSIGN_QUEUED_CMD(cmnd, NULL);
6002 
6003 	if (stop_qc_helper(sd_dp, l_defer_t))
6004 		sdebug_free_queued_cmd(sqcp);
6005 
6006 	return true;
6007 }
6008 
6009 /*
6010  * Called from scsi_debug_abort() only, which is for timed-out cmd.
6011  */
6012 static bool scsi_debug_abort_cmnd(struct scsi_cmnd *cmnd)
6013 {
6014 	struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
6015 	unsigned long flags;
6016 	bool res;
6017 
6018 	spin_lock_irqsave(&sdsc->lock, flags);
6019 	res = scsi_debug_stop_cmnd(cmnd);
6020 	spin_unlock_irqrestore(&sdsc->lock, flags);
6021 
6022 	return res;
6023 }
6024 
6025 /*
6026  * All we can do is set the cmnd as internally aborted and wait for it to
6027  * finish. We cannot call scsi_done() as normal completion path may do that.
6028  */
6029 static bool sdebug_stop_cmnd(struct request *rq, void *data)
6030 {
6031 	scsi_debug_abort_cmnd(blk_mq_rq_to_pdu(rq));
6032 
6033 	return true;
6034 }
6035 
6036 /* Deletes (stops) timers or work queues of all queued commands */
6037 static void stop_all_queued(void)
6038 {
6039 	struct sdebug_host_info *sdhp;
6040 
6041 	mutex_lock(&sdebug_host_list_mutex);
6042 	list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6043 		struct Scsi_Host *shost = sdhp->shost;
6044 
6045 		blk_mq_tagset_busy_iter(&shost->tag_set, sdebug_stop_cmnd, NULL);
6046 	}
6047 	mutex_unlock(&sdebug_host_list_mutex);
6048 }
6049 
6050 static int sdebug_fail_abort(struct scsi_cmnd *cmnd)
6051 {
6052 	struct scsi_device *sdp = cmnd->device;
6053 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
6054 	struct sdebug_err_inject *err;
6055 	unsigned char *cmd = cmnd->cmnd;
6056 	int ret = 0;
6057 
6058 	if (devip == NULL)
6059 		return 0;
6060 
6061 	rcu_read_lock();
6062 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
6063 		if (err->type == ERR_ABORT_CMD_FAILED &&
6064 		    (err->cmd == cmd[0] || err->cmd == 0xff)) {
6065 			ret = !!err->cnt;
6066 			if (err->cnt < 0)
6067 				err->cnt++;
6068 
6069 			rcu_read_unlock();
6070 			return ret;
6071 		}
6072 	}
6073 	rcu_read_unlock();
6074 
6075 	return 0;
6076 }
6077 
6078 static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
6079 {
6080 	bool ok = scsi_debug_abort_cmnd(SCpnt);
6081 	u8 *cmd = SCpnt->cmnd;
6082 	u8 opcode = cmd[0];
6083 
6084 	++num_aborts;
6085 
6086 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
6087 		sdev_printk(KERN_INFO, SCpnt->device,
6088 			    "%s: command%s found\n", __func__,
6089 			    ok ? "" : " not");
6090 
6091 	if (sdebug_fail_abort(SCpnt)) {
6092 		scmd_printk(KERN_INFO, SCpnt, "fail abort command 0x%x\n",
6093 			    opcode);
6094 		return FAILED;
6095 	}
6096 
6097 	return SUCCESS;
6098 }
6099 
6100 static bool scsi_debug_stop_all_queued_iter(struct request *rq, void *data)
6101 {
6102 	struct scsi_device *sdp = data;
6103 	struct scsi_cmnd *scmd = blk_mq_rq_to_pdu(rq);
6104 
6105 	if (scmd->device == sdp)
6106 		scsi_debug_abort_cmnd(scmd);
6107 
6108 	return true;
6109 }
6110 
6111 /* Deletes (stops) timers or work queues of all queued commands per sdev */
6112 static void scsi_debug_stop_all_queued(struct scsi_device *sdp)
6113 {
6114 	struct Scsi_Host *shost = sdp->host;
6115 
6116 	blk_mq_tagset_busy_iter(&shost->tag_set,
6117 				scsi_debug_stop_all_queued_iter, sdp);
6118 }
6119 
6120 static int sdebug_fail_lun_reset(struct scsi_cmnd *cmnd)
6121 {
6122 	struct scsi_device *sdp = cmnd->device;
6123 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
6124 	struct sdebug_err_inject *err;
6125 	unsigned char *cmd = cmnd->cmnd;
6126 	int ret = 0;
6127 
6128 	if (devip == NULL)
6129 		return 0;
6130 
6131 	rcu_read_lock();
6132 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
6133 		if (err->type == ERR_LUN_RESET_FAILED &&
6134 		    (err->cmd == cmd[0] || err->cmd == 0xff)) {
6135 			ret = !!err->cnt;
6136 			if (err->cnt < 0)
6137 				err->cnt++;
6138 
6139 			rcu_read_unlock();
6140 			return ret;
6141 		}
6142 	}
6143 	rcu_read_unlock();
6144 
6145 	return 0;
6146 }
6147 
6148 static int scsi_debug_device_reset(struct scsi_cmnd *SCpnt)
6149 {
6150 	struct scsi_device *sdp = SCpnt->device;
6151 	struct sdebug_dev_info *devip = sdp->hostdata;
6152 	u8 *cmd = SCpnt->cmnd;
6153 	u8 opcode = cmd[0];
6154 
6155 	++num_dev_resets;
6156 
6157 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
6158 		sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
6159 
6160 	scsi_debug_stop_all_queued(sdp);
6161 	if (devip)
6162 		set_bit(SDEBUG_UA_POR, devip->uas_bm);
6163 
6164 	if (sdebug_fail_lun_reset(SCpnt)) {
6165 		scmd_printk(KERN_INFO, SCpnt, "fail lun reset 0x%x\n", opcode);
6166 		return FAILED;
6167 	}
6168 
6169 	return SUCCESS;
6170 }
6171 
6172 static int sdebug_fail_target_reset(struct scsi_cmnd *cmnd)
6173 {
6174 	struct scsi_target *starget = scsi_target(cmnd->device);
6175 	struct sdebug_target_info *targetip =
6176 		(struct sdebug_target_info *)starget->hostdata;
6177 
6178 	if (targetip)
6179 		return targetip->reset_fail;
6180 
6181 	return 0;
6182 }
6183 
6184 static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
6185 {
6186 	struct scsi_device *sdp = SCpnt->device;
6187 	struct sdebug_host_info *sdbg_host = shost_to_sdebug_host(sdp->host);
6188 	struct sdebug_dev_info *devip;
6189 	u8 *cmd = SCpnt->cmnd;
6190 	u8 opcode = cmd[0];
6191 	int k = 0;
6192 
6193 	++num_target_resets;
6194 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
6195 		sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
6196 
6197 	list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
6198 		if (devip->target == sdp->id) {
6199 			set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
6200 			++k;
6201 		}
6202 	}
6203 
6204 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
6205 		sdev_printk(KERN_INFO, sdp,
6206 			    "%s: %d device(s) found in target\n", __func__, k);
6207 
6208 	if (sdebug_fail_target_reset(SCpnt)) {
6209 		scmd_printk(KERN_INFO, SCpnt, "fail target reset 0x%x\n",
6210 			    opcode);
6211 		return FAILED;
6212 	}
6213 
6214 	return SUCCESS;
6215 }
6216 
6217 static int scsi_debug_bus_reset(struct scsi_cmnd *SCpnt)
6218 {
6219 	struct scsi_device *sdp = SCpnt->device;
6220 	struct sdebug_host_info *sdbg_host = shost_to_sdebug_host(sdp->host);
6221 	struct sdebug_dev_info *devip;
6222 	int k = 0;
6223 
6224 	++num_bus_resets;
6225 
6226 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
6227 		sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
6228 
6229 	list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
6230 		set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
6231 		++k;
6232 	}
6233 
6234 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
6235 		sdev_printk(KERN_INFO, sdp,
6236 			    "%s: %d device(s) found in host\n", __func__, k);
6237 	return SUCCESS;
6238 }
6239 
6240 static int scsi_debug_host_reset(struct scsi_cmnd *SCpnt)
6241 {
6242 	struct sdebug_host_info *sdbg_host;
6243 	struct sdebug_dev_info *devip;
6244 	int k = 0;
6245 
6246 	++num_host_resets;
6247 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
6248 		sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
6249 	mutex_lock(&sdebug_host_list_mutex);
6250 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
6251 		list_for_each_entry(devip, &sdbg_host->dev_info_list,
6252 				    dev_list) {
6253 			set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
6254 			++k;
6255 		}
6256 	}
6257 	mutex_unlock(&sdebug_host_list_mutex);
6258 	stop_all_queued();
6259 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
6260 		sdev_printk(KERN_INFO, SCpnt->device,
6261 			    "%s: %d device(s) found\n", __func__, k);
6262 	return SUCCESS;
6263 }
6264 
6265 static void sdebug_build_parts(unsigned char *ramp, unsigned long store_size)
6266 {
6267 	struct msdos_partition *pp;
6268 	int starts[SDEBUG_MAX_PARTS + 2], max_part_secs;
6269 	int sectors_per_part, num_sectors, k;
6270 	int heads_by_sects, start_sec, end_sec;
6271 
6272 	/* assume partition table already zeroed */
6273 	if ((sdebug_num_parts < 1) || (store_size < 1048576))
6274 		return;
6275 	if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
6276 		sdebug_num_parts = SDEBUG_MAX_PARTS;
6277 		pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
6278 	}
6279 	num_sectors = (int)get_sdebug_capacity();
6280 	sectors_per_part = (num_sectors - sdebug_sectors_per)
6281 			   / sdebug_num_parts;
6282 	heads_by_sects = sdebug_heads * sdebug_sectors_per;
6283 	starts[0] = sdebug_sectors_per;
6284 	max_part_secs = sectors_per_part;
6285 	for (k = 1; k < sdebug_num_parts; ++k) {
6286 		starts[k] = ((k * sectors_per_part) / heads_by_sects)
6287 			    * heads_by_sects;
6288 		if (starts[k] - starts[k - 1] < max_part_secs)
6289 			max_part_secs = starts[k] - starts[k - 1];
6290 	}
6291 	starts[sdebug_num_parts] = num_sectors;
6292 	starts[sdebug_num_parts + 1] = 0;
6293 
6294 	ramp[510] = 0x55;	/* magic partition markings */
6295 	ramp[511] = 0xAA;
6296 	pp = (struct msdos_partition *)(ramp + 0x1be);
6297 	for (k = 0; starts[k + 1]; ++k, ++pp) {
6298 		start_sec = starts[k];
6299 		end_sec = starts[k] + max_part_secs - 1;
6300 		pp->boot_ind = 0;
6301 
6302 		pp->cyl = start_sec / heads_by_sects;
6303 		pp->head = (start_sec - (pp->cyl * heads_by_sects))
6304 			   / sdebug_sectors_per;
6305 		pp->sector = (start_sec % sdebug_sectors_per) + 1;
6306 
6307 		pp->end_cyl = end_sec / heads_by_sects;
6308 		pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
6309 			       / sdebug_sectors_per;
6310 		pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
6311 
6312 		pp->start_sect = cpu_to_le32(start_sec);
6313 		pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
6314 		pp->sys_ind = 0x83;	/* plain Linux partition */
6315 	}
6316 }
6317 
6318 static void block_unblock_all_queues(bool block)
6319 {
6320 	struct sdebug_host_info *sdhp;
6321 
6322 	lockdep_assert_held(&sdebug_host_list_mutex);
6323 
6324 	list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6325 		struct Scsi_Host *shost = sdhp->shost;
6326 
6327 		if (block)
6328 			scsi_block_requests(shost);
6329 		else
6330 			scsi_unblock_requests(shost);
6331 	}
6332 }
6333 
6334 /* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
6335  * commands will be processed normally before triggers occur.
6336  */
6337 static void tweak_cmnd_count(void)
6338 {
6339 	int count, modulo;
6340 
6341 	modulo = abs(sdebug_every_nth);
6342 	if (modulo < 2)
6343 		return;
6344 
6345 	mutex_lock(&sdebug_host_list_mutex);
6346 	block_unblock_all_queues(true);
6347 	count = atomic_read(&sdebug_cmnd_count);
6348 	atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
6349 	block_unblock_all_queues(false);
6350 	mutex_unlock(&sdebug_host_list_mutex);
6351 }
6352 
6353 static void clear_queue_stats(void)
6354 {
6355 	atomic_set(&sdebug_cmnd_count, 0);
6356 	atomic_set(&sdebug_completions, 0);
6357 	atomic_set(&sdebug_miss_cpus, 0);
6358 	atomic_set(&sdebug_a_tsf, 0);
6359 }
6360 
6361 static bool inject_on_this_cmd(void)
6362 {
6363 	if (sdebug_every_nth == 0)
6364 		return false;
6365 	return (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) == 0;
6366 }
6367 
6368 #define INCLUSIVE_TIMING_MAX_NS 1000000		/* 1 millisecond */
6369 
6370 
6371 void sdebug_free_queued_cmd(struct sdebug_queued_cmd *sqcp)
6372 {
6373 	if (sqcp)
6374 		kmem_cache_free(queued_cmd_cache, sqcp);
6375 }
6376 
6377 static struct sdebug_queued_cmd *sdebug_alloc_queued_cmd(struct scsi_cmnd *scmd)
6378 {
6379 	struct sdebug_queued_cmd *sqcp;
6380 	struct sdebug_defer *sd_dp;
6381 
6382 	sqcp = kmem_cache_zalloc(queued_cmd_cache, GFP_ATOMIC);
6383 	if (!sqcp)
6384 		return NULL;
6385 
6386 	sd_dp = &sqcp->sd_dp;
6387 
6388 	hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC, HRTIMER_MODE_REL_PINNED);
6389 	sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
6390 	INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
6391 
6392 	sqcp->scmd = scmd;
6393 
6394 	return sqcp;
6395 }
6396 
6397 /* Complete the processing of the thread that queued a SCSI command to this
6398  * driver. It either completes the command by calling cmnd_done() or
6399  * schedules a hr timer or work queue then returns 0. Returns
6400  * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
6401  */
6402 static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
6403 			 int scsi_result,
6404 			 int (*pfp)(struct scsi_cmnd *,
6405 				    struct sdebug_dev_info *),
6406 			 int delta_jiff, int ndelay)
6407 {
6408 	struct request *rq = scsi_cmd_to_rq(cmnd);
6409 	bool polled = rq->cmd_flags & REQ_POLLED;
6410 	struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmnd);
6411 	unsigned long flags;
6412 	u64 ns_from_boot = 0;
6413 	struct sdebug_queued_cmd *sqcp;
6414 	struct scsi_device *sdp;
6415 	struct sdebug_defer *sd_dp;
6416 
6417 	if (unlikely(devip == NULL)) {
6418 		if (scsi_result == 0)
6419 			scsi_result = DID_NO_CONNECT << 16;
6420 		goto respond_in_thread;
6421 	}
6422 	sdp = cmnd->device;
6423 
6424 	if (delta_jiff == 0)
6425 		goto respond_in_thread;
6426 
6427 
6428 	if (unlikely(sdebug_every_nth && (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
6429 		     (scsi_result == 0))) {
6430 		int num_in_q = scsi_device_busy(sdp);
6431 		int qdepth = cmnd->device->queue_depth;
6432 
6433 		if ((num_in_q == qdepth) &&
6434 		    (atomic_inc_return(&sdebug_a_tsf) >=
6435 		     abs(sdebug_every_nth))) {
6436 			atomic_set(&sdebug_a_tsf, 0);
6437 			scsi_result = device_qfull_result;
6438 
6439 			if (unlikely(SDEBUG_OPT_Q_NOISE & sdebug_opts))
6440 				sdev_printk(KERN_INFO, sdp, "%s: num_in_q=%d +1, <inject> status: TASK SET FULL\n",
6441 					    __func__, num_in_q);
6442 		}
6443 	}
6444 
6445 	sqcp = sdebug_alloc_queued_cmd(cmnd);
6446 	if (!sqcp) {
6447 		pr_err("%s no alloc\n", __func__);
6448 		return SCSI_MLQUEUE_HOST_BUSY;
6449 	}
6450 	sd_dp = &sqcp->sd_dp;
6451 
6452 	if (polled)
6453 		ns_from_boot = ktime_get_boottime_ns();
6454 
6455 	/* one of the resp_*() response functions is called here */
6456 	cmnd->result = pfp ? pfp(cmnd, devip) : 0;
6457 	if (cmnd->result & SDEG_RES_IMMED_MASK) {
6458 		cmnd->result &= ~SDEG_RES_IMMED_MASK;
6459 		delta_jiff = ndelay = 0;
6460 	}
6461 	if (cmnd->result == 0 && scsi_result != 0)
6462 		cmnd->result = scsi_result;
6463 	if (cmnd->result == 0 && unlikely(sdebug_opts & SDEBUG_OPT_TRANSPORT_ERR)) {
6464 		if (atomic_read(&sdeb_inject_pending)) {
6465 			mk_sense_buffer(cmnd, ABORTED_COMMAND, TRANSPORT_PROBLEM, ACK_NAK_TO);
6466 			atomic_set(&sdeb_inject_pending, 0);
6467 			cmnd->result = check_condition_result;
6468 		}
6469 	}
6470 
6471 	if (unlikely(sdebug_verbose && cmnd->result))
6472 		sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
6473 			    __func__, cmnd->result);
6474 
6475 	if (delta_jiff > 0 || ndelay > 0) {
6476 		ktime_t kt;
6477 
6478 		if (delta_jiff > 0) {
6479 			u64 ns = jiffies_to_nsecs(delta_jiff);
6480 
6481 			if (sdebug_random && ns < U32_MAX) {
6482 				ns = get_random_u32_below((u32)ns);
6483 			} else if (sdebug_random) {
6484 				ns >>= 12;	/* scale to 4 usec precision */
6485 				if (ns < U32_MAX)	/* over 4 hours max */
6486 					ns = get_random_u32_below((u32)ns);
6487 				ns <<= 12;
6488 			}
6489 			kt = ns_to_ktime(ns);
6490 		} else {	/* ndelay has a 4.2 second max */
6491 			kt = sdebug_random ? get_random_u32_below((u32)ndelay) :
6492 					     (u32)ndelay;
6493 			if (ndelay < INCLUSIVE_TIMING_MAX_NS) {
6494 				u64 d = ktime_get_boottime_ns() - ns_from_boot;
6495 
6496 				if (kt <= d) {	/* elapsed duration >= kt */
6497 					/* call scsi_done() from this thread */
6498 					sdebug_free_queued_cmd(sqcp);
6499 					scsi_done(cmnd);
6500 					return 0;
6501 				}
6502 				/* otherwise reduce kt by elapsed time */
6503 				kt -= d;
6504 			}
6505 		}
6506 		if (sdebug_statistics)
6507 			sd_dp->issuing_cpu = raw_smp_processor_id();
6508 		if (polled) {
6509 			spin_lock_irqsave(&sdsc->lock, flags);
6510 			sd_dp->cmpl_ts = ktime_add(ns_to_ktime(ns_from_boot), kt);
6511 			ASSIGN_QUEUED_CMD(cmnd, sqcp);
6512 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
6513 			spin_unlock_irqrestore(&sdsc->lock, flags);
6514 		} else {
6515 			/* schedule the invocation of scsi_done() for a later time */
6516 			spin_lock_irqsave(&sdsc->lock, flags);
6517 			ASSIGN_QUEUED_CMD(cmnd, sqcp);
6518 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_HRT);
6519 			hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
6520 			/*
6521 			 * The completion handler will try to grab sqcp->lock,
6522 			 * so there is no chance that the completion handler
6523 			 * will call scsi_done() until we release the lock
6524 			 * here (so ok to keep referencing sdsc).
6525 			 */
6526 			spin_unlock_irqrestore(&sdsc->lock, flags);
6527 		}
6528 	} else {	/* jdelay < 0, use work queue */
6529 		if (unlikely((sdebug_opts & SDEBUG_OPT_CMD_ABORT) &&
6530 			     atomic_read(&sdeb_inject_pending))) {
6531 			sd_dp->aborted = true;
6532 			atomic_set(&sdeb_inject_pending, 0);
6533 			sdev_printk(KERN_INFO, sdp, "abort request tag=%#x\n",
6534 				    blk_mq_unique_tag_to_tag(get_tag(cmnd)));
6535 		}
6536 
6537 		if (sdebug_statistics)
6538 			sd_dp->issuing_cpu = raw_smp_processor_id();
6539 		if (polled) {
6540 			spin_lock_irqsave(&sdsc->lock, flags);
6541 			ASSIGN_QUEUED_CMD(cmnd, sqcp);
6542 			sd_dp->cmpl_ts = ns_to_ktime(ns_from_boot);
6543 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
6544 			spin_unlock_irqrestore(&sdsc->lock, flags);
6545 		} else {
6546 			spin_lock_irqsave(&sdsc->lock, flags);
6547 			ASSIGN_QUEUED_CMD(cmnd, sqcp);
6548 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_WQ);
6549 			schedule_work(&sd_dp->ew.work);
6550 			spin_unlock_irqrestore(&sdsc->lock, flags);
6551 		}
6552 	}
6553 
6554 	return 0;
6555 
6556 respond_in_thread:	/* call back to mid-layer using invocation thread */
6557 	cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
6558 	cmnd->result &= ~SDEG_RES_IMMED_MASK;
6559 	if (cmnd->result == 0 && scsi_result != 0)
6560 		cmnd->result = scsi_result;
6561 	scsi_done(cmnd);
6562 	return 0;
6563 }
6564 
6565 /* Note: The following macros create attribute files in the
6566    /sys/module/scsi_debug/parameters directory. Unfortunately this
6567    driver is unaware of a change and cannot trigger auxiliary actions
6568    as it can when the corresponding attribute in the
6569    /sys/bus/pseudo/drivers/scsi_debug directory is changed.
6570  */
6571 module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
6572 module_param_named(ato, sdebug_ato, int, S_IRUGO);
6573 module_param_named(cdb_len, sdebug_cdb_len, int, 0644);
6574 module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
6575 module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
6576 module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
6577 module_param_named(dif, sdebug_dif, int, S_IRUGO);
6578 module_param_named(dix, sdebug_dix, int, S_IRUGO);
6579 module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
6580 module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
6581 module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
6582 module_param_named(guard, sdebug_guard, uint, S_IRUGO);
6583 module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
6584 module_param_named(host_max_queue, sdebug_host_max_queue, int, S_IRUGO);
6585 module_param_string(inq_product, sdebug_inq_product_id,
6586 		    sizeof(sdebug_inq_product_id), S_IRUGO | S_IWUSR);
6587 module_param_string(inq_rev, sdebug_inq_product_rev,
6588 		    sizeof(sdebug_inq_product_rev), S_IRUGO | S_IWUSR);
6589 module_param_string(inq_vendor, sdebug_inq_vendor_id,
6590 		    sizeof(sdebug_inq_vendor_id), S_IRUGO | S_IWUSR);
6591 module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
6592 module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
6593 module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
6594 module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
6595 module_param_named(atomic_wr, sdebug_atomic_wr, int, S_IRUGO);
6596 module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
6597 module_param_named(lun_format, sdebug_lun_am_i, int, S_IRUGO | S_IWUSR);
6598 module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
6599 module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
6600 module_param_named(medium_error_count, sdebug_medium_error_count, int,
6601 		   S_IRUGO | S_IWUSR);
6602 module_param_named(medium_error_start, sdebug_medium_error_start, int,
6603 		   S_IRUGO | S_IWUSR);
6604 module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
6605 module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
6606 module_param_named(no_rwlock, sdebug_no_rwlock, bool, S_IRUGO | S_IWUSR);
6607 module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
6608 module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
6609 module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
6610 module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
6611 module_param_named(opt_xferlen_exp, sdebug_opt_xferlen_exp, int, S_IRUGO);
6612 module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
6613 module_param_named(per_host_store, sdebug_per_host_store, bool,
6614 		   S_IRUGO | S_IWUSR);
6615 module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
6616 module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
6617 module_param_named(random, sdebug_random, bool, S_IRUGO | S_IWUSR);
6618 module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
6619 module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
6620 module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
6621 module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
6622 module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
6623 module_param_named(submit_queues, submit_queues, int, S_IRUGO);
6624 module_param_named(poll_queues, poll_queues, int, S_IRUGO);
6625 module_param_named(tur_ms_to_ready, sdeb_tur_ms_to_ready, int, S_IRUGO);
6626 module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
6627 module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
6628 module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
6629 module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
6630 module_param_named(atomic_wr_max_length, sdebug_atomic_wr_max_length, int, S_IRUGO);
6631 module_param_named(atomic_wr_align, sdebug_atomic_wr_align, int, S_IRUGO);
6632 module_param_named(atomic_wr_gran, sdebug_atomic_wr_gran, int, S_IRUGO);
6633 module_param_named(atomic_wr_max_length_bndry, sdebug_atomic_wr_max_length_bndry, int, S_IRUGO);
6634 module_param_named(atomic_wr_max_bndry, sdebug_atomic_wr_max_bndry, int, S_IRUGO);
6635 module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
6636 module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
6637 module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
6638 		   S_IRUGO | S_IWUSR);
6639 module_param_named(wp, sdebug_wp, bool, S_IRUGO | S_IWUSR);
6640 module_param_named(write_same_length, sdebug_write_same_length, int,
6641 		   S_IRUGO | S_IWUSR);
6642 module_param_named(zbc, sdeb_zbc_model_s, charp, S_IRUGO);
6643 module_param_named(zone_cap_mb, sdeb_zbc_zone_cap_mb, int, S_IRUGO);
6644 module_param_named(zone_max_open, sdeb_zbc_max_open, int, S_IRUGO);
6645 module_param_named(zone_nr_conv, sdeb_zbc_nr_conv, int, S_IRUGO);
6646 module_param_named(zone_size_mb, sdeb_zbc_zone_size_mb, int, S_IRUGO);
6647 module_param_named(allow_restart, sdebug_allow_restart, bool, S_IRUGO | S_IWUSR);
6648 
6649 MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
6650 MODULE_DESCRIPTION("SCSI debug adapter driver");
6651 MODULE_LICENSE("GPL");
6652 MODULE_VERSION(SDEBUG_VERSION);
6653 
6654 MODULE_PARM_DESC(add_host, "add n hosts, in sysfs if negative remove host(s) (def=1)");
6655 MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
6656 MODULE_PARM_DESC(cdb_len, "suggest CDB lengths to drivers (def=10)");
6657 MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
6658 MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
6659 MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
6660 MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
6661 MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
6662 MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
6663 MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
6664 MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
6665 MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
6666 MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
6667 MODULE_PARM_DESC(host_max_queue,
6668 		 "host max # of queued cmds (0 to max(def) [max_queue fixed equal for !0])");
6669 MODULE_PARM_DESC(inq_product, "SCSI INQUIRY product string (def=\"scsi_debug\")");
6670 MODULE_PARM_DESC(inq_rev, "SCSI INQUIRY revision string (def=\""
6671 		 SDEBUG_VERSION "\")");
6672 MODULE_PARM_DESC(inq_vendor, "SCSI INQUIRY vendor string (def=\"Linux\")");
6673 MODULE_PARM_DESC(lbprz,
6674 		 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
6675 MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
6676 MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
6677 MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
6678 MODULE_PARM_DESC(atomic_write, "enable ATOMIC WRITE support, support WRITE ATOMIC(16) (def=0)");
6679 MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
6680 MODULE_PARM_DESC(lun_format, "LUN format: 0->peripheral (def); 1 --> flat address method");
6681 MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
6682 MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
6683 MODULE_PARM_DESC(medium_error_count, "count of sectors to return follow on MEDIUM error");
6684 MODULE_PARM_DESC(medium_error_start, "starting sector number to return MEDIUM error");
6685 MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
6686 MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
6687 MODULE_PARM_DESC(no_rwlock, "don't protect user data reads+writes (def=0)");
6688 MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
6689 MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
6690 MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
6691 MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
6692 MODULE_PARM_DESC(opt_xferlen_exp, "optimal transfer length granularity exponent (def=physblk_exp)");
6693 MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
6694 MODULE_PARM_DESC(per_host_store, "If set, next positive add_host will get new store (def=0)");
6695 MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
6696 MODULE_PARM_DESC(poll_queues, "support for iouring iopoll queues (1 to max(submit_queues - 1))");
6697 MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
6698 MODULE_PARM_DESC(random, "If set, uniformly randomize command duration between 0 and delay_in_ns");
6699 MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
6700 MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
6701 MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
6702 MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
6703 MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
6704 MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
6705 MODULE_PARM_DESC(tur_ms_to_ready, "TEST UNIT READY millisecs before initial good status (def=0)");
6706 MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
6707 MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
6708 MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
6709 MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
6710 MODULE_PARM_DESC(atomic_wr_max_length, "max # of blocks can be atomically written in one cmd (def=8192)");
6711 MODULE_PARM_DESC(atomic_wr_align, "minimum alignment of atomic write in blocks (def=2)");
6712 MODULE_PARM_DESC(atomic_wr_gran, "minimum granularity of atomic write in blocks (def=2)");
6713 MODULE_PARM_DESC(atomic_wr_max_length_bndry, "max # of blocks can be atomically written in one cmd with boundary set (def=8192)");
6714 MODULE_PARM_DESC(atomic_wr_max_bndry, "max # boundaries per atomic write (def=128)");
6715 MODULE_PARM_DESC(uuid_ctl,
6716 		 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
6717 MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
6718 MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
6719 MODULE_PARM_DESC(wp, "Write Protect (def=0)");
6720 MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
6721 MODULE_PARM_DESC(zbc, "'none' [0]; 'aware' [1]; 'managed' [2] (def=0). Can have 'host-' prefix");
6722 MODULE_PARM_DESC(zone_cap_mb, "Zone capacity in MiB (def=zone size)");
6723 MODULE_PARM_DESC(zone_max_open, "Maximum number of open zones; [0] for no limit (def=auto)");
6724 MODULE_PARM_DESC(zone_nr_conv, "Number of conventional zones (def=1)");
6725 MODULE_PARM_DESC(zone_size_mb, "Zone size in MiB (def=auto)");
6726 MODULE_PARM_DESC(allow_restart, "Set scsi_device's allow_restart flag(def=0)");
6727 
6728 #define SDEBUG_INFO_LEN 256
6729 static char sdebug_info[SDEBUG_INFO_LEN];
6730 
6731 static const char *scsi_debug_info(struct Scsi_Host *shp)
6732 {
6733 	int k;
6734 
6735 	k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
6736 		      my_name, SDEBUG_VERSION, sdebug_version_date);
6737 	if (k >= (SDEBUG_INFO_LEN - 1))
6738 		return sdebug_info;
6739 	scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
6740 		  "  dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
6741 		  sdebug_dev_size_mb, sdebug_opts, submit_queues,
6742 		  "statistics", (int)sdebug_statistics);
6743 	return sdebug_info;
6744 }
6745 
6746 /* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
6747 static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
6748 				 int length)
6749 {
6750 	char arr[16];
6751 	int opts;
6752 	int minLen = length > 15 ? 15 : length;
6753 
6754 	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
6755 		return -EACCES;
6756 	memcpy(arr, buffer, minLen);
6757 	arr[minLen] = '\0';
6758 	if (1 != sscanf(arr, "%d", &opts))
6759 		return -EINVAL;
6760 	sdebug_opts = opts;
6761 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
6762 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
6763 	if (sdebug_every_nth != 0)
6764 		tweak_cmnd_count();
6765 	return length;
6766 }
6767 
6768 struct sdebug_submit_queue_data {
6769 	int *first;
6770 	int *last;
6771 	int queue_num;
6772 };
6773 
6774 static bool sdebug_submit_queue_iter(struct request *rq, void *opaque)
6775 {
6776 	struct sdebug_submit_queue_data *data = opaque;
6777 	u32 unique_tag = blk_mq_unique_tag(rq);
6778 	u16 hwq = blk_mq_unique_tag_to_hwq(unique_tag);
6779 	u16 tag = blk_mq_unique_tag_to_tag(unique_tag);
6780 	int queue_num = data->queue_num;
6781 
6782 	if (hwq != queue_num)
6783 		return true;
6784 
6785 	/* Rely on iter'ing in ascending tag order */
6786 	if (*data->first == -1)
6787 		*data->first = *data->last = tag;
6788 	else
6789 		*data->last = tag;
6790 
6791 	return true;
6792 }
6793 
6794 /* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
6795  * same for each scsi_debug host (if more than one). Some of the counters
6796  * output are not atomics so might be inaccurate in a busy system. */
6797 static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
6798 {
6799 	struct sdebug_host_info *sdhp;
6800 	int j;
6801 
6802 	seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
6803 		   SDEBUG_VERSION, sdebug_version_date);
6804 	seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
6805 		   sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
6806 		   sdebug_opts, sdebug_every_nth);
6807 	seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
6808 		   sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
6809 		   sdebug_sector_size, "bytes");
6810 	seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
6811 		   sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
6812 		   num_aborts);
6813 	seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
6814 		   num_dev_resets, num_target_resets, num_bus_resets,
6815 		   num_host_resets);
6816 	seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
6817 		   dix_reads, dix_writes, dif_errors);
6818 	seq_printf(m, "usec_in_jiffy=%lu, statistics=%d\n", TICK_NSEC / 1000,
6819 		   sdebug_statistics);
6820 	seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d, mq_polls=%d\n",
6821 		   atomic_read(&sdebug_cmnd_count),
6822 		   atomic_read(&sdebug_completions),
6823 		   "miss_cpus", atomic_read(&sdebug_miss_cpus),
6824 		   atomic_read(&sdebug_a_tsf),
6825 		   atomic_read(&sdeb_mq_poll_count));
6826 
6827 	seq_printf(m, "submit_queues=%d\n", submit_queues);
6828 	for (j = 0; j < submit_queues; ++j) {
6829 		int f = -1, l = -1;
6830 		struct sdebug_submit_queue_data data = {
6831 			.queue_num = j,
6832 			.first = &f,
6833 			.last = &l,
6834 		};
6835 		seq_printf(m, "  queue %d:\n", j);
6836 		blk_mq_tagset_busy_iter(&host->tag_set, sdebug_submit_queue_iter,
6837 					&data);
6838 		if (f >= 0) {
6839 			seq_printf(m, "    in_use_bm BUSY: %s: %d,%d\n",
6840 				   "first,last bits", f, l);
6841 		}
6842 	}
6843 
6844 	seq_printf(m, "this host_no=%d\n", host->host_no);
6845 	if (!xa_empty(per_store_ap)) {
6846 		bool niu;
6847 		int idx;
6848 		unsigned long l_idx;
6849 		struct sdeb_store_info *sip;
6850 
6851 		seq_puts(m, "\nhost list:\n");
6852 		j = 0;
6853 		list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6854 			idx = sdhp->si_idx;
6855 			seq_printf(m, "  %d: host_no=%d, si_idx=%d\n", j,
6856 				   sdhp->shost->host_no, idx);
6857 			++j;
6858 		}
6859 		seq_printf(m, "\nper_store array [most_recent_idx=%d]:\n",
6860 			   sdeb_most_recent_idx);
6861 		j = 0;
6862 		xa_for_each(per_store_ap, l_idx, sip) {
6863 			niu = xa_get_mark(per_store_ap, l_idx,
6864 					  SDEB_XA_NOT_IN_USE);
6865 			idx = (int)l_idx;
6866 			seq_printf(m, "  %d: idx=%d%s\n", j, idx,
6867 				   (niu ? "  not_in_use" : ""));
6868 			++j;
6869 		}
6870 	}
6871 	return 0;
6872 }
6873 
6874 static ssize_t delay_show(struct device_driver *ddp, char *buf)
6875 {
6876 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
6877 }
6878 /* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
6879  * of delay is jiffies.
6880  */
6881 static ssize_t delay_store(struct device_driver *ddp, const char *buf,
6882 			   size_t count)
6883 {
6884 	int jdelay, res;
6885 
6886 	if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
6887 		res = count;
6888 		if (sdebug_jdelay != jdelay) {
6889 			struct sdebug_host_info *sdhp;
6890 
6891 			mutex_lock(&sdebug_host_list_mutex);
6892 			block_unblock_all_queues(true);
6893 
6894 			list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6895 				struct Scsi_Host *shost = sdhp->shost;
6896 
6897 				if (scsi_host_busy(shost)) {
6898 					res = -EBUSY;   /* queued commands */
6899 					break;
6900 				}
6901 			}
6902 			if (res > 0) {
6903 				sdebug_jdelay = jdelay;
6904 				sdebug_ndelay = 0;
6905 			}
6906 			block_unblock_all_queues(false);
6907 			mutex_unlock(&sdebug_host_list_mutex);
6908 		}
6909 		return res;
6910 	}
6911 	return -EINVAL;
6912 }
6913 static DRIVER_ATTR_RW(delay);
6914 
6915 static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
6916 {
6917 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
6918 }
6919 /* Returns -EBUSY if ndelay is being changed and commands are queued */
6920 /* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
6921 static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
6922 			    size_t count)
6923 {
6924 	int ndelay, res;
6925 
6926 	if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
6927 	    (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
6928 		res = count;
6929 		if (sdebug_ndelay != ndelay) {
6930 			struct sdebug_host_info *sdhp;
6931 
6932 			mutex_lock(&sdebug_host_list_mutex);
6933 			block_unblock_all_queues(true);
6934 
6935 			list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6936 				struct Scsi_Host *shost = sdhp->shost;
6937 
6938 				if (scsi_host_busy(shost)) {
6939 					res = -EBUSY;   /* queued commands */
6940 					break;
6941 				}
6942 			}
6943 
6944 			if (res > 0) {
6945 				sdebug_ndelay = ndelay;
6946 				sdebug_jdelay = ndelay  ? JDELAY_OVERRIDDEN
6947 							: DEF_JDELAY;
6948 			}
6949 			block_unblock_all_queues(false);
6950 			mutex_unlock(&sdebug_host_list_mutex);
6951 		}
6952 		return res;
6953 	}
6954 	return -EINVAL;
6955 }
6956 static DRIVER_ATTR_RW(ndelay);
6957 
6958 static ssize_t opts_show(struct device_driver *ddp, char *buf)
6959 {
6960 	return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
6961 }
6962 
6963 static ssize_t opts_store(struct device_driver *ddp, const char *buf,
6964 			  size_t count)
6965 {
6966 	int opts;
6967 	char work[20];
6968 
6969 	if (sscanf(buf, "%10s", work) == 1) {
6970 		if (strncasecmp(work, "0x", 2) == 0) {
6971 			if (kstrtoint(work + 2, 16, &opts) == 0)
6972 				goto opts_done;
6973 		} else {
6974 			if (kstrtoint(work, 10, &opts) == 0)
6975 				goto opts_done;
6976 		}
6977 	}
6978 	return -EINVAL;
6979 opts_done:
6980 	sdebug_opts = opts;
6981 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
6982 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
6983 	tweak_cmnd_count();
6984 	return count;
6985 }
6986 static DRIVER_ATTR_RW(opts);
6987 
6988 static ssize_t ptype_show(struct device_driver *ddp, char *buf)
6989 {
6990 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
6991 }
6992 static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
6993 			   size_t count)
6994 {
6995 	int n;
6996 
6997 	/* Cannot change from or to TYPE_ZBC with sysfs */
6998 	if (sdebug_ptype == TYPE_ZBC)
6999 		return -EINVAL;
7000 
7001 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7002 		if (n == TYPE_ZBC)
7003 			return -EINVAL;
7004 		sdebug_ptype = n;
7005 		return count;
7006 	}
7007 	return -EINVAL;
7008 }
7009 static DRIVER_ATTR_RW(ptype);
7010 
7011 static ssize_t dsense_show(struct device_driver *ddp, char *buf)
7012 {
7013 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
7014 }
7015 static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
7016 			    size_t count)
7017 {
7018 	int n;
7019 
7020 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7021 		sdebug_dsense = n;
7022 		return count;
7023 	}
7024 	return -EINVAL;
7025 }
7026 static DRIVER_ATTR_RW(dsense);
7027 
7028 static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
7029 {
7030 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
7031 }
7032 static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
7033 			     size_t count)
7034 {
7035 	int n, idx;
7036 
7037 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7038 		bool want_store = (n == 0);
7039 		struct sdebug_host_info *sdhp;
7040 
7041 		n = (n > 0);
7042 		sdebug_fake_rw = (sdebug_fake_rw > 0);
7043 		if (sdebug_fake_rw == n)
7044 			return count;	/* not transitioning so do nothing */
7045 
7046 		if (want_store) {	/* 1 --> 0 transition, set up store */
7047 			if (sdeb_first_idx < 0) {
7048 				idx = sdebug_add_store();
7049 				if (idx < 0)
7050 					return idx;
7051 			} else {
7052 				idx = sdeb_first_idx;
7053 				xa_clear_mark(per_store_ap, idx,
7054 					      SDEB_XA_NOT_IN_USE);
7055 			}
7056 			/* make all hosts use same store */
7057 			list_for_each_entry(sdhp, &sdebug_host_list,
7058 					    host_list) {
7059 				if (sdhp->si_idx != idx) {
7060 					xa_set_mark(per_store_ap, sdhp->si_idx,
7061 						    SDEB_XA_NOT_IN_USE);
7062 					sdhp->si_idx = idx;
7063 				}
7064 			}
7065 			sdeb_most_recent_idx = idx;
7066 		} else {	/* 0 --> 1 transition is trigger for shrink */
7067 			sdebug_erase_all_stores(true /* apart from first */);
7068 		}
7069 		sdebug_fake_rw = n;
7070 		return count;
7071 	}
7072 	return -EINVAL;
7073 }
7074 static DRIVER_ATTR_RW(fake_rw);
7075 
7076 static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
7077 {
7078 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
7079 }
7080 static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
7081 			      size_t count)
7082 {
7083 	int n;
7084 
7085 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7086 		sdebug_no_lun_0 = n;
7087 		return count;
7088 	}
7089 	return -EINVAL;
7090 }
7091 static DRIVER_ATTR_RW(no_lun_0);
7092 
7093 static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
7094 {
7095 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
7096 }
7097 static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
7098 			      size_t count)
7099 {
7100 	int n;
7101 
7102 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7103 		sdebug_num_tgts = n;
7104 		sdebug_max_tgts_luns();
7105 		return count;
7106 	}
7107 	return -EINVAL;
7108 }
7109 static DRIVER_ATTR_RW(num_tgts);
7110 
7111 static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
7112 {
7113 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
7114 }
7115 static DRIVER_ATTR_RO(dev_size_mb);
7116 
7117 static ssize_t per_host_store_show(struct device_driver *ddp, char *buf)
7118 {
7119 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_per_host_store);
7120 }
7121 
7122 static ssize_t per_host_store_store(struct device_driver *ddp, const char *buf,
7123 				    size_t count)
7124 {
7125 	bool v;
7126 
7127 	if (kstrtobool(buf, &v))
7128 		return -EINVAL;
7129 
7130 	sdebug_per_host_store = v;
7131 	return count;
7132 }
7133 static DRIVER_ATTR_RW(per_host_store);
7134 
7135 static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
7136 {
7137 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
7138 }
7139 static DRIVER_ATTR_RO(num_parts);
7140 
7141 static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
7142 {
7143 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
7144 }
7145 static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
7146 			       size_t count)
7147 {
7148 	int nth;
7149 	char work[20];
7150 
7151 	if (sscanf(buf, "%10s", work) == 1) {
7152 		if (strncasecmp(work, "0x", 2) == 0) {
7153 			if (kstrtoint(work + 2, 16, &nth) == 0)
7154 				goto every_nth_done;
7155 		} else {
7156 			if (kstrtoint(work, 10, &nth) == 0)
7157 				goto every_nth_done;
7158 		}
7159 	}
7160 	return -EINVAL;
7161 
7162 every_nth_done:
7163 	sdebug_every_nth = nth;
7164 	if (nth && !sdebug_statistics) {
7165 		pr_info("every_nth needs statistics=1, set it\n");
7166 		sdebug_statistics = true;
7167 	}
7168 	tweak_cmnd_count();
7169 	return count;
7170 }
7171 static DRIVER_ATTR_RW(every_nth);
7172 
7173 static ssize_t lun_format_show(struct device_driver *ddp, char *buf)
7174 {
7175 	return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_lun_am);
7176 }
7177 static ssize_t lun_format_store(struct device_driver *ddp, const char *buf,
7178 				size_t count)
7179 {
7180 	int n;
7181 	bool changed;
7182 
7183 	if (kstrtoint(buf, 0, &n))
7184 		return -EINVAL;
7185 	if (n >= 0) {
7186 		if (n > (int)SAM_LUN_AM_FLAT) {
7187 			pr_warn("only LUN address methods 0 and 1 are supported\n");
7188 			return -EINVAL;
7189 		}
7190 		changed = ((int)sdebug_lun_am != n);
7191 		sdebug_lun_am = n;
7192 		if (changed && sdebug_scsi_level >= 5) {	/* >= SPC-3 */
7193 			struct sdebug_host_info *sdhp;
7194 			struct sdebug_dev_info *dp;
7195 
7196 			mutex_lock(&sdebug_host_list_mutex);
7197 			list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
7198 				list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
7199 					set_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
7200 				}
7201 			}
7202 			mutex_unlock(&sdebug_host_list_mutex);
7203 		}
7204 		return count;
7205 	}
7206 	return -EINVAL;
7207 }
7208 static DRIVER_ATTR_RW(lun_format);
7209 
7210 static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
7211 {
7212 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
7213 }
7214 static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
7215 			      size_t count)
7216 {
7217 	int n;
7218 	bool changed;
7219 
7220 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7221 		if (n > 256) {
7222 			pr_warn("max_luns can be no more than 256\n");
7223 			return -EINVAL;
7224 		}
7225 		changed = (sdebug_max_luns != n);
7226 		sdebug_max_luns = n;
7227 		sdebug_max_tgts_luns();
7228 		if (changed && (sdebug_scsi_level >= 5)) {	/* >= SPC-3 */
7229 			struct sdebug_host_info *sdhp;
7230 			struct sdebug_dev_info *dp;
7231 
7232 			mutex_lock(&sdebug_host_list_mutex);
7233 			list_for_each_entry(sdhp, &sdebug_host_list,
7234 					    host_list) {
7235 				list_for_each_entry(dp, &sdhp->dev_info_list,
7236 						    dev_list) {
7237 					set_bit(SDEBUG_UA_LUNS_CHANGED,
7238 						dp->uas_bm);
7239 				}
7240 			}
7241 			mutex_unlock(&sdebug_host_list_mutex);
7242 		}
7243 		return count;
7244 	}
7245 	return -EINVAL;
7246 }
7247 static DRIVER_ATTR_RW(max_luns);
7248 
7249 static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
7250 {
7251 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
7252 }
7253 /* N.B. max_queue can be changed while there are queued commands. In flight
7254  * commands beyond the new max_queue will be completed. */
7255 static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
7256 			       size_t count)
7257 {
7258 	int n;
7259 
7260 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
7261 	    (n <= SDEBUG_CANQUEUE) &&
7262 	    (sdebug_host_max_queue == 0)) {
7263 		mutex_lock(&sdebug_host_list_mutex);
7264 
7265 		/* We may only change sdebug_max_queue when we have no shosts */
7266 		if (list_empty(&sdebug_host_list))
7267 			sdebug_max_queue = n;
7268 		else
7269 			count = -EBUSY;
7270 		mutex_unlock(&sdebug_host_list_mutex);
7271 		return count;
7272 	}
7273 	return -EINVAL;
7274 }
7275 static DRIVER_ATTR_RW(max_queue);
7276 
7277 static ssize_t host_max_queue_show(struct device_driver *ddp, char *buf)
7278 {
7279 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_host_max_queue);
7280 }
7281 
7282 static ssize_t no_rwlock_show(struct device_driver *ddp, char *buf)
7283 {
7284 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_rwlock);
7285 }
7286 
7287 static ssize_t no_rwlock_store(struct device_driver *ddp, const char *buf, size_t count)
7288 {
7289 	bool v;
7290 
7291 	if (kstrtobool(buf, &v))
7292 		return -EINVAL;
7293 
7294 	sdebug_no_rwlock = v;
7295 	return count;
7296 }
7297 static DRIVER_ATTR_RW(no_rwlock);
7298 
7299 /*
7300  * Since this is used for .can_queue, and we get the hc_idx tag from the bitmap
7301  * in range [0, sdebug_host_max_queue), we can't change it.
7302  */
7303 static DRIVER_ATTR_RO(host_max_queue);
7304 
7305 static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
7306 {
7307 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
7308 }
7309 static DRIVER_ATTR_RO(no_uld);
7310 
7311 static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
7312 {
7313 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
7314 }
7315 static DRIVER_ATTR_RO(scsi_level);
7316 
7317 static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
7318 {
7319 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
7320 }
7321 static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
7322 				size_t count)
7323 {
7324 	int n;
7325 	bool changed;
7326 
7327 	/* Ignore capacity change for ZBC drives for now */
7328 	if (sdeb_zbc_in_use)
7329 		return -ENOTSUPP;
7330 
7331 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7332 		changed = (sdebug_virtual_gb != n);
7333 		sdebug_virtual_gb = n;
7334 		sdebug_capacity = get_sdebug_capacity();
7335 		if (changed) {
7336 			struct sdebug_host_info *sdhp;
7337 			struct sdebug_dev_info *dp;
7338 
7339 			mutex_lock(&sdebug_host_list_mutex);
7340 			list_for_each_entry(sdhp, &sdebug_host_list,
7341 					    host_list) {
7342 				list_for_each_entry(dp, &sdhp->dev_info_list,
7343 						    dev_list) {
7344 					set_bit(SDEBUG_UA_CAPACITY_CHANGED,
7345 						dp->uas_bm);
7346 				}
7347 			}
7348 			mutex_unlock(&sdebug_host_list_mutex);
7349 		}
7350 		return count;
7351 	}
7352 	return -EINVAL;
7353 }
7354 static DRIVER_ATTR_RW(virtual_gb);
7355 
7356 static ssize_t add_host_show(struct device_driver *ddp, char *buf)
7357 {
7358 	/* absolute number of hosts currently active is what is shown */
7359 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_hosts);
7360 }
7361 
7362 static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
7363 			      size_t count)
7364 {
7365 	bool found;
7366 	unsigned long idx;
7367 	struct sdeb_store_info *sip;
7368 	bool want_phs = (sdebug_fake_rw == 0) && sdebug_per_host_store;
7369 	int delta_hosts;
7370 
7371 	if (sscanf(buf, "%d", &delta_hosts) != 1)
7372 		return -EINVAL;
7373 	if (delta_hosts > 0) {
7374 		do {
7375 			found = false;
7376 			if (want_phs) {
7377 				xa_for_each_marked(per_store_ap, idx, sip,
7378 						   SDEB_XA_NOT_IN_USE) {
7379 					sdeb_most_recent_idx = (int)idx;
7380 					found = true;
7381 					break;
7382 				}
7383 				if (found)	/* re-use case */
7384 					sdebug_add_host_helper((int)idx);
7385 				else
7386 					sdebug_do_add_host(true);
7387 			} else {
7388 				sdebug_do_add_host(false);
7389 			}
7390 		} while (--delta_hosts);
7391 	} else if (delta_hosts < 0) {
7392 		do {
7393 			sdebug_do_remove_host(false);
7394 		} while (++delta_hosts);
7395 	}
7396 	return count;
7397 }
7398 static DRIVER_ATTR_RW(add_host);
7399 
7400 static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
7401 {
7402 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
7403 }
7404 static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
7405 				    size_t count)
7406 {
7407 	int n;
7408 
7409 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7410 		sdebug_vpd_use_hostno = n;
7411 		return count;
7412 	}
7413 	return -EINVAL;
7414 }
7415 static DRIVER_ATTR_RW(vpd_use_hostno);
7416 
7417 static ssize_t statistics_show(struct device_driver *ddp, char *buf)
7418 {
7419 	return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
7420 }
7421 static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
7422 				size_t count)
7423 {
7424 	int n;
7425 
7426 	if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
7427 		if (n > 0)
7428 			sdebug_statistics = true;
7429 		else {
7430 			clear_queue_stats();
7431 			sdebug_statistics = false;
7432 		}
7433 		return count;
7434 	}
7435 	return -EINVAL;
7436 }
7437 static DRIVER_ATTR_RW(statistics);
7438 
7439 static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
7440 {
7441 	return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
7442 }
7443 static DRIVER_ATTR_RO(sector_size);
7444 
7445 static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
7446 {
7447 	return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
7448 }
7449 static DRIVER_ATTR_RO(submit_queues);
7450 
7451 static ssize_t dix_show(struct device_driver *ddp, char *buf)
7452 {
7453 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
7454 }
7455 static DRIVER_ATTR_RO(dix);
7456 
7457 static ssize_t dif_show(struct device_driver *ddp, char *buf)
7458 {
7459 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
7460 }
7461 static DRIVER_ATTR_RO(dif);
7462 
7463 static ssize_t guard_show(struct device_driver *ddp, char *buf)
7464 {
7465 	return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
7466 }
7467 static DRIVER_ATTR_RO(guard);
7468 
7469 static ssize_t ato_show(struct device_driver *ddp, char *buf)
7470 {
7471 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
7472 }
7473 static DRIVER_ATTR_RO(ato);
7474 
7475 static ssize_t map_show(struct device_driver *ddp, char *buf)
7476 {
7477 	ssize_t count = 0;
7478 
7479 	if (!scsi_debug_lbp())
7480 		return scnprintf(buf, PAGE_SIZE, "0-%u\n",
7481 				 sdebug_store_sectors);
7482 
7483 	if (sdebug_fake_rw == 0 && !xa_empty(per_store_ap)) {
7484 		struct sdeb_store_info *sip = xa_load(per_store_ap, 0);
7485 
7486 		if (sip)
7487 			count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
7488 					  (int)map_size, sip->map_storep);
7489 	}
7490 	buf[count++] = '\n';
7491 	buf[count] = '\0';
7492 
7493 	return count;
7494 }
7495 static DRIVER_ATTR_RO(map);
7496 
7497 static ssize_t random_show(struct device_driver *ddp, char *buf)
7498 {
7499 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_random);
7500 }
7501 
7502 static ssize_t random_store(struct device_driver *ddp, const char *buf,
7503 			    size_t count)
7504 {
7505 	bool v;
7506 
7507 	if (kstrtobool(buf, &v))
7508 		return -EINVAL;
7509 
7510 	sdebug_random = v;
7511 	return count;
7512 }
7513 static DRIVER_ATTR_RW(random);
7514 
7515 static ssize_t removable_show(struct device_driver *ddp, char *buf)
7516 {
7517 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
7518 }
7519 static ssize_t removable_store(struct device_driver *ddp, const char *buf,
7520 			       size_t count)
7521 {
7522 	int n;
7523 
7524 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7525 		sdebug_removable = (n > 0);
7526 		return count;
7527 	}
7528 	return -EINVAL;
7529 }
7530 static DRIVER_ATTR_RW(removable);
7531 
7532 static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
7533 {
7534 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
7535 }
7536 /* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
7537 static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
7538 			       size_t count)
7539 {
7540 	int n;
7541 
7542 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7543 		sdebug_host_lock = (n > 0);
7544 		return count;
7545 	}
7546 	return -EINVAL;
7547 }
7548 static DRIVER_ATTR_RW(host_lock);
7549 
7550 static ssize_t strict_show(struct device_driver *ddp, char *buf)
7551 {
7552 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
7553 }
7554 static ssize_t strict_store(struct device_driver *ddp, const char *buf,
7555 			    size_t count)
7556 {
7557 	int n;
7558 
7559 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
7560 		sdebug_strict = (n > 0);
7561 		return count;
7562 	}
7563 	return -EINVAL;
7564 }
7565 static DRIVER_ATTR_RW(strict);
7566 
7567 static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
7568 {
7569 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
7570 }
7571 static DRIVER_ATTR_RO(uuid_ctl);
7572 
7573 static ssize_t cdb_len_show(struct device_driver *ddp, char *buf)
7574 {
7575 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_cdb_len);
7576 }
7577 static ssize_t cdb_len_store(struct device_driver *ddp, const char *buf,
7578 			     size_t count)
7579 {
7580 	int ret, n;
7581 
7582 	ret = kstrtoint(buf, 0, &n);
7583 	if (ret)
7584 		return ret;
7585 	sdebug_cdb_len = n;
7586 	all_config_cdb_len();
7587 	return count;
7588 }
7589 static DRIVER_ATTR_RW(cdb_len);
7590 
7591 static const char * const zbc_model_strs_a[] = {
7592 	[BLK_ZONED_NONE] = "none",
7593 	[BLK_ZONED_HA]   = "host-aware",
7594 	[BLK_ZONED_HM]   = "host-managed",
7595 };
7596 
7597 static const char * const zbc_model_strs_b[] = {
7598 	[BLK_ZONED_NONE] = "no",
7599 	[BLK_ZONED_HA]   = "aware",
7600 	[BLK_ZONED_HM]   = "managed",
7601 };
7602 
7603 static const char * const zbc_model_strs_c[] = {
7604 	[BLK_ZONED_NONE] = "0",
7605 	[BLK_ZONED_HA]   = "1",
7606 	[BLK_ZONED_HM]   = "2",
7607 };
7608 
7609 static int sdeb_zbc_model_str(const char *cp)
7610 {
7611 	int res = sysfs_match_string(zbc_model_strs_a, cp);
7612 
7613 	if (res < 0) {
7614 		res = sysfs_match_string(zbc_model_strs_b, cp);
7615 		if (res < 0) {
7616 			res = sysfs_match_string(zbc_model_strs_c, cp);
7617 			if (res < 0)
7618 				return -EINVAL;
7619 		}
7620 	}
7621 	return res;
7622 }
7623 
7624 static ssize_t zbc_show(struct device_driver *ddp, char *buf)
7625 {
7626 	return scnprintf(buf, PAGE_SIZE, "%s\n",
7627 			 zbc_model_strs_a[sdeb_zbc_model]);
7628 }
7629 static DRIVER_ATTR_RO(zbc);
7630 
7631 static ssize_t tur_ms_to_ready_show(struct device_driver *ddp, char *buf)
7632 {
7633 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdeb_tur_ms_to_ready);
7634 }
7635 static DRIVER_ATTR_RO(tur_ms_to_ready);
7636 
7637 static ssize_t group_number_stats_show(struct device_driver *ddp, char *buf)
7638 {
7639 	char *p = buf, *end = buf + PAGE_SIZE;
7640 	int i;
7641 
7642 	for (i = 0; i < ARRAY_SIZE(writes_by_group_number); i++)
7643 		p += scnprintf(p, end - p, "%d %ld\n", i,
7644 			       atomic_long_read(&writes_by_group_number[i]));
7645 
7646 	return p - buf;
7647 }
7648 
7649 static ssize_t group_number_stats_store(struct device_driver *ddp,
7650 					const char *buf, size_t count)
7651 {
7652 	int i;
7653 
7654 	for (i = 0; i < ARRAY_SIZE(writes_by_group_number); i++)
7655 		atomic_long_set(&writes_by_group_number[i], 0);
7656 
7657 	return count;
7658 }
7659 static DRIVER_ATTR_RW(group_number_stats);
7660 
7661 /* Note: The following array creates attribute files in the
7662    /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
7663    files (over those found in the /sys/module/scsi_debug/parameters
7664    directory) is that auxiliary actions can be triggered when an attribute
7665    is changed. For example see: add_host_store() above.
7666  */
7667 
7668 static struct attribute *sdebug_drv_attrs[] = {
7669 	&driver_attr_delay.attr,
7670 	&driver_attr_opts.attr,
7671 	&driver_attr_ptype.attr,
7672 	&driver_attr_dsense.attr,
7673 	&driver_attr_fake_rw.attr,
7674 	&driver_attr_host_max_queue.attr,
7675 	&driver_attr_no_lun_0.attr,
7676 	&driver_attr_num_tgts.attr,
7677 	&driver_attr_dev_size_mb.attr,
7678 	&driver_attr_num_parts.attr,
7679 	&driver_attr_every_nth.attr,
7680 	&driver_attr_lun_format.attr,
7681 	&driver_attr_max_luns.attr,
7682 	&driver_attr_max_queue.attr,
7683 	&driver_attr_no_rwlock.attr,
7684 	&driver_attr_no_uld.attr,
7685 	&driver_attr_scsi_level.attr,
7686 	&driver_attr_virtual_gb.attr,
7687 	&driver_attr_add_host.attr,
7688 	&driver_attr_per_host_store.attr,
7689 	&driver_attr_vpd_use_hostno.attr,
7690 	&driver_attr_sector_size.attr,
7691 	&driver_attr_statistics.attr,
7692 	&driver_attr_submit_queues.attr,
7693 	&driver_attr_dix.attr,
7694 	&driver_attr_dif.attr,
7695 	&driver_attr_guard.attr,
7696 	&driver_attr_ato.attr,
7697 	&driver_attr_map.attr,
7698 	&driver_attr_random.attr,
7699 	&driver_attr_removable.attr,
7700 	&driver_attr_host_lock.attr,
7701 	&driver_attr_ndelay.attr,
7702 	&driver_attr_strict.attr,
7703 	&driver_attr_uuid_ctl.attr,
7704 	&driver_attr_cdb_len.attr,
7705 	&driver_attr_tur_ms_to_ready.attr,
7706 	&driver_attr_zbc.attr,
7707 	&driver_attr_group_number_stats.attr,
7708 	NULL,
7709 };
7710 ATTRIBUTE_GROUPS(sdebug_drv);
7711 
7712 static struct device *pseudo_primary;
7713 
7714 static int __init scsi_debug_init(void)
7715 {
7716 	bool want_store = (sdebug_fake_rw == 0);
7717 	unsigned long sz;
7718 	int k, ret, hosts_to_add;
7719 	int idx = -1;
7720 
7721 	if (sdebug_ndelay >= 1000 * 1000 * 1000) {
7722 		pr_warn("ndelay must be less than 1 second, ignored\n");
7723 		sdebug_ndelay = 0;
7724 	} else if (sdebug_ndelay > 0)
7725 		sdebug_jdelay = JDELAY_OVERRIDDEN;
7726 
7727 	switch (sdebug_sector_size) {
7728 	case  512:
7729 	case 1024:
7730 	case 2048:
7731 	case 4096:
7732 		break;
7733 	default:
7734 		pr_err("invalid sector_size %d\n", sdebug_sector_size);
7735 		return -EINVAL;
7736 	}
7737 
7738 	switch (sdebug_dif) {
7739 	case T10_PI_TYPE0_PROTECTION:
7740 		break;
7741 	case T10_PI_TYPE1_PROTECTION:
7742 	case T10_PI_TYPE2_PROTECTION:
7743 	case T10_PI_TYPE3_PROTECTION:
7744 		have_dif_prot = true;
7745 		break;
7746 
7747 	default:
7748 		pr_err("dif must be 0, 1, 2 or 3\n");
7749 		return -EINVAL;
7750 	}
7751 
7752 	if (sdebug_num_tgts < 0) {
7753 		pr_err("num_tgts must be >= 0\n");
7754 		return -EINVAL;
7755 	}
7756 
7757 	if (sdebug_guard > 1) {
7758 		pr_err("guard must be 0 or 1\n");
7759 		return -EINVAL;
7760 	}
7761 
7762 	if (sdebug_ato > 1) {
7763 		pr_err("ato must be 0 or 1\n");
7764 		return -EINVAL;
7765 	}
7766 
7767 	if (sdebug_physblk_exp > 15) {
7768 		pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
7769 		return -EINVAL;
7770 	}
7771 
7772 	sdebug_lun_am = sdebug_lun_am_i;
7773 	if (sdebug_lun_am > SAM_LUN_AM_FLAT) {
7774 		pr_warn("Invalid LUN format %u, using default\n", (int)sdebug_lun_am);
7775 		sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
7776 	}
7777 
7778 	if (sdebug_max_luns > 256) {
7779 		if (sdebug_max_luns > 16384) {
7780 			pr_warn("max_luns can be no more than 16384, use default\n");
7781 			sdebug_max_luns = DEF_MAX_LUNS;
7782 		}
7783 		sdebug_lun_am = SAM_LUN_AM_FLAT;
7784 	}
7785 
7786 	if (sdebug_lowest_aligned > 0x3fff) {
7787 		pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
7788 		return -EINVAL;
7789 	}
7790 
7791 	if (submit_queues < 1) {
7792 		pr_err("submit_queues must be 1 or more\n");
7793 		return -EINVAL;
7794 	}
7795 
7796 	if ((sdebug_max_queue > SDEBUG_CANQUEUE) || (sdebug_max_queue < 1)) {
7797 		pr_err("max_queue must be in range [1, %d]\n", SDEBUG_CANQUEUE);
7798 		return -EINVAL;
7799 	}
7800 
7801 	if ((sdebug_host_max_queue > SDEBUG_CANQUEUE) ||
7802 	    (sdebug_host_max_queue < 0)) {
7803 		pr_err("host_max_queue must be in range [0 %d]\n",
7804 		       SDEBUG_CANQUEUE);
7805 		return -EINVAL;
7806 	}
7807 
7808 	if (sdebug_host_max_queue &&
7809 	    (sdebug_max_queue != sdebug_host_max_queue)) {
7810 		sdebug_max_queue = sdebug_host_max_queue;
7811 		pr_warn("fixing max submit queue depth to host max queue depth, %d\n",
7812 			sdebug_max_queue);
7813 	}
7814 
7815 	/*
7816 	 * check for host managed zoned block device specified with
7817 	 * ptype=0x14 or zbc=XXX.
7818 	 */
7819 	if (sdebug_ptype == TYPE_ZBC) {
7820 		sdeb_zbc_model = BLK_ZONED_HM;
7821 	} else if (sdeb_zbc_model_s && *sdeb_zbc_model_s) {
7822 		k = sdeb_zbc_model_str(sdeb_zbc_model_s);
7823 		if (k < 0)
7824 			return k;
7825 		sdeb_zbc_model = k;
7826 		switch (sdeb_zbc_model) {
7827 		case BLK_ZONED_NONE:
7828 		case BLK_ZONED_HA:
7829 			sdebug_ptype = TYPE_DISK;
7830 			break;
7831 		case BLK_ZONED_HM:
7832 			sdebug_ptype = TYPE_ZBC;
7833 			break;
7834 		default:
7835 			pr_err("Invalid ZBC model\n");
7836 			return -EINVAL;
7837 		}
7838 	}
7839 	if (sdeb_zbc_model != BLK_ZONED_NONE) {
7840 		sdeb_zbc_in_use = true;
7841 		if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7842 			sdebug_dev_size_mb = DEF_ZBC_DEV_SIZE_MB;
7843 	}
7844 
7845 	if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7846 		sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
7847 	if (sdebug_dev_size_mb < 1)
7848 		sdebug_dev_size_mb = 1;  /* force minimum 1 MB ramdisk */
7849 	sz = (unsigned long)sdebug_dev_size_mb * 1048576;
7850 	sdebug_store_sectors = sz / sdebug_sector_size;
7851 	sdebug_capacity = get_sdebug_capacity();
7852 
7853 	/* play around with geometry, don't waste too much on track 0 */
7854 	sdebug_heads = 8;
7855 	sdebug_sectors_per = 32;
7856 	if (sdebug_dev_size_mb >= 256)
7857 		sdebug_heads = 64;
7858 	else if (sdebug_dev_size_mb >= 16)
7859 		sdebug_heads = 32;
7860 	sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7861 			       (sdebug_sectors_per * sdebug_heads);
7862 	if (sdebug_cylinders_per >= 1024) {
7863 		/* other LLDs do this; implies >= 1GB ram disk ... */
7864 		sdebug_heads = 255;
7865 		sdebug_sectors_per = 63;
7866 		sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7867 			       (sdebug_sectors_per * sdebug_heads);
7868 	}
7869 	if (scsi_debug_lbp()) {
7870 		sdebug_unmap_max_blocks =
7871 			clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
7872 
7873 		sdebug_unmap_max_desc =
7874 			clamp(sdebug_unmap_max_desc, 0U, 256U);
7875 
7876 		sdebug_unmap_granularity =
7877 			clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
7878 
7879 		if (sdebug_unmap_alignment &&
7880 		    sdebug_unmap_granularity <=
7881 		    sdebug_unmap_alignment) {
7882 			pr_err("ERR: unmap_granularity <= unmap_alignment\n");
7883 			return -EINVAL;
7884 		}
7885 	}
7886 
7887 	xa_init_flags(per_store_ap, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
7888 	if (want_store) {
7889 		idx = sdebug_add_store();
7890 		if (idx < 0)
7891 			return idx;
7892 	}
7893 
7894 	pseudo_primary = root_device_register("pseudo_0");
7895 	if (IS_ERR(pseudo_primary)) {
7896 		pr_warn("root_device_register() error\n");
7897 		ret = PTR_ERR(pseudo_primary);
7898 		goto free_vm;
7899 	}
7900 	ret = bus_register(&pseudo_lld_bus);
7901 	if (ret < 0) {
7902 		pr_warn("bus_register error: %d\n", ret);
7903 		goto dev_unreg;
7904 	}
7905 	ret = driver_register(&sdebug_driverfs_driver);
7906 	if (ret < 0) {
7907 		pr_warn("driver_register error: %d\n", ret);
7908 		goto bus_unreg;
7909 	}
7910 
7911 	hosts_to_add = sdebug_add_host;
7912 	sdebug_add_host = 0;
7913 
7914 	queued_cmd_cache = KMEM_CACHE(sdebug_queued_cmd, SLAB_HWCACHE_ALIGN);
7915 	if (!queued_cmd_cache) {
7916 		ret = -ENOMEM;
7917 		goto driver_unreg;
7918 	}
7919 
7920 	sdebug_debugfs_root = debugfs_create_dir("scsi_debug", NULL);
7921 	if (IS_ERR_OR_NULL(sdebug_debugfs_root))
7922 		pr_info("%s: failed to create initial debugfs directory\n", __func__);
7923 
7924 	for (k = 0; k < hosts_to_add; k++) {
7925 		if (want_store && k == 0) {
7926 			ret = sdebug_add_host_helper(idx);
7927 			if (ret < 0) {
7928 				pr_err("add_host_helper k=%d, error=%d\n",
7929 				       k, -ret);
7930 				break;
7931 			}
7932 		} else {
7933 			ret = sdebug_do_add_host(want_store &&
7934 						 sdebug_per_host_store);
7935 			if (ret < 0) {
7936 				pr_err("add_host k=%d error=%d\n", k, -ret);
7937 				break;
7938 			}
7939 		}
7940 	}
7941 	if (sdebug_verbose)
7942 		pr_info("built %d host(s)\n", sdebug_num_hosts);
7943 
7944 	return 0;
7945 
7946 driver_unreg:
7947 	driver_unregister(&sdebug_driverfs_driver);
7948 bus_unreg:
7949 	bus_unregister(&pseudo_lld_bus);
7950 dev_unreg:
7951 	root_device_unregister(pseudo_primary);
7952 free_vm:
7953 	sdebug_erase_store(idx, NULL);
7954 	return ret;
7955 }
7956 
7957 static void __exit scsi_debug_exit(void)
7958 {
7959 	int k = sdebug_num_hosts;
7960 
7961 	for (; k; k--)
7962 		sdebug_do_remove_host(true);
7963 	kmem_cache_destroy(queued_cmd_cache);
7964 	driver_unregister(&sdebug_driverfs_driver);
7965 	bus_unregister(&pseudo_lld_bus);
7966 	root_device_unregister(pseudo_primary);
7967 
7968 	sdebug_erase_all_stores(false);
7969 	xa_destroy(per_store_ap);
7970 	debugfs_remove(sdebug_debugfs_root);
7971 }
7972 
7973 device_initcall(scsi_debug_init);
7974 module_exit(scsi_debug_exit);
7975 
7976 static void sdebug_release_adapter(struct device *dev)
7977 {
7978 	struct sdebug_host_info *sdbg_host;
7979 
7980 	sdbg_host = dev_to_sdebug_host(dev);
7981 	kfree(sdbg_host);
7982 }
7983 
7984 /* idx must be valid, if sip is NULL then it will be obtained using idx */
7985 static void sdebug_erase_store(int idx, struct sdeb_store_info *sip)
7986 {
7987 	if (idx < 0)
7988 		return;
7989 	if (!sip) {
7990 		if (xa_empty(per_store_ap))
7991 			return;
7992 		sip = xa_load(per_store_ap, idx);
7993 		if (!sip)
7994 			return;
7995 	}
7996 	vfree(sip->map_storep);
7997 	vfree(sip->dif_storep);
7998 	vfree(sip->storep);
7999 	xa_erase(per_store_ap, idx);
8000 	kfree(sip);
8001 }
8002 
8003 /* Assume apart_from_first==false only in shutdown case. */
8004 static void sdebug_erase_all_stores(bool apart_from_first)
8005 {
8006 	unsigned long idx;
8007 	struct sdeb_store_info *sip = NULL;
8008 
8009 	xa_for_each(per_store_ap, idx, sip) {
8010 		if (apart_from_first)
8011 			apart_from_first = false;
8012 		else
8013 			sdebug_erase_store(idx, sip);
8014 	}
8015 	if (apart_from_first)
8016 		sdeb_most_recent_idx = sdeb_first_idx;
8017 }
8018 
8019 /*
8020  * Returns store xarray new element index (idx) if >=0 else negated errno.
8021  * Limit the number of stores to 65536.
8022  */
8023 static int sdebug_add_store(void)
8024 {
8025 	int res;
8026 	u32 n_idx;
8027 	unsigned long iflags;
8028 	unsigned long sz = (unsigned long)sdebug_dev_size_mb * 1048576;
8029 	struct sdeb_store_info *sip = NULL;
8030 	struct xa_limit xal = { .max = 1 << 16, .min = 0 };
8031 
8032 	sip = kzalloc(sizeof(*sip), GFP_KERNEL);
8033 	if (!sip)
8034 		return -ENOMEM;
8035 
8036 	xa_lock_irqsave(per_store_ap, iflags);
8037 	res = __xa_alloc(per_store_ap, &n_idx, sip, xal, GFP_ATOMIC);
8038 	if (unlikely(res < 0)) {
8039 		xa_unlock_irqrestore(per_store_ap, iflags);
8040 		kfree(sip);
8041 		pr_warn("%s: xa_alloc() errno=%d\n", __func__, -res);
8042 		return res;
8043 	}
8044 	sdeb_most_recent_idx = n_idx;
8045 	if (sdeb_first_idx < 0)
8046 		sdeb_first_idx = n_idx;
8047 	xa_unlock_irqrestore(per_store_ap, iflags);
8048 
8049 	res = -ENOMEM;
8050 	sip->storep = vzalloc(sz);
8051 	if (!sip->storep) {
8052 		pr_err("user data oom\n");
8053 		goto err;
8054 	}
8055 	if (sdebug_num_parts > 0)
8056 		sdebug_build_parts(sip->storep, sz);
8057 
8058 	/* DIF/DIX: what T10 calls Protection Information (PI) */
8059 	if (sdebug_dix) {
8060 		int dif_size;
8061 
8062 		dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
8063 		sip->dif_storep = vmalloc(dif_size);
8064 
8065 		pr_info("dif_storep %u bytes @ %pK\n", dif_size,
8066 			sip->dif_storep);
8067 
8068 		if (!sip->dif_storep) {
8069 			pr_err("DIX oom\n");
8070 			goto err;
8071 		}
8072 		memset(sip->dif_storep, 0xff, dif_size);
8073 	}
8074 	/* Logical Block Provisioning */
8075 	if (scsi_debug_lbp()) {
8076 		map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
8077 		sip->map_storep = vmalloc(array_size(sizeof(long),
8078 						     BITS_TO_LONGS(map_size)));
8079 
8080 		pr_info("%lu provisioning blocks\n", map_size);
8081 
8082 		if (!sip->map_storep) {
8083 			pr_err("LBP map oom\n");
8084 			goto err;
8085 		}
8086 
8087 		bitmap_zero(sip->map_storep, map_size);
8088 
8089 		/* Map first 1KB for partition table */
8090 		if (sdebug_num_parts)
8091 			map_region(sip, 0, 2);
8092 	}
8093 
8094 	rwlock_init(&sip->macc_data_lck);
8095 	rwlock_init(&sip->macc_meta_lck);
8096 	rwlock_init(&sip->macc_sector_lck);
8097 	return (int)n_idx;
8098 err:
8099 	sdebug_erase_store((int)n_idx, sip);
8100 	pr_warn("%s: failed, errno=%d\n", __func__, -res);
8101 	return res;
8102 }
8103 
8104 static int sdebug_add_host_helper(int per_host_idx)
8105 {
8106 	int k, devs_per_host, idx;
8107 	int error = -ENOMEM;
8108 	struct sdebug_host_info *sdbg_host;
8109 	struct sdebug_dev_info *sdbg_devinfo, *tmp;
8110 
8111 	sdbg_host = kzalloc(sizeof(*sdbg_host), GFP_KERNEL);
8112 	if (!sdbg_host)
8113 		return -ENOMEM;
8114 	idx = (per_host_idx < 0) ? sdeb_first_idx : per_host_idx;
8115 	if (xa_get_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE))
8116 		xa_clear_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
8117 	sdbg_host->si_idx = idx;
8118 
8119 	INIT_LIST_HEAD(&sdbg_host->dev_info_list);
8120 
8121 	devs_per_host = sdebug_num_tgts * sdebug_max_luns;
8122 	for (k = 0; k < devs_per_host; k++) {
8123 		sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
8124 		if (!sdbg_devinfo)
8125 			goto clean;
8126 	}
8127 
8128 	mutex_lock(&sdebug_host_list_mutex);
8129 	list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
8130 	mutex_unlock(&sdebug_host_list_mutex);
8131 
8132 	sdbg_host->dev.bus = &pseudo_lld_bus;
8133 	sdbg_host->dev.parent = pseudo_primary;
8134 	sdbg_host->dev.release = &sdebug_release_adapter;
8135 	dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_num_hosts);
8136 
8137 	error = device_register(&sdbg_host->dev);
8138 	if (error) {
8139 		mutex_lock(&sdebug_host_list_mutex);
8140 		list_del(&sdbg_host->host_list);
8141 		mutex_unlock(&sdebug_host_list_mutex);
8142 		goto clean;
8143 	}
8144 
8145 	++sdebug_num_hosts;
8146 	return 0;
8147 
8148 clean:
8149 	list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
8150 				 dev_list) {
8151 		list_del(&sdbg_devinfo->dev_list);
8152 		kfree(sdbg_devinfo->zstate);
8153 		kfree(sdbg_devinfo);
8154 	}
8155 	if (sdbg_host->dev.release)
8156 		put_device(&sdbg_host->dev);
8157 	else
8158 		kfree(sdbg_host);
8159 	pr_warn("%s: failed, errno=%d\n", __func__, -error);
8160 	return error;
8161 }
8162 
8163 static int sdebug_do_add_host(bool mk_new_store)
8164 {
8165 	int ph_idx = sdeb_most_recent_idx;
8166 
8167 	if (mk_new_store) {
8168 		ph_idx = sdebug_add_store();
8169 		if (ph_idx < 0)
8170 			return ph_idx;
8171 	}
8172 	return sdebug_add_host_helper(ph_idx);
8173 }
8174 
8175 static void sdebug_do_remove_host(bool the_end)
8176 {
8177 	int idx = -1;
8178 	struct sdebug_host_info *sdbg_host = NULL;
8179 	struct sdebug_host_info *sdbg_host2;
8180 
8181 	mutex_lock(&sdebug_host_list_mutex);
8182 	if (!list_empty(&sdebug_host_list)) {
8183 		sdbg_host = list_entry(sdebug_host_list.prev,
8184 				       struct sdebug_host_info, host_list);
8185 		idx = sdbg_host->si_idx;
8186 	}
8187 	if (!the_end && idx >= 0) {
8188 		bool unique = true;
8189 
8190 		list_for_each_entry(sdbg_host2, &sdebug_host_list, host_list) {
8191 			if (sdbg_host2 == sdbg_host)
8192 				continue;
8193 			if (idx == sdbg_host2->si_idx) {
8194 				unique = false;
8195 				break;
8196 			}
8197 		}
8198 		if (unique) {
8199 			xa_set_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
8200 			if (idx == sdeb_most_recent_idx)
8201 				--sdeb_most_recent_idx;
8202 		}
8203 	}
8204 	if (sdbg_host)
8205 		list_del(&sdbg_host->host_list);
8206 	mutex_unlock(&sdebug_host_list_mutex);
8207 
8208 	if (!sdbg_host)
8209 		return;
8210 
8211 	device_unregister(&sdbg_host->dev);
8212 	--sdebug_num_hosts;
8213 }
8214 
8215 static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
8216 {
8217 	struct sdebug_dev_info *devip = sdev->hostdata;
8218 
8219 	if (!devip)
8220 		return	-ENODEV;
8221 
8222 	mutex_lock(&sdebug_host_list_mutex);
8223 	block_unblock_all_queues(true);
8224 
8225 	if (qdepth > SDEBUG_CANQUEUE) {
8226 		qdepth = SDEBUG_CANQUEUE;
8227 		pr_warn("%s: requested qdepth [%d] exceeds canqueue [%d], trim\n", __func__,
8228 			qdepth, SDEBUG_CANQUEUE);
8229 	}
8230 	if (qdepth < 1)
8231 		qdepth = 1;
8232 	if (qdepth != sdev->queue_depth)
8233 		scsi_change_queue_depth(sdev, qdepth);
8234 
8235 	block_unblock_all_queues(false);
8236 	mutex_unlock(&sdebug_host_list_mutex);
8237 
8238 	if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
8239 		sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d\n", __func__, qdepth);
8240 
8241 	return sdev->queue_depth;
8242 }
8243 
8244 static bool fake_timeout(struct scsi_cmnd *scp)
8245 {
8246 	if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
8247 		if (sdebug_every_nth < -1)
8248 			sdebug_every_nth = -1;
8249 		if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
8250 			return true; /* ignore command causing timeout */
8251 		else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
8252 			 scsi_medium_access_command(scp))
8253 			return true; /* time out reads and writes */
8254 	}
8255 	return false;
8256 }
8257 
8258 /* Response to TUR or media access command when device stopped */
8259 static int resp_not_ready(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
8260 {
8261 	int stopped_state;
8262 	u64 diff_ns = 0;
8263 	ktime_t now_ts = ktime_get_boottime();
8264 	struct scsi_device *sdp = scp->device;
8265 
8266 	stopped_state = atomic_read(&devip->stopped);
8267 	if (stopped_state == 2) {
8268 		if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
8269 			diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
8270 			if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
8271 				/* tur_ms_to_ready timer extinguished */
8272 				atomic_set(&devip->stopped, 0);
8273 				return 0;
8274 			}
8275 		}
8276 		mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x1);
8277 		if (sdebug_verbose)
8278 			sdev_printk(KERN_INFO, sdp,
8279 				    "%s: Not ready: in process of becoming ready\n", my_name);
8280 		if (scp->cmnd[0] == TEST_UNIT_READY) {
8281 			u64 tur_nanosecs_to_ready = (u64)sdeb_tur_ms_to_ready * 1000000;
8282 
8283 			if (diff_ns <= tur_nanosecs_to_ready)
8284 				diff_ns = tur_nanosecs_to_ready - diff_ns;
8285 			else
8286 				diff_ns = tur_nanosecs_to_ready;
8287 			/* As per 20-061r2 approved for spc6 by T10 on 20200716 */
8288 			do_div(diff_ns, 1000000);	/* diff_ns becomes milliseconds */
8289 			scsi_set_sense_information(scp->sense_buffer, SCSI_SENSE_BUFFERSIZE,
8290 						   diff_ns);
8291 			return check_condition_result;
8292 		}
8293 	}
8294 	mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
8295 	if (sdebug_verbose)
8296 		sdev_printk(KERN_INFO, sdp, "%s: Not ready: initializing command required\n",
8297 			    my_name);
8298 	return check_condition_result;
8299 }
8300 
8301 static void sdebug_map_queues(struct Scsi_Host *shost)
8302 {
8303 	int i, qoff;
8304 
8305 	if (shost->nr_hw_queues == 1)
8306 		return;
8307 
8308 	for (i = 0, qoff = 0; i < HCTX_MAX_TYPES; i++) {
8309 		struct blk_mq_queue_map *map = &shost->tag_set.map[i];
8310 
8311 		map->nr_queues  = 0;
8312 
8313 		if (i == HCTX_TYPE_DEFAULT)
8314 			map->nr_queues = submit_queues - poll_queues;
8315 		else if (i == HCTX_TYPE_POLL)
8316 			map->nr_queues = poll_queues;
8317 
8318 		if (!map->nr_queues) {
8319 			BUG_ON(i == HCTX_TYPE_DEFAULT);
8320 			continue;
8321 		}
8322 
8323 		map->queue_offset = qoff;
8324 		blk_mq_map_queues(map);
8325 
8326 		qoff += map->nr_queues;
8327 	}
8328 }
8329 
8330 struct sdebug_blk_mq_poll_data {
8331 	unsigned int queue_num;
8332 	int *num_entries;
8333 };
8334 
8335 /*
8336  * We don't handle aborted commands here, but it does not seem possible to have
8337  * aborted polled commands from schedule_resp()
8338  */
8339 static bool sdebug_blk_mq_poll_iter(struct request *rq, void *opaque)
8340 {
8341 	struct sdebug_blk_mq_poll_data *data = opaque;
8342 	struct scsi_cmnd *cmd = blk_mq_rq_to_pdu(rq);
8343 	struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmd);
8344 	struct sdebug_defer *sd_dp;
8345 	u32 unique_tag = blk_mq_unique_tag(rq);
8346 	u16 hwq = blk_mq_unique_tag_to_hwq(unique_tag);
8347 	struct sdebug_queued_cmd *sqcp;
8348 	unsigned long flags;
8349 	int queue_num = data->queue_num;
8350 	ktime_t time;
8351 
8352 	/* We're only interested in one queue for this iteration */
8353 	if (hwq != queue_num)
8354 		return true;
8355 
8356 	/* Subsequent checks would fail if this failed, but check anyway */
8357 	if (!test_bit(SCMD_STATE_INFLIGHT, &cmd->state))
8358 		return true;
8359 
8360 	time = ktime_get_boottime();
8361 
8362 	spin_lock_irqsave(&sdsc->lock, flags);
8363 	sqcp = TO_QUEUED_CMD(cmd);
8364 	if (!sqcp) {
8365 		spin_unlock_irqrestore(&sdsc->lock, flags);
8366 		return true;
8367 	}
8368 
8369 	sd_dp = &sqcp->sd_dp;
8370 	if (READ_ONCE(sd_dp->defer_t) != SDEB_DEFER_POLL) {
8371 		spin_unlock_irqrestore(&sdsc->lock, flags);
8372 		return true;
8373 	}
8374 
8375 	if (time < sd_dp->cmpl_ts) {
8376 		spin_unlock_irqrestore(&sdsc->lock, flags);
8377 		return true;
8378 	}
8379 
8380 	ASSIGN_QUEUED_CMD(cmd, NULL);
8381 	spin_unlock_irqrestore(&sdsc->lock, flags);
8382 
8383 	if (sdebug_statistics) {
8384 		atomic_inc(&sdebug_completions);
8385 		if (raw_smp_processor_id() != sd_dp->issuing_cpu)
8386 			atomic_inc(&sdebug_miss_cpus);
8387 	}
8388 
8389 	sdebug_free_queued_cmd(sqcp);
8390 
8391 	scsi_done(cmd); /* callback to mid level */
8392 	(*data->num_entries)++;
8393 	return true;
8394 }
8395 
8396 static int sdebug_blk_mq_poll(struct Scsi_Host *shost, unsigned int queue_num)
8397 {
8398 	int num_entries = 0;
8399 	struct sdebug_blk_mq_poll_data data = {
8400 		.queue_num = queue_num,
8401 		.num_entries = &num_entries,
8402 	};
8403 
8404 	blk_mq_tagset_busy_iter(&shost->tag_set, sdebug_blk_mq_poll_iter,
8405 				&data);
8406 
8407 	if (num_entries > 0)
8408 		atomic_add(num_entries, &sdeb_mq_poll_count);
8409 	return num_entries;
8410 }
8411 
8412 static int sdebug_timeout_cmd(struct scsi_cmnd *cmnd)
8413 {
8414 	struct scsi_device *sdp = cmnd->device;
8415 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
8416 	struct sdebug_err_inject *err;
8417 	unsigned char *cmd = cmnd->cmnd;
8418 	int ret = 0;
8419 
8420 	if (devip == NULL)
8421 		return 0;
8422 
8423 	rcu_read_lock();
8424 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
8425 		if (err->type == ERR_TMOUT_CMD &&
8426 		    (err->cmd == cmd[0] || err->cmd == 0xff)) {
8427 			ret = !!err->cnt;
8428 			if (err->cnt < 0)
8429 				err->cnt++;
8430 
8431 			rcu_read_unlock();
8432 			return ret;
8433 		}
8434 	}
8435 	rcu_read_unlock();
8436 
8437 	return 0;
8438 }
8439 
8440 static int sdebug_fail_queue_cmd(struct scsi_cmnd *cmnd)
8441 {
8442 	struct scsi_device *sdp = cmnd->device;
8443 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
8444 	struct sdebug_err_inject *err;
8445 	unsigned char *cmd = cmnd->cmnd;
8446 	int ret = 0;
8447 
8448 	if (devip == NULL)
8449 		return 0;
8450 
8451 	rcu_read_lock();
8452 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
8453 		if (err->type == ERR_FAIL_QUEUE_CMD &&
8454 		    (err->cmd == cmd[0] || err->cmd == 0xff)) {
8455 			ret = err->cnt ? err->queuecmd_ret : 0;
8456 			if (err->cnt < 0)
8457 				err->cnt++;
8458 
8459 			rcu_read_unlock();
8460 			return ret;
8461 		}
8462 	}
8463 	rcu_read_unlock();
8464 
8465 	return 0;
8466 }
8467 
8468 static int sdebug_fail_cmd(struct scsi_cmnd *cmnd, int *retval,
8469 			   struct sdebug_err_inject *info)
8470 {
8471 	struct scsi_device *sdp = cmnd->device;
8472 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
8473 	struct sdebug_err_inject *err;
8474 	unsigned char *cmd = cmnd->cmnd;
8475 	int ret = 0;
8476 	int result;
8477 
8478 	if (devip == NULL)
8479 		return 0;
8480 
8481 	rcu_read_lock();
8482 	list_for_each_entry_rcu(err, &devip->inject_err_list, list) {
8483 		if (err->type == ERR_FAIL_CMD &&
8484 		    (err->cmd == cmd[0] || err->cmd == 0xff)) {
8485 			if (!err->cnt) {
8486 				rcu_read_unlock();
8487 				return 0;
8488 			}
8489 
8490 			ret = !!err->cnt;
8491 			rcu_read_unlock();
8492 			goto out_handle;
8493 		}
8494 	}
8495 	rcu_read_unlock();
8496 
8497 	return 0;
8498 
8499 out_handle:
8500 	if (err->cnt < 0)
8501 		err->cnt++;
8502 	mk_sense_buffer(cmnd, err->sense_key, err->asc, err->asq);
8503 	result = err->status_byte | err->host_byte << 16 | err->driver_byte << 24;
8504 	*info = *err;
8505 	*retval = schedule_resp(cmnd, devip, result, NULL, 0, 0);
8506 
8507 	return ret;
8508 }
8509 
8510 static int scsi_debug_queuecommand(struct Scsi_Host *shost,
8511 				   struct scsi_cmnd *scp)
8512 {
8513 	u8 sdeb_i;
8514 	struct scsi_device *sdp = scp->device;
8515 	const struct opcode_info_t *oip;
8516 	const struct opcode_info_t *r_oip;
8517 	struct sdebug_dev_info *devip;
8518 	u8 *cmd = scp->cmnd;
8519 	int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
8520 	int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *) = NULL;
8521 	int k, na;
8522 	int errsts = 0;
8523 	u64 lun_index = sdp->lun & 0x3FFF;
8524 	u32 flags;
8525 	u16 sa;
8526 	u8 opcode = cmd[0];
8527 	bool has_wlun_rl;
8528 	bool inject_now;
8529 	int ret = 0;
8530 	struct sdebug_err_inject err;
8531 
8532 	scsi_set_resid(scp, 0);
8533 	if (sdebug_statistics) {
8534 		atomic_inc(&sdebug_cmnd_count);
8535 		inject_now = inject_on_this_cmd();
8536 	} else {
8537 		inject_now = false;
8538 	}
8539 	if (unlikely(sdebug_verbose &&
8540 		     !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
8541 		char b[120];
8542 		int n, len, sb;
8543 
8544 		len = scp->cmd_len;
8545 		sb = (int)sizeof(b);
8546 		if (len > 32)
8547 			strcpy(b, "too long, over 32 bytes");
8548 		else {
8549 			for (k = 0, n = 0; k < len && n < sb; ++k)
8550 				n += scnprintf(b + n, sb - n, "%02x ",
8551 					       (u32)cmd[k]);
8552 		}
8553 		sdev_printk(KERN_INFO, sdp, "%s: tag=%#x, cmd %s\n", my_name,
8554 			    blk_mq_unique_tag(scsi_cmd_to_rq(scp)), b);
8555 	}
8556 	if (unlikely(inject_now && (sdebug_opts & SDEBUG_OPT_HOST_BUSY)))
8557 		return SCSI_MLQUEUE_HOST_BUSY;
8558 	has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
8559 	if (unlikely(lun_index >= sdebug_max_luns && !has_wlun_rl))
8560 		goto err_out;
8561 
8562 	sdeb_i = opcode_ind_arr[opcode];	/* fully mapped */
8563 	oip = &opcode_info_arr[sdeb_i];		/* safe if table consistent */
8564 	devip = (struct sdebug_dev_info *)sdp->hostdata;
8565 	if (unlikely(!devip)) {
8566 		devip = find_build_dev_info(sdp);
8567 		if (NULL == devip)
8568 			goto err_out;
8569 	}
8570 
8571 	if (sdebug_timeout_cmd(scp)) {
8572 		scmd_printk(KERN_INFO, scp, "timeout command 0x%x\n", opcode);
8573 		return 0;
8574 	}
8575 
8576 	ret = sdebug_fail_queue_cmd(scp);
8577 	if (ret) {
8578 		scmd_printk(KERN_INFO, scp, "fail queue command 0x%x with 0x%x\n",
8579 				opcode, ret);
8580 		return ret;
8581 	}
8582 
8583 	if (sdebug_fail_cmd(scp, &ret, &err)) {
8584 		scmd_printk(KERN_INFO, scp,
8585 			"fail command 0x%x with hostbyte=0x%x, "
8586 			"driverbyte=0x%x, statusbyte=0x%x, "
8587 			"sense_key=0x%x, asc=0x%x, asq=0x%x\n",
8588 			opcode, err.host_byte, err.driver_byte,
8589 			err.status_byte, err.sense_key, err.asc, err.asq);
8590 		return ret;
8591 	}
8592 
8593 	if (unlikely(inject_now && !atomic_read(&sdeb_inject_pending)))
8594 		atomic_set(&sdeb_inject_pending, 1);
8595 
8596 	na = oip->num_attached;
8597 	r_pfp = oip->pfp;
8598 	if (na) {	/* multiple commands with this opcode */
8599 		r_oip = oip;
8600 		if (FF_SA & r_oip->flags) {
8601 			if (F_SA_LOW & oip->flags)
8602 				sa = 0x1f & cmd[1];
8603 			else
8604 				sa = get_unaligned_be16(cmd + 8);
8605 			for (k = 0; k <= na; oip = r_oip->arrp + k++) {
8606 				if (opcode == oip->opcode && sa == oip->sa)
8607 					break;
8608 			}
8609 		} else {   /* since no service action only check opcode */
8610 			for (k = 0; k <= na; oip = r_oip->arrp + k++) {
8611 				if (opcode == oip->opcode)
8612 					break;
8613 			}
8614 		}
8615 		if (k > na) {
8616 			if (F_SA_LOW & r_oip->flags)
8617 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
8618 			else if (F_SA_HIGH & r_oip->flags)
8619 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
8620 			else
8621 				mk_sense_invalid_opcode(scp);
8622 			goto check_cond;
8623 		}
8624 	}	/* else (when na==0) we assume the oip is a match */
8625 	flags = oip->flags;
8626 	if (unlikely(F_INV_OP & flags)) {
8627 		mk_sense_invalid_opcode(scp);
8628 		goto check_cond;
8629 	}
8630 	if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
8631 		if (sdebug_verbose)
8632 			sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
8633 				    my_name, opcode, " supported for wlun");
8634 		mk_sense_invalid_opcode(scp);
8635 		goto check_cond;
8636 	}
8637 	if (unlikely(sdebug_strict)) {	/* check cdb against mask */
8638 		u8 rem;
8639 		int j;
8640 
8641 		for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
8642 			rem = ~oip->len_mask[k] & cmd[k];
8643 			if (rem) {
8644 				for (j = 7; j >= 0; --j, rem <<= 1) {
8645 					if (0x80 & rem)
8646 						break;
8647 				}
8648 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
8649 				goto check_cond;
8650 			}
8651 		}
8652 	}
8653 	if (unlikely(!(F_SKIP_UA & flags) &&
8654 		     find_first_bit(devip->uas_bm,
8655 				    SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
8656 		errsts = make_ua(scp, devip);
8657 		if (errsts)
8658 			goto check_cond;
8659 	}
8660 	if (unlikely(((F_M_ACCESS & flags) || scp->cmnd[0] == TEST_UNIT_READY) &&
8661 		     atomic_read(&devip->stopped))) {
8662 		errsts = resp_not_ready(scp, devip);
8663 		if (errsts)
8664 			goto fini;
8665 	}
8666 	if (sdebug_fake_rw && (F_FAKE_RW & flags))
8667 		goto fini;
8668 	if (unlikely(sdebug_every_nth)) {
8669 		if (fake_timeout(scp))
8670 			return 0;	/* ignore command: make trouble */
8671 	}
8672 	if (likely(oip->pfp))
8673 		pfp = oip->pfp;	/* calls a resp_* function */
8674 	else
8675 		pfp = r_pfp;    /* if leaf function ptr NULL, try the root's */
8676 
8677 fini:
8678 	if (F_DELAY_OVERR & flags)	/* cmds like INQUIRY respond asap */
8679 		return schedule_resp(scp, devip, errsts, pfp, 0, 0);
8680 	else if ((flags & F_LONG_DELAY) && (sdebug_jdelay > 0 ||
8681 					    sdebug_ndelay > 10000)) {
8682 		/*
8683 		 * Skip long delays if ndelay <= 10 microseconds. Otherwise
8684 		 * for Start Stop Unit (SSU) want at least 1 second delay and
8685 		 * if sdebug_jdelay>1 want a long delay of that many seconds.
8686 		 * For Synchronize Cache want 1/20 of SSU's delay.
8687 		 */
8688 		int jdelay = (sdebug_jdelay < 2) ? 1 : sdebug_jdelay;
8689 		int denom = (flags & F_SYNC_DELAY) ? 20 : 1;
8690 
8691 		jdelay = mult_frac(USER_HZ * jdelay, HZ, denom * USER_HZ);
8692 		return schedule_resp(scp, devip, errsts, pfp, jdelay, 0);
8693 	} else
8694 		return schedule_resp(scp, devip, errsts, pfp, sdebug_jdelay,
8695 				     sdebug_ndelay);
8696 check_cond:
8697 	return schedule_resp(scp, devip, check_condition_result, NULL, 0, 0);
8698 err_out:
8699 	return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, NULL, 0, 0);
8700 }
8701 
8702 static int sdebug_init_cmd_priv(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
8703 {
8704 	struct sdebug_scsi_cmd *sdsc = scsi_cmd_priv(cmd);
8705 
8706 	spin_lock_init(&sdsc->lock);
8707 
8708 	return 0;
8709 }
8710 
8711 static struct scsi_host_template sdebug_driver_template = {
8712 	.show_info =		scsi_debug_show_info,
8713 	.write_info =		scsi_debug_write_info,
8714 	.proc_name =		sdebug_proc_name,
8715 	.name =			"SCSI DEBUG",
8716 	.info =			scsi_debug_info,
8717 	.slave_alloc =		scsi_debug_slave_alloc,
8718 	.slave_configure =	scsi_debug_slave_configure,
8719 	.slave_destroy =	scsi_debug_slave_destroy,
8720 	.ioctl =		scsi_debug_ioctl,
8721 	.queuecommand =		scsi_debug_queuecommand,
8722 	.change_queue_depth =	sdebug_change_qdepth,
8723 	.map_queues =		sdebug_map_queues,
8724 	.mq_poll =		sdebug_blk_mq_poll,
8725 	.eh_abort_handler =	scsi_debug_abort,
8726 	.eh_device_reset_handler = scsi_debug_device_reset,
8727 	.eh_target_reset_handler = scsi_debug_target_reset,
8728 	.eh_bus_reset_handler = scsi_debug_bus_reset,
8729 	.eh_host_reset_handler = scsi_debug_host_reset,
8730 	.can_queue =		SDEBUG_CANQUEUE,
8731 	.this_id =		7,
8732 	.sg_tablesize =		SG_MAX_SEGMENTS,
8733 	.cmd_per_lun =		DEF_CMD_PER_LUN,
8734 	.max_sectors =		-1U,
8735 	.max_segment_size =	-1U,
8736 	.module =		THIS_MODULE,
8737 	.track_queue_depth =	1,
8738 	.cmd_size = sizeof(struct sdebug_scsi_cmd),
8739 	.init_cmd_priv = sdebug_init_cmd_priv,
8740 	.target_alloc =		sdebug_target_alloc,
8741 	.target_destroy =	sdebug_target_destroy,
8742 };
8743 
8744 static int sdebug_driver_probe(struct device *dev)
8745 {
8746 	int error = 0;
8747 	struct sdebug_host_info *sdbg_host;
8748 	struct Scsi_Host *hpnt;
8749 	int hprot;
8750 
8751 	sdbg_host = dev_to_sdebug_host(dev);
8752 
8753 	sdebug_driver_template.can_queue = sdebug_max_queue;
8754 	sdebug_driver_template.cmd_per_lun = sdebug_max_queue;
8755 	if (!sdebug_clustering)
8756 		sdebug_driver_template.dma_boundary = PAGE_SIZE - 1;
8757 
8758 	hpnt = scsi_host_alloc(&sdebug_driver_template, 0);
8759 	if (NULL == hpnt) {
8760 		pr_err("scsi_host_alloc failed\n");
8761 		error = -ENODEV;
8762 		return error;
8763 	}
8764 	if (submit_queues > nr_cpu_ids) {
8765 		pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%u\n",
8766 			my_name, submit_queues, nr_cpu_ids);
8767 		submit_queues = nr_cpu_ids;
8768 	}
8769 	/*
8770 	 * Decide whether to tell scsi subsystem that we want mq. The
8771 	 * following should give the same answer for each host.
8772 	 */
8773 	hpnt->nr_hw_queues = submit_queues;
8774 	if (sdebug_host_max_queue)
8775 		hpnt->host_tagset = 1;
8776 
8777 	/* poll queues are possible for nr_hw_queues > 1 */
8778 	if (hpnt->nr_hw_queues == 1 || (poll_queues < 1)) {
8779 		pr_warn("%s: trim poll_queues to 0. poll_q/nr_hw = (%d/%d)\n",
8780 			 my_name, poll_queues, hpnt->nr_hw_queues);
8781 		poll_queues = 0;
8782 	}
8783 
8784 	/*
8785 	 * Poll queues don't need interrupts, but we need at least one I/O queue
8786 	 * left over for non-polled I/O.
8787 	 * If condition not met, trim poll_queues to 1 (just for simplicity).
8788 	 */
8789 	if (poll_queues >= submit_queues) {
8790 		if (submit_queues < 3)
8791 			pr_warn("%s: trim poll_queues to 1\n", my_name);
8792 		else
8793 			pr_warn("%s: trim poll_queues to 1. Perhaps try poll_queues=%d\n",
8794 				my_name, submit_queues - 1);
8795 		poll_queues = 1;
8796 	}
8797 	if (poll_queues)
8798 		hpnt->nr_maps = 3;
8799 
8800 	sdbg_host->shost = hpnt;
8801 	if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
8802 		hpnt->max_id = sdebug_num_tgts + 1;
8803 	else
8804 		hpnt->max_id = sdebug_num_tgts;
8805 	/* = sdebug_max_luns; */
8806 	hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
8807 
8808 	hprot = 0;
8809 
8810 	switch (sdebug_dif) {
8811 
8812 	case T10_PI_TYPE1_PROTECTION:
8813 		hprot = SHOST_DIF_TYPE1_PROTECTION;
8814 		if (sdebug_dix)
8815 			hprot |= SHOST_DIX_TYPE1_PROTECTION;
8816 		break;
8817 
8818 	case T10_PI_TYPE2_PROTECTION:
8819 		hprot = SHOST_DIF_TYPE2_PROTECTION;
8820 		if (sdebug_dix)
8821 			hprot |= SHOST_DIX_TYPE2_PROTECTION;
8822 		break;
8823 
8824 	case T10_PI_TYPE3_PROTECTION:
8825 		hprot = SHOST_DIF_TYPE3_PROTECTION;
8826 		if (sdebug_dix)
8827 			hprot |= SHOST_DIX_TYPE3_PROTECTION;
8828 		break;
8829 
8830 	default:
8831 		if (sdebug_dix)
8832 			hprot |= SHOST_DIX_TYPE0_PROTECTION;
8833 		break;
8834 	}
8835 
8836 	scsi_host_set_prot(hpnt, hprot);
8837 
8838 	if (have_dif_prot || sdebug_dix)
8839 		pr_info("host protection%s%s%s%s%s%s%s\n",
8840 			(hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
8841 			(hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
8842 			(hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
8843 			(hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
8844 			(hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
8845 			(hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
8846 			(hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
8847 
8848 	if (sdebug_guard == 1)
8849 		scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
8850 	else
8851 		scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
8852 
8853 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
8854 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
8855 	if (sdebug_every_nth)	/* need stats counters for every_nth */
8856 		sdebug_statistics = true;
8857 	error = scsi_add_host(hpnt, &sdbg_host->dev);
8858 	if (error) {
8859 		pr_err("scsi_add_host failed\n");
8860 		error = -ENODEV;
8861 		scsi_host_put(hpnt);
8862 	} else {
8863 		scsi_scan_host(hpnt);
8864 	}
8865 
8866 	return error;
8867 }
8868 
8869 static void sdebug_driver_remove(struct device *dev)
8870 {
8871 	struct sdebug_host_info *sdbg_host;
8872 	struct sdebug_dev_info *sdbg_devinfo, *tmp;
8873 
8874 	sdbg_host = dev_to_sdebug_host(dev);
8875 
8876 	scsi_remove_host(sdbg_host->shost);
8877 
8878 	list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
8879 				 dev_list) {
8880 		list_del(&sdbg_devinfo->dev_list);
8881 		kfree(sdbg_devinfo->zstate);
8882 		kfree(sdbg_devinfo);
8883 	}
8884 
8885 	scsi_host_put(sdbg_host->shost);
8886 }
8887 
8888 static const struct bus_type pseudo_lld_bus = {
8889 	.name = "pseudo",
8890 	.probe = sdebug_driver_probe,
8891 	.remove = sdebug_driver_remove,
8892 	.drv_groups = sdebug_drv_groups,
8893 };
8894