xref: /linux/drivers/scsi/scsi_debug.c (revision 67feaba413ec68daf4124e9870878899b4ed9a0e)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
4  *  Copyright (C) 1992  Eric Youngdale
5  *  Simulate a host adapter with 2 disks attached.  Do a lot of checking
6  *  to make sure that we are not getting blocks mixed up, and PANIC if
7  *  anything out of the ordinary is seen.
8  * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9  *
10  * Copyright (C) 2001 - 2021 Douglas Gilbert
11  *
12  *  For documentation see http://sg.danny.cz/sg/scsi_debug.html
13  */
14 
15 
16 #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
17 
18 #include <linux/module.h>
19 #include <linux/align.h>
20 #include <linux/kernel.h>
21 #include <linux/errno.h>
22 #include <linux/jiffies.h>
23 #include <linux/slab.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
26 #include <linux/fs.h>
27 #include <linux/init.h>
28 #include <linux/proc_fs.h>
29 #include <linux/vmalloc.h>
30 #include <linux/moduleparam.h>
31 #include <linux/scatterlist.h>
32 #include <linux/blkdev.h>
33 #include <linux/crc-t10dif.h>
34 #include <linux/spinlock.h>
35 #include <linux/interrupt.h>
36 #include <linux/atomic.h>
37 #include <linux/hrtimer.h>
38 #include <linux/uuid.h>
39 #include <linux/t10-pi.h>
40 #include <linux/msdos_partition.h>
41 #include <linux/random.h>
42 #include <linux/xarray.h>
43 #include <linux/prefetch.h>
44 
45 #include <net/checksum.h>
46 
47 #include <asm/unaligned.h>
48 
49 #include <scsi/scsi.h>
50 #include <scsi/scsi_cmnd.h>
51 #include <scsi/scsi_device.h>
52 #include <scsi/scsi_host.h>
53 #include <scsi/scsicam.h>
54 #include <scsi/scsi_eh.h>
55 #include <scsi/scsi_tcq.h>
56 #include <scsi/scsi_dbg.h>
57 
58 #include "sd.h"
59 #include "scsi_logging.h"
60 
61 /* make sure inq_product_rev string corresponds to this version */
62 #define SDEBUG_VERSION "0191"	/* format to fit INQUIRY revision field */
63 static const char *sdebug_version_date = "20210520";
64 
65 #define MY_NAME "scsi_debug"
66 
67 /* Additional Sense Code (ASC) */
68 #define NO_ADDITIONAL_SENSE 0x0
69 #define LOGICAL_UNIT_NOT_READY 0x4
70 #define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
71 #define UNRECOVERED_READ_ERR 0x11
72 #define PARAMETER_LIST_LENGTH_ERR 0x1a
73 #define INVALID_OPCODE 0x20
74 #define LBA_OUT_OF_RANGE 0x21
75 #define INVALID_FIELD_IN_CDB 0x24
76 #define INVALID_FIELD_IN_PARAM_LIST 0x26
77 #define WRITE_PROTECTED 0x27
78 #define UA_RESET_ASC 0x29
79 #define UA_CHANGED_ASC 0x2a
80 #define TARGET_CHANGED_ASC 0x3f
81 #define LUNS_CHANGED_ASCQ 0x0e
82 #define INSUFF_RES_ASC 0x55
83 #define INSUFF_RES_ASCQ 0x3
84 #define POWER_ON_RESET_ASCQ 0x0
85 #define POWER_ON_OCCURRED_ASCQ 0x1
86 #define BUS_RESET_ASCQ 0x2	/* scsi bus reset occurred */
87 #define MODE_CHANGED_ASCQ 0x1	/* mode parameters changed */
88 #define CAPACITY_CHANGED_ASCQ 0x9
89 #define SAVING_PARAMS_UNSUP 0x39
90 #define TRANSPORT_PROBLEM 0x4b
91 #define THRESHOLD_EXCEEDED 0x5d
92 #define LOW_POWER_COND_ON 0x5e
93 #define MISCOMPARE_VERIFY_ASC 0x1d
94 #define MICROCODE_CHANGED_ASCQ 0x1	/* with TARGET_CHANGED_ASC */
95 #define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
96 #define WRITE_ERROR_ASC 0xc
97 #define UNALIGNED_WRITE_ASCQ 0x4
98 #define WRITE_BOUNDARY_ASCQ 0x5
99 #define READ_INVDATA_ASCQ 0x6
100 #define READ_BOUNDARY_ASCQ 0x7
101 #define ATTEMPT_ACCESS_GAP 0x9
102 #define INSUFF_ZONE_ASCQ 0xe
103 
104 /* Additional Sense Code Qualifier (ASCQ) */
105 #define ACK_NAK_TO 0x3
106 
107 /* Default values for driver parameters */
108 #define DEF_NUM_HOST   1
109 #define DEF_NUM_TGTS   1
110 #define DEF_MAX_LUNS   1
111 /* With these defaults, this driver will make 1 host with 1 target
112  * (id 0) containing 1 logical unit (lun 0). That is 1 device.
113  */
114 #define DEF_ATO 1
115 #define DEF_CDB_LEN 10
116 #define DEF_JDELAY   1		/* if > 0 unit is a jiffy */
117 #define DEF_DEV_SIZE_PRE_INIT   0
118 #define DEF_DEV_SIZE_MB   8
119 #define DEF_ZBC_DEV_SIZE_MB   128
120 #define DEF_DIF 0
121 #define DEF_DIX 0
122 #define DEF_PER_HOST_STORE false
123 #define DEF_D_SENSE   0
124 #define DEF_EVERY_NTH   0
125 #define DEF_FAKE_RW	0
126 #define DEF_GUARD 0
127 #define DEF_HOST_LOCK 0
128 #define DEF_LBPU 0
129 #define DEF_LBPWS 0
130 #define DEF_LBPWS10 0
131 #define DEF_LBPRZ 1
132 #define DEF_LOWEST_ALIGNED 0
133 #define DEF_NDELAY   0		/* if > 0 unit is a nanosecond */
134 #define DEF_NO_LUN_0   0
135 #define DEF_NUM_PARTS   0
136 #define DEF_OPTS   0
137 #define DEF_OPT_BLKS 1024
138 #define DEF_PHYSBLK_EXP 0
139 #define DEF_OPT_XFERLEN_EXP 0
140 #define DEF_PTYPE   TYPE_DISK
141 #define DEF_RANDOM false
142 #define DEF_REMOVABLE false
143 #define DEF_SCSI_LEVEL   7    /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
144 #define DEF_SECTOR_SIZE 512
145 #define DEF_UNMAP_ALIGNMENT 0
146 #define DEF_UNMAP_GRANULARITY 1
147 #define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
148 #define DEF_UNMAP_MAX_DESC 256
149 #define DEF_VIRTUAL_GB   0
150 #define DEF_VPD_USE_HOSTNO 1
151 #define DEF_WRITESAME_LENGTH 0xFFFF
152 #define DEF_STRICT 0
153 #define DEF_STATISTICS false
154 #define DEF_SUBMIT_QUEUES 1
155 #define DEF_TUR_MS_TO_READY 0
156 #define DEF_UUID_CTL 0
157 #define JDELAY_OVERRIDDEN -9999
158 
159 /* Default parameters for ZBC drives */
160 #define DEF_ZBC_ZONE_SIZE_MB	128
161 #define DEF_ZBC_MAX_OPEN_ZONES	8
162 #define DEF_ZBC_NR_CONV_ZONES	1
163 
164 #define SDEBUG_LUN_0_VAL 0
165 
166 /* bit mask values for sdebug_opts */
167 #define SDEBUG_OPT_NOISE		1
168 #define SDEBUG_OPT_MEDIUM_ERR		2
169 #define SDEBUG_OPT_TIMEOUT		4
170 #define SDEBUG_OPT_RECOVERED_ERR	8
171 #define SDEBUG_OPT_TRANSPORT_ERR	16
172 #define SDEBUG_OPT_DIF_ERR		32
173 #define SDEBUG_OPT_DIX_ERR		64
174 #define SDEBUG_OPT_MAC_TIMEOUT		128
175 #define SDEBUG_OPT_SHORT_TRANSFER	0x100
176 #define SDEBUG_OPT_Q_NOISE		0x200
177 #define SDEBUG_OPT_ALL_TSF		0x400	/* ignore */
178 #define SDEBUG_OPT_RARE_TSF		0x800
179 #define SDEBUG_OPT_N_WCE		0x1000
180 #define SDEBUG_OPT_RESET_NOISE		0x2000
181 #define SDEBUG_OPT_NO_CDB_NOISE		0x4000
182 #define SDEBUG_OPT_HOST_BUSY		0x8000
183 #define SDEBUG_OPT_CMD_ABORT		0x10000
184 #define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
185 			      SDEBUG_OPT_RESET_NOISE)
186 #define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
187 				  SDEBUG_OPT_TRANSPORT_ERR | \
188 				  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
189 				  SDEBUG_OPT_SHORT_TRANSFER | \
190 				  SDEBUG_OPT_HOST_BUSY | \
191 				  SDEBUG_OPT_CMD_ABORT)
192 #define SDEBUG_OPT_RECOV_DIF_DIX (SDEBUG_OPT_RECOVERED_ERR | \
193 				  SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR)
194 
195 /* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
196  * priority order. In the subset implemented here lower numbers have higher
197  * priority. The UA numbers should be a sequence starting from 0 with
198  * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
199 #define SDEBUG_UA_POR 0		/* Power on, reset, or bus device reset */
200 #define SDEBUG_UA_POOCCUR 1	/* Power on occurred */
201 #define SDEBUG_UA_BUS_RESET 2
202 #define SDEBUG_UA_MODE_CHANGED 3
203 #define SDEBUG_UA_CAPACITY_CHANGED 4
204 #define SDEBUG_UA_LUNS_CHANGED 5
205 #define SDEBUG_UA_MICROCODE_CHANGED 6	/* simulate firmware change */
206 #define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 7
207 #define SDEBUG_NUM_UAS 8
208 
209 /* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
210  * sector on read commands: */
211 #define OPT_MEDIUM_ERR_ADDR   0x1234 /* that's sector 4660 in decimal */
212 #define OPT_MEDIUM_ERR_NUM    10     /* number of consecutive medium errs */
213 
214 /* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
215  * (for response) per submit queue at one time. Can be reduced by max_queue
216  * option. Command responses are not queued when jdelay=0 and ndelay=0. The
217  * per-device DEF_CMD_PER_LUN can be changed via sysfs:
218  * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
219  * but cannot exceed SDEBUG_CANQUEUE .
220  */
221 #define SDEBUG_CANQUEUE_WORDS  3	/* a WORD is bits in a long */
222 #define SDEBUG_CANQUEUE  (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
223 #define DEF_CMD_PER_LUN  SDEBUG_CANQUEUE
224 
225 /* UA - Unit Attention; SA - Service Action; SSU - Start Stop Unit */
226 #define F_D_IN			1	/* Data-in command (e.g. READ) */
227 #define F_D_OUT			2	/* Data-out command (e.g. WRITE) */
228 #define F_D_OUT_MAYBE		4	/* WRITE SAME, NDOB bit */
229 #define F_D_UNKN		8
230 #define F_RL_WLUN_OK		0x10	/* allowed with REPORT LUNS W-LUN */
231 #define F_SKIP_UA		0x20	/* bypass UAs (e.g. INQUIRY command) */
232 #define F_DELAY_OVERR		0x40	/* for commands like INQUIRY */
233 #define F_SA_LOW		0x80	/* SA is in cdb byte 1, bits 4 to 0 */
234 #define F_SA_HIGH		0x100	/* SA is in cdb bytes 8 and 9 */
235 #define F_INV_OP		0x200	/* invalid opcode (not supported) */
236 #define F_FAKE_RW		0x400	/* bypass resp_*() when fake_rw set */
237 #define F_M_ACCESS		0x800	/* media access, reacts to SSU state */
238 #define F_SSU_DELAY		0x1000	/* SSU command delay (long-ish) */
239 #define F_SYNC_DELAY		0x2000	/* SYNCHRONIZE CACHE delay */
240 
241 /* Useful combinations of the above flags */
242 #define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
243 #define FF_MEDIA_IO (F_M_ACCESS | F_FAKE_RW)
244 #define FF_SA (F_SA_HIGH | F_SA_LOW)
245 #define F_LONG_DELAY		(F_SSU_DELAY | F_SYNC_DELAY)
246 
247 #define SDEBUG_MAX_PARTS 4
248 
249 #define SDEBUG_MAX_CMD_LEN 32
250 
251 #define SDEB_XA_NOT_IN_USE XA_MARK_1
252 
253 /* Zone types (zbcr05 table 25) */
254 enum sdebug_z_type {
255 	ZBC_ZTYPE_CNV	= 0x1,
256 	ZBC_ZTYPE_SWR	= 0x2,
257 	ZBC_ZTYPE_SWP	= 0x3,
258 	/* ZBC_ZTYPE_SOBR = 0x4, */
259 	ZBC_ZTYPE_GAP	= 0x5,
260 };
261 
262 /* enumeration names taken from table 26, zbcr05 */
263 enum sdebug_z_cond {
264 	ZBC_NOT_WRITE_POINTER	= 0x0,
265 	ZC1_EMPTY		= 0x1,
266 	ZC2_IMPLICIT_OPEN	= 0x2,
267 	ZC3_EXPLICIT_OPEN	= 0x3,
268 	ZC4_CLOSED		= 0x4,
269 	ZC6_READ_ONLY		= 0xd,
270 	ZC5_FULL		= 0xe,
271 	ZC7_OFFLINE		= 0xf,
272 };
273 
274 struct sdeb_zone_state {	/* ZBC: per zone state */
275 	enum sdebug_z_type z_type;
276 	enum sdebug_z_cond z_cond;
277 	bool z_non_seq_resource;
278 	unsigned int z_size;
279 	sector_t z_start;
280 	sector_t z_wp;
281 };
282 
283 struct sdebug_dev_info {
284 	struct list_head dev_list;
285 	unsigned int channel;
286 	unsigned int target;
287 	u64 lun;
288 	uuid_t lu_name;
289 	struct sdebug_host_info *sdbg_host;
290 	unsigned long uas_bm[1];
291 	atomic_t num_in_q;
292 	atomic_t stopped;	/* 1: by SSU, 2: device start */
293 	bool used;
294 
295 	/* For ZBC devices */
296 	enum blk_zoned_model zmodel;
297 	unsigned int zcap;
298 	unsigned int zsize;
299 	unsigned int zsize_shift;
300 	unsigned int nr_zones;
301 	unsigned int nr_conv_zones;
302 	unsigned int nr_seq_zones;
303 	unsigned int nr_imp_open;
304 	unsigned int nr_exp_open;
305 	unsigned int nr_closed;
306 	unsigned int max_open;
307 	ktime_t create_ts;	/* time since bootup that this device was created */
308 	struct sdeb_zone_state *zstate;
309 };
310 
311 struct sdebug_host_info {
312 	struct list_head host_list;
313 	int si_idx;	/* sdeb_store_info (per host) xarray index */
314 	struct Scsi_Host *shost;
315 	struct device dev;
316 	struct list_head dev_info_list;
317 };
318 
319 /* There is an xarray of pointers to this struct's objects, one per host */
320 struct sdeb_store_info {
321 	rwlock_t macc_lck;	/* for atomic media access on this store */
322 	u8 *storep;		/* user data storage (ram) */
323 	struct t10_pi_tuple *dif_storep; /* protection info */
324 	void *map_storep;	/* provisioning map */
325 };
326 
327 #define to_sdebug_host(d)	\
328 	container_of(d, struct sdebug_host_info, dev)
329 
330 enum sdeb_defer_type {SDEB_DEFER_NONE = 0, SDEB_DEFER_HRT = 1,
331 		      SDEB_DEFER_WQ = 2, SDEB_DEFER_POLL = 3};
332 
333 struct sdebug_defer {
334 	struct hrtimer hrt;
335 	struct execute_work ew;
336 	ktime_t cmpl_ts;/* time since boot to complete this cmd */
337 	int sqa_idx;	/* index of sdebug_queue array */
338 	int qc_idx;	/* index of sdebug_queued_cmd array within sqa_idx */
339 	int hc_idx;	/* hostwide tag index */
340 	int issuing_cpu;
341 	bool init_hrt;
342 	bool init_wq;
343 	bool init_poll;
344 	bool aborted;	/* true when blk_abort_request() already called */
345 	enum sdeb_defer_type defer_t;
346 };
347 
348 struct sdebug_queued_cmd {
349 	/* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
350 	 * instance indicates this slot is in use.
351 	 */
352 	struct sdebug_defer *sd_dp;
353 	struct scsi_cmnd *a_cmnd;
354 };
355 
356 struct sdebug_queue {
357 	struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
358 	unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
359 	spinlock_t qc_lock;
360 	atomic_t blocked;	/* to temporarily stop more being queued */
361 };
362 
363 static atomic_t sdebug_cmnd_count;   /* number of incoming commands */
364 static atomic_t sdebug_completions;  /* count of deferred completions */
365 static atomic_t sdebug_miss_cpus;    /* submission + completion cpus differ */
366 static atomic_t sdebug_a_tsf;	     /* 'almost task set full' counter */
367 static atomic_t sdeb_inject_pending;
368 static atomic_t sdeb_mq_poll_count;  /* bumped when mq_poll returns > 0 */
369 
370 struct opcode_info_t {
371 	u8 num_attached;	/* 0 if this is it (i.e. a leaf); use 0xff */
372 				/* for terminating element */
373 	u8 opcode;		/* if num_attached > 0, preferred */
374 	u16 sa;			/* service action */
375 	u32 flags;		/* OR-ed set of SDEB_F_* */
376 	int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
377 	const struct opcode_info_t *arrp;  /* num_attached elements or NULL */
378 	u8 len_mask[16];	/* len_mask[0]-->cdb_len, then mask for cdb */
379 				/* 1 to min(cdb_len, 15); ignore cdb[15...] */
380 };
381 
382 /* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
383 enum sdeb_opcode_index {
384 	SDEB_I_INVALID_OPCODE =	0,
385 	SDEB_I_INQUIRY = 1,
386 	SDEB_I_REPORT_LUNS = 2,
387 	SDEB_I_REQUEST_SENSE = 3,
388 	SDEB_I_TEST_UNIT_READY = 4,
389 	SDEB_I_MODE_SENSE = 5,		/* 6, 10 */
390 	SDEB_I_MODE_SELECT = 6,		/* 6, 10 */
391 	SDEB_I_LOG_SENSE = 7,
392 	SDEB_I_READ_CAPACITY = 8,	/* 10; 16 is in SA_IN(16) */
393 	SDEB_I_READ = 9,		/* 6, 10, 12, 16 */
394 	SDEB_I_WRITE = 10,		/* 6, 10, 12, 16 */
395 	SDEB_I_START_STOP = 11,
396 	SDEB_I_SERV_ACT_IN_16 = 12,	/* add ...SERV_ACT_IN_12 if needed */
397 	SDEB_I_SERV_ACT_OUT_16 = 13,	/* add ...SERV_ACT_OUT_12 if needed */
398 	SDEB_I_MAINT_IN = 14,
399 	SDEB_I_MAINT_OUT = 15,
400 	SDEB_I_VERIFY = 16,		/* VERIFY(10), VERIFY(16) */
401 	SDEB_I_VARIABLE_LEN = 17,	/* READ(32), WRITE(32), WR_SCAT(32) */
402 	SDEB_I_RESERVE = 18,		/* 6, 10 */
403 	SDEB_I_RELEASE = 19,		/* 6, 10 */
404 	SDEB_I_ALLOW_REMOVAL = 20,	/* PREVENT ALLOW MEDIUM REMOVAL */
405 	SDEB_I_REZERO_UNIT = 21,	/* REWIND in SSC */
406 	SDEB_I_ATA_PT = 22,		/* 12, 16 */
407 	SDEB_I_SEND_DIAG = 23,
408 	SDEB_I_UNMAP = 24,
409 	SDEB_I_WRITE_BUFFER = 25,
410 	SDEB_I_WRITE_SAME = 26,		/* 10, 16 */
411 	SDEB_I_SYNC_CACHE = 27,		/* 10, 16 */
412 	SDEB_I_COMP_WRITE = 28,
413 	SDEB_I_PRE_FETCH = 29,		/* 10, 16 */
414 	SDEB_I_ZONE_OUT = 30,		/* 0x94+SA; includes no data xfer */
415 	SDEB_I_ZONE_IN = 31,		/* 0x95+SA; all have data-in */
416 	SDEB_I_LAST_ELEM_P1 = 32,	/* keep this last (previous + 1) */
417 };
418 
419 
420 static const unsigned char opcode_ind_arr[256] = {
421 /* 0x0; 0x0->0x1f: 6 byte cdbs */
422 	SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
423 	    0, 0, 0, 0,
424 	SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
425 	0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
426 	    SDEB_I_RELEASE,
427 	0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
428 	    SDEB_I_ALLOW_REMOVAL, 0,
429 /* 0x20; 0x20->0x3f: 10 byte cdbs */
430 	0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
431 	SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
432 	0, 0, 0, 0, SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, 0,
433 	0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
434 /* 0x40; 0x40->0x5f: 10 byte cdbs */
435 	0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
436 	0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
437 	0, 0, 0, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
438 	    SDEB_I_RELEASE,
439 	0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
440 /* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
441 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
442 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
443 	0, SDEB_I_VARIABLE_LEN,
444 /* 0x80; 0x80->0x9f: 16 byte cdbs */
445 	0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
446 	SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0,
447 	0, 0, 0, SDEB_I_VERIFY,
448 	SDEB_I_PRE_FETCH, SDEB_I_SYNC_CACHE, 0, SDEB_I_WRITE_SAME,
449 	SDEB_I_ZONE_OUT, SDEB_I_ZONE_IN, 0, 0,
450 	0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN_16, SDEB_I_SERV_ACT_OUT_16,
451 /* 0xa0; 0xa0->0xbf: 12 byte cdbs */
452 	SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
453 	     SDEB_I_MAINT_OUT, 0, 0, 0,
454 	SDEB_I_READ, 0 /* SDEB_I_SERV_ACT_OUT_12 */, SDEB_I_WRITE,
455 	     0 /* SDEB_I_SERV_ACT_IN_12 */, 0, 0, 0, 0,
456 	0, 0, 0, 0, 0, 0, 0, 0,
457 	0, 0, 0, 0, 0, 0, 0, 0,
458 /* 0xc0; 0xc0->0xff: vendor specific */
459 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
460 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
461 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
462 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
463 };
464 
465 /*
466  * The following "response" functions return the SCSI mid-level's 4 byte
467  * tuple-in-an-int. To handle commands with an IMMED bit, for a faster
468  * command completion, they can mask their return value with
469  * SDEG_RES_IMMED_MASK .
470  */
471 #define SDEG_RES_IMMED_MASK 0x40000000
472 
473 static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
474 static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
475 static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
476 static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
477 static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
478 static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
479 static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
480 static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
481 static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
482 static int resp_write_scat(struct scsi_cmnd *, struct sdebug_dev_info *);
483 static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
484 static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
485 static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
486 static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
487 static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
488 static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
489 static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
490 static int resp_verify(struct scsi_cmnd *, struct sdebug_dev_info *);
491 static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
492 static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
493 static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
494 static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
495 static int resp_sync_cache(struct scsi_cmnd *, struct sdebug_dev_info *);
496 static int resp_pre_fetch(struct scsi_cmnd *, struct sdebug_dev_info *);
497 static int resp_report_zones(struct scsi_cmnd *, struct sdebug_dev_info *);
498 static int resp_open_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
499 static int resp_close_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
500 static int resp_finish_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
501 static int resp_rwp_zone(struct scsi_cmnd *, struct sdebug_dev_info *);
502 
503 static int sdebug_do_add_host(bool mk_new_store);
504 static int sdebug_add_host_helper(int per_host_idx);
505 static void sdebug_do_remove_host(bool the_end);
506 static int sdebug_add_store(void);
507 static void sdebug_erase_store(int idx, struct sdeb_store_info *sip);
508 static void sdebug_erase_all_stores(bool apart_from_first);
509 
510 /*
511  * The following are overflow arrays for cdbs that "hit" the same index in
512  * the opcode_info_arr array. The most time sensitive (or commonly used) cdb
513  * should be placed in opcode_info_arr[], the others should be placed here.
514  */
515 static const struct opcode_info_t msense_iarr[] = {
516 	{0, 0x1a, 0, F_D_IN, NULL, NULL,
517 	    {6,  0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
518 };
519 
520 static const struct opcode_info_t mselect_iarr[] = {
521 	{0, 0x15, 0, F_D_OUT, NULL, NULL,
522 	    {6,  0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
523 };
524 
525 static const struct opcode_info_t read_iarr[] = {
526 	{0, 0x28, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(10) */
527 	    {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
528 	     0, 0, 0, 0} },
529 	{0, 0x8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL, /* READ(6) */
530 	    {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
531 	{0, 0xa8, 0, F_D_IN | FF_MEDIA_IO, resp_read_dt0, NULL,/* READ(12) */
532 	    {12,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf,
533 	     0xc7, 0, 0, 0, 0} },
534 };
535 
536 static const struct opcode_info_t write_iarr[] = {
537 	{0, 0x2a, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(10) */
538 	    NULL, {10,  0xfb, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7,
539 		   0, 0, 0, 0, 0, 0} },
540 	{0, 0xa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,   /* WRITE(6) */
541 	    NULL, {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0,
542 		   0, 0, 0} },
543 	{0, 0xaa, 0, F_D_OUT | FF_MEDIA_IO, resp_write_dt0,  /* WRITE(12) */
544 	    NULL, {12,  0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
545 		   0xbf, 0xc7, 0, 0, 0, 0} },
546 };
547 
548 static const struct opcode_info_t verify_iarr[] = {
549 	{0, 0x2f, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,/* VERIFY(10) */
550 	    NULL, {10,  0xf7, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xff, 0xff, 0xc7,
551 		   0, 0, 0, 0, 0, 0} },
552 };
553 
554 static const struct opcode_info_t sa_in_16_iarr[] = {
555 	{0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
556 	    {16,  0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
557 	     0xff, 0xff, 0xff, 0, 0xc7} },	/* GET LBA STATUS(16) */
558 };
559 
560 static const struct opcode_info_t vl_iarr[] = {	/* VARIABLE LENGTH */
561 	{0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_dt0,
562 	    NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0xb, 0xfa,
563 		   0, 0xff, 0xff, 0xff, 0xff} },	/* WRITE(32) */
564 	{0, 0x7f, 0x11, F_SA_HIGH | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
565 	    NULL, {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x11, 0xf8,
566 		   0, 0xff, 0xff, 0x0, 0x0} },	/* WRITE SCATTERED(32) */
567 };
568 
569 static const struct opcode_info_t maint_in_iarr[] = {	/* MAINT IN */
570 	{0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
571 	    {12,  0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
572 	     0xc7, 0, 0, 0, 0} }, /* REPORT SUPPORTED OPERATION CODES */
573 	{0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
574 	    {12,  0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
575 	     0, 0} },	/* REPORTED SUPPORTED TASK MANAGEMENT FUNCTIONS */
576 };
577 
578 static const struct opcode_info_t write_same_iarr[] = {
579 	{0, 0x93, 0, F_D_OUT_MAYBE | FF_MEDIA_IO, resp_write_same_16, NULL,
580 	    {16,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
581 	     0xff, 0xff, 0xff, 0x3f, 0xc7} },		/* WRITE SAME(16) */
582 };
583 
584 static const struct opcode_info_t reserve_iarr[] = {
585 	{0, 0x16, 0, F_D_OUT, NULL, NULL,		/* RESERVE(6) */
586 	    {6,  0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
587 };
588 
589 static const struct opcode_info_t release_iarr[] = {
590 	{0, 0x17, 0, F_D_OUT, NULL, NULL,		/* RELEASE(6) */
591 	    {6,  0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
592 };
593 
594 static const struct opcode_info_t sync_cache_iarr[] = {
595 	{0, 0x91, 0, F_SYNC_DELAY | F_M_ACCESS, resp_sync_cache, NULL,
596 	    {16,  0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
597 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },	/* SYNC_CACHE (16) */
598 };
599 
600 static const struct opcode_info_t pre_fetch_iarr[] = {
601 	{0, 0x90, 0, F_SYNC_DELAY | FF_MEDIA_IO, resp_pre_fetch, NULL,
602 	    {16,  0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
603 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },	/* PRE-FETCH (16) */
604 };
605 
606 static const struct opcode_info_t zone_out_iarr[] = {	/* ZONE OUT(16) */
607 	{0, 0x94, 0x1, F_SA_LOW | F_M_ACCESS, resp_close_zone, NULL,
608 	    {16, 0x1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
609 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },	/* CLOSE ZONE */
610 	{0, 0x94, 0x2, F_SA_LOW | F_M_ACCESS, resp_finish_zone, NULL,
611 	    {16, 0x2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
612 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },	/* FINISH ZONE */
613 	{0, 0x94, 0x4, F_SA_LOW | F_M_ACCESS, resp_rwp_zone, NULL,
614 	    {16, 0x4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
615 	     0xff, 0, 0, 0xff, 0xff, 0x1, 0xc7} },  /* RESET WRITE POINTER */
616 };
617 
618 static const struct opcode_info_t zone_in_iarr[] = {	/* ZONE IN(16) */
619 	{0, 0x95, 0x6, F_SA_LOW | F_D_IN | F_M_ACCESS, NULL, NULL,
620 	    {16, 0x6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
621 	     0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} }, /* REPORT ZONES */
622 };
623 
624 
625 /* This array is accessed via SDEB_I_* values. Make sure all are mapped,
626  * plus the terminating elements for logic that scans this table such as
627  * REPORT SUPPORTED OPERATION CODES. */
628 static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEM_P1 + 1] = {
629 /* 0 */
630 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,	/* unknown opcodes */
631 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
632 	{0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL, /* INQUIRY */
633 	    {6,  0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
634 	{0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
635 	    {12,  0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
636 	     0, 0} },					/* REPORT LUNS */
637 	{0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
638 	    {6,  0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
639 	{0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
640 	    {6,  0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
641 /* 5 */
642 	{ARRAY_SIZE(msense_iarr), 0x5a, 0, F_D_IN,	/* MODE SENSE(10) */
643 	    resp_mode_sense, msense_iarr, {10,  0xf8, 0xff, 0xff, 0, 0, 0,
644 		0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
645 	{ARRAY_SIZE(mselect_iarr), 0x55, 0, F_D_OUT,	/* MODE SELECT(10) */
646 	    resp_mode_select, mselect_iarr, {10,  0xf1, 0, 0, 0, 0, 0, 0xff,
647 		0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
648 	{0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,	/* LOG SENSE */
649 	    {10,  0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
650 	     0, 0, 0} },
651 	{0, 0x25, 0, F_D_IN, resp_readcap, NULL,    /* READ CAPACITY(10) */
652 	    {10,  0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
653 	     0, 0} },
654 	{ARRAY_SIZE(read_iarr), 0x88, 0, F_D_IN | FF_MEDIA_IO, /* READ(16) */
655 	    resp_read_dt0, read_iarr, {16,  0xfe, 0xff, 0xff, 0xff, 0xff,
656 	    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
657 /* 10 */
658 	{ARRAY_SIZE(write_iarr), 0x8a, 0, F_D_OUT | FF_MEDIA_IO,
659 	    resp_write_dt0, write_iarr,			/* WRITE(16) */
660 		{16,  0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
661 		 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7} },
662 	{0, 0x1b, 0, F_SSU_DELAY, resp_start_stop, NULL,/* START STOP UNIT */
663 	    {6,  0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
664 	{ARRAY_SIZE(sa_in_16_iarr), 0x9e, 0x10, F_SA_LOW | F_D_IN,
665 	    resp_readcap16, sa_in_16_iarr, /* SA_IN(16), READ CAPACITY(16) */
666 		{16,  0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
667 		 0xff, 0xff, 0xff, 0xff, 0x1, 0xc7} },
668 	{0, 0x9f, 0x12, F_SA_LOW | F_D_OUT | FF_MEDIA_IO, resp_write_scat,
669 	    NULL, {16,  0x12, 0xf9, 0x0, 0xff, 0xff, 0, 0, 0xff, 0xff, 0xff,
670 	    0xff, 0xff, 0xff, 0xff, 0xc7} },  /* SA_OUT(16), WRITE SCAT(16) */
671 	{ARRAY_SIZE(maint_in_iarr), 0xa3, 0xa, F_SA_LOW | F_D_IN,
672 	    resp_report_tgtpgs,	/* MAINT IN, REPORT TARGET PORT GROUPS */
673 		maint_in_iarr, {12,  0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff,
674 				0xff, 0, 0xc7, 0, 0, 0, 0} },
675 /* 15 */
676 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
677 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
678 	{ARRAY_SIZE(verify_iarr), 0x8f, 0,
679 	    F_D_OUT_MAYBE | FF_MEDIA_IO, resp_verify,	/* VERIFY(16) */
680 	    verify_iarr, {16,  0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
681 			  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xc7} },
682 	{ARRAY_SIZE(vl_iarr), 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_MEDIA_IO,
683 	    resp_read_dt0, vl_iarr,	/* VARIABLE LENGTH, READ(32) */
684 	    {32,  0xc7, 0, 0, 0, 0, 0x3f, 0x18, 0x0, 0x9, 0xfe, 0, 0xff, 0xff,
685 	     0xff, 0xff} },
686 	{ARRAY_SIZE(reserve_iarr), 0x56, 0, F_D_OUT,
687 	    NULL, reserve_iarr,	/* RESERVE(10) <no response function> */
688 	    {10,  0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
689 	     0} },
690 	{ARRAY_SIZE(release_iarr), 0x57, 0, F_D_OUT,
691 	    NULL, release_iarr, /* RELEASE(10) <no response function> */
692 	    {10,  0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
693 	     0} },
694 /* 20 */
695 	{0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
696 	    {6,  0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
697 	{0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
698 	    {6,  0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
699 	{0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
700 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
701 	{0, 0x1d, F_D_OUT, 0, NULL, NULL,	/* SEND DIAGNOSTIC */
702 	    {6,  0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
703 	{0, 0x42, 0, F_D_OUT | FF_MEDIA_IO, resp_unmap, NULL, /* UNMAP */
704 	    {10,  0x1, 0, 0, 0, 0, 0x3f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
705 /* 25 */
706 	{0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
707 	    {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
708 	     0, 0, 0, 0} },			/* WRITE_BUFFER */
709 	{ARRAY_SIZE(write_same_iarr), 0x41, 0, F_D_OUT_MAYBE | FF_MEDIA_IO,
710 	    resp_write_same_10, write_same_iarr,	/* WRITE SAME(10) */
711 		{10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0,
712 		 0, 0, 0, 0, 0} },
713 	{ARRAY_SIZE(sync_cache_iarr), 0x35, 0, F_SYNC_DELAY | F_M_ACCESS,
714 	    resp_sync_cache, sync_cache_iarr,
715 	    {10,  0x7, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
716 	     0, 0, 0, 0} },			/* SYNC_CACHE (10) */
717 	{0, 0x89, 0, F_D_OUT | FF_MEDIA_IO, resp_comp_write, NULL,
718 	    {16,  0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
719 	     0, 0xff, 0x3f, 0xc7} },		/* COMPARE AND WRITE */
720 	{ARRAY_SIZE(pre_fetch_iarr), 0x34, 0, F_SYNC_DELAY | FF_MEDIA_IO,
721 	    resp_pre_fetch, pre_fetch_iarr,
722 	    {10,  0x2, 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0xff, 0xc7, 0, 0,
723 	     0, 0, 0, 0} },			/* PRE-FETCH (10) */
724 
725 /* 30 */
726 	{ARRAY_SIZE(zone_out_iarr), 0x94, 0x3, F_SA_LOW | F_M_ACCESS,
727 	    resp_open_zone, zone_out_iarr, /* ZONE_OUT(16), OPEN ZONE) */
728 		{16,  0x3 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
729 		 0xff, 0xff, 0x0, 0x0, 0xff, 0xff, 0x1, 0xc7} },
730 	{ARRAY_SIZE(zone_in_iarr), 0x95, 0x0, F_SA_LOW | F_M_ACCESS,
731 	    resp_report_zones, zone_in_iarr, /* ZONE_IN(16), REPORT ZONES) */
732 		{16,  0x0 /* SA */, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
733 		 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbf, 0xc7} },
734 /* sentinel */
735 	{0xff, 0, 0, 0, NULL, NULL,		/* terminating element */
736 	    {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
737 };
738 
739 static int sdebug_num_hosts;
740 static int sdebug_add_host = DEF_NUM_HOST;  /* in sysfs this is relative */
741 static int sdebug_ato = DEF_ATO;
742 static int sdebug_cdb_len = DEF_CDB_LEN;
743 static int sdebug_jdelay = DEF_JDELAY;	/* if > 0 then unit is jiffies */
744 static int sdebug_dev_size_mb = DEF_DEV_SIZE_PRE_INIT;
745 static int sdebug_dif = DEF_DIF;
746 static int sdebug_dix = DEF_DIX;
747 static int sdebug_dsense = DEF_D_SENSE;
748 static int sdebug_every_nth = DEF_EVERY_NTH;
749 static int sdebug_fake_rw = DEF_FAKE_RW;
750 static unsigned int sdebug_guard = DEF_GUARD;
751 static int sdebug_host_max_queue;	/* per host */
752 static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
753 static int sdebug_max_luns = DEF_MAX_LUNS;
754 static int sdebug_max_queue = SDEBUG_CANQUEUE;	/* per submit queue */
755 static unsigned int sdebug_medium_error_start = OPT_MEDIUM_ERR_ADDR;
756 static int sdebug_medium_error_count = OPT_MEDIUM_ERR_NUM;
757 static atomic_t retired_max_queue;	/* if > 0 then was prior max_queue */
758 static int sdebug_ndelay = DEF_NDELAY;	/* if > 0 then unit is nanoseconds */
759 static int sdebug_no_lun_0 = DEF_NO_LUN_0;
760 static int sdebug_no_uld;
761 static int sdebug_num_parts = DEF_NUM_PARTS;
762 static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
763 static int sdebug_opt_blks = DEF_OPT_BLKS;
764 static int sdebug_opts = DEF_OPTS;
765 static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
766 static int sdebug_opt_xferlen_exp = DEF_OPT_XFERLEN_EXP;
767 static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
768 static int sdebug_scsi_level = DEF_SCSI_LEVEL;
769 static int sdebug_sector_size = DEF_SECTOR_SIZE;
770 static int sdeb_tur_ms_to_ready = DEF_TUR_MS_TO_READY;
771 static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
772 static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
773 static unsigned int sdebug_lbpu = DEF_LBPU;
774 static unsigned int sdebug_lbpws = DEF_LBPWS;
775 static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
776 static unsigned int sdebug_lbprz = DEF_LBPRZ;
777 static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
778 static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
779 static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
780 static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
781 static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
782 static int sdebug_uuid_ctl = DEF_UUID_CTL;
783 static bool sdebug_random = DEF_RANDOM;
784 static bool sdebug_per_host_store = DEF_PER_HOST_STORE;
785 static bool sdebug_removable = DEF_REMOVABLE;
786 static bool sdebug_clustering;
787 static bool sdebug_host_lock = DEF_HOST_LOCK;
788 static bool sdebug_strict = DEF_STRICT;
789 static bool sdebug_any_injecting_opt;
790 static bool sdebug_no_rwlock;
791 static bool sdebug_verbose;
792 static bool have_dif_prot;
793 static bool write_since_sync;
794 static bool sdebug_statistics = DEF_STATISTICS;
795 static bool sdebug_wp;
796 /* Following enum: 0: no zbc, def; 1: host aware; 2: host managed */
797 static enum blk_zoned_model sdeb_zbc_model = BLK_ZONED_NONE;
798 static char *sdeb_zbc_model_s;
799 
800 enum sam_lun_addr_method {SAM_LUN_AM_PERIPHERAL = 0x0,
801 			  SAM_LUN_AM_FLAT = 0x1,
802 			  SAM_LUN_AM_LOGICAL_UNIT = 0x2,
803 			  SAM_LUN_AM_EXTENDED = 0x3};
804 static enum sam_lun_addr_method sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
805 static int sdebug_lun_am_i = (int)SAM_LUN_AM_PERIPHERAL;
806 
807 static unsigned int sdebug_store_sectors;
808 static sector_t sdebug_capacity;	/* in sectors */
809 
810 /* old BIOS stuff, kernel may get rid of them but some mode sense pages
811    may still need them */
812 static int sdebug_heads;		/* heads per disk */
813 static int sdebug_cylinders_per;	/* cylinders per surface */
814 static int sdebug_sectors_per;		/* sectors per cylinder */
815 
816 static LIST_HEAD(sdebug_host_list);
817 static DEFINE_SPINLOCK(sdebug_host_list_lock);
818 
819 static struct xarray per_store_arr;
820 static struct xarray *per_store_ap = &per_store_arr;
821 static int sdeb_first_idx = -1;		/* invalid index ==> none created */
822 static int sdeb_most_recent_idx = -1;
823 static DEFINE_RWLOCK(sdeb_fake_rw_lck);	/* need a RW lock when fake_rw=1 */
824 
825 static unsigned long map_size;
826 static int num_aborts;
827 static int num_dev_resets;
828 static int num_target_resets;
829 static int num_bus_resets;
830 static int num_host_resets;
831 static int dix_writes;
832 static int dix_reads;
833 static int dif_errors;
834 
835 /* ZBC global data */
836 static bool sdeb_zbc_in_use;	/* true for host-aware and host-managed disks */
837 static int sdeb_zbc_zone_cap_mb;
838 static int sdeb_zbc_zone_size_mb;
839 static int sdeb_zbc_max_open = DEF_ZBC_MAX_OPEN_ZONES;
840 static int sdeb_zbc_nr_conv = DEF_ZBC_NR_CONV_ZONES;
841 
842 static int submit_queues = DEF_SUBMIT_QUEUES;  /* > 1 for multi-queue (mq) */
843 static int poll_queues; /* iouring iopoll interface.*/
844 static struct sdebug_queue *sdebug_q_arr;  /* ptr to array of submit queues */
845 
846 static DEFINE_RWLOCK(atomic_rw);
847 static DEFINE_RWLOCK(atomic_rw2);
848 
849 static rwlock_t *ramdisk_lck_a[2];
850 
851 static char sdebug_proc_name[] = MY_NAME;
852 static const char *my_name = MY_NAME;
853 
854 static struct bus_type pseudo_lld_bus;
855 
856 static struct device_driver sdebug_driverfs_driver = {
857 	.name 		= sdebug_proc_name,
858 	.bus		= &pseudo_lld_bus,
859 };
860 
861 static const int check_condition_result =
862 	SAM_STAT_CHECK_CONDITION;
863 
864 static const int illegal_condition_result =
865 	(DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
866 
867 static const int device_qfull_result =
868 	(DID_ABORT << 16) | SAM_STAT_TASK_SET_FULL;
869 
870 static const int condition_met_result = SAM_STAT_CONDITION_MET;
871 
872 
873 /* Only do the extra work involved in logical block provisioning if one or
874  * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
875  * real reads and writes (i.e. not skipping them for speed).
876  */
877 static inline bool scsi_debug_lbp(void)
878 {
879 	return 0 == sdebug_fake_rw &&
880 		(sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
881 }
882 
883 static void *lba2fake_store(struct sdeb_store_info *sip,
884 			    unsigned long long lba)
885 {
886 	struct sdeb_store_info *lsip = sip;
887 
888 	lba = do_div(lba, sdebug_store_sectors);
889 	if (!sip || !sip->storep) {
890 		WARN_ON_ONCE(true);
891 		lsip = xa_load(per_store_ap, 0);  /* should never be NULL */
892 	}
893 	return lsip->storep + lba * sdebug_sector_size;
894 }
895 
896 static struct t10_pi_tuple *dif_store(struct sdeb_store_info *sip,
897 				      sector_t sector)
898 {
899 	sector = sector_div(sector, sdebug_store_sectors);
900 
901 	return sip->dif_storep + sector;
902 }
903 
904 static void sdebug_max_tgts_luns(void)
905 {
906 	struct sdebug_host_info *sdbg_host;
907 	struct Scsi_Host *hpnt;
908 
909 	spin_lock(&sdebug_host_list_lock);
910 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
911 		hpnt = sdbg_host->shost;
912 		if ((hpnt->this_id >= 0) &&
913 		    (sdebug_num_tgts > hpnt->this_id))
914 			hpnt->max_id = sdebug_num_tgts + 1;
915 		else
916 			hpnt->max_id = sdebug_num_tgts;
917 		/* sdebug_max_luns; */
918 		hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
919 	}
920 	spin_unlock(&sdebug_host_list_lock);
921 }
922 
923 enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
924 
925 /* Set in_bit to -1 to indicate no bit position of invalid field */
926 static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
927 				 enum sdeb_cmd_data c_d,
928 				 int in_byte, int in_bit)
929 {
930 	unsigned char *sbuff;
931 	u8 sks[4];
932 	int sl, asc;
933 
934 	sbuff = scp->sense_buffer;
935 	if (!sbuff) {
936 		sdev_printk(KERN_ERR, scp->device,
937 			    "%s: sense_buffer is NULL\n", __func__);
938 		return;
939 	}
940 	asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
941 	memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
942 	scsi_build_sense(scp, sdebug_dsense, ILLEGAL_REQUEST, asc, 0);
943 	memset(sks, 0, sizeof(sks));
944 	sks[0] = 0x80;
945 	if (c_d)
946 		sks[0] |= 0x40;
947 	if (in_bit >= 0) {
948 		sks[0] |= 0x8;
949 		sks[0] |= 0x7 & in_bit;
950 	}
951 	put_unaligned_be16(in_byte, sks + 1);
952 	if (sdebug_dsense) {
953 		sl = sbuff[7] + 8;
954 		sbuff[7] = sl;
955 		sbuff[sl] = 0x2;
956 		sbuff[sl + 1] = 0x6;
957 		memcpy(sbuff + sl + 4, sks, 3);
958 	} else
959 		memcpy(sbuff + 15, sks, 3);
960 	if (sdebug_verbose)
961 		sdev_printk(KERN_INFO, scp->device, "%s:  [sense_key,asc,ascq"
962 			    "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
963 			    my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
964 }
965 
966 static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
967 {
968 	if (!scp->sense_buffer) {
969 		sdev_printk(KERN_ERR, scp->device,
970 			    "%s: sense_buffer is NULL\n", __func__);
971 		return;
972 	}
973 	memset(scp->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
974 
975 	scsi_build_sense(scp, sdebug_dsense, key, asc, asq);
976 
977 	if (sdebug_verbose)
978 		sdev_printk(KERN_INFO, scp->device,
979 			    "%s:  [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
980 			    my_name, key, asc, asq);
981 }
982 
983 static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
984 {
985 	mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
986 }
987 
988 static int scsi_debug_ioctl(struct scsi_device *dev, unsigned int cmd,
989 			    void __user *arg)
990 {
991 	if (sdebug_verbose) {
992 		if (0x1261 == cmd)
993 			sdev_printk(KERN_INFO, dev,
994 				    "%s: BLKFLSBUF [0x1261]\n", __func__);
995 		else if (0x5331 == cmd)
996 			sdev_printk(KERN_INFO, dev,
997 				    "%s: CDROM_GET_CAPABILITY [0x5331]\n",
998 				    __func__);
999 		else
1000 			sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
1001 				    __func__, cmd);
1002 	}
1003 	return -EINVAL;
1004 	/* return -ENOTTY; // correct return but upsets fdisk */
1005 }
1006 
1007 static void config_cdb_len(struct scsi_device *sdev)
1008 {
1009 	switch (sdebug_cdb_len) {
1010 	case 6:	/* suggest 6 byte READ, WRITE and MODE SENSE/SELECT */
1011 		sdev->use_10_for_rw = false;
1012 		sdev->use_16_for_rw = false;
1013 		sdev->use_10_for_ms = false;
1014 		break;
1015 	case 10: /* suggest 10 byte RWs and 6 byte MODE SENSE/SELECT */
1016 		sdev->use_10_for_rw = true;
1017 		sdev->use_16_for_rw = false;
1018 		sdev->use_10_for_ms = false;
1019 		break;
1020 	case 12: /* suggest 10 byte RWs and 10 byte MODE SENSE/SELECT */
1021 		sdev->use_10_for_rw = true;
1022 		sdev->use_16_for_rw = false;
1023 		sdev->use_10_for_ms = true;
1024 		break;
1025 	case 16:
1026 		sdev->use_10_for_rw = false;
1027 		sdev->use_16_for_rw = true;
1028 		sdev->use_10_for_ms = true;
1029 		break;
1030 	case 32: /* No knobs to suggest this so same as 16 for now */
1031 		sdev->use_10_for_rw = false;
1032 		sdev->use_16_for_rw = true;
1033 		sdev->use_10_for_ms = true;
1034 		break;
1035 	default:
1036 		pr_warn("unexpected cdb_len=%d, force to 10\n",
1037 			sdebug_cdb_len);
1038 		sdev->use_10_for_rw = true;
1039 		sdev->use_16_for_rw = false;
1040 		sdev->use_10_for_ms = false;
1041 		sdebug_cdb_len = 10;
1042 		break;
1043 	}
1044 }
1045 
1046 static void all_config_cdb_len(void)
1047 {
1048 	struct sdebug_host_info *sdbg_host;
1049 	struct Scsi_Host *shost;
1050 	struct scsi_device *sdev;
1051 
1052 	spin_lock(&sdebug_host_list_lock);
1053 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
1054 		shost = sdbg_host->shost;
1055 		shost_for_each_device(sdev, shost) {
1056 			config_cdb_len(sdev);
1057 		}
1058 	}
1059 	spin_unlock(&sdebug_host_list_lock);
1060 }
1061 
1062 static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
1063 {
1064 	struct sdebug_host_info *sdhp;
1065 	struct sdebug_dev_info *dp;
1066 
1067 	spin_lock(&sdebug_host_list_lock);
1068 	list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
1069 		list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
1070 			if ((devip->sdbg_host == dp->sdbg_host) &&
1071 			    (devip->target == dp->target))
1072 				clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
1073 		}
1074 	}
1075 	spin_unlock(&sdebug_host_list_lock);
1076 }
1077 
1078 static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1079 {
1080 	int k;
1081 
1082 	k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
1083 	if (k != SDEBUG_NUM_UAS) {
1084 		const char *cp = NULL;
1085 
1086 		switch (k) {
1087 		case SDEBUG_UA_POR:
1088 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1089 					POWER_ON_RESET_ASCQ);
1090 			if (sdebug_verbose)
1091 				cp = "power on reset";
1092 			break;
1093 		case SDEBUG_UA_POOCCUR:
1094 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1095 					POWER_ON_OCCURRED_ASCQ);
1096 			if (sdebug_verbose)
1097 				cp = "power on occurred";
1098 			break;
1099 		case SDEBUG_UA_BUS_RESET:
1100 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
1101 					BUS_RESET_ASCQ);
1102 			if (sdebug_verbose)
1103 				cp = "bus reset";
1104 			break;
1105 		case SDEBUG_UA_MODE_CHANGED:
1106 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1107 					MODE_CHANGED_ASCQ);
1108 			if (sdebug_verbose)
1109 				cp = "mode parameters changed";
1110 			break;
1111 		case SDEBUG_UA_CAPACITY_CHANGED:
1112 			mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
1113 					CAPACITY_CHANGED_ASCQ);
1114 			if (sdebug_verbose)
1115 				cp = "capacity data changed";
1116 			break;
1117 		case SDEBUG_UA_MICROCODE_CHANGED:
1118 			mk_sense_buffer(scp, UNIT_ATTENTION,
1119 					TARGET_CHANGED_ASC,
1120 					MICROCODE_CHANGED_ASCQ);
1121 			if (sdebug_verbose)
1122 				cp = "microcode has been changed";
1123 			break;
1124 		case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
1125 			mk_sense_buffer(scp, UNIT_ATTENTION,
1126 					TARGET_CHANGED_ASC,
1127 					MICROCODE_CHANGED_WO_RESET_ASCQ);
1128 			if (sdebug_verbose)
1129 				cp = "microcode has been changed without reset";
1130 			break;
1131 		case SDEBUG_UA_LUNS_CHANGED:
1132 			/*
1133 			 * SPC-3 behavior is to report a UNIT ATTENTION with
1134 			 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
1135 			 * on the target, until a REPORT LUNS command is
1136 			 * received.  SPC-4 behavior is to report it only once.
1137 			 * NOTE:  sdebug_scsi_level does not use the same
1138 			 * values as struct scsi_device->scsi_level.
1139 			 */
1140 			if (sdebug_scsi_level >= 6)	/* SPC-4 and above */
1141 				clear_luns_changed_on_target(devip);
1142 			mk_sense_buffer(scp, UNIT_ATTENTION,
1143 					TARGET_CHANGED_ASC,
1144 					LUNS_CHANGED_ASCQ);
1145 			if (sdebug_verbose)
1146 				cp = "reported luns data has changed";
1147 			break;
1148 		default:
1149 			pr_warn("unexpected unit attention code=%d\n", k);
1150 			if (sdebug_verbose)
1151 				cp = "unknown";
1152 			break;
1153 		}
1154 		clear_bit(k, devip->uas_bm);
1155 		if (sdebug_verbose)
1156 			sdev_printk(KERN_INFO, scp->device,
1157 				   "%s reports: Unit attention: %s\n",
1158 				   my_name, cp);
1159 		return check_condition_result;
1160 	}
1161 	return 0;
1162 }
1163 
1164 /* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
1165 static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1166 				int arr_len)
1167 {
1168 	int act_len;
1169 	struct scsi_data_buffer *sdb = &scp->sdb;
1170 
1171 	if (!sdb->length)
1172 		return 0;
1173 	if (scp->sc_data_direction != DMA_FROM_DEVICE)
1174 		return DID_ERROR << 16;
1175 
1176 	act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
1177 				      arr, arr_len);
1178 	scsi_set_resid(scp, scsi_bufflen(scp) - act_len);
1179 
1180 	return 0;
1181 }
1182 
1183 /* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
1184  * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
1185  * calls, not required to write in ascending offset order. Assumes resid
1186  * set to scsi_bufflen() prior to any calls.
1187  */
1188 static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
1189 				  int arr_len, unsigned int off_dst)
1190 {
1191 	unsigned int act_len, n;
1192 	struct scsi_data_buffer *sdb = &scp->sdb;
1193 	off_t skip = off_dst;
1194 
1195 	if (sdb->length <= off_dst)
1196 		return 0;
1197 	if (scp->sc_data_direction != DMA_FROM_DEVICE)
1198 		return DID_ERROR << 16;
1199 
1200 	act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
1201 				       arr, arr_len, skip);
1202 	pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
1203 		 __func__, off_dst, scsi_bufflen(scp), act_len,
1204 		 scsi_get_resid(scp));
1205 	n = scsi_bufflen(scp) - (off_dst + act_len);
1206 	scsi_set_resid(scp, min_t(u32, scsi_get_resid(scp), n));
1207 	return 0;
1208 }
1209 
1210 /* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
1211  * 'arr' or -1 if error.
1212  */
1213 static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
1214 			       int arr_len)
1215 {
1216 	if (!scsi_bufflen(scp))
1217 		return 0;
1218 	if (scp->sc_data_direction != DMA_TO_DEVICE)
1219 		return -1;
1220 
1221 	return scsi_sg_copy_to_buffer(scp, arr, arr_len);
1222 }
1223 
1224 
1225 static char sdebug_inq_vendor_id[9] = "Linux   ";
1226 static char sdebug_inq_product_id[17] = "scsi_debug      ";
1227 static char sdebug_inq_product_rev[5] = SDEBUG_VERSION;
1228 /* Use some locally assigned NAAs for SAS addresses. */
1229 static const u64 naa3_comp_a = 0x3222222000000000ULL;
1230 static const u64 naa3_comp_b = 0x3333333000000000ULL;
1231 static const u64 naa3_comp_c = 0x3111111000000000ULL;
1232 
1233 /* Device identification VPD page. Returns number of bytes placed in arr */
1234 static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
1235 			  int target_dev_id, int dev_id_num,
1236 			  const char *dev_id_str, int dev_id_str_len,
1237 			  const uuid_t *lu_name)
1238 {
1239 	int num, port_a;
1240 	char b[32];
1241 
1242 	port_a = target_dev_id + 1;
1243 	/* T10 vendor identifier field format (faked) */
1244 	arr[0] = 0x2;	/* ASCII */
1245 	arr[1] = 0x1;
1246 	arr[2] = 0x0;
1247 	memcpy(&arr[4], sdebug_inq_vendor_id, 8);
1248 	memcpy(&arr[12], sdebug_inq_product_id, 16);
1249 	memcpy(&arr[28], dev_id_str, dev_id_str_len);
1250 	num = 8 + 16 + dev_id_str_len;
1251 	arr[3] = num;
1252 	num += 4;
1253 	if (dev_id_num >= 0) {
1254 		if (sdebug_uuid_ctl) {
1255 			/* Locally assigned UUID */
1256 			arr[num++] = 0x1;  /* binary (not necessarily sas) */
1257 			arr[num++] = 0xa;  /* PIV=0, lu, naa */
1258 			arr[num++] = 0x0;
1259 			arr[num++] = 0x12;
1260 			arr[num++] = 0x10; /* uuid type=1, locally assigned */
1261 			arr[num++] = 0x0;
1262 			memcpy(arr + num, lu_name, 16);
1263 			num += 16;
1264 		} else {
1265 			/* NAA-3, Logical unit identifier (binary) */
1266 			arr[num++] = 0x1;  /* binary (not necessarily sas) */
1267 			arr[num++] = 0x3;  /* PIV=0, lu, naa */
1268 			arr[num++] = 0x0;
1269 			arr[num++] = 0x8;
1270 			put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1271 			num += 8;
1272 		}
1273 		/* Target relative port number */
1274 		arr[num++] = 0x61;	/* proto=sas, binary */
1275 		arr[num++] = 0x94;	/* PIV=1, target port, rel port */
1276 		arr[num++] = 0x0;	/* reserved */
1277 		arr[num++] = 0x4;	/* length */
1278 		arr[num++] = 0x0;	/* reserved */
1279 		arr[num++] = 0x0;	/* reserved */
1280 		arr[num++] = 0x0;
1281 		arr[num++] = 0x1;	/* relative port A */
1282 	}
1283 	/* NAA-3, Target port identifier */
1284 	arr[num++] = 0x61;	/* proto=sas, binary */
1285 	arr[num++] = 0x93;	/* piv=1, target port, naa */
1286 	arr[num++] = 0x0;
1287 	arr[num++] = 0x8;
1288 	put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1289 	num += 8;
1290 	/* NAA-3, Target port group identifier */
1291 	arr[num++] = 0x61;	/* proto=sas, binary */
1292 	arr[num++] = 0x95;	/* piv=1, target port group id */
1293 	arr[num++] = 0x0;
1294 	arr[num++] = 0x4;
1295 	arr[num++] = 0;
1296 	arr[num++] = 0;
1297 	put_unaligned_be16(port_group_id, arr + num);
1298 	num += 2;
1299 	/* NAA-3, Target device identifier */
1300 	arr[num++] = 0x61;	/* proto=sas, binary */
1301 	arr[num++] = 0xa3;	/* piv=1, target device, naa */
1302 	arr[num++] = 0x0;
1303 	arr[num++] = 0x8;
1304 	put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1305 	num += 8;
1306 	/* SCSI name string: Target device identifier */
1307 	arr[num++] = 0x63;	/* proto=sas, UTF-8 */
1308 	arr[num++] = 0xa8;	/* piv=1, target device, SCSI name string */
1309 	arr[num++] = 0x0;
1310 	arr[num++] = 24;
1311 	memcpy(arr + num, "naa.32222220", 12);
1312 	num += 12;
1313 	snprintf(b, sizeof(b), "%08X", target_dev_id);
1314 	memcpy(arr + num, b, 8);
1315 	num += 8;
1316 	memset(arr + num, 0, 4);
1317 	num += 4;
1318 	return num;
1319 }
1320 
1321 static unsigned char vpd84_data[] = {
1322 /* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1323     0x22,0x22,0x22,0x0,0xbb,0x1,
1324     0x22,0x22,0x22,0x0,0xbb,0x2,
1325 };
1326 
1327 /*  Software interface identification VPD page */
1328 static int inquiry_vpd_84(unsigned char *arr)
1329 {
1330 	memcpy(arr, vpd84_data, sizeof(vpd84_data));
1331 	return sizeof(vpd84_data);
1332 }
1333 
1334 /* Management network addresses VPD page */
1335 static int inquiry_vpd_85(unsigned char *arr)
1336 {
1337 	int num = 0;
1338 	const char *na1 = "https://www.kernel.org/config";
1339 	const char *na2 = "http://www.kernel.org/log";
1340 	int plen, olen;
1341 
1342 	arr[num++] = 0x1;	/* lu, storage config */
1343 	arr[num++] = 0x0;	/* reserved */
1344 	arr[num++] = 0x0;
1345 	olen = strlen(na1);
1346 	plen = olen + 1;
1347 	if (plen % 4)
1348 		plen = ((plen / 4) + 1) * 4;
1349 	arr[num++] = plen;	/* length, null termianted, padded */
1350 	memcpy(arr + num, na1, olen);
1351 	memset(arr + num + olen, 0, plen - olen);
1352 	num += plen;
1353 
1354 	arr[num++] = 0x4;	/* lu, logging */
1355 	arr[num++] = 0x0;	/* reserved */
1356 	arr[num++] = 0x0;
1357 	olen = strlen(na2);
1358 	plen = olen + 1;
1359 	if (plen % 4)
1360 		plen = ((plen / 4) + 1) * 4;
1361 	arr[num++] = plen;	/* length, null terminated, padded */
1362 	memcpy(arr + num, na2, olen);
1363 	memset(arr + num + olen, 0, plen - olen);
1364 	num += plen;
1365 
1366 	return num;
1367 }
1368 
1369 /* SCSI ports VPD page */
1370 static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1371 {
1372 	int num = 0;
1373 	int port_a, port_b;
1374 
1375 	port_a = target_dev_id + 1;
1376 	port_b = port_a + 1;
1377 	arr[num++] = 0x0;	/* reserved */
1378 	arr[num++] = 0x0;	/* reserved */
1379 	arr[num++] = 0x0;
1380 	arr[num++] = 0x1;	/* relative port 1 (primary) */
1381 	memset(arr + num, 0, 6);
1382 	num += 6;
1383 	arr[num++] = 0x0;
1384 	arr[num++] = 12;	/* length tp descriptor */
1385 	/* naa-5 target port identifier (A) */
1386 	arr[num++] = 0x61;	/* proto=sas, binary */
1387 	arr[num++] = 0x93;	/* PIV=1, target port, NAA */
1388 	arr[num++] = 0x0;	/* reserved */
1389 	arr[num++] = 0x8;	/* length */
1390 	put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1391 	num += 8;
1392 	arr[num++] = 0x0;	/* reserved */
1393 	arr[num++] = 0x0;	/* reserved */
1394 	arr[num++] = 0x0;
1395 	arr[num++] = 0x2;	/* relative port 2 (secondary) */
1396 	memset(arr + num, 0, 6);
1397 	num += 6;
1398 	arr[num++] = 0x0;
1399 	arr[num++] = 12;	/* length tp descriptor */
1400 	/* naa-5 target port identifier (B) */
1401 	arr[num++] = 0x61;	/* proto=sas, binary */
1402 	arr[num++] = 0x93;	/* PIV=1, target port, NAA */
1403 	arr[num++] = 0x0;	/* reserved */
1404 	arr[num++] = 0x8;	/* length */
1405 	put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1406 	num += 8;
1407 
1408 	return num;
1409 }
1410 
1411 
1412 static unsigned char vpd89_data[] = {
1413 /* from 4th byte */ 0,0,0,0,
1414 'l','i','n','u','x',' ',' ',' ',
1415 'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1416 '1','2','3','4',
1417 0x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
1418 0xec,0,0,0,
1419 0x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
1420 0,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
1421 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
1422 0x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
1423 0x53,0x41,
1424 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1425 0x20,0x20,
1426 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1427 0x10,0x80,
1428 0,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
1429 0x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
1430 0x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
1431 0,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
1432 0x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
1433 0x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
1434 0,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
1435 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1436 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1437 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1438 0x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
1439 0,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
1440 0xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
1441 0,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
1442 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1443 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1444 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1445 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1446 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1447 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1448 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1449 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1450 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1451 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1452 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1453 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1454 };
1455 
1456 /* ATA Information VPD page */
1457 static int inquiry_vpd_89(unsigned char *arr)
1458 {
1459 	memcpy(arr, vpd89_data, sizeof(vpd89_data));
1460 	return sizeof(vpd89_data);
1461 }
1462 
1463 
1464 static unsigned char vpdb0_data[] = {
1465 	/* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1466 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1467 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1468 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1469 };
1470 
1471 /* Block limits VPD page (SBC-3) */
1472 static int inquiry_vpd_b0(unsigned char *arr)
1473 {
1474 	unsigned int gran;
1475 
1476 	memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1477 
1478 	/* Optimal transfer length granularity */
1479 	if (sdebug_opt_xferlen_exp != 0 &&
1480 	    sdebug_physblk_exp < sdebug_opt_xferlen_exp)
1481 		gran = 1 << sdebug_opt_xferlen_exp;
1482 	else
1483 		gran = 1 << sdebug_physblk_exp;
1484 	put_unaligned_be16(gran, arr + 2);
1485 
1486 	/* Maximum Transfer Length */
1487 	if (sdebug_store_sectors > 0x400)
1488 		put_unaligned_be32(sdebug_store_sectors, arr + 4);
1489 
1490 	/* Optimal Transfer Length */
1491 	put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1492 
1493 	if (sdebug_lbpu) {
1494 		/* Maximum Unmap LBA Count */
1495 		put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1496 
1497 		/* Maximum Unmap Block Descriptor Count */
1498 		put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1499 	}
1500 
1501 	/* Unmap Granularity Alignment */
1502 	if (sdebug_unmap_alignment) {
1503 		put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1504 		arr[28] |= 0x80; /* UGAVALID */
1505 	}
1506 
1507 	/* Optimal Unmap Granularity */
1508 	put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1509 
1510 	/* Maximum WRITE SAME Length */
1511 	put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1512 
1513 	return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1514 
1515 	return sizeof(vpdb0_data);
1516 }
1517 
1518 /* Block device characteristics VPD page (SBC-3) */
1519 static int inquiry_vpd_b1(struct sdebug_dev_info *devip, unsigned char *arr)
1520 {
1521 	memset(arr, 0, 0x3c);
1522 	arr[0] = 0;
1523 	arr[1] = 1;	/* non rotating medium (e.g. solid state) */
1524 	arr[2] = 0;
1525 	arr[3] = 5;	/* less than 1.8" */
1526 	if (devip->zmodel == BLK_ZONED_HA)
1527 		arr[4] = 1 << 4;	/* zoned field = 01b */
1528 
1529 	return 0x3c;
1530 }
1531 
1532 /* Logical block provisioning VPD page (SBC-4) */
1533 static int inquiry_vpd_b2(unsigned char *arr)
1534 {
1535 	memset(arr, 0, 0x4);
1536 	arr[0] = 0;			/* threshold exponent */
1537 	if (sdebug_lbpu)
1538 		arr[1] = 1 << 7;
1539 	if (sdebug_lbpws)
1540 		arr[1] |= 1 << 6;
1541 	if (sdebug_lbpws10)
1542 		arr[1] |= 1 << 5;
1543 	if (sdebug_lbprz && scsi_debug_lbp())
1544 		arr[1] |= (sdebug_lbprz & 0x7) << 2;  /* sbc4r07 and later */
1545 	/* anc_sup=0; dp=0 (no provisioning group descriptor) */
1546 	/* minimum_percentage=0; provisioning_type=0 (unknown) */
1547 	/* threshold_percentage=0 */
1548 	return 0x4;
1549 }
1550 
1551 /* Zoned block device characteristics VPD page (ZBC mandatory) */
1552 static int inquiry_vpd_b6(struct sdebug_dev_info *devip, unsigned char *arr)
1553 {
1554 	memset(arr, 0, 0x3c);
1555 	arr[0] = 0x1; /* set URSWRZ (unrestricted read in seq. wr req zone) */
1556 	/*
1557 	 * Set Optimal number of open sequential write preferred zones and
1558 	 * Optimal number of non-sequentially written sequential write
1559 	 * preferred zones fields to 'not reported' (0xffffffff). Leave other
1560 	 * fields set to zero, apart from Max. number of open swrz_s field.
1561 	 */
1562 	put_unaligned_be32(0xffffffff, &arr[4]);
1563 	put_unaligned_be32(0xffffffff, &arr[8]);
1564 	if (sdeb_zbc_model == BLK_ZONED_HM && devip->max_open)
1565 		put_unaligned_be32(devip->max_open, &arr[12]);
1566 	else
1567 		put_unaligned_be32(0xffffffff, &arr[12]);
1568 	if (devip->zcap < devip->zsize) {
1569 		arr[19] = ZBC_CONSTANT_ZONE_START_OFFSET;
1570 		put_unaligned_be64(devip->zsize, &arr[20]);
1571 	} else {
1572 		arr[19] = 0;
1573 	}
1574 	return 0x3c;
1575 }
1576 
1577 #define SDEBUG_LONG_INQ_SZ 96
1578 #define SDEBUG_MAX_INQ_ARR_SZ 584
1579 
1580 static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1581 {
1582 	unsigned char pq_pdt;
1583 	unsigned char *arr;
1584 	unsigned char *cmd = scp->cmnd;
1585 	u32 alloc_len, n;
1586 	int ret;
1587 	bool have_wlun, is_disk, is_zbc, is_disk_zbc;
1588 
1589 	alloc_len = get_unaligned_be16(cmd + 3);
1590 	arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1591 	if (! arr)
1592 		return DID_REQUEUE << 16;
1593 	is_disk = (sdebug_ptype == TYPE_DISK);
1594 	is_zbc = (devip->zmodel != BLK_ZONED_NONE);
1595 	is_disk_zbc = (is_disk || is_zbc);
1596 	have_wlun = scsi_is_wlun(scp->device->lun);
1597 	if (have_wlun)
1598 		pq_pdt = TYPE_WLUN;	/* present, wlun */
1599 	else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1600 		pq_pdt = 0x7f;	/* not present, PQ=3, PDT=0x1f */
1601 	else
1602 		pq_pdt = (sdebug_ptype & 0x1f);
1603 	arr[0] = pq_pdt;
1604 	if (0x2 & cmd[1]) {  /* CMDDT bit set */
1605 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1606 		kfree(arr);
1607 		return check_condition_result;
1608 	} else if (0x1 & cmd[1]) {  /* EVPD bit set */
1609 		int lu_id_num, port_group_id, target_dev_id;
1610 		u32 len;
1611 		char lu_id_str[6];
1612 		int host_no = devip->sdbg_host->shost->host_no;
1613 
1614 		port_group_id = (((host_no + 1) & 0x7f) << 8) +
1615 		    (devip->channel & 0x7f);
1616 		if (sdebug_vpd_use_hostno == 0)
1617 			host_no = 0;
1618 		lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1619 			    (devip->target * 1000) + devip->lun);
1620 		target_dev_id = ((host_no + 1) * 2000) +
1621 				 (devip->target * 1000) - 3;
1622 		len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1623 		if (0 == cmd[2]) { /* supported vital product data pages */
1624 			arr[1] = cmd[2];	/*sanity */
1625 			n = 4;
1626 			arr[n++] = 0x0;   /* this page */
1627 			arr[n++] = 0x80;  /* unit serial number */
1628 			arr[n++] = 0x83;  /* device identification */
1629 			arr[n++] = 0x84;  /* software interface ident. */
1630 			arr[n++] = 0x85;  /* management network addresses */
1631 			arr[n++] = 0x86;  /* extended inquiry */
1632 			arr[n++] = 0x87;  /* mode page policy */
1633 			arr[n++] = 0x88;  /* SCSI ports */
1634 			if (is_disk_zbc) {	  /* SBC or ZBC */
1635 				arr[n++] = 0x89;  /* ATA information */
1636 				arr[n++] = 0xb0;  /* Block limits */
1637 				arr[n++] = 0xb1;  /* Block characteristics */
1638 				if (is_disk)
1639 					arr[n++] = 0xb2;  /* LB Provisioning */
1640 				if (is_zbc)
1641 					arr[n++] = 0xb6;  /* ZB dev. char. */
1642 			}
1643 			arr[3] = n - 4;	  /* number of supported VPD pages */
1644 		} else if (0x80 == cmd[2]) { /* unit serial number */
1645 			arr[1] = cmd[2];	/*sanity */
1646 			arr[3] = len;
1647 			memcpy(&arr[4], lu_id_str, len);
1648 		} else if (0x83 == cmd[2]) { /* device identification */
1649 			arr[1] = cmd[2];	/*sanity */
1650 			arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1651 						target_dev_id, lu_id_num,
1652 						lu_id_str, len,
1653 						&devip->lu_name);
1654 		} else if (0x84 == cmd[2]) { /* Software interface ident. */
1655 			arr[1] = cmd[2];	/*sanity */
1656 			arr[3] = inquiry_vpd_84(&arr[4]);
1657 		} else if (0x85 == cmd[2]) { /* Management network addresses */
1658 			arr[1] = cmd[2];	/*sanity */
1659 			arr[3] = inquiry_vpd_85(&arr[4]);
1660 		} else if (0x86 == cmd[2]) { /* extended inquiry */
1661 			arr[1] = cmd[2];	/*sanity */
1662 			arr[3] = 0x3c;	/* number of following entries */
1663 			if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1664 				arr[4] = 0x4;	/* SPT: GRD_CHK:1 */
1665 			else if (have_dif_prot)
1666 				arr[4] = 0x5;   /* SPT: GRD_CHK:1, REF_CHK:1 */
1667 			else
1668 				arr[4] = 0x0;   /* no protection stuff */
1669 			arr[5] = 0x7;   /* head of q, ordered + simple q's */
1670 		} else if (0x87 == cmd[2]) { /* mode page policy */
1671 			arr[1] = cmd[2];	/*sanity */
1672 			arr[3] = 0x8;	/* number of following entries */
1673 			arr[4] = 0x2;	/* disconnect-reconnect mp */
1674 			arr[6] = 0x80;	/* mlus, shared */
1675 			arr[8] = 0x18;	 /* protocol specific lu */
1676 			arr[10] = 0x82;	 /* mlus, per initiator port */
1677 		} else if (0x88 == cmd[2]) { /* SCSI Ports */
1678 			arr[1] = cmd[2];	/*sanity */
1679 			arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1680 		} else if (is_disk_zbc && 0x89 == cmd[2]) { /* ATA info */
1681 			arr[1] = cmd[2];        /*sanity */
1682 			n = inquiry_vpd_89(&arr[4]);
1683 			put_unaligned_be16(n, arr + 2);
1684 		} else if (is_disk_zbc && 0xb0 == cmd[2]) { /* Block limits */
1685 			arr[1] = cmd[2];        /*sanity */
1686 			arr[3] = inquiry_vpd_b0(&arr[4]);
1687 		} else if (is_disk_zbc && 0xb1 == cmd[2]) { /* Block char. */
1688 			arr[1] = cmd[2];        /*sanity */
1689 			arr[3] = inquiry_vpd_b1(devip, &arr[4]);
1690 		} else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1691 			arr[1] = cmd[2];        /*sanity */
1692 			arr[3] = inquiry_vpd_b2(&arr[4]);
1693 		} else if (is_zbc && cmd[2] == 0xb6) { /* ZB dev. charact. */
1694 			arr[1] = cmd[2];        /*sanity */
1695 			arr[3] = inquiry_vpd_b6(devip, &arr[4]);
1696 		} else {
1697 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1698 			kfree(arr);
1699 			return check_condition_result;
1700 		}
1701 		len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
1702 		ret = fill_from_dev_buffer(scp, arr,
1703 			    min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
1704 		kfree(arr);
1705 		return ret;
1706 	}
1707 	/* drops through here for a standard inquiry */
1708 	arr[1] = sdebug_removable ? 0x80 : 0;	/* Removable disk */
1709 	arr[2] = sdebug_scsi_level;
1710 	arr[3] = 2;    /* response_data_format==2 */
1711 	arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1712 	arr[5] = (int)have_dif_prot;	/* PROTECT bit */
1713 	if (sdebug_vpd_use_hostno == 0)
1714 		arr[5] |= 0x10; /* claim: implicit TPGS */
1715 	arr[6] = 0x10; /* claim: MultiP */
1716 	/* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1717 	arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1718 	memcpy(&arr[8], sdebug_inq_vendor_id, 8);
1719 	memcpy(&arr[16], sdebug_inq_product_id, 16);
1720 	memcpy(&arr[32], sdebug_inq_product_rev, 4);
1721 	/* Use Vendor Specific area to place driver date in ASCII hex */
1722 	memcpy(&arr[36], sdebug_version_date, 8);
1723 	/* version descriptors (2 bytes each) follow */
1724 	put_unaligned_be16(0xc0, arr + 58);   /* SAM-6 no version claimed */
1725 	put_unaligned_be16(0x5c0, arr + 60);  /* SPC-5 no version claimed */
1726 	n = 62;
1727 	if (is_disk) {		/* SBC-4 no version claimed */
1728 		put_unaligned_be16(0x600, arr + n);
1729 		n += 2;
1730 	} else if (sdebug_ptype == TYPE_TAPE) {	/* SSC-4 rev 3 */
1731 		put_unaligned_be16(0x525, arr + n);
1732 		n += 2;
1733 	} else if (is_zbc) {	/* ZBC BSR INCITS 536 revision 05 */
1734 		put_unaligned_be16(0x624, arr + n);
1735 		n += 2;
1736 	}
1737 	put_unaligned_be16(0x2100, arr + n);	/* SPL-4 no version claimed */
1738 	ret = fill_from_dev_buffer(scp, arr,
1739 			    min_t(u32, alloc_len, SDEBUG_LONG_INQ_SZ));
1740 	kfree(arr);
1741 	return ret;
1742 }
1743 
1744 /* See resp_iec_m_pg() for how this data is manipulated */
1745 static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1746 				   0, 0, 0x0, 0x0};
1747 
1748 static int resp_requests(struct scsi_cmnd *scp,
1749 			 struct sdebug_dev_info *devip)
1750 {
1751 	unsigned char *cmd = scp->cmnd;
1752 	unsigned char arr[SCSI_SENSE_BUFFERSIZE];	/* assume >= 18 bytes */
1753 	bool dsense = !!(cmd[1] & 1);
1754 	u32 alloc_len = cmd[4];
1755 	u32 len = 18;
1756 	int stopped_state = atomic_read(&devip->stopped);
1757 
1758 	memset(arr, 0, sizeof(arr));
1759 	if (stopped_state > 0) {	/* some "pollable" data [spc6r02: 5.12.2] */
1760 		if (dsense) {
1761 			arr[0] = 0x72;
1762 			arr[1] = NOT_READY;
1763 			arr[2] = LOGICAL_UNIT_NOT_READY;
1764 			arr[3] = (stopped_state == 2) ? 0x1 : 0x2;
1765 			len = 8;
1766 		} else {
1767 			arr[0] = 0x70;
1768 			arr[2] = NOT_READY;		/* NO_SENSE in sense_key */
1769 			arr[7] = 0xa;			/* 18 byte sense buffer */
1770 			arr[12] = LOGICAL_UNIT_NOT_READY;
1771 			arr[13] = (stopped_state == 2) ? 0x1 : 0x2;
1772 		}
1773 	} else if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1774 		/* Information exceptions control mode page: TEST=1, MRIE=6 */
1775 		if (dsense) {
1776 			arr[0] = 0x72;
1777 			arr[1] = 0x0;		/* NO_SENSE in sense_key */
1778 			arr[2] = THRESHOLD_EXCEEDED;
1779 			arr[3] = 0xff;		/* Failure prediction(false) */
1780 			len = 8;
1781 		} else {
1782 			arr[0] = 0x70;
1783 			arr[2] = 0x0;		/* NO_SENSE in sense_key */
1784 			arr[7] = 0xa;   	/* 18 byte sense buffer */
1785 			arr[12] = THRESHOLD_EXCEEDED;
1786 			arr[13] = 0xff;		/* Failure prediction(false) */
1787 		}
1788 	} else {	/* nothing to report */
1789 		if (dsense) {
1790 			len = 8;
1791 			memset(arr, 0, len);
1792 			arr[0] = 0x72;
1793 		} else {
1794 			memset(arr, 0, len);
1795 			arr[0] = 0x70;
1796 			arr[7] = 0xa;
1797 		}
1798 	}
1799 	return fill_from_dev_buffer(scp, arr, min_t(u32, len, alloc_len));
1800 }
1801 
1802 static int resp_start_stop(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1803 {
1804 	unsigned char *cmd = scp->cmnd;
1805 	int power_cond, want_stop, stopped_state;
1806 	bool changing;
1807 
1808 	power_cond = (cmd[4] & 0xf0) >> 4;
1809 	if (power_cond) {
1810 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1811 		return check_condition_result;
1812 	}
1813 	want_stop = !(cmd[4] & 1);
1814 	stopped_state = atomic_read(&devip->stopped);
1815 	if (stopped_state == 2) {
1816 		ktime_t now_ts = ktime_get_boottime();
1817 
1818 		if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
1819 			u64 diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
1820 
1821 			if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
1822 				/* tur_ms_to_ready timer extinguished */
1823 				atomic_set(&devip->stopped, 0);
1824 				stopped_state = 0;
1825 			}
1826 		}
1827 		if (stopped_state == 2) {
1828 			if (want_stop) {
1829 				stopped_state = 1;	/* dummy up success */
1830 			} else {	/* Disallow tur_ms_to_ready delay to be overridden */
1831 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 0 /* START bit */);
1832 				return check_condition_result;
1833 			}
1834 		}
1835 	}
1836 	changing = (stopped_state != want_stop);
1837 	if (changing)
1838 		atomic_xchg(&devip->stopped, want_stop);
1839 	if (!changing || (cmd[1] & 0x1))  /* state unchanged or IMMED bit set in cdb */
1840 		return SDEG_RES_IMMED_MASK;
1841 	else
1842 		return 0;
1843 }
1844 
1845 static sector_t get_sdebug_capacity(void)
1846 {
1847 	static const unsigned int gibibyte = 1073741824;
1848 
1849 	if (sdebug_virtual_gb > 0)
1850 		return (sector_t)sdebug_virtual_gb *
1851 			(gibibyte / sdebug_sector_size);
1852 	else
1853 		return sdebug_store_sectors;
1854 }
1855 
1856 #define SDEBUG_READCAP_ARR_SZ 8
1857 static int resp_readcap(struct scsi_cmnd *scp,
1858 			struct sdebug_dev_info *devip)
1859 {
1860 	unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1861 	unsigned int capac;
1862 
1863 	/* following just in case virtual_gb changed */
1864 	sdebug_capacity = get_sdebug_capacity();
1865 	memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1866 	if (sdebug_capacity < 0xffffffff) {
1867 		capac = (unsigned int)sdebug_capacity - 1;
1868 		put_unaligned_be32(capac, arr + 0);
1869 	} else
1870 		put_unaligned_be32(0xffffffff, arr + 0);
1871 	put_unaligned_be16(sdebug_sector_size, arr + 6);
1872 	return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1873 }
1874 
1875 #define SDEBUG_READCAP16_ARR_SZ 32
1876 static int resp_readcap16(struct scsi_cmnd *scp,
1877 			  struct sdebug_dev_info *devip)
1878 {
1879 	unsigned char *cmd = scp->cmnd;
1880 	unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1881 	u32 alloc_len;
1882 
1883 	alloc_len = get_unaligned_be32(cmd + 10);
1884 	/* following just in case virtual_gb changed */
1885 	sdebug_capacity = get_sdebug_capacity();
1886 	memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1887 	put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1888 	put_unaligned_be32(sdebug_sector_size, arr + 8);
1889 	arr[13] = sdebug_physblk_exp & 0xf;
1890 	arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1891 
1892 	if (scsi_debug_lbp()) {
1893 		arr[14] |= 0x80; /* LBPME */
1894 		/* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1895 		 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1896 		 * in the wider field maps to 0 in this field.
1897 		 */
1898 		if (sdebug_lbprz & 1)	/* precisely what the draft requires */
1899 			arr[14] |= 0x40;
1900 	}
1901 
1902 	arr[15] = sdebug_lowest_aligned & 0xff;
1903 
1904 	if (have_dif_prot) {
1905 		arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1906 		arr[12] |= 1; /* PROT_EN */
1907 	}
1908 
1909 	return fill_from_dev_buffer(scp, arr,
1910 			    min_t(u32, alloc_len, SDEBUG_READCAP16_ARR_SZ));
1911 }
1912 
1913 #define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1914 
1915 static int resp_report_tgtpgs(struct scsi_cmnd *scp,
1916 			      struct sdebug_dev_info *devip)
1917 {
1918 	unsigned char *cmd = scp->cmnd;
1919 	unsigned char *arr;
1920 	int host_no = devip->sdbg_host->shost->host_no;
1921 	int port_group_a, port_group_b, port_a, port_b;
1922 	u32 alen, n, rlen;
1923 	int ret;
1924 
1925 	alen = get_unaligned_be32(cmd + 6);
1926 	arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1927 	if (! arr)
1928 		return DID_REQUEUE << 16;
1929 	/*
1930 	 * EVPD page 0x88 states we have two ports, one
1931 	 * real and a fake port with no device connected.
1932 	 * So we create two port groups with one port each
1933 	 * and set the group with port B to unavailable.
1934 	 */
1935 	port_a = 0x1; /* relative port A */
1936 	port_b = 0x2; /* relative port B */
1937 	port_group_a = (((host_no + 1) & 0x7f) << 8) +
1938 			(devip->channel & 0x7f);
1939 	port_group_b = (((host_no + 1) & 0x7f) << 8) +
1940 			(devip->channel & 0x7f) + 0x80;
1941 
1942 	/*
1943 	 * The asymmetric access state is cycled according to the host_id.
1944 	 */
1945 	n = 4;
1946 	if (sdebug_vpd_use_hostno == 0) {
1947 		arr[n++] = host_no % 3; /* Asymm access state */
1948 		arr[n++] = 0x0F; /* claim: all states are supported */
1949 	} else {
1950 		arr[n++] = 0x0; /* Active/Optimized path */
1951 		arr[n++] = 0x01; /* only support active/optimized paths */
1952 	}
1953 	put_unaligned_be16(port_group_a, arr + n);
1954 	n += 2;
1955 	arr[n++] = 0;    /* Reserved */
1956 	arr[n++] = 0;    /* Status code */
1957 	arr[n++] = 0;    /* Vendor unique */
1958 	arr[n++] = 0x1;  /* One port per group */
1959 	arr[n++] = 0;    /* Reserved */
1960 	arr[n++] = 0;    /* Reserved */
1961 	put_unaligned_be16(port_a, arr + n);
1962 	n += 2;
1963 	arr[n++] = 3;    /* Port unavailable */
1964 	arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1965 	put_unaligned_be16(port_group_b, arr + n);
1966 	n += 2;
1967 	arr[n++] = 0;    /* Reserved */
1968 	arr[n++] = 0;    /* Status code */
1969 	arr[n++] = 0;    /* Vendor unique */
1970 	arr[n++] = 0x1;  /* One port per group */
1971 	arr[n++] = 0;    /* Reserved */
1972 	arr[n++] = 0;    /* Reserved */
1973 	put_unaligned_be16(port_b, arr + n);
1974 	n += 2;
1975 
1976 	rlen = n - 4;
1977 	put_unaligned_be32(rlen, arr + 0);
1978 
1979 	/*
1980 	 * Return the smallest value of either
1981 	 * - The allocated length
1982 	 * - The constructed command length
1983 	 * - The maximum array size
1984 	 */
1985 	rlen = min(alen, n);
1986 	ret = fill_from_dev_buffer(scp, arr,
1987 			   min_t(u32, rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1988 	kfree(arr);
1989 	return ret;
1990 }
1991 
1992 static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1993 			     struct sdebug_dev_info *devip)
1994 {
1995 	bool rctd;
1996 	u8 reporting_opts, req_opcode, sdeb_i, supp;
1997 	u16 req_sa, u;
1998 	u32 alloc_len, a_len;
1999 	int k, offset, len, errsts, count, bump, na;
2000 	const struct opcode_info_t *oip;
2001 	const struct opcode_info_t *r_oip;
2002 	u8 *arr;
2003 	u8 *cmd = scp->cmnd;
2004 
2005 	rctd = !!(cmd[2] & 0x80);
2006 	reporting_opts = cmd[2] & 0x7;
2007 	req_opcode = cmd[3];
2008 	req_sa = get_unaligned_be16(cmd + 4);
2009 	alloc_len = get_unaligned_be32(cmd + 6);
2010 	if (alloc_len < 4 || alloc_len > 0xffff) {
2011 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2012 		return check_condition_result;
2013 	}
2014 	if (alloc_len > 8192)
2015 		a_len = 8192;
2016 	else
2017 		a_len = alloc_len;
2018 	arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
2019 	if (NULL == arr) {
2020 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
2021 				INSUFF_RES_ASCQ);
2022 		return check_condition_result;
2023 	}
2024 	switch (reporting_opts) {
2025 	case 0:	/* all commands */
2026 		/* count number of commands */
2027 		for (count = 0, oip = opcode_info_arr;
2028 		     oip->num_attached != 0xff; ++oip) {
2029 			if (F_INV_OP & oip->flags)
2030 				continue;
2031 			count += (oip->num_attached + 1);
2032 		}
2033 		bump = rctd ? 20 : 8;
2034 		put_unaligned_be32(count * bump, arr);
2035 		for (offset = 4, oip = opcode_info_arr;
2036 		     oip->num_attached != 0xff && offset < a_len; ++oip) {
2037 			if (F_INV_OP & oip->flags)
2038 				continue;
2039 			na = oip->num_attached;
2040 			arr[offset] = oip->opcode;
2041 			put_unaligned_be16(oip->sa, arr + offset + 2);
2042 			if (rctd)
2043 				arr[offset + 5] |= 0x2;
2044 			if (FF_SA & oip->flags)
2045 				arr[offset + 5] |= 0x1;
2046 			put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
2047 			if (rctd)
2048 				put_unaligned_be16(0xa, arr + offset + 8);
2049 			r_oip = oip;
2050 			for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
2051 				if (F_INV_OP & oip->flags)
2052 					continue;
2053 				offset += bump;
2054 				arr[offset] = oip->opcode;
2055 				put_unaligned_be16(oip->sa, arr + offset + 2);
2056 				if (rctd)
2057 					arr[offset + 5] |= 0x2;
2058 				if (FF_SA & oip->flags)
2059 					arr[offset + 5] |= 0x1;
2060 				put_unaligned_be16(oip->len_mask[0],
2061 						   arr + offset + 6);
2062 				if (rctd)
2063 					put_unaligned_be16(0xa,
2064 							   arr + offset + 8);
2065 			}
2066 			oip = r_oip;
2067 			offset += bump;
2068 		}
2069 		break;
2070 	case 1:	/* one command: opcode only */
2071 	case 2:	/* one command: opcode plus service action */
2072 	case 3:	/* one command: if sa==0 then opcode only else opcode+sa */
2073 		sdeb_i = opcode_ind_arr[req_opcode];
2074 		oip = &opcode_info_arr[sdeb_i];
2075 		if (F_INV_OP & oip->flags) {
2076 			supp = 1;
2077 			offset = 4;
2078 		} else {
2079 			if (1 == reporting_opts) {
2080 				if (FF_SA & oip->flags) {
2081 					mk_sense_invalid_fld(scp, SDEB_IN_CDB,
2082 							     2, 2);
2083 					kfree(arr);
2084 					return check_condition_result;
2085 				}
2086 				req_sa = 0;
2087 			} else if (2 == reporting_opts &&
2088 				   0 == (FF_SA & oip->flags)) {
2089 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
2090 				kfree(arr);	/* point at requested sa */
2091 				return check_condition_result;
2092 			}
2093 			if (0 == (FF_SA & oip->flags) &&
2094 			    req_opcode == oip->opcode)
2095 				supp = 3;
2096 			else if (0 == (FF_SA & oip->flags)) {
2097 				na = oip->num_attached;
2098 				for (k = 0, oip = oip->arrp; k < na;
2099 				     ++k, ++oip) {
2100 					if (req_opcode == oip->opcode)
2101 						break;
2102 				}
2103 				supp = (k >= na) ? 1 : 3;
2104 			} else if (req_sa != oip->sa) {
2105 				na = oip->num_attached;
2106 				for (k = 0, oip = oip->arrp; k < na;
2107 				     ++k, ++oip) {
2108 					if (req_sa == oip->sa)
2109 						break;
2110 				}
2111 				supp = (k >= na) ? 1 : 3;
2112 			} else
2113 				supp = 3;
2114 			if (3 == supp) {
2115 				u = oip->len_mask[0];
2116 				put_unaligned_be16(u, arr + 2);
2117 				arr[4] = oip->opcode;
2118 				for (k = 1; k < u; ++k)
2119 					arr[4 + k] = (k < 16) ?
2120 						 oip->len_mask[k] : 0xff;
2121 				offset = 4 + u;
2122 			} else
2123 				offset = 4;
2124 		}
2125 		arr[1] = (rctd ? 0x80 : 0) | supp;
2126 		if (rctd) {
2127 			put_unaligned_be16(0xa, arr + offset);
2128 			offset += 12;
2129 		}
2130 		break;
2131 	default:
2132 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
2133 		kfree(arr);
2134 		return check_condition_result;
2135 	}
2136 	offset = (offset < a_len) ? offset : a_len;
2137 	len = (offset < alloc_len) ? offset : alloc_len;
2138 	errsts = fill_from_dev_buffer(scp, arr, len);
2139 	kfree(arr);
2140 	return errsts;
2141 }
2142 
2143 static int resp_rsup_tmfs(struct scsi_cmnd *scp,
2144 			  struct sdebug_dev_info *devip)
2145 {
2146 	bool repd;
2147 	u32 alloc_len, len;
2148 	u8 arr[16];
2149 	u8 *cmd = scp->cmnd;
2150 
2151 	memset(arr, 0, sizeof(arr));
2152 	repd = !!(cmd[2] & 0x80);
2153 	alloc_len = get_unaligned_be32(cmd + 6);
2154 	if (alloc_len < 4) {
2155 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
2156 		return check_condition_result;
2157 	}
2158 	arr[0] = 0xc8;		/* ATS | ATSS | LURS */
2159 	arr[1] = 0x1;		/* ITNRS */
2160 	if (repd) {
2161 		arr[3] = 0xc;
2162 		len = 16;
2163 	} else
2164 		len = 4;
2165 
2166 	len = (len < alloc_len) ? len : alloc_len;
2167 	return fill_from_dev_buffer(scp, arr, len);
2168 }
2169 
2170 /* <<Following mode page info copied from ST318451LW>> */
2171 
2172 static int resp_err_recov_pg(unsigned char *p, int pcontrol, int target)
2173 {	/* Read-Write Error Recovery page for mode_sense */
2174 	unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
2175 					5, 0, 0xff, 0xff};
2176 
2177 	memcpy(p, err_recov_pg, sizeof(err_recov_pg));
2178 	if (1 == pcontrol)
2179 		memset(p + 2, 0, sizeof(err_recov_pg) - 2);
2180 	return sizeof(err_recov_pg);
2181 }
2182 
2183 static int resp_disconnect_pg(unsigned char *p, int pcontrol, int target)
2184 { 	/* Disconnect-Reconnect page for mode_sense */
2185 	unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
2186 					 0, 0, 0, 0, 0, 0, 0, 0};
2187 
2188 	memcpy(p, disconnect_pg, sizeof(disconnect_pg));
2189 	if (1 == pcontrol)
2190 		memset(p + 2, 0, sizeof(disconnect_pg) - 2);
2191 	return sizeof(disconnect_pg);
2192 }
2193 
2194 static int resp_format_pg(unsigned char *p, int pcontrol, int target)
2195 {       /* Format device page for mode_sense */
2196 	unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
2197 				     0, 0, 0, 0, 0, 0, 0, 0,
2198 				     0, 0, 0, 0, 0x40, 0, 0, 0};
2199 
2200 	memcpy(p, format_pg, sizeof(format_pg));
2201 	put_unaligned_be16(sdebug_sectors_per, p + 10);
2202 	put_unaligned_be16(sdebug_sector_size, p + 12);
2203 	if (sdebug_removable)
2204 		p[20] |= 0x20; /* should agree with INQUIRY */
2205 	if (1 == pcontrol)
2206 		memset(p + 2, 0, sizeof(format_pg) - 2);
2207 	return sizeof(format_pg);
2208 }
2209 
2210 static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2211 				     0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
2212 				     0, 0, 0, 0};
2213 
2214 static int resp_caching_pg(unsigned char *p, int pcontrol, int target)
2215 { 	/* Caching page for mode_sense */
2216 	unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
2217 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2218 	unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
2219 		0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,     0, 0, 0, 0};
2220 
2221 	if (SDEBUG_OPT_N_WCE & sdebug_opts)
2222 		caching_pg[2] &= ~0x4;	/* set WCE=0 (default WCE=1) */
2223 	memcpy(p, caching_pg, sizeof(caching_pg));
2224 	if (1 == pcontrol)
2225 		memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
2226 	else if (2 == pcontrol)
2227 		memcpy(p, d_caching_pg, sizeof(d_caching_pg));
2228 	return sizeof(caching_pg);
2229 }
2230 
2231 static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2232 				    0, 0, 0x2, 0x4b};
2233 
2234 static int resp_ctrl_m_pg(unsigned char *p, int pcontrol, int target)
2235 { 	/* Control mode page for mode_sense */
2236 	unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
2237 					0, 0, 0, 0};
2238 	unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
2239 				     0, 0, 0x2, 0x4b};
2240 
2241 	if (sdebug_dsense)
2242 		ctrl_m_pg[2] |= 0x4;
2243 	else
2244 		ctrl_m_pg[2] &= ~0x4;
2245 
2246 	if (sdebug_ato)
2247 		ctrl_m_pg[5] |= 0x80; /* ATO=1 */
2248 
2249 	memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
2250 	if (1 == pcontrol)
2251 		memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
2252 	else if (2 == pcontrol)
2253 		memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
2254 	return sizeof(ctrl_m_pg);
2255 }
2256 
2257 
2258 static int resp_iec_m_pg(unsigned char *p, int pcontrol, int target)
2259 {	/* Informational Exceptions control mode page for mode_sense */
2260 	unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
2261 				       0, 0, 0x0, 0x0};
2262 	unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
2263 				      0, 0, 0x0, 0x0};
2264 
2265 	memcpy(p, iec_m_pg, sizeof(iec_m_pg));
2266 	if (1 == pcontrol)
2267 		memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
2268 	else if (2 == pcontrol)
2269 		memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
2270 	return sizeof(iec_m_pg);
2271 }
2272 
2273 static int resp_sas_sf_m_pg(unsigned char *p, int pcontrol, int target)
2274 {	/* SAS SSP mode page - short format for mode_sense */
2275 	unsigned char sas_sf_m_pg[] = {0x19, 0x6,
2276 		0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
2277 
2278 	memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
2279 	if (1 == pcontrol)
2280 		memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
2281 	return sizeof(sas_sf_m_pg);
2282 }
2283 
2284 
2285 static int resp_sas_pcd_m_spg(unsigned char *p, int pcontrol, int target,
2286 			      int target_dev_id)
2287 {	/* SAS phy control and discover mode page for mode_sense */
2288 	unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
2289 		    0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
2290 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2291 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2292 		    0x2, 0, 0, 0, 0, 0, 0, 0,
2293 		    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2294 		    0, 0, 0, 0, 0, 0, 0, 0,
2295 		    0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
2296 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2297 		    0, 0, 0, 0, 0, 0, 0, 0,	/* insert SAS addr */
2298 		    0x3, 0, 0, 0, 0, 0, 0, 0,
2299 		    0x88, 0x99, 0, 0, 0, 0, 0, 0,
2300 		    0, 0, 0, 0, 0, 0, 0, 0,
2301 		};
2302 	int port_a, port_b;
2303 
2304 	put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
2305 	put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
2306 	put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
2307 	put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
2308 	port_a = target_dev_id + 1;
2309 	port_b = port_a + 1;
2310 	memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
2311 	put_unaligned_be32(port_a, p + 20);
2312 	put_unaligned_be32(port_b, p + 48 + 20);
2313 	if (1 == pcontrol)
2314 		memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
2315 	return sizeof(sas_pcd_m_pg);
2316 }
2317 
2318 static int resp_sas_sha_m_spg(unsigned char *p, int pcontrol)
2319 {	/* SAS SSP shared protocol specific port mode subpage */
2320 	unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
2321 		    0, 0, 0, 0, 0, 0, 0, 0,
2322 		};
2323 
2324 	memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
2325 	if (1 == pcontrol)
2326 		memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
2327 	return sizeof(sas_sha_m_pg);
2328 }
2329 
2330 #define SDEBUG_MAX_MSENSE_SZ 256
2331 
2332 static int resp_mode_sense(struct scsi_cmnd *scp,
2333 			   struct sdebug_dev_info *devip)
2334 {
2335 	int pcontrol, pcode, subpcode, bd_len;
2336 	unsigned char dev_spec;
2337 	u32 alloc_len, offset, len;
2338 	int target_dev_id;
2339 	int target = scp->device->id;
2340 	unsigned char *ap;
2341 	unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2342 	unsigned char *cmd = scp->cmnd;
2343 	bool dbd, llbaa, msense_6, is_disk, is_zbc, bad_pcode;
2344 
2345 	dbd = !!(cmd[1] & 0x8);		/* disable block descriptors */
2346 	pcontrol = (cmd[2] & 0xc0) >> 6;
2347 	pcode = cmd[2] & 0x3f;
2348 	subpcode = cmd[3];
2349 	msense_6 = (MODE_SENSE == cmd[0]);
2350 	llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2351 	is_disk = (sdebug_ptype == TYPE_DISK);
2352 	is_zbc = (devip->zmodel != BLK_ZONED_NONE);
2353 	if ((is_disk || is_zbc) && !dbd)
2354 		bd_len = llbaa ? 16 : 8;
2355 	else
2356 		bd_len = 0;
2357 	alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2358 	memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2359 	if (0x3 == pcontrol) {  /* Saving values not supported */
2360 		mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2361 		return check_condition_result;
2362 	}
2363 	target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2364 			(devip->target * 1000) - 3;
2365 	/* for disks+zbc set DPOFUA bit and clear write protect (WP) bit */
2366 	if (is_disk || is_zbc) {
2367 		dev_spec = 0x10;	/* =0x90 if WP=1 implies read-only */
2368 		if (sdebug_wp)
2369 			dev_spec |= 0x80;
2370 	} else
2371 		dev_spec = 0x0;
2372 	if (msense_6) {
2373 		arr[2] = dev_spec;
2374 		arr[3] = bd_len;
2375 		offset = 4;
2376 	} else {
2377 		arr[3] = dev_spec;
2378 		if (16 == bd_len)
2379 			arr[4] = 0x1;	/* set LONGLBA bit */
2380 		arr[7] = bd_len;	/* assume 255 or less */
2381 		offset = 8;
2382 	}
2383 	ap = arr + offset;
2384 	if ((bd_len > 0) && (!sdebug_capacity))
2385 		sdebug_capacity = get_sdebug_capacity();
2386 
2387 	if (8 == bd_len) {
2388 		if (sdebug_capacity > 0xfffffffe)
2389 			put_unaligned_be32(0xffffffff, ap + 0);
2390 		else
2391 			put_unaligned_be32(sdebug_capacity, ap + 0);
2392 		put_unaligned_be16(sdebug_sector_size, ap + 6);
2393 		offset += bd_len;
2394 		ap = arr + offset;
2395 	} else if (16 == bd_len) {
2396 		put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2397 		put_unaligned_be32(sdebug_sector_size, ap + 12);
2398 		offset += bd_len;
2399 		ap = arr + offset;
2400 	}
2401 
2402 	if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2403 		/* TODO: Control Extension page */
2404 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2405 		return check_condition_result;
2406 	}
2407 	bad_pcode = false;
2408 
2409 	switch (pcode) {
2410 	case 0x1:	/* Read-Write error recovery page, direct access */
2411 		len = resp_err_recov_pg(ap, pcontrol, target);
2412 		offset += len;
2413 		break;
2414 	case 0x2:	/* Disconnect-Reconnect page, all devices */
2415 		len = resp_disconnect_pg(ap, pcontrol, target);
2416 		offset += len;
2417 		break;
2418 	case 0x3:       /* Format device page, direct access */
2419 		if (is_disk) {
2420 			len = resp_format_pg(ap, pcontrol, target);
2421 			offset += len;
2422 		} else
2423 			bad_pcode = true;
2424 		break;
2425 	case 0x8:	/* Caching page, direct access */
2426 		if (is_disk || is_zbc) {
2427 			len = resp_caching_pg(ap, pcontrol, target);
2428 			offset += len;
2429 		} else
2430 			bad_pcode = true;
2431 		break;
2432 	case 0xa:	/* Control Mode page, all devices */
2433 		len = resp_ctrl_m_pg(ap, pcontrol, target);
2434 		offset += len;
2435 		break;
2436 	case 0x19:	/* if spc==1 then sas phy, control+discover */
2437 		if ((subpcode > 0x2) && (subpcode < 0xff)) {
2438 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2439 			return check_condition_result;
2440 		}
2441 		len = 0;
2442 		if ((0x0 == subpcode) || (0xff == subpcode))
2443 			len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2444 		if ((0x1 == subpcode) || (0xff == subpcode))
2445 			len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2446 						  target_dev_id);
2447 		if ((0x2 == subpcode) || (0xff == subpcode))
2448 			len += resp_sas_sha_m_spg(ap + len, pcontrol);
2449 		offset += len;
2450 		break;
2451 	case 0x1c:	/* Informational Exceptions Mode page, all devices */
2452 		len = resp_iec_m_pg(ap, pcontrol, target);
2453 		offset += len;
2454 		break;
2455 	case 0x3f:	/* Read all Mode pages */
2456 		if ((0 == subpcode) || (0xff == subpcode)) {
2457 			len = resp_err_recov_pg(ap, pcontrol, target);
2458 			len += resp_disconnect_pg(ap + len, pcontrol, target);
2459 			if (is_disk) {
2460 				len += resp_format_pg(ap + len, pcontrol,
2461 						      target);
2462 				len += resp_caching_pg(ap + len, pcontrol,
2463 						       target);
2464 			} else if (is_zbc) {
2465 				len += resp_caching_pg(ap + len, pcontrol,
2466 						       target);
2467 			}
2468 			len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2469 			len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2470 			if (0xff == subpcode) {
2471 				len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2472 						  target, target_dev_id);
2473 				len += resp_sas_sha_m_spg(ap + len, pcontrol);
2474 			}
2475 			len += resp_iec_m_pg(ap + len, pcontrol, target);
2476 			offset += len;
2477 		} else {
2478 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2479 			return check_condition_result;
2480 		}
2481 		break;
2482 	default:
2483 		bad_pcode = true;
2484 		break;
2485 	}
2486 	if (bad_pcode) {
2487 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2488 		return check_condition_result;
2489 	}
2490 	if (msense_6)
2491 		arr[0] = offset - 1;
2492 	else
2493 		put_unaligned_be16((offset - 2), arr + 0);
2494 	return fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, offset));
2495 }
2496 
2497 #define SDEBUG_MAX_MSELECT_SZ 512
2498 
2499 static int resp_mode_select(struct scsi_cmnd *scp,
2500 			    struct sdebug_dev_info *devip)
2501 {
2502 	int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2503 	int param_len, res, mpage;
2504 	unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2505 	unsigned char *cmd = scp->cmnd;
2506 	int mselect6 = (MODE_SELECT == cmd[0]);
2507 
2508 	memset(arr, 0, sizeof(arr));
2509 	pf = cmd[1] & 0x10;
2510 	sp = cmd[1] & 0x1;
2511 	param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2512 	if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2513 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2514 		return check_condition_result;
2515 	}
2516 	res = fetch_to_dev_buffer(scp, arr, param_len);
2517 	if (-1 == res)
2518 		return DID_ERROR << 16;
2519 	else if (sdebug_verbose && (res < param_len))
2520 		sdev_printk(KERN_INFO, scp->device,
2521 			    "%s: cdb indicated=%d, IO sent=%d bytes\n",
2522 			    __func__, param_len, res);
2523 	md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2524 	bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2525 	off = bd_len + (mselect6 ? 4 : 8);
2526 	if (md_len > 2 || off >= res) {
2527 		mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2528 		return check_condition_result;
2529 	}
2530 	mpage = arr[off] & 0x3f;
2531 	ps = !!(arr[off] & 0x80);
2532 	if (ps) {
2533 		mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2534 		return check_condition_result;
2535 	}
2536 	spf = !!(arr[off] & 0x40);
2537 	pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2538 		       (arr[off + 1] + 2);
2539 	if ((pg_len + off) > param_len) {
2540 		mk_sense_buffer(scp, ILLEGAL_REQUEST,
2541 				PARAMETER_LIST_LENGTH_ERR, 0);
2542 		return check_condition_result;
2543 	}
2544 	switch (mpage) {
2545 	case 0x8:      /* Caching Mode page */
2546 		if (caching_pg[1] == arr[off + 1]) {
2547 			memcpy(caching_pg + 2, arr + off + 2,
2548 			       sizeof(caching_pg) - 2);
2549 			goto set_mode_changed_ua;
2550 		}
2551 		break;
2552 	case 0xa:      /* Control Mode page */
2553 		if (ctrl_m_pg[1] == arr[off + 1]) {
2554 			memcpy(ctrl_m_pg + 2, arr + off + 2,
2555 			       sizeof(ctrl_m_pg) - 2);
2556 			if (ctrl_m_pg[4] & 0x8)
2557 				sdebug_wp = true;
2558 			else
2559 				sdebug_wp = false;
2560 			sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2561 			goto set_mode_changed_ua;
2562 		}
2563 		break;
2564 	case 0x1c:      /* Informational Exceptions Mode page */
2565 		if (iec_m_pg[1] == arr[off + 1]) {
2566 			memcpy(iec_m_pg + 2, arr + off + 2,
2567 			       sizeof(iec_m_pg) - 2);
2568 			goto set_mode_changed_ua;
2569 		}
2570 		break;
2571 	default:
2572 		break;
2573 	}
2574 	mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2575 	return check_condition_result;
2576 set_mode_changed_ua:
2577 	set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2578 	return 0;
2579 }
2580 
2581 static int resp_temp_l_pg(unsigned char *arr)
2582 {
2583 	unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2584 				     0x0, 0x1, 0x3, 0x2, 0x0, 65,
2585 		};
2586 
2587 	memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2588 	return sizeof(temp_l_pg);
2589 }
2590 
2591 static int resp_ie_l_pg(unsigned char *arr)
2592 {
2593 	unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2594 		};
2595 
2596 	memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2597 	if (iec_m_pg[2] & 0x4) {	/* TEST bit set */
2598 		arr[4] = THRESHOLD_EXCEEDED;
2599 		arr[5] = 0xff;
2600 	}
2601 	return sizeof(ie_l_pg);
2602 }
2603 
2604 static int resp_env_rep_l_spg(unsigned char *arr)
2605 {
2606 	unsigned char env_rep_l_spg[] = {0x0, 0x0, 0x23, 0x8,
2607 					 0x0, 40, 72, 0xff, 45, 18, 0, 0,
2608 					 0x1, 0x0, 0x23, 0x8,
2609 					 0x0, 55, 72, 35, 55, 45, 0, 0,
2610 		};
2611 
2612 	memcpy(arr, env_rep_l_spg, sizeof(env_rep_l_spg));
2613 	return sizeof(env_rep_l_spg);
2614 }
2615 
2616 #define SDEBUG_MAX_LSENSE_SZ 512
2617 
2618 static int resp_log_sense(struct scsi_cmnd *scp,
2619 			  struct sdebug_dev_info *devip)
2620 {
2621 	int ppc, sp, pcode, subpcode;
2622 	u32 alloc_len, len, n;
2623 	unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2624 	unsigned char *cmd = scp->cmnd;
2625 
2626 	memset(arr, 0, sizeof(arr));
2627 	ppc = cmd[1] & 0x2;
2628 	sp = cmd[1] & 0x1;
2629 	if (ppc || sp) {
2630 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2631 		return check_condition_result;
2632 	}
2633 	pcode = cmd[2] & 0x3f;
2634 	subpcode = cmd[3] & 0xff;
2635 	alloc_len = get_unaligned_be16(cmd + 7);
2636 	arr[0] = pcode;
2637 	if (0 == subpcode) {
2638 		switch (pcode) {
2639 		case 0x0:	/* Supported log pages log page */
2640 			n = 4;
2641 			arr[n++] = 0x0;		/* this page */
2642 			arr[n++] = 0xd;		/* Temperature */
2643 			arr[n++] = 0x2f;	/* Informational exceptions */
2644 			arr[3] = n - 4;
2645 			break;
2646 		case 0xd:	/* Temperature log page */
2647 			arr[3] = resp_temp_l_pg(arr + 4);
2648 			break;
2649 		case 0x2f:	/* Informational exceptions log page */
2650 			arr[3] = resp_ie_l_pg(arr + 4);
2651 			break;
2652 		default:
2653 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2654 			return check_condition_result;
2655 		}
2656 	} else if (0xff == subpcode) {
2657 		arr[0] |= 0x40;
2658 		arr[1] = subpcode;
2659 		switch (pcode) {
2660 		case 0x0:	/* Supported log pages and subpages log page */
2661 			n = 4;
2662 			arr[n++] = 0x0;
2663 			arr[n++] = 0x0;		/* 0,0 page */
2664 			arr[n++] = 0x0;
2665 			arr[n++] = 0xff;	/* this page */
2666 			arr[n++] = 0xd;
2667 			arr[n++] = 0x0;		/* Temperature */
2668 			arr[n++] = 0xd;
2669 			arr[n++] = 0x1;		/* Environment reporting */
2670 			arr[n++] = 0xd;
2671 			arr[n++] = 0xff;	/* all 0xd subpages */
2672 			arr[n++] = 0x2f;
2673 			arr[n++] = 0x0;	/* Informational exceptions */
2674 			arr[n++] = 0x2f;
2675 			arr[n++] = 0xff;	/* all 0x2f subpages */
2676 			arr[3] = n - 4;
2677 			break;
2678 		case 0xd:	/* Temperature subpages */
2679 			n = 4;
2680 			arr[n++] = 0xd;
2681 			arr[n++] = 0x0;		/* Temperature */
2682 			arr[n++] = 0xd;
2683 			arr[n++] = 0x1;		/* Environment reporting */
2684 			arr[n++] = 0xd;
2685 			arr[n++] = 0xff;	/* these subpages */
2686 			arr[3] = n - 4;
2687 			break;
2688 		case 0x2f:	/* Informational exceptions subpages */
2689 			n = 4;
2690 			arr[n++] = 0x2f;
2691 			arr[n++] = 0x0;		/* Informational exceptions */
2692 			arr[n++] = 0x2f;
2693 			arr[n++] = 0xff;	/* these subpages */
2694 			arr[3] = n - 4;
2695 			break;
2696 		default:
2697 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2698 			return check_condition_result;
2699 		}
2700 	} else if (subpcode > 0) {
2701 		arr[0] |= 0x40;
2702 		arr[1] = subpcode;
2703 		if (pcode == 0xd && subpcode == 1)
2704 			arr[3] = resp_env_rep_l_spg(arr + 4);
2705 		else {
2706 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2707 			return check_condition_result;
2708 		}
2709 	} else {
2710 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2711 		return check_condition_result;
2712 	}
2713 	len = min_t(u32, get_unaligned_be16(arr + 2) + 4, alloc_len);
2714 	return fill_from_dev_buffer(scp, arr,
2715 		    min_t(u32, len, SDEBUG_MAX_INQ_ARR_SZ));
2716 }
2717 
2718 static inline bool sdebug_dev_is_zoned(struct sdebug_dev_info *devip)
2719 {
2720 	return devip->nr_zones != 0;
2721 }
2722 
2723 static struct sdeb_zone_state *zbc_zone(struct sdebug_dev_info *devip,
2724 					unsigned long long lba)
2725 {
2726 	u32 zno = lba >> devip->zsize_shift;
2727 	struct sdeb_zone_state *zsp;
2728 
2729 	if (devip->zcap == devip->zsize || zno < devip->nr_conv_zones)
2730 		return &devip->zstate[zno];
2731 
2732 	/*
2733 	 * If the zone capacity is less than the zone size, adjust for gap
2734 	 * zones.
2735 	 */
2736 	zno = 2 * zno - devip->nr_conv_zones;
2737 	WARN_ONCE(zno >= devip->nr_zones, "%u > %u\n", zno, devip->nr_zones);
2738 	zsp = &devip->zstate[zno];
2739 	if (lba >= zsp->z_start + zsp->z_size)
2740 		zsp++;
2741 	WARN_ON_ONCE(lba >= zsp->z_start + zsp->z_size);
2742 	return zsp;
2743 }
2744 
2745 static inline bool zbc_zone_is_conv(struct sdeb_zone_state *zsp)
2746 {
2747 	return zsp->z_type == ZBC_ZTYPE_CNV;
2748 }
2749 
2750 static inline bool zbc_zone_is_gap(struct sdeb_zone_state *zsp)
2751 {
2752 	return zsp->z_type == ZBC_ZTYPE_GAP;
2753 }
2754 
2755 static inline bool zbc_zone_is_seq(struct sdeb_zone_state *zsp)
2756 {
2757 	return !zbc_zone_is_conv(zsp) && !zbc_zone_is_gap(zsp);
2758 }
2759 
2760 static void zbc_close_zone(struct sdebug_dev_info *devip,
2761 			   struct sdeb_zone_state *zsp)
2762 {
2763 	enum sdebug_z_cond zc;
2764 
2765 	if (!zbc_zone_is_seq(zsp))
2766 		return;
2767 
2768 	zc = zsp->z_cond;
2769 	if (!(zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN))
2770 		return;
2771 
2772 	if (zc == ZC2_IMPLICIT_OPEN)
2773 		devip->nr_imp_open--;
2774 	else
2775 		devip->nr_exp_open--;
2776 
2777 	if (zsp->z_wp == zsp->z_start) {
2778 		zsp->z_cond = ZC1_EMPTY;
2779 	} else {
2780 		zsp->z_cond = ZC4_CLOSED;
2781 		devip->nr_closed++;
2782 	}
2783 }
2784 
2785 static void zbc_close_imp_open_zone(struct sdebug_dev_info *devip)
2786 {
2787 	struct sdeb_zone_state *zsp = &devip->zstate[0];
2788 	unsigned int i;
2789 
2790 	for (i = 0; i < devip->nr_zones; i++, zsp++) {
2791 		if (zsp->z_cond == ZC2_IMPLICIT_OPEN) {
2792 			zbc_close_zone(devip, zsp);
2793 			return;
2794 		}
2795 	}
2796 }
2797 
2798 static void zbc_open_zone(struct sdebug_dev_info *devip,
2799 			  struct sdeb_zone_state *zsp, bool explicit)
2800 {
2801 	enum sdebug_z_cond zc;
2802 
2803 	if (!zbc_zone_is_seq(zsp))
2804 		return;
2805 
2806 	zc = zsp->z_cond;
2807 	if ((explicit && zc == ZC3_EXPLICIT_OPEN) ||
2808 	    (!explicit && zc == ZC2_IMPLICIT_OPEN))
2809 		return;
2810 
2811 	/* Close an implicit open zone if necessary */
2812 	if (explicit && zsp->z_cond == ZC2_IMPLICIT_OPEN)
2813 		zbc_close_zone(devip, zsp);
2814 	else if (devip->max_open &&
2815 		 devip->nr_imp_open + devip->nr_exp_open >= devip->max_open)
2816 		zbc_close_imp_open_zone(devip);
2817 
2818 	if (zsp->z_cond == ZC4_CLOSED)
2819 		devip->nr_closed--;
2820 	if (explicit) {
2821 		zsp->z_cond = ZC3_EXPLICIT_OPEN;
2822 		devip->nr_exp_open++;
2823 	} else {
2824 		zsp->z_cond = ZC2_IMPLICIT_OPEN;
2825 		devip->nr_imp_open++;
2826 	}
2827 }
2828 
2829 static inline void zbc_set_zone_full(struct sdebug_dev_info *devip,
2830 				     struct sdeb_zone_state *zsp)
2831 {
2832 	switch (zsp->z_cond) {
2833 	case ZC2_IMPLICIT_OPEN:
2834 		devip->nr_imp_open--;
2835 		break;
2836 	case ZC3_EXPLICIT_OPEN:
2837 		devip->nr_exp_open--;
2838 		break;
2839 	default:
2840 		WARN_ONCE(true, "Invalid zone %llu condition %x\n",
2841 			  zsp->z_start, zsp->z_cond);
2842 		break;
2843 	}
2844 	zsp->z_cond = ZC5_FULL;
2845 }
2846 
2847 static void zbc_inc_wp(struct sdebug_dev_info *devip,
2848 		       unsigned long long lba, unsigned int num)
2849 {
2850 	struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2851 	unsigned long long n, end, zend = zsp->z_start + zsp->z_size;
2852 
2853 	if (!zbc_zone_is_seq(zsp))
2854 		return;
2855 
2856 	if (zsp->z_type == ZBC_ZTYPE_SWR) {
2857 		zsp->z_wp += num;
2858 		if (zsp->z_wp >= zend)
2859 			zbc_set_zone_full(devip, zsp);
2860 		return;
2861 	}
2862 
2863 	while (num) {
2864 		if (lba != zsp->z_wp)
2865 			zsp->z_non_seq_resource = true;
2866 
2867 		end = lba + num;
2868 		if (end >= zend) {
2869 			n = zend - lba;
2870 			zsp->z_wp = zend;
2871 		} else if (end > zsp->z_wp) {
2872 			n = num;
2873 			zsp->z_wp = end;
2874 		} else {
2875 			n = num;
2876 		}
2877 		if (zsp->z_wp >= zend)
2878 			zbc_set_zone_full(devip, zsp);
2879 
2880 		num -= n;
2881 		lba += n;
2882 		if (num) {
2883 			zsp++;
2884 			zend = zsp->z_start + zsp->z_size;
2885 		}
2886 	}
2887 }
2888 
2889 static int check_zbc_access_params(struct scsi_cmnd *scp,
2890 			unsigned long long lba, unsigned int num, bool write)
2891 {
2892 	struct scsi_device *sdp = scp->device;
2893 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2894 	struct sdeb_zone_state *zsp = zbc_zone(devip, lba);
2895 	struct sdeb_zone_state *zsp_end = zbc_zone(devip, lba + num - 1);
2896 
2897 	if (!write) {
2898 		if (devip->zmodel == BLK_ZONED_HA)
2899 			return 0;
2900 		/* For host-managed, reads cannot cross zone types boundaries */
2901 		if (zsp->z_type != zsp_end->z_type) {
2902 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
2903 					LBA_OUT_OF_RANGE,
2904 					READ_INVDATA_ASCQ);
2905 			return check_condition_result;
2906 		}
2907 		return 0;
2908 	}
2909 
2910 	/* Writing into a gap zone is not allowed */
2911 	if (zbc_zone_is_gap(zsp)) {
2912 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE,
2913 				ATTEMPT_ACCESS_GAP);
2914 		return check_condition_result;
2915 	}
2916 
2917 	/* No restrictions for writes within conventional zones */
2918 	if (zbc_zone_is_conv(zsp)) {
2919 		if (!zbc_zone_is_conv(zsp_end)) {
2920 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
2921 					LBA_OUT_OF_RANGE,
2922 					WRITE_BOUNDARY_ASCQ);
2923 			return check_condition_result;
2924 		}
2925 		return 0;
2926 	}
2927 
2928 	if (zsp->z_type == ZBC_ZTYPE_SWR) {
2929 		/* Writes cannot cross sequential zone boundaries */
2930 		if (zsp_end != zsp) {
2931 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
2932 					LBA_OUT_OF_RANGE,
2933 					WRITE_BOUNDARY_ASCQ);
2934 			return check_condition_result;
2935 		}
2936 		/* Cannot write full zones */
2937 		if (zsp->z_cond == ZC5_FULL) {
2938 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
2939 					INVALID_FIELD_IN_CDB, 0);
2940 			return check_condition_result;
2941 		}
2942 		/* Writes must be aligned to the zone WP */
2943 		if (lba != zsp->z_wp) {
2944 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
2945 					LBA_OUT_OF_RANGE,
2946 					UNALIGNED_WRITE_ASCQ);
2947 			return check_condition_result;
2948 		}
2949 	}
2950 
2951 	/* Handle implicit open of closed and empty zones */
2952 	if (zsp->z_cond == ZC1_EMPTY || zsp->z_cond == ZC4_CLOSED) {
2953 		if (devip->max_open &&
2954 		    devip->nr_exp_open >= devip->max_open) {
2955 			mk_sense_buffer(scp, DATA_PROTECT,
2956 					INSUFF_RES_ASC,
2957 					INSUFF_ZONE_ASCQ);
2958 			return check_condition_result;
2959 		}
2960 		zbc_open_zone(devip, zsp, false);
2961 	}
2962 
2963 	return 0;
2964 }
2965 
2966 static inline int check_device_access_params
2967 			(struct scsi_cmnd *scp, unsigned long long lba,
2968 			 unsigned int num, bool write)
2969 {
2970 	struct scsi_device *sdp = scp->device;
2971 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
2972 
2973 	if (lba + num > sdebug_capacity) {
2974 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2975 		return check_condition_result;
2976 	}
2977 	/* transfer length excessive (tie in to block limits VPD page) */
2978 	if (num > sdebug_store_sectors) {
2979 		/* needs work to find which cdb byte 'num' comes from */
2980 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2981 		return check_condition_result;
2982 	}
2983 	if (write && unlikely(sdebug_wp)) {
2984 		mk_sense_buffer(scp, DATA_PROTECT, WRITE_PROTECTED, 0x2);
2985 		return check_condition_result;
2986 	}
2987 	if (sdebug_dev_is_zoned(devip))
2988 		return check_zbc_access_params(scp, lba, num, write);
2989 
2990 	return 0;
2991 }
2992 
2993 /*
2994  * Note: if BUG_ON() fires it usually indicates a problem with the parser
2995  * tables. Perhaps a missing F_FAKE_RW or FF_MEDIA_IO flag. Response functions
2996  * that access any of the "stores" in struct sdeb_store_info should call this
2997  * function with bug_if_fake_rw set to true.
2998  */
2999 static inline struct sdeb_store_info *devip2sip(struct sdebug_dev_info *devip,
3000 						bool bug_if_fake_rw)
3001 {
3002 	if (sdebug_fake_rw) {
3003 		BUG_ON(bug_if_fake_rw);	/* See note above */
3004 		return NULL;
3005 	}
3006 	return xa_load(per_store_ap, devip->sdbg_host->si_idx);
3007 }
3008 
3009 /* Returns number of bytes copied or -1 if error. */
3010 static int do_device_access(struct sdeb_store_info *sip, struct scsi_cmnd *scp,
3011 			    u32 sg_skip, u64 lba, u32 num, bool do_write)
3012 {
3013 	int ret;
3014 	u64 block, rest = 0;
3015 	enum dma_data_direction dir;
3016 	struct scsi_data_buffer *sdb = &scp->sdb;
3017 	u8 *fsp;
3018 
3019 	if (do_write) {
3020 		dir = DMA_TO_DEVICE;
3021 		write_since_sync = true;
3022 	} else {
3023 		dir = DMA_FROM_DEVICE;
3024 	}
3025 
3026 	if (!sdb->length || !sip)
3027 		return 0;
3028 	if (scp->sc_data_direction != dir)
3029 		return -1;
3030 	fsp = sip->storep;
3031 
3032 	block = do_div(lba, sdebug_store_sectors);
3033 	if (block + num > sdebug_store_sectors)
3034 		rest = block + num - sdebug_store_sectors;
3035 
3036 	ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
3037 		   fsp + (block * sdebug_sector_size),
3038 		   (num - rest) * sdebug_sector_size, sg_skip, do_write);
3039 	if (ret != (num - rest) * sdebug_sector_size)
3040 		return ret;
3041 
3042 	if (rest) {
3043 		ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
3044 			    fsp, rest * sdebug_sector_size,
3045 			    sg_skip + ((num - rest) * sdebug_sector_size),
3046 			    do_write);
3047 	}
3048 
3049 	return ret;
3050 }
3051 
3052 /* Returns number of bytes copied or -1 if error. */
3053 static int do_dout_fetch(struct scsi_cmnd *scp, u32 num, u8 *doutp)
3054 {
3055 	struct scsi_data_buffer *sdb = &scp->sdb;
3056 
3057 	if (!sdb->length)
3058 		return 0;
3059 	if (scp->sc_data_direction != DMA_TO_DEVICE)
3060 		return -1;
3061 	return sg_copy_buffer(sdb->table.sgl, sdb->table.nents, doutp,
3062 			      num * sdebug_sector_size, 0, true);
3063 }
3064 
3065 /* If sip->storep+lba compares equal to arr(num), then copy top half of
3066  * arr into sip->storep+lba and return true. If comparison fails then
3067  * return false. */
3068 static bool comp_write_worker(struct sdeb_store_info *sip, u64 lba, u32 num,
3069 			      const u8 *arr, bool compare_only)
3070 {
3071 	bool res;
3072 	u64 block, rest = 0;
3073 	u32 store_blks = sdebug_store_sectors;
3074 	u32 lb_size = sdebug_sector_size;
3075 	u8 *fsp = sip->storep;
3076 
3077 	block = do_div(lba, store_blks);
3078 	if (block + num > store_blks)
3079 		rest = block + num - store_blks;
3080 
3081 	res = !memcmp(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3082 	if (!res)
3083 		return res;
3084 	if (rest)
3085 		res = memcmp(fsp, arr + ((num - rest) * lb_size),
3086 			     rest * lb_size);
3087 	if (!res)
3088 		return res;
3089 	if (compare_only)
3090 		return true;
3091 	arr += num * lb_size;
3092 	memcpy(fsp + (block * lb_size), arr, (num - rest) * lb_size);
3093 	if (rest)
3094 		memcpy(fsp, arr + ((num - rest) * lb_size), rest * lb_size);
3095 	return res;
3096 }
3097 
3098 static __be16 dif_compute_csum(const void *buf, int len)
3099 {
3100 	__be16 csum;
3101 
3102 	if (sdebug_guard)
3103 		csum = (__force __be16)ip_compute_csum(buf, len);
3104 	else
3105 		csum = cpu_to_be16(crc_t10dif(buf, len));
3106 
3107 	return csum;
3108 }
3109 
3110 static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
3111 		      sector_t sector, u32 ei_lba)
3112 {
3113 	__be16 csum = dif_compute_csum(data, sdebug_sector_size);
3114 
3115 	if (sdt->guard_tag != csum) {
3116 		pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
3117 			(unsigned long)sector,
3118 			be16_to_cpu(sdt->guard_tag),
3119 			be16_to_cpu(csum));
3120 		return 0x01;
3121 	}
3122 	if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
3123 	    be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
3124 		pr_err("REF check failed on sector %lu\n",
3125 			(unsigned long)sector);
3126 		return 0x03;
3127 	}
3128 	if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3129 	    be32_to_cpu(sdt->ref_tag) != ei_lba) {
3130 		pr_err("REF check failed on sector %lu\n",
3131 			(unsigned long)sector);
3132 		return 0x03;
3133 	}
3134 	return 0;
3135 }
3136 
3137 static void dif_copy_prot(struct scsi_cmnd *scp, sector_t sector,
3138 			  unsigned int sectors, bool read)
3139 {
3140 	size_t resid;
3141 	void *paddr;
3142 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3143 						scp->device->hostdata, true);
3144 	struct t10_pi_tuple *dif_storep = sip->dif_storep;
3145 	const void *dif_store_end = dif_storep + sdebug_store_sectors;
3146 	struct sg_mapping_iter miter;
3147 
3148 	/* Bytes of protection data to copy into sgl */
3149 	resid = sectors * sizeof(*dif_storep);
3150 
3151 	sg_miter_start(&miter, scsi_prot_sglist(scp),
3152 		       scsi_prot_sg_count(scp), SG_MITER_ATOMIC |
3153 		       (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
3154 
3155 	while (sg_miter_next(&miter) && resid > 0) {
3156 		size_t len = min_t(size_t, miter.length, resid);
3157 		void *start = dif_store(sip, sector);
3158 		size_t rest = 0;
3159 
3160 		if (dif_store_end < start + len)
3161 			rest = start + len - dif_store_end;
3162 
3163 		paddr = miter.addr;
3164 
3165 		if (read)
3166 			memcpy(paddr, start, len - rest);
3167 		else
3168 			memcpy(start, paddr, len - rest);
3169 
3170 		if (rest) {
3171 			if (read)
3172 				memcpy(paddr + len - rest, dif_storep, rest);
3173 			else
3174 				memcpy(dif_storep, paddr + len - rest, rest);
3175 		}
3176 
3177 		sector += len / sizeof(*dif_storep);
3178 		resid -= len;
3179 	}
3180 	sg_miter_stop(&miter);
3181 }
3182 
3183 static int prot_verify_read(struct scsi_cmnd *scp, sector_t start_sec,
3184 			    unsigned int sectors, u32 ei_lba)
3185 {
3186 	int ret = 0;
3187 	unsigned int i;
3188 	sector_t sector;
3189 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3190 						scp->device->hostdata, true);
3191 	struct t10_pi_tuple *sdt;
3192 
3193 	for (i = 0; i < sectors; i++, ei_lba++) {
3194 		sector = start_sec + i;
3195 		sdt = dif_store(sip, sector);
3196 
3197 		if (sdt->app_tag == cpu_to_be16(0xffff))
3198 			continue;
3199 
3200 		/*
3201 		 * Because scsi_debug acts as both initiator and
3202 		 * target we proceed to verify the PI even if
3203 		 * RDPROTECT=3. This is done so the "initiator" knows
3204 		 * which type of error to return. Otherwise we would
3205 		 * have to iterate over the PI twice.
3206 		 */
3207 		if (scp->cmnd[1] >> 5) { /* RDPROTECT */
3208 			ret = dif_verify(sdt, lba2fake_store(sip, sector),
3209 					 sector, ei_lba);
3210 			if (ret) {
3211 				dif_errors++;
3212 				break;
3213 			}
3214 		}
3215 	}
3216 
3217 	dif_copy_prot(scp, start_sec, sectors, true);
3218 	dix_reads++;
3219 
3220 	return ret;
3221 }
3222 
3223 static inline void
3224 sdeb_read_lock(struct sdeb_store_info *sip)
3225 {
3226 	if (sdebug_no_rwlock) {
3227 		if (sip)
3228 			__acquire(&sip->macc_lck);
3229 		else
3230 			__acquire(&sdeb_fake_rw_lck);
3231 	} else {
3232 		if (sip)
3233 			read_lock(&sip->macc_lck);
3234 		else
3235 			read_lock(&sdeb_fake_rw_lck);
3236 	}
3237 }
3238 
3239 static inline void
3240 sdeb_read_unlock(struct sdeb_store_info *sip)
3241 {
3242 	if (sdebug_no_rwlock) {
3243 		if (sip)
3244 			__release(&sip->macc_lck);
3245 		else
3246 			__release(&sdeb_fake_rw_lck);
3247 	} else {
3248 		if (sip)
3249 			read_unlock(&sip->macc_lck);
3250 		else
3251 			read_unlock(&sdeb_fake_rw_lck);
3252 	}
3253 }
3254 
3255 static inline void
3256 sdeb_write_lock(struct sdeb_store_info *sip)
3257 {
3258 	if (sdebug_no_rwlock) {
3259 		if (sip)
3260 			__acquire(&sip->macc_lck);
3261 		else
3262 			__acquire(&sdeb_fake_rw_lck);
3263 	} else {
3264 		if (sip)
3265 			write_lock(&sip->macc_lck);
3266 		else
3267 			write_lock(&sdeb_fake_rw_lck);
3268 	}
3269 }
3270 
3271 static inline void
3272 sdeb_write_unlock(struct sdeb_store_info *sip)
3273 {
3274 	if (sdebug_no_rwlock) {
3275 		if (sip)
3276 			__release(&sip->macc_lck);
3277 		else
3278 			__release(&sdeb_fake_rw_lck);
3279 	} else {
3280 		if (sip)
3281 			write_unlock(&sip->macc_lck);
3282 		else
3283 			write_unlock(&sdeb_fake_rw_lck);
3284 	}
3285 }
3286 
3287 static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3288 {
3289 	bool check_prot;
3290 	u32 num;
3291 	u32 ei_lba;
3292 	int ret;
3293 	u64 lba;
3294 	struct sdeb_store_info *sip = devip2sip(devip, true);
3295 	u8 *cmd = scp->cmnd;
3296 
3297 	switch (cmd[0]) {
3298 	case READ_16:
3299 		ei_lba = 0;
3300 		lba = get_unaligned_be64(cmd + 2);
3301 		num = get_unaligned_be32(cmd + 10);
3302 		check_prot = true;
3303 		break;
3304 	case READ_10:
3305 		ei_lba = 0;
3306 		lba = get_unaligned_be32(cmd + 2);
3307 		num = get_unaligned_be16(cmd + 7);
3308 		check_prot = true;
3309 		break;
3310 	case READ_6:
3311 		ei_lba = 0;
3312 		lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3313 		      (u32)(cmd[1] & 0x1f) << 16;
3314 		num = (0 == cmd[4]) ? 256 : cmd[4];
3315 		check_prot = true;
3316 		break;
3317 	case READ_12:
3318 		ei_lba = 0;
3319 		lba = get_unaligned_be32(cmd + 2);
3320 		num = get_unaligned_be32(cmd + 6);
3321 		check_prot = true;
3322 		break;
3323 	case XDWRITEREAD_10:
3324 		ei_lba = 0;
3325 		lba = get_unaligned_be32(cmd + 2);
3326 		num = get_unaligned_be16(cmd + 7);
3327 		check_prot = false;
3328 		break;
3329 	default:	/* assume READ(32) */
3330 		lba = get_unaligned_be64(cmd + 12);
3331 		ei_lba = get_unaligned_be32(cmd + 20);
3332 		num = get_unaligned_be32(cmd + 28);
3333 		check_prot = false;
3334 		break;
3335 	}
3336 	if (unlikely(have_dif_prot && check_prot)) {
3337 		if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3338 		    (cmd[1] & 0xe0)) {
3339 			mk_sense_invalid_opcode(scp);
3340 			return check_condition_result;
3341 		}
3342 		if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3343 		     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3344 		    (cmd[1] & 0xe0) == 0)
3345 			sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
3346 				    "to DIF device\n");
3347 	}
3348 	if (unlikely((sdebug_opts & SDEBUG_OPT_SHORT_TRANSFER) &&
3349 		     atomic_read(&sdeb_inject_pending))) {
3350 		num /= 2;
3351 		atomic_set(&sdeb_inject_pending, 0);
3352 	}
3353 
3354 	ret = check_device_access_params(scp, lba, num, false);
3355 	if (ret)
3356 		return ret;
3357 	if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
3358 		     (lba <= (sdebug_medium_error_start + sdebug_medium_error_count - 1)) &&
3359 		     ((lba + num) > sdebug_medium_error_start))) {
3360 		/* claim unrecoverable read error */
3361 		mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
3362 		/* set info field and valid bit for fixed descriptor */
3363 		if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
3364 			scp->sense_buffer[0] |= 0x80;	/* Valid bit */
3365 			ret = (lba < OPT_MEDIUM_ERR_ADDR)
3366 			      ? OPT_MEDIUM_ERR_ADDR : (int)lba;
3367 			put_unaligned_be32(ret, scp->sense_buffer + 3);
3368 		}
3369 		scsi_set_resid(scp, scsi_bufflen(scp));
3370 		return check_condition_result;
3371 	}
3372 
3373 	sdeb_read_lock(sip);
3374 
3375 	/* DIX + T10 DIF */
3376 	if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3377 		switch (prot_verify_read(scp, lba, num, ei_lba)) {
3378 		case 1: /* Guard tag error */
3379 			if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3380 				sdeb_read_unlock(sip);
3381 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3382 				return check_condition_result;
3383 			} else if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
3384 				sdeb_read_unlock(sip);
3385 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3386 				return illegal_condition_result;
3387 			}
3388 			break;
3389 		case 3: /* Reference tag error */
3390 			if (cmd[1] >> 5 != 3) { /* RDPROTECT != 3 */
3391 				sdeb_read_unlock(sip);
3392 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
3393 				return check_condition_result;
3394 			} else if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
3395 				sdeb_read_unlock(sip);
3396 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
3397 				return illegal_condition_result;
3398 			}
3399 			break;
3400 		}
3401 	}
3402 
3403 	ret = do_device_access(sip, scp, 0, lba, num, false);
3404 	sdeb_read_unlock(sip);
3405 	if (unlikely(ret == -1))
3406 		return DID_ERROR << 16;
3407 
3408 	scsi_set_resid(scp, scsi_bufflen(scp) - ret);
3409 
3410 	if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3411 		     atomic_read(&sdeb_inject_pending))) {
3412 		if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3413 			mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3414 			atomic_set(&sdeb_inject_pending, 0);
3415 			return check_condition_result;
3416 		} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3417 			/* Logical block guard check failed */
3418 			mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3419 			atomic_set(&sdeb_inject_pending, 0);
3420 			return illegal_condition_result;
3421 		} else if (SDEBUG_OPT_DIX_ERR & sdebug_opts) {
3422 			mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3423 			atomic_set(&sdeb_inject_pending, 0);
3424 			return illegal_condition_result;
3425 		}
3426 	}
3427 	return 0;
3428 }
3429 
3430 static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
3431 			     unsigned int sectors, u32 ei_lba)
3432 {
3433 	int ret;
3434 	struct t10_pi_tuple *sdt;
3435 	void *daddr;
3436 	sector_t sector = start_sec;
3437 	int ppage_offset;
3438 	int dpage_offset;
3439 	struct sg_mapping_iter diter;
3440 	struct sg_mapping_iter piter;
3441 
3442 	BUG_ON(scsi_sg_count(SCpnt) == 0);
3443 	BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
3444 
3445 	sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
3446 			scsi_prot_sg_count(SCpnt),
3447 			SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3448 	sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
3449 			SG_MITER_ATOMIC | SG_MITER_FROM_SG);
3450 
3451 	/* For each protection page */
3452 	while (sg_miter_next(&piter)) {
3453 		dpage_offset = 0;
3454 		if (WARN_ON(!sg_miter_next(&diter))) {
3455 			ret = 0x01;
3456 			goto out;
3457 		}
3458 
3459 		for (ppage_offset = 0; ppage_offset < piter.length;
3460 		     ppage_offset += sizeof(struct t10_pi_tuple)) {
3461 			/* If we're at the end of the current
3462 			 * data page advance to the next one
3463 			 */
3464 			if (dpage_offset >= diter.length) {
3465 				if (WARN_ON(!sg_miter_next(&diter))) {
3466 					ret = 0x01;
3467 					goto out;
3468 				}
3469 				dpage_offset = 0;
3470 			}
3471 
3472 			sdt = piter.addr + ppage_offset;
3473 			daddr = diter.addr + dpage_offset;
3474 
3475 			if (SCpnt->cmnd[1] >> 5 != 3) { /* WRPROTECT */
3476 				ret = dif_verify(sdt, daddr, sector, ei_lba);
3477 				if (ret)
3478 					goto out;
3479 			}
3480 
3481 			sector++;
3482 			ei_lba++;
3483 			dpage_offset += sdebug_sector_size;
3484 		}
3485 		diter.consumed = dpage_offset;
3486 		sg_miter_stop(&diter);
3487 	}
3488 	sg_miter_stop(&piter);
3489 
3490 	dif_copy_prot(SCpnt, start_sec, sectors, false);
3491 	dix_writes++;
3492 
3493 	return 0;
3494 
3495 out:
3496 	dif_errors++;
3497 	sg_miter_stop(&diter);
3498 	sg_miter_stop(&piter);
3499 	return ret;
3500 }
3501 
3502 static unsigned long lba_to_map_index(sector_t lba)
3503 {
3504 	if (sdebug_unmap_alignment)
3505 		lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
3506 	sector_div(lba, sdebug_unmap_granularity);
3507 	return lba;
3508 }
3509 
3510 static sector_t map_index_to_lba(unsigned long index)
3511 {
3512 	sector_t lba = index * sdebug_unmap_granularity;
3513 
3514 	if (sdebug_unmap_alignment)
3515 		lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
3516 	return lba;
3517 }
3518 
3519 static unsigned int map_state(struct sdeb_store_info *sip, sector_t lba,
3520 			      unsigned int *num)
3521 {
3522 	sector_t end;
3523 	unsigned int mapped;
3524 	unsigned long index;
3525 	unsigned long next;
3526 
3527 	index = lba_to_map_index(lba);
3528 	mapped = test_bit(index, sip->map_storep);
3529 
3530 	if (mapped)
3531 		next = find_next_zero_bit(sip->map_storep, map_size, index);
3532 	else
3533 		next = find_next_bit(sip->map_storep, map_size, index);
3534 
3535 	end = min_t(sector_t, sdebug_store_sectors,  map_index_to_lba(next));
3536 	*num = end - lba;
3537 	return mapped;
3538 }
3539 
3540 static void map_region(struct sdeb_store_info *sip, sector_t lba,
3541 		       unsigned int len)
3542 {
3543 	sector_t end = lba + len;
3544 
3545 	while (lba < end) {
3546 		unsigned long index = lba_to_map_index(lba);
3547 
3548 		if (index < map_size)
3549 			set_bit(index, sip->map_storep);
3550 
3551 		lba = map_index_to_lba(index + 1);
3552 	}
3553 }
3554 
3555 static void unmap_region(struct sdeb_store_info *sip, sector_t lba,
3556 			 unsigned int len)
3557 {
3558 	sector_t end = lba + len;
3559 	u8 *fsp = sip->storep;
3560 
3561 	while (lba < end) {
3562 		unsigned long index = lba_to_map_index(lba);
3563 
3564 		if (lba == map_index_to_lba(index) &&
3565 		    lba + sdebug_unmap_granularity <= end &&
3566 		    index < map_size) {
3567 			clear_bit(index, sip->map_storep);
3568 			if (sdebug_lbprz) {  /* for LBPRZ=2 return 0xff_s */
3569 				memset(fsp + lba * sdebug_sector_size,
3570 				       (sdebug_lbprz & 1) ? 0 : 0xff,
3571 				       sdebug_sector_size *
3572 				       sdebug_unmap_granularity);
3573 			}
3574 			if (sip->dif_storep) {
3575 				memset(sip->dif_storep + lba, 0xff,
3576 				       sizeof(*sip->dif_storep) *
3577 				       sdebug_unmap_granularity);
3578 			}
3579 		}
3580 		lba = map_index_to_lba(index + 1);
3581 	}
3582 }
3583 
3584 static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3585 {
3586 	bool check_prot;
3587 	u32 num;
3588 	u32 ei_lba;
3589 	int ret;
3590 	u64 lba;
3591 	struct sdeb_store_info *sip = devip2sip(devip, true);
3592 	u8 *cmd = scp->cmnd;
3593 
3594 	switch (cmd[0]) {
3595 	case WRITE_16:
3596 		ei_lba = 0;
3597 		lba = get_unaligned_be64(cmd + 2);
3598 		num = get_unaligned_be32(cmd + 10);
3599 		check_prot = true;
3600 		break;
3601 	case WRITE_10:
3602 		ei_lba = 0;
3603 		lba = get_unaligned_be32(cmd + 2);
3604 		num = get_unaligned_be16(cmd + 7);
3605 		check_prot = true;
3606 		break;
3607 	case WRITE_6:
3608 		ei_lba = 0;
3609 		lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
3610 		      (u32)(cmd[1] & 0x1f) << 16;
3611 		num = (0 == cmd[4]) ? 256 : cmd[4];
3612 		check_prot = true;
3613 		break;
3614 	case WRITE_12:
3615 		ei_lba = 0;
3616 		lba = get_unaligned_be32(cmd + 2);
3617 		num = get_unaligned_be32(cmd + 6);
3618 		check_prot = true;
3619 		break;
3620 	case 0x53:	/* XDWRITEREAD(10) */
3621 		ei_lba = 0;
3622 		lba = get_unaligned_be32(cmd + 2);
3623 		num = get_unaligned_be16(cmd + 7);
3624 		check_prot = false;
3625 		break;
3626 	default:	/* assume WRITE(32) */
3627 		lba = get_unaligned_be64(cmd + 12);
3628 		ei_lba = get_unaligned_be32(cmd + 20);
3629 		num = get_unaligned_be32(cmd + 28);
3630 		check_prot = false;
3631 		break;
3632 	}
3633 	if (unlikely(have_dif_prot && check_prot)) {
3634 		if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3635 		    (cmd[1] & 0xe0)) {
3636 			mk_sense_invalid_opcode(scp);
3637 			return check_condition_result;
3638 		}
3639 		if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3640 		     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3641 		    (cmd[1] & 0xe0) == 0)
3642 			sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3643 				    "to DIF device\n");
3644 	}
3645 
3646 	sdeb_write_lock(sip);
3647 	ret = check_device_access_params(scp, lba, num, true);
3648 	if (ret) {
3649 		sdeb_write_unlock(sip);
3650 		return ret;
3651 	}
3652 
3653 	/* DIX + T10 DIF */
3654 	if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3655 		switch (prot_verify_write(scp, lba, num, ei_lba)) {
3656 		case 1: /* Guard tag error */
3657 			if (scp->prot_flags & SCSI_PROT_GUARD_CHECK) {
3658 				sdeb_write_unlock(sip);
3659 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3660 				return illegal_condition_result;
3661 			} else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
3662 				sdeb_write_unlock(sip);
3663 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3664 				return check_condition_result;
3665 			}
3666 			break;
3667 		case 3: /* Reference tag error */
3668 			if (scp->prot_flags & SCSI_PROT_REF_CHECK) {
3669 				sdeb_write_unlock(sip);
3670 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 3);
3671 				return illegal_condition_result;
3672 			} else if (scp->cmnd[1] >> 5 != 3) { /* WRPROTECT != 3 */
3673 				sdeb_write_unlock(sip);
3674 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 3);
3675 				return check_condition_result;
3676 			}
3677 			break;
3678 		}
3679 	}
3680 
3681 	ret = do_device_access(sip, scp, 0, lba, num, true);
3682 	if (unlikely(scsi_debug_lbp()))
3683 		map_region(sip, lba, num);
3684 	/* If ZBC zone then bump its write pointer */
3685 	if (sdebug_dev_is_zoned(devip))
3686 		zbc_inc_wp(devip, lba, num);
3687 	sdeb_write_unlock(sip);
3688 	if (unlikely(-1 == ret))
3689 		return DID_ERROR << 16;
3690 	else if (unlikely(sdebug_verbose &&
3691 			  (ret < (num * sdebug_sector_size))))
3692 		sdev_printk(KERN_INFO, scp->device,
3693 			    "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3694 			    my_name, num * sdebug_sector_size, ret);
3695 
3696 	if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3697 		     atomic_read(&sdeb_inject_pending))) {
3698 		if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3699 			mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3700 			atomic_set(&sdeb_inject_pending, 0);
3701 			return check_condition_result;
3702 		} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3703 			/* Logical block guard check failed */
3704 			mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3705 			atomic_set(&sdeb_inject_pending, 0);
3706 			return illegal_condition_result;
3707 		} else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3708 			mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3709 			atomic_set(&sdeb_inject_pending, 0);
3710 			return illegal_condition_result;
3711 		}
3712 	}
3713 	return 0;
3714 }
3715 
3716 /*
3717  * T10 has only specified WRITE SCATTERED(16) and WRITE SCATTERED(32).
3718  * No READ GATHERED yet (requires bidi or long cdb holding gather list).
3719  */
3720 static int resp_write_scat(struct scsi_cmnd *scp,
3721 			   struct sdebug_dev_info *devip)
3722 {
3723 	u8 *cmd = scp->cmnd;
3724 	u8 *lrdp = NULL;
3725 	u8 *up;
3726 	struct sdeb_store_info *sip = devip2sip(devip, true);
3727 	u8 wrprotect;
3728 	u16 lbdof, num_lrd, k;
3729 	u32 num, num_by, bt_len, lbdof_blen, sg_off, cum_lb;
3730 	u32 lb_size = sdebug_sector_size;
3731 	u32 ei_lba;
3732 	u64 lba;
3733 	int ret, res;
3734 	bool is_16;
3735 	static const u32 lrd_size = 32; /* + parameter list header size */
3736 
3737 	if (cmd[0] == VARIABLE_LENGTH_CMD) {
3738 		is_16 = false;
3739 		wrprotect = (cmd[10] >> 5) & 0x7;
3740 		lbdof = get_unaligned_be16(cmd + 12);
3741 		num_lrd = get_unaligned_be16(cmd + 16);
3742 		bt_len = get_unaligned_be32(cmd + 28);
3743 	} else {        /* that leaves WRITE SCATTERED(16) */
3744 		is_16 = true;
3745 		wrprotect = (cmd[2] >> 5) & 0x7;
3746 		lbdof = get_unaligned_be16(cmd + 4);
3747 		num_lrd = get_unaligned_be16(cmd + 8);
3748 		bt_len = get_unaligned_be32(cmd + 10);
3749 		if (unlikely(have_dif_prot)) {
3750 			if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3751 			    wrprotect) {
3752 				mk_sense_invalid_opcode(scp);
3753 				return illegal_condition_result;
3754 			}
3755 			if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3756 			     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3757 			     wrprotect == 0)
3758 				sdev_printk(KERN_ERR, scp->device,
3759 					    "Unprotected WR to DIF device\n");
3760 		}
3761 	}
3762 	if ((num_lrd == 0) || (bt_len == 0))
3763 		return 0;       /* T10 says these do-nothings are not errors */
3764 	if (lbdof == 0) {
3765 		if (sdebug_verbose)
3766 			sdev_printk(KERN_INFO, scp->device,
3767 				"%s: %s: LB Data Offset field bad\n",
3768 				my_name, __func__);
3769 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3770 		return illegal_condition_result;
3771 	}
3772 	lbdof_blen = lbdof * lb_size;
3773 	if ((lrd_size + (num_lrd * lrd_size)) > lbdof_blen) {
3774 		if (sdebug_verbose)
3775 			sdev_printk(KERN_INFO, scp->device,
3776 				"%s: %s: LBA range descriptors don't fit\n",
3777 				my_name, __func__);
3778 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3779 		return illegal_condition_result;
3780 	}
3781 	lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
3782 	if (lrdp == NULL)
3783 		return SCSI_MLQUEUE_HOST_BUSY;
3784 	if (sdebug_verbose)
3785 		sdev_printk(KERN_INFO, scp->device,
3786 			"%s: %s: Fetch header+scatter_list, lbdof_blen=%u\n",
3787 			my_name, __func__, lbdof_blen);
3788 	res = fetch_to_dev_buffer(scp, lrdp, lbdof_blen);
3789 	if (res == -1) {
3790 		ret = DID_ERROR << 16;
3791 		goto err_out;
3792 	}
3793 
3794 	sdeb_write_lock(sip);
3795 	sg_off = lbdof_blen;
3796 	/* Spec says Buffer xfer Length field in number of LBs in dout */
3797 	cum_lb = 0;
3798 	for (k = 0, up = lrdp + lrd_size; k < num_lrd; ++k, up += lrd_size) {
3799 		lba = get_unaligned_be64(up + 0);
3800 		num = get_unaligned_be32(up + 8);
3801 		if (sdebug_verbose)
3802 			sdev_printk(KERN_INFO, scp->device,
3803 				"%s: %s: k=%d  LBA=0x%llx num=%u  sg_off=%u\n",
3804 				my_name, __func__, k, lba, num, sg_off);
3805 		if (num == 0)
3806 			continue;
3807 		ret = check_device_access_params(scp, lba, num, true);
3808 		if (ret)
3809 			goto err_out_unlock;
3810 		num_by = num * lb_size;
3811 		ei_lba = is_16 ? 0 : get_unaligned_be32(up + 12);
3812 
3813 		if ((cum_lb + num) > bt_len) {
3814 			if (sdebug_verbose)
3815 				sdev_printk(KERN_INFO, scp->device,
3816 				    "%s: %s: sum of blocks > data provided\n",
3817 				    my_name, __func__);
3818 			mk_sense_buffer(scp, ILLEGAL_REQUEST, WRITE_ERROR_ASC,
3819 					0);
3820 			ret = illegal_condition_result;
3821 			goto err_out_unlock;
3822 		}
3823 
3824 		/* DIX + T10 DIF */
3825 		if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
3826 			int prot_ret = prot_verify_write(scp, lba, num,
3827 							 ei_lba);
3828 
3829 			if (prot_ret) {
3830 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10,
3831 						prot_ret);
3832 				ret = illegal_condition_result;
3833 				goto err_out_unlock;
3834 			}
3835 		}
3836 
3837 		ret = do_device_access(sip, scp, sg_off, lba, num, true);
3838 		/* If ZBC zone then bump its write pointer */
3839 		if (sdebug_dev_is_zoned(devip))
3840 			zbc_inc_wp(devip, lba, num);
3841 		if (unlikely(scsi_debug_lbp()))
3842 			map_region(sip, lba, num);
3843 		if (unlikely(-1 == ret)) {
3844 			ret = DID_ERROR << 16;
3845 			goto err_out_unlock;
3846 		} else if (unlikely(sdebug_verbose && (ret < num_by)))
3847 			sdev_printk(KERN_INFO, scp->device,
3848 			    "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
3849 			    my_name, num_by, ret);
3850 
3851 		if (unlikely((sdebug_opts & SDEBUG_OPT_RECOV_DIF_DIX) &&
3852 			     atomic_read(&sdeb_inject_pending))) {
3853 			if (sdebug_opts & SDEBUG_OPT_RECOVERED_ERR) {
3854 				mk_sense_buffer(scp, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0);
3855 				atomic_set(&sdeb_inject_pending, 0);
3856 				ret = check_condition_result;
3857 				goto err_out_unlock;
3858 			} else if (sdebug_opts & SDEBUG_OPT_DIF_ERR) {
3859 				/* Logical block guard check failed */
3860 				mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
3861 				atomic_set(&sdeb_inject_pending, 0);
3862 				ret = illegal_condition_result;
3863 				goto err_out_unlock;
3864 			} else if (sdebug_opts & SDEBUG_OPT_DIX_ERR) {
3865 				mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
3866 				atomic_set(&sdeb_inject_pending, 0);
3867 				ret = illegal_condition_result;
3868 				goto err_out_unlock;
3869 			}
3870 		}
3871 		sg_off += num_by;
3872 		cum_lb += num;
3873 	}
3874 	ret = 0;
3875 err_out_unlock:
3876 	sdeb_write_unlock(sip);
3877 err_out:
3878 	kfree(lrdp);
3879 	return ret;
3880 }
3881 
3882 static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
3883 			   u32 ei_lba, bool unmap, bool ndob)
3884 {
3885 	struct scsi_device *sdp = scp->device;
3886 	struct sdebug_dev_info *devip = (struct sdebug_dev_info *)sdp->hostdata;
3887 	unsigned long long i;
3888 	u64 block, lbaa;
3889 	u32 lb_size = sdebug_sector_size;
3890 	int ret;
3891 	struct sdeb_store_info *sip = devip2sip((struct sdebug_dev_info *)
3892 						scp->device->hostdata, true);
3893 	u8 *fs1p;
3894 	u8 *fsp;
3895 
3896 	sdeb_write_lock(sip);
3897 
3898 	ret = check_device_access_params(scp, lba, num, true);
3899 	if (ret) {
3900 		sdeb_write_unlock(sip);
3901 		return ret;
3902 	}
3903 
3904 	if (unmap && scsi_debug_lbp()) {
3905 		unmap_region(sip, lba, num);
3906 		goto out;
3907 	}
3908 	lbaa = lba;
3909 	block = do_div(lbaa, sdebug_store_sectors);
3910 	/* if ndob then zero 1 logical block, else fetch 1 logical block */
3911 	fsp = sip->storep;
3912 	fs1p = fsp + (block * lb_size);
3913 	if (ndob) {
3914 		memset(fs1p, 0, lb_size);
3915 		ret = 0;
3916 	} else
3917 		ret = fetch_to_dev_buffer(scp, fs1p, lb_size);
3918 
3919 	if (-1 == ret) {
3920 		sdeb_write_unlock(sip);
3921 		return DID_ERROR << 16;
3922 	} else if (sdebug_verbose && !ndob && (ret < lb_size))
3923 		sdev_printk(KERN_INFO, scp->device,
3924 			    "%s: %s: lb size=%u, IO sent=%d bytes\n",
3925 			    my_name, "write same", lb_size, ret);
3926 
3927 	/* Copy first sector to remaining blocks */
3928 	for (i = 1 ; i < num ; i++) {
3929 		lbaa = lba + i;
3930 		block = do_div(lbaa, sdebug_store_sectors);
3931 		memmove(fsp + (block * lb_size), fs1p, lb_size);
3932 	}
3933 	if (scsi_debug_lbp())
3934 		map_region(sip, lba, num);
3935 	/* If ZBC zone then bump its write pointer */
3936 	if (sdebug_dev_is_zoned(devip))
3937 		zbc_inc_wp(devip, lba, num);
3938 out:
3939 	sdeb_write_unlock(sip);
3940 
3941 	return 0;
3942 }
3943 
3944 static int resp_write_same_10(struct scsi_cmnd *scp,
3945 			      struct sdebug_dev_info *devip)
3946 {
3947 	u8 *cmd = scp->cmnd;
3948 	u32 lba;
3949 	u16 num;
3950 	u32 ei_lba = 0;
3951 	bool unmap = false;
3952 
3953 	if (cmd[1] & 0x8) {
3954 		if (sdebug_lbpws10 == 0) {
3955 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3956 			return check_condition_result;
3957 		} else
3958 			unmap = true;
3959 	}
3960 	lba = get_unaligned_be32(cmd + 2);
3961 	num = get_unaligned_be16(cmd + 7);
3962 	if (num > sdebug_write_same_length) {
3963 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3964 		return check_condition_result;
3965 	}
3966 	return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3967 }
3968 
3969 static int resp_write_same_16(struct scsi_cmnd *scp,
3970 			      struct sdebug_dev_info *devip)
3971 {
3972 	u8 *cmd = scp->cmnd;
3973 	u64 lba;
3974 	u32 num;
3975 	u32 ei_lba = 0;
3976 	bool unmap = false;
3977 	bool ndob = false;
3978 
3979 	if (cmd[1] & 0x8) {	/* UNMAP */
3980 		if (sdebug_lbpws == 0) {
3981 			mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3982 			return check_condition_result;
3983 		} else
3984 			unmap = true;
3985 	}
3986 	if (cmd[1] & 0x1)  /* NDOB (no data-out buffer, assumes zeroes) */
3987 		ndob = true;
3988 	lba = get_unaligned_be64(cmd + 2);
3989 	num = get_unaligned_be32(cmd + 10);
3990 	if (num > sdebug_write_same_length) {
3991 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3992 		return check_condition_result;
3993 	}
3994 	return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3995 }
3996 
3997 /* Note the mode field is in the same position as the (lower) service action
3998  * field. For the Report supported operation codes command, SPC-4 suggests
3999  * each mode of this command should be reported separately; for future. */
4000 static int resp_write_buffer(struct scsi_cmnd *scp,
4001 			     struct sdebug_dev_info *devip)
4002 {
4003 	u8 *cmd = scp->cmnd;
4004 	struct scsi_device *sdp = scp->device;
4005 	struct sdebug_dev_info *dp;
4006 	u8 mode;
4007 
4008 	mode = cmd[1] & 0x1f;
4009 	switch (mode) {
4010 	case 0x4:	/* download microcode (MC) and activate (ACT) */
4011 		/* set UAs on this device only */
4012 		set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
4013 		set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
4014 		break;
4015 	case 0x5:	/* download MC, save and ACT */
4016 		set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
4017 		break;
4018 	case 0x6:	/* download MC with offsets and ACT */
4019 		/* set UAs on most devices (LUs) in this target */
4020 		list_for_each_entry(dp,
4021 				    &devip->sdbg_host->dev_info_list,
4022 				    dev_list)
4023 			if (dp->target == sdp->id) {
4024 				set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
4025 				if (devip != dp)
4026 					set_bit(SDEBUG_UA_MICROCODE_CHANGED,
4027 						dp->uas_bm);
4028 			}
4029 		break;
4030 	case 0x7:	/* download MC with offsets, save, and ACT */
4031 		/* set UA on all devices (LUs) in this target */
4032 		list_for_each_entry(dp,
4033 				    &devip->sdbg_host->dev_info_list,
4034 				    dev_list)
4035 			if (dp->target == sdp->id)
4036 				set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
4037 					dp->uas_bm);
4038 		break;
4039 	default:
4040 		/* do nothing for this command for other mode values */
4041 		break;
4042 	}
4043 	return 0;
4044 }
4045 
4046 static int resp_comp_write(struct scsi_cmnd *scp,
4047 			   struct sdebug_dev_info *devip)
4048 {
4049 	u8 *cmd = scp->cmnd;
4050 	u8 *arr;
4051 	struct sdeb_store_info *sip = devip2sip(devip, true);
4052 	u64 lba;
4053 	u32 dnum;
4054 	u32 lb_size = sdebug_sector_size;
4055 	u8 num;
4056 	int ret;
4057 	int retval = 0;
4058 
4059 	lba = get_unaligned_be64(cmd + 2);
4060 	num = cmd[13];		/* 1 to a maximum of 255 logical blocks */
4061 	if (0 == num)
4062 		return 0;	/* degenerate case, not an error */
4063 	if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
4064 	    (cmd[1] & 0xe0)) {
4065 		mk_sense_invalid_opcode(scp);
4066 		return check_condition_result;
4067 	}
4068 	if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
4069 	     sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
4070 	    (cmd[1] & 0xe0) == 0)
4071 		sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
4072 			    "to DIF device\n");
4073 	ret = check_device_access_params(scp, lba, num, false);
4074 	if (ret)
4075 		return ret;
4076 	dnum = 2 * num;
4077 	arr = kcalloc(lb_size, dnum, GFP_ATOMIC);
4078 	if (NULL == arr) {
4079 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4080 				INSUFF_RES_ASCQ);
4081 		return check_condition_result;
4082 	}
4083 
4084 	sdeb_write_lock(sip);
4085 
4086 	ret = do_dout_fetch(scp, dnum, arr);
4087 	if (ret == -1) {
4088 		retval = DID_ERROR << 16;
4089 		goto cleanup;
4090 	} else if (sdebug_verbose && (ret < (dnum * lb_size)))
4091 		sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
4092 			    "indicated=%u, IO sent=%d bytes\n", my_name,
4093 			    dnum * lb_size, ret);
4094 	if (!comp_write_worker(sip, lba, num, arr, false)) {
4095 		mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4096 		retval = check_condition_result;
4097 		goto cleanup;
4098 	}
4099 	if (scsi_debug_lbp())
4100 		map_region(sip, lba, num);
4101 cleanup:
4102 	sdeb_write_unlock(sip);
4103 	kfree(arr);
4104 	return retval;
4105 }
4106 
4107 struct unmap_block_desc {
4108 	__be64	lba;
4109 	__be32	blocks;
4110 	__be32	__reserved;
4111 };
4112 
4113 static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4114 {
4115 	unsigned char *buf;
4116 	struct unmap_block_desc *desc;
4117 	struct sdeb_store_info *sip = devip2sip(devip, true);
4118 	unsigned int i, payload_len, descriptors;
4119 	int ret;
4120 
4121 	if (!scsi_debug_lbp())
4122 		return 0;	/* fib and say its done */
4123 	payload_len = get_unaligned_be16(scp->cmnd + 7);
4124 	BUG_ON(scsi_bufflen(scp) != payload_len);
4125 
4126 	descriptors = (payload_len - 8) / 16;
4127 	if (descriptors > sdebug_unmap_max_desc) {
4128 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
4129 		return check_condition_result;
4130 	}
4131 
4132 	buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
4133 	if (!buf) {
4134 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4135 				INSUFF_RES_ASCQ);
4136 		return check_condition_result;
4137 	}
4138 
4139 	scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
4140 
4141 	BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
4142 	BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
4143 
4144 	desc = (void *)&buf[8];
4145 
4146 	sdeb_write_lock(sip);
4147 
4148 	for (i = 0 ; i < descriptors ; i++) {
4149 		unsigned long long lba = get_unaligned_be64(&desc[i].lba);
4150 		unsigned int num = get_unaligned_be32(&desc[i].blocks);
4151 
4152 		ret = check_device_access_params(scp, lba, num, true);
4153 		if (ret)
4154 			goto out;
4155 
4156 		unmap_region(sip, lba, num);
4157 	}
4158 
4159 	ret = 0;
4160 
4161 out:
4162 	sdeb_write_unlock(sip);
4163 	kfree(buf);
4164 
4165 	return ret;
4166 }
4167 
4168 #define SDEBUG_GET_LBA_STATUS_LEN 32
4169 
4170 static int resp_get_lba_status(struct scsi_cmnd *scp,
4171 			       struct sdebug_dev_info *devip)
4172 {
4173 	u8 *cmd = scp->cmnd;
4174 	u64 lba;
4175 	u32 alloc_len, mapped, num;
4176 	int ret;
4177 	u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
4178 
4179 	lba = get_unaligned_be64(cmd + 2);
4180 	alloc_len = get_unaligned_be32(cmd + 10);
4181 
4182 	if (alloc_len < 24)
4183 		return 0;
4184 
4185 	ret = check_device_access_params(scp, lba, 1, false);
4186 	if (ret)
4187 		return ret;
4188 
4189 	if (scsi_debug_lbp()) {
4190 		struct sdeb_store_info *sip = devip2sip(devip, true);
4191 
4192 		mapped = map_state(sip, lba, &num);
4193 	} else {
4194 		mapped = 1;
4195 		/* following just in case virtual_gb changed */
4196 		sdebug_capacity = get_sdebug_capacity();
4197 		if (sdebug_capacity - lba <= 0xffffffff)
4198 			num = sdebug_capacity - lba;
4199 		else
4200 			num = 0xffffffff;
4201 	}
4202 
4203 	memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
4204 	put_unaligned_be32(20, arr);		/* Parameter Data Length */
4205 	put_unaligned_be64(lba, arr + 8);	/* LBA */
4206 	put_unaligned_be32(num, arr + 16);	/* Number of blocks */
4207 	arr[20] = !mapped;		/* prov_stat=0: mapped; 1: dealloc */
4208 
4209 	return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
4210 }
4211 
4212 static int resp_sync_cache(struct scsi_cmnd *scp,
4213 			   struct sdebug_dev_info *devip)
4214 {
4215 	int res = 0;
4216 	u64 lba;
4217 	u32 num_blocks;
4218 	u8 *cmd = scp->cmnd;
4219 
4220 	if (cmd[0] == SYNCHRONIZE_CACHE) {	/* 10 byte cdb */
4221 		lba = get_unaligned_be32(cmd + 2);
4222 		num_blocks = get_unaligned_be16(cmd + 7);
4223 	} else {				/* SYNCHRONIZE_CACHE(16) */
4224 		lba = get_unaligned_be64(cmd + 2);
4225 		num_blocks = get_unaligned_be32(cmd + 10);
4226 	}
4227 	if (lba + num_blocks > sdebug_capacity) {
4228 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4229 		return check_condition_result;
4230 	}
4231 	if (!write_since_sync || (cmd[1] & 0x2))
4232 		res = SDEG_RES_IMMED_MASK;
4233 	else		/* delay if write_since_sync and IMMED clear */
4234 		write_since_sync = false;
4235 	return res;
4236 }
4237 
4238 /*
4239  * Assuming the LBA+num_blocks is not out-of-range, this function will return
4240  * CONDITION MET if the specified blocks will/have fitted in the cache, and
4241  * a GOOD status otherwise. Model a disk with a big cache and yield
4242  * CONDITION MET. Actually tries to bring range in main memory into the
4243  * cache associated with the CPU(s).
4244  */
4245 static int resp_pre_fetch(struct scsi_cmnd *scp,
4246 			  struct sdebug_dev_info *devip)
4247 {
4248 	int res = 0;
4249 	u64 lba;
4250 	u64 block, rest = 0;
4251 	u32 nblks;
4252 	u8 *cmd = scp->cmnd;
4253 	struct sdeb_store_info *sip = devip2sip(devip, true);
4254 	u8 *fsp = sip->storep;
4255 
4256 	if (cmd[0] == PRE_FETCH) {	/* 10 byte cdb */
4257 		lba = get_unaligned_be32(cmd + 2);
4258 		nblks = get_unaligned_be16(cmd + 7);
4259 	} else {			/* PRE-FETCH(16) */
4260 		lba = get_unaligned_be64(cmd + 2);
4261 		nblks = get_unaligned_be32(cmd + 10);
4262 	}
4263 	if (lba + nblks > sdebug_capacity) {
4264 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4265 		return check_condition_result;
4266 	}
4267 	if (!fsp)
4268 		goto fini;
4269 	/* PRE-FETCH spec says nothing about LBP or PI so skip them */
4270 	block = do_div(lba, sdebug_store_sectors);
4271 	if (block + nblks > sdebug_store_sectors)
4272 		rest = block + nblks - sdebug_store_sectors;
4273 
4274 	/* Try to bring the PRE-FETCH range into CPU's cache */
4275 	sdeb_read_lock(sip);
4276 	prefetch_range(fsp + (sdebug_sector_size * block),
4277 		       (nblks - rest) * sdebug_sector_size);
4278 	if (rest)
4279 		prefetch_range(fsp, rest * sdebug_sector_size);
4280 	sdeb_read_unlock(sip);
4281 fini:
4282 	if (cmd[1] & 0x2)
4283 		res = SDEG_RES_IMMED_MASK;
4284 	return res | condition_met_result;
4285 }
4286 
4287 #define RL_BUCKET_ELEMS 8
4288 
4289 /* Even though each pseudo target has a REPORT LUNS "well known logical unit"
4290  * (W-LUN), the normal Linux scanning logic does not associate it with a
4291  * device (e.g. /dev/sg7). The following magic will make that association:
4292  *   "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
4293  * where <n> is a host number. If there are multiple targets in a host then
4294  * the above will associate a W-LUN to each target. To only get a W-LUN
4295  * for target 2, then use "echo '- 2 49409' > scan" .
4296  */
4297 static int resp_report_luns(struct scsi_cmnd *scp,
4298 			    struct sdebug_dev_info *devip)
4299 {
4300 	unsigned char *cmd = scp->cmnd;
4301 	unsigned int alloc_len;
4302 	unsigned char select_report;
4303 	u64 lun;
4304 	struct scsi_lun *lun_p;
4305 	u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
4306 	unsigned int lun_cnt;	/* normal LUN count (max: 256) */
4307 	unsigned int wlun_cnt;	/* report luns W-LUN count */
4308 	unsigned int tlun_cnt;	/* total LUN count */
4309 	unsigned int rlen;	/* response length (in bytes) */
4310 	int k, j, n, res;
4311 	unsigned int off_rsp = 0;
4312 	const int sz_lun = sizeof(struct scsi_lun);
4313 
4314 	clear_luns_changed_on_target(devip);
4315 
4316 	select_report = cmd[2];
4317 	alloc_len = get_unaligned_be32(cmd + 6);
4318 
4319 	if (alloc_len < 4) {
4320 		pr_err("alloc len too small %d\n", alloc_len);
4321 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
4322 		return check_condition_result;
4323 	}
4324 
4325 	switch (select_report) {
4326 	case 0:		/* all LUNs apart from W-LUNs */
4327 		lun_cnt = sdebug_max_luns;
4328 		wlun_cnt = 0;
4329 		break;
4330 	case 1:		/* only W-LUNs */
4331 		lun_cnt = 0;
4332 		wlun_cnt = 1;
4333 		break;
4334 	case 2:		/* all LUNs */
4335 		lun_cnt = sdebug_max_luns;
4336 		wlun_cnt = 1;
4337 		break;
4338 	case 0x10:	/* only administrative LUs */
4339 	case 0x11:	/* see SPC-5 */
4340 	case 0x12:	/* only subsiduary LUs owned by referenced LU */
4341 	default:
4342 		pr_debug("select report invalid %d\n", select_report);
4343 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
4344 		return check_condition_result;
4345 	}
4346 
4347 	if (sdebug_no_lun_0 && (lun_cnt > 0))
4348 		--lun_cnt;
4349 
4350 	tlun_cnt = lun_cnt + wlun_cnt;
4351 	rlen = tlun_cnt * sz_lun;	/* excluding 8 byte header */
4352 	scsi_set_resid(scp, scsi_bufflen(scp));
4353 	pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
4354 		 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
4355 
4356 	/* loops rely on sizeof response header same as sizeof lun (both 8) */
4357 	lun = sdebug_no_lun_0 ? 1 : 0;
4358 	for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
4359 		memset(arr, 0, sizeof(arr));
4360 		lun_p = (struct scsi_lun *)&arr[0];
4361 		if (k == 0) {
4362 			put_unaligned_be32(rlen, &arr[0]);
4363 			++lun_p;
4364 			j = 1;
4365 		}
4366 		for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
4367 			if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
4368 				break;
4369 			int_to_scsilun(lun++, lun_p);
4370 			if (lun > 1 && sdebug_lun_am == SAM_LUN_AM_FLAT)
4371 				lun_p->scsi_lun[0] |= 0x40;
4372 		}
4373 		if (j < RL_BUCKET_ELEMS)
4374 			break;
4375 		n = j * sz_lun;
4376 		res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
4377 		if (res)
4378 			return res;
4379 		off_rsp += n;
4380 	}
4381 	if (wlun_cnt) {
4382 		int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
4383 		++j;
4384 	}
4385 	if (j > 0)
4386 		res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
4387 	return res;
4388 }
4389 
4390 static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4391 {
4392 	bool is_bytchk3 = false;
4393 	u8 bytchk;
4394 	int ret, j;
4395 	u32 vnum, a_num, off;
4396 	const u32 lb_size = sdebug_sector_size;
4397 	u64 lba;
4398 	u8 *arr;
4399 	u8 *cmd = scp->cmnd;
4400 	struct sdeb_store_info *sip = devip2sip(devip, true);
4401 
4402 	bytchk = (cmd[1] >> 1) & 0x3;
4403 	if (bytchk == 0) {
4404 		return 0;	/* always claim internal verify okay */
4405 	} else if (bytchk == 2) {
4406 		mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
4407 		return check_condition_result;
4408 	} else if (bytchk == 3) {
4409 		is_bytchk3 = true;	/* 1 block sent, compared repeatedly */
4410 	}
4411 	switch (cmd[0]) {
4412 	case VERIFY_16:
4413 		lba = get_unaligned_be64(cmd + 2);
4414 		vnum = get_unaligned_be32(cmd + 10);
4415 		break;
4416 	case VERIFY:		/* is VERIFY(10) */
4417 		lba = get_unaligned_be32(cmd + 2);
4418 		vnum = get_unaligned_be16(cmd + 7);
4419 		break;
4420 	default:
4421 		mk_sense_invalid_opcode(scp);
4422 		return check_condition_result;
4423 	}
4424 	if (vnum == 0)
4425 		return 0;	/* not an error */
4426 	a_num = is_bytchk3 ? 1 : vnum;
4427 	/* Treat following check like one for read (i.e. no write) access */
4428 	ret = check_device_access_params(scp, lba, a_num, false);
4429 	if (ret)
4430 		return ret;
4431 
4432 	arr = kcalloc(lb_size, vnum, GFP_ATOMIC);
4433 	if (!arr) {
4434 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4435 				INSUFF_RES_ASCQ);
4436 		return check_condition_result;
4437 	}
4438 	/* Not changing store, so only need read access */
4439 	sdeb_read_lock(sip);
4440 
4441 	ret = do_dout_fetch(scp, a_num, arr);
4442 	if (ret == -1) {
4443 		ret = DID_ERROR << 16;
4444 		goto cleanup;
4445 	} else if (sdebug_verbose && (ret < (a_num * lb_size))) {
4446 		sdev_printk(KERN_INFO, scp->device,
4447 			    "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
4448 			    my_name, __func__, a_num * lb_size, ret);
4449 	}
4450 	if (is_bytchk3) {
4451 		for (j = 1, off = lb_size; j < vnum; ++j, off += lb_size)
4452 			memcpy(arr + off, arr, lb_size);
4453 	}
4454 	ret = 0;
4455 	if (!comp_write_worker(sip, lba, vnum, arr, true)) {
4456 		mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
4457 		ret = check_condition_result;
4458 		goto cleanup;
4459 	}
4460 cleanup:
4461 	sdeb_read_unlock(sip);
4462 	kfree(arr);
4463 	return ret;
4464 }
4465 
4466 #define RZONES_DESC_HD 64
4467 
4468 /* Report zones depending on start LBA and reporting options */
4469 static int resp_report_zones(struct scsi_cmnd *scp,
4470 			     struct sdebug_dev_info *devip)
4471 {
4472 	unsigned int rep_max_zones, nrz = 0;
4473 	int ret = 0;
4474 	u32 alloc_len, rep_opts, rep_len;
4475 	bool partial;
4476 	u64 lba, zs_lba;
4477 	u8 *arr = NULL, *desc;
4478 	u8 *cmd = scp->cmnd;
4479 	struct sdeb_zone_state *zsp = NULL;
4480 	struct sdeb_store_info *sip = devip2sip(devip, false);
4481 
4482 	if (!sdebug_dev_is_zoned(devip)) {
4483 		mk_sense_invalid_opcode(scp);
4484 		return check_condition_result;
4485 	}
4486 	zs_lba = get_unaligned_be64(cmd + 2);
4487 	alloc_len = get_unaligned_be32(cmd + 10);
4488 	if (alloc_len == 0)
4489 		return 0;	/* not an error */
4490 	rep_opts = cmd[14] & 0x3f;
4491 	partial = cmd[14] & 0x80;
4492 
4493 	if (zs_lba >= sdebug_capacity) {
4494 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4495 		return check_condition_result;
4496 	}
4497 
4498 	rep_max_zones = (alloc_len - 64) >> ilog2(RZONES_DESC_HD);
4499 
4500 	arr = kzalloc(alloc_len, GFP_ATOMIC);
4501 	if (!arr) {
4502 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
4503 				INSUFF_RES_ASCQ);
4504 		return check_condition_result;
4505 	}
4506 
4507 	sdeb_read_lock(sip);
4508 
4509 	desc = arr + 64;
4510 	for (lba = zs_lba; lba < sdebug_capacity;
4511 	     lba = zsp->z_start + zsp->z_size) {
4512 		if (WARN_ONCE(zbc_zone(devip, lba) == zsp, "lba = %llu\n", lba))
4513 			break;
4514 		zsp = zbc_zone(devip, lba);
4515 		switch (rep_opts) {
4516 		case 0x00:
4517 			/* All zones */
4518 			break;
4519 		case 0x01:
4520 			/* Empty zones */
4521 			if (zsp->z_cond != ZC1_EMPTY)
4522 				continue;
4523 			break;
4524 		case 0x02:
4525 			/* Implicit open zones */
4526 			if (zsp->z_cond != ZC2_IMPLICIT_OPEN)
4527 				continue;
4528 			break;
4529 		case 0x03:
4530 			/* Explicit open zones */
4531 			if (zsp->z_cond != ZC3_EXPLICIT_OPEN)
4532 				continue;
4533 			break;
4534 		case 0x04:
4535 			/* Closed zones */
4536 			if (zsp->z_cond != ZC4_CLOSED)
4537 				continue;
4538 			break;
4539 		case 0x05:
4540 			/* Full zones */
4541 			if (zsp->z_cond != ZC5_FULL)
4542 				continue;
4543 			break;
4544 		case 0x06:
4545 		case 0x07:
4546 		case 0x10:
4547 			/*
4548 			 * Read-only, offline, reset WP recommended are
4549 			 * not emulated: no zones to report;
4550 			 */
4551 			continue;
4552 		case 0x11:
4553 			/* non-seq-resource set */
4554 			if (!zsp->z_non_seq_resource)
4555 				continue;
4556 			break;
4557 		case 0x3e:
4558 			/* All zones except gap zones. */
4559 			if (zbc_zone_is_gap(zsp))
4560 				continue;
4561 			break;
4562 		case 0x3f:
4563 			/* Not write pointer (conventional) zones */
4564 			if (zbc_zone_is_seq(zsp))
4565 				continue;
4566 			break;
4567 		default:
4568 			mk_sense_buffer(scp, ILLEGAL_REQUEST,
4569 					INVALID_FIELD_IN_CDB, 0);
4570 			ret = check_condition_result;
4571 			goto fini;
4572 		}
4573 
4574 		if (nrz < rep_max_zones) {
4575 			/* Fill zone descriptor */
4576 			desc[0] = zsp->z_type;
4577 			desc[1] = zsp->z_cond << 4;
4578 			if (zsp->z_non_seq_resource)
4579 				desc[1] |= 1 << 1;
4580 			put_unaligned_be64((u64)zsp->z_size, desc + 8);
4581 			put_unaligned_be64((u64)zsp->z_start, desc + 16);
4582 			put_unaligned_be64((u64)zsp->z_wp, desc + 24);
4583 			desc += 64;
4584 		}
4585 
4586 		if (partial && nrz >= rep_max_zones)
4587 			break;
4588 
4589 		nrz++;
4590 	}
4591 
4592 	/* Report header */
4593 	/* Zone list length. */
4594 	put_unaligned_be32(nrz * RZONES_DESC_HD, arr + 0);
4595 	/* Maximum LBA */
4596 	put_unaligned_be64(sdebug_capacity - 1, arr + 8);
4597 	/* Zone starting LBA granularity. */
4598 	if (devip->zcap < devip->zsize)
4599 		put_unaligned_be64(devip->zsize, arr + 16);
4600 
4601 	rep_len = (unsigned long)desc - (unsigned long)arr;
4602 	ret = fill_from_dev_buffer(scp, arr, min_t(u32, alloc_len, rep_len));
4603 
4604 fini:
4605 	sdeb_read_unlock(sip);
4606 	kfree(arr);
4607 	return ret;
4608 }
4609 
4610 /* Logic transplanted from tcmu-runner, file_zbc.c */
4611 static void zbc_open_all(struct sdebug_dev_info *devip)
4612 {
4613 	struct sdeb_zone_state *zsp = &devip->zstate[0];
4614 	unsigned int i;
4615 
4616 	for (i = 0; i < devip->nr_zones; i++, zsp++) {
4617 		if (zsp->z_cond == ZC4_CLOSED)
4618 			zbc_open_zone(devip, &devip->zstate[i], true);
4619 	}
4620 }
4621 
4622 static int resp_open_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4623 {
4624 	int res = 0;
4625 	u64 z_id;
4626 	enum sdebug_z_cond zc;
4627 	u8 *cmd = scp->cmnd;
4628 	struct sdeb_zone_state *zsp;
4629 	bool all = cmd[14] & 0x01;
4630 	struct sdeb_store_info *sip = devip2sip(devip, false);
4631 
4632 	if (!sdebug_dev_is_zoned(devip)) {
4633 		mk_sense_invalid_opcode(scp);
4634 		return check_condition_result;
4635 	}
4636 
4637 	sdeb_write_lock(sip);
4638 
4639 	if (all) {
4640 		/* Check if all closed zones can be open */
4641 		if (devip->max_open &&
4642 		    devip->nr_exp_open + devip->nr_closed > devip->max_open) {
4643 			mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4644 					INSUFF_ZONE_ASCQ);
4645 			res = check_condition_result;
4646 			goto fini;
4647 		}
4648 		/* Open all closed zones */
4649 		zbc_open_all(devip);
4650 		goto fini;
4651 	}
4652 
4653 	/* Open the specified zone */
4654 	z_id = get_unaligned_be64(cmd + 2);
4655 	if (z_id >= sdebug_capacity) {
4656 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4657 		res = check_condition_result;
4658 		goto fini;
4659 	}
4660 
4661 	zsp = zbc_zone(devip, z_id);
4662 	if (z_id != zsp->z_start) {
4663 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4664 		res = check_condition_result;
4665 		goto fini;
4666 	}
4667 	if (zbc_zone_is_conv(zsp)) {
4668 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4669 		res = check_condition_result;
4670 		goto fini;
4671 	}
4672 
4673 	zc = zsp->z_cond;
4674 	if (zc == ZC3_EXPLICIT_OPEN || zc == ZC5_FULL)
4675 		goto fini;
4676 
4677 	if (devip->max_open && devip->nr_exp_open >= devip->max_open) {
4678 		mk_sense_buffer(scp, DATA_PROTECT, INSUFF_RES_ASC,
4679 				INSUFF_ZONE_ASCQ);
4680 		res = check_condition_result;
4681 		goto fini;
4682 	}
4683 
4684 	zbc_open_zone(devip, zsp, true);
4685 fini:
4686 	sdeb_write_unlock(sip);
4687 	return res;
4688 }
4689 
4690 static void zbc_close_all(struct sdebug_dev_info *devip)
4691 {
4692 	unsigned int i;
4693 
4694 	for (i = 0; i < devip->nr_zones; i++)
4695 		zbc_close_zone(devip, &devip->zstate[i]);
4696 }
4697 
4698 static int resp_close_zone(struct scsi_cmnd *scp,
4699 			   struct sdebug_dev_info *devip)
4700 {
4701 	int res = 0;
4702 	u64 z_id;
4703 	u8 *cmd = scp->cmnd;
4704 	struct sdeb_zone_state *zsp;
4705 	bool all = cmd[14] & 0x01;
4706 	struct sdeb_store_info *sip = devip2sip(devip, false);
4707 
4708 	if (!sdebug_dev_is_zoned(devip)) {
4709 		mk_sense_invalid_opcode(scp);
4710 		return check_condition_result;
4711 	}
4712 
4713 	sdeb_write_lock(sip);
4714 
4715 	if (all) {
4716 		zbc_close_all(devip);
4717 		goto fini;
4718 	}
4719 
4720 	/* Close specified zone */
4721 	z_id = get_unaligned_be64(cmd + 2);
4722 	if (z_id >= sdebug_capacity) {
4723 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4724 		res = check_condition_result;
4725 		goto fini;
4726 	}
4727 
4728 	zsp = zbc_zone(devip, z_id);
4729 	if (z_id != zsp->z_start) {
4730 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4731 		res = check_condition_result;
4732 		goto fini;
4733 	}
4734 	if (zbc_zone_is_conv(zsp)) {
4735 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4736 		res = check_condition_result;
4737 		goto fini;
4738 	}
4739 
4740 	zbc_close_zone(devip, zsp);
4741 fini:
4742 	sdeb_write_unlock(sip);
4743 	return res;
4744 }
4745 
4746 static void zbc_finish_zone(struct sdebug_dev_info *devip,
4747 			    struct sdeb_zone_state *zsp, bool empty)
4748 {
4749 	enum sdebug_z_cond zc = zsp->z_cond;
4750 
4751 	if (zc == ZC4_CLOSED || zc == ZC2_IMPLICIT_OPEN ||
4752 	    zc == ZC3_EXPLICIT_OPEN || (empty && zc == ZC1_EMPTY)) {
4753 		if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
4754 			zbc_close_zone(devip, zsp);
4755 		if (zsp->z_cond == ZC4_CLOSED)
4756 			devip->nr_closed--;
4757 		zsp->z_wp = zsp->z_start + zsp->z_size;
4758 		zsp->z_cond = ZC5_FULL;
4759 	}
4760 }
4761 
4762 static void zbc_finish_all(struct sdebug_dev_info *devip)
4763 {
4764 	unsigned int i;
4765 
4766 	for (i = 0; i < devip->nr_zones; i++)
4767 		zbc_finish_zone(devip, &devip->zstate[i], false);
4768 }
4769 
4770 static int resp_finish_zone(struct scsi_cmnd *scp,
4771 			    struct sdebug_dev_info *devip)
4772 {
4773 	struct sdeb_zone_state *zsp;
4774 	int res = 0;
4775 	u64 z_id;
4776 	u8 *cmd = scp->cmnd;
4777 	bool all = cmd[14] & 0x01;
4778 	struct sdeb_store_info *sip = devip2sip(devip, false);
4779 
4780 	if (!sdebug_dev_is_zoned(devip)) {
4781 		mk_sense_invalid_opcode(scp);
4782 		return check_condition_result;
4783 	}
4784 
4785 	sdeb_write_lock(sip);
4786 
4787 	if (all) {
4788 		zbc_finish_all(devip);
4789 		goto fini;
4790 	}
4791 
4792 	/* Finish the specified zone */
4793 	z_id = get_unaligned_be64(cmd + 2);
4794 	if (z_id >= sdebug_capacity) {
4795 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4796 		res = check_condition_result;
4797 		goto fini;
4798 	}
4799 
4800 	zsp = zbc_zone(devip, z_id);
4801 	if (z_id != zsp->z_start) {
4802 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4803 		res = check_condition_result;
4804 		goto fini;
4805 	}
4806 	if (zbc_zone_is_conv(zsp)) {
4807 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4808 		res = check_condition_result;
4809 		goto fini;
4810 	}
4811 
4812 	zbc_finish_zone(devip, zsp, true);
4813 fini:
4814 	sdeb_write_unlock(sip);
4815 	return res;
4816 }
4817 
4818 static void zbc_rwp_zone(struct sdebug_dev_info *devip,
4819 			 struct sdeb_zone_state *zsp)
4820 {
4821 	enum sdebug_z_cond zc;
4822 	struct sdeb_store_info *sip = devip2sip(devip, false);
4823 
4824 	if (!zbc_zone_is_seq(zsp))
4825 		return;
4826 
4827 	zc = zsp->z_cond;
4828 	if (zc == ZC2_IMPLICIT_OPEN || zc == ZC3_EXPLICIT_OPEN)
4829 		zbc_close_zone(devip, zsp);
4830 
4831 	if (zsp->z_cond == ZC4_CLOSED)
4832 		devip->nr_closed--;
4833 
4834 	if (zsp->z_wp > zsp->z_start)
4835 		memset(sip->storep + zsp->z_start * sdebug_sector_size, 0,
4836 		       (zsp->z_wp - zsp->z_start) * sdebug_sector_size);
4837 
4838 	zsp->z_non_seq_resource = false;
4839 	zsp->z_wp = zsp->z_start;
4840 	zsp->z_cond = ZC1_EMPTY;
4841 }
4842 
4843 static void zbc_rwp_all(struct sdebug_dev_info *devip)
4844 {
4845 	unsigned int i;
4846 
4847 	for (i = 0; i < devip->nr_zones; i++)
4848 		zbc_rwp_zone(devip, &devip->zstate[i]);
4849 }
4850 
4851 static int resp_rwp_zone(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
4852 {
4853 	struct sdeb_zone_state *zsp;
4854 	int res = 0;
4855 	u64 z_id;
4856 	u8 *cmd = scp->cmnd;
4857 	bool all = cmd[14] & 0x01;
4858 	struct sdeb_store_info *sip = devip2sip(devip, false);
4859 
4860 	if (!sdebug_dev_is_zoned(devip)) {
4861 		mk_sense_invalid_opcode(scp);
4862 		return check_condition_result;
4863 	}
4864 
4865 	sdeb_write_lock(sip);
4866 
4867 	if (all) {
4868 		zbc_rwp_all(devip);
4869 		goto fini;
4870 	}
4871 
4872 	z_id = get_unaligned_be64(cmd + 2);
4873 	if (z_id >= sdebug_capacity) {
4874 		mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
4875 		res = check_condition_result;
4876 		goto fini;
4877 	}
4878 
4879 	zsp = zbc_zone(devip, z_id);
4880 	if (z_id != zsp->z_start) {
4881 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4882 		res = check_condition_result;
4883 		goto fini;
4884 	}
4885 	if (zbc_zone_is_conv(zsp)) {
4886 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
4887 		res = check_condition_result;
4888 		goto fini;
4889 	}
4890 
4891 	zbc_rwp_zone(devip, zsp);
4892 fini:
4893 	sdeb_write_unlock(sip);
4894 	return res;
4895 }
4896 
4897 static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
4898 {
4899 	u16 hwq;
4900 	u32 tag = blk_mq_unique_tag(scsi_cmd_to_rq(cmnd));
4901 
4902 	hwq = blk_mq_unique_tag_to_hwq(tag);
4903 
4904 	pr_debug("tag=%#x, hwq=%d\n", tag, hwq);
4905 	if (WARN_ON_ONCE(hwq >= submit_queues))
4906 		hwq = 0;
4907 
4908 	return sdebug_q_arr + hwq;
4909 }
4910 
4911 static u32 get_tag(struct scsi_cmnd *cmnd)
4912 {
4913 	return blk_mq_unique_tag(scsi_cmd_to_rq(cmnd));
4914 }
4915 
4916 /* Queued (deferred) command completions converge here. */
4917 static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
4918 {
4919 	bool aborted = sd_dp->aborted;
4920 	int qc_idx;
4921 	int retiring = 0;
4922 	unsigned long iflags;
4923 	struct sdebug_queue *sqp;
4924 	struct sdebug_queued_cmd *sqcp;
4925 	struct scsi_cmnd *scp;
4926 	struct sdebug_dev_info *devip;
4927 
4928 	if (unlikely(aborted))
4929 		sd_dp->aborted = false;
4930 	qc_idx = sd_dp->qc_idx;
4931 	sqp = sdebug_q_arr + sd_dp->sqa_idx;
4932 	if (sdebug_statistics) {
4933 		atomic_inc(&sdebug_completions);
4934 		if (raw_smp_processor_id() != sd_dp->issuing_cpu)
4935 			atomic_inc(&sdebug_miss_cpus);
4936 	}
4937 	if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
4938 		pr_err("wild qc_idx=%d\n", qc_idx);
4939 		return;
4940 	}
4941 	spin_lock_irqsave(&sqp->qc_lock, iflags);
4942 	WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_NONE);
4943 	sqcp = &sqp->qc_arr[qc_idx];
4944 	scp = sqcp->a_cmnd;
4945 	if (unlikely(scp == NULL)) {
4946 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4947 		pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d, hc_idx=%d\n",
4948 		       sd_dp->sqa_idx, qc_idx, sd_dp->hc_idx);
4949 		return;
4950 	}
4951 	devip = (struct sdebug_dev_info *)scp->device->hostdata;
4952 	if (likely(devip))
4953 		atomic_dec(&devip->num_in_q);
4954 	else
4955 		pr_err("devip=NULL\n");
4956 	if (unlikely(atomic_read(&retired_max_queue) > 0))
4957 		retiring = 1;
4958 
4959 	sqcp->a_cmnd = NULL;
4960 	if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
4961 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4962 		pr_err("Unexpected completion\n");
4963 		return;
4964 	}
4965 
4966 	if (unlikely(retiring)) {	/* user has reduced max_queue */
4967 		int k, retval;
4968 
4969 		retval = atomic_read(&retired_max_queue);
4970 		if (qc_idx >= retval) {
4971 			spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4972 			pr_err("index %d too large\n", retval);
4973 			return;
4974 		}
4975 		k = find_last_bit(sqp->in_use_bm, retval);
4976 		if ((k < sdebug_max_queue) || (k == retval))
4977 			atomic_set(&retired_max_queue, 0);
4978 		else
4979 			atomic_set(&retired_max_queue, k + 1);
4980 	}
4981 	spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4982 	if (unlikely(aborted)) {
4983 		if (sdebug_verbose)
4984 			pr_info("bypassing scsi_done() due to aborted cmd\n");
4985 		return;
4986 	}
4987 	scsi_done(scp); /* callback to mid level */
4988 }
4989 
4990 /* When high resolution timer goes off this function is called. */
4991 static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
4992 {
4993 	struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
4994 						  hrt);
4995 	sdebug_q_cmd_complete(sd_dp);
4996 	return HRTIMER_NORESTART;
4997 }
4998 
4999 /* When work queue schedules work, it calls this function. */
5000 static void sdebug_q_cmd_wq_complete(struct work_struct *work)
5001 {
5002 	struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
5003 						  ew.work);
5004 	sdebug_q_cmd_complete(sd_dp);
5005 }
5006 
5007 static bool got_shared_uuid;
5008 static uuid_t shared_uuid;
5009 
5010 static int sdebug_device_create_zones(struct sdebug_dev_info *devip)
5011 {
5012 	struct sdeb_zone_state *zsp;
5013 	sector_t capacity = get_sdebug_capacity();
5014 	sector_t conv_capacity;
5015 	sector_t zstart = 0;
5016 	unsigned int i;
5017 
5018 	/*
5019 	 * Set the zone size: if sdeb_zbc_zone_size_mb is not set, figure out
5020 	 * a zone size allowing for at least 4 zones on the device. Otherwise,
5021 	 * use the specified zone size checking that at least 2 zones can be
5022 	 * created for the device.
5023 	 */
5024 	if (!sdeb_zbc_zone_size_mb) {
5025 		devip->zsize = (DEF_ZBC_ZONE_SIZE_MB * SZ_1M)
5026 			>> ilog2(sdebug_sector_size);
5027 		while (capacity < devip->zsize << 2 && devip->zsize >= 2)
5028 			devip->zsize >>= 1;
5029 		if (devip->zsize < 2) {
5030 			pr_err("Device capacity too small\n");
5031 			return -EINVAL;
5032 		}
5033 	} else {
5034 		if (!is_power_of_2(sdeb_zbc_zone_size_mb)) {
5035 			pr_err("Zone size is not a power of 2\n");
5036 			return -EINVAL;
5037 		}
5038 		devip->zsize = (sdeb_zbc_zone_size_mb * SZ_1M)
5039 			>> ilog2(sdebug_sector_size);
5040 		if (devip->zsize >= capacity) {
5041 			pr_err("Zone size too large for device capacity\n");
5042 			return -EINVAL;
5043 		}
5044 	}
5045 
5046 	devip->zsize_shift = ilog2(devip->zsize);
5047 	devip->nr_zones = (capacity + devip->zsize - 1) >> devip->zsize_shift;
5048 
5049 	if (sdeb_zbc_zone_cap_mb == 0) {
5050 		devip->zcap = devip->zsize;
5051 	} else {
5052 		devip->zcap = (sdeb_zbc_zone_cap_mb * SZ_1M) >>
5053 			      ilog2(sdebug_sector_size);
5054 		if (devip->zcap > devip->zsize) {
5055 			pr_err("Zone capacity too large\n");
5056 			return -EINVAL;
5057 		}
5058 	}
5059 
5060 	conv_capacity = (sector_t)sdeb_zbc_nr_conv << devip->zsize_shift;
5061 	if (conv_capacity >= capacity) {
5062 		pr_err("Number of conventional zones too large\n");
5063 		return -EINVAL;
5064 	}
5065 	devip->nr_conv_zones = sdeb_zbc_nr_conv;
5066 	devip->nr_seq_zones = ALIGN(capacity - conv_capacity, devip->zsize) >>
5067 			      devip->zsize_shift;
5068 	devip->nr_zones = devip->nr_conv_zones + devip->nr_seq_zones;
5069 
5070 	/* Add gap zones if zone capacity is smaller than the zone size */
5071 	if (devip->zcap < devip->zsize)
5072 		devip->nr_zones += devip->nr_seq_zones;
5073 
5074 	if (devip->zmodel == BLK_ZONED_HM) {
5075 		/* zbc_max_open_zones can be 0, meaning "not reported" */
5076 		if (sdeb_zbc_max_open >= devip->nr_zones - 1)
5077 			devip->max_open = (devip->nr_zones - 1) / 2;
5078 		else
5079 			devip->max_open = sdeb_zbc_max_open;
5080 	}
5081 
5082 	devip->zstate = kcalloc(devip->nr_zones,
5083 				sizeof(struct sdeb_zone_state), GFP_KERNEL);
5084 	if (!devip->zstate)
5085 		return -ENOMEM;
5086 
5087 	for (i = 0; i < devip->nr_zones; i++) {
5088 		zsp = &devip->zstate[i];
5089 
5090 		zsp->z_start = zstart;
5091 
5092 		if (i < devip->nr_conv_zones) {
5093 			zsp->z_type = ZBC_ZTYPE_CNV;
5094 			zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5095 			zsp->z_wp = (sector_t)-1;
5096 			zsp->z_size =
5097 				min_t(u64, devip->zsize, capacity - zstart);
5098 		} else if ((zstart & (devip->zsize - 1)) == 0) {
5099 			if (devip->zmodel == BLK_ZONED_HM)
5100 				zsp->z_type = ZBC_ZTYPE_SWR;
5101 			else
5102 				zsp->z_type = ZBC_ZTYPE_SWP;
5103 			zsp->z_cond = ZC1_EMPTY;
5104 			zsp->z_wp = zsp->z_start;
5105 			zsp->z_size =
5106 				min_t(u64, devip->zcap, capacity - zstart);
5107 		} else {
5108 			zsp->z_type = ZBC_ZTYPE_GAP;
5109 			zsp->z_cond = ZBC_NOT_WRITE_POINTER;
5110 			zsp->z_wp = (sector_t)-1;
5111 			zsp->z_size = min_t(u64, devip->zsize - devip->zcap,
5112 					    capacity - zstart);
5113 		}
5114 
5115 		WARN_ON_ONCE((int)zsp->z_size <= 0);
5116 		zstart += zsp->z_size;
5117 	}
5118 
5119 	return 0;
5120 }
5121 
5122 static struct sdebug_dev_info *sdebug_device_create(
5123 			struct sdebug_host_info *sdbg_host, gfp_t flags)
5124 {
5125 	struct sdebug_dev_info *devip;
5126 
5127 	devip = kzalloc(sizeof(*devip), flags);
5128 	if (devip) {
5129 		if (sdebug_uuid_ctl == 1)
5130 			uuid_gen(&devip->lu_name);
5131 		else if (sdebug_uuid_ctl == 2) {
5132 			if (got_shared_uuid)
5133 				devip->lu_name = shared_uuid;
5134 			else {
5135 				uuid_gen(&shared_uuid);
5136 				got_shared_uuid = true;
5137 				devip->lu_name = shared_uuid;
5138 			}
5139 		}
5140 		devip->sdbg_host = sdbg_host;
5141 		if (sdeb_zbc_in_use) {
5142 			devip->zmodel = sdeb_zbc_model;
5143 			if (sdebug_device_create_zones(devip)) {
5144 				kfree(devip);
5145 				return NULL;
5146 			}
5147 		} else {
5148 			devip->zmodel = BLK_ZONED_NONE;
5149 		}
5150 		devip->sdbg_host = sdbg_host;
5151 		devip->create_ts = ktime_get_boottime();
5152 		atomic_set(&devip->stopped, (sdeb_tur_ms_to_ready > 0 ? 2 : 0));
5153 		list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
5154 	}
5155 	return devip;
5156 }
5157 
5158 static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
5159 {
5160 	struct sdebug_host_info *sdbg_host;
5161 	struct sdebug_dev_info *open_devip = NULL;
5162 	struct sdebug_dev_info *devip;
5163 
5164 	sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
5165 	if (!sdbg_host) {
5166 		pr_err("Host info NULL\n");
5167 		return NULL;
5168 	}
5169 
5170 	list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
5171 		if ((devip->used) && (devip->channel == sdev->channel) &&
5172 		    (devip->target == sdev->id) &&
5173 		    (devip->lun == sdev->lun))
5174 			return devip;
5175 		else {
5176 			if ((!devip->used) && (!open_devip))
5177 				open_devip = devip;
5178 		}
5179 	}
5180 	if (!open_devip) { /* try and make a new one */
5181 		open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
5182 		if (!open_devip) {
5183 			pr_err("out of memory at line %d\n", __LINE__);
5184 			return NULL;
5185 		}
5186 	}
5187 
5188 	open_devip->channel = sdev->channel;
5189 	open_devip->target = sdev->id;
5190 	open_devip->lun = sdev->lun;
5191 	open_devip->sdbg_host = sdbg_host;
5192 	atomic_set(&open_devip->num_in_q, 0);
5193 	set_bit(SDEBUG_UA_POOCCUR, open_devip->uas_bm);
5194 	open_devip->used = true;
5195 	return open_devip;
5196 }
5197 
5198 static int scsi_debug_slave_alloc(struct scsi_device *sdp)
5199 {
5200 	if (sdebug_verbose)
5201 		pr_info("slave_alloc <%u %u %u %llu>\n",
5202 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5203 	return 0;
5204 }
5205 
5206 static int scsi_debug_slave_configure(struct scsi_device *sdp)
5207 {
5208 	struct sdebug_dev_info *devip =
5209 			(struct sdebug_dev_info *)sdp->hostdata;
5210 
5211 	if (sdebug_verbose)
5212 		pr_info("slave_configure <%u %u %u %llu>\n",
5213 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5214 	if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
5215 		sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
5216 	if (devip == NULL) {
5217 		devip = find_build_dev_info(sdp);
5218 		if (devip == NULL)
5219 			return 1;  /* no resources, will be marked offline */
5220 	}
5221 	sdp->hostdata = devip;
5222 	if (sdebug_no_uld)
5223 		sdp->no_uld_attach = 1;
5224 	config_cdb_len(sdp);
5225 	return 0;
5226 }
5227 
5228 static void scsi_debug_slave_destroy(struct scsi_device *sdp)
5229 {
5230 	struct sdebug_dev_info *devip =
5231 		(struct sdebug_dev_info *)sdp->hostdata;
5232 
5233 	if (sdebug_verbose)
5234 		pr_info("slave_destroy <%u %u %u %llu>\n",
5235 		       sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
5236 	if (devip) {
5237 		/* make this slot available for re-use */
5238 		devip->used = false;
5239 		sdp->hostdata = NULL;
5240 	}
5241 }
5242 
5243 static void stop_qc_helper(struct sdebug_defer *sd_dp,
5244 			   enum sdeb_defer_type defer_t)
5245 {
5246 	if (!sd_dp)
5247 		return;
5248 	if (defer_t == SDEB_DEFER_HRT)
5249 		hrtimer_cancel(&sd_dp->hrt);
5250 	else if (defer_t == SDEB_DEFER_WQ)
5251 		cancel_work_sync(&sd_dp->ew.work);
5252 }
5253 
5254 /* If @cmnd found deletes its timer or work queue and returns true; else
5255    returns false */
5256 static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
5257 {
5258 	unsigned long iflags;
5259 	int j, k, qmax, r_qmax;
5260 	enum sdeb_defer_type l_defer_t;
5261 	struct sdebug_queue *sqp;
5262 	struct sdebug_queued_cmd *sqcp;
5263 	struct sdebug_dev_info *devip;
5264 	struct sdebug_defer *sd_dp;
5265 
5266 	for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5267 		spin_lock_irqsave(&sqp->qc_lock, iflags);
5268 		qmax = sdebug_max_queue;
5269 		r_qmax = atomic_read(&retired_max_queue);
5270 		if (r_qmax > qmax)
5271 			qmax = r_qmax;
5272 		for (k = 0; k < qmax; ++k) {
5273 			if (test_bit(k, sqp->in_use_bm)) {
5274 				sqcp = &sqp->qc_arr[k];
5275 				if (cmnd != sqcp->a_cmnd)
5276 					continue;
5277 				/* found */
5278 				devip = (struct sdebug_dev_info *)
5279 						cmnd->device->hostdata;
5280 				if (devip)
5281 					atomic_dec(&devip->num_in_q);
5282 				sqcp->a_cmnd = NULL;
5283 				sd_dp = sqcp->sd_dp;
5284 				if (sd_dp) {
5285 					l_defer_t = READ_ONCE(sd_dp->defer_t);
5286 					WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_NONE);
5287 				} else
5288 					l_defer_t = SDEB_DEFER_NONE;
5289 				spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5290 				stop_qc_helper(sd_dp, l_defer_t);
5291 				clear_bit(k, sqp->in_use_bm);
5292 				return true;
5293 			}
5294 		}
5295 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5296 	}
5297 	return false;
5298 }
5299 
5300 /* Deletes (stops) timers or work queues of all queued commands */
5301 static void stop_all_queued(void)
5302 {
5303 	unsigned long iflags;
5304 	int j, k;
5305 	enum sdeb_defer_type l_defer_t;
5306 	struct sdebug_queue *sqp;
5307 	struct sdebug_queued_cmd *sqcp;
5308 	struct sdebug_dev_info *devip;
5309 	struct sdebug_defer *sd_dp;
5310 
5311 	for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5312 		spin_lock_irqsave(&sqp->qc_lock, iflags);
5313 		for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
5314 			if (test_bit(k, sqp->in_use_bm)) {
5315 				sqcp = &sqp->qc_arr[k];
5316 				if (sqcp->a_cmnd == NULL)
5317 					continue;
5318 				devip = (struct sdebug_dev_info *)
5319 					sqcp->a_cmnd->device->hostdata;
5320 				if (devip)
5321 					atomic_dec(&devip->num_in_q);
5322 				sqcp->a_cmnd = NULL;
5323 				sd_dp = sqcp->sd_dp;
5324 				if (sd_dp) {
5325 					l_defer_t = READ_ONCE(sd_dp->defer_t);
5326 					WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_NONE);
5327 				} else
5328 					l_defer_t = SDEB_DEFER_NONE;
5329 				spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5330 				stop_qc_helper(sd_dp, l_defer_t);
5331 				clear_bit(k, sqp->in_use_bm);
5332 				spin_lock_irqsave(&sqp->qc_lock, iflags);
5333 			}
5334 		}
5335 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5336 	}
5337 }
5338 
5339 /* Free queued command memory on heap */
5340 static void free_all_queued(void)
5341 {
5342 	int j, k;
5343 	struct sdebug_queue *sqp;
5344 	struct sdebug_queued_cmd *sqcp;
5345 
5346 	for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
5347 		for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
5348 			sqcp = &sqp->qc_arr[k];
5349 			kfree(sqcp->sd_dp);
5350 			sqcp->sd_dp = NULL;
5351 		}
5352 	}
5353 }
5354 
5355 static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
5356 {
5357 	bool ok;
5358 
5359 	++num_aborts;
5360 	if (SCpnt) {
5361 		ok = stop_queued_cmnd(SCpnt);
5362 		if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
5363 			sdev_printk(KERN_INFO, SCpnt->device,
5364 				    "%s: command%s found\n", __func__,
5365 				    ok ? "" : " not");
5366 	}
5367 	return SUCCESS;
5368 }
5369 
5370 static int scsi_debug_device_reset(struct scsi_cmnd *SCpnt)
5371 {
5372 	++num_dev_resets;
5373 	if (SCpnt && SCpnt->device) {
5374 		struct scsi_device *sdp = SCpnt->device;
5375 		struct sdebug_dev_info *devip =
5376 				(struct sdebug_dev_info *)sdp->hostdata;
5377 
5378 		if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5379 			sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5380 		if (devip)
5381 			set_bit(SDEBUG_UA_POR, devip->uas_bm);
5382 	}
5383 	return SUCCESS;
5384 }
5385 
5386 static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
5387 {
5388 	struct sdebug_host_info *sdbg_host;
5389 	struct sdebug_dev_info *devip;
5390 	struct scsi_device *sdp;
5391 	struct Scsi_Host *hp;
5392 	int k = 0;
5393 
5394 	++num_target_resets;
5395 	if (!SCpnt)
5396 		goto lie;
5397 	sdp = SCpnt->device;
5398 	if (!sdp)
5399 		goto lie;
5400 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5401 		sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5402 	hp = sdp->host;
5403 	if (!hp)
5404 		goto lie;
5405 	sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
5406 	if (sdbg_host) {
5407 		list_for_each_entry(devip,
5408 				    &sdbg_host->dev_info_list,
5409 				    dev_list)
5410 			if (devip->target == sdp->id) {
5411 				set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5412 				++k;
5413 			}
5414 	}
5415 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5416 		sdev_printk(KERN_INFO, sdp,
5417 			    "%s: %d device(s) found in target\n", __func__, k);
5418 lie:
5419 	return SUCCESS;
5420 }
5421 
5422 static int scsi_debug_bus_reset(struct scsi_cmnd *SCpnt)
5423 {
5424 	struct sdebug_host_info *sdbg_host;
5425 	struct sdebug_dev_info *devip;
5426 	struct scsi_device *sdp;
5427 	struct Scsi_Host *hp;
5428 	int k = 0;
5429 
5430 	++num_bus_resets;
5431 	if (!(SCpnt && SCpnt->device))
5432 		goto lie;
5433 	sdp = SCpnt->device;
5434 	if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
5435 		sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
5436 	hp = sdp->host;
5437 	if (hp) {
5438 		sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
5439 		if (sdbg_host) {
5440 			list_for_each_entry(devip,
5441 					    &sdbg_host->dev_info_list,
5442 					    dev_list) {
5443 				set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5444 				++k;
5445 			}
5446 		}
5447 	}
5448 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5449 		sdev_printk(KERN_INFO, sdp,
5450 			    "%s: %d device(s) found in host\n", __func__, k);
5451 lie:
5452 	return SUCCESS;
5453 }
5454 
5455 static int scsi_debug_host_reset(struct scsi_cmnd *SCpnt)
5456 {
5457 	struct sdebug_host_info *sdbg_host;
5458 	struct sdebug_dev_info *devip;
5459 	int k = 0;
5460 
5461 	++num_host_resets;
5462 	if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
5463 		sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
5464 	spin_lock(&sdebug_host_list_lock);
5465 	list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
5466 		list_for_each_entry(devip, &sdbg_host->dev_info_list,
5467 				    dev_list) {
5468 			set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
5469 			++k;
5470 		}
5471 	}
5472 	spin_unlock(&sdebug_host_list_lock);
5473 	stop_all_queued();
5474 	if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
5475 		sdev_printk(KERN_INFO, SCpnt->device,
5476 			    "%s: %d device(s) found\n", __func__, k);
5477 	return SUCCESS;
5478 }
5479 
5480 static void sdebug_build_parts(unsigned char *ramp, unsigned long store_size)
5481 {
5482 	struct msdos_partition *pp;
5483 	int starts[SDEBUG_MAX_PARTS + 2], max_part_secs;
5484 	int sectors_per_part, num_sectors, k;
5485 	int heads_by_sects, start_sec, end_sec;
5486 
5487 	/* assume partition table already zeroed */
5488 	if ((sdebug_num_parts < 1) || (store_size < 1048576))
5489 		return;
5490 	if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
5491 		sdebug_num_parts = SDEBUG_MAX_PARTS;
5492 		pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
5493 	}
5494 	num_sectors = (int)get_sdebug_capacity();
5495 	sectors_per_part = (num_sectors - sdebug_sectors_per)
5496 			   / sdebug_num_parts;
5497 	heads_by_sects = sdebug_heads * sdebug_sectors_per;
5498 	starts[0] = sdebug_sectors_per;
5499 	max_part_secs = sectors_per_part;
5500 	for (k = 1; k < sdebug_num_parts; ++k) {
5501 		starts[k] = ((k * sectors_per_part) / heads_by_sects)
5502 			    * heads_by_sects;
5503 		if (starts[k] - starts[k - 1] < max_part_secs)
5504 			max_part_secs = starts[k] - starts[k - 1];
5505 	}
5506 	starts[sdebug_num_parts] = num_sectors;
5507 	starts[sdebug_num_parts + 1] = 0;
5508 
5509 	ramp[510] = 0x55;	/* magic partition markings */
5510 	ramp[511] = 0xAA;
5511 	pp = (struct msdos_partition *)(ramp + 0x1be);
5512 	for (k = 0; starts[k + 1]; ++k, ++pp) {
5513 		start_sec = starts[k];
5514 		end_sec = starts[k] + max_part_secs - 1;
5515 		pp->boot_ind = 0;
5516 
5517 		pp->cyl = start_sec / heads_by_sects;
5518 		pp->head = (start_sec - (pp->cyl * heads_by_sects))
5519 			   / sdebug_sectors_per;
5520 		pp->sector = (start_sec % sdebug_sectors_per) + 1;
5521 
5522 		pp->end_cyl = end_sec / heads_by_sects;
5523 		pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
5524 			       / sdebug_sectors_per;
5525 		pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
5526 
5527 		pp->start_sect = cpu_to_le32(start_sec);
5528 		pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
5529 		pp->sys_ind = 0x83;	/* plain Linux partition */
5530 	}
5531 }
5532 
5533 static void block_unblock_all_queues(bool block)
5534 {
5535 	int j;
5536 	struct sdebug_queue *sqp;
5537 
5538 	for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
5539 		atomic_set(&sqp->blocked, (int)block);
5540 }
5541 
5542 /* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
5543  * commands will be processed normally before triggers occur.
5544  */
5545 static void tweak_cmnd_count(void)
5546 {
5547 	int count, modulo;
5548 
5549 	modulo = abs(sdebug_every_nth);
5550 	if (modulo < 2)
5551 		return;
5552 	block_unblock_all_queues(true);
5553 	count = atomic_read(&sdebug_cmnd_count);
5554 	atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
5555 	block_unblock_all_queues(false);
5556 }
5557 
5558 static void clear_queue_stats(void)
5559 {
5560 	atomic_set(&sdebug_cmnd_count, 0);
5561 	atomic_set(&sdebug_completions, 0);
5562 	atomic_set(&sdebug_miss_cpus, 0);
5563 	atomic_set(&sdebug_a_tsf, 0);
5564 }
5565 
5566 static bool inject_on_this_cmd(void)
5567 {
5568 	if (sdebug_every_nth == 0)
5569 		return false;
5570 	return (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) == 0;
5571 }
5572 
5573 #define INCLUSIVE_TIMING_MAX_NS 1000000		/* 1 millisecond */
5574 
5575 /* Complete the processing of the thread that queued a SCSI command to this
5576  * driver. It either completes the command by calling cmnd_done() or
5577  * schedules a hr timer or work queue then returns 0. Returns
5578  * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
5579  */
5580 static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
5581 			 int scsi_result,
5582 			 int (*pfp)(struct scsi_cmnd *,
5583 				    struct sdebug_dev_info *),
5584 			 int delta_jiff, int ndelay)
5585 {
5586 	bool new_sd_dp;
5587 	bool inject = false;
5588 	bool polled = scsi_cmd_to_rq(cmnd)->cmd_flags & REQ_POLLED;
5589 	int k, num_in_q, qdepth;
5590 	unsigned long iflags;
5591 	u64 ns_from_boot = 0;
5592 	struct sdebug_queue *sqp;
5593 	struct sdebug_queued_cmd *sqcp;
5594 	struct scsi_device *sdp;
5595 	struct sdebug_defer *sd_dp;
5596 
5597 	if (unlikely(devip == NULL)) {
5598 		if (scsi_result == 0)
5599 			scsi_result = DID_NO_CONNECT << 16;
5600 		goto respond_in_thread;
5601 	}
5602 	sdp = cmnd->device;
5603 
5604 	if (delta_jiff == 0)
5605 		goto respond_in_thread;
5606 
5607 	sqp = get_queue(cmnd);
5608 	spin_lock_irqsave(&sqp->qc_lock, iflags);
5609 	if (unlikely(atomic_read(&sqp->blocked))) {
5610 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5611 		return SCSI_MLQUEUE_HOST_BUSY;
5612 	}
5613 	num_in_q = atomic_read(&devip->num_in_q);
5614 	qdepth = cmnd->device->queue_depth;
5615 	if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
5616 		if (scsi_result) {
5617 			spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5618 			goto respond_in_thread;
5619 		} else
5620 			scsi_result = device_qfull_result;
5621 	} else if (unlikely(sdebug_every_nth &&
5622 			    (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
5623 			    (scsi_result == 0))) {
5624 		if ((num_in_q == (qdepth - 1)) &&
5625 		    (atomic_inc_return(&sdebug_a_tsf) >=
5626 		     abs(sdebug_every_nth))) {
5627 			atomic_set(&sdebug_a_tsf, 0);
5628 			inject = true;
5629 			scsi_result = device_qfull_result;
5630 		}
5631 	}
5632 
5633 	k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
5634 	if (unlikely(k >= sdebug_max_queue)) {
5635 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5636 		if (scsi_result)
5637 			goto respond_in_thread;
5638 		scsi_result = device_qfull_result;
5639 		if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
5640 			sdev_printk(KERN_INFO, sdp, "%s: max_queue=%d exceeded: TASK SET FULL\n",
5641 				    __func__, sdebug_max_queue);
5642 		goto respond_in_thread;
5643 	}
5644 	set_bit(k, sqp->in_use_bm);
5645 	atomic_inc(&devip->num_in_q);
5646 	sqcp = &sqp->qc_arr[k];
5647 	sqcp->a_cmnd = cmnd;
5648 	cmnd->host_scribble = (unsigned char *)sqcp;
5649 	sd_dp = sqcp->sd_dp;
5650 	spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5651 
5652 	if (!sd_dp) {
5653 		sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
5654 		if (!sd_dp) {
5655 			atomic_dec(&devip->num_in_q);
5656 			clear_bit(k, sqp->in_use_bm);
5657 			return SCSI_MLQUEUE_HOST_BUSY;
5658 		}
5659 		new_sd_dp = true;
5660 	} else {
5661 		new_sd_dp = false;
5662 	}
5663 
5664 	/* Set the hostwide tag */
5665 	if (sdebug_host_max_queue)
5666 		sd_dp->hc_idx = get_tag(cmnd);
5667 
5668 	if (polled)
5669 		ns_from_boot = ktime_get_boottime_ns();
5670 
5671 	/* one of the resp_*() response functions is called here */
5672 	cmnd->result = pfp ? pfp(cmnd, devip) : 0;
5673 	if (cmnd->result & SDEG_RES_IMMED_MASK) {
5674 		cmnd->result &= ~SDEG_RES_IMMED_MASK;
5675 		delta_jiff = ndelay = 0;
5676 	}
5677 	if (cmnd->result == 0 && scsi_result != 0)
5678 		cmnd->result = scsi_result;
5679 	if (cmnd->result == 0 && unlikely(sdebug_opts & SDEBUG_OPT_TRANSPORT_ERR)) {
5680 		if (atomic_read(&sdeb_inject_pending)) {
5681 			mk_sense_buffer(cmnd, ABORTED_COMMAND, TRANSPORT_PROBLEM, ACK_NAK_TO);
5682 			atomic_set(&sdeb_inject_pending, 0);
5683 			cmnd->result = check_condition_result;
5684 		}
5685 	}
5686 
5687 	if (unlikely(sdebug_verbose && cmnd->result))
5688 		sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
5689 			    __func__, cmnd->result);
5690 
5691 	if (delta_jiff > 0 || ndelay > 0) {
5692 		ktime_t kt;
5693 
5694 		if (delta_jiff > 0) {
5695 			u64 ns = jiffies_to_nsecs(delta_jiff);
5696 
5697 			if (sdebug_random && ns < U32_MAX) {
5698 				ns = prandom_u32_max((u32)ns);
5699 			} else if (sdebug_random) {
5700 				ns >>= 12;	/* scale to 4 usec precision */
5701 				if (ns < U32_MAX)	/* over 4 hours max */
5702 					ns = prandom_u32_max((u32)ns);
5703 				ns <<= 12;
5704 			}
5705 			kt = ns_to_ktime(ns);
5706 		} else {	/* ndelay has a 4.2 second max */
5707 			kt = sdebug_random ? prandom_u32_max((u32)ndelay) :
5708 					     (u32)ndelay;
5709 			if (ndelay < INCLUSIVE_TIMING_MAX_NS) {
5710 				u64 d = ktime_get_boottime_ns() - ns_from_boot;
5711 
5712 				if (kt <= d) {	/* elapsed duration >= kt */
5713 					spin_lock_irqsave(&sqp->qc_lock, iflags);
5714 					sqcp->a_cmnd = NULL;
5715 					atomic_dec(&devip->num_in_q);
5716 					clear_bit(k, sqp->in_use_bm);
5717 					spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5718 					if (new_sd_dp)
5719 						kfree(sd_dp);
5720 					/* call scsi_done() from this thread */
5721 					scsi_done(cmnd);
5722 					return 0;
5723 				}
5724 				/* otherwise reduce kt by elapsed time */
5725 				kt -= d;
5726 			}
5727 		}
5728 		if (polled) {
5729 			sd_dp->cmpl_ts = ktime_add(ns_to_ktime(ns_from_boot), kt);
5730 			spin_lock_irqsave(&sqp->qc_lock, iflags);
5731 			if (!sd_dp->init_poll) {
5732 				sd_dp->init_poll = true;
5733 				sqcp->sd_dp = sd_dp;
5734 				sd_dp->sqa_idx = sqp - sdebug_q_arr;
5735 				sd_dp->qc_idx = k;
5736 			}
5737 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
5738 			spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5739 		} else {
5740 			if (!sd_dp->init_hrt) {
5741 				sd_dp->init_hrt = true;
5742 				sqcp->sd_dp = sd_dp;
5743 				hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
5744 					     HRTIMER_MODE_REL_PINNED);
5745 				sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
5746 				sd_dp->sqa_idx = sqp - sdebug_q_arr;
5747 				sd_dp->qc_idx = k;
5748 			}
5749 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_HRT);
5750 			/* schedule the invocation of scsi_done() for a later time */
5751 			hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
5752 		}
5753 		if (sdebug_statistics)
5754 			sd_dp->issuing_cpu = raw_smp_processor_id();
5755 	} else {	/* jdelay < 0, use work queue */
5756 		if (unlikely((sdebug_opts & SDEBUG_OPT_CMD_ABORT) &&
5757 			     atomic_read(&sdeb_inject_pending)))
5758 			sd_dp->aborted = true;
5759 		if (polled) {
5760 			sd_dp->cmpl_ts = ns_to_ktime(ns_from_boot);
5761 			spin_lock_irqsave(&sqp->qc_lock, iflags);
5762 			if (!sd_dp->init_poll) {
5763 				sd_dp->init_poll = true;
5764 				sqcp->sd_dp = sd_dp;
5765 				sd_dp->sqa_idx = sqp - sdebug_q_arr;
5766 				sd_dp->qc_idx = k;
5767 			}
5768 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);
5769 			spin_unlock_irqrestore(&sqp->qc_lock, iflags);
5770 		} else {
5771 			if (!sd_dp->init_wq) {
5772 				sd_dp->init_wq = true;
5773 				sqcp->sd_dp = sd_dp;
5774 				sd_dp->sqa_idx = sqp - sdebug_q_arr;
5775 				sd_dp->qc_idx = k;
5776 				INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
5777 			}
5778 			WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_WQ);
5779 			schedule_work(&sd_dp->ew.work);
5780 		}
5781 		if (sdebug_statistics)
5782 			sd_dp->issuing_cpu = raw_smp_processor_id();
5783 		if (unlikely(sd_dp->aborted)) {
5784 			sdev_printk(KERN_INFO, sdp, "abort request tag %d\n",
5785 				    scsi_cmd_to_rq(cmnd)->tag);
5786 			blk_abort_request(scsi_cmd_to_rq(cmnd));
5787 			atomic_set(&sdeb_inject_pending, 0);
5788 			sd_dp->aborted = false;
5789 		}
5790 	}
5791 	if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) && scsi_result == device_qfull_result))
5792 		sdev_printk(KERN_INFO, sdp, "%s: num_in_q=%d +1, %s%s\n", __func__,
5793 			    num_in_q, (inject ? "<inject> " : ""), "status: TASK SET FULL");
5794 	return 0;
5795 
5796 respond_in_thread:	/* call back to mid-layer using invocation thread */
5797 	cmnd->result = pfp != NULL ? pfp(cmnd, devip) : 0;
5798 	cmnd->result &= ~SDEG_RES_IMMED_MASK;
5799 	if (cmnd->result == 0 && scsi_result != 0)
5800 		cmnd->result = scsi_result;
5801 	scsi_done(cmnd);
5802 	return 0;
5803 }
5804 
5805 /* Note: The following macros create attribute files in the
5806    /sys/module/scsi_debug/parameters directory. Unfortunately this
5807    driver is unaware of a change and cannot trigger auxiliary actions
5808    as it can when the corresponding attribute in the
5809    /sys/bus/pseudo/drivers/scsi_debug directory is changed.
5810  */
5811 module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
5812 module_param_named(ato, sdebug_ato, int, S_IRUGO);
5813 module_param_named(cdb_len, sdebug_cdb_len, int, 0644);
5814 module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
5815 module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
5816 module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
5817 module_param_named(dif, sdebug_dif, int, S_IRUGO);
5818 module_param_named(dix, sdebug_dix, int, S_IRUGO);
5819 module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
5820 module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
5821 module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
5822 module_param_named(guard, sdebug_guard, uint, S_IRUGO);
5823 module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
5824 module_param_named(host_max_queue, sdebug_host_max_queue, int, S_IRUGO);
5825 module_param_string(inq_product, sdebug_inq_product_id,
5826 		    sizeof(sdebug_inq_product_id), S_IRUGO | S_IWUSR);
5827 module_param_string(inq_rev, sdebug_inq_product_rev,
5828 		    sizeof(sdebug_inq_product_rev), S_IRUGO | S_IWUSR);
5829 module_param_string(inq_vendor, sdebug_inq_vendor_id,
5830 		    sizeof(sdebug_inq_vendor_id), S_IRUGO | S_IWUSR);
5831 module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
5832 module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
5833 module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
5834 module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
5835 module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
5836 module_param_named(lun_format, sdebug_lun_am_i, int, S_IRUGO | S_IWUSR);
5837 module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
5838 module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
5839 module_param_named(medium_error_count, sdebug_medium_error_count, int,
5840 		   S_IRUGO | S_IWUSR);
5841 module_param_named(medium_error_start, sdebug_medium_error_start, int,
5842 		   S_IRUGO | S_IWUSR);
5843 module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
5844 module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
5845 module_param_named(no_rwlock, sdebug_no_rwlock, bool, S_IRUGO | S_IWUSR);
5846 module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
5847 module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
5848 module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
5849 module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
5850 module_param_named(opt_xferlen_exp, sdebug_opt_xferlen_exp, int, S_IRUGO);
5851 module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
5852 module_param_named(per_host_store, sdebug_per_host_store, bool,
5853 		   S_IRUGO | S_IWUSR);
5854 module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
5855 module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
5856 module_param_named(random, sdebug_random, bool, S_IRUGO | S_IWUSR);
5857 module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
5858 module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
5859 module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
5860 module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
5861 module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
5862 module_param_named(submit_queues, submit_queues, int, S_IRUGO);
5863 module_param_named(poll_queues, poll_queues, int, S_IRUGO);
5864 module_param_named(tur_ms_to_ready, sdeb_tur_ms_to_ready, int, S_IRUGO);
5865 module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
5866 module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
5867 module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
5868 module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
5869 module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
5870 module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
5871 module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
5872 		   S_IRUGO | S_IWUSR);
5873 module_param_named(wp, sdebug_wp, bool, S_IRUGO | S_IWUSR);
5874 module_param_named(write_same_length, sdebug_write_same_length, int,
5875 		   S_IRUGO | S_IWUSR);
5876 module_param_named(zbc, sdeb_zbc_model_s, charp, S_IRUGO);
5877 module_param_named(zone_cap_mb, sdeb_zbc_zone_cap_mb, int, S_IRUGO);
5878 module_param_named(zone_max_open, sdeb_zbc_max_open, int, S_IRUGO);
5879 module_param_named(zone_nr_conv, sdeb_zbc_nr_conv, int, S_IRUGO);
5880 module_param_named(zone_size_mb, sdeb_zbc_zone_size_mb, int, S_IRUGO);
5881 
5882 MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
5883 MODULE_DESCRIPTION("SCSI debug adapter driver");
5884 MODULE_LICENSE("GPL");
5885 MODULE_VERSION(SDEBUG_VERSION);
5886 
5887 MODULE_PARM_DESC(add_host, "add n hosts, in sysfs if negative remove host(s) (def=1)");
5888 MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
5889 MODULE_PARM_DESC(cdb_len, "suggest CDB lengths to drivers (def=10)");
5890 MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
5891 MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
5892 MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
5893 MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
5894 MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
5895 MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
5896 MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
5897 MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
5898 MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
5899 MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
5900 MODULE_PARM_DESC(host_max_queue,
5901 		 "host max # of queued cmds (0 to max(def) [max_queue fixed equal for !0])");
5902 MODULE_PARM_DESC(inq_product, "SCSI INQUIRY product string (def=\"scsi_debug\")");
5903 MODULE_PARM_DESC(inq_rev, "SCSI INQUIRY revision string (def=\""
5904 		 SDEBUG_VERSION "\")");
5905 MODULE_PARM_DESC(inq_vendor, "SCSI INQUIRY vendor string (def=\"Linux\")");
5906 MODULE_PARM_DESC(lbprz,
5907 		 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
5908 MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
5909 MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
5910 MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
5911 MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
5912 MODULE_PARM_DESC(lun_format, "LUN format: 0->peripheral (def); 1 --> flat address method");
5913 MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
5914 MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
5915 MODULE_PARM_DESC(medium_error_count, "count of sectors to return follow on MEDIUM error");
5916 MODULE_PARM_DESC(medium_error_start, "starting sector number to return MEDIUM error");
5917 MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
5918 MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
5919 MODULE_PARM_DESC(no_rwlock, "don't protect user data reads+writes (def=0)");
5920 MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
5921 MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
5922 MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
5923 MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
5924 MODULE_PARM_DESC(opt_xferlen_exp, "optimal transfer length granularity exponent (def=physblk_exp)");
5925 MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
5926 MODULE_PARM_DESC(per_host_store, "If set, next positive add_host will get new store (def=0)");
5927 MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
5928 MODULE_PARM_DESC(poll_queues, "support for iouring iopoll queues (1 to max(submit_queues - 1))");
5929 MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
5930 MODULE_PARM_DESC(random, "If set, uniformly randomize command duration between 0 and delay_in_ns");
5931 MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
5932 MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
5933 MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
5934 MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
5935 MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
5936 MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
5937 MODULE_PARM_DESC(tur_ms_to_ready, "TEST UNIT READY millisecs before initial good status (def=0)");
5938 MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
5939 MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
5940 MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
5941 MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
5942 MODULE_PARM_DESC(uuid_ctl,
5943 		 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
5944 MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
5945 MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
5946 MODULE_PARM_DESC(wp, "Write Protect (def=0)");
5947 MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
5948 MODULE_PARM_DESC(zbc, "'none' [0]; 'aware' [1]; 'managed' [2] (def=0). Can have 'host-' prefix");
5949 MODULE_PARM_DESC(zone_cap_mb, "Zone capacity in MiB (def=zone size)");
5950 MODULE_PARM_DESC(zone_max_open, "Maximum number of open zones; [0] for no limit (def=auto)");
5951 MODULE_PARM_DESC(zone_nr_conv, "Number of conventional zones (def=1)");
5952 MODULE_PARM_DESC(zone_size_mb, "Zone size in MiB (def=auto)");
5953 
5954 #define SDEBUG_INFO_LEN 256
5955 static char sdebug_info[SDEBUG_INFO_LEN];
5956 
5957 static const char *scsi_debug_info(struct Scsi_Host *shp)
5958 {
5959 	int k;
5960 
5961 	k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
5962 		      my_name, SDEBUG_VERSION, sdebug_version_date);
5963 	if (k >= (SDEBUG_INFO_LEN - 1))
5964 		return sdebug_info;
5965 	scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
5966 		  "  dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
5967 		  sdebug_dev_size_mb, sdebug_opts, submit_queues,
5968 		  "statistics", (int)sdebug_statistics);
5969 	return sdebug_info;
5970 }
5971 
5972 /* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
5973 static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
5974 				 int length)
5975 {
5976 	char arr[16];
5977 	int opts;
5978 	int minLen = length > 15 ? 15 : length;
5979 
5980 	if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
5981 		return -EACCES;
5982 	memcpy(arr, buffer, minLen);
5983 	arr[minLen] = '\0';
5984 	if (1 != sscanf(arr, "%d", &opts))
5985 		return -EINVAL;
5986 	sdebug_opts = opts;
5987 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
5988 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
5989 	if (sdebug_every_nth != 0)
5990 		tweak_cmnd_count();
5991 	return length;
5992 }
5993 
5994 /* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
5995  * same for each scsi_debug host (if more than one). Some of the counters
5996  * output are not atomics so might be inaccurate in a busy system. */
5997 static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
5998 {
5999 	int f, j, l;
6000 	struct sdebug_queue *sqp;
6001 	struct sdebug_host_info *sdhp;
6002 
6003 	seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
6004 		   SDEBUG_VERSION, sdebug_version_date);
6005 	seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
6006 		   sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
6007 		   sdebug_opts, sdebug_every_nth);
6008 	seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
6009 		   sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
6010 		   sdebug_sector_size, "bytes");
6011 	seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
6012 		   sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
6013 		   num_aborts);
6014 	seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
6015 		   num_dev_resets, num_target_resets, num_bus_resets,
6016 		   num_host_resets);
6017 	seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
6018 		   dix_reads, dix_writes, dif_errors);
6019 	seq_printf(m, "usec_in_jiffy=%lu, statistics=%d\n", TICK_NSEC / 1000,
6020 		   sdebug_statistics);
6021 	seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d, mq_polls=%d\n",
6022 		   atomic_read(&sdebug_cmnd_count),
6023 		   atomic_read(&sdebug_completions),
6024 		   "miss_cpus", atomic_read(&sdebug_miss_cpus),
6025 		   atomic_read(&sdebug_a_tsf),
6026 		   atomic_read(&sdeb_mq_poll_count));
6027 
6028 	seq_printf(m, "submit_queues=%d\n", submit_queues);
6029 	for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
6030 		seq_printf(m, "  queue %d:\n", j);
6031 		f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
6032 		if (f != sdebug_max_queue) {
6033 			l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
6034 			seq_printf(m, "    in_use_bm BUSY: %s: %d,%d\n",
6035 				   "first,last bits", f, l);
6036 		}
6037 	}
6038 
6039 	seq_printf(m, "this host_no=%d\n", host->host_no);
6040 	if (!xa_empty(per_store_ap)) {
6041 		bool niu;
6042 		int idx;
6043 		unsigned long l_idx;
6044 		struct sdeb_store_info *sip;
6045 
6046 		seq_puts(m, "\nhost list:\n");
6047 		j = 0;
6048 		list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6049 			idx = sdhp->si_idx;
6050 			seq_printf(m, "  %d: host_no=%d, si_idx=%d\n", j,
6051 				   sdhp->shost->host_no, idx);
6052 			++j;
6053 		}
6054 		seq_printf(m, "\nper_store array [most_recent_idx=%d]:\n",
6055 			   sdeb_most_recent_idx);
6056 		j = 0;
6057 		xa_for_each(per_store_ap, l_idx, sip) {
6058 			niu = xa_get_mark(per_store_ap, l_idx,
6059 					  SDEB_XA_NOT_IN_USE);
6060 			idx = (int)l_idx;
6061 			seq_printf(m, "  %d: idx=%d%s\n", j, idx,
6062 				   (niu ? "  not_in_use" : ""));
6063 			++j;
6064 		}
6065 	}
6066 	return 0;
6067 }
6068 
6069 static ssize_t delay_show(struct device_driver *ddp, char *buf)
6070 {
6071 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
6072 }
6073 /* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
6074  * of delay is jiffies.
6075  */
6076 static ssize_t delay_store(struct device_driver *ddp, const char *buf,
6077 			   size_t count)
6078 {
6079 	int jdelay, res;
6080 
6081 	if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
6082 		res = count;
6083 		if (sdebug_jdelay != jdelay) {
6084 			int j, k;
6085 			struct sdebug_queue *sqp;
6086 
6087 			block_unblock_all_queues(true);
6088 			for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
6089 			     ++j, ++sqp) {
6090 				k = find_first_bit(sqp->in_use_bm,
6091 						   sdebug_max_queue);
6092 				if (k != sdebug_max_queue) {
6093 					res = -EBUSY;   /* queued commands */
6094 					break;
6095 				}
6096 			}
6097 			if (res > 0) {
6098 				sdebug_jdelay = jdelay;
6099 				sdebug_ndelay = 0;
6100 			}
6101 			block_unblock_all_queues(false);
6102 		}
6103 		return res;
6104 	}
6105 	return -EINVAL;
6106 }
6107 static DRIVER_ATTR_RW(delay);
6108 
6109 static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
6110 {
6111 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
6112 }
6113 /* Returns -EBUSY if ndelay is being changed and commands are queued */
6114 /* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
6115 static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
6116 			    size_t count)
6117 {
6118 	int ndelay, res;
6119 
6120 	if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
6121 	    (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
6122 		res = count;
6123 		if (sdebug_ndelay != ndelay) {
6124 			int j, k;
6125 			struct sdebug_queue *sqp;
6126 
6127 			block_unblock_all_queues(true);
6128 			for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
6129 			     ++j, ++sqp) {
6130 				k = find_first_bit(sqp->in_use_bm,
6131 						   sdebug_max_queue);
6132 				if (k != sdebug_max_queue) {
6133 					res = -EBUSY;   /* queued commands */
6134 					break;
6135 				}
6136 			}
6137 			if (res > 0) {
6138 				sdebug_ndelay = ndelay;
6139 				sdebug_jdelay = ndelay  ? JDELAY_OVERRIDDEN
6140 							: DEF_JDELAY;
6141 			}
6142 			block_unblock_all_queues(false);
6143 		}
6144 		return res;
6145 	}
6146 	return -EINVAL;
6147 }
6148 static DRIVER_ATTR_RW(ndelay);
6149 
6150 static ssize_t opts_show(struct device_driver *ddp, char *buf)
6151 {
6152 	return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
6153 }
6154 
6155 static ssize_t opts_store(struct device_driver *ddp, const char *buf,
6156 			  size_t count)
6157 {
6158 	int opts;
6159 	char work[20];
6160 
6161 	if (sscanf(buf, "%10s", work) == 1) {
6162 		if (strncasecmp(work, "0x", 2) == 0) {
6163 			if (kstrtoint(work + 2, 16, &opts) == 0)
6164 				goto opts_done;
6165 		} else {
6166 			if (kstrtoint(work, 10, &opts) == 0)
6167 				goto opts_done;
6168 		}
6169 	}
6170 	return -EINVAL;
6171 opts_done:
6172 	sdebug_opts = opts;
6173 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
6174 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
6175 	tweak_cmnd_count();
6176 	return count;
6177 }
6178 static DRIVER_ATTR_RW(opts);
6179 
6180 static ssize_t ptype_show(struct device_driver *ddp, char *buf)
6181 {
6182 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
6183 }
6184 static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
6185 			   size_t count)
6186 {
6187 	int n;
6188 
6189 	/* Cannot change from or to TYPE_ZBC with sysfs */
6190 	if (sdebug_ptype == TYPE_ZBC)
6191 		return -EINVAL;
6192 
6193 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6194 		if (n == TYPE_ZBC)
6195 			return -EINVAL;
6196 		sdebug_ptype = n;
6197 		return count;
6198 	}
6199 	return -EINVAL;
6200 }
6201 static DRIVER_ATTR_RW(ptype);
6202 
6203 static ssize_t dsense_show(struct device_driver *ddp, char *buf)
6204 {
6205 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
6206 }
6207 static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
6208 			    size_t count)
6209 {
6210 	int n;
6211 
6212 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6213 		sdebug_dsense = n;
6214 		return count;
6215 	}
6216 	return -EINVAL;
6217 }
6218 static DRIVER_ATTR_RW(dsense);
6219 
6220 static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
6221 {
6222 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
6223 }
6224 static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
6225 			     size_t count)
6226 {
6227 	int n, idx;
6228 
6229 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6230 		bool want_store = (n == 0);
6231 		struct sdebug_host_info *sdhp;
6232 
6233 		n = (n > 0);
6234 		sdebug_fake_rw = (sdebug_fake_rw > 0);
6235 		if (sdebug_fake_rw == n)
6236 			return count;	/* not transitioning so do nothing */
6237 
6238 		if (want_store) {	/* 1 --> 0 transition, set up store */
6239 			if (sdeb_first_idx < 0) {
6240 				idx = sdebug_add_store();
6241 				if (idx < 0)
6242 					return idx;
6243 			} else {
6244 				idx = sdeb_first_idx;
6245 				xa_clear_mark(per_store_ap, idx,
6246 					      SDEB_XA_NOT_IN_USE);
6247 			}
6248 			/* make all hosts use same store */
6249 			list_for_each_entry(sdhp, &sdebug_host_list,
6250 					    host_list) {
6251 				if (sdhp->si_idx != idx) {
6252 					xa_set_mark(per_store_ap, sdhp->si_idx,
6253 						    SDEB_XA_NOT_IN_USE);
6254 					sdhp->si_idx = idx;
6255 				}
6256 			}
6257 			sdeb_most_recent_idx = idx;
6258 		} else {	/* 0 --> 1 transition is trigger for shrink */
6259 			sdebug_erase_all_stores(true /* apart from first */);
6260 		}
6261 		sdebug_fake_rw = n;
6262 		return count;
6263 	}
6264 	return -EINVAL;
6265 }
6266 static DRIVER_ATTR_RW(fake_rw);
6267 
6268 static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
6269 {
6270 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
6271 }
6272 static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
6273 			      size_t count)
6274 {
6275 	int n;
6276 
6277 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6278 		sdebug_no_lun_0 = n;
6279 		return count;
6280 	}
6281 	return -EINVAL;
6282 }
6283 static DRIVER_ATTR_RW(no_lun_0);
6284 
6285 static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
6286 {
6287 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
6288 }
6289 static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
6290 			      size_t count)
6291 {
6292 	int n;
6293 
6294 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6295 		sdebug_num_tgts = n;
6296 		sdebug_max_tgts_luns();
6297 		return count;
6298 	}
6299 	return -EINVAL;
6300 }
6301 static DRIVER_ATTR_RW(num_tgts);
6302 
6303 static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
6304 {
6305 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
6306 }
6307 static DRIVER_ATTR_RO(dev_size_mb);
6308 
6309 static ssize_t per_host_store_show(struct device_driver *ddp, char *buf)
6310 {
6311 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_per_host_store);
6312 }
6313 
6314 static ssize_t per_host_store_store(struct device_driver *ddp, const char *buf,
6315 				    size_t count)
6316 {
6317 	bool v;
6318 
6319 	if (kstrtobool(buf, &v))
6320 		return -EINVAL;
6321 
6322 	sdebug_per_host_store = v;
6323 	return count;
6324 }
6325 static DRIVER_ATTR_RW(per_host_store);
6326 
6327 static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
6328 {
6329 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
6330 }
6331 static DRIVER_ATTR_RO(num_parts);
6332 
6333 static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
6334 {
6335 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
6336 }
6337 static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
6338 			       size_t count)
6339 {
6340 	int nth;
6341 	char work[20];
6342 
6343 	if (sscanf(buf, "%10s", work) == 1) {
6344 		if (strncasecmp(work, "0x", 2) == 0) {
6345 			if (kstrtoint(work + 2, 16, &nth) == 0)
6346 				goto every_nth_done;
6347 		} else {
6348 			if (kstrtoint(work, 10, &nth) == 0)
6349 				goto every_nth_done;
6350 		}
6351 	}
6352 	return -EINVAL;
6353 
6354 every_nth_done:
6355 	sdebug_every_nth = nth;
6356 	if (nth && !sdebug_statistics) {
6357 		pr_info("every_nth needs statistics=1, set it\n");
6358 		sdebug_statistics = true;
6359 	}
6360 	tweak_cmnd_count();
6361 	return count;
6362 }
6363 static DRIVER_ATTR_RW(every_nth);
6364 
6365 static ssize_t lun_format_show(struct device_driver *ddp, char *buf)
6366 {
6367 	return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_lun_am);
6368 }
6369 static ssize_t lun_format_store(struct device_driver *ddp, const char *buf,
6370 				size_t count)
6371 {
6372 	int n;
6373 	bool changed;
6374 
6375 	if (kstrtoint(buf, 0, &n))
6376 		return -EINVAL;
6377 	if (n >= 0) {
6378 		if (n > (int)SAM_LUN_AM_FLAT) {
6379 			pr_warn("only LUN address methods 0 and 1 are supported\n");
6380 			return -EINVAL;
6381 		}
6382 		changed = ((int)sdebug_lun_am != n);
6383 		sdebug_lun_am = n;
6384 		if (changed && sdebug_scsi_level >= 5) {	/* >= SPC-3 */
6385 			struct sdebug_host_info *sdhp;
6386 			struct sdebug_dev_info *dp;
6387 
6388 			spin_lock(&sdebug_host_list_lock);
6389 			list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
6390 				list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
6391 					set_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
6392 				}
6393 			}
6394 			spin_unlock(&sdebug_host_list_lock);
6395 		}
6396 		return count;
6397 	}
6398 	return -EINVAL;
6399 }
6400 static DRIVER_ATTR_RW(lun_format);
6401 
6402 static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
6403 {
6404 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
6405 }
6406 static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
6407 			      size_t count)
6408 {
6409 	int n;
6410 	bool changed;
6411 
6412 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6413 		if (n > 256) {
6414 			pr_warn("max_luns can be no more than 256\n");
6415 			return -EINVAL;
6416 		}
6417 		changed = (sdebug_max_luns != n);
6418 		sdebug_max_luns = n;
6419 		sdebug_max_tgts_luns();
6420 		if (changed && (sdebug_scsi_level >= 5)) {	/* >= SPC-3 */
6421 			struct sdebug_host_info *sdhp;
6422 			struct sdebug_dev_info *dp;
6423 
6424 			spin_lock(&sdebug_host_list_lock);
6425 			list_for_each_entry(sdhp, &sdebug_host_list,
6426 					    host_list) {
6427 				list_for_each_entry(dp, &sdhp->dev_info_list,
6428 						    dev_list) {
6429 					set_bit(SDEBUG_UA_LUNS_CHANGED,
6430 						dp->uas_bm);
6431 				}
6432 			}
6433 			spin_unlock(&sdebug_host_list_lock);
6434 		}
6435 		return count;
6436 	}
6437 	return -EINVAL;
6438 }
6439 static DRIVER_ATTR_RW(max_luns);
6440 
6441 static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
6442 {
6443 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
6444 }
6445 /* N.B. max_queue can be changed while there are queued commands. In flight
6446  * commands beyond the new max_queue will be completed. */
6447 static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
6448 			       size_t count)
6449 {
6450 	int j, n, k, a;
6451 	struct sdebug_queue *sqp;
6452 
6453 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
6454 	    (n <= SDEBUG_CANQUEUE) &&
6455 	    (sdebug_host_max_queue == 0)) {
6456 		block_unblock_all_queues(true);
6457 		k = 0;
6458 		for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
6459 		     ++j, ++sqp) {
6460 			a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
6461 			if (a > k)
6462 				k = a;
6463 		}
6464 		sdebug_max_queue = n;
6465 		if (k == SDEBUG_CANQUEUE)
6466 			atomic_set(&retired_max_queue, 0);
6467 		else if (k >= n)
6468 			atomic_set(&retired_max_queue, k + 1);
6469 		else
6470 			atomic_set(&retired_max_queue, 0);
6471 		block_unblock_all_queues(false);
6472 		return count;
6473 	}
6474 	return -EINVAL;
6475 }
6476 static DRIVER_ATTR_RW(max_queue);
6477 
6478 static ssize_t host_max_queue_show(struct device_driver *ddp, char *buf)
6479 {
6480 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_host_max_queue);
6481 }
6482 
6483 static ssize_t no_rwlock_show(struct device_driver *ddp, char *buf)
6484 {
6485 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_rwlock);
6486 }
6487 
6488 static ssize_t no_rwlock_store(struct device_driver *ddp, const char *buf, size_t count)
6489 {
6490 	bool v;
6491 
6492 	if (kstrtobool(buf, &v))
6493 		return -EINVAL;
6494 
6495 	sdebug_no_rwlock = v;
6496 	return count;
6497 }
6498 static DRIVER_ATTR_RW(no_rwlock);
6499 
6500 /*
6501  * Since this is used for .can_queue, and we get the hc_idx tag from the bitmap
6502  * in range [0, sdebug_host_max_queue), we can't change it.
6503  */
6504 static DRIVER_ATTR_RO(host_max_queue);
6505 
6506 static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
6507 {
6508 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
6509 }
6510 static DRIVER_ATTR_RO(no_uld);
6511 
6512 static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
6513 {
6514 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
6515 }
6516 static DRIVER_ATTR_RO(scsi_level);
6517 
6518 static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
6519 {
6520 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
6521 }
6522 static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
6523 				size_t count)
6524 {
6525 	int n;
6526 	bool changed;
6527 
6528 	/* Ignore capacity change for ZBC drives for now */
6529 	if (sdeb_zbc_in_use)
6530 		return -ENOTSUPP;
6531 
6532 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6533 		changed = (sdebug_virtual_gb != n);
6534 		sdebug_virtual_gb = n;
6535 		sdebug_capacity = get_sdebug_capacity();
6536 		if (changed) {
6537 			struct sdebug_host_info *sdhp;
6538 			struct sdebug_dev_info *dp;
6539 
6540 			spin_lock(&sdebug_host_list_lock);
6541 			list_for_each_entry(sdhp, &sdebug_host_list,
6542 					    host_list) {
6543 				list_for_each_entry(dp, &sdhp->dev_info_list,
6544 						    dev_list) {
6545 					set_bit(SDEBUG_UA_CAPACITY_CHANGED,
6546 						dp->uas_bm);
6547 				}
6548 			}
6549 			spin_unlock(&sdebug_host_list_lock);
6550 		}
6551 		return count;
6552 	}
6553 	return -EINVAL;
6554 }
6555 static DRIVER_ATTR_RW(virtual_gb);
6556 
6557 static ssize_t add_host_show(struct device_driver *ddp, char *buf)
6558 {
6559 	/* absolute number of hosts currently active is what is shown */
6560 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_hosts);
6561 }
6562 
6563 static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
6564 			      size_t count)
6565 {
6566 	bool found;
6567 	unsigned long idx;
6568 	struct sdeb_store_info *sip;
6569 	bool want_phs = (sdebug_fake_rw == 0) && sdebug_per_host_store;
6570 	int delta_hosts;
6571 
6572 	if (sscanf(buf, "%d", &delta_hosts) != 1)
6573 		return -EINVAL;
6574 	if (delta_hosts > 0) {
6575 		do {
6576 			found = false;
6577 			if (want_phs) {
6578 				xa_for_each_marked(per_store_ap, idx, sip,
6579 						   SDEB_XA_NOT_IN_USE) {
6580 					sdeb_most_recent_idx = (int)idx;
6581 					found = true;
6582 					break;
6583 				}
6584 				if (found)	/* re-use case */
6585 					sdebug_add_host_helper((int)idx);
6586 				else
6587 					sdebug_do_add_host(true);
6588 			} else {
6589 				sdebug_do_add_host(false);
6590 			}
6591 		} while (--delta_hosts);
6592 	} else if (delta_hosts < 0) {
6593 		do {
6594 			sdebug_do_remove_host(false);
6595 		} while (++delta_hosts);
6596 	}
6597 	return count;
6598 }
6599 static DRIVER_ATTR_RW(add_host);
6600 
6601 static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
6602 {
6603 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
6604 }
6605 static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
6606 				    size_t count)
6607 {
6608 	int n;
6609 
6610 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6611 		sdebug_vpd_use_hostno = n;
6612 		return count;
6613 	}
6614 	return -EINVAL;
6615 }
6616 static DRIVER_ATTR_RW(vpd_use_hostno);
6617 
6618 static ssize_t statistics_show(struct device_driver *ddp, char *buf)
6619 {
6620 	return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
6621 }
6622 static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
6623 				size_t count)
6624 {
6625 	int n;
6626 
6627 	if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
6628 		if (n > 0)
6629 			sdebug_statistics = true;
6630 		else {
6631 			clear_queue_stats();
6632 			sdebug_statistics = false;
6633 		}
6634 		return count;
6635 	}
6636 	return -EINVAL;
6637 }
6638 static DRIVER_ATTR_RW(statistics);
6639 
6640 static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
6641 {
6642 	return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
6643 }
6644 static DRIVER_ATTR_RO(sector_size);
6645 
6646 static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
6647 {
6648 	return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
6649 }
6650 static DRIVER_ATTR_RO(submit_queues);
6651 
6652 static ssize_t dix_show(struct device_driver *ddp, char *buf)
6653 {
6654 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
6655 }
6656 static DRIVER_ATTR_RO(dix);
6657 
6658 static ssize_t dif_show(struct device_driver *ddp, char *buf)
6659 {
6660 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
6661 }
6662 static DRIVER_ATTR_RO(dif);
6663 
6664 static ssize_t guard_show(struct device_driver *ddp, char *buf)
6665 {
6666 	return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
6667 }
6668 static DRIVER_ATTR_RO(guard);
6669 
6670 static ssize_t ato_show(struct device_driver *ddp, char *buf)
6671 {
6672 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
6673 }
6674 static DRIVER_ATTR_RO(ato);
6675 
6676 static ssize_t map_show(struct device_driver *ddp, char *buf)
6677 {
6678 	ssize_t count = 0;
6679 
6680 	if (!scsi_debug_lbp())
6681 		return scnprintf(buf, PAGE_SIZE, "0-%u\n",
6682 				 sdebug_store_sectors);
6683 
6684 	if (sdebug_fake_rw == 0 && !xa_empty(per_store_ap)) {
6685 		struct sdeb_store_info *sip = xa_load(per_store_ap, 0);
6686 
6687 		if (sip)
6688 			count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
6689 					  (int)map_size, sip->map_storep);
6690 	}
6691 	buf[count++] = '\n';
6692 	buf[count] = '\0';
6693 
6694 	return count;
6695 }
6696 static DRIVER_ATTR_RO(map);
6697 
6698 static ssize_t random_show(struct device_driver *ddp, char *buf)
6699 {
6700 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_random);
6701 }
6702 
6703 static ssize_t random_store(struct device_driver *ddp, const char *buf,
6704 			    size_t count)
6705 {
6706 	bool v;
6707 
6708 	if (kstrtobool(buf, &v))
6709 		return -EINVAL;
6710 
6711 	sdebug_random = v;
6712 	return count;
6713 }
6714 static DRIVER_ATTR_RW(random);
6715 
6716 static ssize_t removable_show(struct device_driver *ddp, char *buf)
6717 {
6718 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
6719 }
6720 static ssize_t removable_store(struct device_driver *ddp, const char *buf,
6721 			       size_t count)
6722 {
6723 	int n;
6724 
6725 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6726 		sdebug_removable = (n > 0);
6727 		return count;
6728 	}
6729 	return -EINVAL;
6730 }
6731 static DRIVER_ATTR_RW(removable);
6732 
6733 static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
6734 {
6735 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
6736 }
6737 /* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
6738 static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
6739 			       size_t count)
6740 {
6741 	int n;
6742 
6743 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6744 		sdebug_host_lock = (n > 0);
6745 		return count;
6746 	}
6747 	return -EINVAL;
6748 }
6749 static DRIVER_ATTR_RW(host_lock);
6750 
6751 static ssize_t strict_show(struct device_driver *ddp, char *buf)
6752 {
6753 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
6754 }
6755 static ssize_t strict_store(struct device_driver *ddp, const char *buf,
6756 			    size_t count)
6757 {
6758 	int n;
6759 
6760 	if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
6761 		sdebug_strict = (n > 0);
6762 		return count;
6763 	}
6764 	return -EINVAL;
6765 }
6766 static DRIVER_ATTR_RW(strict);
6767 
6768 static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
6769 {
6770 	return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
6771 }
6772 static DRIVER_ATTR_RO(uuid_ctl);
6773 
6774 static ssize_t cdb_len_show(struct device_driver *ddp, char *buf)
6775 {
6776 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_cdb_len);
6777 }
6778 static ssize_t cdb_len_store(struct device_driver *ddp, const char *buf,
6779 			     size_t count)
6780 {
6781 	int ret, n;
6782 
6783 	ret = kstrtoint(buf, 0, &n);
6784 	if (ret)
6785 		return ret;
6786 	sdebug_cdb_len = n;
6787 	all_config_cdb_len();
6788 	return count;
6789 }
6790 static DRIVER_ATTR_RW(cdb_len);
6791 
6792 static const char * const zbc_model_strs_a[] = {
6793 	[BLK_ZONED_NONE] = "none",
6794 	[BLK_ZONED_HA]   = "host-aware",
6795 	[BLK_ZONED_HM]   = "host-managed",
6796 };
6797 
6798 static const char * const zbc_model_strs_b[] = {
6799 	[BLK_ZONED_NONE] = "no",
6800 	[BLK_ZONED_HA]   = "aware",
6801 	[BLK_ZONED_HM]   = "managed",
6802 };
6803 
6804 static const char * const zbc_model_strs_c[] = {
6805 	[BLK_ZONED_NONE] = "0",
6806 	[BLK_ZONED_HA]   = "1",
6807 	[BLK_ZONED_HM]   = "2",
6808 };
6809 
6810 static int sdeb_zbc_model_str(const char *cp)
6811 {
6812 	int res = sysfs_match_string(zbc_model_strs_a, cp);
6813 
6814 	if (res < 0) {
6815 		res = sysfs_match_string(zbc_model_strs_b, cp);
6816 		if (res < 0) {
6817 			res = sysfs_match_string(zbc_model_strs_c, cp);
6818 			if (res < 0)
6819 				return -EINVAL;
6820 		}
6821 	}
6822 	return res;
6823 }
6824 
6825 static ssize_t zbc_show(struct device_driver *ddp, char *buf)
6826 {
6827 	return scnprintf(buf, PAGE_SIZE, "%s\n",
6828 			 zbc_model_strs_a[sdeb_zbc_model]);
6829 }
6830 static DRIVER_ATTR_RO(zbc);
6831 
6832 static ssize_t tur_ms_to_ready_show(struct device_driver *ddp, char *buf)
6833 {
6834 	return scnprintf(buf, PAGE_SIZE, "%d\n", sdeb_tur_ms_to_ready);
6835 }
6836 static DRIVER_ATTR_RO(tur_ms_to_ready);
6837 
6838 /* Note: The following array creates attribute files in the
6839    /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
6840    files (over those found in the /sys/module/scsi_debug/parameters
6841    directory) is that auxiliary actions can be triggered when an attribute
6842    is changed. For example see: add_host_store() above.
6843  */
6844 
6845 static struct attribute *sdebug_drv_attrs[] = {
6846 	&driver_attr_delay.attr,
6847 	&driver_attr_opts.attr,
6848 	&driver_attr_ptype.attr,
6849 	&driver_attr_dsense.attr,
6850 	&driver_attr_fake_rw.attr,
6851 	&driver_attr_host_max_queue.attr,
6852 	&driver_attr_no_lun_0.attr,
6853 	&driver_attr_num_tgts.attr,
6854 	&driver_attr_dev_size_mb.attr,
6855 	&driver_attr_num_parts.attr,
6856 	&driver_attr_every_nth.attr,
6857 	&driver_attr_lun_format.attr,
6858 	&driver_attr_max_luns.attr,
6859 	&driver_attr_max_queue.attr,
6860 	&driver_attr_no_rwlock.attr,
6861 	&driver_attr_no_uld.attr,
6862 	&driver_attr_scsi_level.attr,
6863 	&driver_attr_virtual_gb.attr,
6864 	&driver_attr_add_host.attr,
6865 	&driver_attr_per_host_store.attr,
6866 	&driver_attr_vpd_use_hostno.attr,
6867 	&driver_attr_sector_size.attr,
6868 	&driver_attr_statistics.attr,
6869 	&driver_attr_submit_queues.attr,
6870 	&driver_attr_dix.attr,
6871 	&driver_attr_dif.attr,
6872 	&driver_attr_guard.attr,
6873 	&driver_attr_ato.attr,
6874 	&driver_attr_map.attr,
6875 	&driver_attr_random.attr,
6876 	&driver_attr_removable.attr,
6877 	&driver_attr_host_lock.attr,
6878 	&driver_attr_ndelay.attr,
6879 	&driver_attr_strict.attr,
6880 	&driver_attr_uuid_ctl.attr,
6881 	&driver_attr_cdb_len.attr,
6882 	&driver_attr_tur_ms_to_ready.attr,
6883 	&driver_attr_zbc.attr,
6884 	NULL,
6885 };
6886 ATTRIBUTE_GROUPS(sdebug_drv);
6887 
6888 static struct device *pseudo_primary;
6889 
6890 static int __init scsi_debug_init(void)
6891 {
6892 	bool want_store = (sdebug_fake_rw == 0);
6893 	unsigned long sz;
6894 	int k, ret, hosts_to_add;
6895 	int idx = -1;
6896 
6897 	ramdisk_lck_a[0] = &atomic_rw;
6898 	ramdisk_lck_a[1] = &atomic_rw2;
6899 	atomic_set(&retired_max_queue, 0);
6900 
6901 	if (sdebug_ndelay >= 1000 * 1000 * 1000) {
6902 		pr_warn("ndelay must be less than 1 second, ignored\n");
6903 		sdebug_ndelay = 0;
6904 	} else if (sdebug_ndelay > 0)
6905 		sdebug_jdelay = JDELAY_OVERRIDDEN;
6906 
6907 	switch (sdebug_sector_size) {
6908 	case  512:
6909 	case 1024:
6910 	case 2048:
6911 	case 4096:
6912 		break;
6913 	default:
6914 		pr_err("invalid sector_size %d\n", sdebug_sector_size);
6915 		return -EINVAL;
6916 	}
6917 
6918 	switch (sdebug_dif) {
6919 	case T10_PI_TYPE0_PROTECTION:
6920 		break;
6921 	case T10_PI_TYPE1_PROTECTION:
6922 	case T10_PI_TYPE2_PROTECTION:
6923 	case T10_PI_TYPE3_PROTECTION:
6924 		have_dif_prot = true;
6925 		break;
6926 
6927 	default:
6928 		pr_err("dif must be 0, 1, 2 or 3\n");
6929 		return -EINVAL;
6930 	}
6931 
6932 	if (sdebug_num_tgts < 0) {
6933 		pr_err("num_tgts must be >= 0\n");
6934 		return -EINVAL;
6935 	}
6936 
6937 	if (sdebug_guard > 1) {
6938 		pr_err("guard must be 0 or 1\n");
6939 		return -EINVAL;
6940 	}
6941 
6942 	if (sdebug_ato > 1) {
6943 		pr_err("ato must be 0 or 1\n");
6944 		return -EINVAL;
6945 	}
6946 
6947 	if (sdebug_physblk_exp > 15) {
6948 		pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
6949 		return -EINVAL;
6950 	}
6951 
6952 	sdebug_lun_am = sdebug_lun_am_i;
6953 	if (sdebug_lun_am > SAM_LUN_AM_FLAT) {
6954 		pr_warn("Invalid LUN format %u, using default\n", (int)sdebug_lun_am);
6955 		sdebug_lun_am = SAM_LUN_AM_PERIPHERAL;
6956 	}
6957 
6958 	if (sdebug_max_luns > 256) {
6959 		if (sdebug_max_luns > 16384) {
6960 			pr_warn("max_luns can be no more than 16384, use default\n");
6961 			sdebug_max_luns = DEF_MAX_LUNS;
6962 		}
6963 		sdebug_lun_am = SAM_LUN_AM_FLAT;
6964 	}
6965 
6966 	if (sdebug_lowest_aligned > 0x3fff) {
6967 		pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
6968 		return -EINVAL;
6969 	}
6970 
6971 	if (submit_queues < 1) {
6972 		pr_err("submit_queues must be 1 or more\n");
6973 		return -EINVAL;
6974 	}
6975 
6976 	if ((sdebug_max_queue > SDEBUG_CANQUEUE) || (sdebug_max_queue < 1)) {
6977 		pr_err("max_queue must be in range [1, %d]\n", SDEBUG_CANQUEUE);
6978 		return -EINVAL;
6979 	}
6980 
6981 	if ((sdebug_host_max_queue > SDEBUG_CANQUEUE) ||
6982 	    (sdebug_host_max_queue < 0)) {
6983 		pr_err("host_max_queue must be in range [0 %d]\n",
6984 		       SDEBUG_CANQUEUE);
6985 		return -EINVAL;
6986 	}
6987 
6988 	if (sdebug_host_max_queue &&
6989 	    (sdebug_max_queue != sdebug_host_max_queue)) {
6990 		sdebug_max_queue = sdebug_host_max_queue;
6991 		pr_warn("fixing max submit queue depth to host max queue depth, %d\n",
6992 			sdebug_max_queue);
6993 	}
6994 
6995 	sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
6996 			       GFP_KERNEL);
6997 	if (sdebug_q_arr == NULL)
6998 		return -ENOMEM;
6999 	for (k = 0; k < submit_queues; ++k)
7000 		spin_lock_init(&sdebug_q_arr[k].qc_lock);
7001 
7002 	/*
7003 	 * check for host managed zoned block device specified with
7004 	 * ptype=0x14 or zbc=XXX.
7005 	 */
7006 	if (sdebug_ptype == TYPE_ZBC) {
7007 		sdeb_zbc_model = BLK_ZONED_HM;
7008 	} else if (sdeb_zbc_model_s && *sdeb_zbc_model_s) {
7009 		k = sdeb_zbc_model_str(sdeb_zbc_model_s);
7010 		if (k < 0) {
7011 			ret = k;
7012 			goto free_q_arr;
7013 		}
7014 		sdeb_zbc_model = k;
7015 		switch (sdeb_zbc_model) {
7016 		case BLK_ZONED_NONE:
7017 		case BLK_ZONED_HA:
7018 			sdebug_ptype = TYPE_DISK;
7019 			break;
7020 		case BLK_ZONED_HM:
7021 			sdebug_ptype = TYPE_ZBC;
7022 			break;
7023 		default:
7024 			pr_err("Invalid ZBC model\n");
7025 			ret = -EINVAL;
7026 			goto free_q_arr;
7027 		}
7028 	}
7029 	if (sdeb_zbc_model != BLK_ZONED_NONE) {
7030 		sdeb_zbc_in_use = true;
7031 		if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7032 			sdebug_dev_size_mb = DEF_ZBC_DEV_SIZE_MB;
7033 	}
7034 
7035 	if (sdebug_dev_size_mb == DEF_DEV_SIZE_PRE_INIT)
7036 		sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
7037 	if (sdebug_dev_size_mb < 1)
7038 		sdebug_dev_size_mb = 1;  /* force minimum 1 MB ramdisk */
7039 	sz = (unsigned long)sdebug_dev_size_mb * 1048576;
7040 	sdebug_store_sectors = sz / sdebug_sector_size;
7041 	sdebug_capacity = get_sdebug_capacity();
7042 
7043 	/* play around with geometry, don't waste too much on track 0 */
7044 	sdebug_heads = 8;
7045 	sdebug_sectors_per = 32;
7046 	if (sdebug_dev_size_mb >= 256)
7047 		sdebug_heads = 64;
7048 	else if (sdebug_dev_size_mb >= 16)
7049 		sdebug_heads = 32;
7050 	sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7051 			       (sdebug_sectors_per * sdebug_heads);
7052 	if (sdebug_cylinders_per >= 1024) {
7053 		/* other LLDs do this; implies >= 1GB ram disk ... */
7054 		sdebug_heads = 255;
7055 		sdebug_sectors_per = 63;
7056 		sdebug_cylinders_per = (unsigned long)sdebug_capacity /
7057 			       (sdebug_sectors_per * sdebug_heads);
7058 	}
7059 	if (scsi_debug_lbp()) {
7060 		sdebug_unmap_max_blocks =
7061 			clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
7062 
7063 		sdebug_unmap_max_desc =
7064 			clamp(sdebug_unmap_max_desc, 0U, 256U);
7065 
7066 		sdebug_unmap_granularity =
7067 			clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
7068 
7069 		if (sdebug_unmap_alignment &&
7070 		    sdebug_unmap_granularity <=
7071 		    sdebug_unmap_alignment) {
7072 			pr_err("ERR: unmap_granularity <= unmap_alignment\n");
7073 			ret = -EINVAL;
7074 			goto free_q_arr;
7075 		}
7076 	}
7077 	xa_init_flags(per_store_ap, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ);
7078 	if (want_store) {
7079 		idx = sdebug_add_store();
7080 		if (idx < 0) {
7081 			ret = idx;
7082 			goto free_q_arr;
7083 		}
7084 	}
7085 
7086 	pseudo_primary = root_device_register("pseudo_0");
7087 	if (IS_ERR(pseudo_primary)) {
7088 		pr_warn("root_device_register() error\n");
7089 		ret = PTR_ERR(pseudo_primary);
7090 		goto free_vm;
7091 	}
7092 	ret = bus_register(&pseudo_lld_bus);
7093 	if (ret < 0) {
7094 		pr_warn("bus_register error: %d\n", ret);
7095 		goto dev_unreg;
7096 	}
7097 	ret = driver_register(&sdebug_driverfs_driver);
7098 	if (ret < 0) {
7099 		pr_warn("driver_register error: %d\n", ret);
7100 		goto bus_unreg;
7101 	}
7102 
7103 	hosts_to_add = sdebug_add_host;
7104 	sdebug_add_host = 0;
7105 
7106 	for (k = 0; k < hosts_to_add; k++) {
7107 		if (want_store && k == 0) {
7108 			ret = sdebug_add_host_helper(idx);
7109 			if (ret < 0) {
7110 				pr_err("add_host_helper k=%d, error=%d\n",
7111 				       k, -ret);
7112 				break;
7113 			}
7114 		} else {
7115 			ret = sdebug_do_add_host(want_store &&
7116 						 sdebug_per_host_store);
7117 			if (ret < 0) {
7118 				pr_err("add_host k=%d error=%d\n", k, -ret);
7119 				break;
7120 			}
7121 		}
7122 	}
7123 	if (sdebug_verbose)
7124 		pr_info("built %d host(s)\n", sdebug_num_hosts);
7125 
7126 	return 0;
7127 
7128 bus_unreg:
7129 	bus_unregister(&pseudo_lld_bus);
7130 dev_unreg:
7131 	root_device_unregister(pseudo_primary);
7132 free_vm:
7133 	sdebug_erase_store(idx, NULL);
7134 free_q_arr:
7135 	kfree(sdebug_q_arr);
7136 	return ret;
7137 }
7138 
7139 static void __exit scsi_debug_exit(void)
7140 {
7141 	int k = sdebug_num_hosts;
7142 
7143 	stop_all_queued();
7144 	for (; k; k--)
7145 		sdebug_do_remove_host(true);
7146 	free_all_queued();
7147 	driver_unregister(&sdebug_driverfs_driver);
7148 	bus_unregister(&pseudo_lld_bus);
7149 	root_device_unregister(pseudo_primary);
7150 
7151 	sdebug_erase_all_stores(false);
7152 	xa_destroy(per_store_ap);
7153 	kfree(sdebug_q_arr);
7154 }
7155 
7156 device_initcall(scsi_debug_init);
7157 module_exit(scsi_debug_exit);
7158 
7159 static void sdebug_release_adapter(struct device *dev)
7160 {
7161 	struct sdebug_host_info *sdbg_host;
7162 
7163 	sdbg_host = to_sdebug_host(dev);
7164 	kfree(sdbg_host);
7165 }
7166 
7167 /* idx must be valid, if sip is NULL then it will be obtained using idx */
7168 static void sdebug_erase_store(int idx, struct sdeb_store_info *sip)
7169 {
7170 	if (idx < 0)
7171 		return;
7172 	if (!sip) {
7173 		if (xa_empty(per_store_ap))
7174 			return;
7175 		sip = xa_load(per_store_ap, idx);
7176 		if (!sip)
7177 			return;
7178 	}
7179 	vfree(sip->map_storep);
7180 	vfree(sip->dif_storep);
7181 	vfree(sip->storep);
7182 	xa_erase(per_store_ap, idx);
7183 	kfree(sip);
7184 }
7185 
7186 /* Assume apart_from_first==false only in shutdown case. */
7187 static void sdebug_erase_all_stores(bool apart_from_first)
7188 {
7189 	unsigned long idx;
7190 	struct sdeb_store_info *sip = NULL;
7191 
7192 	xa_for_each(per_store_ap, idx, sip) {
7193 		if (apart_from_first)
7194 			apart_from_first = false;
7195 		else
7196 			sdebug_erase_store(idx, sip);
7197 	}
7198 	if (apart_from_first)
7199 		sdeb_most_recent_idx = sdeb_first_idx;
7200 }
7201 
7202 /*
7203  * Returns store xarray new element index (idx) if >=0 else negated errno.
7204  * Limit the number of stores to 65536.
7205  */
7206 static int sdebug_add_store(void)
7207 {
7208 	int res;
7209 	u32 n_idx;
7210 	unsigned long iflags;
7211 	unsigned long sz = (unsigned long)sdebug_dev_size_mb * 1048576;
7212 	struct sdeb_store_info *sip = NULL;
7213 	struct xa_limit xal = { .max = 1 << 16, .min = 0 };
7214 
7215 	sip = kzalloc(sizeof(*sip), GFP_KERNEL);
7216 	if (!sip)
7217 		return -ENOMEM;
7218 
7219 	xa_lock_irqsave(per_store_ap, iflags);
7220 	res = __xa_alloc(per_store_ap, &n_idx, sip, xal, GFP_ATOMIC);
7221 	if (unlikely(res < 0)) {
7222 		xa_unlock_irqrestore(per_store_ap, iflags);
7223 		kfree(sip);
7224 		pr_warn("%s: xa_alloc() errno=%d\n", __func__, -res);
7225 		return res;
7226 	}
7227 	sdeb_most_recent_idx = n_idx;
7228 	if (sdeb_first_idx < 0)
7229 		sdeb_first_idx = n_idx;
7230 	xa_unlock_irqrestore(per_store_ap, iflags);
7231 
7232 	res = -ENOMEM;
7233 	sip->storep = vzalloc(sz);
7234 	if (!sip->storep) {
7235 		pr_err("user data oom\n");
7236 		goto err;
7237 	}
7238 	if (sdebug_num_parts > 0)
7239 		sdebug_build_parts(sip->storep, sz);
7240 
7241 	/* DIF/DIX: what T10 calls Protection Information (PI) */
7242 	if (sdebug_dix) {
7243 		int dif_size;
7244 
7245 		dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
7246 		sip->dif_storep = vmalloc(dif_size);
7247 
7248 		pr_info("dif_storep %u bytes @ %pK\n", dif_size,
7249 			sip->dif_storep);
7250 
7251 		if (!sip->dif_storep) {
7252 			pr_err("DIX oom\n");
7253 			goto err;
7254 		}
7255 		memset(sip->dif_storep, 0xff, dif_size);
7256 	}
7257 	/* Logical Block Provisioning */
7258 	if (scsi_debug_lbp()) {
7259 		map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
7260 		sip->map_storep = vmalloc(array_size(sizeof(long),
7261 						     BITS_TO_LONGS(map_size)));
7262 
7263 		pr_info("%lu provisioning blocks\n", map_size);
7264 
7265 		if (!sip->map_storep) {
7266 			pr_err("LBP map oom\n");
7267 			goto err;
7268 		}
7269 
7270 		bitmap_zero(sip->map_storep, map_size);
7271 
7272 		/* Map first 1KB for partition table */
7273 		if (sdebug_num_parts)
7274 			map_region(sip, 0, 2);
7275 	}
7276 
7277 	rwlock_init(&sip->macc_lck);
7278 	return (int)n_idx;
7279 err:
7280 	sdebug_erase_store((int)n_idx, sip);
7281 	pr_warn("%s: failed, errno=%d\n", __func__, -res);
7282 	return res;
7283 }
7284 
7285 static int sdebug_add_host_helper(int per_host_idx)
7286 {
7287 	int k, devs_per_host, idx;
7288 	int error = -ENOMEM;
7289 	struct sdebug_host_info *sdbg_host;
7290 	struct sdebug_dev_info *sdbg_devinfo, *tmp;
7291 
7292 	sdbg_host = kzalloc(sizeof(*sdbg_host), GFP_KERNEL);
7293 	if (!sdbg_host)
7294 		return -ENOMEM;
7295 	idx = (per_host_idx < 0) ? sdeb_first_idx : per_host_idx;
7296 	if (xa_get_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE))
7297 		xa_clear_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
7298 	sdbg_host->si_idx = idx;
7299 
7300 	INIT_LIST_HEAD(&sdbg_host->dev_info_list);
7301 
7302 	devs_per_host = sdebug_num_tgts * sdebug_max_luns;
7303 	for (k = 0; k < devs_per_host; k++) {
7304 		sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
7305 		if (!sdbg_devinfo)
7306 			goto clean;
7307 	}
7308 
7309 	spin_lock(&sdebug_host_list_lock);
7310 	list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
7311 	spin_unlock(&sdebug_host_list_lock);
7312 
7313 	sdbg_host->dev.bus = &pseudo_lld_bus;
7314 	sdbg_host->dev.parent = pseudo_primary;
7315 	sdbg_host->dev.release = &sdebug_release_adapter;
7316 	dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_num_hosts);
7317 
7318 	error = device_register(&sdbg_host->dev);
7319 	if (error)
7320 		goto clean;
7321 
7322 	++sdebug_num_hosts;
7323 	return 0;
7324 
7325 clean:
7326 	list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
7327 				 dev_list) {
7328 		list_del(&sdbg_devinfo->dev_list);
7329 		kfree(sdbg_devinfo->zstate);
7330 		kfree(sdbg_devinfo);
7331 	}
7332 	kfree(sdbg_host);
7333 	pr_warn("%s: failed, errno=%d\n", __func__, -error);
7334 	return error;
7335 }
7336 
7337 static int sdebug_do_add_host(bool mk_new_store)
7338 {
7339 	int ph_idx = sdeb_most_recent_idx;
7340 
7341 	if (mk_new_store) {
7342 		ph_idx = sdebug_add_store();
7343 		if (ph_idx < 0)
7344 			return ph_idx;
7345 	}
7346 	return sdebug_add_host_helper(ph_idx);
7347 }
7348 
7349 static void sdebug_do_remove_host(bool the_end)
7350 {
7351 	int idx = -1;
7352 	struct sdebug_host_info *sdbg_host = NULL;
7353 	struct sdebug_host_info *sdbg_host2;
7354 
7355 	spin_lock(&sdebug_host_list_lock);
7356 	if (!list_empty(&sdebug_host_list)) {
7357 		sdbg_host = list_entry(sdebug_host_list.prev,
7358 				       struct sdebug_host_info, host_list);
7359 		idx = sdbg_host->si_idx;
7360 	}
7361 	if (!the_end && idx >= 0) {
7362 		bool unique = true;
7363 
7364 		list_for_each_entry(sdbg_host2, &sdebug_host_list, host_list) {
7365 			if (sdbg_host2 == sdbg_host)
7366 				continue;
7367 			if (idx == sdbg_host2->si_idx) {
7368 				unique = false;
7369 				break;
7370 			}
7371 		}
7372 		if (unique) {
7373 			xa_set_mark(per_store_ap, idx, SDEB_XA_NOT_IN_USE);
7374 			if (idx == sdeb_most_recent_idx)
7375 				--sdeb_most_recent_idx;
7376 		}
7377 	}
7378 	if (sdbg_host)
7379 		list_del(&sdbg_host->host_list);
7380 	spin_unlock(&sdebug_host_list_lock);
7381 
7382 	if (!sdbg_host)
7383 		return;
7384 
7385 	device_unregister(&sdbg_host->dev);
7386 	--sdebug_num_hosts;
7387 }
7388 
7389 static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
7390 {
7391 	int num_in_q = 0;
7392 	struct sdebug_dev_info *devip;
7393 
7394 	block_unblock_all_queues(true);
7395 	devip = (struct sdebug_dev_info *)sdev->hostdata;
7396 	if (NULL == devip) {
7397 		block_unblock_all_queues(false);
7398 		return	-ENODEV;
7399 	}
7400 	num_in_q = atomic_read(&devip->num_in_q);
7401 
7402 	if (qdepth > SDEBUG_CANQUEUE) {
7403 		qdepth = SDEBUG_CANQUEUE;
7404 		pr_warn("%s: requested qdepth [%d] exceeds canqueue [%d], trim\n", __func__,
7405 			qdepth, SDEBUG_CANQUEUE);
7406 	}
7407 	if (qdepth < 1)
7408 		qdepth = 1;
7409 	if (qdepth != sdev->queue_depth)
7410 		scsi_change_queue_depth(sdev, qdepth);
7411 
7412 	if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
7413 		sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
7414 			    __func__, qdepth, num_in_q);
7415 	}
7416 	block_unblock_all_queues(false);
7417 	return sdev->queue_depth;
7418 }
7419 
7420 static bool fake_timeout(struct scsi_cmnd *scp)
7421 {
7422 	if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
7423 		if (sdebug_every_nth < -1)
7424 			sdebug_every_nth = -1;
7425 		if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
7426 			return true; /* ignore command causing timeout */
7427 		else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
7428 			 scsi_medium_access_command(scp))
7429 			return true; /* time out reads and writes */
7430 	}
7431 	return false;
7432 }
7433 
7434 /* Response to TUR or media access command when device stopped */
7435 static int resp_not_ready(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
7436 {
7437 	int stopped_state;
7438 	u64 diff_ns = 0;
7439 	ktime_t now_ts = ktime_get_boottime();
7440 	struct scsi_device *sdp = scp->device;
7441 
7442 	stopped_state = atomic_read(&devip->stopped);
7443 	if (stopped_state == 2) {
7444 		if (ktime_to_ns(now_ts) > ktime_to_ns(devip->create_ts)) {
7445 			diff_ns = ktime_to_ns(ktime_sub(now_ts, devip->create_ts));
7446 			if (diff_ns >= ((u64)sdeb_tur_ms_to_ready * 1000000)) {
7447 				/* tur_ms_to_ready timer extinguished */
7448 				atomic_set(&devip->stopped, 0);
7449 				return 0;
7450 			}
7451 		}
7452 		mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x1);
7453 		if (sdebug_verbose)
7454 			sdev_printk(KERN_INFO, sdp,
7455 				    "%s: Not ready: in process of becoming ready\n", my_name);
7456 		if (scp->cmnd[0] == TEST_UNIT_READY) {
7457 			u64 tur_nanosecs_to_ready = (u64)sdeb_tur_ms_to_ready * 1000000;
7458 
7459 			if (diff_ns <= tur_nanosecs_to_ready)
7460 				diff_ns = tur_nanosecs_to_ready - diff_ns;
7461 			else
7462 				diff_ns = tur_nanosecs_to_ready;
7463 			/* As per 20-061r2 approved for spc6 by T10 on 20200716 */
7464 			do_div(diff_ns, 1000000);	/* diff_ns becomes milliseconds */
7465 			scsi_set_sense_information(scp->sense_buffer, SCSI_SENSE_BUFFERSIZE,
7466 						   diff_ns);
7467 			return check_condition_result;
7468 		}
7469 	}
7470 	mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
7471 	if (sdebug_verbose)
7472 		sdev_printk(KERN_INFO, sdp, "%s: Not ready: initializing command required\n",
7473 			    my_name);
7474 	return check_condition_result;
7475 }
7476 
7477 static int sdebug_map_queues(struct Scsi_Host *shost)
7478 {
7479 	int i, qoff;
7480 
7481 	if (shost->nr_hw_queues == 1)
7482 		return 0;
7483 
7484 	for (i = 0, qoff = 0; i < HCTX_MAX_TYPES; i++) {
7485 		struct blk_mq_queue_map *map = &shost->tag_set.map[i];
7486 
7487 		map->nr_queues  = 0;
7488 
7489 		if (i == HCTX_TYPE_DEFAULT)
7490 			map->nr_queues = submit_queues - poll_queues;
7491 		else if (i == HCTX_TYPE_POLL)
7492 			map->nr_queues = poll_queues;
7493 
7494 		if (!map->nr_queues) {
7495 			BUG_ON(i == HCTX_TYPE_DEFAULT);
7496 			continue;
7497 		}
7498 
7499 		map->queue_offset = qoff;
7500 		blk_mq_map_queues(map);
7501 
7502 		qoff += map->nr_queues;
7503 	}
7504 
7505 	return 0;
7506 
7507 }
7508 
7509 static int sdebug_blk_mq_poll(struct Scsi_Host *shost, unsigned int queue_num)
7510 {
7511 	bool first;
7512 	bool retiring = false;
7513 	int num_entries = 0;
7514 	unsigned int qc_idx = 0;
7515 	unsigned long iflags;
7516 	ktime_t kt_from_boot = ktime_get_boottime();
7517 	struct sdebug_queue *sqp;
7518 	struct sdebug_queued_cmd *sqcp;
7519 	struct scsi_cmnd *scp;
7520 	struct sdebug_dev_info *devip;
7521 	struct sdebug_defer *sd_dp;
7522 
7523 	sqp = sdebug_q_arr + queue_num;
7524 
7525 	spin_lock_irqsave(&sqp->qc_lock, iflags);
7526 
7527 	qc_idx = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
7528 	if (qc_idx >= sdebug_max_queue)
7529 		goto unlock;
7530 
7531 	for (first = true; first || qc_idx + 1 < sdebug_max_queue; )   {
7532 		if (first) {
7533 			first = false;
7534 			if (!test_bit(qc_idx, sqp->in_use_bm))
7535 				continue;
7536 		} else {
7537 			qc_idx = find_next_bit(sqp->in_use_bm, sdebug_max_queue, qc_idx + 1);
7538 		}
7539 		if (qc_idx >= sdebug_max_queue)
7540 			break;
7541 
7542 		sqcp = &sqp->qc_arr[qc_idx];
7543 		sd_dp = sqcp->sd_dp;
7544 		if (unlikely(!sd_dp))
7545 			continue;
7546 		scp = sqcp->a_cmnd;
7547 		if (unlikely(scp == NULL)) {
7548 			pr_err("scp is NULL, queue_num=%d, qc_idx=%u from %s\n",
7549 			       queue_num, qc_idx, __func__);
7550 			break;
7551 		}
7552 		if (READ_ONCE(sd_dp->defer_t) == SDEB_DEFER_POLL) {
7553 			if (kt_from_boot < sd_dp->cmpl_ts)
7554 				continue;
7555 
7556 		} else		/* ignoring non REQ_POLLED requests */
7557 			continue;
7558 		devip = (struct sdebug_dev_info *)scp->device->hostdata;
7559 		if (likely(devip))
7560 			atomic_dec(&devip->num_in_q);
7561 		else
7562 			pr_err("devip=NULL from %s\n", __func__);
7563 		if (unlikely(atomic_read(&retired_max_queue) > 0))
7564 			retiring = true;
7565 
7566 		sqcp->a_cmnd = NULL;
7567 		if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
7568 			pr_err("Unexpected completion sqp %p queue_num=%d qc_idx=%u from %s\n",
7569 				sqp, queue_num, qc_idx, __func__);
7570 			break;
7571 		}
7572 		if (unlikely(retiring)) {	/* user has reduced max_queue */
7573 			int k, retval;
7574 
7575 			retval = atomic_read(&retired_max_queue);
7576 			if (qc_idx >= retval) {
7577 				pr_err("index %d too large\n", retval);
7578 				break;
7579 			}
7580 			k = find_last_bit(sqp->in_use_bm, retval);
7581 			if ((k < sdebug_max_queue) || (k == retval))
7582 				atomic_set(&retired_max_queue, 0);
7583 			else
7584 				atomic_set(&retired_max_queue, k + 1);
7585 		}
7586 		WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_NONE);
7587 		spin_unlock_irqrestore(&sqp->qc_lock, iflags);
7588 		scsi_done(scp); /* callback to mid level */
7589 		num_entries++;
7590 		spin_lock_irqsave(&sqp->qc_lock, iflags);
7591 		if (find_first_bit(sqp->in_use_bm, sdebug_max_queue) >= sdebug_max_queue)
7592 			break;
7593 	}
7594 
7595 unlock:
7596 	spin_unlock_irqrestore(&sqp->qc_lock, iflags);
7597 
7598 	if (num_entries > 0)
7599 		atomic_add(num_entries, &sdeb_mq_poll_count);
7600 	return num_entries;
7601 }
7602 
7603 static int scsi_debug_queuecommand(struct Scsi_Host *shost,
7604 				   struct scsi_cmnd *scp)
7605 {
7606 	u8 sdeb_i;
7607 	struct scsi_device *sdp = scp->device;
7608 	const struct opcode_info_t *oip;
7609 	const struct opcode_info_t *r_oip;
7610 	struct sdebug_dev_info *devip;
7611 	u8 *cmd = scp->cmnd;
7612 	int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
7613 	int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *) = NULL;
7614 	int k, na;
7615 	int errsts = 0;
7616 	u64 lun_index = sdp->lun & 0x3FFF;
7617 	u32 flags;
7618 	u16 sa;
7619 	u8 opcode = cmd[0];
7620 	bool has_wlun_rl;
7621 	bool inject_now;
7622 
7623 	scsi_set_resid(scp, 0);
7624 	if (sdebug_statistics) {
7625 		atomic_inc(&sdebug_cmnd_count);
7626 		inject_now = inject_on_this_cmd();
7627 	} else {
7628 		inject_now = false;
7629 	}
7630 	if (unlikely(sdebug_verbose &&
7631 		     !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
7632 		char b[120];
7633 		int n, len, sb;
7634 
7635 		len = scp->cmd_len;
7636 		sb = (int)sizeof(b);
7637 		if (len > 32)
7638 			strcpy(b, "too long, over 32 bytes");
7639 		else {
7640 			for (k = 0, n = 0; k < len && n < sb; ++k)
7641 				n += scnprintf(b + n, sb - n, "%02x ",
7642 					       (u32)cmd[k]);
7643 		}
7644 		sdev_printk(KERN_INFO, sdp, "%s: tag=%#x, cmd %s\n", my_name,
7645 			    blk_mq_unique_tag(scsi_cmd_to_rq(scp)), b);
7646 	}
7647 	if (unlikely(inject_now && (sdebug_opts & SDEBUG_OPT_HOST_BUSY)))
7648 		return SCSI_MLQUEUE_HOST_BUSY;
7649 	has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
7650 	if (unlikely(lun_index >= sdebug_max_luns && !has_wlun_rl))
7651 		goto err_out;
7652 
7653 	sdeb_i = opcode_ind_arr[opcode];	/* fully mapped */
7654 	oip = &opcode_info_arr[sdeb_i];		/* safe if table consistent */
7655 	devip = (struct sdebug_dev_info *)sdp->hostdata;
7656 	if (unlikely(!devip)) {
7657 		devip = find_build_dev_info(sdp);
7658 		if (NULL == devip)
7659 			goto err_out;
7660 	}
7661 	if (unlikely(inject_now && !atomic_read(&sdeb_inject_pending)))
7662 		atomic_set(&sdeb_inject_pending, 1);
7663 
7664 	na = oip->num_attached;
7665 	r_pfp = oip->pfp;
7666 	if (na) {	/* multiple commands with this opcode */
7667 		r_oip = oip;
7668 		if (FF_SA & r_oip->flags) {
7669 			if (F_SA_LOW & oip->flags)
7670 				sa = 0x1f & cmd[1];
7671 			else
7672 				sa = get_unaligned_be16(cmd + 8);
7673 			for (k = 0; k <= na; oip = r_oip->arrp + k++) {
7674 				if (opcode == oip->opcode && sa == oip->sa)
7675 					break;
7676 			}
7677 		} else {   /* since no service action only check opcode */
7678 			for (k = 0; k <= na; oip = r_oip->arrp + k++) {
7679 				if (opcode == oip->opcode)
7680 					break;
7681 			}
7682 		}
7683 		if (k > na) {
7684 			if (F_SA_LOW & r_oip->flags)
7685 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
7686 			else if (F_SA_HIGH & r_oip->flags)
7687 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
7688 			else
7689 				mk_sense_invalid_opcode(scp);
7690 			goto check_cond;
7691 		}
7692 	}	/* else (when na==0) we assume the oip is a match */
7693 	flags = oip->flags;
7694 	if (unlikely(F_INV_OP & flags)) {
7695 		mk_sense_invalid_opcode(scp);
7696 		goto check_cond;
7697 	}
7698 	if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
7699 		if (sdebug_verbose)
7700 			sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
7701 				    my_name, opcode, " supported for wlun");
7702 		mk_sense_invalid_opcode(scp);
7703 		goto check_cond;
7704 	}
7705 	if (unlikely(sdebug_strict)) {	/* check cdb against mask */
7706 		u8 rem;
7707 		int j;
7708 
7709 		for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
7710 			rem = ~oip->len_mask[k] & cmd[k];
7711 			if (rem) {
7712 				for (j = 7; j >= 0; --j, rem <<= 1) {
7713 					if (0x80 & rem)
7714 						break;
7715 				}
7716 				mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
7717 				goto check_cond;
7718 			}
7719 		}
7720 	}
7721 	if (unlikely(!(F_SKIP_UA & flags) &&
7722 		     find_first_bit(devip->uas_bm,
7723 				    SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
7724 		errsts = make_ua(scp, devip);
7725 		if (errsts)
7726 			goto check_cond;
7727 	}
7728 	if (unlikely(((F_M_ACCESS & flags) || scp->cmnd[0] == TEST_UNIT_READY) &&
7729 		     atomic_read(&devip->stopped))) {
7730 		errsts = resp_not_ready(scp, devip);
7731 		if (errsts)
7732 			goto fini;
7733 	}
7734 	if (sdebug_fake_rw && (F_FAKE_RW & flags))
7735 		goto fini;
7736 	if (unlikely(sdebug_every_nth)) {
7737 		if (fake_timeout(scp))
7738 			return 0;	/* ignore command: make trouble */
7739 	}
7740 	if (likely(oip->pfp))
7741 		pfp = oip->pfp;	/* calls a resp_* function */
7742 	else
7743 		pfp = r_pfp;    /* if leaf function ptr NULL, try the root's */
7744 
7745 fini:
7746 	if (F_DELAY_OVERR & flags)	/* cmds like INQUIRY respond asap */
7747 		return schedule_resp(scp, devip, errsts, pfp, 0, 0);
7748 	else if ((flags & F_LONG_DELAY) && (sdebug_jdelay > 0 ||
7749 					    sdebug_ndelay > 10000)) {
7750 		/*
7751 		 * Skip long delays if ndelay <= 10 microseconds. Otherwise
7752 		 * for Start Stop Unit (SSU) want at least 1 second delay and
7753 		 * if sdebug_jdelay>1 want a long delay of that many seconds.
7754 		 * For Synchronize Cache want 1/20 of SSU's delay.
7755 		 */
7756 		int jdelay = (sdebug_jdelay < 2) ? 1 : sdebug_jdelay;
7757 		int denom = (flags & F_SYNC_DELAY) ? 20 : 1;
7758 
7759 		jdelay = mult_frac(USER_HZ * jdelay, HZ, denom * USER_HZ);
7760 		return schedule_resp(scp, devip, errsts, pfp, jdelay, 0);
7761 	} else
7762 		return schedule_resp(scp, devip, errsts, pfp, sdebug_jdelay,
7763 				     sdebug_ndelay);
7764 check_cond:
7765 	return schedule_resp(scp, devip, check_condition_result, NULL, 0, 0);
7766 err_out:
7767 	return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, NULL, 0, 0);
7768 }
7769 
7770 static struct scsi_host_template sdebug_driver_template = {
7771 	.show_info =		scsi_debug_show_info,
7772 	.write_info =		scsi_debug_write_info,
7773 	.proc_name =		sdebug_proc_name,
7774 	.name =			"SCSI DEBUG",
7775 	.info =			scsi_debug_info,
7776 	.slave_alloc =		scsi_debug_slave_alloc,
7777 	.slave_configure =	scsi_debug_slave_configure,
7778 	.slave_destroy =	scsi_debug_slave_destroy,
7779 	.ioctl =		scsi_debug_ioctl,
7780 	.queuecommand =		scsi_debug_queuecommand,
7781 	.change_queue_depth =	sdebug_change_qdepth,
7782 	.map_queues =		sdebug_map_queues,
7783 	.mq_poll =		sdebug_blk_mq_poll,
7784 	.eh_abort_handler =	scsi_debug_abort,
7785 	.eh_device_reset_handler = scsi_debug_device_reset,
7786 	.eh_target_reset_handler = scsi_debug_target_reset,
7787 	.eh_bus_reset_handler = scsi_debug_bus_reset,
7788 	.eh_host_reset_handler = scsi_debug_host_reset,
7789 	.can_queue =		SDEBUG_CANQUEUE,
7790 	.this_id =		7,
7791 	.sg_tablesize =		SG_MAX_SEGMENTS,
7792 	.cmd_per_lun =		DEF_CMD_PER_LUN,
7793 	.max_sectors =		-1U,
7794 	.max_segment_size =	-1U,
7795 	.module =		THIS_MODULE,
7796 	.track_queue_depth =	1,
7797 };
7798 
7799 static int sdebug_driver_probe(struct device *dev)
7800 {
7801 	int error = 0;
7802 	struct sdebug_host_info *sdbg_host;
7803 	struct Scsi_Host *hpnt;
7804 	int hprot;
7805 
7806 	sdbg_host = to_sdebug_host(dev);
7807 
7808 	sdebug_driver_template.can_queue = sdebug_max_queue;
7809 	sdebug_driver_template.cmd_per_lun = sdebug_max_queue;
7810 	if (!sdebug_clustering)
7811 		sdebug_driver_template.dma_boundary = PAGE_SIZE - 1;
7812 
7813 	hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
7814 	if (NULL == hpnt) {
7815 		pr_err("scsi_host_alloc failed\n");
7816 		error = -ENODEV;
7817 		return error;
7818 	}
7819 	if (submit_queues > nr_cpu_ids) {
7820 		pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%u\n",
7821 			my_name, submit_queues, nr_cpu_ids);
7822 		submit_queues = nr_cpu_ids;
7823 	}
7824 	/*
7825 	 * Decide whether to tell scsi subsystem that we want mq. The
7826 	 * following should give the same answer for each host.
7827 	 */
7828 	hpnt->nr_hw_queues = submit_queues;
7829 	if (sdebug_host_max_queue)
7830 		hpnt->host_tagset = 1;
7831 
7832 	/* poll queues are possible for nr_hw_queues > 1 */
7833 	if (hpnt->nr_hw_queues == 1 || (poll_queues < 1)) {
7834 		pr_warn("%s: trim poll_queues to 0. poll_q/nr_hw = (%d/%d)\n",
7835 			 my_name, poll_queues, hpnt->nr_hw_queues);
7836 		poll_queues = 0;
7837 	}
7838 
7839 	/*
7840 	 * Poll queues don't need interrupts, but we need at least one I/O queue
7841 	 * left over for non-polled I/O.
7842 	 * If condition not met, trim poll_queues to 1 (just for simplicity).
7843 	 */
7844 	if (poll_queues >= submit_queues) {
7845 		if (submit_queues < 3)
7846 			pr_warn("%s: trim poll_queues to 1\n", my_name);
7847 		else
7848 			pr_warn("%s: trim poll_queues to 1. Perhaps try poll_queues=%d\n",
7849 				my_name, submit_queues - 1);
7850 		poll_queues = 1;
7851 	}
7852 	if (poll_queues)
7853 		hpnt->nr_maps = 3;
7854 
7855 	sdbg_host->shost = hpnt;
7856 	*((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
7857 	if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
7858 		hpnt->max_id = sdebug_num_tgts + 1;
7859 	else
7860 		hpnt->max_id = sdebug_num_tgts;
7861 	/* = sdebug_max_luns; */
7862 	hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
7863 
7864 	hprot = 0;
7865 
7866 	switch (sdebug_dif) {
7867 
7868 	case T10_PI_TYPE1_PROTECTION:
7869 		hprot = SHOST_DIF_TYPE1_PROTECTION;
7870 		if (sdebug_dix)
7871 			hprot |= SHOST_DIX_TYPE1_PROTECTION;
7872 		break;
7873 
7874 	case T10_PI_TYPE2_PROTECTION:
7875 		hprot = SHOST_DIF_TYPE2_PROTECTION;
7876 		if (sdebug_dix)
7877 			hprot |= SHOST_DIX_TYPE2_PROTECTION;
7878 		break;
7879 
7880 	case T10_PI_TYPE3_PROTECTION:
7881 		hprot = SHOST_DIF_TYPE3_PROTECTION;
7882 		if (sdebug_dix)
7883 			hprot |= SHOST_DIX_TYPE3_PROTECTION;
7884 		break;
7885 
7886 	default:
7887 		if (sdebug_dix)
7888 			hprot |= SHOST_DIX_TYPE0_PROTECTION;
7889 		break;
7890 	}
7891 
7892 	scsi_host_set_prot(hpnt, hprot);
7893 
7894 	if (have_dif_prot || sdebug_dix)
7895 		pr_info("host protection%s%s%s%s%s%s%s\n",
7896 			(hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
7897 			(hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
7898 			(hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
7899 			(hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
7900 			(hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
7901 			(hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
7902 			(hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
7903 
7904 	if (sdebug_guard == 1)
7905 		scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
7906 	else
7907 		scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
7908 
7909 	sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
7910 	sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
7911 	if (sdebug_every_nth)	/* need stats counters for every_nth */
7912 		sdebug_statistics = true;
7913 	error = scsi_add_host(hpnt, &sdbg_host->dev);
7914 	if (error) {
7915 		pr_err("scsi_add_host failed\n");
7916 		error = -ENODEV;
7917 		scsi_host_put(hpnt);
7918 	} else {
7919 		scsi_scan_host(hpnt);
7920 	}
7921 
7922 	return error;
7923 }
7924 
7925 static void sdebug_driver_remove(struct device *dev)
7926 {
7927 	struct sdebug_host_info *sdbg_host;
7928 	struct sdebug_dev_info *sdbg_devinfo, *tmp;
7929 
7930 	sdbg_host = to_sdebug_host(dev);
7931 
7932 	scsi_remove_host(sdbg_host->shost);
7933 
7934 	list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
7935 				 dev_list) {
7936 		list_del(&sdbg_devinfo->dev_list);
7937 		kfree(sdbg_devinfo->zstate);
7938 		kfree(sdbg_devinfo);
7939 	}
7940 
7941 	scsi_host_put(sdbg_host->shost);
7942 }
7943 
7944 static int pseudo_lld_bus_match(struct device *dev,
7945 				struct device_driver *dev_driver)
7946 {
7947 	return 1;
7948 }
7949 
7950 static struct bus_type pseudo_lld_bus = {
7951 	.name = "pseudo",
7952 	.match = pseudo_lld_bus_match,
7953 	.probe = sdebug_driver_probe,
7954 	.remove = sdebug_driver_remove,
7955 	.drv_groups = sdebug_drv_groups,
7956 };
7957