Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
[linux/fpc-iii.git] / drivers / scsi / scsi_debug.c
blob0f9ba41e27d8befd4c053fbe5fdf2febeca8f5dd
1 /*
2 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
3 * Copyright (C) 1992 Eric Youngdale
4 * Simulate a host adapter with 2 disks attached. Do a lot of checking
5 * to make sure that we are not getting blocks mixed up, and PANIC if
6 * anything out of the ordinary is seen.
7 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9 * Copyright (C) 2001 - 2016 Douglas Gilbert
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2, or (at your option)
14 * any later version.
16 * For documentation see http://sg.danny.cz/sg/sdebug26.html
21 #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
23 #include <linux/module.h>
25 #include <linux/kernel.h>
26 #include <linux/errno.h>
27 #include <linux/jiffies.h>
28 #include <linux/slab.h>
29 #include <linux/types.h>
30 #include <linux/string.h>
31 #include <linux/genhd.h>
32 #include <linux/fs.h>
33 #include <linux/init.h>
34 #include <linux/proc_fs.h>
35 #include <linux/vmalloc.h>
36 #include <linux/moduleparam.h>
37 #include <linux/scatterlist.h>
38 #include <linux/blkdev.h>
39 #include <linux/crc-t10dif.h>
40 #include <linux/spinlock.h>
41 #include <linux/interrupt.h>
42 #include <linux/atomic.h>
43 #include <linux/hrtimer.h>
44 #include <linux/uuid.h>
46 #include <net/checksum.h>
48 #include <asm/unaligned.h>
50 #include <scsi/scsi.h>
51 #include <scsi/scsi_cmnd.h>
52 #include <scsi/scsi_device.h>
53 #include <scsi/scsi_host.h>
54 #include <scsi/scsicam.h>
55 #include <scsi/scsi_eh.h>
56 #include <scsi/scsi_tcq.h>
57 #include <scsi/scsi_dbg.h>
59 #include "sd.h"
60 #include "scsi_logging.h"
62 /* make sure inq_product_rev string corresponds to this version */
63 #define SDEBUG_VERSION "1.86"
64 static const char *sdebug_version_date = "20160430";
66 #define MY_NAME "scsi_debug"
68 /* Additional Sense Code (ASC) */
69 #define NO_ADDITIONAL_SENSE 0x0
70 #define LOGICAL_UNIT_NOT_READY 0x4
71 #define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
72 #define UNRECOVERED_READ_ERR 0x11
73 #define PARAMETER_LIST_LENGTH_ERR 0x1a
74 #define INVALID_OPCODE 0x20
75 #define LBA_OUT_OF_RANGE 0x21
76 #define INVALID_FIELD_IN_CDB 0x24
77 #define INVALID_FIELD_IN_PARAM_LIST 0x26
78 #define UA_RESET_ASC 0x29
79 #define UA_CHANGED_ASC 0x2a
80 #define TARGET_CHANGED_ASC 0x3f
81 #define LUNS_CHANGED_ASCQ 0x0e
82 #define INSUFF_RES_ASC 0x55
83 #define INSUFF_RES_ASCQ 0x3
84 #define POWER_ON_RESET_ASCQ 0x0
85 #define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
86 #define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
87 #define CAPACITY_CHANGED_ASCQ 0x9
88 #define SAVING_PARAMS_UNSUP 0x39
89 #define TRANSPORT_PROBLEM 0x4b
90 #define THRESHOLD_EXCEEDED 0x5d
91 #define LOW_POWER_COND_ON 0x5e
92 #define MISCOMPARE_VERIFY_ASC 0x1d
93 #define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
94 #define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
96 /* Additional Sense Code Qualifier (ASCQ) */
97 #define ACK_NAK_TO 0x3
99 /* Default values for driver parameters */
100 #define DEF_NUM_HOST 1
101 #define DEF_NUM_TGTS 1
102 #define DEF_MAX_LUNS 1
103 /* With these defaults, this driver will make 1 host with 1 target
104 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
106 #define DEF_ATO 1
107 #define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
108 #define DEF_DEV_SIZE_MB 8
109 #define DEF_DIF 0
110 #define DEF_DIX 0
111 #define DEF_D_SENSE 0
112 #define DEF_EVERY_NTH 0
113 #define DEF_FAKE_RW 0
114 #define DEF_GUARD 0
115 #define DEF_HOST_LOCK 0
116 #define DEF_LBPU 0
117 #define DEF_LBPWS 0
118 #define DEF_LBPWS10 0
119 #define DEF_LBPRZ 1
120 #define DEF_LOWEST_ALIGNED 0
121 #define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
122 #define DEF_NO_LUN_0 0
123 #define DEF_NUM_PARTS 0
124 #define DEF_OPTS 0
125 #define DEF_OPT_BLKS 1024
126 #define DEF_PHYSBLK_EXP 0
127 #define DEF_PTYPE TYPE_DISK
128 #define DEF_REMOVABLE false
129 #define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
130 #define DEF_SECTOR_SIZE 512
131 #define DEF_UNMAP_ALIGNMENT 0
132 #define DEF_UNMAP_GRANULARITY 1
133 #define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
134 #define DEF_UNMAP_MAX_DESC 256
135 #define DEF_VIRTUAL_GB 0
136 #define DEF_VPD_USE_HOSTNO 1
137 #define DEF_WRITESAME_LENGTH 0xFFFF
138 #define DEF_STRICT 0
139 #define DEF_STATISTICS false
140 #define DEF_SUBMIT_QUEUES 1
141 #define DEF_UUID_CTL 0
142 #define JDELAY_OVERRIDDEN -9999
144 #define SDEBUG_LUN_0_VAL 0
146 /* bit mask values for sdebug_opts */
147 #define SDEBUG_OPT_NOISE 1
148 #define SDEBUG_OPT_MEDIUM_ERR 2
149 #define SDEBUG_OPT_TIMEOUT 4
150 #define SDEBUG_OPT_RECOVERED_ERR 8
151 #define SDEBUG_OPT_TRANSPORT_ERR 16
152 #define SDEBUG_OPT_DIF_ERR 32
153 #define SDEBUG_OPT_DIX_ERR 64
154 #define SDEBUG_OPT_MAC_TIMEOUT 128
155 #define SDEBUG_OPT_SHORT_TRANSFER 0x100
156 #define SDEBUG_OPT_Q_NOISE 0x200
157 #define SDEBUG_OPT_ALL_TSF 0x400
158 #define SDEBUG_OPT_RARE_TSF 0x800
159 #define SDEBUG_OPT_N_WCE 0x1000
160 #define SDEBUG_OPT_RESET_NOISE 0x2000
161 #define SDEBUG_OPT_NO_CDB_NOISE 0x4000
162 #define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
163 SDEBUG_OPT_RESET_NOISE)
164 #define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
165 SDEBUG_OPT_TRANSPORT_ERR | \
166 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
167 SDEBUG_OPT_SHORT_TRANSFER)
168 /* When "every_nth" > 0 then modulo "every_nth" commands:
169 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
170 * - a RECOVERED_ERROR is simulated on successful read and write
171 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
172 * - a TRANSPORT_ERROR is simulated on successful read and write
173 * commands if SDEBUG_OPT_TRANSPORT_ERR is set.
175 * When "every_nth" < 0 then after "- every_nth" commands:
176 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
177 * - a RECOVERED_ERROR is simulated on successful read and write
178 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
179 * - a TRANSPORT_ERROR is simulated on successful read and write
180 * commands if _DEBUG_OPT_TRANSPORT_ERR is set.
181 * This will continue on every subsequent command until some other action
182 * occurs (e.g. the user * writing a new value (other than -1 or 1) to
183 * every_nth via sysfs).
186 /* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
187 * priority order. In the subset implemented here lower numbers have higher
188 * priority. The UA numbers should be a sequence starting from 0 with
189 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
190 #define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
191 #define SDEBUG_UA_BUS_RESET 1
192 #define SDEBUG_UA_MODE_CHANGED 2
193 #define SDEBUG_UA_CAPACITY_CHANGED 3
194 #define SDEBUG_UA_LUNS_CHANGED 4
195 #define SDEBUG_UA_MICROCODE_CHANGED 5 /* simulate firmware change */
196 #define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
197 #define SDEBUG_NUM_UAS 7
199 /* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
200 * sector on read commands: */
201 #define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
202 #define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
204 /* If REPORT LUNS has luns >= 256 it can choose "flat space" (value 1)
205 * or "peripheral device" addressing (value 0) */
206 #define SAM2_LUN_ADDRESS_METHOD 0
208 /* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
209 * (for response) per submit queue at one time. Can be reduced by max_queue
210 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
211 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
212 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
213 * but cannot exceed SDEBUG_CANQUEUE .
215 #define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
216 #define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
217 #define DEF_CMD_PER_LUN 255
219 #define F_D_IN 1
220 #define F_D_OUT 2
221 #define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
222 #define F_D_UNKN 8
223 #define F_RL_WLUN_OK 0x10
224 #define F_SKIP_UA 0x20
225 #define F_DELAY_OVERR 0x40
226 #define F_SA_LOW 0x80 /* cdb byte 1, bits 4 to 0 */
227 #define F_SA_HIGH 0x100 /* as used by variable length cdbs */
228 #define F_INV_OP 0x200
229 #define F_FAKE_RW 0x400
230 #define F_M_ACCESS 0x800 /* media access */
232 #define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
233 #define FF_DIRECT_IO (F_M_ACCESS | F_FAKE_RW)
234 #define FF_SA (F_SA_HIGH | F_SA_LOW)
236 #define SDEBUG_MAX_PARTS 4
238 #define SDEBUG_MAX_CMD_LEN 32
241 struct sdebug_dev_info {
242 struct list_head dev_list;
243 unsigned int channel;
244 unsigned int target;
245 u64 lun;
246 uuid_be lu_name;
247 struct sdebug_host_info *sdbg_host;
248 unsigned long uas_bm[1];
249 atomic_t num_in_q;
250 atomic_t stopped;
251 bool used;
254 struct sdebug_host_info {
255 struct list_head host_list;
256 struct Scsi_Host *shost;
257 struct device dev;
258 struct list_head dev_info_list;
261 #define to_sdebug_host(d) \
262 container_of(d, struct sdebug_host_info, dev)
264 struct sdebug_defer {
265 struct hrtimer hrt;
266 struct execute_work ew;
267 int sqa_idx; /* index of sdebug_queue array */
268 int qc_idx; /* index of sdebug_queued_cmd array within sqa_idx */
269 int issuing_cpu;
272 struct sdebug_queued_cmd {
273 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
274 * instance indicates this slot is in use.
276 struct sdebug_defer *sd_dp;
277 struct scsi_cmnd *a_cmnd;
278 unsigned int inj_recovered:1;
279 unsigned int inj_transport:1;
280 unsigned int inj_dif:1;
281 unsigned int inj_dix:1;
282 unsigned int inj_short:1;
285 struct sdebug_queue {
286 struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
287 unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
288 spinlock_t qc_lock;
289 atomic_t blocked; /* to temporarily stop more being queued */
292 static atomic_t sdebug_cmnd_count; /* number of incoming commands */
293 static atomic_t sdebug_completions; /* count of deferred completions */
294 static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
295 static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
297 struct opcode_info_t {
298 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
299 /* for terminating element */
300 u8 opcode; /* if num_attached > 0, preferred */
301 u16 sa; /* service action */
302 u32 flags; /* OR-ed set of SDEB_F_* */
303 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
304 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
305 u8 len_mask[16]; /* len=len_mask[0], then mask for cdb[1]... */
306 /* ignore cdb bytes after position 15 */
309 /* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
310 enum sdeb_opcode_index {
311 SDEB_I_INVALID_OPCODE = 0,
312 SDEB_I_INQUIRY = 1,
313 SDEB_I_REPORT_LUNS = 2,
314 SDEB_I_REQUEST_SENSE = 3,
315 SDEB_I_TEST_UNIT_READY = 4,
316 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
317 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
318 SDEB_I_LOG_SENSE = 7,
319 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
320 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
321 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
322 SDEB_I_START_STOP = 11,
323 SDEB_I_SERV_ACT_IN = 12, /* 12, 16 */
324 SDEB_I_SERV_ACT_OUT = 13, /* 12, 16 */
325 SDEB_I_MAINT_IN = 14,
326 SDEB_I_MAINT_OUT = 15,
327 SDEB_I_VERIFY = 16, /* 10 only */
328 SDEB_I_VARIABLE_LEN = 17,
329 SDEB_I_RESERVE = 18, /* 6, 10 */
330 SDEB_I_RELEASE = 19, /* 6, 10 */
331 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
332 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
333 SDEB_I_ATA_PT = 22, /* 12, 16 */
334 SDEB_I_SEND_DIAG = 23,
335 SDEB_I_UNMAP = 24,
336 SDEB_I_XDWRITEREAD = 25, /* 10 only */
337 SDEB_I_WRITE_BUFFER = 26,
338 SDEB_I_WRITE_SAME = 27, /* 10, 16 */
339 SDEB_I_SYNC_CACHE = 28, /* 10 only */
340 SDEB_I_COMP_WRITE = 29,
341 SDEB_I_LAST_ELEMENT = 30, /* keep this last */
345 static const unsigned char opcode_ind_arr[256] = {
346 /* 0x0; 0x0->0x1f: 6 byte cdbs */
347 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
348 0, 0, 0, 0,
349 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
350 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
351 SDEB_I_RELEASE,
352 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
353 SDEB_I_ALLOW_REMOVAL, 0,
354 /* 0x20; 0x20->0x3f: 10 byte cdbs */
355 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
356 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
357 0, 0, 0, 0, 0, SDEB_I_SYNC_CACHE, 0, 0,
358 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
359 /* 0x40; 0x40->0x5f: 10 byte cdbs */
360 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
361 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
362 0, 0, 0, SDEB_I_XDWRITEREAD, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
363 SDEB_I_RELEASE,
364 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
365 /* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
366 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
367 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
368 0, SDEB_I_VARIABLE_LEN,
369 /* 0x80; 0x80->0x9f: 16 byte cdbs */
370 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
371 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0, 0, 0, 0, 0,
372 0, 0, 0, SDEB_I_WRITE_SAME, 0, 0, 0, 0,
373 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN, SDEB_I_SERV_ACT_OUT,
374 /* 0xa0; 0xa0->0xbf: 12 byte cdbs */
375 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
376 SDEB_I_MAINT_OUT, 0, 0, 0,
377 SDEB_I_READ, SDEB_I_SERV_ACT_OUT, SDEB_I_WRITE, SDEB_I_SERV_ACT_IN,
378 0, 0, 0, 0,
379 0, 0, 0, 0, 0, 0, 0, 0,
380 0, 0, 0, 0, 0, 0, 0, 0,
381 /* 0xc0; 0xc0->0xff: vendor specific */
382 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
383 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
384 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
385 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
388 static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
389 static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
390 static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
391 static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
392 static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
393 static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
394 static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
395 static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
396 static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
397 static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
398 static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
399 static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
400 static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
401 static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
402 static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
403 static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
404 static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
405 static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
406 static int resp_xdwriteread_10(struct scsi_cmnd *, struct sdebug_dev_info *);
407 static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
408 static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
410 static const struct opcode_info_t msense_iarr[1] = {
411 {0, 0x1a, 0, F_D_IN, NULL, NULL,
412 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
415 static const struct opcode_info_t mselect_iarr[1] = {
416 {0, 0x15, 0, F_D_OUT, NULL, NULL,
417 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
420 static const struct opcode_info_t read_iarr[3] = {
421 {0, 0x28, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(10) */
422 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
423 0, 0, 0, 0} },
424 {0, 0x8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL, /* READ(6) */
425 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
426 {0, 0xa8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(12) */
427 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
428 0xc7, 0, 0, 0, 0} },
431 static const struct opcode_info_t write_iarr[3] = {
432 {0, 0x2a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 10 */
433 {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
434 0, 0, 0, 0} },
435 {0, 0xa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 6 */
436 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
437 {0, 0xaa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 12 */
438 {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
439 0xc7, 0, 0, 0, 0} },
442 static const struct opcode_info_t sa_in_iarr[1] = {
443 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
444 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
445 0xff, 0xff, 0xff, 0, 0xc7} },
448 static const struct opcode_info_t vl_iarr[1] = { /* VARIABLE LENGTH */
449 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_DIRECT_IO, resp_write_dt0,
450 NULL, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0xb, 0xfa,
451 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
454 static const struct opcode_info_t maint_in_iarr[2] = {
455 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
456 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
457 0xc7, 0, 0, 0, 0} },
458 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
459 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
460 0, 0} },
463 static const struct opcode_info_t write_same_iarr[1] = {
464 {0, 0x93, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_16, NULL,
465 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
466 0xff, 0xff, 0xff, 0x1f, 0xc7} },
469 static const struct opcode_info_t reserve_iarr[1] = {
470 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
471 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
474 static const struct opcode_info_t release_iarr[1] = {
475 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
476 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
480 /* This array is accessed via SDEB_I_* values. Make sure all are mapped,
481 * plus the terminating elements for logic that scans this table such as
482 * REPORT SUPPORTED OPERATION CODES. */
483 static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = {
484 /* 0 */
485 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,
486 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
487 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL,
488 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
489 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
490 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
491 0, 0} },
492 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
493 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
494 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
495 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
496 {1, 0x5a, 0, F_D_IN, resp_mode_sense, msense_iarr,
497 {10, 0xf8, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
498 0} },
499 {1, 0x55, 0, F_D_OUT, resp_mode_select, mselect_iarr,
500 {10, 0xf1, 0, 0, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
501 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,
502 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
503 0, 0, 0} },
504 {0, 0x25, 0, F_D_IN, resp_readcap, NULL,
505 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
506 0, 0} },
507 {3, 0x88, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, read_iarr,
508 {16, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
509 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* READ(16) */
510 /* 10 */
511 {3, 0x8a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, write_iarr,
512 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
513 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* WRITE(16) */
514 {0, 0x1b, 0, 0, resp_start_stop, NULL, /* START STOP UNIT */
515 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
516 {1, 0x9e, 0x10, F_SA_LOW | F_D_IN, resp_readcap16, sa_in_iarr,
517 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
518 0xff, 0xff, 0xff, 0x1, 0xc7} }, /* READ CAPACITY(16) */
519 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* SA OUT */
520 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
521 {2, 0xa3, 0xa, F_SA_LOW | F_D_IN, resp_report_tgtpgs, maint_in_iarr,
522 {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0, 0,
523 0} },
524 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
525 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
526 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, NULL, NULL, /* VERIFY(10) */
527 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7,
528 0, 0, 0, 0, 0, 0} },
529 {1, 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_DIRECT_IO, resp_read_dt0,
530 vl_iarr, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0x9, 0xfe, 0,
531 0xff, 0xff, 0xff, 0xff} },/* VARIABLE LENGTH, READ(32) */
532 {1, 0x56, 0, F_D_OUT, NULL, reserve_iarr, /* RESERVE(10) */
533 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
534 0} },
535 {1, 0x57, 0, F_D_OUT, NULL, release_iarr, /* RELEASE(10) */
536 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
537 0} },
538 /* 20 */
539 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
540 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
541 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
542 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
543 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
544 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
545 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
546 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
547 {0, 0x42, 0, F_D_OUT | FF_DIRECT_IO, resp_unmap, NULL, /* UNMAP */
548 {10, 0x1, 0, 0, 0, 0, 0x1f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
549 {0, 0x53, 0, F_D_IN | F_D_OUT | FF_DIRECT_IO, resp_xdwriteread_10,
550 NULL, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7,
551 0, 0, 0, 0, 0, 0} },
552 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
553 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
554 0, 0, 0, 0} }, /* WRITE_BUFFER */
555 {1, 0x41, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_10,
556 write_same_iarr, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff,
557 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
558 {0, 0x35, 0, F_DELAY_OVERR | FF_DIRECT_IO, NULL, NULL, /* SYNC_CACHE */
559 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
560 0, 0, 0, 0} },
561 {0, 0x89, 0, F_D_OUT | FF_DIRECT_IO, resp_comp_write, NULL,
562 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
563 0, 0xff, 0x1f, 0xc7} }, /* COMPARE AND WRITE */
565 /* 30 */
566 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
567 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
570 static int sdebug_add_host = DEF_NUM_HOST;
571 static int sdebug_ato = DEF_ATO;
572 static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
573 static int sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
574 static int sdebug_dif = DEF_DIF;
575 static int sdebug_dix = DEF_DIX;
576 static int sdebug_dsense = DEF_D_SENSE;
577 static int sdebug_every_nth = DEF_EVERY_NTH;
578 static int sdebug_fake_rw = DEF_FAKE_RW;
579 static unsigned int sdebug_guard = DEF_GUARD;
580 static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
581 static int sdebug_max_luns = DEF_MAX_LUNS;
582 static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
583 static atomic_t retired_max_queue; /* if > 0 then was prior max_queue */
584 static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
585 static int sdebug_no_lun_0 = DEF_NO_LUN_0;
586 static int sdebug_no_uld;
587 static int sdebug_num_parts = DEF_NUM_PARTS;
588 static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
589 static int sdebug_opt_blks = DEF_OPT_BLKS;
590 static int sdebug_opts = DEF_OPTS;
591 static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
592 static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
593 static int sdebug_scsi_level = DEF_SCSI_LEVEL;
594 static int sdebug_sector_size = DEF_SECTOR_SIZE;
595 static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
596 static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
597 static unsigned int sdebug_lbpu = DEF_LBPU;
598 static unsigned int sdebug_lbpws = DEF_LBPWS;
599 static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
600 static unsigned int sdebug_lbprz = DEF_LBPRZ;
601 static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
602 static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
603 static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
604 static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
605 static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
606 static int sdebug_uuid_ctl = DEF_UUID_CTL;
607 static bool sdebug_removable = DEF_REMOVABLE;
608 static bool sdebug_clustering;
609 static bool sdebug_host_lock = DEF_HOST_LOCK;
610 static bool sdebug_strict = DEF_STRICT;
611 static bool sdebug_any_injecting_opt;
612 static bool sdebug_verbose;
613 static bool have_dif_prot;
614 static bool sdebug_statistics = DEF_STATISTICS;
615 static bool sdebug_mq_active;
617 static unsigned int sdebug_store_sectors;
618 static sector_t sdebug_capacity; /* in sectors */
620 /* old BIOS stuff, kernel may get rid of them but some mode sense pages
621 may still need them */
622 static int sdebug_heads; /* heads per disk */
623 static int sdebug_cylinders_per; /* cylinders per surface */
624 static int sdebug_sectors_per; /* sectors per cylinder */
626 static LIST_HEAD(sdebug_host_list);
627 static DEFINE_SPINLOCK(sdebug_host_list_lock);
629 static unsigned char *fake_storep; /* ramdisk storage */
630 static struct sd_dif_tuple *dif_storep; /* protection info */
631 static void *map_storep; /* provisioning map */
633 static unsigned long map_size;
634 static int num_aborts;
635 static int num_dev_resets;
636 static int num_target_resets;
637 static int num_bus_resets;
638 static int num_host_resets;
639 static int dix_writes;
640 static int dix_reads;
641 static int dif_errors;
643 static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
644 static struct sdebug_queue *sdebug_q_arr; /* ptr to array of submit queues */
646 static DEFINE_RWLOCK(atomic_rw);
648 static char sdebug_proc_name[] = MY_NAME;
649 static const char *my_name = MY_NAME;
651 static struct bus_type pseudo_lld_bus;
653 static struct device_driver sdebug_driverfs_driver = {
654 .name = sdebug_proc_name,
655 .bus = &pseudo_lld_bus,
658 static const int check_condition_result =
659 (DRIVER_SENSE << 24) | SAM_STAT_CHECK_CONDITION;
661 static const int illegal_condition_result =
662 (DRIVER_SENSE << 24) | (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
664 static const int device_qfull_result =
665 (DID_OK << 16) | (COMMAND_COMPLETE << 8) | SAM_STAT_TASK_SET_FULL;
668 /* Only do the extra work involved in logical block provisioning if one or
669 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
670 * real reads and writes (i.e. not skipping them for speed).
672 static inline bool scsi_debug_lbp(void)
674 return 0 == sdebug_fake_rw &&
675 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
678 static void *fake_store(unsigned long long lba)
680 lba = do_div(lba, sdebug_store_sectors);
682 return fake_storep + lba * sdebug_sector_size;
685 static struct sd_dif_tuple *dif_store(sector_t sector)
687 sector = sector_div(sector, sdebug_store_sectors);
689 return dif_storep + sector;
692 static void sdebug_max_tgts_luns(void)
694 struct sdebug_host_info *sdbg_host;
695 struct Scsi_Host *hpnt;
697 spin_lock(&sdebug_host_list_lock);
698 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
699 hpnt = sdbg_host->shost;
700 if ((hpnt->this_id >= 0) &&
701 (sdebug_num_tgts > hpnt->this_id))
702 hpnt->max_id = sdebug_num_tgts + 1;
703 else
704 hpnt->max_id = sdebug_num_tgts;
705 /* sdebug_max_luns; */
706 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
708 spin_unlock(&sdebug_host_list_lock);
711 enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
713 /* Set in_bit to -1 to indicate no bit position of invalid field */
714 static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
715 enum sdeb_cmd_data c_d,
716 int in_byte, int in_bit)
718 unsigned char *sbuff;
719 u8 sks[4];
720 int sl, asc;
722 sbuff = scp->sense_buffer;
723 if (!sbuff) {
724 sdev_printk(KERN_ERR, scp->device,
725 "%s: sense_buffer is NULL\n", __func__);
726 return;
728 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
729 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
730 scsi_build_sense_buffer(sdebug_dsense, sbuff, ILLEGAL_REQUEST, asc, 0);
731 memset(sks, 0, sizeof(sks));
732 sks[0] = 0x80;
733 if (c_d)
734 sks[0] |= 0x40;
735 if (in_bit >= 0) {
736 sks[0] |= 0x8;
737 sks[0] |= 0x7 & in_bit;
739 put_unaligned_be16(in_byte, sks + 1);
740 if (sdebug_dsense) {
741 sl = sbuff[7] + 8;
742 sbuff[7] = sl;
743 sbuff[sl] = 0x2;
744 sbuff[sl + 1] = 0x6;
745 memcpy(sbuff + sl + 4, sks, 3);
746 } else
747 memcpy(sbuff + 15, sks, 3);
748 if (sdebug_verbose)
749 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
750 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
751 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
754 static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
756 unsigned char *sbuff;
758 sbuff = scp->sense_buffer;
759 if (!sbuff) {
760 sdev_printk(KERN_ERR, scp->device,
761 "%s: sense_buffer is NULL\n", __func__);
762 return;
764 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
766 scsi_build_sense_buffer(sdebug_dsense, sbuff, key, asc, asq);
768 if (sdebug_verbose)
769 sdev_printk(KERN_INFO, scp->device,
770 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
771 my_name, key, asc, asq);
774 static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
776 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
779 static int scsi_debug_ioctl(struct scsi_device *dev, int cmd, void __user *arg)
781 if (sdebug_verbose) {
782 if (0x1261 == cmd)
783 sdev_printk(KERN_INFO, dev,
784 "%s: BLKFLSBUF [0x1261]\n", __func__);
785 else if (0x5331 == cmd)
786 sdev_printk(KERN_INFO, dev,
787 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
788 __func__);
789 else
790 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
791 __func__, cmd);
793 return -EINVAL;
794 /* return -ENOTTY; // correct return but upsets fdisk */
797 static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
799 struct sdebug_host_info *sdhp;
800 struct sdebug_dev_info *dp;
802 spin_lock(&sdebug_host_list_lock);
803 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
804 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
805 if ((devip->sdbg_host == dp->sdbg_host) &&
806 (devip->target == dp->target))
807 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
810 spin_unlock(&sdebug_host_list_lock);
813 static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
815 int k;
817 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
818 if (k != SDEBUG_NUM_UAS) {
819 const char *cp = NULL;
821 switch (k) {
822 case SDEBUG_UA_POR:
823 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
824 POWER_ON_RESET_ASCQ);
825 if (sdebug_verbose)
826 cp = "power on reset";
827 break;
828 case SDEBUG_UA_BUS_RESET:
829 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
830 BUS_RESET_ASCQ);
831 if (sdebug_verbose)
832 cp = "bus reset";
833 break;
834 case SDEBUG_UA_MODE_CHANGED:
835 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
836 MODE_CHANGED_ASCQ);
837 if (sdebug_verbose)
838 cp = "mode parameters changed";
839 break;
840 case SDEBUG_UA_CAPACITY_CHANGED:
841 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
842 CAPACITY_CHANGED_ASCQ);
843 if (sdebug_verbose)
844 cp = "capacity data changed";
845 break;
846 case SDEBUG_UA_MICROCODE_CHANGED:
847 mk_sense_buffer(scp, UNIT_ATTENTION,
848 TARGET_CHANGED_ASC,
849 MICROCODE_CHANGED_ASCQ);
850 if (sdebug_verbose)
851 cp = "microcode has been changed";
852 break;
853 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
854 mk_sense_buffer(scp, UNIT_ATTENTION,
855 TARGET_CHANGED_ASC,
856 MICROCODE_CHANGED_WO_RESET_ASCQ);
857 if (sdebug_verbose)
858 cp = "microcode has been changed without reset";
859 break;
860 case SDEBUG_UA_LUNS_CHANGED:
862 * SPC-3 behavior is to report a UNIT ATTENTION with
863 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
864 * on the target, until a REPORT LUNS command is
865 * received. SPC-4 behavior is to report it only once.
866 * NOTE: sdebug_scsi_level does not use the same
867 * values as struct scsi_device->scsi_level.
869 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
870 clear_luns_changed_on_target(devip);
871 mk_sense_buffer(scp, UNIT_ATTENTION,
872 TARGET_CHANGED_ASC,
873 LUNS_CHANGED_ASCQ);
874 if (sdebug_verbose)
875 cp = "reported luns data has changed";
876 break;
877 default:
878 pr_warn("unexpected unit attention code=%d\n", k);
879 if (sdebug_verbose)
880 cp = "unknown";
881 break;
883 clear_bit(k, devip->uas_bm);
884 if (sdebug_verbose)
885 sdev_printk(KERN_INFO, scp->device,
886 "%s reports: Unit attention: %s\n",
887 my_name, cp);
888 return check_condition_result;
890 return 0;
893 /* Returns 0 if ok else (DID_ERROR << 16). Sets scp->resid . */
894 static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
895 int arr_len)
897 int act_len;
898 struct scsi_data_buffer *sdb = scsi_in(scp);
900 if (!sdb->length)
901 return 0;
902 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_FROM_DEVICE))
903 return DID_ERROR << 16;
905 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
906 arr, arr_len);
907 sdb->resid = scsi_bufflen(scp) - act_len;
909 return 0;
912 /* Returns number of bytes fetched into 'arr' or -1 if error. */
913 static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
914 int arr_len)
916 if (!scsi_bufflen(scp))
917 return 0;
918 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_TO_DEVICE))
919 return -1;
921 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
925 static const char * inq_vendor_id = "Linux ";
926 static const char * inq_product_id = "scsi_debug ";
927 static const char *inq_product_rev = "0186"; /* version less '.' */
928 /* Use some locally assigned NAAs for SAS addresses. */
929 static const u64 naa3_comp_a = 0x3222222000000000ULL;
930 static const u64 naa3_comp_b = 0x3333333000000000ULL;
931 static const u64 naa3_comp_c = 0x3111111000000000ULL;
933 /* Device identification VPD page. Returns number of bytes placed in arr */
934 static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
935 int target_dev_id, int dev_id_num,
936 const char *dev_id_str, int dev_id_str_len,
937 const uuid_be *lu_name)
939 int num, port_a;
940 char b[32];
942 port_a = target_dev_id + 1;
943 /* T10 vendor identifier field format (faked) */
944 arr[0] = 0x2; /* ASCII */
945 arr[1] = 0x1;
946 arr[2] = 0x0;
947 memcpy(&arr[4], inq_vendor_id, 8);
948 memcpy(&arr[12], inq_product_id, 16);
949 memcpy(&arr[28], dev_id_str, dev_id_str_len);
950 num = 8 + 16 + dev_id_str_len;
951 arr[3] = num;
952 num += 4;
953 if (dev_id_num >= 0) {
954 if (sdebug_uuid_ctl) {
955 /* Locally assigned UUID */
956 arr[num++] = 0x1; /* binary (not necessarily sas) */
957 arr[num++] = 0xa; /* PIV=0, lu, naa */
958 arr[num++] = 0x0;
959 arr[num++] = 0x12;
960 arr[num++] = 0x10; /* uuid type=1, locally assigned */
961 arr[num++] = 0x0;
962 memcpy(arr + num, lu_name, 16);
963 num += 16;
964 } else {
965 /* NAA-3, Logical unit identifier (binary) */
966 arr[num++] = 0x1; /* binary (not necessarily sas) */
967 arr[num++] = 0x3; /* PIV=0, lu, naa */
968 arr[num++] = 0x0;
969 arr[num++] = 0x8;
970 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
971 num += 8;
973 /* Target relative port number */
974 arr[num++] = 0x61; /* proto=sas, binary */
975 arr[num++] = 0x94; /* PIV=1, target port, rel port */
976 arr[num++] = 0x0; /* reserved */
977 arr[num++] = 0x4; /* length */
978 arr[num++] = 0x0; /* reserved */
979 arr[num++] = 0x0; /* reserved */
980 arr[num++] = 0x0;
981 arr[num++] = 0x1; /* relative port A */
983 /* NAA-3, Target port identifier */
984 arr[num++] = 0x61; /* proto=sas, binary */
985 arr[num++] = 0x93; /* piv=1, target port, naa */
986 arr[num++] = 0x0;
987 arr[num++] = 0x8;
988 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
989 num += 8;
990 /* NAA-3, Target port group identifier */
991 arr[num++] = 0x61; /* proto=sas, binary */
992 arr[num++] = 0x95; /* piv=1, target port group id */
993 arr[num++] = 0x0;
994 arr[num++] = 0x4;
995 arr[num++] = 0;
996 arr[num++] = 0;
997 put_unaligned_be16(port_group_id, arr + num);
998 num += 2;
999 /* NAA-3, Target device identifier */
1000 arr[num++] = 0x61; /* proto=sas, binary */
1001 arr[num++] = 0xa3; /* piv=1, target device, naa */
1002 arr[num++] = 0x0;
1003 arr[num++] = 0x8;
1004 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1005 num += 8;
1006 /* SCSI name string: Target device identifier */
1007 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1008 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1009 arr[num++] = 0x0;
1010 arr[num++] = 24;
1011 memcpy(arr + num, "naa.32222220", 12);
1012 num += 12;
1013 snprintf(b, sizeof(b), "%08X", target_dev_id);
1014 memcpy(arr + num, b, 8);
1015 num += 8;
1016 memset(arr + num, 0, 4);
1017 num += 4;
1018 return num;
1021 static unsigned char vpd84_data[] = {
1022 /* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1023 0x22,0x22,0x22,0x0,0xbb,0x1,
1024 0x22,0x22,0x22,0x0,0xbb,0x2,
1027 /* Software interface identification VPD page */
1028 static int inquiry_vpd_84(unsigned char *arr)
1030 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1031 return sizeof(vpd84_data);
1034 /* Management network addresses VPD page */
1035 static int inquiry_vpd_85(unsigned char *arr)
1037 int num = 0;
1038 const char * na1 = "https://www.kernel.org/config";
1039 const char * na2 = "http://www.kernel.org/log";
1040 int plen, olen;
1042 arr[num++] = 0x1; /* lu, storage config */
1043 arr[num++] = 0x0; /* reserved */
1044 arr[num++] = 0x0;
1045 olen = strlen(na1);
1046 plen = olen + 1;
1047 if (plen % 4)
1048 plen = ((plen / 4) + 1) * 4;
1049 arr[num++] = plen; /* length, null termianted, padded */
1050 memcpy(arr + num, na1, olen);
1051 memset(arr + num + olen, 0, plen - olen);
1052 num += plen;
1054 arr[num++] = 0x4; /* lu, logging */
1055 arr[num++] = 0x0; /* reserved */
1056 arr[num++] = 0x0;
1057 olen = strlen(na2);
1058 plen = olen + 1;
1059 if (plen % 4)
1060 plen = ((plen / 4) + 1) * 4;
1061 arr[num++] = plen; /* length, null terminated, padded */
1062 memcpy(arr + num, na2, olen);
1063 memset(arr + num + olen, 0, plen - olen);
1064 num += plen;
1066 return num;
1069 /* SCSI ports VPD page */
1070 static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1072 int num = 0;
1073 int port_a, port_b;
1075 port_a = target_dev_id + 1;
1076 port_b = port_a + 1;
1077 arr[num++] = 0x0; /* reserved */
1078 arr[num++] = 0x0; /* reserved */
1079 arr[num++] = 0x0;
1080 arr[num++] = 0x1; /* relative port 1 (primary) */
1081 memset(arr + num, 0, 6);
1082 num += 6;
1083 arr[num++] = 0x0;
1084 arr[num++] = 12; /* length tp descriptor */
1085 /* naa-5 target port identifier (A) */
1086 arr[num++] = 0x61; /* proto=sas, binary */
1087 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1088 arr[num++] = 0x0; /* reserved */
1089 arr[num++] = 0x8; /* length */
1090 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1091 num += 8;
1092 arr[num++] = 0x0; /* reserved */
1093 arr[num++] = 0x0; /* reserved */
1094 arr[num++] = 0x0;
1095 arr[num++] = 0x2; /* relative port 2 (secondary) */
1096 memset(arr + num, 0, 6);
1097 num += 6;
1098 arr[num++] = 0x0;
1099 arr[num++] = 12; /* length tp descriptor */
1100 /* naa-5 target port identifier (B) */
1101 arr[num++] = 0x61; /* proto=sas, binary */
1102 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1103 arr[num++] = 0x0; /* reserved */
1104 arr[num++] = 0x8; /* length */
1105 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1106 num += 8;
1108 return num;
1112 static unsigned char vpd89_data[] = {
1113 /* from 4th byte */ 0,0,0,0,
1114 'l','i','n','u','x',' ',' ',' ',
1115 'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1116 '1','2','3','4',
1117 0x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
1118 0xec,0,0,0,
1119 0x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
1120 0,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
1121 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
1122 0x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
1123 0x53,0x41,
1124 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1125 0x20,0x20,
1126 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1127 0x10,0x80,
1128 0,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
1129 0x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
1130 0x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
1131 0,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
1132 0x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
1133 0x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
1134 0,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
1135 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1136 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1137 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1138 0x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
1139 0,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
1140 0xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
1141 0,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
1142 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1143 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1144 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1145 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1146 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1147 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1148 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1149 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1150 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1151 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1152 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1153 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1156 /* ATA Information VPD page */
1157 static int inquiry_vpd_89(unsigned char *arr)
1159 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1160 return sizeof(vpd89_data);
1164 static unsigned char vpdb0_data[] = {
1165 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1166 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1167 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1168 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1171 /* Block limits VPD page (SBC-3) */
1172 static int inquiry_vpd_b0(unsigned char *arr)
1174 unsigned int gran;
1176 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1178 /* Optimal transfer length granularity */
1179 gran = 1 << sdebug_physblk_exp;
1180 put_unaligned_be16(gran, arr + 2);
1182 /* Maximum Transfer Length */
1183 if (sdebug_store_sectors > 0x400)
1184 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1186 /* Optimal Transfer Length */
1187 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1189 if (sdebug_lbpu) {
1190 /* Maximum Unmap LBA Count */
1191 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1193 /* Maximum Unmap Block Descriptor Count */
1194 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1197 /* Unmap Granularity Alignment */
1198 if (sdebug_unmap_alignment) {
1199 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1200 arr[28] |= 0x80; /* UGAVALID */
1203 /* Optimal Unmap Granularity */
1204 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1206 /* Maximum WRITE SAME Length */
1207 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1209 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1211 return sizeof(vpdb0_data);
1214 /* Block device characteristics VPD page (SBC-3) */
1215 static int inquiry_vpd_b1(unsigned char *arr)
1217 memset(arr, 0, 0x3c);
1218 arr[0] = 0;
1219 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1220 arr[2] = 0;
1221 arr[3] = 5; /* less than 1.8" */
1223 return 0x3c;
1226 /* Logical block provisioning VPD page (SBC-4) */
1227 static int inquiry_vpd_b2(unsigned char *arr)
1229 memset(arr, 0, 0x4);
1230 arr[0] = 0; /* threshold exponent */
1231 if (sdebug_lbpu)
1232 arr[1] = 1 << 7;
1233 if (sdebug_lbpws)
1234 arr[1] |= 1 << 6;
1235 if (sdebug_lbpws10)
1236 arr[1] |= 1 << 5;
1237 if (sdebug_lbprz && scsi_debug_lbp())
1238 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1239 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1240 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1241 /* threshold_percentage=0 */
1242 return 0x4;
1245 #define SDEBUG_LONG_INQ_SZ 96
1246 #define SDEBUG_MAX_INQ_ARR_SZ 584
1248 static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1250 unsigned char pq_pdt;
1251 unsigned char * arr;
1252 unsigned char *cmd = scp->cmnd;
1253 int alloc_len, n, ret;
1254 bool have_wlun, is_disk;
1256 alloc_len = get_unaligned_be16(cmd + 3);
1257 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1258 if (! arr)
1259 return DID_REQUEUE << 16;
1260 is_disk = (sdebug_ptype == TYPE_DISK);
1261 have_wlun = scsi_is_wlun(scp->device->lun);
1262 if (have_wlun)
1263 pq_pdt = TYPE_WLUN; /* present, wlun */
1264 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1265 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1266 else
1267 pq_pdt = (sdebug_ptype & 0x1f);
1268 arr[0] = pq_pdt;
1269 if (0x2 & cmd[1]) { /* CMDDT bit set */
1270 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1271 kfree(arr);
1272 return check_condition_result;
1273 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1274 int lu_id_num, port_group_id, target_dev_id, len;
1275 char lu_id_str[6];
1276 int host_no = devip->sdbg_host->shost->host_no;
1278 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1279 (devip->channel & 0x7f);
1280 if (sdebug_vpd_use_hostno == 0)
1281 host_no = 0;
1282 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1283 (devip->target * 1000) + devip->lun);
1284 target_dev_id = ((host_no + 1) * 2000) +
1285 (devip->target * 1000) - 3;
1286 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1287 if (0 == cmd[2]) { /* supported vital product data pages */
1288 arr[1] = cmd[2]; /*sanity */
1289 n = 4;
1290 arr[n++] = 0x0; /* this page */
1291 arr[n++] = 0x80; /* unit serial number */
1292 arr[n++] = 0x83; /* device identification */
1293 arr[n++] = 0x84; /* software interface ident. */
1294 arr[n++] = 0x85; /* management network addresses */
1295 arr[n++] = 0x86; /* extended inquiry */
1296 arr[n++] = 0x87; /* mode page policy */
1297 arr[n++] = 0x88; /* SCSI ports */
1298 if (is_disk) { /* SBC only */
1299 arr[n++] = 0x89; /* ATA information */
1300 arr[n++] = 0xb0; /* Block limits */
1301 arr[n++] = 0xb1; /* Block characteristics */
1302 arr[n++] = 0xb2; /* Logical Block Prov */
1304 arr[3] = n - 4; /* number of supported VPD pages */
1305 } else if (0x80 == cmd[2]) { /* unit serial number */
1306 arr[1] = cmd[2]; /*sanity */
1307 arr[3] = len;
1308 memcpy(&arr[4], lu_id_str, len);
1309 } else if (0x83 == cmd[2]) { /* device identification */
1310 arr[1] = cmd[2]; /*sanity */
1311 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1312 target_dev_id, lu_id_num,
1313 lu_id_str, len,
1314 &devip->lu_name);
1315 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1316 arr[1] = cmd[2]; /*sanity */
1317 arr[3] = inquiry_vpd_84(&arr[4]);
1318 } else if (0x85 == cmd[2]) { /* Management network addresses */
1319 arr[1] = cmd[2]; /*sanity */
1320 arr[3] = inquiry_vpd_85(&arr[4]);
1321 } else if (0x86 == cmd[2]) { /* extended inquiry */
1322 arr[1] = cmd[2]; /*sanity */
1323 arr[3] = 0x3c; /* number of following entries */
1324 if (sdebug_dif == SD_DIF_TYPE3_PROTECTION)
1325 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1326 else if (have_dif_prot)
1327 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1328 else
1329 arr[4] = 0x0; /* no protection stuff */
1330 arr[5] = 0x7; /* head of q, ordered + simple q's */
1331 } else if (0x87 == cmd[2]) { /* mode page policy */
1332 arr[1] = cmd[2]; /*sanity */
1333 arr[3] = 0x8; /* number of following entries */
1334 arr[4] = 0x2; /* disconnect-reconnect mp */
1335 arr[6] = 0x80; /* mlus, shared */
1336 arr[8] = 0x18; /* protocol specific lu */
1337 arr[10] = 0x82; /* mlus, per initiator port */
1338 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1339 arr[1] = cmd[2]; /*sanity */
1340 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1341 } else if (is_disk && 0x89 == cmd[2]) { /* ATA information */
1342 arr[1] = cmd[2]; /*sanity */
1343 n = inquiry_vpd_89(&arr[4]);
1344 put_unaligned_be16(n, arr + 2);
1345 } else if (is_disk && 0xb0 == cmd[2]) { /* Block limits */
1346 arr[1] = cmd[2]; /*sanity */
1347 arr[3] = inquiry_vpd_b0(&arr[4]);
1348 } else if (is_disk && 0xb1 == cmd[2]) { /* Block char. */
1349 arr[1] = cmd[2]; /*sanity */
1350 arr[3] = inquiry_vpd_b1(&arr[4]);
1351 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1352 arr[1] = cmd[2]; /*sanity */
1353 arr[3] = inquiry_vpd_b2(&arr[4]);
1354 } else {
1355 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1356 kfree(arr);
1357 return check_condition_result;
1359 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1360 ret = fill_from_dev_buffer(scp, arr,
1361 min(len, SDEBUG_MAX_INQ_ARR_SZ));
1362 kfree(arr);
1363 return ret;
1365 /* drops through here for a standard inquiry */
1366 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
1367 arr[2] = sdebug_scsi_level;
1368 arr[3] = 2; /* response_data_format==2 */
1369 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1370 arr[5] = (int)have_dif_prot; /* PROTECT bit */
1371 if (sdebug_vpd_use_hostno == 0)
1372 arr[5] = 0x10; /* claim: implicit TGPS */
1373 arr[6] = 0x10; /* claim: MultiP */
1374 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1375 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1376 memcpy(&arr[8], inq_vendor_id, 8);
1377 memcpy(&arr[16], inq_product_id, 16);
1378 memcpy(&arr[32], inq_product_rev, 4);
1379 /* version descriptors (2 bytes each) follow */
1380 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
1381 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
1382 n = 62;
1383 if (is_disk) { /* SBC-4 no version claimed */
1384 put_unaligned_be16(0x600, arr + n);
1385 n += 2;
1386 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1387 put_unaligned_be16(0x525, arr + n);
1388 n += 2;
1390 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
1391 ret = fill_from_dev_buffer(scp, arr,
1392 min(alloc_len, SDEBUG_LONG_INQ_SZ));
1393 kfree(arr);
1394 return ret;
1397 static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1398 0, 0, 0x0, 0x0};
1400 static int resp_requests(struct scsi_cmnd * scp,
1401 struct sdebug_dev_info * devip)
1403 unsigned char * sbuff;
1404 unsigned char *cmd = scp->cmnd;
1405 unsigned char arr[SCSI_SENSE_BUFFERSIZE];
1406 bool dsense;
1407 int len = 18;
1409 memset(arr, 0, sizeof(arr));
1410 dsense = !!(cmd[1] & 1);
1411 sbuff = scp->sense_buffer;
1412 if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1413 if (dsense) {
1414 arr[0] = 0x72;
1415 arr[1] = 0x0; /* NO_SENSE in sense_key */
1416 arr[2] = THRESHOLD_EXCEEDED;
1417 arr[3] = 0xff; /* TEST set and MRIE==6 */
1418 len = 8;
1419 } else {
1420 arr[0] = 0x70;
1421 arr[2] = 0x0; /* NO_SENSE in sense_key */
1422 arr[7] = 0xa; /* 18 byte sense buffer */
1423 arr[12] = THRESHOLD_EXCEEDED;
1424 arr[13] = 0xff; /* TEST set and MRIE==6 */
1426 } else {
1427 memcpy(arr, sbuff, SCSI_SENSE_BUFFERSIZE);
1428 if (arr[0] >= 0x70 && dsense == sdebug_dsense)
1429 ; /* have sense and formats match */
1430 else if (arr[0] <= 0x70) {
1431 if (dsense) {
1432 memset(arr, 0, 8);
1433 arr[0] = 0x72;
1434 len = 8;
1435 } else {
1436 memset(arr, 0, 18);
1437 arr[0] = 0x70;
1438 arr[7] = 0xa;
1440 } else if (dsense) {
1441 memset(arr, 0, 8);
1442 arr[0] = 0x72;
1443 arr[1] = sbuff[2]; /* sense key */
1444 arr[2] = sbuff[12]; /* asc */
1445 arr[3] = sbuff[13]; /* ascq */
1446 len = 8;
1447 } else {
1448 memset(arr, 0, 18);
1449 arr[0] = 0x70;
1450 arr[2] = sbuff[1];
1451 arr[7] = 0xa;
1452 arr[12] = sbuff[1];
1453 arr[13] = sbuff[3];
1457 mk_sense_buffer(scp, 0, NO_ADDITIONAL_SENSE, 0);
1458 return fill_from_dev_buffer(scp, arr, len);
1461 static int resp_start_stop(struct scsi_cmnd * scp,
1462 struct sdebug_dev_info * devip)
1464 unsigned char *cmd = scp->cmnd;
1465 int power_cond, stop;
1467 power_cond = (cmd[4] & 0xf0) >> 4;
1468 if (power_cond) {
1469 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1470 return check_condition_result;
1472 stop = !(cmd[4] & 1);
1473 atomic_xchg(&devip->stopped, stop);
1474 return 0;
1477 static sector_t get_sdebug_capacity(void)
1479 static const unsigned int gibibyte = 1073741824;
1481 if (sdebug_virtual_gb > 0)
1482 return (sector_t)sdebug_virtual_gb *
1483 (gibibyte / sdebug_sector_size);
1484 else
1485 return sdebug_store_sectors;
1488 #define SDEBUG_READCAP_ARR_SZ 8
1489 static int resp_readcap(struct scsi_cmnd * scp,
1490 struct sdebug_dev_info * devip)
1492 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1493 unsigned int capac;
1495 /* following just in case virtual_gb changed */
1496 sdebug_capacity = get_sdebug_capacity();
1497 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1498 if (sdebug_capacity < 0xffffffff) {
1499 capac = (unsigned int)sdebug_capacity - 1;
1500 put_unaligned_be32(capac, arr + 0);
1501 } else
1502 put_unaligned_be32(0xffffffff, arr + 0);
1503 put_unaligned_be16(sdebug_sector_size, arr + 6);
1504 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1507 #define SDEBUG_READCAP16_ARR_SZ 32
1508 static int resp_readcap16(struct scsi_cmnd * scp,
1509 struct sdebug_dev_info * devip)
1511 unsigned char *cmd = scp->cmnd;
1512 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1513 int alloc_len;
1515 alloc_len = get_unaligned_be32(cmd + 10);
1516 /* following just in case virtual_gb changed */
1517 sdebug_capacity = get_sdebug_capacity();
1518 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1519 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1520 put_unaligned_be32(sdebug_sector_size, arr + 8);
1521 arr[13] = sdebug_physblk_exp & 0xf;
1522 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1524 if (scsi_debug_lbp()) {
1525 arr[14] |= 0x80; /* LBPME */
1526 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1527 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1528 * in the wider field maps to 0 in this field.
1530 if (sdebug_lbprz & 1) /* precisely what the draft requires */
1531 arr[14] |= 0x40;
1534 arr[15] = sdebug_lowest_aligned & 0xff;
1536 if (have_dif_prot) {
1537 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1538 arr[12] |= 1; /* PROT_EN */
1541 return fill_from_dev_buffer(scp, arr,
1542 min(alloc_len, SDEBUG_READCAP16_ARR_SZ));
1545 #define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1547 static int resp_report_tgtpgs(struct scsi_cmnd * scp,
1548 struct sdebug_dev_info * devip)
1550 unsigned char *cmd = scp->cmnd;
1551 unsigned char * arr;
1552 int host_no = devip->sdbg_host->shost->host_no;
1553 int n, ret, alen, rlen;
1554 int port_group_a, port_group_b, port_a, port_b;
1556 alen = get_unaligned_be32(cmd + 6);
1557 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1558 if (! arr)
1559 return DID_REQUEUE << 16;
1561 * EVPD page 0x88 states we have two ports, one
1562 * real and a fake port with no device connected.
1563 * So we create two port groups with one port each
1564 * and set the group with port B to unavailable.
1566 port_a = 0x1; /* relative port A */
1567 port_b = 0x2; /* relative port B */
1568 port_group_a = (((host_no + 1) & 0x7f) << 8) +
1569 (devip->channel & 0x7f);
1570 port_group_b = (((host_no + 1) & 0x7f) << 8) +
1571 (devip->channel & 0x7f) + 0x80;
1574 * The asymmetric access state is cycled according to the host_id.
1576 n = 4;
1577 if (sdebug_vpd_use_hostno == 0) {
1578 arr[n++] = host_no % 3; /* Asymm access state */
1579 arr[n++] = 0x0F; /* claim: all states are supported */
1580 } else {
1581 arr[n++] = 0x0; /* Active/Optimized path */
1582 arr[n++] = 0x01; /* only support active/optimized paths */
1584 put_unaligned_be16(port_group_a, arr + n);
1585 n += 2;
1586 arr[n++] = 0; /* Reserved */
1587 arr[n++] = 0; /* Status code */
1588 arr[n++] = 0; /* Vendor unique */
1589 arr[n++] = 0x1; /* One port per group */
1590 arr[n++] = 0; /* Reserved */
1591 arr[n++] = 0; /* Reserved */
1592 put_unaligned_be16(port_a, arr + n);
1593 n += 2;
1594 arr[n++] = 3; /* Port unavailable */
1595 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1596 put_unaligned_be16(port_group_b, arr + n);
1597 n += 2;
1598 arr[n++] = 0; /* Reserved */
1599 arr[n++] = 0; /* Status code */
1600 arr[n++] = 0; /* Vendor unique */
1601 arr[n++] = 0x1; /* One port per group */
1602 arr[n++] = 0; /* Reserved */
1603 arr[n++] = 0; /* Reserved */
1604 put_unaligned_be16(port_b, arr + n);
1605 n += 2;
1607 rlen = n - 4;
1608 put_unaligned_be32(rlen, arr + 0);
1611 * Return the smallest value of either
1612 * - The allocated length
1613 * - The constructed command length
1614 * - The maximum array size
1616 rlen = min(alen,n);
1617 ret = fill_from_dev_buffer(scp, arr,
1618 min(rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1619 kfree(arr);
1620 return ret;
1623 static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1624 struct sdebug_dev_info *devip)
1626 bool rctd;
1627 u8 reporting_opts, req_opcode, sdeb_i, supp;
1628 u16 req_sa, u;
1629 u32 alloc_len, a_len;
1630 int k, offset, len, errsts, count, bump, na;
1631 const struct opcode_info_t *oip;
1632 const struct opcode_info_t *r_oip;
1633 u8 *arr;
1634 u8 *cmd = scp->cmnd;
1636 rctd = !!(cmd[2] & 0x80);
1637 reporting_opts = cmd[2] & 0x7;
1638 req_opcode = cmd[3];
1639 req_sa = get_unaligned_be16(cmd + 4);
1640 alloc_len = get_unaligned_be32(cmd + 6);
1641 if (alloc_len < 4 || alloc_len > 0xffff) {
1642 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1643 return check_condition_result;
1645 if (alloc_len > 8192)
1646 a_len = 8192;
1647 else
1648 a_len = alloc_len;
1649 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1650 if (NULL == arr) {
1651 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1652 INSUFF_RES_ASCQ);
1653 return check_condition_result;
1655 switch (reporting_opts) {
1656 case 0: /* all commands */
1657 /* count number of commands */
1658 for (count = 0, oip = opcode_info_arr;
1659 oip->num_attached != 0xff; ++oip) {
1660 if (F_INV_OP & oip->flags)
1661 continue;
1662 count += (oip->num_attached + 1);
1664 bump = rctd ? 20 : 8;
1665 put_unaligned_be32(count * bump, arr);
1666 for (offset = 4, oip = opcode_info_arr;
1667 oip->num_attached != 0xff && offset < a_len; ++oip) {
1668 if (F_INV_OP & oip->flags)
1669 continue;
1670 na = oip->num_attached;
1671 arr[offset] = oip->opcode;
1672 put_unaligned_be16(oip->sa, arr + offset + 2);
1673 if (rctd)
1674 arr[offset + 5] |= 0x2;
1675 if (FF_SA & oip->flags)
1676 arr[offset + 5] |= 0x1;
1677 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
1678 if (rctd)
1679 put_unaligned_be16(0xa, arr + offset + 8);
1680 r_oip = oip;
1681 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
1682 if (F_INV_OP & oip->flags)
1683 continue;
1684 offset += bump;
1685 arr[offset] = oip->opcode;
1686 put_unaligned_be16(oip->sa, arr + offset + 2);
1687 if (rctd)
1688 arr[offset + 5] |= 0x2;
1689 if (FF_SA & oip->flags)
1690 arr[offset + 5] |= 0x1;
1691 put_unaligned_be16(oip->len_mask[0],
1692 arr + offset + 6);
1693 if (rctd)
1694 put_unaligned_be16(0xa,
1695 arr + offset + 8);
1697 oip = r_oip;
1698 offset += bump;
1700 break;
1701 case 1: /* one command: opcode only */
1702 case 2: /* one command: opcode plus service action */
1703 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
1704 sdeb_i = opcode_ind_arr[req_opcode];
1705 oip = &opcode_info_arr[sdeb_i];
1706 if (F_INV_OP & oip->flags) {
1707 supp = 1;
1708 offset = 4;
1709 } else {
1710 if (1 == reporting_opts) {
1711 if (FF_SA & oip->flags) {
1712 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
1713 2, 2);
1714 kfree(arr);
1715 return check_condition_result;
1717 req_sa = 0;
1718 } else if (2 == reporting_opts &&
1719 0 == (FF_SA & oip->flags)) {
1720 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
1721 kfree(arr); /* point at requested sa */
1722 return check_condition_result;
1724 if (0 == (FF_SA & oip->flags) &&
1725 req_opcode == oip->opcode)
1726 supp = 3;
1727 else if (0 == (FF_SA & oip->flags)) {
1728 na = oip->num_attached;
1729 for (k = 0, oip = oip->arrp; k < na;
1730 ++k, ++oip) {
1731 if (req_opcode == oip->opcode)
1732 break;
1734 supp = (k >= na) ? 1 : 3;
1735 } else if (req_sa != oip->sa) {
1736 na = oip->num_attached;
1737 for (k = 0, oip = oip->arrp; k < na;
1738 ++k, ++oip) {
1739 if (req_sa == oip->sa)
1740 break;
1742 supp = (k >= na) ? 1 : 3;
1743 } else
1744 supp = 3;
1745 if (3 == supp) {
1746 u = oip->len_mask[0];
1747 put_unaligned_be16(u, arr + 2);
1748 arr[4] = oip->opcode;
1749 for (k = 1; k < u; ++k)
1750 arr[4 + k] = (k < 16) ?
1751 oip->len_mask[k] : 0xff;
1752 offset = 4 + u;
1753 } else
1754 offset = 4;
1756 arr[1] = (rctd ? 0x80 : 0) | supp;
1757 if (rctd) {
1758 put_unaligned_be16(0xa, arr + offset);
1759 offset += 12;
1761 break;
1762 default:
1763 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
1764 kfree(arr);
1765 return check_condition_result;
1767 offset = (offset < a_len) ? offset : a_len;
1768 len = (offset < alloc_len) ? offset : alloc_len;
1769 errsts = fill_from_dev_buffer(scp, arr, len);
1770 kfree(arr);
1771 return errsts;
1774 static int resp_rsup_tmfs(struct scsi_cmnd *scp,
1775 struct sdebug_dev_info *devip)
1777 bool repd;
1778 u32 alloc_len, len;
1779 u8 arr[16];
1780 u8 *cmd = scp->cmnd;
1782 memset(arr, 0, sizeof(arr));
1783 repd = !!(cmd[2] & 0x80);
1784 alloc_len = get_unaligned_be32(cmd + 6);
1785 if (alloc_len < 4) {
1786 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1787 return check_condition_result;
1789 arr[0] = 0xc8; /* ATS | ATSS | LURS */
1790 arr[1] = 0x1; /* ITNRS */
1791 if (repd) {
1792 arr[3] = 0xc;
1793 len = 16;
1794 } else
1795 len = 4;
1797 len = (len < alloc_len) ? len : alloc_len;
1798 return fill_from_dev_buffer(scp, arr, len);
1801 /* <<Following mode page info copied from ST318451LW>> */
1803 static int resp_err_recov_pg(unsigned char * p, int pcontrol, int target)
1804 { /* Read-Write Error Recovery page for mode_sense */
1805 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
1806 5, 0, 0xff, 0xff};
1808 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
1809 if (1 == pcontrol)
1810 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
1811 return sizeof(err_recov_pg);
1814 static int resp_disconnect_pg(unsigned char * p, int pcontrol, int target)
1815 { /* Disconnect-Reconnect page for mode_sense */
1816 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
1817 0, 0, 0, 0, 0, 0, 0, 0};
1819 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
1820 if (1 == pcontrol)
1821 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
1822 return sizeof(disconnect_pg);
1825 static int resp_format_pg(unsigned char * p, int pcontrol, int target)
1826 { /* Format device page for mode_sense */
1827 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
1828 0, 0, 0, 0, 0, 0, 0, 0,
1829 0, 0, 0, 0, 0x40, 0, 0, 0};
1831 memcpy(p, format_pg, sizeof(format_pg));
1832 put_unaligned_be16(sdebug_sectors_per, p + 10);
1833 put_unaligned_be16(sdebug_sector_size, p + 12);
1834 if (sdebug_removable)
1835 p[20] |= 0x20; /* should agree with INQUIRY */
1836 if (1 == pcontrol)
1837 memset(p + 2, 0, sizeof(format_pg) - 2);
1838 return sizeof(format_pg);
1841 static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1842 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
1843 0, 0, 0, 0};
1845 static int resp_caching_pg(unsigned char * p, int pcontrol, int target)
1846 { /* Caching page for mode_sense */
1847 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
1848 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1849 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1850 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
1852 if (SDEBUG_OPT_N_WCE & sdebug_opts)
1853 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
1854 memcpy(p, caching_pg, sizeof(caching_pg));
1855 if (1 == pcontrol)
1856 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
1857 else if (2 == pcontrol)
1858 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
1859 return sizeof(caching_pg);
1862 static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1863 0, 0, 0x2, 0x4b};
1865 static int resp_ctrl_m_pg(unsigned char * p, int pcontrol, int target)
1866 { /* Control mode page for mode_sense */
1867 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
1868 0, 0, 0, 0};
1869 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1870 0, 0, 0x2, 0x4b};
1872 if (sdebug_dsense)
1873 ctrl_m_pg[2] |= 0x4;
1874 else
1875 ctrl_m_pg[2] &= ~0x4;
1877 if (sdebug_ato)
1878 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
1880 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
1881 if (1 == pcontrol)
1882 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
1883 else if (2 == pcontrol)
1884 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
1885 return sizeof(ctrl_m_pg);
1889 static int resp_iec_m_pg(unsigned char * p, int pcontrol, int target)
1890 { /* Informational Exceptions control mode page for mode_sense */
1891 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
1892 0, 0, 0x0, 0x0};
1893 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1894 0, 0, 0x0, 0x0};
1896 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
1897 if (1 == pcontrol)
1898 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
1899 else if (2 == pcontrol)
1900 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
1901 return sizeof(iec_m_pg);
1904 static int resp_sas_sf_m_pg(unsigned char * p, int pcontrol, int target)
1905 { /* SAS SSP mode page - short format for mode_sense */
1906 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
1907 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
1909 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
1910 if (1 == pcontrol)
1911 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
1912 return sizeof(sas_sf_m_pg);
1916 static int resp_sas_pcd_m_spg(unsigned char * p, int pcontrol, int target,
1917 int target_dev_id)
1918 { /* SAS phy control and discover mode page for mode_sense */
1919 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
1920 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
1921 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1922 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1923 0x2, 0, 0, 0, 0, 0, 0, 0,
1924 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1925 0, 0, 0, 0, 0, 0, 0, 0,
1926 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
1927 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1928 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1929 0x3, 0, 0, 0, 0, 0, 0, 0,
1930 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1931 0, 0, 0, 0, 0, 0, 0, 0,
1933 int port_a, port_b;
1935 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
1936 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
1937 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
1938 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
1939 port_a = target_dev_id + 1;
1940 port_b = port_a + 1;
1941 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
1942 put_unaligned_be32(port_a, p + 20);
1943 put_unaligned_be32(port_b, p + 48 + 20);
1944 if (1 == pcontrol)
1945 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
1946 return sizeof(sas_pcd_m_pg);
1949 static int resp_sas_sha_m_spg(unsigned char * p, int pcontrol)
1950 { /* SAS SSP shared protocol specific port mode subpage */
1951 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
1952 0, 0, 0, 0, 0, 0, 0, 0,
1955 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
1956 if (1 == pcontrol)
1957 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
1958 return sizeof(sas_sha_m_pg);
1961 #define SDEBUG_MAX_MSENSE_SZ 256
1963 static int resp_mode_sense(struct scsi_cmnd *scp,
1964 struct sdebug_dev_info *devip)
1966 int pcontrol, pcode, subpcode, bd_len;
1967 unsigned char dev_spec;
1968 int alloc_len, offset, len, target_dev_id;
1969 int target = scp->device->id;
1970 unsigned char * ap;
1971 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
1972 unsigned char *cmd = scp->cmnd;
1973 bool dbd, llbaa, msense_6, is_disk, bad_pcode;
1975 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
1976 pcontrol = (cmd[2] & 0xc0) >> 6;
1977 pcode = cmd[2] & 0x3f;
1978 subpcode = cmd[3];
1979 msense_6 = (MODE_SENSE == cmd[0]);
1980 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
1981 is_disk = (sdebug_ptype == TYPE_DISK);
1982 if (is_disk && !dbd)
1983 bd_len = llbaa ? 16 : 8;
1984 else
1985 bd_len = 0;
1986 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
1987 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
1988 if (0x3 == pcontrol) { /* Saving values not supported */
1989 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
1990 return check_condition_result;
1992 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
1993 (devip->target * 1000) - 3;
1994 /* for disks set DPOFUA bit and clear write protect (WP) bit */
1995 if (is_disk)
1996 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
1997 else
1998 dev_spec = 0x0;
1999 if (msense_6) {
2000 arr[2] = dev_spec;
2001 arr[3] = bd_len;
2002 offset = 4;
2003 } else {
2004 arr[3] = dev_spec;
2005 if (16 == bd_len)
2006 arr[4] = 0x1; /* set LONGLBA bit */
2007 arr[7] = bd_len; /* assume 255 or less */
2008 offset = 8;
2010 ap = arr + offset;
2011 if ((bd_len > 0) && (!sdebug_capacity))
2012 sdebug_capacity = get_sdebug_capacity();
2014 if (8 == bd_len) {
2015 if (sdebug_capacity > 0xfffffffe)
2016 put_unaligned_be32(0xffffffff, ap + 0);
2017 else
2018 put_unaligned_be32(sdebug_capacity, ap + 0);
2019 put_unaligned_be16(sdebug_sector_size, ap + 6);
2020 offset += bd_len;
2021 ap = arr + offset;
2022 } else if (16 == bd_len) {
2023 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2024 put_unaligned_be32(sdebug_sector_size, ap + 12);
2025 offset += bd_len;
2026 ap = arr + offset;
2029 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2030 /* TODO: Control Extension page */
2031 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2032 return check_condition_result;
2034 bad_pcode = false;
2036 switch (pcode) {
2037 case 0x1: /* Read-Write error recovery page, direct access */
2038 len = resp_err_recov_pg(ap, pcontrol, target);
2039 offset += len;
2040 break;
2041 case 0x2: /* Disconnect-Reconnect page, all devices */
2042 len = resp_disconnect_pg(ap, pcontrol, target);
2043 offset += len;
2044 break;
2045 case 0x3: /* Format device page, direct access */
2046 if (is_disk) {
2047 len = resp_format_pg(ap, pcontrol, target);
2048 offset += len;
2049 } else
2050 bad_pcode = true;
2051 break;
2052 case 0x8: /* Caching page, direct access */
2053 if (is_disk) {
2054 len = resp_caching_pg(ap, pcontrol, target);
2055 offset += len;
2056 } else
2057 bad_pcode = true;
2058 break;
2059 case 0xa: /* Control Mode page, all devices */
2060 len = resp_ctrl_m_pg(ap, pcontrol, target);
2061 offset += len;
2062 break;
2063 case 0x19: /* if spc==1 then sas phy, control+discover */
2064 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2065 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2066 return check_condition_result;
2068 len = 0;
2069 if ((0x0 == subpcode) || (0xff == subpcode))
2070 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2071 if ((0x1 == subpcode) || (0xff == subpcode))
2072 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2073 target_dev_id);
2074 if ((0x2 == subpcode) || (0xff == subpcode))
2075 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2076 offset += len;
2077 break;
2078 case 0x1c: /* Informational Exceptions Mode page, all devices */
2079 len = resp_iec_m_pg(ap, pcontrol, target);
2080 offset += len;
2081 break;
2082 case 0x3f: /* Read all Mode pages */
2083 if ((0 == subpcode) || (0xff == subpcode)) {
2084 len = resp_err_recov_pg(ap, pcontrol, target);
2085 len += resp_disconnect_pg(ap + len, pcontrol, target);
2086 if (is_disk) {
2087 len += resp_format_pg(ap + len, pcontrol,
2088 target);
2089 len += resp_caching_pg(ap + len, pcontrol,
2090 target);
2092 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2093 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2094 if (0xff == subpcode) {
2095 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2096 target, target_dev_id);
2097 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2099 len += resp_iec_m_pg(ap + len, pcontrol, target);
2100 offset += len;
2101 } else {
2102 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2103 return check_condition_result;
2105 break;
2106 default:
2107 bad_pcode = true;
2108 break;
2110 if (bad_pcode) {
2111 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2112 return check_condition_result;
2114 if (msense_6)
2115 arr[0] = offset - 1;
2116 else
2117 put_unaligned_be16((offset - 2), arr + 0);
2118 return fill_from_dev_buffer(scp, arr, min(alloc_len, offset));
2121 #define SDEBUG_MAX_MSELECT_SZ 512
2123 static int resp_mode_select(struct scsi_cmnd *scp,
2124 struct sdebug_dev_info *devip)
2126 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2127 int param_len, res, mpage;
2128 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2129 unsigned char *cmd = scp->cmnd;
2130 int mselect6 = (MODE_SELECT == cmd[0]);
2132 memset(arr, 0, sizeof(arr));
2133 pf = cmd[1] & 0x10;
2134 sp = cmd[1] & 0x1;
2135 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2136 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2137 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2138 return check_condition_result;
2140 res = fetch_to_dev_buffer(scp, arr, param_len);
2141 if (-1 == res)
2142 return DID_ERROR << 16;
2143 else if (sdebug_verbose && (res < param_len))
2144 sdev_printk(KERN_INFO, scp->device,
2145 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2146 __func__, param_len, res);
2147 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2148 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2149 if (md_len > 2) {
2150 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2151 return check_condition_result;
2153 off = bd_len + (mselect6 ? 4 : 8);
2154 mpage = arr[off] & 0x3f;
2155 ps = !!(arr[off] & 0x80);
2156 if (ps) {
2157 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2158 return check_condition_result;
2160 spf = !!(arr[off] & 0x40);
2161 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2162 (arr[off + 1] + 2);
2163 if ((pg_len + off) > param_len) {
2164 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2165 PARAMETER_LIST_LENGTH_ERR, 0);
2166 return check_condition_result;
2168 switch (mpage) {
2169 case 0x8: /* Caching Mode page */
2170 if (caching_pg[1] == arr[off + 1]) {
2171 memcpy(caching_pg + 2, arr + off + 2,
2172 sizeof(caching_pg) - 2);
2173 goto set_mode_changed_ua;
2175 break;
2176 case 0xa: /* Control Mode page */
2177 if (ctrl_m_pg[1] == arr[off + 1]) {
2178 memcpy(ctrl_m_pg + 2, arr + off + 2,
2179 sizeof(ctrl_m_pg) - 2);
2180 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2181 goto set_mode_changed_ua;
2183 break;
2184 case 0x1c: /* Informational Exceptions Mode page */
2185 if (iec_m_pg[1] == arr[off + 1]) {
2186 memcpy(iec_m_pg + 2, arr + off + 2,
2187 sizeof(iec_m_pg) - 2);
2188 goto set_mode_changed_ua;
2190 break;
2191 default:
2192 break;
2194 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2195 return check_condition_result;
2196 set_mode_changed_ua:
2197 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2198 return 0;
2201 static int resp_temp_l_pg(unsigned char * arr)
2203 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2204 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2207 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2208 return sizeof(temp_l_pg);
2211 static int resp_ie_l_pg(unsigned char * arr)
2213 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2216 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2217 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2218 arr[4] = THRESHOLD_EXCEEDED;
2219 arr[5] = 0xff;
2221 return sizeof(ie_l_pg);
2224 #define SDEBUG_MAX_LSENSE_SZ 512
2226 static int resp_log_sense(struct scsi_cmnd * scp,
2227 struct sdebug_dev_info * devip)
2229 int ppc, sp, pcontrol, pcode, subpcode, alloc_len, len, n;
2230 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2231 unsigned char *cmd = scp->cmnd;
2233 memset(arr, 0, sizeof(arr));
2234 ppc = cmd[1] & 0x2;
2235 sp = cmd[1] & 0x1;
2236 if (ppc || sp) {
2237 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2238 return check_condition_result;
2240 pcontrol = (cmd[2] & 0xc0) >> 6;
2241 pcode = cmd[2] & 0x3f;
2242 subpcode = cmd[3] & 0xff;
2243 alloc_len = get_unaligned_be16(cmd + 7);
2244 arr[0] = pcode;
2245 if (0 == subpcode) {
2246 switch (pcode) {
2247 case 0x0: /* Supported log pages log page */
2248 n = 4;
2249 arr[n++] = 0x0; /* this page */
2250 arr[n++] = 0xd; /* Temperature */
2251 arr[n++] = 0x2f; /* Informational exceptions */
2252 arr[3] = n - 4;
2253 break;
2254 case 0xd: /* Temperature log page */
2255 arr[3] = resp_temp_l_pg(arr + 4);
2256 break;
2257 case 0x2f: /* Informational exceptions log page */
2258 arr[3] = resp_ie_l_pg(arr + 4);
2259 break;
2260 default:
2261 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2262 return check_condition_result;
2264 } else if (0xff == subpcode) {
2265 arr[0] |= 0x40;
2266 arr[1] = subpcode;
2267 switch (pcode) {
2268 case 0x0: /* Supported log pages and subpages log page */
2269 n = 4;
2270 arr[n++] = 0x0;
2271 arr[n++] = 0x0; /* 0,0 page */
2272 arr[n++] = 0x0;
2273 arr[n++] = 0xff; /* this page */
2274 arr[n++] = 0xd;
2275 arr[n++] = 0x0; /* Temperature */
2276 arr[n++] = 0x2f;
2277 arr[n++] = 0x0; /* Informational exceptions */
2278 arr[3] = n - 4;
2279 break;
2280 case 0xd: /* Temperature subpages */
2281 n = 4;
2282 arr[n++] = 0xd;
2283 arr[n++] = 0x0; /* Temperature */
2284 arr[3] = n - 4;
2285 break;
2286 case 0x2f: /* Informational exceptions subpages */
2287 n = 4;
2288 arr[n++] = 0x2f;
2289 arr[n++] = 0x0; /* Informational exceptions */
2290 arr[3] = n - 4;
2291 break;
2292 default:
2293 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2294 return check_condition_result;
2296 } else {
2297 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2298 return check_condition_result;
2300 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
2301 return fill_from_dev_buffer(scp, arr,
2302 min(len, SDEBUG_MAX_INQ_ARR_SZ));
2305 static int check_device_access_params(struct scsi_cmnd *scp,
2306 unsigned long long lba, unsigned int num)
2308 if (lba + num > sdebug_capacity) {
2309 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2310 return check_condition_result;
2312 /* transfer length excessive (tie in to block limits VPD page) */
2313 if (num > sdebug_store_sectors) {
2314 /* needs work to find which cdb byte 'num' comes from */
2315 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2316 return check_condition_result;
2318 return 0;
2321 /* Returns number of bytes copied or -1 if error. */
2322 static int do_device_access(struct scsi_cmnd *scmd, u64 lba, u32 num,
2323 bool do_write)
2325 int ret;
2326 u64 block, rest = 0;
2327 struct scsi_data_buffer *sdb;
2328 enum dma_data_direction dir;
2330 if (do_write) {
2331 sdb = scsi_out(scmd);
2332 dir = DMA_TO_DEVICE;
2333 } else {
2334 sdb = scsi_in(scmd);
2335 dir = DMA_FROM_DEVICE;
2338 if (!sdb->length)
2339 return 0;
2340 if (!(scsi_bidi_cmnd(scmd) || scmd->sc_data_direction == dir))
2341 return -1;
2343 block = do_div(lba, sdebug_store_sectors);
2344 if (block + num > sdebug_store_sectors)
2345 rest = block + num - sdebug_store_sectors;
2347 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2348 fake_storep + (block * sdebug_sector_size),
2349 (num - rest) * sdebug_sector_size, 0, do_write);
2350 if (ret != (num - rest) * sdebug_sector_size)
2351 return ret;
2353 if (rest) {
2354 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2355 fake_storep, rest * sdebug_sector_size,
2356 (num - rest) * sdebug_sector_size, do_write);
2359 return ret;
2362 /* If fake_store(lba,num) compares equal to arr(num), then copy top half of
2363 * arr into fake_store(lba,num) and return true. If comparison fails then
2364 * return false. */
2365 static bool comp_write_worker(u64 lba, u32 num, const u8 *arr)
2367 bool res;
2368 u64 block, rest = 0;
2369 u32 store_blks = sdebug_store_sectors;
2370 u32 lb_size = sdebug_sector_size;
2372 block = do_div(lba, store_blks);
2373 if (block + num > store_blks)
2374 rest = block + num - store_blks;
2376 res = !memcmp(fake_storep + (block * lb_size), arr,
2377 (num - rest) * lb_size);
2378 if (!res)
2379 return res;
2380 if (rest)
2381 res = memcmp(fake_storep, arr + ((num - rest) * lb_size),
2382 rest * lb_size);
2383 if (!res)
2384 return res;
2385 arr += num * lb_size;
2386 memcpy(fake_storep + (block * lb_size), arr, (num - rest) * lb_size);
2387 if (rest)
2388 memcpy(fake_storep, arr + ((num - rest) * lb_size),
2389 rest * lb_size);
2390 return res;
2393 static __be16 dif_compute_csum(const void *buf, int len)
2395 __be16 csum;
2397 if (sdebug_guard)
2398 csum = (__force __be16)ip_compute_csum(buf, len);
2399 else
2400 csum = cpu_to_be16(crc_t10dif(buf, len));
2402 return csum;
2405 static int dif_verify(struct sd_dif_tuple *sdt, const void *data,
2406 sector_t sector, u32 ei_lba)
2408 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
2410 if (sdt->guard_tag != csum) {
2411 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
2412 (unsigned long)sector,
2413 be16_to_cpu(sdt->guard_tag),
2414 be16_to_cpu(csum));
2415 return 0x01;
2417 if (sdebug_dif == SD_DIF_TYPE1_PROTECTION &&
2418 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
2419 pr_err("REF check failed on sector %lu\n",
2420 (unsigned long)sector);
2421 return 0x03;
2423 if (sdebug_dif == SD_DIF_TYPE2_PROTECTION &&
2424 be32_to_cpu(sdt->ref_tag) != ei_lba) {
2425 pr_err("REF check failed on sector %lu\n",
2426 (unsigned long)sector);
2427 return 0x03;
2429 return 0;
2432 static void dif_copy_prot(struct scsi_cmnd *SCpnt, sector_t sector,
2433 unsigned int sectors, bool read)
2435 size_t resid;
2436 void *paddr;
2437 const void *dif_store_end = dif_storep + sdebug_store_sectors;
2438 struct sg_mapping_iter miter;
2440 /* Bytes of protection data to copy into sgl */
2441 resid = sectors * sizeof(*dif_storep);
2443 sg_miter_start(&miter, scsi_prot_sglist(SCpnt),
2444 scsi_prot_sg_count(SCpnt), SG_MITER_ATOMIC |
2445 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
2447 while (sg_miter_next(&miter) && resid > 0) {
2448 size_t len = min(miter.length, resid);
2449 void *start = dif_store(sector);
2450 size_t rest = 0;
2452 if (dif_store_end < start + len)
2453 rest = start + len - dif_store_end;
2455 paddr = miter.addr;
2457 if (read)
2458 memcpy(paddr, start, len - rest);
2459 else
2460 memcpy(start, paddr, len - rest);
2462 if (rest) {
2463 if (read)
2464 memcpy(paddr + len - rest, dif_storep, rest);
2465 else
2466 memcpy(dif_storep, paddr + len - rest, rest);
2469 sector += len / sizeof(*dif_storep);
2470 resid -= len;
2472 sg_miter_stop(&miter);
2475 static int prot_verify_read(struct scsi_cmnd *SCpnt, sector_t start_sec,
2476 unsigned int sectors, u32 ei_lba)
2478 unsigned int i;
2479 struct sd_dif_tuple *sdt;
2480 sector_t sector;
2482 for (i = 0; i < sectors; i++, ei_lba++) {
2483 int ret;
2485 sector = start_sec + i;
2486 sdt = dif_store(sector);
2488 if (sdt->app_tag == cpu_to_be16(0xffff))
2489 continue;
2491 ret = dif_verify(sdt, fake_store(sector), sector, ei_lba);
2492 if (ret) {
2493 dif_errors++;
2494 return ret;
2498 dif_copy_prot(SCpnt, start_sec, sectors, true);
2499 dix_reads++;
2501 return 0;
2504 static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2506 u8 *cmd = scp->cmnd;
2507 struct sdebug_queued_cmd *sqcp;
2508 u64 lba;
2509 u32 num;
2510 u32 ei_lba;
2511 unsigned long iflags;
2512 int ret;
2513 bool check_prot;
2515 switch (cmd[0]) {
2516 case READ_16:
2517 ei_lba = 0;
2518 lba = get_unaligned_be64(cmd + 2);
2519 num = get_unaligned_be32(cmd + 10);
2520 check_prot = true;
2521 break;
2522 case READ_10:
2523 ei_lba = 0;
2524 lba = get_unaligned_be32(cmd + 2);
2525 num = get_unaligned_be16(cmd + 7);
2526 check_prot = true;
2527 break;
2528 case READ_6:
2529 ei_lba = 0;
2530 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2531 (u32)(cmd[1] & 0x1f) << 16;
2532 num = (0 == cmd[4]) ? 256 : cmd[4];
2533 check_prot = true;
2534 break;
2535 case READ_12:
2536 ei_lba = 0;
2537 lba = get_unaligned_be32(cmd + 2);
2538 num = get_unaligned_be32(cmd + 6);
2539 check_prot = true;
2540 break;
2541 case XDWRITEREAD_10:
2542 ei_lba = 0;
2543 lba = get_unaligned_be32(cmd + 2);
2544 num = get_unaligned_be16(cmd + 7);
2545 check_prot = false;
2546 break;
2547 default: /* assume READ(32) */
2548 lba = get_unaligned_be64(cmd + 12);
2549 ei_lba = get_unaligned_be32(cmd + 20);
2550 num = get_unaligned_be32(cmd + 28);
2551 check_prot = false;
2552 break;
2554 if (unlikely(have_dif_prot && check_prot)) {
2555 if (sdebug_dif == SD_DIF_TYPE2_PROTECTION &&
2556 (cmd[1] & 0xe0)) {
2557 mk_sense_invalid_opcode(scp);
2558 return check_condition_result;
2560 if ((sdebug_dif == SD_DIF_TYPE1_PROTECTION ||
2561 sdebug_dif == SD_DIF_TYPE3_PROTECTION) &&
2562 (cmd[1] & 0xe0) == 0)
2563 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
2564 "to DIF device\n");
2566 if (unlikely(sdebug_any_injecting_opt)) {
2567 sqcp = (struct sdebug_queued_cmd *)scp->host_scribble;
2569 if (sqcp) {
2570 if (sqcp->inj_short)
2571 num /= 2;
2573 } else
2574 sqcp = NULL;
2576 /* inline check_device_access_params() */
2577 if (unlikely(lba + num > sdebug_capacity)) {
2578 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2579 return check_condition_result;
2581 /* transfer length excessive (tie in to block limits VPD page) */
2582 if (unlikely(num > sdebug_store_sectors)) {
2583 /* needs work to find which cdb byte 'num' comes from */
2584 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2585 return check_condition_result;
2588 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
2589 (lba <= (OPT_MEDIUM_ERR_ADDR + OPT_MEDIUM_ERR_NUM - 1)) &&
2590 ((lba + num) > OPT_MEDIUM_ERR_ADDR))) {
2591 /* claim unrecoverable read error */
2592 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
2593 /* set info field and valid bit for fixed descriptor */
2594 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
2595 scp->sense_buffer[0] |= 0x80; /* Valid bit */
2596 ret = (lba < OPT_MEDIUM_ERR_ADDR)
2597 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
2598 put_unaligned_be32(ret, scp->sense_buffer + 3);
2600 scsi_set_resid(scp, scsi_bufflen(scp));
2601 return check_condition_result;
2604 read_lock_irqsave(&atomic_rw, iflags);
2606 /* DIX + T10 DIF */
2607 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2608 int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
2610 if (prot_ret) {
2611 read_unlock_irqrestore(&atomic_rw, iflags);
2612 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
2613 return illegal_condition_result;
2617 ret = do_device_access(scp, lba, num, false);
2618 read_unlock_irqrestore(&atomic_rw, iflags);
2619 if (unlikely(ret == -1))
2620 return DID_ERROR << 16;
2622 scsi_in(scp)->resid = scsi_bufflen(scp) - ret;
2624 if (unlikely(sqcp)) {
2625 if (sqcp->inj_recovered) {
2626 mk_sense_buffer(scp, RECOVERED_ERROR,
2627 THRESHOLD_EXCEEDED, 0);
2628 return check_condition_result;
2629 } else if (sqcp->inj_transport) {
2630 mk_sense_buffer(scp, ABORTED_COMMAND,
2631 TRANSPORT_PROBLEM, ACK_NAK_TO);
2632 return check_condition_result;
2633 } else if (sqcp->inj_dif) {
2634 /* Logical block guard check failed */
2635 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2636 return illegal_condition_result;
2637 } else if (sqcp->inj_dix) {
2638 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2639 return illegal_condition_result;
2642 return 0;
2645 static void dump_sector(unsigned char *buf, int len)
2647 int i, j, n;
2649 pr_err(">>> Sector Dump <<<\n");
2650 for (i = 0 ; i < len ; i += 16) {
2651 char b[128];
2653 for (j = 0, n = 0; j < 16; j++) {
2654 unsigned char c = buf[i+j];
2656 if (c >= 0x20 && c < 0x7e)
2657 n += scnprintf(b + n, sizeof(b) - n,
2658 " %c ", buf[i+j]);
2659 else
2660 n += scnprintf(b + n, sizeof(b) - n,
2661 "%02x ", buf[i+j]);
2663 pr_err("%04d: %s\n", i, b);
2667 static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
2668 unsigned int sectors, u32 ei_lba)
2670 int ret;
2671 struct sd_dif_tuple *sdt;
2672 void *daddr;
2673 sector_t sector = start_sec;
2674 int ppage_offset;
2675 int dpage_offset;
2676 struct sg_mapping_iter diter;
2677 struct sg_mapping_iter piter;
2679 BUG_ON(scsi_sg_count(SCpnt) == 0);
2680 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
2682 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
2683 scsi_prot_sg_count(SCpnt),
2684 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2685 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
2686 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2688 /* For each protection page */
2689 while (sg_miter_next(&piter)) {
2690 dpage_offset = 0;
2691 if (WARN_ON(!sg_miter_next(&diter))) {
2692 ret = 0x01;
2693 goto out;
2696 for (ppage_offset = 0; ppage_offset < piter.length;
2697 ppage_offset += sizeof(struct sd_dif_tuple)) {
2698 /* If we're at the end of the current
2699 * data page advance to the next one
2701 if (dpage_offset >= diter.length) {
2702 if (WARN_ON(!sg_miter_next(&diter))) {
2703 ret = 0x01;
2704 goto out;
2706 dpage_offset = 0;
2709 sdt = piter.addr + ppage_offset;
2710 daddr = diter.addr + dpage_offset;
2712 ret = dif_verify(sdt, daddr, sector, ei_lba);
2713 if (ret) {
2714 dump_sector(daddr, sdebug_sector_size);
2715 goto out;
2718 sector++;
2719 ei_lba++;
2720 dpage_offset += sdebug_sector_size;
2722 diter.consumed = dpage_offset;
2723 sg_miter_stop(&diter);
2725 sg_miter_stop(&piter);
2727 dif_copy_prot(SCpnt, start_sec, sectors, false);
2728 dix_writes++;
2730 return 0;
2732 out:
2733 dif_errors++;
2734 sg_miter_stop(&diter);
2735 sg_miter_stop(&piter);
2736 return ret;
2739 static unsigned long lba_to_map_index(sector_t lba)
2741 if (sdebug_unmap_alignment)
2742 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
2743 sector_div(lba, sdebug_unmap_granularity);
2744 return lba;
2747 static sector_t map_index_to_lba(unsigned long index)
2749 sector_t lba = index * sdebug_unmap_granularity;
2751 if (sdebug_unmap_alignment)
2752 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
2753 return lba;
2756 static unsigned int map_state(sector_t lba, unsigned int *num)
2758 sector_t end;
2759 unsigned int mapped;
2760 unsigned long index;
2761 unsigned long next;
2763 index = lba_to_map_index(lba);
2764 mapped = test_bit(index, map_storep);
2766 if (mapped)
2767 next = find_next_zero_bit(map_storep, map_size, index);
2768 else
2769 next = find_next_bit(map_storep, map_size, index);
2771 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
2772 *num = end - lba;
2773 return mapped;
2776 static void map_region(sector_t lba, unsigned int len)
2778 sector_t end = lba + len;
2780 while (lba < end) {
2781 unsigned long index = lba_to_map_index(lba);
2783 if (index < map_size)
2784 set_bit(index, map_storep);
2786 lba = map_index_to_lba(index + 1);
2790 static void unmap_region(sector_t lba, unsigned int len)
2792 sector_t end = lba + len;
2794 while (lba < end) {
2795 unsigned long index = lba_to_map_index(lba);
2797 if (lba == map_index_to_lba(index) &&
2798 lba + sdebug_unmap_granularity <= end &&
2799 index < map_size) {
2800 clear_bit(index, map_storep);
2801 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
2802 memset(fake_storep +
2803 lba * sdebug_sector_size,
2804 (sdebug_lbprz & 1) ? 0 : 0xff,
2805 sdebug_sector_size *
2806 sdebug_unmap_granularity);
2808 if (dif_storep) {
2809 memset(dif_storep + lba, 0xff,
2810 sizeof(*dif_storep) *
2811 sdebug_unmap_granularity);
2814 lba = map_index_to_lba(index + 1);
2818 static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2820 u8 *cmd = scp->cmnd;
2821 u64 lba;
2822 u32 num;
2823 u32 ei_lba;
2824 unsigned long iflags;
2825 int ret;
2826 bool check_prot;
2828 switch (cmd[0]) {
2829 case WRITE_16:
2830 ei_lba = 0;
2831 lba = get_unaligned_be64(cmd + 2);
2832 num = get_unaligned_be32(cmd + 10);
2833 check_prot = true;
2834 break;
2835 case WRITE_10:
2836 ei_lba = 0;
2837 lba = get_unaligned_be32(cmd + 2);
2838 num = get_unaligned_be16(cmd + 7);
2839 check_prot = true;
2840 break;
2841 case WRITE_6:
2842 ei_lba = 0;
2843 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2844 (u32)(cmd[1] & 0x1f) << 16;
2845 num = (0 == cmd[4]) ? 256 : cmd[4];
2846 check_prot = true;
2847 break;
2848 case WRITE_12:
2849 ei_lba = 0;
2850 lba = get_unaligned_be32(cmd + 2);
2851 num = get_unaligned_be32(cmd + 6);
2852 check_prot = true;
2853 break;
2854 case 0x53: /* XDWRITEREAD(10) */
2855 ei_lba = 0;
2856 lba = get_unaligned_be32(cmd + 2);
2857 num = get_unaligned_be16(cmd + 7);
2858 check_prot = false;
2859 break;
2860 default: /* assume WRITE(32) */
2861 lba = get_unaligned_be64(cmd + 12);
2862 ei_lba = get_unaligned_be32(cmd + 20);
2863 num = get_unaligned_be32(cmd + 28);
2864 check_prot = false;
2865 break;
2867 if (unlikely(have_dif_prot && check_prot)) {
2868 if (sdebug_dif == SD_DIF_TYPE2_PROTECTION &&
2869 (cmd[1] & 0xe0)) {
2870 mk_sense_invalid_opcode(scp);
2871 return check_condition_result;
2873 if ((sdebug_dif == SD_DIF_TYPE1_PROTECTION ||
2874 sdebug_dif == SD_DIF_TYPE3_PROTECTION) &&
2875 (cmd[1] & 0xe0) == 0)
2876 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
2877 "to DIF device\n");
2880 /* inline check_device_access_params() */
2881 if (unlikely(lba + num > sdebug_capacity)) {
2882 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2883 return check_condition_result;
2885 /* transfer length excessive (tie in to block limits VPD page) */
2886 if (unlikely(num > sdebug_store_sectors)) {
2887 /* needs work to find which cdb byte 'num' comes from */
2888 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2889 return check_condition_result;
2892 write_lock_irqsave(&atomic_rw, iflags);
2894 /* DIX + T10 DIF */
2895 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2896 int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
2898 if (prot_ret) {
2899 write_unlock_irqrestore(&atomic_rw, iflags);
2900 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
2901 return illegal_condition_result;
2905 ret = do_device_access(scp, lba, num, true);
2906 if (unlikely(scsi_debug_lbp()))
2907 map_region(lba, num);
2908 write_unlock_irqrestore(&atomic_rw, iflags);
2909 if (unlikely(-1 == ret))
2910 return DID_ERROR << 16;
2911 else if (unlikely(sdebug_verbose &&
2912 (ret < (num * sdebug_sector_size))))
2913 sdev_printk(KERN_INFO, scp->device,
2914 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
2915 my_name, num * sdebug_sector_size, ret);
2917 if (unlikely(sdebug_any_injecting_opt)) {
2918 struct sdebug_queued_cmd *sqcp =
2919 (struct sdebug_queued_cmd *)scp->host_scribble;
2921 if (sqcp) {
2922 if (sqcp->inj_recovered) {
2923 mk_sense_buffer(scp, RECOVERED_ERROR,
2924 THRESHOLD_EXCEEDED, 0);
2925 return check_condition_result;
2926 } else if (sqcp->inj_dif) {
2927 /* Logical block guard check failed */
2928 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2929 return illegal_condition_result;
2930 } else if (sqcp->inj_dix) {
2931 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2932 return illegal_condition_result;
2936 return 0;
2939 static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
2940 u32 ei_lba, bool unmap, bool ndob)
2942 unsigned long iflags;
2943 unsigned long long i;
2944 int ret;
2945 u64 lba_off;
2947 ret = check_device_access_params(scp, lba, num);
2948 if (ret)
2949 return ret;
2951 write_lock_irqsave(&atomic_rw, iflags);
2953 if (unmap && scsi_debug_lbp()) {
2954 unmap_region(lba, num);
2955 goto out;
2958 lba_off = lba * sdebug_sector_size;
2959 /* if ndob then zero 1 logical block, else fetch 1 logical block */
2960 if (ndob) {
2961 memset(fake_storep + lba_off, 0, sdebug_sector_size);
2962 ret = 0;
2963 } else
2964 ret = fetch_to_dev_buffer(scp, fake_storep + lba_off,
2965 sdebug_sector_size);
2967 if (-1 == ret) {
2968 write_unlock_irqrestore(&atomic_rw, iflags);
2969 return DID_ERROR << 16;
2970 } else if (sdebug_verbose && (ret < (num * sdebug_sector_size)))
2971 sdev_printk(KERN_INFO, scp->device,
2972 "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
2973 my_name, "write same",
2974 num * sdebug_sector_size, ret);
2976 /* Copy first sector to remaining blocks */
2977 for (i = 1 ; i < num ; i++)
2978 memcpy(fake_storep + ((lba + i) * sdebug_sector_size),
2979 fake_storep + lba_off,
2980 sdebug_sector_size);
2982 if (scsi_debug_lbp())
2983 map_region(lba, num);
2984 out:
2985 write_unlock_irqrestore(&atomic_rw, iflags);
2987 return 0;
2990 static int resp_write_same_10(struct scsi_cmnd *scp,
2991 struct sdebug_dev_info *devip)
2993 u8 *cmd = scp->cmnd;
2994 u32 lba;
2995 u16 num;
2996 u32 ei_lba = 0;
2997 bool unmap = false;
2999 if (cmd[1] & 0x8) {
3000 if (sdebug_lbpws10 == 0) {
3001 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3002 return check_condition_result;
3003 } else
3004 unmap = true;
3006 lba = get_unaligned_be32(cmd + 2);
3007 num = get_unaligned_be16(cmd + 7);
3008 if (num > sdebug_write_same_length) {
3009 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3010 return check_condition_result;
3012 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3015 static int resp_write_same_16(struct scsi_cmnd *scp,
3016 struct sdebug_dev_info *devip)
3018 u8 *cmd = scp->cmnd;
3019 u64 lba;
3020 u32 num;
3021 u32 ei_lba = 0;
3022 bool unmap = false;
3023 bool ndob = false;
3025 if (cmd[1] & 0x8) { /* UNMAP */
3026 if (sdebug_lbpws == 0) {
3027 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3028 return check_condition_result;
3029 } else
3030 unmap = true;
3032 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
3033 ndob = true;
3034 lba = get_unaligned_be64(cmd + 2);
3035 num = get_unaligned_be32(cmd + 10);
3036 if (num > sdebug_write_same_length) {
3037 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3038 return check_condition_result;
3040 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3043 /* Note the mode field is in the same position as the (lower) service action
3044 * field. For the Report supported operation codes command, SPC-4 suggests
3045 * each mode of this command should be reported separately; for future. */
3046 static int resp_write_buffer(struct scsi_cmnd *scp,
3047 struct sdebug_dev_info *devip)
3049 u8 *cmd = scp->cmnd;
3050 struct scsi_device *sdp = scp->device;
3051 struct sdebug_dev_info *dp;
3052 u8 mode;
3054 mode = cmd[1] & 0x1f;
3055 switch (mode) {
3056 case 0x4: /* download microcode (MC) and activate (ACT) */
3057 /* set UAs on this device only */
3058 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3059 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3060 break;
3061 case 0x5: /* download MC, save and ACT */
3062 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3063 break;
3064 case 0x6: /* download MC with offsets and ACT */
3065 /* set UAs on most devices (LUs) in this target */
3066 list_for_each_entry(dp,
3067 &devip->sdbg_host->dev_info_list,
3068 dev_list)
3069 if (dp->target == sdp->id) {
3070 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3071 if (devip != dp)
3072 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3073 dp->uas_bm);
3075 break;
3076 case 0x7: /* download MC with offsets, save, and ACT */
3077 /* set UA on all devices (LUs) in this target */
3078 list_for_each_entry(dp,
3079 &devip->sdbg_host->dev_info_list,
3080 dev_list)
3081 if (dp->target == sdp->id)
3082 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3083 dp->uas_bm);
3084 break;
3085 default:
3086 /* do nothing for this command for other mode values */
3087 break;
3089 return 0;
3092 static int resp_comp_write(struct scsi_cmnd *scp,
3093 struct sdebug_dev_info *devip)
3095 u8 *cmd = scp->cmnd;
3096 u8 *arr;
3097 u8 *fake_storep_hold;
3098 u64 lba;
3099 u32 dnum;
3100 u32 lb_size = sdebug_sector_size;
3101 u8 num;
3102 unsigned long iflags;
3103 int ret;
3104 int retval = 0;
3106 lba = get_unaligned_be64(cmd + 2);
3107 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
3108 if (0 == num)
3109 return 0; /* degenerate case, not an error */
3110 if (sdebug_dif == SD_DIF_TYPE2_PROTECTION &&
3111 (cmd[1] & 0xe0)) {
3112 mk_sense_invalid_opcode(scp);
3113 return check_condition_result;
3115 if ((sdebug_dif == SD_DIF_TYPE1_PROTECTION ||
3116 sdebug_dif == SD_DIF_TYPE3_PROTECTION) &&
3117 (cmd[1] & 0xe0) == 0)
3118 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3119 "to DIF device\n");
3121 /* inline check_device_access_params() */
3122 if (lba + num > sdebug_capacity) {
3123 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3124 return check_condition_result;
3126 /* transfer length excessive (tie in to block limits VPD page) */
3127 if (num > sdebug_store_sectors) {
3128 /* needs work to find which cdb byte 'num' comes from */
3129 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3130 return check_condition_result;
3132 dnum = 2 * num;
3133 arr = kzalloc(dnum * lb_size, GFP_ATOMIC);
3134 if (NULL == arr) {
3135 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3136 INSUFF_RES_ASCQ);
3137 return check_condition_result;
3140 write_lock_irqsave(&atomic_rw, iflags);
3142 /* trick do_device_access() to fetch both compare and write buffers
3143 * from data-in into arr. Safe (atomic) since write_lock held. */
3144 fake_storep_hold = fake_storep;
3145 fake_storep = arr;
3146 ret = do_device_access(scp, 0, dnum, true);
3147 fake_storep = fake_storep_hold;
3148 if (ret == -1) {
3149 retval = DID_ERROR << 16;
3150 goto cleanup;
3151 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3152 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3153 "indicated=%u, IO sent=%d bytes\n", my_name,
3154 dnum * lb_size, ret);
3155 if (!comp_write_worker(lba, num, arr)) {
3156 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3157 retval = check_condition_result;
3158 goto cleanup;
3160 if (scsi_debug_lbp())
3161 map_region(lba, num);
3162 cleanup:
3163 write_unlock_irqrestore(&atomic_rw, iflags);
3164 kfree(arr);
3165 return retval;
3168 struct unmap_block_desc {
3169 __be64 lba;
3170 __be32 blocks;
3171 __be32 __reserved;
3174 static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3176 unsigned char *buf;
3177 struct unmap_block_desc *desc;
3178 unsigned int i, payload_len, descriptors;
3179 int ret;
3180 unsigned long iflags;
3183 if (!scsi_debug_lbp())
3184 return 0; /* fib and say its done */
3185 payload_len = get_unaligned_be16(scp->cmnd + 7);
3186 BUG_ON(scsi_bufflen(scp) != payload_len);
3188 descriptors = (payload_len - 8) / 16;
3189 if (descriptors > sdebug_unmap_max_desc) {
3190 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3191 return check_condition_result;
3194 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3195 if (!buf) {
3196 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3197 INSUFF_RES_ASCQ);
3198 return check_condition_result;
3201 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3203 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3204 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3206 desc = (void *)&buf[8];
3208 write_lock_irqsave(&atomic_rw, iflags);
3210 for (i = 0 ; i < descriptors ; i++) {
3211 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3212 unsigned int num = get_unaligned_be32(&desc[i].blocks);
3214 ret = check_device_access_params(scp, lba, num);
3215 if (ret)
3216 goto out;
3218 unmap_region(lba, num);
3221 ret = 0;
3223 out:
3224 write_unlock_irqrestore(&atomic_rw, iflags);
3225 kfree(buf);
3227 return ret;
3230 #define SDEBUG_GET_LBA_STATUS_LEN 32
3232 static int resp_get_lba_status(struct scsi_cmnd *scp,
3233 struct sdebug_dev_info *devip)
3235 u8 *cmd = scp->cmnd;
3236 u64 lba;
3237 u32 alloc_len, mapped, num;
3238 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3239 int ret;
3241 lba = get_unaligned_be64(cmd + 2);
3242 alloc_len = get_unaligned_be32(cmd + 10);
3244 if (alloc_len < 24)
3245 return 0;
3247 ret = check_device_access_params(scp, lba, 1);
3248 if (ret)
3249 return ret;
3251 if (scsi_debug_lbp())
3252 mapped = map_state(lba, &num);
3253 else {
3254 mapped = 1;
3255 /* following just in case virtual_gb changed */
3256 sdebug_capacity = get_sdebug_capacity();
3257 if (sdebug_capacity - lba <= 0xffffffff)
3258 num = sdebug_capacity - lba;
3259 else
3260 num = 0xffffffff;
3263 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
3264 put_unaligned_be32(20, arr); /* Parameter Data Length */
3265 put_unaligned_be64(lba, arr + 8); /* LBA */
3266 put_unaligned_be32(num, arr + 16); /* Number of blocks */
3267 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
3269 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
3272 /* Even though each pseudo target has a REPORT LUNS "well known logical unit"
3273 * (W-LUN), the normal Linux scanning logic does not associate it with a
3274 * device (e.g. /dev/sg7). The following magic will make that association:
3275 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
3276 * where <n> is a host number. If there are multiple targets in a host then
3277 * the above will associate a W-LUN to each target. To only get a W-LUN
3278 * for target 2, then use "echo '- 2 49409' > scan" .
3280 static int resp_report_luns(struct scsi_cmnd *scp,
3281 struct sdebug_dev_info *devip)
3283 unsigned char *cmd = scp->cmnd;
3284 unsigned int alloc_len;
3285 unsigned char select_report;
3286 u64 lun;
3287 struct scsi_lun *lun_p;
3288 u8 *arr;
3289 unsigned int lun_cnt; /* normal LUN count (max: 256) */
3290 unsigned int wlun_cnt; /* report luns W-LUN count */
3291 unsigned int tlun_cnt; /* total LUN count */
3292 unsigned int rlen; /* response length (in bytes) */
3293 int i, res;
3295 clear_luns_changed_on_target(devip);
3297 select_report = cmd[2];
3298 alloc_len = get_unaligned_be32(cmd + 6);
3300 if (alloc_len < 4) {
3301 pr_err("alloc len too small %d\n", alloc_len);
3302 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
3303 return check_condition_result;
3306 switch (select_report) {
3307 case 0: /* all LUNs apart from W-LUNs */
3308 lun_cnt = sdebug_max_luns;
3309 wlun_cnt = 0;
3310 break;
3311 case 1: /* only W-LUNs */
3312 lun_cnt = 0;
3313 wlun_cnt = 1;
3314 break;
3315 case 2: /* all LUNs */
3316 lun_cnt = sdebug_max_luns;
3317 wlun_cnt = 1;
3318 break;
3319 case 0x10: /* only administrative LUs */
3320 case 0x11: /* see SPC-5 */
3321 case 0x12: /* only subsiduary LUs owned by referenced LU */
3322 default:
3323 pr_debug("select report invalid %d\n", select_report);
3324 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
3325 return check_condition_result;
3328 if (sdebug_no_lun_0 && (lun_cnt > 0))
3329 --lun_cnt;
3331 tlun_cnt = lun_cnt + wlun_cnt;
3333 rlen = (tlun_cnt * sizeof(struct scsi_lun)) + 8;
3334 arr = vmalloc(rlen);
3335 if (!arr) {
3336 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3337 INSUFF_RES_ASCQ);
3338 return check_condition_result;
3340 memset(arr, 0, rlen);
3341 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
3342 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
3344 /* luns start at byte 8 in response following the header */
3345 lun_p = (struct scsi_lun *)&arr[8];
3347 /* LUNs use single level peripheral device addressing method */
3348 lun = sdebug_no_lun_0 ? 1 : 0;
3349 for (i = 0; i < lun_cnt; i++)
3350 int_to_scsilun(lun++, lun_p++);
3352 if (wlun_cnt)
3353 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p++);
3355 put_unaligned_be32(rlen - 8, &arr[0]);
3357 res = fill_from_dev_buffer(scp, arr, rlen);
3358 vfree(arr);
3359 return res;
3362 static int resp_xdwriteread(struct scsi_cmnd *scp, unsigned long long lba,
3363 unsigned int num, struct sdebug_dev_info *devip)
3365 int j;
3366 unsigned char *kaddr, *buf;
3367 unsigned int offset;
3368 struct scsi_data_buffer *sdb = scsi_in(scp);
3369 struct sg_mapping_iter miter;
3371 /* better not to use temporary buffer. */
3372 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3373 if (!buf) {
3374 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3375 INSUFF_RES_ASCQ);
3376 return check_condition_result;
3379 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3381 offset = 0;
3382 sg_miter_start(&miter, sdb->table.sgl, sdb->table.nents,
3383 SG_MITER_ATOMIC | SG_MITER_TO_SG);
3385 while (sg_miter_next(&miter)) {
3386 kaddr = miter.addr;
3387 for (j = 0; j < miter.length; j++)
3388 *(kaddr + j) ^= *(buf + offset + j);
3390 offset += miter.length;
3392 sg_miter_stop(&miter);
3393 kfree(buf);
3395 return 0;
3398 static int resp_xdwriteread_10(struct scsi_cmnd *scp,
3399 struct sdebug_dev_info *devip)
3401 u8 *cmd = scp->cmnd;
3402 u64 lba;
3403 u32 num;
3404 int errsts;
3406 if (!scsi_bidi_cmnd(scp)) {
3407 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3408 INSUFF_RES_ASCQ);
3409 return check_condition_result;
3411 errsts = resp_read_dt0(scp, devip);
3412 if (errsts)
3413 return errsts;
3414 if (!(cmd[1] & 0x4)) { /* DISABLE_WRITE is not set */
3415 errsts = resp_write_dt0(scp, devip);
3416 if (errsts)
3417 return errsts;
3419 lba = get_unaligned_be32(cmd + 2);
3420 num = get_unaligned_be16(cmd + 7);
3421 return resp_xdwriteread(scp, lba, num, devip);
3424 static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
3426 struct sdebug_queue *sqp = sdebug_q_arr;
3428 if (sdebug_mq_active) {
3429 u32 tag = blk_mq_unique_tag(cmnd->request);
3430 u16 hwq = blk_mq_unique_tag_to_hwq(tag);
3432 if (unlikely(hwq >= submit_queues)) {
3433 pr_warn("Unexpected hwq=%d, apply modulo\n", hwq);
3434 hwq %= submit_queues;
3436 pr_debug("tag=%u, hwq=%d\n", tag, hwq);
3437 return sqp + hwq;
3438 } else
3439 return sqp;
3442 /* Queued (deferred) command completions converge here. */
3443 static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
3445 int qc_idx;
3446 int retiring = 0;
3447 unsigned long iflags;
3448 struct sdebug_queue *sqp;
3449 struct sdebug_queued_cmd *sqcp;
3450 struct scsi_cmnd *scp;
3451 struct sdebug_dev_info *devip;
3453 qc_idx = sd_dp->qc_idx;
3454 sqp = sdebug_q_arr + sd_dp->sqa_idx;
3455 if (sdebug_statistics) {
3456 atomic_inc(&sdebug_completions);
3457 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
3458 atomic_inc(&sdebug_miss_cpus);
3460 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
3461 pr_err("wild qc_idx=%d\n", qc_idx);
3462 return;
3464 spin_lock_irqsave(&sqp->qc_lock, iflags);
3465 sqcp = &sqp->qc_arr[qc_idx];
3466 scp = sqcp->a_cmnd;
3467 if (unlikely(scp == NULL)) {
3468 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3469 pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d\n",
3470 sd_dp->sqa_idx, qc_idx);
3471 return;
3473 devip = (struct sdebug_dev_info *)scp->device->hostdata;
3474 if (likely(devip))
3475 atomic_dec(&devip->num_in_q);
3476 else
3477 pr_err("devip=NULL\n");
3478 if (unlikely(atomic_read(&retired_max_queue) > 0))
3479 retiring = 1;
3481 sqcp->a_cmnd = NULL;
3482 if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
3483 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3484 pr_err("Unexpected completion\n");
3485 return;
3488 if (unlikely(retiring)) { /* user has reduced max_queue */
3489 int k, retval;
3491 retval = atomic_read(&retired_max_queue);
3492 if (qc_idx >= retval) {
3493 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3494 pr_err("index %d too large\n", retval);
3495 return;
3497 k = find_last_bit(sqp->in_use_bm, retval);
3498 if ((k < sdebug_max_queue) || (k == retval))
3499 atomic_set(&retired_max_queue, 0);
3500 else
3501 atomic_set(&retired_max_queue, k + 1);
3503 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3504 scp->scsi_done(scp); /* callback to mid level */
3507 /* When high resolution timer goes off this function is called. */
3508 static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
3510 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
3511 hrt);
3512 sdebug_q_cmd_complete(sd_dp);
3513 return HRTIMER_NORESTART;
3516 /* When work queue schedules work, it calls this function. */
3517 static void sdebug_q_cmd_wq_complete(struct work_struct *work)
3519 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
3520 ew.work);
3521 sdebug_q_cmd_complete(sd_dp);
3524 static bool got_shared_uuid;
3525 static uuid_be shared_uuid;
3527 static struct sdebug_dev_info *sdebug_device_create(
3528 struct sdebug_host_info *sdbg_host, gfp_t flags)
3530 struct sdebug_dev_info *devip;
3532 devip = kzalloc(sizeof(*devip), flags);
3533 if (devip) {
3534 if (sdebug_uuid_ctl == 1)
3535 uuid_be_gen(&devip->lu_name);
3536 else if (sdebug_uuid_ctl == 2) {
3537 if (got_shared_uuid)
3538 devip->lu_name = shared_uuid;
3539 else {
3540 uuid_be_gen(&shared_uuid);
3541 got_shared_uuid = true;
3542 devip->lu_name = shared_uuid;
3545 devip->sdbg_host = sdbg_host;
3546 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
3548 return devip;
3551 static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
3553 struct sdebug_host_info *sdbg_host;
3554 struct sdebug_dev_info *open_devip = NULL;
3555 struct sdebug_dev_info *devip;
3557 sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
3558 if (!sdbg_host) {
3559 pr_err("Host info NULL\n");
3560 return NULL;
3562 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
3563 if ((devip->used) && (devip->channel == sdev->channel) &&
3564 (devip->target == sdev->id) &&
3565 (devip->lun == sdev->lun))
3566 return devip;
3567 else {
3568 if ((!devip->used) && (!open_devip))
3569 open_devip = devip;
3572 if (!open_devip) { /* try and make a new one */
3573 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
3574 if (!open_devip) {
3575 pr_err("out of memory at line %d\n", __LINE__);
3576 return NULL;
3580 open_devip->channel = sdev->channel;
3581 open_devip->target = sdev->id;
3582 open_devip->lun = sdev->lun;
3583 open_devip->sdbg_host = sdbg_host;
3584 atomic_set(&open_devip->num_in_q, 0);
3585 set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
3586 open_devip->used = true;
3587 return open_devip;
3590 static int scsi_debug_slave_alloc(struct scsi_device *sdp)
3592 if (sdebug_verbose)
3593 pr_info("slave_alloc <%u %u %u %llu>\n",
3594 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3595 queue_flag_set_unlocked(QUEUE_FLAG_BIDI, sdp->request_queue);
3596 return 0;
3599 static int scsi_debug_slave_configure(struct scsi_device *sdp)
3601 struct sdebug_dev_info *devip =
3602 (struct sdebug_dev_info *)sdp->hostdata;
3604 if (sdebug_verbose)
3605 pr_info("slave_configure <%u %u %u %llu>\n",
3606 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3607 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
3608 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
3609 if (devip == NULL) {
3610 devip = find_build_dev_info(sdp);
3611 if (devip == NULL)
3612 return 1; /* no resources, will be marked offline */
3614 sdp->hostdata = devip;
3615 blk_queue_max_segment_size(sdp->request_queue, -1U);
3616 if (sdebug_no_uld)
3617 sdp->no_uld_attach = 1;
3618 return 0;
3621 static void scsi_debug_slave_destroy(struct scsi_device *sdp)
3623 struct sdebug_dev_info *devip =
3624 (struct sdebug_dev_info *)sdp->hostdata;
3626 if (sdebug_verbose)
3627 pr_info("slave_destroy <%u %u %u %llu>\n",
3628 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3629 if (devip) {
3630 /* make this slot available for re-use */
3631 devip->used = false;
3632 sdp->hostdata = NULL;
3636 static void stop_qc_helper(struct sdebug_defer *sd_dp)
3638 if (!sd_dp)
3639 return;
3640 if ((sdebug_jdelay > 0) || (sdebug_ndelay > 0))
3641 hrtimer_cancel(&sd_dp->hrt);
3642 else if (sdebug_jdelay < 0)
3643 cancel_work_sync(&sd_dp->ew.work);
3646 /* If @cmnd found deletes its timer or work queue and returns true; else
3647 returns false */
3648 static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
3650 unsigned long iflags;
3651 int j, k, qmax, r_qmax;
3652 struct sdebug_queue *sqp;
3653 struct sdebug_queued_cmd *sqcp;
3654 struct sdebug_dev_info *devip;
3655 struct sdebug_defer *sd_dp;
3657 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3658 spin_lock_irqsave(&sqp->qc_lock, iflags);
3659 qmax = sdebug_max_queue;
3660 r_qmax = atomic_read(&retired_max_queue);
3661 if (r_qmax > qmax)
3662 qmax = r_qmax;
3663 for (k = 0; k < qmax; ++k) {
3664 if (test_bit(k, sqp->in_use_bm)) {
3665 sqcp = &sqp->qc_arr[k];
3666 if (cmnd != sqcp->a_cmnd)
3667 continue;
3668 /* found */
3669 devip = (struct sdebug_dev_info *)
3670 cmnd->device->hostdata;
3671 if (devip)
3672 atomic_dec(&devip->num_in_q);
3673 sqcp->a_cmnd = NULL;
3674 sd_dp = sqcp->sd_dp;
3675 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3676 stop_qc_helper(sd_dp);
3677 clear_bit(k, sqp->in_use_bm);
3678 return true;
3681 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3683 return false;
3686 /* Deletes (stops) timers or work queues of all queued commands */
3687 static void stop_all_queued(void)
3689 unsigned long iflags;
3690 int j, k;
3691 struct sdebug_queue *sqp;
3692 struct sdebug_queued_cmd *sqcp;
3693 struct sdebug_dev_info *devip;
3694 struct sdebug_defer *sd_dp;
3696 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3697 spin_lock_irqsave(&sqp->qc_lock, iflags);
3698 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3699 if (test_bit(k, sqp->in_use_bm)) {
3700 sqcp = &sqp->qc_arr[k];
3701 if (sqcp->a_cmnd == NULL)
3702 continue;
3703 devip = (struct sdebug_dev_info *)
3704 sqcp->a_cmnd->device->hostdata;
3705 if (devip)
3706 atomic_dec(&devip->num_in_q);
3707 sqcp->a_cmnd = NULL;
3708 sd_dp = sqcp->sd_dp;
3709 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3710 stop_qc_helper(sd_dp);
3711 clear_bit(k, sqp->in_use_bm);
3712 spin_lock_irqsave(&sqp->qc_lock, iflags);
3715 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3719 /* Free queued command memory on heap */
3720 static void free_all_queued(void)
3722 int j, k;
3723 struct sdebug_queue *sqp;
3724 struct sdebug_queued_cmd *sqcp;
3726 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3727 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3728 sqcp = &sqp->qc_arr[k];
3729 kfree(sqcp->sd_dp);
3730 sqcp->sd_dp = NULL;
3735 static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
3737 bool ok;
3739 ++num_aborts;
3740 if (SCpnt) {
3741 ok = stop_queued_cmnd(SCpnt);
3742 if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3743 sdev_printk(KERN_INFO, SCpnt->device,
3744 "%s: command%s found\n", __func__,
3745 ok ? "" : " not");
3747 return SUCCESS;
3750 static int scsi_debug_device_reset(struct scsi_cmnd * SCpnt)
3752 ++num_dev_resets;
3753 if (SCpnt && SCpnt->device) {
3754 struct scsi_device *sdp = SCpnt->device;
3755 struct sdebug_dev_info *devip =
3756 (struct sdebug_dev_info *)sdp->hostdata;
3758 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3759 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3760 if (devip)
3761 set_bit(SDEBUG_UA_POR, devip->uas_bm);
3763 return SUCCESS;
3766 static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
3768 struct sdebug_host_info *sdbg_host;
3769 struct sdebug_dev_info *devip;
3770 struct scsi_device *sdp;
3771 struct Scsi_Host *hp;
3772 int k = 0;
3774 ++num_target_resets;
3775 if (!SCpnt)
3776 goto lie;
3777 sdp = SCpnt->device;
3778 if (!sdp)
3779 goto lie;
3780 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3781 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3782 hp = sdp->host;
3783 if (!hp)
3784 goto lie;
3785 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3786 if (sdbg_host) {
3787 list_for_each_entry(devip,
3788 &sdbg_host->dev_info_list,
3789 dev_list)
3790 if (devip->target == sdp->id) {
3791 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3792 ++k;
3795 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3796 sdev_printk(KERN_INFO, sdp,
3797 "%s: %d device(s) found in target\n", __func__, k);
3798 lie:
3799 return SUCCESS;
3802 static int scsi_debug_bus_reset(struct scsi_cmnd * SCpnt)
3804 struct sdebug_host_info *sdbg_host;
3805 struct sdebug_dev_info *devip;
3806 struct scsi_device * sdp;
3807 struct Scsi_Host * hp;
3808 int k = 0;
3810 ++num_bus_resets;
3811 if (!(SCpnt && SCpnt->device))
3812 goto lie;
3813 sdp = SCpnt->device;
3814 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3815 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3816 hp = sdp->host;
3817 if (hp) {
3818 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3819 if (sdbg_host) {
3820 list_for_each_entry(devip,
3821 &sdbg_host->dev_info_list,
3822 dev_list) {
3823 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3824 ++k;
3828 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3829 sdev_printk(KERN_INFO, sdp,
3830 "%s: %d device(s) found in host\n", __func__, k);
3831 lie:
3832 return SUCCESS;
3835 static int scsi_debug_host_reset(struct scsi_cmnd * SCpnt)
3837 struct sdebug_host_info * sdbg_host;
3838 struct sdebug_dev_info *devip;
3839 int k = 0;
3841 ++num_host_resets;
3842 if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3843 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
3844 spin_lock(&sdebug_host_list_lock);
3845 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
3846 list_for_each_entry(devip, &sdbg_host->dev_info_list,
3847 dev_list) {
3848 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3849 ++k;
3852 spin_unlock(&sdebug_host_list_lock);
3853 stop_all_queued();
3854 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3855 sdev_printk(KERN_INFO, SCpnt->device,
3856 "%s: %d device(s) found\n", __func__, k);
3857 return SUCCESS;
3860 static void __init sdebug_build_parts(unsigned char *ramp,
3861 unsigned long store_size)
3863 struct partition * pp;
3864 int starts[SDEBUG_MAX_PARTS + 2];
3865 int sectors_per_part, num_sectors, k;
3866 int heads_by_sects, start_sec, end_sec;
3868 /* assume partition table already zeroed */
3869 if ((sdebug_num_parts < 1) || (store_size < 1048576))
3870 return;
3871 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
3872 sdebug_num_parts = SDEBUG_MAX_PARTS;
3873 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
3875 num_sectors = (int)sdebug_store_sectors;
3876 sectors_per_part = (num_sectors - sdebug_sectors_per)
3877 / sdebug_num_parts;
3878 heads_by_sects = sdebug_heads * sdebug_sectors_per;
3879 starts[0] = sdebug_sectors_per;
3880 for (k = 1; k < sdebug_num_parts; ++k)
3881 starts[k] = ((k * sectors_per_part) / heads_by_sects)
3882 * heads_by_sects;
3883 starts[sdebug_num_parts] = num_sectors;
3884 starts[sdebug_num_parts + 1] = 0;
3886 ramp[510] = 0x55; /* magic partition markings */
3887 ramp[511] = 0xAA;
3888 pp = (struct partition *)(ramp + 0x1be);
3889 for (k = 0; starts[k + 1]; ++k, ++pp) {
3890 start_sec = starts[k];
3891 end_sec = starts[k + 1] - 1;
3892 pp->boot_ind = 0;
3894 pp->cyl = start_sec / heads_by_sects;
3895 pp->head = (start_sec - (pp->cyl * heads_by_sects))
3896 / sdebug_sectors_per;
3897 pp->sector = (start_sec % sdebug_sectors_per) + 1;
3899 pp->end_cyl = end_sec / heads_by_sects;
3900 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
3901 / sdebug_sectors_per;
3902 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
3904 pp->start_sect = cpu_to_le32(start_sec);
3905 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
3906 pp->sys_ind = 0x83; /* plain Linux partition */
3910 static void block_unblock_all_queues(bool block)
3912 int j;
3913 struct sdebug_queue *sqp;
3915 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
3916 atomic_set(&sqp->blocked, (int)block);
3919 /* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
3920 * commands will be processed normally before triggers occur.
3922 static void tweak_cmnd_count(void)
3924 int count, modulo;
3926 modulo = abs(sdebug_every_nth);
3927 if (modulo < 2)
3928 return;
3929 block_unblock_all_queues(true);
3930 count = atomic_read(&sdebug_cmnd_count);
3931 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
3932 block_unblock_all_queues(false);
3935 static void clear_queue_stats(void)
3937 atomic_set(&sdebug_cmnd_count, 0);
3938 atomic_set(&sdebug_completions, 0);
3939 atomic_set(&sdebug_miss_cpus, 0);
3940 atomic_set(&sdebug_a_tsf, 0);
3943 static void setup_inject(struct sdebug_queue *sqp,
3944 struct sdebug_queued_cmd *sqcp)
3946 if ((atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0)
3947 return;
3948 sqcp->inj_recovered = !!(SDEBUG_OPT_RECOVERED_ERR & sdebug_opts);
3949 sqcp->inj_transport = !!(SDEBUG_OPT_TRANSPORT_ERR & sdebug_opts);
3950 sqcp->inj_dif = !!(SDEBUG_OPT_DIF_ERR & sdebug_opts);
3951 sqcp->inj_dix = !!(SDEBUG_OPT_DIX_ERR & sdebug_opts);
3952 sqcp->inj_short = !!(SDEBUG_OPT_SHORT_TRANSFER & sdebug_opts);
3955 /* Complete the processing of the thread that queued a SCSI command to this
3956 * driver. It either completes the command by calling cmnd_done() or
3957 * schedules a hr timer or work queue then returns 0. Returns
3958 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
3960 static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
3961 int scsi_result, int delta_jiff)
3963 unsigned long iflags;
3964 int k, num_in_q, qdepth, inject;
3965 struct sdebug_queue *sqp;
3966 struct sdebug_queued_cmd *sqcp;
3967 struct scsi_device *sdp;
3968 struct sdebug_defer *sd_dp;
3970 if (unlikely(devip == NULL)) {
3971 if (scsi_result == 0)
3972 scsi_result = DID_NO_CONNECT << 16;
3973 goto respond_in_thread;
3975 sdp = cmnd->device;
3977 if (unlikely(sdebug_verbose && scsi_result))
3978 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
3979 __func__, scsi_result);
3980 if (delta_jiff == 0)
3981 goto respond_in_thread;
3983 /* schedule the response at a later time if resources permit */
3984 sqp = get_queue(cmnd);
3985 spin_lock_irqsave(&sqp->qc_lock, iflags);
3986 if (unlikely(atomic_read(&sqp->blocked))) {
3987 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3988 return SCSI_MLQUEUE_HOST_BUSY;
3990 num_in_q = atomic_read(&devip->num_in_q);
3991 qdepth = cmnd->device->queue_depth;
3992 inject = 0;
3993 if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
3994 if (scsi_result) {
3995 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3996 goto respond_in_thread;
3997 } else
3998 scsi_result = device_qfull_result;
3999 } else if (unlikely(sdebug_every_nth &&
4000 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
4001 (scsi_result == 0))) {
4002 if ((num_in_q == (qdepth - 1)) &&
4003 (atomic_inc_return(&sdebug_a_tsf) >=
4004 abs(sdebug_every_nth))) {
4005 atomic_set(&sdebug_a_tsf, 0);
4006 inject = 1;
4007 scsi_result = device_qfull_result;
4011 k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
4012 if (unlikely(k >= sdebug_max_queue)) {
4013 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4014 if (scsi_result)
4015 goto respond_in_thread;
4016 else if (SDEBUG_OPT_ALL_TSF & sdebug_opts)
4017 scsi_result = device_qfull_result;
4018 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
4019 sdev_printk(KERN_INFO, sdp,
4020 "%s: max_queue=%d exceeded, %s\n",
4021 __func__, sdebug_max_queue,
4022 (scsi_result ? "status: TASK SET FULL" :
4023 "report: host busy"));
4024 if (scsi_result)
4025 goto respond_in_thread;
4026 else
4027 return SCSI_MLQUEUE_HOST_BUSY;
4029 __set_bit(k, sqp->in_use_bm);
4030 atomic_inc(&devip->num_in_q);
4031 sqcp = &sqp->qc_arr[k];
4032 sqcp->a_cmnd = cmnd;
4033 cmnd->host_scribble = (unsigned char *)sqcp;
4034 cmnd->result = scsi_result;
4035 sd_dp = sqcp->sd_dp;
4036 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4037 if (unlikely(sdebug_every_nth && sdebug_any_injecting_opt))
4038 setup_inject(sqp, sqcp);
4039 if (delta_jiff > 0 || sdebug_ndelay > 0) {
4040 ktime_t kt;
4042 if (delta_jiff > 0) {
4043 struct timespec ts;
4045 jiffies_to_timespec(delta_jiff, &ts);
4046 kt = ktime_set(ts.tv_sec, ts.tv_nsec);
4047 } else
4048 kt = ktime_set(0, sdebug_ndelay);
4049 if (NULL == sd_dp) {
4050 sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
4051 if (NULL == sd_dp)
4052 return SCSI_MLQUEUE_HOST_BUSY;
4053 sqcp->sd_dp = sd_dp;
4054 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
4055 HRTIMER_MODE_REL_PINNED);
4056 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
4057 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4058 sd_dp->qc_idx = k;
4060 if (sdebug_statistics)
4061 sd_dp->issuing_cpu = raw_smp_processor_id();
4062 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
4063 } else { /* jdelay < 0, use work queue */
4064 if (NULL == sd_dp) {
4065 sd_dp = kzalloc(sizeof(*sqcp->sd_dp), GFP_ATOMIC);
4066 if (NULL == sd_dp)
4067 return SCSI_MLQUEUE_HOST_BUSY;
4068 sqcp->sd_dp = sd_dp;
4069 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4070 sd_dp->qc_idx = k;
4071 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
4073 if (sdebug_statistics)
4074 sd_dp->issuing_cpu = raw_smp_processor_id();
4075 schedule_work(&sd_dp->ew.work);
4077 if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) &&
4078 (scsi_result == device_qfull_result)))
4079 sdev_printk(KERN_INFO, sdp,
4080 "%s: num_in_q=%d +1, %s%s\n", __func__,
4081 num_in_q, (inject ? "<inject> " : ""),
4082 "status: TASK SET FULL");
4083 return 0;
4085 respond_in_thread: /* call back to mid-layer using invocation thread */
4086 cmnd->result = scsi_result;
4087 cmnd->scsi_done(cmnd);
4088 return 0;
4091 /* Note: The following macros create attribute files in the
4092 /sys/module/scsi_debug/parameters directory. Unfortunately this
4093 driver is unaware of a change and cannot trigger auxiliary actions
4094 as it can when the corresponding attribute in the
4095 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
4097 module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
4098 module_param_named(ato, sdebug_ato, int, S_IRUGO);
4099 module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
4100 module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
4101 module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
4102 module_param_named(dif, sdebug_dif, int, S_IRUGO);
4103 module_param_named(dix, sdebug_dix, int, S_IRUGO);
4104 module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
4105 module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
4106 module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
4107 module_param_named(guard, sdebug_guard, uint, S_IRUGO);
4108 module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
4109 module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
4110 module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
4111 module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
4112 module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
4113 module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
4114 module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
4115 module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
4116 module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
4117 module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
4118 module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
4119 module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
4120 module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
4121 module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
4122 module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
4123 module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
4124 module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
4125 module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
4126 module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
4127 module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
4128 module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
4129 module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
4130 module_param_named(submit_queues, submit_queues, int, S_IRUGO);
4131 module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
4132 module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
4133 module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
4134 module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
4135 module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
4136 module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
4137 module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
4138 S_IRUGO | S_IWUSR);
4139 module_param_named(write_same_length, sdebug_write_same_length, int,
4140 S_IRUGO | S_IWUSR);
4142 MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
4143 MODULE_DESCRIPTION("SCSI debug adapter driver");
4144 MODULE_LICENSE("GPL");
4145 MODULE_VERSION(SDEBUG_VERSION);
4147 MODULE_PARM_DESC(add_host, "0..127 hosts allowed(def=1)");
4148 MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
4149 MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
4150 MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
4151 MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
4152 MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
4153 MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
4154 MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
4155 MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
4156 MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
4157 MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
4158 MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
4159 MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
4160 MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
4161 MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
4162 MODULE_PARM_DESC(lbprz,
4163 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
4164 MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
4165 MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
4166 MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
4167 MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
4168 MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
4169 MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
4170 MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
4171 MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
4172 MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
4173 MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
4174 MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
4175 MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
4176 MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
4177 MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
4178 MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
4179 MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
4180 MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
4181 MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
4182 MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
4183 MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
4184 MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
4185 MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
4186 MODULE_PARM_DESC(uuid_ctl,
4187 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
4188 MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
4189 MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
4190 MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
4192 #define SDEBUG_INFO_LEN 256
4193 static char sdebug_info[SDEBUG_INFO_LEN];
4195 static const char * scsi_debug_info(struct Scsi_Host * shp)
4197 int k;
4199 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
4200 my_name, SDEBUG_VERSION, sdebug_version_date);
4201 if (k >= (SDEBUG_INFO_LEN - 1))
4202 return sdebug_info;
4203 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
4204 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
4205 sdebug_dev_size_mb, sdebug_opts, submit_queues,
4206 "statistics", (int)sdebug_statistics);
4207 return sdebug_info;
4210 /* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
4211 static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
4212 int length)
4214 char arr[16];
4215 int opts;
4216 int minLen = length > 15 ? 15 : length;
4218 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
4219 return -EACCES;
4220 memcpy(arr, buffer, minLen);
4221 arr[minLen] = '\0';
4222 if (1 != sscanf(arr, "%d", &opts))
4223 return -EINVAL;
4224 sdebug_opts = opts;
4225 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4226 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4227 if (sdebug_every_nth != 0)
4228 tweak_cmnd_count();
4229 return length;
4232 /* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
4233 * same for each scsi_debug host (if more than one). Some of the counters
4234 * output are not atomics so might be inaccurate in a busy system. */
4235 static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
4237 int f, j, l;
4238 struct sdebug_queue *sqp;
4240 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
4241 SDEBUG_VERSION, sdebug_version_date);
4242 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
4243 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
4244 sdebug_opts, sdebug_every_nth);
4245 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
4246 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
4247 sdebug_sector_size, "bytes");
4248 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
4249 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
4250 num_aborts);
4251 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
4252 num_dev_resets, num_target_resets, num_bus_resets,
4253 num_host_resets);
4254 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
4255 dix_reads, dix_writes, dif_errors);
4256 seq_printf(m, "usec_in_jiffy=%lu, %s=%d, mq_active=%d\n",
4257 TICK_NSEC / 1000, "statistics", sdebug_statistics,
4258 sdebug_mq_active);
4259 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
4260 atomic_read(&sdebug_cmnd_count),
4261 atomic_read(&sdebug_completions),
4262 "miss_cpus", atomic_read(&sdebug_miss_cpus),
4263 atomic_read(&sdebug_a_tsf));
4265 seq_printf(m, "submit_queues=%d\n", submit_queues);
4266 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
4267 seq_printf(m, " queue %d:\n", j);
4268 f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
4269 if (f != sdebug_max_queue) {
4270 l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
4271 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
4272 "first,last bits", f, l);
4275 return 0;
4278 static ssize_t delay_show(struct device_driver *ddp, char *buf)
4280 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
4282 /* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
4283 * of delay is jiffies.
4285 static ssize_t delay_store(struct device_driver *ddp, const char *buf,
4286 size_t count)
4288 int jdelay, res;
4290 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
4291 res = count;
4292 if (sdebug_jdelay != jdelay) {
4293 int j, k;
4294 struct sdebug_queue *sqp;
4296 block_unblock_all_queues(true);
4297 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4298 ++j, ++sqp) {
4299 k = find_first_bit(sqp->in_use_bm,
4300 sdebug_max_queue);
4301 if (k != sdebug_max_queue) {
4302 res = -EBUSY; /* queued commands */
4303 break;
4306 if (res > 0) {
4307 /* make sure sdebug_defer instances get
4308 * re-allocated for new delay variant */
4309 free_all_queued();
4310 sdebug_jdelay = jdelay;
4311 sdebug_ndelay = 0;
4313 block_unblock_all_queues(false);
4315 return res;
4317 return -EINVAL;
4319 static DRIVER_ATTR_RW(delay);
4321 static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
4323 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
4325 /* Returns -EBUSY if ndelay is being changed and commands are queued */
4326 /* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
4327 static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
4328 size_t count)
4330 int ndelay, res;
4332 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
4333 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
4334 res = count;
4335 if (sdebug_ndelay != ndelay) {
4336 int j, k;
4337 struct sdebug_queue *sqp;
4339 block_unblock_all_queues(true);
4340 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4341 ++j, ++sqp) {
4342 k = find_first_bit(sqp->in_use_bm,
4343 sdebug_max_queue);
4344 if (k != sdebug_max_queue) {
4345 res = -EBUSY; /* queued commands */
4346 break;
4349 if (res > 0) {
4350 /* make sure sdebug_defer instances get
4351 * re-allocated for new delay variant */
4352 free_all_queued();
4353 sdebug_ndelay = ndelay;
4354 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
4355 : DEF_JDELAY;
4357 block_unblock_all_queues(false);
4359 return res;
4361 return -EINVAL;
4363 static DRIVER_ATTR_RW(ndelay);
4365 static ssize_t opts_show(struct device_driver *ddp, char *buf)
4367 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
4370 static ssize_t opts_store(struct device_driver *ddp, const char *buf,
4371 size_t count)
4373 int opts;
4374 char work[20];
4376 if (1 == sscanf(buf, "%10s", work)) {
4377 if (0 == strncasecmp(work,"0x", 2)) {
4378 if (1 == sscanf(&work[2], "%x", &opts))
4379 goto opts_done;
4380 } else {
4381 if (1 == sscanf(work, "%d", &opts))
4382 goto opts_done;
4385 return -EINVAL;
4386 opts_done:
4387 sdebug_opts = opts;
4388 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4389 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4390 tweak_cmnd_count();
4391 return count;
4393 static DRIVER_ATTR_RW(opts);
4395 static ssize_t ptype_show(struct device_driver *ddp, char *buf)
4397 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
4399 static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
4400 size_t count)
4402 int n;
4404 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4405 sdebug_ptype = n;
4406 return count;
4408 return -EINVAL;
4410 static DRIVER_ATTR_RW(ptype);
4412 static ssize_t dsense_show(struct device_driver *ddp, char *buf)
4414 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
4416 static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
4417 size_t count)
4419 int n;
4421 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4422 sdebug_dsense = n;
4423 return count;
4425 return -EINVAL;
4427 static DRIVER_ATTR_RW(dsense);
4429 static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
4431 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
4433 static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
4434 size_t count)
4436 int n;
4438 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4439 n = (n > 0);
4440 sdebug_fake_rw = (sdebug_fake_rw > 0);
4441 if (sdebug_fake_rw != n) {
4442 if ((0 == n) && (NULL == fake_storep)) {
4443 unsigned long sz =
4444 (unsigned long)sdebug_dev_size_mb *
4445 1048576;
4447 fake_storep = vmalloc(sz);
4448 if (NULL == fake_storep) {
4449 pr_err("out of memory, 9\n");
4450 return -ENOMEM;
4452 memset(fake_storep, 0, sz);
4454 sdebug_fake_rw = n;
4456 return count;
4458 return -EINVAL;
4460 static DRIVER_ATTR_RW(fake_rw);
4462 static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
4464 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
4466 static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
4467 size_t count)
4469 int n;
4471 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4472 sdebug_no_lun_0 = n;
4473 return count;
4475 return -EINVAL;
4477 static DRIVER_ATTR_RW(no_lun_0);
4479 static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
4481 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
4483 static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
4484 size_t count)
4486 int n;
4488 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4489 sdebug_num_tgts = n;
4490 sdebug_max_tgts_luns();
4491 return count;
4493 return -EINVAL;
4495 static DRIVER_ATTR_RW(num_tgts);
4497 static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
4499 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
4501 static DRIVER_ATTR_RO(dev_size_mb);
4503 static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
4505 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
4507 static DRIVER_ATTR_RO(num_parts);
4509 static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
4511 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
4513 static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
4514 size_t count)
4516 int nth;
4518 if ((count > 0) && (1 == sscanf(buf, "%d", &nth))) {
4519 sdebug_every_nth = nth;
4520 if (nth && !sdebug_statistics) {
4521 pr_info("every_nth needs statistics=1, set it\n");
4522 sdebug_statistics = true;
4524 tweak_cmnd_count();
4525 return count;
4527 return -EINVAL;
4529 static DRIVER_ATTR_RW(every_nth);
4531 static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
4533 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
4535 static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
4536 size_t count)
4538 int n;
4539 bool changed;
4541 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4542 if (n > 256) {
4543 pr_warn("max_luns can be no more than 256\n");
4544 return -EINVAL;
4546 changed = (sdebug_max_luns != n);
4547 sdebug_max_luns = n;
4548 sdebug_max_tgts_luns();
4549 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
4550 struct sdebug_host_info *sdhp;
4551 struct sdebug_dev_info *dp;
4553 spin_lock(&sdebug_host_list_lock);
4554 list_for_each_entry(sdhp, &sdebug_host_list,
4555 host_list) {
4556 list_for_each_entry(dp, &sdhp->dev_info_list,
4557 dev_list) {
4558 set_bit(SDEBUG_UA_LUNS_CHANGED,
4559 dp->uas_bm);
4562 spin_unlock(&sdebug_host_list_lock);
4564 return count;
4566 return -EINVAL;
4568 static DRIVER_ATTR_RW(max_luns);
4570 static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
4572 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
4574 /* N.B. max_queue can be changed while there are queued commands. In flight
4575 * commands beyond the new max_queue will be completed. */
4576 static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
4577 size_t count)
4579 int j, n, k, a;
4580 struct sdebug_queue *sqp;
4582 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
4583 (n <= SDEBUG_CANQUEUE)) {
4584 block_unblock_all_queues(true);
4585 k = 0;
4586 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4587 ++j, ++sqp) {
4588 a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
4589 if (a > k)
4590 k = a;
4592 sdebug_max_queue = n;
4593 if (k == SDEBUG_CANQUEUE)
4594 atomic_set(&retired_max_queue, 0);
4595 else if (k >= n)
4596 atomic_set(&retired_max_queue, k + 1);
4597 else
4598 atomic_set(&retired_max_queue, 0);
4599 block_unblock_all_queues(false);
4600 return count;
4602 return -EINVAL;
4604 static DRIVER_ATTR_RW(max_queue);
4606 static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
4608 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
4610 static DRIVER_ATTR_RO(no_uld);
4612 static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
4614 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
4616 static DRIVER_ATTR_RO(scsi_level);
4618 static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
4620 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
4622 static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
4623 size_t count)
4625 int n;
4626 bool changed;
4628 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4629 changed = (sdebug_virtual_gb != n);
4630 sdebug_virtual_gb = n;
4631 sdebug_capacity = get_sdebug_capacity();
4632 if (changed) {
4633 struct sdebug_host_info *sdhp;
4634 struct sdebug_dev_info *dp;
4636 spin_lock(&sdebug_host_list_lock);
4637 list_for_each_entry(sdhp, &sdebug_host_list,
4638 host_list) {
4639 list_for_each_entry(dp, &sdhp->dev_info_list,
4640 dev_list) {
4641 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
4642 dp->uas_bm);
4645 spin_unlock(&sdebug_host_list_lock);
4647 return count;
4649 return -EINVAL;
4651 static DRIVER_ATTR_RW(virtual_gb);
4653 static ssize_t add_host_show(struct device_driver *ddp, char *buf)
4655 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_add_host);
4658 static int sdebug_add_adapter(void);
4659 static void sdebug_remove_adapter(void);
4661 static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
4662 size_t count)
4664 int delta_hosts;
4666 if (sscanf(buf, "%d", &delta_hosts) != 1)
4667 return -EINVAL;
4668 if (delta_hosts > 0) {
4669 do {
4670 sdebug_add_adapter();
4671 } while (--delta_hosts);
4672 } else if (delta_hosts < 0) {
4673 do {
4674 sdebug_remove_adapter();
4675 } while (++delta_hosts);
4677 return count;
4679 static DRIVER_ATTR_RW(add_host);
4681 static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
4683 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
4685 static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
4686 size_t count)
4688 int n;
4690 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4691 sdebug_vpd_use_hostno = n;
4692 return count;
4694 return -EINVAL;
4696 static DRIVER_ATTR_RW(vpd_use_hostno);
4698 static ssize_t statistics_show(struct device_driver *ddp, char *buf)
4700 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
4702 static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
4703 size_t count)
4705 int n;
4707 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
4708 if (n > 0)
4709 sdebug_statistics = true;
4710 else {
4711 clear_queue_stats();
4712 sdebug_statistics = false;
4714 return count;
4716 return -EINVAL;
4718 static DRIVER_ATTR_RW(statistics);
4720 static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
4722 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
4724 static DRIVER_ATTR_RO(sector_size);
4726 static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
4728 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
4730 static DRIVER_ATTR_RO(submit_queues);
4732 static ssize_t dix_show(struct device_driver *ddp, char *buf)
4734 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
4736 static DRIVER_ATTR_RO(dix);
4738 static ssize_t dif_show(struct device_driver *ddp, char *buf)
4740 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
4742 static DRIVER_ATTR_RO(dif);
4744 static ssize_t guard_show(struct device_driver *ddp, char *buf)
4746 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
4748 static DRIVER_ATTR_RO(guard);
4750 static ssize_t ato_show(struct device_driver *ddp, char *buf)
4752 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
4754 static DRIVER_ATTR_RO(ato);
4756 static ssize_t map_show(struct device_driver *ddp, char *buf)
4758 ssize_t count;
4760 if (!scsi_debug_lbp())
4761 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
4762 sdebug_store_sectors);
4764 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
4765 (int)map_size, map_storep);
4766 buf[count++] = '\n';
4767 buf[count] = '\0';
4769 return count;
4771 static DRIVER_ATTR_RO(map);
4773 static ssize_t removable_show(struct device_driver *ddp, char *buf)
4775 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
4777 static ssize_t removable_store(struct device_driver *ddp, const char *buf,
4778 size_t count)
4780 int n;
4782 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4783 sdebug_removable = (n > 0);
4784 return count;
4786 return -EINVAL;
4788 static DRIVER_ATTR_RW(removable);
4790 static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
4792 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
4794 /* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
4795 static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
4796 size_t count)
4798 int n;
4800 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4801 sdebug_host_lock = (n > 0);
4802 return count;
4804 return -EINVAL;
4806 static DRIVER_ATTR_RW(host_lock);
4808 static ssize_t strict_show(struct device_driver *ddp, char *buf)
4810 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
4812 static ssize_t strict_store(struct device_driver *ddp, const char *buf,
4813 size_t count)
4815 int n;
4817 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4818 sdebug_strict = (n > 0);
4819 return count;
4821 return -EINVAL;
4823 static DRIVER_ATTR_RW(strict);
4825 static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
4827 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
4829 static DRIVER_ATTR_RO(uuid_ctl);
4832 /* Note: The following array creates attribute files in the
4833 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
4834 files (over those found in the /sys/module/scsi_debug/parameters
4835 directory) is that auxiliary actions can be triggered when an attribute
4836 is changed. For example see: sdebug_add_host_store() above.
4839 static struct attribute *sdebug_drv_attrs[] = {
4840 &driver_attr_delay.attr,
4841 &driver_attr_opts.attr,
4842 &driver_attr_ptype.attr,
4843 &driver_attr_dsense.attr,
4844 &driver_attr_fake_rw.attr,
4845 &driver_attr_no_lun_0.attr,
4846 &driver_attr_num_tgts.attr,
4847 &driver_attr_dev_size_mb.attr,
4848 &driver_attr_num_parts.attr,
4849 &driver_attr_every_nth.attr,
4850 &driver_attr_max_luns.attr,
4851 &driver_attr_max_queue.attr,
4852 &driver_attr_no_uld.attr,
4853 &driver_attr_scsi_level.attr,
4854 &driver_attr_virtual_gb.attr,
4855 &driver_attr_add_host.attr,
4856 &driver_attr_vpd_use_hostno.attr,
4857 &driver_attr_sector_size.attr,
4858 &driver_attr_statistics.attr,
4859 &driver_attr_submit_queues.attr,
4860 &driver_attr_dix.attr,
4861 &driver_attr_dif.attr,
4862 &driver_attr_guard.attr,
4863 &driver_attr_ato.attr,
4864 &driver_attr_map.attr,
4865 &driver_attr_removable.attr,
4866 &driver_attr_host_lock.attr,
4867 &driver_attr_ndelay.attr,
4868 &driver_attr_strict.attr,
4869 &driver_attr_uuid_ctl.attr,
4870 NULL,
4872 ATTRIBUTE_GROUPS(sdebug_drv);
4874 static struct device *pseudo_primary;
4876 static int __init scsi_debug_init(void)
4878 unsigned long sz;
4879 int host_to_add;
4880 int k;
4881 int ret;
4883 atomic_set(&retired_max_queue, 0);
4885 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
4886 pr_warn("ndelay must be less than 1 second, ignored\n");
4887 sdebug_ndelay = 0;
4888 } else if (sdebug_ndelay > 0)
4889 sdebug_jdelay = JDELAY_OVERRIDDEN;
4891 switch (sdebug_sector_size) {
4892 case 512:
4893 case 1024:
4894 case 2048:
4895 case 4096:
4896 break;
4897 default:
4898 pr_err("invalid sector_size %d\n", sdebug_sector_size);
4899 return -EINVAL;
4902 switch (sdebug_dif) {
4904 case SD_DIF_TYPE0_PROTECTION:
4905 break;
4906 case SD_DIF_TYPE1_PROTECTION:
4907 case SD_DIF_TYPE2_PROTECTION:
4908 case SD_DIF_TYPE3_PROTECTION:
4909 have_dif_prot = true;
4910 break;
4912 default:
4913 pr_err("dif must be 0, 1, 2 or 3\n");
4914 return -EINVAL;
4917 if (sdebug_guard > 1) {
4918 pr_err("guard must be 0 or 1\n");
4919 return -EINVAL;
4922 if (sdebug_ato > 1) {
4923 pr_err("ato must be 0 or 1\n");
4924 return -EINVAL;
4927 if (sdebug_physblk_exp > 15) {
4928 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
4929 return -EINVAL;
4931 if (sdebug_max_luns > 256) {
4932 pr_warn("max_luns can be no more than 256, use default\n");
4933 sdebug_max_luns = DEF_MAX_LUNS;
4936 if (sdebug_lowest_aligned > 0x3fff) {
4937 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
4938 return -EINVAL;
4941 if (submit_queues < 1) {
4942 pr_err("submit_queues must be 1 or more\n");
4943 return -EINVAL;
4945 sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
4946 GFP_KERNEL);
4947 if (sdebug_q_arr == NULL)
4948 return -ENOMEM;
4949 for (k = 0; k < submit_queues; ++k)
4950 spin_lock_init(&sdebug_q_arr[k].qc_lock);
4952 if (sdebug_dev_size_mb < 1)
4953 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
4954 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
4955 sdebug_store_sectors = sz / sdebug_sector_size;
4956 sdebug_capacity = get_sdebug_capacity();
4958 /* play around with geometry, don't waste too much on track 0 */
4959 sdebug_heads = 8;
4960 sdebug_sectors_per = 32;
4961 if (sdebug_dev_size_mb >= 256)
4962 sdebug_heads = 64;
4963 else if (sdebug_dev_size_mb >= 16)
4964 sdebug_heads = 32;
4965 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
4966 (sdebug_sectors_per * sdebug_heads);
4967 if (sdebug_cylinders_per >= 1024) {
4968 /* other LLDs do this; implies >= 1GB ram disk ... */
4969 sdebug_heads = 255;
4970 sdebug_sectors_per = 63;
4971 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
4972 (sdebug_sectors_per * sdebug_heads);
4975 if (sdebug_fake_rw == 0) {
4976 fake_storep = vmalloc(sz);
4977 if (NULL == fake_storep) {
4978 pr_err("out of memory, 1\n");
4979 ret = -ENOMEM;
4980 goto free_q_arr;
4982 memset(fake_storep, 0, sz);
4983 if (sdebug_num_parts > 0)
4984 sdebug_build_parts(fake_storep, sz);
4987 if (sdebug_dix) {
4988 int dif_size;
4990 dif_size = sdebug_store_sectors * sizeof(struct sd_dif_tuple);
4991 dif_storep = vmalloc(dif_size);
4993 pr_err("dif_storep %u bytes @ %p\n", dif_size, dif_storep);
4995 if (dif_storep == NULL) {
4996 pr_err("out of mem. (DIX)\n");
4997 ret = -ENOMEM;
4998 goto free_vm;
5001 memset(dif_storep, 0xff, dif_size);
5004 /* Logical Block Provisioning */
5005 if (scsi_debug_lbp()) {
5006 sdebug_unmap_max_blocks =
5007 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
5009 sdebug_unmap_max_desc =
5010 clamp(sdebug_unmap_max_desc, 0U, 256U);
5012 sdebug_unmap_granularity =
5013 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
5015 if (sdebug_unmap_alignment &&
5016 sdebug_unmap_granularity <=
5017 sdebug_unmap_alignment) {
5018 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
5019 ret = -EINVAL;
5020 goto free_vm;
5023 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
5024 map_storep = vmalloc(BITS_TO_LONGS(map_size) * sizeof(long));
5026 pr_info("%lu provisioning blocks\n", map_size);
5028 if (map_storep == NULL) {
5029 pr_err("out of mem. (MAP)\n");
5030 ret = -ENOMEM;
5031 goto free_vm;
5034 bitmap_zero(map_storep, map_size);
5036 /* Map first 1KB for partition table */
5037 if (sdebug_num_parts)
5038 map_region(0, 2);
5041 pseudo_primary = root_device_register("pseudo_0");
5042 if (IS_ERR(pseudo_primary)) {
5043 pr_warn("root_device_register() error\n");
5044 ret = PTR_ERR(pseudo_primary);
5045 goto free_vm;
5047 ret = bus_register(&pseudo_lld_bus);
5048 if (ret < 0) {
5049 pr_warn("bus_register error: %d\n", ret);
5050 goto dev_unreg;
5052 ret = driver_register(&sdebug_driverfs_driver);
5053 if (ret < 0) {
5054 pr_warn("driver_register error: %d\n", ret);
5055 goto bus_unreg;
5058 host_to_add = sdebug_add_host;
5059 sdebug_add_host = 0;
5061 for (k = 0; k < host_to_add; k++) {
5062 if (sdebug_add_adapter()) {
5063 pr_err("sdebug_add_adapter failed k=%d\n", k);
5064 break;
5068 if (sdebug_verbose)
5069 pr_info("built %d host(s)\n", sdebug_add_host);
5071 return 0;
5073 bus_unreg:
5074 bus_unregister(&pseudo_lld_bus);
5075 dev_unreg:
5076 root_device_unregister(pseudo_primary);
5077 free_vm:
5078 vfree(map_storep);
5079 vfree(dif_storep);
5080 vfree(fake_storep);
5081 free_q_arr:
5082 kfree(sdebug_q_arr);
5083 return ret;
5086 static void __exit scsi_debug_exit(void)
5088 int k = sdebug_add_host;
5090 stop_all_queued();
5091 free_all_queued();
5092 for (; k; k--)
5093 sdebug_remove_adapter();
5094 driver_unregister(&sdebug_driverfs_driver);
5095 bus_unregister(&pseudo_lld_bus);
5096 root_device_unregister(pseudo_primary);
5098 vfree(dif_storep);
5099 vfree(fake_storep);
5100 kfree(sdebug_q_arr);
5103 device_initcall(scsi_debug_init);
5104 module_exit(scsi_debug_exit);
5106 static void sdebug_release_adapter(struct device * dev)
5108 struct sdebug_host_info *sdbg_host;
5110 sdbg_host = to_sdebug_host(dev);
5111 kfree(sdbg_host);
5114 static int sdebug_add_adapter(void)
5116 int k, devs_per_host;
5117 int error = 0;
5118 struct sdebug_host_info *sdbg_host;
5119 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5121 sdbg_host = kzalloc(sizeof(*sdbg_host),GFP_KERNEL);
5122 if (NULL == sdbg_host) {
5123 pr_err("out of memory at line %d\n", __LINE__);
5124 return -ENOMEM;
5127 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
5129 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
5130 for (k = 0; k < devs_per_host; k++) {
5131 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
5132 if (!sdbg_devinfo) {
5133 pr_err("out of memory at line %d\n", __LINE__);
5134 error = -ENOMEM;
5135 goto clean;
5139 spin_lock(&sdebug_host_list_lock);
5140 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
5141 spin_unlock(&sdebug_host_list_lock);
5143 sdbg_host->dev.bus = &pseudo_lld_bus;
5144 sdbg_host->dev.parent = pseudo_primary;
5145 sdbg_host->dev.release = &sdebug_release_adapter;
5146 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_add_host);
5148 error = device_register(&sdbg_host->dev);
5150 if (error)
5151 goto clean;
5153 ++sdebug_add_host;
5154 return error;
5156 clean:
5157 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5158 dev_list) {
5159 list_del(&sdbg_devinfo->dev_list);
5160 kfree(sdbg_devinfo);
5163 kfree(sdbg_host);
5164 return error;
5167 static void sdebug_remove_adapter(void)
5169 struct sdebug_host_info * sdbg_host = NULL;
5171 spin_lock(&sdebug_host_list_lock);
5172 if (!list_empty(&sdebug_host_list)) {
5173 sdbg_host = list_entry(sdebug_host_list.prev,
5174 struct sdebug_host_info, host_list);
5175 list_del(&sdbg_host->host_list);
5177 spin_unlock(&sdebug_host_list_lock);
5179 if (!sdbg_host)
5180 return;
5182 device_unregister(&sdbg_host->dev);
5183 --sdebug_add_host;
5186 static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
5188 int num_in_q = 0;
5189 struct sdebug_dev_info *devip;
5191 block_unblock_all_queues(true);
5192 devip = (struct sdebug_dev_info *)sdev->hostdata;
5193 if (NULL == devip) {
5194 block_unblock_all_queues(false);
5195 return -ENODEV;
5197 num_in_q = atomic_read(&devip->num_in_q);
5199 if (qdepth < 1)
5200 qdepth = 1;
5201 /* allow to exceed max host qc_arr elements for testing */
5202 if (qdepth > SDEBUG_CANQUEUE + 10)
5203 qdepth = SDEBUG_CANQUEUE + 10;
5204 scsi_change_queue_depth(sdev, qdepth);
5206 if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
5207 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
5208 __func__, qdepth, num_in_q);
5210 block_unblock_all_queues(false);
5211 return sdev->queue_depth;
5214 static bool fake_timeout(struct scsi_cmnd *scp)
5216 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
5217 if (sdebug_every_nth < -1)
5218 sdebug_every_nth = -1;
5219 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
5220 return true; /* ignore command causing timeout */
5221 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
5222 scsi_medium_access_command(scp))
5223 return true; /* time out reads and writes */
5225 return false;
5228 static int scsi_debug_queuecommand(struct Scsi_Host *shost,
5229 struct scsi_cmnd *scp)
5231 u8 sdeb_i;
5232 struct scsi_device *sdp = scp->device;
5233 const struct opcode_info_t *oip;
5234 const struct opcode_info_t *r_oip;
5235 struct sdebug_dev_info *devip;
5236 u8 *cmd = scp->cmnd;
5237 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
5238 int k, na;
5239 int errsts = 0;
5240 u32 flags;
5241 u16 sa;
5242 u8 opcode = cmd[0];
5243 bool has_wlun_rl;
5245 scsi_set_resid(scp, 0);
5246 if (sdebug_statistics)
5247 atomic_inc(&sdebug_cmnd_count);
5248 if (unlikely(sdebug_verbose &&
5249 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
5250 char b[120];
5251 int n, len, sb;
5253 len = scp->cmd_len;
5254 sb = (int)sizeof(b);
5255 if (len > 32)
5256 strcpy(b, "too long, over 32 bytes");
5257 else {
5258 for (k = 0, n = 0; k < len && n < sb; ++k)
5259 n += scnprintf(b + n, sb - n, "%02x ",
5260 (u32)cmd[k]);
5262 if (sdebug_mq_active)
5263 sdev_printk(KERN_INFO, sdp, "%s: tag=%u, cmd %s\n",
5264 my_name, blk_mq_unique_tag(scp->request),
5266 else
5267 sdev_printk(KERN_INFO, sdp, "%s: cmd %s\n", my_name,
5270 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
5271 if (unlikely((sdp->lun >= sdebug_max_luns) && !has_wlun_rl))
5272 goto err_out;
5274 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
5275 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
5276 devip = (struct sdebug_dev_info *)sdp->hostdata;
5277 if (unlikely(!devip)) {
5278 devip = find_build_dev_info(sdp);
5279 if (NULL == devip)
5280 goto err_out;
5282 na = oip->num_attached;
5283 r_pfp = oip->pfp;
5284 if (na) { /* multiple commands with this opcode */
5285 r_oip = oip;
5286 if (FF_SA & r_oip->flags) {
5287 if (F_SA_LOW & oip->flags)
5288 sa = 0x1f & cmd[1];
5289 else
5290 sa = get_unaligned_be16(cmd + 8);
5291 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5292 if (opcode == oip->opcode && sa == oip->sa)
5293 break;
5295 } else { /* since no service action only check opcode */
5296 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5297 if (opcode == oip->opcode)
5298 break;
5301 if (k > na) {
5302 if (F_SA_LOW & r_oip->flags)
5303 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
5304 else if (F_SA_HIGH & r_oip->flags)
5305 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
5306 else
5307 mk_sense_invalid_opcode(scp);
5308 goto check_cond;
5310 } /* else (when na==0) we assume the oip is a match */
5311 flags = oip->flags;
5312 if (unlikely(F_INV_OP & flags)) {
5313 mk_sense_invalid_opcode(scp);
5314 goto check_cond;
5316 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
5317 if (sdebug_verbose)
5318 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
5319 my_name, opcode, " supported for wlun");
5320 mk_sense_invalid_opcode(scp);
5321 goto check_cond;
5323 if (unlikely(sdebug_strict)) { /* check cdb against mask */
5324 u8 rem;
5325 int j;
5327 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
5328 rem = ~oip->len_mask[k] & cmd[k];
5329 if (rem) {
5330 for (j = 7; j >= 0; --j, rem <<= 1) {
5331 if (0x80 & rem)
5332 break;
5334 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
5335 goto check_cond;
5339 if (unlikely(!(F_SKIP_UA & flags) &&
5340 find_first_bit(devip->uas_bm,
5341 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
5342 errsts = make_ua(scp, devip);
5343 if (errsts)
5344 goto check_cond;
5346 if (unlikely((F_M_ACCESS & flags) && atomic_read(&devip->stopped))) {
5347 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
5348 if (sdebug_verbose)
5349 sdev_printk(KERN_INFO, sdp, "%s reports: Not ready: "
5350 "%s\n", my_name, "initializing command "
5351 "required");
5352 errsts = check_condition_result;
5353 goto fini;
5355 if (sdebug_fake_rw && (F_FAKE_RW & flags))
5356 goto fini;
5357 if (unlikely(sdebug_every_nth)) {
5358 if (fake_timeout(scp))
5359 return 0; /* ignore command: make trouble */
5361 if (likely(oip->pfp))
5362 errsts = oip->pfp(scp, devip); /* calls a resp_* function */
5363 else if (r_pfp) /* if leaf function ptr NULL, try the root's */
5364 errsts = r_pfp(scp, devip);
5366 fini:
5367 return schedule_resp(scp, devip, errsts,
5368 ((F_DELAY_OVERR & flags) ? 0 : sdebug_jdelay));
5369 check_cond:
5370 return schedule_resp(scp, devip, check_condition_result, 0);
5371 err_out:
5372 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, 0);
5375 static struct scsi_host_template sdebug_driver_template = {
5376 .show_info = scsi_debug_show_info,
5377 .write_info = scsi_debug_write_info,
5378 .proc_name = sdebug_proc_name,
5379 .name = "SCSI DEBUG",
5380 .info = scsi_debug_info,
5381 .slave_alloc = scsi_debug_slave_alloc,
5382 .slave_configure = scsi_debug_slave_configure,
5383 .slave_destroy = scsi_debug_slave_destroy,
5384 .ioctl = scsi_debug_ioctl,
5385 .queuecommand = scsi_debug_queuecommand,
5386 .change_queue_depth = sdebug_change_qdepth,
5387 .eh_abort_handler = scsi_debug_abort,
5388 .eh_device_reset_handler = scsi_debug_device_reset,
5389 .eh_target_reset_handler = scsi_debug_target_reset,
5390 .eh_bus_reset_handler = scsi_debug_bus_reset,
5391 .eh_host_reset_handler = scsi_debug_host_reset,
5392 .can_queue = SDEBUG_CANQUEUE,
5393 .this_id = 7,
5394 .sg_tablesize = SG_MAX_SEGMENTS,
5395 .cmd_per_lun = DEF_CMD_PER_LUN,
5396 .max_sectors = -1U,
5397 .use_clustering = DISABLE_CLUSTERING,
5398 .module = THIS_MODULE,
5399 .track_queue_depth = 1,
5402 static int sdebug_driver_probe(struct device * dev)
5404 int error = 0;
5405 struct sdebug_host_info *sdbg_host;
5406 struct Scsi_Host *hpnt;
5407 int hprot;
5409 sdbg_host = to_sdebug_host(dev);
5411 sdebug_driver_template.can_queue = sdebug_max_queue;
5412 if (sdebug_clustering)
5413 sdebug_driver_template.use_clustering = ENABLE_CLUSTERING;
5414 hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
5415 if (NULL == hpnt) {
5416 pr_err("scsi_host_alloc failed\n");
5417 error = -ENODEV;
5418 return error;
5420 if (submit_queues > nr_cpu_ids) {
5421 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%d\n",
5422 my_name, submit_queues, nr_cpu_ids);
5423 submit_queues = nr_cpu_ids;
5425 /* Decide whether to tell scsi subsystem that we want mq */
5426 /* Following should give the same answer for each host */
5427 sdebug_mq_active = shost_use_blk_mq(hpnt) && (submit_queues > 1);
5428 if (sdebug_mq_active)
5429 hpnt->nr_hw_queues = submit_queues;
5431 sdbg_host->shost = hpnt;
5432 *((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
5433 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
5434 hpnt->max_id = sdebug_num_tgts + 1;
5435 else
5436 hpnt->max_id = sdebug_num_tgts;
5437 /* = sdebug_max_luns; */
5438 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
5440 hprot = 0;
5442 switch (sdebug_dif) {
5444 case SD_DIF_TYPE1_PROTECTION:
5445 hprot = SHOST_DIF_TYPE1_PROTECTION;
5446 if (sdebug_dix)
5447 hprot |= SHOST_DIX_TYPE1_PROTECTION;
5448 break;
5450 case SD_DIF_TYPE2_PROTECTION:
5451 hprot = SHOST_DIF_TYPE2_PROTECTION;
5452 if (sdebug_dix)
5453 hprot |= SHOST_DIX_TYPE2_PROTECTION;
5454 break;
5456 case SD_DIF_TYPE3_PROTECTION:
5457 hprot = SHOST_DIF_TYPE3_PROTECTION;
5458 if (sdebug_dix)
5459 hprot |= SHOST_DIX_TYPE3_PROTECTION;
5460 break;
5462 default:
5463 if (sdebug_dix)
5464 hprot |= SHOST_DIX_TYPE0_PROTECTION;
5465 break;
5468 scsi_host_set_prot(hpnt, hprot);
5470 if (have_dif_prot || sdebug_dix)
5471 pr_info("host protection%s%s%s%s%s%s%s\n",
5472 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
5473 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
5474 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
5475 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
5476 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
5477 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
5478 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
5480 if (sdebug_guard == 1)
5481 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
5482 else
5483 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
5485 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
5486 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
5487 if (sdebug_every_nth) /* need stats counters for every_nth */
5488 sdebug_statistics = true;
5489 error = scsi_add_host(hpnt, &sdbg_host->dev);
5490 if (error) {
5491 pr_err("scsi_add_host failed\n");
5492 error = -ENODEV;
5493 scsi_host_put(hpnt);
5494 } else
5495 scsi_scan_host(hpnt);
5497 return error;
5500 static int sdebug_driver_remove(struct device * dev)
5502 struct sdebug_host_info *sdbg_host;
5503 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5505 sdbg_host = to_sdebug_host(dev);
5507 if (!sdbg_host) {
5508 pr_err("Unable to locate host info\n");
5509 return -ENODEV;
5512 scsi_remove_host(sdbg_host->shost);
5514 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5515 dev_list) {
5516 list_del(&sdbg_devinfo->dev_list);
5517 kfree(sdbg_devinfo);
5520 scsi_host_put(sdbg_host->shost);
5521 return 0;
5524 static int pseudo_lld_bus_match(struct device *dev,
5525 struct device_driver *dev_driver)
5527 return 1;
5530 static struct bus_type pseudo_lld_bus = {
5531 .name = "pseudo",
5532 .match = pseudo_lld_bus_match,
5533 .probe = sdebug_driver_probe,
5534 .remove = sdebug_driver_remove,
5535 .drv_groups = sdebug_drv_groups,