2 * vvvvvvvvvvvvvvvvvvvvvvv Original vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
3 * Copyright (C) 1992 Eric Youngdale
4 * Simulate a host adapter with 2 disks attached. Do a lot of checking
5 * to make sure that we are not getting blocks mixed up, and PANIC if
6 * anything out of the ordinary is seen.
7 * ^^^^^^^^^^^^^^^^^^^^^^^ Original ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9 * Copyright (C) 2001 - 2016 Douglas Gilbert
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2, or (at your option)
16 * For documentation see http://sg.danny.cz/sg/sdebug26.html
21 #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
23 #include <linux/module.h>
25 #include <linux/kernel.h>
26 #include <linux/errno.h>
27 #include <linux/jiffies.h>
28 #include <linux/slab.h>
29 #include <linux/types.h>
30 #include <linux/string.h>
31 #include <linux/genhd.h>
33 #include <linux/init.h>
34 #include <linux/proc_fs.h>
35 #include <linux/vmalloc.h>
36 #include <linux/moduleparam.h>
37 #include <linux/scatterlist.h>
38 #include <linux/blkdev.h>
39 #include <linux/crc-t10dif.h>
40 #include <linux/spinlock.h>
41 #include <linux/interrupt.h>
42 #include <linux/atomic.h>
43 #include <linux/hrtimer.h>
44 #include <linux/uuid.h>
45 #include <linux/t10-pi.h>
47 #include <net/checksum.h>
49 #include <asm/unaligned.h>
51 #include <scsi/scsi.h>
52 #include <scsi/scsi_cmnd.h>
53 #include <scsi/scsi_device.h>
54 #include <scsi/scsi_host.h>
55 #include <scsi/scsicam.h>
56 #include <scsi/scsi_eh.h>
57 #include <scsi/scsi_tcq.h>
58 #include <scsi/scsi_dbg.h>
61 #include "scsi_logging.h"
63 /* make sure inq_product_rev string corresponds to this version */
64 #define SDEBUG_VERSION "1.86"
65 static const char *sdebug_version_date = "20160430";
67 #define MY_NAME "scsi_debug"
69 /* Additional Sense Code (ASC) */
70 #define NO_ADDITIONAL_SENSE 0x0
71 #define LOGICAL_UNIT_NOT_READY 0x4
72 #define LOGICAL_UNIT_COMMUNICATION_FAILURE 0x8
73 #define UNRECOVERED_READ_ERR 0x11
74 #define PARAMETER_LIST_LENGTH_ERR 0x1a
75 #define INVALID_OPCODE 0x20
76 #define LBA_OUT_OF_RANGE 0x21
77 #define INVALID_FIELD_IN_CDB 0x24
78 #define INVALID_FIELD_IN_PARAM_LIST 0x26
79 #define UA_RESET_ASC 0x29
80 #define UA_CHANGED_ASC 0x2a
81 #define TARGET_CHANGED_ASC 0x3f
82 #define LUNS_CHANGED_ASCQ 0x0e
83 #define INSUFF_RES_ASC 0x55
84 #define INSUFF_RES_ASCQ 0x3
85 #define POWER_ON_RESET_ASCQ 0x0
86 #define BUS_RESET_ASCQ 0x2 /* scsi bus reset occurred */
87 #define MODE_CHANGED_ASCQ 0x1 /* mode parameters changed */
88 #define CAPACITY_CHANGED_ASCQ 0x9
89 #define SAVING_PARAMS_UNSUP 0x39
90 #define TRANSPORT_PROBLEM 0x4b
91 #define THRESHOLD_EXCEEDED 0x5d
92 #define LOW_POWER_COND_ON 0x5e
93 #define MISCOMPARE_VERIFY_ASC 0x1d
94 #define MICROCODE_CHANGED_ASCQ 0x1 /* with TARGET_CHANGED_ASC */
95 #define MICROCODE_CHANGED_WO_RESET_ASCQ 0x16
97 /* Additional Sense Code Qualifier (ASCQ) */
98 #define ACK_NAK_TO 0x3
100 /* Default values for driver parameters */
101 #define DEF_NUM_HOST 1
102 #define DEF_NUM_TGTS 1
103 #define DEF_MAX_LUNS 1
104 /* With these defaults, this driver will make 1 host with 1 target
105 * (id 0) containing 1 logical unit (lun 0). That is 1 device.
108 #define DEF_JDELAY 1 /* if > 0 unit is a jiffy */
109 #define DEF_DEV_SIZE_MB 8
112 #define DEF_D_SENSE 0
113 #define DEF_EVERY_NTH 0
114 #define DEF_FAKE_RW 0
116 #define DEF_HOST_LOCK 0
119 #define DEF_LBPWS10 0
121 #define DEF_LOWEST_ALIGNED 0
122 #define DEF_NDELAY 0 /* if > 0 unit is a nanosecond */
123 #define DEF_NO_LUN_0 0
124 #define DEF_NUM_PARTS 0
126 #define DEF_OPT_BLKS 1024
127 #define DEF_PHYSBLK_EXP 0
128 #define DEF_PTYPE TYPE_DISK
129 #define DEF_REMOVABLE false
130 #define DEF_SCSI_LEVEL 7 /* INQUIRY, byte2 [6->SPC-4; 7->SPC-5] */
131 #define DEF_SECTOR_SIZE 512
132 #define DEF_UNMAP_ALIGNMENT 0
133 #define DEF_UNMAP_GRANULARITY 1
134 #define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
135 #define DEF_UNMAP_MAX_DESC 256
136 #define DEF_VIRTUAL_GB 0
137 #define DEF_VPD_USE_HOSTNO 1
138 #define DEF_WRITESAME_LENGTH 0xFFFF
140 #define DEF_STATISTICS false
141 #define DEF_SUBMIT_QUEUES 1
142 #define DEF_UUID_CTL 0
143 #define JDELAY_OVERRIDDEN -9999
145 #define SDEBUG_LUN_0_VAL 0
147 /* bit mask values for sdebug_opts */
148 #define SDEBUG_OPT_NOISE 1
149 #define SDEBUG_OPT_MEDIUM_ERR 2
150 #define SDEBUG_OPT_TIMEOUT 4
151 #define SDEBUG_OPT_RECOVERED_ERR 8
152 #define SDEBUG_OPT_TRANSPORT_ERR 16
153 #define SDEBUG_OPT_DIF_ERR 32
154 #define SDEBUG_OPT_DIX_ERR 64
155 #define SDEBUG_OPT_MAC_TIMEOUT 128
156 #define SDEBUG_OPT_SHORT_TRANSFER 0x100
157 #define SDEBUG_OPT_Q_NOISE 0x200
158 #define SDEBUG_OPT_ALL_TSF 0x400
159 #define SDEBUG_OPT_RARE_TSF 0x800
160 #define SDEBUG_OPT_N_WCE 0x1000
161 #define SDEBUG_OPT_RESET_NOISE 0x2000
162 #define SDEBUG_OPT_NO_CDB_NOISE 0x4000
163 #define SDEBUG_OPT_ALL_NOISE (SDEBUG_OPT_NOISE | SDEBUG_OPT_Q_NOISE | \
164 SDEBUG_OPT_RESET_NOISE)
165 #define SDEBUG_OPT_ALL_INJECTING (SDEBUG_OPT_RECOVERED_ERR | \
166 SDEBUG_OPT_TRANSPORT_ERR | \
167 SDEBUG_OPT_DIF_ERR | SDEBUG_OPT_DIX_ERR | \
168 SDEBUG_OPT_SHORT_TRANSFER)
169 /* When "every_nth" > 0 then modulo "every_nth" commands:
170 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
171 * - a RECOVERED_ERROR is simulated on successful read and write
172 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
173 * - a TRANSPORT_ERROR is simulated on successful read and write
174 * commands if SDEBUG_OPT_TRANSPORT_ERR is set.
176 * When "every_nth" < 0 then after "- every_nth" commands:
177 * - a missing response is simulated if SDEBUG_OPT_TIMEOUT is set
178 * - a RECOVERED_ERROR is simulated on successful read and write
179 * commands if SDEBUG_OPT_RECOVERED_ERR is set.
180 * - a TRANSPORT_ERROR is simulated on successful read and write
181 * commands if _DEBUG_OPT_TRANSPORT_ERR is set.
182 * This will continue on every subsequent command until some other action
183 * occurs (e.g. the user * writing a new value (other than -1 or 1) to
184 * every_nth via sysfs).
187 /* As indicated in SAM-5 and SPC-4 Unit Attentions (UAs) are returned in
188 * priority order. In the subset implemented here lower numbers have higher
189 * priority. The UA numbers should be a sequence starting from 0 with
190 * SDEBUG_NUM_UAS being 1 higher than the highest numbered UA. */
191 #define SDEBUG_UA_POR 0 /* Power on, reset, or bus device reset */
192 #define SDEBUG_UA_BUS_RESET 1
193 #define SDEBUG_UA_MODE_CHANGED 2
194 #define SDEBUG_UA_CAPACITY_CHANGED 3
195 #define SDEBUG_UA_LUNS_CHANGED 4
196 #define SDEBUG_UA_MICROCODE_CHANGED 5 /* simulate firmware change */
197 #define SDEBUG_UA_MICROCODE_CHANGED_WO_RESET 6
198 #define SDEBUG_NUM_UAS 7
200 /* when 1==SDEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
201 * sector on read commands: */
202 #define OPT_MEDIUM_ERR_ADDR 0x1234 /* that's sector 4660 in decimal */
203 #define OPT_MEDIUM_ERR_NUM 10 /* number of consecutive medium errs */
205 /* If REPORT LUNS has luns >= 256 it can choose "flat space" (value 1)
206 * or "peripheral device" addressing (value 0) */
207 #define SAM2_LUN_ADDRESS_METHOD 0
209 /* SDEBUG_CANQUEUE is the maximum number of commands that can be queued
210 * (for response) per submit queue at one time. Can be reduced by max_queue
211 * option. Command responses are not queued when jdelay=0 and ndelay=0. The
212 * per-device DEF_CMD_PER_LUN can be changed via sysfs:
213 * /sys/class/scsi_device/<h:c:t:l>/device/queue_depth
214 * but cannot exceed SDEBUG_CANQUEUE .
216 #define SDEBUG_CANQUEUE_WORDS 3 /* a WORD is bits in a long */
217 #define SDEBUG_CANQUEUE (SDEBUG_CANQUEUE_WORDS * BITS_PER_LONG)
218 #define DEF_CMD_PER_LUN 255
222 #define F_D_OUT_MAYBE 4 /* WRITE SAME, NDOB bit */
224 #define F_RL_WLUN_OK 0x10
225 #define F_SKIP_UA 0x20
226 #define F_DELAY_OVERR 0x40
227 #define F_SA_LOW 0x80 /* cdb byte 1, bits 4 to 0 */
228 #define F_SA_HIGH 0x100 /* as used by variable length cdbs */
229 #define F_INV_OP 0x200
230 #define F_FAKE_RW 0x400
231 #define F_M_ACCESS 0x800 /* media access */
233 #define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
234 #define FF_DIRECT_IO (F_M_ACCESS | F_FAKE_RW)
235 #define FF_SA (F_SA_HIGH | F_SA_LOW)
237 #define SDEBUG_MAX_PARTS 4
239 #define SDEBUG_MAX_CMD_LEN 32
242 struct sdebug_dev_info {
243 struct list_head dev_list;
244 unsigned int channel;
248 struct sdebug_host_info *sdbg_host;
249 unsigned long uas_bm[1];
255 struct sdebug_host_info {
256 struct list_head host_list;
257 struct Scsi_Host *shost;
259 struct list_head dev_info_list;
262 #define to_sdebug_host(d) \
263 container_of(d, struct sdebug_host_info, dev)
265 struct sdebug_defer {
267 struct execute_work ew;
268 int sqa_idx; /* index of sdebug_queue array */
269 int qc_idx; /* index of sdebug_queued_cmd array within sqa_idx */
273 struct sdebug_queued_cmd {
274 /* corresponding bit set in in_use_bm[] in owning struct sdebug_queue
275 * instance indicates this slot is in use.
277 struct sdebug_defer *sd_dp;
278 struct scsi_cmnd *a_cmnd;
279 unsigned int inj_recovered:1;
280 unsigned int inj_transport:1;
281 unsigned int inj_dif:1;
282 unsigned int inj_dix:1;
283 unsigned int inj_short:1;
286 struct sdebug_queue {
287 struct sdebug_queued_cmd qc_arr[SDEBUG_CANQUEUE];
288 unsigned long in_use_bm[SDEBUG_CANQUEUE_WORDS];
290 atomic_t blocked; /* to temporarily stop more being queued */
293 static atomic_t sdebug_cmnd_count; /* number of incoming commands */
294 static atomic_t sdebug_completions; /* count of deferred completions */
295 static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
296 static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
298 struct opcode_info_t {
299 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
300 /* for terminating element */
301 u8 opcode; /* if num_attached > 0, preferred */
302 u16 sa; /* service action */
303 u32 flags; /* OR-ed set of SDEB_F_* */
304 int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
305 const struct opcode_info_t *arrp; /* num_attached elements or NULL */
306 u8 len_mask[16]; /* len=len_mask[0], then mask for cdb[1]... */
307 /* ignore cdb bytes after position 15 */
310 /* SCSI opcodes (first byte of cdb) of interest mapped onto these indexes */
311 enum sdeb_opcode_index {
312 SDEB_I_INVALID_OPCODE = 0,
314 SDEB_I_REPORT_LUNS = 2,
315 SDEB_I_REQUEST_SENSE = 3,
316 SDEB_I_TEST_UNIT_READY = 4,
317 SDEB_I_MODE_SENSE = 5, /* 6, 10 */
318 SDEB_I_MODE_SELECT = 6, /* 6, 10 */
319 SDEB_I_LOG_SENSE = 7,
320 SDEB_I_READ_CAPACITY = 8, /* 10; 16 is in SA_IN(16) */
321 SDEB_I_READ = 9, /* 6, 10, 12, 16 */
322 SDEB_I_WRITE = 10, /* 6, 10, 12, 16 */
323 SDEB_I_START_STOP = 11,
324 SDEB_I_SERV_ACT_IN = 12, /* 12, 16 */
325 SDEB_I_SERV_ACT_OUT = 13, /* 12, 16 */
326 SDEB_I_MAINT_IN = 14,
327 SDEB_I_MAINT_OUT = 15,
328 SDEB_I_VERIFY = 16, /* 10 only */
329 SDEB_I_VARIABLE_LEN = 17,
330 SDEB_I_RESERVE = 18, /* 6, 10 */
331 SDEB_I_RELEASE = 19, /* 6, 10 */
332 SDEB_I_ALLOW_REMOVAL = 20, /* PREVENT ALLOW MEDIUM REMOVAL */
333 SDEB_I_REZERO_UNIT = 21, /* REWIND in SSC */
334 SDEB_I_ATA_PT = 22, /* 12, 16 */
335 SDEB_I_SEND_DIAG = 23,
337 SDEB_I_XDWRITEREAD = 25, /* 10 only */
338 SDEB_I_WRITE_BUFFER = 26,
339 SDEB_I_WRITE_SAME = 27, /* 10, 16 */
340 SDEB_I_SYNC_CACHE = 28, /* 10 only */
341 SDEB_I_COMP_WRITE = 29,
342 SDEB_I_LAST_ELEMENT = 30, /* keep this last */
346 static const unsigned char opcode_ind_arr[256] = {
347 /* 0x0; 0x0->0x1f: 6 byte cdbs */
348 SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
350 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
351 0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
353 0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
354 SDEB_I_ALLOW_REMOVAL, 0,
355 /* 0x20; 0x20->0x3f: 10 byte cdbs */
356 0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
357 SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
358 0, 0, 0, 0, 0, SDEB_I_SYNC_CACHE, 0, 0,
359 0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
360 /* 0x40; 0x40->0x5f: 10 byte cdbs */
361 0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
362 0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
363 0, 0, 0, SDEB_I_XDWRITEREAD, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
365 0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
366 /* 0x60; 0x60->0x7d are reserved, 0x7e is "extended cdb" */
367 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
368 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
369 0, SDEB_I_VARIABLE_LEN,
370 /* 0x80; 0x80->0x9f: 16 byte cdbs */
371 0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
372 SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0, 0, 0, 0, 0,
373 0, 0, 0, SDEB_I_WRITE_SAME, 0, 0, 0, 0,
374 0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN, SDEB_I_SERV_ACT_OUT,
375 /* 0xa0; 0xa0->0xbf: 12 byte cdbs */
376 SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
377 SDEB_I_MAINT_OUT, 0, 0, 0,
378 SDEB_I_READ, SDEB_I_SERV_ACT_OUT, SDEB_I_WRITE, SDEB_I_SERV_ACT_IN,
380 0, 0, 0, 0, 0, 0, 0, 0,
381 0, 0, 0, 0, 0, 0, 0, 0,
382 /* 0xc0; 0xc0->0xff: vendor specific */
383 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
384 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
385 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
386 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
389 static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
390 static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
391 static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
392 static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
393 static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
394 static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
395 static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
396 static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
397 static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
398 static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
399 static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
400 static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
401 static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
402 static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
403 static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
404 static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
405 static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
406 static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
407 static int resp_xdwriteread_10(struct scsi_cmnd *, struct sdebug_dev_info *);
408 static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
409 static int resp_write_buffer(struct scsi_cmnd *, struct sdebug_dev_info *);
411 static const struct opcode_info_t msense_iarr[1] = {
412 {0, 0x1a, 0, F_D_IN, NULL, NULL,
413 {6, 0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
416 static const struct opcode_info_t mselect_iarr[1] = {
417 {0, 0x15, 0, F_D_OUT, NULL, NULL,
418 {6, 0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
421 static const struct opcode_info_t read_iarr[3] = {
422 {0, 0x28, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(10) */
423 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
425 {0, 0x8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL, /* READ(6) */
426 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
427 {0, 0xa8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(12) */
428 {12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
432 static const struct opcode_info_t write_iarr[3] = {
433 {0, 0x2a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 10 */
434 {10, 0xfb, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
436 {0, 0xa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 6 */
437 {6, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
438 {0, 0xaa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL, /* 12 */
439 {12, 0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
443 static const struct opcode_info_t sa_in_iarr[1] = {
444 {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
445 {16, 0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
446 0xff, 0xff, 0xff, 0, 0xc7} },
449 static const struct opcode_info_t vl_iarr[1] = { /* VARIABLE LENGTH */
450 {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_DIRECT_IO, resp_write_dt0,
451 NULL, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0xb, 0xfa,
452 0, 0xff, 0xff, 0xff, 0xff} }, /* WRITE(32) */
455 static const struct opcode_info_t maint_in_iarr[2] = {
456 {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
457 {12, 0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
459 {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
460 {12, 0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
464 static const struct opcode_info_t write_same_iarr[1] = {
465 {0, 0x93, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_16, NULL,
466 {16, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
467 0xff, 0xff, 0xff, 0x1f, 0xc7} },
470 static const struct opcode_info_t reserve_iarr[1] = {
471 {0, 0x16, 0, F_D_OUT, NULL, NULL, /* RESERVE(6) */
472 {6, 0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
475 static const struct opcode_info_t release_iarr[1] = {
476 {0, 0x17, 0, F_D_OUT, NULL, NULL, /* RELEASE(6) */
477 {6, 0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
481 /* This array is accessed via SDEB_I_* values. Make sure all are mapped,
482 * plus the terminating elements for logic that scans this table such as
483 * REPORT SUPPORTED OPERATION CODES. */
484 static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = {
486 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,
487 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
488 {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL,
489 {6, 0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
490 {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
491 {12, 0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
493 {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
494 {6, 0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
495 {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
496 {6, 0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
497 {1, 0x5a, 0, F_D_IN, resp_mode_sense, msense_iarr,
498 {10, 0xf8, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
500 {1, 0x55, 0, F_D_OUT, resp_mode_select, mselect_iarr,
501 {10, 0xf1, 0, 0, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
502 {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,
503 {10, 0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
505 {0, 0x25, 0, F_D_IN, resp_readcap, NULL,
506 {10, 0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
508 {3, 0x88, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, read_iarr,
509 {16, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
510 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* READ(16) */
512 {3, 0x8a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, write_iarr,
513 {16, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
514 0xff, 0xff, 0xff, 0x9f, 0xc7} }, /* WRITE(16) */
515 {0, 0x1b, 0, 0, resp_start_stop, NULL, /* START STOP UNIT */
516 {6, 0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
517 {1, 0x9e, 0x10, F_SA_LOW | F_D_IN, resp_readcap16, sa_in_iarr,
518 {16, 0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
519 0xff, 0xff, 0xff, 0x1, 0xc7} }, /* READ CAPACITY(16) */
520 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* SA OUT */
521 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
522 {2, 0xa3, 0xa, F_SA_LOW | F_D_IN, resp_report_tgtpgs, maint_in_iarr,
523 {12, 0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0, 0,
525 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
526 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
527 {0, 0x2f, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, NULL, NULL, /* VERIFY(10) */
528 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7,
530 {1, 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_DIRECT_IO, resp_read_dt0,
531 vl_iarr, {32, 0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0x9, 0xfe, 0,
532 0xff, 0xff, 0xff, 0xff} },/* VARIABLE LENGTH, READ(32) */
533 {1, 0x56, 0, F_D_OUT, NULL, reserve_iarr, /* RESERVE(10) */
534 {10, 0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
536 {1, 0x57, 0, F_D_OUT, NULL, release_iarr, /* RELEASE(10) */
537 {10, 0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
540 {0, 0x1e, 0, 0, NULL, NULL, /* ALLOW REMOVAL */
541 {6, 0, 0, 0, 0x3, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
542 {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
543 {6, 0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
544 {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
545 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
546 {0, 0x1d, F_D_OUT, 0, NULL, NULL, /* SEND DIAGNOSTIC */
547 {6, 0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
548 {0, 0x42, 0, F_D_OUT | FF_DIRECT_IO, resp_unmap, NULL, /* UNMAP */
549 {10, 0x1, 0, 0, 0, 0, 0x1f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
550 {0, 0x53, 0, F_D_IN | F_D_OUT | FF_DIRECT_IO, resp_xdwriteread_10,
551 NULL, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7,
553 {0, 0x3b, 0, F_D_OUT_MAYBE, resp_write_buffer, NULL,
554 {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0,
555 0, 0, 0, 0} }, /* WRITE_BUFFER */
556 {1, 0x41, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_10,
557 write_same_iarr, {10, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff,
558 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
559 {0, 0x35, 0, F_DELAY_OVERR | FF_DIRECT_IO, NULL, NULL, /* SYNC_CACHE */
560 {10, 0x7, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
562 {0, 0x89, 0, F_D_OUT | FF_DIRECT_IO, resp_comp_write, NULL,
563 {16, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
564 0, 0xff, 0x1f, 0xc7} }, /* COMPARE AND WRITE */
567 {0xff, 0, 0, 0, NULL, NULL, /* terminating element */
568 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
571 static int sdebug_add_host = DEF_NUM_HOST;
572 static int sdebug_ato = DEF_ATO;
573 static int sdebug_jdelay = DEF_JDELAY; /* if > 0 then unit is jiffies */
574 static int sdebug_dev_size_mb = DEF_DEV_SIZE_MB;
575 static int sdebug_dif = DEF_DIF;
576 static int sdebug_dix = DEF_DIX;
577 static int sdebug_dsense = DEF_D_SENSE;
578 static int sdebug_every_nth = DEF_EVERY_NTH;
579 static int sdebug_fake_rw = DEF_FAKE_RW;
580 static unsigned int sdebug_guard = DEF_GUARD;
581 static int sdebug_lowest_aligned = DEF_LOWEST_ALIGNED;
582 static int sdebug_max_luns = DEF_MAX_LUNS;
583 static int sdebug_max_queue = SDEBUG_CANQUEUE; /* per submit queue */
584 static atomic_t retired_max_queue; /* if > 0 then was prior max_queue */
585 static int sdebug_ndelay = DEF_NDELAY; /* if > 0 then unit is nanoseconds */
586 static int sdebug_no_lun_0 = DEF_NO_LUN_0;
587 static int sdebug_no_uld;
588 static int sdebug_num_parts = DEF_NUM_PARTS;
589 static int sdebug_num_tgts = DEF_NUM_TGTS; /* targets per host */
590 static int sdebug_opt_blks = DEF_OPT_BLKS;
591 static int sdebug_opts = DEF_OPTS;
592 static int sdebug_physblk_exp = DEF_PHYSBLK_EXP;
593 static int sdebug_ptype = DEF_PTYPE; /* SCSI peripheral device type */
594 static int sdebug_scsi_level = DEF_SCSI_LEVEL;
595 static int sdebug_sector_size = DEF_SECTOR_SIZE;
596 static int sdebug_virtual_gb = DEF_VIRTUAL_GB;
597 static int sdebug_vpd_use_hostno = DEF_VPD_USE_HOSTNO;
598 static unsigned int sdebug_lbpu = DEF_LBPU;
599 static unsigned int sdebug_lbpws = DEF_LBPWS;
600 static unsigned int sdebug_lbpws10 = DEF_LBPWS10;
601 static unsigned int sdebug_lbprz = DEF_LBPRZ;
602 static unsigned int sdebug_unmap_alignment = DEF_UNMAP_ALIGNMENT;
603 static unsigned int sdebug_unmap_granularity = DEF_UNMAP_GRANULARITY;
604 static unsigned int sdebug_unmap_max_blocks = DEF_UNMAP_MAX_BLOCKS;
605 static unsigned int sdebug_unmap_max_desc = DEF_UNMAP_MAX_DESC;
606 static unsigned int sdebug_write_same_length = DEF_WRITESAME_LENGTH;
607 static int sdebug_uuid_ctl = DEF_UUID_CTL;
608 static bool sdebug_removable = DEF_REMOVABLE;
609 static bool sdebug_clustering;
610 static bool sdebug_host_lock = DEF_HOST_LOCK;
611 static bool sdebug_strict = DEF_STRICT;
612 static bool sdebug_any_injecting_opt;
613 static bool sdebug_verbose;
614 static bool have_dif_prot;
615 static bool sdebug_statistics = DEF_STATISTICS;
616 static bool sdebug_mq_active;
618 static unsigned int sdebug_store_sectors;
619 static sector_t sdebug_capacity; /* in sectors */
621 /* old BIOS stuff, kernel may get rid of them but some mode sense pages
622 may still need them */
623 static int sdebug_heads; /* heads per disk */
624 static int sdebug_cylinders_per; /* cylinders per surface */
625 static int sdebug_sectors_per; /* sectors per cylinder */
627 static LIST_HEAD(sdebug_host_list);
628 static DEFINE_SPINLOCK(sdebug_host_list_lock);
630 static unsigned char *fake_storep; /* ramdisk storage */
631 static struct t10_pi_tuple *dif_storep; /* protection info */
632 static void *map_storep; /* provisioning map */
634 static unsigned long map_size;
635 static int num_aborts;
636 static int num_dev_resets;
637 static int num_target_resets;
638 static int num_bus_resets;
639 static int num_host_resets;
640 static int dix_writes;
641 static int dix_reads;
642 static int dif_errors;
644 static int submit_queues = DEF_SUBMIT_QUEUES; /* > 1 for multi-queue (mq) */
645 static struct sdebug_queue *sdebug_q_arr; /* ptr to array of submit queues */
647 static DEFINE_RWLOCK(atomic_rw);
649 static char sdebug_proc_name[] = MY_NAME;
650 static const char *my_name = MY_NAME;
652 static struct bus_type pseudo_lld_bus;
654 static struct device_driver sdebug_driverfs_driver = {
655 .name = sdebug_proc_name,
656 .bus = &pseudo_lld_bus,
659 static const int check_condition_result =
660 (DRIVER_SENSE << 24) | SAM_STAT_CHECK_CONDITION;
662 static const int illegal_condition_result =
663 (DRIVER_SENSE << 24) | (DID_ABORT << 16) | SAM_STAT_CHECK_CONDITION;
665 static const int device_qfull_result =
666 (DID_OK << 16) | (COMMAND_COMPLETE << 8) | SAM_STAT_TASK_SET_FULL;
669 /* Only do the extra work involved in logical block provisioning if one or
670 * more of the lbpu, lbpws or lbpws10 parameters are given and we are doing
671 * real reads and writes (i.e. not skipping them for speed).
673 static inline bool scsi_debug_lbp(void)
675 return 0 == sdebug_fake_rw &&
676 (sdebug_lbpu || sdebug_lbpws || sdebug_lbpws10);
679 static void *fake_store(unsigned long long lba)
681 lba = do_div(lba, sdebug_store_sectors);
683 return fake_storep + lba * sdebug_sector_size;
686 static struct t10_pi_tuple *dif_store(sector_t sector)
688 sector = sector_div(sector, sdebug_store_sectors);
690 return dif_storep + sector;
693 static void sdebug_max_tgts_luns(void)
695 struct sdebug_host_info *sdbg_host;
696 struct Scsi_Host *hpnt;
698 spin_lock(&sdebug_host_list_lock);
699 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
700 hpnt = sdbg_host->shost;
701 if ((hpnt->this_id >= 0) &&
702 (sdebug_num_tgts > hpnt->this_id))
703 hpnt->max_id = sdebug_num_tgts + 1;
705 hpnt->max_id = sdebug_num_tgts;
706 /* sdebug_max_luns; */
707 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
709 spin_unlock(&sdebug_host_list_lock);
712 enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
714 /* Set in_bit to -1 to indicate no bit position of invalid field */
715 static void mk_sense_invalid_fld(struct scsi_cmnd *scp,
716 enum sdeb_cmd_data c_d,
717 int in_byte, int in_bit)
719 unsigned char *sbuff;
723 sbuff = scp->sense_buffer;
725 sdev_printk(KERN_ERR, scp->device,
726 "%s: sense_buffer is NULL\n", __func__);
729 asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
730 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
731 scsi_build_sense_buffer(sdebug_dsense, sbuff, ILLEGAL_REQUEST, asc, 0);
732 memset(sks, 0, sizeof(sks));
738 sks[0] |= 0x7 & in_bit;
740 put_unaligned_be16(in_byte, sks + 1);
746 memcpy(sbuff + sl + 4, sks, 3);
748 memcpy(sbuff + 15, sks, 3);
750 sdev_printk(KERN_INFO, scp->device, "%s: [sense_key,asc,ascq"
751 "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
752 my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
755 static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
757 unsigned char *sbuff;
759 sbuff = scp->sense_buffer;
761 sdev_printk(KERN_ERR, scp->device,
762 "%s: sense_buffer is NULL\n", __func__);
765 memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
767 scsi_build_sense_buffer(sdebug_dsense, sbuff, key, asc, asq);
770 sdev_printk(KERN_INFO, scp->device,
771 "%s: [sense_key,asc,ascq]: [0x%x,0x%x,0x%x]\n",
772 my_name, key, asc, asq);
775 static void mk_sense_invalid_opcode(struct scsi_cmnd *scp)
777 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
780 static int scsi_debug_ioctl(struct scsi_device *dev, int cmd, void __user *arg)
782 if (sdebug_verbose) {
784 sdev_printk(KERN_INFO, dev,
785 "%s: BLKFLSBUF [0x1261]\n", __func__);
786 else if (0x5331 == cmd)
787 sdev_printk(KERN_INFO, dev,
788 "%s: CDROM_GET_CAPABILITY [0x5331]\n",
791 sdev_printk(KERN_INFO, dev, "%s: cmd=0x%x\n",
795 /* return -ENOTTY; // correct return but upsets fdisk */
798 static void clear_luns_changed_on_target(struct sdebug_dev_info *devip)
800 struct sdebug_host_info *sdhp;
801 struct sdebug_dev_info *dp;
803 spin_lock(&sdebug_host_list_lock);
804 list_for_each_entry(sdhp, &sdebug_host_list, host_list) {
805 list_for_each_entry(dp, &sdhp->dev_info_list, dev_list) {
806 if ((devip->sdbg_host == dp->sdbg_host) &&
807 (devip->target == dp->target))
808 clear_bit(SDEBUG_UA_LUNS_CHANGED, dp->uas_bm);
811 spin_unlock(&sdebug_host_list_lock);
814 static int make_ua(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
818 k = find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS);
819 if (k != SDEBUG_NUM_UAS) {
820 const char *cp = NULL;
824 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
825 POWER_ON_RESET_ASCQ);
827 cp = "power on reset";
829 case SDEBUG_UA_BUS_RESET:
830 mk_sense_buffer(scp, UNIT_ATTENTION, UA_RESET_ASC,
835 case SDEBUG_UA_MODE_CHANGED:
836 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
839 cp = "mode parameters changed";
841 case SDEBUG_UA_CAPACITY_CHANGED:
842 mk_sense_buffer(scp, UNIT_ATTENTION, UA_CHANGED_ASC,
843 CAPACITY_CHANGED_ASCQ);
845 cp = "capacity data changed";
847 case SDEBUG_UA_MICROCODE_CHANGED:
848 mk_sense_buffer(scp, UNIT_ATTENTION,
850 MICROCODE_CHANGED_ASCQ);
852 cp = "microcode has been changed";
854 case SDEBUG_UA_MICROCODE_CHANGED_WO_RESET:
855 mk_sense_buffer(scp, UNIT_ATTENTION,
857 MICROCODE_CHANGED_WO_RESET_ASCQ);
859 cp = "microcode has been changed without reset";
861 case SDEBUG_UA_LUNS_CHANGED:
863 * SPC-3 behavior is to report a UNIT ATTENTION with
864 * ASC/ASCQ REPORTED LUNS DATA HAS CHANGED on every LUN
865 * on the target, until a REPORT LUNS command is
866 * received. SPC-4 behavior is to report it only once.
867 * NOTE: sdebug_scsi_level does not use the same
868 * values as struct scsi_device->scsi_level.
870 if (sdebug_scsi_level >= 6) /* SPC-4 and above */
871 clear_luns_changed_on_target(devip);
872 mk_sense_buffer(scp, UNIT_ATTENTION,
876 cp = "reported luns data has changed";
879 pr_warn("unexpected unit attention code=%d\n", k);
884 clear_bit(k, devip->uas_bm);
886 sdev_printk(KERN_INFO, scp->device,
887 "%s reports: Unit attention: %s\n",
889 return check_condition_result;
894 /* Build SCSI "data-in" buffer. Returns 0 if ok else (DID_ERROR << 16). */
895 static int fill_from_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
899 struct scsi_data_buffer *sdb = scsi_in(scp);
903 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_FROM_DEVICE))
904 return DID_ERROR << 16;
906 act_len = sg_copy_from_buffer(sdb->table.sgl, sdb->table.nents,
908 sdb->resid = scsi_bufflen(scp) - act_len;
913 /* Partial build of SCSI "data-in" buffer. Returns 0 if ok else
914 * (DID_ERROR << 16). Can write to offset in data-in buffer. If multiple
915 * calls, not required to write in ascending offset order. Assumes resid
916 * set to scsi_bufflen() prior to any calls.
918 static int p_fill_from_dev_buffer(struct scsi_cmnd *scp, const void *arr,
919 int arr_len, unsigned int off_dst)
922 struct scsi_data_buffer *sdb = scsi_in(scp);
923 off_t skip = off_dst;
925 if (sdb->length <= off_dst)
927 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_FROM_DEVICE))
928 return DID_ERROR << 16;
930 act_len = sg_pcopy_from_buffer(sdb->table.sgl, sdb->table.nents,
932 pr_debug("%s: off_dst=%u, scsi_bufflen=%u, act_len=%u, resid=%d\n",
933 __func__, off_dst, scsi_bufflen(scp), act_len, sdb->resid);
934 n = (int)scsi_bufflen(scp) - ((int)off_dst + act_len);
935 sdb->resid = min(sdb->resid, n);
939 /* Fetches from SCSI "data-out" buffer. Returns number of bytes fetched into
940 * 'arr' or -1 if error.
942 static int fetch_to_dev_buffer(struct scsi_cmnd *scp, unsigned char *arr,
945 if (!scsi_bufflen(scp))
947 if (!(scsi_bidi_cmnd(scp) || scp->sc_data_direction == DMA_TO_DEVICE))
950 return scsi_sg_copy_to_buffer(scp, arr, arr_len);
954 static const char * inq_vendor_id = "Linux ";
955 static const char * inq_product_id = "scsi_debug ";
956 static const char *inq_product_rev = "0186"; /* version less '.' */
957 /* Use some locally assigned NAAs for SAS addresses. */
958 static const u64 naa3_comp_a = 0x3222222000000000ULL;
959 static const u64 naa3_comp_b = 0x3333333000000000ULL;
960 static const u64 naa3_comp_c = 0x3111111000000000ULL;
962 /* Device identification VPD page. Returns number of bytes placed in arr */
963 static int inquiry_vpd_83(unsigned char *arr, int port_group_id,
964 int target_dev_id, int dev_id_num,
965 const char *dev_id_str, int dev_id_str_len,
966 const uuid_be *lu_name)
971 port_a = target_dev_id + 1;
972 /* T10 vendor identifier field format (faked) */
973 arr[0] = 0x2; /* ASCII */
976 memcpy(&arr[4], inq_vendor_id, 8);
977 memcpy(&arr[12], inq_product_id, 16);
978 memcpy(&arr[28], dev_id_str, dev_id_str_len);
979 num = 8 + 16 + dev_id_str_len;
982 if (dev_id_num >= 0) {
983 if (sdebug_uuid_ctl) {
984 /* Locally assigned UUID */
985 arr[num++] = 0x1; /* binary (not necessarily sas) */
986 arr[num++] = 0xa; /* PIV=0, lu, naa */
989 arr[num++] = 0x10; /* uuid type=1, locally assigned */
991 memcpy(arr + num, lu_name, 16);
994 /* NAA-3, Logical unit identifier (binary) */
995 arr[num++] = 0x1; /* binary (not necessarily sas) */
996 arr[num++] = 0x3; /* PIV=0, lu, naa */
999 put_unaligned_be64(naa3_comp_b + dev_id_num, arr + num);
1002 /* Target relative port number */
1003 arr[num++] = 0x61; /* proto=sas, binary */
1004 arr[num++] = 0x94; /* PIV=1, target port, rel port */
1005 arr[num++] = 0x0; /* reserved */
1006 arr[num++] = 0x4; /* length */
1007 arr[num++] = 0x0; /* reserved */
1008 arr[num++] = 0x0; /* reserved */
1010 arr[num++] = 0x1; /* relative port A */
1012 /* NAA-3, Target port identifier */
1013 arr[num++] = 0x61; /* proto=sas, binary */
1014 arr[num++] = 0x93; /* piv=1, target port, naa */
1017 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1019 /* NAA-3, Target port group identifier */
1020 arr[num++] = 0x61; /* proto=sas, binary */
1021 arr[num++] = 0x95; /* piv=1, target port group id */
1026 put_unaligned_be16(port_group_id, arr + num);
1028 /* NAA-3, Target device identifier */
1029 arr[num++] = 0x61; /* proto=sas, binary */
1030 arr[num++] = 0xa3; /* piv=1, target device, naa */
1033 put_unaligned_be64(naa3_comp_a + target_dev_id, arr + num);
1035 /* SCSI name string: Target device identifier */
1036 arr[num++] = 0x63; /* proto=sas, UTF-8 */
1037 arr[num++] = 0xa8; /* piv=1, target device, SCSI name string */
1040 memcpy(arr + num, "naa.32222220", 12);
1042 snprintf(b, sizeof(b), "%08X", target_dev_id);
1043 memcpy(arr + num, b, 8);
1045 memset(arr + num, 0, 4);
1050 static unsigned char vpd84_data[] = {
1051 /* from 4th byte */ 0x22,0x22,0x22,0x0,0xbb,0x0,
1052 0x22,0x22,0x22,0x0,0xbb,0x1,
1053 0x22,0x22,0x22,0x0,0xbb,0x2,
1056 /* Software interface identification VPD page */
1057 static int inquiry_vpd_84(unsigned char *arr)
1059 memcpy(arr, vpd84_data, sizeof(vpd84_data));
1060 return sizeof(vpd84_data);
1063 /* Management network addresses VPD page */
1064 static int inquiry_vpd_85(unsigned char *arr)
1067 const char * na1 = "https://www.kernel.org/config";
1068 const char * na2 = "http://www.kernel.org/log";
1071 arr[num++] = 0x1; /* lu, storage config */
1072 arr[num++] = 0x0; /* reserved */
1077 plen = ((plen / 4) + 1) * 4;
1078 arr[num++] = plen; /* length, null termianted, padded */
1079 memcpy(arr + num, na1, olen);
1080 memset(arr + num + olen, 0, plen - olen);
1083 arr[num++] = 0x4; /* lu, logging */
1084 arr[num++] = 0x0; /* reserved */
1089 plen = ((plen / 4) + 1) * 4;
1090 arr[num++] = plen; /* length, null terminated, padded */
1091 memcpy(arr + num, na2, olen);
1092 memset(arr + num + olen, 0, plen - olen);
1098 /* SCSI ports VPD page */
1099 static int inquiry_vpd_88(unsigned char *arr, int target_dev_id)
1104 port_a = target_dev_id + 1;
1105 port_b = port_a + 1;
1106 arr[num++] = 0x0; /* reserved */
1107 arr[num++] = 0x0; /* reserved */
1109 arr[num++] = 0x1; /* relative port 1 (primary) */
1110 memset(arr + num, 0, 6);
1113 arr[num++] = 12; /* length tp descriptor */
1114 /* naa-5 target port identifier (A) */
1115 arr[num++] = 0x61; /* proto=sas, binary */
1116 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1117 arr[num++] = 0x0; /* reserved */
1118 arr[num++] = 0x8; /* length */
1119 put_unaligned_be64(naa3_comp_a + port_a, arr + num);
1121 arr[num++] = 0x0; /* reserved */
1122 arr[num++] = 0x0; /* reserved */
1124 arr[num++] = 0x2; /* relative port 2 (secondary) */
1125 memset(arr + num, 0, 6);
1128 arr[num++] = 12; /* length tp descriptor */
1129 /* naa-5 target port identifier (B) */
1130 arr[num++] = 0x61; /* proto=sas, binary */
1131 arr[num++] = 0x93; /* PIV=1, target port, NAA */
1132 arr[num++] = 0x0; /* reserved */
1133 arr[num++] = 0x8; /* length */
1134 put_unaligned_be64(naa3_comp_a + port_b, arr + num);
1141 static unsigned char vpd89_data[] = {
1142 /* from 4th byte */ 0,0,0,0,
1143 'l','i','n','u','x',' ',' ',' ',
1144 'S','A','T',' ','s','c','s','i','_','d','e','b','u','g',' ',' ',
1146 0x34,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,
1148 0x5a,0xc,0xff,0x3f,0x37,0xc8,0x10,0,0,0,0,0,0x3f,0,0,0,
1149 0,0,0,0,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x58,0x20,0x20,0x20,0x20,
1150 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0,0,0,0x40,0x4,0,0x2e,0x33,
1151 0x38,0x31,0x20,0x20,0x20,0x20,0x54,0x53,0x38,0x33,0x30,0x30,0x33,0x31,
1153 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1155 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
1157 0,0,0,0x2f,0,0,0,0x2,0,0x2,0x7,0,0xff,0xff,0x1,0,
1158 0x3f,0,0xc1,0xff,0x3e,0,0x10,0x1,0xb0,0xf8,0x50,0x9,0,0,0x7,0,
1159 0x3,0,0x78,0,0x78,0,0xf0,0,0x78,0,0,0,0,0,0,0,
1160 0,0,0,0,0,0,0,0,0x2,0,0,0,0,0,0,0,
1161 0x7e,0,0x1b,0,0x6b,0x34,0x1,0x7d,0x3,0x40,0x69,0x34,0x1,0x3c,0x3,0x40,
1162 0x7f,0x40,0,0,0,0,0xfe,0xfe,0,0,0,0,0,0xfe,0,0,
1163 0,0,0,0,0,0,0,0,0xb0,0xf8,0x50,0x9,0,0,0,0,
1164 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1165 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1166 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1167 0x1,0,0xb0,0xf8,0x50,0x9,0xb0,0xf8,0x50,0x9,0x20,0x20,0x2,0,0xb6,0x42,
1168 0,0x80,0x8a,0,0x6,0x3c,0xa,0x3c,0xff,0xff,0xc6,0x7,0,0x1,0,0x8,
1169 0xf0,0xf,0,0x10,0x2,0,0x30,0,0,0,0,0,0,0,0x6,0xfe,
1170 0,0,0x2,0,0x50,0,0x8a,0,0x4f,0x95,0,0,0x21,0,0xb,0,
1171 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1172 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1173 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1174 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1175 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1176 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1177 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1178 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1179 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1180 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1181 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1182 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xa5,0x51,
1185 /* ATA Information VPD page */
1186 static int inquiry_vpd_89(unsigned char *arr)
1188 memcpy(arr, vpd89_data, sizeof(vpd89_data));
1189 return sizeof(vpd89_data);
1193 static unsigned char vpdb0_data[] = {
1194 /* from 4th byte */ 0,0,0,4, 0,0,0x4,0, 0,0,0,64,
1195 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1196 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1197 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1200 /* Block limits VPD page (SBC-3) */
1201 static int inquiry_vpd_b0(unsigned char *arr)
1205 memcpy(arr, vpdb0_data, sizeof(vpdb0_data));
1207 /* Optimal transfer length granularity */
1208 gran = 1 << sdebug_physblk_exp;
1209 put_unaligned_be16(gran, arr + 2);
1211 /* Maximum Transfer Length */
1212 if (sdebug_store_sectors > 0x400)
1213 put_unaligned_be32(sdebug_store_sectors, arr + 4);
1215 /* Optimal Transfer Length */
1216 put_unaligned_be32(sdebug_opt_blks, &arr[8]);
1219 /* Maximum Unmap LBA Count */
1220 put_unaligned_be32(sdebug_unmap_max_blocks, &arr[16]);
1222 /* Maximum Unmap Block Descriptor Count */
1223 put_unaligned_be32(sdebug_unmap_max_desc, &arr[20]);
1226 /* Unmap Granularity Alignment */
1227 if (sdebug_unmap_alignment) {
1228 put_unaligned_be32(sdebug_unmap_alignment, &arr[28]);
1229 arr[28] |= 0x80; /* UGAVALID */
1232 /* Optimal Unmap Granularity */
1233 put_unaligned_be32(sdebug_unmap_granularity, &arr[24]);
1235 /* Maximum WRITE SAME Length */
1236 put_unaligned_be64(sdebug_write_same_length, &arr[32]);
1238 return 0x3c; /* Mandatory page length for Logical Block Provisioning */
1240 return sizeof(vpdb0_data);
1243 /* Block device characteristics VPD page (SBC-3) */
1244 static int inquiry_vpd_b1(unsigned char *arr)
1246 memset(arr, 0, 0x3c);
1248 arr[1] = 1; /* non rotating medium (e.g. solid state) */
1250 arr[3] = 5; /* less than 1.8" */
1255 /* Logical block provisioning VPD page (SBC-4) */
1256 static int inquiry_vpd_b2(unsigned char *arr)
1258 memset(arr, 0, 0x4);
1259 arr[0] = 0; /* threshold exponent */
1266 if (sdebug_lbprz && scsi_debug_lbp())
1267 arr[1] |= (sdebug_lbprz & 0x7) << 2; /* sbc4r07 and later */
1268 /* anc_sup=0; dp=0 (no provisioning group descriptor) */
1269 /* minimum_percentage=0; provisioning_type=0 (unknown) */
1270 /* threshold_percentage=0 */
1274 #define SDEBUG_LONG_INQ_SZ 96
1275 #define SDEBUG_MAX_INQ_ARR_SZ 584
1277 static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
1279 unsigned char pq_pdt;
1280 unsigned char * arr;
1281 unsigned char *cmd = scp->cmnd;
1282 int alloc_len, n, ret;
1283 bool have_wlun, is_disk;
1285 alloc_len = get_unaligned_be16(cmd + 3);
1286 arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
1288 return DID_REQUEUE << 16;
1289 is_disk = (sdebug_ptype == TYPE_DISK);
1290 have_wlun = scsi_is_wlun(scp->device->lun);
1292 pq_pdt = TYPE_WLUN; /* present, wlun */
1293 else if (sdebug_no_lun_0 && (devip->lun == SDEBUG_LUN_0_VAL))
1294 pq_pdt = 0x7f; /* not present, PQ=3, PDT=0x1f */
1296 pq_pdt = (sdebug_ptype & 0x1f);
1298 if (0x2 & cmd[1]) { /* CMDDT bit set */
1299 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
1301 return check_condition_result;
1302 } else if (0x1 & cmd[1]) { /* EVPD bit set */
1303 int lu_id_num, port_group_id, target_dev_id, len;
1305 int host_no = devip->sdbg_host->shost->host_no;
1307 port_group_id = (((host_no + 1) & 0x7f) << 8) +
1308 (devip->channel & 0x7f);
1309 if (sdebug_vpd_use_hostno == 0)
1311 lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
1312 (devip->target * 1000) + devip->lun);
1313 target_dev_id = ((host_no + 1) * 2000) +
1314 (devip->target * 1000) - 3;
1315 len = scnprintf(lu_id_str, 6, "%d", lu_id_num);
1316 if (0 == cmd[2]) { /* supported vital product data pages */
1317 arr[1] = cmd[2]; /*sanity */
1319 arr[n++] = 0x0; /* this page */
1320 arr[n++] = 0x80; /* unit serial number */
1321 arr[n++] = 0x83; /* device identification */
1322 arr[n++] = 0x84; /* software interface ident. */
1323 arr[n++] = 0x85; /* management network addresses */
1324 arr[n++] = 0x86; /* extended inquiry */
1325 arr[n++] = 0x87; /* mode page policy */
1326 arr[n++] = 0x88; /* SCSI ports */
1327 if (is_disk) { /* SBC only */
1328 arr[n++] = 0x89; /* ATA information */
1329 arr[n++] = 0xb0; /* Block limits */
1330 arr[n++] = 0xb1; /* Block characteristics */
1331 arr[n++] = 0xb2; /* Logical Block Prov */
1333 arr[3] = n - 4; /* number of supported VPD pages */
1334 } else if (0x80 == cmd[2]) { /* unit serial number */
1335 arr[1] = cmd[2]; /*sanity */
1337 memcpy(&arr[4], lu_id_str, len);
1338 } else if (0x83 == cmd[2]) { /* device identification */
1339 arr[1] = cmd[2]; /*sanity */
1340 arr[3] = inquiry_vpd_83(&arr[4], port_group_id,
1341 target_dev_id, lu_id_num,
1344 } else if (0x84 == cmd[2]) { /* Software interface ident. */
1345 arr[1] = cmd[2]; /*sanity */
1346 arr[3] = inquiry_vpd_84(&arr[4]);
1347 } else if (0x85 == cmd[2]) { /* Management network addresses */
1348 arr[1] = cmd[2]; /*sanity */
1349 arr[3] = inquiry_vpd_85(&arr[4]);
1350 } else if (0x86 == cmd[2]) { /* extended inquiry */
1351 arr[1] = cmd[2]; /*sanity */
1352 arr[3] = 0x3c; /* number of following entries */
1353 if (sdebug_dif == T10_PI_TYPE3_PROTECTION)
1354 arr[4] = 0x4; /* SPT: GRD_CHK:1 */
1355 else if (have_dif_prot)
1356 arr[4] = 0x5; /* SPT: GRD_CHK:1, REF_CHK:1 */
1358 arr[4] = 0x0; /* no protection stuff */
1359 arr[5] = 0x7; /* head of q, ordered + simple q's */
1360 } else if (0x87 == cmd[2]) { /* mode page policy */
1361 arr[1] = cmd[2]; /*sanity */
1362 arr[3] = 0x8; /* number of following entries */
1363 arr[4] = 0x2; /* disconnect-reconnect mp */
1364 arr[6] = 0x80; /* mlus, shared */
1365 arr[8] = 0x18; /* protocol specific lu */
1366 arr[10] = 0x82; /* mlus, per initiator port */
1367 } else if (0x88 == cmd[2]) { /* SCSI Ports */
1368 arr[1] = cmd[2]; /*sanity */
1369 arr[3] = inquiry_vpd_88(&arr[4], target_dev_id);
1370 } else if (is_disk && 0x89 == cmd[2]) { /* ATA information */
1371 arr[1] = cmd[2]; /*sanity */
1372 n = inquiry_vpd_89(&arr[4]);
1373 put_unaligned_be16(n, arr + 2);
1374 } else if (is_disk && 0xb0 == cmd[2]) { /* Block limits */
1375 arr[1] = cmd[2]; /*sanity */
1376 arr[3] = inquiry_vpd_b0(&arr[4]);
1377 } else if (is_disk && 0xb1 == cmd[2]) { /* Block char. */
1378 arr[1] = cmd[2]; /*sanity */
1379 arr[3] = inquiry_vpd_b1(&arr[4]);
1380 } else if (is_disk && 0xb2 == cmd[2]) { /* LB Prov. */
1381 arr[1] = cmd[2]; /*sanity */
1382 arr[3] = inquiry_vpd_b2(&arr[4]);
1384 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
1386 return check_condition_result;
1388 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
1389 ret = fill_from_dev_buffer(scp, arr,
1390 min(len, SDEBUG_MAX_INQ_ARR_SZ));
1394 /* drops through here for a standard inquiry */
1395 arr[1] = sdebug_removable ? 0x80 : 0; /* Removable disk */
1396 arr[2] = sdebug_scsi_level;
1397 arr[3] = 2; /* response_data_format==2 */
1398 arr[4] = SDEBUG_LONG_INQ_SZ - 5;
1399 arr[5] = (int)have_dif_prot; /* PROTECT bit */
1400 if (sdebug_vpd_use_hostno == 0)
1401 arr[5] = 0x10; /* claim: implicit TGPS */
1402 arr[6] = 0x10; /* claim: MultiP */
1403 /* arr[6] |= 0x40; ... claim: EncServ (enclosure services) */
1404 arr[7] = 0xa; /* claim: LINKED + CMDQUE */
1405 memcpy(&arr[8], inq_vendor_id, 8);
1406 memcpy(&arr[16], inq_product_id, 16);
1407 memcpy(&arr[32], inq_product_rev, 4);
1408 /* version descriptors (2 bytes each) follow */
1409 put_unaligned_be16(0xc0, arr + 58); /* SAM-6 no version claimed */
1410 put_unaligned_be16(0x5c0, arr + 60); /* SPC-5 no version claimed */
1412 if (is_disk) { /* SBC-4 no version claimed */
1413 put_unaligned_be16(0x600, arr + n);
1415 } else if (sdebug_ptype == TYPE_TAPE) { /* SSC-4 rev 3 */
1416 put_unaligned_be16(0x525, arr + n);
1419 put_unaligned_be16(0x2100, arr + n); /* SPL-4 no version claimed */
1420 ret = fill_from_dev_buffer(scp, arr,
1421 min(alloc_len, SDEBUG_LONG_INQ_SZ));
1426 static unsigned char iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1429 static int resp_requests(struct scsi_cmnd * scp,
1430 struct sdebug_dev_info * devip)
1432 unsigned char * sbuff;
1433 unsigned char *cmd = scp->cmnd;
1434 unsigned char arr[SCSI_SENSE_BUFFERSIZE];
1438 memset(arr, 0, sizeof(arr));
1439 dsense = !!(cmd[1] & 1);
1440 sbuff = scp->sense_buffer;
1441 if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
1444 arr[1] = 0x0; /* NO_SENSE in sense_key */
1445 arr[2] = THRESHOLD_EXCEEDED;
1446 arr[3] = 0xff; /* TEST set and MRIE==6 */
1450 arr[2] = 0x0; /* NO_SENSE in sense_key */
1451 arr[7] = 0xa; /* 18 byte sense buffer */
1452 arr[12] = THRESHOLD_EXCEEDED;
1453 arr[13] = 0xff; /* TEST set and MRIE==6 */
1456 memcpy(arr, sbuff, SCSI_SENSE_BUFFERSIZE);
1457 if (arr[0] >= 0x70 && dsense == sdebug_dsense)
1458 ; /* have sense and formats match */
1459 else if (arr[0] <= 0x70) {
1469 } else if (dsense) {
1472 arr[1] = sbuff[2]; /* sense key */
1473 arr[2] = sbuff[12]; /* asc */
1474 arr[3] = sbuff[13]; /* ascq */
1486 mk_sense_buffer(scp, 0, NO_ADDITIONAL_SENSE, 0);
1487 return fill_from_dev_buffer(scp, arr, len);
1490 static int resp_start_stop(struct scsi_cmnd * scp,
1491 struct sdebug_dev_info * devip)
1493 unsigned char *cmd = scp->cmnd;
1494 int power_cond, stop;
1496 power_cond = (cmd[4] & 0xf0) >> 4;
1498 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
1499 return check_condition_result;
1501 stop = !(cmd[4] & 1);
1502 atomic_xchg(&devip->stopped, stop);
1506 static sector_t get_sdebug_capacity(void)
1508 static const unsigned int gibibyte = 1073741824;
1510 if (sdebug_virtual_gb > 0)
1511 return (sector_t)sdebug_virtual_gb *
1512 (gibibyte / sdebug_sector_size);
1514 return sdebug_store_sectors;
1517 #define SDEBUG_READCAP_ARR_SZ 8
1518 static int resp_readcap(struct scsi_cmnd * scp,
1519 struct sdebug_dev_info * devip)
1521 unsigned char arr[SDEBUG_READCAP_ARR_SZ];
1524 /* following just in case virtual_gb changed */
1525 sdebug_capacity = get_sdebug_capacity();
1526 memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
1527 if (sdebug_capacity < 0xffffffff) {
1528 capac = (unsigned int)sdebug_capacity - 1;
1529 put_unaligned_be32(capac, arr + 0);
1531 put_unaligned_be32(0xffffffff, arr + 0);
1532 put_unaligned_be16(sdebug_sector_size, arr + 6);
1533 return fill_from_dev_buffer(scp, arr, SDEBUG_READCAP_ARR_SZ);
1536 #define SDEBUG_READCAP16_ARR_SZ 32
1537 static int resp_readcap16(struct scsi_cmnd * scp,
1538 struct sdebug_dev_info * devip)
1540 unsigned char *cmd = scp->cmnd;
1541 unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
1544 alloc_len = get_unaligned_be32(cmd + 10);
1545 /* following just in case virtual_gb changed */
1546 sdebug_capacity = get_sdebug_capacity();
1547 memset(arr, 0, SDEBUG_READCAP16_ARR_SZ);
1548 put_unaligned_be64((u64)(sdebug_capacity - 1), arr + 0);
1549 put_unaligned_be32(sdebug_sector_size, arr + 8);
1550 arr[13] = sdebug_physblk_exp & 0xf;
1551 arr[14] = (sdebug_lowest_aligned >> 8) & 0x3f;
1553 if (scsi_debug_lbp()) {
1554 arr[14] |= 0x80; /* LBPME */
1555 /* from sbc4r07, this LBPRZ field is 1 bit, but the LBPRZ in
1556 * the LB Provisioning VPD page is 3 bits. Note that lbprz=2
1557 * in the wider field maps to 0 in this field.
1559 if (sdebug_lbprz & 1) /* precisely what the draft requires */
1563 arr[15] = sdebug_lowest_aligned & 0xff;
1565 if (have_dif_prot) {
1566 arr[12] = (sdebug_dif - 1) << 1; /* P_TYPE */
1567 arr[12] |= 1; /* PROT_EN */
1570 return fill_from_dev_buffer(scp, arr,
1571 min(alloc_len, SDEBUG_READCAP16_ARR_SZ));
1574 #define SDEBUG_MAX_TGTPGS_ARR_SZ 1412
1576 static int resp_report_tgtpgs(struct scsi_cmnd * scp,
1577 struct sdebug_dev_info * devip)
1579 unsigned char *cmd = scp->cmnd;
1580 unsigned char * arr;
1581 int host_no = devip->sdbg_host->shost->host_no;
1582 int n, ret, alen, rlen;
1583 int port_group_a, port_group_b, port_a, port_b;
1585 alen = get_unaligned_be32(cmd + 6);
1586 arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC);
1588 return DID_REQUEUE << 16;
1590 * EVPD page 0x88 states we have two ports, one
1591 * real and a fake port with no device connected.
1592 * So we create two port groups with one port each
1593 * and set the group with port B to unavailable.
1595 port_a = 0x1; /* relative port A */
1596 port_b = 0x2; /* relative port B */
1597 port_group_a = (((host_no + 1) & 0x7f) << 8) +
1598 (devip->channel & 0x7f);
1599 port_group_b = (((host_no + 1) & 0x7f) << 8) +
1600 (devip->channel & 0x7f) + 0x80;
1603 * The asymmetric access state is cycled according to the host_id.
1606 if (sdebug_vpd_use_hostno == 0) {
1607 arr[n++] = host_no % 3; /* Asymm access state */
1608 arr[n++] = 0x0F; /* claim: all states are supported */
1610 arr[n++] = 0x0; /* Active/Optimized path */
1611 arr[n++] = 0x01; /* only support active/optimized paths */
1613 put_unaligned_be16(port_group_a, arr + n);
1615 arr[n++] = 0; /* Reserved */
1616 arr[n++] = 0; /* Status code */
1617 arr[n++] = 0; /* Vendor unique */
1618 arr[n++] = 0x1; /* One port per group */
1619 arr[n++] = 0; /* Reserved */
1620 arr[n++] = 0; /* Reserved */
1621 put_unaligned_be16(port_a, arr + n);
1623 arr[n++] = 3; /* Port unavailable */
1624 arr[n++] = 0x08; /* claim: only unavailalbe paths are supported */
1625 put_unaligned_be16(port_group_b, arr + n);
1627 arr[n++] = 0; /* Reserved */
1628 arr[n++] = 0; /* Status code */
1629 arr[n++] = 0; /* Vendor unique */
1630 arr[n++] = 0x1; /* One port per group */
1631 arr[n++] = 0; /* Reserved */
1632 arr[n++] = 0; /* Reserved */
1633 put_unaligned_be16(port_b, arr + n);
1637 put_unaligned_be32(rlen, arr + 0);
1640 * Return the smallest value of either
1641 * - The allocated length
1642 * - The constructed command length
1643 * - The maximum array size
1646 ret = fill_from_dev_buffer(scp, arr,
1647 min(rlen, SDEBUG_MAX_TGTPGS_ARR_SZ));
1652 static int resp_rsup_opcodes(struct scsi_cmnd *scp,
1653 struct sdebug_dev_info *devip)
1656 u8 reporting_opts, req_opcode, sdeb_i, supp;
1658 u32 alloc_len, a_len;
1659 int k, offset, len, errsts, count, bump, na;
1660 const struct opcode_info_t *oip;
1661 const struct opcode_info_t *r_oip;
1663 u8 *cmd = scp->cmnd;
1665 rctd = !!(cmd[2] & 0x80);
1666 reporting_opts = cmd[2] & 0x7;
1667 req_opcode = cmd[3];
1668 req_sa = get_unaligned_be16(cmd + 4);
1669 alloc_len = get_unaligned_be32(cmd + 6);
1670 if (alloc_len < 4 || alloc_len > 0xffff) {
1671 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1672 return check_condition_result;
1674 if (alloc_len > 8192)
1678 arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_ATOMIC);
1680 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
1682 return check_condition_result;
1684 switch (reporting_opts) {
1685 case 0: /* all commands */
1686 /* count number of commands */
1687 for (count = 0, oip = opcode_info_arr;
1688 oip->num_attached != 0xff; ++oip) {
1689 if (F_INV_OP & oip->flags)
1691 count += (oip->num_attached + 1);
1693 bump = rctd ? 20 : 8;
1694 put_unaligned_be32(count * bump, arr);
1695 for (offset = 4, oip = opcode_info_arr;
1696 oip->num_attached != 0xff && offset < a_len; ++oip) {
1697 if (F_INV_OP & oip->flags)
1699 na = oip->num_attached;
1700 arr[offset] = oip->opcode;
1701 put_unaligned_be16(oip->sa, arr + offset + 2);
1703 arr[offset + 5] |= 0x2;
1704 if (FF_SA & oip->flags)
1705 arr[offset + 5] |= 0x1;
1706 put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
1708 put_unaligned_be16(0xa, arr + offset + 8);
1710 for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
1711 if (F_INV_OP & oip->flags)
1714 arr[offset] = oip->opcode;
1715 put_unaligned_be16(oip->sa, arr + offset + 2);
1717 arr[offset + 5] |= 0x2;
1718 if (FF_SA & oip->flags)
1719 arr[offset + 5] |= 0x1;
1720 put_unaligned_be16(oip->len_mask[0],
1723 put_unaligned_be16(0xa,
1730 case 1: /* one command: opcode only */
1731 case 2: /* one command: opcode plus service action */
1732 case 3: /* one command: if sa==0 then opcode only else opcode+sa */
1733 sdeb_i = opcode_ind_arr[req_opcode];
1734 oip = &opcode_info_arr[sdeb_i];
1735 if (F_INV_OP & oip->flags) {
1739 if (1 == reporting_opts) {
1740 if (FF_SA & oip->flags) {
1741 mk_sense_invalid_fld(scp, SDEB_IN_CDB,
1744 return check_condition_result;
1747 } else if (2 == reporting_opts &&
1748 0 == (FF_SA & oip->flags)) {
1749 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
1750 kfree(arr); /* point at requested sa */
1751 return check_condition_result;
1753 if (0 == (FF_SA & oip->flags) &&
1754 req_opcode == oip->opcode)
1756 else if (0 == (FF_SA & oip->flags)) {
1757 na = oip->num_attached;
1758 for (k = 0, oip = oip->arrp; k < na;
1760 if (req_opcode == oip->opcode)
1763 supp = (k >= na) ? 1 : 3;
1764 } else if (req_sa != oip->sa) {
1765 na = oip->num_attached;
1766 for (k = 0, oip = oip->arrp; k < na;
1768 if (req_sa == oip->sa)
1771 supp = (k >= na) ? 1 : 3;
1775 u = oip->len_mask[0];
1776 put_unaligned_be16(u, arr + 2);
1777 arr[4] = oip->opcode;
1778 for (k = 1; k < u; ++k)
1779 arr[4 + k] = (k < 16) ?
1780 oip->len_mask[k] : 0xff;
1785 arr[1] = (rctd ? 0x80 : 0) | supp;
1787 put_unaligned_be16(0xa, arr + offset);
1792 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
1794 return check_condition_result;
1796 offset = (offset < a_len) ? offset : a_len;
1797 len = (offset < alloc_len) ? offset : alloc_len;
1798 errsts = fill_from_dev_buffer(scp, arr, len);
1803 static int resp_rsup_tmfs(struct scsi_cmnd *scp,
1804 struct sdebug_dev_info *devip)
1809 u8 *cmd = scp->cmnd;
1811 memset(arr, 0, sizeof(arr));
1812 repd = !!(cmd[2] & 0x80);
1813 alloc_len = get_unaligned_be32(cmd + 6);
1814 if (alloc_len < 4) {
1815 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
1816 return check_condition_result;
1818 arr[0] = 0xc8; /* ATS | ATSS | LURS */
1819 arr[1] = 0x1; /* ITNRS */
1826 len = (len < alloc_len) ? len : alloc_len;
1827 return fill_from_dev_buffer(scp, arr, len);
1830 /* <<Following mode page info copied from ST318451LW>> */
1832 static int resp_err_recov_pg(unsigned char * p, int pcontrol, int target)
1833 { /* Read-Write Error Recovery page for mode_sense */
1834 unsigned char err_recov_pg[] = {0x1, 0xa, 0xc0, 11, 240, 0, 0, 0,
1837 memcpy(p, err_recov_pg, sizeof(err_recov_pg));
1839 memset(p + 2, 0, sizeof(err_recov_pg) - 2);
1840 return sizeof(err_recov_pg);
1843 static int resp_disconnect_pg(unsigned char * p, int pcontrol, int target)
1844 { /* Disconnect-Reconnect page for mode_sense */
1845 unsigned char disconnect_pg[] = {0x2, 0xe, 128, 128, 0, 10, 0, 0,
1846 0, 0, 0, 0, 0, 0, 0, 0};
1848 memcpy(p, disconnect_pg, sizeof(disconnect_pg));
1850 memset(p + 2, 0, sizeof(disconnect_pg) - 2);
1851 return sizeof(disconnect_pg);
1854 static int resp_format_pg(unsigned char * p, int pcontrol, int target)
1855 { /* Format device page for mode_sense */
1856 unsigned char format_pg[] = {0x3, 0x16, 0, 0, 0, 0, 0, 0,
1857 0, 0, 0, 0, 0, 0, 0, 0,
1858 0, 0, 0, 0, 0x40, 0, 0, 0};
1860 memcpy(p, format_pg, sizeof(format_pg));
1861 put_unaligned_be16(sdebug_sectors_per, p + 10);
1862 put_unaligned_be16(sdebug_sector_size, p + 12);
1863 if (sdebug_removable)
1864 p[20] |= 0x20; /* should agree with INQUIRY */
1866 memset(p + 2, 0, sizeof(format_pg) - 2);
1867 return sizeof(format_pg);
1870 static unsigned char caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1871 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0,
1874 static int resp_caching_pg(unsigned char * p, int pcontrol, int target)
1875 { /* Caching page for mode_sense */
1876 unsigned char ch_caching_pg[] = {/* 0x8, 18, */ 0x4, 0, 0, 0, 0, 0,
1877 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1878 unsigned char d_caching_pg[] = {0x8, 18, 0x14, 0, 0xff, 0xff, 0, 0,
1879 0xff, 0xff, 0xff, 0xff, 0x80, 0x14, 0, 0, 0, 0, 0, 0};
1881 if (SDEBUG_OPT_N_WCE & sdebug_opts)
1882 caching_pg[2] &= ~0x4; /* set WCE=0 (default WCE=1) */
1883 memcpy(p, caching_pg, sizeof(caching_pg));
1885 memcpy(p + 2, ch_caching_pg, sizeof(ch_caching_pg));
1886 else if (2 == pcontrol)
1887 memcpy(p, d_caching_pg, sizeof(d_caching_pg));
1888 return sizeof(caching_pg);
1891 static unsigned char ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1894 static int resp_ctrl_m_pg(unsigned char * p, int pcontrol, int target)
1895 { /* Control mode page for mode_sense */
1896 unsigned char ch_ctrl_m_pg[] = {/* 0xa, 10, */ 0x6, 0, 0, 0, 0, 0,
1898 unsigned char d_ctrl_m_pg[] = {0xa, 10, 2, 0, 0, 0, 0, 0,
1902 ctrl_m_pg[2] |= 0x4;
1904 ctrl_m_pg[2] &= ~0x4;
1907 ctrl_m_pg[5] |= 0x80; /* ATO=1 */
1909 memcpy(p, ctrl_m_pg, sizeof(ctrl_m_pg));
1911 memcpy(p + 2, ch_ctrl_m_pg, sizeof(ch_ctrl_m_pg));
1912 else if (2 == pcontrol)
1913 memcpy(p, d_ctrl_m_pg, sizeof(d_ctrl_m_pg));
1914 return sizeof(ctrl_m_pg);
1918 static int resp_iec_m_pg(unsigned char * p, int pcontrol, int target)
1919 { /* Informational Exceptions control mode page for mode_sense */
1920 unsigned char ch_iec_m_pg[] = {/* 0x1c, 0xa, */ 0x4, 0xf, 0, 0, 0, 0,
1922 unsigned char d_iec_m_pg[] = {0x1c, 0xa, 0x08, 0, 0, 0, 0, 0,
1925 memcpy(p, iec_m_pg, sizeof(iec_m_pg));
1927 memcpy(p + 2, ch_iec_m_pg, sizeof(ch_iec_m_pg));
1928 else if (2 == pcontrol)
1929 memcpy(p, d_iec_m_pg, sizeof(d_iec_m_pg));
1930 return sizeof(iec_m_pg);
1933 static int resp_sas_sf_m_pg(unsigned char * p, int pcontrol, int target)
1934 { /* SAS SSP mode page - short format for mode_sense */
1935 unsigned char sas_sf_m_pg[] = {0x19, 0x6,
1936 0x6, 0x0, 0x7, 0xd0, 0x0, 0x0};
1938 memcpy(p, sas_sf_m_pg, sizeof(sas_sf_m_pg));
1940 memset(p + 2, 0, sizeof(sas_sf_m_pg) - 2);
1941 return sizeof(sas_sf_m_pg);
1945 static int resp_sas_pcd_m_spg(unsigned char * p, int pcontrol, int target,
1947 { /* SAS phy control and discover mode page for mode_sense */
1948 unsigned char sas_pcd_m_pg[] = {0x59, 0x1, 0, 0x64, 0, 0x6, 0, 2,
1949 0, 0, 0, 0, 0x10, 0x9, 0x8, 0x0,
1950 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1951 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1952 0x2, 0, 0, 0, 0, 0, 0, 0,
1953 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1954 0, 0, 0, 0, 0, 0, 0, 0,
1955 0, 1, 0, 0, 0x10, 0x9, 0x8, 0x0,
1956 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1957 0, 0, 0, 0, 0, 0, 0, 0, /* insert SAS addr */
1958 0x3, 0, 0, 0, 0, 0, 0, 0,
1959 0x88, 0x99, 0, 0, 0, 0, 0, 0,
1960 0, 0, 0, 0, 0, 0, 0, 0,
1964 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 16);
1965 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 24);
1966 put_unaligned_be64(naa3_comp_a, sas_pcd_m_pg + 64);
1967 put_unaligned_be64(naa3_comp_c + 1, sas_pcd_m_pg + 72);
1968 port_a = target_dev_id + 1;
1969 port_b = port_a + 1;
1970 memcpy(p, sas_pcd_m_pg, sizeof(sas_pcd_m_pg));
1971 put_unaligned_be32(port_a, p + 20);
1972 put_unaligned_be32(port_b, p + 48 + 20);
1974 memset(p + 4, 0, sizeof(sas_pcd_m_pg) - 4);
1975 return sizeof(sas_pcd_m_pg);
1978 static int resp_sas_sha_m_spg(unsigned char * p, int pcontrol)
1979 { /* SAS SSP shared protocol specific port mode subpage */
1980 unsigned char sas_sha_m_pg[] = {0x59, 0x2, 0, 0xc, 0, 0x6, 0x10, 0,
1981 0, 0, 0, 0, 0, 0, 0, 0,
1984 memcpy(p, sas_sha_m_pg, sizeof(sas_sha_m_pg));
1986 memset(p + 4, 0, sizeof(sas_sha_m_pg) - 4);
1987 return sizeof(sas_sha_m_pg);
1990 #define SDEBUG_MAX_MSENSE_SZ 256
1992 static int resp_mode_sense(struct scsi_cmnd *scp,
1993 struct sdebug_dev_info *devip)
1995 int pcontrol, pcode, subpcode, bd_len;
1996 unsigned char dev_spec;
1997 int alloc_len, offset, len, target_dev_id;
1998 int target = scp->device->id;
2000 unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
2001 unsigned char *cmd = scp->cmnd;
2002 bool dbd, llbaa, msense_6, is_disk, bad_pcode;
2004 dbd = !!(cmd[1] & 0x8); /* disable block descriptors */
2005 pcontrol = (cmd[2] & 0xc0) >> 6;
2006 pcode = cmd[2] & 0x3f;
2008 msense_6 = (MODE_SENSE == cmd[0]);
2009 llbaa = msense_6 ? false : !!(cmd[1] & 0x10);
2010 is_disk = (sdebug_ptype == TYPE_DISK);
2011 if (is_disk && !dbd)
2012 bd_len = llbaa ? 16 : 8;
2015 alloc_len = msense_6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2016 memset(arr, 0, SDEBUG_MAX_MSENSE_SZ);
2017 if (0x3 == pcontrol) { /* Saving values not supported */
2018 mk_sense_buffer(scp, ILLEGAL_REQUEST, SAVING_PARAMS_UNSUP, 0);
2019 return check_condition_result;
2021 target_dev_id = ((devip->sdbg_host->shost->host_no + 1) * 2000) +
2022 (devip->target * 1000) - 3;
2023 /* for disks set DPOFUA bit and clear write protect (WP) bit */
2025 dev_spec = 0x10; /* =0x90 if WP=1 implies read-only */
2035 arr[4] = 0x1; /* set LONGLBA bit */
2036 arr[7] = bd_len; /* assume 255 or less */
2040 if ((bd_len > 0) && (!sdebug_capacity))
2041 sdebug_capacity = get_sdebug_capacity();
2044 if (sdebug_capacity > 0xfffffffe)
2045 put_unaligned_be32(0xffffffff, ap + 0);
2047 put_unaligned_be32(sdebug_capacity, ap + 0);
2048 put_unaligned_be16(sdebug_sector_size, ap + 6);
2051 } else if (16 == bd_len) {
2052 put_unaligned_be64((u64)sdebug_capacity, ap + 0);
2053 put_unaligned_be32(sdebug_sector_size, ap + 12);
2058 if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
2059 /* TODO: Control Extension page */
2060 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2061 return check_condition_result;
2066 case 0x1: /* Read-Write error recovery page, direct access */
2067 len = resp_err_recov_pg(ap, pcontrol, target);
2070 case 0x2: /* Disconnect-Reconnect page, all devices */
2071 len = resp_disconnect_pg(ap, pcontrol, target);
2074 case 0x3: /* Format device page, direct access */
2076 len = resp_format_pg(ap, pcontrol, target);
2081 case 0x8: /* Caching page, direct access */
2083 len = resp_caching_pg(ap, pcontrol, target);
2088 case 0xa: /* Control Mode page, all devices */
2089 len = resp_ctrl_m_pg(ap, pcontrol, target);
2092 case 0x19: /* if spc==1 then sas phy, control+discover */
2093 if ((subpcode > 0x2) && (subpcode < 0xff)) {
2094 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2095 return check_condition_result;
2098 if ((0x0 == subpcode) || (0xff == subpcode))
2099 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2100 if ((0x1 == subpcode) || (0xff == subpcode))
2101 len += resp_sas_pcd_m_spg(ap + len, pcontrol, target,
2103 if ((0x2 == subpcode) || (0xff == subpcode))
2104 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2107 case 0x1c: /* Informational Exceptions Mode page, all devices */
2108 len = resp_iec_m_pg(ap, pcontrol, target);
2111 case 0x3f: /* Read all Mode pages */
2112 if ((0 == subpcode) || (0xff == subpcode)) {
2113 len = resp_err_recov_pg(ap, pcontrol, target);
2114 len += resp_disconnect_pg(ap + len, pcontrol, target);
2116 len += resp_format_pg(ap + len, pcontrol,
2118 len += resp_caching_pg(ap + len, pcontrol,
2121 len += resp_ctrl_m_pg(ap + len, pcontrol, target);
2122 len += resp_sas_sf_m_pg(ap + len, pcontrol, target);
2123 if (0xff == subpcode) {
2124 len += resp_sas_pcd_m_spg(ap + len, pcontrol,
2125 target, target_dev_id);
2126 len += resp_sas_sha_m_spg(ap + len, pcontrol);
2128 len += resp_iec_m_pg(ap + len, pcontrol, target);
2131 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2132 return check_condition_result;
2140 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2141 return check_condition_result;
2144 arr[0] = offset - 1;
2146 put_unaligned_be16((offset - 2), arr + 0);
2147 return fill_from_dev_buffer(scp, arr, min(alloc_len, offset));
2150 #define SDEBUG_MAX_MSELECT_SZ 512
2152 static int resp_mode_select(struct scsi_cmnd *scp,
2153 struct sdebug_dev_info *devip)
2155 int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
2156 int param_len, res, mpage;
2157 unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
2158 unsigned char *cmd = scp->cmnd;
2159 int mselect6 = (MODE_SELECT == cmd[0]);
2161 memset(arr, 0, sizeof(arr));
2164 param_len = mselect6 ? cmd[4] : get_unaligned_be16(cmd + 7);
2165 if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
2166 mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
2167 return check_condition_result;
2169 res = fetch_to_dev_buffer(scp, arr, param_len);
2171 return DID_ERROR << 16;
2172 else if (sdebug_verbose && (res < param_len))
2173 sdev_printk(KERN_INFO, scp->device,
2174 "%s: cdb indicated=%d, IO sent=%d bytes\n",
2175 __func__, param_len, res);
2176 md_len = mselect6 ? (arr[0] + 1) : (get_unaligned_be16(arr + 0) + 2);
2177 bd_len = mselect6 ? arr[3] : get_unaligned_be16(arr + 6);
2179 mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
2180 return check_condition_result;
2182 off = bd_len + (mselect6 ? 4 : 8);
2183 mpage = arr[off] & 0x3f;
2184 ps = !!(arr[off] & 0x80);
2186 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
2187 return check_condition_result;
2189 spf = !!(arr[off] & 0x40);
2190 pg_len = spf ? (get_unaligned_be16(arr + off + 2) + 4) :
2192 if ((pg_len + off) > param_len) {
2193 mk_sense_buffer(scp, ILLEGAL_REQUEST,
2194 PARAMETER_LIST_LENGTH_ERR, 0);
2195 return check_condition_result;
2198 case 0x8: /* Caching Mode page */
2199 if (caching_pg[1] == arr[off + 1]) {
2200 memcpy(caching_pg + 2, arr + off + 2,
2201 sizeof(caching_pg) - 2);
2202 goto set_mode_changed_ua;
2205 case 0xa: /* Control Mode page */
2206 if (ctrl_m_pg[1] == arr[off + 1]) {
2207 memcpy(ctrl_m_pg + 2, arr + off + 2,
2208 sizeof(ctrl_m_pg) - 2);
2209 sdebug_dsense = !!(ctrl_m_pg[2] & 0x4);
2210 goto set_mode_changed_ua;
2213 case 0x1c: /* Informational Exceptions Mode page */
2214 if (iec_m_pg[1] == arr[off + 1]) {
2215 memcpy(iec_m_pg + 2, arr + off + 2,
2216 sizeof(iec_m_pg) - 2);
2217 goto set_mode_changed_ua;
2223 mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
2224 return check_condition_result;
2225 set_mode_changed_ua:
2226 set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
2230 static int resp_temp_l_pg(unsigned char * arr)
2232 unsigned char temp_l_pg[] = {0x0, 0x0, 0x3, 0x2, 0x0, 38,
2233 0x0, 0x1, 0x3, 0x2, 0x0, 65,
2236 memcpy(arr, temp_l_pg, sizeof(temp_l_pg));
2237 return sizeof(temp_l_pg);
2240 static int resp_ie_l_pg(unsigned char * arr)
2242 unsigned char ie_l_pg[] = {0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 38,
2245 memcpy(arr, ie_l_pg, sizeof(ie_l_pg));
2246 if (iec_m_pg[2] & 0x4) { /* TEST bit set */
2247 arr[4] = THRESHOLD_EXCEEDED;
2250 return sizeof(ie_l_pg);
2253 #define SDEBUG_MAX_LSENSE_SZ 512
2255 static int resp_log_sense(struct scsi_cmnd * scp,
2256 struct sdebug_dev_info * devip)
2258 int ppc, sp, pcontrol, pcode, subpcode, alloc_len, len, n;
2259 unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
2260 unsigned char *cmd = scp->cmnd;
2262 memset(arr, 0, sizeof(arr));
2266 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
2267 return check_condition_result;
2269 pcontrol = (cmd[2] & 0xc0) >> 6;
2270 pcode = cmd[2] & 0x3f;
2271 subpcode = cmd[3] & 0xff;
2272 alloc_len = get_unaligned_be16(cmd + 7);
2274 if (0 == subpcode) {
2276 case 0x0: /* Supported log pages log page */
2278 arr[n++] = 0x0; /* this page */
2279 arr[n++] = 0xd; /* Temperature */
2280 arr[n++] = 0x2f; /* Informational exceptions */
2283 case 0xd: /* Temperature log page */
2284 arr[3] = resp_temp_l_pg(arr + 4);
2286 case 0x2f: /* Informational exceptions log page */
2287 arr[3] = resp_ie_l_pg(arr + 4);
2290 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2291 return check_condition_result;
2293 } else if (0xff == subpcode) {
2297 case 0x0: /* Supported log pages and subpages log page */
2300 arr[n++] = 0x0; /* 0,0 page */
2302 arr[n++] = 0xff; /* this page */
2304 arr[n++] = 0x0; /* Temperature */
2306 arr[n++] = 0x0; /* Informational exceptions */
2309 case 0xd: /* Temperature subpages */
2312 arr[n++] = 0x0; /* Temperature */
2315 case 0x2f: /* Informational exceptions subpages */
2318 arr[n++] = 0x0; /* Informational exceptions */
2322 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
2323 return check_condition_result;
2326 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
2327 return check_condition_result;
2329 len = min(get_unaligned_be16(arr + 2) + 4, alloc_len);
2330 return fill_from_dev_buffer(scp, arr,
2331 min(len, SDEBUG_MAX_INQ_ARR_SZ));
2334 static int check_device_access_params(struct scsi_cmnd *scp,
2335 unsigned long long lba, unsigned int num)
2337 if (lba + num > sdebug_capacity) {
2338 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2339 return check_condition_result;
2341 /* transfer length excessive (tie in to block limits VPD page) */
2342 if (num > sdebug_store_sectors) {
2343 /* needs work to find which cdb byte 'num' comes from */
2344 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2345 return check_condition_result;
2350 /* Returns number of bytes copied or -1 if error. */
2351 static int do_device_access(struct scsi_cmnd *scmd, u64 lba, u32 num,
2355 u64 block, rest = 0;
2356 struct scsi_data_buffer *sdb;
2357 enum dma_data_direction dir;
2360 sdb = scsi_out(scmd);
2361 dir = DMA_TO_DEVICE;
2363 sdb = scsi_in(scmd);
2364 dir = DMA_FROM_DEVICE;
2369 if (!(scsi_bidi_cmnd(scmd) || scmd->sc_data_direction == dir))
2372 block = do_div(lba, sdebug_store_sectors);
2373 if (block + num > sdebug_store_sectors)
2374 rest = block + num - sdebug_store_sectors;
2376 ret = sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2377 fake_storep + (block * sdebug_sector_size),
2378 (num - rest) * sdebug_sector_size, 0, do_write);
2379 if (ret != (num - rest) * sdebug_sector_size)
2383 ret += sg_copy_buffer(sdb->table.sgl, sdb->table.nents,
2384 fake_storep, rest * sdebug_sector_size,
2385 (num - rest) * sdebug_sector_size, do_write);
2391 /* If fake_store(lba,num) compares equal to arr(num), then copy top half of
2392 * arr into fake_store(lba,num) and return true. If comparison fails then
2394 static bool comp_write_worker(u64 lba, u32 num, const u8 *arr)
2397 u64 block, rest = 0;
2398 u32 store_blks = sdebug_store_sectors;
2399 u32 lb_size = sdebug_sector_size;
2401 block = do_div(lba, store_blks);
2402 if (block + num > store_blks)
2403 rest = block + num - store_blks;
2405 res = !memcmp(fake_storep + (block * lb_size), arr,
2406 (num - rest) * lb_size);
2410 res = memcmp(fake_storep, arr + ((num - rest) * lb_size),
2414 arr += num * lb_size;
2415 memcpy(fake_storep + (block * lb_size), arr, (num - rest) * lb_size);
2417 memcpy(fake_storep, arr + ((num - rest) * lb_size),
2422 static __be16 dif_compute_csum(const void *buf, int len)
2427 csum = (__force __be16)ip_compute_csum(buf, len);
2429 csum = cpu_to_be16(crc_t10dif(buf, len));
2434 static int dif_verify(struct t10_pi_tuple *sdt, const void *data,
2435 sector_t sector, u32 ei_lba)
2437 __be16 csum = dif_compute_csum(data, sdebug_sector_size);
2439 if (sdt->guard_tag != csum) {
2440 pr_err("GUARD check failed on sector %lu rcvd 0x%04x, data 0x%04x\n",
2441 (unsigned long)sector,
2442 be16_to_cpu(sdt->guard_tag),
2446 if (sdebug_dif == T10_PI_TYPE1_PROTECTION &&
2447 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
2448 pr_err("REF check failed on sector %lu\n",
2449 (unsigned long)sector);
2452 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2453 be32_to_cpu(sdt->ref_tag) != ei_lba) {
2454 pr_err("REF check failed on sector %lu\n",
2455 (unsigned long)sector);
2461 static void dif_copy_prot(struct scsi_cmnd *SCpnt, sector_t sector,
2462 unsigned int sectors, bool read)
2466 const void *dif_store_end = dif_storep + sdebug_store_sectors;
2467 struct sg_mapping_iter miter;
2469 /* Bytes of protection data to copy into sgl */
2470 resid = sectors * sizeof(*dif_storep);
2472 sg_miter_start(&miter, scsi_prot_sglist(SCpnt),
2473 scsi_prot_sg_count(SCpnt), SG_MITER_ATOMIC |
2474 (read ? SG_MITER_TO_SG : SG_MITER_FROM_SG));
2476 while (sg_miter_next(&miter) && resid > 0) {
2477 size_t len = min(miter.length, resid);
2478 void *start = dif_store(sector);
2481 if (dif_store_end < start + len)
2482 rest = start + len - dif_store_end;
2487 memcpy(paddr, start, len - rest);
2489 memcpy(start, paddr, len - rest);
2493 memcpy(paddr + len - rest, dif_storep, rest);
2495 memcpy(dif_storep, paddr + len - rest, rest);
2498 sector += len / sizeof(*dif_storep);
2501 sg_miter_stop(&miter);
2504 static int prot_verify_read(struct scsi_cmnd *SCpnt, sector_t start_sec,
2505 unsigned int sectors, u32 ei_lba)
2508 struct t10_pi_tuple *sdt;
2511 for (i = 0; i < sectors; i++, ei_lba++) {
2514 sector = start_sec + i;
2515 sdt = dif_store(sector);
2517 if (sdt->app_tag == cpu_to_be16(0xffff))
2520 ret = dif_verify(sdt, fake_store(sector), sector, ei_lba);
2527 dif_copy_prot(SCpnt, start_sec, sectors, true);
2533 static int resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2535 u8 *cmd = scp->cmnd;
2536 struct sdebug_queued_cmd *sqcp;
2540 unsigned long iflags;
2547 lba = get_unaligned_be64(cmd + 2);
2548 num = get_unaligned_be32(cmd + 10);
2553 lba = get_unaligned_be32(cmd + 2);
2554 num = get_unaligned_be16(cmd + 7);
2559 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2560 (u32)(cmd[1] & 0x1f) << 16;
2561 num = (0 == cmd[4]) ? 256 : cmd[4];
2566 lba = get_unaligned_be32(cmd + 2);
2567 num = get_unaligned_be32(cmd + 6);
2570 case XDWRITEREAD_10:
2572 lba = get_unaligned_be32(cmd + 2);
2573 num = get_unaligned_be16(cmd + 7);
2576 default: /* assume READ(32) */
2577 lba = get_unaligned_be64(cmd + 12);
2578 ei_lba = get_unaligned_be32(cmd + 20);
2579 num = get_unaligned_be32(cmd + 28);
2583 if (unlikely(have_dif_prot && check_prot)) {
2584 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2586 mk_sense_invalid_opcode(scp);
2587 return check_condition_result;
2589 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
2590 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
2591 (cmd[1] & 0xe0) == 0)
2592 sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
2595 if (unlikely(sdebug_any_injecting_opt)) {
2596 sqcp = (struct sdebug_queued_cmd *)scp->host_scribble;
2599 if (sqcp->inj_short)
2605 /* inline check_device_access_params() */
2606 if (unlikely(lba + num > sdebug_capacity)) {
2607 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2608 return check_condition_result;
2610 /* transfer length excessive (tie in to block limits VPD page) */
2611 if (unlikely(num > sdebug_store_sectors)) {
2612 /* needs work to find which cdb byte 'num' comes from */
2613 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2614 return check_condition_result;
2617 if (unlikely((SDEBUG_OPT_MEDIUM_ERR & sdebug_opts) &&
2618 (lba <= (OPT_MEDIUM_ERR_ADDR + OPT_MEDIUM_ERR_NUM - 1)) &&
2619 ((lba + num) > OPT_MEDIUM_ERR_ADDR))) {
2620 /* claim unrecoverable read error */
2621 mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
2622 /* set info field and valid bit for fixed descriptor */
2623 if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
2624 scp->sense_buffer[0] |= 0x80; /* Valid bit */
2625 ret = (lba < OPT_MEDIUM_ERR_ADDR)
2626 ? OPT_MEDIUM_ERR_ADDR : (int)lba;
2627 put_unaligned_be32(ret, scp->sense_buffer + 3);
2629 scsi_set_resid(scp, scsi_bufflen(scp));
2630 return check_condition_result;
2633 read_lock_irqsave(&atomic_rw, iflags);
2636 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2637 int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
2640 read_unlock_irqrestore(&atomic_rw, iflags);
2641 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
2642 return illegal_condition_result;
2646 ret = do_device_access(scp, lba, num, false);
2647 read_unlock_irqrestore(&atomic_rw, iflags);
2648 if (unlikely(ret == -1))
2649 return DID_ERROR << 16;
2651 scsi_in(scp)->resid = scsi_bufflen(scp) - ret;
2653 if (unlikely(sqcp)) {
2654 if (sqcp->inj_recovered) {
2655 mk_sense_buffer(scp, RECOVERED_ERROR,
2656 THRESHOLD_EXCEEDED, 0);
2657 return check_condition_result;
2658 } else if (sqcp->inj_transport) {
2659 mk_sense_buffer(scp, ABORTED_COMMAND,
2660 TRANSPORT_PROBLEM, ACK_NAK_TO);
2661 return check_condition_result;
2662 } else if (sqcp->inj_dif) {
2663 /* Logical block guard check failed */
2664 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2665 return illegal_condition_result;
2666 } else if (sqcp->inj_dix) {
2667 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2668 return illegal_condition_result;
2674 static void dump_sector(unsigned char *buf, int len)
2678 pr_err(">>> Sector Dump <<<\n");
2679 for (i = 0 ; i < len ; i += 16) {
2682 for (j = 0, n = 0; j < 16; j++) {
2683 unsigned char c = buf[i+j];
2685 if (c >= 0x20 && c < 0x7e)
2686 n += scnprintf(b + n, sizeof(b) - n,
2689 n += scnprintf(b + n, sizeof(b) - n,
2692 pr_err("%04d: %s\n", i, b);
2696 static int prot_verify_write(struct scsi_cmnd *SCpnt, sector_t start_sec,
2697 unsigned int sectors, u32 ei_lba)
2700 struct t10_pi_tuple *sdt;
2702 sector_t sector = start_sec;
2705 struct sg_mapping_iter diter;
2706 struct sg_mapping_iter piter;
2708 BUG_ON(scsi_sg_count(SCpnt) == 0);
2709 BUG_ON(scsi_prot_sg_count(SCpnt) == 0);
2711 sg_miter_start(&piter, scsi_prot_sglist(SCpnt),
2712 scsi_prot_sg_count(SCpnt),
2713 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2714 sg_miter_start(&diter, scsi_sglist(SCpnt), scsi_sg_count(SCpnt),
2715 SG_MITER_ATOMIC | SG_MITER_FROM_SG);
2717 /* For each protection page */
2718 while (sg_miter_next(&piter)) {
2720 if (WARN_ON(!sg_miter_next(&diter))) {
2725 for (ppage_offset = 0; ppage_offset < piter.length;
2726 ppage_offset += sizeof(struct t10_pi_tuple)) {
2727 /* If we're at the end of the current
2728 * data page advance to the next one
2730 if (dpage_offset >= diter.length) {
2731 if (WARN_ON(!sg_miter_next(&diter))) {
2738 sdt = piter.addr + ppage_offset;
2739 daddr = diter.addr + dpage_offset;
2741 ret = dif_verify(sdt, daddr, sector, ei_lba);
2743 dump_sector(daddr, sdebug_sector_size);
2749 dpage_offset += sdebug_sector_size;
2751 diter.consumed = dpage_offset;
2752 sg_miter_stop(&diter);
2754 sg_miter_stop(&piter);
2756 dif_copy_prot(SCpnt, start_sec, sectors, false);
2763 sg_miter_stop(&diter);
2764 sg_miter_stop(&piter);
2768 static unsigned long lba_to_map_index(sector_t lba)
2770 if (sdebug_unmap_alignment)
2771 lba += sdebug_unmap_granularity - sdebug_unmap_alignment;
2772 sector_div(lba, sdebug_unmap_granularity);
2776 static sector_t map_index_to_lba(unsigned long index)
2778 sector_t lba = index * sdebug_unmap_granularity;
2780 if (sdebug_unmap_alignment)
2781 lba -= sdebug_unmap_granularity - sdebug_unmap_alignment;
2785 static unsigned int map_state(sector_t lba, unsigned int *num)
2788 unsigned int mapped;
2789 unsigned long index;
2792 index = lba_to_map_index(lba);
2793 mapped = test_bit(index, map_storep);
2796 next = find_next_zero_bit(map_storep, map_size, index);
2798 next = find_next_bit(map_storep, map_size, index);
2800 end = min_t(sector_t, sdebug_store_sectors, map_index_to_lba(next));
2805 static void map_region(sector_t lba, unsigned int len)
2807 sector_t end = lba + len;
2810 unsigned long index = lba_to_map_index(lba);
2812 if (index < map_size)
2813 set_bit(index, map_storep);
2815 lba = map_index_to_lba(index + 1);
2819 static void unmap_region(sector_t lba, unsigned int len)
2821 sector_t end = lba + len;
2824 unsigned long index = lba_to_map_index(lba);
2826 if (lba == map_index_to_lba(index) &&
2827 lba + sdebug_unmap_granularity <= end &&
2829 clear_bit(index, map_storep);
2830 if (sdebug_lbprz) { /* for LBPRZ=2 return 0xff_s */
2831 memset(fake_storep +
2832 lba * sdebug_sector_size,
2833 (sdebug_lbprz & 1) ? 0 : 0xff,
2834 sdebug_sector_size *
2835 sdebug_unmap_granularity);
2838 memset(dif_storep + lba, 0xff,
2839 sizeof(*dif_storep) *
2840 sdebug_unmap_granularity);
2843 lba = map_index_to_lba(index + 1);
2847 static int resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
2849 u8 *cmd = scp->cmnd;
2853 unsigned long iflags;
2860 lba = get_unaligned_be64(cmd + 2);
2861 num = get_unaligned_be32(cmd + 10);
2866 lba = get_unaligned_be32(cmd + 2);
2867 num = get_unaligned_be16(cmd + 7);
2872 lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
2873 (u32)(cmd[1] & 0x1f) << 16;
2874 num = (0 == cmd[4]) ? 256 : cmd[4];
2879 lba = get_unaligned_be32(cmd + 2);
2880 num = get_unaligned_be32(cmd + 6);
2883 case 0x53: /* XDWRITEREAD(10) */
2885 lba = get_unaligned_be32(cmd + 2);
2886 num = get_unaligned_be16(cmd + 7);
2889 default: /* assume WRITE(32) */
2890 lba = get_unaligned_be64(cmd + 12);
2891 ei_lba = get_unaligned_be32(cmd + 20);
2892 num = get_unaligned_be32(cmd + 28);
2896 if (unlikely(have_dif_prot && check_prot)) {
2897 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
2899 mk_sense_invalid_opcode(scp);
2900 return check_condition_result;
2902 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
2903 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
2904 (cmd[1] & 0xe0) == 0)
2905 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
2909 /* inline check_device_access_params() */
2910 if (unlikely(lba + num > sdebug_capacity)) {
2911 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
2912 return check_condition_result;
2914 /* transfer length excessive (tie in to block limits VPD page) */
2915 if (unlikely(num > sdebug_store_sectors)) {
2916 /* needs work to find which cdb byte 'num' comes from */
2917 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
2918 return check_condition_result;
2921 write_lock_irqsave(&atomic_rw, iflags);
2924 if (unlikely(sdebug_dix && scsi_prot_sg_count(scp))) {
2925 int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
2928 write_unlock_irqrestore(&atomic_rw, iflags);
2929 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
2930 return illegal_condition_result;
2934 ret = do_device_access(scp, lba, num, true);
2935 if (unlikely(scsi_debug_lbp()))
2936 map_region(lba, num);
2937 write_unlock_irqrestore(&atomic_rw, iflags);
2938 if (unlikely(-1 == ret))
2939 return DID_ERROR << 16;
2940 else if (unlikely(sdebug_verbose &&
2941 (ret < (num * sdebug_sector_size))))
2942 sdev_printk(KERN_INFO, scp->device,
2943 "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
2944 my_name, num * sdebug_sector_size, ret);
2946 if (unlikely(sdebug_any_injecting_opt)) {
2947 struct sdebug_queued_cmd *sqcp =
2948 (struct sdebug_queued_cmd *)scp->host_scribble;
2951 if (sqcp->inj_recovered) {
2952 mk_sense_buffer(scp, RECOVERED_ERROR,
2953 THRESHOLD_EXCEEDED, 0);
2954 return check_condition_result;
2955 } else if (sqcp->inj_dif) {
2956 /* Logical block guard check failed */
2957 mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
2958 return illegal_condition_result;
2959 } else if (sqcp->inj_dix) {
2960 mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
2961 return illegal_condition_result;
2968 static int resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num,
2969 u32 ei_lba, bool unmap, bool ndob)
2971 unsigned long iflags;
2972 unsigned long long i;
2976 ret = check_device_access_params(scp, lba, num);
2980 write_lock_irqsave(&atomic_rw, iflags);
2982 if (unmap && scsi_debug_lbp()) {
2983 unmap_region(lba, num);
2987 lba_off = lba * sdebug_sector_size;
2988 /* if ndob then zero 1 logical block, else fetch 1 logical block */
2990 memset(fake_storep + lba_off, 0, sdebug_sector_size);
2993 ret = fetch_to_dev_buffer(scp, fake_storep + lba_off,
2994 sdebug_sector_size);
2997 write_unlock_irqrestore(&atomic_rw, iflags);
2998 return DID_ERROR << 16;
2999 } else if (sdebug_verbose && (ret < (num * sdebug_sector_size)))
3000 sdev_printk(KERN_INFO, scp->device,
3001 "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
3002 my_name, "write same",
3003 num * sdebug_sector_size, ret);
3005 /* Copy first sector to remaining blocks */
3006 for (i = 1 ; i < num ; i++)
3007 memcpy(fake_storep + ((lba + i) * sdebug_sector_size),
3008 fake_storep + lba_off,
3009 sdebug_sector_size);
3011 if (scsi_debug_lbp())
3012 map_region(lba, num);
3014 write_unlock_irqrestore(&atomic_rw, iflags);
3019 static int resp_write_same_10(struct scsi_cmnd *scp,
3020 struct sdebug_dev_info *devip)
3022 u8 *cmd = scp->cmnd;
3029 if (sdebug_lbpws10 == 0) {
3030 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3031 return check_condition_result;
3035 lba = get_unaligned_be32(cmd + 2);
3036 num = get_unaligned_be16(cmd + 7);
3037 if (num > sdebug_write_same_length) {
3038 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3039 return check_condition_result;
3041 return resp_write_same(scp, lba, num, ei_lba, unmap, false);
3044 static int resp_write_same_16(struct scsi_cmnd *scp,
3045 struct sdebug_dev_info *devip)
3047 u8 *cmd = scp->cmnd;
3054 if (cmd[1] & 0x8) { /* UNMAP */
3055 if (sdebug_lbpws == 0) {
3056 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
3057 return check_condition_result;
3061 if (cmd[1] & 0x1) /* NDOB (no data-out buffer, assumes zeroes) */
3063 lba = get_unaligned_be64(cmd + 2);
3064 num = get_unaligned_be32(cmd + 10);
3065 if (num > sdebug_write_same_length) {
3066 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
3067 return check_condition_result;
3069 return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
3072 /* Note the mode field is in the same position as the (lower) service action
3073 * field. For the Report supported operation codes command, SPC-4 suggests
3074 * each mode of this command should be reported separately; for future. */
3075 static int resp_write_buffer(struct scsi_cmnd *scp,
3076 struct sdebug_dev_info *devip)
3078 u8 *cmd = scp->cmnd;
3079 struct scsi_device *sdp = scp->device;
3080 struct sdebug_dev_info *dp;
3083 mode = cmd[1] & 0x1f;
3085 case 0x4: /* download microcode (MC) and activate (ACT) */
3086 /* set UAs on this device only */
3087 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3088 set_bit(SDEBUG_UA_MICROCODE_CHANGED, devip->uas_bm);
3090 case 0x5: /* download MC, save and ACT */
3091 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET, devip->uas_bm);
3093 case 0x6: /* download MC with offsets and ACT */
3094 /* set UAs on most devices (LUs) in this target */
3095 list_for_each_entry(dp,
3096 &devip->sdbg_host->dev_info_list,
3098 if (dp->target == sdp->id) {
3099 set_bit(SDEBUG_UA_BUS_RESET, dp->uas_bm);
3101 set_bit(SDEBUG_UA_MICROCODE_CHANGED,
3105 case 0x7: /* download MC with offsets, save, and ACT */
3106 /* set UA on all devices (LUs) in this target */
3107 list_for_each_entry(dp,
3108 &devip->sdbg_host->dev_info_list,
3110 if (dp->target == sdp->id)
3111 set_bit(SDEBUG_UA_MICROCODE_CHANGED_WO_RESET,
3115 /* do nothing for this command for other mode values */
3121 static int resp_comp_write(struct scsi_cmnd *scp,
3122 struct sdebug_dev_info *devip)
3124 u8 *cmd = scp->cmnd;
3126 u8 *fake_storep_hold;
3129 u32 lb_size = sdebug_sector_size;
3131 unsigned long iflags;
3135 lba = get_unaligned_be64(cmd + 2);
3136 num = cmd[13]; /* 1 to a maximum of 255 logical blocks */
3138 return 0; /* degenerate case, not an error */
3139 if (sdebug_dif == T10_PI_TYPE2_PROTECTION &&
3141 mk_sense_invalid_opcode(scp);
3142 return check_condition_result;
3144 if ((sdebug_dif == T10_PI_TYPE1_PROTECTION ||
3145 sdebug_dif == T10_PI_TYPE3_PROTECTION) &&
3146 (cmd[1] & 0xe0) == 0)
3147 sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
3150 /* inline check_device_access_params() */
3151 if (lba + num > sdebug_capacity) {
3152 mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
3153 return check_condition_result;
3155 /* transfer length excessive (tie in to block limits VPD page) */
3156 if (num > sdebug_store_sectors) {
3157 /* needs work to find which cdb byte 'num' comes from */
3158 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
3159 return check_condition_result;
3162 arr = kzalloc(dnum * lb_size, GFP_ATOMIC);
3164 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3166 return check_condition_result;
3169 write_lock_irqsave(&atomic_rw, iflags);
3171 /* trick do_device_access() to fetch both compare and write buffers
3172 * from data-in into arr. Safe (atomic) since write_lock held. */
3173 fake_storep_hold = fake_storep;
3175 ret = do_device_access(scp, 0, dnum, true);
3176 fake_storep = fake_storep_hold;
3178 retval = DID_ERROR << 16;
3180 } else if (sdebug_verbose && (ret < (dnum * lb_size)))
3181 sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
3182 "indicated=%u, IO sent=%d bytes\n", my_name,
3183 dnum * lb_size, ret);
3184 if (!comp_write_worker(lba, num, arr)) {
3185 mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
3186 retval = check_condition_result;
3189 if (scsi_debug_lbp())
3190 map_region(lba, num);
3192 write_unlock_irqrestore(&atomic_rw, iflags);
3197 struct unmap_block_desc {
3203 static int resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
3206 struct unmap_block_desc *desc;
3207 unsigned int i, payload_len, descriptors;
3209 unsigned long iflags;
3212 if (!scsi_debug_lbp())
3213 return 0; /* fib and say its done */
3214 payload_len = get_unaligned_be16(scp->cmnd + 7);
3215 BUG_ON(scsi_bufflen(scp) != payload_len);
3217 descriptors = (payload_len - 8) / 16;
3218 if (descriptors > sdebug_unmap_max_desc) {
3219 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
3220 return check_condition_result;
3223 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3225 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3227 return check_condition_result;
3230 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3232 BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
3233 BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
3235 desc = (void *)&buf[8];
3237 write_lock_irqsave(&atomic_rw, iflags);
3239 for (i = 0 ; i < descriptors ; i++) {
3240 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
3241 unsigned int num = get_unaligned_be32(&desc[i].blocks);
3243 ret = check_device_access_params(scp, lba, num);
3247 unmap_region(lba, num);
3253 write_unlock_irqrestore(&atomic_rw, iflags);
3259 #define SDEBUG_GET_LBA_STATUS_LEN 32
3261 static int resp_get_lba_status(struct scsi_cmnd *scp,
3262 struct sdebug_dev_info *devip)
3264 u8 *cmd = scp->cmnd;
3266 u32 alloc_len, mapped, num;
3267 u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
3270 lba = get_unaligned_be64(cmd + 2);
3271 alloc_len = get_unaligned_be32(cmd + 10);
3276 ret = check_device_access_params(scp, lba, 1);
3280 if (scsi_debug_lbp())
3281 mapped = map_state(lba, &num);
3284 /* following just in case virtual_gb changed */
3285 sdebug_capacity = get_sdebug_capacity();
3286 if (sdebug_capacity - lba <= 0xffffffff)
3287 num = sdebug_capacity - lba;
3292 memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
3293 put_unaligned_be32(20, arr); /* Parameter Data Length */
3294 put_unaligned_be64(lba, arr + 8); /* LBA */
3295 put_unaligned_be32(num, arr + 16); /* Number of blocks */
3296 arr[20] = !mapped; /* prov_stat=0: mapped; 1: dealloc */
3298 return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
3301 #define RL_BUCKET_ELEMS 8
3303 /* Even though each pseudo target has a REPORT LUNS "well known logical unit"
3304 * (W-LUN), the normal Linux scanning logic does not associate it with a
3305 * device (e.g. /dev/sg7). The following magic will make that association:
3306 * "cd /sys/class/scsi_host/host<n> ; echo '- - 49409' > scan"
3307 * where <n> is a host number. If there are multiple targets in a host then
3308 * the above will associate a W-LUN to each target. To only get a W-LUN
3309 * for target 2, then use "echo '- 2 49409' > scan" .
3311 static int resp_report_luns(struct scsi_cmnd *scp,
3312 struct sdebug_dev_info *devip)
3314 unsigned char *cmd = scp->cmnd;
3315 unsigned int alloc_len;
3316 unsigned char select_report;
3318 struct scsi_lun *lun_p;
3319 u8 arr[RL_BUCKET_ELEMS * sizeof(struct scsi_lun)];
3320 unsigned int lun_cnt; /* normal LUN count (max: 256) */
3321 unsigned int wlun_cnt; /* report luns W-LUN count */
3322 unsigned int tlun_cnt; /* total LUN count */
3323 unsigned int rlen; /* response length (in bytes) */
3325 unsigned int off_rsp = 0;
3326 const int sz_lun = sizeof(struct scsi_lun);
3328 clear_luns_changed_on_target(devip);
3330 select_report = cmd[2];
3331 alloc_len = get_unaligned_be32(cmd + 6);
3333 if (alloc_len < 4) {
3334 pr_err("alloc len too small %d\n", alloc_len);
3335 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
3336 return check_condition_result;
3339 switch (select_report) {
3340 case 0: /* all LUNs apart from W-LUNs */
3341 lun_cnt = sdebug_max_luns;
3344 case 1: /* only W-LUNs */
3348 case 2: /* all LUNs */
3349 lun_cnt = sdebug_max_luns;
3352 case 0x10: /* only administrative LUs */
3353 case 0x11: /* see SPC-5 */
3354 case 0x12: /* only subsiduary LUs owned by referenced LU */
3356 pr_debug("select report invalid %d\n", select_report);
3357 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
3358 return check_condition_result;
3361 if (sdebug_no_lun_0 && (lun_cnt > 0))
3364 tlun_cnt = lun_cnt + wlun_cnt;
3365 rlen = tlun_cnt * sz_lun; /* excluding 8 byte header */
3366 scsi_set_resid(scp, scsi_bufflen(scp));
3367 pr_debug("select_report %d luns = %d wluns = %d no_lun0 %d\n",
3368 select_report, lun_cnt, wlun_cnt, sdebug_no_lun_0);
3370 /* loops rely on sizeof response header same as sizeof lun (both 8) */
3371 lun = sdebug_no_lun_0 ? 1 : 0;
3372 for (k = 0, j = 0, res = 0; true; ++k, j = 0) {
3373 memset(arr, 0, sizeof(arr));
3374 lun_p = (struct scsi_lun *)&arr[0];
3376 put_unaligned_be32(rlen, &arr[0]);
3380 for ( ; j < RL_BUCKET_ELEMS; ++j, ++lun_p) {
3381 if ((k * RL_BUCKET_ELEMS) + j > lun_cnt)
3383 int_to_scsilun(lun++, lun_p);
3385 if (j < RL_BUCKET_ELEMS)
3388 res = p_fill_from_dev_buffer(scp, arr, n, off_rsp);
3394 int_to_scsilun(SCSI_W_LUN_REPORT_LUNS, lun_p);
3398 res = p_fill_from_dev_buffer(scp, arr, j * sz_lun, off_rsp);
3402 static int resp_xdwriteread(struct scsi_cmnd *scp, unsigned long long lba,
3403 unsigned int num, struct sdebug_dev_info *devip)
3406 unsigned char *kaddr, *buf;
3407 unsigned int offset;
3408 struct scsi_data_buffer *sdb = scsi_in(scp);
3409 struct sg_mapping_iter miter;
3411 /* better not to use temporary buffer. */
3412 buf = kzalloc(scsi_bufflen(scp), GFP_ATOMIC);
3414 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3416 return check_condition_result;
3419 scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
3422 sg_miter_start(&miter, sdb->table.sgl, sdb->table.nents,
3423 SG_MITER_ATOMIC | SG_MITER_TO_SG);
3425 while (sg_miter_next(&miter)) {
3427 for (j = 0; j < miter.length; j++)
3428 *(kaddr + j) ^= *(buf + offset + j);
3430 offset += miter.length;
3432 sg_miter_stop(&miter);
3438 static int resp_xdwriteread_10(struct scsi_cmnd *scp,
3439 struct sdebug_dev_info *devip)
3441 u8 *cmd = scp->cmnd;
3446 if (!scsi_bidi_cmnd(scp)) {
3447 mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
3449 return check_condition_result;
3451 errsts = resp_read_dt0(scp, devip);
3454 if (!(cmd[1] & 0x4)) { /* DISABLE_WRITE is not set */
3455 errsts = resp_write_dt0(scp, devip);
3459 lba = get_unaligned_be32(cmd + 2);
3460 num = get_unaligned_be16(cmd + 7);
3461 return resp_xdwriteread(scp, lba, num, devip);
3464 static struct sdebug_queue *get_queue(struct scsi_cmnd *cmnd)
3466 struct sdebug_queue *sqp = sdebug_q_arr;
3468 if (sdebug_mq_active) {
3469 u32 tag = blk_mq_unique_tag(cmnd->request);
3470 u16 hwq = blk_mq_unique_tag_to_hwq(tag);
3472 if (unlikely(hwq >= submit_queues)) {
3473 pr_warn("Unexpected hwq=%d, apply modulo\n", hwq);
3474 hwq %= submit_queues;
3476 pr_debug("tag=%u, hwq=%d\n", tag, hwq);
3482 /* Queued (deferred) command completions converge here. */
3483 static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
3487 unsigned long iflags;
3488 struct sdebug_queue *sqp;
3489 struct sdebug_queued_cmd *sqcp;
3490 struct scsi_cmnd *scp;
3491 struct sdebug_dev_info *devip;
3493 qc_idx = sd_dp->qc_idx;
3494 sqp = sdebug_q_arr + sd_dp->sqa_idx;
3495 if (sdebug_statistics) {
3496 atomic_inc(&sdebug_completions);
3497 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
3498 atomic_inc(&sdebug_miss_cpus);
3500 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
3501 pr_err("wild qc_idx=%d\n", qc_idx);
3504 spin_lock_irqsave(&sqp->qc_lock, iflags);
3505 sqcp = &sqp->qc_arr[qc_idx];
3507 if (unlikely(scp == NULL)) {
3508 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3509 pr_err("scp is NULL, sqa_idx=%d, qc_idx=%d\n",
3510 sd_dp->sqa_idx, qc_idx);
3513 devip = (struct sdebug_dev_info *)scp->device->hostdata;
3515 atomic_dec(&devip->num_in_q);
3517 pr_err("devip=NULL\n");
3518 if (unlikely(atomic_read(&retired_max_queue) > 0))
3521 sqcp->a_cmnd = NULL;
3522 if (unlikely(!test_and_clear_bit(qc_idx, sqp->in_use_bm))) {
3523 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3524 pr_err("Unexpected completion\n");
3528 if (unlikely(retiring)) { /* user has reduced max_queue */
3531 retval = atomic_read(&retired_max_queue);
3532 if (qc_idx >= retval) {
3533 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3534 pr_err("index %d too large\n", retval);
3537 k = find_last_bit(sqp->in_use_bm, retval);
3538 if ((k < sdebug_max_queue) || (k == retval))
3539 atomic_set(&retired_max_queue, 0);
3541 atomic_set(&retired_max_queue, k + 1);
3543 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3544 scp->scsi_done(scp); /* callback to mid level */
3547 /* When high resolution timer goes off this function is called. */
3548 static enum hrtimer_restart sdebug_q_cmd_hrt_complete(struct hrtimer *timer)
3550 struct sdebug_defer *sd_dp = container_of(timer, struct sdebug_defer,
3552 sdebug_q_cmd_complete(sd_dp);
3553 return HRTIMER_NORESTART;
3556 /* When work queue schedules work, it calls this function. */
3557 static void sdebug_q_cmd_wq_complete(struct work_struct *work)
3559 struct sdebug_defer *sd_dp = container_of(work, struct sdebug_defer,
3561 sdebug_q_cmd_complete(sd_dp);
3564 static bool got_shared_uuid;
3565 static uuid_be shared_uuid;
3567 static struct sdebug_dev_info *sdebug_device_create(
3568 struct sdebug_host_info *sdbg_host, gfp_t flags)
3570 struct sdebug_dev_info *devip;
3572 devip = kzalloc(sizeof(*devip), flags);
3574 if (sdebug_uuid_ctl == 1)
3575 uuid_be_gen(&devip->lu_name);
3576 else if (sdebug_uuid_ctl == 2) {
3577 if (got_shared_uuid)
3578 devip->lu_name = shared_uuid;
3580 uuid_be_gen(&shared_uuid);
3581 got_shared_uuid = true;
3582 devip->lu_name = shared_uuid;
3585 devip->sdbg_host = sdbg_host;
3586 list_add_tail(&devip->dev_list, &sdbg_host->dev_info_list);
3591 static struct sdebug_dev_info *find_build_dev_info(struct scsi_device *sdev)
3593 struct sdebug_host_info *sdbg_host;
3594 struct sdebug_dev_info *open_devip = NULL;
3595 struct sdebug_dev_info *devip;
3597 sdbg_host = *(struct sdebug_host_info **)shost_priv(sdev->host);
3599 pr_err("Host info NULL\n");
3602 list_for_each_entry(devip, &sdbg_host->dev_info_list, dev_list) {
3603 if ((devip->used) && (devip->channel == sdev->channel) &&
3604 (devip->target == sdev->id) &&
3605 (devip->lun == sdev->lun))
3608 if ((!devip->used) && (!open_devip))
3612 if (!open_devip) { /* try and make a new one */
3613 open_devip = sdebug_device_create(sdbg_host, GFP_ATOMIC);
3615 pr_err("out of memory at line %d\n", __LINE__);
3620 open_devip->channel = sdev->channel;
3621 open_devip->target = sdev->id;
3622 open_devip->lun = sdev->lun;
3623 open_devip->sdbg_host = sdbg_host;
3624 atomic_set(&open_devip->num_in_q, 0);
3625 set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
3626 open_devip->used = true;
3630 static int scsi_debug_slave_alloc(struct scsi_device *sdp)
3633 pr_info("slave_alloc <%u %u %u %llu>\n",
3634 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3635 queue_flag_set_unlocked(QUEUE_FLAG_BIDI, sdp->request_queue);
3639 static int scsi_debug_slave_configure(struct scsi_device *sdp)
3641 struct sdebug_dev_info *devip =
3642 (struct sdebug_dev_info *)sdp->hostdata;
3645 pr_info("slave_configure <%u %u %u %llu>\n",
3646 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3647 if (sdp->host->max_cmd_len != SDEBUG_MAX_CMD_LEN)
3648 sdp->host->max_cmd_len = SDEBUG_MAX_CMD_LEN;
3649 if (devip == NULL) {
3650 devip = find_build_dev_info(sdp);
3652 return 1; /* no resources, will be marked offline */
3654 sdp->hostdata = devip;
3655 blk_queue_max_segment_size(sdp->request_queue, -1U);
3657 sdp->no_uld_attach = 1;
3661 static void scsi_debug_slave_destroy(struct scsi_device *sdp)
3663 struct sdebug_dev_info *devip =
3664 (struct sdebug_dev_info *)sdp->hostdata;
3667 pr_info("slave_destroy <%u %u %u %llu>\n",
3668 sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
3670 /* make this slot available for re-use */
3671 devip->used = false;
3672 sdp->hostdata = NULL;
3676 static void stop_qc_helper(struct sdebug_defer *sd_dp)
3680 if ((sdebug_jdelay > 0) || (sdebug_ndelay > 0))
3681 hrtimer_cancel(&sd_dp->hrt);
3682 else if (sdebug_jdelay < 0)
3683 cancel_work_sync(&sd_dp->ew.work);
3686 /* If @cmnd found deletes its timer or work queue and returns true; else
3688 static bool stop_queued_cmnd(struct scsi_cmnd *cmnd)
3690 unsigned long iflags;
3691 int j, k, qmax, r_qmax;
3692 struct sdebug_queue *sqp;
3693 struct sdebug_queued_cmd *sqcp;
3694 struct sdebug_dev_info *devip;
3695 struct sdebug_defer *sd_dp;
3697 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3698 spin_lock_irqsave(&sqp->qc_lock, iflags);
3699 qmax = sdebug_max_queue;
3700 r_qmax = atomic_read(&retired_max_queue);
3703 for (k = 0; k < qmax; ++k) {
3704 if (test_bit(k, sqp->in_use_bm)) {
3705 sqcp = &sqp->qc_arr[k];
3706 if (cmnd != sqcp->a_cmnd)
3709 devip = (struct sdebug_dev_info *)
3710 cmnd->device->hostdata;
3712 atomic_dec(&devip->num_in_q);
3713 sqcp->a_cmnd = NULL;
3714 sd_dp = sqcp->sd_dp;
3715 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3716 stop_qc_helper(sd_dp);
3717 clear_bit(k, sqp->in_use_bm);
3721 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3726 /* Deletes (stops) timers or work queues of all queued commands */
3727 static void stop_all_queued(void)
3729 unsigned long iflags;
3731 struct sdebug_queue *sqp;
3732 struct sdebug_queued_cmd *sqcp;
3733 struct sdebug_dev_info *devip;
3734 struct sdebug_defer *sd_dp;
3736 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3737 spin_lock_irqsave(&sqp->qc_lock, iflags);
3738 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3739 if (test_bit(k, sqp->in_use_bm)) {
3740 sqcp = &sqp->qc_arr[k];
3741 if (sqcp->a_cmnd == NULL)
3743 devip = (struct sdebug_dev_info *)
3744 sqcp->a_cmnd->device->hostdata;
3746 atomic_dec(&devip->num_in_q);
3747 sqcp->a_cmnd = NULL;
3748 sd_dp = sqcp->sd_dp;
3749 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3750 stop_qc_helper(sd_dp);
3751 clear_bit(k, sqp->in_use_bm);
3752 spin_lock_irqsave(&sqp->qc_lock, iflags);
3755 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
3759 /* Free queued command memory on heap */
3760 static void free_all_queued(void)
3763 struct sdebug_queue *sqp;
3764 struct sdebug_queued_cmd *sqcp;
3766 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
3767 for (k = 0; k < SDEBUG_CANQUEUE; ++k) {
3768 sqcp = &sqp->qc_arr[k];
3775 static int scsi_debug_abort(struct scsi_cmnd *SCpnt)
3781 ok = stop_queued_cmnd(SCpnt);
3782 if (SCpnt->device && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3783 sdev_printk(KERN_INFO, SCpnt->device,
3784 "%s: command%s found\n", __func__,
3790 static int scsi_debug_device_reset(struct scsi_cmnd * SCpnt)
3793 if (SCpnt && SCpnt->device) {
3794 struct scsi_device *sdp = SCpnt->device;
3795 struct sdebug_dev_info *devip =
3796 (struct sdebug_dev_info *)sdp->hostdata;
3798 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3799 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3801 set_bit(SDEBUG_UA_POR, devip->uas_bm);
3806 static int scsi_debug_target_reset(struct scsi_cmnd *SCpnt)
3808 struct sdebug_host_info *sdbg_host;
3809 struct sdebug_dev_info *devip;
3810 struct scsi_device *sdp;
3811 struct Scsi_Host *hp;
3814 ++num_target_resets;
3817 sdp = SCpnt->device;
3820 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3821 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3825 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3827 list_for_each_entry(devip,
3828 &sdbg_host->dev_info_list,
3830 if (devip->target == sdp->id) {
3831 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3835 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3836 sdev_printk(KERN_INFO, sdp,
3837 "%s: %d device(s) found in target\n", __func__, k);
3842 static int scsi_debug_bus_reset(struct scsi_cmnd * SCpnt)
3844 struct sdebug_host_info *sdbg_host;
3845 struct sdebug_dev_info *devip;
3846 struct scsi_device * sdp;
3847 struct Scsi_Host * hp;
3851 if (!(SCpnt && SCpnt->device))
3853 sdp = SCpnt->device;
3854 if (SDEBUG_OPT_ALL_NOISE & sdebug_opts)
3855 sdev_printk(KERN_INFO, sdp, "%s\n", __func__);
3858 sdbg_host = *(struct sdebug_host_info **)shost_priv(hp);
3860 list_for_each_entry(devip,
3861 &sdbg_host->dev_info_list,
3863 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3868 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3869 sdev_printk(KERN_INFO, sdp,
3870 "%s: %d device(s) found in host\n", __func__, k);
3875 static int scsi_debug_host_reset(struct scsi_cmnd * SCpnt)
3877 struct sdebug_host_info * sdbg_host;
3878 struct sdebug_dev_info *devip;
3882 if ((SCpnt->device) && (SDEBUG_OPT_ALL_NOISE & sdebug_opts))
3883 sdev_printk(KERN_INFO, SCpnt->device, "%s\n", __func__);
3884 spin_lock(&sdebug_host_list_lock);
3885 list_for_each_entry(sdbg_host, &sdebug_host_list, host_list) {
3886 list_for_each_entry(devip, &sdbg_host->dev_info_list,
3888 set_bit(SDEBUG_UA_BUS_RESET, devip->uas_bm);
3892 spin_unlock(&sdebug_host_list_lock);
3894 if (SDEBUG_OPT_RESET_NOISE & sdebug_opts)
3895 sdev_printk(KERN_INFO, SCpnt->device,
3896 "%s: %d device(s) found\n", __func__, k);
3900 static void __init sdebug_build_parts(unsigned char *ramp,
3901 unsigned long store_size)
3903 struct partition * pp;
3904 int starts[SDEBUG_MAX_PARTS + 2];
3905 int sectors_per_part, num_sectors, k;
3906 int heads_by_sects, start_sec, end_sec;
3908 /* assume partition table already zeroed */
3909 if ((sdebug_num_parts < 1) || (store_size < 1048576))
3911 if (sdebug_num_parts > SDEBUG_MAX_PARTS) {
3912 sdebug_num_parts = SDEBUG_MAX_PARTS;
3913 pr_warn("reducing partitions to %d\n", SDEBUG_MAX_PARTS);
3915 num_sectors = (int)sdebug_store_sectors;
3916 sectors_per_part = (num_sectors - sdebug_sectors_per)
3918 heads_by_sects = sdebug_heads * sdebug_sectors_per;
3919 starts[0] = sdebug_sectors_per;
3920 for (k = 1; k < sdebug_num_parts; ++k)
3921 starts[k] = ((k * sectors_per_part) / heads_by_sects)
3923 starts[sdebug_num_parts] = num_sectors;
3924 starts[sdebug_num_parts + 1] = 0;
3926 ramp[510] = 0x55; /* magic partition markings */
3928 pp = (struct partition *)(ramp + 0x1be);
3929 for (k = 0; starts[k + 1]; ++k, ++pp) {
3930 start_sec = starts[k];
3931 end_sec = starts[k + 1] - 1;
3934 pp->cyl = start_sec / heads_by_sects;
3935 pp->head = (start_sec - (pp->cyl * heads_by_sects))
3936 / sdebug_sectors_per;
3937 pp->sector = (start_sec % sdebug_sectors_per) + 1;
3939 pp->end_cyl = end_sec / heads_by_sects;
3940 pp->end_head = (end_sec - (pp->end_cyl * heads_by_sects))
3941 / sdebug_sectors_per;
3942 pp->end_sector = (end_sec % sdebug_sectors_per) + 1;
3944 pp->start_sect = cpu_to_le32(start_sec);
3945 pp->nr_sects = cpu_to_le32(end_sec - start_sec + 1);
3946 pp->sys_ind = 0x83; /* plain Linux partition */
3950 static void block_unblock_all_queues(bool block)
3953 struct sdebug_queue *sqp;
3955 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp)
3956 atomic_set(&sqp->blocked, (int)block);
3959 /* Adjust (by rounding down) the sdebug_cmnd_count so abs(every_nth)-1
3960 * commands will be processed normally before triggers occur.
3962 static void tweak_cmnd_count(void)
3966 modulo = abs(sdebug_every_nth);
3969 block_unblock_all_queues(true);
3970 count = atomic_read(&sdebug_cmnd_count);
3971 atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
3972 block_unblock_all_queues(false);
3975 static void clear_queue_stats(void)
3977 atomic_set(&sdebug_cmnd_count, 0);
3978 atomic_set(&sdebug_completions, 0);
3979 atomic_set(&sdebug_miss_cpus, 0);
3980 atomic_set(&sdebug_a_tsf, 0);
3983 static void setup_inject(struct sdebug_queue *sqp,
3984 struct sdebug_queued_cmd *sqcp)
3986 if ((atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0)
3988 sqcp->inj_recovered = !!(SDEBUG_OPT_RECOVERED_ERR & sdebug_opts);
3989 sqcp->inj_transport = !!(SDEBUG_OPT_TRANSPORT_ERR & sdebug_opts);
3990 sqcp->inj_dif = !!(SDEBUG_OPT_DIF_ERR & sdebug_opts);
3991 sqcp->inj_dix = !!(SDEBUG_OPT_DIX_ERR & sdebug_opts);
3992 sqcp->inj_short = !!(SDEBUG_OPT_SHORT_TRANSFER & sdebug_opts);
3995 /* Complete the processing of the thread that queued a SCSI command to this
3996 * driver. It either completes the command by calling cmnd_done() or
3997 * schedules a hr timer or work queue then returns 0. Returns
3998 * SCSI_MLQUEUE_HOST_BUSY if temporarily out of resources.
4000 static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
4001 int scsi_result, int delta_jiff)
4003 unsigned long iflags;
4004 int k, num_in_q, qdepth, inject;
4005 struct sdebug_queue *sqp;
4006 struct sdebug_queued_cmd *sqcp;
4007 struct scsi_device *sdp;
4008 struct sdebug_defer *sd_dp;
4010 if (unlikely(devip == NULL)) {
4011 if (scsi_result == 0)
4012 scsi_result = DID_NO_CONNECT << 16;
4013 goto respond_in_thread;
4017 if (unlikely(sdebug_verbose && scsi_result))
4018 sdev_printk(KERN_INFO, sdp, "%s: non-zero result=0x%x\n",
4019 __func__, scsi_result);
4020 if (delta_jiff == 0)
4021 goto respond_in_thread;
4023 /* schedule the response at a later time if resources permit */
4024 sqp = get_queue(cmnd);
4025 spin_lock_irqsave(&sqp->qc_lock, iflags);
4026 if (unlikely(atomic_read(&sqp->blocked))) {
4027 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4028 return SCSI_MLQUEUE_HOST_BUSY;
4030 num_in_q = atomic_read(&devip->num_in_q);
4031 qdepth = cmnd->device->queue_depth;
4033 if (unlikely((qdepth > 0) && (num_in_q >= qdepth))) {
4035 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4036 goto respond_in_thread;
4038 scsi_result = device_qfull_result;
4039 } else if (unlikely(sdebug_every_nth &&
4040 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
4041 (scsi_result == 0))) {
4042 if ((num_in_q == (qdepth - 1)) &&
4043 (atomic_inc_return(&sdebug_a_tsf) >=
4044 abs(sdebug_every_nth))) {
4045 atomic_set(&sdebug_a_tsf, 0);
4047 scsi_result = device_qfull_result;
4051 k = find_first_zero_bit(sqp->in_use_bm, sdebug_max_queue);
4052 if (unlikely(k >= sdebug_max_queue)) {
4053 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4055 goto respond_in_thread;
4056 else if (SDEBUG_OPT_ALL_TSF & sdebug_opts)
4057 scsi_result = device_qfull_result;
4058 if (SDEBUG_OPT_Q_NOISE & sdebug_opts)
4059 sdev_printk(KERN_INFO, sdp,
4060 "%s: max_queue=%d exceeded, %s\n",
4061 __func__, sdebug_max_queue,
4062 (scsi_result ? "status: TASK SET FULL" :
4063 "report: host busy"));
4065 goto respond_in_thread;
4067 return SCSI_MLQUEUE_HOST_BUSY;
4069 __set_bit(k, sqp->in_use_bm);
4070 atomic_inc(&devip->num_in_q);
4071 sqcp = &sqp->qc_arr[k];
4072 sqcp->a_cmnd = cmnd;
4073 cmnd->host_scribble = (unsigned char *)sqcp;
4074 cmnd->result = scsi_result;
4075 sd_dp = sqcp->sd_dp;
4076 spin_unlock_irqrestore(&sqp->qc_lock, iflags);
4077 if (unlikely(sdebug_every_nth && sdebug_any_injecting_opt))
4078 setup_inject(sqp, sqcp);
4079 if (delta_jiff > 0 || sdebug_ndelay > 0) {
4082 if (delta_jiff > 0) {
4085 jiffies_to_timespec(delta_jiff, &ts);
4086 kt = ktime_set(ts.tv_sec, ts.tv_nsec);
4088 kt = ktime_set(0, sdebug_ndelay);
4089 if (NULL == sd_dp) {
4090 sd_dp = kzalloc(sizeof(*sd_dp), GFP_ATOMIC);
4092 return SCSI_MLQUEUE_HOST_BUSY;
4093 sqcp->sd_dp = sd_dp;
4094 hrtimer_init(&sd_dp->hrt, CLOCK_MONOTONIC,
4095 HRTIMER_MODE_REL_PINNED);
4096 sd_dp->hrt.function = sdebug_q_cmd_hrt_complete;
4097 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4100 if (sdebug_statistics)
4101 sd_dp->issuing_cpu = raw_smp_processor_id();
4102 hrtimer_start(&sd_dp->hrt, kt, HRTIMER_MODE_REL_PINNED);
4103 } else { /* jdelay < 0, use work queue */
4104 if (NULL == sd_dp) {
4105 sd_dp = kzalloc(sizeof(*sqcp->sd_dp), GFP_ATOMIC);
4107 return SCSI_MLQUEUE_HOST_BUSY;
4108 sqcp->sd_dp = sd_dp;
4109 sd_dp->sqa_idx = sqp - sdebug_q_arr;
4111 INIT_WORK(&sd_dp->ew.work, sdebug_q_cmd_wq_complete);
4113 if (sdebug_statistics)
4114 sd_dp->issuing_cpu = raw_smp_processor_id();
4115 schedule_work(&sd_dp->ew.work);
4117 if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) &&
4118 (scsi_result == device_qfull_result)))
4119 sdev_printk(KERN_INFO, sdp,
4120 "%s: num_in_q=%d +1, %s%s\n", __func__,
4121 num_in_q, (inject ? "<inject> " : ""),
4122 "status: TASK SET FULL");
4125 respond_in_thread: /* call back to mid-layer using invocation thread */
4126 cmnd->result = scsi_result;
4127 cmnd->scsi_done(cmnd);
4131 /* Note: The following macros create attribute files in the
4132 /sys/module/scsi_debug/parameters directory. Unfortunately this
4133 driver is unaware of a change and cannot trigger auxiliary actions
4134 as it can when the corresponding attribute in the
4135 /sys/bus/pseudo/drivers/scsi_debug directory is changed.
4137 module_param_named(add_host, sdebug_add_host, int, S_IRUGO | S_IWUSR);
4138 module_param_named(ato, sdebug_ato, int, S_IRUGO);
4139 module_param_named(clustering, sdebug_clustering, bool, S_IRUGO | S_IWUSR);
4140 module_param_named(delay, sdebug_jdelay, int, S_IRUGO | S_IWUSR);
4141 module_param_named(dev_size_mb, sdebug_dev_size_mb, int, S_IRUGO);
4142 module_param_named(dif, sdebug_dif, int, S_IRUGO);
4143 module_param_named(dix, sdebug_dix, int, S_IRUGO);
4144 module_param_named(dsense, sdebug_dsense, int, S_IRUGO | S_IWUSR);
4145 module_param_named(every_nth, sdebug_every_nth, int, S_IRUGO | S_IWUSR);
4146 module_param_named(fake_rw, sdebug_fake_rw, int, S_IRUGO | S_IWUSR);
4147 module_param_named(guard, sdebug_guard, uint, S_IRUGO);
4148 module_param_named(host_lock, sdebug_host_lock, bool, S_IRUGO | S_IWUSR);
4149 module_param_named(lbpu, sdebug_lbpu, int, S_IRUGO);
4150 module_param_named(lbpws, sdebug_lbpws, int, S_IRUGO);
4151 module_param_named(lbpws10, sdebug_lbpws10, int, S_IRUGO);
4152 module_param_named(lbprz, sdebug_lbprz, int, S_IRUGO);
4153 module_param_named(lowest_aligned, sdebug_lowest_aligned, int, S_IRUGO);
4154 module_param_named(max_luns, sdebug_max_luns, int, S_IRUGO | S_IWUSR);
4155 module_param_named(max_queue, sdebug_max_queue, int, S_IRUGO | S_IWUSR);
4156 module_param_named(ndelay, sdebug_ndelay, int, S_IRUGO | S_IWUSR);
4157 module_param_named(no_lun_0, sdebug_no_lun_0, int, S_IRUGO | S_IWUSR);
4158 module_param_named(no_uld, sdebug_no_uld, int, S_IRUGO);
4159 module_param_named(num_parts, sdebug_num_parts, int, S_IRUGO);
4160 module_param_named(num_tgts, sdebug_num_tgts, int, S_IRUGO | S_IWUSR);
4161 module_param_named(opt_blks, sdebug_opt_blks, int, S_IRUGO);
4162 module_param_named(opts, sdebug_opts, int, S_IRUGO | S_IWUSR);
4163 module_param_named(physblk_exp, sdebug_physblk_exp, int, S_IRUGO);
4164 module_param_named(ptype, sdebug_ptype, int, S_IRUGO | S_IWUSR);
4165 module_param_named(removable, sdebug_removable, bool, S_IRUGO | S_IWUSR);
4166 module_param_named(scsi_level, sdebug_scsi_level, int, S_IRUGO);
4167 module_param_named(sector_size, sdebug_sector_size, int, S_IRUGO);
4168 module_param_named(statistics, sdebug_statistics, bool, S_IRUGO | S_IWUSR);
4169 module_param_named(strict, sdebug_strict, bool, S_IRUGO | S_IWUSR);
4170 module_param_named(submit_queues, submit_queues, int, S_IRUGO);
4171 module_param_named(unmap_alignment, sdebug_unmap_alignment, int, S_IRUGO);
4172 module_param_named(unmap_granularity, sdebug_unmap_granularity, int, S_IRUGO);
4173 module_param_named(unmap_max_blocks, sdebug_unmap_max_blocks, int, S_IRUGO);
4174 module_param_named(unmap_max_desc, sdebug_unmap_max_desc, int, S_IRUGO);
4175 module_param_named(virtual_gb, sdebug_virtual_gb, int, S_IRUGO | S_IWUSR);
4176 module_param_named(uuid_ctl, sdebug_uuid_ctl, int, S_IRUGO);
4177 module_param_named(vpd_use_hostno, sdebug_vpd_use_hostno, int,
4179 module_param_named(write_same_length, sdebug_write_same_length, int,
4182 MODULE_AUTHOR("Eric Youngdale + Douglas Gilbert");
4183 MODULE_DESCRIPTION("SCSI debug adapter driver");
4184 MODULE_LICENSE("GPL");
4185 MODULE_VERSION(SDEBUG_VERSION);
4187 MODULE_PARM_DESC(add_host, "0..127 hosts allowed(def=1)");
4188 MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
4189 MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
4190 MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
4191 MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
4192 MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
4193 MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
4194 MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
4195 MODULE_PARM_DESC(every_nth, "timeout every nth command(def=0)");
4196 MODULE_PARM_DESC(fake_rw, "fake reads/writes instead of copying (def=0)");
4197 MODULE_PARM_DESC(guard, "protection checksum: 0=crc, 1=ip (def=0)");
4198 MODULE_PARM_DESC(host_lock, "host_lock is ignored (def=0)");
4199 MODULE_PARM_DESC(lbpu, "enable LBP, support UNMAP command (def=0)");
4200 MODULE_PARM_DESC(lbpws, "enable LBP, support WRITE SAME(16) with UNMAP bit (def=0)");
4201 MODULE_PARM_DESC(lbpws10, "enable LBP, support WRITE SAME(10) with UNMAP bit (def=0)");
4202 MODULE_PARM_DESC(lbprz,
4203 "on read unmapped LBs return 0 when 1 (def), return 0xff when 2");
4204 MODULE_PARM_DESC(lowest_aligned, "lowest aligned lba (def=0)");
4205 MODULE_PARM_DESC(max_luns, "number of LUNs per target to simulate(def=1)");
4206 MODULE_PARM_DESC(max_queue, "max number of queued commands (1 to max(def))");
4207 MODULE_PARM_DESC(ndelay, "response delay in nanoseconds (def=0 -> ignore)");
4208 MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)");
4209 MODULE_PARM_DESC(no_uld, "stop ULD (e.g. sd driver) attaching (def=0))");
4210 MODULE_PARM_DESC(num_parts, "number of partitions(def=0)");
4211 MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)");
4212 MODULE_PARM_DESC(opt_blks, "optimal transfer length in blocks (def=1024)");
4213 MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)");
4214 MODULE_PARM_DESC(physblk_exp, "physical block exponent (def=0)");
4215 MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
4216 MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
4217 MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=7[SPC-5])");
4218 MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
4219 MODULE_PARM_DESC(statistics, "collect statistics on commands, queues (def=0)");
4220 MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
4221 MODULE_PARM_DESC(submit_queues, "support for block multi-queue (def=1)");
4222 MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
4223 MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
4224 MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
4225 MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
4226 MODULE_PARM_DESC(uuid_ctl,
4227 "1->use uuid for lu name, 0->don't, 2->all use same (def=0)");
4228 MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
4229 MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
4230 MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
4232 #define SDEBUG_INFO_LEN 256
4233 static char sdebug_info[SDEBUG_INFO_LEN];
4235 static const char * scsi_debug_info(struct Scsi_Host * shp)
4239 k = scnprintf(sdebug_info, SDEBUG_INFO_LEN, "%s: version %s [%s]\n",
4240 my_name, SDEBUG_VERSION, sdebug_version_date);
4241 if (k >= (SDEBUG_INFO_LEN - 1))
4243 scnprintf(sdebug_info + k, SDEBUG_INFO_LEN - k,
4244 " dev_size_mb=%d, opts=0x%x, submit_queues=%d, %s=%d",
4245 sdebug_dev_size_mb, sdebug_opts, submit_queues,
4246 "statistics", (int)sdebug_statistics);
4250 /* 'echo <val> > /proc/scsi/scsi_debug/<host_id>' writes to opts */
4251 static int scsi_debug_write_info(struct Scsi_Host *host, char *buffer,
4256 int minLen = length > 15 ? 15 : length;
4258 if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO))
4260 memcpy(arr, buffer, minLen);
4262 if (1 != sscanf(arr, "%d", &opts))
4265 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4266 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4267 if (sdebug_every_nth != 0)
4272 /* Output seen with 'cat /proc/scsi/scsi_debug/<host_id>'. It will be the
4273 * same for each scsi_debug host (if more than one). Some of the counters
4274 * output are not atomics so might be inaccurate in a busy system. */
4275 static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
4278 struct sdebug_queue *sqp;
4280 seq_printf(m, "scsi_debug adapter driver, version %s [%s]\n",
4281 SDEBUG_VERSION, sdebug_version_date);
4282 seq_printf(m, "num_tgts=%d, %ssize=%d MB, opts=0x%x, every_nth=%d\n",
4283 sdebug_num_tgts, "shared (ram) ", sdebug_dev_size_mb,
4284 sdebug_opts, sdebug_every_nth);
4285 seq_printf(m, "delay=%d, ndelay=%d, max_luns=%d, sector_size=%d %s\n",
4286 sdebug_jdelay, sdebug_ndelay, sdebug_max_luns,
4287 sdebug_sector_size, "bytes");
4288 seq_printf(m, "cylinders=%d, heads=%d, sectors=%d, command aborts=%d\n",
4289 sdebug_cylinders_per, sdebug_heads, sdebug_sectors_per,
4291 seq_printf(m, "RESETs: device=%d, target=%d, bus=%d, host=%d\n",
4292 num_dev_resets, num_target_resets, num_bus_resets,
4294 seq_printf(m, "dix_reads=%d, dix_writes=%d, dif_errors=%d\n",
4295 dix_reads, dix_writes, dif_errors);
4296 seq_printf(m, "usec_in_jiffy=%lu, %s=%d, mq_active=%d\n",
4297 TICK_NSEC / 1000, "statistics", sdebug_statistics,
4299 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
4300 atomic_read(&sdebug_cmnd_count),
4301 atomic_read(&sdebug_completions),
4302 "miss_cpus", atomic_read(&sdebug_miss_cpus),
4303 atomic_read(&sdebug_a_tsf));
4305 seq_printf(m, "submit_queues=%d\n", submit_queues);
4306 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
4307 seq_printf(m, " queue %d:\n", j);
4308 f = find_first_bit(sqp->in_use_bm, sdebug_max_queue);
4309 if (f != sdebug_max_queue) {
4310 l = find_last_bit(sqp->in_use_bm, sdebug_max_queue);
4311 seq_printf(m, " in_use_bm BUSY: %s: %d,%d\n",
4312 "first,last bits", f, l);
4318 static ssize_t delay_show(struct device_driver *ddp, char *buf)
4320 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_jdelay);
4322 /* Returns -EBUSY if jdelay is being changed and commands are queued. The unit
4323 * of delay is jiffies.
4325 static ssize_t delay_store(struct device_driver *ddp, const char *buf,
4330 if (count > 0 && sscanf(buf, "%d", &jdelay) == 1) {
4332 if (sdebug_jdelay != jdelay) {
4334 struct sdebug_queue *sqp;
4336 block_unblock_all_queues(true);
4337 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4339 k = find_first_bit(sqp->in_use_bm,
4341 if (k != sdebug_max_queue) {
4342 res = -EBUSY; /* queued commands */
4347 /* make sure sdebug_defer instances get
4348 * re-allocated for new delay variant */
4350 sdebug_jdelay = jdelay;
4353 block_unblock_all_queues(false);
4359 static DRIVER_ATTR_RW(delay);
4361 static ssize_t ndelay_show(struct device_driver *ddp, char *buf)
4363 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ndelay);
4365 /* Returns -EBUSY if ndelay is being changed and commands are queued */
4366 /* If > 0 and accepted then sdebug_jdelay is set to JDELAY_OVERRIDDEN */
4367 static ssize_t ndelay_store(struct device_driver *ddp, const char *buf,
4372 if ((count > 0) && (1 == sscanf(buf, "%d", &ndelay)) &&
4373 (ndelay >= 0) && (ndelay < (1000 * 1000 * 1000))) {
4375 if (sdebug_ndelay != ndelay) {
4377 struct sdebug_queue *sqp;
4379 block_unblock_all_queues(true);
4380 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4382 k = find_first_bit(sqp->in_use_bm,
4384 if (k != sdebug_max_queue) {
4385 res = -EBUSY; /* queued commands */
4390 /* make sure sdebug_defer instances get
4391 * re-allocated for new delay variant */
4393 sdebug_ndelay = ndelay;
4394 sdebug_jdelay = ndelay ? JDELAY_OVERRIDDEN
4397 block_unblock_all_queues(false);
4403 static DRIVER_ATTR_RW(ndelay);
4405 static ssize_t opts_show(struct device_driver *ddp, char *buf)
4407 return scnprintf(buf, PAGE_SIZE, "0x%x\n", sdebug_opts);
4410 static ssize_t opts_store(struct device_driver *ddp, const char *buf,
4416 if (1 == sscanf(buf, "%10s", work)) {
4417 if (0 == strncasecmp(work,"0x", 2)) {
4418 if (1 == sscanf(&work[2], "%x", &opts))
4421 if (1 == sscanf(work, "%d", &opts))
4428 sdebug_verbose = !!(SDEBUG_OPT_NOISE & opts);
4429 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & opts);
4433 static DRIVER_ATTR_RW(opts);
4435 static ssize_t ptype_show(struct device_driver *ddp, char *buf)
4437 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ptype);
4439 static ssize_t ptype_store(struct device_driver *ddp, const char *buf,
4444 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4450 static DRIVER_ATTR_RW(ptype);
4452 static ssize_t dsense_show(struct device_driver *ddp, char *buf)
4454 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dsense);
4456 static ssize_t dsense_store(struct device_driver *ddp, const char *buf,
4461 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4467 static DRIVER_ATTR_RW(dsense);
4469 static ssize_t fake_rw_show(struct device_driver *ddp, char *buf)
4471 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_fake_rw);
4473 static ssize_t fake_rw_store(struct device_driver *ddp, const char *buf,
4478 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4480 sdebug_fake_rw = (sdebug_fake_rw > 0);
4481 if (sdebug_fake_rw != n) {
4482 if ((0 == n) && (NULL == fake_storep)) {
4484 (unsigned long)sdebug_dev_size_mb *
4487 fake_storep = vmalloc(sz);
4488 if (NULL == fake_storep) {
4489 pr_err("out of memory, 9\n");
4492 memset(fake_storep, 0, sz);
4500 static DRIVER_ATTR_RW(fake_rw);
4502 static ssize_t no_lun_0_show(struct device_driver *ddp, char *buf)
4504 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_lun_0);
4506 static ssize_t no_lun_0_store(struct device_driver *ddp, const char *buf,
4511 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4512 sdebug_no_lun_0 = n;
4517 static DRIVER_ATTR_RW(no_lun_0);
4519 static ssize_t num_tgts_show(struct device_driver *ddp, char *buf)
4521 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_tgts);
4523 static ssize_t num_tgts_store(struct device_driver *ddp, const char *buf,
4528 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4529 sdebug_num_tgts = n;
4530 sdebug_max_tgts_luns();
4535 static DRIVER_ATTR_RW(num_tgts);
4537 static ssize_t dev_size_mb_show(struct device_driver *ddp, char *buf)
4539 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dev_size_mb);
4541 static DRIVER_ATTR_RO(dev_size_mb);
4543 static ssize_t num_parts_show(struct device_driver *ddp, char *buf)
4545 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_num_parts);
4547 static DRIVER_ATTR_RO(num_parts);
4549 static ssize_t every_nth_show(struct device_driver *ddp, char *buf)
4551 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_every_nth);
4553 static ssize_t every_nth_store(struct device_driver *ddp, const char *buf,
4558 if ((count > 0) && (1 == sscanf(buf, "%d", &nth))) {
4559 sdebug_every_nth = nth;
4560 if (nth && !sdebug_statistics) {
4561 pr_info("every_nth needs statistics=1, set it\n");
4562 sdebug_statistics = true;
4569 static DRIVER_ATTR_RW(every_nth);
4571 static ssize_t max_luns_show(struct device_driver *ddp, char *buf)
4573 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_luns);
4575 static ssize_t max_luns_store(struct device_driver *ddp, const char *buf,
4581 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4583 pr_warn("max_luns can be no more than 256\n");
4586 changed = (sdebug_max_luns != n);
4587 sdebug_max_luns = n;
4588 sdebug_max_tgts_luns();
4589 if (changed && (sdebug_scsi_level >= 5)) { /* >= SPC-3 */
4590 struct sdebug_host_info *sdhp;
4591 struct sdebug_dev_info *dp;
4593 spin_lock(&sdebug_host_list_lock);
4594 list_for_each_entry(sdhp, &sdebug_host_list,
4596 list_for_each_entry(dp, &sdhp->dev_info_list,
4598 set_bit(SDEBUG_UA_LUNS_CHANGED,
4602 spin_unlock(&sdebug_host_list_lock);
4608 static DRIVER_ATTR_RW(max_luns);
4610 static ssize_t max_queue_show(struct device_driver *ddp, char *buf)
4612 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_max_queue);
4614 /* N.B. max_queue can be changed while there are queued commands. In flight
4615 * commands beyond the new max_queue will be completed. */
4616 static ssize_t max_queue_store(struct device_driver *ddp, const char *buf,
4620 struct sdebug_queue *sqp;
4622 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n > 0) &&
4623 (n <= SDEBUG_CANQUEUE)) {
4624 block_unblock_all_queues(true);
4626 for (j = 0, sqp = sdebug_q_arr; j < submit_queues;
4628 a = find_last_bit(sqp->in_use_bm, SDEBUG_CANQUEUE);
4632 sdebug_max_queue = n;
4633 if (k == SDEBUG_CANQUEUE)
4634 atomic_set(&retired_max_queue, 0);
4636 atomic_set(&retired_max_queue, k + 1);
4638 atomic_set(&retired_max_queue, 0);
4639 block_unblock_all_queues(false);
4644 static DRIVER_ATTR_RW(max_queue);
4646 static ssize_t no_uld_show(struct device_driver *ddp, char *buf)
4648 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_no_uld);
4650 static DRIVER_ATTR_RO(no_uld);
4652 static ssize_t scsi_level_show(struct device_driver *ddp, char *buf)
4654 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_scsi_level);
4656 static DRIVER_ATTR_RO(scsi_level);
4658 static ssize_t virtual_gb_show(struct device_driver *ddp, char *buf)
4660 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_virtual_gb);
4662 static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
4668 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4669 changed = (sdebug_virtual_gb != n);
4670 sdebug_virtual_gb = n;
4671 sdebug_capacity = get_sdebug_capacity();
4673 struct sdebug_host_info *sdhp;
4674 struct sdebug_dev_info *dp;
4676 spin_lock(&sdebug_host_list_lock);
4677 list_for_each_entry(sdhp, &sdebug_host_list,
4679 list_for_each_entry(dp, &sdhp->dev_info_list,
4681 set_bit(SDEBUG_UA_CAPACITY_CHANGED,
4685 spin_unlock(&sdebug_host_list_lock);
4691 static DRIVER_ATTR_RW(virtual_gb);
4693 static ssize_t add_host_show(struct device_driver *ddp, char *buf)
4695 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_add_host);
4698 static int sdebug_add_adapter(void);
4699 static void sdebug_remove_adapter(void);
4701 static ssize_t add_host_store(struct device_driver *ddp, const char *buf,
4706 if (sscanf(buf, "%d", &delta_hosts) != 1)
4708 if (delta_hosts > 0) {
4710 sdebug_add_adapter();
4711 } while (--delta_hosts);
4712 } else if (delta_hosts < 0) {
4714 sdebug_remove_adapter();
4715 } while (++delta_hosts);
4719 static DRIVER_ATTR_RW(add_host);
4721 static ssize_t vpd_use_hostno_show(struct device_driver *ddp, char *buf)
4723 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_vpd_use_hostno);
4725 static ssize_t vpd_use_hostno_store(struct device_driver *ddp, const char *buf,
4730 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4731 sdebug_vpd_use_hostno = n;
4736 static DRIVER_ATTR_RW(vpd_use_hostno);
4738 static ssize_t statistics_show(struct device_driver *ddp, char *buf)
4740 return scnprintf(buf, PAGE_SIZE, "%d\n", (int)sdebug_statistics);
4742 static ssize_t statistics_store(struct device_driver *ddp, const char *buf,
4747 if ((count > 0) && (sscanf(buf, "%d", &n) == 1) && (n >= 0)) {
4749 sdebug_statistics = true;
4751 clear_queue_stats();
4752 sdebug_statistics = false;
4758 static DRIVER_ATTR_RW(statistics);
4760 static ssize_t sector_size_show(struct device_driver *ddp, char *buf)
4762 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_sector_size);
4764 static DRIVER_ATTR_RO(sector_size);
4766 static ssize_t submit_queues_show(struct device_driver *ddp, char *buf)
4768 return scnprintf(buf, PAGE_SIZE, "%d\n", submit_queues);
4770 static DRIVER_ATTR_RO(submit_queues);
4772 static ssize_t dix_show(struct device_driver *ddp, char *buf)
4774 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dix);
4776 static DRIVER_ATTR_RO(dix);
4778 static ssize_t dif_show(struct device_driver *ddp, char *buf)
4780 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_dif);
4782 static DRIVER_ATTR_RO(dif);
4784 static ssize_t guard_show(struct device_driver *ddp, char *buf)
4786 return scnprintf(buf, PAGE_SIZE, "%u\n", sdebug_guard);
4788 static DRIVER_ATTR_RO(guard);
4790 static ssize_t ato_show(struct device_driver *ddp, char *buf)
4792 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_ato);
4794 static DRIVER_ATTR_RO(ato);
4796 static ssize_t map_show(struct device_driver *ddp, char *buf)
4800 if (!scsi_debug_lbp())
4801 return scnprintf(buf, PAGE_SIZE, "0-%u\n",
4802 sdebug_store_sectors);
4804 count = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
4805 (int)map_size, map_storep);
4806 buf[count++] = '\n';
4811 static DRIVER_ATTR_RO(map);
4813 static ssize_t removable_show(struct device_driver *ddp, char *buf)
4815 return scnprintf(buf, PAGE_SIZE, "%d\n", sdebug_removable ? 1 : 0);
4817 static ssize_t removable_store(struct device_driver *ddp, const char *buf,
4822 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4823 sdebug_removable = (n > 0);
4828 static DRIVER_ATTR_RW(removable);
4830 static ssize_t host_lock_show(struct device_driver *ddp, char *buf)
4832 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_host_lock);
4834 /* N.B. sdebug_host_lock does nothing, kept for backward compatibility */
4835 static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
4840 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4841 sdebug_host_lock = (n > 0);
4846 static DRIVER_ATTR_RW(host_lock);
4848 static ssize_t strict_show(struct device_driver *ddp, char *buf)
4850 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_strict);
4852 static ssize_t strict_store(struct device_driver *ddp, const char *buf,
4857 if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
4858 sdebug_strict = (n > 0);
4863 static DRIVER_ATTR_RW(strict);
4865 static ssize_t uuid_ctl_show(struct device_driver *ddp, char *buf)
4867 return scnprintf(buf, PAGE_SIZE, "%d\n", !!sdebug_uuid_ctl);
4869 static DRIVER_ATTR_RO(uuid_ctl);
4872 /* Note: The following array creates attribute files in the
4873 /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
4874 files (over those found in the /sys/module/scsi_debug/parameters
4875 directory) is that auxiliary actions can be triggered when an attribute
4876 is changed. For example see: sdebug_add_host_store() above.
4879 static struct attribute *sdebug_drv_attrs[] = {
4880 &driver_attr_delay.attr,
4881 &driver_attr_opts.attr,
4882 &driver_attr_ptype.attr,
4883 &driver_attr_dsense.attr,
4884 &driver_attr_fake_rw.attr,
4885 &driver_attr_no_lun_0.attr,
4886 &driver_attr_num_tgts.attr,
4887 &driver_attr_dev_size_mb.attr,
4888 &driver_attr_num_parts.attr,
4889 &driver_attr_every_nth.attr,
4890 &driver_attr_max_luns.attr,
4891 &driver_attr_max_queue.attr,
4892 &driver_attr_no_uld.attr,
4893 &driver_attr_scsi_level.attr,
4894 &driver_attr_virtual_gb.attr,
4895 &driver_attr_add_host.attr,
4896 &driver_attr_vpd_use_hostno.attr,
4897 &driver_attr_sector_size.attr,
4898 &driver_attr_statistics.attr,
4899 &driver_attr_submit_queues.attr,
4900 &driver_attr_dix.attr,
4901 &driver_attr_dif.attr,
4902 &driver_attr_guard.attr,
4903 &driver_attr_ato.attr,
4904 &driver_attr_map.attr,
4905 &driver_attr_removable.attr,
4906 &driver_attr_host_lock.attr,
4907 &driver_attr_ndelay.attr,
4908 &driver_attr_strict.attr,
4909 &driver_attr_uuid_ctl.attr,
4912 ATTRIBUTE_GROUPS(sdebug_drv);
4914 static struct device *pseudo_primary;
4916 static int __init scsi_debug_init(void)
4923 atomic_set(&retired_max_queue, 0);
4925 if (sdebug_ndelay >= 1000 * 1000 * 1000) {
4926 pr_warn("ndelay must be less than 1 second, ignored\n");
4928 } else if (sdebug_ndelay > 0)
4929 sdebug_jdelay = JDELAY_OVERRIDDEN;
4931 switch (sdebug_sector_size) {
4938 pr_err("invalid sector_size %d\n", sdebug_sector_size);
4942 switch (sdebug_dif) {
4943 case T10_PI_TYPE0_PROTECTION:
4945 case T10_PI_TYPE1_PROTECTION:
4946 case T10_PI_TYPE2_PROTECTION:
4947 case T10_PI_TYPE3_PROTECTION:
4948 have_dif_prot = true;
4952 pr_err("dif must be 0, 1, 2 or 3\n");
4956 if (sdebug_guard > 1) {
4957 pr_err("guard must be 0 or 1\n");
4961 if (sdebug_ato > 1) {
4962 pr_err("ato must be 0 or 1\n");
4966 if (sdebug_physblk_exp > 15) {
4967 pr_err("invalid physblk_exp %u\n", sdebug_physblk_exp);
4970 if (sdebug_max_luns > 256) {
4971 pr_warn("max_luns can be no more than 256, use default\n");
4972 sdebug_max_luns = DEF_MAX_LUNS;
4975 if (sdebug_lowest_aligned > 0x3fff) {
4976 pr_err("lowest_aligned too big: %u\n", sdebug_lowest_aligned);
4980 if (submit_queues < 1) {
4981 pr_err("submit_queues must be 1 or more\n");
4984 sdebug_q_arr = kcalloc(submit_queues, sizeof(struct sdebug_queue),
4986 if (sdebug_q_arr == NULL)
4988 for (k = 0; k < submit_queues; ++k)
4989 spin_lock_init(&sdebug_q_arr[k].qc_lock);
4991 if (sdebug_dev_size_mb < 1)
4992 sdebug_dev_size_mb = 1; /* force minimum 1 MB ramdisk */
4993 sz = (unsigned long)sdebug_dev_size_mb * 1048576;
4994 sdebug_store_sectors = sz / sdebug_sector_size;
4995 sdebug_capacity = get_sdebug_capacity();
4997 /* play around with geometry, don't waste too much on track 0 */
4999 sdebug_sectors_per = 32;
5000 if (sdebug_dev_size_mb >= 256)
5002 else if (sdebug_dev_size_mb >= 16)
5004 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5005 (sdebug_sectors_per * sdebug_heads);
5006 if (sdebug_cylinders_per >= 1024) {
5007 /* other LLDs do this; implies >= 1GB ram disk ... */
5009 sdebug_sectors_per = 63;
5010 sdebug_cylinders_per = (unsigned long)sdebug_capacity /
5011 (sdebug_sectors_per * sdebug_heads);
5014 if (sdebug_fake_rw == 0) {
5015 fake_storep = vmalloc(sz);
5016 if (NULL == fake_storep) {
5017 pr_err("out of memory, 1\n");
5021 memset(fake_storep, 0, sz);
5022 if (sdebug_num_parts > 0)
5023 sdebug_build_parts(fake_storep, sz);
5029 dif_size = sdebug_store_sectors * sizeof(struct t10_pi_tuple);
5030 dif_storep = vmalloc(dif_size);
5032 pr_err("dif_storep %u bytes @ %p\n", dif_size, dif_storep);
5034 if (dif_storep == NULL) {
5035 pr_err("out of mem. (DIX)\n");
5040 memset(dif_storep, 0xff, dif_size);
5043 /* Logical Block Provisioning */
5044 if (scsi_debug_lbp()) {
5045 sdebug_unmap_max_blocks =
5046 clamp(sdebug_unmap_max_blocks, 0U, 0xffffffffU);
5048 sdebug_unmap_max_desc =
5049 clamp(sdebug_unmap_max_desc, 0U, 256U);
5051 sdebug_unmap_granularity =
5052 clamp(sdebug_unmap_granularity, 1U, 0xffffffffU);
5054 if (sdebug_unmap_alignment &&
5055 sdebug_unmap_granularity <=
5056 sdebug_unmap_alignment) {
5057 pr_err("ERR: unmap_granularity <= unmap_alignment\n");
5062 map_size = lba_to_map_index(sdebug_store_sectors - 1) + 1;
5063 map_storep = vmalloc(BITS_TO_LONGS(map_size) * sizeof(long));
5065 pr_info("%lu provisioning blocks\n", map_size);
5067 if (map_storep == NULL) {
5068 pr_err("out of mem. (MAP)\n");
5073 bitmap_zero(map_storep, map_size);
5075 /* Map first 1KB for partition table */
5076 if (sdebug_num_parts)
5080 pseudo_primary = root_device_register("pseudo_0");
5081 if (IS_ERR(pseudo_primary)) {
5082 pr_warn("root_device_register() error\n");
5083 ret = PTR_ERR(pseudo_primary);
5086 ret = bus_register(&pseudo_lld_bus);
5088 pr_warn("bus_register error: %d\n", ret);
5091 ret = driver_register(&sdebug_driverfs_driver);
5093 pr_warn("driver_register error: %d\n", ret);
5097 host_to_add = sdebug_add_host;
5098 sdebug_add_host = 0;
5100 for (k = 0; k < host_to_add; k++) {
5101 if (sdebug_add_adapter()) {
5102 pr_err("sdebug_add_adapter failed k=%d\n", k);
5108 pr_info("built %d host(s)\n", sdebug_add_host);
5113 bus_unregister(&pseudo_lld_bus);
5115 root_device_unregister(pseudo_primary);
5121 kfree(sdebug_q_arr);
5125 static void __exit scsi_debug_exit(void)
5127 int k = sdebug_add_host;
5132 sdebug_remove_adapter();
5133 driver_unregister(&sdebug_driverfs_driver);
5134 bus_unregister(&pseudo_lld_bus);
5135 root_device_unregister(pseudo_primary);
5140 kfree(sdebug_q_arr);
5143 device_initcall(scsi_debug_init);
5144 module_exit(scsi_debug_exit);
5146 static void sdebug_release_adapter(struct device * dev)
5148 struct sdebug_host_info *sdbg_host;
5150 sdbg_host = to_sdebug_host(dev);
5154 static int sdebug_add_adapter(void)
5156 int k, devs_per_host;
5158 struct sdebug_host_info *sdbg_host;
5159 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5161 sdbg_host = kzalloc(sizeof(*sdbg_host),GFP_KERNEL);
5162 if (NULL == sdbg_host) {
5163 pr_err("out of memory at line %d\n", __LINE__);
5167 INIT_LIST_HEAD(&sdbg_host->dev_info_list);
5169 devs_per_host = sdebug_num_tgts * sdebug_max_luns;
5170 for (k = 0; k < devs_per_host; k++) {
5171 sdbg_devinfo = sdebug_device_create(sdbg_host, GFP_KERNEL);
5172 if (!sdbg_devinfo) {
5173 pr_err("out of memory at line %d\n", __LINE__);
5179 spin_lock(&sdebug_host_list_lock);
5180 list_add_tail(&sdbg_host->host_list, &sdebug_host_list);
5181 spin_unlock(&sdebug_host_list_lock);
5183 sdbg_host->dev.bus = &pseudo_lld_bus;
5184 sdbg_host->dev.parent = pseudo_primary;
5185 sdbg_host->dev.release = &sdebug_release_adapter;
5186 dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_add_host);
5188 error = device_register(&sdbg_host->dev);
5197 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5199 list_del(&sdbg_devinfo->dev_list);
5200 kfree(sdbg_devinfo);
5207 static void sdebug_remove_adapter(void)
5209 struct sdebug_host_info * sdbg_host = NULL;
5211 spin_lock(&sdebug_host_list_lock);
5212 if (!list_empty(&sdebug_host_list)) {
5213 sdbg_host = list_entry(sdebug_host_list.prev,
5214 struct sdebug_host_info, host_list);
5215 list_del(&sdbg_host->host_list);
5217 spin_unlock(&sdebug_host_list_lock);
5222 device_unregister(&sdbg_host->dev);
5226 static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
5229 struct sdebug_dev_info *devip;
5231 block_unblock_all_queues(true);
5232 devip = (struct sdebug_dev_info *)sdev->hostdata;
5233 if (NULL == devip) {
5234 block_unblock_all_queues(false);
5237 num_in_q = atomic_read(&devip->num_in_q);
5241 /* allow to exceed max host qc_arr elements for testing */
5242 if (qdepth > SDEBUG_CANQUEUE + 10)
5243 qdepth = SDEBUG_CANQUEUE + 10;
5244 scsi_change_queue_depth(sdev, qdepth);
5246 if (SDEBUG_OPT_Q_NOISE & sdebug_opts) {
5247 sdev_printk(KERN_INFO, sdev, "%s: qdepth=%d, num_in_q=%d\n",
5248 __func__, qdepth, num_in_q);
5250 block_unblock_all_queues(false);
5251 return sdev->queue_depth;
5254 static bool fake_timeout(struct scsi_cmnd *scp)
5256 if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
5257 if (sdebug_every_nth < -1)
5258 sdebug_every_nth = -1;
5259 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
5260 return true; /* ignore command causing timeout */
5261 else if (SDEBUG_OPT_MAC_TIMEOUT & sdebug_opts &&
5262 scsi_medium_access_command(scp))
5263 return true; /* time out reads and writes */
5268 static int scsi_debug_queuecommand(struct Scsi_Host *shost,
5269 struct scsi_cmnd *scp)
5272 struct scsi_device *sdp = scp->device;
5273 const struct opcode_info_t *oip;
5274 const struct opcode_info_t *r_oip;
5275 struct sdebug_dev_info *devip;
5276 u8 *cmd = scp->cmnd;
5277 int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
5285 scsi_set_resid(scp, 0);
5286 if (sdebug_statistics)
5287 atomic_inc(&sdebug_cmnd_count);
5288 if (unlikely(sdebug_verbose &&
5289 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
5294 sb = (int)sizeof(b);
5296 strcpy(b, "too long, over 32 bytes");
5298 for (k = 0, n = 0; k < len && n < sb; ++k)
5299 n += scnprintf(b + n, sb - n, "%02x ",
5302 if (sdebug_mq_active)
5303 sdev_printk(KERN_INFO, sdp, "%s: tag=%u, cmd %s\n",
5304 my_name, blk_mq_unique_tag(scp->request),
5307 sdev_printk(KERN_INFO, sdp, "%s: cmd %s\n", my_name,
5310 has_wlun_rl = (sdp->lun == SCSI_W_LUN_REPORT_LUNS);
5311 if (unlikely((sdp->lun >= sdebug_max_luns) && !has_wlun_rl))
5314 sdeb_i = opcode_ind_arr[opcode]; /* fully mapped */
5315 oip = &opcode_info_arr[sdeb_i]; /* safe if table consistent */
5316 devip = (struct sdebug_dev_info *)sdp->hostdata;
5317 if (unlikely(!devip)) {
5318 devip = find_build_dev_info(sdp);
5322 na = oip->num_attached;
5324 if (na) { /* multiple commands with this opcode */
5326 if (FF_SA & r_oip->flags) {
5327 if (F_SA_LOW & oip->flags)
5330 sa = get_unaligned_be16(cmd + 8);
5331 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5332 if (opcode == oip->opcode && sa == oip->sa)
5335 } else { /* since no service action only check opcode */
5336 for (k = 0; k <= na; oip = r_oip->arrp + k++) {
5337 if (opcode == oip->opcode)
5342 if (F_SA_LOW & r_oip->flags)
5343 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
5344 else if (F_SA_HIGH & r_oip->flags)
5345 mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
5347 mk_sense_invalid_opcode(scp);
5350 } /* else (when na==0) we assume the oip is a match */
5352 if (unlikely(F_INV_OP & flags)) {
5353 mk_sense_invalid_opcode(scp);
5356 if (unlikely(has_wlun_rl && !(F_RL_WLUN_OK & flags))) {
5358 sdev_printk(KERN_INFO, sdp, "%s: Opcode 0x%x not%s\n",
5359 my_name, opcode, " supported for wlun");
5360 mk_sense_invalid_opcode(scp);
5363 if (unlikely(sdebug_strict)) { /* check cdb against mask */
5367 for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
5368 rem = ~oip->len_mask[k] & cmd[k];
5370 for (j = 7; j >= 0; --j, rem <<= 1) {
5374 mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
5379 if (unlikely(!(F_SKIP_UA & flags) &&
5380 find_first_bit(devip->uas_bm,
5381 SDEBUG_NUM_UAS) != SDEBUG_NUM_UAS)) {
5382 errsts = make_ua(scp, devip);
5386 if (unlikely((F_M_ACCESS & flags) && atomic_read(&devip->stopped))) {
5387 mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
5389 sdev_printk(KERN_INFO, sdp, "%s reports: Not ready: "
5390 "%s\n", my_name, "initializing command "
5392 errsts = check_condition_result;
5395 if (sdebug_fake_rw && (F_FAKE_RW & flags))
5397 if (unlikely(sdebug_every_nth)) {
5398 if (fake_timeout(scp))
5399 return 0; /* ignore command: make trouble */
5401 if (likely(oip->pfp))
5402 errsts = oip->pfp(scp, devip); /* calls a resp_* function */
5403 else if (r_pfp) /* if leaf function ptr NULL, try the root's */
5404 errsts = r_pfp(scp, devip);
5407 return schedule_resp(scp, devip, errsts,
5408 ((F_DELAY_OVERR & flags) ? 0 : sdebug_jdelay));
5410 return schedule_resp(scp, devip, check_condition_result, 0);
5412 return schedule_resp(scp, NULL, DID_NO_CONNECT << 16, 0);
5415 static struct scsi_host_template sdebug_driver_template = {
5416 .show_info = scsi_debug_show_info,
5417 .write_info = scsi_debug_write_info,
5418 .proc_name = sdebug_proc_name,
5419 .name = "SCSI DEBUG",
5420 .info = scsi_debug_info,
5421 .slave_alloc = scsi_debug_slave_alloc,
5422 .slave_configure = scsi_debug_slave_configure,
5423 .slave_destroy = scsi_debug_slave_destroy,
5424 .ioctl = scsi_debug_ioctl,
5425 .queuecommand = scsi_debug_queuecommand,
5426 .change_queue_depth = sdebug_change_qdepth,
5427 .eh_abort_handler = scsi_debug_abort,
5428 .eh_device_reset_handler = scsi_debug_device_reset,
5429 .eh_target_reset_handler = scsi_debug_target_reset,
5430 .eh_bus_reset_handler = scsi_debug_bus_reset,
5431 .eh_host_reset_handler = scsi_debug_host_reset,
5432 .can_queue = SDEBUG_CANQUEUE,
5434 .sg_tablesize = SG_MAX_SEGMENTS,
5435 .cmd_per_lun = DEF_CMD_PER_LUN,
5437 .use_clustering = DISABLE_CLUSTERING,
5438 .module = THIS_MODULE,
5439 .track_queue_depth = 1,
5442 static int sdebug_driver_probe(struct device * dev)
5445 struct sdebug_host_info *sdbg_host;
5446 struct Scsi_Host *hpnt;
5449 sdbg_host = to_sdebug_host(dev);
5451 sdebug_driver_template.can_queue = sdebug_max_queue;
5452 if (sdebug_clustering)
5453 sdebug_driver_template.use_clustering = ENABLE_CLUSTERING;
5454 hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
5456 pr_err("scsi_host_alloc failed\n");
5460 if (submit_queues > nr_cpu_ids) {
5461 pr_warn("%s: trim submit_queues (was %d) to nr_cpu_ids=%d\n",
5462 my_name, submit_queues, nr_cpu_ids);
5463 submit_queues = nr_cpu_ids;
5465 /* Decide whether to tell scsi subsystem that we want mq */
5466 /* Following should give the same answer for each host */
5467 sdebug_mq_active = shost_use_blk_mq(hpnt) && (submit_queues > 1);
5468 if (sdebug_mq_active)
5469 hpnt->nr_hw_queues = submit_queues;
5471 sdbg_host->shost = hpnt;
5472 *((struct sdebug_host_info **)hpnt->hostdata) = sdbg_host;
5473 if ((hpnt->this_id >= 0) && (sdebug_num_tgts > hpnt->this_id))
5474 hpnt->max_id = sdebug_num_tgts + 1;
5476 hpnt->max_id = sdebug_num_tgts;
5477 /* = sdebug_max_luns; */
5478 hpnt->max_lun = SCSI_W_LUN_REPORT_LUNS + 1;
5482 switch (sdebug_dif) {
5484 case T10_PI_TYPE1_PROTECTION:
5485 hprot = SHOST_DIF_TYPE1_PROTECTION;
5487 hprot |= SHOST_DIX_TYPE1_PROTECTION;
5490 case T10_PI_TYPE2_PROTECTION:
5491 hprot = SHOST_DIF_TYPE2_PROTECTION;
5493 hprot |= SHOST_DIX_TYPE2_PROTECTION;
5496 case T10_PI_TYPE3_PROTECTION:
5497 hprot = SHOST_DIF_TYPE3_PROTECTION;
5499 hprot |= SHOST_DIX_TYPE3_PROTECTION;
5504 hprot |= SHOST_DIX_TYPE0_PROTECTION;
5508 scsi_host_set_prot(hpnt, hprot);
5510 if (have_dif_prot || sdebug_dix)
5511 pr_info("host protection%s%s%s%s%s%s%s\n",
5512 (hprot & SHOST_DIF_TYPE1_PROTECTION) ? " DIF1" : "",
5513 (hprot & SHOST_DIF_TYPE2_PROTECTION) ? " DIF2" : "",
5514 (hprot & SHOST_DIF_TYPE3_PROTECTION) ? " DIF3" : "",
5515 (hprot & SHOST_DIX_TYPE0_PROTECTION) ? " DIX0" : "",
5516 (hprot & SHOST_DIX_TYPE1_PROTECTION) ? " DIX1" : "",
5517 (hprot & SHOST_DIX_TYPE2_PROTECTION) ? " DIX2" : "",
5518 (hprot & SHOST_DIX_TYPE3_PROTECTION) ? " DIX3" : "");
5520 if (sdebug_guard == 1)
5521 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_IP);
5523 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
5525 sdebug_verbose = !!(SDEBUG_OPT_NOISE & sdebug_opts);
5526 sdebug_any_injecting_opt = !!(SDEBUG_OPT_ALL_INJECTING & sdebug_opts);
5527 if (sdebug_every_nth) /* need stats counters for every_nth */
5528 sdebug_statistics = true;
5529 error = scsi_add_host(hpnt, &sdbg_host->dev);
5531 pr_err("scsi_add_host failed\n");
5533 scsi_host_put(hpnt);
5535 scsi_scan_host(hpnt);
5540 static int sdebug_driver_remove(struct device * dev)
5542 struct sdebug_host_info *sdbg_host;
5543 struct sdebug_dev_info *sdbg_devinfo, *tmp;
5545 sdbg_host = to_sdebug_host(dev);
5548 pr_err("Unable to locate host info\n");
5552 scsi_remove_host(sdbg_host->shost);
5554 list_for_each_entry_safe(sdbg_devinfo, tmp, &sdbg_host->dev_info_list,
5556 list_del(&sdbg_devinfo->dev_list);
5557 kfree(sdbg_devinfo);
5560 scsi_host_put(sdbg_host->shost);
5564 static int pseudo_lld_bus_match(struct device *dev,
5565 struct device_driver *dev_driver)
5570 static struct bus_type pseudo_lld_bus = {
5572 .match = pseudo_lld_bus_match,
5573 .probe = sdebug_driver_probe,
5574 .remove = sdebug_driver_remove,
5575 .drv_groups = sdebug_drv_groups,
git.samba.org / sfrench / cifs-2.6.git / blob