1 files changed, 1305 insertions, 676 deletions

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 238e06f13b8a..7b8b51bc29b4 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -63,8 +63,8 @@
 #include "sd.h"
 #include "scsi_logging.h"
 
-#define SCSI_DEBUG_VERSION "1.84"
-static const char *scsi_debug_version_date = "20140706";
+#define SCSI_DEBUG_VERSION "1.85"
+static const char *scsi_debug_version_date = "20141022";
 
 #define MY_NAME "scsi_debug"
 
@@ -75,19 +75,22 @@ static const char *scsi_debug_version_date = "20140706";
 #define UNRECOVERED_READ_ERR 0x11
 #define PARAMETER_LIST_LENGTH_ERR 0x1a
 #define INVALID_OPCODE 0x20
-#define ADDR_OUT_OF_RANGE 0x21
-#define INVALID_COMMAND_OPCODE 0x20
+#define LBA_OUT_OF_RANGE 0x21
 #define INVALID_FIELD_IN_CDB 0x24
 #define INVALID_FIELD_IN_PARAM_LIST 0x26
 #define UA_RESET_ASC 0x29
 #define UA_CHANGED_ASC 0x2a
+#define INSUFF_RES_ASC 0x55
+#define INSUFF_RES_ASCQ 0x3
 #define POWER_ON_RESET_ASCQ 0x0
 #define BUS_RESET_ASCQ 0x2      /* scsi bus reset occurred */
 #define MODE_CHANGED_ASCQ 0x1   /* mode parameters changed */
+#define CAPACITY_CHANGED_ASCQ 0x9
 #define SAVING_PARAMS_UNSUP 0x39
 #define TRANSPORT_PROBLEM 0x4b
 #define THRESHOLD_EXCEEDED 0x5d
 #define LOW_POWER_COND_ON 0x5e
+#define MISCOMPARE_VERIFY_ASC 0x1d
 
 /* Additional Sense Code Qualifier (ASCQ) */
 #define ACK_NAK_TO 0x3
@@ -125,7 +128,6 @@ static const char *scsi_debug_version_date = "20140706";
 #define DEF_REMOVABLE false
 #define DEF_SCSI_LEVEL   6    /* INQUIRY, byte2 [6->SPC-4] */
 #define DEF_SECTOR_SIZE 512
-#define DEF_TAGGED_QUEUING 0 /* 0 | MSG_SIMPLE_TAG | MSG_ORDERED_TAG */
 #define DEF_UNMAP_ALIGNMENT 0
 #define DEF_UNMAP_GRANULARITY 1
 #define DEF_UNMAP_MAX_BLOCKS 0xFFFFFFFF
@@ -133,6 +135,7 @@ static const char *scsi_debug_version_date = "20140706";
 #define DEF_VIRTUAL_GB   0
 #define DEF_VPD_USE_HOSTNO 1
 #define DEF_WRITESAME_LENGTH 0xFFFF
+#define DEF_STRICT 0
 #define DELAY_OVERRIDDEN -9999
 
 /* bit mask values for scsi_debug_opts */
@@ -176,11 +179,12 @@ static const char *scsi_debug_version_date = "20140706";
 #define SDEBUG_UA_POR 0         /* Power on, reset, or bus device reset */
 #define SDEBUG_UA_BUS_RESET 1
 #define SDEBUG_UA_MODE_CHANGED 2
-#define SDEBUG_NUM_UAS 3
+#define SDEBUG_UA_CAPACITY_CHANGED 3
+#define SDEBUG_NUM_UAS 4
 
 /* for check_readiness() */
-#define UAS_ONLY 1
-#define UAS_TUR 0
+#define UAS_ONLY 1      /* check for UAs only */
+#define UAS_TUR 0       /* if no UAs then check if media access possible */
 
 /* when 1==SCSI_DEBUG_OPT_MEDIUM_ERR, a medium error is simulated at this
  * sector on read commands: */
@@ -206,6 +210,301 @@ static const char *scsi_debug_version_date = "20140706";
 #warning "Expect DEF_CMD_PER_LUN <= SCSI_DEBUG_CANQUEUE"
 #endif
 
+/* SCSI opcodes (first byte of cdb) mapped onto these indexes */
+enum sdeb_opcode_index {
+        SDEB_I_INVALID_OPCODE = 0,
+        SDEB_I_INQUIRY = 1,
+        SDEB_I_REPORT_LUNS = 2,
+        SDEB_I_REQUEST_SENSE = 3,
+        SDEB_I_TEST_UNIT_READY = 4,
+        SDEB_I_MODE_SENSE = 5,          /* 6, 10 */
+        SDEB_I_MODE_SELECT = 6,         /* 6, 10 */
+        SDEB_I_LOG_SENSE = 7,
+        SDEB_I_READ_CAPACITY = 8,       /* 10; 16 is in SA_IN(16) */
+        SDEB_I_READ = 9,                /* 6, 10, 12, 16 */
+        SDEB_I_WRITE = 10,              /* 6, 10, 12, 16 */
+        SDEB_I_START_STOP = 11,
+        SDEB_I_SERV_ACT_IN = 12,        /* 12, 16 */
+        SDEB_I_SERV_ACT_OUT = 13,       /* 12, 16 */
+        SDEB_I_MAINT_IN = 14,
+        SDEB_I_MAINT_OUT = 15,
+        SDEB_I_VERIFY = 16,             /* 10 only */
+        SDEB_I_VARIABLE_LEN = 17,
+        SDEB_I_RESERVE = 18,            /* 6, 10 */
+        SDEB_I_RELEASE = 19,            /* 6, 10 */
+        SDEB_I_ALLOW_REMOVAL = 20,      /* PREVENT ALLOW MEDIUM REMOVAL */
+        SDEB_I_REZERO_UNIT = 21,        /* REWIND in SSC */
+        SDEB_I_ATA_PT = 22,             /* 12, 16 */
+        SDEB_I_SEND_DIAG = 23,
+        SDEB_I_UNMAP = 24,
+        SDEB_I_XDWRITEREAD = 25,        /* 10 only */
+        SDEB_I_WRITE_BUFFER = 26,
+        SDEB_I_WRITE_SAME = 27,         /* 10, 16 */
+        SDEB_I_SYNC_CACHE = 28,         /* 10 only */
+        SDEB_I_COMP_WRITE = 29,
+        SDEB_I_LAST_ELEMENT = 30,       /* keep this last */
+};
+
+static const unsigned char opcode_ind_arr[256] = {
+/* 0x0; 0x0->0x1f: 6 byte cdbs */
+        SDEB_I_TEST_UNIT_READY, SDEB_I_REZERO_UNIT, 0, SDEB_I_REQUEST_SENSE,
+            0, 0, 0, 0,
+        SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, 0,
+        0, 0, SDEB_I_INQUIRY, 0, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
+            SDEB_I_RELEASE,
+        0, 0, SDEB_I_MODE_SENSE, SDEB_I_START_STOP, 0, SDEB_I_SEND_DIAG,
+            SDEB_I_ALLOW_REMOVAL, 0,
+/* 0x20; 0x20->0x3f: 10 byte cdbs */
+        0, 0, 0, 0, 0, SDEB_I_READ_CAPACITY, 0, 0,
+        SDEB_I_READ, 0, SDEB_I_WRITE, 0, 0, 0, 0, SDEB_I_VERIFY,
+        0, 0, 0, 0, 0, SDEB_I_SYNC_CACHE, 0, 0,
+        0, 0, 0, SDEB_I_WRITE_BUFFER, 0, 0, 0, 0,
+/* 0x40; 0x40->0x5f: 10 byte cdbs */
+        0, SDEB_I_WRITE_SAME, SDEB_I_UNMAP, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, SDEB_I_LOG_SENSE, 0, 0,
+        0, 0, 0, SDEB_I_XDWRITEREAD, 0, SDEB_I_MODE_SELECT, SDEB_I_RESERVE,
+            SDEB_I_RELEASE,
+        0, 0, SDEB_I_MODE_SENSE, 0, 0, 0, 0, 0,
+/* 0x60; 0x60->0x7d are reserved */
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, SDEB_I_VARIABLE_LEN,
+/* 0x80; 0x80->0x9f: 16 byte cdbs */
+        0, 0, 0, 0, 0, SDEB_I_ATA_PT, 0, 0,
+        SDEB_I_READ, SDEB_I_COMP_WRITE, SDEB_I_WRITE, 0, 0, 0, 0, 0,
+        0, 0, 0, SDEB_I_WRITE_SAME, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, SDEB_I_SERV_ACT_IN, SDEB_I_SERV_ACT_OUT,
+/* 0xa0; 0xa0->0xbf: 12 byte cdbs */
+        SDEB_I_REPORT_LUNS, SDEB_I_ATA_PT, 0, SDEB_I_MAINT_IN,
+             SDEB_I_MAINT_OUT, 0, 0, 0,
+        SDEB_I_READ, SDEB_I_SERV_ACT_OUT, SDEB_I_WRITE, SDEB_I_SERV_ACT_IN,
+             0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0,
+/* 0xc0; 0xc0->0xff: vendor specific */
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+#define F_D_IN                  1
+#define F_D_OUT                 2
+#define F_D_OUT_MAYBE           4       /* WRITE SAME, NDOB bit */
+#define F_D_UNKN                8
+#define F_RL_WLUN_OK            0x10
+#define F_SKIP_UA               0x20
+#define F_DELAY_OVERR           0x40
+#define F_SA_LOW                0x80    /* cdb byte 1, bits 4 to 0 */
+#define F_SA_HIGH               0x100   /* as used by variable length cdbs */
+#define F_INV_OP                0x200
+#define F_FAKE_RW               0x400
+#define F_M_ACCESS              0x800   /* media access */
+
+#define FF_RESPOND (F_RL_WLUN_OK | F_SKIP_UA | F_DELAY_OVERR)
+#define FF_DIRECT_IO (F_M_ACCESS | F_FAKE_RW)
+#define FF_SA (F_SA_HIGH | F_SA_LOW)
+
+struct sdebug_dev_info;
+static int resp_inquiry(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_report_luns(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_requests(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_mode_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_mode_select(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_log_sense(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_readcap(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_read_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_write_dt0(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_start_stop(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_readcap16(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_get_lba_status(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_report_tgtpgs(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_unmap(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_rsup_opcodes(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_rsup_tmfs(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_write_same_10(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_write_same_16(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_xdwriteread_10(struct scsi_cmnd *, struct sdebug_dev_info *);
+static int resp_comp_write(struct scsi_cmnd *, struct sdebug_dev_info *);
+
+struct opcode_info_t {
+        u8 num_attached;        /* 0 if this is it (i.e. a leaf); use 0xff
+                                 * for terminating element */
+        u8 opcode;              /* if num_attached > 0, preferred */
+        u16 sa;                 /* service action */
+        u32 flags;              /* OR-ed set of SDEB_F_* */
+        int (*pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
+        const struct opcode_info_t *arrp;  /* num_attached elements or NULL */
+        u8 len_mask[16];        /* len=len_mask[0], then mask for cdb[1]... */
+                                /* ignore cdb bytes after position 15 */
+};
+
+static const struct opcode_info_t msense_iarr[1] = {
+        {0, 0x1a, 0, F_D_IN, NULL, NULL,
+            {6,  0xe8, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+};
+
+static const struct opcode_info_t mselect_iarr[1] = {
+        {0, 0x15, 0, F_D_OUT, NULL, NULL,
+            {6,  0xf1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+};
+
+static const struct opcode_info_t read_iarr[3] = {
+        {0, 0x28, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(10) */
+            {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
+             0, 0, 0, 0} },
+        {0, 0x8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL, /* READ(6) */
+            {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0xa8, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, NULL,/* READ(12) */
+            {12,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
+             0xc7, 0, 0, 0, 0} },
+};
+
+static const struct opcode_info_t write_iarr[3] = {
+        {0, 0x2a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL,   /* 10 */
+            {10,  0xfb, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
+             0, 0, 0, 0} },
+        {0, 0xa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL,    /* 6 */
+            {6,  0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0xaa, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, NULL,   /* 12 */
+            {12,  0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x9f,
+             0xc7, 0, 0, 0, 0} },
+};
+
+static const struct opcode_info_t sa_in_iarr[1] = {
+        {0, 0x9e, 0x12, F_SA_LOW | F_D_IN, resp_get_lba_status, NULL,
+            {16,  0x12, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0, 0xc7} },
+};
+
+static const struct opcode_info_t vl_iarr[1] = {        /* VARIABLE LENGTH */
+        {0, 0x7f, 0xb, F_SA_HIGH | F_D_OUT | FF_DIRECT_IO, resp_write_dt0,
+            NULL, {32,  0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0xb, 0xfa,
+                   0, 0xff, 0xff, 0xff, 0xff} },        /* WRITE(32) */
+};
+
+static const struct opcode_info_t maint_in_iarr[2] = {
+        {0, 0xa3, 0xc, F_SA_LOW | F_D_IN, resp_rsup_opcodes, NULL,
+            {12,  0xc, 0x87, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0,
+             0xc7, 0, 0, 0, 0} },
+        {0, 0xa3, 0xd, F_SA_LOW | F_D_IN, resp_rsup_tmfs, NULL,
+            {12,  0xd, 0x80, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
+             0, 0} },
+};
+
+static const struct opcode_info_t write_same_iarr[1] = {
+        {0, 0x93, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_16, NULL,
+            {16,  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0x1f, 0xc7} },
+};
+
+static const struct opcode_info_t reserve_iarr[1] = {
+        {0, 0x16, 0, F_D_OUT, NULL, NULL,       /* RESERVE(6) */
+            {6,  0x1f, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+};
+
+static const struct opcode_info_t release_iarr[1] = {
+        {0, 0x17, 0, F_D_OUT, NULL, NULL,       /* RELEASE(6) */
+            {6,  0x1f, 0xff, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+};
+
+
+/* This array is accessed via SDEB_I_* values. Make sure all are mapped,
+ * plus the terminating elements for logic that scans this table such as
+ * REPORT SUPPORTED OPERATION CODES. */
+static const struct opcode_info_t opcode_info_arr[SDEB_I_LAST_ELEMENT + 1] = {
+/* 0 */
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL,
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0x12, 0, FF_RESPOND | F_D_IN, resp_inquiry, NULL,
+            {6,  0xe3, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0xa0, 0, FF_RESPOND | F_D_IN, resp_report_luns, NULL,
+            {12,  0xe3, 0xff, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0,
+             0, 0} },
+        {0, 0x3, 0, FF_RESPOND | F_D_IN, resp_requests, NULL,
+            {6,  0xe1, 0, 0, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0x0, 0, F_M_ACCESS | F_RL_WLUN_OK, NULL, NULL,/* TEST UNIT READY */
+            {6,  0, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {1, 0x5a, 0, F_D_IN, resp_mode_sense, msense_iarr,
+            {10,  0xf8, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
+             0} },
+        {1, 0x55, 0, F_D_OUT, resp_mode_select, mselect_iarr,
+            {10,  0xf1, 0, 0, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
+        {0, 0x4d, 0, F_D_IN, resp_log_sense, NULL,
+            {10,  0xe3, 0xff, 0xff, 0, 0xff, 0xff, 0xff, 0xff, 0xc7, 0, 0, 0,
+             0, 0, 0} },
+        {0, 0x25, 0, F_D_IN, resp_readcap, NULL,
+            {10,  0xe1, 0xff, 0xff, 0xff, 0xff, 0, 0, 0x1, 0xc7, 0, 0, 0, 0,
+             0, 0} },
+        {3, 0x88, 0, F_D_IN | FF_DIRECT_IO, resp_read_dt0, read_iarr,
+            {16,  0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0x9f, 0xc7} },           /* READ(16) */
+/* 10 */
+        {3, 0x8a, 0, F_D_OUT | FF_DIRECT_IO, resp_write_dt0, write_iarr,
+            {16,  0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0x9f, 0xc7} },           /* WRITE(16) */
+        {0, 0x1b, 0, 0, resp_start_stop, NULL,          /* START STOP UNIT */
+            {6,  0x1, 0, 0xf, 0xf7, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {1, 0x9e, 0x10, F_SA_LOW | F_D_IN, resp_readcap16, sa_in_iarr,
+            {16,  0x10, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+             0xff, 0xff, 0xff, 0x1, 0xc7} },    /* READ CAPACITY(16) */
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* SA OUT */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {2, 0xa3, 0xa, F_SA_LOW | F_D_IN, resp_report_tgtpgs, maint_in_iarr,
+            {12,  0xea, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff, 0, 0xc7, 0, 0, 0,
+             0} },
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* MAINT OUT */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* VERIFY */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {1, 0x7f, 0x9, F_SA_HIGH | F_D_IN | FF_DIRECT_IO, resp_read_dt0,
+            vl_iarr, {32,  0xc7, 0, 0, 0, 0, 0x1f, 0x18, 0x0, 0x9, 0xfe, 0,
+                      0xff, 0xff, 0xff, 0xff} },/* VARIABLE LENGTH, READ(32) */
+        {1, 0x56, 0, F_D_OUT, NULL, reserve_iarr, /* RESERVE(10) */
+            {10,  0xff, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
+             0} },
+        {1, 0x57, 0, F_D_OUT, NULL, release_iarr, /* RELEASE(10) */
+            {10,  0x13, 0xff, 0xff, 0, 0, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0,
+             0} },
+/* 20 */
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ALLOW REMOVAL */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0x1, 0, 0, resp_start_stop, NULL, /* REWIND ?? */
+            {6,  0x1, 0, 0, 0, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* ATA_PT */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0x1d, F_D_OUT, 0, NULL, NULL,       /* SEND DIAGNOSTIC */
+            {6,  0xf7, 0, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {0, 0x42, 0, F_D_OUT | FF_DIRECT_IO, resp_unmap, NULL, /* UNMAP */
+            {10,  0x1, 0, 0, 0, 0, 0x1f, 0xff, 0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
+        {0, 0x53, 0, F_D_IN | F_D_OUT | FF_DIRECT_IO, resp_xdwriteread_10,
+            NULL, {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7,
+                   0, 0, 0, 0, 0, 0} },
+        {0, 0, 0, F_INV_OP | FF_RESPOND, NULL, NULL, /* WRITE_BUFFER */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+        {1, 0x41, 0, F_D_OUT_MAYBE | FF_DIRECT_IO, resp_write_same_10,
+            write_same_iarr, {10,  0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff,
+                              0xff, 0xc7, 0, 0, 0, 0, 0, 0} },
+        {0, 0x35, 0, F_DELAY_OVERR | FF_DIRECT_IO, NULL, NULL, /* SYNC_CACHE */
+            {10,  0x7, 0xff, 0xff, 0xff, 0xff, 0x1f, 0xff, 0xff, 0xc7, 0, 0,
+             0, 0, 0, 0} },
+        {0, 0x89, 0, F_D_OUT | FF_DIRECT_IO, resp_comp_write, NULL,
+            {16,  0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0, 0,
+             0, 0xff, 0x1f, 0xc7} },            /* COMPARE AND WRITE */
+
+/* 30 */
+        {0xff, 0, 0, 0, NULL, NULL,             /* terminating element */
+            {0,  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} },
+};
+
+struct sdebug_scmd_extra_t {
+        bool inj_recovered;
+        bool inj_transport;
+        bool inj_dif;
+        bool inj_dix;
+        bool inj_short;
+};
+
 static int scsi_debug_add_host = DEF_NUM_HOST;
 static int scsi_debug_ato = DEF_ATO;
 static int scsi_debug_delay = DEF_DELAY;
@@ -245,6 +544,8 @@ static unsigned int scsi_debug_write_same_length = DEF_WRITESAME_LENGTH;
 static bool scsi_debug_removable = DEF_REMOVABLE;
 static bool scsi_debug_clustering;
 static bool scsi_debug_host_lock = DEF_HOST_LOCK;
+static bool scsi_debug_strict = DEF_STRICT;
+static bool sdebug_any_injecting_opt;
 
 static atomic_t sdebug_cmnd_count;
 static atomic_t sdebug_completions;
@@ -277,11 +578,10 @@ struct sdebug_dev_info {
         unsigned int target;
         u64 lun;
         struct sdebug_host_info *sdbg_host;
-        u64 wlun;
         unsigned long uas_bm[1];
         atomic_t num_in_q;
-        char stopped;
-        char used;
+        char stopped;           /* TODO: should be atomic */
+        bool used;
 };
 
 struct sdebug_host_info {
@@ -394,6 +694,50 @@ static void sdebug_max_tgts_luns(void)
         spin_unlock(&sdebug_host_list_lock);
 }
 
+enum sdeb_cmd_data {SDEB_IN_DATA = 0, SDEB_IN_CDB = 1};
+
+/* Set in_bit to -1 to indicate no bit position of invalid field */
+static void
+mk_sense_invalid_fld(struct scsi_cmnd *scp, enum sdeb_cmd_data c_d,
+                     int in_byte, int in_bit)
+{
+        unsigned char *sbuff;
+        u8 sks[4];
+        int sl, asc;
+
+        sbuff = scp->sense_buffer;
+        if (!sbuff) {
+                sdev_printk(KERN_ERR, scp->device,
+                            "%s: sense_buffer is NULL\n", __func__);
+                return;
+        }
+        asc = c_d ? INVALID_FIELD_IN_CDB : INVALID_FIELD_IN_PARAM_LIST;
+        memset(sbuff, 0, SCSI_SENSE_BUFFERSIZE);
+        scsi_build_sense_buffer(scsi_debug_dsense, sbuff, ILLEGAL_REQUEST,
+                                asc, 0);
+        memset(sks, 0, sizeof(sks));
+        sks[0] = 0x80;
+        if (c_d)
+                sks[0] |= 0x40;
+        if (in_bit >= 0) {
+                sks[0] |= 0x8;
+                sks[0] |= 0x7 & in_bit;
+        }
+        put_unaligned_be16(in_byte, sks + 1);
+        if (scsi_debug_dsense) {
+                sl = sbuff[7] + 8;
+                sbuff[7] = sl;
+                sbuff[sl] = 0x2;
+                sbuff[sl + 1] = 0x6;
+                memcpy(sbuff + sl + 4, sks, 3);
+        } else
+                memcpy(sbuff + 15, sks, 3);
+        if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts)
+                sdev_printk(KERN_INFO, scp->device, "%s:  [sense_key,asc,ascq"
+                            "]: [0x5,0x%x,0x0] %c byte=%d, bit=%d\n",
+                            my_name, asc, c_d ? 'C' : 'D', in_byte, in_bit);
+}
+
 static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
 {
         unsigned char *sbuff;
@@ -414,63 +758,10 @@ static void mk_sense_buffer(struct scsi_cmnd *scp, int key, int asc, int asq)
                             my_name, key, asc, asq);
 }
 
-static void get_data_transfer_info(unsigned char *cmd,
-                                   unsigned long long *lba, unsigned int *num,
-                                   u32 *ei_lba)
+static void
+mk_sense_invalid_opcode(struct scsi_cmnd *scp)
 {
-        *ei_lba = 0;
-
-        switch (*cmd) {
-        case VARIABLE_LENGTH_CMD:
-                *lba = (u64)cmd[19] | (u64)cmd[18] << 8 |
-                        (u64)cmd[17] << 16 | (u64)cmd[16] << 24 |
-                        (u64)cmd[15] << 32 | (u64)cmd[14] << 40 |
-                        (u64)cmd[13] << 48 | (u64)cmd[12] << 56;
-
-                *ei_lba = (u32)cmd[23] | (u32)cmd[22] << 8 |
-                        (u32)cmd[21] << 16 | (u32)cmd[20] << 24;
-
-                *num = (u32)cmd[31] | (u32)cmd[30] << 8 | (u32)cmd[29] << 16 |
-                        (u32)cmd[28] << 24;
-                break;
-
-        case WRITE_SAME_16:
-        case WRITE_16:
-        case READ_16:
-                *lba = (u64)cmd[9] | (u64)cmd[8] << 8 |
-                        (u64)cmd[7] << 16 | (u64)cmd[6] << 24 |
-                        (u64)cmd[5] << 32 | (u64)cmd[4] << 40 |
-                        (u64)cmd[3] << 48 | (u64)cmd[2] << 56;
-
-                *num = (u32)cmd[13] | (u32)cmd[12] << 8 | (u32)cmd[11] << 16 |
-                        (u32)cmd[10] << 24;
-                break;
-        case WRITE_12:
-        case READ_12:
-                *lba = (u32)cmd[5] | (u32)cmd[4] << 8 | (u32)cmd[3] << 16 |
-                        (u32)cmd[2] << 24;
-
-                *num = (u32)cmd[9] | (u32)cmd[8] << 8 | (u32)cmd[7] << 16 |
-                        (u32)cmd[6] << 24;
-                break;
-        case WRITE_SAME:
-        case WRITE_10:
-        case READ_10:
-        case XDWRITEREAD_10:
-                *lba = (u32)cmd[5] | (u32)cmd[4] << 8 | (u32)cmd[3] << 16 |
-                        (u32)cmd[2] << 24;
-
-                *num = (u32)cmd[8] | (u32)cmd[7] << 8;
-                break;
-        case WRITE_6:
-        case READ_6:
-                *lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
-                        (u32)(cmd[1] & 0x1f) << 16;
-                *num = (0 == cmd[4]) ? 256 : cmd[4];
-                break;
-        default:
-                break;
-        }
+        mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
 }
 
 static int scsi_debug_ioctl(struct scsi_device *dev, int cmd, void __user *arg)
@@ -520,6 +811,12 @@ static int check_readiness(struct scsi_cmnd *SCpnt, int uas_only,
                         if (debug)
                                 cp = "mode parameters changed";
                         break;
+                case SDEBUG_UA_CAPACITY_CHANGED:
+                        mk_sense_buffer(SCpnt, UNIT_ATTENTION,
+                                        UA_CHANGED_ASC, CAPACITY_CHANGED_ASCQ);
+                        if (debug)
+                                cp = "capacity data changed";
+                        break;
                 default:
                         pr_warn("%s: unexpected unit attention code=%d\n",
                                 __func__, k);
@@ -924,19 +1221,20 @@ static int inquiry_evpd_b2(unsigned char *arr)
 #define SDEBUG_LONG_INQ_SZ 96
 #define SDEBUG_MAX_INQ_ARR_SZ 584
 
-static int resp_inquiry(struct scsi_cmnd *scp, int target,
-                        struct sdebug_dev_info * devip)
+static int resp_inquiry(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
         unsigned char pq_pdt;
         unsigned char * arr;
         unsigned char *cmd = scp->cmnd;
         int alloc_len, n, ret;
+        bool have_wlun;
 
         alloc_len = (cmd[3] << 8) + cmd[4];
         arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC);
         if (! arr)
                 return DID_REQUEUE << 16;
-        if (devip->wlun)
+        have_wlun = (scp->device->lun == SAM2_WLUN_REPORT_LUNS);
+        if (have_wlun)
                 pq_pdt = 0x1e;  /* present, wlun */
         else if (scsi_debug_no_lun_0 && (0 == devip->lun))
                 pq_pdt = 0x7f;  /* not present, no device type */
@@ -944,8 +1242,7 @@ static int resp_inquiry(struct scsi_cmnd *scp, int target,
                 pq_pdt = (scsi_debug_ptype & 0x1f);
         arr[0] = pq_pdt;
         if (0x2 & cmd[1]) {  /* CMDDT bit set */
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 1);
                 kfree(arr);
                 return check_condition_result;
         } else if (0x1 & cmd[1]) {  /* EVPD bit set */
@@ -957,7 +1254,7 @@ static int resp_inquiry(struct scsi_cmnd *scp, int target,
                     (devip->channel & 0x7f);
                 if (0 == scsi_debug_vpd_use_hostno)
                         host_no = 0;
-                lu_id_num = devip->wlun ? -1 : (((host_no + 1) * 2000) +
+                lu_id_num = have_wlun ? -1 : (((host_no + 1) * 2000) +
                             (devip->target * 1000) + devip->lun);
                 target_dev_id = ((host_no + 1) * 2000) +
                                  (devip->target * 1000) - 3;
@@ -1029,9 +1326,7 @@ static int resp_inquiry(struct scsi_cmnd *scp, int target,
                         arr[1] = cmd[2];        /*sanity */
                         arr[3] = inquiry_evpd_b2(&arr[4]);
                 } else {
-                        /* Illegal request, invalid field in cdb */
-                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, -1);
                         kfree(arr);
                         return check_condition_result;
                 }
@@ -1077,18 +1372,20 @@ static int resp_requests(struct scsi_cmnd * scp,
         unsigned char * sbuff;
         unsigned char *cmd = scp->cmnd;
         unsigned char arr[SCSI_SENSE_BUFFERSIZE];
-        int want_dsense;
+        bool dsense, want_dsense;
         int len = 18;
 
         memset(arr, 0, sizeof(arr));
-        want_dsense = !!(cmd[1] & 1) || scsi_debug_dsense;
+        dsense = !!(cmd[1] & 1);
+        want_dsense = dsense || scsi_debug_dsense;
         sbuff = scp->sense_buffer;
         if ((iec_m_pg[2] & 0x4) && (6 == (iec_m_pg[3] & 0xf))) {
-                if (want_dsense) {
+                if (dsense) {
                         arr[0] = 0x72;
                         arr[1] = 0x0;           /* NO_SENSE in sense_key */
                         arr[2] = THRESHOLD_EXCEEDED;
                         arr[3] = 0xff;          /* TEST set and MRIE==6 */
+                        len = 8;
                 } else {
                         arr[0] = 0x70;
                         arr[2] = 0x0;           /* NO_SENSE in sense_key */
@@ -1098,15 +1395,34 @@ static int resp_requests(struct scsi_cmnd * scp,
                 }
         } else {
                 memcpy(arr, sbuff, SCSI_SENSE_BUFFERSIZE);
-                if ((cmd[1] & 1) && (! scsi_debug_dsense)) {
-                        /* DESC bit set and sense_buff in fixed format */
-                        memset(arr, 0, sizeof(arr));
+                if (arr[0] >= 0x70 && dsense == scsi_debug_dsense)
+                        ;       /* have sense and formats match */
+                else if (arr[0] <= 0x70) {
+                        if (dsense) {
+                                memset(arr, 0, 8);
+                                arr[0] = 0x72;
+                                len = 8;
+                        } else {
+                                memset(arr, 0, 18);
+                                arr[0] = 0x70;
+                                arr[7] = 0xa;
+                        }
+                } else if (dsense) {
+                        memset(arr, 0, 8);
                         arr[0] = 0x72;
                         arr[1] = sbuff[2];     /* sense key */
                         arr[2] = sbuff[12];    /* asc */
                         arr[3] = sbuff[13];    /* ascq */
                         len = 8;
+                } else {
+                        memset(arr, 0, 18);
+                        arr[0] = 0x70;
+                        arr[2] = sbuff[1];
+                        arr[7] = 0xa;
+                        arr[12] = sbuff[1];
+                        arr[13] = sbuff[3];
                 }
+
         }
         mk_sense_buffer(scp, 0, NO_ADDITIONAL_SENSE, 0);
         return fill_from_dev_buffer(scp, arr, len);
@@ -1116,15 +1432,11 @@ static int resp_start_stop(struct scsi_cmnd * scp,
                            struct sdebug_dev_info * devip)
 {
         unsigned char *cmd = scp->cmnd;
-        int power_cond, errsts, start;
+        int power_cond, start;
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         power_cond = (cmd[4] & 0xf0) >> 4;
         if (power_cond) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, 7);
                 return check_condition_result;
         }
         start = cmd[4] & 1;
@@ -1148,11 +1460,7 @@ static int resp_readcap(struct scsi_cmnd * scp,
 {
         unsigned char arr[SDEBUG_READCAP_ARR_SZ];
         unsigned int capac;
-        int errsts;
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         /* following just in case virtual_gb changed */
         sdebug_capacity = get_sdebug_capacity();
         memset(arr, 0, SDEBUG_READCAP_ARR_SZ);
@@ -1180,11 +1488,8 @@ static int resp_readcap16(struct scsi_cmnd * scp,
         unsigned char *cmd = scp->cmnd;
         unsigned char arr[SDEBUG_READCAP16_ARR_SZ];
         unsigned long long capac;
-        int errsts, k, alloc_len;
+        int k, alloc_len;
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         alloc_len = ((cmd[10] << 24) + (cmd[11] << 16) + (cmd[12] << 8)
                      + cmd[13]);
         /* following just in case virtual_gb changed */
@@ -1300,6 +1605,184 @@ static int resp_report_tgtpgs(struct scsi_cmnd * scp,
         return ret;
 }
 
+static int
+resp_rsup_opcodes(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        bool rctd;
+        u8 reporting_opts, req_opcode, sdeb_i, supp;
+        u16 req_sa, u;
+        u32 alloc_len, a_len;
+        int k, offset, len, errsts, count, bump, na;
+        const struct opcode_info_t *oip;
+        const struct opcode_info_t *r_oip;
+        u8 *arr;
+        u8 *cmd = scp->cmnd;
+
+        rctd = !!(cmd[2] & 0x80);
+        reporting_opts = cmd[2] & 0x7;
+        req_opcode = cmd[3];
+        req_sa = get_unaligned_be16(cmd + 4);
+        alloc_len = get_unaligned_be32(cmd + 6);
+        if (alloc_len < 4 && alloc_len > 0xffff) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
+                return check_condition_result;
+        }
+        if (alloc_len > 8192)
+                a_len = 8192;
+        else
+                a_len = alloc_len;
+        arr = kzalloc((a_len < 256) ? 320 : a_len + 64, GFP_KERNEL);
+        if (NULL == arr) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
+                                INSUFF_RES_ASCQ);
+                return check_condition_result;
+        }
+        switch (reporting_opts) {
+        case 0: /* all commands */
+                /* count number of commands */
+                for (count = 0, oip = opcode_info_arr;
+                     oip->num_attached != 0xff; ++oip) {
+                        if (F_INV_OP & oip->flags)
+                                continue;
+                        count += (oip->num_attached + 1);
+                }
+                bump = rctd ? 20 : 8;
+                put_unaligned_be32(count * bump, arr);
+                for (offset = 4, oip = opcode_info_arr;
+                     oip->num_attached != 0xff && offset < a_len; ++oip) {
+                        if (F_INV_OP & oip->flags)
+                                continue;
+                        na = oip->num_attached;
+                        arr[offset] = oip->opcode;
+                        put_unaligned_be16(oip->sa, arr + offset + 2);
+                        if (rctd)
+                                arr[offset + 5] |= 0x2;
+                        if (FF_SA & oip->flags)
+                                arr[offset + 5] |= 0x1;
+                        put_unaligned_be16(oip->len_mask[0], arr + offset + 6);
+                        if (rctd)
+                                put_unaligned_be16(0xa, arr + offset + 8);
+                        r_oip = oip;
+                        for (k = 0, oip = oip->arrp; k < na; ++k, ++oip) {
+                                if (F_INV_OP & oip->flags)
+                                        continue;
+                                offset += bump;
+                                arr[offset] = oip->opcode;
+                                put_unaligned_be16(oip->sa, arr + offset + 2);
+                                if (rctd)
+                                        arr[offset + 5] |= 0x2;
+                                if (FF_SA & oip->flags)
+                                        arr[offset + 5] |= 0x1;
+                                put_unaligned_be16(oip->len_mask[0],
+                                                   arr + offset + 6);
+                                if (rctd)
+                                        put_unaligned_be16(0xa,
+                                                           arr + offset + 8);
+                        }
+                        oip = r_oip;
+                        offset += bump;
+                }
+                break;
+        case 1: /* one command: opcode only */
+        case 2: /* one command: opcode plus service action */
+        case 3: /* one command: if sa==0 then opcode only else opcode+sa */
+                sdeb_i = opcode_ind_arr[req_opcode];
+                oip = &opcode_info_arr[sdeb_i];
+                if (F_INV_OP & oip->flags) {
+                        supp = 1;
+                        offset = 4;
+                } else {
+                        if (1 == reporting_opts) {
+                                if (FF_SA & oip->flags) {
+                                        mk_sense_invalid_fld(scp, SDEB_IN_CDB,
+                                                             2, 2);
+                                        kfree(arr);
+                                        return check_condition_result;
+                                }
+                                req_sa = 0;
+                        } else if (2 == reporting_opts &&
+                                   0 == (FF_SA & oip->flags)) {
+                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 4, -1);
+                                kfree(arr);     /* point at requested sa */
+                                return check_condition_result;
+                        }
+                        if (0 == (FF_SA & oip->flags) &&
+                            req_opcode == oip->opcode)
+                                supp = 3;
+                        else if (0 == (FF_SA & oip->flags)) {
+                                na = oip->num_attached;
+                                for (k = 0, oip = oip->arrp; k < na;
+                                     ++k, ++oip) {
+                                        if (req_opcode == oip->opcode)
+                                                break;
+                                }
+                                supp = (k >= na) ? 1 : 3;
+                        } else if (req_sa != oip->sa) {
+                                na = oip->num_attached;
+                                for (k = 0, oip = oip->arrp; k < na;
+                                     ++k, ++oip) {
+                                        if (req_sa == oip->sa)
+                                                break;
+                                }
+                                supp = (k >= na) ? 1 : 3;
+                        } else
+                                supp = 3;
+                        if (3 == supp) {
+                                u = oip->len_mask[0];
+                                put_unaligned_be16(u, arr + 2);
+                                arr[4] = oip->opcode;
+                                for (k = 1; k < u; ++k)
+                                        arr[4 + k] = (k < 16) ?
+                                                 oip->len_mask[k] : 0xff;
+                                offset = 4 + u;
+                        } else
+                                offset = 4;
+                }
+                arr[1] = (rctd ? 0x80 : 0) | supp;
+                if (rctd) {
+                        put_unaligned_be16(0xa, arr + offset);
+                        offset += 12;
+                }
+                break;
+        default:
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 2);
+                kfree(arr);
+                return check_condition_result;
+        }
+        offset = (offset < a_len) ? offset : a_len;
+        len = (offset < alloc_len) ? offset : alloc_len;
+        errsts = fill_from_dev_buffer(scp, arr, len);
+        kfree(arr);
+        return errsts;
+}
+
+static int
+resp_rsup_tmfs(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        bool repd;
+        u32 alloc_len, len;
+        u8 arr[16];
+        u8 *cmd = scp->cmnd;
+
+        memset(arr, 0, sizeof(arr));
+        repd = !!(cmd[2] & 0x80);
+        alloc_len = get_unaligned_be32(cmd + 6);
+        if (alloc_len < 4) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 6, -1);
+                return check_condition_result;
+        }
+        arr[0] = 0xc8;          /* ATS | ATSS | LURS */
+        arr[1] = 0x1;           /* ITNRS */
+        if (repd) {
+                arr[3] = 0xc;
+                len = 16;
+        } else
+                len = 4;
+
+        len = (len < alloc_len) ? len : alloc_len;
+        return fill_from_dev_buffer(scp, arr, len);
+}
+
 /* <<Following mode page info copied from ST318451LW>> */
 
 static int resp_err_recov_pg(unsigned char * p, int pcontrol, int target)
@@ -1459,20 +1942,18 @@ static int resp_sas_sha_m_spg(unsigned char * p, int pcontrol)
 
 #define SDEBUG_MAX_MSENSE_SZ 256
 
-static int resp_mode_sense(struct scsi_cmnd * scp, int target,
-                           struct sdebug_dev_info * devip)
+static int
+resp_mode_sense(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
         unsigned char dbd, llbaa;
         int pcontrol, pcode, subpcode, bd_len;
         unsigned char dev_spec;
-        int k, alloc_len, msense_6, offset, len, errsts, target_dev_id;
+        int k, alloc_len, msense_6, offset, len, target_dev_id;
+        int target = scp->device->id;
         unsigned char * ap;
         unsigned char arr[SDEBUG_MAX_MSENSE_SZ];
         unsigned char *cmd = scp->cmnd;
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         dbd = !!(cmd[1] & 0x8);
         pcontrol = (cmd[2] & 0xc0) >> 6;
         pcode = cmd[2] & 0x3f;
@@ -1542,8 +2023,7 @@ static int resp_mode_sense(struct scsi_cmnd * scp, int target,
 
         if ((subpcode > 0x0) && (subpcode < 0xff) && (0x19 != pcode)) {
                 /* TODO: Control Extension page */
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
                 return check_condition_result;
         }
         switch (pcode) {
@@ -1569,8 +2049,7 @@ static int resp_mode_sense(struct scsi_cmnd * scp, int target,
                 break;
         case 0x19:      /* if spc==1 then sas phy, control+discover */
                 if ((subpcode > 0x2) && (subpcode < 0xff)) {
-                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
                         return check_condition_result;
                 }
                 len = 0;
@@ -1602,15 +2081,13 @@ static int resp_mode_sense(struct scsi_cmnd * scp, int target,
                         }
                         len += resp_iec_m_pg(ap + len, pcontrol, target);
                 } else {
-                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
                         return check_condition_result;
                 }
                 offset += len;
                 break;
         default:
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
                 return check_condition_result;
         }
         if (msense_6)
@@ -1624,24 +2101,21 @@ static int resp_mode_sense(struct scsi_cmnd * scp, int target,
 
 #define SDEBUG_MAX_MSELECT_SZ 512
 
-static int resp_mode_select(struct scsi_cmnd * scp, int mselect6,
-                            struct sdebug_dev_info * devip)
+static int
+resp_mode_select(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
         int pf, sp, ps, md_len, bd_len, off, spf, pg_len;
-        int param_len, res, errsts, mpage;
+        int param_len, res, mpage;
         unsigned char arr[SDEBUG_MAX_MSELECT_SZ];
         unsigned char *cmd = scp->cmnd;
+        int mselect6 = (MODE_SELECT == cmd[0]);
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         memset(arr, 0, sizeof(arr));
         pf = cmd[1] & 0x10;
         sp = cmd[1] & 0x1;
         param_len = mselect6 ? cmd[4] : ((cmd[7] << 8) + cmd[8]);
         if ((0 == pf) || sp || (param_len > SDEBUG_MAX_MSELECT_SZ)) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_CDB, 0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, mselect6 ? 4 : 7, -1);
                 return check_condition_result;
         }
         res = fetch_to_dev_buffer(scp, arr, param_len);
@@ -1655,16 +2129,14 @@ static int resp_mode_select(struct scsi_cmnd * scp, int mselect6,
         md_len = mselect6 ? (arr[0] + 1) : ((arr[0] << 8) + arr[1] + 2);
         bd_len = mselect6 ? arr[3] : ((arr[6] << 8) + arr[7]);
         if (md_len > 2) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_PARAM_LIST, 0);
+                mk_sense_invalid_fld(scp, SDEB_IN_DATA, 0, -1);
                 return check_condition_result;
         }
         off = bd_len + (mselect6 ? 4 : 8);
         mpage = arr[off] & 0x3f;
         ps = !!(arr[off] & 0x80);
         if (ps) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_PARAM_LIST, 0);
+                mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 7);
                 return check_condition_result;
         }
         spf = !!(arr[off] & 0x40);
@@ -1701,8 +2173,7 @@ static int resp_mode_select(struct scsi_cmnd * scp, int mselect6,
         default:
                 break;
         }
-        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                        INVALID_FIELD_IN_PARAM_LIST, 0);
+        mk_sense_invalid_fld(scp, SDEB_IN_DATA, off, 5);
         return check_condition_result;
 set_mode_changed_ua:
         set_bit(SDEBUG_UA_MODE_CHANGED, devip->uas_bm);
@@ -1737,19 +2208,15 @@ static int resp_ie_l_pg(unsigned char * arr)
 static int resp_log_sense(struct scsi_cmnd * scp,
                           struct sdebug_dev_info * devip)
 {
-        int ppc, sp, pcontrol, pcode, subpcode, alloc_len, errsts, len, n;
+        int ppc, sp, pcontrol, pcode, subpcode, alloc_len, len, n;
         unsigned char arr[SDEBUG_MAX_LSENSE_SZ];
         unsigned char *cmd = scp->cmnd;
 
-        errsts = check_readiness(scp, UAS_ONLY, devip);
-        if (errsts)
-                return errsts;
         memset(arr, 0, sizeof(arr));
         ppc = cmd[1] & 0x2;
         sp = cmd[1] & 0x1;
         if (ppc || sp) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_CDB, 0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, ppc ? 1 : 0);
                 return check_condition_result;
         }
         pcontrol = (cmd[2] & 0xc0) >> 6;
@@ -1773,8 +2240,7 @@ static int resp_log_sense(struct scsi_cmnd * scp,
                         arr[3] = resp_ie_l_pg(arr + 4);
                         break;
                 default:
-                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
                         return check_condition_result;
                 }
         } else if (0xff == subpcode) {
@@ -1806,13 +2272,11 @@ static int resp_log_sense(struct scsi_cmnd * scp,
                         arr[3] = n - 4;
                         break;
                 default:
-                        mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 2, 5);
                         return check_condition_result;
                 }
         } else {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_CDB, 0);
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 3, -1);
                 return check_condition_result;
         }
         len = min(((arr[2] << 8) + arr[3]) + 4, alloc_len);
@@ -1824,11 +2288,12 @@ static int check_device_access_params(struct scsi_cmnd *scp,
                                       unsigned long long lba, unsigned int num)
 {
         if (lba + num > sdebug_capacity) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, ADDR_OUT_OF_RANGE, 0);
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
                 return check_condition_result;
         }
         /* transfer length excessive (tie in to block limits VPD page) */
         if (num > sdebug_store_sectors) {
+                /* needs work to find which cdb byte 'num' comes from */
                 mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
                 return check_condition_result;
         }
@@ -1836,17 +2301,17 @@ static int check_device_access_params(struct scsi_cmnd *scp,
 }
 
 /* Returns number of bytes copied or -1 if error. */
-static int do_device_access(struct scsi_cmnd *scmd,
-                            unsigned long long lba, unsigned int num, int write)
+static int
+do_device_access(struct scsi_cmnd *scmd, u64 lba, u32 num, bool do_write)
 {
         int ret;
-        unsigned long long block, rest = 0;
+        u64 block, rest = 0;
         struct scsi_data_buffer *sdb;
         enum dma_data_direction dir;
         size_t (*func)(struct scatterlist *, unsigned int, void *, size_t,
                        off_t);
 
-        if (write) {
+        if (do_write) {
                 sdb = scsi_out(scmd);
                 dir = DMA_TO_DEVICE;
                 func = sg_pcopy_to_buffer;
@@ -1880,6 +2345,38 @@ static int do_device_access(struct scsi_cmnd *scmd,
         return ret;
 }
 
+/* If fake_store(lba,num) compares equal to arr(num), then copy top half of
+ * arr into fake_store(lba,num) and return true. If comparison fails then
+ * return false. */
+static bool
+comp_write_worker(u64 lba, u32 num, const u8 *arr)
+{
+        bool res;
+        u64 block, rest = 0;
+        u32 store_blks = sdebug_store_sectors;
+        u32 lb_size = scsi_debug_sector_size;
+
+        block = do_div(lba, store_blks);
+        if (block + num > store_blks)
+                rest = block + num - store_blks;
+
+        res = !memcmp(fake_storep + (block * lb_size), arr,
+                      (num - rest) * lb_size);
+        if (!res)
+                return res;
+        if (rest)
+                res = memcmp(fake_storep, arr + ((num - rest) * lb_size),
+                             rest * lb_size);
+        if (!res)
+                return res;
+        arr += num * lb_size;
+        memcpy(fake_storep + (block * lb_size), arr, (num - rest) * lb_size);
+        if (rest)
+                memcpy(fake_storep, arr + ((num - rest) * lb_size),
+                       rest * lb_size);
+        return res;
+}
+
 static __be16 dif_compute_csum(const void *buf, int len)
 {
         __be16 csum;
@@ -1992,55 +2489,143 @@ static int prot_verify_read(struct scsi_cmnd *SCpnt, sector_t start_sec,
         return 0;
 }
 
-static int resp_read(struct scsi_cmnd *SCpnt, unsigned long long lba,
-                     unsigned int num, u32 ei_lba)
+static int
+resp_read_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
+        u8 *cmd = scp->cmnd;
+        u64 lba;
+        u32 num;
+        u32 ei_lba;
         unsigned long iflags;
         int ret;
+        bool check_prot;
 
-        ret = check_device_access_params(SCpnt, lba, num);
-        if (ret)
-                return ret;
+        switch (cmd[0]) {
+        case READ_16:
+                ei_lba = 0;
+                lba = get_unaligned_be64(cmd + 2);
+                num = get_unaligned_be32(cmd + 10);
+                check_prot = true;
+                break;
+        case READ_10:
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be16(cmd + 7);
+                check_prot = true;
+                break;
+        case READ_6:
+                ei_lba = 0;
+                lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
+                      (u32)(cmd[1] & 0x1f) << 16;
+                num = (0 == cmd[4]) ? 256 : cmd[4];
+                check_prot = true;
+                break;
+        case READ_12:
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be32(cmd + 6);
+                check_prot = true;
+                break;
+        case XDWRITEREAD_10:
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be16(cmd + 7);
+                check_prot = false;
+                break;
+        default:        /* assume READ(32) */
+                lba = get_unaligned_be64(cmd + 12);
+                ei_lba = get_unaligned_be32(cmd + 20);
+                num = get_unaligned_be32(cmd + 28);
+                check_prot = false;
+                break;
+        }
+        if (check_prot) {
+                if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION &&
+                    (cmd[1] & 0xe0)) {
+                        mk_sense_invalid_opcode(scp);
+                        return check_condition_result;
+                }
+                if ((scsi_debug_dif == SD_DIF_TYPE1_PROTECTION ||
+                     scsi_debug_dif == SD_DIF_TYPE3_PROTECTION) &&
+                    (cmd[1] & 0xe0) == 0)
+                        sdev_printk(KERN_ERR, scp->device, "Unprotected RD "
+                                    "to DIF device\n");
+        }
+        if (sdebug_any_injecting_opt) {
+                struct sdebug_scmd_extra_t *ep = scsi_cmd_priv(scp);
+
+                if (ep->inj_short)
+                        num /= 2;
+        }
+
+        /* inline check_device_access_params() */
+        if (lba + num > sdebug_capacity) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
+                return check_condition_result;
+        }
+        /* transfer length excessive (tie in to block limits VPD page) */
+        if (num > sdebug_store_sectors) {
+                /* needs work to find which cdb byte 'num' comes from */
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
+                return check_condition_result;
+        }
 
         if ((SCSI_DEBUG_OPT_MEDIUM_ERR & scsi_debug_opts) &&
             (lba <= (OPT_MEDIUM_ERR_ADDR + OPT_MEDIUM_ERR_NUM - 1)) &&
             ((lba + num) > OPT_MEDIUM_ERR_ADDR)) {
                 /* claim unrecoverable read error */
-                mk_sense_buffer(SCpnt, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
+                mk_sense_buffer(scp, MEDIUM_ERROR, UNRECOVERED_READ_ERR, 0);
                 /* set info field and valid bit for fixed descriptor */
-                if (0x70 == (SCpnt->sense_buffer[0] & 0x7f)) {
-                        SCpnt->sense_buffer[0] |= 0x80; /* Valid bit */
+                if (0x70 == (scp->sense_buffer[0] & 0x7f)) {
+                        scp->sense_buffer[0] |= 0x80;   /* Valid bit */
                         ret = (lba < OPT_MEDIUM_ERR_ADDR)
                               ? OPT_MEDIUM_ERR_ADDR : (int)lba;
-                        SCpnt->sense_buffer[3] = (ret >> 24) & 0xff;
-                        SCpnt->sense_buffer[4] = (ret >> 16) & 0xff;
-                        SCpnt->sense_buffer[5] = (ret >> 8) & 0xff;
-                        SCpnt->sense_buffer[6] = ret & 0xff;
+                        put_unaligned_be32(ret, scp->sense_buffer + 3);
                 }
-                scsi_set_resid(SCpnt, scsi_bufflen(SCpnt));
+                scsi_set_resid(scp, scsi_bufflen(scp));
                 return check_condition_result;
         }
 
         read_lock_irqsave(&atomic_rw, iflags);
 
         /* DIX + T10 DIF */
-        if (scsi_debug_dix && scsi_prot_sg_count(SCpnt)) {
-                int prot_ret = prot_verify_read(SCpnt, lba, num, ei_lba);
+        if (scsi_debug_dix && scsi_prot_sg_count(scp)) {
+                int prot_ret = prot_verify_read(scp, lba, num, ei_lba);
 
                 if (prot_ret) {
                         read_unlock_irqrestore(&atomic_rw, iflags);
-                        mk_sense_buffer(SCpnt, ABORTED_COMMAND, 0x10, prot_ret);
+                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, prot_ret);
                         return illegal_condition_result;
                 }
         }
 
-        ret = do_device_access(SCpnt, lba, num, 0);
+        ret = do_device_access(scp, lba, num, false);
         read_unlock_irqrestore(&atomic_rw, iflags);
         if (ret == -1)
                 return DID_ERROR << 16;
 
-        scsi_in(SCpnt)->resid = scsi_bufflen(SCpnt) - ret;
+        scsi_in(scp)->resid = scsi_bufflen(scp) - ret;
+
+        if (sdebug_any_injecting_opt) {
+                struct sdebug_scmd_extra_t *ep = scsi_cmd_priv(scp);
 
+                if (ep->inj_recovered) {
+                        mk_sense_buffer(scp, RECOVERED_ERROR,
+                                        THRESHOLD_EXCEEDED, 0);
+                        return check_condition_result;
+                } else if (ep->inj_transport) {
+                        mk_sense_buffer(scp, ABORTED_COMMAND,
+                                        TRANSPORT_PROBLEM, ACK_NAK_TO);
+                        return check_condition_result;
+                } else if (ep->inj_dif) {
+                        /* Logical block guard check failed */
+                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
+                        return illegal_condition_result;
+                } else if (ep->inj_dix) {
+                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
+                        return illegal_condition_result;
+                }
+        }
         return 0;
 }
 
@@ -2223,31 +2808,95 @@ static void unmap_region(sector_t lba, unsigned int len)
         }
 }
 
-static int resp_write(struct scsi_cmnd *SCpnt, unsigned long long lba,
-                      unsigned int num, u32 ei_lba)
+static int
+resp_write_dt0(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
+        u8 *cmd = scp->cmnd;
+        u64 lba;
+        u32 num;
+        u32 ei_lba;
         unsigned long iflags;
         int ret;
+        bool check_prot;
 
-        ret = check_device_access_params(SCpnt, lba, num);
-        if (ret)
-                return ret;
+        switch (cmd[0]) {
+        case WRITE_16:
+                ei_lba = 0;
+                lba = get_unaligned_be64(cmd + 2);
+                num = get_unaligned_be32(cmd + 10);
+                check_prot = true;
+                break;
+        case WRITE_10:
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be16(cmd + 7);
+                check_prot = true;
+                break;
+        case WRITE_6:
+                ei_lba = 0;
+                lba = (u32)cmd[3] | (u32)cmd[2] << 8 |
+                      (u32)(cmd[1] & 0x1f) << 16;
+                num = (0 == cmd[4]) ? 256 : cmd[4];
+                check_prot = true;
+                break;
+        case WRITE_12:
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be32(cmd + 6);
+                check_prot = true;
+                break;
+        case 0x53:      /* XDWRITEREAD(10) */
+                ei_lba = 0;
+                lba = get_unaligned_be32(cmd + 2);
+                num = get_unaligned_be16(cmd + 7);
+                check_prot = false;
+                break;
+        default:        /* assume WRITE(32) */
+                lba = get_unaligned_be64(cmd + 12);
+                ei_lba = get_unaligned_be32(cmd + 20);
+                num = get_unaligned_be32(cmd + 28);
+                check_prot = false;
+                break;
+        }
+        if (check_prot) {
+                if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION &&
+                    (cmd[1] & 0xe0)) {
+                        mk_sense_invalid_opcode(scp);
+                        return check_condition_result;
+                }
+                if ((scsi_debug_dif == SD_DIF_TYPE1_PROTECTION ||
+                     scsi_debug_dif == SD_DIF_TYPE3_PROTECTION) &&
+                    (cmd[1] & 0xe0) == 0)
+                        sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
+                                    "to DIF device\n");
+        }
+
+        /* inline check_device_access_params() */
+        if (lba + num > sdebug_capacity) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
+                return check_condition_result;
+        }
+        /* transfer length excessive (tie in to block limits VPD page) */
+        if (num > sdebug_store_sectors) {
+                /* needs work to find which cdb byte 'num' comes from */
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
+                return check_condition_result;
+        }
 
         write_lock_irqsave(&atomic_rw, iflags);
 
         /* DIX + T10 DIF */
-        if (scsi_debug_dix && scsi_prot_sg_count(SCpnt)) {
-                int prot_ret = prot_verify_write(SCpnt, lba, num, ei_lba);
+        if (scsi_debug_dix && scsi_prot_sg_count(scp)) {
+                int prot_ret = prot_verify_write(scp, lba, num, ei_lba);
 
                 if (prot_ret) {
                         write_unlock_irqrestore(&atomic_rw, iflags);
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST, 0x10,
-                                        prot_ret);
+                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, prot_ret);
                         return illegal_condition_result;
                 }
         }
 
-        ret = do_device_access(SCpnt, lba, num, 1);
+        ret = do_device_access(scp, lba, num, true);
         if (scsi_debug_lbp())
                 map_region(lba, num);
         write_unlock_irqrestore(&atomic_rw, iflags);
@@ -2255,30 +2904,41 @@ static int resp_write(struct scsi_cmnd *SCpnt, unsigned long long lba,
                 return (DID_ERROR << 16);
         else if ((ret < (num * scsi_debug_sector_size)) &&
                  (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts))
-                sdev_printk(KERN_INFO, SCpnt->device,
+                sdev_printk(KERN_INFO, scp->device,
                             "%s: write: cdb indicated=%u, IO sent=%d bytes\n",
                             my_name, num * scsi_debug_sector_size, ret);
 
+        if (sdebug_any_injecting_opt) {
+                struct sdebug_scmd_extra_t *ep = scsi_cmd_priv(scp);
+
+                if (ep->inj_recovered) {
+                        mk_sense_buffer(scp, RECOVERED_ERROR,
+                                        THRESHOLD_EXCEEDED, 0);
+                        return check_condition_result;
+                } else if (ep->inj_dif) {
+                        /* Logical block guard check failed */
+                        mk_sense_buffer(scp, ABORTED_COMMAND, 0x10, 1);
+                        return illegal_condition_result;
+                } else if (ep->inj_dix) {
+                        mk_sense_buffer(scp, ILLEGAL_REQUEST, 0x10, 1);
+                        return illegal_condition_result;
+                }
+        }
         return 0;
 }
 
-static int resp_write_same(struct scsi_cmnd *scmd, unsigned long long lba,
-                      unsigned int num, u32 ei_lba, unsigned int unmap)
+static int
+resp_write_same(struct scsi_cmnd *scp, u64 lba, u32 num, u32 ei_lba,
+                bool unmap, bool ndob)
 {
         unsigned long iflags;
         unsigned long long i;
         int ret;
 
-        ret = check_device_access_params(scmd, lba, num);
+        ret = check_device_access_params(scp, lba, num);
         if (ret)
                 return ret;
 
-        if (num > scsi_debug_write_same_length) {
-                mk_sense_buffer(scmd, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
-                return check_condition_result;
-        }
-
         write_lock_irqsave(&atomic_rw, iflags);
 
         if (unmap && scsi_debug_lbp()) {
@@ -2286,17 +2946,22 @@ static int resp_write_same(struct scsi_cmnd *scmd, unsigned long long lba,
                 goto out;
         }
 
-        /* Else fetch one logical block */
-        ret = fetch_to_dev_buffer(scmd,
-                                  fake_storep + (lba * scsi_debug_sector_size),
-                                  scsi_debug_sector_size);
+        /* if ndob then zero 1 logical block, else fetch 1 logical block */
+        if (ndob) {
+                memset(fake_storep + (lba * scsi_debug_sector_size), 0,
+                       scsi_debug_sector_size);
+                ret = 0;
+        } else
+                ret = fetch_to_dev_buffer(scp, fake_storep +
+                                               (lba * scsi_debug_sector_size),
+                                          scsi_debug_sector_size);
 
         if (-1 == ret) {
                 write_unlock_irqrestore(&atomic_rw, iflags);
                 return (DID_ERROR << 16);
         } else if ((ret < (num * scsi_debug_sector_size)) &&
                  (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts))
-                sdev_printk(KERN_INFO, scmd->device,
+                sdev_printk(KERN_INFO, scp->device,
                             "%s: %s: cdb indicated=%u, IO sent=%d bytes\n",
                             my_name, "write same",
                             num * scsi_debug_sector_size, ret);
@@ -2315,13 +2980,144 @@ out:
         return 0;
 }
 
+static int
+resp_write_same_10(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        u8 *cmd = scp->cmnd;
+        u32 lba;
+        u16 num;
+        u32 ei_lba = 0;
+        bool unmap = false;
+
+        if (cmd[1] & 0x8) {
+                if (scsi_debug_lbpws10 == 0) {
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
+                        return check_condition_result;
+                } else
+                        unmap = true;
+        }
+        lba = get_unaligned_be32(cmd + 2);
+        num = get_unaligned_be16(cmd + 7);
+        if (num > scsi_debug_write_same_length) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
+                return check_condition_result;
+        }
+        return resp_write_same(scp, lba, num, ei_lba, unmap, false);
+}
+
+static int
+resp_write_same_16(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        u8 *cmd = scp->cmnd;
+        u64 lba;
+        u32 num;
+        u32 ei_lba = 0;
+        bool unmap = false;
+        bool ndob = false;
+
+        if (cmd[1] & 0x8) {     /* UNMAP */
+                if (scsi_debug_lbpws == 0) {
+                        mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 3);
+                        return check_condition_result;
+                } else
+                        unmap = true;
+        }
+        if (cmd[1] & 0x1)  /* NDOB (no data-out buffer, assumes zeroes) */
+                ndob = true;
+        lba = get_unaligned_be64(cmd + 2);
+        num = get_unaligned_be32(cmd + 10);
+        if (num > scsi_debug_write_same_length) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 10, -1);
+                return check_condition_result;
+        }
+        return resp_write_same(scp, lba, num, ei_lba, unmap, ndob);
+}
+
+static int
+resp_comp_write(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        u8 *cmd = scp->cmnd;
+        u8 *arr;
+        u8 *fake_storep_hold;
+        u64 lba;
+        u32 dnum;
+        u32 lb_size = scsi_debug_sector_size;
+        u8 num;
+        unsigned long iflags;
+        int ret;
+        int retval = 0;
+
+        lba = get_unaligned_be64(cmd + 2);
+        num = cmd[13];          /* 1 to a maximum of 255 logical blocks */
+        if (0 == num)
+                return 0;       /* degenerate case, not an error */
+        if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION &&
+            (cmd[1] & 0xe0)) {
+                mk_sense_invalid_opcode(scp);
+                return check_condition_result;
+        }
+        if ((scsi_debug_dif == SD_DIF_TYPE1_PROTECTION ||
+             scsi_debug_dif == SD_DIF_TYPE3_PROTECTION) &&
+            (cmd[1] & 0xe0) == 0)
+                sdev_printk(KERN_ERR, scp->device, "Unprotected WR "
+                            "to DIF device\n");
+
+        /* inline check_device_access_params() */
+        if (lba + num > sdebug_capacity) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, LBA_OUT_OF_RANGE, 0);
+                return check_condition_result;
+        }
+        /* transfer length excessive (tie in to block limits VPD page) */
+        if (num > sdebug_store_sectors) {
+                /* needs work to find which cdb byte 'num' comes from */
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
+                return check_condition_result;
+        }
+        dnum = 2 * num;
+        arr = kzalloc(dnum * lb_size, GFP_ATOMIC);
+        if (NULL == arr) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
+                                INSUFF_RES_ASCQ);
+                return check_condition_result;
+        }
+
+        write_lock_irqsave(&atomic_rw, iflags);
+
+        /* trick do_device_access() to fetch both compare and write buffers
+         * from data-in into arr. Safe (atomic) since write_lock held. */
+        fake_storep_hold = fake_storep;
+        fake_storep = arr;
+        ret = do_device_access(scp, 0, dnum, true);
+        fake_storep = fake_storep_hold;
+        if (ret == -1) {
+                retval = DID_ERROR << 16;
+                goto cleanup;
+        } else if ((ret < (dnum * lb_size)) &&
+                 (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts))
+                sdev_printk(KERN_INFO, scp->device, "%s: compare_write: cdb "
+                            "indicated=%u, IO sent=%d bytes\n", my_name,
+                            dnum * lb_size, ret);
+        if (!comp_write_worker(lba, num, arr)) {
+                mk_sense_buffer(scp, MISCOMPARE, MISCOMPARE_VERIFY_ASC, 0);
+                retval = check_condition_result;
+                goto cleanup;
+        }
+        if (scsi_debug_lbp())
+                map_region(lba, num);
+cleanup:
+        write_unlock_irqrestore(&atomic_rw, iflags);
+        kfree(arr);
+        return retval;
+}
+
 struct unmap_block_desc {
         __be64  lba;
         __be32  blocks;
         __be32  __reserved;
 };
 
-static int resp_unmap(struct scsi_cmnd * scmd, struct sdebug_dev_info * devip)
+static int
+resp_unmap(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
         unsigned char *buf;
         struct unmap_block_desc *desc;
@@ -2329,20 +3125,26 @@ static int resp_unmap(struct scsi_cmnd * scmd, struct sdebug_dev_info * devip)
         int ret;
         unsigned long iflags;
 
-        ret = check_readiness(scmd, UAS_ONLY, devip);
-        if (ret)
-                return ret;
 
-        payload_len = get_unaligned_be16(&scmd->cmnd[7]);
-        BUG_ON(scsi_bufflen(scmd) != payload_len);
+        if (!scsi_debug_lbp())
+                return 0;       /* fib and say its done */
+        payload_len = get_unaligned_be16(scp->cmnd + 7);
+        BUG_ON(scsi_bufflen(scp) != payload_len);
 
         descriptors = (payload_len - 8) / 16;
+        if (descriptors > scsi_debug_unmap_max_desc) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 7, -1);
+                return check_condition_result;
+        }
 
-        buf = kmalloc(scsi_bufflen(scmd), GFP_ATOMIC);
-        if (!buf)
+        buf = kmalloc(scsi_bufflen(scp), GFP_ATOMIC);
+        if (!buf) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
+                                INSUFF_RES_ASCQ);
                 return check_condition_result;
+        }
 
-        scsi_sg_copy_to_buffer(scmd, buf, scsi_bufflen(scmd));
+        scsi_sg_copy_to_buffer(scp, buf, scsi_bufflen(scp));
 
         BUG_ON(get_unaligned_be16(&buf[0]) != payload_len - 2);
         BUG_ON(get_unaligned_be16(&buf[2]) != descriptors * 16);
@@ -2355,7 +3157,7 @@ static int resp_unmap(struct scsi_cmnd * scmd, struct sdebug_dev_info * devip)
                 unsigned long long lba = get_unaligned_be64(&desc[i].lba);
                 unsigned int num = get_unaligned_be32(&desc[i].blocks);
 
-                ret = check_device_access_params(scmd, lba, num);
+                ret = check_device_access_params(scp, lba, num);
                 if (ret)
                         goto out;
 
@@ -2373,37 +3175,44 @@ out:
 
 #define SDEBUG_GET_LBA_STATUS_LEN 32
 
-static int resp_get_lba_status(struct scsi_cmnd * scmd,
-                               struct sdebug_dev_info * devip)
+static int
+resp_get_lba_status(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
 {
-        unsigned long long lba;
-        unsigned int alloc_len, mapped, num;
-        unsigned char arr[SDEBUG_GET_LBA_STATUS_LEN];
+        u8 *cmd = scp->cmnd;
+        u64 lba;
+        u32 alloc_len, mapped, num;
+        u8 arr[SDEBUG_GET_LBA_STATUS_LEN];
         int ret;
 
-        ret = check_readiness(scmd, UAS_ONLY, devip);
-        if (ret)
-                return ret;
-
-        lba = get_unaligned_be64(&scmd->cmnd[2]);
-        alloc_len = get_unaligned_be32(&scmd->cmnd[10]);
+        lba = get_unaligned_be64(cmd + 2);
+        alloc_len = get_unaligned_be32(cmd + 10);
 
         if (alloc_len < 24)
                 return 0;
 
-        ret = check_device_access_params(scmd, lba, 1);
+        ret = check_device_access_params(scp, lba, 1);
         if (ret)
                 return ret;
 
-        mapped = map_state(lba, &num);
+        if (scsi_debug_lbp())
+                mapped = map_state(lba, &num);
+        else {
+                mapped = 1;
+                /* following just in case virtual_gb changed */
+                sdebug_capacity = get_sdebug_capacity();
+                if (sdebug_capacity - lba <= 0xffffffff)
+                        num = sdebug_capacity - lba;
+                else
+                        num = 0xffffffff;
+        }
 
         memset(arr, 0, SDEBUG_GET_LBA_STATUS_LEN);
-        put_unaligned_be32(20, &arr[0]);        /* Parameter Data Length */
-        put_unaligned_be64(lba, &arr[8]);       /* LBA */
-        put_unaligned_be32(num, &arr[16]);      /* Number of blocks */
-        arr[20] = !mapped;                      /* mapped = 0, unmapped = 1 */
+        put_unaligned_be32(20, arr);            /* Parameter Data Length */
+        put_unaligned_be64(lba, arr + 8);       /* LBA */
+        put_unaligned_be32(num, arr + 16);      /* Number of blocks */
+        arr[20] = !mapped;              /* prov_stat=0: mapped; 1: dealloc */
 
-        return fill_from_dev_buffer(scmd, arr, SDEBUG_GET_LBA_STATUS_LEN);
+        return fill_from_dev_buffer(scp, arr, SDEBUG_GET_LBA_STATUS_LEN);
 }
 
 #define SDEBUG_RLUN_ARR_SZ 256
@@ -2412,8 +3221,8 @@ static int resp_report_luns(struct scsi_cmnd * scp,
                             struct sdebug_dev_info * devip)
 {
         unsigned int alloc_len;
-        int lun_cnt, i, upper, num, n;
-        u64 wlun, lun;
+        int lun_cnt, i, upper, num, n, want_wlun, shortish;
+        u64 lun;
         unsigned char *cmd = scp->cmnd;
         int select_report = (int)cmd[2];
         struct scsi_lun *one_lun;
@@ -2421,9 +3230,9 @@ static int resp_report_luns(struct scsi_cmnd * scp,
         unsigned char * max_addr;
 
         alloc_len = cmd[9] + (cmd[8] << 8) + (cmd[7] << 16) + (cmd[6] << 24);
-        if ((alloc_len < 4) || (select_report > 2)) {
-                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB,
-                                0);
+        shortish = (alloc_len < 4);
+        if (shortish || (select_report > 2)) {
+                mk_sense_invalid_fld(scp, SDEB_IN_CDB, shortish ? 6 : 2, -1);
                 return check_condition_result;
         }
         /* can produce response with up to 16k luns (lun 0 to lun 16383) */
@@ -2433,14 +3242,14 @@ static int resp_report_luns(struct scsi_cmnd * scp,
                 lun_cnt = 0;
         else if (scsi_debug_no_lun_0 && (lun_cnt > 0))
                 --lun_cnt;
-        wlun = (select_report > 0) ? 1 : 0;
-        num = lun_cnt + wlun;
+        want_wlun = (select_report > 0) ? 1 : 0;
+        num = lun_cnt + want_wlun;
         arr[2] = ((sizeof(struct scsi_lun) * num) >> 8) & 0xff;
         arr[3] = (sizeof(struct scsi_lun) * num) & 0xff;
         n = min((int)((SDEBUG_RLUN_ARR_SZ - 8) /
                             sizeof(struct scsi_lun)), num);
         if (n < num) {
-                wlun = 0;
+                want_wlun = 0;
                 lun_cnt = n;
         }
         one_lun = (struct scsi_lun *) &arr[8];
@@ -2454,7 +3263,7 @@ static int resp_report_luns(struct scsi_cmnd * scp,
                             (upper | (SAM2_LUN_ADDRESS_METHOD << 6));
                 one_lun[i].scsi_lun[1] = lun & 0xff;
         }
-        if (wlun) {
+        if (want_wlun) {
                 one_lun[i].scsi_lun[0] = (SAM2_WLUN_REPORT_LUNS >> 8) & 0xff;
                 one_lun[i].scsi_lun[1] = SAM2_WLUN_REPORT_LUNS & 0xff;
                 i++;
@@ -2476,8 +3285,8 @@ static int resp_xdwriteread(struct scsi_cmnd *scp, unsigned long long lba,
         /* better not to use temporary buffer. */
         buf = kmalloc(scsi_bufflen(scp), GFP_ATOMIC);
         if (!buf) {
-                mk_sense_buffer(scp, NOT_READY,
-                                LOGICAL_UNIT_COMMUNICATION_FAILURE, 0);
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
+                                INSUFF_RES_ASCQ);
                 return check_condition_result;
         }
 
@@ -2500,6 +3309,32 @@ static int resp_xdwriteread(struct scsi_cmnd *scp, unsigned long long lba,
         return 0;
 }
 
+static int
+resp_xdwriteread_10(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
+{
+        u8 *cmd = scp->cmnd;
+        u64 lba;
+        u32 num;
+        int errsts;
+
+        if (!scsi_bidi_cmnd(scp)) {
+                mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
+                                INSUFF_RES_ASCQ);
+                return check_condition_result;
+        }
+        errsts = resp_read_dt0(scp, devip);
+        if (errsts)
+                return errsts;
+        if (!(cmd[1] & 0x4)) {          /* DISABLE_WRITE is not set */
+                errsts = resp_write_dt0(scp, devip);
+                if (errsts)
+                        return errsts;
+        }
+        lba = get_unaligned_be32(cmd + 2);
+        num = get_unaligned_be16(cmd + 7);
+        return resp_xdwriteread(scp, lba, num, devip);
+}
+
 /* When timer or tasklet goes off this function is called. */
 static void sdebug_q_cmd_complete(unsigned long indx)
 {
@@ -2672,10 +3507,7 @@ static struct sdebug_dev_info * devInfoReg(struct scsi_device * sdev)
         open_devip->sdbg_host = sdbg_host;
         atomic_set(&open_devip->num_in_q, 0);
         set_bit(SDEBUG_UA_POR, open_devip->uas_bm);
-        open_devip->used = 1;
-        if (sdev->lun == SAM2_WLUN_REPORT_LUNS)
-                open_devip->wlun = SAM2_WLUN_REPORT_LUNS & 0xff;
-
+        open_devip->used = true;
         return open_devip;
 }
 
@@ -2701,10 +3533,6 @@ static int scsi_debug_slave_configure(struct scsi_device *sdp)
         if (NULL == devip)
                 return 1;       /* no resources, will be marked offline */
         sdp->hostdata = devip;
-        sdp->tagged_supported = 1;
-        if (sdp->host->cmd_per_lun)
-                scsi_adjust_queue_depth(sdp, DEF_TAGGED_QUEUING,
-                                        DEF_CMD_PER_LUN);
         blk_queue_max_segment_size(sdp->request_queue, -1U);
         if (scsi_debug_no_uld)
                 sdp->no_uld_attach = 1;
@@ -2721,7 +3549,7 @@ static void scsi_debug_slave_destroy(struct scsi_device *sdp)
                        sdp->host->host_no, sdp->channel, sdp->id, sdp->lun);
         if (devip) {
                 /* make this slot available for re-use */
-                devip->used = 0;
+                devip->used = false;
                 sdp->hostdata = NULL;
         }
 }
@@ -3166,6 +3994,7 @@ module_param_named(ptype, scsi_debug_ptype, int, S_IRUGO | S_IWUSR);
 module_param_named(removable, scsi_debug_removable, bool, S_IRUGO | S_IWUSR);
 module_param_named(scsi_level, scsi_debug_scsi_level, int, S_IRUGO);
 module_param_named(sector_size, scsi_debug_sector_size, int, S_IRUGO);
+module_param_named(strict, scsi_debug_strict, bool, S_IRUGO | S_IWUSR);
 module_param_named(unmap_alignment, scsi_debug_unmap_alignment, int, S_IRUGO);
 module_param_named(unmap_granularity, scsi_debug_unmap_granularity, int, S_IRUGO);
 module_param_named(unmap_max_blocks, scsi_debug_unmap_max_blocks, int, S_IRUGO);
@@ -3185,7 +4014,7 @@ MODULE_PARM_DESC(add_host, "0..127 hosts allowed(def=1)");
 MODULE_PARM_DESC(ato, "application tag ownership: 0=disk 1=host (def=1)");
 MODULE_PARM_DESC(clustering, "when set enables larger transfers (def=0)");
 MODULE_PARM_DESC(delay, "response delay (def=1 jiffy); 0:imm, -1,-2:tiny");
-MODULE_PARM_DESC(dev_size_mb, "size in MB of ram shared by devs(def=8)");
+MODULE_PARM_DESC(dev_size_mb, "size in MiB of ram shared by devs(def=8)");
 MODULE_PARM_DESC(dif, "data integrity field type: 0-3 (def=0)");
 MODULE_PARM_DESC(dix, "data integrity extensions mask (def=0)");
 MODULE_PARM_DESC(dsense, "use descriptor sense format(def=0 -> fixed)");
@@ -3212,11 +4041,12 @@ MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])");
 MODULE_PARM_DESC(removable, "claim to have removable media (def=0)");
 MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=6[SPC-4])");
 MODULE_PARM_DESC(sector_size, "logical block size in bytes (def=512)");
+MODULE_PARM_DESC(strict, "stricter checks: reserved field in cdb (def=0)");
 MODULE_PARM_DESC(unmap_alignment, "lowest aligned thin provisioning lba (def=0)");
 MODULE_PARM_DESC(unmap_granularity, "thin provisioning granularity in blocks (def=1)");
 MODULE_PARM_DESC(unmap_max_blocks, "max # of blocks can be unmapped in one cmd (def=0xffffffff)");
 MODULE_PARM_DESC(unmap_max_desc, "max # of ranges that can be unmapped in one cmd (def=256)");
-MODULE_PARM_DESC(virtual_gb, "virtual gigabyte size (def=0 -> use dev_size_mb)");
+MODULE_PARM_DESC(virtual_gb, "virtual gigabyte (GiB) size (def=0 -> use dev_size_mb)");
 MODULE_PARM_DESC(vpd_use_hostno, "0 -> dev ids ignore hostno (def=1 -> unique dev ids)");
 MODULE_PARM_DESC(write_same_length, "Maximum blocks per WRITE SAME cmd (def=0xffff)");
 
@@ -3382,6 +4212,16 @@ static ssize_t opts_store(struct device_driver *ddp, const char *buf,
         return -EINVAL;
 opts_done:
         scsi_debug_opts = opts;
+        if (SCSI_DEBUG_OPT_RECOVERED_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_DIF_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_DIX_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_SHORT_TRANSFER & opts)
+                sdebug_any_injecting_opt = true;
         atomic_set(&sdebug_cmnd_count, 0);
         atomic_set(&sdebug_a_tsf, 0);
         return count;
@@ -3589,12 +4429,27 @@ static ssize_t virtual_gb_store(struct device_driver *ddp, const char *buf,
                                 size_t count)
 {
         int n;
+        bool changed;
 
         if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
+                changed = (scsi_debug_virtual_gb != n);
                 scsi_debug_virtual_gb = n;
-
                 sdebug_capacity = get_sdebug_capacity();
-
+                if (changed) {
+                        struct sdebug_host_info *sdhp;
+                        struct sdebug_dev_info *dp;
+
+                        spin_lock(&sdebug_host_list_lock);
+                        list_for_each_entry(sdhp, &sdebug_host_list,
+                                            host_list) {
+                                list_for_each_entry(dp, &sdhp->dev_info_list,
+                                                    dev_list) {
+                                        set_bit(SDEBUG_UA_CAPACITY_CHANGED,
+                                                dp->uas_bm);
+                                }
+                        }
+                        spin_unlock(&sdebug_host_list_lock);
+                }
                 return count;
         }
         return -EINVAL;
@@ -3740,6 +4595,23 @@ static ssize_t host_lock_store(struct device_driver *ddp, const char *buf,
 }
 static DRIVER_ATTR_RW(host_lock);
 
+static ssize_t strict_show(struct device_driver *ddp, char *buf)
+{
+        return scnprintf(buf, PAGE_SIZE, "%d\n", !!scsi_debug_strict);
+}
+static ssize_t strict_store(struct device_driver *ddp, const char *buf,
+                            size_t count)
+{
+        int n;
+
+        if ((count > 0) && (1 == sscanf(buf, "%d", &n)) && (n >= 0)) {
+                scsi_debug_strict = (n > 0);
+                return count;
+        }
+        return -EINVAL;
+}
+static DRIVER_ATTR_RW(strict);
+
 
 /* Note: The following array creates attribute files in the
    /sys/bus/pseudo/drivers/scsi_debug directory. The advantage of these
@@ -3775,6 +4647,7 @@ static struct attribute *sdebug_drv_attrs[] = {
         &driver_attr_removable.attr,
         &driver_attr_host_lock.attr,
         &driver_attr_ndelay.attr,
+        &driver_attr_strict.attr,
         NULL,
 };
 ATTRIBUTE_GROUPS(sdebug_drv);
@@ -4087,374 +4960,206 @@ static void sdebug_remove_adapter(void)
 }
 
 static int
-scsi_debug_queuecommand(struct scsi_cmnd *SCpnt)
+sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
 {
-        unsigned char *cmd = SCpnt->cmnd;
-        int len, k;
-        unsigned int num;
-        unsigned long long lba;
-        u32 ei_lba;
-        int errsts = 0;
-        int target = SCpnt->device->id;
-        struct sdebug_dev_info *devip = NULL;
-        int inj_recovered = 0;
-        int inj_transport = 0;
-        int inj_dif = 0;
-        int inj_dix = 0;
-        int inj_short = 0;
-        int delay_override = 0;
-        int unmap = 0;
-
-        scsi_set_resid(SCpnt, 0);
-        if ((SCSI_DEBUG_OPT_NOISE & scsi_debug_opts) &&
-            !(SCSI_DEBUG_OPT_NO_CDB_NOISE & scsi_debug_opts)) {
-                char b[120];
-                int n;
+        int num_in_q = 0;
+        unsigned long iflags;
+        struct sdebug_dev_info *devip;
 
-                len = SCpnt->cmd_len;
-                if (len > 32)
-                        strcpy(b, "too long, over 32 bytes");
-                else {
-                        for (k = 0, n = 0; k < len; ++k)
-                                n += scnprintf(b + n, sizeof(b) - n, "%02x ",
-                                               (unsigned int)cmd[k]);
-                }
-                sdev_printk(KERN_INFO, SCpnt->device, "%s: cmd %s\n", my_name,
-                            b);
+        spin_lock_irqsave(&queued_arr_lock, iflags);
+        devip = (struct sdebug_dev_info *)sdev->hostdata;
+        if (NULL == devip) {
+                spin_unlock_irqrestore(&queued_arr_lock, iflags);
+                return  -ENODEV;
+        }
+        num_in_q = atomic_read(&devip->num_in_q);
+        spin_unlock_irqrestore(&queued_arr_lock, iflags);
+
+        if (qdepth < 1)
+                qdepth = 1;
+        /* allow to exceed max host queued_arr elements for testing */
+        if (qdepth > SCSI_DEBUG_CANQUEUE + 10)
+                qdepth = SCSI_DEBUG_CANQUEUE + 10;
+        scsi_change_queue_depth(sdev, qdepth);
+
+        if (SCSI_DEBUG_OPT_Q_NOISE & scsi_debug_opts) {
+                sdev_printk(KERN_INFO, sdev,
+                            "%s: qdepth=%d, num_in_q=%d\n",
+                            __func__, qdepth, num_in_q);
         }
+        return sdev->queue_depth;
+}
 
-        if ((SCpnt->device->lun >= scsi_debug_max_luns) &&
-            (SCpnt->device->lun != SAM2_WLUN_REPORT_LUNS))
-                return schedule_resp(SCpnt, NULL, DID_NO_CONNECT << 16, 0);
-        devip = devInfoReg(SCpnt->device);
-        if (NULL == devip)
-                return schedule_resp(SCpnt, NULL, DID_NO_CONNECT << 16, 0);
+static int
+check_inject(struct scsi_cmnd *scp)
+{
+        struct sdebug_scmd_extra_t *ep = scsi_cmd_priv(scp);
+
+        memset(ep, 0, sizeof(struct sdebug_scmd_extra_t));
 
-        if ((scsi_debug_every_nth != 0) &&
-            (atomic_inc_return(&sdebug_cmnd_count) >=
-             abs(scsi_debug_every_nth))) {
+        if (atomic_inc_return(&sdebug_cmnd_count) >=
+            abs(scsi_debug_every_nth)) {
                 atomic_set(&sdebug_cmnd_count, 0);
                 if (scsi_debug_every_nth < -1)
                         scsi_debug_every_nth = -1;
                 if (SCSI_DEBUG_OPT_TIMEOUT & scsi_debug_opts)
-                        return 0; /* ignore command causing timeout */
+                        return 1; /* ignore command causing timeout */
                 else if (SCSI_DEBUG_OPT_MAC_TIMEOUT & scsi_debug_opts &&
-                         scsi_medium_access_command(SCpnt))
-                        return 0; /* time out reads and writes */
-                else if (SCSI_DEBUG_OPT_RECOVERED_ERR & scsi_debug_opts)
-                        inj_recovered = 1; /* to reads and writes below */
-                else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & scsi_debug_opts)
-                        inj_transport = 1; /* to reads and writes below */
-                else if (SCSI_DEBUG_OPT_DIF_ERR & scsi_debug_opts)
-                        inj_dif = 1; /* to reads and writes below */
-                else if (SCSI_DEBUG_OPT_DIX_ERR & scsi_debug_opts)
-                        inj_dix = 1; /* to reads and writes below */
-                else if (SCSI_DEBUG_OPT_SHORT_TRANSFER & scsi_debug_opts)
-                        inj_short = 1;
-        }
-
-        if (devip->wlun) {
-                switch (*cmd) {
-                case INQUIRY:
-                case REQUEST_SENSE:
-                case TEST_UNIT_READY:
-                case REPORT_LUNS:
-                        break;  /* only allowable wlun commands */
-                default:
-                        if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts)
-                                printk(KERN_INFO "scsi_debug: Opcode: 0x%x "
-                                       "not supported for wlun\n", *cmd);
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_OPCODE, 0);
-                        errsts = check_condition_result;
-                        return schedule_resp(SCpnt, devip, errsts, 0);
+                         scsi_medium_access_command(scp))
+                        return 1; /* time out reads and writes */
+                if (sdebug_any_injecting_opt) {
+                        int opts = scsi_debug_opts;
+
+                        if (SCSI_DEBUG_OPT_RECOVERED_ERR & opts)
+                                ep->inj_recovered = true;
+                        else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & opts)
+                                ep->inj_transport = true;
+                        else if (SCSI_DEBUG_OPT_DIF_ERR & opts)
+                                ep->inj_dif = true;
+                        else if (SCSI_DEBUG_OPT_DIX_ERR & opts)
+                                ep->inj_dix = true;
+                        else if (SCSI_DEBUG_OPT_SHORT_TRANSFER & opts)
+                                ep->inj_short = true;
                 }
         }
+        return 0;
+}
 
-        switch (*cmd) {
-        case INQUIRY:     /* mandatory, ignore unit attention */
-                delay_override = 1;
-                errsts = resp_inquiry(SCpnt, target, devip);
-                break;
-        case REQUEST_SENSE:     /* mandatory, ignore unit attention */
-                delay_override = 1;
-                errsts = resp_requests(SCpnt, devip);
-                break;
-        case REZERO_UNIT:       /* actually this is REWIND for SSC */
-        case START_STOP:
-                errsts = resp_start_stop(SCpnt, devip);
-                break;
-        case ALLOW_MEDIUM_REMOVAL:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                if (errsts)
-                        break;
-                if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts)
-                        printk(KERN_INFO "scsi_debug: Medium removal %s\n",
-                               cmd[4] ? "inhibited" : "enabled");
-                break;
-        case SEND_DIAGNOSTIC:     /* mandatory */
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case TEST_UNIT_READY:     /* mandatory */
-                /* delay_override = 1; */
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                break;
-        case RESERVE:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case RESERVE_10:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case RELEASE:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case RELEASE_10:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case READ_CAPACITY:
-                errsts = resp_readcap(SCpnt, devip);
-                break;
-        case SERVICE_ACTION_IN:
-                if (cmd[1] == SAI_READ_CAPACITY_16)
-                        errsts = resp_readcap16(SCpnt, devip);
-                else if (cmd[1] == SAI_GET_LBA_STATUS) {
-
-                        if (scsi_debug_lbp() == 0) {
-                                mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                                INVALID_COMMAND_OPCODE, 0);
-                                errsts = check_condition_result;
-                        } else
-                                errsts = resp_get_lba_status(SCpnt, devip);
-                } else {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_OPCODE, 0);
-                        errsts = check_condition_result;
-                }
-                break;
-        case MAINTENANCE_IN:
-                if (MI_REPORT_TARGET_PGS != cmd[1]) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_OPCODE, 0);
-                        errsts = check_condition_result;
-                        break;
-                }
-                errsts = resp_report_tgtpgs(SCpnt, devip);
-                break;
-        case READ_16:
-        case READ_12:
-        case READ_10:
-                /* READ{10,12,16} and DIF Type 2 are natural enemies */
-                if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION &&
-                    cmd[1] & 0xe0) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_COMMAND_OPCODE, 0);
-                        errsts = check_condition_result;
-                        break;
-                }
-
-                if ((scsi_debug_dif == SD_DIF_TYPE1_PROTECTION ||
-                     scsi_debug_dif == SD_DIF_TYPE3_PROTECTION) &&
-                    (cmd[1] & 0xe0) == 0)
-                        printk(KERN_ERR "Unprotected RD/WR to DIF device\n");
-
-                /* fall through */
-        case READ_6:
-read:
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                if (errsts)
-                        break;
-                if (scsi_debug_fake_rw)
-                        break;
-                get_data_transfer_info(cmd, &lba, &num, &ei_lba);
-
-                if (inj_short)
-                        num /= 2;
-
-                errsts = resp_read(SCpnt, lba, num, ei_lba);
-                if (inj_recovered && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, RECOVERED_ERROR,
-                                        THRESHOLD_EXCEEDED, 0);
-                        errsts = check_condition_result;
-                } else if (inj_transport && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, ABORTED_COMMAND,
-                                        TRANSPORT_PROBLEM, ACK_NAK_TO);
-                        errsts = check_condition_result;
-                } else if (inj_dif && (0 == errsts)) {
-                        /* Logical block guard check failed */
-                        mk_sense_buffer(SCpnt, ABORTED_COMMAND, 0x10, 1);
-                        errsts = illegal_condition_result;
-                } else if (inj_dix && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST, 0x10, 1);
-                        errsts = illegal_condition_result;
-                }
-                break;
-        case REPORT_LUNS:       /* mandatory, ignore unit attention */
-                delay_override = 1;
-                errsts = resp_report_luns(SCpnt, devip);
-                break;
-        case VERIFY:            /* 10 byte SBC-2 command */
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                break;
-        case WRITE_16:
-        case WRITE_12:
-        case WRITE_10:
-                /* WRITE{10,12,16} and DIF Type 2 are natural enemies */
-                if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION &&
-                    cmd[1] & 0xe0) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_COMMAND_OPCODE, 0);
-                        errsts = check_condition_result;
-                        break;
-                }
+static int
+scsi_debug_queuecommand(struct scsi_cmnd *scp)
+{
+        u8 sdeb_i;
+        struct scsi_device *sdp = scp->device;
+        const struct opcode_info_t *oip;
+        const struct opcode_info_t *r_oip;
+        struct sdebug_dev_info *devip;
+        u8 *cmd = scp->cmnd;
+        int (*r_pfp)(struct scsi_cmnd *, struct sdebug_dev_info *);
+        int k, na;
+        int errsts = 0;
+        int errsts_no_connect = DID_NO_CONNECT << 16;
+        u32 flags;
+        u16 sa;
+        u8 opcode = cmd[0];
+        bool has_wlun_rl;
+        bool debug = !!(SCSI_DEBUG_OPT_NOISE & scsi_debug_opts);
 
-                if ((scsi_debug_dif == SD_DIF_TYPE1_PROTECTION ||
-                     scsi_debug_dif == SD_DIF_TYPE3_PROTECTION) &&
-                    (cmd[1] & 0xe0) == 0)
-                        printk(KERN_ERR "Unprotected RD/WR to DIF device\n");
+        scsi_set_resid(scp, 0);
+        if (debug && !(SCSI_DEBUG_OPT_NO_CDB_NOISE & scsi_debug_opts)) {
+                char b[120];
+                int n, len, sb;
 
-                /* fall through */
-        case WRITE_6:
-write:
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                if (errsts)
-                        break;
-                if (scsi_debug_fake_rw)
-                        break;
-                get_data_transfer_info(cmd, &lba, &num, &ei_lba);
-                errsts = resp_write(SCpnt, lba, num, ei_lba);
-                if (inj_recovered && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, RECOVERED_ERROR,
-                                        THRESHOLD_EXCEEDED, 0);
-                        errsts = check_condition_result;
-                } else if (inj_dif && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, ABORTED_COMMAND, 0x10, 1);
-                        errsts = illegal_condition_result;
-                } else if (inj_dix && (0 == errsts)) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST, 0x10, 1);
-                        errsts = illegal_condition_result;
+                len = scp->cmd_len;
+                sb = (int)sizeof(b);
+                if (len > 32)
+                        strcpy(b, "too long, over 32 bytes");
+                else {
+                        for (k = 0, n = 0; k < len && n < sb; ++k)
+                                n += scnprintf(b + n, sb - n, "%02x ",
+                                               (u32)cmd[k]);
                 }
-                break;
-        case WRITE_SAME_16:
-        case WRITE_SAME:
-                if (cmd[1] & 0x8) {
-                        if ((*cmd == WRITE_SAME_16 && scsi_debug_lbpws == 0) ||
-                            (*cmd == WRITE_SAME && scsi_debug_lbpws10 == 0)) {
-                                mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                                INVALID_FIELD_IN_CDB, 0);
-                                errsts = check_condition_result;
-                        } else
-                                unmap = 1;
+                sdev_printk(KERN_INFO, sdp, "%s: cmd %s\n", my_name, b);
+        }
+        has_wlun_rl = (sdp->lun == SAM2_WLUN_REPORT_LUNS);
+        if ((sdp->lun >= scsi_debug_max_luns) && !has_wlun_rl)
+                return schedule_resp(scp, NULL, errsts_no_connect, 0);
+
+        sdeb_i = opcode_ind_arr[opcode];        /* fully mapped */
+        oip = &opcode_info_arr[sdeb_i];         /* safe if table consistent */
+        devip = (struct sdebug_dev_info *)sdp->hostdata;
+        if (!devip) {
+                devip = devInfoReg(sdp);
+                if (NULL == devip)
+                        return schedule_resp(scp, NULL, errsts_no_connect, 0);
+        }
+        na = oip->num_attached;
+        r_pfp = oip->pfp;
+        if (na) {       /* multiple commands with this opcode */
+                r_oip = oip;
+                if (FF_SA & r_oip->flags) {
+                        if (F_SA_LOW & oip->flags)
+                                sa = 0x1f & cmd[1];
+                        else
+                                sa = get_unaligned_be16(cmd + 8);
+                        for (k = 0; k <= na; oip = r_oip->arrp + k++) {
+                                if (opcode == oip->opcode && sa == oip->sa)
+                                        break;
+                        }
+                } else {   /* since no service action only check opcode */
+                        for (k = 0; k <= na; oip = r_oip->arrp + k++) {
+                                if (opcode == oip->opcode)
+                                        break;
+                        }
                 }
-                if (errsts)
-                        break;
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                if (errsts)
-                        break;
-                if (scsi_debug_fake_rw)
-                        break;
-                get_data_transfer_info(cmd, &lba, &num, &ei_lba);
-                errsts = resp_write_same(SCpnt, lba, num, ei_lba, unmap);
-                break;
-        case UNMAP:
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                if (errsts)
-                        break;
-                if (scsi_debug_fake_rw)
-                        break;
-
-                if (scsi_debug_unmap_max_desc == 0 || scsi_debug_lbpu == 0) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_COMMAND_OPCODE, 0);
-                        errsts = check_condition_result;
-                } else
-                        errsts = resp_unmap(SCpnt, devip);
-                break;
-        case MODE_SENSE:
-        case MODE_SENSE_10:
-                errsts = resp_mode_sense(SCpnt, target, devip);
-                break;
-        case MODE_SELECT:
-                errsts = resp_mode_select(SCpnt, 1, devip);
-                break;
-        case MODE_SELECT_10:
-                errsts = resp_mode_select(SCpnt, 0, devip);
-                break;
-        case LOG_SENSE:
-                errsts = resp_log_sense(SCpnt, devip);
-                break;
-        case SYNCHRONIZE_CACHE:
-                delay_override = 1;
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                break;
-        case WRITE_BUFFER:
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
-                break;
-        case XDWRITEREAD_10:
-                if (!scsi_bidi_cmnd(SCpnt)) {
-                        mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                        INVALID_FIELD_IN_CDB, 0);
-                        errsts = check_condition_result;
-                        break;
+                if (k > na) {
+                        if (F_SA_LOW & r_oip->flags)
+                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 1, 4);
+                        else if (F_SA_HIGH & r_oip->flags)
+                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, 8, 7);
+                        else
+                                mk_sense_invalid_opcode(scp);
+                        goto check_cond;
                 }
-
-                errsts = check_readiness(SCpnt, UAS_TUR, devip);
-                if (errsts)
-                        break;
-                if (scsi_debug_fake_rw)
-                        break;
-                get_data_transfer_info(cmd, &lba, &num, &ei_lba);
-                errsts = resp_read(SCpnt, lba, num, ei_lba);
-                if (errsts)
-                        break;
-                errsts = resp_write(SCpnt, lba, num, ei_lba);
-                if (errsts)
-                        break;
-                errsts = resp_xdwriteread(SCpnt, lba, num, devip);
-                break;
-        case VARIABLE_LENGTH_CMD:
-                if (scsi_debug_dif == SD_DIF_TYPE2_PROTECTION) {
-
-                        if ((cmd[10] & 0xe0) == 0)
-                                printk(KERN_ERR
-                                       "Unprotected RD/WR to DIF device\n");
-
-                        if (cmd[9] == READ_32) {
-                                BUG_ON(SCpnt->cmd_len < 32);
-                                goto read;
-                        }
-
-                        if (cmd[9] == WRITE_32) {
-                                BUG_ON(SCpnt->cmd_len < 32);
-                                goto write;
+        }       /* else (when na==0) we assume the oip is a match */
+        flags = oip->flags;
+        if (F_INV_OP & flags) {
+                mk_sense_invalid_opcode(scp);
+                goto check_cond;
+        }
+        if (has_wlun_rl && !(F_RL_WLUN_OK & flags)) {
+                if (debug)
+                        sdev_printk(KERN_INFO, sdp, "scsi_debug: Opcode: "
+                                    "0x%x not supported for wlun\n", opcode);
+                mk_sense_invalid_opcode(scp);
+                goto check_cond;
+        }
+        if (scsi_debug_strict) {        /* check cdb against mask */
+                u8 rem;
+                int j;
+
+                for (k = 1; k < oip->len_mask[0] && k < 16; ++k) {
+                        rem = ~oip->len_mask[k] & cmd[k];
+                        if (rem) {
+                                for (j = 7; j >= 0; --j, rem <<= 1) {
+                                        if (0x80 & rem)
+                                                break;
+                                }
+                                mk_sense_invalid_fld(scp, SDEB_IN_CDB, k, j);
+                                goto check_cond;
                         }
                 }
-
-                mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                INVALID_FIELD_IN_CDB, 0);
-                errsts = check_condition_result;
-                break;
-        case 0x85:
-                if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts)
-                        sdev_printk(KERN_INFO, SCpnt->device,
-                        "%s: ATA PASS-THROUGH(16) not supported\n", my_name);
-                mk_sense_buffer(SCpnt, ILLEGAL_REQUEST,
-                                INVALID_OPCODE, 0);
-                errsts = check_condition_result;
-                break;
-        default:
-                if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts)
-                        sdev_printk(KERN_INFO, SCpnt->device,
-                                    "%s: Opcode: 0x%x not supported\n",
-                                    my_name, *cmd);
-                errsts = check_readiness(SCpnt, UAS_ONLY, devip);
+        }
+        if (!(F_SKIP_UA & flags) &&
+            SDEBUG_NUM_UAS != find_first_bit(devip->uas_bm, SDEBUG_NUM_UAS)) {
+                errsts = check_readiness(scp, UAS_ONLY, devip);
                 if (errsts)
-                        break;  /* Unit attention takes precedence */
-                mk_sense_buffer(SCpnt, ILLEGAL_REQUEST, INVALID_OPCODE, 0);
+                        goto check_cond;
+        }
+        if ((F_M_ACCESS & flags) && devip->stopped) {
+                mk_sense_buffer(scp, NOT_READY, LOGICAL_UNIT_NOT_READY, 0x2);
+                if (debug)
+                        sdev_printk(KERN_INFO, sdp, "%s reports: Not ready: "
+                                    "%s\n", my_name, "initializing command "
+                                    "required");
                 errsts = check_condition_result;
-                break;
+                goto fini;
+        }
+        if (scsi_debug_fake_rw && (F_FAKE_RW & flags))
+                goto fini;
+        if (scsi_debug_every_nth) {
+                if (check_inject(scp))
+                        return 0;       /* ignore command: make trouble */
         }
-        return schedule_resp(SCpnt, devip, errsts,
-                             (delay_override ? 0 : scsi_debug_delay));
+        if (oip->pfp)   /* if this command has a resp_* function, call it */
+                errsts = oip->pfp(scp, devip);
+        else if (r_pfp) /* if leaf function ptr NULL, try the root's */
+                errsts = r_pfp(scp, devip);
+
+fini:
+        return schedule_resp(scp, devip, errsts,
+                             ((F_DELAY_OVERR & flags) ? 0 : scsi_debug_delay));
+check_cond:
+        return schedule_resp(scp, devip, check_condition_result, 0);
 }
 
 static int
@@ -4472,96 +5177,6 @@ sdebug_queuecommand_lock_or_not(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
                 return scsi_debug_queuecommand(cmd);
 }
 
-static int
-sdebug_change_qdepth(struct scsi_device *sdev, int qdepth, int reason)
-{
-        int num_in_q = 0;
-        int bad = 0;
-        unsigned long iflags;
-        struct sdebug_dev_info *devip;
-
-        spin_lock_irqsave(&queued_arr_lock, iflags);
-        devip = (struct sdebug_dev_info *)sdev->hostdata;
-        if (NULL == devip) {
-                spin_unlock_irqrestore(&queued_arr_lock, iflags);
-                return  -ENODEV;
-        }
-        num_in_q = atomic_read(&devip->num_in_q);
-        spin_unlock_irqrestore(&queued_arr_lock, iflags);
-        if (reason == SCSI_QDEPTH_DEFAULT || reason == SCSI_QDEPTH_RAMP_UP) {
-                if (qdepth < 1)
-                        qdepth = 1;
-                /* allow to exceed max host queued_arr elements for testing */
-                if (qdepth > SCSI_DEBUG_CANQUEUE + 10)
-                        qdepth = SCSI_DEBUG_CANQUEUE + 10;
-                scsi_adjust_queue_depth(sdev, scsi_get_tag_type(sdev), qdepth);
-        } else if (reason == SCSI_QDEPTH_QFULL)
-                scsi_track_queue_full(sdev, qdepth);
-        else
-                bad = 1;
-        if (bad)
-                sdev_printk(KERN_WARNING, sdev,
-                            "%s: unknown reason=0x%x\n", __func__, reason);
-        if (SCSI_DEBUG_OPT_Q_NOISE & scsi_debug_opts) {
-                if (SCSI_QDEPTH_QFULL == reason)
-                        sdev_printk(KERN_INFO, sdev,
-                            "%s: -> %d, num_in_q=%d, reason: queue full\n",
-                                    __func__, qdepth, num_in_q);
-                else {
-                        const char *cp;
-
-                        switch (reason) {
-                        case SCSI_QDEPTH_DEFAULT:
-                                cp = "default (sysfs ?)";
-                                break;
-                        case SCSI_QDEPTH_RAMP_UP:
-                                cp = "ramp up";
-                                break;
-                        default:
-                                cp = "unknown";
-                                break;
-                        }
-                        sdev_printk(KERN_INFO, sdev,
-                                    "%s: qdepth=%d, num_in_q=%d, reason: %s\n",
-                                    __func__, qdepth, num_in_q, cp);
-                }
-        }
-        return sdev->queue_depth;
-}
-
-static int
-sdebug_change_qtype(struct scsi_device *sdev, int qtype)
-{
-        if (sdev->tagged_supported) {
-                scsi_set_tag_type(sdev, qtype);
-                if (qtype)
-                        scsi_activate_tcq(sdev, sdev->queue_depth);
-                else
-                        scsi_deactivate_tcq(sdev, sdev->queue_depth);
-        } else
-                qtype = 0;
-        if (SCSI_DEBUG_OPT_Q_NOISE & scsi_debug_opts) {
-                const char *cp;
-
-                switch (qtype) {
-                case 0:
-                        cp = "untagged";
-                        break;
-                case MSG_SIMPLE_TAG:
-                        cp = "simple tags";
-                        break;
-                case MSG_ORDERED_TAG:
-                        cp = "ordered tags";
-                        break;
-                default:
-                        cp = "unknown";
-                        break;
-                }
-                sdev_printk(KERN_INFO, sdev, "%s: to %s\n", __func__, cp);
-        }
-        return qtype;
-}
-
 static struct scsi_host_template sdebug_driver_template = {
         .show_info =            scsi_debug_show_info,
         .write_info =           scsi_debug_write_info,
@@ -4574,7 +5189,6 @@ static struct scsi_host_template sdebug_driver_template = {
         .ioctl =                scsi_debug_ioctl,
         .queuecommand =         sdebug_queuecommand_lock_or_not,
         .change_queue_depth =   sdebug_change_qdepth,
-        .change_queue_type =    sdebug_change_qtype,
         .eh_abort_handler =     scsi_debug_abort,
         .eh_device_reset_handler = scsi_debug_device_reset,
         .eh_target_reset_handler = scsi_debug_target_reset,
@@ -4587,13 +5201,16 @@ static struct scsi_host_template sdebug_driver_template = {
         .max_sectors =          -1U,
         .use_clustering =       DISABLE_CLUSTERING,
         .module =               THIS_MODULE,
+        .track_queue_depth =    1,
+        .cmd_size =             sizeof(struct sdebug_scmd_extra_t),
 };
 
 static int sdebug_driver_probe(struct device * dev)
 {
-        int error = 0;
-        struct sdebug_host_info *sdbg_host;
-        struct Scsi_Host *hpnt;
+        int error = 0;
+        int opts;
+        struct sdebug_host_info *sdbg_host;
+        struct Scsi_Host *hpnt;
         int host_prot;
 
         sdbg_host = to_sdebug_host(dev);
@@ -4603,7 +5220,7 @@ static int sdebug_driver_probe(struct device * dev)
                 sdebug_driver_template.use_clustering = ENABLE_CLUSTERING;
         hpnt = scsi_host_alloc(&sdebug_driver_template, sizeof(sdbg_host));
         if (NULL == hpnt) {
-                printk(KERN_ERR "%s: scsi_register failed\n", __func__);
+                pr_err("%s: scsi_host_alloc failed\n", __func__);
                 error = -ENODEV;
                 return error;
         }
@@ -4660,6 +5277,18 @@ static int sdebug_driver_probe(struct device * dev)
         else
                 scsi_host_set_guard(hpnt, SHOST_DIX_GUARD_CRC);
 
+        opts = scsi_debug_opts;
+        if (SCSI_DEBUG_OPT_RECOVERED_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_DIF_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_DIX_ERR & opts)
+                sdebug_any_injecting_opt = true;
+        else if (SCSI_DEBUG_OPT_SHORT_TRANSFER & opts)
+                sdebug_any_injecting_opt = true;
+
         error = scsi_add_host(hpnt, &sdbg_host->dev);
         if (error) {
                 printk(KERN_ERR "%s: scsi_add_host failed\n", __func__);